From 322b430a2589cdc7985e98a14ec12322b91c9d5e Mon Sep 17 00:00:00 2001 From: Karol Lewandowski Date: Fri, 24 Jul 2020 13:21:08 +0200 Subject: [PATCH] Imported Upstream version 2.3.3 Change-Id: I3af4bf459d2b73bed419873693a905a2606332b9 --- ABOUT-NLS | 2019 ++-- AUTHORS | 1 + ChangeLog | 2 +- FAQ | 4181 ++++--- INSTALL | 2 +- Makefile.am | 53 +- Makefile.in | 2243 +++- TODO | 9 +- aclocal.m4 | 768 +- compile | 17 +- config.h.in | 175 +- config.rpath | 228 +- config.sub | 310 +- configure | 11565 +++++++++++-------- configure.ac | 401 +- depcomp | 10 +- docs/ChangeLog.old | 28 +- docs/Keyring.txt | 56 + docs/LUKS2-locking.txt | 61 + docs/doxyfile | 75 +- docs/{doxygen_index => doxygen_index.h} | 25 +- docs/examples/crypt_log_usage.c | 12 +- docs/examples/crypt_luks_usage.c | 102 +- docs/on-disk-format-luks2.pdf | Bin 0 -> 290651 bytes docs/on-disk-format.pdf | Bin 168023 -> 119729 bytes docs/v1.3.0-ReleaseNotes | 2 +- docs/v1.4.0-ReleaseNotes | 2 +- docs/v1.5.0-ReleaseNotes | 2 +- docs/v1.6.8-ReleaseNotes | 47 + docs/v1.7.0-ReleaseNotes | 81 + docs/v1.7.1-ReleaseNotes | 36 + docs/v1.7.2-ReleaseNotes | 37 + docs/v1.7.3-ReleaseNotes | 20 + docs/v1.7.4-ReleaseNotes | 22 + docs/v1.7.5-ReleaseNotes | 22 + docs/v2.0.0-ReleaseNotes | 605 + docs/v2.0.1-ReleaseNotes | 109 + docs/v2.0.2-ReleaseNotes | 93 + docs/v2.0.3-ReleaseNotes | 121 + docs/v2.0.4-ReleaseNotes | 119 + docs/v2.0.5-ReleaseNotes | 102 + docs/v2.0.6-ReleaseNotes | 97 + docs/v2.1.0-ReleaseNotes | 210 + docs/v2.2.0-ReleaseNotes | 279 + docs/v2.2.1-ReleaseNotes | 36 + docs/v2.2.2-ReleaseNotes | 56 + docs/v2.3.0-ReleaseNotes | 209 + docs/v2.3.1-ReleaseNotes | 45 + docs/v2.3.2-ReleaseNotes | 42 + docs/v2.3.3-ReleaseNotes | 42 + lib/Makefile.am | 70 - lib/Makefile.in | 1023 -- lib/Makemodule.am | 115 + lib/base64.c | 605 + lib/base64.h | 68 + lib/bitlk/bitlk.c | 1217 ++ lib/bitlk/bitlk.h | 131 + lib/crypt_plain.c | 16 +- lib/crypto_backend/Makefile.am | 30 - lib/crypto_backend/Makefile.in | 738 -- lib/crypto_backend/Makemodule.am | 39 + lib/crypto_backend/argon2/LICENSE | 30 + lib/crypto_backend/argon2/Makemodule.am | 30 + lib/crypto_backend/argon2/README | 5 + lib/crypto_backend/argon2/argon2.c | 456 + lib/crypto_backend/argon2/argon2.h | 437 + lib/crypto_backend/argon2/blake2/blake2-impl.h | 154 + lib/crypto_backend/argon2/blake2/blake2.h | 89 + lib/crypto_backend/argon2/blake2/blake2b.c | 392 + .../argon2/blake2/blamka-round-opt.h | 471 + .../argon2/blake2/blamka-round-ref.h | 56 + lib/crypto_backend/argon2/core.c | 641 + lib/crypto_backend/argon2/core.h | 228 + lib/crypto_backend/argon2/encoding.c | 462 + lib/crypto_backend/argon2/encoding.h | 57 + lib/crypto_backend/argon2/opt.c | 283 + lib/crypto_backend/argon2/ref.c | 194 + lib/crypto_backend/argon2/thread.c | 57 + lib/crypto_backend/argon2/thread.h | 67 + lib/crypto_backend/argon2_generic.c | 79 + lib/crypto_backend/cipher_check.c | 161 + lib/crypto_backend/cipher_generic.c | 90 + lib/crypto_backend/crc32.c | 4 +- lib/crypto_backend/crypto_backend.h | 96 +- lib/crypto_backend/crypto_backend_internal.h | 63 + lib/crypto_backend/crypto_cipher_kernel.c | 324 +- lib/crypto_backend/crypto_gcrypt.c | 219 +- lib/crypto_backend/crypto_kernel.c | 177 +- lib/crypto_backend/crypto_nettle.c | 191 +- lib/crypto_backend/crypto_nss.c | 105 +- lib/crypto_backend/crypto_openssl.c | 356 +- lib/crypto_backend/crypto_storage.c | 128 +- lib/crypto_backend/pbkdf2_generic.c | 200 +- lib/crypto_backend/pbkdf_check.c | 376 +- lib/integrity/integrity.c | 366 + lib/integrity/integrity.h | 101 + lib/internal.h | 200 +- lib/libcryptsetup.h | 1714 ++- lib/libcryptsetup.sym | 78 +- lib/libdevmapper.c | 2688 ++++- lib/loopaes/Makefile.am | 14 - lib/loopaes/Makefile.in | 645 -- lib/loopaes/loopaes.c | 67 +- lib/loopaes/loopaes.h | 5 +- lib/luks1/Makefile.am | 17 - lib/luks1/Makefile.in | 665 -- lib/luks1/af.c | 85 +- lib/luks1/af.h | 30 +- lib/luks1/keyencryption.c | 172 +- lib/luks1/keymanage.c | 721 +- lib/luks1/luks.h | 57 +- lib/luks2/luks2.h | 609 + lib/luks2/luks2_digest.c | 455 + lib/luks2/luks2_digest_pbkdf2.c | 211 + lib/luks2/luks2_disk_metadata.c | 806 ++ lib/luks2/luks2_internal.h | 203 + lib/luks2/luks2_json_format.c | 405 + lib/luks2/luks2_json_metadata.c | 2414 ++++ lib/luks2/luks2_keyslot.c | 937 ++ lib/luks2/luks2_keyslot_luks2.c | 785 ++ lib/luks2/luks2_keyslot_reenc.c | 336 + lib/luks2/luks2_luks1_convert.c | 896 ++ lib/luks2/luks2_reencrypt.c | 3445 ++++++ lib/luks2/luks2_segment.c | 412 + lib/luks2/luks2_token.c | 610 + lib/luks2/luks2_token_keyring.c | 170 + lib/random.c | 19 +- lib/setup.c | 6202 +++++++--- lib/tcrypt/Makefile.am | 14 - lib/tcrypt/Makefile.in | 645 -- lib/tcrypt/tcrypt.c | 441 +- lib/tcrypt/tcrypt.h | 20 +- lib/utils.c | 454 +- lib/utils_benchmark.c | 333 +- lib/utils_blkid.c | 323 + lib/utils_blkid.h | 64 + lib/utils_crypt.c | 512 +- lib/utils_crypt.h | 26 +- lib/utils_device.c | 698 +- lib/utils_device_locking.c | 521 + lib/utils_device_locking.h | 47 + lib/utils_devpath.c | 119 +- lib/utils_dm.h | 173 +- lib/utils_fips.c | 2 +- lib/utils_fips.h | 2 +- lib/utils_io.c | 299 + lib/utils_io.h | 42 + lib/utils_keyring.c | 242 + lib/utils_keyring.h | 55 + lib/utils_loop.c | 74 +- lib/utils_loop.h | 7 +- lib/utils_pbkdf.c | 333 + lib/utils_safe_memory.c | 102 + lib/utils_storage_wrappers.c | 394 + lib/utils_storage_wrappers.h | 71 + lib/utils_wipe.c | 285 +- lib/verity/Makefile.am | 14 - lib/verity/Makefile.in | 655 -- lib/verity/rs.h | 63 + lib/verity/rs_decode_char.c | 197 + lib/verity/rs_encode_char.c | 173 + lib/verity/verity.c | 162 +- lib/verity/verity.h | 18 +- lib/verity/verity_fec.c | 281 + lib/verity/verity_hash.c | 149 +- lib/volumekey.c | 102 +- ltmain.sh | 5576 +++++---- m4/gettext.m4 | 460 +- m4/iconv.m4 | 223 +- m4/intlmacosx.m4 | 56 + m4/lib-ld.m4 | 87 +- m4/lib-link.m4 | 303 +- m4/lib-prefix.m4 | 91 +- m4/libtool.m4 | 2545 ++-- m4/ltoptions.m4 | 127 +- m4/ltsugar.m4 | 7 +- m4/ltversion.m4 | 12 +- m4/lt~obsolete.m4 | 7 +- m4/nls.m4 | 13 +- m4/po.m4 | 59 +- m4/progtest.m4 | 31 +- man/Makefile.am | 11 - man/Makefile.in | 559 - man/Makemodule.am | 15 + man/cryptsetup-reencrypt.8 | 206 +- man/cryptsetup.8 | 829 +- man/integritysetup.8 | 240 + man/veritysetup.8 | 110 +- misc/dict_search/README | 2 +- misc/dict_search/crypt_dict.c | 2 +- misc/dracut_90reencrypt/README | 12 +- misc/dracut_90reencrypt/module-setup.sh | 3 + misc/dracut_90reencrypt/parse-reencrypt.sh | 15 +- misc/dracut_90reencrypt/reencrypt-verbose.sh | 6 + misc/dracut_90reencrypt/reencrypt.sh | 21 +- misc/keyslot_checker/chk_luks_keyslots.c | 6 +- misc/luks2_keyslot_example/Makefile | 24 + misc/luks2_keyslot_example/README | 3 + misc/luks2_keyslot_example/keyslot_test.c | 409 + .../keyslot_test_remote_pass.c | 264 + missing | 16 +- po/LINGUAS | 6 + po/Makefile.in.in | 93 +- po/Makevars | 3 + po/POTFILES.in | 29 + po/Rules-quot | 4 +- po/cryptsetup.pot | 3935 +++++-- po/cs.gmo | Bin 45904 -> 106219 bytes po/cs.po | 4936 +++++--- po/da.gmo | Bin 0 -> 95415 bytes po/da.po | 3974 +++++++ po/de.gmo | Bin 47405 -> 110505 bytes po/de.po | 4481 +++++-- po/es.gmo | Bin 48642 -> 111379 bytes po/es.po | 4533 ++++++-- po/fi.gmo | Bin 45357 -> 14534 bytes po/fi.po | 4595 ++++++-- po/fr.gmo | Bin 49036 -> 113500 bytes po/fr.po | 5026 +++++--- po/id.gmo | Bin 12915 -> 6416 bytes po/id.po | 4368 +++++-- po/it.gmo | Bin 45975 -> 74345 bytes po/it.po | 4607 ++++++-- po/ja.gmo | Bin 0 -> 118927 bytes po/ja.po | 3871 +++++++ po/nl.gmo | Bin 44375 -> 39265 bytes po/nl.po | 4990 +++++--- po/pl.gmo | Bin 45984 -> 106470 bytes po/pl.po | 4284 +++++-- po/pt_BR.gmo | Bin 0 -> 74425 bytes po/pt_BR.po | 4108 +++++++ po/ru.gmo | Bin 0 -> 140111 bytes po/ru.po | 4364 +++++++ po/sr.gmo | Bin 0 -> 135980 bytes po/sr.po | 3927 +++++++ po/sv.gmo | Bin 12816 -> 70995 bytes po/sv.po | 4974 +++++--- po/uk.gmo | Bin 62176 -> 144008 bytes po/uk.po | 4366 +++++-- po/vi.gmo | Bin 50709 -> 16931 bytes po/vi.po | 4612 ++++++-- po/zh_CN.gmo | Bin 0 -> 39490 bytes po/zh_CN.po | 4122 +++++++ python/Makefile.am | 16 - python/Makefile.in | 825 -- python/pycryptsetup-test.py | 133 - python/pycryptsetup.c | 772 -- scripts/Makemodule.am | 5 + scripts/cryptsetup.conf.in | 1 + src/Makefile.am | 95 - src/Makefile.in | 1265 -- src/Makemodule.am | 136 + src/cryptsetup.c | 3185 ++++- src/cryptsetup.h | 46 +- src/cryptsetup_reencrypt.c | 965 +- src/integritysetup.c | 723 ++ src/utils_blockdev.c | 189 + src/utils_luks2.c | 139 + src/utils_password.c | 270 +- src/utils_tools.c | 471 +- src/veritysetup.c | 214 +- tests/00modules-test | 45 + tests/Makefile.am | 111 +- tests/Makefile.in | 373 +- tests/Makefile.localtest | 30 + tests/align-test | 154 +- tests/align-test2 | 342 + tests/api-test-2.c | 4443 +++++++ tests/api-test.c | 1103 +- tests/api_test.h | 122 + tests/bitlk-compat-test | 120 + tests/bitlk-images.tar.xz | Bin 0 -> 249936 bytes tests/blkid-luks2-pv.img.xz | Bin 0 -> 5236 bytes tests/blockwise-compat | 377 + tests/compat-test | 645 +- tests/compat-test2 | 1021 ++ tests/compatimage.img.bz2 | Bin 64972 -> 0 bytes tests/compatimage.img.xz | Bin 0 -> 66732 bytes tests/compatimage2.img.xz | Bin 0 -> 66356 bytes tests/compatv10image.img.bz2 | Bin 64969 -> 0 bytes tests/compatv10image.img.xz | Bin 0 -> 66688 bytes tests/conversion_imgs.tar.xz | Bin 0 -> 8149472 bytes tests/crypto-vectors.c | 1194 ++ tests/cryptsetup-valg-supps | 2 +- tests/device-test | 211 +- tests/differ.c | 2 +- tests/discards-test | 24 +- tests/evil_hdr-keyslot_overlap.xz | Bin 0 -> 676 bytes tests/evil_hdr-luks_hdr_damage.bz2 | Bin 288 -> 0 bytes tests/evil_hdr-luks_hdr_damage.xz | Bin 0 -> 612 bytes tests/evil_hdr-payload_overwrite.bz2 | Bin 295 -> 0 bytes tests/evil_hdr-payload_overwrite.xz | Bin 0 -> 612 bytes tests/evil_hdr-small_luks_device.bz2 | Bin 289 -> 0 bytes tests/evil_hdr-small_luks_device.xz | Bin 0 -> 452 bytes tests/evil_hdr-stripes_payload_dmg.bz2 | Bin 295 -> 0 bytes tests/evil_hdr-stripes_payload_dmg.xz | Bin 0 -> 616 bytes ...erate-luks2-area-in-json-hdr-space-json0.img.sh | 72 + .../generate-luks2-argon2-leftover-params.img.sh | 71 + .../generate-luks2-correct-full-json0.img.sh | 87 + ...e-luks2-corrupted-hdr0-with-correct-chks.img.sh | 65 + ...e-luks2-corrupted-hdr1-with-correct-chks.img.sh | 66 + ...enerate-luks2-invalid-checksum-both-hdrs.img.sh | 52 + .../generate-luks2-invalid-checksum-hdr0.img.sh | 43 + .../generate-luks2-invalid-checksum-hdr1.img.sh | 48 + .../generate-luks2-invalid-json-size-c0.img.sh | 68 + .../generate-luks2-invalid-json-size-c1.img.sh | 68 + .../generate-luks2-invalid-json-size-c2.img.sh | 85 + .../generate-luks2-invalid-keyslots-size-c0.img.sh | 71 + .../generate-luks2-invalid-keyslots-size-c1.img.sh | 67 + .../generate-luks2-invalid-keyslots-size-c2.img.sh | 68 + ...generate-luks2-invalid-object-type-json0.img.sh | 70 + ...enerate-luks2-invalid-opening-char-json0.img.sh | 70 + .../generate-luks2-keyslot-missing-digest.img.sh | 72 + .../generate-luks2-keyslot-too-many-digests.img.sh | 70 + ...erate-luks2-metadata-size-128k-secondary.img.sh | 97 + .../generate-luks2-metadata-size-128k.img.sh | 94 + ...nerate-luks2-metadata-size-16k-secondary.img.sh | 97 + ...enerate-luks2-metadata-size-1m-secondary.img.sh | 97 + .../generate-luks2-metadata-size-1m.img.sh | 94 + ...erate-luks2-metadata-size-256k-secondary.img.sh | 97 + .../generate-luks2-metadata-size-256k.img.sh | 94 + ...enerate-luks2-metadata-size-2m-secondary.img.sh | 96 + .../generate-luks2-metadata-size-2m.img.sh | 94 + ...nerate-luks2-metadata-size-32k-secondary.img.sh | 97 + .../generate-luks2-metadata-size-32k.img.sh | 94 + ...enerate-luks2-metadata-size-4m-secondary.img.sh | 96 + .../generate-luks2-metadata-size-4m.img.sh | 94 + ...erate-luks2-metadata-size-512k-secondary.img.sh | 97 + .../generate-luks2-metadata-size-512k.img.sh | 94 + ...rate-luks2-metadata-size-64k-inv-area-c0.img.sh | 94 + ...rate-luks2-metadata-size-64k-inv-area-c1.img.sh | 96 + ...2-metadata-size-64k-inv-keyslots-size-c0.img.sh | 96 + ...nerate-luks2-metadata-size-64k-secondary.img.sh | 97 + .../generate-luks2-metadata-size-64k.img.sh | 94 + ...ks2-missing-keyslot-referenced-in-digest.img.sh | 74 + ...uks2-missing-keyslot-referenced-in-token.img.sh | 72 + ...ks2-missing-segment-referenced-in-digest.img.sh | 74 + ...e-luks2-missing-trailing-null-byte-json0.img.sh | 89 + ...enerate-luks2-non-null-byte-beyond-json0.img.sh | 72 + ...nerate-luks2-non-null-bytes-beyond-json0.img.sh | 76 + ...enerate-luks2-overlapping-areas-c0-json0.img.sh | 68 + ...enerate-luks2-overlapping-areas-c1-json0.img.sh | 70 + ...enerate-luks2-overlapping-areas-c2-json0.img.sh | 67 + .../generate-luks2-pbkdf2-leftover-params-0.img.sh | 71 + .../generate-luks2-pbkdf2-leftover-params-1.img.sh | 71 + ...e-luks2-segment-crypt-missing-encryption.img.sh | 67 + ...ate-luks2-segment-crypt-missing-ivoffset.img.sh | 67 + ...e-luks2-segment-crypt-missing-sectorsize.img.sh | 67 + ...ate-luks2-segment-crypt-wrong-encryption.img.sh | 67 + ...erate-luks2-segment-crypt-wrong-ivoffset.img.sh | 67 + ...e-luks2-segment-crypt-wrong-sectorsize-0.img.sh | 67 + ...e-luks2-segment-crypt-wrong-sectorsize-1.img.sh | 67 + ...e-luks2-segment-crypt-wrong-sectorsize-2.img.sh | 67 + .../generate-luks2-segment-missing-offset.img.sh | 67 + .../generate-luks2-segment-missing-size.img.sh | 67 + .../generate-luks2-segment-missing-type.img.sh | 67 + tests/generators/generate-luks2-segment-two.img.sh | 67 + .../generate-luks2-segment-unknown-type.img.sh | 68 + ...nerate-luks2-segment-wrong-flags-element.img.sh | 67 + .../generate-luks2-segment-wrong-flags.img.sh | 67 + .../generate-luks2-segment-wrong-offset.img.sh | 67 + .../generate-luks2-segment-wrong-size-0.img.sh | 67 + .../generate-luks2-segment-wrong-size-1.img.sh | 67 + .../generate-luks2-segment-wrong-size-2.img.sh | 67 + .../generate-luks2-segment-wrong-type.img.sh | 67 + .../generate-luks2-uint64-max-segment-size.img.sh | 68 + ...erate-luks2-uint64-overflow-segment-size.img.sh | 66 + ...enerate-luks2-uint64-signed-segment-size.img.sh | 67 + tests/generators/lib.sh | 180 + tests/img_fs_ext4.img.bz2 | Bin 871 -> 0 bytes tests/img_fs_ext4.img.xz | Bin 0 -> 5680 bytes tests/img_fs_vfat.img.bz2 | Bin 1425 -> 0 bytes tests/img_fs_vfat.img.xz | Bin 0 -> 6124 bytes tests/img_fs_xfs.img.bz2 | Bin 4135 -> 0 bytes tests/img_fs_xfs.img.xz | Bin 0 -> 7676 bytes tests/integrity-compat-test | 429 + tests/keyring-compat-test | 211 + tests/keyring-test | 238 + tests/loopaes-test | 32 +- tests/luks1-compat-test | 38 +- tests/luks1-images.tar.bz2 | Bin 54222 -> 0 bytes tests/luks1-images.tar.xz | Bin 0 -> 67192 bytes tests/luks2-integrity-test | 166 + tests/luks2-reencryption-test | 1370 +++ tests/luks2-validation-test | 233 + tests/luks2_header_requirements.xz | Bin 0 -> 130568 bytes tests/luks2_header_requirements_free.xz | Bin 0 -> 130492 bytes tests/luks2_keyslot_unassigned.img.xz | Bin 0 -> 270548 bytes tests/luks2_mda_images.tar.xz | Bin 0 -> 156028 bytes tests/luks2_valid_hdr.img.xz | Bin 0 -> 3684 bytes tests/mode-test | 47 +- tests/password-hash-test | 29 +- tests/reencryption-compat-test | 187 +- tests/reencryption-compat-test2 | 473 + tests/tcrypt-compat-test | 105 +- tests/tcrypt-images.tar.bz2 | Bin 254672 -> 0 bytes tests/tcrypt-images.tar.xz | Bin 0 -> 308700 bytes tests/test_utils.c | 622 + tests/unit-utils-io.c | 346 + tests/valg.sh | 2 +- tests/valid_header_file.bz2 | Bin 291 -> 0 bytes tests/valid_header_file.xz | Bin 0 -> 608 bytes tests/verity-compat-test | 283 +- 403 files changed, 153644 insertions(+), 43303 deletions(-) create mode 100644 docs/Keyring.txt create mode 100644 docs/LUKS2-locking.txt rename docs/{doxygen_index => doxygen_index.h} (91%) create mode 100644 docs/on-disk-format-luks2.pdf create mode 100644 docs/v1.6.8-ReleaseNotes create mode 100644 docs/v1.7.0-ReleaseNotes create mode 100644 docs/v1.7.1-ReleaseNotes create mode 100644 docs/v1.7.2-ReleaseNotes create mode 100644 docs/v1.7.3-ReleaseNotes create mode 100644 docs/v1.7.4-ReleaseNotes create mode 100644 docs/v1.7.5-ReleaseNotes create mode 100644 docs/v2.0.0-ReleaseNotes create mode 100644 docs/v2.0.1-ReleaseNotes create mode 100644 docs/v2.0.2-ReleaseNotes create mode 100644 docs/v2.0.3-ReleaseNotes create mode 100644 docs/v2.0.4-ReleaseNotes create mode 100644 docs/v2.0.5-ReleaseNotes create mode 100644 docs/v2.0.6-ReleaseNotes create mode 100644 docs/v2.1.0-ReleaseNotes create mode 100644 docs/v2.2.0-ReleaseNotes create mode 100644 docs/v2.2.1-ReleaseNotes create mode 100644 docs/v2.2.2-ReleaseNotes create mode 100644 docs/v2.3.0-ReleaseNotes create mode 100644 docs/v2.3.1-ReleaseNotes create mode 100644 docs/v2.3.2-ReleaseNotes create mode 100644 docs/v2.3.3-ReleaseNotes delete mode 100644 lib/Makefile.am delete mode 100644 lib/Makefile.in create mode 100644 lib/Makemodule.am create mode 100644 lib/base64.c create mode 100644 lib/base64.h create mode 100644 lib/bitlk/bitlk.c create mode 100644 lib/bitlk/bitlk.h delete mode 100644 lib/crypto_backend/Makefile.am delete mode 100644 lib/crypto_backend/Makefile.in create mode 100644 lib/crypto_backend/Makemodule.am create mode 100644 lib/crypto_backend/argon2/LICENSE create mode 100644 lib/crypto_backend/argon2/Makemodule.am create mode 100644 lib/crypto_backend/argon2/README create mode 100644 lib/crypto_backend/argon2/argon2.c create mode 100644 lib/crypto_backend/argon2/argon2.h create mode 100644 lib/crypto_backend/argon2/blake2/blake2-impl.h create mode 100644 lib/crypto_backend/argon2/blake2/blake2.h create mode 100644 lib/crypto_backend/argon2/blake2/blake2b.c create mode 100644 lib/crypto_backend/argon2/blake2/blamka-round-opt.h create mode 100644 lib/crypto_backend/argon2/blake2/blamka-round-ref.h create mode 100644 lib/crypto_backend/argon2/core.c create mode 100644 lib/crypto_backend/argon2/core.h create mode 100644 lib/crypto_backend/argon2/encoding.c create mode 100644 lib/crypto_backend/argon2/encoding.h create mode 100644 lib/crypto_backend/argon2/opt.c create mode 100644 lib/crypto_backend/argon2/ref.c create mode 100644 lib/crypto_backend/argon2/thread.c create mode 100644 lib/crypto_backend/argon2/thread.h create mode 100644 lib/crypto_backend/argon2_generic.c create mode 100644 lib/crypto_backend/cipher_check.c create mode 100644 lib/crypto_backend/cipher_generic.c create mode 100644 lib/crypto_backend/crypto_backend_internal.h create mode 100644 lib/integrity/integrity.c create mode 100644 lib/integrity/integrity.h delete mode 100644 lib/loopaes/Makefile.am delete mode 100644 lib/loopaes/Makefile.in delete mode 100644 lib/luks1/Makefile.am delete mode 100644 lib/luks1/Makefile.in create mode 100644 lib/luks2/luks2.h create mode 100644 lib/luks2/luks2_digest.c create mode 100644 lib/luks2/luks2_digest_pbkdf2.c create mode 100644 lib/luks2/luks2_disk_metadata.c create mode 100644 lib/luks2/luks2_internal.h create mode 100644 lib/luks2/luks2_json_format.c create mode 100644 lib/luks2/luks2_json_metadata.c create mode 100644 lib/luks2/luks2_keyslot.c create mode 100644 lib/luks2/luks2_keyslot_luks2.c create mode 100644 lib/luks2/luks2_keyslot_reenc.c create mode 100644 lib/luks2/luks2_luks1_convert.c create mode 100644 lib/luks2/luks2_reencrypt.c create mode 100644 lib/luks2/luks2_segment.c create mode 100644 lib/luks2/luks2_token.c create mode 100644 lib/luks2/luks2_token_keyring.c delete mode 100644 lib/tcrypt/Makefile.am delete mode 100644 lib/tcrypt/Makefile.in create mode 100644 lib/utils_blkid.c create mode 100644 lib/utils_blkid.h create mode 100644 lib/utils_device_locking.c create mode 100644 lib/utils_device_locking.h create mode 100644 lib/utils_io.c create mode 100644 lib/utils_io.h create mode 100644 lib/utils_keyring.c create mode 100644 lib/utils_keyring.h create mode 100644 lib/utils_pbkdf.c create mode 100644 lib/utils_safe_memory.c create mode 100644 lib/utils_storage_wrappers.c create mode 100644 lib/utils_storage_wrappers.h delete mode 100644 lib/verity/Makefile.am delete mode 100644 lib/verity/Makefile.in create mode 100644 lib/verity/rs.h create mode 100644 lib/verity/rs_decode_char.c create mode 100644 lib/verity/rs_encode_char.c create mode 100644 lib/verity/verity_fec.c create mode 100644 m4/intlmacosx.m4 delete mode 100644 man/Makefile.am delete mode 100644 man/Makefile.in create mode 100644 man/Makemodule.am create mode 100644 man/integritysetup.8 create mode 100755 misc/dracut_90reencrypt/reencrypt-verbose.sh create mode 100644 misc/luks2_keyslot_example/Makefile create mode 100644 misc/luks2_keyslot_example/README create mode 100644 misc/luks2_keyslot_example/keyslot_test.c create mode 100644 misc/luks2_keyslot_example/keyslot_test_remote_pass.c create mode 100644 po/da.gmo create mode 100644 po/da.po create mode 100644 po/ja.gmo create mode 100644 po/ja.po create mode 100644 po/pt_BR.gmo create mode 100644 po/pt_BR.po create mode 100644 po/ru.gmo create mode 100644 po/ru.po create mode 100644 po/sr.gmo create mode 100644 po/sr.po create mode 100644 po/zh_CN.gmo create mode 100644 po/zh_CN.po delete mode 100644 python/Makefile.am delete mode 100644 python/Makefile.in delete mode 100755 python/pycryptsetup-test.py delete mode 100644 python/pycryptsetup.c create mode 100644 scripts/Makemodule.am create mode 100644 scripts/cryptsetup.conf.in delete mode 100644 src/Makefile.am delete mode 100644 src/Makefile.in create mode 100644 src/Makemodule.am create mode 100644 src/integritysetup.c create mode 100644 src/utils_blockdev.c create mode 100644 src/utils_luks2.c create mode 100755 tests/00modules-test create mode 100644 tests/Makefile.localtest create mode 100755 tests/align-test2 create mode 100644 tests/api-test-2.c create mode 100644 tests/api_test.h create mode 100755 tests/bitlk-compat-test create mode 100644 tests/bitlk-images.tar.xz create mode 100644 tests/blkid-luks2-pv.img.xz create mode 100755 tests/blockwise-compat create mode 100755 tests/compat-test2 delete mode 100644 tests/compatimage.img.bz2 create mode 100644 tests/compatimage.img.xz create mode 100644 tests/compatimage2.img.xz delete mode 100644 tests/compatv10image.img.bz2 create mode 100644 tests/compatv10image.img.xz create mode 100644 tests/conversion_imgs.tar.xz create mode 100644 tests/crypto-vectors.c create mode 100644 tests/evil_hdr-keyslot_overlap.xz delete mode 100644 tests/evil_hdr-luks_hdr_damage.bz2 create mode 100644 tests/evil_hdr-luks_hdr_damage.xz delete mode 100644 tests/evil_hdr-payload_overwrite.bz2 create mode 100644 tests/evil_hdr-payload_overwrite.xz delete mode 100644 tests/evil_hdr-small_luks_device.bz2 create mode 100644 tests/evil_hdr-small_luks_device.xz delete mode 100644 tests/evil_hdr-stripes_payload_dmg.bz2 create mode 100644 tests/evil_hdr-stripes_payload_dmg.xz create mode 100755 tests/generators/generate-luks2-area-in-json-hdr-space-json0.img.sh create mode 100755 tests/generators/generate-luks2-argon2-leftover-params.img.sh create mode 100755 tests/generators/generate-luks2-correct-full-json0.img.sh create mode 100755 tests/generators/generate-luks2-corrupted-hdr0-with-correct-chks.img.sh create mode 100755 tests/generators/generate-luks2-corrupted-hdr1-with-correct-chks.img.sh create mode 100755 tests/generators/generate-luks2-invalid-checksum-both-hdrs.img.sh create mode 100755 tests/generators/generate-luks2-invalid-checksum-hdr0.img.sh create mode 100755 tests/generators/generate-luks2-invalid-checksum-hdr1.img.sh create mode 100755 tests/generators/generate-luks2-invalid-json-size-c0.img.sh create mode 100755 tests/generators/generate-luks2-invalid-json-size-c1.img.sh create mode 100755 tests/generators/generate-luks2-invalid-json-size-c2.img.sh create mode 100755 tests/generators/generate-luks2-invalid-keyslots-size-c0.img.sh create mode 100755 tests/generators/generate-luks2-invalid-keyslots-size-c1.img.sh create mode 100755 tests/generators/generate-luks2-invalid-keyslots-size-c2.img.sh create mode 100755 tests/generators/generate-luks2-invalid-object-type-json0.img.sh create mode 100755 tests/generators/generate-luks2-invalid-opening-char-json0.img.sh create mode 100755 tests/generators/generate-luks2-keyslot-missing-digest.img.sh create mode 100755 tests/generators/generate-luks2-keyslot-too-many-digests.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-128k-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-128k.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-16k-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-1m-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-1m.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-256k-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-256k.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-2m-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-2m.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-32k-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-32k.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-4m-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-4m.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-512k-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-512k.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-64k-inv-area-c0.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-64k-inv-area-c1.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-64k-inv-keyslots-size-c0.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-64k-secondary.img.sh create mode 100755 tests/generators/generate-luks2-metadata-size-64k.img.sh create mode 100755 tests/generators/generate-luks2-missing-keyslot-referenced-in-digest.img.sh create mode 100755 tests/generators/generate-luks2-missing-keyslot-referenced-in-token.img.sh create mode 100755 tests/generators/generate-luks2-missing-segment-referenced-in-digest.img.sh create mode 100755 tests/generators/generate-luks2-missing-trailing-null-byte-json0.img.sh create mode 100755 tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh create mode 100755 tests/generators/generate-luks2-non-null-bytes-beyond-json0.img.sh create mode 100755 tests/generators/generate-luks2-overlapping-areas-c0-json0.img.sh create mode 100755 tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh create mode 100755 tests/generators/generate-luks2-overlapping-areas-c2-json0.img.sh create mode 100755 tests/generators/generate-luks2-pbkdf2-leftover-params-0.img.sh create mode 100755 tests/generators/generate-luks2-pbkdf2-leftover-params-1.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-missing-encryption.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-missing-ivoffset.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-missing-sectorsize.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-wrong-encryption.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-wrong-ivoffset.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-0.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-1.img.sh create mode 100755 tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-2.img.sh create mode 100755 tests/generators/generate-luks2-segment-missing-offset.img.sh create mode 100755 tests/generators/generate-luks2-segment-missing-size.img.sh create mode 100755 tests/generators/generate-luks2-segment-missing-type.img.sh create mode 100755 tests/generators/generate-luks2-segment-two.img.sh create mode 100755 tests/generators/generate-luks2-segment-unknown-type.img.sh create mode 100755 tests/generators/generate-luks2-segment-wrong-flags-element.img.sh create mode 100755 tests/generators/generate-luks2-segment-wrong-flags.img.sh create mode 100755 tests/generators/generate-luks2-segment-wrong-offset.img.sh create mode 100755 tests/generators/generate-luks2-segment-wrong-size-0.img.sh create mode 100755 tests/generators/generate-luks2-segment-wrong-size-1.img.sh create mode 100755 tests/generators/generate-luks2-segment-wrong-size-2.img.sh create mode 100755 tests/generators/generate-luks2-segment-wrong-type.img.sh create mode 100755 tests/generators/generate-luks2-uint64-max-segment-size.img.sh create mode 100755 tests/generators/generate-luks2-uint64-overflow-segment-size.img.sh create mode 100755 tests/generators/generate-luks2-uint64-signed-segment-size.img.sh create mode 100644 tests/generators/lib.sh delete mode 100644 tests/img_fs_ext4.img.bz2 create mode 100644 tests/img_fs_ext4.img.xz delete mode 100644 tests/img_fs_vfat.img.bz2 create mode 100644 tests/img_fs_vfat.img.xz delete mode 100644 tests/img_fs_xfs.img.bz2 create mode 100644 tests/img_fs_xfs.img.xz create mode 100755 tests/integrity-compat-test create mode 100755 tests/keyring-compat-test create mode 100755 tests/keyring-test delete mode 100644 tests/luks1-images.tar.bz2 create mode 100644 tests/luks1-images.tar.xz create mode 100755 tests/luks2-integrity-test create mode 100755 tests/luks2-reencryption-test create mode 100755 tests/luks2-validation-test create mode 100644 tests/luks2_header_requirements.xz create mode 100644 tests/luks2_header_requirements_free.xz create mode 100644 tests/luks2_keyslot_unassigned.img.xz create mode 100644 tests/luks2_mda_images.tar.xz create mode 100644 tests/luks2_valid_hdr.img.xz create mode 100755 tests/reencryption-compat-test2 delete mode 100644 tests/tcrypt-images.tar.bz2 create mode 100644 tests/tcrypt-images.tar.xz create mode 100644 tests/test_utils.c create mode 100644 tests/unit-utils-io.c delete mode 100644 tests/valid_header_file.bz2 create mode 100644 tests/valid_header_file.xz diff --git a/ABOUT-NLS b/ABOUT-NLS index 3575535..b1de1b6 100644 --- a/ABOUT-NLS +++ b/ABOUT-NLS @@ -18,35 +18,7 @@ explain how users should proceed for getting the programs to use the available translations. They tell how people wanting to contribute and work on translations can contact the appropriate team. - When reporting bugs in the `intl/' directory or bugs which may be -related to internationalization, you should tell about the version of -`gettext' which is used. The information can be found in the -`intl/VERSION' file, in internationalized packages. - -1.1 Quick configuration advice -============================== - -If you want to exploit the full power of internationalization, you -should configure it using - - ./configure --with-included-gettext - -to force usage of internationalizing routines provided within this -package, despite the existence of internationalizing capabilities in the -operating system where this package is being installed. So far, only -the `gettext' implementation in the GNU C library version 2 provides as -many features (such as locale alias, message inheritance, automatic -charset conversion or plural form handling) as the implementation here. -It is also not possible to offer this additional functionality on top -of a `catgets' implementation. Future versions of GNU `gettext' will -very likely convey even more functionality. So it might be a good idea -to change to GNU `gettext' as soon as possible. - - So you need _not_ provide this option if you are using GNU libc 2 or -you have installed a recent copy of the GNU gettext package with the -included `libintl'. - -1.2 INSTALL Matters +1.1 INSTALL Matters =================== Some packages are "localizable" when properly installed; the programs @@ -56,36 +28,19 @@ internationalization, predating GNU `gettext'. By default, this package will be installed to allow translation of messages. It will automatically detect whether the system already -provides the GNU `gettext' functions. If not, the included GNU -`gettext' library will be used. This library is wholly contained -within this package, usually in the `intl/' subdirectory, so prior -installation of the GNU `gettext' package is _not_ required. -Installers may use special options at configuration time for changing -the default behaviour. The commands: +provides the GNU `gettext' functions. Installers may use special +options at configuration time for changing the default behaviour. The +command: - ./configure --with-included-gettext ./configure --disable-nls -will, respectively, bypass any pre-existing `gettext' to use the -internationalizing routines provided within this package, or else, -_totally_ disable translation of messages. +will _totally_ disable translation of messages. When you already have GNU `gettext' installed on your system and run configure without an option for your new package, `configure' will -probably detect the previously built and installed `libintl.a' file and -will decide to use this. This might not be desirable. You should use -the more recent version of the GNU `gettext' library. I.e. if the file -`intl/VERSION' shows that the library which comes with this package is -more recent, you should use - - ./configure --with-included-gettext - -to prevent auto-detection. - - The configuration process will not test for the `catgets' function -and therefore it will not be used. The reason is that even an -emulation of `gettext' on top of `catgets' could not provide all the -extensions of the GNU `gettext' library. +probably detect the previously built and installed `libintl' library +and will decide to use it. If not, you may have to to use the +`--with-libintl-prefix' option to tell `configure' where to look for it. Internationalized packages usually have many `po/LL.po' files, where LL gives an ISO 639 two-letter code identifying the language. Unless @@ -96,13 +51,16 @@ may be set, prior to configuration, to limit the installed set. `LINGUAS' should then contain a space separated list of two-letter codes, stating which languages are allowed. -1.3 Using This Package +1.2 Using This Package ====================== As a user, if your language has been installed for this package, you only have to set the `LANG' environment variable to the appropriate -`LL_CC' combination. Here `LL' is an ISO 639 two-letter language code, -and `CC' is an ISO 3166 two-letter country code. For example, let's +`LL_CC' combination. If you happen to have the `LC_ALL' or some other +`LC_xxx' environment variables set, you should unset them before +setting `LANG', otherwise the setting of `LANG' will not have the +desired effect. Here `LL' is an ISO 639 two-letter language code, and +`CC' is an ISO 3166 two-letter country code. For example, let's suppose that you speak German and live in Germany. At the shell prompt, merely execute `setenv LANG de_DE' (in `csh'), `export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). @@ -145,7 +103,7 @@ to denote the language's main dialect. For example, `de' is equivalent to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' (Portuguese as spoken in Portugal) in this context. -1.4 Translating Teams +1.3 Translating Teams ===================== For the Free Translation Project to be a success, we need interested @@ -153,8 +111,7 @@ people who like their own language and write it well, and who are also able to synergize with other translators speaking the same language. Each translation team has its own mailing list. The up-to-date list of teams can be found at the Free Translation Project's homepage, -`http://www.iro.umontreal.ca/contrib/po/HTML/', in the "National teams" -area. +`http://translationproject.org/', in the "Teams" area. If you'd like to volunteer to _work_ at translating messages, you should become a member of the translating team for your own language. @@ -168,911 +125,1125 @@ message to `sv-request@li.org', having this message body: _actively_ in translations, or at solving translational difficulties, rather than merely lurking around. If your team does not exist yet and you want to start one, or if you are unsure about what to do or how to -get started, please write to `translation@iro.umontreal.ca' to reach the -coordinator for all translator teams. +get started, please write to `coordinator@translationproject.org' to +reach the coordinator for all translator teams. The English team is special. It works at improving and uniformizing -the terminology in use. Proven linguistic skill are praised more than -programming skill, here. +the terminology in use. Proven linguistic skills are praised more than +programming skills, here. -1.5 Available Packages +1.4 Available Packages ====================== Languages are not equally supported in all packages. The following -matrix shows the current state of internationalization, as of July -2006. The matrix shows, in regard of each package, for which languages +matrix shows the current state of internationalization, as of June +2010. The matrix shows, in regard of each package, for which languages PO files have been submitted to translation coordination, with a translation percentage of at least 50%. - Ready PO files af am ar az be bg bs ca cs cy da de el en en_GB eo - +----------------------------------------------------+ - GNUnet | [] | - a2ps | [] [] [] [] [] | - aegis | () | - ant-phone | () | - anubis | [] | - ap-utils | | - aspell | [] [] [] [] | - bash | [] [] [] | - batchelor | [] | - bfd | | - bibshelf | [] | - binutils | [] | - bison | [] [] | - bison-runtime | [] | - bluez-pin | [] [] [] [] [] | - cflow | [] | - clisp | [] [] | - console-tools | [] [] | - coreutils | [] [] [] [] | - cpio | | - cpplib | [] [] [] | - cryptonit | [] | - darkstat | [] () [] | - dialog | [] [] [] [] [] [] | - diffutils | [] [] [] [] [] [] | - doodle | [] | - e2fsprogs | [] [] | - enscript | [] [] [] [] | - error | [] [] [] [] | - fetchmail | [] [] () [] | - fileutils | [] [] | - findutils | [] [] [] | - flex | [] [] [] | - fslint | [] | - gas | | - gawk | [] [] [] | - gbiff | [] | - gcal | [] | - gcc | [] | - gettext-examples | [] [] [] [] [] | - gettext-runtime | [] [] [] [] [] | - gettext-tools | [] [] | - gimp-print | [] [] [] [] | - gip | [] | - gliv | [] | - glunarclock | [] | - gmult | [] [] | - gnubiff | () | - gnucash | () () [] | - gnucash-glossary | [] () | - gnuedu | | - gnulib | [] [] [] [] [] [] | - gnunet-gtk | | - gnutls | | - gpe-aerial | [] [] | - gpe-beam | [] [] | - gpe-calendar | [] [] | - gpe-clock | [] [] | - gpe-conf | [] [] | - gpe-contacts | | - gpe-edit | [] | - gpe-filemanager | | - gpe-go | [] | - gpe-login | [] [] | - gpe-ownerinfo | [] [] | - gpe-package | | - gpe-sketchbook | [] [] | - gpe-su | [] [] | - gpe-taskmanager | [] [] | - gpe-timesheet | [] | - gpe-today | [] [] | - gpe-todo | | - gphoto2 | [] [] [] [] | - gprof | [] [] | - gpsdrive | () () | - gramadoir | [] [] | - grep | [] [] [] [] [] [] | - gretl | | - gsasl | | - gss | | - gst-plugins | [] [] [] [] | - gst-plugins-base | [] [] [] | - gst-plugins-good | [] [] [] [] [] [] [] | - gstreamer | [] [] [] [] [] [] [] | - gtick | [] () | - gtkam | [] [] [] | - gtkorphan | [] [] | - gtkspell | [] [] [] [] | - gutenprint | [] | - hello | [] [] [] [] [] | - id-utils | [] [] | - impost | | - indent | [] [] [] | - iso_3166 | [] [] | - iso_3166_1 | [] [] [] [] [] | - iso_3166_2 | | - iso_3166_3 | [] | - iso_4217 | [] | - iso_639 | [] [] | - jpilot | [] | - jtag | | - jwhois | | - kbd | [] [] [] [] | - keytouch | | - keytouch-editor | | - keytouch-keyboa... | | - latrine | () | - ld | [] | - leafpad | [] [] [] [] [] | - libc | [] [] [] [] [] | - libexif | [] | - libextractor | [] | - libgpewidget | [] [] [] | - libgpg-error | [] | - libgphoto2 | [] [] | - libgphoto2_port | [] [] | - libgsasl | | - libiconv | [] [] | - libidn | [] [] | - lifelines | [] () | - lilypond | [] | - lingoteach | | - lynx | [] [] [] [] | - m4 | [] [] [] [] | - mailutils | [] | - make | [] [] | - man-db | [] () [] [] | - minicom | [] [] [] | - mysecretdiary | [] [] | - nano | [] [] () [] | - nano_1_0 | [] () [] [] | - opcodes | [] | - parted | | - pilot-qof | [] | - psmisc | [] | - pwdutils | | - python | | - qof | | - radius | [] | - recode | [] [] [] [] [] [] | - rpm | [] [] | - screem | | - scrollkeeper | [] [] [] [] [] [] [] [] | - sed | [] [] [] | - sh-utils | [] [] | - shared-mime-info | [] [] [] | - sharutils | [] [] [] [] [] [] | - shishi | | - silky | | - skencil | [] () | - sketch | [] () | - solfege | | - soundtracker | [] [] | - sp | [] | - stardict | [] | - system-tools-ba... | [] [] [] [] [] [] [] [] [] | - tar | [] | - texinfo | [] [] [] | - textutils | [] [] [] | - tin | () () | - tp-robot | [] | - tuxpaint | [] [] [] [] [] | - unicode-han-tra... | | - unicode-transla... | | - util-linux | [] [] [] [] | - vorbis-tools | [] [] [] [] | - wastesedge | () | - wdiff | [] [] [] [] | - wget | [] [] | - xchat | [] [] [] [] [] | - xkeyboard-config | | - xpad | [] [] | - +----------------------------------------------------+ - af am ar az be bg bs ca cs cy da de el en en_GB eo - 11 0 1 2 8 21 1 42 43 2 62 99 18 1 16 16 - - es et eu fa fi fr ga gl gu he hi hr hu id is it + Ready PO files af am an ar as ast az be be@latin bg bn_IN bs ca +--------------------------------------------------+ - GNUnet | | - a2ps | [] [] [] () | + a2ps | [] [] | aegis | | - ant-phone | [] | - anubis | [] | - ap-utils | [] [] | - aspell | [] [] [] | - bash | [] [] [] | - batchelor | [] [] | - bfd | [] | - bibshelf | [] [] [] | - binutils | [] [] [] | - bison | [] [] [] [] [] [] | - bison-runtime | [] [] [] [] [] | - bluez-pin | [] [] [] [] [] | - cflow | | - clisp | [] [] | - console-tools | | - coreutils | [] [] [] [] [] [] | - cpio | [] [] [] | - cpplib | [] [] | - cryptonit | [] | - darkstat | [] () [] [] [] | - dialog | [] [] [] [] [] [] [] [] | - diffutils | [] [] [] [] [] [] [] [] [] | - doodle | [] [] | - e2fsprogs | [] [] [] | - enscript | [] [] [] | - error | [] [] [] [] [] | - fetchmail | [] | - fileutils | [] [] [] [] [] [] | - findutils | [] [] [] [] | - flex | [] [] [] | - fslint | [] | - gas | [] [] | - gawk | [] [] [] [] | - gbiff | [] | - gcal | [] [] | - gcc | [] | - gettext-examples | [] [] [] [] [] | - gettext-runtime | [] [] [] [] [] [] | - gettext-tools | [] [] [] | - gimp-print | [] [] | - gip | [] [] [] | - gliv | () | - glunarclock | [] [] [] | - gmult | [] [] [] | - gnubiff | () () | - gnucash | () () () | - gnucash-glossary | [] [] | - gnuedu | [] | - gnulib | [] [] [] [] [] [] [] [] | - gnunet-gtk | | - gnutls | | - gpe-aerial | [] [] | - gpe-beam | [] [] | - gpe-calendar | [] [] [] [] | - gpe-clock | [] [] [] [] | - gpe-conf | [] | - gpe-contacts | [] [] | - gpe-edit | [] [] [] [] | - gpe-filemanager | [] | - gpe-go | [] [] [] | - gpe-login | [] [] [] | - gpe-ownerinfo | [] [] [] [] [] | - gpe-package | [] | - gpe-sketchbook | [] [] | - gpe-su | [] [] [] [] | - gpe-taskmanager | [] [] [] | - gpe-timesheet | [] [] [] [] | - gpe-today | [] [] [] [] | - gpe-todo | [] | - gphoto2 | [] [] [] [] [] | - gprof | [] [] [] [] | - gpsdrive | () () [] () | - gramadoir | [] [] | - grep | [] [] [] [] [] [] [] [] [] [] [] [] | - gretl | [] [] [] | - gsasl | [] | - gss | [] | - gst-plugins | [] [] [] | - gst-plugins-base | [] [] | - gst-plugins-good | [] [] [] | - gstreamer | [] [] [] | - gtick | [] [] [] [] [] | - gtkam | [] [] [] [] | - gtkorphan | [] [] | - gtkspell | [] [] [] [] [] [] | - gutenprint | [] | - hello | [] [] [] [] [] [] [] [] [] [] [] [] [] | - id-utils | [] [] [] [] [] | - impost | [] [] | - indent | [] [] [] [] [] [] [] [] [] [] | - iso_3166 | [] [] [] | - iso_3166_1 | [] [] [] [] [] [] [] | - iso_3166_2 | [] | - iso_3166_3 | [] | - iso_4217 | [] [] [] [] | - iso_639 | [] [] [] [] [] | - jpilot | [] [] | - jtag | [] | - jwhois | [] [] [] [] [] | - kbd | [] [] | - keytouch | [] | - keytouch-editor | [] | - keytouch-keyboa... | [] | - latrine | [] [] [] | - ld | [] [] | - leafpad | [] [] [] [] [] [] | - libc | [] [] [] [] [] | - libexif | [] | - libextractor | [] | - libgpewidget | [] [] [] [] [] | - libgpg-error | | - libgphoto2 | [] [] [] | - libgphoto2_port | [] [] | - libgsasl | [] [] | - libiconv | [] | - libidn | [] [] | - lifelines | () | - lilypond | [] | - lingoteach | [] [] [] | - lynx | [] [] [] | - m4 | [] [] [] [] | - mailutils | [] [] | - make | [] [] [] [] [] [] [] [] | - man-db | () | - minicom | [] [] [] [] | - mysecretdiary | [] [] [] | - nano | [] () [] [] [] [] | - nano_1_0 | [] [] [] [] [] | - opcodes | [] [] [] [] | - parted | [] [] [] [] | - pilot-qof | | - psmisc | [] [] [] | - pwdutils | | - python | | - qof | | - radius | [] [] | - recode | [] [] [] [] [] [] [] [] | - rpm | [] [] | - screem | | - scrollkeeper | [] [] [] | - sed | [] [] [] [] [] | - sh-utils | [] [] [] [] [] [] [] | - shared-mime-info | [] [] [] [] [] [] | - sharutils | [] [] [] [] [] [] [] [] | - shishi | | - silky | [] | - skencil | [] [] | - sketch | [] [] | - solfege | [] | - soundtracker | [] [] [] | - sp | [] | - stardict | [] | - system-tools-ba... | [] [] [] [] [] [] [] [] | - tar | [] [] [] [] [] [] | - texinfo | [] [] | - textutils | [] [] [] [] [] | - tin | [] () | - tp-robot | [] [] [] [] | - tuxpaint | [] [] | - unicode-han-tra... | | - unicode-transla... | [] [] | - util-linux | [] [] [] [] [] [] [] | - vorbis-tools | [] [] | - wastesedge | () | - wdiff | [] [] [] [] [] [] [] [] | - wget | [] [] [] [] [] [] [] [] | - xchat | [] [] [] [] [] [] [] [] | - xkeyboard-config | [] [] [] [] | - xpad | [] [] [] | - +--------------------------------------------------+ - es et eu fa fi fr ga gl gu he hi hr hu id is it - 89 21 16 2 41 119 61 14 1 8 1 6 61 30 0 53 - - ja ko ku ky lg lt lv mk mn ms mt nb ne nl nn no - +--------------------------------------------------+ - GNUnet | | - a2ps | () [] [] () | - aegis | () | - ant-phone | [] | - anubis | [] [] [] | - ap-utils | [] | - aspell | [] [] | - bash | [] | - batchelor | [] [] | + ant-phone | | + anubis | | + aspell | [] [] | + bash | | bfd | | - bibshelf | [] | + bibshelf | [] | binutils | | - bison | [] [] [] | - bison-runtime | [] [] [] | - bluez-pin | [] [] [] | + bison | | + bison-runtime | [] | + bluez-pin | [] [] | + bombono-dvd | | + buzztard | | cflow | | - clisp | [] | - console-tools | | - coreutils | [] | + clisp | | + coreutils | [] [] | cpio | | - cpplib | [] | - cryptonit | [] | - darkstat | [] [] | - dialog | [] [] | - diffutils | [] [] [] | + cppi | | + cpplib | [] | + cryptsetup | | + dfarc | | + dialog | [] [] | + dico | | + diffutils | [] | + dink | | doodle | | - e2fsprogs | [] | - enscript | [] | - error | [] | - fetchmail | [] [] | - fileutils | [] [] | - findutils | [] | - flex | [] [] | - fslint | [] [] | + e2fsprogs | [] | + enscript | [] | + exif | | + fetchmail | [] | + findutils | [] | + flex | [] | + freedink | | gas | | - gawk | [] [] | - gbiff | [] | - gcal | | + gawk | [] [] | + gcal | [] | gcc | | - gettext-examples | [] [] | - gettext-runtime | [] [] [] | - gettext-tools | [] [] | - gimp-print | [] [] | - gip | [] [] | - gliv | [] | - glunarclock | [] [] | - gmult | [] [] | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] | + gettext-tools | [] [] | + gip | [] | + gjay | | + gliv | [] | + glunarclock | [] [] | gnubiff | | - gnucash | () () | - gnucash-glossary | [] | + gnucash | [] | gnuedu | | - gnulib | [] [] [] [] | + gnulib | | + gnunet | | gnunet-gtk | | gnutls | | - gpe-aerial | [] | - gpe-beam | [] | - gpe-calendar | [] | - gpe-clock | [] [] | - gpe-conf | [] [] | - gpe-contacts | [] | - gpe-edit | [] [] | - gpe-filemanager | [] | - gpe-go | [] [] | - gpe-login | [] [] | - gpe-ownerinfo | [] | - gpe-package | [] | - gpe-sketchbook | [] [] | - gpe-su | [] [] | - gpe-taskmanager | [] [] [] | - gpe-timesheet | [] | - gpe-today | [] | + gold | | + gpe-aerial | | + gpe-beam | | + gpe-bluetooth | | + gpe-calendar | | + gpe-clock | [] | + gpe-conf | | + gpe-contacts | | + gpe-edit | | + gpe-filemanager | | + gpe-go | | + gpe-login | | + gpe-ownerinfo | [] | + gpe-package | | + gpe-sketchbook | | + gpe-su | [] | + gpe-taskmanager | [] | + gpe-timesheet | [] | + gpe-today | [] | gpe-todo | | - gphoto2 | [] [] | - gprof | | - gpsdrive | () () () | - gramadoir | () | - grep | [] [] [] | - gretl | | - gsasl | [] | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | [] [] | + gsasl | | gss | | - gst-plugins | [] | - gst-plugins-base | | - gst-plugins-good | [] | - gstreamer | [] | - gtick | [] | - gtkam | [] | - gtkorphan | [] | - gtkspell | [] [] | + gst-plugins-bad | [] | + gst-plugins-base | [] | + gst-plugins-good | [] | + gst-plugins-ugly | [] | + gstreamer | [] [] [] | + gtick | | + gtkam | [] | + gtkorphan | [] | + gtkspell | [] [] [] | gutenprint | | - hello | [] [] [] [] [] [] [] [] | - id-utils | [] | - impost | | - indent | [] [] | - iso_3166 | [] | - iso_3166_1 | [] [] | - iso_3166_2 | [] | - iso_3166_3 | [] | - iso_4217 | [] [] [] | - iso_639 | [] [] | - jpilot | () () () | - jtag | | - jwhois | [] | - kbd | [] | - keytouch | [] | + hello | [] | + help2man | | + hylafax | | + idutils | | + indent | [] [] | + iso_15924 | | + iso_3166 | [] [] [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | | + iso_639 | [] [] [] [] | + iso_639_3 | | + jwhois | | + kbd | | + keytouch | [] | keytouch-editor | | - keytouch-keyboa... | | - latrine | [] | - ld | | - leafpad | [] [] | - libc | [] [] [] [] [] | - libexif | | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | | + ld | [] | + leafpad | [] [] | + libc | [] [] | + libexif | () | libextractor | | - libgpewidget | [] | + libgnutls | | + libgpewidget | | libgpg-error | | - libgphoto2 | [] | - libgphoto2_port | [] | - libgsasl | [] | - libiconv | | - libidn | [] [] | - lifelines | [] | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | [] | + libidn | | + lifelines | | + liferea | [] [] | lilypond | | - lingoteach | [] | - lynx | [] [] | - m4 | [] [] | + linkdr | [] | + lordsawar | | + lprng | | + lynx | [] | + m4 | | + mailfromd | | mailutils | | - make | [] [] [] | - man-db | () | - minicom | [] | - mysecretdiary | [] | - nano | [] [] [] | - nano_1_0 | [] [] [] | - opcodes | [] | - parted | [] [] | - pilot-qof | | - psmisc | [] [] [] | + make | | + man-db | | + man-db-manpages | | + minicom | | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | | + psmisc | | + pspp | [] | pwdutils | | - python | | - qof | | - radius | | - recode | [] | - rpm | [] [] | - screem | [] | - scrollkeeper | [] [] [] [] | - sed | [] [] | - sh-utils | [] [] | - shared-mime-info | [] [] [] [] [] | - sharutils | [] [] | + radius | [] | + recode | [] [] | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] | + sed | [] [] | + sharutils | [] [] | shishi | | - silky | [] | skencil | | - sketch | | solfege | | + solfege-manual | | soundtracker | | - sp | () | - stardict | [] [] | - system-tools-ba... | [] [] [] [] | - tar | [] [] [] | - texinfo | [] [] [] | - textutils | [] [] [] | + sp | | + sysstat | | + tar | [] | + texinfo | | tin | | - tp-robot | [] | - tuxpaint | [] | unicode-han-tra... | | unicode-transla... | | - util-linux | [] [] | - vorbis-tools | [] | - wastesedge | [] | - wdiff | [] [] | - wget | [] [] | - xchat | [] [] [] [] | - xkeyboard-config | [] | - xpad | [] [] [] | + util-linux-ng | [] | + vice | | + vmm | | + vorbis-tools | | + wastesedge | | + wdiff | | + wget | [] [] | + wyslij-po | | + xchat | [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] | +--------------------------------------------------+ - ja ko ku ky lg lt lv mk mn ms mt nb ne nl nn no - 40 24 2 1 1 3 1 2 3 21 0 15 1 101 5 3 + af am an ar as ast az be be@latin bg bn_IN bs ca + 6 0 1 2 3 19 1 10 3 28 3 1 38 - nso or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta - +------------------------------------------------------+ - GNUnet | | - a2ps | () [] [] [] [] [] [] | - aegis | () () | - ant-phone | [] [] | - anubis | [] [] [] | - ap-utils | () | - aspell | [] [] | - bash | [] [] [] | - batchelor | [] [] | - bfd | | - bibshelf | [] | - binutils | [] [] | - bison | [] [] [] [] [] | - bison-runtime | [] [] [] [] | - bluez-pin | [] [] [] [] [] [] [] [] [] | - cflow | [] | - clisp | [] | - console-tools | [] | - coreutils | [] [] [] [] | - cpio | [] [] [] | - cpplib | [] | - cryptonit | [] [] | - darkstat | [] [] [] [] [] [] | - dialog | [] [] [] [] [] [] [] [] [] | - diffutils | [] [] [] [] [] [] | - doodle | [] [] | - e2fsprogs | [] [] | - enscript | [] [] [] [] [] | - error | [] [] [] [] | - fetchmail | [] [] [] | - fileutils | [] [] [] [] [] | - findutils | [] [] [] [] [] [] | - flex | [] [] [] [] [] | - fslint | [] [] [] [] | - gas | | - gawk | [] [] [] [] | - gbiff | [] | - gcal | [] | - gcc | [] | - gettext-examples | [] [] [] [] [] [] [] [] | - gettext-runtime | [] [] [] [] [] [] [] [] | - gettext-tools | [] [] [] [] [] [] [] | - gimp-print | [] [] | - gip | [] [] [] [] | - gliv | [] [] [] [] | - glunarclock | [] [] [] [] [] [] | - gmult | [] [] [] [] | - gnubiff | () | - gnucash | () [] | - gnucash-glossary | [] [] [] | - gnuedu | | - gnulib | [] [] [] [] [] | - gnunet-gtk | [] | - gnutls | [] [] | - gpe-aerial | [] [] [] [] [] [] [] | - gpe-beam | [] [] [] [] [] [] [] | - gpe-calendar | [] [] [] [] [] [] [] [] | - gpe-clock | [] [] [] [] [] [] [] [] | - gpe-conf | [] [] [] [] [] [] [] | - gpe-contacts | [] [] [] [] [] | - gpe-edit | [] [] [] [] [] [] [] [] | - gpe-filemanager | [] [] | - gpe-go | [] [] [] [] [] [] | - gpe-login | [] [] [] [] [] [] [] [] | - gpe-ownerinfo | [] [] [] [] [] [] [] [] | - gpe-package | [] [] | - gpe-sketchbook | [] [] [] [] [] [] [] [] | - gpe-su | [] [] [] [] [] [] [] [] | - gpe-taskmanager | [] [] [] [] [] [] [] [] | - gpe-timesheet | [] [] [] [] [] [] [] [] | - gpe-today | [] [] [] [] [] [] [] [] | - gpe-todo | [] [] [] [] | - gphoto2 | [] [] [] [] [] | - gprof | [] [] [] | - gpsdrive | [] [] [] | - gramadoir | [] [] | - grep | [] [] [] [] [] [] [] [] | - gretl | [] | - gsasl | [] [] | - gss | [] [] [] | - gst-plugins | [] [] [] [] | - gst-plugins-base | [] | - gst-plugins-good | [] [] [] [] | - gstreamer | [] [] [] | - gtick | [] [] [] | - gtkam | [] [] [] [] | - gtkorphan | [] | - gtkspell | [] [] [] [] [] [] [] [] | - gutenprint | [] | - hello | [] [] [] [] [] [] [] [] | - id-utils | [] [] [] [] | - impost | [] | - indent | [] [] [] [] [] [] | - iso_3166 | [] [] [] [] [] [] | - iso_3166_1 | [] [] [] [] | - iso_3166_2 | | - iso_3166_3 | [] [] [] [] | - iso_4217 | [] [] [] [] | - iso_639 | [] [] [] [] | - jpilot | | - jtag | [] | - jwhois | [] [] [] [] | - kbd | [] [] [] | - keytouch | [] | - keytouch-editor | [] | - keytouch-keyboa... | [] | - latrine | [] [] | - ld | [] | - leafpad | [] [] [] [] [] [] | - libc | [] [] [] [] [] | - libexif | [] | - libextractor | [] [] | - libgpewidget | [] [] [] [] [] [] [] | - libgpg-error | [] [] | - libgphoto2 | [] | - libgphoto2_port | [] [] [] | - libgsasl | [] [] [] [] | - libiconv | | - libidn | [] [] () | - lifelines | [] [] | - lilypond | | - lingoteach | [] | - lynx | [] [] [] | - m4 | [] [] [] [] [] | - mailutils | [] [] [] [] | - make | [] [] [] [] | - man-db | [] [] | - minicom | [] [] [] [] [] | - mysecretdiary | [] [] [] [] | - nano | [] [] | - nano_1_0 | [] [] [] [] | - opcodes | [] [] | - parted | [] | - pilot-qof | [] | - psmisc | [] [] | - pwdutils | [] [] | - python | | - qof | [] | - radius | [] [] | - recode | [] [] [] [] [] [] [] | - rpm | [] [] [] [] | - screem | | - scrollkeeper | [] [] [] [] [] [] [] | - sed | [] [] [] [] [] [] [] [] [] | - sh-utils | [] [] [] | - shared-mime-info | [] [] [] [] [] | - sharutils | [] [] [] [] | - shishi | [] | - silky | [] | - skencil | [] [] [] | - sketch | [] [] [] | - solfege | [] | - soundtracker | [] [] | - sp | | - stardict | [] [] [] | - system-tools-ba... | [] [] [] [] [] [] [] [] [] | - tar | [] [] [] [] [] | - texinfo | [] [] [] [] | - textutils | [] [] [] | - tin | () | - tp-robot | [] | - tuxpaint | [] [] [] [] [] | - unicode-han-tra... | | - unicode-transla... | | - util-linux | [] [] [] [] | - vorbis-tools | [] [] | - wastesedge | | - wdiff | [] [] [] [] [] [] | - wget | [] [] [] [] | - xchat | [] [] [] [] [] [] [] | - xkeyboard-config | [] [] | - xpad | [] [] [] | - +------------------------------------------------------+ - nso or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta - 0 2 3 58 31 53 5 76 72 5 42 48 12 51 130 2 + crh cs da de el en en_GB en_ZA eo es et eu fa + +-------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] () | + anubis | [] [] | + aspell | [] [] [] [] [] | + bash | [] [] [] | + bfd | [] | + bibshelf | [] [] [] | + binutils | [] | + bison | [] [] | + bison-runtime | [] [] [] [] | + bluez-pin | [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] [] [] | + cflow | [] [] | + clisp | [] [] [] [] | + coreutils | [] [] [] [] | + cpio | | + cppi | | + cpplib | [] [] [] | + cryptsetup | [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] | + dink | [] [] [] | + doodle | [] | + e2fsprogs | [] [] [] | + enscript | [] [] [] | + exif | () [] [] | + fetchmail | [] [] () [] [] [] | + findutils | [] [] [] | + flex | [] [] | + freedink | [] [] [] | + gas | [] | + gawk | [] [] [] | + gcal | [] | + gcc | [] [] | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] [] [] | + gettext-tools | [] [] [] | + gip | [] [] [] [] | + gjay | [] | + gliv | [] [] [] | + glunarclock | [] [] | + gnubiff | () | + gnucash | [] () () () () | + gnuedu | [] [] | + gnulib | [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] | + gpe-aerial | [] [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] | + gpe-conf | [] [] [] | + gpe-contacts | [] [] [] | + gpe-edit | [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] | + gpe-taskmanager | [] [] [] [] | + gpe-timesheet | [] [] [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] () [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] | + grub | [] [] | + gsasl | [] | + gss | | + gst-plugins-bad | [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] () [] | + gtkam | [] [] () [] [] | + gtkorphan | [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | [] [] [] | + hello | [] [] [] [] | + help2man | [] | + hylafax | [] [] | + idutils | [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] [] [] [] () [] [] [] () | + iso_3166_2 | () | + iso_4217 | [] [] [] () [] [] | + iso_639 | [] [] [] [] () [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | [] [] [] [] [] | + keytouch | [] [] | + keytouch-editor | [] [] | + keytouch-keyboa... | [] | + klavaro | [] [] [] [] | + latrine | [] () | + ld | [] [] | + leafpad | [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | [] [] | + libgphoto2 | [] () | + libgphoto2_port | [] () [] | + libgsasl | | + libiconv | [] [] [] [] [] | + libidn | [] [] [] | + lifelines | [] () | + liferea | [] [] [] [] [] | + lilypond | [] [] [] | + linkdr | [] [] [] | + lordsawar | [] | + lprng | | + lynx | [] [] [] [] | + m4 | [] [] [] [] | + mailfromd | | + mailutils | [] | + make | [] [] [] | + man-db | | + man-db-manpages | | + minicom | [] [] [] [] | + mkisofs | | + myserver | | + nano | [] [] [] | + opcodes | [] [] | + parted | [] [] | + pies | | + popt | [] [] [] [] [] | + psmisc | [] [] [] | + pspp | [] | + pwdutils | [] | + radius | [] | + recode | [] [] [] [] [] [] | + rosegarden | () () () | + rpm | [] [] [] | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] | + sed | [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | | + skencil | [] () [] | + solfege | [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] [] | + sp | [] | + sysstat | [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] | + tin | [] [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] | + vice | () () | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] | + wyslij-po | | + xchat | [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] [] | + +-------------------------------------------------+ + crh cs da de el en en_GB en_ZA eo es et eu fa + 5 64 105 117 18 1 8 0 28 89 18 19 0 + + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + +----------------------------------------------------+ + a2ps | [] [] [] [] | + aegis | [] [] | + ant-phone | [] [] | + anubis | [] [] [] [] | + aspell | [] [] [] [] | + bash | [] [] [] [] | + bfd | [] [] [] | + bibshelf | [] [] [] [] [] | + binutils | [] [] [] | + bison | [] [] [] [] | + bison-runtime | [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] | + cflow | [] [] [] | + clisp | [] | + coreutils | [] [] [] [] [] | + cpio | [] [] [] [] | + cppi | [] [] | + cpplib | [] [] [] | + cryptsetup | [] [] [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] [] [] [] | + dink | [] | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] | + exif | [] [] [] [] [] [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] [] | + flex | [] [] [] | + freedink | [] [] [] | + gas | [] [] | + gawk | [] [] [] [] () [] | + gcal | [] | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] | + gettext-tools | [] [] [] [] | + gip | [] [] [] [] [] [] | + gjay | [] | + gliv | [] () | + glunarclock | [] [] [] [] | + gnubiff | () [] () | + gnucash | () () () () () [] | + gnuedu | [] [] | + gnulib | [] [] [] [] [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] [] | + gpe-aerial | [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] [] [] | + gpe-calendar | [] [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] [] [] | + gpe-contacts | [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] [] | + gpe-go | [] [] [] [] [] | + gpe-login | [] [] [] | + gpe-ownerinfo | [] [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] [] [] [] [] | + gprof | [] [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] [] | + grub | [] [] [] [] | + gsasl | [] [] [] [] [] | + gss | [] [] [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] [] [] | + gtkam | [] [] [] [] [] | + gtkorphan | [] [] [] | + gtkspell | [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] [] [] | + hello | [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] [] | + indent | [] [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] () [] [] [] [] [] [] [] [] [] [] | + iso_3166_2 | () [] [] [] | + iso_4217 | [] () [] [] [] [] | + iso_639 | [] () [] [] [] [] [] [] [] | + iso_639_3 | () [] [] | + jwhois | [] [] [] [] [] | + kbd | [] [] | + keytouch | [] [] [] [] [] [] | + keytouch-editor | [] [] [] [] [] | + keytouch-keyboa... | [] [] [] [] [] | + klavaro | [] [] | + latrine | [] [] [] | + ld | [] [] [] [] | + leafpad | [] [] [] [] [] [] [] () | + libc | [] [] [] [] [] | + libexif | [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] [] | + libgphoto2_port | [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] [] | + libidn | [] [] [] [] | + lifelines | () | + liferea | [] [] [] [] | + lilypond | [] [] | + linkdr | [] [] [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] [] [] | + m4 | [] [] [] [] [] [] | + mailfromd | | + mailutils | [] [] | + make | [] [] [] [] [] [] [] [] [] | + man-db | [] [] | + man-db-manpages | [] | + minicom | [] [] [] [] [] | + mkisofs | [] [] [] [] | + myserver | | + nano | [] [] [] [] [] [] | + opcodes | [] [] [] [] | + parted | [] [] [] [] | + pies | | + popt | [] [] [] [] [] [] [] [] [] | + psmisc | [] [] [] | + pspp | | + pwdutils | [] [] | + radius | [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () () () () | + rpm | [] [] | + rush | | + sarg | [] | + screem | [] [] | + scrollkeeper | [] [] [] [] | + sed | [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] [] [] [] | + shishi | [] | + skencil | [] | + solfege | [] [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] | + sp | [] () | + sysstat | [] [] [] [] [] | + tar | [] [] [] [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | [] [] | + util-linux-ng | [] [] [] [] [] [] | + vice | () () () | + vmm | [] | + vorbis-tools | [] | + wastesedge | () () | + wdiff | [] | + wget | [] [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] | + +----------------------------------------------------+ + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + 105 121 53 20 4 8 3 5 53 2 120 5 84 67 0 4 + + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + +-----------------------------------------------+ + a2ps | [] | + aegis | | + ant-phone | | + anubis | [] [] | + aspell | [] | + bash | | + bfd | | + bibshelf | [] [] | + binutils | | + bison | [] | + bison-runtime | [] [] [] [] [] | + bluez-pin | [] [] [] [] [] | + bombono-dvd | | + buzztard | | + cflow | | + clisp | | + coreutils | [] | + cpio | | + cppi | | + cpplib | | + cryptsetup | | + dfarc | [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] | + dink | | + doodle | | + e2fsprogs | | + enscript | | + exif | [] | + fetchmail | | + findutils | | + flex | | + freedink | [] | + gas | | + gawk | | + gcal | | + gcc | | + gettext-examples | [] [] [] [] | + gettext-runtime | [] | + gettext-tools | [] | + gip | [] [] | + gjay | | + gliv | | + glunarclock | [] | + gnubiff | | + gnucash | () () () () | + gnuedu | | + gnulib | | + gnunet | | + gnunet-gtk | | + gnutls | [] | + gold | | + gpe-aerial | [] | + gpe-beam | [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] | + gpe-contacts | [] [] | + gpe-edit | [] | + gpe-filemanager | [] [] | + gpe-go | [] [] [] | + gpe-login | [] | + gpe-ownerinfo | [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] | + gpe-timesheet | [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | | + gsasl | | + gss | | + gst-plugins-bad | [] [] [] [] | + gst-plugins-base | [] [] | + gst-plugins-good | [] [] | + gst-plugins-ugly | [] [] [] [] [] | + gstreamer | | + gtick | | + gtkam | [] | + gtkorphan | [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | | + hello | [] [] [] | + help2man | | + hylafax | | + idutils | | + indent | | + iso_15924 | [] [] | + iso_3166 | [] [] () [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | [] [] | + iso_639 | [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | | + keytouch | [] | + keytouch-editor | [] | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | [] | + ld | | + leafpad | [] [] [] | + libc | [] | + libexif | | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | | + libidn | | + lifelines | | + liferea | | + lilypond | | + linkdr | | + lordsawar | | + lprng | | + lynx | | + m4 | | + mailfromd | | + mailutils | | + make | [] | + man-db | | + man-db-manpages | | + minicom | [] | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | [] [] [] | + psmisc | | + pspp | | + pwdutils | | + radius | | + recode | | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] | + sed | | + sharutils | | + shishi | | + skencil | | + solfege | [] | + solfege-manual | | + soundtracker | | + sp | | + sysstat | [] | + tar | [] | + texinfo | [] | + tin | | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | | + vice | | + vmm | | + vorbis-tools | | + wastesedge | | + wdiff | | + wget | [] | + wyslij-po | | + xchat | [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +-----------------------------------------------+ + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + 20 5 10 1 13 48 4 2 2 4 24 10 20 3 1 + + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + +---------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] [] | + anubis | [] [] [] | + aspell | [] [] [] [] [] | + bash | [] [] | + bfd | [] | + bibshelf | [] [] | + binutils | [] [] | + bison | [] [] [] | + bison-runtime | [] [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] () | + buzztard | [] [] | + cflow | [] | + clisp | [] [] | + coreutils | [] [] [] [] [] [] | + cpio | [] [] [] | + cppi | [] | + cpplib | [] | + cryptsetup | [] | + dfarc | [] | + dialog | [] [] [] [] | + dico | [] | + diffutils | [] [] [] [] [] [] | + dink | () | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] [] | + exif | [] [] [] () [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] | + flex | [] [] [] [] [] | + freedink | [] [] | + gas | | + gawk | [] [] [] [] | + gcal | | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] [] [] [] | + gettext-tools | [] [] [] [] [] [] | + gip | [] [] [] [] [] | + gjay | | + gliv | [] [] [] [] [] [] | + glunarclock | [] [] [] [] [] | + gnubiff | [] () | + gnucash | [] () () () | + gnuedu | [] | + gnulib | [] [] [] [] | + gnunet | | + gnunet-gtk | | + gnutls | [] [] | + gold | | + gpe-aerial | [] [] [] [] [] [] [] | + gpe-beam | [] [] [] [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] [] [] [] | + gpe-clock | [] [] [] [] [] [] [] [] | + gpe-conf | [] [] [] [] [] [] [] | + gpe-contacts | [] [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] [] [] [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] [] [] [] [] [] | + gpe-su | [] [] [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] [] | + gpe-todo | [] [] [] [] [] | + gphoto2 | [] [] [] [] [] [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] | + gramadoir | [] [] | + grep | [] [] [] [] | + grub | [] [] [] | + gsasl | [] [] [] [] | + gss | [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] | + gtkam | [] [] [] [] [] [] | + gtkorphan | [] | + gtkspell | [] [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] | + hello | [] [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] [] [] [] | + iso_3166 | [] [] [] [] [] () [] [] [] [] [] [] [] [] | + iso_3166_2 | [] [] [] | + iso_4217 | [] [] [] [] [] [] [] [] | + iso_639 | [] [] [] [] [] [] [] [] [] | + iso_639_3 | [] [] | + jwhois | [] [] [] [] | + kbd | [] [] [] | + keytouch | [] [] [] | + keytouch-editor | [] [] [] | + keytouch-keyboa... | [] [] [] | + klavaro | [] [] | + latrine | [] [] | + ld | | + leafpad | [] [] [] [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] | + libgphoto2_port | [] [] [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] | + libidn | [] [] | + lifelines | [] [] | + liferea | [] [] [] [] [] () () [] | + lilypond | [] | + linkdr | [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] | + m4 | [] [] [] [] [] | + mailfromd | [] | + mailutils | [] | + make | [] [] [] [] | + man-db | [] [] [] | + man-db-manpages | [] [] [] | + minicom | [] [] [] [] | + mkisofs | [] [] [] | + myserver | | + nano | [] [] [] [] | + opcodes | [] [] | + parted | [] [] [] [] | + pies | [] | + popt | [] [] [] [] | + psmisc | [] [] [] | + pspp | [] [] | + pwdutils | [] | + radius | [] [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () | + rpm | [] [] [] | + rush | [] [] | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] [] [] [] | + sed | [] [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | [] | + skencil | [] [] | + solfege | [] [] [] [] | + solfege-manual | [] [] [] | + soundtracker | [] | + sp | | + sysstat | [] [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] [] | + vice | [] | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +---------------------------------------------------+ + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + 135 10 4 7 105 1 29 62 47 91 3 54 46 9 37 - tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu + sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW +---------------------------------------------------+ - GNUnet | [] | 2 - a2ps | [] [] [] | 19 - aegis | | 0 - ant-phone | [] [] | 6 - anubis | [] [] [] | 11 - ap-utils | () [] | 4 - aspell | [] [] [] | 14 - bash | [] | 11 - batchelor | [] [] | 9 - bfd | | 1 - bibshelf | [] | 7 - binutils | [] [] [] | 9 - bison | [] [] [] | 19 - bison-runtime | [] [] [] | 16 - bluez-pin | [] [] [] [] [] [] | 28 - cflow | [] [] | 4 - clisp | | 6 - console-tools | [] [] | 5 - coreutils | [] [] | 17 - cpio | [] [] [] | 9 - cpplib | [] [] [] [] | 11 - cryptonit | | 5 - darkstat | [] () () | 15 - dialog | [] [] [] [] [] | 30 - diffutils | [] [] [] [] | 28 - doodle | [] | 6 - e2fsprogs | [] [] | 10 - enscript | [] [] [] | 16 - error | [] [] [] [] | 18 - fetchmail | [] [] | 12 - fileutils | [] [] [] | 18 - findutils | [] [] [] | 17 - flex | [] [] | 15 - fslint | [] | 9 - gas | [] | 3 - gawk | [] [] | 15 - gbiff | [] | 5 - gcal | [] | 5 - gcc | [] [] [] | 6 - gettext-examples | [] [] [] [] [] [] | 26 - gettext-runtime | [] [] [] [] [] [] | 28 - gettext-tools | [] [] [] [] [] | 19 - gimp-print | [] [] | 12 - gip | [] [] | 12 - gliv | [] [] | 8 - glunarclock | [] [] [] | 15 - gmult | [] [] [] [] | 15 - gnubiff | [] | 1 - gnucash | () | 2 - gnucash-glossary | [] [] | 9 - gnuedu | [] | 2 - gnulib | [] [] [] [] [] | 28 - gnunet-gtk | | 1 - gnutls | | 2 - gpe-aerial | [] [] | 14 - gpe-beam | [] [] | 14 - gpe-calendar | [] [] [] [] | 19 - gpe-clock | [] [] [] [] | 20 - gpe-conf | [] [] | 14 - gpe-contacts | [] [] | 10 - gpe-edit | [] [] [] [] | 19 - gpe-filemanager | [] | 5 - gpe-go | [] [] | 14 - gpe-login | [] [] [] [] [] | 20 - gpe-ownerinfo | [] [] [] [] | 20 - gpe-package | [] | 5 - gpe-sketchbook | [] [] | 16 - gpe-su | [] [] [] | 19 - gpe-taskmanager | [] [] [] | 19 - gpe-timesheet | [] [] [] [] | 18 - gpe-today | [] [] [] [] [] | 20 - gpe-todo | [] | 6 - gphoto2 | [] [] [] [] | 20 - gprof | [] [] | 11 - gpsdrive | | 4 - gramadoir | [] | 7 - grep | [] [] [] [] | 33 - gretl | | 4 - gsasl | [] [] | 6 - gss | [] | 5 - gst-plugins | [] [] [] | 15 - gst-plugins-base | [] [] [] | 9 - gst-plugins-good | [] [] [] | 18 - gstreamer | [] [] [] | 17 - gtick | [] | 11 - gtkam | [] | 13 - gtkorphan | [] | 7 - gtkspell | [] [] [] [] [] [] | 26 - gutenprint | | 3 - hello | [] [] [] [] [] | 39 - id-utils | [] [] | 14 - impost | [] | 4 - indent | [] [] [] [] | 25 - iso_3166 | [] [] [] | 15 - iso_3166_1 | [] [] | 20 - iso_3166_2 | | 2 - iso_3166_3 | [] [] | 9 - iso_4217 | [] [] | 14 - iso_639 | [] | 14 - jpilot | [] [] [] [] | 7 - jtag | [] | 3 - jwhois | [] [] [] | 13 - kbd | [] [] | 12 - keytouch | [] | 4 - keytouch-editor | | 2 - keytouch-keyboa... | | 2 - latrine | [] [] | 8 - ld | [] [] [] [] | 8 - leafpad | [] [] [] [] | 23 - libc | [] [] [] | 23 - libexif | [] | 4 - libextractor | [] | 5 - libgpewidget | [] [] [] | 19 - libgpg-error | [] | 4 - libgphoto2 | [] | 8 - libgphoto2_port | [] [] [] | 11 - libgsasl | [] | 8 - libiconv | [] | 4 - libidn | [] [] | 10 - lifelines | | 4 - lilypond | | 2 - lingoteach | [] | 6 - lynx | [] [] [] | 15 - m4 | [] [] [] | 18 - mailutils | [] | 8 - make | [] [] [] | 20 - man-db | [] | 6 - minicom | [] | 14 - mysecretdiary | [] [] | 12 - nano | [] [] | 15 - nano_1_0 | [] [] [] | 18 - opcodes | [] [] | 10 - parted | [] [] [] | 10 - pilot-qof | [] | 3 - psmisc | [] | 10 - pwdutils | [] | 3 - python | | 0 - qof | [] | 2 - radius | [] | 6 - recode | [] [] [] | 25 - rpm | [] [] [] [] | 14 - screem | [] | 2 - scrollkeeper | [] [] [] [] | 26 - sed | [] [] [] | 22 - sh-utils | [] | 15 - shared-mime-info | [] [] [] [] | 23 - sharutils | [] [] [] | 23 - shishi | | 1 - silky | [] | 4 - skencil | [] | 7 - sketch | | 6 - solfege | | 2 - soundtracker | [] [] | 9 - sp | [] | 3 - stardict | [] [] [] [] | 11 - system-tools-ba... | [] [] [] [] [] [] [] | 37 - tar | [] [] [] [] | 19 - texinfo | [] [] [] | 15 - textutils | [] [] [] | 17 - tin | | 1 - tp-robot | [] [] [] | 10 - tuxpaint | [] [] [] | 16 + a2ps | [] [] [] [] [] | 27 + aegis | [] | 9 + ant-phone | [] [] [] [] | 9 + anubis | [] [] [] [] | 15 + aspell | [] [] [] | 20 + bash | [] [] [] | 12 + bfd | [] | 6 + bibshelf | [] [] [] | 16 + binutils | [] [] | 8 + bison | [] [] | 12 + bison-runtime | [] [] [] [] [] [] | 29 + bluez-pin | [] [] [] [] [] [] [] [] | 37 + bombono-dvd | [] | 4 + buzztard | [] | 7 + cflow | [] [] [] | 9 + clisp | | 10 + coreutils | [] [] [] [] | 22 + cpio | [] [] [] [] [] [] | 13 + cppi | [] [] | 5 + cpplib | [] [] [] [] [] [] | 14 + cryptsetup | [] [] | 7 + dfarc | [] | 9 + dialog | [] [] [] [] [] [] [] | 30 + dico | [] | 2 + diffutils | [] [] [] [] [] [] | 30 + dink | | 4 + doodle | [] [] | 7 + e2fsprogs | [] [] [] | 11 + enscript | [] [] [] [] | 17 + exif | [] [] [] | 16 + fetchmail | [] [] [] | 17 + findutils | [] [] [] [] [] | 20 + flex | [] [] [] [] | 15 + freedink | [] | 10 + gas | [] | 4 + gawk | [] [] [] [] | 18 + gcal | [] [] | 5 + gcc | [] [] [] | 7 + gettext-examples | [] [] [] [] [] [] [] | 34 + gettext-runtime | [] [] [] [] [] [] [] | 29 + gettext-tools | [] [] [] [] [] [] | 22 + gip | [] [] [] [] | 22 + gjay | [] | 3 + gliv | [] [] [] | 14 + glunarclock | [] [] [] [] [] | 19 + gnubiff | [] [] | 4 + gnucash | () [] () [] () | 10 + gnuedu | [] [] | 7 + gnulib | [] [] [] [] | 16 + gnunet | [] | 1 + gnunet-gtk | [] [] [] | 5 + gnutls | [] [] [] | 10 + gold | [] | 4 + gpe-aerial | [] [] [] | 18 + gpe-beam | [] [] [] | 19 + gpe-bluetooth | [] [] [] | 13 + gpe-calendar | [] [] [] [] | 12 + gpe-clock | [] [] [] [] [] | 28 + gpe-conf | [] [] [] [] | 20 + gpe-contacts | [] [] [] | 17 + gpe-edit | [] [] [] | 12 + gpe-filemanager | [] [] [] [] | 16 + gpe-go | [] [] [] [] [] | 25 + gpe-login | [] [] [] | 11 + gpe-ownerinfo | [] [] [] [] [] | 25 + gpe-package | [] [] [] | 13 + gpe-sketchbook | [] [] [] | 20 + gpe-su | [] [] [] [] [] | 30 + gpe-taskmanager | [] [] [] [] [] | 29 + gpe-timesheet | [] [] [] [] [] | 25 + gpe-today | [] [] [] [] [] [] | 30 + gpe-todo | [] [] [] [] | 17 + gphoto2 | [] [] [] [] [] | 24 + gprof | [] [] [] | 15 + gpsdrive | [] [] [] | 11 + gramadoir | [] [] [] | 11 + grep | [] [] [] | 10 + grub | [] [] [] | 14 + gsasl | [] [] [] [] | 14 + gss | [] [] [] | 11 + gst-plugins-bad | [] [] [] [] | 26 + gst-plugins-base | [] [] [] [] [] | 24 + gst-plugins-good | [] [] [] [] | 24 + gst-plugins-ugly | [] [] [] [] [] | 29 + gstreamer | [] [] [] [] | 22 + gtick | [] [] [] | 13 + gtkam | [] [] [] | 20 + gtkorphan | [] [] [] | 14 + gtkspell | [] [] [] [] [] [] [] [] [] | 45 + gutenprint | [] | 10 + hello | [] [] [] [] [] [] | 21 + help2man | [] [] | 7 + hylafax | [] | 5 + idutils | [] [] [] [] | 17 + indent | [] [] [] [] [] [] | 30 + iso_15924 | () [] () [] [] | 16 + iso_3166 | [] [] () [] [] () [] [] [] () | 53 + iso_3166_2 | () [] () [] | 9 + iso_4217 | [] () [] [] () [] [] | 26 + iso_639 | [] [] [] () [] () [] [] [] [] | 38 + iso_639_3 | [] () | 8 + jwhois | [] [] [] [] [] | 16 + kbd | [] [] [] [] [] | 15 + keytouch | [] [] [] | 16 + keytouch-editor | [] [] [] | 14 + keytouch-keyboa... | [] [] [] | 14 + klavaro | [] | 11 + latrine | [] [] [] | 10 + ld | [] [] [] [] | 11 + leafpad | [] [] [] [] [] [] | 33 + libc | [] [] [] [] [] | 21 + libexif | [] () | 7 + libextractor | [] | 1 + libgnutls | [] [] [] | 9 + libgpewidget | [] [] [] | 14 + libgpg-error | [] [] [] | 9 + libgphoto2 | [] [] | 8 + libgphoto2_port | [] [] [] [] | 14 + libgsasl | [] [] [] | 13 + libiconv | [] [] [] [] | 21 + libidn | () [] [] | 11 + lifelines | [] | 4 + liferea | [] [] [] | 21 + lilypond | [] | 7 + linkdr | [] [] [] [] [] | 17 + lordsawar | | 1 + lprng | [] | 3 + lynx | [] [] [] [] | 17 + m4 | [] [] [] [] | 19 + mailfromd | [] [] | 3 + mailutils | [] | 5 + make | [] [] [] [] | 21 + man-db | [] [] [] | 8 + man-db-manpages | | 4 + minicom | [] [] | 16 + mkisofs | [] [] | 9 + myserver | | 0 + nano | [] [] [] [] | 21 + opcodes | [] [] [] | 11 + parted | [] [] [] [] [] | 15 + pies | [] [] | 3 + popt | [] [] [] [] [] [] | 27 + psmisc | [] [] | 11 + pspp | | 4 + pwdutils | [] [] | 6 + radius | [] [] | 9 + recode | [] [] [] [] | 28 + rosegarden | () | 0 + rpm | [] [] [] | 11 + rush | [] [] | 4 + sarg | | 1 + screem | [] | 3 + scrollkeeper | [] [] [] [] [] | 27 + sed | [] [] [] [] [] | 30 + sharutils | [] [] [] [] [] | 22 + shishi | [] | 3 + skencil | [] [] | 7 + solfege | [] [] [] [] | 16 + solfege-manual | [] | 8 + soundtracker | [] [] [] | 9 + sp | [] | 3 + sysstat | [] [] | 15 + tar | [] [] [] [] [] [] | 23 + texinfo | [] [] [] [] [] | 17 + tin | | 4 unicode-han-tra... | | 0 unicode-transla... | | 2 - util-linux | [] [] [] | 20 - vorbis-tools | [] [] | 11 - wastesedge | | 1 - wdiff | [] [] | 22 - wget | [] [] [] | 19 - xchat | [] [] [] [] | 28 - xkeyboard-config | [] [] [] [] | 11 - xpad | [] [] [] | 14 + util-linux-ng | [] [] [] [] | 20 + vice | () () | 1 + vmm | [] | 4 + vorbis-tools | [] | 6 + wastesedge | | 2 + wdiff | [] [] | 7 + wget | [] [] [] [] [] | 26 + wyslij-po | [] [] | 8 + xchat | [] [] [] [] [] [] | 36 + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] | 63 + xkeyboard-config | [] [] [] | 22 +---------------------------------------------------+ - 77 teams tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu - 172 domains 0 1 1 78 39 0 135 13 1 50 3 54 0 2054 + 85 teams sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW + 178 domains 119 1 3 3 0 10 65 51 155 17 98 7 41 2618 Some counters in the preceding matrix are higher than the number of visible blocks let us expect. This is because a few extra PO files are @@ -1085,12 +1256,12 @@ distributed as such by its maintainer. There might be an observable lag between the mere existence a PO file and its wide availability in a distribution. - If July 2006 seems to be old, you may fetch a more recent copy of + If June 2010 seems to be old, you may fetch a more recent copy of this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date matrix with full percentage details can be found at -`http://www.iro.umontreal.ca/contrib/po/HTML/matrix.html'. +`http://translationproject.org/extra/matrix.html'. -1.6 Using `gettext' in new packages +1.5 Using `gettext' in new packages =================================== If you are writing a freely available program and want to @@ -1106,6 +1277,6 @@ the use of `gettext' the only thing missing are the translations. The Free Translation Project is also available for packages which are not developed inside the GNU project. Therefore the information given above applies also for every other Free Software Project. Contact -`translation@iro.umontreal.ca' to make the `.pot' files available to -the translation teams. +`coordinator@translationproject.org' to make the `.pot' files available +to the translation teams. diff --git a/AUTHORS b/AUTHORS index 38c73fc..f4e5175 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,3 +1,4 @@ Jana Saout Clemens Fruhwirth Milan Broz +Ondrej Kozina diff --git a/ChangeLog b/ChangeLog index e056c5c..b6c11ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,4 +3,4 @@ Since version 1.6 this file is no longer maintained. See docs/*ReleaseNotes for release changes documentation. See version control history for full commit messages. - http://code.google.com/p/cryptsetup/source/list + https://gitlab.com/cryptsetup/cryptsetup/commits/master diff --git a/FAQ b/FAQ index 08b52ad..31060dd 100644 --- a/FAQ +++ b/FAQ @@ -1,5 +1,6 @@ -Sections +Frequently Asked Questions Cryptsetup/LUKS +Sections 1. General Questions 2. Setup 3. Common Problems @@ -8,134 +9,145 @@ Sections 6. Backup and Data Recovery 7. Interoperability with other Disk Encryption Tools 8. Issues with Specific Versions of cryptsetup -9. References and Further Reading +9. The Initrd question +10. LUKS2 Questions +11. References and Further Reading A. Contributors - -1. General Questions +1. General Questions - * 1.1 What is this? + * 1.1 What is this? - This is the FAQ (Frequently Asked Questions) for cryptsetup. It - covers Linux disk encryption with plain dm-crypt (one passphrase, - no management, no metadata on disk) and LUKS (multiple user keys - with one master key, anti-forensic features, metadata block at - start of device, ...). The latest version of this FAQ should - usually be available at + This is the FAQ (Frequently Asked Questions) for cryptsetup. It covers + Linux disk encryption with plain dm-crypt (one passphrase, no + management, no metadata on disk) and LUKS (multiple user keys with one + master key, anti-forensic features, metadata block at start of device, + ...). The latest version of this FAQ should usually be available at https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions - * 1.2 WARNINGS - - ATTENTION: If you are going to read just one thing, make it the - section on Backup and Data Recovery. By far the most questions on - the cryptsetup mailing list are from people that managed to damage - the start of their LUKS partitions, i.e. the LUKS header. In - most cases, there is nothing that can be done to help these poor - souls recover their data. Make sure you understand the problem and - limitations imposed by the LUKS security model BEFORE you face - such a disaster! In particular, make sure you have a current header - backup before doing any potentially dangerous operations. - - SSDs/FLASH DRIVES: SSDs and Flash are different. Currently it is - unclear how to get LUKS or plain dm-crypt to run on them with the - full set of security features intact. This may or may not be a - problem, depending on the attacker model. See Section 5.19. - - BACKUP: Yes, encrypted disks die, just as normal ones do. A full - backup is mandatory, see Section "6. Backup and Data Recovery" on - options for doing encrypted backup. - - CLONING/IMAGING: If you clone or image a LUKS container, you make a - copy of the LUKS header and the master key will stay the same! - That means that if you distribute an image to several machines, the - same master key will be used on all of them, regardless of whether - you change the passphrases. Do NOT do this! If you do, a root-user - on any of the machines with a mapped (decrypted) container or a - passphrase on that machine can decrypt all other copies, breaking - security. See also Item 6.15. - - DISTRIBUTION INSTALLERS: Some distribution installers offer to - create LUKS containers in a way that can be mistaken as activation - of an existing container. Creating a new LUKS container on top of - an existing one leads to permanent, complete and irreversible data - loss. It is strongly recommended to only use distribution - installers after a complete backup of all LUKS containers has been - made. - - UBUNTU INSTALLER: In particular the Ubuntu installer seems to be - quite willing to kill LUKS containers in several different ways. - Those responsible at Ubuntu seem not to care very much (it is very - easy to recognize a LUKS container), so treat the process of - installing Ubuntu as a severe hazard to any LUKS container you may - have. - - NO WARNING ON NON-INTERACTIVE FORMAT: If you feed cryptsetup from - STDIN (e.g. via GnuPG) on LUKS format, it does not give you the - warning that you are about to format (and e.g. will lose any - pre-existing LUKS container on the target), as it assumes it is - used from a script. In this scenario, the responsibility for - warning the user and possibly checking for an existing LUKS header - is shifted to the script. This is a more general form of the - previous item. - - LUKS PASSPHRASE IS NOT THE MASTER KEY: The LUKS passphrase is not - used in deriving the master key. It is used in decrypting a master - key that is randomly selected on header creation. This means that - if you create a new LUKS header on top of an old one with - exactly the same parameters and exactly the same passphrase as the - old one, it will still have a different master key and your data - will be permanently lost. - - PASSPHRASE CHARACTER SET: Some people have had difficulties with - this when upgrading distributions. It is highly advisable to only - use the 95 printable characters from the first 128 characters of - the ASCII table, as they will always have the same binary - representation. Other characters may have different encoding - depending on system configuration and your passphrase will not - work with a different encoding. A table of the standardized first - 128 ASCII characters can, e.g. be found on + * 1.2 WARNINGS + + LUKS2 COMPATIBILITY: This FAQ was originally written for LUKS1, not + LUKS2. Hence regarding LUKS2, some of the answers found here may not + apply. Updates for LUKS2 have been done and anything not applying to + LUKS2 should clearly say LUKS1. However, this is a Frequently Asked + Questions, and questions for LUKS2 are limited at this time or at least + those that have reached me are. In the following, "LUKS" refers to both + LUKS1 and LUKS2. + + The LUKS1 on-disk format specification is at + https://www.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf + The LUKS2 on-disk format specification is at + https://gitlab.com/cryptsetup/LUKS2-docs + + ATTENTION: If you are going to read just one thing, make it the section + on Backup and Data Recovery. By far the most questions on the + cryptsetup mailing list are from people that managed to damage the start + of their LUKS partitions, i.e. the LUKS header. In most cases, there + is nothing that can be done to help these poor souls recover their data. + Make sure you understand the problem and limitations imposed by the LUKS + security model BEFORE you face such a disaster! In particular, make + sure you have a current header backup before doing any potentially + dangerous operations. The LUKS2 header should be a bit more resilient + as critical data starts later and is stored twice, but you can decidely + still destroy it or a keyslot permanently by accident. + + DEBUG COMMANDS: While the --debug and --debug-json options should not + leak secret data, "strace" and the like can leak your full passphrase. + Do not post an strace output with the correct passphrase to a + mailing-list or online! See Item 4.5 for more explanation. + + SSDs/FLASH DRIVES: SSDs and Flash are different. Currently it is + unclear how to get LUKS or plain dm-crypt to run on them with the full + set of security assurances intact. This may or may not be a problem, + depending on the attacker model. See Section 5.19. + + BACKUP: Yes, encrypted disks die, just as normal ones do. A full backup + is mandatory, see Section "6. Backup and Data Recovery" on options for + doing encrypted backup. + + CLONING/IMAGING: If you clone or image a LUKS container, you make a copy + of the LUKS header and the master key will stay the same! That means + that if you distribute an image to several machines, the same master key + will be used on all of them, regardless of whether you change the + passphrases. Do NOT do this! If you do, a root-user on any of the + machines with a mapped (decrypted) container or a passphrase on that + machine can decrypt all other copies, breaking security. See also Item + 6.15. + + DISTRIBUTION INSTALLERS: Some distribution installers offer to create + LUKS containers in a way that can be mistaken as activation of an + existing container. Creating a new LUKS container on top of an existing + one leads to permanent, complete and irreversible data loss. It is + strongly recommended to only use distribution installers after a + complete backup of all LUKS containers has been made. + + UBUNTU INSTALLER: In particular the Ubuntu installer seems to be quite + willing to kill LUKS containers in several different ways. Those + responsible at Ubuntu seem not to care very much (it is very easy to + recognize a LUKS container), so treat the process of installing Ubuntu + as a severe hazard to any LUKS container you may have. + + NO WARNING ON NON-INTERACTIVE FORMAT: If you feed cryptsetup from STDIN + (e.g. via GnuPG) on LUKS format, it does not give you the warning that + you are about to format (and e.g. will lose any pre-existing LUKS + container on the target), as it assumes it is used from a script. In + this scenario, the responsibility for warning the user and possibly + checking for an existing LUKS header is shifted to the script. This is + a more general form of the previous item. + + LUKS PASSPHRASE IS NOT THE MASTER KEY: The LUKS passphrase is not used + in deriving the master key. It is used in decrypting a master key that + is randomly selected on header creation. This means that if you create + a new LUKS header on top of an old one with exactly the same parameters + and exactly the same passphrase as the old one, it will still have a + different master key and your data will be permanently lost. + + PASSPHRASE CHARACTER SET: Some people have had difficulties with this + when upgrading distributions. It is highly advisable to only use the 95 + printable characters from the first 128 characters of the ASCII table, + as they will always have the same binary representation. Other + characters may have different encoding depending on system configuration + and your passphrase will not work with a different encoding. A table of + the standardized first 128 ASCII characters can, e.g. be found on http://en.wikipedia.org/wiki/ASCII + KEYBOARD NUM-PAD: Apparently some pre-boot authentication environments + (these are done by the distro, not by cryptsetup, so complain there) + treat digits entered on the num-pad and ones entered regularly + different. This may be because the BIOS USB keyboard driver is used and + that one may have bugs on some computers. If you cannot open your + device in pre-boot, try entering the digits over the regular digit keys. - * 1.3 System specific warnings - - - Ubuntu as of 4/2011: It seems the installer offers to create - LUKS partitions in a way that several people mistook for an offer - to activate their existing LUKS partition. The installer gives no - or an inadequate warning and will destroy your old LUKS header, - causing permanent data loss. See also the section on Backup and - Data Recovery. - This issue has been acknowledged by the Ubuntu dev team, see here: - http://launchpad.net/bugs/420080 + * 1.3 System specific warnings - Update 4/2013: I am still unsure whether this has been fixed by - now, best be careful. They also seem to have added even more LUKS - killer functionality to the Ubuntu installer. I can only strongly - recommended to not install Ubuntu on a system with existing LUKS - containers without complete backups. + - The Ubuntu Natty uinstaller has a "won't fix" defect that may destroy + LUKS containers. This is quite old an not relevant for most people. + Reference: + https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/420080 - * 1.4 My LUKS-device is broken! Help! + * 1.4 My LUKS-device is broken! Help! First: Do not panic! In many cases the data is still recoverable. Do not do anything hasty! Steps: - - Take some deep breaths. Maybe add some relaxing music. This may - sound funny, but I am completely serious. Often, critical damage is + - Take some deep breaths. Maybe add some relaxing music. This may + sound funny, but I am completely serious. Often, critical damage is done only after the initial problem. - - Do not reboot. The keys mays still be in the kernel if the device - is mapped. + - Do not reboot. The keys may still be in the kernel if the device is + mapped. - Make sure others do not reboot the system. - - Do not write to your disk without a clear understanding why this - will not make matters worse. Do a sector-level backup before any - writes. Often you do not need to write at all to get enough access - to make a backup of the data. + - Do not write to your disk without a clear understanding why this will + not make matters worse. Do a sector-level backup before any writes. + Often you do not need to write at all to get enough access to make a + backup of the data. - Relax some more. @@ -144,1962 +156,2113 @@ A. Contributors - Ask on the mailing-list if you need more help. - * 1.5 Who wrote this? + * 1.5 Who wrote this? - Current FAQ maintainer is Arno Wagner . If you - want to send me encrypted email, my current PGP key is DSA key - CB5D9718, fingerprint 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D - 9718. + Current FAQ maintainer is Arno Wagner . If you want + to send me encrypted email, my current PGP key is DSA key CB5D9718, + fingerprint 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718. - Other contributors are listed at the end. If you want to contribute, - send your article, including a descriptive headline, to the - maintainer, or the dm-crypt mailing list with something like "FAQ - ..." in the subject. You can also send more raw information and - have me write the section. Please note that by contributing to this - FAQ, you accept the license described below. + Other contributors are listed at the end. If you want to contribute, + send your article, including a descriptive headline, to the maintainer, + or the dm-crypt mailing list with something like "FAQ ..." + in the subject. You can also send more raw information and have + me write the section. Please note that by contributing to this FAQ, + you accept the license described below. - This work is under the "Attribution-Share Alike 3.0 Unported" - license, which means distribution is unlimited, you may create - derived works, but attributions to original authors and this - license statement must be retained and the derived work must be - under the same license. See - http://creativecommons.org/licenses/by-sa/3.0/ for more details of - the license. + This work is under the "Attribution-Share Alike 3.0 Unported" license, + which means distribution is unlimited, you may create derived works, but + attributions to original authors and this license statement must be + retained and the derived work must be under the same license. See + http://creativecommons.org/licenses/by-sa/3.0/ for more details of the + license. - Side note: I did text license research some time ago and I think - this license is best suited for the purpose at hand and creates the - least problems. + Side note: I did text license research some time ago and I think this + license is best suited for the purpose at hand and creates the least + problems. - * 1.6 Where is the project website? + * 1.6 Where is the project website? - There is the project website at https://gitlab.com/cryptsetup/cryptsetup/ - Please do not post questions there, nobody will read them. Use - the mailing-list instead. + There is the project website at + https://gitlab.com/cryptsetup/cryptsetup/ Please do not post + questions there, nobody will read them. Use the mailing-list + instead. - * 1.7 Is there a mailing-list? + * 1.7 Is there a mailing-list? Instructions on how to subscribe to the mailing-list are at on the - project website. People are generally helpful and friendly on the + project website. People are generally helpful and friendly on the list. - The question of how to unsubscribe from the list does crop up - sometimes. For this you need your list management URL, which is - sent to you initially and once at the start of each month. Go to - the URL mentioned in the email and select "unsubscribe". This page - also allows you to request a password reminder. + The question of how to unsubscribe from the list does crop up sometimes. + For this you need your list management URL, which is sent to you + initially and once at the start of each month. Go to the URL mentioned + in the email and select "unsubscribe". This page also allows you to + request a password reminder. - Alternatively, you can send an Email to dm-crypt-request@saout.de - with just the word "help" in the subject or message body. Make sure - to send it from your list address. + Alternatively, you can send an Email to dm-crypt-request@saout.de with + just the word "help" in the subject or message body. Make sure to send + it from your list address. The mailing list archive is here: - http://dir.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt + https://marc.info/?l=dm-crypt - * 1.8 Unsubscribe from the mailing-list + * 1.8 Unsubscribe from the mailing-list - Send mail to dm-crypt-unsubscribe@saout.de from the subscribed - account. You will get an email with instructions. + Send mail to dm-crypt-unsubscribe@saout.de from the subscribed account. + You will get an email with instructions. Basically, you just have to respond to it unmodified to get - unsubscribed. The listserver admin functions are not very fast. It - can take 15 minutes or longer for a reply to arrive (I suspect - greylisting is in use), so be patient. + unsubscribed. The listserver admin functions are not very fast. It can + take 15 minutes or longer for a reply to arrive (I suspect greylisting + is in use), so be patient. - Also note that nobody on the list can unsubscribe you, sending - demands to be unsubscribed to the list just annoys people that are - entirely blameless for you being subscribed. + Also note that nobody on the list can unsubscribe you, sending demands + to be unsubscribed to the list just annoys people that are entirely + blameless for you being subscribed. - If you are subscribed, a subscription confirmation email was sent - to your email account and it had to be answered before the - subscription went active. The confirmation emails from the - listserver have subjects like these (with other numbers): + If you are subscribed, a subscription confirmation email was sent to + your email account and it had to be answered before the subscription + went active. The confirmation emails from the listserver have subjects + like these (with other numbers): - Subject: confirm 9964cf10..... - - and are sent from dm-crypt-request@saout.de. You should check - whether you have anything like it in your sent email folder. If - you find nothing and are sure you did not confirm, then you should - look into a possible compromise of your email account. + Subject: confirm 9964cf10..... + and are sent from dm-crypt-request@saout.de. You should check whether + you have anything like it in your sent email folder. If you find + nothing and are sure you did not confirm, then you should look into a + possible compromise of your email account. -2. Setup +2. Setup - * 2.1 LUKS Container Setup mini-HOWTO + * 2.1 LUKS Container Setup mini-HOWTO This item tries to give you a very brief list of all the steps you - should go though when creating a new LUKS encrypted container, i.e. + should go though when creating a new LUKS encrypted container, i.e. encrypted disk, partition or loop-file. - 01) All data will be lost, if there is data on the target, make a + 01) All data will be lost, if there is data on the target, make a backup. - 02) Make very sure you have the right target disk, partition or + 02) Make very sure you use the right target disk, partition or loop-file. - 03) If the target was in use previously, it is a good idea to - wipe it before creating the LUKS container in order to remove any - trace of old file systems and data. For example, some users have - managed to run e2fsck on a partition containing a LUKS container, - possibly because of residual ext2 superblocks from an earlier use. - This can do arbitrary damage up to complete and permanent loss of - all data in the LUKS container. + 03) If the target was in use previously, it is a good idea to wipe it + before creating the LUKS container in order to remove any trace of old + file systems and data. For example, some users have managed to run + e2fsck on a partition containing a LUKS container, possibly because of + residual ext2 superblocks from an earlier use. This can do arbitrary + damage up to complete and permanent loss of all data in the LUKS + container. To just quickly wipe file systems (old data may remain), use - wipefs -a - + wipefs -a + To wipe file system and data, use something like - cat /dev/zero > - - This can take a while. To get a progress indicator, you can use - the tool dd_rescue (->google) instead or use my stream meter "wcs" - (source here: http://www.tansi.org/tools/index.html) in the - following fashion: + cat /dev/zero > + + This can take a while. To get a progress indicator, you can use the + tool dd_rescue (->google) instead or use my stream meter "wcs" (source + here: http://www.tansi.org/tools/index.html) in the following fashion: + + cat /dev/zero | wcs > + + Plain "dd" also gives you the progress on a SIGUSR1, see its man-page. - cat /dev/zero | wcs > - Be very sure you have the right target, all data will be lost! - Note that automatic wiping is on the TODO list for cryptsetup, so - at some time in the future this will become unnecessary. + Note that automatic wiping is on the TODO list for cryptsetup, so at + some time in the future this will become unnecessary. - Alternatively, plain cm-crypt can be used for a very fast wipe with + Alternatively, plain dm-crypt can be used for a very fast wipe with crypto-grade randomness, see Item 2.19 - 04) Create the LUKS container: - cryptsetup luksFormat - - Just follow the on-screen instructions. + 04) Create the LUKS container. - Note: Passphrase iteration is determined by cryptsetup depending on - CPU power. On a slow device, this may be lower than you want. I - recently benchmarked this on a Raspberry Pi and it came out at - about 1/15 of the iteration count for a typical PC. If security is - paramount, you may want to increase the time spent in iteration, at - the cost of a slower unlock later. For the Raspberry Pi, using + LUKS1: - cryptsetup luksFormat -i 15000 - - gives you an iteration count and security level equal to an average - PC for passphrase iteration and master-key iteration. If in doubt, - check the iteration counts with + cryptsetup luksFormat --type luks1 - cryptsetup luksDump - - and adjust the iteration count accordingly by creating the container - again with a different iteration time (the number after '-i' is the - iteration time in milicesonds) until your requirements are met. + LUKS2: + + cryptsetup luksFormat --type luks2 + + + Just follow the on-screen instructions. + + Note: Passprase iteration count is based on time and hence security + level depends on CPU power of the system the LUKS container is created + on. For example on a Raspberry Pi and LUKS1, I found some time ago that + the iteration count is 15 times lower than for a regular PC (well, for + my old one). Depending on security requirements, this may need + adjustment. For LUKS1, you can just look at the iteration count on + different systems and select one you like. You can also change the + benchmark time with the -i parameter to create a header for a slower + system. + + For LUKS2, the parameters are more complex. ARGON2 has iteration, + parallelism and memory parameter. cryptsetup actually may adjust the + memory parameter for time scaling. Hence to use -i is the easiest way + to get slower or faster opening (default: 2000 = 2sec). Just make sure + to not drop this too low or you may get a memory parameter that is to + small to be secure. The luksDump command lists the memory parameter of + a created LUKS2 keyslot in kB. That parameter should probably be not + much lower than 100000, i.e. 100MB, but don't take my word for it. 05) Map the container. Here it will be mapped to /dev/mapper/c1: - cryptsetup luksOpen c1 - - 06) (Optionally) wipe the container (make sure you have the right target!): - cat /dev/zero > /dev/mapper/c1 - - Note that this creates a small information leak, as an attacker can - determine whether a 512 byte block is zero if the attacker has - access to the encrypted container multiple times. Typically a - competent attacker that has access multiple times can install a - passphrase sniffer anyways, so this leakage is not very - significant. For getting a progress indicator, see step 03. - - Note that at some time in the future, cryptsetup will do this for - you, but currently it is a TODO list item. - - 07) Create a file system in the mapped container, for example an + + cryptsetup luksOpen c1 + + 06) (Optionally) wipe the container (make sure you have the right + target!): + + cat /dev/zero > /dev/mapper/c1 + + This will take a while. Note that this creates a small information + leak, as an attacker can determine whether a 512 byte block is zero if + the attacker has access to the encrypted container multiple times. + Typically a competent attacker that has access multiple times can + install a passphrase sniffer anyways, so this leakage is not very + significant. For getting a progress indicator, see step 03. + + 07) Create a file system in the mapped container, for example an ext3 file system (any other file system is possible): - mke2fs -j /dev/mapper/c1 - + mke2fs -j /dev/mapper/c1 + 08) Mount your encrypted file system, here on /mnt: - mount /dev/mapper/c1 /mnt - - Done. You can now use the encrypted file system to store data. Be - sure to read though the rest of the FAQ, these are just the very - basics. In particular, there are a number of mistakes that are - easy to make, but will compromise your security. + mount /dev/mapper/c1 /mnt - * 2.2 LUKS on partitions or raw disks? + 09) Make a LUKS header backup and plan for a container backup. + See Section 6 for details. - This is a complicated question, and made more so by the availability - of RAID and LVM. I will try to give some scenarios and discuss - advantages and disadvantages. Note that I say LUKS for simplicity, - but you can do all the things described with plain dm-crypt as well. - Also note that your specific scenario may be so special that most - or even all things I say below do not apply. + Done. You can now use the encrypted file system to store data. Be sure + to read though the rest of the FAQ, these are just the very basics. In + particular, there are a number of mistakes that are easy to make, but + will compromise your security. + + + * 2.2 LUKS on partitions or raw disks? What about RAID? + + Also see Item 2.8. + This is a complicated question, and made more so by the availability of + RAID and LVM. I will try to give some scenarios and discuss advantages + and disadvantages. Note that I say LUKS for simplicity, but you can do + all the things described with plain dm-crypt as well. Also note that + your specific scenario may be so special that most or even all things I + say below do not apply. Be aware that if you add LVM into the mix, things can get very - complicated. Same with RAID but less so. In particular, data - recovery can get exceedingly difficult. Only do so if you have a - really good reason and always remember KISS is what separates an - engineer from an amateur. Of course, if you really need the added - complexity, KISS is satisfied. But be very sure as there is a price - to pay for it. In engineering, complexity is always the enemy and - needs to be fought without mercy when encountered. + complicated. Same with RAID but less so. In particular, data recovery + can get exceedingly difficult. Only add LVM if you have a really good + reason and always remember KISS is what separates an engineer from an + amateur. Of course, if you really need the added complexity, KISS is + satisfied. But be very sure as there is a price to pay for it. In + engineering, complexity is always the enemy and needs to be fought + without mercy when encountered. Also consider using RAID instead of LVM, as at least with the old - superblock format 0.90, the RAID superblock is in the place (end - of disk) where the risk of it permanently damaging the LUKS header - is smallest and you can have your array assembled by the RAID - controller (i.e. the kernel), as it should be. Use partition type - 0xfd for that. I recommend staying away from superblock formats - 1.0, 1.1 and 1.2 unless you really need them. Be aware that you - lose autodetection with them and have to fall back to some - user-space script to do it. + superblock format 0.90, the RAID superblock is in the place (end of + disk) where the risk of it damaging the LUKS header is smallest and you + can have your array assembled by the RAID controller (i.e. the kernel), + as it should be. Use partition type 0xfd for that. I recommend staying + away from superblock formats 1.0, 1.1 and 1.2 unless you really need + them. Scenarios: - (1) Encrypted partition: Just make a partition to your liking, - and put LUKS on top of it and a filesystem into the LUKS container. - This gives you isolation of differently-tasked data areas, just as - ordinary partitioning does. You can have confidential data, - non-confidential data, data for some specific applications, - user-homes, root, etc. Advantages are simplicity as there is a 1:1 - mapping between partitions and filesystems, clear security - functionality and the ability to separate data into different, - independent (!) containers. + (1) Encrypted partition: Just make a partition to your liking, and put + LUKS on top of it and a filesystem into the LUKS container. This gives + you isolation of differently-tasked data areas, just as ordinary + partitioning does. You can have confidential data, non-confidential + data, data for some specific applications, user-homes, root, etc. + Advantages are simplicity as there is a 1:1 mapping between partitions + and filesystems, clear security functionality and the ability to + separate data into different, independent (!) containers. Note that you cannot do this for encrypted root, that requires an - initrd. On the other hand, an initrd is about as vulnerable to a + initrd. On the other hand, an initrd is about as vulnerable to a competent attacker as a non-encrypted root, so there really is no - security advantage to doing it that way. An attacker that wants to - compromise your system will just compromise the initrd or the - kernel itself. The better way to deal with this is to make sure the - root partition does not store any critical data and move that to - additional encrypted partitions. If you really are concerned your - root partition may be sabotaged by somebody with physical access - (that would however strangely not, say, sabotage your BIOS, - keyboard, etc.), protect it in some other way. The PC is just not - set-up for a really secure boot-chain (whatever some people may - claim). - - (2) Fully encrypted raw block device: For this, put LUKS on the - raw device (e.g. /dev/sdb) and put a filesystem into the LUKS - container, no partitioning whatsoever involved. This is very - suitable for things like external USB disks used for backups or - offline data-storage. + security advantage to doing it that way. An attacker that wants to + compromise your system will just compromise the initrd or the kernel + itself. The better way to deal with this is to make sure the root + partition does not store any critical data and to move that to + additional encrypted partitions. If you really are concerned your root + partition may be sabotaged by somebody with physical access (who would + however strangely not, say, sabotage your BIOS, keyboard, etc.), protect + it in some other way. The PC is just not set-up for a really secure + boot-chain (whatever some people may claim). + + (2) Fully encrypted raw block device: For this, put LUKS on the raw + device (e.g. /dev/sdb) and put a filesystem into the LUKS container, no + partitioning whatsoever involved. This is very suitable for things like + external USB disks used for backups or offline data-storage. (3) Encrypted RAID: Create your RAID from partitions and/or full - devices. Put LUKS on top of the RAID device, just if it were an - ordinary block device. Applications are just the same as above, but - you get redundancy. (Side note as many people seem to be unaware of - it: You can do RAID1 with an arbitrary number of components in - Linux.) See also Item 2.8. - - (4) Now, some people advocate doing the encryption below the RAID - layer. That has several serious problems. One is that suddenly - debugging RAID issues becomes much harder. You cannot do automatic - RAID assembly anymore. You need to keep the encryption keys for the - components in sync or manage them somehow. The only possible - advantage is that things may run a little faster as more CPUs do - the encryption, but if speed is a priority over security and - simplicity, you are doing this wrong anyways. A good way to - mitigate a speed issue is to get a CPU that does hardware AES. - - - * 2.3 How do I set up encrypted swap? - - As things that are confidential can end up in swap (keys, - passphrases, etc. are usually protected against being swapped to - disk, but other things may not be), it may be advisable to do - something about the issue. One option is to run without swap, which - generally works well in a desktop-context. It may cause problems - in a server-setting or under special circumstances. The solution to - that is to encrypt swap with a random key at boot-time. + devices. Put LUKS on top of the RAID device, just if it were an + ordinary block device. Applications are just the same as above, but you + get redundancy. (Side note as many people seem to be unaware of it: You + can do RAID1 with an arbitrary number of components in Linux.) See also + Item 2.8. + + (4) Now, some people advocate doing the encryption below the RAID layer. + That has several serious problems. One is that suddenly debugging RAID + issues becomes much harder. You cannot do automatic RAID assembly + anymore. You need to keep the encryption keys for the different RAID + components in sync or manage them somehow. The only possible advantage + is that things may run a little faster as more CPUs do the encryption, + but if speed is a priority over security and simplicity, you are doing + this wrong anyways. A good way to mitigate a speed issue is to get a + CPU that does hardware AES as most do today. + + + * 2.3 How do I set up encrypted swap? + + As things that are confidential can end up in swap (keys, passphrases, + etc. are usually protected against being swapped to disk, but other + things may not be), it may be advisable to do something about the issue. + One option is to run without swap, which generally works well in a + desktop-context. It may cause problems in a server-setting or under + special circumstances. The solution to that is to encrypt swap with a + random key at boot-time. NOTE: This is for Debian, and should work for Debian-derived - distributions. For others you may have to write your own startup - script or use other mechanisms. - - 01) Add the swap partition to /etc/crypttab. A line like the following - should do it: - - swap /dev/ /dev/urandom swap,noearly - - Warning: While Debian refuses to overwrite partitions with a - filesystem or RAID signature on it, if your disk IDs may change - (adding or removing disks, failure of disk during boot, etc.), you - may want to take additional precautions. Yes, this means that your - kernel device names like sda, sdb, ... can change between reboots! - This is not a concern if you have only one disk. One possibility is - to make sure the partition number is not present on additional - disks or also swap there. Another is to encapsulate the swap - partition (by making it a 1-disk RAID1 or by using LVM), so that it - gets a persistent identifier. Specifying it directly by UUID does - not work, unfortunately, as the UUID is part of the swap signature - and that is not visible from the outside due to the encryption and - in addition changes on each reboot with this setup. - - Note: Use /dev/random if you are paranoid or in a potential - low-entropy situation (embedded system, etc.). This may cause the - operation to take a long time during boot. If you are in a "no - entropy" situation, you cannot encrypt swap securely. In this - situation you should find some entropy, also because nothing else - using crypto will be secure, like ssh, ssl or GnuPG. - - Note: The "noearly" option makes sure things like LVM, RAID, etc. - are running. As swap is non-critical for boot, it is fine to start - it late. + distributions. For others you may have to write your own startup script + or use other mechanisms. + + 01) Add the swap partition to /etc/crypttab. A line like the + following should do it: + + swap /dev/ /dev/urandom swap,noearly + + Warning: While Debian refuses to overwrite partitions with a filesystem + or RAID signature on it, as your disk IDs may change (adding or removing + disks, failure of disk during boot, etc.), you may want to take + additional precautions. Yes, this means that your kernel device names + like sda, sdb, ... can change between reboots! This is not a concern + if you have only one disk. One possibility is to make sure the + partition number is not present on additional disks or also swap there. + Another is to encapsulate the swap partition (by making it a 1-partition + RAID1 or by using LVM), as that gets a persistent identifier. + Specifying it directly by UUID does not work, unfortunately, as the UUID + is part of the swap signature and that is not visible from the outside + due to the encryption and in addition changes on each reboot with this + setup. + + Note: Use /dev/random if you are paranoid or in a potential low-entropy + situation (embedded system, etc.). This may cause the operation to take + a long time during boot however. If you are in a "no entropy" + situation, you cannot encrypt swap securely. In this situation you + should find some entropy, also because nothing else using crypto will be + secure, like ssh, ssl or GnuPG. + + Note: The "noearly" option makes sure things like LVM, RAID, etc. are + running. As swap is non-critical for boot, it is fine to start it late. 02) Add the swap partition to /etc/fstab. A line like the following should do it: - /dev/mapper/swap none swap sw 0 0 - - That is it. Reboot or start it manually to activate encrypted swap. + /dev/mapper/swap none swap sw 0 0 + + That is it. Reboot or start it manually to activate encrypted swap. Manual start would look like this: - /etc/init.d/crypdisks start - swapon /dev/mapper/swap - + /etc/init.d/crypdisks start + swapon /dev/mapper/swap + - * 2.4 What is the difference between "plain" and LUKS format? + * 2.4 What is the difference between "plain" and LUKS format? First, unless you happen to understand the cryptographic background - well, you should use LUKS. It does protect the user from a lot of - common mistakes. Plain dm-crypt is for experts. + well, you should use LUKS. It does protect the user from a lot of + common mistakes. Plain dm-crypt is for experts. Plain format is just that: It has no metadata on disk, reads all - parameters from the commandline (or the defaults), derives a - master-key from the passphrase and then uses that to de-/encrypt - the sectors of the device, with a direct 1:1 mapping between - encrypted and decrypted sectors. - - Primary advantage is high resilience to damage, as one damaged - encrypted sector results in exactly one damaged decrypted sector. - Also, it is not readily apparent that there even is encrypted data - on the device, as an overwrite with crypto-grade randomness (e.g. - from /dev/urandom) looks exactly the same on disk. - - Side-note: That has limited value against the authorities. In - civilized countries, they cannot force you to give up a crypto-key - anyways. In quite a few countries around the world, they can force - you to give up the keys (using imprisonment or worse to pressure - you, sometimes without due process), and in the worst case, they - only need a nebulous "suspicion" about the presence of encrypted - data. Sometimes this applies to everybody, sometimes only when you - are suspected of having "illicit data" (definition subject to - change) and sometimes specifically when crossing a border. Note - that this is going on in countries like the US and the UK, to - different degrees and sometimes with courts restricting what the - authorities can actually demand. + parameters from the commandline (or the defaults), derives a master-key + from the passphrase and then uses that to de-/encrypt the sectors of the + device, with a direct 1:1 mapping between encrypted and decrypted + sectors. + + Primary advantage is high resilience to damage, as one damaged encrypted + sector results in exactly one damaged decrypted sector. Also, it is not + readily apparent that there even is encrypted data on the device, as an + overwrite with crypto-grade randomness (e.g. from + /dev/urandom) looks exactly the same on disk. + + Side-note: That has limited value against the authorities. In civilized + countries, they cannot force you to give up a crypto-key anyways. In + quite a few countries around the world, they can force you to give up + the keys (using imprisonment or worse to pressure you, sometimes without + due process), and in the worst case, they only need a nebulous + "suspicion" about the presence of encrypted data. Sometimes this + applies to everybody, sometimes only when you are suspected of having + "illicit data" (definition subject to change) and sometimes specifically + when crossing a border. Note that this is going on in countries like + the US and the UK to different degrees and sometimes with courts + restricting what the authorities can actually demand. My advice is to either be ready to give up the keys or to not have encrypted data when traveling to those countries, especially when - crossing the borders. The latter also means not having any - high-entropy (random) data areas on your disk, unless you can - explain them and demonstrate that explanation. Hence doing a - zero-wipe of all free space, including unused space, may be a good - idea. - - Disadvantages are that you do not have all the nice features that - the LUKS metadata offers, like multiple passphrases that can be - changed, the cipher being stored in the metadata, anti-forensic - properties like key-slot diffusion and salts, etc.. - - LUKS format uses a metadata header and 8 key-slot areas that are - being placed at the beginning of the disk, see below under "What - does the LUKS on-disk format looks like?". The passphrases are used - to decrypt a single master key that is stored in the anti-forensic - stripes. + crossing the borders. The latter also means not having any high-entropy + (random) data areas on your disk, unless you can explain them and + demonstrate that explanation. Hence doing a zero-wipe of all free + space, including unused space, may be a good idea. + + Disadvantages are that you do not have all the nice features that the + LUKS metadata offers, like multiple passphrases that can be changed, the + cipher being stored in the metadata, anti-forensic properties like + key-slot diffusion and salts, etc.. + + LUKS format uses a metadata header and 8 key-slot areas that are being + placed at the beginning of the disk, see below under "What does the LUKS + on-disk format looks like?". The passphrases are used to decrypt a + single master key that is stored in the anti-forensic stripes. LUKS2 + adds some more flexibility. Advantages are a higher usability, automatic configuration of - non-default crypto parameters, defenses against low-entropy - passphrases like salting and iterated PBKDF2 passphrase hashing, - the ability to change passphrases, and others. + non-default crypto parameters, defenses against low-entropy passphrases + like salting and iterated PBKDF2 or ARGON 2 passphrase hashing, the + ability to change passphrases, and others. - Disadvantages are that it is readily obvious there is encrypted - data on disk (but see side note above) and that damage to the - header or key-slots usually results in permanent data-loss. See - below under "6. Backup and Data Recovery" on how to reduce that - risk. Also the sector numbers get shifted by the length of the - header and key-slots and there is a loss of that size in capacity - (1MB+4096B for defaults and 2MB for the most commonly used - non-default XTS mode). + Disadvantages are that it is readily obvious there is encrypted data on + disk (but see side note above) and that damage to the header or + key-slots usually results in permanent data-loss. See below under "6. + Backup and Data Recovery" on how to reduce that risk. Also the sector + numbers get shifted by the length of the header and key-slots and there + is a loss of that size in capacity. Unless you have a specific need, + use LUKS2. - * 2.5 Can I encrypt an already existing, non-empty partition to use - LUKS? + * 2.5 Can I encrypt an existing, non-empty partition to use LUKS? - There is no converter, and it is not really needed. The way to do - this is to make a backup of the device in question, securely wipe - the device (as LUKS device initialization does not clear away old - data), do a luksFormat, optionally overwrite the encrypted device, - create a new filesystem and restore your backup on the now - encrypted device. Also refer to sections "Security Aspects" and - "Backup and Data Recovery". + There is no converter, and it is not really needed. The way to do this + is to make a backup of the device in question, securely wipe the device + (as LUKS device initialization does not clear away old data), do a + luksFormat, optionally overwrite the encrypted device, create a new + filesystem and restore your backup on the now encrypted device. Also + refer to sections "Security Aspects" and "Backup and Data Recovery". - For backup, plain GNU tar works well and backs up anything likely - to be in a filesystem. + For backup, plain GNU tar works well and backs up anything likely to be + in a filesystem. - * 2.6 How do I use LUKS with a loop-device? + * 2.6 How do I use LUKS with a loop-device? - This can be very handy for experiments. Setup is just the same as - with any block device. If you want, for example, to use a 100MiB - file as LUKS container, do something like this: + This can be very handy for experiments. Setup is just the same as with + any block device. If you want, for example, to use a 100MiB file as + LUKS container, do something like this: + + head -c 100M /dev/zero > luksfile # create empty file + losetup /dev/loop0 luksfile # map file to /dev/loop0 + cryptsetup luksFormat --type luks2 /dev/loop0 # create LUKS2 container - head -c 100M /dev/zero > luksfile # create empty file - losetup /dev/loop0 luksfile # map luksfile to /dev/loop0 - cryptsetup luksFormat /dev/loop0 # create LUKS on loop device - Afterwards just use /dev/loop0 as a you would use a LUKS partition. To unmap the file when done, use "losetup -d /dev/loop0". - * 2.7 When I add a new key-slot to LUKS, it asks for a passphrase but - then complains about there not being a key-slot with that - passphrase? + * 2.7 When I add a new key-slot to LUKS, it asks for a passphrase + but then complains about there not being a key-slot with that + passphrase? - That is as intended. You are asked a passphrase of an existing - key-slot first, before you can enter the passphrase for the new - key-slot. Otherwise you could break the encryption by just adding a - new key-slot. This way, you have to know the passphrase of one of - the already configured key-slots in order to be able to configure a - new key-slot. + That is as intended. You are asked a passphrase of an existing key-slot + first, before you can enter the passphrase for the new key-slot. + Otherwise you could break the encryption by just adding a new key-slot. + This way, you have to know the passphrase of one of the already + configured key-slots in order to be able to configure a new key-slot. - * 2.8 Encryption on top of RAID or the other way round? + * 2.8 Encryption on top of RAID or the other way round? + Also see Item 2.2. Unless you have special needs, place encryption between RAID and - filesystem, i.e. encryption on top of RAID. You can do it the other + filesystem, i.e. encryption on top of RAID. You can do it the other way round, but you have to be aware that you then need to give the - passphrase for each individual disk and RAID autodetection will - not work anymore. Therefore it is better to encrypt the RAID - device, e.g. /dev/dm0 . + passphrase for each individual disk and RAID auto-detection will not + work anymore. Therefore it is better to encrypt the RAID device, e.g. + /dev/dm0 . This means that the typical layering looks like this: Filesystem <- top | - Encryption + Encryption (LUKS) | RAID | - Raw partitions + Raw partitions (optional) | Raw disks <- bottom - - The big advantage is that you can manage the RAID container just - like any RAID container, it does not care that what is in it is - encrypted. + + The big advantage of this is that you can manage the RAID container just + like any other regular RAID container, it does not care that its content + is encrypted. This strongly cuts down on complexity, something very + valuable with storage encryption. - * 2.9 How do I read a dm-crypt key from file? + * 2.9 How do I read a dm-crypt key from file? Use the --key-file option, like this: - cryptsetup create --key-file keyfile e1 /dev/loop0 - - This will read the binary key from file, i.e. no hashing or - transformation will be applied to the keyfile before its bits are - used as key. Extra bits (beyond the length of the key) at the end - are ignored. Note that if you read from STDIN, the data will still - be hashed, just as a key read interactively from the terminal. See - the man-page sections "NOTES ON PASSPHRASE PROCESSING..." for more - detail. + cryptsetup create --key-file keyfile e1 /dev/loop0 + This will read the binary key from file, i.e. no hashing or + transformation will be applied to the keyfile before its bits are used + as key. Extra bits (beyond the length of the key) at the end are + ignored. Note that if you read from STDIN, the data will be hashed, + just as a key read interactively from the terminal. See the man-page + sections "NOTES ON PASSPHRASE PROCESSING..." for more detail. - * 2.10 How do I read a LUKS slot key from file? - What you really do here is to read a passphrase from file, just as - you would with manual entry of a passphrase for a key-slot. You can - add a new passphrase to a free key-slot, set the passphrase of an - specific key-slot or put an already configured passphrase into a - file. In the last case make sure no trailing newline (0x0a) is - contained in the key file, or the passphrase will not work because - the whole file is used as input. + * 2.10 How do I read a LUKS slot key from file? + + What you really do here is to read a passphrase from file, just as you + would with manual entry of a passphrase for a key-slot. You can add a + new passphrase to a free key-slot, set the passphrase of an specific + key-slot or put an already configured passphrase into a file. Make sure + no trailing newline (0x0a) is contained in the input key file, or the + passphrase will not work because the whole file is used as input. To add a new passphrase to a free key slot from file, use something like this: - cryptsetup luksAddKey /dev/loop0 keyfile - - To add a new passphrase to a specific key-slot, use something like - this: + cryptsetup luksAddKey /dev/loop0 keyfile + + To add a new passphrase to a specific key-slot, use something + like this: + + cryptsetup luksAddKey --key-slot 7 /dev/loop0 keyfile - cryptsetup luksAddKey --key-slot 7 /dev/loop0 keyfile - To supply a key from file to any LUKS command, use the --key-file option, e.g. like this: - cryptsetup luksOpen --key-file keyfile /dev/loop0 e1 - + cryptsetup luksOpen --key-file keyfile /dev/loop0 e1 - * 2.11 How do I read the LUKS master key from file? - The question you should ask yourself first is why you would want to - do this. The only legitimate reason I can think of is if you want - to have two LUKS devices with the same master key. Even then, I - think it would be preferable to just use key-slots with the same - passphrase, or to use plain dm-crypt instead. If you really have a - good reason, please tell me. If I am convinced, I will add how to - do this here. + * 2.11 How do I read the LUKS master key from file? - * 2.12 What are the security requirements for a key read from file? + The question you should ask yourself first is why you would want to do + this. The only legitimate reason I can think of is if you want to have + two LUKS devices with the same master key. Even then, I think it would + be preferable to just use key-slots with the same passphrase, or to use + plain dm-crypt instead. If you really have a good reason, please tell + me. If I am convinced, I will add how to do this here. - A file-stored key or passphrase has the same security requirements - as one entered interactively, however you can use random bytes and - thereby use bytes you cannot type on the keyboard. You can use any - file you like as key file, for example a plain text file with a - human readable passphrase. To generate a file with random bytes, - use something like this: - head -c 256 /dev/random > keyfile - + * 2.12 What are the security requirements for a key read from file? + + A file-stored key or passphrase has the same security requirements as + one entered interactively, however you can use random bytes and thereby + use bytes you cannot type on the keyboard. You can use any file you + like as key file, for example a plain text file with a human readable + passphrase. To generate a file with random bytes, use something like + this: - * 2.13 If I map a journaled file system using dm-crypt/LUKS, does it - still provide its usual transactional guarantees? + head -c 256 /dev/random > keyfile - Yes, it does, unless a very old kernel is used. The required flags - come from the filesystem layer and are processed and passed onwards - by dm-crypt. A bit more information on the process by which - transactional guarantees are implemented can be found here: + + + * 2.13 If I map a journaled file system using dm-crypt/LUKS, does + it still provide its usual transactional guarantees? + + Yes, it does, unless a very old kernel is used. The required flags come + from the filesystem layer and are processed and passed onward by + dm-crypt (regardless of direct key management or LUKS key management). + A bit more information on the process by which transactional guarantees + are implemented can be found here: http://lwn.net/Articles/400541/ - Please note that these "guarantees" are weaker than they appear to - be. One problem is that quite a few disks lie to the OS about - having flushed their buffers. Some other things can go wrong as - well. The filesystem developers are aware of these problems and - typically can make it work anyways. That said, dm-crypt/LUKS will - not make things worse. - - One specific problem you can run into though is that you can get - short freezes and other slowdowns due to the encryption layer. - Encryption takes time and forced flushes will block for that time. - For example, I did run into frequent small freezes (1-2 sec) when - putting a vmware image on ext3 over dm-crypt. When I went back to - ext2, the problem went away. This seems to have gotten better with - kernel 2.6.36 and the reworking of filesystem flush locking - mechanism (less blocking of CPU activity during flushes). It - should improve further and eventually the problem should go away. - - - * 2.14 Can I use LUKS or cryptsetup with a more secure (external) - medium for key storage, e.g. TPM or a smartcard? - - Yes, see the answers on using a file-supplied key. You do have to - write the glue-logic yourself though. Basically you can have - cryptsetup read the key from STDIN and write it there with your - own tool that in turn gets the key from the more secure key - storage. + Please note that these "guarantees" are weaker than they appear to be. + One problem is that quite a few disks lie to the OS about having flushed + their buffers. This is likely still true with SSDs. Some other things + can go wrong as well. The filesystem developers are aware of these + problems and typically can make it work anyways. That said, + dm-crypt/LUKS will not make things worse. + + One specific problem you can run into is that you can get short freezes + and other slowdowns due to the encryption layer. Encryption takes time + and forced flushes will block for that time. For example, I did run + into frequent small freezes (1-2 sec) when putting a vmware image on + ext3 over dm-crypt. When I went back to ext2, the problem went away. + This seems to have gotten better with kernel 2.6.36 and the reworking of + filesystem flush locking mechanism (less blocking of CPU activity during + flushes). This should improve further and eventually the problem should + go away. + + + * 2.14 Can I use LUKS or cryptsetup with a more secure (external) + medium for key storage, e.g. TPM or a smartcard? + + Yes, see the answers on using a file-supplied key. You do have to write + the glue-logic yourself though. Basically you can have cryptsetup read + the key from STDIN and write it there with your own tool that in turn + gets the key from the more secure key storage. For TPM support, you may want to have a look at tpm-luks at - https://github.com/shpedoikal/tpm-luks. Note that tpm-luks is not + https://github.com/shpedoikal/tpm-luks. Note that tpm-luks is not related to the cryptsetup project. - * 2.15 Can I resize a dm-crypt or LUKS partition? + * 2.15 Can I resize a dm-crypt or LUKS container? + + Yes, you can, as neither dm-crypt nor LUKS1 stores partition size and + LUKS2 uses a generic "whole device" size as default. Note that LUKS2 + can use specified data-area sizes as a non-standard case and that these + may cause issues when resizing a LUKS2 container if set to a specific + value. - Yes, you can, as neither dm-crypt nor LUKS stores partition size. - Whether you should is a different question. Personally I recommend - backup, recreation of the encrypted partition with new size, - recreation of the filesystem and restore. This gets around the - tricky business of resizing the filesystem. Resizing a dm-crypt or - LUKS container does not resize the filesystem in it. The backup is - really non-optional here, as a lot can go wrong, resulting in - partial or complete data loss. Using something like gparted to - resize an encrypted partition is slow, but typically works. This - will not change the size of the filesystem hidden under the - encryption though. + Whether you should do this is a different question. Personally I + recommend backup, recreation of the dm-crypt or LUKS container with new + size, recreation of the filesystem and restore. This gets around the + tricky business of resizing the filesystem. Resizing a dm-crypt or LUKS + container does not resize the filesystem in it. A backup is really + non-optional here, as a lot can go wrong, resulting in partial or + complete data loss. But if you have that backup, you can also just + recreate everything. - You also need to be aware of size-based limitations. The one - currently relevant is that aes-xts-plain should not be used for - encrypted container sizes larger than 2TiB. Use aes-xts-plain64 - for that. + You also need to be aware of size-based limitations. The one currently + relevant is that aes-xts-plain should not be used for encrypted + container sizes larger than 2TiB. Use aes-xts-plain64 for that. - * 2.16 How do I Benchmark the Ciphers, Hashes and Modes? + * 2.16 How do I Benchmark the Ciphers, Hashes and Modes? - Since version 1.60 cryptsetup supports the "benchmark" command. + Since version 1.60 cryptsetup supports the "benchmark" command. Simply run as root: - cryptsetup benchmark - - It will output first iterations/second for the key-derivation - function PBKDF2 parameterized with different hash-functions, and - then the raw encryption speed of ciphers with different modes and - key-sizes. You can get more than the default benchmarks, see the - man-page for the relevant parameters. Note that XTS mode takes two - keys, hence the listed key sizes are double that for other modes - and half of it is the cipher key, the other half is the XTS key. - - - * 2.17 How do I Verify I have an Authentic cryptsetup Source Package? - - Current maintainer is Milan Broz and he signs the release packages - with his PGP key. The key he currently uses is the "RSA key ID - D93E98FC", fingerprint 2A29 1824 3FDE 4664 8D06 86F9 D9B0 577B - D93E 98FC. While I have every confidence this really is his key and - that he is who he claims to be, don't depend on it if your life is - at stake. For that matter, if your life is at stake, don't depend - on me being who I claim to be either. - - That said, as cryptsetup is under good version control, a malicious - change should be noticed sooner or later, but it may take a while. - Also, the attacker model makes compromising the sources in a - non-obvious way pretty hard. Sure, you could put the master-key - somewhere on disk, but that is rather obvious as soon as somebody - looks as there would be data in an empty LUKS container in a place - it should not be. Doing this in a more nefarious way, for example - hiding the master-key in the salts, would need a look at the - sources to be discovered, but I think that somebody would find that - sooner or later as well. - - That said, this discussion is really a lot more complicated and - longer as an FAQ can sustain. If in doubt, ask on the mailing list. - - - * 2.18 Is there a concern with 4k Sectors? - - Not from dm-crypt itself. Encryption will be done in 512B blocks, - but if the partition and filesystem are aligned correctly and the - filesystem uses multiples of 4kiB as block size, the dm-crypt layer - will just process 8 x 512B = 4096B at a time with negligible - overhead. LUKS does place data at an offset, which is 2MiB per - default and will not break alignment. See also Item 6.12 of this - FAQ for more details. Note that if your partition or filesystem is - misaligned, dm-crypt can make the effect worse though. - - - * 2.19 How can I wipe a device with crypto-grade randomness? - - The conventional recommendation if you want to not just do a + cryptsetup benchmark + + You can get more than the default benchmarks, see the man-page for the + relevant parameters. Note that XTS mode takes two keys, hence the + listed key sizes are double that for other modes and half of it is the + cipher key, the other half is the XTS key. + + + * 2.17 How do I Verify I have an Authentic cryptsetup Source Package? + + Current maintainer is Milan Broz and he signs the release packages with + his PGP key. The key he currently uses is the "RSA key ID D93E98FC", + fingerprint 2A29 1824 3FDE 4664 8D06 86F9 D9B0 577B D93E 98FC. While I + have every confidence this really is his key and that he is who he + claims to be, don't depend on it if your life is at stake. For that + matter, if your life is at stake, don't depend on me being who I claim + to be either. + + That said, as cryptsetup is under good version control and a malicious + change should be noticed sooner or later, but it may take a while. + Also, the attacker model makes compromising the sources in a non-obvious + way pretty hard. Sure, you could put the master-key somewhere on disk, + but that is rather obvious as soon as somebody looks as there would be + data in an empty LUKS container in a place it should not be. Doing this + in a more nefarious way, for example hiding the master-key in the salts, + would need a look at the sources to be discovered, but I think that + somebody would find that sooner or later as well. + + That said, this discussion is really a lot more complicated and longer + as an FAQ can sustain. If in doubt, ask on the mailing list. + + + * 2.18 Is there a concern with 4k Sectors? + + Not from dm-crypt itself. Encryption will be done in 512B blocks, but + if the partition and filesystem are aligned correctly and the filesystem + uses multiples of 4kiB as block size, the dm-crypt layer will just + process 8 x 512B = 4096B at a time with negligible overhead. LUKS does + place data at an offset, which is 2MiB per default and will not break + alignment. See also Item 6.12 of this FAQ for more details. Note that + if your partition or filesystem is misaligned, dm-crypt can make the + effect worse though. Also note that SSDs typically have much larger + blocks internally (e.g. 128kB or even larger). + + + * 2.19 How can I wipe a device with crypto-grade randomness? + + The conventional recommendation if you want to do more than just a zero-wipe is to use something like - cat /dev/urandom > - - That is very slow and painful at 10-20MB/s on a fast computer. - Using cryptsetup and a plain dm-crypt device with a random key, it - is much faster and gives you the same level of security. The + cat /dev/urandom > + + That used to very slow and painful at 10-20MB/s on a fast computer, but + newer kernels can give you > 200MB/s (depending on hardware). An + alternative is using cryptsetup and a plain dm-crypt device with a + random key, which is fast and on the same level of security. The defaults are quite enough. For device set-up, do the following: - cryptsetup open --type plain -d /dev/urandom /dev/ to_be_wiped - - Then you have several options. Simple wipe without - progress-indicator: + cryptsetup open --type plain -d /dev/urandom /dev/ target + + This maps the container as plain under /dev/mapper/target with a random + password. For the actual wipe you have several options. Basically, you + pipe zeroes into the opened container that then get encrypted. Simple + wipe without progress-indicator: + + cat /dev/zero > /dev/mapper/to_be_wiped - cat /dev/zero > /dev/mapper/to_be_wiped - Progress-indicator by dd_rescue: - dd_rescue -w /dev/zero /dev/mapper/to_be_wiped - + dd_rescue -w /dev/zero /dev/mapper/to_be_wiped + Progress-indicator by my "wcs" stream meter (available from http://www.tansi.org/tools/index.html ): - cat /dev/zero | wcs > /dev/mapper/to_be_wiped - + cat /dev/zero | wcs > /dev/mapper/to_be_wiped + + Or use plain "dd", which gives you the progress when sent a SIGUSR1, see + the dd man page. + Remove the mapping at the end and you are done. -3. Common Problems + * 2.20 How to I wipe only the LUKS header? + + This does _not_ describe an emergency wipe procedure, see Item 5.4 for + that. This procedure here is intended to be used when the data should + stay intact, e.g. when you change your LUKS container to use a detached + header and want to remove the old one. Please only do this if you have + a current backup. + + LUKS1: + 01) Determine header size in 512 Byte sectors with luksDump: + + cryptsetup luksDump + +-> ... + Payload offset: + ... + + 02) Take the result number, multiply by 512 zeros and write to + the start of the device, e.g. like this: + + dd bs=512 count= if=/dev/zero of= + + LUKS2: (warning, untested! Remember that backup?) This assumes the + LUKS2 container uses the defaults, in particular there is only one data + segment. 01) Determine the data-segment offset using luksDump, same + as above for LUKS1: - * 3.1 My dm-crypt/LUKS mapping does not work! What general steps are - there to investigate the problem? +-> ... + Data segments: + 0: crypt + offset: [bytes] + ... - If you get a specific error message, investigate what it claims - first. If not, you may want to check the following things. + 02) Overwrite the stated number of bytes from the start of the device. + Just to give yet another way to get a defined number of zeros: - - Check that "/dev", including "/dev/mapper/control" is there. If it - is missing, you may have a problem with the "/dev" tree itself or - you may have broken udev rules. + head -c /dev/zero > /dev/ + + +3. Common Problems + + + * 3.1 My dm-crypt/LUKS mapping does not work! What general steps + are there to investigate the problem? + + If you get a specific error message, investigate what it claims first. + If not, you may want to check the following things. + + - Check that "/dev", including "/dev/mapper/control" is there. If it is + missing, you may have a problem with the "/dev" tree itself or you may + have broken udev rules. - Check that you have the device mapper and the crypt target in your - kernel. The output of "dmsetup targets" should list a "crypt" - target. If it is not there or the command fails, add device mapper - and crypt-target to the kernel. + kernel. The output of "dmsetup targets" should list a "crypt" target. + If it is not there or the command fails, add device mapper and + crypt-target to the kernel. - - Check that the hash-functions and ciphers you want to use are in - the kernel. The output of "cat /proc/crypto" needs to list them. + - Check that the hash-functions and ciphers you want to use are in the + kernel. The output of "cat /proc/crypto" needs to list them. - * 3.2 My dm-crypt mapping suddenly stopped when upgrading cryptsetup. + * 3.2 My dm-crypt mapping suddenly stopped when upgrading cryptsetup. - The default cipher, hash or mode may have changed (the mode changed - from 1.0.x to 1.1.x). See under "Issues With Specific Versions of + The default cipher, hash or mode may have changed (the mode changed from + 1.0.x to 1.1.x). See under "Issues With Specific Versions of cryptsetup". - * 3.3 When I call cryptsetup from cron/CGI, I get errors about - unknown features? + * 3.3 When I call cryptsetup from cron/CGI, I get errors about + unknown features? If you get errors about unknown parameters or the like that are not - present when cryptsetup is called from the shell, make sure you - have no older version of cryptsetup on your system that then gets - called by cron/CGI. For example some distributions install - cryptsetup into /usr/sbin, while a manual install could go to - /usr/local/sbin. As a debugging aid, call "cryptsetup --version" - from cron/CGI or the non-shell mechanism to be sure the right - version gets called. - - - * 3.4 Unlocking a LUKS device takes very long. Why? - - The iteration time for a key-slot (see Section 5 for an explanation - what iteration does) is calculated when setting a passphrase. By - default it is 1 second on the machine where the passphrase is set. - If you set a passphrase on a fast machine and then unlock it on a - slow machine, the unlocking time can be much longer. Also take into - account that up to 8 key-slots have to be tried in order to find the - right one. - - If this is problem, you can add another key-slot using the slow - machine with the same passphrase and then remove the old key-slot. - The new key-slot will have an iteration count adjusted to 1 second - on the slow machine. Use luksKeyAdd and then luksKillSlot or - luksRemoveKey. - - However, this operation will not change volume key iteration count - (MK iterations in output of "cryptsetup luksDump"). In order to - change that, you will have to backup the data in the LUKS - container (i.e. your encrypted data), luksFormat on the slow - machine and restore the data. Note that in the original LUKS - specification this value was fixed to 10, but it is now derived - from the PBKDF2 benchmark as well and set to iterations in 0.125 - sec or 1000, whichever is larger. Also note that MK iterations - are not very security relevant. But as each key-slot already takes - 1 second, spending the additional 0.125 seconds really does not - matter. - - - * 3.5 "blkid" sees a LUKS UUID and an ext2/swap UUID on the same - device. What is wrong? - - Some old versions of cryptsetup have a bug where the header does - not get completely wiped during LUKS format and an older ext2/swap - signature remains on the device. This confuses blkid. + present when cryptsetup is called from the shell, make sure you have no + older version of cryptsetup on your system that then gets called by + cron/CGI. For example some distributions install cryptsetup into + /usr/sbin, while a manual install could go to /usr/local/sbin. As a + debugging aid, call "cryptsetup --version" from cron/CGI or the + non-shell mechanism to be sure the right version gets called. + + + * 3.4 Unlocking a LUKS device takes very long. Why? + + The unlock time for a key-slot (see Section 5 for an explanation what + iteration does) is calculated when setting a passphrase. By default it + is 1 second (2 seconds for LUKS2). If you set a passphrase on a fast + machine and then unlock it on a slow machine, the unlocking time can be + much longer. Also take into account that up to 8 key-slots (LUKS2: up + to 32 key-slots) have to be tried in order to find the right one. + + If this is problem, you can add another key-slot using the slow machine + with the same passphrase and then remove the old key-slot. The new + key-slot will have the unlock time adjusted to the slow machine. Use + luksKeyAdd and then luksKillSlot or luksRemoveKey. You can also use + the -i option to reduce iteration time (and security level) when setting + a passphrase. Default is 1000 (1 sec) for LUKS1 and 2000 (2sec) for + LUKS2. + + However, this operation will not change volume key iteration count ("MK + iterations" for LUKS1, "Iterations" under "Digests" for LUKS2). In + order to change that, you will have to backup the data in the LUKS + container (i.e. your encrypted data), luksFormat on the slow machine + and restore the data. Note that MK iterations are not very security + relevant. + + + * 3.5 "blkid" sees a LUKS UUID and an ext2/swap UUID on the same + device. What is wrong? + + Some old versions of cryptsetup have a bug where the header does not get + completely wiped during LUKS format and an older ext2/swap signature + remains on the device. This confuses blkid. Fix: Wipe the unused header areas by doing a backup and restore of - the header with cryptsetup 1.1.x: + the header with cryptsetup 1.1.x or later: - cryptsetup luksHeaderBackup --header-backup-file - cryptsetup luksHeaderRestore --header-backup-file - + cryptsetup luksHeaderBackup --header-backup-file + cryptsetup luksHeaderRestore --header-backup-file - * 3.6 cryptsetup segfaults on Gentoo amd64 hardened ... - There seems to be some interference between the hardening and and - the way cryptsetup benchmarks PBKDF2. The solution to this is - currently not quite clear for an encrypted root filesystem. For - other uses, you can apparently specify USE="dynamic" as compile - flag, see http://bugs.gentoo.org/show_bug.cgi?id=283470 - -4. Troubleshooting +4. Troubleshooting - * 4.1 I get the error "LUKS keyslot x is invalid." What does that - mean? + * 4.1 I get the error "LUKS keyslot x is invalid." What does that mean? - This means that the given keyslot has an offset that points - outside the valid keyslot area. Typically, the reason is a - corrupted LUKS header because something was written to the start of - the device the LUKS container is on. Refer to Section "Backup and - Data Recovery" and ask on the mailing list if you have trouble - diagnosing and (if still possible) repairing this. + For LUKS1, this means that the given keyslot has an offset that points + outside the valid keyslot area. Typically, the reason is a corrupted + LUKS1 header because something was written to the start of the device + the LUKS1 container is on. For LUKS2, I do not know when this error can + happen, but I expect it will be something similar. Refer to Section + "Backup and Data Recovery" and ask on the mailing list if you have + trouble diagnosing and (if still possible) repairing this. - * 4.2 I cannot unlock my LUKS container! What could be the problem? + * 4.2 I cannot unlock my LUKS container! What could be the problem? - First, make sure you have a correct passphrase. Then make sure you - have the correct key-map and correct keyboard. And then make sure - you have the correct character set and encoding, see also - "PASSPHRASE CHARACTER SET" under Section 1.2. + First, make sure you have a correct passphrase. Then make sure you have + the correct key-map and correct keyboard. And then make sure you have + the correct character set and encoding, see also "PASSPHRASE CHARACTER + SET" under Section 1.2. If you are sure you are entering the passphrase right, there is the - possibility that the respective key-slot has been damaged. There - is no way to recover a damaged key-slot, except from a header - backup (see Section 6). For security reasons, there is also no - checksum in the key-slots that could tell you whether a key-slot has - been damaged. The only checksum present allows recognition of a - correct passphrase, but that only works if the passphrase is - correct and the respective key-slot is intact. - - In order to find out whether a key-slot is damaged one has to look - for "non-random looking" data in it. There is a tool that - automatizes this in the cryptsetup distribution from version 1.6.0 - onwards. It is located in misc/keyslot_checker/. Instructions how - to use and how to interpret results are in the README file. Note - that this tool requires a libcryptsetup from cryptsetup 1.6.0 or - later (which means libcryptsetup.so.4.5.0 or later). If the tool - complains about missing functions in libcryptsetup, you likely - have an earlier version from your distribution still installed. You - can either point the symbolic link(s) from libcryptsetup.so.4 to - the new version manually, or you can uninstall the distribution - version of cryptsetup and re-install that from cryptsetup >= 1.6.0 - again to fix this. - - - * 4.3 Can a bad RAM module cause problems? + possibility that the respective key-slot has been damaged. There is no + way to recover a damaged key-slot, except from a header backup (see + Section 6). For security reasons, there is also no checksum in the + key-slots that could tell you whether a key-slot has been damaged. The + only checksum present allows recognition of a correct passphrase, but + that only works with that correct passphrase and a respective key-slot + that is intact. + + In order to find out whether a key-slot is damaged one has to look for + "non-random looking" data in it. There is a tool that automatizes this + for LUKS1 in the cryptsetup distribution from version 1.6.0 onwards. It + is located in misc/keyslot_checker/. Instructions how to use and how to + interpret results are in the README file. Note that this tool requires + a libcryptsetup from cryptsetup 1.6.0 or later (which means + libcryptsetup.so.4.5.0 or later). If the tool complains about missing + functions in libcryptsetup, you likely have an earlier version from your + distribution still installed. You can either point the symbolic link(s) + from libcryptsetup.so.4 to the new version manually, or you can + uninstall the distribution version of cryptsetup and re-install that + from cryptsetup >= 1.6.0 again to fix this. + + + * 4.3 Can a bad RAM module cause problems? LUKS and dm-crypt can give the RAM quite a workout, especially when - combined with software RAID. In particular the combination RAID5 + - LUKS + XFS seems to uncover RAM problems that never caused obvious - problems before. Symptoms vary, but often the problem manifest + combined with software RAID. In particular the combination RAID5 + + LUKS1 + XFS seems to uncover RAM problems that do not cause obvious + problems otherwise. Symptoms vary, but often the problem manifest itself when copying large amounts of data, typically several times larger than your main memory. - Side note: One thing you should always do on large data - copy/movements is to run a verify, for example with the "-d" - option of "tar" or by doing a set of MD5 checksums on the source - or target with + Note: One thing you should always do on large data copying or movements + is to run a verify, for example with the "-d" option of "tar" or by + doing a set of MD5 checksums on the source or target with - find . -type f -exec md5sum \{\} \; > checksum-file - - and then a "md5sum -c checksum-file" on the other side. If you get - mismatches here, RAM is the primary suspect. A lesser suspect is - an overclocked CPU. I have found countless hardware problems in - verify runs after copying or making backups. Bit errors are much - more common than most people think. + find . -type f -exec md5sum \{\} \; > checksum-file + + and then a "md5sum -c checksum-file" on the other side. If you get + mismatches here, RAM is the primary suspect. A lesser suspect is an + overclocked CPU. I have found countless hardware problems in verify + runs after copying data or making backups. Bit errors are much more + common than most people think. Some RAM issues are even worse and corrupt structures in one of the - layers. This typically results in lockups, CPU state dumps in the - system logs, kernel panic or other things. It is quite possible to - have the problem with an encrypted device, but not with an - otherwise the same unencrypted device. The reason for that is that - encryption has an error amplification property: You flip one bit - in an encrypted data block, and the decrypted version has half of - its bits flipped. This is an important security property for modern - ciphers. With the usual modes in cryptsetup (CBC, ESSIV, XTS), you - get up to a completely changed 512 byte block per bit error. A - corrupt block causes a lot more havoc than the occasionally - flipped single bit and can result in various obscure errors. - - Note, that a verify run on copying between encrypted or - unencrypted devices will reliably detect corruption, even when the - copying itself did not report any problems. If you find defect - RAM, assume all backups and copied data to be suspect, unless you - did a verify. - - - * 4.4 How do I test RAM? - - First you should know that overclocking often makes memory - problems worse. So if you overclock (which I strongly recommend - against in a system holding data that has some worth), run the - tests with the overclocking active. - - There are two good options. One is Memtest86+ and the other is - "memtester" by Charles Cazabon. Memtest86+ requires a reboot and - then takes over the machine, while memtester runs from a - root-shell. Both use different testing methods and I have found - problems fast with each one that the other needed long to find. I - recommend running the following procedure until the first error is - found: + layers. This typically results in lockups, CPU state dumps in the + system logs, kernel panic or other things. It is quite possible to have + a problem with an encrypted device, but not with an otherwise the same + unencrypted device. The reason for that is that encryption has an error + amplification property: If you flip one bit in an encrypted data block, + the decrypted version has half of its bits flipped. This is actually an + important security property for modern ciphers. With the usual modes in + cryptsetup (CBC, ESSIV, XTS), you can get a completely changed 512 byte + block for a bit error. A corrupt block causes a lot more havoc than the + occasionally flipped single bit and can result in various obscure + errors. + + Note that a verify run on copying between encrypted or unencrypted + devices will reliably detect corruption, even when the copying itself + did not report any problems. If you find defect RAM, assume all backups + and copied data to be suspect, unless you did a verify. + + + * 4.4 How do I test RAM? + + First you should know that overclocking often makes memory problems + worse. So if you overclock (which I strongly recommend against in a + system holding data that has any worth), run the tests with the + overclocking active. + + There are two good options. One is Memtest86+ and the other is + "memtester" by Charles Cazabon. Memtest86+ requires a reboot and then + takes over the machine, while memtester runs from a root-shell. Both + use different testing methods and I have found problems fast with either + one that the other needed long to find. I recommend running the + following procedure until the first error is found: - Run Memtest86+ for one cycle - Run memtester for one cycle (shut down as many other applications - as possible) + as possible and use the largest memory area you can get) - Run Memtest86+ for 24h or more - Run memtester for 24h or more If all that does not produce error messages, your RAM may be sound, - but I have had one weak bit that Memtest86+ needed around 60 hours - to find. If you can reproduce the original problem reliably, a good - additional test may be to remove half of the RAM (if you have more - than one module) and try whether the problem is still there and if - so, try with the other half. If you just have one module, get a - different one and try with that. If you do overclocking, reduce - the settings to the most conservative ones available and try with - that. + but I have had one weak bit in the past that Memtest86+ needed around + 60 hours to find. If you can reproduce the original problem reliably, + a good additional test may be to remove half of the RAM (if you have + more than one module) and try whether the problem is still there and if + so, try with the other half. If you just have one module, get a + different one and try with that. If you do overclocking, reduce the + settings to the most conservative ones available and try with that. -5. Security Aspects + * 4.5 Is there a risk using debugging tools like strace? + There most definitely is. A dump from strace and friends can contain + all data entered, including the full passphrase. Example with strace + and passphrase "test": - * 5.1 How long is a secure passphrase ? + > strace cryptsetup luksOpen /dev/sda10 c1 + ... + read(6, "test\n", 512) = 5 + ... - This is just the short answer. For more info and explanation of - some of the terms used in this item, read the rest of Section 5. - The actual recommendation is at the end of this item. + Depending on different factors and the tool used, the passphrase may + also be encoded and not plainly visible. Hence it is never a good idea + to give such a trace from a live container to anybody. Recreate the + problem with a test container or set a temporary passphrase like "test" + and use that for the trace generation. Item 2.6 explains how to create + a loop-file backed LUKS container that may come in handy for this + purpose. - First, passphrase length is not really the right measure, - passphrase entropy is. For example, a random lowercase letter (a-z) - gives you 4.7 bit of entropy, one element of a-z0-9 gives you 5.2 - bits of entropy, an element of a-zA-Z0-9 gives you 5.9 bits and - a-zA-Z0-9!@#$%^&:-+ gives you 6.2 bits. On the other hand, a random - English word only gives you 0.6...1.3 bits of entropy per - character. Using sentences that make sense gives lower entropy, - series of random words gives higher entropy. Do not use sentences - that can be tied to you or found on your computer. This type of - attack is done routinely today. + See also Item 6.10 for another set of data you should not give to + others. - That said, it does not matter too much what scheme you use, but it - does matter how much entropy your passphrase contains, because an - attacker has to try on average - 1/2 * 2^(bits of entropy in passphrase) - +5. Security Aspects + + + * 5.1 How long is a secure passphrase ? + + This is just the short answer. For more info and explanation of some of + the terms used in this item, read the rest of Section 5. The actual + recommendation is at the end of this item. + + First, passphrase length is not really the right measure, passphrase + entropy is. If your passphrase is 200 times the letter "a", it is long + but has very low entropy and is pretty insecure. + + For example, a random lowercase letter (a-z) gives you 4.7 bit of + entropy, one element of a-z0-9 gives you 5.2 bits of entropy, an element + of a-zA-Z0-9 gives you 5.9 bits and a-zA-Z0-9!@#$%\^&:-+ gives you 6.2 + bits. On the other hand, a random English word only gives you 0.6...1.3 + bits of entropy per character. Using sentences that make sense gives + lower entropy, series of random words gives higher entropy. Do not use + sentences that can be tied to you or found on your computer. This type + of attack is done routinely today. + + That said, it does not matter too much what scheme you use, but it does + matter how much entropy your passphrase contains, because an attacker + has to try on average + + 1/2 * 2^(bits of entropy in passphrase) + different passphrases to guess correctly. - Historically, estimations tended to use computing time estimates, - but more modern approaches try to estimate cost of guessing a - passphrase. + Historically, estimations tended to use computing time estimates, but + more modern approaches try to estimate cost of guessing a passphrase. As an example, I will try to get an estimate from the numbers in - http://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes - More references can be found a the end of this document. Note that - these are estimates from the defender side, so assuming something - is easier than it actually is is fine. An attacker may still have - vastly higher cost than estimated here. - - LUKS uses SHA1 for hashing per default. The claim in the reference - is 63 billion tries/second for SHA1. We will leave aside the check - whether a try actually decrypts a key-slot. Now, the machine has 25 - GPUs, which I will estimate at an overall lifetime cost of USD/EUR - 1000 each, and an useful lifetime of 2 years. (This is on the low - side.) Disregarding downtime, the machine can then break - - N = 63*10^9 * 3600 * 24 * 365 * 2 ~ 4*10^18 - - passphrases for EUR/USD 25k. That is one 62 bit passphrase hashed - once with SHA1 for EUR/USD 25k. Note that as this can be - parallelized, it can be done faster than 2 years with several of - these machines. - - For plain dm-crypt (no hash iteration) this is it. This gives (with - SHA1, plain dm-crypt default is ripemd160 which seems to be - slightly slower than SHA1): - - Passphrase entropy Cost to break - 60 bit EUR/USD 6k + https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40 This + thing costs 23kUSD and does 68Ghashes/sec for SHA1. This is in 2017. + + Incidentally, my older calculation for a machine around 1000 times + slower was off by a factor of about 1000, but in the right direction, + i.e. I estimated the attack to be too easy. Nobody noticed ;-) On the + plus side, the tables are now (2017) pretty much accurate. + + More references can be found a the end of this document. Note that + these are estimates from the defender side, so assuming something is + easier than it actually is is fine. An attacker may still have + significantly higher cost than estimated here. + + LUKS1 used SHA1 (since version 1.7.0 it uses SHA256) for hashing per + default. We will leave aside the check whether a try actually decrypts + a key-slot. I will assume a useful lifetime of the hardware of 2 years. + (This is on the low side.) Disregarding downtime, the machine can then + break + + N = 68*10^9 * 3600 * 24 * 365 * 2 ~ 4*10^18 + + passphrases for EUR/USD 23k. That is one 62 bit passphrase hashed once + with SHA1 for EUR/USD 23k. This can be parallelized, it can be done + faster than 2 years with several of these machines. + + For LUKS2, things look a bit better, as the advantage of using graphics + cards is massively reduced. Using the recommendations below should + hence be fine for LUKS2 as well and give a better security margin. + + For plain dm-crypt (no hash iteration) this is it. This gives (with + SHA1, plain dm-crypt default is ripemd160 which seems to be slightly + slower than SHA1): + + Passphrase entropy Cost to break + 60 bit EUR/USD 6k 65 bit EUR/USD 200K 70 bit EUR/USD 6M 75 bit EUR/USD 200M 80 bit EUR/USD 6B 85 bit EUR/USD 200B - ... ... - - For LUKS, you have to take into account hash iteration in PBKDF2. - For a current CPU, there are about 100k iterations (as can be - queried with ''cryptsetup luksDump''. + ... ... + + + For LUKS1, you have to take into account hash iteration in PBKDF2. + For a current CPU, there are about 100k iterations (as can be queried + with ''cryptsetup luksDump''. The table above then becomes: - Passphrase entropy Cost to break - 50 bit EUR/USD 600k + Passphrase entropy Cost to break + 50 bit EUR/USD 600k 55 bit EUR/USD 20M - 60 bit EUR/USD 600M + 60 bit EUR/USD 600M 65 bit EUR/USD 20B 70 bit EUR/USD 600B 75 bit EUR/USD 20T - ... ... - + ... ... + + Recommendation: - To get reasonable security for the next 10 years, it is a good idea + To get reasonable security for the next 10 years, it is a good idea to overestimate by a factor of at least 1000. - Then there is the question of how much the attacker is willing to - spend. That is up to your own security evaluation. For general use, - I will assume the attacker is willing to spend up to 1 million - EUR/USD. Then we get the following recommendations: + Then there is the question of how much the attacker is willing to spend. + That is up to your own security evaluation. For general use, I will + assume the attacker is willing to spend up to 1 million EUR/USD. Then + we get the following recommendations: Plain dm-crypt: Use > 80 bit. That is e.g. 17 random chars from a-z or a random English sentence of > 135 characters length. - LUKS: Use > 65 bit. That is e.g. 14 random chars from a-z or a - random English sentence of > 108 characters length. + LUKS1 and LUKS2: Use > 65 bit. That is e.g. 14 random chars from a-z + or a random English sentence of > 108 characters length. If paranoid, add at least 20 bit. That is roughly four additional characters for random passphrases and roughly 32 characters for a - random English sentence. - - - * 5.2 Is LUKS insecure? Everybody can see I have encrypted data! - - In practice it does not really matter. In most civilized countries - you can just refuse to hand over the keys, no harm done. In some - countries they can force you to hand over the keys, if they suspect - encryption. However the suspicion is enough, they do not have to - prove anything. This is for practical reasons, as even the presence - of a header (like the LUKS header) is not enough to prove that you - have any keys. It might have been an experiment, for example. Or it - was used as encrypted swap with a key from /dev/random. So they - make you prove you do not have encrypted data. Of course that is - just as impossible as the other way round. - - This means that if you have a large set of random-looking data, - they can already lock you up. Hidden containers (encryption hidden - within encryption), as possible with Truecrypt, do not help - either. They will just assume the hidden container is there and - unless you hand over the key, you will stay locked up. Don't have - a hidden container? Though luck. Anybody could claim that. - - Still, if you are concerned about the LUKS header, use plain - dm-crypt with a good passphrase. See also Section 2, "What is the - difference between "plain" and LUKS format?" - - - * 5.3 Should I initialize (overwrite) a new LUKS/dm-crypt partition? - - If you just create a filesystem on it, most of the old data will - still be there. If the old data is sensitive, you should overwrite - it before encrypting. In any case, not initializing will leave the - old data there until the specific sector gets written. That may - enable an attacker to determine how much and where on the - partition data was written. If you think this is a risk, you can - prevent this by overwriting the encrypted device (here assumed to - be named "e1") with zeros like this: - - dd_rescue -w /dev/zero /dev/mapper/e1 - + random English sentence. + + + * 5.2 Is LUKS insecure? Everybody can see I have encrypted data! + + In practice it does not really matter. In most civilized countries you + can just refuse to hand over the keys, no harm done. In some countries + they can force you to hand over the keys if they suspect encryption. + The suspicion is enough, they do not have to prove anything. This is + for practical reasons, as even the presence of a header (like the LUKS + header) is not enough to prove that you have any keys. It might have + been an experiment, for example. Or it was used as encrypted swap with + a key from /dev/random. So they make you prove you do not have + encrypted data. Of course, if true, that is impossible and hence the + whole idea is not compatible with fair laws. Note that in this context, + countries like the US or the UK are not civilized and do not have fair + laws. + + This means that if you have a large set of random-looking data, they can + already lock you up. Hidden containers (encryption hidden within + encryption), as possible with Truecrypt, do not help either. They will + just assume the hidden container is there and unless you hand over the + key, you will stay locked up. Don't have a hidden container? Though + luck. Anybody could claim that. + + Still, if you are concerned about the LUKS header, use plain dm-crypt + with a good passphrase. See also Section 2, "What is the difference + between "plain" and LUKS format?" + + + * 5.3 Should I initialize (overwrite) a new LUKS/dm-crypt partition? + + If you just create a filesystem on it, most of the old data will still + be there. If the old data is sensitive, you should overwrite it before + encrypting. In any case, not initializing will leave the old data there + until the specific sector gets written. That may enable an attacker to + determine how much and where on the partition data was written. If you + think this is a risk, you can prevent this by overwriting the encrypted + device (here assumed to be named "e1") with zeros like this: + + dd_rescue -w /dev/zero /dev/mapper/e1 + or alternatively with one of the following more standard commands: - cat /dev/zero > /dev/mapper/e1 - dd if=/dev/zero of=/dev/mapper/e1 - - - * 5.4 How do I securely erase a LUKS (or other) partition? - - For LUKS, if you are in a desperate hurry, overwrite the LUKS - header and key-slot area. This means overwriting the first - (keyslots x stripes x keysize) + offset bytes. For the default - parameters, this is the 1'052'672 bytes, i.e. 1MiB + 4096 of the - LUKS partition. For 512 bit key length (e.g. for aes-xts-plain with - 512 bit key) this is 2MiB. (The different offset stems from - differences in the sector alignment of the key-slots.) If in doubt, - just be generous and overwrite the first 10MB or so, it will likely - still be fast enough. A single overwrite with zeros should be - enough. If you anticipate being in a desperate hurry, prepare the - command beforehand. Example with /dev/sde1 as the LUKS partition - and default parameters: - - head -c 1052672 /dev/zero > /dev/sde1; sync - - A LUKS header backup or full backup will still grant access to - most or all data, so make sure that an attacker does not have - access to backups or destroy them as well. - - If you have time, overwrite the whole LUKS partition with a single - pass of zeros. This is enough for current HDDs. For SSDs or FLASH - (USB sticks) you may want to overwrite the whole drive several - times to be sure data is not retained by wear leveling. This is - possibly still insecure as SSD technology is not fully understood - in this regard. Still, due to the anti-forensic properties of the - LUKS key-slots, a single overwrite of an SSD or FLASH drive could - be enough. If in doubt, use physical destruction in addition. Here - is a link to some current research results on erasing SSDs and - FLASH drives: + cat /dev/zero > /dev/mapper/e1 + dd if=/dev/zero of=/dev/mapper/e1 + + + + * 5.4 How do I securely erase a LUKS container? + + For LUKS, if you are in a desperate hurry, overwrite the LUKS header and + key-slot area. For LUKS1 and LUKS2, just be generous and overwrite the + first 100MB. A single overwrite with zeros should be enough. If you + anticipate being in a desperate hurry, prepare the command beforehand. + Example with /dev/sde1 as the LUKS partition and default parameters: + + head -c 100000000 /dev/zero > /dev/sde1; sync + + A LUKS header backup or full backup will still grant access to most or + all data, so make sure that an attacker does not have access to backups + or destroy them as well. + + Also note that SSDs and also some HDDs (SMR and hybrid HDDs, for + example) may not actually overwrite the header and only do that an + unspecified and possibly very long time later. The only way to be sure + there is physical destruction. If the situation permits, do both + overwrite and physical destruction. + + If you have time, overwrite the whole drive with a single pass of random + data. This is enough for most HDDs. For SSDs or FLASH (USB sticks) or + SMR or hybrid drives, you may want to overwrite the whole drive several + times to be sure data is not retained. This is possibly still insecure + as the respective technologies are not fully understood in this regard. + Still, due to the anti-forensic properties of the LUKS key-slots, a + single overwrite could be enough. If in doubt, use physical destruction + in addition. Here is a link to some current research results on erasing + SSDs and FLASH drives: http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf Keep in mind to also erase all backups. - Example for a zero-overwrite erase of partition sde1 done with + Example for a random-overwrite erase of partition sde1 done with dd_rescue: - dd_rescue -w /dev/zero /dev/sde1 - + dd_rescue -w /dev/urandom /dev/sde1 - * 5.5 How do I securely erase a backup of a LUKS partition or header? - That depends on the medium it is stored on. For HDD and SSD, use - overwrite with zeros. For an SSD or FLASH drive (USB stick), you - may want to overwrite the complete SSD several times and use - physical destruction in addition, see last item. For re-writable - CD/DVD, a single overwrite should also be enough, due to the - anti-forensic properties of the LUKS keyslots. For write-once - media, use physical destruction. For low security requirements, - just cut the CD/DVD into several parts. For high security needs, - shred or burn the medium. If your backup is on magnetic tape, I - advise physical destruction by shredding or burning, after - overwriting . The problem with magnetic tape is that it has a - higher dynamic range than HDDs and older data may well be - recoverable after overwrites. Also write-head alignment issues can - lead to data not actually being deleted at all during overwrites. + * 5.5 How do I securely erase a backup of a LUKS partition or header? - * 5.6 What about backup? Does it compromise security? + That depends on the medium it is stored on. For HDD and SSD, use + overwrite with random data. For an SSD, FLASH drive (USB stick) hybrid + HDD or SMR HDD, you may want to overwrite the complete drive several + times and use physical destruction in addition, see last item. For + re-writable CD/DVD, a single overwrite should be enough, due to the + anti-forensic properties of the LUKS keyslots. For write-once media, + use physical destruction. For low security requirements, just cut the + CD/DVD into several parts. For high security needs, shred or burn the + medium. + + If your backup is on magnetic tape, I advise physical destruction by + shredding or burning, after (!) overwriting . The problem with magnetic + tape is that it has a higher dynamic range than HDDs and older data may + well be recoverable after overwrites. Also write-head alignment issues + can lead to data not actually being deleted during overwrites. + + The best option is to actually encrypt the backup, for example with + PGP/GnuPG and then just destroy all copies of the encryption key if + needed. Best keep them on paper, as that has excellent durability and + secure destruction is easy, for example by burning and then crushing the + ashes to a fine powder. A blender and water also works nicely. + + + * 5.6 What about backup? Does it compromise security? That depends. See item 6.7. - * 5.7 Why is all my data permanently gone if I overwrite the LUKS - header? + * 5.7 Why is all my data permanently gone if I overwrite the LUKS header? - Overwriting the LUKS header in part or in full is the most common - reason why access to LUKS containers is lost permanently. - Overwriting can be done in a number of fashions, like creating a - new filesystem on the raw LUKS partition, making the raw partition - part of a raid array and just writing to the raw partition. + Overwriting the LUKS header in part or in full is the most common reason + why access to LUKS containers is lost permanently. Overwriting can be + done in a number of fashions, like creating a new filesystem on the raw + LUKS partition, making the raw partition part of a raid array and just + writing to the raw partition. - The LUKS header contains a 256 bit "salt" per key-slot and without - that no decryption is possible. While the salts are not secret, - they are key-grade material and cannot be reconstructed. This is a - cryptographically strong "cannot". From observations on the - cryptsetup mailing-list, people typically go though the usual - stages of grief (Denial, Anger, Bargaining, Depression, Acceptance) - when this happens to them. Observed times vary between 1 day and 2 - weeks to complete the cycle. Seeking help on the mailing-list is - fine. Even if we usually cannot help with getting back your data, - most people found the feedback comforting. + The LUKS1 header contains a 256 bit "salt" per key-slot and without that + no decryption is possible. While the salts are not secret, they are + key-grade material and cannot be reconstructed. This is a + cryptographically strong "cannot". From observations on the cryptsetup + mailing-list, people typically go though the usual stages of grief + (Denial, Anger, Bargaining, Depression, Acceptance) when this happens to + them. Observed times vary between 1 day and 2 weeks to complete the + cycle. Seeking help on the mailing-list is fine. Even if we usually + cannot help with getting back your data, most people found the feedback + comforting. If your header does not contain an intact key-slot salt, best go - directly to the last stage ("Acceptance") and think about what to - do now. There is one exception that I know of: If your LUKS - container is still open, then it may be possible to extract the - master key from the running system. See Item "How do I recover the - master key from a mapped LUKS container?" in Section "Backup and - Data Recovery". - - - * 5.8 What is a "salt"? - - A salt is a random key-grade value added to the passphrase before - it is processed. It is not kept secret. The reason for using salts - is as follows: If an attacker wants to crack the password for a - single LUKS container, then every possible passphrase has to be - tried. Typically an attacker will not try every binary value, but - will try words and sentences from a dictionary. - - If an attacker wants to attack several LUKS containers with the - same dictionary, then a different approach makes sense: Compute the - resulting slot-key for each dictionary element and store it on - disk. Then the test for each entry is just the slow unlocking with - the slot key (say 0.00001 sec) instead of calculating the slot-key - first (1 sec). For a single attack, this does not help. But if you - have more than one container to attack, this helps tremendously, - also because you can prepare your table before you even have the - container to attack! The calculation is also very simple to - parallelize. You could, for example, use the night-time unused CPU - power of your desktop PCs for this. - - This is where the salt comes in. If the salt is combined with the - passphrase (in the simplest form, just appended to it), you - suddenly need a separate table for each salt value. With a - reasonably-sized salt value (256 bit, e.g.) this is quite - infeasible. - - - * 5.9 Is LUKS secure with a low-entropy (bad) passphrase? - - Note: You should only use the 94 printable characters from 7 bit - ASCII code to prevent your passphrase from failing when the - character encoding changes, e.g. because of a system upgrade, see - also the note at the very start of this FAQ under "WARNINGS". - - This needs a bit of theory. The quality of your passphrase is - directly related to its entropy (information theoretic, not - thermodynamic). The entropy says how many bits of "uncertainty" or - "randomness" are in you passphrase. In other words, that is how - difficult guessing the passphrase is. + directly to the last stage ("Acceptance") and think about what to do + now. There is one exception that I know of: If your LUKS1 container is + still open, then it may be possible to extract the master key from the + running system. See Item "How do I recover the master key from a mapped + LUKS1 container?" in Section "Backup and Data Recovery". + + For LUKS2, things are both better and worse. First, the salts are in a + less vulnerable position now. But, on the other hand, the keys of a + mapped (open) container are now stored in the kernel key-store, and + while there probably is some way to get them out of there, I am not sure + how much effort that needs. + + + * 5.8 What is a "salt"? + + A salt is a random key-grade value added to the passphrase before it is + processed. It is not kept secret. The reason for using salts is as + follows: If an attacker wants to crack the password for a single LUKS + container, then every possible passphrase has to be tried. Typically an + attacker will not try every binary value, but will try words and + sentences from a dictionary. + + If an attacker wants to attack several LUKS containers with the same + dictionary, then a different approach makes sense: Compute the resulting + slot-key for each dictionary element and store it on disk. Then the + test for each entry is just the slow unlocking with the slot key (say + 0.00001 sec) instead of calculating the slot-key first (1 sec). For a + single attack, this does not help. But if you have more than one + container to attack, this helps tremendously, also because you can + prepare your table before you even have the container to attack! The + calculation is also very simple to parallelize. You could, for example, + use the night-time unused CPU power of your desktop PCs for this. + + This is where the salt comes in. If the salt is combined with the + passphrase (in the simplest form, just appended to it), you suddenly + need a separate table for each salt value. With a reasonably-sized salt + value (256 bit, e.g.) this is quite infeasible. + + + * 5.9 Is LUKS secure with a low-entropy (bad) passphrase? + + Short answer: yes. Do not use a low-entropy passphrase. + + Note: For LUKS2, protection for bad passphrases is a bit better + due to the use of Argon2, but that is only a gradual improvement. + + Longer answer: + This needs a bit of theory. The quality of your passphrase is directly + related to its entropy (information theoretic, not thermodynamic). The + entropy says how many bits of "uncertainty" or "randomness" are in you + passphrase. In other words, that is how difficult guessing the + passphrase is. Example: A random English sentence has about 1 bit of entropy per - character. A random lowercase (or uppercase) character has about - 4.7 bit of entropy. + character. A random lowercase (or uppercase) character has about 4.7 + bit of entropy. Now, if n is the number of bits of entropy in your passphrase and t is the time it takes to process a passphrase in order to open the LUKS container, then an attacker has to spend at maximum - attack_time_max = 2^n * t - - time for a successful attack and on average half that. There is no - way getting around that relationship. However, there is one thing - that does help, namely increasing t, the time it takes to use a - passphrase, see next FAQ item. - - Still, if you want good security, a high-entropy passphrase is the - only option. For example, a low-entropy passphrase can never be - considered secure against a TLA-level (Three Letter Agency level, - i.e. government-level) attacker, no matter what tricks are used in - the key-derivation function. Use at least 64 bits for secret stuff. - That is 64 characters of English text (but only if randomly chosen) - or a combination of 12 truly random letters and digits. - - For passphrase generation, do not use lines from very well-known - texts (religious texts, Harry potter, etc.) as they are to easy to - guess. For example, the total Harry Potter has about 1'500'000 - words (my estimation). Trying every 64 character sequence starting - and ending at a word boundary would take only something like 20 - days on a single CPU and is entirely feasible. To put that into - perspective, using a number of Amazon EC2 High-CPU Extra Large - instances (each gives about 8 real cores), this test costs - currently about 50USD/EUR, but can be made to run arbitrarily fast. - - On the other hand, choosing 1.5 lines from, say, the Wheel of Time - is in itself not more secure, but the book selection adds quite a - bit of entropy. (Now that I have mentioned it here, don't use tWoT - either!) If you add 2 or 3 typos or switch some words around, then - this is good passphrase material. - - - * 5.10 What is "iteration count" and why is decreasing it a bad idea? - - Iteration count is the number of PBKDF2 iterations a passphrase is - put through before it is used to unlock a key-slot. Iterations are - done with the explicit purpose to increase the time that it takes - to unlock a key-slot. This provides some protection against use of - low-entropy passphrases. - - The idea is that an attacker has to try all possible passphrases. - Even if the attacker knows the passphrase is low-entropy (see last - item), it is possible to make each individual try take longer. The - way to do this is to repeatedly hash the passphrase for a certain - time. The attacker then has to spend the same time (given the same - computing power) as the user per try. With LUKS, the default is 1 - second of PBKDF2 hashing. - - Example 1: Lets assume we have a really bad passphrase (e.g. a - girlfriends name) with 10 bits of entropy. With the same CPU, an - attacker would need to spend around 500 seconds on average to - break that passphrase. Without iteration, it would be more like - 0.0001 seconds on a modern CPU. - - Example 2: The user did a bit better and has 32 chars of English - text. That would be about 32 bits of entropy. With 1 second - iteration, that means an attacker on the same CPU needs around 136 - years. That is pretty impressive for such a weak passphrase. - Without the iterations, it would be more like 50 days on a modern - CPU, and possibly far less. - - In addition, the attacker can both parallelize and use special - hardware like GPUs or FPGAs to speed up the attack. The attack can - also happen quite some time after the luksFormat operation and CPUs - can have become faster and cheaper. For that reason you want a - bit of extra security. Anyways, in Example 1 your are screwed. - In example 2, not necessarily. Even if the attack is faster, it - still has a certain cost associated with it, say 10000 EUR/USD - with iteration and 1 EUR/USD without iteration. The first can be - prohibitively expensive, while the second is something you try - even without solid proof that the decryption will yield something - useful. - - The numbers above are mostly made up, but show the idea. Of course - the best thing is to have a high-entropy passphrase. - - Would a 100 sec iteration time be even better? Yes and no. - Cryptographically it would be a lot better, namely 100 times better. - However, usability is a very important factor for security - technology and one that gets overlooked surprisingly often. For - LUKS, if you have to wait 2 minutes to unlock the LUKS container, - most people will not bother and use less secure storage instead. It - is better to have less protection against low-entropy passphrases - and people actually use LUKS, than having them do without - encryption altogether. - - Now, what about decreasing the iteration time? This is generally a - very bad idea, unless you know and can enforce that the users only - use high-entropy passphrases. If you decrease the iteration time - without ensuring that, then you put your users at increased risk, - and considering how rarely LUKS containers are unlocked in a - typical work-flow, you do so without a good reason. Don't do it. - The iteration time is already low enough that users with entropy - low passphrases are vulnerable. Lowering it even further increases - this danger significantly. - - - * 5.11 Some people say PBKDF2 is insecure? + attack_time_max = 2^n * t + + time for a successful attack and on average half that. There is no way + getting around that relationship. However, there is one thing that does + help, namely increasing t, the time it takes to use a passphrase, see + next FAQ item. + + Still, if you want good security, a high-entropy passphrase is the only + option. For example, a low-entropy passphrase can never be considered + secure against a TLA-level (Three Letter Agency level, i.e. + government-level) attacker, no matter what tricks are used in the + key-derivation function. Use at least 64 bits for secret stuff. That + is 64 characters of English text (but only if randomly chosen) or a + combination of 12 truly random letters and digits. + + For passphrase generation, do not use lines from very well-known texts + (religious texts, Harry potter, etc.) as they are too easy to guess. + For example, the total Harry Potter has about 1'500'000 words (my + estimation). Trying every 64 character sequence starting and ending at + a word boundary would take only something like 20 days on a single CPU + and is entirely feasible. To put that into perspective, using a number + of Amazon EC2 High-CPU Extra Large instances (each gives about 8 real + cores), this test costs currently about 50USD/EUR, but can be made to + run arbitrarily fast. + + On the other hand, choosing 1.5 lines from, say, the Wheel of Time, is + in itself not more secure, but the book selection adds quite a bit of + entropy. (Now that I have mentioned it here, don't use tWoT either!) If + you add 2 or 3 typos and switch some words around, then this is good + passphrase material. + + + * 5.10 What is "iteration count" and why is decreasing it a bad idea? + + LUKS1: + Iteration count is the number of PBKDF2 iterations a passphrase is put + through before it is used to unlock a key-slot. Iterations are done + with the explicit purpose to increase the time that it takes to unlock a + key-slot. This provides some protection against use of low-entropy + passphrases. + + The idea is that an attacker has to try all possible passphrases. Even + if the attacker knows the passphrase is low-entropy (see last item), it + is possible to make each individual try take longer. The way to do this + is to repeatedly hash the passphrase for a certain time. The attacker + then has to spend the same time (given the same computing power) as the + user per try. With LUKS1, the default is 1 second of PBKDF2 hashing. + + Example 1: Lets assume we have a really bad passphrase (e.g. a + girlfriends name) with 10 bits of entropy. With the same CPU, an + attacker would need to spend around 500 seconds on average to break that + passphrase. Without iteration, it would be more like 0.0001 seconds on + a modern CPU. + + Example 2: The user did a bit better and has 32 chars of English text. + That would be about 32 bits of entropy. With 1 second iteration, that + means an attacker on the same CPU needs around 136 years. That is + pretty impressive for such a weak passphrase. Without the iterations, + it would be more like 50 days on a modern CPU, and possibly far less. + + In addition, the attacker can both parallelize and use special hardware + like GPUs or FPGAs to speed up the attack. The attack can also happen + quite some time after the luksFormat operation and CPUs can have become + faster and cheaper. For that reason you want a bit of extra security. + Anyways, in Example 1 your are screwed. In example 2, not necessarily. + Even if the attack is faster, it still has a certain cost associated + with it, say 10000 EUR/USD with iteration and 1 EUR/USD without + iteration. The first can be prohibitively expensive, while the second + is something you try even without solid proof that the decryption will + yield something useful. + + The numbers above are mostly made up, but show the idea. Of course the + best thing is to have a high-entropy passphrase. + + Would a 100 sec iteration time be even better? Yes and no. + Cryptographically it would be a lot better, namely 100 times better. + However, usability is a very important factor for security technology + and one that gets overlooked surprisingly often. For LUKS, if you have + to wait 2 minutes to unlock the LUKS container, most people will not + bother and use less secure storage instead. It is better to have less + protection against low-entropy passphrases and people actually use LUKS, + than having them do without encryption altogether. + + Now, what about decreasing the iteration time? This is generally a very + bad idea, unless you know and can enforce that the users only use + high-entropy passphrases. If you decrease the iteration time without + ensuring that, then you put your users at increased risk, and + considering how rarely LUKS containers are unlocked in a typical + work-flow, you do so without a good reason. Don't do it. The iteration + time is already low enough that users with low entropy passphrases are + vulnerable. Lowering it even further increases this danger + significantly. + + LUKS2: Pretty much the same reasoning applies. The advantages of using + GPUs or FPGAs in an attack have been significantly reduced, but that + is the only main difference. + + + * 5.11 Some people say PBKDF2 is insecure? There is some discussion that a hash-function should have a "large - memory" property, i.e. that it should require a lot of memory to be - computed. This serves to prevent attacks using special programmable - circuits, like FPGAs, and attacks using graphics cards. PBKDF2 - does not need a lot of memory and is vulnerable to these attacks. - However, the publication usually referred in these discussions is - not very convincing in proving that the presented hash really is - "large memory" (that may change, email the FAQ maintainer when it - does) and it is of limited usefulness anyways. Attackers that use - clusters of normal PCs will not be affected at all by a "large - memory" property. For example the US Secret Service is known to - use the off-hour time of all the office PCs of the Treasury for - password breaking. The Treasury has about 110'000 employees. - Assuming every one has an office PC, that is significant computing - power, all of it with plenty of memory for computing "large - memory" hashes. Bot-net operators also have all the memory they - want. The only protection against a resourceful attacker is a - high-entropy passphrase, see items 5.9 and 5.10. - - - * 5.12 What about iteration count with plain dm-crypt? - - Simple: There is none. There is also no salting. If you use plain - dm-crypt, the only way to be secure is to use a high entropy - passphrase. If in doubt, use LUKS instead. - - - * 5.13 Is LUKS with default parameters less secure on a slow CPU? - - Unfortunately, yes. However the only aspect affected is the - protection for low-entropy passphrase or master-key. All other - security aspects are independent of CPU speed. - - The master key is less critical, as you really have to work at it - to give it low entropy. One possibility is to supply the master key - yourself. If that key is low-entropy, then you get what you - deserve. The other known possibility is to use /dev/urandom for - key generation in an entropy-starved situation (e.g. automatic - installation on an embedded device without network and other entropy - sources). - - For the passphrase, don't use a low-entropy passphrase. If your - passphrase is good, then a slow CPU will not matter. If you insist - on a low-entropy passphrase on a slow CPU, use something like - "--iter-time=10" or higher and wait a long time on each LUKS unlock - and pray that the attacker does not find out in which way exactly - your passphrase is low entropy. This also applies to low-entropy - passphrases on fast CPUs. Technology can do only so much to - compensate for problems in front of the keyboard. - - - * 5.14 Why was the default aes-cbc-plain replaced with aes-cbc-essiv? + memory" property, i.e. that it should require a lot of memory to be + computed. This serves to prevent attacks using special programmable + circuits, like FPGAs, and attacks using graphics cards. PBKDF2 does not + need a lot of memory and is vulnerable to these attacks. However, the + publication usually referred in these discussions is not very convincing + in proving that the presented hash really is "large memory" (that may + change, email the FAQ maintainer when it does) and it is of limited + usefulness anyways. Attackers that use clusters of normal PCs will not + be affected at all by a "large memory" property. For example the US + Secret Service is known to use the off-hour time of all the office PCs + of the Treasury for password breaking. The Treasury has about 110'000 + employees. Assuming every one has an office PC, that is significant + computing power, all of it with plenty of memory for computing "large + memory" hashes. Bot-net operators also have all the memory they want. + The only protection against a resourceful attacker is a high-entropy + passphrase, see items 5.9 and 5.10. + + That said, LUKS2 defaults to Argon2, which has a large-memory property + and massively reduces the advantages of GPUs and FPGAs. + + + * 5.12 What about iteration count with plain dm-crypt? + + Simple: There is none. There is also no salting. If you use plain + dm-crypt, the only way to be secure is to use a high entropy passphrase. + If in doubt, use LUKS instead. + + + * 5.13 Is LUKS with default parameters less secure on a slow CPU? + + Unfortunately, yes. However the only aspect affected is the protection + for low-entropy passphrase or master-key. All other security aspects + are independent of CPU speed. + + The master key is less critical, as you really have to work at it to + give it low entropy. One possibility to mess this up is to supply the + master key yourself. If that key is low-entropy, then you get what you + deserve. The other known possibility to create a LUKS container with a + bad master key is to use /dev/urandom for key generation in an + entropy-starved situation (e.g. automatic installation on an embedded + device without network and other entropy sources or installation in a VM + under certain circumstances). + + For the passphrase, don't use a low-entropy passphrase. If your + passphrase is good, then a slow CPU will not matter. If you insist on a + low-entropy passphrase on a slow CPU, use something like + "--iter-time=10000" or higher and wait a long time on each LUKS unlock + and pray that the attacker does not find out in which way exactly your + passphrase is low entropy. This also applies to low-entropy passphrases + on fast CPUs. Technology can do only so much to compensate for problems + in front of the keyboard. + + Also note that power-saving modes will make your CPU slower. This will + reduce iteration count on LUKS container creation. It will keep unlock + times at the expected values though at this CPU speed. + + + * 5.14 Why was the default aes-cbc-plain replaced with aes-cbc-essiv? Note: This item applies both to plain dm-crypt and to LUKS - The problem is that cbc-plain has a fingerprint vulnerability, where - a specially crafted file placed into the crypto-container can be - recognized from the outside. The issue here is that for cbc-plain - the initialization vector (IV) is the sector number. The IV gets - XORed to the first data chunk of the sector to be encrypted. If you - make sure that the first data block to be stored in a sector - contains the sector number as well, the first data block to be - encrypted is all zeros and always encrypted to the same ciphertext. - This also works if the first data chunk just has a constant XOR - with the sector number. By having several shifted patterns you can - take care of the case of a non-power-of-two start sector number of - the file. - - This mechanism allows you to create a pattern of sectors that have - the same first ciphertext block and signal one bit per sector to the - outside, allowing you to e.g. mark media files that way for - recognition without decryption. For large files this is a - practical attack. For small ones, you do not have enough blocks to - signal and take care of different file starting offsets. - - In order to prevent this attack, the default was changed to - cbc-essiv. ESSIV uses a keyed hash of the sector number, with the - encryption key as key. This makes the IV unpredictable without - knowing the encryption key and the watermarking attack fails. - - - * 5.15 Are there any problems with "plain" IV? What is "plain64"? - - First, "plain" and "plain64" are both not secure to use with CBC, - see previous FAQ item. - - However there are modes, like XTS, that are secure with "plain" IV. - The next limit is that "plain" is 64 bit, with the upper 32 bit set - to zero. This means that on volumes larger than 2TiB, the IV - repeats, creating a vulnerability that potentially leaks some - data. To avoid this, use "plain64", which uses the full sector - number up to 64 bit. Note that "plain64" requires a kernel >= - 2.6.33. Also note that "plain64" is backwards compatible for - volume sizes <= 2TiB, but not for those > 2TiB. Finally, "plain64" - does not cause any performance penalty compared to "plain". - - - * 5.16 What about XTS mode? + The problem is that cbc-plain has a fingerprint vulnerability, where a + specially crafted file placed into the crypto-container can be + recognized from the outside. The issue here is that for cbc-plain the + initialization vector (IV) is the sector number. The IV gets XORed to + the first data chunk of the sector to be encrypted. If you make sure + that the first data block to be stored in a sector contains the sector + number as well, the first data block to be encrypted is all zeros and + always encrypted to the same ciphertext. This also works if the first + data chunk just has a constant XOR with the sector number. By having + several shifted patterns you can take care of the case of a + non-power-of-two start sector number of the file. + + This mechanism allows you to create a pattern of sectors that have the + same first ciphertext block and signal one bit per sector to the + outside, allowing you to e.g. mark media files that way for recognition + without decryption. For large files this is a practical attack. For + small ones, you do not have enough blocks to signal and take care of + different file starting offsets. + + In order to prevent this attack, the default was changed to cbc-essiv. + ESSIV uses a keyed hash of the sector number, with the encryption key as + key. This makes the IV unpredictable without knowing the encryption key + and the watermarking attack fails. + + + * 5.15 Are there any problems with "plain" IV? What is "plain64"? + + First, "plain" and "plain64" are both not secure to use with CBC, see + previous FAQ item. + + However there are modes, like XTS, that are secure with "plain" IV. The + next limit is that "plain" is 64 bit, with the upper 32 bit set to zero. + This means that on volumes larger than 2TiB, the IV repeats, creating a + vulnerability that potentially leaks some data. To avoid this, use + "plain64", which uses the full sector number up to 64 bit. Note that + "plain64" requires a kernel 2.6.33 or more recent. Also note that + "plain64" is backwards compatible for volume sizes of maximum size 2TiB, + but not for those > 2TiB. Finally, "plain64" does not cause any + performance penalty compared to "plain". + + + * 5.16 What about XTS mode? XTS mode is potentially even more secure than cbc-essiv (but only if - cbc-essiv is insecure in your scenario). It is a NIST standard and - used, e.g. in Truecrypt. From version 1.6.0 of cryptsetup onwards, - aes-xts-plain64 is the default for LUKS. If you want to use it - with a cryptsetup before version 1.6.0 or with plain dm-crypt, you - have to specify it manually as "aes-xts-plain", i.e. + cbc-essiv is insecure in your scenario). It is a NIST standard and + used, e.g. in Truecrypt. From version 1.6.0 of cryptsetup onwards, + aes-xts-plain64 is the default for LUKS. If you want to use it with a + cryptsetup before version 1.6.0 or with plain dm-crypt, you have to + specify it manually as "aes-xts-plain", i.e. - cryptsetup -c aes-xts-plain luksFormat - - For volumes >2TiB and kernels >= 2.6.33 use "plain64" (see FAQ - item on "plain" and "plain64"): + cryptsetup -c aes-xts-plain luksFormat - cryptsetup -c aes-xts-plain64 luksFormat - - There is a potential security issue with XTS mode and large blocks. - LUKS and dm-crypt always use 512B blocks and the issue does not - apply. + For volumes >2TiB and kernels >= 2.6.33 use "plain64" (see FAQ item + on "plain" and "plain64"): + + cryptsetup -c aes-xts-plain64 luksFormat + There is a potential security issue with XTS mode and large blocks. + LUKS and dm-crypt always use 512B blocks and the issue does not apply. - * 5.17 Is LUKS FIPS-140-2 certified? - No. But that is more a problem of FIPS-140-2 than of LUKS. From a + * 5.17 Is LUKS FIPS-140-2 certified? + + No. But that is more a problem of FIPS-140-2 than of LUKS. From a technical point-of-view, LUKS with the right parameters would be - FIPS-140-2 compliant, but in order to make it certified, somebody - has to pay real money for that. And then, whenever cryptsetup is - changed or extended, the certification lapses and has to be - obtained again. - - From the aspect of actual security, LUKS with default parameters - should be as good as most things that are FIPS-140-2 certified, - although you may want to make sure to use /dev/random (by - specifying --use-random on luksFormat) as randomness source for - the master key to avoid being potentially insecure in an - entropy-starved situation. - - - * 5.18 What about Plausible Deniability? - - First let me attempt a definition for the case of encrypted - filesystems: Plausible deniability is when you hide encrypted data - inside an encrypted container and it is not possible to prove it is - there. The idea is compelling and on first glance it seems - possible to do it. And from a cryptographic point of view, it - actually is possible. - - So, does it work in practice? No, unfortunately. The reasoning used - by its proponents is fundamentally flawed in several ways and the + FIPS-140-2 compliant, but in order to make it certified, somebody has to + pay real money for that. And then, whenever cryptsetup is changed or + extended, the certification lapses and has to be obtained again. + + From the aspect of actual security, LUKS with default parameters should + be as good as most things that are FIPS-140-2 certified, although you + may want to make sure to use /dev/random (by specifying --use-random on + luksFormat) as randomness source for the master key to avoid being + potentially insecure in an entropy-starved situation. + + + * 5.18 What about Plausible Deniability? + + First let me attempt a definition for the case of encrypted filesystems: + Plausible deniability is when you store data inside an encrypted + container and it is not possible to prove it is there without having a + special passphrase. And at the same time it must be "plausible" that + there actually is no hidden data there. + + As a simple entropy-analysis will show that here may be data there, the + second part is what makes it tricky. + + There seem to be a lot of misunderstandings about this idea, so let me + make it clear that this refers to the situation where the attackers can + prove that there is data that either may be random or may be part of a + plausible-deniability scheme, they just cannot prove which one it is. + Hence a plausible-deniability scheme must hold up when the attackers + know there is something potentially fishy. If you just hide data and + rely on it not being found, that is just simple deniability, not + "plausible" deniability and I am not talking about that in the + following. Simple deniability against a low-competence attacker may be + as simple as renaming a file or putting data into an unused part of a + disk. Simple deniability against a high-skill attacker with time to + invest is usually pointless unless you go for advanced steganographic + techniques, which have their own drawbacks, such as low data capacity. + + Now, the idea of plausible deniability is compelling and on a first + glance it seems possible to do it. And from a cryptographic point of + view, it actually is possible. + + So, does the idea work in practice? No, unfortunately. The reasoning + used by its proponents is fundamentally flawed in several ways and the cryptographic properties fail fatally when colliding with the real world. First, why should "I do not have a hidden partition" be any more - plausible than "I forgot my crypto key" or "I wiped that partition - with random data, nothing in there"? I do not see any reason. - - Second, there are two types of situations: Either they cannot force - you to give them the key (then you simply do not) or the can. In - the second case, they can always do bad things to you, because they - cannot prove that you have the key in the first place! This means - they do not have to prove you have the key, or that this random - looking data on your disk is actually encrypted data. So the - situation will allow them to waterboard/lock-up/deport you - anyways, regardless of how "plausible" your deniability is. Do not - have a hidden partition you could show to them, but there are - indications you may? Too bad for you. Unfortunately "plausible - deniability" also means you cannot prove there is no hidden data. - - Third, hidden partitions are not that hidden. There are basically - just two possibilities: a) Make a large crypto container, but put a - smaller filesystem in there and put the hidden partition into the - free space. Unfortunately this is glaringly obvious and can be - detected in an automated fashion. This means that the initial - suspicion to put you under duress in order to make you reveal you - hidden data is given. b) Make a filesystem that spans the whole - encrypted partition, and put the hidden partition into space not - currently used by that filesystem. Unfortunately that is also - glaringly obvious, as you then cannot write to the filesystem - without a high risk of destroying data in the hidden container. - Have not written anything to the encrypted filesystem in a while? - Too bad, they have the suspicion they need to do unpleasant things - to you. - - To be fair, if you prepare option b) carefully and directly before - going into danger, it may work. But then, the mere presence of - encrypted data may already be enough to get you into trouble in - those places were they can demand encryption keys. + plausible than "I forgot my crypto key" or "I wiped that partition with + random data, nothing in there"? I do not see any reason. + + Second, there are two types of situations: Either they cannot force you + to give them the key (then you simply do not) or they can. In the + second case, they can always do bad things to you, because they cannot + prove that you have the key in the first place! This means they do not + have to prove you have the key, or that this random looking data on your + disk is actually encrypted data. So the situation will allow them to + waterboard/lock-up/deport you anyways, regardless of how "plausible" + your deniability is. Do not have a hidden partition you could show to + them, but there are indications you may? Too bad for you. + Unfortunately "plausible deniability" also means you cannot prove there + is no hidden data. + + Third, hidden partitions are not that hidden. There are basically just + two possibilities: a) Make a large crypto container, but put a smaller + filesystem in there and put the hidden partition into the free space. + Unfortunately this is glaringly obvious and can be detected in an + automated fashion. This means that the initial suspicion to put you + under duress in order to make you reveal your hidden data is given. b) + Make a filesystem that spans the whole encrypted partition, and put the + hidden partition into space not currently used by that filesystem. + Unfortunately that is also glaringly obvious, as you then cannot write + to the filesystem without a high risk of destroying data in the hidden + container. Have not written anything to the encrypted filesystem in a + while? Too bad, they have the suspicion they need to do unpleasant + things to you. + + To be fair, if you prepare option b) carefully and directly before going + into danger, it may work. But then, the mere presence of encrypted data + may already be enough to get you into trouble in those places were they + can demand encryption keys. Here is an additional reference for some problems with plausible - deniability: http://www.schneier.com/paper-truecrypt-dfs.pdf I - strongly suggest you read it. - - So, no, I will not provide any instructions on how to do it with - plain dm-crypt or LUKS. If you insist on shooting yourself in the - foot, you can figure out how to do it yourself. - - - * 5.19 What about SSDs, Flash and Hybrid Drives? - - The problem is that you cannot reliably erase parts of these - devices, mainly due to wear-leveling and possibly defect - management. - - Basically, when overwriting a sector (of 512B), what the device - does is to move an internal sector (may be 128kB or even larger) to - some pool of discarded, not-yet erased unused sectors, take a - fresh empty sector from the empty-sector pool and copy the old - sector over with the changes to the small part you wrote. This is - done in some fashion so that larger writes do not cause a lot of - small internal updates. - - The thing is that the mappings between outside-addressable sectors - and inside sectors is arbitrary (and the vendors are not talking). - Also the discarded sectors are not necessarily erased immediately. - They may linger a long time. - - For plain dm-crypt, the consequences are that older encrypted data - may be lying around in some internal pools of the device. Thus may - or may not be a problem and depends on the application. Remember - the same can happen with a filesystem if consecutive writes to the - same area of a file can go to different sectors. - - However, for LUKS, the worst case is that key-slots and LUKS - header may end up in these internal pools. This means that password - management functionality is compromised (the old passwords may - still be around, potentially for a very long time) and that fast - erase by overwriting the header and key-slot area is insecure. - - Also keep in mind that the discarded/used pool may be large. For - example, a 240GB SSD has about 16GB of spare area in the chips that - it is free to do with as it likes. You would need to make each - individual key-slot larger than that to allow reliable overwriting. - And that assumes the disk thinks all other space is in use. - Reading the internal pools using forensic tools is not that hard, - but may involve some soldering. + deniability: http://www.schneier.com/paper-truecrypt-dfs.pdf I strongly + suggest you read it. + + So, no, I will not provide any instructions on how to do it with plain + dm-crypt or LUKS. If you insist on shooting yourself in the foot, you + can figure out how to do it yourself. + + + * 5.19 What about SSDs, Flash, Hybrid and SMR Drives? + + The problem is that you cannot reliably erase parts of these devices, + mainly due to wear-leveling and possibly defect management and delayed + writes to the main data area. + + For example for SSDs, when overwriting a sector, what the device does is + to move an internal sector (may be 128kB or even larger) to some pool of + discarded, not-yet erased unused sectors, take a fresh empty sector from + the empty-sector pool and copy the old sector over with the changes to + the small part you wrote. This is done in some fashion so that larger + writes do not cause a lot of small internal updates. + + The thing is that the mappings between outside-addressable sectors and + inside sectors is arbitrary (and the vendors are not talking). Also the + discarded sectors are not necessarily erased immediately. They may + linger a long time. + + For plain dm-crypt, the consequences are that older encrypted data may + be lying around in some internal pools of the device. Thus may or may + not be a problem and depends on the application. Remember the same can + happen with a filesystem if consecutive writes to the same area of a + file can go to different sectors. + + However, for LUKS, the worst case is that key-slots and LUKS header may + end up in these internal pools. This means that password management + functionality is compromised (the old passwords may still be around, + potentially for a very long time) and that fast erase by overwriting the + header and key-slot area is insecure. + + Also keep in mind that the discarded/used pool may be large. For + example, a 240GB SSD has about 16GB of spare area in the chips that it + is free to do with as it likes. You would need to make each individual + key-slot larger than that to allow reliable overwriting. And that + assumes the disk thinks all other space is in use. Reading the internal + pools using forensic tools is not that hard, but may involve some + soldering. What to do? - If you trust the device vendor (you probably should not...) you can - try an ATA "secure erase" command for SSDs. That does not work for - USB keys though and may or may not be secure for a hybrid drive. If - it finishes on an SSD after a few seconds, it was possibly faked. - Unfortunately, for hybrid drives that indicator does not work, as - the drive may well take the time to truly erase the magnetic part, - but only mark the SSD/Flash part as erased while data is still in - there. + If you trust the device vendor (you probably should not...) you can try + an ATA "secure erase" command. That is not present in USB keys though + and may or may not be secure for a hybrid drive. If you can do without password management and are fine with doing - physical destruction for permanently deleting data (always after - one or several full overwrites!), you can use plain dm-crypt or - LUKS. - - If you want or need all the original LUKS security features to work, - you can use a detached LUKS header and put that on a conventional, - magnetic disk. That leaves potentially old encrypted data in the - pools on the disk, but otherwise you get LUKS with the same - security as on a magnetic disk. - - If you are concerned about your laptop being stolen, you are likely - fine using LUKS on an SSD or hybrid drive. An attacker would need - to have access to an old passphrase (and the key-slot for this old - passphrase would actually need to still be somewhere in the SSD) - for your data to be at risk. So unless you pasted your old - passphrase all over the Internet or the attacker has knowledge of - it from some other source and does a targeted laptop theft to get - at your data, you should be fine. - - - * 5.20 LUKS is broken! It uses SHA-1! - - No, it is not. SHA-1 is (academically) broken for finding - collisions, but not for using it in a key-derivation function. And - that collision vulnerability is for non-iterated use only. And you - need the hash-value in verbatim. - - This basically means that if you already have a slot-key, and you - have set the PBKDF2 iteration count to 1 (it is > 10'000 normally), - you could (maybe) derive a different passphrase that gives you the - the same slot-key. But if you have the slot-key, you can already - unlock the key-slot and get the master key, breaking everything. So - basically, this SHA-1 vulnerability allows you to open a LUKS - container with high effort when you already have it open. - - The real problem here is people that do not understand crypto and - claim things are broken just because some mechanism is used that - has been broken for a specific different use. The way the mechanism - is used matters very much. A hash that is broken for one use can be - completely secure for other uses and here it is. + physical destruction for permanently deleting data (always after one or + several full overwrites!), you can use plain dm-crypt. + + If you want or need all the original LUKS security features to work, you + can use a detached LUKS header and put that on a conventional, magnetic + disk. That leaves potentially old encrypted data in the pools on the + main disk, but otherwise you get LUKS with the same security as on a + traditional magnetic disk. Note however that storage vendors are prone + to lying to their customers. For example, it recently came out that + HDDs sold without any warning or mentioning in the data-sheets were + actually using SMR and that will write data first to a faster area and + only overwrite the original data area some time later when things are + quiet. + + If you are concerned about your laptop being stolen, you are likely fine + using LUKS on an SSD or hybrid drive. An attacker would need to have + access to an old passphrase (and the key-slot for this old passphrase + would actually need to still be somewhere in the SSD) for your data to + be at risk. So unless you pasted your old passphrase all over the + Internet or the attacker has knowledge of it from some other source and + does a targeted laptop theft to get at your data, you should be fine. + + + * 5.20 LUKS1 is broken! It uses SHA-1! + + No, it is not. SHA-1 is (academically) broken for finding collisions, + but not for using it in a key-derivation function. And that collision + vulnerability is for non-iterated use only. And you need the hash-value + in verbatim. + + This basically means that if you already have a slot-key, and you have + set the PBKDF2 iteration count to 1 (it is > 10'000 normally), you could + (maybe) derive a different passphrase that gives you the the same + slot-key. But if you have the slot-key, you can already unlock the + key-slot and get the master key, breaking everything. So basically, + this SHA-1 vulnerability allows you to open a LUKS1 container with high + effort when you already have it open. + + The real problem here is people that do not understand crypto and claim + things are broken just because some mechanism is used that has been + broken for a specific different use. The way the mechanism is used + matters very much. A hash that is broken for one use can be completely + secure for other uses and here it is. + + Since version 1.7.0, cryptsetup uses SHA-256 as default to ensure that + it will be compatible in the future. There are already some systems + where SHA-1 is completely phased out or disabled by a security policy. * 5.21 Why is there no "Nuke-Option"? - A "Nuke-Option" or "Kill-switch" is a password that when entered - upon unlocking instead wipes the header and all passwords. So when - somebody forces you to enter your password, you can destroy the - data instead. + A "Nuke-Option" or "Kill-switch" is a password that when entered upon + unlocking instead wipes the header and all passwords. So when somebody + forces you to enter your password, you can destroy the data instead. While this sounds attractive at first glance, it does not make sense - once a real security analysis is done. One problem is that you have - to have some kind of HSM (Hardware Security Module) in order to - implement it securely. In the movies, a HSM starts to smoke and - melt once the Nuke-Option has been activated. In reality, it just - wipes some battery-backed RAM cells. A proper HSM costs something - like 20'000...100'000 EUR/USD and there a Nuke-Option may make some - sense. BTW, a chipcard or a TPM is not a HSM, although some - vendors are promoting that myth. - - Now, a proper HSMs will have a wipe option but not a Nuke-Option, - i.e. you can explicitly wipe the HSM, but by a different process - than unlocking it takes. Why is that? Simple: If somebody can force - you to reveal passwords, then they can also do bad things to you if - you do not or if you enter a nuke password instead. Think locking - you up for a few years for "destroying evidence" or for far longer - and without trial for being a "terrorist suspect". No HSM maker - will want to expose its customers to that risk. - - Now think of the typical LUKS application scenario, i.e. disk - encryption. Usually the ones forcing you to hand over your password + once a real security analysis is done. One problem is that you have to + have some kind of HSM (Hardware Security Module) in order to implement + it securely. In the movies, a HSM starts to smoke and melt once the + Nuke-Option has been activated. In actual reality, it just wipes some + battery-backed RAM cells. A proper HSM costs something like + 20'000...100'000 EUR/USD and there a Nuke-Option may make some sense. + BTW, a chipcard or a TPM is not a HSM, although some vendors are + promoting that myth. + + Now, a proper HSMs will have a wipe option but not a Nuke-Option, i.e. + you can explicitly wipe the HSM, but by a different process than + unlocking it takes. Why is that? Simple: If somebody can force you to + reveal passwords, then they can also do bad things to you if you do not + or if you enter a nuke password instead. Think locking you up for a few + years for "destroying evidence" or for far longer and without trial for + being a "terrorist suspect". No HSM maker will want to expose its + customers to that risk. + + Now think of the typical LUKS application scenario, i.e. disk + encryption. Usually the ones forcing you to hand over your password will have access to the disk as well, and, if they have any real - suspicion, they will mirror your disk before entering anything - supplied by you. This neatly negates any Nuke-Option. If they have - no suspicion (just harassing people that cross some border for - example), the Nuke-Option would work, but see above about likely - negative consequences and remember that a Nuke-Option may not work - reliably on SSD and hybrid drives anyways. + suspicion, they will mirror your disk before entering anything supplied + by you. This neatly negates any Nuke-Option. If they have no suspicion + (just harassing people that cross some border for example), the + Nuke-Option would work, but see above about likely negative consequences + and remember that a Nuke-Option may not work reliably on SSD and hybrid + drives anyways. Hence my advice is to never take data that you do not want to reveal - into any such situation in the first place. There is no need to - transfer data on physical carriers today. The Internet makes it - quite possible to transfer data between arbitrary places and modern - encryption makes it secure. If you do it right, nobody will even be - able to identify source or destination. (How to do that is out of - scope of this document. It does require advanced skills in this age - of pervasive surveillance.) - - Hence, LUKS has not kill option because it would do much more harm - than good. - - Still, if you have a good use-case (i.e. non-abstract real-world - situation) where a Nuke-Option would actually be beneficial, please - let me know. + into any such situation in the first place. There is no need to + transfer data on physical carriers today. The Internet makes it quite + possible to transfer data between arbitrary places and modern encryption + makes it secure. If you do it right, nobody will even be able to + identify source or destination. (How to do that is out of scope of this + document. It does require advanced skills in this age of pervasive + surveillance.) + Hence, LUKS has not kill option because it would do much more harm than + good. -6. Backup and Data Recovery + Still, if you have a good use-case (i.e. non-abstract real-world + situation) where a Nuke-Option would actually be beneficial, please let + me know. + + + * 5.22 Does cryptsetup open network connections to websites, etc. ? + + This question seems not to make much sense at first glance, but here is + an example form the real world: The TrueCrypt GUI has a "Donation" + button. Press it, and a web-connection to the TrueCrypt website is + opened via the default browser, telling everybody that listens that you + use TrueCrypt. In the worst case, things like this can get people + tortured or killed. + + So: Cryptsetup will never open any network connections except the + local netlink socket it needs to talk to the kernel crypto API. + + In addition, the installation package should contain all documentation, + including this FAQ, so that you do not have to go to a web-site to read + it. (If your distro cuts the docu, please complain to them.) In + security software, any connection initiated to anywhere outside your + machine should always be the result of an explicit request for such a + connection by the user and cryptsetup will stay true to that principle. + + +6. Backup and Data Recovery * 6.1 Why do I need Backup? - First, disks die. The rate for well-treated (!) disk is about 5% - per year, which is high enough to worry about. There is some - indication that this may be even worse for some SSDs. This applies - both to LUKS and plain dm-crypt partitions. + First, disks die. The rate for well-treated (!) disk is about 5% per + year, which is high enough to worry about. There is some indication + that this may be even worse for some SSDs. This applies both to LUKS + and plain dm-crypt partitions. - Second, for LUKS, if anything damages the LUKS header or the - key-stripe area then decrypting the LUKS device can become - impossible. This is a frequent occurrence. For example an - accidental format as FAT or some software overwriting the first - sector where it suspects a partition boot sector typically makes a - LUKS partition permanently inaccessible. See more below on LUKS - header damage. + Second, for LUKS, if anything damages the LUKS header or the key-stripe + area then decrypting the LUKS device can become impossible. This is a + frequent occurrence. For example an accidental format as FAT or some + software overwriting the first sector where it suspects a partition boot + sector typically makes a LUKS1 partition permanently inaccessible. See + more below on LUKS header damage. - So, data-backup in some form is non-optional. For LUKS, you may - also want to store a header backup in some secure location. This - only needs an update if you change passphrases. + So, data-backup in some form is non-optional. For LUKS, you may also + want to store a header backup in some secure location. This only needs + an update if you change passphrases. * 6.2 How do I backup a LUKS header? - While you could just copy the appropriate number of bytes from the - start of the LUKS partition, the best way is to use command option - "luksHeaderBackup" of cryptsetup. This protects also against - errors when non-standard parameters have been used in LUKS - partition creation. Example: + While you could just copy the appropriate number of bytes from the start + of the LUKS partition, the best way is to use command option + "luksHeaderBackup" of cryptsetup. This protects also against errors + when non-standard parameters have been used in LUKS partition creation. + Example: + + cryptsetup luksHeaderBackup --header-backup-file - - cryptsetup luksHeaderBackup --header-backup-file - To restore, use the inverse command, i.e. - cryptsetup luksHeaderRestore --header-backup-file - - If you are unsure about a header to be restored, make a backup of - the current one first! You can also test the header-file without - restoring it by using the --header option for a detached header - like this: + cryptsetup luksHeaderRestore --header-backup-file + + If you are unsure about a header to be restored, make a backup of the + current one first! You can also test the header-file without restoring + it by using the --header option for a detached header like this: + + cryptsetup --header luksOpen - cryptsetup --header luksOpen - If that unlocks your keys-lot, you are good. Do not forget to close the device again. + Under some circumstances (damaged header), this fails. Then use the + following steps in case it is LUKS1: + + First determine the master-key size: + + cryptsetup luksDump + + gives a line of the form + + MK bits: + + with bits equal to 256 for the old defaults and 512 for the new + defaults. 256 bits equals a total header size of 1'052'672 Bytes and + 512 bits one of 2MiB. (See also Item 6.12) If luksDump fails, assume + 2MiB, but be aware that if you restore that, you may also restore the + first 1M or so of the filesystem. Do not change the filesystem if you + were unable to determine the header size! With that, restoring a + too-large header backup is still safe. + + Second, dump the header to file. There are many ways to do it, I + prefer the following: + + head -c 1052672 > header_backup.dmp + + or + + head -c 2M > header_backup.dmp + + for a 2MiB header. Verify the size of the dump-file to be sure. + + To restore such a backup, you can try luksHeaderRestore or do a more + basic + + cat header_backup.dmp > + - * 6.3 How do I test a LUKS header? + + * 6.3 How do I test for a LUKS header? Use - cryptsetup -v isLuks - - on the device. Without the "-v" it just signals its result via - exit-status. You can also use the more general test + cryptsetup -v isLuks - blkid -p - - which will also detect other types and give some more info. Omit + on the device. Without the "-v" it just signals its result via + exit-status. You can also use the more general test + + blkid -p + + which will also detect other types and give some more info. Omit "-p" for old versions of blkid that do not support it. - * 6.4 How do I backup a LUKS or dm-crypt partition? + * 6.4 How do I backup a LUKS or dm-crypt partition? - There are two options, a sector-image and a plain file or - filesystem backup of the contents of the partition. The sector - image is already encrypted, but cannot be compressed and contains - all empty space. The filesystem backup can be compressed, can - contain only part of the encrypted device, but needs to be - encrypted separately if so desired. + There are two options, a sector-image and a plain file or filesystem + backup of the contents of the partition. The sector image is already + encrypted, but cannot be compressed and contains all empty space. The + filesystem backup can be compressed, can contain only part of the + encrypted device, but needs to be encrypted separately if so desired. - A sector-image will contain the whole partition in encrypted form, - for LUKS the LUKS header, the keys-slots and the data area. It can - be done under Linux e.g. with dd_rescue (for a direct image copy) - and with "cat" or "dd". Example: + A sector-image will contain the whole partition in encrypted form, for + LUKS the LUKS header, the keys-slots and the data area. It can be done + under Linux e.g. with dd_rescue (for a direct image copy) and with + "cat" or "dd". Examples: + + cat /dev/sda10 > sda10.img + dd_rescue /dev/sda10 sda10.img + + You can also use any other backup software that is capable of making a + sector image of a partition. Note that compression is ineffective for + encrypted data, hence it does not make sense to use it. + + For a filesystem backup, you decrypt and mount the encrypted partition + and back it up as you would a normal filesystem. In this case the + backup is not encrypted, unless your encryption method does that. For + example you can encrypt a backup with "tar" as follows with GnuPG: + + tar cjf - | gpg --cipher-algo AES -c - > backup.tbz2.gpg - cat /dev/sda10 > sda10.img - dd_rescue /dev/sda10 sda10.img - - You can also use any other backup software that is capable of making - a sector image of a partition. Note that compression is - ineffective for encrypted data, hence it does not make sense to - use it. - - For a filesystem backup, you decrypt and mount the encrypted - partition and back it up as you would a normal filesystem. In this - case the backup is not encrypted, unless your encryption method - does that. For example you can encrypt a backup with "tar" as - follows with GnuPG: - - tar cjf - | gpg --cipher-algo AES -c - > backup.tbz2.gpg - And verify the backup like this if you are at "path": - cat backup.tbz2.gpg | gpg - | tar djf - - + cat backup.tbz2.gpg | gpg - | tar djf - + Note: Always verify backups, especially encrypted ones! - There is one problem with verifying like this: The kernel may still - have some files cached and in fact verify them against RAM or may - even verify RAM against RAM, which defeats the purpose of the - exercise. The following command empties the kernel caches: + There is one problem with verifying like this: The kernel may still have + some files cached and in fact verify them against RAM or may even verify + RAM against RAM, which defeats the purpose of the exercise. The + following command empties the kernel caches: + + echo 3 > /proc/sys/vm/drop_caches - echo 3 > /proc/sys/vm/drop_caches - Run it after backup and before verify. - In both cases GnuPG will ask you interactively for your symmetric - key. The verify will only output errors. Use "tar dvjf -" to get - all comparison results. To make sure no data is written to disk + In both cases GnuPG will ask you interactively for your symmetric key. + The verify will only output errors. Use "tar dvjf -" to get all + comparison results. To make sure no data is written to disk unencrypted, turn off swap if it is not encrypted before doing the backup. - Restore works like certification with the 'd' ('difference') - replaced by 'x' ('eXtract'). Refer to the man-page of tar for more - explanations and instructions. Note that with default options tar - will overwrite already existing files without warning. If you are - unsure about how to use tar, experiment with it in a location - where you cannot do damage. + Restore works like certification with the 'd' ('difference') replaced + by 'x' ('eXtract'). Refer to the man-page of tar for more explanations + and instructions. Note that with default options tar will overwrite + already existing files without warning. If you are unsure about how + to use tar, experiment with it in a location where you cannot do damage. - You can of course use different or no compression and you can use - an asymmetric key if you have one and have a backup of the secret - key that belongs to it. + You can of course use different or no compression and you can use an + asymmetric key if you have one and have a backup of the secret key that + belongs to it. - A second option for a filesystem-level backup that can be used when - the backup is also on local disk (e.g. an external USB drive) is - to use a LUKS container there and copy the files to be backed up - between both mounted containers. Also see next item. + A second option for a filesystem-level backup that can be used when the + backup is also on local disk (e.g. an external USB drive) is to use a + LUKS container there and copy the files to be backed up between both + mounted containers. Also see next item. - * 6.5 Do I need a backup of the full partition? Would the header and - key-slots not be enough? + * 6.5 Do I need a backup of the full partition? Would the header + and key-slots not be enough? - Backup protects you against two things: Disk loss or corruption - and user error. By far the most questions on the dm-crypt mailing - list about how to recover a damaged LUKS partition are related - to user error. For example, if you create a new filesystem on a - LUKS partition, chances are good that all data is lost - permanently. + Backup protects you against two things: Disk loss or corruption and user + error. By far the most questions on the dm-crypt mailing list about how + to recover a damaged LUKS partition are related to user error. For + example, if you create a new filesystem on a non-mapped LUKS container, + chances are good that all data is lost permanently. - For this case, a header+key-slot backup would often be enough. But - keep in mind that a well-treated (!) HDD has roughly a failure - risk of 5% per year. It is highly advisable to have a complete - backup to protect against this case. + For this case, a header+key-slot backup would often be enough. But keep + in mind that a well-treated (!) HDD has roughly a failure risk of 5% per + year. It is highly advisable to have a complete backup to protect + against this case. - * *6.6 What do I need to backup if I use "decrypt_derived"? + * 6.6 What do I need to backup if I use "decrypt_derived"? - This is a script in Debian, intended for mounting /tmp or swap with - a key derived from the master key of an already decrypted device. - If you use this for an device with data that should be persistent, - you need to make sure you either do not lose access to that master - key or have a backup of the data. If you derive from a LUKS - device, a header backup of that device would cover backing up the - master key. Keep in mind that this does not protect against disk - loss. + This is a script in Debian, intended for mounting /tmp or swap with a + key derived from the master key of an already decrypted device. If you + use this for an device with data that should be persistent, you need to + make sure you either do not lose access to that master key or have a + backup of the data. If you derive from a LUKS device, a header backup + of that device would cover backing up the master key. Keep in mind that + this does not protect against disk loss. Note: If you recreate the LUKS header of the device you derive from (using luksFormat), the master key changes even if you use the same - passphrase(s) and you will not be able to decrypt the derived - device with the new LUKS header. + passphrase(s) and you will not be able to decrypt the derived device + with the new LUKS header. - * 6.7 Does a backup compromise security? + * 6.7 Does a backup compromise security? - Depends on how you do it. However if you do not have one, you are - going to eventually lose your encrypted data. + Depends on how you do it. However if you do not have one, you are going + to eventually lose your encrypted data. - There are risks introduced by backups. For example if you - change/disable a key-slot in LUKS, a binary backup of the partition - will still have the old key-slot. To deal with this, you have to - be able to change the key-slot on the backup as well, securely - erase the backup or do a filesystem-level backup instead of a binary - one. + There are risks introduced by backups. For example if you + change/disable a key-slot in LUKS, a binary backup of the partition will + still have the old key-slot. To deal with this, you have to be able to + change the key-slot on the backup as well, securely erase the backup or + do a filesystem-level backup instead of a binary one. - If you use dm-crypt, backup is simpler: As there is no key - management, the main risk is that you cannot wipe the backup when - wiping the original. However wiping the original for dm-crypt - should consist of forgetting the passphrase and that you can do - without actual access to the backup. + If you use dm-crypt, backup is simpler: As there is no key management, + the main risk is that you cannot wipe the backup when wiping the + original. However wiping the original for dm-crypt should consist of + forgetting the passphrase and that you can do without actual access to + the backup. - In both cases, there is an additional (usually small) risk with - binary backups: An attacker can see how many sectors and which - ones have been changed since the backup. To prevent this, use a - filesystem level backup method that encrypts the whole backup in - one go, e.g. as described above with tar and GnuPG. + In both cases, there is an additional (usually small) risk with binary + backups: An attacker can see how many sectors and which ones have been + changed since the backup. To prevent this, use a filesystem level + backup method that encrypts the whole backup in one go, e.g. as + described above with tar and GnuPG. - My personal advice is to use one USB disk (low value data) or - three disks (high value data) in rotating order for backups, and - either use independent LUKS partitions on them, or use encrypted - backup with tar and GnuPG. + My personal advice is to use one USB disk (low value data) or three + disks (high value data) in rotating order for backups, and either use + independent LUKS partitions on them, or use encrypted backup with tar + and GnuPG. - If you do network-backup or tape-backup, I strongly recommend to - go the filesystem backup path with independent encryption, as you - typically cannot reliably delete data in these scenarios, - especially in a cloud setting. (Well, you can burn the tape if it - is under your control...) + If you do network-backup or tape-backup, I strongly recommend to go + the filesystem backup path with independent encryption, as you + typically cannot reliably delete data in these scenarios, especially + in a cloud setting. (Well, you can burn the tape if it is under your + control...) - * 6.8 What happens if I overwrite the start of a LUKS partition or - damage the LUKS header or key-slots? + * 6.8 What happens if I overwrite the start of a LUKS partition or + damage the LUKS header or key-slots? - There are two critical components for decryption: The salt values - in the key-slot descriptors of the header and the key-slots. If the - salt values are overwritten or changed, nothing (in the - cryptographically strong sense) can be done to access the data, - unless there is a backup of the LUKS header. If a key-slot is - damaged, the data can still be read with a different key-slot, if - there is a remaining undamaged and used key-slot. Note that in - order to make a key-slot unrecoverable in a cryptographically - strong sense, changing about 4-6 bits in random locations of its - 128kiB size is quite enough. + There are two critical components for decryption: The salt values in the + key-slot descriptors of the header and the key-slots. For LUKS2 they + are a bit better protected. but for LUKS1, these are right in the first + sector. If the salt values are overwritten or changed, nothing (in the + cryptographically strong sense) can be done to access the data, unless + there is a backup of the LUKS header. If a key-slot is damaged, the + data can still be read with a different key-slot, if there is a + remaining undamaged and used key-slot. Note that in order to make a + key-slot completely unrecoverable, changing about 4-6 bits in random + locations of its 128kiB size is quite enough. - * 6.9 What happens if I (quick) format a LUKS partition? + * 6.9 What happens if I (quick) format a LUKS partition? - I have not tried the different ways to do this, but very likely you - will have written a new boot-sector, which in turn overwrites the - LUKS header, including the salts, making your data permanently - irretrievable, unless you have a LUKS header backup. You may also - damage the key-slots in part or in full. See also last item. + I have not tried the different ways to do this, but very likely you will + have written a new boot-sector, which in turn overwrites the LUKS + header, including the salts, making your data permanently irretrievable, + unless you have a LUKS header backup. For LUKS2 this may still be + recoverable without that header backup, for LUKS1 it is not. You may + also damage the key-slots in part or in full. See also last item. - * 6.10 How do I recover the master key from a mapped LUKS container? + * 6.10 How do I recover the master key from a mapped LUKS1 container? - This is typically only needed if you managed to damage your LUKS - header, but the container is still mapped, i.e. "luksOpen"ed. It - also helps if you have a mapped container that you forgot or do not - know a passphrase for (e.g. on a long running server.) + Note: LUKS2 uses the kernel keyring to store keys and hence this + procedure does not work unless you have explicitly disabled the use of + the keyring with "--disable-keyring" on opening. + + This is typically only needed if you managed to damage your LUKS1 + header, but the container is still mapped, i.e. "luksOpen"ed. It also + helps if you have a mapped container that you forgot or do not know a + passphrase for (e.g. on a long running server.) WARNING: Things go wrong, do a full backup before trying this! - WARNING: This exposes the master key of the LUKS container. Note - that both ways to recreate a LUKS header with the old master key - described below will write the master key to disk. Unless you are - sure you have securely erased it afterwards, e.g. by writing it to - an encrypted partition, RAM disk or by erasing the filesystem you - wrote it to by a complete overwrite, you should change the master - key afterwards. Changing the master key requires a full data - backup, luksFormat and then restore of the backup. - - First, there is a script by Milan that automates the whole - process, except generating a new LUKS header with the old master - key (it prints the command for that though): + WARNING: This exposes the master key of the LUKS1 container. Note that + both ways to recreate a LUKS header with the old master key described + below will write the master key to disk. Unless you are sure you have + securely erased it afterwards, e.g. by writing it to an encrypted + partition, RAM disk or by erasing the filesystem you wrote it to by a + complete overwrite, you should change the master key afterwards. + Changing the master key requires a full data backup, luksFormat and then + restore of the backup. Alternatively the tool cryptsetup-reencrypt from + the cryptsetup package can be used to change the master key (see its + man-page), but a full backup is still highly recommended. + + First, there is a script by Milan that automates the whole process, + except generating a new LUKS1 header with the old master key (it prints + the command for that though): https://gitlab.com/cryptsetup/cryptsetup/blob/master/misc/luks-header-from-active You can also do this manually. Here is how: - - Get the master key from the device mapper. This is done by the - following command. Substitute c5 for whatever you mapped to: + - Get the master key from the device mapper. This is done by the + following command. Substitute c5 for whatever you mapped to: - # dmsetup table --target crypt --showkey /dev/mapper/c5 - Result: - 0 200704 crypt aes-cbc-essiv:sha256 - a1704d9715f73a1bb4db581dcacadaf405e700d591e93e2eaade13ba653d0d09 - 0 7:0 4096 - - The result is actually one line, wrapped here for clarity. The long + # dmsetup table --target crypt --showkey /dev/mapper/c5 + + Result: + 0 200704 crypt aes-cbc-essiv:sha256 + a1704d9715f73a1bb4db581dcacadaf405e700d591e93e2eaade13ba653d0d09 + 0 7:0 4096 + + The result is actually one line, wrapped here for clarity. The long hex string is the master key. - - Convert the master key to a binary file representation. You can - do this manually, e.g. with hexedit. You can also use the tool - "xxd" from vim like this: + - Convert the master key to a binary file representation. You can do + this manually, e.g. with hexedit. You can also use the tool "xxd" + from vim like this: + + echo "a1704d9....53d0d09" | xxd -r -p > - echo "a1704d9....53d0d09" | xxd -r -p > - - - Do a luksFormat to create a new LUKS header. - NOTE: If your header is intact and you just forgot the - passphrase, you can just set a new passphrase, see next - sub-item. + - Do a luksFormat to create a new LUKS1 header. + + NOTE: If your header is intact and you just forgot the passphrase, + you can just set a new passphrase, see next sub-item. Unmap the device before you do that (luksClose). Then do - cryptsetup luksFormat --master-key-file= - + cryptsetup luksFormat --master-key-file= + Note that if the container was created with other than the default settings of the cryptsetup version you are using, you need to give - additional parameters specifying the deviations. If in doubt, try - the script by Milan. It does recover the other parameters as well. + additional parameters specifying the deviations. If in doubt, try the + script by Milan. It does recover the other parameters as well. - Side note: This is the way the decrypt_derived script gets at the - master key. It just omits the conversion and hashes the master key - string. + Side note: This is the way the decrypt_derived script gets at the master + key. It just omits the conversion and hashes the master key string. - If the header is intact and you just forgot the passphrase, just set a new passphrase like this: cryptsetup luksAddKey --master-key-file= - + You may want to disable the old one afterwards. - * 6.11 What does the on-disk structure of dm-crypt look like? - - There is none. dm-crypt takes a block device and gives encrypted - access to each of its blocks with a key derived from the passphrase - given. If you use a cipher different than the default, you have to - specify that as a parameter to cryptsetup too. If you want to - change the password, you basically have to create a second - encrypted device with the new passphrase and copy your data over. - On the plus side, if you accidentally overwrite any part of a - dm-crypt device, the damage will be limited to the area you - overwrote. - - - * 6.12 What does the on-disk structure of LUKS look like? - - A LUKS partition consists of a header, followed by 8 key-slot - descriptors, followed by 8 key slots, followed by the encrypted - data area. - - Header and key-slot descriptors fill the first 592 bytes. The - key-slot size depends on the creation parameters, namely on the - number of anti-forensic stripes, key material offset and master - key size. - - With the default parameters, each key-slot is a bit less than - 128kiB in size. Due to sector alignment of the key-slot start, - that means the key block 0 is at offset 0x1000-0x20400, key - block 1 at offset 0x21000-0x40400, and key block 7 at offset - 0xc1000-0xe0400. The space to the next full sector address is - padded with zeros. Never used key-slots are filled with what the - disk originally contained there, a key-slot removed with - "luksRemoveKey" or "luksKillSlot" gets filled with 0xff. Due to - 2MiB default alignment, start of the data area for cryptsetup 1.3 - and later is at 2MiB, i.e. at 0x200000. For older versions, it is - at 0x101000, i.e. at 1'052'672 bytes, i.e. at 1MiB + 4096 bytes - from the start of the partition. Incidentally, "luksHeaderBackup" - for a LUKS container created with default parameters dumps exactly - the first 2MiB (or 1'052'672 bytes for headers created with - cryptsetup versions < 1.3) to file and "luksHeaderRestore" restores + * 6.11 What does the on-disk structure of dm-crypt look like? + + There is none. dm-crypt takes a block device and gives encrypted access + to each of its blocks with a key derived from the passphrase given. If + you use a cipher different than the default, you have to specify that as + a parameter to cryptsetup too. If you want to change the password, you + basically have to create a second encrypted device with the new + passphrase and copy your data over. On the plus side, if you + accidentally overwrite any part of a dm-crypt device, the damage will be + limited to the area you overwrote. + + + * 6.12 What does the on-disk structure of LUKS1 look like? + + Note: For LUKS2, refer to the LUKS2 document referenced in Item 1.2 + + A LUKS1 partition consists of a header, followed by 8 key-slot + descriptors, followed by 8 key slots, followed by the encrypted data + area. + + Header and key-slot descriptors fill the first 592 bytes. The key-slot + size depends on the creation parameters, namely on the number of + anti-forensic stripes, key material offset and master key size. + + With the default parameters, each key-slot is a bit less than 128kiB in + size. Due to sector alignment of the key-slot start, that means the key + block 0 is at offset 0x1000-0x20400, key block 1 at offset + 0x21000-0x40400, and key block 7 at offset 0xc1000-0xe0400. The space + to the next full sector address is padded with zeros. Never used + key-slots are filled with what the disk originally contained there, a + key-slot removed with "luksRemoveKey" or "luksKillSlot" gets filled with + 0xff. Due to 2MiB default alignment, start of the data area for + cryptsetup 1.3 and later is at 2MiB, i.e. at 0x200000. For older + versions, it is at 0x101000, i.e. at 1'052'672 bytes, i.e. at 1MiB + + 4096 bytes from the start of the partition. Incidentally, + "luksHeaderBackup" for a LUKS container created with default parameters + dumps exactly the first 2MiB (or 1'052'672 bytes for headers created + with cryptsetup versions < 1.3) to file and "luksHeaderRestore" restores them. - For non-default parameters, you have to figure out placement - yourself. "luksDump" helps. See also next item. For the most common - non-default settings, namely aes-xts-plain with 512 bit key, the - offsets are: 1st keyslot 0x1000-0x3f800, 2nd keyslot - 0x40000-0x7e000, 3rd keyslot 0x7e000-0xbd800, ..., and start of - bulk data at 0x200000. + For non-default parameters, you have to figure out placement yourself. + "luksDump" helps. See also next item. For the most common non-default + settings, namely aes-xts-plain with 512 bit key, the offsets are: 1st + keyslot 0x1000-0x3f800, 2nd keyslot 0x40000-0x7e000, 3rd keyslot + 0x7e000-0xbd800, ..., and start of bulk data at 0x200000. The exact specification of the format is here: - https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification + https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification + + For your convenience, here is the LUKS1 header with hex offsets. + NOTE: + The spec counts key-slots from 1 to 8, but the cryptsetup tool counts + from 0 to 7. The numbers here refer to the cryptsetup numbers. + - For your convenience, here is the LUKS header with hex offsets. - NOTE: The spec counts key-slots from 1 to 8, but the cryptsetup - tool counts from 0 to 7. The numbers here refer to the cryptsetup - numbers. +Refers to LUKS1 On-Disk Format Specification Version 1.2.3 + +LUKS1 header: -Refers to LUKS On-Disk Format Specification Version 1.2.1 -LUKS header: offset length name data type description ----------------------------------------------------------------------- 0x0000 0x06 magic byte[] 'L','U','K','S', 0xba, 0xbe @@ -2140,7 +2303,10 @@ offset length name data type description 496 48 0x0220 0x30 key-slot-7 key slot key slot 7 544 48 + + Key slot: + offset length name data type description ------------------------------------------------------------------------- 0x0000 0x04 active uint32_t key slot enabled/disabled @@ -2153,114 +2319,113 @@ offset length name data type description 40 4 (512 bytes/sector) 0x002c 0x04 stripes uint32_t number of anti-forensic 44 4 stripes - - * 6.13 What is the smallest possible LUKS container? - Note: From cryptsetup 1.3 onwards, alignment is set to 1MB. With - modern Linux partitioning tools that also align to 1MB, this will - result in alignment to 2k sectors and typical Flash/SSD sectors, - which is highly desirable for a number of reasons. Changing the - alignment is not recommended. - That said, with default parameters, the data area starts at - exactly 2MB offset (at 0x101000 for cryptsetup versions before - 1.3). The smallest data area you can have is one sector of 512 - bytes. Data areas of 0 bytes can be created, but fail on mapping. + * 6.13 What is the smallest possible LUKS1 container? + + Note: From cryptsetup 1.3 onwards, alignment is set to 1MB. With modern + Linux partitioning tools that also align to 1MB, this will result in + alignment to 2k sectors and typical Flash/SSD sectors, which is highly + desirable for a number of reasons. Changing the alignment is not + recommended. + + That said, with default parameters, the data area starts at exactly 2MB + offset (at 0x101000 for cryptsetup versions before 1.3). The smallest + data area you can have is one sector of 512 bytes. Data areas of 0 + bytes can be created, but fail on mapping. While you cannot put a filesystem into something this small, it may - still be used to contain, for example, key. Note that with current - formatting tools, a partition for a container this size will be - 3MiB anyways. If you put the LUKS container into a file (via - losetup and a loopback device), the file needs to be 2097664 bytes - in size, i.e. 2MiB + 512B. - - There two ways to influence the start of the data area are key-size - and alignment. - - For alignment, you can go down to 1 on the parameter. This will - still leave you with a data-area starting at 0x101000, i.e. - 1MiB+4096B (default parameters) as alignment will be rounded up to - the next multiple of 8 (i.e. 4096 bytes) If in doubt, do a dry-run - on a larger file and dump the LUKS header to get actual - information. - - For key-size, you can use 128 bit (e.g. AES-128 with CBC), 256 bit - (e.g. AES-256 with CBC) or 512 bit (e.g. AES-256 with XTS mode). - You can do 64 bit (e.g. blowfish-64 with CBC), but anything below - 128 bit has to be considered insecure today. + still be used to contain, for example, key. Note that with current + formatting tools, a partition for a container this size will be 3MiB + anyways. If you put the LUKS container into a file (via losetup and a + loopback device), the file needs to be 2097664 bytes in size, i.e. 2MiB + + 512B. + + The two ways to influence the start of the data area are key-size and + alignment. + + For alignment, you can go down to 1 on the parameter. This will still + leave you with a data-area starting at 0x101000, i.e. 1MiB+4096B + (default parameters) as alignment will be rounded up to the next + multiple of 8 (i.e. 4096 bytes) If in doubt, do a dry-run on a larger + file and dump the LUKS header to get actual information. + + For key-size, you can use 128 bit (e.g. AES-128 with CBC), 256 bit + (e.g. AES-256 with CBC) or 512 bit (e.g. AES-256 with XTS mode). You + can do 64 bit (e.g. blowfish-64 with CBC), but anything below 128 bit + has to be considered insecure today. Example 1 - AES 128 bit with CBC: cryptsetup luksFormat -s 128 --align-payload=8 - + This results in a data offset of 0x81000, i.e. 516KiB or 528384 - bytes. Add one 512 byte sector and the smallest LUKS container size + bytes. Add one 512 byte sector and the smallest LUKS container size with these parameters is 516KiB + 512B or 528896 bytes. Example 2 - Blowfish 64 bit with CBC (WARNING: insecure): cryptsetup luksFormat -c blowfish -s 64 --align-payload=8 /dev/loop0 - + This results in a data offset of 0x41000, i.e. 260kiB or 266240 - bytes, with a minimal LUKS container size of 260kiB + 512B or - 266752 bytes. + bytes, with a minimal LUKS1 container size of 260kiB + 512B or 266752 + bytes. - * 6.14 I think this is overly complicated. Is there an alternative? + * 6.14 I think this is overly complicated. Is there an alternative? - Not really. Encryption comes at a price. You can use plain - dm-crypt to simplify things a bit. It does not allow multiple - passphrases, but on the plus side, it has zero on disk description - and if you overwrite some part of a plain dm-crypt partition, - exactly the overwritten parts are lost (rounded up to sector - borders). + Not really. Encryption comes at a price. You can use plain dm-crypt to + simplify things a bit. It does not allow multiple passphrases, but on + the plus side, it has zero on disk description and if you overwrite some + part of a plain dm-crypt partition, exactly the overwritten parts are + lost (rounded up to full sectors). + * 6.15 Can I clone a LUKS container? - * 6.15 Can I clone a LUKS container? + You can, but it breaks security, because the cloned container has the + same header and hence the same master key. Even if you change the + passphrase(s), the master key stays the same. That means whoever has + access to one of the clones can decrypt them all, completely bypassing + the passphrases. - You can, but it breaks security, because the cloned container has - the same header and hence the same master key. You cannot change - the master key on a LUKS container, even if you change the - passphrase(s), the master key stays the same. That means whoever - has access to one of the clones can decrypt them all, completely - bypassing the passphrases. + While you can use cryptsetup-reencrypt to change the master key, + this is probably more effort than to create separate LUKS containers + in the first place. - The right way to do this is to first luksFormat the target - container, then to clone the contents of the source container, with - both containers mapped, i.e. decrypted. You can clone the decrypted - contents of a LUKS container in binary mode, although you may run - into secondary issues with GUIDs in filesystems, partition tables, - RAID-components and the like. These are just the normal problems - binary cloning causes. + The right way to do this is to first luksFormat the target container, + then to clone the contents of the source container, with both containers + mapped, i.e. decrypted. You can clone the decrypted contents of a LUKS + container in binary mode, although you may run into secondary issues + with GUIDs in filesystems, partition tables, RAID-components and the + like. These are just the normal problems binary cloning causes. Note that if you need to ship (e.g.) cloned LUKS containers with a default passphrase, that is fine as long as each container was - individually created (and hence has its own master key). In this - case, changing the default passphrase will make it secure again. + individually created (and hence has its own master key). In this case, + changing the default passphrase will make it secure again. -7. Interoperability with other Disk Encryption Tools +7. Interoperability with other Disk Encryption Tools - * 7.1 What is this section about? + * 7.1 What is this section about? - Cryptsetup for plain dm-crypt can be used to access a number of - on-disk formats created by tools like loop-aes patched into - losetup. This sometimes works and sometimes does not. This - section collects insights into what works, what does not and where - more information is required. + Cryptsetup for plain dm-crypt can be used to access a number of on-disk + formats created by tools like loop-aes patched into losetup. This + sometimes works and sometimes does not. This section collects insights + into what works, what does not and where more information is required. Additional information may be found in the mailing-list archives, - mentioned at the start of this FAQ document. If you have a - solution working that is not yet documented here and think a wider - audience may be interested, please email the FAQ maintainer. + mentioned at the start of this FAQ document. If you have a solution + working that is not yet documented here and think a wider audience may + be interested, please email the FAQ maintainer. - * 7.2 loop-aes: General observations. + * 7.2 loop-aes: General observations. - One problem is that there are different versions of losetup around. - loop-aes is a patch for losetup. Possible problems and deviations + One problem is that there are different versions of losetup around. + loop-aes is a patch for losetup. Possible problems and deviations from cryptsetup option syntax include: - Offsets specified in bytes (cryptsetup: 512 byte sectors) @@ -2273,49 +2438,53 @@ offset length name data type description - Passphrase hash algorithm needs specifying - Also note that because plain dm-crypt and loop-aes format does not - have metadata, and while the loopAES extension for cryptsetup tries - autodetection (see command loopaesOpen), it may not always work. - If you still have the old set-up, using a verbosity option (-v) - on mapping with the old tool or having a look into the system logs - after setup could give you the information you need. Below, there - are also some things that worked for somebody. + Also note that because plain dm-crypt and loop-aes format does not have + metadata, and while the loopAES extension for cryptsetup tries + autodetection (see command loopaesOpen), it may not always work. If you + still have the old set-up, using a verbosity option (-v) on mapping with + the old tool or having a look into the system logs after setup could + give you the information you need. Below, there are also some things + that worked for somebody. - * 7.3 loop-aes patched into losetup on Debian 5.x, kernel 2.6.32 + * 7.3 loop-aes patched into losetup on Debian 5.x, kernel 2.6.32 In this case, the main problem seems to be that this variant of - losetup takes the offset (-o option) in bytes, while cryptsetup - takes it in sectors of 512 bytes each. Example: The losetup command + losetup takes the offset (-o option) in bytes, while cryptsetup takes + it in sectors of 512 bytes each. + + Example: The losetup command + + losetup -e twofish -o 2560 /dev/loop0 /dev/sdb1 + mount /dev/loop0 mount-point - losetup -e twofish -o 2560 /dev/loop0 /dev/sdb1 - mount /dev/loop0 mount-point - translates to - cryptsetup create -c twofish -o 5 --skip 5 e1 /dev/sdb1 - mount /dev/mapper/e1 mount-point - + cryptsetup create -c twofish -o 5 --skip 5 e1 /dev/sdb1 + mount /dev/mapper/e1 mount-point - * 7.4 loop-aes with 160 bit key - This seems to be sometimes used with twofish and blowfish and - represents a 160 bit ripemed160 hash output padded to 196 bit key - length. It seems the corresponding options for cryptsetup are - --cipher twofish-cbc-null -s 192 -h ripemd160:20 - + * 7.4 loop-aes with 160 bit key - * 7.5 loop-aes v1 format OpenSUSE + This seems to be sometimes used with twofish and blowfish and represents + a 160 bit ripemed160 hash output padded to 196 bit key length. It seems + the corresponding options for cryptsetup are + + --cipher twofish-cbc-null -s 192 -h ripemd160:20 - Apparently this is done by older OpenSUSE distros and stopped - working from OpenSUSE 12.1 to 12.2. One user had success with the - following: - cryptsetup create -c aes -s 128 -h sha256 - - * 7.6 Kernel encrypted loop device (cryptoloop) + * 7.5 loop-aes v1 format OpenSUSE + + Apparently this is done by older OpenSUSE distros and stopped working + from OpenSUSE 12.1 to 12.2. One user had success with the following: + + cryptsetup create -c aes -s 128 -h sha256 + + + + * 7.6 Kernel encrypted loop device (cryptoloop) There are a number of different losetup implementations for using encrypted loop devices so getting this to work may need a bit of @@ -2327,176 +2496,526 @@ offset length name data type description Example for a compatible mapping: losetup -e twofish -N /dev/loop0 /image.img - + translates to cryptsetup create image_plain /image.img -c twofish-cbc-plain -H plain - + with the mapping being done to /dev/mapper/image_plain instead of to /dev/loop0. More details: - Cipher, mode and pasword hash (or no hash): + Cipher, mode and password hash (or no hash): -e cipher [-N] => -c cipher-cbc-plain -H plain [-s 256] -e cipher => -c cipher-cbc-plain -H ripemd160 [-s 256] - - Key size and offsets (losetup: bytes, cryptsetuop: sectors of 512 - bytes): + + + Key size and offsets (losetup: bytes, cryptsetuop: sectors of 512 bytes): -k 128 => -s 128 -o 2560 => -o 5 -p 5 # 2560/512 = 5 - + + There is no replacement for --pass-fd, it has to be emulated using keyfiles, see the cryptsetup man-page. -8. Issues with Specific Versions of cryptsetup +8. Issues with Specific Versions of cryptsetup - * 8.1 When using the create command for plain dm-crypt with - cryptsetup 1.1.x, the mapping is incompatible and my data is not - accessible anymore! + * 8.1 When using the create command for plain dm-crypt with + cryptsetup 1.1.x, the mapping is incompatible and my data is not + accessible anymore! With cryptsetup 1.1.x, the distro maintainer can define different - default encryption modes. You can check the compiled-in defaults - using "cryptsetup --help". Moreover, the plain device default - changed because the old IV mode was vulnerable to a watermarking - attack. + default encryption modes. You can check the compiled-in defaults using + "cryptsetup --help". Moreover, the plain device default changed because + the old IV mode was vulnerable to a watermarking attack. If you are using a plain device and you need a compatible mode, just - specify cipher, key size and hash algorithm explicitly. For - compatibility with cryptsetup 1.0.x defaults, simple use the - following: + specify cipher, key size and hash algorithm explicitly. For + compatibility with cryptsetup 1.0.x defaults, simple use the following: cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 - + LUKS stores cipher and mode in the metadata on disk, avoiding this problem. - * 8.2 cryptsetup on SLED 10 has problems... + * 8.2 cryptsetup on SLED 10 has problems... - SLED 10 is missing an essential kernel patch for dm-crypt, which - is broken in its kernel as a result. There may be a very old - version of cryptsetup (1.0.x) provided by SLED, which should also - not be used anymore as well. My advice would be to drop SLED 10. + SLED 10 is missing an essential kernel patch for dm-crypt, which is + broken in its kernel as a result. There may be a very old version of + cryptsetup (1.0.x) provided by SLED, which should also not be used + anymore as well. My advice would be to drop SLED 10. - * 8.3 Gcrypt after 1.5.3 breaks Whirlpool + * 8.3 Gcrypt 1.6.x and later break Whirlpool - It is the other way round: In gcrypt 1.5.3 and before Whirlpool is - broken and it was fixed in the next version. If you selected - whirlpool as hash on creation of a LUKS container, it does not work - anymore with the fixed library. This shows one serious risk of - using rarely used settings. + It is the other way round: In gcrypt 1.5.x, Whirlpool is broken and it + was fixed in 1.6.0 and later. If you selected whirlpool as hash on + creation of a LUKS container, it does not work anymore with the fixed + library. This shows one serious risk of using rarely used settings. - The only two ways to deal with this are either to decrypt with an - old gcrypt version that has the flaw or to use a compatibility - feature introduced in cryptsetup 1.6.4 and gcrypt 1.6.1 or later. - Versions of gcrypt between 1.5.4 and 1.6.0 cannot be used. + Note that at the time this FAQ item was written, 1.5.4 was the latest + 1.5.x version and it has the flaw, i.e. works with the old Whirlpool + version. Possibly later 1.5.x versions will work as well. If not, + please let me know. + + The only two ways to access older LUKS containers created with Whirlpool + are to either decrypt with an old gcrypt version that has the flaw or to + use a compatibility feature introduced in cryptsetup 1.6.4 and gcrypt + 1.6.1 or later. Version 1.6.0 cannot be used. Steps: - - Make a least a header backup or better, refresh your full - backup. (You have a full backup, right? See Item 6.1 and - following.) + - Make at least a header backup or better, refresh your full backup. + (You have a full backup, right? See Item 6.1 and following.) - Make sure you have cryptsetup 1.6.4 or later and check the gcrypt - version: + version: - cryptsetup luksDump --debug | grep backend - - If gcrypt is at version 1.5.3 or before: - - Reencrypt the LUKS header with a different hash. (Requires - entering all keyslot passphrases. If you do not have all, remove - the ones you do not have before.): + If gcrypt is at version 1.5.x or before: + + - Reencrypt the LUKS header with a different hash. (Requires entering + all keyslot passphrases. If you do not have all, remove the ones you + do not have before.): cryptsetup-reencrypt --keep-key --hash sha256 - + If gcrypt is at version 1.6.1 or later: - Patch the hash name in the LUKS header from "whirlpool" to - "whirlpool_gcryptbug". This activates the broken implementation. + "whirlpool_gcryptbug". This activates the broken implementation. The detailed header layout is in Item 6.12 of this FAQ and in the - LUKS on-disk format specification. One way to change the hash is + LUKS on-disk format specification. One way to change the hash is with the following command: echo -n -e 'whirlpool_gcryptbug\0' | dd of= bs=1 seek=72 conv=notrunc + + - You can now open the device again. It is highly advisable to change + the hash now with cryptsetup-reencrypt as described above. While you + can reencrypt to use the fixed whirlpool, that may not be a good idea + as almost nobody seems to use it and hence the long time until the + bug was discovered. + + +9. The Initrd question + + + * 9.1 My initrd is broken with cryptsetup + + That is not nice! However the initrd is supplied by your distribution, + not by the cryptsetup project and hence you should complain to them. We + cannot really do anything about it. + + + * 9.2 CVE-2016-4484 says cryptsetup is broken! + + Not really. It says the initrd in some Debian versions have a behavior + that under some very special and unusual conditions may be considered + a vulnerability. + + What happens is that you can trick the initrd to go to a rescue-shell if + you enter the LUKS password wrongly in a specific way. But falling back + to a rescue shell on initrd errors is a sensible default behavior in the + first place. It gives you about as much access as booting a rescue + system from CD or USB-Stick or as removing the disk would give you. So + this only applies when an attacker has physical access, but cannot boot + anything else or remove the disk. These will be rare circumstances + indeed, and if you rely on the default distribution initrd to keep you + safe under these circumstances, then you have bigger problems than this + somewhat expected behavior. + + The CVE was exagerrated and should not be assigned to upstream + cryptsetup in the first place (it is a distro specific initrd issue). + It was driven more by a try to make a splash for self-aggrandizement, + than by any actual security concerns. Ignore it. + + + * 9.3 How do I do my own initrd with cryptsetup? + + Note: The instructions here apply to an initrd in initramfs format, not + to an initrd in initrd format. The latter is a filesystem image, not a + cpio-archive, and seems to not be widely used anymore. - - You can now open the device again. It is highly advisable to - change the hash now with cryptsetup-reencrypt as described above. - While you can reencrypt to use the fixed whirlpool, that may not - be a good idea as almost nobody seems to use it and hence the long - time until the bug was discovered. + It depends on the distribution. Below, I give a very simple example and + step-by-step instructions for Debian. With a bit of work, it should be + possible to adapt this to other distributions. Note that the + description is pretty general, so if you want to do other things with an + initrd it provides a useful starting point for that too. + 01) Unpacking an existing initrd to use as template -9. References and Further Reading + A Linux initrd is in gzip'ed cpio format. To unpack it, use something + like this: + md tmp; cd tmp; cat ../initrd | gunzip | cpio -id - * Purpose of this Section + After this, you have the full initrd content in tmp/ - The purpose of this section is to collect references to all - materials that do not fit the FAQ but are relevant in some fashion. - This can be core topics like the LUKS spec or disk encryption, but - it can also be more tangential, like secure storage management or - cryptography used in LUKS. It should still have relevance to - cryptsetup and its applications. + 02) Inspecting the init-script - If you wan to see something added here, send email to the - maintainer (or the cryptsetup mailing list) giving an URL, a - description (1-3 lines preferred) and a section to put it in. You - can also propose new sections. + The init-script is the only thing the kernel cares about. All activity + starts there. Its traditional location is /sbin/init on disk, but /init + in an initrd. In an initrd unpacked as above it is tmp/init. - At this time I would like to limit the references to things that - are available on the web. + While init can be a binary despite usually being called "init script", + in Debian the main init on the root partition is a binary, but the init + in the initrd (and only that one is called by the kernel) is a script + and starts like this: + #!/bin/sh + .... - * Specifications + The "sh" used here is in tmp/bin/sh as just unpacked, and in Debian it + currently is a busybox. - - LUKS on-disk format spec: - https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification + 03) Creating your own initrd - * Code Examples + The two examples below should give you most of what is needed. This is + tested with LUKS1 and should work with LUKS2 as well. If not, please + let me know. - - Some code examples are in the source package under docs/examples + Here is a really minimal example. It does nothing but set up some + things and then drop to an interactive shell. It is perfect to try out + things that you want to go into the init-script. + + #!/bin/sh + export PATH=/sbin:/bin + [ -d /sys ] || mkdir /sys + [ -d /proc ] || mkdir /proc + [ -d /tmp ] || mkdir /tmp + mount -t sysfs -o nodev,noexec,nosuid sysfs /sys + mount -t proc -o nodev,noexec,nosuid proc /proc + echo "initrd is running, starting BusyBox..." + exec /bin/sh --login + + + Here is an example that opens the first LUKS-partition it finds with the + hard-coded password "test2" and then mounts it as root-filesystem. This + is intended to be used on an USB-stick that after boot goes into a safe, + as it contains the LUKS-passphrase in plain text and is not secure to be + left in the system. The script contains debug-output that should make it + easier to see what is going on. Note that the final hand-over to the init + on the encrypted root-partition is done by "exec switch_root /mnt/root + /sbin/init", after mounting the decrypted LUKS container with "mount + /dev/mapper/c1 /mnt/root". The second argument of switch_root is relative + to the first argument, i.e. the init started with this command is really + /mnt/sbin/init before switch_root runs. + + #!/bin/sh + export PATH=/sbin:/bin + [ -d /sys ] || mkdir /sys + [ -d /proc ] || mkdir /proc + [ -d /tmp ] || mkdir /tmp + mount -t sysfs -o nodev,noexec,nosuid sysfs /sys + mount -t proc -o nodev,noexec,nosuid proc /proc + echo "detecting LUKS containers in sda1-10, sdb1-10"; sleep 1 + for i in a b + do + for j in 1 2 3 4 5 6 7 8 9 10 + do + sleep 0.5 + d="/dev/sd"$i""$j + echo -n $d + cryptsetup isLuks $d >/dev/null 2>&1 + r=$? + echo -n " result: "$r"" + # 0 = is LUKS, 1 = is not LUKS, 4 = other error + if expr $r = 0 > /dev/null + then + echo " is LUKS, attempting unlock" + echo -n "test2" | cryptsetup luksOpen --key-file=- $d c1 + r=$? + echo " result of unlock attempt: "$r"" + sleep 2 + if expr $r = 0 > /dev/null + then + echo "*** LUKS partition unlocked, switching root *** + echo " (waiting 30 seconds before doing that)" + mount /dev/mapper/c1 /mnt/root + sleep 30 + exec switch_root /mnt/root /sbin/init + fi + else + echo " is not LUKS" + fi + done + done + echo "FAIL finding root on LUKS, loading BusyBox..."; sleep 5 + exec /bin/sh --login + + + 04) What if I want a binary in the initrd, but libraries are missing? + + That is a bit tricky. One option is to compile statically, but that + does not work for everything. Debian puts some libraries into lib/ and + lib64/ which are usually enough. If you need more, you can add the + libraries you need there. That may or may not need a configuration + change for the dynamic linker "ld" as well. Refer to standard Linux + documentation on how to add a library to a Linux system. A running + initrd is just a running Linux system after all, it is not special in + any way. + + 05) How do I repack the initrd? + + Simply repack the changed directory. While in tmp/, do + the following: + ``` + find . | cpio --create --format='newc' | gzip > ../new_initrd + ``` + Rename "new_initrd" to however you want it called (the name of + the initrd is a kernel-parameter) and move to /boot. That is it. + + +10. LUKS2 Questions + + + * 10.1 Is the cryptography of LUKS2 different? + + Mostly not. The header has changed in its structure, but the + crytpgraphy is the same. The one exception is that PBKDF2 has been + replaced by Argon2 to give better resilience against attacks attacks by + graphics cards and other hardware with lots of computing power but + limited local memory per computing element. + + + * 10.2 What new features does LUKS2 have? + + There are quite a few. I recommend reading the man-page and the on-disk + format specification, see Item 1.2. + + To list just some: + - A lot of the metadata is JSON, allowing for easier extension + - Max 32 key-slots per default + - Better protection for bad passphrases now available with Argon2 + - Authenticated encryption + - The LUKS2 header is less vulnerable to corruption and has a 2nd copy + + + * 10.3 Why does LUKS2 need so much memory? + + LUKS2 uses Argon2 instead of PBKDF2. That causes the increase in memory. + See next item. + + + * 10.4 Why use Argon2 in LUKS 2 instead of PBKDF2? + + LUKS tries to be secure with not-so-good passwords. Bad passwords need to + be protected in some way against an attacker that just tries all possible + combinations. (For good passwords, you can just wait for the attacker to + die of old age...) The situation with LUKS is not quite the same as with a + password stored in a database, but there are similarities. + + LUKS does not store passwords on disk. Instead, the passwords are used to + decrypt the master-key with it and that one is stored on disk in encrypted + form. If you have a good password, with, say, more than 80 bits of + entropy, you could just put the password through a single crypto-hash (to + turn it into something that can be used as a key) and that would be secure. + This is what plain dm-crypt does. + + If the password has lower entropy, you want to make this process cost some + effort, so that each try takes time and resources and slows the attacker + down. LUKS1 uses PBKDF2 for that, adding an iteration count and a salt. + The iteration count is per default set to that it takes 1 second per try on + the CPU of the device where the respective passphrase was set. The salt is + there to prevent precomputation. + + The problem with that is that if you use a graphics card, you can massively + speed up these computations as PBKDF2 needs very little memeory to compute + it. A graphics card is (grossly simplified) a mass of small CPUs with some + small very fast local memory per CPU and a large slow memory (the 4/6/8 GB + a current card may have). If you can keep a computation in the small, + CPU-local memory, you can gain a speed factor of 1000 or more when trying + passwords with PBKDF2. + + Argon2 was created to address this problem. It adds a "large memory + property" where computing the result with less memory than the memory + parameter requires is massively (exponentially) slowed down. That means, + if you set, for example, 4GB of memory, computing Argon2 on a graphics card + with around 100kB of memory per "CPU" makes no sense at all because it is + far too slow. An attacker has hence to use real CPUs and furthermore is + limited by main memory bandwith. + + Hence the large amount of memory used is a security feature and should not + be turned off or reduced. If you really (!) understand what you are doing + and can assure good passwords, you can either go back to PBKDF2 or set a + low amount of memory used for Argon2 when creating the header. + + + * 10.5 LUKS2 is insecure! It uses less memory than the Argon2 RFC say! + + Well, not really. The RFC recommends 6GiB of memory for use with disk + encryption. That is a bit insane and something clearly went wrong in the + standardization process here. First, that makes Argon2 unusable on any 32 + bit Linux and that is clearly a bad thing. Second, there are many small + Linux devices around that do not have 6GiB of RAM in the first place. For + example, the current Raspberry Pi has 1GB, 2GB or 4GB of RAM, and with the + RFC recommendations, none of these could compute Argon2 hashes. + + Hence LUKS2 uses a more real-world approach. Iteration is set to a + minimum of 4 because there are some theoretical attacks that work up to an + iteration count of 3. The thread parameter is set to 4. To achieve 2 + second/slot unlock time, LUKS2 adjusts the memory parameter down if + needed. In the other direction, it will respect available memory and not + exceed it. On a current PC, the memory parameter will be somewhere around + 1GB, which should quite generous. The minimum I was able to set in an + experiment with "-i 1" was 400kB of memory and that is too low to be + secure. A Raspberry Pi would probably end up somewhere around 50MB (have + not tried it) and that should still be plenty. + + That said, if you have a good, high-entropy passphrase, LUKS2 is secure + with any memory parameter. + + + * 10.6 How does re-encryption store data while it is running? + + All metadata necessary to perform a recovery of said segment (in case of + crash) is stored in the LUKS2 metadata area. No matter if the LUKS2 + reencryption was run in online or offline mode. + + + * 10.7 What do I do if re-encryption crashes? + + In case of a reencryption application crash, try to close the original + device via following command first: + + cryptsetup close . + + Cryptsetup assesses if it's safe to teardown the reencryption device stack + or not. It will also cut off I/O (via dm-error mapping) to current + hotzone segment (to make later recovery possible). If it can't be torn + down, i.e. due to a mounted fs, you must unmount the filesystem first. + Never try to tear down reencryption dm devices manually using e.g. + dmsetup tool, at least not unless cryptsetup says it's safe to do so. It + could damage the data beyond repair. - * Brute-forcing passphrases + * 10.8 Do I need to enter two passphrases to recover a crashed + re-encryption? - - - http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html + Cryptsetup (command line utility) expects the passphrases to be identical + for the keyslot containing old volume key and for the keyslot containing + new one. So the recovery happens during normal the "cryptsetup open" + operation or the equivalent during boot. - - - http://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes + Re-encryption recovery can be also performed in offline mode by + the "cryptsetup repair" command. - * Tools + * 10.9 What is an unbound keyslot and what is it used for? + Quite simply, an 'unbound key' is an independent 'key' stored in a luks2 + keyslot that cannot be used to unlock a LUKS2 data device. More specifically, + an 'unbound key' or 'unbound luks2 keyslot' contains a secret that is not + currently associated with any data/crypt segment (encrypted area) in the + LUKS2 'Segments' section (displayed by luksDump). - * SSD and Flash Disk Related + This is a bit of a more general idea. It basically allows to use a keyslot + as a container for a key to be used in other things than decrypting a + data segment. + As of April 2020, the following uses are defined: - * Disk Encryption + 1) LUKS2 re-encryption. The new volume key is stored in an unbound keyslot + which becomes a regular LUKS2 keyslot later when re-encryption is + finished. + + 2) Somewhat similar is the use with a wrapped key scheme (e.g. with the + paes cipher). In this case, the VK (Volume Key) stored in a keyslot + is an encrypted binary binary blob. The KEK (Key Encryption Key) for + that blob may be refreshed (Note that this KEK is not managed by + cryptsetup!) and the binary blob gets changed. The KEK refresh process + uses an 'unbound keyslot'. First the future effective VK is placed + in the unbound keyslot and later it gets turned into the new real VK + (and bound to the respective crypt segment). + + + * 10.10 What about the size of the LUKS2 header? + + While the LUKS1 header has a fixed size that is determined by the cipher + spec (see Item 6.12), LUKS2 is more variable. The default size is 16MB, + but it can be adjusted on creation by using the --luks2-metadata-size + and --luks2-keyslots-size options. Refer to the man-page for details. + While adjusting the size in an existing LUKS2 container is possible, + it is somewhat complicated and risky. My advice is to do a backup, + recreate the container with changed parameters and restore that backup. + + + * 10.11 Does LUKS2 store metadata anywhere except in the header? + + It does not. But note that if you use the experimental integrity support, + there will be an integrity header as well at the start of the data area + and things get a bit more complicated. All metadata will still be at the + start of the device, nothing gets stored somewhere in the middle or at + the end. + + +11. References and Further Reading + + * Purpose of this Section + + The purpose of this section is to collect references to all materials + that do not fit the FAQ but are relevant in some fashion. This can be + core topics like the LUKS spec or disk encryption, but it can also be + more tangential, like secure storage management or cryptography used in + LUKS. It should still have relevance to cryptsetup and its + applications. + If you want to see something added here, send email to the maintainer + (or the cryptsetup mailing list) giving an URL, a description (1-3 lines + preferred) and a section to put it in. You can also propose new + sections. - * Attacks Against Disk Encryption + At this time I would like to limit the references to things that are + available on the web. + * Specifications - * Risk Management as Relevant for Disk Encryption + - LUKS on-disk format spec: See Item 1.2 + + * Other Documentation + + - Arch Linux on LUKS, LVM and full-disk encryption: + https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system + + * Code Examples + + - Some code examples are in the source package under docs/examples + - LUKS AF Splitter in Ruby by John Lane: https://rubygems.org/gems/afsplitter - * Cryptography + * Brute-forcing passphrases + - http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html - * Secure Storage + - http://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes - A. Contributors In no particular order: + * Tools + + * SSD and Flash Disk Related + + * Disk Encryption + + * Attacks Against Disk Encryption + + * Risk Management as Relevant for Disk Encryption + + * Cryptography + + * Secure Storage + + +A. Contributors +In no particular order: - Arno Wagner - Milan Broz +___ diff --git a/INSTALL b/INSTALL index a4b3414..45ff9bb 100644 --- a/INSTALL +++ b/INSTALL @@ -44,7 +44,7 @@ The simplest way to compile this package is: `sh ./configure' instead to prevent `csh' from trying to execute `configure' itself. - Running `configure' takes awhile. While running, it prints some + Running `configure' takes a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. diff --git a/Makefile.am b/Makefile.am index d6a4c43..de0d2a2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,13 +1,50 @@ EXTRA_DIST = COPYING.LGPL FAQ docs misc -SUBDIRS = \ - lib \ - src \ - man \ - python \ - tests \ - po +SUBDIRS = po tests +CLEANFILES = +DISTCLEAN_TARGETS = + +AM_CPPFLAGS = \ + -include config.h \ + -I$(top_srcdir)/lib \ + -DDATADIR=\""$(datadir)"\" \ + -DLOCALEDIR=\""$(datadir)/locale"\" \ + -DLIBDIR=\""$(libdir)"\" \ + -DPREFIX=\""$(prefix)"\" \ + -DSYSCONFDIR=\""$(sysconfdir)"\" \ + -DVERSION=\""$(VERSION)"\" +AM_CFLAGS = -Wall +AM_LDFLAGS = + +LDADD = $(LTLIBINTL) -lm + +tmpfilesddir = @DEFAULT_TMPFILESDIR@ + +noinst_LTLIBRARIES = +sbin_PROGRAMS = +man8_MANS = +tmpfilesd_DATA = + +include man/Makemodule.am + +include scripts/Makemodule.am + +if CRYPTO_INTERNAL_ARGON2 +include lib/crypto_backend/argon2/Makemodule.am +endif +include lib/crypto_backend/Makemodule.am +include lib/Makemodule.am + +include src/Makemodule.am ACLOCAL_AMFLAGS = -I m4 +DISTCHECK_CONFIGURE_FLAGS = \ + --with-tmpfilesdir=$$dc_install_base/usr/lib/tmpfiles.d \ + --enable-internal-argon2 --enable-internal-sse-argon2 + +distclean-local: + -find . -name \*~ -o -name \*.orig -o -name \*.rej | xargs rm -f + rm -rf autom4te.cache + clean-local: - -rm -rf docs/doxygen_api_docs + -rm -rf docs/doxygen_api_docs libargon2.la diff --git a/Makefile.in b/Makefile.in index 64d2b0c..ab032a7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -13,8 +13,22 @@ # PARTICULAR PURPOSE. @SET_MAKE@ + + + + VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -77,30 +91,371 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +sbin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2) $(am__EXEEXT_3) \ + $(am__EXEEXT_4) $(am__EXEEXT_5) $(am__EXEEXT_6) \ + $(am__EXEEXT_7) $(am__EXEEXT_8) +@VERITYSETUP_TRUE@am__append_1 = man/veritysetup.8 +@REENCRYPT_TRUE@am__append_2 = man/cryptsetup-reencrypt.8 +@INTEGRITYSETUP_TRUE@am__append_3 = man/integritysetup.8 +@CRYPTSETUP_TMPFILE_TRUE@am__append_4 = scripts/cryptsetup.conf +@CRYPTO_INTERNAL_ARGON2_TRUE@am__append_5 = libargon2.la +@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_TRUE@am__append_6 = lib/crypto_backend/argon2/blake2/blamka-round-opt.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_TRUE@ lib/crypto_backend/argon2/opt.c + +@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_FALSE@am__append_7 = lib/crypto_backend/argon2/blake2/blamka-round-ref.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_FALSE@ lib/crypto_backend/argon2/ref.c + +@CRYPTO_INTERNAL_ARGON2_TRUE@am__append_8 = lib/crypto_backend/argon2/LICENSE \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/README +@CRYPTO_BACKEND_GCRYPT_TRUE@am__append_9 = lib/crypto_backend/crypto_gcrypt.c +@CRYPTO_BACKEND_OPENSSL_TRUE@am__append_10 = lib/crypto_backend/crypto_openssl.c +@CRYPTO_BACKEND_NSS_TRUE@am__append_11 = lib/crypto_backend/crypto_nss.c +@CRYPTO_BACKEND_KERNEL_TRUE@am__append_12 = lib/crypto_backend/crypto_kernel.c +@CRYPTO_BACKEND_NETTLE_TRUE@am__append_13 = lib/crypto_backend/crypto_nettle.c +@CRYPTO_INTERNAL_PBKDF2_TRUE@am__append_14 = lib/crypto_backend/pbkdf2_generic.c +@CRYPTSETUP_TRUE@am__append_15 = cryptsetup +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@am__append_16 = cryptsetup.static +@VERITYSETUP_TRUE@am__append_17 = veritysetup +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am__append_18 = veritysetup.static +@INTEGRITYSETUP_TRUE@am__append_19 = integritysetup +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@am__append_20 = integritysetup.static +@REENCRYPT_TRUE@am__append_21 = cryptsetup-reencrypt +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am__append_22 = cryptsetup-reencrypt.static subdir = . -DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \ - $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/configure $(am__configure_deps) \ - $(srcdir)/config.h.in ABOUT-NLS COPYING TODO compile \ - config.guess config.rpath config.sub depcomp install-sh \ - missing ltmain.sh ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(include_HEADERS) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h -CONFIG_CLEAN_FILES = +CONFIG_CLEAN_FILES = lib/libcryptsetup.pc scripts/cryptsetup.conf CONFIG_CLEAN_VPATH_FILES = +@CRYPTSETUP_TRUE@am__EXEEXT_1 = cryptsetup$(EXEEXT) +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@am__EXEEXT_2 = cryptsetup.static$(EXEEXT) +@VERITYSETUP_TRUE@am__EXEEXT_3 = veritysetup$(EXEEXT) +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am__EXEEXT_4 = veritysetup.static$(EXEEXT) +@INTEGRITYSETUP_TRUE@am__EXEEXT_5 = integritysetup$(EXEEXT) +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@am__EXEEXT_6 = integritysetup.static$(EXEEXT) +@REENCRYPT_TRUE@am__EXEEXT_7 = cryptsetup-reencrypt$(EXEEXT) +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am__EXEEXT_8 = cryptsetup-reencrypt.static$(EXEEXT) +am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(libdir)" \ + "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)" \ + "$(DESTDIR)$(tmpfilesddir)" "$(DESTDIR)$(includedir)" +PROGRAMS = $(sbin_PROGRAMS) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) +libargon2_la_LIBADD = +am__libargon2_la_SOURCES_DIST = \ + lib/crypto_backend/argon2/blake2/blake2b.c \ + lib/crypto_backend/argon2/blake2/blake2.h \ + lib/crypto_backend/argon2/blake2/blake2-impl.h \ + lib/crypto_backend/argon2/argon2.c \ + lib/crypto_backend/argon2/argon2.h \ + lib/crypto_backend/argon2/core.c \ + lib/crypto_backend/argon2/core.h \ + lib/crypto_backend/argon2/encoding.c \ + lib/crypto_backend/argon2/encoding.h \ + lib/crypto_backend/argon2/thread.c \ + lib/crypto_backend/argon2/thread.h \ + lib/crypto_backend/argon2/blake2/blamka-round-opt.h \ + lib/crypto_backend/argon2/opt.c \ + lib/crypto_backend/argon2/blake2/blamka-round-ref.h \ + lib/crypto_backend/argon2/ref.c +am__dirstamp = $(am__leading_dot)dirstamp +@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_TRUE@am__objects_1 = lib/crypto_backend/argon2/libargon2_la-opt.lo +@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_FALSE@am__objects_2 = lib/crypto_backend/argon2/libargon2_la-ref.lo +@CRYPTO_INTERNAL_ARGON2_TRUE@am_libargon2_la_OBJECTS = lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-argon2.lo \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-core.lo \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-encoding.lo \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-thread.lo \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ $(am__objects_1) $(am__objects_2) +libargon2_la_OBJECTS = $(am_libargon2_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libargon2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libargon2_la_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +@CRYPTO_INTERNAL_ARGON2_TRUE@am_libargon2_la_rpath = +am__libcrypto_backend_la_SOURCES_DIST = \ + lib/crypto_backend/crypto_backend.h \ + lib/crypto_backend/crypto_backend_internal.h \ + lib/crypto_backend/crypto_cipher_kernel.c \ + lib/crypto_backend/crypto_storage.c \ + lib/crypto_backend/pbkdf_check.c lib/crypto_backend/crc32.c \ + lib/crypto_backend/argon2_generic.c \ + lib/crypto_backend/cipher_generic.c \ + lib/crypto_backend/cipher_check.c \ + lib/crypto_backend/crypto_gcrypt.c \ + lib/crypto_backend/crypto_openssl.c \ + lib/crypto_backend/crypto_nss.c \ + lib/crypto_backend/crypto_kernel.c \ + lib/crypto_backend/crypto_nettle.c \ + lib/crypto_backend/pbkdf2_generic.c +@CRYPTO_BACKEND_GCRYPT_TRUE@am__objects_3 = lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo +@CRYPTO_BACKEND_OPENSSL_TRUE@am__objects_4 = lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo +@CRYPTO_BACKEND_NSS_TRUE@am__objects_5 = lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo +@CRYPTO_BACKEND_KERNEL_TRUE@am__objects_6 = lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo +@CRYPTO_BACKEND_NETTLE_TRUE@am__objects_7 = lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo +@CRYPTO_INTERNAL_PBKDF2_TRUE@am__objects_8 = lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo +am_libcrypto_backend_la_OBJECTS = lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo \ + lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo \ + lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo \ + lib/crypto_backend/libcrypto_backend_la-crc32.lo \ + lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo \ + lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo \ + lib/crypto_backend/libcrypto_backend_la-cipher_check.lo \ + $(am__objects_3) $(am__objects_4) $(am__objects_5) \ + $(am__objects_6) $(am__objects_7) $(am__objects_8) +libcrypto_backend_la_OBJECTS = $(am_libcrypto_backend_la_OBJECTS) +libcrypto_backend_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libcrypto_backend_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__DEPENDENCIES_1 = +am_libcryptsetup_la_OBJECTS = lib/libcryptsetup_la-setup.lo \ + lib/libcryptsetup_la-utils.lo \ + lib/libcryptsetup_la-utils_benchmark.lo \ + lib/libcryptsetup_la-utils_crypt.lo \ + lib/libcryptsetup_la-utils_loop.lo \ + lib/libcryptsetup_la-utils_devpath.lo \ + lib/libcryptsetup_la-utils_wipe.lo \ + lib/libcryptsetup_la-utils_fips.lo \ + lib/libcryptsetup_la-utils_device.lo \ + lib/libcryptsetup_la-utils_keyring.lo \ + lib/libcryptsetup_la-utils_device_locking.lo \ + lib/libcryptsetup_la-utils_pbkdf.lo \ + lib/libcryptsetup_la-utils_safe_memory.lo \ + lib/libcryptsetup_la-utils_storage_wrappers.lo \ + lib/libcryptsetup_la-libdevmapper.lo \ + lib/libcryptsetup_la-volumekey.lo \ + lib/libcryptsetup_la-random.lo \ + lib/libcryptsetup_la-crypt_plain.lo \ + lib/libcryptsetup_la-base64.lo \ + lib/integrity/libcryptsetup_la-integrity.lo \ + lib/loopaes/libcryptsetup_la-loopaes.lo \ + lib/tcrypt/libcryptsetup_la-tcrypt.lo \ + lib/luks1/libcryptsetup_la-af.lo \ + lib/luks1/libcryptsetup_la-keyencryption.lo \ + lib/luks1/libcryptsetup_la-keymanage.lo \ + lib/verity/libcryptsetup_la-verity_hash.lo \ + lib/verity/libcryptsetup_la-verity_fec.lo \ + lib/verity/libcryptsetup_la-verity.lo \ + lib/verity/libcryptsetup_la-rs_encode_char.lo \ + lib/verity/libcryptsetup_la-rs_decode_char.lo \ + lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo \ + lib/luks2/libcryptsetup_la-luks2_json_format.lo \ + lib/luks2/libcryptsetup_la-luks2_json_metadata.lo \ + lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo \ + lib/luks2/libcryptsetup_la-luks2_digest.lo \ + lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo \ + lib/luks2/libcryptsetup_la-luks2_keyslot.lo \ + lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo \ + lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo \ + lib/luks2/libcryptsetup_la-luks2_reencrypt.lo \ + lib/luks2/libcryptsetup_la-luks2_segment.lo \ + lib/luks2/libcryptsetup_la-luks2_token_keyring.lo \ + lib/luks2/libcryptsetup_la-luks2_token.lo \ + lib/libcryptsetup_la-utils_blkid.lo \ + lib/bitlk/libcryptsetup_la-bitlk.lo +libcryptsetup_la_OBJECTS = $(am_libcryptsetup_la_OBJECTS) +libcryptsetup_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libcryptsetup_la_CFLAGS) $(CFLAGS) \ + $(libcryptsetup_la_LDFLAGS) $(LDFLAGS) -o $@ +libutils_io_la_LIBADD = +am_libutils_io_la_OBJECTS = lib/libutils_io_la-utils_io.lo +libutils_io_la_OBJECTS = $(am_libutils_io_la_OBJECTS) +libutils_io_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libutils_io_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ + $@ +am__cryptsetup_SOURCES_DIST = lib/utils_crypt.c lib/utils_loop.c \ + lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \ + src/utils_password.c src/utils_luks2.c src/utils_blockdev.c \ + src/cryptsetup.c src/cryptsetup.h +@CRYPTSETUP_TRUE@am_cryptsetup_OBJECTS = lib/utils_crypt.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ lib/utils_io.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_tools.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_password.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_luks2.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_blockdev.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/cryptsetup.$(OBJEXT) +cryptsetup_OBJECTS = $(am_cryptsetup_OBJECTS) +am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) +@CRYPTSETUP_TRUE@cryptsetup_DEPENDENCIES = $(am__DEPENDENCIES_2) \ +@CRYPTSETUP_TRUE@ libcryptsetup.la +am__cryptsetup_reencrypt_SOURCES_DIST = lib/utils_crypt.c \ + lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \ + lib/utils_loop.c src/utils_password.c \ + src/cryptsetup_reencrypt.c src/cryptsetup.h +@REENCRYPT_TRUE@am_cryptsetup_reencrypt_OBJECTS = \ +@REENCRYPT_TRUE@ lib/utils_crypt.$(OBJEXT) \ +@REENCRYPT_TRUE@ lib/utils_io.$(OBJEXT) \ +@REENCRYPT_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@REENCRYPT_TRUE@ src/utils_tools.$(OBJEXT) \ +@REENCRYPT_TRUE@ lib/utils_loop.$(OBJEXT) \ +@REENCRYPT_TRUE@ src/utils_password.$(OBJEXT) \ +@REENCRYPT_TRUE@ src/cryptsetup_reencrypt.$(OBJEXT) +cryptsetup_reencrypt_OBJECTS = $(am_cryptsetup_reencrypt_OBJECTS) +@REENCRYPT_TRUE@cryptsetup_reencrypt_DEPENDENCIES = \ +@REENCRYPT_TRUE@ $(am__DEPENDENCIES_2) libcryptsetup.la +am__cryptsetup_reencrypt_static_SOURCES_DIST = lib/utils_crypt.c \ + lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \ + lib/utils_loop.c src/utils_password.c \ + src/cryptsetup_reencrypt.c src/cryptsetup.h +@REENCRYPT_TRUE@am__objects_9 = lib/utils_crypt.$(OBJEXT) \ +@REENCRYPT_TRUE@ lib/utils_io.$(OBJEXT) \ +@REENCRYPT_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@REENCRYPT_TRUE@ src/utils_tools.$(OBJEXT) \ +@REENCRYPT_TRUE@ lib/utils_loop.$(OBJEXT) \ +@REENCRYPT_TRUE@ src/utils_password.$(OBJEXT) \ +@REENCRYPT_TRUE@ src/cryptsetup_reencrypt.$(OBJEXT) +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am_cryptsetup_reencrypt_static_OBJECTS = \ +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(am__objects_9) +cryptsetup_reencrypt_static_OBJECTS = \ + $(am_cryptsetup_reencrypt_static_OBJECTS) +@REENCRYPT_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \ +@REENCRYPT_TRUE@ libcryptsetup.la +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_DEPENDENCIES = \ +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_3) +cryptsetup_reencrypt_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(cryptsetup_reencrypt_static_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__cryptsetup_static_SOURCES_DIST = lib/utils_crypt.c \ + lib/utils_loop.c lib/utils_io.c lib/utils_blkid.c \ + src/utils_tools.c src/utils_password.c src/utils_luks2.c \ + src/utils_blockdev.c src/cryptsetup.c src/cryptsetup.h +@CRYPTSETUP_TRUE@am__objects_10 = lib/utils_crypt.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ lib/utils_io.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_tools.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_password.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_luks2.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/utils_blockdev.$(OBJEXT) \ +@CRYPTSETUP_TRUE@ src/cryptsetup.$(OBJEXT) +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@am_cryptsetup_static_OBJECTS = \ +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__objects_10) +cryptsetup_static_OBJECTS = $(am_cryptsetup_static_OBJECTS) +@CRYPTSETUP_TRUE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_2) \ +@CRYPTSETUP_TRUE@ libcryptsetup.la +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_DEPENDENCIES = \ +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_4) +cryptsetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(cryptsetup_static_LDFLAGS) $(LDFLAGS) \ + -o $@ +am__integritysetup_SOURCES_DIST = lib/utils_crypt.c lib/utils_loop.c \ + lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \ + src/integritysetup.c src/cryptsetup.h +@INTEGRITYSETUP_TRUE@am_integritysetup_OBJECTS = \ +@INTEGRITYSETUP_TRUE@ lib/utils_crypt.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ src/integritysetup.$(OBJEXT) +integritysetup_OBJECTS = $(am_integritysetup_OBJECTS) +@INTEGRITYSETUP_TRUE@integritysetup_DEPENDENCIES = \ +@INTEGRITYSETUP_TRUE@ $(am__DEPENDENCIES_2) libcryptsetup.la +am__integritysetup_static_SOURCES_DIST = lib/utils_crypt.c \ + lib/utils_loop.c lib/utils_io.c lib/utils_blkid.c \ + src/utils_tools.c src/integritysetup.c src/cryptsetup.h +@INTEGRITYSETUP_TRUE@am__objects_11 = lib/utils_crypt.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \ +@INTEGRITYSETUP_TRUE@ src/integritysetup.$(OBJEXT) +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@am_integritysetup_static_OBJECTS = \ +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__objects_11) +integritysetup_static_OBJECTS = $(am_integritysetup_static_OBJECTS) +@INTEGRITYSETUP_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_2) \ +@INTEGRITYSETUP_TRUE@ libcryptsetup.la +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_DEPENDENCIES = \ +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_5) +integritysetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(integritysetup_static_LDFLAGS) \ + $(LDFLAGS) -o $@ +am__veritysetup_SOURCES_DIST = lib/utils_crypt.c lib/utils_loop.c \ + lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \ + src/utils_password.c src/veritysetup.c src/cryptsetup.h +@VERITYSETUP_TRUE@am_veritysetup_OBJECTS = lib/utils_crypt.$(OBJEXT) \ +@VERITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \ +@VERITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \ +@VERITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@VERITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \ +@VERITYSETUP_TRUE@ src/utils_password.$(OBJEXT) \ +@VERITYSETUP_TRUE@ src/veritysetup.$(OBJEXT) +veritysetup_OBJECTS = $(am_veritysetup_OBJECTS) +@VERITYSETUP_TRUE@veritysetup_DEPENDENCIES = $(am__DEPENDENCIES_2) \ +@VERITYSETUP_TRUE@ libcryptsetup.la +am__veritysetup_static_SOURCES_DIST = lib/utils_crypt.c \ + lib/utils_loop.c lib/utils_io.c lib/utils_blkid.c \ + src/utils_tools.c src/utils_password.c src/veritysetup.c \ + src/cryptsetup.h +@VERITYSETUP_TRUE@am__objects_12 = lib/utils_crypt.$(OBJEXT) \ +@VERITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \ +@VERITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \ +@VERITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \ +@VERITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \ +@VERITYSETUP_TRUE@ src/utils_password.$(OBJEXT) \ +@VERITYSETUP_TRUE@ src/veritysetup.$(OBJEXT) +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am_veritysetup_static_OBJECTS = \ +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(am__objects_12) +veritysetup_static_OBJECTS = $(am_veritysetup_static_OBJECTS) +@VERITYSETUP_TRUE@am__DEPENDENCIES_6 = $(am__DEPENDENCIES_2) \ +@VERITYSETUP_TRUE@ libcryptsetup.la +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_DEPENDENCIES = \ +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(am__DEPENDENCIES_6) +veritysetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(veritysetup_static_LDFLAGS) \ + $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -113,8 +468,120 @@ AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = -SOURCES = -DIST_SOURCES = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = lib/$(DEPDIR)/libcryptsetup_la-base64.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-random.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-setup.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo \ + lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo \ + lib/$(DEPDIR)/libutils_io_la-utils_io.Plo \ + lib/$(DEPDIR)/utils_blkid.Po lib/$(DEPDIR)/utils_crypt.Po \ + lib/$(DEPDIR)/utils_io.Po lib/$(DEPDIR)/utils_loop.Po \ + lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo \ + lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo \ + lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo \ + lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo \ + lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo \ + lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo \ + lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo \ + lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo \ + lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo \ + lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo \ + lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo \ + lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo \ + lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo \ + lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo \ + lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo \ + lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo \ + lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo \ + lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo \ + lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo \ + lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo \ + lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo \ + src/$(DEPDIR)/cryptsetup.Po \ + src/$(DEPDIR)/cryptsetup_reencrypt.Po \ + src/$(DEPDIR)/integritysetup.Po \ + src/$(DEPDIR)/utils_blockdev.Po src/$(DEPDIR)/utils_luks2.Po \ + src/$(DEPDIR)/utils_password.Po src/$(DEPDIR)/utils_tools.Po \ + src/$(DEPDIR)/veritysetup.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libargon2_la_SOURCES) $(libcrypto_backend_la_SOURCES) \ + $(libcryptsetup_la_SOURCES) $(libutils_io_la_SOURCES) \ + $(cryptsetup_SOURCES) $(cryptsetup_reencrypt_SOURCES) \ + $(cryptsetup_reencrypt_static_SOURCES) \ + $(cryptsetup_static_SOURCES) $(integritysetup_SOURCES) \ + $(integritysetup_static_SOURCES) $(veritysetup_SOURCES) \ + $(veritysetup_static_SOURCES) +DIST_SOURCES = $(am__libargon2_la_SOURCES_DIST) \ + $(am__libcrypto_backend_la_SOURCES_DIST) \ + $(libcryptsetup_la_SOURCES) $(libutils_io_la_SOURCES) \ + $(am__cryptsetup_SOURCES_DIST) \ + $(am__cryptsetup_reencrypt_SOURCES_DIST) \ + $(am__cryptsetup_reencrypt_static_SOURCES_DIST) \ + $(am__cryptsetup_static_SOURCES_DIST) \ + $(am__integritysetup_SOURCES_DIST) \ + $(am__integritysetup_static_SOURCES_DIST) \ + $(am__veritysetup_SOURCES_DIST) \ + $(am__veritysetup_static_SOURCES_DIST) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ @@ -128,6 +595,11 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man8_MANS) +DATA = $(pkgconfig_DATA) $(tmpfilesd_DATA) +HEADERS = $(include_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ @@ -135,9 +607,9 @@ am__recursive_targets = \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - cscope distdir dist dist-all distcheck -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ - $(LISP)config.h.in + cscope distdir distdir-am dist dist-all distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \ + config.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. @@ -158,6 +630,17 @@ ETAGS = etags CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(srcdir)/lib/Makemodule.am \ + $(srcdir)/lib/crypto_backend/Makemodule.am \ + $(srcdir)/lib/crypto_backend/argon2/Makemodule.am \ + $(srcdir)/man/Makemodule.am $(srcdir)/scripts/Makemodule.am \ + $(srcdir)/src/Makemodule.am \ + $(top_srcdir)/lib/libcryptsetup.pc.in \ + $(top_srcdir)/scripts/cryptsetup.conf.in ABOUT-NLS AUTHORS \ + COPYING ChangeLog INSTALL NEWS README TODO compile \ + config.guess config.rpath config.sub depcomp install-sh \ + ltmain.sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -208,6 +691,8 @@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BLKID_CFLAGS = @BLKID_CFLAGS@ +BLKID_LIBS = @BLKID_LIBS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -217,6 +702,9 @@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_LUKS2_LOCK_DIR_PERMS = @DEFAULT_LUKS2_LOCK_DIR_PERMS@ +DEFAULT_LUKS2_LOCK_PATH = @DEFAULT_LUKS2_LOCK_PATH@ +DEFAULT_TMPFILESDIR = @DEFAULT_TMPFILESDIR@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ @@ -232,6 +720,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -242,8 +731,12 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +JSON_C_CFLAGS = @JSON_C_CFLAGS@ +JSON_C_LIBS = @JSON_C_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBARGON2_CFLAGS = @LIBARGON2_CFLAGS@ +LIBARGON2_LIBS = @LIBARGON2_LIBS@ LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ @@ -259,6 +752,7 @@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -284,6 +778,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PASSWDQC_LIBS = @PASSWDQC_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -293,13 +788,6 @@ POSUB = @POSUB@ PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ PWQUALITY_LIBS = @PWQUALITY_LIBS@ PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -310,6 +798,7 @@ UUID_LIBS = @UUID_LIBS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -351,38 +840,304 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemd_tmpfilesdir = @systemd_tmpfilesdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = COPYING.LGPL FAQ docs misc -SUBDIRS = \ - lib \ - src \ - man \ - python \ - tests \ - po +EXTRA_DIST = COPYING.LGPL FAQ docs misc man/cryptsetup.8 \ + man/integritysetup.8 man/veritysetup.8 \ + man/cryptsetup-reencrypt.8 $(am__append_8) \ + lib/libcryptsetup.pc.in lib/libcryptsetup.sym +SUBDIRS = po tests +CLEANFILES = +DISTCLEAN_TARGETS = scripts/cryptsetup.conf +AM_CPPFLAGS = \ + -include config.h \ + -I$(top_srcdir)/lib \ + -DDATADIR=\""$(datadir)"\" \ + -DLOCALEDIR=\""$(datadir)/locale"\" \ + -DLIBDIR=\""$(libdir)"\" \ + -DPREFIX=\""$(prefix)"\" \ + -DSYSCONFDIR=\""$(sysconfdir)"\" \ + -DVERSION=\""$(VERSION)"\" + +AM_CFLAGS = -Wall +AM_LDFLAGS = +LDADD = $(LTLIBINTL) -lm +tmpfilesddir = @DEFAULT_TMPFILESDIR@ +noinst_LTLIBRARIES = $(am__append_5) libcrypto_backend.la \ + libutils_io.la +man8_MANS = man/cryptsetup.8 $(am__append_1) $(am__append_2) \ + $(am__append_3) +tmpfilesd_DATA = $(am__append_4) +@CRYPTO_INTERNAL_ARGON2_TRUE@libargon2_la_CFLAGS = $(AM_CFLAGS) -std=c89 -pthread -O3 +@CRYPTO_INTERNAL_ARGON2_TRUE@libargon2_la_CPPFLAGS = $(AM_CPPFLAGS) \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ -I lib/crypto_backend/argon2 \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ -I lib/crypto_backend/argon2/blake2 + +@CRYPTO_INTERNAL_ARGON2_TRUE@libargon2_la_SOURCES = lib/crypto_backend/argon2/blake2/blake2b.c \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/blake2/blake2.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/blake2/blake2-impl.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/argon2.c \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/argon2.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/core.c \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/core.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/encoding.c \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/encoding.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/thread.c \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/thread.h \ +@CRYPTO_INTERNAL_ARGON2_TRUE@ $(am__append_6) $(am__append_7) +libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) @CRYPTO_CFLAGS@ +libcrypto_backend_la_SOURCES = lib/crypto_backend/crypto_backend.h \ + lib/crypto_backend/crypto_backend_internal.h \ + lib/crypto_backend/crypto_cipher_kernel.c \ + lib/crypto_backend/crypto_storage.c \ + lib/crypto_backend/pbkdf_check.c lib/crypto_backend/crc32.c \ + lib/crypto_backend/argon2_generic.c \ + lib/crypto_backend/cipher_generic.c \ + lib/crypto_backend/cipher_check.c $(am__append_9) \ + $(am__append_10) $(am__append_11) $(am__append_12) \ + $(am__append_13) $(am__append_14) +@CRYPTO_INTERNAL_ARGON2_TRUE@libcrypto_backend_la_DEPENDENCIES = libargon2.la +@CRYPTO_INTERNAL_ARGON2_TRUE@libcrypto_backend_la_LIBADD = libargon2.la +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = lib/libcryptsetup.pc +lib_LTLIBRARIES = libcryptsetup.la +include_HEADERS = lib/libcryptsetup.h +libutils_io_la_CFLAGS = $(AM_CFLAGS) +libutils_io_la_SOURCES = \ + lib/utils_io.c \ + lib/utils_io.h + +libcryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) \ + -I $(top_srcdir)/lib/crypto_backend \ + -I $(top_srcdir)/lib/luks1 \ + -I $(top_srcdir)/lib/luks2 \ + -I $(top_srcdir)/lib/loopaes \ + -I $(top_srcdir)/lib/verity \ + -I $(top_srcdir)/lib/tcrypt \ + -I $(top_srcdir)/lib/integrity \ + -I $(top_srcdir)/lib/bitlk + +libcryptsetup_la_DEPENDENCIES = libutils_io.la libcrypto_backend.la lib/libcryptsetup.sym +libcryptsetup_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined \ + -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \ + -version-info @LIBCRYPTSETUP_VERSION_INFO@ + +libcryptsetup_la_CFLAGS = $(AM_CFLAGS) @CRYPTO_CFLAGS@ +libcryptsetup_la_LIBADD = \ + @UUID_LIBS@ \ + @DEVMAPPER_LIBS@ \ + @CRYPTO_LIBS@ \ + @LIBARGON2_LIBS@ \ + @JSON_C_LIBS@ \ + @BLKID_LIBS@ \ + $(LTLIBICONV) \ + libcrypto_backend.la \ + libutils_io.la + +libcryptsetup_la_SOURCES = \ + lib/setup.c \ + lib/internal.h \ + lib/bitops.h \ + lib/nls.h \ + lib/libcryptsetup.h \ + lib/utils.c \ + lib/utils_benchmark.c \ + lib/utils_crypt.c \ + lib/utils_crypt.h \ + lib/utils_loop.c \ + lib/utils_loop.h \ + lib/utils_devpath.c \ + lib/utils_wipe.c \ + lib/utils_fips.c \ + lib/utils_fips.h \ + lib/utils_device.c \ + lib/utils_keyring.c \ + lib/utils_keyring.h \ + lib/utils_device_locking.c \ + lib/utils_device_locking.h \ + lib/utils_pbkdf.c \ + lib/utils_safe_memory.c \ + lib/utils_storage_wrappers.c \ + lib/utils_storage_wrappers.h \ + lib/libdevmapper.c \ + lib/utils_dm.h \ + lib/volumekey.c \ + lib/random.c \ + lib/crypt_plain.c \ + lib/base64.h \ + lib/base64.c \ + lib/integrity/integrity.h \ + lib/integrity/integrity.c \ + lib/loopaes/loopaes.h \ + lib/loopaes/loopaes.c \ + lib/tcrypt/tcrypt.h \ + lib/tcrypt/tcrypt.c \ + lib/luks1/af.h \ + lib/luks1/af.c \ + lib/luks1/keyencryption.c \ + lib/luks1/keymanage.c \ + lib/luks1/luks.h \ + lib/verity/verity_hash.c \ + lib/verity/verity_fec.c \ + lib/verity/verity.c \ + lib/verity/verity.h \ + lib/verity/rs_encode_char.c \ + lib/verity/rs_decode_char.c \ + lib/verity/rs.h \ + lib/luks2/luks2_disk_metadata.c \ + lib/luks2/luks2_json_format.c \ + lib/luks2/luks2_json_metadata.c \ + lib/luks2/luks2_luks1_convert.c \ + lib/luks2/luks2_digest.c \ + lib/luks2/luks2_digest_pbkdf2.c \ + lib/luks2/luks2_keyslot.c \ + lib/luks2/luks2_keyslot_luks2.c \ + lib/luks2/luks2_keyslot_reenc.c \ + lib/luks2/luks2_reencrypt.c \ + lib/luks2/luks2_segment.c \ + lib/luks2/luks2_token_keyring.c \ + lib/luks2/luks2_token.c \ + lib/luks2/luks2_internal.h \ + lib/luks2/luks2.h \ + lib/utils_blkid.c \ + lib/utils_blkid.h \ + lib/bitlk/bitlk.h \ + lib/bitlk/bitlk.c + + +# cryptsetup +@CRYPTSETUP_TRUE@cryptsetup_SOURCES = \ +@CRYPTSETUP_TRUE@ lib/utils_crypt.c \ +@CRYPTSETUP_TRUE@ lib/utils_loop.c \ +@CRYPTSETUP_TRUE@ lib/utils_io.c \ +@CRYPTSETUP_TRUE@ lib/utils_blkid.c \ +@CRYPTSETUP_TRUE@ src/utils_tools.c \ +@CRYPTSETUP_TRUE@ src/utils_password.c \ +@CRYPTSETUP_TRUE@ src/utils_luks2.c \ +@CRYPTSETUP_TRUE@ src/utils_blockdev.c \ +@CRYPTSETUP_TRUE@ src/cryptsetup.c \ +@CRYPTSETUP_TRUE@ src/cryptsetup.h + +@CRYPTSETUP_TRUE@cryptsetup_LDADD = $(LDADD) \ +@CRYPTSETUP_TRUE@ libcryptsetup.la \ +@CRYPTSETUP_TRUE@ @POPT_LIBS@ \ +@CRYPTSETUP_TRUE@ @PWQUALITY_LIBS@ \ +@CRYPTSETUP_TRUE@ @PASSWDQC_LIBS@ \ +@CRYPTSETUP_TRUE@ @UUID_LIBS@ \ +@CRYPTSETUP_TRUE@ @BLKID_LIBS@ + +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_SOURCES = $(cryptsetup_SOURCES) +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_LDADD = \ +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(cryptsetup_LDADD) \ +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \ +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ @PWQUALITY_STATIC_LIBS@ \ +@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@ + + +# veritysetup +@VERITYSETUP_TRUE@veritysetup_SOURCES = \ +@VERITYSETUP_TRUE@ lib/utils_crypt.c \ +@VERITYSETUP_TRUE@ lib/utils_loop.c \ +@VERITYSETUP_TRUE@ lib/utils_io.c \ +@VERITYSETUP_TRUE@ lib/utils_blkid.c \ +@VERITYSETUP_TRUE@ src/utils_tools.c \ +@VERITYSETUP_TRUE@ src/utils_password.c \ +@VERITYSETUP_TRUE@ src/veritysetup.c \ +@VERITYSETUP_TRUE@ src/cryptsetup.h + +@VERITYSETUP_TRUE@veritysetup_LDADD = $(LDADD) \ +@VERITYSETUP_TRUE@ libcryptsetup.la \ +@VERITYSETUP_TRUE@ @POPT_LIBS@ \ +@VERITYSETUP_TRUE@ @PWQUALITY_LIBS@ \ +@VERITYSETUP_TRUE@ @PASSWDQC_LIBS@ \ +@VERITYSETUP_TRUE@ @BLKID_LIBS@ + +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_SOURCES = $(veritysetup_SOURCES) +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_LDADD = \ +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(veritysetup_LDADD) \ +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @CRYPTO_STATIC_LIBS@ \ +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @DEVMAPPER_STATIC_LIBS@ \ +@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @UUID_LIBS@ + + +# integritysetup +@INTEGRITYSETUP_TRUE@integritysetup_SOURCES = \ +@INTEGRITYSETUP_TRUE@ lib/utils_crypt.c \ +@INTEGRITYSETUP_TRUE@ lib/utils_loop.c \ +@INTEGRITYSETUP_TRUE@ lib/utils_io.c \ +@INTEGRITYSETUP_TRUE@ lib/utils_blkid.c \ +@INTEGRITYSETUP_TRUE@ src/utils_tools.c \ +@INTEGRITYSETUP_TRUE@ src/integritysetup.c \ +@INTEGRITYSETUP_TRUE@ src/cryptsetup.h + +@INTEGRITYSETUP_TRUE@integritysetup_LDADD = $(LDADD) \ +@INTEGRITYSETUP_TRUE@ libcryptsetup.la \ +@INTEGRITYSETUP_TRUE@ @POPT_LIBS@ \ +@INTEGRITYSETUP_TRUE@ @UUID_LIBS@ \ +@INTEGRITYSETUP_TRUE@ @BLKID_LIBS@ + +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_SOURCES = $(integritysetup_SOURCES) +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_LDADD = \ +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(integritysetup_LDADD) \ +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \ +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@ \ +@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ @UUID_LIBS@ + + +# reencrypt +@REENCRYPT_TRUE@cryptsetup_reencrypt_SOURCES = \ +@REENCRYPT_TRUE@ lib/utils_crypt.c \ +@REENCRYPT_TRUE@ lib/utils_io.c \ +@REENCRYPT_TRUE@ lib/utils_blkid.c \ +@REENCRYPT_TRUE@ src/utils_tools.c \ +@REENCRYPT_TRUE@ lib/utils_loop.c \ +@REENCRYPT_TRUE@ src/utils_password.c \ +@REENCRYPT_TRUE@ src/cryptsetup_reencrypt.c \ +@REENCRYPT_TRUE@ src/cryptsetup.h + +@REENCRYPT_TRUE@cryptsetup_reencrypt_LDADD = $(LDADD) \ +@REENCRYPT_TRUE@ libcryptsetup.la \ +@REENCRYPT_TRUE@ @POPT_LIBS@ \ +@REENCRYPT_TRUE@ @PWQUALITY_LIBS@ \ +@REENCRYPT_TRUE@ @PASSWDQC_LIBS@ \ +@REENCRYPT_TRUE@ @UUID_LIBS@ \ +@REENCRYPT_TRUE@ @BLKID_LIBS@ + +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_SOURCES = $(cryptsetup_reencrypt_SOURCES) +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_LDADD = \ +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(cryptsetup_reencrypt_LDADD) \ +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \ +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @PWQUALITY_STATIC_LIBS@ \ +@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@ ACLOCAL_AMFLAGS = -I m4 +DISTCHECK_CONFIGURE_FLAGS = \ + --with-tmpfilesdir=$$dc_install_base/usr/lib/tmpfiles.d \ + --enable-internal-argon2 --enable-internal-sse-argon2 + all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: +.SUFFIXES: .c .lo .o .obj am--refresh: Makefile @: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/man/Makemodule.am $(srcdir)/scripts/Makemodule.am $(srcdir)/lib/crypto_backend/argon2/Makemodule.am $(srcdir)/lib/crypto_backend/Makemodule.am $(srcdir)/lib/Makemodule.am $(srcdir)/src/Makemodule.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ @@ -395,16 +1150,16 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ esac; +$(srcdir)/man/Makemodule.am $(srcdir)/scripts/Makemodule.am $(srcdir)/lib/crypto_backend/argon2/Makemodule.am $(srcdir)/lib/crypto_backend/Makemodule.am $(srcdir)/lib/Makemodule.am $(srcdir)/src/Makemodule.am $(am__empty): $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck @@ -429,15 +1184,1125 @@ $(srcdir)/config.h.in: $(am__configure_deps) distclean-hdr: -rm -f config.h stamp-h1 +lib/libcryptsetup.pc: $(top_builddir)/config.status $(top_srcdir)/lib/libcryptsetup.pc.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +scripts/cryptsetup.conf: $(top_builddir)/config.status $(top_srcdir)/scripts/cryptsetup.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +lib/crypto_backend/argon2/blake2/$(am__dirstamp): + @$(MKDIR_P) lib/crypto_backend/argon2/blake2 + @: > lib/crypto_backend/argon2/blake2/$(am__dirstamp) +lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/crypto_backend/argon2/blake2/$(DEPDIR) + @: > lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo: \ + lib/crypto_backend/argon2/blake2/$(am__dirstamp) \ + lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/$(am__dirstamp): + @$(MKDIR_P) lib/crypto_backend/argon2 + @: > lib/crypto_backend/argon2/$(am__dirstamp) +lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/crypto_backend/argon2/$(DEPDIR) + @: > lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/libargon2_la-argon2.lo: \ + lib/crypto_backend/argon2/$(am__dirstamp) \ + lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/libargon2_la-core.lo: \ + lib/crypto_backend/argon2/$(am__dirstamp) \ + lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/libargon2_la-encoding.lo: \ + lib/crypto_backend/argon2/$(am__dirstamp) \ + lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/libargon2_la-thread.lo: \ + lib/crypto_backend/argon2/$(am__dirstamp) \ + lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/libargon2_la-opt.lo: \ + lib/crypto_backend/argon2/$(am__dirstamp) \ + lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/argon2/libargon2_la-ref.lo: \ + lib/crypto_backend/argon2/$(am__dirstamp) \ + lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) + +libargon2.la: $(libargon2_la_OBJECTS) $(libargon2_la_DEPENDENCIES) $(EXTRA_libargon2_la_DEPENDENCIES) + $(AM_V_CCLD)$(libargon2_la_LINK) $(am_libargon2_la_rpath) $(libargon2_la_OBJECTS) $(libargon2_la_LIBADD) $(LIBS) +lib/crypto_backend/$(am__dirstamp): + @$(MKDIR_P) lib/crypto_backend + @: > lib/crypto_backend/$(am__dirstamp) +lib/crypto_backend/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/crypto_backend/$(DEPDIR) + @: > lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crc32.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-cipher_check.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) +lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo: \ + lib/crypto_backend/$(am__dirstamp) \ + lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) + +libcrypto_backend.la: $(libcrypto_backend_la_OBJECTS) $(libcrypto_backend_la_DEPENDENCIES) $(EXTRA_libcrypto_backend_la_DEPENDENCIES) + $(AM_V_CCLD)$(libcrypto_backend_la_LINK) $(libcrypto_backend_la_OBJECTS) $(libcrypto_backend_la_LIBADD) $(LIBS) +lib/$(am__dirstamp): + @$(MKDIR_P) lib + @: > lib/$(am__dirstamp) +lib/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/$(DEPDIR) + @: > lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-setup.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_benchmark.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_crypt.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_loop.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_devpath.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_wipe.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_fips.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_device.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_keyring.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_device_locking.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_pbkdf.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_safe_memory.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_storage_wrappers.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-libdevmapper.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-volumekey.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-random.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-crypt_plain.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-base64.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/integrity/$(am__dirstamp): + @$(MKDIR_P) lib/integrity + @: > lib/integrity/$(am__dirstamp) +lib/integrity/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/integrity/$(DEPDIR) + @: > lib/integrity/$(DEPDIR)/$(am__dirstamp) +lib/integrity/libcryptsetup_la-integrity.lo: \ + lib/integrity/$(am__dirstamp) \ + lib/integrity/$(DEPDIR)/$(am__dirstamp) +lib/loopaes/$(am__dirstamp): + @$(MKDIR_P) lib/loopaes + @: > lib/loopaes/$(am__dirstamp) +lib/loopaes/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/loopaes/$(DEPDIR) + @: > lib/loopaes/$(DEPDIR)/$(am__dirstamp) +lib/loopaes/libcryptsetup_la-loopaes.lo: lib/loopaes/$(am__dirstamp) \ + lib/loopaes/$(DEPDIR)/$(am__dirstamp) +lib/tcrypt/$(am__dirstamp): + @$(MKDIR_P) lib/tcrypt + @: > lib/tcrypt/$(am__dirstamp) +lib/tcrypt/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/tcrypt/$(DEPDIR) + @: > lib/tcrypt/$(DEPDIR)/$(am__dirstamp) +lib/tcrypt/libcryptsetup_la-tcrypt.lo: lib/tcrypt/$(am__dirstamp) \ + lib/tcrypt/$(DEPDIR)/$(am__dirstamp) +lib/luks1/$(am__dirstamp): + @$(MKDIR_P) lib/luks1 + @: > lib/luks1/$(am__dirstamp) +lib/luks1/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/luks1/$(DEPDIR) + @: > lib/luks1/$(DEPDIR)/$(am__dirstamp) +lib/luks1/libcryptsetup_la-af.lo: lib/luks1/$(am__dirstamp) \ + lib/luks1/$(DEPDIR)/$(am__dirstamp) +lib/luks1/libcryptsetup_la-keyencryption.lo: \ + lib/luks1/$(am__dirstamp) lib/luks1/$(DEPDIR)/$(am__dirstamp) +lib/luks1/libcryptsetup_la-keymanage.lo: lib/luks1/$(am__dirstamp) \ + lib/luks1/$(DEPDIR)/$(am__dirstamp) +lib/verity/$(am__dirstamp): + @$(MKDIR_P) lib/verity + @: > lib/verity/$(am__dirstamp) +lib/verity/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/verity/$(DEPDIR) + @: > lib/verity/$(DEPDIR)/$(am__dirstamp) +lib/verity/libcryptsetup_la-verity_hash.lo: \ + lib/verity/$(am__dirstamp) \ + lib/verity/$(DEPDIR)/$(am__dirstamp) +lib/verity/libcryptsetup_la-verity_fec.lo: lib/verity/$(am__dirstamp) \ + lib/verity/$(DEPDIR)/$(am__dirstamp) +lib/verity/libcryptsetup_la-verity.lo: lib/verity/$(am__dirstamp) \ + lib/verity/$(DEPDIR)/$(am__dirstamp) +lib/verity/libcryptsetup_la-rs_encode_char.lo: \ + lib/verity/$(am__dirstamp) \ + lib/verity/$(DEPDIR)/$(am__dirstamp) +lib/verity/libcryptsetup_la-rs_decode_char.lo: \ + lib/verity/$(am__dirstamp) \ + lib/verity/$(DEPDIR)/$(am__dirstamp) +lib/luks2/$(am__dirstamp): + @$(MKDIR_P) lib/luks2 + @: > lib/luks2/$(am__dirstamp) +lib/luks2/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/luks2/$(DEPDIR) + @: > lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_json_format.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_json_metadata.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_digest.lo: lib/luks2/$(am__dirstamp) \ + lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_keyslot.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_reencrypt.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_segment.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_token_keyring.lo: \ + lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/luks2/libcryptsetup_la-luks2_token.lo: lib/luks2/$(am__dirstamp) \ + lib/luks2/$(DEPDIR)/$(am__dirstamp) +lib/libcryptsetup_la-utils_blkid.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/bitlk/$(am__dirstamp): + @$(MKDIR_P) lib/bitlk + @: > lib/bitlk/$(am__dirstamp) +lib/bitlk/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) lib/bitlk/$(DEPDIR) + @: > lib/bitlk/$(DEPDIR)/$(am__dirstamp) +lib/bitlk/libcryptsetup_la-bitlk.lo: lib/bitlk/$(am__dirstamp) \ + lib/bitlk/$(DEPDIR)/$(am__dirstamp) + +libcryptsetup.la: $(libcryptsetup_la_OBJECTS) $(libcryptsetup_la_DEPENDENCIES) $(EXTRA_libcryptsetup_la_DEPENDENCIES) + $(AM_V_CCLD)$(libcryptsetup_la_LINK) -rpath $(libdir) $(libcryptsetup_la_OBJECTS) $(libcryptsetup_la_LIBADD) $(LIBS) +lib/libutils_io_la-utils_io.lo: lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) + +libutils_io.la: $(libutils_io_la_OBJECTS) $(libutils_io_la_DEPENDENCIES) $(EXTRA_libutils_io_la_DEPENDENCIES) + $(AM_V_CCLD)$(libutils_io_la_LINK) $(libutils_io_la_OBJECTS) $(libutils_io_la_LIBADD) $(LIBS) +lib/utils_crypt.$(OBJEXT): lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/utils_loop.$(OBJEXT): lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/utils_io.$(OBJEXT): lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +lib/utils_blkid.$(OBJEXT): lib/$(am__dirstamp) \ + lib/$(DEPDIR)/$(am__dirstamp) +src/$(am__dirstamp): + @$(MKDIR_P) src + @: > src/$(am__dirstamp) +src/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) src/$(DEPDIR) + @: > src/$(DEPDIR)/$(am__dirstamp) +src/utils_tools.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) +src/utils_password.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) +src/utils_luks2.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) +src/utils_blockdev.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) +src/cryptsetup.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) + +cryptsetup$(EXEEXT): $(cryptsetup_OBJECTS) $(cryptsetup_DEPENDENCIES) $(EXTRA_cryptsetup_DEPENDENCIES) + @rm -f cryptsetup$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cryptsetup_OBJECTS) $(cryptsetup_LDADD) $(LIBS) +src/cryptsetup_reencrypt.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) + +cryptsetup-reencrypt$(EXEEXT): $(cryptsetup_reencrypt_OBJECTS) $(cryptsetup_reencrypt_DEPENDENCIES) $(EXTRA_cryptsetup_reencrypt_DEPENDENCIES) + @rm -f cryptsetup-reencrypt$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cryptsetup_reencrypt_OBJECTS) $(cryptsetup_reencrypt_LDADD) $(LIBS) + +cryptsetup-reencrypt.static$(EXEEXT): $(cryptsetup_reencrypt_static_OBJECTS) $(cryptsetup_reencrypt_static_DEPENDENCIES) $(EXTRA_cryptsetup_reencrypt_static_DEPENDENCIES) + @rm -f cryptsetup-reencrypt.static$(EXEEXT) + $(AM_V_CCLD)$(cryptsetup_reencrypt_static_LINK) $(cryptsetup_reencrypt_static_OBJECTS) $(cryptsetup_reencrypt_static_LDADD) $(LIBS) + +cryptsetup.static$(EXEEXT): $(cryptsetup_static_OBJECTS) $(cryptsetup_static_DEPENDENCIES) $(EXTRA_cryptsetup_static_DEPENDENCIES) + @rm -f cryptsetup.static$(EXEEXT) + $(AM_V_CCLD)$(cryptsetup_static_LINK) $(cryptsetup_static_OBJECTS) $(cryptsetup_static_LDADD) $(LIBS) +src/integritysetup.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) + +integritysetup$(EXEEXT): $(integritysetup_OBJECTS) $(integritysetup_DEPENDENCIES) $(EXTRA_integritysetup_DEPENDENCIES) + @rm -f integritysetup$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(integritysetup_OBJECTS) $(integritysetup_LDADD) $(LIBS) + +integritysetup.static$(EXEEXT): $(integritysetup_static_OBJECTS) $(integritysetup_static_DEPENDENCIES) $(EXTRA_integritysetup_static_DEPENDENCIES) + @rm -f integritysetup.static$(EXEEXT) + $(AM_V_CCLD)$(integritysetup_static_LINK) $(integritysetup_static_OBJECTS) $(integritysetup_static_LDADD) $(LIBS) +src/veritysetup.$(OBJEXT): src/$(am__dirstamp) \ + src/$(DEPDIR)/$(am__dirstamp) + +veritysetup$(EXEEXT): $(veritysetup_OBJECTS) $(veritysetup_DEPENDENCIES) $(EXTRA_veritysetup_DEPENDENCIES) + @rm -f veritysetup$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(veritysetup_OBJECTS) $(veritysetup_LDADD) $(LIBS) + +veritysetup.static$(EXEEXT): $(veritysetup_static_OBJECTS) $(veritysetup_static_DEPENDENCIES) $(EXTRA_veritysetup_static_DEPENDENCIES) + @rm -f veritysetup.static$(EXEEXT) + $(AM_V_CCLD)$(veritysetup_static_LINK) $(veritysetup_static_OBJECTS) $(veritysetup_static_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f lib/*.$(OBJEXT) + -rm -f lib/*.lo + -rm -f lib/bitlk/*.$(OBJEXT) + -rm -f lib/bitlk/*.lo + -rm -f lib/crypto_backend/*.$(OBJEXT) + -rm -f lib/crypto_backend/*.lo + -rm -f lib/crypto_backend/argon2/*.$(OBJEXT) + -rm -f lib/crypto_backend/argon2/*.lo + -rm -f lib/crypto_backend/argon2/blake2/*.$(OBJEXT) + -rm -f lib/crypto_backend/argon2/blake2/*.lo + -rm -f lib/integrity/*.$(OBJEXT) + -rm -f lib/integrity/*.lo + -rm -f lib/loopaes/*.$(OBJEXT) + -rm -f lib/loopaes/*.lo + -rm -f lib/luks1/*.$(OBJEXT) + -rm -f lib/luks1/*.lo + -rm -f lib/luks2/*.$(OBJEXT) + -rm -f lib/luks2/*.lo + -rm -f lib/tcrypt/*.$(OBJEXT) + -rm -f lib/tcrypt/*.lo + -rm -f lib/verity/*.$(OBJEXT) + -rm -f lib/verity/*.lo + -rm -f src/*.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-base64.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-random.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-setup.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libutils_io_la-utils_io.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_blkid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_crypt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_io.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_loop.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/cryptsetup.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/cryptsetup_reencrypt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/integritysetup.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_blockdev.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_luks2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_password.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_tools.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/veritysetup.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo: lib/crypto_backend/argon2/blake2/blake2b.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo -MD -MP -MF lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Tpo -c -o lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo `test -f 'lib/crypto_backend/argon2/blake2/blake2b.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/blake2/blake2b.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Tpo lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/blake2/blake2b.c' object='lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo `test -f 'lib/crypto_backend/argon2/blake2/blake2b.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/blake2/blake2b.c + +lib/crypto_backend/argon2/libargon2_la-argon2.lo: lib/crypto_backend/argon2/argon2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-argon2.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-argon2.lo `test -f 'lib/crypto_backend/argon2/argon2.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/argon2.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/argon2.c' object='lib/crypto_backend/argon2/libargon2_la-argon2.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-argon2.lo `test -f 'lib/crypto_backend/argon2/argon2.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/argon2.c + +lib/crypto_backend/argon2/libargon2_la-core.lo: lib/crypto_backend/argon2/core.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-core.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-core.lo `test -f 'lib/crypto_backend/argon2/core.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/core.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/core.c' object='lib/crypto_backend/argon2/libargon2_la-core.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-core.lo `test -f 'lib/crypto_backend/argon2/core.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/core.c + +lib/crypto_backend/argon2/libargon2_la-encoding.lo: lib/crypto_backend/argon2/encoding.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-encoding.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-encoding.lo `test -f 'lib/crypto_backend/argon2/encoding.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/encoding.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/encoding.c' object='lib/crypto_backend/argon2/libargon2_la-encoding.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-encoding.lo `test -f 'lib/crypto_backend/argon2/encoding.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/encoding.c + +lib/crypto_backend/argon2/libargon2_la-thread.lo: lib/crypto_backend/argon2/thread.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-thread.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-thread.lo `test -f 'lib/crypto_backend/argon2/thread.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/thread.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/thread.c' object='lib/crypto_backend/argon2/libargon2_la-thread.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-thread.lo `test -f 'lib/crypto_backend/argon2/thread.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/thread.c + +lib/crypto_backend/argon2/libargon2_la-opt.lo: lib/crypto_backend/argon2/opt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-opt.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-opt.lo `test -f 'lib/crypto_backend/argon2/opt.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/opt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/opt.c' object='lib/crypto_backend/argon2/libargon2_la-opt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-opt.lo `test -f 'lib/crypto_backend/argon2/opt.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/opt.c + +lib/crypto_backend/argon2/libargon2_la-ref.lo: lib/crypto_backend/argon2/ref.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-ref.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-ref.lo `test -f 'lib/crypto_backend/argon2/ref.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/ref.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/ref.c' object='lib/crypto_backend/argon2/libargon2_la-ref.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-ref.lo `test -f 'lib/crypto_backend/argon2/ref.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/ref.c + +lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo: lib/crypto_backend/crypto_cipher_kernel.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo `test -f 'lib/crypto_backend/crypto_cipher_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_cipher_kernel.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_cipher_kernel.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo `test -f 'lib/crypto_backend/crypto_cipher_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_cipher_kernel.c + +lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo: lib/crypto_backend/crypto_storage.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo `test -f 'lib/crypto_backend/crypto_storage.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_storage.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_storage.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo `test -f 'lib/crypto_backend/crypto_storage.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_storage.c + +lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo: lib/crypto_backend/pbkdf_check.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo `test -f 'lib/crypto_backend/pbkdf_check.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf_check.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/pbkdf_check.c' object='lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo `test -f 'lib/crypto_backend/pbkdf_check.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf_check.c + +lib/crypto_backend/libcrypto_backend_la-crc32.lo: lib/crypto_backend/crc32.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crc32.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crc32.lo `test -f 'lib/crypto_backend/crc32.c' || echo '$(srcdir)/'`lib/crypto_backend/crc32.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crc32.c' object='lib/crypto_backend/libcrypto_backend_la-crc32.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crc32.lo `test -f 'lib/crypto_backend/crc32.c' || echo '$(srcdir)/'`lib/crypto_backend/crc32.c + +lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo: lib/crypto_backend/argon2_generic.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo `test -f 'lib/crypto_backend/argon2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2_generic.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2_generic.c' object='lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo `test -f 'lib/crypto_backend/argon2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2_generic.c + +lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo: lib/crypto_backend/cipher_generic.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo `test -f 'lib/crypto_backend/cipher_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_generic.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/cipher_generic.c' object='lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo `test -f 'lib/crypto_backend/cipher_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_generic.c + +lib/crypto_backend/libcrypto_backend_la-cipher_check.lo: lib/crypto_backend/cipher_check.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-cipher_check.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-cipher_check.lo `test -f 'lib/crypto_backend/cipher_check.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_check.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/cipher_check.c' object='lib/crypto_backend/libcrypto_backend_la-cipher_check.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-cipher_check.lo `test -f 'lib/crypto_backend/cipher_check.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_check.c + +lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo: lib/crypto_backend/crypto_gcrypt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo `test -f 'lib/crypto_backend/crypto_gcrypt.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_gcrypt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_gcrypt.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo `test -f 'lib/crypto_backend/crypto_gcrypt.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_gcrypt.c + +lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo: lib/crypto_backend/crypto_openssl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo `test -f 'lib/crypto_backend/crypto_openssl.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_openssl.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_openssl.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo `test -f 'lib/crypto_backend/crypto_openssl.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_openssl.c + +lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo: lib/crypto_backend/crypto_nss.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo `test -f 'lib/crypto_backend/crypto_nss.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nss.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_nss.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo `test -f 'lib/crypto_backend/crypto_nss.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nss.c + +lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo: lib/crypto_backend/crypto_kernel.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo `test -f 'lib/crypto_backend/crypto_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_kernel.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_kernel.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo `test -f 'lib/crypto_backend/crypto_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_kernel.c + +lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo: lib/crypto_backend/crypto_nettle.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo `test -f 'lib/crypto_backend/crypto_nettle.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nettle.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_nettle.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo `test -f 'lib/crypto_backend/crypto_nettle.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nettle.c + +lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo: lib/crypto_backend/pbkdf2_generic.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo `test -f 'lib/crypto_backend/pbkdf2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf2_generic.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/pbkdf2_generic.c' object='lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo `test -f 'lib/crypto_backend/pbkdf2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf2_generic.c + +lib/libcryptsetup_la-setup.lo: lib/setup.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-setup.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-setup.Tpo -c -o lib/libcryptsetup_la-setup.lo `test -f 'lib/setup.c' || echo '$(srcdir)/'`lib/setup.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-setup.Tpo lib/$(DEPDIR)/libcryptsetup_la-setup.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/setup.c' object='lib/libcryptsetup_la-setup.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-setup.lo `test -f 'lib/setup.c' || echo '$(srcdir)/'`lib/setup.c + +lib/libcryptsetup_la-utils.lo: lib/utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils.Tpo -c -o lib/libcryptsetup_la-utils.lo `test -f 'lib/utils.c' || echo '$(srcdir)/'`lib/utils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils.c' object='lib/libcryptsetup_la-utils.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils.lo `test -f 'lib/utils.c' || echo '$(srcdir)/'`lib/utils.c + +lib/libcryptsetup_la-utils_benchmark.lo: lib/utils_benchmark.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_benchmark.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Tpo -c -o lib/libcryptsetup_la-utils_benchmark.lo `test -f 'lib/utils_benchmark.c' || echo '$(srcdir)/'`lib/utils_benchmark.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_benchmark.c' object='lib/libcryptsetup_la-utils_benchmark.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_benchmark.lo `test -f 'lib/utils_benchmark.c' || echo '$(srcdir)/'`lib/utils_benchmark.c + +lib/libcryptsetup_la-utils_crypt.lo: lib/utils_crypt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_crypt.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Tpo -c -o lib/libcryptsetup_la-utils_crypt.lo `test -f 'lib/utils_crypt.c' || echo '$(srcdir)/'`lib/utils_crypt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_crypt.c' object='lib/libcryptsetup_la-utils_crypt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_crypt.lo `test -f 'lib/utils_crypt.c' || echo '$(srcdir)/'`lib/utils_crypt.c + +lib/libcryptsetup_la-utils_loop.lo: lib/utils_loop.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_loop.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Tpo -c -o lib/libcryptsetup_la-utils_loop.lo `test -f 'lib/utils_loop.c' || echo '$(srcdir)/'`lib/utils_loop.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_loop.c' object='lib/libcryptsetup_la-utils_loop.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_loop.lo `test -f 'lib/utils_loop.c' || echo '$(srcdir)/'`lib/utils_loop.c + +lib/libcryptsetup_la-utils_devpath.lo: lib/utils_devpath.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_devpath.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Tpo -c -o lib/libcryptsetup_la-utils_devpath.lo `test -f 'lib/utils_devpath.c' || echo '$(srcdir)/'`lib/utils_devpath.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_devpath.c' object='lib/libcryptsetup_la-utils_devpath.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_devpath.lo `test -f 'lib/utils_devpath.c' || echo '$(srcdir)/'`lib/utils_devpath.c + +lib/libcryptsetup_la-utils_wipe.lo: lib/utils_wipe.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_wipe.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Tpo -c -o lib/libcryptsetup_la-utils_wipe.lo `test -f 'lib/utils_wipe.c' || echo '$(srcdir)/'`lib/utils_wipe.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_wipe.c' object='lib/libcryptsetup_la-utils_wipe.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_wipe.lo `test -f 'lib/utils_wipe.c' || echo '$(srcdir)/'`lib/utils_wipe.c + +lib/libcryptsetup_la-utils_fips.lo: lib/utils_fips.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_fips.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Tpo -c -o lib/libcryptsetup_la-utils_fips.lo `test -f 'lib/utils_fips.c' || echo '$(srcdir)/'`lib/utils_fips.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_fips.c' object='lib/libcryptsetup_la-utils_fips.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_fips.lo `test -f 'lib/utils_fips.c' || echo '$(srcdir)/'`lib/utils_fips.c + +lib/libcryptsetup_la-utils_device.lo: lib/utils_device.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_device.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_device.Tpo -c -o lib/libcryptsetup_la-utils_device.lo `test -f 'lib/utils_device.c' || echo '$(srcdir)/'`lib/utils_device.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_device.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_device.c' object='lib/libcryptsetup_la-utils_device.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_device.lo `test -f 'lib/utils_device.c' || echo '$(srcdir)/'`lib/utils_device.c + +lib/libcryptsetup_la-utils_keyring.lo: lib/utils_keyring.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_keyring.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Tpo -c -o lib/libcryptsetup_la-utils_keyring.lo `test -f 'lib/utils_keyring.c' || echo '$(srcdir)/'`lib/utils_keyring.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_keyring.c' object='lib/libcryptsetup_la-utils_keyring.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_keyring.lo `test -f 'lib/utils_keyring.c' || echo '$(srcdir)/'`lib/utils_keyring.c + +lib/libcryptsetup_la-utils_device_locking.lo: lib/utils_device_locking.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_device_locking.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Tpo -c -o lib/libcryptsetup_la-utils_device_locking.lo `test -f 'lib/utils_device_locking.c' || echo '$(srcdir)/'`lib/utils_device_locking.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_device_locking.c' object='lib/libcryptsetup_la-utils_device_locking.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_device_locking.lo `test -f 'lib/utils_device_locking.c' || echo '$(srcdir)/'`lib/utils_device_locking.c + +lib/libcryptsetup_la-utils_pbkdf.lo: lib/utils_pbkdf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_pbkdf.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Tpo -c -o lib/libcryptsetup_la-utils_pbkdf.lo `test -f 'lib/utils_pbkdf.c' || echo '$(srcdir)/'`lib/utils_pbkdf.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_pbkdf.c' object='lib/libcryptsetup_la-utils_pbkdf.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_pbkdf.lo `test -f 'lib/utils_pbkdf.c' || echo '$(srcdir)/'`lib/utils_pbkdf.c + +lib/libcryptsetup_la-utils_safe_memory.lo: lib/utils_safe_memory.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_safe_memory.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Tpo -c -o lib/libcryptsetup_la-utils_safe_memory.lo `test -f 'lib/utils_safe_memory.c' || echo '$(srcdir)/'`lib/utils_safe_memory.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_safe_memory.c' object='lib/libcryptsetup_la-utils_safe_memory.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_safe_memory.lo `test -f 'lib/utils_safe_memory.c' || echo '$(srcdir)/'`lib/utils_safe_memory.c + +lib/libcryptsetup_la-utils_storage_wrappers.lo: lib/utils_storage_wrappers.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_storage_wrappers.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Tpo -c -o lib/libcryptsetup_la-utils_storage_wrappers.lo `test -f 'lib/utils_storage_wrappers.c' || echo '$(srcdir)/'`lib/utils_storage_wrappers.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_storage_wrappers.c' object='lib/libcryptsetup_la-utils_storage_wrappers.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_storage_wrappers.lo `test -f 'lib/utils_storage_wrappers.c' || echo '$(srcdir)/'`lib/utils_storage_wrappers.c + +lib/libcryptsetup_la-libdevmapper.lo: lib/libdevmapper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-libdevmapper.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Tpo -c -o lib/libcryptsetup_la-libdevmapper.lo `test -f 'lib/libdevmapper.c' || echo '$(srcdir)/'`lib/libdevmapper.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Tpo lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/libdevmapper.c' object='lib/libcryptsetup_la-libdevmapper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-libdevmapper.lo `test -f 'lib/libdevmapper.c' || echo '$(srcdir)/'`lib/libdevmapper.c + +lib/libcryptsetup_la-volumekey.lo: lib/volumekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-volumekey.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-volumekey.Tpo -c -o lib/libcryptsetup_la-volumekey.lo `test -f 'lib/volumekey.c' || echo '$(srcdir)/'`lib/volumekey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-volumekey.Tpo lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/volumekey.c' object='lib/libcryptsetup_la-volumekey.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-volumekey.lo `test -f 'lib/volumekey.c' || echo '$(srcdir)/'`lib/volumekey.c + +lib/libcryptsetup_la-random.lo: lib/random.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-random.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-random.Tpo -c -o lib/libcryptsetup_la-random.lo `test -f 'lib/random.c' || echo '$(srcdir)/'`lib/random.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-random.Tpo lib/$(DEPDIR)/libcryptsetup_la-random.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/random.c' object='lib/libcryptsetup_la-random.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-random.lo `test -f 'lib/random.c' || echo '$(srcdir)/'`lib/random.c + +lib/libcryptsetup_la-crypt_plain.lo: lib/crypt_plain.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-crypt_plain.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Tpo -c -o lib/libcryptsetup_la-crypt_plain.lo `test -f 'lib/crypt_plain.c' || echo '$(srcdir)/'`lib/crypt_plain.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Tpo lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypt_plain.c' object='lib/libcryptsetup_la-crypt_plain.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-crypt_plain.lo `test -f 'lib/crypt_plain.c' || echo '$(srcdir)/'`lib/crypt_plain.c + +lib/libcryptsetup_la-base64.lo: lib/base64.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-base64.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-base64.Tpo -c -o lib/libcryptsetup_la-base64.lo `test -f 'lib/base64.c' || echo '$(srcdir)/'`lib/base64.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-base64.Tpo lib/$(DEPDIR)/libcryptsetup_la-base64.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/base64.c' object='lib/libcryptsetup_la-base64.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-base64.lo `test -f 'lib/base64.c' || echo '$(srcdir)/'`lib/base64.c + +lib/integrity/libcryptsetup_la-integrity.lo: lib/integrity/integrity.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/integrity/libcryptsetup_la-integrity.lo -MD -MP -MF lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Tpo -c -o lib/integrity/libcryptsetup_la-integrity.lo `test -f 'lib/integrity/integrity.c' || echo '$(srcdir)/'`lib/integrity/integrity.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Tpo lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/integrity/integrity.c' object='lib/integrity/libcryptsetup_la-integrity.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/integrity/libcryptsetup_la-integrity.lo `test -f 'lib/integrity/integrity.c' || echo '$(srcdir)/'`lib/integrity/integrity.c + +lib/loopaes/libcryptsetup_la-loopaes.lo: lib/loopaes/loopaes.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/loopaes/libcryptsetup_la-loopaes.lo -MD -MP -MF lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Tpo -c -o lib/loopaes/libcryptsetup_la-loopaes.lo `test -f 'lib/loopaes/loopaes.c' || echo '$(srcdir)/'`lib/loopaes/loopaes.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Tpo lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/loopaes/loopaes.c' object='lib/loopaes/libcryptsetup_la-loopaes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/loopaes/libcryptsetup_la-loopaes.lo `test -f 'lib/loopaes/loopaes.c' || echo '$(srcdir)/'`lib/loopaes/loopaes.c + +lib/tcrypt/libcryptsetup_la-tcrypt.lo: lib/tcrypt/tcrypt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/tcrypt/libcryptsetup_la-tcrypt.lo -MD -MP -MF lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Tpo -c -o lib/tcrypt/libcryptsetup_la-tcrypt.lo `test -f 'lib/tcrypt/tcrypt.c' || echo '$(srcdir)/'`lib/tcrypt/tcrypt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Tpo lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/tcrypt/tcrypt.c' object='lib/tcrypt/libcryptsetup_la-tcrypt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/tcrypt/libcryptsetup_la-tcrypt.lo `test -f 'lib/tcrypt/tcrypt.c' || echo '$(srcdir)/'`lib/tcrypt/tcrypt.c + +lib/luks1/libcryptsetup_la-af.lo: lib/luks1/af.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks1/libcryptsetup_la-af.lo -MD -MP -MF lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Tpo -c -o lib/luks1/libcryptsetup_la-af.lo `test -f 'lib/luks1/af.c' || echo '$(srcdir)/'`lib/luks1/af.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Tpo lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks1/af.c' object='lib/luks1/libcryptsetup_la-af.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks1/libcryptsetup_la-af.lo `test -f 'lib/luks1/af.c' || echo '$(srcdir)/'`lib/luks1/af.c + +lib/luks1/libcryptsetup_la-keyencryption.lo: lib/luks1/keyencryption.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks1/libcryptsetup_la-keyencryption.lo -MD -MP -MF lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Tpo -c -o lib/luks1/libcryptsetup_la-keyencryption.lo `test -f 'lib/luks1/keyencryption.c' || echo '$(srcdir)/'`lib/luks1/keyencryption.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Tpo lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks1/keyencryption.c' object='lib/luks1/libcryptsetup_la-keyencryption.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks1/libcryptsetup_la-keyencryption.lo `test -f 'lib/luks1/keyencryption.c' || echo '$(srcdir)/'`lib/luks1/keyencryption.c + +lib/luks1/libcryptsetup_la-keymanage.lo: lib/luks1/keymanage.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks1/libcryptsetup_la-keymanage.lo -MD -MP -MF lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Tpo -c -o lib/luks1/libcryptsetup_la-keymanage.lo `test -f 'lib/luks1/keymanage.c' || echo '$(srcdir)/'`lib/luks1/keymanage.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Tpo lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks1/keymanage.c' object='lib/luks1/libcryptsetup_la-keymanage.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks1/libcryptsetup_la-keymanage.lo `test -f 'lib/luks1/keymanage.c' || echo '$(srcdir)/'`lib/luks1/keymanage.c + +lib/verity/libcryptsetup_la-verity_hash.lo: lib/verity/verity_hash.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-verity_hash.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Tpo -c -o lib/verity/libcryptsetup_la-verity_hash.lo `test -f 'lib/verity/verity_hash.c' || echo '$(srcdir)/'`lib/verity/verity_hash.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/verity_hash.c' object='lib/verity/libcryptsetup_la-verity_hash.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-verity_hash.lo `test -f 'lib/verity/verity_hash.c' || echo '$(srcdir)/'`lib/verity/verity_hash.c + +lib/verity/libcryptsetup_la-verity_fec.lo: lib/verity/verity_fec.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-verity_fec.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Tpo -c -o lib/verity/libcryptsetup_la-verity_fec.lo `test -f 'lib/verity/verity_fec.c' || echo '$(srcdir)/'`lib/verity/verity_fec.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/verity_fec.c' object='lib/verity/libcryptsetup_la-verity_fec.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-verity_fec.lo `test -f 'lib/verity/verity_fec.c' || echo '$(srcdir)/'`lib/verity/verity_fec.c + +lib/verity/libcryptsetup_la-verity.lo: lib/verity/verity.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-verity.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Tpo -c -o lib/verity/libcryptsetup_la-verity.lo `test -f 'lib/verity/verity.c' || echo '$(srcdir)/'`lib/verity/verity.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/verity.c' object='lib/verity/libcryptsetup_la-verity.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-verity.lo `test -f 'lib/verity/verity.c' || echo '$(srcdir)/'`lib/verity/verity.c + +lib/verity/libcryptsetup_la-rs_encode_char.lo: lib/verity/rs_encode_char.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-rs_encode_char.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Tpo -c -o lib/verity/libcryptsetup_la-rs_encode_char.lo `test -f 'lib/verity/rs_encode_char.c' || echo '$(srcdir)/'`lib/verity/rs_encode_char.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/rs_encode_char.c' object='lib/verity/libcryptsetup_la-rs_encode_char.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-rs_encode_char.lo `test -f 'lib/verity/rs_encode_char.c' || echo '$(srcdir)/'`lib/verity/rs_encode_char.c + +lib/verity/libcryptsetup_la-rs_decode_char.lo: lib/verity/rs_decode_char.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-rs_decode_char.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Tpo -c -o lib/verity/libcryptsetup_la-rs_decode_char.lo `test -f 'lib/verity/rs_decode_char.c' || echo '$(srcdir)/'`lib/verity/rs_decode_char.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/rs_decode_char.c' object='lib/verity/libcryptsetup_la-rs_decode_char.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-rs_decode_char.lo `test -f 'lib/verity/rs_decode_char.c' || echo '$(srcdir)/'`lib/verity/rs_decode_char.c + +lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo: lib/luks2/luks2_disk_metadata.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo `test -f 'lib/luks2/luks2_disk_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_disk_metadata.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_disk_metadata.c' object='lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo `test -f 'lib/luks2/luks2_disk_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_disk_metadata.c + +lib/luks2/libcryptsetup_la-luks2_json_format.lo: lib/luks2/luks2_json_format.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_json_format.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_json_format.lo `test -f 'lib/luks2/luks2_json_format.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_format.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_json_format.c' object='lib/luks2/libcryptsetup_la-luks2_json_format.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_json_format.lo `test -f 'lib/luks2/luks2_json_format.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_format.c + +lib/luks2/libcryptsetup_la-luks2_json_metadata.lo: lib/luks2/luks2_json_metadata.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_json_metadata.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_json_metadata.lo `test -f 'lib/luks2/luks2_json_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_metadata.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_json_metadata.c' object='lib/luks2/libcryptsetup_la-luks2_json_metadata.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_json_metadata.lo `test -f 'lib/luks2/luks2_json_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_metadata.c + +lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo: lib/luks2/luks2_luks1_convert.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo `test -f 'lib/luks2/luks2_luks1_convert.c' || echo '$(srcdir)/'`lib/luks2/luks2_luks1_convert.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_luks1_convert.c' object='lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo `test -f 'lib/luks2/luks2_luks1_convert.c' || echo '$(srcdir)/'`lib/luks2/luks2_luks1_convert.c + +lib/luks2/libcryptsetup_la-luks2_digest.lo: lib/luks2/luks2_digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_digest.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_digest.lo `test -f 'lib/luks2/luks2_digest.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_digest.c' object='lib/luks2/libcryptsetup_la-luks2_digest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_digest.lo `test -f 'lib/luks2/luks2_digest.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest.c + +lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo: lib/luks2/luks2_digest_pbkdf2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo `test -f 'lib/luks2/luks2_digest_pbkdf2.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest_pbkdf2.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_digest_pbkdf2.c' object='lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo `test -f 'lib/luks2/luks2_digest_pbkdf2.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest_pbkdf2.c + +lib/luks2/libcryptsetup_la-luks2_keyslot.lo: lib/luks2/luks2_keyslot.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_keyslot.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_keyslot.lo `test -f 'lib/luks2/luks2_keyslot.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_keyslot.c' object='lib/luks2/libcryptsetup_la-luks2_keyslot.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_keyslot.lo `test -f 'lib/luks2/luks2_keyslot.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot.c + +lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo: lib/luks2/luks2_keyslot_luks2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo `test -f 'lib/luks2/luks2_keyslot_luks2.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_luks2.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_keyslot_luks2.c' object='lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo `test -f 'lib/luks2/luks2_keyslot_luks2.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_luks2.c + +lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo: lib/luks2/luks2_keyslot_reenc.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo `test -f 'lib/luks2/luks2_keyslot_reenc.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_reenc.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_keyslot_reenc.c' object='lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo `test -f 'lib/luks2/luks2_keyslot_reenc.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_reenc.c + +lib/luks2/libcryptsetup_la-luks2_reencrypt.lo: lib/luks2/luks2_reencrypt.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_reencrypt.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_reencrypt.lo `test -f 'lib/luks2/luks2_reencrypt.c' || echo '$(srcdir)/'`lib/luks2/luks2_reencrypt.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_reencrypt.c' object='lib/luks2/libcryptsetup_la-luks2_reencrypt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_reencrypt.lo `test -f 'lib/luks2/luks2_reencrypt.c' || echo '$(srcdir)/'`lib/luks2/luks2_reencrypt.c + +lib/luks2/libcryptsetup_la-luks2_segment.lo: lib/luks2/luks2_segment.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_segment.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_segment.lo `test -f 'lib/luks2/luks2_segment.c' || echo '$(srcdir)/'`lib/luks2/luks2_segment.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_segment.c' object='lib/luks2/libcryptsetup_la-luks2_segment.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_segment.lo `test -f 'lib/luks2/luks2_segment.c' || echo '$(srcdir)/'`lib/luks2/luks2_segment.c + +lib/luks2/libcryptsetup_la-luks2_token_keyring.lo: lib/luks2/luks2_token_keyring.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_token_keyring.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_token_keyring.lo `test -f 'lib/luks2/luks2_token_keyring.c' || echo '$(srcdir)/'`lib/luks2/luks2_token_keyring.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_token_keyring.c' object='lib/luks2/libcryptsetup_la-luks2_token_keyring.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_token_keyring.lo `test -f 'lib/luks2/luks2_token_keyring.c' || echo '$(srcdir)/'`lib/luks2/luks2_token_keyring.c + +lib/luks2/libcryptsetup_la-luks2_token.lo: lib/luks2/luks2_token.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_token.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_token.lo `test -f 'lib/luks2/luks2_token.c' || echo '$(srcdir)/'`lib/luks2/luks2_token.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_token.c' object='lib/luks2/libcryptsetup_la-luks2_token.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_token.lo `test -f 'lib/luks2/luks2_token.c' || echo '$(srcdir)/'`lib/luks2/luks2_token.c + +lib/libcryptsetup_la-utils_blkid.lo: lib/utils_blkid.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_blkid.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Tpo -c -o lib/libcryptsetup_la-utils_blkid.lo `test -f 'lib/utils_blkid.c' || echo '$(srcdir)/'`lib/utils_blkid.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_blkid.c' object='lib/libcryptsetup_la-utils_blkid.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_blkid.lo `test -f 'lib/utils_blkid.c' || echo '$(srcdir)/'`lib/utils_blkid.c + +lib/bitlk/libcryptsetup_la-bitlk.lo: lib/bitlk/bitlk.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/bitlk/libcryptsetup_la-bitlk.lo -MD -MP -MF lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Tpo -c -o lib/bitlk/libcryptsetup_la-bitlk.lo `test -f 'lib/bitlk/bitlk.c' || echo '$(srcdir)/'`lib/bitlk/bitlk.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Tpo lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/bitlk/bitlk.c' object='lib/bitlk/libcryptsetup_la-bitlk.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/bitlk/libcryptsetup_la-bitlk.lo `test -f 'lib/bitlk/bitlk.c' || echo '$(srcdir)/'`lib/bitlk/bitlk.c + +lib/libutils_io_la-utils_io.lo: lib/utils_io.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libutils_io_la_CFLAGS) $(CFLAGS) -MT lib/libutils_io_la-utils_io.lo -MD -MP -MF lib/$(DEPDIR)/libutils_io_la-utils_io.Tpo -c -o lib/libutils_io_la-utils_io.lo `test -f 'lib/utils_io.c' || echo '$(srcdir)/'`lib/utils_io.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libutils_io_la-utils_io.Tpo lib/$(DEPDIR)/libutils_io_la-utils_io.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_io.c' object='lib/libutils_io_la-utils_io.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libutils_io_la_CFLAGS) $(CFLAGS) -c -o lib/libutils_io_la-utils_io.lo `test -f 'lib/utils_io.c' || echo '$(srcdir)/'`lib/utils_io.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs + -rm -rf lib/.libs lib/_libs + -rm -rf lib/bitlk/.libs lib/bitlk/_libs + -rm -rf lib/crypto_backend/.libs lib/crypto_backend/_libs + -rm -rf lib/crypto_backend/argon2/.libs lib/crypto_backend/argon2/_libs + -rm -rf lib/crypto_backend/argon2/blake2/.libs lib/crypto_backend/argon2/blake2/_libs + -rm -rf lib/integrity/.libs lib/integrity/_libs + -rm -rf lib/loopaes/.libs lib/loopaes/_libs + -rm -rf lib/luks1/.libs lib/luks1/_libs + -rm -rf lib/luks2/.libs lib/luks2/_libs + -rm -rf lib/tcrypt/.libs lib/tcrypt/_libs + -rm -rf lib/verity/.libs lib/verity/_libs distclean-libtool: -rm -f libtool config.lt +install-man8: $(man8_MANS) + @$(NORMAL_INSTALL) + @list1='$(man8_MANS)'; \ + list2=''; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +install-pkgconfigDATA: $(pkgconfig_DATA) + @$(NORMAL_INSTALL) + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ + done + +uninstall-pkgconfigDATA: + @$(NORMAL_UNINSTALL) + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) +install-tmpfilesdDATA: $(tmpfilesd_DATA) + @$(NORMAL_INSTALL) + @list='$(tmpfilesd_DATA)'; test -n "$(tmpfilesddir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(tmpfilesddir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(tmpfilesddir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tmpfilesddir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(tmpfilesddir)" || exit $$?; \ + done + +uninstall-tmpfilesdDATA: + @$(NORMAL_UNINSTALL) + @list='$(tmpfilesd_DATA)'; test -n "$(tmpfilesddir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(tmpfilesddir)'; $(am__uninstall_files_from_dir) +install-includeHEADERS: $(include_HEADERS) + @$(NORMAL_INSTALL) + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ + done + +uninstall-includeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. @@ -545,7 +2410,10 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -610,7 +2478,7 @@ distdir: $(DISTFILES) ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir @@ -624,18 +2492,22 @@ dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) +dist-zstd: distdir + tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst + $(am__post_remove_distdir) + dist-tarZ: distdir - @echo WARNING: "Support for shar distribution archives is" \ - "deprecated." >&2 + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir - @echo WARNING: "Support for distribution archives compressed with" \ - "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir @@ -653,7 +2525,7 @@ dist dist-all: distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -663,23 +2535,25 @@ distcheck: dist *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ + *.tar.zst*) \ + zstd -dc $(distdir).tar.zst | $(am__untar) ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_inst + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ - && ../configure \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ - --srcdir=.. --prefix="$$dc_install_base" \ + --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -734,9 +2608,13 @@ distcleancheck: distclean exit 1; } >&2 check-am: all-am check: check-recursive -all-am: Makefile config.h +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) \ + config.h installdirs: installdirs-recursive installdirs-am: + for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(tmpfilesddir)" "$(DESTDIR)$(includedir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive @@ -759,23 +2637,127 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f lib/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/$(am__dirstamp) + -rm -f lib/bitlk/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/bitlk/$(am__dirstamp) + -rm -f lib/crypto_backend/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/crypto_backend/$(am__dirstamp) + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/crypto_backend/argon2/$(am__dirstamp) + -rm -f lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/crypto_backend/argon2/blake2/$(am__dirstamp) + -rm -f lib/integrity/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/integrity/$(am__dirstamp) + -rm -f lib/loopaes/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/loopaes/$(am__dirstamp) + -rm -f lib/luks1/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/luks1/$(am__dirstamp) + -rm -f lib/luks2/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/luks2/$(am__dirstamp) + -rm -f lib/tcrypt/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/tcrypt/$(am__dirstamp) + -rm -f lib/verity/$(DEPDIR)/$(am__dirstamp) + -rm -f lib/verity/$(am__dirstamp) + -rm -f src/$(DEPDIR)/$(am__dirstamp) + -rm -f src/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive -clean-am: clean-generic clean-libtool clean-local mostlyclean-am +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool clean-local \ + clean-noinstLTLIBRARIES clean-sbinPROGRAMS mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f lib/$(DEPDIR)/libcryptsetup_la-base64.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-random.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-setup.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo + -rm -f lib/$(DEPDIR)/libutils_io_la-utils_io.Plo + -rm -f lib/$(DEPDIR)/utils_blkid.Po + -rm -f lib/$(DEPDIR)/utils_crypt.Po + -rm -f lib/$(DEPDIR)/utils_io.Po + -rm -f lib/$(DEPDIR)/utils_loop.Po + -rm -f lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo + -rm -f lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo + -rm -f lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo + -rm -f lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo + -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo + -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo + -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo + -rm -f lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo + -rm -f src/$(DEPDIR)/cryptsetup.Po + -rm -f src/$(DEPDIR)/cryptsetup_reencrypt.Po + -rm -f src/$(DEPDIR)/integritysetup.Po + -rm -f src/$(DEPDIR)/utils_blockdev.Po + -rm -f src/$(DEPDIR)/utils_luks2.Po + -rm -f src/$(DEPDIR)/utils_password.Po + -rm -f src/$(DEPDIR)/utils_tools.Po + -rm -f src/$(DEPDIR)/veritysetup.Po -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-hdr \ - distclean-libtool distclean-tags +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-hdr distclean-libtool distclean-local distclean-tags dvi: dvi-recursive @@ -789,13 +2771,14 @@ info: info-recursive info-am: -install-data-am: +install-data-am: install-includeHEADERS install-man \ + install-pkgconfigDATA install-tmpfilesdDATA install-dvi: install-dvi-recursive install-dvi-am: -install-exec-am: +install-exec-am: install-libLTLIBRARIES install-sbinPROGRAMS install-html: install-html-recursive @@ -805,7 +2788,7 @@ install-info: install-info-recursive install-info-am: -install-man: +install-man: install-man8 install-pdf: install-pdf-recursive @@ -820,12 +2803,91 @@ installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache + -rm -f lib/$(DEPDIR)/libcryptsetup_la-base64.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-random.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-setup.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo + -rm -f lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo + -rm -f lib/$(DEPDIR)/libutils_io_la-utils_io.Plo + -rm -f lib/$(DEPDIR)/utils_blkid.Po + -rm -f lib/$(DEPDIR)/utils_crypt.Po + -rm -f lib/$(DEPDIR)/utils_io.Po + -rm -f lib/$(DEPDIR)/utils_loop.Po + -rm -f lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo + -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo + -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo + -rm -f lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo + -rm -f lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo + -rm -f lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo + -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo + -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo + -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo + -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo + -rm -f lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo + -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo + -rm -f src/$(DEPDIR)/cryptsetup.Po + -rm -f src/$(DEPDIR)/cryptsetup_reencrypt.Po + -rm -f src/$(DEPDIR)/integritysetup.Po + -rm -f src/$(DEPDIR)/utils_blockdev.Po + -rm -f src/$(DEPDIR)/utils_luks2.Po + -rm -f src/$(DEPDIR)/utils_password.Po + -rm -f src/$(DEPDIR)/utils_tools.Po + -rm -f src/$(DEPDIR)/veritysetup.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive -mostlyclean-am: mostlyclean-generic mostlyclean-libtool +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf: pdf-recursive @@ -835,30 +2897,47 @@ ps: ps-recursive ps-am: -uninstall-am: +uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ + uninstall-man uninstall-pkgconfigDATA uninstall-sbinPROGRAMS \ + uninstall-tmpfilesdDATA + +uninstall-man: uninstall-man8 .MAKE: $(am__recursive_targets) all install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ - am--refresh check check-am clean clean-cscope clean-generic \ - clean-libtool clean-local cscope cscopelist-am ctags ctags-am \ - dist dist-all dist-bzip2 dist-gzip dist-lzip dist-shar \ - dist-tarZ dist-xz dist-zip distcheck distclean \ + am--depfiles am--refresh check check-am clean clean-cscope \ + clean-generic clean-libLTLIBRARIES clean-libtool clean-local \ + clean-noinstLTLIBRARIES clean-sbinPROGRAMS cscope \ + cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ + dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \ + dist-zstd distcheck distclean distclean-compile \ distclean-generic distclean-hdr distclean-libtool \ - distclean-tags distcleancheck distdir distuninstallcheck dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am + distclean-local distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-includeHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man \ + install-man8 install-pdf install-pdf-am install-pkgconfigDATA \ + install-ps install-ps-am install-sbinPROGRAMS install-strip \ + install-tmpfilesdDATA installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-includeHEADERS uninstall-libLTLIBRARIES \ + uninstall-man uninstall-man8 uninstall-pkgconfigDATA \ + uninstall-sbinPROGRAMS uninstall-tmpfilesdDATA + +.PRECIOUS: Makefile + +distclean-local: + -find . -name \*~ -o -name \*.orig -o -name \*.rej | xargs rm -f + rm -rf autom4te.cache clean-local: - -rm -rf docs/doxygen_api_docs + -rm -rf docs/doxygen_api_docs libargon2.la # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/TODO b/TODO index b5a66e1..58e5cc9 100644 --- a/TODO +++ b/TODO @@ -1,8 +1 @@ -Version 1.7: -- Export wipe device functions -- Support K/M suffixes for align payload (new switch?). -- TRIM for keyslots -- Do we need crypt_data_path() - path to data device (if differs)? -- Resync ETA time is not accurate, calculate it better (last minute window?). -- Extend existing LUKS header to use another KDF? (https://password-hashing.net/) -- Fix all crazy automake warnings (or switch to Cmake). +Please see issues tracked at https://gitlab.com/cryptsetup/cryptsetup/issues. diff --git a/aclocal.m4 b/aclocal.m4 index 5185896..b5fedd0 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.14.1 -*- Autoconf -*- +# generated automatically by aclocal 1.16.2 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,16 +20,18 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -dnl Autoconf macros for libgcrypt -dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc. -dnl -dnl This file is free software; as a special exception the author gives -dnl unlimited permission to copy and/or distribute it, with or without -dnl modifications, as long as this notice is preserved. -dnl -dnl This file is distributed in the hope that it will be useful, but -dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# libgcrypt.m4 - Autoconf macros to detect libgcrypt +# Copyright (C) 2002, 2003, 2004, 2011, 2014, 2018 g10 Code GmbH +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Last-changed: 2018-11-13 dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, @@ -42,19 +44,49 @@ dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using dnl this features allows to prevent build against newer versions of libgcrypt dnl with a changed API. dnl +dnl If a prefix option is not used, the config script is first +dnl searched in $SYSROOT/bin and then along $PATH. If the used +dnl config script does not match the host specification the script +dnl is added to the gpg_config_script_warn variable. +dnl AC_DEFUN([AM_PATH_LIBGCRYPT], [ AC_REQUIRE([AC_CANONICAL_HOST]) AC_ARG_WITH(libgcrypt-prefix, AC_HELP_STRING([--with-libgcrypt-prefix=PFX], [prefix where LIBGCRYPT is installed (optional)]), libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") - if test x$libgcrypt_config_prefix != x ; then - if test x${LIBGCRYPT_CONFIG+set} != xset ; then - LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config + if test x"${LIBGCRYPT_CONFIG}" = x ; then + if test x"${libgcrypt_config_prefix}" != x ; then + LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" fi fi - AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no) + use_gpgrt_config="" + if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then + if $GPGRT_CONFIG libgcrypt --exists; then + LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt" + AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config]) + use_gpgrt_config=yes + fi + fi + if test -z "$use_gpgrt_config"; then + if test x"${LIBGCRYPT_CONFIG}" = x ; then + case "${SYSROOT}" in + /*) + if test -x "${SYSROOT}/bin/libgcrypt-config" ; then + LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" + fi + ;; + '') + ;; + *) + AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) + ;; + esac + fi + AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) + fi + tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` @@ -73,7 +105,11 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` req_micro=`echo $min_libgcrypt_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` - libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + else + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion` + fi major=`echo $libgcrypt_config_version | \ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` minor=`echo $libgcrypt_config_version | \ @@ -105,7 +141,11 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], # If we have a recent libgcrypt, we should also check that the # API is compatible if test "$req_libgcrypt_api" -gt 0 ; then - tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + if test -z "$use_gpgrt_config"; then + tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + else + tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0` + fi if test "$tmp" -gt 0 ; then AC_MSG_CHECKING([LIBGCRYPT API version]) if test "$req_libgcrypt_api" -eq "$tmp" ; then @@ -121,17 +161,22 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ifelse([$2], , :, [$2]) - libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + else + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none` + fi if test x"$libgcrypt_config_host" != xnone ; then if test x"$libgcrypt_config_host" != x"$host" ; then AC_MSG_WARN([[ *** -*** The config script $LIBGCRYPT_CONFIG was +*** The config script "$LIBGCRYPT_CONFIG" was *** built for $libgcrypt_config_host and thus may not match the *** used host $host. *** You may want to use the configure option --with-libgcrypt-prefix -*** to specify a matching config script. +*** to specify a matching config script or use \$SYSROOT. ***]]) + gpg_config_script_warn="$gpg_config_script_warn libgcrypt" fi fi else @@ -143,32 +188,63 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], AC_SUBST(LIBGCRYPT_LIBS) ]) -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 1 (pkg-config-0.24) -# -# Copyright © 2004 Scott James Remnant . -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 12 (pkg-config-0.29.2) -# PKG_PROG_PKG_CONFIG([MIN-VERSION]) -# ---------------------------------- +dnl Copyright © 2004 Scott James Remnant . +dnl Copyright © 2012-2015 Dan Nicholson +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +dnl 02111-1307, USA. +dnl +dnl As a special exception to the GNU General Public License, if you +dnl distribute this file as part of a program that contains a +dnl configuration script generated by Autoconf, you may include it under +dnl the same distribution terms that you use for the rest of that +dnl program. + +dnl PKG_PREREQ(MIN-VERSION) +dnl ----------------------- +dnl Since: 0.29 +dnl +dnl Verify that the version of the pkg-config macros are at least +dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's +dnl installed version of pkg-config, this checks the developer's version +dnl of pkg.m4 when generating configure. +dnl +dnl To ensure that this macro is defined, also add: +dnl m4_ifndef([PKG_PREREQ], +dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) +dnl +dnl See the "Since" comment for each macro you use to see what version +dnl of the macros you require. +m4_defun([PKG_PREREQ], +[m4_define([PKG_MACROS_VERSION], [0.29.2]) +m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) +])dnl PKG_PREREQ + +dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) +dnl ---------------------------------- +dnl Since: 0.16 +dnl +dnl Search for the pkg-config tool and set the PKG_CONFIG variable to +dnl first found in the path. Checks that the version of pkg-config found +dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is +dnl used since that's the first version where most current features of +dnl pkg-config existed. AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) @@ -190,18 +266,19 @@ if test -n "$PKG_CONFIG"; then PKG_CONFIG="" fi fi[]dnl -])# PKG_PROG_PKG_CONFIG +])dnl PKG_PROG_PKG_CONFIG -# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# -# Check to see whether a particular set of modules exists. Similar -# to PKG_CHECK_MODULES(), but does not set variables or print errors. -# -# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -# only at the first occurence in configure.ac, so if the first place -# it's called might be skipped (such as if it is within an "if", you -# have to call PKG_CHECK_EXISTS manually -# -------------------------------------------------------------- +dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------------------------------- +dnl Since: 0.18 +dnl +dnl Check to see whether a particular set of modules exists. Similar to +dnl PKG_CHECK_MODULES(), but does not set variables or print errors. +dnl +dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +dnl only at the first occurence in configure.ac, so if the first place +dnl it's called might be skipped (such as if it is within an "if", you +dnl have to call PKG_CHECK_EXISTS manually AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ @@ -211,8 +288,10 @@ m4_ifvaln([$3], [else $3])dnl fi]) -# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -# --------------------------------------------- +dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting +dnl pkg_failed based on the result. m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" @@ -224,10 +303,11 @@ m4_define([_PKG_CONFIG], else pkg_failed=untried fi[]dnl -])# _PKG_CONFIG +])dnl _PKG_CONFIG -# _PKG_SHORT_ERRORS_SUPPORTED -# ----------------------------- +dnl _PKG_SHORT_ERRORS_SUPPORTED +dnl --------------------------- +dnl Internal check to see if pkg-config supports short errors. AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -235,26 +315,24 @@ if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then else _pkg_short_errors_supported=no fi[]dnl -])# _PKG_SHORT_ERRORS_SUPPORTED +])dnl _PKG_SHORT_ERRORS_SUPPORTED -# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -# [ACTION-IF-NOT-FOUND]) -# -# -# Note that if there is a possibility the first call to -# PKG_CHECK_MODULES might not happen, you should be sure to include an -# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -# -# -# -------------------------------------------------------------- +dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl -------------------------------------------------------------- +dnl Since: 0.4.0 +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES might not happen, you should be sure to include an +dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no -AC_MSG_CHECKING([for $1]) +AC_MSG_CHECKING([for $2]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) @@ -264,11 +342,11 @@ and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then - AC_MSG_RESULT([no]) + AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` - else + else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs @@ -285,7 +363,7 @@ installed software in a non-standard prefix. _PKG_TEXT])[]dnl ]) elif test $pkg_failed = untried; then - AC_MSG_RESULT([no]) + AC_MSG_RESULT([no]) m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full @@ -301,16 +379,40 @@ else AC_MSG_RESULT([yes]) $3 fi[]dnl -])# PKG_CHECK_MODULES +])dnl PKG_CHECK_MODULES + +dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl --------------------------------------------------------------------- +dnl Since: 0.29 +dnl +dnl Checks for existence of MODULES and gathers its build flags with +dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags +dnl and VARIABLE-PREFIX_LIBS from --libs. +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to +dnl include an explicit call to PKG_PROG_PKG_CONFIG in your +dnl configure.ac. +AC_DEFUN([PKG_CHECK_MODULES_STATIC], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +_save_PKG_CONFIG=$PKG_CONFIG +PKG_CONFIG="$PKG_CONFIG --static" +PKG_CHECK_MODULES($@) +PKG_CONFIG=$_save_PKG_CONFIG[]dnl +])dnl PKG_CHECK_MODULES_STATIC -# PKG_INSTALLDIR(DIRECTORY) -# ------------------------- -# Substitutes the variable pkgconfigdir as the location where a module -# should install pkg-config .pc files. By default the directory is -# $libdir/pkgconfig, but the default can be changed by passing -# DIRECTORY. The user can override through the --with-pkgconfigdir -# parameter. + +dnl PKG_INSTALLDIR([DIRECTORY]) +dnl ------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable pkgconfigdir as the location where a module +dnl should install pkg-config .pc files. By default the directory is +dnl $libdir/pkgconfig, but the default can be changed by passing +dnl DIRECTORY. The user can override through the --with-pkgconfigdir +dnl parameter. AC_DEFUN([PKG_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) m4_pushdef([pkg_description], @@ -321,16 +423,18 @@ AC_ARG_WITH([pkgconfigdir], AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) -]) dnl PKG_INSTALLDIR +])dnl PKG_INSTALLDIR -# PKG_NOARCH_INSTALLDIR(DIRECTORY) -# ------------------------- -# Substitutes the variable noarch_pkgconfigdir as the location where a -# module should install arch-independent pkg-config .pc files. By -# default the directory is $datadir/pkgconfig, but the default can be -# changed by passing DIRECTORY. The user can override through the -# --with-noarch-pkgconfigdir parameter. +dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) +dnl -------------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable noarch_pkgconfigdir as the location where a +dnl module should install arch-independent pkg-config .pc files. By +dnl default the directory is $datadir/pkgconfig, but the default can be +dnl changed by passing DIRECTORY. The user can override through the +dnl --with-noarch-pkgconfigdir parameter. AC_DEFUN([PKG_NOARCH_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) m4_pushdef([pkg_description], @@ -341,13 +445,15 @@ AC_ARG_WITH([noarch-pkgconfigdir], AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) -]) dnl PKG_NOARCH_INSTALLDIR +])dnl PKG_NOARCH_INSTALLDIR -# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, -# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# ------------------------------------------- -# Retrieves the value of the pkg-config variable for the given module. +dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------- +dnl Since: 0.28 +dnl +dnl Retrieves the value of the pkg-config variable for the given module. AC_DEFUN([PKG_CHECK_VAR], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl @@ -356,9 +462,9 @@ _PKG_CONFIG([$1], [variable="][$3]["], [$2]) AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4])dnl -])# PKG_CHECK_VAR +])dnl PKG_CHECK_VAR -# Copyright (C) 2002-2013 Free Software Foundation, Inc. +# Copyright (C) 2002-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -370,10 +476,10 @@ AS_VAR_IF([$1], [""], [$5], [$4])dnl # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.14' +[am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.14.1], [], +m4_if([$1], [1.16.2], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -389,14 +495,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.14.1])dnl +[AM_AUTOMAKE_VERSION([1.16.2])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -448,7 +554,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -479,7 +585,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -670,13 +776,12 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. - # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], @@ -684,49 +789,43 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + AS_CASE([$CONFIG_FILES], + [*\'*], [eval set x "$CONFIG_FILES"], + [*], [set x $CONFIG_FILES]) shift - for mf + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf do # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line + am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`AS_DIRNAME("$mf")` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`AS_DIRNAME(["$file"])` - AS_MKDIR_P([$dirpart/$fdir]) - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`AS_DIRNAME(["$am_mf"])` + am_filepart=`AS_BASENAME(["$am_mf"])` + AM_RUN_LOG([cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles]) || am_rc=$? done + if test $am_rc -ne 0; then + AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. If GNU make was not used, consider + re-running the configure script with MAKE="gmake" (or whatever is + necessary). You can also try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking).]) + fi + AS_UNSET([am_dirpart]) + AS_UNSET([am_filepart]) + AS_UNSET([am_mf]) + AS_UNSET([am_rc]) + rm -f conftest-deps.mk } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS @@ -735,18 +834,17 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # -# This code is only required when automatic dependency tracking -# is enabled. FIXME. This creates each '.P' file that we will -# need in order to bootstrap the dependency handling code. +# This code is only required when automatic dependency tracking is enabled. +# This creates each '.Po' and '.Plo' makefile fragment that we'll need in +# order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], - [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) -]) + [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -833,11 +931,11 @@ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: -# -# +# +# AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -901,7 +999,7 @@ END Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . +that behaves properly: . If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM @@ -911,6 +1009,9 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not @@ -940,7 +1041,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -951,7 +1052,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -961,7 +1062,7 @@ if test x"${install_sh}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. +# Copyright (C) 2003-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -982,7 +1083,7 @@ AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -990,49 +1091,42 @@ AC_SUBST([am__leading_dot])]) # AM_MAKE_INCLUDE() # ----------------- -# Check to see how make treats includes. +# Check whether make has an 'include' directive that can support all +# the idioms we need for our automatic dependency tracking code. AC_DEFUN([AM_MAKE_INCLUDE], -[am_make=${MAKE-make} -cat > confinc << 'END' +[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive]) +cat > confinc.mk << 'END' am__doit: - @echo this is the am__doit target + @echo this is the am__doit target >confinc.out .PHONY: am__doit END -# If we don't find an include directive, just comment out the code. -AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= -_am_result=none -# First try GNU make style include. -echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac -# Now try BSD make style include. -if test "$am__include" = "#"; then - echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD - ;; - esac -fi -AC_SUBST([am__include]) -AC_SUBST([am__quote]) -AC_MSG_RESULT([$_am_result]) -rm -f confinc confmf -]) +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out]) + AS_CASE([$?:`cat confinc.out 2>/dev/null`], + ['0:this is the am__doit target'], + [AS_CASE([$s], + [BSD], [am__include='.include' am__quote='"'], + [am__include='include' am__quote=''])]) + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +AC_MSG_RESULT([${_am_result}]) +AC_SUBST([am__include])]) +AC_SUBST([am__quote])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1069,41 +1163,9 @@ else fi ]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# AM_PROG_MKDIR_P -# --------------- -# Check for 'mkdir -p'. -AC_DEFUN([AM_PROG_MKDIR_P], -[AC_PREREQ([2.60])dnl -AC_REQUIRE([AC_PROG_MKDIR_P])dnl -dnl FIXME we are no longer going to remove this! adjust warning -dnl FIXME message accordingly. -AC_DIAGNOSE([obsolete], -[$0: this macro is deprecated, and will soon be removed. -You should use the Autoconf-provided 'AC][_PROG_MKDIR_P' macro instead, -and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.]) -dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, -dnl while keeping a definition of mkdir_p for backward compatibility. -dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. -dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of -dnl Makefile.ins that do not define MKDIR_P, so we do our own -dnl adjustment using top_builddir (which is defined more often than -dnl MKDIR_P). -AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl -case $mkdir_p in - [[\\/$]]* | ?:[[\\/]]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac -]) - # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1132,7 +1194,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1179,242 +1241,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - - -# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# --------------------------------------------------------------------------- -# Adds support for distributing Python modules and packages. To -# install modules, copy them to $(pythondir), using the python_PYTHON -# automake variable. To install a package with the same name as the -# automake package, install to $(pkgpythondir), or use the -# pkgpython_PYTHON automake variable. -# -# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as -# locations to install python extension modules (shared libraries). -# Another macro is required to find the appropriate flags to compile -# extension modules. -# -# If your package is configured with a different prefix to python, -# users will have to add the install directory to the PYTHONPATH -# environment variable, or create a .pth file (see the python -# documentation for details). -# -# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will -# cause an error if the version of python installed on the system -# doesn't meet the requirement. MINIMUM-VERSION should consist of -# numbers and dots only. -AC_DEFUN([AM_PATH_PYTHON], - [ - dnl Find a Python interpreter. Python versions prior to 2.0 are not - dnl supported. (2.0 was released on October 16, 2000). - m4_define_default([_AM_PYTHON_INTERPRETER_LIST], -[python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 dnl - python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) - - AC_ARG_VAR([PYTHON], [the Python interpreter]) - - m4_if([$1],[],[ - dnl No version check is needed. - # Find any Python interpreter. - if test -z "$PYTHON"; then - AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) - fi - am_display_PYTHON=python - ], [ - dnl A version check is needed. - if test -n "$PYTHON"; then - # If the user set $PYTHON, use it and don't search something else. - AC_MSG_CHECKING([whether $PYTHON version is >= $1]) - AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], - [AC_MSG_RESULT([yes])], - [AC_MSG_RESULT([no]) - AC_MSG_ERROR([Python interpreter is too old])]) - am_display_PYTHON=$PYTHON - else - # Otherwise, try each interpreter until we find one that satisfies - # VERSION. - AC_CACHE_CHECK([for a Python interpreter with version >= $1], - [am_cv_pathless_PYTHON],[ - for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do - test "$am_cv_pathless_PYTHON" = none && break - AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) - done]) - # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. - if test "$am_cv_pathless_PYTHON" = none; then - PYTHON=: - else - AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) - fi - am_display_PYTHON=$am_cv_pathless_PYTHON - fi - ]) - - if test "$PYTHON" = :; then - dnl Run any user-specified action, or abort. - m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) - else - - dnl Query Python for its version number. Getting [:3] seems to be - dnl the best way to do this; it's what "site.py" does in the standard - dnl library. - - AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], - [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) - AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) - - dnl Use the values of $prefix and $exec_prefix for the corresponding - dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made - dnl distinct variables so they can be overridden if need be. However, - dnl general consensus is that you shouldn't need this ability. - - AC_SUBST([PYTHON_PREFIX], ['${prefix}']) - AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) - - dnl At times (like when building shared libraries) you may want - dnl to know which OS platform Python thinks this is. - - AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], - [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) - AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) - - # Just factor out some code duplication. - am_python_setup_sysconfig="\ -import sys -# Prefer sysconfig over distutils.sysconfig, for better compatibility -# with python 3.x. See automake bug#10227. -try: - import sysconfig -except ImportError: - can_use_sysconfig = 0 -else: - can_use_sysconfig = 1 -# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: -# -try: - from platform import python_implementation - if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': - can_use_sysconfig = 0 -except ImportError: - pass" - - dnl Set up 4 directories: - - dnl pythondir -- where to install python scripts. This is the - dnl site-packages directory, not the python standard library - dnl directory like in previous automake betas. This behavior - dnl is more consistent with lispdir.m4 for example. - dnl Query distutils for this directory. - AC_CACHE_CHECK([for $am_display_PYTHON script directory], - [am_cv_python_pythondir], - [if test "x$prefix" = xNONE - then - am_py_prefix=$ac_default_prefix - else - am_py_prefix=$prefix - fi - am_cv_python_pythondir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` - case $am_cv_python_pythondir in - $am_py_prefix*) - am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` - am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` - ;; - *) - case $am_py_prefix in - /usr|/System*) ;; - *) - am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages - ;; - esac - ;; - esac - ]) - AC_SUBST([pythondir], [$am_cv_python_pythondir]) - - dnl pkgpythondir -- $PACKAGE directory under pythondir. Was - dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is - dnl more consistent with the rest of automake. - - AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) - - dnl pyexecdir -- directory for installing python extension modules - dnl (shared libraries) - dnl Query distutils for this directory. - AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], - [am_cv_python_pyexecdir], - [if test "x$exec_prefix" = xNONE - then - am_py_exec_prefix=$am_py_prefix - else - am_py_exec_prefix=$exec_prefix - fi - am_cv_python_pyexecdir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` - case $am_cv_python_pyexecdir in - $am_py_exec_prefix*) - am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` - am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` - ;; - *) - case $am_py_exec_prefix in - /usr|/System*) ;; - *) - am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages - ;; - esac - ;; - esac - ]) - AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) - - dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) - - AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) - - dnl Run any user-specified action. - $2 - fi - -]) - - -# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) -# --------------------------------------------------------------------------- -# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. -# Run ACTION-IF-FALSE otherwise. -# This test uses sys.hexversion instead of the string equivalent (first -# word of sys.version), in order to cope with versions such as 2.2c1. -# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). -AC_DEFUN([AM_PYTHON_CHECK_VERSION], - [prog="import sys -# split strings by '.' and convert to numeric. Append some zeros -# because we need at least 4 digits for the hex conversion. -# map returns an iterator in Python 3.0 and a list in 2.x -minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] -minverhex = 0 -# xrange is not present in Python 3.0 and range returns an iterator -for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] -sys.exit(sys.hexversion < minverhex)" - AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) - -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1433,7 +1260,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1514,7 +1341,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2013 Free Software Foundation, Inc. +# Copyright (C) 2009-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1574,7 +1401,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1602,7 +1429,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2013 Free Software Foundation, Inc. +# Copyright (C) 2006-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1621,7 +1448,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2013 Free Software Foundation, Inc. +# Copyright (C) 2004-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1754,6 +1581,7 @@ AC_SUBST([am__untar]) m4_include([m4/gettext.m4]) m4_include([m4/iconv.m4]) +m4_include([m4/intlmacosx.m4]) m4_include([m4/lib-ld.m4]) m4_include([m4/lib-link.m4]) m4_include([m4/lib-prefix.m4]) diff --git a/compile b/compile index 531136b..23fcba0 100755 --- a/compile +++ b/compile @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-10-14.11; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ scriptversion=2012-10-14.11; # UTC # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -53,7 +53,7 @@ func_file_conv () MINGW*) file_conv=mingw ;; - CYGWIN*) + CYGWIN* | MSYS*) file_conv=cygwin ;; *) @@ -67,7 +67,7 @@ func_file_conv () mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin/*) + cygwin/* | msys/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) @@ -255,7 +255,8 @@ EOF echo "compile $scriptversion" exit $? ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac @@ -339,9 +340,9 @@ exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff --git a/config.h.in b/config.h.in index 408e256..0e70551 100644 --- a/config.h.in +++ b/config.h.in @@ -27,6 +27,33 @@ /* cipher mode for LUKS1 */ #undef DEFAULT_LUKS1_MODE +/* Argon2 PBKDF iteration time for LUKS2 (in ms) */ +#undef DEFAULT_LUKS2_ITER_TIME + +/* fallback cipher for LUKS2 keyslot (if data encryption is incompatible) */ +#undef DEFAULT_LUKS2_KEYSLOT_CIPHER + +/* fallback key size for LUKS2 keyslot (if data encryption is incompatible) */ +#undef DEFAULT_LUKS2_KEYSLOT_KEYBITS + +/* default luks2 locking directory permissions */ +#undef DEFAULT_LUKS2_LOCK_DIR_PERMS + +/* path to directory for LUKSv2 locks */ +#undef DEFAULT_LUKS2_LOCK_PATH + +/* Argon2 PBKDF memory cost for LUKS2 (in kB) */ +#undef DEFAULT_LUKS2_MEMORY_KB + +/* Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available) */ +#undef DEFAULT_LUKS2_PARALLEL_THREADS + +/* Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2 */ +#undef DEFAULT_LUKS2_PBKDF + +/* default LUKS format version */ +#undef DEFAULT_LUKS_FORMAT + /* maximum keyfile size (in characters) */ #undef DEFAULT_PASSPHRASE_SIZE_MAX @@ -45,9 +72,15 @@ /* default RNG type for key generator */ #undef DEFAULT_RNG +/* override default path to directory with systemd temporary files */ +#undef DEFAULT_TMPFILESDIR + /* data block size for verity mode */ #undef DEFAULT_VERITY_DATA_BLOCK +/* parity bytes for verity FEC */ +#undef DEFAULT_VERITY_FEC_ROOTS + /* hash function for verity mode */ #undef DEFAULT_VERITY_HASH @@ -63,24 +96,45 @@ /* Enable FIPS mode restrictions */ #undef ENABLE_FIPS +/* XTS mode - double default LUKS keysize if needed */ +#undef ENABLE_LUKS_ADJUST_XTS_KEYSIZE + /* Define to 1 if translation of program messages to the user's native language is requested. */ #undef ENABLE_NLS -/* Enable password quality checking */ +/* Enable password quality checking using passwdqc library */ +#undef ENABLE_PASSWDQC + +/* Enable password quality checking using pwquality library */ #undef ENABLE_PWQUALITY /* Requested gcrypt version */ #undef GCRYPT_REQ_VERSION +/* Define to 1 if you have the header file. */ +#undef HAVE_ARGON2_H + +/* Define to 1 to use blkid for detection of disk signatures. */ +#undef HAVE_BLKID + +/* Define to 1 if you have the header file. */ +#undef HAVE_BLKID_BLKID_H + +/* Define to 1 to use blkid_probe_step_back. */ +#undef HAVE_BLKID_STEP_BACK + +/* Define to 1 to use blkid_do_wipe. */ +#undef HAVE_BLKID_WIPE + /* Define to 1 if you have the header file. */ #undef HAVE_BYTESWAP_H -/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the +/* Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the CoreFoundation framework. */ #undef HAVE_CFLOCALECOPYCURRENT -/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in +/* Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in the CoreFoundation framework. */ #undef HAVE_CFPREFERENCESCOPYAPPVALUE @@ -94,6 +148,50 @@ */ #undef HAVE_DCGETTEXT +/* Define to 1 if you have the declaration of `blkid_do_probe', and to 0 if + you don't. */ +#undef HAVE_DECL_BLKID_DO_PROBE + +/* Define to 1 if you have the declaration of `blkid_do_safeprobe', and to 0 + if you don't. */ +#undef HAVE_DECL_BLKID_DO_SAFEPROBE + +/* Define to 1 if you have the declaration of + `blkid_probe_filter_superblocks_type', and to 0 if you don't. */ +#undef HAVE_DECL_BLKID_PROBE_FILTER_SUPERBLOCKS_TYPE + +/* Define to 1 if you have the declaration of `blkid_probe_lookup_value ', and + to 0 if you don't. */ +#undef HAVE_DECL_BLKID_PROBE_LOOKUP_VALUE__________ + +/* Define to 1 if you have the declaration of `blkid_probe_set_device', and to + 0 if you don't. */ +#undef HAVE_DECL_BLKID_PROBE_SET_DEVICE + +/* Define to 1 if you have the declaration of `blkid_reset_probe', and to 0 if + you don't. */ +#undef HAVE_DECL_BLKID_RESET_PROBE + +/* Define to 1 if you have the declaration of `dm_device_get_name', and to 0 + if you don't. */ +#undef HAVE_DECL_DM_DEVICE_GET_NAME + +/* Define to 1 if you have the declaration of `DM_DEVICE_GET_TARGET_VERSION', + and to 0 if you don't. */ +#undef HAVE_DECL_DM_DEVICE_GET_TARGET_VERSION + +/* Define to 1 if you have the declaration of `dm_device_has_holders', and to + 0 if you don't. */ +#undef HAVE_DECL_DM_DEVICE_HAS_HOLDERS + +/* Define to 1 if you have the declaration of `dm_device_has_mounted_fs', and + to 0 if you don't. */ +#undef HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS + +/* Define to 1 if you have the declaration of `dm_task_deferred_remove', and + to 0 if you don't. */ +#undef HAVE_DECL_DM_TASK_DEFERRED_REMOVE + /* Define to 1 if you have the declaration of `dm_task_retry_remove', and to 0 if you don't. */ #undef HAVE_DECL_DM_TASK_RETRY_REMOVE @@ -106,10 +204,26 @@ `DM_UDEV_DISABLE_DISK_RULES_FLAG', and to 0 if you don't. */ #undef HAVE_DECL_DM_UDEV_DISABLE_DISK_RULES_FLAG +/* Define to 1 if you have the declaration of `GCRY_CIPHER_MODE_XTS', and to 0 + if you don't. */ +#undef HAVE_DECL_GCRY_CIPHER_MODE_XTS + +/* Define to 1 if you have the declaration of `json_object_deep_copy', and to + 0 if you don't. */ +#undef HAVE_DECL_JSON_OBJECT_DEEP_COPY + +/* Define to 1 if you have the declaration of `json_object_object_add_ex', and + to 0 if you don't. */ +#undef HAVE_DECL_JSON_OBJECT_OBJECT_ADD_EX + /* Define to 1 if you have the declaration of `NSS_GetVersion', and to 0 if you don't. */ #undef HAVE_DECL_NSS_GETVERSION +/* Define to 1 if you have the declaration of `O_CLOEXEC', and to 0 if you + don't. */ +#undef HAVE_DECL_O_CLOEXEC + /* Define to 1 if you have the declaration of `strerror_r', and to 0 if you don't. */ #undef HAVE_DECL_STRERROR_R @@ -124,6 +238,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_ENDIAN_H +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H @@ -133,12 +250,15 @@ /* Define if the GNU gettext() function is already present or preinstalled. */ #undef HAVE_GETTEXT -/* Define if you have the iconv() function. */ +/* Define if you have the iconv() function and it works. */ #undef HAVE_ICONV /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H +/* Define to 1 if the system has the type `key_serial_t'. */ +#undef HAVE_KEY_SERIAL_T + /* Define to 1 if you have the `devmapper' library (-ldevmapper). */ #undef HAVE_LIBDEVMAPPER @@ -163,6 +283,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LINUX_IF_ALG_H +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_KEYCTL_H + /* Define to 1 if you have the header file. */ #undef HAVE_LOCALE_H @@ -178,6 +301,12 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NETTLE_SHA_H +/* Define to 1 if you have the header file. */ +#undef HAVE_NETTLE_VERSION_H + +/* Define to 1 if you have the `posix_fallocate' function. */ +#undef HAVE_POSIX_FALLOCATE + /* Define to 1 if you have the `posix_memalign' function. */ #undef HAVE_POSIX_MEMALIGN @@ -210,9 +339,15 @@ */ #undef HAVE_SYS_NDIR_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STATVFS_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SYSMACROS_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H @@ -222,10 +357,18 @@ /* Define to 1 if you have the header file. */ #undef HAVE_UUID_UUID_H -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define as const if the declaration of iconv() needs const. */ +#undef ICONV_CONST + +/* Enable kernel keyring service support */ +#undef KERNEL_KEYRING + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR +/* Defined to 0 if not provided */ +#undef O_CLOEXEC + /* Name of package */ #undef PACKAGE @@ -247,12 +390,18 @@ /* Define to the version of this package. */ #undef PACKAGE_VERSION +/* passwdqc library config file */ +#undef PASSWDQC_CONFIG_FILE + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define to 1 if strerror_r returns char *. */ #undef STRERROR_R_CHAR_P +/* Use internal Argon2 */ +#undef USE_INTERNAL_ARGON2 + /* Use internal PBKDF2 */ #undef USE_INTERNAL_PBKDF2 @@ -325,3 +474,17 @@ /* Define to `long int' if does not define. */ #undef off_t + +/* Define to the equivalent of the C99 'restrict' keyword, or to + nothing if this is not supported. Do not define if restrict is + supported directly. */ +#undef restrict +/* Work around a bug in Sun C++: it does not support _Restrict or + __restrict__, even though the corresponding Sun C compiler ends up with + "#define restrict _Restrict" or "#define restrict __restrict__" in the + previous line. Perhaps some future version of Sun C++ will work with + restrict; if so, hopefully it defines __RESTRICT like Sun C does. */ +#if defined __SUNPRO_CC && !defined __RESTRICT +# define _Restrict +# define __restrict__ +#endif diff --git a/config.rpath b/config.rpath index c492a93..c38b914 100755 --- a/config.rpath +++ b/config.rpath @@ -2,7 +2,7 @@ # Output a system dependent set of variables, describing how to set the # run time search path of shared libraries in an executable. # -# Copyright 1996-2006 Free Software Foundation, Inc. +# Copyright 1996-2013 Free Software Foundation, Inc. # Taken from GNU libtool, 2001 # Originally by Gordon Matzigkeit , 1996 # @@ -25,7 +25,7 @@ # known workaround is to choose shorter directory names for the build # directory and/or the installation directory. -# All known linkers require a `.a' archive for static linking (except MSVC, +# All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a shrext=.so @@ -47,7 +47,7 @@ for cc_temp in $CC""; do done cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'` -# Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC. +# Code taken from libtool.m4's _LT_COMPILER_PIC. wl= if test "$GCC" = yes; then @@ -57,14 +57,7 @@ else aix*) wl='-Wl,' ;; - darwin*) - case $cc_basename in - xlc*) - wl='-Wl,' - ;; - esac - ;; - mingw* | pw32* | os2*) + mingw* | cygwin* | pw32* | os2* | cegcc*) ;; hpux9* | hpux10* | hpux11*) wl='-Wl,' @@ -72,24 +65,37 @@ else irix5* | irix6* | nonstopux*) wl='-Wl,' ;; - newsos6) - ;; - linux*) + linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in - icc* | ecc*) + ecc*) wl='-Wl,' ;; - pgcc | pgf77 | pgf90) + icc* | ifort*) + wl='-Wl,' + ;; + lf95*) + wl='-Wl,' + ;; + nagfor*) + wl='-Wl,-Wl,,' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) wl='-Wl,' ;; ccc*) wl='-Wl,' ;; + xl* | bgxl* | bgf* | mpixl*) + wl='-Wl,' + ;; como) wl='-lopt=' ;; *) case `$CC -V 2>&1 | sed 5q` in + *Sun\ F* | *Sun*Fortran*) + wl= + ;; *Sun\ C*) wl='-Wl,' ;; @@ -97,22 +103,36 @@ else ;; esac ;; + newsos6) + ;; + *nto* | *qnx*) + ;; osf3* | osf4* | osf5*) wl='-Wl,' ;; - sco3.2v5*) + rdos*) ;; solaris*) - wl='-Wl,' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + wl='-Qoption ld ' + ;; + *) + wl='-Wl,' + ;; + esac ;; sunos4*) wl='-Qoption ld ' ;; - sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + sysv4 | sysv4.2uw2* | sysv4.3*) wl='-Wl,' ;; sysv4*MP*) ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + wl='-Wl,' + ;; unicos*) wl='-Wl,' ;; @@ -121,7 +141,7 @@ else esac fi -# Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS. +# Code taken from libtool.m4's _LT_LINKER_SHLIBS. hardcode_libdir_flag_spec= hardcode_libdir_separator= @@ -129,7 +149,7 @@ hardcode_direct=no hardcode_minus_L=no case "$host_os" in - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. @@ -155,22 +175,21 @@ if test "$with_gnu_ld" = yes; then # option of GNU ld is called -rpath, not --rpath. hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' case "$host_os" in - aix3* | aix4* | aix5*) + aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no fi ;; amigaos*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - # Samuel A. Falvo II reports - # that the semantics of dynamic libraries on AmigaOS, at least up - # to version 4, is to share data among multiple programs linked - # with the same dynamic library. Since this doesn't match the - # behavior of shared libraries on other platforms, we cannot use - # them. - ld_shlibs=no + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then @@ -179,7 +198,7 @@ if test "$with_gnu_ld" = yes; then ld_shlibs=no fi ;; - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' @@ -189,11 +208,13 @@ if test "$with_gnu_ld" = yes; then ld_shlibs=no fi ;; - interix3*) + haiku*) + ;; + interix[3-9]*) hardcode_direct=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; - linux*) + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else @@ -251,7 +272,7 @@ else hardcode_direct=unsupported fi ;; - aix4* | aix5*) + aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. @@ -261,7 +282,7 @@ else # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. - case $host_os in aix4.[23]|aix4.[23].*|aix5*) + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes @@ -280,7 +301,7 @@ else strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 - hardcode_direct=yes + : else # We have old collect2 hardcode_direct=unsupported @@ -316,14 +337,18 @@ else fi ;; amigaos*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - # see comment about different semantics on the GNU ld section - ld_shlibs=no + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac ;; bsdi[45]*) ;; - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is @@ -333,24 +358,15 @@ else ;; darwin* | rhapsody*) hardcode_direct=no - if test "$GCC" = yes ; then + if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then : else - case $cc_basename in - xlc*) - ;; - *) - ld_shlibs=no - ;; - esac + ld_shlibs=no fi ;; dgux*) hardcode_libdir_flag_spec='-L$libdir' ;; - freebsd1*) - ld_shlibs=no - ;; freebsd2.2*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes @@ -359,7 +375,7 @@ else hardcode_direct=yes hardcode_minus_L=yes ;; - freebsd* | kfreebsd*-gnu | dragonfly*) + freebsd* | dragonfly*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; @@ -411,19 +427,25 @@ else hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; + *nto* | *qnx*) + ;; openbsd*) - hardcode_direct=yes - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + else + case "$host_os" in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi else - case "$host_os" in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - hardcode_libdir_flag_spec='-R$libdir' - ;; - *) - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - esac + ld_shlibs=no fi ;; os2*) @@ -471,7 +493,7 @@ else ld_shlibs=yes fi ;; - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) ;; sysv5* | sco3.2v5* | sco5v6*) hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' @@ -487,34 +509,58 @@ else fi # Check dynamic linker characteristics -# Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER. +# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER. +# Unlike libtool.m4, here we don't care about _all_ names of the library, but +# only about the one the linker finds when passed -lNAME. This is the last +# element of library_names_spec in libtool.m4, or possibly two of them if the +# linker has special search rules. +library_names_spec= # the last element of library_names_spec in libtool.m4 libname_spec='lib$name' case "$host_os" in aix3*) + library_names_spec='$libname.a' ;; - aix4* | aix5*) + aix[4-9]*) + library_names_spec='$libname$shrext' ;; amigaos*) + case "$host_cpu" in + powerpc*) + library_names_spec='$libname$shrext' ;; + m68k) + library_names_spec='$libname.a' ;; + esac ;; beos*) + library_names_spec='$libname$shrext' ;; bsdi[45]*) + library_names_spec='$libname$shrext' ;; - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) shrext=.dll + library_names_spec='$libname.dll.a $libname.lib' ;; darwin* | rhapsody*) shrext=.dylib + library_names_spec='$libname$shrext' ;; dgux*) - ;; - freebsd1*) - ;; - kfreebsd*-gnu) + library_names_spec='$libname$shrext' ;; freebsd* | dragonfly*) + case "$host_os" in + freebsd[123]*) + library_names_spec='$libname$shrext$versuffix' ;; + *) + library_names_spec='$libname$shrext' ;; + esac ;; gnu*) + library_names_spec='$libname$shrext' + ;; + haiku*) + library_names_spec='$libname$shrext' ;; hpux9* | hpux10* | hpux11*) case $host_cpu in @@ -528,10 +574,13 @@ case "$host_os" in shrext=.sl ;; esac + library_names_spec='$libname$shrext' ;; - interix3*) + interix[3-9]*) + library_names_spec='$libname$shrext' ;; irix5* | irix6* | nonstopux*) + library_names_spec='$libname$shrext' case "$host_os" in irix5* | nonstopux*) libsuff= shlibsuff= @@ -548,41 +597,62 @@ case "$host_os" in ;; linux*oldld* | linux*aout* | linux*coff*) ;; - linux*) + linux* | k*bsd*-gnu | kopensolaris*-gnu) + library_names_spec='$libname$shrext' ;; knetbsd*-gnu) + library_names_spec='$libname$shrext' ;; netbsd*) + library_names_spec='$libname$shrext' ;; newsos6) + library_names_spec='$libname$shrext' ;; - nto-qnx*) + *nto* | *qnx*) + library_names_spec='$libname$shrext' ;; openbsd*) + library_names_spec='$libname$shrext$versuffix' ;; os2*) libname_spec='$name' shrext=.dll + library_names_spec='$libname.a' ;; osf3* | osf4* | osf5*) + library_names_spec='$libname$shrext' + ;; + rdos*) ;; solaris*) + library_names_spec='$libname$shrext' ;; sunos4*) + library_names_spec='$libname$shrext$versuffix' ;; sysv4 | sysv4.3*) + library_names_spec='$libname$shrext' ;; sysv4*MP*) + library_names_spec='$libname$shrext' ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + library_names_spec='$libname$shrext' + ;; + tpf*) + library_names_spec='$libname$shrext' ;; uts4*) + library_names_spec='$libname$shrext' ;; esac sed_quote_subst='s/\(["`$\\]\)/\\\1/g' escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` shlibext=`echo "$shrext" | sed -e 's,^\.,,'` +escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` +escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <. +# along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -25,7 +25,7 @@ timestamp='2014-09-11' # of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -33,7 +33,7 @@ timestamp='2014-09-11' # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -53,12 +53,11 @@ timestamp='2014-09-11' me=`echo "$0" | sed -e 's,.*/,,'` usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -68,7 +67,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -95,7 +94,7 @@ while test $# -gt 0 ; do *local*) # First pass through any local machine types. - echo $1 + echo "$1" exit ;; * ) @@ -113,24 +112,24 @@ esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ - kopensolaris*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` + basic_machine=`echo "$1" | sed 's/-[^-]*$//'` + if [ "$basic_machine" != "$1" ] + then os=`echo "$1" | sed 's/.*-/-/'` else os=; fi ;; esac @@ -179,44 +178,44 @@ case $os in ;; -sco6) os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 @@ -228,10 +227,7 @@ case $os in os=-lynxos ;; -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` ;; -psos*) os=-psos @@ -255,15 +251,16 @@ case $basic_machine in | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ - | i370 | i860 | i960 | ia64 \ + | i370 | i860 | i960 | ia16 | ia64 \ | ip2k | iq2000 \ | k1om \ | le32 | le64 \ @@ -299,13 +296,14 @@ case $basic_machine in | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 | or1k | or1knd | or32 \ - | pdp10 | pdp11 | pj | pjl \ + | pdp10 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ | pyramid \ | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -313,7 +311,8 @@ case $basic_machine in | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | we32k \ + | visium \ + | wasm32 \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown @@ -327,11 +326,14 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) ;; ms1) basic_machine=mt-unknown @@ -360,7 +362,7 @@ case $basic_machine in ;; # Object if more than one company name word. *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. @@ -372,17 +374,18 @@ case $basic_machine in | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ + | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ | ip2k-* | iq2000-* \ | k1om-* \ | le32-* | le64-* \ @@ -423,13 +426,15 @@ case $basic_machine in | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -437,6 +442,8 @@ case $basic_machine in | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ + | wasm32-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -450,7 +457,7 @@ case $basic_machine in # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) - basic_machine=i386-unknown + basic_machine=i386-pc os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) @@ -484,7 +491,7 @@ case $basic_machine in basic_machine=x86_64-pc ;; amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl @@ -513,6 +520,9 @@ case $basic_machine in basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -526,7 +536,7 @@ case $basic_machine in os=-linux ;; blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) @@ -534,13 +544,13 @@ case $basic_machine in os=-cnk ;; c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray @@ -629,10 +639,18 @@ case $basic_machine in basic_machine=rs6000-bull os=-bosx ;; - dpx2* | dpx2*-bull) + dpx2*) basic_machine=m68k-bull os=-sysv3 ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=$os"spe" + ;; ebmon29k) basic_machine=a29k-amd os=-ebmon @@ -722,9 +740,6 @@ case $basic_machine in hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; - hppa-next) - os=-nextstep3 - ;; hppaosf) basic_machine=hppa1.1-hp os=-osf @@ -737,26 +752,26 @@ case $basic_machine in basic_machine=i370-ibm ;; i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; - i386-vsta | vsta) + vsta) basic_machine=i386-unknown os=-vsta ;; @@ -774,17 +789,17 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; - m88k-omron*) - basic_machine=m88k-omron - ;; magnum | m3230) basic_machine=mips-mips os=-sysv @@ -816,10 +831,10 @@ case $basic_machine in os=-mint ;; mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` ;; mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k @@ -838,7 +853,7 @@ case $basic_machine in os=-msdos ;; ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i686-pc @@ -880,7 +895,7 @@ case $basic_machine in basic_machine=v70-nec os=-sysv ;; - next | m*-next ) + next | m*-next) basic_machine=m68k-next case $os in -nextstep* ) @@ -925,6 +940,12 @@ case $basic_machine in nsr-tandem) basic_machine=nsr-tandem ;; + nsv-tandem) + basic_machine=nsv-tandem + ;; + nsx-tandem) + basic_machine=nsx-tandem + ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf @@ -957,7 +978,7 @@ case $basic_machine in os=-linux ;; parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; pbd) @@ -973,7 +994,7 @@ case $basic_machine in basic_machine=i386-pc ;; pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc @@ -988,16 +1009,16 @@ case $basic_machine in basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould @@ -1007,23 +1028,23 @@ case $basic_machine in ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppcle | powerpclittle | ppc-le | powerpc-little) + ppcle | powerpclittle) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) + ppc64le | powerpc64little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm @@ -1077,17 +1098,10 @@ case $basic_machine in sequent) basic_machine=i386-sequent ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; sh5el) basic_machine=sh5le-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) + simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; @@ -1106,7 +1120,7 @@ case $basic_machine in os=-sysv4 ;; strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun @@ -1228,6 +1242,9 @@ case $basic_machine in basic_machine=hppa1.1-winbond os=-proelf ;; + x64) + basic_machine=x86_64-pc + ;; xbox) basic_machine=i686-pc os=-mingw32 @@ -1236,20 +1253,12 @@ case $basic_machine in basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; none) basic_machine=none-none os=-none @@ -1278,10 +1287,6 @@ case $basic_machine in vax) basic_machine=vax-dec ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; pdp11) basic_machine=pdp11-dec ;; @@ -1291,9 +1296,6 @@ case $basic_machine in sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; cydra) basic_machine=cydra-cydrome ;; @@ -1313,7 +1315,7 @@ case $basic_machine in # Make sure to match an already-canonicalized machine name. ;; *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; esac @@ -1321,10 +1323,10 @@ esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` ;; *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` ;; *) ;; @@ -1335,8 +1337,8 @@ esac if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases that might get confused + # with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux @@ -1347,45 +1349,48 @@ case $os in -solaris) os=-solaris2 ;; - -svr4*) - os=-sysv4 - ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; - # First accept the basic system types. + # es1800 is here to avoid being matched by es* (a different OS) + -es1800*) + os=-ose + ;; + # Now accept the basic system types. # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. + # Each alternative MUST end in a * to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ + | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ + | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -morphos* | -superux* | -rtmk* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \ + | -midnightbsd*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1402,12 +1407,12 @@ case $os in -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + -sim | -xray | -os68k* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) - os=`echo $os | sed -e 's|mac|macos|'` + os=`echo "$os" | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc @@ -1416,10 +1421,10 @@ case $os in os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition @@ -1430,12 +1435,6 @@ case $os in -wince*) os=-wince ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; -utek*) os=-bsd ;; @@ -1460,7 +1459,7 @@ case $os in -nova*) os=-rtmk-nova ;; - -ns2 ) + -ns2) os=-nextstep2 ;; -nsk*) @@ -1482,7 +1481,7 @@ case $os in -oss*) os=-sysv3 ;; - -svr4) + -svr4*) os=-sysv4 ;; -svr3) @@ -1497,32 +1496,38 @@ case $os in -ose*) os=-ose ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; - -aros*) - os=-aros - ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; + -pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $basic_machine in + arm*) + os=-eabi + ;; + *) + os=-elf + ;; + esac + ;; -nacl*) ;; + -ios) + ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 exit 1 ;; esac @@ -1612,12 +1617,12 @@ case $basic_machine in sparc-* | *-sun) os=-sunos4.1.1 ;; + pru-*) + os=-elf + ;; *-be) os=-beos ;; - *-haiku) - os=-haiku - ;; *-ibm) os=-aix ;; @@ -1657,7 +1662,7 @@ case $basic_machine in m88k-omron*) os=-luna ;; - *-next ) + *-next) os=-nextstep ;; *-sequent) @@ -1672,9 +1677,6 @@ case $basic_machine in i370-*) os=-mvs ;; - *-next) - os=-nextstep3 - ;; *-gould) os=-sysv ;; @@ -1784,15 +1786,15 @@ case $basic_machine in vendor=stratus ;; esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` ;; esac -echo $basic_machine$os +echo "$basic_machine$os" exit # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'write-file-functions 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/configure b/configure index 0067979..145be42 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for cryptsetup 1.6.7. +# Generated by GNU Autoconf 2.69 for cryptsetup 2.3.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='cryptsetup' PACKAGE_TARNAME='cryptsetup' -PACKAGE_VERSION='1.6.7' -PACKAGE_STRING='cryptsetup 1.6.7' +PACKAGE_VERSION='2.3.3' +PACKAGE_STRING='cryptsetup 2.3.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -630,31 +630,40 @@ ac_includes_default="\ # include #endif" +gt_needs= ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS LIBOBJS -PYTHON_CRYPTSETUP_FALSE -PYTHON_CRYPTSETUP_TRUE -PYTHON_LIBS -PYTHON_INCLUDES -pkgpyexecdir -pyexecdir -pkgpythondir -pythondir -PYTHON_PLATFORM -PYTHON_EXEC_PREFIX -PYTHON_PREFIX -PYTHON_VERSION -PYTHON +DEFAULT_LUKS2_LOCK_DIR_PERMS +DEFAULT_LUKS2_LOCK_PATH +CRYPTSETUP_TMPFILE_FALSE +CRYPTSETUP_TMPFILE_TRUE +DEFAULT_TMPFILESDIR LIBCRYPTSETUP_VERSION_INFO LIBCRYPTSETUP_VERSION CRYPTO_STATIC_LIBS CRYPTO_LIBS CRYPTO_CFLAGS +PASSWDQC_LIBS PWQUALITY_STATIC_LIBS +systemd_tmpfilesdir DEVMAPPER_STATIC_LIBS DEVMAPPER_STATIC_CFLAGS +HAVE_BLKID_STEP_BACK_FALSE +HAVE_BLKID_STEP_BACK_TRUE +HAVE_BLKID_WIPE_FALSE +HAVE_BLKID_WIPE_TRUE +HAVE_BLKID_FALSE +HAVE_BLKID_TRUE +BLKID_LIBS +BLKID_CFLAGS +CRYPTO_INTERNAL_SSE_ARGON2_FALSE +CRYPTO_INTERNAL_SSE_ARGON2_TRUE +CRYPTO_INTERNAL_ARGON2_FALSE +CRYPTO_INTERNAL_ARGON2_TRUE +LIBARGON2_LIBS +LIBARGON2_CFLAGS CRYPTO_INTERNAL_PBKDF2_FALSE CRYPTO_INTERNAL_PBKDF2_TRUE CRYPTO_BACKEND_NETTLE_FALSE @@ -676,12 +685,18 @@ OPENSSL_CFLAGS LIBGCRYPT_LIBS LIBGCRYPT_CFLAGS LIBGCRYPT_CONFIG +JSON_C_LIBS +JSON_C_CFLAGS DEVMAPPER_LIBS DEVMAPPER_CFLAGS +INTEGRITYSETUP_FALSE +INTEGRITYSETUP_TRUE REENCRYPT_FALSE REENCRYPT_TRUE VERITYSETUP_FALSE VERITYSETUP_TRUE +CRYPTSETUP_FALSE +CRYPTSETUP_TRUE STATIC_TOOLS_FALSE STATIC_TOOLS_TRUE PWQUALITY_LIBS @@ -691,9 +706,8 @@ POSUB LTLIBINTL LIBINTL INTLLIBS -LTLIBICONV -LIBICONV INTL_MACOSX_LIBS +XGETTEXT_EXTRA_OPTIONS MSGMERGE XGETTEXT_015 XGETTEXT @@ -701,11 +715,17 @@ GMSGFMT_015 MSGFMT_015 GMSGFMT MSGFMT +GETTEXT_MACRO_VERSION USE_NLS UUID_LIBS +KERNEL_KEYRING_FALSE +KERNEL_KEYRING_TRUE +LTLIBICONV +LIBICONV PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG +LT_SYS_LIBRARY_PATH OTOOL64 OTOOL LIPO @@ -735,7 +755,6 @@ am__nodep AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE -am__quote am__include DEPDIR OBJEXT @@ -799,6 +818,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -817,7 +837,8 @@ PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR -SHELL' +SHELL +am__quote' ac_subst_files='' ac_user_opts=' enable_option_checking @@ -827,28 +848,35 @@ enable_static enable_shared with_pic enable_fast_install +with_aix_soname with_gnu_ld with_sysroot enable_libtool_lock -enable_largefile -enable_nls enable_rpath with_libiconv_prefix +enable_keyring +enable_largefile +enable_nls with_libintl_prefix enable_fips enable_pwquality +enable_passwdqc enable_static_cryptsetup +enable_cryptsetup enable_veritysetup enable_cryptsetup_reencrypt +enable_integritysetup enable_selinux enable_udev with_crypto_backend enable_kernel_crypto enable_gcrypt_pbkdf2 with_libgcrypt_prefix +enable_internal_argon2 +enable_libargon2 +enable_internal_sse_argon2 +enable_blkid enable_dev_random -enable_python -with_python_version with_plain_hash with_plain_cipher with_plain_mode @@ -857,7 +885,14 @@ with_luks1_hash with_luks1_cipher with_luks1_mode with_luks1_keybits +enable_luks_adjust_xts_keysize +with_luks2_pbkdf with_luks1_iter_time +with_luks2_iter_time +with_luks2_memory_kb +with_luks2_parallel_threads +with_luks2_keyslot_cipher +with_luks2_keyslot_keybits with_loopaes_cipher with_loopaes_keybits with_keyfile_size_maxkb @@ -866,6 +901,11 @@ with_verity_hash with_verity_data_block with_verity_hash_block with_verity_salt_size +with_verity_fec_roots +with_tmpfilesdir +with_luks2_lock_path +with_luks2_lock_dir_perms +with_default_luks_format ' ac_precious_vars='build_alias host_alias @@ -876,6 +916,7 @@ LDFLAGS LIBS CPPFLAGS CPP +LT_SYS_LIBRARY_PATH PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR @@ -883,15 +924,21 @@ PWQUALITY_CFLAGS PWQUALITY_LIBS DEVMAPPER_CFLAGS DEVMAPPER_LIBS +JSON_C_CFLAGS +JSON_C_LIBS OPENSSL_CFLAGS OPENSSL_LIBS OPENSSL_STATIC_CFLAGS OPENSSL_STATIC_LIBS NSS_CFLAGS NSS_LIBS +LIBARGON2_CFLAGS +LIBARGON2_LIBS +BLKID_CFLAGS +BLKID_LIBS DEVMAPPER_STATIC_CFLAGS DEVMAPPER_STATIC_LIBS -PYTHON' +systemd_tmpfilesdir' # Initialize some variables set by options. @@ -930,6 +977,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1182,6 +1230,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1319,7 +1376,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1432,7 +1489,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures cryptsetup 1.6.7 to adapt to many kinds of systems. +\`configure' configures cryptsetup 2.3.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1472,6 +1529,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1502,7 +1560,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of cryptsetup 1.6.7:";; + short | recursive ) echo "Configuration of cryptsetup 2.3.3:";; esac cat <<\_ACEOF @@ -1521,57 +1579,92 @@ Optional Features: --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) + --disable-rpath do not hardcode runtime library paths + --disable-keyring disable kernel keyring support and builtin kernel + keyring token --disable-largefile omit support for large files --disable-nls do not use Native Language Support - --disable-rpath do not hardcode runtime library paths --enable-fips enable FIPS mode restrictions - --enable-pwquality enable password quality checking + --enable-pwquality enable password quality checking using pwquality + library + --enable-passwdqc[=CONFIG_PATH] + enable password quality checking using passwdqc + library (optionally with CONFIG_PATH) --enable-static-cryptsetup - enable build of static cryptsetup binary + enable build of static version of tools + --disable-cryptsetup disable cryptsetup support --disable-veritysetup disable veritysetup support - --enable-cryptsetup-reencrypt - enable cryptsetup-reencrypt tool + --disable-cryptsetup-reencrypt + disable cryptsetup-reencrypt tool + --disable-integritysetup + disable integritysetup support --disable-selinux disable selinux support [default=auto] --disable-udev disable udev support --disable-kernel_crypto disable kernel userspace crypto (no benchmark and tcrypt) - --enable-gcrypt-pbkdf2 force enable internal gcrypt PBKDF2 - --enable-dev-random use blocking /dev/random by default for key - generator (otherwise use /dev/urandom) - --enable-python enable Python bindings + --enable-gcrypt-pbkdf2 force enable internal gcrypt PBKDF2 + --disable-internal-argon2 + disable internal implementation of Argon2 PBKDF + --enable-libargon2 enable external libargon2 (PHC) library (disables + internal bundled version) + --enable-internal-sse-argon2 + enable internal SSE implementation of Argon2 PBKDF + --disable-blkid disable use of blkid for device signature detection + and wiping + --enable-dev-random use /dev/random by default for key generation + (otherwise use /dev/urandom) + --disable-luks-adjust-xts-keysize + XTS mode requires two keys, double default LUKS + keysize if needed Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] + --with-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-sysroot[=DIR] Search for dependent libraries within DIR (or the + compiler's sysroot if not specified). --with-gnu-ld assume the C compiler uses GNU ld [default=no] - --with-sysroot=DIR Search for dependent libraries within DIR - (or the compiler's sysroot if not specified). - --with-gnu-ld assume the C compiler uses GNU ld default=no --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib --without-libiconv-prefix don't search for libiconv in includedir and libdir --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib --without-libintl-prefix don't search for libintl in includedir and libdir --with-crypto_backend=BACKEND crypto backend (gcrypt/openssl/nss/kernel/nettle) - [gcrypt] + [openssl] --with-libgcrypt-prefix=PFX prefix where LIBGCRYPT is installed (optional) - --with-python_version=VERSION - required Python version [2.6] --with-plain-hash default password hashing function for plain mode [ripemd160] --with-plain-cipher default cipher for plain mode [aes] --with-plain-mode default cipher mode for plain mode [cbc-essiv:sha256] --with-plain-keybits default key length in bits for plain mode [256] - --with-luks1-hash default hash function for LUKS1 header [sha1] + --with-luks1-hash default hash function for LUKS1 header [sha256] --with-luks1-cipher default cipher for LUKS1 [aes] --with-luks1-mode default cipher mode for LUKS1 [xts-plain64] --with-luks1-keybits default key length in bits for LUKS1 [256] + --with-luks2-pbkdf default Default PBKDF algorithm (pbkdf2 or + argon2i/argon2id) for LUKS2 [argon2i] --with-luks1-iter-time default PBKDF2 iteration time for LUKS1 (in ms) - [1000] + [2000] + --with-luks2-iter-time default Argon2 PBKDF iteration time for LUKS2 (in + ms) [2000] + --with-luks2-memory-kb default Argon2 PBKDF memory cost for LUKS2 (in kB) + [1048576] + --with-luks2-parallel-threads + default Argon2 PBKDF max parallel cost for LUKS2 (if + CPUs available) [4] + --with-luks2-keyslot-cipher + default fallback cipher for LUKS2 keyslot (if data + encryption is incompatible) [aes-xts-plain64] + --with-luks2-keyslot-keybits + default fallback key size for LUKS2 keyslot (if data + encryption is incompatible) [512] --with-loopaes-cipher default cipher for loop-AES mode [aes] --with-loopaes-keybits default key length in bits for loop-AES mode [256] --with-keyfile-size-maxkb @@ -1584,6 +1677,16 @@ Optional Packages: --with-verity-hash-block default hash block size for verity mode [4096] --with-verity-salt-size default salt size for verity mode [32] + --with-verity-fec-roots default parity bytes for verity FEC [2] + --with-tmpfilesdir default override default path to directory with + systemd temporary files [] + --with-luks2-lock-path default path to directory for LUKSv2 locks + [/run/cryptsetup] + --with-luks2-lock-dir-perms + default default luks2 locking directory permissions + [0700] + --with-default-luks-format=FORMAT + default LUKS format version (LUKS1/LUKS2) [LUKS2] Some influential environment variables: CC C compiler command @@ -1594,6 +1697,8 @@ Some influential environment variables: CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor + LT_SYS_LIBRARY_PATH + User-defined run-time library search path. PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path @@ -1607,6 +1712,9 @@ Some influential environment variables: C compiler flags for DEVMAPPER, overriding pkg-config DEVMAPPER_LIBS linker flags for DEVMAPPER, overriding pkg-config + JSON_C_CFLAGS + C compiler flags for JSON_C, overriding pkg-config + JSON_C_LIBS linker flags for JSON_C, overriding pkg-config OPENSSL_CFLAGS C compiler flags for OPENSSL, overriding pkg-config OPENSSL_LIBS @@ -1617,11 +1725,19 @@ Some influential environment variables: linker flags for OPENSSL_STATIC, overriding pkg-config NSS_CFLAGS C compiler flags for NSS, overriding pkg-config NSS_LIBS linker flags for NSS, overriding pkg-config + LIBARGON2_CFLAGS + C compiler flags for LIBARGON2, overriding pkg-config + LIBARGON2_LIBS + linker flags for LIBARGON2, overriding pkg-config + BLKID_CFLAGS + C compiler flags for BLKID, overriding pkg-config + BLKID_LIBS linker flags for BLKID, overriding pkg-config DEVMAPPER_STATIC_CFLAGS C compiler flags for DEVMAPPER_STATIC, overriding pkg-config DEVMAPPER_STATIC_LIBS linker flags for DEVMAPPER_STATIC, overriding pkg-config - PYTHON the Python interpreter + systemd_tmpfilesdir + value of tmpfilesdir for systemd, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1689,7 +1805,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -cryptsetup configure 1.6.7 +cryptsetup configure 2.3.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2051,6 +2167,52 @@ $as_echo "$ac_res" >&6; } } # ac_fn_c_check_func +# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES +# --------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_c_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_decl + # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache @@ -2104,57 +2266,11 @@ $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type - -# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -# --------------------------------------------- -# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -# accordingly. -ac_fn_c_check_decl () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - as_decl_name=`echo $2|sed 's/ *(.*//'` - as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -#ifndef $as_decl_name -#ifdef __cplusplus - (void) $as_decl_use; -#else - (void) $as_decl_name; -#endif -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_decl cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by cryptsetup $as_me 1.6.7, which was +It was created by cryptsetup $as_me 2.3.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2434,6 +2550,7 @@ $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi +gt_needs="$gt_needs need-ngettext" # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false @@ -2504,7 +2621,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) -LIBCRYPTSETUP_VERSION_INFO=11:0:7 +LIBCRYPTSETUP_VERSION_INFO=18:0:6 # Check whether --enable-silent-rules was given. if test "${enable_silent_rules+set}" = set; then : @@ -2555,8 +2672,8 @@ ac_config_headers="$ac_config_headers config.h:config.h.in" # http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html # For old automake use this -#AM_INIT_AUTOMAKE(dist-xz) -am__api_version='1.14' +#AM_INIT_AUTOMAKE(dist-xz subdir-objects) +am__api_version='1.16' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do @@ -2777,7 +2894,7 @@ else $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -3032,7 +3149,7 @@ fi # Define the identity of the package. PACKAGE='cryptsetup' - VERSION='1.6.7' + VERSION='2.3.3' cat >>confdefs.h <<_ACEOF @@ -3062,12 +3179,12 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: -# -# +# +# mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -3114,7 +3231,7 @@ END Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . +that behaves properly: . If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM @@ -3206,45 +3323,45 @@ DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" - -am_make=${MAKE-make} -cat > confinc << 'END' +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } +cat > confinc.mk << 'END' am__doit: - @echo this is the am__doit target + @echo this is the am__doit target >confinc.out .PHONY: am__doit END -# If we don't find an include directive, just comment out the code. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 -$as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= -_am_result=none -# First try GNU make style include. -echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac -# Now try BSD make style include. -if test "$am__include" = "#"; then - echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 + (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + case $?:`cat confinc.out 2>/dev/null` in #( + '0:this is the am__doit target') : + case $s in #( + BSD) : + am__include='.include' am__quote='"' ;; #( + *) : + am__include='include' am__quote='' ;; +esac ;; #( + *) : ;; - esac -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 -$as_echo "$_am_result" >&6; } -rm -f confinc confmf +esac + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +$as_echo "${_am_result}" >&6; } # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : @@ -5605,14 +5722,14 @@ if test "${enable_static+set}" = set; then : *) enable_static=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_static=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -5635,8 +5752,8 @@ esac -macro_version='2.4.2' -macro_revision='1.3337' +macro_version='2.4.6' +macro_revision='2.4.6' @@ -5650,7 +5767,7 @@ macro_revision='1.3337' -ltmain="$ac_aux_dir/ltmain.sh" +ltmain=$ac_aux_dir/ltmain.sh # Backslashify metacharacters that are still active within # double-quoted strings. @@ -5699,7 +5816,7 @@ func_echo_all () $ECHO "" } -case "$ECHO" in +case $ECHO in printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 $as_echo "printf" >&6; } ;; print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 @@ -5892,19 +6009,19 @@ test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : - withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld -if test "$GCC" = yes; then +if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw + # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; @@ -5918,7 +6035,7 @@ $as_echo_n "checking for ld used by $CC... " >&6; } while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done - test -z "$LD" && LD="$ac_prog" + test -z "$LD" && LD=$ac_prog ;; "") # If it fails, then pretend we aren't using GCC. @@ -5929,7 +6046,7 @@ $as_echo_n "checking for ld used by $CC... " >&6; } with_gnu_ld=unknown ;; esac -elif test "$with_gnu_ld" = yes; then +elif test yes = "$with_gnu_ld"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else @@ -5940,32 +6057,32 @@ if ${lt_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD="$ac_dir/$ac_prog" + lt_cv_path_LD=$ac_dir/$ac_prog # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } @@ -6008,33 +6125,38 @@ if ${lt_cv_path_NM+:} false; then : else if test -n "$NM"; then # Let the user override the test. - lt_cv_path_NM="$NM" + lt_cv_path_NM=$NM else - lt_nm_to_check="${ac_tool_prefix}nm" + lt_nm_to_check=${ac_tool_prefix}nm if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - tmp_nm="$ac_dir/$lt_tmp_nm" - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" - break + break 2 ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" - break + break 2 ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but @@ -6045,15 +6167,15 @@ else esac fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } -if test "$lt_cv_path_NM" != "no"; then - NM="$lt_cv_path_NM" +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : @@ -6159,9 +6281,9 @@ esac fi fi - case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in *COFF*) - DUMPBIN="$DUMPBIN -symbols" + DUMPBIN="$DUMPBIN -symbols -headers" ;; *) DUMPBIN=: @@ -6169,8 +6291,8 @@ fi esac fi - if test "$DUMPBIN" != ":"; then - NM="$DUMPBIN" + if test : != "$DUMPBIN"; then + NM=$DUMPBIN fi fi test -z "$NM" && NM=nm @@ -6221,7 +6343,7 @@ if ${lt_cv_sys_max_cmd_len+:} false; then : $as_echo_n "(cached) " >&6 else i=0 - teststring="ABCD" + teststring=ABCD case $build_os in msdosdjgpp*) @@ -6261,7 +6383,7 @@ else lt_cv_sys_max_cmd_len=8192; ;; - netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -6312,22 +6434,22 @@ else *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len" && \ - test undefined != "$lt_cv_sys_max_cmd_len"; then + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. - for i in 1 2 3 4 5 6 7 8 ; do + for i in 1 2 3 4 5 6 7 8; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && - test $i != 17 # 1/2 MB should be enough + test 17 != "$i" # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring @@ -6345,7 +6467,7 @@ else fi -if test -n $lt_cv_sys_max_cmd_len ; then +if test -n "$lt_cv_sys_max_cmd_len"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else @@ -6363,30 +6485,6 @@ max_cmd_len=$lt_cv_sys_max_cmd_len : ${MV="mv -f"} : ${RM="rm -f"} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 -$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } -# Try some XSI features -xsi_shell=no -( _lt_dummy="a/b/c" - test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ - = c,a/b,b/c, \ - && eval 'test $(( 1 + 1 )) -eq 2 \ - && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ - && xsi_shell=yes -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 -$as_echo "$xsi_shell" >&6; } - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 -$as_echo_n "checking whether the shell understands \"+=\"... " >&6; } -lt_shell_append=no -( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ - >/dev/null 2>&1 \ - && lt_shell_append=yes -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 -$as_echo "$lt_shell_append" >&6; } - - if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else @@ -6509,13 +6607,13 @@ esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in cygwin* | mingw* | pw32* | cegcc*) - if test "$GCC" != yes; then + if test yes != "$GCC"; then reload_cmds=false fi ;; darwin*) - if test "$GCC" = yes; then - reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' + if test yes = "$GCC"; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi @@ -6643,13 +6741,13 @@ lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. -# `unknown' -- same as none, but documents that we really don't know. +# 'unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path -# which responds to the $file_magic_cmd with a given extended regex. -# If you have `file' or equivalent on your system and you're not sure -# whether `pass_all' will *always* work, you probably want this one. +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) @@ -6676,8 +6774,7 @@ mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. - # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. - if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then + if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else @@ -6773,8 +6870,8 @@ newos6*) lt_cv_deplibs_check_method=pass_all ;; -openbsd*) - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' @@ -6827,6 +6924,9 @@ sysv4 | sysv4.3*) tpf*) lt_cv_deplibs_check_method=pass_all ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; esac fi @@ -6984,8 +7084,8 @@ else case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # two different shell functions defined in ltmain.sh - # decide which to use based on capabilities of $DLLTOOL + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib @@ -6997,7 +7097,7 @@ cygwin* | mingw* | pw32* | cegcc*) ;; *) # fallback: assume linklib IS sharedlib - lt_cv_sharedlib_from_linklib_cmd="$ECHO" + lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac @@ -7114,7 +7214,7 @@ esac fi : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} @@ -7151,7 +7251,7 @@ if ac_fn_c_try_compile "$LINENO"; then : ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } - if test "$ac_status" -eq 0; then + if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 @@ -7159,7 +7259,7 @@ if ac_fn_c_try_compile "$LINENO"; then : ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } - if test "$ac_status" -ne 0; then + if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ fi fi @@ -7172,7 +7272,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 $as_echo "$lt_cv_ar_at_file" >&6; } -if test "x$lt_cv_ar_at_file" = xno; then +if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file @@ -7389,7 +7489,7 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in - openbsd*) + bitrig* | openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) @@ -7479,7 +7579,7 @@ cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then symcode='[ABCDEGRST]' fi ;; @@ -7512,14 +7612,44 @@ case `$NM -V 2>&1` in symcode='[ABCDGIRSTW]' ;; esac +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" # Handle CRLF in mingw tool chain opt_cr= @@ -7537,21 +7667,24 @@ for ac_symprfx in "" "_"; do # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Fake it for dumpbin and say T for any non-static function - # and D for any global variable. + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ -" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ -" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ -" s[1]~/^[@?]/{print s[1], s[1]; next};"\ -" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" @@ -7582,11 +7715,8 @@ _LT_EOF test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 - (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5 + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -7599,11 +7729,11 @@ _LT_EOF if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) -/* DATA imports from DLLs on WIN32 con't be const, because runtime +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST -#elif defined(__osf__) +#elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else @@ -7629,7 +7759,7 @@ lt__PROGRAM__LTX_preloaded_symbols[] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF - $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; @@ -7649,13 +7779,13 @@ _LT_EOF mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS - LIBS="conftstm.$ac_objext" + LIBS=conftstm.$ac_objext CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s conftest${ac_exeext}; then + test $ac_status = 0; } && test -s conftest$ac_exeext; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS @@ -7676,7 +7806,7 @@ _LT_EOF rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. - if test "$pipe_works" = yes; then + if test yes = "$pipe_works"; then break else lt_cv_sys_global_symbol_pipe= @@ -7729,6 +7859,16 @@ fi + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 $as_echo_n "checking for sysroot... " >&6; } @@ -7741,9 +7881,9 @@ fi lt_sysroot= -case ${with_sysroot} in #( +case $with_sysroot in #( yes) - if test "$GCC" = yes; then + if test yes = "$GCC"; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( @@ -7753,8 +7893,8 @@ case ${with_sysroot} in #( no|'') ;; #( *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 -$as_echo "${with_sysroot}" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +$as_echo "$with_sysroot" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac @@ -7766,18 +7906,99 @@ $as_echo "${lt_sysroot:-no}" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +$as_echo_n "checking for a working dd... " >&6; } +if ${ac_cv_path_lt_DD+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +if test -z "$lt_DD"; then + ac_path_lt_DD_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in dd; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_lt_DD" || continue +if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi + $ac_path_lt_DD_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_lt_DD"; then + : + fi +else + ac_cv_path_lt_DD=$lt_DD +fi + +rm -f conftest.i conftest2.i conftest.out +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +$as_echo "$ac_cv_path_lt_DD" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +$as_echo_n "checking how to truncate binary pipes... " >&6; } +if ${lt_cv_truncate_bin+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +$as_echo "$lt_cv_truncate_bin" >&6; } + + + + + + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes +test no = "$enable_libtool_lock" || enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 @@ -7786,24 +8007,25 @@ ia64-*-hpux*) test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) - HPUX_IA64_MODE="32" + HPUX_IA64_MODE=32 ;; *ELF-64*) - HPUX_IA64_MODE="64" + HPUX_IA64_MODE=64 ;; esac fi rm -rf conftest* ;; *-*-irix6*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo '#line '$LINENO' "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" @@ -7832,9 +8054,50 @@ ia64-*-hpux*) rm -rf conftest* ;; +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 @@ -7857,10 +8120,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) ;; esac ;; - powerpc64le-*) + powerpc64le-*linux*) LD="${LD-ld} -m elf32lppclinux" ;; - powerpc64-*) + powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -7879,10 +8142,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - powerpcle-*) + powerpcle-*linux*) LD="${LD-ld} -m elf64lppc" ;; - powerpc-*) + powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -7900,7 +8163,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" + SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } @@ -7940,13 +8203,14 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } - if test x"$lt_cv_cc_needs_belf" != x"yes"; then + if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" + CFLAGS=$SAVE_CFLAGS fi ;; *-*solaris*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 @@ -7958,7 +8222,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } case $lt_cv_prog_gnu_ld in yes*) case $host in - i?86-*-solaris*) + i?86-*-solaris*|x86_64-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) @@ -7967,7 +8231,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then - LD="${LD-ld}_sol2" + LD=${LD-ld}_sol2 fi ;; *) @@ -7983,7 +8247,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } ;; esac -need_locks="$enable_libtool_lock" +need_locks=$enable_libtool_lock if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. @@ -8094,7 +8358,7 @@ else fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 $as_echo "$lt_cv_path_mainfest_tool" >&6; } -if test "x$lt_cv_path_mainfest_tool" != xyes; then +if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi @@ -8597,7 +8861,7 @@ if ${lt_cv_apple_cc_single_mod+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no - if test -z "${LT_MULTI_MODULE}"; then + if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the @@ -8615,7 +8879,7 @@ else cat conftest.err >&5 # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. - elif test -f libconftest.dylib && test $_lt_result -eq 0; then + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 @@ -8654,7 +8918,7 @@ else fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 @@ -8671,8 +8935,8 @@ int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cru libconftest.a conftest.o" >&5 - $AR cru libconftest.a conftest.o 2>&5 + echo "$AR cr libconftest.a conftest.o" >&5 + $AR cr libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF @@ -8683,7 +8947,7 @@ _LT_EOF _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&5 - elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then lt_cv_ld_force_load=yes else cat conftest.err >&5 @@ -8696,32 +8960,32 @@ fi $as_echo "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) - _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; - 10.[012]*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[012][,.]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac - if test "$lt_cv_apple_cc_single_mod" = "yes"; then + if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi - if test "$lt_cv_ld_exported_symbols_list" = "yes"; then - _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else - _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' fi - if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= @@ -8729,6 +8993,41 @@ $as_echo "$lt_cv_ld_force_load" >&6; } ;; esac +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + for ac_header in dlfcn.h do : ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default @@ -8765,14 +9064,14 @@ if test "${enable_shared+set}" = set; then : *) enable_shared=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_shared=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -8797,14 +9096,14 @@ if test "${with_pic+set}" = set; then : *) pic_mode=default # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for lt_pkg in $withval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -8812,8 +9111,6 @@ else fi -test -z "$pic_mode" && pic_mode=default - @@ -8829,14 +9126,14 @@ if test "${enable_fast_install+set}" = set; then : *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac else @@ -8850,11 +9147,63 @@ fi + shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[5-9]*,yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + +# Check whether --with-aix-soname was given. +if test "${with_aix_soname+set}" = set; then : + withval=$with_aix_soname; case $withval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else + if ${lt_cv_with_aix_soname+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_with_aix_soname=aix +fi + + with_aix_soname=$lt_cv_with_aix_soname +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +$as_echo "$with_aix_soname" >&6; } + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + + + + + + + # This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ltmain" +LIBTOOL_DEPS=$ltmain # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' @@ -8903,7 +9252,7 @@ test -z "$LN_S" && LN_S="ln -s" -if test -n "${ZSH_VERSION+set}" ; then +if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi @@ -8942,7 +9291,7 @@ aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. - if test "X${COLLECT_NAMES+set}" != Xset; then + if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -8953,14 +9302,14 @@ esac ofile=libtool can_build_shared=yes -# All known linkers require a `.a' archive for static linking (except MSVC, +# All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a -with_gnu_ld="$lt_cv_prog_gnu_ld" +with_gnu_ld=$lt_cv_prog_gnu_ld -old_CC="$CC" -old_CFLAGS="$CFLAGS" +old_CC=$CC +old_CFLAGS=$CFLAGS # Set sane defaults for various variables test -z "$CC" && CC=cc @@ -8969,15 +9318,8 @@ test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o -for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +func_cc_basename $compiler +cc_basename=$func_cc_basename_result # Only perform the check for file, if the check method requires it @@ -8992,22 +9334,22 @@ if ${lt_cv_path_MAGIC_CMD+:} false; then : else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/${ac_tool_prefix}file; then - lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" + if test -f "$ac_dir/${ac_tool_prefix}file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : @@ -9030,13 +9372,13 @@ _LT_EOF break fi done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac fi -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } @@ -9058,22 +9400,22 @@ if ${lt_cv_path_MAGIC_CMD+:} false; then : else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/file; then - lt_cv_path_MAGIC_CMD="$ac_dir/file" + if test -f "$ac_dir/file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : @@ -9096,13 +9438,13 @@ _LT_EOF break fi done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac fi -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } @@ -9123,7 +9465,7 @@ esac # Use C for the default configuration in the libtool script -lt_save_CC="$CC" +lt_save_CC=$CC ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -9185,7 +9527,7 @@ if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $cc_basename in nvcc*) lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; @@ -9201,7 +9543,7 @@ else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="-fno-rtti -fno-exceptions" + lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins @@ -9231,7 +9573,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } -if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then +if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : @@ -9249,17 +9591,18 @@ lt_prog_compiler_pic= lt_prog_compiler_static= - if test "$GCC" = yes; then + if test yes = "$GCC"; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi + lt_prog_compiler_pic='-fPIC' ;; amigaos*) @@ -9270,8 +9613,8 @@ lt_prog_compiler_static= ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; esac @@ -9287,6 +9630,11 @@ lt_prog_compiler_static= # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac ;; darwin* | rhapsody*) @@ -9357,7 +9705,7 @@ lt_prog_compiler_static= case $host_os in aix*) lt_prog_compiler_wl='-Wl,' - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else @@ -9365,10 +9713,29 @@ lt_prog_compiler_static= fi ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac ;; hpux9* | hpux10* | hpux11*) @@ -9384,7 +9751,7 @@ lt_prog_compiler_static= ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? - lt_prog_compiler_static='${wl}-a ${wl}archive' + lt_prog_compiler_static='$wl-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) @@ -9395,12 +9762,18 @@ lt_prog_compiler_static= linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in - # old Intel for x86_64 which still supported -KPIC. + # old Intel for x86_64, which still supported -KPIC. ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) @@ -9420,6 +9793,12 @@ lt_prog_compiler_static= lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) @@ -9517,7 +9896,7 @@ lt_prog_compiler_static= ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi @@ -9546,7 +9925,7 @@ lt_prog_compiler_static= fi case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: + # For platforms that do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; @@ -9578,7 +9957,7 @@ else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins @@ -9608,7 +9987,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } -if test x"$lt_cv_prog_compiler_pic_works" = xyes; then +if test yes = "$lt_cv_prog_compiler_pic_works"; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; @@ -9640,7 +10019,7 @@ if ${lt_cv_prog_compiler_static_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then @@ -9659,13 +10038,13 @@ else fi fi $RM -r conftest* - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } -if test x"$lt_cv_prog_compiler_static_works" = xyes; then +if test yes = "$lt_cv_prog_compiler_static_works"; then : else lt_prog_compiler_static= @@ -9785,8 +10164,8 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; } -hard_links="nottested" -if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then +hard_links=nottested +if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } @@ -9798,9 +10177,9 @@ $as_echo_n "checking if we can lock with hard links... " >&6; } ln conftest.a conftest.b 2>/dev/null && hard_links=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } - if test "$hard_links" = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 -$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + if test no = "$hard_links"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} need_locks=warn fi else @@ -9843,9 +10222,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if @@ -9860,7 +10239,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. - if test "$GCC" != yes; then + if test yes != "$GCC"; then with_gnu_ld=no fi ;; @@ -9868,7 +10247,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; - openbsd*) + openbsd* | bitrig*) with_gnu_ld=no ;; linux* | k*bsd*-gnu | gnu*) @@ -9881,7 +10260,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility @@ -9903,24 +10282,24 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie esac fi - if test "$lt_use_gnu_ld_interface" = yes; then + if test yes = "$lt_use_gnu_ld_interface"; then # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' + wlarc='$wl' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - export_dynamic_flag_spec='${wl}--export-dynamic' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + export_dynamic_flag_spec='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no - case `$LD -v 2>&1` in + case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... @@ -9933,7 +10312,7 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then + if test ia64 != "$host_cpu"; then ld_shlibs=no cat <<_LT_EOF 1>&2 @@ -9952,7 +10331,7 @@ _LT_EOF case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) @@ -9968,7 +10347,7 @@ _LT_EOF allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME - archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else ld_shlibs=no fi @@ -9978,7 +10357,7 @@ _LT_EOF # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' - export_dynamic_flag_spec='${wl}--export-all-symbols' + export_dynamic_flag_spec='$wl--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes @@ -9986,61 +10365,89 @@ _LT_EOF exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; haiku*) - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' link_all_deplibs=yes ;; + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - export_dynamic_flag_spec='${wl}-E' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no - if test "$host_os" = linux-dietlibc; then + if test linux-dietlibc = "$host_os"; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ - && test "$tmp_diet" = no + && test no = "$tmp_diet" then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; @@ -10051,42 +10458,47 @@ _LT_EOF lf95*) # Lahey Fortran 8.1 whole_archive_flag_spec= tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 - whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' compiler_needs_object=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac - archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in + tcc*) + export_dynamic_flag_spec='-rdynamic' + ;; xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac @@ -10100,8 +10512,8 @@ _LT_EOF archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' fi ;; @@ -10119,8 +10531,8 @@ _LT_EOF _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi @@ -10132,7 +10544,7 @@ _LT_EOF ld_shlibs=no cat <<_LT_EOF 1>&2 -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify @@ -10147,9 +10559,9 @@ _LT_EOF # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi @@ -10166,15 +10578,15 @@ _LT_EOF *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac - if test "$ld_shlibs" = no; then + if test no = "$ld_shlibs"; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= @@ -10190,7 +10602,7 @@ _LT_EOF # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported @@ -10198,34 +10610,57 @@ _LT_EOF ;; aix[4-9]*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' - no_entry_flag="" + no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global - # defined symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then aix_use_runtimelinking=yes break fi done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -10244,13 +10679,21 @@ _LT_EOF hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes - file_list_spec='${wl}-f,' + file_list_spec='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct=no + hardcode_direct_absolute=no + ;; + esac - if test "$GCC" = yes; then + if test yes = "$GCC"; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` + collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then @@ -10269,36 +10712,42 @@ _LT_EOF ;; esac shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' fi - link_all_deplibs=no + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' else - shared_flag='${wl}-bM:SRE' + shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi - export_dynamic_flag_spec='${wl}-bexpall' + export_dynamic_flag_spec='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes - if test "$aix_use_runtimelinking" = yes; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. - if test "${lt_cv_aix_libpath+set}" = set; then + if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : @@ -10333,7 +10782,7 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_="/usr/lib:/lib" + lt_cv_aix_libpath_=/usr/lib:/lib fi fi @@ -10341,17 +10790,17 @@ fi aix_libpath=$lt_cv_aix_libpath_ fi - hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" - archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else - if test "$host_cpu" = ia64; then - hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + if test ia64 = "$host_cpu"; then + hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" - archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. - if test "${lt_cv_aix_libpath+set}" = set; then + if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : @@ -10386,7 +10835,7 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then - lt_cv_aix_libpath_="/usr/lib:/lib" + lt_cv_aix_libpath_=/usr/lib:/lib fi fi @@ -10394,21 +10843,33 @@ fi aix_libpath=$lt_cv_aix_libpath_ fi - hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. - no_undefined_flag=' ${wl}-bernotok' - allow_undefined_flag=' ${wl}-berok' - if test "$with_gnu_ld" = yes; then + no_undefined_flag=' $wl-bernotok' + allow_undefined_flag=' $wl-berok' + if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. - whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' fi archive_cmds_need_lc=yes - # This is similar to how AIX traditionally builds its shared libraries. - archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -10417,7 +10878,7 @@ fi case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) @@ -10447,16 +10908,17 @@ fi # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' - archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; - else - sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' enable_shared_with_static_runtimes=yes @@ -10465,18 +10927,18 @@ fi # Don't use ranlib old_postinstall_cmds='chmod 644 $oldlib' postlink_cmds='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile="$lt_outputfile.exe" - lt_tool_outputfile="$lt_tool_outputfile.exe" - ;; - esac~ - if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' ;; *) # Assume MSVC wrapper @@ -10485,7 +10947,7 @@ fi # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. @@ -10504,24 +10966,24 @@ fi hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported - if test "$lt_cv_ld_force_load" = "yes"; then - whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + if test yes = "$lt_cv_ld_force_load"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' else whole_archive_flag_spec='' fi link_all_deplibs=yes - allow_undefined_flag="$_lt_dar_allow_undefined" + allow_undefined_flag=$_lt_dar_allow_undefined case $cc_basename in - ifort*) _lt_dar_can_shared=yes ;; + ifort*|nagfor*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac - if test "$_lt_dar_can_shared" = "yes"; then + if test yes = "$_lt_dar_can_shared"; then output_verbose_link_cmd=func_echo_all - archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" - module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" - archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" - module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" else ld_shlibs=no @@ -10563,33 +11025,33 @@ fi ;; hpux9*) - if test "$GCC" = yes; then - archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + if test yes = "$GCC"; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else - archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' fi - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes - export_dynamic_flag_spec='${wl}-E' + export_dynamic_flag_spec='$wl-E' ;; hpux10*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then - archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + if test yes,no = "$GCC,$with_gnu_ld"; then + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes - export_dynamic_flag_spec='${wl}-E' + export_dynamic_flag_spec='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes @@ -10597,25 +11059,25 @@ fi ;; hpux11*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then + if test yes,no = "$GCC,$with_gnu_ld"; then case $host_cpu in hppa*64*) - archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) - archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) @@ -10627,7 +11089,7 @@ if ${lt_cv_prog_compiler__b+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler__b=no - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then @@ -10646,14 +11108,14 @@ else fi fi $RM -r conftest* - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 $as_echo "$lt_cv_prog_compiler__b" >&6; } -if test x"$lt_cv_prog_compiler__b" = xyes; then - archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +if test yes = "$lt_cv_prog_compiler__b"; then + archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi @@ -10661,8 +11123,8 @@ fi ;; esac fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' hardcode_libdir_separator=: case $host_cpu in @@ -10673,7 +11135,7 @@ fi *) hardcode_direct=yes hardcode_direct_absolute=yes - export_dynamic_flag_spec='${wl}-E' + export_dynamic_flag_spec='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. @@ -10684,8 +11146,8 @@ fi ;; irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. @@ -10695,8 +11157,8 @@ $as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " > if ${lt_cv_irix_exported_symbol+:} false; then : $as_echo_n "(cached) " >&6 else - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } @@ -10708,24 +11170,35 @@ else fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 $as_echo "$lt_cv_irix_exported_symbol" >&6; } - if test "$lt_cv_irix_exported_symbol" = yes; then - archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + if test yes = "$lt_cv_irix_exported_symbol"; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + link_all_deplibs=no else - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes ;; + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + ld_shlibs=yes + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -10740,7 +11213,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; @@ -10748,27 +11221,19 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } *nto* | *qnx*) ;; - openbsd*) + openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no hardcode_direct_absolute=yes - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - export_dynamic_flag_spec='${wl}-E' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' else - case $host_os in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec='-R$libdir' - ;; - *) - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - esac + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' fi else ld_shlibs=no @@ -10779,33 +11244,53 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported - archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes ;; osf3*) - if test "$GCC" = yes; then - allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' fi archive_cmds_need_lc='no' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' else allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' @@ -10816,24 +11301,24 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } solaris*) no_undefined_flag=' -z defs' - if test "$GCC" = yes; then - wlarc='${wl}' - archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + wlarc='$wl' + archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' - archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) - wlarc='${wl}' - archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + wlarc='$wl' + archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi @@ -10843,11 +11328,11 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. GCC discards it without `$wl', + # but understands '-z linker_flag'. GCC discards it without '$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) - if test "$GCC" = yes; then - whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + if test yes = "$GCC"; then + whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi @@ -10857,10 +11342,10 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } ;; sunos4*) - if test "x$host_vendor" = xsequent; then + if test sequent = "$host_vendor"; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. - archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi @@ -10909,43 +11394,43 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) - no_undefined_flag='${wl}-z,text' + no_undefined_flag='$wl-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not + # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. - no_undefined_flag='${wl}-z,text' - allow_undefined_flag='${wl}-z,nodefs' + no_undefined_flag='$wl-z,text' + allow_undefined_flag='$wl-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no - hardcode_libdir_flag_spec='${wl}-R,$libdir' + hardcode_libdir_flag_spec='$wl-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes - export_dynamic_flag_spec='${wl}-Bexport' + export_dynamic_flag_spec='$wl-Bexport' runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; @@ -10960,10 +11445,10 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } ;; esac - if test x$host_vendor = xsni; then + if test sni = "$host_vendor"; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - export_dynamic_flag_spec='${wl}-Blargedynsym' + export_dynamic_flag_spec='$wl-Blargedynsym' ;; esac fi @@ -10971,7 +11456,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } -test "$ld_shlibs" = no && can_build_shared=no +test no = "$ld_shlibs" && can_build_shared=no with_gnu_ld=$with_gnu_ld @@ -10997,7 +11482,7 @@ x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes - if test "$enable_shared" = yes && test "$GCC" = yes; then + if test yes,yes = "$GCC,$enable_shared"; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. @@ -11212,14 +11697,14 @@ esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $host_os in - darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; - *) lt_awk_arg="/^libraries:/" ;; + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in - mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; - *) lt_sed_strip_eq="s,=/,/,g" ;; + mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in @@ -11235,28 +11720,35 @@ if test "$GCC" = yes; then ;; esac # Ok, now we have the path, separated by spaces, we can step through it - # and add multilib dir if necessary. + # and add multilib dir if necessary... lt_tmp_lt_search_path_spec= - lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac for lt_sys_path in $lt_search_path_spec; do - if test -d "$lt_sys_path/$lt_multi_os_dir"; then - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" - else + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' -BEGIN {RS=" "; FS="/|\n";} { - lt_foo=""; - lt_count=0; +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { - lt_foo="/" $lt_i lt_foo; + lt_foo = "/" $lt_i lt_foo; } else { lt_count--; } @@ -11270,7 +11762,7 @@ BEGIN {RS=" "; FS="/|\n";} { # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ - $SED 's,/\([A-Za-z]:\),\1,g'` ;; + $SED 's|/\([A-Za-z]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else @@ -11279,7 +11771,7 @@ fi library_names_spec= libname_spec='lib$name' soname_spec= -shrext_cmds=".so" +shrext_cmds=.so postinstall_cmds= postuninstall_cmds= finish_cmds= @@ -11296,14 +11788,16 @@ hardcode_into_libs=no # flags to be left without arguments need_version=unknown + + case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' + soname_spec='$libname$release$shared_ext$major' ;; aix[4-9]*) @@ -11311,41 +11805,91 @@ aix[4-9]*) need_lib_prefix=no need_version=no hardcode_into_libs=yes - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' - echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac shlibpath_var=LIBPATH fi ;; @@ -11355,18 +11899,18 @@ amigaos*) powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) - library_names_spec='${libname}${shared_ext}' + library_names_spec='$libname$shared_ext' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; @@ -11374,8 +11918,8 @@ beos*) bsdi[45]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" @@ -11387,7 +11931,7 @@ bsdi[45]*) cygwin* | mingw* | pw32* | cegcc*) version_type=windows - shrext_cmds=".dll" + shrext_cmds=.dll need_version=no need_lib_prefix=no @@ -11396,8 +11940,8 @@ cygwin* | mingw* | pw32* | cegcc*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ @@ -11413,17 +11957,17 @@ cygwin* | mingw* | pw32* | cegcc*) case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' @@ -11432,8 +11976,8 @@ cygwin* | mingw* | pw32* | cegcc*) *,cl*) # Native MSVC libname_spec='$name' - soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - library_names_spec='${libname}.dll.lib' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' case $build_os in mingw*) @@ -11460,7 +12004,7 @@ cygwin* | mingw* | pw32* | cegcc*) sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) - sys_lib_search_path_spec="$LIB" + sys_lib_search_path_spec=$LIB if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` @@ -11473,8 +12017,8 @@ cygwin* | mingw* | pw32* | cegcc*) esac # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' @@ -11487,7 +12031,7 @@ cygwin* | mingw* | pw32* | cegcc*) *) # Assume MSVC wrapper - library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac @@ -11500,8 +12044,8 @@ darwin* | rhapsody*) version_type=darwin need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' @@ -11514,8 +12058,8 @@ dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -11533,12 +12077,13 @@ freebsd* | dragonfly*) version_type=freebsd-$objformat case $version_type in freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' need_version=no need_lib_prefix=no ;; freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; esac @@ -11568,10 +12113,10 @@ haiku*) need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH - shlibpath_overrides_runpath=yes + shlibpath_overrides_runpath=no sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; @@ -11589,14 +12134,15 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' @@ -11604,8 +12150,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; @@ -11614,8 +12160,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... @@ -11628,8 +12174,8 @@ interix[3-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -11640,7 +12186,7 @@ irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix @@ -11648,8 +12194,8 @@ irix5* | irix6* | nonstopux*) esac need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= @@ -11668,8 +12214,8 @@ irix5* | irix6* | nonstopux*) esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" hardcode_into_libs=yes ;; @@ -11678,13 +12224,33 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + hardcode_libdir_flag_spec='-L$libdir' + ;; + # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -11728,7 +12294,12 @@ fi # before this can be enabled. hardcode_into_libs=yes - # Append ld.so.conf contents to the search path + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" @@ -11760,12 +12331,12 @@ netbsd*) need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH @@ -11775,7 +12346,7 @@ netbsd*) newsos6) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; @@ -11784,58 +12355,68 @@ newsos6) version_type=qnx need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; -openbsd*) +openbsd* | bitrig*) version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" + sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[89] | openbsd2.[89].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no else - shlibpath_overrides_runpath=yes + need_version=yes fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes ;; os2*) libname_spec='$name' - shrext_cmds=".dll" + version_type=windows + shrext_cmds=.dll + need_version=no need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; rdos*) @@ -11846,8 +12427,8 @@ solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes @@ -11857,11 +12438,11 @@ solaris*) sunos4*) version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then need_lib_prefix=no fi need_version=yes @@ -11869,8 +12450,8 @@ sunos4*) sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) @@ -11891,24 +12472,24 @@ sysv4 | sysv4.3*) ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf + version_type=sco need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' @@ -11926,7 +12507,7 @@ tpf*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes @@ -11934,8 +12515,8 @@ tpf*) uts4*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -11945,20 +12526,35 @@ uts4*) esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } -test "$dynamic_linker" = no && can_build_shared=no +test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then +if test yes = "$GCC"; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi -if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then - sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi -if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then - sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + @@ -12055,15 +12651,15 @@ $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || - test "X$hardcode_automatic" = "Xyes" ; then + test yes = "$hardcode_automatic"; then # We can hardcode non-existent directories. - if test "$hardcode_direct" != no && + if test no != "$hardcode_direct" && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one - ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && - test "$hardcode_minus_L" != no; then + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" && + test no != "$hardcode_minus_L"; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else @@ -12078,12 +12674,12 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } -if test "$hardcode_action" = relink || - test "$inherit_rpath" = yes; then +if test relink = "$hardcode_action" || + test yes = "$inherit_rpath"; then # Fast installation is not supported enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then # Fast installation is not necessary enable_fast_install=needless fi @@ -12093,7 +12689,7 @@ fi - if test "x$enable_dlopen" != xyes; then + if test yes != "$enable_dlopen"; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown @@ -12103,23 +12699,23 @@ else case $host_os in beos*) - lt_cv_dlopen="load_add_on" + lt_cv_dlopen=load_add_on lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) - lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; cygwin*) - lt_cv_dlopen="dlopen" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs= ;; darwin*) - # if libdl is installed we need to link against it + # if libdl is installed we need to link against it { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : @@ -12157,10 +12753,10 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl else - lt_cv_dlopen="dyld" + lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes @@ -12168,10 +12764,18 @@ fi ;; + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = xyes; then : - lt_cv_dlopen="shl_load" + lt_cv_dlopen=shl_load else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } @@ -12210,11 +12814,11 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes; then : - lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" + lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld else ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" + lt_cv_dlopen=dlopen else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } @@ -12253,7 +12857,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } @@ -12292,7 +12896,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes; then : - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } @@ -12331,7 +12935,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = xyes; then : - lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" + lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld fi @@ -12352,21 +12956,21 @@ fi ;; esac - if test "x$lt_cv_dlopen" != xno; then - enable_dlopen=yes - else + if test no = "$lt_cv_dlopen"; then enable_dlopen=no + else + enable_dlopen=yes fi case $lt_cv_dlopen in dlopen) - save_CPPFLAGS="$CPPFLAGS" - test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - save_LIBS="$LIBS" + save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 @@ -12374,7 +12978,7 @@ $as_echo_n "checking whether a program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self+:} false; then : $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then : + if test yes = "$cross_compiling"; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -12421,9 +13025,9 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ -#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif @@ -12453,7 +13057,7 @@ _LT_EOF (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -12473,14 +13077,14 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } - if test "x$lt_cv_dlopen_self" = xyes; then + if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self_static+:} false; then : $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then : + if test yes = "$cross_compiling"; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -12527,9 +13131,9 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ -#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif @@ -12559,7 +13163,7 @@ _LT_EOF (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -12580,9 +13184,9 @@ fi $as_echo "$lt_cv_dlopen_self_static" >&6; } fi - CPPFLAGS="$save_CPPFLAGS" - LDFLAGS="$save_LDFLAGS" - LIBS="$save_LIBS" + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS ;; esac @@ -12626,7 +13230,7 @@ else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) - if test -n "$STRIP" ; then + if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -12654,7 +13258,7 @@ fi - # Report which library types will actually be built + # Report what library types will actually be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 @@ -12662,13 +13266,13 @@ $as_echo "$can_build_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' @@ -12676,8 +13280,12 @@ $as_echo_n "checking whether to build shared libraries... " >&6; } ;; aix[4-9]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -12687,7 +13295,7 @@ $as_echo "$enable_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } @@ -12701,7 +13309,7 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -CC="$lt_save_CC" +CC=$lt_save_CC @@ -12846,899 +13454,1226 @@ $as_echo "no" >&6; } fi fi -ac_header_dirent=no -for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do - as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 -$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } -if eval \${$as_ac_Header+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include <$ac_hdr> - -int -main () -{ -if ((DIR *) 0) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_ac_Header=yes" -else - eval "$as_ac_Header=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$as_ac_Header - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 -_ACEOF - -ac_header_dirent=$ac_hdr; break -fi - -done -# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. -if test $ac_header_dirent = dirent.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char opendir (); -int -main () -{ -return opendir (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dir; do - if test -z "$ac_lib"; then - ac_res="none required" + if test "X$prefix" = "XNONE"; then + acl_final_prefix="$ac_default_prefix" else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" + acl_final_prefix="$prefix" fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_opendir=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_opendir+:} false; then : - break -fi -done -if ${ac_cv_search_opendir+:} false; then : + if test "X$exec_prefix" = "XNONE"; then + acl_final_exec_prefix='${prefix}' + else + acl_final_exec_prefix="$exec_prefix" + fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" + prefix="$acl_save_prefix" + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else - ac_cv_search_opendir=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS + with_gnu_ld=no fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 -$as_echo "$ac_cv_search_opendir" >&6; } -ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } fi -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`echo "$ac_prog"| sed 's%\\\\%/%g'` + while echo "$ac_prog" | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${acl_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char opendir (); -int -main () -{ -return opendir (); - ; - return 0; -} -_ACEOF -for ac_lib in '' x; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_opendir=$ac_res + if test -z "$LD"; then + acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$acl_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + acl_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$acl_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } else - ac_cv_search_opendir=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${acl_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 -$as_echo "$ac_cv_search_opendir" >&6; } -ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_prog_gnu_ld" >&5 +$as_echo "$acl_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$acl_cv_prog_gnu_ld -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5 +$as_echo_n "checking for shared library run path origin... " >&6; } +if ${acl_cv_rpath+:} false; then : $as_echo_n "(cached) " >&6 else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include -int -main () -{ + CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ + ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh + . ./conftest.sh + rm -f ./conftest.sh + acl_cv_rpath=done - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5 +$as_echo "$acl_cv_rpath" >&6; } + wl="$acl_cv_wl" + acl_libext="$acl_cv_libext" + acl_shlibext="$acl_cv_shlibext" + acl_libname_spec="$acl_cv_libname_spec" + acl_library_names_spec="$acl_cv_library_names_spec" + acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" + acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + acl_hardcode_direct="$acl_cv_hardcode_direct" + acl_hardcode_minus_L="$acl_cv_hardcode_minus_L" + # Check whether --enable-rpath was given. +if test "${enable_rpath+set}" = set; then : + enableval=$enable_rpath; : else - ac_cv_header_stdc=no + enable_rpath=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : -else - ac_cv_header_stdc=no -fi -rm -f conftest* -fi -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + acl_libdirstem=lib + acl_libdirstem2= + case "$host_os" in + solaris*) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit host" >&5 +$as_echo_n "checking for 64-bit host... " >&6; } +if ${gl_cv_solaris_64bit+:} false; then : + $as_echo_n "(cached) " >&6 +else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + +#ifdef _LP64 +sixtyfour bits +#endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - + $EGREP "sixtyfour bits" >/dev/null 2>&1; then : + gl_cv_solaris_64bit=yes else - ac_cv_header_stdc=no + gl_cv_solaris_64bit=no fi rm -f conftest* + fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_solaris_64bit" >&5 +$as_echo "$gl_cv_solaris_64bit" >&6; } + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; + esac + fi + ;; + *) + searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then -$as_echo "#define STDC_HEADERS 1" >>confdefs.h -fi -for ac_header in fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \ - ctype.h unistd.h locale.h byteswap.h endian.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF -fi -done -for ac_header in uuid/uuid.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "uuid/uuid.h" "ac_cv_header_uuid_uuid_h" "$ac_includes_default" -if test "x$ac_cv_header_uuid_uuid_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UUID_UUID_H 1 -_ACEOF -else - as_fn_error $? "You need the uuid library." "$LINENO" 5 -fi + use_additional=yes -done + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" -ac_fn_c_check_header_mongrel "$LINENO" "libdevmapper.h" "ac_cv_header_libdevmapper_h" "$ac_includes_default" -if test "x$ac_cv_header_libdevmapper_h" = xyes; then : + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" -else - as_fn_error $? "You need the device-mapper library." "$LINENO" 5 -fi + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" +# Check whether --with-libiconv-prefix was given. +if test "${with_libiconv_prefix+set}" = set; then : + withval=$with_libiconv_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then -saved_LIBS=$LIBS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uuid_clear in -luuid" >&5 -$as_echo_n "checking for uuid_clear in -luuid... " >&6; } -if ${ac_cv_lib_uuid_uuid_clear+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-luuid $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char uuid_clear (); -int -main () -{ -return uuid_clear (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_uuid_uuid_clear=yes -else - ac_cv_lib_uuid_uuid_clear=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_uuid_uuid_clear" >&5 -$as_echo "$ac_cv_lib_uuid_uuid_clear" >&6; } -if test "x$ac_cv_lib_uuid_uuid_clear" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBUUID 1 -_ACEOF + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" - LIBS="-luuid $LIBS" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && ! test -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi -else - as_fn_error $? "You need the uuid library." "$LINENO" 5 fi -UUID_LIBS=$LIBS + LIBICONV= + LTLIBICONV= + INCICONV= + LIBICONV_PREFIX= + HAVE_LIBICONV= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='iconv ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBICONV; do -LIBS=$saved_LIBS + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 -$as_echo_n "checking for library containing clock_gettime... " >&6; } -if ${ac_cv_search_clock_gettime+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBICONV; do -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char clock_gettime (); -int -main () -{ -return clock_gettime (); - ; - return 0; -} -_ACEOF -for ac_lib in '' rt posix4; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_clock_gettime=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_clock_gettime+:} false; then : - break -fi -done -if ${ac_cv_search_clock_gettime+:} false; then : + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" -else - ac_cv_search_clock_gettime=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 -$as_echo "$ac_cv_search_clock_gettime" >&6; } -ac_res=$ac_cv_search_clock_gettime -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a" + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'iconv'; then + LIBICONV_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'iconv'; then + LIBICONV_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCICONV; do -fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" -for ac_func in posix_memalign clock_gettime -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBICONV; do -fi -done + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBICONV; do -if test "x$enable_largefile" = "xno" ; then - as_fn_error $? "Building with --disable-largefile is not supported, it can cause data corruption." "$LINENO" 5 -fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBICONV="${LIBICONV}${LIBICONV:+ }$dep" + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep" + ;; + esac + done + fi + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir" + done + fi -int -main () -{ -#ifndef __cplusplus - /* Ultrix mips cc rejects this sort of thing. */ - typedef int charset[2]; - const charset cs = { 0, 0 }; - /* SunOS 4.1.1 cc rejects this. */ - char const *const *pcpcc; - char **ppc; - /* NEC SVR4.0.2 mips cc rejects this. */ - struct point {int x, y;}; - static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. - It does not let you subtract one const X* pointer from another in - an arm of an if-expression whose if-part is not a constant - expression */ - const char *g = "string"; - pcpcc = &g + (g ? g-g : 0); - /* HPUX 7.0 cc rejects these. */ - ++pcpcc; - ppc = (char**) pcpcc; - pcpcc = (char const *const *) ppc; - { /* SCO 3.2v4 cc rejects this sort of thing. */ - char tx; - char *t = &tx; - char const *s = 0 ? (char *) 0 : (char const *) 0; - *t++ = 0; - if (s) return 0; - } - { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ - int x[] = {25, 17}; - const int *foo = &x[0]; - ++foo; - } - { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ - typedef const int *iptr; - iptr p = 0; - ++p; - } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying - "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ - struct s { int j; const int *ap[3]; } bx; - struct s *b = &bx; b->j = 5; - } - { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; - if (!foo) return 0; - } - return !cs[0] && !zero.x; -#endif - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_const=yes -else - ac_cv_c_const=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } -if test $ac_cv_c_const = no; then -$as_echo "#define const /**/" >>confdefs.h -fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 -$as_echo_n "checking whether byte ordering is bigendian... " >&6; } -if ${ac_cv_c_bigendian+:} false; then : + + + + + + am_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCICONV; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5 +$as_echo_n "checking for iconv... " >&6; } +if ${am_cv_func_iconv+:} false; then : $as_echo_n "(cached) " >&6 else - ac_cv_c_bigendian=unknown - # See if we're dealing with a universal compiler. + + am_cv_func_iconv="no, consider installing GNU libiconv" + am_cv_lib_iconv=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifndef __APPLE_CC__ - not a universal capable compiler - #endif - typedef int dummy; -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - # Check for potential -arch flags. It is not universal unless - # there are at least two -arch flags with different values. - ac_arch= - ac_prev= - for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do - if test -n "$ac_prev"; then - case $ac_word in - i?86 | x86_64 | ppc | ppc64) - if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then - ac_arch=$ac_word - else - ac_cv_c_bigendian=universal - break - fi - ;; - esac - ac_prev= - elif test "x$ac_word" = "x-arch"; then - ac_prev=arch - fi - done -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if test $ac_cv_c_bigendian = unknown; then - # See if sys/param.h defines the BYTE_ORDER macro. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - #include +#include +#include int main () { -#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ - && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ - && LITTLE_ENDIAN) - bogus endian macros - #endif - +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - # It does; now see whether it defined to BIG_ENDIAN or not. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +if ac_fn_c_try_link "$LINENO"; then : + am_cv_func_iconv=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test "$am_cv_func_iconv" != yes; then + am_save_LIBS="$LIBS" + LIBS="$LIBS $LIBICONV" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include - #include + +#include +#include int main () { -#if BYTE_ORDER != BIG_ENDIAN - not big endian - #endif - +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_bigendian=yes -else - ac_cv_c_bigendian=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +if ac_fn_c_try_link "$LINENO"; then : + am_cv_lib_iconv=yes + am_cv_func_iconv=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$am_save_LIBS" fi - if test $ac_cv_c_bigendian = unknown; then - # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5 +$as_echo "$am_cv_func_iconv" >&6; } + if test "$am_cv_func_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5 +$as_echo_n "checking for working iconv... " >&6; } +if ${am_cv_func_iconv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + am_save_LIBS="$LIBS" + if test $am_cv_lib_iconv = yes; then + LIBS="$LIBS $LIBICONV" + fi + if test "$cross_compiling" = yes; then : + + case "$host_os" in + aix* | hpux*) am_cv_func_iconv_works="guessing no" ;; + *) am_cv_func_iconv_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -int -main () +#include +#include +int main () { -#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) - bogus endian macros - #endif - - ; - return 0; + int result = 0; + /* Test against AIX 5.1 bug: Failures are not distinguishable from successful + returns. */ + { + iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8"); + if (cd_utf8_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\342\202\254"; /* EURO SIGN */ + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_utf8_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 1; + iconv_close (cd_utf8_to_88591); + } + } + /* Test against Solaris 10 bug: Failures are not distinguishable from + successful returns. */ + { + iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646"); + if (cd_ascii_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\263"; + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_ascii_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 2; + iconv_close (cd_ascii_to_88591); + } + } + /* Test against AIX 6.1..7.1 bug: Buffer overrun. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304"; + static char buf[2] = { (char)0xDE, (char)0xAD }; + const char *inptr = input; + size_t inbytesleft = 1; + char *outptr = buf; + size_t outbytesleft = 1; + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD) + result |= 4; + iconv_close (cd_88591_to_utf8); + } + } +#if 0 /* This bug could be worked around by the caller. */ + /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337"; + char buf[50]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if ((int)res > 0) + result |= 8; + iconv_close (cd_88591_to_utf8); + } + } +#endif + /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is + provided. */ + if (/* Try standardized names. */ + iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1) + /* Try IRIX, OSF/1 names. */ + && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1) + /* Try AIX names. */ + && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1) + /* Try HP-UX names. */ + && iconv_open ("utf8", "eucJP") == (iconv_t)(-1)) + result |= 16; + return result; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - # It does; now see whether it defined to _BIG_ENDIAN or not. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +if ac_fn_c_try_run "$LINENO"; then : + am_cv_func_iconv_works=yes +else + am_cv_func_iconv_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LIBS="$am_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5 +$as_echo "$am_cv_func_iconv_works" >&6; } + case "$am_cv_func_iconv_works" in + *no) am_func_iconv=no am_cv_lib_iconv=no ;; + *) am_func_iconv=yes ;; + esac + else + am_func_iconv=no am_cv_lib_iconv=no + fi + if test "$am_func_iconv" = yes; then + +$as_echo "#define HAVE_ICONV 1" >>confdefs.h + + fi + if test "$am_cv_lib_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5 +$as_echo_n "checking how to link with libiconv... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5 +$as_echo "$LIBICONV" >&6; } + else + CPPFLAGS="$am_save_CPPFLAGS" + LIBICONV= + LTLIBICONV= + fi + + + + if test "$am_cv_func_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv declaration" >&5 +$as_echo_n "checking for iconv declaration... " >&6; } + if ${am_cv_proto_iconv+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + +#include +#include +extern +#ifdef __cplusplus +"C" +#endif +#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) +size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); +#else +size_t iconv(); +#endif int main () { -#ifndef _BIG_ENDIAN - not big endian - #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_bigendian=yes + am_cv_proto_iconv_arg1="" else - ac_cv_c_bigendian=no + am_cv_proto_iconv_arg1="const" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - if test $ac_cv_c_bigendian = unknown; then - # Compile a test program. - if test "$cross_compiling" = yes; then : - # Try to guess by grepping values from an object file. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -short int ascii_mm[] = - { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; - short int ascii_ii[] = - { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; - int use_ascii (int i) { - return ascii_mm[i] + ascii_ii[i]; - } - short int ebcdic_ii[] = - { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; - short int ebcdic_mm[] = - { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; - int use_ebcdic (int i) { - return ebcdic_mm[i] + ebcdic_ii[i]; - } - extern int foo; + am_cv_proto_iconv=`echo "$am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: + $am_cv_proto_iconv" >&5 +$as_echo " + $am_cv_proto_iconv" >&6; } + +cat >>confdefs.h <<_ACEOF +#define ICONV_CONST $am_cv_proto_iconv_arg1 +_ACEOF + + + fi + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C/C++ restrict keyword" >&5 +$as_echo_n "checking for C/C++ restrict keyword... " >&6; } +if ${ac_cv_c_restrict+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_restrict=no + # The order here caters to the fact that C++ does not require restrict. + for ac_kw in __restrict __restrict__ _Restrict restrict; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +typedef int * int_ptr; + int foo (int_ptr $ac_kw ip) { + return ip[0]; + } int main () { -return use_ascii (foo) == use_ebcdic (foo); +int s[1]; + int * $ac_kw t = s; + t[0] = 0; + return foo(t) ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then - ac_cv_c_bigendian=yes - fi - if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then - if test "$ac_cv_c_bigendian" = unknown; then - ac_cv_c_bigendian=no - else - # finding both strings is unlikely to happen, but who knows? - ac_cv_c_bigendian=unknown - fi - fi + ac_cv_c_restrict=$ac_kw fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$ac_cv_c_restrict" != no && break + done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_restrict" >&5 +$as_echo "$ac_cv_c_restrict" >&6; } + + case $ac_cv_c_restrict in + restrict) ;; + no) $as_echo "#define restrict /**/" >>confdefs.h + ;; + *) cat >>confdefs.h <<_ACEOF +#define restrict $ac_cv_c_restrict +_ACEOF + ;; + esac + + +ac_header_dirent=no +for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do + as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 +$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } +if eval \${$as_ac_Header+:} false; then : + $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$ac_includes_default +#include +#include <$ac_hdr> + int main () { - - /* Are we little or big endian? From Harbison&Steele. */ - union - { - long int l; - char c[sizeof (long int)]; - } u; - u.l = 1; - return u.c[sizeof (long int) - 1] == 1; - +if ((DIR *) 0) +return 0; ; return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_c_bigendian=no +if ac_fn_c_try_compile "$LINENO"; then : + eval "$as_ac_Header=yes" else - ac_cv_c_bigendian=yes -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + eval "$as_ac_Header=no" fi - - fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 -$as_echo "$ac_cv_c_bigendian" >&6; } - case $ac_cv_c_bigendian in #( - yes) - $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h -;; #( - no) - ;; #( - universal) - -$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h - - ;; #( - *) - as_fn_error $? "unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; - esac - -ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" -if test "x$ac_cv_type_off_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -#define off_t long int +eval ac_res=\$$as_ac_Header + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF +ac_header_dirent=$ac_hdr; break fi -# Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then : - enableval=$enable_largefile; -fi - -if test "$enable_largefile" != no; then - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -$as_echo_n "checking for special C compiler options needed for large files... " >&6; } -if ${ac_cv_sys_largefile_CC+:} false; then : +done +# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. +if test $ac_header_dirent = dirent.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +$as_echo_n "checking for library containing opendir... " >&6; } +if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else - ac_cv_sys_largefile_CC=no - if test "$GCC" != yes; then - ac_save_CC=$CC - while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char opendir (); int main () { - +return opendir (); ; return 0; } _ACEOF - if ac_fn_c_try_compile "$LINENO"; then : +for ac_lib in '' dir; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_opendir=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_opendir+:} false; then : break fi -rm -f core conftest.err conftest.$ac_objext - CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_largefile_CC=' -n32'; break +done +if ${ac_cv_search_opendir+:} false; then : + +else + ac_cv_search_opendir=no fi -rm -f core conftest.err conftest.$ac_objext - break - done - CC=$ac_save_CC - rm -f conftest.$ac_ext - fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -$as_echo "$ac_cv_sys_largefile_CC" >&6; } - if test "$ac_cv_sys_largefile_CC" != no; then - CC=$CC$ac_cv_sys_largefile_CC - fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +$as_echo "$ac_cv_search_opendir" >&6; } +ac_res=$ac_cv_search_opendir +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if ${ac_cv_sys_file_offset_bits+:} false; then : +fi + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +$as_echo_n "checking for library containing opendir... " >&6; } +if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_file_offset_bits=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _FILE_OFFSET_BITS 64 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char opendir (); int main () { - +return opendir (); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_file_offset_bits=64; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_file_offset_bits=unknown +for ac_lib in '' x; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_opendir=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_opendir+:} false; then : break +fi done +if ${ac_cv_search_opendir+:} false; then : + +else + ac_cv_search_opendir=no fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -$as_echo "$ac_cv_sys_file_offset_bits" >&6; } -case $ac_cv_sys_file_offset_bits in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF -;; -esac -rm -rf conftest* - if test $ac_cv_sys_file_offset_bits = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } -if ${ac_cv_sys_large_files+:} false; then : +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +$as_echo "$ac_cv_search_opendir" >&6; } +ac_res=$ac_cv_search_opendir +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else - while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; +#include +#include +#include +#include + int main () { @@ -13748,868 +14683,1989 @@ main () } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_large_files=no; break + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#define _LARGE_FILES 1 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ +#include - ; - return 0; -} _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_large_files=1; break +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_large_files=unknown - break -done +rm -f conftest* + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -$as_echo "$ac_cv_sys_large_files" >&6; } -case $ac_cv_sys_large_files in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + _ACEOF -;; -esac -rm -rf conftest* - fi +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : +else + ac_cv_header_stdc=no +fi +rm -f conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 -$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } -if ${ac_cv_sys_largefile_source+:} false; then : - $as_echo_n "(cached) " >&6 +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : else - while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include /* for off_t */ - #include +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); - ; + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_sys_largefile_source=no; break +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _LARGEFILE_SOURCE 1 -#include /* for off_t */ - #include -int -main () -{ -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_sys_largefile_source=1; break +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - ac_cv_sys_largefile_source=unknown - break -done + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5 -$as_echo "$ac_cv_sys_largefile_source" >&6; } -case $ac_cv_sys_largefile_source in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source -_ACEOF -;; -esac -rm -rf conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then -# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug -# in glibc 2.1.3, but that breaks too many other things. -# If you want fseeko and ftello with glibc, upgrade to a fixed glibc. -if test $ac_cv_sys_largefile_source != unknown; then +$as_echo "#define STDC_HEADERS 1" >>confdefs.h -$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h +fi + +for ac_header in fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \ + sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF fi -if test $ac_cv_c_compiler_gnu = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 -$as_echo_n "checking whether $CC needs -traditional... " >&6; } -if ${ac_cv_prog_gcc_traditional+:} false; then : - $as_echo_n "(cached) " >&6 +done + +ac_fn_c_check_decl "$LINENO" "O_CLOEXEC" "ac_cv_have_decl_O_CLOEXEC" " +#ifdef HAVE_FCNTL_H +# include +#endif + +" +if test "x$ac_cv_have_decl_O_CLOEXEC" = xyes; then : + ac_have_decl=1 else - ac_pattern="Autoconf.*'x'" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -Autoconf TIOCGETP + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_O_CLOEXEC $ac_have_decl _ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1; then : - ac_cv_prog_gcc_traditional=yes +if test $ac_have_decl = 1; then : + else - ac_cv_prog_gcc_traditional=no + +$as_echo "#define O_CLOEXEC 0" >>confdefs.h + fi -rm -f conftest* - if test $ac_cv_prog_gcc_traditional = no; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -Autoconf TCGETA +for ac_header in uuid/uuid.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "uuid/uuid.h" "ac_cv_header_uuid_uuid_h" "$ac_includes_default" +if test "x$ac_cv_header_uuid_uuid_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_UUID_UUID_H 1 _ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1; then : - ac_cv_prog_gcc_traditional=yes -fi -rm -f conftest* - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 -$as_echo "$ac_cv_prog_gcc_traditional" >&6; } - if test $ac_cv_prog_gcc_traditional = yes; then - CC="$CC -traditional" - fi +else + as_fn_error $? "You need the uuid library." "$LINENO" 5 fi -ac_fn_c_check_decl "$LINENO" "strerror_r" "ac_cv_have_decl_strerror_r" "$ac_includes_default" -if test "x$ac_cv_have_decl_strerror_r" = xyes; then : - ac_have_decl=1 +done + +ac_fn_c_check_header_mongrel "$LINENO" "libdevmapper.h" "ac_cv_header_libdevmapper_h" "$ac_includes_default" +if test "x$ac_cv_header_libdevmapper_h" = xyes; then : + else - ac_have_decl=0 + as_fn_error $? "You need the device-mapper library." "$LINENO" 5 fi -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_STRERROR_R $ac_have_decl -_ACEOF -for ac_func in strerror_r + +# Check whether --enable-keyring was given. +if test "${enable_keyring+set}" = set; then : + enableval=$enable_keyring; +else + enable_keyring=yes +fi + +if test "x$enable_keyring" = "xyes"; then + for ac_header in linux/keyctl.h do : - ac_fn_c_check_func "$LINENO" "strerror_r" "ac_cv_func_strerror_r" -if test "x$ac_cv_func_strerror_r" = xyes; then : + ac_fn_c_check_header_mongrel "$LINENO" "linux/keyctl.h" "ac_cv_header_linux_keyctl_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_keyctl_h" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_STRERROR_R 1 +#define HAVE_LINUX_KEYCTL_H 1 _ACEOF +else + as_fn_error $? "You need Linux kernel headers with kernel keyring service compiled." "$LINENO" 5 fi -done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strerror_r returns char *" >&5 -$as_echo_n "checking whether strerror_r returns char *... " >&6; } -if ${ac_cv_func_strerror_r_char_p+:} false; then : - $as_echo_n "(cached) " >&6 -else +done - ac_cv_func_strerror_r_char_p=no - if test $ac_cv_have_decl_strerror_r = yes; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ - char buf[100]; - char x = *strerror_r (0, buf, sizeof buf); - char *p = strerror_r (0, buf, sizeof buf); - return !p || x; + ac_fn_c_check_decl "$LINENO" "__NR_add_key" "ac_cv_have_decl___NR_add_key" "#include +" +if test "x$ac_cv_have_decl___NR_add_key" = xyes; then : - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_func_strerror_r_char_p=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - else - # strerror_r is not declared. Choose between - # systems that have relatively inaccessible declarations for the - # function. BeOS and DEC UNIX 4.0 fall in this category, but the - # former has a strerror_r that returns char*, while the latter - # has a strerror_r that returns `int'. - # This test should segfault on the DEC system. - if test "$cross_compiling" = yes; then : - : else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default - extern char *strerror_r (); -int -main () -{ -char buf[100]; - char x = *strerror_r (0, buf, sizeof buf); - return ! isalpha (x); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_strerror_r_char_p=yes -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + as_fn_error $? "The kernel is missing add_key syscall." "$LINENO" 5 fi - fi + ac_fn_c_check_decl "$LINENO" "__NR_keyctl" "ac_cv_have_decl___NR_keyctl" "#include +" +if test "x$ac_cv_have_decl___NR_keyctl" = xyes; then : +else + as_fn_error $? "The kernel is missing keyctl syscall." "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strerror_r_char_p" >&5 -$as_echo "$ac_cv_func_strerror_r_char_p" >&6; } -if test $ac_cv_func_strerror_r_char_p = yes; then -$as_echo "#define STRERROR_R_CHAR_P 1" >>confdefs.h + ac_fn_c_check_decl "$LINENO" "__NR_request_key" "ac_cv_have_decl___NR_request_key" "#include +" +if test "x$ac_cv_have_decl___NR_request_key" = xyes; then : +else + as_fn_error $? "The kernel is missing request_key syscall." "$LINENO" 5 fi + ac_fn_c_check_type "$LINENO" "key_serial_t" "ac_cv_type_key_serial_t" " + $ac_includes_default + #ifdef HAVE_LINUX_KEYCTL_H + # include + #endif +" +if test "x$ac_cv_type_key_serial_t" = xyes; then : -mkdir_p="$MKDIR_P" -case $mkdir_p in - [\\/$]* | ?:[\\/]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac +cat >>confdefs.h <<_ACEOF +#define HAVE_KEY_SERIAL_T 1 +_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 -$as_echo_n "checking whether NLS is requested... " >&6; } - # Check whether --enable-nls was given. -if test "${enable_nls+set}" = set; then : - enableval=$enable_nls; USE_NLS=$enableval -else - USE_NLS=yes fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 -$as_echo "$USE_NLS" >&6; } - - - +$as_echo "#define KERNEL_KEYRING 1" >>confdefs.h -# Prepare PATH_SEPARATOR. -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh fi - -# Find out how to test for executable files. Don't use a zero-byte file, -# as systems may use methods other than mode bits to determine executability. -cat >conf$$.file <<_ASEOF -#! /bin/sh -exit 0 -_ASEOF -chmod +x conf$$.file -if test -x conf$$.file >/dev/null 2>&1; then - ac_executable_p="test -x" + if test "x$enable_keyring" = "xyes"; then + KERNEL_KEYRING_TRUE= + KERNEL_KEYRING_FALSE='#' else - ac_executable_p="test -f" + KERNEL_KEYRING_TRUE='#' + KERNEL_KEYRING_FALSE= fi -rm -f conf$$.file -# Extract the first word of "msgfmt", so it can be a program name with args. -set dummy msgfmt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_MSGFMT+:} false; then : + +saved_LIBS=$LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uuid_clear in -luuid" >&5 +$as_echo_n "checking for uuid_clear in -luuid... " >&6; } +if ${ac_cv_lib_uuid_uuid_clear+:} false; then : $as_echo_n "(cached) " >&6 else - case "$MSGFMT" in - [\\/]* | ?:[\\/]*) - ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. - ;; - *) - ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS="$ac_save_IFS" - test -z "$ac_dir" && ac_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then - echo "$as_me: trying $ac_dir/$ac_word..." >&5 - if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 && - (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then - ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" - break 2 - fi - fi - done - done - IFS="$ac_save_IFS" - test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" - ;; -esac -fi -MSGFMT="$ac_cv_path_MSGFMT" -if test "$MSGFMT" != ":"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 -$as_echo "$MSGFMT" >&6; } + ac_check_lib_save_LIBS=$LIBS +LIBS="-luuid $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char uuid_clear (); +int +main () +{ +return uuid_clear (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_uuid_uuid_clear=yes else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ac_cv_lib_uuid_uuid_clear=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_uuid_uuid_clear" >&5 +$as_echo "$ac_cv_lib_uuid_uuid_clear" >&6; } +if test "x$ac_cv_lib_uuid_uuid_clear" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBUUID 1 +_ACEOF - # Extract the first word of "gmsgfmt", so it can be a program name with args. -set dummy gmsgfmt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_GMSGFMT+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $GMSGFMT in - [\\/]* | ?:[\\/]*) - ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS + LIBS="-luuid $LIBS" - test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" - ;; -esac -fi -GMSGFMT=$ac_cv_path_GMSGFMT -if test -n "$GMSGFMT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 -$as_echo "$GMSGFMT" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + as_fn_error $? "You need the uuid library." "$LINENO" 5 fi +UUID_LIBS=$LIBS +LIBS=$saved_LIBS - case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in - '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; - *) MSGFMT_015=$MSGFMT ;; - esac - - case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in - '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; - *) GMSGFMT_015=$GMSGFMT ;; - esac - - +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 +$as_echo_n "checking for library containing clock_gettime... " >&6; } +if ${ac_cv_search_clock_gettime+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ -# Prepare PATH_SEPARATOR. -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char clock_gettime (); +int +main () +{ +return clock_gettime (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt posix4; do + if test -z "$ac_lib"; then + ac_res="none required" else - PATH_SEPARATOR=: + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - rm -f conf$$.sh + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_clock_gettime=$ac_res fi - -# Find out how to test for executable files. Don't use a zero-byte file, -# as systems may use methods other than mode bits to determine executability. -cat >conf$$.file <<_ASEOF -#! /bin/sh -exit 0 -_ASEOF -chmod +x conf$$.file -if test -x conf$$.file >/dev/null 2>&1; then - ac_executable_p="test -x" -else - ac_executable_p="test -f" +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_clock_gettime+:} false; then : + break fi -rm -f conf$$.file +done +if ${ac_cv_search_clock_gettime+:} false; then : -# Extract the first word of "xgettext", so it can be a program name with args. -set dummy xgettext; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_XGETTEXT+:} false; then : - $as_echo_n "(cached) " >&6 else - case "$XGETTEXT" in - [\\/]* | ?:[\\/]*) - ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. - ;; - *) - ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS="$ac_save_IFS" - test -z "$ac_dir" && ac_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then - echo "$as_me: trying $ac_dir/$ac_word..." >&5 - if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 && - (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then - ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" - break 2 - fi - fi - done - done - IFS="$ac_save_IFS" - test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" - ;; -esac + ac_cv_search_clock_gettime=no fi -XGETTEXT="$ac_cv_path_XGETTEXT" -if test "$XGETTEXT" != ":"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 -$as_echo "$XGETTEXT" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 +$as_echo "$ac_cv_search_clock_gettime" >&6; } +ac_res=$ac_cv_search_clock_gettime +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - rm -f messages.po - - case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in - '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; - *) XGETTEXT_015=$XGETTEXT ;; - esac - +fi +for ac_func in posix_memalign clock_gettime posix_fallocate explicit_bzero +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF -# Prepare PATH_SEPARATOR. -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh fi +done -# Find out how to test for executable files. Don't use a zero-byte file, -# as systems may use methods other than mode bits to determine executability. -cat >conf$$.file <<_ASEOF -#! /bin/sh -exit 0 -_ASEOF -chmod +x conf$$.file -if test -x conf$$.file >/dev/null 2>&1; then - ac_executable_p="test -x" -else - ac_executable_p="test -f" + +if test "x$enable_largefile" = "xno"; then + as_fn_error $? "Building with --disable-largefile is not supported, it can cause data corruption." "$LINENO" 5 fi -rm -f conf$$.file -# Extract the first word of "msgmerge", so it can be a program name with args. -set dummy msgmerge; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_MSGMERGE+:} false; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 +$as_echo_n "checking for an ANSI C-conforming const... " >&6; } +if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else - case "$MSGMERGE" in - [\\/]* | ?:[\\/]*) - ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. - ;; - *) - ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS="$ac_save_IFS" - test -z "$ac_dir" && ac_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then - echo "$as_me: trying $ac_dir/$ac_word..." >&5 - if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then - ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" - break 2 - fi - fi - done - done - IFS="$ac_save_IFS" - test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" - ;; -esac -fi -MSGMERGE="$ac_cv_path_MSGMERGE" -if test "$MSGMERGE" != ":"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 -$as_echo "$MSGMERGE" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int +main () +{ - test -n "$localedir" || localedir='${datadir}/locale' +#ifndef __cplusplus + /* Ultrix mips cc rejects this sort of thing. */ + typedef int charset[2]; + const charset cs = { 0, 0 }; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *pcpcc; + char **ppc; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + pcpcc = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++pcpcc; + ppc = (char**) pcpcc; + pcpcc = (char const *const *) ppc; + { /* SCO 3.2v4 cc rejects this sort of thing. */ + char tx; + char *t = &tx; + char const *s = 0 ? (char *) 0 : (char const *) 0; + *t++ = 0; + if (s) return 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; } bx; + struct s *b = &bx; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + if (!foo) return 0; + } + return !cs[0] && !zero.x; +#endif - ac_config_commands="$ac_config_commands po-directories" + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_const=yes +else + ac_cv_c_const=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 +$as_echo "$ac_cv_c_const" >&6; } +if test $ac_cv_c_const = no; then +$as_echo "#define const /**/" >>confdefs.h +fi - if test "X$prefix" = "XNONE"; then - acl_final_prefix="$ac_default_prefix" - else - acl_final_prefix="$prefix" - fi - if test "X$exec_prefix" = "XNONE"; then - acl_final_exec_prefix='${prefix}' - else - acl_final_exec_prefix="$exec_prefix" - fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" - prefix="$acl_save_prefix" - - -# Check whether --with-gnu-ld was given. -if test "${with_gnu_ld+set}" = set; then : - withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes -else - with_gnu_ld=no -fi - -# Prepare PATH_SEPARATOR. -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh -fi -ac_prog=ld -if test "$GCC" = yes; then - # Check if gcc -print-prog-name=ld gives a path. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by GCC" >&5 -$as_echo_n "checking for ld used by GCC... " >&6; } - case $host in - *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw - ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; - *) - ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; - esac - case $ac_prog in - # Accept absolute paths. - [\\/]* | [A-Za-z]:[\\/]*) - re_direlt='/[^/][^/]*/\.\./' - # Canonicalize the path of ld - ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` - while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do - ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` - done - test -z "$LD" && LD="$ac_prog" - ;; - "") - # If it fails, then pretend we aren't using GCC. - ac_prog=ld - ;; - *) - # If it is relative, then search for the first ld in PATH. - with_gnu_ld=unknown - ;; - esac -elif test "$with_gnu_ld" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 -$as_echo_n "checking for GNU ld... " >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 -$as_echo_n "checking for non-GNU ld... " >&6; } -fi -if ${acl_cv_path_LD+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if ${ac_cv_c_bigendian+:} false; then : $as_echo_n "(cached) " >&6 else - if test -z "$LD"; then - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - acl_cv_path_LD="$ac_dir/$ac_prog" - # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some GNU ld's only accept -v. - # Break only if it was the GNU/non-GNU ld that we prefer. - case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in - *GNU* | *'with BFD'*) - test "$with_gnu_ld" != no && break ;; - *) - test "$with_gnu_ld" != yes && break ;; - esac - fi - done - IFS="$ac_save_ifs" -else - acl_cv_path_LD="$LD" # Let the user override the test with a path. -fi -fi + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; -LD="$acl_cv_path_LD" -if test -n "$LD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 -$as_echo "$LD" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 -$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } -if ${acl_cv_prog_gnu_ld+:} false; then : - $as_echo_n "(cached) " >&6 -else - # I'd rather use --version here, but apparently some GNU ld's only accept -v. -case `$LD -v 2>&1 &5 -$as_echo "$acl_cv_prog_gnu_ld" >&6; } -with_gnu_ld=$acl_cv_prog_gnu_ld +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5 -$as_echo_n "checking for shared library run path origin... " >&6; } -if ${acl_cv_rpath+:} false; then : - $as_echo_n "(cached) " >&6 + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes else - - CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ - ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh - . ./conftest.sh - rm -f ./conftest.sh - acl_cv_rpath=done - + ac_cv_c_bigendian=no fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5 -$as_echo "$acl_cv_rpath" >&6; } - wl="$acl_cv_wl" - libext="$acl_cv_libext" - shlibext="$acl_cv_shlibext" - hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" - hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" - hardcode_direct="$acl_cv_hardcode_direct" - hardcode_minus_L="$acl_cv_hardcode_minus_L" - # Check whether --enable-rpath was given. -if test "${enable_rpath+set}" = set; then : - enableval=$enable_rpath; : -else - enable_rpath=yes +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include - acl_libdirstem=lib - searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` - if test -n "$searchpath"; then - acl_save_IFS="${IFS= }"; IFS=":" - for searchdir in $searchpath; do - if test -d "$searchdir"; then - case "$searchdir" in - */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; - *) searchdir=`cd "$searchdir" && pwd` - case "$searchdir" in - */lib64 ) acl_libdirstem=lib64 ;; - esac ;; - esac - fi - done - IFS="$acl_save_IFS" - fi - - +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +$as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) - use_additional=yes +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" +ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" +if test "x$ac_cv_type_off_t" = xyes; then : - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +else +cat >>confdefs.h <<_ACEOF +#define off_t long int +_ACEOF -# Check whether --with-libiconv-prefix was given. -if test "${with_libiconv_prefix+set}" = set; then : - withval=$with_libiconv_prefix; - if test "X$withval" = "Xno"; then - use_additional=no - else - if test "X$withval" = "X"; then +fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" +# Check whether --enable-largefile was given. +if test "${enable_largefile+set}" = set; then : + enableval=$enable_largefile; +fi - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" +if test "$enable_largefile" != no; then - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +$as_echo_n "checking for special C compiler options needed for large files... " >&6; } +if ${ac_cv_sys_largefile_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ - else - additional_includedir="$withval/include" - additional_libdir="$withval/$acl_libdirstem" - fi + ; + return 0; +} +_ACEOF + if ac_fn_c_try_compile "$LINENO"; then : + break +fi +rm -f core conftest.err conftest.$ac_objext + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_largefile_CC=' -n32'; break +fi +rm -f core conftest.err conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext fi - fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +$as_echo "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi - LIBICONV= - LTLIBICONV= - INCICONV= - rpathdirs= - ltrpathdirs= - names_already_handled= - names_next_round='iconv ' - while test -n "$names_next_round"; do - names_this_round="$names_next_round" - names_next_round= - for name in $names_this_round; do - already_handled= - for n in $names_already_handled; do - if test "$n" = "$name"; then - already_handled=yes - break - fi - done - if test -z "$already_handled"; then - names_already_handled="$names_already_handled $name" - uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` - eval value=\"\$HAVE_LIB$uppername\" - if test -n "$value"; then - if test "$value" = yes; then - eval value=\"\$LIB$uppername\" - test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value" - eval value=\"\$LTLIB$uppername\" - test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value" - else - : - fi - else - found_dir= - found_la= - found_so= - found_a= - if test $use_additional = yes; then - if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then - found_dir="$additional_libdir" - found_so="$additional_libdir/lib$name.$shlibext" - if test -f "$additional_libdir/lib$name.la"; then - found_la="$additional_libdir/lib$name.la" - fi - else - if test -f "$additional_libdir/lib$name.$libext"; then - found_dir="$additional_libdir" - found_a="$additional_libdir/lib$name.$libext" - if test -f "$additional_libdir/lib$name.la"; then - found_la="$additional_libdir/lib$name.la" - fi - fi - fi - fi - if test "X$found_dir" = "X"; then - for x in $LDFLAGS $LTLIBICONV; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if ${ac_cv_sys_file_offset_bits+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ - case "$x" in - -L*) - dir=`echo "X$x" | sed -e 's/^X-L//'` - if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then - found_dir="$dir" - found_so="$dir/lib$name.$shlibext" - if test -f "$dir/lib$name.la"; then - found_la="$dir/lib$name.la" - fi - else - if test -f "$dir/lib$name.$libext"; then - found_dir="$dir" - found_a="$dir/lib$name.$libext" - if test -f "$dir/lib$name.la"; then - found_la="$dir/lib$name.la" + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=64; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF +;; +esac +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } +if ${ac_cv_sys_large_files+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=1; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +$as_echo "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF +;; +esac +rm -rf conftest* + fi + + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 +$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } +if ${ac_cv_sys_largefile_source+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include /* for off_t */ + #include +int +main () +{ +int (*fp) (FILE *, off_t, int) = fseeko; + return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_sys_largefile_source=no; break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGEFILE_SOURCE 1 +#include /* for off_t */ + #include +int +main () +{ +int (*fp) (FILE *, off_t, int) = fseeko; + return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_sys_largefile_source=1; break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_cv_sys_largefile_source=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5 +$as_echo "$ac_cv_sys_largefile_source" >&6; } +case $ac_cv_sys_largefile_source in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source +_ACEOF +;; +esac +rm -rf conftest* + +# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug +# in glibc 2.1.3, but that breaks too many other things. +# If you want fseeko and ftello with glibc, upgrade to a fixed glibc. +if test $ac_cv_sys_largefile_source != unknown; then + +$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h + +fi + +if test $ac_cv_c_compiler_gnu = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 +$as_echo_n "checking whether $CC needs -traditional... " >&6; } +if ${ac_cv_prog_gcc_traditional+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_pattern="Autoconf.*'x'" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +Autoconf TIOCGETP +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "$ac_pattern" >/dev/null 2>&1; then : + ac_cv_prog_gcc_traditional=yes +else + ac_cv_prog_gcc_traditional=no +fi +rm -f conftest* + + + if test $ac_cv_prog_gcc_traditional = no; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +Autoconf TCGETA +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "$ac_pattern" >/dev/null 2>&1; then : + ac_cv_prog_gcc_traditional=yes +fi +rm -f conftest* + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 +$as_echo "$ac_cv_prog_gcc_traditional" >&6; } + if test $ac_cv_prog_gcc_traditional = yes; then + CC="$CC -traditional" + fi +fi + +ac_fn_c_check_decl "$LINENO" "strerror_r" "ac_cv_have_decl_strerror_r" "$ac_includes_default" +if test "x$ac_cv_have_decl_strerror_r" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_STRERROR_R $ac_have_decl +_ACEOF + +for ac_func in strerror_r +do : + ac_fn_c_check_func "$LINENO" "strerror_r" "ac_cv_func_strerror_r" +if test "x$ac_cv_func_strerror_r" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRERROR_R 1 +_ACEOF + +fi +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strerror_r returns char *" >&5 +$as_echo_n "checking whether strerror_r returns char *... " >&6; } +if ${ac_cv_func_strerror_r_char_p+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_cv_func_strerror_r_char_p=no + if test $ac_cv_have_decl_strerror_r = yes; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + char buf[100]; + char x = *strerror_r (0, buf, sizeof buf); + char *p = strerror_r (0, buf, sizeof buf); + return !p || x; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_func_strerror_r_char_p=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + else + # strerror_r is not declared. Choose between + # systems that have relatively inaccessible declarations for the + # function. BeOS and DEC UNIX 4.0 fall in this category, but the + # former has a strerror_r that returns char*, while the latter + # has a strerror_r that returns `int'. + # This test should segfault on the DEC system. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default + extern char *strerror_r (); +int +main () +{ +char buf[100]; + char x = *strerror_r (0, buf, sizeof buf); + return ! isalpha (x); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_strerror_r_char_p=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strerror_r_char_p" >&5 +$as_echo "$ac_cv_func_strerror_r_char_p" >&6; } +if test $ac_cv_func_strerror_r_char_p = yes; then + +$as_echo "#define STRERROR_R_CHAR_P 1" >>confdefs.h + +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 +$as_echo_n "checking whether NLS is requested... " >&6; } + # Check whether --enable-nls was given. +if test "${enable_nls+set}" = set; then : + enableval=$enable_nls; USE_NLS=$enableval +else + USE_NLS=yes +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 +$as_echo "$USE_NLS" >&6; } + + + + + GETTEXT_MACRO_VERSION=0.18 + + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "msgfmt", so it can be a program name with args. +set dummy msgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$MSGFMT" in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 && + (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" + ;; +esac +fi +MSGFMT="$ac_cv_path_MSGFMT" +if test "$MSGFMT" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 +$as_echo "$MSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + # Extract the first word of "gmsgfmt", so it can be a program name with args. +set dummy gmsgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GMSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GMSGFMT in + [\\/]* | ?:[\\/]*) + ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" + ;; +esac +fi +GMSGFMT=$ac_cv_path_GMSGFMT +if test -n "$GMSGFMT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 +$as_echo "$GMSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; + *) MSGFMT_015=$MSGFMT ;; + esac + + case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; + *) GMSGFMT_015=$GMSGFMT ;; + esac + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "xgettext", so it can be a program name with args. +set dummy xgettext; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_XGETTEXT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$XGETTEXT" in + [\\/]* | ?:[\\/]*) + ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 && + (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" + ;; +esac +fi +XGETTEXT="$ac_cv_path_XGETTEXT" +if test "$XGETTEXT" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 +$as_echo "$XGETTEXT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + rm -f messages.po + + case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; + *) XGETTEXT_015=$XGETTEXT ;; + esac + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "msgmerge", so it can be a program name with args. +set dummy msgmerge; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGMERGE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$MSGMERGE" in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then + ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" + ;; +esac +fi +MSGMERGE="$ac_cv_path_MSGMERGE" +if test "$MSGMERGE" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 +$as_echo "$MSGMERGE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$localedir" || localedir='${datadir}/locale' + + + test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= + + + ac_config_commands="$ac_config_commands po-directories" + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5 +$as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; } +if ${gt_cv_func_CFPreferencesCopyAppValue+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFPreferencesCopyAppValue(NULL, NULL) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFPreferencesCopyAppValue=yes +else + gt_cv_func_CFPreferencesCopyAppValue=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5 +$as_echo "$gt_cv_func_CFPreferencesCopyAppValue" >&6; } + if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then + +$as_echo "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5 +$as_echo_n "checking for CFLocaleCopyCurrent... " >&6; } +if ${gt_cv_func_CFLocaleCopyCurrent+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFLocaleCopyCurrent(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFLocaleCopyCurrent=yes +else + gt_cv_func_CFLocaleCopyCurrent=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5 +$as_echo "$gt_cv_func_CFLocaleCopyCurrent" >&6; } + if test $gt_cv_func_CFLocaleCopyCurrent = yes; then + +$as_echo "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h + + fi + INTL_MACOSX_LIBS= + if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then + INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" + fi + + + + + + + LIBINTL= + LTLIBINTL= + POSUB= + + case " $gt_needs " in + *" need-formatstring-macros "*) gt_api_version=3 ;; + *" need-ngettext "*) gt_api_version=2 ;; + *) gt_api_version=1 ;; + esac + gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc" + gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl" + + if test "$USE_NLS" = "yes"; then + gt_use_preinstalled_gnugettext=no + + + if test $gt_api_version -ge 3; then + gt_revision_test_code=' +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) +#endif +typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; +' + else + gt_revision_test_code= + fi + if test $gt_api_version -ge 2; then + gt_expression_test_code=' + * ngettext ("", "", 0)' + else + gt_expression_test_code= + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5 +$as_echo_n "checking for GNU gettext in libc... " >&6; } +if eval \${$gt_func_gnugettext_libc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; +extern int *_nl_domain_bindings; + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$gt_func_gnugettext_libc=yes" +else + eval "$gt_func_gnugettext_libc=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$gt_func_gnugettext_libc + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then + + + + + + am_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCICONV; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5 +$as_echo_n "checking for iconv... " >&6; } +if ${am_cv_func_iconv+:} false; then : + $as_echo_n "(cached) " >&6 +else + + am_cv_func_iconv="no, consider installing GNU libiconv" + am_cv_lib_iconv=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_func_iconv=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test "$am_cv_func_iconv" != yes; then + am_save_LIBS="$LIBS" + LIBS="$LIBS $LIBICONV" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_lib_iconv=yes + am_cv_func_iconv=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$am_save_LIBS" + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5 +$as_echo "$am_cv_func_iconv" >&6; } + if test "$am_cv_func_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5 +$as_echo_n "checking for working iconv... " >&6; } +if ${am_cv_func_iconv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + am_save_LIBS="$LIBS" + if test $am_cv_lib_iconv = yes; then + LIBS="$LIBS $LIBICONV" + fi + if test "$cross_compiling" = yes; then : + + case "$host_os" in + aix* | hpux*) am_cv_func_iconv_works="guessing no" ;; + *) am_cv_func_iconv_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main () +{ + int result = 0; + /* Test against AIX 5.1 bug: Failures are not distinguishable from successful + returns. */ + { + iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8"); + if (cd_utf8_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\342\202\254"; /* EURO SIGN */ + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_utf8_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 1; + iconv_close (cd_utf8_to_88591); + } + } + /* Test against Solaris 10 bug: Failures are not distinguishable from + successful returns. */ + { + iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646"); + if (cd_ascii_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\263"; + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_ascii_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 2; + iconv_close (cd_ascii_to_88591); + } + } + /* Test against AIX 6.1..7.1 bug: Buffer overrun. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304"; + static char buf[2] = { (char)0xDE, (char)0xAD }; + const char *inptr = input; + size_t inbytesleft = 1; + char *outptr = buf; + size_t outbytesleft = 1; + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD) + result |= 4; + iconv_close (cd_88591_to_utf8); + } + } +#if 0 /* This bug could be worked around by the caller. */ + /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337"; + char buf[50]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if ((int)res > 0) + result |= 8; + iconv_close (cd_88591_to_utf8); + } + } +#endif + /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is + provided. */ + if (/* Try standardized names. */ + iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1) + /* Try IRIX, OSF/1 names. */ + && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1) + /* Try AIX names. */ + && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1) + /* Try HP-UX names. */ + && iconv_open ("utf8", "eucJP") == (iconv_t)(-1)) + result |= 16; + return result; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + am_cv_func_iconv_works=yes +else + am_cv_func_iconv_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LIBS="$am_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5 +$as_echo "$am_cv_func_iconv_works" >&6; } + case "$am_cv_func_iconv_works" in + *no) am_func_iconv=no am_cv_lib_iconv=no ;; + *) am_func_iconv=yes ;; + esac + else + am_func_iconv=no am_cv_lib_iconv=no + fi + if test "$am_func_iconv" = yes; then + +$as_echo "#define HAVE_ICONV 1" >>confdefs.h + + fi + if test "$am_cv_lib_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5 +$as_echo_n "checking how to link with libiconv... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5 +$as_echo "$LIBICONV" >&6; } + else + CPPFLAGS="$am_save_CPPFLAGS" + LIBICONV= + LTLIBICONV= + fi + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libintl-prefix was given. +if test "${with_libintl_prefix+set}" = set; then : + withval=$with_libintl_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && ! test -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBINTL= + LTLIBINTL= + INCINTL= + LIBINTL_PREFIX= + HAVE_LIBINTL= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='intl ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done fi fi fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi ;; esac if test "X$found_dir" != "X"; then @@ -14618,10 +16674,12 @@ fi done fi if test "X$found_dir" != "X"; then - LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name" + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then - if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then - LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else haveit= for x in $ltrpathdirs; do @@ -14633,11 +16691,11 @@ fi if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $found_dir" fi - if test "$hardcode_direct" = yes; then - LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + if test "$acl_hardcode_direct" = yes; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else - if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then - LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then @@ -14646,1030 +16704,1709 @@ fi fi done if test -z "$haveit"; then - rpathdirs="$rpathdirs $found_dir" + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir" fi - else - haveit= - for x in $LDFLAGS $LIBICONV; do + if test "$acl_hardcode_minus_L" != no; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a" + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'intl'; then + LIBINTL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'intl'; then + LIBINTL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBINTL="${LIBINTL}${LIBINTL:+ }$dep" + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep" + ;; + esac + done + fi + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir" + done + fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5 +$as_echo_n "checking for GNU gettext in libintl... " >&6; } +if eval \${$gt_func_gnugettext_libintl+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $INCINTL" + gt_save_LIBS="$LIBS" + LIBS="$LIBS $LIBINTL" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("") + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$gt_func_gnugettext_libintl=yes" +else + eval "$gt_func_gnugettext_libintl=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then + LIBS="$LIBS $LIBICONV" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("") + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + LIBINTL="$LIBINTL $LIBICONV" + LTLIBINTL="$LTLIBINTL $LTLIBICONV" + eval "$gt_func_gnugettext_libintl=yes" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + CPPFLAGS="$gt_save_CPPFLAGS" + LIBS="$gt_save_LIBS" +fi +eval ac_res=\$$gt_func_gnugettext_libintl + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + fi + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \ + || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \ + && test "$PACKAGE" != gettext-runtime \ + && test "$PACKAGE" != gettext-tools; }; then + gt_use_preinstalled_gnugettext=yes + else + LIBINTL= + LTLIBINTL= + INCINTL= + fi + + + + if test -n "$INTL_MACOSX_LIBS"; then + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + LIBINTL="$LIBINTL $INTL_MACOSX_LIBS" + LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS" + fi + fi + + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + +$as_echo "#define ENABLE_NLS 1" >>confdefs.h + + else + USE_NLS=no + fi + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5 +$as_echo_n "checking whether to use NLS... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 +$as_echo "$USE_NLS" >&6; } + if test "$USE_NLS" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5 +$as_echo_n "checking where the gettext function comes from... " >&6; } + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + gt_source="external libintl" + else + gt_source="libc" + fi + else + gt_source="included intl directory" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5 +$as_echo "$gt_source" >&6; } + fi + + if test "$USE_NLS" = "yes"; then + + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5 +$as_echo_n "checking how to link with libintl... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5 +$as_echo "$LIBINTL" >&6; } + + for element in $INCINTL; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + fi + + +$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h + + +$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h + + fi + + POSUB=po + fi + + + + INTLLIBS="$LIBINTL" + + + + + + + + + +saved_LIBS=$LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for poptConfigFileToString in -lpopt" >&5 +$as_echo_n "checking for poptConfigFileToString in -lpopt... " >&6; } +if ${ac_cv_lib_popt_poptConfigFileToString+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpopt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char poptConfigFileToString (); +int +main () +{ +return poptConfigFileToString (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_popt_poptConfigFileToString=yes +else + ac_cv_lib_popt_poptConfigFileToString=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_popt_poptConfigFileToString" >&5 +$as_echo "$ac_cv_lib_popt_poptConfigFileToString" >&6; } +if test "x$ac_cv_lib_popt_poptConfigFileToString" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBPOPT 1 +_ACEOF + + LIBS="-lpopt $LIBS" + +else + as_fn_error $? "You need popt 1.7 or newer to compile." "$LINENO" 5 +fi + +POPT_LIBS=$LIBS + +LIBS=$saved_LIBS + +# Check whether --enable-fips was given. +if test "${enable_fips+set}" = set; then : + enableval=$enable_fips; +fi + +if test "x$enable_fips" = "xyes"; then + +$as_echo "#define ENABLE_FIPS 1" >>confdefs.h + + + if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then + as_fn_error $? "Static build is not compatible with FIPS." "$LINENO" 5 + fi +fi + + + +# Check whether --enable-pwquality was given. +if test "${enable_pwquality+set}" = set; then : + enableval=$enable_pwquality; +fi + + +if test "x$enable_pwquality" = "xyes"; then + +$as_echo "#define ENABLE_PWQUALITY 1" >>confdefs.h + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pwquality >= 1.0.0" >&5 +$as_echo_n "checking for pwquality >= 1.0.0... " >&6; } + +if test -n "$PWQUALITY_CFLAGS"; then + pkg_cv_PWQUALITY_CFLAGS="$PWQUALITY_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"pwquality >= 1.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "pwquality >= 1.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PWQUALITY_CFLAGS=`$PKG_CONFIG --cflags "pwquality >= 1.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$PWQUALITY_LIBS"; then + pkg_cv_PWQUALITY_LIBS="$PWQUALITY_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"pwquality >= 1.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "pwquality >= 1.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PWQUALITY_LIBS=`$PKG_CONFIG --libs "pwquality >= 1.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + PWQUALITY_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "pwquality >= 1.0.0" 2>&1` + else + PWQUALITY_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "pwquality >= 1.0.0" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$PWQUALITY_PKG_ERRORS" >&5 + + as_fn_error $? "You need pwquality library." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "You need pwquality library." "$LINENO" 5 +else + PWQUALITY_CFLAGS=$pkg_cv_PWQUALITY_CFLAGS + PWQUALITY_LIBS=$pkg_cv_PWQUALITY_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +fi - if test "X$x" = "X-L$found_dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir" - fi - if test "$hardcode_minus_L" != no; then - LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" - else - LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" - fi - fi - fi - fi - else - if test "X$found_a" != "X"; then - LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a" - else - LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name" - fi - fi - additional_includedir= - case "$found_dir" in - */$acl_libdirstem | */$acl_libdirstem/) - basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` - additional_includedir="$basedir/include" - ;; - esac - if test "X$additional_includedir" != "X"; then - if test "X$additional_includedir" != "X/usr/include"; then - haveit= - if test "X$additional_includedir" = "X/usr/local/include"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - for x in $CPPFLAGS $INCICONV; do + PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz" +fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +# Check whether --enable-passwdqc was given. +if test "${enable_passwdqc+set}" = set; then : + enableval=$enable_passwdqc; +fi - if test "X$x" = "X-I$additional_includedir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_includedir"; then - INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir" - fi - fi - fi - fi - fi - if test -n "$found_la"; then - save_libdir="$libdir" - case "$found_la" in - */* | *\\*) . "$found_la" ;; - *) . "./$found_la" ;; - esac - libdir="$save_libdir" - for dep in $dependency_libs; do - case "$dep" in - -L*) - additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` - if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then - haveit= - if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - haveit= - for x in $LDFLAGS $LIBICONV; do - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +case "$enable_passwdqc" in + ""|yes|no) use_passwdqc_config="" ;; + /*) use_passwdqc_config="$enable_passwdqc"; enable_passwdqc=yes ;; + *) as_fn_error $? "Unrecognized --enable-passwdqc parameter." "$LINENO" 5 ;; +esac - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir" - fi - fi - haveit= - for x in $LDFLAGS $LTLIBICONV; do +cat >>confdefs.h <<_ACEOF +#define PASSWDQC_CONFIG_FILE "$use_passwdqc_config" +_ACEOF - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir" - fi - fi - fi - fi - ;; - -R*) - dir=`echo "X$dep" | sed -e 's/^X-R//'` - if test "$enable_rpath" != no; then - haveit= - for x in $rpathdirs; do - if test "X$x" = "X$dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - rpathdirs="$rpathdirs $dir" - fi - haveit= - for x in $ltrpathdirs; do - if test "X$x" = "X$dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - ltrpathdirs="$ltrpathdirs $dir" - fi - fi - ;; - -l*) - names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` - ;; - *.la) - names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` - ;; - *) - LIBICONV="${LIBICONV}${LIBICONV:+ }$dep" - LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep" - ;; - esac - done - fi - else - LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" - LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name" - fi - fi - fi - done - done - if test "X$rpathdirs" != "X"; then - if test -n "$hardcode_libdir_separator"; then - alldirs= - for found_dir in $rpathdirs; do - alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" - done - acl_save_libdir="$libdir" - libdir="$alldirs" - eval flag=\"$hardcode_libdir_flag_spec\" - libdir="$acl_save_libdir" - LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" - else - for found_dir in $rpathdirs; do - acl_save_libdir="$libdir" - libdir="$found_dir" - eval flag=\"$hardcode_libdir_flag_spec\" - libdir="$acl_save_libdir" - LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" - done - fi - fi - if test "X$ltrpathdirs" != "X"; then - for found_dir in $ltrpathdirs; do - LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir" - done - fi +if test "x$enable_passwdqc" = "xyes"; then + +$as_echo "#define ENABLE_PASSWDQC 1" >>confdefs.h + + + PASSWDQC_LIBS="-lpasswdqc" +fi + +if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then + as_fn_error $? "--enable-pwquality and --enable-passwdqc are mutually incompatible." "$LINENO" 5 +fi + + + + + + + + + + + + +saved_LIBS=$LIBS + +# Check whether --enable-static-cryptsetup was given. +if test "${enable_static_cryptsetup+set}" = set; then : + enableval=$enable_static_cryptsetup; +fi + +if test "x$enable_static_cryptsetup" = "xyes"; then + if test "x$enable_static" = "xno"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Requested static cryptsetup build, enabling static library." >&5 +$as_echo "$as_me: WARNING: Requested static cryptsetup build, enabling static library." >&2;} + enable_static=yes + fi +fi + if test "x$enable_static_cryptsetup" = "xyes"; then + STATIC_TOOLS_TRUE= + STATIC_TOOLS_FALSE='#' +else + STATIC_TOOLS_TRUE='#' + STATIC_TOOLS_FALSE= +fi + + +# Check whether --enable-cryptsetup was given. +if test "${enable_cryptsetup+set}" = set; then : + enableval=$enable_cryptsetup; +else + enable_cryptsetup=yes +fi + + if test "x$enable_cryptsetup" = "xyes"; then + CRYPTSETUP_TRUE= + CRYPTSETUP_FALSE='#' +else + CRYPTSETUP_TRUE='#' + CRYPTSETUP_FALSE= +fi + + +# Check whether --enable-veritysetup was given. +if test "${enable_veritysetup+set}" = set; then : + enableval=$enable_veritysetup; +else + enable_veritysetup=yes +fi + + if test "x$enable_veritysetup" = "xyes"; then + VERITYSETUP_TRUE= + VERITYSETUP_FALSE='#' +else + VERITYSETUP_TRUE='#' + VERITYSETUP_FALSE= +fi + + +# Check whether --enable-cryptsetup-reencrypt was given. +if test "${enable_cryptsetup_reencrypt+set}" = set; then : + enableval=$enable_cryptsetup_reencrypt; +else + enable_cryptsetup_reencrypt=yes +fi + if test "x$enable_cryptsetup_reencrypt" = "xyes"; then + REENCRYPT_TRUE= + REENCRYPT_FALSE='#' +else + REENCRYPT_TRUE='#' + REENCRYPT_FALSE= +fi +# Check whether --enable-integritysetup was given. +if test "${enable_integritysetup+set}" = set; then : + enableval=$enable_integritysetup; +else + enable_integritysetup=yes +fi + if test "x$enable_integritysetup" = "xyes"; then + INTEGRITYSETUP_TRUE= + INTEGRITYSETUP_FALSE='#' +else + INTEGRITYSETUP_TRUE='#' + INTEGRITYSETUP_FALSE= +fi +# Check whether --enable-selinux was given. +if test "${enable_selinux+set}" = set; then : + enableval=$enable_selinux; +else + enable_selinux=yes +fi +# Check whether --enable-udev was given. +if test "${enable_udev+set}" = set; then : + enableval=$enable_udev; +else + enable_udev=yes +fi +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for devmapper >= 1.02.03" >&5 +$as_echo_n "checking for devmapper >= 1.02.03... " >&6; } +if test -n "$DEVMAPPER_CFLAGS"; then + pkg_cv_DEVMAPPER_CFLAGS="$DEVMAPPER_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.03\""; } >&5 + ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.03") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_DEVMAPPER_CFLAGS=`$PKG_CONFIG --cflags "devmapper >= 1.02.03" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$DEVMAPPER_LIBS"; then + pkg_cv_DEVMAPPER_LIBS="$DEVMAPPER_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.03\""; } >&5 + ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.03") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_DEVMAPPER_LIBS=`$PKG_CONFIG --libs "devmapper >= 1.02.03" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + DEVMAPPER_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "devmapper >= 1.02.03" 2>&1` + else + DEVMAPPER_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "devmapper >= 1.02.03" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$DEVMAPPER_PKG_ERRORS" >&5 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5 -$as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; } -if ${gt_cv_func_CFPreferencesCopyAppValue+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_name in -ldevmapper" >&5 +$as_echo_n "checking for dm_task_set_name in -ldevmapper... " >&6; } +if ${ac_cv_lib_devmapper_dm_task_set_name+:} false; then : $as_echo_n "(cached) " >&6 else - gt_save_LIBS="$LIBS" - LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldevmapper $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dm_task_set_name (); int main () { -CFPreferencesCopyAppValue(NULL, NULL) +return dm_task_set_name (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - gt_cv_func_CFPreferencesCopyAppValue=yes + ac_cv_lib_devmapper_dm_task_set_name=yes else - gt_cv_func_CFPreferencesCopyAppValue=no + ac_cv_lib_devmapper_dm_task_set_name=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - LIBS="$gt_save_LIBS" +LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5 -$as_echo "$gt_cv_func_CFPreferencesCopyAppValue" >&6; } - if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_name" >&5 +$as_echo "$ac_cv_lib_devmapper_dm_task_set_name" >&6; } +if test "x$ac_cv_lib_devmapper_dm_task_set_name" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDEVMAPPER 1 +_ACEOF -$as_echo "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h + LIBS="-ldevmapper $LIBS" - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5 -$as_echo_n "checking for CFLocaleCopyCurrent... " >&6; } -if ${gt_cv_func_CFLocaleCopyCurrent+:} false; then : +else + as_fn_error $? "You need the device-mapper library." "$LINENO" 5 +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_message in -ldevmapper" >&5 +$as_echo_n "checking for dm_task_set_message in -ldevmapper... " >&6; } +if ${ac_cv_lib_devmapper_dm_task_set_message+:} false; then : $as_echo_n "(cached) " >&6 else - gt_save_LIBS="$LIBS" - LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldevmapper $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dm_task_set_message (); int main () { -CFLocaleCopyCurrent(); +return dm_task_set_message (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - gt_cv_func_CFLocaleCopyCurrent=yes + ac_cv_lib_devmapper_dm_task_set_message=yes else - gt_cv_func_CFLocaleCopyCurrent=no + ac_cv_lib_devmapper_dm_task_set_message=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - LIBS="$gt_save_LIBS" +LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5 -$as_echo "$gt_cv_func_CFLocaleCopyCurrent" >&6; } - if test $gt_cv_func_CFLocaleCopyCurrent = yes; then - -$as_echo "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h - - fi - INTL_MACOSX_LIBS= - if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then - INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" - fi - - - - +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_message" >&5 +$as_echo "$ac_cv_lib_devmapper_dm_task_set_message" >&6; } +if test "x$ac_cv_lib_devmapper_dm_task_set_message" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDEVMAPPER 1 +_ACEOF + LIBS="-ldevmapper $LIBS" - LIBINTL= - LTLIBINTL= - POSUB= +else + as_fn_error $? "The device-mapper library on your system is too old." "$LINENO" 5 +fi - if test "$USE_NLS" = "yes"; then - gt_use_preinstalled_gnugettext=no + DEVMAPPER_LIBS=$LIBS +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_name in -ldevmapper" >&5 +$as_echo_n "checking for dm_task_set_name in -ldevmapper... " >&6; } +if ${ac_cv_lib_devmapper_dm_task_set_name+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldevmapper $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dm_task_set_name (); +int +main () +{ +return dm_task_set_name (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_devmapper_dm_task_set_name=yes +else + ac_cv_lib_devmapper_dm_task_set_name=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_name" >&5 +$as_echo "$ac_cv_lib_devmapper_dm_task_set_name" >&6; } +if test "x$ac_cv_lib_devmapper_dm_task_set_name" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDEVMAPPER 1 +_ACEOF + LIBS="-ldevmapper $LIBS" +else + as_fn_error $? "You need the device-mapper library." "$LINENO" 5 +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5 -$as_echo_n "checking for GNU gettext in libc... " >&6; } -if ${gt_cv_func_gnugettext2_libc+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_message in -ldevmapper" >&5 +$as_echo_n "checking for dm_task_set_message in -ldevmapper... " >&6; } +if ${ac_cv_lib_devmapper_dm_task_set_message+:} false; then : $as_echo_n "(cached) " >&6 else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldevmapper $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -extern int _nl_msg_cat_cntr; -extern int *_nl_domain_bindings; + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dm_task_set_message (); int main () { -bindtextdomain ("", ""); -return * gettext ("") + * ngettext ("", "", 0) + _nl_msg_cat_cntr + *_nl_domain_bindings +return dm_task_set_message (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - gt_cv_func_gnugettext2_libc=yes + ac_cv_lib_devmapper_dm_task_set_message=yes else - gt_cv_func_gnugettext2_libc=no + ac_cv_lib_devmapper_dm_task_set_message=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_gnugettext2_libc" >&5 -$as_echo "$gt_cv_func_gnugettext2_libc" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_message" >&5 +$as_echo "$ac_cv_lib_devmapper_dm_task_set_message" >&6; } +if test "x$ac_cv_lib_devmapper_dm_task_set_message" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDEVMAPPER 1 +_ACEOF - if test "$gt_cv_func_gnugettext2_libc" != "yes"; then + LIBS="-ldevmapper $LIBS" +else + as_fn_error $? "The device-mapper library on your system is too old." "$LINENO" 5 +fi + DEVMAPPER_LIBS=$LIBS +else + DEVMAPPER_CFLAGS=$pkg_cv_DEVMAPPER_CFLAGS + DEVMAPPER_LIBS=$pkg_cv_DEVMAPPER_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +LIBS=$saved_LIBS - am_save_CPPFLAGS="$CPPFLAGS" +LIBS="$LIBS $DEVMAPPER_LIBS" +ac_fn_c_check_decl "$LINENO" "dm_task_secure_data" "ac_cv_have_decl_dm_task_secure_data" "#include +" +if test "x$ac_cv_have_decl_dm_task_secure_data" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi - for element in $INCICONV; do - haveit= - for x in $CPPFLAGS; do +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_TASK_SECURE_DATA $ac_have_decl +_ACEOF - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +ac_fn_c_check_decl "$LINENO" "dm_task_retry_remove" "ac_cv_have_decl_dm_task_retry_remove" "#include +" +if test "x$ac_cv_have_decl_dm_task_retry_remove" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi - if test "X$x" = "X$element"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" - fi - done +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_TASK_RETRY_REMOVE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "dm_task_deferred_remove" "ac_cv_have_decl_dm_task_deferred_remove" "#include +" +if test "x$ac_cv_have_decl_dm_task_deferred_remove" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5 -$as_echo_n "checking for iconv... " >&6; } -if ${am_cv_func_iconv+:} false; then : - $as_echo_n "(cached) " >&6 +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_TASK_DEFERRED_REMOVE $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "dm_device_has_mounted_fs" "ac_cv_have_decl_dm_device_has_mounted_fs" "#include +" +if test "x$ac_cv_have_decl_dm_device_has_mounted_fs" = xyes; then : + ac_have_decl=1 else + ac_have_decl=0 +fi - am_cv_func_iconv="no, consider installing GNU libiconv" - am_cv_lib_iconv=no - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -int -main () -{ -iconv_t cd = iconv_open("",""); - iconv(cd,NULL,NULL,NULL,NULL); - iconv_close(cd); - ; - return 0; -} +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS $ac_have_decl _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - am_cv_func_iconv=yes + +ac_fn_c_check_decl "$LINENO" "dm_device_has_holders" "ac_cv_have_decl_dm_device_has_holders" "#include +" +if test "x$ac_cv_have_decl_dm_device_has_holders" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - if test "$am_cv_func_iconv" != yes; then - am_save_LIBS="$LIBS" - LIBS="$LIBS $LIBICONV" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -int -main () -{ -iconv_t cd = iconv_open("",""); - iconv(cd,NULL,NULL,NULL,NULL); - iconv_close(cd); - ; - return 0; -} + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_DEVICE_HAS_HOLDERS $ac_have_decl _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - am_cv_lib_iconv=yes - am_cv_func_iconv=yes + +ac_fn_c_check_decl "$LINENO" "dm_device_get_name" "ac_cv_have_decl_dm_device_get_name" "#include +" +if test "x$ac_cv_have_decl_dm_device_get_name" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS="$am_save_LIBS" - fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_DEVICE_GET_NAME $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "DM_DEVICE_GET_TARGET_VERSION" "ac_cv_have_decl_DM_DEVICE_GET_TARGET_VERSION" "#include +" +if test "x$ac_cv_have_decl_DM_DEVICE_GET_TARGET_VERSION" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5 -$as_echo "$am_cv_func_iconv" >&6; } - if test "$am_cv_func_iconv" = yes; then -$as_echo "#define HAVE_ICONV 1" >>confdefs.h +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_DEVICE_GET_TARGET_VERSION $ac_have_decl +_ACEOF - fi - if test "$am_cv_lib_iconv" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5 -$as_echo_n "checking how to link with libiconv... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5 -$as_echo "$LIBICONV" >&6; } - else - CPPFLAGS="$am_save_CPPFLAGS" - LIBICONV= - LTLIBICONV= - fi +ac_fn_c_check_decl "$LINENO" "DM_UDEV_DISABLE_DISK_RULES_FLAG" "ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" "#include +" +if test "x$ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_DM_UDEV_DISABLE_DISK_RULES_FLAG $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + have_cookie=yes +else + have_cookie=no +fi +if test "x$enable_udev" = xyes; then + if test "x$have_cookie" = xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: The device-mapper library on your system has no udev support, udev support disabled." >&5 +$as_echo "$as_me: WARNING: The device-mapper library on your system has no udev support, udev support disabled." >&2;} + else +$as_echo "#define USE_UDEV 1" >>confdefs.h + fi +fi +LIBS=$saved_LIBS +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for json-c" >&5 +$as_echo_n "checking for json-c... " >&6; } - use_additional=yes +if test -n "$JSON_C_CFLAGS"; then + pkg_cv_JSON_C_CFLAGS="$JSON_C_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json-c\""; } >&5 + ($PKG_CONFIG --exists --print-errors "json-c") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_JSON_C_CFLAGS=`$PKG_CONFIG --cflags "json-c" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$JSON_C_LIBS"; then + pkg_cv_JSON_C_LIBS="$JSON_C_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json-c\""; } >&5 + ($PKG_CONFIG --exists --print-errors "json-c") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_JSON_C_LIBS=`$PKG_CONFIG --libs "json-c" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + JSON_C_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "json-c" 2>&1` + else + JSON_C_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "json-c" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$JSON_C_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (json-c) were not met: + +$JSON_C_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables JSON_C_CFLAGS +and JSON_C_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables JSON_C_CFLAGS +and JSON_C_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + JSON_C_CFLAGS=$pkg_cv_JSON_C_CFLAGS + JSON_C_LIBS=$pkg_cv_JSON_C_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi +ac_fn_c_check_decl "$LINENO" "json_object_object_add_ex" "ac_cv_have_decl_json_object_object_add_ex" "#include +" +if test "x$ac_cv_have_decl_json_object_object_add_ex" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_JSON_OBJECT_OBJECT_ADD_EX $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "json_object_deep_copy" "ac_cv_have_decl_json_object_deep_copy" "#include +" +if test "x$ac_cv_have_decl_json_object_deep_copy" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_JSON_OBJECT_DEEP_COPY $ac_have_decl +_ACEOF + -# Check whether --with-libintl-prefix was given. -if test "${with_libintl_prefix+set}" = set; then : - withval=$with_libintl_prefix; - if test "X$withval" = "Xno"; then - use_additional=no - else - if test "X$withval" = "X"; then +# Check whether --with-crypto_backend was given. +if test "${with_crypto_backend+set}" = set; then : + withval=$with_crypto_backend; +else + with_crypto_backend=openssl +fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" +# Check whether --enable-kernel_crypto was given. +if test "${enable_kernel_crypto+set}" = set; then : + enableval=$enable_kernel_crypto; +else + enable_kernel_crypto=yes +fi - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - else - additional_includedir="$withval/include" - additional_libdir="$withval/$acl_libdirstem" - fi - fi +if test "x$enable_kernel_crypto" = "xyes"; then + for ac_header in linux/if_alg.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "linux/if_alg.h" "ac_cv_header_linux_if_alg_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_if_alg_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_IF_ALG_H 1 +_ACEOF +else + as_fn_error $? "You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)" "$LINENO" 5 fi - LIBINTL= - LTLIBINTL= - INCINTL= - rpathdirs= - ltrpathdirs= - names_already_handled= - names_next_round='intl ' - while test -n "$names_next_round"; do - names_this_round="$names_next_round" - names_next_round= - for name in $names_this_round; do - already_handled= - for n in $names_already_handled; do - if test "$n" = "$name"; then - already_handled=yes - break - fi - done - if test -z "$already_handled"; then - names_already_handled="$names_already_handled $name" - uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` - eval value=\"\$HAVE_LIB$uppername\" - if test -n "$value"; then - if test "$value" = yes; then - eval value=\"\$LIB$uppername\" - test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value" - eval value=\"\$LTLIB$uppername\" - test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value" - else - : - fi - else - found_dir= - found_la= - found_so= - found_a= - if test $use_additional = yes; then - if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then - found_dir="$additional_libdir" - found_so="$additional_libdir/lib$name.$shlibext" - if test -f "$additional_libdir/lib$name.la"; then - found_la="$additional_libdir/lib$name.la" - fi - else - if test -f "$additional_libdir/lib$name.$libext"; then - found_dir="$additional_libdir" - found_a="$additional_libdir/lib$name.$libext" - if test -f "$additional_libdir/lib$name.la"; then - found_la="$additional_libdir/lib$name.la" - fi - fi - fi - fi - if test "X$found_dir" = "X"; then - for x in $LDFLAGS $LTLIBINTL; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +done - case "$x" in - -L*) - dir=`echo "X$x" | sed -e 's/^X-L//'` - if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then - found_dir="$dir" - found_so="$dir/lib$name.$shlibext" - if test -f "$dir/lib$name.la"; then - found_la="$dir/lib$name.la" - fi - else - if test -f "$dir/lib$name.$libext"; then - found_dir="$dir" - found_a="$dir/lib$name.$libext" - if test -f "$dir/lib$name.la"; then - found_la="$dir/lib$name.la" - fi - fi - fi - ;; - esac - if test "X$found_dir" != "X"; then - break - fi - done - fi - if test "X$found_dir" != "X"; then - LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name" - if test "X$found_so" != "X"; then - if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then - LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" - else - haveit= - for x in $ltrpathdirs; do - if test "X$x" = "X$found_dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - ltrpathdirs="$ltrpathdirs $found_dir" - fi - if test "$hardcode_direct" = yes; then - LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" - else - if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then - LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" - haveit= - for x in $rpathdirs; do - if test "X$x" = "X$found_dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - rpathdirs="$rpathdirs $found_dir" - fi - else - haveit= - for x in $LDFLAGS $LIBINTL; do - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +$as_echo "#define ENABLE_AF_ALG 1" >>confdefs.h - if test "X$x" = "X-L$found_dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir" - fi - if test "$hardcode_minus_L" != no; then - LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" - else - LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" - fi - fi - fi - fi - else - if test "X$found_a" != "X"; then - LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a" - else - LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name" - fi - fi - additional_includedir= - case "$found_dir" in - */$acl_libdirstem | */$acl_libdirstem/) - basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` - additional_includedir="$basedir/include" - ;; - esac - if test "X$additional_includedir" != "X"; then - if test "X$additional_includedir" != "X/usr/include"; then - haveit= - if test "X$additional_includedir" = "X/usr/local/include"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - for x in $CPPFLAGS $INCINTL; do +fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +case $with_crypto_backend in + gcrypt) + if test "x$enable_fips" = "xyes"; then + GCRYPT_REQ_VERSION=1.4.5 + else + GCRYPT_REQ_VERSION=1.1.42 + fi - if test "X$x" = "X-I$additional_includedir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_includedir"; then - INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir" - fi - fi - fi - fi - fi - if test -n "$found_la"; then - save_libdir="$libdir" - case "$found_la" in - */* | *\\*) . "$found_la" ;; - *) . "./$found_la" ;; - esac - libdir="$save_libdir" - for dep in $dependency_libs; do - case "$dep" in - -L*) - additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` - if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then - haveit= - if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - haveit= - for x in $LDFLAGS $LIBINTL; do - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" + # Check whether --enable-gcrypt-pbkdf2 was given. +if test "${enable_gcrypt_pbkdf2+set}" = set; then : + enableval=$enable_gcrypt_pbkdf2; if test "x$enableval" = "xyes"; then + use_internal_pbkdf2=0 + else + use_internal_pbkdf2=1 + fi +else - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir" - fi - fi - haveit= - for x in $LDFLAGS $LTLIBINTL; do - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" +# Check whether --with-libgcrypt-prefix was given. +if test "${with_libgcrypt_prefix+set}" = set; then : + withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval" +else + libgcrypt_config_prefix="" +fi - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir" - fi - fi - fi - fi - ;; - -R*) - dir=`echo "X$dep" | sed -e 's/^X-R//'` - if test "$enable_rpath" != no; then - haveit= - for x in $rpathdirs; do - if test "X$x" = "X$dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - rpathdirs="$rpathdirs $dir" - fi - haveit= - for x in $ltrpathdirs; do - if test "X$x" = "X$dir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - ltrpathdirs="$ltrpathdirs $dir" - fi - fi - ;; - -l*) - names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` - ;; - *.la) - names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` - ;; - *) - LIBINTL="${LIBINTL}${LIBINTL:+ }$dep" - LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep" - ;; - esac - done - fi - else - LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" - LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name" - fi - fi - fi - done - done - if test "X$rpathdirs" != "X"; then - if test -n "$hardcode_libdir_separator"; then - alldirs= - for found_dir in $rpathdirs; do - alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" - done - acl_save_libdir="$libdir" - libdir="$alldirs" - eval flag=\"$hardcode_libdir_flag_spec\" - libdir="$acl_save_libdir" - LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" - else - for found_dir in $rpathdirs; do - acl_save_libdir="$libdir" - libdir="$found_dir" - eval flag=\"$hardcode_libdir_flag_spec\" - libdir="$acl_save_libdir" - LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" - done - fi - fi - if test "X$ltrpathdirs" != "X"; then - for found_dir in $ltrpathdirs; do - LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir" - done + if test x"${LIBGCRYPT_CONFIG}" = x ; then + if test x"${libgcrypt_config_prefix}" != x ; then + LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5 -$as_echo_n "checking for GNU gettext in libintl... " >&6; } -if ${gt_cv_func_gnugettext2_libintl+:} false; then : + use_gpgrt_config="" + if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then + if $GPGRT_CONFIG libgcrypt --exists; then + LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt" + { $as_echo "$as_me:${as_lineno-$LINENO}: Use gpgrt-config as libgcrypt-config" >&5 +$as_echo "$as_me: Use gpgrt-config as libgcrypt-config" >&6;} + use_gpgrt_config=yes + fi + fi + if test -z "$use_gpgrt_config"; then + if test x"${LIBGCRYPT_CONFIG}" = x ; then + case "${SYSROOT}" in + /*) + if test -x "${SYSROOT}/bin/libgcrypt-config" ; then + LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" + fi + ;; + '') + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&5 +$as_echo "$as_me: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&2;} + ;; + esac + fi + # Extract the first word of "libgcrypt-config", so it can be a program name with args. +set dummy libgcrypt-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_LIBGCRYPT_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - gt_save_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $INCINTL" - gt_save_LIBS="$LIBS" - LIBS="$LIBS $LIBINTL" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -extern int _nl_msg_cat_cntr; -extern -#ifdef __cplusplus -"C" -#endif -const char *_nl_expand_alias (const char *); -int -main () -{ -bindtextdomain ("", ""); -return * gettext ("") + * ngettext ("", "", 0) + _nl_msg_cat_cntr + *_nl_expand_alias ("") - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - gt_cv_func_gnugettext2_libintl=yes + case $LIBGCRYPT_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_LIBGCRYPT_CONFIG" && ac_cv_path_LIBGCRYPT_CONFIG="no" + ;; +esac +fi +LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG +if test -n "$LIBGCRYPT_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT_CONFIG" >&5 +$as_echo "$LIBGCRYPT_CONFIG" >&6; } else - gt_cv_func_gnugettext2_libintl=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - if test "$gt_cv_func_gnugettext2_libintl" != yes && test -n "$LIBICONV"; then - LIBS="$LIBS $LIBICONV" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -extern int _nl_msg_cat_cntr; -extern -#ifdef __cplusplus -"C" -#endif -const char *_nl_expand_alias (const char *); -int -main () -{ -bindtextdomain ("", ""); -return * gettext ("") + * ngettext ("", "", 0) + _nl_msg_cat_cntr + *_nl_expand_alias ("") - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - LIBINTL="$LIBINTL $LIBICONV" - LTLIBINTL="$LTLIBINTL $LTLIBICONV" - gt_cv_func_gnugettext2_libintl=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext + + fi + + tmp=1.6.1 + if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then + req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` + min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` + else + req_libgcrypt_api=0 + min_libgcrypt_version="$tmp" + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5 +$as_echo_n "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; } + ok=no + if test "$LIBGCRYPT_CONFIG" != "no" ; then + req_major=`echo $min_libgcrypt_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'` + req_minor=`echo $min_libgcrypt_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'` + req_micro=`echo $min_libgcrypt_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + else + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion` + fi + major=`echo $libgcrypt_config_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'` + minor=`echo $libgcrypt_config_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'` + micro=`echo $libgcrypt_config_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then + ok=yes + else + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then + ok=yes + fi + fi fi - CPPFLAGS="$gt_save_CPPFLAGS" - LIBS="$gt_save_LIBS" -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_gnugettext2_libintl" >&5 -$as_echo "$gt_cv_func_gnugettext2_libintl" >&6; } fi + fi + fi + if test $ok = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($libgcrypt_config_version)" >&5 +$as_echo "yes ($libgcrypt_config_version)" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + if test $ok = yes; then + # If we have a recent libgcrypt, we should also check that the + # API is compatible + if test "$req_libgcrypt_api" -gt 0 ; then + if test -z "$use_gpgrt_config"; then + tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + else + tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0` + fi + if test "$tmp" -gt 0 ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking LIBGCRYPT API version" >&5 +$as_echo_n "checking LIBGCRYPT API version... " >&6; } + if test "$req_libgcrypt_api" -eq "$tmp" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5 +$as_echo "okay" >&6; } + else + ok=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5 +$as_echo "does not match. want=$req_libgcrypt_api got=$tmp" >&6; } + fi + fi + fi + fi + if test $ok = yes; then + LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` + LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` + use_internal_pbkdf2=0 + if test -z "$use_gpgrt_config"; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + else + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none` + fi + if test x"$libgcrypt_config_host" != xnone ; then + if test x"$libgcrypt_config_host" != x"$host" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** The config script \"$LIBGCRYPT_CONFIG\" was +*** built for $libgcrypt_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libgcrypt-prefix +*** to specify a matching config script or use \$SYSROOT. +***" >&5 +$as_echo "$as_me: WARNING: +*** +*** The config script \"$LIBGCRYPT_CONFIG\" was +*** built for $libgcrypt_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libgcrypt-prefix +*** to specify a matching config script or use \$SYSROOT. +***" >&2;} + gpg_config_script_warn="$gpg_config_script_warn libgcrypt" + fi + fi + else + LIBGCRYPT_CFLAGS="" + LIBGCRYPT_LIBS="" + use_internal_pbkdf2=1 + fi - if test "$gt_cv_func_gnugettext2_libc" = "yes" \ - || { test "$gt_cv_func_gnugettext2_libintl" = "yes" \ - && test "$PACKAGE" != gettext-runtime \ - && test "$PACKAGE" != gettext-tools; }; then - gt_use_preinstalled_gnugettext=yes - else - LIBINTL= - LTLIBINTL= - INCINTL= - fi +fi - if test -n "$INTL_MACOSX_LIBS"; then - if test "$gt_use_preinstalled_gnugettext" = "yes" \ - || test "$nls_cv_use_gnu_gettext" = "yes"; then - LIBINTL="$LIBINTL $INTL_MACOSX_LIBS" - LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS" - fi - fi - if test "$gt_use_preinstalled_gnugettext" = "yes" \ - || test "$nls_cv_use_gnu_gettext" = "yes"; then -$as_echo "#define ENABLE_NLS 1" >>confdefs.h +# Check whether --with-libgcrypt-prefix was given. +if test "${with_libgcrypt_prefix+set}" = set; then : + withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval" +else + libgcrypt_config_prefix="" +fi - else - USE_NLS=no - fi + if test x"${LIBGCRYPT_CONFIG}" = x ; then + if test x"${libgcrypt_config_prefix}" != x ; then + LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5 -$as_echo_n "checking whether to use NLS... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 -$as_echo "$USE_NLS" >&6; } - if test "$USE_NLS" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5 -$as_echo_n "checking where the gettext function comes from... " >&6; } - if test "$gt_use_preinstalled_gnugettext" = "yes"; then - if test "$gt_cv_func_gnugettext2_libintl" = "yes"; then - gt_source="external libintl" - else - gt_source="libc" - fi - else - gt_source="included intl directory" + use_gpgrt_config="" + if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then + if $GPGRT_CONFIG libgcrypt --exists; then + LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt" + { $as_echo "$as_me:${as_lineno-$LINENO}: Use gpgrt-config as libgcrypt-config" >&5 +$as_echo "$as_me: Use gpgrt-config as libgcrypt-config" >&6;} + use_gpgrt_config=yes fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5 -$as_echo "$gt_source" >&6; } fi - - if test "$USE_NLS" = "yes"; then - - if test "$gt_use_preinstalled_gnugettext" = "yes"; then - if test "$gt_cv_func_gnugettext2_libintl" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5 -$as_echo_n "checking how to link with libintl... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5 -$as_echo "$LIBINTL" >&6; } - - for element in $INCINTL; do - haveit= - for x in $CPPFLAGS; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X$element"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + if test -z "$use_gpgrt_config"; then + if test x"${LIBGCRYPT_CONFIG}" = x ; then + case "${SYSROOT}" in + /*) + if test -x "${SYSROOT}/bin/libgcrypt-config" ; then + LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" + fi + ;; + '') + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&5 +$as_echo "$as_me: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&2;} + ;; + esac fi + # Extract the first word of "libgcrypt-config", so it can be a program name with args. +set dummy libgcrypt-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_LIBGCRYPT_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $LIBGCRYPT_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done done +IFS=$as_save_IFS - fi - + test -z "$ac_cv_path_LIBGCRYPT_CONFIG" && ac_cv_path_LIBGCRYPT_CONFIG="no" + ;; +esac +fi +LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG +if test -n "$LIBGCRYPT_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT_CONFIG" >&5 +$as_echo "$LIBGCRYPT_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi -$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h + fi -$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h + tmp=$GCRYPT_REQ_VERSION + if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then + req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` + min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` + else + req_libgcrypt_api=0 + min_libgcrypt_version="$tmp" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5 +$as_echo_n "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; } + ok=no + if test "$LIBGCRYPT_CONFIG" != "no" ; then + req_major=`echo $min_libgcrypt_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'` + req_minor=`echo $min_libgcrypt_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'` + req_micro=`echo $min_libgcrypt_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'` + if test -z "$use_gpgrt_config"; then + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + else + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion` + fi + major=`echo $libgcrypt_config_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'` + minor=`echo $libgcrypt_config_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'` + micro=`echo $libgcrypt_config_version | \ + sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then + ok=yes + else + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then + ok=yes + fi + fi + fi + fi fi - - POSUB=po + fi + if test $ok = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($libgcrypt_config_version)" >&5 +$as_echo "yes ($libgcrypt_config_version)" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + if test $ok = yes; then + # If we have a recent libgcrypt, we should also check that the + # API is compatible + if test "$req_libgcrypt_api" -gt 0 ; then + if test -z "$use_gpgrt_config"; then + tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + else + tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0` + fi + if test "$tmp" -gt 0 ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking LIBGCRYPT API version" >&5 +$as_echo_n "checking LIBGCRYPT API version... " >&6; } + if test "$req_libgcrypt_api" -eq "$tmp" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5 +$as_echo "okay" >&6; } + else + ok=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5 +$as_echo "does not match. want=$req_libgcrypt_api got=$tmp" >&6; } + fi + fi + fi + fi + if test $ok = yes; then + LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` + LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` + : + if test -z "$use_gpgrt_config"; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + else + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none` + fi + if test x"$libgcrypt_config_host" != xnone ; then + if test x"$libgcrypt_config_host" != x"$host" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** The config script \"$LIBGCRYPT_CONFIG\" was +*** built for $libgcrypt_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libgcrypt-prefix +*** to specify a matching config script or use \$SYSROOT. +***" >&5 +$as_echo "$as_me: WARNING: +*** +*** The config script \"$LIBGCRYPT_CONFIG\" was +*** built for $libgcrypt_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libgcrypt-prefix +*** to specify a matching config script or use \$SYSROOT. +***" >&2;} + gpg_config_script_warn="$gpg_config_script_warn libgcrypt" + fi + fi + else + LIBGCRYPT_CFLAGS="" + LIBGCRYPT_LIBS="" + as_fn_error $? "You need the gcrypt library." "$LINENO" 5 fi - INTLLIBS="$LIBINTL" - - + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if internal cryptsetup PBKDF2 is compiled-in" >&5 +$as_echo_n "checking if internal cryptsetup PBKDF2 is compiled-in... " >&6; } + if test $use_internal_pbkdf2 = 0; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + if test "x$enable_fips" = "xyes"; then + as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 + fi + fi + ac_fn_c_check_decl "$LINENO" "GCRY_CIPHER_MODE_XTS" "ac_cv_have_decl_GCRY_CIPHER_MODE_XTS" "#include +" +if test "x$ac_cv_have_decl_GCRY_CIPHER_MODE_XTS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GCRY_CIPHER_MODE_XTS $ac_have_decl +_ACEOF -saved_LIBS=$LIBS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for poptConfigFileToString in -lpopt" >&5 -$as_echo_n "checking for poptConfigFileToString in -lpopt... " >&6; } -if ${ac_cv_lib_popt_poptConfigFileToString+:} false; then : + if test "x$enable_static_cryptsetup" = "xyes"; then + saved_LIBS=$LIBS + LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcry_check_version in -lgcrypt" >&5 +$as_echo_n "checking for gcry_check_version in -lgcrypt... " >&6; } +if ${ac_cv_lib_gcrypt_gcry_check_version+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lpopt $LIBS" +LIBS="-lgcrypt -lgpg-error $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15679,88 +18416,67 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char poptConfigFileToString (); +char gcry_check_version (); int main () { -return poptConfigFileToString (); +return gcry_check_version (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_popt_poptConfigFileToString=yes + ac_cv_lib_gcrypt_gcry_check_version=yes else - ac_cv_lib_popt_poptConfigFileToString=no + ac_cv_lib_gcrypt_gcry_check_version=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_popt_poptConfigFileToString" >&5 -$as_echo "$ac_cv_lib_popt_poptConfigFileToString" >&6; } -if test "x$ac_cv_lib_popt_poptConfigFileToString" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcrypt_gcry_check_version" >&5 +$as_echo "$ac_cv_lib_gcrypt_gcry_check_version" >&6; } +if test "x$ac_cv_lib_gcrypt_gcry_check_version" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_LIBPOPT 1 +#define HAVE_LIBGCRYPT 1 _ACEOF - LIBS="-lpopt $LIBS" - -else - as_fn_error $? "You need popt 1.7 or newer to compile." "$LINENO" 5 -fi - -POPT_LIBS=$LIBS - -LIBS=$saved_LIBS + LIBS="-lgcrypt $LIBS" -# Check whether --enable-fips was given. -if test "${enable_fips+set}" = set; then : - enableval=$enable_fips; with_fips=$enableval else - with_fips=no -fi - - -if test "x$with_fips" = "xyes"; then - -$as_echo "#define ENABLE_FIPS 1" >>confdefs.h - - - if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then - as_fn_error $? "Static build is not compatible with FIPS." "$LINENO" 5 - fi + as_fn_error $? "Cannot find static gcrypt library." "$LINENO" 5 fi + LIBGCRYPT_STATIC_LIBS="$LIBGCRYPT_LIBS -lgpg-error" + LIBS=$saved_LIBS + fi + CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS + CRYPTO_LIBS=$LIBGCRYPT_LIBS + CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS -# Check whether --enable-pwquality was given. -if test "${enable_pwquality+set}" = set; then : - enableval=$enable_pwquality; with_pwquality=$enableval -else - with_pwquality=no -fi - - -if test "x$with_pwquality" = "xyes"; then -$as_echo "#define ENABLE_PWQUALITY 1" >>confdefs.h +cat >>confdefs.h <<_ACEOF +#define GCRYPT_REQ_VERSION "$GCRYPT_REQ_VERSION" +_ACEOF + ;; + openssl) pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PWQUALITY" >&5 -$as_echo_n "checking for PWQUALITY... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl >= 0.9.8" >&5 +$as_echo_n "checking for openssl >= 0.9.8... " >&6; } -if test -n "$PWQUALITY_CFLAGS"; then - pkg_cv_PWQUALITY_CFLAGS="$PWQUALITY_CFLAGS" +if test -n "$OPENSSL_CFLAGS"; then + pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"pwquality >= 1.0.0\""; } >&5 - ($PKG_CONFIG --exists --print-errors "pwquality >= 1.0.0") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5 + ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_PWQUALITY_CFLAGS=`$PKG_CONFIG --cflags "pwquality >= 1.0.0" 2>/dev/null` + pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 0.9.8" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -15768,16 +18484,16 @@ fi else pkg_failed=untried fi -if test -n "$PWQUALITY_LIBS"; then - pkg_cv_PWQUALITY_LIBS="$PWQUALITY_LIBS" +if test -n "$OPENSSL_LIBS"; then + pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"pwquality >= 1.0.0\""; } >&5 - ($PKG_CONFIG --exists --print-errors "pwquality >= 1.0.0") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5 + ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_PWQUALITY_LIBS=`$PKG_CONFIG --libs "pwquality >= 1.0.0" 2>/dev/null` + pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl >= 0.9.8" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -15789,7 +18505,7 @@ fi if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -15798,122 +18514,150 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - PWQUALITY_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "pwquality >= 1.0.0" 2>&1` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 0.9.8" 2>&1` else - PWQUALITY_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "pwquality >= 1.0.0" 2>&1` + OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 0.9.8" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$PWQUALITY_PKG_ERRORS" >&5 + echo "$OPENSSL_PKG_ERRORS" >&5 - as_fn_error $? "You need pwquality library." "$LINENO" 5 + as_fn_error $? "You need openssl library." "$LINENO" 5 elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "You need pwquality library." "$LINENO" 5 + as_fn_error $? "You need openssl library." "$LINENO" 5 else - PWQUALITY_CFLAGS=$pkg_cv_PWQUALITY_CFLAGS - PWQUALITY_LIBS=$pkg_cv_PWQUALITY_LIBS + OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS + OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi + CRYPTO_CFLAGS=$OPENSSL_CFLAGS + CRYPTO_LIBS=$OPENSSL_LIBS + use_internal_pbkdf2=0 - PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz" -fi - - - - - - - - - - - + if test "x$enable_static_cryptsetup" = "xyes"; then + saved_PKG_CONFIG=$PKG_CONFIG + PKG_CONFIG="$PKG_CONFIG --static" -saved_LIBS=$LIBS +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl" >&5 +$as_echo_n "checking for openssl... " >&6; } -# Check whether --enable-static-cryptsetup was given. -if test "${enable_static_cryptsetup+set}" = set; then : - enableval=$enable_static_cryptsetup; +if test -n "$OPENSSL_STATIC_CFLAGS"; then + pkg_cv_OPENSSL_STATIC_CFLAGS="$OPENSSL_STATIC_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_OPENSSL_STATIC_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes fi - -if test x$enable_static_cryptsetup = xyes; then - if test x$enable_static = xno; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Requested static cryptsetup build, enabling static library." >&5 -$as_echo "$as_me: WARNING: Requested static cryptsetup build, enabling static library." >&2;} - enable_static=yes - fi + else + pkg_failed=untried fi - if test x$enable_static_cryptsetup = xyes; then - STATIC_TOOLS_TRUE= - STATIC_TOOLS_FALSE='#' +if test -n "$OPENSSL_STATIC_LIBS"; then + pkg_cv_OPENSSL_STATIC_LIBS="$OPENSSL_STATIC_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_OPENSSL_STATIC_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - STATIC_TOOLS_TRUE='#' - STATIC_TOOLS_FALSE= + pkg_failed=yes fi - - -# Check whether --enable-veritysetup was given. -if test "${enable_veritysetup+set}" = set; then : - enableval=$enable_veritysetup; -else - enable_veritysetup=yes + else + pkg_failed=untried fi - if test x$enable_veritysetup = xyes; then - VERITYSETUP_TRUE= - VERITYSETUP_FALSE='#' -else - VERITYSETUP_TRUE='#' - VERITYSETUP_FALSE= -fi -# Check whether --enable-cryptsetup-reencrypt was given. -if test "${enable_cryptsetup_reencrypt+set}" = set; then : - enableval=$enable_cryptsetup_reencrypt; -fi +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } - if test x$enable_cryptsetup_reencrypt = xyes; then - REENCRYPT_TRUE= - REENCRYPT_FALSE='#' +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes else - REENCRYPT_TRUE='#' - REENCRYPT_FALSE= + _pkg_short_errors_supported=no fi + if test $_pkg_short_errors_supported = yes; then + OPENSSL_STATIC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl" 2>&1` + else + OPENSSL_STATIC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$OPENSSL_STATIC_PKG_ERRORS" >&5 + as_fn_error $? "Package requirements (openssl) were not met: -# Check whether --enable-selinux was given. -if test "${enable_selinux+set}" = set; then : - enableval=$enable_selinux; -fi +$OPENSSL_STATIC_PKG_ERRORS +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. -# Check whether --enable-udev was given. -if test "${enable_udev+set}" = set; then : - enableval=$enable_udev; +Alternatively, you may set the environment variables OPENSSL_STATIC_CFLAGS +and OPENSSL_STATIC_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables OPENSSL_STATIC_CFLAGS +and OPENSSL_STATIC_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } else - enable_udev=yes + OPENSSL_STATIC_CFLAGS=$pkg_cv_OPENSSL_STATIC_CFLAGS + OPENSSL_STATIC_LIBS=$pkg_cv_OPENSSL_STATIC_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS + PKG_CONFIG=$saved_PKG_CONFIG + fi + ;; + nss) + if test "x$enable_static_cryptsetup" = "xyes"; then + as_fn_error $? "Static build of cryptsetup is not supported with NSS." "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: NSS backend does NOT provide backward compatibility (missing ripemd160 hash)." >&5 +$as_echo "$as_me: WARNING: NSS backend does NOT provide backward compatibility (missing ripemd160 hash)." >&2;} pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for DEVMAPPER" >&5 -$as_echo_n "checking for DEVMAPPER... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss" >&5 +$as_echo_n "checking for nss... " >&6; } -if test -n "$DEVMAPPER_CFLAGS"; then - pkg_cv_DEVMAPPER_CFLAGS="$DEVMAPPER_CFLAGS" +if test -n "$NSS_CFLAGS"; then + pkg_cv_NSS_CFLAGS="$NSS_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.03\""; } >&5 - ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.03") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 + ($PKG_CONFIG --exists --print-errors "nss") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_DEVMAPPER_CFLAGS=`$PKG_CONFIG --cflags "devmapper >= 1.02.03" 2>/dev/null` + pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -15921,16 +18665,16 @@ fi else pkg_failed=untried fi -if test -n "$DEVMAPPER_LIBS"; then - pkg_cv_DEVMAPPER_LIBS="$DEVMAPPER_LIBS" +if test -n "$NSS_LIBS"; then + pkg_cv_NSS_LIBS="$NSS_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.03\""; } >&5 - ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.03") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 + ($PKG_CONFIG --exists --print-errors "nss") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_DEVMAPPER_LIBS=`$PKG_CONFIG --libs "devmapper >= 1.02.03" 2>/dev/null` + pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -15942,7 +18686,7 @@ fi if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -15951,292 +18695,52 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - DEVMAPPER_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "devmapper >= 1.02.03" 2>&1` + NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "nss" 2>&1` else - DEVMAPPER_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "devmapper >= 1.02.03" 2>&1` + NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "nss" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$DEVMAPPER_PKG_ERRORS" >&5 - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_name in -ldevmapper" >&5 -$as_echo_n "checking for dm_task_set_name in -ldevmapper... " >&6; } -if ${ac_cv_lib_devmapper_dm_task_set_name+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldevmapper $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dm_task_set_name (); -int -main () -{ -return dm_task_set_name (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_devmapper_dm_task_set_name=yes -else - ac_cv_lib_devmapper_dm_task_set_name=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_name" >&5 -$as_echo "$ac_cv_lib_devmapper_dm_task_set_name" >&6; } -if test "x$ac_cv_lib_devmapper_dm_task_set_name" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDEVMAPPER 1 -_ACEOF - - LIBS="-ldevmapper $LIBS" - -else - as_fn_error $? "You need the device-mapper library." "$LINENO" 5 -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_message in -ldevmapper" >&5 -$as_echo_n "checking for dm_task_set_message in -ldevmapper... " >&6; } -if ${ac_cv_lib_devmapper_dm_task_set_message+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldevmapper $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dm_task_set_message (); -int -main () -{ -return dm_task_set_message (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_devmapper_dm_task_set_message=yes -else - ac_cv_lib_devmapper_dm_task_set_message=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_message" >&5 -$as_echo "$ac_cv_lib_devmapper_dm_task_set_message" >&6; } -if test "x$ac_cv_lib_devmapper_dm_task_set_message" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDEVMAPPER 1 -_ACEOF - - LIBS="-ldevmapper $LIBS" - -else - as_fn_error $? "The device-mapper library on your system is too old." "$LINENO" 5 -fi - - DEVMAPPER_LIBS=$LIBS + echo "$NSS_PKG_ERRORS" >&5 + as_fn_error $? "You need nss library." "$LINENO" 5 elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_name in -ldevmapper" >&5 -$as_echo_n "checking for dm_task_set_name in -ldevmapper... " >&6; } -if ${ac_cv_lib_devmapper_dm_task_set_name+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldevmapper $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dm_task_set_name (); -int -main () -{ -return dm_task_set_name (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_devmapper_dm_task_set_name=yes -else - ac_cv_lib_devmapper_dm_task_set_name=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_name" >&5 -$as_echo "$ac_cv_lib_devmapper_dm_task_set_name" >&6; } -if test "x$ac_cv_lib_devmapper_dm_task_set_name" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDEVMAPPER 1 -_ACEOF - - LIBS="-ldevmapper $LIBS" - -else - as_fn_error $? "You need the device-mapper library." "$LINENO" 5 -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_message in -ldevmapper" >&5 -$as_echo_n "checking for dm_task_set_message in -ldevmapper... " >&6; } -if ${ac_cv_lib_devmapper_dm_task_set_message+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldevmapper $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dm_task_set_message (); -int -main () -{ -return dm_task_set_message (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_devmapper_dm_task_set_message=yes -else - ac_cv_lib_devmapper_dm_task_set_message=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_message" >&5 -$as_echo "$ac_cv_lib_devmapper_dm_task_set_message" >&6; } -if test "x$ac_cv_lib_devmapper_dm_task_set_message" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDEVMAPPER 1 -_ACEOF - - LIBS="-ldevmapper $LIBS" - -else - as_fn_error $? "The device-mapper library on your system is too old." "$LINENO" 5 -fi - - DEVMAPPER_LIBS=$LIBS - + as_fn_error $? "You need nss library." "$LINENO" 5 else - DEVMAPPER_CFLAGS=$pkg_cv_DEVMAPPER_CFLAGS - DEVMAPPER_LIBS=$pkg_cv_DEVMAPPER_LIBS + NSS_CFLAGS=$pkg_cv_NSS_CFLAGS + NSS_LIBS=$pkg_cv_NSS_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -fi -LIBS=$saved_LIBS - -LIBS="$LIBS $DEVMAPPER_LIBS" -ac_fn_c_check_decl "$LINENO" "dm_task_secure_data" "ac_cv_have_decl_dm_task_secure_data" "#include -" -if test "x$ac_cv_have_decl_dm_task_secure_data" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_DM_TASK_SECURE_DATA $ac_have_decl -_ACEOF - -ac_fn_c_check_decl "$LINENO" "dm_task_retry_remove" "ac_cv_have_decl_dm_task_retry_remove" "#include -" -if test "x$ac_cv_have_decl_dm_task_retry_remove" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_DM_TASK_RETRY_REMOVE $ac_have_decl -_ACEOF - -ac_fn_c_check_decl "$LINENO" "DM_UDEV_DISABLE_DISK_RULES_FLAG" "ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" "#include +fi + + saved_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS $NSS_CFLAGS" + ac_fn_c_check_decl "$LINENO" "NSS_GetVersion" "ac_cv_have_decl_NSS_GetVersion" "#include " -if test "x$ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" = xyes; then : +if test "x$ac_cv_have_decl_NSS_GetVersion" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_DM_UDEV_DISABLE_DISK_RULES_FLAG $ac_have_decl +#define HAVE_DECL_NSS_GETVERSION $ac_have_decl _ACEOF -if test $ac_have_decl = 1; then : - have_cookie=yes -else - have_cookie=no -fi -if test "x$enable_udev" = xyes; then - if test "x$have_cookie" = xno; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: The device-mapper library on your system has no udev support, udev support disabled." >&5 -$as_echo "$as_me: WARNING: The device-mapper library on your system has no udev support, udev support disabled." >&2;} - else + CFLAGS=$saved_CFLAGS -$as_echo "#define USE_UDEV 1" >>confdefs.h + CRYPTO_CFLAGS=$NSS_CFLAGS + CRYPTO_LIBS=$NSS_LIBS + use_internal_pbkdf2=1 + if test "x$enable_fips" = "xyes"; then + as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 fi -fi -LIBS=$saved_LIBS - - -# Check whether --with-crypto_backend was given. -if test "${with_crypto_backend+set}" = set; then : - withval=$with_crypto_backend; -else - with_crypto_backend=gcrypt - -fi - - -# Check whether --enable-kernel_crypto was given. -if test "${enable_kernel_crypto+set}" = set; then : - enableval=$enable_kernel_crypto; with_kernel_crypto=$enableval -else - with_kernel_crypto=yes -fi - -if test "x$with_kernel_crypto" = "xyes"; then + ;; + kernel) for ac_header in linux/if_alg.h do : ac_fn_c_check_header_mongrel "$LINENO" "linux/if_alg.h" "ac_cv_header_linux_if_alg_h" "$ac_includes_default" @@ -16246,557 +18750,217 @@ if test "x$ac_cv_header_linux_if_alg_h" = xyes; then : _ACEOF else - as_fn_error $? "You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)" "$LINENO" 5 + as_fn_error $? "You need Linux kernel headers with userspace crypto interface." "$LINENO" 5 fi done +# AC_CHECK_DECLS([AF_ALG],, +# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], +# [#include ]) + use_internal_pbkdf2=1 -$as_echo "#define ENABLE_AF_ALG 1" >>confdefs.h - -fi - -case $with_crypto_backend in - gcrypt) - if test "x$with_fips" = "xyes"; then - GCRYPT_REQ_VERSION=1.4.5 - else - GCRYPT_REQ_VERSION=1.1.42 + if test "x$enable_fips" = "xyes"; then + as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 fi - # Check whether --enable-gcrypt-pbkdf2 was given. -if test "${enable_gcrypt_pbkdf2+set}" = set; then : - enableval=$enable_gcrypt_pbkdf2; if test "x$enableval" = "xyes"; then - use_internal_pbkdf2=0 - else - use_internal_pbkdf2=1 - fi -else - - -# Check whether --with-libgcrypt-prefix was given. -if test "${with_libgcrypt_prefix+set}" = set; then : - withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval" -else - libgcrypt_config_prefix="" -fi - if test x$libgcrypt_config_prefix != x ; then - if test x${LIBGCRYPT_CONFIG+set} != xset ; then - LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config - fi - fi - - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}libgcrypt-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}libgcrypt-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_LIBGCRYPT_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $LIBGCRYPT_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS + ;; + nettle) + for ac_header in nettle/sha.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "nettle/sha.h" "ac_cv_header_nettle_sha_h" "$ac_includes_default" +if test "x$ac_cv_header_nettle_sha_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_SHA_H 1 +_ACEOF - ;; -esac -fi -LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG -if test -n "$LIBGCRYPT_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT_CONFIG" >&5 -$as_echo "$LIBGCRYPT_CONFIG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + as_fn_error $? "You need Nettle cryptographic library." "$LINENO" 5 fi - -fi -if test -z "$ac_cv_path_LIBGCRYPT_CONFIG"; then - ac_pt_LIBGCRYPT_CONFIG=$LIBGCRYPT_CONFIG - # Extract the first word of "libgcrypt-config", so it can be a program name with args. -set dummy libgcrypt-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_LIBGCRYPT_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_LIBGCRYPT_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_LIBGCRYPT_CONFIG="$ac_pt_LIBGCRYPT_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi done - done -IFS=$as_save_IFS - ;; -esac -fi -ac_pt_LIBGCRYPT_CONFIG=$ac_cv_path_ac_pt_LIBGCRYPT_CONFIG -if test -n "$ac_pt_LIBGCRYPT_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LIBGCRYPT_CONFIG" >&5 -$as_echo "$ac_pt_LIBGCRYPT_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi + for ac_header in nettle/version.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "nettle/version.h" "ac_cv_header_nettle_version_h" "$ac_includes_default" +if test "x$ac_cv_header_nettle_version_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_VERSION_H 1 +_ACEOF - if test "x$ac_pt_LIBGCRYPT_CONFIG" = x; then - LIBGCRYPT_CONFIG="no" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - LIBGCRYPT_CONFIG=$ac_pt_LIBGCRYPT_CONFIG - fi -else - LIBGCRYPT_CONFIG="$ac_cv_path_LIBGCRYPT_CONFIG" fi - tmp=1.6.1 - if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` - min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` - else - req_libgcrypt_api=0 - min_libgcrypt_version="$tmp" - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5 -$as_echo_n "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; } - ok=no - if test "$LIBGCRYPT_CONFIG" != "no" ; then - req_major=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'` - req_minor=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'` - req_micro=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'` - libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` - major=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'` - minor=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'` - micro=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'` - if test "$major" -gt "$req_major"; then - ok=yes - else - if test "$major" -eq "$req_major"; then - if test "$minor" -gt "$req_minor"; then - ok=yes - else - if test "$minor" -eq "$req_minor"; then - if test "$micro" -ge "$req_micro"; then - ok=yes - fi - fi - fi - fi - fi - fi - if test $ok = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($libgcrypt_config_version)" >&5 -$as_echo "yes ($libgcrypt_config_version)" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - if test $ok = yes; then - # If we have a recent libgcrypt, we should also check that the - # API is compatible - if test "$req_libgcrypt_api" -gt 0 ; then - tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` - if test "$tmp" -gt 0 ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking LIBGCRYPT API version" >&5 -$as_echo_n "checking LIBGCRYPT API version... " >&6; } - if test "$req_libgcrypt_api" -eq "$tmp" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5 -$as_echo "okay" >&6; } - else - ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5 -$as_echo "does not match. want=$req_libgcrypt_api got=$tmp" >&6; } - fi - fi - fi - fi - if test $ok = yes; then - LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` - LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` - use_internal_pbkdf2=0 - libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` - if test x"$libgcrypt_config_host" != xnone ; then - if test x"$libgcrypt_config_host" != x"$host" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -*** -*** The config script $LIBGCRYPT_CONFIG was -*** built for $libgcrypt_config_host and thus may not match the -*** used host $host. -*** You may want to use the configure option --with-libgcrypt-prefix -*** to specify a matching config script. -***" >&5 -$as_echo "$as_me: WARNING: -*** -*** The config script $LIBGCRYPT_CONFIG was -*** built for $libgcrypt_config_host and thus may not match the -*** used host $host. -*** You may want to use the configure option --with-libgcrypt-prefix -*** to specify a matching config script. -***" >&2;} - fi - fi - else - LIBGCRYPT_CFLAGS="" - LIBGCRYPT_LIBS="" - use_internal_pbkdf2=1 - fi +done + saved_LIBS=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nettle_pbkdf2_hmac_sha256 in -lnettle" >&5 +$as_echo_n "checking for nettle_pbkdf2_hmac_sha256 in -lnettle... " >&6; } +if ${ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnettle $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nettle_pbkdf2_hmac_sha256 (); +int +main () +{ +return nettle_pbkdf2_hmac_sha256 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256=yes +else + ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256=no fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" >&5 +$as_echo "$ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" >&6; } +if test "x$ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNETTLE 1 +_ACEOF + LIBS="-lnettle $LIBS" - -# Check whether --with-libgcrypt-prefix was given. -if test "${with_libgcrypt_prefix+set}" = set; then : - withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval" else - libgcrypt_config_prefix="" + as_fn_error $? "You need Nettle library version 2.6 or more recent." "$LINENO" 5 fi - if test x$libgcrypt_config_prefix != x ; then - if test x${LIBGCRYPT_CONFIG+set} != xset ; then - LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config - fi - fi + CRYPTO_LIBS=$LIBS + LIBS=$saved_LIBS - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}libgcrypt-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}libgcrypt-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_LIBGCRYPT_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $LIBGCRYPT_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS + CRYPTO_STATIC_LIBS=$CRYPTO_LIBS + use_internal_pbkdf2=0 - ;; + if test "x$enable_fips" = "xyes"; then + as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 + fi + + ;; + *) as_fn_error $? "Unknown crypto backend." "$LINENO" 5 ;; esac -fi -LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG -if test -n "$LIBGCRYPT_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT_CONFIG" >&5 -$as_echo "$LIBGCRYPT_CONFIG" >&6; } + if test "$with_crypto_backend" = "gcrypt"; then + CRYPTO_BACKEND_GCRYPT_TRUE= + CRYPTO_BACKEND_GCRYPT_FALSE='#' else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + CRYPTO_BACKEND_GCRYPT_TRUE='#' + CRYPTO_BACKEND_GCRYPT_FALSE= fi - -fi -if test -z "$ac_cv_path_LIBGCRYPT_CONFIG"; then - ac_pt_LIBGCRYPT_CONFIG=$LIBGCRYPT_CONFIG - # Extract the first word of "libgcrypt-config", so it can be a program name with args. -set dummy libgcrypt-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_LIBGCRYPT_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 + if test "$with_crypto_backend" = "openssl"; then + CRYPTO_BACKEND_OPENSSL_TRUE= + CRYPTO_BACKEND_OPENSSL_FALSE='#' else - case $ac_pt_LIBGCRYPT_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_LIBGCRYPT_CONFIG="$ac_pt_LIBGCRYPT_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac + CRYPTO_BACKEND_OPENSSL_TRUE='#' + CRYPTO_BACKEND_OPENSSL_FALSE= fi -ac_pt_LIBGCRYPT_CONFIG=$ac_cv_path_ac_pt_LIBGCRYPT_CONFIG -if test -n "$ac_pt_LIBGCRYPT_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LIBGCRYPT_CONFIG" >&5 -$as_echo "$ac_pt_LIBGCRYPT_CONFIG" >&6; } + + if test "$with_crypto_backend" = "nss"; then + CRYPTO_BACKEND_NSS_TRUE= + CRYPTO_BACKEND_NSS_FALSE='#' else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + CRYPTO_BACKEND_NSS_TRUE='#' + CRYPTO_BACKEND_NSS_FALSE= fi - if test "x$ac_pt_LIBGCRYPT_CONFIG" = x; then - LIBGCRYPT_CONFIG="no" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - LIBGCRYPT_CONFIG=$ac_pt_LIBGCRYPT_CONFIG - fi + if test "$with_crypto_backend" = "kernel"; then + CRYPTO_BACKEND_KERNEL_TRUE= + CRYPTO_BACKEND_KERNEL_FALSE='#' else - LIBGCRYPT_CONFIG="$ac_cv_path_LIBGCRYPT_CONFIG" + CRYPTO_BACKEND_KERNEL_TRUE='#' + CRYPTO_BACKEND_KERNEL_FALSE= fi - tmp=$GCRYPT_REQ_VERSION - if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` - min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` - else - req_libgcrypt_api=0 - min_libgcrypt_version="$tmp" - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5 -$as_echo_n "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; } - ok=no - if test "$LIBGCRYPT_CONFIG" != "no" ; then - req_major=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'` - req_minor=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'` - req_micro=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'` - libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` - major=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'` - minor=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'` - micro=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'` - if test "$major" -gt "$req_major"; then - ok=yes - else - if test "$major" -eq "$req_major"; then - if test "$minor" -gt "$req_minor"; then - ok=yes - else - if test "$minor" -eq "$req_minor"; then - if test "$micro" -ge "$req_micro"; then - ok=yes - fi - fi - fi - fi - fi - fi - if test $ok = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($libgcrypt_config_version)" >&5 -$as_echo "yes ($libgcrypt_config_version)" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - if test $ok = yes; then - # If we have a recent libgcrypt, we should also check that the - # API is compatible - if test "$req_libgcrypt_api" -gt 0 ; then - tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` - if test "$tmp" -gt 0 ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking LIBGCRYPT API version" >&5 -$as_echo_n "checking LIBGCRYPT API version... " >&6; } - if test "$req_libgcrypt_api" -eq "$tmp" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5 -$as_echo "okay" >&6; } - else - ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5 -$as_echo "does not match. want=$req_libgcrypt_api got=$tmp" >&6; } - fi - fi - fi - fi - if test $ok = yes; then - LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` - LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` - : - libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` - if test x"$libgcrypt_config_host" != xnone ; then - if test x"$libgcrypt_config_host" != x"$host" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -*** -*** The config script $LIBGCRYPT_CONFIG was -*** built for $libgcrypt_config_host and thus may not match the -*** used host $host. -*** You may want to use the configure option --with-libgcrypt-prefix -*** to specify a matching config script. -***" >&5 -$as_echo "$as_me: WARNING: -*** -*** The config script $LIBGCRYPT_CONFIG was -*** built for $libgcrypt_config_host and thus may not match the -*** used host $host. -*** You may want to use the configure option --with-libgcrypt-prefix -*** to specify a matching config script. -***" >&2;} - fi - fi - else - LIBGCRYPT_CFLAGS="" - LIBGCRYPT_LIBS="" - as_fn_error $? "You need the gcrypt library." "$LINENO" 5 - fi - - + if test "$with_crypto_backend" = "nettle"; then + CRYPTO_BACKEND_NETTLE_TRUE= + CRYPTO_BACKEND_NETTLE_FALSE='#' +else + CRYPTO_BACKEND_NETTLE_TRUE='#' + CRYPTO_BACKEND_NETTLE_FALSE= +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if internal cryptsetup PBKDF2 is compiled-in" >&5 -$as_echo_n "checking if internal cryptsetup PBKDF2 is compiled-in... " >&6; } - if test $use_internal_pbkdf2 = 0; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + if test $use_internal_pbkdf2 = 1; then + CRYPTO_INTERNAL_PBKDF2_TRUE= + CRYPTO_INTERNAL_PBKDF2_FALSE='#' +else + CRYPTO_INTERNAL_PBKDF2_TRUE='#' + CRYPTO_INTERNAL_PBKDF2_FALSE= +fi - if test "x$with_fips" = "xyes"; then - as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 - fi - fi +cat >>confdefs.h <<_ACEOF +#define USE_INTERNAL_PBKDF2 $use_internal_pbkdf2 +_ACEOF - if test x$enable_static_cryptsetup = xyes; then - saved_LIBS=$LIBS - LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcry_check_version in -lgcrypt" >&5 -$as_echo_n "checking for gcry_check_version in -lgcrypt... " >&6; } -if ${ac_cv_lib_gcrypt_gcry_check_version+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgcrypt -lgpg-error $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gcry_check_version (); -int -main () -{ -return gcry_check_version (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_gcrypt_gcry_check_version=yes +# Check whether --enable-internal-argon2 was given. +if test "${enable_internal_argon2+set}" = set; then : + enableval=$enable_internal_argon2; else - ac_cv_lib_gcrypt_gcry_check_version=no + enable_internal_argon2=yes fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + + +# Check whether --enable-libargon2 was given. +if test "${enable_libargon2+set}" = set; then : + enableval=$enable_libargon2; fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcrypt_gcry_check_version" >&5 -$as_echo "$ac_cv_lib_gcrypt_gcry_check_version" >&6; } -if test "x$ac_cv_lib_gcrypt_gcry_check_version" = xyes; then : + + +if test "x$enable_libargon2" = "xyes" ; then + for ac_header in argon2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "argon2.h" "ac_cv_header_argon2_h" "$ac_includes_default" +if test "x$ac_cv_header_argon2_h" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_LIBGCRYPT 1 +#define HAVE_ARGON2_H 1 _ACEOF - LIBS="-lgcrypt $LIBS" - else - as_fn_error $? "Cannot find static gcrypt library." "$LINENO" 5 + as_fn_error $? "You need libargon2 development library installed." "$LINENO" 5 fi - LIBGCRYPT_STATIC_LIBS="$LIBGCRYPT_LIBS -lgpg-error" - LIBS=$saved_LIBS - fi - - CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS - CRYPTO_LIBS=$LIBGCRYPT_LIBS - CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS +done + ac_fn_c_check_decl "$LINENO" "Argon2_id" "ac_cv_have_decl_Argon2_id" "#include +" +if test "x$ac_cv_have_decl_Argon2_id" = xyes; then : -cat >>confdefs.h <<_ACEOF -#define GCRYPT_REQ_VERSION "$GCRYPT_REQ_VERSION" -_ACEOF +else + as_fn_error $? "You need more recent Argon2 library with support for Argon2id." "$LINENO" 5 +fi - ;; - openssl) pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5 -$as_echo_n "checking for OPENSSL... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libargon2" >&5 +$as_echo_n "checking for libargon2... " >&6; } -if test -n "$OPENSSL_CFLAGS"; then - pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS" +if test -n "$LIBARGON2_CFLAGS"; then + pkg_cv_LIBARGON2_CFLAGS="$LIBARGON2_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5 - ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libargon2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libargon2") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 0.9.8" 2>/dev/null` + pkg_cv_LIBARGON2_CFLAGS=`$PKG_CONFIG --cflags "libargon2" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -16804,16 +18968,16 @@ fi else pkg_failed=untried fi -if test -n "$OPENSSL_LIBS"; then - pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS" +if test -n "$LIBARGON2_LIBS"; then + pkg_cv_LIBARGON2_LIBS="$LIBARGON2_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5 - ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libargon2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libargon2") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl >= 0.9.8" 2>/dev/null` + pkg_cv_LIBARGON2_LIBS=`$PKG_CONFIG --libs "libargon2" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -16825,7 +18989,7 @@ fi if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -16834,155 +18998,113 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 0.9.8" 2>&1` + LIBARGON2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libargon2" 2>&1` else - OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 0.9.8" 2>&1` + LIBARGON2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libargon2" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$OPENSSL_PKG_ERRORS" >&5 + echo "$LIBARGON2_PKG_ERRORS" >&5 - as_fn_error $? "You need openssl library." "$LINENO" 5 + LIBARGON2_LIBS="-largon2" elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "You need openssl library." "$LINENO" 5 + LIBARGON2_LIBS="-largon2" else - OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS - OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS + LIBARGON2_CFLAGS=$pkg_cv_LIBARGON2_CFLAGS + LIBARGON2_LIBS=$pkg_cv_LIBARGON2_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi - CRYPTO_CFLAGS=$OPENSSL_CFLAGS - CRYPTO_LIBS=$OPENSSL_LIBS - use_internal_pbkdf2=0 + enable_internal_argon2=no +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2." >&5 +$as_echo "$as_me: WARNING: Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2." >&2;} - if test x$enable_static_cryptsetup = xyes; then - saved_PKG_CONFIG=$PKG_CONFIG - PKG_CONFIG="$PKG_CONFIG --static" + # Check whether --enable-internal-sse-argon2 was given. +if test "${enable_internal_sse_argon2+set}" = set; then : + enableval=$enable_internal_sse_argon2; +fi -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_STATIC" >&5 -$as_echo_n "checking for OPENSSL_STATIC... " >&6; } -if test -n "$OPENSSL_STATIC_CFLAGS"; then - pkg_cv_OPENSSL_STATIC_CFLAGS="$OPENSSL_STATIC_CFLAGS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5 - ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_OPENSSL_STATIC_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi -if test -n "$OPENSSL_STATIC_LIBS"; then - pkg_cv_OPENSSL_STATIC_LIBS="$OPENSSL_STATIC_LIBS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5 - ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_OPENSSL_STATIC_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi + if test "x$enable_internal_sse_argon2" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if Argon2 SSE optimization can be used" >&5 +$as_echo_n "checking if Argon2 SSE optimization can be used... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include + __m128i testfunc(__m128i *a, __m128i *b) { + return _mm_xor_si128(_mm_loadu_si128(a), _mm_loadu_si128(b)); + } +int +main () +{ -if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes else - _pkg_short_errors_supported=no + enable_internal_sse_argon2=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_internal_sse_argon2" >&5 +$as_echo "$enable_internal_sse_argon2" >&6; } + fi fi - if test $_pkg_short_errors_supported = yes; then - OPENSSL_STATIC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl" 2>&1` - else - OPENSSL_STATIC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$OPENSSL_STATIC_PKG_ERRORS" >&5 - - as_fn_error $? "Package requirements (openssl) were not met: - -$OPENSSL_STATIC_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. -Alternatively, you may set the environment variables OPENSSL_STATIC_CFLAGS -and OPENSSL_STATIC_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details." "$LINENO" 5 -elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. +if test "x$enable_internal_argon2" = "xyes"; then -Alternatively, you may set the environment variables OPENSSL_STATIC_CFLAGS -and OPENSSL_STATIC_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. +$as_echo "#define USE_INTERNAL_ARGON2 1" >>confdefs.h -To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +fi + if test "x$enable_internal_argon2" = "xyes"; then + CRYPTO_INTERNAL_ARGON2_TRUE= + CRYPTO_INTERNAL_ARGON2_FALSE='#' else - OPENSSL_STATIC_CFLAGS=$pkg_cv_OPENSSL_STATIC_CFLAGS - OPENSSL_STATIC_LIBS=$pkg_cv_OPENSSL_STATIC_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + CRYPTO_INTERNAL_ARGON2_TRUE='#' + CRYPTO_INTERNAL_ARGON2_FALSE= +fi + if test "x$enable_internal_sse_argon2" = "xyes"; then + CRYPTO_INTERNAL_SSE_ARGON2_TRUE= + CRYPTO_INTERNAL_SSE_ARGON2_FALSE='#' +else + CRYPTO_INTERNAL_SSE_ARGON2_TRUE='#' + CRYPTO_INTERNAL_SSE_ARGON2_FALSE= fi - CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS - PKG_CONFIG=$saved_PKG_CONFIG - fi - if test "x$with_fips" = "xyes"; then - as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 - fi - ;; - nss) - if test x$enable_static_cryptsetup = xyes; then - as_fn_error $? "Static build of cryptsetup is not supported with NSS." "$LINENO" 5 - fi +# Check whether --enable-blkid was given. +if test "${enable_blkid+set}" = set; then : + enableval=$enable_blkid; +else + enable_blkid=yes +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: NSS backend does NOT provide backward compatibility (missing ripemd160 hash)." >&5 -$as_echo "$as_me: WARNING: NSS backend does NOT provide backward compatibility (missing ripemd160 hash)." >&2;} +if test "x$enable_blkid" = "xyes"; then pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS" >&5 -$as_echo_n "checking for NSS... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for blkid" >&5 +$as_echo_n "checking for blkid... " >&6; } -if test -n "$NSS_CFLAGS"; then - pkg_cv_NSS_CFLAGS="$NSS_CFLAGS" +if test -n "$BLKID_CFLAGS"; then + pkg_cv_BLKID_CFLAGS="$BLKID_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 - ($PKG_CONFIG --exists --print-errors "nss") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"blkid\""; } >&5 + ($PKG_CONFIG --exists --print-errors "blkid") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null` + pkg_cv_BLKID_CFLAGS=`$PKG_CONFIG --cflags "blkid" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -16990,16 +19112,16 @@ fi else pkg_failed=untried fi -if test -n "$NSS_LIBS"; then - pkg_cv_NSS_LIBS="$NSS_LIBS" +if test -n "$BLKID_LIBS"; then + pkg_cv_BLKID_LIBS="$BLKID_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 - ($PKG_CONFIG --exists --print-errors "nss") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"blkid\""; } >&5 + ($PKG_CONFIG --exists --print-errors "blkid") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null` + pkg_cv_BLKID_LIBS=`$PKG_CONFIG --libs "blkid" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -17011,7 +19133,7 @@ fi if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -17020,209 +19142,187 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "nss" 2>&1` + BLKID_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "blkid" 2>&1` else - NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "nss" 2>&1` + BLKID_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "blkid" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$NSS_PKG_ERRORS" >&5 + echo "$BLKID_PKG_ERRORS" >&5 - as_fn_error $? "You need nss library." "$LINENO" 5 + LIBBLKID_LIBS="-lblkid" elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "You need nss library." "$LINENO" 5 + LIBBLKID_LIBS="-lblkid" else - NSS_CFLAGS=$pkg_cv_NSS_CFLAGS - NSS_LIBS=$pkg_cv_NSS_LIBS + BLKID_CFLAGS=$pkg_cv_BLKID_CFLAGS + BLKID_LIBS=$pkg_cv_BLKID_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -fi +$as_echo "#define HAVE_BLKID 1" >>confdefs.h - saved_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS $NSS_CFLAGS" - ac_fn_c_check_decl "$LINENO" "NSS_GetVersion" "ac_cv_have_decl_NSS_GetVersion" "#include -" -if test "x$ac_cv_have_decl_NSS_GetVersion" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 fi -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_NSS_GETVERSION $ac_have_decl -_ACEOF - - CFLAGS=$saved_CFLAGS - - CRYPTO_CFLAGS=$NSS_CFLAGS - CRYPTO_LIBS=$NSS_LIBS - use_internal_pbkdf2=1 - - if test "x$with_fips" = "xyes"; then - as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 - fi - - ;; - kernel) - for ac_header in linux/if_alg.h + for ac_header in blkid/blkid.h do : - ac_fn_c_check_header_mongrel "$LINENO" "linux/if_alg.h" "ac_cv_header_linux_if_alg_h" "$ac_includes_default" -if test "x$ac_cv_header_linux_if_alg_h" = xyes; then : + ac_fn_c_check_header_mongrel "$LINENO" "blkid/blkid.h" "ac_cv_header_blkid_blkid_h" "$ac_includes_default" +if test "x$ac_cv_header_blkid_blkid_h" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_LINUX_IF_ALG_H 1 +#define HAVE_BLKID_BLKID_H 1 _ACEOF else - as_fn_error $? "You need Linux kernel headers with userspace crypto interface." "$LINENO" 5 + as_fn_error $? "You need blkid development library installed." "$LINENO" 5 fi done -# AC_CHECK_DECLS([AF_ALG],, -# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], -# [#include ]) - use_internal_pbkdf2=1 + ac_fn_c_check_decl "$LINENO" "blkid_do_wipe" "ac_cv_have_decl_blkid_do_wipe" "#include +" +if test "x$ac_cv_have_decl_blkid_do_wipe" = xyes; then : - if test "x$with_fips" = "xyes"; then - as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 - fi +$as_echo "#define HAVE_BLKID_WIPE 1" >>confdefs.h - ;; - nettle) - for ac_header in nettle/sha.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "nettle/sha.h" "ac_cv_header_nettle_sha_h" "$ac_includes_default" -if test "x$ac_cv_header_nettle_sha_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NETTLE_SHA_H 1 -_ACEOF + enable_blkid_wipe=yes -else - as_fn_error $? "You need Nettle cryptographic library." "$LINENO" 5 fi -done + ac_fn_c_check_decl "$LINENO" "blkid_probe_step_back" "ac_cv_have_decl_blkid_probe_step_back" "#include +" +if test "x$ac_cv_have_decl_blkid_probe_step_back" = xyes; then : +$as_echo "#define HAVE_BLKID_STEP_BACK 1" >>confdefs.h - saved_LIBS=$LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nettle_pbkdf2_hmac_sha256 in -lnettle" >&5 -$as_echo_n "checking for nettle_pbkdf2_hmac_sha256 in -lnettle... " >&6; } -if ${ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256+:} false; then : - $as_echo_n "(cached) " >&6 + enable_blkid_step_back=yes + +fi + + ac_fn_c_check_decl "$LINENO" "blkid_reset_probe" "ac_cv_have_decl_blkid_reset_probe" "#include +" +if test "x$ac_cv_have_decl_blkid_reset_probe" = xyes; then : + ac_have_decl=1 else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnettle $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + ac_have_decl=0 +fi -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char nettle_pbkdf2_hmac_sha256 (); -int -main () -{ -return nettle_pbkdf2_hmac_sha256 (); - ; - return 0; -} +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_BLKID_RESET_PROBE $ac_have_decl _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256=yes +if test $ac_have_decl = 1; then : + else - ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256=no + as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5 fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +ac_fn_c_check_decl "$LINENO" "blkid_probe_set_device" "ac_cv_have_decl_blkid_probe_set_device" "#include +" +if test "x$ac_cv_have_decl_blkid_probe_set_device" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" >&5 -$as_echo "$ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" >&6; } -if test "x$ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBNETTLE 1 -_ACEOF - LIBS="-lnettle $LIBS" +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_BLKID_PROBE_SET_DEVICE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : else - as_fn_error $? "You need Nettle library version 2.6 or more recent." "$LINENO" 5 + as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5 +fi +ac_fn_c_check_decl "$LINENO" "blkid_probe_filter_superblocks_type" "ac_cv_have_decl_blkid_probe_filter_superblocks_type" "#include +" +if test "x$ac_cv_have_decl_blkid_probe_filter_superblocks_type" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi - CRYPTO_LIBS=$LIBS - LIBS=$saved_LIBS +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_BLKID_PROBE_FILTER_SUPERBLOCKS_TYPE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : - CRYPTO_STATIC_LIBS=$CRYPTO_LIBS - use_internal_pbkdf2=0 +else + as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5 +fi +ac_fn_c_check_decl "$LINENO" "blkid_do_safeprobe" "ac_cv_have_decl_blkid_do_safeprobe" "#include +" +if test "x$ac_cv_have_decl_blkid_do_safeprobe" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi - if test "x$with_fips" = "xyes"; then - as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5 - fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_BLKID_DO_SAFEPROBE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : - ;; - *) as_fn_error $? "Unknown crypto backend." "$LINENO" 5 ;; -esac - if test $with_crypto_backend = gcrypt; then - CRYPTO_BACKEND_GCRYPT_TRUE= - CRYPTO_BACKEND_GCRYPT_FALSE='#' else - CRYPTO_BACKEND_GCRYPT_TRUE='#' - CRYPTO_BACKEND_GCRYPT_FALSE= + as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5 fi - - if test $with_crypto_backend = openssl; then - CRYPTO_BACKEND_OPENSSL_TRUE= - CRYPTO_BACKEND_OPENSSL_FALSE='#' +ac_fn_c_check_decl "$LINENO" "blkid_do_probe" "ac_cv_have_decl_blkid_do_probe" "#include +" +if test "x$ac_cv_have_decl_blkid_do_probe" = xyes; then : + ac_have_decl=1 else - CRYPTO_BACKEND_OPENSSL_TRUE='#' - CRYPTO_BACKEND_OPENSSL_FALSE= + ac_have_decl=0 fi - if test $with_crypto_backend = nss; then - CRYPTO_BACKEND_NSS_TRUE= - CRYPTO_BACKEND_NSS_FALSE='#' +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_BLKID_DO_PROBE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + else - CRYPTO_BACKEND_NSS_TRUE='#' - CRYPTO_BACKEND_NSS_FALSE= + as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5 fi - - if test $with_crypto_backend = kernel; then - CRYPTO_BACKEND_KERNEL_TRUE= - CRYPTO_BACKEND_KERNEL_FALSE='#' +ac_fn_c_check_decl "$LINENO" "blkid_probe_lookup_value + " "ac_cv_have_decl_blkid_probe_lookup_value__________" "#include +" +if test "x$ac_cv_have_decl_blkid_probe_lookup_value__________" = xyes; then : + ac_have_decl=1 else - CRYPTO_BACKEND_KERNEL_TRUE='#' - CRYPTO_BACKEND_KERNEL_FALSE= + ac_have_decl=0 fi - if test $with_crypto_backend = nettle; then - CRYPTO_BACKEND_NETTLE_TRUE= - CRYPTO_BACKEND_NETTLE_FALSE='#' +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_BLKID_PROBE_LOOKUP_VALUE__________ $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + else - CRYPTO_BACKEND_NETTLE_TRUE='#' - CRYPTO_BACKEND_NETTLE_FALSE= + as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5 fi - - if test $use_internal_pbkdf2 = 1; then - CRYPTO_INTERNAL_PBKDF2_TRUE= - CRYPTO_INTERNAL_PBKDF2_FALSE='#' +fi + if test "x$enable_blkid" = "xyes"; then + HAVE_BLKID_TRUE= + HAVE_BLKID_FALSE='#' else - CRYPTO_INTERNAL_PBKDF2_TRUE='#' - CRYPTO_INTERNAL_PBKDF2_FALSE= + HAVE_BLKID_TRUE='#' + HAVE_BLKID_FALSE= fi + if test "x$enable_blkid_wipe" = "xyes"; then + HAVE_BLKID_WIPE_TRUE= + HAVE_BLKID_WIPE_FALSE='#' +else + HAVE_BLKID_WIPE_TRUE='#' + HAVE_BLKID_WIPE_FALSE= +fi -cat >>confdefs.h <<_ACEOF -#define USE_INTERNAL_PBKDF2 $use_internal_pbkdf2 -_ACEOF + if test "x$enable_blkid_step_back" = "xyes"; then + HAVE_BLKID_STEP_BACK_TRUE= + HAVE_BLKID_STEP_BACK_FALSE='#' +else + HAVE_BLKID_STEP_BACK_TRUE='#' + HAVE_BLKID_STEP_BACK_FALSE= +fi -if test x$enable_static_cryptsetup = xyes; then +if test "x$enable_static_cryptsetup" = "xyes"; then saved_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" @@ -17278,8 +19378,8 @@ fi LIBS="$saved_LIBS -static" pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for DEVMAPPER_STATIC" >&5 -$as_echo_n "checking for DEVMAPPER_STATIC... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for devmapper >= 1.02.27" >&5 +$as_echo_n "checking for devmapper >= 1.02.27... " >&6; } if test -n "$DEVMAPPER_STATIC_CFLAGS"; then pkg_cv_DEVMAPPER_STATIC_CFLAGS="$DEVMAPPER_STATIC_CFLAGS" @@ -17319,7 +19419,7 @@ fi if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -17337,7 +19437,7 @@ fi DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS - if test "x$enable_selinux" != xno; then + if test "x$enable_selinux" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sepol_bool_set in -lsepol" >&5 $as_echo_n "checking for sepol_bool_set in -lsepol... " >&6; } if ${ac_cv_lib_sepol_sepol_bool_set+:} false; then : @@ -17432,11 +19532,11 @@ fi fi elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS - if test "x$enable_selinux" != xno; then + if test "x$enable_selinux" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sepol_bool_set in -lsepol" >&5 $as_echo_n "checking for sepol_bool_set in -lsepol... " >&6; } if ${ac_cv_lib_sepol_sepol_bool_set+:} false; then : @@ -17639,335 +19739,75 @@ fi PKG_CONFIG=$saved_PKG_CONFIG fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for systemd tmpfiles config directory" >&5 +$as_echo_n "checking for systemd tmpfiles config directory... " >&6; } - - - - - - - - - - - - -# Check whether --enable-dev-random was given. -if test "${enable_dev_random+set}" = set; then : - enableval=$enable_dev_random; default_rng=/dev/random +if test -n "$systemd_tmpfilesdir"; then + pkg_cv_systemd_tmpfilesdir="$systemd_tmpfilesdir" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"systemd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "systemd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_systemd_tmpfilesdir=`$PKG_CONFIG --variable="tmpfilesdir" "systemd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - default_rng=/dev/urandom + pkg_failed=yes fi - - -cat >>confdefs.h <<_ACEOF -#define DEFAULT_RNG "$default_rng" -_ACEOF - - - - - - - - -# Check whether --enable-python was given. -if test "${enable_python+set}" = set; then : - enableval=$enable_python; with_python=$enableval -else - with_python=no + else + pkg_failed=untried fi +systemd_tmpfilesdir=$pkg_cv_systemd_tmpfilesdir - - -# Check whether --with-python_version was given. -if test "${with_python_version+set}" = set; then : - withval=$with_python_version; PYTHON_VERSION=$withval -else - PYTHON_VERSION=2.6 +if test "x$systemd_tmpfilesdir" = x""; then : + systemd_tmpfilesdir=no fi - - -if test "x$with_python" = "xyes"; then - +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $systemd_tmpfilesdir" >&5 +$as_echo "$systemd_tmpfilesdir" >&6; } - if test -n "$PYTHON"; then - # If the user set $PYTHON, use it and don't search something else. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= $PYTHON_VERSION" >&5 -$as_echo_n "checking whether $PYTHON version is >= $PYTHON_VERSION... " >&6; } - prog="import sys -# split strings by '.' and convert to numeric. Append some zeros -# because we need at least 4 digits for the hex conversion. -# map returns an iterator in Python 3.0 and a list in 2.x -minver = list(map(int, '$PYTHON_VERSION'.split('.'))) + [0, 0, 0] -minverhex = 0 -# xrange is not present in Python 3.0 and range returns an iterator -for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] -sys.exit(sys.hexversion < minverhex)" - if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5 - ($PYTHON -c "$prog") >&5 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "Python interpreter is too old" "$LINENO" 5 -fi - am_display_PYTHON=$PYTHON - else - # Otherwise, try each interpreter until we find one that satisfies - # VERSION. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= $PYTHON_VERSION" >&5 -$as_echo_n "checking for a Python interpreter with version >= $PYTHON_VERSION... " >&6; } -if ${am_cv_pathless_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else - - for am_cv_pathless_PYTHON in python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do - test "$am_cv_pathless_PYTHON" = none && break - prog="import sys -# split strings by '.' and convert to numeric. Append some zeros -# because we need at least 4 digits for the hex conversion. -# map returns an iterator in Python 3.0 and a list in 2.x -minver = list(map(int, '$PYTHON_VERSION'.split('.'))) + [0, 0, 0] -minverhex = 0 -# xrange is not present in Python 3.0 and range returns an iterator -for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] -sys.exit(sys.hexversion < minverhex)" - if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5 - ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then : - break -fi - done -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 -$as_echo "$am_cv_pathless_PYTHON" >&6; } - # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. - if test "$am_cv_pathless_PYTHON" = none; then - PYTHON=: - else - # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args. -set dummy $am_cv_pathless_PYTHON; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PYTHON in - [\\/]* | ?:[\\/]*) - ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - ;; -esac -fi -PYTHON=$ac_cv_path_PYTHON -if test -n "$PYTHON"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 -$as_echo "$PYTHON" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - fi - am_display_PYTHON=$am_cv_pathless_PYTHON - fi - if test "$PYTHON" = :; then - as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 -$as_echo_n "checking for $am_display_PYTHON version... " >&6; } -if ${am_cv_python_version+:} false; then : - $as_echo_n "(cached) " >&6 -else - am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 -$as_echo "$am_cv_python_version" >&6; } - PYTHON_VERSION=$am_cv_python_version - PYTHON_PREFIX='${prefix}' - PYTHON_EXEC_PREFIX='${exec_prefix}' - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 -$as_echo_n "checking for $am_display_PYTHON platform... " >&6; } -if ${am_cv_python_platform+:} false; then : - $as_echo_n "(cached) " >&6 -else - am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 -$as_echo "$am_cv_python_platform" >&6; } - PYTHON_PLATFORM=$am_cv_python_platform - - - # Just factor out some code duplication. - am_python_setup_sysconfig="\ -import sys -# Prefer sysconfig over distutils.sysconfig, for better compatibility -# with python 3.x. See automake bug#10227. -try: - import sysconfig -except ImportError: - can_use_sysconfig = 0 -else: - can_use_sysconfig = 1 -# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: -# -try: - from platform import python_implementation - if python_implementation() == 'CPython' and sys.version[:3] == '2.7': - can_use_sysconfig = 0 -except ImportError: - pass" - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 -$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } -if ${am_cv_python_pythondir+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "x$prefix" = xNONE - then - am_py_prefix=$ac_default_prefix - else - am_py_prefix=$prefix - fi - am_cv_python_pythondir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` - case $am_cv_python_pythondir in - $am_py_prefix*) - am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` - am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` - ;; - *) - case $am_py_prefix in - /usr|/System*) ;; - *) - am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages - ;; - esac - ;; - esac +# Check whether --enable-dev-random was given. +if test "${enable_dev_random+set}" = set; then : + enableval=$enable_dev_random; fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 -$as_echo "$am_cv_python_pythondir" >&6; } - pythondir=$am_cv_python_pythondir - - - pkgpythondir=\${pythondir}/$PACKAGE - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 -$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } -if ${am_cv_python_pyexecdir+:} false; then : - $as_echo_n "(cached) " >&6 +if test "x$enable_dev_random" = "xyes"; then + default_rng=/dev/random else - if test "x$exec_prefix" = xNONE - then - am_py_exec_prefix=$am_py_prefix - else - am_py_exec_prefix=$exec_prefix - fi - am_cv_python_pyexecdir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` - case $am_cv_python_pyexecdir in - $am_py_exec_prefix*) - am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` - am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` - ;; - *) - case $am_py_exec_prefix in - /usr|/System*) ;; - *) - am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages - ;; - esac - ;; - esac - + default_rng=/dev/urandom fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 -$as_echo "$am_cv_python_pyexecdir" >&6; } - pyexecdir=$am_cv_python_pyexecdir - - - - pkgpyexecdir=\${pyexecdir}/$PACKAGE - +cat >>confdefs.h <<_ACEOF +#define DEFAULT_RNG "$default_rng" +_ACEOF - fi - if ! test -x "$PYTHON-config" ; then - as_fn_error $? "Cannot find python development packages to build bindings" "$LINENO" 5 - fi - PYTHON_INCLUDES=$($PYTHON-config --includes) - PYTHON_LIBS=$($PYTHON-config --libs) -fi - if test "x$with_python" = "xyes"; then - PYTHON_CRYPTSETUP_TRUE= - PYTHON_CRYPTSETUP_FALSE='#' -else - PYTHON_CRYPTSETUP_TRUE='#' - PYTHON_CRYPTSETUP_FALSE= -fi @@ -18059,7 +19899,7 @@ _ACEOF else cat >>confdefs.h <<_ACEOF -#define DEFAULT_LUKS1_HASH "sha1" +#define DEFAULT_LUKS1_HASH "sha256" _ACEOF @@ -18124,6 +19964,39 @@ _ACEOF fi +# Check whether --enable-luks_adjust_xts_keysize was given. +if test "${enable_luks_adjust_xts_keysize+set}" = set; then : + enableval=$enable_luks_adjust_xts_keysize; +else + enable_luks_adjust_xts_keysize=yes +fi + +if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then + +$as_echo "#define ENABLE_LUKS_ADJUST_XTS_KEYSIZE 1" >>confdefs.h + +fi + + +# Check whether --with-luks2-pbkdf was given. +if test "${with_luks2_pbkdf+set}" = set; then : + withval=$with_luks2_pbkdf; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_PBKDF "$withval" +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_PBKDF "argon2i" +_ACEOF + + + +fi + + # Check whether --with-luks1-iter-time was given. if test "${with_luks1_iter_time+set}" = set; then : withval=$with_luks1_iter_time; @@ -18135,7 +20008,103 @@ _ACEOF else cat >>confdefs.h <<_ACEOF -#define DEFAULT_LUKS1_ITER_TIME 1000 +#define DEFAULT_LUKS1_ITER_TIME 2000 +_ACEOF + + + +fi + + +# Check whether --with-luks2-iter-time was given. +if test "${with_luks2_iter_time+set}" = set; then : + withval=$with_luks2_iter_time; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_ITER_TIME $withval +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_ITER_TIME 2000 +_ACEOF + + + +fi + + +# Check whether --with-luks2-memory-kb was given. +if test "${with_luks2_memory_kb+set}" = set; then : + withval=$with_luks2_memory_kb; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_MEMORY_KB $withval +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_MEMORY_KB 1048576 +_ACEOF + + + +fi + + +# Check whether --with-luks2-parallel-threads was given. +if test "${with_luks2_parallel_threads+set}" = set; then : + withval=$with_luks2_parallel_threads; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_PARALLEL_THREADS $withval +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_PARALLEL_THREADS 4 +_ACEOF + + + +fi + + + +# Check whether --with-luks2-keyslot-cipher was given. +if test "${with_luks2_keyslot_cipher+set}" = set; then : + withval=$with_luks2_keyslot_cipher; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_KEYSLOT_CIPHER "$withval" +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_KEYSLOT_CIPHER "aes-xts-plain64" +_ACEOF + + + +fi + + +# Check whether --with-luks2-keyslot-keybits was given. +if test "${with_luks2_keyslot_keybits+set}" = set; then : + withval=$with_luks2_keyslot_keybits; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_KEYSLOT_KEYBITS $withval +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_KEYSLOT_KEYBITS 512 _ACEOF @@ -18298,8 +20267,138 @@ _ACEOF fi +# Check whether --with-verity-fec-roots was given. +if test "${with_verity_fec_roots+set}" = set; then : + withval=$with_verity_fec_roots; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_VERITY_FEC_ROOTS $withval +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_VERITY_FEC_ROOTS 2 +_ACEOF + + + +fi + + + +# Check whether --with-tmpfilesdir was given. +if test "${with_tmpfilesdir+set}" = set; then : + withval=$with_tmpfilesdir; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_TMPFILESDIR "$withval" +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_TMPFILESDIR "" +_ACEOF + + + +fi + +test -z "$with_tmpfilesdir" && with_tmpfilesdir=$systemd_tmpfilesdir +test "x$with_tmpfilesdir" = "xno" || { + + case "${with_tmpfilesdir}" in + /*) ;; + *) as_fn_error $? "with-tmpfilesdir argument must be an absolute path." "$LINENO" 5;; + esac + + DEFAULT_TMPFILESDIR=$with_tmpfilesdir + +} + if test -n "$DEFAULT_TMPFILESDIR"; then + CRYPTSETUP_TMPFILE_TRUE= + CRYPTSETUP_TMPFILE_FALSE='#' +else + CRYPTSETUP_TMPFILE_TRUE='#' + CRYPTSETUP_TMPFILE_FALSE= +fi + + + +# Check whether --with-luks2-lock-path was given. +if test "${with_luks2_lock_path+set}" = set; then : + withval=$with_luks2_lock_path; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_LOCK_PATH "$withval" +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_LOCK_PATH "/run/cryptsetup" +_ACEOF + + + +fi + +test -z "$with_luks2_lock_path" && with_luks2_lock_path=/run/cryptsetup + + case "${with_luks2_lock_path}" in + /*) ;; + *) as_fn_error $? "with-luks2-lock-path argument must be an absolute path." "$LINENO" 5;; + esac + +DEFAULT_LUKS2_LOCK_PATH=$with_luks2_lock_path + + + +# Check whether --with-luks2-lock-dir-perms was given. +if test "${with_luks2_lock_dir_perms+set}" = set; then : + withval=$with_luks2_lock_dir_perms; +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_LOCK_DIR_PERMS $withval +_ACEOF + + +else + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS2_LOCK_DIR_PERMS 0700 +_ACEOF + + + +fi + +test -z "$with_luks2_lock_dir_perms" && with_luks2_lock_dir_perms=0700 +DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms + + + +# Check whether --with-default_luks_format was given. +if test "${with_default_luks_format+set}" = set; then : + withval=$with_default_luks_format; +else + with_default_luks_format=LUKS2 +fi + + +case $with_default_luks_format in + LUKS1) default_luks=CRYPT_LUKS1 ;; + LUKS2) default_luks=CRYPT_LUKS2 ;; + *) as_fn_error $? "Unknown default LUKS format. Use LUKS1 or LUKS2 only." "$LINENO" 5 ;; +esac + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_LUKS_FORMAT $default_luks +_ACEOF + + -ac_config_files="$ac_config_files Makefile lib/Makefile lib/libcryptsetup.pc lib/crypto_backend/Makefile lib/luks1/Makefile lib/loopaes/Makefile lib/verity/Makefile lib/tcrypt/Makefile src/Makefile po/Makefile.in man/Makefile tests/Makefile python/Makefile" +ac_config_files="$ac_config_files Makefile lib/libcryptsetup.pc po/Makefile.in scripts/cryptsetup.conf tests/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -18438,11 +20537,19 @@ if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${KERNEL_KEYRING_TRUE}" && test -z "${KERNEL_KEYRING_FALSE}"; then + as_fn_error $? "conditional \"KERNEL_KEYRING\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${STATIC_TOOLS_TRUE}" && test -z "${STATIC_TOOLS_FALSE}"; then as_fn_error $? "conditional \"STATIC_TOOLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${CRYPTSETUP_TRUE}" && test -z "${CRYPTSETUP_FALSE}"; then + as_fn_error $? "conditional \"CRYPTSETUP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${VERITYSETUP_TRUE}" && test -z "${VERITYSETUP_FALSE}"; then as_fn_error $? "conditional \"VERITYSETUP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18451,6 +20558,10 @@ if test -z "${REENCRYPT_TRUE}" && test -z "${REENCRYPT_FALSE}"; then as_fn_error $? "conditional \"REENCRYPT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${INTEGRITYSETUP_TRUE}" && test -z "${INTEGRITYSETUP_FALSE}"; then + as_fn_error $? "conditional \"INTEGRITYSETUP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${CRYPTO_BACKEND_GCRYPT_TRUE}" && test -z "${CRYPTO_BACKEND_GCRYPT_FALSE}"; then as_fn_error $? "conditional \"CRYPTO_BACKEND_GCRYPT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18475,8 +20586,28 @@ if test -z "${CRYPTO_INTERNAL_PBKDF2_TRUE}" && test -z "${CRYPTO_INTERNAL_PBKDF2 as_fn_error $? "conditional \"CRYPTO_INTERNAL_PBKDF2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${PYTHON_CRYPTSETUP_TRUE}" && test -z "${PYTHON_CRYPTSETUP_FALSE}"; then - as_fn_error $? "conditional \"PYTHON_CRYPTSETUP\" was never defined. +if test -z "${CRYPTO_INTERNAL_ARGON2_TRUE}" && test -z "${CRYPTO_INTERNAL_ARGON2_FALSE}"; then + as_fn_error $? "conditional \"CRYPTO_INTERNAL_ARGON2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${CRYPTO_INTERNAL_SSE_ARGON2_TRUE}" && test -z "${CRYPTO_INTERNAL_SSE_ARGON2_FALSE}"; then + as_fn_error $? "conditional \"CRYPTO_INTERNAL_SSE_ARGON2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_BLKID_TRUE}" && test -z "${HAVE_BLKID_FALSE}"; then + as_fn_error $? "conditional \"HAVE_BLKID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_BLKID_WIPE_TRUE}" && test -z "${HAVE_BLKID_WIPE_FALSE}"; then + as_fn_error $? "conditional \"HAVE_BLKID_WIPE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_BLKID_STEP_BACK_TRUE}" && test -z "${HAVE_BLKID_STEP_BACK_FALSE}"; then + as_fn_error $? "conditional \"HAVE_BLKID_STEP_BACK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${CRYPTSETUP_TMPFILE_TRUE}" && test -z "${CRYPTSETUP_TMPFILE_FALSE}"; then + as_fn_error $? "conditional \"CRYPTSETUP_TMPFILE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi @@ -18876,7 +21007,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by cryptsetup $as_me 1.6.7, which was +This file was extended by cryptsetup $as_me 2.3.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18942,7 +21073,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -cryptsetup config.status 1.6.7 +cryptsetup config.status 2.3.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -19061,7 +21192,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # -AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" +AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" # The HP-UX ksh and POSIX shell print the target directory to stdout @@ -19077,6 +21208,7 @@ macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' @@ -19126,10 +21258,13 @@ compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`' objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' @@ -19194,7 +21329,8 @@ finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' -sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' +configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' +configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' @@ -19245,9 +21381,12 @@ CFLAGS \ compiler \ lt_cv_sys_global_symbol_pipe \ lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_import \ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +lt_cv_nm_interface \ nm_file_list_spec \ +lt_cv_truncate_bin \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_pic \ lt_prog_compiler_wl \ @@ -19282,7 +21421,7 @@ old_striplib \ striplib; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -19309,10 +21448,11 @@ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ -sys_lib_dlsearch_path_spec; do +configure_time_dlsearch_path \ +configure_time_lt_sys_library_path; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -19321,19 +21461,16 @@ sys_lib_dlsearch_path_spec; do done ac_aux_dir='$ac_aux_dir' -xsi_shell='$xsi_shell' -lt_shell_append='$lt_shell_append' -# See if we are running on zsh, and set the options which allow our +# See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes INIT. -if test -n "\${ZSH_VERSION+set}" ; then +if test -n "\${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi PACKAGE='$PACKAGE' VERSION='$VERSION' - TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile' @@ -19360,18 +21497,10 @@ do "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; - "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; "lib/libcryptsetup.pc") CONFIG_FILES="$CONFIG_FILES lib/libcryptsetup.pc" ;; - "lib/crypto_backend/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto_backend/Makefile" ;; - "lib/luks1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/luks1/Makefile" ;; - "lib/loopaes/Makefile") CONFIG_FILES="$CONFIG_FILES lib/loopaes/Makefile" ;; - "lib/verity/Makefile") CONFIG_FILES="$CONFIG_FILES lib/verity/Makefile" ;; - "lib/tcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES lib/tcrypt/Makefile" ;; - "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; - "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; + "scripts/cryptsetup.conf") CONFIG_FILES="$CONFIG_FILES scripts/cryptsetup.conf" ;; "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; - "python/Makefile") CONFIG_FILES="$CONFIG_FILES python/Makefile" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac @@ -19971,29 +22100,35 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + case $CONFIG_FILES in #( + *\'*) : + eval set x "$CONFIG_FILES" ;; #( + *) : + set x $CONFIG_FILES ;; #( + *) : + ;; +esac shift - for mf + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf do # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line + am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`$as_dirname -- "$mf" || -$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$mf" : 'X\(//\)[^/]' \| \ - X"$mf" : 'X\(//\)$' \| \ - X"$mf" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$mf" | + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`$as_dirname -- "$am_mf" || +$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$am_mf" : 'X\(//\)[^/]' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$am_mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -20011,106 +22146,100 @@ $as_echo X"$mf" | q } s/.*/./; q'` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`$as_dirname -- "$file" || -$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$file" : 'X\(//\)[^/]' \| \ - X"$file" : 'X\(//\)$' \| \ - X"$file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ + am_filepart=`$as_basename -- "$am_mf" || +$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$am_mf" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } - /^X\(\/\/\)$/{ + /^X\/\(\/\/\)$/{ s//\1/ q } - /^X\(\/\).*/{ + /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` - as_dir=$dirpart/$fdir; as_fn_mkdir_p - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done + { echo "$as_me:$LINENO: cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles" >&5 + (cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } || am_rc=$? done + if test $am_rc -ne 0; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. If GNU make was not used, consider + re-running the configure script with MAKE=\"gmake\" (or whatever is + necessary). You can also try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking). +See \`config.log' for more details" "$LINENO" 5; } + fi + { am_dirpart=; unset am_dirpart;} + { am_filepart=; unset am_filepart;} + { am_mf=; unset am_mf;} + { am_rc=; unset am_rc;} + rm -f conftest-deps.mk } ;; "libtool":C) - # See if we are running on zsh, and set the options which allow our + # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then + if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi - cfgfile="${ofile}T" + cfgfile=${ofile}T trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL - -# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# Generated automatically by $as_me ($PACKAGE) $VERSION # NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. # -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. -# Written by Gordon Matzigkeit, 1996 -# -# This file is part of GNU Libtool. -# -# GNU Libtool is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# As a special exception to the GNU General Public License, -# if you distribute this file as part of a program or library that -# is built using GNU Libtool, you may include this file under the -# same distribution terms that you use for the rest of that program. +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. # -# GNU Libtool is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with GNU Libtool; see the file COPYING. If not, a copy -# can be downloaded from http://www.gnu.org/licenses/gpl.html, or -# obtained by writing to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . # The names of the tagged configurations supported by this script. -available_tags="" +available_tags='' + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} # ### BEGIN LIBTOOL CONFIG @@ -20130,6 +22259,9 @@ pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install +# Shared archive member basename,for filename based shared library versioning on AIX. +shared_archive_member_spec=$shared_archive_member_spec + # Shell to use when invoking shell scripts. SHELL=$lt_SHELL @@ -20247,18 +22379,27 @@ global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration. global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl +# Transform the output of nm into a list of symbols to manually relocate. +global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import + # Transform the output of nm in a C name address pair. global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # Transform the output of nm in a C name address pair when lib prefix is needed. global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix +# The name lister interface. +nm_interface=$lt_lt_cv_nm_interface + # Specify filename containing input files for \$NM. nm_file_list_spec=$lt_nm_file_list_spec -# The root where to search for dependent libraries,and in which our libraries should be installed. +# The root where to search for dependent libraries,and where our libraries should be installed. lt_sysroot=$lt_sysroot +# Command to truncate a binary pipe. +lt_truncate_bin=$lt_lt_cv_truncate_bin + # The name of the directory that contains temporary libtool files. objdir=$objdir @@ -20349,8 +22490,11 @@ hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec -# Run-time system search path for libraries. -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec +# Detected run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path + +# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. +configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path # Whether dlopen is supported. dlopen_support=$enable_dlopen @@ -20443,13 +22587,13 @@ hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator -# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary. hardcode_direct=$hardcode_direct -# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \${shlibpath_var} if the +# "absolute",i.e impossible to change by setting \$shlibpath_var if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute @@ -20501,13 +22645,72 @@ hardcode_action=$hardcode_action _LT_EOF + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then +if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -20516,7 +22719,7 @@ _LT_EOF esac -ltmain="$ac_aux_dir/ltmain.sh" +ltmain=$ac_aux_dir/ltmain.sh # We use sed instead of cat because bash on DJGPP gets confused if @@ -20526,165 +22729,6 @@ ltmain="$ac_aux_dir/ltmain.sh" sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) - if test x"$xsi_shell" = xyes; then - sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ -func_dirname ()\ -{\ -\ case ${1} in\ -\ */*) func_dirname_result="${1%/*}${2}" ;;\ -\ * ) func_dirname_result="${3}" ;;\ -\ esac\ -} # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_basename ()$/,/^} # func_basename /c\ -func_basename ()\ -{\ -\ func_basename_result="${1##*/}"\ -} # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ -func_dirname_and_basename ()\ -{\ -\ case ${1} in\ -\ */*) func_dirname_result="${1%/*}${2}" ;;\ -\ * ) func_dirname_result="${3}" ;;\ -\ esac\ -\ func_basename_result="${1##*/}"\ -} # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ -func_stripname ()\ -{\ -\ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ -\ # positional parameters, so assign one to ordinary parameter first.\ -\ func_stripname_result=${3}\ -\ func_stripname_result=${func_stripname_result#"${1}"}\ -\ func_stripname_result=${func_stripname_result%"${2}"}\ -} # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ -func_split_long_opt ()\ -{\ -\ func_split_long_opt_name=${1%%=*}\ -\ func_split_long_opt_arg=${1#*=}\ -} # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ -func_split_short_opt ()\ -{\ -\ func_split_short_opt_arg=${1#??}\ -\ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ -} # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ -func_lo2o ()\ -{\ -\ case ${1} in\ -\ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ -\ *) func_lo2o_result=${1} ;;\ -\ esac\ -} # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_xform ()$/,/^} # func_xform /c\ -func_xform ()\ -{\ - func_xform_result=${1%.*}.lo\ -} # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_arith ()$/,/^} # func_arith /c\ -func_arith ()\ -{\ - func_arith_result=$(( $* ))\ -} # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_len ()$/,/^} # func_len /c\ -func_len ()\ -{\ - func_len_result=${#1}\ -} # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - -fi - -if test x"$lt_shell_append" = xyes; then - sed -e '/^func_append ()$/,/^} # func_append /c\ -func_append ()\ -{\ - eval "${1}+=\\${2}"\ -} # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ -func_append_quoted ()\ -{\ -\ func_quote_for_eval "${2}"\ -\ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ -} # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: - - - # Save a `func_append' function call where possible by direct use of '+=' - sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -else - # Save a `func_append' function call even when '+=' is not available - sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -fi - -if test x"$_lt_function_replace_fail" = x":"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 -$as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} -fi - - mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" @@ -20700,7 +22744,7 @@ fi case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` - ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" + ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. @@ -20716,7 +22760,8 @@ fi if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" - cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" + gt_tab=`printf '\t'` + cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration @@ -20727,12 +22772,12 @@ fi test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` - # Hide the ALL_LINGUAS assigment from automake < 1.5. + # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. - # Hide the ALL_LINGUAS assigment from automake < 1.5. + # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES diff --git a/configure.ac b/configure.ac index 05574d2..0d2fa63 100644 --- a/configure.ac +++ b/configure.ac @@ -1,9 +1,9 @@ AC_PREREQ([2.67]) -AC_INIT([cryptsetup],[1.6.7]) +AC_INIT([cryptsetup],[2.3.3]) dnl library version from ..[-] LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-) -LIBCRYPTSETUP_VERSION_INFO=11:0:7 +LIBCRYPTSETUP_VERSION_INFO=18:0:6 AM_SILENT_RULES([yes]) AC_CONFIG_SRCDIR(src/cryptsetup.c) @@ -15,8 +15,8 @@ AC_CONFIG_HEADERS([config.h:config.h.in]) # http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html # For old automake use this -#AM_INIT_AUTOMAKE(dist-xz) -AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests]) +#AM_INIT_AUTOMAKE(dist-xz subdir-objects) +AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects]) if test "x$prefix" = "xNONE"; then sysconfdir=/etc @@ -33,24 +33,77 @@ AC_PROG_MAKE_SET AC_ENABLE_STATIC(no) LT_INIT PKG_PROG_PKG_CONFIG +AM_ICONV + +dnl ========================================================================== +dnl define PKG_CHECK_VAR for old pkg-config <= 0.28 +m4_ifndef([AS_VAR_COPY], +[m4_define([AS_VAR_COPY], +[AS_LITERAL_IF([$1[]$2], [$1=$$2], [eval $1=\$$2])]) +]) +m4_ifndef([PKG_CHECK_VAR], [ +AC_DEFUN([PKG_CHECK_VAR], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config]) + +_PKG_CONFIG([$1], [variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) + +AS_VAR_IF([$1], [""], [$5], [$4]) +]) +]) +dnl ========================================================================== + +AC_C_RESTRICT AC_HEADER_DIRENT AC_HEADER_STDC AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \ - ctype.h unistd.h locale.h byteswap.h endian.h) + sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h) +AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])], +[[ +#ifdef HAVE_FCNTL_H +# include +#endif +]]) AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])]) AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])]) +AC_ARG_ENABLE([keyring], + AS_HELP_STRING([--disable-keyring], [disable kernel keyring support and builtin kernel keyring token]), + [], [enable_keyring=yes]) +if test "x$enable_keyring" = "xyes"; then + AC_CHECK_HEADERS(linux/keyctl.h,,[AC_MSG_ERROR([You need Linux kernel headers with kernel keyring service compiled.])]) + + dnl ========================================================================== + dnl check whether kernel is compiled with kernel keyring service syscalls + AC_CHECK_DECL(__NR_add_key,,[AC_MSG_ERROR([The kernel is missing add_key syscall.])], [#include ]) + AC_CHECK_DECL(__NR_keyctl,,[AC_MSG_ERROR([The kernel is missing keyctl syscall.])], [#include ]) + AC_CHECK_DECL(__NR_request_key,,[AC_MSG_ERROR([The kernel is missing request_key syscall.])], [#include ]) + + dnl ========================================================================== + dnl check that key_serial_t hasn't been adopted yet in stdlib + AC_CHECK_TYPES([key_serial_t], [], [], [ + AC_INCLUDES_DEFAULT + #ifdef HAVE_LINUX_KEYCTL_H + # include + #endif + ]) + + AC_DEFINE(KERNEL_KEYRING, 1, [Enable kernel keyring service support]) +fi +AM_CONDITIONAL(KERNEL_KEYRING, test "x$enable_keyring" = "xyes") + saved_LIBS=$LIBS AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR([You need the uuid library.])]) AC_SUBST(UUID_LIBS, $LIBS) LIBS=$saved_LIBS AC_SEARCH_LIBS([clock_gettime],[rt posix4]) -AC_CHECK_FUNCS([posix_memalign clock_gettime]) +AC_CHECK_FUNCS([posix_memalign clock_gettime posix_fallocate explicit_bzero]) -if test "x$enable_largefile" = "xno" ; then +if test "x$enable_largefile" = "xno"; then AC_MSG_ERROR([Building with --disable-largefile is not supported, it can cause data corruption.]) fi @@ -65,7 +118,7 @@ AC_FUNC_STRERROR_R dnl ========================================================================== AM_GNU_GETTEXT([external],[need-ngettext]) -AM_GNU_GETTEXT_VERSION([0.15]) +AM_GNU_GETTEXT_VERSION([0.18.3]) dnl ========================================================================== @@ -76,12 +129,10 @@ AC_SUBST(POPT_LIBS, $LIBS) LIBS=$saved_LIBS dnl ========================================================================== -dnl FIPS extensions (only for RHEL) -AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]), -[with_fips=$enableval], -[with_fips=no]) - -if test "x$with_fips" = "xyes"; then +dnl FIPS extensions +AC_ARG_ENABLE([fips], + AS_HELP_STRING([--enable-fips], [enable FIPS mode restrictions])) +if test "x$enable_fips" = "xyes"; then AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions]) if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then @@ -90,19 +141,18 @@ if test "x$with_fips" = "xyes"; then fi AC_DEFUN([NO_FIPS], [ - if test "x$with_fips" = "xyes"; then + if test "x$enable_fips" = "xyes"; then AC_MSG_ERROR([This option is not compatible with FIPS.]) fi ]) dnl ========================================================================== dnl pwquality library (cryptsetup CLI only) -AC_ARG_ENABLE([pwquality], AS_HELP_STRING([--enable-pwquality],[enable password quality checking]), -[with_pwquality=$enableval], -[with_pwquality=no]) +AC_ARG_ENABLE([pwquality], + AS_HELP_STRING([--enable-pwquality], [enable password quality checking using pwquality library])) -if test "x$with_pwquality" = "xyes"; then - AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking]) +if test "x$enable_pwquality" = "xyes"; then + AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking using pwquality library]) PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],, AC_MSG_ERROR([You need pwquality library.])) @@ -111,23 +161,52 @@ if test "x$with_pwquality" = "xyes"; then fi dnl ========================================================================== +dnl passwdqc library (cryptsetup CLI only) +AC_ARG_ENABLE([passwdqc], + AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@], + [enable password quality checking using passwdqc library (optionally with CONFIG_PATH)])) + +case "$enable_passwdqc" in + ""|yes|no) use_passwdqc_config="" ;; + /*) use_passwdqc_config="$enable_passwdqc"; enable_passwdqc=yes ;; + *) AC_MSG_ERROR([Unrecognized --enable-passwdqc parameter.]) ;; +esac +AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FILE], ["$use_passwdqc_config"], [passwdqc library config file]) + +if test "x$enable_passwdqc" = "xyes"; then + AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library]) + + PASSWDQC_LIBS="-lpasswdqc" +fi + +if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then + AC_MSG_ERROR([--enable-pwquality and --enable-passwdqc are mutually incompatible.]) +fi + +dnl ========================================================================== dnl Crypto backend functions AC_DEFUN([CONFIGURE_GCRYPT], [ - if test "x$with_fips" = "xyes"; then + if test "x$enable_fips" = "xyes"; then GCRYPT_REQ_VERSION=1.4.5 else GCRYPT_REQ_VERSION=1.1.42 fi - dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password) - AC_ARG_ENABLE([gcrypt-pbkdf2], AS_HELP_STRING([--enable-gcrypt-pbkdf2],[force enable internal gcrypt PBKDF2]), + + dnl libgcrypt rejects to use pkgconfig, use AM_PATH_LIBGCRYPT from gcrypt-devel here. + dnl Do not require gcrypt-devel if other crypto backend is used. + m4_ifdef([AM_PATH_LIBGCRYPT],[ + AC_ARG_ENABLE([gcrypt-pbkdf2], + dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password) + AS_HELP_STRING([--enable-gcrypt-pbkdf2], [force enable internal gcrypt PBKDF2]), if test "x$enableval" = "xyes"; then [use_internal_pbkdf2=0] else [use_internal_pbkdf2=1] fi, [AM_PATH_LIBGCRYPT([1.6.1], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])]) - AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])]) + AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])], + AC_MSG_ERROR([Missing support for gcrypt: install gcrypt and regenerate configure.])) AC_MSG_CHECKING([if internal cryptsetup PBKDF2 is compiled-in]) if test $use_internal_pbkdf2 = 0; then @@ -137,7 +216,9 @@ AC_DEFUN([CONFIGURE_GCRYPT], [ NO_FIPS([]) fi - if test x$enable_static_cryptsetup = xyes; then + AC_CHECK_DECLS([GCRY_CIPHER_MODE_XTS], [], [], [#include ]) + + if test "x$enable_static_cryptsetup" = "xyes"; then saved_LIBS=$LIBS LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static" AC_CHECK_LIB(gcrypt, gcry_check_version,, @@ -161,18 +242,17 @@ AC_DEFUN([CONFIGURE_OPENSSL], [ CRYPTO_LIBS=$OPENSSL_LIBS use_internal_pbkdf2=0 - if test x$enable_static_cryptsetup = xyes; then + if test "x$enable_static_cryptsetup" = "xyes"; then saved_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" PKG_CHECK_MODULES([OPENSSL_STATIC], [openssl]) CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS PKG_CONFIG=$saved_PKG_CONFIG fi - NO_FIPS([]) ]) AC_DEFUN([CONFIGURE_NSS], [ - if test x$enable_static_cryptsetup = xyes; then + if test "x$enable_static_cryptsetup" = "xyes"; then AC_MSG_ERROR([Static build of cryptsetup is not supported with NSS.]) fi @@ -205,6 +285,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [ AC_DEFUN([CONFIGURE_NETTLE], [ AC_CHECK_HEADERS(nettle/sha.h,, [AC_MSG_ERROR([You need Nettle cryptographic library.])]) + AC_CHECK_HEADERS(nettle/version.h) saved_LIBS=$LIBS AC_CHECK_LIB(nettle, nettle_pbkdf2_hmac_sha256,, @@ -221,33 +302,42 @@ dnl ========================================================================== saved_LIBS=$LIBS AC_ARG_ENABLE([static-cryptsetup], - AS_HELP_STRING([--enable-static-cryptsetup], - [enable build of static cryptsetup binary])) -if test x$enable_static_cryptsetup = xyes; then - if test x$enable_static = xno; then + AS_HELP_STRING([--enable-static-cryptsetup], [enable build of static version of tools])) +if test "x$enable_static_cryptsetup" = "xyes"; then + if test "x$enable_static" = "xno"; then AC_MSG_WARN([Requested static cryptsetup build, enabling static library.]) enable_static=yes fi fi -AM_CONDITIONAL(STATIC_TOOLS, test x$enable_static_cryptsetup = xyes) +AM_CONDITIONAL(STATIC_TOOLS, test "x$enable_static_cryptsetup" = "xyes") + +AC_ARG_ENABLE([cryptsetup], + AS_HELP_STRING([--disable-cryptsetup], [disable cryptsetup support]), + [], [enable_cryptsetup=yes]) +AM_CONDITIONAL(CRYPTSETUP, test "x$enable_cryptsetup" = "xyes") -AC_ARG_ENABLE(veritysetup, - AS_HELP_STRING([--disable-veritysetup], - [disable veritysetup support]),[], [enable_veritysetup=yes]) -AM_CONDITIONAL(VERITYSETUP, test x$enable_veritysetup = xyes) +AC_ARG_ENABLE([veritysetup], + AS_HELP_STRING([--disable-veritysetup], [disable veritysetup support]), + [], [enable_veritysetup=yes]) +AM_CONDITIONAL(VERITYSETUP, test "x$enable_veritysetup" = "xyes") AC_ARG_ENABLE([cryptsetup-reencrypt], - AS_HELP_STRING([--enable-cryptsetup-reencrypt], - [enable cryptsetup-reencrypt tool])) -AM_CONDITIONAL(REENCRYPT, test x$enable_cryptsetup_reencrypt = xyes) + AS_HELP_STRING([--disable-cryptsetup-reencrypt], [disable cryptsetup-reencrypt tool]), + [], [enable_cryptsetup_reencrypt=yes]) +AM_CONDITIONAL(REENCRYPT, test "x$enable_cryptsetup_reencrypt" = "xyes") -AC_ARG_ENABLE(selinux, - AS_HELP_STRING([--disable-selinux], - [disable selinux support [default=auto]]),[], []) +AC_ARG_ENABLE([integritysetup], + AS_HELP_STRING([--disable-integritysetup], [disable integritysetup support]), + [], [enable_integritysetup=yes]) +AM_CONDITIONAL(INTEGRITYSETUP, test "x$enable_integritysetup" = "xyes") + +AC_ARG_ENABLE([selinux], + AS_HELP_STRING([--disable-selinux], [disable selinux support [default=auto]]), + [], [enable_selinux=yes]) AC_ARG_ENABLE([udev], - AS_HELP_STRING([--disable-udev], - [disable udev support]),[], enable_udev=yes) + AS_HELP_STRING([--disable-udev], [disable udev support]), + [], [enable_udev=yes]) dnl Try to use pkg-config for devmapper, but fallback to old detection PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= 1.02.03],, [ @@ -262,6 +352,11 @@ LIBS=$saved_LIBS LIBS="$LIBS $DEVMAPPER_LIBS" AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include ]) AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include ]) +AC_CHECK_DECLS([dm_task_deferred_remove], [], [], [#include ]) +AC_CHECK_DECLS([dm_device_has_mounted_fs], [], [], [#include ]) +AC_CHECK_DECLS([dm_device_has_holders], [], [], [#include ]) +AC_CHECK_DECLS([dm_device_get_name], [], [], [#include ]) +AC_CHECK_DECLS([DM_DEVICE_GET_TARGET_VERSION], [], [], [#include ]) AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include ]) if test "x$enable_udev" = xyes; then if test "x$have_cookie" = xno; then @@ -272,19 +367,22 @@ if test "x$enable_udev" = xyes; then fi LIBS=$saved_LIBS +dnl Check for JSON-C used in LUKS2 +PKG_CHECK_MODULES([JSON_C], [json-c]) +AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include ]) +AC_CHECK_DECLS([json_object_deep_copy], [], [], [#include ]) + dnl Crypto backend configuration. AC_ARG_WITH([crypto_backend], - AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]), - [], with_crypto_backend=gcrypt -) + AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [openssl]]), + [], [with_crypto_backend=openssl]) dnl Kernel crypto API backend needed for benchmark and tcrypt -AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto], - [disable kernel userspace crypto (no benchmark and tcrypt)]), - [with_kernel_crypto=$enableval], - [with_kernel_crypto=yes]) +AC_ARG_ENABLE([kernel_crypto], + AS_HELP_STRING([--disable-kernel_crypto], [disable kernel userspace crypto (no benchmark and tcrypt)]), + [], [enable_kernel_crypto=yes]) -if test "x$with_kernel_crypto" = "xyes"; then +if test "x$enable_kernel_crypto" = "xyes"; then AC_CHECK_HEADERS(linux/if_alg.h,, [AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])]) AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto]) @@ -298,17 +396,88 @@ case $with_crypto_backend in nettle) CONFIGURE_NETTLE([]) ;; *) AC_MSG_ERROR([Unknown crypto backend.]) ;; esac -AM_CONDITIONAL(CRYPTO_BACKEND_GCRYPT, test $with_crypto_backend = gcrypt) -AM_CONDITIONAL(CRYPTO_BACKEND_OPENSSL, test $with_crypto_backend = openssl) -AM_CONDITIONAL(CRYPTO_BACKEND_NSS, test $with_crypto_backend = nss) -AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL, test $with_crypto_backend = kernel) -AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test $with_crypto_backend = nettle) +AM_CONDITIONAL(CRYPTO_BACKEND_GCRYPT, test "$with_crypto_backend" = "gcrypt") +AM_CONDITIONAL(CRYPTO_BACKEND_OPENSSL, test "$with_crypto_backend" = "openssl") +AM_CONDITIONAL(CRYPTO_BACKEND_NSS, test "$with_crypto_backend" = "nss") +AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL, test "$with_crypto_backend" = "kernel") +AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test "$with_crypto_backend" = "nettle") AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1) AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2]) +dnl Argon2 implementation +AC_ARG_ENABLE([internal-argon2], + AS_HELP_STRING([--disable-internal-argon2], [disable internal implementation of Argon2 PBKDF]), + [], [enable_internal_argon2=yes]) + +AC_ARG_ENABLE([libargon2], + AS_HELP_STRING([--enable-libargon2], [enable external libargon2 (PHC) library (disables internal bundled version)])) + +if test "x$enable_libargon2" = "xyes" ; then + AC_CHECK_HEADERS(argon2.h,, + [AC_MSG_ERROR([You need libargon2 development library installed.])]) + AC_CHECK_DECL(Argon2_id,,[AC_MSG_ERROR([You need more recent Argon2 library with support for Argon2id.])], [#include ]) + PKG_CHECK_MODULES([LIBARGON2], [libargon2],,[LIBARGON2_LIBS="-largon2"]) + enable_internal_argon2=no +else + AC_MSG_WARN([Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2.]) + + AC_ARG_ENABLE([internal-sse-argon2], + AS_HELP_STRING([--enable-internal-sse-argon2], [enable internal SSE implementation of Argon2 PBKDF])) + + if test "x$enable_internal_sse_argon2" = "xyes"; then + AC_MSG_CHECKING(if Argon2 SSE optimization can be used) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ + #include + __m128i testfunc(__m128i *a, __m128i *b) { + return _mm_xor_si128(_mm_loadu_si128(a), _mm_loadu_si128(b)); + } + ]])],,[enable_internal_sse_argon2=no]) + AC_MSG_RESULT($enable_internal_sse_argon2) + fi +fi + +if test "x$enable_internal_argon2" = "xyes"; then + AC_DEFINE(USE_INTERNAL_ARGON2, 1, [Use internal Argon2]) +fi +AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test "x$enable_internal_argon2" = "xyes") +AM_CONDITIONAL(CRYPTO_INTERNAL_SSE_ARGON2, test "x$enable_internal_sse_argon2" = "xyes") + +dnl Link with blkid to check for other device types +AC_ARG_ENABLE([blkid], + AS_HELP_STRING([--disable-blkid], [disable use of blkid for device signature detection and wiping]), + [], [enable_blkid=yes]) + +if test "x$enable_blkid" = "xyes"; then + PKG_CHECK_MODULES([BLKID], [blkid],[AC_DEFINE([HAVE_BLKID], 1, [Define to 1 to use blkid for detection of disk signatures.])],[LIBBLKID_LIBS="-lblkid"]) + + AC_CHECK_HEADERS(blkid/blkid.h,,[AC_MSG_ERROR([You need blkid development library installed.])]) + AC_CHECK_DECL([blkid_do_wipe], + [ AC_DEFINE([HAVE_BLKID_WIPE], 1, [Define to 1 to use blkid_do_wipe.]) + enable_blkid_wipe=yes + ],, + [#include ]) + AC_CHECK_DECL([blkid_probe_step_back], + [ AC_DEFINE([HAVE_BLKID_STEP_BACK], 1, [Define to 1 to use blkid_probe_step_back.]) + enable_blkid_step_back=yes + ],, + [#include ]) + AC_CHECK_DECLS([ blkid_reset_probe, + blkid_probe_set_device, + blkid_probe_filter_superblocks_type, + blkid_do_safeprobe, + blkid_do_probe, + blkid_probe_lookup_value + ],, + [AC_MSG_ERROR([Can not compile with blkid support, disable it by --disable-blkid.])], + [#include ]) +fi +AM_CONDITIONAL(HAVE_BLKID, test "x$enable_blkid" = "xyes") +AM_CONDITIONAL(HAVE_BLKID_WIPE, test "x$enable_blkid_wipe" = "xyes") +AM_CONDITIONAL(HAVE_BLKID_STEP_BACK, test "x$enable_blkid_step_back" = "xyes") + dnl Magic for cryptsetup.static build. -if test x$enable_static_cryptsetup = xyes; then +if test "x$enable_static_cryptsetup" = "xyes"; then saved_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" @@ -320,7 +489,7 @@ if test x$enable_static_cryptsetup = xyes; then LIBS="$saved_LIBS -static" PKG_CHECK_MODULES([DEVMAPPER_STATIC], [devmapper >= 1.02.27],,[ DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS - if test "x$enable_selinux" != xno; then + if test "x$enable_selinux" = "xyes"; then AC_CHECK_LIB(sepol, sepol_bool_set) AC_CHECK_LIB(selinux, is_selinux_enabled) DEVMAPPER_STATIC_LIBS="$DEVMAPPER_STATIC_LIBS $LIBS" @@ -339,23 +508,37 @@ if test x$enable_static_cryptsetup = xyes; then PKG_CONFIG=$saved_PKG_CONFIG fi +AC_MSG_CHECKING([for systemd tmpfiles config directory]) +PKG_CHECK_VAR([systemd_tmpfilesdir], [systemd], [tmpfilesdir], [], [systemd_tmpfilesdir=no]) +AC_MSG_RESULT([$systemd_tmpfilesdir]) + AC_SUBST([DEVMAPPER_LIBS]) AC_SUBST([DEVMAPPER_STATIC_LIBS]) AC_SUBST([PWQUALITY_LIBS]) AC_SUBST([PWQUALITY_STATIC_LIBS]) +AC_SUBST([PASSWDQC_LIBS]) + AC_SUBST([CRYPTO_CFLAGS]) AC_SUBST([CRYPTO_LIBS]) AC_SUBST([CRYPTO_STATIC_LIBS]) +AC_SUBST([JSON_C_LIBS]) +AC_SUBST([LIBARGON2_LIBS]) +AC_SUBST([BLKID_LIBS]) + AC_SUBST([LIBCRYPTSETUP_VERSION]) AC_SUBST([LIBCRYPTSETUP_VERSION_INFO]) dnl ========================================================================== -AC_ARG_ENABLE([dev-random], AS_HELP_STRING([--enable-dev-random], -[use blocking /dev/random by default for key generator (otherwise use /dev/urandom)]), -[default_rng=/dev/random], [default_rng=/dev/urandom]) +AC_ARG_ENABLE([dev-random], + AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)])) +if test "x$enable_dev_random" = "xyes"; then + default_rng=/dev/random +else + default_rng=/dev/urandom +fi AC_DEFINE_UNQUOTED(DEFAULT_RNG, ["$default_rng"], [default RNG type for key generator]) dnl ========================================================================== @@ -375,30 +558,12 @@ AC_DEFUN([CS_NUM_WITH], [AC_ARG_WITH([$1], [CS_DEFINE([$1], [$3], [$2])] )]) -dnl ========================================================================== -dnl Python bindings -AC_ARG_ENABLE([python], AS_HELP_STRING([--enable-python],[enable Python bindings]), -[with_python=$enableval], -[with_python=no]) - -AC_ARG_WITH([python_version], - AS_HELP_STRING([--with-python_version=VERSION], [required Python version [2.6]]), - [PYTHON_VERSION=$withval], [PYTHON_VERSION=2.6]) - -if test "x$with_python" = "xyes"; then - AM_PATH_PYTHON([$PYTHON_VERSION]) - - if ! test -x "$PYTHON-config" ; then - AC_MSG_ERROR([Cannot find python development packages to build bindings]) - fi - - PYTHON_INCLUDES=$($PYTHON-config --includes) - AC_SUBST(PYTHON_INCLUDES) - - PYTHON_LIBS=$($PYTHON-config --libs) - AC_SUBST(PYTHON_LIBS) -fi -AM_CONDITIONAL([PYTHON_CRYPTSETUP], [test "x$with_python" = "xyes"]) +AC_DEFUN([CS_ABSPATH], [ + case "$1" in + /*) ;; + *) AC_MSG_ERROR([$2 argument must be an absolute path.]);; + esac +]) dnl ========================================================================== CS_STR_WITH([plain-hash], [password hashing function for plain mode], [ripemd160]) @@ -406,11 +571,26 @@ CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes]) CS_STR_WITH([plain-mode], [cipher mode for plain mode], [cbc-essiv:sha256]) CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256]) -CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha1]) +CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha256]) CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes]) CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [xts-plain64]) CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256]) -CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [1000]) + +AC_ARG_ENABLE([luks_adjust_xts_keysize], AS_HELP_STRING([--disable-luks-adjust-xts-keysize], + [XTS mode requires two keys, double default LUKS keysize if needed]), + [], [enable_luks_adjust_xts_keysize=yes]) +if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then + AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed]) +fi + +CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2i]) +CS_NUM_WITH([luks1-iter-time], [PBKDF2 iteration time for LUKS1 (in ms)], [2000]) +CS_NUM_WITH([luks2-iter-time], [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000]) +CS_NUM_WITH([luks2-memory-kb], [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576]) +CS_NUM_WITH([luks2-parallel-threads],[Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available)], [4]) + +CS_STR_WITH([luks2-keyslot-cipher], [fallback cipher for LUKS2 keyslot (if data encryption is incompatible)], [aes-xts-plain64]) +CS_NUM_WITH([luks2-keyslot-keybits],[fallback key size for LUKS2 keyslot (if data encryption is incompatible)], [512]) CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes]) CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256]) @@ -422,21 +602,46 @@ CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256]) CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096]) CS_NUM_WITH([verity-hash-block], [hash block size for verity mode], [4096]) CS_NUM_WITH([verity-salt-size], [salt size for verity mode], [32]) +CS_NUM_WITH([verity-fec-roots], [parity bytes for verity FEC], [2]) + +CS_STR_WITH([tmpfilesdir], [override default path to directory with systemd temporary files], []) +test -z "$with_tmpfilesdir" && with_tmpfilesdir=$systemd_tmpfilesdir +test "x$with_tmpfilesdir" = "xno" || { + CS_ABSPATH([${with_tmpfilesdir}],[with-tmpfilesdir]) + DEFAULT_TMPFILESDIR=$with_tmpfilesdir + AC_SUBST(DEFAULT_TMPFILESDIR) +} +AM_CONDITIONAL(CRYPTSETUP_TMPFILE, test -n "$DEFAULT_TMPFILESDIR") + +CS_STR_WITH([luks2-lock-path], [path to directory for LUKSv2 locks], [/run/cryptsetup]) +test -z "$with_luks2_lock_path" && with_luks2_lock_path=/run/cryptsetup +CS_ABSPATH([${with_luks2_lock_path}],[with-luks2-lock-path]) +DEFAULT_LUKS2_LOCK_PATH=$with_luks2_lock_path +AC_SUBST(DEFAULT_LUKS2_LOCK_PATH) + +CS_NUM_WITH([luks2-lock-dir-perms], [default luks2 locking directory permissions], [0700]) +test -z "$with_luks2_lock_dir_perms" && with_luks2_lock_dir_perms=0700 +DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms +AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS) + +dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only). +AC_ARG_WITH([default_luks_format], + AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]), + [], [with_default_luks_format=LUKS2]) + +case $with_default_luks_format in + LUKS1) default_luks=CRYPT_LUKS1 ;; + LUKS2) default_luks=CRYPT_LUKS2 ;; + *) AC_MSG_ERROR([Unknown default LUKS format. Use LUKS1 or LUKS2 only.]) ;; +esac +AC_DEFINE_UNQUOTED([DEFAULT_LUKS_FORMAT], [$default_luks], [default LUKS format version]) dnl ========================================================================== AC_CONFIG_FILES([ Makefile -lib/Makefile lib/libcryptsetup.pc -lib/crypto_backend/Makefile -lib/luks1/Makefile -lib/loopaes/Makefile -lib/verity/Makefile -lib/tcrypt/Makefile -src/Makefile po/Makefile.in -man/Makefile +scripts/cryptsetup.conf tests/Makefile -python/Makefile ]) AC_OUTPUT diff --git a/depcomp b/depcomp index 4ebd5b3..6b39162 100755 --- a/depcomp +++ b/depcomp @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2013-05-30.07; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ scriptversion=2013-05-30.07; # UTC # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -783,9 +783,9 @@ exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff --git a/docs/ChangeLog.old b/docs/ChangeLog.old index e51d362..7a4027c 100644 --- a/docs/ChangeLog.old +++ b/docs/ChangeLog.old @@ -178,7 +178,7 @@ * Document cryptsetup exit codes. 2011-03-18 Milan Broz - * Respect maximum keyfile size paramater. + * Respect maximum keyfile size parameter. * Introduce maximum default keyfile size, add configure option. * Require the whole key read from keyfile in create command (broken in 1.2.0). * Fix offset option for loopaesOpen. @@ -195,7 +195,7 @@ 2011-03-05 Milan Broz * Add exception to COPYING for binary distribution linked with OpenSSL library. - * Set secure data flag (wipe all ioclt buffers) if devmapper library supports it. + * Set secure data flag (wipe all ioctl buffers) if devmapper library supports it. 2011-01-29 Milan Broz * Fix mapping removal if device disappeared but node still exists. @@ -334,13 +334,13 @@ * Version 1.1.0. 2010-01-10 Milan Broz - * Fix initialisation of gcrypt duting luksFormat. - * Convert hash name to lower case in header (fix sha1 backward comatible header) + * Fix initialisation of gcrypt during luksFormat. + * Convert hash name to lower case in header (fix sha1 backward compatible header) * Check for minimum required gcrypt version. 2009-12-30 Milan Broz * Fix key slot iteration count calculation (small -i value was the same as default). - * The slot and key digest iteration minimun is now 1000. + * The slot and key digest iteration minimum is now 1000. * The key digest iteration # is calculated from iteration time (approx 1/8 of that). * Version 1.1.0-rc4. @@ -395,16 +395,16 @@ * Require device device-mapper to build and do not use backend wrapper for dm calls. * Move memory locking and dm initialization to command layer. * Increase priority of process if memory is locked. - * Add log macros and make logging modre consitent. + * Add log macros and make logging more consistent. * Move command successful messages to verbose level. * Introduce --debug parameter. * Move device utils code and provide context parameter (for log). * Keyfile now must be provided by path, only stdin file descriptor is used (api only). * Do not call isatty() on closed keyfile descriptor. - * Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results. + * Run performance check for PBKDF2 from LUKS code, do not mix hash algorithms results. * Add ability to provide pre-generated master key and UUID in LUKS header format. * Add LUKS function to verify master key digest. - * Move key slot manuipulation function into LUKS specific code. + * Move key slot manipulation function into LUKS specific code. * Replace global options struct with separate parameters in helper functions. * Add new libcryptsetup API (documented in libcryptsetup.h). * Implement old API calls using new functions. @@ -412,7 +412,7 @@ * Add --master-key-file option for luksFormat and luksAddKey. 2009-08-17 Milan Broz - * Fix PBKDF2 speed calculation for large passhrases. + * Fix PBKDF2 speed calculation for large passphrases. * Allow using passphrase provided in options struct for LuksOpen. * Allow restrict keys size in LuksOpen. @@ -424,7 +424,7 @@ * Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here. * Add required parameters for changing hash used in LUKS key setup scheme. * Do not export simple XOR helper now used only inside AF functions. - * Completely remove internal SHA1 implementanion code, not needed anymore. + * Completely remove internal SHA1 implementation code, not needed anymore. * Enable hash algorithm selection for LUKS through -h luksFormat option. 2009-07-28 Milan Broz @@ -636,7 +636,7 @@ 2006-03-15 Clemens Fruhwirth - * configure.in: 1.0.3-rc3. Most unplease release ever. + * configure.in: 1.0.3-rc3. Most displease release ever. * lib/setup.c (__crypt_create_device): More verbose error message. 2006-02-26 Clemens Fruhwirth @@ -705,7 +705,7 @@ 2005-12-06 Clemens Fruhwirth - * man/cryptsetup.8: Correct "seconds" to "microseconds" in the explaination for -i. + * man/cryptsetup.8: Correct "seconds" to "microseconds" in the explanation for -i. 2005-11-09 Clemens Fruhwirth @@ -726,7 +726,7 @@ 2005-09-08 Clemens Fruhwirth - * lib/setup.c (get_key): Fixed another incompatiblity with + * lib/setup.c (get_key): Fixed another incompatibility with original cryptsetup. 2005-08-20 Clemens Fruhwirth @@ -816,7 +816,7 @@ * man/cryptsetup.1: Add man page. - * lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the + * lib/setup.c: Remove unnecessary LUKS_write_phdr call, so the phdr is written after passphrase reading, so the user can change his mind, and not have a partial written LUKS header on it's disk. diff --git a/docs/Keyring.txt b/docs/Keyring.txt new file mode 100644 index 0000000..bdcc838 --- /dev/null +++ b/docs/Keyring.txt @@ -0,0 +1,56 @@ +Integration with kernel keyring service +--------------------------------------- + +We have two different use cases for kernel keyring service: + +I) Volume keys + +Since upstream kernel 4.10 dm-crypt device mapper target allows loading volume +key (VK) in kernel keyring service. The key offloaded in kernel keyring service +is only referenced (by key description) in dm-crypt target and the VK is therefore +no longer stored directly in dm-crypt target. Starting with cryptsetup 2.0 we +load VK in kernel keyring by default for LUKSv2 devices (when dm-crypt with the +feature is available). + +Currently cryptsetup loads VK in 'logon' type kernel key so that VK is passed in +the kernel and can't be read from userspace afterward. Also cryptsetup loads VK in +thread keyring (before passing the reference to dm-crypt target) so that the key +lifetime is directly bound to the process that performs the dm-crypt setup. When +cryptsetup process exits (for whatever reason) the key gets unlinked in kernel +automatically. In summary, the key description visible in dm-crypt table line is +a reference to VK that usually no longer exists in kernel keyring service if you +used cryptsetup to for device activation. + +Using this feature dm-crypt no longer maintains a direct key copy (but there's +always at least one copy in kernel crypto layer). + +II) Keyslot passphrase +The second use case for kernel keyring is to allow cryptsetup reading the keyslot +passphrase stored in kernel keyring instead. The user may load passphrase in kernel +keyring and notify cryptsetup to read it from there later. Currently, cryptsetup +cli supports kernel keyring for passphrase only via LUKS2 internal token +(luks2-keyring). Library also provides a general method for device activation by +reading passphrase from keyring: crypt_activate_by_keyring(). The key type +for use case II) must always be 'user' since we need to read the actual key +data from userspace unlike with VK in I). Ability to read keyslot passphrase +from kernel keyring also allows easily auto-activate LUKS2 devices. + +Simple example how to use kernel keyring for keyslot passphrase: + +1) create LUKS2 keyring token for keyslot 0 (in LUKS2 device/image) +cryptsetup token add --key-description my:key -S 0 /dev/device + +2) Load keyslot passphrase in user keyring +read -s -p "Keyslot passphrase: "; echo -n $REPLY | keyctl padd user my:key @u + +3) Activate device using passphrase stored in kernel keyring +cryptsetup open /dev/device my_unlocked_device + +4a) unlink the key when no longer needed by +keyctl unlink %user:my:key @u + +4b) or revoke it immediately by +keyctl revoke %user:my:key + +If cryptsetup asks for passphrase in step 3) something went wrong with keyring +activation. See --debug output then. diff --git a/docs/LUKS2-locking.txt b/docs/LUKS2-locking.txt new file mode 100644 index 0000000..e401b61 --- /dev/null +++ b/docs/LUKS2-locking.txt @@ -0,0 +1,61 @@ +LUKS2 device locking overview +============================= + +Why +~~~ + +LUKS2 format keeps two identical copies of metadata stored consecutively +at the head of metadata device (file or bdev). The metadata +area (both copies) must be updated in a single atomic operation to avoid +header corruption during concurrent write. + +While with LUKS1 users may have clear knowledge of when a LUKS header is +being updated (written to) or when it's being read solely the need for +locking with legacy format was not so obvious as it is with the LUKSv2 format. + +With LUKS2 the boundary between read-only and read-write is blurry and what +used to be the exclusively read-only operation (i.e., cryptsetup open command) may +easily become read-update operation silently without user's knowledge. +Major feature of LUKS2 format is resilience against accidental +corruption of metadata (i.e., partial header overwrite by parted or cfdisk +while creating partition on mistaken block device). +Such header corruption is detected early on header read and auto-recovery +procedure takes place (the corrupted header with checksum mismatch is being +replaced by the secondary one if that one is intact). +On current Linux systems header load operation may be triggered without user +direct intervention for example by udev rule or from systemd service. +Such clash of header read and auto-recovery procedure could have severe +consequences with the worst case of having LUKS2 device unaccessible or being +broken beyond repair. + +The whole locking of LUKSv2 device headers split into two categories depending +what backend the header is stored on: + +I) block device +~~~~~~~~~~~~~~~ + +We perform flock() on file descriptors of files stored in a private +directory (by default /run/lock/cryptsetup). The file name is derived +from major:minor couple of affected block device. Note we recommend +that access to private locking directory is supposed to be limited +to superuser only. For this method to work the distribution needs +to install the locking directory with appropriate access rights. + +II) regular files +~~~~~~~~~~~~~~~~~ + +First notable difference between headers stored in a file +vs. headers stored in a block device is that headers in a file may be +manipulated by the regular user unlike headers on block devices. Therefore +we perform flock() protection on file with the luks2 header directly. + +Limitations +~~~~~~~~~~~ + +a) In general, the locking model provides serialization of I/Os targeting +the header only. It means the header is always written or read at once +while locking is enabled. +We do not suppress any other negative effect that two or more concurrent +writers of the same header may cause. + +b) The locking is not cluster aware in any way. diff --git a/docs/doxyfile b/docs/doxyfile index 1257eff..a8c84db 100644 --- a/docs/doxyfile +++ b/docs/doxyfile @@ -1,4 +1,4 @@ -# Doxyfile 1.7.4 +# Doxyfile 1.8.8 #--------------------------------------------------------------------------- # Project related configuration options @@ -10,6 +10,7 @@ PROJECT_BRIEF = "Public cryptsetup API" PROJECT_LOGO = OUTPUT_DIRECTORY = doxygen_api_docs CREATE_SUBDIRS = NO +ALLOW_UNICODE_NAMES = NO OUTPUT_LANGUAGE = English BRIEF_MEMBER_DESC = YES REPEAT_BRIEF = YES @@ -27,11 +28,14 @@ INHERIT_DOCS = YES SEPARATE_MEMBER_PAGES = NO TAB_SIZE = 8 ALIASES = +TCL_SUBST = OPTIMIZE_OUTPUT_FOR_C = YES OPTIMIZE_OUTPUT_JAVA = NO OPTIMIZE_FOR_FORTRAN = NO OPTIMIZE_OUTPUT_VHDL = NO EXTENSION_MAPPING = +MARKDOWN_SUPPORT = YES +AUTOLINK_SUPPORT = YES BUILTIN_STL_SUPPORT = NO CPP_CLI_SUPPORT = NO SIP_SUPPORT = NO @@ -39,13 +43,15 @@ IDL_PROPERTY_SUPPORT = YES DISTRIBUTE_GROUP_DOC = NO SUBGROUPING = YES INLINE_GROUPED_CLASSES = NO +INLINE_SIMPLE_STRUCTS = NO TYPEDEF_HIDES_STRUCT = YES -SYMBOL_CACHE_SIZE = 0 +LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- EXTRACT_ALL = NO EXTRACT_PRIVATE = NO +EXTRACT_PACKAGE = NO EXTRACT_STATIC = NO EXTRACT_LOCAL_CLASSES = YES EXTRACT_LOCAL_METHODS = NO @@ -58,6 +64,7 @@ INTERNAL_DOCS = NO CASE_SENSE_NAMES = YES HIDE_SCOPE_NAMES = NO SHOW_INCLUDE_FILES = YES +SHOW_GROUPED_MEMB_INC = NO FORCE_LOCAL_INCLUDES = NO INLINE_INFO = YES SORT_MEMBER_DOCS = YES @@ -73,13 +80,13 @@ GENERATE_DEPRECATEDLIST= YES ENABLED_SECTIONS = MAX_INITIALIZER_LINES = 30 SHOW_USED_FILES = YES -SHOW_DIRECTORIES = NO SHOW_FILES = YES SHOW_NAMESPACES = YES FILE_VERSION_FILTER = LAYOUT_FILE = +CITE_BIB_FILES = #--------------------------------------------------------------------------- -# configuration options related to warning and progress messages +# Configuration options related to warning and progress messages #--------------------------------------------------------------------------- QUIET = NO WARNINGS = YES @@ -89,9 +96,10 @@ WARN_NO_PARAMDOC = NO WARN_FORMAT = "$file:$line: $text" WARN_LOGFILE = #--------------------------------------------------------------------------- -# configuration options related to the input files +# Configuration options related to the input files #--------------------------------------------------------------------------- -INPUT = "doxygen_index" "../lib/libcryptsetup.h" +INPUT = "doxygen_index.h" \ + "../lib/libcryptsetup.h" INPUT_ENCODING = UTF-8 FILE_PATTERNS = RECURSIVE = NO @@ -107,8 +115,9 @@ INPUT_FILTER = FILTER_PATTERNS = FILTER_SOURCE_FILES = NO FILTER_SOURCE_PATTERNS = +USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- -# configuration options related to source browsing +# Configuration options related to source browsing #--------------------------------------------------------------------------- SOURCE_BROWSER = NO INLINE_SOURCES = NO @@ -116,16 +125,19 @@ STRIP_CODE_COMMENTS = YES REFERENCED_BY_RELATION = NO REFERENCES_RELATION = NO REFERENCES_LINK_SOURCE = YES +SOURCE_TOOLTIPS = YES USE_HTAGS = NO VERBATIM_HEADERS = YES +CLANG_ASSISTED_PARSING = NO +CLANG_OPTIONS = #--------------------------------------------------------------------------- -# configuration options related to the alphabetical class index +# Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- ALPHABETICAL_INDEX = YES COLS_IN_ALPHA_INDEX = 5 IGNORE_PREFIX = #--------------------------------------------------------------------------- -# configuration options related to the HTML output +# Configuration options related to the HTML output #--------------------------------------------------------------------------- GENERATE_HTML = YES HTML_OUTPUT = html @@ -133,13 +145,14 @@ HTML_FILE_EXTENSION = .html HTML_HEADER = HTML_FOOTER = HTML_STYLESHEET = +HTML_EXTRA_STYLESHEET = HTML_EXTRA_FILES = HTML_COLORSTYLE_HUE = 220 HTML_COLORSTYLE_SAT = 100 HTML_COLORSTYLE_GAMMA = 80 HTML_TIMESTAMP = YES -HTML_ALIGN_MEMBERS = YES HTML_DYNAMIC_SECTIONS = NO +HTML_INDEX_NUM_ENTRIES = 100 GENERATE_DOCSET = NO DOCSET_FEEDNAME = "Doxygen generated docs" DOCSET_BUNDLE_ID = org.doxygen.Project @@ -163,19 +176,26 @@ QHG_LOCATION = GENERATE_ECLIPSEHELP = NO ECLIPSE_DOC_ID = org.doxygen.Project DISABLE_INDEX = NO -ENUM_VALUES_PER_LINE = 4 GENERATE_TREEVIEW = NO -USE_INLINE_TREES = NO +ENUM_VALUES_PER_LINE = 4 TREEVIEW_WIDTH = 250 EXT_LINKS_IN_WINDOW = NO FORMULA_FONTSIZE = 10 FORMULA_TRANSPARENT = YES USE_MATHJAX = NO +MATHJAX_FORMAT = HTML-CSS MATHJAX_RELPATH = http://www.mathjax.org/mathjax +MATHJAX_EXTENSIONS = +MATHJAX_CODEFILE = SEARCHENGINE = YES SERVER_BASED_SEARCH = NO +EXTERNAL_SEARCH = NO +SEARCHENGINE_URL = +SEARCHDATA_FILE = searchdata.xml +EXTERNAL_SEARCH_ID = +EXTRA_SEARCH_MAPPINGS = #--------------------------------------------------------------------------- -# configuration options related to the LaTeX output +# Configuration options related to the LaTeX output #--------------------------------------------------------------------------- GENERATE_LATEX = YES LATEX_OUTPUT = latex @@ -186,13 +206,15 @@ PAPER_TYPE = a4 EXTRA_PACKAGES = LATEX_HEADER = LATEX_FOOTER = +LATEX_EXTRA_FILES = PDF_HYPERLINKS = YES USE_PDFLATEX = YES LATEX_BATCHMODE = NO LATEX_HIDE_INDICES = NO LATEX_SOURCE_CODE = NO +LATEX_BIB_STYLE = plain #--------------------------------------------------------------------------- -# configuration options related to the RTF output +# Configuration options related to the RTF output #--------------------------------------------------------------------------- GENERATE_RTF = NO RTF_OUTPUT = rtf @@ -201,26 +223,31 @@ RTF_HYPERLINKS = NO RTF_STYLESHEET_FILE = RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- -# configuration options related to the man page output +# Configuration options related to the man page output #--------------------------------------------------------------------------- GENERATE_MAN = NO MAN_OUTPUT = man MAN_EXTENSION = .3 +MAN_SUBDIR = MAN_LINKS = NO #--------------------------------------------------------------------------- -# configuration options related to the XML output +# Configuration options related to the XML output #--------------------------------------------------------------------------- GENERATE_XML = NO XML_OUTPUT = xml -XML_SCHEMA = -XML_DTD = XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- -# configuration options for the AutoGen Definitions output +# Configuration options related to the DOCBOOK output +#--------------------------------------------------------------------------- +GENERATE_DOCBOOK = NO +DOCBOOK_OUTPUT = docbook +DOCBOOK_PROGRAMLISTING = NO +#--------------------------------------------------------------------------- +# Configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- -# configuration options related to the Perl module output +# Configuration options related to the Perl module output #--------------------------------------------------------------------------- GENERATE_PERLMOD = NO PERLMOD_LATEX = NO @@ -239,18 +266,20 @@ PREDEFINED = EXPAND_AS_DEFINED = SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- -# Configuration::additions related to external references +# Configuration options related to external references #--------------------------------------------------------------------------- TAGFILES = GENERATE_TAGFILE = ALLEXTERNALS = NO EXTERNAL_GROUPS = YES +EXTERNAL_PAGES = YES PERL_PATH = #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- CLASS_DIAGRAMS = YES MSCGEN_PATH = +DIA_PATH = HIDE_UNDOC_RELATIONS = YES HAVE_DOT = NO DOT_NUM_THREADS = 0 @@ -261,6 +290,7 @@ CLASS_GRAPH = YES COLLABORATION_GRAPH = YES GROUP_GRAPHS = YES UML_LOOK = NO +UML_LIMIT_NUM_FIELDS = 10 TEMPLATE_RELATIONS = NO INCLUDE_GRAPH = YES INCLUDED_BY_GRAPH = YES @@ -269,9 +299,12 @@ CALLER_GRAPH = NO GRAPHICAL_HIERARCHY = YES DIRECTORY_GRAPH = YES DOT_IMAGE_FORMAT = png +INTERACTIVE_SVG = NO DOT_PATH = DOTFILE_DIRS = MSCFILE_DIRS = +DIAFILE_DIRS = +PLANTUML_JAR_PATH = DOT_GRAPH_MAX_NODES = 50 MAX_DOT_GRAPH_DEPTH = 0 DOT_TRANSPARENT = NO diff --git a/docs/doxygen_index b/docs/doxygen_index.h similarity index 91% rename from docs/doxygen_index rename to docs/doxygen_index.h index ec394ad..8bdf05f 100644 --- a/docs/doxygen_index +++ b/docs/doxygen_index.h @@ -1,10 +1,9 @@ -/** - * @mainpage Cryptsetup API +/*! \mainpage Cryptsetup API * - * The documentation covers public parts of cryptsetup API. In the following sections you'll find + * The documentation covers public parts of cryptsetup API. In the following sections you'll find * the examples that describe some features of cryptsetup API. * For more info about libcryptsetup API versions see - * Upstream Tracker. + * API Tracker. * *
    *
  1. @ref cexamples "Cryptsetup API examples"
    2. @@ -32,18 +31,16 @@ * @section cexamples Cryptsetup API examples * @section cluks crypt_luks_usage - cryptsetup LUKS device type usage * @subsection cinit crypt_init() - * - * Every time you need to do something with cryptsetup or dmcrypt device + * Every time you need to do something with cryptsetup or dmcrypt device * you need a valid context. The first step to start your work is * @ref crypt_init call. You can call it either with path * to the block device or path to the regular file. If you don't supply the path, * empty context is initialized. * * @subsection cformat crypt_format() - header and payload on mutual device - * * This section covers basic use cases for formatting LUKS devices. Format operation * sets device type in context and in case of LUKS header is written at the beginning - * of block device. In the example bellow we use the scenario where LUKS header and data + * of block device. In the example below we use the scenario where LUKS header and data * are both stored on the same device. There's also a possibility to store header and * data separately. * @@ -51,7 +48,6 @@ * overwrites part of the backing block device. * * @subsection ckeys Keyslot operations examples - * * After successful @ref crypt_format of LUKS device, volume key is not stored * in a persistent way on the device. Keyslot area is an array beyond LUKS header, where * volume key is stored in the encrypted form using user input passphrase. For more info about @@ -60,33 +56,27 @@ * There are two basic methods to create a new keyslot: * * @subsection ckeyslot_vol crypt_keyslot_add_by_volume_key() - * * Creates a new keyslot directly by encrypting volume_key stored in the device * context. Passphrase should be supplied or user is prompted if passphrase param is * NULL. * * @subsection ckeyslot_pass crypt_keyslot_add_by_passphrase() - * * Creates a new keyslot for the volume key by opening existing active keyslot, * extracting volume key from it and storing it into a new keyslot * protected by a new passphrase * * @subsection cload crypt_load() - * * Function loads header from backing block device into device context. * * @subsection cactivate crypt_activate_by_passphrase() - * * Activates crypt device by user supplied password for keyslot containing the volume_key. * If keyslot parameter is set to CRYPT_ANY_SLOT then all active keyslots * are tried one by one until the volume key is found. * * @subsection cactive_pars crypt_get_active_device() - * * This call returns structure containing runtime attributes of active device. * * @subsection cinit_by_name crypt_init_by_name() - * * In case you need to do operations with active device (device which already * has its corresponding mapping) and you miss valid device context stored in * *crypt_device reference, you should use this call. Function tries to @@ -94,22 +84,18 @@ * header. * * @subsection cdeactivate crypt_deactivate() - * * Deactivates crypt device (removes DM mapping and safely erases volume key from kernel). * * @subsection cluks_ex crypt_luks_usage.c - Complex example - * * To compile and run use following commands in examples directory: * * @code * make * ./crypt_luks_usage _path_to_[block_device]_file * @endcode - * * Note that you need to have the cryptsetup library compiled. @include crypt_luks_usage.c * * @section clog crypt_log_usage - cryptsetup logging API example - * * Example describes basic use case for cryptsetup logging. To compile and run * use following commands in examples directory: * @@ -117,7 +103,6 @@ * make * ./crypt_log_usage * @endcode - * * Note that you need to have the cryptsetup library compiled. @include crypt_log_usage.c * * @example crypt_luks_usage.c diff --git a/docs/examples/crypt_log_usage.c b/docs/examples/crypt_log_usage.c index e3e4a2a..d8364af 100644 --- a/docs/examples/crypt_log_usage.c +++ b/docs/examples/crypt_log_usage.c @@ -1,7 +1,7 @@ /* - * An example of using logging through libcryptsetup API + * libcryptsetup API log example * - * Copyright (C) 2011, Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -25,10 +25,8 @@ #include /* - * This is an example of function that can be registered using crypt_set_log_callback API. + * This is an example of crypt_set_log_callback API callback. * - * Its prototype is void (*log)(int level, const char *msg, void *usrptr) as defined - * in crypt_set_log_callback */ static void simple_syslog_wrapper(int level, const char *msg, void *usrptr) { @@ -71,7 +69,7 @@ int main(void) return 2; } - /* crypt_set_log_callback() - register a log function for crypt context */ + /* crypt_set_log_callback() - register a log callback for crypt context */ crypt_set_log_callback(cd, &simple_syslog_wrapper, (void *)usrprefix); /* send messages ithrough the crypt_log() interface */ @@ -83,7 +81,7 @@ int main(void) /* release crypt context */ crypt_free(cd); - /* Initialize default (global) log function */ + /* Initialize default (global) log callback */ crypt_set_log_callback(NULL, &simple_syslog_wrapper, NULL); crypt_log(NULL, CRYPT_LOG_NORMAL, "This is normal log message"); diff --git a/docs/examples/crypt_luks_usage.c b/docs/examples/crypt_luks_usage.c index 2abd4ed..7299a1c 100644 --- a/docs/examples/crypt_luks_usage.c +++ b/docs/examples/crypt_luks_usage.c @@ -1,7 +1,7 @@ /* - * An example of using LUKS device through libcryptsetup API + * libcryptsetup API - using LUKS device example * - * Copyright (C) 2011, Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -29,23 +29,18 @@ static int format_and_add_keyslots(const char *path) { struct crypt_device *cd; - struct crypt_params_luks1 params; int r; /* - * crypt_init() call precedes most of operations of cryptsetup API. The call is used - * to initialize crypt device context stored in structure referenced by _cd_ in - * the example. Second parameter is used to pass underlaying device path. + * The crypt_init() call is used to initialize crypt_device context, + * The path parameter specifies a device path. * - * Note: - * If path refers to a regular file it'll be attached to a first free loop device. - * crypt_init() operation fails in case there's no more loop device available. - * Also, loop device will have the AUTOCLEAR flag set, so the file loopback will - * be detached automatically. + * For path, you can use either link to a file or block device. + * The loopback device will be detached automatically. */ r = crypt_init(&cd, path); - if (r < 0 ) { + if (r < 0) { printf("crypt_init() failed for %s.\n", path); return r; } @@ -53,73 +48,37 @@ static int format_and_add_keyslots(const char *path) printf("Context is attached to block device %s.\n", crypt_get_device_name(cd)); /* - * So far no data were written on your device. This will change with call of - * crypt_format() only if you specify CRYPT_LUKS1 as device type. + * So far, no data were written to the device. */ - printf("Device %s will be formatted to LUKS device after 5 seconds.\n" + printf("Device %s will be formatted as a LUKS device after 5 seconds.\n" "Press CTRL+C now if you want to cancel this operation.\n", path); sleep(5); - - /* - * Prepare LUKS format parameters - * - * hash parameter defines PBKDF2 hash algorithm used in LUKS header. - * For compatibility reason we use SHA1 here. - */ - params.hash = "sha1"; - - /* - * data_alignment parameter is relevant only in case of the luks header - * and the payload are both stored on same device. - * - * if you set data_alignment = 0, cryptsetup will autodetect - * data_alignment according to underlaying device topology. - */ - params.data_alignment = 0; - - /* - * data_device parameter defines that no external device - * for luks header will be used - */ - params.data_device = NULL; - /* * NULLs for uuid and volume_key means that these attributes will be - * generated during crypt_format(). Volume key is generated with respect - * to key size parameter passed to function. - * - * crypt_format() checks device size (LUKS header must fit there). + * generated during crypt_format(). */ r = crypt_format(cd, /* crypt context */ - CRYPT_LUKS1, /* LUKS1 is standard LUKS header */ + CRYPT_LUKS2, /* LUKS2 is a new LUKS format; use CRYPT_LUKS1 for LUKS1 */ "aes", /* used cipher */ - "xts-plain64", /* used block mode and IV generator*/ + "xts-plain64", /* used block mode and IV */ NULL, /* generate UUID */ NULL, /* generate volume key from RNG */ - 256 / 8, /* 256bit key - here AES-128 in XTS mode, size is in bytes */ - ¶ms); /* parameters above */ + 512 / 8, /* 512bit key - here AES-256 in XTS mode, size is in bytes */ + NULL); /* default parameters */ - if(r < 0) { + if (r < 0) { printf("crypt_format() failed on device %s\n", crypt_get_device_name(cd)); crypt_free(cd); return r; } /* - * The device now contains LUKS1 header, but there is - * no active keyslot with encrypted volume key yet. - */ - - /* - * cryptt_kesylot_add_* call stores volume_key in encrypted form into keyslot. - * Without keyslot you can't manipulate with LUKS device after the context will be freed. + * The device now contains a LUKS header, but there is no active keyslot. * - * To create a new keyslot you need to supply the existing one (to get the volume key from) or - * you need to supply the volume key. + * crypt_keyslot_add_* call stores the volume_key in the encrypted form into the keyslot. * - * After format, we have volume key stored internally in context so add new keyslot - * using this internal volume key. + * After format, the volume key is stored internally. */ r = crypt_keyslot_add_by_volume_key(cd, /* crypt context */ CRYPT_ANY_SLOT, /* just use first free slot */ @@ -137,8 +96,8 @@ static int format_and_add_keyslots(const char *path) printf("The first keyslot is initialized.\n"); /* - * Add another keyslot, now using the first keyslot. - * It will decrypt volume key from the first keyslot and creates new one with another passphrase. + * Add another keyslot, now authenticating with the first keyslot. + * It decrypts the volume key from the first keyslot and creates a new one with the specified passphrase. */ r = crypt_keyslot_add_by_passphrase(cd, /* crypt context */ CRYPT_ANY_SLOT, /* just use first free slot */ @@ -164,21 +123,18 @@ static int activate_and_check_status(const char *path, const char *device_name) /* * LUKS device activation example. - * It's sequence of sub-steps: device initialization, LUKS header load - * and the device activation itself. */ r = crypt_init(&cd, path); - if (r < 0 ) { + if (r < 0) { printf("crypt_init() failed for %s.\n", path); return r; } /* - * crypt_load() is used to load the LUKS header from block device - * into crypt_device context. + * crypt_load() is used to load existing LUKS header from a block device */ r = crypt_load(cd, /* crypt context */ - CRYPT_LUKS1, /* requested type */ + CRYPT_LUKS, /* requested type - here LUKS of any type */ NULL); /* additional parameters (not used) */ if (r < 0) { @@ -188,11 +144,11 @@ static int activate_and_check_status(const char *path, const char *device_name) } /* - * Device activation creates device-mapper devie mapping with name device_name. + * Device activation creates a device-mapper device with the specified name. */ r = crypt_activate_by_passphrase(cd, /* crypt context */ device_name, /* device name to activate */ - CRYPT_ANY_SLOT,/* which slot use (ANY - try all) */ + CRYPT_ANY_SLOT,/* the keyslot use (try all here) */ "foo", 3, /* passphrase */ CRYPT_ACTIVATE_READONLY); /* flags */ if (r < 0) { @@ -201,13 +157,13 @@ static int activate_and_check_status(const char *path, const char *device_name) return r; } - printf("LUKS device %s/%s is active.\n", crypt_get_dir(), device_name); + printf("%s device %s/%s is active.\n", crypt_get_type(cd), crypt_get_dir(), device_name); printf("\tcipher used: %s\n", crypt_get_cipher(cd)); printf("\tcipher mode: %s\n", crypt_get_cipher_mode(cd)); printf("\tdevice UUID: %s\n", crypt_get_uuid(cd)); /* - * Get info about active device (query DM backend) + * Get info about the active device. */ r = crypt_get_active_device(cd, device_name, &cad); if (r < 0) { @@ -235,7 +191,7 @@ static int handle_active_device(const char *device_name) int r; /* - * crypt_init_by_name() initializes device context and loads LUKS header from backing device + * crypt_init_by_name() initializes context by an active device-mapper name */ r = crypt_init_by_name(&cd, device_name); if (r < 0) { @@ -252,7 +208,7 @@ static int handle_active_device(const char *device_name) } /* - * crypt_deactivate() is used to deactivate device + * crypt_deactivate() is used to deactivate a device */ r = crypt_deactivate(cd, device_name); if (r < 0) { diff --git a/docs/on-disk-format-luks2.pdf b/docs/on-disk-format-luks2.pdf new file mode 100644 index 0000000000000000000000000000000000000000..f4ecda31ae4e11ec9551f44a5cb3a894bea9d0f6 GIT binary patch literal 290651 zcma&NV|1rMl&>4xwr$(CZKwaSZQHi(q+_dN+vwPKa(m{Sxog%vXRSN$hkC1aX@9Eq z?ArAsR}zz;XJ%lBA)i|sS%YC_;wEAuvNy4U;p2m0lry)pbooWZ!p6)^^q(ILqXfXl z#oURAQNqU9#aztX)ZWY-MnC|@*~Q7+*cQfPV?;|kd8-xKZ`W|(9<^L1BqCUoCN&CS zQp1Kjb;I?Z=nR;5c%~suG)_8Bqu4NC00_a-olY0AGNpA`0`wPKXP*EQpe1tQG`#u| zv6s=lF0U_9n+&$l%%Ui}OX|2IVL{BZRJ^n}o5zdr=kr2w)hhK=ZRF=NX?5CTHkh-z zDC)!5l9IsiMl*84w9QVSWTED2>9JaDbo=~pTCj)(vy-Y=Oj>z73H--fJ*5$MwCqMJ z2(41e@eNg7c$OrofpZe=Jku<6>^FpGDHZMb{SJGrxHQqzQG*K2_1Wnbl(xDuO%=^a zD4~k^FB)_Qn-sdTULryT+VpbuA{pnoV2w}L=4Qh<2bC}Pf-H@ikL_JQ$upF;V;aiT zQs%+G5H1`f>`|rLHrbA;Y5;7(8a3eK?i1y`*69t`;%Y~=k?=Z$@wGy2$h@{sPj;?` zm-18^M~w8|bN8-Z+_x+Tt{n6P!fij_$1;P`05Vej)FLV%aq0|#`l6@n^ETQ<^bU>|6X6B5wG-^w z-D|VQ&c1idPgqsygiN{+lz?SyCNiuxuzZVD6o>#hOh0&`B^Cohw>n+mzySKD*FP3H z@B3ISf@jRI)Tv4x!^J!Pa>Y0l$gJY(Vu&p+m;ikkRgiUw)dB`U%VXzKLvKtIhyZ}V z!SEdWMWqz*xuNjufu#NbGaRsqXgE(j3kGpPnk%R7*Q}6<5qj4+R+vuJ5-nq%S#n$6 z?M2+sf5aHR6CS~Xnu(1>{lg?d5FWBSdOPLuuvwRhvw80s{IT>323*YB04JR6lyn=V zCM%8x=BxuD?sqo7iai4D$HeMN#!Gvkco}TT_axL9uC{pRE?C1NN0J%C3Hp6As;t); zD)?}Tp$JE#iuGv-_g+-T9JmK4-ZX*}D$C3Oh8VxJKr;l+Q4>i!*9`_5T7a^>Z*E{S zr;s^w&IhxWN;UQxD8S>AxfsGpo?4tNRpXZ-pPf`0A4ln1Olu}xDAs+^pJqE5QTi1y zzZ(jFjS}Y6ZeSO5ob5%ConfYW$-Jjwn`V*Ic7TMYCQ^X1EOE(h3zZ=RlJz9vR|%kS;Y&9cx}*Am(HS3V<` z$UYvpG)S#`3?|67i#xANcK`CmT~FW_{AmG?=*#f$R##sCExHn0w{dd#>`0llh_c}4 zBYi=IE#`zG@iTPrgO#}HENP*IjVnq%P+fvP7A*uRrFD+pC#YRt>s5mk{5RdM#&s98 zXrl5n2BVwA&c1fY8Sxvu6!4(!)8r)>U0M?VmS9M-IGuq_>ZHMi<2yQNuV##VRjTEuX}w%W{yLsT2@OxVd3d5y`|FZxUVpt_EEASRMCLNKzSA6r|kexCte+D&U?cu{aS17({Yz;;c)bLrZLq`-Zv?Ts3f zL;Y4}mMbQR$hb%ydPUQp(t|vJX(Y~p#=lcoAmVpN)3p!)Mm1Nb8RA(a<%D5Fep$G1 zJ0=zS0mgINtiZOj9zhRq_X@aoICkwr6@3M)ovAcT#kem;&IP4*o5g~$N#4F^zjj}5 zx!0oXA-or|h~qB2+N%x6xuQPOqP<<9AAi<4Ld*|iOW?F@+w4zZ4iN{yf3f5so`PUt z;B6eFo>$Bg0r+RP2FoLQ{tjW4`N|cs?RdZD2=#`Z?Z(b}r7Lk9PWG%4z76)K0ZmS? z&wNzeSy$5K`S4H@G|>hmAYpoqH~#^1!waRFq-k*}H1(8^%rQh3d~C&MbfaxTwd(ta0%0!Hd zHc!+gRX0MtO@x+$1OrgnkUG=(+hxy~L=fX&2e45`4C8%QDJd2Ebk`Sp=e^|Cg%u+L z((>~1+N0~ibVZ-MY8q@g9mZNl2J8D1y?M2eVB`s)lE)^wq#PI6ajSGu5#I_9*Pa*0 zXtiBsuzzo=ZV_d4jg*WN@4mG>MDDy^0W-9UW_z@1LebW= zyJ$niuQ<<6Vh8G$WAA&d8+w2zeo*PERKyE_Z*%kFLvVf{T|&m3*zX;6pQ4L!(I`oW z()88AdIf{-)(ICaJ0ejJd1|KW9F z7fro>MTq^SkKGumLeA6`C-a=QY79Fa&M1a=ls19*jhJ7TcX8hn3~iHNcS!(` z%R|29&s)icEbKPN+%wbDc%e{oy z_36mng^|Sc2%%_+hRFH(T|BYZ-9`3NsJ}M7AN)Me#Gbj*>+UX#vIazm#bej@y=?(H zA9NK-YWo}%^c#nAQHs}FgNV>HQ}N3<+zK5U4HKw)SAP)`EN#R00O^2dglU;|B?dq5 zK{VCq7|%) za~C3ABF29ROZ2Z_+`~mu)#aa0|Jkp?^=~HE|5{9i^I!cxz*glStNx?a{{mY!W-iwM zU!={6&62gV>4F#kV2{EXi2Tks{wqHqghF&AfkY%^k>4XFU9RUByT{=pO(>1lm!0zS z1gGf(@m-s5xEtU1IiK(U^FpfEF_kggs}fhL_C*=aGc;%Uzqhar%}#UU$VSAGoQ$AsA^JHXt;EjbB042YZ)~Y zJ_B9((5_?42?~-+YcbvK{k5g(fwW z=8@7J_GCMgw8C-=a&gF2&7AP6%^fx6xaY(#bpehERR$gzH`3M}1bW(Mj}dG{%HtsH zb>g!eOSm^2VFfzNJWxiFjVgx-a|69zH`~bU$^6OoGw0Z$Ic4Yb+uy;&*ejKlCqpOF6QJqfWZ`Ntg4wpB7Qbfab zY}vmnry(R1QBe-wA76T&0jON6tUILrH7;@EvBL!}d{HOirf4)Ne!qmog62tct;~*bhKV3yHY(=B7GP@s@Tbv}3P%}0;OCFeY z&{5cEY)i=0h3^1+W2tm~|HS0cCojylpfL~U9n(*%fSeT5uwWZ7-bHZWdnNWj8*aNK zSJ-q;U_ipVkS&FKP~k+CyqpL5eBFnncZ(YME7Qk0H|QsRFq{zWvH{Gq2|SCpO?f3% z+%#jm`>15(JNw<@L-L%4;^AwXYZDdhyU}Hc3sejYbm3~v zzf=lpw0AOebyhO)(?x3be)cEm@cdrOStSjo4}GP1BF|EM7JE`h%Um>jh?K7fn?Knf z%e+`hyA;yWPK&ko;Vbl-iLMHfkh3mEKx5)8~eGan}LaPY23NKUw(r8h1v{*7TWsF2EVGE)N zDw>bgM8B@uv{;)3tVKgRJsHKiQj$U0@Ifbj(1#0sDUX0z=z&gyg4IMI{XhZCZ0(rn z1sPLjeSqqr3LUx102y!61XmD94G&yZEBO3vBv8u$eM#M1>I`I7P_YpQn9k*nh{fO< z*|V90MwCgYiVP>e*d#GJDz1yf8y-)8#o7eACj6>VHc9A|Jb39$= ze4}&%T$73L?+LoTYUSGXguyDaQ`?TovLj2}ex7hP6!-(4tdhfDrfbL(mJ2tJe`Dm- zkUAn=Er#ZhXu>lhE><=~l$_2gKQQqP88O5aW)4Qv9$QQX7g*rj`Xy6L zi!0TeP+7B|GfpQ0PhdNIPDfT$zyH{obp%JVEn*Dhf@XAy4Kp1quC3u;F0gtW?Wc8i zNWQr!W(+dW6IYb8_13Ml#+q#Jq2ll%Xpo0+*dEnB9_?y5I2()>1~O&n^TSmp9k*hr z1)5AOYodYR9O?0-AS{9CFO0;yIUlnW*&N5xru}F zuT|X%-@=ozu|@&+*PqSh?M`_76luc_K`bfX7j{q+INHRcj1Yq+C;_U;i?fpuP~2@= zhL@l|5)pSnHcq|?~9I*;cS%Q0m=@8|TEV@$5bQY$OG`)+6lwnQuxA(mQX>q&Ow9t)QvK< zevjq)CbUCZO#=S4XPFyC$FUDmRADmU_>oHaj3i0&4UcbGYCQLxD_ABurw`*LP89Ne z$b>dWHSJ(MFttit8C%Jv8L!qvqgh=`0elpuUXF!wz{)hQcQ&HcwC<0kG;R=!8dY?& z6_;RnYLGPkf`|rQ()3&nqC|+QQ|$C1ln|ZXl(JTo#|B$#nQqk!CK(^jTj{U$5WZ5< zgE0fHEcKY~gLsfZrOESa8oXcw-OC2p@TY|+ecnPZnJM0EH9}1^7E6xID$Yg~b4Vc} z(@B#C!l*SR@fka7ROr1{uKH|Lz;=Z4Hp>SB+>5{+`l&SwJ62j&?Yobl1*5>2@mgWk zo0pvWUXAY#_XrmVUZGBFjtaT@Wp1(kM!YW=j4g?WvlH{LW<~$6q;Ll3iJyRUl|s)D zvy_cXi2#NU;)@KMQg;P6$<1nmzUM+|fQx5s?{*)!*M$d{ygn!^s|7i!i zxio+2rg2c8`N_u`hd7lYc&YWkh?HSG$)EBm^FF7*2K44mlTAq24GuoiYCG(zL{Rhk zbd-2c&rMAQ*z7m4m?3Ib+X2~LLa~e@5n%)}=X8?Aga$AqI% zFXoLDGEfY#z*}?*<;~(FObATQ>A&oobf?d6(;fVui;zDt4~Tb7)61EEiOBPGY)g8% z<;OETZszZT%=*T{n;r(m$Lx!b)uVA4F;>JE#BHsnjo!AfWb&WkOxtELT+=*X?5YmS zj4{9@O=1=Urj4`wBpi(*df|4_Wx)(FZ0Je>AapJLC4;9B-3_!b+6%HS!ISi_dYBQ? z-hnz9yFgN>eOc$@EoLVza{W}jc%#;=ts4e?YF*2*6)om!9GYz%TL(n6M;$dxOX}OWVc6Pg!=W!vWAOOeWD^c*u-U#k;77f@LHsF z%_UQRkr9XMurYLw!V@8udyH5r;^{yUWr@mC%_!xxqPH7ws8!akLo19{sI?f9YUMkg z7T-*Bz3+H=e=XFKn}|p3O?s0Y>yY<^hfdVpuU@wf7sS3J%Pcl;;X>}EkG8Q=DBU1b(|kAltLGm!EnCbD*jAL5*NSX(@3+f$+I zehPm?h~j~e(bfhEawp}lOW-bsumnh4HM}4U*FE#$ z)P^|F>)I*e*tgBBymUL?b`r9g-XijU{UCaf@Dne3nVUG&q}e+InZ#5&zo-ewG!zE& zJ7OV3lVO>kUM?F^{i3eb7NlpTf0sARE*28c?`3d7qp|EpGi9X<)Uko%`|V3-*l*M;DI%gDJ& zQ_1Ojq~T;?`QSFV_{H`rOP&>c7H?j3@W>&eg0GC~DW+8xa@c_6@WXp7&MhtgsgZPA zwixya*i)>&TIpJ3wUW&)?O1X-FpL^QN?oxQSd9)qq3WXfimZxGHr4^b^?M>MJxlvrG0m3+G4#}yNP4S1lHhY1Z&v#~7`x2nSExw>i^`n$CVZIoIngReu zXQ}C$%lSvWEP^D~KtqN-QuYt^uz>NR(e@d*k>k>Cou%IH-rPyV^t#9;errO0+v|_4 zr0IFcLi6&~O*V5)0*5O@%3nNw#ox#HM`f65Rh%cTb648Uqm-V&ec8{Vz=|^i=9waZ zcr-fJPiV@ucI$z76UCH1t{0lV8OBk8P2%NS!2vDC5}_(PXj^BTFU+w(ogafMT<0=@ou! z?`w(M^3g&eIVYvlHC4-JB#DB0Ev9H#x&3MYDDFI4vSov^&CT`%2L^k^wKoEbXvNUk z7|{=DtrZBYl4CrX&#^5#`N{Vm1;ch8DTRYCAFvue*9tr!RHwJeh%N z1%s>Tr^i{>L1NgvUm0YB(v5xMr@E>^VmunHbSML}fc=mnmia`Com!!P`G$kSY)qU) zD+^<5*#-tp?1mv74k$;~7$pA`1_TFnUa5V~sv!7&EFW-D^=l@pb3uYn$2B0IDx-)b zIJM#=CJIk0KZFxQW%hkCzdlU#34BBL%7StHU#@M~{`##@izA?x7sWoY10UTMNb|)eWkL?g6;G1VW}G00X+e3jZE94HKMn zLI8}7rb8Z#bav>j3d3yn5%Xiw!3Nx|!&wXi%sVcDNWc19$_{(?8Kg)6)}P+?jy^+3Ch2d^@H*H!y>d?1UX`^V1x+3Ng#RRErglz_f`oXxG@?1HQj z#Lw!u+O6?{08%JY9tDMlLjx^I?_YU>tMShXk4*` zRl~LEG&QGw_u3&_DDQ*QQnbLo`UJ)uFv&JeYWlQ#7O)<1ru7{f@xbm?YrAJkaV~0K z=6lhW_%VJ;wxWyiHlqML4RDPG^+^EOKq1o_{`gtB^F9Bi%7$T%{eoVp7FsjW&+aj@ z{_CfUOFP|Lou8dP$}@)0unz?pWr*gqyBgnmbtiVa)U2B^AFjrO;=^kJdcl*c+kPmu z0S!vUp2h>W(U}z%_C=^_L=1~ES{(p!!FGQ`v7Vs5e$`5>ywRmpQ6HnPKMZH?!{-iR zM1%@z`sY}v7X|Pj3(^Bw_)9mQ?;ePcofAGDG|A13-I2f>vA}QLd+Jn((P{>yLIF-f zaO?rWfjdAn@s;sC$$sTJ$K7HGVR*#2pq`fyVlOe6Q{TZ(p4{@tvgB}<2_0-TAD1`i z(3GY#B_o^8qRSZ7rA8!`(mK1Kj|!yLC}>6)${gx>?*(>$GnFQ>@^7;&5y#ZZv{OIR zCcII&t%@_!lkgg;*r+MuFxfKlZ8;PvlaZ+ysb0A z8UsfRHI`0L+Ik#NYUoeC7b=x>g=;5<%DZ4dQb-lucY8u_etquWiXM}7ZXL)8&tLDr zi7XswdLZ4wB#Ynj{wQ(Y2L|LM{Z2cM`D$>uKvZ@OK8@fzCPOnz`SUv* z#ShdPbn?qaWJgLJTE;3G&OBXfBTyBwYsDu5=oPed-R+CoBi!brIAO8et<>bL)T|QN z9KBs{Z#z?m4m6sMBHM_oTw*Ed~y*=)%YFJR%t+(rh%hxJ+0kSWO=28 zb7bO;SZ7kk-HvFu93Q4cvU+k|#=DL68X`uljs|c_Yf54$(*#U|72%q&9L_S9_Xbnt z$`CaNt{brY3f}5q^}ay#`0?facs#dS^5k$S)}q1cC^*qFgDoSV2S^fQuUF@gnef$i zJL#<`=2pTxMK-KP3}5vI{lv`pz@Yb%j%keKzx|COcG^&NXi9&p+FoDctoi-r7*vwx z2-$57Z!YZZFSS4{pz;eqHv>km1(?!X7rb?_rdcYDj>)b-s*X=(+wX!gg|ah}Ar z&K8x_f#nY&M#xqOi506gsXiEl5=v{ulM9ET*Wt~c7PC|t_`$6udRsz zvJ9^$jk$dUviEBS3xl#cpWC@ozJE;Ss_1uA!ETyZ*hF8oOoeQR+Vx#5S|EqIah0hY znFtpjK0gBb7;hNSXS!EBj`*8F-un&HIagp9;5K-ayfa-z$d*AwKjq@FC}y0A)<(jk z4;34SNEHUS#R@0qTxBmx)Q+>N+>A633d`g|dvGtYY*L~_d8Hkr1 zesI^mTe}$<#gNt~pmHn~ZvKH^7zyHQoo3X`g)r^YOLMC?}(-c3w7e} zJ)NL&L$TVKfwFPJWF+4r^n#T%ekja3o+P+doG>sm2;(=-xT}^#^9I1759a2!zSYQFbt*ANa+cYvlRCS@}Vc zE>zH7D;Vlp{d5Gcrl+5?P4lOBkXFp#awH)aBk}%#1oTg$_ww2K(4Vo*0ipnsrG$0? zq>J%rR{{!foQsvNj(6Ul`I6u1B6c~=T&_46<{;7HM5T{KEmf)MprjQ2-i*+PXv+e0 zCOs)3FyP0pF6X5JD_XqLN3yr@^pF=Md9Zf0(Z1S{hv>0utstb<9+{GrQ+K!PaHhdq zaGC{5=r}D6sSNLAt>e^K)UkOSACb-`VtvooovG_5Lt5bflnC3<#_Nk35^R%iD2SX_D#2b%6@fq9+SXJP3Lu- zr*~EnvQdG1oi|iMSoErNkEf5&>g~4QhfGi{1==h8h?#*epUbfLrop(7%RoT33;pR% z=>U?)6CeLZqt3atRMC}~xMIBVOUd2Z7}d@o6W+A7&SOaj0stzn5BimyV;?j17{B$% zfqCv`SoF`Mh%^x*lFSD$pQUY#N--NpWWqhUH?votw0bClIkLLosmndJ%sLL;ej54x zTZm?gnWm$nEoJ-8*H;EWb9^07jt(|er17st#D!y#5C38RcyWqe3>X54j|_N)lX}c> z2fsgYUQfgC%|!Q{!9e26(BA{dXtcZ?91B0-Cpui_{}*&-XZ@Gl`~SXLW8q@@AEPt& zq|;XWU0wa2W7!1gp}d2=BZ{q6Zd7v9^WUdH92J~2EBvot;Q@vhjd>yQMChnro) zzR(Vt>0|lk56R{2`9DV-i`lB)Qy*6!)w>1;on)q&sTj!jW|ZL0Do9n;q8;1PuRmH#G!HPF8AA0G2L0;eT`ii++DW0xrErg%mK@?|G9_6>|{u!Y2C)QjjSgy-ckSXc&HP?uI=u=*nH>} zY=bIEv20WEQeA$+ZXJAZC@#Ef>cmGFN)2#SD&p$xRx9A3lkE`dkez7>l%;ppnJ*>W zIL~M^{PcDU@-AH?2D3HPgulK{nNJM#SO|1-N{%@ZYA7$mLMoLjyNC7=qsVl03Zkm7 z-aOXg(9N{%KBkBQFnceCcT*`<^9@W9Ro;GFj0n~=8L`tlEmiEB(nNGX)?jinKS@MN>JkYb%Y6q?~mDl^c76?R_)3e2}U z%s9E9H#a$dh{b0%SzeNIWm#43Z6iyPq`AiZ18@a_M}k=rCzy&CPKqW)D# zU#j00E8iU95S!J8gh~B^vSe$uAkJg0?3R#zX)fz|up^euq0w3~V29jn|6OWp@ge#P z+46Zd^$JZzfEEd&l>7}ANp+MFs$>!xoNy2kUq8vH?|a_$#{=8&)>Z@NRT<&@U6%bq9Q%AYdYh87Ys2lwl4_qQ9+_srZ8$O+3IPH72)Ly5rA2Bk9=6P}7hU$cialCR%g)D+krHFH> zHV7!fmEw($h-oUkf;dmT?jM<`F0>tIZtIhh8@@M)jf}v41|$_#f@+YG5y;&cNy>WS z3eD(i8x4LRFr&CX?rGP3*#(1iGKH{9dYm*FIRRsiWZDyABe6*(TW zGhMaUcPjp2o_LTkJ^3I z%gDj4FXysVl475JQSTBY>=LkluJH5&v&-kVA{XFE6FRI7r{(T*4|VNucNPJn#W z5UfM0JGNlvxG%3JS(q;dO1rvr3l>1^vp7OoUjYZ_8CUS&JiMa{aKE&!Oz&V^eyQp{ z`9?-v6od)xb72wHHPV47PLBiJ?Veq~g zd+{KjG4|%;l?z91gn@k!`4d5n(hn3c{i|xWFcpd1>dNOj9C^N zWf@!Z#@{m~tdtPcebp8|={_6`=7#srt6sw!n6=9fmx%A1vX&vD&mNTkrKU^|zNo*c zO6|rD%A9E$@btoMo@^JlzYC)!hBEOtwd+{6O;%+Tr#(zX`BQW$3<-$4W3DTT_XyPT zyj-|?r1UR0-r!F%>*2yMZ?mtSi>E!N3Tpv7PSShI!u-_LS8ajQQP~+S_;j?U z!&=Hbs3JH#N18WlfW^KNDVhX%>fA2$O6@0t!t)g69lq`l*w-n5bFuamM>q0nT88xH zY6}0e7dZ|*D^=;hUQRrx9J(C1%_LalGNVuE){Xgj8p~~TTmN@ab5PQ-RWgB)8%rPq z>pl&M5jX=CyuD7{z#9NsX)#-lO3Dly0-!e%|BoIo^6Hsj-R zkXaB#Fl8`o&Q7;b8^&;K0_qv@Scx?(as>46+jdmZyHwaQPOwg{1q8QoLBv4JUNy}y zRM+Lu1U?B>MN>ch`j?KAE7UpROr44jVi2C@6y2;+(*Zkn+1fl=g=_$tN)C2~1A5!k z$dBGm%&cn)G~vXoz`TB9xhVvj`Dn5G{9M-y7*p4RMgOvym%wQ&ZZ_V_^_-jMpY7@w z+S<~7+_M6Q^cNQ$#cXWrZb#S^Dd2XZ+xvu4sOlU7Sg`L*=V{N^=szVn_91v8g+W0) zpHC%w%614R#|{hAdr(t2#g}k$x7-;=B~?p_dE3xcld9aoX{f)>2&-2OXz6bq70L{R zMB|@b^QK;5zCwpbm$fmb$Wv`b(&|(B*8cU zi3Wo~5n=|y6;9*Wn*+Wf3__b)DEfXf_?QZJW+sNu;G4SBY5)1g+|D{2H;S(`fS!(v zWRd9kD9dKPc8eV}{OjG*=+s;R@F**-@K21nM)*(t(n9DLp)d{w`u_!-I9UEqaAM_R zX8xao(-q#P)1uUKZoR{FFO{xXMc1;5^>JiiAT;RIHQ6PssB%>8FpU|n6pPK;hX1bf zSsJ-+q-~K9%WqFEo^$W~55RBKm>J1|)3;!wtG9>oV9D77<-e4TEXB#qiAaI=B&<=v z{qcilE-ctRPs0OU$(VDLx1y)&CYlmI9thh*4rro3LP|e#nml1N=dYZb^YR;<{ij!j zP@?uu4jE94q#hDXlw55`SAhl5i5uSF>Kop0O!s-HeqyhvK{u6RNPcp!(C{QiR@2oE zRP`hrjW42>d9>Lu=H2O#;S%2VP~Q+tA=+-2IUfEn=+_%MUO!>`pf@Q-o!)J}6w0~M zP1}@bDmAon;TkvysDd#f7|@>n=F%wNS-0iE6AO-{;&jTyQma4aXI9z^bSUQx6G>#+ zDrB-zX3~jt)Jf#xO(k<)RId*tct%|-A?}Xlz!NlT%zPxTDSO^QEt2^C2Z)FLu&tL% z_iDTHdA&AwkCs7wTmr40G^T~W`UY9M9636(bNI`u{=~%tDSC0?B3lk^bK&lePyYGq2z%c{JNDsdg-`v!r}ZJZMsBMPjN_jcMD2HL zS%VB1)InBSc~OOOB{!i-GTI`eT-2Q;!b64arbRQY>BLCR;4g44X_N$vLPxBW7MKwn zE{=woW_M<+L&}nbfOzP7Xhx_$yfi(WV4Ats0H{=?n6O+CqK+gajkrcVc@K$(4N2PI z?cWP;VladSj*{vxea}U zxMK?ipuGV7&Vzq0K9C9@cRHVJ5hwaQHobA20E1&ih@7tfdm>Hv+jF4a_Co35?_}$rL|ET( zefG3Md@pX(nI>dNY>-`KUt)Tm1gEJWsqQ>@am>XwtVKXXXmw?V)bbKJ%toq(QX`e( zJctQ)l0AXE9rsFOYp3oL`oef`u5G#*!ydrB4?B1=L_yNTjl0c&JHsXcIsqXo-d=Ab z_7{>(+gFA)>ssBqh;b#~PAZ}!9R-C7xA_RH4+)P;j4g*(W(MEZg=UVObG}ln>QHwE zar55iRO<=+>Lz3F2Fwt#+TpJ?>O^2<0@R{$b9cktBJZeUx!Do}F8tes!|nDCgy8qL zj65~;FfaCq03q}&bpE5b(96OYEoRQfLwfwDmK)4f$MhOHg4NyGP(a+ONzes34a?4u zv1Z}NmE3qJc3})^WzLu@PBl1uZ0vdx(I4s~|jb?N6BFjEM0j)OVZ^~`V z?Ex)H(vv-Q(~It?Aq_F~E14h}A%@C1`UczOuhZnHAP7b1JPtomc%K%$;kKl8u*4@P z)*#HDGP6{epc61mut|*>ZBzkruFdVh z2_~$yz#zTPhTVUmGFxUVUm}?vD!~=!8sbMMBlabMAw(Iz5smD-=Md0QX4>K!aSIyp zO`q~*P_OJVE=^I=#kN-a6Y5jg!uY0(5l!!OeM;C2p^2?v06N$Oe+j|md%rQMf0x5< zlhdFeN^gsy3&i)5heT3SgCQ#<{uXzSBE7r*Ggl9=)B71gewW*Aql%9yVRdAmgl-1v zmK;oKhk@_YN|&f+g}sB|p`ti1Jl($|&1H?c1RiQOOd)>*a&jq)&B_TddpWc8nn7mc!B)GIbS(%@8F?w?5))d7%nCb9@%;1pk5iG~D|rj^I-B zO;sSUAv8UAF|zaD0~1^?V(=?_{yy07nVTZs{9Wm%FGQMH_+rZGZBlp9cze=ZWWSY) zj%L$r;BtiPlk^C)`rI9^AZP%LyGkDs7p_;7FW(Fhv-UF2p`z}9A-@Zp|7xEQ7vh(# zz22A>g~kaZ4naF&R5HAGqo;!@NdcWiY)}F57-rZGa(6lLVXYx@a+{MloZLdXfUE^CVN5*oRUP}`=<>I;*nNr*bbZ?ZafUw)R}ojGQnlOrbTXeq&% z?YZ@+1pG~4B4>|#Ai+q8i5Sav3?1rQx2cqQeYp>{PM0%;Y`|U3i80o4@2mLDL}H%U zw^JfV&~z4h_pq)_&14Ui4RvRgw|}Ldci8~@_1pWW3+pxGCa7-LTAjtw{`WXy)(&6hI~@PcBQlX-S3c+Mfmay`!rxC52|BhIJl>mNHwpuZp-hN zUlOS|!i0yCuwbf9LjH=4=*!z_CN{Yr$~aUd8uaezFR;-;%tB)w{>j;Na|uD_$G`EA z;l>p`>GpoSX?iYMvy1mhcYrj7CX~B5-6_OdNceD&73yxhSn@i8Y<1TTyj7-(-L95- zW2kSj0hW~ep|z~ZWa=7W3Fv8hEPO@_Oh9fvhMKw2EXh=q^vLhH-uOJ=LrrfqrYeLi zJg2n06H~jDvXCVrrMl^%JmZ%7!#Q@3hvQSgES8Y?{8p(&*xum6g56OO&_c z?$`+=%kw!L!D#iv2p@fvY#m6HO1)Rsonnz0(i;zQ0r;R|fUS=?Z?3ileE=TJpSq^b z`$R`#)yB!zh7pbkc?>@1tXW!yz_SR?*5cy3cxx-_L5^5aLExugCWySoO@C+X@h9N) z*7M+ujX`vBpIY21_f;BU25S_QwG*d2e?1+%Vfy@hXV8>Lnr3vxSLSgC#fO?EJv&7z zleIt_u>Ix36G_EisC_wnuMvVm6tU_MSV) zbF%B`sT{kDZzYx=IH&j#^j+yhCy~+;GLpSuj@<*-1I&YEaPa8;N;b2GFQ;izpGKv+ zE#9;>bc^Z`3(RMYaxm&KSqa9x4MFh6FfB=+=;2$rQ5cqbCe@EJ zLIty&uE zj=Z!ga$-`~Pgv@6?YR#pTvU7Lo-|UE@!a!M-HaGoz(zELL~$|aqUup~F#7A$*J(a7 z6urQxfahIoBcy<92?!5I7CQeX!LEe{xHr1Uz%rDtk^|^zXpx%C(&JN~*lMv4_k~@e zX4lxn9RTH1C#FOap^ZSjeiCiG=CI-~jh@;zbAWMtXMx#*;6X)IOtv2~ayw(L*e$1p zP;mIZTeg-1nZFFf_(Uwow?UwxX@8AXCw2N&bTji6o0}+kl91A6d*1Q2-3mfi6}{z& zPoiEwt?hwz2x~IS*Mkm}@B`?a=9Z+;QW7<&ryD6S=pqxe2Hg@r=o?^RdAK1fB;t-O zw?L$Zlc5k68>T!}7>)ozX<^S)sH(L(s}Tn3M1?->$9jMFdLLKb0}gZ z22%+nNbrQWwYo@5F$}g5;Vo;|yLMFu;xI|^2z953Ve*pWT$c^moqJm8vH-llO8X`X zN*z9Fn1JZ6)J=%Y9yl28B=K?wDpL|VDi zK9W79jWSVy;|?K;1U`y&88SXkQ8G{uuc>hf6# z{7DGCZc@#f}TW!siZo;tjZy61u@}a{egj9W$AZ_^BP)`IvhO7$|w=NpE{8J{V zCzZ*M@btL9lED$rF}h~#qDePhKir0s#_-Hsbu9MHkg;T{zDQ_SYKpSz@ere7lhXhS z$H0<|#LjHG9_#qbg1K_Ah$s^rwL#P!g$CZwJJ!K%gyBrU{p4H5HXX)XR&29QL}_ct zs#OpJD#FJUf-}UE)yTB&Q#nBSrNV13Jkn~iFecVLZ@PKmoVdgu|`xyATQ@!mC^{4FLNMrpuC3_AzGO2WAdTO4YE7z(ZD&HoB4K0&xOmeGn_Sbk9rWVb# ze*y;CKF@XSAS$1oIs-m2!Y|rqP(9hEshjHFvGY8X8R6-`Q%8<-IL}Ktsfgm43|hAK zvCjIF<{`!NVJ5<9YE%aa74jY*EYP%mYnQbo{ z=>!jQ;OpIc!Z84dIFq!Rms)xAs;aKMy6U2oUOLK*?8pqCT3$JcCFOAa5STGA1-9f4 zjhX6`3=o}v0g&7qbffbyX`N_x0t>3Gk!UU|0z_wve}iFIYsnbMUHifZT2`=@yQe#_p66s^ zfXKxZ8@wV6YHdwd1+;?Q8W^m~#f8y&qzBX%jM+f@%MElEl^_nNma6=A&rES3D~`T; z&%uD_S>Geb1a*MLU}zU@Yxp7pTj*i*7H-K5WVXMy<`^3Zl$W3Z0qEJyjf%JMvVfK!=Rcg z@g)|{d1%}zU0kL`Qg3>NCHVEd8Cf=4O!)sW_D(^fL|d0`*|u%lwryAKvhAu}wr$(C zZQHi(y8G{kj*dPZH_mH5WULjLk!y^ZV}A2>Vw`=W_9C;uL%Ap?@Jk^k;vuz+%9JvROJ6!N#$4b;j3 zG}kxe;c=M%-Ud_|{DnlfK6=HtAzM31-J*dmHuL^VDVlDw@>%06>bU76Ma)j({Omda zI9hp|Yiskz5})_0C8%-cYB8y>64g4gqhwHVJ!!b^%dP%FVcl#;WKIHjdC|f0f@vFV z5cSG6{+nZ4?b~I@70mr^_;9J#R@tXFpqhC=kr7Be7}z!Ihn4p7MWR;8*1e7sM3zB3 z)x|~Fny5K|bwtv3GF;)Q2Jay9)Sc`xkaDtbgH*;aZ>JfG`xX+ zSoOjryM}y>f>ZgW;gF@g#D!mWgJe+-w^&fqyX@wyawuprdoHYXo(l2t5l^jRT?b0D ziF6k?`mM?5SY&*FQ@*7zX}hd*-nsBvY&F{HV=m^j8}2QYO{z4b1+K@tAn+2(tXeUVen{ShAbL4fg0h8><+u`@H2*HA9{~VP2 z%X1YcivYb3gS>NTX|d_)^ORn^2(7oJiqt^< zg$ONSQTT6fpDdmT1cfLG6NZ%frISAwCf2N|?XOuMcm9%;ZV&u>8$5cDSh00>z(6~y zK$G~hi7s8$V%}!)X?&$VnE?J{>111h1RBXf}pt$`2bu-rJSxFaO5iC%=lD&)N zzP~xh94#o}JeY=iMdbc02oQ$6-&r2vnxh#ROhGN2qQ=sQ8kJ$!U(~VD$qGvXx^UPG zF;H_5UVsY+00DR;4dN}Hf#uZ8KlY2Yx1-Zw4jQ`?tANA!ukdiim>-n5$pVM(xHTUn zE;6hKOEv}=~JP7A)YlJ8Jr{A8<=RFB)szfa@0<`O^Og078 z!J>h!-;z=k@L?)HjCJx*vPi9rKT9N^!%R8974`)n(MW%hF_idLqI*-&&p+btR2E62_cK z<2}@ny6OEi0HDl!yQ2o~x?`e+1|{^Q{p)&({LZFDnJ$aR5ZiGaiLHh|2xxXm013Fh zQ3a;J{3)C@C0yZ%^@9ZvA&B~pMKT+90}R>A;RA&+?N=0q?JLeL!M{YuuAvBQ0})XH zXZwYl#4Igt^^5GiZOpsEX6RzeY>ab@Ou2l~)ZRxd2^H>(mmAtX0@4aI;O;iOQSW)G zMBxKNSi|>S0Ts=7jc`)-9$3R!v27FkpDmVjApGV3916|p;Ay9dPFweO(>&cmCC+p~ zB+7NO%gnU&zgOU9Zy9SWcl?HzP3U!a&5TGSu-$T8b@?>XU}M(fU(+(bg_U9w=>rkSVTnb6JtE` z;Bj>OWgz72%?c{*qIPU9` zuV12*uTQ$=7^m7bgm!P3o`T_piC zsEPUoF>JfmW;ZgI%Bn%Z?HVY5B~)Y++arjPm#jN`9H1C|92vSnVt2& zl_ABN(utdGh&{8ld+`-j<_CfSGOBP6NTpZX8`Vou@_P6jNMZ+CM5qZ3yq}kktXO#x z;W;igbVi5E=1-5nNn)K8(LX+^dOrI6Tiu?-&MIUkbdP8Ilt>jaQ8UDeC*g4>Pj%6J zL%k&fReXG1*sI;1g^lAx1t?%!M?YU{{I7w$3lZve5#wDlE_*vWwi~9}F0)%aDzTN#G)7($H6-cby)!OK7?{<;5)(9^$OpHr*_ofUp`E`w zkWVG?VIsB(LYM#A+6$s0*hV|y@fXb_``r{X${NCY+R8^INVPB(LeG9~_^bBTO$Wk6 z&<5&}#2!m%MO3AxNGtPocIM$J<#wg4TW*NY~j2nhb-i~XMMT}O_XML z)U-Dld2fcRPb}|Od~4Wqepsg$He~1S52Z5RJnDG4f*S>!W|Yi}v#39>k=H3BFa3Kr zQ?6H>8ZCT&DZb#%Qw9Buh^QIwD`Q;#a;ac<9-A(^8x_P-+TBuZalE=_R;_5I+;1Ar zv^b7Rd;>c2^_4f~hF9C1rRpSrEZxsF ze$YSHy=J}mK9pH8oP*yz^K=F4y*R&Y@ZX+g{!333G)Sm0hENF2QRY`*mo@-V4UP_B zKZJCOsj) z3E8z|Q!S88JB>;egW74~y0&T|V2&|fFce?gC;hQ6EM3npXkPLtD9XVO?B*^rZ$`Vv z8@HJY&YoiM~-cncJ)K5;@ z$UN>JR}3Qnrx@Gs5ytSW!mfeO6J8<6SX?;~_}E#Qj`5OTep$F1=rA7PMGg;treMTk z4qwH@`81q|JJ(^&wOLhu+D#J*7eNuN8-|C@dLUW+qtW&E_a!&-rRd?F2-zo`wjwuO z;9Y00D1ioh5$Je@6kR%MVOQ~>S@KD=D$n$6zQ|!YUg(iYOjhs%!@99pMvym2$6`YC z_N-`XdRryv>=X8P)>BHqIWFQv;CD{_) zm=}k`6DqKb=4ABa{5$qF0f_6Bwd53x+_-@1=ZReHt%OY3#{1Mkl zZaK{1T=j)3v6i6PK2jMme|aJsJN*{gq7aIT(0%h!z(q0r*`4oY85cg5xoW;*pM*;?GA-lT?bLc`xYP*+xq~N2KBj)E6lMN_K$WXF}~G? z8&x%YOKAo6a`34+G-1FncB(IH`UqOugoGvUc#C zfxAbIfWH{lN;;}!G0KHP&H)*P4i}so`2|QLv^5D4I+%=~%T@mP=IskKpmtQ0=mzqWP3V|~bno-2;6MG* z^{5DE2=?=fHiIdV6RB`(5NoVu1wYj<1wT8z(&pNMlc{l*R*8WrG_h1U_}SY)@*v7d z(Dll^>n(%Bt@5^Mmh&ws^_zX0X20`Ynoqo_SB)W6P`znRX=Hh~hJyQDy#se21pZdA zrGRgSbapKQ;4Ocb&JD+;eNM#E>8J934*DBTlD!$q^|NknqWghPdN32ne>ehOBqArk zi@HGWA-KAQ44I>bF>XxIv`m+H@!kI*!);w$A*-=xGIVq;COG#ij(uuC3GD@ecRZSM zxb>VD0IvT@g786J;o(3Ng!xcLHsM{c-m(FB%%Xe%AQF>PVM^abvUhHqaPq|DDeyiy zqsGhz%FNKfD}D%p&FtIaj!=QZL#HfU`N0s1HyzOz;%5uz>j$~I-UJ^A1v zGSn~4sV*L~832(QuqB$!SP%LT?s0a?0CkZxn0k7c2^)~r$n-@!P?{Lhq2sHO6Bw%1_B}^V{G@M=F$VRmrXdH7!OB&~Oz-&z*KpdW zg%XIkJWWa2j`V4$)~w&r-mH`!=V2Mmx+yrR*5KkvZq}`A91ymqd)7`2owj z)^{8+8-3s8ycrRt+UAF5n$;6B34;P44`j!-&;4kKT#0-(gil#vOJ z{QFwhHnNNhcw@T1quX(+N&3)cp-vUuJ6D*hk~$lN+}y@T^y zLt>O@@z5rsnwxKC_iNedxR>*0a1ZiSdg2ZxLl^u0ZzWlB!++{BCWimv+x%a;jG2k^ zzt&~jTGIc+SM0e|uX8?731tGi~E;GUdQdAojTC&#j#Y z&=;;QQgsZgEW!n_X6c-lcV>pP4J3Ixkv#D2?eTpWhAsz=AEBByvG+lSNFO1K_m_Ln z7$a)i0j(8k4iAdcd~5yd>qg2Rzo7Z{a1q-3c=lOA?`ER^a5Y>aF{tcC^EpkwO5f{l z7(hhln2vly5>^xzjS}_jsc$IH_3stsAR4UV!I8tZ7;wX#bz7bdm&ojBKYl-dCYyM; zTeaNe4)fK2nKd^baO~u5?gVV%_Xvxi1a=~}phB!?$eUAI+1<5aLR3qo@%w3_;K5N; z#&w;ApbJY%`q#w|V1|mWIYJO~1oc!*&|H*Db9KXp_*T)v%Des0m>CT*JKa(%FY8hE z8NIasJyK-Y6&{7K56^503C(yp*MdsVO5VDlwz+7d{Hu5E{*y6t-}8!1tydizU(B11 z?BiAzqbkh(kuU~mU$7;ez*1$GsjTgPO_415_ObQ&NZdq%bHu)$KTuN(4-T%n0_U`? zaR6bsxXcYc(PU`AYAvNRGvtBVUvG@C&^jt@sjBCPMU&N;V`j&WS*{!%jas|*I=6R> zIB1CG0i<-<{uaJw+Iw1kBvZb;!M+KOCh{%xgZmp2NRnMkQZH$O*;?D39`Qx( zf;+_X59{I1^?4r0vCS~HU*{J%Yj?cq+W zXHALJpZKL2B$Q-ZR+Vn_6T?80(BnQ$Vf!N4D~$m#qk}n5g6DxXA~V;&iEB6VRhQEl zKm?l-;=**;Mi@uC4k$cZk6pGcq0FKX8A+Z0;64^~p?-euB+!ThXcQN2Ffvdg0%4Iv zTiTiC?~-o2qICAmh)(2sxY>N)^(k~?8pa!m-Td9a=B66j_g>oZG)%JlIVWtH6rDG= zyANdtE<>mxhjISN>{Yp`;G~YYW*8mnGomkFACQ=eNMQnLG;~nFHc0hTDs{Yk?`{Bn zc0kbIB;l%t4STu*lW*vdUBadY+zs@LTneJrOh;b*cV*Q9eeY(hF58nQH`}KxmoqGjFZ}cq5L#>X-6Yh%%b`en8vuhnG10 zz}@aoiN!ML^(H5Tf_JXP3>NrWY$N^~qguuS8gpe>c_+YJ>Hedw z-^{k4NI^7tdrsG2>{RbEUh-%EaatIq51?5=`4a=3e?Wka@k?KGj6{d%pIVIPqthy> z7f=i4cFPJI6_ZB97UodFn^fs0*J6qbt>=159cQ(~qd)D7bRQ>yM~S^x3bZrE_yJH# zgKvliFEl~Q1er&&l!9C#CYFXH*|^tFdlf+gdtgZUrIzcY#P5Njc6u|JGVTy>ct;?y z7AX0_)0sY}Gv?Z@Lntrgd=P0A2}Ze#3w}W=7AQl~9BY>-q}0AzDZ&0l5khSM zxFj1xKzSw}%ogBEIU-rbkv#Qma$vRgQDSi0bEcCz&6aG-y+<2)v ztPP}EJ1;rkxjdMAkN6Th7nbHnMXOR%$A(HO|I{Wl}j~ckp2QRB&L+cBHJt zY8RqJ;t5GbJ)Vy&9vw>i{#MeV1?!EdG@8~+3dp`xEA}W7eW4vH>l|cc-3W2r*{I;i zj4NHM6ygnueVaaY%w#M~?yQya^TXurOVPC>BRW(~v>EHW%OhEIMurjcKD^B(Ne-R> zThCI76sTLH`!^EZjUP~JysvC0L)Q)|;Gt1TK_a$@n`&vQkdyZDi=dt}c5bHl0^BMZ zY+u~~hy<>Wbmid{qkQhPq`wehyvYzsEcq=%@# zE1XWDr(nJI6;E}i*HW{kb6S>Vm(`|MY!0z}JQekGTd6gOSG#cq- zU^e6OZ!a&ka%?Fh27T;=yCi^IIvzC&A7-fx2#wr|uyx(>J-68pF~N)Dr%zZD#OF*o zhvFr)tqdieYh()Yk#8xes#lLm5FyWk4W4`%ghTgh!Nt^9{?&hk&*GaBg?+FbohPt3 z7fL#^4?IUGD2iloe2eg_VbH9C?zaButSgKdzlL0eX(ZbUE-w|9V_SQ(wFjgIkG-PC4juzX z&Au!N71RkM5O2tUjUQsd=Pu$hD7Yf0KophsSCF8LXS_j+Ee`Dw^5Am;iHwy4Q7KDn z+Hmm7n`wEhpwXuB&<_aLdrG>FY5WcXB=)6_9+_3839?~bD0{61nh;pz4g9KOu1ma zPK08s9u4ty+3lcbQuB;@A9_N*VFtRrJeQuC_TO$~#U`^jtR3^#)KD?x`SdzfPE<>B34ABgakdDiGg?Z zZaCcexi&pozczITUhcCI+~O19$o_l41o}pwr5%#ggAnPI*<-J*jl8=6&=(!J&!v_IS3O&sNTC)*PXeaz{9mk<;d_Dp)?_&;p#~2{IUbpeF;{4L- zC`(aXxJLrprIzmxoq@jq1J`}~{|~?Pk39b$e(4{zll{M~V_)lN+F`RJ_`cR^yjj4C zz}yxJ;AfneBNd4%7lH>6DEJJ=(@Qui9j~Tl9@eb!)9@u(-X8vBmeLo~M4=baKuFP- zrrCjzxCREc)?*>EdP&!2wgx+bD(R$UgELaaos5;mih ze%l30%%7tW`fCB{q97EVJg`dgM=UhfCF#&?_2+@lyJ&9wteq&KV*f1mbUC^uh&s9> z{;j5bJ{l>AiLnHm$c{|BB$3#9eb-78HEMj3Ixn$=IE4+DzK&Z};NfBF^hW=?OSv6Q__)*{SKVqRSW5N~4^JVtbKpPB~9qAlC1NY_&$u73gb8GEG%0 zKazTey(#ISpt^%*_&VnZG^{8b$Cf5 ztJpi1n6=)!=rpn3e?|7~O$5DFLKQ8V3R}&G!1dl>s~w=$lyVA_wpSKiZy`7nlt;0l=3h$bWZ9{jmkLTx zD-}H_;{o7}?hbgb*6$XWH<&!NPhZB<#ch)(ZOg-eY|1YLS9G!-*F~wjjpf@U>HydmWVC&oa+ZjhK4($I825sv&zicJFc}b7C<)=owk)4Ld^n9&zrc zDCel*5~_*{BNt%8AB#baMGD#(b22eKrL?i>OqUN#wp5^(y@%P)2CUJu1xiwyN+spDktXs9&_%8>pP2yFu_123`4Az)e0l{bS5hqMNY!Trblq2Cn98bsc zyyQbdWLh~(Vm6DRR|LjQMjswZHZpxNwtp&B3!poto8c)FmjG>!tKW;CT(mH!YU8XE z7o;~M1~9uj&oZaxxJS&mkO}H+&iV#(Hr}0CpFYrTY$?xl);Uchk5M5$6M&{_CJx3x zR{L|#(A$I1`2@+)mT5YZ6aML%Y(@R&muq2zk~=76ms7tfMzH}49S%sy1R=WzUX(QK`E`zPo zhwqT=gtf?4k+tuZ@j*Dd=QQ%(thld=fBqJDEoX^aahOY$fA5F#jbgAuhV4jlBXC>( zLNGSf|N46D4pN(O-DY`o_dx@JW5Iq`Pi@K zxnwV&==QDaxu-2-WhWD4hC1x$+iq9rY(jE}fI= zN0__`fbPWllOI8sAb8SJ4o$mT?}shw4E`o1q?n&1ni_^HaJ`cY6r$^0-G0G;KB=z$ z=jqGH`G5A+|Nn&DIM_JW;Sa`+u^Xo{QJv1SKn<;5>Z6b2N5TpjbiRk zFq2=sKRA*OVjGxkzzeqUcQ^Kr-KEPxO0;%gBx-vuMT8yaDvHt=D>$0B;+a@-Tx2|s zBeNE8{5-1yYe#TG^i95mK4X^q7_8EoIn_>Vdk85Xp%Lw`JgqwVdox>QlB)`+oYCYsr9NfLWL{g zVVR^6jZ|KiwLd%~U8YtZ&^0uM3_%_$tGTnQ&^n_Y_xI|tZbbE?$lFp8d#eOrO_re+BU}>NTb6ZRLJ+( z4NVDq5L)?&zcJ~dKtqKCLAxm)gdCk}6!7@;l>$Ngy{8XN$G@wa-Ixj7Q9>~6QGe<+qXYM3PKZQuNMwP# z(2b*kRcZ2Y_YLX^h;0O?knCyDP6Wf^fGUxd#3O^tosS`P&0ZJ3%|6I2+rZmRBoRJ~ zlxgY&m^>Pi&fdS+3WdI9IZXlFdrzy-v{YV1dn(KkUqfr@u;JHIX?TT zGR3Nwo^6WBh7GW8;;xTYPA*NR3Dhc6=)L<6-ToOx)Tp_sv(p0OMd|PYtYNm4EyPnx zm%cW9v9qwoC-H`zAifA^m;ZWB50ZkjcYEfndwO_ zY}<@$ddno~$DhXQ!8gl}tXkK9V&^I2`S9t*=+XEGMNSs^90~HevcCNZrqsq20dU!N zFSd0P6G?ux#D+?9w&j)^tE$bAr`@x$>Ioiwb2sFEyvvLGdL{8;{mtmh*Bc5*jhlIU z#(~l~X{~y_32!~aFcvpeygHT_wGXd$g%9%Z@%E<@0f~Bm-A)bx!b4nD zUHgfg+FICaUR538l1c;Slc1&pIbOM;!I%}YoMj+7$^~0UA?`xz;=%UtXXQ4^EIWQ` zqzCpf;krXwA%r`$u1zYay?UjseURquDoqUtLJVV}QGWs8_;!Um7}f@-NdjyyH9d#PLCZReInK#%-+#6(%Z!?fVFKtby z*f<;pp9%Uodtxg^y6%;yvp+XSl`}uoh*%_rU|-@aZH$yUI&zjol#$zU)Yc$An1Q6j z_|tvdVsL`$+A$=ya75cm+FUmCsd&riRY|+gSh=%Ql0xJ$NxK}xb(&nonb5k0l+!b< zZ3|iZazNWkaqyDj7Qm=j-@2tVvgXpc^#hn-pP2ujXA2X@|HIiau`&JExWjF&%YV)e z>G!5r=&TfV#^_Ctsn6%USu&&Otl7bVqfM+nWo2Q+lcV#JW9Ivj9mla5zM53iF{+cO zFYY8^Fn!++uSf`d5fHbFFF*hL=jv#<(mgLcIv6uc7Z!tc2!lJUoGfayf8E#~@7&$p z;pHU=2@9JNEJ8hPT# zet5WtO?P}gB5sV)r(cVZx3&!@X;ip)Wo4e73N#JlwW4}Jht3r=njsEORK!jE4uLFt z9^fLJpIF-6_6j7DTQg0Eh-b8Oz!MbZZjX-b{_bs!VAY}zEk4Z#h}Kk0OBYL7rO0a1 z%#T`r;DmY1H|mRY5$}v;&ZH*r;-m1CDq!+!n)Gncx_hQRpR@a3zV@Ky-WC@_eJMy) ziUIVh6upPY!g@eL}Hvaj;h4-uTf6DxTdZm4G`;xQPfU(AQVL)*g@BOnukz*VgO2 zFhnmXLV|jv3db?=qFaX{bqW2JMkekTC7ut!x3x2~BB1lk2(Ihh1N_{$pNJ+AE>SMA ziEowJbI;2V#^@iob3Z&3#x@=*BMeuRhW=Xb>+Jva#6Qm3!ymYq_}G}PV%8m=V!@<# zjDGd4h9sgip$=O?o^XPZAnbECdl}*A>V6SFdj{s$eqkwx;~lx7oS%Rqfg(Wz*7?#2 zr_vrTSid8lco)1c9j6`WvBq`#zP1NB1TlJTIfh`)S?}UQ-d@iO%xA zFcx(Q$_C;klpGO5ZI5s?xOuTa$ zymGiz7SZoE&%K~5h|Y`jLAI&uE}o4y=XMM#m-W(kQE_CD4Vr@|`I7rQK#c{DLaam) zANT9zrXUQP-*7@0(iOx|pYMF?Nvo9t2nMkJ26AJkEr>mDdlI(=OVOBa{v!fTY#Ii^ zpTLUN0nJaNGC@D&e{acogut3;9j@%0L|d!&PDIK47NCrzF=%*hqoI^k$&>vyzG};O zwb%PK3Qy*d(FYM2#+nc%?$*d6|6Mw1oqqHxXNrQ{{OYKdC7_lDwR$G0MAnnKXL&Z& z-)OMHLAf|yj@_WxfphxGE~vro##zo)rp^XrvtSY*{e8E5?Wi-`L%R}Xn^4e(&BgmT z9_Jx`J>i~?Qr3nbw}mnE{8wgy=aWYz&tq6?K&-ELM_TN!g6Qx2cPGA{VCcJxpa$ac z`PTUn`3{LkgTy2Y{g@VnUmAj57(Rbt@xx~dLGpGGzmYC3BMi;f*Ji=fKOXl_!y&m0 zo5B!D{oW<*_irA}O;vnF{mAo*VIvL{-u7-^%@+9q?dhv;uy%x(AnlsU2okVX(Dq5|D(EdDWLIkSU)Cw8*}vYI zzLfzjNe4by(aa3#tcc!mR3W&7_cvi{IO6XaUtIkw z#cd#4YT~s*70?eR*o^y2Pp2tRM{x9)Y8Nbcc|nG13Pii@J75hl`k!Y;@HHdARLs&rRxx@}K2A|*W}&S+|^K*-$ekA04qS|6w+tTmWg8+F%@JL-+DxMDbq{@H*1 z$J6Y$KYkbu>+Gz*<{0s1oZ7szciui)r<(PqT2qng0HFK;nmC7Y@?`2Q8}!r{i@U_l z5)2UoiV;JitFZGP2ShHjL$he0`Iwr89qM(N%cWC)SE%oa0>xM=$vA^!Kf(%?6Dzx3 z8;=~r?wHr|z}?yJf_=?}h_5DOfv6sy}?A?;3jvq4>BIgxV(}Qs&xp686*e-cG76gbty}q zGV%?i5{_39R3QVE;#{-Vn2#zlxy?l_bUC-P<#>%n7b`u`FSy?V{t*J>v7&9}2etK} zYXX)QTgf%b4nUiJ@zH_}l!dZ?NCSh4Ans$=lff0&W{YIn{rkNQe$om1QiFv~)zJlu zZCDae>t=|mu|Q1&yXAE7@($+lFfS&VGF3Wb*(j=L<~|C=U!tEdJk3KAE(umIT%^jn zJciTU%sqSqY+52KK;Cbd{2A=FxRIqmSlOP*$cN%_Z51bPGu&Zn$doM~k-9nA{WfNK zO9^#Sv9P8|85v4t0=RN&MK7{Q=EmE;7$7_fe@v|24a(8m|gIPGdBsa5K)Y$=P(7CQVg&c6@)>VKBbZyV+befQsxpD|!&9>nFue=1Ui?w3=&C z_$$M7lGOTUR83t~Nbp^&;x#48opt1QT>f zch9o^zM?KabzvxtkNqfGT3{~NZHL?)msUPA6$eiijX3MCjh(V59%d( z=iZ9DO|HYK&Db>x6r_qIPTbzd4P8K)XGoy%ZJ@djXSsg%hMnIvdA?5~{#9+5pQQ~6 zCn8xFYs=r;kjF22sJ9XA{}iOmO#f%GtTz_ZS7nFm-qkxfkfQ4 zY(__R$ter(q4A-+V0hAS+P}a&*691k4)|MwxtD3y_(%{vo!_UgB;5_V4aFJ{&rGXYj)xL)o@ECKRdB$V_L4%WtA&-JR{PPX5=M4Uj_NwgvoHZFvTm$6n^?bG9LTm$LL=1&;({M00ATo0R`9aR@Kw)d1*w^GN= z6V>xNL~#6oSnk(I7-Lm5`9YT_zB@)D0ZGE-8wv_J_~;BmW)!5Mxku-hr0169{j?@4 zo_38(g@4|3Sc?)791wqk9rWO%=QXX>O9%6opa1(#k?~G#`<}?|4O)ikwn;?~mWQ5o zPClw{rhHtobVD3U4*N_ zp>G(>56uM3`rfzsu+|ICEfdwZ8GPfU+h?aqHQO#R;J3E1sC;5XR{$!f%c3Z$3X&`_ z7=fuiH^na=r8G))F1(WyS2JIA+w{B@^_tJ(rI8KnhV2ka0Jjq;PFfr?3FVa_(e*Dz zRDinqGyd;09_hUHxDhOL(_Zs}K+^%c?U~wMd!w*MPw$A`73(OG-DZ_3g(PH;$?$Fg z)vX7;*s$1+#lNUwSEfJ97mWAgVnTDYz=QG|9u<;P#xk5=hwKfmT87U=tLC7{WO-D& z&f#lJEDkAqCK) z6I=?La59=!M*8N$^hXrtE@oKBqbcE-At% zHjO7PmeLwn0;s#*_fQ^-MWSLF6X2Y6iLXOl z6TqOF9L-CDEOp=J3h}>5Z?Vk2smrpt%RVtBV~LMVEYqA?x*z!-+wg%38hg)|-*?)^ zncEt;fu$Fx%yW%j{+ATxy9U*q#^oTOJjx{?NE5547bqmy&Lv%#Xkw|3tZLb95KgWU zd|*or*&oW>+4nxwL{_~-2_z<5Zn`wymAUYwe==W*0X>qfcQEBy>>eYc`MmqjddF;& zS?*@F2NW{#PaZ>HugofvYV4t`HwYn)iyIG%CS$q@XRYvZ(lmPRcUCDLX6x+oUTIH! z#^6vvCMR(K-xot>$NE7MIGM<9YzYV=41=3tmz+rh@dR`{09Ap}1Zh|Ftgx+a2V+_% zD~_#@ya6gs`=lR$q%x+q4~dwDZHvqYE`aeSaxw}W7k0@^G&wbGM^0R*plkjOXF77) zZG+pzlb^2g7oGS!(%a}|*M1pO zv{70hwMAiIBcK@P52Gp-mT;HePyxTh0StkkW2Mw~sr4LR$7dC@jS#H1uF%SPiP1Eu zEzV#Hj=(IM_SCQR#6diqidJ_sx1!(*7B|4(DQw9k6)Lb0Whlr78>%X-Azh*}(T zaB6D&Z49l{7cQ-Iy2wSQLavIEz zc&uime*i*~v-jXS#2O}owS`5ba%OJZ`HGKT8g3k*($zMBlwLeSZZ!~Es}`5)u4ZIC zj*OuG7nFJME7rQjL1iH)JY}>*MP_^~6ZMq=C}yS#)AfvUZucY5C$IOWQaOGG zRV;B_Pn;^-UjRDR$E*7!7vdS8UACK^Q4X?)b_J}B0c8ne% z0xdSk(@(*U;tVY^R{i%-ACt_kd=8yy$vGKMv`_pikrbYJ2dX&uMgK|dP`n1@Wxgk& zgR~x))T}2Gq2hv^oG)pviCpwYe82>Fz<1;ciWEE(W$0ZY=oFOx;%so%XQ)|&Rdj49 z)#BVLAhXgmZfjC(ErMVnm2yxbl__cor(h%|q_a>PvOE{W;Juc#6>*T(U@6okmk`bB z^-e@gA(yM%Rc(6~xnVcamrL8Z-F!*{2G)%yYQDkr+iSBb7PRPcZpyhOoni6cN-^C2ZC9+ z(@RYbq^L#U9Mz7xJX+h*f=KUvy^om*E}IoZDAa7>8~PEs4jvJ74IH=x$*QG##6yz2 zt`W%r)KnAKBO|oe8Pn{wt?xkVaY6N}&JmUShig8(=jLydz+HXK#?*I|eTBpv2}@3_>Z4<5He5i7QKl#1Q#oQ2D%Hr3QtwglMC*XU6wWNT<3 z)5K1Uv_g7#gH@pi3sc zk1R-BJMb>xzmvs^SZ$z-{`o`1h-7*5@)@PPKY@e&C&UrFt5kBJ zRe4FNNC?RIGV4Y1hx(qq7txwC4s2HFX!C-T6UE0Z{W5z zxIc7r|EA>i@^ikvsH$^QqCeS#e!U(KTJof18SHNbtFI9)q^<#9 z0=9D)XK95FG9zfU z{}~4>&~C8tI!3^6yNLAA;C{a2-?j!xmoD{PR1RGKgEbIh!1un+9u$V##Lqs6LS1iXHk~%EiME^DBb@Dg z0!So`@e-*;2bO=oXAA(8lFrs@GJU;>7%*VK9`P8$*%Xn!52@~V?P_cFddCX`P|GC> zFI|R$jXa17Xe2SwMV-4NY!Be8ZA_iYJ-V2(^A$CxMey8Q7n5*fVnBMVE@tRD8)|s8 zr1cL^UtT-capr84Z)oEgxV5yj7jdzq6EnYFRz)7`JVXOWeq1TAH)m{Xce{OouVAC3 z;~R*^_tj#KmwjU-=6U)~vl@l0v}h}5X8iD&{*oA#3MoJ$7mx>+>gS9?lQBCuZZ&Z3 zxF9$EgE#`#Qu5DkJuA{F4ZoVS4##JqQ1}7Hj)r1Nq=2Zi;}&M#i`1b=%zBJKQJ(u< zR%aWik;s^c8XRc0)}lAIuiT4Aded+lS!#MMC#y=w*;;8!tADWWPu!?ovrBZeHm%yV zad8^guuLj(szF~(&9G7WG(d_oF|14%g~bw}ysb@Y`)wpE0KS)8XEbbV&745Z`Do4?f>R5ZHlvV*ktW`1wmO3^ya9!WrqoR3tI z)sSeeR2HWq+qP}nwr$&I+qP}nw)fe#ZCmf$YE)Fj z`=jD!Bbynkw?>XR<~J0fPRf{ZXz*kmopXVOo;NKAMR z!VT~;Q5^yjd_f?&+JwIYx8ETG%}xrfz}R|-_U1#fZcyJ(3UZEMmS!LI#8q`=IZ@0x zygDn60!=eK0>b$1sCi5+D}PY50hOq(7lB97@X;71Wk4ih&lPnxq7nG`_6UN}VR8hZ z13ki-+PyNVwp$xS3CA^62sjJalY{7TjTJFH(!PFMDF{+Thw})eshCplQ98^$bCJ0y z(1s^NV*9AsTdx`5O}TzB7gVVTb!o|+90S!LPZ*0QI{@5uL4i2VA8}8(K$86c>HeA2 zv0a%2d`W4S#4}wr_uepsenK7V#IkBDpa?`j1BDf@723q-cDj`3ZBU;c0z(HOcFW-Yi-s#K+HD~B~RYj zo;*I`9RzPyk@gIh)sW7|XI=Kv`qd21=gUF_rx12Cx11c4&{Pp{wS3d2^bP|4+-F2F zedMGC;A~@vNRU{7-XJ)GirPWkgKWY1_Y3>`y~wMOTSD!eErbTdi;*_638@n#D)t`e z-Vg?Ewz3vAagb9BDQdJe?g1oA=!S8tb-QXmt4M2UM7~BBp7QigMUM_mn@b1+t=^d{ z)=sYOg;kQ^%Wz~7qU9c5h!?khm?%y-v6XWyKM=Kd=IHrKjH)L34FIY#R-7q>D&q(U zD1Rr|Z>%gJ?5=rWDbSNHt=w_gZ_aV zST{6gAYm>EigM9572eI0Ns2K6wOMN^X##Vsl=(+iNVo*d@O*uJZ@_^RL;jKZ=98<1_Vsv{g^$~_iQx&*3k083 z?f35in%veFKWoTvV#l!1ahkkO4eS^nWt%@nVp{Wr_M#p6E=xNNo${oFwB4l&)-CPL z?(WasHa4PDiQLZbqrLO5&|UcR!25(WS7&2Wj5l!xgaDUe#)YcyBLB?V37bVgB>)b* zdVHBk4-|ay(77GaA`R%tTqfjoRz%+_YNdzsf-D3DKY*1HF6;*z(6ly$B)WJLYa&miG1^v0CNr6{(D%M~hfRaw=9ZY#B)Z*F2g!MosE9sEVJK=<|IDaQ5;HNvVf}&4;$PcUKGvqUYM^V! zeJu&V;P=JH)1g#~0>877R+eQ`LHEhJ*V@V5L7J|IM;PM!JD7twp*&TtAAh7Tm1T)* zzi7tEW-73-8bKaHUn;WUVSTQ)vIgtTH7iWFm)n~3ZE(5#vRoR``@6a<-5EReqJo_{ zb<-}E87rZOc>JVpjB9|OTi&tNzV2^FignGgsltLuu<}pvIxg*rUJogMt3nQHRWEM)lMvxlpnie1 zqG)CQLol&0{D)v-V`BT?=8{|f@ih+r?Q#A~J|$E(wv)Wg&crrNa8Y(CaeHIU0SXHt z@uE;7A4Qx0@%;deOg@|8ii-kZ$uwxn!`B)(sfT3y(*s>QdV6!b(*u7fyN_NW#s2y! zi-GEgR+dF0@vVTG^=b9E_l*<0{&N2lcHZHBduZ~4FiW&XaMHT@y%6JDh3#{+{pmBB zKJ1rCHKw_&#?NZj6;(K1^_1_3=Kb`<_T;j-bRA&%S&QDfSZmit^$O;Eb_r;1KmDM< z^YJ!1Lr48ZLd({r@Ge^Tru!;BbkNVPd!$&9XPR{M%?8OE#NQXoN-tN6dv)zz9Dr}O z=zi9_N+gjjrdOezJ*>ChP~2(fDcsKBNeL<2Zz$ z8RiEVx)#Df1_|xFKwI8;sYq?P--9PR#k^KNXIuoXMs>41lwe-|PILEje}0Rfp^%Z* z$=d(3|N<(@9Te+x0;WM5Zz1YwFy6xEoOp8I-?oO0O7xrPA zMUpEP^0uj4t8_c0$ENL<&zFPUj6jWv>Dk8=LCH)98G$6&7F={dI7+J3K&rT&wG!Y03m8_UGm0w~I zqQocSx3jF$iK)1m+v1%H{#Uu64MX!<7 zdd}=!M7+cv_94g150B8pnfF)iG`2vA=T*T7(Q!iP=|Sl%_)4R2`iEs|C&euT^h(XT z?n1ET)Xz1~)=3ymC=AOnxCg^L_*e086>VI#Y<9!%K1>SnCRUh7BY9$F0#Evh9Gc#< z7{~xb{;)!DZ{!0t|1C#QuJ@x5npqb!qHyG>=oX``$!O<354XSDy4(H3%&?9&o?w4_ z&Go!WuLav?Jqr{n$cK7H-YMr4+WR?Lu%5EUE{}XU_KOD%-5D5y5xD*}&DlQI`G*>c2qJF?ABo0|hgQ-5ZxsGEz&t1@j zVC*(E511zcYs}#Q49`4I_Plv>%c=1kv-2lsJ_y6M3mGnGVzlj$WCXE4>57ewYCo}P zXY-5ZtFW$6XIkgPhewkvyFxn24mhLlL~C5Zj+SGB=sr=M%=3;yAam>#=E}r!7QZfF5@}{cfxxKr z%oia8vkjqjw_r}7;fNO0tUS&w@M^j^obIGO%Xu#8mWO1>?-deGq90tM!3TpRfJ&A+ z51ph>3E6$-{d(ngq)rFENXB7cxcK$YsC`jzY*MZiV6ha0#ViD>ef+~VdwmpWN8Mlv z-fAU%X8DfMwBZG74~I-J9I!s-hd$FvEbDI`_9bS_2w!jD`oVY~#f@R0L7dKFJI=9H z>`Z*@8q7q~TLSDfKIJj|RI*wg1k=%^AyoBX5B1o}3OF2^$(cq2%@QhJ0)Qq7V?gVf zgP)o73-mYPae%WMcLd=*LyU_0R3YeC+%aNDI z9eHBvk^*tU?m!(A_cb^8dyXA$r=ffYG&Qjk#)T|i* zGI7phU&ly6;k59BCG21HQPDsH%U&rN6^3dswJwhLBU|rAoS35+K!D<;e2S7W)@!g26isoQOU#)a?q$EOv?28uxx6aKoLoF zjzk8-J2fh7N%sRHFUo1jQn3BnTM-{-WZOB-K-wwFfoOb+wLWrBMm%axTv>sFW!E<=!^5yV_gNJ_63 zm%`Ch43L6{@%TdEf42aAvUl86k-Un{b|{F$BHIP4OR`;h5lk&%_0xW?q-qq!`i9{S zeK0R4MY2~Z%8k4U0cqnv08omx`!pY8+s8`-;6{B=QSC|Lk3}NF$(7E_@#dp_PBv)X+wR8cKe7XU|nG*=#BE)+~_ z3?Hc@_TzFd^t_I%%nVUmc@18OUMa9U!F=fqwZqT1T_Io%G_dkyY{-M^56}Ag8ZksN zNV8Q_4(NLgx)WvS4xx7L@1Q`6cKq8O%vs1!QjyvBkte7Uo>kYonUC>WKM?dP&M*&- zr5&%hX5Ze~@kp}2tf(Sh8#f4!hk{6QMz*iJ1oLNg14?wTf)Wewm|6ELh~U0O8|iZf zjXttXFz-rIX*TxdxWRIC?m(vF!cs2V<>dxnTT7#wpC8!oE6qXqEI3-a)fGlbyzsW7 zeFjhuQ^g_7Db}(28`g?Pp>sT>k{KU#RYtsqt&%AvyWfgSL)u4Vda+khuG6lnncG#E z=mEZ{gtUK=l=w9lVJJ7-<^(Az`0)x)uulx(T+z^BRUy}4c&>~FC z{~BKYpXYzLv^FlLP6YH~Hij;yBBsXnCZ#8JaZV6K$Ec<>4o9<}Oa${tB!N(1f>`Q# z>90%*)o|tW8$l_d@jG#88hM$M5b?a(d_=y|tMOvn@7>)U8xC`fyZQeT)5V%nvZvu0 zwQ*u^Y?u@e-s=1Qnhd_c(MMw2;B#$pY`yNid;n|7>O6-{E?kKPrDTV-8Fg z>z3}J2G$4Oc=thKVo)-U2df`5?6I6|y=cUBRgz5u1{5F5VU#utEVlw)yOr%vuwo>b z>=2BJ!`ESYY#^`-zzuy&5&$lwOh-!%O5`%YJ|1(yvAy6_R_o53)LtrYgjIupABIvzlF48AiQ_AtAId zAhNy$i1^BnQ=}gO_0RorHId(9m3O^PD)=AH<{HPk>Z6`UtB{6ZK#3yUfQW>J1WJLs zG&_J&^X-7}0jf(Xi5g}&BZ0tu=6--u(MREwy7dD6$7!t_0f?Wk>8_70WN zL5k-LxfmdMYXs3Ye`(aHT|7+7DDWijC%I0KeV8>Gt*bC(1&Hn|Hs%jv>{z3heg-Xn z?-i`kUjY|7i)y^`E?R?m6e;$DfZ31t}KZbxVTWZ>n{ z3QxT2@0-~D)EmQg3~R_dhUr?j_Kgtdg&RCq*$~tf{2mqJd&cLfB$Bte+uJ`;9yi8M z5xi$5*kXF+(g&4K_nt;jhL~{UJ{;BkmVmg(A{dgtKT1Cbk#ORC&ijmyu7w=kv#Pb? zaC6aN>PWE$>U8BQ9&p)xC@3uCqOh^eCV{mX8lg#)U?78Q^_r=^5C#VBOWe{uUT_{7 zdiB1h96fXL$U)qf|IFN(Wj&TMH+!BPe0YKPK}x;(T7yuVINdf{!mQ&O5$`I zM;`rB>7V{Nx)v!sz^{0tsxY#cpb!nqZ3intO+Jefa6wSn8n5-wwh)-Xg*!m zCKGgmL@CkdIp-mq(gn3R@@d?XXzT7I9+z9gozV%)yLhXHBvg4z$fnSy%D!P3Mu%7ih zL%DrXGo->~&e52B0RVvF3UAhXmbyVi;UZp4kreU^N=mh2VE<73+&l5Oy^9_McIz0y zbyP5oB9h~+W(_;b?;jvSd^NI9tZr!@jyaIU=WRWLEnuLppJ~Y2ux(&;C{W%hgQmg1 zI}v2ZYY{o4QUKEU5idyECx;<4!)Hg7>lMg|SwH!U)lHU=X_8|bAl0cwaRZ~f`fB>O zZU=9y;uJoA>3&J&a&)*SvXd+tjxpAJmejOOn%IFud!cz(e0-Le+dynD!m@5|ZIAf% z;dL{pkz(45P6_3F2XJfc zIlcweyr1fcaNvHP7Wuti`ZPJKhNufeL7Rw8XEUCqmd4Y_T%npLdFp6 z0>~i|Uk+H_8~U%4iE|W}#NwRdfakG_Fuf!c3GSZdp5_o&Zk%1M(*xtnftFE5x<< zOXg)7=d9&JT9yp+#bth+hT*ftDlJo2z_2l4i9~=2e!=av#${Lm6Uv+3xq4$*w^=}8 zyDhP`-1~Oyo-1B3->l#S((}D#?IA45O!x9Sr_li{{g-G%)YFd!8e+ehC-Cwz2F{aUxaC z;uRQ<7l{C92cQV~<=bB5B`7FSKPGtz$u^gNW&eHy(`=4uJp0Uw{@vZ)?e3v1WTJJ> z5P!{*kjO#Hh_*>B6H1-;#q|weRc(_hZny{jLTwn5LsTEDu&r!D3|zcdJu;LcTl=TaJb6=HsyU1oqQhM`3@?vbf=JKv)SlmqkF~ zbuqT{^5-vy9{2MXK8wZYz)Tpkklw9Hfrnfq^B^%MY}QXo##P5aQu6$L?fMM>@!HP| z8qVGoR*6Im1%NuesS7pnfxN6NHNCIIpkW3qv|y)%dc*`&AdI}twn{(+>a&}w`t5g1 z|2-gulFXT5wuO-p1!`8@?`LnNC)815hfs-D=CLSlXlczC?~!M>v+6b2Z3F4erA2yv z@Mw4&INwr$@G`wy0IJsHn>;qw75C1fy&gotF|jMwkG-M|e>DYxleeR~I&Nw)CHCtl z*1!N6WNB+!)r0h0g`)5P7L_-eW9VKb0z{!7Ml5)&X_9gC-kn51gp`X5mJWCN038US zhv@y-?B_3YmsdTySg-2Md-)N!5Yt zYpixX2utfe#k&7=uCKc~DDnV19`K?Qd); z@7095$W~*X$^?*otogJaj14OT&*gr*9fL64Uaqp9xH8uc4tL)7f@Zy}G$}n(c3TPAGc)%qhtj->ukVR97|A79+)LNW!zWf7%%fRPW>qSF=Oc>ywZ`X;E6x*#Cflnkz~@$cOrVO<)icHFMj1oVUxsV z1c~^(h#ZRG)z-Oc>4w1P^=Wvf>v%TkfPmcM*!Q6U;sfs#ge2ADjaR<&^gZ0YHvzxY zPWtehy-BdynqbcP14ZiPK?t5y&d9B8aOE?U>j@KFr#{YwaK@HqG%Xp(8xqnGY8Eax zoC+XZhX06T52!i*ny(<|tB(`D{4ssZGP~QPzukRZ2ZmHBrku{T%Fxr6cbx6P`POjU z_%tPE!qPK>Kuyj*2NZ{Ffs`zlTzN~7>>B;<#|SFbAM>CLVoj?`>-iGwo}D8kq<#kjj(bp z5t{>|6$WhoCUl3_^4qzyaN||hPYlIAinLtmd^o^p+BwA#66(bpq@c(MruYZO)kFC~ z@ArSLJrorydf>iq0S(Ef;k@W!UwN9*q`&S9+*xA~s|A86rU-cctz!?+hbaiCcAv3l zt3!@Qa8GfWP9`a4EH)vi7&CcYTC(FgwQ&j-O*g-2T=B{S^a@v5k?^^4k^g}V&mqZ> z0~f#kzIW_S3=_3e@+GXb*S~U1RnFWvER30i> z&(cy7ll#5EmM97aZ{#y`Rn(Q$Hy`DRI5Bua>5n^*MM7J{XP#`0Lrgmb6rXH~mc1{m z-f}}st2@pLs`3YOe-X*-^_rnQwOei zKaO)8;{BK7OubfJP-#3WZMAA2s@J0jdbiOOY6q7x0$=3q3ZFwA1rtQMRmutUcJPt^ zcuqwNlB!AtLvV9v4ike2I8~dtv3<|>scw%y82hHX5z$FK7CV4PP-Rao!+KW<;?(G~ zC5ZGEzRSdhgrW#~jh-o?k4oU*m|hCaz!ncAzj_tK0u5m{#i2HlM$k;D4=lhCu!AlT zKodpKKVhVb>WGHW0uCv9g+{P|txmF@reNA7Ucm%V+!SS>LYexpBsq^aqRLu7-bu5( zhsbx+Wj7z9YE+&{R_HjJ@8~H`$#HAX1jwVzXQpZ)0y2FKZSXebm&-ADXw40-2+ca z{Rn7DzH%b9KIF^+b%8n7!h^WDnL%P^fX~~lQ7C`7))xdPkfcd(%bMef#@n)eacF$p zZTa)zw)~$GHP&`2oJN0aD_)++f=RMQnW#Wsq4KnrAAa}1o{9fZAngBT1~D=IuN6oO z=9JSW$HUD({C_PJ;y?WV^o*w*8*>x9XKO3fAu#O#8Z}AJ8D0BxV*IZZ%noqGlJbpo5=l*Wq_IiG=DdA z71h*yGGNG+d6?Lv2Cw_DyTs?Qf~7IlVvfzM=3SfFv|CJl<8H0SB{mUd*Np3+?iwrA zbm6!1C20F?-!yjWs&x#KjK+sI6jtO@_prZyUGDck4(g!crX2f$>6}MZ(TX9>d1eC7 z4}bs-WO*Rl&3GmPS3um+fAtQrIJ3=U0tpBA>)0I`fCLo_=2u!fD9w(TxHF&BJ#;X&7zUac6?5rA)A}71a07)gxW$V$-TYv-&)II~a_tYw z^iSR~;G|WCX~3<00D;k!8foTg0?7MQTcjB6_KY_BFW18Zp#AgA_AaS;hWhge{^vs) zxE&x@52QVz@*Pu2dNSwaE`HOKTxTnNb=bCSH}!P81)p$jnrKSn~3#Gm#pXpkH* z%u#fyG$EQ3S!+F%E|iIv9`H7vO*KX0^4;hj@?f%87fs06s17Rx!{HQr9Z-U z$COAY4o6Mr+H_Yv=iFkbS(B!~x&#l4U}mAM{_aqGeU9COgZ2lL{Jw9;&+}K&;4-(J z4;R1`cb$$i5G7vNALD7Vr^9{w{+lJmbA&nyVZq_jSKRc!@XF5 zHf!*EkBto#kStmvYiJN!o&Z(xBwB>H=K#`f6g8t!L;jF&l`vILXz|TLUjcR_0|SIY z3L8TXiA9A4F(O#{$keLFOUwP)uYB~w7P~*J?#&I}8Z(ZUwAa$C z*5d_y4u@?F9QEszcPr|$*d2ETP%{NkDa>)4&d)V?7yG`M8xSp-Nl8q)f({U%)%W8z z>gH4T`J*)Igkq4N$wTZkCJb~OJR~Hp*Tv<}QZ&*~#BgHuOa1aAJNer)b8KVE%M3?k z3y-GRm98Uyla?Z?{LlH=3;%M~JB~*cbMXnGx8{h7>X@c6QRAY8X^+gwMI3dQzk#Ka zydwzkesl;p*z^hrZtz>{htH&9B2o|iEzO|e8*FXJIu@@T%r+-9%S7=U&xj9eswBn9 zIIVd16)FMp=K`bIBNcvIWg=GpNT7Keky+*7p2AaOU({0?sbyuKXVPToWL{}4=Z{8nD5V^ zC22$gMr$ryu{QYv{$pJ)ael(xEuf8}XFueQskj+^#n?cKT5A`pLEr+!A?%q8N>$$v z0~BGh@hTnCLC;OsSRQf(e-Brjn_tWCn`;9^IA}lRhy28*{xBwyTLgEJ_V!3=%r`#VKa3{Zb)ke>S22}bwr~IY1#fj42Pq(zPad!ns?kYS z`mnD`%ZPA*#@Z_jE7;ZROw{4%yl*)wGM$H14gaS!G(Y2P>4XIoeDoo9V~%^M(N3dv zvvE!}F*-OjXi^6rxTo*>#!&qn8SR(1Q-@>jVMlhEMhdCB)&;-sp8W`xYB8*a8j97O zbNCq_^96s*x#XEDAe(x|=sFXx*3Ek97dUv`_U->xK1>|{-zfY4FSCm6|7BJ&F*5zH z$7CZ~vi2lxh&}(Bkr+E1Bv!yB4Gaxz#ohct7^-3|}as@u1Nc*Gym14jb-D0>BtyfkuD6|;; z*B5dndlsb0NaR)>iq$wV%zzN+E_lCO?E;sCxv8+Z~Z2@a&nyJvF436Dw}NwxJb} z6^0z{XgT9BD35f}x)cD}V4nohUqr3F!N~z0B&Nz2CpWFo)Pv@Svue)tp1quPolKU_ z=s(bd2+Tvj5VNVME5xR0O`5=+POvX%{vfSw^>Rd`f?7I^c?9FAV19%DrZ$uie2Pwm zBVF!M$8k5rKETk|>TO@w_`kusjr4cTC~L+5mzPsh@=>?F-fC=W_kg8V$aDuK%~rD) z4dYlLsy#;ewu6bj!HgThoZcAKis_N^>8o9XcJD(cPEEYMT%6Z9F}Gh%3$NR5*9&iN zY4qRnW8ady9ULq)sp46#|KfhmQ^Yh!EUk2L3==12hrr#`Ba#CNpk$ag^XCs~*C$Wy zm)qh`PlpNGerLT;H`s6R`gL6YI>~7PY`5Jn{lZ-Jub)RAR_)q4c5>ai2*Y7y|J=^1 zk?-2~w#Na&24c32>u`K1@fWlu(W(e!i`~CoK7(QLb47K7S=OEIzm7b-eZ2a4{A^l% zj~Tsxn|ZI;hT$EQ9nVem(f#QM7Wx#Go#}6`4`l7QIA)!;>gcBx!kQL#*pn6XP7HbBWA4+Zz8?9pg+S*^^Ms zwqM?>P<1Z!l8kMRy}rIGHWiTVaWXmqc6x6~e?OfreNz(W9RZq6y+hK*9bxKe;==6f zElLx&)2$Q(w#&1|{Ty!s!q<@(Z2{sZ!Gtwt{^j0%a;{Zoox!YGVsek{QlA(HVE|d1 zvlgx=vf&}x=tT>|yhsc47pKlNzcrsHy)QBZ&L|7msf-Wm@bqz}RNOvi?s30;ewFir9B!f?g6-anM+RW zz*Y!s0o%%FgMY`Kp6#-E%B2MkIsJ*E=gLt6j*%Fqb0tKDp`v4lt|U@QePK%a{OS>^sAsMA zqmH?=&IDhmIYuc@0i}L$xzRRWtu8}f-D1;E&)ce#-bb0RAU+~yFx=tJ#SXdEm+tuC z&n%m>hnL^pISsfMS6onA%p#|yW5r(Ho-byuUDk{0{=Km&H7W14wy?pL>-Y0=H)hes zsDsD}5N30<;sBVbgR*Z)(e9GGtfH5`$5x);ghGpK`hHiOjUgXZR{yG$jS7zRgJ+#s z4)YiO&Gkb)N3uF<7|BQf=B1%tul_Xw6e>4jV+|ek4}zj7SSI%6VeE3=mmefMf5(M- zR?DjIZQ?3}k7S&!VZj1KgKYYM3JEKeGFUW$y%5ID{Jr_w(7rapyP?dCQ-0cn$QXIH z8xV^gxmWGtEms4K?4oPr$mF7G>1A_DK@wli(|Iwy{Kv!pyqMz$uwjA~h$d!p(mJH0R2Q~*-!GkNGWDd4-^N1|xw8{t()*;(e0v&v(23aA+?DTX7Hr3WOF5}EkN=1t zOkO_grdds7LwL4WnPd^#VZ^EDtZjmteU?}nXlzN-;!Ng_4lNqiX;SnkyJS+mG)VSZ z5c!sQz}?lodl}F}`n`q=kk&q#`{B6rq!en4-1(VT(s`*OYD7DRv-m%o;QiVOat`#I zD92QD{)3*Me~zQ*l>8@m=izQnbV0j9!b`HzSHcQ)91vMt21K!H09-d8ex^ZIvW)Gb zr2td4m;s!M&ZVKztEBuv>o{`$qHK=|^SXl<^K`vQFFTTghzz(6_1?T_Alc(0Ascfd zbUYtj(h#w+g2giwZFXkzFW|iJX+|o|Qk2}LudMRsa?qr*t;zJD zTn0VK+Di*Ps5_Zw<2nYV_H_DOirR6pRz+z@n0v;^`JOSQAb`AooH{B7YVM94DV&eT zzl_2Ih$$c9x>ioF?;ZnjPl)u_DHE|aq1VCgFIM=t{{)3i$iM1VfJB*JSuMZ2Y<-Mu zD%%Z(CPs2VdfaJvh!JNeXfNnEvz#>#3j_h~B^lDW=lheXr^bhurw^9T7gqu$-qE62 z*gPbjSJSIcIVNf9o(3l0tT=LpSA2!|<_|44@X22{Uw1$j4ohEUMF8>H0rOXM-Dj1$pM# zYW9Z`Txsw9P>YWP=&IG3&nC(hTB`KJ?u`7yqm)nmCiA({=JuYo{*ny960Z=d4Nclr zQu9@^sm(VGD$vT~x()!7BKSEDaFi2e@?~DYU9ZF4atg=jLBlIDF9mW=(KBwvzm-uo z2QM`Vmj0;qL5c-xGj7h6erHUpyauhF%OyxT_Dm9pY`jW0@yUm=h-WukSLrDMkyu zgM=1IrT?%CvWIS(nlcdM9OJJC0~XTLkjQCfxYTy?$G7-=yD%!0N=%4u?O%2(m6y0i zrPcLlj88GBfzLp}H8tr1j0fqwA?XKZ+Qn(k*}Q$^7jbp?;7q>Lh2_Xk8z$YVDK;w# zx272>6?T=4wETVm4wG9*+ic=9C!y6Tq_1(63aUUle+;R}0lgAuDb%wc7?T@zdS95= z=$xtE`U^nURN2K%x4UVT9G)f52_td=iBkPal4pwmcfn`{tS^GLRI#TsbgVfQIvow> zn6T+blT^#fJ`UqP!vIHoN4YP0=^nSl?3WUpK`QVcC1itw{p2od&jdWTV9Bic|DO1d zQ>I;8ch$;*C8%-<85>ImzOfcdBE3*F8K<)}_zq@Up=u{wa>-VPXnpZtwS&@v_2V$@ zUibSrD;NY0B&uqYTucA>8H#FFQ>n1^7ufdY+sXu9sP;%Ixe`uGHtSXXyg&Y!AspTG zp1o;WNHMAQ#EGYW-L7Qb|CEw?UfFCAh^Qo?n`RZwfddKt3JrJ8D@wju(29tWK^D-3Do$nUwEeuVtb^r9wVBUcJq zG>ToNFC>mK%Xly@?SoNPOwj*53GM9%+7_6m2**E=VVLVhp^K|_Qo@s<_)706r2bl! zZL0XqkW=rRNaV!GDKX_EeT0I1aV3~70IXH;owO{ z_?z>fkGe$uSJfZ}@ENN37SxXh3Pyh~%2g@D5(}~5;PddIwXOh#25m=gNb;z2_VpPS ziYg(`S~n=mr684aSb6f=Bo z0VUDULK7z~g*wU7@Wxoxj@?5T==q1fCX%SYlc;Kq08&ePwK=a~hWzelzMp1<{jzX+ zav57L9o`dwc@;k}V^bKm5Jn&siP5>t4C*2Q>LMjDW!XyW$g4*|*~c_De-?`8RO+D4 zVKUPeZ3<8rdH@stn3Doh!oGGtOqjwmNWtos@JFysVv>>Z7^6SccE|P*Pk9;Saa$Ld zN4YK546^WX9=uQ@@7MbYcR2mp_8|OS4<8mh%1t5_!(s=?~H+8ZI_QIqd7-KzlOkUr#FcQ zP~fV``1LbLDr1Wb!1_dLfMraSJGZfc5V;$lQ6>JM6CXjjAUE*KX>L>jNneZY)!;NRld%r)H`qP@HIqvr0rV_1HBDQdpENgwDJ z28`HX#OsEEfW3i0m6_$091TU*H8l}X_FPNFzKpMc{%3b-ok}S~zPT)5AR}_vtSYu{ zRU^XqV6Qbd=2~tQj?$)ytr2LPhLAolCo-7Ious^iDAm2uX7fGS6BCdBlSe94d&0<2E3X3bZ?Tmzd8{dPHd1HQ8Brnt^IvStQ>r54^7a61Qkf^vXAbvhT zd&DrDIDlj_3u0MnKs{;mKRegpvg;ZlWuFH$QdhFQl;L)V90zkuf7nt1;qX_@~+(lW9$ z{;w&&G3x7fn;a; zJ`sJgeKWhf@L4|hLWuD;*T=^y!^NyqT=r#&3E!6$V<9jT-r)j0pPbJ`X?OF@dIZVmb;4l}k&^s?S;&&@|747HRu1AU4Y233Q04oKNa1z&L(#T&M*kpdY>iN;QE(^goJ1=ofSSD+ zK1?nMS~geU4Oxi+`uw-jdJW!&ljxS>$J(hy*izN~Cieje`!IeAPv;+Mg8Z4)r9~Y0 z)ZG@KPp_E)r}!igT{HwVv2Z0%=ZV z^^|$7)-86}nqry(WrNh9a;m*@8w;+ZT8hUyqrq%V3tFTCMZ?{d`zk^|MA+O`m3-27 znA%}_i6uXtAbK7cbAj#Ih;}S&bN$O^3ei|jxJECxVh8v$|C{gF6X&d?gyAYV~!zQE<(~tjP+DbrazyQv$ABg5|9j4 zd1yhw%mP(Ih?G?o(t)ye+$Et)5B;4=b8{rT4|8b5zgzyoH<8=x+ga0CA&3y?CZod3 zvONnDhdrF6HuM|+!pay_b>B&H|D-9|xLvfvU~&(}0D7H%PL@p5exB3w~C z6khfdaE+z^uA4{!R`2Bn+_VxCk6=71!Bo}4QRxVF(4U7|trR+6^T?5_`@lv*!P-hV z)r-PBb&ssHN#7;aKxErL-C&r+d1YEjCYpS+o*fsm;R$V$iciQ|vId)BI4e$%JMGwx z>mFq`fWd6_D7ZT!@o{(Nv)SB?LneQ#<{&ar)t(V=G5GQ#!%-%onDUpgj!Qi|hJ&H6 zeZZ^g59clf$Rys9pkKwzxNmGE!ONC95K`6w5uzylzqkCQ1jJwSy3s;OE=xIA%y2Jyr3zh z;yQ;=a-<4MdkX#y!UII#5{Lt^)bgxnXiHbGeQ1@QAT@*Ni{rIi;}`&DgNFo6z2)aK z`dXY)r9CJd-JA)D!pM??aX$>b*w5wk{|1RD3r9#~DiI6!uVC*bHqu?zZ9*mY@OKO4 z@{rnNpsvuLLx@>$(8Q2vngb!;m#M!|gIJ-f+eFO_S1|EqKU^E!`B=N}cK(%&>jG~h zoJuS!pM=PDf+(4M(HR}EX&Bdlj{UI41ontJPxl!WIdgP}ywx4!oBAj`1Z(}k2HUe` z904#Q9HD{YU0x#1cK7}x5O|30vHtzkg|y+?3IHD`rZcPm4Nhi>#QA@0 zfvo>KAoV|7QAPqLCKlHJgrArQ7&#d@nEzA#havq>k${PTnd5&nJO6+FR`d(7gPHZB zKQuV)0(Y`(qS*c2+b0gyqd`^~%%!;I@k{;YuewyGM z8CYFDQ=(A1ywJuMR{%On@IMOagNY z>yO)ovwTTFDzwy@UnPpotd4(>>kJ@1P`1>OQrDS0ah+=!nH+$;dBBN8CIAm`xH{uw1PlmdD(p){N&NHcOe#;WSX<4&u zQ5zW$o0}V%8yy_NzbSd)B}oHc(MP3`}8|Mlaz%0)+ z{X-)&!}llP#fiyy7yiwLP9Tie{@=EZ2#1V z6u`c*u@NAHU+=qjeSWCW)Zdvyd~?$4sVl(jU#Zt7`CrNP>s@An`&-Zgkgqy=&d=F# zR#1g6OlMp$HL$~3{pjDk(eGR0-`~ zeB`Uk$A6$ruKC^iZ+#0 z#Z2}dRr=9p#+2k#1oku?>(`+H&=La={?7Z@r8PXCUJkzhA^TO!@THsm4Mk~TZe@SB zo=oSnUz-~rpF{q5OyrM1-5Y-Eh$Sn<^OI-v&z+gsIevuLYvRE7&*(vZ(r2F-fyzh! zl76B$0-l5ZCWHg%8N)vSnTz^KTf+o+GV%*Y6rleJO9yyD@(aflpnnh30C-aJJ7eyA z!vBb-dkk9xd}{nxMepE$%82^%i#TLP58;2p)IEpy5mWyW&YM^LnKO4@{_m!1c%PBQ zH+o0k6Qj2@_TK``3JGr&9e2%}v4?Fc6koT>k#|K>gV+whjG`2)<4-1-6T z`_lh`|F#a1<+o=}Zu6@+VNU+D|6aFn^*i*_{Qbr7BmAAwHHiOwsu?zGpOh0*v7Tqv z!0@Ae@zl%vRRtUS+c!(~I}bcEo0$Fkbf$d%^=|iF^h0wWS2xRBgJXG?q{Ae>(BmcjnMxc`PDQuRxg`P)cNrp_q}=bd%LYGt*8jAV0^kr z>|u1PSJibGRgNKu<-YDmx#c+z@Ps0*S*=tqyM*QuAu@Fl+e=*xGB~inKlsR{81Ctl z4|J<*S^*2cwY`tLuG_KyXpm|Gzn-IJJ`-L9H4l6aa#v_?rUDAvxsBbi0$jDyK+ z=8Ubyxr6eckiP*wzDVCZzyPt?CKFa+Eqo|{hkh{PqA zIH2)DMH#tvpgUs(ABFdh$%D{FQ4=b9RONq;q9Zk#bwj@xBealoZI^vxQe?(M3r;{x zULN)YMM#Ut9#uz#M>{_|)bixzOFp6;y9mHmaC0?$%lTWfA$yFA9y30S;lW}W_1hQK zxS4W3`SJoIr*FqWO$VH60oE+}r7VZ%W2eNqDz0L=#MxNTC+&6TMyESZT!UJ^>~>3p zuAL)W3y1*^2NP1EP8Dk16s^H#66RiCzkS@<#S@X@Dh3 z21EE3^&k_ASdmN{DypJwuA_?Zj5&;s9P>wLYhBRy?frGCHj3$oby$Dwlm@+2Y9A?q zq4SadObPev$(+pbof+tb)7R8-JXW2+&0 zh_(>FeeCWn5wW~1M5TQa!zq)PTHu9C>x$x|O!hecRii_7S}9cLf@_tF>Yr#s1wIU+ zcR2m$qTgE1+ZTK>@kKelJ<39Ugz=#JcL6^S2T(L>FbEOgRi zp`4q2`AV=HmRg2AIvpcB{^JMQIGl-Zf0RH15Lxw*6Yg!G7*GxbJWWhSyDuijijz%5 zy53|5x3|@c6XNA2m=PsoB|(sJ#m3Tg)eN?}DI&N+Ly?Ko6FTK_pK)tT#y=ABG%$YO zRglBTU`+nH9CA=2k>rtUWG4ZnueQ44nx9^1hQt5qI#`uKA^5-C&&&!_l{C`MSNcl(XnpQ>na2av-!u7B`>j zBgnm+RESOeCmYDFGgj`%R=m`+4MzDi*GhcvoSNCg5pi9HNL%p^Rr!JIEzVAf!76g7 zi^bY6h)X7+2L7WHFS(^b+~N{NB+SYkJqWx9x!@=5HoYsVg$oJrZ&@bA2Ykt) zBP_l}d>zF|F)zell=5Kyf|9M&oP9)ZrBF`Xv@Lk^)}9xqwZDYwvYhh6#N%LPLc9r- z3oqOtcnM(%-x4XLRmS!LR-#f)^BbPug@?hXr_-4f+FJusD)Epxuv=%D^rnNgfHIJRZU(vZ~HV}EJ<>!LM!Zly%$>Agh`i(&^= zG@^#U8xFyD@g+U|=^ro(*_FhOM6JQ5NVvPnTS>pPx0NR!>L88njWaWa+rRxI_Hpxc zDBG)&yA`g0NH0I1InZ9RaHF^I_3HV((Rq3$_Mc_fbI8l*q2LU)Rt1|84ur$-Fo6#L zRYDXhHw?*R{#EGd&1&JEa3-#AO_f=|AUdfED53P<&F_q+fyqbKHU-uOQCvajORdl3 zQmT5}A(&WtkUfG5eLDJzzOJylfg_Rz)a^)4O@Y6yzi`HyzRj=#0Bep42N5Q@c9`dI zb!LKJCmq=;B@F!S`W`#Q6b$j^QgHS@^nE&?Rzol&_2A6D@=+CqYKO~;u+PQxj+n@` zuex26D8phF?r!LGoKUwhq(V1bAoaVCNRc}eqpQ=_nYvTe82rLnVl#W3T`r1|8Mva} z^q>`R2L4+c5W|M69 zI;rPN-td&tA{Ub4O)`*wb+#7q3o?d-fgGjjJmK4hqae0VG*7_=Ry~U&g<-j# zA>SUP?h@17KE}`S@>}apUjWxa**UWubefZvJSg?``xp^7Ta)g!1@QT&4rX}*k{$;4N@hG z<_;ND4}4Tjw+n{mM|Rx9X3Zgyq3||TtfA&E;c92clCvfUQ7!5k1o&oH%2&{kK6hFq ziG@22sv@)I9itZrOfGf>MU{jN%x@b8X?kX`{WoABKJA_ZFOer?&@ME ztIGhdS+2=lCyy@WLdIk*tnSAtxnZ7SLKd9b#RS`uaH$N`G;g0(O~{p1ds2wXqQ@*a zVkw#jU+3h-G|5wB3j#iDX+vq3pk%%|mMoIqE%NM<7->cBq7hu2wPzxDkM7J5mT%60LslVagw%pQU(`ExhgkbXJK@4Ej;F& zW1&nJh^!)}k@k{&wa^z}&&ZrHqG)Wtv{WOX)CNZDIf?eHrWgAi%&ap_tIoyl{8yS27uIOgEpq^%>@2 zL{n!s<&q+vj9Z4A2YJEB3K_@KC*P?WX5ZE>C}azQ!_IV}Dk3~zNQ5-IkYp24i)oCc zn6iUAlEkGMs719aeyxWwfIPdOSed%3p5t%|%cHb{>GI3l2&v#&|?I7^;KzM2?> z1jG1tXrR9dM7-bm&NP(CBX;D`m5ae=6{IrpS`eA! z1CGiq$sTcj|B1QqRA4b&+d<6h;&yKE$^1c}tcky$b38{c^pU2QYl6C(<}$IY z)zA>a#kU7Pc!nBPU4&0eueM1Fa$qt73)K8913_264)quwk5E@!HWbpC>UYEqoW?Lm zahu<5lSf^yI<>JqzL-p4*i}H`%-^HC@Gy|%wHX6)h%89Ep+fX~htj-yu!~|nvPEP( zZ@yT#`kY>c;>b`+?%NE1rG#{Xu}^$bjYmTHJp_c|m#Zm>tz+gN2R28-uQN=p5kB3z#Wq@tBQN zu%?&tC-2@vpu5{YtU67c20FfVE9C0iSnhGAn|RVwm<_G0`PR9hA5$#_A~23O!I%1- z>M5$b-_+6Ik!Xoad$sO2ngvndeDP5a5)3cV{2V=Cg2*+d;$OFS7g?oqH9{&~llN2mBUNC(Tl-r7#xYkR6VokXNkDX1QHhw?6m!PVj7H{0!L$47%Z_+P827 z_Per2!)LhYkC^Y;N|r|6k0{Z(31jxY52(%b{tYY;q&4af<(S%9_?YArQ5K(9;{%De zBmKt@>Vx+?M+HQ>RYiQBSh{=X_5|(lbm++tF{1)I|NQn(3V3}kFq6vjn4_vd*8Ee* ziL`w7RhW_RvX0*rm+4@ktVg|z^ z2?Tp66EcdrTW=;N@B>-AFT3|wZ=Yb2dxHXd#~Y{wHP?GyUYMoNpD;VO=hUlMPwpKD zlYBzWX^r=2-htCnj~zbl^Pi(8tKR_1*+y83Ku92a?K5yEzVzR<(RX%pe5#n&AJlWA zs)HqMV{l#mT@|=oynvqc9h8$&@2VBx(y7~k;)uTND<@@j5`7=zrw>m*|GV{xr^&Hv zM?TNcoaI*|AMP*^APhR?KzZcyzlxD__wsarw2rPOYFP~wybLM2V$)X5t#W;Woydp8 zXVgB!0ZW+mICn>u25_SW3#NF; zQxe(D1B}x7VQ|19$x@=buK`r`{KKS3afjm6iftHGH_3+;V9w?zvE=c){8HB_PJ zAeF7o4hPH%lhDL1$HBEhRzxVj*=pYyTii;cRY5;MG~?WsJg(I9-l-R5rvnp;#`jf3 zN2KKvo`NxqaZc9n)B(xn3{41crNyCmAJ=oNgz-Oa5Ls@;l4QVhS9eRI3m(AIta_T8!yp1nXofe0 z4~w|)&=A+!3ZP72+BwE5Q5(61vjQ&zAi?LxK(qHDY!~10 z#Iw8fTknY_uc&2r(6I%)CDZ)xEHTfX_G(m|CHz$Db#QGfb-I{8{Ip)wNG08eC~Zz` zV3E{Mr*43^g9$%yVi2(H@K~JHj6~pjUbne{i=;!!UodivaQCF5!uJPPxKk#5G>lM%ASm;D+4T61 zIIw+!6m6~86?7ABcj8N~2ZEi%-S&Pdh2o~JSu7egA9{xNJrExY_ZUT9Us#8WM_a7)N;#aB7!*{(-(EvZ}ua99f?`Uf@DKL{FM+cxz7@R z_DP6x`Et$t3IQ#T1x|1x&?<32vYNyAm;6*jA}ZP8qUC9mcsZ3x`ithGi^()@o|2V8 zZh7roop8#6nO|KA&V-6*d+QLkcDETFt}4KQLv?$%F^2ezqJjQeAng+&CCi7U-@0&o ziWKvZ(!p2!*UlJDcr30`S?iuLX1J{Gd35Pu$1%Rc?88y6v+$t7T01n>8dLFvaky0> zsxzk1^}RQVaGSzP<{w@&rP zj%~K>d0URTe9B3FzR#axHySA+%oLQ(UCGdJrYf)tO|F#c#apoPj+& zb>du?#YLhb(KYuu>3z@H@yK4KIbSmxM7TcQu8>LGy+^C4q$;zvW*L#9vWK0&I_^)| z=;N~WEfrm@nFuRG2L|E0-g4bt(It|Ydg#G25z^fZes5d z31dha6Am`)d9iYWMJScw`&Y;zPk}8G;re)!&Gdoc7}nJ&2DqD4hY%bs|A~-P0-VnM z#h#59yUcOvcR-V}AP7bWppa1AsYS1MGldg6g9C~}x|jd^)W8cN?8J@Dwmz?*I@LvM zm&>7#2?hb~Kk{-aeJEgsTUFYo2F)k7)qs!?U&tSk<>1H{xOoTNRD1W_!@y|Au{JT}C}RAapx_skwJo%9pM zqG=B;RsEKD?}1(xLU6}ClC!9Yl`bZm0KtPHIyA~|vq$fTUo4q9TxnTAgxF{I$-hxYQC%`-87>RxyVX{ zWM$CUg~us?60KD#E%0~H1x-L2fF>idbj_JJMt32d<>(lc}rbC_eEyaD&`S<{NB zM+Fk z__6V*%!eWfD?$aTqhh6ouXsf@+lJ@B(r5O#maOmr{Ige^g#;jq||5euoNmagDm zP>SpO@iv2n5g?sYfM3ETQ1okWk0y|@VF zjOapsJ#CNL4&<7H%>q+6yH-+3d;>^Oj!bWi-89gydNK!3GpS0BDRZQR z7uM6;$PsPhlA`Z% z2#$l1@SUQnW;qZYC_q14lJvZg7wuFJKfe@yDg;r$FbUVb%K@R2!c}$p0cn7B1Rk{w zUx%7Y?Ly-wNf8Tf=q^Ll688sh{z*<5{58|5aDxpfrY8Jz&21Lq@i;0u28}%B_Q++) z`kr8Frz!zt=#;m4D|S9m{H;hB4!;TG;G&4bQ6gx)gXvg`!I@F#^jNmu@OB9*O&W^< zoPaPDuocBY%$I9JH6<3{>zN^hhs06m&q~&JJ4R#Cd00R-K6)+HT~s z*#W+FVy7mqE3A`nw$0sX0&dlTO$zE^ipi1Cgp*ofI(j7;Y!cjV-kEJem<@s~HffkA zqe=j;orr$p&JM{;Ihq7_#&AeHGO7Eb+zjXeg7@W-n7}`p(ck$8qQCEkRk+8^C;|`1 zhpY>~Rw}zf3FAq5tg|%6=n>r+FI@~*1XHpH>YE{i@$@a}kjj5$Mjl*tzBE+Bx4>dw*`|@LzA0G-(lm(<#8|Rv9ehRsfv2R*tixp(~yP3*9_$%TlOgb@R{B;w|I9ahp~c^f{e&1NqCt57I3jPHb88#xpqPR)Xc)9 zMDokTG%Sq#C1sjWF2nxvI_@$2I$P-GVp7F?%U6r`U(wjFA=c%UNCg$T;;KyT*4He6 zDvUX0jeq1~N_{*`H~0c4hO}RRK4fZ zjeO(nVah9N44Gtoz=EezAPSTql-hg+((l8Il%-pz6Nwwf|u2 zNzT4lE-JcS3PSYijt@J|B7tb%$stfyu(`TY7i>TS$>dcKJ=Eo7=7%W5R9qk&k?ZNc zlRE(QW{>4kP6pz-t+m?njgCzD;nT@STNFis?!Y}MY-c{E^Jq2j;gOy?pXaeJ2JT;T z)>;S!Bu4PM-rsni;j~EQXcCw&t4&m{itOqS#&+5>%q3hsG8aFHRHtWfl>1CdMwD&p zdZ}hx>tP919&4VFyB}xTbw(@++j`U4qZ`vr8p~;`ogoBY9$)f-Vugr?vV)@xE=+}d zETzmKex)UxCnZO_hY~i} zu1P#jF%^+!?k$ZQlHxnexGV)i3!l|cs#XYc@R}U- zrQNL8Nso~q0>-o!rtRxhYuurOVpbnu%!CK!Iu6)We>`fnln#=srM}+uKOX?KltNYa ztWY2LdnDP2hMUJ#h$x`Y&9(YsTM=N0;L6}w83ersO%0h>HU2b17IQoruiG5{=gOP3 z-~V~tOFixGE&oRV4T2T~8|)fb(2Jvq_0e-p8k69rW7Vd^&+^bUP&6*D;86On2CK+X zw3?d{U?r&96XVL#+O5N%>inLP>k;}QWQD#vCpwJYV^0N z5m9~}gcVa77`P~*?Z9ZLTr+uI;;$RASvp^8Xns3fVt=N4pGNi-_Ja|oEhZIdqo`N z-#{Yg((sNW(p?AdZO8aE7qY~zHvQ^Wwi?Q8rvj+TS6yP-fR1s*U|>uF#lQK$KeU5> z(HK|z7Z`mVOr zA3r1r{7qUN5^z5hcHo(|VJ(l&V-;Ig4VQ+}JlK@05`&aJP~DK90lIKtS9t)*+p!lA}P@8!iNDYn6KjxIG_+ zcs@PKzc9qkse|$V_=5fNOuKhD5(1DIc=Q$H;H*iZFKad12y_Zh(phig=({;+&=r(~ zZ-!=7_6kPPp$VElLL6VnD6}vn;A&vw06Je%ZR@Q*Z-RJZ5`;dP`)sNXnQ>z)L|yIQ zdKrsO92z)Fi8I!{tAU;+qC*{|p3_V2Hg0pOM%YO^iE_fYCHFaJAM?5zicNyZKX1hcw* zCbx{2kWeS=+Hwvu@Nq$jbhcOTe3iM|`!RG!a}cbe)<$3sy^_9)j&xT^Z{-d%@KVHl zABz>R%|d-Q8^qYVYcV!p&-JVV49o#lT7by+oaP}{)MN%xC}-xd&<5Uu$LMu22^LTU{MKW_*IZIGScF5apV-;G&bC=g zxKI{bz=fb$t9!7^WGt2<&H-XAR;_hzZ!d}mTzpT96`2pU8|C|(<$}BE18_zCLF+_g zjFBGc;!D6wsF$5_-;41EAs_k4Qee?&Lw8i3?_OB8yo3G))R@u}Ry>b)kvfdwnaIwD zNUKJgj4~elR#dtAnwa zi4XZ_n0hOTIdgz8bu2AyD6=`Z1umW;+q1M9kJ#PRzCsmS3QtvO$>bWujy)^K zq(*H$*KJj8kzCfAji>>i>;m%g?B3MZM2?r^r%N*IIXqpY_JVKg&H9Sus^@?5cO1rgoB8gwxM^F3cRUdyZX00hNKAQ$ZET1isUWyjcQP>YXkFvy8yU#0cp9 zEkFxrpV1$KMAgF4xoH+%17GEUt82)j=e*tsJ3r%$7zq4oGK>eJlbf;_Wd*F zN!sNU`ecgJC;E}@%TlLyK+ukNbKm(g$*GmgGNz+2!dYHttq6lRCPZ!apqaP@ zlr|V_m!WeqNSvldZmE{6u|=9kfs?p0y>Tr*OVVnt2vvOnSIOH*v!9wn63h>P9}Kf# zS?!KtF6o9yUyETL1pvRHmpbFh5NCgQWy(BS&m~{S*p}Zmbj6M+FXZe2(0dqA`+egr zIZZe{eN+J2fE)M%dS>-b4b!!jJ}oVW~$ zYa5M3A77jF3!4Ck_t?OhRz;81X=s|QG+XY;w!cjle%bRO6>NZT{-(*5rcMvjJHpgF zDgsjkyF8axt>qD;HAAWoUFiJQf6j4O?BY-h_8@6hclH)26C1y-#b{GcuDh4WoxkF@Bs;O`&f>#5=<`^7)-3gNU74-Wz)a#Ph2?J!+bCRKuHj@ ziPH;nR8x zmM2$;W-=+T-Vz>!wqR|bDnI{rDCsqEI4Pi^@@EBNd@tr({7iUC^M-jDXQClyCP28r zf#b{!TOodQakQ2FU(z)MSrM{8Y{2}7h!lZ|#pu3-%7u0Ha)ZmMxSQxY9&^K=?Od@s z!iqjpAoKQU5z`y>+k-9QEOvsDcbTR#2MSZG#iKl9k3-b=J|DPnp@*PLU&D2;EuyTf zcpy31_iA`;ZwVR6&hm^_`8$Mv#?T8lAd~kbhtY6?w`A$gP45>TGvKeAB#3?6R)vKa zDpjnBE-6n9O7Th-aCXS#_};?TxBO1oFmx|{8>42C39lLiA~q7&+0T0q7mDXS4;59+ zTOr8{n8TeHUeCCmG0|7RD1X!piQ97h&z55x8gZ&X$xb!9ri)2)i%&w!68%{>*SWJi zOZ_efC5(Q8l_BVjorz&-q_Z||s&w#@u|F>LjcC9Si`?G?|0uDqM985v047k!FjkaW1mve299rC2)omWgy+W z_Wt_d_bMHadUPO~yZeB(5*Hgbpjn}eTY)7hG^@fE0vu7m39N*S)>Am28vBre@Fq28 z*2%A{k(w)0AI3k*6GsA49vqHLOGIRTn;~9#Z_QzGJT1 zi5UGz*GX>qojEuwu6`gjnEAvg<7jgk9nZnZUKenx`PbaHLa!*-P4a@9?j&F~6dLwhh@(Zx(Unl#4PgB5&SoVAt8Pc` z+ovr2`BW7Ci3u$(2#r0W;;5|rD2Y>+ZDSWkY`p6t*Feh4B>EskG@J+B9Cb3!T%S%I zXNiv3(kOuXAbZ<~^@&FA)!dJ1T!ClNA9&m%b02nPl759je4t8p`w~${Xn<{P9dv1qIx--yD%eQSjT~%V6`r zLPfoffV)NBOfW$19QRPCmLhs|xFi*2bO+s<8h58R71L`gA;;3HcoPvW|JgLi2Uu5I zQOG<`f0>$^D~Y%=1~l_O{^|Q6ispGLLKQE~Ue2#zpvv)zk+iZNh}Ao{yYaS!r?nW6 zqL`?39M;LPdt%#2RC5&`1Fm)#Mywcv^WSRsQC;`2pIfFvS>t!lMhT==w`o9jQ-=sq zxRmubq^91r8HczBQk6Ca*i0AJQA0)okP9^&dhKC4kXGJ`EB5k3PR|uxx_U139`;^I zs=DHck5evq=x!WJAL-BEPgcq|7h_eD;wQs}fiw*@b>6KB@eesgbb@rET9`zy}E}RW04k+NmH z#U%gW{3`%pbXLzf#%p~Q`XCN(n8qmUc?rSf#Y-(_A?dxt?d?(+mBLr%DIO1Uef_x(L!DC2vygP@sX2c)_zrSEQaZsW$Osg>w9O$%YSJ# zNBxW#rMLa+uDBvtByC!IuzXkZL?P~m_TEF7+SzIM;)-tR%(FRrh8Qba9GbTXA z+ox^?ODM6%McctLi6ARHD zlRbp)L}xVKaQ6%VYH|ncCw^&1>NplAMPa1dx;udQbMx>Co`|w&&pumuCV}v*PI>6u zQt{7i{7vO$u|Gm{-Og!Gc6JgX8QHUvDe@EMIFI%+;{+j`up#TR&@CI=9D`iwWbv@@3`jGV^ImIBn!14Pm>+VU#qIq8g8PM@JY-eJqi=URD>Sna%xD z(ZglwkTo#pUN1i${U>rjX?XbTeWJ?>EU$!KMI$m7_yN_BvQw5J@GE&X@Gv+L0#9%( zL%v%p8R{oz_S)T1`Y(eY69*8jE4+P1VnEHAZo6M1Y5V@GnW*e;X!JuEc52gh6%_(4 zUvK{|&~6Y7v|VMWS=5YhyZukUa=jATztG+ta6%L~7@`H#)Ez2!2d5SuC#2D@D$e}b zFuMW@-#5G3RZf|$YC^ZI4s33&A3%FXyTsqj6#nlx`$)Au9e0{wZpBzWK7IFISc7&$ zMBiZMQ*TA69t}ncoIavp?6&hies{lE8h1EJG1C`(rlj0=QVXP?g#&3nd{u;6&eD-q z^8*Bfo`(X>N7(~AOolhMq@daY$1xWLch_nL;k6vDeyc}e+~?g;!y#Pk3H4jkCz@uQ zsk9D|zc`H!Xf^2uEs7y}N+y%`Y>THIe#hQU4eUf89NZI(awzOrfG5S?40Hh0J+q3VFCJoI4+PrUcR(xWBkCsIiU z7M-#yho$nKSW8=qL2<|4>*P);vcM(jW3Ge2g?7KRzWX~Rv(|;NLLQXl;v~PElCy^* z-|;0I+*b-A1%yznznd);{ zi$-bj zoGoT6@yXI+(#dlkMR@xZ5frdE6j3VraC1j{ET3MxbVQ3YV(J#e-77An2ULnesPt1`(CM~Yeo#w*jY!AOtd@?w}T z^+;6<_^b|`CH(Ky;yCd^C@fi*Xk`pxoHbGeeBWC^Ka*{15vgNN>xfoU+bgldQSZ=ZC=ghF?k3@FILh%y}aZ`c5#2XH05B%{#SBt_*3&R6(eVbThMPI>Qpd38U9k$D( zF~xMe_rK`S`*yDjQ8RJQywbZ^Gyy>c)%ht$jHPJuuE`Zw3BXhxY`4k_{@fwy%tw9u zZ9TioSS@sLDywQM4QB)zGj@p2YYFpFJD@QCds5yk*H)mq9{1iJ8 zYo5uC#f=j-FO-c2dbC^KjfS}riaP6$D+;W^07u!Y_INB zzlc#{7TffhIg~ztl#tjkcFdvUv6mB%ZKwLSRhruxrWA{b?pv;N#)AcV1DUKa>#{*k zhy$s<>VSH4eb^Q>2EX+WCF0Um2j0EP6WFx~z}U-90Jvnu3YK-seweqlXWw#4MI?;b ziWpiFjhL(I3auBEyCY+Z#19uoQ$U>#n#Br%*_plU@zWfl2#Gd=~f)5IYcds9weNuZoXWr%^t5^;7LzL zhnQDJVC}YPE|WHvJZNQVJd!JjtaxOjc z*;!X3Tppn0Z|%6%@k_y|_^AOQ6&5IYrlRP#3XU@07O%>!8E;#)c~T{N1b-m11I<5| zilL+2JxoNI*!;bPK~wEPLR3*2$`fO`WrdQQ!uLYCcLj71hNZlDk$aGL!x>S5rXOC#ULa zzzDGI5O{Yw^!;M&^1Ut$U6WJBnaNnYNh#O9fQXl%n@Sy2`%(3sIgkHH8Okc!lnp;L+sV_O?`hzS2L#_l0lm>y~n@U?B*wr$(C^qu5xl>TE{A-7(dme-dne7JrQ5qa41Xrtj?~X13J-`JOOuY&|M^xqzyPE%f}0 zY_U!YmCi(hdDyAWfKu+}g#OAKt_!Q~1qga&Trq*CB4II6AJQBGg%g1k1mUR$*EeY> zrTp>QsbZCQMbcDV?&Zg%sDF5iY5q;{Qpy!Ohf`=40Lmcay8soz1ZV5Y!ft$>bi;&SwrwSVrKYuA9xAUpK3cKkBl0Gd@L zQ9KuYt`v{}Ryd8q%gg{v4k|w5m$P7BZ>E-h4(wLFF{YV2<5I5JNe zsM+>n6M^x0spf&xbxu(I>y(a4;4|QkDE=_T^ZpsfMe^p3esSzlfSKYSD))hhgPNvG zu{c@ZQmz3bYH`P>VBiS@*?)~-NxBh<(xVa+9Pd>Z{f;S|e`Euc55d2Q!7-v~r^ov~ z#9{PWP`-c#cW>hUp;x~c^0+%ZLOd#pq-c+@K4;N6#|%G^5Mc}Xw$aStVo6uRu|Ws& zDot$7We5Put-J8w8hVQnn zrT7H3$jMxyjKvA~R(?D!#blWqKL`+0Xh^I2l3B&0WX1!~BhXD_MeC9RB&3gqJVDt( z-jbUaqgf$EsAu@sn?P}-m|%jd!UW(1)jLj6I{MNGqi|v{bVh+t*P70BT7|&0;<|!o zc&}C^&nyq^N^^7FHEP_R1t|73Q1JPMdjlOoLW?1(CCm0sgwc2(C0g>GsH@M&H|RQG zgHNp=z6$+ej}-zWr9yHsV0JINnLti76bo7W47pUhE!}0HB~NiXdu=g@cROZ?M%yx-@RxLRMeTonRZ{~+yL~>*nLI# z!gyc6ERC{okzg=SmgpD6A`Q*VJ15efN5luLcrowSA23=YxE5@)_t21dXypr>A8Lb2 znNERYu2!6j6PzwEif9NBMbsLOuco9~KrdK`lhBfRDZ>ruL50cH}O zD21>t4yly%m=lJZ>{teQCGFua(9BqNB`r?HVO$4n2paHOaru45&b6)+**#uU&bSN( zxQS9s^EYP5Mzn(t1%t{3FcTchyS`TBsUmXz7Y+0uY28Djqe5>vVEgGFa;jVghN@6! zoyyop)uLY-Jd7(Jg?)bBn%ub#m%UEsm?HxWzd&*J9yD0!x}nNj5jK^RJOx)7x=Drz z)rEni46CT?4_BhMxy{vwIo`SS0$Fzpj|O1WD1i ze9gTKUMeQG{4wfbhApSKGPNa{BuHgwz)bJv>x0mjqx7waA?=F%HM8er&E9 zU>Y&&Y1B7in>m^rZB7g+D`r7X;_WoYVfKL35+w^Yt_P4(Xzv6dKQbAE&FV@SC4&r8 zYR!v7_3A|U!}hQGcL6RyI11wM^A7|C?&=|H^3Cg^4(zLVW7nWoI^YwtFDw{HflS|P z(V{HgP-UckF~>-c`FD@V-qCXN?ngmK2HF7q)`8xxP=cgK&mMm+qP@*#E-}*e#yT)% zeW{e}P|O2DLGi6n*Q=>Lz$f7BbXb!|_4#2rBrznZ#0QpSBSjS@Bwl!T2))rK;C(Is zPgQaHqXYmV*Tg{-9uVLT$O<@}>=tiZEQH@WZ+#m=FY~U{D(AuJAb4Ym|OX%!K)*pI=+qGKpZ6yVfyELIw8RCky5l3=|7yE3$XKa)aMR z*0`=43!VUO?_sl{05g{^9aNNtC1HkRp^i=WipUWLs1SvnX(7^ztAz-NUy<8y+cgk9`m~^$YxU zz_kk0;hwX$l}3g)_pekgh0@yl9iDu~rTb3Vo`eh_hX-q0kHDDudChUQ9*S?hv5pz; zxoO#gO^A33>qj3_ih&fPP3Z9ZuSDet9eoL;XGy@GK514#Rve}lXz8X8ef-_rFeG<% zqxnhS$0W^7Itc)dr;Z`#iO@TXtgSn=pY9LQKyM_o3nU^RGFdj2KLxN3jd^Z$gI5fg zkR0+JLW6McC?d_>x{NNNQ*<`xNr;nRDFt?NliHg(EN3YnW-O3>d~?YHU(6E+^L49Q za&bt$r)J5FJmV<}w;cg(bT*mhRBZcPE8Ys_pnVpFjv zvb(jx?wS(^L4<~oT|le3T1@<8F`&8w!)~qqI&1y-U}Oc|sklv96Aq)%8&7XJ-smWe z9OTF$4@kHgxJZq}wsD$YfQX`IW$QDoJDLF9NK(v&PUZ`sB89~ts>aO6jUwDaACE$*vjoh!&d&%4c69M4mCX}XdrIgh-JgV*v^}^?) z(w=_atP&-5hcOen2U1`QgB*_uuefB+!_Un0&qY8X*s+%@b-+-GB;^sijx6dru39?_d95>eU?*Wmu!W}{zMA(q_R2eR;W?PSk6Ma}g)z%n z5=GKP>U6hsB}5-xgl%6nM`#x)xUVg4EaY^KZ>WCzCwybdGn7a6!lyQFkb|~^(%8LO z8@P6g#~fFR))oRGQF22xDFrq_m0WnkJ1u1lIlv{A>qO8Ak$~x4tm5_kQU;eRQ=dE> z{^(QyHvpz)CH8I!Ocisc1Z)+q5Zq9v1s(q|{+7bx1&58HBTN9AhE97e2&P0qb@&Eb zU=XGIL<9ySGo9u)a71jIF*>0Q#j}&D;k|A)&~hfkL5e?n0#tMC6M*$|Gkzhr6xR{0H3Eo3mtb0TeH{!$~HGr*M|)lZgkm^8{zHLp2?Y8 zA5sQ>5*_R|Hjx{Eua?VCek_{BQvxmX({Q^kMp-ili)B|1g$G%OV_Q3$_hoMpcDaxD z#d%oP?pI3KeS4vH+)8PV>z;teZM>Q!muVjZBR7~ow+IfO(U9QJByUZML@V*s-~Afj z`A!$;*@;*02BZy@GkT{j(WSy3&e8FZ@lS3-!?kPb-R8RNZP4AS1_7A_1QR}81@Hl< zsNsH%AKTj$MV)dTx_N7!_Y;tEo8N!vRDCF~%KdIZv}}zi7@iRV|Dpm^haB?EGo`O% zF3QC&)tC=0DAu=rJJ_IjenAB8pD}4fk5tu}UZ#e+uQvPUi79ltymD6mdKZcY2M14( zkE&9qKAmK^=9CX30313@qz5rq3PP1b80t~#s`UrX>F3?EtJlIQYRmq& zK)y1+D>mF}c6jy^_;n&Kci1|>0If{ftcOO*ZXfu<=0)Zz6ipska4XK}8pVB1_j3f^ znN2D-Jr;=^7myuMaE^@LHe;+lWP!Ot{Es|#XqF<5CSA&GAf}MU(eH*?RY?jfUloj@ zIejUpvr&>A#p~^9IJey`o6n*?*o+}04I~Yy;uhW;EiB2vA9#}XW}E3ByOXI@d`&7Q zWJ95KgD+ms5J`rE&&dcWZLmX;K&TuC@l8By3;FIo04N|}cQlFFXX%}Z@m2$Dl~j!7$VN!cyXt_~JYkQrSxF&i8X5TmwL8s4 zzVk8L%I)jZpiJ4Yzuyd>`Jjj#H2dgDl_~EM>)*5~3wv^*B$M9wW|{5%#@{maiRh$*QGt67ES?wj0I zPdf@<8a3L71bSNknx?cz+eMHdt%f-%|C|m*HzzK=Wc_F`<)&0|s#Z5O5YqlW5_d)( z{ALygOIQO6oT4#bBOvP1#Fi6-qWZ)%{xa)8xSj?eO1Qe@VUq5QudlhvI8ns&Afk3^ z{TuCbsYhzFh}4B6k7Eo)jlzIZ`Jk@VmDnd)VYzB?nRUKjny8@~7l2I3*^xAj_WCzx^tjq}ClYl>k0yFo7sJfL#0S%<(89 zr?LOQp`#a56vC+pkv^#BA#8*>fO}%6Qvji$dKPQ=w~)67i|eKTeha}M`vQ6FebdgE z>Z3m1m;@^hUEE;EHvM83A`8Cd-#Vy}{GnVI(t@&%n?r2|`8ipvd7eg5%AdU;{i?2k zajw{@dhxu_E+9d=ROZy8t$~kyNJa*#T=*Syl7F$Lc^GeW@Dw5TWhEWq!LMI0{$DmA z8vz4>y^$3Z56}OYfB)Hlj2uk=^Yot$$jZk0e?Y+h+XiH0<7EBcr6K-5Y`_;#g&gUn zQ0OB(l6Ly-ot>SW{Z%;$=SSYwx08Mpm0BCIgkfgMbsI&~s{>ka-Cwy^m1bTt(^_fYS z{Cd7U)X{JOK!vtu$KN!;nSt$*9SjhVZu)ht44|8wy|(tvEI>j3w`%}aOb`D= z;`v|w*~dS}eDLot2LPIAnm^dLyB$B!#>PLdriO}&pq!$Hp0bo4(Eja7Gzf*nWOL^S zhXQbnt*oCD3!AI!``*3vnf1xl_2Zp`yTus5L?SAHBe#&h)iWEYMn~s=X3njRKhnfY z`i8r4nuEJC(*v_`7I%ly_v$`}Y6STgUmaddKVOcv*SOm^J%7TdYOiLeeiIB%E+&ih zZH|thli`0`XFiYzbD5y?p#1~W)6*jpzyMr;{&=OSGJd2AZ_XgUwk99eAG$$xZAC%E z{olG^^J|kh@4w&!TN~@J5DtJHKt4TxmhbvP28Mv?ni-t{GX7|4uMmEPee}RHe43d|*y0=OmwPS@e;d@s_O}50AL<=oGUg zHoSi~54#<;ba%@6`}cg%uYYT*(C>8%s4n%aUwv$t=tpmw2n}uZKX;5;oYGnz05i!o zIx@6>D|CNaYwy&O8gJt-QT900pCcSjar&+lDPfHKjqaCCRt0C$JpfTwT-!F_hg zNx=Oik86v4;mG|YpJD9)GXJ4~*!?8GVeSAjNPnbsW&laY_(p&Xl0SrM07=jIM!*ac z--NCJN!R$Eb)vWMJ!?dNVY}9f@4|O26u$*;TFJlC+jk!-fAd~^E&R{9@;~rBXaBi? z58dYfp?r6kGQaa)U`zkGfN#SlukhY$(BJgE`oK$lTE}riUXrJN_w}oj=6= z`mW&W^Zc)UT^irOd#W10=o|mFo?KeJean74yKB|I0e7UDf53YwoBzEp+583GYuWq} zOm(aI3;+IgXXN~z___W1_4o?==y4t6KYi!{4ocW))LHrrJdiYKl%v#4f*-K`U}A4Qw}b62T|&WyU0px`J_Pf zau3Z0_sd7()~H~C-H|GET@f?cFv*&l&10Rbk$AL&yO>G`eu}-LKSaGLI^o*5OD9TQ zCCxP%23|hPQ4b!XtoEA>BuLou6Y>BCb>7#`MJ2_V<-?jVyO+_3#wJm-H#*{d_ITwb zi`)85JZh|e$4=Ujmf;*aO~438i#6*REYOJ7PPB32C}E(332|)3o#9b5vA6N_o5}Yg zPLa(MzT=J6qk3LdH;wX5d;HKTo4ec&l8&tm5C(UDaInc<(01k#MfL3Ke)Gz)(Oh26*%#6(j>EPf$c*{E`%VI#5!vku@W<`JsOlbO z^*Ia@RY}%H*|oJbjD;n^LDYUh?@dTjdbQK+Sii`V2VN>0fDD<864RuTYk!xxR z1Eb>a*?QfDu8CM6tu3r_c8d>XI2q$c8jjnL zduo+Cg8h_3c4cwYBgRu39NPfgHkl>-pc+}5?}6n3s6K_?;3UW_e26UFLAx{AqzES3 z%Ml|xJg=+U1hEA(f~<$td^9CuW9sGGro9+)yFQ@DP1TLyG*n+RJpP1z6s=#%D9fuQ zRsXo-(3`riSO)HM{2%{xtRr(4ubnGf2l^*@_7Y9Dk~;+>w{!yksgjB^(WMZVD|{FAZ$fWsSM5}E99 z5?RKkg-Xz0;&kyv>_n=UcRLP^5m^LTmBj`W2X3rBH!s-Ly3#WHiyP#95mnj_Cu}O^ zCc0U@O5cGp_9<1o)Lj~?!|(E6iq?}yNs$)XbTCt5m;ey}5sVbwYv4Zb`FT)E#;mV~ zX8>B~0+Otx&5~}bZ)>IEwxC^>ugH|K@HsNZmfAEgqF4Jn>(O)0Xa1=6NbLZ8Q%?6; zhiIqe@zI7^x3XGk`jh1x{0>!uBGg-lhjUa6iuxJboqhvw*f0b)^hI8<>ReW!35 zRNt0e52MIkO%b2zZ&S%~eiz|w)R1}!1z$QTLR`o6+$Jj1-;RU%^9Wr?9oKsnguifl zR5F_J;Nmg&wSl8zU`_Mgu9B{4lBE1k(^PC_0lhlqFk?g=qW4Zm(sdzO9&aJywkV}t zQ!hkI4|XsmF4nCl)S*GmGoh70$Eo}W9h^OC=oCVSU>a}q!4PF3$RCHE>YS$! zXZAX4f_mP%!vqwZx_6=BpV&98q zL@{M(7-Vh7+?2pKPY9_SJ9PwhUOS;72{>UCm9%<=2mR6ZHDUY>wP-f{4Ay+{R68R{ zhi^Pm%OI93s&H)t=+N@_@R~K3*J=TGFxlIJpr(|Sb2}1qxQ2D?%4A^oRiVd4^#=av z;58c&RxNwhPBhi3HB|Q~X@vwt{`=RrWInXlcu#L6$RzZQgB~&;ekq|hE9yetTl*+R z2^9rMid(Fs>4?jZNGN~zszu*6GxUKe2#V1OF>RRz{9)ZD33s!s5GaEq$@%@^zwoD-amhKu9ve$2T=Yi zA~%aEZ|Z%>AM@jCZEqqRj7~-i9~hmNoco9S%OP^Vc5*#S<+$526=ZZksAYI-8bllS z-ao9*nF%K?@u6A>!=GYsGUCym>>r&6v)X18zpBzG9O;ZD`m;Q6CaT8HdDZ`iFE zw52G;t~jN^Vykz#QgAC5cM5wSQ(Cqu6_U_2IQG|}KNq8!1&>@})1#sC^StQaD78c# zE;n$e%}W%OGFEuczQrGe^g#m$s5KmovEbs4-#N^<;C}|kg?`ym36I<{2MAtQ{ro+y z3MET1jy(=jG!tQ-$Ou5hUL1pEWP}=0i{lvCiFP?$Y?pY-FE#sYZw`P=wt7YuAn4uuhOhwAQrbx=%_LLb5&JEMt&@t`Kus7aWpz_j$`yi!oOX|lMi_Nv3y>P>`SmfD za3(m|%!Q!yDm;F*znBf}PaiA<~j z!2)!H&-LcxzEsCP$YAW|t6Hyjt(l zSAn@nV*{(WFErA5J|=pk`Dd)#81hu!fj?bkfTw%&uVIEoj~mNG z7D)#7ib|dbj2bm)JFA=~TP4xNBe~+t0L&X&LPu5De9_i;sU`H%TEc7;o|5q-*}Kf| z_p%>Jz8aHw@HC#L6@Wu}hqwP#$m4pwLI=2=EvC1W2v}hGn2vC>n43#e zdGSHZwTHS9thHV@>}|NGdHGccSDK13FLu9Zq1Dj3l^m5j$be<fuHuY+IM4FOsf42-5+PV)l4lss0M6Qmy-T8&p4+v8Fria9Ce)xq3Y;kK6l zch|E_p)>J-fx{X5Yb|cBJ8NQv49SZ#^OKMUmO1kbp6q#`_`ne^aoUXRVbq;=tli#t zqw4fp3C!4(En<1stLLbj8p6TyrLO7|Mqp!96uJ9YajBn^aQgE4jB)CK+q^Rl+2c1M z4mk8>7E=@0igkVO74jlRHK#3wtDbquk5LtEgMN4Ro3lYxVi~ zq=-wYe_g1 zOO=B%yQkt*M(DjIX2iMq1owyK)G~lCR79Il~ z7^gD+P=x+`uu*zNtL=2L$LdZP1Qm9hZw|9|x;}u`5Tcp|!K5yvTm8-tHw@U#b_+7p zY;Zu{gf=*3+P3Dc;i64j^xRMmTf>`3e) z|IuSa>Eigi$-=QBq3`w851^2gZXNK zUg_+why7whqS)N8nR?d2gMqn~I7AgiQ5Sx(54)g&l^9MgYo6~15(S1Ya!>7FGjpxfg4O0XE<); ze1=x~xmIaSemmuJ&^*Mo1>ql_tY;H|1FvK6ohcp2Wu-0(2GsV>;n=UN^5e#AUN`aZ z)%ZH%UC>BRjNiHD6KmoYdSPaaiE>Qblq5lk0w>uG0p=e`r!FIk@DP}J2D`ABFP;Zm zYP^7+A^FYsY@HW}&MEW^YQJd1dSWZO!O$?(k^!=ys@^f2-Q2kf_LOnQ^`Jg-*hzwEd z{H^CJ(M}Cd;bL&FIQvc!35A0(#EWvdgYhL-xBy;PL)2wLx^41Wxk9is&8&RZtOI+C zaEgqTwn)>QD8G{T%C)dKF61|lQ$Lw){uS19<66rEo2#mV73!}d<@wU{#2ePgc;z)% zWR;~3G)MguArGvr)YQXV_Cu5uu9te;Rg)HS^$J*@!|l;PLQgT3d@i6`BquX+2|a!8 z=}oAWeX(?)d^DO^n|oolk{1NMuz2Bw$egg*X4%6F27ANICQ`4#N(OmBL6<;HTutcL zMr$h-|2(I@K{ZaKFc327hxO6Jy4g~$3xU3$J(ZF{O=UkuyZrt)T5(EtIQPqCYn43^!LNyzPUTAzcY~n9 zj5)=#{WegGlsZ0V*>~joOSN*dvf3a-$=_y8T+W#MqQ9jiGuZjd1jAa&C{2Sdq_H*} z&VnxV8K9(xwtTG!>VbGRgLMYitsru}Hr`2ko`=8|ZRpg3C{ z^&<-0{^IJ4pim4@7%#(Dx#-9S6}8egi3{gCEopZ~-W_2aVC2jo1a zd^7eL6E9tGi_#ilH=(mo?6)`YL$U^&EZhx}-RV}_oC3k*$3tDTXR%$UCl+<0Zh5+q zll%sMeAzjcFZ?B?y@v~Y)cpL78p9Shr_zOlmo95vlz&d8+u6@gmJLdVlAnG-2z^j% z0`tMC$C5yS`RJ46Wc7zwZhm-DacH1~-O4}S06w3o-3II^iCuZ=?AbAoVHxSjroz!A z(A8oTV6`kqtWC%^fsJbHIMYLMWSf*#jT%v6LVv&EvLIFkd<5}xq zrPLVbn?`J)(d418SoX#)0*FJ$Zy!uIbk@d0a9#ZCc8m#;Vk+-K#7cga3QkTNvc1>r z^C%6}8|=FUM*#2>HOB=fB7Rv77JDOHb#wR0>Fq6yUh@{q+Ks^vI4!i@|TqS5Ij zaF~C?4?Qnr#gT>lNGlmA($aOf!-zx)CwXMzC~?UfvRl4*WJ~|V2N~4+<)iE*Odz!YQpFfuIW`PLUnwln3`N%k{K*eM_@T#xnqguP<+ zRX#s{?$@5?`}xh;(QXB5BzE?E;@iTF!BCT`M{Fz`6_!fx%_n3TA3?@8{OR#@AX=PKw~U?(`tt)m_6S+~HSVP6 z@B_a9UcK}lp$}eRum_XA*q$dM6oFh}hM>bomghqG;h+2Ux{8f4V-ReSV6yO$Q4USD zm7`WW{CkCis}RWIr-=pMQgb{oWD<|uQYeE598_V7gHi>inrE+kd)fKrq_hh4W@%SL<3s!L5thT*CmSuidKMVsjQ z*(JRWRJ^79JYJFw zUEERuCZn^6qi-yP{*lU6o2AIb!?6c5bHS-47#Gjf7KaZ}+L?n;uE63|rm|Z)GdIJf zSKm5}!%ao`=<|uvAgI>X3ukbU(u2>W;E2#glb#tK*W!JF-L$dG59#AMSUj0NTBjJ% zTf%Z`Rk@8Tu*AdMmbvrr3wP*4rYl&5o2Arl)x$tlUWQa$ooOnn=ANnxc}l@)%VW2U zw+v2tFt3^9ZB*15st#Ow$M)c`77N*YV&MON z3H`{|*J1*2Cke?X_NrK;nxnw{NtrN%g%0i(7&XBWiBiR^q<^@fzZsLOyL#N2@ z7S~HdCpph0`k%Ye{JsBaR_DO?bcQ<;F%wq6FS+VVd^BiO5o^kNzDa}w7uaFuH9>T$ zxr}oU{R>?5riS{d@JL`PASan+VCa;pPKHR7DB4O;sxQh6aD9PnT$&*EQYbr1pdE!(>;;nca!H0Qm<`v+o~dbR&R9zsTI2+HMCy ztUu!ps8#jM8v&2MR`>aL7@PYOo@TnW2;Ou)0yo+-G|YjN^qw}t)|W!Mni@3Kap?)j30L9Bw~WL(KqZZ)q-pIf+ll1rF*Ffu}|;2Sb_5=Q-)s#Nt^4d$rJu(7|>iv;C!B@FEXcW5rsoNsWK^@du$VS4s z1^f2iU9_{i%@ZOAWag{MeI&6rOGOYQX?=5au>#i+34dYc zWX`ESSI2N8-~pEHBTY*8t4t^5ZRg;zuO$bowbo?%T=#H%ShO^Y3#1iT;*7l!(w+{= z_&T^4xKQ$IooO8*LrH2^z*>pS1WaLl+T&d97G7LOud~|Y+$x2nvx5$7W_}wdS8K56 zsaKg!S;x^6#i|0$jco;=BPZ@;$!uO@$UPX+=GSg72kkW4M@PSujfU-e0Oym-T7d`8 z0>GDF0n;2BQ?hfTh}x$s9ReJw>J=}VM+7e&cR&J!Nb;6=pSWrtAqDNrK&_FoII_$a zAA8q9Iroe*-CI_t%$Ig#3)G}YL6%viEQEy23SnyFQ7pZPb37pycO(9_>=_&o`<`p6 zVc2e_8;e!k;yQ;&4{F?$i3XUFp(m5$6OWw=QL_nf&*#Ebd6Sj10|0jMBF5QfqU`oVapZ#)BZs-t8o@lnCuas z_?a~F6svu>8ZD%A>oK-1&AI+OvUGI|PUVMTz0n>3;*@eguoauOxC0OFNImFi$Zuf!UMNVEWFD(xYSARN19+H&&|qVjxpl^wImLpNmbV$A z5cy#Fm0?}|0^J$?5fIF{E#G$~yyok0w0PWeIshhzmbA+RQdVWfV=OYvo}}GBC459|}rDxuZIT#0I0v zrmMyCr3`(=Ftwvr+v+B^+FZX1v)~{_wBrR!(kIT#&dxs4ob2@m2!fzdL`YdyQQ(gi z!(RMQf5uW{mj?7RgO39wi;maJt@-Zz`7G@KO>9A~ck@`*6Wwf`99m)v z{Y2~pJ|Cf>l)YBECjf`XM8$!l-X0a?$;n{p=lYQL90Qlz_2NyI7GB5>U+D1&bp>e`oxY+N!MKeP)$+>F9 zj4ns|ERN0*YuBOmvfo@+|2?bfh^LA1UfzY3s|^5=9o3);)lA;joggOAzQIo5Z~Rum z2&Ze=Esp=#J{YKoJg1(#6PV1{azTpK4ra;Eq^U)3ir^1hF<t*S(-9HBp(!(Q8PvA!G50S>C@l$(ol3G`&r4F8(4%yjnS96~f!{gB2R>}r?*Unxj_JU5XtQGHpaKHKFh;iphF zKHP%@qb*lr1LwZ9mMq8M?F(X%+)7{p zTOTH3iGJv;`e_AW>Vi0)^5TN^_L@Ay!VjM?6%7&%scI9bY^pLM8fD0qF)a$F1Zvf# zHV?_`#AA(0WGw3`BW`F|NVWF$Jqvf%FB~kUrl<$>Q<|VU?>3tsI=yP<#%P-2Y7XwT z$zkBi;V66}+W?LCU80&RgKt z)~_x&k132r%PF23YWiQc!M5O$nRo5vTp+SOa2&4t(^{ZtBQAV`A+R81wGWC2gXr2^ zQ#n06h!=HRgGR44jyasQ1lFHUSC<=ikMj*rU5E5GL;w&d;v`;(m)$XKg@4`d1!W)4 za-^$rtOmrCtpf2P-1kAgS(0ZuqH_brEe}G=Ga!eOCA!x*vVYvjcZjj|N2ec+Uiu9V zp3l+yD*E9Ky9+_d_u$QpEO?R0^;CH8#UzR!U*YNM(osoo;{M@m`SoLo?3tamm_X*q z>QPlj_kabSZ>A^RScw&7^t~h$PZc7r-S_6bKMGi1VtIs^I^(#sjm*l%_MoN9?p&h6 zmr{+lUXZM(r*C`kC<+*!OU-SAsxGl)!TELL6)+}d4gEyD!*80mlA5YdE2JVGDA+x$ zS|n;zoa#=?E7-oYdAtpZKOf`{gu@9CSUawveF*8 z%50K>AxW$?7=a_bP&J+1N zdEacH0UjogIRe-;etlz^kR?-lgL{K z$F4}HKW@@*cy8pc?E1TB=!bQhS?Aan%kF}R1Z^X+;{=&exyQ=QNq=G5DBX4QRY4M5 zyhPvwlZ*FUXq`HLZMzefi*4In9mwU2LD!zS3~*Ju(y5nH80}ufy`*7-`QMR{l%+u2 zhepukj&bjtg9lmL+FtVILx6O7DspcZE&Oe_0m{svmj#Zi&1j=IA_A!JeU(u>zx71 z8VV6vK`O3BN=15GwuYPf+WHo|e+tRJF153@u<+DRtd~A_BK{{~jMtes05ku95S*Io z9;Z}^yt-$SP0?(}0K?U!#A;8)z_RCS6M$XLU*)u9lpAS~ay~Kes9yz)PkCse*%9}v zvXMns(LeR~6F;VNazcFUYs+BOthN2tRQJ`mL8RYm6FV|bmR;A+ z{b>Yw8Syf2!3gp&)K5LWn-aU&be6IYUgVvyMjNDK@ELg+$_d)QW}9faUL@bR=`MVH zau-VjT0+u!+m#x%>mQ>UY~3oR;g2W+t1_x8ksNfScus3~8}~InPZ(Fu9ytUICU02I zO@x#EIk`)YjEck%d8=k_8ErCGE+#7R3H2VF>IMV}4ITp)aqcTunRk1L(#&b47w2AH z!X+!+cR#6qO8t-D)oZx@$zC>SWs?Zoc~Ey3V-Dm+?)mDgid-r(=1+<)(lp=UPy7rtNPq z-@j=2@KR^+Fcl(3#0g!$4XEZ3A(B^H^@Z@KZoX!uNQ_Q#s=KfEIgL2+`8#J?6~;S1 zUT&JO%fl4&$8>3Oa%b2dNED+raKfO_xmEMIfr!_2fG5-fURO5~pEkINk}^EOVQdTg zl(Jfh&6Oie#g03v!RMdZ!65P~NhU>1aK&|A!-`MC$3T7KA-C>d5$Jrzlreuv!#_Wn ze10~BBY|$-%wwtk`jLiv zqGWFz-4y-co+6j5+q%d=>+Cjmi?Frdd!!^)FJLtLpdS)>1=webZZdwl_;N#M*oqOU zUTxhJTL#4FeL@dW^VhX8V9xBeQ&vdMyJl7g#drgkcF6XzgIOWXCb?Jbik=pZE2c7a z3E}Y3aS-nev;%lM$1<1)K2jVNq@NA=5L4Dy3*qCBD@?;Pf=_SB5^o&E;Gj zm1+miMCwJ~McFmd3prWxvS?hxGLH&lKD%OSAT5dkA+X3C&+r$e z?Qwrb+Uc6w6q?TdjQgsE4k8vaoU*vs#_H4hM57#0q!D=W=UW)Nfm|qlDWzbBuFx{3 zhOm8kHEN8-wv#c=Y34ZamDQ3#ACrhXlhe0RD*D@*XT^mI?)-h?zLYmY^Q|bUcv`VIS(vx%tB&KYGr1$<6;kce@Ta7K zZq^xti$iLIXfV)Dw`|utgLpwNur29@ew}iwx3Up^hipyCM{0AiBjaQfLRGlRm#c*m zs;xEU$mMf{alv;;iH))4RuSBAOx~@I&1?D^@2i+zPIKsymHvsnt+k*#JJbrM@S)lW za>yMI+nMMR4L^)wV)f~oS_pkSpMKyWsU*4|RPH2?Xyz<0jv_HCR6mtw8&7ASzC8VY z8D9y#ca(`D3vdNF7*4jD4)uU5eQCuL@hJJ=X7pN8hIZ_(Rn6QU{L8&Q3o~aeQX~Si zk&v0}JHU~~p?%5l-ao5*7-z)G-c_YOE5S*uqhx>!C!eR51;5=8zKjH=*y|#!Ehe=i&J= z8oa5D>J@#l&wq?gW`tKa;=Ws0Dcam1lShhfKA3-F{e0-MVf#>5Ly@p;638H1XwiTF z2O_K*ZWKGp`%*oEev+9Z0wJi}n^G)JaVfMk`qIsf;CgZDs_nE#--aC)XM9=SloV9l zDdZ7et_i&7SP%WsQGE*s=N_-u&GoUg-eXX7kJ%z3kPtJ4@D{r9iduTGFe52f-NHGp zm=+Zsl!$zd*097JjYsdhI}?r1FJQ<(iyVgsfv;yPN z;(LtJU~h2ktL1|s%#R!btRR*wXGeCDLwBKsjPM?EO7T4NEsY?{D;RDkWZ_6fa?v&& zHMid1V`J>?jW~@5%BjN>Mpk~I_D;X+19?G5pA}f5BBa|jD}E1^)2>5mulJ?K(NslP zz{&D+kvaAN2|^N5?S56^6$uvxRL@H`*+B|Ku*HUdhN)CKnK_|9C>2~c!;=|^Fmqe7 zfg%@GiW1463T-vT>MC2UmU5Fph}B!-Y&_FrG$u?k^=M88CDq!6B=ipQt0e(j?2%NoIM@Elfm!gzC_c3^mmfNWbYGKKLw4i!5X=qM zagc`b6$422koYLl>DfK7l%|!d=VqW-%+0{UmGz`5zy+p&&r6maz#<;XQu1S;e1C$W(Wh%5F~uVz zL0fJ@^EXDX-WW}LOA2fE9Wl)`FilP}7>}5zGDRwpTw`8r#(kARiz3sa6-yXvGOFa4 zqAc7GYOp;^Lb8z9g%bj5?KF0G1Srt~V)I+j`v zBHT6-Mk9aQ!pW$Fdlf38hco<~*6bY)u4TXa0@DpSPZLNDdF$|qZ}iV8E0G}2zDh9(7t=8rcd0w9_}o(l71IBS z6ZQr(&v>X?*EYc}DRVFQ#DeG)0GppS?tfHx$9Rp0Ir;jxWuP?xwy3s^Y|R{$917+%b56VFkgmhs7hZus3| zoJ=MsxAKs%rgK|hFR0#-%wTQAtwW0iRx5k|y|K?J#C?XA8#g}r+-sQ4N;l?cG|nMc zD}hDabuq@J_>N1KxQFCyY9#y47as+_VWENJ|2DX0gho# zW#Z=74?LhlL#(!}k^f*^$Jny1;&r82VO4j~j?H3`IK9BX_w*PTfC_r&8XmQtW~Qna zfIy&Tj^WM0D-MyTCiVzW4Qx{L&cY{*z5TdE3V)NhMtZW^B)i(682h`{eY*fyAYVYm1Ye6=`@zd)6A=~6j--Ur175Zr>gto}UaqSj zq8`;@kbl1}0nFw~WWK$4M7gf%`)P4~qTXJX+f`z6xAb|JEaS|;O=Klm z-w)QfLat-;^nG((=HNUSYAW$^OlW}=P)*vUZ(hjSHccxRDuj)EC&G28&ArCc5M|sr zeOI40mgEwu4(j~JtQa4o^u79y*{UX6wlxbwBOCwXZyjJR zV%4?kwDEVbIBI@s@JYyelPe)N)y17AUo9nu{iwb~ne z%+mx37E~Ld%fN8<(wV-A^jyn#Rq6W62}Z(Z(bIRoQg`Qc;oj*&)l@C)1=YqoT`F9s z*?IjH-5#3dp{4LBxi#))Ue5uG*_dkk$9v5kwLC{M@<%bS!xibV1Iui|4p==)o%h8~ zXsb0Wq5EhhH#M31K?5w>>E@tj^i-8Ch$2C`&nEpJN7|s9K#nDLzDo?rB_062I9Qdf z&==-39z@TU1CfbYp9d7{v6tyk+-GCdeiN;Wk>Dr+HCRifDK#mNe7b6%{%=X0K}jjp zBMXWP18e#LJ>y)uvW0EK%6sH}?q6w_0@+4yAI9*L{hv>g9SGXcyU`R}v}%SS_j*WA z6}?pLOq%X6@{B;5a;ry%Gg)F;wT*(CWIYAA`Rir3*vxBJ?9_xOg`h#i-`vV%NNqHtDEM4U<45Gq^@Y z`S-bhZ9X*Kh#X}iQ7+VpB5{7M$&FdxZY7%NS4GD#j?Njy&@OLMR1NLDF$AuG*&yW& zX|c{6(XNL+)MH8XZK~f$=IQu53=?w){${v3C-8FbIL5E@6kvq=y++*zD@|-2)1j#g z91YP3d#)T)Fp((7lB*A;(wrIP@1bg~9|slx9hFXesmYBUTT~3@PiP;heZR;*WNYKL zZ>MLNY$0T`VBxo+P&ubS4wQ|OZIza$fMTjk$4NaEln>ZpnJXYQ+-!7?;is@vKM?)% z>b+Rk5MEtEhtf>OY`PS4%4s)&zulWPfAQf(1jG0Ml0znQK zw1D_c1T<`&d}@ps3fxJUC!Dll`YPz6iA}$XF&w)pz1f)5Y8eqxkTkC`MPQ68IBi58Li63O`bI@Os&5z=a zDyHBepf5L?Rw>V%qelHx0~FwarB1s1-X4f5QZUFOUV6&B$=Dq+|2Boal=KVU1r2g> zG_MKU!darKOWjB>S6tdEvi5LmdFsMb<(uEt1a*6qPCz;g1vzGx*}E)1Y;pN6zpMxe81$$?zQH^Jw8D5@ zbt}k507*c7E`OjBLzTgoyPFs^m@CXl9-G%<)cW$T*1MmB7I}Up7S)(UZiqbOedRuP`>4 zqr&^qQoz6^2I4mUcvD(NSxXlho|-kWh>GG##^!tZ%0nf~OD2MA=9yE@wBv3gblL9g zDS0K~G<{MTZE?hMAy_<7i$gK{6}ki4*>H{W8%Ez@w>nGmjQCeMT$<+7RpOK9yYUeC z!I^9}m`~{;-lH|HD3$6p+eD@o$Y1Br^}#h3NrbEnjfP79#Mnz^Xa2uaENhIy`|8++ zXRl|~d)dQ>zk*4Ns97Ab`S=|%i?%$;*>eVpL7f(r0T3=Ae1~vnkK1Qx*G~I88+dZ5&Uy9v?1*39;Mq*fkEbqL( z3h`c792*@wg+?}sN;S!3>b`KjbI)4(NG3EqzKJNfl5AmgiFb3E0iG}R*U0WkI~({iX3*(xG`J3cznm|>Sc9GfSS`&!~>In$CrOTY%*av{1 zY3ifuXtrqyNJ|zZ+#nzp2ne?&h)MJFo!|de_g;VV9(&AY->-a3b2GS|Zkf|U6t&~D zN6>6x6@v#6wz_x-82z(DvvYCiApn5xAN>WqL1<_`6oQ$L?7#t|2#2O|p~51*qliwy z0ErdYJQ#q6m;46-D)43i^n3wo<1uRMFd#tofCEH+i3YZZ03HlTmeBJ1ffYgq32s1W z9PQQZ*#C9|12xa!gzAR(dw zH~<#N1tQR6gX`1RKJ)4n^5ypM%TUyP`|KFd1$6x@M)0G+4RI0Iw~8Ab41i#Zhv2vC z$Ndup;qC$0qJRz3hh+pGg7}q$YZAKl9iWJ0ALI!*B|riC03^`s>sL#oK-3sAnBDzb z@Y`eZFL9pTQGj-;|IZeYk`m$t={06;IHfk6I2g$wHJI=CC@hk*j{TsfGLjutt=;QvINBYZs^ecbf+wiqJ z{L@QH>B+(UOIG(i{`QN|N2g$R%TG!1?n$6fln*El3v%UGE*8%ZrU7gO{cQiPUke2k zjRlFB-u<|12I-<6>?vs7TmXR`#?SH?w!OF7#VKrvVAIC^w2BP8cLEylGa81)giXH0 zd=QItf=^e+ZFzvuYj=+xns0j1OG?paz1Pwk8Yiy+0pRKc?1h|fix&c-C?p_TPCInj z+5{+ohk+9S1(?6_48GRC4dJ`p5RV`w+bh$HC`B(2)0;p674R$OO#mZN;Oz~NKWq1v_hQYnwWaX=i$+@U+Ix2! z1_pE=xP~w_+h;R0h+{RVHCt(d=k911D`DU#&Ch;vh)3xj7jLwyYFD-e6UqGovjWM?FF#+F=re1cVH%z_=NO}8ay}fn zcOF{3e zX40AJ^vcl<-umayu&NfJ>o(ieo)GOh2R8(^$Ed-0(T~V@m8cJ+HpW505ms9OzpO{< zN9Hj{0YH97(cVtb-GoDQwUGt1YvGa_iEU!X3 z-hqEaWJWU(#xJ(c9*qp>PI*riua2OsfpLs44*|bD*{%+L@W-#qbBXev2Y6kqwuYX2 zk#OqOr2M-7!|vamgft5t-Q~fkrmi6KIIdW4Q>{4vn7kl#Rn`$mIvy23dk^2PJxB@( zo56-;{n`NQg9fTSSPVwbOyd3gWYY_q$DbX;40@Onm%_1}J7Vfm?GmpOwyvOZofVqs zr%aod8152Rj(_%ZuNyeN#5SdFh2`$a68t$u3W7&Y zJYkgf%alwOE4~98G(eeZy!t-X-ob~bOVf@oJC7mnrO|ED|5w*OE#$SN0{=wfGz_3r z>2Tyi<|hSy0l}VVvUoJy{5Db zM2WB@&+mcdoM{TcsLgkdUDEB^6-dR5h@R=Y0)2<4RoB|2x5L%GV$KD!7!%4qf}PRM z?>gNcQHbT>nX&SyUYz8(;<>gy=H@=p_`W(nE%++7i&sJ151Vw<-QTBX>qv-n9{d?K z$YMw;0_1N6jscSUHHXGnxuXLTG07u}y_b{)MP=z#Za~S=e<|`-RG>>w0c>QEt4h(G ztJM|{vlSfz?@{D{*uru)m>Y~n;d66sHuv^t0*so7cE za(T;%fyj#+ZXD2s+l~CBw3t2;xVlQ^3mj5yX2x4pn_bFFnZtxN(!l^>2Izh`xm&Ca zNOgMMUtL11zBV4*%W?(Vj46D?)?UUZVfIAFX{VRsFYJ=vTIX#$jFkb49au4aM&) zN|i{MGUQL%kd{gMJ3+-L<_%oD25djxCE20jInK|YuEFF%E;fG9G_*i_Q++%F=rbVL zy$<;RXZTf=l!q#;aQn;+=IiW#+7R79JZjv)kob9zJfPznd{VxfbS&nlH2l0jYwAaG zd}TIB(gA3E!Tag^b}g8wFjw3`eArkJzSUSy_Z6P{qcngHel%17S9I=zNyi{0Xc&3gW1% zPV~vDglZFCU%_OhYpgGSQbK_Yvn2dk8l^X6GfQEu{;(#Ou(8;Fq8nCf(lIH-cS**h zFM-75z}G+%XGkm8;KW6+;|$eW5nTi2_uOFX?rfbeIx%6#*To zSs*cBal(=z0Ms{MkdSwxZ2*tffIjJh(mua(wT3i_dWsC#{y)c++^uP`9Ocg3aBt)U@WHn(6Uc)G=z(^%hg z$hk`)Lgz%JIJlk1=hVI*$2`UG9lJWbi9Yvlz}%0rx%F^a`+j zy_YcE4WF;i2frmnZQxac$2v`>wl`Gltdg&<7akP7rQ{aJq)gdN%X)cg1AlXy(*1F4 zsK|WX{404@1Tb(qqsH(ccEZYOSrF=08iDj_yUom?&*}P@ALn*$2AuL(emd12H5s1pCV?Up$VuPbv<#b{drc8sxej*uE>`8 zA*VEh#bLH+au(H|m<829pHZFePx1 zX+8?g(=;Vc-g)dhklw-u}XQ>x#j$IZt;EV|o3k`Wm%5|XmSx&E?f|Sdg4qIpn zPg>28p6^dCl*bea70xC~l#E4{qyJ+f-gZ-Qv&M0WaGXky8JtqO*5#DurL0yk7fBo1 z50|1y#UAs&{wihC+HPMKirodb}>Vv~dlb5nlE~nv+(>2}+xdX=&+?UTfJrOiOwFY-4EY!AZojaVbE-)p)Fizl zdw^4PZe1hiK_5gZd299nD_xVGlsDJi5h)PkzmATlD|v;hD%sddd`vXEK?_Cc9T4?n zja>|)3zg37+o0+5iSHEF5W2I==eb?%UNiU!EZ6m!OXd})7I;#aDWzm#GrWJ^QyY@} zPT5F(%`Pqml81NP85)|yE?-AZ^LUd?4~YE_X;0|fryu~Xvqn@wnFgd=hIxw0`#BLN zQ-~YuuSYxf;O39Luskw5;rGsu?)Xg(nC3K!Loe^ZD`hHoa&fnUT2UC*`Ar z64Es%g;41znnXl0$0qXnvgoVFbGOrq$#*K0t^M%?sb}!l&}}+L@ennV3|hvp%XbBF zYMWtE=Dkc~vFd@uQv?>W=p@>bI z=D{<)%EudiX)Z#-`NZfT2B!wMSFIK-lh61#@>UEzrYWm>6JAW#(9FXYj z-8TI$EvzJ}gDOnW+RwJh;>QhbNK>gDr{Dk)kICEsg5bLN5oM>MQj<;{z)Oz&m`^jK zlhuA^8W9j{$0tnebjeq$BT$J4U3B6F=qeAFXTvq0U=zMSwjX)MT}zb~C5aXa@Nv}Z zk!$e|JeKwjuI;XsO6OTSO5@x`S}Z5H?p0jFx7b8@S8(F#F()_o0 zU%>{sB^{{n=M)ikCi=~D?X1<;lLWCm!7wIsY{{~TJChM(M0vDrT%^KZhbpr7n}wzv z$#XLI*caq8*ic!~%cd6LucVV4*p%qgF6d{7KK?2Q+s#(zRxd{nMSMaz4# z{t^W_;2c7(?R>h^0i6SWSHZ@R=+3^D7dN?WZ`L&u!Zpe+%gQC<%21)#@=^MojE_y~ zetwA@XEUp`kLcN<&>L^`zFs=M>GY}(>n0tg!_r)NWutnTN`&Cu)+cy)xT2lDilBU& z_dG|MXQ#JYE-0tF!-ruG(F?g)_Dkfa?|9q@7KJaU86C zpf)p#WS(kA1U{DECyZtXk@k!yV)>d2w((n=%b~=@N^zJ_f3^~ zXI+oX%Bxc3+KpSnQG#%m<&O_b6+;yaVj1QKOhPOG3i&L%FU;)Z8i~^V=0C{#WR(5k zeH3PA+AXWEOucmG`vW0H4Y{r{mN=V3YW#-cI@vSbfL3jaz$4|rZN*SKodTlQtxS)* z(&HJT?nUS|_~0s3YrVF&Lbyn8_zJl>R8eh-rvUSaobv?ge6$^MlAIBbq|g-v@AStt z({4;b(_q&3W<60hjU;Qdi;kHji-xn|sc~(xCBHHW>PMj?c(0X3!tY^K{feF*Zr2wcK;&vui-o+3Rh5dINjay4K$ zdQBR?pO?-f#~DMpoh{bXy70}4>HcNFW2kEKmi0?pv5!RH9f!!6wXc>4h5}xZU^H&* z=Rxu~ij9CyP8{_YQGzbj@*2AU>%#2pN~WFkRGz z3N<#Gm~_dd=$uK0eu(z+*xR%8nO1Rw(F1zxEUqj=x3+pTQxHNc+q3c%TWaR^1^vi5 zClbtlqnGk#^=8cviy?v+f6BSDYn+!cwtnRjGe52IW}D~i>JLChmX(7BdqWp*3TyBk7g`6vxm!ydzuZ%+%pWh9?f7WJ*>77HVTQvHW#L~@i4KZ^PiRwpx|nJ^;r$$`((Vz*SSzDJH2a+ZyHic8b?I+B zHP56Ru^l{MOuFr>@F?sF`nabUn?PC0_}cqcz$hfKZ4A+F{>#3jd02h7)i!TW2~oU2 z{hr~KwmGcTB&h9Tnh!lQo83(=vt3;D?Vd#+T)Jl?1YPoiNdMR2qJhKWE)Nf#iBHfB zjfy0>60#JFL_H7nwm^^`5A(gS^H(zC_gt&;yxwFKBv;n(+aoUuI$ON&e?Pg%l0-Wg zVnK??a~%wSQ=W4`Li{ul!1mp8Nf*Q)%DIx|1;!f5vuwbx2o~Cpv{JmNXD*>xzs{_- z>(?7(E>Ui~TuV2{@w#GK@bVd#G0O$9b(uWqtarRq1X(o@Ys%eIv{!zZR6G4F zyM|Z!64sI^lFa;pY*7u}&OfNkm5~OiJ@}Bx=|k4-ZNi<)%%V zzuJBl7ab11vScoP;E}GaNzi?|oDla#I>UC5K{5U4c4PZ7Y33M$F-i7fQ2Vba2SU%#NL%hcRT~ z?jNB5zEXT!yMUZwM-Fi-wMos?au$II=e3d57lZk`s%p~b$itrM_326)D;&x%5n_|V zawr)*y-A)U#)t>^K_Ih^jBS)(D$Y~0*;r26-gsE*t{M3Vz!x|S0RkLC=S&5mTo zuN&Ilj@|T5mGIpnn2~RgI_cSG-%*gv4nH2T8KU+35AEXU=Auiu_Ha=VtEDu)$vOB* z9($mTK!TxiRT{WimMmG+b{)`0{h|@!q+eAs>SVcLJ$zKV^zbrz zgUPqQ3opkH+GZ?ricABPX8hlw`MsnbiK4=Gv0Xl{@JTAQx`z2$*2*$DR3~_lsI2EU z+KxQ3eHwDw5C@s`-fc{Xz;(?v>|dHAFT)7eo{3Ev7fc*^tk6RbX4tZ8UX$iO^@*f; zB1VBAhR>jsKX+!xHu=5~_o6ZXhKHw`pHCO*@LuLf@ju?;zCKyERQZ?Ma|GwS9(UIn z@>4OMzRhJ6Bs+M)awWD58HD4*GsyqFJitYD1DX!stY3FLD&FgLoTL$_>n08z4_+^J z9sQ~6E*e$W_yt?}DXfn8G;!b=6Ufw5!<~rnGiOOo&=qM+=Tc5;P*O2S`iyN#T1^CU z`^i|*AoSSXnVjm zB`ollZt-$8JDD=7^2L|AtGVO*=;OW#Q}P!eW18)KgrO=J4_D)Mkjqf$QuGE*v-WPS zk1$i*oBGadVW9V~GuUv{4fdtJ_RZ0`W8J{~r+@oAj6m#9gqN|*0(*%17CnW3DSKEv zI7&znS`!Nei7C;wc!Sj)t4c+7yd96SpO;qJ@Lx-6H`Ub$o(evauPq>t@S!zIaMOt{ z*3V&#Dfv@JD&r^2HVb>F*0>4I!lyEb?&{cPeD8g$LE*WuPsaZPnw97);5MZ{xBT~{ z{(g%+h?2Sp9*Na7ScfNi)?u$01YT6ah#D;&+`OESvs7%`x!f8|%%vF<8AY-u#UsX@ zPB$+|rbV-Akn>i}zVA;u8jbY{QR$sAi#qanH5sJ-o@<ILNt9VywIYElJkFu+uUMbp7mz70895S&q> z9`C3Yd{v9gxEEWkmbXY#ooe#Xc|5F;U_GJ!ss@JKw7JBzcR9H*K(k+z*PKLm~ryn((vE4n7_3>#8!;l6`20_ z$*3H=berNAG;oEx*8~zf|Q5WF4E&WyL%Z80%e}k+LYu^sDr&=dge=@$z zI7s^Yhousd!6aUnP)zp$UjAfi=Pn~M-YmWKWU*)bJh-j{&x~$xI)kclt?+QU3R`6u z)0>_dT!z5n&{|d7IGgDED?vE~(&!vyt<0I4$YX<0V`*1*3Pyq)HnCjir$rzvZ_^_x zGe%j79sYoe3>e?HDxIK8vXo8*gn+ymq6j6(T6^j#+^gQVEZn8JJf@mq7z|mZlu@_~YPG?)VF}18a$Ext^sLq?~gO6 zi>u<_PnqqS$3PzFs7sTCp^C@`OlnjwPV;hax9^5d4KPSmJvH$vIZOgw&mjvcGaIW0 zJtlAy1VCqvYK^J^yPj^s`sP-AR*CeNGmmYw-e|f{z;C>d@w%oFVvKRlY1;&`ZrtRH zKpI6I^^ihq@R)oP!Z5DXl2=Q4HXt`8QXPLt^cl|643%IryTl37?OCswI}-+Lae&QcP){us^bI<9zn6b1dgqO=1I zZp4!9L0E|^>=N6QX=?nyQHwts`U`{oN4%Agj#+xpH~YwBS7IlQx2DFj(cclQEU2jU z0{&bu!BiowPjS_(`_e%);!xi^S}&w}C=x}d=Okrt9f#D;l^~iTy?Jop6u*B|&FkK= zJW`H@34^_NcIET!F4zQH_eta}=}|h&1tP)pXD~0OX5pt8o}I4zUBnXi`|~Utrl|Bv zc2t;2rGyh@)-9Av3A)9Dx?;H)y{s2)QJW!V`>gA?s_y!Q3jdy+~r0 z1bLDTj!#Anc_L#}9AOvPqV;UE47AB4&k89l2rh<}+=rQsvE9UMCg}dEajCj`$(zDV zI}V%EtcQQ*O)rhaR>NuHoWcDgLpXgkgg+6AEa6_+l0bO3_GezhaYg_u{*L7GC*2kE zQw+&?qG)8PV_$4+g#8K`6>Fs%HA3ZN^k3r186-QYT#Cw5`Mo+7HW!0CvJz}$rQ8s) zp1s!JQk^3yhPxw(?9--BX}V<|=C;Y*lJ6Rn(j#xRQt=ww=deG2zg7kfxsOK-7<%p1 zmu~9`P)v6zG;w4Lo^RMQQ4PO7^61s#7V^^eLrQC?lXTSU)88MheL#-gWBFgME4Y6O zR>pVx(YAebVG+vt7xK;Pk;g%svz9iL#L)AwMQ<;me|7b$wX;&7FI+Wq3ieZ+`ku9Z z<8Y%uWc14HNb=Q_V=HDqeN}ih*obY>>Y$-`+A7%GL!M18iUt4{jjD=`H zU(l5yz=09y^oPWJ*z$hF-b1v5WWxA#rR0)jok70z1;hw(ELZCtfaGQ2AyF=}1h$Q0LRXGwA*CGQB=~ zV#o$;Tvr$siWU@IuB6pbapg2RDwV!TUoA-+a>nnxJKCPQsq1KRc(8q9Uu9$8rw>j( zYC={*L!;|#8Jojechanm$bcl4dHn)Db~Yf%KG~w$mo613w{*92yYCi8&4T;B(q4KbB7C-8^L4d{OLA2( zvG0a~IMdNq?L(`ewO*jdIb_{1qQ?(=QS&u4IVrWKXeauYrxapppoYS=Az-oq> zr_}0sj3gp&MrRLLXDT6w)Alttr*fwOXGW*OrID`(#K=qHbva}#%6 zSmY~p(BRYnEkkG6N*GNO!!85g$|$)UOQI1?LdiFTn$-@2?YbV@;itk{O{Jkzr#Q-z zm2;w2=ygHX+nAZ6af`zKozew)fgX)kDURY&#S!_C`wdJ0D(0$?t!Isv#mA>`AJ0#C zjnSX0{VxqT=w>SW45jZ}R|V_9V79wofC2mkh5sN-*ckqcFk$9k{vW1!zX=mI zPDZx>Z^FbGR7K@_gH0D`p#TUwz6P^{Tckr9GZZj1J-~3Rpi{IsSq!0A`y2@Y0R#ku zl(ZNW6r~*A$7h!F_WifH$8K87>&0nzRd?1$H!DbWS3+PM&jMUooM;ZnKro&qzp%&@ z4h)bWKAZr8L}sAh5JtRn;HM?YK7BwT*PcY^gCBv40t3XyL^&kC)}KoP#C~-W6(9=0 zz`>#}m<0j^B1k~V4>*CsLICvuwiVnNB%o6QWGX3G81(!mERdV4p!VYH8_HhT1E4NB z8RYlYUSJ$HG*FljLI6C_HLzV*HCRXokeCDoPWbbi7__wt8S9#kmgMO0kQl<@5k;gB z=h)*75T9cMk|Ee*Kw*c$Yj1VTpKb{D#f(J|39fGq^5#8l5aQhbB_Q9RFQp$9E`*S$ zR;UZ%g#pE06_;UQ3G8XhFub>K!w>K+fIkh`AGH5h>XrOMorvSWjR6Eow4+@Z!Ph>R zcn`oW1km$hBhXx*g&#n0?H5Q$hc`j}9>ES`3)RRC^lh69L_wVifIuDjCu0^lGO)9V z7nFCurq>kZBjw~Ga~a`x2n_heo&u{bh;smuIPaPpymu5>>pn8>)F_Dl+KH^fAMPfc8dy~p`BiFZhrrb`K~W#Vp2@+kBEQ< z3KCp0BnY6PB7+hij{pYrn<0S@^t(9b2VzBp6YsyI|E;IHw9D)DO9=RiA94rqJ5>_Z zRY(W3_rtzeEoek=wha8`ck+1~|BFBEXY#I}@w1Ct?$zG$^WyXi`sVkAz}{B5i$8?w z(mkinG$*JR0eHWwz`Ulvu^g~I*uC|$Ss4+kGcE|ZfA&!u73@_p=wtZuVb8L3PCxQx z!v0>us?Gsa8ut|Z`_TaaWPoti>#YtH)S=@e$Wv?nz6sj7Fv~ApL6|S`sV{_#h73+X zfie_#WI3%)&Ikb9qg2d0^~#q-R*v0gx+uy!lD-jD0& zA^D>Sco8C`D|yWhT{H3P^HXhwF@+9Bnvo+WWI~jENwnd+M6vyZsDYj0HCk_)I!^4L zA=>QqO+qenSUv-%ErLs30{fycRsGiipVHTWbJUuh9YL&>hsm55mZS4`&fdE^#n?2u z=GSJvMac&r`JNW=&+xOqQyjpe0{WKe)l4VOJDy(R(MQM#ne2fsmJV`%SlW}5EADvlbKnwtFpU9AO^R1W9!`U0I>dvNgYA5`=1dtn&Xe48* z^nfI}^3Nmc$Uv@cbSow;X1aac-<@bDqh$7l+lAiIWHfr79AjBW``#smIxaRi(N1?0 zr-=FUgbU!kT4J?8)rp`93+@RCg$syvY-N)9o=};y#acd(P4+k{73ZsF2)lhT2Q6)k zKWp98V_RSWY(T7x5oj^_!$3+s42YFI2V>+&kVHP5&I{Rk9iVIzl|ycZ$*YlK^j-2^ zZRLE!dlFm23nc2R$OCTmM~eL(CrBS-yjzED(zosY0%+fjGW9s4;7) z*_{3EWfhk=Xg?4?_vfJ6Y6`<q^4H<_JV1g`zk zg&7-H$iRygCuAcu3{TpyS%llV>NgIzz6k|6caYkttlX>2c|`X98^Ery%wTvn z-xpMd9qDPVq_1um)=UVcUrGGE%DYf@ZY`O`-OB8mc39;}2iD}8JcZ~y$iaLKDtcZ6 z-+zF6bgtrQ=g>CHOXRB*hZb=kgyC-a#?yvK{RZ!2U1|u?%t$>Pty}`n2MuL^Z{3LU zR^PT~D7s<>$ZgsQp#kqH1A9mw1y2gMvlPWpbOT=4`b!EDco(0bJJ~ki!G^7Jo!W3LuS%wlb)xyKDBbzAw8@3O(f99@QZL264;wGdy zI3Jv+6D|9*_z|WGVept`+$O>*7whlFP3)JNCVczjCZ)SD`_o5~+e`KOab$|6KYCR2 zI(39$KUpXEh$d~7*H{#}$$n#$dQc(!QHdK(=9b3l57hYnA_Gu{F^O=vdz3=~Rn2*^ z-gLhdrN)^W)mG|`!Cf#}-KsnoXi3d{#N@e-S*jgy@w>YQ>K%5i#MNsL8ttaysfwBn zzrIz_d28kpEVnr;NEsO1ODdS`i{5iX>cIE-0GSi#5q+IlW@*2jE;-ZC)dwNl(6`0r zPS$dk?xN)#dZH=Y-ex^FpmAL7vM?IVWe=&9rL863Rwk_MdW!tuG-Lh@lwr$(C zZQHi(s=hB?yw^SW2R+LiWe&cK$T)kQwZ$`(ryVF)ZA>nV?6Vi|fRx55vA^tVtOG4I z(Me{Q)js=Z8Fq`$eAov=PY)n@ zW94pVdlvkruv{tkH}v6$qy4C*k{K#RK#g7&Ew4caTw@n2RgUEVAqQQB>kBndksv4C z(r@vI|B>Nyu2@QAT{Y`#{;-ZATI;aSP(acJH3?Dla?>fZQ zPG0+clAhMDMPF{exag$&(z&BgGD7nHjJ{}pjLZj(yfWB}38jG(iyo-X=IW5 z(p;H`xkqb7F*0`Fn4)aUk_$gJy&a4j=FuQ+ax4`}<9nJk4q}yNxjj5!XI{&-Pm9kh z!*XFaJg#Iv{uPvach4ZStgv8=TSnla;Yo#dRqt&fx%E|J!U1)!(QUihDd-ax)k95JO6EQqOQ)SC zJVsxzLiapAzq7a@gp;{TV545U2g^N47#u8mbQioJELK;fiMy>FZIfS(Wb<5;a8Ls-m-uiG-l0$gV4f2vJimuEixc1rHqY^UPL zV69+E|2{U>3Wg`djq%}7Sq@_*bThW|Bpkx|G+F;EOqSnvb$p7)A`tXxRgsw;qtvdK zLBe@NoP&^i)LJoT{LT@X^+KP8b+YcIY&+UwK^aR%$YsFQQH*moIZff*aq2P#JRmzlcJ(td_*A{ksu=Fyee|O)b3FT70rY-Av&GSS_WGndCz4?(v z`AsMEQlZ(=3)e-a4Sx;`fKjs;Fs$`Gbf_luR&7o0F5M;vzhH_B42_kQ%kPVT+m8 zG!v+OQHf^$&zDdM4@#m~N9*kZiz}3gVu?1**wW(dAJE(R0o!gLH=>$I1x}g3 z5rgA9?tlkBa!*Un|3 z<(&<;k<}aq#bRd-rJ4|8rVmJc>lyD&#^*HAjCV~zKG1N`1{-eH5=--%Rcm5WMJWoY zj1H5FA9i=orR&Z7KFa$CJ0A_FgK1@t=Cgk@ddc!5iVh9nIY}fYW&B=w0!@qR^{uo@ zZ7g#I+~h!lLZg{D;zIKPpz8XV=BR(YbS&3Vdp+5fGpu9l;$kHOs^kIPt;k&>fP9>r zS>d_tB?%!DNB!?@-`FW-uUXW}_2Ts}*Fu?#n*5(uotM=`I&zLz?|2>;zU0n(_FGC( zaD(%6iw}H~M3Cy*w-%(VlwGa49?bCrvj*(Pab1f}`74Im%FgNlqc!@EJ~jyq)I{Ac z!xMXbciS0DQ#9z*pD|^~xiw7$nX`6y7v>{!NUePz*Qd=_FX6vUoQhN0w+L)*n$MShAu*Z~?CVnYE|G+Y$C(o} zJ#MS|C`F?YdO~D8reApRPQvkIE4xf$N#A+AN9jLK97o?mGXS7f_4nJIT(_tRpRDDW zVT;lWVF6}aY`bN_+Z{diA5kiG10-(zj|$63f0q7MGyKDqfWx1{1qU*sMX&aoD6MA*_Xl$X_*=^k0Io8 z?GQfwWedjiMdBMVw?puCUbz3ja=l%{;? z`j*p5E+Vx&5+-!lEM&X~B+50OuV7?Z%n1-rjceHcsd14e+qd+o&3&dpv8Ub7)lTWU zwU*6wLW!jwL%h1_t=X?oXZv1YclYI+=yO0o|r1^`0qjijIq}Im3 zk-)Or=YynAC1^lnL`8+!v*2O%SHaw$QGG|VH8pF~PA5bnMGJh+Y0O4+g?8Wdlc9YY z=b_*dqAWIjl@baYa@I4cLzv%kpYt6y^)LGb-34kNYp%j`H_h(%Y7ZT=lR{d+Kth(r z76#>J&R=_mSuGav}TIQk1h$;jPoD}lTT8rkqz=<2`EJ#7*U<*sV^_hY*?N65{*XcXL*8C_UfeJuP z-H}=^rX~H@ARg-C`z%$9TO?$}nhDa`_pktP zZpmR%W>72EL-VafV6+)J?I0{JJ32^AN=geaUehGrz~j~-af8W@TJPhSYOO;*W>b|ZFxP`*%)R+*;oA!*)mZi%VyizQ@R#sm3vH(lT^hV;BP;19w7A=z%2FaN7T;^U~Rp3$=RDW zy9A`>h(ypH2|P2{H2Sx~Pne~S9a|$$L~Z&Oj0R+yZE+6L$(~D76{=xi|K@FAMGkBU z*Ken%=HGplIkH=4CDh3EM$x7Te9{ZF;kwM8@C2%K@#RpD6d*KJf?StuX-Nx~il+lE zq9;uh`T5lr2xUOl49HN#_~Y_-uw`rwFd zbkZF>7Ru{*6q?`f7Qwj)1xP`p}j%7x;Z89Fj9=ZJniGC7KCkWg9DcV$lrzgFu1KL+m zAo)hgizMZ)%Pgd9ZX1~^v$g?VFRI5=1({MBq>nB@l|$Y__hMxY+AR+P`^FkPq)%Gi ztDx6hl7-V{TAEFv0O1^rc8`lf0{Om+8#k6-0cPtR`_sBG0{2+smt8Fbl?swUqXE{F z;KuQbkE~Ort^*bx=LTmKTmiIzv;)HAQ3Z&&O!aR4ipu>@ReSsqQZqX3*=9X*Xp?@M zOikpNQo0ND-onX8)$}3aY;beP=8yY6f@C_EtI$-QGa6oGPX0WG(n%?4({v3xE_1F} zcu@rBa>1ZK#Wo1tv9F<-5B4@fE_&dKzn3dcPlz#GH_DpQSqNi?d_3J{B%cj*N|SNB z7Zns!-@%yo_d}81vWrQTbKdMHu%%e= z!+$HNyL{Ai1?W7_B0WUbQZu!YeA)=^el&F|E3z+zIiO3tOeo#>1REvZ`Hv)q;fPaI zvse`s^WLSVV8UEq9-P>LQQs>U`p)gBJ2qz#u;vn~L#;ylb^Tif8( z-9z0lI)`ebN6-Narr@FH40wZs;ubEG^Ks4{(2gSHklrI2Y~d;|2ZdrU5OF3hfg!{^cx+r+a|i5fSbb|12^ zsVwLuTjiJ8@7xoCY6|^dohd=UDFfZpuKdR9GeY){n;r!CWkbTzD4Y8Hy)$> z1twLzk$N&Lxrcc{V?(F>_Vf?V`)YW+m`Z37T%=SN=HweZN_uHOGo7ec~~=>S;JcG%`FTF|W#Ys1;YH&>8cR3eJQFz zfQ2+FFgeU(K!rW4*VOX0mhrSQ)v&GH++J24_GpUHeml~!KR&3dz{^{_e+V!yyE*a& z@U@ZI`%l>$Lm~(rggo zr}7Ki+uPb;z%cYfFxhYSOw zy|;bBrG>K;maxqr6aoY{SzTJ(1_16d%D})nxB&3*eCY7-cxcFpfNR@`Pqjdi;}Ay| zU?GA-KlJggpn%)^jG%d3TZ+g~fMxFNKyL4VU4jN(0|wmxd?vWK^S^%twTA(q_~q(Y z_!FV?z=Hj@>e7z#XLxJ$G`U>e3Vyvn>eT9i+(blzIer|#$2k49`c?QL_>s?Sz#Rfi zn}9fhp7K@n;yP!2gZ1L;99><}4o_Yl9u9yw+wBFkt&7z-0Ce^!8^FE@ zVdsE2{eK3dp(7#n^uS#{H4EXJ?O%a90s!p%iPoS%>;pgD_^SkJ0NgzMdMd#9H!(oo zH`NYpf#Lf2wgK-P?tidu@NRYe`{H`D{8d!s$xQKwz+vh^*Zgn<0IW%1XZqqF?uaX5Tsa^K=k;ee+@e7+60>hBb#WwGx0_9RMmSzl}oB z4t&rwg0=&LxVyOp1&aXUqXUd>PQ-kwLILBM&gn|-=o+v?r{yv&Vdw#q0R{M5^WX8Q z`PlHwA@pr81A{z%D&6lwM5dza!L~Sns|8r~BUJ6q?;FHT@BZNhs?oFch=mzw;tIG2F`T`&zQ1FW@LjZW$ z)pzpS^PPAbR6;cX1`YesrsHKx zIJ$@)>PynqX$3!)xE<6X+?0@C6J@}2Crk<_z|Yld6f{wMUtc-ORgvpmG^ zM~H)4g8jNo@aMX}`-+9@F;RiLiyVUG&G0SfzoYrMZHhpkDtoSVK14=T+mr z3qL?c3Bu#?qN^6z@r7mb%Y+7U4($ZkL(vDoDx+GdO+-Zkv77us`i>3)+_z1B(|l$_03t6Pmyf}(@?r0hw)pb933l$D z?^j*_YuDaOeYAycgZTmvN_2e#9$4r40o=FB@)3H|?*HaW!rwv#%5CR+vSXavUEiOX z`&AsQbp5Fg!3$vWs?GOx0{&5S==_3y-#60Y&bz_4oaD1O2$uRa1E9-_-Mr1%lVp4I zezQe#i?)g3XY2g;ba&rebT65M-fgZomW??PI@zHL zcNlK798utOX)N%`-k9k1Zj|EDH$>mC&3Z_ufh}!r#eMs|y`a%J7%ZWCO@G-l`H%TN z&bGcNe9vo0gQ(jsLy1Ewk0K?BY$5GbsB@d)R;|mOYh{lnL9--Hv+&`sJTZjpkgec6 z*K-H&{413|v>B4gNig*{Bh32rM5%D~skJ-9`ndEBvuYq_=wrfPA&vLNy#7@0E0>H( zlD3Or@M^K_C?dDacyFt^OXrNHDe2#xKHk`lK*7fEY%IEP zho&jp8ZiU7#zk)hMDbeQDsQEoFLr&XV(@u-UttJh};2+`$k1y5lF%nN8daklDYl9=V{UX;%iBzH-MYQw@YKvch{c;+W!e^fh;a zw#lNGM;RQFIemM1hz%!VsS=|PcGajF9h6;~1EI&&aDIM&iI|StuT6yI*!Uj)Mcf zSy_O$sxmSbIEs}hUCpk+#ePheiwfUL^IOMb9aOYe0B4DRblsDx$e%C$OB*}aW(ZH! za#_Am=k$!ic+OwiuRyvFU$10iGLX(rr!DQVSV2k|jl4gnNn6F3VA50-UHbQ~LAbXd zN24{8lNB+EXQ@25|D=~*=BJ|G39>&JNh+Pt`MGa}K0Ql0eN@-$30SBMULS%&Y&-}4vmnw?(B3sSu1r?z%(R58S>8qb7V{gz8P-o|q zXnl2C74x_f_1}zd94IgfQs7ghYgb(25tMH9b!1l3o~)Y(L3>ADx%G{<5=GClf_2&4 zWE9i9h%u*q(+8g0O7MjZySoi%R*%(AQG}YFgeo)9^5rOkR~hR510@2Jsx_+tB$)h# zJ51CUepock2UV*~pET34ls!hpzFFV-M>k*Qy5v`8m7TCJN4`hUlS}u4IBi(rn|6jn zuQl#c3@DYxE7wjFY~hwX<(Rq3a55FoF$`VF8bd!MGJ9#fgW(B6S+QJme=86eNgJw; zK?pw1vHVe-C$$$_(LoT4C5|RboSSLgF#XyEfSiT#%H&2^+`YF0nu-gfjMT2;hVdm? z$Ig|tVp~wSHBi29Va2Z$!E&^gXNhT2A5mWm>w4$=c8je`{!A?^E}+aei_@Z9)#gJv zXYsI*rzM=XN6Rn~K+UHmZnH#wXc-V3c*u4J)>*M^cj+m zyP>xRu?wtbJ-uyEifOlDl)|6(rwvdI3XjAv!N;3A9Wpy3v4aB^Dh5*oAfvNHT&Y5w zRA3JkvIgX_jylbc#MA8IxyWpOC>2NEeI8j5Ny3aV41yNyg&%*vETV=6uY(_O^Qt(j zs43IR9P%A5-T`e}TR7boyB&3`9yg4lY|PeZ=K%5t#*Xg&<?EigjTJO!2r%Jp+f>u1 z8jPk`2||evqnN6zj0Hxxlhs8pT&|Sk6~pHmiQ-YBc)S>wai7~#>^~Gu`?EWgpUikJ ze?TV3q!pRQARs%r9*IFnd47cpdO9r1X0X}P(v!?5q@TU9l-HNF_VUT7kSnjfpATps zXWhUEr<)8iNJNro#<1W|4h?5D)P~H#I8GzX;hDWF-308+zuRxVPnRjYCaX4eJ+E)DQ*#4#$vmtRWpCuoT@E9XQ*73X%KOrDAfDK9bbUi=V zsLKtj2-GW5c|l(!TeLAKF2PZb!0K-k(;q(M`}lh~yeg683pOK@jX1}IEWfiqJ_F2c zai!##<|97<2M2!9!WSo*#pVjdE7#rXQEg(y#Ikzwy=N(P@&&zA_1g1tpY z%>{>}Qc-~&UAxtxzlC5YS=w4}&B%ybopONomQBAnx53Ga{=<;-FtQomM>Z62L-^xW zc$G*B)OIUondkj)WDa!pmfgcnW)RTXSHaJ9ix4&7GE4;|;|e~9fB+e*pb$86vzXq<0$77y3j3MQ z61s(2GU@+`hhO%uFO(dGmOf%? zOQD}-0Ktuqq!mMFkSyN_QNsf(K=yZ*+xEcmvL+8fS!saXdvZ@f>ou^~gLd{+7bm9M zH{>j+&x*n@9Z;KtXhAtECyniEPIz_)^SJ=zbFY~|#eJ#lI1ZiDZ@iB$VfOpXYFdLh z%`&d1Q6k&#>A(&RFC=3j?4i3iF}l}c#UpwuQ6?g_7y!avmEvJucq#Cv26pi~K+Owa z7zrYW1b(aGO{~)I(U_SjaG>c6?kGPT=gQ)#yaw#huAOw45mCZ>600dMB9qi z)@vn*R^XQ>_e~}0s|z4|tPGEAbYN7B@aMah%#K$^gs+RN=V}rwGPb0fV=liPOQAMC zFz#GX>*f1B+qB~wHrnsJSI0@lZ6b5XUH(;cD70t^NY@(&(EU2W0sXE5?A}obczROP zulua5Z_|5NcZ=|U!hHCKLc8GrjjHI%Tt3NL!lJ$&d|$$2!>|;g!;E~_hE@CwTQ%b; zJ#t{J5)JC(sTGv$Zr^_Lk{{T7k0_+et>(>t3V+mLu$pr;t)j@=5-BZmi~YfrM4QME zAkXJURrs^ws|Sqyg-t(2rdvmKcG=r#NK1RJI+XKQQgZs3SW8Mt?p4OXga6DKq;CXF zO;z$UzJnJzI%or6E<4HUK#zuzv6{d+?N2wF!t+ZUz(`(mKSYWY6L;A5I$98@yq9(Y zB&}oNscP?Q(7$c^iBMLso-GLMV_Uuv1pUnM5n-X{O*a2}Em2jPW4M1cxQjuehQ_7S zlE)dDFUe4R4FJZ(AH_#Ls#h{q;*x}ADx=2yzc0rJ+F!%Gb19D;*W!%o$Sd_XhwsVl zs<7ynmYG!uU*RW? zsER6j8{__>K5xVOAwDU7@X`{aj?Z43e}AbDS&(0?q?758U&PRBB^vFf+qXmP zXWWPzk-?A>%MHGWsY{wJmZ5>6KUgfB7s%fN1|)7J&(ahQeJZk+*oWEN^i*F$ zdb!evnY+#SaBnRga?Z>fsa#g2dms==>R2R)S2NX^WKPxe1+)+QwPWR)t+OCZyfC2d z!?&2=lx)J;piPg&u_)Z+wn%ZRvuNG-t(ihP9t$M97wqa@4E7GWt~rxr_5_VA0753f zN83$7udJ)ZoO?6^r!3}NS&jWV4mdyZde~|mORmA&Qp}k)*A1GDbg$W;B>4tu+|;0W z0G7(&70Xy5ym9!$MBI!j(_O-s)s8YH$OxdC1U!~UWVZn`WpB1~Gm0GMQBg)(#3~d) z5faRX=q+0CE1;gpsq!+=&6QbQq$I&IYg;`pQ+5Tvc_QBuK`FjVvE{GXAU*5Fg{)AE zT1o%Bd(`qdxWVNHo?Dx*uM{>Z^~l9M!k!k#-zJyt+{KYxN4H(Q5}DcHSo1`QVHSrZ z(-0u54eezeT%FMIhG^HJXfW{94#hS^TePjJC$?Is%C_gkTsLAjGL1dj!gj#g5B207 zv)AYz`@^wph6Zgl*zo!4YvbDy`i{^^E;<_aPBKdTl+T)au_|FRw1YfRHU-{*?@Z#o zw#A698)}WpM6-A^-*6lewKP=|ZpUnID^)t9y~-33?8-qKxxZp=*1~jur%*L-w4F_( zTHNG(oNKmsMT{1`a&k-Iyc5(VwTo3sjtFcZZd)dsKcmUaglRmy-8gK!A3qij!J+gf zw@){0Y>D_b(7~S1IHIBm)e6xCHqd%C19h{$wN=i?x-DMZ2)GN1_h8FVXIo)R1u=~2 zfVaw~i$73#WF)CQI2w`pren&SV>Og#X zqh8S1Mp?6FeW6E`6)k(RL)0|Xeu+I(2J5<5Gy$}#7)735grb3`zO$R46RDQvxIfwBK$v{n zQ=+c!W3{T*z03GG>q$@EdwF`y@j<}CTUw_|lf z%T}39HY;{0{LEswMUSE^Yun>X^$t8Cm@xf}bh1)Y61KWie+#+{I3 zle#2PdU?(AM(U`FH$1A+x%?7Y=BW7>bse91TwziKCK%MAouXAx$|3iivP+QUZ#rUi zsF#OKum2Uh=~K!$ zVae9aIEd?*-W{%JdLPe@IQs0%kSa9lVm**KIl$7c;Bn%{x{O!Sc~`iUC=PCpOhE$g z#O{8Xw(cB6U02RW_BT-bK@XRg97xNMe4%*5g(0Yt6LeRKS2hRrVY5UeC_Fxx_|p+S zC;hodM1}1uo{KoH_~g&|I?-q$P3efFjRCXT%PhEmHNXup2XlaNUiWGMj-`8f zv#T)xmrPF6I}@CjG@7JjJh=%@lFf_gHDh>>WY)7#F67=MS4@4joG#Ilz>05VlZv#j zI{yl12oVoP@WnPQRGLa5`eQmQkH(BgJ(@h!pk)Gyxs%Sj|VNpjpF5vHzXX#@p+W9cW}GLRmch`#8$|lpnjy@T-j1nV%GI zMQ2V9cJy-M+!8Xc(J_8ww$kGP&UgxX{0i$36+Khzxi zDOMwy!LMGXW0r_4LnO-<2(XSDUZPVxB@PT5U%(QK(nt9vWdS4aEeaAqCQ+i1s z;kYW&z@u6SLu!6VNQI3Vk`ICkAm|6sC|YH;$trR95T^vl&`0h^X(9_rQe5dkn%EGm za4kYyk2L%i&N@RGxGt}(>ZR!aF&fmyD6r?LXAARm-raw-2=$y@12cWex?sp2FNU>FRo`~<4TUh8QiNHf1+X+w^>~eh>RXdclwOj z-#ZO}mN4#MARK1sDW&I_%;O^#yXgrB!OzD7z-wfIxQ;;rq-ZSF#)`7E-^uEP8ke)IkoJ!Tez*#qa$a zJJvXpH$F~4DF08+sqm4Zlz_63+BN0O+ovz-=pD6>J?a8*=S^t{1y>2^9vk*>Qa(WQ zPXMCw(AS{jrA*;t;50z2bKZ1nG&2I<5r*?G8;cX*X`wru&ny@d^c!&`YIX-^ft(*$4Bo9B;UVU<#==XsLS}Kbtf$MxP(kPfl+@-xv@N{R? zDc#flJjXw`JZQ3=6f;%iJBez{NZK^^)BHSu&i)C%*%i2ih!Mcv9j75h( zvf0L~E7dd2^!SpW&_=K5tg|zzG79Z#fwgO84^8^)$pPTf$OZQ>JY(DR8B>Ir;=(U_ z$iSpW6yo40`W0Eklf9O!95ki6EhVIlM?+k z_U09``c+m5(R%^6C6Gxh_ZLph+^_H8hCiR?a-i1odr>jguVa8J8}bn!fSs9^p`Nqb zZu84qdIQ=#c52PjLBTY`LB!uQ7q<_9@uwzgyA9d@d&x-x#3YolpO?BuVCIC&V$2Z+ zzd@n$r?soTYKQYMdM0(aU|}PNRio4F3ygg%ZJ`T2g7vm|z9FV2cqP6vysY}u+d?(T z7AhEr2x5cFh}Q1mI;MC{T0eAG6Y%>QG}!%5CX>BS;IY7y8$4oH5OnUpU+|`Q?m`As zyi2!DNd`_V8ig8geQV_qiur#_S`5L?k$-n(VqWP0>T{hH00iq59$_MwgGfL!7Ez{w zm(pOXp$8%ifNn;-nNt|1#sW^A-nsq5>f)t7*B~4Ou8HP z;vD%jZE6`TvGEjEEb|L)r^$pdo%v^+zGYL&HTeq+Rc}X5$fWKXiC*=}Zqc8^Zcb7s zZ2%G^qLIR?pJR~MM8_rx&kCiMPFiY$ykFY^Kb_mv7B`f&Cmfqy;ux7OzIo1Aw}lAD zX8@JTK+t}W95a|o7rz)Bv#PMj{2x!-WTcfBKvvT*cMWct@slrc z0t>hSOVc=qI#NOi%4#3MKOhb#vcvu$ljz`v6 z%IcMgSDDtb3soIX*F!V6RBNdkh;s<{dFL@oj8X|4_FNwG`i2zg3mBIjpGha2TFH{czDd5rSJ? zA{thqo)9U**COSAh~~9Txt@gS)6SAMs$*ZjLQltOJ}aL!f)@DVJZH z4#5i!OgrR?Stf=8R93E*bM?B?IXTzPtcqaIBOWQ-IA;b%bSK zf7`*^t><;Z8aF|d?%B(w@#eYbuJ*?q22lx)9zmii><`?guMxd|D%hFUq#-X==#qMs z3$DL-K*G9nhpxI+5T(r<@DQ;;8BDB-LiRYHM1H&2b}`Lkz8n+{f-Ozhg>x=Pb}_Bq zG4FH3a;Z3W+qJs25hW!}E^fWOZ+kwmM6%jBcmYaL5)^oKhcGvX31I*zMJY)MIxh%! zIGT;MEEM6|pT(OOAY8uWby^pow)jOa4LBZs()1B%$04?rDJ`gSd(Nj;;(P>!iZbm< z^a2Ks?ip)DNm?G&hoc+|sB+e$jEI+$B@-QXv6?%CoPqZWnbT3_3!O1(q>sBRWBj-; z&WPLlmz@BGIxirq3a!d}ER1&4;`|8sdu5Z_0{-me%T>?w+o|p^JHe&H(F@d%%_tsi zc@uJfO3pof-y{JPw&8};)qt1jdofYAN?j{#jPYIqd%kieoF9ZIoDjDlwiyu&s+EXe z2x%spEXr|LTO+Pjlo-ou*KBnR)hw___swj&D0YnaBSm1%J=LGAF=`|wcFT30?}?Nr z_Z=k+;d%8*YGu#BZ`iwua7_>zCAmYH&|%Bt5iDFZf+|{?GX~VBE$*t^y+^f{HA%Q5&v4eirr;$FawWANvpP@;tDqt9OYZ~(G9N8J ztdwJX7_?^abza-J5mum~G^dKiAS}))Ys?C6>e1SC4PA$fji|fE)p9pniIgXcv!xtK z)T=X8FltWLsBqGuhTasf7MJa~~%v4}viz(-&{96_n#(ji?Mr`8w6;2VW`uvKh zp(NhOK3rLG4E2@@!1bdAvrQ4NLzIKOVdtU^-X#rL*>=VPmwIjLpG^s@ z3?wjH^xP$+>(dbyR_ttvV@@7qF2lnO4Y={~U1In~XGmEikH)Zk3|3P4|Af_pn)}?c zBuma#h2R@0E~6{_bFreB>Vn-){r;(8$68aGo3iE$GO0I(0yBrGeY`+`O zZj=u6`Tap@pYNjN)?juqrh|viJh>YjFk%!$8Zt%4*K;AIKWkz|Cunk_`hsmMO66FU zPpB3j>T%vE=21R2%qgy0nGXSD0tFOZg~`;m$HRo7T-{+5^=~Ev@YnrTE}*!n_gzjf z3x1zBslyE>6SkSl?bEX+&l{ri5V$siXQk&&)K)hu0HMav^45rJjnu_+U*!h?^6rMsnkn z>@7K6jV_mC5x3$S7Z!V^Wt?cTxMLd+gdID_s?O*Zs=rqBkLqy8%O6mutpb{mQEI!V z^)Ao>+@YubA1ETR-E;)m_Bb46;cJe!aKarD)X=jqi|2(k>y^Q0-|vfXyc#l3(Y_}! zabX%H84;^I`>Z@xE;?JBDlYNOM~JuJ@nTO&M`%EW88%c; zwH!d@!JZMo9KJIMuWyvFQ_^9hX(q0QNZ#Wg&p+Y@e2>iN^&tbcAcb&41qj2EqJRC?|9={W-R$TaUnw|Q-03@DIlLl3h z`?u#UkH>3nV@-L5H4S1scVnhEb=!FAXAhhGH%3B%%uD4{^Z2k@N?NS-CS@{T5Tl#yK_nZ?Vu<>1zF!&Yb0l;o8b31rR%T3G3D z`UUN{MErWURFjSzH_xa)h}9Jbl&^xlaAhp>LkxPd2pHq9SXh!#|D+8GOrmf+*L&7a zM#`l9C8U?N8B0R5ls!Ipsn%dIbG-^6z3cW548^E{+y4uEuW{#KFRWwRYu#xkZc2qwk1Tb0M%0j`#g}E!5I1?cx)_Ai>(3kukjjktaZEu!? zM6BA@B=NUaUCQ-aeD#M2S}LXe-c95n1)vIJOy{$i;T_dKRt^qmz5+iVE5#&dxTMy8 zDW`f?A?e?U8Tfz{4d zHIG2GZr>{v2F6Oa;^0JNZ`)mt5h?HmA$?fv+{Ng3JrDEx%*LV)dh-(%R8bH8Ik`IW zfI0Gyw8y{Y8zy1Aez^L`4u+zhgOLS>d&4(FmP?2hn8s^{MyApwOnXvT?lSSdLdxmB zf*#5=+VZ7B8XRKOFITDCGV98&kcpwuMG)glkB8b%zOf@3D%zLIQ(;9&!39sgc{<)! zY_Fx_$|Z4mTH1B#AHnl$asF&o>CZ_v*FX-#yd;(u*{2l7qua=gf<2^e=|n-=UQI23 zI=N>_jE3)>HA_w3YT7m9>M4(OPy8XS3l731xsB*XWj||XDmCbEMK)~`GV31`;)$9T zxiKef&K;IQEaj(=p+Ron-EoRgMTJ=eNss%BWv3`VL>mnXOYwU}_qwZrI+Mm!x1L`A zS4!zTxrpl^1@MK?(>{raP=zKl*2W$aQ`G6nHZo6*+Imr;$NR;p^xPE9%+{RpFvy!?oVf!XV8yuHie& ze4;P*d-so3^$TRAxlfB{l~5mEGy&gFM$w>}5>#ldl?_z|KJb zY9Eblj2xXDjPXDha*mX>>NGq&DeK_Fp=nVy~mMgktQw5WIp0KiA!gNGOr8yhHq z7vU26NkMM-BN#_cj!pVP2klM_64jGT;WytJl419+g|D5-FBPwkig<*I8Vm^VjURu$ z7j|Eq!4GH+)&hF&2(YYQ9|46Rk{f$JJZOU}&-V8H6GE?1AN(#N0?P4wA1=<>A3vW} z?+-t6l#5^6){Ysl3)oq|bsj>~=|A*0(T=|m(SSd%vy%&c4Rjb-Y(uKv5pXNt4BU?v z1XQ3yzzVQe3e3!38{ap1L}(0X&egBr=kHnn_1ujfF^C^E>-Ck^NU zY;)k250Xb=pA8Za_WSRH%P-quUm`(WT|b&72>7~?HKD&jKf=Aggs#4aS|7y(d4Njt zv_9_tX`S?bIMR0+r_d1`UjUY%PJ!nAw&k$Ebzg%{ zOmPHbCoj>jKk2u=ZGfM7fNRnZ)#48uQSs@_jPKd{H}l)iS^qz?(`+xbP5I|)iuiA3tquK4{pf$nVPC%{dFZdoENR6~Fn&NhMa5sJs--k}}Al7Ya1%!@GZX zSrQIFm)(>c?g1?(;M-?t%fp}lr?7LI5vO!>6zU=+)3>6pY%^Kthhc0N)1g!OCp(mI z3c}{o^YaZX7)YNO(qM}QCjl(*v>S4Iy6^^N$U13mYm7l#291c2SqJ-DMIhXNA( z@$YKYJnG%6Mt?>;Is^sk{`UJ(X`OZ?erRFvMS5wW@IB@s916L6WZn|x9;>G< z`>GO6naTDvR0c8Sd!9;*^=#?`!QU=r|J#mT`^xDk+bwY?zvob*ZtkFok&g z>@fl%=dWZVT1?|9da1U^R_a=U(&fwR#VoTC5O0}8JxZV&bv5WFi7&AtLtt&WTRJLu z@mN%2%G#fuTp=u>PSd7S+1Ob^tQ7c>U$(!4q2pBfocA5F$1t6EMMqojZ>eCiPoa4p zyF|h{3w^jU)J}HE&jU(7mCpEahFs zt31I5rM(l}m8^Ba=(nX}I$}_;V*oN#J(pDzmS={S(|RkMcyHdRLk)qMQft8^(d0PB z7zJL!|Jc9A1O(ZT04rd0>Z*07odeMb3I}4yt}l8XgrMrY2!gtM3#TdOw%Z^SZzwi> zErV$r2@w6W2+Ay0|5gs%$n_Oz3RW=~~IIPPZ`D$FGzPJu|q(xU$`r0eQ8S))0sZ zhjbpn9LO%#D@$AtQ6@f^KjeuU4 zG^n$gKa{WDc7@-)w|)9MmngSOsKazgeUvT8&y-TzBqh|)*+U$DeY$K(FO4zdk}9Xi zS$Y*W>JIc@S!s2x(k;+}(l~my$Vzt<#sRYP=sH%dN*bImE!Y|>1Iv5lCd|?CB}Re| zI@+OTr(L0kRUzJFJw46LIg1P8EPF-9K;#g#T`#|>!+N(I%+-c1O;bNkwZ}YXh3p76 zHT?VAxoMWsT8xfm;*fvgM{SyfNh$j2A_@AWA%=-#1M@t~%}!rd^rx(T^gae6`i#=^ zXwHL&FI=7%Klmhc?0Zr%^Qm?9F2jOND9*#NmTa+W+sF{DrMfHIe%!s~d~<$5a%Ao< zPHJ%xDEa9M&Xc1FSn_9B_uFq9A$BSH0NP#;miT?@@esI7S!4_$Bb)-(JBw218t z)+u-k56TOlg9v2xn$DYxl2r^@!)j2N{^hwWHktcQY227F%N+-)xmHsxL`!_V6Y3~- zmkq4$eM&|I#EG(U>O^N>DjWa5YLTAyu=mdvy>8qx@FGHT!aM4%Ul9mK1e~KSuAcQS zeezm~_L0BRYedbxz!;MB0DpD-wDl^fd5#_u{_ed6VOjzdiaVxXN=W|f*Duw+_CD<& zCV>A&q|n+y)N@0B^Yw|!8#0zm zc&L$R=Q=S0nbG+U(Ec6WjcgOp!)+W~Ao6P2fDi4zi8FR9DBZH?t@jr?`Qg0+GN4Bb zdqqCBCww3i9~d3>A8i~O7?X8$F!)iM-7D2TN{4kT?xnyGUUNSBVpn*U_w=l%c3?8& zmh@L~|Lq2jUDkn!en#cg@rDTNEkG)~bmqaI=o&ben!&7B=8v+ZT- zEEx0Ybr&EAK50N_B-$7FjwR+jg$2BPVt$$Fq+1Ofsi{&WfrygKhjll>9C8OF!Y~Xu zqH=o`Md41uh~fN!GX=8DP@iRb6~wKr=5Pkh4Sl)gZK+pL26V}xPJ2?Fn1xc|o4({R zz{AVRq3SJnKUTYVDL%~jXk`?-ooX}5xaCp4B0OmqGda#KehP*#!%+O9iCHgI{ah-Z zUaxel&fHv>JhW7lcam#lYR*SpO(zy7 zePN#C6L8~8n4T!vA+^Kz!ekZbb{LmyIC5XFFl!l%8(%GcQYevINL^x59Cn-^AC__n zx#@@veUL&2W$m1>tel>?k>Du}v2J2srsJg3O7447nZ7Xexh|9VH{5|F6?WOT-FDnF zp6~n=fxx3t>q9;kRxE=}l@lrVY_#c0dAFgIX>*b#nydQX=7}Rp{S%^=yyw;$*=aGQ zb4=P!Uax1N6vdmRb}d4~tjKznCzbn)HKIw>7^hys5u++#@(yZus&elF7t78d;g9(I zJksbVi|rfYPCWnD2C-0dCA5GXkuyHsPdL6M1thPdj9C|m7{}(dzR);j?JU4?`(x3< z=Q^{*IXika_pQ2S%b^CD-Y5^az9e5kV}xQ>O%m1SNmcX0Mdsgiy?QAZYA+CsnIDAW zA!xQEdb%T0$+mKyiHx~!jakvTboi8VRhwJxP$5?t_FYKJ%TM&6Rie{7N}3Cz^)QL7F1x+ubi(cQr^Cvsiy1~_ z;jx{E^KKFx(E+*_B62^pz?_0jby($bXMDT5F9E1F<|ta-=oiBI%mkQYzBX1o1S$Q& zvRXYl#|3KN(*j&&FQd-N5c#d+pE!;QNdEul^H9C}ffa#v zgxZI}VCz)K7#g*+WO_{X)?Cd)_|>KF^LsI)sZN9`n{rAw&2tk}7~9Wsb029ssEeIf zLQTv`n{Vq^JSTdxCL?G~l{{6}xqr@Q346IzYbg}Y>6(0r_YEL!A$jMrYuowPNm!3CrZU>!Hrek7EIHWp z_CjN7K8MYCQ*>!!H6W|S0vw!Oou>*gL?tV-fr0#h*JFeCu^bEtc! zWHP3@LApT{ariGP*AMYNQWL` zd`_0h2JS8?Z;*Wg>U2QqrP7be@En#n9LX+2_x0 z86H;@6iihrwHNZrc=O^$$Zg0R%1Hhq#J94cn;*sq>&|Y_^z~)q+jx?{X0!l)b%EO$ zo%2JRO`xRVrHVsNaWI)BO|RsTxZ45Je`JVke}K_02G7PPzxK3_&c%}O@&M^>4-Xu< zaH`eGr0aGtpK=0yE#ABNQ$Pv5ywCqcSCE6RCHPQ0F!91rU4D9dJ|sSSOe~TvcZUG! zVxGpto)LT?OACP;S41Z54;B>%b6>sR`Hd>-%}vtc!BX53%$qU9LwFtP?TF)kSzd(*BRcWLQ0hjtCkAXMYj$O?B)Q8f%0G7V`O|PSxPp-0CDf#TGB0#>$F^nhxP-+ z?CT*kuNEC}=zEXRjGg?G$m7`xoKr7y%8#y+W2tqBPo(1@L`@G+WY#Y)rQQvbI5h4* zk(L9wM~2i##}2AQtrlg(81c0u)d{g>jM+L=>u*ySoeNC_PPNOeC<4zTrK(N&1d?Mn^mOrEDxlW9*^vlLM{S zQrMbpjLKBqxm~$eI||trT+uJ$wXe{BjtW@D8kiokZjP|pw}z%_fW05U8U#Vqv4i(9 zrQ+ng!jxFF1F9KFK5?hCr2W#qr6_qW(C4>w7CSTaaaq_R5-77RtlGc_Hw9DYGs3mUnM9Tvp5<{2JXuv}p%u*cJv2Ahu12UZjFjBB2URUC~)_L@)92W zeMXLbgETf)XX7#E>{0Md_ktc8h99|-4FQ!ioIgYi;|@#k$+C-)cZ6cQu8h*iIT!!E zc-N8N^rZ#*e7iKu<&7d;&myWrTsgD^vB8P;Cx}g($C->60#lVIj5xNPX?vi~mm*f- zeI>2Q=e0p1ld}fz&?M9VuLDz-u2IFTh^!WCT`Xm%T{K1##8RSD-97oq``0w$=DTBR zk~c%uev5<1R^f8qEf!X6qcwq1_>Z-t_1$g&#P~P^ zlkFKZEnX0m+%Hv1N8U@knUu&1otU$Yc&q+XeO%}{3|fqPPvnma`->q--&Ds1F60qU znJ8y(Tp9$6)M*i0N4%4I4$)n8TRVBFkG#UOHY-vTel%}_)03}^5JYn5K~~qO2;iOY zq1^VU-%<6FP5xpOTO>S>&!^yjUwn!XhYRK%XDWBUNA7Sy64P} z;~`k69eg!27aJ4EM%*Z_VCLoM@@P})Xo&?0=A5UcP+82piL5K*LQx?>xHs^o@b2;S z#t{u?qO{B$DMPMBmXgbw&ckU1o@`(4IeDYV;OA)^7Bq z6l(H6eq|%j1;;sZiD5%m8Hkc1cVC;^`>}jB1c<_Gm6zSgOFMVLp`=TF%bDyxHw_6p zJeKFK8QNmd9O8)6)z`|MYc@vd&GZ*$d?~dS5eA8`ct8Tyl%Sgqp(mvvqqf2MfbijK zKiG?t>jccw{h6gKj7Ym@ zUm)JW27hm~zHE9ayMyKSHZQnm{5XD)bT0ojkBFJ!Uu4~+>&gXz4q%peMj!T<5}+$* zPOaSk`}7tt@mqBP-zk|{N?g?gP|Fv+Ry%w}&~bf|!thsp6*D{FtE;Hx7kIV(?vke~ zg)|EkkCrwx_EAS>nx|3DTnIe0H51l#4N^=`hkV!SQtd_uozsYOdBsl(2lI!=64RmM z*=rCNd=7@jAfzWHb=@O&Z341T+2!v!D7Z%}rT9 zqZv*nHmI`SUn~Wi0%HMjcU{p=J1kf>@a26fm}l)}0}M%6MNVXc1Mfk<6MDfkKct#O z*5G2A#YvF=^S7zY#cqNLd!}&_0r!^UUBmcVwWa$8rKaN5(Uy7RzLZ+j*_O`RFf zDI1;V|Eq|{c#r}HJ86m1RFDj1U zj36tg)}Z?h`6-3Z=&BM96Sgcig=d}!VdU4;#Rn5{nuO4W7!AHZYA4kH$`ZF8xfxa#bLkxTu^GLHyA9&X5f<%b)AQawG zaS2z2CCvzuUT*tx=WV)-WnUch=P5Cjv9}98)Jfxd-!)UE-?;qXQSI`Or}4Je$G_Y~ zv*w_Musz=$mXwp?v{U>&HPO%~$=y%~N1t3DOw}xAM_4auhHl(2kdiI+}np1r^zN0%rSM2 zld&KpIn00fmOww^M;;X#`gY*N_X;3K0r4oVy$`=^3%x!EqLUm$Z|ALa4 z*XkmNt^`mEP$wa+f>wT$qEb8UX`HMM;gA2dM$&LnCdGUbQ>K1#WKbEG1GCq@HYyqr z6db}-VbBbd*X&_qV=r~KRpDdcJ|UjHA8>Ql%0PBb3jyc}jaV|~k|JK-)Sumkl(C>&^ds`rBMv5bPA#?R zlhh}zDv~d=Ok8c|B#0yE8U^IPl3*IjND*9aS{a0MdDXmbkuGFK6g*GwSJiVUJ?Doz z3sb0TIkFs1H{!Zxr#rnBd|)7+KT=85^-C#S(`R{k>DgvWL9=d00b%Q#*{?^4jLpYp z)@m<6m32ax!V{Nx3L%`=xam z`PSy@+JX)eO?6A{{^+RfY{xZA`vN~6627#0zG!O(r}Q&X2U}S$zx^!x{_ObCh znr#D6Hpq~6A+S(58vc^y@>!7yc8g4v2!U~H)B+c)v_(s8EzDPb48z7K#S57kd|cyg zBNG9O!>rOj*f;L%k9o~>#&^)0mO;l^)&JDi%BTEX7TB|e^LW%a?G#k2aREa_D`}Or zk{>Hho+a|in_}Rj4#LK_#{oo%Lc=bvoMOmO%w6*i<+wMw(t+U_cQ2681rz@JpZ+|_ zaEUqdWjQu$m8fqPJI^%Xu~lzWS=}tbFOF~uNCMPFKvT>l_xX1QGZA}lh>s+x3Kro! zx!g3d<%kuNZTXDG7)RKj6Q@pL^fE9P@sgY#(iyhnRHH)PL{cD(rfe5}#oroKcdoeU zOsm!HwH=um84zkyRp7?*DcAY)3Ai69Rhlmy@W1dXLUU>AKuzk6BjhN<~2gMVeY8}k}QP?Z9f!_;od$&dOK;wquKR%P+HP0fO; zEWB^=TRQrF={z?TrJgs% z9jAQG3iZZP8`n(jH<)T;sXxOZiAHY;d|q2n$-=~fiRp)y+thgp&CAKwy)_ikZT`+% zr~uavx3-*D@cxKhnzg!YYfE*t<^sG8hP-6U6o8F zu(2v8$=te#``@&@6m9=UE_8X z4j4z36jFBd1`_p@Gw3O=#nH2EdODP-_a=GOx^-?&X)O(;McnaA(>d&;z+B7)S#O5A z<5F*$3y00KQHBh3%m7u+3G$k;B*f#(>hR(N!l9f{-~1@uYj5;D8XDB-aITT;2}?~R zKBY#QpCpYKf`4sd>e^3N9H{N*h>*NZ=!0+&;0N$67&KDvH>qvT`2i_HWt9gsZ|KH!?u1^_*q@=QOvQDoeN zsN`IFcb2Kff`*=k_--=|Ip0>9bHxZSM+n-{Dx3j#-%QvE*%$5H{)g4$rd~I6aRnlf!y^ z5Xjk}qR+c^$c>9SI>%)r$PaOmL?5Hti!5&_4peMJL>WUhqFnK>Wijj+jf%?L^(J%8 zym=r{o!ev>S?(Fq@{ydSebh*{7mt*0I5aks{%={TBqD4>^sGSB$|GQ3HTrg$xH*)O zzND~svt^1a8}hc!uSERVBTMRob%U|yX)1%qwSTrF=IMRIomfH4T2ax(cX~HTDj6`U zj(^DH#7ucJrxQGN(3pMzA}g^69Zb$ySAjE%-|$Cw2?0@_okKR0;}&tDem@a}wfDYZ z!s-ySZ0MEs!yVT3qcyi<tEz8>^rDT{gyq@V-4e2_F*efoHG`XEb=bKI$g-bybdH9MJk~<^^B(euDKzH zf1qtD0!F58amPT!@`h~yMsi1&Wq}uqUmDk_JhZ(#ZJmb79^d$>;m7#@7n;QSf1pW> zEUf>HqH}jCui=$Aw=3j}VN@gYM4`?Cb=0b#+C! zxk1_5-lh?^bCvPiyOFhXZ6kY}mS+6%RCz^LnX~My+J>jd??S2etFQhezqB$Eo)RD9 z4@*E?I5q~PudiQXsIMPDM54m#+5qyc1t(Sk<7CI&+PwcU$v*~cwg;8~jl=GLWn^Uy zlrW$QROrpbhjF6vNTb4-S`qVFlt0N{rIT^7Nm(*y03C z@-bHoC>WWs2-q?&usz-%o`0lo9L@}W!puk?T)u&Y5t6h0M-B=GkBN+o zi`K(KO-+px)KZL73vzKbi5W=Ek&MZYa1Qxw4}=*4V1r3usSgh*W#VL4^lM0OKjd>D z(LyCt1BE02BCca(1KD5?;Lfs+@<#xYckoLHV&HiAhtStI1Z>XrP0XVo+3p$W+ZgLZ zF}|rCLjWlNgZuqsuY6li&5rbKPLIS-&1{}KMLu@_@++a&GoUv#w?J&La}0dd$gOPw zn}K0>a((e-HaFEfH{S!;=owlWSl_pU>Kk#pBcj{8ndAlEc1a14xA4;`=Aio~`uh52 z#^HcAK>ch)O`duOsX8}-e~OI&G!V{v*XE{{ko3STz)!4fzyaTV?wr_dK)|vHGyJx* zy}y1U_b{=5M@~d#frRqP+u^rz&j=Xij_~0$dji{W_#=Ubctn8)Z*zZm&;8Dftt<_X zzefRjpT()j3GoR?`QN37KNn!&*4sciP1JBenxv`_K!>&o^?`U@KWtH5{_nk$Z|;lpS|$>Mb0iDxPDPIXK+^EwdL4%xrNEV*qK~f zKYGU4&_P)&9?(H)h9B!8F^}|W zfljY|)UNP9exj!TIg2PKr{|i3Tt4w#nI3qvJ^!K2 z1XpgxJ^N+$x%%M~JMoQ(%in*UZJq5m5~BKp8lQd~d*B<$$QYpP8~yTH^ZTdi6$e=7 z8=K^xW(@hM{M}X|513u^YZ^gRR6g4m#cyZ-N!A3RuU8zxVq<*yg$`04?zES{?3>nC zU=B*>=Kx`B^O_C{=Jp!{Os4Np&OT2Zk3ZB`@oUy|ZfqTxS+CUByPW^(8}WPf2bVt& zXAa87er6?%Yp#H`?yE->Xf)ZyHOn=_NsT5sVa0JifAIZ&@RNArVv6n(p%p}es9T(B zlMsy!AO%L3BS!OlE2N2vwvp47^L&6t=DN9uPC5tai;f4q1i#mRut52E>)yTQS^l9V z*yQIbk#MrX<>(bRE7tCMjp0~{L#~GhpR=j5R%wzL;7glZ5Um)#^g@^ZXPRj$W0*L= zrC>NPUy#@JliksgD?01(F`Az-27Bg{J)(U~$uW@PrXQiM;?VSUF??1VWh!7#fsqU?tJ!c7q@prCqkv`C-|S>@8w`0*)Di z3E6?x22y1nNJ5UL3)XHZv{Kut6#lM2S=9dJ7p-MH)JU`~l9}=jwm!Imko9;y$JkS) z?yrlnSAmVry`+`T_>$XAo*fGkFHos!44uHwyVmtbAsb>lr) zF2z~77zXJKk!Pk5N=L?FPeI4k!*Nu0s~|WgAQR`aY?SloL6ck1MTf2G7_=ec5$eQ4 zA1sufMc4d~=ZH^0T^VsM$?5Md#}o*j3v@vXL1m7y*Qa5pM= zv(!35U}A)ADH|bAf}JTpj-9wBio>CWyQq3LbFKqfhh7-EFO(2Z~k$W0}hD`Z^D+zXm5oRs9I%M zDDt?Epb0B1^2(LFss~)Qflr>o?EQoc9nlg7{lsm+I*8-_w0&=Z&r{QUS<&z@Ho#qB855r+M2P5WolV3H{E zC!U}ry>&vN(*^!Hgsdz;ty2p$%Sb1UPWc$)YG{W^OK~PCQ#~hOS{_{1gMB5&o#kBH zfOQ{0oW+caIl@+b^(42tDbkY^6i+H}p{E~(z$?<{XZ<*pP>8TPLaaw#Fvb*lgbcCZ z;QcB5ZGPx1xEFXdYQb4H{H^(C+@4;d)PcT%SI*^3y~WmU=(_^d8+BW((ea>>9a;_f z$#|D9Y$me6VCT~VHhM=(QV^5vkSp57;7<`Dk(mUqIL95-;1d zeFgC$)n?51y6=|}XtmeTMtt3>Y=R|qCCyTn0(%d!E7xmcuXyx$^q${fj{JsOg$2&& z%b01XLNc#|dR*$y=JO%+A0e+;(VXg0(DCuXq3t+)b6?}tBdCnalMT|u7;E=k&OFK6 zV7Y;-QL)oNZh=cB1v9uBh!I43*zpm1Cb319 z<#hwR*W#>RdiT)rLsxQ9y$zC_X(Rm0Q*PIzIADB5tUpCMQ6|;%c~dwMo&Ua*jADE> zULV=Yryv7A%L#0CTkgO-i&QR)+rA2Ht zHTbU}1}Eq0IIZY1>K~Uwl(H}7BcyU$ zX5{iATfe^H2)bS>n_c=-pCXpfV&yoN5bjcy{!l69E>?tKO-y_~9%IuZ?8%EZ4Sw)* zt+Ku-pS;Sk?wBP$Z1%Tbm^O(RS!(xR*~OWD1%^<3yDg00Mj3;Z)1Cct#2xqKBp$U{ zrf*6AQe7AL)*^q6HJ1~cjo4MNnkCn~KZQIWkNf>Z{E-VymLTQ(+l^~Am$Vr* z!NOdZnz_eanPX<^-uIAKK_7b>^n2qh5!5(0L8Zt(7Tw!Hz1$Rh-2Eb}>`a5AFuBOW zgPPu{Gy?hpC}v8ce`RvHg%Mjtm1z%>#G+l@!~@jxwVV8aPFz#>z;>G{D!m%MLOi3l z-#s3N?dh9~!?%GNZoD9TDf+0;H95OEs@@Nhn5zD=y3`{59+mG6^>drILSSOg;@U1& zt9~-FQ-PrS%gz_YjXMJ<3}Eiv};-# zkeRV9+c~!k536A)1t;s8tWsoQ^>42YkHsctTTG%+wQutXn2QC`1M07UHhxG_@C_bJ zznMt?aPo{lyT4$1<%q5w75^fp$g`GeuBb0WPUs zu~&e%skmW-m&zq=408(O@uF9fywaxiL~6VXI9#y7fRH@@4aPAjK4+D|5=0q{iT{~B z5&a&1E6LGEN^LA;LRe(c=UCbf+u=J+to|O!tH?h{Cp@7Wj1lN)YlV*0>vQeR2^?E1 z?4es~fq05VJtMV&#}6$`5o&iudvaus6e)m)GLNXpGsU)fhIvjVq9l%qLDP_Yd$yYa zK--g2#M=~L9-rFsA)Doxb+5uY9>W5Wt?AVXk9E7MD|+c8$y9gZzGC-gN?H@{L$pTm ziz|;TZNU~E89Ip2HaQ0F6=NJMatTqq?7(JrqaHPXQ>~LCR?7-}@RqKQl|<7pP3}?O z?dDe8$FVvSFK7`|q>CX}d5>sk{1934uc6*sQLp6}<;$a24_9uNZBdEfDZviWWU#(b zpUfvebXPw#0Xh~Q#5>#mwg$$?CqJ+eAQJw*$F|W%(-tBAdAneF@Y1Br^L#0EBX+kQ zG_{if|Gtk!iNujD0_Uh~A4_pcd-(FJ*~g|r}7xwjS% zZ=wL{wBagv_!eLu2E4y=n5;18a4+7bh_5|^$v&y#Wx1|v$^!t1EfnXRL-^z@VAc+-b)N#ggK926-_(i>f8 z!LRMEH44h(uEM=?-1k*T_0!T~b`tKoW;AfMF7pC#}{e0HOta|GB-!mq}l79Fv{ ze(ROl{Bi~+M1wQfZ6DQ|Px*DVE0PLNqDh(9nq^94Z~8d2akxf(#s0~qApy%kTJ{R6 zK3b==cXfF3d0iR-cy}Qr<;Dz7D(kd|J;M6*y7MQxO-dWtOQ#}EG*0P(B-K#RmS&6V z+iL|8LvuN=zBbY*Uh7}h_1o7?@}7jXgxEhAPsYihSzM-`QJ~z>0sZ>)UM-$0qx6#) zz#qq!813!DgEH+S(Klgskt%hpD-uVHiV&{IjJ?lgbOXl_BXP0=B;{e<0u8AxR_9Lf zMp;mRNo6Km&fWOjD>%40v+0A6jah~zPs`dJItq&JU+|~M7?}Cxi-FxYehk;v$SLX% zZkvvHhs<8UnqecOw?d7JZMX-!jbFQE04`BISzc5!dipuG+V3&x1i(E)sDU(_Bc*r;(2M*tUz)%ar@i0_BiK{%f z>Os|!h>6Z5`C}eJual+12*AU6&Fr{`oAdtC#r`8%)jK}xhcRg)(oqg z=z*d5T6e!?UWDq^6h!(3?8yr(I+G*6V*>bc5Mq18g27akr#|ZS6+SX*SPnn?jL39P zkF7wob!MMceV~UybtCA42io_gC9q_NiGuBznW*2B8W(7FpD)pUPH!&T0y(kc*reKz z)(Mx>B5*6-u8t3t+?W;lt)b?AeCxeZ@Ag7=*Ld`3{T{6$1a#p~&fPSPn)Ffv!?))! zVVDYkfZrln5YfhiI=1pewQAtQK)h;Wb#9g>6UmG%z2s+Fmg2p-f9^+e@dVtGgp0O} z7z*|=NK?yByU5-eA~;%`kfc0uZ?hIby<}>VloJk%n`ipIYvPbQlx=<);40eLdNHiv z#_hdgoW-YQ_ova0AhG_kp?|^^c`cd=tmf8h_6K1T_TiENcwW-yP54p5CBM_1TR*;amB%Ox#7FmdXWjsUDaYK`>`D=e@W|fB>SQb@(;o3;DY= z;7;cjSg$qK)6^nb{&vyDTJU$F5|&jNubWR<%fTY`V_SsyN6hd0cK6)FpuQMYj|8i> zJ?H~z$sZ>E-kzi;H9n3Xr)JBc`mEaJW3kP=nioe*74D6#$br{sMGc`uf{WvqndUw# zEyA_3VU%BMF0tcOi+Ux75M1;1GtUL>iRRqiuhZ*NAvRV_N-DCn-~Z`4hDYV`r2#Lx_UJlr^xrgwN;c);ef7xetA3&$2P84*Ewn<#xhU4Stb4Z zDvXbueAIyQ8G1tk53s=80xe^TG#2J=C>QYul>obl=$@-dVZ}TmG1|#ATJO?9VNKN} zu`-U9`#Ut5rm{d`OMOUE`sszG&o^!xd;5XsCBhJ;GF)_OR`xoNJKq!0jc#+cz?Qnc z`YI5!6_6={;05@&%M1TmCX#QP3di?|6?X6Lzz8qPLd+d+fSB~=`6L`w^WZ{H5f zEQC(0g-Q}_pP+%`%cf3b<&qfbF8u-U$lY8sqs|IAPxoR>%9NIXcYHA&uV~211;*s6 ztbl@5T9YNL`0NCcv!O&&Yfx}RxNEe%uxSM2g-hM1*Iz;h*zg+HpnikTGevo?v%S4a zUhq`H?Yi|SwxnB^O$&Uw)}=Lt!LX$dQ!mmiQS=rrsRU#c4I?(#Kl|kSBQ7UdqYGpr zf%Mk&1g`qUDh7eDx;@Qo9v0WrdSFpUY~4^{sjcdlEDJmKAZws<4-}br?46)5=Qri z!yaSIN}z|%4F1kV13b=MCF9rRV`BAkR3aGhbto!lWE2K`|G6{ltTDBaFq)NX^MW(F zTk!+vCaheWM2f8UV?z@IkPKtjNh_Wd)1cg2)xO(c=enNko?t!>bmr)Iv}%J;bcc>j z6?rYUbr-1mywI6kYrtlgW+Q*Gm8zI-HO1Xgr)PCl3}r4f@5H`QF7;3th8;<#R{4MFfn~|5j`Rk0J@OdpZ~T>fSe_0ot>| z+u*CB<%{VFGL@{?SBid@nm3rPt@uT8Js}pQ0-Y2Y5BXI1TFY&)BqJRik;OnG9X8qc zs;_*QYj#x@J+~4OLl8MOG<{iw2peL397hm%u1z2RK;Cp^{eC5oc5ZWEiywox`i2gN zOb73djj`D-3vu9|&X@5+SQotSB#xK$-{zmf-MrY7H_M4q6s zLUtph<9aU2hkj8IgHR~Q`u7+x)9k&6cQ**$3Rg8`5OU+3D3V&R&4F5|P4XC?nR*NNVxpYNvj!c(Q>O|SkkHdHALtakf6$*FO$^b z&7Gb=7s%?ZuW6A1P<9@+#VVDsyQ66xj1-(rH8F06%cV_L`C&hQFF{8H&D7j5S<R!N-(SNw9?lg9op z#?GNJ7cNY;v2EM7abnxHZQC|aaAMoGZQJ%6C-BbCFwsByMMKhR7Dc;{Jgp4OuUy)OOOpI zUt7&ijq-$E!ZE3jTvyg0kZ<+9Kde-_uuG&MeqSbuSY>}2WKL|| zx}tp3niW~E_b&-nK@WTyF!`e1!u-=I{&&z^O_6EZY8Jv#v^xx=kSh8HVl^){sG zu$UrYNMVjU_L_MnxAg(lYW_Lz4{7TxB6)@~KMKp&zc9SLRc{YOS7>cH$u1`J6d!k^ z2v;&PHYScnaG;xLu;c5XZ+_%h&JA!iIhozkmY)ZqZ z?mpsgeTGVNl1%E>wxE|=QO7V7^wkh4iQZq6{w?M zm))MZKUTv#TssTKQyys3ss&_Ax&wFfYm$Y!>rd;!TaHpg=#Y>P?<0&1;O^BL^tk`1P7HUZ3PUf-{ul(!rBr~v5WT@ys_(N zHz=8h&9pKP`dEo=(|U+)ZBw2pb*~S{0E|uSOuOcxb*^@oVL0d7IY3P%_E; zEf)t%>Dl{Bom1Pcrd^Kxcys1{fz2qUQ4J_P{kJ#6&eHCPx59E9ChwkC`L0?J4YS5O z%Ke^pd+A}~-KRK}(^d(1HdixB_0T1@hOxqSnIw>H3q9NsE{q^bxzrG``8s^jYODgh zO7?c?BdE)TnSJgHd7>fsm1n9Lt$f#zP`p?6|;16dEad znDfvTty0?~_j|6^%8_GPp9&$#%bfKYL$*Y#W0F$J7$#k0+^m(-`T=2&A<8-Zpz-s; z#!uO#fG(*{BcT*l>2m$sOT^vn1exDU)7#_f-g5(j`EVfUu!UHjzCi;n+eS&V;x@6t zP;Dcbvyh0Lbep(Croh$el*dW9#(t$f^~TgcM<+<%usF7ZLs6U_c;`ka*+46kPc;~* zci$KLBdgSoo)6+<{GaT;wW1`40C5!cH_M0dCSLd5zRr+*6jYbUL3QV6FfNlgX(!?O zQM-+WBiz5Z<;W_)o-~5-klE5F;;+az?wqkOzw#PYp`}oH^sIwwYp|H$sf7(A*%k7EjxdQ!w50Z0 zqA=k#E(~Qa$-;b;XJtvKg?!F9s!4F53s>=aG>!3NuzXWp^%*Ol>Cm#~}~ zFIFLCw6LzcLB^;hdA`C&#Jy)~9P0~IvR^J_6cIwE9I2}&cQxJ3I6fFv zj{(mEL*l7*mp*f%h_37_a=2^K`#wcrU(}`a_TT+=_L}UGWtexNGo&_g6j?WNoRN$@ z>7MYHV<5ON4ZD)6{O=e)m{W>^&t`##z+eiS3NZ#7lXHtP>kQrUXv~S*N>GA08W=Q|J<>O%XsIC7tN!k_KZjgLqjFM5vt`aa4s}3 z41tQdHv&4)47Ogj$iD1dC%OplX|<$hD&I<;{k1tQM@xnX*Mt2~s*-Jf^#xmK1avZy zyx{i{sdeLkt#*S1(D&`Jpf}^ZA8^(ISYkP}kr-<4MjV6~(Lwz;6iDRk0>t)y6DP-Y zj+F#gJbsRpGRcE*UkhZE0)YbRf?Z1;a@^$EF3HKh1K}e7?LPA7B@u}a*@e_dg=P@; zk52tWrc5tzV6~d$k$D&jlUAc7^aeN^9orA*nhf_=-U+}pgOCPUK%bR4c6*e4KPn#EEZ!?3554w~gD^C@_=T<@=`AA3{k?$msi*#p`PvOUW^1JRr3Y@+_k6B_Jr509JSVO;sU2w$Y(6i%3*Y_`q? zbRwL}zG$z_1IKabjyhdJmxZ{5`~BNq3CsrYK8i-pb8v*_L1b_VbRPehh|&y6AzZFn zzl9e0&Nt$?fuP0g?!ca#d}a{x6P5CtRAsO*|EG}et5{T(am|HJgl_C*e2JuSyYmQC zj9JqQ&&b_C?mJJ`=Z*3pYVETXP}CJE>=&SwR-i-7?xtvc{0(Ft=_~dRc6-2FROm(w>baM*LJeT22g-)SBtVhW9w+x$N8Pb;zDB#8l?nOJV<65MR za=JsLwq&kB-|i^|tZuI)tGbB<%lTn7P@W)ThxU+b)RRPpnecsD#uhe6L)Tbt&qz@? z;GsGLdGDpylR$Y;jDvXM2@~jHq6t)AU@7AgR%gRUM?it?fZy|RA7MKmr@JSABly4) zcu8D>6@z69tewFXPOQeIVY|v5B4Vp5oI!MyZj~@cKa&$&jfwM+f2*%7ypj=TN=P)z z&N6sXYkua{z)!@QW!_!IjEJj8nE~2awOo>DBwCp$Cb-T>$EZtahM7njl!z zEeE(&ZRSZ!z9>WG<^(m3iOrtK0G=bZV@{>#ZgJ_UiYTD0O3c^uQ5m-@)#EfJ>|ru3 zr}YNAob=f8@e=nO_oOB}8!j(XwzR5lmnm5VwWTGi^p#yfKm!?NeTUh)f3YZVL`KU# z1jzRHjocAJOFc!c>H?Ub2g~E#%_8#J-E>PSBJLM{Lv~uAG>MOCRmB(A{!r?H+AbQw z=TXP$65OFjeBpbtAyKgg7AJu1L)?JR6Y$qZ@)33ialLupZWYmLMhncV6CemQ9<~*6an5>9U%HRV$#otwdRbS`foB}WM z1UiJ)?y>&Z5tYuJE55bQmia3&o$-@9F5p5fMcT8(z7 zI!C4Aw1r^7UuQnvI}}}r4l8lHm4?pg#_vJVXxFpe5BuV{v>ky{qs1t{pC;P2D z&r*b`$2ad~d|ft<W`}f`1eSlR>N}%jP~LA= zdndfgsTC%O(!8{CtN9e4(XS$*ndv7@$`R(uy>#^5r5GE{@gdz(0lw4#bI?;MgDLAj zG=0XH5VD6w5N3_jo{9CT=m!E}Vdr{vmf}Vt_2yv&Frp@w|FBop_38pJ->nDOx}9jf zbWl_R`{HiDrpuoRet)1%{9ugNOY%Wa z`RrdA%6-hKLR$){m(^B_P;ATNU!)>RPZH&Z6eRI)VKTp9r2`406(Z!T!ne`!d=+g% zy)~D`ss4s*46;KLlmA>9d9F3kr*XkKLOpkDS3>6dDFkC=8_PE~Y)S;pLG@64>_6Nr z%Q0B0;rd8?SRqMTtrU=y3}F{rnchH^RQ2KoyXg>~atxi3*d*qY^UYWGcGEls5#OH^ zi(sPD=){v?Xao?zAvY^5t}&yIHP=sqrc&D-M8M}SJ?T)Ro4V(B`qVD#c9edM9d!4{ zF#DbZPi;;FYGmUT3VgVi9w)`7a_6K{ZEcs{UJ@)SKYBF>VQH_)yCluZDE@q285zr5 zb|nwOjX;l)@0{?To*tiy%zRPS@Lf^-S0bch4ZgAqwL&9?@n00C)EP(&kUj2TTJB+H zZe1XFIJMxiDo;~|Ndj7if|ZpV>kix|T5z%KtibHz;1uWF{^?Lhp}<6(Kqfdw38E9x z;JpL=j%cN466ntYzPIt0!m&b#3TI67w(NX8$|G4Ngt0kGRq-YC1N-j44;;aOp^uf-{;P@f9BlL{UNvubD5eYyqQ!+fbObcv<`o z;dUX2!612}Fq*G1kUeqn*nLty%J8za*zXfFTs_wZXF-FU62^%1DIy7L9U`;qOkpF2 zu4_bZIAs=y%`XXzIV96)2zq6#T0Ex6I#s@eGAzH5B3>r_qgXSucPu-p z#Fe}bz@pcR3AZHWfBd~x6GS%0EJQh!lc;46f)5e2L+{u}evkc^6OQUKElEzZ&V3|Jsx@gS4pOx{oo8IhpM}FaGqxqIR0|n{{&pZa ze{~|~WAVVOr;<}_CENiGU-|~;?R%S>Q>6E3V!W>1p1@8{fOOC)Tlvw1P&*_e@#mU3fBmt zt0jdkyouRF&$Tb_ zLPj&ylL_&`Irbu9MoLe)a0s7-qzlBM(Hqo$IiVe1VQz_%lFVNyq#!*d3c`A{{QVjv zd%Ln8n45Hc`cO)p+lZ$=@ZgFnIWimJ5Um7boo~7k&1jDLXwMZ2lDMX1QnEG^Eb(u? zNspGV29&beZ}w^F$G8z(jdi*}**N;CJE)Q|XOH+Ppw^9X-X*t$;FX0!rGuhjRlbqc zGW%&z>lak`2~DhAvpKWfjG0}4#t5^he112G4Q)m+u9!xvvxJYFUKe34a)OUpD zApFN>+X+#_%W*jq1*1=m(eQ<4Z1lz4$V7k#1|HdN$TSG^G7)6g>IiL+Ju3_AXN|hg zyNY$*{Nw4~vWfCD)&5vI7Dc3yBBHT|07#WRR0}6-Qo|BuT$ybTn~ zvBCceW3)6%?Z6D=|0+Rdr_|?9=;AUF4rI}E6Y9l4Zr9n-LB&{AkT4)xehq!-`zUzU z<|LDP_;t1eKaa#{3vMG4QJ?J{93KZd7q8$`AA=%Qfe3rsj61*zs<_O>fGS!GqQ52Q zpx1zHJe36+_aTD@o~$hmuB!!v>%-=ZjZHz~uo1lu$wokA*;gHg6(1Hx$Ctw9eCB>%;g;iA+$}_`h=3Rfv|YqV085 zVeE|4FFEU@60F@@aLFfb9zR=VdaZlV93&}05hT5B1Dh3X@`Q?moXxTJMcTe!=P}u= zV4!xL@&=U(E*Akj}gsHH{pP!*Tm=U-@F0lJ>v3_JCAqx5}Uy(ye7ovds9ZPbdN)tIoZd!kSZv zBukP!g_dUX|8b4UX`jt(ze=(yh&S;k+$tjykE=|>L-s;^KRXR}>0MWar{COgB!geZ zbc3Ot_-jMo@Az<~w#Zkzw@-S~sj$IJM8cG`*QZ$v_DGMY<~k#D;s)`-PgF5VxLG=y zZ+o1s?>x>4U9ad|=~BbhVSv4o2cx!6+NNj3^a%z>=fvQX^;=#=0=x{b zpu33eVNYGa!*HJ{fmzf7X5-T6sR&lHH5s0$AO{n=EEc?S7BjMR(?bvW?G@d{XV2DR ze5TtSn6U80+_8%n#wu(>IwT4!s8}Zp2DqwP~~8e-f-7mA$OPvhx9 zaBRNq7aFbwuNft6_ajOcDIbAV7HWo%@8Orq6+|AJQgW!Wte<@q5Vv$<(o>|%w&Z3@ z_d=JrR49}-49j#n1G2$6U`kTE_8BiM!_MZknfxc+UqT@l4TkE|Euj3~&#mgvZGY5c zvx7n$k9hit>zI0oj9{p^>CjgS&~a(m1_M=6yF2-;`5SEOBkV6&AU+E&iC`9|6A<5J z>9o*_o*&HZs+hG1i42;VcAWX9Ib43+RO$=fugma_pA|IRew@Nba;P!km?qbE9#F?p zATo$k2mux!hh4)ee}5!5`|^N~!LO~0iiF1(z=_Mwj!#Wu^t3JRq>}`oIzR7y@5dVR ztY`joAn8Wt*5XQCorWH=qF)>6Cy zp&!m1$eBfZL!#uW|IVtKAE!+E9r&9GfC+)vU}PMVChaWfrHt=Fc`O~-MA)Ov#zPu` zs1{QC$2pky&QD)=k_z=+)YXx!>$k|+auCz-+lk-QtKA;Gaq;!&^Eerl4>DbLG;UUL zjB4iMJ=!0LqVbrIL=hTO^Bp8F1B+Eze6rLHOpcI8#i(>ax>oq!Jjw6o-EI#D5_-!LgYISLwk?~^Pb5RKz@eW?gPseN>m_Fw z!CD~GZ$|5FO-s_BdJF(=(d9X9rI(Z&r*d_iKe9616!g1tR*9f6Ly3eo%FG7g431BV zeR`n$E-z9EIaJWy&BUN`G+1=H*`+d&tIrk8@W#cnlb;A!jWT@LVw9uoQ{w{}A>ZVE zJGG?DvE6-)OMZB=Yk$OGrMHUd=O3XkZPM#|yNs~vKv`#nURw2AR(D<{IyWxN*1WY} zb5#zx)sd=uVGJo-bE-(=q_W}?dZ7qw4yvHcuzC}#^t^}_x1NQL`O#63WGrxnb~}sYr^Qt8;yKg+!_qdZ<&ARCkNvjWxWL0|t~^8y?RLUBZ5|0j*D4THF_=W>wiT5MASgPH69C zuFY6*mP2kI*E^H70Q`0Go5C1fSgh5{-^i;u{pu+z900>arOq8Mt(H(|qQ*}1#Cc@Ox1iwr zD5t~!Bp31dE*0@l!a=Yz0Q!+H$1PakxE=jOTa^y`nIY=v&@I#;aJ=2?H8^ z!TC6gTT2%hp1QS2GhG_B9sFn^>miCpBxtg4R zeHzO4S%Z*P*p}q2A@L|KUGQZzMwK}VnI=s?w;4k2Vb-bFqhnN!9R}>^T6G1{Y-!sb zGFPBJ`&B(lgJ^fA7yQk`LK>HI98^Alkc*kMu|6$OYku6D8iPGeZoKpkH$)^IY7+oU zq^0lK2Kl3TbP4R{#z?q4kyj_Vt_=WJNc9+|-2(G}PnhIY8}Xr6Gc`C*TkS=1{eAK* zt2AfUG{YQ0I`s{B3me?shi}X6{d|UY^y!%kHaPn@XXDA~ugw|W9OG-jwAhdRKvUQU zo@)3}oQcD9TcYPRP??6wcy#!OeTEd_rU?+L+Qu17^h4;^NIaa(^raP+6p2+9qt{G* z{sotR9jSioCosL<7GllK<7UDJV+py6DKoSWynGC{7(GrfP_uPR9$!d$iOq%Wtlz3A zI4Q*9hIYGLi zx(x5dBi^GKkwY_GK!P-NOMDmQsg@f_o@NhuL`NU8wh05;p7vmoO8sF>SW>VfQ+uwe zy6Z>qlmJFgs;uAp+e97;AK=Qt*^o%tO`rYw#LH5i=UFv$Kh|GvGn{gXCo3Y`^BFUw zNE6W?2xbyJHnNC-l}n(UaoAf**r8g!3l%~LNYjt0!x%x&4Y$5wG<6Noo}EQgi|F@+ z8A)R;(ixbwk$)8Y0i<;Yl1WbL!+A<7!f(PwpXY}x{Ihl}gOnQ%?2@`j-e`R=y{(&B zRXHW_D0M(h9p_`rd!*N|^GkE-Og9Oli~HvI3;Y&KW&=~75gy*&4e?Vw84%MC1b+{M zb-X7Q`~sW_FR4B-CcZNL^JG&E1(ME<54IZzbF#u$N>edZ zskz3C!9|#F&g`PAa4+0w+*q;8mS%;uCJrE@NjKdqhj;6_1W;3+>l<%?W=#3Ez5EKz zq$z}O-;woW|IW(_0Eod+KZ;vAj(BkMtLNOhRYS2>{K*#2>cns|bgwX{Xz^TzK620y z-99q`UOxFw%oS-}=|fCTV;HEBC7(1S`<^VSRO`m~((G6MNmYY(7Zitdv&b$~7wtud zLXM&B4{+ribmvKb{$!@5?7SHwX|;K(ye*YSye*9-2>A}S7P=QdCf%Xugz>CExofv( zJM?U6Y=BY5yPVJy@vf`I)7-8-+$hWB{)ej~4R(GGesPU%9WwZlnrQ_{-W0#yKnOqs z)Jow$OZcpGUTkM8CHIR?lcfJMZOis~H_l0r{xCT?G547(RZgZ&YHOn-9w5s7$mdnN z77d8-YO1nJ66oHpy52;rq#xbae;IOqTk%jhX>UZ7UDrFnc8%Pd70d2=$j? z1w`zg+^exSsD%;9nh5*V#99tb^S*Scs_Q;iA0jC*SB5 zP|TzzyK9dijA--k0XE%PZbNi;V=?b(PvHMrc!v2p%Z``)I^Pa1ML;r^k(0{7Lmq91b8yg4rd7J_-`{~hMcu?vn9cL$C>em%`Vjm313JUI zr^_TW3+n{D&^;*q4F1K)!+3DQkEV_mPIK^zi?7`MIP%xQO#>GV+XoYtQ2eMG?m5sQ zadz8H54=q={}zJAB_+;(tr(${)PJ_@JsnGny_*97v1NnxQpek(Y4k*ADtyk61Jr7& zi&igS?Id+%{2>}I48Co4xusmNCPS(o-KqP3LLDZJN{-ph71PJl7!3cMtXl_rQ;Gwl zhD@wS7hu%M8_JyWOw2`B|1u;_V2v!~71%^z3X_7$YH3XE{&G3e0A3nsb1;A^PWbpn z!Ody29KijUX90s{(0{I2ZX6X8SOYPmI}#yMq?yUsQy4VwT{e8((=dh75Qu*QK-6(7 zj>GTZOjPxAEMlWUnIYrP{#&8?-GXQw1(0wz6z~b19s06ieVd4-6*q5b)(TA!O3hRq z&ym>d3Fqw{r@zX*i#^V!)Wx0bNMYt~a5haBH< zm$p9x1^PUJb}GA+M<5|Z3oXc%`F~+;Cx_k6j;5#Xt2%O97=O~uZQPoS>Oi`@wEsHi zBmJ$uBV%ZQMk}$=KeBvxAFhv-ZwaKo@NZv@6X-=y31V^q+Y%PxzdsaHOr>BdfHr>{SMd6#z zf+>$chHR1!9zHyoaMkbNjQ^zncM3=$a2F4Qf4mvBpe)8%v}+!U5;qM6m+R$KP3=z% z4m)#aN%lUlAM)9}b%%5wvg-7P*$o;3#`~ri$gmNSFiHycD zxc#_jgqGhoTltKTPM}n*4`3@0qa9U!;Q}lxuVG#;kd0``aL8cvyHpo;eIb1r?8-gw z#FG-a<@_$saeMTiSN-oJ?|Q&K-1L>_6ANtgh@Y>oc1j>cWxO)a6;w+`wT>~rXuqy+ z!4Ab&@8GYOehBX9yb(2tO844|&VeI9j*`as)svnsVqqv0dO_-L)$Orm7lk6}azWT? z1b>1+&kgWZa~!z6Fd-a+_brZv2}Sm+4jrb;_J zvbjtmshgi2AME#E1_G;0q*J0E@h<|M0cL)D%OZjrTP@65w}f`Oo{DNAibiPEBs;X! zv<}_r-O$k~cU|xlM6^eL9z4*Pe2%y8q+2q<#O#X2(iZQz!+6RVty0 zzLU9d2*>3cIl;l2e9K>N{SOpI6OHH?kZ7LQlJg!ahKW;9+B`%^yO^ZSw#Hfc1CZp8 z0^B52GtelQNbm&$kHzat3RyLI!lFWYW^)@H6D53^8hlQ~#^Ko}%c#yh`ZRk*Xi`hn z*d+lg`@=bH#{%?pXR7Q)*6a*s@7bXSc?fQ+pmO{e=c}=n;Ue%q_#iXk!~AycVh+Dj zFaog<4PsjLCoiGphq&d-myv8?AUc+Scr;y3h{H&>H^n6NVO z{b|mW_&C|#=iY-|+&m2Wuz=7|~i4oB_% zXXD~s#@3BeO?PV+eSqS`?B#r#l4BfkXna@aKFYZw$05Gw!HF(4Y>lAds*?jkXVgkH z1#KX3d|jY5ba(DFW*8)v-LYVp`3ULJ5jpIdUE|QmG@i`#xsV98KcXM15+sIkwcO?Y zkt1aWf8*m{^K~PzPgbxywlyO60!0sVj$(eo=b#l#!zkh2tMsG|2)XjCcYzH~malcC z!Oa5u%mjn)l)yC<@&!gq7xU z5$#@z$(->IXNw}viP9;LU!B*4stp|suIZ#aLOq0$0_wh;5~thBx=BHS58;s~xF)r6v9C337k>TK?Hh3x~=Tgep`u2 z5A$CUV(^BxX9;}!w>sQp%Rzi~%_cw#x zlt~j39sc%VhPIOys5i)fpC)_hd1M4X40sG3o#XouvqYT)byU1+Dd;7biTX6|nImXH z8rl!2p$nonZTEX(O3jCNq{bN*nW~2|VjGl}(`qq^gUYdAdm(z%j)?|(S=Jy?qsZzE z0THPCJQB7~%%@*d{wQM&(x=}!58GvvA)lNCEze&ElZOc$akD(&k-szPAiBl1$k8LqVV|pW(y|u+E#%B{1Lu8G9Cu|wiUJ@AE=tXbl3O2Fp8Z|n9W=$-(;eNlCuzBHv zp3_HiVAIpQ=kRG+d>lv*Az6YmP}PZW)n=RzJ9YweWK>UU)~Y@E_xlcn3Kf#Uecy9G zhtmsoJJKIh6l1FTPaV`Wn405E>Q!!yP|9&pfzja#mC(3I2o?O(TME;x;59nFBx65l zJ6+zj`z247hUoI$9X}?*+R|Tb=*<)QnEK-xF=ktpF!B*Dje!C^*@97luNyyD%E5HQ z<5kvzMyDA1Uf@u%qG#)k?e{d%`q2~sU3{AER`fVhQ+LtOqjk^Q&(04jIsJ~gDkLUv z<*t4$U^@x-hbQMBxyj(w1d~E$igG*YFOVNPoHkPX?vq2haQw`|+RZ#C1t^?xb3vSy z6Acn@g0k1*uy|%(qU~;{%8%VI4hb#^1FQF_HjfuyljjQW1x3P~@Xj#%De4qm;^0X@* z>V4>kgWEE8P}mXh-GgA!eaWw2c)mfD)3<^H^C}}akivC5n)k9hI=oFCba_Z*mVo%$ z?GFeF!OlvAgst+e`}$#==?fFB{sd=L%2Cscn}KAeP1`Z7jF>s$j)~NO5Ym#S$WyhR zMZ%aDsfk-zF{$$|AGvL3POV=iVVyxIi@Ry~q`1}o|v4(~b5;#j;TvB*Uyt>93Yi*~&$N*b-o{*01NcGnd= zS{SJV*mkAij~cmk{hfdp=CNv(!dA%kVood!D$9nFowu|KE2t&R0f|$=3h2s$i(7&=GllHJw zl2ATmU;-IDmtl_C;Z`oMf?XuHCHM9`TTh)gQ?TfAgrM8_Z5Pktw|Hc$k0-G9wER@97PwAPxRUR1mt0i0l*YtFKrJ|%+t0(C06JInDgQ#d%4P-r^dW@+F z4=F{^wq>o)oH5H!uiLRz!m8U;3V-P++zw^3;Vt;y(|O_iI0B)qlTyd0h7wN-0=%9f z+DOYln}#>v^TiC2@Wi;T;D_bomW)@vw~R{J0N40`Exgq;afqJuwc@ZkFT0jLKo&lp33wKNYs_4T7`Gs z-~|EupO28fR7Va@2E=>T{DYKnlJAJ~vJrK0On)R?nhV6Qwfa0`K83CiJKySI#pW^Y z`f5av^t98U%*)WmcM}mg5z5S4| z2D5X8$nmz3+0L{8fihqySt2o6qJBb)0=o;@zgoIP^rXxUgYADrfGa!|Ox|{5l0=Ho*UX}i<=-ypqfX{|W8yx^>iJkekj4YI*+g2D-A=y1 z-JEkyz1Q?V{5+b5@hgYt(tHQAsjW=@32KpiYYea-x&YEHfl~T9yrx`~xwWgVjc5yZ zeHPrVq-5+N5~xktX*2{UuFl3DhiZ$R|N8rAb16vqDS0~(W!6z99Q8%S6*P#HW1hG? z=~Z`(%p9tRU7;SvkR!ERr}FcuQBc?nY0RzLc4x|yDSO8Bi8!!qZ^787p3yrEqA?Xq ztQDtnk7_?%=}qcamC06$B%LYJP5sU;mxGMu6zBq>%AwT8z=-(d88swHK+1fFx0Lix zodFcyZ#m#q6Fu$z8L;FxCu6u`*r?&eu4#u$ zlxJ_Uf8KWAiolZLS&?YhQP0t^^MXr*TciA@`0Jw}VgMb-W@6}EQyB(Eovs5T73M|? zmZm>=*LOnNk@*^Kpa`-K%ra3Hy3*yvi4Z?G?+=qJ%v_lqo$~di6p7(oNP(?gR#L4B z=|_`D)>D}J51*K+)>nd|KK3OO6FP7A3Dw+|OJ)s*0Bz)G)Ugsy!1QLnl$^y&Ge0y4 z!*WlMK9JB)2y=!Gl*88suH)~F;W0n*$g4th^Wrak$JW&^rhV<5kvL{P=mGbx=%CHI zWA8w~{z_u6ayjMfH{K8ZpmG?BZuup8!asuDH0548HCI1x11KW3@dIKONyl@Q?XIC~ zipy7%DMRyMuEEDvP#(jxkgqmtF8fDt9UB}1?@}eseudgV%Dq=YKuwhs{sSTJOEVPqp z;aDpP+mCxm)xpK8WGCqf<{jkN6!89IsVwgeJnaMoB~}2~`7%6(l%ipWn#4Po)*iy$RsJM9D4jKcsk%P8N2OcJ{xm+Tbirren6} zVl9IyGrj|yP68`H2?%;xmsTd5DCl)$Bk5QN`VbLM?3jK zFa`-dLqF|QlZxz1^q)6V1C9jV3Ax3aztC0XrXKqr5S>P7?BmLyP;3_oYi3}t*?4I| zs}4FrXLv2<%n`ktyI_QOyNzG!b}o=OhA7k%eUD|*<8x-yXYtWwcU7aYIkLGb+YCfc~dr2WwrfN`?G?U$zHIQX8TqBpf zX=rrF&(#de!YzUHJEF-oAmIh5z#|2mAAt=j9=_O8vJ@yMw{G?FlqD5AAdF@ z`-A&8lIVyq2aC48pEiXntj#@RH}L?w9<+@d602>2ta`Y(qZy!26ge*(&k{Oy@XX-y z*EH-bY=C3McRme12_0xU;4mHT#WfP7pNuhOB{n3i0Hfh8hjI7tXo}PPUn=p>N z&J{M()=3@UQYN>Ja#{O`+dAxj*QP{eh#~sN&Uea1 zsX~~LDqryA{PBjUX4UoQCtL4znwU;z4UXBXg^UU@;Nmq|44aW3G- zsGBc=MR)ZvA&ZQdZO(x)+@_ilWS>DGWS1`A6xTY@JYquZ=R20<4H-lV^?cYG41W#d zZFto61jhV~E&mBI-uhrI9&MmYfE<2ipakUWai5NL%zpxowlOS4533iO#lqC@gupd( zIxewJbDHO+lDFpMmGSN`IhCD6!6`=&@HMWSFz*fBgOlxREV-&Tc1Y*}zPf(DZbmXa z2-Gna=_i>`oJf*;wxmYGQF8qlUn-F{^xu@8KjlJ`%Qfp!!|B_LO=IMlyS`a#!A)pr zGu9Gq0(R01;GL-db#?SjdDPJ;d!66E<3H(DCaxY!gc`QOYSp9453m2-W=e2Vi6cdV zfH&(vG*ly4b^>vI2vJl_w*7Z!i=Ugm_E?vVR43WpZ3UDNCtU`)+q#&8)a7zY$Hfu8 zbmjN|`hn#Zm>RRiD#71Z_CfMCqk-zyotwEe?&1XxX_<#>6SEH?sMr6=9YUkHPev;` zrhl#VkO)o2Nw418e7ryEcV<~tO{tb4i1=z5rZ+g^?Yw=z>#&xzgu!sWR3+4R=G zmlz-FE4F#cO>7Cj)31o+*t!(jHd*%N@vN<1;Ngw_Mu{g+yndUMbv=_^$W}9ba-ciO zE!-xMhi#cy@>hcqmu0y~n(f=Oe0U*OW}vcCYheYvXQ(S9j@7|_V$6ljoc_TbxjUYqX;io16_@cTCo)N+|20-ot36G+XvJ)@s$_1CvQs6Q-LNhotE}2$c zYu3VxJ(QwvK$>l4HuXD5Af>YEDY%Sk~) zh$%1sHGFMtm;T1Fh`6z!i)wr}l&>5h_=Gk2VLv`ESfD}&=)sFPnQ0-h6~y5Ug(^Y0 z7#x&-&Cpa9=X%cnIa=JKuf|ABo2D?#F{GczFK9N-5p|G9)us}iW zb=Vl2bkE4@fIhHp2e+<{%s?F3JxHxZ4ltBl)~I-g$_;pRhr&1fK2q?x5ojs3Gxllb z-wGq5KU89WF%YncGrZOofSEz9_Zz5%f>8fwvnsNAm{mwi5Mgt4{Kw70ra7>e2)Pvw ze82Wf6c6PU!!LU0Tkf{%a=nAP+~6)C0Qs0rYy>j{Zc7z|QH^~VO0uZ2g>ZzEwXMh* z%qfTQJffEv6hJXXhAvKOecMS*EUfTP+Nz>=Ggdb)A2b?xBl@Nr{C~r-bNw$kc4kgC zCKyIpGkXhHOBNz#Cbs|o{GT{>W@dJF=Kmv(J+2j8G3Nq>K{i;#F?h;w06(~^t7{4< z1n%}W8;o!pm5jK(3w4{m9m1nc#{KpBmiyPh&B0IY$xmTx>l?77Cn8o_JxXP4?*Nn9 z4B5rh$kK2RGK{9G)d56DcP&dtXDg|ydP#(-vu|KbMkDtxg>{@@`jZiqnet!MRE+HQ z@X3h$00CU0TMKx7BdF%yQ={`kV?EHirl#kQiRIleEE1;^Xcj11CQu{5@EZtSI_FGrMqLt`A>z zNdJi*7#I+`r>AdkZ)GXmXJrBM>A}r#Kpu%P=zq}vA6w@TBuKbs(XwsZwr$(CZQHhO z+qT)&W!tu=XCfwM7H^sR%BE-u2=LCh03zheUO!qxEx zZ|3h+4eZ(u?$tMX13=&`tslDK&BZ_sAQ)#Ckm<-TlP4nKH*qt_zX`6Xq0!;N0Vp62 zurNFm_3rNBDi6MgFSW9JkPhY3i+hC&fJQG0;46qWkdB_z-W-XIuy=3-_4NGHe$bDI zL`^+_V{!t-0IC%4&({&q@mX_4rTEE{q=2nCq(b;-B5eVf8zg? zuBomps3V;AGavQ45*fAO{m%`%z77~;lS2c52PX%B4h}!?+FwkO9q=<1bd0Z#*$~Pb za5`_IZ+FfQ+5NrjpVe;`jCQx%h;pqj0S&V7HSFk%CWqFXj=%D2UiQ2H@GJh`o$U5F zzq=tMy0*5z3QJ#wzrPi-R|0K${+K-uE6c~Bzfdpq$^bw5%Cvj=%+&xa;GG-a^=f0I zN2YKh18Hsk`ot5ONJoGy>R_E2n%|OX{Kr`R;WKC;U{ssj!G89r0L0YL)4ykWWYaSz zrp_Gw3=i>2<9Zm4B217dPN!Eu^ResvoK%aO@JA+0{+A38%)}sTpGPL#r`;Y zCI$Y3>3eLyLG+8)KY=y$qu?U+TiMI=MM|Y8&{(uYaz8_xNAP5zYWv zgtPJ+*$<%`>tHPVDA5UB%(t)*GfFo8NEMns<+)oq_6mo}7tu~bXgPKvNq#Iw_H_^n zI#c!te4O>}D!}6JWEA{yxqUQ1Dd*~24q;&rTjJJgpjTQJj*%FtpzFDQJUc7Kv;f|| ztCCHl8edGsR^^1h9P8DdDy}L&I#pPkNt<$8_vSnbPl6nS$71{l3{_U?EX!Q-IC7wi z8G&%gAjh*%PFGLPSTCM0X>xp$=mW=JMebM?Tn>*QxlaH*A7KibTk(g<2@aMh;nZZp8va*?W`Bv;3FmPi{O=0f9dDo^ZSeXM zK%XN7nSRo&(JJK3wpIa`G9E5aj2o5ca|9nl#;ktPwSL3Lu1pu+bR2rgL7)tfLYSs@ z8ded1mrJlA(ZYk(wOPu@7gLA#?+Fx_mORZPi5F3BSBJHTD}#%|t6Bl_f?uy#BPaJwCH23E zfg6@^nORK+I?IHVh^M;EN{=K+>K9rA#1PuB;wm; z)SU6QRgq^XaZi}W81FiuDM22;bdL9lNVqQYYr3}9?%S(4CQ@1W0{CZRDMYLkFz95R zR#TQ@t2+kEiMt3>6_3KuR|_dK{JT61p~$rr zt;3JPbs|0SAx8jX%a1%A=7a& zI&Vn(E#p|Rc+U2u7;@=7L+Y6a3K-dhzWPyDq|vC3->oKcNh^g681`FMynhsmZUqql zZ)-sFI4tS#gJ)7gQ1~Vc*~eI?3ZHAxQmWUN<_5k;uRK-@A>{Lq^O0>x_;!d=0$(yp;`he4BE`N-slx{pg+qD;+6TNH zCXMbN0@OTPJ?n_&SZR(_C!0VwTv^rT68azPzk?xx0ANWA8AO>*2gOZtlGuIht5qX8 z%+P;!{mwr}@HU3GhV*X}-Jd~i7LT97tW6sxV57n-%l$;_v>+0(uzB=V^5OWxY&NzA z9B18R8BhE?t-}4P6q_W_OKSsGFwmP5_ROk;5*Ll`_4IC&vp$?qvfiK@!K7ObxU4u- zP^3|J1Ba?CA>n{s>uq)CEJ(kaWcLrOcEp8wtT>-9U0Am72zBSbB*#OV!ga0HI*})L zHd`%j6wR&yUBB9OXsZZ|X6n}Lx9nTif$G0oz*vf@0b&QkR@Dv)dYdoe*bKlbx%3lv z>U~z!lFnffGu1lhHK=OJk6#(41{oLAfG%z+wjnhff@ry$99JA|~cCuN-LsV?!%VVMs z-O`x*t@h-Sz1he_j?$c|T2Ha&KTFv55(mSNBS=DSH2sb`^7k#SPqi>`j;IMx*QjR6 z*H+xS5~oDj6I}QZ@}=a73Iw%<#HnF2)u-E28feS17q@}9`fZ->;BCV7(-^d|#$`h%=%7fT$1LqoEY@mOv37j8$u@swe3iWJzPP;y+D4mh zX1x}`oGR3sIXrx!T$O0N4%Jv$SIUg3|NbJMXysK~>aONwN!^bW#bI&O9T|`GDpgFV zu`Uz3JK@-=(PT@wl2wcti<~Nu=?xYi2q#MSTbG|jiPvo*{T$g?$Q<}BCmm&hy7I!t zK!n&D%UW523{Z$){MBAX)8{3vbDrEO@?&cK0lR!NFmzMm?Ed2ToWmN+%0@|(A^AJ# zmx-%HIxd~NSMvTx^ibgloA2*Ei*`_qO5OZz>>3J4i^J~ZyYffOtP(RD?0h;7q>yQa z+FG}RF+pCyL=CRNIs4^Ch5^<)b(0pP%1h#j1{Xb%3TT(f7>D!|7Rwdf8e4STwo!)t z;ZqBtqG5L>lN}XgWk!r=7%R8Tb;~Ry&_~)7Cg?8Gr5vv%yw!puqV@TX2*i1-R-0lh z=~oO{JP$CQ#flRRU^^({*}cd^;2&SLp>q9iz7|Pxuo-FQ zq6s9IXW77g&7(#w>JvrD!5Odh{cZ>b)G!dPVx1PayNg`vG0)LqzAFqYJ9uD=*4xnK zzh``@?omL+w#wr{U+|HuIi0rFfZF?g_i;%hM(lfK>dHa(_K0NLDSo>2x z8G_-_9SNJ{Ch}#qajR#_XdqedOCS!<)it3K3xR^3k1EzA>spR*h#5OHa1tj=DMOY= z_@3upDSVArQ$XlZNEbm|+$hYd5VmUlH=&m1#2{;IdgmTcrgdnrbL~_qJO+o|jCM2_ zX_El_@(f5r!r&`{At6<)yFLxyRHfp1oHS$N>o@t@AnFG|-U7S?dWN9Pu*9F%&~4JFR%l8e6TbWl0F6nq9nVvYOm6#q7gNN@=!yP3E9+ zZyDMm#O#=+%HDaPn<7suo1nVN@_bBa6!MvTwW2J`AMh5v$~k9?tAk?dOU$*GHj+WY z@q^^h8MoC;OYHQ~dd42`pp7AVY^GQ})kE@fe_`%F*_amVjQb+$DRMQ?1J1&d4#*^! zwWZ1^M_DVHnIR%)S1LeGamNQ>B; zSjX`FXq+vos+}t|ztXr&bMVBO^t4i(Sxw&b`!Y~nbUzIW~h zP|TsTJfCuqgbk7DtccF;Y+k0D*!drS8NM0v3haMHr@Qw*3RVewrwrs;9-KiFL(CQ7y(89>G z27TyjL%RdS5Gv8G^1=uz`(~l#9xqQV-%-fQR!SE17CkzLk(&ZOpwZOSu&{%+|1B;A zr6q%gwt5>nrgPuIITq6Tp0IxvUsHW^(TjAT&(&v+gLL}Mn!mLEC|7AsY8qZ<$Sg=~ z_+mQa5V7#Ga<{&0Z2B3+ntVeBwi_MHNS$R|?zp2cffE4c<@-0`VJC*5;?P##LzYTdG64D@)dpn~Y`!z@rhEx`0U&EJJZ8Rqsdyca!^uBl=^ z&Bi;^OY)`tDL+j6_TybwHaIToKUThZ3eL6*3PEDgF+PHyZdGUU=(a#(>^|K%w7J~P z#PzhYtx~6k4+vp7xj}UiqB1koAH4*YshD5o-l-@Q*=y3FFhhwQj)YuhsiFGlg)B)V zh^u2vKRUftjnMvdJzt8MDZSw`FsxEVF|}(`eA`0CQ1y6Yz5o#I%%gNPxahKxl%gre z9%tiElr9Y%OcNDk{sN>_@=O3h2hKHXJ7GMA+kB6(iF{wqett1PeSaj>c+|WH6G&TN z_cdJ`^@z`}Z)8OXGPGX1uI8r_=nWJwy;%Z~^JNj8ur@$=HPy>yR?v|VpRBH9@~8Y) z3?65!RmBO{nJwscCiQ#N*mQHRdL5k0y%F(jxH!h`A7<%NorU!|VkbD?Wd*#AjnKja zHcaJZdym~>m~DU_zWPPy$(fP^nq)Zn_JU|U+?^=kj1MCf;^hCfm4en7p+(mxG)DQj(Ur<+F6 zZ!WrJF%duHzNv{@aVQZ&ZtF_mo?09TuI&j9v`D|yAY=Lv6Yo4a@d*n2z-HG3%ACvy z$sV>`Hz&o+*P%L}BG-#_&v|Y@xB0}sT?BJxN#DqLbmfs9DEvQC zMVx(Q@!Ml(d#zZYNqdaEQ>P^=nAKOpwpnr0Tx$0zDbULdO~Q_e#qptvmO)IG%+n|T z@!1z=5k=#w!@CrByn?wgJ+DG)PpkC=aR;uQ(;Kz-fhUjE3Qgl<_R0IM#NLglLz3w# zIp*=OZLjdM9cqBu(?a^LU?rvrV=k#^Q_3u`Hu{uWQIBU-JwL?OhH!7l&liSsH==o~ z)A<7-{<6uML8&;s&wgdBoQJe`_JVmbF!LOYc0(>s%dap%{;faFt3>>380GGeH41aa zLX(a7tl4{H_eHEuXYaJ^y;ql3n)eVM1on6B0fD{FO~tXD!b!p|k>*{~Ut36!_){P!U;Q7$^ozeN=QI-{e?w;w%#H-|PHw*WOL z>~D2iTa1pr_&0)t_|+y-#{w%Tz9iS(goDihS02+i9DbK095sK z+iZ#@B}w;IOimos&PE2|923N^c&Gd{+J`2ZPdMZ?LgA_9(6rtkbF=uf|`|wQar zsDh5-!Yu}_S=o!VJ9gD^bk(|>6UiGwG}!0horegq9IjXNW%BnelkEey`UTKjPt#P+ zB+8!NR|gZgC0l=QyrO(4yN@_~)X{d~4J3FoAdIN^yZ|y?Qe~nmmDtu^xT4bS zNr+y}A_t9umsYcOvHS4nehK2-spYgz3Dg6i-{rt#YE~>-)G7UGH9`1GK>R&;%Eq5R z=B6H&y{3jGOR=Kd3j~!9HW;A}oZ0D7{>7YDVH93Y7opYfqm76!dq^w4(cNsm%pJxQGRJn~Si>TfD*-%Sd z2*Z+A$}B!r6qc&v3M)er<+r?&a^v%hFFOa8|C#y7B)Z-xw3n+TcQ-1++EnLxU0}Z< z)jD&)D}^K_TocPtC##TA4Ga5|TPKfdS-Z?)68`Ktfm6NZu$nR2%*!#7!09NN0a}u1 zt`(ljQ|~0Oq5=x9)xNDLI20t};rU3jpQ?f~6#<4TkideQrGZ8v z$KmKU1UZ1TaM$2kUS`r z{+;U^yg$tGDSUZW!u4M(k{=?XKUq53#0TH4FhxT8hRvoGK_SN^h4lInzA1zK0$Y@b zxu06*RIBhe6d{p3$eR%-Y+N1F*)-L8=xT{&QhjhtnZ)UY*{42-hv+7@@{?whmzYM3 zEG(MnibHZiJg(q*=E;IEFG%`PKHw_mlZpAyE8gK3uN9v(+$AO(q~tjL(B&wNBv{t0 zV)q`Imxpnh8k27p>fWR(M*ZWvp^IL)YGgSUEatp>$xZE@rE8Ckb#(ztL8$>8y2lX= z4>_6~mmuea=_1}jFpaWpY+~5;pp1jL)fYHSOwB#K5&*;9`baD)t0z9a3_(|F^$_F| zcS}X=_@8)WM<3Cf)B}f{Z7RFS%&FOO%ew6m{{N-Gn3)7<0Z7aN;~h zE>Tq}zUi4nR7s3fAu|OjmUn*S?k6U6;a>t^pH-#9g40(n=;;iH&e{b$_N zRw^%S>C3*D6|V!*A&%|Gl5&Ieo$^I!43WZ*1FX|1`7kshjl&z7dP9M00gN5ew53}a+HII5oKB##lu%%|}B(?U*DQr^2M^IVMU5VnTvR{_P5^GJjovr4BY zBI$#c7^3Pxw~C6Bs24c8h9HeTCCRUd-9Q$Y5)3X^U8Mnp_k@fNP2%T2dcT3cV3&EcMPCHS%W@mIl5WbTTWp&?PZVGL~sZt!v~=z z8qFU}nFp8PLp7hbq~LEUz9`)hjx)>hb(vu*C3>g5JHD`tLzeHT7?!n z?F{=x`b6;gu4=-`y|b{AF0|0btG#4rSBh`0gih1Zu6R^MO#-_d;a<*M^ z>%!t*^VDWE(a#wMhmz8_R4@VyAUG4xf*h#D5xUK__Bq;bpPlR!TPbvf5()IBJT>hD ziXg@ad0D@UU+sfnYSH`dA$C0ZFaDGqn@tSjRQdONV3_X(chj7f*~4?2UCkeijU_6S0mr%X{yn&sw+V#!||L5{oSdVs4nv#2sd!gBttbi zmO*w=q}ZeKJFm20s{EVTOVN~rrsu0IZvHt4$=!C0s4&5CsP@9TE7Dbq>3E+LnPX$^ z(zDQ>->;YZUiIe`=fk_1PUYCZ?}_gMIRVgGhLb7z*E}=}%W!wEdmU9`zG~|7*{1`( zh>T4@LrN^@!9cBIiV>EB)0E|>Z^-dv5v;e+o|08%mzt}tLJ83Zl=z=hfNpz_d3r7- z+DEc&KAg{8^W8F1tqpNDiH4|ym4zrhIUsg}d>(8}5lw+6L5hXvUtJ{pks~evdYnC5 zTna$&*d44_C-f2<@A8pQUTHIN(GYHAz0Gd!S=b{!39}NWH3~TK0H{m9>7bxeiTQ#C zq>3im*u{L2b}(KO=Hvd;1k@t!R`RoS(EcZB!u@PxU6rWp6mU6MJ{30jf@+ajRqhIn zj48JpjuKF}8V}8p{*$j?o;_9YS2<99w|W%~scdPJ%?Kvn=U{G-40B90v)9P|mSQcN zG9M%}ci(TFM!y5m<0tOOb?;2e^+oYaui3br1I4tRC^k__d&z47O zD&p-V{M{Eva<3ER9n^^@W@KA6+r7QT(>WTV-E>8Sua|!n#0TY(`aijvIlWa`u2rH6 zTMKamS9t4d@o4GvgsncvGsV)`C+W6Co=FSLOqG)2wniL|I)+JLo>en`p0-R~QMF89 zlp=h~@NJcJ-OQBO-Gt;o*i_TWMQUF>wd|6GRGcg@%Lfvc8E0QJ*`u{v1Bts4m#z4k zOx?o+je@IM8@_n^`__@L7rwvaA(gxz>MDO|Db(CcowGZ4I<<(fL`9rtmm=gMHGb`O zdTZ?Xn1Y;Tq}Y~7e5Fa!B~#9Q^9S)}y-LT{736xbRX=97lbQ&>$#KmKso+eRU6j^s z>vRlb&FAE$qQ6Ynjx&EgmM|MXS{EY*_)0t28P56$4@&qC_&Pau(vd)56j2vTs7O-$ zE7z$fSF2)t9G;*xw=8_pX`sMye5){cmxuzTqT%EZ0zaBBJ~S}QW{fBSRTGOV z@H#0$yF^nsH4O^Lnr_I!wW!v)RS{k8@fxcNRqxlcU(OmWOx=fD4DiP%(HqZr|s7ua=H{Y-J-f;GS=P zy|xa(x81^pcWQQGKw6GUMcmx)GlC-o0W=Fgtr|!3B24Wk;=@5R;rqr{eq{O`)L`yh z`DvU&TU$Tkm5p;7wVC)rd)}fzpBX_@E(8mkU`|E-yri-dNmC}(fWpK@auLvqY`S^Y z!CHwz0bxA%nGfkRbY*fp)c#T^rSrZ)<~T|TO-zyzV`F}Snckpv4;K3Jr||tS|rOev^@FcGU`SnurQP^Jy%w;SM|Q>SV7M9JNS zhX8yXZC_d}vSH5?PjT_1bv0*~^%Xm)O{4A2u}T2uqGKJS5Vk~1+en~j9lMI9Im_hrp7aECmS1htp z*7ESuL*8~-omZAGI70+5t|EQXA_FB~XwIBf)~||t*Bu5)@VMSS_PnaCMCw#ji^TCN zGkHX}cAyTlMgv>st*_#!_pPM|b-`Z0?RS-^f1KdRp6-;Avw6?X+5)vIhL$0f^||h& z({DrD`t1{?B2TF&hXOat(@Du&Xk}g`e6hk;AhE|COW823 z$lMdgdXTU~Vj<#N#>b^y^+K&h0H^1z=j{TPEBF-fyXd-UV>=o5Xw8nPtZA zp7TVykLvG$#yRh#FB#Q*EJ*U$Dfe-#X(~5c^ ztKs%#?4#v!6?^_&v&6^e!JKR^5x3}$Xa{ozj5|0DoG!)2VeAYS<7hY%A3ue6pdu+x z#-wC>)T*i*xYa{#C%FXA!ETh$)(Y)JHEXXv55X^6D;#=_G zIMs9LdVDqbfp4SztPqo(JLzUEI20%LqRuVFT($PtV?B@wtsA!LA!^$_pj-4*$W7yW znl?gKt7q)IMQh)XXPmdp=xMm>r()cp%4gJA+{G|n(bN#!5@M*=osZlX_tb1|4t|FF zDH=bf+J`L?zvPv&peCed(+g!zM&~{zgB35>{^P%?3xlcpH#fb+?0hD_j}OBStwBTj ztno&FCRju2qBL6i=FZ=`C)7Ss2aDZF%yi%luT7JVa+YCa4M2TomnZ2Df*hoFIJp2~ z6jA1`kdxKlrW)U9@eN$)po=Mvne__PH_A0Uub_I_C&t?*R7%r=I9C~YLmiF3O!f|T zduJ*w9q?1=H9-i<@!EU2M$w6}XJI1vo}GADz;SUC>;>${dg9Y3@yf6r<(eF8!BYI8 zBcgzMtOB6N=U`Zz{I&mH(_-Xe@gbCJ)3FVVz%N|jqo%=3eF>osP~5d+N|={s_TXG% zl*70tV1RJ>SQV#%Nich@`%#)Nqp!%vm(;z8&b7MSA{0&9sQ7li{Lhe>Xj=LmaaYJq zx+J5tcqnW(f1E2B^K^LTBB;7H_4~RcwtRuynvr}cc3Y>Dr;`ZXeco@r@6_lC#FXuY zg0Pry8&7#^2Wz$)*P$;cOYk(tvNp5*>Ny3fe+D#NRLbSUQge^xY^(M6&l{e^c(nS&hymPqlG(rh`PV#m1(E0Q4ITf)LNXM&}Ghe!raN8dU5PGy7=;G}*77JpC7 zL-h66^)K-R=biVSYsn)!p)c#C)Mu-S%xH=cH{;112jou{dt&t)Z!rs}UV?N>N)aW%Xoipkb}Yo!E>H20j#s!F{PvznXa%)CJc3%l`Wh8bv&}R263ven3XY&z zPNLGNCBB)ktp&)`pW`jf_nYi|L!Rk45k&ka({hUjDw*N=f!@ z84Vtbu?VdEYUU%QTB;C5?uFRZ8wFv_0qdUJmLvGlz2|t=7W>rGx)*)OGo4W zO{F6r8G|y7Kd23KcrBBA?>hy*fBWZReqR0*`IwN0-cYDwGByVfUGbg}lM+2tWRtq^ zWIi{sFB8qbzES31Ht34<)+L1#3hn4SJjzIb5_0ck2jTB~%}M&LjT!V@RU0DEa}bo{{I_66tu2QHhP;XiTNESxO=$7QoKvoQbf z)Bne^Iha{E|A)#ZfT9<(v~e+YBA^$uF?2B%F*UX~F@@segK~CpGBvb?^4N%N2US6~ z!Dg2$cPSo-SZrLZb&*U*LNXozVZ$iy?#31r5=ua`gbYrxlMJ>40R((6f^0Bj(Tz$z%QC4d766af(=FeD;afCzI6 z`w@%`AX6yeh5=0fq3=aPvI-V5o?@eD$z%h9TX=E+3lIe`aI|a)VSxZa01GVnF^&+B z0#32zF?0j46$~H)f^#JYq9WAsO<({QNBKzm#R1$xzyr{bk_!55=N1?QjS3O8*#oe} zP9gpa>PtK_hG`HHFi=2|?;pCC<|?*z!jMz^pV3W)>=C>F=?%HKdZgm-Kj90IfuzzhQv+Fgvxv*)Hj0^rL&pm4}1 zu!;)xYwYtI56Hh)zXC82wAVlUef&+00Q0lC4hAIH(Xlb$Yv2GLz&nEpwV>KdAMqe| z4{WpN)(>NwvyEusk1da#(Hu*=vFCok2A~S+8vxtY*I(rvPGDF^;V$T&@mLQP>K7`= zt_f;a9^&8_IHY(Z(*K|wMp%g8vg#Y+7rzV{cNg^e&AB{m?=;E*bgfuA0Bqo@ z@C=`b-yK_?0wDA$0PO9%{a_af5d)?nSWp2#y8;+S?n&N-1*Y|vxR^XX#1nW%(BdEv zus}b*Up~#kZk=#%j_)_)7q2cMDl4k53T^i`=vR%Bil_(B4`_%WAfN#Q0su@p5`bhO zJiuRku{rQN74!^WAGU)Rh~SxA(Ga2%(F5Q&t~6MH84YUhCwvc$fDr-Y z8}!G&?A<>7m*4F->cOAz?f0bkV*lz(d-_}Y`*(4pW8j}M?oaXiMWB$gK6c;^z}s(D zme6laHQQgfll_N&E!Y%TFL0DSxH*4z#FILx$FPm_K?Q_yewFuN>|ZSga}1oSaEI`3 zF9iS~1B5ewm$TX+jzWA`cNTpA>VmV<_t#V^2Z*7YRX51!NMM@;32c0#r-;QQi~;x< zJz?&OS9>tv5RiQclnu}TI(h(ucmbsEEbGkHmiH+Ui-gr@L9$uD+-7%&9934Z{{ z00f-e?cIP16ak2PeWnjPLiY;tkJ&eDL{VZ3wqM#{Kp_folBa$j0gDmnd+i_fPy~1q zq~6_r%m}(){)gLf5UA%cp@WFtDq7k8??1m&RHFtywYe5{F>UTGCgS_Y z-eg1EKw_^e-}T#HvO+lx+Kk;SfuVMINhMyRDyMq4e|z-%>UG`_IGfA*^{DGaeN;IK z6AWTgWpn-VOK3294HsqhiJ{hH5h$OT|CL_!WW4BB zF(J9#n(Y}d6q^t6m3}eIotJlH{#(s1Uwd3Y-wCa=UY_sB(_I=K$=YwT;s!aLF5eKz z9aOTi1N9)XwTS8bN@aPMOLJIJgLGS90~)QQe9!X%+*NSvAMH?4*6o z^IsO{ran9lBL>={cq%10rNm(Q_1t8~-X%V0_dP4?48c6_$%XZ{yX{N4pv2Wr_-oB_ z|0<&8j5o*ZBEDgUdTR!{-+3Yj5jC z*vgVSOV>r0kkvR9GAOsDVAxnMyCNwxYc;*uaEPd$7N@y;{hm*{dfAyY!4)6Dhm&^? zeRu%=(YBYKSpD{=fZRqwLu2tX=*hv7aO`8vd!Z9NcaU7`;^w&T3!k_{TDRh^eSn|? zq+f4Q(htRWyu8n0eXYFzG#vZ)Y0_QL+f{baVywewIojmmsL8*b($uv>_}{txXcS`~ zGhS|IUKF%Z9>qtJ_fA&=!*d-i;3zEW^WSxDXuu)&zO#|)?_Uf*r)rXLU!5@8NIL9W zB{kMx0nR0;7+j?%8fqgnj(hdh##oh-wC7z2)BI{$nFANQz~0oq!Uk`2%caQ$}`jM1c%Nj%5|j z30Qbnm24aAjZE|SGbi4LAw?*JTijRZswFz3#*xaZ!QfYic~|kH7&lVPlE{|2@;Esa zyj{RSMhSOi*KAy6$&D{}tfijerq~6~2}Ld?qkG@lM`$xqQ{@=_wtC{W<@rQHG4Y4~_I8X+_3;UafkE^e|8e z#3{W++iY^_5q0q0BC+FIBLI0I+g5H83L=SrNOZ&n*_s2rsn~(QyBZ*JP-;w}1vT823cwYLj*+rsqvy3Ub z2ruGI(ka&AwMu65FFV}+q;*jH~ao}f|o@&s*eL70x=0WUBG_8 zu^A)996~C0MH)V}qN}w~b+8_hR>u-wzt;IV4or#IA<#<)HkKGWE!J?RWoPp}WA}>P zn;5Id;<9NrRR3s3Q`$^psY6p?L3rSB_1_}3B{==0`ppIf(Yl^b!5P>d&j}Jxj!p;n zBDXRD+XWpKnxEPSius`(5hOjS0k;gBA?iHcf=k&ZrUlq@mN*VL|AE=a^grvXAcK*m zl4-sy%VpSP#Z`g2N`Gw%Qkn~&g#o62o*c)|{Z@)@A^g0Z7vC@*i3se?U#IS+d$@P0 z?6HCy1@vgAp)yCit#7z_ou*FQcwXz$0y!%7mSpf=P9G~7Hy$;ioY0N9aOTekKQ!f* zP2%WRb`?K%D`CB6jaT3~HA*tCBa)#d<}gri{X(7xt3#kK7)|4=^`sA`E@(ae#Ll10 zc`+KlZMoJBDuV|X@K1{~5#Mn$yjrS^V9>TM=S`SK)6j?hIljRk?puoEwPCr-za7rcPikAA8%& zwKPhpKEpBF0CChIp8UO?yVH+j*(K#6|%*R{PkwZoc_RLr%>%QzC0~oB8DTf zf0%wJBW`r8d~5Ro_S{2%1xY_p-beQ__Jq1Jwl%cw$Ty2%zj?f=Mrdw`KF_rGy=$9v zY%N=H_u9cYD04$xqJ2zSqBn=U@?OOn#mF(Ky?WXyRUeNt69>T{rPEie*+r5x)nD8* z$lDqsh?UY+A>|q_*EC|{b%Qw~DMiD`7Nb(Qq@%p;&t}mddr&I0%apUmoL8JGeup#s zF>`evNSs1Lxx}6bn#llPIthE(UEWS73S9z4X?b}>`SdqQxVa=&gKWvYrf_v=h*L~K z&#cdte9DZMkMM|zJl-S!tVNeX8}EO(8ZrwO4Gv%zM&(Lz1u!4eS`} z30eNu%}1Gbqs(RlJ%-tO4rLu%?%MVuFWMEAA3VD}=awN)n;zfoCjd3yH%`&=UbF+o zKcPHNC4VQHSQh{J>X9uCJNoC#5;cO`ZzQo)_T(bcFJ2Z{;q6uCAH-&U!8Y+LKN-Q8 zF_3}Ql|UAKq!*a(^J%vtQFyh%DA#%1zIECT`3Nc(y4UmaTLnK%JwBIZ7lmmQ1Ggu0 zKVz-2+x6g9`?yDf5b;WWq z`zw@2pER=zFou4d@$W?mfy+ zqd!6C!$tn2Hdj+|0nwPBdFA?ea|d)+rt?f49v6i{S&g%Sw|jdmKtsjSspVA<0r<(M zqPAyhylsj*_}i#jOV@kkQEklKKWS&2YGtm+O>)JopNxqhYR&77q@t1dc9dgWW8cp8 zPVfkF?pp7c>3#*rKdm+A=!c}0#45JN?9%;3&aT}S=%!H1VV2{uQ)y?ymlS~#Hos|f zk;1*h_)8^*00v8Ed)HgH@U9E((b^Dz^jGzraUQIeB_^-{-RaDN?0TzJl^fAZT8&lR z2ueIc{z2O|U35_{K5}omha@C)DHzFz!c2UB6AOoL%Di_t=0LABN|vD%Pkozw~=#i55dz=OZnxLNVOmqw}ef+6?Pvs66_yH znA~`X-?f=*Gyfi0G4xOW5-7!OI}MJy(Qx7oK8#lWe)8-=E)rc1$ygB+sfyJ(3u1gt z+|gNtD%-|IcPVdsPx3&fhe3#)s#w!;o7npvtdon?P56KRt8Q z+Y5&xuhQdlRTpr4D=R#UgPoL;EYdPnyKRap=msN@4;LAR4mtmb+=`(uB@Db?E@kU> zaiM+c7TpJ9(GrtqMp-FHdv^9@va+4zR~(&I(q$<9*tzU1dw5l^X4YQ*##uC2lvW=B zuI;wG4bQO@T2*3Gl25NHgS*HTwwLCJA0SFCXV`w5Ui=5c7(=5HFgyggn{TO&+vI{# zsd=BMu;L-0OyPdoL~Hw;05|Fa1M)aqz`rdH`9)0{7*=P!)iIbJein$!4@hZlXt8>jLQ4*=e4w?TlpuVzs=nEW8`4`+w&3`T=E5As6=~D`a(&-M%<9E8 zo{S|9vIXDkujF(OWpF`m$T!o_I`VXx-ZW_54jj2LQlgP-gy28Kx~f}{^!_PysgskL z(DbPEe^JCfn^Y@rx?J zGd+hGVP}d2z7i5=k`ye>LLNN(?=P*qQqj??X!#&87sm4kWy0Ol(aF$sp2m(a*TdF6 znY{e}CMu9)MOrpJFy(>QF6v_Z*`{9AOE*YA%2`LHpzf!5f(-oiAb&P_KO(Xfs_B%Y z?b)&L^s*w@B7yh~Njkd{UBSzz6zeVIEWT-rhLDZQi`Jb%;~$0Ya~a-a{K&g}ATHi6 zk|=l1S9Su{gfq(8ua_PS$q%u&f#4wTYhOSMnVC$bl1267ulOus79tX*UL4U|zvFah zQ0KmRVzFPW==-!QE~1~kuNi!Eur_Sua}B$!wdn8>52R9UlK6HAa8mL6l6$=wl=RW>JnvT5dw-uG? zo|dm=NrbI8n{x2sCT>~!xbI=TkimiIxxXr%pJUO!kKPqC9|fnY%ExkULf`eawUV@1 z<*Vvrq3JgFk0AV%xqudBfx8IOi@`mAxMxnEqDes+WK7c5$!la8Jf((2PwIyD=lMzc zIp=U^{ki(*qw?F>V%kP9q(7k5yeCrSDETkS&LPMWXj`ypRob>~+p4r}TQ_anc2=s= zwr$(C?XLGDenbymL`P5e_>A^hdo9Gt_LA9iuMLyQ-DiYM05;dvhBKVExZD;LcX{UJ zzn7c>tQ-|(F=Ha+M4M*-&XoE1w9NrOg87^ZAc%U{eDoA3f7CQsl0v45b>7WOMxTzG zh}l;EeVPws=Pp~JakFx1C`)bU3F(o8}JK>uGw?j zXrfY}pD-8^hjKC11zbIMcPaV8VVGc>pvG+b%B4EBSZ7zdsfM;f_crf^7x*yG`%%z1 zd3+EY4REyaE8PBdj+?so29Q6S>Uf0cJVTFsF4HwlQ!rrhy-O{n+8i}np7fH)0gHeV zgks>O#Ps7ZA#vIBc;pt<9310380_@=_rHK zvh?9e#tTCL&uDLRg)UcE& zt%K|?V9^&!QIgxe>-Wm7WL?CP9B`hXcj@{(>gg<;CJQz1v^KrP-`at;gq2wIYfGO$ z51bZxjUzhd?|R}yHER_&vKP#kv9VEF$T*k%%uUiVzlRFap884kq?4tZBB*SVXuFPM z_{SMoKi<~DY=gE3(?cY(Zl!@bsnqJ5y2p8AWN>9(u=4SsuY&^>QM)=DN zx3@TBiO87YLPpM;N;;GNW^AUk%NuNa`_#=frtV!St5qA0JNOLz2X}guGaTWnj5|`= z&XMwp6;y&k3Q_{BdZ1M~=fJpUl&fuNbx{ou#w}>9`*@1ZS!&{Tl2$vi9{2txe8IzA zg#CJkW^p5UO2DX!vrRs74l!w5?NsO^`Do0%FrZVgZCcR zWQ)rOnfR*~2RpU&j6Z6#n3}b7EA3uaRfk5A#?WYvbTXDyXpg*4Q)c-yt29>*fA4cR??0#}I^0c-T!upzfG$h^9R<5DMx&Wu zqNFi!P@UF^p-6&8`XrbEAWtDyd+J1D<$h7ciRaZmf-XDQE-xz|=+1x~=s3xHE9+fZ zIdaTa2+I2>JU@h5>$zd%ersmtyb-lf=PO#OsJBBEbM!%~e-iqrFvA9s@EedPPvuSR zrLLh(yXucTnVU?tjpJp`$*=~F?LZC?!bXq#m`UVC^lRHs z8XS^rJekv2-rzYi{F*Y&i193d`}V($gBIr{u_0=O*{C_;5BTk|r1qsaNbZF`nF>C` ze9y!qbJKicy`$L_K`t<4%>SbCk$-`tNP;$STX%c0yu1{3ke8Ksu<-)ghK$ePtxviA zvljIr+C8{*%N@QM%vUucqV?U>^+ZXPm14vXk~@7~ypSQrdrtC)^w|d0((8ppJaO=7 zw96duMl3tHUy>mKu$x&@!9b!KmI!Zw^W72Q_4YbMf4o*~(rC}1$;TS&DNC1rIc;EV zp7#2UdwxB9Igc~T0Ua{8n&M=p}CP!vFWc5 zOnh2p(6R%;qkeQIgJ2suC0g{pbkKrz<2WgT*KPUQ)zndwpR|r6ifIt#1KEy4^~WP{aG)KDhqEP{ubpyK+ z(%i=Vo=mkBn&Z4PZS?0wh{)R_QT5BK8=J!od`_i_8>UA=QcC}QQps7Gq3h7~B{LpD z*Lx2_seutpnp|$RvmQYZ8gT9^apxtd<&Ls?*c^*YM z^(Kh^)(dJxw|lqsxuK&Jh=hn1Klk{TG|wFbbs=FQ^$gnNtA~TSV_Q;tLM1Y!6Y`@-V=)Ms7Wy=t0JMJ`gexy74u< zNj_UHa9-7ZE5~`jTxa*^pO2o}x8mF8#2Vnn9J-s2C&rZ?hTd<`pHUG7VQeCZZbRED zBiXO1IwfbI=J}A@cmJds|qSgAX&HA3L;d9^ZUeaYTqwGnC zH~tJ-4WxM;Cbx7%*5eeSM7oW7q}^N>KN+LQzLpzL#)W`_SK;|Ff2M+avd!P0+G3z7l9_T z8|ep^1nb;di_?Tbhz`Q93V5{cAu2Ppf^p#W@1}F~#63fw(p zy$T3E~i??Z#%mIL%%U)8lXrI2aWDYld~NvbBW9pAbXC&IBEIR z(el1mT#vGK?DKyY?R%J|quP>GAP)Uno4AQ@$LZZ9a}CpJJ3|ruRDCKofXVMN-ivu> zdpa=`N1mId3rQR0*@XU<06BTz{z9>j25I~ge2N{(j*n~W+X|EIXG747kvZ%;*5u?o zZ&Vo|R7a1Epf@sMY9@8JU~76vtfush2x5atsc!c^;e0K25nAQJ&SB_B z4?Rl@31MPQ_Gsn?AW7bY>=k=qC&)1xg+XpS`s0}0_%4P+7v0(d>F`js@Tbx)pH1<( z{)Y-;32Pbe9inC$1Ww47T3WefeKr}2?xeZdC$`gkyqzMJpc^}g5?_EVl+<+h9y66i z7FSmbf(dC0KsMT&(ahaCx4xrB=0NteDYs(+A$%W11ReMO;6jXGYK+HMb-cz=DMKB& zn*Vtbnunq{1?F>P%uRq?bc;64?(M@l!^Zc7E{!GTEmC4F#Z-JdTh+o}Z0c0w_>hj; z$!7##!bEp$;CzEt-AEkvzB0#`VdE}r+I~)Qb5u}@R+Xo$o2gNduko&S?C+mM;2g{R zT8BOZIAbb6zWF#{gVj4(XHMIeLi2hVx1EZYjI^u)eXEsj4S z1C5K`-G1goJ@*aY{JL60AE|y=*x*=7)WydCZq6FwKPrK+z>iL~iDT7{XoWAB6#)E5 z8cov;{ZB6A+P(2YDeU8ngR)mke#Fks*fS+0_VC_Xgh(qkd_jVMXJc;9c|yJwjd0|Q zZ6C2~IpNW&tsqUCIQLOa!_=s<__qt^wf&z$!%2Z;`1;rD!ht`0RCOGY;Eeelld8;0wVoV)viij&(o##P;v*nH6nKJ|(o zhVXR*N%N}G#!JV~C?#SzB_(8~`QkrNk`FPS z*IXytKl&FR%auc&A8TDZ<~`O19{JY2B<69oLDVF>lK6-WJzxq#GWw{aGYq2>Gygt` z4Vi+8bPN0xfTEZd7k-8M%Y4ez>_UT+D5eu*Mldf3_XeDAR}01yB9amVBd6@1K*HQU zME#5)?ok1&fPM5{2K?LLyMp1KgBvIcwtjf^3eue6wK_hGRSeT6;SEzytgIc!G!!gR^)ruMvWHK=2Hz74l>2 z$rw#IhZ)0|MT;+aQ{=V3=;7i(sBO-ZF6=9?_C@E9lYoq0p3NT6%KPWP!BNC0A7&(PeDXU zK_JRVZm=H!sxISY4fX5KooWydq5r;Lq}cB>0q~Dc*N;m-Ita+y9%D-qh3F8FwI8BZ zvK~eOuqVjJAK8Z;`X9f`Z?vNy;oF}oiM5TTr;FSV2>zoY&=>KKubz9f*hn#(K%E>UR(isq9+X1ggsxl-CBqj8{(knw_|m1*z``$y zx%c_Drkc{3h`m`Q%`8 z#z7PWhO(dO0Y-#E1Nn~ALnSM)`oTd&hP)^GCJPem7v!(;yY!P%AUN$IhAKcrefn_} zRDG(66r>y*LwT=BQ~)RRLHaR41-%CswT#6ar&hhgImQgGaSAMHW4aC4k^D|XG zS2w4+y+tRP_Yv|v-YD8vU(sgzVY2cRv43a^hxk?(pSiJkv#{X`Kx)D@JDSilq1#7LY;rB3X!gGgxpuIDv1n~*#pd$Ppbv-gxODva7lU+qT2Vq_fM!(2Ch}Q6ta`h=dR0YMG~+b z?yR?R;UaB}Z`qrrmba`tvT42UenpqtvPxk*lVojU%Wnqf4qMG6rQOQq^WmTY9Y0mu zhlo3xdK*OD&fP^+N`PKQLx>OEF^XEahd%X0>V9B*F|WuntUgh`%>`HwD`!whKYOCU zt4`*g>Z3#ejm*LNNg~G^bUxO)d__nJ4ZUSyGKv+~)I4pY`bHm0fj?IB8{9ypcI`&&8!on3o;oO&Q*{;=v|S(SkhcZfU)4v@PqR3(v8LfbI&3{GvCzB!&=XK2wp{ z&2y+>>+5gF>%Apd{IsW)5=(-%_7|Yw`PrCA0+A4et?OLNqRc$p;a-HKmNy2+cZQNb zU&pBJ)a!uYkvd}KI0XDxbU6*b-$b0H>1R~AcT%P!y!aUV$5fI2Za#hjb4tN91EmBV z%~?cAWf~{IPp7gs#6I7D65(57OKbCCSL7}22}Zr^h!-0%8KEUM^iOR+BLY+zHSZ-g@q+?*&n=&F~?=|hiK38$jd(L!tY*8po)xR=2s@J!cH~v-@}k=Sr7UdsW;Nm zWpBNJ-2*uSLAl}kpq3iaSJ19a+#cN=c?}x#iRVJLz=*$_&)8Gtl zmHfc9sLxWu9K2VUsUnfXhk&bEJX5Neb*?>*KbXK8?R&7`#c1MH`$33*p9k`++iJ-xTZ&6LnyWY`buo8iK2JRM zEs_2Szt|#kam)2SC2Juld%A{vJAoVNcLiB36620#QcjY?!BNcq!>B>I0|0zH>~0QO zi`#qaRxNCE#)52qbcb`&P17h?{$^y_im>@_K z>Rl01w^BQPu4#69ySPBI&3Ya_pR8XJg1mdtE}}%a=X5L5+)R+m@-DGXk=Y1 zBCn?mNM%BJeH~V|B{VSz2xwDTw?;8{y!iw50q+-+VYBwu@y)y!b#I$EEZDR>hy`nT zANLJtCbmK{hOzIt6lWfVmUJD>o4Ca2x-nUdBdP*+;a-Pz2xHaxe%w`s0qI8~kYIro z!|ykdJ-FnD5%cAO7yk}EcHJ~kGL)U(Vz-J76n4{4X1$sU3yK3Tl=VG~zrTh`As4^D zZqaCfbw-byTiL=<%7)`+Oe^2;B7LWv19J)26YG^Kqb%=$z;XmiFSg@;-w$KpF_gED0nhU63aet3uUWu*#MSu+RxKEyx zFjeYu0@9cVcd|?L(dm_v&?|8z(r77!#@_WZhESfGm}#dYzE+WJzXf#5#x&hY!_C6l z=Pa%#(HLJ72yxF+gAZ$t3+F`_*)?*2t@(j0mYxeSVUzjwmvWugLH_RVQRh44!th1X z8+`D5aVq@}SdSN1=e}`gqN)3g%@f%QY?sA*KAdmVw*02Qs2j)HBKBF`xm2288L_#73AZK>vyyHDo{jtqQFKQTt zX01T%(XN{Xqa?nNE8%*YYo>RM`!Z*`n3Kk+ePiE5u!KRqg@$gnAsjEFf`#lrdh)bx zRF1d$^t~?v4YE`X+?>JDu1DPW5&ycv`!BS=C;a`>FgV<1b zr0^S%&3A(vp+^&#j;eQsC37ps?Nk1*!UASL#8?)&F@U;zsM(hM#;>r4IWI#rBo);K zq5-sRI>&SSY#%g4zuFYIOV!pxS_%cs0`U6qz0UM~?U0NN|^^^@VoE`RkWclWb@ zcK(wh>S*1@9Qx|(*!4#a#Ena5=!B}VSFmBj?_y+U6-!iyY}o}JLyFC7oH^#P(FIcK zSS9is9E-W_wP5zn-x+*3duPkdny84%J$Wr6L4>3|}K3mni z6|}yhhfm}a+u8)IOx&<6F!RQuec%KA{xOc{-&qN$T?3j-rx8my6J2I;&)~B9XD0xInD`Q@ZKDw>fnx`_IX5h1l89}7$@1TyGstU*L z(COjfB-)dO|?$)V!;HL(OAc65J413Jj$W zx~b6Te{bjR3v!oBLCI$^GE1*EXoAkVJm`46y+SS%venf`t_p*@R&Pb1ftBs`4e!3M z&xSoou(f>L7V)>qiRe!&$fK_VG5b3~S}sLB$#dSoN0CH@#r-sot+N;GqBH&=;C`pc zivFy(>C2u$LZ122ZeipbMmU8dTq<$D?<6gdP)KSyaZ5&7^G$Xe^%!vCc4#U0uBX#4 za#Z(0y->WfR=sgbX5}>zb$N5W%@Ttj0$KhKY{90dxqsN*C@V@$Cjj5SKa2~tuemP7UU@MesA}S?r2>V6(@ zqz5^Wu8iaPaOV&jKmmT7)&V8V%WMDOQN>P65TccZ!QmaM7+&YaOCA^yXSbj}j`PQp zr_@K@V+6U=v*S_Seg4e&QwYzPElMAkG>kLYTl#7OGZB4*C#4R>jKvLs?iqf=#vFJe zP?;ak92$WHbOB&lE{xgWW{@OcP87v6pz@bKmL_B8r1&*d4HX*6Ex=;3Qg1n%J>q1; z)%#BFAyxkxk5Re3E|bSH?0|Q$+}gmCrj(eNVWD?+V?@I3SCg+`pH`rU>m-`BayL(= z5G&0}tRYU}@88&~)ib!a5l7 zzf3-FpI{9~C5_Wom_Mq-hk0?y&E@iQPvW^{bK-=oq^eVbPfD#X#i|6}`Mp9;ir36L zB`g*C9&AEH^XFxsD5FbDt#8LATA_P{xGO(L-k*LRp(?U<4II|~mQGxgqv$EO;)+s$ zOIz-wCZ7ky!EmO|VhMyy;Co+VKNp!_^Kt%rH|y&NiL_7%ht$6&8*#o8hIe#Rb>U(? z|BAzF0q8XwIwgcd&laQ2S+AqjD704gbgPU{z)FQ{J>1 zcW`TBb1>0e6htyw{Jk8PsXM{s-mZMLXO%n>!8kubd8d7XIGBP<0A1;ro9VY531efL zmC}vQoKa2j!q#+cEP9I};|&B|>6Ou?oo+utisxRa9#JkbU1D6MRs1^9J;}_S!b6yi zLag|TCzpaSkg=L0Jx2nI3sPliy33g0L^aMgosbU2_u3DWN9jx<&c&g4d&^=YVS?L< z(=8t27Y%hhV_FnzO*=PvlWr-S0}S3Rnp2|rd=-;5-GW-`W^2_t%fVuCGE>qWg@F)9 zsjgVxZb-#Brm)+(kA5HKM2%)@iHEh**A-WRFjq4{mEKJ;WbvzLmDn`2|2kLh{)w)@ zbc;P&-#(hE?@3|pSW7fSrXoi3%-Wy8xBHH;*6*gi`{C>^uT51{+;SH!zaoOMR^Kjw!L;GtU%%l74G}a zW4u+g7+4xm7cG^;e>(6-mrM3Kn8u1y{k$$XU{O1I7xL$T&SEZ9wcRBf+X)Q6HG52`ntm(cs{h+d~kIf zu&L%@AI_GB@Sk!N;P(E8iAya;s3CFCUnJ)IK!e7iv^y8{IXBeeY})Ei0jwB81O%G= zX5u8}iWbVvJg<9yi^K45gVXl5X07%L)<3NqvFpeo2?C{a*Ah%&Q`GU>|*GF>ECzMo^!!HPO|QdU94+}mSq}@ zB|V*Taod2{B5a%rTS!eH1L!{ar;YiK2KsLS`kmY<85QRe2wy_9yL)|I7-hM0?t7%V6$ z1~B(y#9v;$p*x~%f3FT@iMJq5Vn;MINq%qhRLcZJl+z3Z67$X-R;MH}C+~$dB&f+V zLY2&V?R*==L;-(U;Hw?5&5qYEN`-cF<+}_>{8^r>ys>4$^T}Lckc8`^1e`Q!>~MGv z9OCwi(hisp(+60x@imc7de(yxRC_FTK6JDTLm=e@qNC2<1Q znzR0X8eC~MZ6#yfJ62_nD4|4+m&hscM@G`wE&eTtOmjAQ^<-!O7m#n|T4yEK5dU>1 za?-V|`gSs;6+1|ranf{Yb9=?6O)oV$O2=J#VrOJ^;o6nQ+&xESW$1eOd^ZZM_U@gr zm~czkC>RsNko}BbU{syP0SNVP67#EV^bcCxdf-xmD`3NmlFSd9+MO?~R9$Xa+NE}Z z7TdM{D9RY+W@h>KtwH#k7L}JBr20Z=VCn4eaRv2@NY$>6CfT3yDi)uGvk54=33}iGqfAi*1ZffZO8!?$k7(k zSF+D!btA@;$SaNDDNY&Lz~{^~dZy0xJCJ94xQ$IRA633Iv2$r9#L|3(S(*{FMgsWa6Ln7xv7=)Aq=t(0~N z@TF{=-_&WH)~DP2F$UG=%7NwuGS4XutR5}3R$3M01v7JJC8_@oB8AKA=aiwHS+7fi z?Kn0P|7v=hc33g=M6Hl7%W!S3b$i=B5C$DtuwJD=w09Avx~RO&XzdiSxCFnqz>Q9& zRW?KFX4l0SW{DU7s#K0&LR>r9uNE6C^hCIx*{S2EDT+jh_XNQ2%*k#-wcHhSihWmV zVe+Pn>v28sr_~8yqodE*2vG55ls4H`p*v7966p=e+n~fte`fCxMqH` z?0So84LqyQuO5;`+vlC%9q`gVn%P8tP_nTmqC$CQMw4=Oi&$9uU`O1P##^m#ySC@Oo$U~yXO^Fsb+GvMFlGNYsD`F%k=+CAj}}Q)(gms*g7n7mQ(?+ z8;x>HvR|1BZFp>Ekhwlm07v)^VQ5rgPuCf>+_)T)U+NpHXv!284wNOUDzmlMS$n> zM!^s~*Z%;lbce9EIOZ5uT`O9O{XyV)PzMIl*TQ^S2|Fq&P(5wiJB=LgqU`Q7vu67u zB`D+Er2!VIjOSRz?gAfrW$x`viX=^D;2xnDqt>GZ6;j=;!7=9mPW~*&M+7acJbE`i)I9C>~ z$_7|3&O36)RrO~ojpYFCkrHbyWxA+fmeQ^n1+b6%vtO7M>FUQ^R$mI)dVnEFRfrR)os%z zx#<-J$lZJAl?2r!f)=jlkYL)hh<=@EX6u`|&l4`QB)tGgkv{_AKL=tEUbfTEAr5w5 zam=Sf9}W>Bq3@368>q{K=9aKHac%Bf4sKWT2ut#Hl*ifhgN7n~G?H-2dwh5tCF})K zcPXe+8h-9#7fb`l`xu#8?Mqim|IA$$chlExPmEPy^1Q`y>JYQrHBTfV+g~{fXv}cYt5Ykwa+7W6rivatL)$8PrG##PU|BW&Ak`rSKZ5a<$hBqcv`_HTGzulo-Fo*EpBe#gwd?MHB-Kd-dZ{OMRN2GwSTQF8oUaj|M9FS(Eo(W~+Hvh0*RelR` zXLU@U&)Xt(z}#q6p{IDDW%+@rG*q|0~`D2w1T>-DA3iN)veX>c1+4mwWpCvuF+N$&U@pA?pFILhn&|ttl*{sGF_~%RM7j#y7i$HxDxnZ7E$D zZ~A2EZCv$MtJ+*`0Vab##=z)AU#Xh@I>0(MHa5K8fx19mgrP;Ye^f`mij$J?1!b135 zAObUZJ0KPw3>=`*;Q@$UV1d^!0II2R#ZRrl#}$pS{WZ|;M;L9Z%#XT`^O^Y zs?w(Gy9n~8B8$fT1r4{CqW9Y`%PQcTs~U!og@)rFD3RjG29XDhQZPNo?gvQmlDW~5NG3OK0rRD9PV}A0r=)%hZ^y9_7flt z?WGLa&?ASzgTc|ey0*6Z3!2x6aUbLrsBdHz_VDcm0#rlu5>Ka(9>~GN7swgX{7=vE z*cAA`B#6u-!ahW8t7r1#i$`gQdxCG9|MGNG6o zE8`%(9vNT1Yfsz&4V3yUf!iimoAo;as}Jz9{Kg5Kn)>ngqpI@laQ+0}@*4sDCae9b`kC15n|g~o zH2{qgAWW}0vVY#))9~cd3cUQO1)8Y*_BZHX_7l9-u=)1i4PE^P?)z%^C_;6h__n}b zUBdT%_l-l$9^0OpKCF?M*++ozYwF$OkZ_O<6X^8!YZ|<3!Ok8)`pj(lseyI|`62nb zd2dv(xH!I-@U9&^Lx8$oCHMjhl=@*me*YD)`EyEuvAPNV8TfVu zH2szZ{90({+T;T9Rfn_-qQi&#?Ev&Lc7*_CSNB1HxCtNkPn31}CBf|G;9es@*s8kS zBLgmR55e`5bly|Vqs(FMP^0tXix+Uy|I_F9(*P8}D^wyGwSyaAg&D7{g1 zlVlip{wRktA4k<0Ft$&U@b0T5ifrb(r@LcLp+7~4bBaD{U%&V!XV+;l9(qtH>)M z!A$s!HRhD|cHvkxzB%bq7pQ3Ha6wW+I!BHd);Es%z3>`-T{^zc@aj#i3BZ@h8o9vS zX_SFjzh3aTq5QkeMWBN@s~~^BfP`Etd@w31R?{L)v7VAZ@lVB^T{BwkHLi2pnBK}r zMW)q7y>`D?@Gsh;CA(4zXm#k>`hBJ-_iIwh+M@d2dFbB8;5^YWE#~laAz+jbzuX%E z5b#J@>$IfSbMHwCH}$8F%M*}xW6^NukePr8`^b`UeAH8iW74LSh%M!d!SxOOD{Y z`}eK$iF!M76cf}X=`wL=v85S{R?2?j=H<94)L0vb3K%^_rSA*=9i=IG-{VABfPX>O z60)LaPGyizY?-N%mR7tInFsPlsS^#CF!QY|dJ%Hr3f?*Qs;zgv?$>jOV_|SHv4AVk z`ouPnl}F7j8F35+Jv`O6Cm(tZ*}TN27{RXt2>L|Vx86Pv1T8;I;Nnyo4-n-jo}(&; zuxn^t9DX zzpT9^Y7~~xkn!Fh@IaEcxMe3xTa3NRp-Cf7Rehz+dSBYDP&mEpFO!3&M!2j`w9cd! zzEFwllV!qQ=vGV5Z357ljI|S2P#`lb%&kLW%PcbyfBRz0@#{})pBe5aI%tkjpQ%8_ z&NvGhTS^$6xg~-r;q6ocw;|8C6LNfNL+!q}Iuqqfj;AS+%S+EiWv~ekc9dQP|C8ll z$4&^$6XWingaXi;Y<&8c2h&YdbV=dkJ>4dskVhyIa$Q~?9bpHVQ$~WQI>9{~Z(dxg zrwx#v_QVO#11ZC@$!shb=X5wMWD@U@r2wPF-Jj4Sp9I3Q{IJ@H6w;PUEj-^Sno$Jd+19 z&pwEP8uhdcRI@c7tdF)2x~!H2jK}m~$u)tPGm*|q8_5@;71?$hfRNm5Iesj!c%Xyg zWip&i6p-G*TMv5E2M(3J6m{9=Kv(fdvUM)!YzH$pOh6i0F2dV3$fwk0NI!QDV*Eu< zF1H`rP?m^rE@fOrIW@rwl3?(`DD6P{Q=c^cd?H^T=fH0BntI+1d7u;62@}DXCr}4} z$HdH(<>20UYdN%YC-`gMpuAOyY~h zUtH_#yUuc)>-d(8*&HST&rzBTo{!t06<(rMv9g2M=HgNk`LZkh{U?t9+yW<;pxPM0 zg~p9_fd`MTuIVh4tVNY?+pPyGdOw=|5w_22hr?S$46L*q@C=nkTJ@3bMWg<3T6yEB zJDZESEAC^Zkwz6^<-Z9-r_czOP#c%ToW_Dmjc&D_AUD-nyZKn9r&{YnqXdp^1+u03 zYUNUUqbrl1?mU3fH(U;wyLL-_b&=%8dxjgWIgZZ*5;8&-mLz8U^RNzrAO`eM?`4^{ zco-T(Z1Q(mN*DURi#OZXfC4#oRAYJT(Y!T-KjiL@b;xQmVwiM2ul(EcbXho-U&|iH zP0$8xX=&QC0+HiuiAE?*uzA+D39yxbAC2Yd%S-Hi^zpYEwm}+dAY_dXNjX-AHwk&cAr;QMzX_eC`ukjBu7X!9 zXuH3OFEwrCi}fv`<>I{1-x+z1SG~nD#0BEeoR&OsAz>MEo{J#F=FB{OZ+i;Hkf@K6 z45nXFm2skzEw9)-YlnyT`8MIUTzmz_uU6*zlTq7A7;(n$iSz(gf?pA#HLoO7y?{yy8)^N<+{e%}9`L4)thi7{=uRLqgfn7N^6>qSnEh<SNPrqX&=fwTqobtIVga`I}7urBjMc)!L_$_H2@IMN$V?I zY+f)tAaU88A*cH**_xs3^?bRorbs9#97(*8!O3&RiPSFComZAj-h`=h8AM3wb~q+a zUAg~L*jh#$XbrLEi_9%hlXOpWDmxT9jRE*Oa?37Q74B;Bn7YC#_23(xxokL=BOJt+ z`uX6P0as3z7OAjlDg^#zXA%h>V*|WIrHKV^w!2BWFuYsewC<&oiL_hyXJHX@V3ug$ zzSfOg#3oxc#CA0#v(1RvEi*2O9@+?wuJLv^6l*f4i_WrPh9yKN?^TuP(AtlDA0W44 z>YBsp;@v%|ZYv-s6Au$<+d>rQz+6HfA+GO1VI2`}Ni%@TF4`v9!cTFgJ*1fj!O1+m zk`zdRS$#3Hp?lA^6$NsbsY5%O!{s|2@01ny$DK@$pm~WoAIn0O0L*C)55M{KbUp`fzgbQm}#3x~`(R?g%7UQW>$a z3s-+DhQV`oD|2Qbh=<)JWvYD86?^hDG_7l#PO{k%2l?r5kx6A49i%kD1P(z)^ymmk zB7m5g*$-U*2A0q|BYvs7R6U|krH=l!c6_F-bd+4(A7AcD)8R^vM_wW*^_qAx32@V1MnmMmcJAv(-{B&Um zqxwJ9i*?B0UEY1G&u`vH?Nw|M+CWms8$vljJ)o@}G5pG$sZIl9C#LW2xJi0f!S%H! z!|*$y3@YX;i<^kzD1J{IXZ5tJ@Y8;YTV~;|k$oSbiQFms(ngE*UYyyg%NzAnHYo)w<><3%TWU?*)A@bT9mZu?Djn4szd{rj{O&f4BCph!OIm!ND-mE>3TD zTCkFc;=qT-_DryQo`}1D)a9NpmAK+5tQXs1F&`*>Wa@yB+&!QjGE9W1o(p}NflSI@d6!L!pAA!faZ8ho>?KYa_X zW;G`})D5xlR%wW+46{Dtg$MvM9=)+Aq!y$$JqPzuSfL^)>b{oNNZwvMz<#QK$Hb5j zQ-lBG27QroLFbpl0{^-(O}w?(DnZatO@E2o3Bk2ohfziCs9R4g?9wyQInUVfd zOjQRLeXd86Xdb^kaq|5*^+8zA<+}|;z%8eZY}>goYqgqE#iYHCtUiU^5Yf)5w-2zO z9+o&Jx$y-ydxrrUHeB{e?sPHH7ly90(7w|{4EuXCV2E>=2Flv7vqS1L<{C?lPHfea ziQajO>@IIv3c)!K0|gB^MBv0k&S$K<7#gZyK2rCmrEx+=wjCIGy%qGq(Qj#d-9r`7 z2wLIqx_WcJf4-yLY-oKa%pv8q}VcvR}U%}rB zay@Roghg|cu2%+#EM>~bM$yLkFpJpMQCYq{v!kq1X@0{+W@g4l^8?S!TM>tD4F|-`Ls4_xQBV-70 zlP&!zc2U~QZFg>T!R0y)ihID;k0U1k`mOf1{pG41Q6=~lmr%*}b9neppGmQd(ohZd z)GGZC8<4dPn+Ok)?HLA-59{}j$WtUKN$~dBE6VS__jcPBR$WC=sO{evu*b-Ggt^b% zi@cRtn^_e2`mvV?3MBQ(Z=r7)F?jLVct$>Tk_JmCA$XM86-8nDIhzHpD!mZUZENm} zda{+VDN2XSUs+dBcMJ?|et%rp?{#+C$&;H6xuC?5*9MNg!?8aj>N$(W>k z7MC;7PkTS7P3Y~U^kB_8sj?D-1ShrO>^Mx2idO_S3m}LQ*Z~=QKH|3)bp3XGLSHT2 zR!&0r^9VIQTz|0&#T@+h+T{tgrub!f#OJ8k)-2r6ncWtz6Y}u4Ya8Y;wVnb=C8Afop`s$pWGVdpwj-QfK#bz(N6oO zxE?u$v51@}CDO;}OwiTSDr|1xY*4~cucnZtgDRKTN1@dW_x!$Q-4|inhEv8aJFj%E zZQ(ckj=3|q{pSY=PHh@SUgJpY8wdq2{)9Bb;|+?gZ-b-rU+x5;Cu)(;LhTFv8NzV^CI-%w#Vsj$zyCS^;+%$`8_qX zc(iCfqxRW^_lGafL2tnRp&@n(Rv)Cu#b6`5i=gm{^ADR?8Y=spxrs1h`>MrnMvpjA zlkH}5;)>=W`D8WQ0o-f@ft-|WG~7wo^_+a`)nl_S*W(*lKeeT*l{8+}YBYoS%5!Nm zX(Xd5&ow4Dg*BtEI=Y=$5Yp!LPBia??V;EPt-ynQQO*Uh$ckSy*b7luNlE<2s z$$SYn#b}jGo((2tFR>k|Dw>|R_`}(wF#Q}{@QQGq4?>4Q&&WG?C4C%+LE)`Al&U4S zbrp@mIq;i!z2cZCpq0)F=F;Z1&j)wx;DV z{*-=`$svLY#cOjo#!knf2dq)2S!NDsEu?|}rTw~%J6sRD*r)B?m!gGw-*>J-ok;Ym zwtm*GDsQ7~7HP!oZLNUt3?22Xod4LDnOOQ3x1p*#rG8L9f$D_U6qOn>9b1{cMSJeBTT0o+sV6E51FUWuIxQBLs9J#Dloj-1Kh_KpFXnC?ldd+ehrmQzkY68 zhjOIlC{}E&e-mGyOi9=irOMEHhkp%sCUHwcPIu4s1QWuT3b()E`qhI;(MSjS24 zWK6rcfizY-V^bm34-2z}!}&p?sH-St`a!Cy+FN_-Cv2*2K4YW>s%vYECyRF*8^^fN z3%g}j`O@#1Ml_o6oJ6}O;!-xjSQp!Hgm*%_ z5xf8fq2v5yUH3hK|AnHQ;22&1b8pF^u*TKSgJts}l!YqNc%kUP3b8Sz+Vc>wI6Squm)ce|o9UAYB9zITm1kyQbfXWN{N20Ri zpIZ}+onG359IIcZa6>`Xwnd*-lI~i$R^~O=cyNT9IXq>%f@$`1ESNDBY6gIX5ah8x zkgmq|wca__WetEB=SaKkangmb?rf%Dbj4g7g|9Byfru{Slr78OUlDwK24zpgu0ts4oOvYlgjVd6O3>ct?5#MBUZMAkA;pXPQ zJhVgRwzoGkJ0@+34Kj(uTTIn6y4S<95BAW?69^PmArfYNE!chVg`*t&Ry|5Xv7Spc zNk?*${UDI^i}lB4eL#6UB2-S8Cu`Y|2kv3Vpn@~*oiHE%H#Dxp<(tlNN~!EaGF=5G z=Jfq!8=QdBhty2+hxH>FJ4C3ki%}8>bTaIliK7XoP0-)K?Xx zkqt?|cB%nRJlXmB3K?>^Bv%>j)t@jTX=G-y8EGV7mI0Uc!E(p!x4bGCtcVYClBT&T zVQo%!jQlZqgs&(OQpO|iDO1#COEk2k@P)MOVPR#|uxJn~gyz#oN&%KX1ZNi>1eH~~ z)$JBKq~`3X)Y1ywBgl23_IAx{<4%cLfI@krriKO7<%8{Oq*!-XLsChFEq&DoINo$1 z*o}961e5A;$pm`SvPXx97g1kd`i3Z3_N@{TxzlFnHP!GC0vAR%BAg^4m?4_t()^!z zDti45IP~73FTZx_Xonyh#Xk2PfnIM`Y}F{6K4?z}LpKDdtNEF+`dol zLHLdJ74>$nY+ILBV?Zp*J2i!Abr#I%F9wyB~h>tUEmb$mQi#u zE;2>qWAhKi2z^O+t40)(!j`E9Wmg~zpFz$()K}~Qm|F~QSzTtTP zO{JN_2cgmZ`{8;lSF+XNZ$=Gt1eHAzSLgt>;1DR~T|$FC90>6!+4x>~VS1~mrf|H^D6Us;;}#*WP>>rG$rX#r(58W++zq z49{v`%~2$C2Nn@hg$#-knMz!%c zbFf+tGX%c}VdcXr^$~g>W1W^Sa_spCJx54Tujw#I;u{U+nU&f zhBw@dMBA;5I>k|0#IT>$q(23W_mR>YI97&+q=2y}`mJ`qL67EBiTYRTU3T0( zSsouUsm8rL7W#?G$D)HTU*giPHvpB|#m+yK9no7__hV@{QtjSLmP z4G$SWE}V}VIL6`LwnT{A8sicOrpZsJwvp(>IWQ|0dRQdT_>Sgq$L5p^-f66FMm^2} zT7qYU?`lzFS?zm3Q?sOI(z#@rsk(Hh<6}f1t zU(*+77MBsb!XSGG7vW?M7^C&#PN27clMvVn8DBc8C-P<|r#gEx|NTr6igVYu!&5SG z`%ew6YJJstbS?AZHaHNfrPy!X{BkEhSe$E*_Bd%;2G61qF)98Kfi3$fl`fwwh487r zGGoM-uX9aOJrxzIMNh>x%vqR-Z@u*^rk&b1_j}<20#L2lIl( zb=4h}Xlmz4Iav?de3kd-wNbbP14ki|5=2c4b24V8O=aMf@I&@Xs7VZUZwLxHf9~<= zxt}%N`dQNVkY>T(zr9i&%dD8FNEIuiF|VwMPWJ8XYm`mo-ZwhDHw!cn5JZOn((93r z2k9Z7e}^WO3UC|H(#-5lbQH1@f>+dj{Zi|pCw-Zz;{uC1l%Yv=E&*?m!jlsaddX6x zU52ysi3pKIIBw82X4e7Tq`sW3Vn~FTRPB9%WpP_s%RAG;83kk{?0TA*bh*a~W5xqN zl6NRY_AbZk-z&KrP?EY~za;v4Ca}*VZ9KphCp9v|cq}4PFG-LsYf>G#rnLCCOv(*i z2b-xz?)N-wuI04lDYfvjE>heFviOhL@f5kWV-WJ>pjB;RaWM(nh-o$d-23V-BCl*a zHgaEPqdOhr_dGBCWh1dl@BXbu>5cdbt{QH!U)ds-2&CAAX=Kdgc>AJJhFv2t8ksni zseG{hUjJ!cPOFHkXE=sV233I|E7F0dpbjmMw_hU%5 z`l>A&$|`XV`qj-mz0%Lp7~%5GXoYieDteEBBki+W>zoZ2Nff#G7c5HD$V7x^#bRD2 z->i&o(^b2;T~8vF2tQJMgEBY=y3ge8K}!@MXlpB*oaZT#exPoX&F4;F8`*ZFXfc>n&QLZ+^Ai(KLM zK|sNcCpef)IXQV%Tg9XnhMaRjtT;@H+r88#7wG*p$WS`w|50(3qqBe-&rVmSil_Z4 zv8)d5cI~n~fX`GQ7lmc;K45~ zg_-H|Zb|v8z)xD&JxS)DHRS=`l}BOFZN&_h!1@_DI+gIZ**b59Ah@=^XlOgG0yi+@ z1>bF57EY@>Q5)O3j?e_wdbFVoWY|I*^>5(m*z=)fyeIj^#wpgDSwx}sg^N%9{38T( zEzF2c_F;flc2Bl0yxwXPA z$R}2*jG(Wuk7tdWf*;poUy^59lzJ$tTN=KW*S!C2YONy>)%P!fpA)X+HCI@ywOL|__dKv`*O3?|_cx+Q@6C^z(AHW`uXA{{ z!}R=w?9|S}hD5cWbaS8hOka4sbeH@QF4fuvV#qE?Tcw(NUf=OM;IJ6$s|DA(!`9b_ zlC^q2a8dPpb62XU_OTwf=|T`=ANT#z@vjzy>yl-F(2%s4tPx+jwo@#t8DOw&5gMgj z7}}uJhV4YIv0qk)4|roBugcpJ1`MYk&{@yf+9D&2q9nS~r~nP|4U{5N2pp-VH5yf82C)7X&bx{kQrVfXE@6>t z7LVX0(Fk|a%we?!H(V`49aurrLbWPR{t=S6oe+kce-|!vwV+WKHh@r&iDi(^x>j3N zG#^&rqnS_{$#s4Q2G&T1n_~Ic`+K7Y%aZudtCF7d5P(&56KWlv%7$srx8@68HV||0c&h||ynn`b<(zp@a~RXlGjap3+lkeFc3xNuqKH>s zuM8G~+hV=4h9_0ubszX=xlLn(S6g4U4e*au2^l)#H+r0AXt!2$-_iAXWw#@fIoD!6 zpqfe4$JcaExHa67kK4NL3~#SmHCjEvh`)A*6BnsJ4P#Y#SIlOlfR}u z-1fbUBZX{}L`{+4AU@RJ=h}m^bV`bWpCL%!=n`kmX1RLLuajt54@~z@Yr~&N{7@R^ zkH1{MsI|4kJ@6P&RynU=^G&EvapE^5(I&4>z0q0z!BOGHx?;Bd^8G3z&nP{t2&Ov(D7`h-+=r>$02RK8J%r;54t&!pYg8$Gwhsw(s{TTbI$>BR ztwT1@wFDBJcM#2^pJ_Mrlgyuh@~^$6XsN$?>TrLk~tmVJab@SU|^8 z^eJ$I#O6ysIf_nSC8VdIOi1~LfX-w0M(8QGq05u0X{y~UqWKzfhF{oJB8uKy*gU!^2$CRLUeUpD2H(l`dF%>4X}mn z=bp`u0_6cO=8F~(l@TJl?xX*^U_U{3cC#WL%$2p^(7Im?kDf~e9-8=Y{vSR+*4yZ* zrPK|s%+=X3#jY>Sb)52oTPF2mwZ{vu6TCVpae)18OPLAJ` z>WapLA_5+Mys>W2~Z zF%)b9@`7}j5!CDAx=MCxCGC}^pM4;Jo~32>D8%?Y6^x5)jobP58XaepqcKezUJP21 zu4vIXRR_NiD9K^1{SjojkC_+l;aQbTTpL5K;Tak1xc$Bre5$(t+_c4~_7PEIU%2rI zrb-9^XI~g*%5zvb0Gu_Oaq?C;f}683(N*7DTwqo`Hi3szTRowkfH;nswnYLG8Tw)6 z*P{zo_J)R#vYz3XQ)fKH&)Jc5)hwFlb`T-)&FMrSC+y$Tjh4#q1X+AmPbCwx%Xumu z*K$ItShR#hqzaAc2KCV2e&kt&T9y?x2pqJ%94L$WLCTLu*P?4%^NDx_t#NC`TD4E% zoiZx~4qez~^*2f))adT8v`)O^h)P4o50KwaKS~v=$vCWiQO~Mc_&^t?8`*v2pv8+= zTyI-CnyEx54dT=WLA1@y-OcX%Jb~dG3c)SWDWR zgQ-vbVIgkm$)VKED|TB$Ai9+KLygf(W;N z53yk%u;oQJuXRf{!cDJ;^IhqjX5vA<6LF}-WCm+Mx57GEk1OUSo6L1y*?T9d)~WdI zv~0kos}>p$HofFw_SJ_=vbOJ|nr=y*`3Nb3?Bu9BLmHt27w`?pNtcu?(Zkmp>tkBn`r5M>7XomoOMz|ss(xL?W6Yd zPd?D0c(Z8cVs$P&+pXmB9vGZ&m+H>G7B>?QFrbHJI%2}#@85o?DkDs}5sIlCLS>M} z2<*Qbqa3pn8GI9*kBz*qMXheA4gPmA`ZRED&$=*VGG6vZ&b#TS16&dcpG@kBODvm# zAe52sAV>0-KIW!6AI>fFH5F;iKDt%34e$FVGba;qK*W#zvj(Xj?&;Z6JuVB)5F}wN zA!m!04ilErtOtwD3Eh(R2ocWI3+TsEI6{`oGaZw6+UXOy^m+Qx!liI2%}MKFlNH)F zmo$+Vov2IlpQ=T<=A?G)wus~;g>f+5JbT)QSl~@T2P$ADMu-mK+o`_lEq>Rz6r)Y zAFyL4UHjYWb}*{VvwA@dH^FzSa6|}YI+f$FJCqpA);F_^IEus-UIAjwp}<0zKrYQ@ z6yzOsfyN(G$wv!O@WJaTofmDOI@d{~)Z|%b+F&|^A8ZsXq0T1c(;P7J^&(lCUOqaf z1RNSV_a*tcl=-1@XwOWLb7GtpsSZaUjgZZnGLt&Z%fe?6W0VPnlm`ugomw7tMjI_2 zI&FbHp;?JHB5%Df<|?0e@JXX=HVlOhv>FdcMm|i_P^WBu(>w`QhYo`kyz>hx9_>J7 zThHhSk2BqfXdIkCTX~cFu2w!$c^XC`P*#ES2TR)7i+(g)z0$d+Kp~r?)17A15GB5^ z^H1HJ7q7Q|!P?5ZeTWfI8QXc+K<_J&=qyo3r?0}$jN%)JS2XY*vyt}D>Zw0Rf` z$jy9r@JlcPX}kB#s8j=e3R9-raq;q2Bi_KTrtdg!%6cF=m2j;=ihg&%*bfZQ$BHv~ z@u0&w-%hDdxLP#6^g@gK6_4*`_F(ShlIU4tyf+Yr^U>QjVs@~rD1LKl9gD$N*4%BM zzJc!=0g)ZZf+B9_ED?}NCezE$?_#6KEbBmP%@}6<`opovjpL)~NK869gTad}YwmjA zBDyJ`LA}sP8nIfkF#6{>=$LCtqN7ao$JQ8)*&ds9Z}dBM;gyli7dir9#XHnjYmyo| zgR3SVWwU`h&!dyZvcn_}yV`d?J5INIis7E@6|B+fQ5`xBxGy#x!SCS`3J301iWSXK zX|8i3E#1Df#3TAc%bE!e{ECH!8BkkoNI8ji#j(R&nga&ObF#S$n?$_M-(GRcm06Q+ z!qe$?D!&G5ysj+Qqc|qWP!2PD*v=a3teLpfb~cR5!I}0SacIVeoe6$W>x&T2#Bj)! z`y%iX^EQ`RH^`16DIBrgh^`H!oA)7Tv#o5N>Qr7&f23m$8<(>z@r0G5U+mNH-G{ia z*pwSY>Bnjf^y(~bqF|aI`^fb=^qjIf%xjdasb+IdK3Micct?i3ZIbvQ3MfQLld2F4 z1i9t5kBSqF9yx>cCTrx5L%H41kT>=5yw zX_CELC`bR8q_``Bz_$p4y)UkQ0E-u*ob1e8TyLcKlKTaJh3?Vi8~ZcmH)zf!vxX$Y z^?8)G^ag9{;pCJ-c7>)Md%pfTXZoSAA~Orx^yEme~ z_ERWOKetNG=x665wAhmcs z9FKkMtj4HOBiASdwPa;c&MC$Zxv37cWFSt=s^%|0QJ;>{|OIU6tKb^^!XWcYy(hucChe%=#^$<+FA%fU<{03Q@4-h=g={@Z| zQUnZ+&{*DOJBj45b$G28m=3tq8?Qv#ua=HWKXkUcNit_723pjLL;@=6_G&`|Fc&*y zdd4hJy#!DhjXay}2;c*Ypc(^me$MMffBQm8z()JLH2Jlg|H=Phw1lwVsP-AM?DEa zvxLj&m(4lf$Po-`y%#D{Avej|ySP1(R?ZP3Cu>?T3?90}?TVB8gSoI{C^wP{(pzC$ zOHFpt907wZO_TOlwcHJ(qXa0vNKKGLorLn?7pqOyq;5s**+^Y{B z$<6%e$oniMsau8C7qeDWKV-v_}v`+m2TrCS&A23JbpQoX!_$da5U_kFs+ew)^YvK0SF_ z?oqR5sU=a~v4|ON0YpRNg%fUFE1ZTM%WU;6^2Sz+$XKxqLb(B(QA7HpB26|Mf zjqgNWp}yHWjaK5)j86E%0tA$y&WR{XQMitH_omCfj%1$Y(Ez1&k6T)h+zeXxzJI*0 z+RB;n{-!xnUh_D^2kAsVJx3C(0zUKfO0#n zx%rMkK`<^P^nETZ#On=&yp#?~Wno3An{f(j%I3wMi zSl3!Q2Mt!ix@|+{>1Wu>gFOpu@n9*nc=)O<8^1QvvW4Bus*X27Qis(PjHDV+t+|>q z6mb=6g67Y8KA0q}$bUc{| zt_UbW6`uXN*Y3*oOmsCKi@v9#mss{cocdJ|va$5AKwFKQC`Nk<)OSHz79+WR8)&2u zWg*c-Zh6wATtzWxUt~BR+V8JqHf}7xAbtNrjK^)z72}YCxeX(^QjJzk{1uCmpWP|| z=AodL2zlQOf=35tiGnlpqqmR0xHwFBX7*!KNC^K#>;!}|{rXn8`-P~4e*k_K^VPV_ zW;P*0^k@06pkJ1{LBg#|2oN~g!ijqroF!&xekNuFw{-L4dPGr>`o41z9tk~hy&-I? zR{GMR*l=gZiLqStRO3$KOILMP(+tNoDqmCM521sdZz4K<8T$&}3C43Zefx!e6*Z`h z)&0B&<@I@=91gandFLin%`QSr`Av(d6$(QS0h6_fdkO|r{P5{ctmPSkV27g)|L7|V zf9tkQd;u2vGC&xR`4}3>_hk^VlpWWB&F!Y*=+WmVBID>U^LXRe@oF0EQHtTJIq|^7 z4;(TPgu7xiqZ)zM&&8G!>eDC21eKVT(`l{-EFN+q2{9vSUqsX$t{JL(WLZyoWs-x_ z%OA4@%_V;6ASfP~wodR*(HiG9=1m;xTq@;7>;{@(lI?U^m*b|>l4*uI0!Zd4JEh+m zMB*}6*4Al} z;BoJM=EQ3l)oqx);&ALvd(;O(Ui4qM3QJ)?j=ZI)FoIQeY@nX2X8ByBF2PxUsZXZ) zgzTrg{B==~qW*M?Mao-5?Zm8JT)czFcWy!FL44|Pi7V(RGJ*dmKM=t0$EYPdZXQu* zG>966F)&oZw{I{wVv?fyv>b|ErIVZbLto{@i0`jW>2a61Z+CRBITt=h(~sv=hH_d( zhV~qJMYo$PF*`T1<+E?O8Ie~P&e2D>bor%>a4j#w_3q474Ws=h>>rE7xv|i;+bH(v zAfsD);cBGSm{Jr}6!ezg>*06Ps+U`<>ml5>)T5c^=tpCY{gkEDUPnFDgxrXz$tbCl zEO=@4le^a0(2A47FPQG-J#Y)1E?&>2ig#t0a4qxs+(${=k)3Q%@YKRL-gZPsX~NDF z>&V_we0tUdChx})yJPRFWTl^Ea9%vjH+-A{4!R7{pdNTCluK7g!)O16=K&WM8NQEd z0B4R5bR6^o0YV9a)dYKBd*!Ht?8*xy7nLBbj<3lWNE(EC99O2uE#*ZpfoBN31jAUr zj?PRV%2jcU9+RbZ1Qfadgj7(7lzgMCl&2+Aw|gAJOpazVW3X!&wT7q)ewS+}n43x# zQRb}`n?Lc*0FvG0E^ww`6#Mxf4$$ei+;n}zA3Atqekw*I?yFl7JWXZ*WbfH{g$nQ?VC*-M2DKi@4&dR2c)wQzXKg|`7xr;x3|{I6HH z|3N4~6hVS?86U=b}Z-l)=En7!genzN96oH99v!;Ag`ZG4<)a+QZt&3RU=cH~ik5d;)I3-dl~ zGL24&ijhbdt=dSp&f6MDxZ0@xuv|1QD8(vAh+pa})A~oL$AmO@4TuiHPUQRVv|b*U z?u*J)&jkaEW{zUz(LN+gCGAdBsX@_g;DOJ~-Xow&FH;cUmJHN5Kc@ANla8g*3K~{@ z`AxmVy}hC;%Yr!r((?rb9frGow-CUeTg0pP9kqH1LE}zr121BaUGR0$`c(`FMhExA+a`3#>nM|z`OO^y> zIP7}3of3Xswk(D(?`+~a5|;l9CkixBG24Ncvmkb|{RiIJeoM!qJqKt}g@Y-UTCrr1 zsI2Y%%=xf(mj7}(xq1|r$(6#ac`Zs|XncUcYkLYLlu(HO0&>xsA>&0kQJCnPU{l`t z?r<+|qCyQ<*{h`rC^RZ7aFZMs<%V2(o(92$kY~)_wl0?Zfx;gv$On;--X=r?FO-49 zJ#aE$u+C;wFtx~_I#DK%W@BYor0*?7eov-KEna4L=~=MrwL6WLe2oM%h|$gBv-FA+rbWX>q?4nbCZ~MmkqG6dszk zpGjIKHWXzf1=;4GkUYE}f1r-UpN~<0A0K)sgff}H?i=sC%B1rZyO^OOh7dCpw;8kX8&ibJrV$>*Wfk!RPiu^k$3APKH7T`co-O`|^G{HT zSrWB#Aj1aGY|q7QROY7VSefn4FSe8;4!D3Gz%g?r*I67&n^LeEgyAx;Y*%9Q^^@f0_KM4jpvo z1r=y{0}y2AFo%&soey!0@k*e$r=~6(v}LN+LGb7t;SG-Fp)8ifWZg!20~S>q_~aO( z)n>kSe$gLADPa8qzm0Xx{2?JVei7XxTi^_5)E)q?sdu*a%F%S+13|uIS%T9TvnlBH z$oc#$$3oktxYLBO=PJ&E(RP%%=?iKoCSt!bk@AbpD`wOpz1Q+_1Ny@I)BFQ^-p{o6 zp!UKWtmvhY86rL4Fw{QSn4bwMi`0eC5|=F-;tLM=3zqOE1x!Cw_d%au(C$uEjT$+n z)Ev)}<+sOzv)`*h-jZqbtHeVwM|)?m?xa5Si27Nx@{x5WLW{p?DV#VY)Ko& z?D~&34O8l`CLbz&CSV+Q_7U-=c-GMJCa3%nWA$LWa!BTbHbrH4BfbnzAqEuZ& z@2}oEUCUsG&Z1F9*X#Pq+7D7cZN14fHx{;UG_rsK+6@pE*aQc)w%m6}ANehfmE#HpQl*yuOt9GOTJi+m1vpOfJpYaZK+L zNBW5s1&}oEr@(7SW9y@MHu68cp?(2&^4q`z5)@O2msuM%3PNoKFr)5CtE$E-6Xs4r zv}tm}J-D{+iYtA7oW$MNLTFtJbpYa$jePvKSF9`Qf%(F7fBrcJV`qXJ5Y+_wPr0{U z_LE<$;;=0>EdGcKo?fT@ihuToc7@H<@*dzlVi3C#k%X1^6$)_B#9xUVG3@RjXh>kX zVCH$hbwfm$+7!~-%Jhy*KO%xX4i`BhWOUa!v<SI;DQ&wsq>M~)`&xZ@N z#K>tf|GMZhB!(%%W~}cE1V(e30KY4BrGQeVMv$f0i6$I!Uog&oRgq*NJt|u#VcQhZ z(bk;3NtcBvP)qe3pby+qKix>X{hZz?}b}qN52NxuD@%35aGjm*9d~QfM z{d)Bz@y{PFlny8D(B*v?2h%yGmUyQy;qu-#mg{?x6vx?d8xT205|?h@j+`_wVbPw3 znbZ^t1YB{9WF+y;y_!NRn|&iyiybb62AQ1Xwt69ME4K@l$kiT_5D1he`Y4zU^0)P zkfUj7A4O6)KG15t5BL=lviO<1FrkNpgMB!hE7?XIZsq9dnRh#u1=}wt+&o@8v#bH~ zIr>&~LQf=m=$efL87wLe0I7U*GeEg%in5 z(IZ-sjPl|oIn6N4k#2eZYG?Z#YpeACpTql{*>r|v2$Liu|r}%+vAJdK1Htk1@VlXL$D}7w_cBJ+qP}n<~_D;+qP}oW81cE+sI9-Uh1Xt zS0%$9^r$CY``h1I;BFkjmv^TBMtKZhjb~8v{&DBM1dlsZg0(Zat@T|=1K5J)U`rRj z{T9}~JDzp#4~9F!{M9wuFf|z|UpK|CwQ|S?Q>H#wy`R%Ow5tu=oOrPBs&LLhOl zeWZ=2+FMs{D$#c8fiAIzdkR;O})ruIA5M>llq|K9tbouJSm)PHy1{Cuwa!T*5`{1 z(No^Q+cM!dMP^{CEB*!~qL=o)U4U1&e*apZKaW)I#Ys=2Q!p#B~o}eDp z@DlF%_H+$`rRO~c^H7$7zC@dDVw@l7In#9AXer96-)@9V(UnqSNBt-IB-?+WPckxd za{L!=l8Jzgfs^UKPX8S~$(pb!uMKp~+10)#-Wu0|A4VDFo9eYQ~dLPCi4 zy@P;IHwg3;Yj|*T4dU$rTl1*>FAV;O zKrkWsU%v@~(i@;55Ai4{PtVV&^={%&1YOxC?e73R3dzuY2!X-w?*cf0y<%Wz8=b;G z(PRRBa15>iM8A$0gxLx`FM0?78vsFpg!Uv{L)bSE_dxkoz|kyCfSz~=Z~A|(djY)t z`LlolApL(*ZsecpL=@g`|9CNA?B5u`zlIIu0Lm#~faI4|()vFL-veIl$M*h{#F7Bv z+T9w#hpcnw1NLgSf|pZa09?%@|75^Jz65&a#{)@FT&+e2_AcbNYJ%RB2iv=a^(jgO z>VH!TcN6@1>iLBJ;nZR07(mB+d!2xUa&!J*4J~R7%ZJ3dIES5A_z4osg7~p<3e5)~ z5`a`xL_`2Mfb@S0&;{{BWq5h@|8o6dD>8$CdlGO5$euG22rQ68ctRH>Sl9sv67cX4 z4g~&Pyq`q{gaEM*4pamH4`)V^ySu$IXC6AQWBvH*&i4h7Cdl+90JvK{)puJl59K7< zWBBzO^uuq+4-JWIDTKStOZYujQ4x6q1bPo40r)~H6aat#K>`hrhyV!u%@E(k`}kLw z4qx`?CImq8YmV9}>(zdF9|WxB2igbwVosw2n%05vzuXmR1&RddKZ8E|m3iGI{N+#m zop|U)`tIdcdJgUP{cQgM`r`NXa-*2~h5vWM4n+%;3!({a?-!Oe=!;YrH=KBB^Siej zi^8i33uSM{TH*#Ar!nhm0UHJ??2I^mPG26w8Rg&8 z@->b1*`Ad_AjwYe(m`km|I_0FffM8SMaW8sp!~T#Ho2Ae=d*f}0zrTfs#-uic+Hvu z5Cr4^3V{R6H-iD=Anbzh#ifw|Avp8jA!g~Hf7vA?5SYV-dKLR&`zpd%+nj{1>DsLp zaC>6;{gbm8tLqVx9+l@FK|2gYXD^CQ$$WTY)GL7GTiV+GAD}7E^o7< zJU`QLbK~Cfqon#YC4|5`TQ(`lU)2*>-%RsNgc3S2mwLeHcYoHp$Y%zTL>xHdAw|P& z8+GMW2}m4~L)t=W*0Da|lC05tck?%AAq(&51~>xPpF966JDD^JFQr^z&B_0LEHK0d znAOxkG*jfpB;(Mg+JMO==p7={xnM0t;B(q;Yx@I=+df#<9TC+Wffi(2RH+EqjYgf%@zAtZj*A?Y31mycVk%o4INOVmA=zaDMmZWQ;;}+c|be#3ZUQ1~5E6yb+4&Hoy^-}ZmV+7@# zNB}*3RM6_Ezc)qnUpL+P?YU>vexM?Dhh<^lohzofPZRrG*BlLKudCE@MVn*)4D_e^ zY3Y|$I99t5HtSH$yA@V-Lgi*)NdD$urWTaqubf_;T^2!Hh$3mH>ZTo2(V-qxnB>Re z?bqW@>1Ml}Of8OorYiX>YJ{4`8DMnXE@$|^cRxxmGzWc$$>IKdcZwP-HOxUvuiH*ha4U(ak7*ykc8YAn0w*GbS~xFKgx zbNzO^KbPaL!e}jLWT;wSpVP7t?L2C|mML;qQBj=SWO7kJz-)ZJEfK8gzXY3+LQ~eA zsBXe^rQ@`@qNJ4BmCLW{Hj^z4J*+y|zJnwxjG~zaQ09}n4;B^O)5%tMlly5>6z3?I zf89o?%6OGhJ{PqeK}@us8q=WXzXOQuSgu7H3|(1ElLI6bs`1`sdqff8-m9WO+{ z$=7NFM@o8NOp76 zP`Mn1eUO|$RA$Q;UI%>iKRh-Xi7$F+kph8D5+oegud5u3PMn+)r2JI}}GaK6hE^cet) zReOT&Yc7aY@M`9-+6;Qej|tHRABP&fCj*__9i9yxE$n8X<}q#mj=cmD?+>0wux4=3 zFnfH0Hs%mBHOe!XI4y>9#|^&?{we33r#un6E;~Lig}tb^C0;SCIO?9VvcrZc;s63o zNYYUh#cWJL!he&hy+_m2wRJpHLAP3(5=9MZCYS;7ld%7DHFa0+J+FgyOB~8WabJ@~ zRsUTK?(J++<#F@v{f9NdR+VGK4Bhpp^&)OG1R(ll7;v9-MH-AiJgGLFs`a6#81P5^WP-ql zINlec?}wD~Uo4l#XK;=STkz?w@*QN=(T`+fcwdqBk7BuZznDr1a?E6Els?V?A%wRS(rz7I4m>tK7vISW;aRW@6t zAeK^8LK5p(6?3AphN6RrhNu{XZrfo>i$))(l2-hR5|q`**TGr?vsa6a=g^&#*NCWP zNDgX9rL&9EA?|8OB9rJH4B9SEaH5B+wq3^hHYccxu6gyFPDH``UIWkkZnhIfSt2SE zgh@raSIj<}*0Au;DS-xhIfGdNuOO|cv3e2Tb!OsIauUbak>{$pED{7c2_M0?kA|w% z>K}<}uB1n1dIiIBnR_%ehjyLYDZUlQ&-NTP(QwvOS zdeO}tzmD;p!6tC0t9uNuz8_|WFRsC&O(kiWyEIht4dGvX0p08CqY zL(IL7-IR-3myKt)7yOGr;x3u3K!TRqS48AUzsYzaO-V#aJ*QQnm3j@HO6BX%Jn2j`t1JRO zvSqXS#{Si@I~YqgL3V*aelRYq)dMzD6@drJLx2r+U>^|jwliMe_CUNp@MHi&}<6XJ>aYe<~MqBFP(Q#`sVOZxof9;xc?2eDGA`0vKpEt^-C;4NPysU^?ff?xBwYd4f&o8$9wn z79)h|2iTY_O#^$+!og z@IIUE2jC7Itef?aDtVJ>O}%zAp`Pe*`GN9?Y2U_~Osa}oT|P9wLowz&PwkE0MuF9= zF+O0o-s(m#iG1%jW-_VPc54PSvZw5(X<5NRuFx#8(?pWu<#OZGGSL;Lt`IsNL~wF; zkKCffQL+dJl9Wd*nmEBmkJrq@Ve|N>k0S+(7g6{{m~BPi_u21b%N-a72VL_j=X+s4 zxmV$0=i2d621t0cO}r_npxRdbR?bP6$K_0ZyRDf7(h;1>Z1;1^Z5cRzRJOEb8n}3E zH9n}6`R?d{C<_2`Lm8N-Vu$*@L=#=K({-;UX0Cm;b9(QHwdmdkL=oG#USx31_3#5I9wPyuFc=lMz#&-~3#t zPmHT2HE&hQcy<_3CY=4w1eRGJZnv%VLf?8c6=0`?}2e)pF;~g zOK)i3z{Ju#d3$cep`nVr{2+KRlCt2w))K6rofU({|W(w zu>hS{D}JX9)$0A4oLA2$O_T4xq?RW&e{<1<3;UH@s9R2%lAUh{(V>rCaF0X!w~AK= zmYp?+J|AHoF|K&H`Y&LBo!jvzp-Pf*@@$W`@SY#eN^JlXJ9bbi66X_MMgoiCqsym= zS!beTNvo>i;BBwCZk)35L0hIgj7hg*9(AtO-%V)UoSnHKv@(ezc*1-*v@S>Kl2`a4 zE)AP3`32bCu`a#9OO=Q_xk|CTK$!K>wH^q(!_*ZHE6xMDe_BE z6@bpn)@8@8vUcqced8e6Z?hAwrV<`!a|zkXmb#Kh+{rW?h!d80&64+Kd-0kTYEqj5 zf_6Sx2|h+kLauU_tL~M|oR?Bed}k;VNjTYJ+fDAktr*J=#aB0wOQ6Z`Eg&RSA2QUz zf<|b21d{X#cd<3>{-z<4H67vk8O_OJNjOQnFVHLCqR{lq_%P3{VE`ws&JAM|*)Ava z1g#q}#4x)&R`59ar<$z#8&y)M2zJdd6%=mx?F`3=5()CSrA;d!HTnLtxtJkBR)M~= zRgIrjT)Ts5V*32)9EY#(r|P*zvRZ{XPnljiL1jra2avoy+|P69Q)a?|4q0r1n^l#O zzzOjg_|@i$vL80rw4+gN>T&HwTiHs5@Kw%$;=+JOB;=}N*ukl{JftnH_EOk#bIe+# z;hhA@#B;kYv|Rst6V}l0taDfhLYiR3N`ESgoGqx7uxdTdxDJUU2s=*OeeVv>tiD{? znl=Re_cbE&(!trAuiB}7A)kt z#Vy*-d|jA1CulCkwYxRwHHg{UtsYuMyg}qki7Gwgh+{&E{D{##K-v*9af`wY54BtL zp5T=)Nv+xm#&vm4&%$q+4l=}BD8Ru6>`(6EPj-rr2KCsC0QH;CcvTIu-SJuA6UV`x za_n4|paWz;R!HQGE;tvyD1%+N6n!1eez}AP4Y>3Zv;; zCpqTkk8TI?->_c=6=OMzWSW$KLbyjAY8~-!tm3gNI~Z z8qLNyn+~7B zE7;n20qFMC{9(cjhnmZcvS&KTt5)_z--mIEe7=u~JF#FDOFQsiHk5hT+>NE`{4RUj z*NagtdV$NI-KQweyz5A;ezhVSRn^1AVbYuEhsm?YG`CjQDz=&2J9h2(4|fEB#UIzi zNw5)t_42eoW2JgMv(~)ARdclXLV^BO@FO->>W6*Ds#0NIr|+#akHBAL3n%OKg!vn& ztsV*1;=&=q+_eQ1?|mp4n?I(F-J=bgjp`N8oj(uU!u*@EY_)g3y-FAgX;^^Zrnu6d z)Lh}J{Tdu!iQKVvlj_4=@7WQfw;Ivi3)kJUy=zFfSzFh=Wj^|@60YoV zZm&B8Ax3wNxt!s|3rVBGi$B0ord? zP;(TG1Ri>RZ!avMh(7H1Oa)+ggbr_SojgvekA8YX5#2GyxGcZP^aHhDuHLs}i>$mz z1eogf=NW@$2pURPFl<+8od)I8s`@yTR+}`3jRWE`{LZ-YByhw18E+0=8VEO`51pj zb#n~e%yfJI(0x)frlQ>|dj*g#_zG%KMZdNF9PMiaZWBEhE8iXG`bX z9_NkJM5UFU*ld766y**%pwxCi zI;)SJp7un@^gt&B@Oqk&r$m=DoRur~${DWYD=pW7xXWsE&Rt0jM?T2P_YzUrdsi5T z0viX#oSYf{ag=D)aF6P7JaYMkaL6{*TgjBNaN#@JT_jL4&QL_Z-lQ3=uKXUkloLjJ zi_FmJYy^Hf132pe8K+`l93*8Dh9tyv2M=D3NP{D9=fZv7i3+tHN1&^Ni=V1&d^hbO z=Y?6Ev=ZcKn)>N_dpFaj z;PwyBTvRo+=KxJ1GbY8}`Q`oeL!DaZ#KwfGf9F0Fg02ytq0%xw@V~K}AF3L_e0IiADkU zAjBW=Sx^8M1t}KLzOrD;XC6YFoThfF7cYQEK`%c%Iy$-U);>QH8z;tJC|Rh zvAQZ4*E;h0YNWczc1=1X5v~OO|9^-Dc zudfq<{Vi`?06;Fk0vYHLoL!LfPdA}C2LgB-QNBG182WxhaR0o3jzfM#3*KBGZtT}# z_3Nl0z}u^>KM_HKU)d-2H#OovhXMvrNa5BNp@crj0^*s!eF!k@%~?P_p9UZS2;}E6 zgu`&Y{XGIb!~m*coYUJjCy2ZFFa$(D?3)`83`&gssG$Hx@MRrhh;K>%b|V;4X{e)9 z5OD)WU)|3VqB#eO+jWnSAKPW1hzIfaFCGqpMEYPI;h)?aAybLqFmfI3?>cBWpf7Nz zV50z}0j9*n115nsaD*FR7o?ArouyUWpG}Gf=n+|jv)folaIU>je{dq4y*7M*ey{^j zaKriBJAvO{o3~R)0wSQ`e;|i^-YvuckS}s>xKQpd&coC=v45tu0gjspfDk{QpKs%+ zB6OG#=jZRZ&)aV(O-xLTDy{q9jJI7jRn=tpIei5g3M6gj4`2$#DSS-;5E2 zz_-oNJ3qtb1UQQPsXSYU)u+1H?jI!o(>f0KfZr(>^bjLjoUupz#7zik2w?|(qTgMW zU)%>jqqjPmU;4yfH(@s(U0uH{58usSc;+G4{fp04KyfX38aaRuifowp-)l?2Ut%pE z4w(J(mt8d*8W3_2)MDb;sX(Fw0)u;g4j?D+ec&)mqI!ig{^a+dtnb83Y9L5<5d(zY z9ojYugZ$37@|`f%ZJa5FY|1FCET}&Rn|ydL4d+v^x)Q6Nfy0Yux@y~qQ}`U~m(Ibv zp#>PY;>ApcX_USEEFGf0_%aYDzQ&9$c$CYeEo$9b&hxRFe^b{%Isl{KDK!=|>fu!$ zHrVeEYcx3djCQrw6-bl{`ZID%H%y7q-|oYQh?iGDLXme(>#r9xBvdhI9bKkfDpb} z2H(ZM*|q2xlq#PBvCYF=MGOYrxP9WwV{bb_k|JIBpe4i4bmaQgH47?Bc#C4n*JWb- zBcRhu(cogIxYeKiUSQaZ#R;j&SF{yYV49aIXLiVjDy|XTNZ@7PZaplpJUW!EValI! zLrkC70c`l7by4n4Y9!rep&|=Nimp8AHRddKY#rvbjR1TPtKSZ6HMi}PHv%=`{AkYW z;Rers0$lDk;K{xfK9^=g+4AWuVC@tOYR8%|N1y;SZi{5NNGg=prhHO)!!t&K=W&{C79q?3hi)-wGiY@Y^&^;1zFw344y{;H$8>J{XHE)X zP1f$!mQj{LJhLqB9X*#czPIxfv|XhoQvZv9 zs@~v*DY(3IhJCF;I;66gH&Z-?hOW#l8;M3|lmA1A zI_NNbAUjdi3-!39HRP^J1b$?OHdmc>LXDKbwW={JrpznZz@wfGHbQYFk)dysc(+!iao%R+w|;w&k2SNOmzk-hxB)cn!9W0ZEvL=GuX zSbM_;Wic6rtq}GBfVBaX^(udt+bwiOuI6Hgk8eS+8qfwP>1f$D@G3)-i-KuL)#tIZ zC!phoOixC`8e1?Sl5=}7lQC^EBsW@8 zxZS%CVB*1eynn4&Ck!rnL+bUrmTKdcpV_O}DyD?nWzQ+iz-2y7aB`@i>^b(FX3}!S z+DbzCh21%%ci?gOLA>WSS<^ZYlsWYg37f8a|F_S9J>()+Iq?r9aS2(Nrhx6HBhWKM zVTV4vbi!?WUwZGFVI8OTTPRhHfEn-!E|1&hIedu>9X_*f1QX(Q#&3|dz2$Y9d-V=!qdq)p(J|*Stp`> z!rRC^MMy@HPcD~n4p*n&L0P^&Wu@Dn)erODJg|{kSg~eYLWVmP3a2ZNxDb*cmY?oAA^| zC1yRe>(!Y8kQipZP{*k^TLIrovxz|?r+CBzx@Qt*Udp1&Q< zceW!&f?1g^=ZJb0l@RX|vfrf2JGVU#w{LIEj`1ol1gIQuGS&_`wQj)Yp>G`nDQT7E zJn`CCKu~Hd5B{OSo-x^it-agIujl_D#huqn6WM9o;Y~*CtGr?MaoX|rd-2O5Zs2O8 z#8>>?8S$E3=FSA3dN}s#c^6im$TS+)W`tYvPwR%l&*LHEA=l75k=FVUinOm=SQG&E zj7}L)<5B9aw<+R=SE?(LwZ$>Xx@ib&l~GpBZGx;ThGo>_Kw~}I^xc2zJ(k$k%d~h7 z-uF@A6tRvV2-_ffJ^u4sru$rGvIwLzo1^h*Iyh;FY$}G?>+#hDyn+arj^#2trjnY6 z2r8KYFDLg>T2=avlMoyOk8n{HB^Aqy;^f7w$w@%rHOX)s3k`TSy#dH)x9xVnh2?!mlA;+4h?%TVgn*dq>kE!R?_C&}3Fd|UNm4a+%u6p@46qc+BX ziqz>ch0Ui1dwx)GDyxxW2X)5DW7{%pOxvTPQ+En-%P4hYb;~t|x6+9JAf9C%FLN1W z&&CXtcE{2{$B*9>aozdX35U};-JL+#q<}g)sIODx{KVCUCI^Z+KmM?(nkk`iB0s84 z(F3-UBe$B+)5uned-NsbUdj*rH|xl@TLygH3X~|_N(Ss22?9EQ=L?`8G$yEv)#JkA zB}YZby;cnc__Y9WSk??Pi_R|YoLv5dGA|mh7RR%%TbU?BoltWZSw--#N^9D>ghxy# zr-CHJ5P94nx1PV1!{d8MqI^ed5mir0)bb5|VWhc7ahDz}YG z9+?G-cZ+UM+38oVna?JA-dZl2UXJY=>&eRKW9n5Uc(zfU(D@!b~$RSMQI zx6zmcuTye1XoHS5yA-?ofD^axT_Vr!DZ@_5BJhYYi3`y42Ox!yM6bNz=EW~liIlHP zFwI`-A=hAO?eUq7N`==^>v`M2#-3!k{!BH$YAYxsrN)b9x&x$Drd)rIJ$?_jN-@BP zM)RmnT3gIF z;nos+`_p-iWAyCq0L@I*CA>z)LyK4nd`L@$hS6Qn2T$OdG_4otCNC>KJ3q##ujd2q zeUL&va(_rzqjmgyKfL15S~w1tC?N7f68X)H-zU`$GAE2Y@`|Mn*T_ki=2oQqd7J#- zQcwaJuH-7r_Fv}KN+v1b%puQILB;p;f?~qsldFAhEuWVQZ;O%Ye8ea@XW>z+3nOuP zE_qg1jaP~17RuT3La`G{2}hH~b4#M_z%}m@yhz-sZJEDY7QY0N2H%kphV7p+=_8Jc zTQ*Yn$?!=vuWRppj&W%#u1!0VGkM%4x$r$0v2zy^<8)jg#Dn4Z%?KJxugEj1s9*+50*9It z&8B5FE+2GD!nf~vTsJ*V%WVJvml`(8z7&8VOH01?XNU zku5vi*Xq}6m8tC=&`aM?2c|lcWpo@w1`4rww(h%Sd+~Ep;iYvck%8he8KjcA$+Z^I z3ubzq>yZFK#JQ*rim4XGB~j6z@G+-QVBw+#V)~H2=gm5jy3m~%l64Qbs8b76hfC%i z3Zib0S&36%WJY-b62j=mHve|_UOPmlUi}k2JQ45K*TzX4i5tCDdja9P)0yG~WdF9o zjG7!}IrW{E{(TOT$12@D>V@~rp)BVUoVhBJ23iMrQ>+SoAgM!Zqjk>U+nHa{&X&_yg}9mm{&jWT5$9q_yi+i?xJDm8lha8Z-5gOcg+<77PvC*|$&T$yOB`x~wA#0pY3m#`qo zYn1-CLGKt&Z-Q8{<@IZz70bf0t~F1D!W2~&KMA9*W-Q4ou9Xk+&*Q}?a}UEe8&KO< zhTyg9x?{@E%yKmO^lhe9Q~FF#n zEz9Kjk=Z*l6o`40+=0bpSF{&*CJ&^AOj=Q8v-QsAC&{bR3=Q2MU{tC_%CQ(M?p+v7 z@Z>to-dF8*#)snNgG#Ga4cOm-q?XAheaf0q# z6_gxop{{Fu6?^YxDD8(b&$I>$4DCA1e!A<`#?xYfR#UUGo~O6Gz%fBD1@NVawxLS4 zq4M-2C&qFGTfWIJsDfU*#e1|Zj#uf#*ouQ`i%-d;8l;=fMDxvcrq*bY#PgRbnrsXv zz~DLW=HmjBPjm@; z4uGvEFhhP0E}^O0{WdWTB3eSL6zSXga`YQ+{zChK) ztk}E{#BaO`%bZ!i8BnHMwadz2B}?{|%%|yXVj25j8X^HfHN$UP)_#`4D5PXRCBUhg z8*|UfOJ+b~Ld7SbvHLA|SE=6WxQ(QRGTTs_5*2xiix{4v*2akKe2IpskeA#l_kNbVFN zyE6!arI_^-18xt{dwuky; zm3Uo8R&EKjKoMb`v*WWveLmDNs&p^Ov=QhN<6V2oivwC}0+|;7f#_Kc{Tb&2HNy+Z zuIhs^eP_L4ktkC_lFU8mEi89uwruRT5kU|rw^M61ojV{<)yrm`!PtIB+U7T8+`QyT zX_};nd9DOU?d@u&UU8Z&iBrdG!zI6R4?gbDXh?J1B6Mx?lDcUKD7`=TXTnwWNT5F7 zI0OaQy5J_dN)kPB6ZnR8FIgkb5i9m09gFE_q>dPxDC;k;ROD%pMKb+JaJPj7ViC%O zsuRzXnT(QSKb|^YwtU2|+!yF(`)~O(aM;l#y!guQq3Wh_HA2#&7t!i-sNJ8oQZhYu z-KM%R(NDP^*?JRGcbj3PVISFxy%>UJD|)w}Dlu_u0PJwP;jn$X@0QCrm8wvtqnjZ; zhH^Umm6qNPvwOZ;fvs30r+rgQ?d{fVs%14*qZLRBOdm2}7Hb=|MI(mau_}h_pUP`v z1)o`B+8#no0nacS{st}UTa|!6Bcq#1CL@D0d#~)eLb`$G)SAj6YvF8U%CU9fLv73n zWF$IQqkKD<45wX<(wcxA8MeJ<1Y%u|47An5Wk2!86~@1`5{X-JIT(ji>|CQ0kET5J zRD{JTx>e6p)Qr}%^b8H5;g*HvCGq;)GR=0{M*E6duifqdYae{?huzdadTtgKjy(PCn3zM2*y3 z)KrpifUU++&0ggy7GZC;GYA&0M&S>bOQWZt5E|Bj0-Xg+ix=`%eY{IB=X2;dbr}(F z?{Y6~rT&6D!rmmW0-m`mbyl^}R`L)>aaFI2DT^nz%_AaX^Z)~8PFS7c51|N$sl)F@ zRr9R6LM`M`L4b>5>2|VR{pCx2)hXV==Bl2ZpwU1CyS+>;_(6LD=e#Fkt6XoF z^kAxI=qx0*fdp!^`! ztj3v2CN6v{^KMeZf>h8k2})T9)MU#vEBRBihA~kgIPiov7zGYw)C=f`Fhhq-h{}iN z>B~jfq01=e!ZdK#9?#4>xw!LkT=+#HVP~b?o z=~b|{p(hy}BlGQx(kDzP3U%Z`-l;?&a_uVMP+ixA<|8^IaCd`V26ldKpu|Lyy85IL zVrP6YqNI^1x)g&0i2#bCMs|@@89JN@ zjBK@Ah%Io36B>396YfuRR}REwBX3_H#Y(e|5^)y+j=E>aleHNm`5a zSDLyi_bzd5Gnijgblt6zi)3aD8hODy3Hq>Iv?r@w>ucEkMUnw{;_ z{H5c*8C@c-xa}m|l}Ud<>v>)l{3}Seu_fRPb7@tK3C?xfV~thS`!#sz;A14LK;z=& z9UC!y659iBbWwo`WL-5hWC}=?os%oVqF4nv#9Od(CWzZ zctsF9&g0Ei;!uL&ReVsqxPTndZKUbx3}`mgS_NaAm)bQ^^61!_$PL74=G)ysmC^UG znM5^HrHhXb{{fFIJ)jfR+~-hOoVYTht>4Cs+O|7r+Nl}D1u%~WmbLKvT3SJj&v3s^ z`Qx+(ZrK(Wz4|)whDsu{!w1u`HE(Qg6>9P|q8fH>xx&%bm!YA@tAx1DGbY>`SI0?7 z@}gb6AIF$oZ>U2o_enDKs`l=u|71|YREHlnavg>4@e|73d`QG;viwt1$Rx@ zaOR&Bl%QC{`|dnG9JG6Z?-Xvu(OBtYDU|I+^;h@9%thob@d;Q>^S8DrZ3(h~t7%VH zlIIflZ>P~E6I;Wb#*`%YE!<8qDj#?p*-baTW{Kz(hD9|mi-({{I(-X8b42Up1S=~J ze3sL3p_*Q_la1=zo?g+Mt>ivWBeo#^*i33AI`VW+&ABuQGFqDg=(`9t9Rpcy zU_ut*{%%iFx#v;a^jdICMw#lK(?veAHHn?ESWdiC8UF1W-e+1Z%khZlZf?X1qXX1J z`=**Y4Lc__5jznD4eDMh>Sd*joOot1I67>Ht~r)vBpOj!z=~%PQ72MR6CUh6X_mSp z$8`SSG19ljdB+qQ^F(}D%aA`J4kB;SPWXob__VVhW}h}To%Ddo#}_RC(#6KXKg8UT z&8CDB@ZO-x!s}zPx^CCR%%rSK(nVPmqN(CGDEs=~cP4o=FXQx7ij@NswudEIS7S!I6TBb*1qq}iTJ9hc9j|RA^g~yZHOf4p$o?q}I`rD5G zcMi$S$?)HDNEHuz69Rg9LrZ068z_1?0!9Xg|5-G2baE!(WMKQRMj`KU zN81UTz0r5IuJ6#+#schhl5$mTe3hetO>=T)#Gzeo9);G4IDsm$F(>W&`t;H^9^_h~ zK;$_4NTpH+25b?4&zb!r5ObZhs>yMj`jDtrb3NIfc0#i%Ql0LA4f{A|c$o_S%t1l0 zs5UBcoI)K&VlaSO4Ks&P&tXC%XeR^=P6R3W9&<3YT*i4RFkm|2^@x*t zWFuRVsFjJ24EToqV}iI(H~OW2-)cG?kfz)YJ;0cql3o&^lGd zCQEo&s3CHBDq|p4!7yhc&H%^}1hHE}7~!EE;TReF4}d_y8h=2%1x7Z3ux|SDV&&iGlDbRh~Piq2TXM@Q^O}7LSLk7*_#UT@0@{I zzTN(w-x-5o0u2m~R{Al1G%47zEgy9Dub%;=6IP8I!red6kbJ#AS+e0wj}J&K-k&-1 zwDErzYv>9==76dJ%%!vJdIhGe7K#*U8{AdomxIJ!JvT(T}%Rj;blHPSth zIMPRv@e^G)>|}X1H}fugsn_+itlm49zcTG)b*@vuVW);h&pRK9^`mQ9$aFBjWX3r9 zJ}+)Gn;WPFblu$D^=&su96AsVl0-x+Yo*%(^C|Qde$j_A=0{pG7AWOm>V4avK%!or% zPt$I&&f2ObpRHI#LBKvE1Jy*VEQ~s^mF`J_VhXV zIeg&wqwnL#rk4%B<2raQ+6%U(#vkj4HT#(~IdA`E%Y!q=;MdLS9n6m#vWkWN206;} z*o9^FORz_)St8;^=!`P8uELe~H9ZIXb?5EOm^sxsf8@;7>CK<(ytuB(-;UACkGnj% zpTM6z(>b~5)+&CDfJ^YA4k67QB;a1bh?X_>WlH1c{^d_Qzccj$nTw@~$pcb?&=qOu z*V|@8kY$__Vm2M{K-9(t@{HC%PII~qybD}8lOviK`USLatz#A1oI}U1einz%?^?7! zycaL?Ydz3uV?U$i6z~7X7Z+;)!Kf42aep)oUeXxjUIYWpA`b_8+fpk&H z4F(AGwRrufQAvKbj*oHW{>b^MqSM=N9e;YJ6uFaM+-DyqI+=*^p?v#aMtDjq83tkh zxKgtoDS}4#bMgoLulylAjN_f_4)N@0+s1h#Kl8ea83wfbphP(FmF|Zu0w2jpGFzHU z_N47(FF$eW5c_^*(RR$5pz7J18M|S+yY^S?5QNYFAncubg<*m=-DTrhwr$(CZQHhO z+qP}nwryMU?wy(BOXgtu2XvQ6AZu^jM_HS3oU$haYwJaw$^({1BO{&KZe4+d28>=Ya+aI#@g%Qimmg+5uIo$eTO>p7b(!Skq;gCcC4WZ!XC3Itxr7BWDk zGaq8338ES4OxPS||M48xL+S*>N7>7f2D2<(Ow+Y@1^e=HV!`;`o~3OwmpOac?}Gei z*D91I=0*ew3^|XL9exj66+lH{&Hbld)exS>eC`FVRSsMHWWHG!okORLb zCwjCHZF8c}&W@uK9rkm0^t|K#+q*{wE>}!AFwiO7$XZcEk1y|UY&W3U--S&xn*B)d zeCOMHjk@H^+LM{x=}XUvHOGfvvM$$QlwYp~>Zu~)3I?`A7!8GdIqE%@{^7C(-bH78 zO#B?!gf1Lr^@Z3hs_ZMZ_k=Xqy+FBeJ2#e8CHJ#p=*?@#bKaD;m;L>A;mm$_0o#9Y zVSR7wKsGvJ#$Fi+PB57n?_!4a8@DES&_vVK=l30${)7h{q;zdNjG$U!-bBOzBA2Id zEgCITz7(5&0V@7oGJTmA4*X1if@1-USf#Uuwr^=2&4oyG44YSDH#BhPaz4A$sNfG*3oHZas!bn6`jnd9q?5>5n zE^60X(@>Imn6$Lq$Z=0ItVYmzY_I|*1*3x*6PMVIc_f|J#n zv!B_M2UrzaE4(0qmy7b58npCi0oWNadRBPANC=#Vi492?H!4^36Ci?~wPYb47Y$c6 zrJK2~s**6y++|GfT;7XTS+O~p&|&h)mVX@ISwVwXJ)HxgjX4I;I=>VqxtHnk{0d*_ z=J`{FLp3U1+$5NhfV6ZizZ5C$#NAZry8tc4@7H$h&18|@JodHvm0#7IZ(t1(t(*+#-)2Eb zTJ47*F-8Tr1|MOvXKX4CG6OFXs2xyr7vfu$y4Ne7n3U$_N#l7UEB4eZs^t;)InTLv+>o!pWH#^( z7_AK?_Ef`Ihif;8`c_#ZeubK6W)4g8&DD(LvlO<0CT$6>{x4tMjiMtx+OZgE>MY~( zjU;&5DVroOxzm4Yf9JfOBbt$qKm(eC;>dK6ANz=mncWx)3L$Y8`I(4p^oyv4R3!qs znF`l4Na`;(v(zDI*feqEmrks-=^lc zhT;k2)M4a|z&O(jxn?O5#rsp7b92nkuf5BPqSkqfWJn$?n=ayR6j$jo6izM7i;2QZ z%wjT)rvSNRaMFP%H2kR&=h~*e>Jt5)Ro}WTEk5Nc#AJw-nM?N}V@;+c4V65$8(gA;#~iKC)9|HVOgWom zB87Ju4^;KmQ;QE3VL`IQsfz2Gih+2;ykv7;aav1{9Sfn-kqo;luP5u*Ax#xbP%X=A z%DHzwLJQILl{#_uX^pY#_(v%0N<=tQZ;h+UPk`UgRvO70;X zPKcR6c=E!o_|ow|j}Vm0p039I;@HmN!X61`orB!bt*Rx_9yC;$WhbIth5cgg3z6CH zlwaKmbS<{xJ@OPZgebRdg(+ve|KR3$zB429Aj67vr5^ULDS)>CDJVFdT9V@jEPOj( zzpL>6CUEhSSw^;4AqDkXF69ETgW7?$V+&w_J0uTZTP-Gp)gbq zxhSlw~Q(IxYQPs3AbI-bEVmIHNxgG?J5!;5#bW$WZ>y^T%!8xPO=H+I0 zql+1sYoF_!&Py=LnILe|M(_P?l%n&PUZ*^HmXo3htbEDL-?0!1k9?*TqjVR=BZM}D zSs79KQn<%DwCirT1DA`Q6B(vFnJJp)nP~*1Dz7f)LXwjwq>QCYUP5fp@ftvUbLvZq zo4~~MKpablY3yH9I*j5b?C>N$GC3GY9E9p2SL3x!H=HV3z7g$@Iu# zn>qXUEc%gyuoaBK%3d-tc$jGGNVdpZd{;`6KjLNDxM zK9R7rmopHuq}MqU_S{4HqX+yGG;pF;^swQzed<2H#Qc0cKR;9!HSpo?&dkAuM*-v4 zh_2%;x9}097w|hU5kxc1*88Yi)*Qi`J~!XR;@Jc0*$C@s#u|T?h5uhB`4$)32lyza z)iR3shw3-Rp7v(DmNr*+(U;JLh&|J97*xy%;$`#f=U#s~1ZghtoOumjLZBm}I~ zzt>K~GMWyXyL1E9)#8fuMIa$QKh}uT(*yY#7T4?R{ta~=muG9#-6WOr@S%pht5bFl z`)&11x@+Et%g6qEdO_6h*9+UTCiUET9i)3V_=$D1ir2^I`~GM(n%io>3;B9@;OxDD z;kgdP(~jD?>+f51^Lai|N+sR7pzHH-si%k2LwxQL)jOQxu;vELV;kmMxIR?Yl>7qXby|7Rgf+Qin(*_;8Nk%9Gp2OJG4dHaNK+{(=YqfigS#rif>@_aY=`WdS_k!2z(q{bRE7V#4xLQ2J*lC*SZ2 znZoh#Elw@0Amt6g#<{ovcm9(lem|HgDsON~I>H#)Zf zmIG}0l6wf$xN5>WmK>4AQCumP}`w)}Q}wm##Cw95Q2vNY7$xjNH1KGr!kfUB)> z`~grbL`>c6+(i8|l1}gnGlH_7x_UCoGHQY{KDZ9_DzX5JN0tFh?@)fbc-f%iYofZa znzCw!@-Q`i+db@>l9Nh;n~I3$Cw5>DXa(Q3OkthD?Hd{!9~+;5{A&U7+d^Qc@&GbRW(%|M1^CGCY6)Z}H*v{rC7#{-XY^uLGpEqTT{H<+s!z4essk zjr`Y2zW@3NvhD!{tG+uL1JnO``nXG4_zKqGhbW#?}TPb){7Wz{27p^FR9`*!TM>&)oRsit}5ayi7D*m&Aw;{Un> zEdc(mqcb^sn*aqe|HE|_Ql(XmdZTOon>+fYOZxLu`W>74yUPFDi!SED#{MlS`-!^$ zD`InMcDesxJMwYl+1_j8pZM@W%l@TP0e@e+qy(g~;lci^Q=Q$p_Q4v?uHGZdjEG6f zNO_{`sL5)sVVhT6S=|{tt*iKus(mrr!?w=xubj1Q^|MWPqf%Y{EArA~g#LQd8ou#i z{wo3My_^3VO>u0rZ~bnvzSiCbVEQ*c4Sw)by@!C-A9v$JMH8_5hiM7`-IUby)djiV zGYa6J!USdX86M9t)}?{?D!J^=Xb}=*6R)$2w)TN%^ScDK_9qzoCaA-cy%Ugn z3ioFm~ws{}} zkAV$A{OMZO>YD=1==mrMyTBYIkNwLd*zDO_o2IBoX=8h+0<3`vzbdFUADp| z=l1B@G_R)&F~-2wnL4tUaHZB(uuNEw-GTR+$u6D?cJTQue41V7RNV?P;8`&lsYW_V6jmM)S z$4JuxI&d@@4LOevnE$ws+=hFI-OtY!>NHNQoq>IZGxyGk4W(L=tJaWPxQ)G!qk^gRh z2>){ITtjS`e8i9u}1x)IsV-!P!J|se=_+5A@ z+TjH>$0p1>Y300{`m*A&tLR(X)lfrJ)?Kag5gh-P!mQ<`L8EXCV*T?k7U#OMJ20qg zx(J}#*m;l{plFqdzONP5I_vmL)|Yb6=1kWPcBDN~925p>a8Fgj)Iy3yG`L%XxU5yxljAVhQalFn0{I)E2L76_f08pd1IM{_cw z$U{dC$TLUIwt=itzHUl3<({>(P7??uWctUnn7cEGN&BB~K)vKeFL)zxcuuBPIYpbR z2nFFlyN}$kmYzZMe*{mPUNuyniH;+Xd<5V!1GoBeE;#fNWh^}T6+1fF6dw@40dGky zE+z0VL{)RVmF@`|5I&MRYY@sU??3SoPuosJiVq*VBm&0Smutt7|0abJP9A032+D|+ zAg{sE6VrN4T4=^R;#{Rac{zYdXx6wR`JT*PzM9yVNHBsNt?wpC2uXO^E=L7$xz#Ay zJqt!gu_}+#td-gKioHGHEEp=07C^qT+c6ert}vuh^}`*D>{i!&@C4Vz{_7-wz~&WJ zuqNh^x|j zpjSI;X>Ry?i~npqpZrJNTayuu?zRoP1YmK{=Z^8-Jgru_uOX1l3Ii`%3?(EB38cqS zb#i<(s^vmVE(BqZa9Q1kcX>gJ?Op*Oi2_*4ty&%qOoP8*EKv!iW?hoSF9N;ex+SC$Fi7EN;BpF0|9?45&Cu77HwUPd)fn2HXL&Z)X z=%lhMg?mV7lSdAeTGUg7OKmYRwElWWKLwI}SMG-@p8xh9M`~Oi?zUB@EsL^tfmyOJ&Z$IfDi>%sAt;=3x&;;wG#FiRN4K~7crBw@&kIvkwE zJL{Xp)T-(_f7-_lmn5R?RZP?GNu1MKWGwrh6Hd_($wkfmqz}0%a<@43a&z#`O)H@< zEi3uetb3ZIOsS~a@_DWbhk8JY5qhROAu%WdQpNv#PycppsgSN#t@B=TLA-yapLcm# zjy+S=nLM)@CooQiSh%WhPsW(m^bN4JIx7cP+sF(mF^EU7j%TN!$aP?;HmppFlQ^_K z1*igwJP}7P4ptLfq_@*4p7RvHKj6zP(W%FSlW{}&4_pqUK9C+1(}q^1K|D2 zbdaY_KTRXt)eL5}&lDwF_5)d;e55GG1L3KPaTOl3>8+OxqWxM3KQ1 z&57%0?JCYKmF#o)X!xDkYa1G_N~5Zye3!OYs8i*G7YwEMgJqwAePTNF^L4kD zy&KqcU3^&sSM3--+*jE&T_0|lZZCPF|$ zagVU%HVWb`6lbPuG#r@T>x{~&XKdgYJ~_W&Mu#bOiLn{MA82T#iw%l$_DqhHq)3@8 zi(&6Yf%Y( z#_px?Hl$vaVzMU9v@lfEYq!acDhd0xC;U*=`v4}0>xvzY_oaNt)KfeQVTV>4b;FjS zG}dRTB0pUboU_Xv0q4O=4y2_3OJ}N21l(63%!_Vymk&ZvOe?-gMMSAf!{LNt(HQh{ zObA`xc!$GJ^_&xI4ZjGj*UV|bUHgxyc^lqnoWNdG#fl=T1}rCI=}2;P zug1*PZ4|R7R>JUlD|hjo9=io3U#{P{RuQI!Z$ZxOBC^CVybPY%s35D6Qm|p|n!M{2oB&gYsw64lIRzqGI>8x12+HMu;1%;2_NkQJ zn^Cn?biFu1RBtAdBJfMt0`2h~@N6?Zs$16=KK+&_(yjZvb%d?K|De_y|3n@)kr?>0 zIle0|1zz0l#l+-G1Z zgl2dRb;Ic>%CX`+xk$Ji_8>1f*svT!$g8tPF&sj~*7?MGL~d=5Hws1^Sgtd-7Lx#) z_m<@t$qfE*oEHwstH&|Cq+*er+ zRGil)9d9Ts*Ql8vS}h9G2{9Gi^-fo+xR+p%Q1N?AE2se064@Ugrm0Nr|GWb)!!i^j zMC@eeA*FUP7D_reB;tX9T}8pVuIB#Z%Q&~hx6?Po$Og z+oOy=bEbRb%~(o7F%=c&VA19A+9DJcdyBfT8;zA!m4O-Z8ip}auY~QnsrQ|l2@~{o zhv2xyuV}6jfiJ1QM7FPbw1{@mnNl8K%<*;X?I{Y$2_4fzDf;)!+g$k=JpVj)?Xj6w zGNEF+_LWCQ#!#04Sksp^bkYijZI2i|V%%>$j7sASt2Qy<9O31)j= z$5JN@!o50`Fhon{O|;gljWm~O9&!v&BLivj_w-5AH!KDfOfIrNgwj4t+=6|d0Y zoC&jK^KGr{Td+s^3l;rF4W4M(X;@Ic#%1NJJmpmVu;TC$9o;oNw7r_H!-wAOQ~w#W z3r7>NXC4;X1|*`EgJj4OngmqVtkuTjHP}UB(A7ONQf^%c14_PZEI2>cjzLHvAZCz5 zNJwv<Sn4KY zA|qzym@9$a6>P?RHlTVAW#a;4Tho!)%W-X+_A^gX7c-U(vm+*egR|iEJ!mK^KpU4y z4Lvop+-c|FG!$~xQI+WsU6@&L0Hk{oUiVhw^uA%XV$v&Q(=?LBo;23m|KY_x?(#(p zO|Ul*rPZ{v*I4>gn%rLDmhE#MR}PWHkcHkj#WZsBix|>*oiX54#L2E>tZQgd7W^tS z#GEM^ScthqV9=0q^IF-h`hG$)NO%&qwl_2e;FYO=Jpe@ws|B6|l@mHXh&9}hY~eID zgol>qyFzYBPUQ3=4*gRcg^ORLehdo!2~QV8Hm9*x+@DUaMq4hxY_wbZfOMQ{j3Q)4 zT8C*F!Q(b6pam6~xgWb+r>2WkZj%71c+67=l(XW}*lb@Iq+!QIx3dK0U zPYAyUq_;1rzn_$uIiSCG9fV_ryO~zr7p`Q%5MG`&R-Ns`-6)}Ra>!R>$@>MH7UpDbI?0BcqM8TN0`ZWRzBHwDo+qfO+m9Np} zukjq0Ew=L0x}M7G3!{9Y3nOv!4>4hPgLq2)P(a>~280Q2+uJ*Y$I1(+vV!6fBileJwTb z3%YOmPv1=+>r1sv4NeTrCe=)ls{ZGzMuM&RlVc|S0%bT;IV9|wKli%hu)p{O>luo_ ziDv?1{p$PZ8p;{xc_{f{Tw|{T93D)X)PE?g(an*Bq4cyW`SeK6WRI=e`RIWF!Mumu zO7ei^AGK!q`b3a>dz~m!`^|%Ik8AxU&lrO^ub zvuOI$3L}~VnP^@&dws1B2Bq!>s$yEwcX-R9^S2|uTt zF`uc;&#d~v!69p;{Z+pt$SH8qvs{@K9ubvB5}Fa92{N8W4Y7Hu3zQ>g;s@KCX}Z(t z;==wSZQ}%tR-O5sUEV{)Phf0&ODXj7b@9FarW=_b?fQ(T z68nOFm*rn0mEGvtepl_%Nh;r`$D(2*CZ?>~D+1Bdydw+ML@iNx?2uQ? zPI12CxB5wWtVuiV*ok3O4dOTnx5U_=RtTpl;$^ZH4EM-g2=E!N9ZW#Z#?J=oYcr5(9>$*ilUrz20g#c=PNqh<;pO_2{d@1;EOZk z$$uqBX%BASAjIbWaE_>*u>j7a(o%X+{3}0;`(psePi;7G z$Fba~uPg85Y@D1%(}^tQTw7g>%XthL*6Wu)Qf&a665YSc0h0oS@584;idM3V7n-u* zskgp5F5;mSejHR!^nKb{ki-?+<^PCk<$=jYVf=K75-B6FMYmZWJnU}_96e9s1%En9 z2M(C8=2ZADWUfSV)sXa?pj3!>CGjPLTYS4ZOO>+I614@cG_p9z=I7G^oJj4}7~(?d zn7*N^D25xqou81eS($hIw)R9Yoz~8EX$cjS%PdJ^w7lP3kbPq|uGJ`OKsFY^+KWBj zXs{R5!J?Hb*ajMLR_abIdh~vH&Y(EyB&^ji8u*mp9W|b>cSN`x(?0^+Ykj>SUn>Fo z|NZy-;Rk)|EeQdwC-hfxH%lLmQA>V$_8lq7FAPk&>Om{tWEf zGl15yLK!wn;svQie?6Ij`jB7^DvMQkVW92UIdQmgagYMlfOO#ww^QGeF6V^Xw4{V` z5m<0&3})EjxMNJzsha2ppNbCtmfFn;>y3q$?7$h{Vv(qwHh#PMlsVdOg6JHcL4ME$ zw%eEG&_qLO^R^__j%?eo>2FaG?PO-!b^YrTfL-^2={cU?xKkVp@kH$PNSPF1fNvAT zU@d-Pvay+O9t6A7gYW#}zXEuHW&PeVZuTl?f6WlzdB}G^i`KU#xNh>fIx+$RO;z+{ zn5fLh;vc5*G2F`eN%B{4ip0)ZXr7SYM}@QGmsMX$<8v5gAMjx*x2gmQWv3}T>oJtD9hO8~q}GZJGfsCt zrbEj~bKWo~h;&wiGTV!XW7a}Se*5D~L?`0!i*Ws%el|dU13m{)%mnHo{u%95cCh4e z81D0vLL}lQ45IO;g5!`C$83XU>U$=}QWKGX2-4x{ zb)t=5x;;{c1@>3eCf_6~4hd_@_k+;#Q?cJr1e?%CM+Qb$0oS~))qzz62IA6T+Hjy* zqd-9-b;c5Ruv@s5#|VLKF8Lid&AK)fWq&*=j_gPQ^k2@oq0N-a%m%4O6d z5$c1=5C5ML(I0RZe*x}Wx1dBaRmdg?qN#_nzvnW@=W_9Y^d&HkQdTHgnBcQOMU_z* zh~k3Sj}>S08hogp1{W!~VqcSdrjVu%fx!cbf8|l6-a3oYl7gGKGXrl9$mQqAXUDfW zlLtcrKkaVmuQYY}K0nS&N=4u{QG0id(#Mm$6NuJf(Ap?`2Iu9{&AMIZHU{(_-)DN| zP$A_dh?j){3;S3AS$FyI39`bLpNzm?yvU?+bhM1mw*@!I?vX%3qJYqR@Fpn;Qf63c z9DQ7BG(;&3O-kSd664ry8Rm-hh5*OPs90`MF^SId7XML&h7;OnlF%3(a^$LBgriDG z+?Rh|s|rx8GVs4cA`=5kBeY}Dj#LHeVoUX6ExEXyt}c2E=}$_$(vA~PWs}pVA1{Th z#*tp`3w_Gzn?lz`(9kzsscf=FeAP0ClVpELNT`wCdupDosP0gkhqZfzM!CfeA*(>W z7axb3$y{YQkEB{6$|QGQ&OXnD(uros{G8IveNn$BCtnMaT^OD7Z72xDZ_+#zWi&<^ zAV9Hofa17&E0A0!Bju`EY#BQPY_`dcNt4INPSJV$eIcHe}{@b!Ra0-r=+(-A=c;>7ZHlkBdJQAQ8qrC4;zJJwuJ zZADT8I6@PRQ)2TIgC1*auSVr&n>LEai|ts)2$t-R@?uQ50?#F5eqb14JAP)v-rG+@ zS@ux}SM!L?{gvG&-qC{1v-utNEf6$@5j~T=7Zp-US?uQwgguI>bc>F!wUOt$uz_qN z!#GBVj$dfOQY7CaVW+L7x3_dZ3zQls*qsv5qUBMj;RhUJx&DrMX7X>AB?jog9KbdjsQO#<lSBn}ICNV6RAv)E9xEF=kAxcvFuI+Jr1Bg={V8X;KO}z_WC-V8 z-KFE-a!ipk8&1i2XJ(q6em?pL+3Y0Oj~vGuHyE2-^D#Z{U){KIkhNLVh$TYRFA@=0!xEGWY!!w-FV;X6$wu=M(BhE+Ih+E5l2O}gO4uxyJm4%-7g4&RHR>;t-~#H9>_;G zlqlhafQ?R#X?3z!dnvty6HBNJNPV}VA;zo*33axy&ZOriTKEb*sVg2%g9XELu6A1h zGz!sK8o?CL>QVc}6a|pc9Xy{N75Rpbabs}@s+0X4i-BVy`4@#%ek2oPUp$nG0k_oD02Ia~#PTK`WgFamY{i`- zPh8-K_s8(R-TfR1F}bEd7!!2iRT(N*A@jK5LQR4HIayO915GP&S>=*R>{LD(y%S|! zu@EX(cCIli^7jj^)(Umh&_kAp(eT0Fxn0&izW($(3<&D+et%mM_NV{7N4)glDycho z`bzZB<6=_SHF*P}=cwjOB zoy3fDtG7A7(|RbFMM&}d#8SJN_PZPkw94W!rkpN^MB*bVgX5ckEuSp@sKEOZmn@Ux z*Q@EPtDzH9W#i{haH<5}8o1S}u8F|7((YelHya+IC~RV=EwEib1VOLn6_p`LEBl|ErfZe-UX=pms0&K$8qq0H zha?l0@3@G_vqfh+T((V}NEyF5h=RWEg{+12tK%B5C?Vg#mHDQtFY1%YY)aj95Uk>j zzeZeSc7d51nNV9=mBm{|sCNChUV*hO5s4XlD>gn!F7PPLT))y&2GcI2%&7*QyrtcB z4GEQQ5KOlwJ~}JeYA<@;5(N~deYMThJvYQ$3_f$9*tXKSH<_q>O?jU3JQeB81kV>L ze<<9&5=c{96OBW`KfA-zmzgb5a<&Hshh?B`{ME901#RLbRkTqQ16Rm((z~>xnl@9; zQNG5%d0yO)0b2*utW}w!Fx#JWw%L}mDCaQA$UIngp-h}3N#R>NMD@0g*Yn)DIm^!X zg7(z}l=-8?h_Y@kst7!%j}e1luZL~dl9Hbe@{P3<0m>3q&&3a|3le~fYN;T1h2xlK zg-0YLvW{jgM*#<3!g@!YM=Nc@_*=b5uxG zUI8ET#L=5aaU@1~R&j+&>(sBU1(sh_S|dZV9TuRmwuJgbeKF5GoZ8epVSU<N*ThDnt!gq}jZu$DYJC*rv|l zWzK7}+A{M^>MFga`+k$Juhljlh0}A?N-bFmPAu)dFZWX>VqbN5wLRWpH7ct&u&99I zC!)S0{L#Y~D22q3yfZYy>EMVSLMq7&_;587zUG)la4qr(fq|a_I3ak*n-O>D2QD_! z=(VhVn|G{$7~=3M_jN4VTeoAijyEpwu!qbAjXL$wD#&5JQZ&zqy8>q3=v9nWB>@FB2F37Do^_6Te^L+BcE%l8ZU-9RoHy)$uYHe1+ z%)@P~cLpxhoRNu;>++f!F}=3GnmL#_-Q+pViyjRSiI*wRd1j9omKMRzp0TJQYVVYF zt>#0fJ-G2y!hjlvQz{2@N6`gfIC!toXp5hBi}#(=l`9}LfL00><x$nh-*P8lWGbLSiO zhhre_TPcdqEBi$4@;FHerlk~T>Z^RbJqUD8u#N<<%cY1$2cQ)7j3%&$x-lHBB%#=0F!E0U5BZ9MWX)0Ne5_|FY8hA$Q~`5D{{lPU-BNFtEJP{g={9{pAfx zR_m4u?s-y!@k)YlB93y#KDA zn$zE}2KHaL+rXu6XT|o(Frpd=qc3W?ehS}7(2DJO0G}a{%79n#eFr|BH0U9={pWQ^ zWb}NKG)eF?VWqZP3O1VBj?VJ`f7)fst$LAw+AWB8oBVF`yJeuRDiIPDG^nk zPH=pg8;VS#VO~Tk4rqfk{Sz=eLY=S-Auv`his!5(B)RJGcE`Z?F}&F8#nEcA(-UeB z2)oF$T4Si+1+B}B*M$~Wum@Po%F+Xau9OzoungSX##8>Q;>x?4dcePZq!IzbYGCy% ze|SB$!lko9wCl{iVKlhyP814O-@Y$F~A%%l( z;!hG7=IjCO#7TRe9t!sF=T()1@B~>@?Hj@j*ntl8v+?l8xL>7c0+Yr{?%;Tm6Pq^JlmuV z7UQOxTsv1+RiYnXwkh+0L{JMtGE1!`{7f~)K%EArW_9RO<@nhx=$$;0p}f!0-k3^=eOrWt&Nks$lL zM3ix&Yxk}f&d67go(#|hJ7{T`N|N^Apqa7_3}7K!MiSx4g0xAEL3xr4;2oVCZ}_sm^w2#xVD zqi>|u_NYxjFXA+4nIE~;Bj1{4z$Mhy{`^9rf;rXkLJGdhfad+uEeA8K|L8svQb zJnnH+Z=UQ;*#y`BrZp<0Y9o+n{g_KcP{~==hzQ6S(F8!*%2lbC@Ea@o23-Hq{cNI8 z-gg1!nrKJWgv5R2$gDL=*K&7^ZY)1T%(e&C}*qv+gt&D9o7;KHQPc? zl^i&mL16k%VKFt{rY~=70ppN0Wf$1AC~~W9u}gWIv9NT}bXu&<>6KdItrqVF%b@QL zeHC`{Cm%Ap74>xm&hEL14i3tv1`B_RkAUvpr(+W><@l;)nGA*_uKT48bgFRFi@KBN zSUjHk8=9XN0S49t5D>0P^z`Ai33&pv?J-s^s>~);MFSeyF<8(zYS`fi$&*3cB+gVA zttN?@pA&Y06`>wbO;>JsOl6oEc$cJAMjdkM@X)BhZZmkwZ+rlAloq`z>XdLQWx^4W zN;%54rYa26Bag*0PG?r0OW3v)yQ3~#-#$9PWF;Sog%Hk5U9~Tg)R{mst@vrvGL@u6@Sk17cdS=OD=sCG(yeSCY2wgY;Ft0QW5na&qLh{W))RL&dP2)t z1+7JV@J$qeY~jxvR@~vcFJ*d<#z6ohn}jAuQuu}*OO2$s*Q^uwnuEd~+sFP(7**Xp zzk8nSceYrou0BLm(a!b8O?Fiy=25Jz$2sO+iKGKfl$?u%!x1|; zqvMgGCcb>?aaf;icg3$0eF2hA6Hz(nI19@%{Ny-}v}`cYj0HYi8{yoI-Lh^0PM>Pr_5YQGM)4SUh;vK?g>0S&Y2Gjq~DDzyKrpA%$<#s4BVowA1VzMW;vR4vR3@$wI--0<6?% z2fkTSO-rKz-)#wY)_|$mjR-6ZP?=fmE@TpQ^k)92Qv0}>Lf--TD4Llz7ly6f*xa*Y zHVw_@PSl!LQT)H(?;fSHI(xLTIb`JhCEQ%@U?4-k9);UTPji!Qd zoffb)PKnusE(1Muqjl8?%*5Kc`7upBsJ59}TW-(Ml4JCzmY$YvS7lC;p=2gvym6Gx znPkrO?&D1XH-6@QuzJO=*OCO!Usym@TnMT~vrN$`ew`HR^fmr|^Pgqf=|eLJDG&}#b#Nl zH!u~HuK|M?JHm&}p&RMPigB!78MArbhOLVvnFqUURYUD1c#9I9-1~*{MRQI>Z*|X4 z=g&;2;TYUXUGuT)y^;*e8IO_w#n?Fni=qTu_Sm*<+qP}nwr$(CZ5#L4wr#85AN)Z_ z^q_}1ugIv%%Dq-Eo186U*}1mn6Z(e%yd*3sxb(pJP-s$Y_o_mTsS(~hzgXgb`dE^b zf6HFlGfPmSqjjUzW08x=wz1)t)lez&TpRj?&c-AMlkH|nEs1kHq##Js_2l0yS%|l7 zQpW1+OmKtRA_8W4mwF!vw22vKn#kaM;;_gZBB1<73cV;n0ppW=|GgjjpAvCMpUI%( z=22RZ&nU|j&xGDHKwDcDBNkMORHNVsiX(+>zn2#;eejMsktu=l43T3KWQ7Ugp4oCi zP74H}&1V2HqI%67nd(&pm@48Bs$xZuq=kkGNaa#Z*}s1Fy7`|UR!Q1%hqHa$F0D#* z%{-_`-yGM19tq#(`yPx3vISG6@@yL~j|giXZQFZg&TOy!lEr^=nbx-Na_>PG+n$1d zxp?xh^0fZdl<^e*=)TfoEXh}kF;Al##f~dRvkAUVsLR0N%U8o9nWQVc z^1gT*2tM`Y4as;S61$7vu59P`>r#q4$fEAVHnjR)5@F=~^tNQ+Fg}Ys%o?c)Po)~| zATVr@hnqPVlV(G8=I=vHpR2>;4^_6-@qhW?6A8cVtlL7Rs5B2{%EQ&OXd$Hd01iB) zv2QHi?`2~Dvaw~3r{mlfA=`4kHC!4p&eSzuFe|yI-v?@VqbGedX+q0$f{_wrzv8S> zsvZL}`)RGpbJ2bvDf?XHTyO~GbGdzHf1+dK7zN!?m#dumCFhjbP1J(hWNCWr6x20k z{SpB)^3mgsF88dgH)|t1W&4PFxDyk+cJ{pb1$xGweA5*APpt#bl!&r%%0yx!5YX!Bb{WQ?rseZ}%k_A{+pOdtxSf$V_U z*GxdI02ZvkwMya9qlNQ%e&JPXGHV#$oDE)p*N1uuZay&u3V^}vi6o*tIue3f%;t3R zT&)J-%cI#-aRi^H@;woZzjra)oODwmBNVUdCSEzZfy=W!wm-R%A!S#}BPhxT z?*=2Ndv-rn>s-9H(#-hAO>Pud~Qm-+4mR*_ZeffofFIBK-S>V`88+@p>wd31ZI z!ya|j_-b~N6T-K$6cqx*?D@L7!TMR2HBZjo18KA6Ehn^@-cX>;q$wLe*_0`(kuu}J zpDdIdgagMwGvMInc|}R!GOpo(I+Q!l4TdIL`ybdQ%HXulsmH!ve3L^tul!h0#;GHc z*Ye8{;tsgVx6uLn zZ!HD)&!%foPQ4s$^U16PG)gvY-UMzjgrF5Q-wYh&FMix{_hHic&RfU&MiqdmQ%>w$ zES=j#l4#qgEsu^5iXo>qJd<6CF(7)KUn-YqN}v%q^B)_WwE5#Ss27*|8!}IdCn#vA zq~y1mNIW-h%az)m4>9M`bf;TTI$6e>z{ejS=u}%EcW8t)+B!jatD0;Dm(t1#-9F=2 zQlSWIyLVQ6ocz?5f?gxBVWgj3FmjGbh99|Kf;x--O(|C8v*`AzqCGNfc49$o* zpuAj_*s%`-s@)-5?jL+&g`xE38l??`Z6T#F{_yo)M;}4`D66Q>Cz({*GWo%`>-ms` zUjYJbRicgqmiwZ3ZZ7Fy!5r-hBEV25(G-Qjz{B zf!<@L8#$&s#LB_#jbdF8o;F%%2D1OGrzU#4njvvREB_`kyidU3K6V|_kBc<%6r4z{ zv!IM9&C18M{{l*(xZ{8IHCZmB{{~rJTuLI@hv&Sa^pLU9mK5S0+lkN7@A`>sMQr@e zjEH?w=P>oyH;EL;s`tt|Ytj_C1={h@;sLc}LzS%{`UzR*8h9{6^mX%IFuj3ElL)Rn zC&;R6(xc4m+8Hal;pd0*_wdnImnTxy&>IyJNFHI;NR7jzFq7A*)Z$P9O>U*B>rtg3 zR&O?;14XylGH1d|_$%kNmx5veMr|iX65)o%KPiR_G8b-2Q0Vo%k!z zO69n;NVjQpxDC75&rhTkrJ-1Rz=W(R2DwZ(f}Cph?G5lB1<&vZu|1Nnr+6}=f1>FI zkvC1Cuva~IA?W7l1j>jtqbTALEo9{_5;z^`39a*+;G#@qkMQJRE|!;{+w+=f#E#jT z6#NQkD?I73#}x`uJe#TLPQcFq>8Er1TI12^Lcsx<?q*o2*K!b=rl#{>l{iz*+b@>BTP9(}qg)RZw zR@|mEwK{|}$!p{xbmxS#Ax-B>PW=zi>XrM1cnm)bEi_Ci|8b+`MYamFhRub1-(rH; z57LlF(ys>sCrnjn1q~Ha8H13S0{Rp(L4}RcQW4E%j@Hg5?&7jTJtUC@k3gp&tkWaM zMnCTBH}!DbIRCNqYkgS`XD7_#$r6>1Md`Zr{Q@?sOoBf%MmMsP`Z>|)_B&-AmKs-d zDbl*ofWU<35J_%No!eC?l%OSFqnM=%KiUt|Hg!fqJfZU;=sv_x#9k_#s*@7~+I=k3 zRz6P$rKZH4z^#)U-ffmu#RZo;5(Mp-jsT97@?RH4xBL-N z=7F(iEq?W6f3r^yg995c_w=44y&FgKJOKCe zG-;sS7%mB?i4x?TMv^SaHlYBa9DEn`$vMS=o91(j`Os%v5 zPF|)9MjV86ivuH~q7MR1_g@lkIlb~JPD8%iL)5FtZ76Q*-B5jUka+1uw`CGl_E7X} zA{2F_=Gi4nuBN$qXj|rDPKg&>JKSW6Sd z4o2^wC3|aFA4Qd4VrnAUVCviLske-e+GK~0=%z!pqV*6@D`9+F1poFn(HACr+(qEw zL-ctWQ!FlU=W5FPIY^}&&W6E0#6=jt4waYT$t+A7Ic|~EB^y?v_SXrmqL-S{Dq6|G z3kAL}*!J6+$Fhekh^9C)GJ59c#;F_$HIA2CC(FH5BYw8nqH4V~BV-c7xlUYe+Bkb| zZTle@~S+^1jAw1S43I4NgZ2>rs1N6Qh{BiRW7Tb^YIX?=;;Wk zfp{W$rJ44n{aEP(;hN+YIi&Aqv9%^Jr527_@?z!*!W3A82?(pZAX;S$h4hwurJkhY z++d*MPa`JjCU{a$lLGx=@i01+blDG>WJ2lZBP=?W;1D8k{R6Te!$Z5GE9u8}0h_|= zeHE1j-H1Ol$8f5CSgd5!psr^u?KxP5eHA-xmu^xKQlsFzT90C;)2?|${%xjve%;Nnrlm=H0Ltjqh)D7tZ&Vm;^ZY%>eBAw-+2dg)W`!p z>6P@(fMN4+$oF{CXb6%Ffav>zv4})fR*Z({ewWk*jF7AA;k54)+^shn$UcK9@ zYBiJ+nIQ}P-pP!cBG-;II7;knX+qqyFV9K~CiX6N6>`4Q#O#5|0}A?c(qHQZi5 zqDuRhW0VpVfB38hFJnqkq~yj$*>6OYHX}mf_}6}qy1TMOl;eYsvC2-U#$bCYi$wl) zf****Br95*JN%N{BOx9QLdz*xb%gBJa>wT4K%;nKNNi#<&ycU@`N+XEz5qbiG#r|n z`2jyCYyb6Hmy9s_HOC4vi>OAUBY9BIbwT8PYI|W~|2BL8{@wwO;hU}qUmG#G0&VCh zG{|y<9im)av#&caM=ByM;Z`|}D~MD*2SQHLpF@sG^wQDI=CH87}X-qVVXJoq@hgn2<}yfa1Uip9JIpNanlfVtPoWXfZfU5&;+qPAg4B9GQ>=wSq&KwDt?pcLlIC8E{pW;nqUr zS9lYF%ZF*^RJgTvbiP7RK-Pb{2{TBigUOHK6W&?{|4KLYMG6lYEoLDVys6%I<(Ucz zzd6NMttGUJu&b*pw5XdQsY6rpmK_)YnklV zT7Rlt1tV&bSkw#^uGy0k1D1%aN4&+8Pf@B zg3qLKul#wX_JCz_{%rHH!~dQ#ET?Nt{%e6praP!Mrt$;6f{^pYxhX5GqmF>npy+6p z57U&kSCR@NOpw)a`nkT~*cPuxSZ03W$b(7H*iJXf8eoP^B$D?B!%$f5p<; z&o31U&+a_4ZhjP}NLYFxe;r66yx-B4cdCmVf$M~FT883W*~-Q_0KGU z#M>yXp@rR@qKpBm;z~!#i9!(Sb2oWanLkOM%&7XjfA;Puh6_5$d4^G%=Rg(rd?eFzQV=udSeA^M|E4&f#jma#8WQiH-xgV!ns3^luLmUA zcLBQjG7?^O_ z?Rnr$$|2|q0zHtaS91?QL!SdAQ95~8f$=FE86S9r1>FrZmpT8V{bcE6XHOgLhfejv z;O&#iiQ}E0HtGiDaCBV2KY^mlz~Kg6$}i<>P#Ak%RGOsx?Mt~PH%iRk zwwaR`x7$S}g~`xai1b?-{qeo+kbHq|+jrY)Fb8y2>>Lo5w-1#SORYurG0y5{3r2hUFRLPb8(QKV}Jku;%xl~ z&LXfkvV!8_`CpV4BLO1^6Vv}zOazQf3@pt5TmE01EoMee*8fk=R&4wKaJH6caYzIl z+%dOzXhGcD_nBbeg1d!-K-}Hkp>J=ocsja~2_{Y^-twOO{`6h#Wml$~yVT!qcfDWo zFr}18RmBXE8yF>kY_3Ko{*4TQBc!S)p8_^CG%zYM__hpWB{CC z1~eIHBM|qHQf$cW4i3%iT-sv#`;W8*xCo@->Dh_-3j+?Z6@Wt%Al3%pNlfmXFtZgU zKx`dAg<%2c{;Dh<~{|0)fsxc|GLURnOvP19ASUPz!nf>gR4)JV=F5F2f#iWSf%s?Aj*wk ztAE1D9}xq<{|+`FHS&f3;y3P>I5G4le^5+-V0~-m!@AszpH_*B{&;!248ES zV_QQgudjeN7ZxW#z#N<$!QH$+w{P|!b5qa^4S-yLF#=|2?RWpC{!GC#|AY2n_XY>x z^M)SFc+`Q%@hg6LFZ)L(z%8xrKjFV8pUhHL6_RC?i@(cvem+FR2JC_4#9ZWoiLptb z|4?kEfDZk<9)Ipwq{PwvQwAU8YMZMlF#A8%o9(ur`BA#RXaF;N!-CN7cREn}>?=V4 zEPoL?>7mJ>@2_K@e>5-r!oPngzv5|s*%N>6f=IKgtNvY&^ZLTn@Jx*kZ6AAjmjAUWL4-C|Z)9d-YH(!eaeX&vaY$(Pgvg{& z4TKet8u2;}|APqqXyf_DB?7z48=Q10GPfL*U=u#6zw{XY&hIyr#m zd;GF~1oQySWBd_V1GFFT2cV46zu*o}fN7{dK^`0cv(`U?-FA**|9R}Ccl_rx(0BZi zk5k~F+P$nl{3(3z0h>qq2`B@wpJD&%yL#n!_(0eJ8>IQ#VDeCF@6oWDW; z-3fvOYzT;c7I?5naLrY))*bc#OoB|eat)3IusWeT|82xa9Ccn(gGWH|=ro`CYNOnK zHon~$0{>*xzPB!1GP6ae{&uPVW9Pdr{cL+H8{2}>Q$7!hACGgIwefDs&D{*UZX+{W zKa-^ru4B(PvvkC`rguMEgeL{9$fELB&Bz~CV$We96p|D12_8K;Fcc4gu|k)#uScmw z%==j&ls)ixu{>mnlQ_I5EcH)`b+$I>OaUA+Vh-IuhnSRmCHpxyeiVd9@2fdLF-UVN z7sq*XXOSI{)lT4#Z9K}T5=f4cLP^%ish7M;te&HrRbugZyCC;82y+*ThEie;#4%{$b`j&jz6<7G5RkJRL1)wIeN`P&nfa>#u~bAJFtPE zoZSB34Btf^Uq2;KYaP@kHvERikPA6hb1MeC{F;fyp?<=(@-Po zC~SiTG-E;d_}KU()K5(FTM3$4T{ZWo*QUG%_!3paTbzAcGUu3Nh*wH$$WQxer@Q7V z`pRH)f2J8gh&vVwui|wUB!x5&e+nrTbExpm@6#aoq_hPqg@m(ov{nwXf+$mgzG8x( z9P%(iUf<<+;4(;|mGXxOr67$y@A<=#JTyj>fB!{tNxUCR#H`Dx*(5b z>hTF@6yglyvDd0-C?*%%s<-r}3g9L>(iH$VFw;1To-8vx5D;GVhB`{B!%mgg3eL3U z6lv+V*FuES^ZcTS&xT)UOH)v>j@SfT2{zT@^%Y?eDg;To%ZiVon_ylOXb?#ycWr$^ zhrVn}`5+L7O*KuX5t)-md0S~y^EC!<775+i#g*Ek-jz(8Tu72Ai=3r%yTLwNZ!!|W zEWmhu@$;a_^M_M)U{~)QNuxB^(8igu-t+Xtda6gKSe%uRNdY)okXd~_KEhJC5zWJ% z9$NVdm+8uuxXfpm&#dzwYwg_rJW(}NQfWk0jdfGtN=JHTKMFG(JZeW+MY*6Zp~?Gs zT~st>NvLn$?ljBKA1yl6XD%JAAUJWp9@$x}Olc@f6aXRODg-L0mk4=edMMaD@Glqu z#KQLkq}r>3{9QWB!Q>hI73xm7)r)qMzenYFsr0h86&A%)lA^3ePRtrXoH%~tiVnp;UnyEj!!>vpRhdI(Y z>~aZcA#^-8ayS3gJaVVjW7yK-k2^2;r@D{)e&R8~H|AY;NYT@>4onSvvZ*|>cHm$t zh6#!CACX^Wz~$9%sT9*<-Jlmuap{8(o_`;o$+!hw`{AT$au<(elTBMeJ4AQk87iBX zmP;#1tNW4EA0u#C_5OT^18)zc$v@}!rSX^j`#0@)LU5C0P&L7-SCbN^%Wd|4896nY zoUbJMJMDk7*??|~6NdW*1Us@1f&Xs|b0#f+Vbi)4soYRIzs#;=9_6@)x^8v0M=9~D z1#ObSX)=!yPWM&rtuH>kCPU>Fbr~N~LlqYKi^7ZK2(3O{jo&*NQiT>cp=_5%N1|)1 z7%zq1$KcBV`;XVUC76-9t6Q(5@tpe?v=9yNhNbZ2nyddXwcPyglHRhF5uAod$=RQ) zw&wGF36wr?_rpo)NC8tlzh;Qg3+ckz=(2YO1x@*4#N*gv@TYmtHwWJpDpm!ZK6+6a zn$=l@of1t3n*us58uPX<@3w7csA{~9!}qP5x63CVh9#!vXwti@2D?MX&2F3sWTe;3-uK6piNUaNXzfLC}e2#1Az*7!_n z{+e>WoaOZF);cfBtKA)P`6tQz8IrVeJ`}2$aCCNF#WV%4jL$5)#3Bikb>mDC+$|0f z`thvIe%toLgO>}V9WN?(DJ<_ma5C(Tba=mYs*3nm-=@8chiO3EjiIw8Z?14$lx0^7 zuOkywWgwxWgfL4;Epi<4w#s@bXT@MHh!ot%yUZ!oVsH=5|2*6``14k?2IQr&P4rWU z|LlPpMX9hD$Tq*kTwp!1Ypf`t{YLdc*%_({;E1M2i`V>@V(_+4*dOjCt~ys5v6i}+ zbxT1FurC|whuNew+kCFOU!yssVKc;w08jo|AV6)nDq`jIiM0S}*13HpBLY6_ zMuKd`6LHTHBwZ2Q0AFoy%@SzRYDf2%{F@my8#aQLgDi!l?w`uY{!ihMkxc7&m%uU# zrv*c1QAz{1Jz$NG*si2i(RMQE3;zaxq{gaQbOEOZ9UTR!)2%|htO+jlay+zai?9g= zsqbZT36?`|_ChU65K1WX=jKemb3C-30p?0JVeZ-E-BVQw39|?p%?)TEnR-3U=0?-6Q`Y z7cD~iGr*H$I|*nBcOH67di%`4^0-->b9bO?z-w3=DcuR@TL08R^6sD_-A=`x%c}bA}%8u9=TNsjN zDV`};)c3lyk3~=$CL;MVpIhoSL(T$&3V}AC(n@9y;ev)uVb~Bg14$nq-_*tLTVjJx zT+)#y)R|j8Tqmc$L5tNd&9qD6MHphYA&{TwxA6Y1Y`R7iTOjr^h)bEMTQ{S+*-NMF zTTb|>#ycKUVLaw?Euu#F#5OC2_k z5x#%4)F-Akt3^#{%Lyx^3{tvM>=HROqSv-V>zHmhI{3>C88X49`TcwXSNoKWv>(IT zrbV_Ph7qK>`l=^VRrx0U)2Y)Dmh~QrNR!P!3aXu<=T#I{Z9j|EnkrFP!bHyUh`H~; zY|CJ?<0w~-wYkkjx+gv!Dv2H?84%~tp2vjgX=L*Emo6AiZY&(1vNHl6Q|{R{w=uZQ zkZU{pyTzFcfWkR!0*+v6H<-P#LIx7-R~OE5?c$lfz94`F=una@>o&)gD?*fBHV?*< zgx@pc5gD!32@q{4XfuTHh_)-ajLIxhqZoUf5(|Y44i=H3VUyymI6|MbkRI4@15qUe z#(sN-1~u3&OFNB3MH;?A?D{<8i0!Xeslc90wu9gYz;Y?ONUMwJkvA@as#3}9&7`DJe$$YPWw zQYD(cez%baJkW7l;sts6Slom^1=w1D6YxSCgQ08kr%Qs{)e5@5;*+a?MYyMsx>}mW zAX!P+Pgd^wUY$C9?_VCBZKHl0#|K?%_sVwr3u}xdB&BL!xA1hGw=b549Q`(OtrLS& zK`+Tg42bGe&26RY3#o&B35A|v(+T@8T~R+y+WX~ryblI>@?E>t9VQT{m=M$049ovMF)$ez zrdgUC=PM&+gsbGy0-L2i*TR6aFqsFBFnfrTjBJUb3w87rdM9Xx3HU`mTH|)+qw#R5 zv|oQNJ>+FwOUi#_4=N8CF(2-8`&9k{urA>Ck8rRs5jk_!F3ex~bne@C|xnP*3*DuK}(eOoXG#^~}%Y~geE{lPi+^Y;~aC6ej zw6fODQ@a*;s8BYlV?6P)q>Rsj@Ky~Fo zA}_zU&GN;L?;;pg8$f1AIo0ap7k1SUy;rQt!7E|nAJPH~>4UtB1YPn+oP$#uLb3Y3%D+L9tJcV^2F39-T8*LYB*Tx z$Fec-j!*jqo%i9L-a|dT)Cqn*21o8$M+#hAFgF>G-`tm|P0UvHw!>Cp2mGb<0~MgM_Fj(C^3Xwxcni6uf~LKMtbv2+$r)s53mf zm5n|k{5+(VfORmlXg zHYUe`q)saiE1hRWUgz|K9weSi;Dk2iZ05Y$RlU5Rwq-PhcgxNJl$6Wt{B|}+=-#Q1 zNuHbgSNddY0w)#8AI&R0CvF_f4BP0ugIBJxe!` z^WU;FaP7Wtd|cp!8)nh4{-HOu`*&kg3k3Q{ zz~w&reFC4+cz*u1u$z9pvI`_P1~m?~xRF@Qe%%2lt&MX>Y7%3Ii4OoGc1+zK&I?!4 ziH98^YuM($&jr^*OagXkw@L0@?2R}{r;n7Tp})nN1Mku-1-0dB6zn8Jzc8B%{m@n{ zcJ2T?l(CUT35uqJtl7BnHRf?`I~~HmGOa6b($~!^dRVe<1EUB5*0!dKNm9MJh*g5D zlA}-@;&FF30?PN-q)p#$G_OGi6!U?n?d#eQ7G&huk5HZcU8sv5bi|9i$I7b_jVKBW zu%YwPe6|$)zg}&@L4kdTnNjiQ=B~|g(ygw^!}C3|4d)JS(oWc7ieoUF((9F8sKs7x z^vPfEQ%(mwE^5VP%eK2KcAE#uXdm3$m7a#j+rdbnxI8d*iRGsw#hAW?+lO4bS6)W= zY#cKQgf~z=O=Wm>vO60?GrtZO6An}vKPR2$fT5{nRJZ2P((-JBS13VVt}K-e69}*I z0OhvzG@A z`e&)Z?}Z5l+X&=qq(#KPOATI`a}eJ=C{2Mul2ZGAu&>}{-w~e{T+XJE+hjh@xB5p^ zQPDHXorkSWv1BhI##$uS=aIeLp2F)*v{6c#1C6M-RZdr+=P|u3)T0WeBh{Qse z?t38i?Mn9roArzjoNKiQ({ij$>jP-$x_imGV!TiqDztm4Tc=TAJ7X?O=)0Ni+cTIG zJu9TXQcHQwh=a*5ZA~O{-IMh*lVnGmQp^<9s!9?Gr(?yXh;|u{arGds^Fse6r;tr_ zbtkJadwfW9D(Lj>4fr}+mU>;!FJg?2g_hP@t`4=%A*A|%rLZj}B32%O6=dd!&XQR~ z#UtMQB$>Tbf;`xPkNs45IBU_QayI*uxX3v#-`8C>o@JC+j<8;3o4*-T%u#72DiGq+F`mZcm2H(m``*$-V}2B0w6I}l%kK_k zXbAP2a&lLLayCS7tp`QHNc>lkdnr+@_~tK}3BxZmAU?5-8MeOq()?lQAR5;h;?#0p zeMjc+tf1@48{sJVP|v^duE}DDE$BBdNL&vMF&k#GqPD>aOE=8eQPKXjE7DFq34}Yp zG<03{t8TGeo+#2~dnD9*!DQv{Utpt$PSRP4Rv$rpBnd_$LkTAATkm_yVa`_X<&>fr zLv4pB;~zbafXQp^O!nH;3ttrNI=jNEq|I^tut3;K_StXIz-3|krRYd9!wMbM-?0rbfp6r4-a3N{?Ug-}!EM3lHnAX>H}J;O$pSz)e)G zh4y(f_FdbMfXelK(c%fkxuWYfqsVPX+f(E7-Fuaa1HXmFS5i(w=^3Q#fsbJ*uic7< z;8hjGQiz--C8R!g!g0nXn!)H0{IWnu7qtv%BUB@tw-=J={$y8(keVq5km2}8_M3YC z7avB7ov~dDNQ$Kg3A{wi_g#c`q6(IK8bgTCIojnO#>up#W-FK_l{#Eh!rL#2_vX3T zS7Vs7h>zxe_PO>VxNSgkIH1rvu*A$j@mps*hz&bgM9=L@b#lH2*xjGC0F8M(;v}|z z5|8xXPCgcXiR(On2)2CXUqUoo2emv*^~K00$>zj(P#l+j#-_^-Lx3zNZY=^$MG768 z(ZLNmP3tK;DFJyTTc5$x=c`QTe7E!vuqT_+$TlRzk*^(yTx|NjG|6hDpE-Q@lV$Z# zVr%8$JT)-6iwrC~g*B6@a}dG?+r@Uqy&Q^=esQqqLI}k0mmU6)%a<4?&bkma9xd(M zvUun!x7=2zy2jr4+Kf~p_1;CF3y%#eC?9bYP`2_3_r|99`|SV9*ZzeR_+8gK;3VX( zzBH-i+V%9M6eT;UXg=N;Cggyowt-3TGB17o+>yu|8&d33@Gru@LLP6Z^L7^KBK5{Q z1SLJhinDqoHD632nz)I3Sq^ZOa>1GBW?X1S-D12Y$l;Lw^tNZGk|*w)2+Xa?}l)eU<3uR3`crji|@{hji&b@?6jKp&gl5MWq@M zhOv4MTT+e_z6Wj1ZU^(N4)UIZO_PbKP5{jTNwxBEfexw3GS&$rnSQiOG{=NX=zeki z9Kh1X*B!n&@9!nTqCXe0!K1q2Xu`eb#>gwD$OkD{O2CW{Ygkfy_`V&kfOpzx3N(99 zFd%HQZmfxpvU_)CAckMiD|#S_#2&Z4+X-aY3Od9an)wm(h|=$?X!mLV@ZrBR7lgQB61Z!prYD@|AMK2NXmV?&dd%pExSle`v-O~)dIMB09$Jg9-X zVoAO1iF&H&nboq|)O&h6n;wFc>qehII%xi0&1Dr+P9#{Mp0CVwb!QC{D=kXn>DN>i zuC-ZTBmGm8CAv2tkzHn}GDLGl1o-eZVP(9Gu-36>G z<q)i-k3eIM!vh=F^0F4TJ;r1lKsZR=|r2UJLy+xwmTg0u5w83o25tD)V}a7 z0xEMoRp(adZNj=>XOa^iWlrOsBn}>>s8FS8uF55V?2iScU$(a}6g&@mzI!7PcVg3IE1|;af z-61V7LP#}f3C>is=ovC2>KKWP@iZ_Yr)}LM)Pl@}gqVYpf~)*gyTav0+z(-JlFqCR znM*xbA}LNjkP0pS`%_OWF6$dyydaY+s+zPySlvxe{Y)WXN6(7e? z6^|87DDkhaN7t{k%%jssnU8Sbw02|9ez{n=$*U_FABVlijwUisdY|-UbM_2CirUu zxR`0(5L_j*Zyx-|WdG__MkrM`V4S;+4(o%zy?kAzFGQ7zuv zz95F%EmDONQEGZ85*+pt@A!r9y;wB=W6M{%cVa6PJRf)wRk%HwfK?#wjv$}W3%YS0 z$QmMzjcYoGVGaPR`7A=}`wIh>gouJF!Ao9SB}gXzd@cwJ9J>N# zK+eh-<)ty*hfu|e5F|)fK@r%=(@9=NzCC@VX(ONvHhwCsGQ30fvE>lCJ@J~dyM3f} zsIeZkiq=~Jlmifpk{@_|pdL}e9)?V*jXs*M7|;)f`vuNGtyh$WH*>W!!ZUwzVcTTG z3Iky7=5pPjkBCUKV|t)EooAKcvv7j22+@@WdjZ2tpURSDN>a~zbx<7U5{ zQaL8X@)v2UY$`>S1nhHbUCJcl2WFWyg6I3#tEQquh5`h>*lf_M9F;CX&#%$ngamwz z1I&w8{L;RWVOpoEnQRSdOr}v#hlEBS|`Otp!c0fB3lEf1BTv*TxVj z0&1d%MNjYY8`Df8Z0*#_A0eL93RddE#de8dCGs|BM4fn zbC{J_b|c%;+Huy35@GY?1%Abwe0g zzE-}KE|c@aO-Na1R55yIIF<-yhU&m8c{zAi^@C?fi&6*t*~ zfG;G*LQ_e@K(yoxJPB4@|)P|Pn#*0v~!tKA78q)v{AO>UBy<&gaWjpMi^ zOZSoALSNr%=;O_YTs~`BPoNE)LSO=dbnk*c%P@%UM@XW>fL&Q~x3o1BMMaIcE7{MvloPQJCCU!aP_%*p%0+ z?Ln{iH;%J7WZ1JV$6aHDSBK_#7wzs2bf#~)oE`7Kx6P@Sa?Zs!7NCL!w|We8yqX$> zKI_O9TI?Zm0Y~ue3$k}KhA~Oj0S4aJ=Kpk8Yc<3+WYtW)4M7q(L;XgnI+Pw8>jl9t zA8oC<_i82oAI8q9ITWbLqOol!H@UHG+qP}nwr$(CZQHi(WbQo7R87_QFn{7ycb~o1 zKJ-G&=HbO}CFS>`0m*uQm(KDZXwA;7tn9w(*_+?EsXc+w&4hs)N9LFc+O)dobgS*? zSWrRSAbtX0SrSMh&5altunknIrq^)UsES* z6xNJx(WHmJiITz@XPe~S!TjQCS!Ph}c{gvZ+S#uY79l1k+DDiF|kR0WY5G4xDn;;dB zkTtzYCcKKnmgvXV;C2z_N>CQ{amlR%y^Zi%IJV|?8%v!6ejN@gtBBIYE_Gsr=HC4= z^hXWq?S(Dx4;~*+0FyHMoE==F6-E)g^6SdpRH$niJX~8}QY|lR1q5xk`LkQ~X5+Rw z)McU_FOgn{x=l_;x>e_X!duFnnN8kCTd^fjpfA5?%TAC_xf5OpV4_6=r;y4wCx(U? zARJ)HZ}-TT6KAWNnCiaR-i!I<)l^b)nNK{?%hM>&BBCChZXLQuv*%3FIzLS8tdC5J z%&SL>G5Kl^l6Mo0ne@)eun*)CcgOM|89ysS# z<=d6!$CRW#H^UWJ1B9RH@%E+s#V2up}uSG^U!00sf%9 zlJRzxA~ISoT;ow!uKt+DpVg^^oy4Mn+x~`XOCrw=l7_zdw82+(J66} z`c;Ezdm^@bQ6N{fR9E8hwD7jGr#x|>-zoXqs831mQu)@9E05RK!_hX(hisguigb4o zepfN9tf?i^K%!NkQC1v~Lr(>G@*vRW~cHMQK=7 z=@0RPiO?j^0BA^j3u{F2y!T&XL=OD12?96$&axFDyeR#6i5OCN?}??t%DH-N8edPe z;SV=#;`OAgOdK}Jie50vN0R|uP3MF~ysjgH7CT?G+(lVq=XUAhdkzBNj&Qe$J=?Z_0zRQ!}9bxRO$g^^ZPX+wUXaSuXV%_Dk+l^2q?yor2884^CF9V3|UPBJdPNrM?)Ob%uE8jHQ06U+CT8y3DT z`mfr<#I(?3rvOe>+d!^2kWnCw@rOOZS(z=;{FLK$)#(o7=pj5l#Hm1?V4xK^oQyGO z-toUcC7bP657<#}ridt5p**F0yD~Lg$+SZ9`S$;8=IP6Qs}KgtAB`VEViL3e3SYdK z&&(hfr!=SyGMS0(ZYJcBcTy(S7OXHu=XPrq-);KkIDuIk*;lkNy#`E9o-!`f6&SH3uZ@9c$F65K>TpDa_5{0M`IxY=le$?f__g9B19f^e6tCJ8Z3{LC3?ki zugib48j~CU@h}ejl>aB&!DGhgdmqzWoGU~XR@~`QI4aFVx zgdEQe5@2nE@o&1!9(>t-BTwzBYy|X#?*m2yZJPeB=^LE<0Z^ZzC^b}eRIfe%Bmd9# zm=ar^dj16+#Jt;yg%|*@euq=HRTnDg#cqJmu;sg%^!=XLR5k7f3&yd>#>+>^$^A%( z^HZoLCZsn`)C?HTCGO9EhjiN|md){-40Rt0{(fZ9O^-E?)rP6QC-{%0EE4w)N!cw| zxuxdPB9;ev5yXbeo85~)7TIJ&36SHSCcqwj?-Q=$a2571Tii6Hk(Nmb{P;|{c$4d% zoMcG3!Nh6n)9$X;Q!D6D!o*)0=*3Ff|Ga)zwWxG~X_aRmrC@kNn1zD6V!c|Ymvv;# zo>hpB_1YH*&{v5Aq|7*Ik=7VEIjI)!2N4Xl{$Ci=qZ3}Wn`UYOTJ{tOg^KZb4%6RQ{$Yp zk$W(6qm_k$Qn)BMh6aAYmA_^JWHRbfUf~EL3!Y3&C7Nt{;5Df!^Z<^P%+n*reW-`A zTAuiIVATjtJQ5n8AjR*{m3W7D>-vc@#)|?V!~v@{CA(hZ!buGP*;)8Gf zF3jr*9%bc{JbAUw20kpJlwT2a@->v?b_QBF!KEJiTo)r4-v=zT6A^ zn3Eep#FFS?E3)VH92(@g4`Uvd$z3eB`L7cTRC7*3_i=|!^;b#^W(rNNZ z@^ye3W*#@^tsXrqU8U?c8|f`D)fgcBM-mduzKjw$aE@-1VnILiVk=8bkp754#J}brMljzIDvj3dh{}> z9RE+9L$tHmD1I}(xLP2mYD z3ahrdu&Nj=l5VG6R*CB!E+b=*#VlLEwVt| z05LJL{=XTZW>7gC3nc2OM1(C!7KE+s?d|M67`ir?8zd%#E$;uufLsGK?I1y3MQ?Vt zx3+(4J!;FaPM*wvJ3Pn4la$VbrLUv>kz88zJWRm;?UiL+8CZ+26+f`UtkW*|Pv;h6rqsK?h6(7JhhLwReiQ#T{;BC{@z+##zBRBj z2nPBF&@pU(YCo1*MCqt1zzP=<0)n;gUM;zMb-(@>uBfPg{11!>iwulQ%n8tv6M!nh z8c-gP6A(uSfHYvQBp4aSI>0Z@zxpDaJQF~N5A=KsQ!p212M{0~&=msYyz0fu@WyKL zImA0G+&l_uaJeS%jUP$%8(kJrlj3*v{T+UrwO)A7d*c0|Qe-Tcb<324?Uy z|0;g~VMuncI_xw!JtNBx&H1s7@tftHv0(@!Yoo7U$}hJ+jwv2<6oLz z8iB2)-PzoISIsbatYa{5AMpK)<71!@0Gu4a-Q2(8U#tRpCjYn#%7n_!k<-S#tDna2{N;}AMFQUF+@a8 zRzFg1Y`>h~WYoTy3CO*@69Bj0R&-*bxn1?IL4}Q#DY(AxS|i=gr`sUypB#XS-qk>? zyWJj?E1gp`h`bNR6a4hGbSWL)wBOv&Z`#D)Ud-R?<6n-G-^}=+#^z^TuH{~oAKtEb z*s+ao+vwGHXRzKIzpm{|lC_`O3X(hBNJ@AnQ1;C)T1r?Jk8MzWO~=b$CZwakfDXVJ z6#jiAXui`Uy+aqhuTxk?&`J%CK;J!703IeJCBOSRsgpw&&mL^uF-N*6ch0UqoCR&w z;o0Z6#D@B(02u5XSnWh~-7-kfoSc1$@6OoL{x-g_^nUUED{x;HKyKAD*m@?XVRxV6 z>}!Bg1HHn(0$Bhe^SoiuePl2AL*p=dNne3#fKdy+bCua&_)iw4clblk73Ck`^?(@5 zKY?w!*HJ%1p2tyrzG5~2h2y?+wB+A83o_?8HcFdHIduA9DQFKHNHw?Um2IVdsnqZinpLuB)6#NgFj zyU=7XE=07~(MmgzGzfhjxGXAy;mu3IyWGM$;)kTt5VGM=d;(+)AvH$m)-##ilfIkTu0+?;T!NG_{oaomsH zIoUzx*UpKSl5q*YARF7EaX~-w);`i2F~~FWRmHv_dPY0NW!;@kh!-BxsdLgeNX8_% zw=U6rSUwZ+mSyJ3Sfa>&bJGwd| zo=AM2NxYmDc?hf;s;ydGQV*c5NCb{mtSN>CvX*e+^dHlxma66$Yaps8o5mgw)qh8A z)?`{}`i8%iGco{q=?FkUQHbbRaFf2vO(~;-ZH~60Zc&dQ*z&r_U&8HEiUay$)>I;nEM<%5u* z&O(izVG++3f|Cfp-g(YIHsekw{HZ6S>FqnTTSse$0>@aHh-h%MxfWL>j!UHXMMF(Uavhw|pO*!SS3&nm4T;{z-slMPF><67s&v3Ob`&?u!CObjPR@%)QPj+8;R z4vqk^r#d)hmq%z6>NT1Uaw1GCD8&GsrC@SH;~dNR%IXItN(QA58)7AJju33SsVoap z_pPdL3WCWJiSr)qbTLf5h~(IZm?60DA^(Rhvj7Lk9mOiS%qk zPRA8)5r<`)OL3{`t#Li`Wl&iecvw;z?{BS48Z-NJq#d)Yo_DE6F$m$4P`!=cX}T1184U=%_a54qMHD#pM@r;m-1ng^n|IZ31!v=IUoQ6<|w6}*%jh05M=IQ?FOuZY? zP6i?oo}HMR#(x-__+@ZWsB1f`%A-*94x~EUwph}8_|!ics}Rd*mfqPQ zhzoJ{#gS=$H>ZYIzEl_uv`C23Q&xf)+$H^n)FRH4Z(H`Bv99#2Vgq6hZqf9L8pewn z?hjU`Nq{s?faO?4ZAesH@lgQZeNTf!=Vcv}$gPMlakbi0CRvmZ=qK`PsN{a4v_?N* zJW)e;GT?<^{+dM&5QX%FHpdx4m}xxExPcIt$LN}TbJkuEyOnhuK8!>hM7A=R(>@+( z#jRU7n|a2g`((k(hy|TubTa_DpWeA^*n7z~y8q-(mmUWf6tj5(J<*9BiHne#M& zTvX-O>BXj3WuBgA;UeWbG}=zTdsLZzo`nt%Ud4CA9_SajpIzta?v`Nm%z>ao(}GXs2(d`ctU?ugPbhk!{JRN2s{o%{y{o>5 z0(Du~AfvM^K(M_@BL zMh-oxLH>wObh**76x~Y7w_L`722%?Zd8Ojd9!5-UhJ7s526A9wfu_HP#5!&_3e5Px zR-cLlX5avOJMLPz1vAr~u?bJp+{!PlWJ>4ppAOsCEi?`zmP%@$25WY)S^B6ncrCJr zM0<+s4bH*M=6grc6WA`E0<2q8-bY@L);clT90V)$%Tzmpo$@2HGKw4Ci-M_2?}W;d zyEtXr+V_NysjH8#xDPmHcGI)^76mr(+)?D44ZmiN2&drxi)nL6y5Nee?LX)j>+Gc| zey<(%xmK0p^?(F4075Yiwa5b+GZ<&RJ6`DYoM`xtGkWbGM2nndVwIW5gCJ%41=2e)`XA#7fu!-$OEx{yT*Wk3xmI_r4x z_;-!d3%wqt=JCCqz`Kp2=7LuVJ$T4Wi+mhg*R)K9MytB-42>9cKl+mpy+_^KF+1<| z2Y)#Nz9ZnzC*DAyA=i*~uQp}AZ3YE{3=?gk0O)wWWUYwffJg!!`*97dz8Jags}SgS z&6V`6 z>ihA-JXq>L$1_W8kfs6$lsWx6@XFQu=)+`p{PvxpFN!?t4Ta1kKR#t`13Y3;1KG4{ zxUwD#f}?a)xd4g5BP&20f4a`;grWoQOWnfnE_$+ z^m*V}SFT9ol0jA!5Gw91Y0)nT&{;H_cKdoWB1NzlM;u_c(i8-M%iyIs`>)@+!7$F$ zbU;k8t%Xh44>lETACe+>+dW%1MC^LiTRlsO4DGLK{)-84i#5^6QP8O&YB#UM<@I-_ z)ZJuL>%yTuR~tHIE8j>piNB@3ok*~rdm`Xz;b~p|<3%Km3K@^Rc0chuKeDCjS?Z{4 z);9hrjx}%qs!`Y_TrLrbPcfIVWRiNaN^hnA_i~Nddi>H$kC(T3YRkVV?ajw#pJh}U%<0hqaNhJAmT13E+h z>?%-;HGQ5FjjUX4oK z2Rx>)HM3}xhB-nN$8E;%U9|5+cp9(pbBR%-Oj^_~Vn^i}om`TR?ZJ>_rruN3O6a{^ zDXTNiptB&u;H)_|agXR}l6r0iZ!fGy+Id&G@-*2-$&^Rz?SA;Glabb|^~jLK_*=AW zFYk~mNJ&=3P0r>QJ^YvTc{)P^!QbY-5r|}i2FwmyA;93#sP#`m1ou(RAC!Y}J1uQy za^TnpTkU1rh1m6k9@^)HVq3ol!6w+%Of$dT=O%L^T$*FU2Qw@NuZ(+6Zk3Gpm96h( zS7FlNfW)R=utU@EbLQBpO*T`ISVt~5O1!;r#xl&+^So*1_o4#Kx)95wm7D|P!R3R- za-2AyKSMK>IaQoon?fQY6b;ZR;t>m11!sL04+~5A9nc(ENeP~uf19uwX3Q(r9-Up; z#`qZt*T_!Lb%rG{Wk_O?;n=&N5n;=@cFAz$8$SC7Qixjvo;Ay{U_J2PafbX|@(_hKWj;D@JFfMT zE==+WrS4Gj%LAnx%3{EKgUfp0 zUZVZ$*AV*F{WChorjoo8_0M<@%FI976D)dnC3mWE6yOXm+HW_Qbhk~FfkCJXx6xrO z8SEAeFk47k$*e6JF&Xj?Zf1P{x+p=CFjY3H+*N!guO8D?dH|`}a@a$IHQeyl9lP&d zPFuwH1dLsz#PdUuq94TM6D|TKV#s0dbD9SrXI^PXFj55n2&c)_SkHiYgU+>qNL{v7 z?ZR+adA#LgzOH&F&(d0EP1CeGAkL5%?^5&~wOB#I>9eV!<(A43!HD7(&nPXLteip= z!b>5_aGcmQqu9%dNsmN2%xAp!5K6L3^=EdjQ|dbNKNC?^6s=dn8z%NmAO%q zO~jV$e>S+L%Ir|(-g6}fmuv4%;soqBvlP_vRn6oo&#C7xE#RyfMsQqM zu-``ock{lR7I*!UlrmS2)xY+INkAHp33AbU?tm$8%3~{vEy094&lvxxV| zEA7l}Yd+BN;+m?(ZTxisb-5;_e-3t3e8GiG9kbI+Vm?9`gd$AZMx6(7+0Jq-gAT9~ zjH}qgNQBd+*T1B7|CZvkFPnbPy%+P+$S)D$Q~&Fo>mLoqyV3f0>>AsPB|(}d{^mq# z3kbBiNN5WDofLo4@345`Ijlm)OptKF0yg*5MB68y7U=cTA#AszNv&Ni(LLGUCMF%{ zYIXx5X`7$~=eni%CRxx@L5pkVb>RbO)-ONu)Jhiy8eGI*c!YI)I)E4}301_#R81&s zn<>+9%@*8&K+}ux$W=&~)^Tv+ur{qk99Qu^dtpRbc+xfht+RAH6cOLa6yN0eUF_^J zeVk(b_+a&Dey->oG^hUbpjh@#nxGVKQQ@Rru0oNRum8_eJ`~-&DPFUVt-vB-0GPO@ zT1YctzPTk9)h%~^!F85F705P%+(|-*DWRDjjqPxa;i_e8#Cu>KT_uU#1{Ej92Ds_B zP=lu4%f09Jyc(G{nuUw`LreQ|99|L|x=0{_lf#OuV4)nSh@fX1P*V4OH82_)g3~^? z+YvQtp-t^v3wo{D4@Xc=JkjV&)(WaZoCy)GQl*&?8%Pl0i*wq8eOinDeolUrzt}KX zyl{Wj;5#4~Iw9mO!eDJU;1^uR4jlV?=7N8&r}+r({rf|Mo482Mh)aX{LT8KO1;0!5 zTaDvMP_LR{=LuoAfzk#p1nB&X1let*oXa2O+tcf!Q)Zr*0oqIdljSLJB0^`_73T|> z80tXCiC&)3##3b!1q!?Ng0awq!NrKjHZKtfd=l6In=JAl^`lNq)1=#wY0ms;3}ZFJ zKsQC^9r&oP=SNe-^7=)vF@C?A*Y22WI(=DvtV^3$)4e0IcEPZ~PpO|%o z!Zpk-e%Yx{&-eJ0yAMk!+jecu(?W9Yu-qtk=<&W);`yminCBhA zM_@*662(~59A1gHw*{>jTNSL;dQt8ZTEVxQ-Dv(SQaBkO?chB;=OE3&>PJ#(Rycsw zQW(<2c6=$c*;6wd;3p}*qQA`%*We^a&yz5lKrXR-~}?vtr8btY2F;?!v$fK3Kve6RmE{4 zqtepu>=U0r2c-g-;uAZsdysR_U_}YIJJ3^uQs>JjSK^wTNu8A1G&~tTIrGE;Z~%qO zo>J{Ud)W&HcK1v;(y zVR4H%$~nRtDTh&oG?nzdFP3-kI&EQ?k>#Yu5Z6}T^uR#{5vAPoR)6x84#wbh!SC#l zl(f`)TE!(pM5sv03#UTQ`;4p|2Cs%s7o9<}e#rdUVJAm88=`fVW$i8S4#pQ`6JD?O z(PA$x`?3iAu#Ph{P}jj8sm*=ZD(0Oud?v9jx1%q5FAG`o3BH()MG|7&4A6Ww1 zIPEmgH@e0Aj$Cm(mKYTTU%Lg}eLfwlO=Qi5=#RwEtenCzNaWcW;CR@O(vMBym8Q?o z9X*{ep#1+jwHivhNZB|%3V>Ovvs5O~%tj>Bi8dpe529i-UY29?{7~U=5?CZgSbtr) zB;8vpCQ@@7+y7;+P9M&sDrPggnK35&VdX@VLR1q8#Qb6Q_Ubs0FMctOwfLDUBO)vI zm^m3%@;|Gn_b+)UHTbM(a%w#L)Cldms~7at4cqniI6Y0QsIoV&6LQA*!{8oagg5ZP z72?Zt66iszJ+$@xt{Fszc(*`9jkvFb0b0^wT?_jDF(Lte>|tHPR17hdq&5DSI7xS6 z&z!8NrRuzy#=V|b0%7uvJ~0Z6`=%k!G;Wqnz^Y|1=t(i3S~Z>&cq%1x&Zer?fhJ@$T*xf8mxBKjmr?Zboj zQ8*KAam3S86BR18>#Q-xVefZX$0Os{Wt?%c#L-_*`O)1&y?m~*i|X;--=0S*V>BLm zqH}8US#RMS{HUbwavW4r?&L~@T#N=`QI`e$dp7R_{BGadz$O%b_Lp~iSpXo%PFamk zS|p6t_2cb2*!)A(!s5#sh-E?pM%NNv$-RYDrX!lzST;iA4h)8YCi6wtZ4QrozOp-w zIoVIx zhpPW1`-T6Hrmxl)GY2k>)_89yYcUsYciLuP|rR58@vs5FVE3n{5qmRP1a6R%piY&{M|s;4Wgwtd(AY?@`K9n z+)|Cli6x)Qe#qu;@v2koH`K+Zl~H?4D z^Eo4)4H?>`D_HVyxQa76FRwT@TrEf2miVVfsiqkHIxhuEB zMg_X_M{ttdFVCW9#OZ~SxEN85i@PmJzH15Hhzw$OHsc^4pse6SM>B`Ot9K0H4pp%l z=Jkh;S%TFdWP@NZTYqAFP(Jou>!iB}NoeUja<&@Q89~KM((YC$=dKb9tfs+{v(_f@%8(x_(G_DAC@6;UV4>zvI}VbEZUrZ` z!Qm2A9AQ`Oq2^M6F`qw8G)0IS{Q3X2hy=ZEsj)$%V>f7DB7|NR%fcMA1+>l3API`tzw^8a)XH_Qq?i0_|dYbl!* z&cBLq4+HmyH?-1#d_)qKsY-btY0kEaKts7e-N8v z6Mt~fX*!o~vE77R4V#V) z`?q(3W*IIMYa`f42|k&2L{KQ^7eZNzGBqWbVj`cxgE6L+n216ylZtzTAM9 zT^dfPGkS1H=FkRjg2~F+Kprzkq9iFy9g*&RhHxK5ePDy+So{xOi%~maj!l1E0u1cL zl8It-%>%YhBUhZ8>R-OMj`?^yBV1?RxVs}k;gGQ%K;X||wP-Z(9KQRjwaAwSBEqcA zb6B7PlBt{JSj?QrQ~~D>8gwiv{D+J*b%i$mHvS>GymQgTj2BO6Y${UA6{qdcYIWq7 z8w2)kJTG5cHk$K{&69*{4HB^z;e7e6#E%-F+9ehfBZ!R^(0oW+$LfGr+wXfHFYOjj zgTwQx+~a>Gw{IDXVS%3VD7sXxZfwp!0Ls9U#@X}0z2eGx!Z&(I8`Oi_t?G-kuOv+J zeK0;3#gwEH<6H$RVA8U0*w}e z+v}}zxZY8htj`ZfxE1wJ11j6V#kW3?o%Iw$2!W7MDZcslycCakQ`3I@8c9HvtAT?UHC-On{HdradB7z%y4CyQ+KqydSEvjN zJ%7$~`gBceJb>BzYx8&IRXiL;8KF%B8}+f1KBZ*Ipm?jAfJx)R2H2~`1jC?i`R_!| zKz!Q!dEB>)jCIbCNXOygpUtTFTpq?6ca1b?9fTls5op64hxqgInPZyC%8i%t5KT;R z>=m^Pa36p(N=4Tj8Pt#24$|u|kva*mX2F*ozP zJh|`vklP|C7AuW4cAJWR9r0fpTaML9mQCE=1MBi00uf6Ri8l zYh8&=Pqr<-Sa9e6G+z#eNWGDI3okyL499(po{K;#H8?4D*^D;FWBCv(WQUWYyiKzD z-|ptugSP%eMGg#*;a3fli*Qq^ujtX`H@&6l8}OEjw|Yn!6PVEubl~|xZwRP}Cla`2 zfrVm64Q@`ChrBimC`IO5``q@UazEK=2bt~vYYQlHlA+L9raF`Uh8O{$Y_4WtBS4UJ zunD}6+TYivTPSi;Q!d6m-mWBefwPe_QUD+_^zP`m*Fv=|sse?$xWnc(3Y~x{ncwcU z=Ay|r9->yrd^c}fPR=RBFvU_%l5bOwlqa);ivJbBRvHFvgP`ymjLt3dK_P1B&B$T; z*3fjm1C=#xulb@BZoY_~y{Q?WdNOR=WeFEueeI}~{ReB5S1Zn&k=k=kb|EUi3Rg8O z9%`4qqo^|Jge3>xo5t7ZEfHNNoL*$yZY9d;OvWD-@Z@@-HD|_sJHOmFLfksBpoQpI z91hh^ve^?4hB58eiAHaRKZSL^U2tVjh}7|(M`1UPFsVi2Q}I1->bK5T~V z3}jNn#^sEJR=d`s)EH;0iw^!eEJv+q_v?AGf_9(9s_ywb9Z^`I11o*S?)U@$M#m^L;J4P6jb+)frUmom1 zSxR4KIa;4T%BMAtnuBf4z<&0ito;4l2N1g90u837P2xi`)w0{Cp^9^$^7lcd9dn<1 z-O!NZr(&tphrk}IiX08VW7X{am~e-woUKrRF;tMI#x&$skcjbwVl8dzZEziP*l)P& zO>f2Q@5zSkjJ%LdD7ZVi&Efl#BkX+2%LlB-lq4Ts;tbeHH0@;P zXXmXH>2z~xdTFhg-Q8D$SxwU$-E$*p`*hL$@m0RFT2ZO8{jMLcP70I3rgfqJSaKYa z-NzZ8tqR+Jy#$y-Pp!t2&v-`Dm5iDTl0G|x1sw)<(iH1pS5zGoCs!j*S-*Bq?SpP* zG3Dx|*VUBVn^>m?c1r>}-jbqEh1L@&c=CcREpyr=Qe?n9FMrwcbAlqN1V&wxuQ6$4 zceJZqqYqB21xP+ii_I{b6e9k0f3lTw)t3~F$SIVF>rKzUtn?uC*PRm2HLoi%fPRDc z>UCGhkIW*?HWM6w|3OKrGD{@)PEcvyuI834SIh9BnkTDBfzSxkipUEg5h?KH$b!}q z=o;=rq4LL?8Oud@i&>l`zB9JXlQZkZpRGIf!++>W`jAZhk2{ zn~y5g8NPXrNo1hfn=9t-D0z2&XnDwvF{MVwh?=cmjbPg8cLU*;&@95CXk>V9KNstu-W-823L6+D04La4 zy(9SQcvI_~CRZ1Jdf!Ub8USlKQ3!C{DTgo~MER#hgK5TuGhStbWBL~bR2rO!taRH0 zqz*li7X?2otfl-&I!EM3k%xpxT20%4k~|GEXd)c>6?!~2TNIH`#buNt8PW-T{GfqL zsRPpx6t=7r%ZP+;9xDgr;T^Y%sl{LBm0XHN8?=#UT=Rxpn8^hx&MD4?;9!tzW@BI` zw5`UkQ?*QLL2%(Uv=GoTw%tFSb$Ra-NZksfC!Wc*k{pqOr?vdGzvZ0T!x;vT%){8* zT4MS8Ta@gu?osT!i-TKtH7_?Pfe_(lpC_8y{y5`h=ZR4-+KPzD@dtXeWWOYbtGTp! z;N#7HY6gEO-!h>@!zf1%;s+||&sZBiDGq^3tsNe$$q9;HT-IO_iD&*ko?@Wv#M=}3 zxfo^!YXg5Q^Df*ytn%)jn&P9%WZ^WbH?CF6M&w;hmlXg>glVezU3VN|y91&%woyl# z-fHI5iD3+ix%9Bn&wId?_hnf{R6)Z$Dw)5L@LYtBZddLUhg1&%91d#NsmB~Np=W=~ ziLA1I{?cMBk+taD^`$&f_-oJH))zM;YX@OvTR6PGeNRd*3oXU@d-zS`TSAaSx$D=Z zB1h8W+i`HA^ug7rj>z9>CQCXk=aJi-fWiU%Q|j8DkUy004gk_5Iv*PvgWoUYR;X?v zSZkFFZ+FcxV|qQx)4kmO4{MyDoAygyuuCvYoov`Mwmg~ za6&3CowrmQvsToqv9@PsS(KI+JxQAFu-e_=%}7-+xy!Ak@#{e;O3>L+Qs7p9$)$54 z%b$M6gj#VN#J)m!Uwzte@jmL}T~?3*0CA~0QKC&Qhvd3B-bL^-XnvR66wqwep;UNl zo}#kH7zrQ8!hW%917`s?YE6VH#y%QI!RDI#II}P`%kAc=noPiiVM52aG|2Zc(7^8v zfv>A?f2?!utOq=Mb<B#<#g|Ibr z>^138JPcQ$QChr^LoCHVqv6H&-(SM)QbSg}k-~9HmYT{CFwe*6io>#uRl}^)87$X? zg=4_E9qt8#7|$qA(#LbDqgnMqPJ)=Jb6+YWUIZw|-a6)7;&S_%_?Q>dS#7pAhVdQk zO!-}(?r{&rxmh=6Ij66B04KyTYzk7(tMLcD){&oYBrb<39F7l~uX)UJhv%@jm7dv? z`OQlCTpaw+892*7 zVe_@_*7r*B6%GQ6#r7Rh6U523lLB8wpvv|UoogTccgzS~m(-3NE)%MZs;Iumo6{UC zU7IbAE8jTUwNgkd3oWiv{MRa+s!UjZ&0f&T>PRyoAJJ+(a(razkLh`~=_QhyB}kC3 zo!WQ}=vW@Ejc-6l*Vy zo$K`7Iy{+w=+!^(Xq|ES$12&R_*oV*%ti&$wijE+O;x!tZ>+3G@Y-Wb7=B{w!u<*w zXOW&x9eU=>^!vh8@vS@H<`IWD+O^@SmY|eOK$rWN9=0d#ye8YGgfK-JFCTi42=?gk z347I0$Rmg0oW&Q1$Lsvu=j!R_5(o%upGMNwsVeu0r$zB6O|~wLob$`#<^X*J_9?fr zph9_ZjYngVdIutg((AW5<}1yxTL2DMk=&IjfIW`KQ-@4HWFLSt5PIiuu0dkbiSr!? zRXKS{h=h2GYG4X+)tLdk&3I02!dPFY=Y6HdZ>iR?X|z zGE#QGD>V_`{KskG_rSjsu1TkXg`i13)l!7U#X6zVSwc@clK1fNUNzw>9>Ncn>4cRp zxH?piahVD@Ng{a5iPj)C9j~g#e@z_sSM3aJcM~Id*Mp4mpQI#BfSY@^r?14rgW)CNHMB&z~U2Fq%i*X;vY)U`S4(d2||XPUMtN$Xo_dR+$ed zlB&HOo@Wri&uSqEtDzEFIryMB&R*53U7%d&xj2MNr0TUYjGh90xfu1EHjeI0s&n#X{`*AJsCSbqD)yts&LOs$K%yaUaI2{e^ge7V#3Bh z{>=!eKVYdm*j8|35;AQVj75cWW);>E!25cSnU@Z@fbZGdnIr?%6>-{WH8|b@r{=G2 zT#w~)PaP3eY()Z}%f-Yh(Fe7{Vx!M+sK{8P#>DQzt=^EH1IUu41Z9&cLI?j@o zjU{^nn1&mZn*b}*1p?IpR*n}Uz-=m;5rXCP9K^i}L}gX_w_C4Lw^pX=AF{VfInev$om4+Hy92U-=AqLsevXgJ@&A}RXBIY6( z&_p(4&=$&8yjxmj-NCo-1xN@Ff@H_i`{;Rg2b=0jkn0iT$jo9Taj}P!CSlfD|fJxwSai2 zVy!@y9gVnMt7{~YW{GFcMG)5$^HFmYf?>0svSkoLw`9`)5YY^8QLNr4#W$COr8)vQ zlV@oZPxh3|jA5QE;Z`359)v)wU6zV<^pWJ*TIsRy^!AT ze|jc+BQ*J`?7r3@lT;J4R#{zLRc2enI}_1r;u!i$4vDDjQH?)PmTwZiQq*tz=j@Cn zpVSB}P$lh-he`$`Vv&}`0&RS--MS z0L62G3KI!=l@eC4Pj+#bf-A6YYN73g9pUp!j3#E>?-uubQUD)4ZJbt#ms; zIff$dGVo!ddlSDjk6xkd; zh3dPEthY|tQ8Dpx?q}zEG0sk8EpFWqU#^mcTWA)~FUA*{267)G?HsJ$(JeMyYBCs? zy!BUzKNdnqRAez!3|AO&N~j`Ef~`AHUZr^0sHm-U4jy#YkqRI<5c+Z7%SSntS+Jn% z=nahyjGu8me`%0w_Lh$_bC{c$yPd9;V(}eqe?njo#40T{-|9SlEN05jy4(O_oG?#(a`s)_E11;rsueDl^?v;VUXkCG|5rbe?Z5hoEbRZIpUA{S&+&iTivP2o z$jn5~{(lT*1WKC4g_?f)&@={!Y2O;b0$!{yikr#4kiXRP;ML1PLS+NHcLOB znpToX4I{PGOe^bg)eUy>Bqoq7rapt_tc@5ABL4{2#&lXD!C_+=gc1$H5`;xbW2(en zLZ6?%daJKGjyg<^xsJJyS&liM+zwnea202VxQ+@y<@68C@%z~jAk`71&%hZZ{L?Mz=fdGIw}Moa z6TEY+KX3_PzA@kclt+9e--tbF5(2sNU<3{;iYvpc$MU}b+<_26sAsBIFnVE50E9$o z5gCR#L2=<72L3@{xUnAaILGJ{-bL%HZZwK%+>@lzkSNB>Na4CC~k-jaI$CoS!dUwUz#}9;O{LBA!j)9M$KbNMT z_nRBjiwF`9@)v{}_%ApQgz?zzl{Hh?Z_N6u9MKz)7=rctAHboF(^WpTmVv)0jPti_ z-ro`XA>cSPaJOpz7>jhJ{(!^icWMGal;llVc`=H>%uP%FeZ7rq`Vf2-{9iH5WQP=f zE3by@N*@|^v+$sOK2@PWcdj+SC@r=E054i6v=Gi9Dc`|ge39NfN57@_&D6h@Q@>jA zkcr~juY*0vKlpqh!UP}R`gP8e#&xcJ5d%9Q55DDad#}UIK=vS{=e@d)U?JVmAI9(p zwE{?Iq#$|-WpyB*qqocaCSN1QL0%lSU+n^1u zr?<$_Wk6qIPi*_V+m0~6Hp=t?{ZN3b8z4aLU@(nN z#p-PUoJLbkF)T~#p*PUxCII#qbWJMwm`~sWz_!s_c@*sGZttt{?~*d$zXSO4$bQJa zVs(p%s~(@%X1QV?u<_PF@9<$Ddr5loGQfUH>p%rx3WyQYcb~uwQk?a0zgUJD_Yszs1#FH% z%NJ%#Xqa0|w?3L?v{JeAR=;U&gT`JA&F6@c-fiz9|CSv=tK~?yyN?R5vnE};nGZDz zLSDc1aCus`P4ntb6mV#qYRG6nj-{>ZL&ufjhu3DdzGG&Zw@}deDn8V>ES?V6oR&pa zyII}aLpSsyu|)TF%I|vWSk~knOwvLs)?tnQ%V(VB7@@8pm~JRMKUuwUBjGi!<6FD+ zK3J5?JD*qb;L?D&VK9iwd_VIw;8eJ>V=`$unNt+|aIro-kI(LXtJW2|CBYUN!{SuG z)Sh-`CuYW2ntFPg9-x;GxF;^Ik^+0BMMk*2M@L;#AzV}`(%LRv#|zzVnrZ|KYD+~r z4uW{Dyp3#2n_(?d48s}CWFP;aO!e6a4?m=ha#bUL0v{<_8j>46~wA5f;*Q;#)k@9WvUyIAQS8OnEMj zo2}ht1=cq0+*@(^hLou3obN1zui*!MB`$K51I%8qeUko8y`_Y&O|07^XLat0 z94BS{7~<;Po**$>Pm(<$K{al_uf6f_G~R#Hw_q-6tmEhbK9QuLkq5 z73)huu~z+|E|0>e1*#uyXQKp(5`o< zq&H8`?a4h>t`t%>VU$GgVSu~m&zjk5{-R2tTWDKu$a%KK&LNOyBypuw$b95in+|q0 zG@iUV?1{%2F`Sm$o=ZT|>9sMszhP)!K6N}S@XYPA-v5v2WusGnGPh;t!7%MWq@{NS z3spI7g6ExCwsI)7m>53R2i6o91n((8z@)Pl;r?BSsNJ$<{%xH^K%buX?>pU-&^~Xt zpYCvs%XsQA207W+FT>dL0N9x=p3W6X8q%7=DFY{h;nnE#M`Jq^!@kOcAjJ4u*ctT0 ztp`;69<3XC2`+}z1(VVhB$??&W@~JM9AOa^F3AM%LP_q2cyyar12qfNKK99Q-?IJV znf<;aT>rGjEx*(=zL`9@BzP!>dF?L>vqlPl{idReoQSaN-A)wK>d8V0IBk(^?y~<( zk(nIKO-y>$VS=W44elk!D&osk|KoS-i!5}K2@4xuBfA&|W5Qz?l(KNDTV}YQS19QM zNK7P}?tL%tCtEkQ(MwAd_v~qoxvm(Kza@ib=WO=+I?^NAzm)*EG*Qu6w=C3abLDH! zCNFilkIG5eBCqJ8)N0vaEUi}!bw<4uF-M{{ZQIWLO-y%XDwB)ub8^~|Au_Xeg??WP z?ens#*EI=2D>r0=Gk$Zsw&tV+Pm|w2{Q`(-FLv^=8{v}zy?~sBYlrKt!@yqi)BNeO zDOXQATv4pWDLnS<$F((IWi~E>d4NE!vw8UZ-$j*t%$DxcTB*R;C0+L$Hnd~k9Li2h zZ}v7`JP>ySFX(o5&+BCzpuRyb&VS(s7Oh{kY zWu1m;G-f03G0>Zlk!7?z%DVP;s}5K8jN7c$N0(MgqOfPzM#ak0HW2MYPS0KE&(mfN zK94(zNIM{zqpKuYL@v~Q8|5B4Ba5s?)9%s{A+|9MGs7_r^{k94vKeP)#b)j(D_ucC zyU?9;4WqSPk^C`BO!Y;Xve_JeZCsXAGzpCi{lqrNc;$C!|BBt3#D?r}Z5Wc&IfnNf zo>Wtzpfg8&UXAxNNAfCFdV%s5-IGN>z|AC#MwdbtNEu_u0b8Ef)Y9kEUt%!$W>wT9 zAaY(9*AkDfwr+BXLuX|30lB|M%pP6YG)(wkKeOZ1xw;x}U1yW}F)^-otF$Fft_2K= zXAq`SH^OV~r|-J9%*ClFV`sR?DP4w3yK#)qPyT`ut%RG2ZEjcUOs&x&ULOM{wxUCE z5J)*B|7*Y!shyH?xF%zWHwe=x3*Ns~;;KbV=1(7De+fcI_GHhsx6`@oJ;fKX$@_=H zL@3Xv5?~Hm*AbyGK9w*1eS9Qc-)kBt;cypQemb)8j=F|)?N&mA2sVl~>!VADrb0^i zM{B$BWzHoKJv!EbVQx+0Xh{r!YoAb7F{<@R5$_59D&n4?nrO9j*%tsrJ1!=gV&?qINj$|MvofqtaG!gFjjg zH{Lrf`ZIk*YeZ=tPd20vf|UQD;5ySmR`o@Y&8n-0%%!?!%+^xt=up6M#^>h|Qzq(0 zmII5}YO19K7?A|f8e-&TO)X9hY+`Cs&D#urr{cFlmU@}X=y=2-eVvF;0pm&G!cz2C zytcIH#*U^_|C)rtM*loohJJ>s1Sfd3c+~is^005@wY@G4 zqVa(LnXEHtq!2M6^j+BlbE~J{uJvzcT!`lFJ1$)Vfk_ zRX>*wE$EZMWKtHF)6vzoGMhKqtWmwI{SC- z+t7C{s0(z7c;}$x>}BM+g&CF@NOO<~B=dGJWNm$9*3>q9*VT#`Gn=~dpWQI^H^36iGZ2`u0wW<@`*dw-HP!vc@j?lsx~y;72`9_uWFX3+CXH|>DNOi zUW?&HfSRG;fB3HKxtF z8Br6)LG9+kbmLu(St+IHcHnl=dM%CQrsztz%9?8aQM8zy1*|rl^a#0Uz6{K^7uz~P}H8NUk|Lvp5 zxj;2ysAhWvpYj|9>T>*H2AJTPi0tVZTylI=0hcNNfN;^ z@5u6y_M&%RUPU4pB(rOTauv%FtWFZdNBjjw99QF2{Rb~&lp;|U`%T)^{m4SwqVGq> z8mpI}2%5X383ztJgXl2ak~P+8DsQc8xj?5`r_`ZS_D5GOntD~c438cjLf?O6ME$KU zF)JEry;lBOc4*sAd-w!CZh_5Uw4EGhVUs0`*hx=^x$W%o!~!2W?wfAA54Z59pcKfN z%bIMZ?Nz7cQy~0Ugwk?OoaIAPyjOwZXWC>^C!*9v3e!ID(48LS>F*)$iPGHmO19gl z%xcrP44fIJG{2On!4bNxg(Y{}CZ0K}b%bennzobRIMmfyijH^70E4$?=&1C4et*YyZ%x#y%pONi}vzXb z_s+~r|6gGW0}}@`$N#VI{S{O>>GBf{N@<~3d{vx?#YrmA$(0EPRtRPr0%(DTWP3p; zAj!#9JT<`23Bqj4^Ox;r_qE!2CZjp6{pK|0vgXt~-#foxhR_s_0a!{1Cy)B7iXYG~ zs2~Ik9{}RW7!-(O&ccGFD&J+#cj&B1Q{N2TDlD)M9|~zkUx{3r)B-B_oI(%>z@f$k zz(p2-D;9vO761Wa4*=->R}S%j8X%6@xser|yaDKl08Ss>NfR=xu(Ywc7!?KW7b?zs#eYtXv`XD^E!aw9vYg(5m{f2bt)fSVIAA`qSk3hPD49{&w5^avJ<< zSwn~Xh~?%!>b?JB^d$g(N46P6@gs1pS^r37UA7MG{KTRd2u+&)fCmM8Nu#hPTJQY| z@4b8996@b9iXp34pv98X+oG-5`o6t+!`M6j3<8uGzJmwFdr%`@xfnG*I5h!redPlt zYWxBkR9XM{)#a@J02*lgj>D-UeTt32NxjZ9u}v)jwv_!su^YtWXkSnJ=*6Y@();PW zS;vXR(C5bSRjsWXaB%YC4H~i!0aiilS+xh4{?EBUNzj_fXZ#R(D){m|B zE$@SR;v<@ZBl;5mrytS})Z_^KJ!7NxEaN(Y2Tp@u9YqWt{<{1g0tK=EX$-1sY5xW^ z2-^NtM@UnO9Ph|{l=k@>r+l8jN#HTgmgj;^{p>uOfEp`|!v+gTxiB)D3d<&OAhn7zn_xN0@q z8N_!-5A-1B}@us2apv^$?~HgK+QEAe-!Xyw+2 zlyg{o?8>QuC$XN6NO)D*Uc=ToNO1RWUqm=P7OKDC(CBD*IKmcf%DnC$T^d%FZ;6zV z~$A#aX!9ox0?QM7EZu$L*uhQ~g0G&Gb_O zX*>HDYv!7RQx2q?Qm8SCo?hUw^54`_3WiKwhOq4Dx26cWJq;}+$oRJM5|OOGva@~^ zAKHC= zF4Px)^|^a~sY?szZL3ne7XG#LMC-Qmm-fv=n4eGn7255$UnY^@yKl%*I zTHBfL!@5RnOlBsuGn5eB+|E5#q+THciM-0RT|=vXqwNl6z^mM_cKXIiHt09-{1g)Ti59#a5H)P;=gc^4N(Nb{0Qh4EvX!zZ77#7XU;gfR_{f&dJq@Z+7`23)l};70Oj}0#`D7y`MhZ~JB0sdlNGwDv zp`I`+vQ#JKnkxrgTjLJjF9SSKf1P>X756mPc;zPgIGy3}4_{NxPGOokY}g%5np*B+ zb*edG%gxMxcm`u|AjzQ);0 z%aMtMdHWl)!sVgLYN6;qO!-SXGML4CbfLkm^)>uf< zTnt*pv3{9Q>g_psg`06Y^W<#sBPb2P5kOT@v~*huAMIA~ZZ9oNFWTq#x_UlUE1J9d zgK@c;8c1v4rsSR- zt;kIatx*Ic9ynG&mj*+;qsXLHiDSxB!I=osW4W_;gXO8xNLyz{lO+#dmeTBzN=18+ zeoQpjXy?>kU7a*@}k?SU9od5-Wj6!ijJnf^QKsVXeq**hw}`LoW!=O%v+ zdHjW#TpxYYw(52c*v@Zq7RWsJeWYhkGHB?RBKT~bMQeg2ZA&#)R&Wq9`^Gs@xYhryR|KKEBI$2ja zBkWF-HkTq@|s_+r;{}H2U-#wo)(bE$$VP z)b)a&%CCE^kFrtq!!&@-y-ON$+i%6PR1DUvS=P(lYVD+}_@{iok*1P8KGaVt!hmqs z1oAMl)yfd@)0(sOr6-c+76^92kJ*m7;u5abS|+F)`&?1x9*sN%D5?AtTQDn|FC%UH zy$2SX!_p%{=?(!&LHRLa&;YSr&`^PCBn)6Qw_DR`U>y(XG||T+oL1}z{Y+fY;b8cu zB?p{Eud=5I^AT0I_H8*JU!Qlcv>`1+ABw>PnVcf>NO34jcQI<~?us<#aFcU$-jJ$V z#ZSDcC5bo%aHy>6LI?5U6>?&F9WsoudX@eAV6?}+U?Yn%`62aM1=W)-#_=-vn{2S) zTD^`EPB{8aIsSoQqWJtqMC1E5dJe`}+-zaZ3a5FOu)MyWfty5yd-r4KmqzaTTi25E z7)oN+JKQ0uiaiHBqybZ+*eYtA%Ssc#*4L*Nzj?V-qiev}-ZcYHbo?;ah1Rak79R`2 zeb$dDpin9*9LWG8v{u?MuBaTSm;0Vg7OC}aLkwRu!KkXm^yxu^{YCZ$6dLy)>4pBhy5}L2ZMkJ+i==u4KdvC7nu( zU0F90_>OFb2tk>r1U@CJEjMI@&QArGlkpivr>|#Z=x5eJoPyi-nC=$2!D*t&kV(JS znjCQxav?7zSJ>{=P?gM~ezvLUy5bJA^lVbP2&1Cp@tf&6#jN;M#HRnOS&?%OtS5$7 zxl{hXOm=~_Zg#aQ~SUI*| z?p=5;o(RCU{||1X@<^a(*a(kkcx)xbEk}m*OTG;0sW|fU;2=WpGwc>Tov&Zx@s>B} z#|x#DZ(D>kL{eVt=eVs8{-n722K)jW{zh<)&neXhMOn*urgke{Iv){_t!-M7#+bg@ z*H>A)N13WPNrOtdwXs>t)?p&Y(|Ri!?TM8|VZPsf2EE)2ml+8u%5o0H-t-c!FNcqn zfZ?*U0Kq#&SKYxBX9YEQb~a`>J7l`uYglkNoB!gaV()B<6w-kbl7AUa z2Jnji_h);Q-OE$H#%||K9sW#(tDZPTCgCAksZ){nHc9)%B%FXRgVCWYvuoX33uC$c z(g-9G*SA5yveX)}*~OOdh(@1QAsc^EzMDmEF|0WnBnA3;XjyHfQiCd;_Zl1=aSdC=EN+_04y>kydbz5as!c8dL8cx*0vLg3>JZi{JZA%9*$IplJ#Lus~a!%PBkVqCgTYx4XB<6jsWUX?n+- zela@~Z!|DekL5!oA-h79xSFKOrNF#IUjR)9L47}VM{0d(F)P(%rv_`)#V70xnG5i1 zdaiVW5d~u4q{4iUPdZ92vOkp#ZED!-UUy9i6yBYIEqXwvI#P_-RJ*1+*x}xY$gI+j;Mu6~01QttSHtiqiBoWpPRP&Uzy)!-oQHNF zGtySKA+%QBF~{Jcsj3N>6Fy-A~7d=!{M!G5@|=J)!IJE;>0;t zc_o^Cio%_TAz!SRA}KZgRwHFrhZSAg=J6{;FWR(Gf>v))xLXW@4Nw(Ul^9`E8g%Em zm+EZ-AVTMSOLSzaSf}=f@}Q&XvmteGWWxb-=VN}oK{CfiLt9&PN*Db7FwzMZ%4v8k zN~wfNJIH$NLqtfyf?Sq8?QUG=?C z*mNW^WBdb!M<#Jt+slLS`Ibjk#3hu}U~C91H$#hPMQWE{VB*h=u66`x>x(A*i-2Hu#!I~*tAq^C> zQsn{5kdb4xX$;eXYzC;r&x_bdU1=xE32L_wb4)i0_Xi^0zJmcOh#BI@n zMdnz0j%3udxDHj3G$vB3D9`(Hag_J~uH!WEaFP#HhujL)uIy+2;5_9eFQKCMYn{ z1TMD~jP`0UZ#%9Wi_!dWoQ5w9CvrHrA8X(T^1kpi4P1wrO=RphCreZzMeNP)7o6Aa zsSCCQmZAJ7iT77nBp36K3mh>RV?7`b30;!svs9Z1Qimj1jpeyS;!4R;(4*h31-6Mu zEl?WSJ8u~LZZyRwPj}x|Z4W;w-WuFPc0S;+5rL1Q4Q*TQuPzEDa(4AnPq5$3%=b&V z2IFU;0>i2=6Qu^6@y^9BTaY5n-6Z&z!Cn7|oeamZZxkRm;aS0$%1PmNCa_p*_f^<8 zHz^U-R%j#6f0wvycnB^#h>}K;ou@kC@Co}gm}~N6XM*3AVz~#?6OR|?szytCedy#x zqZYs~lZ{J8tgRevC~R0aD;mt%#AzST<y&x z0mLB(6`!M}>obBfvD7U)C|FeUayTB~zKT`FF$OMD+xeg~Hq57;)sW#%S)k?}Sty9^ z+cV_ZjXP{Ok$NC!Yk-Ne1PwLq)V;jI$2(w~LEC;@J6~16hzng`PnThC1%=_g^?NmL ztF@{$V-o(O-1_Vi)*al0|IqbO?Gl_I9 zRA}uYw~T?6Y+j%MDCC#x*dpgbWQJ31E*oQZfGsePE0{R|3-eQ&1UHFl^W~D~=W~H{ z_v)@y?5wMuXaglNugMO6 zdj?q??UnMcO2!#ec48px9lOUn!edjDu_?g>1&2>14_>oLvW@Qm6`Re;N;5RsEimVC z>{;;{c>3P<5{L%Bg}S~hl61whyTCz4Qm#__4%P(eOsb^y$sK%!g|jNE+IPcfp)dWn zX&Hip&6b34Ww_V-x!#fQ?TjSTUJMcPNfk|bi4GQQ0@O!)Xbren9gadlR*Lk+cR$Ng zvsxrqr|Qxd@2)RHGQiYx+0^jPY*r3fgcZUTG)=O{a@T@uE>0-lB*^*q5#0K))1o0l z)(Ln@mQi~RL*~dH6=u}NEz6C@Zox=i$fb7Xk#s(gDyXZdJ^H*O2Nk!oTB@>r_g#NO zLJZ0Pwr?(zlx>}&$6UljU6&urWAv=Ok4fd$oLg~*2`p!rFfU(h*D5K;JgpAG-Mv7EwY0dGkZMjUO0f^ZhHlIM6AP+k>Xe@0hDD0!rZ*q=l>mzg@xviWW z_Q<4Jckw~!l{L%Ltnb-Ul8WjQxjv~Ol7yr+>{k`}&qZ18wqHzl#6h8?VyovjeZdZhpt5^{)DZ8qbe zRddSZ(qxiaRdsVh0!CX zDx3BD5@}gULytz!XzRWig2`^=?mi!kN@(eYO8Fu=co?ta^t0W#1kpwuu+$)E-rbF$ zaAX%6uv^01_Jp1qUuH^D7p1N3E6^48qyt)rbE(ojl=k<$Iu}xSU-IixiJYGC9wy#W zE*MI7{qwTgg}aN^5(aNR`r*|sX1uurBG^}Q%c=zfk_K8gJDoZ@TGyX4BgeD!%lyeT zLk$5J@|u)m*~cY0D=AR<4Ovz1G17wXvL6B`I1#c$-iN-NAGi~$wt2Pfh) zn&R{&oMbg4oN(imuA-BKh?spqF`KI6(I2cuhTqUU&^pfNY);efP8Voy9l0L|=K5#c zwjVN=waim6Ep^j+HNm0YRDS!^;?!lN33qf;C?is#_(C95-0hYIBo}YIy#*Ar&)3@d zxWd7Hm8)Kv2%e_Gw3Zf<4wqzsdLRB3xKqE2dJVX=wT=vHPx}vfrgpp+``tWl2D5pY zt1@?|Q}f%v{UV8b%^)R6E2Y7BF9?40m#55!K|wbl3B2;RHj}%lIEpgMapuGTsJsYR zfJ*}0{^_lh*u@NQQy{8h;Yen0Jatc(F30WxiE0v?Em?s)AMQIOLhkHNStlEyGTrT` z9AgSIICfIC74h>#^9U+VauchycE*dK!pbOxy-`bf2z0NcgefV@G%Jw<_*tb|5*z-q zI{NmG0bU8Jf$D{nZ1n3R9w%^@`r0EHS0B)tZ=!W^Y3r%$YiJ z2N0@DcU)S$i2(h0?*usJ^Ql#>Z$r>YHRq{!jN1OA?c%0cM6~QD4fEQ z#pn90+R>K~%d$v+`>S>&Q$Zry*feqX7!lj+}?FJ&>mbfZicvU>R2iLbU=kNLnnB&pKn*w@@urV5E5rh=l;pOjSR<$ z{_0|`sM>;AgVi4cc&(QcH&w$=?{+`)^%>fb*YP?8t0B<-1e{U$EEo!%WOnI~9o#Xd zy(NPw3xvRgHGq3rL`UWrjDOiVwq%>0e!otuuDUiG&P1?9{3Kf!r4+dx&}qd97CG@{ zqljuZH4wLYfrE(>N#IA}o!V76ud+ph@P)K|K2!kFTVop~{X5!u2t;rdwuT5I=R%n z{v2tbWD3hgEWZs&c#jJtnW*L5*t%sdpaOe^H%b?*;A)eP5_9E*&yoI8U8`A8d@hVg z^s($*yziJR1tqWXQnK4@>rB?pfe_7Y!7r(D6kvP{&^4vmq+L+zF0wR&+A-dtu97;X z-Anu@At%2MM!mZi9X%R;E{xo{$pM@lVtGQ4e`o$=IOE?(aSl{LXA|wCF+j6-oF@2)>)?5{@6A?Y8@SmH7vSGNi*Hb223|o!0&k3V9sM=r z5EL4L8A9p^F`h~XHVw+ZExx~qs8QSH&%VwYw%{;1_7u}( z>f}8cfN+3Q`pGyd&-Rba;$3-GExNo*{odMJl5T_u55t&olj#_ki=LnQ92Ssh_$%KF zy-~Y=Cz<2PKRfjZs$_3)l;=hL1V5kQZT-0^kyfn18FVDjW_Om-@oxH89QyOYvdlrJ zm2>I#g0_C2?Y7-*W>l|IY#G&w^fPru$Xl%yWk<|)`Kplk@JhQo#sE&+q8LMM$%K0f z0k(*jc}tsRg4tKK1y`D0fL*kdUoKP0VaUB$ z-YO?mrQ_Gs$kcfM2z@QhEsru(^2;~?A}QT; zflw!}>qhM21sS%|aGFl3Z6SMp(W|wl&X;Wt1Bu2<+YHc*TnS8Uq8{&5qULk*ozC&G zl=z@kd)-n+4(ZZt@>cc2zN5klbJ1llJ<%|BtZZZgi>(+X~Nha2Wy z!Xu8kRV%Y*MRX5ROvs?%Ku{5-Vahq}Hu9gZJo)I7g)av?n|RPIk#6nPaQQYCyFsku ztlM|5meEzVtl@Gt7ovGRV*UJ zbBOY1m${3LD${lZ*5IdMF0)TQbnbRLS~wONsC|Y3wn-W%EmDH;AMPmHje8xZUdKqt z{1|b|E+&|(#yZdUiI(R zjv*G5mb5Y;XtnR|>i3UCS^-xIz^=B5OAV=mFvU0XN$wOz;cOJu3h5rlQ8+K~_7ch4 zo6ul0H~X~j(=Ocoi^@LH9frw4W{|M>lb(n`XkYpL=o9tJJ62=_=p-(-RT(u0hP-X` zrDg?BA``=>s>xclm}g?hyYPjr_*sWBF5pnnz~ro|*P*qw$z%;i?f0Hvf3HOL zX|nOWCkd(o?u$yxCMB z9`iD9YIFtSEh=_d$~x&cHBQsOG7&{KbR+4S-@7`#UTF1aCa2tp!BL%}1SgB06$DiS zA@C}+YdBf(u6QEkk9D9{(dDx+4TfFtZbvu*_e|OZzfdq4n~Nsc1lU$QymS;*iBJ=@ zvFrFn8#|Ab6|yu7K74M<^V4XlcJJT$L)U0rBk^G|iLxa!A~E3ul=o9Q`iWPjyoAl$ zm}64Y9%84G1ktpz()&ymH%RI+a!mC6?t#{K}($%VV7A$85$o9fh*UwVsH+e)d7x_Yxkr z=wez?)a7@ISB0WG)Uir}ES*lI2b+)>$7$Aidohj*z$Ah>zKLlZuJe9a<$Ma5eKR&T zCg=3j-|B1C!=;m>?gRJT&%=1CpVsq3Ic?7UvW0Gur=~%xxg9Hb;oB*Dj+9QEOMF&B zr%6cd1JS#eOn?eN@ZbI#K3S?*t*1aV0O{Ht;0`hCeJ^wD7g-+ayWE^Kl%<1~wLza=O(=S83VZjg0BeXZ z=o{w$y;$ z9DaRr*Q??d?A?$ZIO3y%c%Hn}Ib!UIRYEpF)=R_tFcrI7{v}5jFAS>DWc%y|6kRIB&V4T;S=} zSgEw!w0zvEPaoXvG?fXtvo#RKq8>RN+ISSTq=u;a4?0LP_JZc%-gm+K$-djV5Ti?@ zXAe&eV$5h>CJ7p|*RT5h%^ML_LC~f0P@4}b^u_HgW`8Db_yij@ z7ahK`H;^uj>`zV4oKrR6zl)aIgN7-aVCtGr8G#Gcn?Jfm3T$P?6GErQZ!5ZnCv>$d zV35lfU6Mv_^yifKx`~{V_T+*1wdG;qeVekT6?N=>C+pj4urrKPmFkdBkVA+`*QW0> zS!wY0EocL2z_K9h{?fs@%#n2{XHGID7XWyke7>Z8M?&U3m5q*?S1r?N5QS#2HxH8EiOPY7+S;>(}Plq!6Yl>yByhgZ}K zbVkMkglo^W0tRpB42H*K$|xGx$_Qpc^76nqo7^Hbj_avInMvQdU@0~H;F^C9zKAfh zk2jKIVje|;n*@_#h<3In2#6L%8Pkoh~L)!wrAzg1&Nid5JsMbE;NEO|5=a0ODf?$)metFNEhBk_`1IF(R6O5K9?uU@2J( zy}991SN_P__QK^zSEkar+Ru;37Uaa|Ud;2zu;4Ze65m&GMm za3{D1cNR$S03if-3&Cx13jqS$rtZ6{tGci1uIkD3%*m(}&#?bqM@ zi>;Vv2KVOL1*?C@Ga5O_7_r1BF~p0$7&yTSZO#*1gZdi4M%lWi}0N;_}eb3#izTU21(**O8GJHeB}C9IPM(~<}y!NE!h z^P9ns$IOj+qWp54m?0>~M!KjddyByy2neQZVEu?tluu!{J_PZsN+NSb%euO{uztf= zqiI+7Qkyh`XpiIj`LKATQItbVMwq+9QUbc!N~k{bAw-SoqH zJTQJ0`6eJ-s_tdkS?ds+ohZo3J;%l2%(E+5iE~opd)QgXXl2>$i~H(EH$1Z;be#I7 z1jMVK-S%dC8<}SLrTJUb@MQC@_}%khbGD-~`_5|=pR?%T^kHka51Ef(m^vU~@W~Mi zrC>ISIK`5LRgIu|KBB zQF$N56ADaf#|)U1o?V6}N=TBRN(PGV5hl1B>G~$e)sVjMo}N$NogP08C+6dkzr-t+ zgrzqhmK`dXdrx`f2|Hfw;DUDIIXg;p6WGw5WM)w6AJRbnl_}e4z?r$^{f6g$eCwV5 z+I5BNL(~zl1*&LyaeVa*zKrU6+WAbXgm_01Dk?h5ZDPGB)7gbV_duM?K)N!1?v1tD zPz*Ozrd5utO~~wZ_wL0I{F_jEedmTbNBvtGmmWNTtrqUf@BscI!Cl4Gpr<1W#Nu&$UNnw$vv1=OJc#CS*k*uI7=DuqHAo;xU{I?#$S4F4^MwWmvIf= zM4=hlx|y|Qj;49w>LLK(zhxWE9)Nr!FFjl(}O( zX?@(UihoiLd-vm`nX9wXhp*smlz#t*N-`NvE(B3z-(5Ag<-38rC?2-1!4^P)2IpU32WN9cj- zGG&4dJh{<7%QA~-2VltDS~Cseh9qfV)yYMdItqCE9*C9k^8o=huX?UrnTcel;HNVM z+fw-5Jeb@6PZgA>o>9h6mdEY)guhQHw>?a!?)aa}Nooc&mTZf7aI!^7 zTBo$0io*l~^xyhRUTO>-Wa#KyOQc>rwpX=3d~W!RLmeE1nFmI5nlkD7UOcgYJIGK_ z1%D3tWae8ZHpGKbl$@IX=z24_$XWx$cMi4vqh|uEMJVn#vhU~-3j!&Ij6Hs2#kaEO zw9<;|($DI3t@tbKz`gwnRBgEEytikH1EnRr{wj*RVYZPNu4+5#pP7gZ1W}7WP;t>fCQO z<$q{RLZ={^K2TLu%aCSZ_;KX?m&HcSx98~`ZQ~pqq9RFC7{`l1+=0q`QmeXW!>jup_qc`WFvR2^}0K7+8!fz)Z%4(X5 zzcHAv$I^k#4e#a{FL!dm;hm!_)A57ZTh_O zQfXB#Q;b)Ox-BxB{)NauDrwy5%3x#NVn43L$gNUu{!cCix!5rV>m&_GtlXZ_nX6dK zfq`!Gsol58YB~wUjc^&J78Oa=yR6nO!q8~BtLpL>st$c>ffc81tRckGqg#;#8Hg2ZRI=!Nb>N<+5z}+PriQiua znU+~LQ+d%aI!47f+AT2aoY;S{jWR(i&{CtS3y#g9u%0$RWjQ;e(D9Uz^I0Lo5o++T zrk<=9-B!FH>6T7nHLQ^B*l96tU&5nhxg*(0f5p2Se!Su{7|QnX*md-&sx^kQ8SbdN z^Mt}cQ$hScquvDh1^-*rn~ayIy^A{=J4nyL(;0%i>v~x^LaaTJB{?J&kSDTD%~B6y z2=H<6vzl&DF*h*$m|67U1FL6=eshLSQ~F?lvB5?AZUQ z!NCP8kK`Bvu*tvXlk!5#i_I<>lnzW#!>vMdH+5Z2mWhp1Y;1E5rs#SY+w! z0l@}o=_wd;D|$IQTUkP(NFpOPJ$nZa0P^@xd$<5#h`R@}YXCntuK=&0D4&oZkdIsF zzwAWfk?*AD;0*yFjS>afK)gZn5Gw~uC_BK()zZ`617ZpA{(mZjxRFZ!LD>IMBtf7y zE>@1%0wR3>Z5Z{C0|NkQS~==^zQYD-07Q`?go+OC9-aUZK7s!V9|Z983Jd>V37Be4 zR@_$rXOkjIO};M z{)H=T>hIVkkJE#ECiAyT;lZbX%G>8pIN2pU+(diRRg+~=5!kh=LQZe(`>h4==QAwW zan!}Tc3>@_hxf!}uV2};MkFL$8h$guml-ah?zN^wM?C`={aoIPLXW6WM`_ykF5 za_%036EJu^IYIS>A4$7~5Z|ayDA(5PFe#251!^PrIEr^AHhGqCqY&*JBU!K0s5YO! z?5~sqe>|Ma#L@RE=4c98tgdC^rj0KK6qt8uQG?}dxCGUs4{6~MBd%KnKE#OQ_Tqsf zhDAQs6K4Id1E?8_)*^SYxZji>w?)N}40{;dd=8!#Mv+(!p6QzyvVor!e>Rr_jT6K^ z3S>`&XDO00PCE)HA6Uw*R0?nxpZ4~;zI^vtc3{(0*S#%y>JM6}z3B0@$W@)4de9$B z_p`@|dzjl<0IUu6+T6UJ>?UW&F{QibV<2Q=_;%-ZX{3j)pi4@dSqy3?eE1d2n2?YW zOwuEUGwsX<=r_Tpx^Z{yA{sEyrpJ9()2KJ#*LjQo*ubo-gZx_|My_|hnpd?Ct5 zxXq)rVIzS5$*+%*6*JR|qz#gOavO$eWTpl=hhA(YK2iOR^_f`fQ9tYFzH%t|6I^&> zE9TdXf45*TRR7EL*~9(2!M3>kGUk3KmM<@T%ly{Q;pp}7lW@?=*P-J{2fFB=4k*CmOEFoJ zhvGegU9k68c0+dcn)z;bK33j6C8z32f0UA*t~ZYkq72wO$eV`FTMg<`SC0xFmSXLs zq?A^=JYenxf_cZ@G`9&y-cLWtUCg=zLz!9_Ankb_wX5C zBQpH2%(3>J(veqq>MBpis#~Tu%|+t=myKcPtX~jyO_O1%;@|x7NH)_CF}q*(FtWq2(Q(f}gs-Asl^n8&=%2D1~Vi-FBib5mj4t zqKzKl)b%kL^cD<7qQW-(oRvYE%~U>xE+maju_%RreNOLSq-Ig$$!PK zEp=U?8G-u_5j?MQ-dln0+A6wAM~_2|nLli5GZ~BVX^UQ}M-fCFtpgg|Zlvsbb8vmH zhpJ`8hxfgnE`z}Q*#P*q*QEqj`0a|jZqLuLI0ru>5p5GoKE~u#>{KmFM^5Lh-ww`g zUx_GJz>Cx01y&#B5?GV+g?xMgO zPuRnD0Kdt*PrgdoP{*~dzn!MglZ>3(8^;gAd2-dZPIC=!t3w5;oGiMNC(@P6cX;tOK9!a$_y4 z%?`s(EDz$wq*)i7gPILB&&k8be>TJTmJ$va=}>4EG&mO;&FUXJ*J}21qWov;#Rkjk zhlK|V4E%NnS8aoujh!F2apx!+aJpmJ6O-5j9tEC;HZM1WBznMXl?M!e_xxa(%3lCb zx<|Mo6GBIcv(S9;~QFD7vGz^mqn4f=i z=GULVy!w7J!*3@pF0CHWcfV*$f}phEnxP}4slUq5WthH9K9R_i7inqR%x;cY^T~!2 z?gyHaUwe;XPF>r&`CL8_v#mQr7wnsw;A;{A4JloL`UeyPw7_zIV%F^+!a z13#d!HQeYZ9=(=)L#x-V8=ZjJp-I3l=9{*Cer9vXD)&+07(m8Tn@ptWTgp&EHm>|~ zpNMHtz!S>~*A^!z*C1TDK?TzJ4Hb*qXHfOS-YFrGf`a1 za`Yn&EA)L02J~&SO|*5h;`a$>M2rIR*Uy^Mlk;qOt=|jGw}VBo^XA*({=?z5 z@|eTc>oF;qHzK+T4Jv@VOI$@&TKvRhaTHok7=t*I?{uBxH-{+!9Ln+t z^tyN^Y_fKt6gI>4VG~I?bDT2ue*M`1w4Ua?BFD+}B?3L0n z0K@1_%AhnEkrOVmz?|oyfQdwG06A2Hax)A54GNbHy)qfjKNM=|*#T=IVy*`z_$ zCW2^K@++J36fQKQ&e^l~KfvW1wFBSPE-PpT0I``iD2hN!&wn_P@0-j<)Hdfj{bG9a zLvChn*-G)3D)?}jltGyc!0@KDXmlFADv31!d1@_*bbrmwL)tqKBCm?KNw1ogksrmS zJ-sNG!KQqG6icrvoT<$%mlF1UXv)O(Vy00qYd)|uGfU*ls49~tDxK))3~ouNvCrYl zBF?XOnoDNuc1Tr9Q{}O+X_eDLGG)t{RCvzb6roN z(;w&$3gJ-EVU{Lkt_)KsE#pwo1IHhdHkIi8^h*1XR3^&wa{^lBlZrR>BV_cGFq#b5 z3pm*z>Z4C)ue9Zx+)0zSQA16ze8XZJT8m(|Tb}m>9;jEHygFN4&dpDumvFbu(a&k3 zUUrgEr1zO62-p- zbeeI4lOC9^rI?vqsZTa0BL5y-T57{AvJSjxvyBkWYeF-%Rz?H zO`^j~>Vht&drl zbuDo))|w)2IDYFtN}s}2F=+Pi@+)|+{Hg$_igRw^Ziw_6YjAfj`GgME+Kmov((@;u zE61&xAkixTR7irf9B%x0SNvym%8Kt2G_N1>5FMg(9n5n*Wc2zcw-@0Trq}ABh_OV( zaRMU#Jz|BLy=_ld;l^`vy9zej!CaZG)ODcy5Tay!+HLK!0zv3qA7mmr(DjGHrv|%A z#wvbsR0gfRxn5DIT4UDfg6KR(6+v^}ja_(l@AlceUsI%+5Ncl887sYGo@}Ed7VJ4b z_=_%7YkT)w_%7#m>0;*ZdcWV}ag?;n>7Gwi42*C^%JPZaXHXXX|K}eH{SU{+PzPd* z4N`{MKzsovNOnkm;kVczT?aqNzalos0ARuk;0N#`D|K94Jdu?GNEJH&p0IU6O8*?r zf08`FM4U%PPEbySS5!feS3p5PMov~DT>VJu2pm5tliAf}x3@{_KIz&{Z57%f)ffmv!u6ER8DtO%>(Nxx^ zqq6F8IK<*OkdGAF8v=M!hw*6%Q{Ey&g=YA`0-Blde2 zhMKUBdNa?jn|@+>Z-_9q$(eKaSep?u8 z!fV;;2s=d^dA=?f@S)EwgC@ja*<; z78np^gpgr9WB>Fe-Ry#?d+5*0rdiDVZ#QTKW^#Q8%<+N&AIngyqd7^#*Tc#prP9`7 z*NNJ3>q4q6Uc?!yj4k`%neKfO>-C<*PHVbc#~67nJ%Cfm*3kC<_VTJA&x_i`9MKeTx6?2djP=8pA)nJq<2GAY3IzECo(>O~d9 zRg`0>Ya~ZVNQ7tNvYeyRRwH@g(ITcXuxqMPsr9)H)eEL&uGM?p;KI$~6(1rz8!CGs zfh8bY#Kz&`?K_s=MZh!}PmkJs)oZjW9KAg~qxqE^V`Es6)0A-`T-r${DEu!54O5aC zAiez=^4cZs7kY(yfIf|bM!wL8$Ab$EGqFI6L)9ayVA4`9Op#^|Ww4?K#7dK$6NsaJ zXU%^$OJdJBsR)Sl#n6%;4HFHqw?cVCwhz!!21H8ZhQ31OMYD=lXGjYP#jZddNNPj* z!CalS417525E4cu?f4=cUgq;_flfW-VnhrDp3eSBEp$gh`k@}Z;!wNDsH+aIqMzm& z!s%+Y1{%rLG1-H6`@d97~CwnML4U^?A%MP6>Vx3d1y_gU+gUh*Etk+;&vdk$wL zYKDI2YERSH7fgL%+*g_~44yPTc)?yDsv(-H1w~DWegnpQ9|mAJ|BpjbiUVsA?8mfE zT7hVc50N>d@l9u{uic^u?-{-Hn_Q4jAfiEk2*WEJBZP|@ON7XkY5h%aatI>|>%GSB zyaBNoANP}h`c$aFfun38Pkr0fR=Ho~>*xP)6_xwo7sJVkjFd{C@hgv%Bc`QvbNHD| z2t%%#*uyVPqdS=XgjNt?JbwbsI}s~a_XDPhkD22ko-D=usCi8HXaIO!!Z@`jMnS3; z>x?8i(lFzK#;cXcd@-l_^Uxa6=5$G;OIx}i7N@?WY8Ind+a5g#@Z-ZZyarMo_Y^$% zK|jAI4epo@G9NZ>{-L?rG+(>?H@*h1`gZ`xX{HJ%*gD+?UN(`c-xK&&wHZ+@4AHNd z*8x>K!s{H2vPlt3uPF#;WYutZfoL@Z!^M}eFS+b13X8%bKkT-AYfRvNU2T7*qa9&w zR`ed*67;@nKdaay<|V^x7{PDZ#n?~mmY~-``<+Fv8IB?v$iJF-u9p;lNPuO3($gy{ z#wOLzsA(1HCXH|VrSXLF+u9-Ff6nY4o|f*OzR2x6Y(5cDUVa{IW@ZIVMeP3oM$PWO literal 0 HcmV?d00001 diff --git a/docs/on-disk-format.pdf b/docs/on-disk-format.pdf index a9a18d5c008b7fd9f066a2b4ff71dd6cbe371d94..7f6e5e7e14b9710d386214a83734aebbd7b5000a 100644 GIT binary patch literal 119729 zcma%?V~l1|v|!6tmu=g&ZQHh8UAFBm^DEo7ZQFKLPru1z=1txt^UjZ*tDNNA+~lsc z_daBbqT+N+^lUI>M|an6Fifn3jD!xx)-b%h4B}R{u4c{*;$4yI-dvS#)c zu9k$%OkAw|{4g%A&Spk-FrFL7+LLiK90=Q|G#8M%RFU2w@C+cN(N{rF_KeXlZe0_4 zrfj_eq+-&l?Y6J73DH*VJ%fx{;HLrV$68`k}zozBxK%3Fv+LR~1$&q3K=cmcke zzTE^@@M0IICgfe2rjG_YgjeZQ^&yURrW^(SMQ7i2gAMWbjUW3-oY)rV)klHd0CBOE z9Oj9vRT#p;(#>|y_3*WN#zQ_MtVrd%b1{Aa&ryQiY&l+RV}OpEEedNWq$$ecMKlKg z59ljREMmn_zQ#c~FOaBHQbYe>g@7he~{pVp=XgH#VD_rxFZY#q2#f~zv?V&+C%x~aXu9B zk-qZ0pl4dSnQ)LI&}5I@r){FIo+-Gb2l!1xX}8*9Wb`~E;Q#<4z#gnGBillnM228vNAt5eFZq+cFQteN+s9sj1v2Ja7+f&q}wY2?P zO(JJelv_m^R$xSgJH$HR+F}e~#GTrNExo?z!^U`1xmv|M37;s;YstS5^ZGDRct2%@ z+u4>5zXXWW|B6dM;T#62Q7A@%@QzPBNM;%3({+ax9;1rr$&EuAQ>@cUPPH~CV1twP z!(dL64JgiN(8gK|&H_D=rgvEI`hwa(%IbJHDB9LX>OER3;T^(MvVo}q$t^qy-4xHp z3F|xWj2ls*`St|E-q$KF!=$?pnbz)&G6`*T+zD`f*dLuWOogRmX1%!JRNg9Ep5(p*kGz}7TH9D_74R=M4$T#&n8g3 zySexa;}dlY=XC++asNu#D-anEjUAbLs z4AwV#%r^q7jLi%{1T?N~QK}*jZLV`gHOR6FRhD97JMnvy1MD71LiS>xHN(ETn_7`W ze_{u}D(j4nZ`}w5IyOe5>aVk@Fx@1$yH;)qv}<^xooGZqTIZSE;moWVbQ!d*z?*wn zgq>Z1_~gm&xOpFB8tagD!*Ig!#NBwz?}J_OUT}#mil7L<95yb7Ede}oY)6c(k2Stm zP?h1YeIY)E%S#?d*hJzkC)YX}8}9JrxuF^E=d?qFDj9nl7HPkOSCC%(zb+lr#+pJ~4dn3)UZFMttpP=3Ltx3=WcUwaJbu5Au zeoIP!w$mlP-d~xpQt3jH;yVs^3Xd{a8hzZ>88)ruODPzi8n$%1I!;`~Xa} zY^3$~y5PKjWO4#D$wKBvU`nMG7ow?ww_W8l&u%9}I)6gS;2H4=mZ5+GMt?}JN3yXw zbdfCVrnzSD5Ic{uy$iivU#H@#I~qP=J_o?in@Dd!>bjSVP6|!Bl=e$m8#e?jfLwl{ zEhAu%5ej$0-EWH!E$$30`QSJh`Eu#hv~TXhNka6_?ZUvMMm^YP|56yKYB$;sN=nua zl-t`pe_HeC;j3-BBLTU^6~A<8Y+5ht=RdbcycU5@9aBoTOo&L~kfCCQWF8Kq<8}LY zXWDC#K4RFh5Qv93W|0W%9O9OjyLkAuDWe_B)eso&q@Brf%KT1-w4u(7|9pcl`~aSt zSfhOT!@@I6KA*g2&-3a$lI`!UB3~}0K*g*maDfrO1P#0+Oa4egvzrPE9HXp@cAYZL zCC!oS!y$5;2!f^Ewx~%Ta`)#AgS@t128+DA#<|EGEtMX^b2Q_Jo=igu&V7V4iSbyr z(s#);MvwMKUrwqg|Mzy0DM3$+F+*xk7;A9eq9LisO;wk?ULL3d*v&Hh4b(CCmEjms z)7Ie3zH6emNLKeF$&}Ul=d7W82wUpiG}Gt~^wlR24ha)#GH$a>8xEdI6)vsV=*0!| zkvSzWi5wSZQ1T&E?c`zmakr^^HJZpZU>hp01woe1?v@!p=A#T`n~ZL*_7PmNH+_pt zE^8RFXY%*tZvrv7Zc}LbTU1L_x+z-sxaeRPqF!Q`QtZ4Is`VDCuUPwEA2lU5Emq)z zkiaj6r+p^3*bf^S;;S)7xl#yt8~pnPSn9WOI}C^ns7{@1ovgsW6ZDA$D{Lt5fPgJG zXrTV6h3zn{jg_tE{q2qaDnk7}+9e{zo8uUh7&q0Web(w5-ig^PQz^LL^R}i3KI&!; zTLPp#yC={s3%*V5dA^i4nN7i|P*oLU;HT>9UcOM4702HwZ3j<$+ogUD4vZi74pj94 zA!_ATbG4*}+@82i{LFf;m0JM9-&&ot(d!VRq4Z2v1TsDFb}?m5z&Px4uRI?!ZGfto zB{a1E*~6u9&~gn z^dU+vgn!FZ%acPN*opzxZ1~F;^bo5UQ-y75Bc%8sFACdg4|FO!X|fl&2T6y)#U_o% zmXI!HYLq;=#p#<;DOIy`Q*imSjI=_l!5M{GMqOf@x=Zm>NkXd95t>=XI;~j!4M=@i z;Pt=0P?rA|D6+6Jar~!sZIs|l&m6X0@08ua4%sOE6-*GBzbR-HJ5_&T{Au8FQ+irj ztrd+zCYzKm4HhCdFpVsx{87>WX)HIB`MY#rbWdMHL~js48}QTe^-!gEfQ{F7ylGQ! z{yb050Z@nXet-EI_1mN^R`A^F@_1i;0m|>$w%Kfw?lnLxQN?16g6Q`CdfePac0}rH zmY<82GDXsDJuL3^C*htdT*3x`OGN~;SyI9>yFU6_4xukv$eb-7mbS72L3jI<-sa+G z$+FRLCNLS2cL>a?b$dj1VeP$N53QK4a8%=1rk_%0Hy(`Az_oI-E zWP)S5rH}X2IHkcBvM+sKF{MQ;8O)v8I@82tfRZ_?WN3#bF1H2T@y{{_@<$-82KjFh zg3fBPT?Z3%!?=m{-B}UhuQd&FXRxPW`O6#}x$4@JveT;8kA+NYGE4lLnUR5IdSYEL zcioAI4b2XF``yNNr#=~$ahZ5Rbo<6@=U>=E{ba$VM`;m(=@?#m6@isF&YDU@I{19X zt(=%KR`h0Ll9+@uJ|J?D$T9nvIovhkaDDZ}ZzOZ_$nL0#oC)kD@r9j29~ssQi=Ya9 zNCAoLg!VVo$@k`J<>z9Rb^QnPve_ zTBlp?@e%q(M4Jli92 zV}$~_}irqeXqQRWnn-BkG$XAt|+G_!hhu!o2Y<3$K@kw?o53OM3b8f*KYbTa-Kf+mLwpH1?yk zqAuHgs>zsX?Sh_dX7f@<;5X z4aB0}mkC#2CK00cf+Ix%7O$gl@o^59r>1t3=|L32oKYN+Ze+feYBdvDvNVj~mlxoc z?xSMLmwi=nOGvzG3Og3x5mCuDD%uEcmE8|JWZx7^TN*e?zanpy{95Myx&GPM*c)%Q z$Qqm7kvD4=I;vMBa|59xE(P~0lPUB`kN(ON_-f^~Qmr*^@v2(s`A@{`&eL!RA)M6b z@^CD8VxWGB7HOkW{h51NlT-yM*sZ60@sJNn{{;x-FH%nyEJLTO7?^=)VH7W&q6#X< z%ue|*m$vbT2F#Q1VfiN@-P>ld|tuCOR{$ z${v`0Xr^fqy_*kIdTob=@q=32n#AS--i{by&gpVB=@PlA^-i5s3*%&-lRb#X{jOe5 z7|@nB?OO;!q-X&KQ+4B^`}&D&?%Atcn}h1-zHq<|W(b;hR9#kI>{{4LXNFE zeLfgl-g$y!VBA2*XH9t!ux=!&%Y?8JGAynYlgOT6R_kIp4_z@OhB`sA8aQK>+GCKS z$Blli;bXsuCYq{4v^EIJE~Gh1Gy2Cc88mT*gx4Z7ZB2i38kf%`G|nbdC_PzR7|JtR zK>sVhh#_WiBd<(&+=vB@GbNh(;Z(-x8mjx=YVp`(b&1NalPDausB_2UQ z&3n9Eh`z&p)61Y4Ez(DvbvOzT*k({!kzN_Yl-y$w+Sq?b!b#P zp_3KrNopujt*y!p&KZtpuxdnfik*VL)+vz292Z}sYj`}p&8^zo5jaVfP!}h_VKt?S z9B1zdy9jy3Abv&Qj}CV;dA1&CRz8BVJ8 zhun)Obiz_OPj+{$!o!6avuj0@YpTOcx#sPVT=Yl zo2-RBPc_jrmL>D#P>F|18uz~LR}Q@#E5Xuo-tDV})VuQPSH(!F?alsHuUkCaT0Cm{ zAkCn^HGK=#GSUazS(vGSD;d(6+&DmNl5(@k;XGb8Ns4@g9wBM!9yHN^s z?{kG8n`oK3(U+SY)~-!8>j^!w22b4zO*THZ*%$z8Fr+YKAH&>>A;p#ctY6b8+N&1j zX=CJ;!CU8=8UjY3<9J6cy@jiZN=EXmZ8{Da88xE%Oi!T^^|(VeHiiDemp;%vj%^=q zQ_kfRJ`p6}L_1{71dof>aHeR{b}Tv{xJsI3qv+@doT6y>HA(gjo5})TN&>uaX^nR0 zmI@=k+p#3IiWh5TaCDb#Sx#YPHdvnVFv%#@n3L5vn@q;kf9bk|&%g=P% z*Nwey`{cc|5b+o}OiR!lbDlm8X{IMql=&`s&v$S@KXgY z9ond$7_R%$JAg~tpEGEw$W_xNL6N$_-2ia9rC0s#3is%4&5WEK*CfzAO^HT>aPU!8 z8%n}rZ8g+Wi<#UEk@~ap$FH-^BU+PVs#B7QDfKG4%`@@Q=WP$6V1s5~hbF>AQXg92 za;GV$ZDUZwz>?0LJVA^ytwcT9y6?|1ANov#*&|Nw7e-^{Hf*<-WWG1cQ@X+5wY1(Z zpLc*Bu3qcjMm)rP@}<@TY&5Kp#jo~n#xSIKl_p~!M%rdU)_=c=~1Kv)~(hImUw znkLxvH0izTLi1r&LVP8$R%?PE2US3_k`h{kgepvuYtTE`D!O{^45Skk8UiQg5?Ext z4cy5fJQa_<D?%3ucTjxVQ<$Kr(hLiWm%CCc38+{^c zSH3LzR|4BAyA!ct>-~8ekDjYtD-l%UwB1R=lv8eE+btBN)D-vj-+wnEKud3;Bl(j* zWp{aDI=Sk_PklK)CUi6y_3Rw2QCSExORU7hD5p)a+aMjTjv7}R3w#bc9uKZ)Sv1G; z3B`%o`%}n?c&+Tfv?(izlX+r^hUSYntSj~Ap6-|Lw#8)?c+-nYgoAd-81OCstr99m zm<+;9>kbo}|4E>%-L0+{VbH?zz$oaQE;Ro3@B1R^MM(zyq5Zwsa+!NMxv*)PQ=g2x zx4Q{o7Yu`gePj9VOL7FXW9`vINAGtFQG;C@cw3hZg{zVE8B*LP!1lW4wAOYN|TG~@$FH{j00((*CkOb6soL`C%-kf)!Lq?TQlIoOB_+S)LZ*lv9G1n`ktr!irWd+J;WdYV4}vQ^ z^`ZZ&XRK`hr1Jlp$7f;TV*k&2c8$}SM9MXPN;3gw0z>s2cZL}Z#dt@riOAT}+6v$~ zr1dADQlTnQt-RR)jV7djG1sOmQGWNIez`2=Nd3F0^PBFiX|&1j)9iCG{W?CtNoOM& zve(bce&&X#{d({WuW-GG_s3slVmHRz0Eyq} z^Ql1Z7uzoA0lvwD*ot|~1)71=Vty}@be-V%AU^!kH+xa>V<`Wz4B=l@FL=vobJf@d zaO$~M$Ff|raGEo|Goh6X9kC~=U2jT@eeu%?e%|bY@Gk+2&)B;ooryS*<#h$9)`sNX zbEJC}+E0D~!ULiW+iwd0JV9(|>FtR@Os2nQh>uYUs7ncif`37fLV`4f2=cy6Lkghf zxzv8pmL@>${F>THc$QuYp7U}{=t~ln)5>{?Oc{t(-7CF&biIZ1_ba1*ThZL1(&nu# ztxtE#8G@}K6*!Zs#-Vwh|WS{3%JFI|zbvLyO1(E65SPsWN(o5rE!$8wyD>02UQ3xS`QCzevx2 zs(uhmCV*+3QQL^$Xdsr>hfjqK!SA2i(sBBo8I2AO%u%8Kyy;VtjRd=kuacKWC0NPJ z+c8(d|EBtzY&vnl@u%E#nEYU!I1jEq;#ii^rR+BN!UM_SaN=z*lcqyH#9|{;>4-1- zOPJ@5Q5!(+YuZwBwI?l9RE?TM?A&xwxg!xI(O`0EH+4V_{v4C5IboWL9_r5gnPo#s z`|2s<^{2(B!5qEHX9Q@9R37fHVY?%R>d6aQFt<{uOg#qGE(i*?XYF-awn2d(^zKPQp!>gewwB>J;)T|WAdFYQZ!Xat_mQ;3<#^TVv*y)Qsd~?~l)GiP8>33Pg zh*{LMYieHeMuj6w4}MJ0u<4s79rGQYHpnf9s!95r&cSL^?GZ%KhaTiG0;_R`0MGb` zR{+j|yh+^qH}Xcsw4zZa7pGCdgjN%pbW$$#o<>-{I&ewr&U_=rP@Uwv-k8|3aUkAZ zwnl}0D2T9))Pj7`{s(5%y?_nxrZYc#yLAC>PTja*so93CD(u6%BdYts*0v9fI|;Ib?m(7aAC_pgbfkWtKwMMpt;DC)o@XW%Kp426 zKj$Vm?BZaNFSSd3qA*nWoP=Tff0H1`6IUZfXu(?v(WK7DVXy8zhiu^)|7G|6JJuwIB z`gAzaaki|zj3_6_qmfb;OWq_J>aJ7`k^)mpe^d>8v-f44w$3a<1^m=&hI_avz7AcL zDF84!Ehl^fSF46QY_Bzj$!tFW>%FifO_Ga0nxhB-DXE@oKU&SOR4$JGyjE&D2eN#p zx1#m78OZ1f>I3=0G}hO-HE;R`Hc(j@Zi}P*<-J)@vp6yGhSSiy0f}ykN|39b1tP5p zS1AT?;*H4Qezhs(@f1$Qg-BXE7elhbok~CGN&PJC4iD$dAUFtH=nAg-1&&vIfJ~8# z4CO3^e+B%mBtrh{a(E-f9A)>84`$cu#DN3I&gKohH%N}ac^O%g1W(d+`C zi`q3zo7pN3`UrkHy4hFlxq2ryvuXQ`j*CbRF2Sg4}wv5s}^Dj#PORxS`pJ9@m(E*mYp?k ziV%-jLDP0BN7_5vJ0rB%u{xI~yR#NoPH~(`*1S+#7@<8wk-iWeL_78EW$&}fgx~kg z3S&m6SM}QRW+xzwE=^^ZxFs<9H$wx~VuL3f z6SqW&K3NvW+qXai&{rV)IL<(gi8TrIab^b^uqz$HorBplO*Nc(<8_5wn$!H!AD@)n zO45~PV%Uyho(}dIPkiAUXGHfH%}`jADbar4I$9Y=N+W1^eiiosojCD!~28%RJTnICrjo*pzd zt!z(%m8uKS51>3n7dBQu*05PxiTTCV=K45QH9f0QC1F@QeA}9y|1T!Q4{k7cB4EQ$ z{gI>65XF^vRM>QsmF=2;v93bA2Ee9r_SG(Kk=aNkfOlXIGFC>id3Qd4&*B8nkiCMG zdiHkSq#k8IkN5!%%SAdKD<`0`II9#UC1A2RdtV(|B%ZwF(TOzsyl6UT^S3r11?`9Oq+JK#Zu3W?r%K<$*Sl^9Xel3J7$bk1bhV(&9yZ0n%cVC~BTR zIpBCUbWP7r<)u@4SF6U09|p?ie(XvWlGHN=S+rGJ=G~L`1$qia^e7tH2RF%?$g6p@ zgR3OQ8H77NYS}1#>d5eiPf!hqe&*UIkvaP(8}a%V<-r2_+WSt(fV* zUrw`~SD~}}AwE{+&e0ls$NI?mc;s6$&J?=0RdA!XPBgT(4xdn_-3BVlndLvh+5?|cr zGyr2=0cZN9`pNB?4sEKB!lj;nj>qwYM~%}g%R09N z9lZHO=+p%squH}+MyTGSdx~j7a2c5uDqoXtR&fi-NM=B*RU`_21?_(1p1(?c+no0U z2~>&-KR@|!4)>8(c2f4Gjj+?{MNBKIM{lWQL!-feIY`oC^ACzg##O)U9rbhZ72xw| z<;a1;h4Au7FeNnEzZ?g9f2QW6?|S$aQ$@CN5Q~IpMW*!)U9(`0_fkcpSgx4N9yboS zwY+@9JWGvZ&DFiUQryp}utV54ZV->;Vj+A%8tG7qESQ)w>Gtak;}LNDQY`9#G*hOS zf%E_kXhK-nnLv77rPHZ9YYBK3$XPJw=y&L~AyG29+xIY3l6 zW-q#wY^ECx*V%#pYzHWfl3iNDx$WHjZL$qEfRIzu%8WsVcQbIHUxZ`?Yu+yHQBv}~ z|D$mpuwnoQvFb-rWO$cBgr(^-og)ApuDMPm5Mv=h;I`rJ(8Ki1@2HpfcqkwDrnWl8 zOwr|r7XM6u%_wxNOCg?p;XWk4L3(3dn$6lN@O`tJd0k2MUrmgi<-cWOoJ?H*w~0;0 zk+xpv)t((r6`*w!jC&#oA!Bk4kL?`bwv>51G{kbUC+s4MMIoyJE^c!12-6MgGpy0X zlzfww@%(u+g2Mt%60V4b3!S;Td;{L5!v`4x2oS_lEf4nxFNr);r8#kPmDoE6!yohW zo8l+{BL4iPsQVg@cYoDvEQWUDfu0MS!%r7LVI-3?v59{)=1<852rThF6Gef4qv3CS_SuG)J7!F;Q3f-i-i!$nwW4lGE4@Np-YU)L*v#x|U5|0|Dlp-J znT86x=nqf?#Ryts%2Fw}ws<_cE_PwwpftdxHEf1ysf&k+ZL%)>!#jU#Quj-8QU|UD zD_g=Maz?A1Yax9EK~cCZxa}dKAF3qVG?=>Y2DyKY-171ybhP#5;?NQIW=N6KnOJIR zy7R?{Mki%q1V(R8go3&=Zk!rrdj;vWNvIX?c21Y?{jWwGO&$T#)484$4ZK0$`;fHiS@J;IV1v zYM(Boys8z1sa$w9h-sA14sMo%RWaM-^&puzMV)}*L++w;%)C>9q&u3LbzAErRFPa1 z=t^Ie@h$F{hZX5HTC79T+&)L=uk+5Dl&7)JlA}{-@;8W|_R!QAu+5k_W>qn=GL~!s zB|yfofIa`WM;5;Umzj~yTb8oOnGBev5AP^XF^D~D$l3(id;H$@q?P}bNwG9S0m1SC zI5*Sh)m7k)v^!XSXp{4R@K5mTno!Ke5V zDu3M7>2e5Y7#Ub;RH1UR?ep{2&(3qq&wD*jT*JxGE0?89sOg-dR%aTWtINR5>}4(W zf?M70i*0vnwY!=kFBv}Ir&cs?2nu)T_s55pM9x5^G~_^KEHyD-;$nq93_gW)Mn8Y) z5!z5xKKny#iAG^6=;R^%6w*0Nu{(+!mkNz=LjQ6G)E&9{3Kd8IL%L%kXOd)7eor)v zW`3wPc8>n)`zxc${!b0ja*b3epBhdnMG9H05pxs_fd>l){ZqBuL`L36SIpc#;BHoh zT;{$vE(`Ej@QbdJ8OyBum)9Y0Cl4lWH&$F%4-M6WigJ@k%~V|G(?0a)No^=`d%YN@ zGkK+LO(+op9vDYB0)pa+`tKlV9wCHEjP{`32$Y_1yc#N|hWrtFE(gM~3PWf6GDG90 zFh#F^Mg;V=?K>gTk?xRK=bx-pbWPKuPMX49(~MW@sFAU*Zv8=FdJNLUiC>nj$Lq(Y|^hCDILEiXTtVD)1=ToqXmKceO*79#{6WOPL zEh|bwAtRHC_yZWL2|)3KO5&xN5^lT967KZTCgg|y_`ByX>0m=!j-eGBOxPsIOTJq5 z)U$ci0eL}j8eTVQ0eg%#;&!!lUzwP9ZHr)O(t`COPv`O-(bF6gL7>-M3 z24xD<^h5CiD=cCGrDmf{y&8uow2p27srLo=vN1wDAi;K#hR$~&HfxG4df&RWUkyV= zTg;EP#siGGv5rqo+qsO)n;O}{Z-E8-^)unztlJ`^s5(Ky$R}L-zswt zC$+}T=&|dA=B!+7Xx+v`hDuCrT`kh(m#)e!L7s4|tEs1KQvEzQW%;&pA>jdk8wQ_Q zS&Qg?8tuLZlPt-75gLK!VDKO+QSyiwBg;}w(#J(5hZHP~U#Sw-N90OuoYdq+8W5kQ zDnaza=1shF^&zo~DDr<2vB;}Y`!itC$LUVW+Z3L+59d?D6$HMXf9W0%&IZ_|!Egmp zim)!R5Nmgig3AkHtsMn?yzj>EN#Xze)GGXIxTdEo&oN^Nj)w>_c5I2*uGeE>H1~L2 zMMRWVQm2@YKnbs-$m>#$D{LYt-d!{%GJ-K$dJqw_V{aZ*ohWWnQ1jWGwN%lc>8as| z6Dvb>>2JK&LOS9EzkJHoqWx6uazd=SQM{A3c>Uogw^sAb;1SC*+fV?^&A+-3!jl8b z8@u@0jTCHI*3F)`Hf*JMzg-Wo0_C?5YwW4KJ34IwHKNpXFnIMNt+o?=x93g|a>xt# zc9XM=@xO?g$Bwq-+ZxyrglxhaJ-D!+Xn|vh;-K_FvK{)q84090V?+GKiLn~YIiN4H|B!-V<51ySi~lL7fmJ;J5afXtvM6}0L~@LJKe=TH3srYPraZ;nxGYkH0CY;B9hfv9Nx4>KSSDt1B};l{kb z$a>w}SZP+%I#%&vai=7F-j0}Zy&0P$M|5#Zf>LLD7>~e-G2s;q1TBQ!ohHFijL^nM z!GGt{a$6JYOa9TUV+ZpR5*RJ1;N5(oP)`-AFgMeokzVq?3PA@@IC}UH{wN(Jgat?E zXQMYGWhgVzL7H-1mE}|d(P>L=5u7S!XCd-1Xa%V+U*FBXJ_k2$1g`~-FZkY-UxBb% z{&Sjj!P%Ztt8NZvj{EWJdXqD@8z}+Gs?2 z*Sbi9^>Fd@>?>)QkizcRI^LsPG$`U%h*}iO`}+^una8{7K8R5-j$Pdbl1)ml~b$&?u=@ zZh|i){do#-^z>%aIkeCA$dod_t4B(B0Zi-ow8pTPXBe9Lo*a`hw{~6*@_2BJvl(1o zj! zJI7L|N07~j$TQ>Vda(~h*V!Oy1#%N`$H*25Uw9-wUVu>d^m-jqm^%3-@_?~!%*y{- zY*x8y;vBZW>f5iD&n zf|oxt3?5%2 ze21=b>*^z?-7+uckYzj0_zKF~mMPf3HG-LPY)^4U%bM;{~d$ktAM6D-jA4l&8_lVEHGFGPbxemX}yc0)3A zrsXjpiv78Geu|A&qG)U(?$sD1*UeMzIY-~YeQcD3wfAmM#FmF}y!;T=GAJ$QMiuFv znBzDV*Tlqs9u0PWPB{@cs1k=SsK@OI2a_}@oeS^b`8vOYZ(jm~mXV4aN>Y=o2og)3 zj6-bE1~YJ689#udJgx}Bzg8kq3T9;*X7r9*&@!wd(~x6?+pWMPIKlFm9d#O^@}gmJDDnyA~M?;I)7Nb zEVy=C4JFm{*>5>Q5+FJwNKkScb95>IK&&~AhWEu&@_Y8v-TX|a_J{*@ENALLX8&nF*As9` ziUX^P-pTKn4P6U`1s*k{z-U+>#-$lpr0x9)Jcz_|)+B?Z-%4$Un~{RC$1{E<+|@98 zf5lnO-jdv6bBO!MHu%DLhV1$CUxk^2`M)E~%$ywmS7+(8woI)_EBwx@M$YlnK&9vf zbeleyrIPFNpGKPoOoLIuAW}>9@6QtalyVb1gWb|-V@A%^QEx?G-!Dn8Pdk?E(g1VV zI`Di|+09LcO%8(=fuCVJDKbR=Pv_knwSVQy5OJZQ>&feU3&6JqK(8xD`0ib02|M7= z-xFtHQSZY$405^Uz?ORBa2qvJ;zvHrnv?df}h#u{(p}hND-mDkfaE0q#meY zMwriL4Jyx^DepVUX)03CAd|{vdif?Ltq~-D7bMVjWEQT;HE{JQD zGy8sAp0fAZ>z8zqz(*9*t;w^}t}{>El@q4bPkc1R3hnxRbgjXu!Cm*|+gF+8FweIF z@B008DQ;*6#({Hi6Rx@NwRjbsveAU(73b_}K(_orGNb^zGIgw?v(z$h#hXzZ^%AMA za-VFyK9@zKgavtB=f;2<#D9uKaS!(S<~jSA%I71XeVBQ-Tjx5asEvDVc>vUy`K7gR zdhj2NuNCKzymE+>dDHujtzpa#KOCf59M8Wu&FIVjORIvyMqX1+lk<`_2ftHuHh9a$ z)jQWQ-|V*?+s&Dv>uMEfA?XwKA>rRTufF&7#KP8h+2IEd5D|ibv$LnaTOF_c2|5K1 z_}isPQeJ0Z7$poscg3#}2TOCxRxUZ_2gdcQX4yxq?Wb*xo>E3=ca+z`Wx6{iBx=lSfu^&q}_b$Vj5A$X3z5g-lJ-f@L`SA{5`^a86 zu1?wxu(j$c>D^^9d&4V5eSEA)!xa4~z89lG?+*BIgH}a%yfm3%OV+yd2;_53ZdP|& zY{Cj-XK{AUi8VZ3uU>{jR7qGZ@yxi}N|w?;ZBf+<4QQG^d{-7@a9>9LabOhs}z^8&O# zOcYCbu55Z5c$uk-XH66*YiL>m=M$n&+bDqUN_o;JaZ5T``$5MA%gJmX_B{1HrDj4R z3PQOdepo@J$5RsdDx5R8Z?OJUPf2K6b$B7qX$eV%!jho6m& z!%8C!Lm19n&FTf$sokT%jFj5^ZR9Rg%+df=wL}Eo;sc6Q4 zqO&M+wLYcuDNI<5+Jt`$GfD3LA^aVZ72Fjr%K%=ArbZ!@e6HfwWYT9p(TxrVFcO*^ABUh;qfJaaCk9+yU{EU*v zz?J9BM3s+x*IW5Mm|@WIMf59$3#RjMGv3!zA2BfeY(M?kr{QwiXXg4EU`U+v7JSSy zv{H@gipW{iV{^9GRV$2WD1}_M4Qb-kU<`81m?uN3BH?6VfT<1o2O;O4JxYxqs7e~o z^NJ7Ko{46u=j!K-lt=0pob=s|O9s7HpflCU079z#!}Y3@%{zF<8-0;yfOpj*+vN~b zO`KOxlf`!Lvd~O(7d#D#6bE~@9ln?&^Kg@;a^6$2NLKb1*Nt)u z3CdDHF5=T8nk!urkH;DxFoD`cKj;jG^qqY#ILJxwD@%?;CJk0%J2xJs@-+*{W&5HP zj#&G$QgM!vJm)gu)Dle}h6RvFWUh4#mT@PxjVh!)aC2E2TK4qr$xzaE^=k*_P}?_S zG=DRSrj`Cs=RH_EI|=Br<_vCmrg66DSSn61wj*?%N zGTB;hpX$xmuypLmvP0o#xS#e#z(d28lqBbjMsu6a8zH2ab{_2dbvSd7k|w&GIrjB> z=#K>qkCLjnD9vpjAzDwFDF1zFFV3~wFrmPNc?6l=mL+`4D$Wz{cffpdC_k&-m1uK+ z3-YQ9jJf(Ry|XABCyPkD_}PfqNxi&(@iJmA4ZY~k368#1#%H$~WZ2}h()J0>T<^{Q zr2C{X7xnwC9=d__LgW6zXtr&h6eb{>sBP56N9aeET1=!CTwpyu(LeP1?4e7PHTia+@$HgUHFLWl-LfT43d z&gE~~^{Z=WX*PcMXfRM@-U}46kWIOFG9Lz0cQo+s!?T>*Bj4s?Ggx;}EiRMUTs5L7 zGo|WVIL|N7{LPrkIkcq%h@E=RcTp1!$xs!2a8OI~M!=~T*rQw%&2(mvUnH=Wxmn%9 zvLx6`-@-Sh``2uI-h}35F!92!4)^GgXmHfZjYVCV(z)$Z&$?;NXB4@HNQ2lbCVMqz z&!o2Ul^Un7o)Dmy35;$-APC2dBwa?IFA)RNhb>?!UAQTFbkH)vMaI{$oXd`{VPcRc z$N$xqAgaqO^T<^dc%Vjhf~z%63iT%PzT6N@SMkHNKV6ynIqEO9qyuvL@4{Va7%@L| zjnCPMs?0`fmsyU;V-NfWJgFcdPo${;T}JxMAzNLfw6wSl%AHi1YJVkUeC?6ITKTAe z3!?@Q);tMbtL8jiKEL2gvw%NKGoR#P0Jp{+18@OWDEfBa9U=w4#Q>tY-vc*1CvK>( zt`lYL1Pd5>UH`h*sc#~lbz`4#j+qzm*TOH+O&fqecx&j&20E%AktUC?AJr9a%aG_K zX8{che)_!pdcKSi;V-iQixNCVeC@KqNR}WSs7qJZOr~=uZ2e(3^oSGvjm3=0OMR~1 zs%d@FZbdCb8>zNWJC%&W%^yC)nW6{FRs;6rriWjnRr##}w!7*faM>jMSkyc*6QP2G zxa9fc|9sB3L5N7~_2G#}xm zlotwJlt-OztT)+An~d2db~zKefZXavyZ)Z+eXdyh>3k`0IGzDHRqbzpp?heCO$FEG zCN=ClZ^-o3qB;8MxgDwt2p#NT{Y};5=CdK=uIXw+v#n+Oo4SUh;?=*$4Y7XBp=)TmhtzRg%FfimxIH>< zIPRwNbF7TBr~@e{7HPLTOK2TQ>|(nxp1@~zZv2y4q%ptd)@h5?0F8RFbH#K}=BtsJ zpJBb)5oGldK^b7vQn?QH7Upu)YCRig!sc`B8Hiiq!bt0(%BOx?;kQS-VlFMBtnc0u9A2Y%jSQq?vxXeI-6 zl%rhO<OJ$C%hX0Ba{;OZmRPv44Y0h3MhgYzZ}H@An;r6}I~cASd$l>)X8f*&KKiNf+b&rpd;i@TA^v_vYZWHJ@xe=zoq z&6!2fnz7Yk$F}XHW7~Gewr$(CZQHi(ys+!5)D%DwBhg;&RgJRq;<6C9{3ew+0e{#-m*~ru$LkQ2ap}1NXzuEI8emPcoavRIpT&iyX}iMXn## zrCYUx?QW=?n)QnRLmZrl1L2T*Qci2n2|lfD*Z6xENLxS&^a_~>5yXtJxUfxSMv4TR z1C=0v&$bA+&z5-XOhriL(m0mkccaC;Tk(_lOk@39HA9FUPFyb7ic69Qs`{eV+Yk)^ zEH(lx5zWkx8}D~>EAbz+o}B8fK&cDak)+XXM9mEC`>zLta%G7*wAVd0<3O3j$2xr_ z$jlD)i~8Nss#O)T?wIFnwIJ@NOwLOKOgs5YH)uB4P8asC2M%fv_b{LXJ2%G`Y`k?5 zR<`bFuPHkApHdgvdWyn07>~{*m|?tkE;Cd}ZXPHr-wk-zfb2hu-a@XZ9Kxj_t;5zN zSK zD@@^k%ymVN%rBiNn{@bFNuX0(i}kQJ&bw~8NQ9#6@-7wv8Po61`r0U-=t~W>sTl2| zb%|blxiOjh!}JXyHFYzq;ljZdmD@fYW!Nn%BtU7=0PP;9x_a?6i_4jmxH^DBNyPOVg9u?PWMpDP-tRIi zmn!-Sq!9d_uz62Gw>9uoLRI%wGtFupk{f4PUd5X1LX(^;E$12b(BSc#7!JOjpGtz| zehi>3DoB^uowVys0C)&s$Iq(QFQa`rcmi}d%TozCy6yaxxP$~e zKn`$BJy!aaXQEj0iUGfQ{6J=bLW+wg3?A&+o_odI z>+Kw$1O!d~|D7!y|1EmwU!?l~YM9B^YOf*bgrELGdjf5(@&?9YXV8b7!Q)Ba*Y|jL zKEmi4>$MF>rL-u&<__!^kyA6zr?|HR9L@^iS9~stv53LFNx!|`jo!7|j_UpF$9kRU z58MIV-CRemVi7Cl60hz6cQ=`eY}Ch#r(#k0UXBXow}oEs_vQTjRn5odZv|bnM$T_u zRK+*B<4LE4$?;gbo%jrg{JY;8F06)XmXj?rXzzA|d-`*`y@dV_W`w*OPF`S+WR@GR z4eMg-o1qH@abV$BjtF)2E?5`^;LqynHfMA1Q$s_^%qLZtyo7R2+(wj-%}R zj5Ad?ffk*~uFtZ}PlzQq{)Ywq?i`^bD(_YXIqnBaSt!XkTHjMK9q&yuCKHM}V%M;? zOuXf&tILK!y1r(ve@!P#`5IrGem$LB;&KaFZQ-;f=wVaX59zBd!>w7+{TaO1vwEK6neZvTL&yfI4) zYDEUs`wT3T8&0bps)bRp8#no7MObfe$bUQec3Q zF+lqO| z-;_=#2p&o844tMf=18!KRI^e=-Swb1e)Qk!_nthh3kmXBAnwztwk5%E_Dah~f0-Az zZ0?lMM?FvKjAh%QB6q&1G~HqB>Hu#tQFI;HVpzDG>QGj_pu+EUn zKTl91H}30(L*_hdrKP?C;TClI47;@HTMJp(orI!SJCrM_*Pn{zsIC?9bxRxz-M;S0 zO4ih#T7_>oJ~gQ#*=%U6UOhRA!+^{Y_DF;hW@={p5V~ky^1sGP0TrT@vk@o{V7_|- zA`a4+ClVfi9Pkz(+-JWW_olzOve|_3J{^pfKx#XY zt=Q;Cq0?6*r{_iJHQL}c1=3dN2x9r1(R{Vm%=<`%@tb{^JN*zw;t)Ca9@rcPMXs~y zowOTT7HU{yAA~Z!Gz;mo9TGYkdIq`4hu*Dbq_;Wc(Eqish*2M+gi1QI(lS7-lD#Nk z`Mpr%KwNz;J`F_eY0c46aZ~ zYt|TV;SS~`qoNY3CkJZAqjY|teY?R2iews_bNE-5G|(n{$jo#WLVd;g)*y!k{|r12eXSIme^;qd`}w3kZoCzmAI55$q`Vp=R+!s6CbyJ< z-;!{eY7g5u`is8jMxYp%o1$D+muMj(RV{#axSZvwWBL1uHrNoz0J<2%p(Kj|>8X*5 z?_VMk`Ub2WU96f;B#}^V^fi)F_T6orQufE|zYle$dd9d|Y^>Z_jHTHw3#68aU$Lgi z2jtQPZ3ae3E}}me-=#gxaua{AaBsx`74l+^JrZ4+UV9}a7pJ~4b85oO z5kTh%d6P3)xlc%83_noK5?oOJiLKG%l?QQa^dsZ(hRyJTKw^9Sdn1@OHTk)cpmXP9 z&>?M=I2y7k*VfdI*Q$i0uE52t#*9I8ZRYtn%aYpoi-Zszrjdv)N??$ z^6BKx8fTNjbAmM?e4$j>p=+6U*q*aX+qABU?v;E}tHwe*=)RI^yVr!{}R}DCgeW**E=e5Y+Oq0gg>L9N@@W#-KVwyKM$P?xTI>w0_ zH+(ANXe)uWtZr-|G;Tt5?H!d!^+- z({-OaC?Hy@jXe-@h3lIhfq}|flP^1PZTRp+ZrZz*Sc@`<$o{FF_(cQoccl+fV}~^b zp=}(D*QGjSbe{ADTd@oYhpuNphv-grK9L9sbA86WZMBswu~i=e2!tiA?W&owi%QwU zPfr#0Kne8arR@IHvpPl*oYmLoGOOC5uR15$;Teo?66*#oV}}_mau_dwcIUq{>@C?# zrmk&DQU%D7MjJ;*nkAZlt%)kMP@YXk!97zwfpubw8^QljR4kT$R=D z6cfd<@0-UdWZ*2=A?wZ%K&%C5a~+L?0*CIZ<-DG+#2gT@q-WZCJt-ctpO3oiS&^jh zovH+6!(MBcMROd5%$Dd|NI;8mI0B$6-z%oh1vxBwj-x`b*RD2wm`?A_8#YO|KPTtD z2UdS4u%01IEi8h#Q|TJo?KUoL(Hw!E)|pr1nN3Sy;_Z1(0E$ytv`h53v%9w2Y>(WK z@4DyOE@`By0R>n-k4J`xrk;#V{?}W$LJpSbt#h9&jV3w}7EFY!=k<czvkYv;n$M(t}bm2JAsa50OTjB0by#NyDdS8p}Fiz}JUS(K;Q#nRMo z4>1z+aBPlT#3q5Q_MPBSo_Ee;e@;XP3?QU9tl;V>`Y6-r_mpLx@m`q!UQc<~qMs4% z;A74gjB>V!vB~ZE%(gAe9+8T6^Gp}}<@xG#7LrvD5ky}Fz43|CT}u1Wbt9A6bwQ5injU@8nx#w*~DY+>Kdx+@bj59@!?BhZkaCd zk?eFO98-gT0XMzd1~B8e+<)Q6v*qI>1QNpG9i#*D*@;?^a^k zkQi^()bF1h>$|W%QL_zXrt+pUkCoXgCBGXQf#q%TJzE)yW2_q@lLxuMXy=KlUl056QQ?;Blu|pd#X+0?Y(*^QTtq_2gH=fhLRmN-E~eVxJqw=lu`Si zzK}{_W_a;8V4Xu3) zpJnaNwAr8C&K%FZHs-r44)PQ@c%JTg(_^7SZk8cBN9!$~>(}_%)Hb}5t2IZT7BOz( zu94cyN4xullxiq>Z|?4)Wyqj@a1S)|3OBiU>g!`mi)v})`E=vO`@Jr9;D-hq)|%g1Tlcxg_>-|>;ra?WAA%r&L(Sp2?^idSJTR2*Oqi_P zM6e9Q2V7_tv&nDjmWnsiF;kER*j8Skgh3i18M zjvvBD{aN;CW|`hhY#(<1y1FpMXn!oNsN=k2V#VPZPixHUrtxGYds5XawX*4}waN=q z^HCL-U2UJy}UoKOO1s{`5q)bWr`Gfj_?lYPa)E z*QGcgCHYD#%FTEjRszkXH};h4h`z>MBt%#woGKN=3pnIeVPx(@#qlZ7d>Xq<;_5KP2;Nx(==HF(- zDY%33OlFIoR;eHgOsQ3l&@XF5tU%4WL1C=Wio!jt9&)b#(62e9#Kf*Jt%&j02ZWstP)cOssEOat9)=&NAVaJz2erZsNcaawG_V!2<&CYEjs%Rqk?6Q`9;Daxn)Yrejnb2>hOEhI(;u1e!~;1u|e|fvO5e5 zOjC5kOXP!KFPIhTA463Tbrjc7Mc}j*j-nyE3E)0_lpk*C>W*D-soUAmqhU(Bnb3!l zt*+k+cs7^6e~xLwvR8vG;|5t$qpejvme4H5(l{RGjo+l5R>xnKmO8OI%wz_)ixu-J z9*jreQnE7p;?M6QkrsWQ62IR*3Hu@l-j0-bzi%18?PnL*(Th?`AT2g=W_{XTOM`&0sZ)!5-DrjwLRG2Od9qlUWCg@m7ZDkchqF)a^@ z6%<)D*m|R&VuIswg(pZ@DGKlok#C5s_N#Jrs9598kxrkj9(n2Vw+eJ0qtyhmRXpE{ zt>R1?EHY4bOk0zTy4YrMyb!M9`c?XB56_=IKm1x>|CF$=Bk)W}ZgQDNO{RT7FCFR+=u;Drn#G zQCxJ*SRP$eBnwqXxQ~o@)9gk?Ulvt3oO+QqOhh2LDhjF6JM zp+O2UIh&@70KqFYa$)|7KR-hgf(CW22bnglP)r0mS5j9|)a*mp9Se=C z(p0_Z&=Pt=f867v6xS4eOIvADTHgAO8?a>rF>Q45QJ z zmLBqkS>;ZTEg%}~!=S_=`By{Qkvw3MicpSfNqvE3x`bA~_VVabu5pD^;MP1gV?Zi% zax0(uxpuv`<^ljw(%Mj?JBYC+=lX$j&|xCoTr)0C_M z;7w8;PZrva0(oi09Xk76lp?$=W8ZcEEL}7%shNZ&?`nQoCfWjoI#=}PKHQNMB3rJ7jw-7>ZlRTce<~qOZd}c^yVs)ZVr4K&WmfdDZ za$PJk5Sft8pGlIMi+;HZ{^qs`nort819UQ-;ae$nCg=*NIh zUfJO~u`S0*!f|B=-|hw3SDz}J8kG&Xuf5T@U`jAxWpZzt%;GHjj+A|tf0*e|QF+hU z`}?JsAab4`1kp*<5r>_-wUE4YY|Ep{!y=GSPu?wkK;tnz%3<%bJ*hSDdgN8PZl#0w zW9&@mKn6}d)e;3tkU{hrGu2=2QPy{~L(qA4bQF(bJ%}(*9fsgvN+eX)Hv5%TJYy&- zao;Drn>!LcFKRUG&A>^_te8|&Yo2DE?5rsHoiI zY&P@Owx?~eyIb72eko)0sqs8*ew5RJYhJJ9&eo#@A=QFroUAFt1IsdBDMMnFVUj3G zz6DciNPpq@-&+zc=Wf0s1sGnKsvgZ>_Q;5-9G;?jdM`X6btvzDNI;Z>(%wOe<3776 zO0tu@GluDN?~3h$P_{u=JX5p>SETI2O1hK?*nYvwwcyGm^R_vOr4)f3y%=qxC4>>zL)`2n&BUHp~5NfVNc*j$p zGqG;7;^1CLjMksK{cQD4c$>|3^87O`UbOOz8u6>x)Vz~;x#C7Ks&z-et+Xk6S2-ip zDkC04m;}@7#!IkM-a>w4QX>W5R0m3)!YIcJl&ZlL{fz2&$?sL8=rZu`gRg)MO^WP; zjT(97X+%vuEJ)>HKRd_+u`~rrHg%n@1XNWgGVA7$Z)DRPuSHz2D}0ev> zeWepvrj5UcxDiho!!x_FPvL+rb_YTeLLPqdH3Qbt0>wlicyxxBtz<%OrRbe+t$b$9 zZd7ipSSFkjtbU3a4NuWW@&!_VFn0oT&o(1b{~9||AcV(Kr8n8g`wUQ^pj z2FbseyXbIx;~v(s(s7btQw4kGKblvn5+GZT)GG6`sT!vL=}-1NoBPF?Mq&li z=?nRivA!F~4*m6WBW-L}_Yr!lU7{t?Yf^VSWB1Xkz?~{n#9k#0?ra2)d>(%Slb_*4 zFPiXUT`K1_)@JT>)zBd+M*Td>cb>Zw{{Fa7>WlILEUs>osc?@U_hskzC=N9D&4Fj8 zIAK{#RJ&2Tlu*LV;vwbwfsTf}8|gGwz0f4KqYW)~dCNJ}9UA_7g zTqX_rrTs5+ZFuo zJxzBHfqpLho+t#K2%|QwbJyAbb;i#xfJOIkgEoIxx2I>#K9`QGvwnBSTp-`zMw4V4 zOjEBYN)vP2INX91V(nfcC+%3oP#KiN-VvdS{_EB>-})vRboyYg`J|ucPJB1h?Ym3B zn2h=m;?>hs!RGKr=i(Rz!H~|)u*FIt=NJ?N)3iKcr&4+Hu|a1CyA^>Cg{_Cl0OUuI zDb@oEr#>{!ZhNTmc`31L{x=i#&JlUMn7W0qy}DW~;c*0H%p>nm$0g0f1PVYiNYIP* z8=SWY?F~AO%GsVJPFNwL0;WjPbxsmRjXwlwRq{fuftfJdcvTd`w2*udTAF5Om?y!* z+(16pImPW;pGex}*1SkXJD|q|X2v@T<{Wj$zP&?@)w4uyp+wKkObh-GmG#~^O@Vr{ z_UiyHw4T}m{q1;*l{Bz2b(O_jsDYeK&-j8CCZSC0GTj-*JxLp_&gbuAu?ls1+Ml)DR?utIQ(dCl^yq*y8zmz3}h=ec;e&Zyh_xbV-!q)GLB!e zp0PA>kWV9JN@)!iCW*EH*`&C7FY2#fxZ&#gMCiN*Lj`)s^35(NPqvuc~Bn?ZqZaQF^7nY$e1B229+vjRbU5+S|a;0$ImE_1gF z8oA&?5#`1OK96|4Z@l0rkuO1Qqw-y&{dj^8IRop>lf!k`Dqc%(+a#Mh*MF&h)J=7`7rNwg^%N(|qHQV{Lm9@{c2I4^j^+@{mD@|MiEyu-dMEyeShb|BLx{)QoslA7X^TyEBb zg+?*j?p1b1^@I9UZDc1m&fZ!kmrs<#zRf;U`-^Z_(Ib%+HO1;#5a2Uvw2$J8mfZwH z{*vv9Mhhs{s7vmO(88-uN_9D>{e{%P^DtuBp5tPMq1AhR?;_dy``=l9ydhRPbR)ui z5x(@fa1{tWSk$F|lCWrow;l7l=FT<55mW^o{*sbFPA;dKaPek$1G$^6Bg}VALTSeW zK0R7lyVZ1$_sZ2+FF^Gcb!k!cAwoW2!1OlWDHA&a%5;T{IG9Q)WM*rX;!<^_#^wjl z+b!RsJ5!!FRT_&=Qbpmj!91^X(>A^sG@XDdjCXD{1rJ=r2)W73kIVU%<2pw+Y)>KOMw{LNk_DG}XSXLI*6XL*&$-2yrK9)ue@=HiKY=GWj! z-zIjBmn$P8>xR~rQd<(rOtAaE#T)AcY<8(fFX6==g@kLmRj}o{y0wn9s4JlBud9i| z*mCx)w>>oi72_+j59Dxx8;%(YgncZ64w?C0(s_(rm^K>}H7*x)vs@i{aZz84BqFQD zu+vwxd62VRGUt5Y-}d`861FgkWqV_C#4_151^#&at-K|Bi6wuTy=Wv4YLNRCkrOjO zyfh4geqy}Y11lWnG$vEIWKLT+R$tdR7vIJ~*hb=j#pYWOs56VtzX{JE5o}~NQ~&PS zaoaUnEJ~QCqiP9UC2t%W^EckD3V*YgBF%-=G_Beq-%A4+Fi}Yfa@AP4xcGLazjG30 zs<-0Y@ZdbYTOi`p2*Z2;L)}3ALPW&MJ-}zON)T%&Op1gq;!zo!q|ur|KiH}jV*8N; z9M0xu>RFYi73h0Gy4s$2wJxaXo)<;)yT+D&Q$#?hE;%dSD-F53OwWq3X!4g2NtW_K z!!IBlb`3IwWGN@9i&POq?S71T?O{Y&4+XaQ zX>gmSMQ(7lM?k@O5Lfz5SaT)wmkEMO3psB>BsKr)eE-6ev_^uNMuQ&i4l2xD zH?+eG(dX>F>H6CPb?R-nGHFmd78_}ejTliuz^0knJD&~ZC(3V+bxfa(S}F9 zXdk!nopPffZTQtly9y}NqN6lJ5$XhNi)zkoo63EO_%i*McG0H!n~i4ni6e7|=7Vik zU~$hV`x2n7Tr&Jvuu0{akLHAl!nQ8!T-rQfNv*+&Bmo7onA27mbl3ONp%Z873>3ul z947+v8^Wk_xB?TqPRZ3&)#5d~R55zF?mmHc))d0+2CeprQ1*n!3zzB}sz153ZuXl6 zIvd?jU(0`X^_ChgnqRHZq+ZFe*I=WU!i}spBK5{%izBoeT+V1yZfwd*5YUFYJ_QxMJA14;OZkH zO%$|=p`im0UcByDVm$G=`z!|Rz!-7iy;dVBNbCGs%C;!Oy{$ItL%i6q++MK_p-_TG5_48*_ltsGz zsG!DL>>$8CuAGP9*$!@qohxUTaijlU4a-Y$)`==!R>m%sYIWQ^KTL01eVp2??=q<< zT>uvCKMqGXZ+^0DmX+_FK3xKF}JQAIraT zH-4@GLQwg~E%QpYqcCgXtw#9o}~*m{i8CXC-)95c`x9C6 zrzf@V8+zReVc&fLgvM$2`J%zxWtQTh#_EZGEqW`Iv?7)#<)CR%CC{^wpE*jIZ6+*k z%=DCcnNgO?xZ_4h;l`{#FR{{lOh<}56tTpfh;|pacOOGs>25$M@<#KFy8kNYqY!IO z^_lN##FOh$2MnsxI%mDqP~yRszBh@%Jaq^+D|}R&KWe!P+2b|sSM2IPcd8eoyziJ0?QTd}(BT!NUQKb|J8NZ1^2~A6 z6}!qFfYf&b#t&KN^;!VQRRs81FZ-+FdP0~~@PJD|k%jOC8tdyLB8Snmt@{tX z1X8;wSZY^+l6a46&*e)-U{IYoNKx^Zy~wxF%GFnZNW##nJ$^Qdbc&x5<#Y0>k_3k+ zb%@u|ArEpqZHL+u$sxPGfWh(L3 zDx9IZFfPb3>?kH3ML>0Nw5PqeoC!}mEhx$ib=*l!$pk@BGbC2(u4z=d?aV*9u=Bfp zf40VbO*?}@EbQe8Au1YP$4tooy?QcRb=>M}3wG+NXsKIhRZvU7)>XS+^0dyWw_N0w z2E)J9t7fhB9Jf%lk>B2JLD*pCIms3#ZD)UN!qRX9P9!zz33R-K=mRt2LPg<}2*84; z;LHq#AswDHNtP3@2ozH!@}vcjI4@CeI5=2(-c`M5DB)5_OJ5?(%|U+0T; z75%p1(@6tMO}O?MKNLEMG0j5u3W*0Pj>A{4mW=*=<-HT!huDxoBXQT&m{DrcPr-8n zV6=^O_sn+92f5!16^6bfdw9vDnG}=`y};Y!#NK`FtM{`<UHf>Z*26A$~19knRIaJAkE_3q) z6ECu?)$L)FE}dd#5oM8dpSkuaXX}476t^quvnY4pdHS%G^*M8{dF_jJPsM)0>YD27 z$-gna>XM;77=mUEP%DE0=1XDStVI$|5!u8A>_7){rTDaVXZ<_y&cbYIY_Y^9;|+yk zi@an^Z`i#^oGP!T4?=+~WXqdJf_ps!0B9nYO%y61VdCG9+{KB1g)3;DdNg43a%-tY z-bn#|^EMm3aj!9Amir=G-sz5Q*YBCeqKDA{Z5T2&SxYq{=0{(7`j0K#AtcTZp?WqO zHY_Zo?g(OXw??7lMP<*N5_N}1etn05Lj0?7p`)kJw?GxAB(NkOV5>tj$rjI9M$J7| z>IUk>R=)YADt3`wET9ytN!FUu(7o2OH7`Uo--_vIh%n(tYWY*zKn_q5E`z)fXJ}<Jol2akU< z-Q|57zNXyVUMy3C*?+pu@7zA5?>zW1csW`?d-;ZIlyEz%&vT2_2%}-xX(%)-b7{=7 zk}}p&2`3TURA-NLm*hb%Hk6xLV5Yx-(LC!n^tR?XOd)O~q^vhmH?MJh-uD%@Ju|v^ z!7U^&!i(a}!$V8TVfM{6RW?>Ge*pKzr?X}O`%VT;w}*P*uu?3Yk5G6QQ3?Vw_Beoc zM@I0Zp;$KpA%c}|X<;W<0$kae6MyIuG&p@;G)?WqN!7|u0`aLM-A$p@RBeD!dEhA2 zRUG)Wnfn!bkEjKRoFURewr#~thY^zVSCBdbCwjDIokgS+*c`2u)cYPAtdsj9lc%c9 z$FGtUysF{qv7RY|N(=vy7P#MGB?T?5=k9vl*`6t3;Q3|m72=C>j3jliEZv)d$UI;z z@jRxyGNXeKB%xs^$DkE-ix1oLY!)yEQb+q&YxuxaP6B)V1th-skep9?LWij#J3|mm zLI^Jb*%usABp`#7-kd70$q`5Lq8+N;;f5dxjM+7#I4n;}U}E-UPK>u{MEBfp2}(&- zFnC(Y&l#RNQW*;x^{F0$ud3@7UM(}!oVkiAUU$ctNevl<5}aU_yC=ROBf*+c@Ryc6 z_+-?V`eW}h8wvW?jkJ-)@K*!Jnz3QGwhz&3t))5)oywBF^48D!@o90`po58UW37ml zLPSXPMe#BH7fsZmx)}t;g+=O*S2I6qgr56U(TCCBT1s-O*S6JdU8T4-wH*|hWuNmM zhIJgSmxYu)pDKMlbouCWMKsS2{aW3{9SmHSM}Ylhe(UQo`+ZasXJ1UrUZEA&o*I56xxYY|lJzdN^3W2wK@YKe`NbAe5Kw~;D7 z1>OFl;Ishi_fZPs@j}yw&}?0(E4Qd238QE8D##m3n0iSk2HdN+dF_<$?%tCfMtI^C zp4Hp<_UOXe-s=xe{#f5k+~gkph+e;nhVAS=@`+DmrWh*t3Aa#G)0Vha(}q*AeB%|< zh6}`fme}Zsuj8{Xl&W0}Xw#vRSt1kyp^7r1997WJJ(>!d?A`ndm>CMzY98!E@fP}Al?DEI`)&oN( z_4&=8JHG`;5X+S5s(MwQ14IZJ&i6NhyS7V-E^giEO?RS=mM=+=ync;SgZCGuYOQ|w z2(K~Wz1U0hVoY<}der_~5=Glq+A_)e^jq8)w_H|!$u;vXc@;f-uKrNB(^E(AK(`xP z=Y8qSG)jjFQ)^2|bcWptIb6A!&9SbxAMeDvl?*&qF&lK?n692+x%q&$APtWgC~=|d z>;BCmAXkS{C+F*3z*u7eS13Y3e6s$r^M8)uS-khh5>VC>U3x_CYdR`>6)OL|hkz!l z8o60jNh#eM0JdJnop;~5%FtqMBd92D z*3*2s_n1NibBb<4(phOFs*g|5Tm?j5y)m*#7cAFV3>9+jshx`GZgYGK6>*iY7BoeS|^}S9=YGL%x>nkA}b=huBHo#EU`R9wgwZBCzlvmZpk}Us3 zEz73f{rY%J`vaZi3;5^CJx$i5dgEhq20U|Akha;&Tk>CtvhDgakJ^8C@WhTqOPX>! zAm#kNl^f){m{@-M3QBqZnz%+YxLu9#`so6c;@ri-pDL)z+DdPcY~j)GR~v@yr6GEZ zI}L2F-rq19>K|iJ)`PiAmFK8aH@G^~+XPY|b6_#gKF>5tmhw?II2#yIEz^YJX{=-B ztMFECJi5wJYP?vCKbGe{tdU4#MjE?c7J|kad#06`9Yw69LwYK9laMA=deO|I4ZHTnR3H@Ar zkVrmf`FwtnJkC}qL0m?V31(c^dDW4L{PcDXO3Jp~*vH25ViDLQ#;LIrkAo*}S7yeG z<#GoBP7$oT4QJ?kUDEgtQOQ77PrZ4%0R z?LH2U*L#8@4~|W!Aj88R6~BLJQ6UZg8liOejm{osB*z2_s7>iP&Y|dW)6VXSTQ=(7 z#M4F6Kx!RUV}zr}hdI$m^tZ+|pci-D9X`8K`^n*^gvGIDqW>Cp3ex~q3PkV}}FJ>JAjuF9_${hrU%RibVOVSDa1 zNK;KnbKmPWFIi0;Qy=WvIRv#A zNOc)Sr+XpdWFRROF!ah{Z?nEFgvK-rH3^NAE||>8wfniv^aX`CHZ%G!(DHxmKK%c# zsbJ#dWd6@m&9N4DEJ^!+7}Kbl0#isY;BmPABMpSGGv!jp?1)Y#r{{p#A45r^L6tlQSOYMGl?<^ws`UiX`N4Bz_sL-kPpUX9D0Yw$XLG@SES zPdD<2Uf(z78koTfyo&Mh!*92KC;&hF=V2<~boy2E;CYsoE75AhhA{*6vIQSkpP&#1=DD3WK%aGWs?Iek^+?ccoVtjW%7KmX)L$SQSPFu& zKiR|*f;4MC1(Zq*fCIASUhQyCmDS+#8M4`v{F@6=Tl(vYZe%9rLYsWA=V7%z*%_z6Rz#lIs=ms%{&gV8r)EAYoX?k z*_l-jbl0Uv%CP2f585;P3__`E&+pJt^3aFP-hA74+*mA)BpJU7zHng8_j4R&@P-SX z7v4Lq84Z*I{GpBE7Su}t`{YN-n*O9HwuyBsZOH?9Z0yYye_u8-(S`7li=zQhCH$o& zPsS%%5k+tkl|K#^b6mxhguV^k{UL)s1Gu*}Nc1zXsM)Ju3Xv2_$kQ)|1zD-t4%FuO z5mvN#eQy2z1b7BNntYN>;a0^PZHR}QSnXAvx*`%K!D~D*_k9vnHQ_aACF;<>Z7CN81r@&j3l=SySLIc%k#siIyqLg<>`AQcgA7Z3knA;c1REmX3T8k@Hxmn5 z-hKuup4M3LI(Qgg5E1qBwmQMn*a`1`UsHGhe}_M3`~HOczB`rblXgGtezcA3$`6%+ z1pv>85JJp|Fq!3x|I@Ervm$-urhg?486Eogcy(nKav*1HL2J=apEU$f?DTDdDnx9^ zgKG&yx#qF*Gvd1m=pwUp6veAAoJGBxHBYt$rZ7x<|D!}9_^_5z)q2Ja26c_*2Df~~ z;Up1Sdm6mrg*Lt-E?7g74`43ALv;F&s1`J52x7l21rfxmU!?~Xei#;hw=c@|{*6tL z#?d-=8}OTBl??UHmF;za&$TQ57yQBf%j&6-?W0=uce>NTZLaiodO$7DUdFs%)1YH$ zLkxL{HX3;BOeqxtrD@3>M$v7PcJ9e2b0G4WZ5&wGsWTK!io;J@-V(JGokZh_AGyH} z|FS}bzNA##LLkQeQ^j1P6p+6dYoElqwnJ`QZC^x!(xmEfqR_1=0b)(M@k>H!Ru@ob z6?^cvH!71ige|SP3nmkCQ8+zs^)t4x#UtkEkKftygojAS4d;H~b{=~bW6y?6rCXWh zV%05Fa2uNJudz52Hu`voEQ5P|LEXM7^z4yy7BRycR6bdD;)wacSfvOo5|QZL>;l6_ zvAZ9>eA{SN()7L7Ai% z>P?~wEV&el>1T%578?f1G+QYpm=M}#NT>n{=u!(o)?y6S()#fbBX8l+Et4rz%#16Sh zjzg5b5O3L7DaxYbL1quJ7 z7^etIM}YZ$aGd{d<0*r8?(g2ejS13OdJXMqNru>=V07Zy2llAt!6es2FL^M30j33G zQvN;>M3w^t4Rmd3h&pON@R|-FPuF=pzTX`uu6b>~xnOmFTjixe+y(%Og4m%}vkZ2d z_5o7dDx{FpNCagfuom+yLO`@rfkmW1LW;{4Q~PR1lvt@W&)b%Y*NNz$N{Fa!!~3Sj zM$IW=N4M_1l4i7s#cdI0=L9IBG9OJB9=}M_S9G|?;=&g))JN;KEaGHnnPyZ$ohpGl zo+?}g8tWg_X3o5NSvqE>EO3;uS*KdRm)Nh4n*xQKoTv#fRM~s#CA)t$L3$JdQawlH zV$LY_o-~Q>H6n*0W0v|AA{i5p9(8eXnm5itNfm`C&t(K<`I40os7tCl_%D+NuTg98 z^cqu2G+Dg9CU8;?V=TqZ_9=OT$qAlfnx#Z4Ki}03|2lq+WTGi za{md%AjPA=;k`y-Uolln2*;K3uEmkQTI{$~Nix=StG-G45qe4szg)(vFu6+Y*9NzZ zz#?Ug%_!gX4$rF+qP}nwr$&(W!t=U?upoUt-Jm> zv17lSmodh}c=~#N*|N3F-ZD;9NB`AfrtYn^H0CP^$z#HAk;l&(vM#`oe@i~hPLm>v zDHWhZV|Ye$*`6gZGuXZJv^6=ME*tjHsH_aHCYX(ghX!~?`#Ti!r@HFhCsdg**GWp+ ztYherDZ3XEXmp=L(1Dz`lWdmB*Myc9BT?%{!8s!99{d*RGxAx*sopI&5W`v|vZK%I zrR?Kl9*YT!A2p(8BTh4HL(ybFWsNQzdm#uz3I^(h_i~3U;JpX*J_NSB^WAv>;JwYm zzhbJ71nFu(KA-|&ZTIpz67duT$ zcP(VVpWkZ{?XEDBQEmi48D#YCsR{HMQPDTGv?u@W^Y5z)tY7wU&3$e=_fk9aY9a|r zaRDYjY}gj*(%vIH+4vZaig1f>2jtZib+7t{iHi%E{0yICCj3dn^Gfnj{T9UbILa_Y ztUT!U%I7v%)tpk0nSpOZ8g>}c72P7x2lh3#&>M@H?bHz z%YX(FUJw}GUJMad2R5g|`zHVFn2{9reXx_cBGGVf`;A=!HVWa>Y1yUmb*vgHB<;O% z=CL}_aQ);>sL&!#&JOJIz{FXJJ$SvutJy$KU$=au_Bz_J2LN-BRs%P{mCxEg~*({m<(?AY| z=**c7Djd|OK_KcFlkST{5OWm2$}~fsoA1?+)P|vpxuQtH))=Z351W%-WRug}ceVdnlsJ)Dnodw+1rxjZGw|&s7Q)oUP0LVk|Jp8Jwn4VYk5&0+6|1A6I>Hb?ITJ+59|2Cqv zrOFwD&5Ce!Px%CYk&e?1$S366Dr$1jPB3(8sO0>Y!iV=BrH%6K%F@NJb~auD?)Y&k zV4`J+7S6|;yf$&Oc|AF$X5w0AA|%GlOk*N8rDP+1Pgz}kd6%_R&#nE-%brH@Sf0D4 z$PlNGF*?)XcBt**w(J;+?V6TD#q8^2W+6uu8*CkLUD^H*O`s)^rt9AzA1+8ryIXGy z^1e}t;3_aWZLC{;rOJxa@93pHa%qX$!Kr)}GNb+XUR(@asYL z)%QS$mdf2Y$QsGmP(gxTx1fITA#ku<9E{kcQ2-yeAV4k5G_)wyF50Kz2gWKi@it7> zJL&gb=^!>yM3KiriOl--=n#Jzcp;ImVEv&90(C|#7m|kX0m(J0EW}jUd@{;#&TH2{ zh^ai9VQso4T1jZNxU%%mJhd>7R#dK|85X#yU_f9+2%XsChR7}@cEK*KECsFe4(Os| zak>G7Ys@_bgW#mBIlplo@fom;Y2>oza-9mfiZHHdEEV|D{m(;_vA z>dmnT@tS{c__xzc^k|)q+2p+(o+GJmBE9fD8ogS)5+H%r7^GdajGVRJto|rge=vJ@c?aU}*%&&1<%V zG8PnaJSGe5iUi{*`;J-#>PE5>w%~dX#;LvY)r~2~Abr z;2oIgygJ|`#EJDgvhgs1$uHp8U!s;`2X`{}MYA89ziA7b(!k?=g6a9m7G%$88WtBU z)QWhFlhU?_5q_5mGw@A{KaBr*=j)o~4e2GU^{A1~zAl>NblTGh4Uo4@buRNHbzp&q z*()8SAK<>PL!;A!K<3{5_I=Ro?t)M>%jPO5^k8>MUj~T@a^GE(G?4kEh&e^*K3-LF-x4 z?A~Ke=}uacxn4GymPIup8$2Vo4g)rR-(jVcz_}`Jf--8eO8)(QY4}RG)#whDEOHd5 zACi|7jnxztR>&Y3b9mallIDWQIl)n5q&NDrJkK<|=~&y`r;80ROuBI(ljWk~MGN=> z2u(s&A!w21W~sH$A;1|5b~M3reXupk!x2CR&M{a?*ny21ly-%im?qkl`Dsk) zAREdw5u?EeMJhU#2KZ-j#!LDqND{ni^_mma3}D5jEgn=(^)@{IeSC{DKQX7kdc2Ip zYQ4-rl~}ryJ>@}T5=I&On!FouC!YraSRFFKMhj~=Za19&H5yk3@QlUe@<+dWQ1 zv09M*Uk%(UmKgVC?|1Yt6#ek~^tA)EjNM+wQ^NwhkI8cOBRtt+a4q7t3k~u8?nN!$ z^~d>)RT{7^ea%|f<1C7d%cn&EY`i%+FE z^0Ue$O3qXS53}{B`)+U{h^8{a$a$_i+=1DWoiE@XY6if6Kp=Yd|BmuR&%*L=a~e&m z9o82t2$%P$Z+=Rnf3a095edlWL2c0sRo7fPP+q@D?or6qv?qjt1ZL9-Lk?~-(-bURkeOTPEn zXcs-2p=+3-4k{Y1gRHH~c!D!Dpp&}_szml-+@4eHsAosRiLaLfjh%64^att_wl`^q!u6H$r?U_YD0TwO zPwN85a(eJXD89JAqP32eXFzLHcu!Y&oFmV8JiERj93#r$NP(UeOpG=NxC*w&d0D^v zr`NS?r&Dzvq^gB6f`ohX+jLW*$0k&%=-7I~7$IZQ`b2CEQ4|Q&t@2E6(7j501ux>9 z50M6DRFT7+gn&ZnWtEF7)gNFq_vJK-5mNYn;66yMVAwZHv zSH63mf92U!T&GCWk(kAPQ;*)aA;1+(-?L;IFe5=xc2YKsh;}*=n}(CINO0PxO^26` z*5K;Ah6F?J41m|@2k`Of?CE}Wc`nIZr8kf+RNh=KA)7 zpP`l1j+k)=DcG8h4?t$lk7f3qPVY5n4!)gMut}xSA?rw4$Kp;yO2klYqBjIVRE9{Q zS366eAH>jr6R(5g_9+01cw1@7eD5+zp+W;?_crNz*4SMaJ=-!j$_;Jb@va9y4Gmn7V`v z$n-$JO3os)*76)j&R~(!W@$0bc+c>n!%_E(P3pjEQIU)|?SiSQZ+TaR2_bV{1mQd~ z|8K_ID2h|K8mDQxa$RiZsz^e)Ve1N=ioY(ξ8`yoaaf(@$6_Nf4ujyBTOV zziOQ5qo=TF_+y#pIKjoCHTUE!>c0Y&v61o9@3hM@N5>!Zm;9=8Q;3s!K^_~y&rOs9 zFZQvK%nCK|PFa+nask`OBBN{!a%F#Pq2(tiPOWI6>p*Jfc?=BF6!>mIr)HY^OZLvW zk;y4;o56*z?&X%t?G(TxtvY^xjWYw#bQ1OK0NM-O*$AC2nk;$8Gky=l{sA!j^8_4J zuN8Fagn>y-Y6H-`ynLhXp}&`kU$Hwv`ivN231af`)Zi)qFR2Ee1A(yapl|tcRb}+ zQ&dGUa`2;b$mD!O@#mrIueE+hv+~VTij3n@Lt0fyXyYtZ zOSi?7r0agi!y~&t=49|lV1)=1nb4lMU-2@=qW8%b7c{@fIKr{zIfEf|&Jz~Bhq*h$ zMN)JqtIShCot5gHqQ|f11UAbYwZ+dqS}UnAI7EMHneQ5)jp zWBN)h#=;0-0s0J>T-us3l23;*5k0L>Gdc{K_T?I7DLd9FJ)UhJuQs>xE$IYW-JLpw z)@{QR5;xe1wy$?T|I55rIo5ac5+iRe!N`Q($qabn?e6IgL@1QHdjrvFO7wi!DJ4Gm z`q1#%IM@DuJiNAY#1Mv;ZOP=%Ace=tgHEQ|An zL;KzO;cgj2vtZ#^)RLkmF|_#g^5zVQ+5+KCZtJ~6e5b5oMjh9(S=?TuSEEMbzpOfe zW`Kh}#Z4tb=Xak<#m7;VGA~K+tBlDK5?h_wI<~$PCF2gDqglOA#Iy)Nd0d^pVxXl? z>q!gk-h#}~?<3-tS+QQW?0b0TB`GHZcg`W!+AV84csT3FS?F%Zw9Fd6#WYLXut+t2%wvgGi+Cw$mc^flUsRe4*|&A8U4+1HpcsRH`L}@tj>#82et97;U(Aps|~nl4yPs*D4G< zq_8SOXe{mkMRi{RP$ZQ7dyJIY>^Z(Fm9#rr&=1@Ttq{IZ=+C@M!f?6^xElr*P!*iN zEar^L>}xxAHmYBSa%okdr~by$_Tu8hW=`jH*vItNfC z4Sth^Y^67CH1H5vqKdkC=|fC{y4I$bM>i@zN%G9T&vs`J+1LgHE6f?vsk9Q77s-=fGieD%MY~( zy8M)*%=~oorDDSq4(9t!C8l4-4(1_S6RTt5p$oIr zk>()9oTQ5~8wCf$QfZ446*vh6KbFmK=}#5HRrtdbQOt_G+=R1AY$Ak_n% zNT%>)seA!MpSTc%qV9xi!wZVPBG<-5KtKBxBjV%$N%^qRKOP}W`tt+kE+X3po7F4s z=4Yz$`ULK7oo9lr%PXQEAD%MI?BKGpw#i*`udOwFKNS0?dq z0Mx{!j!gp83KnCWSlA4|ytBp~FF7G7S2^0!eXC%(5H_4tlWDn8u;mY5B|F9mX-^1T z;E?}NTYf9Z3}}{AG=aZb3kHK?T-+#ZZi@eT)*Hw@6y6bK-pe&lr6cY^0+3S?7`voFwA%wc{m1-2BofC!R8%pG9Y#1fp;wAy09%_l31#^ zJfI_mCoEANI7aAcVA|wO*0Jv{!sskir|)n%I6UlxP}$@oR_X`tVk8Vz_H{%%^)5~i zmnf`*F9ic*5@W`Pj^biuv)f7Tc^o{MWX_p+mUOi`Ty)g{l9blS<`$8XhW=J&ntl!Y zR#-0F;bD@%@aev`@DCNhz}LMu-d}O7LgUFTVr3Sn<%5NbCEbB-W=P(hv_+M%^Xxz#Ni6|9 zwemF+%6q?gBP151dmLS-M&>d^-Ue3Sli8w-FP~@$-!VR{1~qu9XFS>LqC2yknwBHQ zGLs(vFc!%+)Hh{*qG1 zwO=hlA7{3EY}e9SRrmQ_(~50063;lYqTGO=p$d?PB%xjj+m85zX~@mfKEOkf{o}=m z!C*HYGqg0``Ip7as_Hj#+Ts&ay>bt8@eMLzh1ZinK-3e;+SwZ>W6IT~q%-7p-$h4K z0f?WB)0{I$q30Fx3}=a+jiLuv5NUT9jrEBzMWrt-bA5!QxO*|8W35|`cc-wq97?!* zTw-SO?6$lj&C^zQsYB2W)qAcF0T1<2;2NvZ&&hIM9VujTry+c7GU1IfQ(bjYv!=Ff0|`Fk}(riU?yJ5gJnnSEVNbWJl0J#BX> zhd{p`Ub?ZktlEgxId!mh1$V<7OFeD`^}xzOgvwh^#m|1JnPaGQQ))e{J*t%hHFa-5 zJ#X$|i9Lw6#1wso+P|wQ+=HK>BX=yF1O9<#iz5us*f} ziy`ZQc_$5Zk_&#q`t%oCPAf1q$hY-{HiE$|>weycmcQe^ZTqwP`CcdnucJu=%|nOI z$L)Zudf+YD!TSvk{{>Nz*iCYPMj;jO|1*~&gay)Dz0{BwMCp@L&5`>ph;)O%)&z&D*IVWlv^Zvu@)RBqCejg@{jkGXUT) z+Sebiy1sE`{h@3XUSeO3yWVAngW1oIS;>rh8EInAo2#1BYj0+&+j*uDwTV;Z1P7H; zhJ96KT%$Gv;N6BTHFFcK27yNdRnLLH@q$MtWQz;OZu}?A1zhp6-z@6=tnWrMNaG69 z=&XyS6JFTb)bwOapt!y^?4p`!ifl*MTjMPASZdG$84L0X@lUC_gzsgVtb9w z0$xdh)&`WzE&zXvn_UHlv}&;nk91S0&AG=(U1xMa&k4;*=4g=>yM6iZX#dcB3^?HKl|DJ*Wat3koB0ykWp{@VfJg6M*_y>UB#ML@E3mjO*e9(uU zq*~NO!eX`GU{zOFGQg$wt9*l?Kg>GU1ow;?V9-9iM$;e>(3w!CYM#s`rAZHOubLuh z2j#EYS;f!TpVtZ7O{dD# z-H;MY8sLXk2>G-cgVy`wB8RAX zIp~6bX*qA)t#P;Ed`TkG1SvPy9yJdgciL3e51B2PMpwRxA0&8+A8RU>jJ4VQqkfi< zDoI@lA=i496pO^MSqF2fJJ*&dFaBkL`?z3`*x|nw*)FB|qAx|H%szP2krh3$s#P?bpRDkHf{$I2T>S&3 zWBl(;#W67ddv{E&Et-iHZu%4D5r|r15f+9-RhM;j^2RVYz^sL{{zo+NNNhs_L(r=L8=p=e(fmtvuGKjMD3vYV8NE;5?;nk;hDwg2WqkUzcqgDP^Okf^Ix4~P zbUB2u&wSpju4*7nb@n!x=86^?&vG6M4-*8VoC)y{6(4GNyFc-b0{B><)rNHCpp~d% z^w$(wzMie#tpvvQpF9-&TA=vXy|*l##{_($N;)sZh_vwMl4B|JN_DE-$~LSJ(Xtz{eE@gR z@%ZCJmo9(7`?qK6#xj{38Q>8gCh^IuLZnBAlh@@A8X&@r3(ZlWdo3`hBO~31Bfa#J zipuLM|0O>nUKmH7=Yvu5%LmrUj;R)u!RjKlkc6JfH{Zfxa0G`FR-T}>*EFRpn-J9&|Qc ztfMgsl%iOiwCmL|qCGlZojkh0joby_0AjK{B)#1%{eoS0-BMTd5#kwiVJmGA1GYAz z7upUYSIDM?N?pxCA_U>u#3JNIrap>@usvgcxo!`Hfj@PLRmoJT+Q^!9pJmZ}0ph9s zCh3`9;iQFF@VH7c3US=U`N8`VxCA$($SxeaMKSgTW2KQ~yK0?HM%DfD%ot=bWWT|H z_0ZhK5%`J|ZPWK9hhGA;I8ut>>v1q7gIUC58Q^tQGJ}cAKQreg;(cI#ePhsX$qC8! z78kXP{B+RQMR}uvRbD9F#S%FxBwhyX6fn0*>Cr@yM5gEmV+_dbW*a?-?IKl>Mji+e zsCz`ea6RK8}HLd_uX(;Z#F#0h3E_!yB)W}m{KsG^Dj!`~_xPjGCQ$AdjU@#4--QDh0 zyIdRvYWzBG;V9b7*C=u7i!qnPjL6qffqF)Nm;pFvnygV_fc>v=>3PZ3JPK$PqhHS? zh@Q#t-ms3dQ^X`8cAhFB0o8!;kR2AK&hqH4t@v#je6ZP z9?7QvCO{-qY{{Ora$hgGK9?ljk-@DET8>W;94SaIPkLBM`?Y8Z^S&&5atCO2@`Hq- zEEod`0627KWJ($!D6zduR;A-`46(A{Nw(r7{@!~0OJNaK-D;OGMe^uJqo2cTQw!CI zaX`<}+Al3PXSa6e_Tkw;#Y+^J&D0XD;d^4{SK}fglC&S z8kO;N`PTfU2P4l%R~psz2B25Z|hW+>l~n=o&BC@5^}R{@4)G8Ew+Bj%W|vy;WMs-z#@ z7mJ~by6ur;DI}?7Qkxj4B%yHPC957=7L1b9d*TXZCGE+dn<}hqieiVSnmgh*k78K_ z_~YbLGj)BdpyOgjuB|rZFf;ASldP+4sdd1KMG@0mx|0MDW}qzaS)7^9S0L2*j#o@A zsiHjZbh{DQ&r16ab6vmn$!ad8;X5DXo~;?lK!%L&YO;Tss*be!pNRR^57uoTlk9Jh zec)%hZQv-;S(kunzv<%bIx3q!|IpY~wWRETa2mW}DLY{NVG%YsT+Y5{LgL&|%&uW!rT52gM(9DkY0x&7$ z)str)A&T!U;WX6qS6vGg37=(ybl@wyZSCMGb}fb#Y9AjF27bmpsfgBus6h93(#xap8A# z*y?(A$)j-9AGopI_~V(-^wf;n$$(Y(K<0(bDOo*7cs)@mDCbsp7;KlC!bLa9ACgIM zZS=BOhrZ>+Vnod2&aNQymZDeL;L5E=`8D1~w14kq#iC2Qv)!h}OhOg87cIL$BFmYI z*=un6?3VpwT&FyO*V*3ZTDKKd6`kIMe+~$zR92cg+9oj21U^AG?X#YQTtMm|W8B`t zH(Yjcq37CC2{Yq~e-3LvKi@SF-XD4$@_f%WOft=vDHFNBy&e!&Z`|@i*8i8PzhgM0 zRt+|^l&#*Dfna?pG@G*h4*x2`dr%EEI4+%Okx10h}eGHJD29b_I)u*x%ac%X~kkv*T6q zQMz7lsfId_l%nVP523XJAzZK_mz@tlTKp58|E!7_m>B;*pXxgYdjX9kESdV6oQ5d^#cg2&N<{3*nW z)lEdz*VQvTAgelKqN7`8q@%N+rY)r!mz*J!n-yJFq-$(sT9Kn;psQ81os^;;mz17V zxRIh76P=Qx0<^bB@xM=CRFI%RWwK-t7l*2Rc$}D+ctmoDc)W|4zhrVk8E2GWK=GH4 zP>2|pS3udkyBA0KKypw(?X_M3PMCge11%yh6N2h~B`*_l`y)aRq%~3-=@%9kCv-0Y zzB4nmL)k*l^D#F3vGCzhbh7ET1&yBQqB8cqHlVDut)YMufE`SISwQeZ#Pv`M3P6z+(^I)K7{kMjCQj&*a z!ZGg14nky1XeqZ8bk{+YI;uufX@;~&6ZJBxMxa}d18g9HnC~B?>b5`DJs?Q&2sC~- z_OOT`Lgag$jTG(bD@qTNGBb{n9SY}fBklXyvnyGbeC9GO?#}JJcLzi=cVFE-GtciI zcyOp#;&yDAp_d)3U0w8FO|5}}FR1hhJA+5HOFK`}C&i#Th5od5{K|jKQ0~=%jkY7{X#n|rWg$o=(nnWu#DrUj*Ld7M7eXS>8Vzv zNGUl&qe?k6snV%eES*#i4bl(-&Ho^j3${&=EJv^wn?i*wX{60@k4QKihepl!)bpnj zNc>sRJ+N%YB7ZF}rU*t#d4ND%bfD-BAv9HNEC*diya;uMYmU4YQ^KMEsYv)}VUFFD zwazyM`-?hQ{+=B2F%}ud?4Wys8?W7Bz0$0z6SH&fl!FPp%{Vug9O$`MVERRXX4^aZ zn$|Q$92%-{{t2k3r)!IrpyMK1`Qu0cF50A(ZEd_K-G@pbe==pv%dHCtesQH$Yl)>| z32M~5DRJ&5nN5yx&a@YXMA3|O{hX&K%mjjvgeRyMgtRwJ^pz34rhRC|IQ6m4H=H@Q z+?EeI>iWhOY&)Q#7G_2xN?=XJ>ck|h= zKi|7vULK^_VguU5?-5Iup-ha3jNz#m0RUfC0MCfb z%zZX5)!rHJ9J$h@FK0};`9^jmX^sUL<(BD{`jsi z!op>2oxPyA2<=65DmrKBm(?j|6x0&|P<(!8^C57FAmCgM;v<91>Db@8eR%L_&kWqt zf4bnfGk$@+b4_i3=)Cy+&~IdJ+0Vwirbk|y7##>W-rFm{>nHYC5-f&9-kH&L2RgYN zNzaUt2ncs(Nn6YSMj2bM8oPi;Wb7AZ+Z1SVy|U`n$`(b;TpUEJs1nO0bw9DRQS&9> z`RV|Kp=sUY+K4rw37+sCq4!2MzJ=d=N^ZBDvKrhWQMNvJl; zq(y-785~|rjT`0`ohMyj-F&b|^Lq!EX2cACJjQuAga=LsT%9+@dQWb8336qymX+sZ zjjHQ0WCdjl^=dQwdJNe}M`~MAB9QGMci>qqOEh@T>tgtU-~KpyB2O6UcqBz>uwlJ3 zYug^@jmRl!5YzdtX%@vq8MDg*p1^Kp4KTS@`VCKv_T9w%E!tsn2EsaxH>TC~0W)(H zl$|bS$mWe=?0bbde#2l*Ma~>*L8_OH=tRBJpHJ$XPc6bja4AMk=HeF^?MCuqH;cpz zibHhCT0&B5tS5w>6xMQn;F9$lq;Pm_J>%$$NN1wH>&J0&U-!N91DFY_(}+rmg}UBT zIV8V>RuVcBFemSmb9asnR`AAIb}Bw+6$l^&(6UlB$?f}NivbyZzLOC$Ld&fEcdw81 zi+tD03-4CO0Pqq1(*T{P-P-eK!3+vdfW$0_6rP8`1U_LJEly-WU5n5f&a`$#!8$72 z&dLxIsJf_Y@L7F>>FO_ic2JE6C;?Eixv$@QaqqycarZx4t_;bjx6&HyIK#|}I--K% zR5~Keu&{<1{}R3teGX>$KkMz}O#+hveLIOiIy|%G=wP)E4gn)CymZ%-1ZifIsxYIp zv^+LGLa=Z_9eaG}I=HZVJ%O3>4X^`yB!{gAaa3Vj0I=27ZKPnB0P-@PTS4d&HPA>IM4Q% z4PvtPpDkaIA@n?o8!Mz&;TKz6h9CUxuYGdk_MQ>rPV?omtt3W-*=F17cd%vN(t8Fm)Zc2KSz8>vv*75>F5P7572|?T4^LPg44u3Hb zZ)nOZX*T6aC0wFxl0q6UaXF&j3G0ps3zaae8d+`n(xj!eH5DZS^rcRl+vjYD1S^K* z+^(MZInDEP=j7#X0}jhlx8e!mvV*DW<*v)!|En)W2Hd9Nbbxk=iPIy4*THdV(Iuvl zaa!Hy7{QU>APChSHV8B}MEp##&|2d=E;D<}e=4?9g?Itp1b6#;VUYJ1`7+({)!xbZ zZ$X(w(9Q!O))#%cNZJN6=sbj^HgU}2Ee}h!!xu0X1_!-*fbCYfvl@;H?h3z4GMTzy zSoFj`ciBu%^OF-l>qX@~^6?33j@C#1H#TiAm>DdzKRx9I{lBl1*AukVrXSQXguk99 zTtIPc+w18A48L-S!sP&Qj`uZx)yY72_xH@)x8Zjb7pvU9-FkMw<0v#tgD^x$XZBTx zYYr=zk1-2Y>%Gy?M&r_*<;m!1stXr;pB;Y9-Bs!D=Mjr(VTuK9*HK6c3rdkOwR zj;yGt7-@rvk*dm|fq>T9ht841#xsV^!GyrhSo;eBKe9jbh5c~-Quj|)4eS4)%4A{q zHzkfZR!dS|4`XD;?>7N~(LLERS9ZH;E?o4wF;+xUMq0Slx)gd7Jr@))K3+5uva~|x zxHfYDS?@27wRChVD@}8iEtg|0)@`S?Er%Pe<%!Mg<7ZFHZ*F|1AvzSPg=D#zll`)| zE4`VA2<^OWyC9kzosY6h=2G0m@j3Gn;ln0#?18Kp`tQkfxbXapjB_UK3I&I(*mjBB zv@X6=)Aq8cjd2|Jf_gI0d>eo5wQFe6ZZ~>{9t_k#?+}6q*pT0Lw-^bfdgbNO3dRd)$H~NYvyTyhw0kABC)BcPgyx)%~_?7-~eEx7jz5WI>}x>eNQL+6jgM+lAWlk-_=o z!4wNErzK~_LR%m1x!Y6=wKrPOI*P0vN`FM4O)<&GqxEGUKraTVdsJK&HY`fH%ZL)P zOxauFG(tFKDpRqwq>ET&^SR?xpftg(3dVWpdMY6=%vC9>OnA{5-!*|WXZK!OyR)Wq zpZL3FPXvdSwp{SDaZBRPv2A&)Jk~Be6q!(xJmWP4%!s;%CS#Z6DYt5R%|N9o9%4Ac z%q$ve2l_#-fH?6+5>|sdZZWcbX)HtRQbDjC2QZ#nm}ibgSC#4fVwrc5xe*&?Gl0-C z9A5kYbIyo7hxJX+TKM*%T48O=0~(f5FNT#jLvhLHXEk;)u5mOa6RuOs)lX`=^d(AB zBJx}_J332Z3S8SF#fhhpxXat%onDqnxlIhg#*c<0*IJEOl%kXroMtRZwn2`mzX6N2 zKv(`LivMN0^}k)4Gqe5ME$jc{O1Ch!cFsRtz9(1)@LMTp@8{3Ar-rcqU`h;hbe#ww zaqzEv2U>s#Wl%(^g+Umq7?|wh6zi}sk&iGik(u|<6cG#yjN&Lv@yw_&)YMZ>D3LHQ zRH!%(3K0wm$oD9o$Px_l4#*O|nK(ha9|x0*@#3Jc8IkevK$KpecX#$(gPZzYANh`) zQn*2PlkqS?xr=*?`Spt^pe-MrNT5A~n~I>Z36FmQ9lWji%*4#&{B69&&E@cbXYs)# zVPO1W_+k2Cs3c(`VW?n0VK_0Dd>n5+*)+O8NJs34KWDmYJcd6EhMy<$w|3IbtcSEG z*G@au+B5cDq@J&frl+@hj(uugwHH3UzKmXXn0sU*hMnK3DSI?LD&MW2m#!$cR!nf! zZO z1yh`!4kp~*F&v4V910s~uXr}ROxZ_r#4gmfoX+gaPAwfgy6>N@R3EiU4SvOpzbQID zUSV1s@PTo^d>x%fJVusud)s&qd=xx)q?nRuh?p7t(K2wT&~l-k-Quy-(XQ0+_FP#q zK$mvz*?XC;aD8kUwE=WM{tUIUQb4asZSc09Xt!-sN|~nJT$;M|?x{-hYzeE;aDKa9 z-jPCzlG@7Jdd1;|S$!El{T*2SU2;;^$lA^9{}T&q z1gxWquock{64w#mmyGr_&YH6`P_c9U{tH2j(4QdNYsS6xvml^`S)=Nj)tY7-lRBd5 z;6>OqqZ|3ODX_ajyaeV=f~d(k)YGtXJqTewd*^_6#_H}XTB=*!FYgpo5DDZ7bPsI; z8y0P1+n9D^q)po8&N0h@_0wHJ!GODKMc*tRz8!P=XVbE2Mb@?9rgJxgKOs(!=D z)SGK?LDe=~@I8SbhUN)XInxOOM`ScXJrrW7AVZ&WS6NKzL%XaPYf5AKd!X=kx8q3e z*4C;rBYUZ<+Du8d?`FYt1#uF^2A()`9iScp(940+(L4AA7V|IoUWg_5f`PhU-ruCr zaJ}Aq%9C`QELn2(=F(GBMm!yNDipNFLtKWp;rI6jPWUMnz`&pgWk5tk^sFt-o<@i_ zh9v#ze)w?q%9iurut|*;KIr1<21&DDtvIh3pgfBES#% zCvgO7SZ8Z#^^`7=W_uDrbOo?9AA;zz*z++9AjY4z1*TH)!+lXZFKu)K`lomEf2Ogq{_DH>U%2rI5q@`nv+}<* zHYRY$)#Z=-WIeYJ2gGxDvtWFNNM6GPu$2x|Jrnx(As$vTBKG*>d^0ag}Adree*D5|IDDJd!E#7Ai7hv-EcW@luHCdr0m zAVp{;Xh}uIWUYtCNn|g?N5vGrTh-tsS@#am;u7)^D4zEU@)38w(fT0m(R!G`$iII_ zEXTlg>j3RcJkfcZyqNWUG#q)Pom>oUMWiG;{)lXDeac#!TAGce9?}0>WRqC+o{%y5 z5!tef-*Q46klwI?r#9-ub)E*0otF8#{TI<{wFFM3-iArxzMzRXo4OF z_|5Z1ACD7wNmQi$yS2X<2dj`_vY9lB_`Rs30^4y4cJtIx%aLQTutNg4N%n%J!>*E( zf^%zJFPytvJi2mft{Y;K{Or>E)Jgv6<3()|d6Pv#yYNT>KHKB5sp;1}86SM11VI?}Ts44(=Gk{rtA8P4qKT_cB9 z_1xT%ow^1UP653MgL^<8LB!b7Da@oA_IYEvlymX;pqgq%SOo4$s(Z-VxILb*!+O7+ zRS-M7b&G~YeUk<5bTVU_TI9yKS}I3#meaOwMw)%d&z;^>ODcz2HILjmJqriB%7ij| zrUq$F{zO@UQ&~AneL``5s6u{y!2DPU=6uld*tzdao2ZmN!2#l`*F*DQRMo?GAJ1NY-aou^uz=_g?mp%_f4TipB^Xi>!xZ~f z#_FL90MuwR%3FyQVuPP-yDmYMI>^78Z{*pF8dfY)N}A#7s4&X9$4qSbV57>Tz0JJI z$j6+hZ8P7T{EXg5PKG(pOYN=QdZg_u^uqP7AL8BWZi3rATNqSHo{?uf-LTOCv!nMj zxHW#F4?*gKl@TCPy9a4De4d9vk@sWYH?y!^$+3Z&Yc%)%a>BJdtx!|2)?bQfLslYy z0O#_j#odQBuLF4V3PG~s71v&l{gL*z{Mm=Z^_y71JdLs++oaY@pDq4RIte_tsJc{i zq!>|!UYKGM5e0+<((TjVo~BofOv;kwurBw{25)*(Ie0DDJZaOLgueRzpA46M_g(y9N| zedXbQa-pWNGMVjmH(DpKHN)2JP_gqu{gN><+)HMzFfj>QVQjUDzotdovNzsF?9tAy zebG#xa;@xK|2_4X@!T?NLm&1Qd^LSV7>$2tN!i`ea8&D*$SSg|(#W#mqT=H4;cT!^ zsc|#lw*352mVjRSDV;go9emF5dzXMHK z{|QYPzIb;495M-hVPSrVCmeqGxSqV^*Rx1U%V+cwpSJ78K{QtU}vUs^biPK6nR zeJahnA@_@B3*G2cy6;(ZNm|hnL!LbF$3%G5cz9P!nyhUp&-XW;K4d@u@0y$cB;m09 zPY4DR%fAtf{|c0_JNqXmm!Cj^WdOdN8uxh~tF8Q48+;Q;{~H3c53g2?Z$HU9sAl++ zF|wikM@2pe?y>!IwD6|Tt-wUPIgu@wTp zbHOuMP*3isRpc>@Z8-J$S2i!+M^yBi|zgJLUMhxk*~1UjOPX$f;ug5bct) z?v|f*BxRsk`EHAbUb=d_2ixaZoQcKR$?4ek!`9?KQ%cx5-t(Cl7uWOA&3~m7JwhOW z?dLkK|4b?L|5EM#uTCWiwox^&B{Yn1^u-VR#k$u3R=)MCGD)^SIMte{eLKX zr|8PN?OU{B+qP}nX2o_=v2EMNic_&|+fF5^*tT!>Y3;PT_qpHyw0&Pzn@{WEH^!V} z^gjFO6J7Lx#xT1KSWTU{+<(bG5KIlGxOUkyzY#2%Fc~U6PIyfN3L;p~bLU2rilh^b z`bP@{y5^1-;ZLAvV95wI_gSN2Bs57U=_u%DzGZdreM~6n;8^%OAm^Y(YUsjfBq8WR zAyvhGOhN>4%(Fm9{NNz#coSZBh{~EkG^8^T)xTmIP+X$Wg5XGe8q8XQl$AiSL4*Lt zWFOYwxB~x!$iUzSG~pwBqewF%R=V<{92!^15K=PDtg2M6B5GVYqbVgrnQB17_%4TZ znIm|x(9fSkx>7ldkpYUN4nhq9<%${@WiYh_w9o1W=pd6Cz91(wWo(?g&gdYNLR=7< zD%7Z+L%R4K)byd%B7co2*+A>zt3oX-krzS70`3c(Glzk4X2tW{Mr(fh4_O8QIis^# zO9wPVUKsi7HlowjO?YNDBF#}@CJbUr=%8=#p+PQ0=2H4|z6y2&{IH7ye-2Uu4Z2cG z1O;H035HXGYjupM{^&}!k4`-I@0aZF^@}!;pL^|tFBbfYk8dvEFAj!HR@hDe@(d{2 zMLj1VnRdS<1A=ab-wrJJDW<=~O7O|x0svSBhC(;!m=n4mw8h$%0uxbq6_Xc};l1l= zVIwpV;T7XZMUiwhlAQqmrZ7Q>`kCP6gADomDVgLX6-`!mXdg6LDy6&7PC1O36o&|` zPw_SwnG!=75g-kRYZeM$&?B$?6*j2y(sr+;Si3HUr zqco{qL$rD%|AB#TX11_HIN2ieWGsm=ydusnyf`C!G_h_>JQWuJRL?+_iq$f+dbzQB zKat!%wc3Kn4Q?h_g*#N)U}0Y>mp0zG<@@3 zu#M%e8Cf!ooU{io)5UVi1*5?ZcTE$EDbDErnD?dA{pPHarjR!AQ@y*3@9KGjW9ruD z#kwhXr#LhM3o}0| zHay%Q81Us9hWACfptn zbYGSp?(2PX1#%DKYCLDZkO*8SAV4)$8AS;sIfgXR(E20e@V$S}h=#_!js8K$y8lTC z+m{n*knUO5Pc+GG7iBTPgn7rKqlS)V1Q}i6KQcQV39SdOK!u1D+o#c#R8R#SgLqX$ zWfGY!MrivJEgWWK$TWub82q{rcr7Xo%s48>ofmtV#9WQ>EMi`CU~4>TTS*o zu?r3^nc_A##1^)}d(4DB4)OT)D&9V0%eu$U=aT_ZoN>jz`B_HmuFSfBnuf##1i1?~ z#P|~$jIrVlThHo(iI(;fl?X3+TC}Nm&EG)tnwL>pRWP} z3ega%bY}mEH7*+ZM*=@so#u(HG96I>aIUXVal~^~4%-i20pmCYN{)&Iv_0^s%UMsO zQZb1}3+yRq&@zmM?gky4{(Bxczg5j4pHf)e(_k9e}SPYcn*(6ZF9@FG6n zeOr2bc#%o~yGU!-r^~sE>f(d^BKwF5gq5B@Ttqurg2qXY4q0$4C7 z6?pb$hroT=t^omiaGe(v?^cT=R|Ft?woh%-uJK*^3%?$wo0Ue;wwQQAGMKnb#|d@7 z^!a1!;0n5FU<-XKq1ln5;X*`}E|UW}@P?LMp}GTXG_Te;_STHb6<327b~&9!dYdM$ zlt$5M<=O19CA`3ySIgni+mzlj!X_1p@t$hAS`xB*X9{zZ= zK7A(2f(dW^JF(G__wxgnjpNgl?&itxNFc!~3mU>}2;JxB^=+TDe)?iTSiKQ1k6y%U zltU@|AD^cS_4lv+@-y3Yfs}*FDuLyrp^M5KjEDE;_nY=MtL1~K`x3pDgQW*&H653g zs2nFk=l<=G5f5XRa&Gs49S7))yrobs$+eLB zHeA|%?I-K)9bHsCFPCR6U)eQgHvd|jj(PKS9Y~~5kgI#4Jquf{&l)%xRo_VgJKR9-4ZR@a2hG)u?y2$SE zIx(Z(I}%E@f|fULhnB?va2F?Y3GdLCSt2Bh{TvEXuQNP0{dhgB@+LQUA{!|YjRa#4 zl_-yMW^s-D(8{;7yQ|*ku_iKcJoMVBK)b{VHu%hJn7VSh^kviTfOkw^dJf_^(pqwo zBQNJuZTLELSH7|bLM}sdx1#Xsn=l{bqrrdIu=HRsx6CI`W+GiHiQZImC*j4G*(iH_ zt6Q>?JG%u*`w;K|U3_grfoX;4!NtU@S^MPdsv*idt)*kwiB{{?tvWt{bo43fb+!sq z?dk8Z(2hTrz$)`AiKk&qIksaq!slgsaT3+6sy9^M zZD!v$M^g;@X&Xt62WCU$M&`i>qu)rs;I-I!DnN!9TKY2gbUyP)G6DJys|&bX5mV00aIwyZmmzv6TVL?Q=NPVH0-oeajWyC zNgt(n1Gp5OdYgu^C@I=U@0nwNMsx3=t`=OqrYWdfW<3f=(o8Hl^C$(VPdy!(lb!i? zvKkr>jQS~zafN4nWoNNFPy1}&r^9ob1r_*Vw4A(ndu`Wq#Zsmi_;x1px<;wFLb17* zUH!4StLx3K+4LJ?&K*!5G2OfjfKn#B0DIIj*fh_B)+S!*j6-WSVPLA7^O6nEqqK1O zW#7ImoM&V42FFw;QbG6eU~uC>JiS$$(B<`A2A%;SdIo)Q)?hQfVQ9Evm1vB(!^z5W z^1HTtCP)n@L2Ky;FnW9G?xjgdYqk`Fhz-_#7Lx@be8Ws*(-agK9XX6k=|fry&x3J= zQBVXDv5szaDKh6iG>^9tn*83SZ5wMFnP*~Uo^wAx=IM+}HOCL0{Jz3wiBP@Y&gi6h z>pFF5rymb}cJ62veU)D>isrlj1{v-p0NWi-b$LvTaQU+2ZQ5{N6$!sKis@aayQCFka~-NCUC_sY3iQ5d^aicSN0p7Gm81loTe?9;|FV7l!K02;7Zw!tg-0udbS$7p zGhIK)xM_&^CH{SmnQq@3#!`m7&Mr+>UG`E?D({Eo+(J^yZeRLoC%R=|FdsKlg^c#0?iLUjj7>aMgdsQV=pZ{ zP`-{#dIq9wzTO9+-lwsBIe^CI;@O|ztsvAebY(c&B826xkX8qnHshPu+yw!MZrk?r z#{|9T;7R>44G44o4IcjL4quXIDn`3zS-9n$<05E)0EQ#;C`VTsDjkn;(^j^+5ez-p2#S;6--8n|LX3Io!2nqxlSY zzqXezPF?vbwCCP@PeHpf^p>?vUZi**8F=2OZH3o!HpFaRdGeyaSaHHe1JN{LiIXUp z(Y!dPj2$w4vT@@0+1kv;@o)`CI45-DBn(d8IJIfbj@hy{Z5X5)K$3P!GpFx$gYFHR zi?1zhpThr~BKdrgwTL~IO>M>^S;e%=*j&cLmThvbTW&Xu${{A;5E63;h+Z0p>o{KK zPk%&80H*n3fldQt;Co+20-ZWMIZ(2Au!-GRL@`O&c~e(w6)JrMD_m78n$t|GSKg*a zavmrBtAlhp_}X1{j%>q6s}Seh5O*mbC+?-A41~-vdp>;ityT07?eIO3g7U20q_RwQO_$C9 zyPG^4yh<1eAB~8B-|u&^e+~?zm%xqZtzR>+CAfXgUhMUY^31hYcG3PmmLzPK-TGyE zxGj|k_)afJ%09jQXe8}Bx zw%WS^O+Fn?w6}Gheh&cNTJjjD$DiNa7uFbTO`V_IIx0m`jHAz|+I76X+VyAN9vFE> z?2D5FW{yu45Ha$u<1SI{RtaMpSfA=O7sZdg%{3AOT3p|8$JiP28|8WJCE|PzTemU9KmuSpBa`yh(&MU7CRSSkunz>3zd2i zy{S3eGV^$9Xz6*)(3oBsx;bcY8|3@Qk>JO^z_6vY^lKTs@NAQd+&;YKW_fC-Y%4tT zJlk~J8<8La{c;yTPlRI?e&!pjW4<}D?`Ft7Ou~oTxMCT;ZBZQA-OSZR;m`H7>8|K)k`>gNU8TJ6Kb^fgH^~%!2fJWLpDrP z3gPE?DuB5Z9xd1`^9H&QtVt-Rp05tB0+(7fDUueYMgZ);fR^vP01Ic!F7_@5C_ffC z{^$}fPsryEgkD7^+J@&_{8=RK?+aiqlPqH;gQR9_Pf@f)<_nnZ@D>j>5y|N&3WQot zm!YIWKAbPYCoMsuCzbQ<$h7(BZdRz84uOf~!B#i#IFMRc!PYizDSQ3^ktrQL`KN%g z{=Yh)|2d%S%>Tj5>!xg$?=qr>T=_)mZAF#fVHMpO6t)h?D8Sx!Zv{LHXn zq(OUkHFRBQQKcasHz&52*S}^_@3+BS{$`6^=v%vak891!Tm4iLeOdL@-c8p|8k^n4 zcNy}wtnjeH8Cw|lq*5Se`V05{@+l(On_nk)&t$_%{mH076SD68!X-M%E3!p*N&h0v zhG7``ajk;lV9tXopP~ED}TWhP@6jg{l6U1Eus?}pzo{3=8ulo2%OQYPqhv5n$Z_T-X{`DZF&umQk^HmFiQ9^oGV)wop>EaVKx2ya$A$iv*&BU zM(FxyT3RHu`eAF4whOAj;99yew+j|hz(OshO#aA8)Kb(9(VH);CdzM*#5#stgTqTW zhUEVK)zDR)t!*deR4yysNs<=sp>$3S5D+n%*~8Dk%Zpt>F@n#d;k|fn3(TE3x?AvY zc9%{>lMK2Qlq%DxA9&E@fznN z{-)9|G}XneyC4Wd`f^_;Wj8GnUCo8nIqwWqcgMtr2A#5Q*pdwIGHeeYpT}(SwYjAcnFFnZjq3@?{2`yUitqwH z0AS35s|Mu8o8}ky!v{liQCH>@Z3n3ZKvQawm_yI#^n&|vc~SuwB)WiKp`FzLGr*dW zM~u6ssdu$UKCjvoT$*P!w6wY!p)XsWVt!thjTwdgPcU%VJ%E3T-hbto$NHbnuewPa zR(t=dBp;~l=fYk5GIXFKXRPs2e6^MYyXM_w#%mhg8^eI8BzIi-!`al+}&a`Bd3VEuF#Fja~f?*-H%spq7r@)G!eiXMhAgb z%hc7Y=8q`G+|{QRC|?@@J(!FpxmyIv2S&a62x}yurbwvf4qOLZCJS;Pp%|JpL#Sq6 zZr}w*gfUiR@Jn!1mf7K=vNwYXPslESdS5wLa8!($C=Ix)dRF%eu?)5-9gyoJdrb8x za)DMtoL`y_P&cGT_KbvLqH$I)Sc!ysK=VfS1REKI`^`uaVTFcr6lh639TKs`BoLxU zGb!XSLrT6^L$^Ki0epq?+64GG%+?R89X9NH)JeS*Fc0G|1=^iO&5Z$gy+ zc~`SCGX1;SO*e5fHj5E4pY4l>JPfT1B zhM51o$6@rLJNXrT4F;cQ>X)Oq?pTB2Vpri%r94u{oX?`BQoXM#ztVe!<~r?Fx6GT! z^q^xmeJq1t5y|CuUR?KC^w=9qy@iq4u57SU^H1%#n5BAV6g`IgjlDc0-Q?H{s}Y9$ zyz!;SUS9A&y%L%nA52?0GrnQfzc*MtNoGp@f}f(@;#*yCva`K6<#{{tbS&&{D2=)h2=jV zSjmN9c`6)*QUrZBdBl;SV29O)jSKy(gEsHnEW5mJB4xOaIdE z?il<~X&RA8Vj|KHcxLe{+x;CvIgq%!wbG=&+?$DEXLYd@4<Pt7Q{C3kCJDSXBH1lt8^ z207c9sS{=}vyPfc-Pc$1u9Q!~#f|8R*=6ILhpT5ZSTf;^2Y(e3w-jFw=m_bb23t__ zem8hcf+A$fsmy;2!vetjib?R0Sp>t1u>jFu&Te+9q&IDEKRf;Hyg?FRU40GC&mhykX@lKiRmw>U1=2qH{aAz+j zEt5dj1d=LghB{NB_y2@ZV}TDH!!PLnB`K|({Xt0*f6?>C+E-h$*FCxB)Ae|{)tQQv zDX3kVBT> zzOK4MfJMf~Tb7(1xVP;Q2xZ3h?b)+UZnJqO{EJd|MP~P*BN0ZS-McgaqER(b^2R2@FEN2i49(-#< zEt$FxHjGM{b+#7f1=riLF;R)9UVFZ*g=SKnvi!N9ta>92pFEEac2m4V%a$wx*|D3B zT?jVb1S>Ty#>TF7D=i0G&vvetJ&x0R-;Fl4W~tZtTQ|Ki)=gVCZ;57{`GU49r)V@; zk2=o6Il=kC>RQETeay#w&SOwpU0U2JvN(N|lN(<(J!afEvvnGA!m_KUqg;iLu`M@u zCBFL@eCdOV__}l6VaQ}ijL)PQn941gAfCK$VRpI1Z}5E=pYup416Tbn^oCQ3eV1OiFA~( zL(8U8Rm`UW{!qF89e&&iFgukrKk>*_{qQ3_Pt9%aV#&Q67|O?~*Ui63apyZ<>FGqbTX{zsKe-uSMPsAAhM&;s(s z%DuynqLIW0%n7%%QJEPCga*n*_6b10U)}nh4x}A3qFXb>yl~v`q68int&_$AQdoTv#3S5XIj^;+bQCo+*<2P!n{zh$k zzV_d!O^0`~MM7mb&h;f$jKkLG>hiAedi(YFXJ(1z`;G5(beT?!<#w8qa3VwLnNzlo z*U71#bxQ)`*wv6x_Pa{wdBx{pcjb)l>-bAaM^swe9vg4l^uV?K1u@aQMGMS=X<6Yp z4F|l~iTB*5Zlf;le9mfa+6=v;?t}gxYsPc6G?|pMvo%8xKDj$*^bZ6i$@cC#P!RQO7Z*fNl5mCo_kbFRDSilw|Jwy%@d=c{?E97!$va!60dhIma z_YzcLi0i~s=$>@$08JD_Q9cbWoSrlW^EGi`DE@C^;W{oJD``6*G@G9Ep4JZ}-#iqQ zCF1fF)h<`)nw8X@y0T+fngIkjKPWXAo3wnXOsIe#?pMS)_D6D=!oWH+$Rz7yVn7C2 zpX|VT?_{Du31ewMRR1ehJAinAFMNsBzK-->#X&xu%1lCl%{5L)fDY=cIwOFMu)`FN zRLi(W!xfRQp?3K=q&4Ru@61_%eof;HPE~f7eszrf zRS1k_7ti;sgkFq@KxJY76~XH)ALBn|-GB995DVx3(VP7T;+ku27eeCh5N3GnTmSfh z6PKfygh*2P<;!GuJTwTJn{@X;PEqx=(RGR^^9{Km94pU${<2(5N*R=QzWkYZP>#fvvkcfhcVUng zf%pQf6eqFvngJ_<6|jvUbRa3f!L(ewFscmsHG&Vwubs(&{2xL}P-0}0ShiT_%o8(ItED|9P5TWq>7ylH(|Bk?8|Bq4HZvxLM z_+PN=o9}6!T`cQphaqlU2V?LAT=M%5JJ47l8wFo(aG3S$sj5CR-^~!Q7;36FVZuT6 zH15M;GDjDz)Q3qJ6w;9tj*lw1*8I4E5bgnOR`!7E~f zNr4V-qXJl6lq4)zHrJ#&(GZLCa6Qb-!zx5Gd2;0yB;PX{EHWmNPuvRFeOg4k}2Nu}x5L*XL;G-`&&Q`Sw z$8TV32;C<6ME(%{n!)$dy4NPp|U{`rdsy+zIT?}oKF(9@KPvJLgq2as518_GY0?7yPu zSULVPWJ#O<;#~h1B62ORPZ#L;MnuW1%Jh#CS&u-FuvE&mbRhGG7Z~2+U8|H4_e_)7 zEG(|dd2!!e1M$m+jaRzzfXc@cJm2NoNy}R)|%_xsQ?|mdw&nd;#U;RoQ zO`jQ=FwV5(&Dx6m;72BYX=qP3`$AL*o7Owocsx(L8bvrH&*eXrad*_r?pSEeL}V^6 zSELsssJgIll#}UZ;)r~#fY6Niu>4R(%DC)t&yRP#*l3!#c(`}*(H$qQ0$vJ0U7(8h zg-JdLHznNvjT_wg{zEvI8u$RK3^ZT*6L>zHY8IYp+87LOH*=K61aJ;%6oOawqfbVu zphrDkI2!6y49-(1I$}w42eO|ulH)m8FN4?>xKAb)D)qX63=$fvJXvwpT_v9+=7f5Y zmPt1xGZPB$AU#7^0&5WsRa#cjFgNqWpSK$LA^V}W2bo9tSdArr0~tEgM_9LkU;e<+*<)$p2~vT)!c6Sb7yI5nIuBGho|fDd3+@6oqO%foXa7^vhd` z03B%lCWj}tj>1kpEC~yELZEZW9J-P~_QeeHjW{ z1gfO81#+-t6Hu2hjgW)|0M6SAMmby+0KG2#YnocA?KM|O`}q-&H;X-c%Ht0YSP|U- zb_TUUwgD@XRSih~kuMOkNpoMS*d&^&p*%mE*MEug{0JkZse018lB65!i&cHKHsA1c z1H1rQGN)ndzoZJwX`;|4&b&{Z^}$m}A(n&GNSu8H2F zf|@2!h=JFEWnwz^y;{!JXct!II^tD@bW2pa!|QEvzS%5yz?;+7Uz448(=yW&AC7)K zZ<}u&Pbf(E_`#B-p47aarpN7Ycf`aimMpt$FoEyOzm=m;-E-bXmO2>(@H|*}MXoEu zODV3UnFIzv!aSoCJiMam2XwoUH(NBAa|lIW1e^r)zqp>=1?ar9-n*Yn>}Zl2p~|mGQ-+*SP!hL#4`ZWG3pdFO=II0OW?&yHS;Ga zRNPfeDgq<=SUH&`>Y0u07t%W_rOFk%59OrAN=ZfYRB*qkO*JN8Ee@=zh5^x%GOCvM z)Wvyu%D>frC;tW)Ijr~p5yUj4Um*h}iEe!lbm~Cj`^j?#Z1GfDCuL1=_j7YIqDhEx&3xGP4S_)K?$To)To z&W^Yd?oJ#aNirXC5u7=T+-5`+-!F#J$Ww$biggn~DeY|3KM5s6p&FqcMc__*>rTrg zMK5hG)glv+oP<6@mit5wF5k&-IaRcv7of*+y=_YN=hAw0W6||Zfjn=3K(IgM7kqif ziZ`u*osL5F0>)waEY1ULa3V+<#U-W_C0jFntR6N}gZM)7#;LWnGrodQ$0|yd&m;cp zeO5V`^*3vpna1F&CsgHrsj@lL;^p<4iCJze<6%B7)qWtnnWxeDTAqUn=4&fMw-lrF8{I0C#wR%~C|^hLlHUsA>P5HI#zdbU*PX+YaPTObp}K_Yf{;y zJzy%@Rln^mp|2|B8A%#r)8g8W?iRvzAQn88%UgsO4G;8Vvcd}iM($@mlHXG= zOpbFBmn1MFj#&G`G8and)=y($OD9p95UiNRQFjX;=>}z~vEP@{GKS<&%(+S<3}X=20hr3{(!{Y(`>cF|@Na(z^!O#4gl<%0byTz*q7V2aPoGvf6bgtK z)Y0sW9B{C*!j>7a=a=WgINJ|_>v7F~Tb{kt?9=-s>1EkWPC8;Dv}b0^i-RY1Z!m0Y z?C9dAqGsKjc5D13<%07H29 z?tzePG7D@!!^&A_!U(KWS(R>$hqKmC;BHI1bX;rv�UxWzh6GV{GS~mUgX*;rO%= zEIP7Azj@MPSh`Et_2!2d@N#Ni=&V@BYkaXt@9Qr9;)Jh=9{(4X8R^5?+pQxSR~y-y z?Y9oUfyaBv{03s#DZ3N zYF_{iBCd#8gX;QX7kpDEpcOdc(kn8$oyAduuuCcITM>rko+p5TT#d znADYvvlk9HDo;&^);uGjdKhv~jAj~~CcwnU6~trZ@TZ07F^5#z-+P+YZ&z(0itO|H zq!3v<_XAh(8Qu6oxg@BA|N5#O@1^N*+2;zg_zRSGE695b?M)pf%1aPv52+V(^f!bP zf25DM^M^1IteFU-wdwoW!Sjztxb!#J+(#_c0I*dagq|O->aD>E2RzS9M;pWHXj7nLV^RyI%n}oBvzG84w{^D zkk1scnVexcU*qyvQK(FM1!6S;xGx6EqAp)yHP=IG_tLl^Ee^K^aS;>Rw3vDER zbrcqhScpCdhjuO)6EGaiXNB1+tNg{uP3&OiX{MV8J*PCQBurJtReSGTh-8< zD7CRL(%Xq@U3aiZLWS$(CR(jfWs$P?;ht|^(Nzv%{3njF%WKN1wE~Xh(t^^AYsiZf@2J3m2*R2m2 z>4cPeE^_RkYx!IBr>7y=dQ80F(){thWq?SjlgUchnup0U*xz0wtBkU2 zo$Q|vFBxKFe{WieL^{e)F)!?K`i$7CC8sp8GNZl4S9SL}$vpkADk8}1vR4t*Vpt3f z41!FWDWnmHc;+q}u}8^`|JuTo3$@x!>Yoh~2X8k34>N}xQYgkQR_jUj2ryGfBJ6W> zC`FC>GH^GpJ)8e2p1S#YbCk8dqe&r)FD&9&I@2Lyh@c~4j<1Lu7#DhQtDvrzvoiWE z$NbuX8=5M{IQ(=pRfQCpqe13@In&O5s1|wUHm(EHoSN*|L{I|TbTM7Y#yfn-w6PY~ z$>dr%mFikaG)(QZqH98@yrqfH;iBu>=(581Wu|pmI4rKR`=uc*g-gA2E`hd)6*+Itr0=pH)txfH5mVK>qDDuTz8*$B1=$O4zw z&%es`Au^aNNjcL)tp_!ix$g{5hJ%8t#LScIw#0~gH`}*to87B7icei0B-Bow-TMq| zHmQF`ib%Ojd#(BqLkMPmN4;(8T2jw2%fEPU6!P14H6ir{=gk9$Ud{UZMm8`p8nqGv z7!6fy{tNHG|Ck_2ZBJ@Dsp~J6*oL&`99Xkb^`MnhfTXdzm$Pc3wjs^$!n5&5_Df@-neA$;U%W1b=fCT= z93Bc`pZ?r6#7$>_diZMwS;Uu*?)@tDEtToN52C<;o(|vju2||i0Y#v)+(WG@qs zYLEA0v#V7~ zy)$#%TKGdXHEqrFw5tp6!lijUvWs2Y!?f+m#P=!r`$GTg#{{1Z{XYST|LT^9nf2cR z!!HAazXpiPMjG_D1v^4yATU4h*g*OI;m^7LjdlM2i&8jQ82^KysPcr+KviG)qMbN5 zAQ^8JH=l%k++s_$Kt1m=Qun;7l|c$9rq#Z@oKMq3Pu&IhLq2X5CYCWpkXgwxmS`ZO zI6*Mj<$j$PkY8aWU449RkKEGoK5cb9WpB3~Wp8se5Kk_nqeO^)uutV&)f;Y=nNF+( zgLj0)2HkvP6B~C4CV^gbxC{ENmCfb>tc$C-UwXvv ze6T2FT_l|wvX?_ammncu;-YQ@)>xREK9J(82E>yTNN* zeE~-6>{#`Xu#wL3gP{aimkDsf;rc_325NU!A+1T-p>bkj`i716YN1v|t&t!3+0n8> zcCcot&y5RwIk^UQjKY9Q&y?1*_y$%qpAjUY9Cg` ztzix$+YB$$Ar2!v47bt|4#QrIfiwuwgTai6G$_$SLyVC$NXZBGHBixGh79Uf;c4+@ zdg;SoBVVK7qkNG*s9)u1(-odI7huZ$l8&949#vl9haZ71GEiWLT$fJySv|B@JT$qtqDy0PVlnaqWN+>@vqq0 zR?xy6!}7-1OoXoRyI8!w2wf7}r5PTiF7EC($Ga!q)E>^(87j6Zl2KB`5K5w6lRiv8 zQahK%-yThR z`{ZzY=(H9ux5A>x)P~J3)M_cq@J8+yST!A-v$e4DhKXll35+;AFP-NeVTgU%1%+dr z21_8FQiRef78=6-c5s3wCRxB%tDK}zQ@hha8V5p(46xOviFX;sqK=WxqHpzIcr^7l z1_g;B#HHh&+6vE9a7>y26Ks<6q12^n;N`1=mcg4b+SAMdXL{pgkk`nGX&;}!G}FV= zZz%m#QC3SyYxc^Dt*YU-sw|AleaIYrMZ{UUTbc;GIDD3{wl9_(iXK5q(?Yo5(HW1Q z&OKSW3_H1v0@JTQ4%$;z=J2fkdYr<47?E%J6STmB_4XJ83|d9LI>;sXh|l}9`hw+A zn-d~atgrBe8*!IDQmoG4C+@>{Nq;)vybAhL+V&K!+ggHbr$WhlR22N?gRBVl(QEaQ zFUqt3ZN50Gl$a?fRItjVh5w8Z#7lZKEADJte@3mqYu*E=1i?&^VN6YK*%n=`?v|d6gQVCwML`_?5<2_9G7{MSkcSHv| z9v7C4o16@bXUH_PX6x7J&`n$)Ld1>ItX*s)6Hrtt-CKgKn z;W%NE2!mRsyup2jZrrV+S`pokzD`AGI^siM4--%n9Ga-?ntGXqa#d;R1Q^G>CcH1z zncm{TCqP+wC>3Q{b$7CDT1xSR=><_3?3-Tf7Db@$Q-mQqv*c5ZH`nV8|NYh#PlUjf zD~cHfR0D%s!4ogR7r$o_h2i!k$?Gv1~|YgjoI{ zsF}eF9D^*>Y9ZEaf3u!VAsbSAa+AOIt&w=k5D~^|ueN6W1uK>K(g+v#BEAfUE=%T# zan<8Tc;-(v;~C6R^`1q6JOh0TfeMa7bnw8w#Z^Td`fFh%hovTXrZ4)C^~VaA;ep|y zh%M9@*e-aSz*0yrCY;GS{H>+a-#}!POVJ7khBXoocCC@jz2i^J)}?k6M%f`r<)BS@9$DbgX>G zR3$*U+xRPM8MF&eTOVff?i!!_3qx_(%Qj4|;~4&SIn=!N{A zeo`Wr&{u6hgzYDK8IA_MKjBI=_{#(BB0r(;q>qjNZz-U{bSg#_;n-tVAvY*oOTDOc zVxq)s2;4X)``ZueB*^t<{#Py7jg9RD_SbVgfv=AT5KPfY*!CD(o-krmink>5b7XJ`apmIp_{KztCDbTL<56*gt~tt_S1wo4;LH zy^q#gUNTOjRa4Icf!HKfSjOhE3Nhx2;11j9D!gg3j1++c6THGG0+Kn=@yLvXq=izq z;xndEv2YZ8r1BW;qNdEEyzlk0Ce}iZ z!?*~y7+i2*csH|vYr{0;QS^kde3{up&tKkKjc@&S+wy_~_hTUfy_PoZ(05P4Zdhl5-t~3dnEE{C`d3RZ^Dw z1BmPTf#hFtA#1jbz@#XjHGEqeIqRlr)_{4w95j z2=QJ_9%zcT*3~V{B&DNzZlbb&p4SgDU_#q+bxG=;+F~)f3_c`>zp~*mFr1OX7tm%5 zxhXBgb99t5x8))nxL*y6BH?SnjH)BSdL7A@B_&sU=LE3d@PcD}Z4^iiT}D#?<_19i zb{xmE5HPOzlQk^%<^#L(etrOGK*$#iwbLOE^&jMX>xKGRIHP*$liJ_A3SI9b0J>Rf zcBFX#bQFMmQ_x)8oz0YKF_ZryduUgsr41c_B3M4_NcmW=yi2~jq99^L7_Bwf_fBE4U!o`CS zve;)GFqjWZ^lHg$I;oX!5;%*E|7WySH<8HgdB3cNUP=+PE?U zw+dsL$85mbx;0B{aME#bvbgv?vL1=Xh9Oz~@3z_plL#WcLa67n3nXV>a_kM!Yd{cw z#%@jsPTeamJdZ`aW__SniD%p>FP|t_k=4eoUFV4eM zLmX>E0~nbvr5~lA^toU&$)Nyt_EgbA95h7+e{^<;332ga4SSA&Y)D{jFzu%s;{Y9+ z3|R2+D$RZYalxZLn}?8?m=m2XiwX8JsN2FG@Vcu`dJm)f5jjw##RoKS{Y4Z z_cFcJ-wRfujoartI;)jY0-PTl8(3p*Gvsqn{g5+KYga~=4~7agC5^IGv?f%mT(+=F zif`8+aC~32M2sws3R_+!a8h;3HK9c-gl#VN1N*2OD$&puV<96=GJZ;lEX9^YT z?8F5(qo--ks4@hBNMN?wy~CpY7M9sH)M{Y(PVp?dxu1yl^MKT5sZ6pmTDUiedXtHQJLAM=n^%BzOGLfB8{8@p7 zVr2%-9bByH&rg#4V=Um}LW!^uRX>6pJGy8yIX71bgeI3ZBShPwRxGEY7?opUoJhED zVbB+1?$B|0S8kF7BuIm1S=hYNbwX9$A+(XI-YUVT31(#{+VT~Yzk%kH{EA>s=RZGeaKG1*&xSl~%9KJ>37_UmcQ z+jN~D!UHa8cxynf0Ka5KiVVRZ`8Gwl2J-%T79q%9ZYu2?5WStUN$(D`DcaSUh7WB- z1Rod$tAfm_;u*lH;?wDi=WEcvRU1|73|!qyNzH$Z-7yW!3-cvAEq^@(iiET>CZ5hG zrV7*>qtWGq1X&Uk+4NL!4Z1<_2LF`eXHKcR3D?g)XJ{Sp z7oUzLd4li{la@}O$8yqTu-8of-YsWIys?ELLq)s ztXC(q*7I`?#-4bk67a$u#lKGU905Xom=VQg4?6ddy8%5pAN(1NO4?L`OjaXeLUl&W zBspS4xl&VX<%nen^LZ{5T-xbk#zlB7pDoOBXpVM)ptm%DcTG^I0#IG9Gf9M6m8ulW zLdtlPe0aV{aw1!(*%!oZ8<~>{_@3xqNRJSr+;mvDAZp_ zt-}0P0@zsiBvHmk$Y4Wl%TqL4LCw9}?XH=dHhCQyU5w0u4la*n5II*JjOWf)KCLa> zmv|Or35Y{T^R4pmale4bf2nEdzgrmU$Tq9 z2@GqFfN>^SC4eV6aPe#{i0Ol{MYWJH$n>K>?hn0|J`Vw|XUrXGEp(Nu^Q-PL+Pna^ z^o-d)TJx_KL_F!lp}h81-^3DdZJwfaG4gQb!eee3lCxeesXm10o)6sIDV>vpSnT=C zNj&|qY5HgnR9ym}wvW3NX0Vs@-$$W(<+BRwa=N{L_xVE0O=gS|c#0SozDY`xLw0L} z^r{uIGG;%khi!xSlZaM_TQZmo_k|C23~N;!x!$&7ZWndy*mxZe4?96XR=efxO2Q_l z_&Rg7d?md#_O(+hrGPAXz={T%EvZ|8igB8p{ftonq3@gISbq2Qw%9P8d!7I`AfA}v zQu-sX6s{Y7AfC91_=IHx@M~Hg%wB57ILL~pX}9@yEi2s=zxb*;D}MkRCUVeo4BaNh z${)2z|0bxMGQdd47_HQl8l~-35AT3nmZmqombH3{7OlCp&~*y_*mh$33>EjIQzh(g z9&_0j-cMDSq_M0EF(uY>F)Wz7q}MYk(*l-KZCPegYIX%NKcJ7 zzNHeRg0ER$N~qX`kOFuennn~;ohkX|>6xz3$IA=KL?{=?50DXX0@nyskT(1-5I8fY zameMc<<0Vp7pS1{a6TZG9cA`$2x3!|)@o7_!lW>H&-H?O!f8r&2 z7R-;*EXtA)?0o0Lj#6o*{E?fNk!|3sb}Xs3QkPu@UnW>quooqwh7>Vdvfpr}^TPh% z_l5gzLULW8HCTqzH#2!?XT|8D`4lQlj^Tm1OI2vQ&f}rs0!?$4jey(id{zD0MJk*B zbsznjdPS%t{T-`LN?L*W_;EMqp#>}fwEm%yn4e{3xc^L_^9VDrBv1grA52vf8GOm9 z7=&rwHfZZ~|8*nxD`pv6>JLi7AVF^kQig(ZA69gcL|r&;I-x2^Pz>t+4E`G!Q(mh5 z$jl*v?`3zB=79t(IEV+0Oa}}~dJ(gy0V`$6QN;itOW6>j8j9(M0IST=L9=z3UX5rb zkvW-uPrae+#b$(ih;n_?4B?|aBLD~YXMq5^ISYqyQ4Zb>r?4p*ndA+%Dz(79PuiwK z&-vTQJpZyw;RL2GK-d3cf+olqAMkKB8^MNA+sl2kR`6tI_tJUYPT8G27n9ZHb!ro^ zEJLeqM#bBvdcZl(srDV#<;n6rL}d2TL7mMbx}QtPx?DDL<)7|mOT`wcbOLB}25@qB zER0;$C7>(K@ANF6XTBSr+ZWZR?9LSsVif`vPI(Ys54Gn_)MtsJOxFj1NbKKj^)ls>v%w6 z2VZ?BRofK3C~%9_snlrYnDcY{r@4&zBsIQGR;L|j@LC~&P9Z>+L=-tmN%KI>3C=H~ zdq*=VQ|}GuTbQo9YVp4S09G%tfx9@D}nmDNLJm`z+i z(S+ID=Jo(DqG&Os<^d0mkD0)%c&kiE5KeIg7)Dj1>F$W+)~Nj7fjh1r6QL$h!Q5ROjNqjzgY4JsI-{;M#M^p%$jk zCevWCTE#SBQfn0|P-YNQVr>m@>ZjUr)mA{HLzWUHW5YbI9|na=eJOP?Q|5;TAP;|K ze6{#;^YfCaQ{3-{v^h~nKehiMHcz1!uOQI}Ssma=>4_&}=~Hv5z`!koFXV*%YG|P& z3R5moqN9kpc@|9g0N2Z`nV2hd&jeCcM?=w2Z)mG0EzPF`?eVO$;y2*PSwhthw1U~D z@7G$%`Q_!GCXEl*;@o&P4J4+@p`SJ1gCdsSVK|D3pZ38*SDMoL909L!s8hKm`2x@^pVB_Z*N+1F*nL(ev zL9qSAVmpX-xl9_2c0m0!onofz(HZ=7L)F^q5!=C^4~-&V6)|;CqJ0j_?|D0BRoctz zW|#5=jaY9xK{0r0XEBp?#7He!Dxtt67idUA={m*|(sJcaGNazEXe2&3wG*z1CDf#H z=wxA0AAgxf3N0yM*ivq{d1MEdu5U_+37;EXsv6thw=qZ>VtU_8tK1j9^^+bg7orB}p66{HFn2v;B?vSB%AuNFU#pv7cw5|k;DJ2rgPdZ#z9a?R!d5ogb~#W2+DR)sVC>jsj>zw{r;I2mkP{B z;1qLZ?0mLSMpQ*rCW%fX2eG$*;B~8fzuuGrn>#W;O0SB$ ziUM&Y*ckqugY?uUKb;?9nil3{BQ=B3k}I}E>ZAWfnr8yiMN=&SS(F*)iY#JAKho^( z3t6_{5L{ZU2R^KXDv&L7GYN1Cb8qJf0ygVwSEzr~9r;4&SZcCfKc-MO5ihPont0fK zz$qS$e^eHr3ATgimP2&==4@_3+*(i|5_HAoy*DAOFHwBZ44S*o8%Z*jz44VTD)VO0 zrU=?SfW63V;r7dC_=fy2KV1f!G4egR}9_Z51wF&q2AUKGDj)=&9$2&nDO za=c<=rIqIbr%|CX6}!_x?#X@CGW}spQ`G^8pHog3tR84EXkVIlo_W4q+c+$>xz%Fu z&K$74b$KOcmLamR03DJxAa}dDlfeFZtNS~yw{RRu(@VXsd#`O=f2IH zD5*B)VUbeks3M>$WGO1TSod_Ll`~dkhn*Ple&>=Sfiop_Z=g8Z?@Fs5UGnExEzw7N za@-&3+JFr@gZW0Ka$?5KYwc*KM?LK4Xcx9IHf~ zVX~^Dzq+(DdP{T4VoaV4cb$;LC*7Q5;e0qohFm>X)0;Ey?&>Ywg%&(77;&+ zUhnXp7Wr_j?@uw~;h&*@B%%&R@aK-k*hQ~ll)!n5u|qDAn~R9$#V9a z4AS-NI@f!-hY4mk$=B` ze`5flFfb1af&q~!1Slv0xOJe3|Jzpoq0s-|3MZIY|EJeIRLxsOWfhB`cm^{SF=W`o zGVaEis1^nj!W+XZ5Q+-24rF#oAi)p=10xe028LiB1d7DdM{@*`qT}%Y5 zCOU4-%nBb8Zl^#6lQoj-u%C6u=T?sb6o-IAY-Ev{V=cCOewPUK&{T;%edYW0Y2zjO zRXzHzUJwGRC*)B9dlvD_nZKt_8XW?fUMd|42{Q!Zq3jGXfFu6{@YUOGrSQ`n4`=rsKza-s4gJPt1^6RJP%d0jK-bs?G40%$p>pRz+l?t7Q$2Q?oUS^(z;esdCmkh5981M@p++Y~t0@=I{2oO2slO z)XAF0W=%@tSW2nam$8kGHYIG!19i&w>SmXzHU0s|Fj0SSTh8RVZ4yR1~4< zi{O@Iq0fRteFGCOjE;d2|F6@-7y`5f`{ zV*!XFAPCbCrz6cHP(?@@!!)FMq(zYD5gkX&jIa|$Dk5!$j>pIo{J$Xh2~%%J=n^$j zsJx8Fk}zHEM(xga@}2C_=#k2!!6#&o`$?20=_Ug+^_a2EemJJNuF#;~Xxzs*7eUMC zv*}FS6v^sJ)z^xH-y=s|SxW&dNzmE!#-Q71L#UayW8aEox=Hl`0w_$Of)xH-`kWId}qG^E7I zU;5cxOaW+XOg+%|oQm-N^$vM`Zdjr@ZbvZrQ#e{0IqHDX(Slx8O%k%ke+>U!w=L)4 z`2J2f)NvOERn#q?OXsGF@rI1A9Qa&(E=Leh_@NUq>WA+hbU)yF!Ro~FKJZ5UJw9dG zk)mRn7GGhu+Q{MjonK?z;&HHi=ujS47CVt6a*OSBDtAstkBMSoJwkom_R>CeVz3G+ zCG9@(STzK*Tose&L2RcRH(pHOX870Pwz&ik_lrqSabY*PTsA_aU_DyU)K#F zldUXiH{|c^_qTc7_+!QmuO7ZgH9lsAj)OCP?p~Ra3wr52Zi2fKh?YlX8ZeY$RD;j_-tYV6@i`Z6090b2(0bs;Ceq{p89=>+ z#BgI`^*^4gUeN3IIQYGOdJ8u=2vIn`78xF0KNPq-jw=}WY8?O)|B)`w4C4d98_|Vf4d(Ij1elK9zoz9Hpx&n)s5#BJ-{w3&jw9>>Qy)e; zhbg{hxQEX(4`U4TZ=1>1!O*pirntJNUv@OD=muAv{hHvE@5YMIt5@g&t=JX~8A&Q97p@u$NIokIJgnK{nM`w z+zyF+61#wCYC%*>XMQluh>EsRai^@SZCkwsOl1j&5q?xR!q+jWNNC7Qy5|A6 zu;13(HqGoP?kl#1?`4dsi|x!^k5%QPf)UE*HjgQUp+GJIMr zUmK~GB?~b60gs19Dl@l$w7d%99a19$6ir|shwpWrD$|8`kZUp#x(pydIE6w#Ic~dGYc}A!7f&b44F8_|qRA+{2%3dKIzr?*i=*}P3$j6LQ5f9FZ=S{x z>sGU7v1)ZI9yV;}9w>1;K13;0Xd!)dq1pPwonM{JR7m(h)B@>A82R@g1kW(FoW^qP z>4V$z8<@lohaRn1JDE{D@ttcg`MV($vrG5>&od0=#HpNLe_s6iX!LRU(F8Dfq$;Pf z)xxzTyQg~x&>lK+zAow=2tC|=4>##p`l<`k*)H8c)BX&-ECxbCADK0+PiX}BhiePk zLw(0T)~9}W<)V&~qN)Lpv6on&;=BU7HATg5a zD@uvJ%xS{4ary>Blgp9kx@4dT_KQYtI2?%bbvHzg>)GBy(`)?nA z>=!I<ci7hug&93*&9aqN! zeIZ|-$q~%umA(jZA%9_)ZF{IuSkL5@Ap5yp0q20dCie2=w)R$>j^si39E<$rSZRU1 zru@bl-d?yGI~4P^Iy)cPz14N^Z)R;VHQ0$}m9v*6a6@nGqokIBIhgOdpeCt>yaWJQ z7Ckc$B~%ycyJ{e_is$7a*~gTWmV??x*!=T>zI1n1lf_B~?r={Hqp&VK>uA#g#ELLE zRW1vZrMJyUNcO$6=-7C+5OF8s$Hbf9n@UU7O;3U@E8)gKKdiiK69q^us!r`5j|>QRParcn87|sf9+15FNEk1Sko0qyaJP)QFnqW zoAOw5|3%#+RYNOJIZv~^sU*_3r?sTFQYmEWpSdg_jNY;3>LI-!>5sIIHULc(-bM=H z`u~`WRZ=}wn+PQ zr*0PlK?Omz>(64tKwu>x0PX+?|9@NjKSaU*+wzlzli`0rBw{tdbx_t{^HANu5!Fp~ zMsRaAQKV@CPDYb3xY-ymVk-)6k+zo9Dvb&yw|lz@bW0?VDWfAMHXaiy80lX}lHQ8O zP<)R`F_IB@gVVqKe!B;}C1?5-(@an2de3~${Py2(r6{berHB$aZ2Y_%-=<`hd3p91 zL#>I-W^(#O&`<3krlfEzW7D@Zb=#Y7cLTS_CiJk4dzHD; zibxKJY3kj@0(y5j9_J1-a+^a8vEzy4O0CDL|WLm{K}%U zx35dPa32!43Jxq*W!T#_muc#sRHSuOs#)(sFaHz?wNlB3^joz?Pc4hKs-cV5S*a$w zB2x7S7|3cANTFA3Av8#$BBLT;mO@3Xj9y20&5E`XYG9W}EsKU#P3%tuGyuq|1oTsp z4e=8wq2l5cXg%D1z*4#EinL4#fBxTPNr2Ud%Rl8NfdDEFZm)4)wY7^(LNp!I1ZzS} zq!a8FKFW!er(M_Qwl%xVn?|e4`_{{}ZjrlaHIQo})o*}BEE~<#3IB!CadhdJ!coP; z3W^ogiBP8!bLDzv=L*jy>?N%gVQYkz3~gbW^6d(g73seRYGF?$y%nxYTr1wzz%7w? zg>6dK(!#F_11afHg+dh!RJn@^Ton>j>6_*vk~G#Gigv-{T-MfbFG|QH9;^~fmr1Lb zRX}TNYyAs|O0n0nYl<5I`BLBuW;SYDKTICi2DAJ4woc&+LPFs=cu&LjwOf0)eK=k2 z=gJ-BpR0yT!+m&v-@j+XYH=3rXE$#f{$nA`^5SE!MDMU90onh~a`JNvH^j1q&H{0I zTInUcNMqv1^IsJ_Y;XONTR|_~)AN}L7?k0$YSS`e{6em_SGXnh2OwPJ04P@t&Oq#gubxxbwb_1w@CwroRld?r7TbJT8=dveQ>n{aHP|g z4W-Ho3BgYecw(wbB_WL6&ST^27QF4U`9+qo^|f`?mXz|e8@l7i+0}}iUQZ?iykERn z^FNx~jj7lhBfB4;pSI<2Pcvl#B|nMQ>8i(tQh46O2BXiM4~5!aGv+^#D#OdbIXx*R z-|EaNkVqK-!w1wD#;eG{c~N(#dqcucoDOxoANMs)&U3yz*;l#setX*|C1~uE27AHd z`%fNpK7|^${V4FK_tpxa)h7JvG#fMcqwpwrTkjdC4d7p>J`!c68Czr14>K&y7Rz`> zVeZ>E-Q9%<*BGgPK}9GHuAj+0XvTT&A9qnN$A>ww==bPVm+{Yt{QKU<*}7VKT6&Hf zX2k-19Rjv?42mOiSBhy`0$)8$KH1upG<9OV8k;tN2jll zK_Oy;D>NdIN$`V{Eo_=ECBt;1mROGVj!jZb4(?k}YVPv}>+)3HOnLElkh}mnPL_q; z=k$(mb$!(w;(Eb_Sv@p)^Nps&MQu=-RG$z8)eCDd>=uF`9@skx;K0|+Xh+io^q*Wf-qqXlBXy6#e+6P zr_NzwIL4I5)I5p;GW+Me@@ZbPCf75(en?n0H9y-aP zdOxasxiJS;Q`KUwtq*FOeS$UZjmWJ`e(A;#X5el`FTG+gAun~Ta;uMiGX&Bg9?dftb$dwCF;M*AoZdkCeYmY$^cxu5UJDwV{*+6dG)Fc z6c^qCef#dclKNn;Ser<{+UHN%25@1}2WzrQ-!B;Hux2%uy|S+s3DX#hs_F}o+uy^UoXM+G!WR^Y zz?l{uyTo{=KKGU zp*dskY2m3Ite2g*-$lX0DOFViQNKFOESFTU%%8ib=&h>-fzS9q5BA!xt%{;KuJTzg z(6BjiGnGAE?u?{4ndUtx917Zhm?UTBWhNHH(C)b& zOE`Lhh69&Tv=O~+;v|dDinY(>2)6hAV0GG`40gF^5OH|mx*cbjN^UTo8%?iLpCiCC zZRW}&^>})s4_>wam;!&E@^NUr@VFr4jMSY0)y69n60k{x${_Z9aMBIG6<*7y)Ao>T z^b%~a_6vM)={W=~JK*R0oiG&=X;zDLa0-Yn(UUa9Iy`VUP76AOBYkl9zdaO0YNv(X z9l_kIyn?H}`kl*_Rd>b4HHm+IrgB?Y7Tmh)@aiG9CJeXM@1(!U1)Jt35uG;#SvSZm zMsn*|deXBNFds=4{hI#zZyNdHlpo}?gg#BHGL6?8^}Nb+)S>w$>Zr7h zaDa~W=WZQk&8cb8Cn%Z!JN}$AiVp4gjtheO+?^Q?h5V@l$%_!QO%fXZ^o-XGRI4;S zj9#EjLQhs*4Ld3R9;|B}Z9i?O_*Y$0=sdqa5MYOb)zqxqoFcic03!~@>MPCV^~3*# zFl?Q0upT!Ixv6XaUx^nZhC4$ifYVWAcJ`0mxPvrYNlV5X!$Ni zIPiMzWdcPuh`MTSCqFT*aQ(@HHID*ymBrYjHDRX6&m$vhOB;ApWrt}gmfH{eDO`-#dR83@@7dF|20HU;}gT^7uIBpG}LRUe(_QoB8=qrnoZq zb44{2{6t#@HL6i)F)S-DeTihaW0LfyQcloNaF2>ROcGWtq4Z3vZbjtn728EJ&W@y9 z4Qn_=If%qlKRnyJUtCFMc73^XbLH}1PaEDvchPga+i6~ExLU(7cEQJkuhgSdM(CfJTEE-x`M1wXz0dByG(7Xa!1L)|VDw8)zKcGe{^HJO z{>C5Uk+i(S*`GCwRt`;;Wtny&WMg&P}czl_rgXfQ`wzs zQ_H46-j$x=bt(M+s5ibTCEAgiL#j(PuYoI4F~nIcYCZz%7m5_^W{hn_YQE`RI&L+@ zX9m>!+L4f>2E~$8`{D$AD?qs4Wsq}PO#2jM)B#zqq%Vl88If>+h5n(qJai-1vpzc*5?2MKNK96-S zy&llUR!cnL{-X21#rwZNIyfSsXV;j0J}Jzn%N$ma(giC=fCr1spbCAlu7Jk zT01om%C$>Y!u=#`%L{$?%IL_aW-h4VU_&z%d)kP`7+MkT6f^b%RM*JxZzvlxy9$R# zo+xwb{`uk@EM}gCnexKW_OI1jazcLHX+hEl)^oHg=d6o)vR*pv(Kcus`x9 zn{6v=5wl9M?=0Mq#Us__x^>7J?C>T~=;BvErsABzrA!CQ{{cvCL^lvYj5$346MD3V zQ2rIzYIZM=rf>GE#Bs3psZkyk~!}(h4&qi(vO~t~_dgyL^zt z4h}y>zR5?5Bm&*QH}^xHV6kOjfxS$+HRK=~K9;SAiih~h)}=Tqh|B@Kfw^XFF>I1Q znape}6cNTZ0LxS!zSw@3*X5B;Jof|QVBmj^7-M7IM*bKGK3D*J-~t4e=q?8%hXidH z`saJ%uECo2P4;G=??=be{sMKz_{vl7i9LVAx#U*kJ+tbVY+vWrWLq|6m{08X@DNjb z64ImGt(;FF-y(w908+t(x zt$PYWF}a+Z~EE)lHse0vH*X($CzK6ukV^h?2RB! ztDhC@-1bn_^!E8(<#m5o5FtU-`a}4F<<9!!ktVJ&C%-s+5SAB+dPT_MABmE=lUM1N zH9z4=Ov*P*N>N2hshN?`llBA!J@+flQB71T;F&_7ObBG|a0z4QXXR>5praQKd44!K zj}DM5W&8*gBc^I{nso5U2Ba-5?bL3=(_$LyHG9Y;sAzZ132bf0`j^Gd6oQzTnP(Fu zU9j;7hztAZ?=&cm9im8T% zi;PL{ar2I68zFb=lxiHGb(AUf&x_P|^J7OEGOUb_Fm zrvmdz>r;jy^m1QpvJ$-lV8y_igJc>b^H5JbA0@X}q=!)}w`A#(X*?tri^a~(Ny;pX zj9soAi^*zrZQXZfqUw=hrMR*da_nLoB!-%bQmchh=EW@2O2VnDwOXMkDW_zsI4(*$ zR*__^LcMCO;#JEfTOB1Uy;g1!9$u+7X4z8peB1((`phhwTM@TZRjm3^V&R%4gB8QKimV?I4B(_zIo4L^|$-VTp z7vU+LUW3!O1I*=f@eyAs{nP<~KO}p4RFh)bXo}6qsqiU$g*Dr~ z=1T8OTj_ynp)B3Rz0yx0O-cVu&j4Rig0asp=}8l3N3fB2Yi zW70Wh1`zwXz#SIlEjjDL^#!=BEkglqqpu$J)mbi_J;n6x%xBVsTf6#RkB*n@+}b{6 zwp(^j0M|FhMUB=emwg25VPkHqOUTuDX>8u!(1fayh~N+~W5}3)@R`0aGN^E0plF^B4CzgfeoIQR z*C&-*pwr+*h4YWS<$dlT>2GFA<6oS!9EX{n{^nRd3f!?=*wJ}t@h~hd%U>@}byM#$ zOyu60(JSt;7l>qzB{Z-)9-5F54a&=L!>K;=md&Oz5Mnp?W9`g1Zb+9i9yK>3>5CR; z4jYtU=jf&vm>7)grGj8LW>bRk?s^_x$c(wF{n8~{!%!Ck^#+rOkn=hSRiz!)wyinV zF09XX%i1Y)ZmLt*cXa4&x~@f*&l}~gFpopZvi~)6Ip(wHjVQe|tySR}7Q@hUPQi0A z)Gusd;OFwC{0j3oa#Qo6z?yFmHp2s6x2L4Q@M!e`g=G9AuvoPZ@5dkN2WxG8Fj{~1 zlhWhw9hz2J7v5|*je=@t4;Pb700gZ4aZo8|Y(hG?V3O(OH@~V2`2&$>p6Xzpfu4M~qS|Nd; zBd4S1^=F6H#q2IjhI|jzIF3%kI%--w3xm|W+FXp>PI5P3Xg&XXB4V={g`A@UX+`0v zj&`Iql=Idj1=o5SjR>jSV#Hlc8ld&%PM$^I@eOr9~UVL$}x#y)J{^n+ermti&^lhgQ z-795eYCzmbUJ~;18E@h>Lb#;6lzXHgE+dYz)+W3iXGSVL{JC*SoBUn~hmCXzJi{AK zI0o^oS1>sMW{IC4la{C&?q|&(8=HGt6>UQ(4N6YMV^zuvAQP{ ztwJ@=2C;jye1NM=%iT*RM|V-JF3Hsm$6QsWCHxx3<_}gSd6UpsUn;3$$v9a#hFOGX z@-}Au9%ZYcW!6b8eQ%`pwj=VO{BYhD9K$w5-ai)31Yf<<`d!Qh)rF(re5sjJu7Ub% zuzQ+L$g8eLnN)|7c^@G1xX#Oaq2*oJ@tX{&rEcLJl%W=Vo2WzD?0xuMnm zVZ|T(a?#GL|q)Ys0R-WPQ5 z*hx6zA4!}RkH|09sQabZxk8)p6@}0mGZcQ%QF*U04d$v|^vkM}e2L)=-$kbV{cp(i zQkRTN(^AJlEv3Z-OrtSpE^`E_Mx4Fd6PwHknYZ4Zd7H|kj;4Qct8<&pVyh*8EWDnlV?J^_L~5v6H#r8-;n6uZuJ(yJ)Iuh2#nJ%$2>gZ59Bz3xiA=T2 ztDfW?CVNsIg`rciM;;l1XoO68v;;?!=z8uy1^k$xPY5(Yo(yPgY<~((rJCH4A#*v9 zLXk#wDY)Yd-xx7`PpnitWo zt3AQ(avpo%=mTVwF4?K-JF=cTUgN4$Uhg&AS*#dDZ@NawvU><$JnY^TJ$s!A zb&aV#K-~GPT_pLg{65lcLO>M%1MmM89K-?h&LU$h064#ERX-4{A3-xgf`S<>0rAAw z^E5)Mjfs)XX`vgqB8c~scpWbO({NbRw3n%u9g>vPDruHuQn$2L{PErTBBu|Zu!@`C znQcwC8u4OhnPuUx0{lk8zkV!<99ldQ@MsIVB+_Ule%v-o!PNWU1PAtdO?<8oUij$m ziHgm7-$SAjolrihdOcY0xHECLFiec#<3%195DS%kTlCVat&;dljT6+G}@Vva&)JxM+llK~QqS9>UTjp)$ZTvv#hyN%qs zLw8cJye?sqUmM7*#2ntHV|&QmcV{r&)9Ic{*Ig`<6=m}-hMkvOIVU50bzR=yd{pm+ zL2qy8QT=$f)r~G~KjBY<{|bv4Hc>vW2c7-*c@(FM>fQNimHg*xdlV zJA>DUU@gT$!$8AiYpWt{9FND`3w`%~XYX#rB!xqblb+oSDlud?pA)Pbdf)N74lxLq z^u-6Y3;YL-NrW2pM03*V)XO03tO&g9I(@hMn*KJJbSmm~wOzlS$d^Y@`pt&B{Yv=# ztealHC-A_PIkROkOg5*oWaYL7MF`7qI5~69;>hXgp$wvnPuAHa2IVESF__8mwS@R^ zUCB+8Z{qv;hRe9Ok*tho71KT{eV(z0)0;>t>+s6}SaJ`}$tSnl97*v;6eElzqDFk8}kVmw!RwoE&>PnTqineko_USe4vz zsN#>@2;4rW;Iryd*$auwAB)@#wCfEz&62%(#zmeolKYRSEm5#px1dJs$?f&F{_8jGZ2 z>)Un1J^FrW8=oJ3f9W;fHlK{JLZp-O+G)L&=iodA2Zi+FCxE~{To!8ZXTlTa=Tuv! zHysC55O(YHnK;4C z`};gDi`XT>BH^bP@7bc&=w9zD`}T63dw;W{ zNMf*yc-)&d-sLw8jONZSnk3Z8el#%v2*!)=11^W?s>T_uA3EQQDg-;9eex~NpS5|D zOQ<}*)%|{2-FdlXzE#uVw9q<2r&F0y8FCJ%mTS2T>I9COuqHmv-3U@G3TjVXhki-F z%susByJGI~K!RP6FI=}H#l%y4x*~?5bKx&zhK8;wsSt8ZmxR)f+E>HjR`eVFGotBC z*`oVDmUw2B{Jl25;ZMS|-b{_>&KucJ8?Y7D)$y519o1$I;!G|Th|1sVB(R z>t;UIJq!2Ib^m(r`#b;MVLYB&e`>7jv95!(%xPU^aRAacK?m}CH_PI!yY*XY5a)Q< zCP$xp*Kn3v#8guiuWd{|sQ7^W@ei@=&RV=*(~Td}5>RC73XOf%`zimb zgkb1n5tm|CqTMj7kYLP)$XW?UBzS*Ec5&6Ti>X7qg4(wqOOX>VCUW6zNbfvqDzO`D z2=Xr2)Z_7p_B{?%X{6N;P5KSZ(5S7p3rfbzVBJT`aBa zz2)3;0SVENfdB>gNjXpEuDAQ2r-RV_vDrpR@3*W0YnkY33(_0ygGKcR2a$tzPl-1Z z`Eq>df>KBm`dSPHPnE3L^O)EIAsqKwx~f7a)*Io@O=;F{Sj4uc+9fp>5)z;xOGWZm z7vv%IMMwDcQ)>_99`~&_h(YTiHS>{|kT3^H%Q0HCazQiokr)qs>+ywt5=1~Qk)1lW zK9%MzVzW#yCm?nTG&xU@dpe;!BdI()l{Xv}G7u*ivAWI$`#Gl269exN>^ zT*8KcwA?J zga=YrhKbEevN@ol+gQL6MfX*KAxwdX<|}(}Yb?4~pTX=pvIfPt=u_CO!Ls_kil{s9 zj9#+lNdY}-drx+H#UkGQ4%>Fh|kl%t;mw}+Q5T$QO4h7t%x%_o)MiTW~! zH$4~ov)#QwCcvCT)C+2(+Sw2;7tbnC_M(nBO%3v%mIh9u$iiKZ*8V7VL!Ff=z)Qq&za1W>p zFn$J#nNa3RI{!DCWrhnXsSm6W)a|nljs++SX6qsAx@^^W?8ExrM#Ewav-0D-qq-U= z%i-+p(xVxuf`=Hm`a>lmEwn_$YO#vWp??vWK3aawKu-(*-1gEMLs7?Kjz?KI38+v- zr&CzG$8d_ht6(JNS8#hm2$xP%sH2qgfyJn`UKK;rfr3vZmp=O6}e+em48Lh-ar7=Jh||M&+jEZm^p1^nsRnXZ0ed_ zgj(nAtg9C(jJvY|T!ItHD}}p2#JI}u0Cek(+|M*rX%2D^d%yjf{TzJdYcKM~OLN8X zy#ldGWlL+@+De;_8hp(F^@HVg9P@+5aThLR!d(;QGa7_?Ccw%DRz9;C-bU4Ckwuq# zI+@#PYhF8#*o@xq#cjzG=fzBZL`&6?-cU!3hJFwFbZBwHN)kpFB>^w5wZKtX2A+$G8@n9NsVLwm77xZ7D+-Os z)Ap3{e)W+r(~s>4ZQJ{Gf1|`B;Vep&@@3J`%0Sz<;42E*FTjHehxXg1bc>aZA`heI zrA-5hR+}#%ZC^A?D9G(CuhQJI%4IF*S{Cq^5erx%EH%lCohR*B;z=U67L>bGsHT@ z>PKfd!=kpR_Al!fZxL1|)$EG2K=$E?Y(qfh_x8Q?M+*lIoL9xLrGsm8B?|2_+`Z(D zsce%I6WNi$UqFsT=+plub^j3&{eQ^l|7doy(gy$x0EUrX#{B{eiZ!sDRCln@p=AGtfPmi*R`VIeDpwn%w>1rg}=fJV(gkKp*= zunz#lkL*PZTOi`V#%hRg#t@KlO4_2As=&a;Ti3{)NLvk;mM)X#>qV}&jjL(f!mi)z zkE3nwvs|y+yRX>}ClC>P20{b~q9-QDM8BjL%h6Pt*>XA^+^muRqob7ese|+fX+oI$ zfCEcFxlo6ggujON-O?Nc(7uisd0IrLzP>b?QV4;U_5Qao;!(y^U)&C9G*tTLDWb@U z1VRGA$Wf32-6Avy{LtaQepW@H)W%D!))k^=712tynlGMAYN{5C7E!d)+m$L0jDS6% zl8Q`O%U#dfAsTf?%OzN*Nr@YU#!MYheJW$s$5I(Wt?D)uhV4XTVKXMxrmM!L&1AEh zroI{z$0%3R(x7IG%s(r`Sn4eqD-5fO|3^nhXp&laxx*w+q-do>ZPB$XO*7WjLm8WB zl&l+)Yg8&|RBIBMEmTB(@tY>^rzfhRwxeWrGBc2~5^}Q>Gja->uNxRdvm+Mj(OPEp zRe$IYq-Twlu_5|~ks*h%h?2&MSU~OpVtj$ z?vLwx-M@`@g^QmIeQ^(&N3b7WCi}w3#9ovggZZM=sCif5ZLC4QI-hj3>@3#x7@3t$ zgiX!%1&h*`(e5!N{#HOnXNo-5Ey_$@pOC-_9^4U7dIEy(2niv?;ZdxTqd2Yrh|h!{ z>vj>Z`9yvV$;_=WvqK>X?j zy_%(=ELIzcs{p2CdOjv*@EvjNb4%w^+%dD1^G_@7#E2uBQzr5W9Q4B@|CMi#V^@Z7 zH&h*$D+CFF54+DuG^$@ww%F6#0=WN5!X<*u)Fh`2Xt4`ajKLUb$>+!#SEKSk#(Q0C zBZ1@tb&X2E{?>YCdGZ=!=k;#yBY3i#yVFx=j5GX_`r%m6OX;JChlTDNn==AUt+Y2T z)Z(oM1ue?E>y_Q%<-NTsVE2wM-+^K&{pxO`n0hru7oSRkkh9XdQ&?2lumX8JiWuef zg0cFw?v6?h7lSdpDEFh#-D;)t{j(t;hZ--w>Oh{whfPi|oaY7t)7hhQMkylLZGisG zV${3Eu0kkK%Pq9qv93lC5s0gs$xnOHCP=)VjR)J3EOyulwuAhPT*iNuNgpbg|CnumuQP#$NK%+e}M_RTMgVw#!x z?7kl$gBoqV5%eU`O4qjHNl7Cgqgloz7Fh1#Q@E-kS^I_!_lDyt8@H3_+w@uU7sTZ{ zIp(S;3Jcp!EupKc`ukfv4i2D$*}-va!@PQsF@2EBTDTAc<>GTGU@EEq=)vca-Erhl zxl6VU8e`^frMFaWa=2bF#e$pJ*VgCR=hTZ&vlg&h?-0NaF zSxn^fkM=}k_m`1k1bs?t${MD2`IlLjnXd^dVf%>olHOiC)L7spXXGiOxb4kJuPtA@ zE`c~K_|%llw<>iaf*TUCsy_^GLrbl_aX+!)UVH;AMDm~fAwO|#Dhed6YHMY8RY`2V z^=PU}?o}APzeoEKUP{2<^v`c`*`JXj2kOqaN$L-qm+RYeSn#;N- zY0Gj(b~QeqZIYB(7TR$!g@6B+k^xVYMF1rlB;Xe2S|BVHtiz<;&4AT8O|X(CbJcjQN~`Gv!q>(71+)9Ufwud7WyKO+F0)>R z>UKWqh%b6ND(Js|C6*aaeKQBU6En!kiY33@PvnGK@vjqu&4HfTHzH6#zwokSUpjE$ z&cK;f4SCoLk$tXzNJbTvtSl^^TBm&<@tl6lFAj_FTI87FAiZMpdh=Q{`DxO&dUP5DVgy3Is%G5R&j;*DHvS zz%~GAn`Mh;o0dgQYwJo>%WBE)swWuyTi>r_eXE?^UC%%An+JIAc$)L>E$6O#@6!hn zVRbcFfB>V(^V^HMwbpmXWk*c3UTxgFEQYC%qC>6yqbcQ!!@ly)5cX5V^-9kB-hDYcUy*3;w zCjFLX=Ncb@Fh(I5T=HShK12HymGCJ+EaZKBuq5G!>7tT0i|vmZl@L)$Eufb%AtF;n zQj#(jVUpxGF|qJoE-N+DL@^N90SEDu?)} zn3NCdfg-*}v6?^6;D=h!8uegM&oM|Zh9S=DD9oYDV1zxHDWVeux*^^JT7$p3#J|xT z;ZKCgu-7n@A!$RTx=goRHR&qiRRruX_^_BE^MTkk2~WgMF#3VaIE3C{9t1%k1Sg_& zFai`&G6XqMggH@YIO*ZPswstg?eKq4A9OhA=}bMDBIpn(rz#OOf0gF}g+W0}j!W~) zo=BDmtRXFDV7AEQ_!C=`O)Xpm?&E^|!hE2CRhUk_OOp*IpZELe!5++Sna(uC8KMcX zTCBHWo`K)0K`(HAsQkjR$>o(oZILGllX!$t&(YI@m3SUz5iYk)H9gD5OB*n1^t-S`nd1PP@Hr@T;|s~axw^3amh z$!FL`+0y;3>pPC-zrn$l*$o8Nb8K_1w^Qh~gBzZ!v3*&F06FzT`b+{EWxyz}gR6X& z^nO5-r1J)g$i{8vW4G<@Xu5<8&&CP_9<1~>;OzG~3EO^xBDgT+++Ar}}#zIkA|`XO!X%@NJOyA~GB+fkuF?b8q9 z1tEeON%2Rsw=pqL(U7!pS5=i1i@HRdv9ffeUkfVETFSORqFu>0j!7gjfp-T0Z@x-Nndo>sN-=cLo4=7*??;f zO3g^@3_C8AS2umDV5fio$E}Xu&>NX4UdbWF@24gCH#ytnQ31~2HjqIa$oxp) z0hIMi*T{9cI`l1}{0HVlY9*(y_FsFFl}~Pj{$Jz3KV6lrjN^EaW(1H}4@bu5_O)a4 zria>+mXO6YM*^d}7^#-qMfP#)Bkgw;R&o16@Rgpi3-~AawKhguSDi5A>9@DxHZ$2e zefWF{W-|2~#{lGeVZCDK*2@?b=-*Wa4I*@6%!7q{qE(nII@XLJsk}sa$sm0bmJ& zmGeko8<&B_#xk0np*aWaYPe(W?P~b2r-5;Sa+wzH(%MPDmY=R)fn@m!%wz=#5xa*@h^uaYt=`Xx?jo zsreY4S0iFyfLzecponq=B(cF&_LAbFj-9}3a?4;cXSs%|(^TV7huWxg7S0`Uyx1My zA*2~*iWxZi3wri-XL&E7eck(NiifH!u8`7b711>4A-ZEcCE-ccqbj7_?uF&YvZsJ9 z|725!YL`-O&ke{G)Ii4g6D4A~w3SsQm5`;Lm>HWoIeaQVNII*VSPL78ngE+30<+mR zN5ID+_Fv^ed$4BHGs^6@C8`k6b5SxgGlqz+fxm_W8Eknks>RGi4WG&^4oF%iP$qh- z>8#KC$j~uL%GY9?J`ynt6V;Km|6NS@Lnt%fLs>Ra@S*+Q0o!)FUD>(f8S6;&PUPEI z%u}(#>}wX9#;t{TtJE8n(Q19d-G%j4Wz=4Nznl-T*(IfmJg1l!YWwH;)uAlyw;3`v z;C23TxMoRE9B4}8C=^$pt4We(Erk8H?8@=c>1pGh7+l3=I%(I69e%h?gvFjzwDc0M zMkZ9VL@NI%GKorR^2ti$8NFgy4K?&g3lTLLZA^aC((JyzRA*0Kb7UnII}$77Zs1A* z2L(2qRBP8IZ&YzgOjgJH+1X{IV{2R3ffxrC%@C_I3Kx9`vPKt=$NdegpT9`rQv3&p z&(kU;KPpJ!n7wfcdCz_i1!c^15Zn;zCpRie&&EKU+}t=b7QhAk?W)RZ+)VG)`^(|N zRt;_BdqaTx9jCU3gd)&J$Q`COMO(<`F3FY0Mq zM>5*9azQ$WqCU2}l(Ty?Nv$Y0EQc6o^* zuryshHz}#hn* z7Szw$&@bSyr~_r(?8rG0l#g1lJjnL=U?hsrE%}sk0!p*IMAi2oj;4ByI%L*d#;&p0 zUx={zi&-jUWpyG5v-?HeOGrNi;+M!NzSFUS3HzZoHTpcB!n(HoXbF(r=~xk)RPs@c zjEtOQS@E&qveG7Vq(;Pt0+N*9vj>-Z77DXUS)i8zy`w8ckC$eNwS9c8(G;ru} ze#c&CfKV1T*H(#h|*z_8LojnG=j z%KUG^V%g(0X_w&%6clA$9U+yf>8Tc-80z%OXHa0Z-)-g^B$~Y#L5>KeAJS{Xw)-6s zeq*u3U!M7Ya3Q@<{LmmxJGw$i>er6gRD0&8?e#D-hfVlUl=KQF`bR~wK2jPe23h8@&Siq(LH@f zZ%@%Bx?{0ftmLTD&3rFnfaw(~wP7j76f^6gsh%HwH%-9p87w=lweZFq?qBD5!OlG` z3%2cWG^XomAk#*(E! z$fjH%2v*Rjv=B(D?(1CHkb?Zs|ej?<*)r!!^#qSY8#_ zf?R^Xlkpeq^WYU*I~vd>F7Nj*zLfKBM_|W)ln`hLDqd{IWQ$wBR1G+Y96!F=zIXn_ zfj3M#{xLxmz^mll^-cIVT;w5PxU%(Ueeke6);LJXenLr_xZa( zpzNEi0MO@++43dXtnx@5l&u=yYZoaCdTZ^%TBSwZ)Y;Wf1W(yR3b#sIDJdCwQg|9QEpwqs{E`mBa+Bf&gi3(ONrdb`ZWaeG$9|GO@& z@~Y-bJ^?ra89~5Fo8+SMAx@c2dm&DUI#!Y+(-B&&X=AI(%i|U18+Z?xIa{dJhy0uT zg&HHhIzZX?2N!@VJ}<*t$*H510HG_=6|^hvy-~T%ZVXce`N?JF#?+~UTPrXa`kSm# z{p2JZyE(*#OEqf`s50Hl9!5avVYX8}_I+xa=z54#bu#YohQvk?Z0?QM%{tPQIWM9@ zm*rtj_BAhJ(&G3`OoC^6(2R5}!9*84a=)M;-5&2J2-sdpv@xo6@lD%dbR5GI%$fTq*Oz20HNq$bFuomBvX(O~MD-;oM4td`!j! zNx+&ayfqFIub5pnLp5&FARhGDZ7%koNNIIK< zmd&YYV**;WhK_di!nUh3#sd33?)<8YMzcO>XpitrgfyB%CRte^Mm`mz1xMkhW`p5PdMxfmZz z?ck;aZc?WXrd3jAF9r#Nc?ky7d~Nk}cty4Gbx6}0-&bttP^oXgwT2~dqYlfK$=E=1 zqNULVU@R0*2QJ0NZYlK(@ATVF)UKz^h9L_I>{&dpBZ@-Dq;WoEnTM?P+FmSjYLICB z1F_8D&$2I?Q~u@cfCsqN~QNbMm zl#$bu3g`?d9bHK{aHS8e!l@Ya78Mv-vXF%@=_G%{%&&5H zF43aN^|3?a8gXHR9Eu){W57;deu}ZGihs9e*9+Z%bP(`<8~AwhlY^M&kr#Hivzw7h zN!aJAF~)}Eu4bFj+N{P7+wryk9TK+h5rAEv0SSTY-K(I4i7HCDbe6&5MmCWNge6j8 zoHtp5rQPIuvgFeeghD=nbsjifX;jvt?$Cgc4iYV#zK$NW?tB0!ug`z%FF)M&rvr)O z){QTqI3|e6jd(phe@$UL*+@5O*VDhEFIPz}o|C0Bn{0%JYU1R;(VeTKz2gZB$gD!r z^~ZI>xO?bC=|L1nght2M%+$=1F_N*dfkkg&3t~+IFWO`{ua}Z(Wr~nhq)dsZzFHK8 z7nwwghdK{fx_fn2P$8KwUZ}8$K+K?zN|Gu)1d(UYs-kdWtzgDsf~>sjpX46g zyD3LcYH*oHm&r^Fmf+%LmMJkVkqEKYub`+wF*aFp5wnTGEF7~%c(D|gOEot>!EqL( z7eVF;RIAn>M2-YV%Tm!=7r`$4Q)Eb#bexOZTlU$Rhi=?7pOUBL*V@x>ynFVb&;JY5 zb;noD=+@W1OhNt(7^E8h!TH6kpo=)Zx`ayEj)o&2o`NibRR{b z0;x>J#fGok=$*J8n+8m57gR#RFE~ygsx{rTSv=fXgvcQpX#h@-aB^y9aO0rGchvHzf8cf4Q|!IClkCzI+sKb z>O1%|^K^ri?S;FYgA$Rw$28My^Nh8Vd>eATSd=%CYuI_0%*Q#~qPO;YV3g58gE zLgs4tJUJ{trf;&*WKQ=%<8GhW3-+V=PWbtDnFabHebw^5p`yKDT5pV6>StKrcVbJ? z?A%_@1bOA-9M`#c_uM#g(#1_l63>g#E{HxUExPPVau~mYkEPp}64VDJ%QNG56AsH> zkT9Rw?bcnCR6^t|DxmT>=8G}OC^4wGtU&2(sj6%PRizrpff`e-K!Os#+$`<}uRFsJ zfJ75GW+<^xbSMrBHjs}i^k>OMJ`zfT#Z%9*6v~`w%+!*FAVDxzp1}9f=QHH=-`NyT zH1{&kB|%t7R??b}Fgcs6Ty|W}TLHt@U*l_}M~T|SDB%=8O`;*&-47Mut|5Y8!mqVN zCq&*ZprXN`8Qkm9ufc2_*Ur4IGW04%K-7BY`aiurpka-!r*+q2kI^^D4u|q% zlDyLYrPh?0@jqf-{|~dC^Z$yF#Un7t!Fl)Hj0~H-sqq^SKr#RVRMUHj4P`t;6|k1QC%Da=K)v_>qiA5PGB-peU{&0uKWLl;b3;Bb;MV zLJ_6_Cn$V4RCu8~B55Hb6$EAwMOZ|n*>ZShdU`h=^tKw0X84Qx{$8~LSebVJ6|{+99?LU{lxN;eRJ<${7@qZO%f(k zKAaaR_fNf~^}nH?@3apu&{0s4kxh-+OeUE=?NoF`6a)-X2COEN%W*Gn8c^JSLKeM* z?cJ@7?c)czr_~CYl{qx1QbWcLHwi}G?-@ek^zz-p`-ryn8V2Wd5OFWi5i20VA>vd; zW$TrzAz&hvheO3dsPFB9^}_Sqiu3A-xTe?Wg%DBC%ha0}Z9)bKd1#~#Fq#MGX%^)e zEfR$gFV4y!q9YY&a(OtZxcZrRi1ZuzeaRdh$GgIa$ge(S9PM>m4HJ)$K0~Iq(KN*> zico$I5TW$?DDLv(C8qe-x@dTambrub@i`v=86)4rG5$mok0K+7M+AdDFfvBelaL|j zA*c?s7=ke-rHf9JS%=F-cm&fLh|`eZgo_Rv3Q5wC;y{uQX4n&^BG(3EHw3CnRugSU zum*!S#H!1=Bl8V|4aVL7tLY&yB>q1het`%EqHK9M1W{x-nPIrPkjyZmUIb*qE*|)x z0RkN+!m3C_I9d&QfuLxREQ}>OJ)+ex>){kwC|EDp2iTkh^&_?q&g1u zVhp3`2^T46hS15k)FXH$HjjjPu`Ln2BMl0pgm3_3H)%|8GYW0}p1)|-`Jl}G4I*@t z%mK>xVy#j4qEXXi&`z&^wH1%n-0ngR4Ky=eZlsAz~ zuO~mRrEnX_B)vg=hKPH0!BSFKfXIG+i&KP1p6MshX#dWT-3_o|2uj-ZdER!!bNk;i zK$mt9Fh-FHgGLt>2l@VPc)*#FC?A~gEDolsC*^9f@y2fut3X;HO!Uu_66EGL?zLJX zLdURuOKDc#SmY!9nXS1>{&oFDXE>{tL1gwBYAi9(L$@{}jHaXK^*m1O{wQU~iUp?= z;`{{70}hxTF5DKG(4Mi~e{B)O+lg3C1aXkeY2%trL5e zQ2dlQ?X9as9yE7;^i^TvVjc5&n9bqgNR^kIIEQZRuvf|+daF%5A$i&sJUK7I75xiC zUp0TDeIMcunF#VIMep+h!sly*an-j#u9QN#k=jD*Q$g-rI;g+hiPhFCDbPB( z`@@bVwJE_)RwC2BLDsoRjpoZYAK!$-5{1SR~F0D&9^E8s@roor(czrL?)PkabQGI@ry1`gC=UWuE_^AK$+^F^G?(+q>Icj3!OL78Tt{oCrrpR0#lu=%!OY1!{@U1zCci^?U zGl1|B0H`Yi5?|;^b_r#pxFP6Y0AYc1fIm>`7{L}g2&yLO;NEB_ln-3&G zL4{;sCklJ1IX&}KbyizEXj%o_fTJ(^O7xw@S@f$TfDEV$-auP#;3)_*;$zn%@d&$$ z+;8_MIFHN}YEKc?ds-wuY;x-;D(H8e=PLpMao8M|K^_HR4 z4zy_hqA^)nNX(GL>~}q43>1TIJ7DY~1?3|%uU%vx?|buqh-h^=Y%hPv>iCegfgmHa z5kQeV!`k?&3>f%6Nun7c%NZ7-nvO;0UwAd-gJFwt%ck=th>7|%Ns?X*v$+j~=2n@^ zQ(aEZfzR~-bzM81ig9V-gu-dQE5rc=bpH#YFoH=blp{?ipyo91T2-y>74DBGJSPil z+c>s#QdK?|XxMAa&-Qyu`sxeF_U{$uS2?W}v;s0cSe$mX?4)JpXc^d4IWW`B6iC3aO4YX=21p0N9c{lESRUmGCS9x=~h*+Ap({wX*E6+$N zoz?B8ck^kRz70ZRsA81^ot~u7?ay1!aM?1Y9FOGfWp(k==S5Xj%T%QBUz~fYXKAA9 zO_ZEHVCji1i)Ng`fG0UK0pmoYOrWsJRt^aD9UnGkQF)vve1aR8!bmh|HMY$-+ zEKm+$Q57U+3%n%wfEDXAl<0k6EVGRFMC+AB3y`ZorWYsV5t>)$^H9MaWw0p%~ z3Xn=tb9?8OcR3s5UOek8YDdIelnBkW(dY+c88gWY+AaZfi?Y4qjp-wLjqnsY%3^fDl79F#YOKeqPWSOlqJpNi@za-!2YK2@ZN{n{3!^+le*#VfKiI+sqjg#CDLO|43`i zLmbG!)M#4|fKTR}S2}&6@7eos&qI*+xc86quL6<3bf9$Ng@@=8W_Kz6(zPs*D}4XZtqgv%Da7$bMebcl2#YhMW7u}t zlmLIG$n;6VTbBS|VHM3y`FXq}9cR0s88yuN+S&_DY%rh+o$rvkxTGEH)IgIR5Q-DK zOlQ5T5m z;+ALv!xrHin$uGU9OVepP5M_r5?xHaqfQGNq~{C&L?FwSFS1Jsy9D@9z}-Lq#&uP| ztV)8ha2*EDSQ|C%*8d<`+E67A~tkSzI$1h&%OR1Dd`NyV~q4M6L4Uy z9ZjV|ns>JRa(ohV*IBnp_d1Ym6X8}X1N|XG=6=S6cMo5Tl+!@@7WP#FN$fihp%rt2tYmN~$D#*u&>|Z=HgBR7X$I#AeD9W3Dh6ky5 z3TBhnLef7b`ncX|w?Ye1sJHj=>cIBusO4OCf8?@I;$@Emu1?s_D4^*&yEhZNBi@PL zmDf(w^*nPj#*SsQnqxMF7yr5Dew`KgvPXV2CVFgBt}~V6uu7IK-Ggo9O4i_zlVlxH zm9%p0!FqX=48u(LQ&;k3>FMl zY=>dJ?L`dd0Gl0z_9>-Xv#iGc2w)9`tttLvud7DGIft5OTX;R0W}FzYQi*^-1yUH7 z_lwCi)G|4HJ)fSlY4}Eq(%$a5(iiJ;F6|c0S_%I+I5T^04;j~gBBb(mW7HCn3%=e1 zn7QA=)bkY{<&ot7q5LjE<9;cWzIcpl@o+&oaY5tx@~Xr{Ov}uxlPcfcl26lC&XE?P zX2(bB1jW+P!9<)xy?fDiL)0EVab7J5zY=>kG$z)3!z9@lFJXic6oqHEIhb4VUmqhRZo8h!t%sSR`l}RjibATL83KVr)B>b_QKZ*XYM334Mu{ zz|gLCmrptkKUFtdX}lGeyQrJAllQQ5o&mke?b$S@GXbvWdRLv4X9eT-9G4Lrt}L5_ znO8EKNYQnE#_E)P=FT;j#d`M)%5OUbCcU_Tl-9Jv_jauR_&#FQgK)Hk<^l=6B^^8f z|3J7p)(qV-KQZwSq-6;QvPu`|?XBy%*9L2Tp+65wh@Bb@t2awEn&q+ov5)#%7!hqM zrO~nN3QjsDBsZ3$8{F5!-6_UqCJ6N%mIswE2C=*1^Da%3amuu?*#SDO-Zxrk%N@<; zmkxMhgT5Oez!Mru{e|XPy(sKCdb9s3t#8kzGT^1Z zX~W2ZdT}qK>-&}YB47>qFHTKXsS?vF3RY}0Wo3m#%5mWuvfdovTezw*h>WQbW%-R- zVh;z|5SVhZggSXUgH!p7xxA|C{_*$?}zzGYK(vFPxayDdi z1Jcj{@JM2Oc?P)b0U*w#Urki|iV%n(JiXhlBpCxRdm6i`^7B?;vx6w7)N zSmE87!EZlWA3VicfzvHC)9i;I){f1ymDA1mE2Qi}o=@$s8i_U;b(irYV5dJq9XD{s zs3GaEItgnRU@Yn6wxK`*A>NN6muSPs(ConDuw1$W;pRHXjjoc2?9;et}UzVN5 zxE}Gg6E)D8quj$NNUso1Fi)t(PkG#bmM8P5dFOPtoF3mvIn$raBTDcvVt{YM#?i8E z^|_Q#6%mxiE2WgZ2BAo?Iy>tf zJT(AyYUv`B>|~=&+ZHW0-VL3!C$2$c3^T9ZF9@p^R>`3*45Qj*Px)lz{%D?HkOQA zE2)Qf%>MirFv}0{zqyV~|G~xlKU~NE!N2_fZbJR!>16l5?Ty&|uHozZ0{{X9N3^0E)u=%$W1pqqX+#Iwppv^T!!plCAGXu21NP-`+!BwDyh9F* z0`fyaAP|5g#s?!H0YO6ch#?8lBft{^9un5Wt{)gg%UthsG+^EQWT6Esr zlD+&K#mc#Y+h;k;bzRL|Omi|jnV#~$`R;w+9+?R!C?Et4xZm#oBp(+i!-m1(Bc?rw zWU-T8r#(r5emw0dPOKb1fnXCeh7V(sbOs+YO`sRn%fT}|{Y3QyYmS-b8j15xmWrtj zk@|T<@WTtjEJc1?Ju~Zrdcl4-AHsOud__6DzU7yt3c#FWo_8UD^+5OlD!`2XvUGL{ zWRLCX^`lRKK3393WU<+75vM9kf{Knf-locAwf3_3?M%o>9pmkvK#!y_75GmfquRrh zIKq=VDvhK(YXP#$(j1;XM0u2iXgd(H2jz{_#6OfU*(NA!6DEw1J2FRtGTD}>Qynk5 zQT8RzB|Sj5qZR`7CR5X&Iw{5C&g|c!MjdYp2YUBPjGmE^*mp4TX&mMUmPP$D z<=#-WuHw}ydj~cS966Zo`!z-jZfoW=7;&M~Ro2jK{Z{CU z|IJ(5AXnYcrI6O9rq%;SWS;;Eg?AEQt|zv{u2~|de(+PC1^UuEP>8($4p>nAjKLdH zc-d|N`&G3nGg?`gRgGp9(t;=CZ}Cn(a~3NI+8abzjj0YEzQ@N*vYtOhJxVqB-dH*6 zGGA;n8#^a-N-79H&QtaUFwORg=(-kH;oJ*s9-i1(k9aT-WQ(@5{Q@C_w;9hcz#m)S zU0yPcFVeA!w+k87D%m*F>s>>|g0bQw<|SS~2)RS{xqn|J;yy>I-DqF#ya|5@Eb}^> z%BWeq8QsnaURXv7R^_h_Yj1v8-CvXZtOg8wL!lQoG2XK_%`L762cnLzkptz*EcYc^ zio@QF8#l`KlP{IrzEL;YxoZwxx2s+wlfySG8<&luk|l)n(Ptp9&=}x;Rb=7J{rH%! zaot|_iK~C!a04X2W&s?QLZne*akPbd+GC}5c{+}sM9~}rvYvoik|+jHXznM^(c$Pl zYn6!dH}+}(C=+5KKDMMrF*1fpM15nMdMn_FrGsaKF)NFkNrNKlF&`M~(QVBMui;2& znlh#?r&P$I#d|VQ`1FV$NB=^ph=6KZ5mvKuoP)$--ZM7D8x(qW4Ev|Z&mGHO=gBYd z=jZMuS~H1bPYb1BF?LvP$I!~y;-9{{Yp>0}!U=hS^^wsR9~vmJ8ZZ(@vK6t4(=!?PU`g81Nr@`R zDL5=cbJG=jyIVYaD4DgY=2Npn3Y`K1ToHF+OrU4#D#Lcee892*s%cjKYIa%ckk30=O`vFZD1S+|7v z(*l`vPWo_BKDc>!_ZqsR<39H6fxsH{r6hJf+th7X(#%9UF% z*{=oQWgsYJf1?V$w)$_n?vG44QID}OSLNEe=ip4xjPN_`z0vxXnHzXK_1Enn2q3E6 zvInGD)6A`1KN#=9oT+@?97URiC>W{ktCRsw^+8s1iiDur?#UiZ;0x?Jl`Xu+G^A?S zWbmM(foN5sojw86J%@^^-$u8@X9)J%`QLv`FwR`1Lh128N8U`ltZMCaI7e`BHF}!t z4d+om=SRPu9LeYAaeNpB%YF@sV@{uDm6#RJgkyP&52uzZ=Ua@9Ue6zQqfQmQ>Lx_}&0>%dIm(r1pR?oJR$Pa@0-GTB zQQwdIl^(~uUq=$jTxmNFl<)4cvKX#Xc^G4&i?YdI%Km!H5FbwSg_0f_m})1h#fW2u z#zeGnd}1mYA(8S}~`?S9G@Lmrfwt>YVg9jWF2sh_7V&&nkN6 zGqlb?5>#jy!l_-}04v{r8_(=4@;V{XwE?7kABrnF9*r{_z&^PGyM)&^J_K#;W>*3iRD!kd`n@k2op z;Yo)8I_=SXeaspELU`7*ow{&F?1uZNp>l{9l>w|CQtS!aCh!MOFPXAQ{L1-12XEky zP^=VL`&8^`>&MhoktBna&4;``ad?8uW)YbiF(H^QAY@V(&TpPUvNau;opaVYx}55W z0s>QmJK*E~j*P|EcAmPGSEpL;MBW>Rl8pip(=g#B>BbeE`%O-zhvqv9#9If+v4hHMn$pZogiWnFHdo zKJ0J8$^}Pa zLv0sJsNK8T&ixlw0*93OgosmUqwLZgk|j#^Ao`*t^~h@cb5>f~ii@=va~Vq@I9}U~ zay}zvd6k%iP882C($RhtF4#`X`=PPz`j$)S`8 zj+~vDBvod1`dynRqaB4CAuXpXCKOakNawqdZZ_9eHBh$c6;=lMx!`Kc`_Rqv1{Ux!#-_}qkBq^cm1t#sVARdjaQeEYJU0U!x~35U?Yx}|hkK`r8|DP2=b zoxi_ZrhLOKV8l493Bm?)Sb+N5k3>^w`*E^=PU4 z{#iBjoLW`&ld@%b@)bLzuT`{t&hPz^I>8tuZr7h!4plc6pZCILx1CLRlRJBwmDH|Xnq&@n_i*&EoiWyeF|UP`P+t~ z=Et&Y5d*@Rjyh?KDp-T*Vqc4CbtbItW<1s6_KD{1*r``Lx->TSBu?GNNz~?3`zd|Z z?Hv080!gK&ZL3^a67A~-5`4yx;j#0+Od`2Ec1KExFMU@{PeTKN@b%4qY6sKMV6u>L z=&A(7%fozq`IsQA#^49r!phvZF>Le9EN$D)32Y4ildJf1JuHjk_h00ZU(x@hZvN9f z$p1w?{TI0HKl!wmj$aPnW*#XvhzL#!3P3yslJ`Fy{+}En|F6=Ck%{5Iywpb(Mj1&B zH8w1v# z#B7~WhR!&ndIsBUe2P5C-~~uaH-d+3^Xlkd@@^wx;2}0IYouOweZL`le1s6}o(^8m*eIB;~ktWPYkVno3+%WPub>&-sHL;@&V3{P`+w=zKgV zu?@0Z>p5&{0VC^r5GLG3zu>pgzTTY@h5F+}wafN!Se)y}M=Ua1r`6iVDi@DehSfI4 zV;i<*0oJO@-neInH&`^C$F0!5yB?L)=ushyUSru9u$KZ>*eXCtQKzYJ+WI1!a~=SY zDQnJ41Exb96@Dy~xfec2e=uqK9kX=4U6d<&jnzhEOPaD;ib_MoI~__HQ@Rkn%bpBK zLH?z!YbO>5XN|Fxib2RvSkZQ0<%S9M_28dJh7c9^12Y78&{=Fi6`Zp7R9H>wiSIgT zdRS1D0o(DD;e%cwP)ZB3i{l|X@(#SwYkABHC>QdmL8^)!6)Gz|)4OCc(|!7{wO&H~ zjXb$#9L|ZF(lhjUinBoylMIVT^lAb6mj?>x+U~T=OZba8##3NaE2=VtO>IE&tH5?& z4YJ@SAJ~i8W5W>Rtsg_>_V!B0s3@Nb`r(H3euHKDduVVWV=Ep`?>fCNw}#oE?FcC(jRWol1T$eLHaABCES1)41Y$A7X!Lcr}#q zJtX{NL%VW%9AmeT^8@S)`(;}#0~eQbR#ZQZhrk7h(RygA=;YSZyz;z1Tf#TCux5jt zIHJV(ZRN>B`z*fUZH;%ahq66*$Zjj!<1c1-s{^@O5JzXK5D8*Pg9q{GrCe?8UNRN) zHoBt=*B)L{jNXqJ*tsv-+9v^1vSemVow~G3X*ZfUb#*2;YXibQAM()X1UDa>X>nI= zZD;6Gbkklu&mzo0<9b2dDO(*K54qnTA3A@RZwxG4a*g(+mkGcI!fN$UuXIX2+lW5B zSzvHgR7_Mtq~zkp8`;vDTG?8g>emnpw4zX_4bNL2ObguPa)obqIzmuuj`=wlRnu~s zvBM0XF9HJGXbVYEMU%t?A`%1N`1uNe#m{x<`VT9^g+kodqE!L!l>Y@I-_?*B_t!AZ^Am(SJ|M1svLolfy=7wYyg# z0-ITBWw`B1k7&|D(9n4L!g|FZZIKx4J zWYXjpltqje3cij!#HKi4sgiJN$SXdnaKEAnD86V5+VYW2g@P^}3+2BDiVSDfd`!(0 z#>UF(@gw$ZEL+@1Ntd;pLRxnUqD3|OuRf!>Wa*hTa#ADrXO~o@80E(P!Bs55(EB$Ghn>q0zs#@vc=qbk?TO zERPBo1=f94eQ&OnPDnPTIN+xx4Kh}ut6cr968QVBzOlVi-2|O20-jz3AEF15&<`+LSD0J|b6- zH$tcCZ&w5ps*%6tdwkcoMVG)=PRXKQ9qsbj)MFdNOpf=!71dD6DchPhX3)A8Qc_`F z;DRbCn;aG0o(wS86HY)8qn!*C33Li|`oc9$w>H8t(oWs0YP0>?@F_CQofotWnR_x0 zU1Q~C;;TFd8GFmK*+%7JoI|@}H z8$BZ%V7IwCEHJvyYrnvn^+Or|Q3H(3I1t z3y9+f{)rC;h(JdbX){1r{{t_83W)Lw)7<1@k<($Y)$z7mVtIMF_+oYYq_g|E6P#c0 zcQWq?i;>Cgrv21y<~Dm52XOyF5&|R;O|3dy9g*Hl&|W-Tvn2PVQyTZLRHQ`nuI5IYrp9ZDelndn*^n;0S7tJ=F> z;`GhV3sl;+4@3h09)-v8GTD~j&!{ASwr7mDLbi5^iX{{2=lf?bgIG>>LS?kv+yv?8 zr(A|PpKKE7$9SNjA=0v^OraubQDhS6`?%njae*a|p9%$5nda+~{?gdfKTZS2FP};-aoqgap)sdQHn&QtO#CFOa2FbF)?ZZ% zll}?yc1fbN_m2r<%y#Y6{AE(PJZ6cis8^-35jn*>Bj%(;>>%c(tJ(J%I4GD`7+q#F z-7~MpucmX&48a`As3a?+WC_e(KtG}7ic7;ph@Uu8Q6y-F&~$!jVp4>p2#O(PLrjLC z|FGBsMYIob8}j}iQifo-ydgz>Gz6I{VuCO;f>1TVQE;F*e)5neVS+f}3IZizhB!%+ zFlK_RaT`2PXNbg5F~Jv|nj!E#ozV=~o&w%Ov=@GkQr+Kw` z+F6Br>D$fRSV7tr_qO3ykMrj${d?W)mdl_R^enFL)S(F6AjB*}2$Aod_PNE~m!t8+ zm|iz^G89TQ5I6p3{IT~_AS-Qu$mC_Ra|u827=AsL8r@bxnoezTqlAg8ts-vFcJ2xk zleiJ1wDu;@B|0&_m6m~78Z0UON|@l0n5Iw2AI>(`dXyF3&dI%Xa_vB|L>lp>kT1!X z$Z6w*7Q%&WvX`}?(0X%1ue@hYQz1?)l;LF;3C^T~{&cX(1;9wOZHUeQld6${^-3Fz zX%`%=*noo;Pj%T{?grN6ekRB}DTTih6pPhS1aXzM{oUREnKjloAv(@lOjiwAq{N!( zs8!&~YNlUd^m)1srB-^ghdE=5Q||TxXDvg9b;hR0$Hzzh&!Q=$IWseKHIv4btY*A7Yz*$j`B*IJ6rr}$<~bO=`boW7F_2iE0k7PPEDQVg@O}Y zAv5*n5LE8wLZ(?zX(5Tk=4)AT^;XK#rIdjApoO(tjwIDW#5_O@GUWc?)b=ZidMbh)~BV0D}9vyil#@(aLdvH>87 zRrT6w&A1ni{tR?XrnuiLUs0`c&R>zD45^s|h#mEP+U7F|R8d-umuD*@BP&(B^pN1e zhMtfwZ=>wYKr!cU^{My%;ewCwB>V~Cjsk2PXcBIUR)vHd6bkbRTkG2!^MCHjYW>I-tBHUI%B1u<`9M7g{(idQ1yGpB5pz>};^z534#4_)cfFo9TXiek zGO@I2HITn`pZjaF^1LO{&G>qryyVCY2)@JDm8Xf^R0DwCk2i*M5xiStGS6h=^8D%I z6EGIX)n6sr;!4&2djM$D=v0$aZE>1W9x7@|eIX+BSTB3O?+IAR3H&}=KCew1={Q6Mz(e46l1c`ElF?C5PZQP8IrYb>L0=$KS*5`j zj^Ff_-i&-+u&kmk&l;E@Ym=luf>=@*E(DkT8#~jN^=Yf#$^4yzZUyy0BitrAykppA zUsOWV1!uCkimehkU$>@OI^PEvsEoW4>5@e{mVk>y1k*?b4aFanAuA|)fuc9~{`~y; zGK0$;8a9-YKCM{x#I*lFdn6vNN?Ka>{p7;Z;!iat4fx1PY&Psi!SzJWOm@o@s;QQW zjY5n@cEfO{mJl1u5*rgc1QapC{5+MKDBjgIkNe$FM9@6K9@>nD-Z2S$C`UA;%{zPQ}aTmQa=LKWlc1fb>@+0#l5Zt$9x?2u{^zysc@ z>+{o+c`87)1TqH^=MG>Ac!MsA_rQCn{hzaB<2WE&fH!W7M4^x_ELDaxZjE+uSGeMs z>j*SScg9K4oa4gx;rn#}U6ECsr$OH0`FfBZdngCG7xbp$ou4NIazF0WM#+sP8OvtX zDpfX%&5g{=4S(>J#x2*+r%~K$&%5WOb=C_;GEJg=Ae^3qRxp+jwA@%C82Ma8xMT{- z@{(1%U{fL^a!O{q6vcz?5UWYHx#Tk1<@hoA5T@ThuLOBKW7k0WUDI2GeDyFIvZIi; zc@F!I9(hgnIDLzA2F$oLD6U!tYGpX1tJgg>GFyOD=v|m;PzvoT%9jA^ebA0uAIfPb z++KpbcuAq6_Xeni^X^4+#h7h=+w*;39F z;itER_rlzw;l9rKO=IJ$Msh9*L2H+{#&$<44<9JJyobRNm^($T>Vx>Nrcd`0aF-{?m}4OT|I&>`{w8S5FvnPNK%IN;+MS(N1KY6RkJitXR9QI&DLMX?IYw zkIKIB-a;+Sc;d7cglct}pm352kV#);LAJ%5UgA%P@I=)yrkLqm5u-rls&(&~P28$0r?ilchm#Sp~#`JVG@N}p7Y zX|83aXJjQcBM?tV$;AGv>`^ZuS0tWOurgn-n^{={%92Qz*g|#SXDwLSiQIBGsee`ubrLe#YXKR~Xo9ALXadIw#9<#}pCo<8^Tv z%^X0r_I6I`cDve}qPyq%n|H-LoI+=-FVyYdZB7QVASC1q3F|n+&n#=O^$c}0fuUS_ znz{7RnxjjM@J!@n zZpL@@vaGPHVK<#DoUpZ!GTU_9MWJ#r&8M{t(Xx6KR%_A$|`a9s@Tn$8#a0h}tn z$1dvieCL%>p>1TUv00P@bCCL(u6`|%s0{v7P`|S1IhUUHZv*voub)XXi;0bvz`(sy zU4rOh*6r;zn$NY~6G1P2ZewfwxoU6>#=wRZH>t0&c<5Zq4{Nz<0;4=r}*CQ5lw%oEsRN8b#{@3$W zSzd12&+&LZM;{UKb*pFh9x_`(+I_EwROW&e6Eny8dKN&>{Vl&iEg-9!@If{%6`fWL^oQdeo%`Q>jeT@0CA!Y#hmdR8Zm0%SfF}NBCLP+ zG_<6clCW$u$8nYK1HgqO-xAY~tK^E-nt1HFRNL3}FcT}ixIUly7XUB6Z3~>u(uQxu zx62rrf~x(o@j6<~!ewL6-sEby2p+Y1D~-{otCf+|`^kiiNq%!wh}M}@7>d=BhSh;$ zM)FkjK>74R8xW6P%9RPQd<*cAT-Zqsv~J7Mbg~A?C}Miy0nKq;dHI2fIW291?W&d% zvu2Uw#Gr{evFHAa+wSWsACg=Vc-2R1(Q11!aH4BM5qdERa5WJhXQ1}2tsSDCd9obtdxfPEM)Au81)Gts#+>q+_?1ErZ)%TS9X<23+TNs|Bt%i?-d7v4?fQP z?%wh5`>?|c(3|N>Z(0Ri)>wL6u&8R;_4G1&8CcUShD;jOEy33F5rfpj8lUH$zN;D| z*@C-}pSxo0ngRZk80OXW#JB;vVn9bUTWsQjuwJI7T#a*fKfne~kN#6WuA{XBF9}_e zPbX{*f1!*d%nor*(#4=ureuhJFrz{!GIw{4t}J_Uk5d~0gIKxVxY;e!|IkaAKJ1y= zXy|3lA}2qfFXHXpU$Dtc$b6(hjd!_zk0(oQFnKg*Ivs3W*O@~p>1e8IP#vqK8u+dC z5oPHP-}b+SZN6*s|J}4z zeX-#R(mhOtq_L?hPhQtlR%(&C=$oh-4V7*Y#(MTw!i&$w*(+ql8FOfds4o{&SAv)P>sBONbbvzCoy+4dfuLDEz|;^n@i5k%t7=5NO1@G#r#Lbz3iA z4(Ex`X}GUWef%0;Aa@tlWsb-zs)!5%L`kwn1_I~vx($C6+LbUHg7@)38$G(yH~3Sy zoK&}*LL$wOZRE} zXgAtx$?Oj)PTq~oQ1|7|_KnLet>2evZpOQe@9ypCH5)WJ3yL8X* zii{NcdlXPUPyy)U!*PcXE`2sH6rY#3+x4m>w2`&-IYO|*KQl^IzDaL`ejk5VDMiHI zHmTlW5DSERc-^);(jbLn9!w3I`3H1*ZMUQ7h(~3%zO-*(cjh${q_wGz9xy4}xg6U& z9ot0+F?>|UzH7?^yn^ZWmQ@@?RJIU*w6rVIcd1WQ*`kVL4w~Dy5Ci0=QX(>~+Mnt( z^hQr3-cz(Kgh+Zbs1WYjLrR88wrUE&{dj0hiB~y^ zOfP$=JTV<~b%cZsd5n8-Xzfx{j<2_O>q{xzr)o=71#6L5o~S;Ma2w>Xzs5bIMr2-k zxWIo46{O5jo_Ua?O$4n7{f9r1N}jg~bOWp#@H+5?e^~yHGdd@bihy7_D(7S{`nZOM zyegzmDkLcSdUO;;l~QQBSH`I#%bk*a_CJWVn}S@XufvYvHlp|Vsg#G*ZC&Hq&8TY` z9ca<{A2I~sFvBB23?hg8w8avFrBCYIL)0sMLYSN8OdUw&G7@9V?2oU0xkY_x%!TByaCUkrnSfl z<>0Qt0=T_HhtZ+&KaXdF9_-JYb@t_+sN`U7`_7L1NCbH?^f$Z4iAj4Hviu_H$*M|K ze>QhWclCl=Fg*!#Vgc3od~t#eK0sZ`5Eb81C@XZ0hd!ER4#DLqQ#_+5N^@s>lpU{w zn9K%!+(UkiACW&~-;~FqUS*wiobi{k9Ao8MAHzz_Bi@Vl+703nvxiQ@W^(z0bZ@rI z&+w~FX>xPROR=0;fJhCYA6oV3k+}GQPY-#}Sl<}pQQJSyb&f`Iv6L}Iea0*o;T==* z&OGwy&1HgzmtvL9g4n6&Fkm+2hl{e<-vU7!`Vs5STHSHpqLUukE*lvvSuPpt`VVt- z2}1)-s=59FfA6}NMzfoDy;2Pgkq0ar;bCcRh_q*HuSn5D1b8nOLOx>LIW=16sQbEL zKzj8PX?jnbGn{RSHVo>|pxu9V(n`YSfL)SSOFwVp^!jIW*x9~uG1+Y@p!ZR5P<#GZ zu-iU74F@tch8>11Ia-1?M^5$I(Ftxxayob+G7p!6=Sq;A^GQRz0 zQA;rM+kjXX14?v)Rx9~|#S31`$$3U3YATwimCaebrrt5zE8*BR{-PV&!dg7Ux-pFtV3nPoNK7|3&xo-du|SQZaX)*BE#WAt!vzZk2;)Of;FUKVv$lJd9jxf*C-^SBTNW#}{j z=?8ozj8;UcvtoHGR!au88$$sU!mM?A{cz~SAEKrGine2#8TDFKDGFgSElP{6XxB^! z5YT-}N-aE)Ox^#Qt6@@{*==c0m8JR#=_Y>~r@`oa4{SIpn3v#~A^uZ>e89X1%68i% z5hVh8W~#vcSW7T>#h>NR1{8#_BuyaHZ;t&Nx78%D_&1nAg59(wb5k0md}H#N#ptL{ zY&zDt8pzSYNK0j;#d(F7S)Y@>2S^q;UzlG%8b;#0spn{5CR`5Jk9T8NDUV ztK~X)87Wxdp!=lgb3d#`4SkiWav4ItiwtcUq}v+dHd%b#!Y<`syVJ)~6gPm&A}uyS zbt>|r_vXuH;$B;DGdTcL^4MMU+!(q1#~m2b#%1gIL+4T4$bB~eO)yn&dKZqv+x~7b zL-W>53xLYz!Zay`?g>}!BiyIayPH1)xS6<}Y3m$kcsD{jD6y%%@**aeOMnB*Hcp_~ zYw@RVz1o64zEVkR_*Pz6Xh*DeAM#x}46i8QKbi&|vKW}6=)v{T$D?#p@Tb@(;^tTAg zT$b`gIG~oj%Mo~u@E5SfIu%!EeN(7a%Z8;@&6(0mt4q=+vwbw~OP4RYB3>3}*s6Ju zr+6%Cst?#-VRmm(FOTs@NoCmgZ^<5rF7pzLB_zmR5Usn{I1bMTM*dJeP-_6CBl>P! z28=|{-c_PHC-R*yVGJn=9V`I^qY? zrzfL7=YW%@pP8!=niz$hntqUdaMthK*Gj<>^EjCGuOQ8O&-tWeynW{ZzN_mGarwXI z<^WAajXf9L(`dmxOoIFirW>5+F&_uK=f(Ba9gV{lu*x*?=BR~lLd$|zQ49!f+zt8e z>a`<`e0g(rp&22q`a_prs;|UlaL#|Uy|EWwY!?~`Z)OkwZTwH^#wyGXYv%9Cl`93e0b2MR` zbM$SeWhS5@VuSROTWcBq>Q{5U`PXHSuaMO_OX4Mv{8Y{EM+Y}WfJcHyre@rS?-y4c zFm>_%hdGsR9HHr7>`TpB|3<5oM|u9iT8{f~+I`jA@Vpbz;#o%0a!6CyEwN!CIeJ{+ z`&z?LCLN>RO1tckVk1NL~~N z9|-ip^DlEnnvU!e->6&U+3g{K`OonB%eo{X-g9&~pDz`Ry-@PD)RY(Ls= z?YcNU6}718W;N%C9+O9kw|>AjRXci>LQYLx9M^6bl{pgY`{wv8i?P&QP;O35=_8};^Hy-FU2aVpWFscb{$EARZJ(QT zv`)wlgSc;K_b;a<9Fk;%F5OK6RicLc4m)#ud{L&8&nH*?i;d1FpoblBIbFlV*+7@< za#wNGk<3uy+J~7YPr2q(=7mkC%g23(=Dsi$jBre#`F5>1m|!6!Cb2Te@?n&AlE1ok zc&z%38yMHV#R6ZD!{(GPQiHD*}t54r8YB$g2{kFW@(FuZbnD%e;*9&@H1@A_i(45P#Eg; zMgXp;q!~f0Pu^65HB4AqvFd3EbuBO|EgDDBu5MVQRt(Q0~5q5$?lpvO=HXNdxG0j+o|GiBbh zcwk!}fh-AwUqe$OwGG^E4Tk4+dQtfnlEEDPJp6Ev3HMO9 zwZv*R=2H4z%NMhFopOTuUnqIDEFs~JfLAi#Y?73D4f%ocIbF1t?VJpGW6`Y{ zn_Ds*p_XhMC|p7|(Og1JQPFWHQCb1-i~;+LYLhg%xd9dp$m9DLWM@;DrWSc2pzsxD zN(L_0fTt&(?#ynNY;(1PFJ`C8#Tg&7cL(hmIs_-3=j^N={5y^58qh0^#{Mv7>PL0$ z?B&eIyu6hyxQvYNG7n$j1@of_`vaGUyWTj%*`N9jIHJbPKZHht2B97e>8d1wL@iAe z+cj(Yrip`0h?n&t{<;rNgIU zj3+m=u}EX}M;oI0Eoh$HnK46!f^m_uZ)1@b!=BwqlSkdB{wcB$)*moz6S#~qTW}x^ zM1l?~&S$ZwDOsM9ByCkDCsm5>`G0QvCF_nJg@izke?Ph{HS`a=M0Mrkh%g-(qh zW~TWEvpi!(UDRQwNofsp1O6<+OjKPHzQMv;ogHGjLWuFOYcS;B#aadg{OWu%R6(%* z^4TtbcF8?KPU+N4kDxU3;jWV7 z662jD>xD)DZ2~wbkf;IEpp{V9*+3Zn94u6zrF{ITJ;A7Q*8UW-6miV_dcP8fV|zIz zAmWgNJ2*>WsZ1oG-xP4cxqJX-Xdt6i_vS(|TEkc<2%x%p*06zmS^`k{Fw+oaW<-1g z0Vz0o?M(PJIX;v$Jv`Fkd+!!X+MciaLaYmf;pHdOXAg-;@Yk8B!*j!S&M$7=e^`8H zZ9Spr1O2Y-q4%_296aotFMD@aS3-B~2lIw5U1>bkM-gMX6_4i&ymu}3PyGhu+uYZXM5l1W;$M%ev2Ql zY;PFSTQS8)T4ED@uYSb)GklIk(S_!OAz%OFhrgfq7fud5I@-H3xHmo2QG6p&&|NEF zc@Vj~0CHx=%wGsyNpNCef8*+2+BZXIdYF+sga+h=%$$z2rv*5lw6LLVj()f_rlQ`h z6{~-EX7eXn9+~s+dRXP_Sl{cX^F5thKQ_z0$M#{Xw`ApN&~&tsVD#DBA&1{6Hv!ES!HnJLf;gR$$Y=W@L@dgva)nfglCk+37anD_DhJ7uVBF zd~X_ZxDg6v@ba0WtKC7)ukM~6&d?4l(#9b>Io(<=w+KcmZ1~_dnKzog4~LCi+1{N} zYEg+rIir*Od@*)S&W^Rb2|cq=@i?!UHNkITcYA)tr9Nryuy-@&8*ugr6f61%qgwkm z>0dWrC^yHE7&e%%?oO?u?Yl?L4lb@ozx58@ZvZ5&SV!)1auwK4B%S%24R*ya#NSnO zLlckXj2CYC@N&BesN8K^1rj?A5kuYDdQZ?HL0+@&)bD@OldnMt(-zV=?AR0k8MD~F>f#X#R;83Q_|{FNN1`$Qrz7gg<}2&fP`*4bQ)kGxeLP$NwmsTt2vT`(%6MBi%*2MPm!EHErF^+2Y4pTwcAs zFAWRp9QS$p_n)_^*dl{+b`Fu!)gJ!3&cZHlzCnmypQNcP zzS|Ufg*?YSz*DoiD=nBDzPQ{5Y4Ap$J((Pr>v}hHzuc|zw4)%s7^FK)`%8lYpHoe) zR?`Xtnzlzc1N}Fd76(z%$hyQk0{3E=;r>33u`&5`<#jC2yd1WKgmn*rMsO==w?w!} zqn}{5NKCa_0;HYOgL%P0FmByF1V> zJNG|be;2$nC{(|5xUXQ$e(zWi;&nf`7^Uax9%zn}o4*nUJ}R6kS+SJ9cII5BW38WP zgk)$WVz~gXZfdEGc|goUty`L+tvOI8F@$Zoz$KK4wScpJv=;fHTgn2iaDMi5arDga zFWqeRq|+pE$2idkG08p=H-ot3$`CQe!x(WE7`YPhX81#`8mRx<1##RbNW36T+~@3= zo6!cheG0;hk#r*g;l+44TmX?)Qv?h2_hvuOMuxm#Y=-lO5*SlGx}H)I8m7AX)d8?H z+dxx(TrT1B)tCaX+lAG&zYj9DiA)cx9hs*JuO!f@Jpteqahrm)ElH5>ay0rrC?JrFn zrmLL2Zm?O%yu~Gj89+PYXriDpPw3nx<(wOms^8S*%V7F4%dv{eHuF&^mui0G5V7d} zvSk-?`7nTl%s2%8>u;*4z4=J=n8Y|Vh3}aWGvtuMMX^=!SfA^u#h|09s=bLb&7@t? ztZs;^A$8`KO5(hjDB?%_#BWD?kM`adC^Wajb;~r;1j!F9!J`R8x@4$J3bc1fC_Nt>@5rPHrnbaY#^(`sbW zVd>Dg~o-k3yj=F{GQG=vz{6OKb$m&3y{Sl-pU!- zkqO|hVNlqEW1B`XQ!6RkO4=kl*#8A+p?DUvGV~xSyCys(1+0N?eDdqP+~;}*3Ms-@ zVF$1jCWsI5$?%Eoodd)h#}f#bE)vu|9q0Kv?h8{^3^nANzofwe>DFYc(?wg8AYdVi zI%`XU)6?RDY_Wag_ljxmFKF`KxS_wx(edTx;t6`89j-H8C4Odc1bVB+!hf{?m98Q! zBu`S=>nW+5?jnEnnwzZHm4z!Fqaw5)kSrZZ9z!%r$izhBst}LiQrZo17hAy^(Z!Hc zK@bL4MkxS?Ersj%rB)kdM!A=)4i7gj5|KtU7X%24hXv8I)ZIKrC&b^EXWUSiVNO97 zEjMuX^m;gX?$4?gPp;bm%sVp0#Lr6sOZVkHSDmo%&H*F0B6IDQ+UJhjS2V@=5l#Z~tk^ZxUyXzv;&M zvDlwJ8=Sq}VFhQqn(?cg))rpJ@!4yp*)$VMiVB}o5%psDT@NyzDRdNmm|aADae)?Q$^X2b9V zz~ISy4xKV!CuI=oKd(}SM=3ijQajGcl0KQn__mM!dM%&j zQMg2`Y${U8n^$Wkt^U-|E@%c8sx%MlHm4M(%3pJdmMx-5b4}&vFyzEy?xgQ$-+u41 z<-N~1+79-lhn5&pM(ggyFZ4Z+L6rM5<7wJ)>b>ApwJW-G|0j+WGb zM|$KRjOE!^1(-Ssh4fuqXe%s+9u&(6Nn@9Tw~+!j9;Ww_X!;JGbrdx{(xRbo*V~j6 zH&q7jfQaUvYyF^vcL6fa&}zLBly?U#?h)ol|LNUSU&}h|ngNMRAJuip`YM=XO+)oz z$n89kOrw|T#h{q#WI~eeV~U$QaKIa?>|i@PMA;!Uc2Lm0Nw)v(9u+$h z*?}T|jD0`tB&)or-qgWF3UwpaMIl+P>-+ zy3`%g7c$@AavK=mD4jh~?XXK5u9O3??EswvlWjkq1GsOj46Hc-g%d zcPQB%I5!zr-LBlWT!WCu&Z!BRQEvyDahdOH4>=c-*CpNf44He{B(3#p4>c9tOAlcu zqSmk3`ZCr|?;WlLrQUw8FG?MvYJa6V3=%zp)wu07)GykPHnJxd+0)G6T<3kkt8Lg1 z55ZHOR{>mu;4cl-x1HtLVDg+8Xpfi9y3u1TjR=@K8Mw|#4sprMt1bGI-p+H0v?Ws!OoN>`v|wrd?POt z@v7g~8~l{$J6k%N@s}A`<DVrpJ0WGmBOFTiJz(weDlE@3Bs)yQPIdJGs@^bRO_Q i(z=lU{;4}T8#p?og3S>jT_sxtuMAQfA^Z1mwxHDT2=3LYS%tRt|TTw z&&svOgvY7^`ND^i!Ch2L>c>_ofj|)q~M^apj@!G zARN1@#5{^PNj{vRcO@2)W&|-&HrAxmTE1apa(}}w)QY+!oJ4+=aJC<|opgt0!+HPp zO4`C)n(8#fy?`PEng7;4>jhhaCtTi2B`iQFUX+4f0MG;SSzb+STR8{991AHP2HRY7 zZF{>%u2iJu?~csIWlJH8ZQ=f9s2VL;jvctQz5$~BB zdSvlc3&)(3LsiaDunVp?Mu2Ebuc+a z`v|=@``aoRRrI1=FtZpBi|CGzwGBeEkUnr%>m$g`S_{pL4uN2m>#6lZIPoO(6$dEi zl-9>HX52m944akd;+<&5PJw9n?p1O=jv>Uu@izeH!@t{$NmStI=&ZrkFV+*{M z;Anf{WbT7+G!>FcMoiGEIWo)JJ{=KozZ6;_$S*S#V0FmNp+YlKM$DlU2U05)$yC_< zBvG@Rf`x=Lpn^cn>Xt1|U>$B|pfJ&wr6h0$402fRxx-m1Ku{cpN9Ptvr8)eT)3nC( z8GTbdP3JpgvaC^?S#!!i#d}&^Qo zEEJ0s-i$&Ni>XIJjuH0A^s)H<>JPm${VNGY>sSgWLMz3W9g^sv>1`{_LNP-3MP6GnU?US(A$!G zr*{r;>-vF0aT~4A48FYKx9UgwZ}e?^2fs%nn#spn$0nyJ1cLw+k4>qwRus*!LH2$b z3%!b+`@?5m*1;NAZ)t=i*T!g|V{|an|GjjU>bdym$;$55pcq*9<9F zB8_+sM~<8>NUx;Fc}h$5Oq)M30sZ%rFO~p;T&K#KdAZWpLzBR~c^GaI?nJ>tV$`hC z`tIcPcuw$+PMCN=skxc~&zsGAvSgrmE;%lVY6FY?V~}?Byxt1MJVc!{c{*Qfavwtl zv~!$TrnTuzf#Fy-uO2(zmPecs(SiLKECfBDFGUYvCH$Phqez=mcX0%IGivMmv53{I zv`JUxZ(?AbfGy*G2zBu?vd&;ziv&9P0S+eTwP4J&rpk2t4Ax zK>v}jTL4gXk73+4j?g!XU)+M1UyyLd=c1`PaSH#*;t1{yr=ee#Zi*80kq?%PDuSHS zjir-(1oF&QbCU-%ZjosfiqLNX^`Z0c_qZs@-D;(^pgGS6Can|)bBQl&G+T7-meGp& z+z@CZ?*BYkLmTncvd~7w@0hipc1?1OD!2|E1~T0s8^YR|)0VPq-6&dD{Okb#!%U-_ z@dpx%A}s6H5v!Vd_DoQ-tzF4}Ilf)?J836;jx{%NAPCBJk@w*6vP{9jfl zpv6)?jY>_OdvG}l75&0*_Uejfp%o@gi!*5mjDO({@DQX{_k0|d2q8({g;8ZMmf^KZ z(8eQ=Jw+d=FDEbX61|u&uPGee9f>xdN8_5+AFUqSfOLJt_>_xJ{AR$SMCZimNoRsvtU9>lv@P`IptfG&J0r2WR?KlE&pf?U(eA5DYdd zG^ouRn}t{{ox>}OALdqE&#V(8LH)W%Bl%v#FW_MOaxgMz(D%9n|>E^ zngMeK4Ih}P_g?gcp^U3Nhb-E&QobIE=r_m8_L}SXsBHY&YB83b-6sC@tnw;j#u5GP zA>Y&Wu!lb~8z%A+&^c0*0Hl^n^#7qqD z;P%E)vR9vRBci2QxKy9uxL1F7`-%R0_WhT8x8`{+t8*$E`Nom@PGr6UyAvF;Mv8fv zb@%~)Mh8q&pJ)emHy1+cwsfet1^IO3on=^!x*k|dq$U^5OXd|)h5UnD&8>l zZiyOm?P$jTey3@{UST41v7pySLc&SO#s}N$4<4$v-aZxzGFR6$BN?W3M7>H`G-D;@ z+|fUl6Lk>2cIO`*d4ILYr8C~ndMS+f7W!c9EmVo%8-uXv$i`ge z)TRI=U*4@(j;W>*XJ6|l|6|reoQzT0W?3fZoI~T08KNcUid`3>F9s56jDIehhH~DL zmVdeVLIn-LouP{15f*_?MnIu8iFI%V>pxGK?t&KUE!G8Dro^tX^@%VvfDX0c>u!r= zsHSPOSR}|CD^2Jo{lFbNE}AWa>MC2#p9^sdS`4hIbP^xc2+W6mdgLd`p!<*oswc9! z<3yp_IQXnucC=EM2L6w$s9?3wr-6{dETpRbi5K0|OJ{V1KF6R*a5u(|=#EDKPbsGC zusmCZ_-Kfq`=0*(+JV7%6O5$gU=i{Z&Ps^)WjO7I048XBT76Tuu4AJKlOdF3OWl0^ zLlAnwk4mZn0Ud6wgFktG^;1hrK+lGEu#-@T&XCj^OSFzei-Bj$<)iLP=J`ZhXkME4 zVFeM)TA3@A$Np(^huLCQl?m@xdyUb=FBfC~+jggKf<=@|kzGl^>zzHp5^*gdx`xOY z98<&1+#onfbgStTfhG${*pS58pXYJr-l`k|ZW;}P&nhGNTn^cE+8#1N3SK8+LM4-F zxy9~3m1CAABCk4-zYKVFp9zV((mHhZJ98h3SrW>3IBoiWA2j9ZT1BzjqPN-42UN^b zzG?^99x)0a&+Fv&fP5Ti02>i)?OvlIxob(cjq`+*G519vYt%R-bj4xKFLia5XzKNoz>cXFQ;xnyy_7_|Zb zC_U9r=5Wv3--V$faO>gCPZ@8?goyQ?{aa#_e3;t83nG1x^6?h2a(6E~?-!%&a%a`w z<)>&ryz7W-3&^*G1X+B$ET9_|F=?k{2?2-6IbTx{1%_%Y>(g+*eE3MH7i)Ic8B$ue z)a@#f7*DwSdD{GZHX{}+RcHyyz6jigp}Sn4EpUQ1qa&dDs=JMPFZz3ARsN1#Gu;9ZN?-&v8xYY|$i`8?78t!7Ux@o;mIvkzX8)HH{}cTeT>dvw z{#U@t!ORBpf0Jy?{{ubQSpGNYIis(gj^FO=pMNYleJ^`+?4+}f**6iD%jJBiRg?@l zfp|Eb(DE-!G%70~p9UzFfo^3<^lwvqd^|(8m0O|GlqPI{UtY9$9_*Ll`|V0~Gh?sH z!PmxhCf6_L+i!DoU)}`UVfWYB#majyXZsukS) zbQ=&IP+!ZGh49@ME&C6ORQ_w}=oe_QrKH4~9jMvm>lbzaE+F@b3z9*NCd5#0FNa=ng1rBN;P>Y0UNFG*1HYHD z6?HK8r{n%w@ZK3o0a)G;)LUWzWBg0JwpR1UEjr#fQR7GvSe9)wV#)Q(z6V|ySlOL$ zk35YRcM0Wgq+$hNoi*3*DS~ZR)Xs$^NhIpuD6cHVF3=L%EinKjKr+?l_?uA~H=5!O zJck#vBQekYlgQU6ZRb7+DqA)cB^ypK$DFIVLP2ETT1x+pO3j*9TD+XTc&iWP6nfydudL*wdahwMe4Zr!s+cq0J ztY5dRPf@C#DbeY(EC73DAinIiC-(*;Kpp5O16QQX{YUdOvMuw&n-+OY`KQ36YMB?r zJ{psRZ4czGJ4=g+`lw00*g^GYHhUo>&cKFqzm4d1K69x;JBDm3aiFDCvpw#HQI}Ld z7Vt*D`UhRAwVdO0%mtAY$B=)LVe4rM`F#{ie7e?IlLkJi6~?PkBJPXOl!p}^YI=1N zJj#+c4@hAwBIN1KbdD8~!9$?oU^6mkxusGC=|$0XmrPGW!+3?Bh-*NP_sh)^z8l zY0g+1wce$@Tqi5=X3&ztmR@R{LX7Gv38hQvfY%(wB47RE!TM81XkN-UPIJ_&i`FDv zqO2#oKOg+ww=B&Pu!PYZW`Cn2=1C8(50kxHYui%o!Qq!C0&w9~FcspBQOH~3{O`bx z;M`ksmI{-^M)EtsTTG;6i**zqMH@zIh_8h4lnzb4q~HOOv&r0}HM?kkw}9&(Re4`y z{%j6d%bYD&4KAb#9^}$94C1*6o7sED)=y;xitKC3XRM2ZSaT=@{&2vK-wr^A72QRQ zb0_+fJfQtSPXt4-j6y>mjPpZGw02ZNC9NhUlXh#rRMBA6n7dm1`jIfe=qoSNx`p@U)1G)R8E>aa6T|(j0s&d^^fvk4v$~d}(q7t|7&f`;G871kfT}*nE0b%(_+=Zu8mCwed z0#u~H=&NX%L8%{UwjJrr+TSj958l)$vUw~K5pJ!(B1hl=C&cnOTq1zYYxYJa==G2A zx|1hze$hO*9aCbd6MQ;=V~cxEc!Z{E=po zs1V&$wX7N`5}HmkDmJ}%r8w^Nw{_e_<|)V8{;MBR)tXF1vD8?ygWoRRliw$(9E9jb z8Svl{wL@8%ci*A&r=98&(l$bh3`+(*46;2_gm!sB2vtJ%i~`t80l}F%%%CAqC-=yu zgm)aH&k{B3F%VEr>qs1ZVs`j-&#{%P%@_gioZ)V}97A)SeI-%?3}0`RZe!n-R0C|K zP0M0)Kz2oRb-o|A*wkZ9=Rt`{1-lt4B00#Vc1oS#v%B>nqD*=g14U%WUJ*u6R5W)5 zcURnhD*ufIQhDKI3}=p?C1X#F$LZHpynqQ0q>|f9O!zS)4&?DZ4`ggpG9pp1>;Dra z*Ju|Uj7tn}CkmB2$DdJxaR(mQ5yP;1iabksmG7e5Ye;${B8UCNqMKos#T>)<2g!sI z1W@T_cOKJ3x?CiVcZ}Odd9?>eX+w;Oz5>JEnYx1x(iM1-7c-M^GRg&3iZy*xf5+@) zN$bn{<@b}+=71T3W&=2;F9V~yB)J+ktQv6^aO1u}!_{xKm15nJmk{X+(mbBIJ+1S) zD^zAsaBm9>&sQ6cq{l0|BFk!!K{W;yW85bCKnfgRN`QeNXvPR<$P=*CqpCGi5?mAx zs1}~vm!(Ct&$w?uB&bAl6A8CXzGsD0PK`*5zQb3hQ~b_qS1G*MGBtlT40cz#ET;w$igK=M-%!+5X%lYyW!5C-G4qLaomiAY zMtWsn!|X_|M>OimSTg%8h1FK9;j z#fOk3?C&sD?Oj&u*pLi0AbDJj9+092Kmp=PQd9J5N>d4wHk|w`ymbYjMa|mI8A`N?fLGJ*>H&TUh4*h_kRZ5&BNoLi*@;u{ zJUNM#?Vv)gD~uH2(4XjWzGO__pyk!3pHvE7YdZjY9-i907N0>KlM6=|G4&0OV*WH2 zYWLb~A{#6+WnV$0+z_EGs^Qx~OSA>H?rqDl9scc>o~aznf4sPn^{DU8Sxv(&h%gK<1ZLKz-G&S$RD1<#UARaZ?mZ=Lwm8!2Yc< zun>W=$N0P`6!@A6QE05c@63Fz=vefWJyudYYj#xlaEp%|xVxNkO%!iO8dCUb9+H<3MFqO@+b$dk6F6 z{j)Q~)B6TVK0jYwD^9umm$*qfnRZzO)%X|wCk0|5YET-@iAdqle+>fv$MIf@9{zD(m%D*L*cco%%$@CT<3L7v~tNqyXf1> z4kgeuJ~TNFUaTW6v$2@6yq_AAno%mH*KTRK4yZ>%Op}t?qouY{oli=5yX9)FU9r+LLGZQS&CViDgy+!rcS$B`(lmigRd9M9TH(AyWJfQve6tx1`{Mv>>PG?K4XCFF+1&USbx^ad2l ziIOZcgINnSiA@XqDWKb)*{K4bL3v>vIv` z9;K6N`0yJwHy#H4;r8Zj%D4c=t?At{@lUXyf6{#>!c)j=-D^V8WNOeoX_Mtjz7e5L z;F}P)Kv3c{u+>^Mj}gg`DX*bwvlZ@R@=I(G5>r`3b*{5wK8j0yqA|)2Cc2bbTb>bO zX1~|gYE?%kDLO#8q<^{`2&}sxv(+LH)uUGyprGnUR&pj24=1CQUhGGS2sf)3(qp!< zME=j1jUgzi-*J-Ux`yS$8d>GT1$Wl>d1z1mQ0@6-sCQW z@~m?lS*E5->j91 z`u%h$T5MjRIJwgqV?aVzP2WVhIjFcW)7QqGX)tkDiJTN&Jw@D`cEDIwoZ)9Oo>d}rS`e089IfbWFx-5+wbcTi=$Ra5dqJG-hOo3X=hb()C(`1`&h7j~b{eZ;eVc)$8 zbC6>GDDkOfaHgRKM?8IMu{tD4#W7n6%_~_wjh{fD674Od`t2VHJ6fmro<+UkUd!$N zW|sdMO3d>Ui8KGwauQPmtI>{^CC)2o(b;G;Q(m(ORjqYzHp_QVE}rvpLe?Ch&M{+^ zr1rNHqCoL6J$5~o)Y&rOD}PE36CVneu0xbM#~PoO3vDhnobv4w{NEs_9vPySVirVU z=Cd!O-%D*XLOM29CigNZWaWTK;4D1>(ERKH(=Y?kzcCw!jn7AY^az+0aN(;C-1wiS zTYyZ(INs%I-Ig2TdL@1*AX&LSoF`asq(l4Sx#n$00&h)7L>b=t+x{;S|0+ZN5l^r( zT^K0*u{{MiRL)oZ(m28DO(^%4vr-9t2gLGHu2(*#C-YV5{N3ZE{KMbUU;(o94^rw{(s5cA@#MR}sru2~MUHK!#lB+}RduDmAoH*0ZYow~@{TPtYZ`yKZuGg<;9! zU?mJrOUF7mGAwS8!piV3(FX6I2a_WDwz%{HbAjYJePJ~;>DD|JWSVEAXy&8YkC$=| z>_+JKI!g%LfFd>yiISVR7U^>^AjvD z+)!@){TVkh_gcdVm+^yf3WD%eAHk{-&Quk*7!XxLafr!V{Ia zy;z9|7+*^yXY2kAYgn(fBo)I?{vQUWe7(PkTSaay00&`0KHnwZG@L9%K)qoT+JlKB=RxWW?INhH5(1yO?5*Tc|-1radk>)ri zfr@i`eF2|SjJ$)aO8 zF_g7mTkED59MmPo#E4<~Z&gP9(0^mHzn(Dv`(Qf61D1MDFek`8!ruK1rp@gB{%hrB zSk&&|>wStfGXIVtasw4I7{uy;Jk!$e;p^&>6Ge3BlI>*oN5T9bwXnV~P2C-IL zRAPnF4UMa_6kCm8o_Uvpbdhjk&$iH*5D!}=KS6nWq&l~(7PH%`(r$LxEwP(iSfPp8d{7Tpr+#nu3#Co%G@vBsNJE%t_*8}1f@OXu!9z#0ozzU%z z3ndb2BUAENX|wZFGFUoqV=~$4o%(4;ln>^3RXq9(1?#^JxOZcW@VA|2mBsk?_vYDS z2$e<+0+@x)>ZhR-u}ilqKYicOIL*rmGZwt$h)#2qY}I1%WrTeRsXPyLsv&S0$CJp9 zBZc%~(~-4u^*x0B;YoVTkjy=qQmrA_l)8VK`f;Igo>?GM{H+j0>0r_!x8wt|1Wm)~ z<3&th;shL^pF++UHCE#%-x%;mnai9!g18RWQ|{`(A(?KN6;|bWjfd$UXx-A^&KNYh zw}Vqn(xXFpE#_1icYM+{ShRK-Dp5L?wQL5=fMC*{H=Ur3^lzNg1?$r~Lm;w&XjF%NwBd76@q#zY~!lK8+PfkZwJ)a_Y5B>Vww-d^Sl=!ewmzqR9x>+8%OC z!dHx4w3!0mDQn$+Fun^yYVH-jY2efs2*BSSDQ1Cl))5*&)d~ih0_-ZLT5(JhCj)B695UI!DA#I@*32M)%3DjWor#lQ*irX)bElUOPaqkw@ zM-o%8%C2+-Gr^P6KY2O~5X#mDCB+%_;$p08k2r1@aGG&9uO(g+e{Ni4sRPgJ100`d z&h9~TvlERF3K7Y*(0x}Eylyb}0>{#N7U2)cYLPfz2-M?)BKNayBet1l5V^jxa)}vq zIt9MiS5<^zES1h55b^CAebn>M^*q<^s_`Bd=Wc81j`y4K*a|t-(zL9N&i|#gE+BPV z{T%G)YM*Tlp#g$fiY*j0pYl@y#kqV{7!rLuS>d<*XM+}3Y)|8fWw*NOZ>j2hg*N>K z2AnZgcPV;31bKU31zW9H*>;T-?FiGnMH>7Gv)pjwlB7fHH$GrWv9^?@!s{8ADJSz` zzcUNLIJ(5_n5=t+fK@~LiFB!ex?Pc#ZOpJ6&Y|qW&JolRKSP@Nb+^g7fz)DDo;e z{*_LR$C>Rl(~dhivCe$uHfayt>^a9H3Dh!gLTJZ1QPTS56Qk-eUboBa@fVE1h;3Wn zl%VaFN#6boMElz26JlErc|am%6b9!T$8~}8i9$MyCyfGbX?GQ}c;u*t#m~XjFK`+7 z81nxR75^+8DW|8t&YJtB0TWaO5MYVI&pNsZ9A zye9Lg>h79OUPIJNDngSc(~Qs&|9QS~0AhuQW8!NWR;xnU(*46XXoM5n>+1*n^r#@` zLV4HszL$Qh(EDK!wli}ecI6NGyPfmpOJY6D@O$~NbCd0gW&XsVut06;amJ{)cA)Re6!0Rg+kKol^-mQeDmY_H{PZ7Wd`U%g8A~P8>_%zIkm%u z1CGgZ?)?K&E!qkxj?kBB7Ztsm*hD|FgKWA$o~sJ&DPG-23}Eh=fds+p zO`x*w*x|7;oEEttkFHOQH2m7DgaFY%r?FQH)2HCr>B0e1NOdPS8wBgUdexbct7jV3 z3Y~3C=YTV&5lfG<@{=8D#HJ*-J=uTQv>2PUW)fQ{{(HJt$1~nAe>0Mcp|0TPf8^ADtLGrZ`F<1$>@b+TBWd#}8aV-OL%tby}LxQKv7Md3^XW zp!6#Lj&8UdUMtDc+&e5^gim=zcj%%A72f$#yDCM6dGR$?>~0Q zwX8o|f~*+8XCA;r4|cRF%No=LA8YxGGaxw_7r({HfP?RG2fp|S(M1jUQBOnawh+UV z+|;DAD9-X{Kg9n40s`op?1Eoxy^1Z+i=TzPoefk@mmX4zRqlRI z+j}6P&YAb`I67-T`E_8&WzmW{Uuu~i^Y|rwIGoF+D}@Hz8GpL z4@2(K1U)uH++y%`RNziOu&w#JEj1cyMX}3y`oDcW2B0L=opt4HQ@u5D46Mt1{mHWl zLJ#rnmfG2cC$1_dy6NxK1iM7qZ zyEB^g1j#ia8?IC>DsO03YGQ^H$I0_0HRPU>q0Z`8j1H%!oInyA6q!_v{u-H45iV-M z@esF!EpWVHn}jo0;n=fp#iMy)QwF8>vVWzMQEBEa1VY4n8e3x$xLJ5r1nD953RWY zA$I?=q7GsLNIewZ6Ub+sna6L&p3Vj}9wtFa^Kf;s&5H_}CTt6}c?se$GOiv@3=m!d zKxtqFC$NP|5#ejxl4}BmtYD0Sqfyq6aSkdgQuphi2JL&K@NoR}grRZ<5Xo=*GG`8_ z4u`zYmpUD^9HF-2Kmjh<2G!bdmb`mCm>bNm@Fr7x5f9e7@&;Nc*W-3(=fDC)UYcZo z#FmKV%X@If?#*F4^iM0d(_{J&rzBXS{kL@P<@Cs(vj6Otua~6bxG~?_%*qYUq6)dp z%IS>j-A4IO946AfIi)xqITpy3;_=U;93LG|&OJXcMaSwoJR#pDsmA0^+4M z7{pcQdXP~cig{+JQ-b--wf7+*DMYK(L?+Kqb}msETWXU{cY{Gi>jlpNIkYO( zheN=^WqNwfCcKzg9(}b#;eYYh0+Iv5=ms1CwK04$vdpLS%Yo71X0#xDK_olFse(#{ z@6eTyB6b77&g|tKl*GEOoB5Ywj5p7u_!!ec=9s;eyLdQop#`n9o#fFwHLFYAv;R>k zGLwnUZnxF5E~2+s;$vJc6722dLohj%VtT`qI`(rLG*R}zM7CElMLTz6Lo&st1I)Lm zBZzQ?LZva!+Gz%*()r7(iJmPhYpWKf{{>Wl68WfBNzllMM4nZ7vE(otGoXIy_6B*yC5G#&@Gf`S%qQz>Z|8(=?M3{H+r#PZhS zXoeQMFG&o@E$%3L{DW0vW;_O^8T~=z5)0;sN@~aWAs{@98zMv@O|g!C^9%Ko8j9U= zs16!|Hs!6t=nNxGT44RKr=zGIgSY4BnkvnMMYMb;cLCR^)y(Y7yc-kzV8~XGn_KUU zw^zTOGPLG(W@3+&hb&aEyqAC?7`oSfyW(>no4F(r;XYPvFl%1uldxy0tOi&=3&vq) z3gdB>w^T->WLkr-lCB@LeZBdcV`@&9X)th0_hkZ8i>58U6OA5b&3B5HQY?gbb2Tz$ z>!+P;kunO&`-La4vVZ}5;&UA`Y&hB3#t*LQr0e|I2d}1KWf7tUh5Z#!&Mz=k0gB+& zpcNX^JV?6c+VmYCewH;WMN7syqk-4PmO+6+z-?k)7(Da!pzsDmm)Jf~QP%83ZVzrH zfo@B4F&R5iYz60P$gNt^ARfxg!v=~oO1tNx3L=a$j^rVHKx&66b^`BTx17k@r)(^4 zwf4Ap6Tjg`1dQNZJ<|F95Umf!qVTy=@dwO3(_0Gmqw{cb{&SDfi$jMlDzQ+agteFX4HEiMT{bTTioDff*<) z0zhpFDyce3!+?Gp{UAj74@_o)740@&r<&fA-c)X}R?w=9+8tXLZ6tnthf6)hV!@?s z{+unKc^GXCvU_yL{wXBQ5zXBP+n0o&g;$6uM}k8n-BEx#EES58+sP2loFsfW$Su1@ zuMzqsZx|~d&6v2*y-nM_6~3U=1}HN;d)zD%s?osbMP{GXZHzQyOkvkZ& zd|FVKRfzvWZMsjfkUWv(q0A&c*~ujrZl+pykGFz|FBOianGiETuV5$XRcRdv07>KN zf7EXG-W397Nf<>$m8+3b$8S`@c^T!GCEe4aS(3a2MF<((tAOc_+q=6W!*F5SEdI}m z#_E`+QDf+1?49JeW-XhTpiVNw>1u*C2iet4k=I*d5(oUO6a)s>#2lrroyg z)V|1HsPfHuM)}+&Spd~9_EoSkY;Tsn)|OVHDx)ACmZMt1z_65u_9?#S_kJB-LDGwd z>sN}c^{;#v;oxno+gEz1N2Pxaxo8F>=NQ55G&hHN3J)l+qk|Vd5;`CG)dT%7_P5dMC zQ2-@g7%7R*RU+6m<}+aQC4V<+}2GSeG*M`{^8u31midg##I!kyl*byN05H5;-fCY;OH&AZcu%FoiJ&_=VJfLox zs!zm|TFTV<)0r!XM(!toXrwrG2Jikcuj*C@wH<>j{M><$l=RPh^ao$(b$huvucSU)z?5IF&K2d6spH>TL96=q+oKb=f!F#^`M3T=(uO-UGWmv! zcsjw7^0*j4KV%xxfUtE@Bo-O;UJ$8IlQg?Fq!aa&>F4YBK=B^r0|x$~K8BYov6a|8$)@2yzs_-K)(0U9MWWpjd2c3y zjEyfUAb!(<{TN+f(ZCVNEfQB*E;mxc+pMXBN0NQCWY5?W%QTX*a!y(HFIJjN@TX!~ z8(W?p-G&#-|MJHS!cE1xTjeKJ4n-$$?Gok=WNu~Km5X$vtZAP3CgI&k_nm6gAyhQ8 z=l+2Mk-KlHJiDn}H&#n^M;M}+Eg)LVIlp!{Kdn$4?|hrPNV$Fn12Ap;9=j`^=)m_` zL0E!y-4JKm9(j712t#HgOSfp;K7sW!SXfC)+f?Q#HKs>G7LE;>A?cAicAGQ0vuwE* z`TyejRt3XX?z)(M%GcF6e;`9E4SM7m1QE@paXX;#+=oa9$NjxDV=A^RfajTnSK z`4W^>^o3&u-)KYUA7!o2?z&wMcDnR-B9#CfL26j6&vitY#fNTjs{7dl#g0bX1-z&+- z&`tC9doXlbAtDEI3WydgjngPnpNEQk$khObwF|KIuetU=pbz=h(CQ~SR zX6p>SN+hM&skXb*X-=&>kkp5P=j1+TzX8X^B544$a z{EjPtJP^k?uO`qtzQrY0vV2VBO+CJ+1Y+&81_+0-R-0Y1?ybe0?mR>0blkdOL-IfY zHOE=YTjN~tCB+R9f>n9Pp)(JZjIYaSddE7XZR+$iP;J6n;7|Mv{|?S_qW+638%wvu z4ap@P5FkLG&iw|-rJ>8HUl#hCv;0vU3AZQjaWJbZAu09miZ})~uotb<%SMG06B1^c z*S74niPOmsOjb#hCIlph1O{v{cqgh0y`Y=mUIn}@>}M^{oZ}ssaNu5O7OD8^C4|#n$mPG?#}1Q z2f_)f1D0PRQSY*3?uOZ^Ybd)E-_k~T?C1-NX;YODkl2X)|7qgXyw^9 zw6|Gn7SD1vt=p7-uM7IW{d20#E{Wmom%!ZD{tHumFPmk>1eC73;#;u2YwgpvKlzgg zpN0y~#9Cn&V;v#k+ob$ZzQc8K$RPK0VV~o`%`OLRiKkfhFr&W2>%#Omz;^F)M6|rNN zcsV_|JBn<7-Ln*~9p@B#d4;L|eR`1qen4B314H*!yFB|{PJnV}6?gN#n7%$aYBsdH z6~@9ZZnv1Q#)rT%40C@w;lZ;1(|xKpRfrZciy00yh#TOWAZ26~KjCL_0tffEaPhWcH?~a&e3MyN|dVThT z-+^wa{HQY^g7z47`TG^1N`&LwQXAtFMXJ-ZK2%$`1!N9d>_v%o=J?9T@3~|a<>ATf z7*{Q~J#Q19oa#*fuXX9S+cbel7+(Iii zZ0js`>dizikXlbD_FANt@uKnhHw0%z{HYSd4t1E28naKBS@0Ixw%3PX>xACW3;8ia zbWbH^LP6;amm_MlYXw;88C{S_Ps-pbTz6da>&N4@Cj#G`G^7(U_w#$b6abE1BM|)?ir-w)i6W2q zj|V1(Y&=_3TDnx&lI%{_%B#k27@8*Xv~~Y}IWdDMgK}uA*WA*m1Z+hLJAnP9|8{rs ze$EM2HT>hwiTXc`eM697(Sl{#wr$(CZQHhO+p4r#Y1_7K+nH0pCpso#dehstyo-0w zJ)HI*{I#F?aU-)FA^UZ7ZGFE0GQ;eS6n2@&oE~0mdTQU2fR&c)zUP9G>zE$iUU%1a zr2{K!W_RSyx$TM%uHWR(xg9EqSu*?_Wr>;pxUN(8M_bsqX6Jw#ptNoM1(%-0ka5}k z?ayyU6|?Uh{_`Kz#J?wCTq?q1t1ZuI;C|h|{Y_s$RyyvVYQiu91xBq`FyWAqFup zd2R1_MSSq_W-X!yQo^cV589L@43I$Y=k9ioziaCso?PMvlpqTdt#@3)j2j51HU?PX zl0RlBtgy)|cn}g!|NfRW&AC?w08{-CR{9^ArbmWf9J{q{?P@jPo*<_M%$$N>Bg0{N z{X}5QyT~`AMX^@nHYskf!m$>b3gz&2Ruv-!NX~<^$uMkSB%&PQ1mH)Rs1h&=gfH0F zJ)Nv7iskh*0D>Wunqp4xV43CBS4en>ptbXFb2F7$L}vJpvRfNMEG!1e@n1 zNI+nNka=NE@}@SBh<4rA%RA=-TK$nh4CebUXg|H~5Gn!;N8VSFTZ_gEZ}0&mjvL0_ zm`fNkDFv~p@CZg`XV3~3;94xgmBgG%&><&qN)wHFT&qovyjZ^(MbHRX0{-;!oIN5W zsL3ztIb=Dz_)~dI2F8~ zuxi)$W180>D#ZA#j&j?_X@y%f7;yAT>{$6NrN3&|PDqT^9Uh-5t0l6hEJ z%P#t%Geo3KSUiwSdiC*&2eX8JyI$j=lgePgVO!%I|ChFIH@u8}dK)k-Oqc88i8yl1 zlqgzjGy%VTetuIFeIuP&vKT{YMDhGt4+NGI5_LX&qPoIMtKX@*9oNw22awd&@=Gez zxJ?VgfHW4t*el|G!|RN$Azr$*1(v%Sd!#{cgR*trQzqw8niuNQiAPSWV`NN#uAUn9JRbweSWErmZ zS?@`W6WK;zioB8_NiLRZZCD1HRMD%%z~qap{)Lmpu39xOD%#U3xK(6yEWnZcuZpw#q4ry?_7e`_lnpjX+&8DA(vbkM zC}ij3H4f(eiJA25pi?cHU1Jg-bVhN`A z!WUPClsn4aBe9rkJx`Ut1@{1uxIj3!pNKr0&wn^Dy+|Z|Dv2yN66NigfY(<3AjQeZ zmidH7i}nCd@i^SI;rUjG-r<@0;o(cjTM-H~hHhcmi)dl5?F25vmDtJU2i?YbX7`XT?v&%DtiQNrs(;4B*6{epFVf>xko&8bW)eNu=2&;@y z+L^T*`9@iwo95}i7uEu@WlC=n76LfFLa`o~e17keIk9R2#NE$oHVAvz{C(|dk_-YbK!D+GUrC2>&`cc4`` z)G%g*1u_Bs-M?=i7}K^?I2Fi(nBfE42ehauA>=L)5J@SD$w9#)E0X*3XF&uL2ki9i z?vn)ts3`p@Q%aKxFhR_S_nH8}{b&w~B?F6wLy00l@BxDh8ikHCx>VSmbm2q}s0P9r zJOquA6QDpSko)3Uz@i&vz8JOUAsLyHSL8f#4J}-f`T#;%ux^pzBZN*))rRa7hY=*G zecn3GPziD7zKIPFL-3@{_A~l1x|eRPKlsOSp6M`7Y(9}-03wL>Vb!2qQ2D^`5P>!X zwt#3l2#DKSAQVD*9%V)V>uvxAk^(MOQm`hF0`6+zk%ff-;C2B-SEgHUSdBYD#B#L( zRdJl74A*^cNODShkgh+V72sy~lf+~XzH^0b0S-vR#TOeq%QGrH@gGUPOQ}evIKMc) z4GTRa6n;g+eJZr;O=IvcW>f1Sz`@&H+aCTcI#uM?o^!rK*!22~D6mH7(Oc zkQoU8*KQ_wQ&x&pY;`HETI(8$5v2qEQBVm9gnM*JpEkOg+uP&@Ag(NhbB;`ghTZM- zn0)i!%%kf2&~#HUg{Os7rv(Zvs9-Q0{?H<~L&Ls5m2!Z|`16S|nS>}~w_%XCGySXe z0vB-t4txg8Z9GoIgRj_D;vLl!Mb$FPcY3rtGR<%F_v&}d{V+C~)4t(jBM=SfE1>)4 z=CMnCxEvrqGkeF!c}Xp!d6B>siAZWCzbWZ+J(eKday(3b z3>mXK2%1SE6N%Uub!4eeiTY%i(C*2@jw&E%#S|(;`F{88mEbFi;Ne~M7(@*oe;QZ~ zLEiiNlI860LE{T6nIQsQjJ@=zfZ5VNczlX~D2G2RrI2!BH1?6INsnWL-|c7(VVSG*yJhkV zF`;K5ABao9O{rgd?nvxT@-N}gwgyw_F5%Cmt#Y+U8kC<#mg&$Pri`)U$rUTKwnjhw z$YIcvsz~XVae?GFO8kVz`nVhutI2s*kxM)XYDcedxko*|L5VjBaaAB%oLV5P5S_hH zr{34Dlv&|n+rOajI-ZN_eKOTSd(YG%mG4?tqcky3S)Z6FLSXz5d2&gu6*`mmJG0wPi$xkF}?F^_ZN>#&s~^p#Gq;gGtN# z?qe!O;b(Lzjcubz2aR2Zt?mo=fAfeFosep{@0fA{7+5H?o2y_(6H!A5<}vpd4|TFR zCjmZ=QEubb6Btt(MhFv9l4gakkHhcfw>~7D-EugS&|?mz!2iHi1aaDtD~(`oDKP-2 z1dF_KxaRNI6`BM9}uCM3-B~89U#C!nkG1wQ!w75iNl!ZV`wf3oerevTY93&;BEXgUPE2+g#{*9ZQ8a0h;;5`HA z`&4%5mejEqs|AmS12;~%4D|P1TH*-4K{NxsIa4nou>}|e05|{}yHrZtw6AE)E5ELP zOMK_U0&-tKZLFYqs;2p8ZC`b8p!(uZ=Fb>UUq(l-xBdxM(?`KrHro}ddMgYNoc>oJ zp=_33@p3O$)3ZlaJCl7-7wGbRgmxr`Tj0>(GDxX4?Z~5*u}DNo-OzzqW_L-{+>xEs z_&2eMY?1r5{WwGXU!m9gIycb#g@E8^7gT<4e$rpcZZKpQCT-~$zU+QRLZ;kfMgRYjMH_84&IO7LY%8sZh!bHoDu5PK4!OOQv| z&8A~Q%d$swdAynV5kI5CBrgytx~Oc@{I?+aJ{JINFul~cHKV*qns=ftUei2MGY1AV zfawYsw2UR96f11C&;N1|uUKxQ_0wGwKi+o4A`f}7hX`jK>rGK6X4ATJE zAwAn9r@a~k(?9_265mHSZP+E94C8JKWt`0_K}XjxSd}#=0H&u;&DR=g@1#(z_2`Je zjfzpY{` z58|ja2_!VAVaw9%*&a3Zl?ALe?0N4thwNBFHX~g+^2lQSk0dnDfJ2)4cuoZZ+W#3%c}$kXXV+K9;bQg@T+2y3iNcK?Q@Rfg~vi4Rc@N zJJ;6+RE;tA@f`w^ga*NL2tGU*E9He`Gjsy*`+qa0cIYD{)F>7QP?Hn)L}HTBCDOoA z1z#r=4%({0%?w!pV_a#xx>r)EIu~0YfZKe%^M~;1VT*<8bGITt+_dY+E$0`^a5xlH zP3HFd#M-0Ui_V5wc+uG*FinSp7Cu(m*;U672?zY5HL4QS1m#xUZ8ZX`b-QeM+~%#O zim7QrkB>fGUUc|o8aCQJlcQq`VP@BZ@@I1vru;=1<_w#Zfj0Tqp&=>Vmy-~obdAd6 zgsY>Y!U+I8{_w=n&s2oaRGW&5eqkZMD1#NZfl->9%}81_UehkQA>CSObS(jM^+n*h zk=CKES=yILBlhKkX|!ZE4n@cFeaPNVqd&nuL$KA93z&=Moq5EO)d(h+2H^)qKbl6v z2RqlO!?tnX44y4B>7LX-u3jeP{C3F6VTJW5H!e{m%W^-b-2cR({sDn*SCBHVY*ktU zep?C`G#=o-w}gNn-E%3S2!^mD429oY46k1xXPk#tgPKwI8ynQ16kqPvLf>ADvb8Pw z)Ts~7Cw!?>xgGZGBdSt;RGlMo*&{36rWqnrU*W@yS|;PqIXGSE$p4C4Lz&={TJt#N zW^K@mb5>l$z+OFjXE((+=p4`I8g|2{#2kxorFjGh>;oE{9X1~>1f;6VTh!t#bh+0I z(=!!>q^pu=4YgGq;vw@V@H4A@x>su*UKD`l|9IpapK~Lur`1*w^1>k) zzA4Br&@1^+yl`z4%vb9+nmNh0t%w($dv}~#P;#EOS-D~k;ajUFHuAGX3QC38!KLC4 zr3^}uD?q7xP-|~veW!09WlAm_LyWMb_MOvJy0fv8*N~nVL5s3!rLeUt69mhogUb+ffEfbuC_Z{Xk|^?#OoJbwUh!mOSm5 zxgY{j)m|myBbW0w2|YXGb4qK&+!j9L=0{4(tBnL~t2Ry~c*qBe9ENR5(w&bKa94qs zGa3`!J$p7$0l^&5>8pLSKy>t_Y1eRjjz@=xNEC6Tbo}1$sASr@H*mV)f)RAv?Jnf= zfZ~x5fbI6aN3?^pLatbCc7|+yOtHG3xoi{h9pqJbIO!mT{E`FO#N1Y($<^4TYD+|4 zRHplM$rk(^Ce;NI(d+b^-2( zv3h_>YZWwh$t*HSq@x+isufNbb4tc-dYvRFS@pt>%z@cV8~`RY-lr`>5^RYMJ4 zq$)LF>Y3Q3PL*f(G%@uOxu+4roef+`eHne{JEYb#RJFGD@jha4%yp7zu13U6dq$9k z|L0bBe^i*FEGExo-Wyfd{d#{MUS~&`62$oU#(b04_}LK8SUz_6 zy9I|M;xISg5^#BjLm&1KJ7ECFK2V!@kUcw>=1EMOxHGnN_nGohLZVSqtq>&8dzlwo zw?mTGSn+GBb$pD1vk>ZJrHZ-xBBOt^2>UD$-?G)@s09i~=a!(inNz7|hoXih=^#?_YOZ$$FHX& zWxVqYYG{p(`~W%#P`ptdBcMjwKDoKxGuOhtnrg*wWK7pC-y!~dxSyap_?eGdK}@M5 z%I|Zq>Z=-{rCbJ#5)i2dTQ?MeWbNiUIG4q|_elar*f}7SXDo*;qO#p@SGjL|Q8g6wc%;M?V}{ic79q zZKnA~$hQx-^rZIy;%_VO)gqSKSsuxp_birj`@ixr@;4S4%A=sYh3676r!% zPep^)Y)n|NBkqT87>l=W-z@A{%6+REa~S=jgnMvd_r5pgLe1Tqx;2zq&X=`*C@dY2 z!ANgcRjGawid9?LLDV@}zTtbw^m7N~XznGFQ1bN3 zJx!?M_XE;Vw@BzB9Z5XKGb6Z7Exl&`l(tCk*}FO4!0(>X+y6tS`7izDzjPWFcGmw6 zw{ZSXord#&r_<B{Hwunf!2&IWg(5K+J0U}7>1Ret& zSv_BVo8oS3vZ^)(lU{>w@)&tTFRN;L`gp3a^=w9p-hg~-|8)8J-pl(d7`neY5W4ja z{ko&?>W;A(tN*n5b$_l>PceC+r=O)TcUINWKl~@#l9uFk>Z+0B(pj~Nu7CYpq7k#Q zGxY7`dB;aLa8t)n9mMrquZ7F$H+nL7#f-84*54g-2`R|=bG9}Amk^d~vFrD8 zGFam;s+hdkZ!%u6gVg4?{Ue-EXQMsC{CtncJO%lMo8{YSI(R$9Wl05d$X_&-xu)UW z0sYz^+^M-FW?}1g4AcIEDr}tH(nD!fVp%>5OmzHhIQVE*vJ=UeJM_OD&uk#gz1=(* z`{{ejKiMvLw%re(>^2kHFJHXgel&F*PY_7e5kj}O>V_r@zDLE}gA9ZJm#>YNQAo5O@oC&eFzyQg^6UnB#Y7pB~ipT0v&qLoz^?=kAB3CBIzTXMk=Yb*+bCA z*B;QFV+F?LO}{?lGryQ?gM-e)JS$U#e#Q34B-lN9dw3 zP9oKg(Me=JSPiLsrdW~uCYC{tv3=@|yNRVx=EgR~->^kqY<~Ky9*b0XV!3w=5!f5q zDQqrM}7lPKhW(nu0 zSdK)3I+LY{q%pB@fyzs%i{AEYkCRVVLCYi{fytP$gS6P-$(qu^*Z*P?LVphq)o2Ob zS&_`RM51{H zC_%ebiEw?nU9kBRj8A)wj$iGvy`bgE9>fB^NMu3Zl!?j&jWtj5OcZk!pbV`afNXBO z6CQxvXwwDn;qiQp$ZN7s^|5knA{k|&W6FbD)*p$E4P&xeLs3}2K2|evnS;QT(aTZ3 zJ-c?-uvh^g))brmd1^CKHBt{hr*~Pv`cDBrC+!9wPWf~HXW7En1|ZNH8=SdzV)j%_ z8pUg#>KdBu`v;=W%YSJ4Mpq93f!lb$iI}3uR_uc^H&Em#Ucnbt*yY}5dw0dowMIL8 z6pvVmM+g+c5{nu}W#<)e6&p(P-y;K_GDxk2Hp_jl2f=$_ZxE7PG_Vn!wu7-hZg|mR zboHGFqI*z;+o=mR17lz;9g;pla(Sb9y{9e&>nw9u!x@V)0hrz=&i7G%`B@KcZ(<{ zK{WYVVasW~vhgg1PWn9n1_2!SrA?x@G&;2hiMdKjyaAm_yK>ZhA_cO!E=$*tz_B$+ zo@_a!ThC09R>$HDthF(3?doitj_kt8s8pm^qceA^xnu}*-yl^T^OAnm9m`d*NNH0D z9W}Asyr(C^_@1q7tw(`=AB7e>Y&!oWjdG*w#;d2W@fD|>^YJHzqeR2KaNd55O)=wQ zdMBem?^qSaGIQAiugf|Y-NJ~x^LoBPHn8SvU*Hh8+k#(KD|ww2ZbAK;Nfe!Dh>P|S zxiGRznu?aJaY-jEid{S^Y!c2rj8rMwvCnB$++7p6`H{HM@NA@2;(^Fn8MN;UJjQ@o z9u03vtYo$Y0>mSz*;bZ#btZC+MoNXZmGr8R)M^3N`FT#kO)Us%NMRcoYZKg zA2fx*2&#Fu+i+Ge5zdvak%4>(^AoMe;{PBTM>Hf{_g?ve%jV-2Y^>C1ba1!+kj zZspzzQJgI$-u%vt4)M4I_=Y;Z?^UHTR@5)D0(4_O-sSL%b;0 z=x6(MeJjsktiia24u3ry^FOJ3zDQZr$aSUNl?&woNd=?aQHWS;TN9R&uWZbYCu zkTw-Us&$VR^4PkGUzh5$m@HM|>IlV|HYhGOKsSJ+t=-Qx%chOt(9Ep=T{I<;tioD1 zCwd1=PKmjDtK-}|BZ#OxX5*33AVjiIAiWbgAM<)McCGEv>O@fFKX*Nuzh+VT5XI#z zW92Zyo_Ua&kVAl(*WII;FUlvr5uLC2Ohra0P7vO_$X#s0%sXlDjAZ_}7#~GcUJ2HWRT+r0e2!JAcNTTyUsz%ca|y8>OROQUE>faj5&qocPcHQ*;Nq*qCEvs$Lj!S; zfQ%|4(W@d1ul6~E*|A#l50Qu{N5EX`w10-31K-raGUl$7Lb9vIAYMn(a&<2OB|xmw z@rKkacgRW=Ipt_L(_p|LOQ1s8-TUyGjt}mu8A(-pri>xZr_H8C3Lb88J&Mi0=wPMI z{g3}HYf`gT5?<@TS;5CJsb31smMx@z=1qwPb|aC_&UC2|zv_0S)@D|66_9~tW0hO2 z{PMyIEk8BDoEe8RgW=hF0Bf#doT|ttC8@hA`DWAOnf*$rt4~$uAMr8_)iF)RoDcqD z4B7tYU(~}CBZALwkl{5uKyr2jn$oW*#dq`<9ZlSAs0Ak!t0RjPT8~P*#4h=-h5=@j zuvbKaKONo?DW!h) z%rS*ed_2!u#Gn;v2ia;RHaXAH44w`1nlv1arQ*1DwnL^8LlOnqA{)<$>gIAWl0idthzRu1j*;Te=b2YFc(#DCNWZxu*%FKb%~ zs%S`Wxw2Eepf$2oC=}8976ZSl^+UX~R~Eo|;ov=O>$X55lCdN`Iy}i96E_3-$aB!e zvL@=2&L`7rV;CY^oaRMFZ;-kvvtXthRsekVUSD!+q%%4o|IjM==k2DDP1)&rc4rNb zBIg`xxO7j`ao~jJt}K~tPoJv4u1o?z(f`dXIO|QNZ>`P-)4#ImI#_AH8@k_n|E6(=ReCOt@pM<9?{3#pJe0fqARc?rKOmNELf{s1s#Oy(4s!m*Ae?b7-~Uv z)D!ggha>@6oPI(IUwpr- z`ns~I`I~kxUZ_@K(3l>n2f_I@A#}W%sx;1DC)Ydii+?t>^iniq;q568MN`C{{6*bB zPe=5z&PwhM_2u;v6K7xh>EkoUq-Iq}=@`;Hj}8qH?o;n;vCdsmK0987$29vl8ko;! zI!_$*x91Sedd%VBk{}ByH&=Hn6(oY{j2-#Lq3o^k#_}{FeV(BCQ=NsQZhc(n4vQ*> zc$Q$(TSIT+^l;l1usNc=`Rn3J0*EF3IoOn3m%@(ca1ZTiDcq4nwS-KGmM@h|0eN?5 zaRv#u=ksVeyQ}T#TfM_`wqEyWtzPNis(l8qNt_nQ^gObGDNH^nR8wxtpFTzIWr+)C zGg){zBxTe|N@V^D0tZKK8}vZdT=(?U`na$1r4#4mZqYk`1tjsy=o53Y-j;B?oS<^( zfPbXLL&&MT%<8HHr%+j@v@YL30pp?msWkqt+?ih-$g})%{a}Z96$LhdvsOwuD*g*y|+IhWqGU>I74Z%>nj!u6*yWoaUESx&W{!} z$RHYHdRY+EXEU1E+~{^h#o6cRmo}}^>%Wp3gYWX!6$LA?-AKwD`tpwwI8kFdgg{W&dlxHEjquyWY{BB$ z4a08*-`%Uc^f1#7*#uO>`l!% zKPVbr`OzzXnP5pS%O>7S$o^tXz)}MK_kN2{IRa5Qe`O}sezw>b08ceL4(-f=%vw;C zt;#uKhhKRD!b;f2&|_5dV$Lafar!ZKEPbXRL-R>tyWD+u!7hA5?@8W)a3kYKnNWiU_HC3T4~xPi zZK8?-QEIr9L@g8bEX*|(dX;=3L5-m_wE|2~C7Hhrs}kVPabZZqj6}XxpaYbp$stDu z|Nfa~%M(*cC%*X92#Nq(WCvkt|2-_efBGy!V8QAv*3;xC$V0r!9vuyA;<&xd+YI3r18(Oxp>_F78ujb5ttc5o?&lXfC|YWMC64w9;cUwiljZb-9a3l8Fb2i}p(7<6ePW;F#9-a4E_IgR~Fp(uCS4lG>%&z%D5;)4-hW zxNWFG!V&L*p=Jd5h*9)qF_v=KI4(ls4i(*HCy( zh2>L&x8sqDm2U*{P}taf|E6}ykv=N-(*;>TS{YLhJBl1w7_zq5?di5;rI=m)FLVL% zV!i)Cg8dh{^&b+9g`J)4zezAghX3@r{O9Zcn?Yk_VE$j(m9?~;w_E=0pk2rB5ieID zY|;B#XR+8OwM5qNaC%0RjLobiIW;Ug`up~RO5~A3;^59FElj!a;3*ZEk!3UA|xf$@(&iIjTF!Q!p2jT6sZ2*k5@3Ntzmr7 z%N3$AdhPyt{=SlX&TX!L`tx(94sck?8b9ejVU(JHi<5&iHuE34#Ytlg#=t zMN=?V-SFu?WI&JBhA}%QioGDnQU2qvu9rkv`2(H=(Mut!l;YgE-YCj}&dR`CJ|&L( z=}gA5`1yLJ!(VUu2Ka_!hU4}GX(A^vDTtQoD9_ik>}ZEuhUQsCk4E?B_7w*Hdt zxkh9pQhS_lAts;@`F+X)++!y5s~U%{M?~SP1_Zk`@FH*7h>qC9iopyd7mR}fE4GNd zA~zW(7KTHDQm6w}!L2GqQYH&Yf{G*3{CcK+_oqNM@UhDVAO+H`|LEH;Ru$z{Bm0HXl;_p2^ib|90l*&PJsGmf=$UGvX5ydRd;jKC zxu0f#iN(oX!x%JVt1F0M9982t*hFGOm{9`e&OP*M(LV{*kS0KDAqJN6#eaNUoa|C^ zOSuN7uUMQoZrmW~jUMxWEF>$A63=1S$$R$t!qCIeyIcQ_wuxbM&~=?*M!0aJ?xbu~ za(B!W60=))>JA|hCDsS9E=!D!0&AQ!5Jv$Ah$6a>(sk%4lwDki*c=YvDg9g}dnuy8 zzdPKUE$5-WD9U+oxZBV3&2IRre{yf3l5}wvxJH3Ez#hJ zV3^e0@k&8u`p=nyimtgjmkS_7lE8x<971P4eY@ffE;SAc`y3|bb}{KagP<7VulOIJ z5lAqbN^wPMIM7pcwT@9R>EV&vXwE-Xz0(tA4hoKL92ewR-HVaJ9HOKT zf%5X65mIl?uxkzEHE&(!6DX6ezZMuxM&&WV+21LqOX6}uE?O8mj%9gx*X2!|d%dK7 z28sw%9MpAc7;+iD^jK`VsQRG2I?mAt&{Hr&>@Yxf1i;J&EaL!M(EOa37~(C-fYk&+ zTFHQZT6C0)_(dhf!3pKU^`hQ{Nj^9v>89NVYNjOcw(r9MS*E?y|G4Tbz`JE09t)}! z)r{bqwuz;v0@q*HT?ollW83R&aX#~_{QS7w{E9U3KXvjCF4e@Ykxq~m%NL?nHQw@D z-m_IypeH+n-+z`uz(ThfSqYC^*|-p1z}>-*v{Zn%aKjR7ZV>8$GIk~~Ys)G#@(-z2 zNfBP(5#Drl$hNjrl$%6cHN^sl=V27C24GkSvl=kMKXw@Rde@BuR=sd2K(XgSqbe~q zR7o*IFwM7l{bq92+OqV%%3vu$1tzVB%3?b&~bXhR)CvODk?VP z(v0$7+W|Y=yl&(6DI3>q1ntv2ssr7UTNDYdc%HFX3(qCQl&m|NcxMemjV)TG zT2PbEZtTM@c1Um4h>$Q_6!j~`og+2Pr=8OB6y8ZY7aTX(a7cv2I1~WJL27xp#<;gY z475QJESliuki_rkV2x%cMXHX|*SmT%8TO2EP=~vLo~*B-r(_Eb3(RTT{&}To*3?ho zZM4tBhsD1ywoB-d;$?o0Q{Vuhapxv#kM#Uk2K13F!)V44D-#dFH01(4!gA~&~tjd|8~?4(M83+yP`97p_huUh55S(yutSg5Yo zDGGzg5i?qP*En2spZH-v4GGAdJhymu;n+Ul6tt`YQ~45d??Vda^iIwK|uqXZi1n_XTuGN z2nmPDTsgKrm=B<9bEuo4h~{=4(U3xJ3RyP*qgqk~GYSYIZm?5*WVoF%rL?M%EEiY# zNbzvR()jI{D7W`ThPuouR?*jvrPMEt!)jROZ8w=r(@B z=8d8c>hO){HBnCgf+kLcFgN3q9WQLwwnl83aPGw-TqKZwxn4hWEm0dxybk7EcSrH8 zy24#=7Cit~C}^8%EXnmG_o|^NH6DuFs~h%s!Pw8dt#+(1E)UmzH6aTKn`;|Cd&Ss@ zTZeeZ2&=)dmGUqvA);q3Z+La|J(T(xUB0zb4$ncKz?A}x*0v!5-ECiA?e~S~F&fkB zn-{9r-3>cE9diqW)erQBW?+?@)pakDLk6>PxBfI{)K=$VqtvqoO%I2!iU?bp*~-H) zw=YVn&(*t4AI-jS0v{%5y7PWj<(zF~e7C#Ov~Xr$leaeBdbSFaV=#NY-0c_bKlU9~ zs}BQiys3yrUr2<9R5f6s6Sk3k7p0CS(!oG|^@_zV{@su(KzQEB??QduEOX`TBD-!k z4c_<1H@$MS{8#@2)c#+r`XBtt#Kz9?|4{9JmVEzzRLk+dLAArWlF6j4jySeq9L26?82mcvZdO90d z{m{uP4y!HZ^Tb6X-#(wOs`}-~wr;?v>5e=-{uudegYf=&`2fqZA`jvI1%Ne)(Hnon zzjsBDv-JM?`4F@27O|cAozeTn%uh|^%ITGi7t-?niOZ`=5zO!Hf%BRd8hIo>)A|?s z;{Szan^VKkb$zvG@nD$W4=`%j2`l({obMeVX+BC`(xMa7%s4CJ&PXe>ltd+F>zQYw z-}~qBapzCvuh)(M;z&f*m#{awop%Ss{NAZ`<|zm zM=`&kD*OQF-_es8?ZCDoeV^s}fFh|ForH8E0A1Eyt5pnVtI&tfuU`dFy|hgAC4O)!+n3*aPtWlU${bC^n* z6*_;cr9bm=w8q}Z8g<#Ii*H*3@)0ew=6%$@ zK)xvO&8*0)i%p}d^%?8X`p`O0Y$8@Or*WB~>#?prQXi$uPlxtl<5ic4wNI;IKHG5R z=Z&f9q|I84cD}<5qj;8^HOs_rX~hB009Jr=K#Cr(C7!yRJko-E5IAWWX~HvVQRLDj z@Os1bV+(T6Nu$V1MutVT7>S>|bFAJ>R%+-ny9(Cd^}(8=QDgnzCJ4I&c40fg}n($cr=vhZnUvF6CvLeEHH88 zi@W7tPDu6z+4nWTZpLziStIS`F^pvh*?eVon!02`*3`7 zmM>sxq#8!{O%|9i*?k}LNnDQ{pqgZ1b0P!edTQN#=C;g&WLY1+WLTvLNf^hkITm8N zmUXES-I747?foR)5fXvtDJ!XwO!dnTy?>)ug{Aox&c1k!U25sE()46+@Rlj+14=lb z>a?V*_u%E?GH}sAIo3BcDEH$a=FZYtOf8onthx#M>tSOGZ*d@mf>;&;CcGgO68Wk0XV4adXn@6`%F_u5WoNpYB&w9(U~b8@3t{d9Z--%gECmTk+zMt%v>`j$ z5m7Ec(r)4AFmP0dQ-1?6^@$WX7@($k)CI@pILM-{L;zATnbcd#Uk+UXfbC<4yPe@i z7X3)BVtI^43-rQq$se%&$^Fav*qqA(asD>cH}-=~HP!4m6>v#QZ3mw>q0mod>9b=b12@{p(<`XxnUFJ;<(euV7qZ46V@sjp!XwWSQyGT%dGKz?znfNnT=$|Es-y6e50 zZKty@b3f`>8ADLaP7DVgD=>ft!eikR*7?|A1O|yD$5VKZ3H93>R~uNd$_11b$01gy z9RyD}k}VUS*t;RLBkO!=bMLO1c9FPSaiAT`utFfz90?i&s71!3KV#yF@@W@G6f3D+ zV+V9?#3^G$xuB;PC;(C4&YM@RpOiBozg^|E<$D-eFts;aInpL}LSjBU=#HTl(qI{c zE6D)>L6ixB$DHS%vcA{L9ibTXYV+D@L~?))gi`kHl}*{4-0^abY~udJisO^E6|Fs* zO45n709BxAx{%6eUnkSxGmm1llfZgAWx5prZ7EJ8u^z>EYP&0}o6jp)=*3Dt94s5j zP{~%qyc-nTQQQ$tPyE@A#nSN5nBBRxz7!K$=)-PCWOZzmX3^aG500Ul`caI!Jiq>4j7~>$!5jwGk zzSc;fwYs#bRZW;Z{cwBr8E`m+!|zH$R5rJrhgQvA4vh|4QN@*s*Drt!(`%$_VQx|$ zu|?R@hd8}5P?W;ST;Ar#&Rd${@F^mJ5%5S$KnAo>^)g8q=rK&7he<%z?d_^=`=y7PLwYa{zE-j_+QBcwdu)tp0&4geTfcakQYe==~a2!Su zto;ua9L=b-aKMSBb_LEG$L^~rILUeY##@N6Co`XV2!*b(Ba%IK6u}Jg10J$>2_rC_ zeFREYg}1|SO~Uea0oAeq_OW(PBdY^ofU?cx;oQ(@DJ4s z-XyF!OmP7wM&gIKM?SCs$!&m)jS-t{iihdX%yht0f24fKKqBr};H{wy(F-I*;F1|4 zq*4jveGr7E`+*$1`CNQi!z$*ksKN>R(hmO$wTk0O_%j88$$k0xzXSwbPDY+4j#Ywr z@xM7Cq~#b|=tNPF1G3}jbv9IQnL`OHW7Na8gR3u>?kO$p<@O6tUzQAql6*E1k?8XMjQl2Gf?(dkC4KWd^Ak;bf%Xnj~4QCYv(8b znP1vkAow^ky$0$`abCLbn&qtBOKXgC$~fjMu5fgr|CalhyH078r7hY-JD4E^krL&7 zi6Ff^Lh-XK!hK?Yz~tC;397D1{BoR>_#3F25tm@g2^Je4czO$dhz~iVQpqeSr4ynB z8+yUjlX5<^Kz*#`|0agX5Lm;{BT144K^MF!jz1dZoxt&b7(0h3QGza8mu=g&ZQHhO z+pfB0+qP}nwyj&ntyg~!UJtqlJvudYOo$%J%v${7;nY04|m%II`3(&JzV)fb4~ z172NZEf7P-xn68McEmI%474J=;@nYUu`Mb<^mdU>t}Pso22srn0!bXVAWRa>&VPE) zBWcm+$+VrQK-qRDuqv-@$pKWhm@W#&jr-W(tjS6nh-n3shwb`JR8oV~+$Z8;1^($@ z)Wi0m5;=l@UH+#QGHN&6+=!blZliwI&5z|>keAv z?aQjN4qmG;*Gg6wZFf)nsFbpTdiAgA0zwgi0y5#B0`g;!jv5JI3*;~voX^01uYl(R zI*n>9|5~>+2`{NFJp{nS%_yVAO8!}}dV{9tjL6iC88}xax(hi;KBvfC;>ucCt~vC- z>X#=Lpp$CAjIOB zLR(VQKf1iWH4@Up$FvJ4N(G*k9j@urzelf&JCKqfG?XaPkXv4s? zjAbm|sMcO||9dF^={m+4UP0|aYuy+)lqaCI$*)bj@5`Xw^wh8xAn^A{3v34`*fq+f zixCZjbb>R^IT0EtioaW2tRtQyQt1SAA-|YAm2VQwS1p;;WJa5aIU-_9ymlY z@T|0}AOVeb2ye(=poFH&B(}6HK#!$6g}^Xf3=byDv+yU_1;Qn|SYj+d=AVsg8HdU| zVv|p1tt3vcLaou;2BY(ez}xmRU z1*g|P>tI1RirAZ%Z@r-rDXlU3^fOfLFEmM0yjn<9?ysstoTiS~{;zX7H8PlGL)Vas#~8wQ*cw z9P%)RTH!-Of}1LIE&S>A=zY3D$Se~NF!_R3LgUDDPSQrk*uh3;Q-H#M-rvyzx!y$9 zBHtPPv_`5^(l>n?nGX_T5-SB~T`F)vEA=_Ij9jM#$gin|rx&gO3id}>2}d5zd5BF=E&mT1jA!h# z>|?BH-LRFy++P~WGU@eE081tLY?Er;HQuN9Xzq!}wa56ilMgDa(ix?HCHRZjq~-YXHJ(dKvwy( zepeT;(yR$$n`eM#Vfj|F{c?1`d@QRBtyn@DU)jB= zZMKun^0{sjlu=g{Dy#-yGBwtAsg3|BJL z@?7Hs2#D3zW}N;I8NCd38LWcVy^I!ETl`pf6U;PNnOvf zynKPU_9-_#1J(%kd80l(8$qvVW~K?Hb;Ezk3^D-&tf>Rv9H~pP(m}T|cxmGc$!^ah ztDC`3Bg`ltj0)65`Njz3SRq1Ey9J%op19g4@v#K>@h~td@J{(^28>BMkb;d}#dm4% zpA(4s^qwopkSW@tFskYQu;pdWwzQKpD^b-ora@#CIMY_Hxo)YXNu{*!bg2QrS6|TH zdN8|vfSak2vu?9EpT(gy8#&|pWC=ca{Ik)UIi`&qD4Sw8V8M8l=q_;tTwIpnBq@+F zPF8F6;J<~Ra5E?b8`IRfTQ-(xl@n7{2kYN!;5$m)N8aUBK>y9(nB`;GU*;;QY4lSE znJOGH9@ZJb?014V(kf@6mHz8OXP^==yhMmAZs0!4Q=x`l6giQF)Dco*#8CZ2L@L$d z>cMxSp;}HBL5R;Y&bxRV&e9E(=Z*&{=1M<^kyace$Qo4wD3BwI;j`at;qLf;QMZOPe$DS<3VkGAt6q$S8VyCb_eKfz-aE*G0E_lyXYNIYygW_{XK*sj*+Xt>$U_a>ik7A zon3@$%Zcbi=Ci%kB8N!|3YScC#wsnkAceDs#FwUM%Lk9?lj5{i2)RhqKeQ>7_XdJL z7CFmTBtsNsdC=F)27L-3;bdcFHjvZHNf9o`;#Xl15MW$$#wB z8A4r%-(sY>l!aNZ%E;(CyVJ4jbIhUF&HV7bM%^sJ0M)c-D{-@S>YcF#40sGP#d-rS zabqQUxiFU~Can45Uunn!YqaTAR9ScM%pDVQ6hk{+i20kCxz8@#CVTIZY=OTAgE`2T zm>Z5S$+>dBU86RSBC*H3Of4F17^heU;&S0Yd>*6gIZ7zN+ zvJ}2eU=>_^)pq0quc9sRGO-Su(0RurZw}9Ef4Es1=NcYDFm}Z|B+UgD{w5gBab8%V zfy8<>eG3|1U1?Q~=%f+#d}Wn|kIYfWP5vBK_`^k%Snm8OR8I~1pk6l*(snhVTj^Q7 zb7a~jM$H>-Yew1mmwk9y{WbYR@~HO!3RWM4w2e1Uid~tcdI~FpABj%dvSIxV--7m1 zXRn1p%7!DwO!VQbc5Csb;%LC~Y690-Mt?Efu3!MZ6!K>;-5Jfl?5G}9-}ZFGWd{zu z^@1n!;!;S@={g;WEPC(79B-Le(l7+!Go)t0+ze)0B`C2>mRzmm=pqal{R`u8s5SXM zD+Yyv_xsRvq&bQ|vllLjJ}Rrja+3Qw3QUH9d>WohuP~YCR4)a~^Gp66d*v$u;{j)v zXGtm^*e@ns)L@s}NUrBNXgkOlHw9OQO>)tywnlSBNq{_D+T1RH{FvM>$(N7&bE^0= zcIV0}<4pB(#55b%khG2QN#n?D3U(HrAGwOw_yPK+&T@VAaXF_Q5lj4>_}w-~#ZCV_ z$R~?a3x>*%zu-uWeA8Fhk%}1LrS#`VA&Gy*zJ}&S#*pp)bBDub?DhEuBjyh&mqlW z+K&X{(h5q=dCprbVe7}AucL&=*>z%IHu$Nkv>;lt>aw{0-C@n14HV`MG*40>L1pin z6VfEr?A}dLgpw<~(%i}LXiYOVM&y388v>E3ZQ;zn**)DY#PoUx9uN{203Z(tG6V+@ zcXHbIOA~6}+PRlls)@fyaB7PQ3etzyc+(U$rIS6gW~(NrXfqzBb>>L{tFEnF@&9pa zn|)ubh*^dN$}ZY*(Rc{TOcIa0{J;tzp7(Yksc|Hx^2eR);TT?cYJ!%kBUcN;dl}Pl zr{j4akKEna(5Yj2;q9U7u zO1)Le*AQLmGHB@le^xD|T=!%Iqm}eta!3eA7!*!H>55=Dn31fYy-nZN)!mAMoKsGN za-}M5vTazT3a;V_K~w%SsQ77J%n2b$0AVjVs-I_Z%kg%)u%chf;N|-94i!)iPRK(U zNj^V#v6AAHKDTt0m8QN2@9#2}nKS~OVpHztGS=TbC>aT1p-{TFU9cSuMS$>r$$BNn zP>-Hyw?4Kn6(DF2;0}RrlKIL0mJrQ|#RDG1ZnK!P41q8ZoB4%|I;*gAd~|bjmAtHm z`0n~mL+g&v&emq%y6WPep%_5!>Zyj8{_ziOM9w%TZNhOnKSX1|KLRY8_54u&3o{UUZIh9w2(b#$?gI{T=ltdw7`efgB+CvZ5UZdUP)BJ|<&|VXo`^Aus zP^@uK^SjFd1d>?zEAcnT5O`EvzQ%6Z#8iZ-G5?WsE#m%No;~p6#=YXLa}eHyU&Hf1 zM*6r}_906|#pg!bDy{?W0Wi}U{Zh%p_f;=PhcH2<0r&R?ECg6Tca@%as#8x@-uY8g zzJk~6!Y`bAaDfPUsDpPmP%1;t9g+2*l?R(upuiC2zcb-%$?Vo1*eXRb1{S8 ztebULbZCooddD_Bc(;bsB_QF;Qu%{`*k(&VOh_%#MM^;}AnHSPnz)u}D;!icZS$d2 z)XaCD@Ofa%NMeu~QSE#h9!2k5ms|7w5z0#w=jwRkKBn=KOk%85nw5Vv)69@6FhYR( zcndT-5CW9=G6q7Q9e1ixByy0f!WK;ZaljS8<%Gf`y9wbZHqmfE)z-qM;&u6P){{h~ z#vE4$VYcpo>gws!sZ&2a+W04h_+aZj%H36(mjlrCb22TFw^~(Iq7RgMc;lXstTq#~ zSkmRd85n$HE_P4nn-QnD-@PplH(B`gwQU=Bc*}DJJ@u zLP{v27wxX4WuMnu=Uq9NH?#MB7iZsPae z2B3Xa#9e+5!ndvTUy(RB%Fm#4R8%(5IxqI=PW%bxt)TgF^T`^q%3PM9< z`CJr_oiLhbk9s;Vl|S+9>@}_!HJdbI&!W3uP@GbaU;-3 zjy7C5F4l472t%%&th7fIC^;swI|(7j{J2i`CyXU5j{v!pLc9cysco+E5ruFH>*~Br zYQ(K#g|Krpoi^ZhK<3Cu8Ye?p5%B4t7f3IWQJdY*2w>ZooagwN zR&XJfm3Jg6&eN1_si{wWEBB~J1T(k(;4oF!g|uAFCI zvj)PeZ~tK*5mfe8sML~5`h(@y#{Yd5+EtABB*4Iy!H9qxhQmcX8yCitC8Y~$(UV32 z!Ur5Cm#vXMkKQsY=`+G9%c>&z7Ck;EV2+7W98j)J*Bp9|jf65Jh6)0Te|hJL0EUZL zC(kcEk4S7`sU1y&l*o?eIdFMwG03H4gQ5Rj2L)S>V^&b$(O>O!$IN9L&kwZ)f%aU4 zkQuRm{v&1uM4UCtCXcizITO^9QiLrbE1)r^k9*|pI1xqigsl{qkh0xIu=e-9jNW4} z24FQr*eNhLT<5QVWxRUySSED!xcTslN>S6wdy6x!{S&p$Qur?kO(58&Z;>3 z*r7zxng&l@gNK&!!&hYkM{TC8%mtBk&()h0Ug@7X)#TWj3o$%&G4|A>7{K5k4a;KO zWm?h3v`q{|4E#glTGgVuwR=RT`efucD-&PD(;w><6pB7GItY})M7;cHNsr*S9gvBn zeEt%QB)DAQGS`2V#sb9B#B$r6N;a%d;24CoEFj~s>D~LGztP3<0Zbw3#Dh}3|6rmG zd;1i_QUvlJy_9H(dEiI%QB2GW9CbNFI&MHb1usNCBN#a9?*kat2e^#E5s!cg6=vffv#YLbZe|aZ?yXd#SlanRq zSKS`|nqOABJlS%5X)DQuM0*xo7b`ll*bEX94&$QV&^lG}m4N`P583(5p+e18B!%sH z;GIyxf1gcE_r>#QqvIXY`O6zO5z2iT8&|qNm>4BkL368d{D#_~pN4>B-P#VR&_gKt zQ~TA}V)8P!8T|$}qXr*h;872pB)~ECEsw76PXNZi+yqdYQ6LfMva8WS6{#cc5jdN{ z0tBgw;9XcXVVwb)#>g%Z02<+_C(5zpiTat|D8ROfyz3;1qo%vdCZm~q8rDo$m`u^5 zfMq7jCx=meJc_djXP3wNClbT`DIu_H?5T-E;litFmP?@<_cvT6rfq5@6M3>wzntXl zf?!7UtI0yA|F*f_XE@`sqgT`V$H8j=fndnpw*{Cw$6yh6@4LVxK;jft1{=FePQ8sx zn-sV#Q|240!ewkmZSwe+5==?VHFsky4P3*z4S^rk@|DQXZoVfsJ3h5%_8>k9&Or9> zXQ%R^4sX;?jHjPHip+v@Iw9BZDaTtmum#><@>7kQ4GKq&!Ro94CXIk8S$yMxa5eI- zK)wg9M0^Le@L&?dxLdqt=3c#M)wg!-2^bm$j+OV}g$90Rj)xdM(#GRURfo-gLKyNLbM)6>U%wj_fLv014$PBDAxped~|o)T4d{`-ku z?J)4UW?guOaQ?P+`9Xu0Q%<9yeZWZ+Cbt+fnwvkhUEs&5Xb3!CQQj{ZSe#VepZAT_ z%Bp9seZ)q=Iof&(WWGlh41p@MNT(}=hsZ(}(4RT^8afC=pg&|5m#0gusnKakTBm_~ z6lX5{%Zk{p~}Cl3RH?8oD}INvRJsPFkZ66hgmpYzov@_8tiC zdVtj-@^9~T&>Zvn*lA!>>JrfjllmHsCnY)pt;`PW@A_b+WBhbhk159&JSYteCfw6H z6brF2_PL4a;f<8pQ++j#W3$i={P%)glM#e4Rsc3_b1q^o0lOUK>iY|KS^i-GNiyNrh5SY|!B(Jx;TRf&LF z`lOspjxjPyrS*xm0w~>prB5})Mm350Z^|TYV{p+56%96unN_ovjdt@_5Dy#{oshvn z#7x0sbg&^F=8FWNuI1=-#t!?JXb#)VZ)!Di z7v$A1l6LjZ-p4PEu9cwXozFL<0CO1j*OX5rfj~=v^s1Ll;*aS}Ct}%WtM}k!8GI|e z+ar`5B8J$>xan@us3O$Q)$(0rI|A7o#!_|FCOA3u>55)1aHh6>hy^=cFn0#6)@(NJ zGl-znAdbVqMuC-8HsNUo%H%VU+)9#YMNJXNs*O$AnNF>BrK2rERLNnN%B%2irmK}0 zUtWy?GYQZtPDdXFfps=)1gIQH3H!GttIu4^>>S>!>a;GxV)qjJ3VEl6$jP8)#N4B6 ztRNnJ96y<`+zn%s2L0$q8>9}(a|2ZSMFNvd$x=p3BaXKhiGggc`+H*+Smjak zr{^!%jf<{HkM}N<*q!Btm%!@DADQ#v1qviQdW7xk;zI(c`*Xkw_BWU+O| zhi5oC<`L7A6;d4TfcJ`&`zqG9H&y4Q%8pyBnLjoYt$}0JB{`>b8rr(IM(F^8mA1sj zezjZH1Dm&g#i#-whZ)baJzidDaAa}=KxOML(={p}&`bB&#RDiS76EkSqjFXHh-tDk zm{ajySxvS*HzR%-#nw{x@-NaEwHX=4ECbWk#VvtEGtog5p`DLRdgb#w9DTG`VFZYb z@Dq-f8tK+7IcM^&t2^TAkYRD9cPgLpGIJB4rYAQck5M)tpOwz*2w`4!hc9VPnlq&_ z%xDX)lyv=lm^W}hPg*ww7N`9y56G}LY@CD#!eAYqPh5i-{aoL@Abry)uQV(y z;)mqm1G~o(lmXxs{EN0^+QfrM6K4{f>MSQR)ez>bJG8#&{qAJ*ts-`GPFZ`~24y}3 zi>?DtH_w{KT#P#PtwEl^lE?MRjcbxdkB1VoD@(Jyrg(<|{$ej&+!lTZ3iR@iO-B*7 z-TSYeoI7k2A~T~m_?s<^V7!(!=5A|=ZbZi7o1oUx*VyrBOh~7e!P1gb2dE}HV}C{t z=Ice)Qq+t!jq$`7nY>ii3V{FUp0B$`D2BsjN(PsH?#WQ`Y)pZ$)}F(uF(F3k>yDeO zFr}AlOQ|avs_P)msbQ*ipz*9tugC$~nBtmZbsx$k&AKNx4&Y924Q2+s2YY5|C$a7Y zh2wWwEe~L8jnfI`huDhYs#VLu#bLV!kUD@WnRD2s{?p#LqL=auGed2d!sZE13tDCE zNZ?P$cCDCN=}558^J=W^4ck6vfGVu)8b5r>V&2XSSodmup8YCa>zNo-SY1 zP1JQma^3$tXd-YOXwXRIHEDu$20nyW++icP$b{h=EHXlor-Qgo|z5aZxkGjxke4mc_x=%?g8O!^%bF1R` zZA!oHV#4~Y$5v-*0LGYA<~G14r-T&8cuyp={r!A%eUuCPe3Pw+-fXL|DZ7|j|620k zkTmpJ(!R^se?O5nrzB^h-CNj_p;;9eYSAZpu7?SJ_W1UO;;;5^5LlmJ45g^e@#id9 zXL>_@ulcU&PYBCA?JL+{ci~){V^LBBJz{SNHEnRa1Bdk~%{tRMe+`7QF4#d)+fbs! zeepp#YT-CQgou{bh<(=SGZ(3prPRjjrpB=BKsRsdT|3IK`jSa7dX@*k(c#Z}-A8w~ z*{Is3Pxe{uzRUau`MLGFB!~5iUQ}ul?6VmQgPSo#gME8C=3n5PCHbEM(0|D~{}F&# zSQ(lBTL9wxpLSm+hX0e@muDjpx6SqL$Yiqa-B=hS<9o>(=6sKH&chBDjH}YW44>sC3Mo;3|-r*5J_TtOe*%WonGg1rZ54!gk_*YHL z^1)Ztld^>MoPXh-+GPHmzAjjg1>w;pNWn+>RULjL`(1^%S{ zRS1}hibgUJqQ^QKFqsqL>}Wb1W3Dt~`D6^PmbJK>XjQ*t`0LDwcpw zw`#K8rqE21tPJPGMFZNc`h!TT(5f$B2lt|z4zPGms&XAfEoz@l7>v7mRPcQ@qsoCW z((x;MeG>9Db&=DUk36&wLb-eW(LlMBjLDbX(LkTdi07Zp(Xk(2R0AlNpczy|LF@mZ zY2eCpTD1~SroB$g=WpkdSE^oZ-jRu9uP{sNHk^8o{WmIX-Yv$o2xAoQ(Is@_%?<_{ zd(08ohDp^_9=W+fhCVv$H*)(nlEXNl8%3T37nI~^1-pp)UNudqewXXr@R`NncrDK| z5H`O}CklHh9DJ(3ZG0Q3Zo}BF0mGDkF$9R-G6;Di%{MW5Gu;P#9(qRvQRz;ba0C>u zpLduRcVB-0(5lcHf;FfHhKHY|g6U23o*3RE3eer{-~3AE4%$Uamx~L)Y;68f;#|$+ z6byd1SCao=20mR4AaaF_IJU&*o11&6ROg)@7h0yDIX#2`Opn1JRWlx8ASE_%Y;;jI z?DJkm#=+)eItoEKC{bS_0Pf1-WY;8g_w+bgq@~U37))3^>a%{+PCDE@aGI?o(hH0> z+b37xIMBo>j8Zde`~hXK2b=_cMQSo&9qS?wmC2d7YYcNuS&o0Cy`S4=pWq zjYw|->JrWV&5+GN{}xhg9;RcVp}Au*yW?#E7FCc>xdx_s88LZ;%5(HHUu3s}f(8T` z^{`T!o`Jl0umDAK5r7$DE$P00AdPzmTH{RuBxj0{<&$GBA{ItSAX^&@e;+|G1Gw8> zxZyV>Xn;DURLMyOl)KkxBN2Ol6D|0&`zG>UZ8yebNb(1Uw@6!2m%~uztLngvUwPA;lp6PUkp=jRE2H5nu^DmIAqVZlja$ ztn?q)Kkz!#r#cC44z9r2>__aHawHPefHN&JhjmLv|IQIn+SuMGsIA_E)HmstGslGI zY~;(XGwR4Q5r!@%Ek&|@PM61XEi6cCTgt8~(mzw^d-Wp5odYsvev;tZ>EdpZGOk3c zG)7ns0NEhD)*zeGioKNHF}%}VJCt%y#F;U~7RzrR?$+go<7Qexj^=G6^}wZCL4tK$ z%6U01itAT0-N&lPm9JOvr;mU*9FUe+=(t$w@Je1~O#3(mYSg|7c=g7!(K`jEv5>H!_Zp?z;k*s;}%`r1is4FMSYRWPj zVkBodUSseYdk}1pHY(`+UWpeR_+qwCrmqLocyKE9Cyas8TIU$BvvTt7-eSPx$@1SF zEiR<1B*?%sq$YXL=l;cKb54?B_CHd#@JU|App!(rR2evGIa63r0vjqc2R=8aCsvun zd-Au8je`6vQ8qiqg}VUuL)zIu@g^by2kSsm3@ntks01o0ophxJB+-KHpB5R3 z1Qkz<*`jV1Zos8%GOM$H%5cjopaxMB72uEez%5t$`>wN$j#cj%F%h(Vm-Vdc*($YP^<{GbFW4QG z(!xQdx`-jC3GA?5eH`v6!V6&O*Uy|;nqqRi&MGP9kV*)Ss2lhQr>8*fm>vh4YyEW> zEm=;nmb9+?wC~nSK-pU;&fwUXoKC|L=rFO`mB=BnyOPAt72ifBc^S7iq+rRu_5Kv$ zS6VZJ^^gwcKZ*uFDl3DA^o1@jsA{k)3b5~3elyt|{U&=1BYMv9Y-;(I2)uI)Fd0~OEWEyw`%m9bGXj64-ZJ<3T~Cq zQdp=3Hl_YPV!mcIZ;m;RoOd`R57E%k|ioLV*sWvJzNsEjp^j42L zHO`awUv@4AI;riTWQ5w8)NP%Dw!&Yv4n{Y#SEu9GQO3S0rJ(2;TbDtg9_Ov5Id&}E z{|;+_`^(D_V0Vyfoq!TF_fb|9w8JbD_k6S{CD#;)VKJ_g>YD?47a?#Ag%TrJy8Wul zN-|GiA}4}x)SPJYmtqToY@MULh||G#_jeUWZ3P^oG+s)TPEdugH3?0nk6>H-avH+f zue1d^zGo5VQWn?d_9w&5abzK)D2L#fFPRD6jFdSd%)*p+Z!wN13&1XC3AbiDLrY6g zoM~;)f{AB(X`>IYotH++~hP zVgVdPLaBvXW$_77b3*X)lev5El%Jen&g78R&Js9`rZSr`xete9Wc?gF5!AU^_CT^; ze)*2iy(>k0_o^)qRy2Xb7{F8DBg5q%v|B?KNd?6go9G{3i{+7typf>k^+sCyf@Nwn|(1FZm6B$FL^FZ6r^p0_m6Q;Y)8dhg3Q&gVWDFK z*BQy{03RfPO-DHP+CrsecyOe)*u#P5p~7>^8q$1(c?l#=@aDZ9arL)^^W)2i++1>C zrg?>UFnkUtp9cK9H^z1@CID@=Vo6rBmpJmribhwresnScK^u_|e69pv){Gd-jg4_B z%8}|Y-FzAXmi4$)n@&m$N-I9L0YQxgjN>8IUp$oIi!jk+>|-L+C(>j#_%`--DJD)e z1M_Ch{*3AG?g}O<46YR_w14I5A0tCVVhIEqWi^ksR{hi#WIN(%*{q1v$WzQQ~DdHqDJwKh|_ap_C72kjT=d}Zz*ew z$wh@;eX0)Gh1(nA&9iUYI3;1A{(vG(ccsp9WXG^m$+X;$1MBR96>@Il0U1p_Iv`CN zFSPNNB;T@dlcxaRVhORhtwV{(rTlt+y9Q&*V&|O#vZ}QrUA>9ovP^gSORm}>6EnOz zT>^`+Rkp{1Lr4-5aI04LEeDGX*2SuGDW-Z5sa0|TS47!LnRhCH);uL-#N+6M-;s!= zy*1g(l9nu2;~F+f>dBy@bRxWLS_I_a3auWLu5LG-gxl+sb1ioVOY;_>lRqe+S|?eX3^C|%@>zio(mVl)OXg;@R;uqiV6;s3bvrSK7HGi zoz@{)6%Z8jla05yxHQA}ckWlKjd->0Tm4*t{_Ykwd=>Ge`{S@u$#tOXmOi zaJktnDnKp2DjB|+fH#ZGR>hDRk1Z3UEQKdnx$I-x)_!y5z*G(U?AJU&~+)nRloS(_9td{lkoXS;zh(FSjnSDIb)o>{P{iu`*Z)EyL6 zGv(_;zsj((cXb4@YN$vL%>1kbC(N#B(!&;eK$=#l)wr{so6B zFFfR2gVQpMsIwt97;Zb|jni1f`7^(VgxGetQ!JrMJ?%<2&E-baTcW%i2ShL`JRpsV z5YLH1Qj|*ogC9E{7z}~%PI@@+cCCJkxu}ZmOLY+L5JDICsbB4jMwEErV*Ku@-udxi zbMw~xGw3_nnybp|C_6$8+N)VI4;`~=#ben(3Ao6iDTi3#UGedv(kpIEeKLJys`T@T zZGq(wm3)y27Duf^BsP%^|-!7vE$wBp1ciZhwW36+rS*}v-et*9o%z^Y>QOGg&Em@^V% zd&Xe5MTDEg1c4$zW7JpPzecvCJz`et3w`+(E~092O4TK4QBLe&B`o98 zAY~x}@1yfs3=x8ksyGMt%-$ZT+3%`!SC2O4&f-uTZdbW?w+x_!32`Np!Z7>eYa46g z_6SfxVpDqVlnBuiVf?r+TtYY8BMha#nN>8Xn^U7moV=;d$boaWyI&tZdz>pfs=Um_%c+Qh2p+Ac zF0QIMpCupmX{QGCus_!Rb$4`r&)n*C`n^32X+N<)`g&hCgHWTUpU%GS?+efdp#GZh ztQ{zH`aZ4&aa+Fu9BKQQHdm`QGZ z|K%v_@}52TkE87M`dP1^31)Rgbo-%*W2mJNowr{c?>2L%nwvR)wt;R;$E32Ih z%wy-g?)JAE(S9;||MvP>^6YU_sTJJGlO3jbM(vlhU!LGG#ys@cAffhv)QQ10PoV}S ze&toYkQCw;e*LQPaOJbXU#P0n;J;Iir-6=|oy!qRE*<*aJZfnbHs|%H32;|9*as%i zavbkW^$AltmQrXs$H~#RFLTw7;BiO2L=kC$z`Il$O6$B7LbHzURYhcFJJ`4*O5@sG zm);?-pXL*y*ONE@Y=3B0Lzbd_v|A0xjot46xPmh5fzyds1KLdI$3u7YU*}BDY8^I% z2C$;58H1?-{N(5Hf}Fq4*`dU$Pgj8SSht5QIn(b|Ub%M>WV!a=;a}z)?7~&5uS-LK zMTE>i)9Y`+K^v~?w({|0BKu=_(xt-28-b&VAqXLWusMkQ1*;DPJZ2Fhv?ZjNc})|S>nE%J-htS zrv?s__9hI+NE68lX#`C>z9U7vBG{mS29q4bJgS6e6O%fu8U`kuoE8Q+3%rEh6uWN0 z@LUk26~So1gGrBF6;9i>E}l^$gB_pq#R%AK>$J-waCZZm(jReqDv1K|TH?jlKu1v!Js4fgxg^}R&hbQ;F zDAVSrD+^3Y=nkiZd9;n;sR_u^dD!JR!p^pp&qMP3{}bdc`7de z0N(b9EU4Rj@CZh5v;#=t0k5Rk_dzfw^*M}55Mcdj32HgaZPKHPjL(cs;~^F1Rj)@| z9x#4tLD1Aw+MUWp(B}zjxKSnuR7SLA)j^F&Ay_!BywI{=Ai&Pi&YeD0#99R7C`d2N zWlz=%Gw6ih>tAboGmDI$yM3m0r?Ol1Lf>G*&!|jbAmt(qZ;Av6!#;hTLhMcSA&eq- z&)bzANsntOaYOQ2^t>}c!6e2*V(mBDj4Y}0@}`I~5m>bZdeagh#H^lCh`Kq(QL$QrDR>t zOpH3wa?o*4)jt5fDuX~VY)=GnxvhA~*K>Kyb$vVUL&Ov{)I z`<(;;KDjkoGEL)V5AXj_c$pu33g`4Hh1ev=#Q+B8NWo6au80Z+5P4kw8SXJKLyn!$ zum0-cHi`)R`u(8^TjTlv_A`)K)hVNrYdE-<3s%d~2fpbN|gTBz_c7}zzOx%e^$ zc@oL;u7=$QcADdD)U%Be+39GtMaY9ZA@WV*lPU+C6=|!fAdIMQ)j{;~r61vIDoQFe zRxN#`e*k6TjlMARa)d7(A|_lFl=CMqh~#`L0^9nJ?uhZJv0~(p!fhu>E`&P?$@gF6 z|9H9&a{(7kYgn&dz?zuE>v{uI&W$Vx&}j@^J7xvaJVDYCpDRYM82jja*y;}R(;nKZ zAL{2@W5zi$K{Kb4iVR%AgKm1c6+Ftj7Wg<#uqV;T=1n{+r9v1s9De~l|iUlO; zWyTH~E85}-Ae)-1s6UPU3u!|oPrVMQGLV0R%Ar=sb3nb6R4>SNLR~zhJTBt}1!vYZ z5d9&V5DuFgi@}0wb~w+dVqEOk`CY>uFtKNjjq8t&P3NKCcdr-P7^p&04DmN$GFHzY zqc{&%Mw#yj1sI65T;#_VFbRet6X4JL3p{Yui&O4M|NTf3@5vD{7X0XjxUO~1B`J1v z?I)Ne_DOjFYw0FYk@;3D8pzT*tX@Nwx5XpBA_Eq|qeUvW>)t>{NMdqDf$4jv zRQ*c}w_5Rbz5b;-0CiFYutkXhlL*c1;=B8J>OpG&+4yyTtnOU!K0Po(%1|m$!^M=C zO%hDj&Ol0uePCE^?ZLv(nmg2x_Lm|a;;@>QP_MuVqVE0lrVQlPU?{S)loY7k2C#oN z8rX+WJn)*#hKiZdxz3t%8YpP(4CPysin1dbk}p-zy3@sHHfp);R_(Jd?K?1a&y1A` zsed4Mmz8N|suTUAN_emHb2L7@IIrm<@9p@@2yfBv1HE{n3(aFOcGUt$Y@Hy-uEZxw ztc@;UWELuT72M6s|G*k$pesttN19$bnm5G!)ERAkK_fw3yLWr9wZ#@^?I;c(7;w;j#xy_6bqIbog>C^AG*=lDh@-+;lO-y-jHx*XHDynWkF|T$|=Jw3A&8 zFy~Inl3CGsJlj{MDD@~Yf>i)*TobhoQ=nmt3QK`6Ub#wK4ETCU*9uYmZc$^jz_Y|A zeqk0ZBs?`DO5{LAtQIpd9Sc;Ygabblk{mb*)f1W;G>kL$A+F^2Edi+$L|DdInkr^2 zw3aQS)CuMV-Gu~uSC;PBTL#E-DjEjYr`;+m=Xj*NV8gZrPn>_fLksbQrfT^q%u-l_ z&67d1?yYO1lIvi4c)pFMf4l*mA(Uc4G-T?@2erqcm-Wba4dwd@dJVdI<$(Ef_<4Bn zkq^fSX&RU(Ksi4Z)Xf0gu6zrMl5^l*nMD~ouK#KG_vZ^&KH$ONTqW3q4i?Ig!y#Y6 zA2JZuoEXPf)1Z#{QTf`WTZ(DT^w7GAV8l`mbSg7yRT~*f#Rno$2pf8q7`SBWl2BV? zVJXyP&JldFg%R=gB!3`*%ni{g46aiU^Z&gSaATEs9DjDKD6K+vz z1gXIaODtk?ur-<$`VX7zanh==`7nWBl0<{IBhhLPh2ADY<0}(1%+@B0Cd^fBjqpgB znO(cPs%4=e6(qvHEkeFNqjigHvSC#wZGe#}?yB2C{Zx$6yFll+LS{0y?wz@e58Vl4 z+_SpFL?p5Km@ot4@5=cuBSg8ziuoyTDtzW?93)YB=q#&~j1E8@?g|98q`*IgDdRr` zmUL*W@SSGKT5+O3H)ypkDb5nTWAWgtvgRZbQ>`^s3PFiFIn{0Ysc)M)vcVWk=i zGbEAX)jEyaKMu%nD?AWd$FY&Wv`eP1KfaUD+U9bQWS31!?*uy5ipX;zdefv{q%^0v zOBWdiNJ^8Xnro2Wl&}!x@I@5 zB>#NsqjjfSo^YW}P5&J}!TDo{7wgpxvRsQV-Y<4XF(o zP}?3UqAoD4mPafFxa&A5tx%|gd7Yv);DG(rl9#5gJI^hruFIosR>3k>GHH8C^QdB4 z>#qB|!=8pklQ-(KBM`ax7cejCEpFUYdnoI0C{J2#Y5epVA}^1I1bW3eeDQWT65M50 z%f|iZ+g82jJS9unX?TZu_4CzcVtkA_xHOOYi6hkPz~Nn7P)QRPA}O(tY5qZr^;9}N z)n&b3eKWSoR~jv3Pufo6xWRDJHG$PcbculQ3!syKZ9%l|Y>Z9zho=$}*^eeD-L=HC z$cwY+-3zJ@=ACkVS#=kc7|+Jh^dKCs^$?L;^D|-JJ(aJh6?DTQ!e4eGJ?ag11Gtvm z6>Ah2VRN?w_f9l~PU{Hgg-XjR?_J!mE)0F6BxoX!W6r876*R_)!;JkT^Qv_F|0tk1 zs>P1|7X(d8ghTTK$Dydf5m{RIVVrw!K4DpubYyOds$tvxBJ7dz_(ZvoLHk%f!0U|M+yv zcw7zRU34|CJut0%SRENhQ2om@bAGuY6IOphA$NYsN}=dYa;>^RaGdNRac9)OIevRODcZeu{LNQKD5U| z;nZT^kUltP-4-No8c^!mLA?%37qiEe0!k?ET7Hn=dHyQhZvb<5n){_ZM-bj%IgU&K zGmw1P-8g0n*jJc!Qg7F-4_{&c+=hCv$FawqcNo{=*zkXxoQTZzbK$#TF_3>;dR@il z`pk;H?oHebnH82C1pGr!Fz0{-6%N6|%Q9nF&`ZI;^#nJ#3AHItXwEzH+94t?D*pZV z=a|1;S#4b|i{hDdNaU4}c~a60&riWWS;E3+C#7n`_x0phu;!|b&rv=pz# zE)iB0)CON$j8{)jY4c9U@Y!1G7V+=M*FSp^Ge%|vq;l}?OP%KFS2`SF@@mEB^d%Z3AdA^j@j-bp2x%_I>lq2$5y>ES7UCa z4iU`-QjaK!uRN)28V{N4L8&jhii*~t>(8SDD3f`<)SA%5szzWi`}}6?HB{WsGSLE4 zZ~JtcQJuNo2D*!W8oDLLFtm%oVffVz2QXRn%5WCjXXctm7}sg-tm|yH75;KrdBMyI zp4LbSdDK*z5?Ct*t=cqD)5@EIAo0uGZV%%NmWvbRsshhr;P2uc)Hl2%)U^0Io9h<3 z?Fh^t5>}Ia1`_0lR5Fi#c+-`ZxECRRk=(ZC+?t5^H0#wBC?Qf6;Aa=5ycqDZ;$;N| zCC{Id*~5rZ8W>m`#``(`<4&}$t{Q#re~eHjvc%PJj5u^jovhF2TpUWLV94e;Jh8$L zAYnSRXodkFOP9_JD&wJk6l}#Zn?rOhJHF0W@oPKAL9g0?|Gvte;cja^K%G#qxnyva z+RGy2UkGxM4Q?cKNie`9?7vD-an>wY0jsNP|0U5x2{SbR*qFRX_^k7w6CVmQazby;ZW8NLTN+w3`<*^yb;58ciDPSXAyG+X6B=R{sE~i zxYn8)ADyxA{=4&z&a9*6*fU+@90{-U-jkl*i1X1*wo9+o_p0`|!nyvjG|sFsDiYk- zqME$|ddgy8M>NCszh~955NAFlFW&eV>;9F(#0cxsfi^nz)2RauGnLlZzXR<=T>*|? z|C|@;vpf=Og}6aJbyJ1ucjRE`AqdL~kCX1Cxfq%r+pXqe++?r zqE2yNlKfM%nWVN7-xT=J?ZkQjRbGIp^xik}>uYM_0KkN;p9 z>KkEO3-p6Orm}m*&z`DajKuRawwtwCO$1NC&b`8HD{*MkNwliqPJ-DZcQ2|~FzxTP zK(cZ#Pj%{7njA3ohHix#ff`NOQJjEE4dFEc9n0J8la)B^5lm(3kM?#Nr;xX;IhiJHlN#c}q zT`_lpGePlYBKf?Z7Y!?bsj^53y03@%#%eQD?GdUeeG=Z)vk&*$oV-g_8;q{F!xH*Hwo(1Q3m)c=cp{ogrg zc1{+~|91_R^?zYGu>Rk%9CRn*@W)Wu_cndS3A;d>l0QuPp=DbUvK~mheD9qTq@(eF z4gDT3hINYdE1oiTBP@Xxvy=;Hf0gV%It+|9|@ zuDko5YI2yXcD&jkoMZ4H%nPA?)6cPXroNi(<5?QJp7pjh`(pTDAd(ouN1fn*roptYKC7) z`(jM_XIy__iTuk#?|y$OeICWue7M+N$Go!N2FODZ%HIvS_a&vJDWMx$mZk%!ZyZkh z1|+>V1ByMY;0pFc=kgAls(n-4THMLwN9BdRtFYY3MjgwrOVm^L~E!0xCK ztF05QP>(kE5owpg==wvmWK0yde`l^7kz6@8gld~s@CYKZ*gjmCwKLg;d1u1>`iIvW z#0vR`){CV?6_G zmMs{vXUGoqvm#PMs*s5GyqY6+5>d!=IMI*@P6)1*JgHJ65mVDURSpU85b-NVuip*e zkEVQmE&WtPf@dJ9XlW_PX@u^93>FWr<&^{1Q>0-lU0+ zaF`1Jg2PKW0vbo0!SdoQYOWAuDFPvjuCzuP&XYf>$H}+ z!Li597`7P4v%A3Ap~A6U>r-1C^6P9PhAIZ>3j=&36k7z-#lz*s`CtBI<;ixaB$w$9 zyk?C(M1UlD?s!OmLStqom#?HobRN3A$C9u7ApAM|?L@Z0N31N$Pk+1E3BEN`0V3ob z%H)rc7z>ADgLEH(mMii?@e@y5EE_t!gO4R;fC;m)qK*9_iHbdi}UmwQ3R6bUhY%3tnD8DmZ4BTc5W_yrS%mZ$Nqg-qVX0go*5QU4A^ zh!|1DC~)Ic3}=Wx3T=M{)U&4y7bT<{*Bc}g_Frej$Y)0gs7y6(r$}fi8P7&wWErSp z#VfoUy>XFR-a~@~I9=@vT*<=$MbE5UNI2foL;l=b?xI6UJR&c>Tvm@_143jq$pVBJ zc;G)9iC5KLI8{#L8h>vb1IR2jx@K{CLHhu<|3-$e4q9a@-+?5v!UeLp*8o4W%j`3O z7^y!XK7p-9Iem4R3Iw*D>ID>43A@FJLzS-r2KQS3G)5N&u27D{a_ILIqne8rH;zH% z=n=UvGSNY*WYmqPl-dH9iNncq4Z*IKbhta*l0<264+l8VxFh%om+;Md3v1Muk!F8x zW`d6@RJ0|SBZWlK>FE}64@eO4Cd;ffDUj0-44JS?z!G4Nnq)&DXLmt3T-4mB8bLt? zD0Y+6j6yXLDLD*q0&1PUnWd9$$MF@VNw5by{hd6)AhCtg6brD*M~YINKVRW|ep`yK z*j9>hkbERyuY(;(1Z8~ggCI+N#>GpIP&p#2MPhaxCi%G%bjd0k(Qz_{8&O|2D|$N zNB$gD=cw=e0M%FV+--~oGHs7zCaJ=;3321ypC*`{qkAQpVbu<}JWy+|2=fwST}5fB zPC*5X{0LZw45+!Q+F07tb7q?k_}4;|v`#b@W<$Ha zbRbWU<1={d>+SpX^X>dynca<@?klmA9si?Zg>X-JCDxk;yY+}v7?v!>&m0W&? zADrV6avdXu7)&A*gHr02lsej0#P}0+6Ty8Qp(42bE-bNE+csPzORC7H@IcN_wvhDI8ArM1Kg-p*tT`v^Kd_WDjnG(T(_9(E^drGMSx z5cu%079kaXYUiPfvh`Cm+g(s#fsO~$5_PNiO{9sCmZ;oSf!*u;CHOT5k#YMbQn+WV z(S84b43&+%Yl$Uu<>`7dS-0yE??^&v`AqPW0n*%P)X;CEM9?U7eBGp&P`6HDiJbg# zR`UB23tDMmBJ0)42x0>)>Ah@Ks$*ye^x?t$B>)ri5RXZHiVf3>Hyl)v)y5bqBBT(@YKWm6$S4zGHN%}lbk1o0qD1av=5@z zOif{ht*^R0NOGJMh1YKoLTNuhIyZ^LSj#sAsefN$JX6g9j2;_iqvXj5KuI5LH>G99 zXq98gPag{634k{PQQ)^4&^k6CfmK@rd{MWO3r}(D!^)#2h0^K>-=4C<21#Huy@I8( z#D&rVi?T#QB_3cfyZBMECY{*}DRHNB&+n*v!CRjmqq_%`Y8NfcdFbVG46Dri=5<)(pX^<832U zfo41bWqP%|c4-*tG&_M>^4AGt-JXz@EfeZdgX5@FL5m!4(4z)+b3+r|HnG|mt04Tl zXEd@wnzZjG$0_FU+3l97(;8~a9KWZVld;G!Mm4$0OF+ux5a21q38Mu$Za`2+2=Jyy zIkArhTi6%S!I+lq6L&#dP{_BnA#D~s6rXr2U?dQtm$$~q0Hzj~)Y59(IuJf0B5L7z zjXUB$u1b^;QCb?ncqgXjNzRbY=2Ul$0Kr>OZIiS0(?$t@6I7Q?j4D0-Lu@2!Pyj2v zJ_0sI^OJ)uz$Gi43MAv;`VubSNp=1T$_+xHOb_jQwMt2Qm9qq5XRvM>D1@cyN z9u1ev9-3P>KzYG#4F8W&qkMh}%V8pjw1B+yDyMo6S}zK)r)EAd(@HY}YLneGnegJS z;FeMxm~DgIdR1_^0tJ_7oze1x6y5`H+?1HFBQ@W?|rEG!;G z+Kv-?boB|EF0C-KlT#rQIh{0(_ znk-aLx9$?kSUMHAx2kvL0o+AFs=);>H4rzCIwlJnC8k((?txu6|d7qX(m0H`hw)R zsbb?Req&6OggK51&Z|2L;|oXNt9FmqhX+?mORpkEbAHiql)z#?-if-qMvpGuyJAL% z3vT;93LWI8e2yH3WW3=~XrQ0y&q*rQ-_ae$ zyKvPK24}t9u1huU@v&p~kahL%L5{!EUwwX+KHHzv!!H>f+$Xc0fyVDIuO-^GwqrsP zDqS^*ry&4C00o2PSw4D_Iij90i{s!qLui*Kg(|?p{^uHUDJ@)bF#vmW4A`Q0&a9;S zKlZ1|&fUI1iH0_E3V4###PRm`&BoQu8#FjnQt+bC$rN zF?T|2Hv&u}S6#zT)BEGpslXj|jMTWzy9<;!DEI`Q^2bS7NdPou*}mmC4MaF3)!nN1 zB#|bluvy-bJ4;Xr5bxJ-91!ZgY!*d^j&>1vM;`-~D~0S5zfV7fZ1VgU=o^Iwg10$u znPM@5H3{ZYXq1F1fBehnAGV{Nw5vw6l(B9l5b|zV`QcpgZj7$pnMrYYK`^Kn&Ea%c zeOGxL| zhc~5*Ei0(qR$VQxMZfXOe)+#fb_ov*rbTFfUBQI7{8K?5+ymS!B4QHNfv!t@Ri|%* zBhLp!7?oj#hc(+8p-sJVEPU!yX`6$Q$)zpUPq9md}mJ`meu&QnW=7LU%`P!0(?f zBx2BlaqAWz*tX{T8#)Wr978y9V@Qr!Uei1JV*y+A{ymUfI|p^6k6_I-jM7#NB0?x~ z-VNE0Ng6yRjllJ5z(K3>?voXF@%He*6HYlZ8PV?&qpfz545K7$7* zzwczDkXn~rKS@yxxmvD11|OZmNg4DuMe`iR#y(noU4(CH;<-$qlv@2rT?A$whr?`q z&d?eACv!hXWIWc-a_>-YkqA?q=BgGzZb7W6LsGh4etMN4bYp&`+VN4Gu8bZkQrLG% z@M~NWddFwdd*?^nM>~~})g8L4#&~%DrojQl&OZAnCeA1}Xx&rF_VDQveobRJ3)iLX zFYiB=w*QXsKVuA+U#3>-!*hxzKOyQr?68%_NOEvOGmccQbnUT9@Oa*&Te^gUdlFVn=r zuT($}IrPtPbq@LlE{iihc*%f48~%cd4G2R6#x60?c*CXwD8pLtq1fKi<|>V9qs#I8 z>W??t^Cj-Am)-47-L^0?EME`3s{OgSzmUIQuxS5JGv&W5lK;vSv$FnArkM4A*#%_% zzuE=7)>*gzDURaTXUKdI)nc9qgc3YaoIkM1@8t7`)|mQmHKk-vL>7>h52#>%pQ!rQ(b z!eW?3E5JuxeYMGx&NK32<1+`uHsR|4450Z^FdZS> zomWD}B|C{g81!qcFFkcGqb*M+a+btm1j0>u%aq}Tl;q6jfqb;;@aTa4Mj(FSf6pnBEcoCRt|-XPVCBrh?V4(56pr3s$rDZqk~K?^(}GAgF&>z2DqL&DZN z6}OuAyu`-#jZ$&ZBRhfOj*cj4JQlH>%0ndy5VXpcZf)7uH&wg9WGlM`g!So_;}S;h_&djZ zOsg#oOLcq?^`-Zktow;10R4x!?%jGuiK%pZR2`}_=1Aozg7`_)98#a-?xnyUAZtz&d*L1nayn zT-26L5wQw>Y8keSwf;^_3R@4|8TSqaY}-wfMuRM${z%ewo0t}{)q!wqJX{Ok zX>LJiOQykbHr502QV%RUfby;@#oFo;8(wm^<^$Wp14O zEpk@l>s9*d9EHD*VC;_2&P16EE&NZsYETRLDrWT3+yokvtpU`rE>D+0K=D3vDgHcZ zu5$$w0-~aqeuvkj9fXMQ#9I$WFpGkT>aM*0H)Il!RXMweZ2S&``~>Zd&5MnEk_=8c z!s!@F*+eb#z&Pe%3PWUBBRtdr1f;&`?~)#brOk*FA85~=o@FnZiA*m6+wi(p47&;$ zDtbK9=xrm-O80MMYppq$_95H1KOU-@&YT|Uu!g7aeQ_VqF-ja)O-Rzb!Riad3M(Oz z*+lP}PGqDn&&Iiuf%QM*6ci4Y`vL8vSsqhO?u#`)hAWq6oW}3pY2i(nzk5n*qx{uH znFbB4hO@J3o~H&RN!0C#OgSOn52ayp?O_IX6VayuOe4+pv^2nc*wOU$$>+ z6uEn#4+GOLO`+RsZ*3z#kFT7zfGN6racusJDl<&teh!5B=s8QD97pOPs-WkJAf(w; z#K_*PK|+1>fmV4>;hA~YJ)(Y?qleXAI&x%zu6=B%%Tac3eW~E&_G&AX=gJuvMm}Dx za7?vB9HHBAh7^wh@vVtZB@&OzDZ2fVkj(iJ+vY6y{V6E%PYhFkk^gmwnVQM@Nl7(S zz+cv&XLv1<8#y4RJk1}eIxQQK&XV@;&VVk8-B zN(*JQsftHQqq5bR=y!^If#WD#_mTp2R*%>W#SoeF#asNt zr`M=1p=4*~U`FemQ9Xr(&Mw|X4ns~DrEWmK@&G`brL`6qAPI&9quA%X#c3OfSxiW< z%xUVDqmoTGq}bmq+)9i0zM%|Pk2B`5&SP>xvfF{3HlyH)M^DWDjn?;Q>kX6dJ-5L<7+;aMrK;ywi+`zOJ z*a>Qw02CSJ-2df$ha9wP_CBE`A1|(lf>b>(11-A<2l07gYut^=P+LFZsU?fqOwq=I zu9rvDh$)yOefHO#!iDq|pI3r$69=U~WL9&<_q1obPzTN92pLahxb8D9*8Zxwq)0E5ZaNp*9 zR=$zAfD6DN*k_c@KSg#T**B8=4i8!sfA-|=YiAmCsdPdRWi>tWZ$yryqZ&cKhjt+@ zt67J(K2G+t3ixezIw~zf9r$WM6-{OMM(cC)(gz^+yF2(LBCl--<@2t!U_7 z{{nwlAY}hvbjyEV0R0s?R@uFhu0c5t5AJv!Phc>l7?7RQqLG{^?U!vk9p52m!OM_LN_@F{9C$11`g zFeGG1prP0o#C`nRO-)_={dD3K$ui_NeAz`le=h6dk0U@WO#1H?|9Eur;C<1288rwV zhNRtjIKAx44gUyvnsa4;vqz|E#)ZJFZuVyC<*I7?6_k+LK?JSfWghl3M$^Kf>Nfl| zTiUL@0T|Dv5pDyN(>)h|#vK!}f(A4m)p0#-$(U894Y>@oFN$dPt?-I6)&6mZ!4q{< zQR`b?5_!K+=lq!Cdg58z9SwjQNXZYT#Yt}h4JDitQUm?fg2oam(=yaNhY)HsfF1NP zn-zO1!&Kx}{wkT%{JIrojWaf=y<{~{ z$m4C3qz^3sfj6C%i-!~Q4_~&@LN`-F5EB3 zZrbCHn^ff3L4{sVj6D}pQVH>(fLHR~$S2t|8!XOi3zT^FCFg~2L}E{2P)q`DqsVV+ zr;@}}!Ut1b23oNQa49n{g1QZT#%O?BZx$D+-bhKdGYQctHmXRC`jtj5U+m6E{1y(& zbX6wu8^nU-Q5em~*E3v1vGrXJrA40GwvD+JAbrGW9OfXev?{-LlVw}Fe7El1X?pi= zUAJRQvuRzYmtb`F*vy)FHgEEKeROWf+M?sU^k77uTK9dMp8u%nv|(ieIuT(K z_=g61UoAL0MZw0A^n^NFymLpUP}-;s1(8$Hgrs4(lv9ViuABL9D_?thkyLWZ+d#eT zr_M18v|Nx>M+QaDNxo+O?mhzr(yuF7t2mg%FeAdW6O@P3u^~V!(ZW7F86DYYGi*5v4klB5a@V_71cDO?V!ynhj+e2IO)boo~K7KSvimFvB zWeM^jn$*j9-=+f3x!BM-GEiK~d^xJzNK^T)-#QB9AUSgH7mWI!rHk80b9OK>zx*NL zA|%aJ2Cu>_Nl<_bAAEdum%sFw)`?3-#}LxMsG0!h+H8Az?5CZJRbzWuEa2dR(yQ1G zZima%>A;_Xf$vJ-KoJ6TKO5D!`#kBQ-#h7PY&3#y_&(laG{^H5PShdeJbdRZWZklg z@9{UL%3`*5V6H}am*N{vJQ&H~$sB3$crs~YIT&O7Uo;m<2p>X;qPc1018imm734ka za~i^8LxC`VLz@;Y@nm2DuG<17)Z>pV$Vjhp%4hn;lBlUWo{0>D^w+!?msb?R#W>u? zawMa0C=@9WxK^0}%(yE(Pp5~q*H*mvL=P?<5I?(8USRA&+*;Jpg9r91qRJh(%ni1$AtC20MZ`Jq*_0oUM6DZuD{MxeY!+TL z#8Q@x@>}a~NN7O@dg>JD*MPfI`@SAg$Cc#A`%`^ZU)D^Wk58}&Z2s`y+S`z&c$|LjGRn&4E;eA zd6JdG=A7>#B@-~)`Wbu&XjJNqkAtDabwQI~>rBuzrSX!BU@QS5ttli^COdnGcWXLo zeU$y=zxUto^jwUru5mlvGybY6W`>vYY;NWb`b%_YdXs&bFS;O-A8V`h!!0Jy_0Xr@ zfo5wogX|;*`fXsuAazmwVIbDf0WJR2*UD5V7P8JrmCS>px-7m0)i@S*+$c#-9`l!U zFZC?0x9#gQ)`}!!n#g7Y?nW3epT|E?n3RcFDPIVJ*+3Kg=`8v*?W}u35pk0f)xI@( zFeXGV+#Yd_{{}7a6Ex;VBwi3K@BB7|xrFx}qFTg1Us7(pc(0XaBVt5~f&LBpkD9s5 z^0A@icaAmu)sG01J&*=<+Pk=qe$yQ3G!MP^Z#$1%DJLL@40*1eW(9OpZWmpm$RsHT zqg1VzdlI#(LLikmQLlwz`w+WE4wL3NJr1h2sp~`FkzvZD&icMSkw&a^TwP2+WpFvs za}8t+xD7f-*UwY%T@IPy0jqDcvQZ?U`DX-D3fGQ;9te{@>y7XeBdF}UcWH$_wTLIb z$=tY(5jd+dhh&6I-E0-(^+fptp1iN=^|@Tx?}{$l|GcFU1M84$RGeD4aBO7cl`?I< z-E*-nhx`&Guy*5QQF#sv%hAfa4+gb)Ves{EUg((u5iwj^WkjEjzB69@4G#zTmsCg7 zA(orE|9bZ!YP}_V@}FEl5H)@)@1Mnwr7}ShLX}}68==(E_j?Q94R8mC^GBEHGf8Nh z4Rx!a&>9uGzdfb;KObx))ZUq?h*4@9GvZeMmgGt#za40D7_d3LV@02Fb`=Hs;2)#@ zkY5G#h2WZZ^cnw}8LQr89$eQd@SNRu2c+K#af(d56`4Bj$PNfvgF|G_P=bNrtQ zll?z#+5fM?Jl2;@!XI-Ic!T5=8vmC1vz>#z?)vOuy~5M?EnM8CjmJM z@t!-^FQyVcbLY+KUbkDz%^=HF{0Oa0 z8E(-r0QtiOxhKa2riK46HHW!=cA|r>;%v%Uy<2p_aIl%+VVp~*98A|(W5J#+byu4o z59PXZToQdy)7~JN;lWJ~Oz&{!;7x3`rK*(IE4W7v$#R>|U;!s=m&WqZ_oF28-?u=M z?mzcIZUXWv1|EA&N0Yo5RhUr)( zQ~c}lc_@J*Pk)_1?1dN+d-Fyc&zsO=*BM5Y&h51kF(~pDdeJ11T-Bqm#~-Gsh1*mp zL$q4Qz0YdMnvT9-WPpK@rX}UU?+WUfm=`Teh|IV42O?l9N7958&eKG7(t&I84tP%Fe)j+eS_)#J z0?C_TRyj4zy*8m5nugN~8-ZCGc!nB@=4b_H^aPD0Di^qbHCQUk!2%*~`%@skfmi`m zp_T-L9wKk@Bt|hV9fBTYc`!BNkq*w8d2>Rug&*tO^$K!x2o46+Ym0!4&^IiPfj53l z^E~!(b{n!!sUfFwf3<+4-=Saw>;ddeoHON0km3`&hd<1SLY4SQ4Mqq;&=8*F)4?>G zINuRFq~74I?hG;5b0|McM9X}3C_m}PvVmsaG7EMRe?Cw(Ij|2z2d%8>xtA=K3heg= zB3o0P&YvWe=dNAZqh|r#Vm2X+`;<821$pl@u#pRfHS)yDiS$?r$Y@CH2})7atemX` z2o(3bGH?v6O3>__3ppyNVpY%Gu@Dk2nGqG3@nu_>D4}5{U}BUg0_)aI{(e{i@&rLl6DR=< zPYWuROzPIts5n=8sd6VOuPZjWQUl%V?9% z0SYJ+ov%(*9a;G}x<9$NGz+l!hq{1gvRAalDeLD7IUfM>Z5eS+NS%g#z+NeUzMRFQ zAljN)p{SD7QV1y0GP16ulAf+@-c6v{mQ~-agjlutIOv?=8=NK#Y2<4uBD7$k{ax_K zZ;ZH7gy;@20#vsC06qBVCyf9ON$T&`K^5YuZQAKVhDZ@ud(zzR+L;246f7b!&l2P0 z{O|)1QlwGha<(J83~uO@xHDW%k1ppYlb-_m5h@$rzb1Lx26@SQxF+qvLo(rC9Bu=l z9^^gus)6h3Wxx&uB?OOcB?YKOp*nTk1BT`c#Y9N% zZxdNbbVH^#pmpvcaaDw}gxNvt3N}P;`SOYJ`ZHbmw!Qw&7pjX$rS^{;R5XtR&39YY zqsPsCOhvnG+#16+TdIaQCmP;Eol;A#{&P_se z>5hkb^v3Ig@Kq<^%7#wPB38lE#$hz|*VD~M%xP?J#&V<#-Z3;uX%n;+4AC0Aj#!@n zsFaN&w6~;1L~i{&>k1WNqqcERs%H>Dq|{ zZ}|-W-OmOkD%?H9Y4BdGLd1i)F%Ja3fllOJ@cXaA5Zq4Bt#G8-XFI&qY_@?_JM4zR zYo3p4M8xK4TV#6-II@JMoXDLX4oQyDo$Zsrp!$M-`2`=eQ3CUz4VPSQ@KL33YAcN7 z3zJVWJ0!z|!U9hNE=2fLIE^DXAu$=6$IC5-#QRH?X*wsDZkoQ9E>pN|}D?&*H3 z1ho0;@xnP69KQX~7#8rNV^_L$HlJc{fQ61r!p9{X0TtS(3QiDb#@3 zZm9wE8VI63+ol!?cZBrSt}PkrA-Y0w0&p*7X9f}v*c!LMjW#l?pY?o*3{07xFPu%; z`~WRmN9ZDH%k}yu+iqF533|L6)>E-0gzFJyg}i$ah@}0=;z-*Ky>%X%($V;S)ExcIHXer(Y!`pfDZ|OvtbWUR1jz#SvvD z-Mbq!oO9=;^zjef7=%yLue}ww2}?qmxiN5aPMR{%)F(KKAq|B zoBgrL2;+5H@M9jVfs*MMKs+}^0OM@;zwPdyQRIe@9%QDYz`s%xPu6Nx0lA8lfi7PR zqGvsI4eV!J+z>8@fakRbnJSCrJcN!TY|+lEF8yjm#ZI3wG{rWNL)40)**7(UjP&eI zV=a;*wJF&!x&ACi+Y=F~7t~f8_+tgUq)NZimTji-q^)qI@Bi5rCK_1^j` z$!B~RCX>5JlUo#V!*IaeNPaAldmI@!>gj#_)7kORjCyabPab){Z_}E;!>JyAJT(4vY=@Qo` z7uis6XbL{Dvwv_&j1|y76p!aJ%!tqZFVC<8`Y+Uzmf^ynd(V>jQ~QLPQdfDVkHtP? zS#9`$iNg)deY=B*WE6jMAMBTC1two(ug)j55@9uA9c?5J$LbG_N?|L8*z(teSw|^; zLC)$HB|FVNS$B@qp+Dhm1-)KfolmU~b7C$DX3-IM@S5sBS*nrt0&t(ZziFm?^jV*` zI->pUJ)PD*TAqGcYbX$SZf(M0NT4X=OH`C|KeN%bnnGxVx~JX-S)g3MQKGaslk?oW zF4t>MvPQtbd}bHH6p2}96n7gVC9E0Ib{RgzYo@_p$qzLUW$j2d zixUWdbb{N1?8`NaA44)gyZPtNeFuQ09csCnUOWGphGdXz;xnv{1dH>Bmul=9O!bw; zSTDD`CL^#YZ2xRP%y`>n3+5uUBsn2TFW;0jd@;8B`wOBaF9fVosL%V#sVFRKp_y@$ z&NtpatFz^))lcQO^3wM8iyZ7>NmO{Gys1vP#8x(51|RxQj!?xe_I)_=gWqiTrAnOZ zYqInGA@N*U#&(9v(?f(^@}$Fa9NR5}A+l7D=bdY-+uk7tFY2U-vu%@@u>MymHK%TU zO*Fb{bE?G%cGn(wDha#}|6ariLlKh0Pby$ubK}f7nV{p-4J}&5e&H|z8DedUH9Y4} zRX^$Jxn-S4mmwW^p!+ktNu|X#?swm?S|AAIY}qQ`t!dYDTK18ZEoXIS@j^G{M&2p; za;nnfZH2yExgJo(gu}<_rOulg#=?DR27l-8J&&(#^>hP^2LZg>9?CxxU;SX}-qmk^ zh5FWOJGa*q>QG&Z)~!tJ&NwRzK{NEloZNjz>)c1sEElX6n8{Yp8VS*(OJZ4{4`) z)QX(h(FfiKsJeLGXo%Lr)CrM$32yUiLCBhG`zi=qYA8FpybQ-*->ZllSj5)Bzh)lN zyU$O99GtVa$$RCyug30O4lAExB_uRyUX21TKhZISK_AhflQH~F$8ULh0HU!4e5Zj| zp`=`c;1jTSM4EX$2QYuBX^;d@%RPlo z`naMiEUblS(e6}zbOfX#Q~*VXM*X8AE#gx+YmVX;QeANpGvsKkK?w>*9AsXY+u@1DPwKPdpCzHoBTZ#)ubB%W8jY7{&mZfLlFYwpA-isunlJ8Tt%u>14jade zm%-VqFtjz1dIGo(w;oUx`!3?!n$iuW$bLQs*tWZE2sEoJ{=5Eqw`YX;6}tkSPYwY& z0lIwHv3EbI6EpfG^-FCSGe<(rHI((UVA3J{9!fDa}6{gzFyU<`oBi@e}Y zpj4dRfQcMKS}$B8y@!<2Z_ZzuNQ6@k$m8tGx0@XN4&#FQZN8RSvrOG_T^Ow&45R^K z`x^JJBC(2VX1j5WaU(9x)rBqqYlq(?(~cDn7Jef75h?DF`U z2iH+wF-xo>%U8V()7_*`BJsn>56?c6U}uS|kZ-s1ivmyi)nQsr{Tjv5;=e=K5107P zb1msd2`CSrlaSK1_8RNk4@5{6!A%jZc+M-qEB_B~-vLk6`#-LMx{4M`)YY=@UT7KF zD^$z^&gHS0eny|L z>z8B(e4=X=aBT8Owq8)UlvlQ`{jg5XP+i@`>WdUBDdHhFLHjGw*ZHwss4O%3nh%Lz zzT}CrZE`BUVV!x8*0-?0t5;uzJ%f+6TIhPrW7B6Rw&Zn3PVTOd##Gz@1+d0K*QBuC zYx~MmcLz3+mYTI&Zht30=4(u!6plySmR@n=zZw8CM2OnzEC%4@n-a+l!Djj<|^ws^MEN9Zwp7kW9(qK{fr|$+@>v+?f zMpbR3kBuKN3~1QnZxXtE_(+tL!Nq$s~8(veQ-O$KkW!~65a?|A1H}`;mYb(OWE31(G8F7itZ=C}- zU49#>IG8A>L@j%TaJ=!xe0SeAHLQow;?ESEkK}U(tF|OB9VodM5#nLC zTwmqr9bq}?74G?1f^h+M)Vv|fNv*VvfCG0%!*6Qs^Zw}dl+UHUJ^uYPLpRrJU_N+6y{s5n2y(HkL9?o3zI z=qq0IDD!ov;uxD%N{G0zteM@T`xC`43@`Po7nY5wSA?2J&);D3q*TirxwXvlTjr*L zim`Pzub)~9xB6h@YCj$OTz!2fWgY$!hv17hugx{CxV^cXN?)tSf6y#lb_Y%Mu@Tp* zEkQ1UpT`edt3c3vDAiCB{+Xv zU}^Yd?M-@HX}kc%g*F+niEgnv>FgEn+g_I#zEx0d&{4e<8uDe2>XI|J3nKY!LfArX zbJ-oss)+t7`PzGhw6e~rn#||(zOD+})ps$*IJ&aNwP$c%*Ij}qlE$MM@zwHR>KjbY zs@-EG^%<6YJU9sRzBc$}|OS^&KgAd?j$>O97$4Ai+gB z_R$5>)XW{m&NquG)*be(HclvArJHg6u|V6& z6v12Tt`f$x{C7MXvU!a|N(QQ5_Nu-Y@3#51f%IT$=U{I5?K4{&>ZGMBq*!0QPw|V; zp3FS<(EnA4X!Djzhx9|7&+vq8cN05<%{VQtZOB-Vaz}KrPyLW3C%1ys-s2(4U$$?H zf0%i|>y{c!g1!ouL&iJ5QCJNZ%cUMUc+FClI0_U1p)8C_R`TlC8OWR{K!Ti~eX>K4zD z)@&i^omy+lH5N#73-UXk;ZyhKT)FPOA7_N0%5fKO+Jcitr77v&iPuhPx_F37b$?x% zw4x#rcdNTINMaJ>wa#Pb*Ub?H8%!Oz-_wrJo-7k>Fyb1y92xNWX@9Lt{f>aM4o#JN zY>UzyB6tKS&+at5Q;g4vTHny(CSBVj`Qd1XxdOd#sqe=szlBxDjolyA3r&6q-naV! z%}SQv-YN7z$@+CY>^JXaw?`qBo5IactLuC`P~`Hlm|E=~HME8IbM>Q$UWd2x1_Qez zt~{v!#Md;mL7~8Yk>jIszjV{CJ9lXtp1$bOIA6Xd=hX>A2YYghbSS&SPX5JNrDq>j zbKh%L9Qi(RbAe`-+7jchgrdF7&HZ$vRV* zzo%4m{LGt#3?+BX%%E-3XKJy_HYps4d9)?e%}-DKZfuCgi-nUq-+Wy&^S;XlHazJ~ zIOiMmJ@Mn+rU+WewTYfiv(K;Q?OC%ebU*mXpoWLBcPH+|DZiIm|LR#!rDT^SJFoYS z=l6{cd z#XGrw)BE-U(et6%tShcB>E%#HX5b1##ftl49U?-nC&GH&SD& zY58#Ee%{<`d3UM*o&%YmE`_`r{_^qGM88^2@MGt+`3uS7m(Eiwdro zx^HWj9(7V#>A3Ria`8jq8o3veEx#XhO{i4hyQh3{N9*?YtJj_=-6G>Q@6p#CD>>pY zpF583kdw}S*LYFyV_|6J>7(YIM~lspQ;s`31PS_ndH%44%lqO=m(MrZ)i=;y6uRE1 zwsg<5ipxUM&q==Vmb@DOkes6fb5s9(4VA<|w{ye0yz6U3 z!+QdPdS4ffvKpPb`FeHO`B!&M_O8yo1 z2`XbH^2L!0P8xDO^17`ij;~Ft58C7ym~qKFdROLmQ4^{z)LlVn}YveI*Hcncn@^*MtpL!VqE@<9!VT(`6X6y^=y<+$%`!8yOAtwEuh0;=mot$C$<9XwuM@=rI zA`)3oE3t`C$6DVEhx+ejVYQqHiZ$U(X}G_?*(d|mH&~MC(%ynQgFi)#y|dBu@zXmG z_aA1BO<9b2FB)^GfQ5~tWra$a)RJ_o<4l-9MLQ9Prq*&<^Dq4NzZO=^+(Pp(Fb^L3@A3L1$KUQ zcs+b)8y9E(8I~`b>zr1$9AfDf%iR51w|H)Qdj%02wu*Grc!{H6Dy00GAsyu)Cvg~#r#bafBajH@kUGMjN z^?$k6ibT+v_B#?O4Nx;)_5sz(;T}Lxgo5{ zs#J(u&A81%o@bk^(#AC+W-+Nb4i@3r3k6fp6paT&wdP%ZH!67Oif`b#gPFae_6gZ%RZyxS)vYGq{?8EeLGPx;^@xjqr! zQQT+H`KpLZ{MKlSiyc^ZsGhFc9WyDgRnpZamF=D(W_~_#Udj0ToXB+=xBGZbopvt8 z$fV!BsdFHp$vV+Xig@*cPjp51QIeSI$>1o-`1>zvtA1)LF;ujRyrrb# z8ouoNGxzbrRr$Vp;vLVnUMuol**MVZ74bIi*dhaM$@v;*dsXqA)UbtG$+zCLUjKS- zXvp{Sy0(L7&p3O1HbE}1N^M$ZGTFLfrL>AECGtQH=sMkhI$l=X%}2T5Q}g1!V@t1? z2JK2ZoRJXPdLd$zdhHR9XUN#_=t<6%&T^hKsmJ+-V`svjal~A!9W}R{FMdezXbOG4 zaGc7@+Z=5UX~*=} z4X(W-8jUG^PibzcDd+FS9WUPMlBlJwSAFymY1r(->i{9!HAjvwlz#)fxS+x;*;P+Y zV2Z9{5O1@c``yPIq+~M39(~K7Fg`)ksk<(-$X?+2Fsty!>@C!l>%Pe%42T2nrqiH1#y?>?JwsetaN=s9Aay&ISK-_caYWDnuJ$2FV}C~t~+Ww zFSzwF%ZBjV8scZlm#Bpg>1WiYRUu+!a*MWH%)RFjp5%ZsBFv{HIjFF@Al)8zZ$CA7 zqDw>+v*eJz4BLWdR!P3H3zbKx+YEM(nXo%wU4KA_O?m%~^Frs#E!ma{aRjTHoD!5| zclNa#<6U3?-iV@lQuJJOvd~Snn;|V4`L>ryBeA>M1A{uRt@F@uxbdk=rrR#Z&`qB# zX+!@mf$hfwbqn$;1HuIL(j!MES^ z8UFHk^gC;_Whw@Pv5%rHr3WiH*LEhnSR7&PLhl$pyKY;+caO2H@3kLmwltis{}`Kd zd`F6tO+IFjt>T*2;VV-4R(iq+&C4x07baPh&fHx$jMwz8JG1@8iQstprx31vm+6rl z=srW^CZR%GgEUd!w2mM}p2K}8_Z4g_c3P4pbAj{1C$LxGw*#JQoRLZ>DD+Ub15 ztam#OqXTjmzq$EoV-d&0%RGU%R)5yZ=^D;37A*TF^EBO!=_u})zy5|`*k)A%=H2-VaXYA#d*Mg1Z{)IEK0>XovDH|FU0 z&gBFaBaOr~sYm^FOU5V47VhvrR6CiTPI9}Nf_GKegVi)R}QHB@8ERMtJCIWOkr?L4xs4w={>-|Tf-AlUTfTgM0;sn3Nv zA!}=1KdpYBe}}xyw@B4vTOr$tMju*`!T^G$iZF7NtY<$Qb%L)&N94*t;l2dtYSr7- z2HL9~1H%2nCbsXsv74Kin})a(`(|hJU6Y_UB4al9s}M=gn*!pw6BF=lJSD4F)P+ke zi>cKKjJ>)kdZn9W=4G@YpJX8SmKa9`G>^zYfBTn|X9=RsEt%%R`+~2qJZ#h+d+f%x zos_>&{MH?cmp)3cDosJ{_38N`db{Me70aJ!jaQ6(62AJeL?t3Oy!fcP-N)~*4-*eXI0lfaGOQAkbMv7DrQSYL# z^F^~+(x(Kh7`kgs%|Dkjnm#thTm7#zBjmSa{cua zhkg34>NflN5eHY*l&w)z(QLH8xU7$z_r+L`&;&P`^;<#_$ML!z#ao{X23oHP`S*F! z40#6bY*wpXp?uKE`1`@oB;T*rC&q52`|_XBbZFWaxBYf+?6gV4*epoHUcc~K+8BdIJ(mJ z!RuMI_oL;&Y489#5(me-&?R6#5S#=EqW=(JBD|V*3SienP&?xcKv}yM2M9Cqx+ zn0jXD;e`}GKu>~@^mJT%>0?Pv~EI+6h!TAoS=UO9sTXiX=o zgN(T=&Cvn555@=dWXRu#f(Ui6a2u^hr%sQ608xdjsRein5;x^e%t8Z!%HSw~ZJMhc zRan!V>f%nL9uz^q&qSMBn>vAY;V3LLIvjjVL8Jjf3?xG)XUBu+|KoVFc8=z@NUDRm zi>DI|G2N5yO0}OJo=%15fx8KQ+3R3)LMtWsMk5V%X2wxxik{k5AH)Rh3u3{W>~+&e5k}pPC3m6EF=wt9hq! zFQXu#<77v31^E8;8HBl?@iWxW^nL=`h3Z0ecB9d0u2lN;xYJ|>cwsQN1X!#0BY|NI zF$8>S3e&0^=5iQ!Q(Qjl@=e?9SyeSXxjj@DI>fQqX%MDKk7pu1?EC?n#-PZI!kHd* zR((&8s^I8y(A32OY3^w6Wa>&YqXG1J{`!Pj@=rejp53p0-4E&q76@HyD$>c+#gztg zuQk=wVwO77SOoN+!Xj=?EdIdJQ}V;m6$}Wb(fG@Rf0a*V2LOnv9gPlV>*(8;3PZ4%p7yI^ zPzUM}yl=vm>WOp#Z<_#W=NGyWP_u$H?WHpw#*9$-*E*R^$jr}oZrwV~CR$VT0grNb zH2)3iW+m*$hcRo3DKC3=X7GWZ1aA6afIS?n07`$Q5^+YDe|Xd{Q-RO^IJ%mist(f8 ziRuE+VunD|tOzDC#fro^S#g^GVF{ax6{hSKBlMXzTt6!o_}U*q0q!u})fA+QrYATJ z#O(BbU=e19WP~S7iXA@iF{CSSTY1>?U#_o`gf;D3VA5 zo`52OPdrHyg#(#00s)W0NK(Lckl%o|q*=MSP*Jd=)p0X(h4PJRGzZ&RC}x!bS{p|} zFn-o{7H@DQF*P4;JQl(5oWP}$2plXOXl*nm95U1(H!DEEYw?k*6nV4$K>h;R@I}Iy$M-fI|SO zNCbM$DZ}B#{{bQ*ia;SDi9{TV4E#nM1;7G4b|MLnB4Z!|!H9=p(pA*~&ePmL%&J8O zpZqJdfDj3V11>fZLjd?7BC!B36p)i6Vu>gUh42Fq4)!!_3+ivcfJ3Rj#svWqQ{>hL?+fy2GOhXcq65ttzyj(`H$ z0K6m#MF6sBT7YUlSqiEwmxkV z0l|p&0Ac1N*B{de&WZmuZm)5(kMgsNIl=5bb^xX%|a#p!+Gm!_Tbi z_!p{$08|PF(1<|BpvV*;%z!u~;6p+(PA2@QbN^AO;iAA_qXQ3A3kIY{Ap0f>TxC2^ zEm#a>-vC<3KeFsWsu>jF{01FxC1aW$=3p1NxG{a6f=5tb`wpaV*4R<72ny^Jp|#19 z2=bKO`~S*M6iEcI;;<2=kP#HvrDoCuXl)7+0k{HOFsl^cBE}pT{zDG}FA0=28Q2WS zkOB1xY>FgE$`El_6i9?jOCyLMVPgv7bRe|9!|`ue?$02B)De_0A^=5>!vNL;>H(0P z0JIYc3+eAab7kNv&R?SgOQN7CfZ^~MEDGobEEy6%Bp!=FVaUI_Qy>(Y)2sslp0Q+e zSqere>i@`X|3**!55AgZCPu+&8nQX$1dD;#Z~6iz>6o!x%!4uE;om#AI5G)1wZOe0 zQcz@IHgOcd34k+6fKNy>vOne9!lB}v#9$Pi{+c6zr9@GHb48G(0Cxrmh@>R&^l-rG zB10N_nlGp0V>plX8#tK!n>o1x&Z5kLS|%0qZ-_qQkuy<*DW06u(Z|9u;9M}wX)EU< zI#WRWgW>rzEr173Jr4L6(*_WarJ!&?FOi5O;NHy`z!|E8C~$6UGli>v0S1l$0xRH@ z5r}~2fX{>@fWQjk0uXRvh(Bwi->XDM6>bjZ`?J6YB+OAHz;rkY4n+aV5C_x}1u!2@ z5`-B)*}s2w*|2c^aGJ1l2{xRmp1y!du>U`D9~>)AKVmKz;DX@v1YbimboEk zPIUrT1gBBKgiIzsW@dU!P6m^<_?xJGHX_4;I0Mq(B;Z2=b50@v2LlK;1qAU}$d=9# zkD1d^Zsv3g6xG5F?M4R)V>Ad`X)b6dQ;_eXqoHsBW$kKj_djDbM)h!N@_$OCSN0=zO z(JZKcFoEAVQ~$(evlGC9L=a#qBG4NokgS~}CLv;g%M7xY zGY~_LEPjrR!~YK?|4pi9mMx}1CV&te1El}}a>>A3B>+1EY|5{E0VPR*P@1}#+uE5r zSfGIXIe4M{oPe>xV6bSwAapcveL!~6#DZ$~hq4J*?Ejika1;uP2!*6rDAx(*Fr`?a zG!&TE+;gxrb*95234&%idMa}MQ*dVsbw79#|Bg%WAcsi=y;?*JKs^~S3kam=;t{$F zKrxN(in4NahwwWifN1C_jBpADBLNr;J|IDNn%YG zx&1%5q2lkM0B$It5|#pTQo!GWyig3V`&i(2f$$LU7#xgF1M#~!5DT||Oe1qHY%^!{ zm~#zGPS@Oy36@9!jS6rX?0;nqv2d5h9H{s+28Ixi0}EwIfMaoh5Kt}#-~pI*EQ)~p zjUlI-TRTu`pltxuWf|66!u6n|C5>(^0o(FF6urMmG|p0nG83y0S#^rkm>5^0v1`oIaipx(8ZuT5o&Rfvo>`>f`k{` z$;H^gV$k|D3s-CUKA=sYyGU>YGX_bBtU!+d#oy^g z6>uH(XGmrAwdM450HoUBX%IL}kTTj%8E(igkYbqt#o=cFB?5d90qvj-RFn}=Z{9!r z!RLvfS)KwHaiJ?g!4-)IE*G@T?1Qt=ad0I9y82Hx=z3@a=z{-4u#kaAO9m-@@I#_V zGBAfAJ_HIHdUt8$P)LFV7JLVpjDW5L_X4ScW(MC6jRiK)6HjJb26jN1 zcpA{DheMBr!3DPwz+0@L+o4Z9$Zbv^ho=nfgOQ-`5HesSLemA;L&x!;sDKBm8A8kS zF$fIk9JIk>V<43}%?H4NfV1~AQt}f&FiuY~1k8@pccLLip4s`Cz2s?@mY~VY0W1aD z2l^b*mX@IAkG8Z!;0b7FH%C{hg_)fT&C1#pftO?)VC+faW=`8tEnPutBpwYySkOVY zf0jw%qQ}ons;#A{rUo&oj=`^7N`ZUb=H^m76O&>{vrG!F&S0?R6m!6=1|0!3`6H%f z+&$<2|MdQ8QGg%;yz?Xd;U<#b(;qthf22Pi4R==2=(hHzuGR<&+MMPBLQf|2+#P&;0e$+i#9WLVPXL0wB3w8)sf#Lr>g;LDcmnw3Yxk0 z-1Nudm>2-d!~k&J8{GJRAQc{T_CgI2&=|nd!rPqe0Kl7l4yb2>eG;73V_Z!JItNl4 z&>r|c1rZU3kPI@6(Duu?Q_loXhWlU`|Dmg3h=4x_k(L5n8E6~;9q0srYK(ZG#qgk$ z1bqI;C=gKEzh{)6(?c`5;a?~U9MBR>bcRcsKMT6NhW2hHeb{c!A?VQjenV&?Wo|-4 z+7#NR5I93_3ecF0V-(mdPMwF2f!aKzQU2j?W)vc5p(DUe<-o&762S(_=J1_3xH1TO zh`@Lt2nWXqAQ3?TAqFrpKcb!yR{h3iV}GeI{srm*a)6ggbF@H%0Lk8zi3o6W!p}s| zR?yRs*91h+RsNL-jAr}aNZSuS0d_{+lHfK#7@;$$`we>MJWrgG4m{+{LVfl#S24~^ zpZ{UZnQMMHI!o3+I1h~r`itOg`upr23<-P=2TU{t)Uv=YQvk`sf+eAlG!sB=iU52K z;C|0Ml>pc9rb!44G!(u4gWUZb+)dy4Zw)jv$(fY?jDD5Zk&%<#3maI;pYq>OfH=U|gSlb)J2P)U*D>yx;u}C)5-?IEaGV50o(xPE2@)^h`9jCY zkl}^fRmhNm0|E*fli;IdBIvgQcYyn$+C9)!WRL^}(Gol!1Svc&XgFo)XU2cnfP)+p z5flUoP+R5HCmz&5VR*qlh@ZjTP)Zg0Mgis(x(c2h^a(bQas?OwiFv4u0QN!Z0)9I5 z32%hIiP>Nj|4c{~t-X4Nx{x<)>e@SdH*3ABf8chEAEFXbZWuSWg z_x2aSGs+b|L%&B|MrMx+#7xS+FcX&X-jCnFPo9+nu!es|5QsPeOl|N9xZyW{;0iKu z4I#}2zQM^y(55hRH5u;0g!e(WFyx;7!yn8!(6eBj2A&G*G)POq+7Yr@(A_xjJPHUh zi6HiYU}V4t+CE@yh9@w`Ab%>Ja0K}?MwMli6cywFMs?JF4Hn>F=r`7gK$^uUMREqA zaIgkVa*izD9B6@13+3VdIHxyt{ZvK|O8)$>oZeqBA574nF|}J!R!4sqz?8c3FJ>E9 zmfwc9WTqSj_&%Kxru<-e{*;EW+w?PJ+FGhQx&{C;*}cEg5YEE>j)u%S7E76d4G*`m z0&fr^B;a>wV|<%~giPVwoM->&JP{UNDDWbI26iYP%6J~MhX?kXF|s76VZ!IhLzc?x&w*0N|F=aGns&8PK z#7|y6W4*?2a(2*qg8wrMO~w99ZarK#WM<4Ct97tfuVHErUdQlr@lh7M? zAVC@sbT*?E>`blbNbpt)(1Z^P!*p}#O>f`~SPW|Fq(p_vH;i4V9tfQScO%fs;O!AK za~TIKJMexuP<{pPR@j4tRt2fk=yXtugpCtiLP77H8U(c0fH6UF6TB}@7)?Xlq8&tF zSQTh?R6MBh!o-*@05J|s%@bS$mTg18x>DuAx^3n~g>W@X4y{IYuyVBqZWUqscCe_H zYHE-0h@)2QQ_^wfe=tCQopy*=%jy%{{ZW27n^|qBfndOjRo9D(#E-iVoD<87KV_v+ zSNO5*{7~N0^Pkd&T+}KEN3V&i7VLEQM+RRK?!1UhW4{;_On>ZE_AxX1&HLV=5-fGy zvG&nHm+POkp1iS*EnFT=e*YwvyS3b*Vx2LYC~NB3_J)2h%lOvOE z;;Mbkcd8xoc)Ol2-L>a~Y{MzpmkwqSJQd zz97D=wy(RVPgTM5NZ4n!ez}RA6Mhz(HpnmZqipB?xF)vzb%N&vXJyt-w`%Nu4d-1M zw7jv`tvmIqdDl;#iwbVB5Od9Sb;}-KzVdDb`?}Zj361v2v9EKC4ck-pv%NT0 z3K=bR2}7Z(;+o*4M>MDS?UpO*`e*x4xlsA zfr@r;vp0j@Ib!92c0@aZ15Th54HU`Y=fmF^PoFBpIR8)zpV?tt0~gU5UtQ2p%d0(& z0WzHmnsm@~ng^P02g>GXSG21&SX7J#-EL?%v^)AB+5_#0_CkA6T^xT@vXE28w2Tid z-kvp4|3b-9@I)ppo8!sus-s^!f-mwyuVNQBwp-wd+nmjEaqXf2E!n=itG^ucUim54 z$Rcv%le_v2E)im@b@(6DRDySYFOw3ys4gp8wDS|bF5>(BGj>H2CYFQO4TjLQgGGMt zTj(#gkAL({WPMe@OEonWG`ejw`A+%q_mgcwd;8_Q2l^1NGe1XO!#`Ouw)lcc-{Xts zq`5_sRUhV^eNeOkBTh5ba?vkeo-_pZBqP* z_>yVTx8}o|{HE$he$HA4Zcp0Ov1oc%f7lY^hgyPI6cylotT6*I*uP}yC1IQA6A!L) z9Lbef(sEDuT|{MxscKQQN>uMDr~S*ja&hIpdfBBm6+~m(yS}x3jjaV$juGEK9G1x1 z5hvZ~{H$JJ^6{59l7g0P>=9cu&r8{l^{?T?Tb=Aw-Tmk)u}0ixVNO(x`pHYRyVq;? z?e4j{yN1n%kQ2@)XP@*~JNBw`4Udgj&S5@H`(z&Nm8rco8*Db@932Z7J8Y;oZLG{uFSt0CM+fz z>=nzmbLpjPBFl-vW>*iUE-F8EE9GPALtV$v?KOtlm^5-q?rOV%OVOGc6|7CHZ-!f5 zjbC~{9;IHiyoldWDG$5v+?hO{LcOoGj=uB9PW5`{n)rP8oUAZdnkO}!JK2=Txtegn ztTn*@>w-hsEf&7AH5BXa3nmTReZzjGBIMtpT;+g22WtnCeIO633i=_dM^I3SStXoITHqZO(FdwkeedpsqDyx<$j57>%s2+_&$l*8W#6qX-2dlj}ODCUt=j{|u?OvVj4}Qz5-|>{#XNi66 z91p5CTXS#B|90f@qf1fWvO8P#4MdtsE?;vsTrDmtUB@xHdqP^=i?_Gt6}fhYR?`}5 zuE=EEs@JCMw{4#^O?K^x)R_PFbgJ%UrOag&IVIwamufCs%ESn~>pK1=ea(X24P8i}z73T#qJ+J7R4_R?4|#KAkhQ)$KUr{QL{$7yu2s{^|P8f|YX zv=wv?SF={w$!|rx_s&$>MYhH@NfLIBX44*j;BFGQxpP7|#MjWPYrYZn-gqmgUrqX_=xz*5d! z{}BNLUMCdS_ElaiFJ$o_1KT6n)3|b?^NQxxqp!MLb@6xG6xni9xlP>Jh4VGrv!3G@ zy}z(dI8JQKegDylHnMZ@Q--TPYeZp2bwH~6t494*YXl=po>I-WazwXNJFCy~SMJQ; ze`k9y((1xp<%?S%aJ#4NR}U1uct1d#wtLZF(T@5y(9S$jWZ6r-m3P!;49{C)sxaIq>?Y4`S+#2(ejn?lDk@p(C97-Ra|7~Z7 z76~71RBmzH0=$jiew9jQu{Qdde3V;WmD;U(3)ATRyc*$05NCRmsxQX1?++|VeTLIL zccLVGWxwcwezl8wR)z-~?u-|9p1*LFzOKha`OASE_N#XTtU22%S7-BFFO{pb*s6Jg zeezKP(LeHyxr4t|5#34I#kJ~NPD8aR>VV8UzP{e&4}0oPZs>0lE1*khtlw?f?7_>u z{8;{TF3Quk&EK~NO^7V+m3*Q-oV}%`cOpm*gZJV0W9RabLSQe=H+gt(GT%@kbi!ck z3AX#GNaejgaV9r6VmS8f*h%Off7P6x*Lc}}OB^A{bzsc`8|&FEMZ<6 zna32H%*!SiLajTW;Fs4HG+a6OG!)&}6nrC@t13^tdzX3Ua>XsVs{|&FUiy;OL?l)s zdMj*-$e z-Ia!Y6Jt-|@)vv(l5gL6|KcM0rUPOL5#6I}QfiluRch`&yM01uZPkKz{-i9aukow* zmf4LsC-$`Zb~h<$glDLzF5I$CJE^!n>eR8buU&KUv(Hvr@6^%udN6V!E$%?{_TiGc z()ryh28-{FtTVV_U~$i`Y=6ulFDIQ>_r_E8$1Dyly`oXRZmjK;4UB{T$^ zeGTep@KH|pMqwIG>j^7xbl# zx!T+K_8&X4#M<(F$s6>=hYM4NzJ`nQnLgN9S*~@_X3ycty^UNLU{%u|NZ})K7AV=@0T>h}`Hkvwq0`f zJ7tQNj`yid+3%en@-A{MR5CkZ66+n2j#D576~CWH&)=AyGtz#jTRNyYGr8vgn)Z=kTg5x;mVD}FslIlpLM}%9&H9tYWu%Q7 z5iwj}Pe;W^$vO2_h2ZP&mhpAVaNek0q(c<0zkW8PbFID~2*bGT3!Sbpi=;L$FA zmrEg=ntGbsG7s*n;yhp};cmpE#j{^eM|)3XbmL7Oi5m`5ajLH6Z*|t`6dPw-f6u&r zTyvG!g6%Eb`K)p08#LuA=oaCjPN_NB@yaszhN|Jwz=F8k0-}Iql{@eAa^!XGL3X9l z@WKV5QAuA73`$S6kkVc)3tTU9ntUy2|27-qM*cI%Em*81t4XmyZs*{ki>5p;g9VTK zu0d5Om7fY)Sir)CYdm?YCiQ#l0nI$|6!ODQ*@qWA4!7Z#U<=)9EV1*tu>bX@tPUq? z3`^qZVM z_c$svSt<{iFB&~_#_Z_H{Co{x?c|N-z8PsZgboX5g3=_@#8=}IY9k+JUEZu>{Os9&gdIHdVTy>($rq^X3w3GHIQaMb3vDqnC3c>4Ri z$NnKM4O$n6?@~5o@GgIS-i^gXku3X=%jl>~=k;^)#$7UJU))b6m~0@FuhZZEWSg;U zXIsMIM3u(e?up%Q%L^?-g`H}Yo{eBrk0*sZSJ4&GS*c(eDZzt`->P_CA^&C?tBNGu zKk1D{sHXBY*6r3t(Si0hK5-f1#<#H60|=$fmZG%Sz*4&h`lb^Pf{}E0&n~+lS0~diH6H!?rT(MQ#<$q7PnMOu6_eksDRf+_z3wGXO=$3ni_7W`j%c1a zvO>GJ4W}$wxqm}y-Ljl>0plOtA1_&)7IxDrsp0(2=IeCxuk(cJsRX{sQZ?yk-zU|B z%@0Z4Y)G+*7!Y_=YQ_`l$9MEZ**zBawId@-MEg$er_JX{AxIqviYP8w)S7m4o8b7W zE5RPNRdH9h?RBWHc8XiJYu~kpBIKBl`0l0pQ|ND;*d3pIs3af z?%mwqZq7DBcUr=8@Okp{a~#5o9Imy+rCatdA^P7St61SH>%GSm4kUE63a&GY%Z}YO zA{)zo^8Xd1V+5S2w#_qc4|C?vPRZo!xQ{;0#6 zZ#NJkQdKwU#dGTM$Tv&w;C1y%DiwEm*tc@%Hb45|%6`H}1&ccQt&1fTo>q-pi@LP+ z=Z$)Q_T4(_t$TQ|G8NtD7o;Fw)Np&@{hogRdPF=aTq4FDt!m}(W#Tgt&m!@T_g3)5 z``?GF7c|N$iM(6!Zuh{l@&Mjlx^+BJdbu7%yKfecKbZ1g?ihVjT=!k2-9%1yfqkxs zcUq-qvWWNL#zYRSh55xvcVuh0cIPEd5o#D6qV)@`$avz>6#P^7nyDHg+zatwJ>I)kvV1^B&_} z>SCBT4?Fu0M4H&8QX~bpmc_G#3>*+#Dti3sXSQCQv-5}Ey-ewmz)D=?Zu{`~!|;ms zDi&)!ZO^n-E6#OJ1SG}1e0IDoz$gusNEW>FKwDUxTf$g#+i1P8Nx!Ll z{HoCoZ@vw+^5b_7OK0_WoGe3(d>yY^tM06rSL+mOTl>(aC>nJ->9cB+JEPLIYb_R zorX6`+BmZ9vYY^$tyz9J!r+DXH}lAoo!kgTw82?LIo5Yw*^)7a!V5kKc1x7@NpQxV zEDcU9$aj0;@*ENrg_SJ;Ps-b3?`eE*`GqG)1)jNzF~4o3Sc z?o^BiT;n{qw&b7<=$SA^D2s?@+J$TC3fl#}OLo?5b8Jx9U*B>w^K5FDR7C8qNfSd8 z@2^jGt*u%)y!d`h$>+x`J1U}S!*bk*3`NJqId^{SBi(|29oAn18Hy3Nkl+Vk}N zO_WW0dCgL*qU$0;Y6P*a8flr^4Y*zA`Ffh-mCLw?#T=iu$sE%QTvz%wyIH@qqGjj$ z?tZl^OEe@F7&zoj%1Nt#6Wx`fqV(3Mmc1swH&%8c@_}jh&GV%^uNU!jl!tBc;eH;R zpnIhzrN$#N=-skoW<2)$I+szD(Ebtj z(G89kt}=d)o?6Y+=)JD22@(bES_;}OF>0epeP1y;dtR?USh&}(YOfmF-1za@A(w4U zsiq%kS1xslX+IL&5g?`}CU)57vS^yPu(0R`i>FU6=+wQ~?;-!erlYte$28L4-_+FK zKhiWOCo(ceKEW&eT7{_M&_3~)5#gSB?CYW&`>;*dE`vC(fm$rBwBb_;z70g zy2WzKb~mIGoIgC=omL($ zyH&n;^RmcoOZGJkzWx4MS$QFrWcjd`hC$@6=HXiZ<*kR}YsIiy`ox3#tKLu2wl2Y* zE1X}&m54OOUXeIzXHBi-&Y#E0*Kt12Cdh?%^a1C|FKdUM)hvqV2~b|h%i0<7;{C^1 zmz;Bc@z>1xwsk&PZSQ$h?}RkEk6&SxX$Pmw71l#R64qC5Olmj#*4Ui=m=R_ut@~b3 z9<^D_LS>C{RZbI+V=M92{D`C1wy}Cu(|XKSG;%t1HN5RmQ11*eD===bRJbfQcyTqM ztBch_+<3A>bK#czzN7cQMz-EBiE)1Oyu!_E((Uc%o(ztl=P8FGtuziiNyj`)H{ImF z`O4>xk3^epmX!O)>kao-MLYmM#B{IN|LLkHoBZ4JU)v23wi`!YeulKX{fVG^e#PzL z08ZYMv0u;YXmNVB zvqoL_5emc}O(;qanW%3XTfura`}TM3!=%AIAHQ3B__S*(vAlY#{=U<^J)-uDi9)xX z{QZfq)k#9(`{zduzkJO-q;n=@i7rN@YjF5=hNIx+J)Uk6nz~L(O3qI7e6|`Jlums5 zlX8N}7K^&$TXGHKKE@$Cje;FA15>p2@GN$2yRkmdIegjj-H1T5Z|sHVB`_u-+y^Js zSKHpxK47=l*y!F`w&h?j#A-abCHVEsn$-xcf8$hD;ocq9I31CY&|6X{fYUWLW$a_`;A(b z14FcV`9V5+i;QAA&9*Kx7{BOtcngc+O?HW$j>-OCo6+I6)R2hi1676&VxJ-pvo5Tm z)1AMstRGzBH~wvq{{Ze~_W8CQ#wX3n3Ytzw1+LYuIkfSX(b1NKZ=M@4xI0FdS*WzL zqgSw3`gI>99PaRZyUT+m_Y_%3J!(rundj){6~2!JcHJF3&GKoD;IW+R8ISV}FKoX) z|7>86UC(X(_Qc$_gNMRW3U+YwO?=rnCX+RAfbY7G9lxPs<$k|S-op46^%G*>wgnB$ z=i4V#l6r!cy|P(PByt&f;TM^xqQt(ugmhbtCFu6oXKx{cO?}eaRK-M(cW-a1Cmq`G zsepT*)80`{uhEL=opm&P=gD)TLg&1mo)EDjdJEbmdUIVmK8U;JLOJx&F~ zKMF@ZDZBA*3*~)tVTkn&A+t^Bh?usKEmhm!@7mOOzmfI3bgx9#s^+MpDiU?0+_%H4 z%9oV#tW^m9p0^w6xFFP5*(Sk<-f81b-1N#xdGMV4BLCED^=1vRuew#!h&lL>lD_;M zlfDy_gTpr}5zUIW8vEWQt(cd#%eKDywuOMm#rezE&o4B3@N_p%de0eE>y?@34Bpp& zzr>ncLr(79UUuCEH>_&drCFDag8Nk<+X8uyj4*}7XsMVjWW?I2^QajJIo zf_xn_wPDW!XC`4f}a5rsOByt?1#^w)c%L`hGI&ZmWR} zOF8sP_>__<3oKwcRO_;?3Y5AE8l@2Q2P^47ArUR1+hCKo*tnsfhZxB5%_v*DBi1q3 zj`Ho+j_ahQU<&`sG}OKH-BG1z(77bn(|fV2`To-}fjNv}%L-u>{3r&j_Lw!O(FVlu zF7RFpys>RplxCQ$Vhx34D&X)>WE3KXJerbkNMX%DJsi{$1KYXbK$)7{H1A^~zY@%* zx^W8GnyBc;XeV4};thuYRk_@5DMgZkI4G?n$XH0xVVEx~hXMb6b_3QWlRcS zmw(lBU*Et2g?aE=5O+eH8OUv@PSVx)5)TZf3#cD5s0xU4AuL*Z-;wbM#Af9Yj3rS- ziLT&Oe>UNb3-w)Vl*AauiTLdz&~Xd%@tW}z^2bGY?84QeHiBTMF2=$ru4i1jn1ye{ zz#Eu!D|B(R@Hs-mRJ^I48L3mZ`sltPpHNcf-*wn>lXDblV+Om03w7e}FXF}yfyXQY zm36arRiqUyU6}NEv-S@SJ;4QM{|Lg>vVD-F1Q-+8y>fXHz>-6&5o%l(PkU?v7#E>j zHE4CvDC1y#QXV)CJFa=ivVC_T!3hY~K@AQOsWnu@`KmpwPDNfw#vPfgSj ze+92i74#qqkO}+M&!6p=9Hz91jKNo#QnDuR&5UM+DYPP4`p_rQM}Y5+c&{N>rL91n z@oTE2)&Y9^rw5kFl^RPmHtmB^OxzhXNpCHCHeebCI5KQZrnje0NcrESEu%E7_$7+7 zn%WOe0E?{A8C{ktCA9HIanIiusJIT72ZWLacgsu+gk#8{i(%z3nALuI6WGu(A}{C_koj19jqtyV>V$O!Ra#gv~ie_ub)TtSv9OVgQ|aIubaNS+DH)_cHii&@RiK zlY~lsR_X0Cv$CLgtRuHzDVfHF-g4&qxSeNhM7s)g)eVNEjXGIQO2e^2d~iYA8GrNS zf$^h^54yL?)4x~S$xIt3dL$U*=?wGfD@cq>zbwR@pEv-;-u_L#^){vTX35*q6Z=m? z^uaz4&cy>8H%+5_F~pVIGk#;|2Y1o{n(_v9R(&K*qxK0J=wqUIlUcD_J(QrYZnb2t zfekqEL~Jt74lbNHkrVq1tQrGwt1{p?wFZbC@N0SI^4Lfd?5A;bKWanyQDhX>p0Sw^ z0*G1y_y$uBYfi>#+7%ttNPn@jl&7tsKBq(Ae>ZNb+ZZB;e};@CfY3A`fW}LDCLnGJ z^Ad?hhf^pC9Sx7XCJ03{=xwpk(yzMn1+*Tfos)e&hZ`%S5<-Gd*`MLN>@4N-Ch3VM zM;++O>olkd-wGY#Cqnk4q-%sO8G4(FqUS<<5I~Q>#?a*hOZsZN>a@`bqrnbwglrkn z08Jzu*0F)Aj1Q`g&0J+e`WRWjs#;ZqJ>1#3)&k_*EZim*n+2zk6%+@UU8eE<0RQ63 zXL0nyJ?zfU*%Id3H7oA|^>UWUNSV7hhNsu|uC}6G$xqs`9%q>&bebpnKI`h^B^9!! zS@y0r&W-7C@CAZVd+*@YRK@eU>D4%4aLyVltN_=m#gW5_Q0*>Qc{iJg#^Px-{D^|} z?gb=%wvK{>H5NY z^BQ!0S;tAc!hwtebR-&Vi2j%K^Dw+A;ovYEgHLp<)34}Y8!Yaq$t&74hGXROZmA{! z^LXrK-6MUbb7(y#xq=}uZ1TnCApxc%(K!DmFW3jWCXHZR=J8l9yO22~sTfoh%#mo2 zCu+>g$4W>Kg>yxb+A40?+0C1N&y48tI9R()TOD%j^x%Efjnh*HiUc*2?s8m&_njjh zI$*|eMhtByV$ekvm$Fy$pxZg=eY7}bd&B`0;%}iR5H;?lowE z$;lLNn?p5*R3Gf*8$+XmUb?;Q&}#?FeE0Sl_xvbq>DmI%0#L8)nqeDNMeUYC`RON2 z{ttkfw`$S99&DdU!+(C6|C!$W!{PD=75W#2!avS6`cJ6{%O@?(LibNB^iM$7Z*=G% zMCj+w{B9%rI}!RDF8Xhg(9i8>{|@N-g9&B+6B8=AuV>A0&`a{aDgjOu;G zw~j<^SwFeMzY%U(Z`GtLRF+T3%C0umve|@(j$eZu2M>sVvW!10_1!?5-=_*#P{XDh zzuw*uM0@r>bgO-$(?cnA7;qCnG&Ff)=ESfJt zk|Z81xFUnQ_su+mRgL5s7BRcXx6Jm;x%?j38ncb-{>3dAu0P0_{>W7023ly;;CS~` zCz4qT4GpPOIU+hOCj|!`olccrf2EGM-%l`+hDN+ZDS+ax`ln!l)^mK0N)x5UXdIUIB$_frO$EC93J1TR($gp7``f6ZzXl zcbcGOm{x&8fLWd*JCl$c;XLLU|5~0w`*nQ`+5B~rqIE#I*zJ8fL3eJFLZt#_arGR< zv7s3giZF;=JUNdUetk%qFm-{EJpLRNg^!vru{`(O?3}C_I+M6K*d8B7$qPf~>2uDL z|NU&~5kvGe&LStN>%N;8Q8qaXz3%yWm*Ge+yc3x~rK@zIHdCB~Gu(WOn zt|=4tqqn?xS85=35RCzkkM~q4G>Qe99kBu0b4@UIy2dJQJvXIH)?OO(<}hkyQ+mW5 zwp|iVBC4w_&LC*wNlz|_y~Ddr3G9)07sPH$-w+DN#)jEfX6!%#n~wV0r=_c(POQ)( zvuSziEd1aWzAE5Skc$>eO^P5hC|?aCk&0G?I@y<<+f^JBg^?h3LA9{@mK;R#XaT~< zSm0uMb-lC^Q@ve8edSz|@%^yw!2+9O`L$nZc~fbVY-E9wW_~73oTmwNy+8f>_Sv+g z%3`DC)6~+3zrEu)of>;?V(2=$b{M&Q!rH!^Jj}0n%2=7uSWc`LIy5(GK(F<4^~b~= zxl+UqM50IT9Wu!f-v>8%+|b@6kaAxIz9O47T653%(DK4s4`r|UVUHi-Po`pcuilKO z)$C#KgLTFTB=mN^9nE4wuEhS3vr}s>q(pbIZx7jU;G3klXson+wkJisvM*ITr_i{6 zW%OguV9vYPw)XB@9WRnb(DQo>Mhc$75kU7K6Lf}){BzyN)B{OHMSlN-M(6f(+MLtV zmmdRzF}tuQ+6Cxmmk_Kk`a}$jQifo_bzVKcC_~}kkEx?DF>6g znhX6RbWe7Ig({eM9DmWRIa~|#m%R}yOSv` z6)k7G6TCPWHCK1*tjc8pVmifJ`G3U01b0YpL0Ra~t4p>*b%9%u>=r@vC5!pL#&Mxa zSTc1Q)2dLG!UjI@GF5G4v%BY$dTBdV!_WSt){sw9LH`bLu(Ys(l$}>*Bkq^jxO*C? z*_G6Tla5!QwS7%SI?*tSbDwAZHPXJ{7CXu|jvhUZfaRrMGR?>U1~*PAXv%x0)3N%j z2jv}(yfjs(p23a&SNZ;$UDZxQT9Ep|Y0XZut^I`}d2R3XgqXug2q$(cZ5{#QQddk> z!ExHHn}}omjwtjg{Bg9?GP@7gRfAaze1A;jz!LynbmmL*`71}}S52nZ^UH-4{jPFYwoE)LL04R0LqJ<8g7E07gB1ULt2|e#b7uk zMS|!_7M6{w8fjt65g%|-zePUlM2eqAX5$SOqP}07m&r?Zsg5vxl~d2XD%aWbrbcxWHQm+9}&WvGI zM!EOZGwkYzwXeejQ?3qeKMF+X6@+p_Lp$)JU$q#cgCvLQMeOy_WImwIh_L78w7Z@<`Z|5r z!>eNn1NyM4JprPI9mLVZPC4g+3@fW-5q$d47&Drx;uL)h`)CfjV zcvV4?m{dVA0$aq?sO~28!F(R8-C>w(a+aisrs#eX{;m7=N}F3sqU;2ujS?gfTnEvG z9;eMJFop!pAM~Q9JD3V5pX0fb6~RFzk<#+&C{j+

    S<%m6DXqw{F5)XSQUE=>%Evn&*f=XW-`%njXgmTw{hrmm+mRi&<>WWkwR zBca6!hKm^T0xGTOcWB)bj$fIHO2Y&zOtF`J6U_z2*t}LXt=U80 zpU4km3KsCGaQw3E9b*j(rbq^zj#K&VV%^e-^+*jxgyg7faXpiTg{GWy#3{Zb^wP$o zgrTM=+Tw_WgDVWux6uc;U^V!f-nlXT6Fn%4daI@3niO$mOf;*eXz7F zr!hoz0>Mf~S3~7Q9cm^zeCX~CJiTY6AwA(WzcG4p1fb>G2xvMksXmhs?J`X0K$!rM z$egkwpy{vcgRWkoRLGh$Cf5( zWi8#tbnHqZ+j(t4%n<7?lz38E%mvX+QH*$%4v&1-=%I+&jE=F4GU19>5OKNFM*57< zNeMg65K7*H5-%NUiG$e}?=EGQiOoM3qo~m<-<(<@xS0cj9ZSv$a4QEU&Eo-(enR$@3*J$^c>!L)ZT7wB0 z^GP~NzjK`Ff%_0JV(ILa@l2JeId;n8bEf50V~=-4B~eSY*74d2&H5SndQuV&RIj$c z`a!EU-Z~`a)B?Y$^s`&6vmI179C9zS@^BD#(RZ&%Hl^-^(NPE(Z>!F8RPy*h%Kl}s$V5b z@bWbGDV(C<&$b$iwRz^nt~XZ6k75o(e$uK6##*I)wk&G8%iZ&w&=&Dw&8e;Zu8O0G z;3eXZX;sNo$@DY>HZ7jlT*DqU?x1rD9ukDK(bP-pZ!9lF-853Jx>tr(Z;G=l)aX;^ zT#M#$5_kEAD^=Tu^_SanZfK=(RZLPNajV~4Mm$j%S6Mp7!WXUO+<1eSi4VHC$hgiu z*^@Ly@S=vEqA;~&K}O>K*z6vz6mnUEfSOFw>6ICp&i=!B4mbM8al|n!nyHT~s+iVK zO{-))8rGjqxqy`=YrHj-LvOTz*d^>q%|wCg4L2kUIJT0Uo+*}^C%)kA`eGZ>n}Szqwk=2$SH>6el(IUH^vx#ikONN~cv@$Q^c59_;caFE?8hgbQ!ss-!tNDmKccEa*faYW{mNbD5 zo}apzu$v{upX#GhSR-`>jAfgW6UE9`U~Rw_|HX)VsDDSD|}m6QPQ}__Xi<9w!5Wp-_Z7vdDloXir4qbB+29iZi?F(Y;>EwU93M> zBNM4RU1X*~)6?k1>Dva+2+MY{JFujA!{Q)Ik4wX%0IsHM@%3U?)8x*%F|{=y6}GT{ z$DEvOulc!DYV@9ttLbHBZfiBlQ+ea9myWBm-$? zyzrqCrzok|MPl0Z;IuicRGzR^QOnUrV_9Cpsvd-SZgg;ZS{s6QSnLs!y81%>8)v6@MUd071p%ad{_f|nJBYA93mc1C7#eLC&( zU{xo%gRNx93OOkI>m0KXmZa3#uh0R%=^I|#PkV;m~*!~Ba;M=IC zk2JA3n8JjbZ|;P|EyKZ3cnr+V;TH&LX}eVd3!&GwT<|$EWfg zb6fK9%Pw!V1{)ow^6@LUGc%+$M`9ijY#DFMGwH>pT1VP1Eu|=ll(NMfS#v`@&6ICO z1>-Gckxr`teYUI-cyVvJ;yJo?xQ+tNr?U`EAe(8~3EL%Uk6jZ@&g9#-?73mb{=Eke zToAKa(x~Io`JB!CY{P&@h17CY#QtOjgG%MLLY3n;tymm{>id%gk;Fb%pC8w56`vJu zjLQ{}P-}DgpB1BdLtOJCw{GQClg!*IPop?jP)ZsCpMJ;{+h6Q6aF4Za4r~ zrmQc8$Oy|@ir$&!^XQpv4P8BF@M?oXGt)?AE7lgvs!F;ZZk*_#ppa#@WGQfxPJ}{7 zYz`J8!q&tNvq}v70=>8X6mo4DlKm5bQ$qWs2_yZWP)|F+`sJ0L?D-BUB`F=(L8KXO)DzSQpefylz5{O=huYSUxm@IbqIds-{(`7@h=98tJ5 zJh#U^53P&S5o!Xh79B5hDjbu{k>q@c3n%JfcRf_Ia0sfQ!MTD5`kHvd!(sH9El78m zs`jpB2YihurJk7)+m>NvBZv9yUYJWO;@!@j?5d_;A=^oZ>40yjC7r^|j6Gyw5ta~? z#a|c8(0Uo{oEZzM*fb4WOVG%SkcIVo3f=b`cW8$g4fV*)arUx7XY?8KNO@kCDog^{ zufxu0IA)Hnhb4{Rbj3inQN?!9Ot5Juzf?i4OP%j0Et^p+W(vE^Maj~BlnPnTmkY~f z*~5^D^R<&l!6C0w8c)J&siH8dfG|30a{9PhpXbsT#{mxIN-eN(SC%5ah)W$ShD`jd z!3i!)5M3?B&rk!&`M=uKVs$r4Gb-OVIGAER+`wJar!yXK2+MN{&x!er)nTPjS}~m& zE#s&$SBgRQG;TEDB)O~(&k-G%mDxtP%c;^>QIquzwE+7`2%;jx*^a6}mgD4vu*MY~ z2xPFrr8&YjCNqB8v6(knE;z=H>ccIOj2V>%M=ENS4>sV|CDfL@CQK^29oK1&%@^1c z*?H~nL(@Otz#W=j9vt#P zBpOJI-C2r(kEXVThmhfL?!jTE_lM*GdjTqnSi>omvcQK%^O1%)pD78$lr^Z!iEvw) z_hBeSY+G_EV={r+O|MT7sncS*g3F~CRz2#X2ooXmI48{Rv7b(EEpZ143GNg7FSE!t zzRIk%M_cKG`))};M3l%&rB6u2lrd2rK4PvW8anryp{#5~Gql}_k zT=v$M*xM)lSEl{Aq+sAu7kPK@RtA1CVn5Y|z9vGLCt#Jo3 ziuL0|8m4Zns7{Hi|ts;s;y*fsDPc-W_U|o^;wup0oF<0oxSbEchQ6~ zK>C&-etGhgu2KXk8kJ_q{AaiA-8VP8cMlPOXOtf+g)bGS12yM2SCcvGZ_eUJGBhyp zM6$@R;VYtE+L@W0sVTEi^)cuk(*i8`;aDfT;}|WUw`S#Z%iZ71z0l0!_nFU%J($?i zo&>QkA}lbDKvkrTo7b0-QFvn@C9GsmX2CgjX$q;bLKs4aPSPKZaqNysfX!PNCMVlW zR@defYg4(hm~4RY_Z3YH$D7fxEtVr(y4a5@Z%$^ODfYwfP$(6G9BJHPORVfz3DGiz zF2WaaK7&KjM3GMWP#N3Hmavk&%;yG~#chK|L{0)d`7RH^*_`o>OZ-fBXf)zStMx`y zACs}Q{%VbZwWv@!v{)ep1ge8)tz;+A@#=G}JM{;>%-)2Cr;nl@PYLf^I5GuPdwjcT zGl)DQpFOZca|NKL5p@I(~PxeTx%2bFy|^iP4#eD+Fc@Zx62WktxscQ z+w+#kJ8SV9^UE(=zhU~aCr+=wI=}4djT<&xa@qRJE+gUeetNFzR;F8j#m4m^-7cnE z({uP;Jyz;F-HpTmTOBrd5JZqO#+S8AJh)!}%ovx9?PAOD0Lw5v*QhOR%x6)YO+;x^ zfBE{BZ8mQ;+k-o1n*Gg1(v9fUvE8$~ca#)ZKXcjGHa=fO@lMY%JJ@K`?MuyGT%#CT z7xG+taBk=HRb@Ig6KgoVgWXQrFuF0nim&yV$KyD*rg!465&vv2+imaK%df%w=*_hg z?F+75KY7jAQ>ViwJ9Ttlr%^}Mub+9+%m$r&P`eXaar(f$Z)b|hez9)N&v9VRX%Cyl z*X8vZ1E{%zES#O;U_5pREz%rL+GxsTG&$$N)5vBHrD5YE#-`nG5~avJIflgMP&&~e zoB$yw$uhRqncZdE1eTwGb(cN3ikER;sYHEhpK{}e+tgfOi*{#hlR1L4hVNc$#|lEg z_WCS^BtdDhy+-Fc(Ee^?Y?EpDY7xmJTx!w2##S7RF%bZwPn}~B+3NIX>wI{U zQy=KxK0nN%+ti{S(J9;2sa6qzq5XWaXE#pz73V#8@phJgxabT9Q;)g`p1#1TzMhKl ztQO6apQ%qp?Gw@T?1xqJtP4g|iouI7wo9+l3%MVB+|zH0$%@TfbmB%h$cxyD{-39d zN@Qz>;S7lI+}I?2zFmHfG=e;(mL2>sl}lL`fOWGx$1utT24plDjXtbk4W zJw8`8`X@t84R$(2YtZJ?nmg}=P0ECUvf-o&k3;nJNximXO~6UE@1Z$4Hm7gS^ZGhF z9>T;n4~sn|AMo)qycFnNoEEWVZf?h(r{PHLAodUk1zEODnuUNLsi6Y=yofs6Ub_Tu zk$I-^Vt0D)6VRD#?A{mW%N;s;nCKdz38@6a>&P=*Io6mLJK%ZZTapI1%{9#bPX|dX zby#iM=5ogA5!+1c(V5{WiFm8CBxcdjOdoq4J`}0p%G&tCd32k&D9@n{-8SchZcns{ zL_{{=_$v37|W4g`7k9=6~m2b)uCz{J0KXF1zwsN*a!tm7>(rYXP zh+D)PDAXdKpVY&V6Dlo09=kK5bCnJpP{_U%%kd`Lob4=%4%Ft@0%XX=q=$v(3l&Qn z2R8;!g6=hE*Hhb)Rhm6`VBrISc0=(v8+``K`#~9p@|l#RmfXA6c`v*% ztbxcjhtQRx3ZcP?){*MRZ}9IPn!aPQ+WtbulRl{AZgbF^Z`#~$OA8N%cm;imyKQQV zt!A#NPh$xKom8R|EvCI8<@ptJ11O#=%aCa_*;&TUH$@wB-@R`PU6dPSMYYqt;btx2 zlJXG@ywf$=VI(z<+Sr5so*?w@h530GB2MA5*l`vnU7bP=DRRpks82kVV=%(YSTY|_ zZR@nO(O4ph(xcB|0I5=&J){HECei{%r^qh_TFoFI$4|j14#kiz;0z2t?od-hSdXd- z&74%L$>2(oX0t69Ct4Nqi)@8EMJp1X@~;&o6T2h=g*8+)nyq3?Sv)M-ja@yZgi)01dvqz(_hJ*GR2{G)^sP zh&im0xVE_1#5{9o5`#GG-Vu4Ja<}ocMFtffl`A4&RI0yl;20Z^N}2qUhFD;y%kc?{ zq@?}VuytWO5dgw@=>6U|()|@)S2dq|;|1He)ei@Ar2LeK6#N==SFk0%@37LGk;M`d zVrwyWU8i--*Lv)k)M|A_g^Vnv$p_jjRfUyNf`&nV_2#t~gCd8i5#|^xI6UoD$v6vwx z&gx0NpUx*GCw}XiEr`XRB9&qduJM@w^bv>XNSLcC_jjl_d~1R#AO>%?BF^MQ$~9$= zB|&|;9t@28;2OkWpDIq1SYIht=qC(40!hGvXr9*W*M*HQr3M{p>{=Nju|iv7zlWK> zXZ}fOckmU5YVrA}^d!z)bbCTLb7azyDw#RfS`u&H7Y>z%^(T6XYAOjJbqz1df;S}6 zuBY<}vl9wCE99WFKbaf%ZBCf7zxSk|s~pGHI(M9yhX?y+UoNM)V2MFXmTCS(eJVl*xO^LiSseSBaC4u)HMW#bRooRD@Ak95mqqRT55^ z5z{NWO|c3LiAz)l%tLg6BZl1bib<+7PF(AkIQ0sBH5Ca@M9PH0 z8Jus$q88S^>5_4%bU!X7N5~N%VA5B{JL0I=sOwZ4WedJsF|#+_7oAaQ5xhs7@3 z(=12Y^O9kfoSX7FXB_{d>hD$8i@EM&YsS^p$`mh;o?TADQmW|vagm; zo;FOn)=X`&jul1G_7$#f+AQ9~UhL+{mz&IAS*1za&D++x0W&QuYFw$rISoOe35i~E zAWpWI0oMsQaid?U&nb1gEnvWeKAdDtXV&3#9O4F0tvcz5q)VJqhQhvA=Ri%x7xbOx zc5N=PDWp8_ID-z1zRFB6XA2O=_xZ%LHks`vXz0v}dx>+lj_HWSUmN}Ae8;|H^N3Q( z&r@Yp(lOSW>ZIMWAs32OLNL~!mTLa2#>XR3WH>(uIfXk?caYY*$jw*=%$h2O&soC? z@dkCYe}cmTRTe_YeQdjq7kU5^B*FHY7`oxvmG17kjyvUKF~tI+V+bWNqnbx)OL3rL331XXIvxCd zl^lHjp#ynRr=O!vY|1G!pcbaf3_-SW6WQZ4`#+SD9U%4%N2N^I(AS}o0FG(v;h0F; zkP(@NUJsRKC;1fpAp6k!l?!Zku+J(vv@{u5Y4vJJ#7=mflh@3SsGy?N#r)*f5`yRV%G`P`#KHv&*q*Ym^g9fl#SgG&2?&oD#b-BsL99 zz2B2%C`mq4CQ~P0V9~@fEpdzOl4OCWAVfN8MWorMz*#Ul-;3o752S?9xh&5XDufrLP?M!1WR$qE9w^#r?%0t1=0qHVN;=SKM3h|{#667Yp*3Qs<+(@f znA5>We%{gE18nN@6Oi~agoBT~cC|X0Z^)y^AP~}$W1>Tl=!$R6@bu9j*%?SoA+!+> z|4pRa;vfI9aLHg>fb?-$VuWN)0mQbFN9#u4#l~{v3C}cD; zT@gqSkNAF$gcHViy1>!X5QVOj$@V*FRYz;8vX)36yVdb&Jl@S`HGv+sR)@N@)qv7M z%#7Wvz2#)K)^(0`8;9Ab+hcv4Qo_W6K(%?|PIN@q3e&e%a?V?W&Z3+oj5f~OUfYS` zrn|}6Y_UtpSy97DGZs9Q>bK$u z9dVr)mWY)$1yIoeKZZ#YK+)S~k+$R6lM*+9vO}85?NKGOPl{JCT2hERekCt6zDjOW znUYWzMv135$t;AeOxQ5ZywyDFoyC}A{nav=2%JW3&*8;(p9KW@Dkd~VC&k9eOiFqz zh?ZJv>1#UOGF^Ks1t>|QuW#)?)gq=tSc>s1x@8h>B`P?0zz%K-vvlobWEZM*V%!@W zS5!k2Vg_HvSv678hT$1^(N=aJrE9G=q41@>!j>p)bkL+>v5Ay1Y?L-4I- z2E1wuQzgMP3AQU|W74tdDN+_YXpksO9+9eH`S$9i@dM+-=&f}P&Pry{s5FR$;vTsa zxT_Kqa1|Bg&sAx#UpjpX9xwE*9X=J$o}vkBl#^ydH-s;kk-4UyNR{>x1{CaGiwj)rSj${&HYOKddO`+9Iag59+b|$M!|BAc{ zc-8O;G;>h*M^*ekT*67J8StMG(CV2lDKQxhhgkW%c2xTc`)#fOMyw-iO>}{CRQRtY z?AF;tLjzHmYd zvw@|Ng)&O)kKsl&tvU}Io^q|^I-4U>b(MJVrw(QzxLm}S%hfj79n)&3lt}-LB@S@T zeg8ziBQu=OeY)dAK;X$7M92~rvb+&P9**hHIME4~bl1UcEOUu43b(V{I&Z+ev>TNX&+JMZfFjq>^eCx@ zb168%Yr6%}D5S^)Y?r+*T;29cSBv4 zUHcI^(<&c@v7=2}*E~Gat16|mbgdg8S4>=R=uImOmlUTVVOOs*mtF^(opBMgScT6z zV&{<0=f zL~#AkFcF;0sxAMwN#LOf}q`g&dp7HAii8I&mBYWD!SKVYm8gp6|V zi;8mHOGV2KdFLSxZ8|EMTUo5xhh_NaF}R^9HMG`PtJnZJGnBb<0NHA};|70yq6A44 z>WsUdtaA;ZEn8Zs2}!G-~mwPdtHE9k>T6aMsQvY{G_6Um1C($HU3 z8@_++@FO{uY}GpX(9KRMTTxRuoQxGH1}7d)#-2Ycn&xD2XJ*;6VzQV_Ku45nA6czN z?P9FLd1X2fxj3zCpA>~zMdtOR>|*eOeVM*EpeQ-Kj4y=K0n`a18oZU%bV7y!UYQBu zDcovJ3rw*=aK857FrVtlWod=MjiL92Y^I!=@|qNBlu`Rwl`i{#!f}YE;TW^kD7sde z!zJldv;U{I!6PHvRymz)C8?wP8_7p_DLE5xsCAXHMx1m8`Kt$=t4po z{dYK7M`T9Je=-3UPr_Ysuj#NWW<$2p_62hpf-}^g#9X7lY4JMqrsw=C8lu(2dg4^3 zS$s)@5-=LabJBKIR^i+vcWog7Q{0vlvMmJ0JFD&7HO`F71>yX(?H;N_2L1D`V`2HT zjAKnOz2&Xp%Dz6m}dsLrn*$ZM$)H%Pl88Mvag>W<=_Z5%Z6tpfaX}uXYrX z%eEY=vGv-V8NOONr9;)UF^B27)|A;zZozHKSRAajOKV7~GiXp&;_w)x$I*R5??$c0 zDi-Id`Kr{m)kY6WnmR_N)sG;38bJK{yU7@ z_U_tyVDFIAFUKKq_7ik24 z65lmAG3ne%%}nnVB-8hZ9Ncv88~Fm)qgCp=uXLw}v?V^N_`LWw1VYNyaKB{aLJ8A< zU&e_$oAA(vJYf%t_(z;bD)h6iMNh?d(xkdWqJ{89H;@c?3HZ)xhKNU3xV5zeJ`{A_ zqh_1`SJ*!}=*fh%oM;zpLt|oL{AV1>-8QN|GDMkx7Iugc4RaM!bzIhjrF?^q!pR)# zHjkbQ%WJVDc#<(Nxz_iZYIs#~Q9Wc2bL3T-9DTfUJAyh)Mr|0^^oe>3FDF(+I8FcY znK*T>EMJGV6eKJhuOM93wWMvO%5rAa+BTcHwdW%4pRNQB!@}2r9djHPH|xj6?Ps%H zci#556L1O@rE{NK(AC@Y`MA_AUnjDjl&oLLpF*Qp^iENGpNqNHbmI0{BqC4&m(sGh zVTP}dbZp!r%0T*ngXH3?u#Y6Zhl=ZJnpVd5`f#btsx<>xLahjEp_E3PmZ4$$&5DnP zO~B(Wiy)B`P*DL*W_R{&fVhE1XbmU%xO1{($*|N}VLEzYOM?g_UPFaKHZ=NUVm}UXYnL#w^DlhvUD92J@#xN3q4ME zY0eV|LVPt;(9WYm;iM$9Pf=CH#l@Mi-7<%yg;e3(I>v1g-+^c1a=BMweUBNkriR#7 zp7BE@M-B&snw5IFdGAMZoNO)e`L`@uOF?W3ft1_rjPH+}+n^l5!DGH!Sv|>am#elU zA3A}m604Uk=V;xKX7Pn=So)*#5Y=H6O|c(gp8>t{Svx~9Y=L;^g0k|(=t@t@JkpNv z4GWo4v^v$!b^gjB_Z8VfhlWjd#bzcip(7?{BOd>~3HZ8d4_G3J%_l~IZ5j&bamEiz z@7hNdL;eg$h&(xG%*19U&hpBJYT)6Qs8PZiu<>Z<(!tt0l7t;|n%3$2+ zX*aQi5I$R((F5Z$(Zk=F!3;qVhC;okLOyFb$G$=Yx88i-*u3|Bh%?GCY^N6G-629r zV+&nXBStzXPcEX_h%6qJ7wAdEO~>MuAFG?4sc>|1W?qvs^R!!&Pbk?~PPk0!w53m= z;u>Puc1MM53xq_w+4wMBxM|hxd}|+{=cnh%!!$>^GX9(xroDy3T;i=58fG^hEWy*7 z?LK@xEes8xD(%`Ept#xchQNj?XROwq>$kKMbbcSB7`K3ZKZT4w#&5VVKd{df^Du=&=i6u%xmY?h*EC+B zMttrBuvreeBAJzyVLo?^Lv}yGFAT43_$iEDWp1V+vr>Z)o2{8J+TsV`K{VQn3JW6~ zao;pL=|*1+3A|P3czoufO8zyrE{Y%X_gN#iei7(P4R zuvai`a^6CETX;qx7rXj*l~IG}37P`eMtW`Ml$%Rxwo5Cb}#Nbz^RYv#xgKP7Oe;uxG)pxl(5d$@K;pj^w!l*s>6 ziavvIf3KiTDH&3qX(gqCsK%m$FCA*CalmXv)F69|uQ4jTV-n3&#u&Yt5YA7DpIXGU z9YN+OEPOOYlbOljTr(%;^Q;d3y|(8S0w(G+tLY#q=6TSs1My>Um$#r!d_Jk&$#T3& z#&@)Q)nV&RaZ9FIbZKax;dHfrf0C3z;F+~)Acp)Zoh4`|<%BZ_jg>aX<0FbQ2WuQ* z5>n23O6R7{*%ow&&Jhr41Amv>iq*&r8|=FzO{A);vNQQEsj}*x*uu|-4*VCswILg~ zZRNy2gfA%FX5aeap`7`Pt9>rRq%=%0?3BXr6-LrtXscri_~->GF@8)0HAs#1WZRJ@ z|1q>gmeQbQvD<6XKV1tMO#(Zav_e6M?}r8^#w8)dOQx9-C^#`nbwL2hdECQF+GJm< zMxHT3P~(16>(hu&MTYW46JJ!8?eL8)t2ys1-Ns;UBxEudWW%r>Mg_qOrBptGG%3Zk z7pJ{wVRP;FM1ME35Pm?gwZbv)8e9%tJX{6Rj6NYT^C>4A(<>Sghl7cE`XORCpC?9- zhriJ=;lpY5IO>GVtl5&u(Dve0DHE&n*pRdk#f{r069NTWlM!QzF&V`ii-=d1*+Rf) zM2eWX!WhAXW`Wr9likXff@r#Nh;>BraCFh;%p%oH6NtDFJ2jOT-EmgK{T$x1;Bw#z ztgVR9ASW?6FnmH2ydPQK2Vvj-*};`p#3>7=TZhCJ$LQu0rY3bbH!diLZT2w+I(mNG zb`11pCeg(-7@MkXvEY0fx0Hj>32_!-74(##gEb1$N5-(z!Z zwqu4Iv(X8S(T0XyzCE{RO>%e2;+kkW`#Q8{Z4=)k$l?2RHsB?VTk+1khs1^Zzgr)H A#{d8T diff --git a/po/it.po b/po/it.po index 9b362a7..82891ab 100644 --- a/po/it.po +++ b/po/it.po @@ -1,1130 +1,2407 @@ # Italian translation for cryptsetup. -# Copyright (C) 2010, 2011, 2012, 2013, 2014 Free Software Foundation, Inc. +# Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2018 Free Software Foundation, Inc. # This file is put in the public domain. # Sergio Zanchetta , 2010, 2011, 2012. -# Milo Casagrande , 2013, 2014. +# Milo Casagrande , 2013, 2014, 2015, 2016, 2018, 2019. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup-1.6.7\n" +"Project-Id-Version: cryptsetup-2.1.0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-19 14:15+0100\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2019-01-28 09:18+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" -"X-Generator: Poedit 1.7.5\n" +"X-Generator: Poedit 2.2.1\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"Impossibile inizializzare device-mapper: in esecuzione come utente non-" -"root.\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Impossibile inizializzare device-mapper: in esecuzione come utente non-root." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"Impossibile inizializzare device-mapper. Forse il modulo kernel dm_mod non è " -"caricato.\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Impossibile inizializzare device-mapper. Forse il modulo kernel dm_mod non è caricato." -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Il flag posticipato richiesto non è supportato." + +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "Il DM-UUID per il device %s è stato troncato.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "Il DM-UUID per il dispositivo %s è stato troncato." + +#: lib/libdevmapper.c:1520 +#, fuzzy +msgid "Unknown dm target type." +msgstr "Tipo PBKDF %s non riconosciuto." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Le opzioni di prestazioni richieste per dm-crypt non sono supportate." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Le opzioni di gestione dei dati rovinati richieste per dm-verity non sono supportate." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Le opzioni FEC dm-verity richieste non sono supportate." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Le opzioni di integrità dei dati richieste non sono supportate." -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Le opzioni di prestazioni richieste per dmcrypt non sono supportate.\n" +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "L'opzione sector_size richiesta non è supportata." -#: lib/random.c:76 +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Il ricalcolo automatico dei tag d'integrità non è supportato." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Discard/TRIM non è supportato." + +#: lib/libdevmapper.c:1653 +#, fuzzy +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Le opzioni di integrità dei dati richieste non sono supportate." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Interrogazione del segmento dm-%s non riuscita." + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" -"Il sistema non ha un'entropia sufficiente mentre viene generata la chiave di " -"volume.\n" -"Muovere il mouse o digitare del testo in un'altra finestra per accumulare " -"più eventi casuali.\n" +"Il sistema non ha un'entropia sufficiente mentre viene generata la chiave di volume.\n" +"Muovere il mouse o digitare del testo in un'altra finestra per accumulare più eventi casuali.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Generazione chiave (%d%% completato).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "Errore fatale durante l'inizializzazione dell'RNG.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Esecuzione in modalità FIPS." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "Qualità richiesta per l'RNG sconosciuta.\n" +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Errore fatale durante l'inizializzazione dell'RNG." -#: lib/random.c:211 -#, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Errore %d nel leggere dall'RNG: %s\n" +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Qualità richiesta per l'RNG sconosciuta." -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "Impossibile inizializzare il backend crypto RNG.\n" +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Errore nel leggere dall'RNG." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Impossibile inizializzare il backend crypto.\n" +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Impossibile inizializzare il backend crypto RNG." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Impossibile inizializzare il backend crypto." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "L'algoritmo di hash %s non è supportato.\n" +msgid "Hash algorithm %s not supported." +msgstr "Algoritmo di hash %s non supportato." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Errore nell'elaborazione della chiave (usando l'hash %s).\n" +msgid "Key processing error (using hash %s)." +msgstr "Errore nell'elaborazione della chiave (usando l'hash %s)." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"Impossibile determinare il tipo di device. Attivazione incompatibile del " -"device?\n" +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Impossibile determinare il tipo di dispositivo. Attivazione incompatibile del dispositivo?" -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Questa operazione è supportata solo per i device LUKS.\n" +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Questa operazione è supportata solo per il dispositivo LUKS." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Tutti gli slot di chiave sono pieni.\n" +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Questa operazione è supportata solo per il dispositivo LUKS2." -#: lib/setup.c:327 +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Tutti gli slot di chiave sono pieni." + +#: lib/setup.c:434 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d." -#: lib/setup.c:333 +#: lib/setup.c:440 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "Lo slot di chiave %d è pieno, selezionarne un altro.\n" +msgid "Key slot %d is full, please select another one." +msgstr "Lo slot di chiave %d è pieno, selezionarne un altro." + +#: lib/setup.c:525 lib/setup.c:2824 +#, fuzzy +msgid "Device size is not aligned to device logical block size." +msgstr "La dimensione del dispositivo non è allineata con la dimensione del settore richiesta." -#: lib/setup.c:472 +#: lib/setup.c:624 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Inserire la passphrase per %s: " +msgid "Header detected but device %s is too small." +msgstr "Rilevato un header, ma il dispositivo %s è troppo piccolo." -#: lib/setup.c:653 +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Questa operazione non è supportata per questo tipo di dispositivo." + +#: lib/setup.c:666 +#, fuzzy +msgid "Illegal operation with reencryption in-progress." +msgstr "Re-cifratura offline in corso. Terminato." + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "Rilevato un header, ma il device %s è troppo piccolo.\n" +msgid "Unsupported LUKS version %d." +msgstr "Versione %d di LUKS non supportata." -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Questa operazione non è supportata per questo tipo di device.\n" +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Il dispositivo di metadati scollegato non è supportato per questo tipo di cifratura." -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Device %s is not active.\n" -msgstr "Il device %s non è attivo.\n" +msgid "Device %s is not active." +msgstr "Il dispositivo %s non è attivo." -#: lib/setup.c:925 +#: lib/setup.c:1444 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "Device sottostante a quello cifrato %s scomparso.\n" +msgid "Underlying device for crypt device %s disappeared." +msgstr "Device sottostante a quello cifrato %s scomparso." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Parametri di cifratura in chiaro non validi.\n" +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Parametri di cifratura in chiaro non validi." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Dimensione della chiave non valida.\n" +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Dimensione della chiave non valida." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "UUID non è supportato per questo tipo di cifratura.\n" +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID non è supportato per questo tipo di cifratura." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Impossibile formattare LUKS senza device.\n" +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Dimensione settore di cifratura non supportato." -#: lib/setup.c:1089 -#, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Impossibile formattare il device %s che risulta ancora in uso.\n" +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "La dimensione del dispositivo non è allineata con la dimensione del settore richiesta." -#: lib/setup.c:1092 -#, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Impossibile formattare il device %s, permessi non concessi.\n" +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Impossibile formattare LUKS senza dispositivo." -#: lib/setup.c:1096 +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "L'allineamento dei dati richiesti non è compatibile con l'offset dei dati." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "Attenzione: l'offset dei dati è al di fuori del dispositivo dati attualmente disponibile.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Impossibile ripulire l'header sul device %s.\n" +msgid "Cannot wipe header on device %s." +msgstr "Impossibile ripulire l'header sul dispositivo %s." -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "Impossibile formattare LOOPAES senza device.\n" +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "Attenzione: l'attivazione del dispositivo non riuscirà, dm-crypt manca il supporto per la dimensione del settore di crittografia richiesta.\n" -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "Impossibile formattare VERITY senza device.\n" +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "La chiave di volume è troppo piccola per la cifratura con estensioni di integrità." -#: lib/setup.c:1160 lib/verity/verity.c:106 +#: lib/setup.c:1821 #, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Tipo di hash %d VERITY non supportato.\n" +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Il cifrario %s-%s (dimensione chiave di %zd byte) non è disponibile." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Dimensione blocco VERITY non supportata.\n" +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "" -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Offset hash VERITY non supportato.\n" +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" -#: lib/setup.c:1285 +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Richiesto device cifrato di tipo %s sconosciuto.\n" +msgid "Device %s is too small." +msgstr "Il dispositivo %s è troppo piccolo." -#: lib/setup.c:1435 -msgid "Do you really want to change UUID of device?" -msgstr "Cambiare veramente l'UUID del device?" +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Impossibile formattare il dispositivo %s che risulta ancora in uso." -#: lib/setup.c:1545 +#: lib/setup.c:1896 lib/setup.c:1922 #, c-format -msgid "Volume %s is not active.\n" -msgstr "Il volume %s non è attivo.\n" +msgid "Cannot format device %s, permission denied." +msgstr "Impossibile formattare il dispositivo %s, permessi non concessi." -#: lib/setup.c:1556 +#: lib/setup.c:1908 lib/setup.c:2229 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Il volume %s è già sospeso.\n" +msgid "Cannot format integrity for device %s." +msgstr "Impossibile formattare l'integrità per il dispositivo %s." -#: lib/setup.c:1563 +#: lib/setup.c:1926 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "La sospensione non è supportata per il device %s.\n" +msgid "Cannot format device %s." +msgstr "Impossibile formattare il dispositivo %s." -#: lib/setup.c:1565 +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Impossibile formattare LOOPAES senza dispositivo." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Impossibile formattare VERITY senza dispositivo." + +#: lib/setup.c:2000 lib/verity/verity.c:102 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Errore durante la sospensione del device %s.\n" +msgid "Unsupported VERITY hash type %d." +msgstr "Tipo di hash %d VERITY non supportato." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Dimensione blocco VERITY non supportata." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Offset hash VERITY non supportato." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Offset FEC VERITY non supportato." + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "L'area dati si sovrappone a quella di hash." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "L'area di hash si sovrappone a quella FEC." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "L'area dati si sovrappone a quella FEC." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:2208 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Il volume %s non è sospeso.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" -#: lib/setup.c:1605 +#: lib/setup.c:2286 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Il ripristino non è supportato per il device %s.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Richiesto dispositivo cifrato di tipo %s sconosciuto." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Errore durante il ripristino del device %s.\n" +msgid "Unsupported parameters on device %s." +msgstr "Parametri non supportati sul dispositivo %s." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Inserire la passphrase: " +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Parametri non corrispondenti sul dispositivo %s." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." msgstr "" -"Impossibile aggiungere uno slot di chiave, tutti gli slot sono disabilitati " -"e nessuna chiave di volume è stata fornita.\n" -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Inserire una delle passphrase esistenti: " +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "Stat del dispositivo %s non riuscita." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Inserire la nuova passphrase per lo slot di chiave: " +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, fuzzy, c-format +msgid "Failed to suspend device %s." +msgstr "Stat del dispositivo %s non riuscita." -#: lib/setup.c:1798 -#, c-format -msgid "Key slot %d changed.\n" -msgstr "Slot di chiave %d cambiato.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "Stat del dispositivo %s non riuscita." -#: lib/setup.c:1801 +#: lib/setup.c:2732 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Sostituito con lo slot di chiave %d.\n" +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Sostituzione del nuovo slot di chiave non riuscita.\n" +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Stat del dispositivo %s non riuscita." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "La chiave di volume non corrisponde al volume.\n" +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Impossibile ridimensionare un dispositivo di loopback." -#: lib/setup.c:1961 -#, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Lo slot di chiave %d non è valido.\n" +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "Cambiare veramente l'UUID del dispositivo?" + +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Il file di backup dell'header non contiene un header LUKS compatibile." -#: lib/setup.c:1966 +#: lib/setup.c:3058 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Lo slot di chiave %d non è utilizzato.\n" +msgid "Volume %s is not active." +msgstr "Il volume %s non è attivo." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:3069 #, c-format -msgid "Device %s already exists.\n" -msgstr "Esiste già un device %s.\n" +msgid "Volume %s is already suspended." +msgstr "Il volume %s è già sospeso." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "" -"Specificata una chiave di volume non corretta per il device in chiaro.\n" +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "La sospensione non è supportata per il dispositivo %s." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" -msgstr "Specificato un hash root non corretto per il device verity.\n" +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "Errore durante la sospensione del dispositivo %s." -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Il tipo di device non è inizializzato correttamente.\n" +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "Il volume %s non è sospeso." -#: lib/setup.c:2259 +#: lib/setup.c:3146 #, c-format -msgid "Device %s is still in use.\n" -msgstr "Il device %s è ancora in uso.\n" +msgid "Resume is not supported for device %s." +msgstr "Il ripristino non è supportato per il dispositivo %s." -#: lib/setup.c:2268 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, c-format -msgid "Invalid device %s.\n" -msgstr "Device %s non valido.\n" +msgid "Error during resuming device %s." +msgstr "Errore durante il ripristino del dispositivo %s." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Funzione non disponibile in modalità FIPS.\n" +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "La chiave di volume non corrisponde al volume." -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Buffer di chiave del volume troppo piccolo.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Impossibile aggiungere uno slot di chiave, tutti gli slot sono disabilitati e nessuna chiave di volume è stata fornita." -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "Impossibile recuperare la chiave di volume per il device in chiaro.\n" +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Sostituzione del nuovo slot di chiave non riuscita." -#: lib/setup.c:2310 +#: lib/setup.c:3669 #, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Questa operazione non è supportata per il device cifrato %s.\n" +msgid "Key slot %d is invalid." +msgstr "Lo slot di chiave %d non è valido." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "L'operazione di dump non è supportata per questo tipo di device.\n" +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Lo slot di chiave %d non è attivo." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Impossibile ottenere la priorità del processo.\n" +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "L'header del dispositivo si sovrappone all'area dati." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Impossibile sbloccare la memoria.\n" +#: lib/setup.c:3981 +#, fuzzy +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Re-cifratura in corso." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Memoria esaurita durante la lettura della passphrase.\n" +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +#, fuzzy +msgid "Failed to get reencryption lock." +msgstr "Impossibile acquisire blocco del dispositivo di scrittura." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Errore nel leggere la passphrase dal terminale.\n" +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +#, fuzzy +msgid "LUKS2 reencryption recovery failed." +msgstr "Dimensione settore di cifratura non supportato." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Verifica passphrase: " +#: lib/setup.c:4127 lib/setup.c:4379 +#, fuzzy +msgid "Device type is not properly initialized." +msgstr "Il tipo di dispositivo non è inizializzato correttamente." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Le passphrase non corrispondono.\n" +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Impossibile formattare il dispositivo %s che risulta ancora in uso." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Impossibile usare l'offset con l'input da terminale.\n" +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "Esiste già un dispositivo %s." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "Apertura del file chiave non riuscita.\n" +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Specificata una chiave di volume non corretta per il dispositivo in chiaro." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "Stat del file chiave non riuscito.\n" +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Specificato un hash root non corretto per il dispositivo verity." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "Impossibile posizionarsi all'offset del file di chiave richiesto.\n" +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "" -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Errore nel leggere la passphrase.\n" +#: lib/setup.c:4421 +#, fuzzy +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Il portachiavi del kernel non è supportato dal kernel." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Dimensione massima del file chiave superata.\n" +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Caricamento chiave nel portachiavi del kernel non riuscito." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "Impossibile leggere la quantità richiesta di dati.\n" +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Il dispositivo %s è ancora in uso." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/setup.c:4516 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Il device %s non esiste oppure è negato l'accesso.\n" +msgid "Invalid device %s." +msgstr "Device %s non valido." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "" -"Impossibile usare un device di loopback, in esecuzione come utente non " -"root.\n" +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Buffer di chiave del volume troppo piccolo." -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Impossibile trovare un device di loopback libero.\n" +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Impossibile recuperare la chiave di volume per il dispositivo in chiaro." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" -"Collegamento del device di loopback non riuscito (è richiesto un device di " -"loop con flag autoclear).\n" +#: lib/setup.c:4657 +#, fuzzy +msgid "Cannot retrieve root hash for verity device." +msgstr "Specificato un hash root non corretto per il dispositivo verity." -#: lib/utils_device.c:484 +#: lib/setup.c:4659 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" -msgstr "" -"Impossibile disporre del device %s il quale è in uso (già mappato o " -"montato).\n" +msgid "This operation is not supported for %s crypt device." +msgstr "Questa operazione non è supportata per il dispositivo cifrato %s." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "L'operazione di dump non è supportata per questo tipo di dispositivo." -#: lib/utils_device.c:488 +#: lib/setup.c:5190 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Impossibile ottenere informazioni sul device %s.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "" -#: lib/utils_device.c:494 +#: lib/setup.c:5475 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "L'offset richiesto è oltre la dimensione reale del device %s.\n" +msgid "Cannot convert device %s which is still in use." +msgstr "Impossibile convertire il dispositivo %s che risulta ancora in uso." -#: lib/utils_device.c:502 +#: lib/setup.c:5772 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Il device %s ha dimensione zero.\n" +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Assegnamento slot di chiave %u come nuova chiave del volume non riuscito." + +#: lib/setup.c:5845 +#, fuzzy +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Inizializzazione parametri predefiniti per lo slot di chiave LUKS2 non riuscita." -#: lib/utils_device.c:513 +#: lib/setup.c:5851 #, c-format -msgid "Device %s is too small.\n" -msgstr "Il device %s è troppo piccolo.\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "Assegnazione slot di chiave %d al digest non riuscita." -#: lib/luks1/keyencryption.c:37 +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Il portachiavi del kernel non è supportato dal kernel." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "" -"Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" -msgstr "" -"Impostazione mappatura di chiave dm-crypt non riuscita per il device %s.\n" -"Controllare che il kernel supporti il cifrario %s (controllare il syslog per " -"maggiori informazioni).\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Lettura della passphrase dal portachiavi non riuscita (errore %d)." -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." msgstr "" -"La dimensione della chiave in modalità XTS deve essere 256 o 512 bit.\n" -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 -#, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Impossibile scrivere sul device %s, permessi non concessi.\n" +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Impossibile ottenere la priorità del processo." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Impossibile sbloccare la memoria." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Apertura del file chiave non riuscita." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Impossibile leggere il file chiave dal terminale." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Stat del file chiave non riuscito." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Impossibile posizionarsi all'offset del file di chiave richiesto." -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "Apertura del device temporaneo di deposito chiavi non riuscita.\n" +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Memoria esaurita durante la lettura della passphrase." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "Accesso al device temporaneo di deposito chiavi non riuscito.\n" +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Errore nel leggere la passphrase." -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "Errore di IO durante la cifratura dello slot di chiave.\n" +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Nessun dato da leggere sull'input." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "Errore di IO durante la decifratura dello slot di chiave.\n" +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Dimensione massima del file chiave superata." -#: lib/luks1/keymanage.c:90 +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Impossibile leggere la quantità richiesta di dati." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, fuzzy, c-format +msgid "Device %s does not exist or access denied." +msgstr "Il dispositivo %s non esiste oppure è negato l'accesso." + +#: lib/utils_device.c:197 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "Il device %s è troppo piccolo (LUKS richiede almeno % byte).\n" +msgid "Device %s is not compatible." +msgstr "Il dispositivo %s non è compatibile." -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/utils_device.c:642 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "Il device %s non è un device LUKS valido.\n" +msgid "Device %s is too small. Need at least % bytes." +msgstr "Il dispositivo %s è troppo piccolo, sono necessari almeno % byte." -#: lib/luks1/keymanage.c:198 +#: lib/utils_device.c:723 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Il file di backup dell'header %s richiesto esiste già.\n" +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Impossibile utilizzare il dispositivo %s il quale è in uso (già mappato o montato)." -#: lib/luks1/keymanage.c:200 +#: lib/utils_device.c:727 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Impossibile creare il file di backup dell'header %s.\n" +msgid "Cannot use device %s, permission denied." +msgstr "Impossibile usare il dispositivo %s, permessi negati." -#: lib/luks1/keymanage.c:205 +#: lib/utils_device.c:730 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Impossibile scrivere il file di backup dell'header %s.\n" +msgid "Cannot get info about device %s." +msgstr "Impossibile ottenere informazioni sul dispositivo %s." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Il file di backup non contiene un header LUKS valido.\n" +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Impossibile usare un dispositivo di loopback, in esecuzione come utente non root." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Collegamento del dispositivo di loopback non riuscito (è richiesto un dispositivo di loop con flag autoclear)." + +#: lib/utils_device.c:809 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Impossibile aprire il file di backup dell'header %s.\n" +msgid "Requested offset is beyond real size of device %s." +msgstr "L'offset richiesto è oltre la dimensione reale del dispositivo %s." -#: lib/luks1/keymanage.c:258 +#: lib/utils_device.c:817 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Impossibile leggere il file di backup dell'header %s.\n" +msgid "Device %s has zero size." +msgstr "Il dispositivo %s ha dimensione zero." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"L'offset di dati oppure la dimensione della chiave sono diversi tra il " -"device e il backup, ripristino non riuscito.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Il tempo PBKDF richiesto non può essere zero." -#: lib/luks1/keymanage.c:277 +#: lib/utils_pbkdf.c:106 #, c-format -msgid "Device %s %s%s" -msgstr "Il device %s %s%s" +msgid "Unknown PBKDF type %s." +msgstr "Tipo PBKDF %s non riconosciuto." -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"non contiene un header LUKS. La sostituzione dell'header può distruggere i " -"dati in quel device." +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "L'hash %s richiesto non è supportato." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"contiene già un header LUKS. La sostituzione dell'header distruggerà gli " -"slot di chiave esistenti." +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Il tipo PBKDF richiesto non è supportato per LUKS1." -#: lib/luks1/keymanage.c:280 -msgid "" -"\n" -"WARNING: real device header has different UUID than backup!" -msgstr "" -"\n" -"ATTENZIONE: l'header reale del device ha un UUID diverso da quello di backup." +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Memoria massima o thread paralleli PBKDF non devono essere impostati con pbkdf2." -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Cannot open device %s.\n" -msgstr "Impossibile aprire il device %s.\n" +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Il conteggio delle iterazioni forzate è troppo basso per %s (minimo è %u)." -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "" -"Dimensione non standard della chiave, è richiesta una riparazione manuale.\n" +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Il costo della memoria forzata è troppo basso per %s (minimo è %u kilobyte)." -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" -"Allineamento slot di chiave non standard, richiesta riparazione manuale.\n" +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Il costo massimo richiesto per la memoria PBKDF è troppo elevato (massimo è %d kilobyte)." -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Riparazione degli slot di chiave.\n" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "La memoria PBKDF massima richiesta non può essere zero." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Riparazione non riuscita." +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "I thread paralleli PBKDF richiesti non possono essere zero." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Benchmark PBKDF disabilitato, ma iterazioni non impostate." -#: lib/luks1/keymanage.c:363 +#: lib/utils_benchmark.c:191 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Slot di chiave %i: offset riparato (%u -> %u).\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Opzioni PBKDF2 non compatibili (usando l'algoritmo di hash %s)." -#: lib/luks1/keymanage.c:371 +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Opzioni PBKDF non compatibili." + +#: lib/utils_device_locking.c:102 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Slot di chiave %i: strisce riparate (%u -> %u).\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Blocco interrotto. Il percorso di blocco %s/%s è inutilizzabile (non una directory o mancante)." -#: lib/luks1/keymanage.c:380 +#: lib/utils_device_locking.c:109 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Slot di chiave %i: firma della partizione inesistente.\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "Attenzione: la directory di blocco %s/%s non esiste.\n" -#: lib/luks1/keymanage.c:385 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Slot di chiave %i: salt ripulita.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Blocco interrotto. Il percorso di blocco %s/%s è inutilizzabile (%s non è una directory)." -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "Scrittura dell'header LUKS sul disco.\n" +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Impossibile posizionarsi all'offset del dispositivo." -#: lib/luks1/keymanage.c:421 +#: lib/utils_wipe.c:208 #, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Versione %d di LUKS non supportata.\n" +msgid "Device wipe error, offset %." +msgstr "" -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 +#: lib/luks1/keyencryption.c:39 #, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "L'hash %s di LUKS richiesto non è supportato.\n" +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Impostazione mappatura di chiave dm-crypt non riuscita per il dispositivo %s.\n" +"Controllare che il kernel supporti il cifrario %s (controllare syslog per maggiori informazioni)." -#: lib/luks1/keymanage.c:442 -#, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "Lo slot di chiave LUKS %u non è valido.\n" +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "La dimensione della chiave in modalità XTS deve essere 256 o 512 bit." -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "Nessun problema conosciuto rilevato per l'header LUKS.\n" +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "La specifica del cifrario dovrebbe essere nel formato [cifrario]-[modalità]-[iv]." -#: lib/luks1/keymanage.c:596 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 #, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Errore durante l'aggiornamento dell'header LUKS sul device %s.\n" +msgid "Cannot write to device %s, permission denied." +msgstr "Impossibile scrivere sul dispositivo %s, permessi negati." -#: lib/luks1/keymanage.c:603 -#, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Errore nel rileggere l'header LUKS dopo l'aggiornamento sul device %s.\n" +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Apertura del dispositivo temporaneo di deposito chiavi non riuscita." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Accesso al dispositivo temporaneo di deposito chiavi non riuscito." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Errore di IO durante la cifratura dello slot di chiave." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 #, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"L'offset dei dati per l'header LUKS scollegato deve essere 0 o maggiore " -"della dimensione dell'header (%d settori).\n" +msgid "Cannot open device %s." +msgstr "Impossibile aprire il dispositivo %s." -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Fornito un formato UUID per LUKS errato.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Errore di IO durante la decifratura dello slot di chiave." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "Impossibile creare l'header LUKS: lettura salt casuale non riuscita.\n" +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Il dispositivo %s è troppo piccolo (LUKS1 richiede almeno % byte)." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 #, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Opzioni PBKDF2 non compatibili (usando l'algoritmo di hash %s).\n" +msgid "LUKS keyslot %u is invalid." +msgstr "Lo slot di chiave LUKS %u non è valido." -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Impossibile creare l'header LUKS: digest dell'header non riuscito (usando " -"l'hash %s).\n" +msgid "Device %s is not a valid LUKS device." +msgstr "Il dispositivo %s non è un dispositivo LUKS valido." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "Slot di chiave %d attivo, eliminarlo prima.\n" +msgid "Requested header backup file %s already exists." +msgstr "Il file di backup dell'header %s richiesto esiste già." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Il materiale dello slot di chiave %d contiene troppe poche strisce. " -"Manipolazione dell'header?\n" +msgid "Cannot create header backup file %s." +msgstr "Impossibile creare il file di backup dell'header %s." -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Slot di chiave %d sbloccato.\n" +msgid "Cannot write header backup file %s." +msgstr "Impossibile scrivere il file di backup dell'header %s." -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Nessuna chiave disponibile con questa passphrase.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +#, fuzzy +msgid "Backup file does not contain valid LUKS header." +msgstr "Il file di backup non contiene un header LUKS valido." -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d.\n" +msgid "Cannot open header backup file %s." +msgstr "Impossibile aprire il file di backup dell'header %s." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Impossibile ripulire il device %s.\n" +msgid "Cannot read header backup file %s." +msgstr "Impossibile leggere il file di backup dell'header %s." -#: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "Rilevato un file chiave cifrato con GPG non ancora supportato.\n" +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "L'offset di dati oppure la dimensione della chiave sono diversi tra il dispositivo e il backup, ripristino non riuscito." -#: lib/loopaes/loopaes.c:147 -msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" -msgstr "Usare gpg --decrypt | cryptsetup --keyfile=- ...\n" +#: lib/luks1/keymanage.c:325 +#, c-format +msgid "Device %s %s%s" +msgstr "Il dispositivo %s %s%s" -#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Rilevato file chiave loop-AES non compatibile.\n" +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "non contiene un header LUKS. La sostituzione dell'header può distruggere i dati in quel dispositivo." + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "contiene già un header LUKS. La sostituzione dell'header distruggerà gli slot di chiave esistenti." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "Il kernel non supporta la mappatura compatibile loop-AES.\n" +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"Attenzione: l'header reale del dispositivo ha un UUID diverso da quello di backup." + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Dimensione non standard della chiave, è richiesta una riparazione manuale." + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Allineamento slot di chiave non standard, richiesta riparazione manuale." -#: lib/tcrypt/tcrypt.c:475 +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Riparazione degli slot di chiave." + +#: lib/luks1/keymanage.c:409 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Slot di chiave %i: offset riparato (%u -> %u)." + +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Errore nel leggere il file chiave %s.\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Slot di chiave %i: strisce riparate (%u -> %u)." -#: lib/tcrypt/tcrypt.c:513 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "Lunghezza massima (%d) della passphrase TCRYPT superata.\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Slot di chiave %i: firma della partizione non corretta." -#: lib/tcrypt/tcrypt.c:543 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "L'algoritmo di hash PBKDF2 %s non è disponibile, viene saltato.\n" +msgid "Keyslot %i: salt wiped." +msgstr "Slot di chiave %i: salt ripulito." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "Interfaccia kernel richiesta del cifrario non è disponibile.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Scrittura dell'header LUKS sul disco." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "Assicurarsi di avere il modulo del kernel algif_skcipher caricato.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Riparazione non riuscita." -#: lib/tcrypt/tcrypt.c:707 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "L'attivazione non è supportata per la dimensione del settore di %d.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "L'hash %s di LUKS richiesto non è supportato." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "" -"Il kernel non supporta l'attivazione per questa modalità legacy TCRYPT.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Nessun problema conosciuto rilevato per l'header LUKS." -#: lib/tcrypt/tcrypt.c:744 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "Attivazione sistema di cifratura TCRYPT per la partizione %s.\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Errore durante l'aggiornamento dell'header LUKS sul dispositivo %s." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "Il kernel non supporta la mappatura compatibile TCYPRT.\n" +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Errore nel rileggere l'header LUKS dopo l'aggiornamento sul dispositivo %s." -#: lib/tcrypt/tcrypt.c:1020 -msgid "This function is not supported without TCRYPT header load." -msgstr "Questa funzione non è supportata senza l'header TCRYPT caricato." +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "L'offset dei dati per l'header LUKS deve essere 0 o maggiore della dimensione dell'header." + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Fornito un formato UUID per LUKS errato." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Impossibile creare l'header LUKS: lettura salt casuale non riuscita." + +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "Il device verity %s non usa header on-disk.\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Impossibile creare l'header LUKS: digest dell'header non riuscito (usando l'hash %s)." -#: lib/verity/verity.c:94 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Il device %s non è un device VERITY valido.\n" +msgid "Key slot %d active, purge first." +msgstr "Slot di chiave %d attivo, eliminarlo prima." -#: lib/verity/verity.c:101 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "Versione %d di VERITY non supportata.\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Il materiale dello slot di chiave %d contiene troppe poche strisce. Manipolazione dell'header?" -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "Header VERITY danneggiato.\n" +#: lib/luks1/keymanage.c:990 +#, fuzzy, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Errore nell'elaborazione della chiave (usando l'hash %s)." -#: lib/verity/verity.c:166 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "Fornito un formato UUID per VERITY errato sul device %s.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d." -#: lib/verity/verity.c:196 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Errore durante l'aggiornamento dell'header verity sul device %s.\n" +msgid "Cannot wipe device %s." +msgstr "Impossibile ripulire il dispositivo %s." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "Il kernel non supporta la mappatura dm-verity.\n" +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Rilevato un file chiave cifrato con GPG non ancora supportato." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "Il device verity ha rilevato un'anomalia dopo l'attivazione.\n" +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "Usare gpg --decrypt | cryptsetup --keyfile=- ...\n" -#: lib/verity/verity_hash.c:59 -#, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "L'area spare non risulta essere a zero alla posizione %.\n" +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "Rilevato file chiave loop-AES non compatibile." -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Overflow offset del device.\n" +#: lib/loopaes/loopaes.c:245 +#, fuzzy +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Il kernel non supporta la mappatura compatibile loop-AES." -#: lib/verity/verity_hash.c:161 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Verification failed at position %.\n" -msgstr "Verifica alla posizione % non riuscita.\n" +msgid "Error reading keyfile %s." +msgstr "Errore nel leggere il file chiave %s." -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Parametri della dimensione non validi per il device verity.\n" +#: lib/tcrypt/tcrypt.c:554 +#, fuzzy, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Lunghezza massima (%d) della passphrase TCRYPT superata." -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Troppi livelli d'albero per il volume verity.\n" +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "L'algoritmo di hash PBKDF2 %s non è disponibile, viene saltato." -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "Verifica dell'area dati non riuscita.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "L'interfaccia kernel richiesta del cifrario non è disponibile." -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "Verifica dall'hash principale non riuscita.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Assicurarsi di avere il modulo del kernel algif_skcipher caricato." -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "Errore di input/output nel creare l'area hash.\n" +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "Attivazione non supportata per la dimensione del settore di %d." -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "Creazione dell'area hash non riuscita.\n" +#: lib/tcrypt/tcrypt.c:759 +#, fuzzy +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Il kernel non supporta l'attivazione per questa modalità legacy TCRYPT." -#: lib/verity/verity_hash.c:414 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" -"Attenzione: il kernel non può attivare il device se la dimensione del blocco " -"dati supera la dimensione di pagina (%u).\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Attivazione sistema di cifratura TCRYPT per la partizione %s." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "Impossibile verificare la passphrase su input non tty.\n" +#: lib/tcrypt/tcrypt.c:871 +#, fuzzy +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Il kernel non supporta la mappatura compatibile TCYPRT." + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "Questa funzione non è supportata senza l'header TCRYPT caricato." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Non è stato rilevato alcun modello noto di specifica di cifrario.\n" +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." msgstr "" -"Attenzione: il parametro --hash viene ignorato in modalità normale con file " -"di chiave specificato.\n" -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "" -"Attenzione: l'opzione --keyfile-size viene ignorata, la dimensione di " -"lettura è la stessa della dimensione della chiave di cifratura.\n" -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "È richiesta l'opzione --key-file.\n" +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Nessun header di device rilevato con questa passphrase.\n" +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Letture dei requisiti LUKS2 non riuscita." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." msgstr "" -"Il dump dell'header LUKS con la chiave di volume contiene informazioni\n" -"confidenziali che permettono di accedere alla partizione cifrata senza " -"passphrase.\n" -"Questo dump dovrebbe sempre essere salvato in modo cifrato in un luogo " -"sicuro." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Il risultato del benchmark non è attendibile.\n" +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." msgstr "" -"# I test sono aprossimati usando solo la memoria (nessun IO dall'archivio).\n" -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algoritmo | Chiave | Cifratura | Decifratura\n" +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Dimensione settore di cifratura non supportato." + +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Letture dei requisiti LUKS2 non riuscita." + +#: lib/bitlk/bitlk.c:543 +#, fuzzy, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Letture dei requisiti LUKS2 non riuscita." + +#: lib/bitlk/bitlk.c:594 +#, fuzzy +msgid "Unknown or unsupported encryption type." +msgstr "Dimensione settore di cifratura non supportato." + +#: lib/bitlk/bitlk.c:627 +#, fuzzy, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Letture dei requisiti LUKS2 non riuscita." + +#: lib/bitlk/bitlk.c:921 +#, fuzzy +msgid "This operation is not supported." +msgstr "Questa operazione non è supportata per il dispositivo cifrato %s." + +#: lib/bitlk/bitlk.c:929 +#, fuzzy +msgid "Wrong key size." +msgstr "Dimensione della chiave non valida." + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" -#: src/cryptsetup.c:587 +#: lib/bitlk/bitlk.c:987 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Il cifrario %s non è disponibile.\n" +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "N/D" +#: lib/bitlk/bitlk.c:1069 +#, fuzzy +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Attivazione del dispositivo temporaneo non riuscita." -#: src/cryptsetup.c:639 -#, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Impossibile leggere il file chiave %s.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" -#: src/cryptsetup.c:643 -#, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Impossibile leggere %d byte dal file chiave %s.\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Provare a riparare l'header del device LUKS?" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, fuzzy, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Il dispositivo verity %s non usa header su disco." -#: src/cryptsetup.c:697 +#: lib/verity/verity.c:90 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Ciò sovrascriverà i dati in %s in modo irreversibile." +msgid "Device %s is not a valid VERITY device." +msgstr "Il dispositivo %s non è un dispositivo VERITY valido." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "errore di allocazione di memoria in action_luksFormat" - -#: src/cryptsetup.c:717 +#: lib/verity/verity.c:97 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Impossibile usare %s come header on-disk.\n" +msgid "Unsupported VERITY version %d." +msgstr "Versione %d di VERITY non supportata." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" -"L'offset di dati ridotti è ammesso solo per l'header LUKS scollegato.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Header VERITY danneggiato." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity.c:165 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Slot di chiave %d selezionato per l'eliminazione.\n" +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Fornito un formato UUID per VERITY errato sul dispositivo %s." -#: src/cryptsetup.c:884 +#: lib/verity/verity.c:198 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Chiave %d non attiva. Impossibile ripulirla.\n" +msgid "Error during update of verity header on device %s." +msgstr "Errore durante l'aggiornamento dell'header verity sul dispositivo %s." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 -msgid "" -"This is the last keyslot. Device will become unusable after purging this key." -msgstr "" -"Questo è l'ultimo slot di chiave. Il device sarà inutilizzabile dopo aver " -"eliminato questa chiave." - -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Inserire una delle passphrase rimanenti: " +#: lib/verity/verity.c:256 +#, fuzzy +msgid "Root hash signature verification is not supported." +msgstr "L'hash %s richiesto non è supportato." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Inserire la passphrase da eliminare: " +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Impossibile risolvere gli errori con dispositivo FEC." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/verity/verity.c:269 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Inserire una delle passphrase esistenti: " - -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Inserire la passphrase da cambiare: " +msgid "Found %u repairable errors with FEC device." +msgstr "Trovati %u errori risolubili con dispositivo FEC." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Inserire la nuova passphrase: " +#: lib/verity/verity.c:308 +#, fuzzy +msgid "Kernel does not support dm-verity mapping." +msgstr "Il kernel non supporta la mappatura dm-verity." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "È supportato un solo argomento device per ogni operazione isLuks.\n" +#: lib/verity/verity.c:312 +#, fuzzy +msgid "Kernel does not support dm-verity signature option." +msgstr "Il kernel non supporta la mappatura dm-verity." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "È richiesta l'opzione --header-backup-file.\n" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Il dispositivo verity ha rilevato un'anomalia dopo l'attivazione." -#: src/cryptsetup.c:1304 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Tipo di dispositivo meta-data %s non riconosciuto.\n" +msgid "Spare area is not zeroed at position %." +msgstr "L'area spare non risulta essere a zero alla posizione %." -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" -msgstr "Il comando richiede un device e un nome di mappatura come argomenti.\n" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Overflow offset del dispositivo." -#: src/cryptsetup.c:1326 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." -msgstr "" -"Questa operazione eliminerà tutti gli slot di chiave sul device %s.\n" -"Il device sarà inutilizzabile dopo questa operazione." +msgid "Verification failed at position %." +msgstr "Verifica alla posizione % non riuscita." -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Parametri della dimensione non validi per il dispositivo verity." -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "Apre il device come mappatura in " +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Overflow dell'area di hash." -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Verifica dell'area dati non riuscita." -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "Chiude il device (rimuove la mappatura)" +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Verifica dall'hash root non riuscita." -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "Ridimensiona il device attivo" +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Errore di input/output nel creare l'area hash." -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "Mostra lo stato del device" +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Creazione dell'area hash non riuscita." -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "Esegue benchmark del cifrario" +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "Attenzione: il kernel non può attivare il dispositivo se la dimensione del blocco dati supera la dimensione di pagina (%u)." -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Allocazione contesto RS non riuscita." -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "Prova a riparare i meta-dati on-disk" +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Allocazione buffer non riuscita." -#: src/cryptsetup.c:1366 -msgid "erase all keyslots (remove encryption key)" -msgstr "Elimina tutti gli slot di chiavi (rimuove chiave di cifratura)" +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Lettura del blocco RS % byte %d non riuscita." -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Lettura bit di parità per il blocco RS % non riuscita." -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "Formatta un device LUKS" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Ripristino della parità per il blocco % non riuscito." -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "Aggiunge la chiave al device LUKS" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Scrittura della parità per il blocco RS % non riuscita." -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" -msgstr " []" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Le dimensioni del blocco devono corrispondere per FEC." -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "Rimuove la chiave fornita o il file chiave dal device LUKS" +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Numero di byte di parità non valido." -#: src/cryptsetup.c:1370 -msgid "changes supplied key or key file of LUKS device" -msgstr "Cambia la chiave fornita o il file chiave del device LUKS" +#: lib/verity/verity_fec.c:265 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "Impossibile determinare la dimensione per il dispositivo %s." -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +#, fuzzy +msgid "Kernel does not support dm-integrity mapping." +msgstr "Il kernel non supporta la mappatura dm-integrity." -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "Ripulisce la chiave con numero dal device LUKS" +#: lib/integrity/integrity.c:277 +#, fuzzy +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Il kernel non supporta la mappatura dm-integrity." -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "Stampa l'UUID del device LUKS" +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Impossibile acquisire il blocco di scrittura sul dispositivo %s." -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr "Verifica l'header della partizione LUKS di " +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" -#: src/cryptsetup.c:1374 -msgid "dump LUKS partition information" -msgstr "Esegue il dump delle informazioni sulla partizione LUKS" +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"Il dispositivo contiene firme ambigue, impossibile recuperare automaticamente LUKS2.\n" +"Eseguire \"cryptsetup repair\" per il recupero." -#: src/cryptsetup.c:1375 -msgid "dump TCRYPT device information" -msgstr "Esegue il dump delle informazioni TCRYPT del device" +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "L'offset dati richiesto è troppo piccolo." -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"Sospende il device LUKS e ripulisce la chiave (tutti gli I/O sono congelati)." +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "Attenzione: l'area degli slot di chiave è molto piccola (% byte), il conteggio degli slot di chiave LUKS2 disponibili è limitato.\n" + +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Impossibile acquisire il blocco di lettura sul dispositivo %s." -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Ripristina il device LUKS sospeso." +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Rilevati requisiti LUKS2 proibiti nel backup %s." -#: src/cryptsetup.c:1378 -msgid "Backup LUKS device header and keyslots" -msgstr "Fa il backup dell'header del device e degli slot di chiave" +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "L'offset di dati è diverso tra il dispositivo e il backup, ripristino non riuscito." -#: src/cryptsetup.c:1379 -msgid "Restore LUKS device header and keyslots" -msgstr "Ripristina l'header del device LUKS e gli slot di chiave" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "L'header binario con dimensione aree dello slot di chiave è diverso tra il dispositivo e il backup, ripristino non riuscito." -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "Il dispositivo %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "non contiene un header LUKS2. La sostituzione dell'header può distruggere i dati su quel dispositivo." + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "contiene già un header LUKS2. La sostituzione dell'header distruggerà gli slot di chiave esistenti." + +#: lib/luks2/luks2_json_metadata.c:1225 msgid "" "\n" -" is one of:\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" "\n" -" è una tra:\n" +"Attenzione: requisiti LUKS2 sconosciuti rilevati nell'header del dispositivo reale.\n" +"La sostituzione dell'header con il backup può danneggiare i dati su quel dispositivo." -#: src/cryptsetup.c:1402 +#: lib/luks2/luks2_json_metadata.c:1227 msgid "" "\n" -"You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"Attenzione: rilevata re-cifratura non completata sul dispositivo.\n" +"La sostituzione dell'header con il backup potrebbe danneggiare i dati." + +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Flag %s sconosciuto ignorato." + +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "Interrogazione del segmento dm-%s non riuscita." + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +#, fuzzy +msgid "Failed to set dm-linear segment." +msgstr "Interrogazione del segmento dm-%s non riuscita." + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Letture dei requisiti LUKS2 non riuscita." + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Rilevati requisiti LUKS2 non soddisfatti." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "Slot di chiave %i: salt ripulito." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, fuzzy, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Slot di chiave LUKS2: il cifrario usato per la cifratura dello slot di chiave" + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Spazio insufficiente per il nuovo slot di chiave." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, fuzzy, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Impossibile controllare lo stato del dispositivo con UUID: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Impossibile convertire l'header con metadati LUKSMETA aggiuntivi." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Impossibile spostare l'area dello slot di chiave: spazio insufficiente." + +#: lib/luks2/luks2_luks1_convert.c:599 +#, fuzzy +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Impossibile spostare l'area dello slot di chiave: spazio insufficiente." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Impossibile spostare l'area dello slot di chiave." + +#: lib/luks2/luks2_luks1_convert.c:697 +#, fuzzy +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Impossibile convertire al formato LUKS1: lo slot di chiave %u non è compatibile con LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Impossibile convertire al formato LUKS1: i digest dello slot di chiave non sono compatibili con LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Impossibile convertire al formato LUKS1: il dispositivo utilizza una chiave di cifrario %s con wrapper." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Impossibile convertire al formato LUKS1: l'header LUKS2 contiene %u token." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Impossibile convertire al formato LUKS1: lo slot di chiave %u è in uno stato non valido." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Impossibile convertire al formato LUKS1: lo slot %u (oltre gli slot massimi) è ancora attivo." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Impossibile convertire al formato LUKS1: lo slot di chiave %u non è compatibile con LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:897 +#, fuzzy, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "La dimensione del dispositivo %s non è allineata con la dimensione del settore richiesta (%u byte)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "Parametri non supportati sul dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +#, fuzzy +msgid "Failed to initialize old segment storage wrapper." +msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita." + +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "Lettura dei requisiti dall'header di backup non riuscita." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, fuzzy, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Lettura bit di parità per il blocco RS % non riuscita." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Stat del dispositivo %s non riuscita." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "Impossibile determinare la dimensione per il dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Stat del dispositivo %s non riuscita." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, fuzzy, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Esame del dispositivo %s per una firma non riuscito." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Impossibile determinare la dimensione per il dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +#, fuzzy +msgid "Failed to refresh reencryption devices stack." +msgstr "Impossibile acquisire il blocco di lettura sul dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "Sostituzione del nuovo slot di chiave non riuscita." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, fuzzy, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "La dimensione del dispositivo %s non è allineata con la dimensione del settore richiesta (%u byte)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, fuzzy, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "La dimensione del dispositivo %s non è allineata con la dimensione del settore richiesta (%u byte)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, fuzzy, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Impossibile utilizzare il dispositivo %s il quale è in uso (già mappato o montato)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +#, fuzzy +msgid "Failed to load LUKS2 reencryption context." +msgstr "Allocazione contesto RS non riuscita." + +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "Recupero del token %d per l'esportazione non riuscito." + +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "Il dispositivo %s non è attivo." + +#: lib/luks2/luks2_reencrypt.c:2630 +#, fuzzy +msgid "Reencryption process is already running." +msgstr "Re-cifratura in corso." + +#: lib/luks2/luks2_reencrypt.c:2632 +#, fuzzy +msgid "Failed to acquire reencryption lock." +msgstr "Impossibile acquisire blocco del dispositivo di scrittura." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2750 +#, fuzzy +msgid "Active device size and requested reencryption size don't match." +msgstr "La dimensione del dispositivo non è allineata con la dimensione del settore richiesta." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2834 +#, fuzzy +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Re-cifratura in corso." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2913 +#, fuzzy +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Inizializzazione parametri predefiniti per lo slot di chiave LUKS2 non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3004 +#, fuzzy +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Esame del dispositivo %s per una firma non riuscito." + +#: lib/luks2/luks2_reencrypt.c:3046 +#, fuzzy +msgid "Failed to write reencryption resilience metadata." +msgstr "Scrittura dei flag di attivazione sul nuovo header non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3053 +#, fuzzy +msgid "Decryption failed." +msgstr "Riparazione non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Scrittura della parità per il blocco RS % non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3063 +#, fuzzy +msgid "Failed to sync data." +msgstr "Impostazione offset dei dati non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "Letture dei requisiti LUKS2 non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3161 +#, fuzzy +msgid "Failed to wipe backup segment data." +msgstr "Pulizia della firma del dispositivo non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3174 +#, fuzzy +msgid "Failed to disable reencryption requirement flag." +msgstr "Letture dei requisiti LUKS2 non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +#, fuzzy +msgid "Failed to update reencryption context." +msgstr "Allocazione contesto RS non riuscita." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Nessun slot token libero." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Impossibile creare token integrato %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Impossibile verificare la passphrase su input non tty." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "I parametri di cifratura dello slot di chiave possono essere impostati solo per dispositivi LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Non è stato rilevato alcun modello noto di specifica di cifrario." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "Attenzione: il parametro --hash viene ignorato in modalità normale con file di chiave specificato.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "Attenzione: l'opzione --keyfile-size viene ignorata, la dimensione di lettura è la stessa della dimensione della chiave di cifratura.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Rilevata firma dispositivo su %s. Attenzione: continuare potrebbe danneggiare i dati esistenti." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Operazione interrotta.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "È richiesta l'opzione --key-file." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Inserire PIM VeraCrypt: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Valore PIM non valido: errore di lettura." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Valore PIM non valido: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Valore PIM non valido: fuori dall'intervallo." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Nessun header di dispositivo rilevato con questa passphrase." + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Il dispositivo %s non è un dispositivo LUKS valido." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Il dump dell'header con la chiave di volume contiene informazioni\n" +"confidenziali che permettono di accedere alla partizione cifrata senza passphrase.\n" +"Questo dump dovrebbe sempre essere salvato in modo cifrato in un luogo sicuro." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Il dispositivo %s è ancora attivo ed è pianificato per essere rimosso.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Il ridimensionamento di un dispositivo attivo richiede la chiave del volume nel portachiavi, ma l'opzione --disable-keyring è impostata." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Benchmark interrotto." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s N/D\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iterazioni per secondo per chiave di %zu-bit\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s N/D\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iterazioni, %5u memoria, %1u thread paralleli (CPU) per chiave di %zu-bit (tempo richiesto %u ms)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Il risultato del benchmark non è attendibile." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# I test sono approssimati usando solo la memoria (nessun IO dall'archivio).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "" +"#%*s Algoritmo | Chiave | Cifratura | Decrifrazione\n" +"\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Il cifrario %s-%s (dimensione chiave di %zd byte) non è disponibile." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "" +"# Algoritmo | Chiave | Cifratura | Decrifrazione\n" +"\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/D" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "Inserire la passphrase per lo slot da convertire: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Provare a riparare l'header del dispositivo LUKS?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Pulizia del dispositivo per inizializzare il controllo dell'integrità.\n" +"È possibile interrompere questa operazione premendo Ctrl+C: la parte del dispositivo non pulita\n" +"conterrà dati di controllo non validi.\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Impossibile disattivare il dispositivo %s temporaneo." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "L'opzione di integrità può essere usata solo col formato LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Opzioni dimensione metadati LUKS2 non supportate." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Impossibile creare il file header %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Non è stato rilevato alcun modello noto di specifica di integrità." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Impossibile usare %s come header on-disk." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Ciò sovrascriverà i dati in %s in modo irreversibile." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Impostazione dei parametri pbkdf non riuscita." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "L'offset di dati ridotti è ammesso solo per l'header LUKS scollegato." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Dispositivo attivato, ma non è possibile rendere i flag permanenti." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Slot di chiave %d selezionato per l'eliminazione." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Questo è l'ultimo slot di chiave. Il dispositivo sarà inutilizzabile dopo aver eliminato questa chiave." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Inserire una delle passphrase rimanenti: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Operazione terminata, lo slot di chiave NON è stato pulito.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Inserire la passphrase da eliminare: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Inserire la nuova passphrase per lo slot di chiave: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Inserire una delle passphrase esistenti: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Inserire la passphrase da cambiare: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Inserire la nuova passphrase: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Inserire la passphrase per lo slot da convertire: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "È supportato un solo argomento dispositivo per ogni operazione isLuks." + +#: src/cryptsetup.c:2001 +#, fuzzy +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Il dump dell'header con la chiave di volume contiene informazioni\n" +"confidenziali che permettono di accedere alla partizione cifrata senza passphrase.\n" +"Questo dump dovrebbe sempre essere salvato in modo cifrato in un luogo sicuro." + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Lo slot di chiave %d non è attivo." + +#: src/cryptsetup.c:2072 +#, fuzzy +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Il dump dell'header con la chiave di volume contiene informazioni\n" +"confidenziali che permettono di accedere alla partizione cifrata senza passphrase.\n" +"Questo dump dovrebbe sempre essere salvato in modo cifrato in un luogo sicuro." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "È richiesta l'opzione --header-backup-file." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s non è un dispositivo gestito via cryptsetup." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "L'aggiornamento non è supportato per dispositivi di tipo %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Tipo di dispositivo metadati %s non riconosciuto." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Il comando richiede un dispositivo e un nome di mappatura come argomenti." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Questa operazione eliminerà tutti gli slot di chiave sul dispositivo %s.\n" +"Il dispositivo sarà inutilizzabile dopo questa operazione." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Operazione terminata, gli slot di chiave NON sono stati puliti.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Tipo LUKS non valido, solo «luks1» o «luks2» sono supportati." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Il dispositivo è già di tipo %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "" +"Questa operazione converte %s nel formato %s.\n" +"\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Operazione terminata, il dispositivo NON è stato convertito.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Manca l'opzione --priority, --label o --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Il token %d non è valido." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Il token %d è in uso." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Aggiunta del token luks2-keyring %d non riuscita." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Assegnazione del token %d allo slot di chiave %d non riuscita." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Il token %d non è in uso." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Importazione del token da file non riuscita." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Recupero del token %d per l'esportazione non riuscito." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Il parametro --key-description è obbligatorio per l'azione di aggiunta token." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "L'azione richiede un token specifico. Utilizzare il parametro --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Operazione token %s non valida." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "Il dispositivo %s non è un dispositivo LUKS valido." + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Stat del dispositivo %s non riuscita." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "Device %s non valido." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "L'opzione di integrità può essere usata solo col formato LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Il file di backup dell'header %s richiesto esiste già." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "Impossibile creare il file header %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +#, fuzzy +msgid "Not enough free keyslots for reencryption." +msgstr "Non cambia chiave, nessuna re-cifratura dei dati" + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Il file chiave può essere usato solamente con --key-slot o con esattamente uno slot di chiave attivo." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Inserire la passphrase per lo slot di chiave %u: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Inserire la passphrase per lo slot di chiave %u: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "Il comando richiede un dispositivo e un nome di mappatura come argomenti." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "La re-cifratura del dispositivo con un profilo di integrità non è supportata." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +#, fuzzy +msgid "LUKS2 device is not in reencryption." +msgstr "Il file di registro %s esiste, viene ripristinata la re-cifratura.\n" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "Apre il dispositivo come " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "Chiude il dispositivo (rimuove la mappatura)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "Ridimensiona il dispositivo attivo" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "Mostra lo stato del dispositivo" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "Esegue benchmark del cifrario" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "Prova a riparare i metadati on-disk" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "Aggiunge chiave al dispositivo LUKS" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "Elimina tutti gli slot di chiavi (rimuove chiave di cifratura)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "Converte LUKS dal/al formato LUKS2" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "Imposta opzioni di configurazione permanenti per LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "Formatta un dispositivo LUKS" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "Aggiunge chiave al dispositivo LUKS" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "Rimuove la chiave fornita o il file chiave dal dispositivo LUKS" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "Cambia la chiave fornita o il file chiave del dispositivo LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "Converte una chiave nei nuovi parametri pbkdf" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "Ripulisce la chiave con numero dal dispositivo LUKS" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "Stampa l'UUID del dispositivo LUKS" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "Verifica l'header della partizione LUKS di " + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "Esegue il dump delle informazioni della partizione LUKS" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "Esegue il dump delle informazioni TCRYPT del dispositivo" + +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "Esegue il dump delle informazioni TCRYPT del dispositivo" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Sospende il dispositivo LUKS e ripulisce la chiave (operazioni I/O bloccate)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Ripristina il dispositivo LUKS sospeso" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Fa il backup dell'header del dispositivo e degli slot di chiave" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Ripristina l'header del dispositivo LUKS e gli slot di chiave" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Gestisce token LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" è una tra:\n" + +#: src/cryptsetup.c:3395 +#, fuzzy +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" msgstr "" "\n" "È possibile usare anche la vecchia sintassi :\n" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:3399 #, c-format msgid "" "\n" @@ -1134,411 +2411,807 @@ msgid "" " optional key file for the new key for luksAddKey action\n" msgstr "" "\n" -" è il device da creare in %s\n" -" è il device cifrato\n" +" è il dispositivo da creare in %s\n" +" è il dispositivo cifrato\n" " è il numero dello slot di chiave LUKS da modificare\n" -" è il file chiave opzionale per la nuova chiave per l'azione " -"luksAddKey\n" +" è il file chiave opzionale per la nuova chiave per l'azione luksAddKey\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Formato predefinito metadati compilati: %s (per azione luksFormat).\n" -#: src/cryptsetup.c:1413 +#: src/cryptsetup.c:3411 #, c-format msgid "" "\n" "Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" "\n" "Parametri predefiniti compilati di chiave e passphrase:\n" -"\tdimensione massima del file chiave: %dkB, lunghezza massima della " -"passphrase interattiva %d (caratteri)\n" -"Tempo d'iterazione PBKDF2 predefinito per LUKS: %d (ms)\n" +"\tdimensione massima file chiave: %dkB, lunghezza massima della passphrase interattiva %d (caratteri)\n" +"PBKDF predefinito per LUKS1: %s, tempo iterazione: %d (ms)\n" +"PBKDF predefinito per LUKS2: %s\n" +"\tTempo iterazione: %d, memoria richiesta: %dkB, thread paralleli: %d\n" -#: src/cryptsetup.c:1420 +#: src/cryptsetup.c:3422 #, c-format msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" -"Parametri predefiniti del cifrario del device:\n" +"Parametri predefiniti compilati del cifrario del dispositivo:\n" "\tloop-AES: %s, chiave: %d bit\n" "\tin chiaro: %s, chiave: %d bit, hash della password: %s\n" -"\tLUKS1: %s, chiave: %d bit, hash dell'header LUKS: %s, RNG: %s\n" +"\tLUKS: %s, chiave: %d bit, hash dell'header LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: la dimensione predefinita della chiave in modalità XTS (due chiavi interne) viene raddoppiata.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: richiede %s come argomenti" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 msgid "Show this help message" msgstr "Mostra questo messaggio d'aiuto" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 msgid "Display brief usage" msgstr "Mostra il modo d'uso sintetico" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Opzioni di aiuto:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 msgid "Print package version" msgstr "Stampa la versione del pacchetto" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Opzioni di aiuto:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 msgid "Shows more detailed error messages" msgstr "Mostra i messaggi di errore con maggior dettaglio" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 msgid "Show debug messages" msgstr "Mostra i messaggi di debug" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Mostra i messaggi di debug compresi i metadati JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 msgid "The cipher used to encrypt the disk (see /proc/crypto)" msgstr "Il cifrario usato per cifrare il disco (vedere /proc/crypto)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 msgid "The hash used to create the encryption key from the passphrase" msgstr "L'hash usato per creare la chiave di cifratura dalla passphrase" -#: src/cryptsetup.c:1481 +#: src/cryptsetup.c:3492 msgid "Verifies the passphrase by asking for it twice" msgstr "Verifica la passphrase chiedendola due volte" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." -msgstr "Legge la chiave da un file." +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Legge la chiave da un file" -#: src/cryptsetup.c:1483 +#: src/cryptsetup.c:3494 msgid "Read the volume (master) key from file." msgstr "Legge la chiave (master) del volume dal file." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "" -"Esegue il dump della chiave (master) del volume invece delle informazioni " -"sugli slot di chiave." +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Esegue il dump della chiave (master) del volume invece delle informazioni sugli slot di chiave" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 msgid "The size of the encryption key" msgstr "La dimensione della chiave di cifratura" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 msgid "BITS" msgstr "BIT" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 msgid "Limits the read from keyfile" msgstr "Limita la lettura dal file di chiave" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 msgid "bytes" msgstr "byte" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 msgid "Number of bytes to skip in keyfile" msgstr "Numero di byte da saltare nel file di chiave" -#: src/cryptsetup.c:1488 +#: src/cryptsetup.c:3499 msgid "Limits the read from newly added keyfile" msgstr "Limita la lettura dal file di chiave appena aggiunto" -#: src/cryptsetup.c:1489 +#: src/cryptsetup.c:3500 msgid "Number of bytes to skip in newly added keyfile" msgstr "Numero di byte da saltare nel file di chiave appena aggiunto" -#: src/cryptsetup.c:1490 +#: src/cryptsetup.c:3501 msgid "Slot number for new key (default is first free)" -msgstr "" -"Numero dello slot per la nuova chiave (il primo libero è quello predefinito)" +msgstr "Numero dello slot per la nuova chiave (il primo libero è quello predefinito)" -#: src/cryptsetup.c:1491 +#: src/cryptsetup.c:3502 msgid "The size of the device" -msgstr "La dimensione del device" +msgstr "La dimensione del dispositivo" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 msgid "SECTORS" msgstr "SETTORI" -#: src/cryptsetup.c:1492 +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Usa solo la dimensione specificata del dispositivo (ignora il resto del dispositivo) PERICOLOSO" + +#: src/cryptsetup.c:3504 msgid "The start offset in the backend device" -msgstr "L'offset iniziale del device di backend" +msgstr "L'offset iniziale del dispositivo di backend" -#: src/cryptsetup.c:1493 +#: src/cryptsetup.c:3505 msgid "How many sectors of the encrypted data to skip at the beginning" msgstr "Quanti settori dei dati cifrati saltare dall'inizio" -#: src/cryptsetup.c:1494 +#: src/cryptsetup.c:3506 msgid "Create a readonly mapping" msgstr "Crea una mappatura in sola lettura" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "Tempo di iterazione di PBKDF2 per LUKS (in ms)" - -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "msec" - -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 msgid "Do not ask for confirmation" msgstr "Non chiede conferma" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 msgid "Timeout for interactive passphrase prompt (in seconds)" msgstr "Timeout per il prompt interattivo della passphrase (in secondi)" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 msgid "secs" msgstr "sec" +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Aggiornamento linea di avanzamento (in secondi)" + # (NDT) Descrizione dell'opzione # --tries, indica il numero di tentativi per richiesta -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 msgid "How often the input of the passphrase can be retried" msgstr "Quante volte può essere ritentato l'inserimento della passphrase" -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3511 msgid "Align payload at sector boundaries - for luksFormat" msgstr "Allinea il payload agli estremi del settore - per luksFormat" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "File con header LUKS e backup degli slot di chiave." +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "File con header LUKS e backup degli slot di chiave" -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "Usa /dev/random per generare la chiave di volume." +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Usa /dev/random per generare la chiave di volume" -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Usa /dev/urandom per generare la chiave di volume." +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Usa /dev/urandom per generare la chiave di volume" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "Condivide il device con un altro segmento cifrato non sovrapposto." +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Condivide il dispositivo con un altro segmento cifrato non sovrapposto" -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID da usare per il device." +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID per il dispositivo da usare" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Ammette le richieste di scarto (funzione TRIM) per il device." +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Ammette le richieste di scarto (funzione TRIM) per il dispositivo" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Device o file con header LUKS separato." +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Device o file con header LUKS separato" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Non attiva il device, verifica solamente la passphrase" +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Non attiva il dispositivo, verifica solamente la passphrase" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Usa header nascosto (device TCRYPT nascosto)" +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Usa header nascosto (dispositivo TCRYPT nascosto)" -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Il device è l'unità TCRYPT di sistema (con bootloader)" +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Il dispositivo è l'unità TCRYPT di sistema (con bootloader)" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" msgstr "Usa header TCRYPT di backup (secondario)" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Ricerca anche device compatibili VeraCrypt" +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Ricerca anche dispositivo compatibile VeraCrypt" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "PIM (Personal Iteration Multiplier) per dispositivo VeraCrypt compatibile" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Meta-dati del tipo di device: luks, plain, loopaes, tcrypt" +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Interroga PIM (Personal Iteration Multiplier) per dispositivo VeraCrypt compatibile" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." +#: src/cryptsetup.c:3526 +#, fuzzy +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Tipo di metadati del dispositivo: luks, plain, loopaes, tcrypt" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" msgstr "Disabilita la verifica della qualità della password (se abilitata)" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" msgstr "Usa l'opzione compatibile per prestazioni same_cpu_crypt di dm-crypt" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Usa l'opzione compatibile per prestazioni submit_from_crypt_cpus di dm-crypt" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "La rimozione del dispositivo è posticipata fino a quando l'ultimo utente lo chiude" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" msgstr "" -"Usa l'opzione compatibile per prestazioni submit_from_crypt_cpus di dm-crypt" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Tempo di iterazione di PBKDF per LUKS (in ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "msec" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Algoritmo PBKDF (per LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Limite costo memoria PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilobyte" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Costo PBKDF parallelo" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "thread" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Costo iterazioni PBKDF (forzato, disabilita benchmark)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Priorità slot di chiave: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Disabilita il blocco dei metadati su disco" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Disabilita il caricamento delle chiavi di volume tramite il portachiavi del kernel" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Algoritmo integrità dei dati (solo LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Disabilita il journal per il dispositivo di integrità" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Non pulisce il dispositivo dopo la formattazione" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Non chiede la passphrase se l'attivazione con token non riesce" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Numero token (predefinito: any)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Descrizione chiave" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Dimensione settore di cifratura (predefinito: 512 byte)" + +#: src/cryptsetup.c:3548 +#, fuzzy +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Dimensione settore di cifratura (predefinito: 512 byte)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Imposta flag attivazione persistente per il dispositivo" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Imposta l'etichetta per il dispositivo LUKS2" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Imposta l'etichetta del sottosistema per il dispositivo LUKS2" + +#: src/cryptsetup.c:3552 +#, fuzzy +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Crea slot di chiave LUKS2 non vincolato (segmento dati non assegnato)" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Legge/Scrive JSON da/su file" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Dimensione area metadati header LUKS2" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Dimensione area slot di chiave header LUKS2" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Aggiorna (riattiva) il dispositivo con nuovi parametri" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Slot di chiave LUKS2: la dimensione della chiave di cifratura" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Slot di chiave LUKS2: il cifrario usato per la cifratura dello slot di chiave" + +#: src/cryptsetup.c:3559 +#, fuzzy +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Decifra definitivamente il dispositivo (rimuove la cifratura)" + +#: src/cryptsetup.c:3560 +#, fuzzy +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Decifra definitivamente il dispositivo (rimuove la cifratura)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Riduce la dimensione dei dati del dispositivo (muove l'offset dei dati) PERICOLOSO" + +#: src/cryptsetup.c:3564 +#, fuzzy +msgid "Maximal reencryption hotzone size." +msgstr "Dimensione blocco re-cifratura" + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" + +#: src/cryptsetup.c:3566 +#, fuzzy +msgid "Reencryption hotzone checksums hash" +msgstr "Dimensione blocco re-cifratura" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 msgid "[OPTION...] " msgstr "[OPZIONE...] ]" -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Esecuzione in modalità FIPS.\n" - -#: src/cryptsetup.c:1581 src/veritysetup.c:439 +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 msgid "Argument missing." msgstr "Argomento mancante." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 -msgid "Unknown action." -msgstr "Azione sconosciuta." +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Azione sconosciuta." + +#: src/cryptsetup.c:3713 +#, fuzzy +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "" +"Solo un'opzione tra --refresh e --test-passphrase può essere usata.\n" +"\n" + +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "" +"L'opzione --deferred è consentita solo per il comando close.\n" +"\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." +msgstr "L'opzione --shared è consentita solo per l'azione open di dispositivo in chiaro.\n" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "L'opzione --allow-discards è consentita solo per l'azione open.\n" -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "" -"L'opzione --shared è consentita solo per l'azione open di device plain.\n" +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "L'opzione --persistent è consentita solo per l'azione open.\n" -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." msgstr "L'opzione --allow-discards è consentita solo per l'azione open.\n" -#: src/cryptsetup.c:1657 +#: src/cryptsetup.c:3743 +#, fuzzy +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "L'opzione --persistent non è consentita con --test-passphrase.\n" + +#: src/cryptsetup.c:3753 +#, fuzzy msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." msgstr "" -"L'opzione --key-size è consentita solo per luksFormat, open e benchmark.\n" -"Per limitare la lettura dal file chiave usare --keyfile-size=(byte)." +"L'opzione --key-size è consentita solo per le azioni luksFormat, luksAddKey (con --unbound),\n" +"open e benchmark. Per limitare la lettura dal file chiave usare --keyfile-size=(byte)." -#: src/cryptsetup.c:1664 -msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "L'opzione --integrity è consentita solo per luksFormat (LUKS2).\n" + +#: src/cryptsetup.c:3764 +#, fuzzy +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "" -"L'opzione --test-passphrase è consentita solo per l'operazione open di " -"device LUKS e TCRYPT.\n" +"L'opzione --integrity-no-wipe può essere usata solo con l'azione format con estensione di integrità.\n" +"\n" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Le opzioni --label e --subsystem sono consentite solo per operazioni LUKS2 luksFormat e config.\n" + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "L'opzione --test-passphrase è consentita solo per l'operazione open di dispositivo LUKS e TCRYPT.\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 msgid "Key size must be a multiple of 8 bits" msgstr "La dimensione della chiave deve essere un multiplo di 8 bit" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 msgid "Key slot is invalid." msgstr "Lo slot di chiave non è valido." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"L'opzione --key-file ha la precedenza sull'argomento specificato per il file " -"chiave.\n" +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "L'opzione --key-file ha la precedenza sull'argomento specificato per il file chiave." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 msgid "Negative number for option not permitted." msgstr "Non è ammesso un numero negativo per l'opzione." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "È consentito solo un argomento --key-file." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 msgid "Only one of --use-[u]random options is allowed." msgstr "È consentita solo una tra le opzioni --use-[u]random." -#: src/cryptsetup.c:1699 +#: src/cryptsetup.c:3813 msgid "Option --use-[u]random is allowed only for luksFormat." msgstr "L'opzione --use-[u]random è consentita solo per luksFormat." -#: src/cryptsetup.c:1703 +#: src/cryptsetup.c:3817 msgid "Option --uuid is allowed only for luksFormat and luksUUID." msgstr "L'opzione --uuid è consentita solo per luksFormat e luksUUID." -#: src/cryptsetup.c:1707 +#: src/cryptsetup.c:3821 msgid "Option --align-payload is allowed only for luksFormat." msgstr "L'opzione --align-payload è consentita solo per luksFormat." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Le opzioni --luks2-metadata-size e --opt-luks2-keyslots-size sono consentite solo luksFormat con LUKS2." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Specifica di dimensione dei metadati LUKS2 non valida." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Specifica di dimensione dello slot di chiave LUKS2 non valida." + +#: src/cryptsetup.c:3838 +#, fuzzy +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Le opzioni --align-payload --offset cannot non possono essere utilizzate assieme." + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "L'opzione --skip è supportata solo per l'azione open di dispositivi in chiaro e loopaes.\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "L'opzione --offset è supportata solo per l'azione open di dispositivi in chiaro e loopaes e per luksFormat.\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "L'opzione --tcrypt-hidden, --tcrypt-system o --tcrypt-backup è supportata solo per dispositivo TCRYPT.\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "L'opzione --tcrypt-hidden non può essere utilizzata con --allow-discards.\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "L'opzione --veracrypt è supportata solo per dispositivo TCRYPT.\n" + +#: src/cryptsetup.c:3873 +#, fuzzy +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Argomento fornito per il parametro --veracrypt-pim non valido.\n" + +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." msgstr "" -"L'opzione --skip è supportata solo per l'azione open di device plain a " -"loopaes.\n" +"L'opzione --veracrypt-pim è supportata solo per dispositivi compatibili VeraCrypt.\n" +"\n" -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "L'opzione --veracrypt-query-pim è supportata solo per dispositivi compatibili VeraCrypt.\n" + +#: src/cryptsetup.c:3889 +#, fuzzy +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "" -"L'opzione --offset è supportata solo per l'azione open di device plain e " -"loopaes.\n" +"Solo un'opzione tra --veracrypt-pim e --veracrypt-query-pim può essere usata.\n" +"\n" -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" +#: src/cryptsetup.c:3896 +#, fuzzy +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "L'opzione --priority può essere solamente ignore/normal/prefer.\n" + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +#, fuzzy +msgid "Keyslot specification is required." +msgstr "È richiesta la specifica dello slot di chiave.\n" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +#, fuzzy +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "La funzione di derivazione della chiave basata su password (PBKDF) può essere solamente pbkdf2 oppure argon2i/argon2id.\n" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +#, fuzzy +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Le iterazioni forzate PBKDF non possono essere usate assieme all'opzione del tempo delle iterazioni.\n" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "L'opzione della dimensione del settore non è supportata con questo comando.\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." msgstr "" -"L'opzione --tcrypt-hidden, --tcrypt-system o --tcrypt-backup è supportata " -"solo per device TCRYPT.\n" -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" +#: src/cryptsetup.c:3934 +#, fuzzy +msgid "Key size is required with --unbound option." +msgstr "La dimensione della chiave è richiesta con l'opzione --unbound.\n" + +#: src/cryptsetup.c:3944 +#, fuzzy +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "L'opzione --unbound può essere usata solamente con l'azione luksAddKey.\n" + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "L'opzione --refresh può essere usata solamente con l'azione open.\n" + +#: src/cryptsetup.c:3960 +#, fuzzy +msgid "Cannot disable metadata locking." +msgstr "Impossibile disabilitare il blocco dei metadati.\n" + +#: src/cryptsetup.c:3970 +#, fuzzy +msgid "Invalid max reencryption hotzone size specification." +msgstr "Specifica di dimensione del dispositivo non valida." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Specifica di dimensione del dispositivo non valida." + +#: src/cryptsetup.c:3981 +#, fuzzy +msgid "Maximum device reduce size is 1 GiB." +msgstr "La dimensione massima di riduzione del dispositivo è 64 MiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "La dimensione di riduzione deve essere un multiplo di 512 byte." + +#: src/cryptsetup.c:3989 +#, fuzzy +msgid "Invalid data size specification." +msgstr "Specifica di dimensione del dispositivo non valida." + +#: src/cryptsetup.c:3994 +#, fuzzy +msgid "Reduce size overflow." +msgstr "Overflow offset del dispositivo." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." msgstr "" -"L'opzione --tcrypt-hidden non può essere utilizzata con --allow-discards.\n" -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "L'opzione --veracrypt è supportata solo per device TCRYPT.\n" +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "La dimensione di riduzione deve essere un multiplo di 512 byte." + +#: src/cryptsetup.c:4006 +#, fuzzy +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Le opzioni --align-payload --offset cannot non possono essere utilizzate assieme." -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "String salt specificata non valida.\n" +#: src/cryptsetup.c:4010 +#, fuzzy +msgid "Options --device-size and --size cannot be combined." +msgstr "Le opzioni --align-payload --offset cannot non possono essere utilizzate assieme." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Le opzioni --ignore-corruption e --restart-on-corruption non possono essere utilizzate assieme.\n" + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Stringa salt specificata non valida." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Impossibile creare l'immagine hash %s per la scrittura." -#: src/veritysetup.c:88 +#: src/veritysetup.c:107 #, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "Impossibile creare l'immagine hash %s per la scrittura.\n" +msgid "Cannot create FEC image %s for writing." +msgstr "Impossibile creare l'immagine FEC %s per la scrittura." -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "Stringa hash principale specificata non valida.\n" +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Stringa hash root specificata non valida." -#: src/veritysetup.c:308 +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "Device %s non valido." + +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "Impossibile leggere il file chiave %s." + +#: src/veritysetup.c:392 msgid " " -msgstr " " +msgstr " " -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 src/integritysetup.c:479 msgid "format device" -msgstr "Formatta il device" +msgstr "Formatta il dispositivo" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid " " -msgstr " " +msgstr " " -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid "verify device" -msgstr "Verifica il device" - -#: src/veritysetup.c:310 -msgid " " -msgstr " " - -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "Crea device attivo" +msgstr "Verifica il dispositivo" -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "Rimuove (disattiva) device" +#: src/veritysetup.c:394 +msgid " " +msgstr " " -#: src/veritysetup.c:312 +#: src/veritysetup.c:396 src/integritysetup.c:482 msgid "show active device status" -msgstr "Mostra lo stato del device attivo" +msgstr "Mostra lo stato del dispositivo attivo" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 msgid "" -msgstr "" +msgstr "" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 src/integritysetup.c:483 msgid "show on-disk information" msgstr "Mostra informazioni on-disk" -#: src/veritysetup.c:332 +#: src/veritysetup.c:416 #, c-format msgid "" "\n" @@ -1548,339 +3221,871 @@ msgid "" " hash of the root node on \n" msgstr "" "\n" -" è il device da creare in %s\n" -" è il device dei dati\n" -" è il device che contiene i dati di verifica\n" -" è l'hash del nodo radice nel \n" +" è il dispositivo da creare in %s\n" +" è il dispositivo dei dati\n" +" è il dispositivo che contiene i dati di verifica\n" +" è l'hash del nodo radice nel \n" -#: src/veritysetup.c:339 +#: src/veritysetup.c:423 #, c-format msgid "" "\n" "Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" msgstr "" "\n" "Parametri predefiniti compilati in dm-verity:\n" -"\tHash: %s, Blocco dati (byte): %u, Blocco hash (byte): %u, Dimensione salt: " -"%u, Formato hash: %u\n" +"\tHash: %s, Blocco dati (byte): %u, Blocco hash (byte): %u, Dimensione salt: %u, Formato hash: %u\n" -#: src/veritysetup.c:377 +#: src/veritysetup.c:466 msgid "Do not use verity superblock" msgstr "Non usa il super-blocco verity" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "Format type (1 - normal, 0 - original Chrome OS)" msgstr "Tipo di formato (1 - normale, 0 - ChromeOS originale)" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "number" msgstr "numero" -#: src/veritysetup.c:379 +#: src/veritysetup.c:468 msgid "Block size on the data device" -msgstr "La dimensione del blocco sul device dati" +msgstr "La dimensione del blocco sul dispositivo dati" -#: src/veritysetup.c:380 +#: src/veritysetup.c:469 msgid "Block size on the hash device" -msgstr "La dimensione del blocco sul device hash" +msgstr "La dimensione del blocco sul dispositivo hash" -#: src/veritysetup.c:381 +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "Byte di parità FEC" + +#: src/veritysetup.c:471 msgid "The number of blocks in the data file" msgstr "Il numero di blocchi nel file dati" -#: src/veritysetup.c:381 +#: src/veritysetup.c:471 msgid "blocks" msgstr "blocchi" -#: src/veritysetup.c:382 +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Percorso al dispositivo con i dati di correzione degli errori" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "percorso" + +#: src/veritysetup.c:473 msgid "Starting offset on the hash device" -msgstr "L'offset iniziale del device di hash" +msgstr "L'offset iniziale del dispositivo di hash" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "L'offset iniziale del dispositivo FEC" -#: src/veritysetup.c:383 +#: src/veritysetup.c:475 msgid "Hash algorithm" msgstr "Algoritmo di hash" -#: src/veritysetup.c:383 +#: src/veritysetup.c:475 msgid "string" msgstr "stringa" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "Salt" msgstr "Salt" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "hex string" msgstr "stringa esadecimale" -#: src/cryptsetup_reencrypt.c:147 +#: src/veritysetup.c:478 +#, fuzzy +msgid "Path to root hash signature file" +msgstr "Creazione dell'area hash non riuscita." + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Riavvia il kernel se sono rilevati dati rovinati" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ignora i dati rovinati, li registra solamente" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Non verifica i blocchi azzerati" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Verifica i blocchi dati solo alla prima lettura" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "L'opzione --ignore-corruption, --restart-on-corruption o --ignore-zero-blocks è consentita solo per l'operazione di apertura.\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "L'opzione --integrity-recalculate può essere usata solo con l'azione open." + +#: src/veritysetup.c:592 +#, fuzzy +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Le opzioni --ignore-corruption e --restart-on-corruption non possono essere utilizzate assieme.\n" + +#: src/integritysetup.c:84 src/utils_password.c:305 #, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Impossibile aprire esclusivamente il device %s, già in uso.\n" +msgid "Cannot read keyfile %s." +msgstr "Impossibile leggere il file chiave %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Impossibile leggere %d byte dal file chiave %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formattato con dimensione tag di %u, integrità interna %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" è il dispositivo da creare in %s\n" +" è il dispositivo che contiene dai con i tag di integrità\n" + +#: src/integritysetup.c:507 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Parametri predefiniti compilati in dm-integrity:\n" +"\tDimensione tag: %u byte - Algoritmo di controllo: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Percorso al dispositivo dati (se scollegato)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Dimensione journal" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Settori di interfogliazione" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Watermark del journal" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "percento" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Tempo scrittura del journal" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Dimensione tag (per settore)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Dimensione settore" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Dimensione buffer" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Algoritmo integrità dati" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "La dimensione della chiave di integrità dei dati" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Legge la chiave di integrità da un file" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Algoritmo integrità journal" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "La dimensione della chiave di integrità del journal" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Legge la chiave di integrità del journal da un file" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Algoritmo cifratura journal" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "La dimensione della chiave di cifratura del journal" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Legge la chiave di cifratura del journal da un file" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Modalità ripristino (jorunal e verifica tag disattivai)" + +#: src/integritysetup.c:575 +#, fuzzy +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Disabilita il journal per il dispositivo di integrità" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Ricalcola i tag iniziali automaticamente" + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "L'opzione --integrity-recalculate può essere usata solo con l'azione open." + +#: src/integritysetup.c:669 +#, fuzzy +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Le opzioni --journal-size, --interleave-sectors, --sector-size, --tag-size e --no-wipe possono essere usate solamente per azioni di formattazione.\n" + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Specifica di dimensione del journal non valida." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Devono essere specificate entrambe le opzioni file della chiave e dimensione delle chiave." -#: src/cryptsetup_reencrypt.c:151 +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "L'algoritmo di integrità deve essere specificato se viene usata la chiave di integrità." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Devono essere specificate entrambe le opzioni file della chiave e dimensione della chiave di integrità del journal." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "L'algoritmo di integrità del journal deve essere specificato se viene usata la chiave di integrità del journal." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Devono essere specificate entrambe le opzioni file della chiave e dimensione della chiave di cifratura del journal." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "L'algoritmo di cifratura del journal deve essere specificato se viene usata la chiave di cifratura del journal." + +#: src/integritysetup.c:703 +#, fuzzy +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "" +"Solo un'opzione tra --refresh e --test-passphrase può essere usata.\n" +"\n" + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" + +#: src/integritysetup.c:711 +#, fuzzy +msgid "Bitmap options can be used only in bitmap mode." +msgstr "L'opzione di integrità può essere usata solo col formato LUKS2." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Re-cifratura in corso." + +#: src/cryptsetup_reencrypt.c:208 #, c-format -msgid "Cannot open device %s\n" -msgstr "Impossibile aprire il device %s\n" +msgid "Cannot exclusively open %s, device in use." +msgstr "Impossibile aprire esclusivamente il dispositivo %s, già in uso." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "Allocazione di memoria allineata non riuscita.\n" +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Allocazione di memoria allineata non riuscita." -#: src/cryptsetup_reencrypt.c:168 +#: src/cryptsetup_reencrypt.c:229 #, c-format -msgid "Cannot read device %s.\n" -msgstr "Impossibile leggere il device %s.\n" +msgid "Cannot read device %s." +msgstr "Impossibile leggere il dispositivo %s." -#: src/cryptsetup_reencrypt.c:179 +#: src/cryptsetup_reencrypt.c:240 #, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "Impostazione device LUCKS %s come inutilizzabile.\n" +msgid "Marking LUKS1 device %s unusable." +msgstr "Impostazione dispositivo LUKS %s come inutilizzabile." -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "Impostazione device LUCKS %s come utilizzabile.\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Impostazione flag re-cifratura offline LUKS2 sul dispositivo %s." -#: src/cryptsetup_reencrypt.c:200 +#: src/cryptsetup_reencrypt.c:261 #, c-format -msgid "Cannot write device %s.\n" -msgstr "Impossibile scrivere il device %s.\n" +msgid "Cannot write device %s." +msgstr "Impossibile scrivere il dispositivo %s." -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "Impossibile scrivere il file di registro di re-cifratura.\n" +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Impossibile scrivere il file di registro di re-cifratura." -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "Impossibile leggere il file di registro di re-cifratura.\n" +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Impossibile leggere il file di registro di re-cifratura." -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "Il file di registro %s esiste, viene ripristinata la re-cifratura.\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "Attivazione device temporaneo usando il vecchio header LUKS.\n" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Attivazione dispositivo temporaneo usando il vecchio header LUKS." -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "Attivazione device temporaneo usando il nuovo header LUKS.\n" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Attivazione dispositivo temporaneo usando il nuovo header LUKS." -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Attivazione del device temporaneo non riuscita.\n" +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Attivazione del dispositivo temporaneo non riuscita." -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Non è stato creato alcun header LUKS per il device %s.\n" +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Impostazione offset dei dati non riuscita." + +#: src/cryptsetup_reencrypt.c:565 +#, fuzzy +msgid "Failed to set metadata size." +msgstr "Impostazione offset dei dati non riuscita." -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:573 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Slot di chiave %i attivato.\n" +msgid "New LUKS header for device %s created." +msgstr "Creato nuovo header LUKS per il dispositivo %s." -#: src/cryptsetup_reencrypt.c:484 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "Header LUKS di backup del device %s creato.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Questa versione di cryptsetup-reencrypt non può gestire token interni di tipo %s." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "Creazione degli header di backup LUKS non riuscita.\n" +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Lettura dei flag di attivazione dall'header di backup non riuscita." -#: src/cryptsetup_reencrypt.c:634 +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Scrittura dei flag di attivazione sul nuovo header non riuscita." + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Lettura dei requisiti dall'header di backup non riuscita." + +#: src/cryptsetup_reencrypt.c:705 #, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Impossibile ripristinare l'header LUKS sul device %s.\n" +msgid "%s header backup of device %s created." +msgstr "Header %s di backup del dispositivo %s creato." -#: src/cryptsetup_reencrypt.c:636 +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Creazione degli header di backup LUKS non riuscita." + +#: src/cryptsetup_reencrypt.c:901 #, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "Ripristinato l'header LUKS sul device %s.\n" +msgid "Cannot restore %s header on device %s." +msgstr "Impossibile ripristinare l'header %s sul dispositivo %s." -#: src/cryptsetup_reencrypt.c:669 +#: src/cryptsetup_reencrypt.c:903 #, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Avanzamento: %5.1f%%, ETA %02llu:%02llu, %4llu MiB scritti, velocità %5.1f " -"MiB/s%s" +msgid "%s header on device %s restored." +msgstr "Ripristinato l'header %s sul dispositivo %s." -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Impossibile posizionarsi all'offset del device.\n" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Impossibile aprire il dispositivo temporaneo LUKS." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Impossibile aprire il file temporaneo dell'header LUKS.\n" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Impossibile ottenere la dimensione del dispositivo." -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "Impossibile ottenere la dimensione del device.\n" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Errore di IO durante la re-cifratura." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Interrotto dal segnale.\n" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Lo UUID fornito non è valido." -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "Errore di IO durante la re-cifratura.\n" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Impossibile aprire il file di registro di re-cifratura." -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"Il file chiave può essere usato solamente con --key-slot o con esattamente " -"uno slot di chiave attivo.\n" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Nessuna decifrazione in corso: lo UUID fornito può essere usato solamente per riprendere un processo di decifrazione." -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 +#: src/cryptsetup_reencrypt.c:1504 #, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Inserire la passphrase per lo slot di chiave %u: " - -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Impossibile aprire il file di registro di re-cifratura.\n" +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Parametri pbkdf modificati nello slot di chiave %i." -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "Reencryption block size" msgstr "Dimensione blocco re-cifratura" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "MiB" msgstr "MiB" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "Non cambia chiave, nessun re-cifratura dei dati." +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Non cambia chiave, nessuna re-cifratura dei dati" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Legge la chiave (master) del volume da file" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Tempo di iterazione di PBKDF2 per LUKS (in ms)" -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "Usa IO diretto negli accessi ai device" +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Usa IO diretto negli accessi ai dispositivi" -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" msgstr "Usa fsync dopo ogni blocco" -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Aggiora il registro a ogni blocco" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Aggiorna il registro a ogni blocco" -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" msgstr "Usa solo questo slot (gli altri vengono disabilitati)" -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" -"Riduce la dimensione dei dati del device (muove l'offset dei dati) PERICOLOSO" +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Crea un nuovo header su un dispositivo non cifrato" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Usa solo la dimensione specificata del device (ignora il resto del device) " -"PERICOLOSO" +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Decifra definitivamente il dispositivo (rimuove la cifratura)" -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Crea un nuovo header su un device non cifrato" +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "Lo UUID utilizzato per riprendere la decifrazione" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." -msgstr "Decifra definitivamente il device (rimuove la cifratura)" +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Metadati di tipo LUKS: luks1, luks2" -#: src/cryptsetup_reencrypt.c:1298 +#: src/cryptsetup_reencrypt.c:1659 msgid "[OPTION...] " -msgstr "[OPZIONI...] " - -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" -"Attenzione: questo è codice sperimentale, potrebbe danneggiare i propri " -"dati.\n" +msgstr "[OPZIONI...] " -#: src/cryptsetup_reencrypt.c:1313 +#: src/cryptsetup_reencrypt.c:1667 #, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "La re-cifratura modificherà: chiave del volume%s%s%s%s.\n" +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "La re-cifratura modificherà: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "chiave volume" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr ", imposta l'hash a " +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "imposta l'hash a " -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr ", imposta il cifrario a " -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "Argomento richiesto." -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Solo valori tra 1 MiB e 64 MiB sono consentiti per la dimensione del blocco " -"di re-cifratura." - -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Specifica di dimensione del device non valida." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Solo valori tra 1 MiB e 64 MiB sono consentiti per la dimensione del blocco di re-cifratura." -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." -msgstr "La dimensione massima di riduzione del device è 64 MiB." - -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "La dimensione di riduzione deve essere un multiplo di 512 byte." +msgstr "La dimensione massima di riduzione del dispositivo è 64 MiB." -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "L'opzione --new deve essere usata con --reduce-device-size." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "L'opzione --new deve essere usata con --reduce-device-size o --header." -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "L'opzione --keep-key può essere usata solo con --hash o --iter-time." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "L'opzione --keep-key può essere usata solo con --hash, --iter-time --pbkdf-force-iterations." -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "L'opzione --new non può essere usata con --decrypt." -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." msgstr "L'opzione --decrypt non è compatibile con i parametri specificati." +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "L'opzione --uuid può essere usata solo con --decrypt." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Tipo luks non valido. Usare uno tra: \"luks\", \"luks1\" o \"luks2\"." + #: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Errore nel leggere la risposta dal terminale.\n" +msgid "Error reading response from terminal." +msgstr "Errore nel leggere la risposta dal terminale." -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Comando eseguito con successo.\n" -#: src/utils_tools.c:191 +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "parametri errati o mancanti" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "permessi mancanti o passphrase errata" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "memoria esaurita" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "dispositivo o file specificato errato" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "il dispositivo esiste già o è occupato" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "errore sconosciuto" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Comando non riuscito con codice %i (%s).\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Slot di chiave %i creato." + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Slot di chiave %i sbloccato." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Slot di chiave %i rimosso." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Token %i creato." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Token %i rimosso." + +#: src/utils_tools.c:464 +#, fuzzy +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Scrittura interrotta." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "Attenzione: il dispositivo %s contiene già una firma di partizione «%s».\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "Attenzione: il dispositivo %s contiene già una firma di super-blocco «%s».\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Stat del dispositivo %s non riuscita." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Il dispositivo %s è in uso. Impossibile procedere con l'operazione di formattazione." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Apertura del file %s in lettura/scrittura non riuscita." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Pulizia della firma del dispositivo non riuscita." + +#: src/utils_tools.c:590 #, c-format -msgid "Command failed with code %i" -msgstr "Comando non riuscito con codice %i" +msgid "Failed to probe device %s for a signature." +msgstr "Esame del dispositivo %s per una firma non riuscito." -#: src/utils_password.c:42 +#: src/utils_tools.c:629 +#, fuzzy +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Lettura interrotta." + +#: src/utils_password.c:43 src/utils_password.c:75 #, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Impossibile controllare la qualità della password: %s\n" +msgid "Cannot check password quality: %s" +msgstr "Impossibile controllare la qualità della password: %s" -#: src/utils_password.c:50 +#: src/utils_password.c:51 #, c-format msgid "" "Password quality check failed:\n" -" %s\n" +" %s" msgstr "" "Controllo qualità della password non riuscito:\n" -" %s\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Controllo qualità della password non riuscito: passphrase non valida (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Errore nel leggere la passphrase dal terminale." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Verifica passphrase: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Le passphrase non corrispondono." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Impossibile usare l'offset con l'input da terminale." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Inserire la passphrase: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Inserire la passphrase per %s: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Nessuna chiave disponibile con questa passphrase." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "" + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Impossibile aprire il file chiave %s per la scrittura." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Impossibile scrivere sul file chiave %s." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Apertura del file %s in sola lettura non riuscita." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Fornire token JSON LUKS2 valido:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Lettura file JSON non riuscita." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Lettura interrotta." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Apertura del file %s in lettura non riuscita." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Scrittura interrotta." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Scrittura file JSON non riuscita." + +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Le opzioni di prestazioni richieste per dmcrypt non sono supportate." + +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Impossibile formattare il dispositivo %s che risulta ancora in uso." + +#~ msgid "Key slot %d is not used." +#~ msgstr "Lo slot di chiave %d non è utilizzato." + +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Funzione non disponibile in modalità FIPS." + +#~ msgid "Cipher %s is not available." +#~ msgstr "Il cifrario %s non è disponibile." + +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Slot di chiave %d selezionato per l'eliminazione." + +#~ msgid "open device as mapping " +#~ msgstr "Apre il dispositivo come mappatura in " + +#~ msgid "Parameter --refresh is only allowed with open or refresh commands.\n" +#~ msgstr "" +#~ "Il parametro --refresh è consentito solo col comando open o refresh.\n" +#~ "\n" + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Dimensione settore di cifratura non supportata.\n" + +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "Chiude il dispositivo (disattiva e rimuove la mappatura)" + +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Impostazione parametri PBKDF non riuscita." + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Impossibile posizionarsi all'offset del dispositivo.\n" + +#~ msgid "Interrupted by a signal." +#~ msgstr "Interrotto da un segnale." + +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "Il dispositivo %s è troppo piccolo (LUKS2 richiede almeno % byte)." + +#~ msgid "Replaced with key slot %d.\n" +#~ msgstr "Sostituito con lo slot di chiave %d.\n" + +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Troppi livelli d'albero per il volume verity.\n" + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "errore di allocazione di memoria in action_luksFormat" + +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Chiave %d non attiva. Impossibile ripulirla.\n" + +#~ msgid " " +#~ msgstr " " + +#~ msgid "create active device" +#~ msgstr "Crea dispositivo attivo" + +#~ msgid "remove (deactivate) device" +#~ msgstr "Rimuove (disattiva) dispositivo" + +#~ msgid "Activated keyslot %i.\n" +#~ msgstr "Slot di chiave %i attivato.\n" + +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Avanzamento: %5.1f%%, ETA %02llu:%02llu, %4llu MiB scritti, velocità %5.1f MiB/s%s" + +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Impossibile trovare un dispositivo di loopback libero.\n" + +#~ msgid "Cannot open device %s\n" +#~ msgstr "Impossibile aprire il dispositivo %s\n" + +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Impossibile utilizzare lo UUID fornito se non è in corso una decifratura.\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "Impostazione device LUKS %s come utilizzabile.\n" diff --git a/po/ja.gmo b/po/ja.gmo new file mode 100644 index 0000000000000000000000000000000000000000..dfb77b625fbdf4772d323e70eebaa497e76e8bf5 GIT binary patch literal 118927 zcmb@P2Vfk<)yL0)09NR|a|VPZ@X3X4jBz&xH(US*44kF2d{_;ggfS&xo8AMM-g_?r zLJ2JeQXr&!Nk}CDxj?=I2&5+@-|zq4Y`N3PnB+TH|8{0)W~aP)^JaE-_2%a5F7KDg zWQMJi$qa!nZI{V3uA9kB-#e25nO}~}WVV6-gh!9(gx~3tGMU5R8E`B3E%;^lCVT-d z=VBY2b$BN8IQ%-C02fWpWX^#v!0ou{xG5aCkDHpwY!2^$+ruxz4)_B&0*;xM$(#$% zgbKIb^h{<8xE*{M=HMv!5j+U)b3`U{2<(6b_$aJ_ThGX3_J9Lm79I+BhefzAycF&T zzX3OeZ^4o9L%16pIx~~m0nUa4;YqLoUI#aT--27fAHV@{B~<;aKa0G=o!~}rf4Dgu zAN-Go>*4N%2g1cr`FR`;gYO3JI6IRWjC&d!1yGq%oB&n6E|`PY zLDla!q3-`Sq)Ib?f(O9yM^Q%j1-KV{6s`+@2~}@zLEV3Yqp3@H0HkU%(}MeUsO!(b zo#4BH>(9w#cEMc>4~665M0hFO7yblp2siwECbKu(4l3VMpz5&`s{XHnWFhl3R63g; zlgW&QbD+ZA1P8$vq4M#&aDB&P34{9tsPNB1L^AU)I0_y%*X8gch{$EW4^^+b9Ou_3 z!u@cc59{EIQ2BcYs+=1g@8S1?s;8N76g(B`zF&b^xYY@n%${&RxC_if)$Bj+GojL140nZ>L*?gjsB~Tp{vSZ)XNxB81rLPV!=s_fQG#lZ>jS?DRbPLE zs>jXgoLj+zU=|($)oz_|e|S4ozJ3l>|2xk2cr&5WKOHKccfc%s7Al{=fV;tu0=H>) z`9BEmfPWFHeb0gFzYjt6vtPoIaFYdI?x|4nc@o?m-UGLUufgr$Td*Gf10Divi=J)) zs+^ZV<>vvY_+N(u;5$(DT63bedk)s(o&XPkE$~oy7p#Nt!SQgLg?_)eQ2qBjsQg|J z4}(7o+`R?;jk_JHKfeSwh95%3>(}b}-xBVLy8%l6=D>qsCsaNkhI_#8L*?%;Q1!M` zn};6{cf@@hR6b6FYX4`U%Kc-gdi^~lY9`z6>0JsH?nx-Q`92&B--q>Zmky6V3Cf*^ zs+WrbzXA8b{V`PehMnZ&OA}OmJpfhTKY|VLZ&313*XjLjGSq!ffzsF4z#M!4NxVf|<-Hjy+*hFb@f%R#{sJX0yLWlMJ`eZ8eKAx%o(}HS@D$uzbbC22 zhFjtODzx-q7WZGE^1bcJF6SelT*aQ8rk`yt#G{xw|R>`cFY5ZoF6`N4e-w0eSS&mTjTXWg^B9R@+=e*)Ya7NPQc z6IA`Y3YE`)!JS~k62Cqf?tuGLco4igxPJ(@$Ne500sAj?`I`W3VaMI|F6R>;h*6|__?#aU1!4GaGwgZ@Mfs|ya;!JKZh#M z-=W%L&vQK9u~7M4236lLLDk1^;el}Hb6x(9hLVG8p{{=$sy}`VmCyR~TrW<5S=_VX z7Vu;^0A2`HUk^gXdj~!Yw>;nNxUa*BxPJf-f!kf+@-zpk{x5~Q!UqGt2i4vmLdnBs z7kYm8gvw_V90->O_w#}8LDj=97kU4l26eyFq003fRR8_}sy)`Z*yVXAxF_yefoDSL znfu}H@Fl2vUI`C?pS{HEVI)*~$3x}66RMq-!_D9`a1?wMs{d?wsi!js+Y&JOnp{zl6%) zyHNe%A5itw@I}`%Z7_%XA*lQQ0xG}jUE%j14wYUz91U-Vo50_|sqh0>3lF){(<#8c za9;`K|02x7m2faz?<&`)`$6TS4N9**49CJ(;FhpvxpNn&_Sq-64}*2MkB4g4^P$@9 zcDM)pCX~Fq2bJ#DS9|ydsQVoSmHsus|3Rqs{4rEL{}rkpw!FsEJp@V~ngY*;`{KS6 zs@{GM_l6r>>-}N`RJ)!6+u@CH2HfyEZ@1&2@_#y<4DW(Rzz?D7ZQS*q?+&Q`c0N@8 z?uSF*ccIGrFR1$6?FN^hNpKz93!tvIK;`3$P~n~o*M9-)asL{szWU#YY{DT>?Q;d( z0)7qZ`cH!Y$8Z?#+)bX(6X15ZFNUh0yP@Rd6?g#r6Wj?l-0bejP}k3as^2G|;{O^B zg@1!8=U%sXxT$as?lYkB@di}A{RUkTM7zk-9{=Wg?K4uC38Gdvug z237Chg!{oQZ};>L4?GX2jG)sC3u4+w*$>Y{9)0?hoIGN_XHrE>H8IkcqsY38Y;ivgp$jRA91ixF?s{O`7$85qL0s z6OMvAe#!OCTsQ!C31;DPsQY{wj)mWc%FmXMyPO;Zb^j)~7d#K{2_J{s!Z)Gn!;y;rej%7ku4k zd#L>H0zU^Q!F}OuI1^q3)$YHBJHwh6JsCS-r!*ihO^?9gz`~ln=ehei?TfXGw z*&nK%o1y$KfV$siJy`b)N^I!oLakgZ;kdySh6llozD*kaXh$eHnED;}UkD{{_dw40;B2@WE`$gF*vH}f z;8nP{{)yk`0hq=8EjSpy3pat=z2W(;hkM{Y7;Xuh;MQ<4oC+_8)8Mb+rf~32eLZ^= z{4DN?Q0Y#A(mQ8B)z=MB={^r7KP#Zp+3;sRE*}dO{voJ(dKId@{}-x#YkuzYuzlfH zxW~d8I0yEJP4F|Y4JsceL91`L9`0+P;@u24f=|G8;n(2$@SAWu_&uodz6*!K%rCqi zhCzj&2seb2VGhoLigzB|9Nq@Eg-<};_q$MX^&_bJd<<2t&;HW$v3uY!sPc@0y6@po z;m&|Nz#HK;{TRPs7w+kA`u$&q{qg?@ZU8_2HDf#1*L#cpiThNz4EGgpvxWh;?qTkQ z|2iw^6Sz-W>G^vvaGO==K>SC++3+>^9Ncxa%jd75%JbQGkagGqC&7Qiqu``>U4PsL zkHr03sQMiJTMu_M9FF^TD0%u79192iuj|texH0a#;RyI7tcM@MVQ@zZaTuHiXTs~D z!oLTlFFuA1aKP_9ztf@IC&TUGU2q%t63oJ%!VTcxpwj!yd)|MJgmZC!4SpVG-}mwN zG^qN010Dho|G>jt1SjKu7w!r7`-9g*9v*=EemD^JK*`7FKJ@Wwci4n`IaGi6JKP^0 z_L0l=QaA{Ve=JnFPJ^ey z-@p^$G5_%Oq*vh4xDWm(b31r7oDcsE)xPsTM)u)j@EADwUq0Ww2u{HLCfolh&FT(xco$z4z3#fY94&`tJJOL`+m*7(H8iu*B`hku9aC&zBm&*b%NsB*szw}!QwdcH?M$>)i15&SYd2sUiy z#4a9rqbf^>RB@xqk_j-qt$`pzu)PhwjqP^ko-33itP*>UUta zpXsMORKD+llE0rp$>;h5`k5Y@19iW4sPujbRsXx}>hW%dgK>W!>Uw53=UAw8&V|Rr zpF;JA19tcNXonh4?u6&Ux1i)_L9N%v6L2){-@uV@*FC%)@=*Sdz ziTfF-dfcea<+>^GKB)Y@2i5L7*Y`7heHc`Gm!SIbE3g@^x2MZ#8&to#2de&l4W*a1 z+soVMFsSQafZM?@L*?uHQ2J)OK`wtqsCZus?vJ44ZgS4+`8p^)wO)h!PlpPB6IA|Q zhtksn275VAg_6hDq2y<)A^mK8o(`oCPKCODA5=OYK(+ILp`P9}sCK&@N}sHR(hs{0 zbNN^dB{wg^S#X=Zy<9C&@tzF)D^$J@+NWP;DLeb;2?M32zC7@!M)iCFaP0C^?4Qi5que{T-P7$^7T4Y zynjK-(}5#hju%7exu@X?@K;dx9eId{I|VA;r=iOEZg6is%Ikk39FPBvPpR&h>aVoR9l4 zD0$s>e80^5umC0RvnTX3`=A}F9exirZX7t#`%fOKKU^Q!16A%phq|23hbQ1(4pm=& zhRVl&le{0F1y!Cmp!CSF!}^*1S%extZ-kPM|Ao5m;KRNCj)JP6v!U#hUqRLH=9Bwn zvT!V{gH2HJE`ibuPePUdEx0S(WQxZd2G!1ua0hq|Y=VzNm2car9xo4750^pplV3ok zyYn=69|l#9OQ7!m4LAz^9?pdg(|x?W7%JRT!TlaoJ#2S`U+;nne+!iT^D)%8cIb?d z52*IO47R}@xDd{m>FxgllpJj`%frou(ld`i)$6*m`(;jpGoj?;d+;py9#lVSKhnpY zd*D#q{f_eX+Z#$wN>KIx5|m!q?r3K_RJmVE1=|U(y`ut%b?o#slb&``f`i8u9wC@$;p{e z;U0w(;hRw7#~#Od`HqBY=R2U%e;;es*u_XX^>aLCH}YR6X7W z&xY^9qvT)kdU*v(zx*94KcnWm-Yh_s|0yWF{couBMl`#elwc$7uR*or9t*tPkA|wB z$Dq>v7|ISDTl9X=2GyS)gX%vk;i<6UM9=4aPLQlULo`Cy0D0%%m)Oa(c z#pU59xE=0~UtdE zuZLDB`MMvfy*4??+w)-f2izCIVepJj?_ZBX^}lsXUXBhp4)^U)^|TsF@9o{?@^}VR zejkL=Bdej>Z_jSOPaBl`IoJ#{C%fIg07`DY0~LS6MV|kOP;zl@aK8j~-+#j+;Nhou zKe`F39)1Q-f}1VwmpKkDgA3r>Q1?CjRKL$6 zH^C!uuY}SsBhGNU^B8z6?vtSM|2oXV{$KEV*%L~R=0M5E+0gVBY{k9qnchB~P~*uX zQ0@CZR5`O}dHy<~^7mz^^tN2m&(^&Tfr>X5YFxMpN!|6=D>q--vCwLKZCko?b)t}r$g1>ZSZ)w8me98c(s@&H?$>U3b zH5Yol&4Lla09DTQu5h_I7^)pw zp#1NL>bGw}weKcZdix&@`{O=2@GQ6&?hE1O@XJu;{x+1n4ZO`@`!DzU zn+#PySHs=mAE5f@)>pfn91SH$r$Xi90ayqB82op-#>d&Ia1{Rc!gt`iQ1bA@YrS6n z0C&PY{W`C|HmLNz10R4}T+h6{AND*{K7Vq9_lJK$Eg@BzFG?su!(C$B)Y-@do` z^>$c``$@Pf`~}oF{V%BY$ldOo1Bc;02krr%hN|yh!z>(rhs(n;Q1`t99!EXA3svuj z-sR)hVyOQ4D>xh0-|ge%nQ#g2b?ht2&V$Owt59&FpX!&n1-=DWz$H)n zI5Phkm#-_K^!(T04sg?F``L4(L2xAQQE)eSCe-+I2Rs9QA1;PdzvBJqTW~|%Z$ask z_n^j~ze3gHVb6I!uY|*K{|ZVUZToz`%mr`)RQ-P+%75$&UVkS+^@Dq$|?X~NR zZl8{Wo8j()o4|9S?tgXQtx)xPKU@#4hDz@}sPH?z!uhsvV|dkP_=lhLbRB+25=+~{{D$1vRM6ZifQ z_8Uqp{Ql1Qa{T`s+<(GNx5*sFF_NR5L%**QW*rXYZxntrfq}3n{)D&i5niI~;q5 zv@VBxk$3$Ta6XYVj)mLdH$Q~=IetqxB>x*i{eB3y;`lmYzJhyl@c%2E70&;GKWeD# zw>R$Z;PYd65XZ|L_mD;pl%Ccv$9W6f1C9!LunVbweizQqg71a%TEcEloanb7=YI{3 zX>fYDHVJ-%u&aanGn7@j@L`TEIj-WkfopT&TO4i5L&(R{5N8lxH{v%O_vhh-Q2l5D z{3Gu5LbyeNT*_>Z|G6Cc{Wj(AKFB0~&0Ie(TwBP6*TcnA@IQ(}x~RX}i!i?qX?-nl zC%6a4Pl8)fPbb`Ma2@z7{G~Ia-?ic7pIkeJYx{7huV02+x?)?72980vuj1G|$jN(z z`!R=pm*cPBq3{{}8iRX4xb9bZhKGAS;y1!aIJV$i`b=X$KisQ0iXpDz{1SKn;NBJY zK+YK&>^C6rZCvv>Uj+X|cvQCiUgcam?#bYmXP)D1{G*@7hzBAE+>WqgxPC~8vjo4d zbG{l*#s7Dlp9F8>=;VA$sNX&u7jk?PzdyiD@c)Q&{TRA4gK_V~`8Qz)$HDk%ypc__ zD{k3T&%x(8^m~Wv*Kq#RkcRwLag^|@EDFl z-WcA?@o(Z@9O7>f0^S4}*6sIC!tBcVzv0)z^^bAm%v_*yuCtIY2 z@RK;s=h%@jKjL_S^E zjux&T0|$mQ-sF50e)|24<0Q_H4er6I{OI~Wh_gP&mErnw{C3fW@cRq?mxuGO5bl9+ z4|)BXYcIh+1z!|cs$8uI+Plz$E9%Q+q;;7(kBo%40zt)%fgj<-1UlWnM90rv}p`3Z;Yw>r2l zej_+G=3KuwL!3QHXAXW}3;vJ!<@n#%g8%ry5?4lZe2?Q790%gRSxD<4+|h4GPMSiT zH-hKiL%8el|10Nb!EM5||A8ZL_uxN?^BRtw$y*KXd+|Sj_U9KYb&BXEh*;rwB!-{L@>AIDKo zo?5y78_r+j+KHTNE|cZFfph&ffzvoX;P?^#1Bvr%{F#Q?Z-;&p|KCj|fJ@q3K(75M)U?gsCKAH#2QJjD6u3A2);z@gtTxEsgu!CjBv4>(>8 z?gNOE{%sxHvZ24l`KiG@B?Q`oa=nhG?QB=k z^TFMZYb!W!$Nz+opAf{Jo$36e5cUqvHw$4JNPquu{ytpB@k(%?Nw~orCva>`xFd+a zKj)ipUVzc>HBOG@xQ2MsBTx9}kj{ymUrXF&a4tMERWl;@$=7_XhFK;;7^NMfh3#ujhO#j^l8D1ZTjT;jN@` z5&Rb19KUBcuOa*&IR6TM(QgiJ{rU&q%(b^U-vRy>zRWQ+TvNCm!}$=dAJ6&Ga0k+z z5AVZ$8vFytD}?BZv+Z^}ezYqL8{0`Ty=ZJo@Id9_F z6OXxs`Bu2_a^SW2Z56`*gLD13UFIdupM^JYOyKyCV=;c;C+r_NkA7!_ICJo*<@{f8 zJB~{Tm&M%^1%x{*KKw2m8~k_T{7amVCj9a68yr8tZzk--ubK11IoIzfjt-7mWsu)2 zhyD9K!bQKI5pN?7{hkgyo9j>F9zxtJ@GEkDF30KNI;WX;IliV7eoKS@`|xItFXQ(= zq_G$0zvtMU<3o<<_rIKv3XYQrw{y65F@B3UzW~3ZIP|-R<7tl1;6IaNd;IUmeFYo? zH{v)5|KD(Yn{)kUai0F&f%^`^Z$^0*aG@b}{WJJa<=CEU>*BwZ>+j*#Z#eE;sJ~Z2 zoUC18EG5i~9Bmv=aOCjcFkJgAJT!!t*QFfwgt?AGzk^fPK8L%AyA-ZY9@+;z3>t30JVJN%Tc!tTx?zYz?u(lKejOYqwZKm7)BDBQ2{i^>=I4W|0Y*8rPHX4$1tE4 zf;%eDtN1Mleo?!Rc-_}?6_+k%zfJg8_q>;DmG}H0<)<|Ci}Ev?0XLGvs68*mZxUhD zp8Ihq-Hn)dPOk9F^q)NY@R`H2;|lZh-7Q_&g@whX;;Dt~qGH#A?9sDkW?S2v3fa1@ zMeW&QTUVj8E#G2c>Iu=(lATw`Hnn%pYbi7})MRQ#KU}_T z`PPE@buA!x;pAdtA=}lSZR{-My9(Lvwx&X7wzgC=qAA~%Ki;n=!SM@mYDO%`mlpI2 z;ORBCw{_)WQdOM6!wL{+X@G~aAnck4WAfEuB$i}M%PjL@a|#TF{9 zy+ft&IybNE{C0wp_qM_!OG56J?uDh%O-+Xr&0FBpWM9qN+*#~e{K++|%5=$yBW1ht z%_VLZ$xmZ@YX>=R$`z^m&@{!41(dHN--#R`LZ#s~{af1GJ94APBY3r?L0M(IwkbQW z*j1|O-_b%l#{Qi6g+bZr`BG_7duNk1Aq}lCH9>qsDyh&`#|sL1376VDL>QEvF?FKF z>?6;u744BsbDmHYrab!eKdgNDBspZ9!jN-1)cd)p*%ZN@~0GA zDG}i$Zc+M83&#w~M%S#@OR7#*XbV?_8YiES%I`>?|}XC1rU!`Dke=w9r3L zElnl)_fazlV&0_L>re`-wv?@lI@1KJ+0dElrP^kYpliU+ZguVkd4;YnJ!91rUpi{^ zjH#0(XS3Vpqm)Vu3Qg#o`7K41VrM#96CHx8<7%7rYVR@wNSkiZC~X!**!1zdeB;9I zj%;gwakjC&Q+G4{Mqc6@Qt+0j<0aCcMX$^+bQapWva@GT8po~jZCOukKq_)~+rqZ? zMQvHN*|4a3TZvU7$&gX{b?PT^t^X_uyH?Xb9IQNB=eN0+H@ zKSv|AEYxXD|HhW~5;EI~=+P5Ap|SD{DcO0PRB(A(!C{Hnc}-@wtbU^-O_Dv`+*#9v z;e5Q0BNDFQGp=A+!$%3sDwJrKd}kq>@95}krzhKJT9VMTdIxE5YgwGFYirMzy4pMQ z&4uiwX%gn$YWFPtH}|g14IM&%*{3@j_h>X)?Y`aNzMK#3HcgZ6joG@f(`T3JO)1o# z+MT01YyhiMH>NCff?852Wu+YIYchV9se?yzT8g?s=mCu1VQ}G+w=F#~2}YeI*E>nP z9W`MA=;&<>`c{#pLYMWXHmW8Xtrci630b&BrU7VfDN(5uhGm9Zs#P61>HXAcE!rmN zBU2@LHBEE3b)L+iEVs%w`Z&lqpULG=xw)o7sj;(YBYdKlb>~*@mnYADyRP^i-0iZC)e!pl7}Q*KR_88>UXmQC48mEqiuD@&>(xLZQR z3nr0SGG_WDe#hi;U5n}IBlPdcx!GgfKAf8hkr+T_zOl(8(}*h?)+3`OGa??g*Wi`) zdu0Mfo4J~_TdAYaDAN&Jj4E%)&PKbCTRCz?4Wq$=X~-z%$&6+6wOM0l%$YtbTUv|= zx2A-`M1?3_MKeTeOJ%VLOM~TU;vlHq)^SzDl;yHEQKbH=Mxhe~X)kqmNIDR5iEnKa z;@F6I*?6Dag7EY!%Q3^KG8P%KV3)3@&bIXE0{y7{OE{6lGpJ^N4(Bu~5q9tdz2eeHbU6 z%~{OaCO6$JElLa9%Z(8V&2Z7&M)d@}8E2S4ix@jgjrq&2pzEM`GjXu(AQ3d+TtuUUQ92lGO|4M^18YkItzOLP2{MOF)@0I+TXO5(`lrQUpq090 znrA68!qAQ$1N*k5!D*;6(%9W8>jJ4!@L1j~?99vxmDqV`7>N=1~SU}lOo zwbPQOseNLXJ()JD5cDx<;03Mu&V}Vx!L+3b)W`iDGuiGK)x7NXU`0;={`z z>eYsfSaQb{yIS)YUYaV-Z|TNF*C3S%-abjA5@b{{p)DavHuPdEG0H_TsSLCC?e^R^ zwuFNG^u8(u7qXX%%lOb;3Z255bi(+tq}`4=eqwvK&Crvf$>)eN?n703>7y)LO5{0c zK5N}{La|c)57VLIecHO#ckh;=>TSeFX4U(f+UfK0#G`C>Pc62!x8=H+XBFEzy1US^ z9*1s;(#TGpHf=hyOq1&N?#R}x45Zn(I#{0}jvPN@(yTev!bn1+o)KDV5LMOL#w?_% zHD?OcMs(K%QO~eu^KLZ0rO<&jPTmkmM5oho_ur>G>BuA@Ob0cDdf6a!T}#k}D7L(o zZcH?=5>IY#!CI-LY%2rfB6MN?rM`ZdQL{1I;v7 zcXv^PcYg6{MO4(MsC<-O)#89WU z)fB-NtWqPrOBgjB64GpAj%wy zqAb)gmFi@4_f-fR1nLtJ@G&eY6uO(qAj&SwRENn7LZi`l5pzTvWTR&Ga4C~$cr+Gx z1qQ92t#gyhlx%HUPO2n;SChu-PV`uNYqq4-n8->fzpo{?HW>^e8)h^%=%vNMGZ6yy zaWyfu`Uuxlh?P?kHW~b*o*}cLvsH7Na7_k4Lv~VIB3qG`(}*8;?n8PfkkTPG&Z&j0 zDIx_MB#;SX2c`@LHhlvl8}FPCj5Z&NTRrF~EVHm+qaifi+=Wvb8IW0>!uDuqrjA$) zii%O8M1szU%U`KvDzB48RSPzpSqW{$ls>Es8)rCNNCr+kqWq-Vx0wlH$cTy^N0)!G zZGL+;k3|~?sfdVnZY-2a*^bVlRw5V2u~}>CDx#TLz_+2NU8|jD)fCziUEVvCgs_hg zp2-|W43&Xp)ZJ!_?3hs+d2I!~Y}866UKSN`Vil?NcxfaJ6r!$j76p(&OnYs9#X z;-Z=Nn){3eL6AakiM2ygyHN;JKz;Rp3sg20X=!gZE2ca%NslrC_bkUjtc}q2HvXkk zYsk*%)*4#MM(ZpzN)yUd>MV7wO%k))nDG0`VOdH({KhFrZE3z|!&P>EC#ox{pYl+> zYuqBQxyCI>UnxfZcH4Z`RZO0_S5TN1xh(g+>Ny07=7;%KW_ewve^@~*PpHHU4%367 zu~J!L%&SABrcGp!sjdJt81YXl#y7z5=+n3Gt=r8wew;O0ke!*>GXPIo&#GRbh$dJ#8CxL2%XsW%B!>Tc8! z&0>@8hkVoid9;3>6)h|k-32Qqx}s&jM1E9-q4&`sp0_9@lHSza+QCzETk*2heJ01g zd}V7pVG>gxW=5gyJbtj=Y`hAFr{6YNq_ez+aHi?BW|G*tdbAy~#5zQ=6qe@3P087V zr7~kDyNC+x!eU^dO{UX0J@&EWG}^V~JD3w`n}JMvdG{S6&PWK7SXc4GSWmsmg>0RQ zJIq#O>OEBG>Hbh`Eth~S^C6;2X>}OdELue=P#PvQL$X|7P;Az@J!uQU+|WxW6lRpI z?7S#q4r^p%W)>!w>3}2{_Z`o+lzOC!B)5GnU4@56K^lUf^UTE_Vk0ak<>;Bs^c!kfKRGr;`E78(Wph5 zP{xU31QUa*UY9pj&@U4P?Es$8mV29(B)0(P<1|6NrKXWvZoe0c@k)ojpPC? z7G_CV%raY6D6?FtX05Z7RbQ0%AOz7qh9)Z%>aHwx8xO+jZF;FWU642-AI($JvW8G$ zQ7+uI%1v$0LX`xPNo~bNHz9o4!Pdk|l6|Hq{@jFBq5`YjdJ;(I!H}&eX}JYbRta70 z)O;%|Z}AJDM);`XgDg<)ROl|Rl5k&bdi8E zz(?KQBqX#d;*~aD;u~-|JTnVV(3(26$Hc9QdF;%xd0{6i+wUYn(qeyT4Oi+_Qw~~M zgUoy$;KX;NgV@}_2AvXxMyIZV2 zPSw^u%e*ay*7303ha?*#tZD55Q79(r0%66bNoM{U>wRrGej*`toea+2Y2!d@X{pm> z##G9lT+E{{Z6O`C*(qZwN;510X|#+cHj(0w!{~`YdZju`SJqyu;(YY6t$HI^{$Ovg z9_gv6C1J7ZwjwZRTb!N8+;2YZ&6;C|QOgvXKmLtO`a#(f^+d*Rkvyx2Lo@RV!xa;J z)G6jw<+UVMmMjMCATw;}o;P`4 zV!o*LBNPC;jOYT^BT#NMQWx767{V~2S>kVDX(`-MGo&!#rH%@nCd1K1U6{YvMi^4F zOL11ybEf=!CRVBoDnW5&0buy)X>()~G(auDGS(i1ZMUhy9 z3NZ!4=+*6e9*Av@0?&-qrET%m%2d)CiW+7?UOQh}nv3&~FD(oU1ffTkt=y?(YStsM zu*TZ_VEUvf!?VFR-?lg#+e?X*mt9BQhP}I00%&fOcw4>FWcCOvPNY0c>|GH}dvrps zDy~EcvR3xVLAuuv#8ysF_{>uouIUyGFntA2k6rWvUjnQaIHczj^u7Z$6uOMz=s{^IRPnpl393iNY$ik=+rL%x^ z`k0VT-PK2Q=c@5Mk}Wy1^c@u|N{n`nR|mbo(Ur77Xqhxx0IEzO30HZAO6_QGLrdDt zE8^Sc0F4|7hMQfH*45A3Y9GU9d9zjvnam_DMz!R8+36F~ zvu#y{?1J_#Gec6sl)h^S<;w`s3ar*TZ6IUxWb9%-RBXoh?DB=ERCFGPYj@BvJ#@1E z;5+PUFFhCqcqCuxO(d z)?oQnmvrAeZrZtOo3Z??c0l-3k`h+Z%*@oZC!Mg2kg~v)Qras(c!ZtgTp{AR(s=Bf zB-3~C-IF1dbzGmICy69hZ5YnWGDV$5re|5Q$#b}9Z-LtaQFCeTLBxvINZl(`Vm!g) zSzr6SLRrJ4LQ7<#%?r{BdOYsi4cJanwJh2-_~~Mll{?BFCP|sh^+b(TXN|Re22Z5FuW*OWoHn&rrCF{bA+({; zwqf@wV``S=i!OGTvUTxZacqu<_2hd`qSePRT=fc_SPSvPR~vBZe6CfiCtQgDTE0^{ zF;veQGGsPmADX$dFdvg-LAet3eoM1gcHGW_^|Y$GJ4_Rq;h0s3)OQ6UfMna#G>je zrb#O)wiHrO<$CzT1CnZ?Dj%g)6p(ih;w^&e`_(mE%~)HwuyygECc{kA-ZKdEGG4;c z@&*fP_6(iA&l^&DRyM!AOvE%sCaqVNAzi7afFE|IaQg^u1iUSJg>=$(2%6rruF|X(Vb)wd=~YclfeW(c6nHMa-*0tg{uP3scy8XPEtI zOHgDxlxzl29*musW~fOaluZ(|b<6|0*pwcx%b>a?UJ7rPx5^hi$kaorxQ}?vW+t?E z&MP+Ycp|o?67`InB(Io-mavhby;Dn6@vBBy(|&Em=9&~m5hr(${214wrz3+3g0)t=BEic!Q`PiP;r zmg2`y>Q=1d&_L0S)b!dwLng$H+gVRO66Fw@COjsI!fFA}Dl?f8*G`EST~Br!WB1{gYCPH8D6(pMPl?7?0D`|<$USg%v^x`CMwD6#jwbRTbyWGSk2Y(;cUU!i$ zn8XW(&GexlHDOIN+8$;$dvrS*C_TxFVq#E-caTl0(uG5ma#+#L=uzD&z4J6Ih^L7{5(nswpgYMV(j)dxVrom&ZV;C`%F{-qaZxwW&f9Fd9#+ z@{}XCEDc7uL1;>EESv1BsVtMe<6=_$vU{vL{PmLbOCfqBk*F=H9y$sS1Xy!O;=A-m z(xj`FAFBe-w|7*J)5#-AdT$VHlIiv6H!R_oU6CptUO%M}5>v^h(j1 zQkF#MdXli(#2e6FqV$h}Nb%?$>VdjCaFBE8Ky6$wuVDj|1b8W+eC84vd27l?_>u;d zPQ}Hms7a#SC{ihUz)YUwJ)>MI-<=S(S1Qih1oy7%n_%MBGj-yvlu{DRfa!~I&rh;x zZx@vMzMSM*hL`EZ=q(P3cXHe6>c=w@(w}eU$D##{5yZ21P>=N2fTq~vGQE+WxK%9_MBF8Ly!vtzS#F3cPrUKNYpb_`Ry=%wP6B^73e4ShyQ z&m9n2dl(vaR%p;{WP)jHQ+?f%nORcg`NdPv-?1)?cLVf&`?Bbtm{~%HVewN0P5Pf# ze&3mi$LlpzAgyX0kfE&1GPWn~SV%tEj_(l#5AXEGZ~Ob+AemFvo8!KTQI@2jM-=h9 z{24%>G>-OIL(@DUzQ(?cgO8GBZ8xoGQY(g-2tD78EtE7{O^fb9>q zT!tqVzP*8gyrY}F1}xv%OAnSof0QBfLa%AZ?+BH6w26h4r=hf|l4=N9Ou`pk1y)9x zSLj;ABL}8znvd!cPsM%uh_^62S6SQm<>@jDv?pv>O}w2%+uK}qzEm3F5KZXeo z=6$h48*eaz4@u>%$VN(S8ZOIlks(q0HY+@R_kWo$6&MO;8H*~u*HkTPONv_-Fm#HP zh($?o#ajdYfI){~v*beNQ_+jVv-8@U*`CIT625*Acir+}VW(F7M6`~1aBif}-f1Vl zC&}4}sO1+gdE)Q28RpL9s9FN4Q6n`phQ6oOyo&uAk=-3-z*qb2>1dMs=+&#?S$aHk z8EwPy#eohMUJIRSO3P-MStY>^3%r!XR!gXPFHU$P(?(~%HjK(OOM>c+qA>^b4~9g$ zKa!wp+;ry__yV83hkK@$E-f#^qNSTe??+3U;d+QTJUa^o8I~SRdr174+RV1SUD-6b#qQ9c2 zg)ZMIZC`QlZ7y-8NKe&drbIfokaZC-v$lkPr*R#eA-Ail>t(fAL$_uVi_^3g4Mb{QpSt(&TGOTN^>lBQh= z4|d}6gl7UQ_Ad>(JYl#_MWQON^6rnX%$B|KA5RhK;wTVBEVQ+EH?xQyy}rf-$UZcP*q9NZ z9m!Vovf$S8;etP27-7L9-^G^N9z!hHQ9?fbrg6@~Iqf zcpTFb3)IktjHPVNGfZj5DQN(oFloAfS~djJ#Kz}6w!9iIf=R@*oG(Rb=_z2)lyM-b ziDGH8mYkBMiS!*)aj9!&Fr`B7nC`jZV-AsU^tuQ zZt}AI{nO$F=P+`{UnkJpaZ{(wlCoqjECpDTsS-MttVMjl(IU7ZTs5$k_Co}F`%dZi z8NBR%%v6$2Wm+y&^P1neh~KcHj^mQ9O(+UV8RVcU6mrtne+1DATF9(T+DF^)5-gUYA;DD~lUm5~_AbdtF58sTDPu zisXY#&L67ftOpQ1(Uoy!_*^5GJU20M)K+dZZ)X>~mD1NLmZrMe*$~I{Id$V+=?$WH zR8NdPmdl0kdXp^YyZqI&Lk~?_q|cg7#;j`5l7s=((XLt5wp)JdIw0ss0qhisdP%5?EL$bZ94O?>KgM=4m_(#W^F*HOWGJxhuaAEyc8x$K;r$B#$~t)|G86F4L+N z_lVYcdNpIx9{#aZ|HSm58m|YvbIR@f18iO^ENjf-k-X*`NN>edL(5zgn`|pH_P)Wv z;nT;d49Vo^LvEw>r_ensB1MZ&HXV&bJ&Mx%RR?ba?|7+{!h!_SnG9EDvpYS}@!6f$ zleEsrhhxKt#7lTdm08b>ZTe)okh&SFC%ohL>3UIlJewBz7#S6p&q;ToGNW&%rEeL& z7!wJrmCbwgU|+x(?CTd*;z)*htDi5Mnf#Wz=Y{w8sI4#&OT~(|pXs&P-fNuIyOJJ` zSa(4>q9-#|dwHJWZK0>b6yMPFd}TN8<4a5l6O1!qpQvGJY#7W#75brYk;4%613;mkII_ z)(XQ-jh@Q|_1asSql#2S&zye^%%j-|wdP3S5uwGh!B*R?Y>z=M>@kq9pT>dMpq0MO z+8Y+>?7B(}8I5(Kwj-=zKs71C@Sk674wElbnr}>rTSavtxf_Nq^N*jUGuz(L6|OR( z+T=N0{e&BvQDXDGbRnt?kX|C~D)5BYT>p`}_gEDJkZsOr?bcg4Og7`)`DB0{Dh#M$ znjLLC^lgV_;}_!Dsr?jTK-Ej`zJ?(yj}(#*-7+I)xQV9~g{F+J5G2!m`^vx70Dp6V zNo0H5up*zu^phsmkn{zdVIf*#;)FL?{Du9*VDpEE`e;-9HxJ6TE2iK4D%ag{8urXQ ztWiYCR9uv4t1R;ZGy8o?_2Fi5DDI-|jVc;vf znNcz+s6;&*F>&!4iLw@A+YQau3z>=2(iQjPi9*?~M6ITpy%Mdk@MUy%uIW=aA$67t z=(zq~n%T(;%AI-Nf#QQRXd)Drs{xH4P7qzO=jsj9zsZY<>WTwY95;mN_ zSxM8RGDekDoJP(&X_Y`RfSD^A7@q3C6*>Y(oPp9MgHouWg=<3-wYIdPMU- ze0`rElNA<}!X9z;EteE^FkeYdeRq0TSl-qCZvL)O2+-t9%?!Tr1J@(${hI%-+%q(N z(qt%X5-fXr-JalBTUaov(6^Us_2)z?+aK}ZjZEFHdwsYBNNw1roIy`FX4?I-5nA|=;9?ODj=*poAwN1>eD_2OlJJy z38VczqpZdk6oEe0p-&(XPIGGiV>+n?*`TwTBQWSz8{guH+InN(>I!vhUv1F-aC>h9 z^;geLcsHLBuJWDzI{Q+SdAs>k&&QKSPn|e^#FpQsvqgzEkKa@p zyOG66wtl-WulDHv$uyV>(CTZlw!^UNpM>F|CLq8z!ZilkSArs{?C#pv=Zogo^mqJNTpr!J_I9pK7fLXn(fNKeC}Oawq>O zoWC)~*TFQSVpJ;Bm*qA*A8F2m7OM0T(P9>$g zrM^{_6fGSl(lYi58T-B+BMoiGb8*z|f_w{~<Ms$XYDg)az5p zos;2YUSY8eaTE-Hgg~2>6TPRs#7Pt%td93E{w%0^Q|S-Dp+xLMQDz5*KU6ti53$SU z8cII8r|GwNI@#$@rTOSo@)r>NiK?k6y{E*ogiopBk4AVqs>d)-vb6OGCdvxdcdGFT z6g_fRCiF6qPv^=E5?d6A^r6D(4{}mL@fI$W$EN$0Zzl7z<#j+!)P1&v z(A(e2AfEn2Qej@V{_0#wA4w}!^Fu_n6ISu<{n%(p%fnhDEYLf2Ar159v4T2^EKV#S z-oCSM7$tYn=HJwwB3UPzV?-a+QhVFpVrDr748fV|pQeHBE8E(Kp&Cv;z|&UVjvG|k6crc9^uw+1saL##^quk3p>{f~$dOz$Sr_4S>E_71*| zX7A)SC+~kInkxRhqse#;K7M{$}i^3-XqJ38x z1xfEFC2K)@Sqq_g`Enm0L(lSXs=aZrt9dd*G;5nE`%#pG^x|l*Evr^ph^NuysVX zlqRE)zRAGD0^%iek!b$KplYeaOM|3PX2{!eh?GTmP!zhQ-rWyTiJ_XbkCsvsnryLv z5Y07FR`VFhP!rKE*Q|eOLGNZrS(<7lUPvu|Orf%r=R`vmn!tKzsDibNWVZ-Ik<`{F z#;O(|sn7U%eadk86fv~xUc-N{C_Zxze?*FcqNVtkQn%*2q%hUmN%dH0Bp+?85h2t( zA=0BRe=pfAjqtbBtF?nwPMmDW6kW>xC=LD6sv8TmZ0|RM#2-$xDTjYgO!8}AAMhQj zVOAbev%71A_f-o2ocv1Oe{!ZdN*^jf>x*|zaJ6n3eh)z_h*68$Y?y`l{S^iBi z+qaLRCY{(ry&=5skoJ^V(M{5UQ?J8>kg0cJ+$X52X!PgNPTOL}2n~Z&lgUD4bPTtB z8bf`%#;`a{5W(_L9w-W{*NgH+dtKdjehkX`BlJPqtl6?KQ~42mWQ1b4chwGK&Ffvp zMSr$^omRpX_60_pp>23lF{X^4HCmhVc`Mx3)ua42WRke7%j&knkKR+wXAta%_My;c5#-ct^TPyjScC^kAHC>WW;mf zPXgoYFhsFXTlr^kbR+*$ySmSyuz|>>E@ywBAzn{FUhIRe^uweQ%peLKPfN6Xs(not zgRLF+RK=hj;xBivG451kHf$fZ{nNS?k9JxXONWM{tK+1#qtu6HmHgEc?uEWi{Z*f+ zQOyEm9a~~Nu(n%&!&Bc2DSKfzQGG}Des#C+G;Mq9f1PM}kGM{ME>wTq`P1gkH^2Lu zM68x(hYvsKQ#IjF4PrKi1uNB)$C4;$GhgH`tK5)SwRk)&j+OvzxQXJ^KIwruWkN)K zlV%BG66S>VWic8!+MYkVP4mL$Hr6&$@6QGSNR=;XGt*3wLa#L`D8D$2Nm2OYXQ|~7 zrfjoQMnw1;zAaRRKO$7+vKet^U{#H6#eP8!NROB<@UoBN>_PZhh28Tc&-c1 zvb|Rxkf+7-SaS~=D$ZqEznDYE}++Z(8O-w052Mi?$qp!x4Bh%||7(!;<+0Yg}i>VBeJoqmU zfmmrGkuvxAHhrG`8x-DTi;q7n!f^ImvNu3>fNLD92}Snx7<=%-9${<&#@MDPLXt8c ztX8h#KdxpYW%P}NZmZhzKWJ7SI#S1JE5zj{SR6KLguyacM&WOe#qWhtb3T~*b@frV zJgQvi9SI|XKkT7DWt_GkLW;T=uPwG}zll}s$#%aud4-~aVgtnLIHerTFiYm8@!oa@ zhNDK$m^x|d#NpX-YJzBvYKuzIS80+re3G}FtifCov7?eie2zjrM9&sbNczwh9+(gO zU2)WLulKw^RRRon;V%lH?8DCAbQTT|>-$w7*qW7_$eQ&pf9X+g+Og@wdz^g|E-qB` z25S6PDk3)6n>y@e9*`=*jL7!T_5e?>mW^QgP8@yE|6;W*F_D6g(f;)%zR>2O^ntec z-m~Zk{#t-)&c6e!rk+<&S8~l@ql9lXx53L=83U%U<$`qAY19E#yEw z&oe72!$XQa`UZ7M&LoE_Q{}yaI!k(#YbEIn_Mb(g1!;%+j2>N^9LL67dZ8{gDC%ZK zTWt=vL8~VZIXLYq_%Ied^lzw{!z@Nm3T$fH+08W6^d>rr9qs;UjIpz3Ox~+8%kyp5 zy6V*Sc2s1cn_dmlO+q#|^(`7KSy~&Sl+;LOv;}2L*0e%Nx9e<=E=BV|dbcLU;csbs zfS{_Y1u0)02nogwkU1uo3(KS0!?T?125<>Z{()h*&E7hq#^+2w}bN#BxMc*3u57J8> zhj}Grd}%Uc-7yncK(e9rfh;Q^Mx1KVI#0A15DM$>WCbaU{w`XpKkBH@APXn!@042& zsD}>@bu~<4OzTD=qziQmF551Nioc?m2{(x9!k^A+79K9B`*)WXXX0@olEO9Dy#zk0 zdQ;!_Py?a!WE-ldw}#69s~)ChKSFMVb~;S~Ge3ZFuZA53RjOZ;DGEM@q+IgC1{ov1aMVqV#f z&5SQ7WmtQQm+W|BbA%QiMrOkE8GnkN;Wh0A84_#6F3j+05UfM%-W9SIFQZs4qlLzd zZ<_S&|5ZiShL&`}G_~R3xf>)=9ay1Q3G`r3e-^!0#@c7Rh^9%-cM{0gyf?U4z4b~5F=^`excnQx{$ zO!@5@V1_=azc&<`*$pRkzl^kb$vUD9m|;zDgnFj55gF0PFVa=H$dq;{9CcAXz-Ih1 z{?RBFkJxMg?rcAiC(gM^O*!mOEyxZ}EyreuHSFE6cdoN>NDV5Jk7neil$wi8xiQ_% zrQEFc;qe$bs+32X8k!0<)2HQTU~DO+9Htwe${RLh*pS?ieRD(i%?=wneDA&Y8gk%} zAvKfvG+S;K)6Nnf4r=clo;|eK*;3u9iBZb-+@qINRMFNXvyfF{7IzN+==;7E&S!VQbUOkyEPV&4?bVmR_IF7 z7@j>bUo&OWl<`Tihc*nU8H-hj{O4w|rZU`~Iu14i<{-^V`O;z6!Lw&g$Q_V`)19%9 zbK`mSSW~Fs*#lTbtvTANXt)L%YE2W{D1-h4*jCi76}GpY2)lNVaZR&yqU{ zx$@j|-d%QY2(aYho+V3rmR{7e9Z{DdkD|w;hGUEFTZ5v1(%G>>b_WwB)Q`G z8+(>s(6jVn-AsAC+;a9z%?NXm)fdy=7B#uDd*+*Kv!Wj)K5^(=j=XW3o7BCoph z#&_<0ZuM37esU^Q7`1qQ&$1*r&pLTayejWNmB$e;O|?T3f$8KGU;|hF(VQE%eGeFIaWM6Kb`k7r7$n9dPyX`$;iQLPB$!+G5!Q zUg(zY(!$YAO^2gZdY0VNv-JL+W!G38-_x_~aeP)heQD1U1S~Y>s;eLES#nL!lCvX; zdN`b<68>}*Q8QxI@+Veae*UVnxMLzIULElj&4bSv7TjDdYjbrHyx3_&Uq>Tv6L5D@sS`wDS=b8n$X>o8&oD>>b_^$wRXp|(gN$Z zUGdCgtCl~y`l?%2oqxHdNWH9WEtJ)rRC+QsF_lwUAwA2eMjDMi`G|DSvRiwWqM{z? zS^7lJGE~a5_^d@9mfWIyX&7XU#BPKXr1H|MA$phE8qt*sJ;%DpQdD42JIl`J?^*Vs2_O2ria4&i z@vN11(qT>Wr+QyH$4v{z49bRpy;6O5`BRe4x>Z-7xALKDked3+E@V1oXm;i0U+h`( z#jLG4syzo~S3g5vyzreDuc9N;tKPl(O8iNRx4EjOF|1b_HT|onF(|v@`4=_PsN*3_ z_bXwQV#U*UuRI^kMCYMaP=Ocd%70$lq#wp0$<4~=Z(sS`W%2l>k*zNEo~-mB*;;y; zMl>5I>wTbn=l+L!mc01R3(xUy&ytH*JpItBtMNfFJRF+x7D8rfR-SuFO1rEf;5!f9 zz4D6}4oAP-uU>!(lCnk;{LnK#kePZPujQym-C9)n;u}nvKS^038nly2YZmfEfeKl@oZ%v|F34M^CQ5b1)0eEemciwIx7q3XPm}UHcQ0A>7<&3*Qz52KQW`ob zn9LSTnP9e57P?xV?peE<(8#iC34<~%=;l-GP?IvRvBuAvcE-9S+;SsSsq3>)q2 zECc-QrbMxAP^gb<@VnO<_1qwtOP5-|INzm@(MVG{ndthkX12}-o@sd1`!jx>a^|0O zaECwK_j7x|uhW|Twq~F&z}gdLPiUWOIf1^rXSlta0w|S%Uo) zG{uUiX(+~gga?V|f7!UJZ+Lj+!&uDf(bi>mtKGAd{r|{dZEolg_KEM)on3ju&4aSF z`*vp!A44NygW?+6O%G0V6|YS4mxqqRSHJO_ydgY4XO{z{%t9y!iae3vacl(j%n!?ybmVkf_WECTpjA_c`7F1mEfYxA|DQOxN|u zj62;-NgKNOBgNHbHvd5s-87!4B+0Jf?$PY6?`(WRn$ZL%O;nyU zWqF4J*Z|^6;DMEoc<;TtyoX(9W@QLk*~#Oo3p2`C>sS_hmfR6ap-xUl=%hEoKz)@Ifk4c(;TFEk7^`k z9sB%1Exqh|>%%@JVa4DImYA_+qH14x`?A%`v8f(lx-VlId({LZ(_2xP#-_HBw#Up6 ziqx$tHVg}l`$!)x#wdA7Yz9!^)we&p;>DXR38JxD5E->n+EMkC)yk3w^xVt8uU9u~ z#-u5%jh%P5#2q?98tC%C&Zhc6CKxkxtqDG*8LceV&WvJ3&oGV}B@3GWg!lbUd5R z8V|;YmIkUO&bxo*Max-gTX`OH(lTkQp$&rq_vh%cD*Vw(Iw>>ddi4yoVOepNX^+gZ zfb9+*YC|$oDQ)BZw9jsHrB&hinV@7+!XN80tm|H569ud`ZSZ1VM$>DogXo2tJjM5yHi~;a^Qu&ZXfoKVSlD!7+QyVnM)ZmoA4cg_Ya`#XRlYL4 z+=hc-&iLv;hB*SyA+x=f7a!4HW4n?pZhIfSC^g@SdQ??8HU*cg<-|p$!Kx4PYlu)K z8QQ~Mt71YXtrZV{Wv#gM>7Hd+uE-@d|3EY}_ga}rq%Lj_7SnHAbv47}!>cYnZ{@?+ zbGu&Zq9XNVP4xfm2LE3Pxh#cl5z3h9Vp)&%{FN8pz@vnfcba)G^SW}C>z(^AVF|yA zlue#CZTjf(GtmI|n%22n3nO~;L4AjnH(3`LBw7?8<+OnJuFkT{nq7G`H+Q0iAT(?5 zd-T##Vf(}XQ^x+UxpV)qtGe?1{n>xTQA>y_jmtDlPex;F$ zyBgc&)FU*}{7?^Y{KQ~r90wAcK;r_3Dqap?8~9_&x61x0|H6FMT6^us+2`K6WrH*c zg0kzJ{aAZFzU#5qSuu5fPV_q3GuE953z{~3>`4DORgt8`Db%5MYz~RKARM2xBD*n= z$|v_%7{G?s!s@LT>xXiuq|$t=%`(gkTX+v zxkO)Jlhc3QdJ#@N+c|(3K63;JC90xIysYD4OGx@iFt1GjHFpGSLnISW*zp`6`xLAA zNU~0ZtVsj1AQno1MNJSEsl#R|ewVk$m_%951PG=^ZLYggyjdaev-+(bu|s0Ic$S@E z2BW*~+JEe+(F`yPf?%hL2q+)LH30TJMgn9xuSZ`vX5*5ww#Q1wWOnYp{%4IxoK>nn z+}yr#!O!k~c343dIYd}WBB~#NnBR9MgOa;CwP6E?<)i1msU0L44QrpUGzF|E6hqGc z`r_SXqQj!kCLLP&ejcZXg>nln037>y5Dg8xBCcmPS74(P=yi{RmBNzCcL0eAt98Dz zKM73hh#|YgtI@J6nj&>2BH5?J2*Jb%+qtK&$b9_SVQO&Vl4vdosK@lwg_MF|4L-Y} z{%n2`t@|fd!jv^?3|60cl6YANvLwEuUMF|^B_Ynxms-(=dl&;(7CrzT)9&LhpZVLZ%e`(bq?4)Kq8ZTbUB(aK0AEPG2t0g4(Wjl2VFy-xb#rOiqN7@* zWz6d!_C}tQ3XC47hva}#-C!{E}|WahWx!=f6cENXD_k6UkE z)}R_*AyYE0-d+dek;ix4QL5o81|VF7JV$LV zZUZ5O5prkPp?)vVg-U%EoHN!)IgB4UdueIIc1`Bh#ujl+;lU48^1|-m!Mk0gDU40f zqZw6sZHH|X)9NIHs~ka#TULt4L{Vehfy^9;cp1ovS|L;YrNS-V96rJA8z+$oWkJzd z`CDz6sI^KC!)1fUWGz;pP+;Yhp^nYvR|WY*rjp&UR0~#R)Cz|pFXfN#ng_cE=w2iM zQcE*Nu29Ss98Gb9gl(h(LNHu=(;P$hSS&xMrs}sgZ`qqt3DDZOhkHzX@lme3EjEvl z7jRC7qr2@dKPGXPb8<#xD@n;`EKkM)4QS-t{GwD~xwworqxSNrJ$T$o9Af}N;<$R- z>${36*{UrC&ocw7%V&*j8fLZ}fjfa}_q7T@bbeaC=OBh4ospI)jiMsWiQL?@aDy=R zRjy$6p9M!$TdIz*<{VUJJ{+nKaL3W&{Z+#WfYOpD)h%Q>*dQZnbzS|mxe{EmvCD%A znR}274JZ{qQ8q=`jJI>m>Q1pGl3<}JVWVIu6*^Uegd>A{+-hX!U?{G9XBlYSm_=MA zcE|Sr%JwtU7@coDWyDYwLpm1a>;lJWIaanis@N_9FkvQxU??HzZg!DURrKx|`PB;3 zLsh7f{Z=S+DdkCW>=^Qr1r;q_F8d7LwnVBiYzkXBR5kKBYuf4s+_uQFb%w+Md$+Z) z3Rj)m*EY7^bbSP>(cr0Yj2OBbVO)-XG$Tz|8z_&Zr@=q#R8$23?Xv-8iVrk6`JRHW z>g3}fQ=Q}dR?z3GLItX5#~4VQfsn}9XntXX|8nXVF+;@92AwxoiP)0}|N57Vx~86l z*Sd+agUkpmj*f*`O{k=h8Tsblr!3|Dw_7Bf`6EXBlo_D>`zK_Be~=O}LTtv^G1LP`zc)16c>mz=O~i=|4L-^)bPX z!Iz{laojA{Wr|y-oK%QRT)8$ezGCHFfar#Xu^9DYFND9`jt~nGM#HkW>XDeh(0I^! zd0GtWf5tSZKRu)*;`?*YbC)((&Z@_|>KpQhOrY1BAN*uWufnm1?aLo*e@=iTCw=4) zv4=uLUzTMM{ZDIme+N@TG_Ryl0~Bpu@nQ~(cJY2HViJ;qIzClwCk6Svc*HS|5EA;; zqv6YSqM0afo=k66c4(ZW^4hpb2C) zZ7Et9Ut+B;qNc`q2=wnJ+6p6Tepd~`t zXC`}I<}^fAR;r+XjRil%VK%3!yme%AK)~H$GK;O5$EFBm@)-1GJEF3o)TX_^0Cq#o2QM0rjjZPX;gdfUNzQg| zqvCp2ev1GdmUl(m!IWBV>AK{SrIm}Ols5dPD>5kUz4@zOzy-FO!3Vz|yxB6f8BI(F zZ)8u2*-@XJ;24~Qy#g+r9SW**0tbbjdAny-hrp9bZnM?1$QtA;6bGgOKFmZ*dRk&U zB0xnhDC+idNY84a8nVKZY|lYRD$EJQ$({<7iKBIvU8%HH1C1W1L-58PCaZ?>B8hCt z!#38n9#L(aZ>moldkq^|_9a)%!x&c-lCV7z(VlYf6$5axrv|4^-@Sz5R9RR#LvT&g zCOB&y2A%u69S2o&QpZz8$=2XQY!|h_=%$yF-pGemU79aiGfBzOb=8PqFD(n>uD&Pm z4$p4+!r=4IHM4@wLTjQ0*$gzsV)9lOt>htK7w@m0+mzBZfXvygH(uZRJ+DCqRisPH zL4#5-p=E6q*V~vYMDRfqGvTU_pdS+9?BWYJLjx=) zZr_k}rkVy=5&qzrGs?-C$*1StS8p-xh@P@RBHkH^AYW-rO#LB73-VdzU{UIrJZ`63? zK#$#7fuJJ_QMDLrL&1o{hncQsL%-_17}1sKvIK@69a~L~kqHr3 zY;HV(Vb7pMlNRg! zeKWYMh&E_V0;1XTV0Z1ip^_Td6Co`?u|lW9z0qX{s=+k`mnE_+!X9NK`l|#*E#x8> zivFU}C#`Ihwin8#!rZLacI(cYxtxW}C)EN8mz0$+ZoPVrfRW1Yj_hA50_-u_1gwr6 z-ehD9{{ix15#>C+GGhJqO~n1Y;sA&d7NC1jfpK>;(^Bl%yMag-@+t24(o&RDjek9v z2LU(S+J^#APznU)c21~FrWSz7$kXEiCet<6T>F-6^mejp2idzJCov;{q zb)xH=S(AFgtm<080FKdk+FB^_L=fV%NI~Uo#7JMaLo?6(YW~^KL#|N3tB8LT35Fx{ zq4-3qC6s4cu<_@#>axh-lcEii__rUXm1k0;U3z148AB+Zf-8`&5!QhtZV6FVUE_>+ zy=F0Jo<(>^XtS=x)a_h$xgL#PpoVrgZ@mk>pC|h4{s$sfxBG#-Tv{=P*brqIQItWF z?`6!QV*`5wiy~B@W)vM>684AUiCyp6vq54P!#eL_kbtZ2Ymi-^R))et33PZZ>be%PH(2li_ zSdyAY!3;U19Cw|ag>f3E7&V$Ku!{NVapd(T%U`!w!Fxq!x=U2kyu#W!eypD+GElTn z$v{zSD!kn74_<@f`3oJ(dtB{vB=;l48-MsTxx8L|w!phPCOcjqf=u%dxcBP5}_w#5$TEnn6yO}*D@1-ryy{=?)^^Hvf#nIQyNN$^M^^S;P zuZsS}jqElw-7#nQ8W7!&pXO7v8Y@^)MatQOhApH4sKyU%Q5YamdlmxOtI6bY^dnO) zWbR(_s33jt=O=a>eaK~|{4}28GtpB&ojo#pl)j$fN^(xn;FZC&l-6OaSdH8)((BLF zvUGQ=3h!_>O&=RS0jOc^#)BW!xH@wV)#_s5ISQuK>>bKrIc`Zi2Qdz%TV5gr!F=Zzr0>fJO4Cf zJcAnE7Yb8*KSLI{Wfvpa;Y-*gY*}DMo4)0S#s!u`t|ug653JIXc^2SeUojdN%Y)Z0 zdUQ=uFZb?;s04jf)MUsjKmPN_nzjPWfq9Pmb6eUTXESr847qB#Hz7Q<`Iu{|*1=}X zyaLuUXJPC$wbGj7jG>f*T_rAsUC4BF%gm@4 zftW~PuuiE;9LmOBP)%Gl*@Szg+sKFn0!ketXz=p5%!H~i&19@ zhE^ZUQ)76RvbPjcy)t}(vJe9+Y=_m|R35}BS--RPfmKRm`4=pXd!6|fYM8L~m$$@_ z7xupL4R@R)HPooU%?_*MP5J6L&6n!6?eJ=)qOQkC`3`R;<6rqgL2HXQ>cgQ!0);CE zKCU0|sNv+$7xKdh<|Xe&;?7wMlk7zQJw=cn`=r^801jj$3C~-kI$YfFG@$)uN@(#J zZTT$Ap$2wTQ4qoLd<$ZMSASYj&5+9-pmzBH#KfcwFoY{>!;Wahw<=0^5U!HhAybV! z?F+YWyyJ}{G8j?Vhmkr!vMPXL92*onfw}IL2REb9kJEKLG}=Vu;yGA9OLJmR{k6O$ zYK5$ZvRXwxgjVrm%!|;*&^J5mUQ5W6YO?DrDY4rw&uc>|(6iisDPO3~zTZ6Qxa{ZI zy_yi-C%Cds8cYnq$V;kJJ%x>4#WboDkeDWdsS&FvsH>XSZjj4GgVl0r5-=aKw62(Q zbWANKOLdhNU1KzY8JDQkxRG`>q`?&0c(flJyz-?Nsf8gYI)qJ2DXw;P*5KYptwmQW zOd&uAvjs6EJkay72Y)4YHn{3uzC*=!djQjxL+g@z3WCvA?`X#Q-NCKT1}D8DiMG?U zbpP;t))@UFt%a?DOkDzqpQeu!7t;-o9$F4q92$-U2U0zG!pc=$VKyk;j05sw_X5ST zGS^V1(@Z=}L!r±ATa_EJVW)qMXjU#96d|MJt&jc5`;$SVYrg0*7J)P2~eNzz>f z|9S{8vzjs$Z3V=zr}uaj?5FXFH#4$Oe{u^mM!fSb30MvQG;H=EVi4sJ`*s41M;X(> z2Oelll?f^K^fp(|iv~4xCqNXn`l%8%T&)=OYvT?4!ramsXVuj<*+gDg5A9; zsE}yrGtC>H)~JhN&K#gpYsOI<_l*sW@RrDT;1dKCu!PxR@#zl&$9QoPC@%?MB=G!*U>xb zS|J|Gq38}+&A)>w*x%b+tzfXr7<;9QxK!#zHzE3S!n&9cbR1eC#P@b83%t}W>)S^$ z#1fhxzDT=^Ru*m&>fnbW`P61Y>-a~I2&}8lsn)0=i|nK(wx&hjdsjPXteYw15k%DCsMIZv#aN>|!9ky|BdmN4K8WF^C=6I2Zd7zi+$;=eoZ(zu8RU9Qj%rQt`+%fNEHG4AcdazPYz z1*2$_AUAxa;Htl`?q1+23nv!tno@;5h;;CC`wC1}s88@mwy57On9{C~c5di9H_KUU zt6E7c8?|9nY*3ab3(bxGirM_+Ig9rYuCDGpY?lHO4Mw=-FRGrAs_};I3O-Y@RN}E^ zVTy>dOb1pvpEQkr_s3YUB^I1gva~@ILdmpM7z%?`CQW2}SYOg?xI!y2PykBai;#nd zA-hV^R0jb_h}LsT48y-+U(GSPz5oDe+^i`mDryD&#klbze&8>a4sC;{%Rn{6N5d16 zo_)CCE^woXT7Ht{38&XCsE5Uc=6>TpezBxOrCfJusaDhN1SIh)Uud)zO{%qlDp!l! zNog7Bnf=Z7#tVZtKKA~qn&T@T+~3@}`u5%5b)~DPr0vF=x)E8^-Q zn4=iCns~%#^u6RqX84D4XKPZ}^+={{hL7n3SV-z^<(bn8#p(t5B-uL(nj+PUQx$IL zV3!Bw?;qUT=zkyfA0By7=%hHFOXyPcr*@8d2P^JNfeK-rLIqbw+j<|4wR=_G2#SIg zgKQ!PC(TXpefqw;I&h=^{VoYW0=u(%Zj+dR-s181F&>xYXZb$Q=&^P+gb)9IqaUoX zFNr7_TP7(#mQEdRAFYxvLJ>$BrnTdAdQAiXb#koNhP2kH6-}oRsmyESwR(W|^#USl zA$N&{8KYh>sWqJ*HQD5lElweqq~_XN%{&41~dkxp)%AU zQf(;OkayNYTkqCu5d_tSq}Taq+@#&zxkp3P9y&G1u01q~VyAs(CM;0t&3gk z>~=19OUu?Ul0hjJ8dXF63$OyNpeEyyMaepd^}PG~S6B|7hU>AZNI34vS-)FmcuUk* zD~2oO6+2nMA!7>gS>Yenz=Tkqe-n|#4HzEEx|ivQ#i#EQ4&KnVl`XWC+#7hzkkzi;qgfE)8cH{asT&jTTf^=^kQ_c7K}wl}qnceE$qm@QZ0RL3&=tu;Z?MZ)Ir( zU|kw_d%9RJKnmv18NOq(LLA1Sj_L)Vyy#^#Cks#hH{xZ#Mm@$L$wm_zrt*zuOxv1i z6oCgz%K|!qbDltvI2;3*ioGIkUm+_1VNtaBB}4HupAh4rq|M!Vm3th?KM2ktDvDtMr0YRa3* z=(_PKS|isD`P)xy=(m%ZJin?qbW%TrjF_PY(e|sBled9t(#=-!6IPJuHrSyKwS>i_ zld-{6M|brKADl$vuG?335xBd2#Bk+RHIgL&bUM@nmw5Q^h3K19TSzlTz7hBOtN;Iw zI+XM1fo)e>rG2>9Zgn%HTmhTgWTx_Num9)pc4zk;dABkjeJ~cBhB3>2OhX7ZoTgH}&g|zE_DviN(JFj|}B#)kL z zdS`#=ylG}#;E9^!UKI|s8%``78<|(d#AZ6FQn=EK;XI1h&W0X5{@T{(IDNrr##^!w zz8$y?^uC8xcvr6X8~un(%ncL(OL)a11w|0gBZHAZ;@TAVRP`cw?EFO`2_^;U0YWl9 zj>$z)=jtdaz!FK^84P+6v+5;}b(iEnYwby#MMb}*HYQVZ{r)liBkW?a*RD`eU?tIg z5mX8yNR@kfsfNTcz36*h0&w0xjAOA=<;G%&)@3WoqV@e`)L2q=!0ETn!J_O}z5r1^ zq~Qf=Yg#v!L`TnyDiD>og1e1d$j^iyV5ttt4S8nPY!!arv!S zRUkCgWl7o6=ePnm{`^}D8s538A?%Ij;pT@k{{&aKqR)3Z>b>v$L-UjJMbn$vxgh`T z5NcX#JXl2=423#P#>I}b3ff67=dz*!bJMArV!!23xZf_#s4o~Lgc_s@L7X33rof)U zPW4o?3imlae7`uX`szU>S?jaVy(+?V?as$ni&ncQchu5_slWV*Vqg*cIa_HwEIKj+`8K}$QVp9?xRb=6!8Jog=Fe8d(VjTt@ zwY8wBq>^`4%Vfu#Hk1nEqh*9u&1G|z-hL1EKbHqgl@(M$A;8sp^wyaw#LXk0Rx-(V1qZkALhFKyYQwEV zC%AI)&$bRxIWK;upFWgkA6lb7oN$qiYCNP?V%-Z;+Cm`|>?Tv@*LM?sYwgn34f{9@ zr>=@U0ITaB%?L;a_um_^tovQyDjYFQl+YS$?9@h6@XH6KHOqA;7tW%U~PoAv^F7U+CtM(!SV2?VD zVb6yH*bv0sMCcLHUW#OfO<>=PZrinFGV|TC-lE}%STrS+=y)cuhTtC8ZJEk!$PSU( z@P10AmKF%=X!Cx?Ycs(fsv>ebo)(wpvvR@q_1LuxzS>%gi!7z8>#!F-FXUoU#RI-U zz*|a2l_&o#%sMqSeT2Bm)bZ)(kIYU>*mgq;OCFaPi{t?8OuK|aUOh7VoP5K>K0Yq* z&K~a{+u^N){eV1i_>1hf6*H0zL{Wp{i8G3&sqYc zL!WdEw|CfB@{2I}Z~JqzQ%@h6Js_nXPHfMzbRSVlH?~f8Lc<^UMI%o*zCLwqcIvsA z<3iny=9$PGO?;r~|NBD!n11g(e&jvIC%Q>+Y@vT>Zf4SKKR2~7Lk+k6S#JW z#4`-dd?Pp{`|So_{DZJ<_BM@|n`?<%oVM!|{f9$~FqtkQGvU|(Ub=!jgfb)flrDk9}KRSm?@CC0o zPQ~BH@&_Z6$kCL1cJUu4HXVJa53Zch6*-!kI@W)VbxD9VX$Zbdv$XvgGv)4+Tjl%} zRKOw!96nHIAAD4Hh{4*{P$xRi9m3B(^9+r9btNHu$2gK%p6S%SH&VKV;GMhb*`*Pw1(8nV9?$#T-FwB_lqzsI4Q@Pxp^7gox$*;?rDtTj&ek z$we(4CeeJ9sfh7dW<);9q;e0Rg*?r;uk!Kn8O+{q`%_2zM`!1r*G@)L;i}dPbf8{IfI1b;;xL*$$&Es8yXhJah1%nqU#6%0MUH=wyuc7-HbU-^Ihr z{?3f1ZsBL&f9hYK{8>vrhVp&Qv>PFI1F!f{{McCn=on)tY4`OqjTp3NRF|ebf3SE| zNIwePR3N>?MMGzo$roojkd)0FKEg6`W`Dg~6OPa)u@rXrnT(n^z8)%RH=3Wv_L8CO zs^IcbG)QCpda;j)S#9q9jMxUM!iY&(k2VygU640}i4fOogn{|D*~PhI(?|4a1!7>9 zxg-7Q-(cPP2Nq`M=H+kg$N12~^r853H*6YlgswAnjhW7D!}8|9?6GHN4h8=k%P|*$ z&8TA$OZ5n9Z(;i2^un}LK}mUhVak3Bkl}9f!o2_1WK#k-S4$Zf#Y>$AS?0;--GTba zBFKv!N+V+IZcA4OSMxlShJA~$5b;8Z426UQ+Dmf;r8$>?3Kz;-nl5}NAOsl;R3|U= z6l^!KLzo3Ch?o(=C?Z??o9Vejv&SBp+3PD8Vj!uI0Z4-c#ZeKyC>HIFG@LAL*qq z)|6fQCeo(y+KLqA#5Qy@addug?)SI9JU1EEmroyWgEkYsJfZboj;1CNhbiGkA4jm; z(dmB=oeVjM7n&2@AIe9{BIvTYckC5AnX=vWtPub&3Jxqjnt$Ixc5)f4atSi&C;jBbyeHP<4vCJm1*by1YDtp!oveqHSehpUB%K6@ z-F^MfB&nJSrK)()B>GiEU1t5i0s=L~0g5k5^+Pn4gV(C`)CpwOo3lYDZI zt8J(6tgUcwOcE4vERrTyZf$?c)>YOieeW8bt)l!O^2wb4>iYw-1zip=q>!g1J(n-s z{^CXZu)QU~{F}@eAXSqS>LHH!PS+@Sk!c9Lq*<(R^906Mtz7ey#Ul$d$B)cV{zG^9 z+n=A2RoXY?1LTHSq>ru$4LI$kmFCd#Lt=eG@aelhdhA~xf8xiFJ=*+VyUAf6Yf-;j zoY#MxYWD5ZZ{ScLMh5F6Jtqn;A;!z$XY0yOvR1z#(7U_z@z%ME+n@b`hpgAbL?%;% zcmGp6z{mSnWiq|7o(#)ZL&mYJ?%Xet%9kX0EzF4f6f=?49j8dr8n7jb{!f8q&66YP zn$lt8wT~~N1tK-c)~+n|{*4nv&0dg9XDSW3X3uy4L``K(1V*VV->HV)q#icE7vYWP z@AZ98M2`J_v86&^XgX*K!Fdw}8$WbFNF?2rncQKTl_jf-2;UC~c(1@D3>{l@3pc_a z7zecjR(~45KA>+mg&fCZIiUd3;&hQ>i1&~lynKt7GnV0sGk?2vxn~zSB|1yh0FUbT zk$8d?`IT)sM$Ibc3nN(C&SABJv4R;qW;zVdWjposk2KsW7yuN9b1NE=ifLV^+XEE; zMN#oxN_XXY$fKkx5N?g9X9eHDx~Zab`|3@-;4HhH+}8}weRTKIjlbPm?s*Xjzwj}! z5Umogo0ix^RqS+k-R*hTu(7C8RTArqZ52w((f&}8o~T4}ys{a4=tOC4RQkKZ3R&U8 zmVT`|=Rif$$|F@G6?NH>tSYmub%oC=2X|HVF4@oP(y%RqNISedxb+pC9B8ICKZAWZ zc7W<#VFK9oaj-vqU}5Gr5;!*(m&OJow-ROCR@1TS zq<^K-kVJB>u-{Qcr7N|tE(ECxDD}u<2U=c7A(<+Hmp$G$dYLWSU3DYR7jQ6u=fORu z;PwLp)BmZd&MAr{$4^9nV5oYGnI(Bl1zIY`PI}owxNSUM?2$ zJpnFb3TBJgStCJN9*2)g!GogAl6oRc!#6={nIvUZ#ZbgTp>UrOwM^W|+~e{1v11>^ zXF~=k_ai4Bf9(6%%X`|#$Vnof(l}=D_G#o^>_+$oB>p0X1wKa+ePaxJ|7tJQU5d-6 zWsD-ft6GAetYXlr!Jwrt0Y|N>*<@3pSrOVumDi?a`)v;|39Ja82v3*OtP$EfSLGUB zXoS`pPfwT~IGQcZm~ChsgkWEt5PNPlM&SKWLtSpJHGE?M@n2bt{oc6ACEE}`%zkc@ zFOO)BYZgZmIETo6tzy7NfKupJut;}Jzj`ADv?4tZlY;^>SciF!J5`Hs^=U2dE%<9B zF+)0^aaamEB^C{$oFoj3|3ScEW?nwlA+-Z@Gsg~Lqgp*5N=kZPrB>Z5<$>THi`NJt z003f?LXRayCmQc7wv=4Et_FhQi?d;jIZ=f_d(it5D5s8|u5Vv|dFxMnt##w}*Kggu zLc?vgm_lm`cC+g@T~4ZmVqRg*d@xB*Bcpu~pzuq<*FgS=nY!?aeNRc(Y~+hzr#R6t zVu+u8~i#6Y9US1|eDsxNEglxnlAJu#~a47(a!Zf4vyQi8tBveXVT0 zl%E$;tVN=cd3&Lp8zo_;N#dvkirdfKqnkbK-9JDu<(BDWAiE} z6!*pW1abJyl>qH28<2QIIUClYa*zbPBmZpHtvkT~?DFX`@~LtgL&oqY)?9*3S&C62?QX zCllGrBM>E7hrCehW28a91E>3bH^%+^N_RMOvRN-8E$Fp%Y3YZ6rI#cYG|5sD1G}vb z&$P4=>+kZtyDgfxU^8!5lAkNw9D=YMhH{mV_ca(`!VZ)^K6hS#s7Ud~?Jqu3UvQlt zm~(LBU0fIZ=8j7HJsSOF`w~jg2pYkA_Re&tv6xyp$D};)w$6*)gBDk$t_n=X6$O%(kH~b=@!k`4VHeM1!BF1bDTLX)5-f$@Vv!n+f?k@)8)Q#?t zFcCHB&CpTN8*T+@d_>HiUqjSeL`+V!=WQherf~qKYkKbll?V-h8)r<|n+b}u zW)D0Ru@E0dTiJe*W8f9;0YF@p^eG!aZs_XODA5q|k`~ulg9!d654EMjLe3t^ zk2gQ@r6RGQ7ewS3HuPI>r?*ahq-g%y)+cLQFK{G)A)wj0t<@I?SNN5yeb)==eOsS= zKrVDCxV)=Qqi^aV{->-I?QELi8(Q+W+Ikg*=SJ__Xu#@9Thv+LYB}~SFpKQ=>PC7} zbb*@~n(Gy1Jo2&FWyZponDlm4AFG}cbCE)dNm~bzgjJI=lU2E_hR*|6x5+V0Ba%J& z0Aj`RM_YNF;!&}#*ck-Tl-;S;vWD0My~5X7r8Z0vi_Ol`q-vy1)7HR7EEcj-;_RS% z-@ANg^-Cl!R?9_kBxn`C8zNef84*oU(n8w;S7%`*8CGnCTF9^Xfs-(iPi8erZV=pX zm^{oJh&gNwGgv&!-72j>MU6>mjV$<@K9;yWU{$~Tup#O;X@P<_>Mg*}o#suCB@XFo zCgU?P3z87%qRW_r7PK7iosR6AoC~W!H|IyQi{aXEcK74Oi#lfM#7yWnB5|V z8HrDy(oZ?CWPu_$a@bgx;+YPX!tkX}sQZ}t7^5e>S6(#-J|A(W(a?)swl?;KMzBe^WnVq(pm*f6o2#c4T8QgYq51vI z?VC4&7lL+L&PkB&{aUT~@Lv7TBRrOAfYvLb?uxhUC4ZM1yd%>y+@J{e0QNRk70s23 znS~?IhTFdZx#iQqc2e-$3st`xCM>4l;*7h{LgG~X{`jH8KlNTRx@h*U_J3B(U@O)J&X zi4*x%7R|2qr;bg_bs|LjCV>6CqBXma(s7eTypFcz^j(j#4;&|wZK)13JAA~pI8&#T|BpR{uYlG%dTBq9hp z@w8x}RS6IfjdKMxnJKGukh=0#Bt4rYjv=Mm+|N8DH@b#zYXtrh)=KNA zL853ThC#y%fW>;kAjY8`9%e<0j_NE=X4|N>ms*Sgiqr3nhXK+!et~2*DaWrT1%zt%$^k248>T=RVL0))RvjAsZdyn#8z)GfNn}$vQ01 z+LU0!H$D};{q>i3KBIr;wOF1RpDg1iJRA8dXFC4gub<%D!<&I<8Q3;RCp-T_6aUwm zgM6s{z{1qbtfDF@Fg(#qEvZ1w^B}HY9XP)DEA`qMt~cqWbISR+_;mC*Rp3uk-X~XB zTj}Mn`u1>(PamCG_|-Ff+sj6jvFGn)*qYUvXXKlM`YA@`wtxATpEN(3;VQ|TY>ulD zcO?uXzw(&+H8->(I-DWLjQ@cl1gY>x1*D?Qu1WA(qVB{qIdjgJpDj#ffmr9NyMMUi zrZx-AIw_io{P&49(g{uW=)gKS{l)f6zYAZgTTMMERLnJ2Ee!GMTN(C)!WR{o@ z!UnU@vaso7(#^jY$|5}Ef!{t|#+9rafE!{5(lG-(tZGlri-QAzp4U_3e6=}NNE{D+ ztq$F9JOUSaKtQ!W{tZ5meyzh3(JpzO;?mmsl_dm@n>Hk5jN*D8iYGFa$&vaf%E6Rj zZ!SZSY9&SXg%MM_Wq%_{YZb`KP;AJgD=NbOAaYOlMUkh@)!q5v-N7rT_cw_lMUg{?hz8GEhbg=GmKxBx95ShXFo?Mj2J}QY zr#-!5=%7#Rv_khwoUnP^K!Go}0+U7d;s;T>=QdZDC3^tJzl<8T7JETcY1nhzNkp@w zoS4UEOF%_fdUsQ0idL8`Qlb#$>yCvvXu9vIYv78PJ8oqwOvP4Wn5YoS`B+6RK=LBK zlM&Z#k*76-l#AtHZQ^%B^w4QFJ0sz3u1Tb0YFi9(bf^M=Zec6x)4=foAf2_d__xG!GoVHwWqIo(f^D|k%RvEDAQw53gDSF5%6pmCr{`8o(II>*xU+_Jcn_0K z)89W5?@xT}JM%|>+51Hc zi*teUm(6#BVsWN=wECOvQ(sV(^yskHGnzkY^vHLqAXyPIRYhNaIXDfc7_(YKV&p%g zv|WwqQt0_(+h4+8=QPnpS&}G60|%j|%CtdNZUl3C2s%tH2H)QCcu-tL6$$zlX4V^! zn}VD02QgzL@Q{fO*dtjV{tz^3b+t5bXvymV007CA+PN~sMh0)vDPNqBh&~3v4hgR& zJS2GEGKtthtQI&>)fhME&|5cN<1c%#q0pkk@poZkelZ!L3>49-6V z5OU&WtapD)33}D%=8%vLazFsDu%BMtuqPD#NQ`Dl`H|Pc@#+GN{%sgG>MidNl%2|` z$9I)|#$i<9(GsbZiXDp+ku9~=sc$Khovz0c2_F8ATpRz74`bNg7!_f0>D*k!?nrlr zUixWk?L7$*$&q87FaU62<*Y4tYj&*chl39;GFq|7=DUNJ&katUdlYFS1jP|ifd?Yz zWG-@UJpPu&DzFNqkodDqsQ(e=0%}Lsob1?tNP!}_UQrs-UFH0Fa;~kBg6xVG=ukdQ zhrSYh(KwRkSWqqodQuq-mS=;34v74Ix`# zjtz%)A%^NF_RvbF4Q~L<@`78{XZCCMEsp5wHEA|C<@2 zt>md@<{5CdnLkQ@oPEtd_nCm!uynziUx?H6!sFT_l#Z;kb9y4CZ9@7m zBp^Ir4?EfWU&rPbj~}0%TVPhZR%B~t)SuF_r*GR}iE9lj?d1|s8I5p z1d5)SIbcHi%rxCSbOZS#kK5luH|hP;JoVE?+pLD|;ehVzwH{$^i9QjP&YmuxIzBx! zCvAoNxiDn@&~yB?h0Y!rASyoQ!qL|6I4 zM`nnG_YcAttsNbnUHC1R;R9btQ(L*O#7PUO>4OF{(6HLGsdn95&tkqgID72D1sWDx64X|J0fcHD9p zC`=ws{eDKWB{9BDH?KrJ(w~Rrk)`IDMfv_$BR$KUowH}_lN?3E#~I{Eqq5OFcUT&a z$7>-%=mUork3HLHGhwIuUidGpi^`*8hxYZpcktg9=k;7VZ_WN@`p9BmD7x^R$nL`7 zJ|(;^hRuZUk+Xm7-|0Il^JpjxCS5RbNxd{D>^)A;G|6Pcp#;Js$j_1CprI`PJq|Oq z#zSQLbH?uXI-mzk94xf#iMyhFJn4ZZf+f5`cSX?DprfFai_lLPv2x?QNar4g&h3=> z-Q7`7Z?}Q-Lcnb$U%FqEiYeRN^a=PUG3q6&ZXfqHt;DrR+PG^8x)(Q!jKS?MNtzPq z8nvX!UKzqM3Y+Cp6k0`nWPe!#`H$i!IjYd#;TYkv0M@YCbeR3K=T^?r4q$MZzvlu< zJ`Km|o`xqZh;r8BUhRxq^`63XP5pHC$m~&RMwB_j`9Wy35$G0+sAUm8vFt{yynxA( zqsfVZ13)Q;rN$Vqy`a_*Ty52F2r5OhnC!hSNt#sA&+6Qrukc(+P!7pQxg6H$$_|Sl zYm&c7&Ks%2f53TI@xVU-kCMG*LYb{tey~&Z(6}fJ6dFwj4&VqZlqyW6_+Bn)5rG4i zy|JlyZ*%1Mu zBy23&aa6X7)k5!;l(3p;Sp+fP$vny@gp)^wrJ_`?{^o{eJKNKXipJZjl33r~3jQCK C{Oz^? literal 0 HcmV?d00001 diff --git a/po/ja.po b/po/ja.po new file mode 100644 index 0000000..4a555b0 --- /dev/null +++ b/po/ja.po @@ -0,0 +1,3871 @@ +# Japanese messages for cryptsetup. +# Copyright (C) 2019, 2020 Free Software Foundation, Inc. +# This file is put in the public domain, to the extent permitted under applicable law. +# Hiroshi Takekawa , , 2019, 2020 +# +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" +"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-15 21:33+0900\n" +"Last-Translator: Hiroshi Takekawa \n" +"Language-Team: Japanese \n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" + +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "device-mapper を初期化できません、non-root で実行します。" + +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "device-mapper を初期化できません。dm_mod モジュールはロードされてますか?" + +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "指定された延期フラグはサポートされていません。" + +#: lib/libdevmapper.c:1198 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "デバイス %s の DM-UUID は短縮されています。" + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "不明な dm target タイプです。" + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "指定された dm-crypt パフォーマンスオプションはサポートされていません。" + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "指定された dm-verity のデータ破壊時の対応についてのオプションはサポートされていません。" + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "指定された dm-verity の誤り訂正(FEC)オプションはサポートされていません。" + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "指定されたデータの無改ざん確認のオプションはサポートされていません。" + +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "指定された sector_size オプションはサポートされていません。" + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "指定された改ざん確認タグの自動再計算はサポートされていません。" + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Discard/TRIM はサポートしていません。" + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "要求された dm-integrity のビットマップモードはサポートされていません。" + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "dm-%s のクエリーに失敗しました。" + +#: lib/random.c:75 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" +"ボリュームキーを生成するためのエントロピー(この文脈では乱数の乱れ度合)が足りません。\n" +"マウスを動かしたり、他のウィンドウで文字を入力したりしてみてください。\n" + +#: lib/random.c:79 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "キー生成中 (%d%% 完了)。\n" + +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "FIPS モードで実行中。" + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "RNG(乱数生成器)初期化中に重大なエラーが発生しました。" + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "不明な RNG(乱数生成器) の質(quality)が要求されました。" + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "RNG(乱数生成器)から読み込み中にエラー。" + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "暗号向けRNG(乱数生成器)バックエンドの初期化ができません。" + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "暗号バックエンドの初期化ができません。" + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "ハッシュアルゴリズム %s がサポートされていません。" + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "鍵の処理でエラー (ハッシュ %s を使用)。" + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "デバイスタイプがわかりません。互換性のないデバイスのアクティベーションをしようとしていませんか?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "この操作は LUKS デバイスでしかサポートされていません。" + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "この操作は LUKS2 デバイスでしかサポートされていません。" + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "キースロットがいっぱいです。" + +#: lib/setup.c:434 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "キースロット %d は不正です。0 から %d の間を選んでください。" + +#: lib/setup.c:440 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "キースロット %d は使われています。別の番号を選んでください。" + +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "デバイスサイズが論理ブロックサイズのアライメントに合いません。" + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "ヘッダが検出されましたがデバイス %s が小さすぎます。" + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "この操作はこのデバイスタイプではサポートされていません。" + +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "オフラインでの再暗号化中です。中止します。" + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "LUKS バージョン %d はサポートされていません。" + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "分離したメタデータデバイスはこの暗号タイプではサポートされていません。" + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, c-format +msgid "Device %s is not active." +msgstr "デバイス %s はアクティブではありません。" + +#: lib/setup.c:1444 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "暗号化されたデバイス %s の元になるデバイスが消滅しました。" + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "不正な plain crypt のパラメータ。" + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "不正なキーサイズ。" + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID はこの暗号タイプではサポートされていません。" + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "サポートされていない暗号化セクタサイズです。" + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "デバイスサイズが要求されたセクタサイズのアライメントに合いません。" + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "デバイスなしには LUKS 形式にフォーマットできません。" + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "要求されたデータアライメントとデータオフセットが合いません。" + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "警告: データオフセットが現在利用可能なデータの外にあります。\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "デバイス %s のヘッダを消し去れません。" + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "警告: デバイスアクティベーションが失敗しました。dm-crypt が要求された暗号セクタサイズをサポートしていません。\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "ボリュームキーは改ざん耐性拡張のため暗号には鍵長が小さすぎます。" + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "暗号 %s-%s (キーサイズ %zd ビット) は利用できません。" + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "警告: LUKS2 メタデータサイズが % バイトに変更されました。\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "警告: LUKS2 キースロット領域サイズが % バイトに変更されました。\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "デバイス %s のサイズが小さすぎます。" + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "デバイス %s は使用中のためフォーマットできません。" + +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "デバイス %s は権限がないためフォーマットできません。" + +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "デバイス %s を改ざん耐性がつくようフォーマットできません。" + +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "デバイス %s をフォーマットできません。" + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "LOOPAES としてフォーマットするにはデバイスが必要です。" + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "VERITY としてフォーマットするにはデバイスが必要です。" + +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "VERITY ハッシュタイプ %d はサポートしていません。" + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "サポートしていない VERITY ブロックサイズです。" + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "サポートしていない VERITY ハッシュオフセットです。" + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "サポートしていない VERITY FEC オフセットです。" + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "データ領域がハッシュ領域と重なっています。" + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "ハッシュ領域が FEC 領域と重なっています。" + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "データ領域が FEC 領域と重なっています。" + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "警告: 指定されたタグのサイズ %d バイトが %s の出力サイズと異なります (%d バイト)。\n" + +#: lib/setup.c:2286 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "不明な暗号デバイスタイプ %s が指定されました。" + +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, c-format +msgid "Unsupported parameters on device %s." +msgstr "デバイス %s のパラメータはサポートしていません。" + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "デバイス %s のパラメータがミスマッチしています。" + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Crypt デバイスが一致しません。" + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "デバイス %s のリロードに失敗しました。" + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, c-format +msgid "Failed to suspend device %s." +msgstr "デバイス %s のサスペンドに失敗しました。" + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "デバイス %s のリジュームに失敗しました。" + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "デバイス %s のリロード中に致命的なエラー(デバイス %s の上で)。" + +#: lib/setup.c:2735 lib/setup.c:2737 +#, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "デバイス %s を dm-error にスイッチできません。" + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "ループデバイスはリサイズできません。" + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "デバイスの UUID を本当に変更してもいいですか?" + +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "ヘッダのバックアップファイルの中味が LUKS ヘッダと互換性がありません。" + +#: lib/setup.c:3058 +#, c-format +msgid "Volume %s is not active." +msgstr "ボリューム %s はアクティブではありません。" + +#: lib/setup.c:3069 +#, c-format +msgid "Volume %s is already suspended." +msgstr "ボリューム %s は既に停止されています。" + +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "デバイス %s の停止はサポートされていません。" + +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "デバイス %s 停止中にエラー。" + +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "ボリューム %s は停止されていません。" + +#: lib/setup.c:3146 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "デバイス %s は再開をサポートしていません。" + +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "デバイス %s の再開中にエラー。" + +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "ボリュームキーがボリュームに合いません。" + +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "キースロットを追加できません。全てのスロットが無効でボリュームキーが渡されませんでした。" + +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "新しいキースロットを交換できませんでした。" + +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "キースロット %d は不正です。" + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "キースロット %d は非アクティブです。" + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "デバイスヘッダがデータ領域に重なっています。" + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "既に再暗号化中です。デバイスをアクティベートできません。" + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "再暗号化ロックを取得できません。" + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "LUKS2 の再暗号化は既に初期化されました。" + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "デバイスタイプが正しく初期化されていません。" + +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "デバイス %s を使えません。名前が不正か使用中です。" + +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "デバイス %s は既に存在します。" + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "正しくないボリュームキーがプレーンデバイスに指定されました。" + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "正しくないルートハッシュが verity デバイスに指定されました。" + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "ルートハッシュ署名が必要です。" + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "署名をカーネルに渡すのに必要なカーネルキーリングをカーネルがサポートしていません。" + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "キーをカーネルキーリングにロードできません。" + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "デバイス %s は使用中です。" + +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "デバイス %s は不正です。" + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "ボリュームキーのバッファが小さすぎます。" + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "プレーンデバイス向けのボリュームキーが取得できません。" + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "verity デバイスのルートハッシュが読み出せません。" + +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "この操作は %s 暗号化デバイスではサポートされていません。" + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "このデバイスタイプはダンプ操作をサポートしていません。" + +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "データオフセットが %u バイトの倍数である必要があります。" + +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "使用中のデバイス %s を変換できません。" + +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "新しいボリュームキー向けのキースロット %u を確保できません。" + +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "デフォルト LUKS2 キースロットパラメータを初期化できません。" + +#: lib/setup.c:5851 +#, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "ダイジェストするためのキースロット %d が確保できません。" + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "カーネルがカーネルキーリングをサポートしていません。" + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "キーリングからパスフレーズが読み出せません (エラー %d)。" + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "グローバル memory-hard アクセス直列化ロックが取れません。" + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "プロセス優先度を取得できません。" + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "メモリをアンロックできません。" + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "キーファイルがオープンできません。" + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "ターミナルからキーファイルを読みこめません。" + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "キーファイルを stat() できません。" + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "指定されたキーファイルオフセットにシークできません。" + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "パスフレーズ読み込み中にメモリが不足しました。" + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "パスフレーズの読み込みでエラー。" + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "読もうとしたら入力が空です。" + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "キーファイルが最大サイズを超えています。" + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "指定されたサイズのデータを読み込めません。" + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "デバイス %s は存在しないかアクセスが拒否されました。" + +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "デバイス %s は互換性がありません。" + +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "デバイス %s が小さすぎます。少なくとも % バイト必要です。" + +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "デバイス %s は使用中で使えません (既にマップされているかマウントされています)。" + +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "デバイス %s が使えません、拒否されました。" + +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "デバイス %s についての情報が取得できません。" + +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "ループバックデバイスが使えません、非 root ユーザで実行していませんか。" + +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "ループデバイスのアタッチできません (autoclear 付きのループデバイスが必要です)。" + +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "指定されたオフセットはデバイス %s の実際のサイズを超えています。" + +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "デバイス %s のサイズが 0 です。" + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "要求された PBKDF の目標時間は 0 ではいけません。" + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "%s は不明な PBKDF タイプです。" + +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "要求されたハッシュ %s はサポートしていません。" + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "要求された PBKDF タイプは LUKS1 ではサポートされていません。" + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "PBKDF の max memory や parallel threads は pbkdf2 の時は設定できません。" + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "%s について強制される最小繰り返し回数が小さすぎます (最小 %u)。" + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "%s について強制されるメモリコストが小さすぎます (最小 %u KB)。" + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "指定された PBKDF メモリコストが大きすぎます (最大 %d KB)。" + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "PBKDF メモリは 0 ではいけません。" + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "要求された PBKDF 並列スレッド数は 0 ではいけません。" + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "FIPS モードでは PBKDF2 しかサポートしていません。" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "PBKDF ベンチマークが無効ですが繰り返し回数が設定されていません。" + +#: lib/utils_benchmark.c:191 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "PBKDF2 と互換性のないオプションです (ハッシュアルゴリズム %s)。" + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "互換性のない PBKDF オプションです。" + +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "ロックを中止します。ロックに使うパス %s/%s が使用できません (ディレクトリでないか存在していません)。" + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "警告: ロックに使うディレクトリ %s/%s がありません!\n" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "ロックを中止します。ロックに使うパス %s/%s が使用できません (%s はディレクトリではありません)。" + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "デバイスオフセットまで seek できません。" + +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "デバイスのワイプでエラー, オフセット %." + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"デバイス %s の dm-crypt のキーマッピングの設定に失敗しました。\n" +"カーネルが暗号 %s をサポートしているか確認してください (syslog にさらに情報があります)。" + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "XTS モードのキーサイズは 256 か 512 ビットでなければなりません。" + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "暗号の指定は [暗号]-[モード]-[初期ベクタ] という形式であるべきです。" + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "デバイス %s に書き込めません。パーミッションがありません。" + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "一時的なキーストアデバイスを開けません。" + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "一時的なキーストアデバイスにアクセスできません。" + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "キースロットを暗号化中にI/Oエラーが発生しました。" + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "デバイス %s を開けません。" + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "キースロットを復号化中にI/Oエラーが発生しました。" + +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "デバイス %s が小さすぎます。(LUKS1 は最低でも % バイト必要です。)" + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "LUKS キースロット %u は不正です。" + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "デバイス %s は有効な LUKS デバイスではありません。" + +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "要求されたヘッダバックアップファイル %s は既に存在しています。" + +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "ヘッダバックアップファイル %s が作成できません。" + +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "ヘッダバックアップファイル %s に書き込めません。" + +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "バックアップファイルが有効な LUKS ヘッダを含んでいません。" + +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "ヘッダバックアップファイル %s をオープンできません。" + +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "ヘッダバックアップファイル %s を読めません。" + +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "データオフセットかキーサイズがデバイスとバックアップで異なるのでリストアできません。" + +#: lib/luks1/keymanage.c:325 +#, c-format +msgid "Device %s %s%s" +msgstr "デバイス %s %s%s" + +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "LUKS ヘッダが含まれていません。ヘッダを置き換えるとデバイスのデータを破壊する恐れがあります。" + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "LUKS ヘッダを既に含んでいます。ヘッダを置き換えると既にあるキースロットを破壊します。" + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"警告: 実デバイスのヘッダはバックアップとUUIDが異なります!" + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "標準的でないキーサイズなので、手動の修復が必要です。" + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "標準的でないキースロットアライメントなので、手動の修復が必要です。" + +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "キースロットを修復中です。" + +#: lib/luks1/keymanage.c:409 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "キースロット %i: オフセットを修復 (%u -> %u)." + +#: lib/luks1/keymanage.c:417 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "キースロット %i: のストライプを修復 (%u -> %u)." + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "キースロット %i: パーティションの印(signature)がおかしいです。" + +#: lib/luks1/keymanage.c:431 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "キースロット %i: ソルトを消しました。" + +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "LUKS ヘッダを書きこんでいます。" + +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "修復に失敗しました。" + +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "要求された LUKS ハッシュ %s はサポートしていません。" + +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "LUKS ヘッダに既知の不具合は検出されませんでした。" + +#: lib/luks1/keymanage.c:660 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "デバイス %s の LUKS ヘッダを更新中にエラーが発生しました。" + +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "デバイス %s の LUKS ヘッダを更新後の再読み込み中にエラーが発生しました。" + +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "LUKS ヘッダのデータへのオフセットは 0 かヘッダサイズより大きくなければいけません。" + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "LUKS UUID の形式が間違っています。" + +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "LUKS ヘッダを作成できません: ランダムなソルトを読み込めません。" + +#: lib/luks1/keymanage.c:804 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "LUKS ヘッダを作成できません: ヘッダのハッシュが求められません (ハッシュには %s を使用)。" + +#: lib/luks1/keymanage.c:848 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "キースロット %d が使用中なので、パージしてください。" + +#: lib/luks1/keymanage.c:854 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "キースロット %d のストライプが少なすぎます。ヘッダを細工でもしましたか?" + +#: lib/luks1/keymanage.c:990 +#, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "キースロットをオープンできません (ハッシュ %s を使用)。" + +#: lib/luks1/keymanage.c:1066 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "キースロット %d は不正です。0 から %d の間を選んでください。" + +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, c-format +msgid "Cannot wipe device %s." +msgstr "デバイス %s をワイプできません。" + +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "GPG の暗号化されたキーファイルがまだサポートされていません。" + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "以下のようにしてください。 gpg --decrypt | cryptsetup --keyfile=- ...\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "互換性のない loop-AES キーファイルが検出されました。" + +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "カーネルが loop-AES 互換マッピングをサポートしていません。" + +#: lib/tcrypt/tcrypt.c:504 +#, c-format +msgid "Error reading keyfile %s." +msgstr "キーファイル %s を読み込み中にエラー。" + +#: lib/tcrypt/tcrypt.c:554 +#, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "TCRYPT パスフレーズの最大長 (%zu) を超えました。" + +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "PBKDF2 ハッシュアルゴリズム %s が利用できないのでスキップします。" + +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "必要なカーネル crypto インターフェースが使用できません。" + +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "algif_skcipher カーネルモジュールをロードしてください。" + +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "アクティベーションは %d セクタサイズではサポートしていません。" + +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "カーネルが TCRYPT レガシーモードのアクティベーションをサポートしていません。" + +#: lib/tcrypt/tcrypt.c:793 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "TCRYPT システム暗号をパーティション %s に対してアクティベーションしました。" + +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "カーネルが TCRYPT 互換のマッピングをサポートしていません。" + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "この機能は TCRYPT ヘッダの読み込みなしではサポートしません。" + +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "ボリュームマスターキーを解釈中に予期しないメタデータエントリタイプ '%u' が見つかりました。" + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "ボリュームマスターキーを解釈中に不正な文字列が見つかりました。" + +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "ボリュームマスターキーを解釈中に予期しない文字列 ('%s') が見つかりました。" + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "ボリュームマスターキーを解釈中に予期しないメタデータエントリー値 '%u' が見つかりました。" + +#: lib/bitlk/bitlk.c:479 +#, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "%s から BITLK シグネチャを読み込めませんでした。" + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "BITLK version 1 はサポートされていません。" + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "BITLK デバイスのブートシグネチャが不正また不明です。" + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "BITLK デバイスのシグネチャが不正また不明です。" + +#: lib/bitlk/bitlk.c:510 +#, c-format +msgid "Unsupported sector size %." +msgstr "サポートされていないセクタサイズ % です。" + +#: lib/bitlk/bitlk.c:518 +#, c-format +msgid "Failed to read BITLK header from %s." +msgstr "%s から BITLK ヘッダを読み出すのに失敗しました。" + +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "%s から BITLK FVE メタデータを読み込めませんでした。" + +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "不明かサポートされていない暗号化タイプです。" + +#: lib/bitlk/bitlk.c:627 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "%s から BITLK メタデータエントリを読み込めませんでした。" + +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "この操作はサポートされていません。" + +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "不正なキーサイズ。" + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "この BITLK デバイスはサポートされてない状態にあるためアクティベートできません。" + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "タイプ '%s' の BITLK デバイスはアクティベートできません。" + +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "部分的に復号された BITLK デバイスのアクティベーションはサポートされていません。" + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "カーネルの dm-crypt が BITLK IV をサポートしていないためデバイスをアクティベートできません。" + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "カーネルの dm-crypt が BITLK Elephant diffuser をサポートしていないためデバイスをアクティベートできません。" + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Verity デバイス %s はディスク上のヘッダを使いません。" + +#: lib/verity/verity.c:90 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "デバイス %s が有効な VERITY デバイスではありません。" + +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "VERITY バージョン %d はサポートされていません。" + +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "VERITY ヘッダが壊れています。" + +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "デバイス %s の VERITY UUID フォーマットが間違っています。" + +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "デバイス %s の verity ヘッダを更新中にエラー。" + +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "ルートハッシュ署名の検証はサポートしていません。" + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "FEC デバイスのエラーが修復できません。" + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "FEC デバイスに %u 個の修復可能なエラーが見つかりました。" + +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "カーネルが dm-verity マッピングをサポートしていません。" + +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "カーネルが dm-verity 署名オプションをサポートしていません。" + +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "アクティベーションされた Verity デバイスが破損が見つかりました。" + +#: lib/verity/verity_hash.c:59 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "ポジション % にあるスペア領域が 0 埋めされていません。" + +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "デバイスオフセットオーバーフロー。" + +#: lib/verity/verity_hash.c:203 +#, c-format +msgid "Verification failed at position %." +msgstr "検証がポジション % で失敗しました。" + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "verity デバイスのパラメータサイズが不正です。" + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "ハッシュ領域がオーバーフロー。" + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "データ領域の検証に失敗しました。" + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "ルートハッシュの検証に失敗しました。" + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "ハッシュ領域を生成中に I/O エラー。" + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "ハッシュ領域の作成に失敗しました。" + +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "警告: カーネルはデータブロックサイズがページサイズ (%u) を超えているとアクティベートできません。" + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Reed-Solomon 処理のためのコンテキストが確保できません。" + +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "バッファを確保できませんでした。" + +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Reed-Solomon ブロック % バイト %d を読み込めませんでした。" + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Reed-Solomon ブロック % のパリティを読み込めませんでした。" + +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "ブロック % のパリティが修復できませんでした。" + +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Reed-Solomon ブロック % のパリティの書き込みに失敗しました。" + +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "ブロックサイズが FEC と合っていません。" + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "パリティのバイト数が不正です。" + +#: lib/verity/verity_fec.c:265 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "デバイス %s のサイズが不明です。" + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "カーネルが dm-integrity マッピングをサポートしていません。" + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "カーネルが dm-integrity 固定メタデータアラインメントをサポートしていません。" + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "デバイス %s の書き込みのためのロックを取得できませんでした。" + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "LUKS2 メタデータの更新の並列実行をしそうになりました。実行を中止します。" + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"デバイスのシグネチャが曖昧なので、LUKS2 の自動修復ができません。.\n" +"修復するには \"cryptsetup repair\" を実行してください。" + +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "要求されたデータオフセットが小さすぎます。" + +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "警告: キースロット領域 (% バイト) がとても小さいため、利用可能な LUKS2 キースロット数が制限されます。\n" + +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "デバイス %s の読み込みのためのロックを取得できませんでした。" + +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "禁止された LUKS2 要求がバックアップ %s に検出されました。" + +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "データオフセットがデバイスとバックアップと異なるため修復できません。" + +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "キースロット領域のあるバイナリヘッダのサイズがデバイスとバックアップで異なるため修復できません。" + +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "デバイス %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "LUKS2 ヘッダが含まれていません。ヘッダを置き換えるとデータを破壊しかねません。" + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "既に LUKS2 ヘッダがあります。ヘッダを置き換えると既にあるキースロットを破壊します。" + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" +"\n" +"警告: 不明な LUKS2 への要求がリアルデバイスヘッダにあります!\n" +"ヘッダをバックアップで置き換えるとデータを破壊する恐れがあります!" + +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"警告: オフラインの再暗号化が終了していません!\n" +"ヘッダを置き換えるとデータを破壊しかねません。" + +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "不明なフラグ %s を無視しました。" + +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "dm-crypt セグメント %u にキーがありません" + +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "dm-crypt セグメントの設定に失敗しました。" + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "dm-linear セグメントの設定に失敗しました。" + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "サポートしていないデバイス整合性設定です。" + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "再暗号化が実行中なのでデバイスのデアクティベートできません。. Cannot deactivate device." + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "サスペンドされたデバイス %s を dm-error ターゲットで置き換えられません。" + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "LUKS2 の必要条件を読み込めませんでした。" + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "満たせない LUKS2 の必要条件があります。" + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "操作がレガシー再暗号化とマークされたデバイスと互換性がありません。中止します。" + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "操作が LUKS2 再暗号化とマークされたデバイスと互換性がありません。中止します。" + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "キースロットをオープンするのにメモリが足りません。" + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "キースロットのオープンに失敗しました。" + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "キースロットの暗号化に %s- %s 暗号は使えません。" + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "新しいキースロット用の領域がありません。" + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "UUID が %s のデバイスの状態が確認できません。" + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "LUKSMETA メタデータ付きのヘッダは変換できません。" + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "領域が足りないのでキースロット領域を動かせません。" + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "LUKS2 キースロット領域が足りないのでキースロット領域を動かせません。" + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "キースロット領域を動かせません。" + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "LUKS1 形式に変換できません - デフォルトの暗号セクタサイズが 512 バイトではありません。" + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "LUKS1 形式に変換できません - キースロットのハッシュ関数が LUKS1 互換ではありません。" + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "LUKS1 形式に変換できません - ラップされたキーの暗号に %s が使われています。" + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "LUKS1 形式に変換できません - LUKS2 ヘッダ %u 個のトークンを含んでいます。" + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "LUKS1 形式に変換できません - キースロット %u が不正な状態です。" + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "LUKS1 形式に変換できません - スロット %u が(最大個数を超過して)有効です。" + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "LUKS1 形式に変換できません - キースロット %u が LUKS1 と互換ではありません。" + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "ホットゾーンサイズは計算されたゾーンアライメントの倍数である必要がありす (%zu バイト)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "デバイスサイズが計算ゾーンアライメント (%zu バイト) に合っていません。" + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "弾性(resilience)モード %s はサポートしていません" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "古いセグメントのストレージラッパの初期化に失敗しました。" + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "新しいセグメントのストレージラッパの初期化に失敗しました。" + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "現在のホットゾーンのチェックサムを読み込めません。" + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "% から始めるホットゾーンエリアを読み込めません。" + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "セクタ %zu を復号できません。" + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "セクタ %zu を復元できません。" + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "ソースとターゲットデバイスのサイズが一致しません。ソース %, ターゲット: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "ホットゾーンデバイス %s がアクティベートできません。" + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "実際の origin table があるオーバーレイデバイス %s をアクティベートできません。" + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "デバイス %s の新しいマッピングをロードできません。" + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "再暗号化デバイススタックのリフレッシュに失敗しました。" + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "新しいキースロットエリアサイズを設定できません。" + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "データシフトが要求された暗号化セクタサイズにアラインされていません(% bytes)。" + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "データデバイスが要求された暗号化セクタサイズにアラインされていません(% bytes)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "データシフト (% セクタ) が今後のデータオフセットより少ないです (% セクタ)。" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "デバイス %s を排他モードでオープンでません (既にマップされているかマウントされています)。" + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "デバイスは LUKS2 再暗号化向けにマークされていません。" + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "LUKS2 再暗号化コンテキストをロードできません。" + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "再暗号化状態を取得できません。" + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "デバイス %s は再暗号化中ではありません。" + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "既に再暗号化中です。" + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "再暗号化ロックを取得できません。" + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "再暗号化を開始できません。再暗号化のリカバリを先にしてください。" + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "実際のデバイスサイズと要求された再暗号化サイズが一致しません。" + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "再暗号化のパラメータとして不正なデバイスサイズが要求されました。" + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "既に再暗号化中です。復元を実行できません。" + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "メタデータの LUKS2 の再暗号化は既に初期化されました。" + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "メタデータの LUKS2 再暗号化に失敗しました。" + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "デバイスセグメントの次の再暗号化ホットゾーンの設定に失敗しました。" + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "再暗号化した耐性用メタデータを書き込めません。" + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "復号に失敗しました。" + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "% から始まるホットゾーンエリアに書き込めません。" + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "データを sync できません。" + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "現在のホットゾーンの再暗号化完了後にメタデータが更新できません。" + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "LUKS2 メタデータが書き込めません。" + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "バックアップセグメントデータを消せません。" + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "再暗号化の要求(requirement)フラグを禁止できません。" + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "% から % セクタのチャンクの再暗号化中に致命的なエラー。" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "手動でエラーターゲットに置き換えた場合以外はデバイスのレジュームをしないでください。" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "再暗号化を開始できません。予期しない再暗号化状態です。" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "ないか不正な再暗号化コンテキストです。" + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "再暗号化デバイススタックの初期化に失敗しました。" + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "再暗号化コンテキストが更新できません。" + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "空きトークンスロットがありません。" + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "ビルトイントークン %s が作成できません。" + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "tty 入力以外ではパスフレーズ認証できません。" + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "キースロットの暗号化パラメータは LUKS2 デバイスでしか設定できません。" + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "未知の暗号スペックです。" + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "警告: --hash パラメータは plain モードでキーファイルが指定されていると無視されます。\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "警告: --keyfile-size オプションは無視されて、読み込みサイズは暗号鍵のサイズと同じになります。\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "%s にデバイス署名が検出されました。既にあるデータを破壊しかねません。" + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "中止されました。\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "オプション --key-file が必要です。" + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "VeraCrypt PIM を入力してください: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "不正な PIM: 解釈できません。" + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "不正 PIM の値で 0 です。" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "不正な PIM の値: 範囲外です。" + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "このパスフレーズではデバイスヘッダが検出されませんでした。" + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "デバイス %s は有効な BITLK デバイスではありません。" + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"ボリュームキーを有効にしたヘッダダンプは\n" +"暗号化されたパーティションにパスフレーズなしでアクセス可能にます。\n" +"このダンプは暗号化された安全な所に保存してください。" + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "デバイス %s はまたアクティブで後から削除される予定になっています。.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "アクティブなデバイスをリサイズするにはボリュームキーがキーリングに必要ですが、--disable-keyring が指定されています。" + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "ベンチマークが中止されました。" + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s 計測値なし\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u 回/秒 (%zu ビットの鍵)\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s 計測値なし\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u 回, %5u KB使用, %1u スレッド (%zu のビットの鍵) (%u ms 計測)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "ベンチマークの結果は信頼できません。" + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# テストはストレージI/Oがなくメモリ上のもののため目安です。\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algorithm | キー | 暗号化 | 復号化\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "暗号 %s (キーサイズ %i ビット) は利用できません。" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algorithm | キー | 暗号化 | 復号化\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "計測値なし" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"デバイスは再暗号化のリカバリを必要としていなそうです。\n" +"本当にやりますか?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "本当に LUKS2 再暗号化リカバリを行いますか?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "再暗号化のリカバリのためのパスフレーズを入力してください: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "本当に LUKS デバイスヘッダの復元を試みていいですか?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"整合性チェックサムの初期化のためにデバイスのデータを消去しています。\n" +"CTRL+c で中止できます (初期化されなかったデバイスのチェックサムは正しくなくなります)。\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "一時的デバイス %s を非アクティブにできません。" + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "整合性オプションは LUKS2 形式でしか使えません。" + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "サポートされていない LUKS2 メタデータのサイズオプションです。" + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "ヘッダファイル %s を作成できません。" + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "サポートしている整合性確認方式が検出されませんでした。" + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "%s を on-disk ヘッダとして使えません。" + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "%s のデータを上書きします。戻せません。" + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "pbkdf パラメータを設定できません。" + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "分離された LUKS ヘッダでのみ少ないデータオフセットが使えます。" + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "キースロットのない LUKS のボリュームキーサイズが決定できないので、--key-size を使ってください。" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "デバイスはアクティベートされましたが、フラグを恒常的なものにできません。" + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "キースロット %d は削除対象として選択されました。" + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "これは最後のキースロットです。このキーがなくなるとデバイスは使用不能になります。" + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "残っているパスフレーズを入力してください: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "操作は中止されました。キースロットは消去されていません。\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "削除するキーのパスフレーズを入力してください: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "キースロットの新しいパスフレーズを入力してください: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "有効なパスフレーズをどれか入力してください: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "変更するキーのパスフレーズを入力してください: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "新しいキーのパスフレーズを入力してください: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "変換されるキースロットのパスフレーズを入力してください: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "isLuks は一つのデバイス引数しかサポートしていません。" + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"ボリュームキーを使ったヘッダダンプは取り扱いに注意すべき情報で\n" +"暗号化されたパーティションにパスフレーズなしでアクセス可能になります。\n" +"このダンプは暗号化された安全な所に保存してください。" + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "キースロット %d は unbound キーを含んでいません。" + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"unbound キーを使ったヘッダダンプは取り扱いに注意すべき情報です。\n" +"このダンプは暗号化された安全な所に保存してください。" + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "オプション --header-backup-file が必要です。" + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s は cryptsetup で管理されているデバイスではありません。" + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "リフレッシュはデバイスタイプ %s ではサポートされていません。" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "%s は認識できないメタデータデータタイプです。" + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "コマンドはデバイスとマップされた名前を引数として必要とします。" + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"この処理はデバイス %s の全てのキースロットを消去します。\n" +"デバイスのデータは使用できなくなります。" + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "処理は中止されました。キースロットは消去されません。\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "不正な LUKS タイプです。luks1 と luks2 しかサポートしていません。" + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "デバイスは既にタイプ %s です。" + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "この処理は %s から %s フォーマットに変換します。\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "処理は中止されました。デバイスは変換されませんでした。\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "オプション --priority, --label か --subsystem がありません。" + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "トークン %d は不正です。" + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "トークン %d は使用中です。" + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "luks2-キーリングトークン %d を追加できませんでした。" + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "トークン %d をキースロット %d に割りあてられませんでした。" + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "トークン %d は使われていません。" + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "ファイルからトークンをインポートできません。" + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "トークン %d をエクスポートのために取得できませんでした。" + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "--key-description はトークン追加には必須です。" + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "トークンを必要としています。--token-id を使用してください。" + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "%s は不正なトークン処理です。" + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "データデバイス %2s のアクティブな dm デバイス '%1s'を自動検出しました。\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "デバイス %s は有効なブロックデバイスではありません。\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "デバイス %s のホルダ(holders)を自動検出できません。" + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"デバイス %s がアクティベートされているかどうか判断できません。\n" +"オフラインでの再暗号化を進めていいですか?\n" +"アクティベートされていたらデータが破壊されるかもしれません。\n" +"再暗号化をオンラインで行う場合は --active-name を代わりに使ってください。\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "LUKS デバイスタイプが不正です。" + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "データデバイスサイズの縮小(--reduce-device-size)なしに分離ヘッダ(--header)による暗号化はできません。" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "要求されたデータオフセットは --reduce-device-size パラメータの半分以下である必要があります。" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "--reduce-device-size の値を --offset % (セクタ) の倍にします。\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "暗号化は LUKS2 形式でしか使えません。" + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "LUKS デバイスが %s に検出されました。もう一度 LUKS デバイスを暗号化したいのですか?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "テンポラリヘッダファイル %s は既に存在しているので、中止します。" + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "テンポラリヘッダファイル %s を作成できません。" + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s がアクティブでオンライン暗号化可能です。\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "再暗号化に必要な空きキースロットがありません。" + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "キーファイルは --key-slot と使うか、1 つのキースロットだけアクティブの時にしか使えません。" + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "キースロット %d のパスフレーズを入力してください: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "キースロット %u のパスフレーズを入力してください: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "コマンドはデバイスを引数として必要とします。" + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "現在 LUKS2 形式しかサポートされていません。LUKS1 には cryptsetup-reencrypt を使ってください。" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "古いオフライン再暗号化が実行中です。cryptsetup-reencrypt を使ってください。" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "整合性プロファイルつきのデバイスの再暗号化はサポートされていません。" + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "LUKS2 再暗号化が既に初期化済なので操作を中止します。" + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "LUKS2 デバイスは再暗号化中ではありません。" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr "<デバイス> [--type <タイプ>] [<名前>]" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "デバイスを <名前> としてオープン" + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "<名前>" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "デバイスをクローズします (マッピングを削除します)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "アクティブデバイスをリサイズ" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "デバイスステータスを表示" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher <暗号>]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "暗号ベンチマーク" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "<デバイス>" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "on-disk メタデータを修復しようとしています" + +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "LUKS2 デバイスを再暗号化" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "全てのキースロットを消去します (暗号鍵も削除します)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "LUKS2 から LUKS もしくは LUKS から LUKS2 形式に変換します" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "LUKS2 の permanent configuration オプションを設定します" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr "<デバイス> [<新しいキーファイル>]" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "LUKS デバイスをフォーマットします" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "LUKS デバイスにキーを追加します" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr "<デバイス> [<キーファイル>]" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "与えられたキーかキーファイルを LUKS デバイスから削除します。" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "与えられた LUKS デバイスのキーかキーファイルを変更します" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "キーを新しい pbkdf パラメータに変換します" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr "<デバイス> <キースロット>" + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "<キースロット>のキーを LUKS デバイスから削除します" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "LUKS デバイスの UUID を表示" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "<デバイス> の LUKS パーティションヘッダをテストします" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "LUKS パーティション情報をダンプします" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "TCRYPT デバイス情報をダンプします" + +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "BITLK デバイス情報をダンプします" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "LUKS デバイスを停止してキーを削除します (全てのI/Oは停止します)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "停止していた LUKS デバイスを再開します" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "LUKS デバイスヘッダとキースロットをバックアップします" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "LUKS デバイスヘッダとキースロットをリストアします" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " <デバイス>" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "LUKS2 トークンを操作します" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" は以下のうちの一つです:\n" + +#: src/cryptsetup.c:3395 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"古い <アクション> という形式も使えます:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +"<名前> は %s に作られるデバイス名\n" +"<デバイス> は暗号化デバイス\n" +"<キースロット> は変更する LUKS キースロット番号\n" +"<キーファイル> は luskAddKey でオプションで与えられる新しいキーのキーファイル\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"デフォルトのコンパイル時に決められたメタデータ形式は %s です(luksFormat で使われます)。\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"デフォルトのコンパイル時に決められたキーとパスフレーズのパラメータ:\n" +"\t最大キーファイルサイズ: %dkB, 最大パスフレーズ長 %d (文字数)\n" +"デフォルト LUKS1 向け PBKDF: %s, 繰り返す時間: %d (ms)\n" +"デフォルト LUKS2 向け PBKDF: %s\n" +"\t繰り返す時間: %d, 使うメモリ: %dkB, 並列スレッド: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"デフォルトのコンパイル時に決められたデバイス暗号化のパラメータ:\n" +"\tloop-AES: %s, キー %d ビット\n" +"\tplain: %s, キー: %d ビット, パスワードハッシュ: %s\n" +"\tLUKS: %s, キー: %d ビット, LUKS ヘッダハッシュ: %s, 乱数生成: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: XTS モードのデフォルトキーサイズは (2つの内部キーがあるため) 倍になります。\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: は %s を引数で与える必要があります" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "このヘルプを表示します" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "コンパクトな使用法表示をします" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "パッケージのバージョンを表示" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "ヘルプオプション:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "より詳細なエラーメッセージを表示" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "デバッグメッセージを表示" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "JSON メタデータを含むデバッグメッセージを表示" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "ディスクを暗号化するのに用いられる暗号 (/proc/crypto を参照のこと)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "パスフレーズから暗号鍵を作るのに使われるハッシュ" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "パスフレーズは2回入力してもらって検証します" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "ファイルからキーを読む" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "ボリューム(マスター)キーをファイルから読む。" + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "ボリューム(マスター)キーをキースロット情報の代わりにダンプします" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "暗号鍵のサイズ" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "ビット" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "キーファイルから読み込みの制限" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "バイト" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "キーファイルでスキップするバイト数" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "新しく追加するキーファイルの読み込みの制限" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "新しく追加するキーファイルでスキップするバイト数" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "新しいキーのスロット番号 (デフォルトは最初の空き)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "デバイスのサイズ" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "セクタ" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "指定されたデバイスサイズ分だけ使います (デバイスの残りは無視します). 危険!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "バックエンドデバイスの開始オフセット" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "最初の暗号化データのセクタを何セクタスキップするか" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "読み込み専用のマッピングを作成" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "確認をしません" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "パスフレーズの対話的入力のタイムアウト (秒単位)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "秒" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "進捗線の更新(秒単位)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "パスフレーズの再試行の回数" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "luksFormat 向けにペイロードを セクタ境界に合わせます" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "LUKS ヘッダとキースロットバックアップのファイル" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "ボリュームキーの生成に /dev/random を使います" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "ボリュームキーの生成に /dev/urandom (擬似乱数)を使います" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "オーバーラップしない暗号セグメントのあるデバイスと共有します" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "使用するデバイスの UUID" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "デバイスに discards (TRIM) 処理を許可します" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "デバイスかファイルにある分離された LUKS ヘッダ" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "デバイスをアクティベートせず、パスフレーズだけ確認する" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "隠されたヘッダを使う (隠された TCRYPT デバイス)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "デバイスはシステム TCRYPT ドライブ (ブートローダの対応が必要)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "バックアップ (セカンダリ) TCRYPT ヘッダを使います" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "VeraCrypt 互換デバイスも探します" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "VeraCrypt 互換デバイス向けの Personal Iteration Multiplier" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "VeraCrypt互換デバイス向けの Query Personal Iteration Multiplier" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "デバイスメタデータのタイプ: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "パスワードの質の確認を無効にする (もし有効なら)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "dm-crypt の same_cpu_crypt performance compatibility オプションを使う" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "dm-crypt の submit_from_crypt_cpus performance compatibility オプションを使う" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "デバイスの削除はデバイス上のリソースを使う人がいなくなるまで遅延されます" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "OOM Killer を回避するために PBKDF メモリのシリアライズにグローバルロックを使います" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "LUKS 向けの PBKDF の繰り返し時間 (ms単位)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ミリ秒" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "LUKS2 向けの PBKDF アルゴリズム: argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "PBKDF メモリコスト制限" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "キロバイト" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "PBKDF 並列コスト" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "スレッド" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "PBKDF 繰り返しコスト (強制する, ベンチマークしない)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "キースロット優先度: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "ディスク上のメタデータのロックをしない" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "ボリュームキーの読み込みをカーネルキーリング経由で行わない" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "データ改ざん検出アルゴリズム (LUKS2 のみ)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "データ改ざん検出が有効なデバイスのジャーナリングを禁止します" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "フォーマット後にデバイスのデータを消去しない" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "非効率的なレガシーパディングを使う (古いカーネル)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "トークンによるアクティベーションが失敗したらパスフレーズを入力させません" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "トークンナンバー (デフォルト: 任意)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "キーデスクリプション" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "暗号化セクタサイズ (デフォルト: 512 バイト)" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "セクタサイズ (512バイトとは限らない) のIVを使う" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "デバイスのアクティベーションフラグを持続的にします" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "LUKS2 デバイスのラベルを設定" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "LUKS2 デバイスにサブシステムレベルを設定します" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "unbound (データセグメントが割り当てられていない) LUKS2 キースロットを作成またはダンプ" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "json をファイルに読み書きする" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "LUKS2 ヘッダメタデータ領域サイズ" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "LUKS2 ヘッダキースロット領域サイズ" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "デバイスを新しいパラメータデリフレッシュ(再アクティベート)する" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "LUKS2 キースロット: 暗号鍵のサイズ" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "LUKS2 キースロット: キースロットの暗号化に使う暗号" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "LUKS2 デバイスを暗号化 (in-place で暗号化)" + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "LUKS2 デバイスを復号 (つまり暗号化をやめる)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "LUKS2 再暗号化をメタデータだけ初期化。" + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "初期化済 LUKS2 再暗号化だけ再開。" + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "データデバイスサイズを減らす (データオフセットを移動する). 危険!" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "最大再暗号化ホットゾーンサイズ" + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "再暗号化ホットゾーン弾性(resilience)タイプe (checksum,journal,none)" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "再暗号化ホットゾーンチェックサムハッシュ" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "再暗号化する dm デバイスの自動検出を上書きする" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[オプション...] <アクション> <アクション特有>" + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "<アクション> がありません。" + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "未知のアクションです。" + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "--refresh と --test-passphrase は同時には使えません。" + +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "--deferred は close でしか使えません。" + +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "--shared は plain デバイスの open にしか使えません。" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "--allow-discards は open でしか使えません。" + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "--persistent は open でしか使えません。" + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "--serialize-memory-hard-pbkdf は open でしか使えません。" + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "--persistent は --test-passphrase と一緒には使えません。" + +#: src/cryptsetup.c:3753 +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"--key-size は luksFormat か luksAddKey で --unbound をつけた場合か、\n" +"open, benchmark の時しか使えません。キーファイルについて制限をつけたい場合は --keyfile-size=(バイト) を使ってください。" + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "--integrity は luksFormat (LUKS2) でしか使えません。" + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "--integrity-no-wipe は format で integrity extension 付きの時しか使えません。" + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "--label と --subsystem は luksFormat で config LUKS2 operations にしか使えません。" + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "--test-passphrase は LUKS か TCRYPT か BITLK デバイスの open にしか使えません。." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "キーサイズは 8bit の倍数でなければなりません" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "キースロットは不正です。" + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "--key-file は他で指定されたキーファイルを上書きします。" + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "オプションに負の数を与えられません。" + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "--key-file は一つしか使えません。" + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "--use-[u]random は一つしか使えません。" + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "--use-[u]random は luksFormat にしか使えません。" + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "--uuid は luksFormat か luksUUID でしか使えません。" + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "--align-payload は luksFormat でしか使えません。" + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "--luks2-metadata-size と --opt-luks2-keyslots-size は LUKS2 で luksFormat でしか使えません。" + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "不正なLUKS2 メタデータサイズです。" + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "不正な LUKS2 キースロットサイズです。" + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "--align-payload と --offset は一緒に使えません。" + +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "--skip は plain か loopaes デバイスの open にしか使えません。" + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "--offset は plain か loopaes デバイスの open、luksFormat と再暗号化にしか使えません。" + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "--tcrypt-hidden と --tcrypt-system と --tcrypt-backup は TCRYPT デバイスしか使えません。" + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "--tcrypt-hidden は --allow-discards と一緒に使えません。" + +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "--veracrypt は TCRYPT デバイスでしか使えません。" + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "--veracrypt-pim の引数が不正です。" + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "--veracrypt-pim は VeraCrypt 互換デバイスにしか使えません。" + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "--veracrypt-query-pim は VeraCrypt 互換デバイスにしか使えません。" + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "--veracrypt-pim と --veracrypt-query-pim はどちらかしか使えません。" + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "--priority の引数は ignore/normal/prefer のいずれかのみです。" + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "キースロットの指定が必要です。" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "パスワードからキーを作る関数 (PBKDF) は pbkdf2 argon2i argon2id のいずれかのみです。" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "PBKDF の繰り返し回数の強制と繰り返し時間指定オプションは共存できません。" + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "このコマンドでセクタサイズオプションはサポートされていません。" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "大きな IV セクタオプションは plain タイプでセクタサイズが 512 バイトより大きいものをオープンする時しかサポートしていません。" + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "--unbound にはキーサイズが必要です。" + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "--unbound は luksAddKey か luksDump でしか使えません。" + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "--refresh は open でしか使えません。" + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "メタデータロックを禁止できません。" + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "再暗号化ホットゾーン最大サイズの指定が不正です。" + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "デバイスサイズの指定が不正です。" + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "デバイスを減らせる最大値は 1 GiB です。" + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "減らすサイズは 512 バイトセクタの倍数である必要があります。" + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "データサイズの指定が不正です。" + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "減らすサイズのオーバーフロー。" + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "LUKS2 復号には --header が必要です。" + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "デバイスサイズは 512 バイトセクタの倍数である必要があります。" + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "--reduce-device-size と --data-size は一緒に使えません。" + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "--device-size と --size は一緒に使えません。" + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "--ignore-corruption と --restart-on-corruption は同時に使えません。" + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "不正なソルト文字列が指定されました。" + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "ハッシュイメージ %s を書けるように作成できませんでした。" + +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "FEC イメージ %s を書けるように作成できませんでした。" + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "不正なルートハッシュ文字列が指定されました。" + +#: src/veritysetup.c:187 +#, c-format +msgid "Invalid signature file %s." +msgstr "署名ファイル %s が不正です。" + +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "署名ファイル %s を読み込めませんでした。" + +#: src/veritysetup.c:392 +msgid " " +msgstr "<データデバイス> <ハッシュデバイス>" + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "デバイスをフォーマット" + +#: src/veritysetup.c:393 +msgid " " +msgstr "<データデバイス> <ハッシュデバイス> <ルートハッシュ>" + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "デバイスを検証" + +#: src/veritysetup.c:394 +msgid " " +msgstr "<データデバイス> <名前> <ハッシュデバイス> <ルートハッシュ>" + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "アクティブデバイスのステータスを表示" + +#: src/veritysetup.c:397 +msgid "" +msgstr "<ハッシュデバイス>" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "ディスク上の情報を表示" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +"<名前> は %s に作られるデバイス\n" +"<データデバイス> はデータが入るデバイス\n" +"<ハッシュデバイス> は検証用データが入るデバイス\n" +"<ルートハッシュ> は <ハッシュデバイス> のルートノードのハッシュ\n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"コンパイル時に決めた dm-verity のデフォルトパラメータ:\n" +"\tハッシュ: %s, データブロック (バイト): %u, ハッシュブロック (バイト): %u, ソルトサイズ: %u, ハッシュフォーマット: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "verity スーパーブロックを使いません" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "フォーマットタイプ (1 - ノーマル, 0 - Chrome OS 形式)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "数字" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "データデバイスのブロックサイズ" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "ハッシュデバイスのブロックサイズ" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "FEC パリティバイト" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "データファイルのブロック数" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "ブロック" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "誤り訂正用データが格納されるデバイスのパス" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "パス" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "ハッシュデバイスの開始オフセット" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "FEC デバイスの開始オフセット" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "ハッシュアルゴリズム" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "文字列" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "ソルト" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "16進数文字列" + +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "ルートハッシュ署名ファイルのパス" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "破損が検出されたらカーネルを再起動する" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "破損はログするだけで再起動まではしない" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "0 埋めされたブロックは検証しない" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "最初に読む時一度だけデータブロックを検証する" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "--ignore-corruption, --restart-on-corruption, --ignore-zero-blocks は open 時にか使えません。" + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "--root-hash-signature は open でしか使えません。" + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "--ignore-corruption と --restart-on-corruption は同時に使えません。" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "キーファイル %s を読みこめませんでした。" + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "%d バイトをキーファイル %s から読みこめませんでした。" + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "タグサイズ %u、内部整合性は %s でフォーマットされました。\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "<整合性デバイス>" + +#: src/integritysetup.c:480 +msgid " " +msgstr "<整合性デバイス> <名前>" + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +"<名前> は %s に作られるデバイス\n" +"<整合性デバイス> は整合性タグを格納するデバイス\n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"コンパイル時に決められたデフォルトの dm-integrity のパラメータ:\n" +"\tチェックサムアルゴリズム: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "データデバイスのパス (分離されている場合)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "ジャーナルサイズ" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "インターリーブするセクタ数" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "ジャーナルをフラッシュする閾値" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "パーセント" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "ジャーナルがコミットされるまでの時間" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ミリ秒" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "ビットあたりの 512 バイトセクタ (bitmap モード)。" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Bitmap モードのフラッシュ時間" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "タグサイズ (セクタ毎)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "セクタサイズ" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "バッファサイズ" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "データ整合性アルゴリズム" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "データ整合性キーのサイズ" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "整合性キーをファイルから読み込む" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "ジャーナル整合性アルゴリズム" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "ジャーナル整合性キーのサイズ" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "ジャーナル整合性キーをファイルから読み込む" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "ジャーナル暗号化アルゴリズム" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "ジャーナル暗号化キーのサイズ" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "ジャーナル暗号化キーをファイルから読み込む" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "リカバリモード (ジャーナル不使用、タグ確認なし)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "変更の追跡に bitmap を使いジャーナルの整合性デバイスの無効にします" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "初期タグを自動で再計算する。" + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "--integrity-recalculate は open でしか使えません。" + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "--journal-size, --interleave-sectors, --sector-size, --tag-size, --no-wipe は format でしか使えません。" + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "不正なジャーナルサイズの指定です。" + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "キーファイルとキーサイズの両方の指定が必要です。" + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "整合性キーを使う場合はアルゴリズムの指定が必要です。" + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "ジャーナル整合性キーファイルとキーサイズの両方の指定が必要です。" + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "ジャーナル整合性キーを使う場合はアルゴリズムの指定が必要です。" + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "ジャーナル暗号キーファイルとキーサイズの両方の指定が必要です。" + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "ジャーナル暗号キーを使う場合はアルゴリズムの指定が必要です。" + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "リカバリと bitmap モードオプションは同時には使えません。" + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "ジャーナルオプションは bitmap モードでは使えません。" + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "bitmap オプションは bitmap モードでしか使えません。" + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "既に再暗号化中です。" + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "デバイスが使用中のため %s を排他的にオープンできません。" + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "アライメントつきメモリの確保ができませんでした。" + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "デバイス %s を読めません。" + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "LUKS1 デバイス %s を使用不可としてマークします。" + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "LUKS2 offline reencrypt フラグをデバイス %s に設定します。" + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "デバイス %s に書き込めません。" + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "再暗号化ログファイルに書きこめません。" + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "再暗号化ログファイルを読み込めません。" + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "ログファイル %s が既にあるので再暗号化を再開します。\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "古い LUKS ヘッダを使っているテンポラリデバイスを有効にします。" + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "新しい LUKS ヘッダを使っているテンポラリデバイスを有効にします。" + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "テンポラリデバイスの有効化に失敗しました。" + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "データオフセットの設定に失敗しました。" + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "メタデータサイズの設定に失敗しました。" + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "デバイス %s の新しい LUKS ヘッダを作成しました。" + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "このバージョンの cryptsetup-reencrypt は新しい内部トークンタイプ %s を扱えません。" + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "アクティベーションフラグをバックアップヘッダから読み込めません。" + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "アクティベーションフラグを新しいヘッダに書き込めません。" + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "バックアップヘッダから要求(requirements)を読み込めません。" + +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "%s ヘッダバックアップデバイス %s が作成されました。" + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "LUKS バックアップヘッダが作成できません。" + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "デバイス %2s の %1s ヘッダが復元できません。" + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "デバイス %2s の %1s ヘッダを復元しました。" + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "テンポラリ LUKS デバイスをオープンできません。" + +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "デバイスサイズを取得できません。" + +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "再暗号化中に I/O エラーが発生しました。" + +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "与えられた UUID が不正です。" + +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "再暗号化ログファイルを開けません。" + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "復号を実行中ではありません。与えられた UUID は中止された復号を再開するためだけに使えます。" + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "キースロット %i の pbkdf パラメータを変更しました。" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "再暗号化のブロックサイズ" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" + +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "キーを変えず、データ領域の再暗号化を行わない" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "新しいボリューム(マスター)キーをファイルから読み込む" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "LUKS 向け PBKDF2 の繰り返し時間 (ミリ秒単位)" + +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "デバイスアクセス時に direct-io を使う" + +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "ブロック毎に fsync() する" + +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "ログファイルをブロック毎に更新する" + +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "このスロットだけ使う (残りは無効化されます)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "暗号化されていないデバイスに新しいヘッダを作成する" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "デバイスを恒久的に復号状態にする (つまり暗号化をやめる)" + +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "復号の再開に使う UUID" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "メタデータタイプ: luks1, luks2" + +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[オプション...] <デバイス>" + +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "再暗号化で以下が変わります: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "ボリュームキー" + +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "ハッシュ" + +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr "暗号(cipher)" + +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "引数が必要です。" + +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "再暗号化のブロックサイズは 1 MiB から 64 MiB までの値しか使えません。" + +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "デバイスを減らせる最大値は 64 MiB です。" + +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "--new は --reduce-device-size か --header と一緒に使う必要があります" + +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "--keep-key は --hash か --iter-time か --pbkdf-force-iterations と使う必要があります。" + +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "--new は --decrypt と一緒に使えません。" + +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "--decrypt は指定されたパラメータと互換性がありません。" + +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "--uuid は --decrypt と一緒にしか使えません。" + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "不正な luks タイプです。'luks', 'luks1', 'luks2' のいずれかを使ってください。" + +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "端末から応答を読み込み中にエラー。" + +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "コマンド成功。\n" + +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "パラメータが間違っているか指定されていません" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "権限がないかパスフレーズが間違っています" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "メモリ不足" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "間違ったデバイスかファイルが指定されました" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "デバイスが既にあるかビジーです" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "不明なエラー" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "コマンド失敗:コード %i (%s)\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "キースロット %i が作成されました。" + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "キースロット %i がアンロックされました。" + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "キースロット %i が削除されました。" + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "トークン %i が作成されました。" + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "トークン %i が削除されました。" + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"ワイプが中断されました。" + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "警告: デバイス %s が既に '%s' パーティションシグネチャを含んでいます。\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "警告: デバイス %s が既に '%s' のスーパーブロックシグネチャを含んでいます。\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "デバイスシグネチャ検出の初期化に失敗しました。" + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "デバイス %s の stat() に失敗しました。" + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "デバイス %s は使用中です。フォーマットを始められません。" + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "ファイル %s を読み書き可能なモードでオープンできません。" + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "今ある '%s' パーティションのシグネチャ(オフセット: % バイト、デバイス %s)は消去されます。" + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "今ある '%s' スーパーブロックのシグネチャ(オフセット: % バイト、デバイス %s)は消去されます。" + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "デバイスシグネチャを消せません。" + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "デバイス %s のシグネチャが検出できません。" + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"再暗号化が中断されました。" + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "パスワードの質を確認できません: %s" + +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"パスワードの質の確認に失敗:\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "パスワードの質が確認できません: 質の悪いパスフレーズ (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "端末からパスフレーズを読み込めません。" + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "同じパスフレーズを入力してください: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "パスフレーズが一致しません。" + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "端末からの入力でオフセットは使用できません。" + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "パスフレーズを入力してください: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "%s のパスフレーズを入力してください: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "このパスフレーズで使用可能なキーはありません。" + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "使用可能なキースロットがありません。" + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "キーファイル %s を書き込み用にオープンできません。" + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "キーファイル %s に書き込めません。" + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "ファイル %s を読み込み専用モードでオープンできません。" + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "妥当な LUKS2 トークンを JSON で与えてください:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "JSON ファイルを読み込めません。" + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"読み込みが中断されました。" + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "ファイル %s を書き込みモードでオープンできません。" + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"書き込みが中断されました。" + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "JSON ファイルに書き込めません。" diff --git a/po/nl.gmo b/po/nl.gmo index 0c405b557e02472344b6fecca1059c0b1badd077..48055cbf107f2e37eec43f42901454f1bebf7957 100644 GIT binary patch delta 13508 zcma)?34B!L)$ngvL>56=6UcJ2CnPi32!t3QfrNcCfPjEFNp6xMlbK;=lE`Kh5Jd#B z2ZW-csHk;mRop&z>-(v7f7@zXwQ5y-)xLGt)~faUpL_3wXzTCy-JfUv=Xvh4o^zh% z2LJGCpTFGIr~8fJ{q`pqhOv~NV))V^!+0J&JjyUM|Au74=m&3u4F`CU9e)aw-~cjDf$8uhSOm-AL|6&~F0X+_q<;&w{XQ9nF$s>(=yp12AR~*6PB<1` z35Uab;Uf4Os8&eIbY_wYwZS^b3AMfBkUot;Bv6e)I0G(*)o@=o%0!fx zVICZk?Nls>THq`=9$pCx;FB;Beg?E`_+D+gO59!;4)|3qB9Ep|7A0Acg6ha01i;EQ4ywc9)k!59xcL`u-g_5+-3T zjS(-TDPuNd4n_p(zz)GI`Zw-JQB(aH>dd}}vtb6)sDo{=1l|dU!gruH{28P#V+g&g zOC~|J$YQ7+b-MY7p}OWisFwOY)QNlybLig~;B_**P%SVMYSf3Iu8M7tzKm<2HuRjE z|ACv|pGef1m%<6K6|&NdtDy-WhH9}lpjxyK>s%+01iN*{Whf>*(`6Ub=s)PDZ-rX! zImmy;$NcE>GBFE2G?qY}(JrVBUk}v+54-8(P%ZO4#JEN_mDOTrlwyDN%{n(@AJiG% z4mAdzf!g7xZhi)9Ybfby(1Z)2x-JB@;mhGK;luD07{DCU;6|vHd4M1F{l`!zbV@n) zSEU&Hv1u7gpdBPoJ3i#{S*R}f77mB`6PR8wCLwY__w#>np>b1=S# zI-pX_rUQy}qbx+Z395;{g2aW9T;ZhWLX&hD;y&YYNDcsvEwfqP+1&y`t0u&9hrBF>Dc3XI*nqCEIzuVY_LLeLWK_+9o=Q3@IW8xK1-*19C;#(kX z8oz_u(6Fft0#1Wi*Vqa5{bNwee+yG#Hs-2@wNOpJ6He6i{|E|`GrqJl@O!mmsuoDV z8ka$x(c@4}`aV=&_Nj3ORu0KBn&2pS6l%E#q1JmDs_DOlI-soS&OjHy68bl`qc9oc zUYHKQfa;^sGn{Dm!V#pWKyBa*h#QTKa2C89swKXKIPJI^sf<0dP9(2j@cVa1k608({|A2({s>-SqQN8~y}d0uyIC<*tY7iYFn~H@<_} zu!_-Ydks)svSAkX&p|mzhPvQUxB&hWs*h&Rc6PQcP+f5h>I{#=W|)ZMHAuUmc6cky zgl|J#b|=ks%9lXxun7)>+h8t~x!7Mv_8=L_@Gow`f4NMV=d9~0X!3qF)P}Y|b=6f+ zP5KBN3*Uiw&-fSA{i0^Rv(p8kmcPj5FQ5kXv)w3a>VHBuEn_ItPlMB8B5Z);;3lX8 zJOFjTcf&K_t8f`CWD{wFTcMWw2%2#4BFANgQ2SX8)#72O`$YEv6!pn%kUGW_@KiW_ zv2&%$g#Ag6hefa$roeL`MUC^I4)_JAmiY*dho>;QQ(y(u7@G+P!PQXPYk?=}`fo?k za1YdxJq9%xUxxbrRX7}e0o5`C>YV|aFpqRD)B!Ap+HnY$z%B6Z1jG0h)K%5A z)G)q*o8cF_{?EmJyU1uill>ol4e^GtV7U{NhoA<_%TQR96sxy`tTss4xWHr z@DoU28?9@cD8CzOgMWv*{5)qnTX7TA^eBrL7mBcP)+!z%TrsN^9ca#p7k{Rg1V?7yK}qz{{h z7kc1yxEjuZ*T59`K^OMd1_zw$_;@K)pN60Z?t{9#ehoD?zJ}W2xDC$My8vqWFq{nc zL-p~CunZ2`=nP;gEF|3y`@%ym4{yZ&TJbtEwBgsGz@eKQUtI^a;veA**nhJVtaG5c zVlz|=Jpy%x1GhNk=Rqek>GR}il z@DS7je}LM-sBKORoB?eg!qwz|02ATN?T$~^!ZD<`KojnVYT0{XEqouYfu0NPyCL^~ z6rJHSP&-c9;rQ$XWCSj_i9_1IujlGMxae+tTClvOYYH5i|PI^+I(od(ij8tIu( z2igp^-eIT%dI)Ll*g`?nWP&@n-w!l&QoQ}7^0i>^n{ozqK72XO9;D=B<9=+cwf9`(luO>W5 zhR*x}I0AkNb%q14aQ5z8cnax>@FZ9Zli@r#9k#+;cq=>^{tlY(bvP1!2Q@f{A8_u7 z1<*@+VmFFbw4fH;4XfdGFahfGe-T`5OefPWd}m{|+`Iry{>a{udcT z`3}frja!g&koa>Iimr!uaUUHwZ~#XDlhIEvhij6${} z`n=-6m_?bdTs<2-iq48OO40iu`m{MP2I~4>Nn$;6H}ZF6gj?vp(JRp@Vt;0DhWe~V zx{wEub;z%fTFU(azJx49u13lceexXGZv6~h1Nj2vAtb%q?d&-ci(MVnxKn?4baiNi z_v76bsKIF=jYt7`KZp7VGRdt!5?)98E~Em{6`?UUo_rtt2GM65(w)yw8ZZ2s!&8AC zf6hml>n5Is3wg)pWu(HF-F#gY`ec&#YglNfh;q`y(fh(8C{G|aA`c_%%*I4I`3npnPa^Rr38g>p`oXzSpP_IM z%t~0|oK~7SO@H*^fh{)AO1W_a#*jdv94Z2ovo_Nl;knps??G57CcuI?vnvW zk)MGC(H}>u(TBS4PeY%Ao`SsS=KUB4-Hcn|mB^owld1PlI0)gf`!^1u4dI186CBvL zi+c1G$eGArk<*Yqh(5n}(DVB(S{`lO1|LBZk*APqA288cj- z+N(fLFMTZfek$FBv?7^EJ$ch%0g{R&kiG%VgEL?;G7k9@@*xs`)}XwHe690OM)n~W zA|D|Ak^7JVG_n`QkVN!J@E6E9^iN?qTnuZFbVQ$#i2f7VWJI4@2R*-KXp7u;-=lY* z)$@wepBHD7egi2%pO0)r9}X{e%N=&9nCI$8T;@{lf6yatdLZfeb3e-G$Qk4vgI?!F zw|(bP{W9cq$FI)SwJT+Q}?IzCbo1A!G^pg?2&b<}shV|3dx`axdbMn&c7Pr%)orE!CIY zDd_)#cW4P@0P@ZO{#^o3zlD5(oXo;WMv9SIWCijeWpXL2&&kO5JV^&n96JNuyrtyj zXdxb!LxWv#Gnwg5p1nr2@-^gTxp||Y=KYa8jRJk*4UYWzi49TLmzJAO9%HhfKF9u? zc1wa(Wvmw~vr5j-nkrw`Wc4+&qmni~RUXVLlCQI#mH|2CvOXtM&dE6ymYrnOG{*d$ zQdOTUPvs1iS90>?`<(eQKQ~*BCwvz6AY zh#3m@ZnDVhku}~_+3d|99k0_741^ln%yz3i6xraFhrQ|Yrnf>8i>43mDH64$xHwf- z73KDfw#y&3dN+M#QMx=_lqjzhWyv>)S?raIizmvX#VaMLBrnyN!Te%=#uI8bTYb@1 z(?^Ec?DGe#Ca?HPvX>dPzL?L+4s}|QfG-?1yZo_Mb7tKPJKOt{C3+fki-ek+qgKpp z4n^eJk_w#iKP5B8TUsi<(){5@t!;g^Qd7u^YFu1Znv~Qlo94`oRwQJqrM>b}X$~@W z=$Uo(bC#}*8(qw@q?BHj{Mu5?Yz(!BnP@|Rij`&K`WUrxdFAMwc)_?|elWqN_{8O! zvLt!8EW7VUt4S&+q{>ATs^#ek>51AhRs78x?15QLW`nvdD#s@@%I5NNxvRWDz9|1t zzMD8!5+`L!a8jZyoseeWPLQup&yF%*e(gf&JAiS8ED&)NwFHb_lX zo~)}Xk*kmwsyri%Il)d}!2g5AGJZSnl?*5m{u%ft1FOP*;t*FNYl>j&Fm%<$NQZT zdF83KDeHrQ677c(3QwM49Fv{1E9e-nYQY}uSzv(Xnc8!WRUN`@LuT}8Q$ zcFT-*MA?C~WUr>E-AFTDd22?ooK~AFlWU7*U2UNps4bGGY9~uV-DEktE?Jh>Ri}A8 zINQ_AN@W?g&}J~EllBDyp)Os#yX>nYsr{-S!=WoLC3WB4!Yc{$@YJ2>T+wb}ME@ z=>Gnh`I0^>O=@PwU(87D7oSut)MCY2+0pDB!Q*lJ@=C(om{iV98S@hb zBr-Q&u9{maFV3xz)8?hkFsHN4hJDd!xHaO7T4r8$G~ZZkMcREq=7r_rvvBrkGcUr< z*lC$oFz$zZDWA70t(Wn81%OenyEx;QZ|9}T=kxxNLC%S)*i2X823+ZhyV5KFJAa%^ zTwqFcL4G&I*LPUan7XUoV|QtWtq40A18lT7O>}`^d=`w_C)yF_V4=A8hc$Jxh%p)6 zSxzi0cHUr9KsSJ&Xs56G^Xdh~^1^~L>9er7gjS<5UnItQw-=MYxp#BSya`V>(!X7h zWh{kx>9TrZmRztfH`A!^2nMw~LU-nz#Y@cgP?O~~mekEyx~P7MvBVdMN!FrUr2pbH z$zHrS)sAI5h)=}tiKsnx$Kv}Eq_jR;ik9}5s`4S|BjnM#f%0Je=wABJfu#(~IbnZW z|6J|{jw((a`{X6?d}@?RGtki%En%ktrG|Da>E+`FI~I>o#VgfI%hHTx!M0$iE2x{L zxxRya2dhTnKJv=Gr4{o0QvRovWx*a-I6dKksGfJ(xTg0@_Y~1X%{iw2<7<0+cg~;x zRNFrAdR3R@%TlCcS(@x$mLcV5X3MHG$H|d1!%2qQoqO)Mp`czaT%I9|kjV0S`D}T% zB(5;ajWa_5-7`2EaqWry%lq#ydbSm>gjb}4pI=(+DK7Dpl$oW) zl@m$}ic5-%2hI0IW1giEUoaZ*ab>GCr(0}y=90$Nj(`=U!4|WM0E!WB!ItXAkVPWs z4F+WX*@vdB@J#P$iB_8RmM(oW<~F0jX6Y%<+(P#B=KF#z9ljRJv()mno4%$dJvzK{ z{OnB$gXEmGmHZxBJ3nF2vG@3u#D?{POn~#R9cAu{; z<~7{xA!K70cB%lu^j_0cnPhz_7c@_k$D6B=T*+=35xXCJ=+vVfd&9c`&QqK2pmhb!o=(++~vCbnq*3IgV1N>2WZe5|QZ_ALG zZR6n#xuwv)NzWd-I+C@@K03Z#p-JyA*Staejc+e_q7dyYKbUe?c;=L^bj z+6yE*xDXjHhlA_k6Oj#dP>oX zUBj_@USAUO(z;A}Gn^*hhs&gF{bXrhZ_1wa1@gf9IZS%AjEz()2eeoXkq&>G6t<6* zRgp?Nugh<@DZ9cM1LC^Y*%BR$u@a&cjJMEkWlJyPX*m3dMe0i9dj}<5my9rqko+?ub(ky z8!O#vi^g2*aq;M|@OgzIcCN!9qb5r<_`MD$_<>UJKCMM42Klqnk)NY`PnoV2k_DmQwLU9d4ZK_1$a zA#ZNVmw}rnBgwLMbDDH-o|$OO40Ui<@~<=Pz%x6zJKMMWPd6vZ8=HsAr<*59{+2YD zD84O8vS~|=JiH}G-rZ6qkDcd{kIpNQvE8|{wYyy2>Rw;+pC;UUZvWvo6V$y_bxUt(RP!P$E-zjgfTZ@UGQ;jRk)BZrA#1zNYjzY2j+ebvqUfSRFVM zr$(KNwQiUiu`TSIUURm+NwhHWPRiR?jnp0ECi4ZR^$CQ=RyJ+@+W8MHg~9|zM;CuV zFzt(&ZY!ZnC(4bNdgS+))=JXuGTFO(j5O^ofb-<_-80186PDNaq~^5J@lRadV(vtwQFTnk1qrb(N&aM#OyE>VLp0zzC<;4S&rQl#`w^5@9 zb0=p}3(g61yvO+4gXPgH5r5gREB1UwICgc z4iA*g*AA6k*G`uguFaM&uC0^GBOYlzk|Dc}j2-EmefC<9hC@+5p5TuNM{@L~Ja=TI z{N+ft>VtGG`MGQBUHrQ2Ax3VKKf1>(%uRkE38q37BW(H9vx!ymZQVufuqIp*P}J3a*wX5 zUovC%vgP&_eV$CY(Wh7T-kEb)qx!YU*S>9GdzprMg4^Be8Z^{`O}5wVox!>4dwO;S zMygxA6=|}s@4b7dbv|SD^MG4-yGH%L|IX6v8?|p|?lRJC0FVGSqY}+j^^cURZOE~t;&1OPryFU={bFB{% z^+CPbw_6e0^LAM32jq!cS}ep>(U9(&Cm#FymZpTng%;oJ+zA5~cY8D2Y}gR92v7UZ zf0<^URxYu>9Pu&>{l^9KrTex#x%swCE*xXi%mw}+%aad%w;|^u)hzgqr3@a7^D literal 44375 zcmb`Q37lkAb^o6zs7+7;q9Uko#D*T}YG&9OhJjg`abRYg89;;)s=Hoy7hPS|bX83= z1eb_Ljf%lNao5BpF(%Q(#5Hk=n)r{JzvgdZ{Hsxk%ReqL8sq-|{?57gE!EXCLq2J} z{OY}T*K^M~_uO-r`Ql0Ud+B|WBgnPY@CrKZwFrwo&)ZAY?53GJ{>$A zd>?os_)p-2z;A)4fj1Ja9w6MNl+&6F3Hb4!j6d;ST{W21%M+4JyAb_z3U~;7Q>7!9C!o z!TW)$$b>ACGeNcYYVeWZQv$vcJfG)xgUa_iAf!qjvN}mlV49DD-!aPX<1==X9^^?Em``hE^ndA|VF zKdVTjd=G%4-)lkGBY77{S0T@Zm`d{{~e2e+AXvlP~c4J|5)%$y4|bBAvVw6x}}qrr@_g z_2cm*())8jwPPD7ez_S;!8-%~E_f2pe+{ZX{}EKb{0LM&r^3XLD!B}#2}uW3zrGO^ zy}kg7E)vw1VxXxf=l3M!~3f)alW1g#UIZE74L1J==nKN{r7-% zPL~N#{k0QRJ)Z=soIAj`gKq^-0H26ZTn_* zyaI$pl8*;GW~=wldQkMc38d?iyFkVN1h@nIDF}-vTTur3eg~-X-wo0Q$yY(u^D$Qv z2iyeS0X_$$E0bfldp?^%ST1=1$fxAvAf!r8q>!7zz2GkJouJA)=J6i?5^#*?9w`2J zHFzfYY48!?kH9m)lXiN)UI?n+m%yvQ7l7*D&x2=yKLC~A>3pqgQtN{1Vx7)D0;sJl-z$RJl~hbsJ!#RQSip_{0#7sJpVrUQ1Ij6 z{lPDR_XEEUickLylpKx1?22~@_!w{xsQ&4O=Qo0C$45c6>*wHaf@kjW_kRMaUEcsz zkF%cO`CSb@isuF>dfo}De|{gN3CTSmDl$25ujkVQMgP}<)8J>ov%z)y{QESh@?RaE zKMIPDKL-`>l>JVhjiC6Y4?Y-tDX4V62dW;Q1Vx`8f{J(YHLf?#10^r}LA^f+iXJZm z9|yi0R5@P*)y@;Ib-WN%f87YGzitB&wd4(84ZH^wf1G@s=T{532b|!27d%<0Is^3wt)|=C&}}` zpMjqMpEH>xuw1f#%I)>HfS2%mbHnw)?|_fw`Rky{JvQ_DJr)!{T?DG%p9G2?&jr=a zmw?hUe*`N1XTtNpgW}^;roCOG-~~L7gUWvryaN1na6R}Ta2@zd@M3V?jMKXdZsGZL zp!(|`Q2ci6tlP)ufv5322a3+m2G!12f%gNy2VMdG5WEn)u<7-k2UDK!26uw*0M))< zfRdNmEnd#`;3Ch@1|J9h1VjZUqjTsya1m6#?*cCZzYRWK-&_8?0FLqe7EtZ{dr)+L z(7czw9aO(I!85^Eg6DxB0>!`o35w6pYR;fL{Vd*Pnx{!SgyUHwQqazYA3S z4}j-`UjWsgzq;V{Iv1$*o@B^TCwIHh4DpLU0H8UJzB091D@u ze>Z|E@8zKC^Jk#S`x2;rJ*MmZdMPM6%!cPTfa>2*ftP{b1=XLmp4&y6K+$;y90y+m zs+>=NqVG4sUjt9-Ckd>V+y!m`e*m5co_EmsWD9sM&o_fA@5P|{^_`&d{UUfec>I!o z9|I+?+d-w91kVCr3Z4(XA3P8IK6nLq=50==8Sp}$p94xx{t^^jKM$(h^pMZHt^hCM z`3`U|_@|)qyZ`O32QLLr<@o?8{#XK4?rXqDfS&UjhB5b#b= za`y^Q^!js9{qtq;5^&@Wug?~68_!P%mEXre)$jYD>ixK<1U&?96Ooes_*D?ydGOXm2(TY7W@lv75FVs_5YRUx_qAnsvoZf z9|PV6s{VfhUJ8B5JHU5=O)z;eV=8b9sP_FOC^`6Xc)su@Ue5(k<-Y?||9l=?4gL(g3_SCt zKHfIKIi8n5#rrC#@5jE(`)M|4}cGQx!Vzaa3jxmfe!;e4Jw~+1RSA} z>aTI|a_}Z_ANX2O<@^VDKDhR`T`s3VJ--kX-+TlVUws{X0C>#r_&9q!sCJ(SJ{-In zdE@>v1V~ zrs9E@g3kgo@PnY*f7WZfJxx&G-wd|FuYzm9y|4B0=uYr5p5GUqe*&t0=e^GBbse~g z=jVf}$EUy(!5@O6%Wq` z_I(F@5cn&<@AW$kJb~x!;Bnx!;3#+iJRQ6fd<^(Ha1;1p@GS7SKX87Y08^eX0>!^i z1XZtja0L7fQ2ly0sC0h?D&9B1E5M(F_W^I_KXhfX6+~qv7l0|@v;2NI_-CO0770zB zw-8Pz=ns)j7Q^p<<+u1ke_tYe)P7a}^MUXPDe^zH@eJ~46I8#~5o#e%>5r!qGD7?l zPoc7scN0z}K>p++;{P642i5mi67;u&=YRK~)(6rj4-C(!kK}K{Z^7BbJ%J$E+XP+# zs=qGhcl`SYejH1HRg(R@KR|dMzu!jC--c3L@#5egtZjYtvC@YdNwbdd*Swn~EQCC6 z0e_R{<@O&2dc)ovy@D#!m!}~wx_tpF!56?U%*YkTG>?rUXR!Xh`zYqS5 zp!JqtfYN9B+wYL9=e>0E7Q*rT*56YJ_vg1{qWmXblV1EB;cvr-3qZ-{JHqn=NcR$c zi@z7bJHb}M{|?Xp0lts$Bf`7Fy9bf(Hhy0MK7^pZM}eEcE1^e;4vTBkU&Z;=}z2UnRVg z@b`rCLb~JmUH&_hhq>_W)%^Zngs%~#H~%l;JB0YREyUZ&i~k~w@O&&`MuF!KhloE8 zD7b=eF9iP&;qm-l3*Jmf_%n9eymu7vO5be2DYx@ct&A&m}yXa4X?P-hYy? zhu`}9453H3AJ418yMN;O3xwYw=8v;N-WVE=tD|J}#8i@*mEt|gor((p6?`%8X3j_?VB#*I%C^!HH0|Fd7LX@GkO zKM&8l!BvFo$nSB4lL$}Zc_e&4AAC{xeGm98!d}9o2$RJ933!kY|89>zK#djp`!eA* zg!2fmCp?UFbx?m({MO$wgy$1ZCNv0r!oLtMBV0?I&w~#JKM4LB;dcn%B|MYxD+K-h zI^j052x2CtM%iT?jrc{GJA9N&h6mTEZy={rxlH7=Hh!Jwdzm zUnjhZ@I=B@gv$vh5uQt!BaD%57W_70iV*+K4nJNQUw}U#97i~lG`|Jz3T569kXQD% zk>|hQ*FM4{`F$ecp`|!~#QPfIV%|Liyn&$p+3+^#_h`mY!b=EmA-s?9X~I^%Nk8aM zeEm!Qp3b{7?M;{q@$Rj>TQ%_R?}ns(0G&HN5bq-1J#ye(GP1rt)oXUz8`5Ss?X6s*)pi_#fpqGUdb>d#y4{7@ z#d4?DdgXn+cciWZ_PHuRtFta;yj;L)}HCjimYQ(v-HW7x@2|U zfqORX+_LT5w5hbl(!J)qvw;Xol}R^G{AA?1jeB?P5G@g`R_yG8;3>>Coh@eVUV6#X0pPK70tV%|%@AT6tUesINPTHq=omL~w1-g3(@w$zVO{(bYP3w`ScFs*E`a5tBaoGo~JFD70Hw0@6WouZdzZ=()z-}Vu#)`<MB)fjAWtpMuTo+I(GC9+xf`N%kMYcLi$b5IIzS!udWA(Xux_|GEt5+K{ zn>46RPR5C3V_@k*=I5JT(YEv{NI`>FyZy+M6R^#)Gr#%QKz8=b7%K1;)#jsNLE$T8Th zn`~^5M%FlQMo3{*B+I{=@Ot^l=DKokbjk|5VqlPCyVI`q7@wN$g?>-`>WQE(Iwrkp z_wGFmtf`35>64cU^Rien2@W6S+O2zc?7x0!B(Z9}VI(q3V;rt%*{`lRpgsu~+VF*P zJJ@NVyUcb#4<2kbj6tcgGMSpq=t>PvHn88?hn&4b3^HA7l|^y0tt2_?($Gtd<_vrl zxIP_o(KKp~cGbzTkRdtnsv&k-q^CRcX;))(&dSwvmLcjJ1&uZq4=*teh*Jkk2-Wg2 z&MYcY6tNmIe&(APs)5<0IVaK`ZP`r77gRHQ3PmQxgsgeI%ky%w+ooEy@?gfm(P3yK z`|+3=_7=lvQQCA99vqAW2HrzOdhG6A6HY1% zq%+eZYfJlu{#zbRJ+o32uW4dY7`4&+k|9wo^dh$ta3 z^IKLfoP?l6d$ZhG7AqE_dE-mAu_4@&pZ@UF7X+g}L1i#ua?OQb!NnlLm{C}5<`8YQi&EW9B$L|~0b zw=og0VX3I&QWGOFFKgg^;Ev(FAvHTZseL#CXL;%)aF9nT`cV3Gs77;xo8Ab9TKyoV zmc}_Xs53t=gCUqAW_?U)mOt9ezXjU^#o%*d#She#yP{&`m$K~kr=$Zh#PpI*fgp7Z znR>$}56XdoD1MPuT2NGj=b&?7!lQ=a#UwwBR-Ue8LRx7dq78w}Wf)GPg}LSGn$7A8 zn@+sC1he)~otTR@64+chaEZs19fz!zmCk&hL3}bxGb|S7>TASrv&|X(wmD;Hk{MKE zqtPa|5x$&1sSq$TmBZ9if>S2AHx>CnUq~SojbUVF8r(1&{19VLVTWJ2=gJZlg9OtV zTf84>^JsUpTY8MLlik*223Uz1jYs>WR@SX|sbUy7i%g+-dV99W+|WnP;!9+}vgzqe zRViyAS}^7g6VdzxgINq%0hL>q0p<#j*rdy3gIUmMMBqs5G*$B9}dLq&* zum;oe#c8GwMNSaM>}^Zg&Ez{$|CHD!&%2Rf{Gs)fxOyWg%yi z&ccRFw)E#0WHbh^P9Rvp=&ERMme=04)QnU3T*<<4I5uBrpj}*Ta@K6~8~cDFXoOD~ zWz%FM#CZ~ z&Eg{6gbvgYAQG8TmOC{4bEChgPiVP5Bl1k_P&3&oF}nROlL*Tvbo%l*{RLdw8tKcj zSJJD8OA$D>7?PHkvY6FkQ%bU()~Ce`vFu!lmkNuiAi61vA)m_KBil7vC}K9FW6Yz7 zxa<=|T#Hdlbba8G77LzBH%RKDA@e1=rM zyHsDumk6W_EL{(4Ff&RAmee#Y*UY946%R_d30dKQk_RSujVF?AKK(R}KeiV4Ra-Aw zFq4ty>E504O7G>)8?^=HXC(Fx9!-oPxCT$!j)Ou)FQH?uEE9_ z9mNOJ&eZ(va_ghQ-1$53D4R!F=W0|55KWj@vwgEECd*S?*^lLcGe(w{wXv==^B`(B zYj>IJqC}-y!w@p!lXR4RXNl>7+Ym5fVeA$DOy#LLcA3TZo0eCJUB2O!L@m`@OZ7vV z_0#i>Qcf69-TE}^2d(;4HbL838bn0W?z&_<4nHhkY%cRsVs805S5XmkM_n?~oog=0 z4Jl{XWJWh>Zf)s1NV+@8Y~B#FDC%pg1k`Xb)7-3)?ATr9smgdcQhbI;@Kqx?<-KbI zXXaUWoH*WAyAQv3=@f|aMaPi_~h#GQM=g(~fWwddM$Zm6YkRg6+6a;w)|Ks-?x7h62~!WXS& z+<1kUiT4*VkujaS8c)hGf)zFJ7KN!L3lie@XUy(mN+FkZ2&l;Fht4W-{w7 zVTd!ZXr?|YuVT4;N?IY|Tv&fP>I|0Wto~M44t&u9;v#NOO2!M^$b2A~#;}#-EM(n@ zG>j(b5z6TzGzZb#v215@Ur%`S)@z%}vR!b2cWsP@87OguN$Ht8PV@^<*Bm zo;*gxtSqcn?b%Wxku6$Dx08Tcrn%qlaPiumrFL9nuMCASI@Mg% ze8i2rkg+8|bJ7{}nm`B3Pt7c`n?=T+>Y-9tBXtGL$Tlt`ij}Xx+JG(oixGFp{wl?n zG+^>+30C_74x3Vol=-?+*wqnCx5`>sZrj3&lEz)WKM3)$-7UHKhPIE)dzdK0czw5q zBn>%%o8oo`>)mGeD%PK?o{6$KohPP3wHkV{c0>O_ShkDJfhElv76(~;Od1viFg0C^ zuNAwRCU?$_v8@7SVGH|r%*aW0o1IIcM(siAs69eg4Wr(;_<&78jJcDPF*}dun;6;ONn297 zG=D(f+Rh=fb5ydGa9P-tRcfLfJJI+s8>!b}fl($wu#;T9)to&oms095bV2=`EsLsq z2Tq3-BGo(WLJGVt2XNj~UA9{>1gy*mF(0o;C8;J*{{vOw; zvNGL>6tONRd^8`zs6_bRTzkeS37!$0g9bo z^tqOIp#I@E<)vfjX7=PIdvdBV3b_v&t8r>pISlNv2wrPn0$Ddg@x*bn8H%Md3o~?W zm_4WKcW%9Y+m5TYZeX9A&Gp;^l?&cwwRB=ag)qaDuVHFVyCqN$+84mv&J4yCe$&wl zCe}`mj*h2W_is!`*PPpG_18I!r=#cdWO`bQaySJbzyjuoC(?&=w9v9wDnM=oX*_ev zu_%S?PZVE{KOdLrGj zao3ew_wK%C->R6*qDHM#p77Yz$X3+dZK9g1AU5#ITT-Z-WqK0BV%h2$RNq@#F(?gS z)%Q!<&f(Lhb3AK2o|5-LNtmC2>sr4wclW1mlcpN!`f|^hlxP2~LWpBO^?>3M8 zW*E1~(4dE`h#8ExpeStgAjz^Nv?4)4oyqJ_2f;_e*m)%XK-u08)v>8YaD0ZHBDN`Z znl@Oia%r;!rELPCzeD|`VImc1XIC4YWgo>MDmHR4W5cRjf z*vlsS+L7ATI#<`HNwttNMTcX zq&CY|C;NJuG{Rn?OR;n%)}|Gm`pG_DpD2^WbgpeFu)GnGbjNNuMyt7to!i+FOuIs| zBhr4KZw4ivT%>d;WMKgj_lfxqX9~A);i#J!30l&W0NWx^mW+AklJ3gw+{K+OoiA!2mf9|e_R#=%O?%E90b1n>J6UbQX1mi$-{s!K>6XW@3i5+S> zbqo)W7GdR-EJUDcXy#cM`i7gA&n0tpT#PX|k=Wd3?n_e>tN|`@AkPcc8LK$YV|Rl}LH>il zNxs5vd&C!F4eWue#?GB?p=DaV@m&PAnh+P8ul3#Nj@eQ6^ zIpUdjIRm+CJ(8`sY(s{H1X!Jl^_2y&dHZ|) zZem}8A}qg(TChxbt&Bk>`OUhVm@|`agV{9$o#~97R6QRt$7ok12Q?f-Eu3hs)itiQ zsb!cg6bAx*UQuo??w(sTgzjk6P|@-L>EI?ul+9^WTRU;##DybB8|U0=S9fQcjoPOE zOt-ebvo7D#bVaw0T{+RnM)vI9UyD1DYg~t_(w!YxWPfLI8rseA z`-%qpm*=LL$+uZjMJa9=xr(iteKc!re^#Ggmu~4xbFYU^=ujws#lgkqE#0YE$kv0oV3p->$O><2h!_UMdI8B4oO(-{-~m+Ex6xX(|; zfB3B*erucE!|iZbzCLdU#o4dkuGi=F0S$=J5zfg|Ke{jb@E>rJS7%w-iCgcjpUGx4 zca`~TFDwfs8_Z@fqMi1vRgw)Ri61rgC_iIJJ77&W`>j^3>Ix_Ryh z%{&%Cs2ABUHE+3{vukZrcOV{?i>*0D zduhgYGSZ>L@e~z-$W$yn*i?J6#yw>Z6clD1#q;N0BGE@ zI{>7G5L>(g+$d1G4*=KF9ckcG-2!lJt{7lwz1WR|&*g#_#mxY>H*euKgyt=BB5S{> zVk3Vr!yJ-6lg(y*DF{rQ(D-z0MilKVFmTP(imL*sSH?*bxg)qsA-^ghYwKzN^i$Le zx!5XC&PvD6rZU5;A!>ab0ALRf;4sxi?L5h-j&M5Gb9d=*vN;`=nv6bE$~M_Z>LxqT$u zVW7(em?uXbWOkonKW2FGsuvmP4xM(7`ExeM3QPWtiFc4w95Gm+ZeM7tfV@&UPeuy) zbq2+2DTe$$gWADxpFzk`dv@$PgV0`6t;RLhx3S8(cBW}nlY2zz0$+vI3)>77HI1ry`BXPCCd+DTYFIonNek`@Y#b*pcp432eRO zw>5E+54>dPU|_TJr&LIJ#cL3Ze|?5Y45HrdwqC4RjIR3-jxuiWVjN{`YgC0x#XK|s z9mV8+1TmI#&YGNEw&_%bq$v^aCT7M2kYce zkYy?1Fl)y4G?UJ{S5wIRAa^17v`}^M0wT-iC6(CvQez6J*=Ap<#vHC-Q4O={qe#pg z6t5&_kL2px0NF`=&kW__!xu(E&&x{eEHH<&Tz0qT+2SaJQQnN(JDJ=W8aldKkq<_zlw-^w)YGylMW>mjSSrn} z(lMmWEh?``n~5=UipGqMimjFS1fOG0l_*6qu4$BE)=`)S-g|k3b)1XyqAD8GRb`65 zT8a}@ASI~r3cs+movJP{9LJH4PLC$eLPsa`%nO4GYjWHz7$U(+$qNjGiWJXlw8Zr} zIhAsf3}ci^%w_q&*FGxdnH{y13?@9R7z{=}Tt!wMS+33XdNDDjk2Hd5#$kdi+PEAzkOp= z4QA3>Qt>rj!(qO_yeJ5{!~o6$=u9?OUy!A-g~cU&TZ3F{>15p3H6b0a?b+}Jkr9D4 zW|^`%dm3GbX~1^u84d5jrxV*BErjBdj*R_Sw!jS2up}*wuuO2sG!QGM#~YD1g;EOY zG&4!9YfBBq73*;qmQPSV_*24cmFqhyy;0R&)a9V21JXMiV?RMWyV9fl0(R`-(xocs zhk?lPo0rWAShNSDgDO`xrOMg4gDf_;ZMVCWzgtq{0?oL5h^>eE4U|3*)#oO;0l7S~ z)iSpX2MU$(Sa_V4Cx$`hT3NF~E-FxUcBrdwnf3`n<<5`Yh=r88S>>@g-2sj)7Yb(> zak2L#?UJg3jVhB3rrLo#Zp>3DYv^P)%hbrm!I|vCe-!QwV;`Maw}k^bpC@&-mb%!% zv4EXIX_|!55p1w-Fu#I0Y?2I9Gxk*M)Lo7AvJFe@pk!GcpN%b)_c-s;&THkh2~!45 z3Ea(BOw>?iUal-z=@sN|UXyPaPsiH1X4t$E$-dy_x8}ulgiCXw3JRj^yICM=f2m|h zvvn@83EOq-E|EE}Up`bNn^>Mo``kc-m1@f{T;)NP%#kazK@YJ9wb?{RQhiC|a=S64 zhOwxNM#8XYQ|=&qcG_Ls#( zg#M8M)YhJARxow_K`^%&a>_T71hX57r5e}DwIGe?at-g5dPx@(hZt=HbLB6Z_)Nlg ztdXsh0Y!MvRC4hd?qH*0sY4RPPeXFCt4gdrrH@Ac3dLBufU#pfA~#GO`*V03LnInW zJoAYUk5?+!O4z3Df|?3wwrd8KrUUu?CH7h0ls}4I!UUPhhH7eafJ#J|V`^5Cc*K}w z&A2FASXovyi2O=9M=vjjbjlIRc66r`9shIY7c$Cgv( zZu6U19}P4Wy&fD;)o8|#g^zq_##L)Uwajl&3GquNo~c*6;z(AD3uUaKv0zEHKv35% zB^_HaY76y;-)u6I4=&!eV$vwbHxlUXoTlA6qUvFCuoYw&8LW1l1s@Wigkqa&7|?~T z)=f&8WB6Qb8&)90+q5K6qLw>R^2G+kkvunrxxYr*Wpf?Ly^YsF

    1ZAP5tTrON<3Ncv8Lh_rl=$Twi zh?IfVhL3EvtHBCj?vAIu;E55;kLbEC0+5Bth!3V^yCDBHRD1PWZS|VKzqDy z=VmTOV@-8SQRQkz32Nv&m^H2ZFw9P7OEeWDjOhShgJU$=-ft~H6fTn1RWRlP39CZN zLh@z4z@jSA)YAmYRJ>gU<4!^d$HHd4t(-{A_Cr$pl*z20kfPM~PB3g{GCYYmjH%!p zvAlM=vxI^C9MqH0xZM;_yQ_gE_j1v(hmEPVueg3&v??^o$#di^3L>wZ#qKt-xCd}X zQ(p4~>z_x6VudVd>qgFdR%W<&#&^1yBi{9tl;OZUfQ}8suckaKH=1r*=4n!6jMav> zTPj5rh;w9P1Y7EH)09-ZC0CP+9gV{c?O_qi*~JldNzHC-Y@7C!M9WeQyza*NlZAdb*z8GY1LW-)$j}J@awXs-D_D}3b z46`=B(#90)3d(PJcEvWDV#uVDgId!Q=9M^HgETJ`!w2zQA**te_Jtt;YckIE!n8IG z!=WZ6!L=45M=_F~h#M_@Ehd&L;+jt5^ebC+kw5e)(+9ox6uy1VisD+XK~0bs#PyC^ zv4^ot_tX5L4hLkBCffV7*}nkr&au6x#2xy-wCz`cb|oc zlx+gig)qb7vn|}DeK1id76V8NqiZxcjjmMYN_ljhMgBWktx#Lz@S^*OwWH1XGU-EY2o>(?$yoMTMj_k{k(OcW1zOAJT=3Qk zwPeT&-uLAcLslZWI4M~nknZ#0;taN-N1H)RYzl2?SwxQ`dUS#Z=iI>kKFf=-wO__& zag$x{v^+{dEDhLNAQ{MYZ)wTb=zqBRoO|)H*jT!TYKM&)i;MBPRVvwaKsgO%DC6rO zTcnox5tOnyQAiXt&I*wvt7f;GA!nNc*jVGm#gtqW6x9~0!+u6bYp9NH?{+Py=p#B<#Tt7Sf0Fd1gt(!U)c zL)0BoI3rx~oA*uoX{$V9v0{BwdV-`P91I1euT)RQuerTXXXP^(4ItV{1tUecU z$Fo_S1p$@~x*Ks|z!APAEe4XBwh4$v=PILV#(0>>Ccx;Yk__kLw~1@Jfy>YhGQaGo z@Qyl1QXGq0-87gM(UTqT(LrICC!+g8Y_VL$h%qII77BD2yex_SD7ap?G;5=&P3*`h zjI&&nv`Is)37%UIMH<`rKo94WCvB7tT;TWRWLQmXIGSmfFH7<|ma;KXD)#Y}lU6QF za^eh6Zp~zEF8Y~avE7=AQUO2ZGI(=R!HO{+)^WHvsW1o4g>S|l`N&$s^ebJPgqT#! z#iHu6742A8h3jKc`B(FUF+qnN*agMi2jV=5EXv654CMwkZO5;2U^lWtshMV->Rb^e zE~AlVVFiW5txEK3er9cAWcU2Qh$Vii7Au)xHx#;AOBSK+ZWybrL#|sA{q43TEgY7K ziRR~ulkyEqF+WtIZ?wugFkA>x?*5VlxW3kA6godF3*)vxl{DM7mtIo|{u#Ki1}0;x z;EiwtQ#tEF##|xisNBn$=}x9{R{vAAtX#2VP7NEgG=xaLDneqXICOQB{2zgmMSCkb z4Y{mI++Dq_>9FkyL%h?XO4%W|HVx%Uk+-ncq-%y{y2nMCbHAnA-j2-Zg*?XVn}*h* zkPMZtCoODE_;8$WWHGO7c~CZ?%6BnV2J+ICPE~gzb+*1Mqd0n)0M8x{=1hw)#v829>sQ1yT071 zVNO;(s*TNB@v?fd+FhYJuFuqft61OySY=Vf$Wk zr5_41K95tRn6y|~<3NYGt+-*{w-CiOH;(yVx%JwO8~0wdG4{An{*p52NY$pAnnONQjUN#fBHN3DH(%Uh+ z!Y~8Z4B5;aucXQeg>;aEW`NPIjB7yE2`trf1sMB6CN{)lZf=`ZWP^p0gG<0X3Rrh^ zL)gk^ZHj&xCx*#yNwt${DM@8*Br+i8rW^t}m)QF_Ya>0J2?>i*2N{7`IEyndCQX9S zwq~hK4D2;1aaPVzwgAYIJ!eDJuVFFD&fIeITAho?YsIx!Lo^aKvUbM|^LkT!^guhs zcv0}VM8vOXWPOM$v9v*^$elS!e<|$WqWj{$h~YH#K|PkAT7#~X4(P}oRjHgR;OoL% zqT$|s&AGAKb)|o?LS$EDZQbQ}WNnO_d(4kVE6gXwzr3QEjTEu2$kMzj98@+p4W!qS z8NJ07Sv9t@G^EEAFQ~gMnl#R`3Szsq!pkd}`jsJG(+nFyy*pNmlZcjY>BJC{HR-dT(B^92rcPAa!2hEhx}Q`hUT}+J zM#W{5FjC>i;-4MSUM_4jOE1Pe`ku6Vw)j_9ecO}C69UN$+;!(%#y?oXo#{;1u=$R^hO$dt76eMpAw&f+6e9QoilE-D_84l_EV2lWrwa1XKm zHCXNPsa8f~k7mYdDWy=}?QHMyCDiR^u=`A)yo^xHH$w}U&$AQClZWPz-55tT2JZ2q z8{^c%clreyCtPo$F0ZXkVa!GyX)H zOSHz5PP_0;sUUT7-C9n+B+tR&eyAy2+lX@x4Pe><5n z#C6)J;>8XVMB88|HHvc3xg2TDcsZEWzBrZ4nn}UC_@An`gP~)R{Sql$6K#&y)ca@I zatU0B3Z3Vsi~dxv&$Tp`tAshMn_*dUjUoftJ~XLhHg;1DjeqpFhKWT)1Nbe-V<{`f z8~r=xhhr0UaxN~~`9O_!%X{M+W=p$)RZ_uJ@_WV_i?pyl9~(ggz^~k3zYXoI*4WW^rf;mU66SDSBiC#rB5D`dhK=N(Jj_)|%55Uiud{+2vGt z+?n$EhA~YJO~+JjCp(IP$~Z}zQ#3+VGl}<>-RoS!%15fJ%=B-0b7fh)%PhYeq2OOG z_Q~%wE0{X2)0eh%nY|$8lKAyzsL-4)c|!J%vUtzIUj!qn>!Pf548n%5m3e)gojAee z2(SCRCzsLOlb@HOlNb!x5|YStLGCo%v%74OqZpM*(pGb4nojc}qFgDn_NZ_e8yG}= zPO1}@`PFCz=@=$4^khuKLb|NQHUz6Okq@b8bsv5uRm~I%t=+`}!)mX&uZL zc_q!R3HyBqw{NmVn?(oC(D;r``!~AtAy=v+&`>T#S{!fpiCsm526h?{rPtuJvRr+k z*|MkUd}$FZ?WQTQ@^MpFP_`GIQp_MUCqKp^N0Y-YU60h(PG(PKsRi~A*k=sUK#yhU{V@;U~Q8~9u%|?hl9mgqcC!%pOM2*bmRS_FV#mi}^RJOCb z7OpO_aVc)`$)h>jtPpX)%piNazisPRp8lqAeH#bk{SKmdd0RFYZg1Nf?syB+l?_QS zVa%{CnLRS&mS0gU2t%Z^pu#0p2#U9I|gPCZj3>T$tkMkEHohx z;d^1+=T3As_^ay~DZ{02?!fU4ct*h7*3@JqWMm~X)l{u2%}a82}2R zY}wU`%T&Rk4B|cmhNni{whXvXbcEElBG-beP46rk!@>GCAh) zO-5N68f{%F$30F(6{H4=Y;>!fu9VXJoXGiEiAo;_CqZ7(QrmP>wy9jzdbM%hz2_mx zZY0(+9^sp*Cp*^2gLxIHYTiIZBJMaI0yT, 2014. +# +# Koen , 2017. +# Benno Schulenberg , 2020. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup-1.6.6\n" +"Project-Id-Version: cryptsetup-2.3.0-rc0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2014-08-13 02:34+0100\n" -"Last-Translator: Koen Torfs \n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-01-13 20:42+0100\n" +"Last-Translator: Benno Schulenberg \n" "Language-Team: Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"Kan apparaatstoewijzer niet initialiseren, uitvoering als non-root " -"gebruiker.\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Kan apparaatstoewijzer niet initialiseren, uitvoering als non-root gebruiker." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"Kan apparaatstoewijzer niet initialiseren. Is kernelmodule dm_mod geladen?\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Kan apparaatstoewijzer niet initialiseren. Is kernelmodule dm_mod geladen?" + +#: lib/libdevmapper.c:1131 +#, fuzzy +msgid "Requested deferred flag is not supported." +msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n" -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "DM-UUID voor apparaat %s werd afgekapt.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID voor apparaat %s werd afgekapt." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "" -#: lib/libdevmapper.c:698 +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Aangevraagde opties voor behandeling van datacorruptie van dm-verity worden niet ondersteund." + +#: lib/libdevmapper.c:1634 #, fuzzy -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n" +msgid "Requested dm-verity FEC options are not supported." +msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund.\n" + +#: lib/libdevmapper.c:1638 +#, fuzzy +msgid "Requested data integrity options are not supported." +msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund.\n" + +#: lib/libdevmapper.c:1640 +#, fuzzy +msgid "Requested sector_size option is not supported." +msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund.\n" + +#: lib/libdevmapper.c:1645 +#, fuzzy +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Aangevraagde opties voor behandeling van datacorruptie van dm-verity worden niet ondersteund.\n" + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +#, fuzzy +msgid "Discard/TRIM is not supported." +msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund.\n" + +#: lib/libdevmapper.c:1653 +#, fuzzy +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Aangevraagde opties voor behandeling van datacorruptie van dm-verity worden niet ondersteund.\n" + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "" -#: lib/random.c:76 +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" -"Systeem heeft niet genoeg willekeurige gegevens om de sleutel tot het " -"opslagmedium verder te genereren.\n" -"Beweeg de muis of typ wat tekst in een nieuw venster om enkele willekeurige " -"evenementen te verzamelen.\n" +"Systeem heeft niet genoeg willekeurige gegevens om de sleutel tot het opslagmedium verder te genereren.\n" +"Beweeg de muis of typ wat tekst in een nieuw venster om enkele willekeurige evenementen te verzamelen.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Sleutel wordt gegenereerd (%d%% afgewerkt).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "Fatale fout bij initialisatie van RNG.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Uitvoering in FIPS-modus." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Fatale fout bij initialisatie van RNG." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Onbekende RNG-kwaliteit aangevraagd." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Fout bij lezen uit RNG." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "Onbekende RNG-kwaliteit aangevraagd.\n" +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Kan RNG versleutelings-backend niet initialiseren." -#: lib/random.c:211 +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Kan versleutelings-backend niet initialiseren." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund." + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 #, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Fout %d bij lezen uit RNG: %s\n" +msgid "Key processing error (using hash %s)." +msgstr "Sleutelbehandelingsfout (met hash %s in gebruik)." -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "Kan RNG versleutelings-backend niet initialiseren.\n" +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Apparaatstype kan niet bepaald worden. Incompatibele apparaatsactivering?" -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Kan versleutelings-backend niet initialiseren.\n" +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Deze operatie wordt enkel ondersteund voor LUKS2-apparaten." + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Alle sleutelplaatsen zijn vol." + +#: lib/setup.c:434 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Sleutelplaats %d is ongeldig, selecteer een plaats tussen 0 en %d." + +#: lib/setup.c:440 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "Sleutelplaats %d is vol, selecteer een andere." + +#: lib/setup.c:525 lib/setup.c:2824 +#, fuzzy +msgid "Device size is not aligned to device logical block size." +msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n" -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:624 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Sleutelbehandelingsfout (met hash %s in gebruik).\n" +msgid "Header detected but device %s is too small." +msgstr "Koptekst gevonden maar apparaat %s is te klein." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Deze operatie wordt niet ondersteund voor dit apparaatstype." + +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." msgstr "" -"Apparaatstype kan niet bepaald worden. Incompatibele apparaatsactivering?\n" -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten.\n" +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "Niet-ondersteunde LUKS-versie %d." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Alle sleutelplaatsen zijn vol.\n" +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +#, fuzzy +msgid "Detached metadata device is not supported for this crypt type." +msgstr "UUID wordt niet ondersteund voor dit encryptietype.\n" -#: lib/setup.c:327 +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "Sleutelplaats %d is ongeldig, selecteer een plaats tussen 0 en %d.\n" +msgid "Device %s is not active." +msgstr "Apparaat %s is niet actief." -#: lib/setup.c:333 +#: lib/setup.c:1444 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "Sleutelplaats %d is vol, selecteer een andere.\n" +msgid "Underlying device for crypt device %s disappeared." +msgstr "Onderliggend apparaat van versleutelingsapparaat %s is verdwenen." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Ongeldige normale versleutelingsparameters." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Ongeldige sleutelgrootte." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID wordt niet ondersteund voor dit encryptietype." -#: lib/setup.c:472 +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +#, fuzzy +msgid "Unsupported encryption sector size." +msgstr "Kan herencryptie-logbestand niet lezen.\n" + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +#, fuzzy +msgid "Device size is not aligned to requested sector size." +msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n" + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Kan LUKS niet formatteren zonder apparaat." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "" + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Voer wachtwoord in voor %s: " +msgid "Cannot wipe header on device %s." +msgstr "Kan koptekst op apparaat %s niet wissen." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "" + +#: lib/setup.c:1821 +#, fuzzy, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Versleutelalgoritme %s is niet beschikbaar.\n" -#: lib/setup.c:653 +#: lib/setup.c:1854 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "Koptekst gevonden maar apparaat %s is te klein.\n" +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "" -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Deze operatie wordt niet ondersteund voor dit apparaatstype.\n" +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 #, c-format -msgid "Device %s is not active.\n" -msgstr "Apparaat %s is niet actief.\n" +msgid "Device %s is too small." +msgstr "Apparaat %s is te klein." -#: lib/setup.c:925 +#: lib/setup.c:1893 lib/setup.c:1919 +#, fuzzy, c-format +msgid "Cannot format device %s in use." +msgstr "Kan apparaat %s niet formatteren; het is nog steeds actief.\n" + +#: lib/setup.c:1896 lib/setup.c:1922 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "Onderliggend apparaat van versleutelingsapparaat %s is verdwenen.\n" +msgid "Cannot format device %s, permission denied." +msgstr "Kan apparaat %s niet formatteren: toestemming geweigerd." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Ongeldige normale versleutelingsparameters.\n" +#: lib/setup.c:1908 lib/setup.c:2229 +#, fuzzy, c-format +msgid "Cannot format integrity for device %s." +msgstr "Kan apparaat %s niet beschrijven.\n" -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Ongeldige sleutelgrootte.\n" +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "Kan apparaat %s niet formatteren." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "UUID wordt niet ondersteund voor dit encryptietype.\n" +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Kan LOOPAES niet formatteren zonder apparaat." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Kan LUKS niet formatteren zonder apparaat.\n" +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Kan VERITY niet formatteren zonder apparaat." -#: lib/setup.c:1089 +#: lib/setup.c:2000 lib/verity/verity.c:102 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Kan apparaat %s niet formatteren; het is nog steeds actief.\n" +msgid "Unsupported VERITY hash type %d." +msgstr "Niet-ondersteund VERITY-hashtype %d." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Niet-ondersteunde VERITY-blokgrootte." -#: lib/setup.c:1092 +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Niet-ondersteunde VERITY-hashgegevenspositie." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Niet-ondersteunde VERITY-FEC-gegevenspositie." + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Overlapping tussen datagedeelte en hashgedeelte." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Overlapping tussen hashgedeelte en FEC-gedeelte." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Overlapping tussen datagedeelte en FEC-gedeelte." + +#: lib/setup.c:2208 #, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Kan apparaat %s niet formatteren: toestemming geweigerd.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" -#: lib/setup.c:1096 +#: lib/setup.c:2286 #, c-format -msgid "Cannot wipe header on device %s.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Onbekend versleutelingsapparaattype %s aangevraagd." + +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, fuzzy, c-format +msgid "Unsupported parameters on device %s." msgstr "Kan koptekst op apparaat %s niet wissen.\n" -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "Kan LOOPAES niet formatteren zonder apparaat.\n" +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, fuzzy, c-format +msgid "Mismatching parameters on device %s." +msgstr "Kan koptekst op apparaat %s niet wissen.\n" -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "Kan VERITY niet formatteren zonder apparaat.\n" +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "" -#: lib/setup.c:1160 lib/verity/verity.c:106 -#, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Niet-ondersteund VERITY-hashtype %d.\n" +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "Kan apparaat niet lezen: %s.\n" -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Niet-ondersteunde VERITY-blokgrootte.\n" +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, fuzzy, c-format +msgid "Failed to suspend device %s." +msgstr "Openen van sleutelbestand is mislukt.\n" -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Niet-ondersteunde VERITY-hashgegevenspositie.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "Kan apparaat niet lezen: %s.\n" -#: lib/setup.c:1285 +#: lib/setup.c:2732 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Onbekend versleutelingsapparaattype %s aangevraagd.\n" +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Kan grootte van loopback-apparaat niet aanpassen." -#: lib/setup.c:1435 +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "Bent u zeker dat u het UUID van het apparaat wilt wijzigen?" -#: lib/setup.c:1545 -#, c-format -msgid "Volume %s is not active.\n" -msgstr "Opslagmedium %s is niet actief.\n" +#: lib/setup.c:2958 +#, fuzzy +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Reservekopiebestand bevat geen geldige LUKS-koptekst.\n" -#: lib/setup.c:1556 +#: lib/setup.c:3058 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Opslagmedium %s is reeds geschorst.\n" +msgid "Volume %s is not active." +msgstr "Opslagmedium %s is niet actief." -#: lib/setup.c:1563 +#: lib/setup.c:3069 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "Opschorten wordt niet ondersteund voor apparaat %s.\n" +msgid "Volume %s is already suspended." +msgstr "Opslagmedium %s is reeds geschorst." -#: lib/setup.c:1565 +#: lib/setup.c:3082 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Fout bij het opschorten van apparaat %s.\n" +msgid "Suspend is not supported for device %s." +msgstr "Opschorten wordt niet ondersteund voor apparaat %s." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:3084 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Opslagmedium %s is niet geschorst.\n" +msgid "Error during suspending device %s." +msgstr "Fout bij het opschorten van apparaat %s." -#: lib/setup.c:1605 +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Hervatting wordt niet ondersteund voor apparaat %s.\n" +msgid "Volume %s is not suspended." +msgstr "Opslagmedium %s is niet geschorst." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:3146 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Fout bij het hervatten van apparaat %s.\n" +msgid "Resume is not supported for device %s." +msgstr "Hervatting wordt niet ondersteund voor apparaat %s." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Voer wachtwoord in: " +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "Fout bij het hervatten van apparaat %s." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Kan geen sleutelplaats toevoegen, alle plaatsen zijn uitgeschakeld en geen " -"sleutel tot het opslagmedium voorzien.\n" +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Sleutel tot opslagmedium komt niet overeen met het opslagmedium." -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Voer enig wachtwoord in: " +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Kan geen sleutelplaats toevoegen, alle plaatsen zijn uitgeschakeld en er is geen sleutel tot het opslagmedium voorzien." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Voer een nieuw wachtwoord in voor de sleutelplaats: " +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Kan nieuwe sleutelplaats niet verwisselen." -#: lib/setup.c:1798 +#: lib/setup.c:3669 #, c-format -msgid "Key slot %d changed.\n" -msgstr "Sleutelplaats %d werd gewijzigd.\n" +msgid "Key slot %d is invalid." +msgstr "Sleutelplaats %d is ongeldig." -#: lib/setup.c:1801 +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Vervangen door sleutelplaats %d.\n" +msgid "Keyslot %d is not active." +msgstr "Sleutelplaats %d is niet in gebruik." -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Kan nieuwe sleutelplaats niet verwisselen.\n" +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Overlapping tussen apparaatskoptekst en hashgedeelte." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "" + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +#, fuzzy +msgid "Failed to get reencryption lock." +msgstr "Kan herencryptie-logbestand niet lezen.\n" + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +#, fuzzy +msgid "LUKS2 reencryption recovery failed." +msgstr "Kan herencryptie-logbestand niet openen.\n" + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Apparaatstype is niet behoorlijk geïnitialiseerd." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Sleutel tot opslagmedium komt niet overeen met het opslagmedium.\n" +#: lib/setup.c:4171 +#, fuzzy, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Kan apparaat %s niet formatteren; het is nog steeds actief.\n" -#: lib/setup.c:1961 +#: lib/setup.c:4174 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Sleutelplaats %d is ongeldig.\n" +msgid "Device %s already exists." +msgstr "Apparaat %s bestaat reeds." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Incorrecte sleutel tot het opslagmedium voor normaal apparaat verschaft." + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Incorrecte root-hash voor het VERITY-apparaat opgegeven." + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "" + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "" + +#: lib/setup.c:4438 lib/setup.c:5915 +#, fuzzy +msgid "Failed to load key in kernel keyring." +msgstr "Openen van sleutelbestand is mislukt.\n" -#: lib/setup.c:1966 +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Sleutelplaats %d is niet in gebruik.\n" +msgid "Device %s is still in use." +msgstr "Apparaat %s is nog in gebruik." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:4516 #, c-format -msgid "Device %s already exists.\n" -msgstr "Apparaat %s bestaat reeds.\n" +msgid "Invalid device %s." +msgstr "Ongeldig apparaat %s." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "" -"Incorrecte sleutel tot het opslagmedium voor normaal apparaat verschaft.\n" +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Sleutelbuffer van het opslagmedium is te klein." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Kan sleutel tot het opslagmedium voor normaal apparaat niet ophalen." + +#: lib/setup.c:4657 +#, fuzzy +msgid "Cannot retrieve root hash for verity device." msgstr "Incorrecte root-hash voor het VERITY-apparaat opgegeven.\n" -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Apparaatstype is niet behoorlijk geïnitialiseerd.\n" +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Dump-operatie wordt niet ondersteund voor dit apparaatstype." -#: lib/setup.c:2259 +#: lib/setup.c:5190 #, c-format -msgid "Device %s is still in use.\n" -msgstr "Apparaat %s is nog in gebruik.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "" + +#: lib/setup.c:5475 +#, fuzzy, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Kan apparaat %s niet formatteren; het is nog steeds actief.\n" -#: lib/setup.c:2268 +#: lib/setup.c:5772 #, c-format -msgid "Invalid device %s.\n" -msgstr "Ongeldig apparaat %s.\n" +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "" + +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "" + +#: lib/setup.c:5851 +#, fuzzy, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Kan nieuwe sleutelplaats niet verwisselen.\n" -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Functie niet beschikbaar in FIPS-modus.\n" +#: lib/setup.c:5982 +#, fuzzy +msgid "Kernel keyring is not supported by the kernel." +msgstr "Deze operatie wordt niet ondersteund voor dit apparaatstype.\n" -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Sleutelbuffer van het opslagmedium is te klein.\n" +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, fuzzy, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Lezen uit sleutelopslag is mislukt.\n" -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "Kan sleutel tot het opslagmedium voor normaal apparaat niet ophalen.\n" +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "" -#: lib/setup.c:2310 -#, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s.\n" +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Kan geen procesprioriteit verkrijgen." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "Dump-operatie niet ondersteund voor dit apparaatstype.\n" +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Kan geheugen niet ontgrendelen." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Kan geen procesprioriteit verkrijgen.\n" +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Openen van sleutelbestand is mislukt." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Kan geheugen niet ontgrendelen.\n" +#: lib/utils.c:173 +#, fuzzy +msgid "Cannot read keyfile from a terminal." +msgstr "Kan sleutelbestand %s niet lezen.\n" -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Geen geheugen meer beschikbaar bij lezen van wachtwoord.\n" +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Kan status van sleutelbestand niet opvragen." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Fout bij het lezen van het wachtwoord uit de terminal.\n" +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Kan niet zoeken tot aan het aangevraagde sleutelbestand." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Voer wachtwoord nogmaals in: " +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Geen geheugen meer beschikbaar bij lezen van wachtwoord." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Fout bij lezen van wachtwoord." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Wachtwoorden komen niet overeen.\n" +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "" -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Kan de gegevenspositie niet via terminalinvoer gebruiken.\n" +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Maximum sleutelbestandsgrootte overschreden." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "Openen van sleutelbestand is mislukt.\n" +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Kan aangevraagde hoeveelheid data niet lezen." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "Kan status van sleutelbestand niet opvragen.\n" +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "Apparaat %s bestaat niet of toegang is geweigerd." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "Kan niet zoeken tot aan het aangevraagde sleutelbestand.\n" +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Apparaat %s is niet compatibel." + +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Apparaat %s is te klein. Minstens % bytes zijn vereist." + +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Kan apparaat %s niet gebruiken; het is nog actief (reeds toegewezen of aangekoppeld)." + +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Kan apparaat %s niet gebruiken: toestemming geweigerd." + +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Kan geen informatie verkrijgen over apparaat %s." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Fout bij lezen van wachtwoord.\n" +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Kan geen loopback-apparaat gebruiken, uitvoering als non-root gebruiker." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Maximum sleutelbestandsgrootte overschreden.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Vastmaken loopback-apparaat gefaald (loop-apparaat met autoclear-vlag is vereist)." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "Kan aangevraagde hoeveelheid data niet lezen.\n" +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "De aangevraagde gegevenspositie valt buiten de werkelijke grootte van apparaat %s." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/utils_device.c:817 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Apparaat %s bestaat niet of toegang is geweigerd.\n" +msgid "Device %s has zero size." +msgstr "Apparaat %s heeft grootte nul." + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "" -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." msgstr "" -"Kan geen loopback-apparaat gebruiken, uitvoering als non-root gebruiker.\n" -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Kan geen vrij loopback-apparaat vinden.\n" +#: lib/utils_pbkdf.c:111 +#, fuzzy, c-format +msgid "Requested hash %s is not supported." +msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n" -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" +#: lib/utils_pbkdf.c:122 +#, fuzzy +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n" + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "" -"Vastmaken loopback-apparaat gefaald (loop-apparaat met autoclear-vlag is " -"vereist).\n" -#: lib/utils_device.c:484 +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" +msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "" -"Kan apparaat %s niet gebruiken; het is nog actief (reeds toegewezen of " -"aangekoppeld).\n" -#: lib/utils_device.c:488 +#: lib/utils_pbkdf.c:148 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Kan geen informatie verkrijgen over apparaat %s.\n" +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "" -#: lib/utils_device.c:494 +#: lib/utils_pbkdf.c:155 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." msgstr "" -"De aangevraagde gegevenspositie valt buiten de werkelijke grootte van " -"apparaat %s.\n" -#: lib/utils_device.c:502 +#: lib/utils_benchmark.c:191 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Apparaat %s heeft grootte nul.\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Niet-compatibele PBKDF2-opties (met hash-algoritme %s in gebruik)." + +#: lib/utils_benchmark.c:211 +#, fuzzy +msgid "Not compatible PBKDF options." +msgstr "Niet-compatibele PBKDF2-opties (met hash-algoritme %s in gebruik).\n" -#: lib/utils_device.c:513 +#: lib/utils_device_locking.c:102 #, c-format -msgid "Device %s is too small.\n" -msgstr "Apparaat %s is te klein.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "" -#: lib/luks1/keyencryption.c:37 +#: lib/utils_device_locking.c:109 #, c-format -msgid "" -"Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." msgstr "" -"Kan dm-crypt sleuteltoewijzing niet instellen voor apparaat %s.\n" -"Kijk na of de kernel versleutelalgoritme %s ondersteunt (bekijk syslog voor " -"meer informatie).\n" -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "In XTS-modus moet de sleutelgrootte 256 of 512 bits zijn.\n" +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Onmogelijk te zoeken tot startplaats van apparaat." -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 +#: lib/utils_wipe.c:208 #, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Kan apparaat %s niet beschrijven: toestemming geweigerd.\n" +msgid "Device wipe error, offset %." +msgstr "" -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt.\n" +#: lib/luks1/keyencryption.c:39 +#, fuzzy, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Kan dm-crypt sleuteltoewijzing niet instellen voor apparaat %s.\n" +"Kijk na of de kernel versleutelalgoritme %s ondersteunt (bekijk syslog voor meer informatie).\n" -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n" +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "In XTS-modus moet de sleutelgrootte 256 of 512 bits zijn." + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "" -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "Invoer/uitvoerfout tijdens het versleutelen van de sleutelplaats.\n" +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Kan apparaat %s niet beschrijven: toestemming geweigerd." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Invoer/uitvoerfout tijdens het versleutelen van de sleutelplaats." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Kan apparaat %s niet openen." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "Invoer/uitvoerfout tijdens het ontsleutelen van de sleutelplaats.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Invoer/uitvoerfout tijdens het ontsleutelen van de sleutelplaats." -#: lib/luks1/keymanage.c:90 +#: lib/luks1/keymanage.c:110 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "Apparaat %s is te klein. (LUKS vereist minstens % bytes.)\n" +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Apparaat %s is te klein. (LUKS1 vereist minstens % bytes.)" -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n" +msgid "LUKS keyslot %u is invalid." +msgstr "LUKS-sleutelplaats %u is ongeldig." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Apparaat %s is geen geldig LUKS-apparaat." -#: lib/luks1/keymanage.c:198 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Aangevraagd reservekopiebestand %s van koptekst bestaat reeds.\n" +msgid "Requested header backup file %s already exists." +msgstr "Aangevraagd reservekopiebestand %s van koptekst bestaat reeds." -#: lib/luks1/keymanage.c:200 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Kan reservekopiebestand %s van koptekst niet aanmaken.\n" +msgid "Cannot create header backup file %s." +msgstr "Kan reservekopiebestand %s van koptekst niet aanmaken." -#: lib/luks1/keymanage.c:205 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Kan reservekopiebestand %s van koptekst niet schrijven.\n" +msgid "Cannot write header backup file %s." +msgstr "Kan reservekopiebestand %s van koptekst niet schrijven." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Reservekopiebestand bevat geen geldige LUKS-koptekst.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Reservekopiebestand bevat geen geldige LUKS-koptekst." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Kan reservekopiebestand %s van koptekst niet openen.\n" +msgid "Cannot open header backup file %s." +msgstr "Kan reservekopiebestand %s van koptekst niet openen." -#: lib/luks1/keymanage.c:258 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Kan reservekopiebestand %s van koptekst niet lezen.\n" +msgid "Cannot read header backup file %s." +msgstr "Kan reservekopiebestand %s van koptekst niet lezen." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Verschillende gegevenspositie of sleutelgrootte in apparaat en reservekopie; " -"herstelling is mislukt.\n" +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Verschillende gegevenspositie of sleutelgrootte in apparaat en reservekopie; herstelling is mislukt." -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Apparaat %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"bevat geen LUKS-koptekst. Het vervangen van de koptekst kan gegevens op het " -"apparaat vernietigen." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "bevat geen LUKS-koptekst. Het vervangen van de koptekst kan gegevens op het apparaat vernietigen." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"bevat reeds een LUKS-koptekst. Het vervangen van de koptekst zal bestaande " -"sleutelplaatsen vernietigen." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "bevat reeds een LUKS-koptekst. Het vervangen van de koptekst zal bestaande sleutelplaatsen vernietigen." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" msgstr "" "\n" -"WAARSCHUWING: originele apparaatkoptekst heeft een ander UUID dan de " -"reservekopie!" - -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Kan apparaat %s niet openen.\n" - -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "Niet-standaard sleutelgrootte, handmatige herstelling is vereist.\n" +"WAARSCHUWING: originele apparaatkoptekst heeft een ander UUID dan de reservekopie!" -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" -"Niet-standaard sleutelplaatsuitlijning, handmatige herstelling is vereist.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Niet-standaard sleutelgrootte, handmatige herstelling is vereist." -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Sleutelplaatsen worden hersteld.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Niet-standaard sleutelplaatsuitlijning, handmatige herstelling is vereist." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Herstelling is mislukt." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Sleutelplaatsen worden hersteld." -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Sleutelplaats %i: gegevenspositie hersteld (%u -> %u).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Sleutelplaats %i: gegevenspositie hersteld (%u -> %u)." -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Sleutelplaats %i: fragmenten hersteld (%u -> %u).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Sleutelplaats %i: fragmenten hersteld (%u -> %u)." -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Sleutelplaats %i: valse partitiehandtekening.\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Sleutelplaats %i: valse partitiehandtekening." -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Sleutelplaats %i: salt uitgewist.\n" - -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "LUKS-koptekst wordt naar schijf geschreven.\n" +msgid "Keyslot %i: salt wiped." +msgstr "Sleutelplaats %i: salt uitgewist." -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Niet-ondersteunde LUKS-versie %d.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "LUKS-koptekst wordt naar schijf geschreven." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Herstelling is mislukt." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "LUKS-sleutelplaats %u is ongeldig.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund." -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "Geen gekende problemen gevonden bij LUKS-koptekst.\n" - -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Fout bij het bijwerken van LUKS-koptekst op apparaat %s.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Geen gekende problemen gevonden bij LUKS-koptekst." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Fout bij het herlezen van LUKS-koptekst na bijwerken van apparaat %s.\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Fout bij het bijwerken van LUKS-koptekst op apparaat %s." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keymanage.c:668 #, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"De datagegevenspositie voor een aparte LUKS-koptekst moet of 0 zijn, of " -"hoger liggen dan de koptekstgrootte (%d sectoren).\n" - -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Verkeerd LUKS UUID-formaat verschaft.\n" +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Fout bij het herlezen van LUKS-koptekst na bijwerken van apparaat %s." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "Kan LUKS-koptekst niet aanmaken: lezen van random salt is mislukt.\n" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "De datagegevenspositie voor een aparte LUKS-koptekst moet of 0 zijn, of groter zijn dan de koptekstgrootte." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Niet-compatibele PBKDF2-opties (met hash-algoritme %s in gebruik).\n" +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Verkeerd LUKS UUID-formaat verschaft." -#: lib/luks1/keymanage.c:717 -#, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Kan LUKS-koptekst niet aanmaken: koptekst-extract is mislukt (met %s-hash).\n" +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Kan LUKS-koptekst niet aanmaken: lezen van random salt is mislukt." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "Sleutelplaats %d is actief; ruim eerst op.\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Kan LUKS-koptekst niet aanmaken: koptekst-extract is mislukt (met %s-hash)." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Inhoud van sleutelplaats %d bevat te weinig fragmenten. " -"Koptekstmanipulatie?\n" +msgid "Key slot %d active, purge first." +msgstr "Sleutelplaats %d is actief; ruim eerst op." -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Sleutelplaats %d is ontgrendeld.\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Inhoud van sleutelplaats %d bevat te weinig fragmenten. Koptekstmanipulatie?" -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Geen sleutel beschikbaar met dit wachtwoord.\n" +#: lib/luks1/keymanage.c:990 +#, fuzzy, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Sleutelbehandelingsfout (met hash %s in gebruik)." -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "" -"Sleutelplaats %d is ongeldig, selecteer een sleutelplaats tussen 0 en %d.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Sleutelplaats %d is ongeldig, selecteer een sleutelplaats tussen 0 en %d." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Kan apparaat %s niet wissen.\n" +msgid "Cannot wipe device %s." +msgstr "Kan apparaat %s niet wissen." #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "Nog niet ondersteund GPG-versleuteld sleutelbestand gevonden.\n" +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Nog niet ondersteund GPG-versleuteld sleutelbestand gevonden." #: lib/loopaes/loopaes.c:147 msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" msgstr "Gebruik gpg --decrypt | cryptsetup --keyfile=- ...\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Onverenigbaar loop-AES-sleutelbestand gevonden.\n" +msgid "Incompatible loop-AES keyfile detected." +msgstr "Onverenigbaar loop-AES-sleutelbestand gevonden." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "" -"Toewijzingen compatibel met loop-AES worden niet ondersteund door de " -"kernel.\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Toewijzingen compatibel met loop-AES worden niet ondersteund door de kernel." -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Fout bij het lezen van sleutelbestand %s.\n" +msgid "Error reading keyfile %s." +msgstr "Fout bij het lezen van sleutelbestand %s." -#: lib/tcrypt/tcrypt.c:513 -#, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "Maximum TCRYPT-wachtwoorlengte (%d) overschreden.\n" +#: lib/tcrypt/tcrypt.c:554 +#, fuzzy, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Maximum TCRYPT-wachtwoorlengte (%d) overschreden." -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "PBKDF2 hash-algoritme %s is niet beschikbaar, wordt overgeslaan.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "PBKDF2 hash-algoritme %s is niet beschikbaar, wordt overgeslaan." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "Benodigde kernel cryptografie-interface is niet beschikbaar.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Benodigde kernel cryptografie-interface is niet beschikbaar." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "Kijk na of kernelmodule algif_skcipher geladen is.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Kijk na of kernelmodule algif_skcipher geladen is." -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "Activatie wordt niet ondersteund voor %d sectorgrootte.\n" +msgid "Activation is not supported for %d sector size." +msgstr "Activatie wordt niet ondersteund voor %d sectorgrootte." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "" -"Activatie voor deze TCRYPT-legacymodus wordt niet ondersteund door de " -"kernel.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Activatie voor deze TCRYPT-legacymodus wordt niet ondersteund door de kernel." -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "TCRYPT-systeemversleuteling voor partitie %s wordt geactiveerd.\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "TCRYPT-systeemversleuteling voor partitie %s wordt geactiveerd." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "" -"Toewijzingen compatibel met TCRYPT worden niet ondersteund door de kernel.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Toewijzingen compatibel met TCRYPT worden niet ondersteund door de kernel." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Deze functie wordt niet ondersteund zonder TCRYPT-koptekst." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "VERITY-apparaat %s gebruikt geen on-disk koptekst.\n" +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" -#: lib/verity/verity.c:94 -#, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Apparaat %s is geen geldig VERITY-apparaat.\n" +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "Niet-ondersteunde VERITY-versie %d.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "VERITY-koptekst beschadigd.\n" - -#: lib/verity/verity.c:166 +#: lib/bitlk/bitlk.c:399 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "Verkeerd VERITY UUID-formaat verschaft op apparaat %s.\n" +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" -#: lib/verity/verity.c:196 -#, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Fout bij het bijwerken van VERITY-koptekst op apparaat %s.\n" +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Lezen uit sleutelopslag is mislukt.\n" -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n" +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "" -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "VERITY-apparaat ontdekte beschadiging na activatie.\n" +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" -#: lib/verity/verity_hash.c:59 -#, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "Reservegebied is niet ingesteld op positie %.\n" +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "" -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Overloop van apparaatsgegevenspositie.\n" +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Kan herencryptie-logbestand niet lezen.\n" -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" -msgstr "Controle gefaald op positie %.\n" +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Lezen uit sleutelopslag is mislukt.\n" -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Ongeldige grootteparameters voor VERITY-apparaat.\n" +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "" -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Te veel niveau's in de boomstructuur voor een VERITY-volume.\n" +#: lib/bitlk/bitlk.c:594 +#, fuzzy +msgid "Unknown or unsupported encryption type." +msgstr "UUID wordt niet ondersteund voor dit encryptietype.\n" -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "Controle van gegevensgebied gefaald.\n" +#: lib/bitlk/bitlk.c:627 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "" -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "Controle van root-hash gefaald.\n" +#: lib/bitlk/bitlk.c:921 +#, fuzzy +msgid "This operation is not supported." +msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s.\n" -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "Invoer/uitvoerfout bij het aanmaken van hash-gebied.\n" +#: lib/bitlk/bitlk.c:929 +#, fuzzy +msgid "Wrong key size." +msgstr "Ongeldige sleutelgrootte.\n" -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "Creatie hash-gebied gefaald.\n" +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" -#: lib/verity/verity_hash.c:414 +#: lib/bitlk/bitlk.c:987 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" +msgid "BITLK devices with type '%s' cannot be activated." msgstr "" -"Waarschuwing: kernel kan apparaat niet activeren als de gegevensblokgrootte " -"groter is dan de paginagrootte (%u).\n" -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." msgstr "" -"Kan geen wachtwoordverificatie uitvoeren op invoer van buiten de terminal.\n" - -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Geen bekend specificatiepatroon voor het sleutelalgoritme gevonden.\n" -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "" -#: src/cryptsetup.c:152 -#, fuzzy -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "" -"Gegevenspositie- en grootte-opties van sleutelbestand worden genegeerd, " -"sleutelbestandsleesgrootte is steeds dezelfde als encryptiesleutelgrootte.\n" -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Optie --key-file is vereist.\n" - -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Geen apparaatkoptekst beschikbaar met dit wachtwoord.\n" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, fuzzy, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "VERITY-apparaat %s gebruikt geen on-disk koptekst.\n" -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." -msgstr "" -"Dump van koptekst met sleutel tot het opslagmedium bevat gevoelige " -"informatie\n" -"die zonder wachtwoord toegang verschaft tot versleutelde partities.\n" -"De dump zou steeds versleuteld en op een veilige plaats bewaard moeten " -"worden." +#: lib/verity/verity.c:90 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Apparaat %s is geen geldig VERITY-apparaat." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Benchmarkresultaat is niet betrouwbaar.\n" +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Niet-ondersteunde VERITY-versie %d." -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "" -"# Tests zijn bij benadering met enkel geheugen in gebruik (geen opslag-IO).\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "VERITY-koptekst beschadigd." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algoritme | Sleutel | Versleuteling | Ontsleuteling\n" +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Verkeerd VERITY UUID-formaat verschaft op apparaat %s." -#: src/cryptsetup.c:587 +#: lib/verity/verity.c:198 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Versleutelalgoritme %s is niet beschikbaar.\n" +msgid "Error during update of verity header on device %s." +msgstr "Fout bij het bijwerken van VERITY-koptekst op apparaat %s." -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "N/A" +#: lib/verity/verity.c:256 +#, fuzzy +msgid "Root hash signature verification is not supported." +msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund.\n" -#: src/cryptsetup.c:639 -#, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Kan sleutelbestand %s niet lezen.\n" +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "" -#: src/cryptsetup.c:643 +#: lib/verity/verity.c:269 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Kan %d bytes uit sleutelbestand %s niet lezen.\n" +msgid "Found %u repairable errors with FEC device." +msgstr "" -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Bent u zeker de LUKS-apparaatkoptekst te willen herstellen?" +#: lib/verity/verity.c:308 +#, fuzzy +msgid "Kernel does not support dm-verity mapping." +msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n" -#: src/cryptsetup.c:697 -#, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Dit zal data op %s onherroepelijk overschrijven." +#: lib/verity/verity.c:312 +#, fuzzy +msgid "Kernel does not support dm-verity signature option." +msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n" -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "geheugentoewijzingsfout in action_luksFormat" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "VERITY-apparaat ontdekte beschadiging na activatie." -#: src/cryptsetup.c:717 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Kan %s niet als on-diskkoptekst gebruiken.\n" +msgid "Spare area is not zeroed at position %." +msgstr "Reservegebied is niet ingesteld op positie %." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" -"Een verlaagde datagegevenspositie wordt enkel toegestaan voor een " -"vrijstaande LUKS-koptekst.\n" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Overloop van apparaatsgegevenspositie." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Sleutelplaats %d geselecteerd voor verwijdering.\n" +msgid "Verification failed at position %." +msgstr "Controle gefaald op positie %." -#: src/cryptsetup.c:884 -#, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Sleutel %d is niet actief. Kan niet wissen.\n" +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Ongeldige grootteparameters voor VERITY-apparaat." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 -msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." msgstr "" -"Dit is de laatste sleutelplaats. Apparaat zal onbruikbaar worden na het " -"verwijderen van deze sleutel." -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Voer enig overblijvend wachtwoord in: " +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Controle van gegevensgebied gefaald." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Voer het te verwijderen wachtwoord in: " +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Controle van root-hash gefaald." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 -#, c-format -msgid "Enter any existing passphrase: " -msgstr "Voer een bestaand wachtwoord in: " +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Invoer/uitvoerfout bij het aanmaken van hash-gebied." -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Voer het te wijzigen wachtwoord in: " +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Creatie hash-gebied gefaald." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Voer nieuw wachtwoord in: " +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "WAARSCHUWING: Kernel kan apparaat niet activeren als de gegevensblokgrootte groter is dan de paginagrootte (%u)." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." msgstr "" -"Voor de isLuks-operatie wordt slechts één apparaatsargument ondersteund.\n" -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Optie --header-backup-file is vereist.\n" +#: lib/verity/verity_fec.c:146 +#, fuzzy +msgid "Failed to allocate buffer." +msgstr "Kan status van sleutelbestand niet opvragen.\n" -#: src/cryptsetup.c:1304 +#: lib/verity/verity_fec.c:156 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Niet-herkende metadata bij apparaatstype %s.\n" - -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" -msgstr "Opdracht vereist apparaat en toewijzingsnaam als argumenten.\n" +msgid "Failed to read RS block % byte %d." +msgstr "" -#: src/cryptsetup.c:1326 +#: lib/verity/verity_fec.c:169 #, c-format -msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +msgid "Failed to read parity for RS block %." msgstr "" -"Deze operatie zal alle sleutelplaatsen op apparaat %s wissen.\n" -"Na deze operatie wordt het apparaat onbruikbaar." -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" - -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "apparaat als toewijzing openen" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "" -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "apparaat sluiten (toewijzingen verwijderen)" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "" -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "actief apparaat vergroten of verkleinen" +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "" -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "apparaatstatus tonen" +#: lib/verity/verity_fec.c:265 +#, fuzzy, c-format +msgid "Failed to determine size for device %s." +msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt.\n" -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "versleutelalgoritme benchmarken" +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +#, fuzzy +msgid "Kernel does not support dm-integrity mapping." +msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n" -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/integrity/integrity.c:277 +#, fuzzy +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n" -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "on-disk metadata proberen te herstellen" +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, fuzzy, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n" -#: src/cryptsetup.c:1366 -msgid "erase all keyslots (remove encryption key)" -msgstr "alle sleutelplaatsen wissen (encryptiesleutel verwijderen)" +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "een LUKS-apparaat formatteren" +#: lib/luks2/luks2_json_format.c:227 +#, fuzzy +msgid "Requested data offset is too small." +msgstr "Apparaat %s is te klein.\n" -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "sleutel aan LUKS-apparaat toevoegen" +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, fuzzy, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n" -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "verschafte sleutel of sleutelbestand van LUKS-apparaat verwijderen" +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "" -#: src/cryptsetup.c:1370 -msgid "changes supplied key or key file of LUKS device" -msgstr "wijzigt verschafte sleutel of sleutelbestand van LUKS-apparaat" +#: lib/luks2/luks2_json_metadata.c:1208 +#, fuzzy +msgid "Data offset differ on device and backup, restore failed." +msgstr "Verschillende gegevenspositie of sleutelgrootte in apparaat en reservekopie; herstelling is mislukt.\n" -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: lib/luks2/luks2_json_metadata.c:1214 +#, fuzzy +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Verschillende gegevenspositie of sleutelgrootte in apparaat en reservekopie; herstelling is mislukt.\n" -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "sleutel met nummer van LUKS-apparaat verwijderen" +#: lib/luks2/luks2_json_metadata.c:1221 +#, fuzzy, c-format +msgid "Device %s %s%s%s%s" +msgstr "Apparaat %s %s%s" -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "UUID van LUKS-apparaat tonen" +#: lib/luks2/luks2_json_metadata.c:1222 +#, fuzzy +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "bevat geen LUKS-koptekst. Het vervangen van de koptekst kan gegevens op het apparaat vernietigen." -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr " op een LUKS-partitiekoptekst testen" +#: lib/luks2/luks2_json_metadata.c:1223 +#, fuzzy +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "bevat reeds een LUKS-koptekst. Het vervangen van de koptekst zal bestaande sleutelplaatsen vernietigen." -#: src/cryptsetup.c:1374 -msgid "dump LUKS partition information" -msgstr "LUKS-partitie-informatie dumpen" +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" -#: src/cryptsetup.c:1375 -msgid "dump TCRYPT device information" -msgstr "TCRYPT-apparaatsinformatie dumpen" +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." msgstr "" -"LUKS-apparaat schorsen en sleutel wissen (alle in-/uitvoer wordt bevroren)." -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Geschorst LUKS-apparaat hervatten." +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "" -#: src/cryptsetup.c:1378 -msgid "Backup LUKS device header and keyslots" -msgstr "Reservekopie van LUKS-apparaatkoptekst en -sleutelplaatsen maken" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "Kan status van sleutelbestand niet opvragen.\n" -#: src/cryptsetup.c:1379 -msgid "Restore LUKS device header and keyslots" -msgstr "LUKS-apparaatkoptekst en -sleutelplaatsen herstellen" +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 -msgid "" -"\n" -" is one of:\n" +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." msgstr "" -"\n" -" is één van:\n" -#: src/cryptsetup.c:1402 -msgid "" -"\n" -"You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." msgstr "" -"\n" -"U kan ook oude -syntax aliasen gebruiken:\n" -"\topen: (plainOpen), luksOpen, loopaesOpen, tcryptOpen aanmaken\n" -"\tclose: (plainClose), luksClose, loopaesClose, tryptClose verwijderen\n" -#: src/cryptsetup.c:1406 +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 #, c-format -msgid "" -"\n" -" is the device to create under %s\n" -" is the encrypted device\n" -" is the LUKS key slot number to modify\n" -" optional key file for the new key for luksAddKey action\n" +msgid "Failed to replace suspended device %s with dm-error target." msgstr "" -"\n" -" is het onder %s aan te maken apparaat\n" -" is het versleutelde apparaat\n" -" is het nummer van de te wijzigen LUKS-sleutelplaats\n" -" optioneel sleutelbestand voor de nieuwe sleutel voor de " -"luksAddKey-actie\n" -#: src/cryptsetup.c:1413 -#, c-format -msgid "" -"\n" -"Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." msgstr "" -"\n" -"Standaard meegecompileerde sleutel- en wachtwoordparameters:\n" -"\tMaximum sleutelplaatsgrootte: %dkB, maximum lengte interactief wachtwoord " -"%d (karakters)\n" -"Standaard PBKDF2-herhalingstijd voor LUKS: %d (ms)\n" -#: src/cryptsetup.c:1420 -#, c-format -msgid "" -"\n" -"Default compiled-in device cipher parameters:\n" -"\tloop-AES: %s, Key %d bits\n" -"\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." msgstr "" -"\n" -"Standaard meegecompileerde parameters van het " -"apparaatsversleutelingsalgoritme:\n" -"\tloop-AES: %s, Sleutel: %d bits\n" -"\tplain: %s, Sleutel: %d bits, Wachtwoordhashing: %s\n" -"\tLUKS1: %s, Sleutel: %d bits, LUKS-kopteksthashing: %s, RNG: %s\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 -#, c-format -msgid "%s: requires %s as arguments" -msgstr "%s: vereist %s als argumenten" +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 -msgid "Show this help message" -msgstr "Deze hulptekst tonen" +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 -msgid "Display brief usage" -msgstr "Korte gebruikssamenvatting tonen" +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Hulpopties:" +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "Sleutelplaats %d is geverifieerd.\n" -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 -msgid "Print package version" -msgstr "Pakketversie tonen" +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 -msgid "Shows more detailed error messages" -msgstr "Gedetailleerdere foutboodschappen tonen" +#: lib/luks2/luks2_keyslot_luks2.c:480 +#, fuzzy +msgid "No space for new keyslot." +msgstr "Kan nieuwe sleutelplaats niet verwisselen.\n" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 -msgid "Show debug messages" -msgstr "Debug-boodschappen tonen" +#: lib/luks2/luks2_luks1_convert.c:482 +#, fuzzy, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Kan wachtwoordkwaliteit niet nakijken: %s\n" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 -msgid "The cipher used to encrypt the disk (see /proc/crypto)" +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." msgstr "" -"Het gebruikte versleutelalgoritme om de schijf te versleutelen (zie /proc/" -"crypto)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 -msgid "The hash used to create the encryption key from the passphrase" +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." msgstr "" -"De gebruikte hash om de encryptiesleutel uit het wachtwoord aan te maken" -#: src/cryptsetup.c:1481 -msgid "Verifies the passphrase by asking for it twice" -msgstr "Het wachtwoord controleren door het twee keer te vragen" +#: lib/luks2/luks2_luks1_convert.c:599 +#, fuzzy +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Openen van sleutelbestand is mislukt.\n" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." -msgstr "De sleutel uit een bestand lezen." +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +#, fuzzy +msgid "Unable to move keyslot area." +msgstr "Openen van sleutelbestand is mislukt.\n" -#: src/cryptsetup.c:1483 -msgid "Read the volume (master) key from file." -msgstr "De (hoofd)sleutel tot het opslagmedium uit een bestand lezen." +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "" -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." msgstr "" -"Dump (hoofd)sleutel tot het opslagmedium in plaats van de " -"sleutelplaatsinformatie." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "The size of the encryption key" -msgstr "De grootte van de encryptiesleutel" +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "BITS" -msgstr "BITS" +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 -msgid "Limits the read from keyfile" -msgstr "Beperkt de lezing uit sleutelbestand" +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 -msgid "bytes" -msgstr "bytes" +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 -msgid "Number of bytes to skip in keyfile" -msgstr "Aantal bytes over te slaan in sleutelbestand" +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "" -#: src/cryptsetup.c:1488 -msgid "Limits the read from newly added keyfile" -msgstr "Beperkt de lezing uit een nieuw toegevoegd sleutelbestand" +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" -#: src/cryptsetup.c:1489 -msgid "Number of bytes to skip in newly added keyfile" -msgstr "Aantal bytes over te slaan in nieuwste toegevoegde sleutelbestand" +#: lib/luks2/luks2_reencrypt.c:897 +#, fuzzy, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Verkleiningsgrootte moet een meervoud zijn van de 512 bytes-grote sector." -#: src/cryptsetup.c:1490 -msgid "Slot number for new key (default is first free)" -msgstr "Plaatsnummer voor nieuwe sleutel (standaard is de eerste open plaats)" +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "Niet-ondersteunde LUKS-versie %d.\n" -#: src/cryptsetup.c:1491 -msgid "The size of the device" -msgstr "De grootte van het apparaat" +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +#, fuzzy +msgid "Failed to initialize old segment storage wrapper." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 -msgid "SECTORS" -msgstr "SECTOREN" +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" -#: src/cryptsetup.c:1492 -msgid "The start offset in the backend device" -msgstr "De startplaats in het backend-apparaat" +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "Lezen uit sleutelopslag is mislukt.\n" -#: src/cryptsetup.c:1493 -msgid "How many sectors of the encrypted data to skip at the beginning" +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, fuzzy, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Reservegebied is niet ingesteld op positie %.\n" + +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Lezen uit sleutelopslag is mislukt.\n" + +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." msgstr "" -"Hoeveel sectoren van de versleutelde gegevens aan het begin over te slaan" -#: src/cryptsetup.c:1494 -msgid "Create a readonly mapping" -msgstr "Een alleen-lezen toewijzing aanmaken" +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "PBKDF2 herhalingstijd voor LUKS (in ms)" +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "milliseconden" +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt.\n" -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 -msgid "Do not ask for confirmation" -msgstr "Niet om bevestiging vragen" +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "" -#: src/cryptsetup.c:1497 -msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "Timeout voor interactieve wachtwoordprompt (in seconden)" +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "Kan nieuwe sleutelplaats niet verwisselen.\n" -#: src/cryptsetup.c:1497 -msgid "secs" -msgstr "seconden" +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Hoe vaak de invoering van het wachtwoord opnieuw geprobeerd kan worden" +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "" -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" -msgstr "Payload uitlijnen op meervouden van sectoren – voor luksFormat" +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Bestand met reservekopie van LUKS-koptekst en -sleutelplaatsen." +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, fuzzy, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Kan apparaat %s niet gebruiken; het is nog actief (reeds toegewezen of aangekoppeld).\n" -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "Gebruik /dev/random om de sleutel tot het opslagmedium te genereren." +#: lib/luks2/luks2_reencrypt.c:2534 +#, fuzzy +msgid "Device not marked for LUKS2 reencryption." +msgstr "Sleutel niet wijzigen; gegevensgebied wordt niet opnieuw versleuteld." -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Gebruik /dev/urandom om de sleutel tot het opslagmedium te genereren." +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "Apparaat met een ander, niet-overlappend cryptsegment delen." +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID van het te gebruiken apparaat." +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "Apparaat %s is niet actief.\n" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Discardaanvragen (alias TRIM) op dit apparaat toelaten." +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Apparaat of bestand met verschillende LUKS-koptekst." +#: lib/luks2/luks2_reencrypt.c:2632 +#, fuzzy +msgid "Failed to acquire reencryption lock." +msgstr "Kan herencryptie-logbestand niet lezen.\n" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Apparaat niet activeren, enkel wachtwoord controleren." +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Verborgen koptekst gebruiken (verborgen TCRYPT-apparaat)." +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "" -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Apparaat is TCRYPT-systeemschijf (met bootloader)." +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Reserve (secundaire) TCRYPT-koptekst gebruiken." +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." msgstr "" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Soorten apparaat-metadata: luks, plain, loopaes, tcrypt." +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Wachtwoordkwaliteitscontrole uitschakelen (indien ingeschakeld)." +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3046 +#, fuzzy +msgid "Failed to write reencryption resilience metadata." +msgstr "Kan herencryptie-logbestand niet schrijven.\n" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." +#: lib/luks2/luks2_reencrypt.c:3053 +#, fuzzy +msgid "Decryption failed." +msgstr "Herstelling is mislukt." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" + +#: lib/luks2/luks2_reencrypt.c:3063 +#, fuzzy +msgid "Failed to sync data." +msgstr "Kan status van sleutelbestand niet opvragen.\n" + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." msgstr "" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." msgstr "" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 -msgid "[OPTION...] " -msgstr "[OPTIE…] " +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "" -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Uitvoering in FIPS-modus.\n" +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" -#: src/cryptsetup.c:1581 src/veritysetup.c:439 -msgid "Argument missing." -msgstr "Argument ontbreekt." +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" -#: src/cryptsetup.c:1634 src/veritysetup.c:445 -msgid "Unknown action." -msgstr "Onbekende actie." +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." msgstr "" -"Optie --shared wordt enkel toegestaan voor open-opdracht op plain-apparaat.\n" -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "Kan versleutelings-backend niet initialiseren.\n" + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +#, fuzzy +msgid "Failed to update reencryption context." +msgstr "Kan herencryptie-logbestand niet openen.\n" + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "" + +#: lib/luks2/luks2_token.c:269 +#, fuzzy, c-format +msgid "Failed to create builtin token %s." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Kan geen wachtwoordverificatie uitvoeren op invoer van buiten de terminal." + +#: src/cryptsetup.c:221 +#, fuzzy +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten.\n" + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Geen bekend specificatiepatroon voor het sleutelalgoritme gevonden." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "WAARSCHUWING: In normale modus met opgegeven sleutelbestand wordt de --hash-parameter genegeerd.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "WAARSCHUWING: De optie --keyfile-size wordt genegeerd, de leesgrootte is gelijk aan de encryptiesleutelgrootte.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "" -#: src/cryptsetup.c:1657 +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Optie --key-file is vereist." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "" + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "" + +#: src/cryptsetup.c:446 +#, fuzzy +msgid "Invalid PIM value: 0." +msgstr "Ongeldig apparaat %s.\n" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "" + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Geen apparaatkoptekst beschikbaar met dit wachtwoord." + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n" + +#: src/cryptsetup.c:576 msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." msgstr "" -"Optie --key-size is enkel toegestaan bij luksFormat, open en benchmark.\n" -"Om de lezing uit een sleutelbestand te beperken, gebruik --keyfile-" -"size=(bytes)." +"Dump van koptekst met sleutel tot het opslagmedium bevat gevoelige informatie\n" +"die zonder wachtwoord toegang verschaft tot versleutelde partities.\n" +"De dump zou steeds versleuteld en op een veilige plaats bewaard moeten worden." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "" + +#: src/cryptsetup.c:838 +#, fuzzy +msgid "Benchmark interrupted." +msgstr "versleutelalgoritme benchmarken" + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Benchmarkresultaat is niet betrouwbaar." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Tests zijn bij benadering met enkel geheugen in gebruik (geen opslag-IO).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, fuzzy, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritme | Sleutel | Versleuteling | Ontsleuteling\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Versleutelalgoritme %s is niet beschikbaar.\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +#, fuzzy +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritme | Sleutel | Versleuteling | Ontsleuteling\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/A" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "Voer wachtwoord voor sleutelplaats %u in: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Bent u zeker de LUKS-apparaatkoptekst te willen herstellen?" -#: src/cryptsetup.c:1664 +#: src/cryptsetup.c:1160 src/integritysetup.c:146 msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, fuzzy, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Kan tijdelijk LUKS-apparaat niet openen.\n" + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "" + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +#, fuzzy +msgid "Unsupported LUKS2 metadata size options." +msgstr "Niet-ondersteunde LUKS-versie %d.\n" + +#: src/cryptsetup.c:1253 +#, fuzzy, c-format +msgid "Cannot create header file %s." +msgstr "Kan reservekopiebestand %s van koptekst niet aanmaken.\n" + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +#, fuzzy +msgid "No known integrity specification pattern detected." +msgstr "Geen bekend specificatiepatroon voor het sleutelalgoritme gevonden.\n" + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Kan %s niet als on-diskkoptekst gebruiken." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Dit zal data op %s onherroepelijk overschrijven." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +#, fuzzy +msgid "Failed to set pbkdf parameters." +msgstr "Kan status van sleutelbestand niet opvragen.\n" + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Een verlaagde datagegevenspositie wordt enkel toegestaan voor een vrijstaande LUKS-koptekst." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "" + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, fuzzy, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Sleutelplaats %d geselecteerd voor verwijdering.\n" + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Dit is de laatste sleutelplaats. Apparaat zal onbruikbaar worden na het verwijderen van deze sleutel." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Voer enig overblijvend wachtwoord in: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Voer het te verwijderen wachtwoord in: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Voer een nieuw wachtwoord in voor de sleutelplaats: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Voer een bestaand wachtwoord in: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Voer het te wijzigen wachtwoord in: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Voer nieuw wachtwoord in: " + +#: src/cryptsetup.c:1927 +#, fuzzy +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Voer wachtwoord voor sleutelplaats %u in: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Voor de isLuks-operatie wordt slechts één apparaatsargument ondersteund." + +#: src/cryptsetup.c:2001 +#, fuzzy +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Dump van koptekst met sleutel tot het opslagmedium bevat gevoelige informatie\n" +"die zonder wachtwoord toegang verschaft tot versleutelde partities.\n" +"De dump zou steeds versleuteld en op een veilige plaats bewaard moeten worden." + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Sleutelplaats %d is niet in gebruik." + +#: src/cryptsetup.c:2072 +#, fuzzy +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Dump van koptekst met sleutel tot het opslagmedium bevat gevoelige informatie\n" +"die zonder wachtwoord toegang verschaft tot versleutelde partities.\n" +"De dump zou steeds versleuteld en op een veilige plaats bewaard moeten worden." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Optie --header-backup-file is vereist." + +#: src/cryptsetup.c:2258 +#, fuzzy, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s is geen LUKS-apparaat." + +#: src/cryptsetup.c:2269 +#, fuzzy, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Hervatting wordt niet ondersteund voor apparaat %s.\n" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Niet-herkende metadata bij apparaatstype %s." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Opdracht vereist apparaat en toewijzingsnaam als argumenten." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Deze operatie zal alle sleutelplaatsen op apparaat %s wissen.\n" +"Na deze operatie wordt het apparaat onbruikbaar." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "" + +#: src/cryptsetup.c:2398 +#, fuzzy, c-format +msgid "Device is already %s type." +msgstr "Apparaat %s bestaat reeds.\n" + +#: src/cryptsetup.c:2403 +#, fuzzy, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "" + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, fuzzy, c-format +msgid "Token %d is invalid." +msgstr "Sleutelplaats %d is ongeldig.\n" + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "" + +#: src/cryptsetup.c:2493 +#, fuzzy, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Lezen uit sleutelopslag is mislukt.\n" + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, fuzzy, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" + +#: src/cryptsetup.c:2519 +#, fuzzy, c-format +msgid "Token %d is not in use." +msgstr "Sleutelplaats %d is niet in gebruik.\n" + +#: src/cryptsetup.c:2554 +#, fuzzy +msgid "Failed to import token from file." +msgstr "Openen van sleutelbestand is mislukt.\n" + +#: src/cryptsetup.c:2579 +#, fuzzy, c-format +msgid "Failed to get token %d for export." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "" + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "" + +#: src/cryptsetup.c:2613 +#, fuzzy, c-format +msgid "Invalid token operation %s." +msgstr "Ongeldige sleutelgrootte %d.\n" + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n" + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "Ongeldig apparaat %s.\n" + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten.\n" + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Aangevraagd reservekopiebestand %s van koptekst bestaat reeds.\n" + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "Kan reservekopiebestand %s van koptekst niet aanmaken.\n" + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +#, fuzzy +msgid "Not enough free keyslots for reencryption." +msgstr "Sleutel niet wijzigen; gegevensgebied wordt niet opnieuw versleuteld." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Sleutelbestand kan enkel gebruikt worden met optie --key-slot of met enkel één actieve sleutelplaats." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Voer wachtwoord voor sleutelplaats %u in: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Voer wachtwoord voor sleutelplaats %u in: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "Opdracht vereist apparaat en toewijzingsnaam als argumenten.\n" + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "" + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +#, fuzzy +msgid "LUKS2 device is not in reencryption." +msgstr "Logbestand %s bestaat reeds, herencryptie wordt herstart.\n" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +#, fuzzy +msgid "open device as " +msgstr "apparaat als toewijzing openen" + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "apparaat sluiten (toewijzingen verwijderen)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "actief apparaat vergroten of verkleinen" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "apparaatstatus tonen" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "versleutelalgoritme benchmarken" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "on-disk metadata proberen te herstellen" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "sleutel aan LUKS-apparaat toevoegen" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "alle sleutelplaatsen wissen (encryptiesleutel verwijderen)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "een LUKS-apparaat formatteren" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "sleutel aan LUKS-apparaat toevoegen" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "verschafte sleutel of sleutelbestand van LUKS-apparaat verwijderen" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "wijzigt verschafte sleutel of sleutelbestand van LUKS-apparaat" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "sleutel met nummer van LUKS-apparaat verwijderen" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "UUID van LUKS-apparaat tonen" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr " op een LUKS-partitiekoptekst testen" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "LUKS-partitie-informatie dumpen" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "TCRYPT-apparaatsinformatie dumpen" + +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "TCRYPT-apparaatsinformatie dumpen" + +#: src/cryptsetup.c:3367 +#, fuzzy +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "LUKS-apparaat schorsen en sleutel wissen (alle in-/uitvoer wordt bevroren)." + +#: src/cryptsetup.c:3368 +#, fuzzy +msgid "Resume suspended LUKS device" +msgstr "Geschorst LUKS-apparaat hervatten." + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Reservekopie van LUKS-apparaatkoptekst en -sleutelplaatsen maken" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "LUKS-apparaatkoptekst en -sleutelplaatsen herstellen" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr "" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" is één van:\n" + +#: src/cryptsetup.c:3395 +#, fuzzy +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"U kan ook oude -syntax aliasen gebruiken:\n" +"\topen: (plainOpen), luksOpen, loopaesOpen, tcryptOpen aanmaken\n" +"\tclose: (plainClose), luksClose, loopaesClose, tryptClose verwijderen\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" is het onder %s aan te maken apparaat\n" +" is het versleutelde apparaat\n" +" is het nummer van de te wijzigen LUKS-sleutelplaats\n" +" optioneel sleutelbestand voor de nieuwe sleutel voor de luksAddKey-actie\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" + +#: src/cryptsetup.c:3411 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Standaard meegecompileerde sleutel- en wachtwoordparameters:\n" +"\tMaximum sleutelplaatsgrootte: %dkB, maximum lengte interactief wachtwoord %d (karakters)\n" +"Standaard PBKDF2-herhalingstijd voor LUKS: %d (ms)\n" + +#: src/cryptsetup.c:3422 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Standaard meegecompileerde parameters van het apparaatsversleutelingsalgoritme:\n" +"\tloop-AES: %s, Sleutel: %d bits\n" +"\tplain: %s, Sleutel: %d bits, Wachtwoordhashing: %s\n" +"\tLUKS1: %s, Sleutel: %d bits, LUKS-kopteksthashing: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: vereist %s als argumenten" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Deze hulptekst tonen" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Korte gebruikssamenvatting tonen" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Pakketversie tonen" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Hulpopties:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Gedetailleerdere foutboodschappen tonen" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Debug-boodschappen tonen" + +#: src/cryptsetup.c:3489 +#, fuzzy +msgid "Show debug messages including JSON metadata" +msgstr "Debug-boodschappen tonen" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "Het gebruikte versleutelalgoritme om de schijf te versleutelen (zie /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "De gebruikte hash om de encryptiesleutel uit het wachtwoord aan te maken" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Het wachtwoord controleren door het twee keer te vragen" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +#, fuzzy +msgid "Read the key from a file" +msgstr "De sleutel uit een bestand lezen." + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "De (hoofd)sleutel tot het opslagmedium uit een bestand lezen." + +#: src/cryptsetup.c:3495 +#, fuzzy +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Dump (hoofd)sleutel tot het opslagmedium in plaats van de sleutelplaatsinformatie." + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "De grootte van de encryptiesleutel" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "BITS" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Beperkt de lezing uit sleutelbestand" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "bytes" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Aantal bytes over te slaan in sleutelbestand" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Beperkt de lezing uit een nieuw toegevoegd sleutelbestand" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Aantal bytes over te slaan in nieuwste toegevoegde sleutelbestand" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Plaatsnummer voor nieuwe sleutel (standaard is de eerste open plaats)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "De grootte van het apparaat" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "SECTOREN" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Enkel ingegeven apparaatsgrootte gebruiken (rest van apparaat wordt genegeerd). GEVAARLIJK!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "De startplaats in het backend-apparaat" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Hoeveel sectoren van de versleutelde gegevens aan het begin over te slaan" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Een alleen-lezen toewijzing aanmaken" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Niet om bevestiging vragen" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Timeout voor interactieve wachtwoordprompt (in seconden)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "seconden" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Hoe vaak de invoering van het wachtwoord opnieuw geprobeerd kan worden" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Payload uitlijnen op meervouden van sectoren – voor luksFormat" + +#: src/cryptsetup.c:3512 +#, fuzzy +msgid "File with LUKS header and keyslots backup" +msgstr "Bestand met reservekopie van LUKS-koptekst en -sleutelplaatsen." + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +#, fuzzy +msgid "Use /dev/random for generating volume key" +msgstr "Gebruik /dev/random om de sleutel tot het opslagmedium te genereren." + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +#, fuzzy +msgid "Use /dev/urandom for generating volume key" +msgstr "Gebruik /dev/urandom om de sleutel tot het opslagmedium te genereren." + +#: src/cryptsetup.c:3515 +#, fuzzy +msgid "Share device with another non-overlapping crypt segment" +msgstr "Apparaat met een ander, niet-overlappend cryptsegment delen." + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +#, fuzzy +msgid "UUID for device to use" +msgstr "UUID van het te gebruiken apparaat." + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +#, fuzzy +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Discardaanvragen (alias TRIM) op dit apparaat toelaten." + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +#, fuzzy +msgid "Device or file with separated LUKS header" +msgstr "Apparaat of bestand met verschillende LUKS-koptekst." + +#: src/cryptsetup.c:3519 +#, fuzzy +msgid "Do not activate device, just check passphrase" +msgstr "Apparaat niet activeren, enkel wachtwoord controleren." + +#: src/cryptsetup.c:3520 +#, fuzzy +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Verborgen koptekst gebruiken (verborgen TCRYPT-apparaat)." + +#: src/cryptsetup.c:3521 +#, fuzzy +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Apparaat is TCRYPT-systeemschijf (met bootloader)." + +#: src/cryptsetup.c:3522 +#, fuzzy +msgid "Use backup (secondary) TCRYPT header" +msgstr "Reserve (secundaire) TCRYPT-koptekst gebruiken." + +#: src/cryptsetup.c:3523 +#, fuzzy +msgid "Scan also for VeraCrypt compatible device" +msgstr "Eveneens naar VeraCrypt-compatibel apparaat scannen." + +#: src/cryptsetup.c:3524 +#, fuzzy +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Eveneens naar VeraCrypt-compatibel apparaat scannen." + +#: src/cryptsetup.c:3525 +#, fuzzy +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Eveneens naar VeraCrypt-compatibel apparaat scannen." + +#: src/cryptsetup.c:3526 +#, fuzzy +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Soorten apparaat-metadata: luks, plain, loopaes, tcrypt." + +#: src/cryptsetup.c:3527 +#, fuzzy +msgid "Disable password quality check (if enabled)" +msgstr "Wachtwoordkwaliteitscontrole uitschakelen (indien ingeschakeld)." + +#: src/cryptsetup.c:3528 +#, fuzzy +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "dm-crypt same_cpu_crypt prestatie-compatibiliteitsoptie gebruiken." + +#: src/cryptsetup.c:3529 +#, fuzzy +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "dm-crypt submit_from_crypt_cpus prestatie-compatibiliteitsoptie gebruiken." + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "" + +#: src/cryptsetup.c:3532 +#, fuzzy +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "PBKDF2 herhalingstijd voor LUKS (in ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "milliseconden" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +#, fuzzy +msgid "kilobytes" +msgstr "bytes" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "" + +#: src/cryptsetup.c:3538 +#, fuzzy +msgid "Disable locking of on-disk metadata" +msgstr "on-disk metadata proberen te herstellen" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "" + +#: src/cryptsetup.c:3550 +#, fuzzy +msgid "Set label for the LUKS2 device" +msgstr "een LUKS-apparaat formatteren" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "" + +#: src/cryptsetup.c:3553 +#, fuzzy +msgid "Read or write the json from or to a file" +msgstr "De sleutel uit een bestand lezen." + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "" + +#: src/cryptsetup.c:3555 +#, fuzzy +msgid "LUKS2 header keyslots area size" +msgstr "Bestand met reservekopie van LUKS-koptekst en -sleutelplaatsen." + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "" + +#: src/cryptsetup.c:3557 +#, fuzzy +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "De grootte van de encryptiesleutel" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "" + +#: src/cryptsetup.c:3559 +#, fuzzy +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Apparaat permanent ontsleutelen (encryptie verwijderen)." + +#: src/cryptsetup.c:3560 +#, fuzzy +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Apparaat permanent ontsleutelen (encryptie verwijderen)." + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Grootte van gegevensapparaat wijzigen (gegevenspositie wijzigen). GEVAARLIJK!" + +#: src/cryptsetup.c:3564 +#, fuzzy +msgid "Maximal reencryption hotzone size." +msgstr "Blokgrootte herencryptie" + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" + +#: src/cryptsetup.c:3566 +#, fuzzy +msgid "Reencryption hotzone checksums hash" +msgstr "Blokgrootte herencryptie" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[OPTIE…] " + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Argument ontbreekt." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Onbekende actie." + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "Optie --shared wordt enkel toegestaan voor open-opdracht op plain-apparaat.\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." +msgstr "Optie --shared wordt enkel toegestaan voor open-opdracht op plain-apparaat.\n" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" + +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" + +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" + +#: src/cryptsetup.c:3743 +#, fuzzy +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" + +#: src/cryptsetup.c:3753 +#, fuzzy +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"Optie --key-size is enkel toegestaan bij luksFormat, open en benchmark.\n" +"Om de lezing uit een sleutelbestand te beperken, gebruik --keyfile-size=(bytes)." + +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Optie --align-payload is enkel toegestaan voor luksFormat." + +#: src/cryptsetup.c:3764 +#, fuzzy +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" + +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Optie --allow-discards wordt enkel ondersteund voor de luksOpen-, loopaesOpen- en create-opdrachten.\n" + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Optie --test-passphrase is enkel toegestaan bij open van LUKS- en TCRYPT-apparaten.\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Sleutelgrootte moet een meervoud zijn van 8 bits" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "Sleutelplaats is ongeldig." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Optie --key-file krijgt voorrang over het gespecificeerde sleutelbestandsargument." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "Een negatief getal wordt niet toegestaan voor deze optie." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Slechts een enkel gebruik van het --key-file argument is toegestaan." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Slechts een enkel gebruik van de opties --use-[u]random is toegestaan." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "OPtie --use-[u]random is enkel toegestaan bij luksFormat." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "Optie --uuid is enkel toegestaan bij luksFormat en luksUUID." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "Optie --align-payload is enkel toegestaan voor luksFormat." + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "" + +#: src/cryptsetup.c:3830 +#, fuzzy +msgid "Invalid LUKS2 metadata size specification." +msgstr "Ongeldig apparaatsgrootte ingegeven." + +#: src/cryptsetup.c:3834 +#, fuzzy +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Ongeldig apparaatsgrootte ingegeven." + +#: src/cryptsetup.c:3838 +#, fuzzy +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Optie --align-payload is enkel toegestaan voor luksFormat." + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Optie --skip wordt enkel ondersteund voor open-opdracht op plain- en loopaes-apparaten.\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Optie --offset wordt enkel ondersteund voor open-opdracht op plain- en loopaes-apparaten.\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Optie --tcrypt-hidden, --tcrypt-system of --tcrypt-backup wordt enkel ondersteund voor TCRYPT-apparaten.\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Optie --tcrypt-hidden kan niet met --allow-discards gecombineerd worden.\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Optie --veracrypt wordt enkel ondersteund voor TCRYPT-apparaatstype.\n" + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "" + +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Optie --veracrypt wordt enkel ondersteund voor TCRYPT-apparaatstype.\n" + +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Optie --veracrypt wordt enkel ondersteund voor TCRYPT-apparaatstype.\n" + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "" + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "Deze operatie wordt niet ondersteund voor dit apparaatstype.\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "" + +#: src/cryptsetup.c:3944 +#, fuzzy +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Optie --new kan niet samen met --decrypt gebruikt worden." + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "Optie -- keep-key kan enkel samen met --hash of --iter-time gebruikt worden." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "" + +#: src/cryptsetup.c:3970 +#, fuzzy +msgid "Invalid max reencryption hotzone size specification." +msgstr "Ongeldig apparaatsgrootte ingegeven." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Ongeldig apparaatsgrootte ingegeven." + +#: src/cryptsetup.c:3981 +#, fuzzy +msgid "Maximum device reduce size is 1 GiB." +msgstr "Maximum apparaatsverkleiningsgrootte is 64 MB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Verkleiningsgrootte moet een meervoud zijn van de 512 bytes-grote sector." + +#: src/cryptsetup.c:3989 +#, fuzzy +msgid "Invalid data size specification." +msgstr "Ongeldig apparaatsgrootte ingegeven." + +#: src/cryptsetup.c:3994 +#, fuzzy +msgid "Reduce size overflow." +msgstr "Overloop van apparaatsgegevenspositie.\n" + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "" + +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Verkleiningsgrootte moet een meervoud zijn van de 512 bytes-grote sector." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Opties --ignore-corruption en --restart-on-corruption kunnen niet samen gebruikt worden.\n" + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Ongeldige salt-tekenreeks opgegeven." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Kan hashafbeeling %s niet aanmaken voor beschrijving." + +#: src/veritysetup.c:107 +#, fuzzy, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Kan hashafbeeling %s niet aanmaken voor beschrijving.\n" + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Ongeldige root-hash tekenreeks opgegeven." + +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "Ongeldig apparaat %s.\n" + +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "Kan sleutelbestand %s niet lezen.\n" + +#: src/veritysetup.c:392 +msgid " " +msgstr " " + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "apparaat formateren" + +#: src/veritysetup.c:393 +msgid " " +msgstr " " + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "apparaat controleren" + +#: src/veritysetup.c:394 +#, fuzzy +msgid " " +msgstr " " + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "status van actief apparaat tonen" + +#: src/veritysetup.c:397 +msgid "" +msgstr "" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "on-disk informatie tonen" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +" is de naam van het onder %s te creëren apparaat\n" +" is het de naam van het gegevensapparaat\n" +" is de naam van het apparaat dat de verificatiegegevens bevat\n" +" is de hash van de rootnode op \n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Standaard meegecompileerde dm-verity parameters:\n" +"\tHash: %s, Datablok (bytes): %u, Hashblock (bytes): %u, Saltgrootte: %u, Hashformaat: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "VERITY-superblok niet gebruiken" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Formaatstype (1 - normaal, 0 - origineel Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "nummer" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Blokgrootte op het gegevensapparaat" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Blokgrootte op het hash-apparaat" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Aantal blokken in het gegevensbestand" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "blokken" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "De startplaats op het hash-apparaat" + +#: src/veritysetup.c:474 +#, fuzzy +msgid "Starting offset on the FEC device" +msgstr "De startplaats op het hash-apparaat" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Hash-algoritme" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "tekenreeks" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Salt" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "hex-tekenreeks" + +#: src/veritysetup.c:478 +#, fuzzy +msgid "Path to root hash signature file" +msgstr "Creatie hash-gebied gefaald.\n" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Kernel herstarten bij ontdekking van corruptie" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Datacorruptie negeren, enkel loggen" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Op nul ingestelde blokken niet controleren" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Opties --ignore-corruption, --restart-on-corruption of --ignore-zero-blocks kunnen enkel bij een create-operatie gebruikt worden.\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" + +#: src/veritysetup.c:592 +#, fuzzy +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Opties --ignore-corruption en --restart-on-corruption kunnen niet samen gebruikt worden.\n" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Kan sleutelbestand %s niet lezen." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Kan %d bytes uit sleutelbestand %s niet lezen." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +#, fuzzy +msgid "" +msgstr "apparaat controleren" + +#: src/integritysetup.c:480 +msgid " " +msgstr "" + +#: src/integritysetup.c:502 +#, fuzzy, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" is de naam van het onder %s te creëren apparaat\n" +" is het de naam van het gegevensapparaat\n" +" is de naam van het apparaat dat de verificatiegegevens bevat\n" +" is de hash van de rootnode op \n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "" + +#: src/integritysetup.c:562 +#, fuzzy +msgid "The size of the data integrity key" +msgstr "De grootte van de encryptiesleutel" + +#: src/integritysetup.c:563 +#, fuzzy +msgid "Read the integrity key from a file" +msgstr "De sleutel uit een bestand lezen." + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "" + +#: src/integritysetup.c:566 +#, fuzzy +msgid "The size of the journal integrity key" +msgstr "De grootte van de encryptiesleutel" + +#: src/integritysetup.c:567 +#, fuzzy +msgid "Read the journal integrity key from a file" +msgstr "De sleutel uit een bestand lezen." + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "" + +#: src/integritysetup.c:570 +#, fuzzy +msgid "The size of the journal encryption key" +msgstr "De grootte van de encryptiesleutel" + +#: src/integritysetup.c:571 +#, fuzzy +msgid "Read the journal encryption key from a file" +msgstr "De sleutel uit een bestand lezen." + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "" + +#: src/integritysetup.c:649 +#, fuzzy +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n" + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "" + +#: src/integritysetup.c:675 +#, fuzzy +msgid "Invalid journal size specification." +msgstr "Ongeldig apparaatsgrootte ingegeven." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "" + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "" + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "" + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "" + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "" + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "" + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "" + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "" + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Herencryptie is al bezig" + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Kan %s niet exclusief openen, apparaat wordt gebruikt." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Reservering van uitgelijnd geheugen gefaald." + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "Kan apparaat niet lezen: %s." + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "LUKS1-apparaat %s wordt als onbruikbaar gemarkeerd." + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "" + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Kan apparaat %s niet beschrijven." + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Kan herencryptie-logbestand niet schrijven." + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Kan herencryptie-logbestand niet lezen." + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Logbestand %s bestaat reeds, herencryptie wordt herstart.\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Activatie van tijdelijke apparaat met oude LUKS-koptekst." + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Activatie van tijdelijke apparaat met nieuwe LUKS-koptekst." + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Activatie van tijdelijke apparaten gefaald." + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "" + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "" + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Nieuwe LUKS-koptekst voor apparaat %s aangemaakt." + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "" + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." msgstr "" -"Optie --test-passphrase is enkel toegestaan bij open van LUKS- en TCRYPT-" -"apparaten.\n" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 -msgid "Key size must be a multiple of 8 bits" -msgstr "Sleutelgrootte moet een meervoud zijn van 8 bits" +#: src/cryptsetup_reencrypt.c:659 +#, fuzzy +msgid "Failed to write activation flags to new header." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 -msgid "Key slot is invalid." -msgstr "Sleutelplaats is ongeldig." +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +#, fuzzy +msgid "Failed to read requirements from backup header." +msgstr "Lezen uit sleutelopslag is mislukt." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"Optie --key-file krijgt voorrang over het gespecificeerde " -"sleutelbestandsargument.\n" +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Reservekopie van %s-koptekst op apparaat %s is aangemaakt." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 -msgid "Negative number for option not permitted." -msgstr "Een negatief getal wordt niet toegestaan voor deze optie." +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Creatie van LUKS-reservekopteksten gefaald." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 -msgid "Only one of --use-[u]random options is allowed." -msgstr "Slechts een enkel gebruik van de opties --use-[u]random is toegestaan." +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Kan %s-koptekst op apparaat %s niet herstellen." -#: src/cryptsetup.c:1699 -msgid "Option --use-[u]random is allowed only for luksFormat." -msgstr "OPtie --use-[u]random is enkel toegestaan bij luksFormat." +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "%s-koptekst op apparaat %s is hersteld." -#: src/cryptsetup.c:1703 -msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgstr "Optie --uuid is enkel toegestaan bij luksFormat en luksUUID." +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Kan tijdelijk LUKS-apparaat niet openen." -#: src/cryptsetup.c:1707 -msgid "Option --align-payload is allowed only for luksFormat." -msgstr "Optie --align-payload is enkel toegestaan voor luksFormat." +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Kan apparaatgrootte niet lezen." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Optie --skip wordt enkel ondersteund voor open-opdracht op plain- en loopaes-" -"apparaten.\n" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Invoer/uitvoerfout tijdens herencryptie." -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Optie --offset wordt enkel ondersteund voor open-opdracht op plain- en " -"loopaes-apparaten.\n" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Opgegeven UUID is ongeldig." -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" -msgstr "" -"Optie --tcrypt-hidden, --tcrypt-system of --tcrypt-backup wordt enkel " -"ondersteund voor TCRYPT-apparaten.\n" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Kan herencryptie-logbestand niet openen." -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "" -"Optie --tcrypt-hidden kan niet met --allow-discards gecombineerd worden.\n" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Er is geen ontsleutelingsproces aan de gang. Het opgegeven UUID kan enkel gebruikt worden om een geschorst ontsleutelingsproces opnieuw te starten." -#: src/cryptsetup.c:1735 -#, fuzzy -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." msgstr "" -"Optie --tcrypt-hidden, --tcrypt-system of --tcrypt-backup wordt enkel " -"ondersteund voor TCRYPT-apparaten.\n" -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "Ongeldige salt-tekenreeks opgegeven.\n" +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Blokgrootte voor herencryptie" -#: src/veritysetup.c:88 -#, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "Kan hashafbeeling %s niet aanmaken voor beschrijving.\n" +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "Ongeldige root-hash tekenreeks opgegeven.\n" +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Sleutel niet wijzigen; gegevensgebied wordt niet opnieuw versleuteld" -#: src/veritysetup.c:308 -msgid " " -msgstr " " +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "De (hoofd)sleutel tot het opslagmedium uit een bestand lezen" -#: src/veritysetup.c:308 -msgid "format device" -msgstr "apparaat formateren" +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "PBKDF2 herhalingstijd voor LUKS (in ms)" -#: src/veritysetup.c:309 -msgid " " -msgstr " " +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "'direct-io' gebruiken bij het lezen van apparaten" -#: src/veritysetup.c:309 -msgid "verify device" -msgstr "apparaat controleren" +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Na elk blok 'fsync' gebruiken" -#: src/veritysetup.c:310 -msgid " " -msgstr " " +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Na elk blok het logbestand bijwerken" -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "actief apparaat aanmaken" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Enkel deze plaats gebruiken (anderen worden uitgeschakeld)" -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "apparaat verwijderen (deactiveren)" +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Nieuwe koptekst op niet-versleuteld apparaat invoeren" -#: src/veritysetup.c:312 -msgid "show active device status" -msgstr "status van actief apparaat tonen" +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Apparaat permanent ontsleutelen (encryptie verwijderen)" -#: src/veritysetup.c:313 -msgid "" -msgstr "" +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "Het UUID om de ontsleuteling te hervatten" -#: src/veritysetup.c:313 -msgid "show on-disk information" -msgstr "on-disk informatie tonen" +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Soorten apparaat-metadata: luks, plain, loopaes, tcrypt" -#: src/veritysetup.c:332 -#, c-format -msgid "" -"\n" -" is the device to create under %s\n" -" is the data device\n" -" is the device containing verification data\n" -" hash of the root node on \n" -msgstr "" -"\n" -" is de naam van het onder %s te creëren apparaat is " -"het de naam van het gegevensapparaat is de naam van het " -"apparaat dat de verificatiegegevens bevat is de hash van de " -"rootnode op \n" +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[OPTIE...] " -#: src/veritysetup.c:339 -#, c-format -msgid "" -"\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" -msgstr "" -"\n" -"Standaard meegecompileerde dm-verity parameters:\n" -"\tHash: %s, Datablok (bytes): %u, Hashblock (bytes): %u, Saltgrootte: %u, " -"Hashformaat: %u\n" +#: src/cryptsetup_reencrypt.c:1667 +#, fuzzy, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Herencryptie zal sleutel tot het opslagmedium %s%s%s%s wijzigen.\n" -#: src/veritysetup.c:377 -msgid "Do not use verity superblock" -msgstr "VERITY-superblok niet gebruiken" +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "" -#: src/veritysetup.c:378 -msgid "Format type (1 - normal, 0 - original Chrome OS)" -msgstr "Formaatstype (1 - normaal, 0 - origineel Chrome OS)" +#: src/cryptsetup_reencrypt.c:1670 +#, fuzzy +msgid "set hash to " +msgstr ", stel hash in op " -#: src/veritysetup.c:378 -msgid "number" -msgstr "nummer" +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", stel sleutelalgoritme in op " -#: src/veritysetup.c:379 -msgid "Block size on the data device" -msgstr "Blokgrootte op het gegevensapparaat" +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Argument is vereist." -#: src/veritysetup.c:380 -msgid "Block size on the hash device" -msgstr "Blokgrootte op het hash-apparaat" +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Enkel waarden tussen 1 MB en 64 MB zijn toegestaan als herencryptieblokgrootte." -#: src/veritysetup.c:381 -msgid "The number of blocks in the data file" -msgstr "Aantal blokken in het gegevensbestand" +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "Maximum apparaatsverkleiningsgrootte is 64 MB." -#: src/veritysetup.c:381 -msgid "blocks" -msgstr "blokken" +#: src/cryptsetup_reencrypt.c:1737 +#, fuzzy +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Optie --new moet samen met --reduce-device-size gebruikt worden." -#: src/veritysetup.c:382 -msgid "Starting offset on the hash device" -msgstr "De startplaats op het hash-apparaat" +#: src/cryptsetup_reencrypt.c:1741 +#, fuzzy +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Optie -- keep-key kan enkel samen met --hash of --iter-time gebruikt worden." -#: src/veritysetup.c:383 -msgid "Hash algorithm" -msgstr "Hash-algoritme" +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "Optie --new kan niet samen met --decrypt gebruikt worden." -#: src/veritysetup.c:383 -msgid "string" -msgstr "tekenreeks" +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "Optie --decrypt is niet verenigbaar met de verschafte parameters." -#: src/veritysetup.c:384 -msgid "Salt" -msgstr "Salt" +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Optie --uuid kan enkel samen met --decrypt gebruikt worden." -#: src/veritysetup.c:384 -msgid "hex string" -msgstr "hex-tekenreeks" +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "" -#: src/cryptsetup_reencrypt.c:147 -#, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Kan %s niet exclusief openen, apparaat wordt gebruikt.\n" +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Fout bij het lezen van antwoord uit de terminal." -#: src/cryptsetup_reencrypt.c:151 -#, c-format -msgid "Cannot open device %s\n" -msgstr "Kan apparaat %s niet openen.\n" +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Opdracht succesvol.\n" -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "Reservering van uitgelijnd geheugen gefaald.\n" +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "" -#: src/cryptsetup_reencrypt.c:168 -#, c-format -msgid "Cannot read device %s.\n" -msgstr "Kan apparaat niet lezen: %s.\n" +#: src/utils_tools.c:196 +#, fuzzy +msgid "no permission or bad passphrase" +msgstr "Voer enig wachtwoord in: " -#: src/cryptsetup_reencrypt.c:179 -#, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "LUKS-apparaat %s wordt als onbruikbaar gemarkeerd.\n" +#: src/utils_tools.c:198 +#, fuzzy +msgid "out of memory" +msgstr "Kan geheugen niet ontgrendelen.\n" -#: src/cryptsetup_reencrypt.c:184 -#, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "LUKS-apparaat %s wordt als bruikbaar gemarkeerd.\n" +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "" -#: src/cryptsetup_reencrypt.c:200 -#, c-format -msgid "Cannot write device %s.\n" -msgstr "Kan apparaat %s niet beschrijven.\n" +#: src/utils_tools.c:202 +#, fuzzy +msgid "device already exists or device is busy" +msgstr "Apparaat %s bestaat reeds.\n" -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "Kan herencryptie-logbestand niet schrijven.\n" +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "" -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "Kan herencryptie-logbestand niet lezen.\n" +#: src/utils_tools.c:206 +#, fuzzy, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Opdracht is mislukt met code %i" -#: src/cryptsetup_reencrypt.c:374 -#, c-format -msgid "Log file %s exists, resuming reencryption.\n" -msgstr "Logbestand %s bestaat reeds, herencryptie wordt herstart.\n" +#: src/utils_tools.c:283 +#, fuzzy, c-format +msgid "Key slot %i created." +msgstr "Sleutelplaats %d werd gewijzigd.\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "Activatie van tijdelijke apparaat met oude LUKS-koptekst.\n" +#: src/utils_tools.c:285 +#, fuzzy, c-format +msgid "Key slot %i unlocked." +msgstr "Sleutelplaats %d is ontgrendeld.\n" -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "Activatie van tijdelijke apparaat met nieuwe LUKS-koptekst.\n" +#: src/utils_tools.c:287 +#, fuzzy, c-format +msgid "Key slot %i removed." +msgstr "Sleutelplaats %d is ontgrendeld.\n" -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Activatie van tijdelijke apparaten gefaald.\n" +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "" -#: src/cryptsetup_reencrypt.c:450 +#: src/utils_tools.c:298 #, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Nieuwe LUKS-koptekst voor apparaat %s aangemaakt.\n" +msgid "Token %i removed." +msgstr "" + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" -#: src/cryptsetup_reencrypt.c:458 +#: src/utils_tools.c:475 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Sleutelplaats %d geactiveerd.\n" +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "" -#: src/cryptsetup_reencrypt.c:484 +#: src/utils_tools.c:483 #, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "Reservekopie van LUKS-koptekst op apparaat %s aangemaakt .\n" +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +#, fuzzy +msgid "Failed to initialize device signature probes." +msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "Creatie van LUKS-reservekopteksten gefaald.\n" +#: src/utils_tools.c:548 +#, fuzzy, c-format +msgid "Failed to stat device %s." +msgstr "Kan status van sleutelbestand niet opvragen.\n" -#: src/cryptsetup_reencrypt.c:634 +#: src/utils_tools.c:561 #, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Kan koptekst op apparaat %s niet herstellen.\n" +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "" -#: src/cryptsetup_reencrypt.c:636 +#: src/utils_tools.c:563 #, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "LUKS-koptekst op apparaat %s hersteld.\n" +msgid "Failed to open file %s in read/write mode." +msgstr "" -#: src/cryptsetup_reencrypt.c:669 +#: src/utils_tools.c:577 #, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." msgstr "" -"Vooruitgang: %5.1f%%, geschatte voltooiïngstijd %02llu:%02llu, %4llu MB " -"geschreven, snelheid %5.1f MiB/s%s" -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Onmogelijk te zoeken tot startplaats van apparaat.\n" +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "" -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Kan tijdelijk LUKS-koptekstbestand niet openen.\n" +#: src/utils_tools.c:583 +#, fuzzy +msgid "Failed to wipe device signature." +msgstr "Schrijven naar sleutelopslag is mislukt.\n" -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "Kan apparaatgrootte niet lezen.\n" +#: src/utils_tools.c:590 +#, fuzzy, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Onderbroken door een signaal.\n" +#: src/utils_tools.c:629 +#, fuzzy +msgid "" +"\n" +"Reencryption interrupted." +msgstr "Blokgrootte herencryptie" -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "Invoer/uitvoerfout tijdens herencryptie.\n" +#: src/utils_password.c:43 src/utils_password.c:75 +#, fuzzy, c-format +msgid "Cannot check password quality: %s" +msgstr "Kan wachtwoordkwaliteit niet nakijken: %s\n" -#: src/cryptsetup_reencrypt.c:1028 +#: src/utils_password.c:51 +#, fuzzy, c-format msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" +"Password quality check failed:\n" +" %s" msgstr "" -"Sleutelbestand kan enkel gebruikt worden met optie --key-slot of met enkel " -"één actieve sleutelplaats.\n" +"Wachtwoordkwaliteitscontrole gefaald:\n" +"%s\n" -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 +#: src/utils_password.c:83 #, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Voer wachtwoord voor sleutelplaats %u in: " - -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Kan herencryptie-logbestand niet openen.\n" +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Wachtwoordkwaliteitscontrole gefaald: wachtwoord is van slechte kwaliteit (%s)" -#: src/cryptsetup_reencrypt.c:1262 -msgid "Reencryption block size" -msgstr "Blokgrootte herencryptie" +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Fout bij het lezen van het wachtwoord uit de terminal." -#: src/cryptsetup_reencrypt.c:1262 -msgid "MiB" -msgstr "MB" +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Voer wachtwoord nogmaals in: " -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "Sleutel niet wijzigen; gegevensgebied wordt niet opnieuw versleuteld." +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Wachtwoorden komen niet overeen." -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "direct-io gebruiken bij het lezen van apparaten." +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Kan de gegevenspositie niet via terminalinvoer gebruiken." -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "fsync na elk blok gebruiken." +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Voer wachtwoord in: " -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Na elk blok het logbestand bijwerken." +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Voer wachtwoord in voor %s: " -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "Enkel deze plaats gebruiken (anderen worden uitgeschakeld)." +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Geen sleutel beschikbaar met dit wachtwoord." -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" +#: src/utils_password.c:289 +msgid "No usable keyslot is available." msgstr "" -"Grootte van gegevensapparaat wijzigen (gegevenspositie wijzigen). GEVAARLIJK!" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +#: src/utils_password.c:328 +#, fuzzy, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Kan bestand %s niet openen.\n" + +#: src/utils_password.c:335 +#, fuzzy, c-format +msgid "Cannot write to keyfile %s." +msgstr "Kan sleutelbestand %s niet lezen.\n" + +#: src/utils_luks2.c:47 +#, fuzzy, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Openen van sleutelbestand is mislukt.\n" + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" msgstr "" -"Enkel ingegeven apparaatsgrootte gebruiken (rest van apparaat wordt " -"genegeerd). GEVAARLIJK!" -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Nieuwe koptekst op niet-versleuteld apparaat invoeren." +#: src/utils_luks2.c:67 +#, fuzzy +msgid "Failed to read JSON file." +msgstr "Openen van sleutelbestand is mislukt.\n" -#: src/cryptsetup_reencrypt.c:1282 +#: src/utils_luks2.c:72 #, fuzzy -msgid "Permanently decrypt device (remove encryption)." -msgstr "alle sleutelplaatsen wissen (encryptiesleutel verwijderen)" +msgid "" +"\n" +"Read interrupted." +msgstr "VERITY-koptekst beschadigd.\n" -#: src/cryptsetup_reencrypt.c:1298 -msgid "[OPTION...] " -msgstr "[OPTIE...] " +#: src/utils_luks2.c:113 +#, fuzzy, c-format +msgid "Failed to open file %s in write mode." +msgstr "Openen van sleutelbestand is mislukt.\n" -#: src/cryptsetup_reencrypt.c:1312 +#: src/utils_luks2.c:122 msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" +"\n" +"Write interrupted." msgstr "" -"Waarschuwing: deze code is nog experimenteel, het kan al uw data volledig " -"vernielen.\n" -#: src/cryptsetup_reencrypt.c:1313 -#, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "Herencryptie zal sleutel tot het opslagmedium %s%s%s%s wijzigen.\n" +#: src/utils_luks2.c:126 +#, fuzzy +msgid "Failed to write JSON file." +msgstr "Openen van sleutelbestand is mislukt.\n" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr ", stel hash in op " +#~ msgid "Cipher %s is not available." +#~ msgstr "Versleutelalgoritme %s is niet beschikbaar." -#: src/cryptsetup_reencrypt.c:1315 -msgid ", set cipher to " -msgstr ", stel sleutelalgoritme in op " +#, fuzzy +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Kan herencryptie-logbestand niet lezen.\n" -#: src/cryptsetup_reencrypt.c:1320 -msgid "Argument required." -msgstr "Argument is vereist." +#~ msgid "Replaced with key slot %d.\n" +#~ msgstr "Vervangen door sleutelplaats %d.\n" -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Enkel waarden tussen 1 MB en 64 MB zijn toegestaan als " -"herencryptieblokgrootte." +#~ msgid "Function not available in FIPS mode.\n" +#~ msgstr "Functie niet beschikbaar in FIPS-modus.\n" -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Ongeldig apparaatsgrootte ingegeven." +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Te veel niveau's in de boomstructuur voor een VERITY-volume.\n" -#: src/cryptsetup_reencrypt.c:1363 -msgid "Maximum device reduce size is 64 MiB." -msgstr "Maximum apparaatsverkleiningsgrootte is 64 MB." +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "geheugentoewijzingsfout in action_luksFormat" -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "" -"Verkleiningsgrootte moet een meervoud zijn van de 512 bytes-grote sector." +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Sleutel %d is niet actief. Kan niet wissen.\n" -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "Optie --new moet samen met --reduce-device-size gebruikt worden." +#~ msgid " " +#~ msgstr " " -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" -"Optie -- keep-key kan enkel samen met --hash of --iter-time gebruikt worden." +#~ msgid "create active device" +#~ msgstr "actief apparaat aanmaken" -#: src/cryptsetup_reencrypt.c:1378 -#, fuzzy -msgid "Option --new cannot be used together with --decrypt." -msgstr "Optie --new moet samen met --reduce-device-size gebruikt worden." +#~ msgid "remove (deactivate) device" +#~ msgstr "apparaat verwijderen (deactiveren)" -#: src/cryptsetup_reencrypt.c:1382 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "" +#~ msgid "Activated keyslot %i.\n" +#~ msgstr "Sleutelplaats %d geactiveerd.\n" -#: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Fout bij het lezen van antwoord uit de terminal.\n" +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Vooruitgang: %5.1f%%, geschatte voltooiïngstijd %02llu:%02llu, %4llu MB geschreven, snelheid %5.1f MiB/s%s" -#: src/utils_tools.c:173 -msgid "Command successful.\n" -msgstr "Opdracht succesvol.\n" +#~ msgid "Interrupted by a signal.\n" +#~ msgstr "Onderbroken door een signaal.\n" -#: src/utils_tools.c:191 -#, c-format -msgid "Command failed with code %i" -msgstr "Opdracht is mislukt met code %i" +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Kan geen vrij loopback-apparaat vinden.\n" -#: src/utils_password.c:42 -#, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Kan wachtwoordkwaliteit niet nakijken: %s\n" +#~ msgid "Cannot open device %s\n" +#~ msgstr "Kan apparaat %s niet openen.\n" -#: src/utils_password.c:50 -#, c-format -msgid "" -"Password quality check failed:\n" -" %s\n" -msgstr "" -"Wachtwoordkwaliteitscontrole gefaald:\n" -"%s\n" +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Kan doorgegeven UUID niet gebruiken tenzij ontsleuteling al bezig is.\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "LUKS-apparaat %s wordt als bruikbaar gemarkeerd.\n" + +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "Waarschuwing: deze code is nog experimenteel, het kan al uw data volledig vernielen.\n" #~ msgid "FIPS checksum verification failed.\n" #~ msgstr "Verificatie van FIPS-controlesom gefaald.\n" -#~ msgid "" -#~ "WARNING: device %s is a partition, for TCRYPT system encryption you " -#~ "usually need to use whole block device path.\n" -#~ msgstr "" -#~ "WAARSCHUWING: apparaat %s is een partitie; bij TCRYPT-" -#~ "systeemversleuteling moet u doorgaans het volledige pad naar het blok-" -#~ "apparaat gebruiken.\n" +#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n" +#~ msgstr "WAARSCHUWING: apparaat %s is een partitie; bij TCRYPT-systeemversleuteling moet u doorgaans het volledige pad naar het blok-apparaat gebruiken.\n" #~ msgid "Kernel doesn't support plain64 IV.\n" #~ msgstr "Kernel ondersteunt plain64 IV niet.\n" @@ -1923,12 +4087,6 @@ msgstr "" #~ msgid "Cannot open device %s for %s%s access.\n" #~ msgstr "Kan apparaat %s niet openen voor %s%s-toegang.\n" -#~ msgid "exclusive " -#~ msgstr "exclusieve " - -#~ msgid "writable" -#~ msgstr "schrijf" - #~ msgid "read-only" #~ msgstr "alleen-lezen" @@ -1938,21 +4096,9 @@ msgstr "" #~ msgid "Unable to obtain sector size for %s" #~ msgstr "Kan sectorgrootte van %s niet verkrijgen" -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen." - #~ msgid "Backup file %s doesn't exist.\n" #~ msgstr "Reservekopiebestand %s bestaat niet.\n" -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Kan bestand %s niet openen.\n" - -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Schrijven naar sleutelopslag is mislukt.\n" - -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "Lezen uit sleutelopslag is mislukt.\n" - #~ msgid " " #~ msgstr " " @@ -1971,25 +4117,8 @@ msgstr "" #~ msgid "remove loop-AES mapping" #~ msgstr "loop-AES-toewijzing verwijderen" -#~ msgid "" -#~ "Option --allow-discards is allowed only for luksOpen, loopaesOpen and " -#~ "create operation.\n" -#~ msgstr "" -#~ "Optie --allow-discards wordt enkel ondersteund voor de luksOpen-, " -#~ "loopaesOpen- en create-opdrachten.\n" - -#~ msgid "" -#~ "Cannot use device %s (crypt segments overlaps or in use by another " -#~ "device).\n" -#~ msgstr "" -#~ "Kan apparaat %s niet gebruiken (cryptsegmenten overlappen of worden door " -#~ "een ander apparaat gebruikt).\n" - -#~ msgid "Key slot %d verified.\n" -#~ msgstr "Sleutelplaats %d is geverifieerd.\n" - -#~ msgid "Invalid key size %d.\n" -#~ msgstr "Ongeldige sleutelgrootte %d.\n" +#~ msgid "Cannot use device %s (crypt segments overlaps or in use by another device).\n" +#~ msgstr "Kan apparaat %s niet gebruiken (cryptsegmenten overlappen of worden door een ander apparaat gebruikt).\n" #~ msgid "Block mode XTS is available since kernel 2.6.24.\n" #~ msgstr "Blokmodus XTS is beschikbaar vanaf kernelversie 2.6.24.\n" @@ -2003,23 +4132,15 @@ msgstr "" #~ msgid "Negative keyfile size not permitted.\n" #~ msgstr "Een negatieve sleutelbestandsgrootte is niet toegestaan.\n" -#~ msgid "" -#~ "Warning: exhausting read requested, but key file is not a regular file, " -#~ "function might never return.\n" -#~ msgstr "" -#~ "Waarschuwing: volledige lezing aangevraagd, maar sleutelbestand is geen " -#~ "regulier bestand, functie zal misschien nooit terugkeren.\n" +#~ msgid "Warning: exhausting read requested, but key file is not a regular file, function might never return.\n" +#~ msgstr "Waarschuwing: volledige lezing aangevraagd, maar sleutelbestand is geen regulier bestand, functie zal misschien nooit terugkeren.\n" #~ msgid "Cannot find compatible device-mapper kernel modules.\n" -#~ msgstr "" -#~ "Kan geen compatibele kernelmodules voor apparaatstoewijzer vinden.\n" +#~ msgstr "Kan geen compatibele kernelmodules voor apparaatstoewijzer vinden.\n" #~ msgid "Cannot open device: %s\n" #~ msgstr "Kan apparaat niet openen: %s\n" -#~ msgid "BLKROGET failed on device %s.\n" -#~ msgstr "BLKROGET() is mislukt op apparaat %s.\n" - #~ msgid "BLKGETSIZE failed on device %s.\n" #~ msgstr "BLKGETSIZE() is mislukt op apparaat %s.\n" @@ -2030,15 +4151,11 @@ msgstr "" #~ msgstr "actief apparaat wijzigen - VEROUDERD - zie man-pagina" #~ msgid "" -#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case " -#~ "you really need this functionality.\n" -#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, " -#~ "hit Ctrl-C now.\n" +#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n" +#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n" #~ msgstr "" -#~ "De herlaadactie is verouderd. Gebruik “dmsetup reload” indien u deze " -#~ "functionaliteit echt nodig hebt.\n" -#~ "WAARSCHUWING: gebruik de herlaadactie niet om LUKS-apparaten te " -#~ "“touchen”. Indien u dat wilt doen, typ nu Ctrl-C.\n" +#~ "De herlaadactie is verouderd. Gebruik “dmsetup reload” indien u deze functionaliteit echt nodig hebt.\n" +#~ "WAARSCHUWING: gebruik de herlaadactie niet om LUKS-apparaten te “touchen”. Indien u dat wilt doen, typ nu Ctrl-C.\n" #~ msgid "Obsolete option --non-exclusive is ignored.\n" #~ msgstr "Verouderde optie --non-exclusive wordt genegeerd.\n" @@ -2051,6 +4168,3 @@ msgstr "" #~ msgid "%s is not LUKS device.\n" #~ msgstr "%s is geen LUKS-apparaat.\n" - -#~ msgid "%s is not LUKS device." -#~ msgstr "%s is geen LUKS-apparaat." diff --git a/po/pl.gmo b/po/pl.gmo index 4ed282e9ac191a774416b9f4df0de076f6ae09e0..2f12a75a8767870b9fa6cc9a9104279f6116a88a 100644 GIT binary patch literal 106470 zcmbrH2Y_5v)yF4*KvsJ14B(Ot>}(1>gpghcDWm|Q&+g1_CR=9N*~zj?upkJEVxx$P z1q%vd0}&AvgeWR@uppu+C|FQHK5Xds`=4`Pnc3M8bm8Uq-hKDpcgwlwo?G6V$9CE3 z>T#J&X6lxi%w%}a-kD6tR+-H5BQhC~d30_jvnTu)JbfM~{B2m2$(#f)g1f^9;O+1+ z_!W3HH~ZkK#hJ{l@IE*n4xOCITnfJe_vWE&eBX~7x)pl54;`r!ymxuaQ3oH z=1uT*Q2w@Fp2_SA_l6r`4$g$n!{gzRr(`lG!hTqUpM_0uj}@8Bq3|G>g$vW$R%SB$!qspBJRi2f>)^KV0k|vt0Xzsk2~|GZtRk&&f4Dt7 z2JQmq1^3h8)?5$38NkZlh zsCafdGn1JE*FgEZ9=5`-LZ#!6;r@PS;fL$pQ024|&V(aS&;2sY!rjlyWDbKz!vkR+s+`{d z_ky=Th5tI-6aEQi;j8j4mxsb;uIIpmUrnNwO?xJDFgyUt-z=!~b_Dm! z18;`2asMuy1$XZ7_*X*3GYk)g?|@3rtx)lNJGlP^Dm}XvcosYk?gLMU%0~sNKHeMn z4XE<^D^xk|LgU;W9uKqd6sUR|fXBcapwjgSRQd1M>ETvF#lHb6ogaZ&cqddke-00U z&j;?=gdv^Qt&W38g zmqDfXz3?RXv%uH%puf2;L$&97;12LPsBq(YJ^j1E!?*Vn=v zyctS9eg-9PFThsVT5djJ!e>TYZVrXIE<)AI6>uMT6O{aIgi7BZq3ZX*3!Mw0@^L;?d%FrM zou7xw*CQ|sU%kQQxfRO)(r|q~Jd*2o!=vE?P;&4eI0fb|a-It%pYMc9|GiM@{UcQV zc6qJq-|0}-7eV>E5z5~W;a>1>;r`CA^ZUoc190yQ*Ox*oC#d>-7%D$oz257g6)OGn z;SsO|mEP;2%IDiq>HIg`AGW>0@1G3!<$44j53dQ=KZN^m{S2HA$6xI7Hy>uX?u7fn z%b@b{(QyA;5E0A#9_|hEZ}j|K2<88(z|TRY|GRKE_uPfmpT#vvk`~XyX zz6uY7k3i+;A5isi*rgusEU5Ip5vsiJfhv#R!{guqZ*uuN9ZC+~19ktKQ0?(0sB})e z%=O}YnB{sk+!d~e2f?>MmDi`B!aW5)4R^cT?YR5k0C4~Cx# z{2o+&KL;fbJHN%#dl*zY3vdFwI$Yl!_zYAz9C(Gd?`2TW+W?iXyP(?lU!dw^%eT5b z?+*{-dR5@-p!Cd5@HOxrsB(T19t&UfHZO-6Q1P7$mHq*!db%3!48H_t!f!*hpY5*n zcxFMRClA};)xrIKsPIof<$v3^dp%EpO5bd#czU7a^aiMU_zF}#{Scl4{~YemdWYMs zXG1;b7PuXJ6e@jBL$!y0LX}h7J6+H8!5r7OKt1>8Q0d+JUH<%OQ1O-FEcgMqBm5Oy z3jYF|;fe3|c#80FuHOyi{#BTTPr^xX>#JO!9u1X_J}ABVX*dUd9qtC3u67;>RX<0D z>yuy$*XKgj>*Y}Ob^|;VegjHgo`H&Yk89k28`SeogNpy!;QlG7`g|Cwoc{(@4!d3J z@tz1J4~4)>;89$E6sp`Ffk(h?-{b9KI#j)00L$?Ga0T4%IAML|hTnn8@4unS_mKCw{49c7a=jMneh*YS-U;RJ3*r9H;Y6-~ z2~}R>-;Zp<$x!w4F1RcF8r1zC2ltoYRIYQ^dpgg9dvpC(sPg$Zl$?AW9t&T9`@^;m z`1Q$9_b-Ji-`k+V{}N7te}~HF;U9E=OW_)>FM>+PPoT=}-|%=i;X|I@4!DTxcSF_3 zFJLQt^@ly4W1;fX1sB5$q00Rm@MyT(4Iba(z{}u~xZel$yuZO^@Su-)eVz}eas41? zt{;T6xXygS?cmw)I4-Y%^WjD~6K?lO+6G(#SHWB00=UIZp5K$8p7VxqeHWb0_4Du~ zIQeF`lP`p-#|NR({i;tf_JPyjS@1U41$Vy1pF0dsC_2a)-~jTpbCOzb?2Z{3KMp-3uij55q&@HlOwO+XhvCbD-pC1Re~pf|AoO!c*bz zgZr${x!f0E7WXS*8~hAB0X_z2!u>w)`sQqS5Z4u$g;zs8=XN*;ejh45yWQ$?ay-=Y z3-EAw89WT$3ipDKL6yska56mbHV?NP%6%BBygv*T{t>ABZT$t${|Rt+uFFvAy%Z{a z_d%7{lkgDu5>&Y#bi0Q;2Oh!oJK$7!KU6)v2wUJWU-ajn2PbiTIn?v-fIGk^;I8m_ zDF55s;pv|Yse6gEQRYgK$Y(&VKaOX>bcLs7P#Yg zJf33%PlE^Iz8+@bHNpLh@Nlkw43*CDD0zJ=JPh6rrGFlWuYtRK z&-F~qB{V})?*N1%H^~MaSbiNk0!W-di_)xgs^9Qc)=0ZLH?7-K-Hm*Mm zC&TYU$^WYsh^>uJH{2lCuCp_%^@F(F_T<`H?f6mP?%k=|r5_}r&2>1Spr+XqilqhyP@Rg38;9s`VD1*)9B4OQQNfU4i7M|>Q16x^NbIj{+?f#YETZUOtC(s4et@`hV;eJxbD55Vo= zZE!32HMkA@2HYEd4=TS;!znQHb1#RfQ2rOd?cm8U2iHJ_yA19EKMePRw?RGkJ5X}< z5Y%&Cg38yc9`$s*CU7cLer7^FcQKT|i{QTS{qP^-=)d3^u5W$J^RxXgsSBn@F6%2Zuhk3cL9|D zPB;sm4_n}^fsevtxqj8}{kb!s>hpDQKlnD-3~z#xr|-jq;WKboxbq*}Uo(6S*R$a^ zunW$IWvF!B4o`y5z{T*mKf3L4hLby`*;kj_?UtJHs z3m(t)U2q}%8$1=xdI1{=z6YKIclbXaH}=BiT;CJ8^NW7J9p-Sq7Y@Kb!&6}U-#i_+ zLFMxaI1wK3ckf3R!lSr;9n^Eb01I%te|UW7!$n+w5GvnKL)Bl)KV2W?;WVz_3?*;( z!^!YZ;rf7oxm+xON8tWCsQ7M$%iv2;^0ee7Pu~Dk`F#o=4Id5M_1_-;B-o4lYvJke zk8moS_aBev0(czP*F)9kPoV1YC8+pXGvn;K1M2>}pu*n)b^i}=20VD&IBTDIIG5`i z;5_&{n1#75Jf5Xc<#!RZe8DrhehI3c)@k)$!0nsHS$$j% z590c3P;&W1;L)!hXYJy0DEWI7PKQTqH_r4`8*yfzgNKpx(}r<+jbde?Yat;zK5XN#}2!Wv+?9? zsPcXj)N?)$B`1G|YUg|G=J}lqRlkE!^7eM9{QnA`1^3?F>uWt!KCgyq|98R(@Ci5v zZnuZ$dpT77zY|Ih?+SblzM1QmJ;z!9_IarM{s-;{582DhXC~Z>>$BkYunKpCZ-jfm zcL&}Cvs~W`m7ib3gW*nWdXT>(;I{B2sPwLclDCVXNy?oG&lm+z#l@@XX}10$KBBC7fMh37RvwL`@4Ld5A~c+ zLY41BQ1$-G3M=Ut1sO^*$NS=DGkSw>QEg;V+@my<67HX%3Y9 zoDb#y4tO;DCzPI=dXTsOp}@PL{B3#gIGZP!4^`inz|-LaP|rE&5P$BeQ1x*olziL; zPliuG`J3_@*CU-!*Kdc)&;3wx_X3puZfkbEaSl{IFM&$mr=i-x^H6eq{GndX7eGDl zHYok|C{#KQp5Xai4kd5bLg}$D!w&caR6AMN;_@*F74E}O>G>Yi{cR_X%e)^R36cX;%JtYbzwU)9kK3Ty$3NgsaQ{jEyf!F#Ujq+?!%+S| z1SLnmg+GM{OdeFx9kX!(UZz@#I?sU8hgEnEd>2&xJPQkO=V=~(J(OO&3GM># zgsS)NK$XuH$9sC`LY2eiQ1x;Ll-xcERsOq8_wro~)vhjuuZG`&XTzVtY4Dg6Jf8zl z`TQ(YK7JG2_nhJJt%eJ6e=D2`ABK|eJx=uJ91m3v)xfty^^2c`2f>X{>H8g2z3nm6 z!%u;#k5i%A`9)CSJ_c0}_rfLccTn*hHOuSyG^p#>L$%Kvpz8NQC_CdtsQ8YU9pnb8 zzrGC0|CgZT@i$QAbMPDww+_CA>yN|p;FP(pU)}{3{&u(qJ_Xmp+4DUAH$&y?Nhp1u zneTFYbYK~(fBFQR37>*$9}^dhv-OzMpwfFLRJpzp>Up0C_aA|(@5i9(X@`a5G8e*G zQ2y?QYA=6=Du*2wx%+WY_1qo!aj5cr97=v)f@gbKISYR~TiDE%=67r`&U zW$-_6Ib3$C^FvT__$=&%lTY*XTnp9SUVzH)jMH6zUksI=2g3Eg;3}?XuNjv)16~VN z9?wCQ=fpF{WiEkdL6zgJ@ra$-NQ04X{RC{Ya%lq}kQ1$yBsB-!)RC@L~+uLym zRK2|ms{FnOvoLp#%hytAzXTO-uk&30 zErcyxUj!BJ$D!);aj0}n%)6c+fRe{6p!DkiX?a&wCK+dE0e`{s~Ut`Z_2%zZcGfe}M8gWv!QgFWi;uH$&;&>!IrN zL8$y}QF0y)B|qz++{sk4! zp*`*|4<+~SgEQeDq4Y_v*URr**vs|xQ2oKH`#e2Uq3W|5u5W-U_a~v`VV|=119PDA zUxez1J`BghFT-u%MyULM2kr>B?Dur+3cI*o1r_gIQ0ad*TTnInU^{sG!*g5F=yaY-PKL=&U`~oUp zyI05Ayx}QOcH6U1;l8!r^~+OGay)g&>-{viAJ^URV0bxHJGdFD9)AGUua3LG>vI{D zez+P+-~0(Ge^Z7%{P|G*#8puB{vD|PYnzdAwqN}yxPt4CLe<}kP~~yJg<;$W_vE?? zm9Doz$>&XhUx7;J525A3+)FZ>j$ z{&v5_?T~p;?d*e4<^2d$``qhN*E8q9Q@Oqfs@@)glB*rw^l^sj)b-}O-C^KPho-wGuc4@2p}e?jT(#c%d> zUj~2{W1JRe@}3}F1VkL<7%$=2{#`N{`P?CGfsi)@%u&27l(WDnom9N zS~-Nj-{Jlr&gbCwHrNr}Nb%d@{Am0>#c@Q4>mBfL(yqU?oG&1bv*6yibp}6=;PwWN z0sL$S_4h-#JI8(a`7+lh2lv0hRpI=fxPLaBD~$e*;QCweVR$^pMvfba<2O)xMSnTY zd*GpPW=MnGNd5E2aQ=GuOgL}G?=FOi{*LDSZ{cDYTpsQ%g7@S1cj0;q@+uwpX%6Yc zt2o}rJ+=48Ir@}_kPg(l{YmG)AGc{-p8-*4)=t;LzjD2G@JII?|LueOn>h6M`;@!8 zAd|RtasRS#Px|w_;pPRnpT_ZKuE(ps@bk+M*Vh8~hlg_fI9w|z-D~Eeke@P%;AX(rEc3GUI~MV#CmUBJEZJDd9_hA?ly?LN+b2bbdhN6ycO*K-VTz8lov zksNQ~_y%sz!X0sco^$mj@bj18b{Y2{=J+@6+lBOTnK?P!{}k>Y z<#-F%n0uLDa2ylv{TS`Kvg#<-8kC;dwuYKjr?DP=B9=bLE%w%Q*iy=NE9imh_a zlzS8BS95$8kNb1~yPR(cKSUgV`C4;`VN?zr^_uIX?>O?@5k-<9<1;%7MRs zar^)`*|#_0Zvp2!!MEvV_*;V8Fz0{f_&N7J1K*%{IR7-%-*BML&*7LzntHkaE6yL} z-a5`@!)7^e<6M6`!etzP;dlu5355A2?l*_~`-V8b0QctDI$T>|{&^qQFQ(k~B-~)Q zd0ue88@JDK{sitngonV7!k6GTIBwzm4E#LFQRL9yRCox-x#3#2@eeq@9j=chO!{w+ zaIG=Z1Dub9>m|X{q2%kkxP6uD6T`h(#5IregSn@_g97j7{6Ow~IQToj?xN?z^*HW5 z!Fd_?^Fn%pm&`-qNBDmso^_nRhp=yiXT#TpbR5g|_Q4OQ?B~EX<`_r(9}j-yzLewl z96NIy#4(j)65+PN-+mk;TptMa_Y=aso}-2HufkX1{$9>^=QxM!=iv(Y0r(-}xB@-^ zcfsvToHybBSkHwt9AC%pcewr}=UQMmgySoUApG6Vy_MYi8ON_VK7sp@@C^7Z?!A{I`diI;f#Wb7 z&c@FJ;l{?m_u#gB@c&QF^~d8f_i%nEd>_Yrj^{Xrar-`g|H^svcTotl28U+O{|)!% zcpLt*T>mEW2oF$r_#HSWxbM&T=Q*E+|8wE}96!KqB^+dv{t>vzG~ zaC?s9asL&^H#yheD$dh?AL05V_}`iQtmQ^q>i!nEFXh;Wdt2dtG54S0T7T2H&V};( zdI*!XJM^Xa`6@>r$88)r+_ww&UIiBh|8lyLVi2T>ljga?HTrUL5nd{|BxwL+~~-`~b(J9Dm{1YCh$_ z(aJHCV-?3*jtv~|;P@!V9UKpGJjL-Zj-3|ZpJOJ+SseWwmvFp?<5L{>a6H8E6vw|f zc3Mc?a2(5VGRJuwgB+K0yr1K<91n8*isP>wJ1xRL$4rh@9BVmVOWG%rH~o$0_z!=d z#ZBW?{Y7rS!)<~)*?gG%?SY}UZ*ZfCEbI}usn5_~6t)jH=`R&;ae(!hwbPj)PLwNiuYLDqOuF(Y-4-* z-@v`;?%m>)+eX|Jul%Y!RM%~I96WobJuCNTX8!$ z#4#-}^1lnli)2E7QM{{hlb+RIecQQ@dn^2w*xD0 zYJ99MROZmi}&LCQb#d6Sk86~ z6!U|{Y_+dY9LP3Tnx+@>gZXp)e&QXs5TU+OFMb!FEV2TGl# zj=YkRRh&)J2g>Eaa}|0j6uR!I zc2{N<3X2KmHSkK3uWIcYC=Cw3e95XXT{7Z8*};5Qg~vtm(^2m2C*_4)iLwt>Q|ez! z{`&I+$N?f$nbtJEr(EvO&6z}?p&ny*PW(n|c6q*187dDH ztO}`U`DqH`8)8ZMwlZE@%uBdb=OI9AcE!>K7IKU<_mc8ZAhk)Jv$ojLU8(kF^F3W< z%4==!rlXM<4i4AGv5C4(U5O`5$7rLdYS*_Nm=&9{;b zjcKA(+X^Cd4LDF$<8G5vXzJ24R!s4&(`Kz$x=3=ix~~(ZR9RarpmREVN+`vFbg%*q zf}-PYpS5alG6xYi&7ectEQqk_Xb9IQNCF5i$PQ0evU@!>DFn}_>P`(1(_W{^k@kl(HyyjnCv`` zDqMM7;ld)b^QO!pS^dq5G)Z=YU1v=bhVyyek4U(J%iN+R4HreQs#u|3@&mlx0r^p&%f!SX=9tC(H1Ou~Ff^I?_$<=M@-DU)e0M^>|Oi$s8kBwGTkl3s)n4je#*2NZ4>m7sgk^^rmJd=C)1kcQP~df2kGZCxg07tS149G z21?e$Cwf^=?&W!T((I2LEO!?X_d+4)qqfX+E;hI%ZYcHkmj?zn6fY2FWT$(+XJl%v zsT$*EQ}?ndTdCfk+i^8f)p>VIh;YFqGE2rxpTzCVTyAifmOfqo&Nw@JrrU>Sr+g#^ zP>pMB^2jvej=J^8Xvs{EyX{RlW&K&1fLUg)CiPb7FLuau#1^B-+p??CE~Hi$xstlk zV8OIy6mmU%8EtLVoE2-9ugX@25#ipHP?)F?WUyq0Xmh0|6n?3&JXIV7wQ3DlSxi|j zn-fIpuVD}xL6G)JwO`VKkV|}<3y5O};${7P@(BFXt}MlLqe@t0$j)B0>g2^yLhIwK zkDxwhm278T7Gdxgj{t0#;SDQl|218s-7l2;CJfRZ20PXgzNggHM*@d?%5=tb9n%?V zgsile8As#?O2tYxXStM3?AWWG~Gp4AH@^&W}IL=4bgX2 zI`RVr%!7P)KD%ngq9qeeWK936K)nVtvqF1MI-}lFMYYP)qFa&4g45t&zC%{2^*+*T zQ33nYvn}eCA~);)^VPv}M^7<7knQZrcd2rt=q3^$H_<4emktJ7p*M{6fFRoZY0 zk5F%kVs^TNRg7_-AgOwYF$PwxwA`yy?G2T4HY|ks+j2Nq%y(T2Wb?7j4B4S z6(q^JUTh_LxhN!sVfMZ~p6AAvP>`R|cctJ$@={^xAF7qmD6C57&znQsWz6w)<*JR) zldj3fh%)X&QG4#ABwI|RIcPqs-E>5;QvEOEq2PVky4g>!%24$>%FM~D^%u&t`FP+_ zGrFe~`^tT}LB?67zW(YUI@ZI`EKwTSlb0=9&M4EQx?GKH&3aE7jjMr;>EqOSD;BL< z)5wn`G-?^4rdlbgfj&kdh2ESgQ0viM6GSb;s?D3xyq;n|);MWHAQ7DbOWpq-@1j$a zh%g;g5o%?v=(?Vu2~li$P2HGiU?r|E_h7J?R}9MarGmtP^0a2C(XZ8m4Z+W^(i{he zHAJiRQ5nn+R+;^Y4K&kS)oMwjG_Rh}s;S7RLb#J1T3hN^tD>q5YGR3|Lt!M3FZY>$ zj3;T4DJno!a4w8hLSqlJKv-Z^@55UvsKzJ@W5!VklV6o$mkhRaC!Xpll{lsSs3}vk zHe}zdm~FO;tdPS240TFdRS|5#1|>2&hf&obAzjwz$mUlg|B->M)o=Xw>@- zF-EjbHmYX#mokZ_MSX!6V9@H>7B{&}$u_6uq(KBY71UP`pvTI+*@|XkA}gWxxfb2# zBru3<7|~d#mlg+4MDR4m-Ne)y!(X8oE2qS7()mX%LuSK3uf{ato(zDt?4rIzwjwR3 z9zSl}CytIFr9-TrQw>>FL<%-YAOpsJOc@Mp+6G28&N=TGZ9Ej$deBi=W?{lcU1++x zix+gzAu~IL?NMf=j##ut*{D+@L1)DIuU9hl_er9P1sl$+guYTrAJ+Sg6C7?N9VZS^ zdQ$b<#egs*MA?pm%e~asSw3zX z?KG>V*q7+?(Y_>vWBBky<}hL?3@oE+pG~r3Mycnu8T6W7D;0T7P{fH@q~3F}p`s3w z(<+9EtodRgmL;pixQ^nine(RGjCnzjLTib&LsGht4^u#6wSV(eGZg75cbOGao0z0U znSgteV=q=mXnX7b(y_H=S5!5Jma@?XiXGB~GL;4@gPRk@>OKbiK66+TlXt&y3{qPf z?^$=1?HoXLCFN7=YjlZQ;7ymfc^NCl$lV^B&$^1qGxiD!(*oC|epERJFVXlg-^(a( z(DV;8h_w+_7{OtB&^6X8ON@Cnh}3W@71Hf|x{{DlYw6Z!r`p^=agdQE^FSuI_0O4cgz{U9ef8uvn)~G7^dA5?S_H zOk}3TR9kb&*6rlSY&V&N`Sr~BXlRl0E-7ollaD`}M|@Rp6G5WMIG?1cFgjzRi=is% zIn%}U?A)0ek%Q9uv%`phCzg9Pe;QeNmdFkb+(~JR?7XJfOFUs4s#L*(5SoOgCvlUA zM}qxJL5Xkn@7DOfSl9ZmZs@}nXQt&a-vv_(FV^g^|_ zpH*|4@v_-{2FE^qWpg`W5Hm51j6&Uc_+Y(Re-#W*e{3>IXK4-oOw(!3B(Zh1v>lSf zJVdDyrsn1@$=SkEjj@v*q5uc67?^02=`>f%J{FyNyPkYMVeoMG13QJsTslFt|*6B*M7uc(SF`BUL219c$_;EE)xA2!hU@X{N zLz? zYtPDONL9#7Y&kGl5T$OpEbO8U`8uluR;yZdE#z(FS-hY`cSEc^L{b|?sD?X?0iP7h zg5?XMtWkVZ)L5<*v*uZ9iZ4og5Q1nQL%}kIx~qxZ`hzfgo1SV;XC#iu zd-IgEY{FNVlnYO7@KD>c&>(_jP+ND?O$eWMusN}cWS=35ubVJSRAiQ0D}gi~4B5Jz z)>U#S@*b&b z7h$R{5>Pt$sM(u@gjz+s(#A{t0B(mhv#^3z7|NrI%w{!kmP z)EmYew6r>zP8M+DC(=M{Y+#*Eh0LQ7h%Kebqi2O0mWdhHIwOygww5rG$TR(p#fSpZ z1^`;nU=+|s8X@D+qEcd(F}`768oTD=b$~c+V+2er|I|ceZJ?<0Np~Xg6lGW*d-)I~ ztE1XuHhH`>^f zYFg?v88KC|>q~j`rA?%xHV0%ZMRA5HAoZ5fz$Q}su^+7%q-UzLG-d6zDs`fdZPpvX z@`b%gTGCThOTuE+ZCPN1;8#Nnt-(klpB>a$hHN#FidEs_gEi(rk+Z6U~q+^>NPJ2v494ZRQ#A>?~*I`L3HfbE(vqvyzJXaw>+#5d5l^ke*m_ z5K8i+3U?jl*{$)OYRuV|u=+49Sy-5uj#_o&Q-Q%23!1qlm-DlD4Aoy|Ai${0s?&l< zEJA^pf}!`S`kn_u+eMKzV>M};e6>7PG>4*!S)13+m!7Ut=ed>cFhLMnWX;T-a;9oM z6$@*QjSrSDS~4vgT=RXy+1Or6q`c-n>Nf1%ZQwy;qr}WdKe2ONFzwL^ zsj9mZMaW#)%X_JA!i&wEpzs-|(p}Rm=wQb3p6oO$ zVXSc%s#2sp4259!tE&Tz|7$!{s*Jw-OeY8N8Rf+-Y&D=%|0(nN2;2eK(groN+WMUhd@@$8^yIJ%P-2u+hl6F~JbB>w8}P^kUoKD4Ag zye_8X#!}q@s-hGxKfdjK)X7vQOrmrM9%KEeV|RYx`oe zT|MP?tPP(P%&|*XJIHL|0Ncfu34Crv{V5M06<%e-Y#-fbZM8P?nT#YYM5E|@+UaHD zvu#zy?Ar36nIS1*N-!npjTLzSCY!$p;xo-!`@HQ#JEX zofpfu_iMGfA>}pn=GKPB^c1xf>}aj1G3%_pc1-Vy^pEB5q?OB-jw&=uRV0Mg71}oJ zQF%;_vV79To>DU}J}Qij@vxqJ?@2WK7`m%bz7uO9UVOCh3U1WQ1c@A(l(*%{yE~$us1G$J#vE z*fS20zNby`Hgfd|n^CviI1Li&1Z z{)YQH!c=-v%)!c!tHEvmsKM2AE|IaQiCr54r6UjV)C6eI8`&&HXlX$rMkOgdlM$y4e5W~fOa)C>}{EsO&O*_0m7%b>a?Uh;32xAGS)WNJ|=ZX;f@nfc{`_ELf6 ziP)A()H8CDykZt=!g_}CfTpP8SB{ASL!FGRSRh-I?N-q*2h)fyot8M5w^ELOTp z{dyxtciW2$d$mcAbPUl}Swu2-+sdN0D^E$jqt_OE-%=s7Xj!egNb8ukWqxqR3`Bl^(R(%N)cO@CL!D) zRHavz4fa)4mPp@mu_%7oJysq5dP(}F5G_e0YD=nzhQfjXa}G&(m;Okabl1{jMd0c7 zhU#GkSdygm2EitpQA@vJ3cu!#RB@|Es~Marwn}SrIkLi%DR@02iEwHpo3vx?1Pq1k zuYc8hjSF*AUYX$5l6I9Bf+r^tq+BWe3hz&-wXtQq3k?w^DCG(HWV+CleR4l~Yt+gu zmSA>BBSv{!yv_BO*n!R~eRTF#1D;b;1)EBAtZI{orQ6XMr4qeTw5gaS5xSp5tUB=u zw3jITV<1vIdWU*~?oMcRPMM&M3+6O+LJ|Ql1=NmQA|r28=?GuapwKC}cosE@lm|sB zMGMTNIo>nMt=ioQQGKPtY>szty1oe}u02yHUP~z@!3dbP7`OZ+nf7);W$fEYs%3bY zUX0%2ka#DLZLEGgAtC-wGe3sb(nk=^-a$RpUjtfV%Vl~aJxQ6*rX@O5&ps)eM^+m2yq7rj)RvZTW3ux-pB>9GSsYm1>_XN5Y= z4hEPuH#OEH8JQ(n?krt^{*HBFyc=Nb$JYdZ*~H>Ibc?URYtsI_@W)O}++S~^0I5}L zfOKUwma(n4Vd~Bv7f`z_Doc+_8g0toDjc1w=&)O~u%jgSSZ~zJ4f18W6A6vK>lE3h zQ;#}Y&$4YJe1ym2bl=HK#-5a1F4}sUR6>Y3iY-sWN;WheYx{#Om0_jAw>Qv{_gC3# z!1SHH^k50}r3{%DdQCfiN2tQmCKgtniqfV^iXkL1@n3QkSRbUlI5@=DwWu!1ZjHy#C{iL8MZq1f4fF#B9fHl2 z3yDt!FHOs~m%G@WMvoG{eh@d^T5n;eR=gtG!Zf`O>Ka4a(`;VdevQcPjuPOr{kA%qq&|A}YFd^S&sav=aC~y0pNZGvfU44x zSz}g7u)_o|IkDLiO5U>*-pI7x+3!uIaLtmSc%xv90sVs^(e97L>n1ndxdpz~NAKa8 zsi{j#%hYJDj1=_?> zFtJUIr?>s|DB`d`Jl?KHe!Q!uVT}G*R8knpIMvK+6A~o3+RwI$P^j4|+ZFBIz>`bZ zWxljbb<%26uYqM6-ek&=&W4Z7P})?CM!cDm{k==Qm#9rGZ6*R*lePTj^)0aI!#UMH zHp^+Tm)9*M@#t@xt+wBbXaS?ZxNrbIVAG6`Pzrdlw)Qu8d~lWE#d zIZ;cL>@Sx-i$1g#1jTn{g|527*EJTDX1|=LqmRrkN&5eHRGOVx5?S@X|go4#tPPc=!Oo14lneitgt32TnAE~rm(1$A26U+`wX zrj5z3&y9Pu_K~*4Sl{d*W@}#gkB5jfaTJIG7W>N8E+)~V*Vh;T*@p%Z8#4m5BiXWEYK2y&6w~NyIdrFGXqb$z#xzu_vjCQsrb#IVDpQ=_jVbQr3)M zD#hHH)w9FL93tTu^(;&=K1|05&4&{;LfHjilCP=nP5 z@nW7vFTpfk#jtF7%&7>vi^YEJBpn^bp3XRpB_WloRQUFRsz5bC*Oti7Rm`m+? z_onvB%DBRIdCfJ9sof$m@G4Ga+?L}1O94tnM%Hk-5iY*9lf1tyYbTT*9zGti%RxoYcwQQ!%45TrFC93AK6%H)Vf>= zS?kiJy%!c~pG0@oT6m3WF=?r(Jn1`i4KtGXj-RYI)Lt%Vy&f8^y5dz`J+^_)sVV)i zBp&w=abQ~#ZXCg>@mpCb`_6?nUGPa%wmbNLjF6A8)){W9^jt2e*U{1(6{G@s;{0o1 z9?W{EO$Q1~gciy=TWznbrMG}ejQj$;5poVnFpIuV&lDZCK_~*o+Irl z@Q62E{*k)(P<0)UZO-Ve>a83GoAK^^62J}>I@B=Cjy4|pw!@nK3-KJ#eu~hc>Lqud z!;qCn49SOX84=Un#KVeWA>%Uy$#CDk@^2-;Z!R#1EcZ<<@mWkiDKLkmFW^iK!4eZE zyusox>?a1BFCOZnP4RCY)NEHwzxh?GyW==)%{Duh{#q-w8Uv%=k8T>jz zvi^aGFu*t=mu+ifhGRL4{MzQ((XE%F&?6fE;p+SR7_2a%6!wU#ZMmeVf%!~w>buiZ z!}PB9ck{bO!9&5Pn(2Jw1=myT{hI$R-zzkH(qJfT60CW9-Bxg{F3cN6=-bOR`?HS1 z_9Y&ikqN%tq)Ic7x}S`OC4ClCy_Yez+icSBW<)#Y^ER2qHYHu%29wuXGI5P$>O0Z$ z65eR(?!+j-ATK#l0Ac3Yv}X`gANI*(GU5*_jP`p*S@ka{0)4DQpFqH$#?<~}I;jcS zptBhx(CIen-{OGUdSl<}3T10wZP5O3dv62vH<5?%ZazI+{X6?D_N69scJpZ>A5WUK zbiuq8%T}*EC<zuWy}Xkiz?UD zgVS4l^}!?SjA}pTp#plD5UJ1VxJU2iO=bwOmqq*Qa#oDh38U=0tH*m#Ig z7v5S2pY*_6RQ%ynt#uylXWRTE8~P%5@}K(HSwJzwuAU~K41bemBpW;VZ!@VoA8cQR|OB7njr_mcP9o<&7q?;#~(~ z?bnNcWACY#sPu(HUb+ggQjpD9w5ivpk|!tKNqccvhByj_A0g0YsSWrlBkCIx_kGG}zFwOE>3e9g_N0QdoUI%p>BupE7LNhCpcUI zv>M%23yOb@vq2Sx?}^v039pM4l!^}!lG-A!Ky}jIEVWn9(CRmx&d1!J` z>BU{B#b6wfEuX#XbYjY-^w7Iej=&ZUe&M8RrHaxN+UN!R6Ai6-rkRm zrnKCzRl-`mLl@#OXOoeZweuiZ=hI_7urF(HJB8pqA>}_7*eBDPjn& zRQogyY+u>dJ`9y`@&TT)e3&whs=(iYuW7xS^Rg95dpZ_#cF{8La~U#?@LPkKl_6BU z{MWa=mHs1Qc+yUIP8k@4WZA=X~{G@*|cAQXsds5E-dwDFswqh1kJk=MK=YU!-8I0-( zFRmp^3(_@>2F!{r>Z4U%W<@3TEVW|QR^!EnO{1Js-Cv_njpsN<#S(dIkOb@PBg@81 zMeAsMHZ5pTB13}GD_yE#Ylv(qO?n}HlYzwo!X;yoX#7Q|YO%yqgTzo{$lG*?ltox5 z3e8gQ?uVd+P)XWHODPErwwOSO#+oRrb~-ZDM6}B_>t9;XyBSiJrkV*CVvCn4l$Y9+ zsLMhVSnCW$uz7*(5uq!R+IrbgjXWgf8L!u;43}3BLc8wO{f`RbBj@lVQe+e@#lPgb zH$NzasoGA8$9yCCXk+yVq2%$A?sfUSWV1BFZ>cw`2P>R7+K?!kl>I0T?b3=H3$$kM zH-f|ur`eFhzb7X7wXYBO4%IL!53$+P)x-NNqL20bTS~mByq@1lY?uAGimfY>G}W`k z7mVmcrD~2&-{!8FNL}UM6tjK%C~D$~9n>1a`wnSGi51Nx?K$;2Oz@d{7sg$Js)~Al zmUjAv=_Aw)QcNZbkL(J+@{vLDfVSrKUAcY+9tx#SUj# zZS_yxsc%RRe*B9AAt9a$UkQwpLl?zFZT-*U=t2HdyLwJ**g)h`m$M&ei02cK7yFGl)XN(-bYAYTwk&U~9)MRUxQ{_{-g!47(JW4cmup|Fj;((oWB?bZE%B8ctd} zN_}Wl$*-R9EcA8iSAC*NH4Bh=Y>DxN=Bj?fQ{M}zd0{tEeW#9ob$9GIZF}qg9BFuu zxJ5q~svmcLrK$7H?>;9HtEJW9!w>pYP57xn%*HTbrE>C65(RDMi>_-5H$>Jb9IM6A z6rgoCQF!Vn-7%+3h^TE+EkR7en9#l~Mg>RP^H=w2T-epe+(zpC*&qO^{3Uf}nkiD~ z%_ar4H>WZv3O|09nhs&ewmM}*gs6eHnu)geWADZS*cR@NuUPljoW=)e_B%{j5DGI0$YAz7J9Y)EQEb)#0D;I z>M-VEZO6(cvzq>T63Lwu#zShe4ToKcPjX>D3b<*nyh3IlEt zR<2Zbwc;a;L~l`S6bf%_d-JOB;mUJ6`m5*qWqK+$nxwWD&%&snE^xJ-&7tRNIOgFM zll|HOsbdO;IlD0<>8$8GVWG-cgG$v{_|mP0DC#-mU4YR}2mAJ|>zI~h%a&wW+3(H| zNLP7Thh28Tcy0-oHG8kzBdf)o%x3YGEhcLGRlR<7#VGj}eNxjWB3V9Gk(nWy>=zG> zz}j$&@43`i*v9#OuXbfGj>2pN+3h?7Q=VVP4fbMG#pEJ1z>tH``>IblH9h}^A!OE_ zb#2jFOudg};lI`gVx@sZ%G~4I^m+Dgka?3WKK?L-;p~rOZ-DFo*Em)Z3heVSw(!Cp zVQc~V*g_N_iJ1>pD^>B2t65JOeIuc2MO*uWX0^T}b)2?BTyBEJVZBD^EQ4hfeuFH2 zFN~7&&eZR#jk@L0;Kt}c7!mxihknX9Z9#+>bu*q@?A3k~E7C7W#yk3p*^iyWK|7QGvb7X90r)-a0EN`Vbc2dWH1O>d&3*wOBv#+b8e z#mR?vWLe*Kt*b_DZ%0KIy6M#*-9%(#Q{SS&l%>@nN=cPuMq5y}Buz7vG`oRvbSoMM z(z-P$4!@=C9)hZFS1v%&2Cb$}PWMYCjsHLJ0Y{LgO13%v7g->VZ^;b^V6X zMc*3uFXBsc(|eFU#$#h;(j5L z!cCXG1U@QyQ{T3zfzWxhZH?pGMB%@Dg!&?5?WAV%1;&g`q+61cJ|XpmM!#QUSJBM8 zB&< zDe9>iK6*J+8>Qao9;{aUP7u_zQ}pXg=_>U3fQ)v4Q&=8ohUxq|v2g8?343-jwY&AA zn4^(zrW%I)wg#A?P3rfCLN&YLq~@2AHm_Jiv<@@O2~Jnblr|zE`uIhiwZgHPff^9OHIdSr?wr@c0_KVV{#KJlaFTPmQ=b* zh1~3FS0%TqJT2}cXIAn^Q(K|fw0v1^1;&})Js+jMcmR(-%DY3z7I^#x*M$hCYk$U-|qnX@c4Y0z8-8zcM2cIwOD-I?x zOk)zXY007`^O9^&X`9?M2dfbI&#hukWty!zPBH`Lc#TT=(&699h>;mld+I< z^LX`GL#S!lW0^&5I^BwBnmQUvO#|B~fxZH4Gw(83YI39*QT6j$4rN5%lberz<_CZJ z`t7oE!V$-lY~4Ab?}QVkWKZOiP~2^vGI_=cQ?rL2YNyjrI8vuAa-KYW%H-^Z4dyOC zlP3~p3Sp)m-;^0I5yHMM_YQA-Uk_hsWudpX#Mi{Td#W8H`RoYE9&Ru8+NZW!3PW@b zy1{3Xi$i_)UpF`~!q&uW`~BAyMoJ8+%7vlwx^mwzW>3@fe0RsX{0#LZ>xu=G)Cil6 zn@~F=L+)A~7`gw_0_)0zWYc!$=q=TH zW&&trc(mXA5L>nL>+ZkQ_NTI8npe@WM7#N@+`7JE)AX*57vFd5P~Y&m3U9%6k`2zq zE+!W4ziwpX#d&_XIh#sd)dCF9*xdYC;ay7M)#uWlIikeVzL~*hH7hA3%8q?6QPr5& zv_sGalrt6BH{3KGv!OfGqj@g(cThKZ)w12<>l?~asOdrvzlcbUm26F6R-v%CIJ~*} zX;fcs+VZsW#`krUECH#!WJgBT1wu8_m+u(qqds~|!8DG-lafeAskLraXV{=+1r+oc z6JK$uAwkijHeNEVX?*k*J?#^<1r91XWE-bK(|Bv%W8Br79Rv5>YP}IPFJDce)ijJP z_TQIxx#{-4+@ohA*kVYsgYb`$AI2W>_<&r@>gnR6LxcKcYVUBi8znVR?&&M8dnNIy zzZo1RvW3W)rwF67+u9JL_m=kjx8tp*~4CgVz>Bt6MpX#b`L|^JtQLDZwdT94I|jnDmB+nu0>|meQDkrYca=_&Mo7 zIPv1r5P9gzqbB+h=KHU^|1vo%;XS2}k@h@_wXv!B}|`R?+@OFHbQtN1anQNg2iGx8U;w7ydHpr)nyLO-*$iXtWc-R1t${g)Cc z6JupE&UUDccj4>PKgQDkPF_LVl?MT6+4 z-G^u74{DSxWI#IKYX;A%_Nm#SB&pT0p7+1yOufb6aBodfWtvVS9V6_lQ(>j6A~ z%W#_LtHChM4R;jw)PvT;akZv-76R zA@;&sHr8kx?0T^*3*Lg#-^!G%Zpbbx1ljfCQUt58%Tf6V6JB$x z*(!y^>~?QxejOz=SaF2@e$vpes-rMm=~jC=r1>!3zWeVJ(wv(znGM57hBx)l8LX@) zE&eFfBAv%jUzthvjTa+)YW5^%&hph#vQw&AwdBwRhgbT%TW;BS7uFFiIBP124@ycA zW&D9lC(UJn*bF9Gr^){P*G0llnM5s!z6WiQZaCT^xvUU}j6BlR@L1cNacRrQ6#-pG zai`*;U{U>MzRCJBX&p(885B;lkQPkJbOhVN)G?~Qt2{^+W%4B&35AFpQe)JKe%{g> zDJjUVLlx;&K}?@M^-UQ%SP2J->-RR_W46xP9ODVWTyF5BO-4|g z4lH;y=P>ZjkC4T>HIt6?ChDrL_fPGMR=<*C`aF=mk5TXi!*b24N_g}R%aw` z@}_1iG<3*BoFyd}NlLkUpvVXY9YBX4YB#$y-%~^pm^MIRMy4X)X3d$GT#1FH(>7kr zfMCS*a9SY!`x4b?u~O}n2nL7EF3_sAOEk7N?IV#DQ}t@H-i)Q4f;OtMQ^h*6sL=(> z@V|;m%3oRCbX;-MEw^JBRl7=NGAk>=wqnCfv74bcdO|DV=`3}O+<%=+_wo>5jf)g8 zt(_hx%I(HW!VFr&=hVfQ3Pfke*z~bgnzSnkKsj_VHZSpI@#%dtLV>71&6#peKADj@ zjhI;{WXor%xQ;J!Nnx6>V_c~x!h)3@vz$8Dc$g1m;&&)|qNL?A1bk2-eXBiJNq%Q9_VoOHULGSSI0WoKsCT8 zuTBdFWu*C&NVN*@D{gfehz26`JoInz&^I5%jFvszPr7ZfPQ}w()fh-;lK&SVnOIz&(j76Qi+wZ=#u=V*8{g6s`eZ91r`O@b^f4D+3u zj&=M{k6+c)h8d}`LB=k9rjdv`cuiWk#+WF^v=~?8Nu5{^jNwaNE)6L&mu8?HLqQeT z9vBU-^uq{rbY37MUHQTYb~B%abypJ`#9o7fvJ$5W5@!5-xS3WW-OR0)Fx%Lx>53^D zjc#UK!M>~Q?f&Q3Mkgjxo2=NErRJ=WYp_N6GQ4B*hqfKhdC@R@yxfYlMBiEB);h@` zf+8`9j5mIcEZ^e_Bg9qlp*|BZb-F?=V%EHstN>$zCoN^{zzUFKcg5!V4{MH_@?Q;# zpf+jDW=Ju9I=dw6c?(zryQ^RGF@00V9VuFiX`NJ^B&OI_8cYxFaAiGK8^fidKFlsV9vXRm{A-p$+ z?xK!{hWpBulK<|6PoZu4sr5NY+6tYksZKXysu}@}AhlKAbh43_n;X5aEP9{8WYSP0 zY{tK&SoX?DSGj-)jd+1>I?4v+WU(>N7sguIcBJyUf`)?<8-{YPwBX|il|YjaOQCu_ z)i3X;FI9VReYQC@8AsScmo_{?$E;~Xy*xZIErG5uFauK2`)Y&?i!zF1q-y;Ol|eZ$ z$5g7+Hm<~XB$M&1Z&fCviX+S;tFwzIhUHw_+h$wTA4g4sxgDSMl_1ng@+KZx_BlYN zXWZrpv$X%;+_~+@d0qLvuK5%-0}yH=?54#yPQqv;=p0!VN$6lEGz_8GT_THpsGjaF zce?LlSjYq9O37pRDihyXe6Rfe>#z@BeN}AIV<5=@rn>g&+k5SG{I9i(Z2#+@QAa}8 z-1f;PUPXbg`{;1c4waz#odYgW*X})=9eGX5VmS>4eLCp8(`2YY)CmI zacf`CUUsZ+Z^~W;L7ty3@wh#krXb*aTMcIRK}$;Aux8h!`T%~@IkhSBqH&Xieod_i zJnG9&MhqfE)RRTHIt<9vPLeV~6f12>?1D8_&v8fHOLG9JEvH+QvmApfOp-zo-*Fem z`SeCrV94y>qPt1#mE;!pKe z%xSUVyE@j@?t~ae*GIv@tCN+J&G;0>H+C|6iAjCN^*meczgS{6!fD(=YzEn zXD7#pM*U!>pfSlH*E1TF#gH+()wgNZxP_f8y~f-n-U4fE*53^v{gIE=cCiFG-Y|cs zmoPW|iGQ9h@!1e?gT=kcAm~bY9?V_`!F|_+vAd-#4?<$IkaP@o4P+AV8yv}*ZdI%> z>=nxDrA9P2Yejr$*I8L>y|{`oHc7Kz)%Evg{6FSzN7|?jOm|+=oP9b#)<|i=qX+~H zw+=ka{(GSI`c@3bw$MQ6^ox0Qxy@{}ZHDHC#ctC*qKoGv5aC<%o^1A<$b~8=R7+7q zNmkl4*Jgy!#`MLmAhI3n&AR0)6hLzH~1JPPXaq?DyaA{!YG8{%7%r-xE8)@xRFvi|hk1 zfp_jU5oFne6z?p}-8tXU6}}-NX1um}aEYr63s~3dOz1W*+ZNxMJn|YvzW;x>2t_}O_O0Qac6>wv@Nb)&4nFw{ z6AO^ePx}_FK>{VCs2$m~Ztp4w}n#6 z7Nwuv1iH?HJSQq6gjc1RG{c0gt0ij6LBYs5GZ-;G|9bXJ@i1dPgXw_fsr(``Cy0G*Xum+|-!z|EswbTt znL8g&e+hzx>R$Apr-j;xtNQoj@PAz$cQIt!j?%trh@E&rwp!F?^F*6FiVokVUm7=? zKFz(;7E0W}OIS28u*lmF3NRHwuwzY4Sq?5SSewx&*_lW<4636ff2zLdHbA zzyYpAf`TAuN3Hvu&>TYu2Fn87V3-7~oOG`?ohx#o`D5M20`{>H8%IDHT(Ly5cgDvt zEyZvN>pF%#t%-u+F`WoWzWFehS5j8|%9qs=DIni%PAXca0AL{TyzicBN_Awey-Ovu zI7{?5_f&&LzBZ*@64Rs9MkR@$7^<|rhS~QKnA!P$1}=+>$Il#+j|3NB^HcLCU(fq7 zMnfTz*XA|p+eU=kES5ot94|#6BueC+mlYC@HNPh`RwaT)fWrmZhyTrKUO1r3a!Cm5 z>s2D{`})9ng-QWK+_@FONjXl^;NvxTv)pCQV@^^QGfwV zk;_$EbPIV=9N2QJWaf!Hgp<)Oy4z*2zkFY-fvhG9UqC*mq`z6F75j%&F>|e92p@oq zGR+aW;J7I*&Ny{L98lp`n$+uj0;ECt*T0hzkxTizd%;|LI9FpuFSl{<9U z5_xugb!=>*f zWx{mUFq6$5GCLrqNou9EAIlpo(-K_z>D6D5_vob=+JOal;AM2= z9FG;|{*92&#t$ytkt~&{(tEIYqA7NY z>aOjQw^N{h`D$>ZTu{7qvCltV{R?g#X<%XCao`cBvI-=_B(z~XHvmIH78p#K((IP@@YYAw;_yPtUfYmAUDcs{ROv?SO zBXpl%=3nnZi1bV*ajNmyn_z(3GaNm;679VVRH67(Y3Fjp!H7#AZgJ$9l) z7!~GY%Sp_VK1A*VIe9JfmRtO`^nb&Ci4PK*VJniOqn`j3<%StuKyE4#F|s9?Rmb`X zg@O-^P62^f-@pzoH2M{x`l0z1r|oNoNi9z5az@?6vV*Wf5gZmzAZzeCv{z$vcgNNe3L>Xh8Ovzr z^slUMWiy0xlObCx#_#q81TX1Ab3=oC?2c9B5u`xg6Q@|4?R6dNx8H0cCmub= zGIBlzCFODfKgkA`<=U1u(%jJLATg8Rx>d&^naJ+kHXT(u?8d7|hj^zhT4*z9jp1zz zC289@MGfy1nVn~D7~MV?yH@Mp{01LTfJ$mewIhN+(=emeguIa?EPV z^|$(iRbSaMNtGmNkKr!MYMdid>sI=5Digg+wBXA9!WdJY0lgw$(X1ia7dwdnXne7h z(NMw1=W>b-54+^h@j*P(U5+i3RwIL>@I9VmZxB^23}t zW@Xcshl59zfD}7bTqQ%1mWfb29F}pg)>?+IDeKPE&HL8t&35a6NX*Xm@nN-283pLM zbB{e#ILuRS1+aPLG9#P#iq|bFumq*!r3q-8%SUtoFBq|S{*x=E2a^<=HJM7;Cv$*b zXC&L*^jbLJZF_lAMVQ1Nas-v*I=|NI+(PlFWCCnQdEI3U!huMFwK1lLA2Ez#Y?%?b z^R5ybRnG~v;VwX>T`GEB@q&?6#QK=qNO9vw-{3?qIk*Z$q`{1z%md@ZKCLKMt<&da zvGAB%Nj7MZJ-9V_s<8JpAr^g7#8*sdb3eOjE~+wNPC0Hdo}q?^q+9NDJ?Lh!I0yZ?z3pU09w6~1v zIz{iR6z@LJY(%&@qn}lLY}l=Gn-=7aA5(vrG7+UhWw4U0-v}d6wFX;IIxXR}oKdOK z>3p_XScHK$bhQcU^%IZYkU8?SWa4SBM?WTgYk_-EyVm$^D8s5O%(Fah0gMg)edrre@a>6m0c9&fYYbPjX3WVxtE{yr@N__du1YJrTc91)V~X0Ej;$o z5x7xQNy+eZ3-`M>}b!!eNfHJ%MYwks)HJhZhF zuZmJeJt@@3g-Snv?xmA;IA6K~_#|`NQ685Ult3T@Ch4BA=#S5(sS15l7S_lOuABus z7+D1D6^LemZZel#kYZ(xoz(P#JzIZl$nplvb7b_*YMJ?kZb+v^F{i*bV$jE~`L z9AhYkl+;OBt?_TTS#jB~RbR@5Vg(!`2F1AZPrp{#8xyt3qUAa%UKxB_UJC(Yyp9@q zdz0}_ohw!3WXS+%m==Oj_ET2b+cW}gJ)5&dEH<1RABJxa)r~ie(JuWh+I#8bje}cl zhP+Y?|C;8JktNt(vyF|SGX`xOH;)1UYw$;a1s|!*QRgcz(V;A>$thzp$S-tAGNNp{ zvT$m(N4cX%Fo)pksn3_P6%BzwUM{e&voeL=_nI9&vk5d&6r~mX&6qz<9O^P71x#w= zx)A3S#)tJ(Op*Nv0?fd?RPQWxP}0aVXTjHfwfaKn|K;0n{Cby+pZovrS0-c(h_+B6 zQCOxpSXR}@2eZR>5SmkP!6M!U6V?m7j@SJUN;PDjiSa`{@D6YcOoADPu?b+-19fhe zW@O@D;(7rzs>Eapj9IBc@bZC5DMNU*!CEEc^2*CqkZXvw`LHP!U%Dj!UGG#?pUgx0 z1;yf26Y>oQ^3SB4!!JZ*8wY?*HJKE9u}ADq!u*TpM7SA+k@lvU{V4#Z%fI>I2mS5> zUoaioa#Ol}=NE^Vi$M&2Df!n*r|Z7g&T6>UJP}qaZksDsvo;&iDL5yK#_i!ZKiQw{ z0R3)OFkEQ_{4S2K)k)IQZ<~d)MlKzXUXUz`PWit3to++=Go0xKWHE^1VFP7f^jk9q z+YcGvUlq2)AP47!FPCvsApH$ik1bcuz+y z#){rgd(ReH2|TJu-A@i&fYpuc%ga#OekuLSjiCn->j;3f@%>JdQPZoq54Lt{eD^%n zny-)w`{;IPnYf)rS7wd|G(;-Fz~0l#VYP1$&l3i@=rEv|#mr4+(At69oj zh3`yTg6ly3)P{4$=C|sY$fh=KHTek0V>o*ywDr!wd~f>de*qu^ z>u7If8YHr*0nR}<4IZ(RJFTbpkQWb?YC~ocsz4oi6Sq+|lg>LHz8E;`Kt_k8<)NaaWX`C?O5og9l`)t>e4sm| zW9~s{gS*@=5iSH9Gncq|y|mYOg)MuO${bk{+YI+TE6Qtzp8L>k$4CK)poMiRVp-pv zVLUz3!Tzgc1r@f#-&d-R+N%52%D=s(M{74rp?*@10$i{ih0ZdkfAtq$(2!uzsQO=~&?W-yp-)qJTPtbIh-UG2v;?V<_C%K_>QY*I!lwfinKPsVs|lYk@Ak=?gmJ8G>e z?#udEw{^zv8)gev*Ak=p&W&dsF<{}E3cuL&BXt5y*qNY2(rqxop6W3cN!Rl2ia&WA zl)xCzmR8_h>_h1y;?W-aM=-+1`v(dHe26QHIYw~` zybW1}8i5m+Ivs+xf)X#{F1DQLwT-LDEY>a6Io9iqJLB-H>K=6$AbZnKaE`dRfb81Z zkFS;VPtXvo!uDrhJpLvTfS6si5 zq&uosLl+UPvNE?BAPXCpAP45@yHmu92L>>1;&Z^&__Erj}kg8Jo|#v@>M~J*c&dC2z(D1?BTU&TYeE zVW1hH4-h5WbxaPe9^-a+%zksob)K{N{_JRf#bc#g=7L)F{MPulAI|5edaG#TQgx&# zOfPgC!XxcoECBpSS>4?|)nm-Ne8c|Sew&F7&i6Kvlb%GXM5K$7e?elS*Q8g48X?GC z1rd25BHjmKJ6h3KH(f*6o4o_&ck5O4*T(!!$-B284qi70O9Hs?cy@NUH~mmrLf9X& zYh9=h4Atr@b?f(*eUCoS7W7Y6x!|gy54~TV_n--BLlvNEt{J^t`}%q6Q=PhIs5Q+! zhxmIhj{CiBgP%;gf|4}D@8-9=KE0Fl=yxQqMzykVB3R^4ac_T=&2M?fyqYVqA^pC7 z4%hG;>z0?ZZgAJuxnk2@8#y>~ZJ?e0AC5yW5I_UU=A264p{KZA1$(?5DDSC9k zsrzu1-04y2V?e9pXR+mKO8(rPe*5*u|Ml^=EGh~`<)&u*XlRq?omVa^Di4~3F0k`L z-E;oq6P}{4%j}fi@kMUn2hA9(#Z7dQj+N*?RL9~bqiklN1-P=2z_fUCm2NqzGRiLS zm#rf;gEWEE-)6}LnHqUQbj#Oe?SWIhWql2H&z(P{#hDb%%1z$p~_W#sRnDzCz<+E;gqey z7U)44S`2Qq;CFtK@j6Kb>{5{kx8VW- z>G65^fPmuCyR5K9`sUqNhJUL*r0bq3Ik=M6<&4#5cK^NEysIb}fAQEJ4|ZkxffT;w z$$efejeqcTv8kE&C-yMe<<-ILWuy#vZ&Ly?>l(ANR&(>zBRQi<)F*yho>4Xh)u8tB z$rO~mk2ki<;R0ayv^n){)c^twM$lI1bG)F<(E_K>3MbqCi#wAq4VFJ>uXpTxHFBG| zh=L^vuit#`oyn7;trX|FVXNclr1`~%=3~zBq_lrhy;>M(grErIXr<|b`OV@Of0X47 z5H$*V@X80)B-Vayu0A~jKN(pj7>i+_!~o z*g_w9_xA38{_*y|uLpF`_a2zBKGiS5l%T^dzBl`}TV9dI{pZ8Fw{7h! z#Y(J{ed9guBY6*Q@wr{StQ+)6mw&0HvjdJ~^4aRd-V!}sDsce4C04F970d$RbNrzz#8J{16G^r!%kGqXh*BWra-fYFYvVHVY$(3 z?@`7JQ?Rbkd$R>^8|FZc0 zX?MD}hx_Y^mwJZe(i+IbT!~XOT;lOkes+Q?7P*-I znndDqBkn)Ag|AXBmL~3E_lt|xL0BGH9=5JuyG`QTxlw?v5!NaYb4QGSddOqY7}_mG zm=2>p{f0fV(5(VV`Yosv@3}qmHrf|;4>vKbr=V59%TlW$4_dRstplc_kHr*OzCfF zAh?JuzHTRM|4PJBcU1#YUM0cap?{1(D77$`uj30OrD5lqyV#6il7R!H;#7 zkVr-+5JtWOV_L+w3S+e0toC_eHz}`A-cRJgasluOD=_Wrpd@#V^inW6AGB<#&;jKZ z{~=cB*)!TdT;KK}2I_}#t~=E4{o>P)K7IQ5i%&m(`tZ|#s5q562l1hjrLc~YtMM99 zw#RGm6+V@+^b+Ts?vu8(q<_`mG<)dvxv!%!+6ekZEIwqQ2Lei96shD~mdP?A8^9Ss zsJUQ>>6R}VqQ$@$<=a$ZX+yo2$v0NtkuroO`Tx)sb(4s`sjEsGb!$=;osp%bdB;p_^-r(d`=)2vEway!#SsUNWwf<1Jze!46a6PO{ z>_JZXv4ywf37BrwpICQy#owrL2n4y&R29+Di9KX!prCIn$d~9S{>z3sji*> zAIi(}2S%VgFX)t$NN4@^PRA)Iz`(`t;|O&WlTspequO@yCWtz7S@#*m#~GF@QmGh$ z48*KRX6P@I8xH~7_v-%wvgOvsGlZ@&xB6l;Yi(XqCPr1-^!7izFIs_bO9 ze0v+6S78F*K)I2}&aCc6&QF@Jy5Z@`J{u>?F12~HG4ZB^r!}Wj3{rGjGaXS;>eU%uvU*M^?THf`%USm!D#;m0lC*dFl)QJ; zR^_ahn;v9noh&U5VU5apDHGv1)r*0aE38utpwO-&!S1p0n9A5$^9@fN-iu#BKCd58 z4^TSWmk@y=Sn@(8mc*p6?V!hJ7;;75ak(d@qZKU*&_nk_)f4SaWdtM9JM4MDCoCO} z6WfK-51@o(o}4XC@MwMQQQ2G&l`zbWqnZaz@-6}(Q$7XocNG(LBx@UVOEddiF93B< z&9f^q!Q{PIt=%*`6pAfVKtQ=Y+Cq1CXom|zOb~V}?x47+He_5*YJQ+2PtYY9QX`C= zlRG)uE!APuN$f`*u4h)5)n{tkY5aP|ZoYbQTVuU46t3GJsBR#l*<|C6t_%wLBww%O z>s!1G<&Qu8^4mvW|Mh=9nLM5GO3D0?m7HI%TqPmCFguj2%jFVW7gMVfxAvdYFf*NXr~0G z!K95qwNG_=&u)BjPI2*9f3ympw%FQ0a2XP2^x&-%r&W#+UJ2OB{5h|v%R(>e;?=RP zke73}b(LBTi|N5)21Wy}r}7BKVQ`!Yz5BOdVhdhZ%5`5onA(G&e6*oEugW7%X~C|Q zg;fdON3OPPY-5EeRIYsTB=M+lgZ3nh!Fl~o2T|wB=%q3kLb57d7dlITiTpnIE?HrW zX<*hjVN9Q%T%5713>`0LFt*aK=4Yok$y}dqAi2*=os%^gu~!OEQDg@mZ&iNaAt-v5 z4X0{&`Wy4@zd&e2joC{lKX9(1Ki*l?vn1DZ;Ol0$gB7Jh+Mj>}@Rqmy2Db`}Nt+%# zJv8r}1*1>pa~e^yrbJ91Gh(2;ylg#@A896nhZUJ1)i0>t0m74SWHQ;?8rirhxxoh7 zg9^9|_ND~#m;3ij4_s2G#w}t&DYB#IXhGIx6K$&EO3IogQ2@XB8my=$%ZfW{B*G0f zNmni-dtM8t{2eQwcuAFReYv3GoZGUp|9?xmBrFzBhqy=LVBO3yp{6ik4X7$gt3X)& zOAWDZb7Oto=NgULONHPYUQzxQETW^I(H{fz6&|u-lflH<>UBI#jww|QH_AmeeA_CM z^Qf)qN|*?@wF3|;K*724eaVgR#^AppI|wT*0uyRz<1|A6XvWJ|Umy@KZ%8rG53I?1 zG9M4*_>I|{epia2V~qMrtc+Qgo`QmvX_L}iO$Pan+v)=4x4}4E6YAX|VIbXf44XEe zj%$eE2L1ac>pNKSH#si6R&waAJE9?TZe?dgA%PWE`aIkiF6%*c(@k!5tt0KTk#o*Y zMwFUc?E!L37ia(lb-D3CZE+SV8P6CqB`9c2>kSpb{7+GQx)u}@!PzNVl>pM~aWa6O zgj7KkBJC(D1;fyPSu+oKdO(+L2{X~ z`TmA?xSHNwEW4e~B|W_+9K;O;^J^0d!A>O}32xLv8fdNgjr>!)@YSc^e&{2$RhX{{ z^Ihr1l%M~Hm*=e8QOl;K8x=O_jrayPUZ5p^dZ&x>r2DmggH)+VhzRrGgIix&X(KEj z^pkv_MFH7bOe1B#rLEX|Q)oh}BhnC~o@#PGp`8;j7gZ2at8Pf3X0;b22+t zYQRITP_z4dycH$l{MO2>zP{P?kr&4^P7*ben!1E*XT4#zX`B1h=R8wQ4ZjPHJ|e8m zX?A9lIG+MgCqMs$eIk!M3;=(O7msNuQ%vRao79qFoqE&LEOZrZqgq80AlJ}1);qUX z@BC{|CDqb#AzTH`x@xEWd(3z>?W*NWciy>u{tg~Es00&0QET{%d+x-IXEbmuEFOk#oL7IbD1lC)9wpX=l>efiH`Dm+X0#jtwJT%E_k7Z8JhAX6Dwt~(rz<&)d>H76g7Ye)*?j_^P3B8}xGDY})V zC%AZNn$ha?&49&6FL!g6Lt=$plNc@Xls2`3Igzv-Zmvy@bifYd@D?NAP`+_X3s@#- zJKi3Y>ujL$Hk)aiJ^Cr>y{c^1$){;tBMfcAmn#6n9WrNs8}B5l)#ElC$zo~Rs5poC z01nU;EdDzA&J=+8^d2C}d!8X?7VOm)8@=zuPAISJ=DjEjpvXQ1%JsNRS2Ai&Zp;oO z&kvd7ZxFOxC+Lf)8jm7zwj$yE`SQ-X!d{k$v_GDmnpH07k-h1M#FZBtn;~&)<{Jug zWliDk&$y0E5l^sHgnwABzCHkQ>&^sS#x8q(~sZ(L-)?pg?RX&G(j9|3_Mn#0c z2&)W+=ZS^6qNMEe+zpc1lWDbnc^HCeD(){Zqhc7MZkt!!Qm{E)qhW^@9C+%0tqvfl zzv&^^gG)|@r`Z|7EQ)yt5p?WEtSg{qWovT>;)G?##B3CCH~MkBY=Wf-7_WsxgDycDxnz=Dz+ zdOsMxUDH*~yp?(E?tMiXaG1yyKj+b={l)p=Ojg?TjD`C8}{XU27ap3S={pi7+^vAt#RjVE{W z(d|WPuD@-U^zruEt~}~68EI66n?7=^LGulv#ZF2gLbwFvqTnlPvmFC+r};Hb#!1TD zL6|p_b3fA1P3!ox&A%8^n7sP$S?L%p;ao2$2{%1CTpTT(P>;_i{GSQCm7(`>k`X3_ zPJ>BhhR4KmbY_!Cj_s*ao{{N$Co>*ac;5$0i(n$f*~*zgsPNE}i^*k4HVDqte2=es z%ndkfbidtGlYip7v3+aztS#n|H|-`srpft49s_Yr<|`--x8H=rB?IK8q)B=Nz%K;6 z^8Vx$oxvmU^u+N!3YA)G)qE&h)xLS(kSh8)K;PA*RHvQKiGlcmxRl2&wE;dOchY@FqK_XBCh(ntBWk9d*hv({mM<~cSb0Bc zoJy-=^}lETh@*QSZKfF}>A^%EQ0{gDI+>_Lyr ztt1t2zOCCQ^FJ)`_M!qJ?k|>T_Qzy)!!_qjz`IyvqmoLO(@dhd73i=R*{J#NUa#9A zvNnum#XjDhp3VPxwLnu@9~N`;1btg?qcW?b2mMnS^&5x;Y_L8<8VLo71vd88kpr}_ z`YE)N1^2^Z-|A>gf0%(Nw-0EWeCB^;-x%$HCxNAu?;pnJnI~@0gt-Mim0eX^?@iiP zr?bVGPBq)bkZq$&el!7>ZQ8NQ!SzSB6MKF~Uri_;thY`E)Z!ob3IP;@HliE(w<{_` zWaA@cB+d^YjCQSjbiUu>bfIc9U>tQM+G_HVAqG5YfaK1e; z3!p30XnUKGmNf-b4+UVVOwV5|ez1k;tSp(DldwGpM?n3GgK3nsRNRF?PHkr{|pH&XhxmjfW{*E{=|XCh)(f5Yu41G?BSMZ#!U^ zn`zNCyxz1$xkwQvI7tl80RO+OP_ncJ`D6LQ!2s#33Z>?zgEWpHKH7E5d@+n_s81ZM z%oWDHbTWHssC?}h>i|-N=f%X3+g=W_YUM}EBfr}^mDfdj*9HQ)JU*R=i_$_h99HgM zTBcmZhe)~0E6dA}X6pqEr6#-QTCx=9%av44TDKlN#1}t#on46zY{R~>hHk^aZmKJs zEbC(>PU(A-v5gI_VVcrH-Sa1nrFQrAx0AR!pwy-f-Qt_uK9(e@b#3UPg%)3nlTJ~G z%jw?Xm_cQ#Dl675u7dDVm28@h){J(dLsmf|EecBAylY9c$yRvs%*ad@R(WpR1?_{py+;RxMb>>%ffv>KV#!7muULx|CFXvICr)*-u)OgsOATT zpGve~pHzI@<|=F=i`%>+Q!C@d4PgQ~wV-{x5T+geJ;opX0@&dpl{8`z{xO-4h{FWC zQn&2fJQ=}5V{LuUb&4$1b@THJKB1U{A&aFJTXxkb#C!U~+00POfJirx1mJX?f|;`|C+q|RaIBl@#@v9s^PQ4 zQ9C}bQ}ceSdRvsHX}1t$LA{BlHL9a&E#fpy^0ReKs|yFh(TF_9bxmsvPrzs3$M8kC zwUeej1#jrAX{%tfBu#r3ZiWNlxMWRx0^Sb0!+t4RjW&Qtaf+t3hY!IP@Q<(=JPi}z zd6)*Tz=kj-RnuBS7o<&X7?ciqVLYscP2px31s{Yi_y~-F@4!Cro75Uj>qR7$+J!Tr zXkk6<0uRH!@B(ZDbu#IL)*DKNvtT>87Pf-BVF5e{>%m6p)D4?K8F6pe0s0)Ss3DR~ z#!e^|pMhvkyA08ime^I(M!*qJ@^6Q^@G&SI`x;VIOYLTVUjXI(V#uF%kU;AB1WE@Q zWoR0IT7Lp&SgR=_A}Xwb(zBgVdVCm4gP%c}qDGl^#Ur7pa5apD4?w0@d&c2e$l$e~ zq12OxnxxzWDCLTvG`!YM*J!(lNWoX3jO1&`w^|(C?FjRr51s{|@$pufbtZ zF>lP0HUdh6rBKSPgwo*eplIT-!%v_K`_mfru#K-D6l0qT#W)s0ne&IC7}X09ZEJ5s z8DX8Cb_csbnYuA>E-Zt2@GZ!n7K>pullM?;>;t%BoY=mJ* zhmxR-UBpf==}SxTvJqCoLr#8nj&0l% zpx8($lyaMM(7&kkFc~t3-$GGM3??sg)(c8che2t`3!i`+VN*C1w>AV$fM{J?4`qa} zKpEIa4x@z;LT7vem4|HwGYb3{{>@UJZrNJ%z~o&kx-^G0QtT~yPJqu?_P)RLaCtcaC<7! z9FBnUp&QDG*TPQl87L!r2TDgTLK#Rpy^;Khur3Taj6i9x5~j)e-$_J1eBH{>w4a=G z=aKfDPlosyZ5hO#w0#c0fSpMvv)J)j+9=3$Ym1?jKLGRL$B>1hWsb7ndm-kd?S$#H zubm^pv}p}S+da;M)U6f4rSLH*bC^zTn1wb6O2zjPV6WO|kSerJV{8}ghx179ffHbp zv33V$K`FlpNW*uYMh z2A_vg@5fL^-h^I=)ena<&2LrP)%&1K)pjU; z;w>j#ufT4&H%uY_Mkl=jb|Ae6iZQ+p8^8}?J$Ru2{mU}>iVU&txJmZ%n*`+pACx&> z3cJJYPWnwKBl{l8NYe{3NLUCZ{~VN&wwY{qXfl-gs$fUB0g9&g))0|7IRnv_)^dvN zdgnr^XbY5eeH<3SUtl*_G}V5;2}%cEchcWOQEmD(yId~pMLGawHSC1V;UA%VS96Mp z^yDWfs_Hb|E;t10q~}6eX3L!X2cc->Whk2a6iSC$%&j<@+ySdsuIlGax7f z90HjYtq7td?KxN?>%aMId->c1MFX!u8S#0T1?%2uSC9?cke&r&U>U?-wbif%JOiWP z=deEf8j8*Q06W0sIrjI%Aa<)whl#TOe@~<%d=-jHKZ8wS%enS4ON7y+d&3Mk6iNdD zC=EuSG*Asi1NXpoa6jw;PeAGTFHo$$%{;qYJgjL&MlT|9Fb_(FbDX!>BrLRDs~7es{RHd-FTjB?vBY*Xv*A$ED`5^i3S*&GYH!zZ5M^lHplEbG zlx4UD4u!8n>2P#Sz&5TdIF5|za1eY5it&BquyxS(=_6oQ@^`}sd<%+Ij|kc2O(-3D z4Nie|%Qzju888#>f+OK6C}+vU4JYlM&$tL=gVpd0|xz(Cj=dY$xEDD}S#`^fsgOhiW7Yl&?;?uw>0lMifX_o0ya3Uz7F&%r;TkAYT8~6)I1GxBPlNqwU#lR}8SaJs z;AtqTY`oMSX&w~S6+<1ahf?8QC{yqil&NcVv;Ex&DDP{a%=rs23;qMjK-%A8YoITz zk)A9fA|u`aN5F$nMs@{`hePOPd$4AM73nWAT) zbo>K&Kg?WVmwN+BdzYY0Rq9H5Dyo~h(zf!|PzoG^o#E$DMjXA$Za4wT6pe!Kz-6!{ zyx}(6$V#BR-wDMg&O#YjgVpvb>kXyhxo`knUqfUFkv~D1^XN6UOC1U0Nza1Pp$aFx z19l?)2Ph4^2a{l<+wB2lLb3MwQ0l!0N(bJ7ePPsEdpQn9H*&`kRdy-xRWeOgGL*Y5-f*m*5_ki&Z zC&BKr{-+WV548$P1<%25@JlBhx6$s8=JRV7S`h8?X=UYt1*?Bg}(R;UcKRr=WcBSGW_#Z?PMA9!f{Pfs(=LHF;$0AtI{(9*XMY@3oi9RG2_|70iY^p}ao>N5fWI z?e#wkN(aiJtn*{A7d!{0e9LVZG8_*_!AIak_}w=2FLRoEpWT2DCXn6=+rVdFNB9Qp z4!?joupNtf0GtYQ;YKLN`e!H_Z1sR`^;4m&h7~X!J_p;uk6|PD^8@I=0g;B=?R~xl z98Y=_#5%PtFb=*52f??YjI8YryTW`pgLDM;gU8{1SfBao3lBo+=(n%~%y`h=1IEDi zr03KSk&)d5N5VZ&=IT2*0_N|st$00@ir$1l*!UrP%BrDsY$ud@K7jpU^WC;l=0iy@ zhEi@H>;%7t&0$T8-`OMAp)8Z>P=~j{RQP+C0#7>p0d^+c?)SFQ4uYcMV%P^h0JGp< zp>#OvVS8$Z!93Ep!bJEQWGZX43q(9*Bt2qRv>J9K{Q{H`y$5^1CXd=984SfXmOyE6 zos)kACX@adimH?L*aOLh(&70q4X%Qv@Nqa<)_=RlY?TJ#XkMIy(!#Wq4v2J$e};aNDF_O(k+#*DqTs;l5&^0&iy z_&yYkT!hj<>^{397py~i9*lw>=z-@{ng784%|Goe(}j6jS`p0+luFqQlz#Ckv(fE(#doEg;`!Y^e0 z<@p2Bhm4a@=1!hQq|1;yh>wS|>}sDWL~sSadajVlb#hk1KOuR1HxRZ&+7X`#e?ZER z^N7{{B`abF1r*9bK6COe!w-?xt{Gsq{181O0N z7et;RNU;^Omt!x=i;c`il8D>-ClN!UJ|fRpq?;4}qm^U(?_tFAkp)Nw;ziy;UO<{5 zKO(iy949h}dbZVO!n24Nwe!?y@f2X?XeXSUiw-9`{1U#1lpyaRN03;)>4eDhwGGP+ zOEgUWXhfXNy@-qWI`~(loOpXgp5_*v@z*2c8!Ov(!x9z$EzeOK)(Q7J;)@Ykc3qGg zoys00J``zgtZU!BmOAT z9=RWxfL#9^cM>`kE+>8f*@e_0Jp|cFycKdY@wMX zF+R+$CljCPeEmA{$;4lS3!FTn)^0hGbSva0(jOzUi8q2jBl7I9Lav5zFz=?q)5v~A zo`Xm-`RRx}`)t^TmqQ}rWOyhLjY!98pHGQ+$xA@SA_Eb5GNAm2d0XUJJIe|uke-S> zMe0>2-%WZI@jl4&$T-qGHQL*RE$oDqGluvgqzS3v*X75M?uk^8R|s!IYM+~($R;=m zX-S!$&bJ>p?*a}t!;hT!e8n*5Q1Brq<0pqYZ0uBEICL{bh zzWC@IJ;kec2}IJPjogVt3|GNIV^_hj*2H_9frN4gn*n!L1W&>ip%)&^S8jYX5Y#N^VQ z#qM&SS1<8ZMM^{EdWzo_ZS0@YM@1V6QA0CvaM8@pgvQKd!Wpwh5Z*USa`NWn z60V-pm+-|o>4cxpk@8h@CBOH)ZmH4QaCb0B_lo>MukO~1!ako~8VZ%ocY8{7uWzy6 zE0rRmA5j5gV}8 zqlb!$uncNx=}V8hTBsse8bXBuUmz3~MHKitQO{0aKf-r?!w7FGO1swMN`INJwnD2* z&lPpL*5gXF`Rmu;7s+JDERZl~fvY3!`pb$@M@mHZM|7D|_hPrd)IHzQ&iG=iwOEYr zjp7?HDz9IR?M{D3!k7Iiv^2t9?skTv7lp#~rQGc)_IZt`7WQkdcVYcRd>%9sNoO!I zC3$>!xU?tXcctx&j)CT_sKPQA>47)oi(suo0`Vy1S~iPEul9vQdcD65^T_O(43dT6mPTvQsW z!){U2l~R9S zUiqt1k#cvr_?FsI`&M+I)T~u$gojskHSWGGJGmk#PBHjvW6=FUJukmtvK|O|W!-dH zJ)TcKU!74mS{rSA^>Vh6zhQhYaXqQ^@W4J(pn2^v@!X=@&<0~@n3m=-`M`Y@v}! z7|YyTIxaD-T$dF|55Cznk+ugLGF4u~MfjpID%SqacI;l=Q|t~du*|FeW^v_#&1uH$ z%`L6iP{PMI$1!=*QtcOxfmhf@d35uLroVb`?A;Q}%DMgv+n-pC z&bc?=$lIDRBwQkvZWZ-jU49k8iiqu2wDIo$UBY>99N(JU)SIsRmUw(VuhsV}TN91k zZK?I6wekL8#@TIC8O6r?L}`D$Pi*(H6`y;*>@r91?@su`{rw5YJ|N-v?d^@c?E{UB z9kMv*@3`5Bd9aMwZ4c%dYL^(vQxA1-uH(KkGx3<=%yNIgXEfQZ^Cn~WNWw+Cd$qAv zn4A4>zAxx04lo9We0=xA#F740&^({cj%w;&6XD{?_3(NR(0M zrKQG>mvYHD|B~pm(I3|tbzZJAw!M;S^gPnnc;-l&k#zJRZ(1JHjklhyzv-B)xR%FS z8U>Yu4w>0mEh7{8l>U{`^*1f=in=vM_(j4Z3qO@`N16%-Ck1k`vf1R=DF- zU!&pa&T-=97=#`QW_taR66Z4t4?CSr;l-zQyw)_^TCO`**j_T)*n3*eqHmm*AznD0 zYQ+9!vhnF(P7EwB7GDx!)t8~*fG=3?F4aBkHW|9VT=%$f^r1jmDK5UWN}tbmTB28l zDmZa)0x=#wBf5I^jA-e?88N1TZ|^d?zY}OpLC!#O&R<-66fzpWTWB1A_nztYDNE-( z5c0UKJ&!#JFMyF*7lYv3(u$HuUMS4s(*hi1B3iH_Fy9x}u0MQoItjST%EUVDv%GQg zY=@Qs&JubTFDkc>^y$XMvr~;Ve_L!sz1Oj+*iccG;|h#1@AWbczL!|PhpUgPukqn~ z-NsGH94;Ma8_wi}<;&4~X7%Wunbj+^M}Ix5e@^e--LiUQWknZE%q+ygM*e5Ho>@6P zvM6V`&Yd?VzVAKI^n+KG(dy$)M$P#USDhW_V~zSBjX&_PokD`4Q^Q`{bCZ?vnDV${+&@=_OWu)(zwx)I_Nfj`p4kkq|=PjFXMidxADuiW>$=fN(_gp1Ace7f}>~&M^QH$H;0I8 zm38<^{L!wjyo3$DmYsLh*EuYXTfbgM{JC##BAoP{ZjAlTWo-I>EU9^yQj9wPjI(0# zMz4RyIx&wG>+yrQ{f$4!0nB|d&1idZoE0my!WiTAi*k%}UyLz+yeQ|C#y`ayCw@$c zwT5o#zam_HWRGqV2Gf>tCo;ZiGNuUwKl-Itd*lWp0kVvX#}l6%YLUQu!|<-=Pp%R;{8 za=h`zWjVOnv1Ufn75R|vG{3$@ImeRM;@5dpv*?O!h>NbYH(Wm_I5E$Uaps5JReh`J z7-QxyxB)s5W32my6E3k1#&b>{o{)5V^Flqv*HUQ95*4qa%}$C=S6*yxo{3kjowQl0 z6#6!ID#d;+NHpu$QJf9Tj5-RpV2-b&I2V|g>+t4O9fkju_-ycAT{U2^t=vH9=ppR2 zvdU9kb#$A@e`NKqlq-9lH3`2hXO6F@@Y80Xp4H?Dx@_*Pr?@AX#5r}yn^ZHszG}r5 zH@Uj1C~V$3N5wRtzJgGx&z#pt#hLS>RAcjClZdR0nfgBbD7s?_!(zD+elN-E!|Tn?x&Y*zDOv4FaJi zD%srAL^U%vHdSrS6HOGCd-MAysIGkuS<@$<~Pmw>Vswq zqmsA`+uuSBGCyfyRn(}Z>S3O4r3R4yWNY%t$8t?xQR9kX{xluk`!E zV&dkxHfn%b-d1%oKWVE<_-bN|$~E`JstLq9$Dy{qaVliKz;ZKV;?;-_oV&|HUdv+% zs>&<$>Z?~OvoPK=gr)H+lMfz=S1f4r@9~Pev)Qek;^b)F-OlRu`F5&fGd{)Z1^lck zH-jUOokS34#w92gws|T+wKI(bHJG@bq&hXU{E`$Vm0y&`FXU9j5ie4HBKrH;LIQ z2X|c%<{Dk;#?hDXHO&@Dj&Fsy>c)^PW2G=PZl-a$XwQdUfSyl%U8dbZ) zA#aHc{keV$A7Ro`togtI)x`WJN8v@RjPz@cOm>iRaZy}6!$KKeg>w?78teO$160g! z>uNk$eoo5F9f=mSvGzv5b*olmwl!9{bn%G4U5rOoQ}a6m)f_7AGssfLqCwX5eKbgg z+t=2|RxUq$cy)FMJZ&h*?=9w(!HPq#dBuYD4}U z-O@V09a&x}Qthd>yGmhB<`=qjvo2b{^}gCfZ+T@XOj+&^?gdAe;}3i#=Baok>u6`L zWttmDsOjdOk*q(JhxxY8Q}K=PENn5JYM170gq; z>sj9A^E?%@FJ|VuqtpUwKQ!7}5>4|hFS{^bWi*J0%j2`%`PO_Sj!|69%o$@WkFptBY+TGLD_{O?lpHeuSyBviF%}|C}?*?le$+N9l^v|)z_|P2HBVn{V za&)=9)T^L~viL1?rW;qas_feN%oosW4Vxj|SFF0HL~BQ%=lJ3daz`lh zEc9WxUiZQvz4Q3F|5;Zfw|Q5Iwdzw!EoJ?q)Y{_a1gv%1BdE&QC#PeGmByW4>SlCE zaXc{NLn__e9+LBb`G=4iZQi|zak$K;Ve$#0&FNwFpb`2m+Dwb!so5OF0DR`S2(Hm( zR!1y9x<8_xGS8K(a`R7%*=(m*;+aoLP_RUONF`ZS)~0d1N~N^LDPOm=xIbCjW6x?8 zF)vmtZ}*vQ-OJLDEsaB2fK{e@akG_V!Rshim!E<82kKJ9k;56WL>`1GQiHut(|z3 z4GM6HGl#8U$-B(b71+DW+_{2NiOX!WQe}Y$R$3b>^eWYs_>HUB4_)S; zS1C@!=E&RBz2N=Ztdq^<+pKM_+iJxj(VV>+H*#{d8bds8jkUZdtx?HCnMT{1#FPA& z1OMM|DMFT?GwS_otp5LHjY>0HtW^Q?Uu)IzA^eV^mxR3b2I?!}7maY0eQ69< zWmsE+k4xjx<@i~@hfM-cK=Eoh(TQc6m+!Q6*Bvi9`PwG6$E-Hk zNFFy-T=dnA!e^c}RNv%+!u*Op*|ooQ+jsJ7KZWaEER&wJMR74V*KDy)p8K{ae#DjY aU1F3|VCh!t)O2{OWp-a}Rhj%W`2PS(?>({r diff --git a/po/pl.po b/po/pl.po index ba2b504..fd39611 100644 --- a/po/pl.po +++ b/po/pl.po @@ -1,536 +1,863 @@ # Polish translation for cryptsetup. # Copyright (C) 2010 Free Software Foundation, Inc. # This file is put in the public domain. -# Jakub Bogusz , 2010-2015. +# Jakub Bogusz , 2010-2020. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-19 20:10+0100\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-15 19:02+0200\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " -"|| n%100>=20) ? 1 : 2;\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"Nie można zainicjować device-mappera w czasie działania jako nie-root.\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Nie można zainicjować device-mappera w czasie działania jako nie-root." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"Nie można zainicjować device-mappera. Czy moduł jądra dm_mod jest wczytany?\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Nie można zainicjować device-mappera. Czy moduł jądra dm_mod jest wczytany?" -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Żądana flaga odroczona nie jest obsługiwana." + +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "DM-UUID dla urządzenia %s został skrócony.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID dla urządzenia %s został skrócony." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Nieznany typ celu dm." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Żądane opcje dm-crypta dotyczące wydajności nie są obsługiwane." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Żądane opcje dm-verity dotyczące obsługi uszkodzenia danych nie są obsługiwane." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Żądane opcje FEC dm-verity nie są obsługiwane." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Żądane opcje integralności danych nie są obsługiwane." -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Żądane opcje wydajności dmcrypta nie są obsługiwane.\n" +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Żądana opcja sector_size nie jest obsługiwana." -#: lib/random.c:76 +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Żądane automatyczne przeliczenie znaczników integralności nie jest obsługiwane." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Porzucenie/TRIM nie jest obsługiwane." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Żądany tryb bitmapy dm-integrity nie jest obsługiwany." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Nie udało się odpytać segmentu dm-%s." + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" "Entropia w systemie wyczerpała się w trakcie generowania klucza wolumenu.\n" -"Proszę poruszać myszą albo wpisać trochę tekstu w innym oknie w celu " -"zebrania zdarzeń losowych.\n" +"Proszę poruszać myszą albo wpisać trochę tekstu w innym oknie w celu zebrania zdarzeń losowych.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Generowanie klucza (gotowe %d%%).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "Błąd krytyczny w trakcie inicjalizacji RNG.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Działanie w trybie FIPS." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Błąd krytyczny w trakcie inicjalizacji RNG." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Nieznane żądanie jakości RNG." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Błąd odczytu z RNG." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "Nieznane żądanie jakości RNG.\n" +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Nie można zainicjować backendu kryptograficznego RNG." -#: lib/random.c:211 +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Nie można zainicjować backendu kryptograficznego." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Algorytm skrótu %s nie jest obsługiwany." + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 #, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Błąd %d podczas odczytu z RNG: %s\n" +msgid "Key processing error (using hash %s)." +msgstr "Błąd przetwarzania klucza (użyto algorytmu skrótu %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Nie można określić rodzaju urządzenia. Niezgodny sposób uaktywniania urządzenia?" -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "Nie można zainicjować backendu kryptograficznego RNG.\n" +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Ta operacja jest obsługiwana tylko dla urządzeń LUKS." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Nie można zainicjować backendu kryptograficznego.\n" +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Ta operacja jest obsługiwana tylko dla urządzeń LUKS2." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Wszyskie miejsca na klucze są pełne." + +#: lib/setup.c:434 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "Algorytm skrótu %s nie jest obsługiwany.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Numer klucza %d jest błędny, proszę wybrać wartość między 0 a %d." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:440 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Błąd przetwarzania klucza (użyto algorytmu skrótu %s).\n" +msgid "Key slot %d is full, please select another one." +msgstr "Miejsce na klucz %d jest pełne, proszę wybrać inne." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"Nie można określić rodzaju urządzenia. Niezgodny sposób aktywacji " -"urządzenia?\n" +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "Rozmiar urządzenia nie jest wyrównany do rozmiaru bloku logicznego urządzenia." + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Wykryto nagłówek, ale urządzenie %s jest zbyt małe." -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Ta operacja jest obsługiwana tylko na urządzeniach LUKS.\n" +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Ta operacja nie jest obsługiwana dla tego rodzaju urządzenia." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Wszyskie miejsca na klucze są pełne.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Niedozwolona operacja w trakcie ponownego szyfrowania." -#: lib/setup.c:327 +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "Numer klucza %d jest błędny, proszę wybrać wartość między 0 a %d.\n" +msgid "Unsupported LUKS version %d." +msgstr "Nieobsługiwana wersja LUKS %d." -#: lib/setup.c:333 +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Osobne urządzenie metadanych nie jest obsługiwane dla tego rodzaju szyfrowania." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "Miejsce na klucz %d jest pełne, proszę wybrać inne.\n" +msgid "Device %s is not active." +msgstr "Urządzenie %s nie jest aktywne." -#: lib/setup.c:472 +#: lib/setup.c:1444 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Hasło dla %s: " +msgid "Underlying device for crypt device %s disappeared." +msgstr "Urządzenie stojące za urządzeniem szyfrowanym %s zniknęło." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Błędne parametry szyfru plain." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Błędny rozmiar klucza." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID nie jest obsługiwany dla tego rodzaju szyfrowania." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Nieobsługiwany rozmiar sektora szyfrowania." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Rozmiar urządzenia nie jest wyrównany do żądanego rozmiaru sektura." -#: lib/setup.c:653 +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Nie można sformatować LUKS-a bez urządzenia." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Żądane wyrównanie metadanych nie jest zgodne z offsetem danych." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "UWAGA: offset danych leży poza obecnie dostępnym urządzeniem danych.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Nie można wymazać nagłówka na urządzeniu %s." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "UWAGA: uaktywnienie urządzenia się nie powiedzie, dm-crypt nie ma obsługi żądanego rozmiaru sektora szyfrowania.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Klucz wolumenu jest zbyt mały do szyfrowania z rozszerzeniami integralności." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Szyfr %s-%s (rozmiar klucza w bitach: %zd) nie jest dostępny." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "UWAGA: rozmiar metadanych LUKS2 zmienił się na % (w bajtach).\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "UWAGA: rozmiar obszaru kluczy LUKS2 zmienił się na % (w bajtach).\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "Urządzenie %s jest zbyt małe." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Nie można sformatować urządzenia %s, które jest w użyciu." + +#: lib/setup.c:1896 lib/setup.c:1922 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "Wykryto nagłówek, ale urządzenie %s jest zbyt małe.\n" +msgid "Cannot format device %s, permission denied." +msgstr "Nie można sformatować urządzenia %s, brak uprawnień." -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Ta operacja nie jest obsługiwana dla tego rodzaju urządzenia.\n" +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Nie można sformatować integralności dla urządzenia %s." -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1926 #, c-format -msgid "Device %s is not active.\n" -msgstr "Urządzenie %s nie jest aktywne.\n" +msgid "Cannot format device %s." +msgstr "Nie można sformatować urządzenia %s." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Nie można sformatować urządzenia LUKSAES bez urządzenia." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Nie można sformatować VERITY bez urządzenia." -#: lib/setup.c:925 +#: lib/setup.c:2000 lib/verity/verity.c:102 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "Urzędzenie stojące za urządzeniem szyfrowanym %s znikło.\n" +msgid "Unsupported VERITY hash type %d." +msgstr "Nieobsługiwany typ hasza VERITY %d." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Błędne parametry szyfru plain.\n" +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Nieobsługiwany rozmiar bloku VERITY." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Błędny rozmiar klucza.\n" +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Nieobsługiwany offset hasza VERITY." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "UUID nie jest obsługiwany dla tego rodzaju szyfrowania.\n" +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Nieobsługiwany offset FEC VERITY." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Nie można sformatować LUKS-a bez urządzenia.\n" +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Obszar danych zachodzi na obszar skrótów." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Obszar skrótu zachodzi na obszar FEC." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Obszar danych zachodzi na obszar FEC." + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "UWAGA: żądany rozmiar znacznika %d B różni się od rozmiaru wyjścia %s (%d B).\n" -#: lib/setup.c:1089 +#: lib/setup.c:2286 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Nie można sformatować urządzenia %s, które jest nadal w użyciu.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Nieznany typ żądanego urządzenia szyfrującego %s." -#: lib/setup.c:1092 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Nie można sformatować urządzenia %s, brak uprawnień.\n" +msgid "Unsupported parameters on device %s." +msgstr "Nieobsługiwane parametry urządzenia %s." -#: lib/setup.c:1096 +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Nie można wyczyścić nagłówka na urządzeniu %s.\n" +msgid "Mismatching parameters on device %s." +msgstr "Niezgodne parametry dla urządzenia %s." -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "Nie można sformatować urządzenia LUKSAES bez urządzenia.\n" +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Urządzenia szyfrowane nie zgadzają się." -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "Nie można sformatować VERITY bez urządzenia.\n" +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "Nie udało się przeładować urządzenia %s." -#: lib/setup.c:1160 lib/verity/verity.c:106 +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 #, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Nieobsługiwany typ hasza VERITY %d.\n" +msgid "Failed to suspend device %s." +msgstr "Nie udało się wstrzymać urządzenia %s." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Nieobsługiwany rozmiar bloku VERITY.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Nie udało wznowić urządzenia %s." -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Nieobsługiwany offset hasza VERITY.\n" +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Błąd krytyczny przy przeładowywaniu urządzenia %s (w oparciu o urządzenie %s)." -#: lib/setup.c:1285 +#: lib/setup.c:2735 lib/setup.c:2737 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Nieznany typ żądanego urządzenia szyfrującego %s.\n" +msgid "Failed to switch device %s to dm-error." +msgstr "Nie udało się przełączyć urządzenia %s na dm-error." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Nie można zmienić rozmiaru urządzenia loopback." -#: lib/setup.c:1435 +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "Czy na pewno zmienić UUID urządzenia?" -#: lib/setup.c:1545 +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Plik nagłówka kopii zapasowej nie zawiera zgodnego nagłówka LUKS." + +#: lib/setup.c:3058 #, c-format -msgid "Volume %s is not active.\n" -msgstr "Wolumen %s nie jest aktywny.\n" +msgid "Volume %s is not active." +msgstr "Wolumen %s nie jest aktywny." -#: lib/setup.c:1556 +#: lib/setup.c:3069 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Wolumen %s już został wstrzymany.\n" +msgid "Volume %s is already suspended." +msgstr "Wolumen %s już został wstrzymany." -#: lib/setup.c:1563 +#: lib/setup.c:3082 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "Wstrzymywanie nie jest obsługiwane dla urządzenia %s.\n" +msgid "Suspend is not supported for device %s." +msgstr "Wstrzymywanie nie jest obsługiwane dla urządzenia %s." -#: lib/setup.c:1565 +#: lib/setup.c:3084 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Błąd podczas wstrzymywania urządzenia %s.\n" +msgid "Error during suspending device %s." +msgstr "Błąd podczas wstrzymywania urządzenia %s." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Wolumen %s nie jest wstrzymany.\n" +msgid "Volume %s is not suspended." +msgstr "Wolumen %s nie jest wstrzymany." -#: lib/setup.c:1605 +#: lib/setup.c:3146 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Wznawianie nie jest obsługiwane dla urządzenia %s.\n" +msgid "Resume is not supported for device %s." +msgstr "Wznawianie nie jest obsługiwane dla urządzenia %s." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Błąd podczas wznawiania urządzenia %s.\n" +msgid "Error during resuming device %s." +msgstr "Błąd podczas wznawiania urządzenia %s." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Hasło: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Klucz wolumenu nie pasuje do wolumenu." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Nie można dodać klucza, wszystkie miejsca na klucze wyłączone i nie podano " -"klucza wolumenu.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Nie można dodać klucza, wszystkie miejsca na klucze wyłączone i nie podano klucza wolumenu." -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Dowolne hasło: " +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Nie udało się podstawić nowego klucza." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Nowe hasło dla klucza: " +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Numer klucza %d jest nieprawidłowy." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Klucz %d nie jest aktywny." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Nagłówek urządzenia zachodzi na obszar danych." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Ponowne szyfrowanie trwa. Nie można uaktywnić urządzenia." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Nie udało się uzyskać blokady ponownego szyfrowania." -#: lib/setup.c:1798 +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "Odtwarzanie ponownego szyfrowania LUKS2 nie powiodło się." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Typ urządzenia nie został właściwie zainicjalizowany." + +#: lib/setup.c:4171 #, c-format -msgid "Key slot %d changed.\n" -msgstr "Klucz numer %d zmieniony.\n" +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Nie można użyć urządzenia %s, nazwa jest nieprawidłowa lub nadal w użyciu." -#: lib/setup.c:1801 +#: lib/setup.c:4174 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Zastąpiono kluczem numer %d.\n" +msgid "Device %s already exists." +msgstr "Urządzenie %s już istnieje." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Podano niewłaściwy klucz wolumenu dla zwykłego urządzenia." + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Podano niewłaściwy hasz główny dla urządzenia VERITY." -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Nie udało się podstawić nowego klucza.\n" +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Wymagany podpis hasza głównego." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Klucz wolumenu nie pasuje do wolumenu.\n" +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Brak pęku kluczy w jądrze: wymagany do przekazania podpisu do jądra." -#: lib/setup.c:1961 +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Nie udało się załadować klucza do pęku kluczy w jądrze." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Urządzenie %s jest nadal w użyciu." + +#: lib/setup.c:4516 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Numer klucza %d jest nieprawidłowy.\n" +msgid "Invalid device %s." +msgstr "Błędne urządzenie %s." + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Bufor klucza wolumenu zbyt mały." -#: lib/setup.c:1966 +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Nie można odtworzyć klucza wolumenu dla zwykłego urządzenia." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "Nie można odtworzyć hasza głównego dla urządzenia VERITY." + +#: lib/setup.c:4659 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Klucz %d nie jest używany.\n" +msgid "This operation is not supported for %s crypt device." +msgstr "Ta operacja nie jest obsługiwana dla urządzenia szyfrującego %s." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Operacja zrzutu nie jest obsługiwana dla tego rodzaju urządzenia." + +#: lib/setup.c:5190 #, c-format -msgid "Device %s already exists.\n" -msgstr "Urządzenie %s już istnieje.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "Offset danych nie jest wielokrotnością liczby bajtów %u." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "Podano niewłaściwy klucz wolumenu dla zwykłego urządzenia.\n" +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Nie można przekonwertować urządzenia %s, które jest nadal w użyciu." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" -msgstr "Podano niewłaściwy hasz główny dla urządzenia VERITY.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Nie udało się przypisać klucza %u jako nowego klucza wolumenu." -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Typ urządzenia nie został właściwie zainicjalizowany.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Nie udało się zainicjować domyślnych parametrów klucza LUKS2." -#: lib/setup.c:2259 +#: lib/setup.c:5851 #, c-format -msgid "Device %s is still in use.\n" -msgstr "Urządzenie %s jest nadal w użyciu.\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "Nie udało się przypisać klucza %d do skrótu." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Pęk kluczy w jądrze nie jest obsługiwany przez jądro." -#: lib/setup.c:2268 +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "Invalid device %s.\n" -msgstr "Błędne urządzenie %s.\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Nie udało się odczytać hasła z pęku kluczy (błąd %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Nie udało się uzyskać globalnej blokady serializacji dostępu ciężkiego pamięciowo." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Nie można odczytać priorytetu procesu." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Nie można odblokować pamięci." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Nie udało się otworzyć pliku klucza." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Nie można odczytać pliku klucza z terminala." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Nie udało się wykonać stat na pliku klucza." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Nie można przemieścić się do żądanego położenia pliku klucza." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Brak pamięci podczas odczytu hasła." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Błąd podczas odczytu hasła." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Na wejściu nie ma nic do odczytu." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Funkcja nie jest dostępna w trybie FIPS.\n" +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Przekroczono maksymalny rozmiar pliku klucza." -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Bufor klucza wolumenu zbyt mały.\n" +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Nie można odczytać żądanej ilości danych." -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "Nie można odtworzyć klucza wolumenu dla zwykłego urządzenia.\n" +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "Urządzenie %s nie istnieje lub dostęp jest zabroniony." + +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Urządzenie %s nie jest zgodne." -#: lib/setup.c:2310 +#: lib/utils_device.c:642 #, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Ta operacja nie jest obsługiwana dla urządzenia szyfrującego %s.\n" +msgid "Device %s is too small. Need at least % bytes." +msgstr "Urządzenie %s jest zbyt małe. Wymagane przynajmniej % bajtów." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "Operacja zrzutu nie jest obsługiwana dla tego rodzaju urządzenia.\n" +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Nie można użyć urządzenia %s, które jest w użyciu (już podmapowane lub zamontowane)." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Nie można odczytać priorytetu procesu.\n" +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Nie można użyć urządzenia %s, brak uprawnień." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Nie można odblokować pamięci.\n" +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Nie można uzyskać informacji o urządzeniu %s." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Brak pamięci podczas odczytu hasła.\n" +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Nie można użyć urządzenia loopback w czasie działania jako nie-root." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Błąd podczas odczytu hasła z terminala.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Nie udało się podłączyć urządzenia loopback (wymagane urządzenie loop z flagą autoclear)." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Weryfikacja hasła: " +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Żądany offset jest poza rzeczywistym rozmiarem urządzenia %s." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Hasła nie zgadzają się.\n" +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Urządzenie %s ma zerowy rozmiar." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Nie można użyć offsetu, jeśli wejściem jest terminal.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Żądany czas docelowy PBKDF nie może być zerowy." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "Nie udało się otworzyć pliku klucza.\n" +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Nieznany typ PBKDF %s." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "Nie udało się wykonać stat na pliku klucza.\n" +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Żądany skrót %s nie jest obsługiwany." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "Nie można przemieścić się do żądanego położenia pliku klucza.\n" +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Żądany typ PBKDF nie jest obsługiwany dla LUKS1." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Błąd podczas odczytu hasła.\n" +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Wartości maksymalnej pamięci lub liczby wątków PBKDF nie mogą być ustawione dla PBKDF2." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Przekroczono maksymalny rozmiar pliku klucza.\n" +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Wymuszona liczba iteracji jest zbyt mała dla %s (minimum to %u)." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "Nie można odczytać żądanej ilości danych.\n" +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Wymuszony koszt pamięciowy jest zbyt mały dla %s (minimum to %u kB)." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/utils_pbkdf.c:155 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Urządzenie %s nie istnieje lub dostęp jest zabroniony.\n" +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Żądany maksymalny koszt pamięciowy PBKDF jest zbyt duży (maksimum to %d kB)." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "Nie można użyć urządzenia loopback w czasie działania jako nie-root.\n" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Żądana maksymalna pamięć PBKDF nie może być zerowa." -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Nie znaleziono wolnego urządzenia loopback.\n" +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Żądana liczba wątków PBKDF nie może być zerowa." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" -"Nie udało się podłączyć urządzenia loopback (wymagane urządzenie loop z " -"flagą autoclear).\n" +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "W trybie FIPS obsługiwana jest tylko PBKDF2." -#: lib/utils_device.c:484 +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Test wydajności PBKDF jest wyłączony, ale nie ustawiono liczby iteracji." + +#: lib/utils_benchmark.c:191 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" -msgstr "" -"Nie można użyć urządzenia %s, które jest w użyciu (już podmapowane lub " -"zamontowane).\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Niekompatybilne opcje PBKDF2 (przy użyciu algorytmu skrótu %s)." -#: lib/utils_device.c:488 +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Niekompatybilne opcje PBKDF." + +#: lib/utils_device_locking.c:102 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Nie można uzyskać informacji o urządzeniu %s.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Blokowanie nie powiodło się. Ścieżka blokady %s/%s jest nieużywalna (brak lub nie jest katalogiem)." -#: lib/utils_device.c:494 +#: lib/utils_device_locking.c:109 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "Żądany offset jest poza rzeczywistym rozmiarem urządzenia %s.\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "UWAGA: brak katalogu blokad %s/%s!\n" -#: lib/utils_device.c:502 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Urządzenie %s ma zerowy rozmiar.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Blokowanie przerwane. Ścieżka blokady %s/%s jest nieużywalna (%s nie jest katalogiem)." + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Nie można przemieścić się we właściwe położenie urządzenia." -#: lib/utils_device.c:513 +#: lib/utils_wipe.c:208 #, c-format -msgid "Device %s is too small.\n" -msgstr "Urządzenie %s jest zbyt małe.\n" +msgid "Device wipe error, offset %." +msgstr "Błąd wymazywania urządzenia, offset %." -#: lib/luks1/keyencryption.c:37 +#: lib/luks1/keyencryption.c:39 #, c-format msgid "" "Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" "Nie udało się ustawić odwzorowania klucza dm-crypt dla urządzenia %s.\n" -"Proszę sprawdzić, czy jądro obsługuje szyfr %s (więcej informacji w " -"syslogu).\n" +"Proszę sprawdzić, czy jądro obsługuje szyfr %s (więcej informacji w syslogu)." -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "Rozmiar klucza w trybie XTS musi wynosić 256 lub 512 bitów.\n" +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Rozmiar klucza w trybie XTS musi wynosić 256 lub 512 bitów." -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Określenie szyfru powinno być w formacie [szyfr]-[tryb]-[iv]." + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 #, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Nie można zapisać na urządzenie %s, brak uprawnień.\n" +msgid "Cannot write to device %s, permission denied." +msgstr "Nie można zapisać na urządzenie %s, brak uprawnień." -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "" -"Nie udało się otworzyć urządzenia do tymczasowego przechowywania kluczy.\n" +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Nie udało się otworzyć urządzenia do tymczasowego przechowywania kluczy." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "" -"Nie udało się uzyskać dostępu do urządzenia do tymczasowego przechowywania " -"kluczy.\n" +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Nie udało się uzyskać dostępu do urządzenia do tymczasowego przechowywania kluczy." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Błąd we/wy podczas szyfrowania klucza." -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "Błąd we/wy podczas szyfrowania klucza.\n" +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Nie można otworzyć urządzenia %s." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "Błąd we/wy podczas odszyfrowywania klucza.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Błąd we/wy podczas odszyfrowywania klucza." -#: lib/luks1/keymanage.c:90 +#: lib/luks1/keymanage.c:110 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "" -"Urządzenie %s jest zbyt małe (LUKS wymaga przynajmniej % bajtów).\n" +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Urządzenie %s jest zbyt małe (LUKS1 wymaga przynajmniej % bajtów)." + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "Numer klucza LUKS %u jest nieprawidłowy." -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "Urządzenie %s nie jest prawidłowym urządzeniem LUKS.\n" +msgid "Device %s is not a valid LUKS device." +msgstr "Urządzenie %s nie jest prawidłowym urządzeniem LUKS." -#: lib/luks1/keymanage.c:198 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Żądany plik kopii zapasowej nagłówka %s już istnieje.\n" +msgid "Requested header backup file %s already exists." +msgstr "Żądany plik kopii zapasowej nagłówka %s już istnieje." -#: lib/luks1/keymanage.c:200 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Nie można utworzyć pliku kopii zapasowej nagłówka %s.\n" +msgid "Cannot create header backup file %s." +msgstr "Nie można utworzyć pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:205 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Nie można zapisać pliku kopii zapasowej nagłówka %s.\n" +msgid "Cannot write header backup file %s." +msgstr "Nie można zapisać pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Plik kopii zapasowej nie zawiera prawidłowego nagłówka LUKS.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Plik kopii zapasowej nie zawiera prawidłowego nagłówka LUKS." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Nie można otworzyć pliku kopii zapasowej nagłówka %s.\n" +msgid "Cannot open header backup file %s." +msgstr "Nie można otworzyć pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:258 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Nie można odczytać pliku kopii zapasowej nagłówka %s.\n" +msgid "Cannot read header backup file %s." +msgstr "Nie można odczytać pliku kopii zapasowej nagłówka %s." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Offset danych lub rozmiar klucza różnią się między urządzeniem a kopią " -"zapasową; przywrócenie nie powiodło się.\n" +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Offset danych lub rozmiar klucza różnią się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się." -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Urządzenie %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"nie zawiera nagłówka LUKS. Nadpisanie nagłówka może zniszczyć dane na tym " -"urządzeniu." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "nie zawiera nagłówka LUKS. Nadpisanie nagłówka może zniszczyć dane na tym urządzeniu." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"już zawiera nagłówek LUKS. Nadpisanie nagłówka zniszczy istniejące klucze." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "już zawiera nagłówek LUKS. Nadpisanie nagłówka zniszczy istniejące klucze." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -538,568 +865,1461 @@ msgstr "" "\n" "UWAGA: nagłówek prawdziwego urządzenia ma inny UUID niż kopia zapasowa!" -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Nie można otworzyć urządzenia %s.\n" - -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "Niestandardowy rozmiar klucza, wymagana ręczna naprawa.\n" - -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "Niestandardowe wyrównanie kluczy, wymagana ręczna naprawa.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Niestandardowy rozmiar klucza, wymagana ręczna naprawa." -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Naprawianie kluczy.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Niestandardowe wyrównanie kluczy, wymagana ręczna naprawa." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Naprawa nie powiodła się." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Naprawianie kluczy." -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Klucz %i: naprawiono offset (%u -> %u).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Klucz %i: naprawiono offset (%u -> %u)." -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Klucz %i: naprawiono pasy (%u -> %u).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Klucz %i: naprawiono pasy (%u -> %u)." -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Klucz %i: błędna sygnatura partycji.\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Klucz %i: błędna sygnatura partycji." -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Klucz %i: zarodek wyczyszczony.\n" +msgid "Keyslot %i: salt wiped." +msgstr "Klucz %i: zarodek wymazany." -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "Zapis nagłówka LUKS na dysk.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Zapis nagłówka LUKS na dysk." -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Nieobsługiwana wersja LUKS %d.\n" - -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "Żądany skrót LUKS %s nie jest obsługiwany.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Naprawa nie powiodła się." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "Numer klucza LUKS %u jest nieprawidłowy.\n" - -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "W nagłówku LUKS nie wykryto żadnych znanych problemów.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "Żądany skrót LUKS %s nie jest obsługiwany." -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Błąd podczas uaktualniania nagłówka LUKS na urządzeniu %s.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "W nagłówku LUKS nie wykryto żadnych znanych problemów." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Błęd podczas ponownego odczytu nagłówka LUKS po uaktualnieniu na urządzeniu " -"%s.\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Błąd podczas uaktualniania nagłówka LUKS na urządzeniu %s." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keymanage.c:668 #, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"Offset danych dla osobnego nagłówka LUKS musi wynosić 0 lub więcej niż " -"rozmiar nagłówka (sektorów: %d).\n" +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Błęd podczas ponownego odczytu nagłówka LUKS po uaktualnieniu na urządzeniu %s." -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Podano zły format LUKS UUID.\n" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Offset danych dla nagłówka LUKS musi wynosić 0 lub więcej niż rozmiar nagłówka." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "" -"Nie można utworzyć nagłówka LUKS: odczyt losowego zarodka nie powiódł się.\n" +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Podano zły format LUKS UUID." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Niekompatybilne opcje PBKDF2 (przy użyciu algorytmu skrótu %s).\n" +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Nie można utworzyć nagłówka LUKS: odczyt losowego zarodka nie powiódł się." -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Nie można utworzyć nagłówka LUKS: uzyskanie skrótu nagłówka nie powiodło się " -"(przy użyciu algorytmu %s).\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Nie można utworzyć nagłówka LUKS: uzyskanie skrótu nagłówka nie powiodło się (przy użyciu algorytmu %s)." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "Klucz numer %d jest aktywny, należy go najpierw wyczyścić.\n" +msgid "Key slot %d active, purge first." +msgstr "Klucz numer %d jest aktywny, należy go najpierw wyczyścić." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "Klucz %d zawiera zbyt mało pasów. Zmieniony nagłówek?\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Klucz %d zawiera zbyt mało pasów. Zmieniony nagłówek?" -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:990 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Klucz numer %d odblokowany.\n" - -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Dla tego hasła nie ma dostępnego klucza.\n" +msgid "Cannot open keyslot (using hash %s)." +msgstr "Nie można otworzyć klucza (przy użyciu skrótu %s)." -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "Numer klucza %d jest błędny, proszę wybrać numer od 0 do %d.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Numer klucza %d jest błędny, proszę wybrać numer od 0 do %d." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Nie można wyczyścić urządzenia %s.\n" +msgid "Cannot wipe device %s." +msgstr "Nie można wymazać urządzenia %s." #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "Wykryto jeszcze nie obsługiwany plik klucza szyfrowany GPG.\n" +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Wykryto jeszcze nie obsługiwany plik klucza szyfrowany GPG." #: lib/loopaes/loopaes.c:147 msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" msgstr "Proszę użyć gpg --decrypt | cryptsetup --keyfile=- ...\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Wykryto niekompatybilny plik klucza loop-AES.\n" +msgid "Incompatible loop-AES keyfile detected." +msgstr "Wykryto niekompatybilny plik klucza loop-AES." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "Jądro nie obsługuje odwzorowań zgodnych z loop-AES.\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Jądro nie obsługuje odwzorowań zgodnych z loop-AES." -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Błąd odczytu pliku klucza %s.\n" +msgid "Error reading keyfile %s." +msgstr "Błąd odczytu pliku klucza %s." -#: lib/tcrypt/tcrypt.c:513 +#: lib/tcrypt/tcrypt.c:554 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "Przekroczono maksymalną długość hasła TCRYPT (%d).\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Przekroczono maksymalną długość hasła TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "Algorytm skrótu PBKDF2 %s nie jest dostępny, pominięto.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "Algorytm skrótu PBKDF2 %s nie jest dostępny, pominięto." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "Wymagany interfejs kryptograficzny jądra nie jest dostępny.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Wymagany interfejs kryptograficzny jądra nie jest dostępny." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "Proszę upewnić się, że moduł jądra algif_skcipher został załadowany.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Proszę upewnić się, że moduł jądra algif_skcipher został załadowany." -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "Aktywacja nie jest obsługiwana dla rozmiaru sektora %d.\n" +msgid "Activation is not supported for %d sector size." +msgstr "Uaktywnianie nie jest obsługiwane dla rozmiaru sektora %d." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "Jądro nie obsługuje aktywacji dla tego starego trybu TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Jądro nie obsługuje uaktywniania dla tego starego trybu TCRYPT." -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "Włączanie szyfrowania systemu TCRYPT dla partycji %s.\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Włączanie szyfrowania systemu TCRYPT dla partycji %s." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "Jądro nie obsługuje odwzorowań zgodnych z TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Jądro nie obsługuje odwzorowań zgodnych z TCRYPT." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Ta funkcja nie jest obsługiwana bez załadowanego nagłówka TCRYPT." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Przy analizie obsługiwanego Głównego Klucza Wolumenu napotkano nieoczekiwany wpis metadanych typu '%u'." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Przy analizie Głównego Klucza Wolumenu napotkano błędny ciąg znaków." + +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "Urządzenie Verity %s nie używa nagłówka na dysku.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Przy analizie obsługiwanego Głównego Klucza Wolumenu napotkano nieoczekiwany ciąg znaków ('%s')." -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:399 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Urządzenie %s nie jest prawidłowym urządzeniem VERITY.\n" +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "Przy analizie obsługiwanego Głównego Klucza Wolumenu napotkano nieoczekiwaną wartość wpisu metadanych '%u'." -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:479 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "Nieobsługiwana wersja VERITY %d.\n" +msgid "Failed to read BITLK signature from %s." +msgstr "Nie udało się odczytać sygnatury BITLK z %s." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "BITLK w wersji 1 nie jest obecnie obsługiwany." -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "Uszkodzony nagłówek VERITY.\n" +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Błędna lub nieznana sygnatura rozruchowa urządzenia BITLK." -#: lib/verity/verity.c:166 +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Błędna lub nieznana sygnatura urządzenia BITLK." + +#: lib/bitlk/bitlk.c:510 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "Podano zły format UUID-a VERITY na urządzeniu %s.\n" +msgid "Unsupported sector size %." +msgstr "Nieobsługiwany rozmiar sektora %." -#: lib/verity/verity.c:196 +#: lib/bitlk/bitlk.c:518 #, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Błąd podczas uaktualniania nagłówka VERITY na urządzeniu %s.\n" +msgid "Failed to read BITLK header from %s." +msgstr "Nie udało się odczytać nagłówka BITLK z %s." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "Jądro nie obsługuje odwzorowań dm-verity.\n" +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Nie udało się odczytać metadanych BITLK FVE z %s." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "Urządzenie VERITY wykryło uszkodzenie po uaktywnieniu.\n" +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Nieznany lub nieobsługiwany rodzaj szyfrowania." -#: lib/verity/verity_hash.c:59 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "Nie wyzerowane miejsce zapasowe na pozycji %.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Nie udało się odczytać wpisów metadanych BITLK z %s." -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Przepełnienie offsetu urządzenia.\n" +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Ta operacja nie jest obsługiwana." -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" -msgstr "Weryfikacja nie powiodła się na pozycji %.\n" +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Błędny rozmiar klucza." -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Błędne parametry rozmiaru dla urządzenia VERITY.\n" +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "To urządzenie BITLK jest w nieobsługiwanym stanie i może być uaktywnione." -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Za dużo poziomów drzewa dla wolumenu VERITY.\n" +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "Urządzenia BITLK o typie '%s' nie mogą być uaktywnione." -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "Weryfikacja obszaru danych nie powiodła się.\n" +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Uaktywnianie częściowo odszyfrowanych urządzeń BITLK nie jest obsługiwane." -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "Weryfikacja głównego hasza nie powiodła się.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Nie można uaktywnić urządzenia, brak obsługi BITLK IV w module dm-crypt jądra." -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "Błąd wejścia/wyjścia podczas tworzenia obszaru haszy.\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Nie można uaktywnić urządzenia, brak obsługi dyfuzora BITLK Elephant w module dm-crypt jądra." -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "Tworzenie obszaru haszy nie powiodło się.\n" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Urządzenie Verity %s nie używa nagłówka na dysku." -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity.c:90 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" -"UWAGA: Jądro nie może uaktywnić urządzenia, jeśli rozmiar bloku danych " -"przekracza rozmiar strony (%u).\n" +msgid "Device %s is not a valid VERITY device." +msgstr "Urządzenie %s nie jest prawidłowym urządzeniem VERITY." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "" -"Nie można wykonać weryfikacji hasła, jeśli wejściem nie jest terminal.\n" +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Nieobsługiwana wersja VERITY %d." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Nie wykryto znanego wzorca określającego szyfr.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Uszkodzony nagłówek VERITY." -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" -msgstr "" -"UWAGA: Parametr --hash jest ignorowany w trybie zwykłym z podanym plikiem " -"klucza.\n" +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Podano zły format UUID-a VERITY na urządzeniu %s." -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" -msgstr "" -"UWAGA: Opcja --keyfile-size jest ignorowana, rozmiar odczytu jest taki sam, " -"jak rozmiar klucza szyfrującego.\n" +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Błąd podczas uaktualniania nagłówka VERITY na urządzeniu %s." -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Wymagana jest opcja --key-file.\n" +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "Weryfikacja podpisu hasza głównego nie jest obsługiwana." -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Nie wykryto nagłówka urządzenia z tym hasłem.\n" +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Błędów nie można naprawić z urządzeniem FEC." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." -msgstr "" -"Zrzut nagłówka z kluczem wolumenu jest informacją wrażliwą,\n" -"pozwalającą na dostęp do zaszyfrowanej partycji bez hasła.\n" -"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" -"w bezpiecznym miejscu." +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Znaleziono %u błędów możliwych do naprawienia z urządzeniem FEC." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Wynik testu wydajności nie jest wiarygodny.\n" +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "Jądro nie obsługuje odwzorowań dm-verity." -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "# Testy są przybliżone tylko z użyciem pamięci (bez we/wy na dysk).\n" +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "Jądro nie obsługuje opcji podpisu dm-verity." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Urządzenie VERITY wykryło uszkodzenie po uaktywnieniu." -#: src/cryptsetup.c:587 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Szyfr %s nie jest dostępny.\n" +msgid "Spare area is not zeroed at position %." +msgstr "Nie wyzerowane miejsce zapasowe na pozycji %." -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "N/D" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Przepełnienie offsetu urządzenia." -#: src/cryptsetup.c:639 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Nie można odczytać pliku klucza %s.\n" +msgid "Verification failed at position %." +msgstr "Weryfikacja nie powiodła się na pozycji %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Błędne parametry rozmiaru dla urządzenia VERITY." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Przepełnienie obszaru skrótu." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Weryfikacja obszaru danych nie powiodła się." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Weryfikacja głównego hasza nie powiodła się." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Błąd wejścia/wyjścia podczas tworzenia obszaru haszy." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Tworzenie obszaru haszy nie powiodło się." -#: src/cryptsetup.c:643 +#: lib/verity/verity_hash.c:433 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Nie można odczytać %d bajtów z pliku klucza %s.\n" +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "UWAGA: Jądro nie może uaktywnić urządzenia, jeśli rozmiar bloku danych przekracza rozmiar strony (%u)." -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Naprawdę próbować naprawić nagłówek urządzenia LUKS?" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Nie udało się przydzielić kontekstu RS." -#: src/cryptsetup.c:697 +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Nie udało się przydzielić bufora." + +#: lib/verity/verity_fec.c:156 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "To nieodwołalnie nadpisze dane na %s." +msgid "Failed to read RS block % byte %d." +msgstr "Nie udało się odczytać bloku RS % bajt %d." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "błąd przydzielania pamięci w action_luksFormat" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Nie udało się odczytać parzystości dla bloku RS %." -#: src/cryptsetup.c:717 +#: lib/verity/verity_fec.c:177 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Nie można użyć %s jako nagłówka na dysku.\n" +msgid "Failed to repair parity for block %." +msgstr "Nie udało się naprawić parzystości dla bloku %." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" -"Offset zmniejszonych danych jest dozwolony tylko dla osobnego nagłówka " -"LUKS.\n" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Nie udało się zapisać parzystości dla bloku RS %." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Dla FEC rozmiary bloków muszą się zgadzać." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Błędna liczba bajtów parzystości." + +#: lib/verity/verity_fec.c:265 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "klucz %d wybrany do usunięcia.\n" +msgid "Failed to determine size for device %s." +msgstr "Nie udało się określić rozmiaru urządzenia %s." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Jądro nie obsługuje odwzorowań dm-integrity." + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Jądro nie obsługuje stałego wyrównania metadanych dm-integrity." -#: src/cryptsetup.c:884 +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Klucz %d nie jest aktywny. Nie można wyczyścić.\n" +msgid "Failed to acquire write lock on device %s." +msgstr "Nie udało się uzyskać blokady dla zapisu na urządzeniu %s." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Wykryto próbę jednoczesnego uaktualnienia metadanych LUKS2. Przerywanie operacji." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." msgstr "" -"To jest ostatni klucz. Urządzenie stanie się bezużyteczne po usunięciu tego " -"klucza." - -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Dowolne pozostałe hasło: " +"Urządzenie zawiera niejednoznaczne sygnatury, nie można automatycznie odtworzyć LUKS2.\n" +"W celu odtworzenia należy uruchomić \"cryptsetup repair\"." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Hasło do usunięcia: " +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Żądany offset danych jest zbyt mały." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Dowolne istniejące hasło: " +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "UWAGA: obszar kluczy (% bajtów) bardzo mały, dostępna liczba kluczy LUKS2 jest bardzo ograniczona.\n" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Hasło, które ma być zmienione: " +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Nie udało się uzyskać blokady do odczytu na urządzeniu %s." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Nowe hasło: " +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Wykryto zabronione wymagania LUKS2 w kopii zapasowej %s." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "" -"Dla operacji isLuks obsługiwany jest tylko jeden argument będący " -"urządzeniem.\n" +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Offset danych różni się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Wymagana jest opcja --header-backup-file.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Nagłówek binarny z rozmiarem obszarów kluczy różni się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się." -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:1221 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Nie rozpoznany typ urządzenia metadanych %s.\n" +msgid "Device %s %s%s%s%s" +msgstr "Urządzenie %s %s%s%s%s" -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" -msgstr "Polecenie wymaga urządzenia i nazwy odwzorowywanej jako argumentów.\n" +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "nie zawiera nagłówka LUKS2. Nadpisanie nagłówka może zniszczyć dane na tym urządzeniu." -#: src/cryptsetup.c:1326 -#, c-format +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "już zawiera nagłówek LUKS2. Nadpisanie nagłówka zniszczy istniejące klucze." + +#: lib/luks2/luks2_json_metadata.c:1225 msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"Ta operacja usunię wszystkie klucze na urządzeniu %s.\n" -"Urządzenie po tej operacji stanie się bezużyteczne." +"\n" +"UWAGA: wykryto nieznane wymagania LUKS2 w nagłówku prawdziwego urządzenia!\n" +"Nadpisanie nagłówka kopią zapasową może uszkodzić dane na tym urządzeniu!" -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"UWAGA: wykryto nie zakończone ponowne szyfrowanie offline na urządzeniu!\n" +"Nadpisanie nagłówka kopią zapasową może uszkodzić dane." -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "otwarcie urządzenia jako odwzorowania " +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Zignorowano nieznaną flagę %s." -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Brak klucza dla segmentu dm-crypt %u" -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "zamknięcie urządzenia (usunięcie odwzorowania)" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Nie udało się ustawić segmentu dm-crypt." -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "zmiana rozmiaru aktywnego urządzenia" +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Nie udało się ustawić segmentu dm-linear." -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "pokazanie stanu urządzenia" +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Nieobsługiwana konfiguracja integralności urządzenia." -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "test szybkości szyfru" +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Podobne szyfrowanie trwa. Nie można dezaktywować urządzenia." -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Nie udało się zastąpić wstrzymanego urządzenia %s celem dm-error." -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "próba naprawy metadanych na dysku" +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Nie udało się odczytać wymagań LUKS2." -#: src/cryptsetup.c:1366 -msgid "erase all keyslots (remove encryption key)" -msgstr "usunięcie wszystkich kluczy (usunięcie klucza szyfrującego)" +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Wykryto nie spełnione wymagania LUKS2." -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Operacja niezgodna z urządzeniem oznaczonym do ponownego szyfrowania starym szyfrem. Przerwano." -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "sformatowanie urządzenia LUKS" +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Operacja niezgodna z urządzeniem oznaczonym do ponownego szyfrowania LUKS2. Przerwano." -#: src/cryptsetup.c:1368 +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Za mało dostępnej pamięci, aby otworzyć klucz." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Nie udało się otworzyć klucza." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Nie można użyć szyfru %s-%s do szyfrowania kluczy." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Brak miejsca na nowy klucz." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Nie można sprawdzić stanu urządzenia mającego UUID: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Nie można przekonwertować nagłówka z dodatkowymi metadanymi LUKSMETA." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Nie można przenieść obszaru kluczy. Brak miejsca." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Nie można przenieść obszaru kluczy. Obszar kluczy LUKS2 zbyt mały." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Nie można przenieść obszaru kluczy." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Nie można przekonwertować do formatu LUKS1 - domyślny rozmiar sektora szyfrowania segmentu nie wynosi 512 bajtów." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Nie można przekonwertować formatu LUKS1 - skróty kluczy nie są zgodne z LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Nie można przekonwertować formatu LUKS1 - urządzenie używa szyfru %s z obudowanym kluczem." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Nie można przekonwertować do formatu LUKS1 - nagłówek LUKS2 zawiera %u token(ów)." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u jest w błędnym stanie." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u (powyzej maksimum) jest nadal aktywny." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u nie jest zgodny z LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Rozmiar strefy hotzone musi być wielokrotnością wyliczonego wyrównania strefy (bajtów: %zu)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Rozmiar urządzenia musi być wielokrotnością wyliczonego wyrównania strefy (bajtów: %zu)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Nieobsługiwany tryb odporności %s" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Nie udało się zainicjować obudowania przestrzeni starego segmentu." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Nie udało się zainicjować obudowania przestrzeni nowego segmentu." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Nie udało się odczytać sum kontrolnych dla aktualnej strefy hotzone." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Nie udało się odczytać obszaru hotzone zaczynającego się od %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Nie udało się odszyfrować sektora %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Nie udało się odtworzyć sektora %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Rozmiary urządzenia źródłowego i docelowego różnią się. Źródłowe %, docelowe: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Nie udało się uaktywnić urządzenia hotzone %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Nie udało się uaktywnić urządzenia nakładkowego %s z aktualną tablicą źródła." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Nie udało się załadować nowego odwzorowania dla urządzenia %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Nie udało się odświeżyć stosu urządzenia ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Nie udało się ustawić nowego rozmiaru obszaru kluczy." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Przesunięcie danych nie jest wyrównane do żądanego rozmiaru sektora szyfrowania (bajtów: %)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Urzędzenie danych nie jest wyrównane do żądanego rozmiaru sektora szyfrowania (bajtów: %)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Przesunięcie danych (sektorów: %) jest mniejsze niż przyszły offset danych (sektorów: %)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Nie udało się otworzyć %s w trybie wyłączności (już odwzorowano lub zamontowano)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Urządzenie nie jest oznaczone do ponownego szyfrowania LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Nie udało się załadować kontekstu ponownego szyfrowania LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Nie udało się pobrać stanu ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Urządzenie nie jest w trakcie ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Proces ponownego szyfrowania już trwa." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Nie udało się uzyskać blokady dla ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Nie można kontynuować ponownego szyfrowania. Należy najpierw uruchomić odtworzenie ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "Rozmiar urządzenia aktywnego oraz żądany rozmiar ponownego szyfrowania różnią się." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "W parametrach ponownego szyfrowania zażądano niedozwolonego rozmiaru urządzenia." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Ponowne szyfrowanie trwa. Nie można wykonać odzyskiwania." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane w metadanych." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Nie udało się zainicjować ponownego szyfrowania LUKS2 w metadanych." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Nie udało się ustawić segmentów urządzeń dla następnej strefy hotzone ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Nie udało się zapisać metadanych odporności ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Odszyfrowanie nie powiodło się." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Nie udało się zapisać obszaru hotzone zaczynającego się od %." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Nie udało się zsynchronizować danych." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Nie udało się uaktualnić metadanych po zakończeniu aktualnej strefy hotzone ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Nie udało się zapisać metadanych LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Nie udało wymazać danych segmentu zapasowego." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Nie udało się wyłączyć flagi wymagania ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Błąd krytyczny podczas ponownego szyfrowania fragmentu zaczynającego się od % o długości w sektorach %." + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Proszę nie wznawiać urządzenia dopóki nie zostanie zastąpione celem błędnym ręcznie." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Nie można kontynuować ponownego szyfrowania. Nieoczekiwany stan ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Brak lub błędny kontekst ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Nie udało się zainicjować stosu urządzenia ponownego szyfrowania." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Nie udało się uaktualnić kontekstu ponownego szyfrowania." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Brak wolnego miejsca na token." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Nie udało się utworzyć wbudowanego tokenu %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Nie można wykonać weryfikacji hasła, jeśli wejściem nie jest terminal." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Parametry szyfrowania kluczy mogą być ustawione tylko dla urządzeń LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Nie wykryto znanego wzorca określającego szyfr." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "UWAGA: Parametr --hash jest ignorowany w trybie zwykłym z podanym plikiem klucza.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "UWAGA: Opcja --keyfile-size jest ignorowana, rozmiar odczytu jest taki sam, jak rozmiar klucza szyfrującego.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Wykryto sygnatury urządzeń na %s. Dalsze operacje mogą uszkodzić istniejące dane." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Operacja przerwana.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Wymagana jest opcja --key-file." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Proszę wprowadzić PIM VeraCrypt: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Błędna wartość PIM: błąd składni." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Błędna wartość PIM: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Błędna wartość PIM: poza zakresem." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Nie wykryto nagłówka urządzenia z tym hasłem." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Urządzenie %s nie jest prawidłowym urządzeniem BITLK." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Zrzut nagłówka z kluczem wolumenu jest informacją wrażliwą,\n" +"pozwalającą na dostęp do zaszyfrowanej partycji bez hasła.\n" +"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" +"w bezpiecznym miejscu." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Urządzenie %s jest nadal aktywne i zaplanowane do odroczonego usunięcia.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Zmiana rozmiaru aktywnego urządzenia wymaga klucza wolumenu w pęku, ale ustawiono opcję --disable-keyring." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Test szybkości przerwany." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s N/D\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iteracji/sekundę dla klucza %zu-bitowego\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s N/D\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iteracji, pamięć: %5u, równoległe wątki (CPU): %1u dla klucza %zu-bitowego (żądany czas %u ms)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Wynik testu wydajności nie jest wiarygodny." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Testy są przybliżone tylko z użyciem pamięci (bez we/wy na dysk).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Szyfr %s (rozmiar klucza w bitach: %i) nie jest dostępny." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/D" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Wygląda na to, że urządzenie nie wymaga odtwarzania ponownego szyfrowania.\n" +"Czy mimo to kontynuować?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Naprawdę kontynuować odtwarzanie ponownego szyfrowania LUKS2?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Hasło do odtwarzania ponownego szyfrowania: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Naprawdę próbować naprawić nagłówek urządzenia LUKS?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Czyszczenie urządzenia w celu zainicjowania sumy kontrolnej integralności.\n" +"Można przerwać ten proces wciskając Ctrl+C (reszta nie wymazanego urządzenia będzie zawierać błędną sumę kontrolną).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Nie można dezaktywować urządzenia tymczasowego %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Opcja integralności może być używana tylko dla formatu LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Nieobsługiwane opcje rozmiaru metadanych LUKS2." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Nie można utworzyć pliku nagłówka %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Nie wykryto znanego wzorca określającego integralność." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Nie można użyć %s jako nagłówka na dysku." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "To nieodwołalnie nadpisze dane na %s." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Nie udało się ustawić parametrów PBKDF." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Offset zmniejszonych danych jest dozwolony tylko dla osobnego nagłówka LUKS." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Nie można określić rozmiaru klucza wolumenu dla LUKS bez kluczy, proszę użyć opcji --key-size." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Urządzenie uaktywnione, ale nie można uczynić flag trwałymi." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Klucz %d jest wybrany do usunięcia." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "To jest ostatni klucz. Urządzenie stanie się bezużyteczne po usunięciu tego klucza." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Dowolne pozostałe hasło: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Operacja przerwana, klucz NIE został wymazany.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Hasło do usunięcia: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Nowe hasło dla klucza: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Dowolne istniejące hasło: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Hasło, które ma być zmienione: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Nowe hasło: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Hasło dla klucza do konwersji: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Dla operacji isLuks obsługiwany jest tylko jeden argument będący urządzeniem." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Zrzut nagłówka z kluczem wolumenu jest informacją wrażliwą,\n" +"pozwalającą na dostęp do zaszyfrowanej partycji bez hasła.\n" +"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" +"w bezpiecznym miejscu." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Miejsce %d nie zawiera niepowiązanego klucza." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Zrzut nagłówka z niepowiązanym kluczem jest informacją wrażliwą.\n" +"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n" +"w bezpiecznym miejscu." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Wymagana jest opcja --header-backup-file." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s nie jest urządzeniem zarządzanym przez cryptsetup." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Odświeżanie nie jest obsługiwane dla typu urządzenia %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Nie rozpoznany typ urządzenia metadanych %s." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Polecenie wymaga urządzenia i nazwy odwzorowywanej jako argumentów." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Ta operacja usunię wszystkie klucze na urządzeniu %s.\n" +"Urządzenie po tej operacji stanie się bezużyteczne." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Operacja przerwana, klucze NIE zostały wymazane.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Błędny typ LUKS, obsługiwane są tylko luks1 i luks2." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Urządzenie już ma typ %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Ta operacja przekonwertuje %s do formatu %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Operacja przerwana, urządzenie NIE zostało skonwertowane.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Brak opcji --priority, --label lub --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Token %d jest błędny." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Token %d jest w użyciu." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Nie udało się dodać tokenu %d do pęku kluczy luks2." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Nie udało się przypisać tokenu %d do klucza %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Token %d nie jest w użyciu." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Nie udało się zaimportować tokenu z pliku." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Nie udało się pobrać tokenu %d do eksportu." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Parametr --key-description jest wymagany do akcji dodania tokenu." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Akcja wymaga określonego tokenu. Należy użyć parametru --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Błędna operacja na tokenie %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Wykryto aktywne urządzenie dm '%s' dla urządzenia danych %s.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Urządzenie %s nie jest urządzeniem blokowym.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Nie udało się wykryć właścicieli urządzenia %s." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Nie udało się zdecydować, czy urządzenie %s jest uaktywnione, czy nie.\n" +"Czy na pewno kontynuować ponowne szyfrowanie w trybie offline?\n" +"Może to prowadzić do uszkodzenia danych, jeśli urządzenie jest aktywne.\n" +"Aby uruchomić ponowne szyfrowanie w trybie online, należy użyć parametru\n" +"--active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Błędny typ urządzenia LUKS." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Szyfrowanie bez odłączonego nagłówka (--header) jest niemożliwe bez ograniczenia rozmiaru urządzenia danych (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Żądany offset danych musi być mniejszy lub równy połowie parametru --reduce-device-size." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Modyfikowanie wartości --reduce-device-size do dwukrotności parametru --offset % (w sektorach).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Szyfrowanie jest obsługiwane tylko w formacie LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "Wykrytu urządzenie LUKS na %s. Czy zaszyfrować to urządzenie LUKS jeszcze raz?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Plik nagłówka %s już istnieje. Przerwano." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Nie można utworzyć pliku tymczasowego nagłówka %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s jest teraz aktywne i gotowe do szyfrowania w locie.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Za mało wolnych kluczy do ponownego szyfrowania." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Rozmiaru klucza można użyć tylko z --key-slot albo przy dokładnie jednym aktywnym kluczu." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Hasło dla klucza %d: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Hasło dla klucza %u: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Polecenie wymaga urządzenia jako argumentu." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "Obecnie obsługiwany jest tylko format LUKS2. Dla LUKS1 proszę użyć narzędzia cryptsetup-reencrypt." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Tradycyjne ponowne szyfrowanie offline juz trwa. Proszę użyć narzędzia cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Ponowne szyfrowanie urządzenia z profilem integralności nie jest obsługiwane." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane. Przerywanie operacji." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "Urządzenie LUKS2 nie jest w trakcie ponownego szyfrowania." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "otwarcie urządzenia jako " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "zamknięcie urządzenia (usunięcie odwzorowania)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "zmiana rozmiaru aktywnego urządzenia" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "pokazanie stanu urządzenia" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "test szybkości szyfru" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "próba naprawy metadanych na dysku" + +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "ponowne szyfrowanie urządzenia LUKS2" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "usunięcie wszystkich kluczy (usunięcie klucza szyfrującego)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "przekonwertowanie formatu LUKS z/do LUKS2" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "ustawienie opcji trwałej konfiguracji dla LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "sformatowanie urządzenia LUKS" + +#: src/cryptsetup.c:3357 msgid "add key to LUKS device" msgstr "dodanie klucza do urządzenia LUKS" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 msgid " []" msgstr " []" -#: src/cryptsetup.c:1369 +#: src/cryptsetup.c:3358 msgid "removes supplied key or key file from LUKS device" msgstr "usunięcie podanego klucza lub pliku klucza z urządzenia LUKS" -#: src/cryptsetup.c:1370 +#: src/cryptsetup.c:3359 msgid "changes supplied key or key file of LUKS device" msgstr "zmiana podanego klucza lub pliku klucza urządzenia LUKS" -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "konwersja klucza na nowe parametry pbkdf" + +#: src/cryptsetup.c:3361 msgid " " msgstr " " -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3361 msgid "wipes key with number from LUKS device" -msgstr "wyczyszczenie klucza o numerze z urządzenia LUKS" +msgstr "wymazanie klucza o numerze z urządzenia LUKS" -#: src/cryptsetup.c:1372 +#: src/cryptsetup.c:3362 msgid "print UUID of LUKS device" msgstr "wypisanie UUID-a urządzenia LUKS" -#: src/cryptsetup.c:1373 +#: src/cryptsetup.c:3363 msgid "tests for LUKS partition header" msgstr "sprawdzenie pod kątem nagłówka partycji LUKS" -#: src/cryptsetup.c:1374 +#: src/cryptsetup.c:3364 msgid "dump LUKS partition information" msgstr "zrzut informacji o partycji LUKS" -#: src/cryptsetup.c:1375 +#: src/cryptsetup.c:3365 msgid "dump TCRYPT device information" msgstr "zrzut informacji o urządzeniu TCRYPT" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"Wstrzymanie urządzenia LUKS i wyczyszczenie klucza (zamraża wszystkie " -"operacje we/wy)." +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "zrzut informacji o urządzeniu BITLK" -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Wznowienie zatrzymanego urządzenia LUKS." +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Wstrzymanie urządzenia LUKS i wymazanie klucza (zamraża wszystkie operacje we/wy)" -#: src/cryptsetup.c:1378 +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Wznowienie zatrzymanego urządzenia LUKS" + +#: src/cryptsetup.c:3369 msgid "Backup LUKS device header and keyslots" msgstr "Kopia zapasowa nagłówka i kluczy urządzenia LUKS" -#: src/cryptsetup.c:1379 +#: src/cryptsetup.c:3370 msgid "Restore LUKS device header and keyslots" msgstr "Odtworzenie nagłówka i kluczy urządzenia LUKS z kopii zapasowej" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Operacja na tokenach LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 msgid "" "\n" " is one of:\n" @@ -1107,19 +2327,19 @@ msgstr "" "\n" " to jedno z:\n" -#: src/cryptsetup.c:1402 +#: src/cryptsetup.c:3395 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" msgstr "" "\n" "Można także używać starych aliasów składni :\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:3399 #, c-format msgid "" "\n" @@ -1134,399 +2354,746 @@ msgstr "" " to numer klucza LUKS do zmiany\n" " to opcjonalny plik nowego klucza dla akcji luksAddKey\n" -#: src/cryptsetup.c:1413 +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Domyślny wkompilowany format metadanych to %s (dla akcji luksFormat).\n" + +#: src/cryptsetup.c:3411 #, c-format msgid "" "\n" "Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" "\n" "Domyślne wkompilowane parametry kluczy i haseł:\n" -"\tMaksymalny rozmiar pliku klucza: %dkB, maksymalna długość hasła " -"interaktywnego %d (znaków)\n" -"Domyślny czas iteracji PBKDF2 dla LUKS: %d (ms)\n" +"\tMaksymalny rozmiar pliku klucza: %dkB, maksymalna długość hasła interaktywnego %d (znaków)\n" +"Domyślny PBKDF dla LUKS1: %s, czas iteracji %d (ms)\n" +"Domyślny PBKDF dla LUKS2: %s\n" +"\tCzas iteracji: %d, wymagana pamięć: %dkB, liczba wątków: %d\n" -#: src/cryptsetup.c:1420 +#: src/cryptsetup.c:3422 #, c-format msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" "Domyślne wkompilowane parametry szyfrowania urządzeń:\n" "\tloop-AES: %s, bitów klucza: %d\n" "\tplain: %s, bitów klucza: %d, skrót hasła: %s\n" -"\tLUKS1: %s, bitów klucza: %d, skrót nagłówka LUKS: %s, RNG: %s\n" +"\tLUKS: %s, bitów klucza: %d, skrót nagłówka LUKS: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: Domyślny rozmiar klucza z trybem XTS (dwa klucze wewnętrzne) będzie podwojony.\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: wymaga %s jako argumentów" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 msgid "Show this help message" msgstr "Wyświetlenie tego opisu" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 msgid "Display brief usage" msgstr "Wyświetlenie krótkiej informacji o składni" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Opcje pomocnicze:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 msgid "Print package version" msgstr "Wypisanie wersji pakietu" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Opcje pomocnicze:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 msgid "Shows more detailed error messages" msgstr "Wyświetlanie bardziej szczegółowych komunikatów błędów" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 msgid "Show debug messages" msgstr "Wyświetlanie informacji diagnostycznych" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Wyświetlanie informacji diagnostycznych wraz z metadanymi JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 msgid "The cipher used to encrypt the disk (see /proc/crypto)" msgstr "Szyfr używany do zaszyfrowania dysku (p. /proc/crypto)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 msgid "The hash used to create the encryption key from the passphrase" msgstr "Skrót używany do utworzenia klucza szyfrującego z hasła" -#: src/cryptsetup.c:1481 +#: src/cryptsetup.c:3492 msgid "Verifies the passphrase by asking for it twice" msgstr "Sprawdzenie poprawności hasła poprzez dwukrotne pytanie" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." -msgstr "Odczyt klucza z pliku." +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Odczyt klucza z pliku" -#: src/cryptsetup.c:1483 +#: src/cryptsetup.c:3494 msgid "Read the volume (master) key from file." msgstr "Odczyt klucza wolumenu (klucza głównego) z pliku." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "Zrzut (głównego) klucza wolumenu zamiast informacji o kluczach." +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Zrzut (głównego) klucza wolumenu zamiast informacji o kluczach" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 msgid "The size of the encryption key" msgstr "Rozmiar klucza szyfrującego" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 msgid "BITS" msgstr "BITÓW" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 msgid "Limits the read from keyfile" msgstr "Ograniczenie odczytu z pliku klucza" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 msgid "bytes" msgstr "bajty" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 msgid "Number of bytes to skip in keyfile" msgstr "Liczba bajtów do pominięcia w pliku klucza" -#: src/cryptsetup.c:1488 +#: src/cryptsetup.c:3499 msgid "Limits the read from newly added keyfile" msgstr "Ograniczenie odczytu z nowo dodanego pliku klucza" -#: src/cryptsetup.c:1489 +#: src/cryptsetup.c:3500 msgid "Number of bytes to skip in newly added keyfile" msgstr "Liczba bajtów do pominięcia w nowo dodanym kluczu" -#: src/cryptsetup.c:1490 +#: src/cryptsetup.c:3501 msgid "Slot number for new key (default is first free)" msgstr "Numer dla nowego klucza (domyślny: pierwszy wolny)" -#: src/cryptsetup.c:1491 +#: src/cryptsetup.c:3502 msgid "The size of the device" msgstr "Rozmiar urządzenia" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 msgid "SECTORS" msgstr "SEKTORÓW" -#: src/cryptsetup.c:1492 +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Użycie tylko określonego rozmiaru urządzenia (zignorowanie pozostałej części). NIEBEZPIECZNE!" + +#: src/cryptsetup.c:3504 msgid "The start offset in the backend device" msgstr "Offset początku na urządzeniu przechowującym" -#: src/cryptsetup.c:1493 +#: src/cryptsetup.c:3505 msgid "How many sectors of the encrypted data to skip at the beginning" msgstr "Liczba sektorów zaszyfrowanych danych do pominięcia" -#: src/cryptsetup.c:1494 +#: src/cryptsetup.c:3506 msgid "Create a readonly mapping" msgstr "Utworzenie odwzorowania tylko do odczytu" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "Czas iteracji PBKDF2 dla LUKS (w milisekundach)" - -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "ms" - -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 msgid "Do not ask for confirmation" msgstr "Bez pytań o potwierdzenie" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 msgid "Timeout for interactive passphrase prompt (in seconds)" msgstr "Limit czasu przy interaktywnym pytaniu o hasło (w sekundach)" -#: src/cryptsetup.c:1497 -msgid "secs" -msgstr "s" +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "s" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Uaktualnianie wiersza postępu (w sekundach)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Jak często można powtarzać próby wprowadzenia hasła" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Wyrównanie danych do granicy sektorów - dla luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Plik z kopią zapasową nagłówka LUKS i kluczy" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Użycie /dev/random do wygenerowania klucza wolumenu" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Użycie /dev/urandom do wygenerowania klucza wolumenu" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Współdzielenie urządzenia z innym, nie zachodzącym segmentem szyfrowanym" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID dla urządzenia, które ma być użyte" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Zezwolenie na żądania porzucenia (TRIM) dla urządzenia" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Urządzenie lub plik z osobnym nagłówkiem LUKS" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Sprawdzenie hasła bez uaktywniania urządzenia" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Użycie nagłówka ukrytego (ukrytego urządzenia TCRYPT)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Urządzenie jest napędem systemowym TCRYPT (z bootloaderem)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Użycie zapasowego (drugiego) nagłówka TCRYPT" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Wyszukiwanie także urządzeń zgodnych z VeraCryptem" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "PIM (osobisty mnożnik iteracji) dla urządzenia zgodnego z VeraCryptem" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Odpytanie PIM (osobistego mnożnika iteracji) pod kątem urządzenia zgodnego z VeraCryptem" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Typ metadanych urządzenia: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Wyłączenie sprawdzania jakości hasła (jeśli włączone)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Użycie opcji zgodności wydajności dm-crypta same_cpu_crypt" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Użycie opcji zgodności wydajności dm-crypta submit_from_crypt_cpus" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Usunięcie urządzenia jest odroczone do czasu zamknięcia przez ostatniego użytkownika" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Użycie globalnej blokady do serializacji ciężkich pamięciowo PBKDF (obejście OOM)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Czas iteracji PBKDF dla LUKS (w milisekundach)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ms" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Algorytm PBKDF (dla LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Limit kosztu pamięciowego PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilobajty" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Koszt zrównoleglenia PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "wątki" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Koszt iteracji PBKDF (wymuszony, wyłącza test wydajności)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Priorytet klucza: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Wyłączenie blokowania metadanych na dysku" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Wyłączenie ładowania kluczy wolumenu przez pęk kluczy w jądrze" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Algorytm integralności danych (tylko LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Wyłączenie kroniki dla urządzenia integralności" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Bez wymazania urządzenia po formatowaniu" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Użycie niewydajnego starego wyrównania (stare jądra)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Bez pytania o hasło, jeśli uaktywnienie przy użyciu tokenu się nie powiedzie" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Numer tokenu (domyślnie: dowolny)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Opis klucza" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Rozmiar sektora szyfrowania (domyślnie: 512 bajtów)" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Użycie IV liczonego w rozmiarze sektora (nie w 512 bajtach)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Trwałe ustawienie flag uaktywniania dla urządzenia" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Jak często można powtarzać próby wprowadzenia hasła" +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Ustawienie etykiety dla urządzenia LUKS2" -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" -msgstr "Wyrównanie danych do granicy sektorów - dla luksFormat" +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Ustawienie etykiety podsystemu dla urządzenia LUKS2" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Plik z kopią zapasową nagłówka LUKS i kluczy." +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Utworzenie niepowiązanego (bez przypisanego segmentu danych) klucza LUKS2" -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "Użycie /dev/random do wygenerowania klucza wolumenu." +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Odczyt lub zapis danych JSON z/do pliku" -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Użycie /dev/urandom do wygenerowania klucza wolumenu." +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Rozmiar obszaru metadanych nagłówka LUKS2" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "" -"Współdzielenie urządzenia z innym, nie zachodzącym segmentem szyfrowanym." +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Rozmiar obszaru kluczy nagłówka LUKS2" -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID dla urządzenia, które ma być użyte." +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Odświeżenie (ponowne uaktywnienie) urządzenia z nowymi parametrami" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Zezwolenie na żądania porzucenia (TRIM) dla urządzenia." +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Klucz LUKS2: rozmiar klucza szyfrującego" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Urządzenie lub plik z osobnym nagłówkiem LUKS." +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Klucz LUKS2: szyfr używany do szyfrowania kluczy" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Sprawdzenie hasła bez uaktywniania urządzenia." +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Szyfrowanie urządzenia LUKS2 (w miejscu)." -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Użycie nagłówka ukrytego (ukrytego urządzenia TCRYPT)." +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Odszyfrowanie urządzenia LUKS2 (usunięcie szyfrowania)." -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Urządzenie jest napędem systemowym TCRYPT (z bootloaderem)." +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Zainicjowanie ponownego szyfrowania LUKS2 wyłącznie w metadanych." -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Użycie zapasowego (drugiego) nagłówka TCRYPT." +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Wyłącznie wznowienie zainicjowanego ponownego szyfrowania LUKS2." -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Wyszukiwanie także urządzeń zgodnych z VeraCryptem." +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Ograniczenie rozmiaru urządzenia danych (przesunięcie położenia danych). NIEBEZPIECZNE!" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Typ metadanych urządzenia: luks, plain, loopaes, tcrypt." +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Maksymalny rozmiar strefy hotzone ponownego szyfrowania." -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Wyłączenie sprawdzania jakości hasła (jeśli włączone)." +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Typ odporności strefy hotzone ponownego szyfrowania (checksum, journal, none)" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "Użycie opcji zgodności wydajności dm-crypta same_cpu_crypt." +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Skrót sum kontrolknych strefy hotzone ponownego szyfrowania" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "Użycie opcji zgodności wydajności dm-crypta submit_from_crypt_cpus." +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Nadpisanie wykrytego urządzenia dla urządzenia dm do ponownego szyfrowania" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 msgid "[OPTION...] " msgstr "[OPCJA...] " -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Działanie w trybie FIPS.\n" - -#: src/cryptsetup.c:1581 src/veritysetup.c:439 +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 msgid "Argument missing." msgstr "Brak argumentu ." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 msgid "Unknown action." msgstr "Nieznana akcja." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "" -"Opcja --shared jest dozwolona tylko dla operacji otwarcia zwykłego " -"urządzenia.\n" +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Opcje --refresh i --test-passphrase wykluczają się wzajemnie." -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "Opcja --allow-discards jest dozwolona tylko dla operacji otwarcia.\n" +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "Opcja --deferred jest dozwolona tylko dla operacji zamknięcia." -#: src/cryptsetup.c:1657 -msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." -msgstr "" -"Opcja --key-size jest dopuszczalna tylko dla operacji luksFormat, open\n" -"i benchmark.\n" -"Aby ograniczyć odczyt z pliku klucza, należy użyć --keyfile-size=(bajty)." +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Opcja --shared jest dozwolona tylko dla operacji otwarcia zwykłego urządzenia." + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Opcja --allow-discards jest dozwolona tylko dla operacji otwarcia." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "Opcja --persistent jest dozwolona tylko dla operacji otwarcia." + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Opcja --serialize-memory-hard-pbkdf jest dozwolona tylko dla operacji otwarcia." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Opcja --persistent nie jest dozwolona z --test-passphrase." -#: src/cryptsetup.c:1664 +#: src/cryptsetup.c:3753 msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." msgstr "" -"Opcja --test-passphrase jest dozwolona tylko przy otwieraniu urządzeń LUKS i " -"TRCYPT.\n" +"Opcja --key-size jest dozwolona tylko dla operacji luksFormat, luksAddKey,\n" +"open i benchmark. Aby ograniczyć odczyt z pliku klucza, należy użyć\n" +"--keyfile-size=(bajty)." -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Opcja --integrity jest dozwolona tylko dla operacji luksFormat (LUKS2)." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Opcja --integrity-no-wipe może być użyta tylko do akcji formatowania z rozszerzeniem integralności." + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Opcje --label i --subsystem są dozwolone tylko dla operacji LUKS2 luksFormat i config." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Opcja --test-passphrase jest dozwolona tylko przy otwieraniu urządzeń LUKS, TRCYPT i BITLK." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 msgid "Key size must be a multiple of 8 bits" msgstr "Rozmiar klucza musi być wielokrotnością 8 bitów" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 msgid "Key slot is invalid." msgstr "Numer klucza jest nieprawidłowy." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "Opcja --key-file ma priorytet nad podanym argumentem pliku klucza.\n" +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Opcja --key-file ma priorytet nad podanym argumentem pliku klucza." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 msgid "Negative number for option not permitted." msgstr "Liczba ujemna nie jest dozwolona dla tej opcji." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Dozwolony jest tylko jeden argument --key-file." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 msgid "Only one of --use-[u]random options is allowed." msgstr "Dozwolona jest tylko jedna z opcji --use-[u]random." -#: src/cryptsetup.c:1699 +#: src/cryptsetup.c:3813 msgid "Option --use-[u]random is allowed only for luksFormat." msgstr "Opcja --use-[u]random jest dozwolona tylko dla operacji luksFormat." -#: src/cryptsetup.c:1703 +#: src/cryptsetup.c:3817 msgid "Option --uuid is allowed only for luksFormat and luksUUID." msgstr "Opcja --uuid jest dozwolona tylko dla operacji luksFormat i luksUUID." -#: src/cryptsetup.c:1707 +#: src/cryptsetup.c:3821 msgid "Option --align-payload is allowed only for luksFormat." msgstr "Opcja --align-payload jest dozwolona tylko dla operacji luksFormat." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Opcja --skip jest obsługiwana tylko przy otwieraniu urządzeń plain i " -"loopaes.\n" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Opcje --luks2-metadata-size i --opt-luks2-keyslots-size są dozwolone tylko dla operacji luksFormat z LUKS2." -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Opcja --offset jest obsługiwana tylko przy otwieraniu urządzeń plain i " -"loopaes.\n" +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Błędne określenie rozmiaru metadanych LUKS2." -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" -msgstr "" -"Opcje --tcrypt-hidden, --tcrypt-system i --tcrypt-backup są obsługiwane " -"tylko dla urządzeń TCRYPT.\n" +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Błędne określenie rozmiaru kluczy LUKS2." + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Opcji --align-payload i --offset nie można łączyć." + +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Opcja --skip jest obsługiwana tylko przy otwieraniu urządzeń plain i loopaes." + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Opcja --offset jest obsługiwana tylko przy otwieraniu urządzeń plain i loopaes oraz dla operacji luksFormat i ponownego szyfrowania." + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Opcje --tcrypt-hidden, --tcrypt-system i --tcrypt-backup są obsługiwane tylko dla urządzeń TCRYPT." + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Opcji --tcrypt-hidden nie można łączyć z --allow-discards." -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "Opcji --tcrypt-hidden nie można łączyć z --allow-discards.\n" +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Opcja --veracrypt jest obsługiwana tylko dla typu urządzeń TCRYPT." + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Podano błędny argument dla parametru --veracrypt-pim." + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Opcja --veracrypt-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Opcja --veracrypt-query-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Opcje --veracrypt-pim i --veracrypt-query-pim wykluczają się wzajemnie." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Opcja --priority może mieć wartości tylko ignore/normal/prefer." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Wymagane jest określenie klucza." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Funkcja pochodna klucza oparta na haśle (PBKDF) może być tylko pbkdf2 lub argon2i/argon2id." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Wymuszonych iteracji PBKDF nie można łączyć z opcją czasu iteracji." + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "Opcja rozmiaru sektora nie jest obsługiwana dla tego polecenia." + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Opcja dużych rozmiarów sektorów IV jest obsługiwana tylko przy otwieraniu urządzeń typu plain z sektorem większym niż 512 bajtów." + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "Przy opcji --unbound wymagany jest rozmiar klucza." + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Opcja --unbound może być użyta tylko z akcjami luksAddKey i luksDump." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "Opcja --refresh może być użyta tylko dla akcji otwierania." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "Nie można wyłączyć blokowania metadanych." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Błędne określenie maksymalnego rozmiaru strefy hotzone ponownego szyfrowania." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Błędne określenie rozmiaru urządzenia." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Maksymalna wartość ograniczenia rozmiaru urządzenia to 1GiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Rozmiar ograniczenia musi być wielokrotnością 512-bajtowego sektora." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "Błędne określenie rozmiaru danych." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Zmniejszenie przepełnienia rozmiaru." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "Odszyfrowanie LUKS2 wymaga opcji --header." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Rozmiar urządzenia musi być wielokrotnością 512-bajtowego sektora." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Opcji --reduce-device-size i --data-size nie można łączyć." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Opcji --device-size i --size nie można łączyć." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Opcji --ignore-corruption oraz --restart-on-corruption nie można użyć naraz." + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Podano błędny łańcuch zarodka." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Nie można utworzyć obrazu hasza %s do zapisu." -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "Opcja --veracrypt jest obsługiwana tylko dla typu urządzeń TCRYPT.\n" +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Nie można utworzyć obrazu FEC %s do zapisu." -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "Podano błędny łańcuch zarodka.\n" +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Podano błędny łańcuch głównego hasza." -#: src/veritysetup.c:88 +#: src/veritysetup.c:187 #, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "Nie można utworzyć obrazu hasza %s do zapisu.\n" +msgid "Invalid signature file %s." +msgstr "Błędny plik podpisu %s." -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "Podano błędny łańcuch głównego hasza.\n" +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Nie można odczytać pliku klucza %s." -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 msgid " " msgstr " " -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 src/integritysetup.c:479 msgid "format device" msgstr "sformatowanie urządzenia" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid " " msgstr " " -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid "verify device" msgstr "weryfikacja urządzenia" -#: src/veritysetup.c:310 -msgid " " -msgstr " " - -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "utworzenie aktywnego urządzenia" - -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "usunięcie (deaktywacja) urządzenia" +#: src/veritysetup.c:394 +msgid " " +msgstr " " -#: src/veritysetup.c:312 +#: src/veritysetup.c:396 src/integritysetup.c:482 msgid "show active device status" msgstr "pokazanie stanu aktywnego urządzenia" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 msgid "" msgstr "" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 src/integritysetup.c:483 msgid "show on-disk information" msgstr "wyświetlenie informacji z dysku" -#: src/veritysetup.c:332 +#: src/veritysetup.c:416 #, c-format msgid "" "\n" @@ -1541,333 +3108,770 @@ msgstr "" " to urządzenie zawierające dane weryfikacyjne\n" " to hasz głównego węzła na \n" -#: src/veritysetup.c:339 +#: src/veritysetup.c:423 #, c-format msgid "" "\n" "Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" msgstr "" "\n" "Domyślnie wkompilowane parametry dm-verity:\n" -"\tHasz: %s, blok danych (bajtów): %u, blok haszy (bajtów): %u, rozmiar " -"zarodka: %u, format haszy: %u\n" +"\tHasz: %s, blok danych (bajtów): %u, blok haszy (bajtów): %u, rozmiar zarodka: %u, format haszy: %u\n" -#: src/veritysetup.c:377 +#: src/veritysetup.c:466 msgid "Do not use verity superblock" msgstr "Nieużywanie superbloku VERITY" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "Format type (1 - normal, 0 - original Chrome OS)" msgstr "Typ formatu (1 - normalny, 0 - oryginalny Chrome OS)" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "number" msgstr "liczba" -#: src/veritysetup.c:379 +#: src/veritysetup.c:468 msgid "Block size on the data device" msgstr "Rozmiar bloku na urządzeniu z danymi" -#: src/veritysetup.c:380 +#: src/veritysetup.c:469 msgid "Block size on the hash device" msgstr "Rozmiar bloku na urządzeniu z haszami" -#: src/veritysetup.c:381 +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "bajty parzystości FEC" + +#: src/veritysetup.c:471 msgid "The number of blocks in the data file" msgstr "Liczba bloków w pliku danych" -#: src/veritysetup.c:381 +#: src/veritysetup.c:471 msgid "blocks" msgstr "bloki" -#: src/veritysetup.c:382 +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Ścieżka do urządzenia z danymi korekcji błędów" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "ścieżka" + +#: src/veritysetup.c:473 msgid "Starting offset on the hash device" msgstr "Offset początku na urządzeniu z haszami" -#: src/veritysetup.c:383 +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Offset początku na urządzeniu FEC" + +#: src/veritysetup.c:475 msgid "Hash algorithm" msgstr "Algorytm skrótu" -#: src/veritysetup.c:383 +#: src/veritysetup.c:475 msgid "string" msgstr "łańcuch" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "Salt" msgstr "Zarodek" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "hex string" msgstr "Łańcuch szesnastkowy" -#: src/cryptsetup_reencrypt.c:147 +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Ścieżka pliku podpisu hasza głównego" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Restart jądra po wykryciu uszkodzenia" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Zignotowanie uszkodzenia, jedynie logowanie" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Bez weryfikacji wyzerowanych bloków" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Sprawdzenie bloku danych tylko przy pierwszym odczycie" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Opcje --ignore-corruption, --restart-on-corruption oraz --ignore-zero-blocks są dozwolone tylko przy operacji otwierania." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Opcja --root-hash-signature może być użyta tylko dla akcji otwierania." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Opcji --ignore-corruption oraz --restart-on-corruption nie można użyć naraz." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Nie można odczytać pliku klucza %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Nie można odczytać %d bajtów z pliku klucza %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Sformatowano z rozmiarem znacznika %u, wewnętrzna integralność %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" to urządzenie do utworzenia pod %s\n" +" to urządzenie zawierające dane ze znacznikami integralności\n" + +#: src/integritysetup.c:507 #, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Nie można otworzyć %s w trybie wyłącznym, urządzenie jest w użyciu.\n" +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Domyślnie wkompilowane parametry dm-integrity:\n" +"\tAlgorytm sumy kontrolnej: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Ścieżka do urządzenia danych (jeśli osobne)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Rozmiar kroniki" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Sektory przeplotu" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Znak wodny kroniki" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "procent" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Czas zatwierdzania kroniki" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Liczba 512-bajtowych sektorów na bit (tryb bitmapy)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Czas zrzutu trybu bitmapy" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Rozmiar znacznika (na sektor)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Rozmiar sektora" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Rozmiar buforów" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Algorytm integralności danych" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Rozmiar klucza integralności danych" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Odczyt klucza integralności z pliku" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Algorytm integralności kroniki" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Rozmiar klucza integralności kroniki" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Odczyt klucza integralności z pliku" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Algorytm szyfrowania kroniki" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Rozmiar klucza szyfrowania kroniki" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Odczyt klucza szyfrującego kroniki z pliku" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Tryb odtwarzania (bez kroniki, bez sprawdzania znaczników)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Użycie bitmapy do śledzenia zmian i wyłączenie kroniki dla urządzenia integralności" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Automatyczne przeliczenie znaczników początkowych." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Opcja --integrity-recalculate może być użyta tylko dla akcji otwierania." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Opcje --journal-size, --interleave-sectors, --sector-size, --tag-size oraz --no-wipe mogą być użyte tylko dla akcji formatowania." + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Błędne określenie rozmiaru kroniki." -#: src/cryptsetup_reencrypt.c:151 +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Muszą być podane obie opcje: pliku klucza i rozmiaru klucza." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Algorytm integralności musi być podany, jeśli używany jest klucz integralności." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Muszą być podane obie opcje: pliku klucza integralności i rozmiaru klucza." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Algorytm integralności kroniki musi być podany, jeśli używany jest klucz integralności kroniki." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Muszą być podane obie opcje: pliku szyfrowania kroniki i rozmiaru klucza." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Algorytm szyfrowania kroniki musi być podany, jeśli używany jest klucz szyfrowania kroniki." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Opcje trybu odtwarzania i bitmapy wykluczają się wzajemnie." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Opcji kroniki nie można używać w trybie bitmapy." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Opcje bitmapy mogą być używane tylko w trybie bitmapy." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Ponowne szyfrowanie już trwa." + +#: src/cryptsetup_reencrypt.c:208 #, c-format -msgid "Cannot open device %s\n" -msgstr "Nie można otworzyć urządzenia %s\n" +msgid "Cannot exclusively open %s, device in use." +msgstr "Nie można otworzyć %s w trybie wyłącznym, urządzenie jest w użyciu." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "Przydzielenie wyrównanego obszaru pamięci nie powiodło się.\n" +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Przydzielenie wyrównanego obszaru pamięci nie powiodło się." -#: src/cryptsetup_reencrypt.c:168 +#: src/cryptsetup_reencrypt.c:229 #, c-format -msgid "Cannot read device %s.\n" -msgstr "Nie można odczytać urządzenia %s.\n" +msgid "Cannot read device %s." +msgstr "Nie można odczytać urządzenia %s." -#: src/cryptsetup_reencrypt.c:179 +#: src/cryptsetup_reencrypt.c:240 #, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "Oznaczanie urządzenia LUKS %s jako bezużytecznego.\n" +msgid "Marking LUKS1 device %s unusable." +msgstr "Oznaczanie urządzenia LUKS1 %s jako bezużytecznego." -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "Oznaczenie urządzenia LUKS %s jako użytecznego.\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Ustawianie flagi ponownego szyfrowania offline LUKS2 na urządzeniu %s." -#: src/cryptsetup_reencrypt.c:200 +#: src/cryptsetup_reencrypt.c:261 #, c-format -msgid "Cannot write device %s.\n" -msgstr "Nie można zapisać na urządzenie %s.\n" +msgid "Cannot write device %s." +msgstr "Nie można zapisać na urządzenie %s." -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "Nie można zapisać pliku logu ponownego szyfrowania.\n" +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Nie można zapisać pliku logu ponownego szyfrowania." -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "Nie można odczytać pliku logu ponownego szyfrowania.\n" +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Nie można odczytać pliku logu ponownego szyfrowania." -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "Plik logu %s istnieje, wznowienie ponownego szyfrowania.\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "Aktywacja urządzenia tymczasowego przy użyciu starego nagłówka LUKS.\n" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Uaktywnianie urządzenia tymczasowego przy użyciu starego nagłówka LUKS." -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "Aktywacja urządzenia tymczasowego przy użyciu nowego nagłówka LUKS.\n" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Uaktywnianie urządzenia tymczasowego przy użyciu nowego nagłówka LUKS." -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Aktywacja urządzeń tymczasowych nie powiodła się.\n" +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Uaktywnianie urządzeń tymczasowych nie powiodła się." -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Utworzono nowy nagłówek LUKS dla urządzenia %s.\n" +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Nie udało się ustawić offsetu danych." + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Nie udało się ustawić rozmiaru metadanych." -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:573 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Uaktywniono klucz %i.\n" +msgid "New LUKS header for device %s created." +msgstr "Utworzono nowy nagłówek LUKS dla urządzenia %s." -#: src/cryptsetup_reencrypt.c:484 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "Utworzono kopię zapasową nagłówka LUKS urządzenia %s.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Ta wersja cryptsetup-reencrypt nie obsługuje nowego typu tokenu wewnętrznego %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Nie udało się odczytać flag uaktywniania z nagłówka zapasowego." + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Nie udało się zapisać flag uaktywniania w nowym nagłówku." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "Tworzenie kopii zapasowych nagłówków LUKS nie powiodło się.\n" +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Nie udało się odczytać wymagań z nagłówka zapasowego." -#: src/cryptsetup_reencrypt.c:634 +#: src/cryptsetup_reencrypt.c:705 #, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Nie można odtworzyć nagłówka LUKS na urządzeniu %s.\n" +msgid "%s header backup of device %s created." +msgstr "Utworzono kopię zapasową nagłówka %s urządzenia %s." -#: src/cryptsetup_reencrypt.c:636 +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Tworzenie kopii zapasowych nagłówków LUKS nie powiodło się." + +#: src/cryptsetup_reencrypt.c:901 #, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "Odtworzono nagłówek LUKS na urządzeniu %s.\n" +msgid "Cannot restore %s header on device %s." +msgstr "Nie można odtworzyć nagłówka %s na urządzeniu %s." -#: src/cryptsetup_reencrypt.c:669 +#: src/cryptsetup_reencrypt.c:903 #, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Postęp: %5.1f%%, ETA %02llu:%02llu, zapisano %4llu MiB, szybkość %5.1f MiB/s" -"%s" +msgid "%s header on device %s restored." +msgstr "Odtworzono nagłówek %s na urządzeniu %s." -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Nie można przemieścić się we właściwe położenie urządzenia.\n" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Nie można otworzyć tymczasowego urządzenia LUKS." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Nie można otworzyć pliku tymczasowego nagłówka LUKS.\n" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Nie można pobrać rozmiaru urządzenia." -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "Nie można pobrać rozmiaru urządzenia.\n" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Błąd we/wy podczas ponownego szyfrowania." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Przerwano sygnałem.\n" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Dostarczony UUID jest nieprawidłowy." -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "Błąd we/wy podczas ponownego szyfrowania.\n" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Nie można otworzyć pliku logu ponownego szyfrowania." -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"Rozmiaru klucza można użyć tylko z --key-slot albo przy dokładnie jednym " -"aktywnym kluczu.\n" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Nie w trakcie odszyfrowywania; dostarczony UUID może być użyty tylko do wznowienia wstrzymanego procesu odszyfrowywania." -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 +#: src/cryptsetup_reencrypt.c:1504 #, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Hasło dla klucza %u: " - -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Nie można otworzyć pliku logu ponownego szyfrowania.\n" +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Zmieniono parametry PBKDF dla klucza %i." -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "Reencryption block size" msgstr "Rozmiar bloku ponownego szyfrowania" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "MiB" msgstr "MiB" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "Bez zmiany klucza i ponownego szyfrowania obszaru danych." +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Bez zmiany klucza i ponownego szyfrowania obszaru danych" -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "Użycie bezpośredniego we/wy przy dostępie do urządzeń." +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Odczyt nowego klucza wolumenu (klucza głównego) z pliku" -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "Użycie fsync po każdym bloku." +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Czas iteracji PBKDF2 dla LUKS (w milisekundach)" -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Uaktualnianie pliku logu po każdym bloku." +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Użycie bezpośredniego we/wy przy dostępie do urządzeń" -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "Użycie tylko tego slotu (wyłączenie pozostałych)." +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Użycie fsync po każdym bloku" -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" -"Ograniczenie rozmiaru urządzenia danych (przesunięcie położenia danych). " -"NIEBEZPIECZNE!" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Uaktualnianie pliku logu po każdym bloku" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Użycie tylko określonego rozmiaru urządzenia (zignorowanie pozostałej " -"części). NIEBEZPIECZNE!" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Użycie tylko tego slotu (wyłączenie pozostałych)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Utworzenie nowego nagłówka na nieszyfrowanym urządzeniu" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Trwałe odszyfrowanie urządzenia (usunięcie szyfrowania)" -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Utworzenie nowego nagłówka na nieszyfrowanym urządzeniu." +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "UUID używany do wznowienia odszyfrowywania" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." -msgstr "Trwałe odszyfrowanie urządzenia (usunięcie szyfrowania)." +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Typ metadanych LUKS: luks1, luks2" -#: src/cryptsetup_reencrypt.c:1298 +#: src/cryptsetup_reencrypt.c:1659 msgid "[OPTION...] " msgstr "[OPCJA...] " -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "UWAGA: ten kod jest eksperymentalny, może całkowicie uszkodzić dane.\n" - -#: src/cryptsetup_reencrypt.c:1313 +#: src/cryptsetup_reencrypt.c:1667 #, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "Ponowne szyfrowanie zmieni: klucz wolumenu%s%s%s%s.\n" +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Ponowne szyfrowanie zmieni: %s%s%s%s%s%s." -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr ", hasz na " +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "klucz wolumenu" -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "hasz na " + +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr ", szyfr na" -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "Wymagany argument." -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Jako rozmiar bloku ponownego szyfrowania dozwolone są jedynie wartości od 1 " -"MiB do 64 MiB." - -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Błędne określenie rozmiaru urządzenia." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Jako rozmiar bloku ponownego szyfrowania dozwolone są jedynie wartości od 1 MiB do 64 MiB." -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." msgstr "Maksymalna wartość ograniczenia rozmiaru urządzenia to 64MiB." -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Rozmiar ograniczenia musi być wielokrotnością 512-bajtowego sektora." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Opcja --new musi być użyta wraz z --reduce_device_size lub --header." -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "Opcja --new musi być użyta wraz z --reduce_device_size." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Opcja --keep-key może być użyta tylko z --hash, --iter-time lub --pbkdf-force-iterations.." -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "Opcja --keep-key może być użyta tylko z --hash lub --iter-time." - -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "Opcja --new nie może być użyta wraz z --decrypt." -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." msgstr "Opcja --decrypt jest niezgodna z podanymi parametrami." +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Opcja --uuid jest dozwolona tylko wraz z --decrypt." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Błędny typ LUKS - musi być jednym z 'luks', 'luks1' lub 'luks2'." + #: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Błąd podczas odczytu odpowiedzi z terminala.\n" +msgid "Error reading response from terminal." +msgstr "Błąd podczas odczytu odpowiedzi z terminala." -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Polecenie się powiodło.\n" -#: src/utils_tools.c:191 +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "niewłaściwe lub brakujące parametry" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "brak uprawnień lub błędne hasło" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "brak pamięci" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "podano niewłaściwe urządzenie lub plik" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "urządzenie już istnieje lub jest zajęte" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "nieznany błąd" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Polecenie nie powiodło się z kodem %i (%s).\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Klucz numer %i utworzony." + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Klucz numer %i odblokowany." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Klucz numer %i usunięty." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Token %i utworzony." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Token %i usunięty." + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Wymazywanie przerwane." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "UWAGA: urządzenie %s już zawiera sygnaturę partycji '%s'.\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "UWAGA: urządzenie %s już zawiera sygnaturę superbloku '%s'.\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Nie udało się zainicjować sond sygnatur urządzeń." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Nie udało się wykonać stat na urządzeniu %s." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Urządzenie %s jest w użyciu. Nie można kontynuować operacji formatowania." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Nie udało się otworzyć pliku %s do odczytu i zapisu." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "Istniejąca sygnatura partycji '%s' (offset w bajtach: %) na urządzeniu %s zostanie wymazana." + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "Istniejąca sygnatura superbloku '%s' (offset w bajtach: %) na urządzeniu %s zostanie wymazana." + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Nie udało się wymazać sygnatury urządzenia." + +#: src/utils_tools.c:590 #, c-format -msgid "Command failed with code %i" -msgstr "Polecenie nie powiodło się z kodem %i" +msgid "Failed to probe device %s for a signature." +msgstr "Nie udało się sprawdzić sygnatury urządzenia %s." + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Ponowne szyfrowanie przerwane." -#: src/utils_password.c:42 +#: src/utils_password.c:43 src/utils_password.c:75 #, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Nie można sprawdzić jakości hasła: %s\n" +msgid "Cannot check password quality: %s" +msgstr "Nie można sprawdzić jakości hasła: %s" -#: src/utils_password.c:50 +#: src/utils_password.c:51 #, c-format msgid "" "Password quality check failed:\n" -" %s\n" +" %s" msgstr "" "Sprawdzenie jakości hasła nie powiodło się:\n" -" %s\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Sprawdzenie jakości hasła nie powiodło się: błędne hasło (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Błąd podczas odczytu hasła z terminala." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Weryfikacja hasła: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Hasła nie zgadzają się." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Nie można użyć offsetu, jeśli wejściem jest terminal." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Hasło: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Hasło dla %s: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Dla tego hasła nie ma dostępnego klucza." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Brak dostępnego miejsca na klucz." + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Nie można otworzyć pliku klucza %s do zapisu." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Nie można zapisać pliku klucza %s." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Nie udało się otworzyć pliku %s tylko do odczytu." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Poprawny token JSON dla LUKS2:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Nie udało się odczytać pliku JSON." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Odczyt przerwany." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Nie udało się otworzyć pliku %s do zapisu." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Zapis przerwany." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Nie udało się zapisać pliku JSON." diff --git a/po/pt_BR.gmo b/po/pt_BR.gmo new file mode 100644 index 0000000000000000000000000000000000000000..d2fc1c50e566f5f6bedcb6449ab31a4791c34a1c GIT binary patch literal 74425 zcmcGX34mQimHscnu(YCxAd4)IKu8DDout`A2w8zZHnOlqgqQBuokzOgYy0&}2;#mw zE;BB;j)FU`s(b6ce%%So{2Ok*ck9+(r%s(Z zb*k!~!w-1Lep!}X|DY^e04{h$mYuUdcxsl({UK*$*&*N&;JG~d`{bEfb}9HN@JR5m zv$E_?@Ko?4;CI0W_^PwB><;k3=VaN_!Hz-M4uBsE_#1FO@265IrGEuTRb@{AmF}IO%JEsS5Bw!~EO`7p9(%0KJCUx6zBg{%Dg z2nY#fZw7n8?}4X)2Vdm*?*moN%fO}J1b7;F2dHx01D+241w0x&jl!J@t^kh$ZvZRc zQ^4cE*MYOakAW)3Pe4d7JDAE@3a$WEpHBm4fv*JR?<3*;`vLb~?eUxn%KsWr{s%#& z`wUR!cy(~!11jC0fNIx=(7BY)Ip92S9jJDD9M}uK92EV10<3`F1Vu0Rfy=;!RI=)= z1lZJ;1@yB|Bu1B;9o$6@1>Ddjt!v7-vCvAF9H?MdqB0*H$m0MuR&Nvb`-=-)n*$& zNFaMTNSDdJ2W|jQ;GczH6MQIm8>oKxkD&6g2UNV@1z{E0??J^saJlE}Dp22_1d0w` z4l4dTLAA&4K(*UpbRw0%7aRk(f~wcgfb#b%a6b6pP454EQ03nQsvM68VVT*TpvwO< zupc~Zv)BKH;OV>%f+v7403QLq1MCAo0jfQI1*&}?vc>6R1*m+FgZlnFQ1pL$`2HF2 zEZ%<)E(GUY;psdEJd^k5fJcHK1r_e=UQLS+wlE_Yux{8Q1#dZ)jrP$)n2!QO8-ls`p5oTJ%95+(dqi|z6%t6z5-PJ ze+X1Q?gf?JVUPCwECS_T1CIv(7S#9Ghwonim5=+tW5A=Y_4Ee7GkD(uDnHK#ML!<` zmEWI(YL9~+Lmva@fC~R=Q0cr6JP!OaSONbNRJey-=kc5ds=U{L%FmNQrT13wJn(zq zh2SyQd%Ii>>ics*)$2z<#eXlTesxgQ(|IH)x;zIw3A_wE9~=V}?so7U;Mc)J!KZEW zbY2LG-o64J4<0n=^)Nf&CEy9T?*LW4=YVRD*MXv&e+l>}a31e{Lmuxnpz{3+P;~bN z@NDo0py=i3n&S#kblw0@0iOn*2;L4V+-E@1_1)mf;9tRqgC`F=|33?q|D6GE0p;&b zQ2G8gsPygw9|fK=;`Ou?R6TA6VI|pPL4Dr?!osrefe!)aZ};>TgX&l7z=wg42iJkm z180MGgQCX=)%|?|SmFH&Q1r74RKI!?sP_FHsQz{04L%;910KQq;{yI2sCs!rc>f?M zI{Ol+db$@p6@1tZZ;!J<#rGJn7u*Rdo!5l-?|~}c!J}SZrvzLHo`w4msQkYIRK45< zDxQA>*MJWl^Lp9}p3eK*L8bRC@Feippz7ff4X^j}!2Nl@3RHd{9p0Y|&gK2-pz{At z5R%OP6;wT)+w}I?4(j{Opxj>vsy}`eRQd;wdwmRm{k*RM&jlX`ijLnM-oFB>-X8qe zK-ZxBUjnLpyFm4mTS29BH@F&n$b{F&72rJHp9U)2yFm4`?}MV}-+~H%dduS*0hjXr zci>gvmqF3tX_GEjtp?TKo)0RWJ)r9U(6-070$jxVP2v4LAf%Z69GnAghUqBXo52O( z9iZy{$KU|iv&-d;3qZBc6TwG-F9jEZZv|Da-vy5V54h3eI|fueZ2;BZZU7bE^TPYb zK(*VCK-I&cyR+;9a513srJJ^u`pzvG_Z@0Wn9c;5{!20sd(0saXT|5@-vudmJE zdAvUXRDHe=ycql$D1T=>$@6g~sCs=Scqw=%DF6FC+1<|sMW2J0PxeG+VgYZgTdc}s`m#y)#TmQIlZg{ zRlX;Iec&D7F!%#d;VyZ$m-7}-`T7KS7!Cj#8 z{YvmO@Sni*!S8}86QBdiB8(a?V{{rWq7lB9f-U1c>a|6Bu?C1SUp!(TgLDAQOzw`dI5>&o#1Qq^e zpz8HqpvwDsQ0;y%xC}h(?>#>o!KJ*v6qNfn!OOv8U+C>T3U1;372po=SKui4=oe+# zi^0!;ivKaZRKUl9^TAhv%HQWe(cSmKBfx`R;_Y=DxQ_QT!1dr$z{9|=fCqv<0{;fQ z7gT(|0*?nPw|KoQ0Tu7{pxXJFpyGKaxB>htsQTFOQg7dJQ0?;q@KEpr;E~{6U=Mf? zcnJ7Y@Il~jK&AhCQ1Sc;RKAXTnTIzLa+g<+_!@A_a5*e z;0M4y@YA6D{|-DHeAvsq{bqqm?|e{nvK&c4~H-oGVp8Q>EI*Z z;B>wmtnl6f)m|?KMK^B&RWJ8}qJvp)bbhcJJdgLALDkQlpy=k4;HlsbLGhVG-sE)C z2ddt;fX9H_!3y{k@Idf&;BxRSp!m=)zze{+Z}xJGfJ*O8pz8ex;3Du5w|jc)z`4A) zL6!S8;7Q>3K-JHFZ^^Pccr0w4KLo{u%4{Jk7hJ$(VZ7ChvRP@kac z@lE0VTVNmW$GqFexr@O8-k$-g9o`SBJbwu9z3=h%7zP#Zt)S}VFW_n5(4C%-7l4a- zzZ+Eh9rIq7i#LJi@cvv-_5DfkQt%g`@^S9_Li_=54ft(P;f{E}mtzgMl=tU?%J1jF zi@@vy9`D7V{EvfIf^QC(eGuNk`&FRw_x6DIf~WI7=R=VGAh;NO@P}RA zx&%Cf_veFWgP#DGf%k>)=YPcM^U0v-^3C9h;D3O#z=J>P>6{MgdkvKP8$i|fU7+%F zA2<)3{V}KOjiA0yg4cj=0IvnJkE6=~9s{bpUjVNLPyK|;yH5fi!TTq{qrh*1$AP~B zXM>0Cae6!hJd5`ifU3Vwfv19h2IcRRPdfcx3ZBCIi@{mo`@ze>yTNCG{h#vw{2s8v z`>(-`;Nk!5;cB4j?>XRV@FSr3&cUB{`n(cc&ik`L)x+n&rQm;qCxPeP<$QcAD0-d* zRh~D3qK7@;`QY!tW5I#Xcs|yGb9irnD(5ZWCE({krGMmS-F*nu`zyes!JmRk_d);S z`9B3zJgY&~=VL+ndp39)_*zhO@p(}7bHL}EFU|oE5?Be)EFGpKsK7gRZq`;y1A5}e2TF0cZ=9#p^h6xa_w=*!N376u#!<^Ppn1-uJf z0sb_6@B50^=QdF7_e@abdp)=w+yl-9AMsV^PZxlv@_sWY_t$~%06!1*%Kd9zA8!Cp z=Ka&4+T&;7iQpr@?&+Tm%KavADfk9Z<^Bn{2JHP;PrnVG$@{0k^T0oXXM<;c!_(OT zK9u+8fy&pbz+=EYpyK~7sD66zH@%()L8>ad6+9e#?6;gwp9U`H{bS&4aQ|;R|CtLa zo-0As<5NI=edV2WXp57JU`MlS`3&1yk=Yl^1 zj|GqWuBUensQTRosyxpHRS$0j7l7XZ9|b<-9?y3#C_32z_JJ<~M~RCnKY+%;GeD*HQc&%4 zS9t#`sQO#*Loer6a4GLE1}_J{4pzW9Kl1vz1U#DeTS4XT{oo1U*TCb!-+;>R!+-4U zaW<%W83Y%CF9YTOv*3L2r{Grbn1Azpw?Vbv?V$4cMNr`m{E7G1bHQ_Xe*$<4cqb@- z-vKv+hyT0t`w>v#J_Q~L{s9y{9Qq&L{!2l%!%px);OoQto51~f|9W`;7N~kV=%>&Y zcrLgI{2-|I{XIArJp5koH;cj5ygvyP9eoy@10MJ@uh)KXE$>Zm7WiRsG5CE@baedB zogU5sm-0Rgs-E5iUJ8B#6g|%Rh4-7Spx*BU70)k0)z7^D^l}e@OL)Htya;?h*bipE z^!Vn3*XcW``usL{4ft13@m%vOFV71>#eX-b_>TFt=kF>|>AxIof?omWfy@8P!#6>N zdlPs%_+wD@ci3-yyt@okx~~RBzk5LS&+mYW=i$F~I$i=^$onQx^!FlgKKM3pDR_5y zKmK=~pS9p}+@Aq%0zU()U5@{~*YgOtkoPBpYQH-`(dBo+M}vO?&jPRhgXjANU@z|< z1kVJ244wfV^WPrdT2SvJpxXVFp!|OWya3GZ^YoX1D#x?H%fP$9Q^6zt==5+tDEG&J z%GX=K0q|?!Qt+Vv@&0}Zcr5Q*!9H*&crN&QQ1tp;@I3ILfAV_11YFPiE5Q}u&p?%9 z{-3>^L*OdjUjZuI_rZ9D`?LMb z{dQ3Ky9ZRg9JQajF9j>Sx51;qTfl?BcY^AN?*$iu9|R8re-El%4|>pkRzH`5=kPuW zt_9x)D&KzuPXyQQ@9B<#$MgP1Q0adXyb$~aDEjL=z}+{3D|vq$sPcRad;|D9Q1$)F zzuC{|_)hSA-hT+HyeAyEpY`+W!P9tu7O3*v0nP$H2dbTZ35u?dKgi!N1())EBX~Xd zeo%CJ?7<%I5U6zC2rdSH2r6GE9F2LFMB^pvwPs zQ1$qm@cn=Xd-;zFxEMT%?^RIk^;A&p{vl9wb?#LG`B>gR1Y(f-2W9LDk3U4|Ti>R6RW%RJc1p^^fm?3V-0k_OpJr7*u-W zpz8Z&p#1LvMK8YuXM?95=JmM&yqxz}fNIB|gX;eWJ$yeKf6fC{e=h-5Pj`We|0kf@ z@1ch~y)6V4|5otf;4R<<;G03w+fM=>_z17ZQ$f+&C7{anSa37=8t^Lcx8TL#+9Moa z0zQ`a?}EzT`Xl$t9s@oZyb=69_(bsPNA8z>0sI!I`g!wF9{(3X<>$|!+W-8cy?)k# zD)(+s{$C6Zf*%Bjz!NbpIuv{wcp&&f@NdAEgG<2IfU3`Xz>~oPj`jTYg5p!xfHm-G z;4pYEsQSD7QJ(&8Q1QGTJQDm7_$cr`@WJ4b$L(kOuam$B@qT*1eo*wd5IhLn1Re)& z1r^VY!TtH5;<*JBJ-!xHdLIWXV0Qd|a2{kUQ1x;$DEdAdRDCo-g}Vh*{O3lv@44J!S`{Bsoe&)~h_Y6`3H-_%F` z=79egez(Eb;I=2c>$`Ye{8Kw`<#{IGzX~?Nt9kyw^97zA!QUPyNBmm-k$)*zi;#7*F67*+cKUf z@jNtqd@Z<$ca3@a`!3H_guj?ae~$!z$oJ3iyp!kMxc!Rfv>D!-Qy{%yQZ%8mC|@LUwWzdhgy__>}3mSBIU@cXaf+grh%xW9~NR`{+@=i_Gs z_&4Bh!0+*_eh~b_YO?{{Md$JF4&3(e@=~6s@LPR)1<$+r{ZbzBTK#>> zA$tk9o;Z4WJ{R1c98ho~Vg84QVJZ7$a6b#bvw6Oa+c`YDc|M?TxE;gqi+NyQ*@?VA z6?`Y381_uRC~r^HKm0w1=W6^M%5w?N>+qw$kAffOS%91V{@Ee>K5oC`k$lp_Gr{u^ z{5%G{hG#9`E(P^>xr6=tcHDo)uU2q-0q^2%>hFsQe;@DP3Eu=~Pb+&&r{C6`E+ ze;v<%pzkdgR!E-CWFAQ#S*WX{m`zrkF z?;$*o32rBW7vcU(@YOuqd6ou$=9zy^#%&&MZ{YVo@_dhX{hbc}#DChqFAnZ{c}$4o zwZZMtyl=w&OFWm!L-_j?-~S=}u7J@co+J4E z-#pjx`wQS{gwfwkyf5KN|Gvfh0M7;Zc{U&J$@aLGW=rOXZ=<-;KfT0Ky%|?-TGlE4Uqo+oO1YYi*M;AL{dq3M&!519 zz^lQVc&_C4BM7IzQJ%xX?@i!}@cV1H@8-FSM}NmUWcv{|{=J_c&*wRx=l47Z^K9nP z-#t7>5!XAwXM>;Mc@@t$d4Cc3UQmA*@mqgC0uSK%7{9L%ZVysE^)dO=9N-L|)%f`k z&kFq975vNFKk@qt+(y7ddFF+0Zw6n$_p{_F{0+t*0f+JPxBPw=cq`Ap@C@+&5uTO& zUJcF$I`)&Nz-$tIZ z`Mn1B5Au6EPo4LV@oWr!UWD5}@x;GX{CH^i)&l4AT#4I(#IcayRenF1X9K_A1*U)E z1Al_39!;f=^E{2`Wjt@=`54dFc>aUuPdta6$=J$sF3%dC>v<-5p2hPjo`2-o|3sfZ zDh<)YU-=urP4%e1LwMvihTEy;;(A=Uy#%+DI^5oe+cCkdCxrbDZgGsKh!)>|Fb44@ z{YAG^ahvTS+nJ`O^YfkYs1y{=wxL_ZFj4FQ?0VA zKDoVe)#go=vF1>%(mT1US*bTBYZHy?sQH7Hk4=>Tq}+C*fwf_8lkT1 z!@GMH>(g+3luB!ks}x@6=2RJO;+4ENYP&27y^pqcw3ZDGT}Ci(f%}tvHS5SkeRB8S zYgU!%l#vIjOjbu)Bp2ytusJqP&WHNy)O~20`uKLrH(s594j`e{qMk!Wo6YgQWvd{( z*{yjMWqkHfWm|o+)pN-BDD9ZL^TR*Pt8A#YTDzJPL)L^ewEXl0@(r;hzO9b8*Qz2e zwRs3Iud;F7#TIg!JdgE>ekOO9^Lq&~DAc^lO4Y%((dOWeO7FJaleN}d+}rai^3lzG zQdz$;y^3t5=d#wNdfdPD*myZtQ3@cQq<%n1NV_V}xoEWymPKZfY9$Bg4j_ zMd4QBDkZQ!tZdLJYUPSNxuU;iqa#heZ6B-LZ0{B8&f)heXNIcG;Igu2>=Boq?BvSk zT8r#gCu)`I`1nKMXobXT|pkB5%@V%mYN=o(Z_ z9CGAoQKS&-AXQcJNZY6-n^z%FWzg9&!%o)M2P5elsNemM+(sR23|3Snbp|C3 zKFuAqMx{D56na^IwwRZjCupsmwVUf>dLyS4q z9o5R_jjPwrwH7l*rt)|NX3Ii%tK>rQSiPl6CAIh|j)OQ&PF4pcqf{gri9y7M@YE~4 za*u8{+*I3>&B4)Hb)qsnS{+f{#^~nuXUkV_-jpr(0m&LLG;0`iBwNts)fHOVa)@O6 zSao7YnY%BqH$)HV2p58gU&Byrp5Q~5hKrDbqIL#1j|>^p%A0JtiA@%c0Qp!GYHaFP z^{7~%#a9?oyEO?{njGA2jeF6m6_mJ%RC7bKZ8MaF?8&nW&Y{enZI`P8 zBFcNQ%i5B)?pHkbKlQdm0k7O_MYS=9A-D;Z=ki-=c0(;TnvK3m#MOFZygf;$_An44 z^;221e*FfdY?IlW?KqludeUq}BsHy%D^_h>z4_{Hel!eeC{Q^?P4nnHqoHfjQ>vO7 zT8%M&?`)1T0GU^Y`knP5)i&9+p=^5%l2G?N+UbG5BYEGf7sIqAKYN@>8JeFmGg#Y&)CnZP9&VuBMG65IYHyj|pTK zim5sXgQ~deUgL;$21^++?jbQqmErl-ObV7n4enc9s(zJ%3ZW|Mjh$2>taTEB>V8M? z0CN$u(2FE6K?n6oigB5_MML?Vq{tJ@1j&+4TtWInzN2ZyM|UAq8oP`Y>Hd=8Xi;QN zUV(wlRC;~vGUhQmZOtwb;4~zzJ3+5*j#XNktVMobPS>K_mkb8N3PPSu&r)*mOaxDz zUx#W|IjWD&fsbm*t4!kl#F(Zlfet0R^jB6l3YszDOd^2~qwep*NR+i32S=%;oi#-3 z<~ZVX3J&=k8iwG*skqFWY9L1|MacVpL~7=pb_G?*guv&|?Zp{F*K zH>fq@)Cx1_nF-Roz={GX=3TF-UGq_z7mqeaY)sAbZ(a(DO(c%oi+Y-5J=2*~h9~H4 zMXF_AQ_Eq2XD)|%nJ&iYZpl{ZTk1Vk1i#S7E%3}m3|`_auR4Z^IVlNM+K40~lWr1W zE&Ze!oY-3^iFFXuh9;ysQJX|=MQ4)?m+B3s77Ns$$JwgYc1Up;Y78X?GrK8Yi@9m6 zhYpYJh6!da@8-dwP-PaPg=QJdcZ7VGJXAXc)_tIMMVz;BF^oH7L9QNEUGHZ6uwj+5 zTV2K zhPJK&&3$G%_pme5s{1MELfn1&!sfmsbr?0GgOWmFeA|wpVa*$Z?pEv{e?HRJDY9!3 zX1Dqvm0rHMd_DUn*V@{!Z$jcurfm`j^B{3{>tj?4>64iwqBsd`busGNzO7n)0O~uh z4e}eon`2T)#L?d7LW9!b&#qT`HQx8+Uc!V(`Z4Qf3Kpo!NG8>a6cM-DgBmE987eAh zk+!Nbm#Ge!DoPO`GQ=;MA{T9~qK3%_mFLO2&oB@hYYei12PuH-zuk37NPr5KB=QNic2cll81 zRj~%(6QjH5y06fC?$`9tG9Ln}l!>V4Q$DDpMrn{O7gYGZy*{GfrY;Rl;9@}<5&m+j z^xTM_r4%vUY;`57=0WL(bDeV_BP49Kb6JfsxgBSdA1Wq|WdwKSaR}8ysZgD4Pt=%U zC6x=z%%sY%9Zr$!TB3-Wg=Z+Ea#L*r1+2+j#Rs2hz$^PJjH6a3CS*}%Ms&2HW?Tpd zzIu>G8tSlGagJS*7)mJ^^9a7eJaov4)h#w#?dbBMkc&G$`Y_=$5}T*C)Zz$OuA3UF zF&RheO7BOziNMg4)C)x@k20lvPd2HrF=oSgicz$O%ORu=`owpvx}#Btt0;;f(22_6Xj60b z`eY1favGtGzJkJ!5wnn$N=nI*hd77p>fsDoo!^R36|xv8Uqjor-C+Si zvus$BXMmMRqzy4@ggM07NOLqtp~{P%C7eMpTBC&n)+TH*Hh$EH;oZisAQ=0Ur;>_m z)nR11AX6yp?q*v<{3sLRT~!2oNFij(23^VdMzR-XE8An^1y7q&(N;A!7@hZ>C11K=Dmi0%Z+1vsJ~?Swf1HUdUXQ8jC7tEgbOK)Li_w7+9*iRr;!4)v)6*5?;Y*@W^Q6;!m8@ns{@KZEq={sF7SX^}R zAhD=$wo0LRrWwp5Df`KtJA!E`E99!Qa%#1iW-@#`vy)g|^3ZA{12>FSOy{LNPG8VmB;|dH{4yoZ zB0%UOk*Vh*PZ4CI#;8%X^b^in@vadg>Ke`i*=!nJNi0^3jCRQtTVCM!C2c@y0OGu= zGls%n=NBquUAoq)2DBn;ROHL8vyttS2z|M# zR@t~oG(B0n5s{(G=WVu_Q2K;kj#V=i%hbg~radtI^Gx2_(gJ8eRhKP>wJt$ob`@`t zO6oC~eQj&kM-guEr{&~wg%$cu8>KbaBpswEsMLCSg7W3d&S`4C9vyrc&4@HhJ__|; zNF*1rq%+)BE48I9Hc~L32b)GNv{V|W>BFK%jY5h>`h51tOm%NQ=R2Wj?mLs$8GI>& zo#pJ%(W!B!p=>L4QRBwEtA*g1<_UF}){MtA`)}1oWM7bew!U%cruFNlmc=(p6X+>n3ht5X8LcbzBFjT0v!zHXh{$r1=3y^M$aca66c=98 zsPw5*Vbbv(TMcT<=ZR{ipiQtkE@-@Gg^72}Y-L_zR2C+CX3Y_Xbqu&91R`;pLYAUo zT_pv|aI;iGtpOFyS;~;UbR(A5uIhMhVklOThDznAyswlzm>#QZyF1ZNX;rvIp-53w zlNd^QbA{1VI{B!BZ<)-AH?7ASe=m(+$>MgPl2s5IV-q}O5XR|Kds7c#)iB{=Y5Tn+7GymhF_j82hOjB{GKMP^=cGmnm?`*MY z!el-AmAr11Sqyjb*{U^KEEgeTtDA+{PmeD}Gka+6VsadWh-RXaDGYBErxvLSCe`1w zS-PVkrC6vztE0QByGc(xdMJqrA){3t#-tMqM23e;YNMKsXb#p|lwAT*q8vreHj5fG zU2f={s3bMDqPMkn)W>Bsqd|RJ4T91Fm4$CIGjih$Q+CHFiu_8*k~Hlr6+_wT_2r(L z&e{5luhbC~HWbYNoRXZgnR`BNVX*Na&*+qP$|WS}O2^BFpMpP`qJ88rw(^so8E0VK9 zr(zE?fz}Ap4%9<5iFQuhXr2d_gu2kwWhSdiJya+o6;lyxK$Wd#hLp9!8glQ(R-Im> z+G9qqOjD%}Y-5MKpok!GrH)$|mxyp#)*qph#0({#=#WezY=kMk=R9GG(@c4fMn^OG zQS0b?5wU8{bpvMC=i4RJ9a|J^j=s*B=eTf=l-=euFsFzhY#X4I>13w(?&Rl^20p_2 zP4V4Up`FlKafJSI!YcfjJw$8z&uY;k?(Y4>X~D(xTor5r|E0lN3${H*PnOAS7TqEf zfZY{C%S<1;_m9{%Npz)-5@Rg-(bUwse49D3B0$%)L6*&1Nw$tSOc?@?~Vt94Fr_WY&3%4+CeNt+Y%{#m)|o(|kuCRqByR;5g#~WPGk| z0I`%UE3@6gcqd$Eygh+>5N%@%LDUirvsY?K7M%ESeRm7(3{1RA)oE#nqD}E1ETcMu zY^zP~LfMFjrBy=Bw>#3ACftrNmEPCz<#>_WP*@_&)f-sk(4Hn+4l~PEuN!CXSqTCO z!+L$ZJ!+Egg-PD(EIMh4vXtREgR{)BI~;wTzvM~O1h;fLI8Hff$iz=v2kV2%Qc5!@sLhD1BO+F$WL<>A) zd;RupATAIGKeEL~`ZYe_Np5%HHXr{wzlVT}Dx2W|VfJSoT)B=Z7v&78mO@#_D~p5D z$KxkkQ-}S!e#a)mHpS+H*h%+~%++8V7=BXaxkprB8b+|el8Uw8@+xJQ9I<3%&rxeW zvjIq}-C+4a^9|PP^)5!oEMY8=F`%1EPwGns%LR*jrL=i#gQ+=4(hh~QOhN~E< z25R%(8|;q?F0xMML?$+fK49z&10$$iWkV9oc72=Dl!1n6h3UK{3?fXhuTv%vc~oII zAtSlLQpia@F|%>W7Eg-lhWQ_+g@O`Ko!{K3y-GEjm4u0}CQ=n0g`*jpf1qltN% z%wY;0_#5E+=9JH}cSWLQSvZvRXfp-WbUB|U`*y!De^j(nzhc(m)60@!Z7wF!pXgl# zG*UGZ&}x<_$4sTx`R-OYk6Zr5xhI4b$UmFGOE*TdUK_$Bw75)TLQmY>ByM8Ua1ng& zG4#gVlPJI5S|bU(kVpxc8&o7=$#`EMytZ#^``Tb79P49BS~e|dF*kNmVxfAwi4)%O zW6rGgQax|BSoHV!0m95XZ^_!*c@MSENFI{{GnnI1konMrY9pV3-h+9Lm?H@$k6=fwHm((zsbPXJ zt$EWt2t&%jK22OS*!1<8^0$w82W$4pq%|bpB;wsOWt=4a^JH~LO{U5G7*Mz1FeSOXG$?!FH!SI!C7?@JG-rNhotUAnpR{&zx}= zT-bI%TO901htV|~19djz_>UomZrO1TgkaksDc|um6!+*zC7Nrx!_-rz#GX$6#U|;+ zxYi37XCrv0FV~D1AVjm&THB3XWQy)l@=Ul zpOfw|mOLi)S`&g1`$_f?_hcLLU0%o#ZWv=SAergd7!_=DhHWu=Q4a;#i*9Fw6Ayv&4xnW8&On8i0ux^8CR7S=}=z1~5#h0zR`l8iq zRxM$>xe1<74NGn&DTrTQ&{yg2XBgXnjzv27!5!Lh1aH-L6gat%9w4@@lN%|Kj#SoDqGy_VOWMxdQ0|!Eh%_L1rYPQ@8 zbC`=?o7bfs$410nDP7Xl;ko^lmCM#$ylUh6Et^h?!OUwMY*P(bZqXGq@XC}DVj87o zo1iV}Hrz4ga9ibMf~U}hPJj_;0_u_BLLV~~o6&XnFl#wiOO!$~9)&u!{$DgI@kA+1 zd^8cCOX2OLAh)K|j?UsgrO(WcwHD4#FkKUJ+T2oN5@rfvF!xU#lu|T~5i)7Zrf|fK zX6u^U&-<&!(KtFQ`M96Q>rKN$p^_+-CwlY&F&|yRi6x1^B~$4%W)CpQP|N^kqGBPO zP2*SVzFkYGTrNx_&uJJjIFh+oGEG)AlaA<_5?>mNQCB{Bj9wGAYwe!U;FQ2cVhBNG zz*Jo2CYlnaAm_wZx@eKyoHuT7FEw~6wrEhn;L6CsFeHI_pYoBP_9LUP`x(UQqgatd zxM&P9aA3&0FG-syvKLwl>XCHKn-H-hM@#*p%Hob&C%GsY({$B!%Ln`o_u#(iT+cD=k;pd z3dLKJc(yU@Kc&PMt=_Q7M!5cL)2bDl*KgdE>4d6mlV-=&(N=S>vezb4()uv536>W4 zwz!U4XweJ9K87TdnY{XRP{N&L4&`tlG?0BRrie3pv^_B%8oDbV+vJB~NGL6gZZ~nx zRkUsQDMXdJ)O1+8aW%8X;6zfti;T3k8M0-Yw(Go)+P1dNB5KKCzSYeQPOG&Wg*TI@ zI5l*?rp??gD~%9`IWq;8J%fgALN}-ibK`H3iLHhqI@M}(vrQsQ zV?DM5RO&a?u$Y?H!*o833q>!kv@Hoyn%J7Tm&7!7W{y@?uXo;#D0Wi~L4H#R)!BEG zwr5C%+I(LK-emm(%`;V)XpUoUZ+0Ogg@sYkMe}VeCRVWv6nS67qw%pN+b3DRQvGx* zZ_izIw(;+hK!{RY4Q#%G+Kx@NoRx*}zd4#m^+KwB&WGk^o2f9f^$+R~SeSLGFtyP9 zKwi?-7t#p=mQ^?WgDn~C$*s&sG8&xk%*tc7ijFY{6IeA-BB14xu-uEenxz_OL99Yc zDwh~i=zL}NN3&jaS#o{C7wwxqrOG@E*&~DXiWzVAxnF@1oafV{z zj{Y`wFvcg&!Z8`k&Co?yX4mMZB|+*Bv03Wk>^=o{(N$*Vl{!{iJ2~uWo929*(cFrV zG$dJkL24*^pVqv_*c?;R0&I4hb)73H{VMU~4(gd<={I#0)pU4H7Vd-3WYykXLa#5j z{9xJ#I}!V%nv53WV6(`!4J^bgPU^|5bEhy3OGe#!N_X-B8D}SBC&w+etxOaVmK)+C zw#@~U_S#jOmuU^y4irP$i&^Q!_z%quEC8w1qNx$Lw=-x4LEM zF3N7&;nb=U-8e0PaUK@1C0GH5nU|_dBT#gfC2=@l$QBQf*3wWS0WAhZ@1>*ym6gL$ z@F2_tG1E-h$!=U#+|pon)*NXd4o}@poD=RAHgUy+(X4G_mzZs3Dt{cvt2=OgpK~bN zg~za8*5)?hXoxPKi)nw?&^B^8x1RpH7osDdA^GWwk&H7w23twWX%ticGMCA=_{OMs z5=mg-4DslLtU%co*wlPTW_}p{MK)cfjKXJopS*_Y7z4f3xSWwTw>%J8d~VFpS8pQU z*b0-56ex(e<(}fiwZ&rBb%W#W>zvrqd2F18*L5IPm|AuOZf`^FeVue;9$qooc4CU` zli_J28E)-v493bsgOt?WcDI)ggKKYijr)3y$eED9SI%(SQ1q&eB4+fW_X4~FJufuusF!u(6U_X_R%jE6qM9F60{4v>ya!k+4* zuzxK3sJZNr3<2y}t+Frx2NDg*QgIh+V4kEl>m!1B9}2|?mTIo-!8@E)s<#-Rh?yOO z$~WyADlM{%bY|(>@rqd%CGk0|2D3sNkk9-&zH8+1QLW2|se$0tY){u2bg=$>2YX0S zA9JJoF*|=xVwMZ+dGzu{#`54+Ye{GCP$DA2%cdTkQGb@7%)7Fz?_`XQCcT4g25?(t z$d_%r3A_rCT8cCGC z_=QHy=c1?(66&!Y<5oa2Vqsmv`;cuZ$qN-NqjGC0#Uk!Ii~7AVq6@MleiyeC zCX^w{QJFi_3caJ~1I`)LZ&_T7Oq94o4Ma_}QJ%(R8{*TsRyyENU3HuNhhz|W;zlFX zSH=9r)c;Hg`+Kftv$*snCNkPV&&Ipp6Rg-fn_sbc2DT;dZ$J{_GdI;>Yo0pF9lw)wi%yzLO zC)#dZzhU$0_3KzLyS6yRG#qEz7tNxUl)ZT!F3IAdkmT43;O^O!j+m6Lzk-Us^IUBP z0IXus6eRo6ArrHA>hB(1G`D;J@fCVFuY}BJ+nMhZ_9YBA6B^}QJ6kJbL=f3pXNf|2 zD6E}15!)L|a4m+bn&xIvthO4^;5|Ro)qu#B){H*Ht&{|xZ8fChM5Zi|ZLC^X3rkND zKB&95Tf4KIb4RM1x$Z^avFeRWnNkTN^Jx3K$2UXe?>$28fU-;#d^y==mDvudk^n-- z@w$?BrpwGUR(hGo%*{MdC`ouzHCy7L^|se;G$U-bMddp0Y^=rqwZT@#@*tew_zm?! zWp67juxCDX%b4ZnlVhy6!a>hL1Lg|)Ot!HZkqt7eWmwO!Fl`;SgPNRvW}rS>98F6A z?~wxDNB>w@%RTyRw}pVFGQFrQwtBDG-Y`eagf;oNlp(=KQ4eJ7P}^0GQg(}z?UsKD zG?zNXLrv1Q@;xOP*C$}Mn4ixbQ%S~UXM9;$X3NUUy)ouE^UUJ@FH@&xOa^ooNNCSO zt(b`sx2#XuSQn<*#p&R_Ae~m_F5|bMaMVS4Y|Q*K?r{Lh2U`p?CYm>(GVfbG)Q7Mq zL1$5-;iwGsFYI5S8wIeM?pxa$sSounZ;!P4Ha8dLL)+3;6_V*6s`YGG-?tH|MzQoE zBe7LzV8O!k`W7tg8#uSJ;G9Kgo!hryV8Mc(HJmWgx0&fo3)8pe#G=Z^>TnfPtc!G7 z0LMsTd%bwVoQ8*&V%0uY>u*ksEFoNDq>bp&x4BjwTU1#-QN4+Y2b^F7*=vt5kP>io zXnY%1Zy|QFvUHSli(36H_VWzZXhim0HENSZY>O)6lh-ZZ*t2%^+Eqm*sN5?oKV+3j z`XW>3&NoTqe4W0+4z0-xwrswr@7%(l5=A)eTZQqURPKu^=W+%=#~nejqkR{_I5{q) zF>bG|3kJ?-V~D<7(A%gisVtm(e$Q2XVKb|0<%;^mWEIr~S?OQUhuvm%As$r!)R;91 z1_oY<6w|fzrX`aQQ>rT|LNxX>aEB{NG)k%ajaP>z_PkDNlrb&5G;O0y?@$|dKpA&J zh$cofsvHZ(Nkw~ZV<+hNC{vlCCXsQc&Ym|Bd`V@`?GsR&kO;qbQg&TKd&$QITB5<3 zVV-7m@y1Lp?D=05`??^S(gfXVP4woiqhDqNK-QBmB)y?JvFEjL&k1isZW|!q_)1y_ znR3tVeNrHBexuqNMips#%0)ga?DV18e)ePODj)lzdtGdkSGX>Rl-N(by(+7a^d_I_ zJfpR(?Rismbh`_c3YOmIQz}iqvOjbFFM+;2p5-j8SnGPFl`i+mzu8Qx^l39^^)<*4 zTa-qqAL3%qz4#D(*Tz`6bX2vmg!j<%V+B+KO^HdwdJbGcxk(*zB70BzRo4O4?ILU}p1=MH$3w&F14i2^+L+cj6z^cSXGWBo=SsJ-<;Ce~5- zo=fuM!@g)TsW#Z;Y>s5GLeK{-yVl>lO*FIWS;Hxkj0()w=t zdyvDp#M}@Q=e{89WNzXLB1$Fou71JKk`8lH&n8TrQ7dr85wpacV$}-=_uMf~l-BH$ zu^Lb_9g26Uvd9Q(7j;E-v?4={9Yr+axdrc(VhMKBY_-~T4G$(b!n5o)Au;r>NphV} zURIbIBL|6^ct_S+@OI7>sXJfyGV+-In9>|yN(Jdib;l7 zX{#%mHY4M_%}Q4gjWxq1L(Ycm!l4zq(Z&V>>iuTc0DZ@7aEVtC(G^>2-YTm-x`Rk% zXN#H!xGEAnLv>EDsC~yOtLAS~BUb63D67*T3SFq`9>nFRsR>LQvYbP%Ybr@XonMQq zlIr74zbZ)rn=VBvin)Xvl;Qv-x-p5Miyvg8VkCGs5)oOWOrDgfHox&}q^grHV*&YUqbE|WAP zUd+n|>1QZzV0{!fh+G=uXdrUYTkq%aV!y=6@{^R1L#RfzA+uRY7>u$NXJq6hT;wFh zoOqH|2F?wRR`A*_S6XpazUL8puA<{8YP&Z;f&xp0E@#jZ#YIo>sU#t`UD`EI7gcY9 zpu3OsinOynQ(oSYKM_o(JNbN~U?K^EK#8eut2dlzl}~=@DyWc(FpNFyNY;@JHeF5W zMv`uqA;$J%+pysE7TYjNvqUUatTx4zVpIM#T4U4YV)zUm#cQKK%ksA7D4T=G^iByk zI?hLDOX`#C27n)^Tl&q)mg05)B&N+~y=*YQeOcsD~!phz0UDIX|CBcdI!>dV(?A zgO?>0h5*HhP8LsvWl?yinC)$9nRbg_-zD`TrZ8}jS)1yLb?B(NDFe^|U8^y<=k_s) zn>L=>6dlcmu{XZ%O zk@s>VE~5~cPE`*&mtby*xFmZ_QygXx*jMQ8gE6yRM!vV&vq_t7+37|!7N|pL(j;E3 zX#-L*ABm%G5VuU3Je?lN?Clu`2Lv{@)eR#eP1fe@5TQtV_KiRcFl>6)IjBX-G>!g9nDO;KV!{S_06 zyGlv%U;rCKF6>sCDzi16_UpHp+5B5Jezwy%D!R*DtoxvlvJ;4{#P_;~C>6qz)Y2K( zor!`PoW&wdQkVL7HVH*_MliGQbkGlsq@3rj!JFHh)#symDbX2%ge5v}6&4TJqEHGt zU2A)SzVqJ)B-TCrzP0XMof$eadTG*BBhmU>mYL$^i9ppgv)x1A|Bz!Sci^&GDNl#R zc~Dkuuyi)VCw#&Q?n%VAe+lPEj6MKJUJsk25E*YU}<9Ti@_1PtFJ_InhPl%M7 zGZ6niwTt(Ya<6~DETmgxuJ7LmHr*LmhMSbWtZVIBsWD_q_u|Fr1hi|wQN$gsH|*9- z5AHKXcAtiIDcnBQu6soJ4 zU|qb>DEg9-q}r}&Vv~)Ty_xt;;eTXVbKYsfxuQ_5k&N%~>5fU@H0|h2DNbXeaBW;P zrKQ2qsy6I);n@r^dv4YIBdBsZMzC%{Ftm|mE~S1FD%Lio_3RXN*F9whUZ%UK!HFv> zIJ#yLNyd(#b}m&?(fd>fy;iq;S~!R$t%%STV#W`c16sVDohP4T6ap^$40~^2rV)6g zWJqQ_p~&g3(AUWALlaDM7nPSx&FLQGaFGM>NV~|W+PXA9b)0FP=BW# zU%RO3MX@g$FDaH(>|#VqBuGUNx6SU&+k1z{*?*U3GP(yxSx!&e-D3id|@J*6h|S zYYbM+{hCF|_j{g<)>F}#?on1Y6BrB8WL7bz6V+E&AQp)R-^?5>0P1LsFYa9#f-L;1 zMI=swr?P)cYwtedU5vhN$%!?^Kos*k^nawBU6zh=F>e^aKWg3f6)x_Mgjk!0ZBsIEqyJ zTBtAMQ)b=EFjGU;iZOR#ZbcT9MRiwQ5$WTi6q;cv$Zv%UmSLpN|FgL+Ey-4JGxznS z4D&@JxMxVbC@l>i=@2qXhz;h4PfYQZiUj=?YlG6n+h&nc$*T+)W5D=hceYbBQQ`S} zmmC;3A+`=V$0#yat4+z#G@;^Vwy2IPhciB5A-zDRHj&n@?2T%P(NmtFOC0UuE0thO zVaB=%YB5x_k>YeC?O4+}TNN#OOPU9cc5~oeozg%k zj1CnI`7f)=SkY@pnqld#ShlJ`0r^1?qSkVvQ72sV3GA=Ow(WU4=BMa!#F|+~gt9rL ziOKMw_Sukz+HQbj0pK6Q)tyc5R`)@v*7cT4>zXmJRh6=lFefTArCN+zyRhcSdpnCD z>Zjs}!#cjiw{jVc^cWc%K4Ho&*YhRgUJ-RZ**7&rq1v$ga#BPx47z)9^4Ot~s#xHbs4>>F*y zH8s^lTAOKi@U>azLRo5NXgfv?e}eV{8?>_cpTmvg*{s92H~ zryfu-m~F#ZwMf&cg2aF|y)-oEOS%rERmUQ#sVhP&SHOr@=)zETudc*+lPcD3dQyl4 zl*=g7`hfEwKDD&t1+)Jcjn+b)1g*n&%)H9}%(ObJdB*Ui&~|NT$luHnv-DPuJIOnh?09SB{`Fid2jby}O&n&LXj5NwwIS zs(0#g=BCRDLu0ZmmtRP#Iy0?hhv9xvgy6y3TjO}HI*plgt*3eLn@D4%W-Fo@Un$sn z){v;&ASI1+p$ErUN1}l&eCc1qa$2P}Ph9S5YV8-9aCre|*&qcuNK$}=tWwByA&y>N zvPV_7w}DRA>4jKaC29klKF39^&|wtvK4aef4%9d) z%HwyfDF#xT&I&XJ5RRv#o9Nor#FLm+p$pJibR8d~m<@ySiBv&;3R|ANsVuU24Ff}o ztBZWPs8%|X%lT?f3%%lw^nH~4Ibka0Bx8_3G8XJTp=j=1njS%>k{Od!qBn|8FPWm} zO?;Ywtj!rLy=Z;7JeA1zWV+s`%#LY|p01*o?n1WnE1TMx!LgOm6gR4T;RTgmmwqLx z(G9f4UH9f7ccCxSCc#2ZOsmhC0FtFRivBMtZ<2C#dJJTq_+T3t{a7rpgP$gT!fHf8 zq#bD{Ue&*B`5|_w4vNgb&qQ}t0UcW7FcJ@=`r&kdAjcH!E0<(U5?B`J!d>W9{7kId z*qn1N2s_s#TPMjjhMg0!)5x%)&SkQ^i)U*K5I>PYy7dU-@hh~lC7ULai+iYKicEvD z|3_Sw8MbR)q*b=&wsMOo#`e6O%Vn8=v#&{a%dTj1xTs=^>w|APQ+TW<>0xm4*sTTJJ3$OBApD8eL_ z8Emj1Br3BlX&6uGa6+;jO1MK4+y=Niu3Pr*_=KxtQDW_J}7jVK;MnPTiG0 zN-I9_++w3cF)NkU$dt^QYWA~p%V*&>dk!lBV;q!Xa&a6kMM}BaT!bZE{X539Q%Qn(xwt{-l)K!P5KDNE* zE!t#6xez~Ol&s0Qk6@;V*QAcQGrisS^_rBD**t+-v<+c#M%AJ92<$5Of(~hwBy)_r z>GtC(zGw2f+6qO17*^TEXhT)53BrVkZTXBJh*pdx*``7{Ygvff{51A>?MPuA`K3t4 zI$M5gZpkc<7y|F(4q`f-@9Z||mV1Gz#C&;^`Z8u#CRmMiGV@+xX%uugQw%9r2v!@h z{zIG1Z&fv+rU}hZ#b^p;UT5Fl!cs!c3rIWBB~q@iRF#x~;ZUYEiApC8p{`@vch)Lx zuK-KF9g*e~WFDicE>uh8yg?*eEp`djL#u(Pv&f^3KjfAU^U9lgT>ZyXm;)devRq*E zEO9t?IN1`CkBc$5vATqFcZ`D}Gy594(2|CLS1@NYg|<{iF-;UE3pgfhnoraNnF@z{ za~=}JIGtA$BdOymTTwWBf)hAbCSp&XoQ=NwT7-nU_Py4^E{y&{PZzsQ%mmBDvH8>@ zMP2xQGk6^ApjBgE<1BrjHP3P3EUlE9)4(j5#Q0$aF;=56=*Kk$)Pz~Nv1nSBZ42HZ ztv4hk4j-1jkdC)N(tZ+)kBD|UL-fE#Dt2Eay?~M=0eruE5nng&9l43r7E=hi)TH8r zx=5U!0Y4Yy;?&u5ZjuDMl)~0>xH;pJ2q!c~d5yeO1yoe@)X4*;@wbosV7kx=ZOc!aY%lw{Y0FCrM(=kOj zwG!Geu+D6KzBWa9e0(YKM&t_TW0FzQJBv+0!(tyYzv~C+IHhsZC#xF4;+PN&kUJ-E zTw-jZWRL+7sq>16S&F&{U1^+;2X>utJGstyO0e83c^k9!vT?WZ4L2KaO2>JbrrP{^ zsHqX#?7=Xg9;=}vnB*NEq^jXaNjX!jxc3xGkxn4koL~|TlbI} zJ8Rr~j0HV=KBuI-_XwsmMLEXx9Sudn(>S$i$|^qcfM#ox&cG*n%1a}Umn7*9fDz!{!LCRmr ze7Xqg8(%t7;9$hihLU(a_WC!$)6VZ;qRMP8UftZm_dA(mE3HCA_dR!zLHL10Y}eDo znn;I+AXsp77n3;DJGQP>ifY;mnmZ}bX= z-zQI+=CG}=FRJ^oDcG!~bHBHgd6ITI3|7b3mTlsSFFW{YrO^te&7Ns(6xBu0xtmr; zm_*pNDzWDW94Y-F?BFi;zQL?YvB&w2v~6U<*Dmv`p{bkl5;iJ~$a7qyA5^KhGIaWG z@lL8;sE8TRFyfFoXee_r?j-x=u$7PN{pI-*q^e6~mv;@-*?g3OOT&zxtzBM{3DY?o zN<{{`G_%qsubaOzmo~MZNlYtD;57Rt|5gas23Qj7q%Z8~79OG;cg}v-1#^MYJQx9$ zDL-Sj-Au-q7!NJAt*~SvatL*hTuiWj5*J2k+A!uDy>&((mP9?zmW4Fekbauoe0r;f zGYe4IlhhfR=RP0PTs9r8@0?&35=-Wijm75{zthE%oMu!=+F>xGFWM0%=!)z-9+$9V z#)_QG97ie!c8>`LAIe1S=>}^!N3I*t93Uo1(@$w=1_zpryd$j#I-wc5sgM))>eUnH zdm;bxNEJ&jFZ`I_dtID%KyjCu5mBy=?_kaMH?~}tWG7e+I91cu`3B!a-87vS41280 z7s`Y}s9YySk&&ksI8c8E6$OaJGdKJDd5sm2F=Lv{>;0?;xs8K*SyxCqMG!N1d~Wpx|pq0mm+ppq77 z-JYkex7jcKAeef{w6Z8)5)k>NEF*-#TKG4yUh7cP1g>eDQ_o~pPx)nuW9{(WP(*K597RcUTi+ zx&J1q2Cg)@yL3Z$NfJy1p+Xa23$W#s^SioBBScrN|(b3FH6 zp4=0w!3;vWwmayPZRJ3!>{9oc(rweKEtgMcKKqcHj)2w54Q&+P-jVa`ywiLuTrne+ zf-(&vL4$j|@lagnts3!mlmbli&0K)0CT-{2d?$A&7kn#ZetTOv`&>KIx3zt(E#Gin zOu=dL7MhVf?UwF+2o)5b5*j+v*A3y_BIsIwfk(X#!tZ|5xA-Q9B6q##yMv2O)BQ{o z2$Pw$@fbubJ=>W1*BK;iQkO{QVHJW>JYSlOe#3c7A-jywTJ9v#A`2|3pfh4Y zakPD7VB#G6$S-XZiIwB>F+)f!LeU)vjh;N_*Qz#N5AKIfDbV1QCDRyF$g+x}Wb+h~ zy0#JBN-!WX-s?xoW*6*O>a;Z&B>x#IYru!6Qf+yh`*L$QB9UrRS|6>1X_8@;AEeCU zm_G&vt%M<_hKw?P$>3lNP5M5VDbw3I#LKS}zaRc9o0Ou|G?L#~`(ZK%F@%YqE@_CeX&OkM^3KBp=N9bxmvdb#* z>oXYRBbBf=zyZ_iJ11c9&|HzIJ%MhJRQdl=cWbayW(tvOFfbDLD{l%DYW09gEdMkW z^yT+VpSzyJKCdNSzeD||LS0qP39$wyVV7p)%c_hF=FSyT8&+*x zeewED>rW~)aM}}<>rdi3Zb=hg+^|kI?Ic1JOkK7}DxRC9B~2uUT5F#T1ply9a9-qecF0rlyE<;CeW8;-ajQ* zJFE4$AA<9h+42|vlTYh-@JU;oV4GsHu&NX^wJ+JwF%95+R(h*9uMLo$W^S?vK(MiW zQXRRT-GZ0o^L`(K#9oYCHPn@-SDHR|)=RMGv9^eogwhe2ab%}p;lfDbEew^KJ-Dg1 z?^JZbr#gymYf6v~dE5hZ%U3M$)EJB*DaQ-Dl!(12^r`CTV0$#ws`b4+w@uQE)VS6$ z%Z*Hkc*5^gU5WRl!beczLEN1K7z1d&R*>7$bj@Nio$ttrTA2FRQNMYXY`WMb>ckHL z$WUs-L_xaMYGN&M6~#=!C`q>4x+`_3E-c4;yO zWmMJ$ZhH->izHA_AedN^;>Wqkj`d`#F;$(%$;Bl}oLw?g4P;;Va*AIc2Sml%)h1Ey z#VSTQd}&W_K0R^zjdFMq0^1_hbUyR;o{-N2atS^SUur6~I7)g|i5V>RYGaa}XRj}; zpXFEYz^9ibw3+4s-ojk9I;t}U>Gn|xq%B~2PdS)rxTg|FKD+gM!TeJCB#C~uKp_(P zjq}A(uU5ke&sJ)|(AVn4QjSMHY)p>9$;lwio2%NDDhk6~whxkzG_P8jVRhIiZRw1h zSaex@esR55NSqaksrw*~Oyt?qxGaICOodF)C{Zx$A`o*cOxijaFca;Bcto$s03n8k z6vnr6&MqgU&Ztu}{Mq|V0pUAxZ?$yLSK zU2z>>m)@hOUd46yt2XJr`+PbiV%a9T(c~(Pvy(3tg8k;GV`ONO2*Ct|1IL-l6y|kI z)~Fa8Kz&eTShi!LA)=tEERki5g08XWj!7L1X2V0tPgrdXi4{IcNSYTc{iL{`Ih<}s zhX#_IDxVBBDGkT_4)CgqMKfN`hZy-28U|g$n7KG-o9)4iIso~SS-G3h7$v7`xKuncGv{XBLmX-wUn$` zml->vH)!h=x@!i5a9s@bt@UfGX*UH8oi*;nG@ix`%xpPOSg0X zOpPR3CAtJ;@MSYC%AKVjney6tl&e!VWe7m`zsdP+rl%zu!AWTvvr9NSWvng%R z_)*pQ9YtY1!&Yn)-LZ*T_=`gx6PA47NG1Rx_bFaWO*>5-X$JSfi_(eqb^Da5=s6wP zBjwYRQ-(~`;h4y&a+yspSRQS2pNeQ%l*vvOc8U`!8Lj*T22*a^p<%_T2G*tJS!1m1 z7Sg1lPAG>XE|4;;n?$RHuu0X8w=`Ua@YCinSt9Ggsg-`piMt9bp{$)T*&rLI8%gG| z&Q6!}d?h;xoGuY1!Ho6)Z^90!mf^TbQkr#!1vLa5bg7{V5Ie?nSrWzV(YnKwK*rE? z3W4Sn{9m3CcJfh0bHCcp8m`D^$at=8Q=_okow2?>&T3V-O411du?s_M^aN6{z^ZI^ zoKJJ3*(#DFW2jnlwf63)9&A-8?vL`x5;UtiDXTA|PB|#E!=MvSb8u=`N7r?YFjFYV zw=75{Uuga4i*bu6?%@cS+zF{HQS2ptjn=6h2q*^I?C}()bh(2L6WQsu6~##DX~cnX zQGQUs+$`Ee7lXA%FV0t%_4+(FUeAnCTbWbR6nkW=q|89NbhL23gM}(}inMEm=~Vd` zn}RkImZ4@X@)%8>(1t0yYgcVv)-@_AtvEdLwy>k9%w0Uw<+NuEP+1ksE7DaWjl^lK zAOzmP)*NUd_N(;kRMrBmwCGp}e>Lvyu;zgL@aJj#NcOdgZbhHRYVJ8r`Z1tFgui4{#q>_*oV zyeQu~MOf0cg=>o=7m#J_6i=N>g?toFPmNKIyM|3Bv*cIW1V3V`i|1;y7~!L3!?d2u zN0x@8?xyvvsKX9G6Ia49S6$1C-|%_HYANT|=18KeF8!}u<0Y+P7p|T!cfe<(3?!>P zAB8nKxGpu@!niY^mF@Xq(b;%`gwZL}>cXq`ZVl1b_u{u?|Fn7IimNwlh8qpCCP!!I zBA?!F3YWQ-j9=K^hbJn?HqnuvgiKrJOM_qRL>f~tM`E*S=zOBiH&2p%QMPHICYWnteE+358}RvI2zUD_i4FVqgD#Q-&ah}+n|@!npWk7{kyu41JU z^CfUws?3kb3iKWIB3jhFqP%jNY$o$@JF2WZ{6+1YEK^s2FwxZHt;07})NPw}%9%`#;}8;UeGTRd$wZ0~&hLm!CoH*|T*5W767no< zS)x#tEi|B(Y*p1^hzi<4R_;CGa$AKeXQT?dg`w^IcnC!byNdSzvpA|$reO~#p5#2P z&UjLVrYU-@W$j3lqz^)D^v-+)OqR90+-8xCOqBS6hS_I?)=YZ`q~7(Mugq<~RY2zc z(25(4hw2SR-6thwr5fU$ZG>@iuh1HF0@@<(Z?#QuFmV&s;~+v1r<9cE6jiw_XUS$V zsjI*H>}F@rPbmR2C5*M8?kHuDR8p<6DaV~AbM=%0(}b<6!*Eb0C`}^7R;nC<7@4%@ zygFQh@fDX7Z11%@rR#%x@YAZHxTyy%03M&AS$1?&IOx~q7n+j5^>JiS%5k->S zttz^55hpZN-O9PjCt9L|WSo*<=EFUy=$LeDBWxZ@95(SV57DZ{uZN*)yE*z)-(lp4 z3ERod!F0Wg0+p*22kYb8sffj9AShOpH8om5w^$W){dN++ds2UgAll#|X;Fgy_sV=HmI$Z%lS) zNMqptED^0Pz!Y6im-&%_nQey6{0O#O-^NfEJG}SyyfIzUNk~mCpXq!{$T@M2#zSL_ z!oHF>H=`1vK)5-v8TA;|4AtgahtbPG;U{eqsq#8j($y=?dMzurn2owOO6w{usdF7f zDeUH(Sr`C)d`KEeDetwCtyktv>5RI|?YsRmrn2|8+~;J-ik+QUI)wr`le&zfoHb2% zf8|PZkux)fF|Fz-wrK1s9c*!K=B1$wDLJgtdK^L=xFMmTT`JTaI9KW>A%=!% z5#rzTp6#S=*1>U|>n5?C_&fPxj~Q~){lXA52KlM3a1jZ81WtCnJRn5JSGHWz?Pl_U znU7G#2$!=l5+MEbEw<=qls@`5Sg^lmEC#Xw6FR#p@q%tD^IL5hL2&X#Q7yRA?qtT> z)b6O1YQhySk7ktt^~C%o>tK+bC+Cn3vVzwN9o86HpHhuUA%f!S-ckWoxpAABBR0mu z_4L|Lz~rX1fB9c>a-njFwGy7&-PheM0+-Amr^^N|vGEMo`+Ijfp^^9D!189)7fk0PM-K;J+jY_o*x<)LkM z&C@+1^lbfws#BTk+Sab-tid8by22`JiMV3DxA>j&|I^CW?Y*rkX%t9z7ASyizG;nhs zlB23_5Nc0f0Buv7OIBP_2Z+_ps^>T~#}0(9HY-xZ`bQFuB!g@UUAVbSpbjt#^D?wh z*>Ey~C|%E%K{MT2mhX{j6C8jRv1p5NJwd*G~b1f(TsBDY2wwchv3Rqk4!Y@FX B-hluB literal 0 HcmV?d00001 diff --git a/po/pt_BR.po b/po/pt_BR.po new file mode 100644 index 0000000..49739c7 --- /dev/null +++ b/po/pt_BR.po @@ -0,0 +1,4108 @@ +# Brazilian Portuguese translation for cryptsetup +# Copyright (C) 2019 Free Software Foundation, Inc. +# This file is put in the public domain. +# Rafael Fontenelle , 2016-2019. +# , +# ##### Terminologia usada ##### +# , +# device mapper = mapeador de dispositivo +# digest = resumo +# key slots = slots de chave +# plain = claro (pois "mensagem plana" é tradução incorreta) +# passphrase = senha +# salt = sal # https://pt.wikipedia.org/wiki/Sal_(criptografia) +# , +# ############################## +# , +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup 2.1.0\n" +"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2019-01-28 07:58-0200\n" +"Last-Translator: Rafael Fontenelle \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Virtaal 1.0.0-beta1\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" + +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Não foi possível inicializar o mapeador de dispositivo, executando como usuário não-root." + +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Não foi possível inicializar o mapeador de dispositivo. O módulo de kernel dm_mod está carregado?" + +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Não há suporte ao sinalizador atrasado requisitado." + +#: lib/libdevmapper.c:1198 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID para o dispositivo \"%s\" estava truncada." + +#: lib/libdevmapper.c:1520 +#, fuzzy +msgid "Unknown dm target type." +msgstr "Tipo %s de PBKDF desconhecido." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Não há suporte às opções de desempenho de dm-crypt requisitadas." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Não há suporte à tratamento de corrompimento de dados de dm-verify requisitada." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Não há suporte às opções FEC dm-verity requisitadas." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Não há suporte às opções de integridade de dados requisitadas." + +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Não há suporte à opção sector_size requisitada." + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Não há suporte à recalculação automática de tags de integridade requisitada." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Não há suporte a descarte/TRIM." + +#: lib/libdevmapper.c:1653 +#, fuzzy +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Não há suporte às opções de integridade de dados requisitadas." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Falha ao consultar o segmento dm-%s." + +#: lib/random.c:75 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" +"O sistema sem entropia suficiente enquanto gera chave de volume.\n" +"Por favor mova o mouse ou digite algum texto em outra janela para obter alguns eventos aleatórios.\n" + +#: lib/random.c:79 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "Gerando chave (%d%% concluído).\n" + +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Executando no modo FIPS." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Erro fatal durante inicialização de RNG." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Qualidade RNG requisitada desconhecida." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Erro na leitura de RNG." + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Não foi possível inicializar o backend RNG de criptografia." + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Não foi possível inicializar o backend de criptografia." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Não há suporte ao algoritmo hash %s." + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Erro de processamento de chave (usando hash %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Não foi possível determinar o tipo do dispositivo. Ativação de dispositivo incompatível?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Há suporte a esta operação apenas para dispositivo LUKS." + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Há suporte a esta operação apenas para dispositivo LUKS2." + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Todos os slots de chave estão cheios." + +#: lib/setup.c:434 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Slot de chave %d é inválido, por favor selecione entre 0 e %d." + +#: lib/setup.c:440 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "Slot de chave %d está cheio, por favor selecione outro." + +#: lib/setup.c:525 lib/setup.c:2824 +#, fuzzy +msgid "Device size is not aligned to device logical block size." +msgstr "Tamanho do dispositivo não está alinhado com o tamanho de setor requisitado." + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Cabeçalho detectado, mas o dispositivo %s é muito pequeno." + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Não há suporte a esta operação para este tipo de dispositivo." + +#: lib/setup.c:666 +#, fuzzy +msgid "Illegal operation with reencryption in-progress." +msgstr "Recriptografia offline em progresso. Abortando." + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "Não há suporte ao LUKS versão %d." + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Não há suporte ao dispositivo de metadados desanexado para este tipo de criptografia." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, c-format +msgid "Device %s is not active." +msgstr "O dispositivo \"%s\" não está ativado." + +#: lib/setup.c:1444 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "O dispositivo subjacente para o dispositivo de criptografia %s desapareceu." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Parâmetros de criptografia clara inválidos." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Tamanho de chave inválida." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "Não há suporte ao UUID para este tipo de criptografia." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Não há suporte ao tamanho de setor de criptografia." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Tamanho do dispositivo não está alinhado com o tamanho de setor requisitado." + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Não é possível formatar LUKS sem dispositivo." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Alinhamento de dados requisitado não é compatível com a posição dos dados." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "AVISO: A posição dos dados está fora do dispositivo de dados atualmente disponível.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Não foi possível apagar o cabeçalho no dispositivo %s." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "AVISO: A ativação do dispositivo vai falhar, dm-crypt carece de suporte para o tamanho de setor de criptografia requisitado.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "A chave de volume é pequena demais para criptografia com extensões de integridade." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "A cifra %s-%s (tamanho de chave %zd bits) não está disponível." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "O dispositivo %s é muito pequeno." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Não é possível formatar dispositivo %s em uso." + +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Não é possível formatar o dispositivo %s, permissão negada." + +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Não foi possível formatar integridade para o dispositivo %s." + +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "Não foi possível formatar o dispositivo %s." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Não foi possível formatar LOOPAES sem dispositivo." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Não foi possível formatar VERITY sem dispositivo." + +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "Não há suporte ao tipo de hash VERITY %d." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Não há suporte ao tamanho de bloco VERITY." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Não há suporte à posição de hash VERITY." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Não há suporte à posição de FEC VERITY." + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "A área de dados se sobrepõe à área hash." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Área de hash sobreposta com área de FEC." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Área de dados sobreposta com área de FEC." + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" + +#: lib/setup.c:2286 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "Tipo de dispositivo de criptografia requisitado %s desconhecido." + +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, c-format +msgid "Unsupported parameters on device %s." +msgstr "Não há suporte aos parâmetros no dispositivo %s." + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Parâmetros incompatíveis no dispositivo %s." + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "" + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "Falha ao obter estado do dispositivo %s." + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, fuzzy, c-format +msgid "Failed to suspend device %s." +msgstr "Falha ao obter estado do dispositivo %s." + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "Falha ao obter estado do dispositivo %s." + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Falha ao obter estado do dispositivo %s." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Não foi possível redimensionar o dispositivo de loop." + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "Você realmente deseja alterar o UUID do dispositivo?" + +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Arquivo de cópia de segurança de cabeçalho não contém um cabeçalho LUKS compatível." + +#: lib/setup.c:3058 +#, c-format +msgid "Volume %s is not active." +msgstr "O volume %s não está ativado." + +#: lib/setup.c:3069 +#, c-format +msgid "Volume %s is already suspended." +msgstr "O volume %s já está suspenso." + +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "A suspensão não oferece suporte ao dispositivo %s." + +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "Ocorreu um erro ao suspender o dispositivo %s." + +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "O volume %s não estava suspenso." + +#: lib/setup.c:3146 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "O resumo não oferece suporte a este dispositivo %s." + +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "Ocorreu um erro ao resumir o dispositivo %s." + +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "A chave de volume não corresponde ao volume." + +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Não foi possível adicionar slot de chave, todos slots desabilitados ou nenhuma chave de volume fornecida." + +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Falha ao trocar novo slot de chave." + +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "O slot de chave %d é inválido." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "O slot de chave %d não está ativo." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "O cabeçalho do dispositivo se sobrepõe à área de dados." + +#: lib/setup.c:3981 +#, fuzzy +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Recriptografia já está em progresso." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +#, fuzzy +msgid "Failed to get reencryption lock." +msgstr "Falha ao obter trava de dispositivo de escrita." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +#, fuzzy +msgid "LUKS2 reencryption recovery failed." +msgstr "Não há suporte ao tamanho de setor de criptografia." + +#: lib/setup.c:4127 lib/setup.c:4379 +#, fuzzy +msgid "Device type is not properly initialized." +msgstr "O tipo de dispositivo não foi inicializado corretamente." + +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Não foi possível usar o dispositivo %s, o nome é inválido ou ainda está em uso." + +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "O dispositivo %s já existe." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Chave de volume incorreta especificada para dispositivo claro." + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Hash raiz incorreta especificada para o dispositivo verity." + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "" + +#: lib/setup.c:4421 +#, fuzzy +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Não há suporte a chaveiro de kernel neste kernel." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Falha ao carregar chave no chaveiro de kernel." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "O dispositivo %s ainda está em uso." + +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "Dispositivo inválido %s." + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Buffer de chave de volume muito pequena." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Não foi possível obter chave de volume para dispositivo claro." + +#: lib/setup.c:4657 +#, fuzzy +msgid "Cannot retrieve root hash for verity device." +msgstr "Hash raiz incorreta especificada para o dispositivo verity." + +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Não há suporte a esta operação para o dispositivo de criptografia %s." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Não há suporte à operação de despejo para este tipo de dispositivo." + +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "" + +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Não foi possível converter o dispositivo %s, o qual ainda está em uso." + +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Falha ao atribuir o slot de chave %u como a nova chave de volume." + +#: lib/setup.c:5845 +#, fuzzy +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Falha ao inicializar os parâmetros padrão de slot de chave LUKS2." + +#: lib/setup.c:5851 +#, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Falha ao atribuir o slot de chave %d ao resumo." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Não há suporte a chaveiro de kernel neste kernel." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Falha ao ler senha do chaveiro (erro %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "" + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Não foi possível obter prioridade de processo." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Não foi possível desbloquear memória." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Falha ao abrir arquivo de chave." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Não foi possível ler o arquivo de chave de um terminal." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Falha ao obter estado do arquivo." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Não foi possível buscar a posição do arquivo de chave requisitado." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Memória insuficiente para leitura da senha." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Erro ao ler a senha." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Nada para ler na entrada." + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Tamanho máximo de arquivo de chave excedido." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Não foi possível ler a quantidade requisitada de dados." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, fuzzy, c-format +msgid "Device %s does not exist or access denied." +msgstr "O dispositivo %s não existe ou acesso negado." + +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "O dispositivo %s não é compatível." + +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Dispositivo %s é muito pequeno. Necessita de pelo menos % bytes." + +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Não foi possível usar o dispositivo %s, o qual está em uso (já mapeado ou montado)." + +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Não foi possível usar o dispositivo %s, permissão negada." + +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Não foi possível obter informação sobre o dispositivo %s." + +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Não foi possível usar um dispositivo de loopback, executando como usuário não-root." + +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Anexação de dispositivo loopback falhou (dispositivo de loop com sinalizador autoclear é necessário)." + +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "A posição requisitada está além do tamanho real do dispositivo %s." + +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "O dispositivo %s possui tamanho zero." + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Tempo alvo PBKDF requisitado não pode ser zero." + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Tipo %s de PBKDF desconhecido." + +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Não há suporte ao hash requisitado %s." + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Não há suporte ao tipo de PBKDF requisitado para LUKS1." + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Fluxos paralelos ou memória máxima de PBKDF não pode estar definida com pbkdf2." + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Contagem de iterações forçadas é pequena demais para %s (mínimo é %u)." + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Custo de memória forçada é pequeno demais para %s (mínimo é %u kilobytes)." + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Custo de memória PBKDF máximo requisitado é alto demais (o máximo é %d kilobytes)." + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Memória PBKDF máxima requisitada não pode ser zero." + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Fluxos paralelos PBKDF requisitados não podem ser zero." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Teste de PBKDF desabilitado, mas iterações não definidas." + +#: lib/utils_benchmark.c:191 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Opções PBKDF2 não compatíveis (sando algoritmo hash %s)." + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Opções PBKDF2 não compatíveis." + +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Trava abortada. O caminho de trava %s/%s não é usável (faltando ou não é um diretório)." + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "AVISO: Diretório de trava %s/%s está faltando!\n" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Trava abortada. O caminho de trava %s/%s não é usável (%s não é um diretório)." + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Não foi possível ir à posição do dispositivo." + +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "" + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Falha ao configurar mapeamento de chave dm-crypt para o dispositivo %s.\n" +"Certifique-se de que o kernel oferece suporte cifra de %s (verifique o syslog para mais informação)." + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Tamanho de chave no modo XTS deve ser 256 ou 512 bits." + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "A especificação de cifra deve estar no formato [cifra]-[modo]-[iv]." + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Não foi possível escrever para o dispositivo %s, permissão negada." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Falha ao abrir o dispositivo temporário de armazenamento de chave." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Falha ao acessar o dispositivo temporário de armazenamento de chave." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Erro de E/S ao criptografar slot de chave." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Não foi possível abrir o dispositivo %s." + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Erro de E/S ao descriptografar slot de chave." + +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Dispositivo %s é muito pequeno. (LUKS1 precisa de pelo menos % bytes.)" + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "O slot de chave LUKS %u é inválido." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "O dispositivo %s não é um dispositivo LUKS válido." + +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "O arquivo de cópia de segurança de cabeçalho requisitado %s já existe." + +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "Não foi possível criar o arquivo de cópia de segurança de cabeçalho %s." + +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "Não foi possível escrever o arquivo de cópia de segurança de cabeçalho %s." + +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +#, fuzzy +msgid "Backup file does not contain valid LUKS header." +msgstr "Arquivo de cópia de segurança não contém cabeçalho LUKS válido." + +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "Não foi possível abrir o arquivo de cópia de segurança de cabeçalho %s." + +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "Não foi possível ler o arquivo de cópia de segurança de cabeçalho %s." + +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Posição de dados ou tamanho de chave divergem entre dispositivo e cópia de segurança, restauração falhou." + +#: lib/luks1/keymanage.c:325 +#, c-format +msgid "Device %s %s%s" +msgstr "Dispositivo %s %s%s" + +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "não contém cabeçalho LUKS. A substituição do cabeçalho pode destruir dados naquele dispositivo." + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "já contém cabeçalho LUKS. A substituição do cabeçalho vai destruir slots de chave existentes." + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"AVISO: o cabeçalho do dispositivo real possui um UUID diferente da cópia de segurança!" + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Tamanho de chave fora do padrão, correção manual necessária." + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Alinhamento de slots de chave fora do padrão, correção manual necessária." + +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Corrigindo slots de chave." + +#: lib/luks1/keymanage.c:409 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Slot de chave %i: posição corrigida (%u -> %u)." + +#: lib/luks1/keymanage.c:417 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Slot de chave %i: barras corrigidas (%u -> %u)." + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "Slot de chave %i: assinatura de partição é falsa." + +#: lib/luks1/keymanage.c:431 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "Slot de chave %i: sal apagado." + +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Escrevendo cabeçalho LUKS para disco." + +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Correção falhou." + +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "Não há suporte ao hash LUKS requisitado %s." + +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Nenhum problema conhecido foi detectado no cabeçalho LUKS." + +#: lib/luks1/keymanage.c:660 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "Erro durante atualização de cabeçalho LUKS no dispositivo %s." + +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Erro ao reler cabeçalho LUKS após atualização no dispositivo %s." + +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "A posição de dados para cabeçalho LUKS deve ser 0 ou maior do que o tamanho do cabeçalho." + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Formato de UUID LUKS incorreto foi fornecido." + +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Não foi possível criar cabeçalho LUKS: leitura de sal aleatório falhou." + +#: lib/luks1/keymanage.c:804 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Não foi possível criar cabeçalho LUKS: resumo de cabeçalho falhou (usando hash %s)." + +#: lib/luks1/keymanage.c:848 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "Slot de chave %d ativado, apagar primeiro." + +#: lib/luks1/keymanage.c:854 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "O material do slot de chave %d inclui muito poucas barras. Manipulação do cabeçalho?" + +#: lib/luks1/keymanage.c:990 +#, fuzzy, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Erro de processamento de chave (usando hash %s)." + +#: lib/luks1/keymanage.c:1066 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Slot de chave %d é inválido, por favor selecione um slot de chave entre 0 e %d." + +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, c-format +msgid "Cannot wipe device %s." +msgstr "Não foi possível apagar o dispositivo %s." + +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Detectado arquivo de chave criptografado com GPG ainda sem suporte." + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "Por favor use gpg --decrypt | cryptsetup --keyfile=- ...\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "Arquivo de chave loop-AES incompatível detectado." + +#: lib/loopaes/loopaes.c:245 +#, fuzzy +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "O kernel não oferece suporte a mapeamento compatível com loop-AES." + +#: lib/tcrypt/tcrypt.c:504 +#, c-format +msgid "Error reading keyfile %s." +msgstr "Erro ao ler arquivo de chave %s." + +#: lib/tcrypt/tcrypt.c:554 +#, fuzzy, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Tamanho máximo de senha TCRYPT (%d) excedido." + +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "Algoritmo hash PBKDF2 %s não disponível, ignorando." + +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Interface necessário de criptografia do kernel não disponível." + +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Certifique-se de que você tenha o módulo de kernel algif_skcipher carregado." + +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "Não há suporte a ativação para o tamanho de setor %d." + +#: lib/tcrypt/tcrypt.c:759 +#, fuzzy +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "O kernel não oferece suporte a ativação para este modo legado TCRYPT." + +#: lib/tcrypt/tcrypt.c:793 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Ativando criptografia de sistema TCRYPT para partição %s." + +#: lib/tcrypt/tcrypt.c:871 +#, fuzzy +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "O kernel não oferece suporte a mapeamento compatível com TCRYPT." + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "Não há suporte a esta função sem carga de cabeçalho TCRYPT." + +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Falha ao ler requisitos LUKS2." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Não há suporte ao tamanho de setor de criptografia." + +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Falha ao ler requisitos LUKS2." + +#: lib/bitlk/bitlk.c:543 +#, fuzzy, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Falha ao ler requisitos LUKS2." + +#: lib/bitlk/bitlk.c:594 +#, fuzzy +msgid "Unknown or unsupported encryption type." +msgstr "Não há suporte ao tamanho de setor de criptografia." + +#: lib/bitlk/bitlk.c:627 +#, fuzzy, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Falha ao ler requisitos LUKS2." + +#: lib/bitlk/bitlk.c:921 +#, fuzzy +msgid "This operation is not supported." +msgstr "Não há suporte a esta operação para o dispositivo de criptografia %s." + +#: lib/bitlk/bitlk.c:929 +#, fuzzy +msgid "Wrong key size." +msgstr "Tamanho de chave inválida." + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1069 +#, fuzzy +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "A ativação de dispositivos temporários falhou." + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, fuzzy, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Dispositivo verity %s não usa cabeçalho em disco." + +#: lib/verity/verity.c:90 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "O dispositivo %s não é um dispositivo VERITY válido." + +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Não há suporte ao VERITY versão %d." + +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Cabeçalho VERITY corrompido." + +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Formato de UUID VERITY inválido fornecido no dispositivo %s." + +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Erro durante a atualização do cabeçalho verity no dispositivo %s." + +#: lib/verity/verity.c:256 +#, fuzzy +msgid "Root hash signature verification is not supported." +msgstr "Não há suporte ao hash requisitado %s." + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Os erros não puderam ser consertados com dispositivo FEC." + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Localizados %u erros corrigíveis com dispositivo FEC." + +#: lib/verity/verity.c:308 +#, fuzzy +msgid "Kernel does not support dm-verity mapping." +msgstr "O kernel não oferece suporte a mapeamento dm-verity." + +#: lib/verity/verity.c:312 +#, fuzzy +msgid "Kernel does not support dm-verity signature option." +msgstr "O kernel não oferece suporte a mapeamento dm-verity." + +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "O dispositivo verity detectou corrompimento após ativação." + +#: lib/verity/verity_hash.c:59 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "Área disponível não está zerada na posição %." + +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Excesso na posição do dispositivo." + +#: lib/verity/verity_hash.c:203 +#, c-format +msgid "Verification failed at position %." +msgstr "Verificação falhou na posição %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Parâmetros de tamanho inválido para dispositivo verity." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Estouro de área de hash." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Verificação da área de dados falhou." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Verificação do hash raiz falhou." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Erro de entrada/saída enquanto criava área de hash." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Criação da área de hash falhou." + +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "AVISO: O kernel não pode ativar um dispositivo se o tamanho do bloco de dados exceder o tamanho da página (%u)." + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Falha ao alocar contexto de RS." + +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Falha ao alocar buffer." + +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Falha ao ler byte %2$d de bloco RS %1$." + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Falha ao ler paridade para o bloco RS %." + +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Falha ao corrigir paridade para o bloco %." + +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Falha ao escrever paridade para o bloco RS %." + +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Tamanhos de bolcos devem corresponder para FEC." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Número inválido de paridade de bytes." + +#: lib/verity/verity_fec.c:265 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "Falha ao determinar o tamanho para dispositivo %s." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +#, fuzzy +msgid "Kernel does not support dm-integrity mapping." +msgstr "O kernel não oferece suporte a mapeamento dm-integrity." + +#: lib/integrity/integrity.c:277 +#, fuzzy +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "O kernel não oferece suporte a mapeamento dm-integrity." + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Falha ao obter trava de escrita no dispositivo %s." + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"O dispositivo contém assinaturas ambíguas, falha ao autorrecuperar LUKS2.\n" +"Por favor, execute \"cryptsetup repair\" para recuperação." + +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "A posição dos dados requisitados é muito pequena." + +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "AVISO: área de slot de chaves (% bytes) é muito pequena, a contagem de slot de chaves LUKS2 disponível é muito limitada.\n" + +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Falha ao obter trava de leitura no dispositivo %s." + +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Requisitos LUKS2 proibidos detectados na cópia de segurança %s." + +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Posição de dados diverge entre dispositivo e cópia de segurança, restauração falhou." + +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Cabeçalho binário com áreas de slot de chave diverge entre dispositivo e cópia de segurança, restauração falhou." + +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "Dispositivo %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "não contém cabeçalho LUKS2. A substituição do cabeçalho pode destruir dados naquele dispositivo." + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "já contém cabeçalho LUKS2. A substituição do cabeçalho vai destruir slots de chave existentes." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" +"\n" +"AVISO: requisitos LUKS2 desconhecidos detectados em cabeçalho de\n" +"dispositivo real! Substituir cabeçalho com cópia de segurança pode\n" +"corromper os dados naquele dispositivo!" + +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"AVISO: recriptografia offline não finalizada detectada no dispositivo!\n" +"Substituir cabeçalho com cópia de segurança pode corromper os dados." + +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Sinalizador desconhecido %s ignorado." + +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "Falha ao consultar o segmento dm-%s." + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +#, fuzzy +msgid "Failed to set dm-linear segment." +msgstr "Falha ao consultar o segmento dm-%s." + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Falha ao ler requisitos LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Requisitos LUKS2 não atendidos detectados." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "Slot de chave %i: sal apagado." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, fuzzy, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Slot de chave LUKS2: A cifra usada para criptografia de slot de chave" + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Sem espaço para um novo slot de chave." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, fuzzy, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Não foi possível verificar status do dispositivo com uuid: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Não foi possível converter cabeçalho com metadados adicionais LUKSMETA." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Não foi possível mover área de slot de chave. Espaço insuficiente." + +#: lib/luks2/luks2_luks1_convert.c:599 +#, fuzzy +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Não foi possível mover área de slot de chave. Espaço insuficiente." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Não foi possível mover área de slot de chave." + +#: lib/luks2/luks2_luks1_convert.c:697 +#, fuzzy +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Não foi possível converter ao formato LUKS1 - o slot de chave %u não é compatível com LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Não foi possível converter ao formato LUKS1 - resumos de slot de chave não são compatíveis com LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Não foi possível converter para o formato LUKS1 - o dispositivo usa cifra de chave envolta %s." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Não foi possível converter para o formato LUKS1 - o cabeçalho LUKS2 contém %u token(s)." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Não foi possível converter para o formato LUKS1 - o slot de chave %u está em um estado inválido." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Não foi possível converter para o formato LUKS1 - o slot %u (acima do máximo de slots) ainda está ativo." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Não foi possível converter ao formato LUKS1 - o slot de chave %u não é compatível com LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:897 +#, fuzzy, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Tamanho do dispositivo %s não está alinhado com o tamanho de setor requisitado (%u bytes)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "Não há suporte aos parâmetros no dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +#, fuzzy +msgid "Failed to initialize old segment storage wrapper." +msgstr "Falha ao inicializar as sondas de assinatura de dispositivo." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "Falha ao inicializar as sondas de assinatura de dispositivo." + +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "Falha ao ler requisitos do cabeçalho de cópia de segurança." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, fuzzy, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Falha ao ler paridade para o bloco RS %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Falha ao obter estado do dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "Falha ao remover o token %d.\n" + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Falha ao obter estado do dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, fuzzy, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Falha ao sondar o dispositivo %s por uma assinatura." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Falha ao determinar o tamanho para dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +#, fuzzy +msgid "Failed to refresh reencryption devices stack." +msgstr "Falha ao obter trava de leitura no dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "Falha ao trocar novo slot de chave." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, fuzzy, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Tamanho do dispositivo %s não está alinhado com o tamanho de setor requisitado (%u bytes)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, fuzzy, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Tamanho do dispositivo %s não está alinhado com o tamanho de setor requisitado (%u bytes)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, fuzzy, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Não foi possível usar o dispositivo %s, o qual está em uso (já mapeado ou montado)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +#, fuzzy +msgid "Failed to load LUKS2 reencryption context." +msgstr "Falha ao alocar contexto de RS." + +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "Falha ao obter o token %d para exportação." + +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "O dispositivo \"%s\" não está ativado." + +#: lib/luks2/luks2_reencrypt.c:2630 +#, fuzzy +msgid "Reencryption process is already running." +msgstr "Recriptografia já está em progresso." + +#: lib/luks2/luks2_reencrypt.c:2632 +#, fuzzy +msgid "Failed to acquire reencryption lock." +msgstr "Falha ao obter trava de dispositivo de escrita." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2750 +#, fuzzy +msgid "Active device size and requested reencryption size don't match." +msgstr "Tamanho do dispositivo não está alinhado com o tamanho de setor requisitado." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2834 +#, fuzzy +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Recriptografia já está em progresso." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2913 +#, fuzzy +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Falha ao inicializar os parâmetros padrão de slot de chave LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3004 +#, fuzzy +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Falha ao sondar o dispositivo %s por uma assinatura." + +#: lib/luks2/luks2_reencrypt.c:3046 +#, fuzzy +msgid "Failed to write reencryption resilience metadata." +msgstr "Falha ao escrever sinalizadores de ativação para novo cabeçalho." + +#: lib/luks2/luks2_reencrypt.c:3053 +#, fuzzy +msgid "Decryption failed." +msgstr "Correção falhou." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Falha ao escrever paridade para o bloco RS %." + +#: lib/luks2/luks2_reencrypt.c:3063 +#, fuzzy +msgid "Failed to sync data." +msgstr "Falha ao definir a posição de dados." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "Falha ao ler requisitos LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3161 +#, fuzzy +msgid "Failed to wipe backup segment data." +msgstr "Falha ao apagar assinatura do dispositivo." + +#: lib/luks2/luks2_reencrypt.c:3174 +#, fuzzy +msgid "Failed to disable reencryption requirement flag." +msgstr "Falha ao ler requisitos LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "Falha ao inicializar as sondas de assinatura de dispositivo." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +#, fuzzy +msgid "Failed to update reencryption context." +msgstr "Falha ao alocar contexto de RS." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Nenhum slot de token livre." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Falha ao criar um token incorporado %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Não é possível fazer verificação de senha em entradas diferente de tty." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Parâmetros de criptografia de slot de chaves só pode ser definido para dispositivo LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Nenhum padrão de especificação de cifra conhecida foi detectada." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "AVISO: O parâmetro de --hash está sendo ignorado claro com o arquivo de chave especificado.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "AVISO: A opção --keyfile-size está sendo ignorada, o tamanho lido é o mesmo que o tamanho da chave de criptografia.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Detectada assinatura(s) de dispositivo em %s. Prosseguir pode danificar dados existentes." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Operação abortada.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "A opção --key-file é necessária." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Insira o PIM VeraCrypt: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Valor de PIM inválido: erro de análise." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Valor de PIM inválido: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Valor de PIM inválido: fora do intervalo." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Nenhum cabeçalho de dispositivo detectado com esta senha." + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "O dispositivo %s não é um dispositivo LUKS válido." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"O despejo de cabeçalho com chave de volume é uma informação sensível\n" +"que permite acesso a uma partição criptografada sem senha.\n" +"Este despejo deve sempre ser armazenado criptografado em um local seguro." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "O dispositivo %s ainda está ativo e agendado para a remoção atrasada.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Redimensionamento de dispositivo ativo requer chave de volume no chaveiro, mas a opção --disable-keyring está definida." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Teste interrompido." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s N/A\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iterações por segundo para chave de %zu bits\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s N/D\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iterações, %5u memória, %1u threads paralelas (CPUs) para chave de %zu bits (requisitado tempo de %u ms)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "O resultado do teste não é confiável." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Testes são aproximados usando apenas memória (sem E/S de armazenamento).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algoritmo | Chave | Criptografia | Descriptografia\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "A cifra %s-%s (tamanho de chave %zd bits) não está disponível." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritmo | Chave | Criptografia | Descriptografia\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/D" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "Digite uma senha para slot de chave a ser convertido: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Realmente tentar corrigir o cabeçalho do dispositivo LUKS?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Apando dispositivo para inicializar a verificação de soma de integridade.\n" +"Você pode interromper isso pressionando CTRL+C (o resto dos dispositivo não apagado conterão verificação de soma inválida).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Não foi possível desativar o dispositivo temporário %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "A opção de integridade pode ser usada apenas para o formato LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Não há suporte às opções de tamanho de metadados LUKS." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Não foi possível criar o arquivo de cabeçalho %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Nenhum padrão de especificação de integridade conhecida foi detectado." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Não foi possível usar %s como um cabeçalho em disco." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Isto vai sobrescrever dados em %s permanentemente." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Falha ao definir os parâmetros de pbkdf." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Posição de dados reduzida é permitido apenas cabeçalho LUKS desanexado." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Dispositivo ativado, mas não foi possível tornar os sinalizadores persistentes." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Slot de chave %d selecionado para exclusão." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Este é o último slot de chave. O dispositivo se tornará não usável após apagar esta chave." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Digite qualquer senha remanescente: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Operação abortada, o slot de chave NÃO foi apagado.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Digite a senha para ser excluída: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Digite uma senha para o slot de chave: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Digite qualquer senha existente: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Digite a senha para ser alterada: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Digite uma nova senha: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Digite uma senha para slot de chave a ser convertido: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Há suporte apenas a um argumento de dispositivo para a operação isLuks." + +#: src/cryptsetup.c:2001 +#, fuzzy +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"O despejo de cabeçalho com chave de volume é uma informação sensível\n" +"que permite acesso a uma partição criptografada sem senha.\n" +"Este despejo deve sempre ser armazenado criptografado em um local seguro." + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "O slot de chave %d não está ativo." + +#: src/cryptsetup.c:2072 +#, fuzzy +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"O despejo de cabeçalho com chave de volume é uma informação sensível\n" +"que permite acesso a uma partição criptografada sem senha.\n" +"Este despejo deve sempre ser armazenado criptografado em um local seguro." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "A opção --header-backup-file é necessária." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s não é um dispositivo cryptsetup gerenciado." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "A renovação não oferece suporte a este tipo de dispositivo %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Tipo de dispositivo de metadados %s não reconhecido." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "O comando requer um dispositivo e nome mapeado como argumentos." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Esta operação vai apagar todos os slots de chave no dispositivo %s.\n" +"O dispositivo se tornará não usável após esta operação." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Operação abortada, os slots de chave NÃO foram apagados.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Tipo de LUKS inválido, há suporte apenas a luks1 e luks2." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "O dispositivo já é do tipo %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Essa operação vai converter %s para o formato %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Operação abortada, o dispositivo NÃO foi convertido.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Está faltando a opção --priority, --label ou --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "O token %d é inválido." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "O token %d em uso." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Falha ao adicionar o token de chaveiro luks2 %d." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Falha ao atribuir o token %d ao slot de chave %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "O token %d não está em uso." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Falha ao abrir arquivo de chave." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Falha ao obter o token %d para exportação." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "O parâmetro --key-description é obrigatório para ação de adicionar token." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "A ação requer um token específico. Use o parâmetro --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Operação de token inválida %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "O dispositivo %s não é um dispositivo LUKS válido." + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Falha ao obter estado do dispositivo %s." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "Dispositivo inválido %s." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "A opção de integridade pode ser usada apenas para o formato LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "O arquivo de cópia de segurança de cabeçalho requisitado %s já existe." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "Não foi possível criar o arquivo de cabeçalho %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +#, fuzzy +msgid "Not enough free keyslots for reencryption." +msgstr "Não altera chave, nenhuma área de dados de recriptografia" + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "O arquivo de chave pode ser usado apenas com --key-slot ou com exatamente um slot de chave ativado." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Digite uma senha para o slot de chave %u: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Digite uma senha para o slot de chave %u: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "O comando requer um dispositivo e nome mapeado como argumentos." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Não há suporte a recriptografia de dispositivo com perfil de integridade." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +#, fuzzy +msgid "LUKS2 device is not in reencryption." +msgstr "Arquivo log %s existe, resumindo recriptografia.\n" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "abre dispositivo como " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "fecha dispositivo (remove mapeamento)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "redimensiona dispositivo ativado" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "mostra o estado do dispositivo" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "testa a cifra" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "tente corrigir os metadados em disco" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "adiciona uma chave ao dispositivo LUKS" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "apaga todos os slots de chave (remove a chave de criptografia)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "converte formato LUKS de/para LUKS2" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "define opções de configuração permanentes para LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "formata um dispositivo LUKS" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "adiciona uma chave ao dispositivo LUKS" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "remove a chave ou arquivo chave fornecidos do dispositivo LUKS" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "altera a chave ou arquivo chave fornecidos do dispositivo LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "converte uma chave aos novos parâmetros de pbkdf" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "apaga chave com número do dispositivo LUKS" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "emite UUID do dispositivo LUKS" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "testa por cabeçalho de partição LUKS" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "despeja informação da partição LUKS" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "despeja informação do dispositivo TCRYPT" + +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "despeja informação do dispositivo TCRYPT" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Suspende dispositivo LUKS e apaga chave (todas E/S ficam congeladas)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Resume dispositivo LUKS suspenso" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Faz uma cópia de segurança de slots de chave e cabeçalho de dispositivo LUKS" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Restaura slots de chave e cabeçalho de dispositivo LUKS" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Manipula tokens LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" é um entre:\n" + +#: src/cryptsetup.c:3395 +#, fuzzy +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"Você também pode usar apelidos de sintaxe antigos:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" é o dispositivo a ser criado sob %s\n" +" é o dispositivo criptografado\n" +" é o número do slot de chave LUKS a ser modificado\n" +" arquivo de chave opcional para a nova chave para a ação luksAddKey\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"O formato padrão de metadados compilados é %s (para a ação luksFormat).\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Parâmetros padrões de senha e chave compilados internamente:\n" +"\tTamanho do arquivo chave máximo: %dkB, Tamanho máximo de senha interativa %d (caracteres)\n" +"PBKDF padrão para LUKS1: %s, tempo de iteração: %d (ms)\n" +"PBKDF padrão para LUKS2: %s\n" +"\tTempo de iteração: %d: memória exigida: %dkB, Threads paralelas: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Parâmetros de cifra de dispositivo pré-compilados por padrão:\n" +"\tloop-AES: %s, Chave %d bits\n" +"\tplain: %s, Chave: %d bits, Hash de senha: %s\n" +"\tLUKS: %s, Chave: %d bits, Hash de cabeçalho LUKS: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: keysize padrão com modo XTS (duas chaves internas) será duplicado.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: necessita %s como argumentos" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Mostra essa mensagem de ajuda" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Exibe instrução de uso" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Emite a versão do pacote" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Opções de ajuda:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Mostra mensagens de erro mais detalhadas" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Mostra mensagens de depuração" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Mostra mensagens de depuração incluindo metadados JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "A cifra usada para criptografar o disco (veja /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "A hash usada para criar a chave de criptografia a partir da senha" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Verifica a senha perguntando-a duas vezes" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Lê a chave de um arquivo" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "Lê a chave do volume (mestre) a partir do arquivo." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Despeja a chave de volume (mestre) ao invés da informação de slots de chave" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "O tamanho da chave de criptografia" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "BITS" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Limita a leitura do arquivo de chave" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "bytes" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Número de bytes a ignorar no arquivo de chave" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Limita a leitura do arquivo de chave recém-adicionado" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Número de bytes a ignorar em arquivo de chave recém-adicionado" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Número de slot para a nova chave (padrão é a primeira livre)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "O tamanho do dispositivo" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "SETORES" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Usa apenas o tamanho de dispositivo especificado (ignora o resto do dispositivo). PERIGOSO!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "A posição inicial do dispositivo de backend" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Quantos setores dos dados criptografados ignorar no começo" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Cria um mapeamento somente leitura" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Não solicitar confirmação" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Tempo limite para a solicitação interativa de senha (em segundos)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "s" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Atualização de linha de progresso (em segundos)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Com qual frequência a entrada da senha pode ser tentada novamente" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Alinha a carga em limites de setores - para luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Arquivo cópia de segurança de slots de chave e cabeçalho LUKS" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Usa /dev/random para gerar chave de volume" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Usa /dev/urandom para gerar chave de volume" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Compartilha o dispositivo com um outro segmento de criptografia sem sobreposição" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID para dispositivo a ser usado" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Permite requisições de descartes (i.e. TRIM) para dispositivo" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Dispositivo ou arquivo com cabeçalho LUKS separado" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Não ativa o dispositivo, apenas verifica a senha" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Usa cabeçalho oculto (dispositivo TCRYPT oculto)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "O dispositivo é uma unidade TCRYPT de sistema (com carregador de inicialização)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Usa o cabeçalho TRCYPT secundário (cópia de segurança)" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Verifica também por dispositivo compatível com VeraCrypt" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Multiplicador de Iteração Pessoal (PIM) por dispositivo compatível com VeraCrypt" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Consulta Multiplicador de Iteração Pessoal (PIM) por dispositivo compatível com VeraCrypt" + +#: src/cryptsetup.c:3526 +#, fuzzy +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Tipo de metadados de dispositivo: luks, plain, loopaes, tcrypt" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Desabilita a verificação de qualidade da senha (se habilitada)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Usa a opção de compatibilidade de desempenho same_cpu_crypt do dm-crypt" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Usa a opção de compatibilidade de desempenho submit_from_crypt_cpus do dm-crypt" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "A remoção de dispositivo está adiada até o último usuário fechá-lo" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Tempo de iteração PBKDF para LUKS (em ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ms" + +# argon2i, argon2id, pbkdf2 são opções, não traduzir. +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Algoritmo PBKDF (para LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "limite de custo de memória de PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilobytes" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Custo paralelo de PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "threads" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Custo de iterações de PBKDF (forçado, desabilita teste)" + +# ignore, normal e prefer são opções, não traduzir. +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Prioridade de slot de chave: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Desabilita travamento de metadados em disco" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Desabilita carregamento de chaves de volume via chaveiro do kernel" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Algoritmo de integridade de dados (LUKS2 apenas)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Desabilita jornal para dispositivo de integridade" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Não apaga o dispositivo após formatar" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Não pede por senha se ativação por token falhar" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Número de token (padrão: qualquer)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Descrição da chave" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Tamanho do setor de criptografia (padrão: 512 bytes)" + +#: src/cryptsetup.c:3548 +#, fuzzy +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Tamanho do setor de criptografia (padrão: 512 bytes)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Define sinalizadores de ativação persistentes para o dispositivo" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Define o rótulo para o dispositivo LUKS2" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Define o rótulo de subsistema para o dispositivo LUKS2" + +#: src/cryptsetup.c:3552 +#, fuzzy +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Cria slot de chave LUKS2 não associado (nenhum segmento de dados atribuído)" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Lê ou escreve o json de ou para um arquivo" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Tamanho de área de metadados de cabeçalho LUKS2" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Tamanho de área de slots de chave de cabeçalho LUKS2" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Renova (reativa) dispositivo com novos parâmetros" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Slot de chave LUKS2: O tamanho da chave de criptografia" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Slot de chave LUKS2: A cifra usada para criptografia de slot de chave" + +#: src/cryptsetup.c:3559 +#, fuzzy +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Descriptografa permanentemente o dispositivo (remove criptografia)" + +#: src/cryptsetup.c:3560 +#, fuzzy +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Descriptografa permanentemente o dispositivo (remove criptografia)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Reduz tamanho do dispositivo de dados (move opção dos dados). PERIGOSO!" + +#: src/cryptsetup.c:3564 +#, fuzzy +msgid "Maximal reencryption hotzone size." +msgstr "Tamanho do bloco de recriptografia" + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" + +#: src/cryptsetup.c:3566 +#, fuzzy +msgid "Reencryption hotzone checksums hash" +msgstr "Tamanho do bloco de recriptografia" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[OPÇÃO...] " + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Faltando o argumento de ." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Ação desconhecida." + +#: src/cryptsetup.c:3713 +#, fuzzy +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "As opções --refresh e --test-passphrase são mutuamente exclusivas.\n" + +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "A opção --deferred é apenas permitida para o comando de fechamento.\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." +msgstr "A opção --shared é permitida apenas para abertura de dispositivo claro.\n" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "A opção --allow-discards é permitida apenas para a operação de abertura.\n" + +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "A opção --persistent é permitida apenas para a operação de abertura.\n" + +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "A opção --allow-discards é permitida apenas para a operação de abertura.\n" + +#: src/cryptsetup.c:3743 +#, fuzzy +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "A opção --persistent não é permitida com --test-passphrase.\n" + +#: src/cryptsetup.c:3753 +#, fuzzy +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"A opção --key-size só é permitida para luksFormat, luksAddKey (com --unbound),\n" +"ações de abertura e teste. Para limitar a leitura do arquivo de chave,\n" +"use --keyfile-size=(bytes)." + +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "A opção --integrity é permitida apenas para luksFormat (LUKS2).\n" + +#: src/cryptsetup.c:3764 +#, fuzzy +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "A opção --integrity-no-wipe só pode ser usada para ação de formato com extensão de integridade.\n" + +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "As opções --label e --subsystem são permitidas apenas para luksFormat e operações de configuração de LUKS2.\n" + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "A opção --test-passphrase é permitida apenas para abertura de dispositivos LUKS e TCRYPT.\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Tamanho de chave deve ser um múltiplo de 8 bits" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "O slot de chave é inválido." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "A opção --key-file tem precedência sobre um argumento de arquivo de chave especificado." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "Número negativo para opção não permitido." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Apenas um argumento de --key-file é permitido." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Apenas uma das opções --use-[u]random são permitidas." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "A opção --use-[u]random é permitida apenas para luksFormat." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "A opção --uuid é permitida apenas para luksFormat e luksUUID." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "A opção --align-payload é permitida apenas para luksFormat." + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "As opçãos --luks2-metadata-size e --opt-luks2-keyslots-size são permitidas apenas para luksFormat com LUKS2." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Especificação inválida de tamanho de metadados LUKS2." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Especificação inválida de tamanho de slots de chave LUKS2." + +#: src/cryptsetup.c:3838 +#, fuzzy +msgid "Options --align-payload and --offset cannot be combined." +msgstr "As opções --align-payload e --offset não podem ser combinadas." + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Há suporte a --skip apenas para abertura de dispositivos claro e loopaes.\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Há suporte a --offset apenas para abertura de dispositivos claro e loopaes. e para luksFormat.\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Há suporte à opção --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup apenas para dispositivo TCRYPT.\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "A opção --tcrypt-hidden não pode ser combinada com --allow-discards.\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Há suporte à opção --veracrypt apenas para o tipo de dispositivo TCRYPT.\n" + +#: src/cryptsetup.c:3873 +#, fuzzy +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Argumento inválido para o parâmetro --veracrypt-pim fornecido.\n" + +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Há suporte à opção --veracrypt-pim apenas para dispositivos compatíveis com VeraCrypt.\n" + +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Há suporte à opção --veracrypt-query-pim apenas para dispositivos compatíveis com VeraCrypt.\n" + +#: src/cryptsetup.c:3889 +#, fuzzy +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "As opções --veracrypt-pim e --veracrypt-query-pim são mutuamente exclusivas.\n" + +# ignore, normal, prefer são opções, não traduzir. +#: src/cryptsetup.c:3896 +#, fuzzy +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "A opção --priority só pode ser ignore/normal/prefer.\n" + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +#, fuzzy +msgid "Keyslot specification is required." +msgstr "A especificação de slot de chave é exigido.\n" + +# argon2i, argon2id, pbkdf2 são opções, não traduzir. +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +#, fuzzy +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "A função de derivação de chave baseada em senha (PBKDF) só pode ser pbkdf2 ou argon2i/argon2id.\n" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +#, fuzzy +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Iterações forçadas de PBKDF não podem ser compiladas com opção de tempo de iteração.\n" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "Não há suporte a opção de tamanho de setor para este comando.\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +#, fuzzy +msgid "Key size is required with --unbound option." +msgstr "Tamanho de chave é necessário com a opção --unbound.\n" + +#: src/cryptsetup.c:3944 +#, fuzzy +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "A opção --unbound só pode ser usada com a ação luksAddKey.\n" + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "A opção --refresh só pode ser usada com a ação de abrir.\n" + +#: src/cryptsetup.c:3960 +#, fuzzy +msgid "Cannot disable metadata locking." +msgstr "Não foi possível desabilitar trava de metadados.\n" + +#: src/cryptsetup.c:3970 +#, fuzzy +msgid "Invalid max reencryption hotzone size specification." +msgstr "Especificação inválida de tamanho de dispositivo." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Especificação inválida de tamanho de dispositivo." + +#: src/cryptsetup.c:3981 +#, fuzzy +msgid "Maximum device reduce size is 1 GiB." +msgstr "Tamanho máximo de redução do dispositivo é 64 MB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Tamanho da redução deve ser múltiplo de 512 bytes (setores)." + +#: src/cryptsetup.c:3989 +#, fuzzy +msgid "Invalid data size specification." +msgstr "Especificação inválida de tamanho de dispositivo." + +#: src/cryptsetup.c:3994 +#, fuzzy +msgid "Reduce size overflow." +msgstr "Excesso na posição do dispositivo." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "" + +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Tamanho da redução deve ser múltiplo de 512 bytes (setores)." + +#: src/cryptsetup.c:4006 +#, fuzzy +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "As opções --align-payload e --offset não podem ser combinadas." + +#: src/cryptsetup.c:4010 +#, fuzzy +msgid "Options --device-size and --size cannot be combined." +msgstr "As opções --align-payload e --offset não podem ser combinadas." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "As opções --ignore-corruption e --restart-on-corruption não podem ser usadas em conjunto.\n" + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Uma string salgada inválida foi especificada." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Não foi possível criar imagem hash %s para escrita." + +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Não foi possível criar imagem FEC %s para escrita." + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Uma string hash raiz inválida foi especificada." + +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "Dispositivo inválido %s." + +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "Não foi possível ler o arquivo de chave %s." + +#: src/veritysetup.c:392 +msgid " " +msgstr " " + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "formata o dispositivo" + +#: src/veritysetup.c:393 +msgid " " +msgstr " " + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "verifica o dispositivo" + +#: src/veritysetup.c:394 +msgid " " +msgstr " " + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "mostra o estado do dispositivo ativado" + +#: src/veritysetup.c:397 +msgid "" +msgstr "" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "mostra informação em disco" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +" é o dispositivo a ser criado sob %s\n" +" é o dispositivo de dados\n" +" é o dispositivo contendo dados de verificação\n" +" hash do nó raiz no \n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Parâmetros dm-verity pré-compilados por padrão:\n" +"\tHash: %s, Bloco de dados (bytes): %u, Bloco de hash (bytes): %u, Tamanho salgado: %u, Formato hash: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Não usa superbloco verity" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Tipo de formato (1 - normal, 0 - Chrome OS original)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "número" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Tamanho de bloco no dispositivo de dados" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Tamanho de bloco no dispositivo de hash" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "Bytes de paridade FEC" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "O número de blocos no arquivo de dados" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "blocos" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Caminho para dispositivo com dados de correção de erro" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "caminho" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Posição inicial no dispositivo de hash" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Posição inicial no dispositivo FEC" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Algoritmo hash" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "string" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Sal" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "string hexa" + +#: src/veritysetup.c:478 +#, fuzzy +msgid "Path to root hash signature file" +msgstr "Criação da área de hash falhou." + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Reinicia o kernel, se um corrompimento for detectado" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ignora corrompimento, apenas registra no log" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Não verifica por blocos zerados" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Verifica bloco de dados apenas na primeira vez que é lido" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "O uso da opção --ignore-corruption, --restart-on-corruption ou --ignore-zero-blocks é permitido apenas para operação de abertura.\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "A opção --integrity-recalculate só pode ser usada para ação de abrir." + +#: src/veritysetup.c:592 +#, fuzzy +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "As opções --ignore-corruption e --restart-on-corruption não podem ser usadas em conjunto.\n" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Não foi possível ler o arquivo de chave %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Não foi possível ler %d bytes do arquivo de chave %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formatado com tamanho de tag %u, integridade interna %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" é o dispositivo a ser criado sob %s\n" +" é o dispositivo com dados com tags de integridade\n" + +#: src/integritysetup.c:507 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Parâmetros dm-integrity compilados por padrão:\n" +"\tTamanho Tag: %u bytes, Algoritmo de soma de verificação: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Caminho para dispositivo de dados (se separado)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Tamanho do journal" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Intercalar setores" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Marca d'água do jornal" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "porcentagem" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Tempo de commit do journal" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Tamanho de tag (por setor)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Tamanho do setor" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Tamanho de buffers" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Algoritmo de integridade de dados" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "O tamanho da chave de integridade de dados" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Lê a chave de integridade de um arquivo" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Algoritmo de integridade de journal" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "O tamanho da chave de integridade de journal" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Lê a chave de integridade de journal de um arquivo" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Algoritmo de criptografia de journal" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "O tamanho da chave de criptografia de journal" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Lê a chave de criptografia de journal de um arquivo" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Modo de recuperação (sem journal, sem verificação de tag)" + +#: src/integritysetup.c:575 +#, fuzzy +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Desabilita jornal para dispositivo de integridade" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Recalcula tags iniciais automaticamente." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "A opção --integrity-recalculate só pode ser usada para ação de abrir." + +#: src/integritysetup.c:669 +#, fuzzy +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "As opções --journal-size, --interleave-sectors, --sector-size, --tag-size e --no-wipe só podem ser usadas para ação de formatação.\n" + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Especificação inválida de tamanho de journal." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "As opções de arquivo de chave e tamanho de chave devem ser especificadas." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Um algoritmo de integridade deve ser especificado se uma chave de integridade é usada." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "As opções de arquivo de chave de integridade de journal e tamanho de chave devem ser especificadas." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Um algoritmo de integridade de journal deve ser especificado se uma chave de integridade de journal é usada." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "As opções de arquivo de chave de criptografia de journal e tamanho de chave devem ser especificadas." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Um algoritmo de criptografia de journal deve ser especificado se uma chave de criptografia de journal é usada." + +#: src/integritysetup.c:703 +#, fuzzy +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "As opções --refresh e --test-passphrase são mutuamente exclusivas.\n" + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" + +#: src/integritysetup.c:711 +#, fuzzy +msgid "Bitmap options can be used only in bitmap mode." +msgstr "A opção de integridade pode ser usada apenas para o formato LUKS2." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Recriptografia já está em progresso." + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Não foi possível abrir exclusivamente %s, dispositivo em uso." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "A alocação de memória alinhada falhou." + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "Não foi possível ler o dispositivo %s." + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Marcando o dispositivo LUKS1 %s como não usável." + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Definindo o sinalizador de recriptografia offline do LUKS2 no dispositivo %s." + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Não foi possível escrever o dispositivo %s." + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Não foi possível escrever o arquivo log de recriptografia." + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Não foi possível abrir o arquivo log de recriptografia." + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Arquivo log %s existe, resumindo recriptografia.\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Ativando dispositivo temporário usando antigo cabeçalho LUKS." + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Ativando dispositivo temporário usando novo cabeçalho LUKS." + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "A ativação de dispositivos temporários falhou." + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Falha ao definir a posição de dados." + +#: src/cryptsetup_reencrypt.c:565 +#, fuzzy +msgid "Failed to set metadata size." +msgstr "Falha ao definir a posição de dados." + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Novo cabeçalho LUKS para dispositivo %s criado." + +# "cryptsetup-reencrypt" é o nome do programa, não traduzir. +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Essa versão de cryptsetup-reencrypt não sabe lidar com o novo tipo de token interno %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Falha ao ler sinalizadores de ativação do cabeçalho de cópia de segurança." + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Falha ao escrever sinalizadores de ativação para novo cabeçalho." + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Falha ao ler requisitos do cabeçalho de cópia de segurança." + +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Cópia de segurança de cabeçalho %s para dispositivo %s criado." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "A criação de cópia de segurança de cabeçalhos LUKS falhou." + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Não foi possível restaurar o cabeçalho %s no dispositivo %s." + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "Cabeçalho %s no dispositivo %s restaurado." + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Não foi possível abrir o dispositivo LUKS temporário." + +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Não foi possível obter o tamanho do dispositivo." + +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Erro de E/S durante a recriptografia." + +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "O UUID fornecido é inválido." + +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Não foi possível abrir o arquivo log de recriptografia." + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Nenhuma descriptografia em progresso, UUID fornecido pode ser usado apenas para resumir um processo de descriptografia suspendido." + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Alterados os parâmetros de pbkdf no slot de chave %i." + +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Tamanho do bloco de recriptografia" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MB" + +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Não altera chave, nenhuma área de dados de recriptografia" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Lê nova chave do volume (mestre) a partir do arquivo" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Tempo de iteração PBKDF2 para LUKS (em ms)" + +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Usa direct-io ao acessar dispositivos" + +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Usa fsync após cada bloco" + +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Atualiza o arquivo log após todo bloco" + +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Usa apenas este slot (outros serão desabilitados)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Cria um novo cabeçalho em dispositivo não criptografado" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Descriptografa permanentemente o dispositivo (remove criptografia)" + +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "A UUID usada para resumir a descriptografia" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Tipo de metadados LUKS: luks1, luks2" + +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[OPÇÃO...] " + +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Recriptografia vai alterar: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "chave de volume" + +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "definir hash para " + +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", definir cifra para " + +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Argumento necessário." + +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Apenas valores entre 1 MB e 64 MB são permitidos para tamanho de bloco de recriptografia." + +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "Tamanho máximo de redução do dispositivo é 64 MB." + +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "A opção --new deve ser usada junto de --reduce-device-size ou --header." + +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "A opção --keep-key pode ser usada apenas com --hash, --iter-time ou --pbkdf-force-iterations." + +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "A opção --new não pode ser usada junto de --decrypt." + +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "A opção --decrypt é incompatível com os parâmetros especificados." + +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "A opção --uuid é permitida apenas junto de --decrypt." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Tipo de luks inválido. Use um desses: \"luks\", \"luks1\" ou \"luks2\"." + +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Erro ao ler resposta do terminal." + +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Comando executado com sucesso.\n" + +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "parâmetros errados ou faltando" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "sem permissão ou senha incorreta" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "memória insuficiente" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "dispositivo ou arquivo errado especificado" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "o dispositivo já existe ou está ocupado" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "erro desconhecido" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "O comando falhou com código %i (%s).\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Slot de chave %i criado." + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Slot de chave %i desbloqueado." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Slot de chave %i removido." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Token %i criado." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Token %i removido." + +#: src/utils_tools.c:464 +#, fuzzy +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Escrita interrompida." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "AVISO: O dispositivo %s já contém uma assinatura de partição \"%s\".\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "AVISO: O dispositivo %s já contém uma assinatura de superbloco \"%s\".\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Falha ao inicializar as sondas de assinatura de dispositivo." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Falha ao obter estado do dispositivo %s." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "O dispositivo %s está em uso. Não é possível proceder com a operação de formatação." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Falha ao abrir o arquivo %s no modo leitura/escrita." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Falha ao apagar assinatura do dispositivo." + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Falha ao sondar o dispositivo %s por uma assinatura." + +#: src/utils_tools.c:629 +#, fuzzy +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Leitura interrompida." + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Não foi possível verificar qualidade da senha: %s" + +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"Verificação de qualidade da senha falhou:\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Verificação de qualidade da senha falhou: Senha incorreta (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Erro ao ler senha do terminal." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Verificar senha: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "As senhas não conferem." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Não foi possível usar posição com a entrada do terminal." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Digite a senha: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Digite a senha para %s: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Nenhuma chave disponível com esta senha." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "" + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Não foi possível abrir o arquivo de chave %s para escrita." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Não foi possível escrever no arquivo de chave %s." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Falha ao abrir o arquivo %s no modo somente leitura." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Forneça um JSON de token LUKS2 válido:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Falha ao ler o arquivo JSON." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Leitura interrompida." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Falha ao abrir o arquivo %s no modo escrita." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Escrita interrompida." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Falha ao escrever arquivo JSON." + +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Não há suporte às opções de desempenho de dmcrypt requisitadas." + +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Não foi possível formatar o dispositivo %s, o qual ainda está em uso." + +#~ msgid "Key slot %d is not used." +#~ msgstr "O slot de chave %d não está sendo usado." + +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Função não disponível no modo FIPS." + +#~ msgid "Cipher %s is not available." +#~ msgstr "A cifra %s não está disponível." + +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Slot de chave %d selecionado para exclusão." + +#~ msgid "open device as mapping " +#~ msgstr "abre dispositivo como mapeamento " + +#~ msgid "Parameter --refresh is only allowed with open or refresh commands.\n" +#~ msgstr "O parâmetro --refresh é apenas permitida com comandos de abrir ou renovar.\n" + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Não há suporte ao tamanho de setor de criptografia.\n" + +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "fecha dispositivo (desativa e remove mapeamento)" + +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Falha ao definir os parâmetros de sessão PBKDF." + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Não foi possível ir à posição do dispositivo.\n" + +#~ msgid "Interrupted by a signal." +#~ msgstr "Interrompido por um sinal." + +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "Dispositivo %s é muito pequeno. (LUKS2 precisa de pelo menos % bytes.)" + +#, fuzzy +#~| msgid "Replaced with key slot %d.\n" +#~ msgid "Replaced with key slot %d." +#~ msgstr "Substituído com o slot de chave %d.\n" + +#, fuzzy +#~| msgid "Missing LUKS target type, option --type is required.\n" +#~ msgid "Missing LUKS target type, option --type is required." +#~ msgstr "Faltando o tipo de alvo LUKS, a opção --type é necessária.\n" + +#, fuzzy +#~| msgid "Missing --token option specifying token for removal.\n" +#~ msgid "Missing --token option specifying token for removal." +#~ msgstr "Faltando a opção --token especificando token para remoção.\n" + +#~ msgid "Add or remove keyring token" +#~ msgstr "Adiciona ou remove o token de chaveiro" + +#, fuzzy +#~| msgid "Activated keyslot %i.\n" +#~ msgid "Activated keyslot %i." +#~ msgstr "Slot de chave %i ativado.\n" + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "erro de alocação de memória em action_luksFormat" + +#, fuzzy +#~| msgid "Key slot is invalid." +#~ msgid "Key slot is invalid.\n" +#~ msgstr "O slot de chave é inválido." + +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Número excessivo de níveis de árvore para volume verity.\n" + +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Chave %d não ativada. Não é possível apagar.\n" + +#~ msgid " " +#~ msgstr " " + +#~ msgid "create active device" +#~ msgstr "cria um dispositivo ativado" + +#~ msgid "remove (deactivate) device" +#~ msgstr "remove (desativa) o dispositivo" + +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Progresso: %5.1f%%, ETA %02llu:%02llu, %4llu MB escrito, vel. %5.1f MB/s%s" + +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Não foi possível localizar um dispositivo de loop livre.\n" + +# Ponto final acrescentado, pois as mensagens em volta possível, sugerindo ser necessário aqui também. +#~ msgid "Cannot open device %s\n" +#~ msgstr "Não foi possível abrir o dispositivo %s.\n" + +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Não é possível usar o UUID passado a menos que descriptografia estiver em progresso.\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "Marcando o dispositivo LUKS %s como usável.\n" diff --git a/po/ru.gmo b/po/ru.gmo new file mode 100644 index 0000000000000000000000000000000000000000..44a34d60453a6b17557e6bfb300ef7991f9d2dce GIT binary patch literal 140111 zcmcGX2Y_8wwf@gUT81jUa{~;Sf!s-f6AZ3TV+9yx^@ey7ZcqC>z_!7adN!3V)t z!6(3Lc-R3hI5djx1HTPU1((l^qI1C~z-_4X;8|RRKRY{$HU+-~ZVNsLc7dzGap0sm zQFI=7I;eE(%#EVWz-_?qf_ZQP_-F6{aIeFn=pe8QEP^Y+T5!vGQM4O449tPk!Ck=; zxHotixIOqCa1-z~a6I@PxC=OXeiUs7E(C{zCxDIM4d8mR<0jXbJ8I zLYin!2;T)Zj-tunQJ~V@1dafo1l5k;hv(ZLLmI-zflB`f2unu)0w;in9P4~| zF$l{=eW2*N(`WtpG;kln7l8HPlc3u7Ca8XHxX9D*0g6uZ!3p3=pz3`T%z;}R7e%{+ z`+z%v1yFQ86WkiS8&v*hz^%YPfH`pOg7f8WU>)Jf;4rWRjs-6UCxFj@8kcn!N72sU zj-b*_1l8WA5Pw0yyTD1r{|KB2e!9uapAV{>72wX`6`w+O1Amx5}~U7+%R8yp6{35u?@$NRYF!8*cI!TrEC za60&9upWE|oC0pO)ayGI)cidkRC_-U9s<4;aMw2EH{niD^Z6-oBk(;?`D)s|{hNck z6K({>e@B4_fZd?l`3-P4un$!G-Umgu9XdSy6mWaOp9R&9lR=IDBcS^I0w}uv0VHdb z>-6$21C{OpP<+z|js)KY8^E2qJpT+(;Q}bSTpaK_;9i731l7MWC%ArT21T#CK+*eW zU?ce7p!lJ_+vnR%Q1zY&N?up^%-yv!k2(*$Epzi9e5()&3e5bmw;Okej2p$z#QTCLA879WzOg0K=Ivt zQ2f&#@Cs1n-v_E4uY);oQ{z)cAs7Q)S-@}CQi0>2850bc_51vj8^TY(3Is_z(3 z)yZK;@54a=zIORJaIgTrLK; z1-}N0|Go>VeZL1azB`@lI2}|!P5?FEt_Ic4dqMTHhoxa7W@>Lik+J=mcs!UjWsgwa)Ny7y+vNQ^7sK5~%jx1d2Y-fokW!z#YKGGyVBY za67^$fd_!shVW0oZ3({vjsu6D<@`4l%n@z@w+GJ$)sNf5^B;h)SoAiy4Olqa`*$*^ z^j8PG2UPoi1a1!g4V(t9e~ypqd~g@SCxJQeW>D>U65I*=C8+-V1Jrozey-;`22^{` z21W0uK+)rEaDQ;e^PK;V1jPr}gL?jbQ1kIaQ0;6u-{s;|Fh_VHxEZ(%90pzlie6s_ zmG4dP8{p;_xE=Rxa2ny&;6dOv7dk&31&aQcfjfg=5BOtH^&U_8r6?_U5 zo!EVnJ_l<4Y;c*EGZ9pK3Sc96O^E*vsQkYH z)&KP__i-K$s(q6{mD3K2Pj3S?4o`p@r=Ng_f$xUr6R&W)^;l5#+zoC3z5=R!Z-JT* z{{%&+#w%UUbbxuncY~_;Wl-&1=W|~FSWxA4f)l};!HvQH1ZRVP1naJcM}q5I?ecUVQ0?ddC0D-zP6nR=HwSC4aoh>i`0N$Jhk*5j7l9hr3qXzA zZQyR;_dxN>JD|$l@>);d2&%p#K$U-8i2pjM@q7Uko&OGs4x3-+QFB z0#NPy8aN94A*lZT3lx2K`GWJ$4DeHgmwXfjK=@an=r#04coQ52 zYJ5HiZU%k})bpQ*_z%G`g!4CfJC6gmA$$oa`g{cxpF9KZ2mTe@0c^b4!!toWKNl2z z?+2CtSKw&yzd`kLk1u+<+2B!xPX*PE7eUeOU*G}Y@LRmSP2dc|SAiOj{{TmT>)-0- z><6kpt>B^H$)M=|J#Zgz^V__C&Zd-ns|2%iP+3%(1g+~IdPKP?8uXV-@C^Wa3n z(O2CLo&@es@M3T(_+4-UxWS#w4R98?0K6NV1`hd}_xBJ`^_&^PkAdR|{~0_49Cer5 z$tQyv$LB${d+o2Y_5sI&$AI^Pt>CBc_Ig)<2N8Y*91i{iRJl8U!|PoHihr*K)!y%c z;>(S`>3p>psQ$HrTY-0i8n>rG@y83`Zs58ref~Cr8o$Y)_~;~XXYguJeEJZ0IQVvm zpLmb+eKVLN{xYx;{3duH_$oL7-2PsdH^+j*2$#Vecnzp}9t0pu=0N%#U#^{)aq0)GQ; z2L2gT`gK=%`$vIFR|w%t!6}5F09F554|}~6LA9$FJQ}}<>TJ&13-;m zE4V#)8Mp&@7pQW-4{iZ|0Imye`h@#^wguJxoxt_M8Q|XFLU2BKF{p9>6}Tf<`=qy{ z0aUs3zzY6XH)_lwL{eEB<;pHGxFnSZzJiPAP$PDmtaA$D+?|6F}LG@z_D0(%6N`G+( z-vesge*umKcl@rGa}>B2;X6RJ_Z2V)Zu*S#<({D0Sp@Uo^&1h^CN%fK9XZHRve+=KAXLG^RUkDR}E1J#a0!C~O>p!oF? zaCh)QQ1a(Ba942CAG@B~7gYEZa2$ARh<_E_mhdipE;q)5YUgR-2=ESY68N(a-fFeW zyMsa1e{8_h!A8Qjf}_AbQ2bx>6CeLAz G!r?;MU-EpvH40C^|h4if(U#6Tyvt z>g_)aoIv#sX^5OAPX=qjqrjnHGdKk7 z0M(8YK%+Of4&m!S<+~Z&5WF8;3;Y(iF8Dog8}P@V`ui3*8jN0cI*b98ej2y|I1|i+ zM}f+BKDa4(E4VdyKd5?t2#T+M2CAM9LG^3xSG*m&1{?#bKNCRJdnl-Mr-IvoH-dZ7 z!Bya;g#YlW^Z&`eLcY{sZ-dLg4PK)zo}c|X{Uv7ccW-AxB#36J_ODK{|&Z)^Zw}b?O{;!?*niV*zhN($A#cz!jFQ-g8v4U z@7VWzyuJe}-^<{h;Cg@dc{vW;pYT#p{P1N^W9Q|IJ)kQ9F1T;Wxp{!LjdS3xGcW$AA<5?)GpQEE9el+zTB2-!6|@!0!;g z7`zgk`;RF44EQ=Y0X*=Z&OfJt%LtzfiXI<;qQfyCpqs#3z$xI04}IV4Nl^Wr`Y+c{ zXMlSCAb1`40eAy=^}oGejZuy9?>%6F_~*bQ!F)}P$&>TIBM83&YMl2PQe)%%bMPv{ zrBBt^`r||JvxH}$bWR7q3Z4hnuU%vNcHacW554Qu7~gHTZcX$h!uNn@f(zHHiJk;s z1P=kP8(I_H4!#ba1fE}8WAb9i`rf{Ipy+THcsTejsPUP)L5F}}GGyp#BMz^lRQnXGfc{FdIY)4*d0e+xVa z+-WQC$0AVUbZ@}TnXID2GOz=D1XR8THeHqOJWzb~Ca8W*-nPd4(U*WKckS)G-%~)* zVJRg)? zJMy3!)3YlAv}GGk7FBX=|R>1H&Ej?a%zp)?d{-Bgr5f0 zj@LlV+e4=Ly!$JtaXn_bkJr7R=(yty=kpd&;eUfFciJI7F6V;E_XsHYw#lJRp9?_o z^~<2fb=FMh*Uy7$=S!gGW&JFlFBgNN^BbV#;eoS#UR?@y5&jW)B6!dopYN+cm0vfv z#`NZOU>o7}5A$(65tO|78CU@KnCEo66l^BE(|qT%b3o1O*TH?kJr_7XF9kKuPl1{z zn=SNlnhhR6_zF<@o(Gk0hr?^k{#*!-BYXy^c0Udt1~wj1WBU0Fut@lQQ1kcLBfUL0 zg3`Y=N4ega1}-4{IH-BH>1SMS%mYRLUxUg&>}cns<3Nq;?V#c}Jf|oKL`E^lpH%}koQRNd<4|Ic^?%0 z=NCNu6nHk_?H7Ca7Ep5F1MpICNmEU93-~us?YOSl=jB_V=ze6;`*9aIobcP=EO65n zmrKWilL&tfJQ;ieYyl5zMeo!gANXfy!nsn7*=3W#4#LlXt>E6rJ3Vd!)z9C7;=hSY zeV*L_s(=3g&jj~v^Kp6@6diVKce!;uC_VNwQ1y@O@cD2pD7)wP;0fRvo!*c4z%hik z?Q*#_3sk@E1~pIq362J*pWu9Z5-57S0!j~z>~{Tp2`K&d0;uu*cfhG-kG~WY|2+hX z-|KtAd;*sd{t>8oF{QW0)}wcT8i!wi;-B4@x&A1DpCx=Pcn$bhQ2coDa_9HwK*{I7 zfp>#@oaplTCGZ}?o2+m>@GWpV!h4@oW9zrWK=r2+)c8FQo(fJs+3EWXIGymOr+B-L z2Gx$cLCw1jPW5p)7F4;v0@c2Mf_i@CX)ecK2Q@wiobL3!78E^y4N9KvbB5FBG*ILG zYj6};Jk#yTYr$O!fBG!PeL#)h(O@3D43zwP4BP|U^layw@!$-?CkOm4sB$+x$LHS! z@KVC(fui5$=lb}}0Hxn90yQ6>1~o44gOkA-=ehj66jb@IfU?JSJKy_rE!af(Rj>=3 zbb<5Nec(?C*IZa*=kHzs#orfR#v6hFTYt^-cF+`}_Lwg23Vh6=iDAVAJlyP30MS2T;=6`4pe{M0VjfcT%b@7oe2w$l4WQ)f7T0?H z$AhBt4?)$t({(NvF9S~_{5mN9E?n>PZQ~o9zYYi0|8Ih#`{ti_J#!+ccGiBu$Ez8X zJ$oOx3-~YaCUEB)-41*Tl>F(u$;lU|5 z?*x|6g5|jc#{&&;mY9{C|M5r@r`Qr_;Yd$;*?! z;^Xscuta#zJG>n?f#S2xzUp%B98mQ78z}zhy|X5|7W@UMap?S-udn_Ns=wWL`TYC= zDEifX-Syao;6;Sr1Fry2z1#K2M&I!EoCK~U{&i6E_Ns4sJzK1-iFycs9h5#Cc8`za zMc^5PUj-+Ci|%!M@fPq4gm=Hs_4qU3WrY6)%09aEe&?(G9`O0t3u;{M3gHbOtT8{( zWKeeFXF$#0`#{alw?VaUuZMhH{2(YfcH}CTLl1!(pW26Ae;x)Z{S%PYp>iss@1=c>{_SMOt z_~|d8%ANb9xA!&he8Ll+@^N?;lpV6y)2`>b!2<}d^DUoelR&j|IVd^*T~PMh&fl(y zP659Fo&;|F9bcDR1**N9eb?=+!$H{#SAxp_At?F!nP*%-o(D=ltOCVvHQ)33b_OW< z{!8#eF#oL6^C3|E-2eODuCIaj6aG6mAH4eq-kzH0yxvnl>5VtR%fZRdyZrhosQIwf z58b{w9ekYdr+(z}=xOk9!oz>;a`H6r`-Fc0ivCykxqb0lP~$sowU7HPpytDdKk?^9 za6I8>K=I4kKXpE61~(ymIk+Bp3pf|N6Wk8`2PnF2`7`$yoCS(sw|c?#)(UVM;je>d zgMR@fhfe&t^ZAx9dOzlayA%H~I2-&8D7m=jFI>Lf28w@v1ByO-yyX1(D7ak>`tp}< zhvZ*&`}_z{^7c7U@+0?(%a@D5C8S^HKcE}f`Kq_$nP0j7`P6>~eg=n;?_O{O__GjS z^P2PFfuQ*0WbljNFTmr$6JK|^_-jyd?V?}1TzDHCOL+coT<%;3N{+t=$__i?jhg6r z@OJQY@PyyGT=^3yI<)-G?YS2Meh8{vb#MAO%nR57YMxvKHiFNBl5_8a`-4Zn<@H?y zo=f<3kfugU-gbUD^!GjwZvvO`yzvj-&o6_k2oHIu#{7eif;SRA<6Upp4u5nzZ3j$9b`S3qE|DO$tKVJkTzZ%|izB>*)nDCRJ_-3s?yIh+IYQA0z?gzdE z9tUpv7oUG+Q1j{;Q1f)#zk0X{)ckxXglqri{P0;&^X*yiIdGTvJ>9!tJK;%xcYU)G zl$_b^zuit*4C;B^Km7Ss;8zF_{il!rN-$4&yAOOEW&}JRJc0P{f|{@Ue(3huWuW-z zNw5Xn{$D<>XM;NuUI~hRKL%x={R7+!9QALnzX(1?_+?Of==x}g$+-<{h8RCx03JvD z!XZO+lp%T$yc%5esUgub;9tOq@qcu!AyEN*Z0#ZDr`~bhA;w4ZK(+4*umSu7xCOY? zdP7Xk=Rxt|si4O3Yv48DYv8ru@}Wb_PTHt;i22(O1tmw01T{Yj;Gy8tpytPh>kl!z zWjZK6xC*rS1>QpV#0`enIB&C|r)vi_&sTwJ=Y|`3`;P}jr<=j8!JmSXW4{O20zV8m zWaA;mr|W{X#4iN*1djvjz^g&E_YrU-@Y~_}Pe6^wI-59s$AMD_-vq7${u-qvjB>J?*^6sx8Mfg_L~kddC&l=zRSRw;C0|G;BUa;;Ch=4vGZl4K*{Mzpwit6 zs-Aa1hA~3DL>qpJdC&dUpxS;lL#?0qx1P8o3HNeI4(WFl*BHX3FSo*Cj1SJ8rS|4-sqhI{4FZ%@KM z0ABzP;KIy_?w}0RlkI~lO`iKUa5r#5XoKRjzu$+z8Q?qNzK*n;k|+M{!~NewKsMpr z@N5S79nzx0>^FqIYA$?(YjduvxxT=&W5L(BI@E^Hj%$EyAv&68+DF}#xXTGkmTt|}$TfoS)m)nfK6!_9 zFL3F11@Zb#2OlP`DTIfG=l+!a0mAE$zX|*%*Jj*r%)@iIP!Z8@xk@3g^1MQLXbA62 zcsTc~;<5w2PW)o-mxF&L{bM2iIqr8Q?tu{IHY#wPLwx)@m7BZb0JsflC-MBCkmpR| zzRmsbz}duOjzlMbH*s}yzd5L%Wc)>3-y`l%AYwVfG_c<{z>$P^&~vbh>pYwoYI`G|a?Q;= zYY6vW4rR(t_#xM4L-_kVznJSLfA0ga9cqZ4;+>Zt)^XxWIzx%k)hqOC^vODx^=U(rC>L*>T-@#m)hvyc-KZkH_ z$JIvq8C(}|ZBLq?aXrEP?L0f2>x&`ZkBN(aYlpb?Lfn7x;65(YwEecA{;flrKZdyT zdGZ1mrdPBf?R{iy~d@VY()Kvgr6YI&$-4C zt_SxfZXDM}-0Syh$g?};97Wu>Li|1cIQjSa5I-egnI{vue$4eU*Z#y~rrGaq2m5z> z{%sChcu$9*IB`fUu(;rb)j&xjvRo?j7vS9rc%DDweu8?JRi z*fR6a7YM(fiQ9^NJ>lVTA^vgV?&1D7#Qy}`1-u>n5d0q3-Q0hMG;eSfx%3+Y?!vVw zgtcZ_&GlRe??;~OZ_5xqh{$KTKPiM~g+#m2uOAWjB;kX?vx$^7h5Ma(rr)rDk8{5h z&u$IrcC@F+`4Fz**>AY-B>uS2o{+@OM(O^~A?=sA|8z*xNcsDQ`**>!xto~5BNOu_d_vL7gC_5#BJQ;nw!* zmVq^t|CNwN@w2(!=K3_(Fs?CNBgwZe>9*%OiSSOKelL>m46b_ap9I$?{`1^#!Sz|f ze+K7)H-ooO#>L>XAWNX=VeV^5|0nJrB`*FQMOeR~0dMBn>)dY#z72ktYjk*~blZpf zQ9NJ7{gL2yl-mN{N%&;&Ph46f|B&#V+($g$h3g3w5PlExY(CFk;(DFytHkdGeg^yj z&pyu;{}yuJ%(Xia$CBpR@Zh@vuP1Jckp7?C>qm9bQ`|oSet~N$*Lz$mi0dQmU$~Ed zr-nR75mCqezrby{E+t)#@UP>9;Eu`<{t%oT;&pozy+@E+vqK>Z|R2L zSt0&i@Mf+DiTf#K?7{sXxOU}wk1PKD7xxoFU>WIl49_khZaMcC5_bfbes^%K;u=Ey ze6DSY{~F=Xfs?=uxeg%yKe@ioy?zV0&;Gtd_)Db!H2qn^gT~DBA;iz-+LmW)5q}oX z-yy8uSi<>0zh^?8oIOF8lIBUS4zByT^2Bcto~;c|59t+k8CL^oZs5}Iz|6Dt36}_$ z!?Pal@8$k-OUXRv{zKySBz$d%yAixCq*qig_qTG*3UPM?Jd}KIaeo+TcBLO*1m7ck zHu0w^j{CQ`|0VaYg*@CwCvksi2>%7_;Tli6t+}S~{J#jF%>BV!`du8-?oRkL?$;si z^6+eQc(x_=w-Wy}*CRap3ixxbt%%>8Ypal+DEs{f|2|FL^?9aW4m_Oji(JDA-$431 z!4tV!xZ>Ys#NW%clyv%iAKWb5Z$|t>Tqh9!N3Qj`Ul$z5VnsMP;2{AI1MjE9&vL!O z^+&F?ra}j<5nL0v7H}=$I)&>BuG_g*aXruVCf5gCn@l4;*95L(xVpH`;kusd>s(K9 z{fz5Pt`E32nao~3+t_!$ss9^YxTlF5?osB~Qo279w_S*XM3#3$1fO(p_ucB+YRPSoycI}t$ed2cM7q>k|L0!MN$;7EG`awb~?@PqRG>F^s zBjU6s)lYLzzxdh4FyVv{j{A5daTEK+-A0_`j(#H?tSt56w>*>n&@V1`QzlMKyTH!2 zwpaSYc{a|ITbYXcB5^8LX+;mky-S>AOg3%;hFc49`bqXE-Mz$>EGCT`zODOm6|Fui z-Ic__I`)g(`7&{BAucX&K8E6W;<96W6>-v^`o($QB~G@8esNp_N<60Z#>A`MHsWN9 z=ohDZjJQ~D#c@M-aKC9b-4VnUEvMU}DsL3ZL-I|(IPclSNiOIY^F;h?%bkYU{*A(M zA8#e@V#3+D{c=MR|Ks5*h~MU1s`D|P&9RuY&JBm9W3gFyCRF+xcqUz}-&Y!Gt|*sID(04#dY0slTrfY^-q~Et z)%Ps#%#}KNirpQBHcQh$ing}g;$p73vv+Y@vAMA}svTEo>M3=0jL((Ixz3JauCryV zVmk`$MT_fMLh|CWQd2S4)0u1PE*5%(6mK4fM z1|;zEnmRjr3Z;%xM{90bvAfh#YAUEHIh9#EuDi3dXOVJ`&*@(pmQ!04o$F8sNm)_) zCu+8}AZc;2qp5pES5L7yX*M*?mD@Udk|ZLzsA#ddj^6ggPymWR>r%^#+Hrc+Qfh-} zon7jM)7+wREuAE#?H$GCR)oTBy-Ujzo0|_Mn~%UJX}*TFwY$`_;-e`mVmfCenQ}da z)-u(_{L|Fg-bKrs^Cf5>hNjfDg#L9Ey5R#@s64iIXj^AzSAOCY7_Y88BBzGeHRl$W zddjs!yV@AXB%T|8Fd{d%P%ba;>~6LpWT2I%Hn49fC6n4{yrftVb7{;&h7q}Wv!_|k zLE79-%L73wn>=|*v1w_!w>?*AYwd(yOWN05jM%VeMP(V&X^3)-$Q>+FE^g~=TAHh0 zyrQRAZXmvQL{2HH#m_G=IW;pg$r$?fLXRQ_836H7p`)2Ll*?U9x(nrEWpic~PAs+4 zBhrc8;_{o9P8yMmpV_PzS1nWKq@1>5M=KJ7!KrUr!pJshU>g!Pm^sl24vjLd0iDv4e|n3Pa6N?pbNbYu$kk2|WfH`he-3vK1j zTrVu$+18v(G*5X2df-GJmf&_tn$E5w(j@4bdJ`^lh-w&NQd76wA&m;fvIlxheEU5T zscorlYlk+qb(Z1TZdi|*-~~-qTqw!zlcGY%%L)N2%JHmmfWf`Lb7UE}79tw7R`}L%rOO?lno1osGHr$#WN$8%!wFoz$C$ z9HzkPHI3;Dlc0_g$~g&#hT6z$nLTnMx8-;mgc*ST4$6f`KDNxrG#NBYpLbJuCt|`9 zFwr|u`bNldvBzdp2c(I$wGxe_AWOI0Bml!LAu5rAT1MSMR!!t|_CwP;q)m`VCQ1q# zn$}*MJkf|8Rppvo52ELzd>)aTZ!VUbx=W_vQ@N~~+o`WWo4vZ8&ZR}zy}3EaqsC|) zfm56lPbsx`b$0ihQan*GJ~z($JwB?mrYek^H9gB^Y^DC`+>Wa#s$X)qgvb|6BC}-7 z^hx86&gXkpFw@8B-|@%hj&}R-*i4Gl0IG;hOdgp=Jds+Djh1L!qPEu%mGioy029qz zO~YhF0@vGd`W6FSTK!|axO!cG1nGMo_EyT1-bGHShzjI6virK z=_#2ZT34>fMOp@|zz_#U?X`)kE@mv3kCR2>uWA-1LE!dsZKMmTBXnhPC+mnpcd1y;<*k>piCvA8&(c0isWH>VnJJmlT7tuE1~7$oDjq8eXE{&6H6%Y&%mb=aG`mb zyy%DCa+nl0q*JF%rtD74@#8ytZH1nyCSN1UxDTZE-p5V0l4x^~d^Wn-f)b(nKP(5r z`?B?8*WN2b)yIgB%xd;GcQWUbg-6Be9x8TpcI10lXO%j-dV7$uo`-3P(8$f4GiNTV zOyla#-q_acpGd25O|U^z96n{^wa@yxJc z^Jz4tt=NS%PTOEeSf|@s_rEW9#^Gr}m<}2U&9V{5y0#z*5o`syZj3ds5|?$hVX#OG-^kM5=O+97{|ch>=#`*@^spO49cpVRf-P8uA_IFE4;>uR zYC1q=8$qV=&wjypqJxi%>w7YvDObIlk zEZ{mU?G&<`#UR2i$5MyI3``^KyPP$mDcN|KJzd5m8XM~ZCt#53xq3IbOvu({`J_q# zL^VrScO%C-+jC`kV`3|zvR*6h<1{d^Y*^8l(#x`gHzFh&-$jA`Wa~dHVidet~4rIaDg(-u9&D_Aq zCOYqm(bhxBs0SH^WfmMZQlZ)5E}qzgLdH9V?a|3f9kv(|ccY&W2{I$;e}5s<|2a(* zS+L>EO6VwML!`#g0^#4@@N{93+J|GLI1hF|dq!JIu+B870kY z9`p*Wl_|U;E9`_9seKVPRIDJm?Zq&WHD7E_c*zDa8Kb0Y7QN;#^B!MB#Dg?(%$r6wzS6Fyk7axGB#Rwu}P9prc!sg z=i?Nyu!9A^dk!l~a`l^(AhD(Oo~f%`OE;n`rB7w5ffTpQYo@p*8LY%O-l{F+T*MSu zdj)}MnJZd9fX*RFygn?nv&!o+`GW_svY;|6I7|;zV}D_ZF|P@cSx#kgx}A?I2_3bW zZaOZ8M~W=*Q{p9C({2ehKoV3HFHENfkCdQvR$+U+BMH{TMPq z4N3Sbwe(y(v#f5@IIqAEF#Cu$*fxC>;&BlJ&1{dc_=rr{S z8#61im}NymfaP*gCq1c*UK0b!MyZ<7;@3RKJnx$4iKj{VNIG!v&L*j2ZZcM95h6Ee z*W#tk<^>9ybyAWsOVpLc z+9XNhunj}1Y=H@l!?I4?wBP}`Qde)9sNCBm6^*k=^}*kae*vjqz@vqwqFS(G;wN(Z zrTiljhS|q}c-!KXaC&oZdl$Rr=J7J`K8s^_Uzu+wEMgkM$|#JT=MUDK>8oIPdbO#O z&e|H%nWU4?B(-(5wH=y-AEHzauDOF}|kIvuQSA1hAUuC36; znn=eCWYQ~o@DxcyLXy_3G{z^T;%KsxZ@iQ|x29fUNN$qk3sH3}Y61 zQHu1211b#FUuA(fyvzQW=p8YqDXu@ znCmKR8U=0$jLx2mZDXY}9#NZaFD1i$FjjYyHZK$NI}{Kao;do<*6LY8w7WcP0YQnu z9hotZ)NJHU?%>Yc3U>0A%k_ca3M~=6d|{jPt(D^d2c<<7dSrL8`hp}Z_k-gxbT4UU zZ&$O{v$=_j@q26GhEeBx&+2DrRp?7%Ip8daTQ^r0cF~r6Exp|~s@ipJF4)Smcwz~4 zL#b3Eu8j-S#9e^_pOR(T+-Y&wpdv#k<3u@vi2*6_pi~C?MaA0DD#e46CQf{$_DD=u zFrfqKe65luWdh|+Dt5CIXp4>X0V5VxNjc0ib1PI>u8>)NmJ0I4Z4XQkpJQmYP9g3p zN;iEFyti3bbG9Q%L9Wd++_HvL!6_GNtx~C-S*TJ#x~T2<&`k(;JD5+bEZ%2{;`=6e ziHdl+wG+tX!I16O(@G1Zf(SjGP`(|{TT)}ZE@$Gh%xiKdTYF)t{L7rEk@habWO$>J zEQxcg(7w3T+S`enEn!{seJDel1o^O_@LADVJJ(m*NaEbiHa~smv%A<;D0S~_Qz>48 zB(=rrs6tYU-(ykjEX>fw42pt}r@e7V7**ISYrG^C@Hp(5g&nl!Zk;i4t70)Hvus`1 zjmY+z#7J`XhtY7MUbW;PrKMzA*uY6@WP;e*z?4pz&La^hEhEX}y21#{#7st=l}AZO zOIS%1aKB?QB7k%NfEm;iXS9_@=y<%Tl$vF%Z#b96skvkyAZgnm8B@zYAjT#v7kwgw`^F=G(uqNk1ZYymn-~ zigd3cNzKYDs4Euuh*Qj~{?F1}Ihq)xgUqnSE8LT9IvG{r4dBcb*18l5iy@Ye@w}{< zYH?x~!1C+cev{87){F8VApkgK#1ya@fpBAxdN{U#3d4lP#ovZ&Db%PHQdsapqhh!5 zaQsjYT2`2bp)`AxG&Q?sDzvb$5-lKt^2!3h@Y8N{YzTy&nKhYlG#)IYH_<`^M$71H z_J^}pEQypWa8-Rf)3(^%V1`twgL`}<)Bp|5^9*~obVgJB)J;Egsnn4-O2xXIfnhR) zv>GM2C*d5JlKyDGT}F9#E0Sj>bFMz@K8#H_78>pp!3ct)-Sl<)y(v5N2eB z=T1G-upW+uHQCk&b7#yNn+vgpjupAYUP`&V;yL0roZYRGKx?Bk+UUxV*%nq(NM)KN zx?eV((Fv{U_arV5U)e_|>0Lt-^PC{?S*N0|nHDIR!IEcn7qh@!fYlO*@_d0lc!K6) z8-{4L>XgSOcXO`xKfu&cvt$)xfFLdD#?`I^c-#S^i_t2|z82No(GnL8%dD{{Zf0<^u`H6`nnqgFav z!Ys9fs$_|qt8&E#wxL_u`1CMPIv*iw8>iu!>uEQ_x!A?MB|H$&%8nXpuBS=DF|hcc z71m(oQ|EL)JZ{pt>X_kv);PfY8BPhFG&3``?8z1^Bcvj6e=Z%6AZ%f$Emw+!R?^3Q zNHSZCpPmexq zL;i1Sxp~H=o^1zCcF5(kU9vmZDKo3=T6(@k`FwPeQaXiT{Tk= zpOWym>$OVRkVzV}xy_+L6UB1{J6bzxc%7wd2Th)G|6u73nLlUt0HRr|VkR_IXveSz z^f9x_a;J;cQsEaLkjK_|SWkZTB=$ZAbu}P$YAqz2ucmP7eXUie9j=rCt=$=!7|64R z2ARz`h-B_AwqTMhsT86v{w1Xr_Sk*nI=_o0; z1X2*?+WcXIq*|)}TWS3|$h!y05kbxU>JqMYvNC=zRoGkwX}%U+3Dr6S#m zj;7#BPstpt{A3v1_KzoAg>s3FMLBkD36w27lv9zRiZ(JYMVM)UBL*}n>&Zw&Q?@P_ z?p0-yKXRcI_i13(0TKy{iMlRa2d1y+6|=q6R>Hh0CNf(&dN753c81lTjs(TFL)lgU zmB~1XX@;5vLd7C6SI;`2hePR!Uk1@F_ELJYyw$&WBU77F$sBRYMpHYx7nhpZo=9w| zR6N5c=__VoBuq1OcFRSTylR9su0tSrT;x^P0ez`DR9QVsT6>+5M|Hhwm*)(J`kOj& z(S1~|+|m+@CVL;#@@wzIoSpTfIcwS>$5q=1Hu&;kbpdTBFF}VDb93f5s6sNxr)<>V z)mW1Yv}Obp$J*1Iyr~zI-qn(a7Z#%sb9aL{;_tF}Ws9is?ePZ%GwmXd8KO)LC33{ZR` zHR~H_j6&XIoVD|j3WqQ>VVfjQD+ittGhGpxv#r=s=BOJEDv7w@Q?2zg#JCeXmm`*a zsmlxsD-MRmUT(41aa5*UWT}R3tX-h}OWR#fPa724mKRn?U+N9AOi9dya-oG+V&y

    6viEiDShZG&X@^XG(#7)9QkUL{(bL66 zmc2TpM?01?SJ_0ecst6XxvNBJzvI^y{M=G=G-FPsxX8+w#`LL6iLf}7mn@T7GkBq}l{pl+Cipbt<6&mA z$JH@F*+o{I6N5UugKS)t?HsI>$BJ%6j;gBc;n(BtKFBIh$F5)#W{JKgutc*k zd7HvSQ*d|1lUN0Nh73zr=76c_OPV1$)EOJKnNE^0)+a_hwTL52BVleJ45bg2E%r53 z)<{2bF(Y}|JrN!LdP(-B5N%1MVoRcjiNb~eK8G~FbAQZDdTQ-45_r3PqI#Zgwj`Oo zfw3uOz}9bY;a5D7C?4U(%7Zi7c4^I*BP%R*!K;q6z%emzGLLlJrg z)Wh|3_z1_*!*y`MqQ(qQ3*e=I%9TrOAWrPGPVCG^n^V4S9+XdypAE&LB;bn3$ev3owomN|2 z{CGn``7LICEMJ0-AfLU1dbqy^G|RTj^hSExGWVvXGE{XR65csO>$fAo?Zvn_E+eNB z@seby_OQC_iFq)Sqe2M9)ul3OU~N^Nt+}!^L)E(CH|WB#3&f>~Jj8LuD}Qm*#I{M# zm$T1~&C;J&k$9;|`Bl_B#& zuW2Xm2$k8|#KI~tP&!lz8A21&^d%R8{j)4C_AF=1fhC*PquS!>SI;2%mWF+mkDI@; zTvma$!-mzw+ewVQtyNp(rAMrH6*>PH7C4yqr7j)3!3aJm)3y=^DRpSLqQNCpqRwsh zi}cg~6|oR7bj%tS6Mn!_Egnm{TahqKiVTazMexK&1NneK2V>)Mq4AmQrLnoiovj>C zL!*SRA0$(^GFdpOmF$StvkuOW_tiV&A!3yKYjsAGO)+P zC>uU91GO0#t$3rE{@$hDOVpv3Mq>f($y$F4`W9IH;hf$M4$En?m)9-C@lvmxL*i3i z`s&CEJahk}!uk~>g%y;smFTbN$3(3?}niS0nuWb0J#hcKGz_h>A7QR+MIWFV-ZKfcg zlQfJ%&@?Gk(gPEGzA2gwOPi}MEYBn>f)LY?;*fzqP1DUrL5ldX9CH0)a*bg~6yj{X zFP8{L#6j$}LHUR87Wik*2G~~^Wq5aV7&5z;l@t}MsK&@@uzG{UOnjC$kIlADN7mA_ z*`}{r>QhaU=N2dWCGSE7pRjz4{j$1~D~QudeZiakavRfM_lGlO-Zk908(?#g5M2 zR-EYZ>uW54>_daFjTr$tk!)SBNNyt^9{4V0Rys|)s4;cWl%C)yAV zkk__DqGp&CvYYuhWcmRawKB-Q8j@6#>vMEi)x{vwP5T`TYx+5# zM9DSg!dnFBdwmGBjCQdN1 znB4gilvbV+21%JDl9(u!XUgT2x+bzUX7WO7Rxssa{^;Ig!^a$A<`_^HrWhZlV}<5R zh|vVLx9?Q`pvf!hW2KT#DwA@7%xiwoR_}ioD?^ zp=veS>mm|Q?TE=tCRZ|f-&D)n3?O?dD-&Y)S|gwCn;1LlC^wR~yNAr%l(MPLs+KJs$nef40x#`)yit+w z=*-(r`~dAPIS^!+7Ou!yadvNjfl( z)y_JNEg{iWJJ@--M`gL@^L9EUPkT9hpKNZU!IG9y=9+jRdE8T2ij-p6$u>D=Da9jB zQopk4;tHwSua4NyGhi6g@$iqO`X{DG)H)sX&MDRT2iTk{xHT5AC9m}c+}m%dAvYJ@ zrrBzYy>D<}`1En6K{7c8;oI2%6sBjtOtJIHmZLGN$5{rx>fmGG6E9Oza7e(Nsk*9I z-DyY1S9kI!$Bp?18>|40T_`aOnvG$I3a2@$H#&Yh(@x`M%dcdz zHIhp9<%oDmtcjD|Ys<>K*dJM)Yc#uD2-)mX(B2D+rB5n5D=oZgqnOUrOrP|fx~d&X zQztd+4YiNT+FuS06kW-#uBxpfb1JAGw!{++kz}?l;pzn(p1hTnvG1H|vxHBJveUu; z%L4fbYd^zHgPzX^@j8&3V?rvUH_pEX=Gja`tvOTJBD7qlY<1kq&KTsw83V=oZIXxs zTG?tozG0DVu8YLb&_pKcIKmnfs&Ns9e@m$~EWQwFelR5&712U`HwIbeA3w`BwzI1z zJVm40;yFD1h>Fc9vGrcI6IB$X_eiG-yx=v{KNk0%tDge0!x`?J zg&LOG@xensc37dmV9#!yrw9sFFS)x9LslLoq#wFvMU1*hmKDY3$UOw=;wxvzUI0A{8HL zH#15m1w_=|h_Q=PByL*BZ55iW7aEh4r6(T8jzYz$M0r!qUWq*{d>NgSYx)#UC>>V; z6W8BMGh4ZO&&TBJ^81(VqxtrQcy}{+WZk~m57W!PD6dK<0!U?LK0RL>%}s11Y&d_j z8V`uRHLWLA-XCwVZJ@EWbmSwFKN%lTq)ckY%C$dXGb0(;S-w47Vq`QVYfw>9#_81B z)oR+o+_kxJhfXWrCF#`D(^()|w-gayWd`CMZo9*((e^6Qvq(^9<@g&fiPk61tF z$6^JCQaB^7x#gUq3Fe;U%y*~91oy7ack_3RLV{*@HKTl!4cEi${hI$>zvpTBq{UD; zBv|qGy6xcDSXeSh=*P?D{W%_D`xXz;@C4s((x6#FJx^D|;yx>>f099t+pIC|$0&Bt z`qtRRMm1e(1Lw82Ok5(F_)ev~m^a?KJ1EZ3!%I#OAb6fldImQ2WuFqJEB>&z{-&g2oHzdD#uIYWtMbny!H}4${i_cq=V^%S!sAdK%nR z@#_wLLO;$lBBn7PC@qSvnToSVeD%R2Q%02^^ALePB1h)4y3SD_BM)i_S=XMhX}>J8 zVKSmQolda5Ca{(VYHYGZ=$GGS2cPsHSxo-$sn&i8?a#LPM>h0D?({#U^Ebx$I+#{e zXr*F9MXMx_(jyc}`uj3mSPhy*$0c0W)^RzyED^tK<2bE76~-K<lR4{Mn$LeGD zaAQ`2e?)aieVrrLhZ#N|Et7MNMzM^ep09T_V{GV4bRT0(%xwM$=6Bg!@hT2E;@Ka6 zE-oEIEPs1F$|p^1#k&l|+V9W))stslqS6-*dFd*Y3L)#TXfv-*r8TGOWN~qY3~>Yu ze}q7Xl~cK=v&3l@S5}KWjqe3jA1eI;IE09OD9Y@>@P{f}w257@)==?rohILsf;AP#Cf7L>X*igtGkCIr@A8*U(FnM{cg_gFTBFRc?AA^1e zBupB6L!)`=J1)thAW)ADt!hs-gOb0-S!D>r_rxprgy&D0ykO3}`H}wWVKg5R4O{cq z-acxvFyAa3W2`81AEsPPy+nmtd3Kfq>FQf@^NW5w!p?pqrzJxVD~XDXH>0qzHhjn` z{(@C(sPf_#?~WZrOOn44B5mNWnj^tt-@kel$g8C8Pg11Jbsx>luj>Vjt zF~@Z-OQw_fTZ7U3kgGrc_n&+7{f~%|Oz$Q#_4S>E&Mv-=X7A*-rtg2Ik}CPUqpcJ8 zayHv+VjkHoWxbiIPuDGQ|@)Cc;V!3oR=dv`wmMR>E;4A0+xkuK`3*who>tWU4 zIBkd)B!9LnXdkmp2dbUSv4928*uLf#cIKEx;gbOIxvNM?vZqODT995gLP%b|+{eez zb8Jp^HjQ*KPh-etV-uGgzGg$G;{2L$8Wmf+Dn9kdcy>P!YcG8o)5jYS%ET~~tG#Dh z{Y}vUuZW7|6)%Zed;3?I4&}%^A<-() z91H4HY|`|9NzI+Xh>q~$TDr9$SyOGntkPl~t>H2&Dz#@B6&tpSB(`iC5S>wf)pAw$ zaSSLWPFAG}rtM?P#;KxxG(MXaq$q{KLD`)yjj&Bbj+CZaNZ({&vw(c*S|nb7p;WDu z#5G6>6^6XILnJK1Mp2lSdUro$C5I?!A1#FvT5RD!h}W73tHmfX#6*0`HRoSi(7PED zmL{6X7fMUEDb$zBmPlnG32b%-5`4T&Rz*-n5?ddct6GATp2>cF#&G!rIdtk?>VH5M zUpa?AB1K1$Qv6G=+Y3Dsm>TVrJeC^HM;c2b1j>^lt9AK%$!2MUzolMn9E>0Y_KFX&PrMFBs9ONR^LH-{!7xq%QDpirKk+1U2O(5th+>R$zE5t zlOH2;zJ)$Qhc(-lM*Tm650B6dkFGjlYYuukZpbcv{EGvjA>In#2~3)Uio#Lb|Igy6BL7pns%JzvK;&GP zw?EL3_!Hn4`=BfHFeQQ+L}B8|Ma!q!*Yq&h+R02+4#pw*a`zhZ&W2~h@nJhZt*Y4C zX36;ZF@>HU@{4=;XP?3OdXe zhbxF13agfn-Qw5-=O)7v*d(k8?aN{eaC|&}VTaa*tsVF_GVjj@ z2FUa;9W#?mu|TggE~tDshDA~M<7XLn2urqw86zTm4c{D9;g1Mad2B|U8CX?wn=$Ps z&EU_y6aCs5svoQy@!XHka7wmu^r6=`dMoS7P~DwCRoa`(`+oYgf+Van;tc}Ze!&a9 z(EcoheQU%PE^g|u=3#HgXcH|&Uyr1@Bg1+~bGGWTD@{o+?2iJjIVrD@*@uf@3*=g+ zXWAAreV6RiG+5c;P!{VR?OpR1Z5t|WJWu3r2cRu_FtV4jousc#An0XfyND#`xZ0jatbg$>0sZ!bs1AX zXU?n~JNruu-I7&K>u}007|-<~SaJ5s6S7;}f;Wq=Y~iT!SM|E2iV^bl`lO~iBH2C` z$;=Q<&x?miU~{~`wFl;^MG2756cVtNrKVCX^6zS1d& zXZ>#<25WYK!+``lm=Y{wq_!R$548%sswMU*P-(oj2a%;}6R*oV`lU2FMO@iDQ&d zX7|U~#tUbJu?5hv&2fgbWIkA}RwaL2%`|2Fjf7q!ZRH;{t4tk>)$p*|h5j!d^ z#Mda$A>La+An8M2L|{Jfcf}FM1K#ugLA;BJhgF3@!;zRYRe_cVGr8CNu;BE@CwW%M`z-4J;h)~iXnb8)6Elrb$l4;l7 z89$2Gfy{0#io@U1_5?vxS4&dq9S8*`0}vgZ&j&Z@ILGnFMn}(?yI{tg*_?GcHaE@< z;_>lKK7KQFd}T7H>G%lEW!_PGU>)-KXuvej^p?L~YJW6DL;%^Q756Vlo!<-0_yCx%>j!|p@$%fVkvaEv`aiXG4p4b@>I_vLb1ul#KE?T>9 zbu>iq!ZQ7xa-)D|_{c!3F=AszH%=j0s494DrzHCQ6~!o25YxhUXSE6s4>bLI%PXQp zFT`B9X4;G4W73=WwoMI~&WmlVUfvpr|Ir2Ni;R^{&GZY5kvY<>$*E4re4){wSJ+id zGp8gvIjZ6>i-)9AA~i&wDfBahGzeC?_dZ%uJkdV5!lw|Ejp?Yp%>Tuva>U=wLF<@w zf@%!K;))ZSkvo(kd~b=%jyE>P$?-5g3i~s@iyrZs_L7Lgny?EaJ`I9(Xw$nNuO)62 zYh~2A|+K%}hxn8lsP1WJ$T)gm&m0w5U|D zkv}Fr)?$gq<^XVa=ke?~=VvtMu|MUI9h-5-=EgMc*|=xEyJ=J{B9o71$EC zIcikxOg_z)U%;}n%!h+IyT|5^;_tfT4(&Xtt#es!+zJ+?D<&-MY+q5pHt%fg?j28# zj@Djmq5Ohkp?xfWff|K~=or`9(L14e)V>vI__S4T?W`HIrlh?Z-8iatGDaWlonL^< zWUOr}jx_t^04+NCkYUe(3l~hy@0X@i`!Im>Q+TsjE2Ocx{cw`j9%&Sy4Mr5LTdf=P z**AF2u`YY0qRn!6N{u&?e`bM$(o0x(<)@rzgpFx6dcQpH(U00QH+t`}dym;;6hD%O zujYzQGdq`ZvWl5Ah7QebgHUbxsmO8uFi=OA1q3MJvp$xqi*!50}mXX+ika; zZbuC}aP;WhL3~S!x_ekHPt1nx9e&5Pm-;;e$WI1u2j1ySG{;3M~hZsUe}JRmTQqEr`6PS?%;*zvdIQ1Y4y3QFI{~>-^#&D z2~89!&VZCFS6@gYY2cIAlY1@t38+qE6s?X}%laOm`;YWJL9)lmA^JVM$g2yLS=AzX zHqCuLmJjtks!)z8rQHvET%M)4_~dfqpT7GCrS^EfT+Ilr zgiNbepA&j*owSjvHb4;jOgiuc%#-q|mGd}xoPpyM>SoHzCT2rJ>5Fl@(a)Mnx#vLN zhx;DQC+E-%D>CRg3VWdMKFIf2->O{oI_Om2=aN~wiLlnv}MtB5nbYZK4*h;XnKR#8mU$mtEeOFK} zrPES6+xM7Q>tBOp7Kian{WWL?{`xxVc>ImXhk3Io&WoP25>{v6U zonVqfC_@-=4IRIcB#+QKslSz3fna%KITR#Hg&d;2&9Lj0(4tBqbPcJAG^J!o=nOMf zZJ>r<8do|1iNY;Y=xoy&XRp3Yb>-?qGnK?xv7y#|&x3R?7GPr5(UhR+^*QQ6f2wWb zHtDOC%=1+?GE~8%Ge1GGV^l0Wyyjx5_cp6n_JXvx(T3TnhQR2TWJvjWbuKS5#3W-> z_%9LG@FE1Y#`is}jMaJOF^P0dD%Extg)*_K%b=J{Hr8j+s6-}G70TjX$q$(=%)ra( zE<|!Asc}lo6e-E{ZEpE=YWwamaY|!jTR`NN1p|XN^8AZN{|6E=DK%q;*`Vof>AR-y z>b@_LQ+L;Le@)*_eb@J0gXJeKtD|l8j{Pd%y{~Cc;!U;EBFRs*#C?qVZHo+9qRD(T6rMye7j^8xP6lGQzDo zEzF16psuMc1BOD#`ao@#A7O;c%nEf| zQN>bPYE`fN|36A@-EWP<8U}SP zw~m(U`p9ms-Yl0nL^b$%AKh~2pLg+qAN28iJM5#|+M(t@)YqWxw22oqS$`Hhlw|iw zQ6c1Ig@6@i_qEY3_Db`_wpRXlWzUj!-fi_CMrwS|a$0|6SL@~Q^x))Uh_#+SH^5d2 zDPyZG&e``>Mkl)rkOcI!eYZf?Gb=q|W zaV6npD=}M5Z^W9#tPyYnje|HnSp9vD9?bRtLxa$f{0YoRVbm%mV#d7q5g{E61!)k;C=+g^l)5vq(to*(nt}232c=`_ zFN=x$V0x%b$mpC;JE)WvQ1X4GGmUFA;ogYFjJZ;1o+`ryW3n!ucdokR-=XIbW`q{~ zCIDsS2NIG8rKg@eqQ1$z2r4PlDDkLqq*m-a_BZAE*h=zU`o?G+PPS8AlAYpz8TAzZ zld0?|Ripa&sA_aSmrnIG@oM7#qzptn0)_5LLrY>L-kFcrLQ^KVwmzb%pR}4m`lfoS zxKye)b$pIpKRa_Zjv-#v_vH9vb4SO%xMK&+Q`Nb$hUCtDa9LFs3;T>8L7KsyS9gDW zveb~>U5`<6lg@-n%f1TZGY6Q75^+AWl6lgY>${$DNK6e9vTW8w9XM5bbY?kU;yev% z#*~^()iW{^jG|=eNanDVNqs6=t1#?*1#x53Q8HQ{q99WTD?J$2ZmdgEATO)>U`>{1 z7Cf02X2!Um#Fy-r#kz*>{a-Y|rN3NGT0{&q_Xjk=mb{X9(hoLL_lsN*PJVDH!C2;+ zrm%%U;#L=lWH4&DBpaY`<@m*=Bc)~PxTPW!REdd@(3jqnOFig;fh1oUHbXzMiO}|D z6^W9Uf(;F(3o$!|^*x%>YE6gQG*FeAD@IEig1Jk}A*^Kl8PyoXR!>HGY1Subk9BWg zUWhF+S6Mj5!vSr@+A@7uKd_29i}rjDFTR=})oBA{bIwLi+Ww)~2U)S=&~hKesC;r5 zoCiL}KI{0(;gg=0b2dz#bPex@h)rV+f~pV=8G039o@>R##uNgBhTdcoNG-P%wnCA) z>60<6UWuSp>ZO%S$*k5g*52w%DCri8c!*?9DqHp9E606Je_$e6ur7HrWG5Ogk*!k9 zu$A*m>1e%doCk6X=FOOeX;^Iqy!vc!y%lG494N5*t$5hgp`o{_k+v0-OqzZc35lw) zs8~gIzBY|m*#~0S>R)qM3vWz%#w`|gYn(3suf22avFkeT`@GhtIC(*YLOD{!CT=S@ zGF)2@+{72yuG_*ej1f5!C!%JUx!9G_7gQX_ZY`UVBG;}GijXj6;iIcKlSbNN5lwKn^nE@Xb3KF+~e<&A(%Cw$-c zjV+frfw0e=u|V|O(s|)<(&`+4@ZmVc5@4!*=(pze9J=b7vETgtxr5(OvIvi{gTbg+ zk!})Gc*=O=ZwX)6b`{ts+=yg8c3tZ&qZ{v3J;PsA;U(4K?}j=I7l zapkdqN~4Si(%3V=3AJ7(FZJfe@f-ZahR7;w7L^Q3$bHVRpaLy+dnUj)X&bZI{f*!S zed{BU&|d0OWpa@H+W*kvEq4X;qX-3>dwt?q;NECKl|6eMxfI3~%)JMVl)@27&~xos z)g?zK2tWX{uuuAkGYy4a_0JW@&dvrK8Sx(^k!JM`gs-9qLXr7~YapakQBWgRCd{7u z6z8#g$~fz>id4*2C*lajX96s?%LoE6?OC?r9@dlnvaul@tVOe)jKMd`gt_3HVpFMj zni=pwRDQ5QlCzC0W`DX;num2%DS}bidv<6xV<1kZ&zw*^)J?UvD!Sg2Ic~|pm`+?I zhT7`N)JP0sa%4S%>ayOtX`#~?{rEIL*l|M zs3eiay(>`|yBue}u5K70x&Cdh>~u?LMGbWPbHVTN9b4wHo&};varB$yS_DT!(8H~8 z9!{>rcf#EjqP%_oyTKwgM=TBxIfW_DWjX^MM^i>AC02v^AAjKsU;N~gUzT7h#m0Ik z*65T21L0>sYHE-@#cBs5-V&g*W7<`OsW)WxV2hOC{nC;JmP0rSx&ANdn~0*qt`3$| z@Dld-$*bGfIC?|hCEeg0P~e)iKBInXEBx$N=awXhifmHIW;WxM$r7#jxOJ%ImJWF*qb-5}9==dP+4+_3R!4K}_u-g3_qtvALHQ z$l-s{AET5yA3LqM{``{fs8qDbjec@W9%0yD%FbR zvUBBKAKK;>VO|hBSVMP-)^I18KIyBH>Wrb4S#_>kpY8n%Ml7{nXx8StAI%y&boy|q z1ZmXYW4A%M8#&anD2n^^x7>xKjFBjnVvOJ-up~+a%h6==3xIkBJcDgQy=EwA$#7i> zzPuPBY~1rbN-E`~Qi>49wcq18W{ijGV-gJ$N>dGKGj{bZ%l;mkV+0t7HNmly& zL?0v78{RznsI)=P5}k692q?bo_gJA~PX*8U{kCKdAUl zE2c^TU~*5>-vgOf9$1{X3uBxckOl;E?kRBzLcA~^B`FoJddXcli5&rNTVX^hM+ZZc zGmHi)Ac5_;dK#@0duoxMTlCq^6thSHrRj1=Tz@%fk~pNbsl%Du`>3&C#r$TML*pmV zq9jKaaI7rzL^UgeMG4aQC9&gKEC*=+345W66|kZf6Ic=%&v*F@*UZ@lsU3NSZ*Z!6 z7Ru4nU!DYGbDSDsU_N5Ov=3(F$KaX=F2G**4B7H8_x{G?CF@gJo{rO&LgC~9Epgk% zqnFi6*+e3xXXPF{gj52kTj^Yl$gBDhsl45X8?8%7&6;d!B`$=Bvt?M=`94DT1`wb& zBdJmHe19D15DSX6+1 zO1{Lg6rY3;)*yj{tP(sYDBNXct-<+* zm2xN)w=6Lu^Mf}kIVZxQ2;Ie1&ui025pz+_lBh|{PBY}%diMbY>dRikl|UNPBK0yr zJEVRZ{NnSh;8!jqi_FKnNT*!4yGvLjLmZJy#|QC(y}EA6{JeUOAMQ%p9NDJ|o_y>! zgj14Fd8bZHv1Bh}e@cXf+L=29vFYUF5^pU|HO(!*GlLUgB}cr}6LjPD{Ln^rF@s)V zCuQ*lZU|L%$dSR!Q!N(Mb*Z^wZo6C32O3eIHg#|_hq&2$j6qtj-ZraozUQ7ht_)2xkab{oZ z@_hN?P80t&3#&QSXtZ`Ii=qAubDeaP+_u$iCJL8+ESBQ)O;E`a0YNh4HqO}iaSQ+8 zLJ0GDu-gQ&EJhU!gq=%JGc$&Sb&gl#G0xEU84n%x1tnH#%v#&ixY_eGCQ~e-001K9 zoJPzh)3{`pc2XcPsQgoyYq#S5%gm=vBuO9gBO@U*6P+P`QJ~NrxDGV6JCqE~;@l1l z`x$D^u^-0ey@WgE+=<(-GV)R$sCE@Gw95j+!@~3P$wp}bO_K54xAVd96Gsy1SgYX+ z4Um<|9g$LsFtlwklf8c}+mNqse$CM1Rwe$i^Ubfb$2TyWrAJD|kq@XF=*W_sFK$TK z@hchCocC&2IDKAzhYEX4pM>S_b{oVkd`PXSuc!iognAKV*0`)QBWp~Cc@}Hy10%9u zL7XLvV2;;@oydY$c@o4l3o@dkm=~-T4a#vLZ?0oi+(iZtgz+Y{kWO*5YEF7V_9zoiACE zTs*o}g~U;?Qk;wOEk6CZO&z`E$=8RKWZoFhbYeUuBqIOCa@-#2q0CHq>@TX+_`t)o zG85doxISrbI9larQmSNv9+@!Ai$>wBUzV&lb!CCXK_Aat*$i*AO05?!N9mpSr4 zvXp8sf$=DlCB&SB;Bi>s9=9rGPq8#R*OhMn(gsj}>(qFWh~*0tvPiCk2~ue{8l=lI zScSSRmJg7iMN3W#slt>Ie{>!qj7G*={;d>WzG{iJ$ZMQdUmv`y_cl9hPwp-;S(ZJ- zGUwt`%3_Sbz&`>CRLBHLEOXZ0^z6(g1r-U{a(ik(BM4y{YQRu?FbrJFJZyqa3Sft( zyV1Fyly`^&>q2put8V%`1*mQ&R1yFR)339G94U2{axYMIas0PNMBxETe!)gSEff;) z)ztLbH7%_QifeX*KNp+{9x=rQM`}Nf>k&AbTd=Q4#NS_ zRkLd70M~TRNDLY;NX^SZZF~RsUp#+&x1WrPumbOYaeT|1%uDt`EL}=*T`{2QZ>KLbd$IwhL_!jLxIXZJ6_=H!3xakOr@ zA%g2#^#1AJ{0b`k#AK3hs@aq=i^q&E*;})rj$(o<^M)PcrEIdoOePuyGjkNqZAS%j zwM06`oJ#9y0EDm?#7%{gtMy{LUe) zEMXpVwY~qLeP3ztCpImk41b%0H5dsXW7ZaBcun zFQ!`-RGxX0-}U=Q<@4$3Zs(UekEA-va%no`Ut*rldrlfL{}Hsi&esz0+Q=mTTeZI~ z9`-XNz5xKS4>vkuNi#nhqkax!phf=PM}xx@z!&0k^uP{(tYIwgi266kUD~9)I=m4g4^K^Z_`czo79|# z1ujSe>XTSR0n+(PN+&;xOVyDnQ@wFrJ#A)}sUFPAL6J@OOfczAcvcua7uF26^ZX~WQk{q1Kd7?pNpXB;} zM=yQdq#Nhb_QUvxKN~B?NksEX$EBoUQ#$FBy~Nv)q&Py2!!RuzNg>ZeWwrajK;epd zC2e{iZ#;v!MW>Pwq=cj;ml-n7zwJ2*YHH_^^G3Yi$#42jwa-xYs*5t6#MY33?Ui$j za^wxN?G9sXy0i=Y28t$3#_L0mE^Tw0n_egEmp{pacnffG@)hbTyY?c8uQN#?hL=2~ zLaT$&_`_t&wA9?Tymj@Nou|KX@NB$phjCvKu%Z)Iw*~LM*!q;Nq+ERQv!CP5ZKJOx zuvCO>J4X2{U47~=qzALGzjR1sT%im~a{v1pihtdx4fE8BbcQnkpS+Nw*;%*XL)NT2 zrysWS=G= zy$R&9IlBclv=5z4c05QG1e)9O$bp>O63<)4aWMwZaNrGNuDYVS55vw+I^NSE%kWc{ zmJ=mRG=N*=rs_wBXC`;hw4)Zhrpd23guyPmHYQwW%49^@e z+aH1vIZ)8y-JTqXz0r!0qIMmUk8{cJ-kNY%KM3D9YrMZ95Rs_FiQw=@!2>_T?|u#G z?bI9kVVfkZ9^J4`QwR@H9TPlX36!nUn%(_=r3^=|5RcKowe>0 z#A-hLD=W6s0}|VaHifEXwGtHzrZb3oI_+H$1w7KBj9{IQccpFWUA(FLbd{xcSJlUq zw2I->wTp&@jjS@kKur-eZ8C*4bV~S^{LF@K<^}eg4kk z%HH9(_jb3Z>YFJs9S0GJC{U;qC)MTSc88}Fs&wjX1SUrk%}O^pNQMChIcuVe(pStd z(&xM|rP?H)rPQr04iWwxzr*3;CZf;V_MVBGJ!@RZyxpuH(Y0MLczT4%c$%3_@=yYm9mXc4(V*whA#9 z{blwYvJ}5Hs7ftnoq20Uu!+1oN%t_YZ(HpFlALvoFfIVWn=pF0N236vFi5ZK64NY~ zbMn~V1nX-X?N~teaWcAE$eVqo&gL;lv6Pwinkp7ukj!N*z1^$bLrKn%%GjdDL}r#G z_j8~1cs1-~oYF-+UHXHwo=9C($@MtF)$LQSvQ$}|PXn1fp&o2t9$BoiR;H_5&T7RC zc7)zJwf#eZfObeM3^L77K>ZQzo#e&z z_~*#Pi6M$F%GyoMC1NofEiaXg&e*x%DrE44n$L_BOoq+8x220D=%^9DPcDOOk0=_$ zb$|Yp51}S!Osw=ma|MjK$fk%-=$>2T)mZ6UMyAUk3m3KN@Ks_oO<)-c#P&I@RaR7m zZLzp!6^t4s6_}Y5B6S2eL)h`QPne`Q-uG{84i2tcO&)v;qXD~?b>Na3GN5SoE4cjG`#-enX1ZD)tw0ldmKJ2Qx_rP9 zEmvPiK7e~?@o&HUh0l*D7RorfyKCY|VWx69qGoY8!sp>{ZYwyx_LmVf`NFAaCO73|mv|sZ45z?Op*#0Z|*l_}J^rI+csb@xCq)MqH-u zn0q&>rBs(eC+7DA0~7Vo@qC??@{YQdaJu9pb~*-1$yz?8E7kEpAdI!t4to;72poU`Qcq^5n-0O1?`E zcEpHz2xzvIM~T3r%vRhgfm6sI`*+Ca?uRNJHMg#r5ogvFFgSyLNVQrq6iO;CP?fOQ z`jg?QXH5PAqP?nr)x2;ncaOee;R=5E@{1ZaE9!nOhh`lBnHuzI6~~V#%Tlc zNhy%&97zeCcNYqEbYZ++5jg)|F=`Gf<~>LAq&y-kH3HMF=h!@TqUVS|=@{3-?neoA zlT%I!XS|7|JhnZfZrkH6F66kzKh-FS5<~=1}FP(86uCNp}pD#1LGi zY>rcPw1HuaK&}L(@tjDxpP0Blynk99Ty zdC(hrWbb6MT__!jh{nC~Y9vcxqEEdZ844w1MCow@cHMhI(;X*ILn6(Xc#F}DJ}TE|F_iQSb~8jEr2clbi7 zr1V9xp^*%PAxo|&m<0`IC8fOsW*aNC5#(ELV${1(#a^d~e=|Ber?JF4X*wHzo#jjW zu1EG!M*`XjVKo9Jsp!C-Pd)ZEP1xh>K73~FRW?CkWIVXj(bR>rU?fR)!LRd{--x*d zWImP;CdraidZLb2VuK40nO|xF7t)7?(u)Tb1@chUk-*$ulq^Zppe+rp&Yidhr>bS@ z@@#sz_$lzGw_{VA<5g=99sf^(lb9lJP8&Co91m*sXeb{@VfkJ{qbF4^FpR-~>2knq z&I8(<6ARvdnOw1#7`Zxup?Vl@iItv`SzxMP-5{eUKn1uS-#EU_-*W*mSN%m1#5=Cl zq1+MIV%zLSDHX9mVMWQbk)hGVU&I8m*tveV?7YewEG3dd$}*c0DV4&DR(R0Iq$V#+<4>|s#Uio)@a*Vr+5MLTa8jY!9vet`$64=eYlD=JC{?ZxqYUl$0q zjO*j@isz)D|2x#P`z5!Lh04AHC*0MiOt?RxQ4cmU7%I?`baLDm&|sT#s3t z@0oFbiYz0Ktfm;g5M~iG^5oUYj`4XCL5{Wq@A$ceqaDXVC(@m0A-Mmg{~CckjheReW=*{_1^XreTjp9r9AZl-?1okh9p^Hs!i=IEI3?8NX4W6pCSZzGEC z(WdfKmN0YpElcN&0AOLGm~M$I#|=8Mkm$aKx=tEQW<84^8)_9T@fT-mFsQurEz5OL z?5=Bfd^eQL)^3XJElmZKFbbiQQ&0ZC<0~4NM)qaqhYi3stG6Vk#H>`k5Y_>+77(pI z`3U#M@!y4tmP{%JUP|3q4ZT`Y3Ks2XNhwu-ojDYld>=j16LCnONA)XQA5ngkj>D5k z2c+vg=sm-a!L4XGODZG)k?k#KD_d#yw*@+S*cxJZiqW8?{G^;XhAJSQWjYNuhNEsQ z=7SpleC;Rf6nr140?WXH=B3RFNjVY1$}p#Vs|?s2M9!}XX&tIWHXcOK0mMQ};FCqa zH2{ZJBG4K!oY^}Os8;5|Ohf&Rcb5QITTZiYUfX%D&ydy3LF2`wfs*KYIUN%sN4r0z z9H<%}6AiTR{^{?zVS)}>Ty%J}9!fl{4*+L|H7Zxz!3@WRwIjj@sY27FIgczj4WzV> zS|$7z)Cpts?!Mpry?*?gUtLIldrWUwj^>E?>Y}e|kZO-q&l3t>u-wgCu%=9d{WE3( z;Ax7X8FE65*dijIj?1HaHsvWzFzNSBd>D}>oPyNtA$e_lp7=Hp$%#W{J!ETB+0UVl zgQ}jz&6mq`aBux-J3^XXaoI{V)OFO|=o1hSrahOfYDGoTwDB=K<)jZ%DHqXxt@K>K zm8)$>V~ER7Gon2u7&zI1qC2P@x5hHp(3df%mR+H0XuvRpI!g*h#X-8oE^!0oQRU|P zxkQGwN0fjZ#6A!v`(T4U76&P^8cp;svWlQRsg&EDiN8#E#~!WHRpHh(Y$|e2{If zGCms}d604j8g7UD$uIN`U~}H1DlC$p+&xF+BiB`dj*>9~2;wx(QZeOi6e0Uq?PPM@ z;}V*5sa~^`jpP5FYqID>*AtYBC0BG5VDWE$AJJ^nPsqn{X%5R;ZE)7!v;*k?VSomI zOoJ?KTY!jjr1TQb!9b-uYtOBmkBoYA6$yI)4MSr~un%g4huL*IDTD6p9&SIgzvCBE zuekF*{myu-g0d?vYUCMasmNtKR=4Je>q$=)p}zr_eep@y!l8qTPkr%;RVgp9q>5pt zbI}n+#ZO6fB9Q0;ACBK-&H7H5=W+1eV%A)NorE;GQW92qCwV!UUee>V2CV?kOBx^9 zCRC`Tu7=Xu@Y(udCZ=dpCxJHUh&arCqhX^2qVgJ9rEGl4uMP?rAFw{R3^>AQLVrSe ztBcb$tdnud1}J$nSXRaHQ8d6Rs@Bzj)$sHf@BYJAzAPN*WNk10{>Sppe*dwHN>~Go z4E%;jKlVW0haN|}PwgG;ayF;KMEREDobuA%TEWq>v?Xiqt`9f^QXo3sz~WzRf)|h} z(3|X>EMdkw{U8&&rsTQH*ePAJDv5HA7fFYn%IM<1lteXiUQ;pZiZXeVHi5t#XUJdM_#_2L7fG*(TMnC~=> zvuW#2G8r|KtcC^1l9_=JL+_m8fAAGR-&d`$DescC!w!0G+K;1OQYsPG2egb%tkpqN zl!^izq+Bl$4&Jg7y6_@Cra;I1lDXxhPl&bUyjEXUc4qj$Bkst8`WBk`AIbc6-m6ny zd%U7N%uK+sKDicPFlGt0l z=M-*c`8z;=xB?2~rTTEx%OTurTtEX4!hN4l02+?F_L!u>vm}Eh0 znB+RA2-Rkj<2jetnjnFm3V-}5-a?A$8sMg5O6SRpbm7HLfBE=g=b2p&j9*yr-{-cj zURYe)-+p>~f8+Q~81)`FGNhvu+F>%nT%?&RP-Nb9&`leJ(LD8PP(gNMTdh2+sm1_-FHTqnl3ZD@#08=}%Q2xPK5$j|!f;9Uf9}|rls>W zG|F_KWiK3r!7+1&@?iV$=o(jNZSUrUt6o$3G*Ad1?)jieV z1wTqQD_j+2T}tX6{X3ugtqAVgJB8)9L2J3~UitC+ih6!)>y#W#JB_A`6hD1sC%S>m zje=xt;cwW}%xlFUhMxf=EU#RXEd>OG?I~H1RM?d>UYVHXGE9%$TcyU4PZzNlNevw! zY)m4Y%%g*QjnCJTfzT=@RtK+Ch-r;6kHKz!8?&m z>Q1?fpp+`_U$UZ?Kh#M+_InGq5VM4#QDB=|Q987WNK}i=F?z09h;YU9dd-Y#SIoPA zTU51s9+ox{d1#ff53|G(bvnPFJj(N$iK1+Dy-Cn@v5JqP8dCA|;%#KreJe}kUt-bK z#Gn2Jr`eDwHL^-xcC2UP2~Cuf{B-*sT{FAQMugkoNFF89Snh%rQ@mQmR? zGSaQLhR|8x3SoL8XTsiQy0Oy>Lxo#?lUec(n$c-lruQADsF-W3a**cW-1t$lVZn6> zsXfW^Oq~|d#9qzVr^%)%jH+5n*ax{iYtm#(D!RRqZ#{)v^P0{&CghyOw4hV09OwXK z(+hnh5`sgCq_!vTBvO7hr`dlu=I~90t33G{;=#;?o51AieHe=lJ9W<|#L$#*)iQ?^t?jnsKhi_trkdj94vYrjm+OG;TR19_1z{+mDg^k?$w*LsNCf?E(m>T^`W4o3}X z-R}RCGKX@Kv!I^vOH>uc$*$!~<+A92;wvRcUX7GPCr)j&-nJl5*g^@`+5uUgMTurk z^|@ojqL^0M9M)%4<-w!?BhirX!Y08N^2vy=@wagU3Pk|DwiP`PY3y=!;zUM9y_|;k zi&|4qsn$>f{kN2Hb=?;0^4T$922dETTFj1&0ql2)%^|LhGnv|rOY5enNr3;U>ro45aX;@7dwIn5nksmki>)TqH`j%v)o%A zs8;T+s}uw_uWdblb#KdeQr<)GpdxZmbrm#F5oA-_=4VtxI7FR#<6hnS*5>7S{RtTe z`Hia$tRD`VK*D41+V*aDj?3E-YNE?ZZ;T`&+kTao+kb*Jwm-?K?L>ZSL-EerxC2c5U-kv{(s&R7%ZhJE6|g z)+-CJ3_@fJocO?f!T*{$rg6eD_qQ)?UA=U4b?fj9mpZGQ&u(vDQ)|xpQ~}2+>}?%f zks$3HZtrg%?r@Bntt(->x#{~}HlY#kyU^EL5_CBZQy!@`=s^{W8Ot!NL2jec47Sfo zl#niwZt5dNr|)8f#-O8MSzc)IH^jp1ui|19n>)LSgPm_ffz?6OXI289FZl1DynOkO zwx8!9Z6j-hzG9$I;wfq&SDxG2e-`r*u@W#=mo-R*uv1cgr7FTdAV_@&YPA)<>N>-w zrg-9amHff^97gn&Y9ka{C_Tx^UNPjzKFTD@oj5wFa0e&VQndPawCVNu@}*`bG5wr1vSZ{}4*Bc{I%3!%CJ;C0 z;NaSo{Vf~hQ3xQ1@Yk(-gii_D?C=+z6xmgI_~qN zz%-ewnn|#Cb?d3^tAj`#96iOYPlwwIU8X#tg98hHC9lw_k{NLxMSY4fkc<`+mUvwI zdwYk5W|a4t-L1o;{g1+w9Bl9J;HQ3jd$W3xK$w9!`DhqZlxS5UJm5_QYdU==D=5w~33Wr-)Yj6MLDJ0@)&XDUt)YHe| z6|YZ{P6SxB$xn4>gbVA*6H?anW=%m^{^NyQ$VAohk*(=Ma@Q`FX3d(8vki>{Np?<7 zY}kBZzy9^bGLg=qp2cLOiYC!;N?s4IZ0pi>SjwLsZSOz-TV9Yu+EIc+0YLVmmiPxJpw@Kr zo~wF^ohRxOgRKZA}l^Zd!)(f;n%RS)kVhfs3=>h{(*af-Ju@j@S*HzxOA z%a0DXo=NM`%08r+b7sNW9nq??D>5QU{|tTK^rkD6s~|<>zO=Xd^v*MLD*(YRV*d}f zE^i%fRfO2PcDO0z@Ec)t4CEkv*?6bxtS;a(InH?dkprAKUY3}CAOM-FRi3$+7JpBI zFfm|nyE3alwK#$$z7!eY8<{~4L6pC^)O1s!O?g=qq0G467QW&T{lT&1Foz2)Z@jrR z$?qE#;yQ3t$${`V-v6Rppz;}VJgZixiT%W9x(p=t6SeF?je@Ca+Xb2H zBzGQPZ0$d@w|jBtLjDWKQJiDADCb>u@(&cyvs>1z8|qXbSN!I<-x)Oa?&$Dt)K3W* z0fbC-Jx?h)*kNH%K2mMsW{}c_;~HN|DWqzE&#K&#tL|el&BV+@kQ5n+{PVI3CL0ob z$|U|*K2T*sH^`YGqri3&0jckk&4^ctk(0?#*x~5!+)4(5>#8^+mHRJnDc&1))0->* z+MWC&(Ua?O``agAyW#Zynrw1GpkWZpS*gKHBq~MdkSA$Emy7(AWvlirAy*2cbX0`w z(D%~tC<{ieZ;d_e5KAcj`ZP7;)I>|rq@wL|yJYXIv=!;8E~TsSawn>L7|4}G5z<|U z+8QV<%|KU40QgK+Xwjq=u!0y}%t#=`MUE^)G2iC7&3}Ec(EoE|*h3rj$LId#(O7CB zJQeF`X#Ng7(2*_Hsz!O<-=zAw7$it@O+HJ?9qM1QFX?X3Sw_O{t#q6n~_59G|hG9juvxeC~u50T_5HB zfr0b^qbS0n8VC#YixHY}V5*Qa z!}g;I$1g+eTf~6|IPQs?Scc%W1UA$$q053@sSBt!O1-OsO@QUY<28u&F$22^fGD(% z7j;9K5D7Y}+7+kNFzeJnkt|HtgXp-p*~Zvvh)mWm-IF0;5E6Yrs##sx33QYflW}O< z4pSSzggpFO@2=7MWtZG5FsY3mzb7(CaxLv}I^&z10JT1g=jo)Rz8Y&FBnkdc`Qyf` zNd%L(`oa*y(5=So(}s&@u010cER_d8e*8BaLjCW@fAtL-T>k3#e;xnb@k>uE{&RH_ zfFG0MS5o>9HW&Zr`v0(&!xf7|kSVm3+3uz{{_-vIsp|-%FHZtqxiYy@uS3J>Er{qs zbtFP)$Y6R&d5c8w>ATSOEl*#LnvPTz+=0x>KDsqLd{kpv)uVz%&}G$+vz-{tbHnIYwW}g1Bw@Y9)wOeqv+p&N5YdJ4~1C4 zL|vpv_|*;=NMhGH9a*>F|H*-Bs6%s8_t`RGx2JNY>B|rkMH3`9w^*z<-prCtKjI3+ zT%RQ%_NyqwPy?-@E1Ah$tqDXD^nqt8$=Hu>v`@Z<%-VcQ$0wFgh=_-6Ru^&QjE$#E zYmr{zCm@IVH9FZbI>@2i7AAfv1wn`=t53H}A+;!rP6VXh^X#F^D*IG?c#rb(M4Wf@ zb0J^#&S}{_el07eauuyY#HjOxl4SXgwcK!qri9-UyTC^R0U3nuKn2IOE0TVnZ|K3pR9IF{7BeSQQ=z9DMcwuzE9Rbj+Mfa{eJR_o@}(&5l#Sux2Z zPHC8BubFw68tLoM`X%PSdHnkCY#iT)HszRxOxO4b3dT>u zyRUb|+Ui0r+daDhse8EEInsu$nk<8-2Z~iE9GlHbE{gM_M$aabV!>K=($MqfFw@u5 zvkrUFt(wRYmPW9qr3VHxgQm*t3p;AcBSfpT?UjQmmbDa?NwMrjZ2~HOYZg+!%HgMt z<2O-@d^06`UFQ`FWrp*Yu58l=bM)MWlpMUU%j=tw@K>;EiPJO!NvmCvo<%sHhP;V* z2#D$y=fB$RQjLF(B1WI9(L-p$pqQHCRYDBCxcn!kxOg5N*6Jw5Avb^+)p7!4>0WvR zF&hL>5I0E*c9JyFiLXFHPC-tW1ra+zG=brFymM)Tng}QRi0P~As>6Y-Q;Oa2{N#~? zLS|9Q>g6-V%M=2)!SsBrw^$D;ZkkCGe+qgO^?8BBHSap9yoZ@4x|MWvLbiHy_Toaw zWSFB9TajLCRVC=Ql|v2|@5&$PKXPD-g;o}}GRZTvu;PsUzy8(F&2aNu&SjI{gqD=? zLfdhzL6dj3$hb@hxWZ`mL#EC4#xm|&K@k-iDIt_p84L>b3%^`Pj`>N`iYKmQwGzeE zUazj7X@6I5(ZTin(sf}4m@QEFUbyooVcE=>T|OqyczN}K+v z*=V4?vu|E{GGwo_&CfjfDZPGAckVs?{QS@-Y@<&>RY0Vd1a$z01FndmV#|67M@|XW z+I9x(DW+i+$eSS-W2C&GQ6-U~w{Jsndm$C{k7L@|+{-zDt@%1jv_AbpOHUP7mYDLm{nKq6QQ3Nm zZe$X``#ZbQeqfKAjf7WSB?Z#WmJF=}Co(mb2IXk3Gm*2k&;=FBxqap)lrpt6PR>=O z2t-q~i6dFB&S@<9c3tsM1if*5TXJM=j@Qn$UrO8K9vX}Dm(?@N5iH+s%+JQK$7rS_m>i{r_%i_YUG z33HD)s$Iv;)cs8qQ=oc~D75_AgC*pz^vEs%{Fh-#w~DLwF<-J_-;Vgu2T@1>RX;2d zn}7IZ!icPB_BdB0#StFa(8B_qH07sn9RHXa$(uxhxB1^I`oM)wdG|CX~`S8i@IV1hn9Fx+y5zKpV%6P#>*eliWJ>l+kT3H@~e0GS%L z{2KpaTfsLv=XAP(Ell<$Au){0MI7PM+Y|k+M0ZI5&x^%^_c=LeSRh3#yvN@+iJ3KA z7SfrpF>ElPoLv=wTJ;aX2x01wXUXSkr&|#uH8a@rB|AjDak6jZ(fT?2NJuLzL@uBm z*$)zD%f@-jzspEyf$v}cB@;PZ09N*C1(`t;px3Jvuet{Hy?_MC^&p`R6r3F3W1(U? zLAy-EiFAzlB;pmF2|N?0mHS2IR5s8X>iC)sQ$-(_cH$JOW&a(8d$zoYr{v$B3Xnb= z*M{?dW=6~O>Xr##R3lB3Tbm+9y+H8+9#)P%ThQbPq8K5IA#bR$N{ZDi83=wDdNW$k z@q5)z>)i;Dbg8vX%gkOdV#og=OBQ8vVa|7TuZC0@{tGrDL4!o3UV^YvDc@YS;w-a9-i@O-*EP}f|1-;E35=>-mJO?ICaaz=5C-1R8j<0>^dUVv~$239E<{-w5(O$*8z zMLCwL^bp)gJ|Aq9p#7rOZ67pZz8g9U-Kv#+W3j8*$^lNmsC??RJ)SNMD~zT$ucz~Y#jfL zy`TPiQ>GTGYmevoQ=%@u2m3gowRh=Jr%U!A+27v(;r;L9*f(Zix($ZWHbS19)EiJ{ zg7E%c%?A)hdAT5tFiH$D{eXCtqNRtkZ&S5x(YjNlBk&62A?d-$e2)>y9FDJMWUaw9 zfq2Zy82@j)UzKGlo?_L?s!P%Y*ly`U#V3?b&voqUhIw@9jOU(GYijQEXqQ$`f_ZR1NK5u*X za<>BbULabI{k!go55ifjQg@t`+nE#38Ql$&BB>x;NCya8(74h`xF9zt5*Yp3)Zo?1 ztDyb>*5lR+gGQ+MCLd7oZz7AO{UES;Gh^f^_pm<8UfEa0P2%#m5B+Am@wc>Nc z2e1sy%PmEWrKNi7V+R@Yt!3gzH~!yhG?}Z%GF%iRoP>Gc@x`)~FU)n`sboFCMwUFf zOeDN2`8*(9_I0M~f)F13_iPQcOlLuW1XNyM49*}CueNt`z~y;#M-B$^NDyB^D zTNVW$Ip#AO&O5He9?rkZ$@C!#Qf`hH z1Y(NPWNXvP2VqIk9xI&^q|&rsp)(HO9A?_u$^1^}&L?qG`sbef$|sYkO;^Ey=_DM1 z-;gSw~^wTo*Y+8KEC*)@p4h*;~sftQqyDO}Ph6*y7c7Th*K(m_U z-{$7lrNbRgOz&_|^WPB@E7j%zvckv}MG6HW=p?aHcZnJcq+{>Cf5mEx3` zF6@oao4lZyfq;Puc7`Xg0-XQm@6R3imDC^M!h`B^*{Y@UF9qIZ+3Jc^|lXDRxKox9W#^`X0Wn^4~*;qib)mUV$~hDx+-~WypqqMwq6yG$<6jte2e7MDb8B9s&1)B?QQHq{?%8X z{L*K?@*kHE(ph6ptD#M+kHbzJoC(mX1b#X-y3R=1LAOBV=hYjv#$qP?3R0}XF%VC( zngK&6r3qg839p|1txIksI3g2;#)Pna61;c%cC;5ol=Yt zpsetvH;;NH=0tG}=1JJScSVBDEh;e?P;x*p@r_H@j=m8dYT9FNt3LDDj-GmM=kOa( z@9#Yq6KZN=%)ruNR)Wl?7v$-K=XWnXpsJ#miYnF0>OQ~_qHJ97 zZOt+x|4KH~=mQF|iWFj&v<>vBvYs{cDEj&V6uG6f8b9?$?Uxn4O+m6aQLoE1Bh8>- zXuA7ob5A9+Nz_xwuXwXi@&0%52~K=Egc;z6d?_E6oFAT6Bq+M3)(|Ba6prYW86LXM zZO8Wgg{1^r8y_qBER6spVzfg)>+Q&_-cWXi?901i9P!_~Y8a?y%;&_D<~BQvV7N$+ z24?H2<%uPeaw(TNAK%TT*t|H0W@&NBGk_ssy4caT<5$+%_pG?Q{o?M_-I z)4XXy3_UQW|G3f0S(^ICvA1DeNbU4%6TFDNup*s1aFA3bQ8aN{8swgf8*~zCSv;O@sA(Z{@PfiR><)2$(-_`91)j=k(f{`C9G7A zRw~enJU9xXuw7NcwxZyu7{3%*g)D$l2k5Gwg9juNmoC05_JaViH?3S~fZru)H+%Rm zvJD1^W+*_~g%V2SJ3jPDb*McwKil{_t4<9|-KrT1ZPqy*t*s3jkX?rP#_&4P95j#& zpa8>)2DTApTN7na^_t97fUBPqim*~lq!h6l0ZHVC=*xnd3ZW8N z%99+KhA0ODc)l9z;gcn5lOHnprA*x z@2E9dB-AG0XkE3(sPlSf{#bm)P;u>x)fWmEt1)t!#9ya5nPTvpFuRkRzC@176?LeD zb}Ar6E+6^65)JKf8b9iMjDQ z>%aHJ2BSo<>52f;~N$}Ml~fHu7PA-kq+(K@NhW^fonIF{pn?jVu^&w zdKp!H#FmKHz*WAf&me`SvzJFft%>qpT=r<@JRXFAP4Ur8O4^rdA{&w;);9E?xc?=@ zm~SgdGweZPSD{2$cT*hS+hC%Tg+4>r$FWQTJq|6=OEQ1IXRr|1^M51DR9vE@4J zTS5HKeu3gr?l4V~n}Ql26qvN}%cdYx-TlT}CpOIawa3iPL4+%DSof4e%`Gowx{Y5l z-15m_>hhMt@fD>-&I=|e+Ljq0Bt^M|gO%0eQ;B%?5jtXWZ)45hC&VZF=be1;2(X_t z2~po*fzp()A{;T=z|6mp{)0F=PBbLI=cH16%u`ru5hc6_yb^h`{GsKCPt+!AHV7V+ zL}4oLn&%=%Is;G4An)?yOiF$hOQ%^=O4lA<=?SS)xI!Fxpf3jWB;eMj&_2hRL@>Zy zxIuOfIwZ~@+HHZd5Of}jqiq)fDyzMsrPBj@_m!b}S!3H_?v!Hj5c!sXY>G8^HsA!T zOR#Erl+?wV(|u9F^$488qJU?yDKZBZrf77R+aw2+A5E1qX;K_2;zObGuOQ*(lC<3 zh@-v3jvp1#Vot)?Su<8ppNIwjT7`w68cRXxoXAYPN-}2-FxABV@JUK!hCVe-A`HrK z3c^yxnh7V{>+Mb$(&qmxE-bTx&GM7fs~q_Oh2b9$R1nf+cks>=fK<lJr0v zBDo$S4HXb?BKz3M<4q=|MA$z{Kvnzs6Tf2 z@ZW#(OP~Mj=l}3=L-NH%er?FYH=|s-vbFon_T|Ol-s0Tispolt2I2hZ333j8mk4)@ zZ*MJm?9-MA3tsASa9F0DuRj-+TOvA-xAC3zN#CSb}sp4nv18mxC`4GsDJXA_!PQ9l*@}ReR<(`x2Em6 zePi?!=2k6$cXd|3eq^Km)wQji{YCY=G-UmwZ!ySr{hMLtM+U~VEIXfA`>+^8N#gn7 z4Da~(CcDs$FG)7iW4wLlh<6(1A79;}FuQ#j!Kl~Drt^)UAs2e9E|U#mc;lm-GPaEb^8F3N0$~)ANfUq zdgVtj~#I$EKW41Q3+m*#hdbif3Zxv@?ur83-GmNWbxLY5@ zaV%ej`zC7|UDtvUQ%Ojf1{Lb7{f#QYcA7Bc@)aCMbS)*R=W#U)T|PeTnn_1SzEnQR zV^sRq*g)=@je=9o1*c3m?!8afgy&hA2t4D(-Z1{coY~7V?a=dbsx;kKL)WH?9wb-OKsiRjCMnJEbAT{kkuR&_(^d4ojW> zYDROgBA2)5-`;1`4u=^BvjVFo@c}RfcfL{6doV(g92)HFdk~ z_-n~L%4*~f^O3Yb&&7~Z039XdkCgX%TOKPEh}Zute1@VL!_qk!;rKnf0mpCfpn69r zPmUrB)I;Uah=rI;T`?3aEGhbwm_ln&MC!ZaD_utgA%Csyy-W!;#DTHMWe>%MMX5-u zEsqx^?tiGu>QRWru=r+=SRTJk2%4lDVl81*By;nTx}nW7;o;C4-E6Tp>WV50A6A#d z*We(5Wk@{xK+;BmVqjkB;px2KLXt_-UOa6f9Z5XO3ZPjD$ne5B?BAGXZ0;5-f7cZX za=MTvRVEvOhj3j7%XZ;i&7+$}Nk6fVa<;RQ$j0p&ufYYdH`qy)Z+19nnuLK{+EJ0N se5tr9FRg%, 2007. +# Eugene Roskin , 2016. +# Yuri Kozlov , 2018, 2019, 2020. +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" +"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-21 07:25+0300\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Launchpad-Export-Date: 2018-12-03 15:52+0000\n" +"X-Generator: Lokalize 2.0\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Не удалось инициализировать device-mapper, выполняется без прав суперпользователя." + +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Не удалось инициализировать device-mapper. Загружен ли модуль ядра dm_mod?" + +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Запрошенный флаг отсрочки не поддерживается." + +#: lib/libdevmapper.c:1198 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "У устройства %s был обрезан DM-UUID." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Неизвестный тип цели dm." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Запрошенные параметры производительности dm-crypt не поддерживаются." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Запрошенные параметры обработки повреждённых данных dm-verify не поддерживаются." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Запрошенные параметры FEC dm-verify не поддерживаются." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Запрошенные параметры целостности данных не поддерживаются." + +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Запрошенный параметр sector_size не поддерживается." + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Запрошенный автоматический пересчёт тегов целостности не поддерживается." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Discard/TRIM не поддерживается." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Запрошенный режим битовой карты dm-integrity не поддерживается." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Ошибка при запросе сегмента dm-%s." + +#: lib/random.c:75 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" +"При генерации ключа тома в системе закончились данные энтропии.\n" +"Подвигайте мышь или наберите любой текст в другом окне, чтобы возникли случайные события.\n" + +#: lib/random.c:79 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "Генерация ключа (выполнена на %d%%).\n" + +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Выполнение в режиме FIPS." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "При инициализации RNG возникла критическая ошибка." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Запрошено неизвестное качество RNG." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Ошибка чтения из RNG." + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Невозможно инициализировать внутренний интерфейс crypto RNG." + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Невозможно инициализировать внутренний интерфейс crypto." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Алгоритм хэширования %s не поддерживается." + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Ошибка обработки ключа (используется хэш %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Невозможно определить тип устройства. Несовместимая активация устройства?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Эта операция поддерживается только для устройства LUKS." + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Эта операция поддерживается только для устройства LUKS2." + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Заполнены все слоты ключей." + +#: lib/setup.c:434 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Некорректный слот ключа %d, укажите значение между 0 и %d." + +#: lib/setup.c:440 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "Слот ключа %d заполнен, выберите другой." + +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "Размер устройства не выровнен к размеру логического блока устройства." + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Обнаружен заголовок, но устройство %s слишком маленькое." + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Эта операция не поддерживается для этого типа устройств." + +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Недопустимая операция во время работы перешифрования." + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "Неподдерживаемая версия LUKS %d." + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Отсоединение устройства метаданных не поддерживается для этого типа crypt." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, c-format +msgid "Device %s is not active." +msgstr "Устройство %s не активно." + +#: lib/setup.c:1444 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "Исчезло нижележащее устройство у устройства crypt %s." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Неверные параметры plain crypt." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Неверный размер ключа." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "Для данного типа crypt UUID не поддерживается." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Неподдерживаемый размер сектора шифрования." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Размер устройства не выровнен к запрошенному размеру сектора." + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Невозможно отформатировать LUKS без устройства." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Запрошенный тип выравнивания данных не совместим со смещением данных." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: смещение данных находится за пределами доступного в данный момент устройства данных.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "невозможно затереть заголовок на устройстве %s." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: Активация устройства завершится ошибкой, так как отсутствует поддержка dm-crypt для запрошенного размера сектора шифрования.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Ключ тома слишком мал для шифрования с целостными расширениями." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Шифр %s-%s (размер ключа %zd бит) недоступен." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: размер метаданных LUKS2 изменился и стал % байт.\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: размер слотов ключа LUKS2 изменился и стал % байт.\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "Устройство %s слишком маленькое." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Невозможно отформатировать устройство %s, которое используется." + +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Невозможно отформатировать устройство %s, недостаточно прав." + +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Невозможно отформатировать целостность для устройства %s." + +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "Невозможно отформатировать устройство %s." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Невозможно отформатировать LOOPAES без устройства." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Невозможно отформатировать VERITY без устройства." + +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "Неподдерживаемый тип хэша %d для VERITY." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Неподдерживаемый размер блока для VERITY." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Неподдерживаемое смещение хэша для VERITY." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Неподдерживаемое смещение FEC для VERITY." + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Область данных перекрывает области хэша." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Область хэша перекрывает область FEC." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Область данных перекрывает область FEC." + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: запрошенный размер тега в %d байт отличается от выходного размера %s (%d байт).\n" + +#: lib/setup.c:2286 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "Запрошен неизвестный тип устройства crypt %s." + +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, c-format +msgid "Unsupported parameters on device %s." +msgstr "Неподдерживаемые параметры для устройства %s." + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Несовпадение параметров для устройства %s." + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Несоответствие устройств crypt." + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "Ошибка при перезагрузке устройства %s." + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, c-format +msgid "Failed to suspend device %s." +msgstr "Ошибка при приостановке устройства %s." + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Ошибка при возобновлении работы устройства %s." + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Критическая ошибка при перезагрузке устройства %s (поверх устройства %s)." + +#: lib/setup.c:2735 lib/setup.c:2737 +#, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Ошибка при переключении устройства %s на dm-error." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Невозможно изменить размер закольцованного (loop) устройства." + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "Вы действительно хотите изменить UUID устройства?" + +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Файл резервного заголовка не содержит заголовка совместимого с LUKS." + +#: lib/setup.c:3058 +#, c-format +msgid "Volume %s is not active." +msgstr "Том %s не активен." + +#: lib/setup.c:3069 +#, c-format +msgid "Volume %s is already suspended." +msgstr "Том %s уже приостановлен." + +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "Приостановка не поддерживается устройством %s." + +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "Ошибка во время приостановки устройства %s." + +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "Том %s не приостановлен." + +#: lib/setup.c:3146 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "Возобновление не поддерживается устройством %s." + +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "Ошибка во время возобновления устройства %s." + +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Ключ тома не подходит к тому." + +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Невозможно добавить слот ключа, все слоты отключены и не предоставлен ключ тома." + +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Ошибка при переключении на новый слот ключа." + +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Некорректный слот ключа %d." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Слот ключа %d не активен." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Заголовок устройства перекрывает область данных." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Выполняется перешифрование. Невозможно активировать устройство." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Ошибка при получении блокировки перешифрования." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "Ошибка восстановления перешифрования LUKS2." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Тип устройства инициализирован неправильно." + +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Невозможно использовать устройство %s, некорректное имя или оно всё ещё используется." + +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "Устройство %s уже существует." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Для устройства plain указан некорректный ключ тома." + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Некорректный корневой хэш для указанного устройства verity." + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Требуется подпись корневого хэша." + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Отсутствует связка ключей ядра: требуется для передачи подписи в ядро." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Ошибка при загрузке ключа в связку ключей ядра." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Устройство %s всё ещё используется." + +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "Неверное устройство %s." + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Буфер ключа тома слишком мал." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Невозможно получить ключ тома для устройства plain." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "Невозможно получить корневой хэш для устройства verity." + +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Эта операция не поддерживается для устройства crypt %s." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Операция дампа не поддерживается для устройства этого типа." + +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "Смещение данных не кратно %u байтам." + +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Невозможно преобразовать устройство %s, которое всё ещё используется." + +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Ошибка при назначении слота ключа %u в качестве нового ключа тома." + +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Ошибка при инициализации параметров слота ключа по умолчанию LUKS2." + +#: lib/setup.c:5851 +#, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Ошибка при назначении слота ключа %d дайджесту." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Связка ключей ядра не поддерживается ядром." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Не удалось прочитать парольную фразу из связки ключей (ошибка %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Не удалось захватить глобальную блокировку сериализации доступа на скорости памяти (memory-hard)." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Невозможно получить приоритет процесса." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Невозможно разблокировать память." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Не удалось открыть файл ключа." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Невозможно прочитать файл ключа с терминала." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Не удалось выполнить stat для файла ключа." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Невозможно переместиться по запрошенному смещению в файле ключа." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Не хватило памяти при чтении парольной фразы." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Ошибка чтения парольной фразы." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Нет ничего для чтения со стандартного ввода." + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Превышен максимальный размер файла ключа." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "невозможно прочитать запрошенное количество данных." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "Устройство %s не существует или отказано в доступе." + +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Устройство %s несовместимо." + +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Устройство %s слишком маленькое. Требуется не менее % байт." + +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Невозможно использовать устройство %s, которое используется (отображено или примонтировано)." + +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Невозможно использовать устройство %s, недостаточно прав." + +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Невозможно получить информацию об устройстве %s." + +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Невозможно использовать закольцованное устройство, выполняется без прав суперпользователя." + +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Ошибка при присоединении закольцованного устройства (требуется закольцованное устройство с флагом autoclear)." + +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Запрошенный размер вне реального размера устройства %s." + +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Устройство %s имеет нулевой размер." + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Запрошенное время цели PBKDF не может быть нулевым." + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Неизвестный тип PBKDF %s." + +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Запрошенный хэш %s не поддерживается." + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Запрошенный тип PBKDF %s не поддерживается в LUKS1." + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Максимальный размер памяти PBKDF и количество параллельных нитей нельзя задавать вместе с pbkdf2." + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Навязанный счётчик итераций слишком мал для %s (минимальное значение равно %u)." + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Навязанная стоимость памяти слишком мала для %s (минимальное значение равно %u килобайт)." + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Запрошенная максимальная стоимость памяти PBKDF слишком высока (максимальное значение равно %d килобайт)." + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Запрошенная максимальная стоимость памяти PBKDF не может быть равна нулю." + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Запрошенное количество параллельных нитей PBKDF не может быть нулевым." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "В режиме FIPS поддерживается только PBKDF2." + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Оценка производительности PBKDF выключена, но не задано количество итераций." + +#: lib/utils_benchmark.c:191 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Несовместимые параметры PBKDF2 (используется алгоритм хэширования %s)." + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Несовместимые параметры PBKDF." + +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Блокировка прервана. Путь блокировки %s/%s использовать невозможно (не является каталогом или отсутствует)." + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: Каталог блокировки %s/%s отсутствует!\n" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Блокировка прервана. Путь блокировки %s/%s использовать невозможно (%s не является каталогом)." + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Невозможно перемещаться по устройству." + +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "Ошибка затирания устройства, смещение %." + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Ошибка при настройке отображения ключей dm-crypt для устройства %s.\n" +"Убедитесь, что ядро поддерживает шифр %s (подробности смотрите в syslog)." + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Размер ключа в режиме XTS должен быть 256 или 512 бит." + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Шифр должен указываться в формате [шифр]-[режим]-[iv]." + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Невозможно записать на устройство %s, недостаточно прав." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Не удалось открыть временное устройство keystore." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Не удалось получить доступ к временному устройству keystore." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Ошибка ввода-вывода при шифровании слота ключа." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Невозможно открыть устройство %s." + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Ошибка ввода-вывода при расшифровке слота ключа." + +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Устройство %s слишком маленькое (для LUKS1 требуется не менее % байт)." + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "Некорректный слот ключа LUKS %u." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Устройство %s не является корректным устройством LUKS." + +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "Запрошенный файл резервного заголовка %s уже существует." + +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "Невозможно создать файл резервного заголовка %s." + +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "Невозможно записать файл резервного заголовка %s." + +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Резервный файл не содержит корректный заголовок LUKS." + +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "Невозможно открыть файл резервного заголовка %s." + +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "Невозможно прочитать файл резервного заголовка %s." + +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Смещение данных или размер ключа различаются на устройстве и в резервной копии, восстановление невозможно." + +#: lib/luks1/keymanage.c:325 +#, c-format +msgid "Device %s %s%s" +msgstr "Устройство %s %s%s" + +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "не содержит заголовка LUKS. Замена заголовка может уничтожить данные на этом устройстве." + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "уже содержит заголовок LUKS. Замена заголовка уничтожит существующие слоты ключей." + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"ПРЕДУПРЕЖДЕНИЕ: заголовок устройства и резервная копия содержат разные UUID!" + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Нестандартный размер ключа, требуется исправление вручную." + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Нестандартное выравнивание слотов ключей, требуется исправление вручную." + +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Исправление слотов ключей." + +#: lib/luks1/keymanage.c:409 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Слот ключа %i: исправлено смещение (%u -> %u)." + +#: lib/luks1/keymanage.c:417 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Слот ключа %i: исправлены полосы (%u -> %u)." + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "Слот ключа %i: фиктивная подпись раздела." + +#: lib/luks1/keymanage.c:431 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "Слот ключа %i: соль затёрта." + +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Запись заголовка LUKS на диск." + +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Ошибка при исправлении." + +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "Запрошенный хэш LUKS %s не поддерживается." + +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Известных неполадок в заголовке LUKS не обнаружено." + +#: lib/luks1/keymanage.c:660 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "Ошибка при обновлении заголовка LUKS на устройстве %s." + +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Ошибка при повторном считывании заголовка LUKS после обновления на устройстве %s." + +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Смещение данных заголовка LUKS должно быть равно 0 или быть больше размера заголовка." + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Указан неправильный формат LUKS UUID." + +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Невозможно создать заголовок LUKS: ошибка при чтении случайной соли." + +#: lib/luks1/keymanage.c:804 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Невозможно создать заголовок LUKS: ошибка подсчёта дайджеста заголовка (используйте хэш %s)." + +#: lib/luks1/keymanage.c:848 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "Активен слот ключа %d, сначала нужна вычистка." + +#: lib/luks1/keymanage.c:854 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Данный слота ключа %d содержат несколько полос. Подделка заголовка?" + +#: lib/luks1/keymanage.c:990 +#, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Невозможно открыть слот ключа (используется хэш %s)." + +#: lib/luks1/keymanage.c:1066 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Некорректный слот ключа %d, значение слота ключа должно быть между 0 и %d." + +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, c-format +msgid "Cannot wipe device %s." +msgstr "Невозможно затереть устройство %s." + +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Обнаружен пока не поддерживаемый зашифрованный файл ключа GPG." + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "Используйте gpg --decrypt <ФАЙЛ_КЛЮЧА> | cryptsetup --keyfile=- …\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "Обнаружен несовместимый файл ключа loop-AES." + +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Ядро не поддерживает совместимое отображение loop-AES." + +#: lib/tcrypt/tcrypt.c:504 +#, c-format +msgid "Error reading keyfile %s." +msgstr "Ошибка при чтении файла ключа %s." + +#: lib/tcrypt/tcrypt.c:554 +#, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Превышена максимальная длина парольной фразы TCRYPT (%zu)." + +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "Алгоритм хэширования PBKDF2 %s недоступен, пропускается." + +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Требуемый интерфейс ядра crypto недоступен." + +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Убедитесь, что загружен ядерный модуль algif_skcipher." + +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "Активация не поддерживается при размере сектора %d." + +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Ядро не поддерживает активацию для данного устаревшего режима TCRYPT." + +#: lib/tcrypt/tcrypt.c:793 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Активируется система шифрования TCRYPT для раздела %s." + +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Ядро не поддерживает совместимое отображение TCRYPT." + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "эта функция не поддерживается без загрузки заголовка TCRYPT." + +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "При анализе поддерживаемого главного ключа тома обнаружен неожиданный тип элемента метаданных «%u»." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "При анализе поддерживаемого главного ключа тома обнаружена некорректная строка." + +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "При анализе поддерживаемого главного ключа тома обнаружена неожиданная строка («%s»)." + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "При анализе поддерживаемого главного ключа тома обнаружено неожиданное значение элемента метаданных «%u»." + +#: lib/bitlk/bitlk.c:479 +#, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Ошибка чтения подписи BITLK из %s." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "BITLK версии 1 пока не поддерживается." + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Некорректная или неизвестная подпись загрузчика устройства BITLK." + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Некорректная или неизвестная подпись устройства BITLK." + +#: lib/bitlk/bitlk.c:510 +#, c-format +msgid "Unsupported sector size %." +msgstr "Неподдерживаемый размер сектора %." + +#: lib/bitlk/bitlk.c:518 +#, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Ошибка чтения заголовка BITLK из %s." + +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Ошибка чтения метаданных BITLK FVE из %s." + +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Неизвестный или неподдерживаемый тип шифрования." + +#: lib/bitlk/bitlk.c:627 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Ошибка чтения элементов метаданных BITLK из %s." + +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Эта операция не поддерживается." + +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Неверный размер ключа." + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Данное устройство BITLK находится в неподдерживаемом состоянии и не может быть включено." + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "Устройства BITLK с типом «%s» не могут быть включены." + +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Активация частично расширенного устройства BITLK не поддерживается." + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка BITLK IV." + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка BITLK Elephant diffuser." + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Устройство verity %s не использует заголовок на диске." + +#: lib/verity/verity.c:90 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Устройство %s не является корректным устройством VERITY." + +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Неподдерживаемая версия VERITY %d." + +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Повреждён заголовок VERITY." + +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Указан неправильный формат VERITY UUID на устройстве %s." + +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Ошибка при обновлении заголовка verity на устройстве %s." + +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "Проверка подписи корневого хэша не поддерживается." + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Невозможно исправить ошибки с устройством FEC." + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Найдено %u исправимых ошибок с устройством FEC." + +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "Ядро не поддерживает отображение dm-verity." + +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "Ядро не поддерживает параметр подписи dm-verity." + +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "После активации обнаружено повреждение устройства verity." + +#: lib/verity/verity_hash.c:59 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "Резервная область не заполнена нулями по адресу %." + +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Переполнение смещения устройства." + +#: lib/verity/verity_hash.c:203 +#, c-format +msgid "Verification failed at position %." +msgstr "Ошибка при проверке по адресу %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Неправильный размер параметров для устройства verity." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Переполнение области хэша." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Ошибка при сверке области данных." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Ошибка при сверке корневого хэша." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Ошибка ввода-вывода при создании области хэша." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Ошибка при создании области хэша." + +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "ПРЕДУПРЕЖДЕНИЕ: ядро не сможет активировать устройство, если размер блока данных превышает размер страницы (%u)." + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Ошибка при выделении контекста RS." + +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Ошибка при выделении буфера." + +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Не удалось прочитать блок RS %, байт %d." + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Не удалось прочитать чётность для блока RS %." + +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Не удалось исправить чётность для блока %." + +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Не удалось записать чётность для блока RS %." + +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Для FEC размеры блока должны совпадать." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Неверное количество байт чётности." + +#: lib/verity/verity_fec.c:265 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "Не удалось определить размер устройства %s." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Ядро не поддерживает отображение dm-integrity." + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Ядро не поддерживает выравнивание фиксированных метаданных dm-integrity." + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Не удалось захватить блокировку на запись на устройстве %s." + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Обнаружена попытка одновременного обновления метаданных LUKS2. Отмена операции." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"Устройство содержит двусмысленные подписи, невозможно провести автоматическое\n" +"восстановление LUKS2. Для восстановления запустите «cryptsetup repair»." + +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Запрошенное смещение данных слишком мало." + +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: очень маленькая область слотов ключа (% байт), количество доступных слотов ключа LUKS2 очень ограничено.\n" + +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Не удалось захватить блокировку устройства %s на чтение." + +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "В резервной копии %s обнаружены запрещённые требования LUKS2." + +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Смещение данных различается на устройстве и в резервной копии, восстановление невозможно." + +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Двоичный заголовок с областями слота ключа различается на устройстве и в резервной копии, восстановление невозможно." + +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "Устройство %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "не содержит заголовка LUKS2. Замена заголовка может уничтожить данные на этом устройстве." + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "уже содержит заголовок LUKS2. Замена заголовка уничтожит существующие слоты ключей." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" +"\n" +"ПРЕДУПРЕЖДЕНИЕ: обнаружены неизвестные требования LUKS2 в заголовке\n" +"действующего устройства! Замена заголовка из резервной копии может повредить\n" +"данные на этом устройстве!" + +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"ПРЕДУПРЕЖДЕНИЕ: на устройстве обнаружено незаконченное внесистемное (offline)\n" +"перешифрование! Замена заголовка из резервной копии может повредить данные." + +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Неизвестный флаг %s игнорируется." + +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Отсутствует ключ для сегмента dm-crypt %u" + +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Ошибка при задании сегмента dm-crypt." + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Ошибка при задании сегмента dm-linear." + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Неподдерживаемые настройки целостности устройства." + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Выполняется перешифрование. Невозможно деактивировать устройство." + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Не удалось заменить приостановленное устройство %s на цель dm-error." + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Ошибка при чтении требований LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Обнаружены неудовлетворяемые требования LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Операция не совместима с устройством, отмеченным для устаревшего перешифрования. Прерываемся." + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Операция не совместима с устройством, отмеченным для перешифрования LUKS2. Прерываемся." + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Недостаточно памяти для открытия слота ключа." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Ошибка открытия слота ключа." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Невозможно использовать шифр %s-%s для шифрования слота ключа." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Нет места для нового слота ключа." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Невозможно определить состояние устройства с uuid: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Невозможно преобразовать заголовок с дополнительными метаданными LUKSMETA." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Невозможно переместить область слота ключа. Недостаточно места." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Невозможно переместить область слота ключа. Слишком маленькие слоты ключа LUKS2." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Невозможно переместить область слота ключа." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Невозможно преобразовать в формат LUKS1 — размер сектора шифрования сегмента по умолчанию не равно 512 байтам." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Невозможно преобразовать в формат LUKS1 — дайджесты слота ключа несовместимы с LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Невозможно преобразовать в формат LUKS1 — устройство использует шифр %s с обёрточным ключом." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Невозможно преобразовать в формат LUKS1 — заголовок LUKS2 содержит %u токенов." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Невозможно преобразовать в формат LUKS1 — слот ключа %u находится в некорректном состоянии." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Невозможно преобразовать в формат LUKS1 — слот %u (больше максимального количества слотов) всё ещё активен." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Невозможно преобразовать в формат LUKS1 — слот ключа %u несовместим с LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Размер hotzone должен быть кратен вычисленному выравниванию зоны (%zu байт)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Размер устройства должен быть кратен вычисленному выравниванию зоны (%zu байт)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Неподдерживаемый режим устойчивости %s." + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Ошибка при инициализации старой сегментной обёртки хранилища." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Ошибка при инициализации новой сегментной обёртки хранилища." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Ошибка чтения контрольных сумм текущей hotzone." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Не удалось прочитать область hotzone начиная с %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Не удалось расшифровать сектор %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Не удалось восстановить сектор %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Размеры устройств источника и назначения не совпадают. Источник %, назначение: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Ошибка при активации устройства hotzone %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Ошибка при активации оверлейного устройства %s с действительной исходной таблицей." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Ошибка при загрузке нового отображения устройства %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Ошибка при обновлении стека устройств перешифрования." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Ошибка при задании нового размера области слотов ключей." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Сдвиг данные не выровнен к запрошенному размеру сектора шифрования (% байт)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Устройство данных не выровнено к запрошенному размеру сектора шифрования (% байт)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Сдвиг данных (% секторов) меньше чем будущее смещение данных (% секторов)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Ошибка при открытии %s в монопольном режиме (уже отображено или примонтировано)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Устройство не отмечено для перешифрования LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Ошибка при загрузке контекста перешифрования LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Ошибка при получении состояния перешифрования." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Устройство не перешифровывается." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Процесс перешифрования уже запущен." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Ошибка при захвате блокировки перешифрования." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Невозможно продолжить с перешифрованием. Сначала запустите восстановление перешифрования." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "Активный размер устройства и запрошенный размер перешифрования не совпадают." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "В параметрах перешифрования запрошен некорректный размер устройства." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Выполняется перешифрование. Восстановление выполнить невозможно." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "Перешифрование LUKS2 уже инициализировано в метаданных." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Не удалось инициализировать перешифрование LUKS2 в метаданных." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Ошибка при назначении сегментов устройства для следующей hotzone перешифрования." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Ошибка при записи метаданных устойчивости перешифрования." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Не удалось расшифровать." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Не удалось записать область hotzone начиная с %." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Ошибка синхронизации данных." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Ошибка при обновлении метаданных после завершения текущей hotzone перешифрования." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Ошибка при записи метаданных LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Ошибка при затирании резервной копии сегмента данных." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Не удалось выключить флаг требования перешифрования." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Критическая ошибка при перешифровании куска начиная с %, длиной в % секторов." + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Устройство не возобновит работу пока не будет заменено вручную с целью error." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Невозможно продолжить с перешифрованием. Неожиданное состояние перешифрования." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Контекст перешифрования отсутствует или неверен." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Ошибка при инициализации стека устройства перешифрования." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Ошибка при обновлении контекста перешифрования." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Нет свободного слота под токен." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Ошибка при создании встроенного токена %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Невозможно проверить парольную фразу не с входных tty." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Параметры шифрования слота ключа могут задаваться только для устройства LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Обнаружено указание неизвестного шаблона шифра." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: параметр --hash игнорируется в режиме plain с указанным файлом ключа.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: параметр --keyfile-size игнорируется, размер для чтения приравнивается размеру ключа шифрования.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Обнаружены подпись(и) устройства на %s. Продолжение работы может повредить существующие данные." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Операция прервана.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Параметр --key-file является обязательным." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Введите VeraCrypt PIM: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Недопустимое значение PIM: ошибка при разборе." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Недопустимое значение PIM: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Недопустимое значение PIM: вышло за границы диапазона." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "С этой парольной фразой заголовка устройства не обнаружено." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Устройство %s не является корректным устройством BITLK." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Дамп заголовка с ключом тома является секретной информацией,\n" +"обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n" +"Этот дамп следует всегда хранить зашифрованным в надёжном месте." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Устройство %s всё ещё активно и запланировано к отложенному удалению.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Для изменения размера активного устройства требуется ключ тома в связке ключей, но указан параметр --disable-keyring." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Оценка производительности прервана." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s Н/Д\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u итераций в секунду для %zu-битного ключа\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s Н/Д\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u итераций, %5u памяти, %1u параллельных нитей (ЦП) для %zu-битного ключа (запрашивался %u мс)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Результат оценки производительности ненадёжен." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Тесты, использующие практически только память (без ввода-вывода на хранилище).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Алгоритм | Ключ | Шифрование | Расшифровка\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Шифр %s (%i-битный ключ) недоступен." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "" +"# Algorithm | Key | Encryption | Decryption\n" +"# Алгоритм | Ключ | Шифрование | Расшифровка\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "Н/Д" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Кажется, что устройству не требуется восстановление перешифрования.\n" +"Продолжить?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Действительно продолжить восстановление перешифрования LUKS2?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Введите пароль для восстановления перешифрования: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Действительно попробовать восстановить заголовок устройства LUKS?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Затирается устройство для инициализации целостности контрольной суммы.\n" +"Вы можете прервать процесс нажав CTRL+c (остаток незатёртого устройства будет содержать некорректную контрольную сумму).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Невозможно деактивировать временное устройство %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Параметр целостности можно использовать только в формате LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Неподдерживаемый размер параметров метаданных LUKS2." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Невозможно создать файл заголовка %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Обнаружено указание неизвестного шаблона целостности." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Невозможно использовать %s в качестве заголовка для диска." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Данные на %s будут перезаписаны без возможности восстановления." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Ошибка при задании параметров pbkdf." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Сокращение смещения данных допускается только для отсоединённого заголовка LUKS." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Невозможно определить размер ключа тома LUKS без слотов ключа, укажите параметр --key-size." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Устройство активировано, но нельзя сделать флаги постоянными." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Для удаления выбран слот ключа %d." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Это последний слот ключа. Устройство станет неработоспособным после вычистки этого ключа." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Введите любую оставшуюся парольную фразу: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Операция прервана, слот ключа НЕ затёрт.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Введите удаляемую парольную фразу: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Введите новую парольную фразу для слота ключа: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Введите любую существующую парольную фразу: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Введите изменяемую парольную фразу: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Введите новую парольную фразу: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Введите парольную фразу для преобразуемого слота ключа: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Только одно устройство можно указать для операции isLuks." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Дамп заголовка с ключом тома является секретной информацией,\n" +"обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n" +"Этот дамп нужно хранить зашифрованным в надёжном месте." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Слот ключа %d не содержит непривязанного ключа." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Дамп заголовка с непривязанным ключом является секретной информацией,\n" +"обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n" +"Этот дамп нужно хранить зашифрованным в надёжном месте." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Параметр --header-backup-file является обязательным." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s не является управляемым устройством cryptsetup." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Обновление не поддерживается для устройств типа %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Нераспознанный тип метаданных устройства %s." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Для команды требуется задать устройство и имя отображения." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Эта операция сотрёт все слоты ключей на устройстве %s.\n" +"Устройство станет неработоспособным после этой операции." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Операция прервана, слоты ключа НЕ затёрты.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Некорректный тип LUKS, поддерживаются только luks1 и luks2." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Устройство уже имеет тип %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Данная операция преобразует формат %s в %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Операция прервана, устройство НЕ преобразовано.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Отсутствует параметр --priority, --label или --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Некорректный токен %d." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Используется токен %d." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Ошибка при добавлении токена luks2-keyring %d." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Ошибка при назначении токена %d слоту ключа %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Токен %d не используется." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Ошибка при импорте токена из файла." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Ошибка при получении токена %d для экспорта." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Для добавления токена требуется параметр --key-description." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Для действия требуется указать токен. Используйте параметр --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Некорректная операция с токеном %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Автоматически обнаруженное активное устройство dm «%s» для устройства данных %s.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Устройство %s не является блочным.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Не удалось автоматически обнаружить держателей устройства %s." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Невозможно понять, активно устройство %s или нет.\n" +"Вы действительно хотите продолжить перешифрование в отложенном режиме?\n" +"Это может привести к потере данных, если устройство всё же активно.\n" +"Для запуска перешифрования в оперативном режиме укажите параметр --active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Неверный тип устройства LUKS." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Шифрование без отсоединённого заголовка (--header) невозможно без сокращения размера устройства данных (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Запрошенное смещение данных должно быть меньше или равно половине значения параметра --reduce-device-size." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Подгоняется значение --reduce-device-size под двукратный размер --offset % (секторов).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Шифрование поддерживается только для формата LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "На %s обнаружено устройство LUKS. Хотите снова зашифровать это устройство LUKS?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Временный файл заголовка %s уже существует. Прекращение работы." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Невозможно создать временный файл заголовка %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s теперь активен и готов для оперативного шифрования.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Для шифрования недостаточно свободных слотов ключей." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Файл ключа можно использовать только с --key-slot или только при одном активном слоте." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Введите парольную фразу для слота ключа %d: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Введите парольную фразу для слота ключа %u: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Для команды требуется в аргументе указать устройство." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "В настоящий момент поддерживается только формат LUKS2. Для LUKS1 используйте программу cryptsetup-reencrypt." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Уже выполняется устаревшее внесистемное (offline) перешифрование. Используйте программу cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Перешифрование устройства с профилем целостности не поддерживается." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "Перешифрование LUKS2 уже инициализировано. Прекращение работы." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "Устройство LUKS2 не перешифровывается." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr "<устройство> [--type <тип>] [<имя>]" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "открыть устройство как <имя>" + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "<имя>" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "закрыть устройство (удалить отображение)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "изменить размер активного устройства" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "показать состояние устройства" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher <шифр>]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "оценка производительности шифра" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "<устройство>" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "попытаться исправить метаданные на диске" + +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "перешифровать устройство LUKS2" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "стереть все слоты ключей (удалить ключ шифрования)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "преобразовать LUKS из/в формат LUKS2" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "задать постоянные параметры настройки LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr "<устройство> [<новый файл ключа>]" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "форматировать устройство LUKS" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "добавить ключ к устройству LUKS" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr "<устройство> [<файл ключа>]" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "удалить заданный ключ или файл ключа с устройства LUKS" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "изменить заданный ключ или файл ключа устройства LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "преобразовать ключ в новые параметры pbkdf" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr "<устройство> <слот ключа>" + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "затереть ключ с номером <слот ключа> с устройства LUKS" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "напечатать UUID устройства LUKS" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "проверить <устройство> на наличие заголовка раздела LUKS" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "выгрузить в дамп информацию о разделе LUKS" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "выгрузить в дамп информацию об устройстве TCRYPT" + +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "выгрузить в дамп информацию об устройстве BITLK" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Приостановить устройство LUKS и затереть ключ (заморозка операций ввода-вывода)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Возобновить работу приостановленного устройства LUKS" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Сделать резервную копию заголовка и слотов ключей устройства LUKS" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Восстановить заголовок и слоты ключей устройства LUKS" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " <устройство>" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Управление токенами LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +"<действие> может быть:\n" + +#: src/cryptsetup.c:3395 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"Также можно использовать псевдонимы старого синтаксиса <действия>:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +"<имя> - имя устройства для создания под %s\n" +"<устройство> - зашифрованное устройство\n" +"<слот ключа> - номер слота ключа LUKS для изменения\n" +"<файл ключа> - необязательный файл ключа для нового ключа для действия luksAddKey\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Встроенным форматом по умолчанию для метаданных является %s (для действия luksFormat).\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Встроенные параметры ключа и парольной фразы по умолчанию:\n" +"\tМаксимальный размер файла ключа: %dКБ, Максимальная длина парольной фразы при вводе вручную: %d (символов)\n" +"PBKDF по умолчанию для LUKS1: %s, Время итерации: %d (мс)\n" +"PBKDF по умолчанию для LUKS2: %s\n" +"\tВремя итерации: %d, Требуемая память: %dКБ, Кол-во параллельных нитей: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Встроенные параметры шифра по умолчанию:\n" +"\tloop-AES: %s, Ключ: %d бит\n" +"\tplain: %s, Ключ: %d бит, хэширование пароля: %s\n" +"\tLUKS: %s, Ключ: %d бит, хэширование заголовка LUKS: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: Размер ключа по умолчанию в режиме XTS (два внутренних ключа) будет удвоен.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: требуется %s в качестве аргументов" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Показать это сообщение" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Показать краткие инструкции" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Показать версию пакета" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Параметры справки:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Показывать подробные сообщения об ошибках" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Показывать отладочные сообщения" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Показывать отладочные сообщения включая метаданные JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "Шифр, используемый для шифрования диска (смотрите /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "Хэш, используемый для создания ключа шифрования из парольной фразы" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Проверить правильность парольной фразы, запрашивая её дважды" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Прочитать ключ из файла" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "Прочитать (главный) ключ тома из файла." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Создать дамп (главного) ключа, а не информации слотов ключей" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "Размер ключа шифрования" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "БИТ" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Ограничить чтение из файла ключа" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "байт" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Количество пропускаемых байтов в файле ключа" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Ограничить чтение из только что добавленного файла ключа" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Количество пропускаемых байтов в только что добавленном файле ключа" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Номер слота для нового ключа (по умолчанию первый свободный)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "Размер устройства" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "СЕКТОРОВ" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Использовать только заданный размер устройства (игнорировать остаток устройства). ОПАСНО!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "Начальное смещение в нижележащем (backend) устройстве" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Сколько секторов зашифрованных данных пропускать от начала" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Создать отображение в режиме только для чтения" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Не запрашивать подтверждение" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Время ожидания при ручном вводе парольной фразы (в секундах)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "сек" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Обновление строки хода выполнения (в секундах)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Как часто можно повторять попытку ввода парольной фразы" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Выравнивать полезные данные по границам секторов — для luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Файл резервной копии заголовка и слотов ключей LUKS" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Использовать /dev/random для генерации ключа тома" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Использовать /dev/urandom для генерации ключа тома" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Совместно использовать устройство с другим неперекрывающимся шифрованным сегментом" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "Используемый для устройства UUID" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Разрешить отбрасывать запросы (так называемые TRIM) к устройству" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Устройство или файл с отдельным заголовком LUKS" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Не активировать устройство, только проверить парольную фразу" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Использовать скрытый заголовок (спрятанное устройство TCRYPT)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Устройство является системным диском TCRYPT (с загрузчиком)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Использовать резервный (вторичный) заголовок TCRYPT" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Также искать устройство совместимое с VeraCrypt" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Персональный умножитель итерации для устройства, совместимого с VeraCrypt" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Запрос персонального умножителя итерации для устройства, совместимого с VeraCrypt" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Тип метаданных устройства: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Выключить проверку качество пароля (если включена)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Использовать параметр производительности same_cpu_crypt для dm-crypt" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Использовать параметр производительности submit_from_crypt_cpus для dm-crypt" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Удаление устройства отложено, пока его не закроет последний пользователь" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Использовать глобальную блокировку для сериализации доступа на скорости памяти (memory-hard) PBKDF (для обхода OOM)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Время итерации PBKDF для LUKS (в мс)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "мс" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Алгоритм PBKDF (для LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Ограничение стоимости памяти PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "килобайт" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Стоимость параллельности PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "нити" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Стоимость итераций PBKDF (принудительная, оценка производительности отключена)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Приоритет слота ключа: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Выключить блокировку метаданных на диске" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Выключить загрузку ключей томов через связку ключей ядра" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Алгоритм целостности данных (только для LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Выключить журналирование для устройства целостности" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Не затирать устройство после форматирования" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Использовать неэффективное устаревшее дополнение (старые ядра)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Не запрашивать парольную фразу, если активация токеном завершилась ошибкой" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Номер токена (по умолчанию: любой)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Описание ключа" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Размер сектора шифрования (по умолчанию: 512 байт)" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Использовать вычисленное IV как размер сектора (не 512 байт)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Задать набор постоянных флагов активации устройства" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Задать метку устройства LUKS2" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Задать метку подсистемы устройства LUKS2" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Создать или сделать дапм непривязанного (без назначенного сегмента данных) слота ключа LUKS2" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Прочитать или записать json в файл" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Размер области метаданных заголовка LUKS2" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Размер области слотов ключей заголовка LUKS2" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Обновить (реактивировать) устройство с новыми параметрами" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Слот ключа LUKS2: Размер ключа шифрования" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Слот ключа LUKS2: Шифр, используемый для шифрования слота ключа" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Зашифровать устройство LUKS2 (шифрование по месту (in-place))" + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Расшифровать устройство LUKS2 (удалить шифрование)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Инициализировать перешифрование LUKS2 только метаданных." + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Возобновить только инициализированное перешифрование LUKS2." + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Сократить размер данных устройства (переместить смещение данных). ОПАСНО!" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Максимальный размер hotzone перешифрования." + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Тип устойчивости перешифрования hotzone (checksum,journal,none)" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Контрольные хэш-суммы hotzone перешифрования" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Заменить автоопределение устройства dm для перешифруемого устройства" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[ПАРАМЕТР…] <действие> <данные для действия>" + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Не задан параметр <действие>." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Неизвестное действие." + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Параметры --refresh и --test-passphrase взаимно исключают друг друга." + +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "Параметр --deferred допускается только для команды close." + +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Параметр --shared допускается только для открытия устройства plain." + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Параметр --allow-discards допускается только для операции open." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "Параметр --persistent допускается только для операции open." + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Параметр --serialize-memory-hard-pbkdf допускается только для операции open." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Параметр --persistent не допускается одновременно указывать с --test-passphrase." + +#: src/cryptsetup.c:3753 +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"Параметр --key-size допускается только для luksFormat, luksAddKey,\n" +"действий open и benchmark. Для ограничения чтения из файла ключа используйте --keyfile-size=(байт)." + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Параметр --integrity допускается только для luksFormat (LUKS2)." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Параметр --integrity-no-wipe можно использовать только для действия format с расширением целостности." + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Параметры --label и --subsystem допускаются только для операций LUKS2 luksFormat и config." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Параметр --test-passphrase допускается только для открытия устройств LUKS, TCRYPT и BITLK." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Размер ключа должен быть кратен 8-ми битам" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "Некорректный слот ключа." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Параметр --key-file имеет приоритет над указанным значением файла ключа." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "В параметре нельзя использовать отрицательные числа." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Разрешено указывать только один параметр --key-file." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Разрешено использовать только один параметр --use-[u]random." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "Параметр --use-[u]random допускается только для luksFormat." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "Параметр --uuid допускается только для luksFormat и luksUUID." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "Параметр --align-payload допускается только для luksFormat." + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Параметры --luks2-metadata-size и --opt-luks2-keyslots-size допускаются только для операции luksFormat с LUKS2." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Неправильно указан размер метаданных LUKS2." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Неправильно указан размер слота ключа LUKS2." + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Параметры --align-payload и --offset не допускается указывать вместе." + +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Параметр --skip поддерживается только для открытия устройств plain и loopaes." + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Параметр --offset поддерживается только для открытия устройств plain и loopaes, luksFormat и перешифрования устройства." + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Параметр --tcrypt-hidden, --tcrypt-system или --tcrypt-backup поддерживается только для устройства TCRYPT." + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Параметр --tcrypt-hidden нельзя указывать вместе с --allow-discards." + +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Параметр --veracrypt поддерживается только для устройств TCRYPT." + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Указано некорректное значение параметра --veracrypt-pim." + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Параметр --veracrypt-pim поддерживается только для устройств, совместимых с VeraCrypt." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Параметр --veracrypt-query-pim поддерживается только для устройств, совместимых с VeraCrypt." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Параметры --veracrypt-pim и --veracrypt-query-pim взаимно исключают друг друга." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Значением параметра --priority может быть только ignore/normal/prefer." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Требуется указать слот ключа." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Производной функцией на основе пароля для ключа (PBKDF) может быть только pbkdf2 или argon2i/argon2id." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Принудительные итерации PBKDF нельзя объединять вместе с параметром времени итерации." + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "Параметр размера сектора не поддерживается этой командой." + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Параметр больших секторов IV поддерживается только для открытия устройств типа plain с размером сектора более 512 байт." + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "С параметром --unbound требуется задать размер ключа." + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Параметр --unbound можно использовать только в действиях luksAddKey и luksDump." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "Параметр --refresh можно использовать только при действии open." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "Невозможно выключить блокировку метаданных." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Неправильный максимальный размер перешифрования hotzone." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Неправильно указан размер устройства." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Максимальный размер сокращения устройства равен 1 ГиБ." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Размер сокращения должен быть кратен 512 байтовому сектору." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "Неправильный размер устройства данных." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Переполнение размера сокращения." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "Для расшифровки LUKS2 требуется параметр --header." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Размер устройства должен быть кратен 512 байтовому сектору." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Параметры ---reduce-device-size и --data-size не допускается указывать вместе." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Параметры --device-size и --size не допускается указывать вместе." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Параметры --ignore-corruption и --restart-on-corruption нельзя использовать вместе." + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Указана недопустимая строка соли." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Невозможно создать образ хэша %s для записи." + +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Невозможно создать образ FEC %s для записи." + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Указана недопустимая строка корневого хэша." + +#: src/veritysetup.c:187 +#, c-format +msgid "Invalid signature file %s." +msgstr "Неверный файл подписи %s." + +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Невозможно прочитать файл подписи %s." + +#: src/veritysetup.c:392 +msgid " " +msgstr "<устройство_данных> <устройство_хэша>" + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "отформатировать устройство" + +#: src/veritysetup.c:393 +msgid " " +msgstr "<устройство_данных> <устройство_хэша> <корневой_хэш>" + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "проверить устройство" + +#: src/veritysetup.c:394 +msgid " " +msgstr "<устройство_данных> <имя> <устройство_хэша> <корневой_хэш>" + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "показать состояние активного устройства" + +#: src/veritysetup.c:397 +msgid "" +msgstr "<устройство_хэша>" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "показать информацию на диске" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +"<имя> — устройство, создаваемое на %s\n" +"<устройство_данных> — устройство данных\n" +"<устройство_хэша> — устройство, содержащее проверочные данные\n" +"<корневой_хэш> — хэш корневого узла на <устройстве_хэша>\n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Встроенные параметры dm-verity по умолчанию:\n" +"\tХэш: %s, Блок данных (байт): %u, Блок хэша (байт): %u, Размер соли: %u, Формат хэша: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Не использовать проверочный суперблок" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Тип форматирования (1 - обычное, 0 - как в Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "число" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Размер блока устройства данных" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Размер блока устройства хэша" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "байты чётности FEC" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Количество блоков в файле данных" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "блоков" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Путь к устройству с данными коррекции ошибок" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "путь" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Начальное смещение на устройстве хэша" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Начальное смещение на устройстве FEC" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Алгоритм хэширования" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "строка" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Соль" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "шестн. строка" + +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Путь к файлу с подписью корневого хэша" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Перезапустить ядро, если обнаружится ошибка" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Игнорировать повреждение, только запротоколировать" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Не проверять обнулённые блоки" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Проверять блок данных только при первом чтении" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Параметр --ignore-corruption, --restart-on-corruption или --ignore-zero-blocks допускается только для операции open." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Параметр --root-hash-signature можно использовать только для действия open." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Параметры --ignore-corruption и --restart-on-corruption нельзя использовать вместе." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Невозможно прочитать файл ключа %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Невозможно прочитать %d байт из файл ключа %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Отформатирован с размером тега %u, внутренняя целостность %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "<устройство_целостности>" + +#: src/integritysetup.c:480 +msgid " " +msgstr "<устройство_целостности> <имя>" + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +"<имя> — устройство, создаваемое на %s\n" +"<устройство_целостности> — устройство, содержащее данные с тегами целостности\n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Встроенные параметры dm-integrity:\n" +"\tАлгоритм контрольной суммы: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Путь к устройству данных (при разделении устройств)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Размер журнала" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Чередующиеся секторы" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Отметка журнала" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "процент" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Время фиксации журнала" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "мс" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Количество 512-байтовых секторов на бит (режим битовой карты)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Время стирания в режиме битовой карты" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Размер тега (на сектор)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Размер сектора" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Размер буфера" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Алгоритм целостности данных" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Размер ключа целостности данных" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Прочитать ключ целостности из файла" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Алгоритм целостности журнала" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Размер ключа целостности журнала" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Прочитать ключ целостности журнала из файла" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Алгоритм шифрования журнала" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Размер ключа шифрования журнала" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Прочитать ключ шифрования журнала из файла" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Режим восстановления (без проверки журнала и тегов)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Использовать битовую карту для отслеживания изменений и выключить журналирование для устройства целостности" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Автоматически вычислять начальные теги повторно." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Параметр --integrity-recalculate можно использовать только для действия open." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Параметры --journal-size, --interleave-sectors, --sector-size, --tag-size и --no-wipe можно использовать только для действия format." + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Неправильное задание размера журнала." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Должны быть указаны параметры файла ключа и размер ключа одновременно." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Если используется ключ целостности, то должен быть указан алгоритм целостности." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Должны быть указаны параметры файла ключа целостности и размер ключа одновременно." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Если используется ключ целостности журнала, то должен быть указан алгоритм целостности журнала." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Должны быть указаны параметры файла ключа шифрования и размер ключа одновременно." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Если используется ключ шифрования журнала, то должен быть указан алгоритм шифрования журнала." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Параметры восстановления и режима битовой карты взаимно исключают друг друга." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Параметры журнала нельзя использовать в режиме битовой карты." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Параметр битовой карты можно использовать только в режиме битовой карты." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Уже выполняется перешифрование." + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Невозможно монопольно открыть устройство %s, оно уже используется." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Не удалось выделить выровненную память." + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "Невозможно прочитать с устройства %s." + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Отметка устройства LUKS1 %s бесполезна." + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Установка внесистемного (offline) флага перешифрования LUKS2 на устройстве %s." + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Невозможно записать на устройство %s." + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Невозможно записать в файл протокола перешифрования." + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Невозможно прочитать файл протокола перешифрования." + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Файл протокола %s существует, подразумевается перешифрование.\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Активируется временное устройство, задействуется старый заголовок LUKS." + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Активируется временное устройство, задействуется новый заголовок LUKS." + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Ошибка при активации временного устройства." + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Не удалось задать смещение данных." + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Не удалось задать размер метаданных." + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Создан новый заголовок LUKS для устройства %s." + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Эта версия cryptsetup-reencrypt не работает с новым типом внутреннего токена %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Ошибка чтения флагов активации из резервной копии заголовка." + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Ошибка записи флагов активации в новый заголовок." + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Ошибка чтения требований из резервной копии заголовка." + +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Создана резервная копия заголовка %s для устройства %s." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Ошибка при создании резервных копий заголовка LUKS." + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Невозможно восстановить заголовок %s устройства %s." + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "Заголовок %s устройства %s восстановлен." + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Невозможно открыть временное устройство LUKS." + +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Невозможно получить размер устройства." + +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Ошибка ввода-вывода при перешифровании." + +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Указан некорректный UUID." + +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Невозможно открыть файл протокола перешифрования." + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Расшифровка не выполняется, указанный UUID можно использовать только для возобновления приостановленного процесса расшифровки." + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Изменённые параметры pbkdf в слоте ключа %i." + +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Размер блока перешифрования" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "МиБ" + +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Не изменять ключ, нет области перешифрования данных" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Прочитать новый (главный) ключ тома из файла" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Время итерации PBKDF2 для LUKS (мс)" + +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Использовать direct-io для доступа к устройствам" + +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Вызывать fsync после каждого блока" + +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Обновлять файл протокола после каждого блока" + +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Использовать только этот слот (остальные будут выключены)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Создать новый заголовок на не шифрованном устройстве" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Окончательно расшифровать устройство (удалить шифрование)" + +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "Используемый для возобновления шифрования UUID" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Тип метаданных LUKS: luks1, luks2" + +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[ПАРАМЕТР…] <устройство>" + +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Перешифрование изменит: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "ключ тома" + +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "установить хэш равным" + +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", установить шифр равным" + +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Требуется аргумент." + +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Значение размера блока перешифрования должно быть в диапазоне от 1 МиБ до 64 МиБ." + +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "Максимальный размер сокращения устройства равен 64 МиБ." + +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Параметр --new должен использоваться вместе с --reduce-device-size или --header." + +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Параметр --keep-key можно использовать только с --hash, --iter-time или --pbkdf-force-iterations." + +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "Параметр --new нельзя использовать вместе с --decrypt." + +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "Параметр --decrypt несовместим с указанными параметрами." + +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Параметр --uuid можно использовать только вместе с --decrypt." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Некорректный тип luks. Возможные значения: «luks», «luks1» или «luks2»." + +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Ошибка чтения ответа с терминала." + +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Команда выполнена успешно.\n" + +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "некорректные или отсутствующие параметры" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "нет прав или некорректная парольная фраза" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "недостаточно памяти" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "указано некорректное устройство или файл" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "устройство уже существует или занято" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "неизвестная ошибка" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Сбой команды, код %i (%s).\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Создан слот ключа %i." + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Слот ключа %i разблокирован." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Слот ключа %i удалён." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Создан токен %i." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Токен %i удалён." + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Затирание прервано." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: Устройство %s уже содержит подпись раздела «%s».\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "ПРЕДУПРЕЖДЕНИЕ: Устройство %s уже содержит подпись суперблока «%s».\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Ошибка при инициализации определения подписей устройства." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Ошибка выполнения stat для устройства %s." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Устройство %s уже используется. Нельзя продолжать выполнение операции форматирования." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Ошибка при открытии файла %s в режиме чтения-записи." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "Существующая подпись раздела «%s» (смещение: % байт) на устройстве %s будет затёрта." + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "Существующая подпись суперблока «%s» (смещение: % байт) на устройстве %s будет затёрта." + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Ошибка при затирании подписи устройства." + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Ошибка при определении подписи устройства %s." + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Перешифрование прервано." + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Невозможно проверить стойкость пароля: %s" + +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"Ошибка при проверке стойкости пароля:\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Ошибка при проверке стойкости пароля: некорректная парольная фраза (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Ошибка чтения парольной фразы с терминала." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Парольная фраза повторно: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Парольные фразы не совпадают." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Невозможно использовать смещение при вводе с терминала." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Введите парольную фразу: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Введите парольную фразу для %s: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Ключ недоступен с этой парольной фразой." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Не найдено подходящего слота ключа." + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Невозможно открыть файл ключа %s для записи." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Невозможно записать в файл ключа %s." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Ошибка при открытии файла %s в режиме только для чтения." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Укажите корректный токен LUKS2 в формате JSON:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Ошибка чтения файла JSON." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Чтение прервано." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Ошибка при открытии файла %s в режиме записи." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Запись прервана." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Ошибка записи в файл JSON." + +#~ msgid "Parameter --refresh is only allowed with open or refresh commands." +#~ msgstr "Параметр --refresh допускается только с командами open и refresh." + +#~ msgid "Cipher %s is not available." +#~ msgstr "Шифр %s недоступен." + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Неподдерживаемый размер сектора шифрования.\n" + +#~ msgid "Offline reencryption in progress. Aborting." +#~ msgstr "Ведётся внесистемное (offline) перешифрование. Прерываемся." + +#~ msgid "Online reencryption in progress. Aborting." +#~ msgstr "Ведётся оперативное (online) перешифрование. Прерываемся." + +#~ msgid "No LUKS2 reencryption in progress." +#~ msgstr "Перешифрование LUKS2 в данный момент не выполняется." + +#~ msgid "Interrupted by a signal." +#~ msgstr "Прервано сигналом." + +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Функция не доступна в режиме FIPS." + +#~ msgid "Failed to write hash." +#~ msgstr "Ошибка записи хэша." + +#~ msgid "Failed to finalize hash." +#~ msgstr "Ошибка завершения хэша." + +#~ msgid "Invalid resilience parameters (internal error)." +#~ msgstr "Неправильные параметры устойчивости (внутренняя ошибка)." + +#~ msgid "Failed to assign new enc segments." +#~ msgstr "Ошибка при назначении новых сегментов enc." + +#~ msgid "Failed to assign digest %u to segment %u." +#~ msgstr "Ошибка при назначении дайджеста %u в сегмент %u." + +#~ msgid "Failed to set segments." +#~ msgstr "Ошибка при задании сегментов." + +#~ msgid "Failed to assign reencrypt previous backup segment." +#~ msgstr "Ошибка при назначении предыдущей резервной копии сегмента reencrypt." + +#~ msgid "Failed to assign reencrypt final backup segment." +#~ msgstr "Ошибка при назначении конечной резервной копии сегмента reencrypt." + +#~ msgid "Failed generate 2nd segment." +#~ msgstr "Ошибка при генерации 2-го сегмента." + +#~ msgid "Failed generate 1st segment." +#~ msgstr "Ошибка при генерации 1-го сегмента." + +#~ msgid "Failed to allocate device %s." +#~ msgstr "Ошибка при выделении устройства %s." + +#~ msgid "Failed to allocate dm segments." +#~ msgstr "Ошибка при выделении сегментов dm." + +#~ msgid "Failed to create dm segments." +#~ msgstr "Ошибка при создании сегментов dm." + +#~ msgid "Failed to allocate device for new backing device." +#~ msgstr "Ошибка при выделении устройства для нового опорного устройства." + +#~ msgid "Failed to reload overlay device %s." +#~ msgstr "Ошибка при перезагрузке оверлейного устройства %s." + +#~ msgid "Failed to refresh helper devices." +#~ msgstr "Не удалось обновить вспомогательное устройство %s." + +#~ msgid "Failed to create reencryption backup segments." +#~ msgstr "Ошибка при создании резервных сегментов перешифрования." + +#~ msgid "Failed to set online-reencryption requirement." +#~ msgstr "Ошибка при задании требований оперативного перешифрования." + +#~ msgid "Failed to hash sector at offset %zu." +#~ msgstr "Ошибка хэширования сектора по смещению %zu." + +#~ msgid "Failed to read sector hash." +#~ msgstr "Ошибка чтения хэша сектора." + +#~ msgid "Error: Calculated reencryption offset % is beyond device size %." +#~ msgstr "Ошибка: вычисленное смещение перешифрования % находится за границей размера устройства %." + +#~ msgid "Device is not in clean reencryption state." +#~ msgstr "Устройство не в начальном (clean) состояния перешифрования." + +#~ msgid "Failed to calculate new segments." +#~ msgstr "Ошибка при вычислении новых сегментов." + +#~ msgid "Failed to assign pre reenc segments." +#~ msgstr "Ошибка при назначении сегментов pre reenc." + +#~ msgid "Failed finalize hotzone resilience, retval = %d" +#~ msgstr "Ошибка завершения устойчивости hotzone, retval = %d" + +#~ msgid "Failed to write data." +#~ msgstr "Ошибка записи данных." + +#~ msgid "Failed to update metadata or reassign device segments." +#~ msgstr "Не удалось обновить метаданные или переназначить сегменты устройства." + +#~ msgid "Failed to reload %s device." +#~ msgstr "Ошибка при перезагрузке устройства %s." + +#~ msgid "Failed to erase backup segments" +#~ msgstr "Ошибка при стирании резервных копий сегментов." + +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Запрошенные параметры производительности dmcrypt не поддерживаются." + +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Невозможно отформатировать устройство %s, которое всё ещё используется." + +#~ msgid "Key slot %d is not used." +#~ msgstr "Слот ключа %d не используется." + +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Для удаления выбрал слот ключа %d." + +#~ msgid "open device as mapping " +#~ msgstr "открыть устройство как отображение с <именем>" + +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "закрыть устройство (деактивировать и удалить отображение)" + +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Ошибка при задании параметров PBKDF." + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Невозможно перемещаться по устройству.\n" + +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "Устройство %s слишком маленькое (для LUKS2 требуется не менее % байт)." + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "Ошибка 'memory allocation error' при выполнении action_luksFormat" + +#~ msgid "Cannot get info about device %s.\n" +#~ msgstr "Невозможно получить информацию об устройстве %s.\n" + +#~ msgid "Device %s has zero size.\n" +#~ msgstr "Устройство %s имеет нулевой размер.\n" + +#~ msgid "Device %s is too small.\n" +#~ msgstr "Устройство %s слишком маленькое.\n" + +#~ msgid "Device %s already exists.\n" +#~ msgstr "Устройство %s уже существует.\n" + +#~ msgid "Volume %s is not active.\n" +#~ msgstr "Раздел %s не активен.\n" + +#~ msgid "Invalid key size.\n" +#~ msgstr "Неверный размер ключа.\n" + +#~ msgid "Key slot %d is not used.\n" +#~ msgstr "Ключевой слот %d не используется.\n" + +#~ msgid "Key slot %d is invalid.\n" +#~ msgstr "Неправильный ключевой слот %d.\n" + +#~ msgid "Invalid device %s.\n" +#~ msgstr "Неверное устройство %s.\n" + +#~ msgid "Volume key buffer too small.\n" +#~ msgstr "Буфер ключей раздела слишком мал.\n" + +#~ msgid "Cannot read device %s.\n" +#~ msgstr "Невозможно прочитать устройство %s.\n" + +#~ msgid "This operation is not supported for %s crypt device.\n" +#~ msgstr "Данная операция не поддерживается для устройства шифрования %s.\n" + +#~ msgid "Device %s doesn't exist or access denied.\n" +#~ msgstr "Устройство %s не существует или доступ к нему запрещён.\n" + +#~ msgid "Failed to open temporary keystore device.\n" +#~ msgstr "Не удалось открыть устройство временного хранения ключей.\n" + +#~ msgid "Failed to access temporary keystore device.\n" +#~ msgstr "Не удалось получить доступ к устройству временного хранения ключей.\n" + +#~ msgid "Cannot get process priority.\n" +#~ msgstr "Невозможно получить приоритет процесса.\n" + +#~ msgid "Data offset or key size differs on device and backup, restore failed.\n" +#~ msgstr "Смещение данных или размер ключа не совпадают на устройстве и в резервной копии, восстановление не удалось.\n" + +#~ msgid "Cannot open device %s.\n" +#~ msgstr "Невозможно открыть устройство %s.\n" + +#~ msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" +#~ msgstr "Неверный ключевой слот %d, пожалуйста, выберите ключевой слот между 0 и %d.\n" + +#~ msgid "No key available with this passphrase.\n" +#~ msgstr "Нет доступных ключей для данного пароля.\n" + +#~ msgid "Key slot %d unlocked.\n" +#~ msgstr "Ключевой слот %d разблокирован.\n" + +#~ msgid "Key slot %d is full, please select another one.\n" +#~ msgstr "Ключевой слот %d полон, пожалуйста, выберите другой.\n" + +#~ msgid "All key slots full.\n" +#~ msgstr "Все ключевые слоты полны.\n" + +#~ msgid "Key slot %d is invalid, please select between 0 and %d.\n" +#~ msgstr "Неправильный ключевой слот %d, пожалуйста, выберите между 0 и %d.\n" + +#~ msgid "This operation is supported only for LUKS device.\n" +#~ msgstr "Данная операция поддерживается только для устройств LUKS.\n" + +#~ msgid "Cannot write header backup file %s.\n" +#~ msgstr "Невозможно записать файл резервной копии заголовка %s.\n" + +#~ msgid "Cannot read header backup file %s.\n" +#~ msgstr "Невозможно прочитать файл резервной копии заголовка %s.\n" + +#~ msgid "Cannot open header backup file %s.\n" +#~ msgstr "Невозможно открыть файл резервной копии заголовка %s.\n" + +#~ msgid "Unsupported LUKS version %d.\n" +#~ msgstr "Неподдерживаемая версия LUKS %d.\n" + +#~ msgid "Error during update of LUKS header on device %s.\n" +#~ msgstr "Ошибка обновления заголовка LUKS на устройстве %s.\n" + +#~ msgid "Error re-reading LUKS header after update on device %s.\n" +#~ msgstr "Ошибка перечитывания заголовка LUKS после обновления на устройстве %s.\n" + +#~ msgid "Cannot wipe device %s.\n" +#~ msgstr "Невозможно очистить устройство %s.\n" + +#~ msgid "Option --header-backup-file is required.\n" +#~ msgstr "Необходима опция --header-backup-file.\n" + +#~ msgid "File with LUKS header and keyslots backup." +#~ msgstr "Файл с резервной копией заголовка и ключевых слотов LUKS." + +#~ msgid "DM-UUID for device %s was truncated.\n" +#~ msgstr "DM-UUID для устройства %s был усечён.\n" + +#~ msgid "Key slot %d active, purge first.\n" +#~ msgstr "Ключевой слот %d активен, сначала очистите.\n" + +#~ msgid "Volume key does not match the volume.\n" +#~ msgstr "Ключ раздела не совпадает с разделом.\n" + +#~ msgid "Cannot initialize crypto backend.\n" +#~ msgstr "Невозможно инициализировать внутренний интерфейс crypto.\n" + +#~ msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" +#~ msgstr "Невозможно инициализировать device-mapper. Загружен ли модуль ядра dm_mod?\n" + +#~ msgid "Volume %s is not suspended.\n" +#~ msgstr "Том %s не в режим приостановки.\n" + +#~ msgid "Volume %s is already suspended.\n" +#~ msgstr "Том %s уже в режим приостановки.\n" + +#~ msgid "Error reading passphrase from terminal.\n" +#~ msgstr "Ошибка чтения кодовой фразы из терминала.\n" + +#~ msgid "Passphrases do not match.\n" +#~ msgstr "Кодовые фразы не совпадают.\n" + +#~ msgid "Key size in XTS mode must be 256 or 512 bits.\n" +#~ msgstr "Размер ключа в режиме XTS должен быть 256 или 512-разрядный.\n" + +#~ msgid "Error reading passphrase.\n" +#~ msgstr "Ошибка чтения кодовой фразы.\n" + +#~ msgid "Out of memory while reading passphrase.\n" +#~ msgstr "Недостаточно памяти для считывания кодовой фразы.\n" + +#~ msgid "Cannot format device %s which is still in use.\n" +#~ msgstr "Нельзя отформатировать устройство %s, которое ещё используется.\n" + +#~ msgid "This operation is not supported for this device type.\n" +#~ msgstr "Это действие не поддерживается для данного типа устройств.\n" + +#~ msgid "Fatal error during RNG initialisation.\n" +#~ msgstr "Критическая ошибка во время инициализации RNG.\n" + +#~ msgid "Option --key-file is required.\n" +#~ msgstr "Требуется параметр --key-file.\n" + +#~ msgid "Hash algorithm %s not supported.\n" +#~ msgstr "Алгоритм хэширования %s не поддерживается.\n" + +#~ msgid "Key processing error (using hash %s).\n" +#~ msgstr "Ошибка обработки ключа (используется хэш %s).\n" + +#~ msgid "Failed to open key file.\n" +#~ msgstr "Не удалось открыть ключевой файл.\n" + +#~ msgid "Cannot read requested amount of data.\n" +#~ msgstr "Не удалось считать запрошенное количество данных.\n" + +#~ msgid "Writing LUKS header to disk.\n" +#~ msgstr "Запись заголовка LUKS на диск.\n" + +#~ msgid "Key slot %d selected for deletion.\n" +#~ msgstr "Слот ключа %d выбран для удаления.\n" + +#~ msgid "Key slot %d changed.\n" +#~ msgstr "Слот ключа %d изменён.\n" + +#~ msgid "Read the key from a file." +#~ msgstr "Читать ключ из файла." + +#~ msgid "Use /dev/random for generating volume key." +#~ msgstr "Использовать /dev/random для генерации ключа тома." + +#~ msgid "Use /dev/urandom for generating volume key." +#~ msgstr "Использовать /dev/urandom для генерации ключа тома." + +#~ msgid "Device type is not properly initialised.\n" +#~ msgstr "Тип устройства некорректно инициализирован.\n" + +#~ msgid "Error during resuming device %s.\n" +#~ msgstr "Ошибка при возобновлении работы устройства %s.\n" + +#~ msgid "Device %s is still in use.\n" +#~ msgstr "Устройство %s всё ещё используется.\n" + +#~ msgid "Cannot unlock memory.\n" +#~ msgstr "Не удалось разблокировать память.\n" + +#~ msgid "Maximum keyfile size exceeded.\n" +#~ msgstr "Максимальный размер ключевого файла превышен.\n" + +#~ msgid "Running in FIPS mode.\n" +#~ msgstr "Выполняется в режиме FIPS.\n" + +#~ msgid "Error reading keyfile %s.\n" +#~ msgstr "Ошибка при чтении файла ключа %s.\n" + +#~ msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" +#~ msgstr "Максимальная длина кодовой фразы TCRYPT (%d) превышена.\n" + +#~ msgid "Unsupported VERITY version %d.\n" +#~ msgstr "Неподдерживаемая версия VERITY %d.\n" + +#~ msgid "VERITY header corrupted.\n" +#~ msgstr "Заголовок VERITY повреждён.\n" + +#~ msgid "Cannot format device %s, permission denied.\n" +#~ msgstr "Невозможно отформатировать устройство %s, отказано в доступе.\n" + +#~ msgid "Resume is not supported for device %s.\n" +#~ msgstr "Возобновление не поддерживается для устройства %s.\n" + +#~ msgid "Unsupported VERITY block size.\n" +#~ msgstr "Неподдерживаемый размер блока VERITY.\n" + +#~ msgid "Function not available in FIPS mode.\n" +#~ msgstr "Функция недоступна в режиме FIPS.\n" + +#~ msgid "Requested offset is beyond real size of device %s.\n" +#~ msgstr "Запрошенное смещение за пределами реального размера устройства %s.\n" + +#~ msgid "Cannot write to device %s, permission denied.\n" +#~ msgstr "Запись на устройство %s невозможна, отказано в доступе.\n" + +#~ msgid "Cannot seek to requested keyfile offset.\n" +#~ msgstr "Не удалось перейти к запрошенному смещению в ключевом файле.\n" + +#~ msgid "Non standard key size, manual repair required.\n" +#~ msgstr "Нестандартный размер ключа, требуется исправление вручную.\n" + +#~ msgid "Required kernel crypto interface not available.\n" +#~ msgstr "Запрошенный криптоинтерфейс ядра недоступен.\n" + +#~ msgid "Ensure you have algif_skcipher kernel module loaded.\n" +#~ msgstr "Убедитесь, что загружен модуль ядра algif_skcipher.\n" + +#~ msgid "Activation is not supported for %d sector size.\n" +#~ msgstr "Активация не поддерживается для размера сектора %d.\n" + +#~ msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n" +#~ msgstr "ПРЕДУПРЕЖДЕНИЕ: Ядро не может активировать устройство, если размер блока данных превышает размер страницы (%u).\n" + +#~ msgid "Cannot read keyfile %s.\n" +#~ msgstr "Не удалось прочитать ключевой файл %s.\n" + +#~ msgid "Cannot read %d bytes from keyfile %s.\n" +#~ msgstr "Не удалось прочитать %d байт из ключевого файла %s.\n" + +#~ msgid "UUID for device to use." +#~ msgstr "UUID используемого устройства." + +#~ msgid "Do not activate device, just check passphrase." +#~ msgstr "Не активировать устройство, просто проверить парольную фразу." + +#~ msgid "Cannot wipe header on device %s.\n" +#~ msgstr "Не удалось стереть заголовок на устройстве %s.\n" + +#~ msgid "Dump operation is not supported for this device type.\n" +#~ msgstr "Создание дампа не поддерживается для этого типа устройств.\n" + +#~ msgid "Cannot create header backup file %s.\n" +#~ msgstr "Не удалось создать файл резервной копии заголовка %s.\n" + +#~ msgid "Requested header backup file %s already exists.\n" +#~ msgstr "Запрошенный файл резервной копии заголовка %s уже существует.\n" + +#~ msgid "Disable password quality check (if enabled)." +#~ msgstr "Отключить проверку качества пароля (если включена)." + +#~ msgid "" +#~ "Option --key-size is allowed only for luksFormat, open and benchmark.\n" +#~ "To limit read from keyfile use --keyfile-size=(bytes)." +#~ msgstr "" +#~ "Опция --key-size разрешена только для luksFormat, open и benchmark.\n" +#~ "Чтобы ограничить чтение из ключевого файла, используйте --keyfile-size=(количество байтов)." + +#~ msgid "Cannot write device %s.\n" +#~ msgstr "Не удалось выполнить запись на устройство %s.\n" + +#~ msgid "New LUKS header for device %s created.\n" +#~ msgstr "Создан новый заголовок LUKS для устройства %s.\n" + +#~ msgid "Activated keyslot %i.\n" +#~ msgstr "Активирован слот ключей %i.\n" + +#~ msgid "Cannot get device size.\n" +#~ msgstr "Не удалось получить размер устройства.\n" + +#~ msgid "Option --new must be used together with --reduce-device-size." +#~ msgstr "Опция --new должна использоваться совместно с --reduce-device-size." + +#~ msgid "Cannot check password quality: %s\n" +#~ msgstr "Не удалось проверить качество пароля: %s\n" + +#~ msgid "Interrupted by a signal.\n" +#~ msgstr "Прервано по сигналу.\n" + +#~ msgid "Cannot determine device type. Incompatible activation of device?\n" +#~ msgstr "Невозможно определить тип устройства. Несовместимая активация устройства?\n" + +#~ msgid "Requested dm-crypt performance options are not supported.\n" +#~ msgstr "Запрошенные параметры производительности dm-crypt не поддерживаются.\n" + +#~ msgid "Requested dm-verity data corruption handling options are not supported.\n" +#~ msgstr "Запрошенные параметры обработки повреждённых данных dm-verity не поддерживаются.\n" + +#~ msgid "Cannot initialize crypto RNG backend.\n" +#~ msgstr "Невозможно инициализировать выходной буфер crypto RNG.\n" + +#~ msgid "Cannot initialize device-mapper, running as non-root user.\n" +#~ msgstr "Невозможно инициализировать device-mapper, выполнение не от имени администратора.\n" + +#~ msgid "Can't format LUKS without device.\n" +#~ msgstr "Невозможно отформатировать LUKS без устройства.\n" + +#~ msgid "Unsupported VERITY hash offset.\n" +#~ msgstr "Неподдерживаемое смещение хэша VERITY.\n" + +#~ msgid "Suspend is not supported for device %s.\n" +#~ msgstr "Приостановка не поддерживается для устройства %s.\n" + +#~ msgid "Error during suspending device %s.\n" +#~ msgstr "Ошибка во время приостановки устройства %s.\n" + +#~ msgid "Can't format LOOPAES without device.\n" +#~ msgstr "Невозможно отформатировать LOOPAES без устройства.\n" + +#~ msgid "Unsupported VERITY hash type %d.\n" +#~ msgstr "Неподдерживаемый тип хэша VERITY %d.\n" + +#~ msgid "Can't format VERITY without device.\n" +#~ msgstr "Невозможно отформатировать VERITY без устройства.\n" + +#~ msgid "UUID is not supported for this crypt type.\n" +#~ msgstr "UUID не поддерживается для этого типа шифрования.\n" + +#~ msgid "Cannot use device %s which is in use (already mapped or mounted).\n" +#~ msgstr "Невозможно использовать устройство %s, которое уже используется (уже внесено в схему или подключено).\n" diff --git a/po/sr.gmo b/po/sr.gmo new file mode 100644 index 0000000000000000000000000000000000000000..df14b95b4e00b76b7c58277ec4dff0f19c2f9de6 GIT binary patch literal 135980 zcmcG%2Y{Sa_5S~ED8fpUUIZqxv zzOv=|pQ($YXykfa;EElh=!EsT-zSQQias|ninawG1Gk>U4ZlsMM9~r8rr&PgY41VCKC^`?E2JS$mKLjZ@`s36n+7jGnS`_UFP6oTd0yqZz zK6pO3`E*ZrHMkYwyTNaQkAvgDb7n-*LEw|%Az*ZL6cvGSU_JPGa8K|{U=Dl{+yi_E z+z;GkW)yuGoDFUPo(zr!&jxn~zXt9E{t_Gp*3F8dX0Qp|2s{o{y9(e?un!b{t^pxy zbT7Cm_%ygB_Qn;jcPdxPV^^}%*fbUPVT{nvuq zg5LrmMf9@}ZaL1MPXTu(ep$e4z+DNi1P=$F2M+^xIo|uZ0NjM|jo?1u-Jsh2Q&4mq z@=>S%9w1dkhl48TR&WCNTTtopbE9ZDI2}|wmxFqK4@gnbpF;SEk3|tI8GRBQ2fhSO z1a~?C-ULqsHNN+Q$*`-9tmJc=5@>7d$o3b-?P6R7lG0Y#@@faAdWd0y|4V2Re6Db=!7*zga!0o`(z#RA)P<;6?*Z}?jRDa(AM}s>RyuM>VjmtIQ zZs2|3P;d>X_WmWrZ$ICk9|Rss{KvuZ;BBDF{{^UWHg5HFIZ*AH0IHn1A^uEI>2C*j z0iOYP1b+jnAM3UGco3vL5`2h4%5f*Q9WOxgp$7EtXv2^9VB0hR9; zpvvE5fwyxXFh}?ZQ0-g{?hc+4@J>+t{~d5A@EuU&war4GzXyYwXYJrv@D^}4@D*@B zux^p}`v7oj!XE>708a*+z)QeGz?I-I@UNiyxpT?ea}c-(;aT8N@DxzxUk_^B9|s%2 z7r+C-e}RXC`<>+dJsq4x_)f41`~#@@yWL`M?_S^$gi8S*0uh1He?ZOW8STtz@N7`| zt^n2k&w+b^t3kEnx8OnGkPdI>Sa46mCxU9<1)%zOFR1j-gW}6Sf}-08JAM3*05uLp zP;@;FBuTUaRC&8}dAdoU_~t}V<9-IH{@o8M|BplXO;B{%soQZjxG&+$K=tqI;AHSE zun|1yWT$r<*i85$Q2ek8+#7ruRJ|MZxSSjY<_RAJia$!A`0YG!IQSSi5&SKv{x+9A z-I1W?@j_7PE&#z^{T^5`Hy=-vX6?o29Pv4+L8Xm%szS8^P_s zAA+jybx`BJA&pkJ85BPp4vK#|!7ae+K=tnnpytC1pvH6CWj-F`K&3B&%6~a1zIix= z{|ahcb~@GhV>Bp!nFFeQ%R!Cr{Q+MD)sMPQ_0b%q zy5&y)-NF5dKMoWhd*Qbo0UO z!3#m9zb!of4!8^9w?lZFGXkAJ@of=Qf35;|03QR@{ujV~z;{5kH-DznXD+CAeiGan zTn*~^%ivC6{aHT0_XHK55AFz_4vqn@19t^q0CV8m;D^EO&h~!n3+nktL0Bj{6;!+4 z1l7L}p5y8F2sj>8`#%nD4W17k2HpT_Tz>)X4%VOR^)-WP&va1roCK;r7lRs)M?vL# z9aMX_I?w4j0~9?@1wR7b2Oa|c1{5DOp6}0(2gRS4f$GxS22{RN!27_@ft!M}F7*BsK-G6QsQLU`Q1svBA|J0Y0q21l@3TSC>o!pBeH2tX z-vWn$4HtWOYQWP$(cykj^ZRF@>f7WJ@7GbF=J%PP#^ckV`1xLNFYvX1n_ud3W;D15 z@iRctxeq)L{0x`_p959i8{lr>kjs3W8o&<`o&t^o=Ys0*jiAa|18N-J1jWA%pY-_I zpvJiuRR6C9HO`NKYTx%kmGf^};2*$d@ZihceryNT zzGa}~#U-HVv>F@>z6<8TgRk&<7lUf=)u8JCHmLIc1C9rquf)a%yTNJTnP3C>Jy7NR z72F%#{nH*l9n2B#14n>Yg9m_5fojLQpycYO7)VOYRt*--ygBq_hK(*sW@F?(`;L+fg*Ezk~!0iZM z4h{wH0@bc>gCoH|fNIY!*E?M&fa04HxE^>RsOOi0s{c!%#^w3&{GVVG;s1c5Q_~Hs z$-o()#^nKUEAZ!_p1&R9cfQg2W-6$0JrmpkyayCro&v=mzXA^gx4FsZ`7}`Bc2Ljn z07cgyg3A9Na1^-1&EC%=L8a>ij|Xo8)sDY`qT4RFIDHQT)!uW!Dd2;k#^K-KaB%Ni zy`1Af_2&ZcNbm+wbpJKDKe+F0Uf$w>cY^y8{|iv{ZU0%HPvgNZ!dHN!!MfXhy)_0L zNBAo6IPiIJ7qIzrZWm1jnOf16pvv9-4sY*qU_0T@f(L+`f8NVI3=|)o4ekd%9Kx@I z;|b^Pbo+Nc_z}Wi1Sf;P1jm8H?~0;%UeMxvil1=z4HB@FB1T{1JEz zSii#K3t$uBbHN;VAJ`0j4?Gxr7aRwU`I5_-)4-vGKMm%ObeZcu- zE~xs?1@{K;1or}e0B#Sy3yLn=J?L~e1QdUDgNnZn6urL&D*rz~^>5FIy#FVF+YtT~ zsP^6gs(rrzMXwE3`h4FR)Od~uM}en<`+zIJ7VtGtOT`40p10w{ujZ` z!1W*Tao7q}dxwD|!5N^^ofX3Of|Cfp0;>K!R(ZVzaCgF=0q25W1~m@beA)T;5O80@ z%Rsg7KJYN`RZ#hw9`$xj1vOr$fk%M%fJ*bVG1dw&V4f15q#a&do9 z?Vby2{4M}L4BiLs41NbxxxWRs0YCgWzB#Z3Tpt__s{Mz69|TL_eqbLs3;ZIeasLk} zIk4AiZ^sl+<@SIFfOmjffjBtQ(cmz!0B#3f z6vDTGqVF?c1Nb_qdbj+p^T`NM^gb@&QgBzoSA#k5;Sm2LaBsqIgX-sQ&pLlk29TtDpzD!dpR1705Dp9Oa$yyf>?UgW_>!X4mn@M`c-@Eak# zVZY0{eL&TFRKQNKnegS{Nbm_zeE%mf53aw)qT%p z_%1jR9QS>f+vkCbe+oPr+~@~h{zt*7gf9f=fG>cH!Qnr2{d+BV72yq@_j;}ebA%rO zM}RMan}Zv@;O*WX+>`KdP<%KG+!kB}P6N*Xr-RRdTY$U#$o zD0*ECs@!`(@y!oFmGe(<26*I)p8iHqbb1ujIKKpHT;BmV1^4)|%YhcKp77z|#^5Y) z2zUahcAN+ry}=C$pAT*WUIwb1+rjn0FM%Hb9|m^-SA**Bi{L2m4N!C#`jV&LAKZlS zL7>L>a8UV{fLnr>gWH3*gR1v2P<-_bQ1!eHs$Xw`YR6VTaU2S&KO;cZI~r8Fc5o-~ z60m^|-U;4J_}QPj+-ZLW8Cr*(1<6C& zPXrHmoi!_XEhu^&{s(*k;2con{t!3|T>p2*!}vnJn;demwqx&sn1^87^{X6!r&i@aClL-F`JOLd3wvX$@p!)Y1 z_#pTicrtkH-`wu3|GV3d3&D+uzYi>ckANy?hj&~qE(ISTd^;$*9Pu-^YI~d(Uss!;ALRPdUeq`;6K6Bz%x)%SAqWq zj{&dTpw8&}Tkt}{XKq+${Ic-}>Wsfm07d`Rp!jFAjlBLc*h}~s@CI<~#&xz%cnNGJ zJfgnN;gYVcm+5U+;r1A8@Cg|a|wSR z6upn#tj_r0a!~Ym1Dpj;+Pp4W1YQSnq)#J>#g2Tt79 z+j%Oe_Vt6OgCAjXUka`QF90WP?{t0^R6APO#8rPU0cU_uf(L=y?CAYJ8dP~JK+%1N zo$72|bQ*ZH(u1?XZ9nYgEe6GZPl98?F+10pT=@hzf$%HfZs2aa)S10B2~;`D!B2tD zfojLccdaw~|9TLb{IZ%AOUxSb5gWxHIkJz)$^v5^A?FqjK4hP=^)&E_F)!90? z3@ZP<;Qrv=jXv)4!O4X00W~lG0`3KlZK^YSqXdfIuLni9&G+)>)4)!`%fN@g-+*($ zoA&nhzXOUc!-m(Hyeop5ci#jhPd=RYahVN@AMOR!zTwSvCMUlD&L_O{h`Q(^@Jvwj zt{+)vcH>M?a^MC~^JNp1kz6(ljAG@E^?`xpu@dx+!aX$`xobVUGkAjO1s58Cs4R9ji-vrDb z==AOZM-l%xsBw7%RJuJs;vAuew0Vl`nve;IBcA-xddXd**_g$9I7} z;8tUt&gX;Tj|~oXK5hZk{vL2&@Ci`!;Vn>d<-oCZX8&FaYP=r?Zv-0-sk42zuY;QJ zBgc98T2OS_aJ zYUQPH;Q1g83Y@bKxfuiTLp!j)@InK|Y1h=T8eo%7kx5qf$4m#Gy?+Q@*`UOyQ z&mHIOITgH%@G4ODP2qU&@7F-pyTeC4|B0a5cL&%3z6qWJ&YSCWcoDpe@X(Jr-R=if z-c~0#J<8x2gkJ$o9)H}+xgQjt?L5!*PB*v{;m?ByfnNtlfbW8uC(S21{g#26r@sMV zg=j*d&em<0&UgKEC%BmB`?h+0w}R@=n<0E)o74FsP~-UmC_dk-SZ8)j7bv~^Pw?a5 zaSL4UJ_2e!Z@4DPM?c5mnOfLDQ%Lq7(^4V@k5!~}+mp9Wv$&+(IJs;Xr7kv)=D5&}M zA8=Q&P_DD})mfm*y#|!rc?&!h{8+EI=SQH%x3SOpwhXGAXF$73CjLC_!Cao zGPn=nJ3y@)ehkWf-)Ol%p9U&?CO83n3RFMpPxJXT2b7%nGeD0#X2*>%yi;4)D3+43Bp z*KnDm>|)oWp9IyTDp2xw=w&`mH-MUN-v(9wh)?=_x*9x?@Oq!}dd7h2@8zKQ@>TF+aLVOQ z{~v-Kkj;Eo%ugjf|}Rsf7<2m$H7LzE5IwjAA?tdi?4G2dlyu@ zj{l6~R|5{a+WF#>pzNyefnNZpUgL7-@8I2p=U(f2V}t8_eY6~u9rB^;ef@MexEXTs zyP){tCpWmh9Cc$|^c}*V1trHiZ*uyr0mWydZ}xtC3OtGMZ$atf*|*e1W$+nLdjH^C zy`K9)$(Ma@b9&qYs=xbv*6o(3LCv?xx4WFY4b;5b;B&60i=gcLZ-DCWL3jA`FM}HI z9X?+dJp=ZEdVa{Abf1KHWB_Vcp~^VsPxC)TW9{b`$6&LcfpT<4fi=8&I3;*{6+A~;3oGw zUpxhhuG_3|emV)9M)(1+6|DP`k3$jMi}1HV&DXzxM}qr5;QV?vxPw!IZ%AK+r!?^i@?hWzX~e8>k*fa zFMy{L-fWfIv6q3G=idU=zm2}^d~gD&ad{?$M?LCvz6m^q`1QWx{a+4FCj1>x^K{F{ zTy8G~)$ZrOJoq*^5!~Z(=Z6w#@*&_3t9_l-0ZN~|3yQCoJ>hhE8N5yTzv}byDX>I% z`>#3QoDFI`UIWEn`+VKy@s~i2&mTbPp`*Xy^*jh_UQB$_`QUy~^=)T%5Gobpl-gn$CnF(rKehfVr-{r^wpyu7Jp!)lJQ1gA-n!4x}@ILSm@?G|Qr^~ZH zaK5Skq3h2jp!)YHD1G}9crdu}^S+)q3{*QW0+)gPpvL2f7n}|&LDf6sM^66-!3M$` zzUb{94oXig3-~lBJ-E$}U4H!#ls$UVOHPN!LD^T^|D?|Rf=7U|4^9i=2SK&-SD@&% z&C5=&qe0Q@Qc(8mpF#2MZa=My`oJaNrbF=if||Gg_?gS0iT~$vwjb2InD}a)ouj`S ze2nmkKX-Y*^Dmt44}h{ieg*CV4u8$*c_cWJ@FSq)|8GF?+t^>a{<;8EyMF{~J+a}h zyu1^@v4pPx#V7rs_;cf5d;ceZ(w9p>jlfh`)E+=M#s_#-zbo@D}e((2Nr{_iB z1%zJ%C9m6m=X&Yepyb0rzxVNZ2)v!}kk>uk=RxV2_5a{@O*bfh-}sMikG6tp$F-ow z;gt~H@eQ}%PXwipp8(b0-+96i@+2U=N6W;`fF%Pczo45DNfA{+S3TmDn z@{Y^DJHZ_YKM!hL-T-r8^FMt2rh}IgJ{|ltxcNVQ{@f03M)(_GJ@|dF0R9vdeGd7T z_wy5=z>`49z01HY!0SQHzb}Gn$4^1gd;7W}HV@AM)z2@3 zJA>Z>r-8o$4*>TYGQ{+12dHwc1x1fZqP;&hx zQ1f-4^@kW=oCY$C5s>^OzaJsIlxz18e?5uLC;q#H9}FpB721c6A^a7t$GDenx`*pu zT#LBIlV&5X&3QH!)UV8a{5vGR0rw}q3H&|?d82E)Rh z>nR2Owtw0GB5ppHez$^mf?oqQ2X`gyXT!5O0sl;SpHunaw+CsSB>Wk!zl6AANc&N6 z7p|X$^wMAYA*$`SGx2Y5w-4dnxDXAt#<-vOG2Dxf-r@cS+<%4ZF2abvsFh1|?Hn%s zKI#x%P14z9heg)#b#C1i8yOaC>as}@KBF}vfK6h0?+lsB#2P^ z_S+<&0;f|}58J}5IjKlT!=>dZ2<1TwFhzcah=5d&HgC*4>*%BVtBw$a^gzjmy>4?@MQ2p za0A+M68HL@LijZ9KNZ3=2!De6@jQE$YctX=B(9IR9>Py?FL|Ur-n+qr2*1hwrriIW ztCxHIo(*_8&#Qme5%+}-RhEw;=wDTy?~K9^5`W`aT6yo0o7ju1_OFCJ(Pt)hu?>}w&eMV;n_Xp9ZERiuMhKa}u? zxZj@ZI?DP_C~sWAY2cn*>yxgLYXoKdgz%E^JO_T5xXZ|YFwcKWcqrFZgwG&+AgJH% z+}{CS1;)RBhcXl%LK#0NJd5XtfwJMg%>9gzxIUA%81CD_3zVMgdm){mM0|H9z2d$V z!WWbFEbg1BPrnAj`c0`ye*xk9iT_B5zXCkYQli(m9~bVw4n9ZtP_B_az;B6{xtXTZwYZfBd}HI z$M*=gb9E4R7T2FhUm|=m_ZM^hn`<_4tGRaKdWLHRmwru@ahTsmZ6U4>TtVE&DC1!6 z{}22CSN!`baW8SrBkmm{KgcyXJp5KjcQxVlDf^q?E2Pc-4k5fX>0T$YjqA&Vj{(0; z++87mF5r{k7enTmqlW@OkpAN#POt^>zocIIR(9w9_dK7>wTieQq3luM5j?+{xc!xh-%q)}JUs6J zw;-<9o>cxbf^;9{`6y7oov7m!a9`qDh}#4lPIwotH@JVD>ox9K#zg-BAK*HTEB-Z* ze|MhU!o?CIx|j6vZ#6f^5Pll$8`E`hUDa4&i++Vn^A^y|hS$Guvikr>2enR{QNb@&vI@gh0 zTN2i9>wupJw;_BpSmyar+^+z~5Z;jM1GMQt@J-_DiP!H2hiDk_@$WV6j|$JA*}ml+~3Z%Irodn`?*kVp7yN? z=|&RwF3*n#AL80Iq{$ICJfwM*`)j!V$h9Cm?+?#DLELY+F64TXXXg?BRj`fgBOxu1 z>~{~(J`>_ra6gy(%ebx!&nE@k5PUS0KQF`yp3K~TEIdDp{5OU&hk_fCW+B%~?mt97 zk0jl;A+54+#QmSaMVYvl^?=`BiTh(HOJOBBgz$kO?r0(|;##Q({B8>I`*Pn%+;_No ziL2vUN!;OF-{)GxrQZ`=<9N0)I2rsP*XvwAAl%CJH2F^?d>i-r{gdlV!uqWS=Yl4cx!QwJ5~> zg1E16*^hGc`y$~Fb9HfjigcH7wG%&#=P!h`A13b9P=@l1)^n~~xh9h4mGGGylC=R^Fl0Y4OQOPpdO+RJ;W{CN$CI|6@Ee5J3vugF*W1Lc7s`B`_4Y8SqzJ`fW_O6TFx32f!!RA7c1az-PgB1jw0OS8?6N^%z$_*K1sV=h|d) z6y><~swqebNz{H zeJ1?&T*JA>aea)do9kSzTe%+M>gRfm>+f7Yq|HrKrQgO}|KYdc21Cp@n~gh|xM7Om zw-J}pwG$`0>j!Bp?jqt^EG8}QN#gbladEoWi5prKw>gSyhY%-TQ5`MB?NOEPIO2A% ziaU+ChN`&FWy*szR^Iw3*0{fMTSgEk`Kh1mJpJNl-8>sdSS%3J=gY*6uZmj_p}r|` z`pIt5Pi3hOhw*GLi%H8Z6BpBoX<$F;NTq*-XOfrtsZ7O*`BbjjC3+}s266eSxZ8+Z zK%9QEC6sO(78kKBiQ}##PAsNhT*vFg#r4Mh-wVMbd8J>R_afq^dQ?KE7m2IRyX_`J zd@r7~vIEtYB5^aS@;*Y`5mj;PvDlwh6*r5xkAyhcekyO{&4!rIQqggndx={V(y4Fy z#m|1vv$F_mJmdbHy7>_E*=6HCh+vfMsh{MSesLc@$+LwXm6ZE8;$j-dHrcpn@D_m7TPUM6Diu;bMuS2wywVU?Zvj{`lx%!wiSDF4dwbVZH3;#Jb#`h zCobfvAG4@XUNj(qm)F|W*;^=emO2;amK1wR3rej8H6^Dq>&NtTb@k3u?y))jOT%(% zi=uO#>L4jAN`GI?wiYBUE_Sx|EbHzqwk6Gmrnz!^S8tL;Bo`GeHrLtLF&_#*5oldn zu&jQJ9xW)fL$t1L^}=axQMm%QEAV_7CCoC$qE-v?Vn)a>i0>PoQ;J&gvkFX3&CE47@$hK-=n-Vsd zap;i~CmXM797cJcOQi8x*<0#RN66eUXr>lrs^56ZfK0Tl*wNLqEZ0*!xv$hyY*R^U z@(kM1-d=2Hejr-f%8DO^GB9GnxY=nafz?pXHO7-^vQainrY4EDnH1;}u%}OxyIE0T zs!PronUY7xj-NSgiui0!=K_RMc~P+qnX{n1gi!3sW@}?YKsugw+N|~|GnBHK2Cb52 zfrU*T&o8tt?(5EV6qe;$yLwcc$v4`PR7l6$s~Z_6c`r@Rb3a0(AgaJwW;S9cL<5_CQ8@IN1mEqYQSdW?D1x-*~D9P@VqC&{a3IQw3?(3u7bNY>s zB}s0%g>xne!~G=JBVw))GqGq*BSr0;*H8}=&yFLgKMM~!5@?Aw=1W;7D5VZXjmFZZMROwwd$W3F++ zj5*~d6ABHd_T?dmDX>OOWBS4*XrP30PQsz7KJr?ojTp~uIi3b#2B5!#a^aDWEi*Dr z2F=pvJrv%Bn6Ly)^iGt%5wcwDwb|4OX<}`yL?bB3(k(R!z;H{5N~EBcQMZs)6FHsz z(6j+*6XcPJl7fb2VV_N&Xn2mQa;>fh(eqJ0kI2op70azXCDZV!Tvp8;)K{R*UR`h3 z;v($c))wSZb2Ns)a_7Y5rH<~dp5EofQv_pkW4zyEqe^S4!nj%6vs}hjs!r#2Tt!h; z$=wnnUoeTxk}=aKjhma#_by|mkI}zlPsq)6`|yNJiqrtAh)ql$nMOR3T91vEXiTEE z*AkWUx}pH%&0I~#t=wH~mFb8r2FaUqbC52yR)Ks;YBX3d&5?30L61)T{EXST z@-kSsBf}KNDrD&`nIYOxuE<4N2CTpk2S)9)iK{MVESGi3BJo!<3zHyld%3S$+yRq| zeH+?f$5z6us7V$`S_78|mMPMLkwk#R$-%d9S-x@YCwf`Tl zRy_YJRHHp_>*^fV%Y5i(9?!_P*_~Z&7L`BYLl^y z$zKuFM=%;6=6kA)I!a}YDz(LrVv~ia-rhp1tWwiHl4~)6z4lzAv{D>r>c7y}+tu1$ zEcE0Sv=(7a4u^g~}cObQ#)$&)5fb{FRONnL%mLQhqbuMuV32U2_Q<0e~4v^hvV z8{KR{iBSD7%YpE|Y+dKt`(&v481d4RW`A23b3R#kRIKiyVrN%pzL#}Ysk6JU7a8k$ zn3f2Q+)>k~&tR2lT;0_d+nUvhv>Mk08#Ki+lV(nteSEDn;?Q_zgpnE!sd_qDg|v0# zO@Nw4cS#V>3>!9|Mw8l$-B{za4TgkudaQN-d%07NNejYs&_HOG4M*0s2T6!vE68O;03}0 z>vJ96SVlC)T^O{Cw&46K7Z=K4%PR4Vrc~q9_Wee+YSi>}ba9t?G;t)U3E zU=4~4>|s1~aL7W_IkNfH5T}GZE+{evavj=3S>giGhu%QsQl|@6jobS#;J<7|+=ND! zQaxyQ_d=KwXi8bYby(UdWH*aJgk6rM4vQI>M%s5NYeZAB@i2S3j7c;))&)+$Ak}k? zZgQEBZOHOTjRJ^jldkSTj&*h9%JRmPbT*v0}IH=5YuxSAsdQVzy=Ov z!Pt!{gMrQ5z{n;#?~2jZL&>NI8HHsQ95zy++2Jmp(uzXHJB97h#Y!Ev7#??{N{9rR zk@UY>$W%Y4i6RR&oLLE-rHnkRPMb71JV+HM5pjDmilHB;3dP_)V9QdYsy5#LNtESkQ%JPA!#Ds&S@J8k_Vju>V zQD3Jy*)gM}dCh}fp|vuFS7e2q@FI20!-k3#B)5GSCbH&>Z3!>gASPp!bj_mIK4&Zm zj1*=|A{|od#wkny4L1KRQN>cEy=$RaF_n!;XOuCxH#tdSV}!If{g*ARIXAOUKD3OD z)>CYiB$TPtQ|?`tBIb0m;CIhqMM^A6Yn+#12$+3D8*H45ZK>^6QNr+?JW+1Ixb;Gonr35F zw!y`@5;{$N!p6*sEM{4e5MZfX)Jab&qu0hjvQcVgwD`5pG0(g9dE#kOK9UX`yt7H_ zn465%S%k<9+C6`9n|Xo4W}TE|%n}VHy6j#|c&5=rTSLkA?UcrBH<^TmC3t+aw8$hE zmo<{e*Pjii`mWwuvc%3fchZzuo#E(WsY-k1I=h~bpQ{x)P+D?ASP@WTSBLzkv6W|y zY}LY@mNv@Ht51?74%;xK$`+W=I4tYLO$#27D|PjziOPMgQqee@R3H4!_!p4+1w2|< zDyju5CVnEfU&=osVVHdkh_@|H38%O9b#$|9ZXPf5?z1>{_m%l}!Xl8!0Gok=?ROj27{Tic;Y_#sN=;F_B_HE$bB6~<0(DFp1rV!+WR(`ll% zeXKZXyY@miYa$&pkV&uT!BZp+2}x4xD%p(n(rY}(HLANU=8fUzRLNYh>vIT_|Wd|oON|?jaY^=<};xe0%0+YGp z&6ZG)MUnV+FxOSsGz#1h7@a*A+r~;|Jfb$;UP^|0B35^+HZK$NI}{Kao;do<*6LkE zw7WcP0YQnu9hotZ)NJHUZemw%89RAP<@!Kyg_ek3zOYUDwvgihhonUndS!R9`hp}Z z_k-gxbT4UUUw50pe;7i2aH%)CFL;7%&kyixk6_7St`gEw>>aH ze2$^bI)%8aDBbiy@ZM%!&DoA51-UlQaLZa!1*cr7wMM0OW}!v_>7uskp_>ryb}*k< zS-j5@#rI9{5*6`sYbTJ&gCSeh(@G1Zf(X4`P`(4tTT)}ZE@$Gh%xiTgTSsBB{L7rE zk@habWO$>JEQxcg&@sQXu&)a@Tf(~N`%s293G!h<;j^N-eul5Kk;J*(Y<~LAXHT)a zQ0m#urc%5FNotGLQH7)yzsI85S(u@V859K{PkZB#FsiUu)_6%O;BnY93p;3SJvw9J zR>gcyX4$&12a)YHiIL>&52N8iy=KWlN=wNsU;`(qkqKgJ15-L>I*&x4w2UN=>k1<* z6EhigRvslCEny{5!2OQJhyc<70A^5coY7Vqq2uwUQfij5zTsRNr{=WlN+fYnhV8NU&Ox(U``V2jr|RgQHQt<|jcnGtN-`Z`Lu(sEp__;cm=&8Q zUHMDbyKgz!k&w7fm9tOUB#}m1;xt_`m2*o<1>~hU(h-|IGM3^pg9}L7GG5rkf%JjS*y|lK7)rB8NmH|HrosXiR-y$&P+nO87=GGqjtzm(GqWZ$j>d^H zdJ`=)V6=?BW`8(q#ga(50#`M5Fl~!HO=d`yI=RO;LJiQ+JkPM_g05(ipSr0smr9*^ zqg1TR85kx*NUKqTdlJrpDd~>}++~z^w<39FGUpn@?!)MGW1%Tqw8q9=fx#9FlDRRT z_q${b)!oHHfK`_br)3da1cI1=L3{Q2nFn%Ppva!FrnEUtU-v6oUVuXv8Q4QF?2B+%L@jW)V6 zWVVHs6jGTciLT0~GdiJFRZrpq@s+)IlD@ShG0zDCpLHtgnrVT887z5LcQFgx1z0O_ zD9;z@gC}S!wquCas!n-qa<}zKkWv`}!R%KT2U`DEBq;Z>`tCHD9N1?-61T85fin72 z=JR`J2x26*FluD!DZ-tu6SAed_=sz+na?ws%MsUi+^x7U#yRm0dWYjDS%#3CG7QR(Vx^I~*X*0b{t?6-!+$ew}2^k?yfdI9i>9ALZHHi7$Aq)(}QKz`8%Zy##2a#(An zOjnYYqgHY5c6yKU>{wMXx2UVv%#aK-Wor$o+>H=>VCCyHMTYi7cd;HSEyVcjbw^Yt zJKNzp9n_*tCz}s`!ma_cC6mez2o-ZPXK5<;7Ei$vukm=k9ayM%WbT+)ugLu_3()p% z*OshLj#}wx3A5A^s*xpbuF4e~*oJOp3oE!?VN^ZuBY7y=VIsgmGD47D?4ha zxt=Bo$H3x)R#=0TPo2~K@VH6mnq!9hS>pinXE-Hz(#*`%vL{=xjF5`N)m%CtLD<4h zTdoudt)!3rkYu(NKRp>z*~Ik)dRjxqL;iL1r@!BAI)N3ouC*RSHp`w+wsr#O*2COsgro!!nT-j#-6RE=e+1xUiCU z$QO^5eX_M@k|Fy{hvIGJ>JFO$kK8y79O?vT+q+6F)F8c;8y~)_!QkP!4)JrAc8~-K ztGdTD9VO+KKnkKhG%yD6U@gOF{O4Hsm2p9W?fAd#S$sO!RYVET$)G22V+CCsa0BD0mF7gN}0XITB| zNKkA$lx+o2nT(T|W~fOZR4fv6jjRKDIh3CGWf0wBFQqrjTm6eSGPNm{%n_$-G`Xv1 zeyNS^iNuyl#WQ@8zG4-djWxMIYlcH{tUbNSn|eX%T|IetaY4I&zAQ8&*@i2#IqEa0IXbM^X}ee~ z;Wbkm8`>HgI3C?u)TZ{~IxL=UhgJqfpDOpJCy?w)9p#mAwRUI^$0)+r6UN7^rDPjQ z(+WQh0~DV~&H4tKqmVZlXYG8X!XXSz*d~e7%7JIZOjktaY%6w_IqHUkN+K@!RO|f= zG48~!rHEx;>N11Eii2UXms{+09F-{-S*oF%>t}2K(stL=(*}k1rG;hEmwJONQxY?w zTv)&>v2viQYwdDRs_63Q=6viEiDShZG&X@^XG(#7)P zQn%iS(bM@wmc2TpM?01>SJ_0ecst6XxvNBJzvI^y{M=F-fAOVKTx4ZTbNbY!L|7b3 zOoX{UAW6L5t4OktsU#Pfy~GO9^x`CMw6M{L?=+fXkJ~up;P0c_>n@T7Q+T0pA#*5j zP4H>P$HUBKkE>&VvWu)ZCkAzR2idqP+c{V%j}^TTIjX9%hhO8@)zwMo`5>!29lL_9 zm?ip}z#`4Um}KjLbN53iY8Z8HNZ{@E ziRyWJ*pg)S2F9kC0b9SpgJv`aFJX)aaIQ zFejv8qk?VT=DSOrK5@he4ZD_I<&=V`$j6CXf( ziPAp?BEh3~sE6t4u;GrQhUwsfMYRk|3*e=I%9TrOvtf) z?Zvn_E+eNB@seby^{}?=iFq)Sqe2M9)ul3OU~M&?t-Z1|L(RJ4H|WB#3&f>~Jj8Lu zD}Qm*#I{M#m$J`}&C;_tIx@T}7QgKnmUi(=#TiQ~tPYz8&5~U^z_hj*8ctS7X|}S! zG~d)(2;=mm=XEZ3v~h(rl9O zGK{?XjH5*rPhoV~RF)hSH=4`e1{|5I;;>t^v7;vVT5rJ14N7IQ6An$j>lE9jE&J`S zy6o5pAK~#bJ$3q$u{R~3kB^?FgAhuNODiz3(gTeL+WBB>W!S0k;|(bC?mo^M;J&k$ z9;|`Bl_B#&uW2Xm2$k8|#KI~tP&!lz8A21&^d%R8)mi2jdzZ51z>-btQEl;5)iX%G z#bIA%UGrC#%PP=z*sz*-JBhKkwdw+S=@IMQMb1Bl1rFwYsapqcFoF-sw5`NJN*x-m zXmAOYsB@cDk$(EWA{GLMj#S2g%f}OcqXRB|D;xtb_Aoef7>bd7Ttz8d2^S?|B;U)C_B9T2!lm zjMm7g#xVEf&8s@E5!>By1KithyQ69A<5#an=a})VWpoV3odexCUW+{%N^53?StZ5} z4qkd<-V!M9-3f1Gns)YQEfCi%3CJ5~V-4sZ42e&Fq)FF$=*}(hMZS6ub!J?b)|Qso zb(6~d*tHp+hm50hvk{QN^=Q&doDlaUrFX4dCRM^BG)<|@A$7%)EZ(_^{Z*$j#+emQ z-1+y)Q~Mxrjn!0q3?n%KeUz(C7qawoZP4JXzHW{&gihxAI6i3a>K#?W zPV%i@$jdCsyp|Q!e25DW;m=23=skqe3N$*(--Fb9f;wcd@rP{s zIyt*`szQM~0QMD}|7RZ=3~FDC74CpD@$; z#wKkUa^73=CI0YPSR45%sh~Q`eC^_}(xLB_X#ah4Q?seUn0X zX(%iaKb8wF?@i7y42go8ruWwpLB;fpy(lQ-@ErmF?AQQ%2O|k@iw-Ad_m+~Pf>qNT zSq)ZikYI@q(aa;Wb<>fx^lX0VE0g+klH{w!iGInuNx?@epI=p0cRB^}Rw=)kSaRdi zU-wmevG&ol)OcR!EcB0Q$zEbyoQ-aV;#PdQ8yBNJ2^%d*f5Nn;Tc$$jNzyyzr02a@ zJv#TJo=fr$4+lFTyUuBBhMJzZNyPQIodU;px-^Am>TG&rjIDevOA zr?lb~{A9_-6i0w4W3jWVZy`?Y_;oTCB=+Gy*v6EyP6%7qE0WvDhX=lEm=zC})V{l8 z%%?M;`U--*+R!V~yztUDV1Xhiw|baPEp_63_w@)N4sn zORi7X;ZYZZOgHU6Fs$k4b&^x2&AD)@AN}hu-Bc?awny3%h8oozS;;m$Eh;l9NeXrH zlo|f1*N{vL4PS?tyEAc0iN)kzm!P!rlrTujB$32KseF`NK&h)BTVp0Kv}Q$7F6QU< zoe(~*5HrVsx-gCSP#h~JH|a-7$eLO2@-}Xn^*KA_73b}zCl27CIg_si=xw!W(`QRq zvNn|ftdDA>PB?2RA5^pqZkX0gELVHTU~j{z{6Ujf)W^ypom3{}0-4wT4n*?C6EseG zx-Mk}A3>IGsnw*yY}+KCH;IssKf;xcQEElYyEoZbw;~%{qnD8VQ(Cq1!7F@QB5rgh zZ+rrcOapt8_|LT3NX}Fx%}rk4s8yrAz9I3{ftbux=t?H%SUjpb~n;sNCiXLi&sj5(IihxB^0EAOZ7HM7GEO-E!< z%BDK2Ri+LKq zlu~&w-eo_*=mfP|35fIB6TNb&FjJwO{oqG|P@i)w}RfaFP#LQ}a^I1K@9SS4dpHL%@c$l~B`O=v2 zZ@F)Nc%Kexg@srqS9}~yudxpFIo6&^+N`kY0(ZnaB{gTck3j?0!`$z*FKmF&ym@sd~*C%gBRm3gs$ur}9dcDWF;*`=Vp zrxi<|RCZQcc(q0`ovE2V>AP_?JCdeOYStTL@0GP$4htluVyI53s1X59^oY;#>ChK43GQO5(;qEL;CF#H#k7KX(a zBFztqB%>l)i0@jEW&Sa;Y-78+d&5&Ssx6+w)Ay*@j1pV#Wjj$rL3)q0%kKrRo&K@7 z_gqy9$PP<%^yw`b7Msawc^bfp5msbjnH?Vl^kaY(`V02#(fNj;Q1#Ne`!HnXQ9}CR zSysfTn`Bv0Y>V7OkS_P_tNTU){ssbz$ga+o5}&E`n>Kt%`XWtB$d;No;f)f1fj%|Z zd^1lUQA+*>LB;XG?3-AXvO6im_OOGGA}*%tp-fvfnHP#Ve^YJ>l_jaDMaK=*HEL&x z>94%xn zDKjM**r~oD1~2Al3WcGJGJ(gE(RDZe*h5+)uroJ82u79G*2pTV-XJ$9VYVA|f&U6i& zagbKV$6IOXTTjv-wbS6HieEqQ6Z3JV;W3T*U}#Zv%~YH{a;pyznKG*UxQ2%NJ#u6| zbL$+n4tX%|kaZmin^t9!4U-Yg>2!kaHG#D}P-BxNLREg79eiSgWHI@}r&FsE+MiML zk6!2t+39~u=WlTFwJxow&`QOoidIP;rC!e@eRb1JsE6Lz(4Z`5`u>mWPgSMuAZ^sciCI5GHB1Qkk!kPTS0 znb(=pnp1T$zqm|>I0A-03ZTQosoc}q-ZYD^)aQ8`-wUceRQiK#2od{mli7jc4@WN0 zCU(VIL&e8+ntV%^lRdsG%}1cpzewOaswSfJ-VkmHUs5F>aqw}}jA5N*Worv2ZVJ|S zX7EWAZ@H@x_8pCZ28lTZVtJ@^`U9B|C|SeB!hn}&Oa7G!C1OJ%dt6E7>W`^qbeO!n z)kfJCOD(aiLnlVnj4sKe^ zNPmSenuUmlt@-O~@3mN%We1Fmv7*d94?*_0h6&tvFazCsUQ*-dBxXTAtPhVUgZx3uRa|+X{MXOBN><5O2fT zH-*w#bQm{trbyO_))?^zt~B0u)|XXI5kqj6=BG(u`|7pMVTi)%2XO{VVZt~b0)Hpn zoiTxY@_E^gq}7haoSQP;buLS$Q~BF}(X5cGn*Xck-Yoy4UL@1If=qpVx1g(=ua((5 zvJ2DqF;hvEd~VU!34F<#Z8kBF?3S|L6xF9>AV1Q@$8%|kzbUa)x|(xY8emHm4ny$O zasK=w>*m?<%cPC4YH*x3MYEGXBNnue*`@>4PUcv^Y-ns>R|`9H%%bp$ethmKQj+ZH zPMQ{^myHmTmoMq@aq=9SQ(dhiT+GuLvf0?gC5Nxe(5X1TCY(ma)~1_xz#x-`Nz5jj$tY9W0i zfz1N)rE8IR{e@DsQWDo7B~%#l<_?jt2pdIVTIyZ;kd+*wqFcN>r%$6MfeJ}B^eGR}*sD@Q}D9vh@hIcQb zul4-fM!Yz@guh!jU-si{j;@H)G|pCDFrrhDDj%J`m0jUTo$cTFvUBtZYRX9>G#kSE z2iZum71Jb}IP-c+NSS#z#bbh~inTvmJDtnW5mJMY$#@|)I!4<$jZuDFqa{fbSgf)9tK-GnW@UbI3!=vUTfZI z@N76fZ0Dy{6NhD%vPWTXmJ{=SO^dDwp za9D{>o=dEt!+deLg1DiuTKU*5j$MGJZsPomPgXH!Oo(`HGAw~j!kW;&^u++j$MffO zYF)Un6W>PWeb&GLnf|3?W|Aou=ncjNl@D836oo%VmT`x$WSf&QBEr|{%~2Kps85Z@ zX2h9+RWr94({9oX{@goJ)y`1;VBLu4etd>gvW=q;eZJ9KSyzVY?gXmQ-elfa>C+05 zu+E4#2yFWWFZ3MyGY$6b4_mmnsl%Fwy&a=XGzWb>g6570>mkkAn#-;vZc4d0}JMgqk z$wogysimzg+x=PPMqN^bseGB?)PZHrAD<28Up&P0BFv}IgP=^MB96(r)39sISTju( zZ>?0PNcZt8Q@~bQ7i6qAKK)+cI0l_J-s0N|ORyygYv zTsQi2nV4=!)Oav36E*>VH$#6ZIBO7u67?`~6?W+Oh!J*))t3~nR1he!Cyd4!S!Z@u zy39eq?tz$eV4#k-=SGbN|(h)|A(5e)&6$dU1|396sah zi)%@z;ulJjmrP-?5kA!6X!6iZ4`#-ugm(MAJoYa9jjH&s9ht|75?tl_$Bp;^ny1qD z&yu=lGZFlhzbNOgglMSe7d4e!GT7?J&yAZdveAYmObaD4WnifxiJ!nrcN{8;W(`6M zH1oW%;xZy6*yB$;XZTEfs6JKK6~tLOqg*OUW^kM=))tf<=o#-s8y_dOS=R5C)!vY+ zWX|JI4N^Vbv*5P3=xQw9!*8xXo<)fq|F+WX>0?!CauXTF0d@cK#Dv*1kJ`I6$9A<# zT}^6x*(o--O|Ay+rXX8t`iToXkT!-0B@L3&8#{y3=pO%4$u^xufaCnRt@Xa14`tq$AtHH(X1<^M0rOLw=N z2$6dlBb$y1_K|Gx6FDA5Zs7p|T5V)&T!CcbTt z0;cm~n`@W17UI8mf%@QKrH?ZGz+q&5acgp_6EYt_^yd|J71PWqiB67cxWD2dsgy`f zk!K413?U7IRqnly78Osi@0swW!DOE~>L~Mnv9%oWXKBznCY_)fLovVN0A}R=p$J!6 z;(_A@%rWvKjE%x}i*JfY`kX;TVXfGO5ntZGI<)Cs#cPRI#9A5q4I@7T>8JT?vaG3= zY{#@xVK3Ybl9&e8DILMJRT+#JDWERe;Y*C6%n~Yb!OL<}(Jc|*lw4X_q+ZYN?JN6} zz^K`%_>UW9htQYzkq&f2EYCF7WPTM}xb%p^5uB*<@LgPTypWCh!V2ED^djb@{+v%3 zW;dKP{US;8vQ0!&n8C$2Ml(~=h=%A}7Fkj*HK83k2Q4ZUY~+uLkF{8$u{qD%({&OX z$oVO4dF)U5S4U^Pt1Zp@G`Hk?T1VC+GWiBZerkDPsV#qK-@ZkvdnjRx_UmSVNoQ$sS9_^-9J^wR zi@hD_>SoqkV=1w7VIQ_qes;0YF*-L3YpjH58PkZ0)Vt_SX%aqm(^Efn%G60|r$;r9 zte=2Q2>0h_;~*JrTZkjfd^t#KQa&Ttd+?mulk*3r>C}Ae7e@K^5M(1BIYrrp56k-O-42!&^(Gq z8nDq)dyJu$*+zAS$hVixtuOPbf`oFn%Id&q+PMFQ{@eSn@4t;ZFjyAx=$h-+oU`Tvo{?}x?&oLT%$Kl!e&&ri26tuu!z6o*+>hlN`yV1Rsm|$t zoD664c*U9v*IchclQNoe{a@1P_peksWq?1F)~Z;k8fjkr7-jB%NSVjx)?BO9{6l(c z(dzz()RwPU%t{JdwdOp|GS`pMY6KQ&$T(8t0z35vDU`xNz(rW zeRxQnYbet<8gNdUXP!SL`Pr2JXxyfnrCT{^%Bq6aoJTt@Tx$VL5c;~xhz$kK6oo_c ztk_4bwZv=0R;mNm5hz7nR{T6oGPPdhfDjhR7$lLa`yb3PprSq5b4JvP4zD?9UeeN9 zbY<*R{+j=qqVb?!$k3fjQR>SI+CjH7B^&Y1Rx2|c6tebzN!c`>fs>Wf(pK=B4>ugT zQoO{q5-xej2)SCk0adc>IW`CLJOYb~GRA9zrwv8>)M1DMj|T<|{JZ8H@swVG8sFA- zWO12z>;EC6t~sABeZ|PR%BUeeU$vIWurAzY)1ERP5k*8W$jKC{SrwhD5GZ0@u?pj> z=_{5rZnl|c!y-Asu*aNW99_W${VPV-Z_Er_iI}*qe?`9k^8U|AaOux=_h0YANvHNq zurNVMyxQ(Bpt9AK=?J9>$$kf=s%Az@ypc27Nq{^~KUXR*r6r;=TjP6{6tkt|P5*-w z%sf^5LxXNb8-Cg<7(g)u`gw(s^wF#YGaf=+e2JXbs(HM@rjNb%$7y5PQ!9;V zBKsjxPhziCu&B%mcrz4r4V`{M@j?9ggIe54BQ#efAp$E_l3&6yp4*ZYfumPLqjRYC zap@PyLK>vL-=t27+t=Kn)MERJ=2prRI4)6*w7hNcp^%}fh=&*{X;~9TYUY)uIafkE z*J7Gf(qJ^BR;$GFjp^iVs-B?8C-Xu}rHfe;i8?9_;REWQ2;_q(Az+-$j1jphop<@x zxzrYw3Zbrik5VB7gSh5A7(~)T+JUCg3NA_KRgl@LH=5lNhEX=bSDYS58VNtOaNxKP zoMW1%&N0pl7Q`l?V9g-u32I!Km8LGlj~6p zsq3s}lHJ1C#a7trR2-UOgwSpP`5;SaRph;$+&4q5oBMA?G+x~Q8LYaSAjCtI$>1U3 z#3HN3jgS!{8tEVQI2kPKP_eY-qawSpw3Vg-$*Su$=M1ganAsrNXo;p7(dQQ9Be3w9 zlp>o^V+nJ^S*tM>8EK7}uB^O35{p8$dMTcl{X^d>>w;bxLqeP*GZnz1(%3VqOxQIt zv?%z({%iZMpbfGs#p`hsR}LMdUM8H`gr*X`y+Pi$SW6PNl^ur-K=&%iCqpM|g=z#K zM@1);qM{T3&&ca0AWc*wvUM_~P~ZxUyR3lsV#Hh4E!mAe=+wtB`Q%!?2EoqgXo%cU zr9z&G8AzmC$!U^E{5)i%319Gp+sC~S?pNm0mBY%hlE)%EY%e}h>$Mox7h-dbwh)|- zAEn6;$LN+j{}ze|{8WtJ+sPQ+QYNEhrJ5MhH;wI#hL<=&f8070Y4=H)A>@UIfR$?Z z_0jJ3B5z65UfDsAOc8j`o{QB{3=pf zjCFkgpSv_mwA?DVP=Ca@YJAeZXhj2SiyI!K3*r_eN`wJIlU?+b zKl+#XTDjR$Pgs$`wA8(itW7_WKzhcgWZhtpN@Aq5k(InoN& zEt6}P6aOfaS2}!^0$%K@<)nQi4zTxc7=lGYFf+wxQLeV%DrSTk33BH_NGO z&S_?SZn870%VA@eyHXXV)g@pcwhq+hOKnV@Ah;wvq<@(1O5!^-CMHn&HZS#LfSwB? z(d&`?fG${i6@ttJW48RD2NOZ9=~N*HE6oyDizL$MAv*?H>@!#Y|EVc4fY!Ax5mu`P z^<#~ss$^MkCu%80Ig&aiA(HheB$9hX<^k>st8*1SxI7WV8ApkHIkFiZqkLQbi-oI< z4x`V58avyYv!ToA3)MeZ^C}3JbjFR9>>!ydbC5ETd1ujWwR3evHzc+zdrm}FLh3mS zg8_?oNalWRtyx0vjIhoK`WMe?wL-FPG6E9WIAti-CV*Jdy9u95A85)+7SIyuOG_4X znfZf^SQsR1_l@<^R^m|7!u027UghHnsVi2aQU7g}W1MUPPrZsA4z{Xh#!BPh%TVbw z=PGNaXhyT8|1<}$q-ACrR#{T%_+@ClB9tQkh?#=kR(X4vh}JC}2f0Qlc`Xv+He|%D z@Yp53bag8$D`QMMW`j z<*P%QX_Kg$H8hpns*(+8bIYBRnfaC>$ZD))QF1^7vgL}{aUrlR#FsC}Bo}vxxnP2u zsJ(CvQjw-%VQYkCVyspLjIG))zLosqL2N*ooq^A=g3UEE8_FztO%_zQ#w`ryUSKib z8NrwuY(85X&Dgb(QLC+jAhL}({F5yC)7H6MK~$SLmtwyE$4+OP2YpU%O1dS!$iJj%N;KxjeUODm+0rP-P*Ctz!wF>7X}4e3cRJj7BVQ z)Sk3&W_6N9jeNu;JtnBvEb*CT7SXbjy8Wv#p5t|g51$y)vXe6_m9MmJAXg~E9>h9^ zIy7FszevM;$whNDQ6hX@@$4XH#WS&CU^65_rQY_%9SLm8(2GnZN?TD7bL&c4kf=wI zN2FVA6GDU@Kn7E?#tt@X-gg19sa>7X`sg+Pf90KBlU>Jkp66P>;`jn(sDdFy#!(WM zO_eNBD#rRMN_OH>sZ>K?0FDUE!1E!7s$8f{#dLB-L2x)G1warTTbGa}SS*^9{=&>( z@Gr^pzN@=;_ujqFIWrj2NyRb&oOAYGy?TAT>!W-3c3`j*Jb#H?*`Q2vwUx`Y?#QF&&)ef?w@QGqUz`|rq+hjn%c#4*Ik@i zoc!Oz;Y8L;r8BWZCC^$1Xan*i$HstI+rG=_$oo>)OtJolXqn;E3C$m;iy0~NAiiy4 z@2W3 zy>N5;HjhypnoruF^!?sI`tC#YMfQoa_~M@h&U7pxH#D4nI1#O&$3y z8ta%&(y_|1*486o;=5zU`{gD)eyGK!d zMGh;3`G9}u-*rB!w7;V?O+ytrvg2PdT&Z-QiS#KJ%>LzvKPf-N`o|>gD7gNuE9#Yv@wr6q@uP`I!! zl;aDPW|&g)CC7Ee6A?EOK&e&z8iMhF6uvNw14NJlW}tCQc8I=h5ykpiktgzwM4w3- zOR_OeE3eC~&q(#LX)V`}GYIiSY>`fD7o5QT(P`?Hsp%zuO+77b{SfPtOxj=4w}mky ziTw+eIee7zRXYbp>AAjWm9Yv?#!R>A{sqvp=v)VS@#{jER^M@&+Ju(sp#t%y(Xp?; zNRbVc7@z0}dk{g5>^R3lfl_W#0i?`ZK}Gs0w$$GDxo&_R56a9+z>@Tbz#zqz2wUZ; z2_~vbsk@u-14CZ!ixnzu(02w|s=PU9mBr`r75Z&j`3tux!(~*5D6~azRbGN}Iw(RX z$9@$4hRC8a;rb!H$j(keShf2~kXSEkiSCARPS`0Zsfpz=6m>3?Ac9xwp}u+U&Jo%i zSJX&TV?peY0?b+9xLE4)z4pzW0@zCIi=$6gX}kKRBuk%86>c2sT+k4Ow=LOF!Q z8g5WYR?j;8fU&}EBr0D`g{+%pvtg|GDR-q+B@Sn>N9ZTPr?!@S1Qq-(nyImP?FRhm zk3x%m?#9IJ6BkS}wZCwsw)b@M2&Ylh7yEcCE~wl>>Qg9-VkoDjiqIz?tT~DK5dp)y z5)+t}eKdztZ!%+aZC(6laZ{JR==j>L@A3dCa-RXl1{P{FTVWtdvj;p8Afr=_O-&#~ z#U!~Rb!zp+*#c%ueoC$2V_`G9Tx3^$k+)Qt?Ics4O^^J}$6oE$(wuUt2Pqy)DzXGA zQO28#r>018yYcj$IsYCFG>Q1wM#&XxMfOEOMiM!Hf*eKKmN!}Vr1gj^V~h{1XRN+< zM3?Sz1irL`D0fb~kU+oIs4Bof}cr+0%`G1hnL^r6R?31tj7h;UMLP zrnj?lLrO}#qTbqJlxj7m<*)zv#ZZdjf}_CB4F zSqa`-(ye(kFw@tdY^Qjt_-&Rn=IWEC$Z7PRQlB=mhx#{RE()7zL#ZJMOXM_pg$t>L zU2P6qFo$1rfK(%k`y6E|?CDRs8BNAj*C>`~HfrK@ISR20eKga=S&JFUD?zO{0}d@FYg2~migXwmu3daZ;~VKp zq-pyAzH|%$nfLy*+Z#t2@p)iV zb`V?`dTP@q3N2?wUOU{+gf2E`Xvw!wr3iU(;dovKMFLN1N|l^?rA@)qG9datM!yOJ zv^!A_7^l`hD)D={QXTBgX}(JPZMeo=Fe95}G|;`Y1I1r3Q$2%FKvGmL+m0{oLYg147OW4k7L=>XUbq#3do#okO!Tk?m8I+qiEh;=>ot}04- zLbn$sMV1$4C4&t!iNvi5El9dlr z$2am`7>0DQ13*Y1hzs#uR)H5!3DmbM2$$#LMzMo{93^`KV@2o+Ia73;?tHrk&5FZi zL##=|%B^RpnLJ<+Hq2c+;70Zi}idu8J-!sTBF4r>Q@Bn^4;bd-}%4 z$wOi_6`0s5@k-mxR5kq-T)T58VtGqFmdPNO{iijg?XHX)UnmJuYg&to4%kg*jZvn> zrDvtC$P&1$n6Pr&@P(e+2V-9(~vx{oHkeF@i2Rl|A0d z7Ww37ilaK~6tdxEzIXmaK0XFhrXy zN|7yWDL&p8zCx->N&Fr&KD`ru!%SmmVs2lqzoGIjR8lOsc4`U)`}P;e5wdxg+`T#h7~yj z#0Z!IJ2MARP8~>@!f%l1*mTw+W6lTcIUc zUsJI8YnrqK+}0+<=1*|upLnm-$YwnOf^gO1*Y(B!82CL&I(&?MR{TGwDfhmNAMS{M zb6+MjvgsnOmP-EGGZ+)VHZiVbnTlOD1AOs!hBNRctrU*<9f*=kYhtWuu%}In)RtEP z9S6C3rsd9%^0bbRWo-km9-;_ampHTD;h79d`6>KrANxC~pKpF-q=p*|s~GDn-x)O= z((#1G0+k$gnTC&4C#ZFk5+VZx^D2)D;8jJns~H$m%I?*2bRLF=-K1yYD8#B+tz=$m zD7z1q+|YL^qMCGt#Ta4Zj~f%D_wH9*vMF&2pHBIjQv zSd{2&aIY2XDH+-U6-B>c$qn=vWgHXSLe@z6=YBry7}Wo{q$$@0IjSc>nO^i8Jc1U$ zrR3DKZ>}Rh?s5lXagc`-my~#96^$65uu` z;|L~8iqN2?ZDb;;%9ay{;lh>jPd;RxFjG0~Xyg=qRHLd$DQ>QP*s!hs1L5~q8dt`a zj@n~R;6>?RnvICk;a6qtef;#wc;a%Egz3eW`ASiQ5tWCGBU)^|{uOtX9#AXsTk>cpM(ew));b9(*TKerBRbJZEsL!k}9JS z%Xx+{kp9;GfaR!C5(Xs`W&Du1h1seBl$S>3u5>&u{otsof>agUiS2O{(N~hKBP>oI zu8?33FNhf(%a@}k$anVk>H(eb!`fwL&YYvIIU&StX=|rK-Ko7XXM)=JU=wSe36ONe znA+zSlxqkP*2N^Q$W930^vnYHVj}VlICuZH zEKLjdWi4UUkrPC=E@2MQum6;Ij>IYpV>T$vs0d^E*)DmlE=ch|rR8;Cu>}jY9VODF zGU7@ZW{(YH?IjgY``weU%%$f2-O$&PlHI{glq5m-Et2n2);KClsE|8GdL-;v; zn;Vt2O`bfWkpCIH`aD{0veNY@6tY|+`CueBFZ2u26_StI7cF6g3%958*ULG76Ga+|4OfX4b5r5VSvA!-}=J->$eXV-+1w>T*EtV7{9(q9|U~?t~NR`qF#E0$tjR7CBnqC2~LD4 z+0IBLc~iv2^vJ4=G~u_5EZhHJ{Tve6nbcBJojaC|nHwx;ysg738}}}P$k7E5376Hh z)o%HtwvjEUbr!>WbB&@T@~b5IYxl5oW+CdGgxh>cXE`G>VaUxACnsavi0T zjpr)erYT|GVJxjUXRE>Gmy#kYz*53t&P+`Db6p9Wj_k?{1XT)CQmU~l0kfykfFa)B z@{PC6@x9(qW4IL#L_XpvlJ=ZsNaj=mfsWouIsY27vOIv$K^_Um*B`zejZ{LSiRTG6 zU9r__Z7+_9t!MQ$8<(qbY>O3=Z#72hMa-bj`M^2<< zV~v5~)6vX1Uv88c4#a}&QGrQ$TewGla&eU0!q<=GLtLwb@qLLsFZRaaV%S7jlX6KX zYGmwkA_gP+rngyHOqi3Ob~tJr zY`LqPMHKzf)`%2m6#48p7EHj#xo0JTMco*sO=~)2h|ayeB9@yg6_zd$*DAuY1mQ^9 z0pV$6%Hd45iZDIlC7db!Qc|oAf*Kw+ltg5?P}Lm-zqpGrblTXno4m?~_Y2)nlN$FZ zg>niO=}5mN6AY5hpM&g6aX^UcJXnP<&0rnAG7&lO=^Z>fqio4Dju=J9#Ev4oOre=2-+R*uE=00t2sBe%vacYqmY8CTwwiWW$#m%5fZF6>P zse8Ah0MX4*zA9{GG{S_7F`jieL80s_6pXOk;2Al^nI{nw&?1F(q*O-r0HaRG0eT3RoUDl|wLV#SF*FEs;QT(hF-twVIpUt~RaqD@)y|9U~cnoFjUNR15(p=LBB)vQ|`yT{!)aFENJ} zlLa53g0SCPyP4&A9(fYVBeB`~Ds(X+q!@rDr|J)ON9 z6)e}HF>{df`qR6x5!OYtksgvETjWsZAdE&|W=@K*m4&?1*v}_lPAUK%<(eM02WifdQmD-+==70L;*S}_xBV0I}e1}jk zvnt8t3Z$@+R+ivc@6xKzgW23sb)mPef7$?Mv6Rn6o55 zo{lS5w~(SQq)ltd_@79YbpzfB|JlkOoJYB_L!YuP@m;c$2D_N`ljIcws1oI|cF`V^ znJ!2!m#_>lAva*C%v`bEDu zl2&|U!$L^f8z3{1s(5GGab(SGS|iDf$=ux8-QJ4Llj-NR=(Hl2^_T5r5<)-ztrmX8 zUKqM1I;LKEXPDJ+;Gm}?kK@u1KYm2|p|Tp61oMhUc%S@WYGQqIO# zmgQGqcH7fPmaChU{*3%*JqKS(QPP39GQjaV(Q?>mpe{hDR>oSa31Yy23P1y#4Vkvd zp|)FPk=FY_sg~5BT6B+k^kUN?kgf>c!tZTVvO-MUGsL!zUpuQ+Lo)3+itx<- zB{YIGqIV`t)C2Dlj}DCFuaH!HF|Di%j79>Z%U3v}GT4gINnO8s%vFL=pp}z2K?tnO zcAWv5dAS>LhBQugNWNt8MDSt=_k~8@vXnhiKiw0D3ShhEONo^Y3}mW=cnasJeSL-$ zCx?JBpA-x1!!DBDR3*;R(VYBMoKN{pe8TcLa`b#*&_v-xB;a~CI zxJe!=qlitLTC%6?m*>{Y-E)M5(9Ir%iM0-SUfz;WBSef8Rji)BhEciPe@CD*mkGu1 zHqc1|ri{+B$t6h2>+(B4EapKcj4~jd+(P5#fahLTJar)hmpCGutjtPgk)P6sl1>aT zl6$qp-W=&?%am8MJy+(Sc&U8n{gSQPpLhx&>y{>ddMJ;{m1SW^I^`^p#AUcATE?CL zW}|W{?znU$aZQJEEyCk{LOi=q(`T37FxU6M*ojC`RSr2}y+8s-&H5Sb#b`Y9`k4IfgD zR%m$=?(|(o!j?kz4)lttLo%(T+zukPyobhK6T9D`l(x?{j~kHB-`8!rMXoqZEOjyX zLcSyy13>b_{IIS7=8Z4f#NDhrXdAi#-UE7AoylWY)m@mGGs62AQ81SRlc4EcUiLkG z_{XtA65z_b?IIx=@+e$M#2QEihxRC9qsi0-2h0+$PuX4gw!aiM6snykWqxcj2q;QZ z9-l@#NM$r>oGt-JQDYEJ8uMC8+#7CZ84*UYB<;>*{WIdYHVNUQ+6!c1>7S_s+B`fV zVaPW82zQo2itv6u{p6#K6TQ-RbxIH^jsBcjM5;HQ1x*RJNeEQ7HzHw{vK@k2&*Sj!K!V>FU?{ZPuU#7%6RaZd~`RkKtDXCO$SnH<+wDDla! z47cI5iDR?*?;bZQ_NP!Ha}yj?t%wj2V0d~*UZ{`e9$1OsCH49~@fbVf+z|7xDWjR> zViP?e@g6Vsf_Ne#aI2=IDq^Ap0h&2f;wE>(Y$1N%1}uxv>@>}o1`-tE3bzqJ_(v{? z`66dzmR)|akdJIo&Sc&NecHAG@qu(BTTCDYDG1u+f)SKuGb}QmJmhkQ0WzyoQ1>v% zLyj1SH9N2;y)wiD3rk!W#>%q2J+?StN8%Cr@N}E$xNsP@6})#sz_n@q_GuKM!(rkh z5^jouvFkeUD+nknFdAwair$lqpp%(&vMR+bfw{fDAQM(mDUlBbIcF20uT;Did+26t z-UK;>4piG`0JE#{u^9nlP5FeR8k!sQp@{DCHYv@GOGT=PC_2u9onp|iu=nad{@sH&uVQn+d9z9 z@&3=qpKYo(GNYef7xIpwETI!V%_Ans5fQxK6IVGU*w8rU+(@Gd;+8~A9P!lAVd9Z$ zmW&hNI#|zUZsV{obq);(<@?7>$+bhyFWi9_c6E67?aup@Qe?6!nhyjP#RS3!}+8f+vKQ`&45?nG@2)G}p|pPE%_| zRwKqsPOP|~v55o21^O7nYvurVC1^R`G_+)=%(Oi=v;Hjo;t;@g<5Q$uqkl zZ$!1t1Y`|-XU~TtHC(cv4#2Noa=U#m^&TiZu_IL~cQBkGz!GwrQ8rHg7uLr5(&$_2 zQ%p{t!JAghgX1#a<+W3+v0b-?-@2@d=d@+S-}=H!fBubc5t)3x8Z2qaR)-jDHP42b)u>YbbR*<5`OtSKM^!km&=d8%@c0 zsMShU#upfcoTJ#RK1zSFoPgDorgMAQISH#yajGv{RQ9E;b?8r)j(|;8VMVP~m1uW7 zfiSeVM`$lOG<@Z5q<$KvNw57b1FCx!EBCso>=VOK$DOxaV)~#I8MrV-y_&%{(;M7w z?!`NRBabpa_OCe7Lvv)t2vpGz(es-W5nqrqi6thfUkgJhtZAt=L9<-N;!)<(rM;Rt z@sh@P3(*9rm(%MW!i{IHK&Gvo`zLzq-<`3C=ZymSX#4&`Q6zj8jM$#0~F`2dK7n#nE!jyk% zHx%0V$q`~?aRSB~OmrY7>wg2wR`dcpa~dZ^Wch;zptYy8dEt|0kZwvxwGb=Ek}`&6 z9g@M%b=9aLcieul;bN>6AXsCgk zqW}<81U^5tc(gJH1dG~^vf_^Lhh(k3i%Qj)9{W!KQ;Dcg<jGLrPU}reXebqu>Ehm}BtBNFkVo#Gn>Z}~f(Cb=XQf%o?mc0O9o-~%REeetnu(R^ z%xO-ODK;vNC@&Z>0R)ZMc%WG_kW(lPJ?$kElHLellT#E6O381@dnG()d?;R61f?9w zLLqg3u=F&M#Cfh}C2L-2H(2WN9CHaN%i}+vgTLH+J{-x34Vt z^VZhQD~sFv+t;`EmEPCQuI|lA33UR2(=vGOyXL!U@yK7}nci&F)@w2f8QegCNY`5l zi;TMLB|-WnoJC~KCl*C7uPfjo$&x+DP|LD`0{N)Ab5=8niE43Fo&AnAr1Y+EFoHtT zq7_8L0FjC~#PP8StX~GVgl74vBY#}!7YIDRp#)mWH`q&dO0P`LE|3^cAM3M{6hdoT zFPa|S;!vrYp(eAd++-wT?Z+sLw+iX;6aJ5drxU4hK;==f6H&%KEq{j9oeLXhddPUn zWlrBIiEyscgj#bm>@F48CffM+LsZoDFIU z^`s&~7A0r;iOdcMRHxZ&z7G4USTV5>n|FC1S}kv3$6(nkUXs6CgaJ zAX#E?#icSgQNgyXvR}fR%1Ek8v~>?V$?FXa4k$@BGJFln7w27XP!Nxu7_priZ_250 zJ)lm!)6+;A49S+JRb)+yjmiy}gL_Qk%ZJ!XQ!7~KHbf@ZwIkHhVJtKA%;L*Ce|#a7 zKKloYubR}F)1JtA-v6K4fO4!Z3oqiFrbw;uIYJ+n+*!krK$=D?qfW0#l~Z^EVT=-J26b zsuUr#iJCC&@d7W30CPbhRldjnj!*7ZskrxbHL$G7k5h5T=UiRjBfB@7%sHj-eC=6! z=bJ@FV;(O-X1z=`mXcC4Pl0K)V^V>omPu`FvON>FAXP^zM;^RcjT^q;px$(rRY;6` zh|^@IGIW`T&TnAkXe;sSfQPXgC5|SVG>qjGW?3R$hO`VX|d~Gq=?c!s%a0 z)4AY~!6DWG>RmxzB;oFAN*Z8hU%FG$yjM+dVP&WQkO29@jx%TNwMqL<8&v2d?hH@H zB$Ki#@z*y`)ntv01Jg+DgDQg-_sB$?rO99ASe?LC3_xwUA^7=fySW3KI<4HTFs-R6 zsHz)enCT1@DQdb<9_K`CFww%Ri>LFCtSZ~Sh0QDW0mt9?<3IW0m(*c0t3&_do*+i4 z@Z3Gmj&GW8{xa%#H+gw0y@IJBOV9|E2re^%CC3AB=sECT$_Ntz!7)AzR!eTP5=%nw z4KsoTtq)~O6Hi&wsbIA&ugtq5ka$j!@q61(0`|0FAuv=1!UWa2`Hdms$MT-jV|BAP zQ#V^A%BJ6RXpOBZb&}D~W$wxkUZ=Yl9m{*HTqe`x7xFPdo&=U0Q9#xnI^5}~AD zmL=5C8YDrYcrJqB#{ysd7sQX3kMj_oyt3iQITWXg4rv2Oq@C4sc2Z7R8S3q;S#YzO z6MigXreteD>ltL2S;@{~!;gsGjHo#8MT{@K_>IXb26XPiUObHAfEh`F-78O2!co6L z7G3YuV&quaxxRCAI~q6->bahQ)F_%7XBo|V7J~bogRig!Fh&`%EQ^&s#!MUQN`Ayu zX87n}d-K~z-`U^Vy|$OOkY!OS{l{t@jE(vjS-ocPjIv(7T71^|F9X7x&8Nz>5)5F_ zRc)c`6o4q-W#^5*b~_3v=4UbeJUb({s_58xwceH^`c{)7tqjbv^1nRu{(fJIBh9)wD#m2*%DI|>0B(`#~>ntCKuSc zNh^8t_SWk+_qM!hVfUFBa){1&XNSanwBzqfYCmfwm)Ukm-`sm`^V-hA)vf(&?xL(m z8=K0`K8l};l#^kuZ4bqoqET`GiQ<*<*cVmLB|T5-M}^`3Ff`aX>Rvg;dh^h5@=1h= z$r`nrY(T@j%_aHiN;y%2FD!DTr#Q@i^X09puO8jr98h);hjXRP%~%=Oyt=o)e{}nB zXKz;wgHr~){q2Lpt^LEzz1`6TcnUd;5-#a@Ztss&uek>-Hd0zLy7!0bH32hYpG5s^ z1{3!`*xujUeEH_yRl|G*u2poZQN9Thnnas-brrg^d$@gLf9LS^^)))Sdh*E}_m#>F zx=7AdhS=QQ+k9>3wj!fKQ=aUdiGgBA!!bodxd3`S=IZXG5+xOya~0DP zPWQL3Zr!|kbaU(Q3AtTI2d{2#-`26awow_LMM92|q}0^@`Yxqhnz8NWm92wUxH*~F z&f)g{=HbpQb6%U3j}Fu(E7i~Vo3s>4QScwu^W@`f zwD4d0rGlbSPK7iGO*t8zcHMghCms%Veh`{-UaEw)&PY}PdD+bU`D@qy#EPMoYrX05 zr<8I3R>p;$xfdmSBLv>noP{1jaA9$j6QpBJU9n<0fyBUeuIf&9&eTKM%uc}P8UE4b zwqWS`-|qHnwyc6{E6png8bV4>$cbw4W6gHTbF`^4>|Q&<@~&-ve}})af@%W|c!$~E zfP2@kvv8xCoLZ-f{H2Ou?BW-O!Lhcak!Tu7Bh+f@R;c=-E3T~`@oke7kxovaPC8$e zax_V3KaAeq-aptmINaW?=CjI1ZBFc1RuFAXu?y_&5T4%>SCDvetS!5$4vAGHMF$7B zU)kR}kURDCa(jPgF9#5ZO`BKQUzO1cQASvMI#%nSj>Y;Qde0b8?d_}iNyt)-lYs8# z*2~*BWe~Lu9UQ%U@H(PRmCOX=*&;v;7F?bo206H71t2PA%abf-I@I3Y;ij+|W52Px zb$GP@2?Uda?fo6n*&l3g-rBykxBof}>|fg~r$&YET(GSjFvgj3!d7_7REl$^?q8|m z`VMsP>dtMe@DqZ9p5Y%l*lCHSZA!{ z0f~iT@Qo*=A0t^_TUhlgT5CA$ay0>ngw3n$Yver`K*}IJuWAv{8GH9}p1xfS8$r+Q z-Ck+U$Y0{W0!E4kUp%@c+v^Er+)7zf9OE$4C4IDWhN^2!v10#E|MbN#&apokqpmbY zAvT$``oM-qhTJ5$=Q6Z6hw`xE$6}3zdU_Nx34eK>0N3TcY354tYN(k>+NzF{Hyuu3 zei-*JjgHyZFZIh>f;A9DW)S@wlFUYDiT)&Ai)1dRZ;}5M z;LDH8tVjEMdq?}bTQ_qqm_SYS;{MI;t?!d0ZeKmz+gFK_ev2LK^E=x9mx?vG< zy3%(!$dp#jbBnG08+*IY?p(?LxW*3KmtVbh{n?h(qy}CnG@#}|uqytwUZ_z^1r__K zHA}cx{ber!u9N7~E^7t)hIPvw+W8>0GWVJwzr(^BxD>$)ebnVoTKAC3m8_+bucD6@ zhlfL3?jWV^#&DEdBiH;+RvV6(MBO^nM=MG+OE~N7=jc11)V6|h9GEIOiyRWBOHoN( z<}4{p6vQa^+{2{za{4Y4Y{qE~o!Lic5+SHJBNb{L$D)F>bNCh1T3nUE-i0n#FdRf-eK5~dVWnHN& zq@7yYS4bC2usS)vN`@p`#boo70FR#g)Z)^?MbT1)VXqpNt=QSh?gkDQv;%%nR)nnC z-(vN88M~JKX=nsU<(&rbuOK2|ckblB*>n_G(MU}j1#Bn;hs9;%FYh8QP2OB1LdyZ5 zagFSGs6RpR)9G(j0v2<%(U6d-O9dcqa z3`^QhThaq@4A^ZQ4ei>ID? z3JbtRkL@lRB4NF(R@xDU3bCaThG$0zh##1x-?g6~K=V3aHg5?~zd1zl+cY%Yr(n=y z!2Eg2BZD%WR{fFzLMmta=43*MQSIG(4$kjtd~xPTso($}<;{=!)TLgqMSDv)J}@p4 zvV7di{09wa7jkuoDxe!2to(2sfzV996^-4W)5Z6TkAx}<@ zqf-J4tprRnOI@NdeRQFB`{cQn(Fq0XQ|hj{otN4Q{&`o2ak{6H(>LwkDUa*P0h78b zT*Ke9K{6gmw$YCGhr~0ux$|3$I>CfOfbgTYi}`aKClAqCY<^47l`s^40GU92FK-3r zWEjnxFY?5+b+`1$8k9MC#1L;mN?XRfCMs8xF9n8)ITCLsu1Q!L1~$!DGmA4Poy?{E zA3_XdGPF5}%0dReGeozwBH;@Li#W#k5OtELQ0^e9*WE6uw0@Q;Pw8rH3$z&-4VhQ^ zTEf!wlw=^Cihc0?p@qR>$*Dm~i;RI1-Yhf{VF*jGDLjfmDeBtG7^j;io#~^*cs#k| z(=7bm=b5qli`a2=p9JtNxVU$6|M#X(%Aq6aYFIafJ~@GCXIYK{lkggFevBoEKYhrL z)5DJVPS6Ny2O+E0VW63Os3%5uTEl%wSj^WbEX$dn=^`XL>SowoG>24;3Z-CFOvtka zV)ewqBQ+3nxi)0V%!JL@6>t?;hkYm*~UqnqO9<#8KYHHpmA(b z=X>_Wm0=)>jwu?Q;(k7wi_2GE*=8Ha(XA_~XLete>yLjNZlq=$OxZBPzD_zRwFwjO3Vbh zlEBEBhGpvfcypBGoHC-Hi|uzqNMrrJzIt4At$FZtEFg{JVdC;|Y5F;8tKol;xzGFr z6#1YbdJBa$oO+}*&OEQAlVlU~u()%tKro_8o-h6QS~~~;2xoJmN=PD)AyJeGS3{x; zG9_2(VVqJ-R3K<6ljM$4P9{;M>%8diPMR_*yL+zgyup*J-&Q;@RWf9e96&4`mXbLb z2DH$Mx;sSNRUg`LSx$33mBCGOrKsmTmF;wBqb7s}uYxjo8-}qOLe|Okn??F1G)K*s zqzrjNmT@~}{Q|-lQE6lLSdg%QJEnTu*@A1|z)a>QJEEGFrXt)bhf7%tCIj&y*5j8; zJTP|@D-Tp|GiC_EVeD45V$h?oOM9+tK*nFsSV#~djDNvwh6dP@ps~YKmDD75BNCmV z$Fi82%!p7(f6dvYT(Gbni6KLO_QCSLmdun8NY^oZ=usDsZnDc>I{p&s`WUw+z!Q&dbk7q4$DH? z(x%Dz46#n}Bp+E@OU$?bfJmZ0V;X%w?9K&Y@>D15mF)Liq?c77tHBkeg>@MoiALIT z_W%>{Lzbt69n&ih##FB47ehs&<#2?CPI?>%R-FTb87Xr8R7x|nWuMYmLwi#&-lWU=jdLCYACleeTshf6ReW$Pj{W+$l14{sxo+%lJM zEgg)Tm}B_6yh2CQd_Z$>%(1WIgeu@q?(2l=)WwE28VW`0UE33Uh+&j?sQpWKO#Pl* z3d4ZXjZ&1s(M){rnsRHlV@mv5)k;gu>K?PVFeqol9)ad}h&8I1Ci)BIVNmt5i}6^c z>l_PfG-b|S(}4Gf_KY}ZD^e68BGZ?3M9v)nZ!~?`;2_`9mzUU@15Q;DS(nP*y&$14 znq)>}so4}$Rj89DhR&OVJWa`+gRPg@SxTRAe`oiG*J=lJXe+e{nGB;CtproF)2#W8 zxhXDMv@Qj?&isXND~OORVlnLzbONv|*K;D1-|94$kZNQm(#zlUcn|z2SJG7V%=vg3 zECEjV0>7$X0WSCupL^Ug$S9J3`D+UGf(MB)x+l(f`&}XZH0?i^lNYKX!X{*@nV~9a z343fDq(BlT*5g)5()1ajn$?CJ!ursOG}21X?e+Tbl?e%L9=pWSsYeg^l$$Y#E3nxz z8an&33E$+vJTq09+0PI!o8@HL;MmM#diQDD{SCeHzdt#S;RDCCVDkaX1^SEO?#R

    Lu#TFi_D(0<3f{g(B~==JO>&)CNoNB}I3(7mAGzc~ z@XLj7wKp;dC&>qU+zov+S0vD)ECu7#kwW6w!e+_P|aQx(kR#~W+-A(9&)dYCT=t$-iPo+@XnXRu*7;Xqh$QZe3> z*KID#76;8|l!YManba4_m$Dk-Q?&h3@PVDoeJVY}LnpGX$njIt0<@l-5_|5VdtCYsQR-bRIEA$LVm9RbFprxw%uOz!@86f6fS zwcyu}jSo?m++6i|*r`2l!55rJ!^lFwtWiF?PQ`R=^tw@&3*gIo%S`moQ5vQ;`Lyd zuUA3`Ql=?1RYyCPMfpnI`d=~X9gWQT4hyj3h{Y9t{ug#QQc|Hi>`Eol#%IpkuBX*&&pZ(2MpOx9wseQP7ld#s`ypZpksYt|AYo{7ea1C@B8 z5zvk2*m?2T#>p?Z`|L*sYOlUeTtF0|K4@EAxB!7h;K3gg&n}zQKmz zGpFW+vJ9#Ux5>gNmqxo|KB-p?-ZvA+ver-b1%OIibneCfKW|cGx-ut2yAb2aUZ7Z= z^`ST+?82M^M-Z!G59k8wB(x8QeZ+-LVwyI558K((Ms{w)>g!hxwfo$)(-O2%4!2^l zcLF(;E6jAafT091iQh4eI#y{ur2T(;uXTqoN=nAZ4rWu6_WVHfBg+y1%9+{o;Sind8 zoR3wQi`K-8SiVPZ)Jl*mxuLAAdh|z=uA&G*K||%H0#k5WMEL{y<47sTs^FCs`S)Nm zCHxBo5J$8$SGk`i3gaS{%2~n*^V1KqH?r~A*6r}aK(H_8^7=$E-ozRnC!xekWtPmJ ziHS?1S}GrvIPz8@#~aUNU>cF+%svTv{UKmf>YQ6YgX^EIX16yt+tSF0n7k@xwMc{n z{k-r=iM1tMms%(pfoj(qijtURvofwoLXb)Mw^(H&gnDH}6A6dOsE;Bl%+Hkg2YF1f zI9XLT1uq@ic=U5oV>Kjc;zbyxtq>lvHN=h`xd&D?>;Pnjb zQHVMZ#<%5Q8je`?4x^Kn=Cwdy(d_Rl0!}KzX{{H$&1RznQnF-(DxKAD%9q1S6Y47& zl{3~P??|%Bw8PZwz$jVyHqOpR^?r|2;-xhRE>vLDeqJz&k8BXtB$aWuo9`d`8~7+= z4iDYwo(3!2_@B9h`%_UN!%?;_oMR%0WYsO}4z%or12Y2+w=k9JZ3DhM=MgZR3JVxk zEzlIF&v|uE0>$q6>6mShL_$ho$B@DEtq$S4!;Ka082;SCugSaOzn*Pwl>$3=G|qJL zC!xB*ZJz1jGc!rHPvWyC<Q?L7i@XY(I zENeUY8g0Uur;R1Iz{K37MsgvKD+&X=ClPnSwY0!g+G&qJ_op|$+^nT z=cK>S21vObRu+@VRO4BfWCr>5pj%fDcX*C+cgv^2D9Fv(pbbbKY>QCGoKCt%kn@%H zRStB5v5TU#P{XH;mK#dLvHa3Z88?(+Ky_1A_gyG2%nDI3WLQi&>QdT{hOuO?G4EsK zS&^f(Euo5(w0@44rY1u%lKNd3_fWze24)eRANYqhRBAca7H`uJcJ*E$vcQp&hbFFO(lr2~NlCo(3WTu_3; z6Kh`j+LsA4o7uPO>lr!Bx z6FUvYWmmDP%>^^UL)Nv3YZjN>B1x!V(X${jC-t&vqe$*bS>%*qYi*2aT(ePNt21j< z^y9&SNxqSyr_FF6<4$3fQOL-b*R_K&7b;bbHr)x2bX<=|92L)b=P}YKO-tMm*HM&E zX{}UOL5zPWnz=ipVmv+&lZt(e9=?;-pXMZsr^_L?sdOBCI0U~Ws?Cu+xa%*3a^w(=t{;!tMK&@eQX9b5GDVI~Vfhx_%5rfR zNtzF-CWt8aw;&OfLeu?B@~fI0Ge$e%L#o8)0Yyz#s(pWx8A5&%KmCPpmfu;QRwk-y z>5ec1hP}x8jwO?F;R?N!52+*Ntc8C$xrnLuHgUT7eL$N0-K)2czMBuRkr+PQtYQHT z<_jJ0=;d2Ghu^)vzjrIf)aZV|d*#5VKSFBN3~Tr}yMN$ItZyS8lrKXn$(_8*kfg6A zQQ4+C8%`MXWwd-{QZgT{p~nTF*qbFfD}lrZOTMCa3Vr?SUv;$Bc&axPn6Ypf1T=LN zLMv(pk7Oa@CuplX>q`0Z=n`zIc9GhACe#^L)@ay84$(TqXgrEzz2MM4M{S_jdO0k}t>LtK-_z(aZ~B|1FdZ;7 z+wC~H-!JA+6oQiZu&5@CnThJM0rtDx$II`Z{EU5=|MTQ;XbeAqWuyWDVMpYY{L`>h zgn*~07L5hB*!5$arQuRyJzvP^TkspxQ#-52MQxp+PS_3_k=fYUB15g#ghUxGy%Hq0 z1+BP3TFvx!nU7&0W~;nL;wp*j+?=NGd9PZVLLLNG8jT~t$-hUDMPOCNoGQwxSj3pW zMhV&N6wCxf0W!+VyLgRoQUIV#;nG2RJE1%Q zH^>nVR(@|r?F5_wo4L(i=l~o%>x+7ilOAlyuUm=KCK?;R(KKN-$JUcyFZir)m7Pqe zI&%ygyWEic^qejq$i5&ZPZ8$*P!s08uW^cZf(n6fiSvqCDAk~6705s6jSEe34_uZV zz*-UtUsO;j?h*J|3*>q-4ECbW$n!o{keBn#V14qm>tWl)gwYcYPL{U~)&gU7{7N&7 zoE@GC<(!Cc2 zxh8>oNGm$Xx=ps*LGTKF^|Xf*fq3nx##Aco^rb&9`_tQ&fK12kDc(wdOVX(`&cJ|_ zw}4D{Gm21_RIm0icIM5y3QbAO3{nwK>xa=2U7J!~bwqYU@>|mvOx5~En_O!+fn!;7 z=By8B#Ydjn`1a=J)t%d~Z0|4ruylDai08kv@oj?igA*Q1zRZu>Br2ojKYOa?!EE3u`+Ec*tS(DUO(o@<@|+PvXdxfDImw7W37%>d;+Y_E zrH}jJdn<^a3GLft5%;zKnYwg zRxqQ+en)3-!HW>f+r)^Uxgv8+0hwDJPwC zV-;p$^zlYL4WsmAGx8!yMONeCNmJC1`^yc+09l1>IeQ!!Z*5ZVfOvbE$s&}pDlO>^ zwrjgh8qq!#e&GVNGl~jM{bw0Uf~%nL6XHn7Z*?JP3lLnXW`lORn-gVGD{dWRJxR`2 z-#ga>(zvm;OPh}1T_yzUeV7HS`2SR1LVPLd%*Ds7An zKFM{}GRrQ1>p)&_hvsVXIvW)^hs{<_7{Ogj`gxBFUj+h$svrpD@TL5-G!rzgvZpsg zQlROEp`z>hDUtg_SuI|}LKmSS<*;(Mw7IJ-n_*Fn3uO{uR`|KmPE_P~6U)dkwJR}^ zNT}8B77W)4ph&sNL~#HFbC8fO20j6_c??zd?_sbyA@NXHIW#lSjmy!^C3L7UWLLGz_r5vvnGdlvCY zjc>g4;?ZaSz<>SQXZ6<(pZ@dbU;5gMU;FZNaZ>sspN78BN%f1XuWaq!*uJ(n+*@2) zy!<++gH!d6?#PFubKLdz){@)4=oc8Nd%AM~!M(-7E#Ber)Z%N~46t>$;OP2;!!pc9 zx?C?lTk!6@z5OeTIGTTP>8bqVgw|!{p3f}yxBud3hu76i$$om{o44UJc!iJMy~Bmx z7Z)tt-aFXQ%e^!NCzkG9-?{3SeJ!qU@#-jZSzq#{_!i+X^J|NjzPa#Q=h7U!c0Ia; zv2}(B?-Hx7erlt>>h{*o{-U}rk*qIz4I^Vs=OZJ=aBO6 zGYg$xkPIN*wz#@?w0l@CzPZDK+x9iIU-QbOU)ekS0Y|DOdjV7>It1X_H5>*mq6T>S7g-Y~`#wmCF6``Y4io+G+{;lJ|sEsgX0mkxek26!0m zQr^?FxE%MPy?~2PFHlMnJl^`+&dr;Pm$&)*HpVofcW}hZx5C`dOYo%E+qzRH3Uz4i zg`GzV)fuK8O(Nkat6ywmAt;dRxN4kh0#3$M+Nlglc?Hm2=US0B6KZk=>GJxFJiuyd z)|Ey`MIkSqydM=!*<_{o22}_X&ukEp1SB+fo5daw6)U9?Nr2 z-dmfY@*2!%qH-)}GAt0XSgtke{9hNxV?m-!Fzsxp9mGwARQ zbNc{phn3Glflyl3MfsO4VzrkC&2GD0Ku zyxnPSaq$M|VVW&&LaRbs@}6%4?y7`?RP+! z$Oco@(yWP|V)FJq$Y-5XP-( zXTWu_hESHZ_DA|1;fZARug=f|c#xfSwQ^;ZNN}e3o2)cm;=pHlq__&j zfKxg9(ao1wvT2y`ath-+lIJ%0`fK8eTv4?$CC6Z=6KqbDlxq(rLcvm6jMsXWu>*ZD VsfZIkM`}%m;Cixl{_(K%e*i)w{jmT5 literal 0 HcmV?d00001 diff --git a/po/sr.po b/po/sr.po new file mode 100644 index 0000000..7562471 --- /dev/null +++ b/po/sr.po @@ -0,0 +1,3927 @@ +# Serbian translation for cryptsetup. +# Copyright © 2014 Free Software Foundation, Inc. +# This file is distributed under the same license as the cryptsetup package. +# Мирослав Николић , 2014–2020. +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup-2.3.2-rc0\n" +"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-02 22:38+0200\n" +"Last-Translator: Мирослав Николић \n" +"Language-Team: Serbian <(nothing)>\n" +"Language: sr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Virtaal 0.7.1\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" + +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Не могу да покренем мапера уређаја, радим као обичан корисник." + +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Не могу да покренем мапера уређаја. Да ли је учитан модул кернела „dm_mod“?" + +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Затражена одложена заставица није подржана." + +#: lib/libdevmapper.c:1198 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "ДМ-УЈИБ за уређај „%s“ је скраћен." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Непозната врста „dm“ мете." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Затражене опције перформанси дм-шифровања нису подржане." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Затражене опције рада оштећених података дм-веритија нису подржане." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Затражене „dm-verity FEC“ опције нису подржане." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Затражене опције целовитости података нису подржане." + +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Затражене опције величине одељка нису подржане." + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Затражене опције самосталног прерачунавања ознака целовитости нису подржане." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Одбацивање/ОДСЕЦАЊЕ није подржано." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Затражени режим битмапе дм-целовитости није подржан." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Нисам успео да пропитам „dm-%s“ подеок." + +#: lib/random.c:75 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" +"Систем је ван ентропије приликом стварања кључа волумена.\n" +"Померите миша или откуцајте неки текст у другом прозору да прикупите неке насумичне догађаје.\n" + +#: lib/random.c:79 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "Стварам кључ (%d %% је урађено).\n" + +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Ради у „FIPS“ режиму." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Кобна грешка за време покретања „RNG“-а." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Затражен је непознат квалитет „RNG“-а." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Грешка читања из „RNG“-а." + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Не могу да покренем „RNG“ позадинца криптографије." + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Не могу да покренем позадинца криптографије." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Хеш алгоритам „%s“ није подржан." + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Грешка обраде кључа (користим хеш %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Не могу да одредим врсту уређаја. Несагласно покретање уређаја?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Ова радња је подржана само за ЛУКС уређај." + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Ова радња је подржана само за ЛУКС2 уређај." + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Сви утори кључева су пуни." + +#: lib/setup.c:434 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Утор кључа %d није исправан, изаберите између 0 и %d." + +#: lib/setup.c:440 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "Утор кључа %d је пун, изаберите неки други." + +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "Величина уређаја није поравната на величину логичког блока уређаја." + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Заглавље је откривено али уређај „%s“ је премали." + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Ова радња није подржана за ову врсту уређаја." + +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Неисправна радња са поновним шифровањем је у току." + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "Неподржано ЛУКС издање %d." + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Откачени уређај метаподатака није подржан за ову врсту криптографије." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, c-format +msgid "Device %s is not active." +msgstr "Уређај „%s“ није радан." + +#: lib/setup.c:1444 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "Основни уређај за криптографски уређај „%s“ је нестао." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Неисправни параметри обичне криптографије." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Неисправна величина кључа." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "УЈИБ није подржан за ову врсту криптографије." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Неподржана величина одељка шифровања." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Величина уређаја није поравната на затражену величину одељка." + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Не могу да обликујем ЛУКС без уређаја." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Затражено поравнање података није сагласно са померајем података." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "УПОЗОРЕЊЕ: Померај података је ван тренутно доступног уређаја података.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Не могу да обришем заглавље на уређају „%s“." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "УПОЗОРЕЊЕ: Покретање уређаја неће успети, „dm-crypt“-у недостаје подршка за затражену величину одељка шифровања.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Кључ волумена је премали за шифровање са проширењима целовитости." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Шифрер %s-%s (величина кључа %zd бита) није доступан." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "УПОЗОРЕЊЕ: Величина ЛУКС2 метаподатака је промењена на % бајта.\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "УПОЗОРЕЊЕ: Величина области ЛУКС2 утора кључева је промењена на % бајта.\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "Уређај „%s“ је премали." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Не могу да обликујем уређај „%s“ у употреби." + +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Не могу да обликујем уређај „%s“, овлашћење је одбијено." + +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Не могу да обликујем целовитост за уређај „%s“." + +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "Не могу да обликујем уређај „%s“." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Не могу да обликујем „LOOPAES“ без уређаја." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Не могу да обликујем „VERITY“ без уређаја." + +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "Неподржана врста „VERITY“ хеша %d." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Неподржана величина блока „VERITY“." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Неподржан померај хеша „VERITY“." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Неподржан „VERITY FEC“ померај." + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Област података се преклапа са облашћу хеша." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Област хеша се преклапа са „FEC“ облашћу." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Област података се преклапа са „FEC“ облашћу." + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "УПОЗОРЕЊЕ: Затражена величина ознаке %d бајта се разликује од излаза величине „%s“ (%d бајта).\n" + +#: lib/setup.c:2286 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "Затражена је непозната врста „%s“ криптографског уређаја." + +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, c-format +msgid "Unsupported parameters on device %s." +msgstr "Неподржани параметри на уређају „%s“." + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Неодговарајући параметри на уређају „%s“." + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Криптографски уређаји се не поклапају." + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "Нисам успео поново да учитам уређај „%s“." + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, c-format +msgid "Failed to suspend device %s." +msgstr "Нисам успео да обуставим уређај „%s“." + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Нисам успео да наставим са уређајем „%s“." + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Кобна грешка приликом поновног учитавања уређаја „%s“ (на врху уређаја „%s“)." + +#: lib/setup.c:2735 lib/setup.c:2737 +#, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Нисам успео да променим уређај „%s“ на дм-грешку." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Не могу да променим величину уређаја петље." + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "Да ли стварно желите да измените УЈИБ уређаја?" + +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Датотека резерве заглавља не садржи сагласно ЛУКС заглавље." + +#: lib/setup.c:3058 +#, c-format +msgid "Volume %s is not active." +msgstr "Волумен „%s“ није радан." + +#: lib/setup.c:3069 +#, c-format +msgid "Volume %s is already suspended." +msgstr "Волумен „%s“ је већ обустављен." + +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "Обустављање није подржано за уређај „%s“." + +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "Грешка за време обустављања уређаја „%s“." + +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "Волумен „%s“ није обустављен." + +#: lib/setup.c:3146 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "Настављање није подржано за уређај „%s“." + +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "Грешка за време настављања уређаја „%s“." + +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Кључ волумена не одговара волумену." + +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Не могу да додам утор кључа, сви утори су искључени а није обезбеђен ниједан кључ волумена." + +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Нисам успео да разменим нови утор кључа." + +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Утор кључа „%d“ није исправан." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Утор кључа „%d“ није радан." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Заглавље уређаја се преклапа са облашћу података." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Поновно шифровање је у току. Не могу да активирам уређај." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Нисам успео да добавим закључавање поновног шифровања." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "Опоравак ЛУКС2 поновног шифровања није успело." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Врста уређаја није исправно покренута." + +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Не могу да користим уређај „%s“, назив није исправан или је још у употреби." + +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "Већ постоји уређај „%s“." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Наведен је неисправан кључ волумена за обичан уређај." + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Наведен је неисправан хеш корена за уређај тачности." + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Потпис хеша корена је потребан." + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Привезак кључева кернела недостаје: потребан је за прослеђивање потписа кернелу." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Нисам успео да учитам кључ у привеску кључева кернела." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Уређај „%s“ је још увеку употреби." + +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "Неисправан уређај „%s“." + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Међумеморија кључа волумена је премала." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Не могу да довучем кључ волумена за обичан уређај." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "Не могу да довучем хеш корена за уређај тачности." + +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Ова радња није подржана за криптографски уређај „%s“." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Радња исписа није подржана за ову врсту уређаја." + +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "Померај података није умножак %u бајта." + +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Не могу да преобратим уређај „%s“ који је још увек у употреби." + +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Нисам успео да доделим утор кључа „%u“ као нови кључ волумена." + +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Нисам успео да покренем основне параметре ЛУКС2 утора кључа." + +#: lib/setup.c:5851 +#, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Нисам успео да доделим утор кључа „%d“ за преглед." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Привезак кључева кернела није подржан кернелом." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Нисам успео да прочитам пропусну реч из привеска кључа (грешка %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Нисам успео да остварим опште закључавање серијализације приступа чврстој меморији." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Не могу да добавим хитност процеса." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Не могу да откључам меморију." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Нисам успео да отворим датотеку кључа." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Не могу да прочитам датотеку кључа из терминала." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Нисам успео да добавим податке датотеке кључа." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Не могу да премотам на затражени померај датотеке кључа." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Нестало је меморије приликом читања пропусне речи." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Грешка читања пропусне речи." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Нема ничега за читање на улазу." + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Премашена је највећа величина датотеке кључа." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Не могу да прочитам затражену количину података." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "Уређај „%s“ не постоји или је приступ одбијен." + +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Уређај „%s“ није сагласан." + +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Уређај „%s“ је премали. Захтева барем % бајта." + +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Не могу да користим уређај „%s“ који је у употреби (већ мапиран или прикачен)." + +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Не могу да користим уређај „%s“, овлашћење је одбијено." + +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Не могу да добавим податке о уређају „%s“." + +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Не могу да користим уређај повратне петље, радим као обичан корисник." + +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Прикачињање уређаја повратне петље није успело (потребан је уређај петље са опцијом самочишћења)." + +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Захтевани померај је изван стварне величине уређаја „%s“." + +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Уређај „%s“ има нулту величину." + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Затражено време „PBKDF“ мете не може бити нула." + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Непозната „PBKDF“ врста „%s“." + +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Затражени хеш „%s“ није подржан." + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Затражена „PBKDF“ врста није подржана за ЛУКС1." + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Највећа „PBKDF“ меморија или паралелне нити не смеју бити подешене са „pbkdf2“." + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Присиљени број понављања је премали за „%s“ (минимум је %u)." + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Присиљени трошак меморије је премали за „%s“ (минимум је %u килобајта)." + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Затражени највећи трошак „PBKDF“ меморије је превисок (максимум је %d килобајта)." + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Затражени максимум „PBKDF“ меморије не може бити нула." + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Затражене „PBKDF“ паралелне нити не могу бити нула." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "Само „PBKDF2“ је подржано у „FIPS“ режиму." + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "„PBKDF“ оцењивање је искључено али понављања нису постављена." + +#: lib/utils_benchmark.c:191 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Нису сагласне „PBKDF2“ опције (користим хеш алгоритам %s)." + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Несагласне „PBKDF“ опције." + +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Закључавање је прекинуто. Путања закључавања „%s/%s“ је неискористива (није директоријум или недостаје)." + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "УПОЗОРЕЊЕ: Директоријум закључавања „%s/%s“ недостаје!\n" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Закључавање је прекинуто. Путања закључавања „%s/%s“ је неискористива („%s“ није директоријум)." + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Не могу да премотам на померај уређаја." + +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "Грешка брисања уређаја, померај %." + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Нисам успео да подесим мапирање кључа „dm-crypt“ за уређај %s.\n" +"Проверите да ли кернел подржава „%s“ шифрера (проверите дневник система за више података)." + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Величина кључа у „XTS“ режиму мора да буде 256 или 512 бита." + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Спецификација шифрера треба бити у запису „[шифрер]-[режим]-[ив]“." + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Не могу да пишем на уређај „%s“, овлашћење је одбијено." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Нисам успео да отворим привремени уређај смештаја кључа." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Нисам успео да приступм привременом уређају смештаја кључа." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Грешка УИ приликом шифровања утора кључа." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Не могу да отворим уређај „%s“." + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Грешка УИ приликом дешифровања утора кључа." + +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Уређај „%s“ је премали. (ЛУКС1 захтева барем % бајта.)" + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "ЛУКС утор кључа „%u“ није исправан." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Уређај „%s“ није исправан ЛУКС уређај." + +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "Затражена датотека резерве заглавља „%s“ већ постоји." + +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "Не могу да направим резервну датотеку заглавља „%s“." + +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "Не могу да запишем резервну датотеку заглавља „%s“." + +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Датотека резерве не садржи исправно ЛУКС заглавље." + +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "Не могу да отворим резервну датотеку заглавља „%s“." + +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "Не могу да прочитам резервну датотеку заглавља „%s“." + +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Померај датума или величина кључа се разликују на уређају и резерви, враћање није успело." + +#: lib/luks1/keymanage.c:325 +#, c-format +msgid "Device %s %s%s" +msgstr "Уређај %s %s%s" + +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "не садржи ЛУКС заглавље. Замена заглавља може да уништи податке на том уређају." + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "већ садржи ЛУКС заглавље. Замена заглавља ће уништити постојеће уторе кључева." + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"УПОЗОРЕЊЕ: право заглавље уређаја има другачији УЈИБ од резерве!" + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Неуобичајена величина кључа, потребна је ручна поправка." + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Неуобичајено поравнање утора кључева, потребна је ручна поправка." + +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Поправљам уторе кључева." + +#: lib/luks1/keymanage.c:409 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Утор кључа %i: померај је оправљен (%u —> %u)." + +#: lib/luks1/keymanage.c:417 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Утор кључа %i: траке су оправљене (%u —> %u)." + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "Утор кључа %i: лажан потпис партиције." + +#: lib/luks1/keymanage.c:431 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "Утор кључа %i: присолак је обрисан." + +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Записујем ЛУКС заглавље на диск." + +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Поправка није успела." + +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "Затражени ЛУКС хеш „%s“ није подржан." + +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Нису откривени познати проблеми за ЛУКС заглавље." + +#: lib/luks1/keymanage.c:660 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "Грешка приликом освежавања ЛУКС заглавља на уређају „%s“." + +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Грешка поновног читања ЛУКС заглавља након освежења на уређају „%s“." + +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Померај података за ЛУКС заглавље мора бити или 0 или већи од величине заглавља." + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Достављен је погрешан запис ЛУКС УЈИБ-а." + +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Не могу да направим ЛУКС заглавље: није успело читање насумичног присолка." + +#: lib/luks1/keymanage.c:804 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Не могу да направим ЛУКС заглавље: није успео преглед заглавља (користим хеш „%s“)." + +#: lib/luks1/keymanage.c:848 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "Утор кључа „%d“ је радан, прво прочистите." + +#: lib/luks1/keymanage.c:854 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Материјал утора кључа „%d“ обухвата премало трака. Да управљам заглављем?" + +#: lib/luks1/keymanage.c:990 +#, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Не могу да отворим утор кључа (користим хеш %s)." + +#: lib/luks1/keymanage.c:1066 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Утор кључа %d није исправан, изаберите га између 0 и %d." + +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, c-format +msgid "Cannot wipe device %s." +msgstr "Не могу да обришем уређај „%s“." + +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Откривена је још увек неподржана ГПГ-ом шифрована датотека кључа." + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "Користите „gpg --decrypt <ДАТОТЕКА_КЉУЧА> | cryptsetup --keyfile=- ...“\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "Откривена је несагласна датотека кључа „AES“ петље." + +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Језгро не подржава мапирање сагласно са „AES“ петљом." + +#: lib/tcrypt/tcrypt.c:504 +#, c-format +msgid "Error reading keyfile %s." +msgstr "Грешка читања датотеке кључа „%s“." + +#: lib/tcrypt/tcrypt.c:554 +#, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Премашена је највећа дужина „TCRYPT“ пропусне речи (%zu)." + +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "„PBKDF2“ алгоритам хеша „%s“ није доступан, прескачем." + +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Није доступно затражено сучеље криптографије језгра." + +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Уверите се да је учитан модул кернела „algif_skcipher“." + +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "Покретање није подржано за величину %d области." + +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Језгро не подржава покретање за овај стари „TCRYPT“ режим." + +#: lib/tcrypt/tcrypt.c:793 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Покрећем „TCRYPT“ систем шифровања за партицију „%s“." + +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Кернел не подржава мапирање сагласно са „TCRYPT“-ом." + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "Ова функција није подржана без учитавања „TCRYPT“ заглавља." + +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Нађох неочекивану врсту уноса метаподатака „%u“ приликом обраде подржаног главног кључа волумена." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Нађох неисправну ниску приликом обраде главног кључа волумена." + +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Нађох неочекивану ниску („%s“) приликом обраде подржаног главног кључа волумена." + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "Нађох неочекивану вредност уноса метаподатака „%u“ приликом обраде подржаног главног кључа волумена." + +#: lib/bitlk/bitlk.c:479 +#, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Нисам успео да прочитам „BITLK“ потпис из „%s“." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "„BITLK“ издање 1 тренутно није подржано." + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Неисправан или непознат потпис учитавања за „BITLK“ уређај." + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Неисправан или непознат потпис за „BITLK“ уређај." + +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Неподржана величина одељка шифровања." + +#: lib/bitlk/bitlk.c:518 +#, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Нисам успео да прочитам „BITLK“ заглавље из „%s“." + +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Нисам успео да прочитам „BITLK FVE“ метаподатаке из „%s“." + +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Непозната или неподржана врста криптографије." + +#: lib/bitlk/bitlk.c:627 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Нисам успео да прочитам уносе „BITLK“ метаподатака из „%s“." + +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Радња није подржана." + +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Погрешна величина кључа." + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Овај „BITLK“ уређај је у неподржаном стању и не може бити активиран." + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "„BITLK“ уређај са врстом „%s“ се не може активирати." + +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Активирање делимично дешифрованог „BITLK“ уређаја није подржано." + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за „BITLK IV“." + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за „BITLK Elephant“ дифузера." + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Уређај тачности %s не користи заглавље на-диску." + +#: lib/verity/verity.c:90 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Уређај „%s“ није исправан „VERITY“ уређај." + +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Неподржано издање „VERITY“ %d." + +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Заглавље „VERITY“ је оштећено." + +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Достављен је погрешан УЈИБ „VERITY“ запис на уређају „%s“." + +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Грешка приликом освежавања заглавља тачности на уређају „%s“." + +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "Провера хеш потписа корена није подржана." + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Грешке се не могу поправити са „FEC“ уређајем." + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Нађох поправљиве грешке (%u) са „FEC“ уређајем." + +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "Кернел не подржава мапирање дм-тачности." + +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "Кернел не подржава опцију потписа дм-тачности." + +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Уређај тачности је открио оштећење након покретања." + +#: lib/verity/verity_hash.c:59 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "Сувишна област није нулирана на положају %." + +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Прекорачење помераја уређаја." + +#: lib/verity/verity_hash.c:203 +#, c-format +msgid "Verification failed at position %." +msgstr "Провера није успела на положају %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Неисправни параметри величине за уређај тачности." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Прекорачење области хеша." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Провера области података није успела." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Провера хеша корена није успела." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Улазно/излазна грешка приликом стварања области хеша." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Стварање области хеша није успело." + +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "УПОЗОРЕЊЕ: Језгро не може да покрене уређајако величина блока података премашује величину странице (%u)." + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Нисам успео да доделим „RS“ контекст." + +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Нисам успео да доделим међумеморију." + +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Нисам успео да прочитам „RS“ блок % бајта %d." + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Нисам успео да прочитам паритет „RS“ блока %." + +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Нисам успео да поправим паритет за блок %." + +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Нисам успео да запишем паритет „RS“ блока %." + +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Величине блокова морају одговарати за „FEC“." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Неисправан број бајтова паритета." + +#: lib/verity/verity_fec.c:265 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "Нисам успео да одредим величину за уређај „%s“." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Кернел не подржава мапирање дм-целовитости." + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Кернел не подржава поравнање фиксних метаподатака дм-целовитости." + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Нисам успео да остварим закључавање писања на уређају „%s“." + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Открих покушај истовременог ажурирања ЛУКС2 метаподатака. Прекидам." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"Уређај садржи нејасне потписе, не могу сам да поправим ЛУКС2.\n" +"Покрените „cryptsetup repair“ за опорављање." + +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Затражени померај података је премали." + +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "УПОЗОРЕЊЕ: област утора кључа (% бајта) је врло мала, доступан број ЛУКС2 утора кључа врло ограничен.\n" + +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Нисам успео да остварим закључавање читања на уређају „%s“." + +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Забрањени ЛУКС2 захтеви су откривени у резерви „%s“." + +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Померај података се разликује на уређају и резерви, враћање није успело." + +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Бинарно заглавље са областима утора кључа се разликује на уређају и резерви, враћање није успело." + +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "Уређај %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "не садржи ЛУКС2 заглавље. Замена заглавља може да уништи податке на том уређају." + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "већ садржи „LUKS2“ заглавље. Замена заглавља ће уништити постојеће уторе кључева." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" +"\n" +"УПОЗОРЕЊЕ: непознати ЛУКС2 захтеви су откривени у стварном заглављу уређаја!\n" +"Замена заглавља резервом може оштетити податке на том уређају!" + +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"УПОЗОРЕЊЕ: Недовршено ван мрежно поновно шифровање је откривено на уређају!\n" +"Замена заглавља резервом може оштетити податке." + +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Занемарена непозната заставица „%s“." + +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Недостаје кључ за „dm-crypt“ подеок %u" + +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Нисам успео да подесим „dm-crypt“ подеок." + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Нисам успео да подесим „dm-linear“ подеок." + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Неподржано подешавање целовитости уређаја." + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Поновно шифровање је у току. Не могу да деактивирам уређај." + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Нисам успео да заменим обустављени уређај „%s“ са метом „dm-error“." + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Нисам успео да прочитам ЛУКС2 захтеве." + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Неоствариви ЛУКС2 захтеви су откривени." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Радња је несагласна са уређајем означеним за старо поновно шифровање. Прекидам." + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Радња је несагласна са уређајем означеним за ЛУКС2 поновно шифровање. Прекидам." + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Нема довољно доступне меморије за отварање утора кључа." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Отварање утора кључа није успело." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Не могу користити шифрер „%s-%s“ за шифровање утора кључа." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Нема простора за нови утор кључа." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Не могу да проверим стање уређаја са ујиб-ом: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Не могу да претворим заглавље са „LUKSMETA“ додатним метаподацима." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Не могу да преместим област утора кључа. Нема довољно простора." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Не могу да преместим област утора кључа. Област ЛУКС2 утора кључа је премала." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Не могу да преместим област утора кључа." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Не могу да претворим у ЛУКС1 запис – основна величина подеока 512 bytes." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Не могу да претворим у ЛУКС1 запис – прегледи утора кључа нису ЛУКС1 сагласни." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Не могу да претворим у ЛУКС1 запис – уређај користи умотаног шифрера кључа „%s“." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Не могу да претворим у ЛУКС1 запис – ЛУКС2 заглавље садржи %u скупину(е)." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Не могу да претворим у ЛУКС1 запис – утор кључа %u је у неисправном стању." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Не могу да претворим у ЛУКС1 запис – утор %u (преко максимума утора) је још активан." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Не могу да претворим у ЛУКС1 запис – утор кључа %u није ЛУКС1 сагласан." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Величина вруће зоне мора бити умножак прорачунатог поравнања зоне (%zu бајта)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Величина уређаја мора бити производ прорачунатог поравнања зоне (%zu бајта)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Неподржан режим гипкости „%s“" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Нисам успео да покренем старог увијача смештаја подеока." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Нисам успео да покренем новог увијача смештаја подеока." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Нисам успео да прочитам суму провере за текућу врућу зону." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Нисам успео да прочитам област вруће зоне са почетком на %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Нисам успео да дешифрујем област %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Нисам успео да опоравим област %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Величине изворног и циљног уређаја не одговарају. Извор %, мета: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Нисам успео да активирам уређај вруће зоне „%s“." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Нисам успео да активирам уређај преклапања „%s“ са стварном табелом порекла." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Нисам успео да учитам ново мапирање за уређај „%s“." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Нисам успео да освежим спремник уређаја поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Нисам успео да подесим нову величину области утора кључа." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Помак података није поравнат на захтевану величину одељка шифровања (% бајта)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Уређај података није поравнат на захтевану величину одељка шифровања (% бајта)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Помак података (% одељка) је мањи од будућег помераја података (% одељка)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Нисам успео да отворим „%s“ у искључивом режиму (већ мапиран или прикачен)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Уређај није означен за ЛУКС2 поновно шифровање." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Нисам успео да учитам контекст ЛУКС2 поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Нисам успео да добавим стање поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Уређај није у поновном шифровању." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Процес поновног шифровања је већ покренут." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Нисам успео да остварим закључавање поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Не могу да наставим са поновним шифровањем. Прво покрените опоравак поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "Активна величина уређаја и величина затраженог поновног шифровања не одговарају." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "Неисправна величина уређаја је затражена у параметрима поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Поновно шифровање је у току. Не могу да обавим опоравак." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "ЛУКС2 поновно шифровање је већ покренуто у метаподацима." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Нисам успео да покренем ЛУКС2 поновно шифровање у метаподацима." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Нисам успео да поставим подеоке уређаја за следећу врућу зону поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Нисам успео да запишем метаподатаке гипкости поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Дешифровање није успело." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Нисам успео да запишем област вруће зоне са почетком на %." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Нисам успео да усагласим податке." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Нисам успео да освежим метаподатке након тренутно завршеног поновног шифровања вруће зоне." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Нисам успео да запишем ЛУКС2 метаподатке." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Нисам успео да очистим податке подеока резерве." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Нисам успео да искључим заставицу захтева поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Кобна грешка приликом поновног шифровања комада који почиње на %, % подеока дуг." + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Не наставља са уређајем осим ако није ручно замењен метом грешке." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Не могу да наставим са поновним шифровањем. Неочекивано стање поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Недостаје или неисправан контекст поновног шифровања." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Нисам успео да покренем поновно шифровање спремника уређаја." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Нисам успео да освежим контекст поновног шифровања." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Нема слободног утора скупине." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Нисам успео да направим уграђену скупину „%s“." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Не могу да одрадим проверу пропусне речи на не-конзолним улазима." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Параметри шифровања утора кључа се могу поставити само за ЛУКС2 уређај." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Није откривен познат образац одреднице шифрера." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "УПОЗОРЕЊЕ: Параметар „--hash“ је занемарен у обичном режиму са наведеном кључном датотеком.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "УПОЗОРЕЊЕ: Опција „--keyfile-size“ је занемарена, величина читања је иста као величина кључа шифровања.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Открих потпис(е) уређаја на „%s“. Даље настављање може оштетити постојеће податке." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Радња је обустављена.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Захтевана је опција „--key-file“." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Унесите „VeraCrypt PIM“: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Неисправна „PIM“ вредност: грешка обраде." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Неисправна „PIM“ вредност: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Неисправна „PIM“ вредност: изван опсега." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Није откривено заглавље уређаја са овом пропусном речи." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Уређај „%s“ није исправан „BITLK“ уређај." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Избачај заглавља са кључем волумена је осетљив податак\n" +"који омогућава приступ шифрованој партицији без лозинке.\n" +"Овај избачај треба увек бити смештен шифрован на безбедном месту." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Уређај „%s“ је још увек активан и заказан за одложено уклањање.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Сразмеравање активног уређаја захтева кључ волумена у привеску кључева али је постављена „--disable-keyring“ опција." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Оцењивање је прекинуто." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "„PBKDF2-%-9s“ Н/Д\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "„PBKDF2-%-9s“ %7u понављања у секунди за %zu-битни кључ\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s Н/Д\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u понављања, %5u меморије, %1u паралелних нити (процесора) за %zu-битни кључ (захтева се %u ms време)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Резултат оцењивања није поуздан." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Пробе су приближне користећи само меморију (без УИ смештаја).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Алгоритам | Кључ | Шифровање | Дешифровање\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Шифрер „%s“ (са %i битним кључем) није доступан." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Алгоритам | Кључ | Шифровање | Дешифровање\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "Недоступно" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Изгледа да уређај не захтева опоравак поновног шифровања.\n" +"Да ли желите да наставите?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Да наставим са опоравком ЛУКС2 поновног шифровања?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Унесите пропусну реч за опоравак поновног шифровања: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Стварно да покушам да поправим заглавље ЛУКС уређаја?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Бришем уређај да бих започео суму провере целовитости.\n" +"Можете прекинути ово притиском на „CTRL+c“ (остатак необрисаног уређаја садржаће неисправну суму провере).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Не могу да деактивирам привремени уређај „%s“." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Опција целовитости се може користити само за ЛУКС2 запис." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Неподржана опција величине ЛУКС2 метаподатака." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Не могу да направим датотеку заглавља „%s“." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Није откривен познат образац одреднице целовитости." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Не могу да користим „%s“ као заглавље на-диску." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Ово ће неповратно да препише податке на „%s“." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Нисам успео да подесим „pbkdf“ параметре." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Смањени померај података је допуштен само за откачена ЛУКС заглавља." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Не могу да одредим величину кључа за ЛУКС без утора кључа, користите „--key-size“ опцију." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Уређај је активиран али не могу да учиним заставице трајним." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Утор кључа „%d“ је изабран за брисање." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Ово је последњи утор кључа. Уређај ће постати неупотребљив након чишћења овог кључа." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Унесите неку преосталу пропусну реч: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Радња је прекинута, утор кључа НИЈЕ обрисан.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Унесите пропусну реч за брисање: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Унесите нову пропусну реч за утор кључа: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Унесите неку постојећу пропусну реч: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Унесите пропусну реч за мењање: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Унесите нову пропусну реч: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Унесите пропусну реч за утор кључа за претварање: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Подржан је само један аргумент уређаја за радњу „isLuks“." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Избачај заглавља са кључем волумена је осетљив податак\n" +"који омогућава приступ шифрованој партицији без лозинке.\n" +"Овај избачај треба бити смештен шифрован на безбедном месту." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Утор кључа %d не садржи несвезани кључ." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Избачај заглавља са кључем волумена је осетљив податак\n" +"Овај избачај треба увек бити смештен шифрован на безбедном месту." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Захтевана је опција „--header-backup-file“." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "„%s“ није уређај управљан криптоподешавањем." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Освежавање није подржано за врсту уређаја „%s“" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Непозната врста уређаја метаподатака „%s“." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Наредба захтева уређај и мапирани назив као аргумент." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Ова радња ће обрисати све уторе кључева на уређају „%s“.\n" +"Уређај ће постати неупотребљив након ове радње." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Радња је прекинута, утори кључева НИСУ обрисани.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Неисправна ЛУКС врста, само „luks1“ и „luks2“ су подржане." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Уређај је већ „%s“ врсте." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Ова радња ће претворити „%s“ у „%s“ запис.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Радња је прекинута, уређај НИЈЕ претворен.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Недостаје опција „--priority“, „--label“ или „--subsystem“." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Скупина „%d“ није исправна." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Скупина „%d“ је у употреби." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Нисам успео да додам „luks2-keyring“ скупину „%d“." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Нисам успео да доделим скупину „%d“ утору кључа %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Скупина „%d“ није у употреби." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Нисам успео да увезем скупину из датотеке." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Нисам успео да добавим скупину „%d“ за извоз." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "„--key-description“ параметар је обавезан за радњу додавања скупине." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Радња захтева нарочиту скупину. Користите параметар „--token-id“." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Неисправна радња скупине „%s“." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Самооткривени активан дм уређај „%sд за уређај података „%s“.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Уређај „%s“ није блок уређај.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Нисам успео да самооткријем држаче „%s“ уређаја." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Не могу да одлучим да ли је уређај „%s“ активиран или није.\n" +"Да ли сигурно желите да наставите са поновним шифровањем у режиму ван мреже?\n" +"То може довести до оштећења података ако је уређај заправо активиран.\n" +"Да покренете поновно шифровање у режиму на мрежи, користите параметар „--active-name“.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Неисправна врста ЛУКС уређаја." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Шифровање без откаченог заглавља (--header) није могуће без смањења величине уређаја података (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Затражени померај података мора бити мањи или једнак половини параметра „--reduce-device-size“." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Подешавам „--reduce-device-size“ вредност на двоструко од „--offset“ % (подеока).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Шифровање је подржано само за ЛУКС2 запис." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "Откривен је ЛУКС уређај на „%s“. Да ли желите опет да шифрујете тај ЛУКС уређај?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Привремена датотека заглавља „%s“ већ постоји. Прекидам." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Не могу да направим привремену датотеку заглавља „%s“." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "„%s/%s“ је сада активно и спремно за шифровање на мрежи.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Нема довољно слободних утора кључева за поновно шифровање." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Датотека кључа може бити коришћена само са „--key-slot“ или са тачно једним активним утором кључа." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Унесите пропусну реч за утор кључа %d: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Унесите пропусну реч за утор кључа %u: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Наредба захтева уређај као аргумент." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "Само је ЛУКС2 запис тренутно подржан. Користите алат „cryptsetup-reencrypt“ за ЛУКС1." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Старо ванмрежно поновно шифровање је већ у току. Користите помагало „cryptsetup-reencrypt“." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Поновно шифровање уређаја са профилом целовитости није подржано." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "ЛУКС2 поновно шифровање је већ покренуто. Прекидам радњу." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "ЛУКС2 уређај није у поновном шифровању." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr "<уређај> [--type <врста>] [<назив>]" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "отвара уређај као <назив>" + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "<назив>" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "затвара уређај (уклања мапирање)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "мења величину радног уређаја" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "показује стање уређаја" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher <шифрер>]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "шифрер оцењивања" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "<уређај>" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "покушава да поправи метаподатке на-диску" + +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "ЛУКС2 уређај поновног шифровања" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "брише све уторе кључева (уклања кључ шифровања)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "претвара ЛУКС из/у ЛУКС2 запис" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "поставља трајне опције подешавања за ЛУКС2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr "<уређај> [<нова датотека кључа>]" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "форматира ЛУКС уређај" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "додаје кључ у ЛУКС уређај" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr "<уређај> [<датотека кључа>]" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "уклања достављени кључ или датотеку кључа из ЛУКС уређаја" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "мења достављени кључ или датотеку кључа ЛУКС уређаја" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "претвара кључ у нове „pbkdf“ параметре" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr "<уређај> <утор кључа>" + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "брише кључ са бројем <утор кључа> са ЛУКС уређаја" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "исписује УЈИБ ЛУКС уређаја" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "испробава <уређај> за заглављем ЛУКС партиције" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "исписује податке ЛУКС партиције" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "исписује податке ТКРИПТ уређаја" + +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "исписује податке „BITLK“ уређаја" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Обуставља ЛУКС уређај и брише кључ (сви УИ су замрзнути)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Наставља са обустављеним ЛУКС уређајем" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Прави резерву заглавља „LUKS“ уређаја и утора кључева" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Враћа заглавље „LUKS“ уређаја и уторе кључева" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr "<додај|уклони|увези|извези> <уређај>" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Управља ЛУКС2 скупинама" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +"<радња> је једна од следећих:\n" + +#: src/cryptsetup.c:3395 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"Можете такође да користите старе надимке синтаксе <радње>:\n" +"\tотварање: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tзатвори: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +"<назив> је уређај за стварање под „%s“\n" +"<уређај> је шифровани уређај\n" +"<утор кључа> је број ЛУКС утора кључа за мењање\n" +"<датотека кључа> изборна датотека кључа за нови кључ за радњу „luksAddKey“\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Основни уграђени запис метаподатака је „%s“ (за „luksFormat“ радњу).\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Основни параметри уграђеног кључа и пропусне речи:\n" +"\tНајвећа величина датотеке кључа: %dkB, Највећа дужина међудејствене пропусне речи %d (знака)\n" +"Основни „PBKDF“ за ЛУКС1: %s, време понављања: %d (ms)\n" +"Основни „PBKDF“ за ЛУКС2: %s\n" +"\tВреме понављања: %d, Захтевана меморија: %dkB, Паралелне нити: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Основни преведени параметри шифрера уређаја:\n" +"\tпетља-АЕС: %s, Кључ %d бита\n" +"\tобично: %s, Кључ: %d бита, Хеширање лозинке: %s\n" +"\tЛУКС: %s, Кључ: %d бита, Хеширање ЛУКС заглавља: %s, РНГ: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tЛУКС: Основна величина кључа са „XTS“ режимом (два унутрашња кључа) биће удвостручена.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: захтева „%s“ као аргумент" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Приказује ову поруку помоћи" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Прикажите кратку поруку о коришћењу" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Исписује издање пакета" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Опције помоћи:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Приказује опширније поруке о грешкама" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Приказује поруке прочишћавања" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Приказује поруке прочишћавања укључујући „JSON“ метаподатке" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "Шифрер коришћен за шифровање диска (видите „/proc/crypto“)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "Хеш коришћен за стварање кључа шифровања из лозинке" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Проверава лозинку тражећи је два пута" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Чита кључ из датотеке" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "Чита (главни) кључ вочумена из датотеке." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Даје (главни) кључ волумена уместо података утора кључева" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "Величина кључа шифровања" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "БИТА" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Ограничава читање из датотеке кључа" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "бајта" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Број бајтова за прескакање у датотеци кључа" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Ограничава читање из новододате датотеке кључа" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Број бајтова за прескакање у новододатој датотеци кључа" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Број утора за нови кључ (основно је први слободан)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "Величина уређаја" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "ОДЕЉЦИ" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Користи само наведену величину уређаја (занемарује остатак уређаја). ОВО ЈЕ ОПСАНО!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "Почетни померај у позадинском уређају" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Број одељака шифрованих података за прескакање на почетку" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Прави мапирање само за читање" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Не тражи потврђивање" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Време за упит међудејствене лозинке (у секундама)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "секунде" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Напредак освежења реда (у секундама)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Колико често унос лозинке може бити покушан" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Поравнава утовар на границе одељка — за „luksFormat“" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Датотека са резервом „LUKS“ заглавља и уторима кључева" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Користи „/dev/random“ за стварање кључа волумена" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Користи „/dev/urandom“ за стварање кључа волумена" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Дели уређај са другим не-преклапајућим подеоком шифрера" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "УЈИБ уређаја за коришћење" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Допушта одбацивања (тј. СКРАЋЕЊЕ) захтева за уређај" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Уређај или датотека са одвојеним ЛУКС заглављем" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Не покреће уређај, само проверава лозинку" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Користи скривено заглавље (скривени ТКРИПТ уређај)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Уређај је ТКРИПТ диск система (са подизачем система)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Користи резервно (другоразредно) ТКРИПТ заглавље" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Такође обавља преглед за уређајима сагласним са Веракриптом" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Лични умножавач понављања за „VeraCrypt“ сагласан уређај" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Пропитује лични умножавач понављања за „VeraCrypt“ сагласан уређај" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Врста метаподатака уређаја: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Искључује проверу квалитета лозинке (ако је укључена)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Користи опцију сагласности перформансе „same_cpu_crypt“ дм-крипта" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Користи опцију сагласности перформансе „submit_from_crypt_cpus“ дм-крипта" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Уклањање уређаја је одложено све док га последњи корисник не затвори" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Користи опште закључавање за серијализацију меморије чврстог „PBKDF“ („OOM“ заобилазница)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Време „PBKDF“ понављања за ЛУКС (у милисекундама)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "милисекунде" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "„PBKDF“ алгоритам (за ЛУКС2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Ограничење трошка „PBKDF“ меморије" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "килобајта" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Трошак „PBKDF“ паралеле" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "нити" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Трошак „PBKDF“ понављања (присилно, искључује оцењивање)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Првенство утора кључа: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Искључује закључавање метаподатака на-диску" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Искључује учитавање кључева волумена путем привеска кернела" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Алгоритам целовитости података (само ЛУКС2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Искључује журнал за уређај целовитости" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Не брише уређај након форматирања" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Користи неделотворно застарело допуњавање (стари кернели)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Не тражи пропусну реч ако активација скупином не успе" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Број скупине (основно: било који)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Опис кључа" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Величина одељка шифровања (основно: 512 бајта)" + +#: src/cryptsetup.c:3548 +#, fuzzy +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Величина одељка шифровања (основно: 512 бајта)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Поставља трајним заставице активирања за уређај" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Поставља натпис за ЛУКС2 уређај" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Поставља натпис подсистема за ЛУКС2 уређај" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Ствара или избацује неувезане (не додељене подеоке података) ЛУКС2 уторе кључа" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Чита или записује „json“ из или у датотеку" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Величина области метаподатака ЛУКС2 заглавља" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Величина области утора кључева ЛУКС2 заглавља" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Освежава (поново активира) уређај са новим параметрима" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "ЛУКС2 утор кључа: Величина кључа шифровања" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "ЛУКС2 утор кључа: Шифрер коришћен за шифровање исека кључа" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Шифрује ЛУКС2 уређај (у месту шифровање)." + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Дешифрује ЛУКС2 уређај (уклања шифровање)." + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Покреће ЛУКС2 поновно шифровање само у метаподацима." + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Наставља само са започетим ЛУКС2 поновним шифровањем." + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Смањује величину уређаја података (премешта померај података). ОВО ЈЕ ОПАСНО!" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Највећа величина вруће зоне поновног шифровања." + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Врста гипкости вруће зоне поновног шифровања (checksum,journal,none)" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Хеш суме првере вруће зоне поновног шифровања" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Заобилази самооткривање уређаја дм уређаја за поновно шифровање" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[ОПЦИЈА...] <радња> <посебност-радње>" + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Недостаје аргумент <радња>." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Непозната радња." + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Опције „--refresh“ и „--test-passphrase“ се узајамно искључују." + +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "Опција „--deferred“ је допуштена само за наредбу затварања." + +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Опција „--shared“ је допуштена само за отварање обичног уређаја." + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Опција „--allow-discards“ је допуштена само за радњу отварања." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "Опција „--persistent“ је допуштена само за радњу отварања." + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Опција „--serialize-memory-hard-pbkdf“ је допуштена само за радњу отварања." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Опција „--persistent“ није допуштена са опцијом „--test-passphrase“." + +#: src/cryptsetup.c:3753 +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"Опција „--key-size“ је допуштена само за „luksFormat“, „luksAddKey“, отварање\n" +"и оцењивање. Да ограничите читање из датотеке кључа користите „--keyfile-size=(бајтова)." + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Опција „--integrity“ је допуштена само за „luksFormat“ (ЛУКС2)." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Опција „--integrity-no-wipe“ се може користити само за радњу форматирања са проширењем целовитости." + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Опције „--label“ и „--subsystem“ су допуштене само за „luksFormat“ и „config LUKS2“." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Опција „--test-passphrase“ је допуштена само за отварање ЛУКС, „TCRYPT“ и „BITLK“ уређаја." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Величина кључа мора бити умножак од 8 бита" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "Утор кључа није исправан." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Опција „--key-file“ има првенство над наведеним аргументом датотеке кључа." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "Негативан број за опцију није допуштен." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Дозвољен је само један аргумент „--key-file“." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Дозвољена је само једна опција „--use-[u]random“." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "Опција „--use-[u]random“ је допуштена само за „luksFormat“." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "Опција „--uuid“ је допуштена само за „luksFormat“ и „luksUUID“." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "Опција „--align-payload“ је допуштена само за „luksFormat“." + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Опције „--luks2-metadata-size“ и „--opt-luks2-keyslots-size“ су допуштене само за „luksFormat“ са ЛУКС-ом2." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Неисправна одредба величине ЛУКС2 метаподатака." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Неисправна одредба величине ЛУКС2 утора кључева." + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Опције „--align-payload“ и „--offset“ се не могу комбиновати." + +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Опција „--skip“ је подржана само за отварање обичних и упетљаних уређаја." + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Опција „--offset“ је подржана само за отварање обичних и упетљаних уређаја, „luksFormat“ и поновно шифровање уређаја." + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Опција „--tcrypt-hidden“, „--tcrypt-system“ или „--tcrypt-backup“ је подржана само за ТКРИПТ уређај." + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Опција „--tcrypt-hidden“ не може бити обједињена са „--allow-discards“." + +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Опција „--veracrypt“ је подржана само за ТКРИПТ уређај." + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Достављен је неисправан аргумент за параметар „--veracrypt-pim“." + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Опција „--veracrypt-pim“ је подржана само за „VeraCrypt“ сагласне уређаје." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Опција „--veracrypt-query-pim“ је подржана само за „VeraCrypt“ сагласне уређаје." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Опције „--veracrypt-pim“ и „--veracrypt-query-pim“ се узајамно искључују." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Опција „--priority“ може бити само „ignore/normal/prefer“." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Одредба утора кључа је потребна." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Функција произилажења кључа заснованог на пропусној речи (PBKDF) може бити само „pbkdf2“ или „argon2i/argon2id“." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "„PBKDF“ присиљена понављања се не могу комбиновати са опцијом времена понављања." + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "Опција величине сектора није подржана за ову наредбу." + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "Величина кључа је потребна са опцијом „--unbound“." + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Опција „--unbound“ се може користити само са радњама „luksAddKey“ и „luksDump“." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "Опција „--refresh“ се може користити само са радњом отварања." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "Не могу да искључим закључавање метаподатака." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Неисправна одредба највеће величине вруће зоне поновног шифровања." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Неисправна одредба величине уређаја." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Највећа величина смањења уређаја је 1 GiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Величина смањивања мора бити умножак одељка од 512 бајта." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "Неисправна одредба величине података." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Прекорачење величине смањења." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "ЛУКС2 дешифровање захтева опцију „--header“." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Величина уређаја мора бити умножак одељка од 512 бајта." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Опције „--reduce-device-size“ и „--data-size“ се не могу комбиновати." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Опције „--device-size“ и „--size“ се не могу комбиновати." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Опције „--ignore-corruption“ и „--restart-on-corruption“ се не могу користити заједно." + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Наведена је неисправна ниска присолка." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Не могу да направим хеш слику „%s“ ради уписа." + +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Не могу да направим „FEC“ слику „%s“ ради уписа." + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Наведена је неисправна ниска хеша корена." + +#: src/veritysetup.c:187 +#, c-format +msgid "Invalid signature file %s." +msgstr "Неисправна датотека потписа „%s“." + +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Не могу да прочитам датотеку потписа „%s“." + +#: src/veritysetup.c:392 +msgid " " +msgstr "<уређај_података> <уређај_хеша>" + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "форматира уређај" + +#: src/veritysetup.c:393 +msgid " " +msgstr "<уређај_података> <уређај_хеша> <хеш_корена>" + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "проверава уређај" + +#: src/veritysetup.c:394 +msgid " " +msgstr "<уређај_података> <назив> <уређај_хеша> <хеш_корена>" + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "показује стање радног уређаја" + +#: src/veritysetup.c:397 +msgid "" +msgstr "<уређај_хеша>" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "приказује податке на-диску" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +"<назив> јесте уређај за стварање под „%s“\n" +"<уређај_података> јесте уређај података\n" +"<уређај_хеша> јесте уређај који садржи податке проверавања\n" +"<хеш_корена> хеш кореног чвора на <уређају_хеша>\n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Основни преведени параметри дм-тачности:\n" +"\tХеш: %s, Блок података (бајта): %u, Блок хеша (бајта): %u, Величина присолка: %u, Запис хеша: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Не користи суперблок тачности" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Врста записа (1 — обично, 0 — изворни Хром ОС)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "број" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Величина блока на уређају података" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Величина блока на уређају хеша" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "Бајтови „FEC“ парности" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Број блокова у датотеци података" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "блокови" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Путања до уређаја са подацима исправке грешке" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "путања" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Почетни померај на уређају хеша" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Почетни померај на „FEC“ уређају" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Алгоритам хеша" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "ниска" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Присолак" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "ниска хеша" + +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Путања до датотеке потписа хеша корена" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Поново покреће језгро ако је откривено оштећење" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Занемарује оштећење, само га бележи у дневник" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Не проверава нулиране блокове" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Проверава блок података само приликом првог читања" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Опције „--ignore-corruption“, „--restart-on-corruption“ или „--ignore-zero-blocks“ су дозвољене само за радње отварања." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Опција „--root-hash-signature“ се може користити само за радњу отварања." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Опције „--ignore-corruption“ и „--restart-on-corruption“ се не могу користити заједно." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Не могу да прочитам датотеку кључа „%s“." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Не могу да прочитам %d бајта из датотеке кључа „%s“." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Форматирано ознаком величине %u, унутрашња целовитост „%s“.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "<уређај_целовитости>" + +#: src/integritysetup.c:480 +msgid " " +msgstr "<уређај_целовитости> <назив>" + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +"<назив> јесте уређај за стварање под „%s“\n" +"<уређај_целовитости> јесте уређај који садржи податке са ознакама целовитости\n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Основни уграђени параметри дм-целовитости:\n" +"\tАлгоритам провере суме: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Путања до уређаја података (ако је одвојен)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Величина журнала" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Подеоци преплетања" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Жиг журнала" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "проценат" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Време предаје журнала" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Број 512-битних подеока по биту (режим битмапе)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Време испирања режима битмапе" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Величина ознаке (по подеоку)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Величина сектора" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Величина међумеморија" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Алгоритам целовитости података" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Величина кључа целовитости података" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Чита кључ целовитости из датотеке" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Алгоритам целовитости журнала" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Величина кључа целовитости журнала" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Чита кључ целовитости журнала из датотеке" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Алгоритам шифровања журнала" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Величина кључа шифровања журнала" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Чита кључ шифровања журнала из датотеке" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Режим опоравка (без журнала, без провере ознаке)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Користи битмапу да прати измене и да искључи журнал за уређај целовитости" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Аутоматски поново израчунава почетне ознаке." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Опција „--integrity-recalculate“ се може користити само за радњу отварања." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Опције „--journal-size“, „--interleave-sectors“, „--sector-size“, „--tag-size“ и „--no-wipe“ се могу користити само за радњу форматирања." + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Неисправна одредба величине журнала." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Мора бити наведена и опција датотеке кључа и опција величине кључа." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Алгоритам целовитости мора бити наведен ако се користи кључ целовитости." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Мора бити наведена и опција датотеке кључа целовитости журнала и опција величине кључа." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Алгоритам целовитости журнала мора бити наведен ако се користи кључ целовитости журнала." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Мора бити наведена и опција датотеке кључа шифровања журнала и опција величине кључа." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Алгоритам шифровања журнала мора бити наведен ако се користи кључ шифровања журнала." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Опције режима опоравка и битмапе се узајамно искључују." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Опције журнала се не могу користити у режиму битмапе." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Опције битмапе се могу користити само у режиму битмапе." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Поновно шифровање је већ у току." + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Не могу изричито да отворим „%s“, уређај је у употреби." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Додела поређане меморије није успела." + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "Не могу да читам уређај „%s“." + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Означавам ЛУКС1 уређај „%s“ неупотребљивим." + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Постављам заставицу ЛУКС2 ванмрежног поновног шифровања на уређају „%s“." + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Не могу да пишем на уређају „%s“." + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Не могу да запишем датотеку дневника поновног шифровања." + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Не могу да прочитам датотеку дневника поновног шифровања." + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Датотека дневника „%s“ постоји, настављам поновно шифровање.\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Покрећем привремени уређај користећи старо ЛУКС заглавље." + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Покрећем привремени уређај користећи ново ЛУКС заглавље." + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Покретање привременог уређаја није успело." + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Нисам успео да поставим померај података." + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Нисам успео да поставим величину метаподатака." + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Направљено је ново ЛУКС заглавље за уређај „%s“." + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Ово издање „cryptsetup-reencrypt“ не може да ради са новом унутрашњом врстом скупине „%s“." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Нисам успео да прочитам заставице активирања из заглавља резерве." + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Нисам успео да упишем заставице активирања у ново заглавље." + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Нисам успео да прочитам потрепштине из заглавља резерве." + +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Направљена је резерва „%s“ заглавља за уређај „%s“." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Није успело прављење резерве ЛУКС заглавља." + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Не могу да повратим „%s“ заглавље на уређају „%s“." + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "Повраћено је „%s“ заглавље на уређају „%s“." + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Не могу да отворим привремени ЛУКС уређај." + +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Не могу да добавим величину уређаја." + +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "УИ грешка за време поновног шифровања." + +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Достављени УУИД није исправан." + +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Не могу да отворим датотеку дневника поновног шифровања." + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Нема описа у напретку, достављени УУИД се може користити само за настављање заустављеног процеса дешифровања." + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Измењени су „pbkdf“ параметри у утору кључа %i." + +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Величина блока поновног шифровања" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" + +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Не мења кључ, нема поновног шифровања области података" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Чита (главни) кључ волумена из датотеке" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Време ПБКДФ2 понављања за ЛУКС (у милисекундама)" + +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Користи непосредни-уи приликом приступа уређајима" + +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Користи ф-усаглашавање након сваког блока" + +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Освежава датотеку дневника након сваког блока" + +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Користи само овај утор (остали ће бити искључени)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Прави ново заглавље на нешифрованом уређају" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Трајно дешифрује уређај (уклања шифровање)" + +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "УЈИБ коришћен за настављање дешифровања" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Врста ЛУКС метаподатака: luks1, luks2" + +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[ОПЦИЈА...] <уређај>" + +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Поновно шифровање ће изменити: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "кључ волумена" + +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "поставља хеш на " + +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", поставља шифрера на " + +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Потребан је аргумент." + +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Само вредности између 1 MiB и 64 MiB су допуштене завеличину блока поновног шифровања." + +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "Највећа величина смањења уређаја је 64 MiB." + +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Опција „--new“ се мора користити са „--reduce-device-size“ или „--header“." + +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Опција „--keep-key“ може да се користи само са „--hash“, „--iter-time“ или „--pbkdf-force-iterations“." + +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "Опција „--new“ не може да се користи са „--decrypt“." + +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "Опција „--decrypt“ није сагласна са наведеним параметрима." + +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Опција „--uuid“ је дозвољена само заједно са „--decrypt“." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Неисправна лукс врста. Користите: „luks“, „luks1“ или „luks2“." + +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Грешка читања одговора из терминала." + +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Наредба је успела.\n" + +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "погрешни или недостајући параметри" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "нема овлашћења или је лоша пропусна реч" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "нема више меморије" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "наведен је погрешан уређај или датотека" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "уређај већ постоји или је заузет" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "непозната грешка" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Наредба није успела са кодом %i (%s).\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Утор кључа „%i“ је направљен." + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Утор кључа „%i“ је откључан." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Утор кључа „%i“ је уклоњен." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Скупина „%i“ је направљена." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Скупина „%i“ је уклоњена." + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Брисање је прекинуто." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис партиције.\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис суперблока.\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Нисам успео да покренем пробе потписа уређаја." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Нисам успео да добавим податке уређаја „%s“." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Уређај „%s“ је у употреби. Не могу да наставим са радњом форматирања." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Нисам успео да отворим датотеку „%s“ у режиму читања/писања." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "Постојећи „%s“ потпис партиције (померај: % бајта) на уређају „%s“ биће обрисан." + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "Постојећи „%s“ потпис суперблока (померај: % бајта) на уређају „%s“ биће обрисан." + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Нисам успео да обришем потпис уређаја." + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Нисам успео да испробам уређај „%s“ за потписом." + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Поновно шифровање је прекинуто." + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Не могу да проверим квалитет лозинке: %s" + +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"Провера квалитета лозинке није успела:\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Провера квалитета лозинке није успела: Лоша шифра (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Грешка читања пропусне речи из терминала." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Провери пропусну реч: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Пропусне речи се не подударају." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Не могу да користим померај са улазом терминала." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Унесите пропусну реч: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Унесите пропусну реч за „%s“: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Нема доступног кључа са овом пропусном речју." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Нема доступног употребљивог утора кључа." + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Не могу да отворим датотеку кључа „%s“ за упис." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Не могу да пишем у датотеку кључа „%s“." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Нисам успео да отворим датотеку „%s“ у режиму само за читање." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Обезбеђује исправан „JSON“ ЛУКС2 скупине:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Нисам успео да прочитам „JSON“ датотеку." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Читање је прекинуто." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Нисам успео да отворим датотеку „%s“ у режиму писања." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Писање је прекинуто." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Нисам успео да упишем „JSON“ датотеку." + +#~ msgid "Parameter --refresh is only allowed with open or refresh commands." +#~ msgstr "Параметар „--refresh“ је дозвољен само са наредбама „open“ или „refresh“." + +#~ msgid "Replaced with key slot %d.\n" +#~ msgstr "Замењен је исеком кључа „%d“.\n" + +#~ msgid "Function not available in FIPS mode.\n" +#~ msgstr "Функција није доступна у ФИПС режиму.\n" + +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Превише нивоа стабла за волумен тачности.\n" + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "грешка доделе меморије у „action_luksFormat“" + +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Кључ „%d“ није радан. Не могу да очистим.\n" + +#~ msgid " " +#~ msgstr "<назив> <уређај_података> <уређај_хеша> <хеш_корена>" + +#~ msgid "create active device" +#~ msgstr "прави радни уређај" + +#~ msgid "remove (deactivate) device" +#~ msgstr "уклања (искључује) уређај" + +#~ msgid "Activated keyslot %i.\n" +#~ msgstr "Покренути исек кључа %i.\n" + +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Напредовање: %5.1f%%, ЕТА %02llu:%02llu, %4llu MiB је записано, брзина %5.1f MiB/s%s" + +#~ msgid "Interrupted by a signal.\n" +#~ msgstr "Прекинуто сигналом.\n" + +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Не могу да пронађем слободан уређај повратне петље.\n" + +#~ msgid "Cannot open device %s\n" +#~ msgstr "Не могу да отворим уређај „%s“\n" + +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Не могу да користим прослеђени УУИД док је дешифровање у току.\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "Означавам ЛУКС уређај „%s“ употребљивим.\n" + +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "УПОЗОРЕЊЕ: ово је пробни код, може потпуно да оштети ваше податке.\n" + +#~ msgid "FIPS checksum verification failed.\n" +#~ msgstr "Није успела провера ФИПС провере суме.\n" diff --git a/po/sv.gmo b/po/sv.gmo index 5a0383b2545098264d8c48a4dadd1bee860a852c..9622337f387a62bd51058d38abaa469bed4c18d2 100644 GIT binary patch literal 70995 zcmcJ&2Y{Vbng9PrurLDBM4IqY0u#uc6nY4OkOCngi79l1J2Q7CH#2kZc<-HrAg&E` zEx4||mlf=yYr(Fp(Y39vWi4y(y6Ud7SXRaL|M@=8Id8dhXOj5a|G=B?eb0OPdCqg5 z^PK0L^PR)?f8m@YNp5;jk}L!l9-buU?gyTlByvCS%p^GgJOVtAM}HqbD@iT~KLI`x zJml;oxd%KI{0R7MumQf}oFsV{`0#U+bxXb$@`7xC&^*po!}(+UT`Vc zza&YX2G+pC!C!(GgUJQ$#yaTrr=ia6mSQ49QbnZ5b%BA zGVs&j$>75-Op;^4`QT~bW#9lf2|f&bHK=^N5j+w65U6s02Rs`54R{cEFp;V}$ANNR z06qj<15&hPBS_UG&jc5P_XfNlT)_LO6iVq|2~t(b-+)T@9#G}@3|Ikw1s(%F`eIM- zJa7Z=Yr*}&mxHQ@*MLWYp9D97-vJ*DE?Vxm0X%{C3Gg!T4)9X&tDy3E{3WzMxCJ~D ztb)qN3&9h?4}hw_Z-Fa7{Ui64pvp4>%Kb$FzX7i0{rHvMp4&nGPu{{m>%m`xD*r{R z{QD>f2_Go2&()IQ1$nGQ1QG6R6BhgRDIkB!YYzSLEKbr zvJr#?l9z&XndH0RM(}w4Sp+u0gTdE=>WA+Dm5<$^;{7%Vt4MwaD*nZf@qAqk>id&G z(ZNeW#eWZ|_V_KRb~}Vlr1JNJ6X12A>h;s0{QVkS06u)P`@aBG`8R_q#}hzUW^xax z^8W%H01w&X^?wm~2Jb`Q@!;Qqhl6*674T!A+T+)t+V{Y%P9G~k<$Ds;_d7t*|C_@1 zPlIRk{yT6HIR8pd=ds{fygw6sB=}KK;l2W<;BP_E#gSJz-7EoBpN|36USpv0{~Ry{ zKOFEo;9rJ52{{pD~vEOx`zxkl(bVGRG35q^n z2CDu)1S%gt2bJC-*L!}JfO4;aM}f}*_5IH9{qvym@dxl|@TeO+y~W^}yl(}SpJ#xg zpAUh`?=L~M$3q`W9|KPV75-JA(s>_v9QZ{r1^)|FxJTUR@th8-yw`%t&yzu=_ZIMc z@Vnqe;L$gEyIce6`!hk+>qkJv|8r3N>Y-In=SWa=c`kS&xE8zsoB$Q>P2k<&SHOe7 z+Xg+I=YgWPFM*E+A3EgqFgM_3;PJSRfhylKLAA&0K+(--13m!G=e;uQ@m>om-!B72 zcb^B(0lyE5UXH3ct^h^n4e%83Ht+=SO`yVk8WdfB3p^S83wS7a@`&^QvqAaa5%5Kz z{M`d8-`@b0-XFkY!Ba-Po-PJek6S=kN%A;Q-*(_CCSL_rPv^^^@0tO6ObP8t}lD*TTk~hmCkNZ^?%Tm$F~Ap!uu`Z{XHP0nEVnv4cr3LQM$K+ z3&D4Rs`np(i^0B~E^k~2s(qda9uB@3Tm-%aRK0#1JObSRW{>Y^Q1!GCRDatJD!x0y z`@Nvr?T4W1;h3s}T zyZ#tF9X#~$&Tp22D)&}U{+|%uUk}Rv=RwuSA3>FG(XF1ZAyD~vE%+#KH>m#bO;GV2 z`vh#41CIlr4XRz<1U?k}D7ZiPNl@+iFW|$$-+`+42R+s4wE`;sb)fPw1)dAO z5mfzr4^(~p20Ri>Z}WCM7gRp41y2N@8Qk9rp3VEeg39lMZ|56W0hPb^fhU2V2i2bU zfy==Dr#XF(g8F_3sPx_e9uIyJJQe&2I2SzV>HdBuxP

    !7IQQg6ela1eK4Y{?_Sb zJ*e_M39Nwc0!P5_g9>-qGrXKH0+p|ifro&90M&o`D1_+i1n^Ms+<^x zD&H>$PY2%#UI2a@R68C0EN|y?K;@?f%KuA1mGkZ3Bf!str-9!ARUZ#|wwHSzsCYJj z{opvLa4!t_Ztw)&zYM0}{lWc+I|3bor{I1SsCK&*oCm%NRDM4dzTY44sOLD{UkI+` z`z_!x;738F{|)dGaKFEE{<#`FiuX3C_@5o{Zg7D2FM#T2e*r~b3!m%#X(gz9-wZ1J zOF-4@KY}Xn=Rmdl&%x#3A%E}r*#ut9`-?%je;s@bc+B&>oyWngyuS<_1Ah&UgV#Sl zNnQYc8dUs`d;HSVo z@H^lE;D3M*0`CWv{_jA=^8l!P9rqFscQUAW&Ik7gF9jb8t^>u#w}6Yl2B>ns29&?| zfCqvf04v}pLHYkJco_JImwNl11S-7?K+(x1pyD3`MXzm8=|3;vYe1FbZcypIAC$je zfTDxGmyw4#)ERg+@1K0R_s8@V@I2nn1HTOZ0DK&H&nu}Lu>V!a_TYVBO8CdW+UK*c zc#XI3kHKg1{SV*@@V3{YGXXyZs@ymJgVR|Dyqx#ztl01C{T0gUa_uL6!GD zQ2pwdJ3ap^LABRS;3{wjsQ&OF@KN9|z!Sm!?(*<+LDkoKP~olw)sExg{n_AAy#E8J z_V^%pDEKMxXz&}L>i;+3a_~>!S>T1QcmCc2#W&v!svUm}DnEz6!R4z)kE`Z{q#s-~{*psPwkK z&G8f9IPdA*p3WWMRlM&8F9nZ%yQeng+hGVce!+w;8`RJwI=G5GfZKMwZu{(EpCn7+s3dkm;{e>$jq-UF)q-v>_u zkGjX}PGq5%+rh7lUW=enWWw zdrqJPG#>I3Ij5D1RRZmEIr0bHQ^z?(Nb9)oyo#r+~Xb)z8mBwbNmr@bBk= z%GVX3+($vt$sM5T_oLvW!Eb@8|388$c;G*KJ}RL6Ukj?9o(*0C-U}WJ?)OR0{|TVz zemQsoI0>pAp9?Bq?*|V7e+XU({sue;T>L5TS9MV3doB%JfD|?>L<5?%fPpSO6M2g67ZzYdVAdfsyr_O`@zqE`hGvCdLH-} z&-X~c=Yq=52SCx;_rXiS1)uZ$>;#qXcYzh~o8a5P13vHhd@m^XAA$40!~WIja49&K z_if;E@HyfA3!v!gccAjM;0r$fZ3kEL{ti(5==Y$?fBF|ae>Z`mx2J;#g0Bzn?*i4{ zUjk1De+4T4$9&1_Z4iVclNW#ogI9go`NasRc6ke!fNy+z-4LRKNOoc>hIs|5d;vzwhJ6h2RDFdkd&~`6+ldxZe*vf9Hcs zc;5-CU%V4M3H&j5KKQU7Iz3zhKAQL2!KL8qz!Smmfy&2&e&qaO9;kS30u}!Gpwjys zcs01+kDYF=5BMDLOx*7UMGwCLRc{abiSw=1;3>R69lRWTD|jRLdr<9n)lWTtEl}lr z52$**4^+CVe&+E#9$e1*`@v=4pTKS4lK=32`8rVkKM$@2_y4)4yAfQ)`xGd;{2+J& z`0!tNeVzd-+@;`L@Co1%;Ojuu>-)e{!TUj#^O#?HKVA>Y{YBsz;DEP?Y3ix?Y<$nNN0Y2)#Jiph0`u?Qwem6M4`giRW!hH#p{|CV1z;k}% z{b@5Of4706oA-gDlcRp?{b>uReB27Q!1scxuhW0$;jRJC<^2v&>3jlIJ^czi3_Sez z&?D~vbp6CCM=erJ`#rxAh)$<2ImG^7l zdEf)V{p>&Z_s4)&;XVP1o<0G-0sJL+6!?NadVFsKFXsIRpy>JJKRF%LLD9ie!6U&p zfoh+7LFMxYpvrUb1K!>jfEVz7Em#9z1ggCr02hKw|Lk-y0jeHf4l3WD0Ur^9t~hyx$aXM{s|3z*mDQ-`@#}Pkk8_9sUkfejl04F+Q;zRJooF zD!=ap&jtSrJOVs*&K#qY3&2BozZz8ks)MTU7X*AisQAAFDxZG_mF_tYa(~x=djA_x z{$2~F;Ju*w;rBts`-uHKKTE(xyx#;a2A>C>4SoVtx_<&!g6aNqY<;8#p1}J%!PCGm zfg8a;g6D&4A3Vp}`F2q4^eRwv`dRQI@VB7yefC4wImHsop!@+lhqQ_5x!{E2&^;qyx;4pYFcq^!I&jKF`z5skQ_zF<%@&QnEbU(Nsc-SFM zpGSh~U#Ed8*VW*m;LYH%;4?wR_j<4&ygR&q4OD)<3-*Br9O~sc0z8oSQ$VG=2s|3x z4l2Iez&YSj{!#w_8T>i8hQf+Zd|e;;I}LnC_&o)_8n@lyUEfuQ@$W)@T*vctzJD2P zg4gi;p6ByCW5MHNNaOvy|Bgq0TUEi~Z#} z`1^bCL-vNQ27g!c``JAI!MCq~=Yv~#o)Y{BE-Cyzn{WC%Dx^X6BroKlnUXL1r{qz5 z`y9WI#O*sgH}L*9VEp?AKknoCF>cFwp2Q=X(BD7sEa82Fy&->sR}=nH9{n8&{($eF z=6O5MyK(z9&r5m!i${N7#Qm$_Q+d9`@5jrLzc2H98R6f`?~WXJe;JSZvHsrXkQ|Sn zn|Kc6oBmGW_h0;H@)mFh?l0jvDSX$b3-F`<{$TKa@Vh)K`F#e@%lWOp?+5>M$z(C^ z%iP)ieHU)K`SoI+r|?^2<_ey7^ZUg-;%WN(ghTQ|a07Al^ZZM2dvZX*3559*59}%V zcyK=(zjJxMf!nz}yLdjJZ@3-J?@M`(;5mW!r-E%AXCZF-`)7ybd$|3UM|@g+uf=m9ejW>6%X0guH3C3|7=J_PQ|DERz{Qht7B|Lx2BR=*p z!mP)=!SDEY06)&+xsGpV@#ya^{G7?}{dlh6{hxTgfSdjv2M&M?naMABp2lyDF}L!> zKZc9s%{<+IAIEJ9$1(7p@O?Y)8%gIB-nW1+;QdKFr}0~VFXLIuw^Qwn{>1M&JRb}1 z0`c;Lga7kE@z%LK8bdDQxhQ=5FT#!T-U9V^0PZ*N`Q~T_^tOR^7}me=x>nUUk%@W#rq?1U&M17 zzfa`3o^N-C@4o>V#*_cW{V@DIh~J;(xBl+q_m9CJ@VtrVxx7CDKY!r&wcw3B7x7zv zH}QOu@Bab*hUYo_j(-#USjw{%w~q!#jcXdaU&r%5xZlBZG0#~%XYx$&=O z{QGv{_dFb5%d?0l#oy2Q_P>SiFABfU1HXr#I?wBQ^!I4o-VFXN_}@Ht^Q_|;;&~p= zrF=VvIDf)#{rwdDPoCHC`=a0`cm4e(ysyH){to1MY;ZdfT#fs$z*q5XF_g9ABDfo1r zhw>bb{}E7s$KmJid49%oInRsS+16Ua&*ZuMcoyGI1|P|DHNW+DVL*RFe--jo!QoJz zTlsz*ZvPVe{S3E3p8w?eA&>r^;9&ng8owv=9E1N3&l_-E6~d+guP^w2Bfozc+~quv zu&0Obm*HOF{dV3z!tWmicfk&xKjT*8IfCE+!*e6QKM$Tx82#PC`!b&5-@o&|nCC+L zJcAGS@J#Z&DfoLAznAk|$+H2sLqPrgh~JkG=HI|4@Vo-I4}y>9xmX^0{M{Vf_9xtN z{5~GPCk3}da66Xw$A$MMcw_i2*pKIO{5$|Y6ubt!h36`MA5J*^jq@B5es2a>gx~*$ z`!1eO@#yauhhz?65#3z8BQr zYJThQhv5D^_wxIu;PxQpQy&X|hw=MNo;CRS5YGzyd@A^tw|DaUO58@lgLvkLZ*K(u zj_+s7Q}`Q-KLU>6=UM#zNANW~pXFK1`$u?I@_P+97mR z7~xC&_zcgvx$cy?-B*b3Qobp^$Iuz( z1%Ij!xjh-TIG)9Fybrfnj+n+TaXY>%jRTL!)9nlKU4R=^Xn!&6WDmEydboW9H_@5? zuH{kwk^|OlUAuWny0SJ>of_|?W3^rF`Yp9|XT7s6y?V>$bfP(2OZz)Jn`yn#skIu_ zaq}||ALHZcU@aYPP7RLNh6nnRzNOWnPQBS!me$*8vr$W%BTMAks7}<(t+Ng9wH@`L zTH0x*L#r%OSe_q+opN&_=cK|PPN{sH%8MP zwN`zkK2%j!QpMS~wAE~OZdB-Hss1Hnsq!M{w4nmxvlRP2W!rL)<+#=uYVDfr)P}Qc zQ>STryxGaTsLEA~=9)I9CI+biYJ|G3kL>DOs!t>JaVo7jsZw~In^QW{#4CAk)OK1F zdLN$}YcC%jUP~}+J}LxB0|ruCOv$QklHQ4#%gc9rvc88Il-{B))2 zU~s%SG?w-c?&{Rq^KhS|9a3xjr#9Ap#Jc#Q2BDE}5UkZ`NH!4m%V$i)Xyn7^Q1dtNlaUXp$kd$h@rmHeRxJ zxm&I$TN;)Fz>3Vj;Ivjj={^XCqa^ zERJ8+X*L@W@CI;+TUoV?M|~* z9j&EnHmG4wo_l)x|0V6Yl|>7oowKIWjJoOFbI+a%>GFHgl=ZqIWv2ZrHg0Xtvko%% zmZ=IX%eZjANSd-hD|3mVovNeE>q|V9^$V8svmL1=5DJ4(;E;Us!4T@qy-{cR_ZE>i z=`!X4qHi#ASw*&M9V5C1RTGCCd0G-F#5zb-l{`9S)RN3k36u^wTV~ivDis(>Ww_QJ zYSnGP$+?X>*aWPoO6m+s8hn~#wMJSU9uB>1AX&=Gtu0z>NA1@7#ALJ8xwUq)U|G7< zORy{{5ALP0cD8S6Vd(Dm=VC=EsxI$7FcU6}&^EBzNSwP}SE+P%P1e$-`ghq4>2)ry z+)(h5kH;m~Yy{Rw%@>U_aSTnCW+UV*PN}Dr1Xym;Q{Hav$=Z-48L#qzbSuLExmEpF z>KYuvfI5&UtW^xx8 zP@dp;b0@sIJydNCGv-vss_B+ZYp$4QEoO{NBx9>RCODpn>UbLvS!QXdmkeCX0}5mHdp&fw;gA!Axu zlU-tBlZ7KdHr9k1oBmZjD%NNI6^1m`?!c8gL))xzSFc(@iJM3@+nZB1Ln)9wd3M1$ zl-aZGa&?G_NlfT!qN`FwSub{3Te8+Z#k23JPe~N;%1u^O8>cY@H=*)Oek;vxsKrLJ zQRyJA)*F*k9Xhp#fe@*mblrvx8=CGAFOVz-H2ZAG?fs%q_NNj|gxY7T0ajtD6&PTa&fO@5||0bbFJ* zKv+S@v*}rp96S@jQ}@^5npKYKqkG_^TCysWxZj%4bS2QCWS4<-O(Uln6V4F;_B*0q1%Lyw9OvA&rc_nH-X2KYV9^y*L-DH7Mdwwr%q=<>tzyk zQz`-*!)lG3LrwRk7M{U}XR09bORRq7#$1U*eMGRizEU!9& zh}n^ZDs4m|B9m?k!dmf@W^iI}p(NHpOdDDt)mE*8+=|YoFkGrPm|84Qe->xERvVMz zFw_`I3}$xIzUFh&SPxwury3@hxxAYNheDNEh!&bS<9rx* z#)4cuuDagE_+i5;Ww*Mn4d(-MDTeu}W`aKM`JhLTo-#pKu$dW^JbE3ux-$|C%nvCm ztAL$#CXQK2%FeU3v4*yu0nL4OI`^=%)2jQ)=|bFn=E7#aBXt-xqJxq`VRCS6ctrEY zpt}|O$Dfb%b&Bj-gt_esq|(n9m#^pE;#yl9_Dx9K!L&`{U=}3KZheeuBYiS+L=-21 z>s*Ywp>my8AAtIf8-n~s@aBXR5^=P*xzLbw_;c%NzsCE%%uARMNk3-YOu+(G8Oap2 zB6-B^sUZy%%nTJ3v`AZ3nafm%O%!VZ6DJcd58Nt&-9MS|;TD2jYby-gw=-Y^9h(Qd_ zke*b~6Sr!U)q3kBlk!3c1mTeJ$i_;XL$nuJhm#ZKj>H0GMPfGwt15BDV^Bj5x3v7! zZ{#q@YO9H@EqH`S6*{{zK7w*B%L$#<P zilPVtZKXrwP0iKoofy#MG(s7D1%)3YW-cq0l#(l5mys!$#GZ0S=meQWPb#FkZ7#vJ z(;f9{l;G)}Ee#;K_n|R)N0y9&R^&LDpKi@a3YlsJvOYq;H!TZw>YB*~(n+d5N<50H zt+$aOccp`fmm^dPQ|)AB)64Jb<0z8MPq$0K=1JtLr_48!pvn(%j?~q|8M3;+<)Kot z7${#u+u*LSfS_46EXgy#N+i;T7&XEi;%uZjnj=@`Mb8q>AQ-LD!U1b7Ta1k#^ykgDKHnDYu5ETkLPT(Kk#uGPk_G#h^M z#w>lO>jjI89v&nX<<3?q6wfq+StMmYnR8b#EoFsVb$y8uqV<}^i;1c##V-+)bnVO_8 zXf9IZeFgbtTAX=+&_yCs&qSU)NUO%EQML37oHg~X5hLmu&I8$O8eK^&R*Z~x$rM{& z;P|E3fYJcOc~y4|xxel&RO)220SB9)sD};8cAa;TC^dPA*qiuHUp#T7ylYgX9I3S}#jbzI@ran3}Ig z2VX`rBF&PIT>Tdk$wVya3r_ZKcj@+?aPY7d(r3LLH_x;|b0F+qF^I7Zg8R-?)79 zhV|2OV_!^GrE;u$m~Fzezy;Ak%bZM>#WzY5=xJec?vd#ktt<5-%R?k{rAW$&$Z}H5 z!yb~5?Su&^F1!|_(x+~PN!NF5HK;A0C#sc#Ho@vRr}4fOCf+f#m3fI#S(xmZHAfiM zG2oIAh{SCQS&D{rl@ur=%~A=q29!5vDMR|wi&)w_tCN|Dp;$#RR8fw~`bx=z>9KmY zyA$oSR)t&SiWEiF!BEPZD~zVn$wwW0+hk6>X+75XdujYCEN%x%Nme&ogZ1HIIL&mL zqiS;NsX$rAkD9F^#*fTA2v#eVFOs$9cCrN!%YpFw8Rg9!k56-_RP`P**bfXf5vKPP zDjlnjH{G7l!fWEJsa4v)h$YL0X42#HQF~NSeAGv!yiQkaqbt}!sWVL}! zW>CXnn5b!rEsE#!6-w7f7;Gf8VCW;ICJ|oa1(i`8^)9V7Yz~hwBWmfNJ3MzT>(Y&y zv~8DZl|EMzm0wjqT@w-aK(|Ztd0*MBm)`0!SSaFZXdmOP!%b#%iabn{!MJ2v6qg2) z5H@RP&A+qG7Mmta)}vp^>sFcha3`PbTBFT!5i+*AS(yFw`BF5qhvrTu$3ci_7F061 z;f>4`@V7h*!lXjext>BIt&;o-8{xMm}ogSD3= zmqC;$N0GD5q6STu8#)(MlA2o4+uCFGNg2&(P#>&8P+Fj}@J(h$Zk%Dt?ifX$UkO=~ zrhTPiI9aoy+*6Blwt@UBbp(YC2lGFtBihq&90Kd&Zh%n^n!K? zonx}bJ`ZC{?k19E5u-j_S`v*$$D&~;pwRK%ABvu#j@yK96G>+_A=b}>I30V0BK80U z`Y4Aeuh^{7%E1C!9tid2#Wi_I(*#S@m9%T3O?KX|G7V^+2s7)vPpe--MNEzn74z^; z8nMar)oRR&%pO!}uwhd6q z;$$ZO?&Rl^20p_2P5#|hp`FlKafJRd!pi-aJw$uv&uY;;?%w^xX~D(xOciVb|K-72 z3${H$PnOAS65S#bfZgRo%WNNe_m9{%h3HBhCB~Tdqv@&j_%?fDd4Qg2i4L-I?qqt; zDAF2B*1DWW5Ni$ka%tQ&%^A$v#lZo*%T_b9*tK_KYJofFUEM}8H}O?R6fv1o?PkO< z8Gv9%qKw){lguDfMQ_S{vsnxbYno+^d>Pp@$H_JenROoH!{W2gQCg;^VrPfPX}+V6 zD)q=DaFTHWGCt2XfLO|wmAP(VyaTQ?In_cvh_8vzPpWf1}0vm z>a;XO(WdzimQme725X(2C>s&6v`VP?c2_zxgc}P}>AekKju)v7g(bpVy@5pz?P;>* z2(xVUx=H4qX%I*l*6Wi~<0koDRLEPMMJFv$mNHytaF#iCm!q%qmt3j9P%z6_toT5E z1!^dK@k(YSVd#Jc(T6c07lPN9q=U^-)+%5P!Q8koO`uvmF1!W(f2OPHM;xszb0NCu z&-jq09bTX;e5j-#!jhw25fu7zhjeOn_}}p?4ip(L?WNUdRuU$@nn-m8 z^%+6vG$rv2fwr_U(RQ{-|iDf5oiB zrkbg3ZmtKr!gEoXoXmOdw zgr2y$N!-My;Uf6VW9W^UCsBUAy-pH%E|C&4GpHzpCF7L}ytZ=P)D6K(IM&Csv}{_^ zW^U}F#3J=}6DPdm$DCQ~7g03;aOsgvgT< zqV@c21|rEJo3LbIom*5~1yr$iCz`xdWFE85E31g=_>jaV#!XjSmEpw?e!_HTz`J8j^1z;$5?4oFx5or#e=X zsd5bsB;z{K)8hFI%{WAf@C#{(uTWNTf243LZl}poi3H-1{m=?sfudO6Gl&mmY!cLf zQE_QPMfOH1#1zFPRSy<_m@He>w5JAxX$WnWZH3Azrrg8!nw+Ml*yAv}?@Ujjh5SN3 zdj{P@MX{Z%BC=jwiK3d>45o zWiAKAT|fhgGwz%V+YV@pgZ=0*x@Kc>oy|D@W0;{^cASetut7-5cYF=UJvvf}W}5CW z^^_^Gr;~lLNqRo6^~1&42;S|Bby(@Vl_%&I{^hBNGlqm?5cY_~vO*>5^`+gmMv;M# zC8-cZS}QE3yyQoE$%RuJSO#86M_-@DeNKcOEzY^ypSQ>Fves+GSjs&D%j?X*kbgO zJ_@o2FX<%=%DG@X4lj#+%3#d~=s+ub^!<51>;V~w`x(%k0j!ur! z^oV5ru>5R7r|cSidK0M52d0bgn2P{m0nrXENo6)k|Kg+=B2t8AK*^G=9G#VX+|T3nrr{x1NtDVHJ^Fx{jV|HDl7he`Q|V&N z9-zZe%m8MhVlJG`;8*LuJxi!uE-FTz(J*3gBy+K3nk;W79nmu_zG5s!UD@O@dM&VB zYxe>TP79nTh7d#sOvP1hqG@4raxU0P=Pi<%^TzG%r3Np>77Z#GTp2kSh9ofWRX(!Q zeqES4{5h+qi@|*m}G+lKac}dGPC)i=Gsd^|<9k1}DFRmM|Fqmj);BKwg)9l1sYWpZ)sd#&1d-FHjL zlkaXT(SMQQdA*vqT=7;&JlPcXpHkx0Yc_7S5pE#aylTak4VyM6I-x4rtl4pOyxrWR z?6ujHv_4F1hNT6*Ew1AhTJ*xOkD-vsL|%P5DB(^rhjO?$G?0DHr--wAv^_B%8oDbV z+vJB~NGQ#XZZ~tzRkUsQDMXdJ)O1+8aW%8X;6zfti;T3k8L}mtx9Pl(+TfJVB5KQE zzTL|WPOG&Wg*TI@I5l*?rp??YD~%9`IWq;8J%fgAFz4X2#zl z6I%^KbgI?nC7VT<#(HcAsMK$&VKFtYhnajB7m8k7XMB{ zWWl&-95K8c8sb6!iCsMI^yYEm?7C(I%IzD0$CD)M~R+$h05g5Tx(R| z>iZBPa@lD?Trv-*oKOx3ntx4(>ZqfrF7wixZ)WB6LUDpnvG^!*TTT+RC8cmYXs>Fv zvS-nTOochPI72>hM}HeT7~>OX;h2o&X6Pa;vukwIk|6bm*erE%cAo;f=qfYww2sx* z4i0-7)SPb%np+W)h9rwGNDX=K)0)==n`25^fGuvbu5$&YUnQQ*K|M1p{T3ZXHC>(y z3-`fiVb$JULa)!a{9xJ#I}!V%nv53WV6()w4J^VePU^{|d#5lBOGe#!T6gjR8D}SB zC&#U}txOaVmK)+Cw#@~U_7$tPEY}*a9Vmvh7qc>u#3(&qdA4# zX$xiYj@jq^mc-$JAzM5^S}TSU z31~4OdM_mvsH_~0f(KzHh?!=}PIlv};?@SUv*u_6ad`S};*4;&vWY7mjAm^cyTn{8 zQ~BfKthxi&_c@2MoqG)XWo>Q~j)v&*IiL3T3~eKqbL*MEdm*~=8Iqr=7=>}h$6zZ- zIgNbkU*taRH7;kQ z%_|Q?7M~k4RO(IS8(U%0kpejpx7|~mxVBmBx^ZZ7>P9EF;ygCa!s|K^D@-lB0#6O1 z_P$ZNF%PepY&$VU_Q~*!k&Lu=HHKp4p+PFt-8Q$E4})uec#ZpdjmgimjF|aMzH}FQ zsR46>P#6N(vsz_g01hM?lBMEK*1$YTZPrHw^F9=c5iHeQ z*@JgDt5k0>KprzY29-w&d$49juAEpO_ zSF=4`XVAg=vmNXqMSaYS?kDX0J&9Q^uxHWB7a7ZfTdfs3dzTUs5neX+=!^!E>}1}R zWql`ObTsK5nqmOARfcTY#+$&a5UC}P#3d2xDXL89usS6ihxD|$?bD=LoMxc5PZ7Xt z!vv@Ch}m2e6+(e}tjD+&kc?PZm+(GhTS~G*Ma!tnT8gnPm{o;U z)e{RP(5!$p+A4a@jFqZ!25TZ`@0}*bxV5mUzO8*|L{sf%{km8xk2QD+Yr&ZYrxf*k zlfy;*UKr5@SrWgCTM7%5A<9viyVDB2Bku#w8PsoCT#QVVxI+y@O|(&-#$+4fi*v2w zfJ1fFZT26MLF9=WjZk0Z^A}V9GbJ48yN1o;(wCUXXa_wT?}AUTV()Bz#g7$CEo(NcXTj`-{1nr0oM|PRMJ+3P^EzCX#6uy;u@%7G zlW85XP`ZH>6@B-)+6(|##iA)F>_>-8%-(6BcXZL*@~?<5*TZ=wBtF|te4nr{VYr#l zIOp2gS{WmP$ksYb6v{(k?aYbT-cW*TFTg1DnVo(?LhDNW~ux=N2nc8 zmZ_XC7j{`CwnM5UfY5QguB4smF*A*oUgk0L5)Twg65dqJmUw8rZMB=t2%BwDna(?z zX!CzTtT16HZ~!$A%?XC>lqfN zt;2Rvlhe;E)MtyM#S*}Kq=5I)KNi+wD>}tPO^R*hdrA_nPrz(3JD)qIQW%$=@g-rIEh#Ve#+c*G zGl~1ZOr4rA8PHiEp*?f8Vj@P|wmxNJU6^L)r-S=~bg?RT8ov#Nqb|y0W8$B2j{{IP z*kYK`YHmkmURg6-LD-X^v!tNmNEZ(*8d#_s1+bc~T+tq_4_7Xk8f{m$G?!#U+r{lF zBr`Bv>)W`YvI(h1u~d+e*ebMm;iB^^3(u}BIyYT(&XThiow0E7!i9b7IANr+h3QNi z)3;`8NqRZQ-;AWoHJNV97GUZ4qJ@p|MdvlzJ8Rpk7mrRbmJTpYSVqvs=oHdNWlOC( zu_WERlk=$%AC`6|EA1T@k8?s%vo&BZ1MOPweM#Eh(Ram~D^}&DRKZs0c!CCbVHUo` z^tB62)VM&$tFQ&DbKz8Hq;g*FPkBcAtgOO1P&)M`>3JNo-*>gu$`TC`R20kpUNq{# zb?2tLl4w!NzSI*Mkp~DL_OPllHa00!hpMOY`{E5a=+Mpjwy_IU&_#ObE? zZQFephE%O^7Y_ZPG1^vmU4_H0^6VmYq^adVU9D2^5h`T&osHoZdG;^#xn(lE8EMt6 z>TBb;cz7k+*ySx!8)qR(#gZm$x!sCWiS0nm?RA-=;8*Lg=QnGFP@ZWOZ6lo7yoo90L)icwF zxQx`5vR|Cz(`36hr*Lh~bXP4&h8{@ZaJ!BV+IpX{N}W*HBabE{R`a;k#0Xt7&nFq% z+<`{$lao@Opj}Fnc`zxzI>si8G>;2@&=|D?ZTr#kv34=9FEWsd>m4(~?!H8aL*wk` z8^1$mrcm9t=)_R-F)F8nQw^o7bH>@#-P(N@>L`6FR}h>fkX#%ngZv`~#O$~~>n^KJ z@XWf4rXhXncHi0d(~EZuwz%*J)o9<9;Rc-z)gA5eDQ@Ip#N2%sR6a=ur`HDtpy>-c zaXF4{1gky?NHCbtgHG&Q4$EUS+I=T?AEZWgumg1=Iy0`U_|xm!#Hpjx5JsD=wys-r`p(|YTz>~a>x+~H4vOuKv18urp9Gqj3$-o z*YNB^c6JoA)8i^0otkZT@hIu?RXjPR+hsgUbdZ|0MzE!I9$*6vH+0oTDH;^XwmjWf zRlJaAvxZwfb<-NH&T+O*KUss|G?47Roh7GsXZM}s`L=~fDE4qSFsbADH*4lk1)JsSkR^m1l-P5Dafuv*u1^Ps0!%P>#)`*6iwU+Mf zv8Y(V)A*MUdho3~M_JZX_>PvUxUw4mCJq_Ky6TcUPg|chT=(EduVv2Fh z-gRTQORW=}Z0gn^A65iWf)kd69dEs$5Yc(us$pbp>qfcWP3>jhxV(oOUo@al$E~n< zQ1RUndB5;Rq_vAT_GE$luyqlcWjS_QBnxIXja^WU$y7$g#l&U}H(KRrWh|0<1QjoV z^6%l|8>4EYuy$<>F*%CLTBZu6l5e_EmRQwu35{!lG>#-g$D>1C&N-9Rfn~U9tM&D8 zjgKN8rDi$mja?>Q7x{)FUDy*xZtLlIQeCiqhS1gEnByx7>DZvciZ$(G)?VaH2V9bH z;B746(h=w{WSYs9SZ>=n2g6Rk-|=Gwwz|&l@1f%tBzy*^24a7*Hqb-t#=Y`F^T2W? zeZ=d2D&CC!k(%tR5_i*(D9fr*GLv2U!=5|t_*uRw*<2baRhiDY#K{XihzhbH+S}I4 zu~EuN$)XdmnXYk$+kdD~k4hQvsA5yI8Zy3}DA9T6yw9bsQg*5XX@O@d3AkaI1THaq zmN45AAI&&Qt&vRon6a3yk94Dn-FMNZ?3iTNEUP}^fGm7cO-Mzo$fyD}ahJOnCYwD3 zicp42l-`>h0$tiI!$-Y zrd4Co*mr8W#ZxD17fVk7s@NEt)ebZthIZ;*BgVo?;IXRSn-;Qa)?BseNG_OBC8viJ{J37 zxw+`VURq6=*_|;su0!if^}81}R3Hk8ekP2i%~2gW$qYet%3yYvu6OxAiCS`AIoGxE zzanZETFGxeLzJ0aYcxh;#JVQb(mX3miH=0yy%KYE5TKn_ag7aolVQk8{#`JjUyKz3rku#|L8GUprDYI0Swmdp? z#iJx|2EM|0LQ>1dX z$p%IRgOcoIzBuS5vfthJOit1}X~WvhV|IBHyZj@2360RRU*>!``X-KH4Ycs3eGNFD zmE&y;p}Khi3*{PeTrbk=mFDdJ3L~U7PoCFa;kNC*a{}SXJhj6RT_C#fxv=1nq8FV# z$`NWrR=a46!w%-&!ATH`nLJ-VAYfd7z0ix!z|3c`u7Eg>>jBx2`{GN z)j%x+mP%+qEL~}FOoW(q5?Q4eK7niF|F&met=1hWZBK`ic7kE#{=9@BXLjaL zv)7o%yw4Tp!Di3GbU!`=pmL#ElseU(W0VIARq6vqxkAg$;NF9t1tHwjqLSfz)rj;; zbe$+vOWe;VI^6-7k40^Z_@2u<&}Fx>C1a7H+ZSa!qlX>U2Ffk(|J{j5mT2$32fd;R zTFz0TwPU%YU0!36vqoso9E`ao^uz4bb!oja5j(Otyt=sTJZuCi@U_ejO<0~d&Zj%? zBX1}~1~2y>r-U(~Wy}d*Q4ah21ZE4;TG^`7gckKsVlmK9ucDdaEy*md8(}Q7_@t$+ z(GZz{CMCL7qNnMM#<+Gdzf~;v7?m_eAU3PC?twrA z-IjE?#ppA&S6{N(R(h#8tI+n?E}La35)oqfY+5`QQ^oRZavlb@s6XzZ<`O^4VlOLW zBv$4UzO=y8v}6{P*{L*PW+Bp?(5jMzi+KH*_)Ok2Y=B_-f;FI;#7`K12!a7Wt;IBQ z_dQZ>s|cElczn_r%<5H=euyae%_T(U38-@Foe9){{=yft zIkPPHl44P$z|026zfK#sy0DB#7ob%spObme{?@jOG?+Wkt!-VSqM1yxM$3GrR0`Cg zDV^PS)~^K`Ws6x+x*YPkrqeL36hnMr+0fQdxZ*5|+nGW_ zlQRuj)LVm7R>UDZm)sg6wG>J6Kl+){Tkhh69tmR+Y{Og#=k6Mn8t8qZxKjEU$46}| zE9!nEBoqp$fhJCdX!CZyCR2(nV{oMGN{W&|YT5Tp_3-H$Gglz@j@4$C`|_zYR!hI& z)Pw~r>jPERy^Yk7XWC=iwJyndpDo&x9WD%`eO}$3-&jvpDM9r$EhiS6v}w?LENiB= zgA7?@iPK4ne0Yb$<+1)P{9-)H=Jk8oF?G1*?kUZ3RVTI0K|T*3o(yOU^#C zG@dcgw^q#V2TyuszJLdv=%f+cybkg}E<#v$bspD)0hYO1%(U7xNL{w{XdSBf(U*oQ zZu;m~vG$9y(B5-tpsy&l*amE2+L0X@|Ah+~{|!|X7>+uQMWCzIkmQO>J|UJui`w|B zHj1rn`ZLoXXrp(gG9)UxGs~l>`DK0DVAru*QRQ4Iqu;OsgB&I$ZWN|VD@r47Q)np2hX@}E(xKhk|r|W9Az(`dF_DryGP0Rn<9_WlhGK@mIh-~t}@}RJXszVMJ-oahbUj-c4f9QVIIVNMNcfZhb=bACX>v)P{!iD zXaycil|oR%Q_&!V96^zqcDfn7%P%g%T$F6Z!i3cj2BcuB=OkQS=k(Fe>fQ8q2x!Ri zENSHQh5jx(j7b6jd4|y#WAoZE(N}HEQ3u6UQ}dGRE7(6CY;{;Ymf=D?6NpPb)B};| zC<$E6+6YoFsc{gDiub;GXH#cDhFVVJq*QQqMd7wLb7Un$Hg#q=&UZ;JIW4e9$voNa z`6)yY=aUrCWt{0gxqc#doK^)fzLKx#*d5O9ezWAezZ5DJ1^-Opi@wAc=ra(V=B_J1;<6e7kW$r%1R6r}u%SUK(#=sM;~pN2rIKomHT6`+0`yGHP2BSi zPBtVo;*cpA)su4JJ(u$=tr0w5Y4a_Gme6sR)-6?08i1xXZqHy+Slje* z?}Ly4Rs=rc`Z1QCOH*Jo=fG|SC1;Omp>+*kfY`LTqLIh0oa>pdU}!;KvDIfdPfu?e z_BlJgWW^y3tBC_~Z1cs!eTreqW(07TZ0Ofg-0WG1CHKUOOk>8{@HsXsq`O8DheHIA zbkBqav9my~ghrxr!??Z?g>{6Up|-gwnq|(z+${U|8Pf5~?nKHS$U7swZ6^P^`cB?+ zBh4WDSk|&B+zi1>T6@tD1zfd3~vSmyJ-dE6qnCvDN*t1GPiiM!+GnECQ z9~kf4yMRIUq8_n_#4?uEQ(;mlP`;S3cYWX0&M-x*Y_ALFxcrW@=NT$O#YPO!y?Y#B z6YkyXS#tM@D6F%I>~P_k+Qog^%*SkBXH7Z?w={Y?Gp#Xp-L1K#d_j#pOZKKQ{Q_U| zpBO2_o$czrS>iF1U8nkTK5Db&At)oHc!(IoiZ8>!U4ybMvl=ba?m zx0>?;qk)06Z*4)e7lDQTWR@y$l6%7Z+mxEFKTZ21%T#jA7wupKiMraDQkYtxvhP_o zWE%uewsGZy&&-@Dcs8$IH0zNwM9sLV8VHqOa_|g3r9LM6d&PXL%U3h1o*~BIs|U5( zIHNryuEB2%EJ=312puM(H4>u90=^SR>%3tB7ivc&h;!$Xaut)7vVfM`Xa&m+livro zPYt6u%R5yLe0+g z+4hjfSa5IDn7Fn(4dTp0GhZwPwmS_ybaw0?^t0N`kWf-gzngHX#o{>zz+(Tw;qCM?&rH&~%P#7z7xXV^pO=b3-AP`?B5%0@|RI`aNW{OLcS@aYwtp9@i6Q z3ggRUKoXS3&T*|jxlt>(>G8P|)y}TJ$rUL2xR<)^&E1V?&EvZKqKe9AxzszW579U& zm%qu6_Tm&tghdLnT^KO()^qh)oX?6How5~VxF`)-i^Edb8^|=Wz#ICcOI5$HnTzCE ztW&W6cabda=_+i_G$Xy7cMov(lhnc-)?jn$bWjWkd5{e+wr_wPu=xUpO(kG%PVk^l znkn>lX3vvhRN+p;DYNZ_{yCUWGiMkYg^Llf_)-tjIGVjq8?{em0lO3#f1D#&_2g4_si~p|&3A@TvqZBHMeQ6i z@V&Cv**w}^Lr^?jk&OKVY26b8ROkCzE=#X3&x>&6` z(ku{NvZ1J%hyBU?%J#=-Dz(To#S@mt}PuXq@2$e3!INnCZGut(aSxp4r^z!&*I0F*f-l` zn=^wcN#1WwuSSZ^(AJ^Xu)iG!i?o39s_<17j@hTK+OnpfmY%6dqc$Rju-P44h^26D z3zC3vxnHHoNu;_GT2g`b3$hm>GNQaQSyP7!-lK=u^>sUH0ZC z8gK2!fr_1G<;%9*w#XWj$kW!-3Vq)AsBuMi9OM`~t`IWOuFJfZwnhN+429w$GUof! zi>u5esWuyVPVdqZXF3*&{Cb z(>;v?>6MJ_+pQXq6qt$j@EE#M^gBVW8H*PhgOxsJ&p{}9Bj0Y0{ImBlbjOZu5M2=a zYX(kT(3o)osoyw~qs?Im>1D{CnXu(|$KkQlzNj2q-RjF#%-!YiZ%Fmh=5<%#EFUSV z8X?wMIYDnA4SwEA)9P-53+>2hm`@g#{JMN{RpUr)`xxBGH=`9aL#5WhU(}{@2bfze z6t86L_AGuF*N!#lbbrqx({0nL>+%JUId|*kn}y~_TnsXP9QIw2zSy~HE$aqGt=x@J zmu-nQcKGpF^TTbAh07j`M-{~F1z8JhF06SLvXRXyj0yU{Z#0u^@a5uY$LzvLX;3ft zu62@WLc@|Yv!sghkBP_Gx z-4jy{f@mfo^MO3jy0GBNM-2O0w#k{p3w#w;!a2f=Li!1%=|j8mtj<3GXgp<>+x}7B3(gtlO%mC%=vBTwu>Z< zm8dNjIU!O+n|Kt;$XsamJ&feeS2dmYp*^yGYc3bRR1@cf>m_5Ltd=vBy)%9?N-$Y3#)vY)4EiOF==KduJ)8{SRzD(0q$oEi zw288>_2$z-4=ZY~`yL!Gh_z$<<`vDMKr$pMMmbB2rq$!9r(l^_njEwzcHe{Q2F^96 z8D~)eV3HNH63yRP6c@d^%4CKJa?O5~wxJrbpwx}7t1L!NQWeo$WN;fzGoYj>g^+F!La!-k6^$e7D1ZsB!JIjYxQB+t zBs+RzaV01ZEP)xnvdhXTih7n|PNk$6qPH7~+8KPJHCK;o@@g6caw_RweZe*b$crf- zGTlSg{r2Q-Cf>NprnaF74AG^{nzuna~Jr zG4o}ac~&{~(67UsUW)7!qC$PRX-hN2TCSz62exB3DCXWS)u7lm=I3QsQ*k~iEQj+% zZ6=r9mYL^FVZ(H3wvbr$aeY_m(#%+TZ!3mN$rkAEGa3p4=&tJm9A4m;Q0hX!?lTlDH+}?^cjU16 zWNRN#8^gK{f>5h}m(?<($ADi_S-3Y=YIBQCx#0XAyJ~Yy44*CF6cXfoI>x0cS8nFJ zQ!%~o&f~mHuJmdt#Nf0h_Cha}QA#*fij3S9WNqtfNMY(6@h;9Qic3mupDcLZttPlf zGDH|xo$@5Z-JEtvaU6jq3kRt(N@w$ZbPd}HLS-%9Q*8x#U@x!dq)9jkQ_Bp9U7r2Y zp+bF3Ep)7!4inSe6Pj3J)CAtqg;2I;XDIlH;&lD@fIE??YMt-9Sqm~!pfK@?*L&LfQlwX}&&&W3DS7)C9mO>}j-i=grN_>?vT3&_+~&zUtm!7>EuXTQb7vy} z2Jg&w9Q-k7^T9Dr2-ls($lmtcZGpAcvMe0>v8B2?viLQzK`>fh$d)xx5#d3TV?ES+b->^74r!gGwwM|x6ra(vF*O8y}0B+B9LVI~Tq(v42&_ z+7gAYgfb3Oeoxu&2n{;7E~zsZBKO{!Bu&7E!j5STm$pG7?1(9y!DBt4D5)1#5WIt1 z;f<3Nh=I8#B$(;pws)lnD~RW(iUY_xH@_rQ%Nwy9SJQq|wZtKHUV(ARmLnI7ljYC@ zngKJPHAY=F>Gn2a6_56T`EHU8sLxF&3Vc|X{_(+7HN}YmQa36wy8W<|nuJ`_-{dD` zWj;Jt(?(PJzY7VHoo)EAyjEi3%X7#`kp5^b4tYF0m2@kuDG(B zLW7=HQRZ1KB^d4sK+7A%w%&<`Fxf$-G6|m5r`2)hy|On2n~i3=t$;*ZG>++ugPJMy zPS^E?{WIFas-qhBKrU2_%_1#g_4F7vw1D5!;FpB*ddZPYST4$oM@sKX69ids1K*4)lWFWHje&f9#NHJKMvz1qh)7?my)Wha*p&>4Zp zv)#z8vSbwkho>hYoyFS7)u@F^_9VPQ)HIeWSGMNqQZ16&!p;TORUxRl-7@M&W>fZ6 zYq@506(`lP*kfWRbICFG+oW#nI*Sxk+9{)x?r1sHL~#>f7z!k-8qL_O(rCbP&PFIi zHFl78>WGDbI$V^q@BY>7dVH51$8`4gNlcal$il-riH1%j@gozGq4dn!!NwPDIbbg3 zbt%qhIz2m=mT8X78*~M!DXPb1l=gS7!OK zxaE|snBl6@z!_9Y*=7sXuewR$n^K|ajUg1F|7x~Fa$+eB0`Je)&=I#80cH= zG9cH!LlH%x9n);T#c(pizP7Y(n{ev4v^fs?k?RC(NuQ=D#Jk)*l;7dl>;qjU$HZDKTw z-(19Dh%$vVo^wjaN->-r<(pY4mfKNs0V>0#js_36Q`#SZI?$=a^aDX4X|VCgIZqA8G@3x15bDar$`KxOpgh>(~m=Xc7d zu3_bv8DA)-wpmIrZ9}2o2iudq^p&nrERCjb{0=L>x|S2`Cvw3t#E1h{cF#niRPG9a zsL*V^Y)H3YOVvKvwYjNe$>3;b=wWdxdz&~1$v#Hrk~wH%OXKuPFU((T!50yAWEV!~ zK}_pD#vhqCq+YH|%e#0D%u!i18VJ2hPC9NOJO4VYfaJnvm`SjbBcVoN7gw_QO98`i z9g=&3sH4Hv>nHCwK!l-5XR@+28)5An#0>aM#8A(@%WxLE~8hVaZ4x2?wk zH*X6x^4XfCjrWBTUipKLDu4|r~D}2 za)|6U*S!jYY+1T-0$E0@0I;5Ly+Co4%@WG5d6i*+lMr;v0D@V5%zvCHWIMie{bAv{ zSK|=bge~e&bm1%3UNcA1``XvNi_ETl_4!w?8Xs=beVhUHvk78iILa7S!g*Py!th&M zbq$peXV&2cScFz-Txfneutma+DFr2HEM9R8wz7`zP8nlH^PP;?k4r< zJRv&ywDlC|+_pgk@m%9s#u)eH8MAI%prUVvSm^2bfJV8XM+w$YrY7Lpn_*{eP?FRx zjbgZD9@@&on-uF3Z78)dO$J%_s(a(y>ZGRaNrixUx*R;9{BUBo)oD?SAS(y)4AU<_ znwFb&F>u;>TSlxFkO{8*Q^IC_8T3Vn%h0QXU%&`n8H4P}%XGc72;PI zt)T{$qByLmDJ0#wO`xU>nF$wmyXf*_QDsvZEG!uvb>Xbvcfe({(M#06Yb#&4bJi_r zwOfbdMH*bI7Pfa=la#oIw>=|4v3eupG# z5tgIs%;UxFrX9Ym7IjlU_SsEYBfFgw3rnWR$vF_ldfc$V@yx?%@g7eKW@{(RE@2 z1r-~@xJHNQ%hcC&lu~7@uLml%mMgWWx=d(KSZkpn#Y&5UZMgySID0kVK16DBa2t@| z5MD>&gfOf8Y+y-d_827B-0Lj5iLB+O^U8Q_ZZ@DKo*k=nTA)A-+?^Y?xn+0f`qjDA zyZCDH5P5GX&Q4KBng{nlFaV86++@FiZH}~jTZRmt9 zn~xilE#yyj`mUV`n_EM__q-H{+-xlh0ljlD6YRNelrU!?D_W+|oXc4X1!4UmvzIa6 zp5L$=7cKJsv^e1kBCS}n9L*-aG5=!2l9RE2w;EyW)0qwKQX~&w1hPZxVngVzU5Xtq z%F3%GqYJl{;Evthx<@cETBlyirWM(wR(#p@zKLx*M)0kT`<=UXri^7UDTsZI#KxSs zO<&f+>;&;8g!1*Ep8G51EhK-xnOr3KUT9zGLh{Nci zi|;$lX4;-WDL0U=uaQ0rX5+Ogo80G`88?H{Oy2vIpGC0$$4%9l%S;c++6IZU)r#xx zm6Wc0zopjVu37n=Y_>UU2W9SDgesdu47t65Zn2;4WwpC(sXU`+ z*$ZjwG(Gxc!FSo0POg-c7XA6`gAC!*s{3Hf;^J;O*S)I7vw%pQJ_Ak($ZGJqNovYs;E<)ItoS68K%^>*48SvQv3b88^CFMX8-e@bMATk z=l}on@7qtt^m=>FTpiP=Q8puK$e)I4+8%f$j*3#_)U+{h0ek^Az*#VTL}dOtIGlbL z91U-SGQSTd!~HN89)r{1>+l*FbCss0Xj+e!Oe2PY5||6iU;6*4K z%^9g_nXnU1fIFbfe-_HT_u)90mY``_umnoKF4_-37w2maL_fR?vt=Pnh2KEYG&M1D z6F1DEUkm5K0Az~xEaWEIahMO!Lb>@>qaw_OGrWMS-6{e%fcC~zk%hc808kpuIH!YNQ(R07AsZkPvqp{zdyC&BYjE-;z^ z5m(O|gZuTuaj*6}C^tC=MX^N8Py}62 z6k88<7=Zk=`>Eu0?T0e|RVe44>!BeUjl>K~U^ZL|Z741ofLvbt7>cjIg2P}g5yVoh z5EjFE5bJ7PP+rr$5N~Qfgrev^DD&Qc0S67V;jUWGCe(SG#@(KWAeYuYgR#(wmeXMpl$fc7azh^!MZXVcz+Na8d=1Jg8=`BPSKfafjg<`C18d-i zP)t6F-I%Mbh7uF)uo6B5#grdH@%2S03cCmZalry8<6Th3ACLB5flSpthhnL*Jh^mv z{{=L}7qxIB+yv$MoQ87KKSDA6P}G*2xuI;lB+8ADpSFz(qiFk~tosd=*Yq(ISH;ue zWolVaVyhHZalY0wQw?^~b**=|?| z--G3FGS{37Z78qkFccrZ1?2*Ng9c1;Mdo+Ha6*DrjGuR5f7#eY&J0~g>B z1~OSKrp|_J#D^7#1e4r$u*kvd5YOO1lvr5{A{&rVh}>9;SVT%w1lnpi6cJ0#kB+UE z93Z6~S&VccB)M>r=$0bUe?77ZkpSvIOoRszE)oNqqiun>PDj=t@-n2vAsdl4WGW(7 zo{5CdZvj3;f+c`RX^kNKgrq4E>qjK=ZDg?ETCEo8L`somh-5rMCY;i5f=)z=1o>de zq#>?bCHKeu;ZjaLEYb`=NeM1_LTeFR91g|>@CHP(n3O7HAtLcpja-E^BQZ!fG7phb zf=Dcd5P4-1KT_(JQ!PcNNiSOD{nj8O5nf9;dO^6Xpthpz1ULdoL?$E2NGuYMsKnAr zHGFEHnlxjU+BIu}dieT0^@r>8hFP9AW45|^&LW3XrIn|tUFC(!Q#pm+;mT{Nzp1RI zZkk&`{n*@T)VIyg%y4Q|9?SBF^kyTZ2ZH`a!?vO651OIwBBwe!KSg~re>k(_YIL=s zCNufc3V*<`bg$82HX3@4&D@SI9XEvei)&q%ck46*#+CEc zf<@UA*v;S8=CQnblgIQKUcJ){wdjq0FDIJnjm2(dEy+f=?MvrT?_QRoPA*Ff#hnL?;~|aR)IGv#vAevvY^( zraoilsgq_>xK&P_zHxkNWCz>FdbTm`@J{V^__k9wR*(Po_jb$YZ)^>J+~Ut;i%0$L zIH$HW5HkJh-gDzdvO&<;)NTgDb5?dtWX|c%Nosl5c-^Tj3z`;z<7sU5G#h${5wuOe zrL7R>hguBfUNc7Bw>e(DcyoTdlVLmL4;t$JEu+=p@&r}BHAeMr9Uot$t(;r6YUzrV z>Vxm4sGQrI)LXZgIEvI?@7SV#xow)7erKNAdFRa>+;dlcd^AeLUUz%d8$XaxUUJU_ z>NoG3rl$2KsP5i$tgy!KYj2a#9JE2ynojkz-ZW;v-YaX)_vTWk_BE>mKU%Jq_h-~J z`Gakqkga?4MXMLCjGm^o8EyVxx9;&_E)TY`bR!rfo=hw3CBN0+Yj3sZh1Y6rw$W&- zmD^jATKt`ZQEi7jp>|tU?8sM#cT85fJ2T>oi;9cfu3%${s@+-8v&vP)>yW)&)t-l!qcw&AU4zupARPt>ua<2OE%NZjoEP1&eUsKRjF~`c(ieuSBX6UN^_+%y> zJzhm!enPHTej-ECcJZrYRs5@x1~Olppb}qCr}d9F%hc+(RsPau(-$(EBleA0cW}t+ zCe8RRsiod~w~$P|Bs?mKYGAKCCNAk|B@q|tgMoudEZf7mFTG#SNhzl$Q6D;$rW#I- zyVQzPJ5FUpdL*UDrUAkpGkZzi9RqtUFL{9N+31~9t_nL8B%9hrdJP5(M<8Ay0?j}> zCT8KB|Jp_rY!3u{1N&?OP7V2JDhE#gXg2k>bK>Mj&x_-~`$?Yq`zN{MoZ8CPpxL3f zOL}ZILebo)YCp|W7eC8nX5AO1>eDZ>oRa<)lK$qdP%Rg-)QcC|Roho<$$w}6d6#

    L3}V_|<+ ztRtcSXsm<(|NgVF4!kZHlW6K05>Ban?`LKUiqND3-jkFbgQFbI9 P_CGbsk>6jO, 2009. +# Josef Andersson , 2016, 2017, 2019. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.1.0-rc4\n" +"Project-Id-Version: cryptsetup 2.1.0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2010-01-08 11:37+0100\n" -"Last-Translator: Daniel Nylander \n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2019-05-17 16:51+0200\n" +"Last-Translator: Josef Andersson \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 2.2.1\n" -#: lib/libdevmapper.c:252 -#, fuzzy -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "Kan inte initiera device-mapper. Är kärnmodulen dm_mod inläst?\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Det gÃ¥r inte att initiera device-mapper, kör som icke-root-användare." + +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Det gÃ¥r inte att initiera device-mapper. Är kärnmodulen dm_mod inläst?" -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "Kan inte initiera device-mapper. Är kärnmodulen dm_mod inläst?\n" +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Begärd flagga deferred stöds inte." -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "DM-UUID för enheten %s förkortades.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID för enheten %s förkortades." + +#: lib/libdevmapper.c:1520 +#, fuzzy +msgid "Unknown dm target type." +msgstr "Okänd PBKDF-typ %s." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Begärd flagga för dm-crypt-prestanda stöds inte." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Begärd flagga för dm-verity-dataintegritet stöds inte." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Begärd flagga dm-verity FEC stöds inte." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Begärd flagga för dataintegritet stöds inte." -#: lib/libdevmapper.c:698 +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Begärd flagga sector_size stöds inte." + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Begärd automatisk beräkning av integritetstaggar stöds inte." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Discard/TRIM stöds inte." + +#: lib/libdevmapper.c:1653 #, fuzzy -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Begärd LUKS-hash %s stöds inte.\n" +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Begärd flagga för dataintegritet stöds inte." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Misslyckades med att läsa dm-%s-segment." -#: lib/random.c:76 +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" +"Systemet fick slut pÃ¥ entropi under generering av volymnyckeln.\n" +"Flytta musen eller skriv in text i ett annat fönster för att samla nÃ¥gra slumpmässiga händelser.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" -msgstr "" +msgstr "Genererar nyckel (%d%% done).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Kör i FIPS-läge." -#: lib/random.c:206 -#, fuzzy -msgid "Unknown RNG quality requested.\n" -msgstr "Okänd typ av krypteringsenhet %s begärd.\n" +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Ödesdigert fel under RNG-initiering." -#: lib/random.c:211 -#, fuzzy, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Fel vid läsning av lösenfras.\n" +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Okänd RNG-kvalitet begärd." -#: lib/setup.c:200 -#, fuzzy -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "Kan inte initiera krypteringsbakände.\n" +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Fel vid läsning frÃ¥n RNG." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Kan inte initiera krypteringsbakände.\n" +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Det gÃ¥r inte att initiera RNG-krypteringsbakände." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 -#, fuzzy, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "Begärd LUKS-hash %s stöds inte.\n" +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Det gÃ¥r inte att initiera krypteringsbakände." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 -#, fuzzy, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Fel vid nyckelbehandling.\n" +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Hashalgoritmen %s stöds inte." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Fel vid nyckelbearbetning (använder hash %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Det gÃ¥r inte att avgöra enhetstyp. Inkompatibel aktivering av enhet?" -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Denna Ã¥tgärd stöds endast för LUKS-enheter.\n" +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Denna Ã¥tgärd stöds endast av LUKS-enheter." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Alla nyckelplatser är upptagna.\n" +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Denna Ã¥tgärd stöds endast av LUKS2-enheter." -#: lib/setup.c:327 +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Alla nyckelplatser är upptagna." + +#: lib/setup.c:434 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "Nyckelplats %d är ogiltig. Välj mellan 0 och %d.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Nyckelplats %d är ogiltig. Välj mellan 0 och %d." -#: lib/setup.c:333 +#: lib/setup.c:440 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "Nyckelplats %d är full. Välj en annan.\n" +msgid "Key slot %d is full, please select another one." +msgstr "Nyckelplats %d är full. Välj en annan." + +#: lib/setup.c:525 lib/setup.c:2824 +#, fuzzy +msgid "Device size is not aligned to device logical block size." +msgstr "Storlek pÃ¥ enhet är inte justerad till begärd sektorstorlek." -#: lib/setup.c:472 +#: lib/setup.c:624 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Ange lösenfras för %s: " +msgid "Header detected but device %s is too small." +msgstr "Huvud identifierat men enheten %s är för liten." -#: lib/setup.c:653 -#, fuzzy, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "LUKS-huvud identifierat men enheten %s är för liten.\n" +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Denna Ã¥tgärd stöds inte för denna enhetstyp." -#: lib/setup.c:669 lib/setup.c:1420 +#: lib/setup.c:666 #, fuzzy -msgid "This operation is not supported for this device type.\n" -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +msgid "Illegal operation with reencryption in-progress." +msgstr "FrÃ¥nkopplad kryptering pÃ¥gÃ¥r. Avbryter." -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Device %s is not active.\n" -msgstr "Enheten %s är inte aktiv.\n" +msgid "Unsupported LUKS version %d." +msgstr "LUKS-versionen %d stöds inte." -#: lib/setup.c:925 +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "FrÃ¥nkopplad metadataenhet stöds ej av denna crypt-typ." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "" +msgid "Device %s is not active." +msgstr "Enheten %s är inte aktiv." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Ogiltiga parametrar för vanlig kryptering.\n" +#: lib/setup.c:1444 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "Underliggande enhet för krypteringsenhet %s försvann." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Ogiltig nyckelstorlek.\n" +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Ogiltiga parametrar för vanlig kryptering." -#: lib/setup.c:1004 lib/setup.c:1124 -#, fuzzy -msgid "UUID is not supported for this crypt type.\n" -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Ogiltig nyckelstorlek." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Kan inte formatera LUKS utan enhet.\n" +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID stöds inte för denna krypteringstyp." -#: lib/setup.c:1089 -#, fuzzy, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Kan inte öppna enheten %s för %s%s Ã¥tkomst.\n" +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Stöder inte sektorstorleken för kryptering." -#: lib/setup.c:1092 -#, fuzzy, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Kan inte läsa enheten %s.\n" +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Storlek pÃ¥ enhet är inte justerad till begärd sektorstorlek." -#: lib/setup.c:1096 -#, fuzzy, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Kan inte rensa huvudet pÃ¥ enheten %s.\n" +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Det gÃ¥r inte att formatera LUKS utan enhet." -#: lib/setup.c:1114 -#, fuzzy -msgid "Can't format LOOPAES without device.\n" -msgstr "Kan inte formatera LUKS utan enhet.\n" +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Begärd datajustering är inte kompatibel med dataoffset." -#: lib/setup.c:1152 -#, fuzzy -msgid "Can't format VERITY without device.\n" -msgstr "Kan inte formatera LUKS utan enhet.\n" +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "VARNING: Dataoffset ligger utanför aktuell dataenhet.\n" -#: lib/setup.c:1160 lib/verity/verity.c:106 -#, fuzzy, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "LUKS-versionen %d stöds inte.\n" +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Det gÃ¥r inte att rensa huvudet pÃ¥ enheten %s." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "" +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "VARNING: Enhetsaktiveringen kommer att misslyckas, dm-crypt saknar stöd för begärd krypteringsektorstorlek.\n" -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "" +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Volymnyckeln är för liten för kryptering med integritetstillägg." -#: lib/setup.c:1285 +#: lib/setup.c:1821 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Okänd typ av krypteringsenhet %s begärd.\n" +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Chiffret %s-%s (nyckelstorlek %zd bitar) är inte tillgängligt." -#: lib/setup.c:1435 -msgid "Do you really want to change UUID of device?" +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "" -#: lib/setup.c:1545 +#: lib/setup.c:1858 #, c-format -msgid "Volume %s is not active.\n" -msgstr "Volymen %s är inte aktiv.\n" +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" -#: lib/setup.c:1556 +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Volymen %s är redan i vänteläge.\n" +msgid "Device %s is too small." +msgstr "Enheten %s är för liten." -#: lib/setup.c:1563 -#, fuzzy, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Det gÃ¥r inte att formatera enheten %s dÃ¥ den används." -#: lib/setup.c:1565 -#, fuzzy, c-format -msgid "Error during suspending device %s.\n" -msgstr "Fel vid uppdatering av LUKS-huvud pÃ¥ enheten %s.\n" +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Det gÃ¥r inte att formatera enheten %s, behörighet nekad." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:1908 lib/setup.c:2229 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Volymen %s är inte i vänteläge.\n" +msgid "Cannot format integrity for device %s." +msgstr "Det gÃ¥r inte att formatera integritet för enheten %s." -#: lib/setup.c:1605 -#, fuzzy, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "Det gÃ¥r inte att formatera enheten %s." -#: lib/setup.c:1607 lib/setup.c:1659 -#, fuzzy, c-format -msgid "Error during resuming device %s.\n" -msgstr "Fel vid uppdatering av LUKS-huvud pÃ¥ enheten %s.\n" +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Kan inte formatera LOOPAES utan enhet." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Ange lösenfras: " +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Det gÃ¥r inte att formatera VERITY utan enhet." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Kan inte lägga till nyckelplats. Alla platser är inaktiverade och ingen " -"volymnyckel har angivits.\n" +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "VERITY-hashtyp %d stöds inte." -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Ange valfri lösenfras: " +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "VERITY-blockstorlek som inte stöds." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Ange ny lösenfras för nyckelplats: " +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "VERITY-hashoffset som inte stöds." -#: lib/setup.c:1798 -#, fuzzy, c-format -msgid "Key slot %d changed.\n" -msgstr "Nyckelplats %d är upplÃ¥st.\n" +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "VERITY-FEC-offset som inte stöds." -#: lib/setup.c:1801 -#, c-format -msgid "Replaced with key slot %d.\n" -msgstr "" +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "DataomrÃ¥de spiller över pÃ¥ hashomrÃ¥det." -#: lib/setup.c:1806 -#, fuzzy -msgid "Failed to swap new key slot.\n" -msgstr "Misslyckades med att ta status pÃ¥ nyckelfilen %s.\n" +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "HashomrÃ¥de spiller över pÃ¥ FEC-mrÃ¥det." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Volymnyckeln stämmer inte överens med volymen.\n" +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "DataomrÃ¥de spiller över pÃ¥ FEC-mrÃ¥det." -#: lib/setup.c:1961 +#: lib/setup.c:2208 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Nyckelplats %d är ogiltig.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" -#: lib/setup.c:1966 +#: lib/setup.c:2286 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Nyckelplats %d används inte.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Okänd typ av krypteringsenhet %s begärd." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Device %s already exists.\n" -msgstr "Enheten %s finns redan.\n" +msgid "Unsupported parameters on device %s." +msgstr "Parametrar som inte stöds pÃ¥ enheten %s." -#: lib/setup.c:2171 -#, fuzzy -msgid "Incorrect volume key specified for plain device.\n" -msgstr "Kan inte hämta volymnyckel för vanlig enhet.\n" +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Kan inte rensa huvudet pÃ¥ enheten %s." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." msgstr "" -#: lib/setup.c:2227 -#, fuzzy -msgid "Device type is not properly initialised.\n" -msgstr "Enheten %s är inte aktiv.\n" +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." -#: lib/setup.c:2259 +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 #, fuzzy, c-format -msgid "Device %s is still in use.\n" -msgstr "Enheten %s är upptagen.\n" +msgid "Failed to suspend device %s." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." -#: lib/setup.c:2268 -#, c-format -msgid "Invalid device %s.\n" -msgstr "Ogiltig enhet %s.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." msgstr "" -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Buffert för volymnyckel är för liten.\n" +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Det gÃ¥r inte att ändra storlek pÃ¥ loop-enhet." + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "Vill du verkligen ändra UUID för en enhet?" -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "Kan inte hämta volymnyckel för vanlig enhet.\n" +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Säkerhetskopian för huvud innehÃ¥ller inte nÃ¥got giltigt LUKS-huvud." -#: lib/setup.c:2310 +#: lib/setup.c:3058 #, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +msgid "Volume %s is not active." +msgstr "Volymen %s är inte aktiv." -#: lib/setup.c:2506 -#, fuzzy -msgid "Dump operation is not supported for this device type.\n" -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +#: lib/setup.c:3069 +#, c-format +msgid "Volume %s is already suspended." +msgstr "Volymen %s är redan i vänteläge." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Kan inte fÃ¥ processprioritet.\n" +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "Vänteläge stöds inte för enhet %s." -#: lib/utils.c:258 -#, fuzzy -msgid "Cannot unlock memory.\n" -msgstr "Kan inte lÃ¥sa upp minne." +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "Fel dÃ¥ enheten %s försattes i vänteläge." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Slut pÃ¥ minne vid läsning av lösenfras.\n" +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "Volymen %s är inte i vänteläge." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Fel vid läsning av lösenfras frÃ¥n terminal.\n" +#: lib/setup.c:3146 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "Att Ã¥teruppta stöds inte för enhet %s." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Verifiera lösenfras: " +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "Fel dÃ¥ enheten %s Ã¥terupptogs." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Lösenfraserna stämmer inte överens.\n" +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Volymnyckeln stämmer inte överens med volymen." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Det gÃ¥r inte att lägga till nyckelplats. Alla platser är inaktiverade och ingen volymnyckel har angivits." + +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Misslyckades med att byta ny nyckelplats." + +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Nyckelplats %d är ogiltig." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Nyckelplats %d är inte aktiv." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "DataomrÃ¥de spiller över pÃ¥ hashomrÃ¥det." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 +#: lib/setup.c:3981 #, fuzzy -msgid "Failed to open key file.\n" -msgstr "Misslyckades med att öppna nyckelfilen %s.\n" +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Omkryptering pÃ¥gÃ¥r redan." -#: lib/utils_crypt.c:378 +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 #, fuzzy -msgid "Failed to stat key file.\n" -msgstr "Misslyckades med att ta status pÃ¥ nyckelfilen %s.\n" +msgid "Failed to get reencryption lock." +msgstr "Misslyckades med att erhÃ¥lla skrivlÃ¥s för enhet." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "" +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +#, fuzzy +msgid "LUKS2 reencryption recovery failed." +msgstr "Stöder inte sektorstorleken för kryptering." + +#: lib/setup.c:4127 lib/setup.c:4379 +#, fuzzy +msgid "Device type is not properly initialized." +msgstr "Enhetstypen är inte korrekt initierad." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Fel vid läsning av lösenfras.\n" +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Det gÃ¥r inte att använda enheten %s som fortfarande används eller har ett ogiltigt namn." + +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "Enheten %s finns redan." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Felaktig volymnyckel för vanlig enhet." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Felaktig rothash angiven för verity-enhet." + +#: lib/setup.c:4412 +msgid "Root hash signature required." msgstr "" -#: lib/utils_crypt.c:447 +#: lib/setup.c:4421 #, fuzzy -msgid "Cannot read requested amount of data.\n" -msgstr "Kan inte läsa säkerhetskopia för huvud %s.\n" +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Kärnans nyckelring stöds inte av kärnan." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Misslyckades med att öppna nyckelringen för kärnan." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Enheten %s finns inte eller Ã¥tkomst nekas.\n" +msgid "Device %s is still in use." +msgstr "Enheten %s används fortfarande." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "" +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "Ogiltig enhet %s." -#: lib/utils_device.c:433 +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Buffert för volymnyckelen är för liten." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Kan inte hämta volymnyckel för vanlig enhet." + +#: lib/setup.c:4657 #, fuzzy -msgid "Cannot find a free loopback device.\n" -msgstr "Kan inte läsa enheten %s.\n" +msgid "Cannot retrieve root hash for verity device." +msgstr "Felaktig rothash angiven för verity-enhet." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "UtskriftsÃ¥tgärden stöds inte för denna enhetstyp." -#: lib/utils_device.c:484 +#: lib/setup.c:5190 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" +msgid "Data offset is not multiple of %u bytes." msgstr "" -#: lib/utils_device.c:488 +#: lib/setup.c:5475 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Kan inte hämta information om enheten %s.\n" +msgid "Cannot convert device %s which is still in use." +msgstr "Det gÃ¥r inte konvertera enheten %s som fortfarande används." -#: lib/utils_device.c:494 +#: lib/setup.c:5772 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "" +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Misslyckades med att tilldela nyckelplats %u som ny volymnyckel." + +#: lib/setup.c:5845 +#, fuzzy +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Misslyckades med att sätta standardnyckelplats för LUKS2-parametrar." -#: lib/utils_device.c:502 +#: lib/setup.c:5851 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Enheten %s har noll storlek.\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "Misslyckades med att tilldela nyckelplats %d till kontrollsummor." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Kärnans nyckelring stöds inte av kärnan." -#: lib/utils_device.c:513 +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "Device %s is too small.\n" -msgstr "Enheten %s är för liten.\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Misslyckades med att läsa lösenfras frÃ¥n nyckelringsnyckel (fel %d)." -#: lib/luks1/keyencryption.c:37 -#, fuzzy, c-format -msgid "" -"Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." msgstr "" -"Misslyckades med att konfigurera nyckelmappning för dm-crypt för\n" -"enheten %s. Kontrollera att kärnan har stöd för chiffret %s\n" -"(kontrollera syslog för mer information).\n" -"%s" -#: lib/luks1/keyencryption.c:42 -#, fuzzy -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "Nyckelstorlek mÃ¥ste vara en multipel av 8 bitar" +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Det gÃ¥r inte att fÃ¥ processprioritet." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Det gÃ¥r inte att lÃ¥sa upp minne." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Misslyckades med att öppna nyckelfilen." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Det gÃ¥r inte läsa nyckelfilen frÃ¥n en terminal." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Misslyckades med att ta stat pÃ¥ nyckelfilen." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Det gÃ¥r inte att söka till begärd nyckelfilsoffset." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Slut pÃ¥ minne vid läsning av lösenfras." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Fel vid läsning av lösenfras." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Ingenting att läsa vid inmating." -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Högsta nyckelfilsstorlek överskriden." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Det gÃ¥r inte läsa begärd mängd data." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 #, fuzzy, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Kan inte rensa enheten %s.\n" +msgid "Device %s does not exist or access denied." +msgstr "Enheten %s finns inte eller Ã¥tkomst nekas." -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "Misslyckades med att öppna temporär nyckellagringsenhet.\n" +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Enheten %s är inte aktiv." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "Misslyckades med att komma Ã¥t temporär nyckellagringsenhet.\n" +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Enhet %s är för liten. Behöver minst % byte." -#: lib/luks1/keyencryption.c:191 -#, fuzzy -msgid "IO error while encrypting keyslot.\n" -msgstr "Storleken för krypteringsnyckeln" +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Det gÃ¥r inte att använda enheten %s som redan används (redan mappad eller monterad)." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "" +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Det gÃ¥r inte att använda enhet %s, behörighet nekad." -#: lib/luks1/keymanage.c:90 +#: lib/utils_device.c:730 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "" +msgid "Cannot get info about device %s." +msgstr "Kan inte hämta information om enheten %s." -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 -#, fuzzy, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "Enheten %s är inte en LUKS-enhet.\n" +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Kan inte använda en loopback-enhet, kör som icke-root-användare." -#: lib/luks1/keymanage.c:198 -#, fuzzy, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Begärda filen %s finns redan.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Misslyckades med att fästa loopback-enhet (kräver loop-enhet med flaggan autoclear)." -#: lib/luks1/keymanage.c:200 -#, fuzzy, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Kan inte läsa säkerhetskopia för huvud %s.\n" +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Begärd offset är bortom faktiska enhetsstorleken för %s." -#: lib/luks1/keymanage.c:205 +#: lib/utils_device.c:817 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Kan inte skriva säkerhetskopia för huvud %s.\n" +msgid "Device %s has zero size." +msgstr "Enheten %s har noll storlek." -#: lib/luks1/keymanage.c:239 -#, fuzzy -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Säkerhetskopian innehÃ¥ller inte nÃ¥got giltigt LUKS-huvud.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Begärd mÃ¥ltid för PBKDF kan inte vara noll." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/utils_pbkdf.c:106 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Kan inte öppna säkerhetskopia för huvud %s.\n" +msgid "Unknown PBKDF type %s." +msgstr "Okänd PBKDF-typ %s." -#: lib/luks1/keymanage.c:258 +#: lib/utils_pbkdf.c:111 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Kan inte läsa säkerhetskopia för huvud %s.\n" +msgid "Requested hash %s is not supported." +msgstr "Begärd hash %s stöds inte." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Dataoffset eller nyckelstorlek skiljer sig pÃ¥ enhet och säkerhetskopia. " -"Återställningen misslyckades.\n" +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Begärd PBKDF-typ stöds inte för LUKS1." -#: lib/luks1/keymanage.c:277 +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Högsta minne för PBKDF eller parallella trÃ¥dar fÃ¥r inte sättas med pbkdf2." + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Device %s %s%s" -msgstr "Enhet %s %s%s" +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Tvingad iterationsuppräkning är för liten för %s (minsta är %u)." -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"innehÃ¥ller inget LUKS-huvud. Ersättning av huvud kan förstöra data pÃ¥ " -"enheten." +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Tvingad minneskostnad är för lÃ¥g för %s (minimum är %u kilobyte)." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"innehÃ¥ller redan LUKS-huvud. Ersättningen av huvud kommer att förstöra " -"befintliga nyckelplatser." +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Kostnaden för det begärda högsta minnet för PBKDF är för högt (maximum är %d kilobyte)." -#: lib/luks1/keymanage.c:280 -msgid "" -"\n" -"WARNING: real device header has different UUID than backup!" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Högst begärt minne för PBKDF kan inte vara noll." + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Begärda parallella trÃ¥dar för PBKDF kan inte vara noll." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." msgstr "" -"\n" -"VARNING: verkligt enhetshuvud har annat UUID än säkerhetskopian!" -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Prestandamätning för PBKDF är inaktiverad men iterationer är inte satt." + +#: lib/utils_benchmark.c:191 #, c-format -msgid "Cannot open device %s.\n" -msgstr "Kan inte öppna enheten %s.\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Ej kompatibla PBKDF2-flaggor (använder hash-algoritmen %s)." -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "" +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Ej kompatibla PBKDF2-flaggor." -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "LÃ¥sningen avbruten. LÃ¥sningsökvägen %s/%s oanvändbar (inte en katalog eller saknas)." -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "" +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "VARNING:LÃ¥skatalog %s/%s saknas!\n" -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "" +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "LÃ¥sningen avbruten. LÃ¥sningsökvägen %s/%s oanvändbar (%s är inte en katalog)." -#: lib/luks1/keymanage.c:363 +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Det gÃ¥r inte att söka till enhetsoffset." + +#: lib/utils_wipe.c:208 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" +msgid "Device wipe error, offset %." msgstr "" -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keyencryption.c:39 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" +"Misslyckades med att konfigurera nyckelmappning för dm-crypt för enheten %s. \n" +"Kontrollera att kärnan har stöd för chiffret %s (kontrollera syslog för mer information)." -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Nyckelstorlek i XTS-läge mÃ¥ste vara en multipel av 256 eller 512 bitar." + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Chifferspecifikation ska vara i formatet [chiffer] - [läge] - [iv]." + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "" +msgid "Cannot write to device %s, permission denied." +msgstr "Kan inte skriva till enhet %s, behörighet nekad." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Misslyckades med att öppna temporär nyckellagringsenhet." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Misslyckades med att komma Ã¥t temporär nyckellagringsenhet." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "In-/utfel vid kryptering av nyckelplats." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Det gÃ¥r inte att öppna enheten %s." -#: lib/luks1/keymanage.c:385 -#, fuzzy, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Nyckelplats %d är ogiltig.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "In-/utfel vid dekryptering av nyckelplats." -#: lib/luks1/keymanage.c:396 -#, fuzzy -msgid "Writing LUKS header to disk.\n" -msgstr "Fel vid uppdatering av LUKS-huvud pÃ¥ enheten %s.\n" +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Enhet %s är för liten. (LUKS1 kräver minst % byte.)" -#: lib/luks1/keymanage.c:421 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "LUKS-nyckelplats %u är ogiltig." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "LUKS-versionen %d stöds inte.\n" +msgid "Device %s is not a valid LUKS device." +msgstr "Enheten %s är inte en giltig LUKS-enhet." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "Begärd LUKS-hash %s stöds inte.\n" +msgid "Requested header backup file %s already exists." +msgstr "Begärd säkerhetskopia %s av huvud finns redan." -#: lib/luks1/keymanage.c:442 -#, fuzzy, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "Nyckelplats %d är ogiltig.\n" +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "Det gÃ¥r inte att skapa säkerhetskopia för huvud %s." -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "" +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "Det gÃ¥r inte skriva säkerhetskopia för huvud %s." + +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +#, fuzzy +msgid "Backup file does not contain valid LUKS header." +msgstr "Säkerhetskopian innehÃ¥ller inte nÃ¥got giltigt LUKS-huvud." -#: lib/luks1/keymanage.c:596 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Fel vid uppdatering av LUKS-huvud pÃ¥ enheten %s.\n" +msgid "Cannot open header backup file %s." +msgstr "Det gÃ¥r inte att öppna säkerhetskopia för huvud %s." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "Fel vid omläsning av LUKS-huvud efter uppdatering pÃ¥ enheten %s.\n" +msgid "Cannot read header backup file %s." +msgstr "Det gÃ¥r inte att läsa säkerhetskopia för huvud %s." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Dataoffset eller nyckelstorlek skiljer sig Ã¥t pÃ¥ enhet och säkerhetskopia. Återställningen misslyckades." + +#: lib/luks1/keymanage.c:325 #, c-format +msgid "Device %s %s%s" +msgstr "Enhet %s %s%s" + +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "innehÃ¥ller inget LUKS-huvud. Ersättning av huvud kan förstöra data pÃ¥ enheten." + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "innehÃ¥ller redan LUKS-huvud. Ersättningen av huvud kommer att förstöra befintliga nyckelplatser." + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" +"\n" +"WARNING: real device header has different UUID than backup!" msgstr "" +"\n" +"VARNING: verkligt enhetshuvud har annat UUID än säkerhetskopian!" -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -#, fuzzy -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Felaktigt UUID-format angavs, genererar ny.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Ej standardstorlek pÃ¥ nyckel, manuell reparation krävs." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "" -"Kan inte skapa LUKS-huvud: läsning av slumpmässigt salt misslyckades.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Ej standardjustering pÃ¥ nyckelplatser, manuell reparation krävs." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, fuzzy, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Ej kompatibla PBKDF2-flaggor (använder hash-algoritmen %s)." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Reparerar nyckelplatser." -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Kan inte skapa LUKS-huvud: huvudsammanfattning misslyckades (använder hashen " -"%s).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Nyckelplats %i: reparerad offset (%u -> %u)." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "Nyckelplats %d är aktiv, rensa först.\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Nyckelplats %i: reparerade remsor (%u -> %u)." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Nyckelplats %d material inkluderar för fÃ¥ stripes. Har huvudet " -"manipulerats?\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Nyckelplats %i: fejkpartitionssignatur." -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Nyckelplats %d är upplÃ¥st.\n" +msgid "Keyslot %i: salt wiped." +msgstr "Nyckelplats %i: salt borttaget." -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Ingen nyckel finns tillgänglig med denna lösenfras.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Skriver LUKS-huvud till disk." -#: lib/luks1/keymanage.c:1003 -#, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "Nyckelplats %d är ogiltig. Välj en nyckelplats mellan 0 och %d.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Reparation misslyckades." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Kan inte rensa enheten %s.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "Begärd LUKS-hash %s stöds inte." -#: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Inga kända problem identifierade för LUKS-huvud." -#: lib/loopaes/loopaes.c:147 -msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" -msgstr "" +#: lib/luks1/keymanage.c:660 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "Fel vid uppdatering av LUKS-huvud pÃ¥ enheten %s." -#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "" +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Fel vid omläsning av LUKS-huvud efter uppdatering pÃ¥ enheten %s." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Data-offset för fristÃ¥ende LUKS-huvud mÃ¥ste vara antingen 0 eller större än huvudstorleken." -#: lib/tcrypt/tcrypt.c:475 -#, fuzzy, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Fel vid läsning av lösenfras.\n" +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Felaktigt LUKS-UUID-format angavs." -#: lib/tcrypt/tcrypt.c:513 -#, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "" +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Kan inte skapa LUKS-huvud: läsning av slumpmässigt salt misslyckades." -#: lib/tcrypt/tcrypt.c:543 +#: lib/luks1/keymanage.c:804 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Kan inte skapa LUKS-huvud: kontrollsumma för huvud misslyckades (använder hashen %s)." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "" +#: lib/luks1/keymanage.c:848 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "Nyckelplats %d är aktiv, rensa först." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "" +#: lib/luks1/keymanage.c:854 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Nyckelplats %d material inkluderar för fÃ¥ remsor. Har huvudet manipulerats?" -#: lib/tcrypt/tcrypt.c:707 +#: lib/luks1/keymanage.c:990 #, fuzzy, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +msgid "Cannot open keyslot (using hash %s)." +msgstr "Fel vid nyckelbearbetning (använder hash %s)." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "" +#: lib/luks1/keymanage.c:1066 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Nyckelplats %d är ogiltig. Välj en nyckelplats mellan 0 och %d." -#: lib/tcrypt/tcrypt.c:744 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "" +msgid "Cannot wipe device %s." +msgstr "Kan inte rensa enheten %s." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "" +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Identifierade en GPG-krypterad nyckelfil som ännu inte stöds." + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "Använd gpg --decrypt | cryptsetup --keyfile=- …\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "Identifierade inkompatibel loop-AES-nyckelfil." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/loopaes/loopaes.c:245 #, fuzzy -msgid "This function is not supported without TCRYPT header load." -msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s.\n" +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Kärnan stöder inte loop-AES-kompatibel mappning." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "" +msgid "Error reading keyfile %s." +msgstr "Fel vid läsning av nyckelfil %s." -#: lib/verity/verity.c:94 +#: lib/tcrypt/tcrypt.c:554 #, fuzzy, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Enheten %s är inte en LUKS-enhet.\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Högsta TCRYPT-lösenfraslängd (%d) överskriden." -#: lib/verity/verity.c:101 -#, fuzzy, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "LUKS-versionen %d stöds inte.\n" +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "PBKDF2-hashalgoritm %s ej tillgänglig, hoppar över." -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Begärt kryptogränssnitt för kärnan inte tillgängligt." -#: lib/verity/verity.c:166 -#, fuzzy, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "Felaktigt UUID-format angavs, genererar ny.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Försäkra dig om att kärnmodulen algif_skcipher är inläst." -#: lib/verity/verity.c:196 -#, fuzzy, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Fel vid uppdatering av LUKS-huvud pÃ¥ enheten %s.\n" +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "Aktivering stöds inte för sektorstorlek %d." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "" +#: lib/tcrypt/tcrypt.c:759 +#, fuzzy +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Kärnan stöder inte aktivering för detta förÃ¥ldrade TCRYPT-läge." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "" +#: lib/tcrypt/tcrypt.c:793 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Aktiverar TCRYPT-systemkryptering för partition %s." -#: lib/verity/verity_hash.c:59 +#: lib/tcrypt/tcrypt.c:871 +#, fuzzy +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Kärnan stöder inte TCRYPT-kompatibel mappning." + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "Denna funktion stöds inte utan inläsning av TCRYPT-huvud." + +#: lib/bitlk/bitlk.c:333 #, c-format -msgid "Spare area is not zeroed at position %.\n" +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "" -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." msgstr "" -#: lib/verity/verity_hash.c:161 +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Verification failed at position %.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." msgstr "" -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." msgstr "" -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Misslyckades med att läsa LUKS2-krav." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." msgstr "" -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." msgstr "" -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." msgstr "" -#: lib/verity/verity_hash.c:365 -#, fuzzy -msgid "Input/output error while creating hash area.\n" -msgstr "Slut pÃ¥ minne vid läsning av lösenfras.\n" - -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "" - -#: lib/verity/verity_hash.c:414 -#, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Stöder inte sektorstorleken för kryptering." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "Kan inte verifiera lösenfras pÃ¥ icke-tty-ingÃ¥ngar.\n" +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Misslyckades med att läsa LUKS2-krav." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Inget känt chifferspecifikationsmönster kunde identifieras.\n" +#: lib/bitlk/bitlk.c:543 +#, fuzzy, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Misslyckades med att läsa LUKS2-krav." -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" -msgstr "" +#: lib/bitlk/bitlk.c:594 +#, fuzzy +msgid "Unknown or unsupported encryption type." +msgstr "Stöder inte sektorstorleken för kryptering." -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" -msgstr "" +#: lib/bitlk/bitlk.c:627 +#, fuzzy, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Misslyckades med att läsa LUKS2-krav." -#: src/cryptsetup.c:218 +#: lib/bitlk/bitlk.c:921 #, fuzzy -msgid "Option --key-file is required.\n" -msgstr "Flaggan --header-backup-file krävs.\n" +msgid "This operation is not supported." +msgstr "Denna Ã¥tgärd stöds inte för krypteringsenheter av typen %s." -#: src/cryptsetup.c:267 +#: lib/bitlk/bitlk.c:929 #, fuzzy -msgid "No device header detected with this passphrase.\n" -msgstr "Ingen nyckel finns tillgänglig med denna lösenfras.\n" +msgid "Wrong key size." +msgstr "Ogiltig nyckelstorlek." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." msgstr "" -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." msgstr "" -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "" +#: lib/bitlk/bitlk.c:1069 +#, fuzzy +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Aktivering av temporära enheter misslyckades." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." msgstr "" -#: src/cryptsetup.c:587 -#, fuzzy, c-format -msgid "Cipher %s is not available.\n" -msgstr "Enheten %s är inte aktiv.\n" - -#: src/cryptsetup.c:614 -msgid "N/A" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." msgstr "" -#: src/cryptsetup.c:639 -#, fuzzy, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Kan inte läsa enheten %s.\n" - -#: src/cryptsetup.c:643 +#: lib/verity/verity.c:68 lib/verity/verity.c:171 #, fuzzy, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Kan inte läsa %d byte frÃ¥n nyckelfilen %s.\n" - -#: src/cryptsetup.c:672 -#, fuzzy -msgid "Really try to repair LUKS device header?" -msgstr "Återställ huvud och nyckelplatser för LUKS-enhet" +msgid "Verity device %s does not use on-disk header." +msgstr "Verity-enhet %s använder inte huvud pÃ¥ disk." -#: src/cryptsetup.c:697 +#: lib/verity/verity.c:90 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Detta kommer att skriva över data pÃ¥ %s och gÃ¥r inte att Ã¥ngra." - -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "minnesallokeringsfel i action_luksFormat" +msgid "Device %s is not a valid VERITY device." +msgstr "Enheten %s är inte en giltig VERITY-enhet." -#: src/cryptsetup.c:717 +#: lib/verity/verity.c:97 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "" - -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" +msgid "Unsupported VERITY version %d." +msgstr "VERITY-versionen %d stöds inte." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 -#, fuzzy, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "nyckeplats %d markerad för borttagning.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "VERITY-huvud är skadat." -#: src/cryptsetup.c:884 +#: lib/verity/verity.c:165 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Nyckel %d är inte aktiv. Kan inte rensa.\n" +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Felaktigt VERITY-UUID-format angivet pÃ¥ enhet %s." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 -msgid "" -"This is the last keyslot. Device will become unusable after purging this key." -msgstr "" -"Detta är sista nyckelplatsen. Enheten kommer att bli oanvändbar efter att " -"denna nyckel tagits bort." +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Fel vid uppdatering av verity-huvud pÃ¥ enheten %s." -#: src/cryptsetup.c:893 +#: lib/verity/verity.c:256 #, fuzzy -msgid "Enter any remaining passphrase: " -msgstr "Ange eventuell Ã¥terstÃ¥ende LUKS-lösenfras: " +msgid "Root hash signature verification is not supported." +msgstr "Begärd hash %s stöds inte." -#: src/cryptsetup.c:921 -#, fuzzy -msgid "Enter passphrase to be deleted: " -msgstr "Ange LUKS-lösenfras att ta bort: " +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Det gÃ¥r inte reparera fel med FEC-enhet." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 -#, fuzzy, c-format -msgid "Enter any existing passphrase: " -msgstr "Ange valfri lösenfras: " +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Fann %u reparerbara fel med FEC-enhet." -#: src/cryptsetup.c:1052 +#: lib/verity/verity.c:308 #, fuzzy -msgid "Enter passphrase to be changed: " -msgstr "Ange LUKS-lösenfras att ta bort: " +msgid "Kernel does not support dm-verity mapping." +msgstr "Kärnan stöder inte dm-verity-mappning." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 +#: lib/verity/verity.c:312 #, fuzzy -msgid "Enter new passphrase: " -msgstr "Ange valfri lösenfras: " +msgid "Kernel does not support dm-verity signature option." +msgstr "Kärnan stöder inte dm-verity-mappning." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Verity-enhet identifierades som skadad efter aktivering." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Flaggan --header-backup-file krävs.\n" +#: lib/verity/verity_hash.c:59 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "Ledigt utrymme är inte nollställt vid position %." -#: src/cryptsetup.c:1304 +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Enhets-offset spillde över." + +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "" +msgid "Verification failed at position %." +msgstr "Verifiering misslyckades vid %." -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" -msgstr "" +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Ogiltig storlek pÃ¥ parametrar för verity-enhet." -#: src/cryptsetup.c:1326 -#, fuzzy, c-format -msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." -msgstr "" -"Detta är sista nyckelplatsen. Enheten kommer att bli oanvändbar efter att " -"denna nyckel tagits bort." +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Hash-omrÃ¥det spillde över." -#: src/cryptsetup.c:1360 -#, fuzzy -msgid " [--type ] []" -msgstr " " +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Misslyckades med verifiering av dataomrÃ¥de." -#: src/cryptsetup.c:1360 -#, fuzzy -msgid "open device as mapping " -msgstr "öppna LUKS-enhet som mappning " +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Misslyckades med verifiering av rot-hash." -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "In-/utdatafel vid skapandet av hashomrÃ¥de." -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "" +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Misslyckades med skapandet av hashomrÃ¥de." -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "ändra storlek pÃ¥ aktiv enhet" +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "VARNING: Kärnan kan inte aktivera enhet om datablockstorleken överskrider sidstorlek (%u)." -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "visa enhetsstatus" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Misslyckades med att öppna RS-kontext." -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "" +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Misslyckades med att allokera buffert." -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Misslyckades med att läsa RS block % byte %d." -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Misslyckades med att skriva paritet för RS block %." -#: src/cryptsetup.c:1366 -#, fuzzy -msgid "erase all keyslots (remove encryption key)" -msgstr "Storleken för krypteringsnyckeln" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Misslyckades med att skriva paritet för RS block %." -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Misslyckades med att skriva paritet för RS block %." -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "formaterar en LUKS-enhet" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Blockstorlekar mÃ¥ste matcha för FEC." -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "lägg till nyckel till LUKS-enhet" +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Ogiltigt antal paritet-byte." -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" -msgstr " []" +#: lib/verity/verity_fec.c:265 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "Misslyckades med att bestämma storlek för enhet %s." -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "tar bort angiven nyckel eller nyckelfil frÃ¥n LUKS-enhet" +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +#, fuzzy +msgid "Kernel does not support dm-integrity mapping." +msgstr "Kärnan stöder inte dm-integrity-mappning." -#: src/cryptsetup.c:1370 +#: lib/integrity/integrity.c:277 #, fuzzy -msgid "changes supplied key or key file of LUKS device" -msgstr "tar bort angiven nyckel eller nyckelfil frÃ¥n LUKS-enhet" +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Kärnan stöder inte dm-integrity-mappning." -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Misslyckades med att fÃ¥ skrivlÃ¥s pÃ¥ enheten %s." -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "rensar nyckeln med nummer frÃ¥n LUKS-enhet" +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "skriv ut UUID för LUKS-enhet" +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"Enheten innehÃ¥ller tvetydiga signaturer, det gÃ¥r inte automatiskt Ã¥terhämta LUKS2.\n" +"Kör ”cryptsetup repair” för Ã¥terhämtning." -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr "testar för LUKS-partitionshuvud" +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Begärd dataoff för liten." -#: src/cryptsetup.c:1374 -msgid "dump LUKS partition information" -msgstr "skriver ut information om LUKS-partition" +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "VARNING: nyckelplatsomrÃ¥det (% byte) är väldigt liten, tillgängligt LUKS2-nyckelplatsantal är väldigt begränsat.\n" -#: src/cryptsetup.c:1375 -#, fuzzy -msgid "dump TCRYPT device information" -msgstr "skriver ut information om LUKS-partition" +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Misslyckades med att erhÃ¥lla läslÃ¥s pÃ¥ enheten %s." -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"Försätt LUKS-enhet i vänteläge och rensa nyckel (alla in-/ut-Ã¥tgärder är " -"frusna)." +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Förbjudna LUKS2-krav identifierade i säkerhetskopian %s." -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Återuppta LUKS-enhet i vänteläge." +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Dataoffset skiljer sig pÃ¥ enhet och säkerhetskopia. Återställningen misslyckades." -#: src/cryptsetup.c:1378 -msgid "Backup LUKS device header and keyslots" -msgstr "Säkerhetskopiera huvud och nyckelplatser frÃ¥n LUKS-enhet" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Binärhuvud med nyckelstorlek skiljer sig pÃ¥ enhet och säkerhetskopia. Återställningen misslyckades." -#: src/cryptsetup.c:1379 -msgid "Restore LUKS device header and keyslots" -msgstr "Återställ huvud och nyckelplatser för LUKS-enhet" +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "Enhet %s %s%s%s%s" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 -msgid "" -"\n" -" is one of:\n" -msgstr "" -"\n" -"<Ã¥tgärd> är en av:\n" +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "innehÃ¥ller inget LUKS2-huvud. Ersättning av huvud kan förstöra data pÃ¥ enheten." -#: src/cryptsetup.c:1402 -msgid "" -"\n" -"You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "innehÃ¥ller redan LUKS2-huvud. Ersättningen av huvud kommer att förstöra befintliga nyckelplatser." -#: src/cryptsetup.c:1406 -#, c-format +#: lib/luks2/luks2_json_metadata.c:1225 msgid "" "\n" -" is the device to create under %s\n" -" is the encrypted device\n" -" is the LUKS key slot number to modify\n" -" optional key file for the new key for luksAddKey action\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" "\n" -" är enheten att skapa under %s\n" -" är den krypterade enheten\n" -" är numret för LUKS-nyckelplatsen att ändra\n" -" valfri nyckelfil för den nya nyckeln för luksAddKey-Ã¥tgärden\n" - -#: src/cryptsetup.c:1413 -#, c-format -msgid "" -"\n" -"Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" -msgstr "" +"VARNING:okända LUKS2-krav identifierade i huvudet för riktig enhet!\n" +"Att ersätta huvudet med en säkerhetskopia kan göra data korrupt pÃ¥ enheten!" -#: src/cryptsetup.c:1420 -#, fuzzy, c-format +#: lib/luks2/luks2_json_metadata.c:1227 msgid "" "\n" -"Default compiled-in device cipher parameters:\n" -"\tloop-AES: %s, Key %d bits\n" -"\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." msgstr "" "\n" -"Inkompilerade standardchifferparametrar för enheter:\n" -"\tplain: %s, Nyckel: %d bitar, Lösenordshashning: %s\n" -"\tLUKS1: %s, Nyckel: %d bitar, LUKS header-hashning: %s\n" +"VARNING:Oavslutad frÃ¥nkopplade kryptering identifierad pÃ¥ enheten!\n" +"Att ersätta huvudet med en säkerhetskopia kan orsaka korrupt data." -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: lib/luks2/luks2_json_metadata.c:1323 #, c-format -msgid "%s: requires %s as arguments" -msgstr "%s: kräver %s som argument" - -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 -msgid "Show this help message" -msgstr "Visa detta hjälpmeddelande" - -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 -msgid "Display brief usage" -msgstr "Visa kort information om användning" - -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Hjälpflaggor:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 -msgid "Print package version" -msgstr "Skriv ut paketversion" - -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 -msgid "Shows more detailed error messages" -msgstr "Visar mer detaljerade felmeddelanden" - -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 -msgid "Show debug messages" -msgstr "Visa felsökningsmeddelanden" +msgid "Ignored unknown flag %s." +msgstr "Ignorerade okänd flagga %s." -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 -msgid "The cipher used to encrypt the disk (see /proc/crypto)" -msgstr "Chiffret som används för att kryptera disken (se /proc/crypto)" - -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 -msgid "The hash used to create the encryption key from the passphrase" -msgstr "Hashen som används för att skapa krypteringsnyckel frÃ¥n lösenfras" +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "" -#: src/cryptsetup.c:1481 -msgid "Verifies the passphrase by asking for it twice" -msgstr "Verifierar lösenfrasen genom att frÃ¥ga efter den tvÃ¥ gÃ¥nger" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "Misslyckades med att läsa dm-%s-segment." -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 #, fuzzy -msgid "Read the key from a file." -msgstr "Läs volymnyckeln (master) frÃ¥n fil." +msgid "Failed to set dm-linear segment." +msgstr "Misslyckades med att läsa dm-%s-segment." -#: src/cryptsetup.c:1483 -msgid "Read the volume (master) key from file." -msgstr "Läs volymnyckeln (master) frÃ¥n fil." +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "" -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." msgstr "" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "The size of the encryption key" -msgstr "Storleken för krypteringsnyckeln" +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "BITS" -msgstr "BITAR" +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Misslyckades med att läsa LUKS2-krav." -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 -msgid "Limits the read from keyfile" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Ej uppfyllt LUKS2-krav identifierat." -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 -msgid "bytes" +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." msgstr "" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 -msgid "Number of bytes to skip in keyfile" +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." msgstr "" -#: src/cryptsetup.c:1488 -msgid "Limits the read from newly added keyfile" +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." msgstr "" -#: src/cryptsetup.c:1489 -msgid "Number of bytes to skip in newly added keyfile" -msgstr "" +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "Nyckelplats %d har verifierats.\n" -#: src/cryptsetup.c:1490 -msgid "Slot number for new key (default is first free)" -msgstr "Platsnummer för ny nyckel (standard är första lediga)" +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, fuzzy, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "LUKS2-nyckelplats: Chiffret används krypering av nyckelplats" -#: src/cryptsetup.c:1491 -msgid "The size of the device" -msgstr "Storleken för enheten" +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Inget utrymme för ny nyckelplats." -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 -msgid "SECTORS" -msgstr "SEKTORER" +#: lib/luks2/luks2_luks1_convert.c:482 +#, fuzzy, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Det gÃ¥r inte kontrollera status för enheten med uuid: %s." -#: src/cryptsetup.c:1492 -msgid "The start offset in the backend device" -msgstr "Startoffset i bakändesenheten" +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Det gÃ¥r inte att konvertera huvud med ytterligare metadata för LUKSMETA." -#: src/cryptsetup.c:1493 -msgid "How many sectors of the encrypted data to skip at the beginning" -msgstr "Hur mÃ¥nga sektorer av krypterat data som ska hoppas över i början" +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Kunde inte flytta nyckelplatsomrÃ¥de. Inte nog med utrymme." -#: src/cryptsetup.c:1494 -msgid "Create a readonly mapping" -msgstr "Skapa en skrivskyddad mappning" +#: lib/luks2/luks2_luks1_convert.c:599 +#, fuzzy +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Kunde inte flytta nyckelplatsomrÃ¥de. Inte nog med utrymme." -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "PBKDF2-iterationstid för LUKS (i ms)" +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Kunde inte flytta nyckelplatsomrÃ¥de." -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "ms" +#: lib/luks2/luks2_luks1_convert.c:697 +#, fuzzy +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Det gÃ¥r inte att konvertera till LUKS1-format - nyckelplats %u är inte LUKS1-kompatibel." -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 -msgid "Do not ask for confirmation" -msgstr "FrÃ¥ga inte efter bekräftelse" +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Det gÃ¥r inte att konvertera till LUKS1-format - kontrollsummor för nyckelplatser är inte LUKS1-kompatibla." -#: src/cryptsetup.c:1497 -msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "Tidsgräns för interaktiv lösenfrasprompt (i sekunder)" +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Det gÃ¥r inte att konvertera till LUKS1-format - enheterna använder inbäddad nyckelchiffer %s." -#: src/cryptsetup.c:1497 -msgid "secs" -msgstr "s" +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Det gÃ¥r inte att konvertera till LUKS1-format - LUKS2-huvud innehÃ¥ller %u token." -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Hur mÃ¥nga inmatningsförsök av lösenfrasen som kan göras" +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Det gÃ¥r inte att konvertera till LUKS1-format - nyckelplats %u är i ogiltigt tillstÃ¥nd." -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" -msgstr "Justera nyttolast i sektorgränser - för luksFormat" +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Det gÃ¥r inte att konvertera till LUKS1-format - plats %u (av maximalt antal platser) är fortfarande aktiv." -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Fil med säkerhetskopior av LUKS-huvud och nyckelplatser." +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Det gÃ¥r inte att konvertera till LUKS1-format - nyckelplats %u är inte LUKS1-kompatibel." -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." msgstr "" -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "" +#: lib/luks2/luks2_reencrypt.c:897 +#, fuzzy, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Storlek pÃ¥ enhet %s är inte justerad till begärd sektorstorlek (%u byte)." -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "" +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "Parametrar som inte stöds pÃ¥ enheten %s." -#: src/cryptsetup.c:1504 src/veritysetup.c:385 +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 #, fuzzy -msgid "UUID for device to use." -msgstr "DM-UUID för enheten %s förkortades.\n" +msgid "Failed to initialize old segment storage wrapper." +msgstr "Misslyckades med att initiera identifiering av enhetssignatur." -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "" +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "Misslyckades med att initiera identifiering av enhetssignatur." -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "" +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "Misslyckades med att läsa krav frÃ¥n säkerhetskopiehuvud." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, fuzzy, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Misslyckades med att skriva paritet för RS block %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "Misslyckades med att ta bort token %d.\n" + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, fuzzy, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Misslyckades med söka av enheten %s efter en signatur." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Misslyckades med att bestämma storlek för enhet %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +#, fuzzy +msgid "Failed to refresh reencryption devices stack." +msgstr "Misslyckades med att erhÃ¥lla läslÃ¥s pÃ¥ enheten %s." + +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "Misslyckades med att byta ny nyckelplats." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, fuzzy, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Storlek pÃ¥ enhet %s är inte justerad till begärd sektorstorlek (%u byte)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, fuzzy, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Storlek pÃ¥ enhet %s är inte justerad till begärd sektorstorlek (%u byte)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, fuzzy, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Det gÃ¥r inte att använda enheten %s som redan används (redan mappad eller monterad)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +#, fuzzy +msgid "Failed to load LUKS2 reencryption context." +msgstr "Misslyckades med att öppna RS-kontext." + +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "Misslyckades med att hämta token %d för export." + +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "Enheten %s är inte aktiv." + +#: lib/luks2/luks2_reencrypt.c:2630 +#, fuzzy +msgid "Reencryption process is already running." +msgstr "Omkryptering pÃ¥gÃ¥r redan." + +#: lib/luks2/luks2_reencrypt.c:2632 +#, fuzzy +msgid "Failed to acquire reencryption lock." +msgstr "Misslyckades med att erhÃ¥lla skrivlÃ¥s för enhet." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2750 +#, fuzzy +msgid "Active device size and requested reencryption size don't match." +msgstr "Storlek pÃ¥ enhet är inte justerad till begärd sektorstorlek." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2834 +#, fuzzy +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Omkryptering pÃ¥gÃ¥r redan." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2913 +#, fuzzy +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Misslyckades med att sätta standardnyckelplats för LUKS2-parametrar." + +#: lib/luks2/luks2_reencrypt.c:3004 +#, fuzzy +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Misslyckades med söka av enheten %s efter en signatur." + +#: lib/luks2/luks2_reencrypt.c:3046 +#, fuzzy +msgid "Failed to write reencryption resilience metadata." +msgstr "Misslyckades med att skriva aktiveringsflaggor till nya huvuden.:" + +#: lib/luks2/luks2_reencrypt.c:3053 +#, fuzzy +msgid "Decryption failed." +msgstr "Reparation misslyckades." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Misslyckades med att skriva paritet för RS block %." + +#: lib/luks2/luks2_reencrypt.c:3063 +#, fuzzy +msgid "Failed to sync data." +msgstr "Misslyckades med att sätta dataoffset." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "Misslyckades med att läsa LUKS2-krav." + +#: lib/luks2/luks2_reencrypt.c:3161 +#, fuzzy +msgid "Failed to wipe backup segment data." +msgstr "Misslyckades med att radera enhetssignatur." + +#: lib/luks2/luks2_reencrypt.c:3174 +#, fuzzy +msgid "Failed to disable reencryption requirement flag." +msgstr "Misslyckades med att läsa LUKS2-krav." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "Misslyckades med att initiera identifiering av enhetssignatur." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +#, fuzzy +msgid "Failed to update reencryption context." +msgstr "Misslyckades med att öppna RS-kontext." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Ingen fri plats för token." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Misslyckades med att skapa inbyggd token %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Kan inte verifiera lösenfras pÃ¥ icke-tty-ingÃ¥ngar." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Krypteringsparametrar för nyckelplatser stöds endast av LUKS2-enheter." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Inget känt chifferspecifikationsmönster kunde identifieras." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "VARNING: parametern --hash ignoreras i enkelt läge med specificerad nyckelfil.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "VARNING: flaggan --keyfile-size ignoreras, lässtorleken är densamma som storleken för krypteringsnyckeln.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Identfierar enhetssignatur(er) pÃ¥ %s. Att fortsätta kan skada befintlig data." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Åtgärd avbruten.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Flaggan --key-file krävs." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Ange VeraCrypt PIM: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Ogiltigt PIM-värde:tolkningsfel." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Ogiltigt PIM-värde: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Ogiltigt PIM-värde:utanför intervallet." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Inget enhetshuvud finns tillgängligt med denna lösenfras." + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Enheten %s är inte en giltig LUKS-enhet." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Utskrift av huvudet med volymnyckel är känslig information\n" +"som tillÃ¥ter Ã¥tkomst till krypterad partition utan lösenfras.\n" +"Denna utskrift bör alltid lagras krypterad pÃ¥ ett säkert ställe." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Enheten %s är fortfarande aktiv och schemalagd för uppskjuten borttagning.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Att ändra storlek pÃ¥ aktiv enhet kräver volymnyckel i nyckelringen, men -flaggan --disable-keyring är angiven." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Prestandamätning avbruten." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s N/A\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iterationer per sekund för %zu-bitnyckel\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s N/A\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iterationer, %5u minne, %1u parallella trÃ¥dar (CPU:er) för %zu-bitnyckelplats (begärde %u ms)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Resultat frÃ¥n prestandamätningen är inte pÃ¥litligt." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Tester är ungefärliga och använder endast minne (ingen lagrings-IO).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algoritm | Nyckel | Kryptering | Avkryptering\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Chiffret %s-%s (nyckelstorlek %zd bitar) är inte tillgängligt." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritm | Nyckel | Kryptering | AVkryptering\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/A" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "Ange lösenfras för nyckelplats att konvertera: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Vill du verkligen försöka att reparera LUKS-enhetshuvud?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Rensar enheten för att initialisera kontrollsumma för integritet.\n" +"Du kan avbryta detta genom att trycka ned CTRL+c (resten av den ej rensade enheten kommer att innehÃ¥lla en ogiltigt kontrollsumma).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Det gÃ¥r inte att inaktivera temporär enhet %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Flaggan för integritet kan endast användas för formatet LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Flaggorna för storlekar pÃ¥ LUKS2-metadata stöds inte." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Det gÃ¥r inte att skapa huvudfil %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Inga kända integritetspecifikationsmönster identifierat." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Det gÃ¥r inte att använda %s som diskhuvud." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Detta kommer att skriva över data pÃ¥ %s och gÃ¥r inte att Ã¥ngra." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Misslyckades med att sätta pbkdf-parametrar." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Förminskad dataoffset endast tillÃ¥tet för fristÃ¥ende LUKS-huvuden." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Enheten aktiverad men kan inte spara undan flaggorna." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Nyckelplats %d markerad för borttagning." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Detta är sista nyckelplatsen. Enheten kommer att bli oanvändbar efter att denna nyckel tagits bort." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Ange eventuell Ã¥terstÃ¥ende lösenfras: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Åtgärden avbröts, nyckelplatsen raderades INTE.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Ange lösenfras att ta bort: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Ange ny lösenfras för nyckelplats: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Ange valfri existerande lösenfras: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Ange lösenfras att ändra: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Ange ny lösenfras: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Ange lösenfras för nyckelplats att konvertera: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Endast ett enhetsargument för operationen isLuks stöds." + +#: src/cryptsetup.c:2001 +#, fuzzy +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Utskrift av huvudet med volymnyckel är känslig information\n" +"som tillÃ¥ter Ã¥tkomst till krypterad partition utan lösenfras.\n" +"Denna utskrift bör alltid lagras krypterad pÃ¥ ett säkert ställe." + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Nyckelplats %d är inte aktiv." + +#: src/cryptsetup.c:2072 +#, fuzzy +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Utskrift av huvudet med volymnyckel är känslig information\n" +"som tillÃ¥ter Ã¥tkomst till krypterad partition utan lösenfras.\n" +"Denna utskrift bör alltid lagras krypterad pÃ¥ ett säkert ställe." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Flaggan --header-backup-file krävs." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s är inte en cryptsetup-hanterad enhet." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Att uppdatera stöds inte för enhetstypen %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Okänd metadata för enhetstypen %s." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Kommandot kräver enhet och mappat namn som argument." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Denna Ã¥tgärd kommer att ta bort alla nyckelplatser pÃ¥ enhet %s.\n" +"Enheten kommer att bli oanvändbar efter denna Ã¥tgärd." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Åtgärden avbryten, nyckelplatser raderades EJ.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Ogiltig LUKS-typ, endast luks1 och luks2 stöds." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Enheten är redan av %s-typ." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Denna Ã¥tgärd kommer att konvertera %s till %s-format.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Åtgärden avbröts, enheten konverterades INTE.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Saknar flaggan --priority, --label eller --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Token %d är ogiltig." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Token %d används." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Misslyckades med att lägga till luks2-nyckelringsstoken %d." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Misslyckades med att tilldela token %d till nyckelplats %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Token %d används ej." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Misslyckades med att importera token frÃ¥n fil." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Misslyckades med att hämta token %d för export." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "parametern --key-description krävs för Ã¥tgärden lägg till token." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Åtgärden kräver specifik token. Använd parametern --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Ogiltig tokenÃ¥tgärd %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "Enheten %s är inte en giltig LUKS-enhet." + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "Ogiltig enhet %s." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "Flaggan för integritet kan endast användas för formatet LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Begärd säkerhetskopia %s av huvud finns redan." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "Det gÃ¥r inte att skapa huvudfil %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +#, fuzzy +msgid "Not enough free keyslots for reencryption." +msgstr "Ändra inte nyckel, ingen omkryptering av dataomrÃ¥de" + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Nyckelfil kan endast användas med --key-slot eller exakt en aktiv nyckelplats." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Ange lösenfras för nyckelplats %u: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Ange lösenfras för nyckelplats %u: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "Kommandot kräver enhet och mappat namn som argument." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Kryptering för enhet med integritetsprofil stöds ej." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +#, fuzzy +msgid "LUKS2 device is not in reencryption." +msgstr "Loggfilen %s existerar, Ã¥terupptar kryptering.\n" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "öppna enhet som " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "stäng enhet (ta bort mappning)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "ändra storlek pÃ¥ aktiv enhet" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "visa enhetsstatus" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "prestandamät chiffer" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "försök att reparera metadata pÃ¥ disken" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "lägg till nyckel till LUKS-enhet" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "ta bort alla nyckelplatser (ta bort krypteringsnyckeln)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "konvertera LUKS frÃ¥n/till LUKS2-format" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "ange permanenta konfigurationsflaggor för LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "formaterar en LUKS-enhet" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "lägg till nyckel till LUKS-enhet" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "tar bort angiven nyckel eller nyckelfil frÃ¥n LUKS-enhet" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "ändrar angiven nyckel eller nyckelfil för LUKS-enhet" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "konverterar en nyckel till nya pbkdf-parametrar" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "rensar nyckeln med nummer frÃ¥n LUKS-enhet" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "skriv ut UUID för LUKS-enhet" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "testar för LUKS-partitionshuvud" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "skriver ut information om LUKS-partition" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "skriver ut information om TCRYPT-partition" + +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "skriver ut information om TCRYPT-partition" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Försätt LUKS-enhet i vänteläge och rensa nyckel (alla in-/ut-Ã¥tgärder är frusna)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Återuppta LUKS-enhet i vänteläge" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Säkerhetskopiera huvud och nyckelplatser frÃ¥n LUKS-enhet" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Återställ huvud och nyckelplatser för LUKS-enhet" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Manipulera LUKS2-token" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +"<Ã¥tgärd> är en av:\n" + +#: src/cryptsetup.c:3395 +#, fuzzy +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"Du kan ocksÃ¥ använda gamla <Ã¥tgärd> syntaxalias:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" är enheten att skapa under %s\n" +" är den krypterade enheten\n" +" är numret för LUKS-nyckelplatsen att ändra\n" +" valfri nyckelfil för den nya nyckeln för luksAddKey-Ã¥tgärden\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Inkompilerat standardmetadataformat är %s (för luksFormat-Ã¥tgärd).\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Inkompilerade standardnyckel- och standardlösenfrasparametrar:\n" +"\tStörsta nyckelfilstorlek: %dkB, Största interaktiv lösenfraslängd %d (tecken)\n" +"Standard-PBKDF för LUKS1: %s, iterationstid: %d (ms)\n" +"Standard-PBKDF för LUKS2: %s\n" +"\tIterationstid: %d, Minne: %dkB, Parallella trÃ¥dar: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Inkompilerade standardchifferparametrar för enheter:\n" +"\tloop-AES: %s, Nyckel %d bitar\n" +"\tplain: %s, Nyckel: %d bitar, Lösenordshashning: %s\n" +"\tLUKS1: %s, Nyckel: %d bitar, LUKS-huvudhashning %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: Standardnyckelstorlek med XTS-läge (tvÃ¥ interna nycklar) kommer att dubbleras.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: kräver %s som argument" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Visa detta hjälpmeddelande" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Visa kort information om användning" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Skriv ut paketversion" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Hjälpflaggor:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Visar mer detaljerade felmeddelanden" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Visa felsökningsmeddelanden" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Visa felsökningsmeddelanden inklusive JSON-metadata" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "Chiffret som används för att kryptera disken (se /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "Hashen som används för att skapa krypteringsnyckel frÃ¥n lösenfras" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Verifierar lösenfrasen genom att frÃ¥ga efter den tvÃ¥ gÃ¥nger" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Läs nyckeln frÃ¥n en fil" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "Läs volymnyckeln (master) frÃ¥n fil." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Skriv ut volymnyckel (master) istället för nyckelplatsinfo" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "Storleken för krypteringsnyckeln" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "BITAR" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Begränsa läsningen frÃ¥n nyckelfil" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "byte" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Antal byte att hoppa över i nyckelfil" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Begränsa läsningen frÃ¥n nyligen tillagd nyckelfil" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Antal byte att hoppa över i nyligen tillagd nyckelfil" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Platsnummer för ny nyckel (standard är första lediga)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "Storleken för enheten" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "SEKTORER" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Använd endast specificerad enhetsstorlek (ignorera resten av enheten). FARLIGT!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "Startoffset i bakändesenheten" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Hur mÃ¥nga sektorer av krypterat data som ska hoppas över i början" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Skapa en skrivskyddad mappning" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "FrÃ¥ga inte efter bekräftelse" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Tidsgräns för interaktiv lösenfrasprompt (i sekunder)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "sek" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Uppdatering av förloppslinje (i sekunder)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Hur mÃ¥nga inmatningsförsök av lösenfrasen som kan göras" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Justera nyttolast i sektorgränser - för luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Fil med säkerhetskopior av LUKS-huvud och nyckelplatser" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Använd /dev/random för att generera volymnyckel" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Använd /dev/urandom för att generera volymnyckel" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Dela enhet med ett annat ej överlappande krypteringssegment" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID för enheten att använda" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "TillÃ¥t avvisningsbegäran (TRIM) för enhet" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Enhet eller fil med separerat LUKS-huvud" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Aktivera inte enhet, kontrollera endast lösenfrasen" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Använd dolt huvud (gömd TCRYPT-enhet)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Enheten är system-TCRYPT-disk (med starthanterare)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Använd säkerhetskopia (sekundär) för TCRYPT-huvud" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Sök ocksÃ¥ efter VeraCrypt-kompatibel enhet" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Personlig iteration för VeraCrypt-kompatibel enhet" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Query Personal Iteration Multiplier för VeraCrypt-kompatibel enhet" + +#: src/cryptsetup.c:3526 +#, fuzzy +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Typer av enhetsmetadata: luks, plain, loopaes, tcrypt" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Inaktivera kvalitetskontroll av lösenord (om aktiverat)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Använd flaggan dm-crypt same_cpu_crypt för prestandakompatibilitet" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Använd flaggan dm-crypt submit_from_crypt_cpus för prestandakompatibilitet" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Enhetsborttagning är förskjuten tills den sista användaren stänger den" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "PBKDF-iterationstid för LUKS (i ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ms" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "PBKDF-algoritm (för LUKS2) (argon2i/argon2id/pbkdf2)" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Minneskostnadsgräns för PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilobyte" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Parallellkostnad för PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "trÃ¥dar" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Iterationskostnad för PBKDF (tvingad, inaktiverar prestandamätning)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Nyckelplats-prioritet: ignore,normal,prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Inaktivera lÃ¥sning av metadata pÃ¥ disk" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Inaktivera att läsa in volymnycklar via kärnans nyckelring" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Algoritm för dataintegritet (endast LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Inaktivera journal för integritetsenhet" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Rensa inte enhet efter formatering" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "FrÃ¥ga inte efter lösenfras om aktivering med token misslyckas" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Tokenantal (standardvärde: any)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Nyckelbeskrivning" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Sektorstorlek för kryptering (standardvärde 512 byte)" + +#: src/cryptsetup.c:3548 +#, fuzzy +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Sektorstorlek för kryptering (standardvärde 512 byte)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Sätt och spara undan aktiveringsflaggorna för enheten" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Ange etikett för LUKS2-enhet" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Ange undersystemsetikett för LUKS2-enheten" + +#: src/cryptsetup.c:3552 +#, fuzzy +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Skapa obunden (inget tilldelat datasegment) LUKS2-nyckelplats" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Läs eller skriv json frÃ¥n eller till en fil" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "OmrÃ¥desstorlek för metadata pÃ¥ LUKS2-huvudet" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Storlek pÃ¥ nyckelplatsomrÃ¥det för LUKS2-huvud" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Uppdatera (Ã¥teraktivera) enhet med nya parametrar" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "LUKS2-nyckelplats: Storleken för krypteringsnyckeln" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "LUKS2-nyckelplats: Chiffret används krypering av nyckelplats" + +#: src/cryptsetup.c:3559 +#, fuzzy +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Dekryptera enheten permanent (ta bort kryptering)" + +#: src/cryptsetup.c:3560 +#, fuzzy +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Dekryptera enheten permanent (ta bort kryptering)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Förminska dataenhetsstorleken (flytta dataoffset). FARLIGT!" + +#: src/cryptsetup.c:3564 +#, fuzzy +msgid "Maximal reencryption hotzone size." +msgstr "Blockstorlek för omkryptering" + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" + +#: src/cryptsetup.c:3566 +#, fuzzy +msgid "Reencryption hotzone checksums hash" +msgstr "Blockstorlek för omkryptering" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[FLAGGA…] <Ã¥tgärd> <Ã¥tgärdsspecifik>" + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Argumentet <Ã¥tgärd> saknas." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Okänd Ã¥tgärd." + +#: src/cryptsetup.c:3713 +#, fuzzy +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Flaggorna --refresh och --test-passphrase är ömsesidigt uteslutande.\n" + +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "Flaggan --deferred är endast tillÃ¥ten för kommandot close.\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." +msgstr "Flaggan --shared är endast tillÃ¥ten för öppning för enkel enhet.\n" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Flaggan --allow-discards är endast tillÃ¥ten för operationen open.\n" + +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "Flaggan --persistent är endast tillÃ¥ten för operationen open.\n" + +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Flaggan --allow-discards är endast tillÃ¥ten för operationen open.\n" + +#: src/cryptsetup.c:3743 +#, fuzzy +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Flaggan --persistent är ej tillÃ¥tet med --test-passphrase.\n" + +#: src/cryptsetup.c:3753 +#, fuzzy +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"Flaggan --key-size är endast tillÃ¥ten för luksFormat, luksAddKey (with --unbound),\n" +"open och benchmark. För att begränsa läsning frÃ¥n nyckelfil, använd --keyfile-size=(byte)." + +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Flaggan --integrity är endast tillÃ¥ten för luksFormat (LUKS2).\n" + +#: src/cryptsetup.c:3764 +#, fuzzy +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Flaggan --integrity-no-wipe kan användas endast för Ã¥tgärden formatera med integritetsutökningar.\n" + +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Flaggorna --label och --subsystem tillÃ¥ts endast för luksFormat och konfiguration av LUKS2-Ã¥tgärder.\n" + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Flaggan --test-passphrase är endast tillÃ¥ten för open för LUKS- och TCRYPT-enheter.\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Nyckelstorlek mÃ¥ste vara en multipel av 8 bitar" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "Nyckelplatsen är ogiltig." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Flaggan --key-file Ã¥sidosätter specificerade nyckelfilsargument." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "Negativt tal för flagga ej tillÃ¥tet." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Endast ett argument för --key-file är tillÃ¥tet." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Endast en av flaggorna --use-[u]random är tillÃ¥ten." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "Flaggan --use-[u]random är endast tillÃ¥ten för luksFormat." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "Flaggan --uuid är endast tillÃ¥ten för luksFormat och luksUUID." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "Flaggan --align-payload är endast tillÃ¥ten för luksFormat." + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Flaggorna --luks2-metadata-size och --opt-luks2-keyslots-size tillÃ¥ts endast för luksFormat med LUKS2." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Ogiltig storlekspecifikation för LUKS2-metadata pÃ¥ enhet." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Ogiltig storlekspecifikation för LUKS2-nyckelplats pÃ¥ enhet." + +#: src/cryptsetup.c:3838 +#, fuzzy +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Flaggan --align-payload och --offset kan inte kombineras." + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Flaggan --skip stöds endast för öppning av vanliga enheter och loopaes-enheter.\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Flaggan --offset stöds endast för öppning av vanliga och loopaes-enheter och för luksFormat.\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Flaggorna --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup stöds endast pÃ¥ TCRYPT-enhet.\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Flaggan --tcrypt-hidden kan inte kombineras med --allow-discards.\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Flaggan --veracrypt stöds endast för TCRYPT-enhetstyper.\n" + +#: src/cryptsetup.c:3873 +#, fuzzy +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Angav ett ogiltigt argument för parametern --veracrypt-pim.\n" + +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Flaggan --veracrypt-pim stöds endast för VeraCrypt-kompatibla enheter.\n" + +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Flaggan --veracrypt-query-pim stöds endast för VeraCrypt-kompatibla enheter.\n" + +#: src/cryptsetup.c:3889 +#, fuzzy +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Flaggorna --veracrypt-pim och --veracrypt-query-pim är ömsesidigt uteslutande.\n" + +#: src/cryptsetup.c:3896 +#, fuzzy +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Flaggan --priority kan endast vara ignore/normal/prefer.\n" + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +#, fuzzy +msgid "Keyslot specification is required." +msgstr "Specifikation för nyckelplats krävs.\n" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +#, fuzzy +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Password-based key derivation function (PBKDF) kan endast vara pbkdf2 eller argon2i/argon2id.\n" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +#, fuzzy +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Tvingade PBKDF-iterationer gÃ¥r inte att kombinera med flaggan iteration time.\n" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "Flaggan för sektorstorlek stöds inte för detta kommando.\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +#, fuzzy +msgid "Key size is required with --unbound option." +msgstr "Nyckelstorlek krävs med flaggan --unbound.\n" + +#: src/cryptsetup.c:3944 +#, fuzzy +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Flaggan --unbound kan inte användas tillsammans med luksAddKey action.\n" + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "Flaggan --refresh är endast tillÃ¥ten för operationen open.\n" + +#: src/cryptsetup.c:3960 +#, fuzzy +msgid "Cannot disable metadata locking." +msgstr "Det gÃ¥r inte att inaktivera metadatalÃ¥s.\n" + +#: src/cryptsetup.c:3970 +#, fuzzy +msgid "Invalid max reencryption hotzone size specification." +msgstr "Ogiltig storlekspecifikation pÃ¥ enhet." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Ogiltig storlekspecifikation pÃ¥ enhet." + +#: src/cryptsetup.c:3981 +#, fuzzy +msgid "Maximum device reduce size is 1 GiB." +msgstr "Högsta förminskningsstorlek för enhet är 64 MiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Minskningsstorlek mÃ¥ste vara en multipel av 512-bytesektor." + +#: src/cryptsetup.c:3989 +#, fuzzy +msgid "Invalid data size specification." +msgstr "Ogiltig storlekspecifikation pÃ¥ enhet." + +#: src/cryptsetup.c:3994 +#, fuzzy +msgid "Reduce size overflow." +msgstr "Enhets-offset spillde över." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "" + +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Minskningsstorlek mÃ¥ste vara en multipel av 512-bytesektor." + +#: src/cryptsetup.c:4006 +#, fuzzy +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Flaggan --align-payload och --offset kan inte kombineras." + +#: src/cryptsetup.c:4010 +#, fuzzy +msgid "Options --device-size and --size cannot be combined." +msgstr "Flaggan --align-payload och --offset kan inte kombineras." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Flaggorna --ignore-corruption och --restart-on-corruption kan inte användas tillsammans.\n" + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Angav ogiltig saltsträng." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Kan inte skapa hashavbild %s för skrivning." + +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Det gÃ¥r inte att skapa FEC-avbild %s för skrivning." + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Angav ogiltig rothashsträng." + +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "Ogiltig enhet %s." + +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "Det gÃ¥r inte att läsa nyckelfilen %s." + +#: src/veritysetup.c:392 +msgid " " +msgstr " " + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "formatera enhet" + +#: src/veritysetup.c:393 +msgid " " +msgstr " " + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "verifiera enhet" + +#: src/veritysetup.c:394 +msgid " " +msgstr " " + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "visa statistik för aktiv enhet" + +#: src/veritysetup.c:397 +msgid "" +msgstr "" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "visa information frÃ¥n disk" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +" är enheten att skapa under %s\n" +" är dataenheten\n" +" är enheten som innehÃ¥ller verifieringsdata\n" +" hash för rotnoden pÃ¥ \n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Inkompilerade standardparametrar för dm-verity:\n" +"\tHash: %s, Datablock (byte): %u, Hashblock (byte): %u, Saltstorlek: %u, Hashformat: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Använd inte verity superblock" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Formattyp (1 - normal, 0 - ursprungliga Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "antal" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Blockstorlek pÃ¥ dataenheten" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Blockstorlek pÃ¥ hashenheten" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "FEC paritetsbyte" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Antalet block i datafilen" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "block" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Sökväg till enhet med felkorrigeringsdata" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "sökväg" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Startoffset pÃ¥ hashenheten" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Startoffset pÃ¥ FEC-enheten" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Hashalgoritm" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "sträng" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Salt" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "hexsträng" + +#: src/veritysetup.c:478 +#, fuzzy +msgid "Path to root hash signature file" +msgstr "Misslyckades med skapandet av hashomrÃ¥de." + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Starta om kärna om nÃ¥got skadat identifieras" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ignorera om nÃ¥got är skadat, logga endast" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Verifiera inte nollställda block" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Verifiera datablock endast första gÃ¥ngen det läses in" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Flaggorna --ignore-corruption, --restart-on-corruption eller --ignore-zero-blocks är endast tillÃ¥tna för operationen open.\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Flaggan --integrity-recalculate kan användas endast för öppen Ã¥tgärd." + +#: src/veritysetup.c:592 +#, fuzzy +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Flaggorna --ignore-corruption och --restart-on-corruption kan inte användas tillsammans.\n" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Det gÃ¥r inte att läsa nyckelfilen %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Det gÃ¥r inte att läsa %d byte frÃ¥n nyckelfilen %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formaterad med taggstorlek %u, intern integritet %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" är enheten att skapa under %s\n" +" är enheten som innehÃ¥ller data med integritetstaggar\n" + +#: src/integritysetup.c:507 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Inkompilerade standardparametrar för dm-integrity:\n" +"\tTaggstorlek: %u byte, Kontrollsummealgoritm: %s\n" +"\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Sökvägen till dataenhet (om separat)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Journalstorlek" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Infoga sektorer" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Journalvattenmärke" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "procent" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Journalincheckningstid" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Taggstorlek (per sektor)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Sektorstorlek" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Bufferstorlek" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Dataintegritetsalgoritm" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Storleken för dataintegritetsnyckeln" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Läs integritetsnyckeln frÃ¥n en fil" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Integritetsalgoritm för journal" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Storleken för journalens integritetssnyckel" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Läs journalens integritetsnyckel frÃ¥n en fil" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Krypteringsalgoritm för journal" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Storleken för journalens krypteringsnyckel" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Läs journalens krypteringsnyckel frÃ¥n en fil" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Återhämtningsläge (ingen journal, ingen taggkontroll)" + +#: src/integritysetup.c:575 +#, fuzzy +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Inaktivera journal för integritetsenhet" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Räkna automatiskt initiala taggar." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Flaggan --integrity-recalculate kan användas endast för öppen Ã¥tgärd." + +#: src/integritysetup.c:669 +#, fuzzy +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Flaggorna --journal-size, --interleave-sectors, --sector-size, --tag-size och --no-wipe kan endast användas för Ã¥tgärden formatera.\n" + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Ogiltig storlekspecifikation pÃ¥ journal." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "BÃ¥de flaggor för nyckelfil och nyckelstorlek mÃ¥ste specifiiceras." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Integritetsalgoritm mÃ¥ste specificieras om integritetsnyckel används." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "BÃ¥de flaggor för nyckelfil för journalintegritet och nyckelstorlek mÃ¥ste specificeras." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Integritetsalgoritm för journal mÃ¥ste anges om integritetsnyckel för journal används." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "BÃ¥de flaggor för nyckelfil för journalkryptering och nyckelstorlek mÃ¥ste specificeras." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Krypteringsalgoritm för journal mÃ¥ste anges om integritetsnyckel för journal används." + +#: src/integritysetup.c:703 +#, fuzzy +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Flaggorna --refresh och --test-passphrase är ömsesidigt uteslutande.\n" + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" + +#: src/integritysetup.c:711 +#, fuzzy +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Flaggan för integritet kan endast användas för formatet LUKS2." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Omkryptering pÃ¥gÃ¥r redan." + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Kan inte öppna %s exklusivt, enheten används." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Misslyckades med allokering av justerat minne." + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "Det gÃ¥r inte att läsa enheten %s." + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Markerar LUKS1-enhet %s som oanvändbar." + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Sätter LUKS2-flaggan för att kryptera om pÃ¥ enheten %s." + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Det gÃ¥r inte att skriva till enheten %s." + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Det gÃ¥r inte att skriva loggfil för omkryptering." + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Det gÃ¥r inte att läsa loggfil för omkryptering." + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Loggfilen %s existerar, Ã¥terupptar kryptering.\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Aktiverar temporär enhet användandes gammalt LUKS-huvud." + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Aktiverar temporär enhet användandes nytt LUKS-huvud." + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Aktivering av temporära enheter misslyckades." + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Misslyckades med att sätta dataoffset." + +#: src/cryptsetup_reencrypt.c:565 +#, fuzzy +msgid "Failed to set metadata size." +msgstr "Misslyckades med att sätta dataoffset." + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Skapade nytt LUKS-huvud för enhet %s." + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Denna version av cryptsetup-reencrypt kan inte hantera ny interna tokentypen %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Misslyckades med att läsa aktiveringsflaggor frÃ¥n säkerhetskopia av huvud." -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "" +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Misslyckades med att skriva aktiveringsflaggor till nya huvuden.:" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "" +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Misslyckades med att läsa krav frÃ¥n säkerhetskopiehuvud." -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "" +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Skapade säkerhetskopia av %s-huvud pÃ¥ enhet %s." -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "" +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Misslyckades med att skapa en säkerhetskopia av LUKS-huvuden." -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "" +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Det gÃ¥r inte Ã¥terställa %s-huvudet pÃ¥ enheten %s." -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "" +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "Återställde %s-huvudet pÃ¥ enheten %s." -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Misslyckades med att öppna temporär LUKS-enhet." -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Det gÃ¥r inte att hämta enhetsstorlek." -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "In-/utfel under Ã¥terkryptering." -#: src/cryptsetup.c:1531 src/veritysetup.c:402 -#, fuzzy -msgid "[OPTION...] " -msgstr "[FLAGGA...] <Ã¥tgärd> <Ã¥tgärdsspecifik>]" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Angivet UUID är ogiltigt." -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Det gÃ¥r inte att öppna loggfilen för omkryptering." -#: src/cryptsetup.c:1581 src/veritysetup.c:439 -msgid "Argument missing." -msgstr "Argumentet <Ã¥tgärd> saknas." +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Ingen dekryptering pÃ¥gÃ¥r, givet UUID kan endast användas för att Ã¥teruppta vilande dekrypteringsprocess." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 -msgid "Unknown action." -msgstr "Okänd Ã¥tgärd." +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Ändrade pbkdf-parametrarna i nyckelplatsen %i.:1" -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Blockstorlek för omkryptering" -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" -#: src/cryptsetup.c:1657 -msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." -msgstr "" +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Ändra inte nyckel, ingen omkryptering av dataomrÃ¥de" -#: src/cryptsetup.c:1664 -msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Läs volymnyckeln (master) frÃ¥n fil" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 -msgid "Key size must be a multiple of 8 bits" -msgstr "Nyckelstorlek mÃ¥ste vara en multipel av 8 bitar" +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "PBKDF2-iterationstid för LUKS (i ms)" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 -#, fuzzy -msgid "Key slot is invalid." -msgstr "Nyckelplats %d är ogiltig.\n" +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Använd direct-io vid enhetsÃ¥tkomst" -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Använd fsync efter varje block" -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 -msgid "Negative number for option not permitted." -msgstr "" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Uppdatera loggfilen efter varje block" -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 -msgid "Only one of --use-[u]random options is allowed." -msgstr "" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Använd endast denna plats (andra kommer att inaktiveras)" -#: src/cryptsetup.c:1699 -msgid "Option --use-[u]random is allowed only for luksFormat." -msgstr "" +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Skapa nytt huvud pÃ¥ icke-krypterad enhet" -#: src/cryptsetup.c:1703 -msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgstr "" +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Dekryptera enheten permanent (ta bort kryptering)" -#: src/cryptsetup.c:1707 -msgid "Option --align-payload is allowed only for luksFormat." -msgstr "" +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "Det UUID som används för att Ã¥teruppta kryptering" -#: src/cryptsetup.c:1713 -#, fuzzy -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "Denna Ã¥tgärd stöds endast för LUKS-enheter.\n" +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Typ av LUKS-metadata: luks1, luks2" -#: src/cryptsetup.c:1719 -#, fuzzy -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "Denna Ã¥tgärd stöds endast för LUKS-enheter.\n" +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[FLAGGA…] " -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Omkryptering kommer att ändra: %s%s%s%s%s%s." -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "volymnyckeln" -#: src/cryptsetup.c:1735 -#, fuzzy -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "Denna Ã¥tgärd stöds endast för LUKS-enheter.\n" +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "sätt hash till " -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", sätt chiffer till " -#: src/veritysetup.c:88 -#, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Kräver argument." -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "" +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Endast värden mellan 1 MiB och 64 MiB är tillÃ¥tna som blockstorlek för omkryptering." -#: src/veritysetup.c:308 -#, fuzzy -msgid " " -msgstr " " +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "Högsta förminskningsstorlek för enhet är 64 MiB." -#: src/veritysetup.c:308 -#, fuzzy -msgid "format device" -msgstr "skapa enhet" +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Flaggan --new mÃ¥ste användas tillsammans med --reduce-device-size eller --header." -#: src/veritysetup.c:309 -msgid " " -msgstr "" +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Flaggan --keep-key kan endast användas med --hash, --iter-time eller --pbkdf-force-iterations." -#: src/veritysetup.c:309 -#, fuzzy -msgid "verify device" -msgstr "ta bort enhet" +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "Flaggan --new kan inte användas tillsammans med --decrypt." -#: src/veritysetup.c:310 -msgid " " -msgstr "" +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "Flaggan --decrypt är inkompatibel med specificerade parametrar." -#: src/veritysetup.c:310 -#, fuzzy -msgid "create active device" -msgstr "ändra storlek pÃ¥ aktiv enhet" +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Flaggan --uuid är endast tillÃ¥ten tillsammans med --decrypt." -#: src/veritysetup.c:311 -#, fuzzy -msgid "remove (deactivate) device" -msgstr "ändra storlek pÃ¥ aktiv enhet" +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Ogiltig luks-typ. Använd en av dessa: 'luks', 'luks1' or 'luks2'." -#: src/veritysetup.c:312 -#, fuzzy -msgid "show active device status" -msgstr "visa enhetsstatus" +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Fel vid läsning av svar frÃ¥n terminal." -#: src/veritysetup.c:313 -#, fuzzy -msgid "" -msgstr "" +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Kommandot lyckades.\n" -#: src/veritysetup.c:313 -msgid "show on-disk information" -msgstr "" +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "fel eller saknar parametrar" -#: src/veritysetup.c:332 -#, c-format -msgid "" -"\n" -" is the device to create under %s\n" -" is the data device\n" -" is the device containing verification data\n" -" hash of the root node on \n" -msgstr "" +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "ingen behörighet eller dÃ¥lig lösenfras" -#: src/veritysetup.c:339 -#, c-format -msgid "" -"\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" -msgstr "" +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "slut pÃ¥ minne" -#: src/veritysetup.c:377 -msgid "Do not use verity superblock" -msgstr "" +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "angav fel enhet eller fil" -#: src/veritysetup.c:378 -msgid "Format type (1 - normal, 0 - original Chrome OS)" -msgstr "" +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "enheten existerar redan eller sÃ¥ är enheten upptagen" -#: src/veritysetup.c:378 -msgid "number" -msgstr "" +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "okänt fel" -#: src/veritysetup.c:379 -#, fuzzy -msgid "Block size on the data device" -msgstr "Storleken för enheten" +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Kommandot misslyckades med kod %i (%s).\n" -#: src/veritysetup.c:380 -#, fuzzy -msgid "Block size on the hash device" -msgstr "Storleken för enheten" +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Nyckelplats %i är ändrad." -#: src/veritysetup.c:381 -msgid "The number of blocks in the data file" -msgstr "" +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Nyckelplats %i är upplÃ¥st." -#: src/veritysetup.c:381 -msgid "blocks" -msgstr "" +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Nyckelplats %i är upplÃ¥st." -#: src/veritysetup.c:382 -#, fuzzy -msgid "Starting offset on the hash device" -msgstr "Startoffset i bakändesenheten" +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Token %i används." -#: src/veritysetup.c:383 -msgid "Hash algorithm" -msgstr "" +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Token %i används." -#: src/veritysetup.c:383 -msgid "string" +#: src/utils_tools.c:464 +#, fuzzy +msgid "" +"\n" +"Wipe interrupted." msgstr "" +"\n" +"Skrivning avbruten." -#: src/veritysetup.c:384 -msgid "Salt" -msgstr "" +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "VARNING: Enheten %s innehÃ¥ller redan en ”%s”-partitionssignatur.\n" -#: src/veritysetup.c:384 -msgid "hex string" -msgstr "" +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "VARNING: Enheten %s innehÃ¥ller redan en ”%s”-superblocksignatur.\n" -#: src/cryptsetup_reencrypt.c:147 -#, fuzzy, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Kan inte öppna enheten %s.\n" +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Misslyckades med att initiera identifiering av enhetssignatur." -#: src/cryptsetup_reencrypt.c:151 -#, fuzzy, c-format -msgid "Cannot open device %s\n" -msgstr "Kan inte öppna enheten %s.\n" +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Misslyckades med att ta status pÃ¥ enhet %s." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "" +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Enheten %s används. Det gÃ¥r inte att fortsätta med formateringsÃ¥tgärden." -#: src/cryptsetup_reencrypt.c:168 +#: src/utils_tools.c:563 #, c-format -msgid "Cannot read device %s.\n" -msgstr "Kan inte läsa enheten %s.\n" +msgid "Failed to open file %s in read/write mode." +msgstr "Misslyckades med att öppna filen %s i läs-/skrivläge." -#: src/cryptsetup_reencrypt.c:179 +#: src/utils_tools.c:577 #, c-format -msgid "Marking LUKS device %s unusable.\n" +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." msgstr "" -#: src/cryptsetup_reencrypt.c:184 +#: src/utils_tools.c:580 #, c-format -msgid "Marking LUKS device %s usable.\n" +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." msgstr "" -#: src/cryptsetup_reencrypt.c:200 -#, fuzzy, c-format -msgid "Cannot write device %s.\n" -msgstr "Kan inte rensa enheten %s.\n" +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Misslyckades med att radera enhetssignatur." -#: src/cryptsetup_reencrypt.c:281 -#, fuzzy -msgid "Cannot write reencryption log file.\n" -msgstr "Kan inte skriva säkerhetskopia för huvud %s.\n" +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Misslyckades med söka av enheten %s efter en signatur." -#: src/cryptsetup_reencrypt.c:337 +#: src/utils_tools.c:629 #, fuzzy -msgid "Cannot read reencryption log file.\n" -msgstr "Kan inte läsa säkerhetskopia för huvud %s.\n" +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Läsning avbryten." -#: src/cryptsetup_reencrypt.c:374 +#: src/utils_password.c:43 src/utils_password.c:75 #, c-format -msgid "Log file %s exists, resuming reencryption.\n" -msgstr "" +msgid "Cannot check password quality: %s" +msgstr "Det gÃ¥r inte att kontrollera lösenordskvalitet: %s" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" msgstr "" +"Misslyckades med kvalitetskontroll av lösenord:\n" +"%s" -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "" +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Misslyckades med kvalitetskontroll av lösenord: DÃ¥lig lösenfras (%s)" -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "" +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Fel vid läsning av lösenfras frÃ¥n terminal." -#: src/cryptsetup_reencrypt.c:450 -#, fuzzy, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Kan inte rensa huvudet pÃ¥ enheten %s.\n" +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Verifiera lösenfras: " -#: src/cryptsetup_reencrypt.c:458 -#, c-format -msgid "Activated keyslot %i.\n" -msgstr "" +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Lösenfraserna stämmer inte överens." -#: src/cryptsetup_reencrypt.c:484 -#, fuzzy, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "LUKS-huvud identifierat men enheten %s är för liten.\n" +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Det gÃ¥r inte att använda offset med terminalinmatning." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "" +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Ange lösenfras: " -#: src/cryptsetup_reencrypt.c:634 -#, fuzzy, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Kan inte rensa huvudet pÃ¥ enheten %s.\n" +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Ange lösenfras för %s: " -#: src/cryptsetup_reencrypt.c:636 -#, fuzzy, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "LUKS-huvud identifierat men enheten %s är för liten.\n" +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Ingen nyckel finns tillgänglig med denna lösenfras." -#: src/cryptsetup_reencrypt.c:669 -#, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#: src/utils_password.c:289 +msgid "No usable keyslot is available." msgstr "" -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -#, fuzzy -msgid "Cannot seek to device offset.\n" -msgstr "Kan inte läsa enheten %s.\n" +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Det gÃ¥r inte att öppna nyckelfilen %s för skrivning." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -#, fuzzy -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Kan inte öppna säkerhetskopia för huvud %s.\n" +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Det gÃ¥r inte att skriva till nyckelfilen %s." -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -#, fuzzy -msgid "Cannot get device size.\n" -msgstr "Kan inte läsa enheten %s.\n" +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Misslyckades med att öppna filen %s i skrivskyddat läge." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "" +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "TillhandahÃ¥ll giltig JSON för LUKS2-token:\n" -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "" +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Misslyckades med att läsa in JSON-filen." -#: src/cryptsetup_reencrypt.c:1028 +#: src/utils_luks2.c:72 msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" +"\n" +"Read interrupted." msgstr "" +"\n" +"Läsning avbryten." -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 -#, fuzzy, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Ange ny lösenfras för nyckelplats: " - -#: src/cryptsetup_reencrypt.c:1136 -#, fuzzy -msgid "Cannot open reencryption log file.\n" -msgstr "Kan inte öppna säkerhetskopia för huvud %s.\n" +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Misslyckades med att öppna filen %s in skrivläge." -#: src/cryptsetup_reencrypt.c:1262 -msgid "Reencryption block size" +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." msgstr "" +"\n" +"Skrivning avbruten." -#: src/cryptsetup_reencrypt.c:1262 -msgid "MiB" -msgstr "" +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Misslyckades med att skriva JSON-fil." -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "" +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Begärda flaggor för dmcrypt-prestanda stöds inte." -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "" +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Det gÃ¥r inte att formatera enheten %s dÃ¥ den används." -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "" +#~ msgid "Key slot %d is not used." +#~ msgstr "Nyckelplats %d används inte." -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "" +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Funktionen är inte tillgänglig i FIPS-läge." -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "" +#~ msgid "Cipher %s is not available." +#~ msgstr "Chiffret %s är inte tillgängligt." -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Nyckelplats %d markerad för borttagning." -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" +#~ msgid "open device as mapping " +#~ msgstr "öppna enhet som mappning " -#: src/cryptsetup_reencrypt.c:1281 -#, fuzzy -msgid "Create new header on not encrypted device." -msgstr "Kan inte rensa huvudet pÃ¥ enheten %s.\n" +#~ msgid "Parameter --refresh is only allowed with open or refresh commands.\n" +#~ msgstr "Flaggan --refresh är endast tillÃ¥ten för kommandot open eller refresh.\n" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." -msgstr "" +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Stöder inte sektorstorlek för kryptering.\n" -#: src/cryptsetup_reencrypt.c:1298 -msgid "[OPTION...] " -msgstr "" +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "stäng enhet (inaktivera och ta bort mappning)" -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Misslyckades med att sätta PBKDF-parametrar." -#: src/cryptsetup_reencrypt.c:1313 -#, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "" +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Kan inte söka till enhetsoffset.\n" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr "" +#~ msgid "Interrupted by a signal." +#~ msgstr "Avbruten av en signal." -#: src/cryptsetup_reencrypt.c:1315 -msgid ", set cipher to " -msgstr "" +#~ msgid "Replaced with key slot %d.\n" +#~ msgstr "Ersätt med nyckelplats %d.\n" -#: src/cryptsetup_reencrypt.c:1320 -msgid "Argument required." -msgstr "" +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)\n" +#~ msgstr "Enhet %s är för liten. (LUKS2 kräver minst % bytes.)\n" -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "minnesallokeringsfel i action_luksFormat" -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -#, fuzzy -msgid "Invalid device size specification." -msgstr "Ogiltig enhet %s.\n" +#~ msgid "Missing LUKS target type, option --type is required.\n" +#~ msgstr "Saknar mÃ¥ltyp för LUKS, flaggan -type krävs.\n" -#: src/cryptsetup_reencrypt.c:1363 -msgid "Maximum device reduce size is 64 MiB." -msgstr "" +#~ msgid "Missing --token option specifying token for removal.\n" +#~ msgstr "" +#~ "Saknad flagga --token för att ange token att ta bort.\n" +#~ " \n" -#: src/cryptsetup_reencrypt.c:1366 -#, fuzzy -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Nyckelstorlek mÃ¥ste vara en multipel av 8 bitar" +#~ msgid "Add or remove keyring token" +#~ msgstr "Lägg till eller ta bort token för nyckelring" -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "" +#~ msgid "Activated keyslot %i.\n" +#~ msgstr "Aktiverade nyckelplats %i.\n" -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" +#~ msgid "Using default pbkdf parameters for new LUKS2 header.\n" +#~ msgstr "Använder pbkdf-standardparametrar för nya LUKS2-huvuden.\n" -#: src/cryptsetup_reencrypt.c:1378 -msgid "Option --new cannot be used together with --decrypt." -msgstr "" +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "För mÃ¥nga trädnivÃ¥er för verity-volym.\n" -#: src/cryptsetup_reencrypt.c:1382 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "" +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Nyckel %d är inte aktiv. Kan inte rensa.\n" -#: src/utils_tools.c:151 -#, fuzzy -msgid "Error reading response from terminal.\n" -msgstr "Fel vid läsning av lösenfras frÃ¥n terminal.\n" +#~ msgid " " +#~ msgstr " " -#: src/utils_tools.c:173 -msgid "Command successful.\n" -msgstr "Kommandot lyckades.\n" +#~ msgid "create active device" +#~ msgstr "skapa aktiv enhet" -#: src/utils_tools.c:191 -#, c-format -msgid "Command failed with code %i" -msgstr "Kommandot misslyckades med kod %i" +#~ msgid "remove (deactivate) device" +#~ msgstr "ta bort (inaktivera) enhet" -#: src/utils_password.c:42 -#, c-format -msgid "Cannot check password quality: %s\n" -msgstr "" +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Förlopp: %5.1f%%, ETA %02llu:%02llu, %4llu MiB skrivna, hastighet %5.1f MiB/s%s" -#: src/utils_password.c:50 -#, fuzzy, c-format -msgid "" -"Password quality check failed:\n" -" %s\n" -msgstr "setpriority %u misslyckades: %s" +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Kan inte hitta en ledig loopback-enhet.\n" -#~ msgid "Key slot %d verified.\n" -#~ msgstr "Nyckelplats %d har verifierats.\n" +#~ msgid "Cannot open device %s\n" +#~ msgstr "Kan inte öppna enheten %s\n" -#~ msgid "Invalid key size %d.\n" -#~ msgstr "Ogiltig nyckelstorlek %d.\n" +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Kan inte använda insänt UUID om inte dekryptering pÃ¥gÃ¥r.\n" #~ msgid "Enter LUKS passphrase: " #~ msgstr "Ange LUKS-lösenfras: " -#~ msgid "" -#~ "Warning: exhausting read requested, but key file %s is not a regular " -#~ "file, function might never return.\n" -#~ msgstr "" -#~ "Varning: utförlig läsning begärd men nyckelfilen %s är inte en vanlig " -#~ "fil, funktionen kanske aldrig avslutas.\n" +#~ msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n" +#~ msgstr "Varning: utförlig läsning begärd men nyckelfilen %s är inte en vanlig fil, funktionen kanske aldrig avslutas.\n" #~ msgid "exclusive " #~ msgstr "exklusiv" @@ -1898,27 +4108,9 @@ msgstr "setpriority %u misslyckades: %s" #~ msgid "Unable to obtain sector size for %s" #~ msgstr "Kunde inte läsa av sektorstorlek för %s" -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "Misslyckades med att läsa av katalog för enhetsmappning." - #~ msgid "Backup file %s doesn't exist.\n" #~ msgstr "Säkerhetskopian %s finns inte.\n" -#~ msgid "%s is not LUKS device.\n" -#~ msgstr "%s är inte en LUKS-enhet.\n" - -#~ msgid "%s is not LUKS device." -#~ msgstr "%s är inte en LUKS-enhet." - -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Kan inte öppna filen %s.\n" - -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Misslyckades med att skriva till nyckellagring.\n" - -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "Misslyckades med att läsa frÃ¥n nyckellagring.\n" - #~ msgid "remove LUKS mapping" #~ msgstr "ta bort LUKS-mappning" @@ -1929,15 +4121,11 @@ msgstr "setpriority %u misslyckades: %s" #~ msgstr "ändra aktiv enhet - FÖRÅLDRAD - se manualsida" #~ msgid "" -#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case " -#~ "you really need this functionality.\n" -#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, " -#~ "hit Ctrl-C now.\n" +#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n" +#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n" #~ msgstr "" -#~ "OmläsningsÃ¥tgärden är förÃ¥ldrad. Använd \"dmsetup reload\" om du " -#~ "verkligen behöver denna funktion.\n" -#~ "VARNING: använd inte omläsning för \"touch\" pÃ¥ LUKS-enheter. Om sÃ¥ är " -#~ "fallet, tryck Ctrl-C nu.\n" +#~ "OmläsningsÃ¥tgärden är förÃ¥ldrad. Använd ”dmsetup reload” om du verkligen behöver denna funktion.\n" +#~ "VARNING: använd inte omläsning för ”touch” pÃ¥ LUKS-enheter. Om sÃ¥ är fallet, tryck Ctrl-C nu.\n" #~ msgid "Obsolete option --non-exclusive is ignored.\n" #~ msgstr "FörÃ¥ldrad flagga --non-exclusive ignoreras.\n" diff --git a/po/uk.gmo b/po/uk.gmo index ea0d46501751fd927d8ee9384e0e42992b19837f..8543bd38cf5e3f6dde7dd8839a5f9bd3c867f78e 100644 GIT binary patch literal 144008 zcmcGX2b`Q$_4l7$`U28IZxdk21~QvM42Pny z@u2$G3+BP=LDBaqQ1!nKLel6xa9?oh5%dxK1h_l60$dY(85G@K16BXJM?y<*Ul7tn zvqSh6P|qI#w+DY4aGj%~Xh*`0;KATj@F4Iqa4+x$a076Ik4MoS;MSnpJrfiidqC0u zDv%~b_k${D!njcnYX`9|CjW=Eq0TZs6YF zj$i>4ozDWd0>1$&|98PH!9RjIaIJ##<*r~O;mP1oump|;F9s)o-vu=;>nw_*oxmMH zrJD$NV~<(~$s zonHWR;Deyr`Ezh*@ZEr0wmJXr4{l3*3Do$W2WtL)1Jpcw85|F8w8Z;83lx8z2<`&j z3Jw9E1-AxY1BZj}g9n0*B`>!Ks-KsFYR_$;@;?a<1>XWi*M<{(-1A@~;c4K$U^{p) z_$9Cj{1Z48+;XYccPyy+djY8Seg-@Qd@0~A?Z|J!U7+Uk+tpu0e2(Z z42u7b0`~`dK(+Im;I3dlsP_FG6y3J(^z>7~?Fb(SsvW0-8vh4D_4|2Hbp0bp)+pEI zG|Hho?`lS^Vy>0_V@1KCp z;6Fj}LsO5>w;7=7JsFg|z81`bw}Il1mq78`d*BFgMA_xTQK0&J6R30#fttrJf=c&y zQ2eq>uea;t;O>Mk0o9KCL-;q~$%HrS^L|_cZcg|K(8>dIg#Qkz-CLdHd_E2o-^~NX zKOF(D09F27pxW^|m;*Oj<~R!6l<;98+zKlHdEhAUE8rOLC2${b0~)s_I0aOF$AB95 zlS23=Q2cN|DE@f`+!$PMx%YP)Q1f9LsPQ`=)Of4_mHv59`J+>uZ*~P0E`l1Di@|Nc zuYuyf?|^FGA3%-oj;A^v45}X|f|_qvfokWSp!)SQFbA%Gn)CArQ0Zrd@QL7_gs%km z2A>AS2mb{}gZa}P7lPu?Pl0Ox6QJ7r2T=Xn^b;D;U9t95dIT54qWeS=f7!Sj__h|JMaQf{rF;d{(TS@i+%@g4HnMv{+$Xc z{Z#?)0M-5pX=i~58RpXDPRt~2~>L?19t>}2C6^*0yQ4Ho#*+E0oC4f zK+*egQ1tj6xF5K~`Obewg5rbgKt2B+sQLH-sCEv&z~$mJFh_U+xEXj7I28OOD0+Pz zRKB;sZ-PTEbUW@z@F2n~!2`jqFLHi53Kab>19t+y9`HF(pz1pfRKFeuHNXE1YCP7s#QAx9a5uv91D*j&&U_8r1$-P7 zo!sI>dh)RQ@+W z^?%*VeVm7ZYTqPK<#d4J(_27|!=s?a=||vU;M?K(#4FrxJr-0w-vBoNUk25_--4PC z?}MUK^QTh zLQw7d8aN940jU1|2NZpG{;c!QbZ`yAOF%tu2i1;Gfl7Bzc>Z&6IN?`8(QCaM;7xE8 zsPXwUxEc5@P|sfo@gIO=24=`{z8}Ebu78r-N$8i=gQCA8>zg*yp{yE#P#*SArUkUw|XP^>6la z_660SHt>rhrw}#-vti=N8RRj z@~NQ4@mWyqUhC_ueZaBcG2q=`8@S0gyx!&DfrK9fhk^eBRqjsT^m-S9;@@jPwf8Ad zeEG54ov-!;)xS1yOYp0p#_b7E{P8@vE4a=IpTEtZ#&0qxJ~{>53A_pvpWX)^4*o90 zPrSqVz7@<7e;L>e-VPoBz5-4Fx4YBj&9UH6!euZAUJa_Ad%?+IKdAN$xy$)ve^B+e zg1dtkfV+Wrfm?yEfTGLa!BOCjcYD4$pyHQKM|!dHM}z;A;Zr@wmq4}mJD}+MCs1;6i$}cO`-2+4 zHgG%eGH`qFHc;h$58NF5H@FVC>7(xV*#=bmcLdi5r-OTe3&45c#h}LhRd5He;W2N= za8TvW1@{5Z14Y+IK+$m}xCQtDC_WnUxc6rtP~+SND*hr+^?e;wzg`DF2{t_8?Y$aQ zJ-2~M{|dM_Soba0_xpm~gqML#!RRee^YGdyks074;7;KB-}d%2gX+grQ1ogAmHy%o zz5~>_{}dbx?(iKi=O}Pb!ncBI@5^8g-1NK7mwSL}XA#VU*MW<{?}BPa{wb%+si4|_ zE4VTE3OEFO8{86H^J%wlwhPz{ZcF?GQ2cWYD1JE;6n&ooH9oI{`-2;Pk22~QM^Jn) z>-!$R6coSR3aXtifEwTRo^iQ)EO;>CJ3*EEJ}5eE`mEbWqrqW>CxU8cDTL1gMc=Q2 zjo`DO>U{@n0yp}Bm$PrcBfuSrKMBl%*M#`{z}*SI0IHw$KXm@y6;wM81&4wsfa2Fn zz}>)mLCK%jz+J#ipL0F652)~I;5hK+5dR9e4dI>pU2cpA)y_|VBfwk1N#IXHc*~V8 z@1}sN|JZyaD`C z9r_DApYX-6IR9_@D!xbJ$AKq+-~T1DkLP>64*wF~;aAv@gbQylX5f2ZJ%oDxO_!HH z{f*DF>0}zq^A7N1Y~qp)4+qk*TCuE@cKGiUzEX55q=Cj1w3qx zy69Z+S#X-dC>zO#>p;=xH=yWu%vyEPW8ll+{ooC2*F`sh3)ZPKy8RVAhw!EA)TQzwl{rrt-nm zs^?`;?K^&>I+K&ng9j3xxUrXW7I*~VUx0^#du>u@e0COi8{s!V@xc|F)MR6{@iMaw{I?}_TCFF1lQTT&ej!e;B3Orf$Hy$Thv8g0$&5?ffsD)_5K_z6CSoz zo%!283m!)JXJ82&!KSMEbqzQPd;`?H7`9EFtq)EIk0bmO@N{sGZR?_A!8<_Bn~k=s zGkd!S{5ati;8Jk??dzf+g3G|$!D&0xX=xVy4b;5&+>Uj|uN&p+%-*{gR6Cvo#V?x- z_5L3Xwh?{|6n%#6z&pMOyBlhzCw1Fk!9|iTiY45sd0(cQP1N=THxw7RxKJH%x+X?6P ztuuLaDR>p(zk#C9#ryfVybg*k)5dx~o&=94yutp?mmQ$S;aO1fap<@@liR0&8i#L! zXMp1l@bP^ZJb>_m@pUH8uLKVv{5??eXUKtd(FNeqpvK`>pytD=6Y8Q?a3v_d-+N-6 zRC;thsQJ)0sm}E5kHL|I-vP&hJ58=L`~O%_^7ad0Bls++cDxgC)D$nj6O2;&9|ARhUjoI4yH9g@bt>3G_!r=f;KYNxov(s(2~RrM(_am0T;BxMj~%Bw z{m%w>B>a2uRB-)6>dZd4093k<9UAxmJf83`z@xzNGwPxX!RtVc!_b-Duam&3gzpAL zw|{{JaN#U(&l8~dWyox&`zOHhguer-Uu({BIWZsXCH!qrzbzpeu{uJ3@ez&S@a z-987Z-7kTk04E<=XMTxqftqLUgW{tpM|nFh1}6}H72FHVecbuta8PpQQ=s^B-J@N; zT?mR!^~ZR*t)S-jjiBVv2FH56^Fh`3V^H;NcU)a`2iO8?{%*d|>2m})o$zNs(dCU0 zKl^y(ZXNzi@Oa|CU+{6-eUbO`3Q+z2KB#fsy2abw2|h^ptDxxD+Un!^B&d3~DEj<6 z5*$bP5>V~`9w>dk?_#I(UEtY-$G16uJpnEzyvq{jr;EWW2@fgNnLq6-;1a@Xo#6E9 z1ot8QCvazQ*QL%Mhk&CAe*x6IeIC>}?cVP5>T4iT(Z(GvM^Ec?y?H%&7U>S`@^(A{ zN{=;lJO5n;svql}==^jtDE;#X@O*G|kJICRP~)*>+45J@wSOs1LjZJO->k&Bu2ksCjuOD7jXDdY##)2Y`|f z-Js^zk3p4x=qJ4XQ^7q6-wHkiz6{O;uRFuTzXm05ZaLHK#~sdcy*L)^CcX%YPhJ4k z&ZEwDJL6a25roH|$~WYEmzV7U`@zY? z?|FgGgOfq^{}-U-&)5s=qRYYCLGjmt7kRr*1e*x|HQ@H2bo*i&DEco0WxstP#Qzl( z-!xwA^W_9k^ZM(c^xj`V$<0GA@%lam?oW8=r9O_wf`=+SxHtHZ5I^!Vr^6>e>4#r~ z(rf!(UT5bh&H=?Ie*upN_rJpB<_)06ZR<}lAD9=P0>4lAo1gabmtX1QzXJR+@oQXF z7d;Jr4U{}7UtMSGpjSY(Ywc@%9Oi39>U_HA}uovmw&p!lI36kQ$! zrMLeJt_5Ctz02z>LGfSonY!qAz#LHeXaCPSe_ailyaG=oe(M_?F9ucq2cY=-&>MYT zej3#L`Zp-~+j5iJL%#wgmpA^L^T`FE%6k>u2R!Wa-kys<$-lpWl4}cYu8V#N_JeBY z9k;kVs{4ZT$;Uy_;}_sn;G{1)U0(z>Uw8YGx33ItOZY)h^5F&WF|hZ`K8}0d>g~A& z)Vv$=6_;rTI4g3F2D{2SPn z@WJJv`giX)eLOe6y)ODI;R`{@htpTMzI_+GnsCb?`{dffwJv$z7y3{}D z`FcUo?R8M|_Lhe{-I#~HpHG330}~%{{hEP<%1r3CEK`*&{2!Nnrk4b>;`^1|?4}0EdBZfU19kCp~>Dcm?6tK=EtOx844D z9F#oR;XBT+t)S@r3@Eu+_^#{OH$c@l^eJygE7(l<2JjZ82Q^9^dcd^gO8k&R*&I{LO&-|H$>mr$Cjn;g7xl zp8!V_egc&J_AYoHc-T*Te!U249CmoVE?NPe3Tpn2c)|JlR#5VI`xjkb6hZOf+CO#v z>IG#d{2DwJT=J5yYu^B6pI-Viw;O&9b`hTY^SbB;@LQnTx$tG@pMFqsX3Q_@qLtuR z!3E%{uecsq2~Hr~^s1Lv3iv#D2=Nnt>2$mVR6RcgcLm44R%iQCMQ~lhy`aYZbZ}en zMNsqnUGN^T<8`+$cK(&y?Pq`*-$%eJz=k*6U-MaT8sYq#KJLBXE`(nL=Ywni+Ua;S zcmUxSK=I>{-_%841CIbTZ|dJ-e337$p!n>i-+KGk_?_EFWl(zjWl-&${rkG;&*1mK zrR00?4{jIl`X?`MA*lKH1h_r;PjCdd<=f7GQv#j|&LRF`Q2eyvpPfIx0NzWu?k_&R z_k$Ym-QICIa2>da@K3=OaQ}CG-h2*RkM_I*oDKtS zw|6=C0O6OxC%|hysEa-a9{C?1w|{`rYuo?V{R)?Z;-jyCdxBfx1s6Zg1Sf)D0L6E2 zf_s3Y>gtW(TS0{%0VPlV5^z*~z0LP7a4+KT2HU~kff|P+)~Gjo;E4?**Pui)<@q4zX6IaJ?qt* zo%0rWBjMv4>P-&(2OLTG==JN({<}EfbD;Xa*#`AyCzQaUg!{ox@EuTcqp)Fpv=jI; zxHI@)FbD4ZF{j5AQ2jp#RQd&1cv2nfvmx~+?Mc?;8*?R|WQ*ZoxF{t>Tfa>24+t%B> ze;Sk?C~xO{bUQeX@LxdL7tPz(n?Af0l>E8}91gw=ZVIlwL%r>nY#ne1a3=9PgAL$` zp!n}JQ1WO6D7p7MxH0$&sPf(h#h+X6SZ{vHBSG=qUEs&ScR|skKIi6_kEB0-OS_0Ox`4fed4W zT8%bbgL4PmZw0DNS254^6Mr`mcO>CHu2zfn{g^R?*CFrMLR!p)5aE<5c;?nO4(lGr@?@b_XZiv4Z+?n`mz(0}>6%)bs$!~YUb3^Dn;(yF_Hy5HQ zIvo^U^!pk2(}+79jDPFWAMv$*w}g09Uh+fTL??uJ(QN_YZNgJjr~S47cjxXf@FddS z$Niz&NpL;lmVkdHymm;pEFg~} zL`if$mwuQ71Ac!bu8rpxgl9`h@xzenWa5wDx`^<48ZXkk8p`@sKtxQmE7uDltgNSz z?q+Ze@E62OX2iei!VM}lI+|yDa!E#APIzx{E3Rg)5rnVe+BERVpGfySmws0euiwGo z1H`q2Fyf-(H=FR<jYx4WR~_MBbCp6~Wqg^i>=FHT;u^;N{c+g=UnhPM z_shWdNdIt%e}?;Ah`T3*xs3{3=Mo?PPUq&fH~?-<+DSY=FyuLlxF@;)4LFN<%(Uo4 z@J6m4?uUT-$+q|;*Hgs(1w{Qtm{9inCODGt_IeI>a~(jOVbpc>6)w!8=#r3M z`bEDRx$X*a|0c~&-2WGR(w^dTAWSg2NdJW2*SWus_^%Uwi)&8i+3;}xrBLR>JpTdL zaUuLYo?py$4c8*#wXW&nUcV9Gntq%7dl~uGgl`Vv*?HVc59`;>{g=SUL*54ocM_h# zbu{;*!O1+k1=Q~@?(-onYBDO2M!yd3^$w_h(zW_c;TjU2TLk|c!nG||JL#u$UC6Z^ zX@0`>DED9F+2LHD3;CWSF8-|*;?@muzvsbST$oAr+noBh3Tgfv;x6FH^IVv?(FUP? zN<1Sx|2pwsq}e}eCEoyyhD^P|CG zp^R6!|21*?y~K4Q_s4|r$V_|m{C)DQ!*ykNel>BjAL1Y8zuCD8KSa9QLLCaf%CpD8 zzY+H@@OHwV;(jfzb-7;(j;6k!gFof@o1lIxz$r@0{RP~AnfsHuKEeHd#I4DF{JVqu zjYFH)&%`%ye>K+%5^m4)A9BA2_<73s1J`R@`pM?huSob&(!9VW`>zSyi@0%IALCxX zS3;iMDCa2Rz7^u{@W;u&&xZJ^0n0p@$n_l8&$;#^9<$kg-*B*hx8vW|kmtn^|F4kl zGsORc`!m5U!?PcQ;|TwX`03os?%RR3H4y#^@%wVUOx%@(AK?B+-0ubI_a@hWh`$i* zQv|<%bFCz93-D{CJBa&@!Atcp{ALojocp)Ae$KPo!Lw8j_umBdTOLsNvZ065rVgI} zlKW?Qb^`aZWpms&bFbe<;B2lxbNz()VdQz0_}jwsZ9|#&fLn8|9m1BGe?Ck2@0qwQ z$=4em9v|W#A?^>D zWPe+P@PR}=&HX7MJToNPm45w@xW@<|7@kd}tf}1Z#54Vd27HA39eH+hNVkJMMb3wC z9naq2zKi(dLwiD!=qKUk-H`SRgf|Iknkj#uaQ`-V4%c@>_zcpGV5&s$PH|IKz@Vnq#@Fwu{lyNcm zG{})dY({to;O*XZy}>9z~^qjnp_X34R>>KF>bG75^4+-^#Tc z5yz6|>G0q?0k0!&^N{|1?)9U(=yC2J1V76)jq4q*<;3-q_OIN>ztcmWqljqa{y*T> zT$hqANBCE9LU0G=2Y&!g4)NP_e<$}7Nxu;MHrGnx=7BxLwQ+wa_xc^d)y>tY2J)Nl zVE;Zxy7>1J`8MRz@BV=2^86mcqsaSd;!50~&vjaO&TaHtu5amv-`OGlZSW?pdx`ro zW$e!VAGvnndWS3i{hs>?A#f7ub_mZdA#NG>7ZG;^mwvZ$-Op7|{5-C0i2oYlPlJ=d z4Y~Fw{+C?e<6gh{+-HAZAp8Z=Z$f{T@Sr*Kyq@@3T-)$$P2$hy`JV{uHS0~rqTzTR*2+!664-V-Sbs5)i(p=A_-vOCt>k}>!E{A8m+~3Ll<(86p z&ix0(?LqjO5O)K3OGvM%KJIVkni=A54R|Q|e#`w~q}hdjd=7kv@HxbPLUG*xmiwP^ z|60hyZFCCvmxl0P!CtQMq}z&XD$jpU_*CwvaOrn(NV^;1PjJ6BahHc@qr#_{GYkj=YAb<`p)jtnG^7cfX9J%)8VJNUgr8U*P7Fy1J?+y z30(8JmT;ZMbp_WKx$ftBmg_C9e{*eo5b3!la2>0l$`ljD{T>s^FEpb|} z>KDiTkhozUWqvfJ`+&G@LmVWsyxTB|r8D%4^DZDx@=N56({&TKs}k{x8A0)K$RuC7{AkO=9;`X#ujDNuR z*>=0uM-zxsIPPPSxQSJ9w-YD1qu&SzD@%QNmuJ!+`o-n$$U-5eU0`Qh+beww&&GLj zD^qb_Cr;%mt>~e+e-kGelZ~6%RBwGH+SX%A_eJ84RRq6{xfHj_aQD3`Zle(Q3F5{p zf?wRuM~N$XRFZcOCbim^9pe*;n;z1|c^@WDbk{GATMGpc(>kvAVB%zp=ohEEj<{HF z#c^-eNVnIBH1Db8SKt0aoOGdnao&abdh-J*Zg>5|FMhT;!vB*Y9Mk7^;v^fDCXPF9 zWWAm5Bg*8ba0r*`e2r%@jpK4Buy{O2iTK6qiOslI`akll)1J7#S6nZ~4x+)vQ~ag4 z_lcWP6&I~HW5J>G#^$CJ7Z>{4dvi;R%gd!xin(Q_-X*ys=g-S^bhQ?9O})#ya;47R zVoztG-O>yvMSFX0Q8Cxr)wig<*xK9>HH<5?^p?6h$LC7rTvul?*R^=8Vmk{RMT_fQ zLh|BCrIuo@w=37uQ!MlrbA6qy#hzSaxnW#up|`NmpQp)*3wavGEh&_j3`pSRwRCm% z7D}C^&bHi1#h%jQQcFQi$*IhSaXnpKy$h9ld`|z;u$t;QQJSw|ZR;uZF8^@KikQwBNv2$Hp{-1HG5@r5 zb#&A6)_e)thoLETFQI?kg&z0-7AlWzSg*aSt2;k&DvZ}y9+6YS8(VXWO1` z$0VK`e=s69r%*00>*{H>A!MMHrXjFzC?%8HXuPCY5OZnFLxvH#xw8(koP)HvgO&$^ zR5p3?l48r!a$iTT(B9Ssy_R&Wx)`xx@AAqr4yGZ>H6k}fq+HbA)v`3#v}k#6u{@mk zz7aX4s1-l2z~t1-%p_yzI|{vu7-Rs%M}^K-+E6ZcFX<_iiw*E`DaSUR-sOGAHG<7dzXK5DZRJ%MwPmMFTrLVS_o74xKX1cva&t+WTB0jnB&7 zQinQ1=8i!#jZvnC^`;NVMB9oTT|LWlJ;f9IN3DlQ@lx*3Ay*a`dy1XCxdjWRPob(pXU?I+fE8x<4bjdy{U*keBzKyHb0!JH{Z!W@Vy+M~ zrD#nfMg`0-mKm2qPcc{M?(XSgCYv@bi)lK1f^>DZFV8h~cIC>wT|I@iVs83uG4sxi zyOsZ!x*PMOM=@Xa?8_xH8j04pS6`@?`_X+SX|l61*ED&~g7R<^3XP}q$5W6O+8lR>lec@KqmAto#V6TK6q zZ-gutdu=v#LYi1xE73>_vUJN#0x;YXq7o^nWz;QX)kIEbKQwJb+5~xIqNJdqY3sAe z6OG7GRj$SLAbLK^=MlO2)?&G(r(_yFmCLHRgZc`z*{kdAT3UqNTU&!XYL3PcIL$fn zv{FZRS5NP0#ghf&bK|_<(*GbvI7s3JBod1M;#L~1=YTB31@+FnIe&g+T-Of+*f9k+6K zu|=jMwiqOD&MiQ?&{_rZC8^P1!8Aw8c@nyexi)|D+@t2q&y|4pG{nKF=M%`P8Ny3npv0xf!oV{-Qo_ITswR+m{_Ky}Z`xy1!pgdttB0iG?WML(8o0c@3uTPz7{^j0bY)Q&>xe>6saVeCt(UTiU5%5^)+}ai)0)2ac9n(g z<;Dn|MqRXZLY^QulLnJ$8M?FFQs`;LJSZ$Jy-9K9XxOfxY%zleAJCXX?Mu*W1<7UM%$F7PlALG`Mkb!zqu4 zNR*(ZgTdC?5f?D5u{_M^VpdP!Ie4-m$_{SXt$UlFmIFmAamg~zN<_mjj-CViwk+i| zS`BIG>ydQ<*C=_yZJn>~beDMpcYH z2?@NUqtLUo(rTDg>eRf-8cv}KX-fpNbCy{|vO+?O)D%}QBcQ9PjD&M1m3li07+zW` zE^hC`M3<6^LbNZ^AcBl47PMtJ$y6`45?U_K2{Fvxx9X`kv4jHu416j97n+yJi+<=U zhe=^WI&JD?%I?A(KcTD7R_Li}@-?E2`#@^%ecWU#i8cqxXQP`fC=sgv$8sRNFI!i; z_C6V^K1O_GRhNB8drDq z#kOX3BCWr_t2* zVmH<}ZG$0UogQo5|6cC&!_$H=9W)S{Wh0Pv?LiVE*a~vp7;9i9p48Qj!D2}g9y7EOC1(7FpaeDGS-NuWaDA>bQzOqY^)2MfI+I~n%v|vA={YclNtpO)hb=x zgBQblw%C zt%s6P4>AhNEI4eWLbJnNJh=shjCTs#ql=X~Y%wD4MwJi=G9&4KwUDWPP7_5IY&f$L zI!hUOSe-U$aCnd^P9oy=WX89R1z~82x}9WKe5rGBSFV6Xn(PS*&rrklyuFaS3PGe35*nGOClXo>c%Nd01Y<( zEm6f%q`j-nteDEiq%+DG+?$*vu`xp0oBqp|)|{K$Cm&kIM(ZiIND|6a>M8fGP7w<_ zS@65(u%aYazex!aTUzg#y2>r?L3E|`sZ2GH;+A>U6t^UUl^DlcwS}CEm;!6BATTX+ zMe7I9IV6eKhlLJSdA%lo@E}$eRAvQ->49pj7M2+Enh=@gR3@j}`KXf6QJd+evomw9 zr`XHN5YKBZ6{;Gjb5@$rAQk(0sI&ryJT&kU)Kz)3~c#4wd#ZOZYSxnQa zgnga1vhd|=l3kLOo-tLKsR+`gp_5e!@}vp&h}uaNHa$}QtVmy|Uazi(Oi)7-{z@%9 z7tbuK+cnP1F$By$q763A#n#kzt0-YaPM#b@F6yKwmC>tWAlWE2Gg|zr=a}bR^*r%3DIZA(4&K=$b<9o1>MTO!2JK$7wAH*o zVY5z3GG>X!5?yvLCOp$*qOGxH`*uoWwwp}C!by01w6w@17ne1W$k(5Zr}(bkDze1R zICs*NS)JkNVyQ}dj&^oEHh;8Mg(vXlOwXTxQSTDWCgItrkJH|XR!#!1)>Aoqpnl2z~e8{L?8V$pk#a@&myai#i-wx)w3Y$iO z8v>)V=VIGfsf8OZO2oBs zftt9>G2m0O95m;kxNA_6A(U~V9KpnZ6nIc7gH=(ncC;&3kBYnV#g;i1xv&`HI6_zVxmY=19d~w?Y6U65jTCG!vyNc3H9|Z4h z*43QtNK%k%^9;AFB2{q8g<5M=YG)Q|6p$`zs~)-u;cf@>iIv6sEKz*l1TRq$FSm9A znLHS>RXwe=Kq`pP+Xdx2@Vq58#_Mt>F3Y?Ycd~U9mdd}(i5h9|GE9ayD#?;Kw+bDL zN^N~zxY-icMc;=qv`LT;3kshV%?)#WrHv%c?PT-QcRqWH-Gx%mPBxX|B}h_Rtd1%q zwfH?2)y~2UUCf{;_;}hIhlEjuy|TtjQUQ;{o>|yIYwgh)6SpcBaWc!+g*}LDuStv~ zXMY$C7wR=j4pLf5W-%K$NsUYpTN{|tDbsl*0;Odnd0bZ*VVRi8sI&4Y>1YWni309- zEJg&74gfHNdgF|?(g+=oH;oii8zf_D`DYxFm6>AYlT{*#i!yAF zeRvL<)za5)^f*OF_pI^e3~gew-c^$62pd}4APU_?T)?c@H0jD;y54=u$&Q4?b*h|w z(k6*C(h{fXim9ACsZ>B-nj;;t*&|~qE;G1*q%GrxO)U76G}~-Km_HL1%TnF-R9U32t6}vGUI5RBBM9aLIXz2=xg?evsNsL zlq+ymQwP(w*fZP=sZuBR_(rG!8k*-B_FUW*P4!bZRpwHuGjEiNbvXmWWC&?BN^noY zIWQ&t(SW;*^6pk7&rIfAQ`mhNn{F%&&lat*aaUll#e!sR%IEzqSwnSqu@GR@Wy5J% z#1?@dCScHBeSYSF+!iRZXRIl0&R6SGSw0jE%#wmmzO=WM7B4I>4Gw}ZBP%?2>Y0Z1 za4f9Jwmz6MedgF)h%Iz3&n5O!%HP`kSBA{Cu#!S5(pxH zw5sY!Tp+%(4^Ps!iX`SaLEy7aMO`y3P%wif&+0B_fx7@}B@X5J0)6lVt;Kc>(OT6h zk4^5@J_%APLm-&_>f%7_|B3|VK33nICX)mE3`pV@wkA+Uf69FR@C-qW#1=-4EImcI z({)0&bQd3S%{B9RCUZIB`i{F57sfaz-a+qh{3Oc|a+Agmpz0FRbk$EFYIj#BQqn4~ z%5R4Qq&Z*=H@jk~tHrOAtU1y>R*9U7wg!x**~uBLkAh{N`kW=UbgV7SoJnivVsmZn zU5l_b+$)&pl&(&Y*~S63i)|CQZ$UFjKbHkjmW%u?JSZPE%xPPjnaSp;8;hXRkY=GTGS<*Xf`!+H|t{;3w=F zF%y@3H`G?{-zm`sApUj+QV>Euk7& z;^wMcv4L&qRyIC843y4Ch}zC+c;Q zA(c&BU!bRjq*iTE=M{~DX0hp6QEa*o7oRO~TOb}Ttv$$CH5!?^0uhr19(#RVi;5Kk zlSwU>i4QMGDrkG$j~j5Dq-I}qYVf1wsOWdxJWP@b(P1a^ysH)IYs?@^3O(e1s5JDm zO}13(UhtR>&S4mb@+_&iWKTG}y%eudYi%&3)Ug7BdQd46e|h)T;y%tcs#eO8F5cvj zURBanq!KNvxzB1^EunAxk(un`_d@C*$hL{?G@U!`kV`)BK=!eTeRtJNJA7)w->%mx zWkV)u(B?LW22B*t73^s3sNr>%t{pUa%Kd|-J7nJMSp$e>t%{k@RG}Ti9?-|kD$AWN zR!fCnd_W#s<6%Ad*^}7&7}V8()Tyc#fh~<(bbA<~ld53)QSlK6AdnOsO&vYo> zR<7=_8Su!B)4-ulaJIdx)Itr?Te9*z zwz#W;#iS$C(W_{Xp41XSVbll7wTxr2ff}|Xt0)p{j5B@7*vnptS*0S~^3ImvN>9lg zto&pc-1d(rT!nIpjYTl0R~x z6!&Rh)&UX;iix@|TnDDF=oPcQ)Lz28Dkd^pIeIaLeRhV`pN<5@wnN!g0F}u&iD`zK z1VY6kG1tU8pqE4GiC+fME%s7+v%J;6cq3DrQpp@~%0|<=dKQ&h*`7#jsZ>0}C+RC@ zVI)j5boIzZmAq<%HLgP-cwFRF*8zR0I#gK`OImxKkw=YvYM18>hx%K(aM68OuH4cR ziza&?)ADQY!qd9BZDaTd&2sZfgVRZp*Coe&V6?3!a4OfL^kWbmD!K<+*7ii50 zD2}zKH+fSpD7|YS4=*lg*Uy)QW+dBiWj05B1~o?q6+3MgizU2fYExrtVKywuG zCgZG~k5o8>p$Xe0aauX>jF{<)$eeA(&N4^ca8OCa1)pkzpCQJb*tHC?>`Pr{P*`y= zEcSAXy^f4UPkY!3@CX@?{c_mg3RCTRg?nxD0 z9vdATRg_bFgK1^oL%<5jvcGk3Nh`FsZY9CURvtb8!>visK~NchxBO2 zGUh6qNEUBLSu}T*DD8Lr+Jc{3YK^APt`rwp8Pl9Tbtw@RhY}NEt`A5OulFjFv@w}ZJY{4wi*94Ym7A9{~m}m;_ zu6PowV9$_Y>B<~16@5uFB!@a63Sm} z=Et%n=m_%JJE({IYd|w?yG(DSr!8}DS}H?T_aWh(GqipO0^DAVi{mnKDiJS9hFTA6 z%bu7AGdU`RP+VOqqXyPit77rnj$vsRzf_#Dq{8a3dC)A`wF69Ro1x)kg_LFs3rzD(4OS&9v$V^LOD7}0 z6Iqy?1{l2hitHcSSW*YI_z{w(^UsMtcw-WMy$S*{sx|>pWfhjO?YLth`C>b%BTgRP z=}q4D_p?DVr))MSa}%R1EkRop$-DlHV0bAK-qD6osw>SV2`|IQtIs%ERPkg+mrZ5K zQE{WW{B6LIxhf93MH@S6g0J-kyxgEvCOhHKZ8~PJy;YYT8{s27UZ$r`Uo!Tl zBCtBkqGIndwj5ZpX+5efo~n8V$+tA@tE_JR%5qr++7265 z6K^Lm_O@1CEH6D`y}QWy$FRV`yf1a@;0;Fbftj|II7q2O!xarKp%Qg&vntY0|5wC9 zz|b*kSWNf25{BFex%D78k)29}VOK1|5uz%Z0{gvX{o@7In38JPnN!zJ8EQ z-O6O)q*k&c+Qd3IKi*gGjFZ<%ai$UFe(|2C@lMUKcBVzO3dm@UjA{&XPu{$$^BS?; z9XG(e{kA)rwmyFKYHW@f&ss*uaNIf2jpMc0qoK5BR+v>{?BL*~C+01I^4^{BMy6?J ze>Mi5nw&Di7Vc1-`^r@1f3&>(bgXCU)JVazA!$hUX#U*xY;s zWN{_M!HTl^V*mMPVVdG*hC;|u8-r2_HN*e5_XwyEi;_V+RSTUQO$?A98orWWCm(8 zFk10OGyJ_vy_cv%EzQOP+LN{Z7W6H!_`^AUog9|aW-qT>h~uSRIfuljy7bkN<#^`) zPlZ(#BZU=|v6bkr=*iLLC#CHx4t~rfA&TTwLo_p%xy78bfSI*r;(M$&iX0u5-zqQe zPctd>nWc6nV}^CJE0d6fZ>j~;E8}MgpG?zv%Hi6g#sd#pD{pkSN4idS5OPjEIBS zYlHF+-!1UZoDHzAFv{@m=rCki?9$yFld z=|eo)tzA_{PTHm(X8+Ql^Am>aEI6wADewNcXSU*%|73~C6i0w4W3jWVuMH=9{Q4RT zAp6iDY-2`%P9$5`E0WvDhX=k(nH3L~)V}j$%%?M_`s#wcRXEGP{E0S11LU>skf<4E zh3sZN4w-&HMy*V8*d_%G=dNES0WB~=y^18YK(5~@|By)Gj0 z)Pb1HWO5~w_f56D%>c5evN9otuQl@NzKOA;j&dV;dwMyolzmp^n(FQ1Kpe~GOvMAr z8^P?TT^MsLpAYHvCRyH3`DXa(G1hhFYxFC>QfIehH@bE{1i>OU@Lqv{>xcNz#FNtajFEYzc|3 z+QH7tJu1sJpSRN?dD_e2`($$)4VJWwGFQb5$>ZL_Qlu2iPPWN0ODP_4lKPcR7gtEt zsybpn&wyb}$HPCC>Ytb%(cpB@JEv6VA7FE;;MSPWmb}&*aBtO8LvAj*O|#V)d*9%I z@af}BgJg0H!nd*iDNN6*OtJIHmZLGN$5{rx>fmGG6E9Oza7e(Nsk*9I-DyY1S9kI! z$Bp?18>|40T_`aOnvG$I3a2@0H#&Yh(@x`M%dcdzRgy~f<%oDm ztcjD|Ys<>K*dJM&Yc#uD2-)mX(B2D+rB5n5D=oZQqnOUrOrP|fx|$tHQztd+4Yd!; zS}lhLimqf=SJl>#ITh3oTjGg^NHW`&aP0yPPu|MP*musfS;D79+3Dc_u|Ph;T4lIt z(DV5qUI%h>Oh{$)#`)L4Jez5#Rc8uYgqF*ct&UsS8H0Q{W1v{SO%icHD_hO#8y4B- zx=0KSO=O~uBdkK98W&;sFD|u(#TO#Y52hreB3g*=#vsf5<7e5%c6IlLr)X4LJcp+r zQn48&w%*HjqK1O>9_dtp7rbiv$Ku{|RVg4loYB#zw{lo)Ca3dh04G#Xs9~8MA3XG9 zhZXt@_UzGlil9*SlDqpbWaUvp`k`A^#HgEOSy60_+(VEq_w6hHMgjij0*lD5&M_rE zi|IG5_>lAkoG~F=YT|@9Sp0?k)L`??Lw&R<`I`q7#}%`0epSluqzv0L4?c>xn5u^| zZPjF6VCK9}d3dNSNkuI>-l(ooJ4;M|-A0SoV4}rYbg&}On=-W_Qt^>?GoxfuKt%10 z7`r${;--b%R-xH?p)pBWdg5{HC{&zElsDDvmDt0=m(e-7rcdF7(s30qas9nCvz2T2 zd`!MEzhButnr~l-cQ=DaHtv)CFunYX@~U(pfK*oI)AJ3{oWw@LhVwV8@qp-C(|S_l z{qe=N4K%iaj(kXx+$8MZl!xupLrE5vdO9D)%!Q-*?1A@pF<;8DWlNKFXLyB?=3^k! zD{$(_m}Avg-0v{H9RUhcL~pt$-#B3K<0O8l-iFn8ioHY@^!UE%fe6G0}562uf`E|^*WvO0@LXK$tN35UoW3hrmDV!14 z+;UFQ1anVv=DX8lf_qozyZO6DAwjFVno+*VhU;PWe$D^Z@3~q&X)zQI30AzlZaX+O z7M2VW`tfpke@=kdzQsc{Ji)h{G-#Gk&(qbgxX((ePBO@Gn^mS=jbaC_Z3S1LF+6yyOG{g6G+!XJAub_9sg)c(hGG7i}wvsojcbZhCiB%_Yr*tfa@ZSAWKIv;NDZ6N-JQwi_pqv5LG*>AEh zHCeQqPs90m(!^N@O`SV?!MveyHZzgpHE{O$MY6Xj)@J)ny|IccM|$+zV|lel^{2~V z2q5ok>f1r>`X`}`pz#8FZgxYg);=Y*rfcAggS0X}-bzc~vXcI&od!2m{JMjm(2p~X zh-u6RN{gavrsC`oUw!b%lu_l!JVc-m$&vZ2u5;9CpBuPt;!-BCL@~D=>*$r z0&97o#wJUIs{A%P_@oEPV)BPiwN@pxKilRX+0Ylc)Blvt-x%ZTU|Lb3m5ReFS|xdu z9-&CmS2xXsdgzS}4a#z^@Bg^|R8`sz(k3KQ!K_!s#Rs{awPZP9FI1PFP3R_9Vt9nV z`;>7Y$x}HnL-@vt*%zrv2{gdv(*W*?shufGwPn6lm3A$gCYCbx2^sso9h!!* zV_zI`yQI+0XL+>CQe#b#Fi%CBmSb`m2Z0JVZ2X&0l-_u*JeWvv7>D zqRf4maxwK16>8<#Sq`MDZ^_Lo`tb-m`;nZM3_YwQDl*=T!sdqXA*=WcRQx}GlDa=hkuukPG&7G=xBIFS+V?3vH`A~3Fq!}TAleex zPs2V>4(~X^R7`={qtmwf&bxZb>wsFQ`)UiOx4)G^KK+TL;-WtN)w!}hl2)!22aD=Y1CNlN)orJD#zK&+^0+M7 zkj=&>E;)S7hEB!#HQ_WWwsuu~>XGs6ejwIf`ZT7GHz1UWVJO#n&$RZNq61zL70D}J z61DbLSC|gup!GG_%m20#gRNHUwbnwWqyI~D!}O98(pgVAIebX8N;JoUIu)BV)i0^J zGZ@hkUR+DJ79?wGEtpkWtfMttW<{m;ETdw>R*}S(O#`Ac>aSL=+CGi}rNqfo1h5m6EsyDWSrUH+P7H zMc60`(^Bv5hpglfCGDf7P(q6>90>7R6JfOoMTVG&Pr2s&OAC58L&DNTGxmE*JliukB~#B?xp?*Wbu`A_#;wu6e-2O z^tz+aD}kxePRV1b;e4dAG(w;}DY9CZzn5&5M)+ImwZ_4SlN1{o#gwu?O2fP~a$|v3 zoc)H8_`_+oAKhEdqia1T< zY~=+bIu)t%(dpaV6^_*T{!KAEw~wHvoFqcCA-wO9jTBokO|pqIufv3tnRj74CWxw7 z`?Iyvxf~rKH3*rE7hUQ#DM9#O+N9eF- z`_icTBlz$L-SFs|6UK(ur;M}y0{c3xm@AwMj1NPbdQvxLPMtqdhx2(W-2Ccsdz+&) zFMfG#m$3>7oq|)TKM^ak5Fm4N!$btJKK7Y>^|RWFwQ4I?6AVpkQOd1(V8e8ME_Qj2 z-B$n9opeKX@#9|{2o3R8_)cKb98?sJ+Uh@xql)}b?W&#;;Q*0yUEcmcL*h?>U+jaf z%)^ujW)OvmCl@WBYG2jEU~4BcRXG@k;)UH*^c_C%)!o6%wBxP+bD`lq z;wJsMQ2lY|kJ>sv{O&%9L@X@`AAZoMYQmoy#B2->E78ewi4}C1FAi4_HxyPYAG^h| z3((X}oS*T@D&~v{5zkGAC9p|Y6WW)>7~uGL{(?@e3)?#JZDih`4GfU!Upi(cnPP$7 zXk1YFa14v0@W;RT0s)l8Sw^zZNK1!USNL~!oD?P3l}$a zSo5&AW3-7Dpsz>L+>v2Dq&Zu2*_EcG7xqU1SDlns$n3*Kumy50(=%-gnZ8SQYKB|c z;ZPRq9_?N87j1`E+IXJG-wr@q^kQT$WjjenjwXm)8{aNMCUQ&eF2(sI$15=*AjvMU7c!=pmn1G=NLHkOl9G>;RVF;OZXR0mU zi>XeLZv0oKfUUHU$e4S4o4&yL4LWbU#m66(VK{r0oDGm2;1b6uq0H`&v5gnb2xAMN zV_V}4X~}%BTCGa{xSDCo_!|j*M%v0hXjYjz7ROmD#Q7#z9HupbvJ93{_#0%&dtp${ zm8n119Cgd1#)E;GFe3QF9{N+pSqmbRsE3Jfu|wxgjIbwJeM#|31%VO+#Auumj%Jvp z>(buCS_5?^TZ zRQf<$Qull&g1;6Z%K3MIHPnlWno2GiOiTDdb5mY6+OUMFtwg2_EHxzYBYWundH&oPySL=n z-*&01No{XO#TL5B)xg~pWNTADqJhiO#t@;TK{BH)2wR#a4<*yCrz?IGuLGIgS`>%B zrR@oVsIHZy(mN0eOa>r2I-d`2(s7RCkByF=J!k&(*|Rw7bZl;%8^q(|n|%Cc==jQH zPSf!bn#;VS^uRjg@zH>3p6M-rz103_h=>sSZ$#r87kH{Of9io&hkgB;#l_zm_&=1F zZihJ$B6m$jHXWnb0+J1_4`f*fG2%o;n>?{IAavH>$qHN+|6Q~W-|841!3!tp@01$_ zG{Z**T8$AKGrDmK$wF1ZV>=~L^;Z<5P(e%!-<{PeJUr0!?<+5l61@;};i_pbhL1^a z;@dVgU^*|hxpsN0ApVCJs4p^BIyKWTFh=G`wB+m*o@qv z6ybYITz0&%IZlp;@ln{H@m=(Y*R+>J6xM=W81ZQktV5gLRlJtCQLL4*qcQSBlYaca zCd-;?$#zUj8#d3~Ac<*Uox&67dm=Dmq=33;r!_H#GHb5HXD`c5MURR2=;gA?BK1CZ zZ(rG;1V+t9#eaP%JB02Jh;#xRVtJEi8#8LmsQjqC@}u|4joxeQ=zVq{wa2JY4Kw&OTYf&v z&N3ek>gpMrJBq*S!iQ+PdOEu}w$+&%x4f^Xh2Vs~r9I7^#oqB`>1^x67|PEt7COe} z7A)<-fGa5}3&+lKzHjM-cK+U6xp{H1mA@Z=&QjN!yL#Hvykm2HOB-fRpE)({?&#)G z4U@43;rsl2d?{mXw{fHyF8gaW$`=lM4_GjNT7KU&ohrmK&QIl)V=bM==Jv&V+Hjwp)Y5|1`Uf$5=hr;$GE^%1B2TFFyS71DiMQvcA(#0>Kb_qcEFUm>e|)xja=@tl zsUv(tS5%wPwUl#K%%d@*nn&%^yw9kHXg#sU*xbsq`|t06tpCyeJHZEXE6?QizW#?- zUbFJdT>pdp53Rgx14`_#AClyqC2 zYAjQ1CNBveSV$v6H$pvC336$I8o5`V*MHB-3s;^~JMRc?Ay@3s5A21C7$Q$0#W zk1}iw+I{^GX#^o;H3_fH4J1s`wVI<*gGy?4hU{vNS}<@vB4Qv_<#Hf39RjZeoK^%$$z+*)1krSSW5CQ;6YLMs>+W?qdd>1h8g zaIgs@aeb9oQPg9w#+g>eJvP%RDR2tB?7~OfrWn^tRBldopd6ep~AlnJN)KbR50xh4tGJ2X<7hMXh43Ptkwntu6&2=z3a;Tv8v_VEjz6D7CDCJ9!YqQzifM(ZSFt z$uB9@JBMfHtT&M309@XE8Q%O6nA7?lIf zZXL87NP$cdlhWcl0x9Xh9kA);{dbvE>3?|G%F8AAvILB!jrctbf-D;=jQkIZ07_rM z0#1ch@vUaxbK@QN7Tf+-;P-Kk0%~axijKwgs+$r!SIuRcY2;1#<PaI`dyKSai6_k9CQD{gQBJ%tfproNlDw0#NrOpmOA%=eyTc-ZP0S#}eu2gh8EIiL zlkUn&9{57(sY}ux_1R$3R^mAba)f1geEVI-`~wO*;;lsPN3m_6iBz+`Ilcj;AepR-p&E(mNHdWro`}atd}@h ze>yxAY4=H)A>@UIfR$?Z4bki8USlsl=LT3Kr-k^>&{bBbycui1{;xo9)(sWbpq}-A z9!9;dmTYN=cFrN$R+zbPKTM5$68GO{<8gtBE0?e$Tdc2Q)=1Z4K40Qo73(-go0^d^ zP|5YLY+Nz33@n(O32PjXj=!uZB9VEvxR7Q-A+SzFq8YK{fmJJ2rtGo@r5T`E<8I~u zzZ7fCj~>NKFnjhPt^)I}Fq8fP)3vnPwdo~j$GtGc8b|k8Z(unXo=yy=P3fbg#-l6G zhaOmBHd*e(gWxQ!H`+5Md(a~38mcKF4NF21hL0>Go-jwu%2;{M@P^3S-v7wR{<|BZ z{+nsOy97)vRSQ(4SS*0#kf8OI7C36UTFhaMG)MiPwmBw6mr;q8`6a@Y-v+Q!R$gm` z_(O!sRceJKgi15d1j^0MB-m-l>L#!rY>s@7&zfxh6{>j@&4f*9V(1>&555uq`SQmZ z)78&l=3uSq1IOu)O;fNtS!kgad32S6&BY=%wt+WGM|T)eoKS&P?sSo;wvjKaQfn>f zB5aY0Lj3J_KA@6(Yu?Bd7UXarEzroB4vX1Go+eq*wjh<7lZ}#DH3mlF`JK(tIJ|AA zxg0yq|90wW{zp~WbIOjniX0yeh^lZR4SX7}N&bhNG{bd`IJe6A^P%m5>7WpOuhE;} zL6QgSBUMqOFO(q85SNLEgEz5eLU#P@ywy1IP5)!#kIfyOb@&}SuuJ1f5if$Wr4N!c z<}z_W4X;j(Tqz+2R=%*73!_HIYNvy+=?GAGCV;hV+FP6}4%VY!%Td0O0Y_7p^SWWpJK(lqQZxnTfI8CoG)>x2F)8*g)7fl ziDbdDttAF3B?~slAgV5Ghy{6WBJDn#mJea1nB=_KH2}H}ktB&};>(4JIOAcL7IHB^*52uh<;7RTNc`uqQ_ewTIDWyEeRZ6YI^7JLqoa<`VNW(DHrm6;eX%}vkB zIB<;^C}{qAtq0CR5-6!`P}Cp30ImCsKeP_ITV#cRrtGqVORTTcgQk?L&Zs4gn6aEJ zQVbc$SgE%z3)`iuuJj{NScX_-74%#~XLc5X1s-wXhbUip!OCms(~WLv;n_pIW$mym zt+FH?v@>o7x)JS5?Ey|0O~%X;+o@7(g3vG)4sOq2VB%|VOC4H zZDYruUQSRJ3>q8gA}UrgEB=)u3`Zq0}(cD5+Eg8 zak(mHK=1&Ghbmpc%q`?f^1Scr?%ln2?{B`D0W2quKwxI??$zt?u0yZxt04ge#6JlvZ|Ls4W+5Ig$DWSUc6HrNb z9Rin*;RuM$Z^CwaEU_QRi&hMg&bu#`;Y4o~29#B!S(R-^9;jDX%M@2*MBY(l>W3}} zeO5(|5C@aOqF{CXh&ZH2TpNJu7E)h1`0>Hp2Y-!*F>Rz4DX?t{QJO^%t4d8bwV3cn z-htS)m@|akZVYvetO9*CU(09X|WIU~hBt=M7I^lx-m;gmsRly<4iH%%jLMl93_)HEZUL8>)gHxJ5 z06FS&V5|9a+xjTrbet5pB+dvFVOu3WbSqV#yLJ@fh@Eq!K5RKjso@MLr2!{7j^>zq zIG3G>4sDHMa5fjwI4J(YK&$dYW=7t_uLoBqSkc0YZZS;W6tQ0d?WMGyu|;1;BhE_? zUpnTCIS*=H^TOq`n9;Hh#L$TkgO|6+#hVvH5bhd4Ya(QE>5K)uAuA1FFwOClY#I+M z9T(%AtJcgKC#&dZN*2WFlEU@UK{!UheKFCl4dofBFY_$xzrCq6H!jS*MhcA3@$w;X=_gG`urbftETz|E`+IhjyyWZ16|4Xwp?7RbC zQur?RTvyC8Nqkh;{1F4k2F^Q+uUy)^!oi=t2nI60{{<{%f*$cd@@uOZ;5CY7EAVj`clhEA5jivo^GMN$_18`tl^v|beF-Ic zmckd8*BwS715htv)zO(kn1%0@b`n3v-W(dV5m7ycwZt33xo@jPSZXe#Ql-tY2%5^w zL->y>HRu=M47RIRS^D#ww{J%TT3A|{oV+ia?595eF^dFuJo>}qP0 z>L~uSS`hS94n(0}N$=rBFVBo;-bJCD@+1orlqnMcJwcJHuu@0xF#Xgtp^9-p*D3jz z+w#WxL5PqbI15iJ1l6m3(ZqNj_}HGEh^1ExuDKp1qhm0BR`4cV0YuZyVoOE+oQo%O z784uMhX=s4cup$95LoaBA=7)r*Yy(im#Go0bTC_KYbC;x2nj=B6u4@iRsbOTb)|%d zB$l4h^HiO?NPQZGWhhz2X9L*BKxY;~oIssPYSswr?lp64Hkk&dRXUvl1l-48Ny{8K z;=!Aq8p8>+DtE`ZCveQLtwlTtrOzJ>Q@kAuV<~;{n#&FU$Ys!L>Q=slNjp0! z3zpKSy}VV&>H`#=8A1&-6$Dp3Gu&y}uoMNyY~LDVp+;qkZEDJj{RvKxY>wwKOqCBh zmO16kit91;QHFEfMR=m(6ISaXk5f z`zvMXEnDC{`>5JlT!p7)j*&N$1dl(6T~b|lpRJ(}V-K-6_QSNs0C{nz&Vv<&Fs_E% z>&!6@Glm&Pz$JCayYDIFu_qmSqO0c?Vxj3ta4lo;E`xvx;Y@1nBO<W2{&}=-+sPdk}aI3qQ`Ja*r^{UDq}a#||RTJJW)h=*WH% zrp(0qtIwAi)SAxB`}GEAagIr2YY9Q%)mc#Cmw6*AnZ9#s#Z@%PX?0D6EB&ZsqoMmW zuQ2X-pkvUOaYXr;eGN3Bh*4ovcZ6%C@??tiL~!a@nHAB*3)R{P7s7WlhnngV6F^z( zf#bGrB>b*|e1|$>uE?|7SC$|VM-DOektqtG38&9mh!}aydq8WRs+)I<(U{zt+S=|FM7p|;K zCIC%OZp2J(Dq;M04%|;By0r2;aFSqC#iXcyTzKwD&b)^|5y~~8_!vKHg=Qsp=M{SV zCKi6LLyif$mpKZ!E7Vv$PMQvwBl>DUH+UHoQ?Tnu1pKK&vl&57$InbTXsfm!dFYys zSf`hXhE7ky07O%JJ+y#40i#pZIV=)~R)L&FsStqiZVF10<%Z@2{OHA`u5y_w*7qo~ z_BRB*hgP!R4mOAYcJ%=lg%~0-yJGj4h|FX+vLke{I_2SV#0v9gD<3PeJ$^M!J6=D} zk1$PyL+cQIcn3Zuv9>jHmE;$muE?bsDg(xqB4M{?huSAni3A!*`spU`ZU!t3N?lY) zBN}_F9ENbS(gYT}#FI|xGh7(m8p6<_WxIdJ$Saa-t9g=XeXn+Q) zh;LUG(m>Fu%y@#n9d=6>-sgX5i<`ty&ABv136cEc!0&H|`P9z8seYj5*sUDinRd;~m1VF~g z#I>qepTXz@CQ(<_RpIiKd$SVhj4lL+qreacn5N_NlWYfCUrw)PtSBi@lh|3SP{OL2 z=jBY`5VTozb-pRT6xDh84`q0i?~TiHQqCNygXu@+KEFzX2tjF5SuKuF5mW*_pt0hO!eeMRHlsGYg#Fr zUtN#}Yp0!*16)igeupH<36fYc+Mhm#dlf9&6(=~z0y6T{2}et_o|YZNTWx?b7=MfK zOPohkh^lzemc*3>xwEJXlC?Q5J3xsd^tDx%Y{29blJ-JNm zX1@^?>IfOPc~xlNLWy?|a(snD;6Z{rDI7nPdg77Poonw_Mu9c2dofZ-0rkN1ynP6| z2Bhhcis)GL(3`3vWg1It)bd+KVA38J(%sH27|F|*P(|-?$R5HfC6|LtoRto^g3>Y|+6v9q;bgcw zzNCiA$L@N@V4M|7mJs-1aIDW7v}jq)o-zaS#AHWm7t56@ROSuX5H>Yf7mBD6w97N% zK3vFh3NVPZom>0z*VcUn8>;S;L+yL2CM>tLCZ?)`05aV?XH*@I>DIdzigAVh0)ezB zb+nI0%Epc)7+%M1ju->&&Nk@Ipa*esOeBB?Kg(3omJCX!16Or;1IEQKTJ5vS88C$r zJf&0*#fu(8UcVN;d>R$-oca}Ixz;x%@Tz|1DHSHx6je6A4`}LQ)XH34=xF)UUxuC>sIu(3N>hjA`vT zcwSkrr?iUc>Kdz9bVkA0PSBuC>n6hvEg-S#-m`ktT9V5&K4w`gi6#}Dy<7O6^&ESN>TQy1ZGI%F0}ONRl{4)HLv zhDq8cOHt}yYj#J)GILFd7W1dVDQ&u=q5he|eY3}pU&GMNYnAMq_E{bhJj}vfk5=>Z zy0%!{VB(oniybiy(-@rw%i*2hvYBQ^47Nnp($h~7jHD_R@P9MTr>GS-%FpkF7U$X_ zIV01QfNV~5)X*~}M=9-!_90TF+=4SD#(gf>0Nw1Rg*k!&uoKj@kv#s{xSx^mQ`?6i zk|UMQ7nv^2lnxjc&dAHwa!1;G=N{-bjF|x{Q#&*^VZZ&S>N1fXf3Lhcr`eqqncQIQLlEgQpE#6ELMVbI zr?_y{41(pQD1!;cnjS!8kA!$#<_NwjDioIija~poB)JX^h1;ju)X)N7vOx0Kx=GGJes@lhE7ZwsN@T%kXGE7m4;#$U@>!>QD-K`8m^CJr&&-xdxFmNFR!%XqI%Htg6x=50 zTRXUAF3Wbg0{PRiN?Q;L!jz%uG=)#Xd#oniVGvxIJlngBG@P~0?oMgSXmGfC^0}eK zg~Bi(=7w--i`QXdgt!PKG+nvZ^2x@@U?&yh5DE7&F{5tYl$WULJNI-V25!68Q_Nk< z;i?P>P0mp>3MJ7fu{q1dQHnE6sKlmJ>1_eVLy)7v{Bp`r>QsLRWiAdbYKh{^-va7 zo`OQ=>d^DbdnHB>I10YGCK$M+7{w|bV^>hYI(^TY4BQhyd!{j1mr}QZUoWSD6=LM> zCZmsDWjqB=F8U*%(s!2MiFy1c$a>okDveOGNpdKdAu*}DG!sVR%q_aO_cB}}kB7f> zWu0GNQzF%N+{f+jl?KX%6xIM}7+1xbq^7`s#%8fs1_-ICfWNYTKR1IKux&W=y6_fm<*MZx6=Pl~jR+;WsqRHOakhOF+7ccD;fg4Js0_#j$Cm4m z)qk_gtzk1O3!qVw*!4ld>p+DSR#8lUwzFEAc?GD6hbm%~l=RW&@GJD+##i)qfWspv zo3E>&NlubY9naFC!^h72+52I;xz5QP1(!=aWB)5IL>70^{}Ql`P(doLb?~kM=3QB4 zh@@mpnw)Rz?w{Y}T10(o+oyb@C>##VsK}efEJ1H>8qq?kT*To6dMMH-E$bVXp4oc( z$=zq;i&PGHV6v>%$=KtMeQm)fVm7|C^Zb=PK5j@nRR7u=QJi5~7d|2*m1L1k@*%4{ zZ}g|8eDtefRpSSXttU&V-OM{30{WwL9<0{k;EHNwJSBU5Ke4A??U)kDyqG?Bx1H+k z{ZqUh-YZzFT$u`w#AGEZ;O6{uwMkm1Y3(watm>3wmPU;#W>?e-{e(v{mC9wD;C*6X zhEg5NvDESr^jigk!^VsJ9%S%35m0t+iYyY~DxDEubD)L+I4X+h0nNd#jyIyBYB8mY z=|_$S@uBBKS;?NKMK`&Iem&r5idUN{2Ar=@)g3nA@*LCDtlROJ}P7yrTID{=d zx}C^W5g+KBy4hNpO=i=DyRsWul0>B-0f+jjeVU4o3IpW0R8tr_d5`C$zQA^LMWg%ZADs9fBN3bg5S#18&MxP8`%3IP2%(}CVv}oQUS6XRr3g}nb zVp&gMq_d}en&lX4^8pZeZA>UG0hTOjmX(wge5D&jEA>Decey1I%pt(y_dn4+{CM$%4&`-t(|y}9 zJFCnJ9&qAo%le~)Eg#%Y{c$D%dvXHThJq1L+9fpi(^xg2)Hl?ea+3XYcB2Y-Gq0h{ z>FVk;a26`zKa2N637u#pCt6--dMN5=(8(JMQ! z{>^Fm6!u2nr($T5l+20QVXRJV>YL?R($xiJ=$Z9)7B(m-+YlLyv{a)izr~2=$T6du zDzx~K?t{hr=uik|h8MGo>O@N?hdHyAFssyzLOMv%k$+weYIP5>b(k~)fe5gq&yM|0 zzM4V&w0kGo4H5DVU~6*`YG1-=B{iV>X{$#WS>Z}KTRJ<$Xj3Aoe2Ot@Ub4yGS#A_m zhN_DYYf`8`!Q@&>a+CyK5$&kvm0SEf#&0Xln~^<)U3Tss*QA6+wTWua$2k|X%Ro99 zpjN0pm@l15SsUsjDcj2lh?q6$R2yX}7~xElH(l*K zr76OJmWg7ASn{;S{qO8%odsd zy7%J`V|`O1KXH~PBdzjOCmNvG%YXjnH@-fj5*>~x$jkxX64z@r9Z5x_rSQ?cZ~UX( zv(+|RKtk!5Pd?HnhT~HF55!OnU!CIQB%~!#hKQZKxRA48D=H+n;T(Zf`N))a_4y-| z@!Yij%2-k&pcMV6?9*R$fZ_Q<#xobR8PoGxN65-E8*Wd`+km17T~gvy?V~M8Ob80> z2=FjQ7XBdeox}-)qmz&=ju#v$9W(OI+k`VggBX?aADB`fNFE`Q-mi858hX>4>>Eg} zI5w{M-N`Ti6ul`g*O^N!pJjNjgXevvI*NEzptiZQv%NDT&w#g z86pVBtY3&g_b?hP;mq9iBfT3dTA0o|6Lof(4U9rho=t?TVq);{bc%2^#pN>bSsAFX zqf)0qh%xIFROf}X2Tsd)0lkf)} zo{a^1Dl^T=t~~YZg{SAJMeFmXdD1ysUio3F*VS-Xu6EB_Q`u_Paea~4yNFU@XH@TD zRk(ktOZ=kgrf`_)h+GAId(B+!aW2-)afwdVZL2>5epB3~@E1YwLB%PQPvRW6= zCL>2cGqZ!}eC9#Mhi2f#t2VKuAv5%-<}hFh8lfX+L!>GN)#9{k5dKR$BSU`&?@Bpj z=yBQ(SsxX*L>zw)>T@mWCr-X+I1~7)JTfHX0laS%=JH_c=q9 zWDt>ivd7$-z9ecMzcUf?vbcHjvJB^_sM!DzdX=IN4YNwTJeh8+kVX{3B-Aao;*5dE z-PL-XMc4^Az}D6jDm+BB0n4S;VNy#2M05uh`N8S;zK=ypaVg?cT@xzKtHL!Hq&+q~ zhup!PF(k(|M1uWa@@su!OS!;UP_V_tDdqL__^Ccp1?=Fu1Ywj=ueI_ayxG{RuO0ki z^r|tpylOHX&E=05_lr^j=V3nt-6TaeYvIgJKLir!ztzK7^DvYG`I0tI`(Ob`>#Ic6 zHt4K`fBM4{w)vM;DB+3`I4dco+lBcrup%{V72g*(SXrvtPn@&&gVGX6K&tUgBqS`w z3UJHq5v8FkkRckA-{Q4V&us}l&bD&K=umHoY5!DCwDYZuYHdYuB!IaWCFk1 zqs5HUTMkfi#$4`$NwE`1ASyAl)O`JYiZwF2M|cCFj)Pq2|UX z=$C8uu~?olkH95II~mG#Xz5ohQ)Z>mJ$_rtUD88YnvoHcfCD94)yxKwxi8E$nlfpj z^P!tibq%v_=yXG@IUC^1^6%t0OdhBZmRX@0$D~D~1pw_S4@HWUVS+`Ra5?ZI~ML z)GWpVVdm&FW2U7l1co?o`B%FnY1SW zXM}M%Ds-&d(N^K)NH#N6#NM?)M`19t{}?$mr&C8-U0MF=8bKUnWlS;djl#J)aPhG% z$7u>TR2hkS=C#n)%wAA)1Tl&ue0!_-K0>v~PylU~{m&?@FFDn7p~F#HOIDQ-riqBr zbZ9wz4YMBmtP%4^(PLI{<#5uUAvdZ6?mRry-NZASU>KrcNSXFAuD@Bqf8+qUh*@G5;Zr`v``JO zEMCwZ5qV+yc0FI)ey#4(98E(Kty2xtTQetzrDl-7@M*e))yEErBH5ygONO=AXme?f zL_NCr{VpHpo;JKYYz@Ims}$D4P5B7jdTcB{{-Bi=V!J4;ESPx9BjqI~4>gs!RlK_>nHPtBdc*E&0_0ni)zI&qu*ZNiK->#Zcw?si_7XXV&8mu5e^*n*d20p+sUflO4Q@mI!aE$aRVf z#MNxmp<#3e;J1vfG&Y51vzpu%@c{>h~ zt8`*kICE9(#n@0)%38hD5vxF-q}#&8%y9kXQNb9dIVho(EMo{?2P#j7f2E|Z*UX{g@p!Md=oymyZZs~Wt@3y-4USbg&- zAVA?mNg|Bn^F~62?0}QMm9m8n4yDfG=##OlF!E;naPWTblpR~Nn1W08iijyPao2dm z(?+yb>VwdDt*!-<(fHH3m$vr+<%klQI+Y}be%J`HRUOZnu5b(Ceay0D#hfb~=z!>( zB8}hAezvyjw{NinG^&kQ6p9p7yn5u{ zeJ-z;3*QpnBPx|~Z@~!VqJ#*k=GW$d`px?K{^h5(_b*@Y`ehuY@Kx2Vps51?Lhk%J z#xx^|7tq6eSNMO(j)~lP?cl8m<8?AoLK+E<6zXpv#6XL*Of6!Qf~E~!@h^TLiq%Hu z?E(nxPa+uC`zSD~&Hr@ksIPxej^YxT@Sh*bU8ZdyCooL@v7+*WyR(C91sZi6D}J={ z9C?R^oZtIFY+<9V+Kj!AlTPixF)O@5stU2CH>anE75p3)>VRnUU0l=JvMWQ1wnpva z6n)ETq1a;5&cNn5`tf%f0okxygo0dCM5wrjm|K!Yb2Kc%L?#CxeF3#VCx^1>a1^$g zb!&#(e8Wa+G2E%EE$W`4ZON)-LFq8NNzhXD!W$hGnd`*s4bHJg!*aW+Y|XP~kH7FS z@Nd`k%*?v=XvpZUdFoA;W9A|DG2PQ-B!+8)tsqq63N8dvNrahI+?rv@#tdfnakTdn-4Ac z^SO;n4=t|jY(BlYWBK#I9g&ktAYKf!&y=KpXp*NbU4310>jk2ig>YWGC6(_A#QZ9O z6Xvb`gzNf2>wr~=jVsB5L7DBWEWUArL$_(?97&!@awDFTqhrZNyD+~MPj;AWcP?>s zeY8b1$0SWR22g(FbtXpiN3_Qfl@+ot8>(ZDo`le}Q!0pFfl$genKia%2+ArsvJWd! z6Y*L9@_Yf<(R7i`3UAb-Bf`Xi|I7FFZXalmiMjGVp)NO$02==TcP3dJ+VSeLmm-2e z8)RNmm>!YIiWhk|h(}ldyhX?Ed0S2tUu?^ZfPjB$EzRb;WZ~@8-l$MHU)U^oxa4(YybuE3gb*2RM*vnReoatbk)se(`3khk^Cg<(Rrq2L<{q&<3uDVb zT3R%MB_=uOIiYF5a?9%(jZj$Rh1K^b!Z;BZRvH*%=vLh1?xrd~S-z(s2EhmZ)E1eV z8;7gxxeamivj53a-Xt#aUYgfREH7tTgb3?W6}brpS9nclIMjINU_^PIVId^bAMzD> z327R9Ed(TSu#Rk{2mi~#C9NJQple<@v-@yqtm6x8HZ{HVkT~E zA!(9QCxGDtgsIhK6-`&)>gx{A8o`#t0`2=Sd$XHNk|S9>tu(i>b<8iE^Jhh-j5e~o zv7D6`DjQLePVj{YQ+xHOqvzi4zul~{1NgJ{YxWTx;b@d28%*_2?GcIVI)lSMBU;h^ z&b9KT1p59Yww2Ze7iHASl0}998B-8*je(v*woxGTs!7P@4M}*xM(6*8;jjEl&iT1N zAdO6uuF6g0cD=ejW@#B3Ig-BcDWShgb%uaA@xJt{@DAR^<*)#{Mrd!3Q=RTn{nHpsGGvnEF;h4lienEC{-_~^a5GGB2y~YC@C*Q>0f7O94X{c> z=50d#h~<}g;M2zsAKXba)oDz4J6^ZiNMTb*9D5ot>Q3r*7CRNRDnJ?fgAymk40g5j zEeNP<0b&6^uuE>M2ii+joR}FqiUrb{;agJn9EuI3GOUA>goqvY4RF5!|5D5h+{7m& zSLZ`NdP&e(tTDN!(NSu<#}vuvHaK=ylHJZN1!-M3O4R!!HF~gO2arpf*3r8LXB99o zGO8``ls?N|0z;GD<#YwGs*=W)$f?Iv+kh0wHpt%;x#ap%5bxul z^9cGvkqWR{7?!6f;>V1kzIZwHs7z&^)&W4Q`o7KB*=c0PU(6+V_HIjviO`<4MlOl8 zTB$h-G%#WH0{v8G2yL8|WM+I86wXP5z$bqh+HJOi0a;1lh<@b#^0~MQA@s`(L9l65 z(5Df#NvddVh2$woLO)?H`v5Xtx4kL=uCu&Leuqe-vEE;*+#P zwAyraI5Ih3mWi z6R(#N;@E-`*t?f@dXi%DF`sTei^hVX-tzaS(bGOs-fWRGBT-4Dk*<ncCQGs&D)sXsN4hOl6`ub+Y0q}EgfFh~lw;zLU8 z(6;K7nVb+-jWP*cQrRIp)NZHmBD=r9K+R|oD?<3}%w7-dtY9kmZD)H;^J}1Y`SXap z`4@7`!)D=EAA6jL6vlt+P9<_9mt?x`RXl6CoyLjJ!@8?sMt zUD{+|B%ugTX^3tHd~LC{`=@j+wiW6TcpQ615stfs@?c?=Se$ZgSnCKS(U9BPJKfz} z|IYq*cQ!6x*j5*BFNf&f#Nh+qjZzN=4lP+U<7&##_ zC8rkQ1D(Tg6hVp8b(EddD(MAcN>vOrvv{dCtKjK34t_qo(uBpzrRRst@GBuyFG07eovGxG>*>}nZ?AuU>&j*`Z55(Kf-2PjL$6JDjmvV|5Ggqu7yo1! zU`Z~DD0FctMEQa0E33BjF6SF+c7Eg1`Ta{9d+lOY4QU+y<#Tm%xQB#_GHLnQ)`;fC z`0VE96}6-_>|Buoc$6ErH1Eg|li)6H>|T`o_BMCc_qMpb!VLU`ANlgI^{2OY_{x-i zy&((KM{8EMboJ8p?VIuQFSRt+We6T%P0sDu+K;&9&IASfYsra&!p@R7bY<)ozpWpf zOsr$mh?6v5yl~-9HlODn0_047Ab|?3o?>(A;&U52&*B095sv?#h5lf{jew{`y1e=QRJ2*y`L-&z z&PU4f-rN+SG`zw*nS(^!?!32Q`*_^xH_!&XtvVqXxy`@Ed=gx5KmGLX=3a?XvCSrn z8)0I{eC2r@2&L8n7#*Q;DQOKcp|*GJCY+tMKUYWZ#^!D)RKnf#tcK*TvJKU{R4D94 zi(PHMvbnRnwY#@@nKiB~NbTk@10MBgH+1Bz$MejUtWk{*kkB3upGa_b_sYecja?;z zH(*0mju-MLI(rhnva_|V#`U~@R#i^smUWg46a&;oX*xIe0y}d;YZA3_7g1KZ=p_;t zAU!Ua_$&LQs5W^$SiCfm#bja>MqJu>YV%SaW_^8k|0ymX+}l(NIJFl#mWX^V=0zMU zy*|A!Vqx<0JKNiP>+%_Z$}^WY_V#yL6s-_yWlujfsqXrB`Iae3!4EdqpWA$Hd*^w` z*trm1>O?#_p<G->z+Nt`o*ma7x0ph)t>JF=* z>PVG$LRt>#-ycOT!|M)!QwXjps(E8V?*H5QL$eSMFPf04%jkiezu4czP5cgsdSe7) zlUl=3@$Mv9Q#quqh`AIJu`6u2KQmU}7!Fw6#r;m1?mEezZ}0D1-nissL!hbx#LlJ7 zjqj0vY@XlS-XX9h#PMItLwg&~`0o)DlX7&52gk(1l4#Er5N7C)Sj=24ao8!8IVFNM zK&U!&e*5y%ThHWZ)kT#KJud0NExr8+;m+R1g^j(9#3_})wy*4^Uy|c-UG?5>{IbUD z)kCq0NDM9$b$?WjE;4)Wa#(8&)7j0_FM)|!e z*8Es0myi>ws3(YzFdn{ap}C^%%r&#crNXYfWwg>{5rs82E9tOUWa(lr?J39pXF9M1l|_wxgDyhhSTf}( zRyMTmx!N4yyXFCQN;ND2k}=bo86xZ+QFf1*w{$Os5kKXkE`Btm2JqYu!k zs`>BrxLyXLQH`zXDGmM6h&znT2P$*3lQtorou9$bLxd3Lp5A3?fLFoYr|y7D?LE~QaQ{XIin6KXubKO%THL| z^3iOoc}U4ND-DV=w69escjTx-1(<9!dR^*vjSAK%!bcOcBmnrLg8A?}7-3VDcTL}f zs&|Bb1kzU3f{Gsye-|dGX-50j!$a9~#*dH`wht?q2I|pIPiHj!$YNA`3wS)TDxARC z$0@gN69_LJ%X=n^ukByj+q!aTYjY>dkn7@*c$l;4NR4z%<|fc3Y0p)TZ9wIn(ZO=B zDfUhTV$JRVtV9CtnSotb7tdUIhF~dgK>y*vFS#1$Zw~(UNzOL>?ZN*(_|?JBKEL=M z)gc=mPFo3ow7xiZPTdf%vU>GEX)bGkcKUIh>aMa9jvA!ontU_y0k<{08J6IVl+?tm zT>u7vfoMQMPxL@8l(iL*LT)c1m^WCC)Y^L>gR(TO;JzDap$|bsO#3Kw=l7x~)BVtC z1HLF+9z*@7_gDVftStI|Qf0U)$C88DkcM#v0fF&pBTO*^Iv{?EyNUn7g!~K&S?@h5 zTpo}7=V*5OR90v?lUNG^l1jv*QiZ|Bdqd{gXRgw0Df*SYLn;E6rFBkpE)JUOf?AqS zK*mW&JCdWr@{cVb)DtU|aR}gaP@U9Q_k&0qbTC>;fae*$BHh(t8cC%Dq52jBaMaDe;MX{%)hLtVa*h|%mW{^ivj=Y1L6WdbZiOh{{W!N^ zu)ozbw2N3V{Wy1EGCRES!eWj1Q6TUJn64~R>Mx74sLRb-V|HSo>Dm#+ zXaInMTSKTqu9wt!Z4MgHJzlI@2#+v7t)6}G+yYMioYR9phlrc}`78eY=I^Z?+(H(G z0{)WdD`9-v=r5aZialh_0wQnWeWDYpgq~0+WDn)=ZfA4I6;Y;sGI+?E{NB znzmO5j!P4>T^Sj7v2Y(NK{M23*64b!#=r_?H@yaS65LgvH$bwif zpJI`&5us`A@%MW<3%zO=H)+P&e-332?$%3FE`*|^q7Oc_NX1MZtZb8?U*5jF$q%J& z*5wDWLxn;`Sp3+vq8c}61SKOv)>Z97K@ygXjEBIq#zpbQN^-9z)OR&bGU+i@(ko31 zWxrjBU+H)X7{Xj&t?ap^53+QYUG3`$k5^T!saIhvm4c+wK0&34s6TYhGNrUOgK*Oo zVyZNR54IhLp4$iW2Ch-H`XeknEed4QwFHPz&6Hq-5Uv$>&WY-|VKe>JvJ1|N=&Up^DYS7p zQ4FZsby#c(L6mh1NVSaN8XvnoA+QUvC>l@6oP8b5;ZJ-Att@)_7J*j(NRPE)qNDO* zwA*`y_F&U5^UrUvd*LArsJ<4 zcIvPQr+D~!7!+kiR%Kx)5{I%ErxTWPs*e?NVJNPy9ZdPP3cfx~W-~CBGbbx5PxK&$ zw@WaJ%A^>o#AGLe5tutr2j>!HD6VN9pW{Q_a~zTK*6><{h|1~|MzKGwL)EG&J8#)reTn_Uu7vvE$rtng=MJGYhzS&EJyDD{o zUV^2nbOZ&_eW`>@#;%MwWWD(6SH2{{f}~1}W$1!GFd9EoZgRa(b2CwMcerHVexAr= zSJrgz2_36puBsY)3~DQBT!UPZM2XR*-lK$6eX-j0Q-=0QB*<||Bf0V@4bs&`c7+il z1)x!%xQ;Eo!ocB6J&$l;Zl?cT=YNrTyLRsQV z=t|c|ucI6iY5L5G@JLz=SKy9tT7p1WK31qFt>$2(el`HhZFu`a`q40+C>)Jw`^j$R zh{fMzNHvM%i@9ViA}*qc*A_aRj_lu}?D+b@+vK*l4*r^dGC%1`RgIBC2{fXYp9ATl z8)u7<*tVQ3KTH6mB3!nnL7)SkyJpqk^d*DJy%6RS2&bbt$))M^yzPMRA=SmU9nKC9HND zlxZu56a<>@NRR*v4dFj9KFESi2k(7BmJ2-E4rPx?$KywsX{^B)YCACI2Ll}E8*d=K zXI=fV^X7nbv;SUfVI2K-5*iEAZrZU1lOw3^flKQH@%S9X>WmLUaplS5Pw!lm41$FT zb*u(<<*$a6P+I?rRV=GDO3k(2X#T+ku^T5uMI999$p(g7z?@=s6a|eO?PpZyhoj=< z>P8Auq&tRrZ4fDFlvX%1w_ccHDXy%nsO>!(22$l9az}(?KW(JNRPY6DCEB%&7gqZ&0RplANi zufY(ZwU8SKGXXkzJOvyHQQ(qRUV;u7QKCtit~%3RQ;|dJr{F>X0+HY7!G2`J{|eF`_n(9oIeeqf183y@=M=(&Fag_2Tg zJQU~C&ZL}}!&502i{c-SL$p3sh8RZRgWiVxbO9PxL`bW)6VBH1Wmc!xNkN1X@{UPm zHK`M8{l%(US|O6wNVj+-DR>mXToxf+pn0T@0J2Asf@v(Hp|)?30v%$EbNApkq92os zN~x_Tr4p0e*LCgN2ihEf=allC`7UxmFXe%SIC^Q@LaXIRN{zspb8G5j2`*T+T7cfL zUKrvJOMp;ZR^R`7)Y;1h)xD*g=U!m4a?7xwpq^011c@nu>v)7D1xCX7xb}zTDuGo? zGK)O7c=*cB_W6f>ENmNN@@6E^+?&TBlxC8nm^Xqh9aANUB+H$Kx{XlA4X#baCHJdv z+4wzt8A15UVj|`9&eC-U!^m@$@7QBo|G=OCtMpV;!yCcU9nnzj-%GDtD}^#4w`5}d zGV^U8ShJLX8UtoU76#(k58F^@z8-(Xf}4evZ1z|yzl0~S@>4gV+^f3Si;zSSy6S^ub6a_|%?+fw5DYdJ}nBq$}0+Vv|=F{Kjc!6B700Q1$9bI z(^H;@g(Q5%T&ue|1+OW8>$w9*J_=fdn!dwP#vy~3h%)KQw=%~DT2^98>(m$|ib*pC z!Xx*pR}e#*aUfaHPv{GrS31Qib=p{q9F%IjGrq!X$9Z1}HCCEja&D%cUh*@gT(SF9 zFYoyjx}ESJ&SCXZAFXQsO_XDg-=XpY4WwS*1GHYq(TDV3NBA<4E|{u5Is&8fUf zrjSva;7;lXk^1_Q89DTMU#mLC*%D2kWoSkgER@I<3)NtHAm@|%x8kka21G$@*q0;4 zWU9c#ZLK-NGbhms6(qAva~7*Y4gRhG({WL$L^K#_?@LC|4TzcMSBUM0!ZVsf6mBP) zgf-Gn5Z?Vkh%W$*CU4XKF}EHMiD(ER!`?@c?fMd$fDMZ z>M=+}7)Ou%7Hb=VYQp*?g~gezdcdt1tNnu68^|w;75Obi`5|MA779lD>wMbELOgtV zJtr7s0B?s@cn=pYmsrT9u*F#&U!^f5@<|_=&F@INrf-cb=xXyt^tgTJ5xx+0X=Cd$ z|H_y0#ElRSEuPxiyY#Fxt}y~%t+FB;qvQ55kDZ(LoK0NLK9Bb~&Tlj@wE|MW#5rEXa%RrfMy}h7S8wnrb;KvG*Npos(08KsHWlXWkxY5 z1&ycz(M`f0{bNSUvT~nj$b}9YtTK5j!3WfWN769?O;}m_+JF$TYj`K54GtzHNMzY*e*YXc2CycF%k$RgaIk@gx%Fqjt>yFYuR9zyAeL*DC%UQg8 zUelD~FPJQm>bwRgH@_j8D53R}I}G zhf#5;Q!5LOhxfpcmA4CRv^gp7E%)|rKwr>h)8~9WG}yBzun~?ch#zx?0jkY32*BSZ zmC)DCdeDKe>ij|>2Jh&j#bQhM9jnL4BN03ZrQ9G-ouO-G8e7@n?7&uNb{GWTx7|bd z?XNuX*th=d$am_whZ^6DixpoFL$DyU$CmfQR((B5Bfkbeb9x%{AH`1IbqG%YV9`o*#K+&CVWZTo36M&6}klgkF|>yQ>Sq3b9OwkekQk~j)x0Di)% z_&Wm(2Q=y?rd<6Ul{ZB}N%e(zQGB$E&GlnypcuI4Xm)`leCb1R^NJ;g>~3z~@L{fj zdN{sKa32QVUvXr`8UgEN+uzPZU*C)%ez0(tP^t!iDCWWRJ_) zheg+ot&;KC5^?LB3kt*T>O3`*AQ{X+eoF2#YNSU^kis)*2s5=sSB;w57UgA?Fzei_ zLVkdaWog@63{gn~I($J-j;^a}cUFQaPK)Y#t0?;;)w2j2rF}TdP~Rh0k_S@wrxKWg z*pC%Cud>ZHW$3KHL6N&u#5J`Si~Ab1|W&1~8WE=hM5-Up~JgP|R{GbXQ#wFI%6f z5f*%bJ;{qy1^JwNjUh#9smxb3d4&}+1=2ljZ+U}~zw+ryzJiA0O5p`+7|m~gla3a} z`&eu4=Jrk2hyLo(;v3)i+L7j(G&~w^ooXwJn%X7@<4{oI5|daStl}8xzne^$S!Y@I zFzC;;)f2q^kXSDQ-1`Qj2^_66>vk{J4dfJH@`BiKu+s4 z9yLMG*m7t`hob1XB0`dY5rqRMjshD{AZ=(BpFab>Ts5_5%!^_SjesyyT7l&M($mx2 zA=D~m+yY-b3gWQzn>^cAP{4qxB9TCF1EONPT9q*@1GM^voSMP~*L@D&kFZ^5Mbwv!Fyuz`a>Ob^*Yd*( z)cLhKmEqVm@sxnY=nO4sLBsT_WCB4&Z|+D3;wk8^#)JndT^B7;FNJhI(QGqh6bvDw zvT7o1pWq75P)@lo6DiaQjW3RTmFbe_iHd_bRO;MPKo?WAvdQ|ZYIbOY!d7*Z46_$T zN~(OJUP_>`m;%eGa(4WL#VWV?F%a}2H?jE((l@Eu>IRZq{O|g~Yy9~J|M$;GBNSdN z=1qMoK*~PMZGB5kmF}p~cxvjk+p~B9f~O#@;KTSS`8a(<`P)+Rgcueu0Gb%Fzn6(4oWX1*>=fD^V{~~laTDQp7k?NY==1z# zoZo-=q=9Y03FGXHr^rX}f7nH4`g$@HN*{fdOicN(diGzMO ziI!)je&eSkTq|+fI%Zb%T~niVFY4H1fD7+Bx{aCb-i8{U;18W}PQ^5nP1EC$`^din zdNcINI+dF%&_E}M7vPKxN%2R2*JUj``-2bl*SJxPzozn;4rAGl7)S^qjT|H%do0=G zm0uJQiR}=i&{2}rsEYD4i6O^$NSdYkptPT;K3r7}mlP5JRUF0$v6ACvgv)i5Sag`P zL+jddUyKbId7!i@qy`BkBlv^KSh40-trZeOo80EefUG~hdzOK`G%wog;T7pU%ui<( z3I&rV#ThBDy1hPGW0`36Qgg{Dw}Sc&p=fI(){_uyJ|7};t73atQ90mjc}1++a9Ewv zRV?Lxl3Ia4Xp5KbqYG6PppuLg*Pnk`Tj|}hH7lKmkvUtj?yodLtwEkWSHh)x*|REs zX0-VZ$c`ChZO)#e2FVB4uwWM%6%NF2LNzL0NS{Z~2^mIDgqf>A<>g|uFoCuUh7%0Q zx~cb+eepH*^$Uh;4e*2a1b4xKJ=CzBrgZv$1Bs;fsDP0p3z z1b4)&0Hdw7my~%U9bYN>)u8kaK2OA?B-v3@>MRk6Yk`XH$Cyt6t@}cZLD77I%!-P&{NDB|qEtXGjz0o! z!}1iqnYWp+m6o;S?GYQN6QL4O$4!}=R$(kUd~K~Z6KRhFVyhl(DtVPSCFTv?Kn{D_ z&`Q3dgGpx3SlBldBib^GAN%~;-o>5GjSIUHp?;@b#!`mx{Qj{FG$Cu##h_Io2rbQ_ zxQ?I5oWcxcmGUe$&xn1wE1(zBjOhYCkYZiILq|#gVfD`sC{r&0pqU7ob5T8yf|;Xr zV}9h&rO6gsax<`v>C4_e2S{2~6X4G%ZGp6=E)nXi`efEst!VA>Cm!4X+#mQqpZ%Qw z^KT!~f42DHfBoVUUw`cDfBa|)fAS}C7QSre{KbvS&+s+xz3s)B#Z%AoAsC7gqc`$* zbGS}_b7RSCU*7!Q*7;4Z!Y}( z>a;v}-i#h$ZhcsjuLM_5pIfV+y0Wpgv#6d+L)H&{pFuY3XNH;24T5V$b~cIjK?#O$ zemx(Od1$fmJyxN6aguJN*ZB0(KA%9%4`141V|DWaic!V=u_Wl%IaJ_JC)=z9)6WUE-h>ui|=1V3(>W_UKoA;;{N4l7yiI|<~uD)nJ(J# zbrGPGhCd_Yee>6`R{xgSMz-4%rkoo=2rHcw%2KSUO)l0XP&v58+vT1;g-x{( zsYVfzDCmR%3>)23I%^iL{sVL;3ZWVbj>Fg#tBBwAesLSQxZupF?J)Wtjs{{yVt%S> zi=!buZOti?a(Py2sT}FoavmUMPL@iK=PE-)DpWPArXu*T&7{F+NQyu$*FYj;g0>f= zTZ)xc%$tliH<$y+c6}=oR~h6;d^wtvz*5j>bL`rU3Q|CGW~3hE+H#gq?|~vRXQy-$ z45!b_G;^k2+A{cR#DR;RQZryk|4_hocvZ-1_PO%B4|@5OYbqJGi{X#f4Af=VI+&I(NWBNa3M31lIClx z1cc#b?kd+qJ1})G8y=AQN!EF(y#Z%{B#ViorVROE^WlPHD){Rb2!o*YPA)NpWuV*? zRlGOV6}|5W(QZ<31FM*|vOo+}Q5(XxY`Kdmcj3kB7#;efee=V#MK~&H6MIcBNEVm1 zr^3qaI9t}Oj%j0U`u-5RK}IcNnEjHs%--N{ar0)B#}H}0-VpNYl4UelxW`VBRIx}! icnxey(KB!i_~NdP0)-J>q-{ZK#ylDG?HBilnEwZ4nvyjD delta 16106 zcmZ{p2VfP&)_`{|p#=hjl0w}80Rl+~y_ZlzZ=nhZT#_4zq>-BtfG};@F+K^hzf{>C*lJI>r;{cJ3BXs@4bJ?+3(Ek?36QS&dgpGUMq9;T8V-yl>^o) z!!TxZi-Tr)!zk-Aj7njKA^9y$!zcke!rq8nr%l7C2G795@Jo0CZj3ODgYcochVcZf zP|q+5;TqTx_OEXkd*CA26t;~t3XBdYlOqkICVUE3g0H~}@I0&mKZgzBU04Q2HZY7T zFc#9L(G5z6l3_TU0fXQgSPJfdvG6$<0x!bW@Vf>DhS3700ksQ9L$Shg*a)74ZQylS z6`Ewy2cs2~3dg|ea51b5cfrB%2n>K_qo^BJfHLA%uom?AIj;bvB^leHRD1zqJ>w6E zm5e%#4WkF_0VRJCjEB3SbnF(SsL`N_et$5O=hGm6#u08(&sR`7P&V2y_%qsZV}^}_ z6cjOG0hFF?htlJdP#XLvlqo73qbu$S#e@rBD0~t!y~bfbKYvVy!6GaNX17#$)AnzJsbhkE4fRgWl((no>9ex_Nh3~>{P%&@JlFX_&pTUgy8ZrXDy)gv>TL$lHne>3I@ThgtabkAjIm%awsEw1Ioa@@Uv7WJ%Gkg z20GNwCkjwxP70xn;2M;u4++>6U zp>!-C)`5HAAb1vv&lS|}s-2`K6bs})8SzF~4IYDHq4N;y8ztfyHS7q(;4CN|Uk4>n z?SnG%pI`_KXKhx6aZpU(6UtPkL*6ei)}e^^?)CFyC>50GuBW1*pFN=A zW1pWlU|rJnS?t6tqZeeljcHKIAAo(}mym^G#Prh7lOgV7Y==>_Z(K%U+Kke@b&nGu zbsH&gCfp5W4x^|Iw=l**sdzIt{MGm;qzWUVuMW|va02NU;6PZupYFgIDCJi}spkwV zXoOO(zjmIMumR~wusU20>%r%sjOYyP3hzSkjm`tu)8Q~EKCm4&gh!#&`z4f-m!}uv z_1&QiG#7@#g9EXDEXrvzD!|{NI7=WdS_9UBQLqCP(|e#y)mA8R!sky14Au>|f|2Au z>`%{wwMf4J#Tnm&rQuZ=0Iv_m{<2JNk|Ew5HbgJKAy8iMK$+v2uqoW?PoIM_vO7>l z8kLAc!bB+fm!XWb>QLRGp-}3}hqd8KD3;z^fFg5p0b(s9c$f~oA-vb^c^UsjT)iL#lse))1j<}?XV(z4a$23MJUpf-=LT(Vx%tE1)8MC zLs@2X{P{beSmbpmmb(U}LzPD9k#_WRA`~ZE2*sJ-hBBq)AJS9W2zHb8pNJB}gS9Xm zz5%6y%YGW8_429*tB{`vrF;r(3D-aqz6a&~8?Yt}7~>xhlmT{u%!-i$F_Q5zoFePL z;#j?W9))6oH=vC8a~KCpJgh5d39FJG14CdI#9xgCuoAogOTn*UNq7s2&-@5$!TRI$ z``sXZYm9_-Wc@#bQX9Sl#iaj)K`?l{US@S*An8^x8g_-!KsuBLy-*sM0mTCAVRiTt zYzEIj>G(Y;USD;BE*B09DwELyB@8A&sc<|L=SYFlu@z7{vD#c7bcFd6Tfs&d+Udr@@}y@#`e-bG((xM^1$trO2c&#v+K-jGrL0Vho?E8#)NRq_0E#)EJwso%Ar2im$=Dup))Zz@Qw%Aj=4W z4Bl7-+rl3TP-Mi>xg4`#66_7{!M?EfG#z3s_yp;zuoq0pBl^KTa4RgBZWu#goqP@{ za4M96T!4?mhh}KYU4c|>w0x9P5G;5eg{5hP&eRQM!6eehA;vHwW@$^Tf;&myh16ke zpRK2)CKhZ@dIXe)SHa2fXDAjMKZpGRo`C&fmARZT-~`x3*8hhnkC0J~?hb@=pqTU= zqzxl#p04OwC><-!a5}>&a14ANo`a<@&pvno(syIQd~M=@1-jl&P%OF>N=H9}lV$yP zT&PF13yKq&i+C9hgG=Eh7za}q>vg*kN(DC{);9(%(H(ln&r-Z}iTs}MAgsGgPsK-2 zR@vy~db9GvOxia#p|pbKR_M8phtku${fb8)sbwQpFSvaZmiR> zy#s7SaxRR7&qJx#2bp7|f~`9`5Y{5S63Y8~Z0w(i@(me-VMkh>2$w-I@%QjaID7*~ zX80qNa=ka|3N}FTi4UO6dD~4o{}2=leGl6z{A4p*Iq5Z9^c4OE#n<{iiT$O54YV>A z-i6ZR(OdQB^+s5a^m!;w`7=y`gSX*;R9pyalCHOd(ZjA#p1%&$VAM{%+}6QN(&eAh z%XcP}4!&7{G8?7oE{``XAb(}5axNfM~2|cGPA$1r(Ko*Lz=On-P zz+SKF$Y{K#SI=0umi*tLbYRu%degfHW&bg<-q0hw24|6O`KF$um!PccpWrB1`z`I= zdGImPS71lzew$Bq_#_nPZTyb5;BYvE^e(s>{sLvn7Qai(fj_;A{o_$qzNek-JQU|> zdrCXiqcDc_9w;Wh1gF9d|Io|pMJVa&r}b1Ug(FA@oY4Vi3``@v1&WUZp4HAg0#+bB z`z-b^gR+c_(QqAD&+!xQ zbLQvyudpr5{y;~-7hp8$_X<$N`F@77yn218e^T8A#reiwFpLa%4kp3QAMv{o4eWp^ zq<3G`US8#6on8oKq~F1=u)`+c7jqkUsGN<3`zFI~YSP#Sy&HiV^a>JN}u7)5$GOo9b40DcJr z;dR&-{s5(1=UckL$xx=|B`B5%`c8ZQ0O;)hV^JFOU?Yr%Z$YW>4x9t;!rpN9_j-SS z2TDA+2^FlstsRuBnuc?4K>l>JX0SGNBX!ZAgJs|inSZ%nL0Xe>7S@ssF7fg#WC{8J z*uu%xw_#xO18Gt3BJuvb$Kfd?f%jxef)RI}wOnw=^7w6g8Xt-be!a1|$}J8T=5D z&|DLdtD-~y_yfqm$(>80oLp@*jJNy@g13=rhzn_iJnXM*2YOee3L-%$2f2dC^)b>C zc?4-kdBTYEHCzXFzi)pMpCWSA@mDH(dGu*WH{`NpaCJs9{AC)!<)o*>IDg(D(rwUZ zAdmX<$a2E;+b~QLT&X-O$VG{BlKO|Endp^}VLbfapFhH1Nsk9A%ix)ufE&PXkv`}{ z;giT@^dZPb^nW07rIYRtpFy5QMj%{z{6FY~6V=+HKabQzwjcwM2d~rqgh_>up&vkY zA}-QhknQM|ky+@A;loH7M6OlHBE*C2LOzi8OH(k0#B8Jl`V6=b>47|WttHV48Bdvp zNG(LJAb3m^*b^yDoF59h##U@Cm@ z`kKV+NGX42r2qZHqyy0N;CN&nQXiR!*vNxdW6DMK^5^^l2P3`w6;(&y?SJ+StY{Ur ztkP{gT2p^+D@uC&rC%oReSiK^C`XrkBof(*ltbi7QBsX{wPk=ze2o9?_t1x;zY8b% z^H81Nng)@sj66#EOJpp1S@ffnWIb ziHc#4qu^8ijNkk;VL5*VmOpO*j6!CTKNn`gH(+g87oJ3#ASp;g1=d#U|Lg$HVTQSJJZ}bo@8^1C*PZvnPWz# z#s*q14Qs6ets2AYS>=XTa*_lZmuNS6@N%MKLo4WxeC%dIPi`^ZZyJ=l>N5tKK zGc(JR;cv=}^!`8DR8?zYJzihn+@GIVGib8Mo$Se`=V{W##H0q{_utLt(O*^abVX9V z>VJRAyvUoh$m8#lr0UAa4JtiQ$eWXy?XgbeRp-&$$uZ{rM_!L-iuiywkC~a0f@e@m zuqP_)exclqv`kEx?n%$g7DEj7L{QImPh0LEd%AIdG^OERJy!OvYO$i}U?s@e#C$DHBG&NRKLGpy6;wX8}R<*l>n zHLTVd6)?qL1&c=@tH@&&X4JAz*K>u_*saXC>aoQIwc*XoX`bwqw9GvEH6g39_1x43 zCB2?xQvI@{t+mw*ZR#nz7%ccre|6A4pg(eIbqh~T(QiB+$PqI z+#S~5Y1J$ltb_3U=o*1W0`o#-z=Isu#}kX4xKcr5N`3QK-rq`jbKE%+ zM~X}Bn^%icW1eWp{p1skt#$KT*3Zq50GRRji8oU-%!EFJhnne`$+AWoEf~NnUoVI* z5oq+bZob~q>a%dMRb$aga$i^^!#V5R*DMzAIJQ`ZcGI~JToThX(CCwq&62n_ zF`sbZO`VkCPK%W%)7)vPe_wM`mqj;`UNhM=e!oaonwxGp0oKfNXA?T9R2Jcv%f*>X zuc*U4enpdtfkr=1c7`Xd*qh3(s{dbk9alB`ue@(o)%>r#-m4o#NPYRT5jcy(ajjUB z@YgWMl+{NMzFR$rwmVxgRmoN?_Y+pHQ2m|`;>l*xWOv3S$Gu9fk+7Ybr-&)fn=x@)hy=y~RB@e!#V~5j7pS5)?-&&dPn`;}fOeyBy zPTHGZcbe|HID5>xDBQaL@P0$BdWrR2frfQ5FU%U37)WT4+`l%WTnP}Vdct^d+=f0@ z!p7(>*;B;RoudB0#zM}`$o1+FVhnKq?-Ks!*6EG)gOa06&-5gZC)w%y-Hmmu_)QH; z1{woWyIG%X8qO$IZ5E?_xLJJn4@V!rMRt_8wlwAbZ`#mZ50b6TY30pf_(c5Hk zPTV%j3fYl`Hh)KgrFM#w9DJ&2MUzk!6GL>&j>$<)_gLk3nLLT!)sy?wT`j6QE6mN_ zHqn!jG&!9yFyzy_p0(yY-N%Kx_}TW9eDm2}+{-;D+hYIcCUD>VT>EOKyf>_S;zNUn z`9rg~X`kn3T7Nt*>;2y^$};(2uSCI8`=Y|#UT@aqY`51V0nqWXbazhDWZpTvuTIH8 zCwA=F-;{V%l{#ha0F&C}9y+iOIdku6D?*v*vKpX15k_>qNS z^-J=gsW;MVT|N*_bw3}7vqm1QZx0=5hFO!i(QwDN*W3R0Sz9HP_>n#h#pQMZY4`6n#{t@4`_Te%oWB z-#j*;v=sH`rd#``gj)Ar4J3Ej@mgWAMq+M8hB(!KgrVRQZLE1G+tG2~$*M>x%k}C^ zYul^w>zMWysd1pd{Of%h`k#FWW2N};aPny@+&e$V3keJ#YjIiKcv#Aq_qMhT8 z+vANkbDW?QYYZRWr-y$Jl=F`SY8Eejd$$RVet1d-AADLoFz&QO{C}L5fN}e@tkMx@ zBtQ3zc;VVJvQHd#a#GLMWpqofE=T>x6#!T+dpx?)8`{-u#Rt z)187_n;y1dbD|t3Vy#)eD9XL>%c>D;jOdxzXV^og{}hyz=?~0|ZETU8wq`r`ZAERY zGUw}tNt9y{W@biAa;kTV|1}DCJKvJR)6Sbjtr6N=9ymhiC>dz&Jum0Zf1H;gUO(T! z3jJWHb?t*Q9djm2Eb+4HvoLVFCnLw5W+t)QM4PEOW|EsgpP8POMu<<#Hz%^4PBHT{ zb2(jb+OVFzAhvqvf>`PL1#za1AMLc7UQDk-LC!mJrk_@P?6JyyoM@f?c>PFyqB7lS zn8fYudF)9<0i4YF2*?B?ybY(dncX~|jl&)#1-W+eN7yBi7IHFDR#AbMMtS2w0TD`8cFVQTv z)qzT%H7H@#`SPE9|GfNV8>{12Ev=X@BM(GfyP)h*ud5*aA>=z&G&j)7xKYb`|C=Wd zy!mZuWnK7JzsNx2i^tcQrs-ShJL)^&J5e;pcckbs-!Z<3d>eg7i{sJg;~~3U#UoMd$VY+y=R#UweEc1OGVpF$EgrI)O6LfKEA!(x_swKx#PZlzCzzi zzI~kyYr&m5*0;ACT6^!*D(|y-aIk1y(F)&j``$zqR#JZ^?f+2%eZ)_5xNraIF%@X5 z>#Ca7_U92!c8nGGi^SaDe_73a*{@y|xcc7@*(dT=`d%tphuxQwb;S3w)#$hS>{!zGM)n^SRW*Ba zMMe0zpV33tYxbpM4+pD?cGX~I{yneW{baEHOt9)G$q>6!A_EMmtlE~~h-(K+=Zdr1 zNQ=K!Ry*&PtYx38qI%QpkgBSI{pUy(T!J(4Uny6lSE>lJZ;ixC$498L_MED!m2UX2 zyqgiK-GAmCF0UE~$N@wu2)Dlv!=!sc@u*^ZwH7T*KNuLM`rl7R`df8gs$t)XP;Ku& z3$~Ak(^IDo+An3jdN;^E{Hv;LH{FQC%#UzYv$K9=E}GX+vvsk(<5gArlN!Y{Yj$$+e}4dmfULgM`p1B zaD+;B|GKK4wp&(&8mPO07H$s?a0T0cMlk2aR&WXrlM~*Ao7H6CpVd<}s5ZO4T4<|C zwG{p1NOeuc+9MmPJbBOWpFcKKVP*OD84x2|oc(GgRm09}=prsJ&PszoY74ck86` zOHp=U`wRU!VY1ciV@o1t9&m!`QQryQF}km2;*byLt17%bWI8LnVm@=V zH(%Aa%^8aGjpSCbez+EDFP!Nt@%=N^V6xRL#Sd5dX_ads_WD_lD`q`T0Npm%@mfa@ zeoXNhVHf9z*iHXbCChVoj?t%2`cV8Vwu=1778BnS_cw}nSG)8QRjaJ&+dzlef9*>9 zRkiXgItC~E0k3C2p|;b4<1;t@AZ*0XcebThZ?VU{a;1vBe!k-PZ<7wU`!7%{(f2G= zVU@7SF&6G|mN6!xCdsvbTp+U|`e@r)=)?hZd8zXvXI7k2yMA^STGk>p&tIM0af!1g zc^qz!Tdcy!$GTzm^2MsLJz*)qblwuhL0+m3k&H0=<0XpULGEV+*g;EGrw20PtmWTz z({ZOtn9Py&^> zW(QoP2Q!W^L;Losl@e5FafJQZUe-pzO}0zl&y^&1?3q>=|Q!kxS^(p9G5SC zSkc~iNX;mI*yymzsbFIAeg3a#U3pczZJ|1ATdQc83MIs@KknFX?`tfzKs)+%=Hjc@ z|B9i@-%wHd``J!qZ;PR(b z5IYTeZM)4W4iA5vQi=BD)9O!q#~HPrfpHY=X18C7ySdM+y0v_-=u@?XE4Efv=)Awa z((PIAtK6ozkDQSoSi2J0h-mr+^MNWN`4z}HC)?F85*b22aDuoTob8z(t4RCBi>g{l z=L^@G`ZM2gcC*Vo`t1`n5`EkyHC1Qj0pAs;yUx3rT~rzS_GfAk`CYH7es;&tot2&Z zxyoj=Q_H#<+Fd(x$~*Oynkbtq^Rl)XZnEo|sun82Sb~nk=7YY&#j{X&^_q%P_Q0>z z0sHp*Ea0utsZaZB7RROEZqfen?^q!vuH!tN z?x^6xcfMB>Wiz3(RV7E(s;?^}8}x%3Q26N&s)Djpe^Qr9U`M;cB^5H9v$Uy?G146- zl-@BDP7j^%=*;sv@u8!#&-tf@D5AF-IhGSoUXh4w_;%nOxQ`Wly{f&wrmIq&_NIJ) zMw|c7uM759zo@P<=xTP`U)2zLJN*xp1Zv(>t?ke5sgjl1ZJoH~ckp%0>+*YQkqTV< zm8%~mZ#^K`vJvtw-1^TrPfKz5ljE z<7NS_L_LWS_T2zi^U~S;?X&MpsoIuwn=%dTI;^c_od`<<~2g|vtKal*DBz>w}-sQ2cly}Kz z--IC7qu|pZ7e7whe+IegYm>89B)E%f`GY&F;-p@{QesunyrRctw(QLIe9d?&xWwTf ztKe#FXH>>`zDll5g=p!@ntCIAP|$!|kFZG`Gl@4x zWJ~oOi#B~P`#0{cTiF+X`M0W9O?+RzeC1)`{knXMAF)3At!@c}ujSjJOvIe>MEIUHT=Q&iO;=>$ z2Q^(Sl${vos%8K1hN{x$1p5VUUF^fcEtp?jO}l+=t>81#*eZ`)^Y7FTxPl=lzlkD)z>!b zx*FJ{>bgdi8l2cCw{=VV4F82wvXS$B*S5Y(&Rd!FU2;gU>*Kl=qg);QPwz&#, 2012, 2013, 2014, 2015. +# Yuri Chornoivan , 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-19 12:33+0200\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-15 15:17+0300\n" "Last-Translator: Yuri Chornoivan \n" -"Language-Team: Ukrainian \n" +"Language-Team: Ukrainian \n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Lokalize 1.5\n" +"X-Generator: Lokalize 20.07.70\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"Не можна ініціалізувати device-mapper, якщо програму запущено не від імені " -"адміністратора (root).\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Не можна ініціалізувати device-mapper, якщо програму запущено не від імені адміністратора (root)." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"Не вдалося ініціалізувати device-mapper. Чи завантажено модуль ядра dm_mod?\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Не вдалося ініціалізувати device-mapper. Чи завантажено модуль ядра dm_mod?" -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Підтримки бажаного прапорця відкладення, %s, не передбачено." + +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "DM-UUID для пристрою %s було обрізано.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID для пристрою %s було обрізано." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Невідомий тип призначення dm." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Підтримки вказаних параметрів швидкодії dm-crypt не передбачено." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Підтримки вказаних параметрів обробки пошкоджених даних за допомогою dm-verity не передбачено." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Підтримки вказаних параметрів FEC за допомогою dm-verity не передбачено." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Підтримки вказаних параметрів цілісності даних не передбачено." -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Підтримки вказаних параметрів швидкодії dmcrypt не передбачено.\n" +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Підтримки вказаного параметра sector_size не передбачено." -#: lib/random.c:76 +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Підтримки потрібного вам автоматичного повторного обчислення міток цілісності не передбачено." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Підтримки відкидання або обрізання не передбачено." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Підтримки вказаного режиму бітової карти цілісності dm не передбачено." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Не вдалося опитати сегмент dm-%s." + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" "Під час створення ключа тому було вичерпано буфер ентропії системи.\n" -"Будь ласка, пересуньте вказівник миші або наберіть якийсь текст у іншому " -"вікні, щоб зібрати додаткові дані на основі випадкових подій.\n" +"Будь ласка, пересуньте вказівник миші або наберіть якийсь текст у іншому вікні, щоб зібрати додаткові дані на основі випадкових подій.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Створення ключа (виконано %d%%).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "Критична помилка під час ініціалізації RNG.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Працюємо у режимі FIPS." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Критична помилка під час ініціалізації генератора псевдовипадкових чисел." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Надійшов запит щодо невідомої якості псевдовипадкових чисел." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Помилка читання з генератора псевдовипадкових чисел." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "Надійшов запит щодо невідомого RNG якості.\n" +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Не вдалося ініціалізувати допоміжну програму шифрування генератора псевдовипадкових чисел." -#: lib/random.c:211 +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Не вдалося ініціалізувати допоміжну програму шифрування." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Підтримки алгоритму хешування %s не передбачено." + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 #, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Помилка %d під час читання з RNG: %s\n" +msgid "Key processing error (using hash %s)." +msgstr "Помилка під час обробки ключа (на основі хешу %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Не вдалося визначити тип пристрою. Несумісна дія з активації пристрою?" -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "Не вдалося ініціалізувати допоміжну програму шифрування RNG.\n" +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Підтримку цієї дії передбачено лише для пристроїв LUKS." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Не вдалося ініціалізувати допоміжну програму шифрування.\n" +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Підтримку цієї дії передбачено лише для пристроїв LUKS2." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Заповнено всі слоти ключів." + +#: lib/setup.c:434 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "Підтримки алгоритму хешування %s не передбачено.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Слот ключа %d є некоректним, будь ласка, виберіть число від 0 до %d." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:440 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Помилка під час обробки ключа (на основі хешу %s).\n" +msgid "Key slot %d is full, please select another one." +msgstr "Слот ключа %d заповнено, будь ласка, виберіть інший." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"Не вдалося визначити тип пристрою. Несумісна дія з активації пристрою?\n" +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "Розмір пристрою не вирівняно за розміром логічного блоку пристрою." + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Виявлено заголовок, але об’єм пристрою %s є надто малим." -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Підтримку цієї дії передбачено лише для пристроїв LUKS.\n" +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Підтримки цієї дії для цього типу пристроїв не передбачено." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Заповнено всі слоти ключів.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Виконуємо заборонену дію із повторного шифрування." -#: lib/setup.c:327 +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "Слот ключа %d є некоректним, будь ласка, виберіть число від 0 до %d.\n" +msgid "Unsupported LUKS version %d." +msgstr "Непідтримувана версія LUKS, %d." -#: lib/setup.c:333 +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Підтримки пристрою від'єднаних метаданих для цього типу шифрування не передбачено." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "Слот ключа %d заповнено, будь ласка, виберіть інший.\n" +msgid "Device %s is not active." +msgstr "Пристрій %s є неактивним." -#: lib/setup.c:472 +#: lib/setup.c:1444 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Введіть пароль до %s: " +msgid "Underlying device for crypt device %s disappeared." +msgstr "Зник основний пристрій для пристрою для шифрування %s." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Некоректні параметри звичайного шифрування." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Некоректний розмір ключа." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "Підтримки UUID для цього типу шифрування не передбачено." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Непідтримуваний розмір сектора шифрування." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Розмір пристрою не вирівняно за вказаним розміром сектора." -#: lib/setup.c:653 +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Форматування LUKS без пристрою неможливе." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Потрібне вам вирівнювання даних є несумісним із відступом у даних." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "Увага: відступ у даних виходить за межі поточного доступного пристрою для зберігання даних.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Не можна витирати заголовок на пристрої %s." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "Увага: спроба активувати пристрій завершиться невдало, у dm-crypt не передбачено підтримки для вказаного розміру сектора шифрування.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Ключ тому є надто малим для шифрування із розширеннями цілісності." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Шифрування %s-%s (розмір ключа — %zd бітів) є недоступним." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "Увага: розмір метаданих LUKS2 змінено до % байтів.\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "Увага: розмір області слотів ключів LUKS2 змінено до % байтів.\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "Об’єм пристрою %s є надто малим." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Не можна форматувати пристрій %s, який перебуває у користуванні." + +#: lib/setup.c:1896 lib/setup.c:1922 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "Виявлено заголовок, але об’єм пристрою %s є надто малим.\n" +msgid "Cannot format device %s, permission denied." +msgstr "Не можна форматувати пристрій %s, недостатні права доступу." -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Підтримки цієї дії для цього типу пристроїв не передбачено.\n" +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Не вдалося форматувати цілісність для пристрою %s." -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1926 #, c-format -msgid "Device %s is not active.\n" -msgstr "Пристрій %s є неактивним.\n" +msgid "Cannot format device %s." +msgstr "Не вдалося форматувати пристрій %s." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Не можна форматувати LOOPAES без пристрою." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Форматування VERITY без пристрою неможливе." -#: lib/setup.c:925 +#: lib/setup.c:2000 lib/verity/verity.c:102 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "Зник основний пристрій для пристрою для шифрування %s.\n" +msgid "Unsupported VERITY hash type %d." +msgstr "Непідтримуваний тип хешування VERITY, %d." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Некоректні параметри звичайного шифрування.\n" +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Непідтримуваний розмір блоку VERITY." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Некоректний розмір ключа.\n" +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Непідтримуваний відступ хешу VERITY." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "Підтримки UUID для цього типу шифрування не передбачено.\n" +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Непідтримуваний зсув FEC VERITY." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Форматування LUKS без пристрою неможливе.\n" +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Область даних перекривається із областю хешу." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Область хешування перекриваються з областю FEC." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Область даних перекривається із областю FEC." + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "Увага: бажаний розмір мітки у %d байтів відрізняється від розміру у результаті %s (%d байтів).\n" -#: lib/setup.c:1089 +#: lib/setup.c:2286 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Не можна форматувати пристрій %s, який перебуває у користуванні.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Надіслано запит щодо невідомого типу пристрою шифрування, %s." -#: lib/setup.c:1092 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Не можна форматувати пристрій %s, недостатні права доступу.\n" +msgid "Unsupported parameters on device %s." +msgstr "Непідтримувані параметри на пристрої %s." -#: lib/setup.c:1096 +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Не можна витирати заголовок на пристрої %s.\n" +msgid "Mismatching parameters on device %s." +msgstr "Невідповідність параметрів на пристрої %s." -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "Не можна форматувати LOOPAES без пристрою.\n" +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Невідповідність пристроїв шифрування." -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "Форматування VERITY без пристрою неможливе.\n" +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "Не вдалося перезавантажити пристрій %s." -#: lib/setup.c:1160 lib/verity/verity.c:106 +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 #, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Непідтримуваний тип хешування VERITY, %d.\n" +msgid "Failed to suspend device %s." +msgstr "Не вдалося приспати пристрій %s." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Непідтримуваний розмір блоку VERITY.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Не вдалося відновити роботу пристрою %s." -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Непідтримуваний відступ хешу VERITY.\n" +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Критична помилка під час перезавантаження пристрої %s (над пристроєм %s)." -#: lib/setup.c:1285 +#: lib/setup.c:2735 lib/setup.c:2737 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Надіслано запит щодо невідомого типу пристрою шифрування, %s.\n" +msgid "Failed to switch device %s to dm-error." +msgstr "Не вдалося перемкнути пристрій %s у режим dm-error." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Неможливо змінити розмір петльового пристрою." -#: lib/setup.c:1435 +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "Ви справді хочете змінити UUID пристрою?" -#: lib/setup.c:1545 +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Файл резервної копії заголовка не містить сумісного із LUKS заголовка." + +#: lib/setup.c:3058 #, c-format -msgid "Volume %s is not active.\n" -msgstr "Том %s не є активним.\n" +msgid "Volume %s is not active." +msgstr "Том %s не є активним." -#: lib/setup.c:1556 +#: lib/setup.c:3069 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Том %s вже приспано.\n" +msgid "Volume %s is already suspended." +msgstr "Том %s вже приспано." -#: lib/setup.c:1563 +#: lib/setup.c:3082 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "Підтримки присипляння для пристрою %s не передбачено.\n" +msgid "Suspend is not supported for device %s." +msgstr "Підтримки присипляння для пристрою %s не передбачено." -#: lib/setup.c:1565 +#: lib/setup.c:3084 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Помилка під час спроби приспати пристрій %s.\n" +msgid "Error during suspending device %s." +msgstr "Помилка під час спроби приспати пристрій %s." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Том %s не приспано.\n" +msgid "Volume %s is not suspended." +msgstr "Том %s не приспано." -#: lib/setup.c:1605 +#: lib/setup.c:3146 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Підтримки дії з пробудження для пристрою %s не передбачено.\n" +msgid "Resume is not supported for device %s." +msgstr "Підтримки дії з пробудження для пристрою %s не передбачено." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Помилка під час спроби пробудити пристрій %s.\n" +msgid "Error during resuming device %s." +msgstr "Помилка під час спроби пробудити пристрій %s." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Введіть пароль: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Ключ тому не відповідає тому." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Не вдалося додати слот ключа, всі слоти вимкнено і не вказано ключа тому.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Не вдалося додати слот ключа, всі слоти вимкнено і не вказано ключа тому." -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Введіть будь-який пароль: " +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Не вдалося зарезервувати новий слот ключа." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Введіть новий пароль для слота ключа: " +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Слот ключа %d є некоректним." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Слот ключа %d не є активним." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Заголовок пристрою перекривається із областю даних." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Виконуємо повторне шифрування. Не можна активувати пристрій." -#: lib/setup.c:1798 +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Не вдалося отримати стан блокування для повторного шифрування." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "Не вдалося виконати відновлення даних повторного шифрування LUKS2." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Тип пристрою не ініціалізовано належним чином." + +#: lib/setup.c:4171 #, c-format -msgid "Key slot %d changed.\n" -msgstr "Слот ключа %d змінено.\n" +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Неможливо скористатися пристроєм %s, некоректна назва або пристрій усе ще використовується." -#: lib/setup.c:1801 +#: lib/setup.c:4174 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Замінено слотом ключа %d.\n" +msgid "Device %s already exists." +msgstr "Пристрій %s вже існує." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Для пристрою зі звичайним шифруванням вказано помилковий ключ тому." -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Не вдалося зарезервувати новий слот ключа.\n" +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Для пристрою перевірки вказано помилковий кореневий хеш." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Ключ тому не відповідає тому.\n" +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Потрібен хеш-підпис кореневої теки." + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Немає сховища ключів ядра: це сховище потрібне для передавання підпису ядру." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Не вдалося завантажити ключ до сховища ключів ядра." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Пристрій %s все ще використовується." -#: lib/setup.c:1961 +#: lib/setup.c:4516 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Слот ключа %d є некоректним.\n" +msgid "Invalid device %s." +msgstr "Некоректний пристрій %s." -#: lib/setup.c:1966 +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Буфер ключів тому є занадто малим." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Неможливо отримати ключ тому для пристрою зі звичайним шифруванням." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "Не вдалося отримати кореневий хеш для пристрою VERITY." + +#: lib/setup.c:4659 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Слот ключа %d не використовується.\n" +msgid "This operation is not supported for %s crypt device." +msgstr "Підтримки цієї дії для шифрованого пристрою %s не передбачено." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Підтримки дії зі створення дампу для цього типу пристроїв не передбачено." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:5190 #, c-format -msgid "Device %s already exists.\n" -msgstr "Пристрій %s вже існує.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "Зсув у даних не є кратним до %u байтів." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "Для пристрою зі звичайним шифруванням вказано помилковий ключ тому.\n" +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Не можна перетворити пристрій %s, який перебуває у користуванні." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" -msgstr "Для пристрою перевірки вказано помилковий кореневий хеш.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Не вдалося прив'язати слот ключа %u як новий ключ тому." -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Тип пристрою не ініціалізовано належним чином.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Не вдалося ініціалізувати типові параметри слоту ключів LUKS2." -#: lib/setup.c:2259 +#: lib/setup.c:5851 #, c-format -msgid "Device %s is still in use.\n" -msgstr "Пристрій %s все ще використовується.\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "Не вдалося прив'язати слот ключа %d до контрольної суми." -#: lib/setup.c:2268 +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "У ядрі не передбачено підтримки сховища ключів ядра." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "Invalid device %s.\n" -msgstr "Некоректний пристрій %s.\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Не вдалося прочитати пароль із ключа зі сховища ключів (помилка %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Не вдалося створити загальне блокування серіалізації доступу до пам'яті." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Не вдалося отримати значення пріоритетності процесу." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Не вдалося розблокувати пам’ять." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Не вдалося відкрити файл ключа." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Не вдалося прочитати файл ключа з термінала." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Не вдалося отримати статистичні дані щодо файла ключа." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Не вдалося встановити потрібну позицію у файлі ключа." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Під час читання пароля вичерпано пам’ять." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Помилка під час читання пароля." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Ця функція недоступна у режимі FIPS.\n" +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Нічого читати з вхідних даних." -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Буфер ключів тому є занадто малим.\n" +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Перевищено максимальний розмір файла ключа." -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "Неможливо отримати ключ тому для пристрою зі звичайним шифруванням.\n" +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Не вдалося прочитати бажаний об’єм даних." -#: lib/setup.c:2310 +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 #, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Підтримки цієї дії для шифрованого пристрою %s не передбачено.\n" +msgid "Device %s does not exist or access denied." +msgstr "Пристрою %s не існує або доступ до цього пристрою заборонено." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "" -"Підтримки дії зі створення дампу для цього типу пристроїв не передбачено.\n" +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Пристрій %s є сумісним." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Не вдалося отримати значення пріоритетності процесу.\n" +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Обсяг пристрою %s є надто малим. Потрібно принаймні % байтів." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Не вдалося розблокувати пам’ять.\n" +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Не можна використовувати пристрій %s, оскільки його вже використано (призначено або змонтовано)." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Під час читання пароля вичерпано пам’ять.\n" +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Не можна скористатися пристроєм %s, недостатні права доступу." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Помилка під час читання пароля з термінала.\n" +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Не вдалося отримати дані щодо пристрою %s." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Перевірка пароля: " +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Не можна використовувати петльовий пристрій, програму запущено не від імені адміністративного користувача (root)." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Паролі не збігаються.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Спроба долучення петльового пристрою зазнала невдачі (потрібен петльовий пристрій з встановленим прапорцем автоматичного спорожнення)." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Не можна використовувати відступ у даних, що надходять з термінала.\n" +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Бажана точка відступу перебуває за межами об’єму пристрою %s." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "Не вдалося відкрити файл ключа.\n" +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Об’єм пристрою %s є нульовим." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "Не вдалося отримати статистичні дані щодо файла ключа.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Вказаний час PBKDF не може бути нульовим." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "Не вдалося встановити потрібну позицію у файлі ключа.\n" +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Невідомий тип PBKDF, %s." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Помилка під час читання пароля.\n" +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Підтримки бажаного хешування, %s, не передбачено." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Перевищено максимальний розмір файла ключа.\n" +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Підтримки бажаного типу PBKDF для LUKS1 не передбачено." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "Не вдалося прочитати бажаний об’єм даних.\n" +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Максимальний об'єм пам'яті PBKDF або кількість паралельних потоків обробки не можна встановлювати разом із pbkdf2." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Пристрою %s не існує або доступ до цього пристрою заборонено.\n" +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Задане значення кількості ітерацій для %s є надто низьким (мінімальним є %u)." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "" -"Не можна використовувати петльовий пристрій, програму запущено не від імені " -"адміністративного користувача (root).\n" +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Задане значення об'єму пам'яті для %s є надто низьким (мінімальним є %u кілобайтів)." -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Не вдалося знайти вільний петльовий пристрій.\n" +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Бажана максимальна вартість пам'яті PBKDF є надто високою (максимальною є %d кілобайтів)." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" -"Спроба долучення петльового пристрою зазнала невдачі (потрібен петльовий " -"пристрій з встановленим прапорцем автоматичного спорожнення).\n" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Бажаний максимальний обсяг пам'яті PBKDF не може бути нульовим." + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Вказана кількість паралельних потоків обробки PBKDF не може бути нульовою." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "У режимі FIPS передбачено підтримку лише PBKDF2." + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Тестування PBKDF вимкнено, але кількість ітерацій не встановлено." -#: lib/utils_device.c:484 +#: lib/utils_benchmark.c:191 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" -msgstr "" -"Не можна використовувати пристрій %s, оскільки його вже використано " -"(призначено або змонтовано).\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Несумісні параметри PBKDF2 (з використанням алгоритму хешування %s)." + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Несумісні параметри PBKDF." -#: lib/utils_device.c:488 +#: lib/utils_device_locking.c:102 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Не вдалося отримати дані щодо пристрою %s.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Блокування перервано. Шлях блокування %s/%s є непридатним для користування (не є каталогом або його не вказано)." -#: lib/utils_device.c:494 +#: lib/utils_device_locking.c:109 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "Бажана точка відступу перебуває за межами об’єму пристрою %s.\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "ПОПЕРЕДЖЕННЯ: не вистачає блокування каталогу %s/%s!\n" -#: lib/utils_device.c:502 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Об’єм пристрою %s є нульовим.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Блокування перервано Шлях блокування %s/%s є непридатним для користування (%s не є каталогом)." -#: lib/utils_device.c:513 +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Не вдалося встановити вказану позицію на пристрої." + +#: lib/utils_wipe.c:208 #, c-format -msgid "Device %s is too small.\n" -msgstr "Об’єм пристрою %s є надто малим.\n" +msgid "Device wipe error, offset %." +msgstr "Помилка витирання пристрою, зсув %." -#: lib/luks1/keyencryption.c:37 +#: lib/luks1/keyencryption.c:39 #, c-format msgid "" "Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" "Не вдалося визначити призначення ключа dm-crypt для пристрою %s.\n" -"Перевірте, чи передбачено у ядрі підтримку шифрування %s (докладніші дані " -"можна знайти у журналі системи (syslog)).\n" +"Перевірте, чи передбачено у ядрі підтримку шифрування %s (докладніші дані можна знайти у журналі системи (syslog))." + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Розмір ключа у режимі XTS має бути рівним 256 або 512 бітів." -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "Розмір ключа у режимі XTS має бути рівним 256 або 512 бітів.\n" +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Специфікацію шифрування слід вказувати так: [алгоритм]-[режим]-[iv]." -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 #, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Не вдалося виконати запис на пристрій %s, недостатні права доступу.\n" +msgid "Cannot write to device %s, permission denied." +msgstr "Не вдалося виконати запис на пристрій %s, недостатні права доступу." -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "Не вдалося відкрити пристрій тимчасового сховища ключів.\n" +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Не вдалося відкрити пристрій тимчасового сховища ключів." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "Не вдалося отримати доступ до пристрою тимчасового сховища ключів.\n" +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Не вдалося отримати доступ до пристрою тимчасового сховища ключів." -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "Помилка введення-виведення під час шифрування слоту ключів.\n" +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Помилка введення-виведення під час шифрування слоту ключів." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "Помилка введення-виведення під час розшифрування слоту ключів.\n" +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Не вдалося відкрити пристрій %s." + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Помилка введення-виведення під час розшифрування слоту ключів." -#: lib/luks1/keymanage.c:90 +#: lib/luks1/keymanage.c:110 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "" -"Обсяг пристрою %s є надто малим. (LUKS потрібно принаймні % " -"байтів.)\n" +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Обсяг пристрою %s є надто малим. (LUKS1 потрібно принаймні % байтів.)" + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "Слот ключа LUKS %u є некоректним." -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "Пристрій %s не є коректним пристроєм LUKS.\n" +msgid "Device %s is not a valid LUKS device." +msgstr "Пристрій %s не є коректним пристроєм LUKS." -#: lib/luks1/keymanage.c:198 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Потрібний вам файл резервної копії заголовка, %s, вже існує.\n" +msgid "Requested header backup file %s already exists." +msgstr "Потрібний вам файл резервної копії заголовка, %s, вже існує." -#: lib/luks1/keymanage.c:200 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Не вдалося створити файл резервної копії заголовка, %s.\n" +msgid "Cannot create header backup file %s." +msgstr "Не вдалося створити файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:205 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Не вдалося записати файл резервної копії заголовка, %s.\n" +msgid "Cannot write header backup file %s." +msgstr "Не вдалося записати файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Файл резервної копії не містить коректного заголовка LUKS.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Файл резервної копії не містить коректного заголовка LUKS." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Не вдалося відкрити файл резервної копії заголовка, %s.\n" +msgid "Cannot open header backup file %s." +msgstr "Не вдалося відкрити файл резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:258 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Не вдалося прочитати дані з файла резервної копії заголовка, %s.\n" +msgid "Cannot read header backup file %s." +msgstr "Не вдалося прочитати дані з файла резервної копії заголовка, %s." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Відступ у даних або розмір ключа на пристрої і у резервній копії є різними. " -"Відновлення неможливе.\n" +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Відступ у даних або розмір ключа на пристрої і у резервній копії є різними. Відновлення неможливе." -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Пристрій %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"не містить заголовка LUKS. Заміна заголовка може зруйнувати дані, що " -"зберігаються на пристрої." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "не містить заголовка LUKS. Заміна заголовка може зруйнувати дані, що зберігаються на пристрої." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"вже містить заголовок LUKS. Заміна заголовка призведе до руйнування вже " -"створених слотів ключів." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "вже містить заголовок LUKS. Заміна заголовка призведе до руйнування вже створених слотів ключів." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" msgstr "" "\n" -"ПОПЕРЕДЖЕННЯ: заголовок, що зберігається на пристрої, має інший UUID, ніж " -"заголовок у резервній копії!" - -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Не вдалося відкрити пристрій %s.\n" +"ПОПЕРЕДЖЕННЯ: заголовок, що зберігається на пристрої, має інший UUID, ніж заголовок у резервній копії!" -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "Нестандартний розмір ключа, слід виправити дані вручну.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Нестандартний розмір ключа, слід виправити дані вручну." -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "Нестандартне вирівнювання слотів ключів, слід виправити дані вручну.\n" - -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Виправлення слотів ключів.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Нестандартне вирівнювання слотів ключів, слід виправити дані вручну." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Спроба виправлення зазнала невдачі." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Виправлення слотів ключів." -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Слот ключа %i: виправлено відступ (%u -> %u).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Слот ключа %i: виправлено відступ (%u -> %u)." -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Слот ключа %i: виправлено смужки (%u -> %u).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Слот ключа %i: виправлено смужки (%u -> %u)." -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Слот ключа %i: зайвий підпис розділу.\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Слот ключа %i: зайвий підпис розділу." -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Слот ключа %i: дані ініціалізації (сіль) витерто.\n" - -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "Запис заголовка LUKS на диск.\n" +msgid "Keyslot %i: salt wiped." +msgstr "Слот ключа %i: дані ініціалізації (сіль) витерто." -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Непідтримувана версія LUKS, %d.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Запис заголовка LUKS на диск." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "Підтримки бажаного хешування LUKS, %s, не передбачено.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Спроба виправлення зазнала невдачі." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "Слот ключа LUKS %u є некоректним.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "Підтримки бажаного хешування LUKS, %s, не передбачено." -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "У заголовку LUKS не виявлено жодних проблем.\n" - -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Помилка під час оновлення заголовка LUKS на пристрої %s.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "У заголовку LUKS не виявлено жодних проблем." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Помилка під час спроби повторного читання заголовка LUKS після оновлення на " -"пристрої %s.\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Помилка під час оновлення заголовка LUKS на пристрої %s." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keymanage.c:668 #, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"Відступ даних для від’єднаного заголовка LUKS має бути або рівним нулеві, " -"або перевищувати розмір заголовка (%d секторів).\n" +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Помилка під час спроби повторного читання заголовка LUKS після оновлення на пристрої %s." -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Вказано UUID LUKS у помилковому форматі.\n" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Відступ даних для заголовка LUKS має бути або рівним нулеві, або перевищувати розмір заголовка." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "" -"Не вдалося створити заголовок LUKS: помилка читання випадкових даних для " -"ініціалізації.\n" +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Вказано UUID LUKS у помилковому форматі." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Несумісні параметри PBKDF2 (з використанням алгоритму хешування %s).\n" +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Не вдалося створити заголовок LUKS: помилка читання випадкових даних для ініціалізації." -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Не вдалося створити заголовок LUKS: помилка під час обчислення контрольної " -"суми заголовка (з використанням хешу %s).\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Не вдалося створити заголовок LUKS: помилка під час обчислення контрольної суми заголовка (з використанням хешу %s)." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "Слот ключа %d є активним. Його слід спочатку спорожнити.\n" +msgid "Key slot %d active, purge first." +msgstr "Слот ключа %d є активним. Його слід спочатку спорожнити." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Ентропія даних слота ключа %d є надто низькою. Маніпуляції з заголовком?\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Ентропія даних слота ключа %d є надто низькою. Маніпуляції з заголовком?" -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:990 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Слот ключа %d розблоковано.\n" - -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Для цього пароля немає відповідного ключа.\n" +msgid "Cannot open keyslot (using hash %s)." +msgstr "Не вдалося відкрити слот ключа (за допомогою хешу %s)." -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "" -"Слот ключа %d є некоректним, будь ласка, виберіть слот ключа з номером від 0 " -"до %d.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Слот ключа %d є некоректним, будь ласка, виберіть слот ключа з номером від 0 до %d." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Не вдалося витерти пристрій %s.\n" +msgid "Cannot wipe device %s." +msgstr "Не вдалося витерти пристрій %s." #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "" -"Виявлено файл ключа, підтримки шифрування GPG у якому ще не передбачено.\n" +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Виявлено файл ключа, підтримки шифрування GPG у якому ще не передбачено." #: lib/loopaes/loopaes.c:147 msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" -msgstr "" -"Будь ласка, скористайтеся командою gpg --decrypt <ФАЙЛ_КЛЮЧА> | cryptsetup --" -"keyfile=- ...\n" +msgstr "Будь ласка, скористайтеся командою gpg --decrypt <ФАЙЛ_КЛЮЧА> | cryptsetup --keyfile=- ...\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Виявлено несумісний з loop-AES файл ключа.\n" +msgid "Incompatible loop-AES keyfile detected." +msgstr "Виявлено несумісний з loop-AES файл ключа." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "У ядрі не передбачено підтримки призначення, сумісного з loop-AES.\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "У ядрі не передбачено підтримки призначення, сумісного з loop-AES." -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Помилка під час спроби читання файла ключа %s.\n" +msgid "Error reading keyfile %s." +msgstr "Помилка під час спроби читання файла ключа %s." -#: lib/tcrypt/tcrypt.c:513 +#: lib/tcrypt/tcrypt.c:554 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "Перевищено максимальну можливу довжину пароля TCRYPT (%d).\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Перевищено максимальну можливу довжину пароля TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "" -"Засіб створення хешів PBKDF2 за алгоритмом %s недоступний, пропускаємо.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "Засіб створення хешів PBKDF2 за алгоритмом %s недоступний, пропускаємо." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "Потрібний для роботи інтерфейс ядра для шифрування недоступний.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Потрібний для роботи інтерфейс ядра для шифрування недоступний." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "Переконайтеся, що завантажено модуль ядра algif_skcipher.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Переконайтеся, що завантажено модуль ядра algif_skcipher." -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "Підтримки активації для розміру сектора %d не передбачено.\n" +msgid "Activation is not supported for %d sector size." +msgstr "Підтримки активації для розміру сектора %d не передбачено." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "" -"У ядрі не передбачено підтримки вмикання цього застарілого режиму TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "У ядрі не передбачено підтримки вмикання цього застарілого режиму TCRYPT." -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "Активуємо шифрування системи за допомогою TCRYPT для розділу %s.\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Активуємо шифрування системи за допомогою TCRYPT для розділу %s." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "У ядрі не передбачено підтримки призначення, сумісного з TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "У ядрі не передбачено підтримки призначення, сумісного з TCRYPT." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Підтримки цієї дії без завантаження заголовка TCRYPT." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуваний тип запису метаданих «%u»." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Під час обробки основного ключа тому виявлено некоректний рядок." + +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "На пристрої VERITY %s не використовується вбудований заголовок.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуваний рядок («%s»)." -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:399 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Пристрій %s не є коректним пристроєм VERITY.\n" +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуване значення запису метаданих «%u»." -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:479 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "Непідтримувана версія VERITY, %d.\n" +msgid "Failed to read BITLK signature from %s." +msgstr "Не вдалося прочитати підпис BITLK з %s." -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "Пошкоджено заголовок VERITY.\n" +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "Підтримки BITLK версії 1 у поточній версії не передбачено." -#: lib/verity/verity.c:166 +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Некоректний або невідомий підпис завантаження для пристрою BITLK." + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Некоректний або невідомий підпис для пристрою BITLK." + +#: lib/bitlk/bitlk.c:510 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "На пристрої %s вказано UUID VERITY у помилковому форматі.\n" +msgid "Unsupported sector size %." +msgstr "Непідтримуваний розмір сектора %." -#: lib/verity/verity.c:196 +#: lib/bitlk/bitlk.c:518 #, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Помилка під час оновлення заголовка verity на пристрої %s.\n" +msgid "Failed to read BITLK header from %s." +msgstr "Не вдалося прочитати заголовок BITLK з %s." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "У ядрі не передбачено підтримки призначення за dm-verity.\n" +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Не вдалося прочитати метадані FVE BITLK з %s." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "Виявлено пошкодження даних на пристрої перевірки після активації.\n" +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Невідомий або непідтримуваний тип шифрування." -#: lib/verity/verity_hash.c:59 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "Резервну область не занулено у позиції %.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Не вдалося прочитати записи метаданих BITLK з %s." -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Переповнення відступу на пристрої.\n" +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Підтримки цієї дії не передбачено." -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" -msgstr "Помилка під час перевірки за позицією %.\n" +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Помилковий розмір ключа." -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Некоректні параметри розміру для пристрою перевірки.\n" +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Цей пристрій BITLK перебуває у непідтримуваному стані — його неможливо активувати." -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Занадто високий рівень вкладеності для тому перевірки.\n" +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "Пристрої BITLK типу «%s» неможливо активувати." -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "Не вдалося перевірити область даних.\n" +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Активації частково розшифрованого пристрою BITLK не передбачено." -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "Не вдалося перевірити кореневий хеш.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки BITLK IV." -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "" -"Під час створення області хешу сталася помилка введення або виведення " -"даних.\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки дифузера Elephant BITLK." -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "Не вдалося створити область хешу.\n" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "На пристрої VERITY %s не використовується вбудований заголовок." -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity.c:90 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" -"Попередження: ядро не зможе задіяти пристрій, якщо розмір блоку " -"перевищуватиме розмір сторінки (%u).\n" +msgid "Device %s is not a valid VERITY device." +msgstr "Пристрій %s не є коректним пристроєм VERITY." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "" -"Перевірку паролів не можна виконувати на основі вхідних даних, які надходять " -"не з tty.\n" +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Непідтримувана версія VERITY, %d." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Не виявлено жодного відомого зразка специфікації шифрування.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Пошкоджено заголовок VERITY." -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" -msgstr "" -"Попередження: параметр --hash у простому режимі із вказаним файлом ключа " -"ігнорується.\n" +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "На пристрої %s вказано UUID VERITY у помилковому форматі." -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" -msgstr "" -"Попередження: параметр --keyfile-size проігноровано, розмір прочитаних даних " -"збігається із розміром ключа шифрування.\n" +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Помилка під час оновлення заголовка verity на пристрої %s." -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Слід вказати параметр --key-file.\n" +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "Підтримки перевірки підпису кореневого хешу не передбачено." -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Для цього пароля не виявлено заголовка пристрою.\n" +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Помилки не може бути виправлено за допомогою пристрою FEC." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." -msgstr "" -"Дамп заголовка з ключем тому є конфіденційними даними,\n" -"за допомогою яких можна отримати доступ до шифрованого розділу\n" -"без пароля. Цей дамп слід зберігати у зашифрованому форматі\n" -"у безпечному місці." +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "За допомогою пристрою FEC виявлено %u придатних до виправлення помилок." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Результат тестування є ненадійним.\n" +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "У ядрі не передбачено підтримки прив'язки dm-verity." -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "" -"# Наближені значення під час перевірки визначаються лише за допомогою " -"оперативної пам’яті (без запису на диск).\n" +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "У ядрі не передбачено підтримки параметра підпису dm-verity." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "№ Алгоритм | Ключ | Шифрування | Розшифрування\n" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Виявлено пошкодження даних на пристрої перевірки після активації." -#: src/cryptsetup.c:587 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Шифрування %s є недоступним.\n" +msgid "Spare area is not zeroed at position %." +msgstr "Резервну область не занулено у позиції %." -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "н/д" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Переповнення відступу на пристрої." -#: src/cryptsetup.c:639 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Не вдалося прочитати файл ключа %s.\n" +msgid "Verification failed at position %." +msgstr "Помилка під час перевірки за позицією %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Некоректні параметри розміру для пристрою перевірки." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Переповнення області хешу." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Не вдалося перевірити область даних." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Не вдалося перевірити кореневий хеш." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Під час створення області хешу сталася помилка введення або виведення даних." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Не вдалося створити область хешу." -#: src/cryptsetup.c:643 +#: lib/verity/verity_hash.c:433 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Не вдалося прочитати %d байтів з файла ключа %s.\n" +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "Попередження: ядро не зможе задіяти пристрій, якщо розмір блоку перевищуватиме розмір сторінки (%u)." -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Спробувати відновити заголовок пристрою LUKS?" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Не вдалося розмістити контекст RS." -#: src/cryptsetup.c:697 +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Не вдалося розмістити у пам'яті буфер." + +#: lib/verity/verity_fec.c:156 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Дані на %s буде перезаписано без можливості відновлення." +msgid "Failed to read RS block % byte %d." +msgstr "Не вдалося прочитати блок RS %, байт %d." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "помилка під час отримання області пам’яті у action_luksFormat" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Не вдалося прочитати парність для блоку RS %." -#: src/cryptsetup.c:717 +#: lib/verity/verity_fec.c:177 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Не можна використовувати %s як заголовок на диску.\n" +msgid "Failed to repair parity for block %." +msgstr "Не вдалося відновити парність для блоку %." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" -"Зменшений відступ даних можна використовувати лише для від’єднаних " -"заголовків LUKS.\n" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Не вдалося прочитати парність для блоку RS %." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Розміри блоків для FEC мають бути однаковими." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Некоректна кількість байтів парності." + +#: lib/verity/verity_fec.c:265 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Слот ключа %d позначено для вилучення.\n" +msgid "Failed to determine size for device %s." +msgstr "Не вдалося визначити розмір для пристрою %s." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "У ядрі не передбачено підтримки прив'язки dm-integrity." + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "У ядрі не передбачено підтримки вирівнювання фіксованих метаданих dm-integrity." -#: src/cryptsetup.c:884 +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Ключ %d не є активним. Його не можна витерти.\n" +msgid "Failed to acquire write lock on device %s." +msgstr "Не вдалося отримати блокування запису на пристрої %s." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Виявлено спробу конкурентного оновлення метаданих LUKS2. Перериваємо виконання дії." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." msgstr "" -"Це останній слот ключа. Пристрій стане непридатним для використання після " -"спорожнення цього ключа." - -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Введіть будь-який інший пароль: " +"Пристрій містить неоднозначні підписи. Автоматичне відновлення LUKS2 неможливе.\n" +"Будь ласка, запустіть «cryptsetup repair» для відновлення." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Введіть пароль, який слід вилучити: " +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Вказаний відступ у даних є надто малим." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Введіть будь-який пароль: " +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "Увага: область слоту ключів є надто малою (% байтів), доступна кількість слотів ключів LUKS2 буде дуже обмеженою.\n" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Введіть пароль, який слід змінити: " +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Не вдалося отримати блокування читання на пристрої %s." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Введіть новий пароль: " +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "У резервній копії %s виявлено заборонені вимоги щодо LUKS2." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "" -"У команді isLuks можна використовувати лише один аргумент назви пристрою.\n" +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Зсуви даних на пристрої і на резервній копії різняться, не вдалося відновити." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Слід вказати параметр --header-backup-file.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Двійкові заголовки із розмірами областей слотів ключів на пристрої і у резервній копії різняться, не вдалося відновити копію." -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:1221 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Нерозпізнаний тип пристрою метаданих, %s.\n" +msgid "Device %s %s%s%s%s" +msgstr "Пристрій %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "не містить заголовка LUKS2. Заміна заголовка може зруйнувати дані, що зберігаються на пристрої." -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "вже містить заголовок LUKS2. Заміна заголовка призведе до руйнування вже створених слотів ключів." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"Аргументами команди мають бути назва пристрою та призначена до нього назва.\n" +"\n" +"ПОПЕРЕДЖЕННЯ: виявлено невідомі вимоги LUKS2 у справжньому заголовку пристрою!\n" +"Заміна заголовка резервною копією може пошкодити дані на пристрої!" -#: src/cryptsetup.c:1326 -#, c-format +#: lib/luks2/luks2_json_metadata.c:1227 msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." msgstr "" -"У результаті виконання цієї операції буде витерто усі слоти ключів на " -"пристрої %s.\n" -"Після виконання цієї дії пристроєм не можна буде скористатися." +"\n" +"ПОПЕРЕДЖЕННЯ: на пристрої виявлено дані незавершеного повторного шифрування!\n" +"Заміна заголовка заголовком із резервної копії може пошкодити дані." -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr "<пристрій> [--type <тип>] [<назва>]" +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Проігноровано невідомий прапорець %s." -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "відкрити пристрій як призначення <назва>" +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Не вистачає ключа для сегмента dm-crypt %u" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "<назва>" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Не вдалося встановити сегмент dm-crypt." -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "закрити пристрій (вилучити призначення)" +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Не вдалося встановити сегмент dm-linear." -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "змінити розмір активного пристрою" +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Непідтримувані налаштування цілісності даних на пристрої." -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "показати стан пристрою" +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Виконуємо повторне шифрування. Не можна деактивувати пристрій." -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "перевірити швидкодію шифрування" +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Не вдалося замінити пристрій %s, роботу якого призупинено, ціллю dm-error." -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "<пристрій>" +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Не вдалося прочитати вимоги LUKS2." -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Виявлено невідповідність вимог LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Дія є несумісною із пристроєм, який позначено для перешифрування застарілого варіанта. Перериваємо дію." + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Дія є несумісною із пристроєм, який позначено для перешифрування LUKS2. Перериваємо дію." + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Недостатньо пам'яті для відкриття слоту ключів." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Не вдалося відкрити слот ключів." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Не можна використовувати шифрування %s-%s для слотів ключів." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Немає простору для нового слоту ключа." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Не вдалося перевірити стан пристрою з uuid %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Не вдалося перетворити заголовок з додатковими метаданими LUKSMETA." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Не вдалося пересунути область слотів ключів. Недостатньо місця." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Не вдалося пересунути область слотів ключів. Область слотів ключів LUKS2 є надто малою." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Не вдалося пересунути область слотів ключів." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Не вдалося перетворити на формат LUKS1 — типовий розмір сектору шифрування сегмента не дорівнює 512 байтам." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Не вдалося перетворити до формату LUKS1 — контрольні суми слотів ключів не сумісні з LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Не вдалося перетворити до формату LUKS1 — на пристрої використовується загорнуте шифрування ключів %s." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Не вдалося перетворити до формату LUKS1 - заголовок LUKS2 містить %u ключів." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Не вдалося перетворити до формату LUKS1 - слот ключа %u перебуває у некоректному стані." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Не вдалося перетворити до формату LUKS1 — слот %u (перевищує максимальну кількість слотів) усе ще є активним." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "не вдалося перетворити до формату LUKS1 — слот ключів %u є несумісним з LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Розмір «гарячої» ділянки має бути кратним до обчисленого вирівнювання ділянки (%zu байтів)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Розмір пристрою має бути кратним до обчисленого вирівнювання ділянки (%zu байтів)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Непідтримуваний режим стійкості %s" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Не вдалося ініціалізувати обгортку старого сховища сегментів." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Не вдалося ініціалізувати обгортку нового сховища сегментів." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Не вдалося прочитати контрольні суми для поточної «гарячої» ділянки." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Не вдалося прочитати «гарячу» ділянку, починаючи з %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Не вдалося розшифрувати сектор %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Не вдалося відновити сектор %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Розміри пристроїв джерела та призначення не збігаються. Розмір джерела — %, розмір призначення — %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Не вдалося задіяти пристрій «гарячої» ділянки %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Не вдалося задіяти пристрій-накладку %s зі справжньою таблицею походження." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Не вдалося завантажити нову прив'язку для пристрою %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Не вдалося освіжити тек пристрої для повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Не вдалося встановити розмір області нових слотів ключів." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Зміщення даних не вирівняно до запитаного розміру сектора для шифрування (% байтів)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Пристрій зберігання даних не вирівняно до запитаного розміру сектора для шифрування (% байтів)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Зміщення даних (% секторів) є меншим за майбутній зсув даних (% секторів)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Не вдалося відкрити %s в ексклюзивному режимі (вже пов'язано або змонтовано)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Пристрій не позначено для повторного шифрування LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Не вдалося завантажити контекст повторного шифрування LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Не вдалося отримати стан повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Пристрій не перебуває у повторному шифруванні." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Процес повторного шифрування вже виконується." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Не вдалося створити блокування для повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Продовження повторного шифрування неможливе. Спочатку слід виконати відновлення повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "Не збігаються розмір активного пристрою і запитаний розмір повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "У параметрах повторного шифрування вказано некоректний розмір пристрою." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Виконується повторне шифрування. Неможливо виконати відновлення." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "Повторне шифрування LUKS2 вже ініційовано у метаданих." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Не вдалося ініціалізувати повторне шифрування LUKS2 лише у метаданих." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Не вдалося встановити сегменти пристрою для наступної «гарячої» ділянки повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Не вдалося записати метадані стійкості для повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Помилка розшифрування." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Не вдалося записати «гарячу» ділянку, починаючи з %." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Не вдалося синхронізувати дані." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Не вдалося оновити метадані після завершення обробки поточної «гарячої» зони повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Не вдалося записати метадані LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Не вдалося витерти дані резервного сегмента." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Не вдалося вимкнути прапорець вимоги повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Критична помилка під час повторного шифрування фрагмента, починаючи з %, довжиною у % секторів." + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Не відновлюйте пристрій, якщо не заміните вручну пристрій призначення для помилок." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Не вдалося виконати повторне шифрування. Неочікуваний стан засобу повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Не вказано контекст повторного шифрування або вказано некоректний контекст." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Не вдалося ініціалізувати стос пристроїв повторного шифрування." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Не вдалося оновити контекст повторного шифрування." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Немає вільного слоту ключів." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Не вдалося створити вбудований ключ %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Перевірку паролів не можна виконувати на основі вхідних даних, які надходять не з tty." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Параметри шифрування слоту ключів можна встановлювати лише для пристроїв LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Не виявлено жодного відомого зразка специфікації шифрування." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "Попередження: параметр --hash у простому режимі із вказаним файлом ключа ігнорується.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "Попередження: параметр --keyfile-size проігноровано, розмір прочитаних даних збігається із розміром ключа шифрування.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "На %s виявлено підписи пристроїв. Подальша обробка може пошкодити наявні дані." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Дію перервано.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Слід вказати параметр --key-file." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Введіть PIM VeraCrypt: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Некоректне значення PIM: помилка обробки." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Некоректне значення PIM: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Некоректне значення PIM: поза межами діапазону." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Для цього пароля не виявлено заголовка пристрою." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Пристрій %s не є коректним пристроєм BITLK." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Дамп заголовка з ключем тому є конфіденційними даними,\n" +"за допомогою яких можна отримати доступ до шифрованого розділу\n" +"без пароля. Цей дамп слід зберігати у зашифрованому форматі\n" +"у безпечному місці." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Пристрій %s усе ще є активним, його заплановано для відкладеного вилучення.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Зміна розмірів активного пристрою потребує наявності ключа тому у сховищі ключів, але вказано параметр --disable-keyring." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Тестування перервано." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s н/д\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u ітерацій за секунду для %zu-бітового ключа\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s н/д\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u ітерацій, пам'ять: %5u, %1u паралельних потоків (процесорів) для %zu-бітового ключа (запит на %u мс часу)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Результат тестування є ненадійним." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Наближені значення під час перевірки визначаються лише за допомогою оперативної пам’яті (без запису на диск).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "№%*s Алгоритм | Ключ | Шифрування | Розшифрування\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Шифрування %s (розмір ключа — %i бітів) є недоступним." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "№ Алгоритм | Ключ | Шифрування | Розшифрування\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "н/д" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Здається, пристрій не потребує відновлення повторного шифрування.\n" +"Хочете виконати цю дію попри це?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Ви справді хочете продовжити процедуру відновлення повторного шифрування LUKS2?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Вкажіть пароль для відновлення повторного шифрування: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Спробувати відновити заголовок пристрою LUKS?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Витираємо пристрій для ініціалізації контрольних сум для цілісності.\n" +"Ви можете перервати цей процес натисканням комбінації клавіш CTRL+C (решта невитертого пристрою міститиме некоректну контрольну суму).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Не можна скасувати активацію тимчасового пристрою %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Параметр цілісності може бути використано лише для формату LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Непідтримувані параметри розміру метаданих LUKS2." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Не вдалося створити файл заголовка %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Не виявлено жодного відомого зразка специфікації цілісності." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Не можна використовувати %s як заголовок на диску." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Дані на %s буде перезаписано без можливості відновлення." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Не вдалося встановити параметри pbkdf." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Зменшений відступ даних можна використовувати лише для від’єднаних заголовків LUKS." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Неможливо визначити розмір ключа тому для LUKS без слотів ключів. Будь ласка, скористайтеся параметром --key-size." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Пристрій задіяно, але не вдалося зробити прапорці сталими." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Слот ключа %d позначено для вилучення." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Це останній слот ключа. Пристрій стане непридатним для використання після спорожнення цього ключа." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Введіть будь-який інший пароль: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Дію перервано, слот ключів НЕ витерто.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Введіть пароль, який слід вилучити: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Введіть новий пароль для слота ключа: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Введіть будь-який пароль: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Введіть пароль, який слід змінити: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Введіть новий пароль: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Вкажіть пароль для слоту ключа, який буде перетворено: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "У команді isLuks можна використовувати лише один аргумент назви пристрою." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Дамп заголовка з ключем тому є конфіденційними даними,\n" +"за допомогою яких можна отримати доступ до шифрованого розділу\n" +"без пароля. Цей дамп слід зберігати у зашифрованому форматі\n" +"у безпечному місці." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Слот ключа %d не містить непов'язаного ключа." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Дамп заголовка з непов'язаним ключем є конфіденційними даними.\n" +"Цей дамп слід зберігати у зашифрованому форматі у безпечному місці." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Слід вказати параметр --header-backup-file." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s не є керованим cryptsetup пристроєм." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Підтримки дії з оновлення для пристрою типу %s не передбачено." + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Нерозпізнаний тип пристрою метаданих, %s." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Аргументами команди мають бути назва пристрою та призначена до нього назва." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"У результаті виконання цієї операції буде витерто усі слоти ключів на пристрої %s.\n" +"Після виконання цієї дії пристроєм не можна буде скористатися." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Дію перервано, слоти ключів НЕ витерто.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Некоректний тип LUKS. Передбачено підтримку лише luks1 і luks2." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Пристрій вже належить до типу %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Ця дія перетворить %s до формату %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Дію перервано, дані пристрою НЕ перетворено.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Пропущено параметр --priority, --label або --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Ключ %d є некоректним." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Ключ %d використовується." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Не вдалося додати ключ %d зі сховища ключів luks2." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Не вдалося прив'язати ключ %d до слоту ключа %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Ключ %d не використовується." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Не вдалося імпортувати ключ з файла." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Не вдалося отримати ключ %d для експортування." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Параметр --key-description є обов'язковим для дій із додавання ключів." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Для виконання дії потрібен специфічний ключ. Скористайтеся параметром --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Некоректна дія з ключем %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Автоматично виявлено активний пристрій dm «%s» для пристрою даних %s.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Пристрій %s не є блоковим пристроєм.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Не вдалося автоматично визначити утримувачів пристрою %s." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Не вдалося визначити, чи задіяно пристрій %s.\n" +"Ви справді хочете продовжити повторне шифрування у режимі з від'єднанням?\n" +"Таке шифрування може призвести до пошкодження даних, якщо пристрій задіяно.\n" +"Щоб запустити повторне шифрування у режимі без від'єднання, скористайтеся параметром --active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Некоректний тип пристрою LUKS." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Шифрування без від'єднаного заголовка (--header) є неможливим без зменшення розміру пристрою зберігання даних (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Вказаний зсув даних має бути меншим або рівним половині значення параметра --reduce-device-size." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Коригуємо значення --reduce-device-size до подвійного значення --offset % (у секторах).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Підтримку шифрування передбачено лише для формату LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "Виявлено пристрій LUKS на %s. Хочете зашифрувати цей пристрій LUKS знову?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Файл тимчасового заголовка %s вже існує. Перериваємо обробку." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Не вдалося створити файл тимчасового заголовка %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s задіяно, система готова до інтерактивного шифрування.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Недостатньо вільних слотів ключів для повторного шифрування." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Файлом ключа можна користуватися лише з --key-slot, або якщо активним є лише один слот ключа." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Вкажіть пароль для слоту ключа %d: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Вкажіть пароль для слоту ключа %u: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Комарні слід передати аргумент пристрою." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "У поточній версії передбачено підтримку лише формату LUKS2. Для роботи з LUKS1, будь ласка, скористайтеся програмою cryptsetup-reencrypt." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Вже виконується повторне шифрування з від'єднанням у застарілому режимі. Скористайтеся програмою cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Підтримки повторного шифрування пристрою із профілем цілісності не передбачено." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "Вже ініційовано повторне шифрування LUKS2. Перериваємо виконання дії." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "Пристрій LUKS2 не перебуває у стані повторного шифрування." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr "<пристрій> [--type <тип>] [<назва>]" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "відкрити пристрій як <назва>" + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "<назва>" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "закрити пристрій (вилучити призначення)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "змінити розмір активного пристрою" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "показати стан пристрою" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher <шифр>]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "перевірити швидкодію шифрування" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "<пристрій>" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" msgstr "спробувати виправити метадані на диску" -#: src/cryptsetup.c:1366 +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "повторно зашифрувати пристрій LUKS2" + +#: src/cryptsetup.c:3353 msgid "erase all keyslots (remove encryption key)" msgstr "витерти усі слоти ключів (вилучити ключ шифрування)" -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "перетворити LUKS із формату LUKS2 або навпаки" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "встановити сталі параметри налаштування для LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 msgid " []" msgstr "<пристрій> [<новий файл ключа>]" -#: src/cryptsetup.c:1367 +#: src/cryptsetup.c:3356 msgid "formats a LUKS device" msgstr "форматує пристрій LUKS" -#: src/cryptsetup.c:1368 +#: src/cryptsetup.c:3357 msgid "add key to LUKS device" msgstr "додати ключ до пристрою LUKS" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 msgid " []" msgstr "<пристрій> [<файл ключа>]" -#: src/cryptsetup.c:1369 +#: src/cryptsetup.c:3358 msgid "removes supplied key or key file from LUKS device" msgstr "вилучає наданий ключ або файл ключа з пристрою LUKS" -#: src/cryptsetup.c:1370 +#: src/cryptsetup.c:3359 msgid "changes supplied key or key file of LUKS device" msgstr "змінює наданий ключ або файл ключа пристрою LUKS" -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "перетворює ключ до нових параметрів pbkdf" + +#: src/cryptsetup.c:3361 msgid " " msgstr "<пристрій> <слот ключа>" -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3361 msgid "wipes key with number from LUKS device" msgstr "вилучає ключ з номером <слот ключа> з пристрою LUKS" -#: src/cryptsetup.c:1372 +#: src/cryptsetup.c:3362 msgid "print UUID of LUKS device" msgstr "вивести UUID пристрою LUKS" -#: src/cryptsetup.c:1373 +#: src/cryptsetup.c:3363 msgid "tests for LUKS partition header" -msgstr "" -"виконати спробу виявлення заголовка розділу LUKS на пристрої <пристрій>" +msgstr "виконати спробу виявлення заголовка розділу LUKS на пристрої <пристрій>" -#: src/cryptsetup.c:1374 +#: src/cryptsetup.c:3364 msgid "dump LUKS partition information" msgstr "створити дамп даних щодо розділу LUKS" -#: src/cryptsetup.c:1375 +#: src/cryptsetup.c:3365 msgid "dump TCRYPT device information" msgstr "створити дамп даних пристрою TCRYPT" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"Приспати пристрій LUKS і витерти ключ (роботу всіх каналів введення-" -"виведення буде заморожено)." +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "створити дамп даних пристрою BITLK" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Приспати пристрій LUKS і витерти ключ (роботу всіх каналів введення-виведення буде заморожено)" -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Відновити роботу приспаного пристрою LUKS." +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Відновити роботу приспаного пристрою LUKS" -#: src/cryptsetup.c:1378 +#: src/cryptsetup.c:3369 msgid "Backup LUKS device header and keyslots" msgstr "Створити резервну копію заголовка пристрою LUKS і слотів ключів" -#: src/cryptsetup.c:1379 +#: src/cryptsetup.c:3370 msgid "Restore LUKS device header and keyslots" msgstr "Відновити заголовок пристрою LUKS і слоти ключів" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/cryptsetup.c:3371 +msgid " " +msgstr " <пристрій>" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Керування ключами LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 msgid "" "\n" " is one of:\n" @@ -1125,20 +2326,20 @@ msgstr "" "\n" "<дія> є однією з таких:\n" -#: src/cryptsetup.c:1402 +#: src/cryptsetup.c:3395 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" msgstr "" "\n" "Ви також можете скористатися застарілими альтернативними\n" "синтаксичними конструкціями для запису <дія>:\n" -"\tвідкрити: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tзакрити: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\tвідкрити: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tзакрити: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:3399 #, c-format msgid "" "\n" @@ -1151,412 +2352,747 @@ msgstr "" "<назва> — пристрій для створення у %s\n" "<пристрій> — зашифрований пристрій\n" "<слот ключа> — номер слота ключа LUKS, який слід змінити\n" -"<файл ключа> — необов’язковий файл ключа для нового ключа для дії " -"luksAddKey\n" +"<файл ключа> — необов’язковий файл ключа для нового ключа для дії luksAddKey\n" -#: src/cryptsetup.c:1413 +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Типовий укомпільований формат метаданих — %s (для дії luksFormat).\n" + +#: src/cryptsetup.c:3411 #, c-format msgid "" "\n" "Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" "\n" "Типові вбудовані параметри ключа і пароля:\n" -"\tМаксимальний розмір файла ключа: %d кБ, максимальна довжина інтерактивного " -"пароля: %d (символів)\n" -"Типовий час ітерації PBKDF2 для LUKS: %d мс\n" +"\tМаксимальний розмір файла ключа: %d кБ, максимальна довжина інтерактивного пароля: %d (символів)\n" +"Типовий час ітерації PBKDF для LUKS1: %s, час ітерації: %d мс\n" +"Типовий PBKDF для LUKS2: %s\n" +"\tЧас ітерації: %d, потрібний обсяг пам'яті: %d кБ, паралельних потоків: %d\n" -#: src/cryptsetup.c:1420 +#: src/cryptsetup.c:3422 #, c-format msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" "Типові вбудовані параметри шифрування на пристрої:\n" "\tloop-AES: %s, %d-бітовий ключ\n" "\tзвичайне: %s, ключ: %d-бітовий, хешування пароля: %s\n" -"\tLUKS1: %s, ключ: %d-бітовий, хешування заголовка LUKS: %s, RNG: %s\n" +"\tLUKS: %s, ключ: %d-бітовий, хешування заголовка LUKS: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: типовий розмір ключа у режимі XTS (два вбудованих ключа) буде подвоєно.\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: слід вказати у параметрах %s" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 msgid "Show this help message" msgstr "Показати цю довідку" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 msgid "Display brief usage" msgstr "Показати короткі настанови щодо користування" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Пункти довідки:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 msgid "Print package version" msgstr "Вивести дані щодо версії пакунка" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Пункти довідки:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 msgid "Shows more detailed error messages" msgstr "Показувати докладні повідомлення про помилки" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 msgid "Show debug messages" -msgstr "Показувати повідомлення зневадження" +msgstr "Показувати діагностичні повідомлення" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Показувати діагностичні повідомлення, зокрема метадані JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 msgid "The cipher used to encrypt the disk (see /proc/crypto)" msgstr "Шифр, який використано для шифрування даних диска (див. /proc/crypto)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 msgid "The hash used to create the encryption key from the passphrase" msgstr "Хеш, використаний для створення ключа шифрування на основі пароля" -#: src/cryptsetup.c:1481 +#: src/cryptsetup.c:3492 msgid "Verifies the passphrase by asking for it twice" msgstr "Перевіряє пароль повторним запитом щодо нього" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." -msgstr "Прочитати ключ з файла." +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Прочитати ключ з файла" -#: src/cryptsetup.c:1483 +#: src/cryptsetup.c:3494 msgid "Read the volume (master) key from file." msgstr "Прочитати ключ тому (основний ключ) з файла." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "" -"Створити дамп ключа тому (основного ключа) замість показу даних щодо слотів " -"ключів." +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Створити дамп ключа тому (основного ключа) замість показу даних щодо слотів ключів" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 msgid "The size of the encryption key" msgstr "Розмір ключа шифрування" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 msgid "BITS" msgstr "БІТИ" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 msgid "Limits the read from keyfile" msgstr "Обмежує читання з файла ключа" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 msgid "bytes" msgstr "байти" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 msgid "Number of bytes to skip in keyfile" msgstr "Кількість байтів, які слід пропустити у файлі ключа" -#: src/cryptsetup.c:1488 +#: src/cryptsetup.c:3499 msgid "Limits the read from newly added keyfile" msgstr "Обмежує читання з щойно доданого файла ключа" -#: src/cryptsetup.c:1489 +#: src/cryptsetup.c:3500 msgid "Number of bytes to skip in newly added keyfile" msgstr "Кількість байтів, які слід пропустити у щойно доданому файлі ключа" -#: src/cryptsetup.c:1490 +#: src/cryptsetup.c:3501 msgid "Slot number for new key (default is first free)" msgstr "Номер слоту для нового ключа (типовим слотом є перший вільний слот)" -#: src/cryptsetup.c:1491 +#: src/cryptsetup.c:3502 msgid "The size of the device" msgstr "Розмір пристрою" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 msgid "SECTORS" msgstr "СЕКТОРИ" -#: src/cryptsetup.c:1492 +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Використовувати лише вказаний розмір пристрою (ігнорувати решту об’єму). НЕБЕЗПЕЧНО!" + +#: src/cryptsetup.c:3504 msgid "The start offset in the backend device" msgstr "Початковий відступ на допоміжному пристрої" -#: src/cryptsetup.c:1493 +#: src/cryptsetup.c:3505 msgid "How many sectors of the encrypted data to skip at the beginning" msgstr "Кількість секторів зашифрованих даних, які слід пропустити на початку" -#: src/cryptsetup.c:1494 -msgid "Create a readonly mapping" -msgstr "Створити призначення у режимі лише читання" +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Створити призначення у режимі лише читання" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Не питати про підтвердження" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Час очікування у інтерактивному запиті щодо пароля (у секундах)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "секунди" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Оновлення лінії поступу (у секундах)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Частота повторень спроб отримання вхідних даних пароля" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Вирівняти дані за областями у секторів, для luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Файл з заголовком LUKS та резервною копію слотів ключів" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Використовувати для створення ключа тому /dev/random" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Використовувати для створення ключа тому /dev/urandom" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Використовувати пристрій спільно з іншим сегментом шифрування, без перекриття" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID пристрою, який слід використати" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Дозволити запити відкидання (або TRIM) до пристрою" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Пристрій або файл з окремим заголовком LUKS" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Не задіювати пристрій, просто перевірити пароль" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Використовувати прихований заголовок (прихований пристрій TCRYPT)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Пристрій є системним диском TCRYPT (диском з завантажувачем)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Використовувати резервний (вторинний) заголовок TCRYPT" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Виконати також пошук сумісних із VeraCrypt пристроїв" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Особистий множник ітерації (Personal Iteration Multiplier або PIM) для сумісного з VeraCrypt пристрою" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Особистий множник ітерації (Personal Iteration Multiplier або PIM) запису для сумісного з VeraCrypt пристрою" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Типи метаданих пристрою: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Вимкнути перевірку якості пароля (якщо її увімкнено)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Скористатися параметром сумісності швидкодії dm-crypt same_cpu_crypt" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Скористатися параметром сумісності швидкодії dm-crypt submit_from_crypt_cpus" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Вилучення пристрою відкладено до часу, коли останній користувач закриє його" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Скористатися загальним блокуванням для перетворення у послідовну форму «жорсткого» PBKDF у пам'яті (обхід OOM)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Тривалість ітерації PBKDF для LUKS (у мс)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "мс" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Алгоритм PBKDF (для LUKS2) (argon2i/argon2id/pbkdf2)" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Обмеження вартості пам'яті PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "кілобайти" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Вартість розпаралелювання PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "threads" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Вартість ітерацій PBKDF (примусово, вимикає тестування)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Пріоритетність слотів ключів: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Вимкнути блокування метаданих на диску" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Вимкнути завантаження ключів тому за допомогою сховища ключів ядра" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Алгоритм перевірки цілісності даних (лише LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Вимкнути журнал для пристрою забезпечення цілісності" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Не витирати пристрій після форматування" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Скористатися неефективним застарілим відступом (застарілі ядра)" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "Тривалість ітерації PBKDF2 для LUKS (у мс)" +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Не просити ввести пароль, якщо не вдасться скористатися активацією за ключем" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "мс" +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Номер ключа (типове значення: будь-який)" -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 -msgid "Do not ask for confirmation" -msgstr "Не питати про підтвердження" +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Опис ключа" -#: src/cryptsetup.c:1497 -msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "Час очікування у інтерактивному запиті щодо пароля (у секундах)" +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Розмір сектора шифрування (типове значення: 512 байтів)" -#: src/cryptsetup.c:1497 -msgid "secs" -msgstr "секунди" +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Використовувати обчислення за IV у розмірі сектора (не за блоками у 512 байтів)" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Частота повторень спроб отримання вхідних даних пароля" +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Встановити сталі прапорці активації для пристрою" -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" -msgstr "Вирівняти дані за областями у секторів, для luksFormat" +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Встановити мітку для пристрою LUKS2" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Файл з заголовком LUKS та резервною копію слотів ключів." +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Встановити мітку підтому для пристрою LUKS2" -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "Використовувати для створення ключа тому /dev/random." +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Створити непов'язаний (без пов'язаного сегмента даних) слот ключів LUKS2 або його дамп" -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Використовувати для створення ключа тому /dev/urandom." +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Прочитати json з файла або записати json до файла" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "" -"Використовувати пристрій спільно з іншим сегментом шифрування, без " -"перекриття." +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Розмір області метаданих у заголовку LUKS2" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Розмір області слотів ключів у заголовку LUKS2" -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID пристрою, який слід використати." +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Оновити (повторно активувати) пристрій згідно з новими параметрами" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Дозволити запити відкидання (або TRIM) до пристрою." +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Слот ключів LUKS2: розмір ключа шифрування" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Пристрій або файл з окремим заголовком LUKS." +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Слот ключа LUKS2: шифрування, яке використано для слоту ключів" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Не задіювати пристрій, просто перевірити пароль." +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Зашифрувати пристрій LUKS2 (шифрування на місці)." -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Використовувати прихований заголовок (прихований пристрій TCRYPT)." +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Розшифрувати пристрій LUKS2 (усунути шифрування)." -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Пристрій є системним диском TCRYPT (диском з завантажувачем)." +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Ініціалізувати повторне шифрування LUKS2 лише у метаданих." -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Використовувати резервний (вторинний) заголовок TCRYPT." +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Відновлювати лише ініціалізоване повторне шифрування LUKS2." -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Виконати також пошук сумісних із VeraCrypt пристроїв." +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Зменшити розмір пристрою зберігання даних (змістити відступ даних). НЕБЕЗПЕЧНО!" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Типи метаданих пристрою: luks, plain, loopaes, tcrypt." +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Максимальний розмір «гарячої» ділянки повторного шифрування." -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Вимкнути перевірку якості пароля (якщо її увімкнено)." +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Тип стійкості «гарячої» ділянки повторного шифрування (checksum (контрольна сума), journal (журнал), none (немає))" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "Скористатися параметром сумісності швидкодії dm-crypt same_cpu_crypt." +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Хеш контрольних сум «гарячої» ділянки повторного шифрування" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "" -"Скористатися параметром сумісності швидкодії dm-crypt submit_from_crypt_cpus." +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Перевизначити автоматично визначені параметри пристрою dm, який буде повторно зашифровано" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 msgid "[OPTION...] " msgstr "[ПАРАМЕТР...] <дія> <параметри_дії>" -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Працюємо у режимі FIPS.\n" - -#: src/cryptsetup.c:1581 src/veritysetup.c:439 +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 msgid "Argument missing." msgstr "Не вказано аргумент <дія>." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 msgid "Unknown action." msgstr "Невідома дія." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "" -"Параметр --shared можна використовувати лише для відкриття незашифрованого " -"пристрою.\n" +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Не можна поєднувати параметри --refresh і --test-passphrase." -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "Параметр --shared можна використовувати лише для дії з відкриття.\n" +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "Параметр --deferred можна використовувати лише для команди закриття (close)." -#: src/cryptsetup.c:1657 -msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." -msgstr "" -"Параметр --key-size можна використовувати лише для дій luksFormat, open і " -"benchmark.\n" -"Щоб обмежити читання з файла ключа, скористайтеся параметром --keyfile-" -"size=(об’єм у байтах)." +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Параметр --shared можна використовувати лише для відкриття незашифрованого пристрою." -#: src/cryptsetup.c:1664 +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Параметр --shared можна використовувати лише для дії з відкриття." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "Параметр --persistent можна використовувати лише для дії з відкриття." + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Параметр --serialize-memory-hard-pbkdf можна використовувати лише для дії з відкриття." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Параметр --persistent не можна використовувати разом із --test-passphrase." + +#: src/cryptsetup.c:3753 msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." msgstr "" -"Параметр --test-passphrase можна використовувати лише для відкриття " -"пристроїв LUKS та TCRYPT.\n" +"Параметр --key-size можна використовувати лише для luksFormat, luksAddKey,\n" +"дій open і benchmark. Щоб обмежити читання з файла ключа, скористайтеся параметром --keyfile-size=(об’єм у байтах)." + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Параметр --integrity можна використовувати лише для luksFormat (LUKS2)." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Параметром --integrity-no-wipe можна користуватися лише для дії з форматування із розширенням забезпечення цілісності." + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Параметри --label і --subsystem можна використовувати лише для дій luksFormat та config для LUKS2." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Параметр --test-passphrase можна використовувати лише для відкриття пристроїв LUKS, TCRYPT та BITLK." -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 msgid "Key size must be a multiple of 8 bits" msgstr "Розмір ключа має бути кратним 8 бітам" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 msgid "Key slot is invalid." msgstr "Некоректний слот ключа." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"Параметр --key-file має пріоритет над вказаним параметром файла ключа.\n" +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Параметр --key-file має пріоритет над вказаним параметром файла ключа." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 msgid "Negative number for option not permitted." msgstr "Не можна використовувати від’ємні значення для параметра." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Можна використовувати лише один аргумент --key-file." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 msgid "Only one of --use-[u]random options is allowed." msgstr "Можна використовувати лише один з параметрів --use-[u]random." -#: src/cryptsetup.c:1699 +#: src/cryptsetup.c:3813 msgid "Option --use-[u]random is allowed only for luksFormat." -msgstr "" -"Параметр --use-[u]random можна використовувати лише для дії luksFormat." +msgstr "Параметр --use-[u]random можна використовувати лише для дії luksFormat." -#: src/cryptsetup.c:1703 +#: src/cryptsetup.c:3817 msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgstr "" -"Параметр --uuid можна використовувати лише для дій luksFormat і luksUUID." +msgstr "Параметр --uuid можна використовувати лише для дій luksFormat і luksUUID." -#: src/cryptsetup.c:1707 +#: src/cryptsetup.c:3821 msgid "Option --align-payload is allowed only for luksFormat." -msgstr "" -"Параметр --align-payload можна використовувати лише для дії luksFormat." +msgstr "Параметр --align-payload можна використовувати лише для дії luksFormat." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Підтримку параметра --skip передбачено лише для відкриття незашифрованих " -"пристроїв та пристроїв loopaes.\n" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Параметрами --luks2-metadata-size і --opt-luks2-keyslots-size можна користуватися лише для luksFormat з LUKS2." -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Підтримку параметра --offset передбачено лише для відкриття незашифрованих " -"пристроїв та пристроїв loopaes.\n" +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Некоректна специфікація розміру метаданих LUKS2." -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" -msgstr "" -"Підтримку параметрів --tcrypt-hidden, --tcrypt-system і --tcrypt-backup " -"передбачено лише для пристроїв TCRYPT.\n" +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Некоректна специфікація розміру слоту ключів LUKS2." -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "Параметр --tcrypt-hidden не можна поєднувати з --allow-discards.\n" +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Не можна одночасно використовувати параметри --align-payload і --offset." -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "" -"Підтримку параметра --veracrypt передбачено лише для пристроїв TCRYPT.\n" +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Підтримку параметра --skip передбачено лише для відкриття незашифрованих пристроїв та пристроїв loopaes." + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Підтримку параметра --offset передбачено лише для відкриття незашифрованих пристроїв та пристроїв loopaes, luksFormat та повторного шифрування." + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Підтримку параметрів --tcrypt-hidden, --tcrypt-system і --tcrypt-backup передбачено лише для пристроїв TCRYPT." + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Параметр --tcrypt-hidden не можна поєднувати з --allow-discards." + +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Підтримку параметра --veracrypt передбачено лише для пристроїв TCRYPT." + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Надано некоректний аргумент для параметра --veracrypt-pim." + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Параметр --veracrypt-pim можна використовувати лише для сумісних із VeraCrypt пристроїв." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Параметр --veracrypt-query-pim можна використовувати лише для сумісних із VeraCrypt пристроїв." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Не можна поєднувати параметри --veracrypt-pim і --veracrypt-query-pim." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Значенням для параметра --priority може бути лише один з таких рядків: ignore, normal або prefer." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Слід вказати специфікація слотів ключів." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Функцією отримання ключа на основі пароля (PBKDF) може бути лише pbkdf2 або argon2i/argon2id." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Примусові ітерації PBKDF не можна поєднувати із параметром тривалості ітерацій." + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "У цій команді не передбачено підтримки параметра розміру сектора." + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Підтримку можливості використання великих секторів IV передбачено лише для відкриття пристроїв простого типу з розміром сектора, який перевищує 512 байтів." + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "Разом із параметром --unbound слід вказувати розмір ключа." + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Параметр --unbound можна використовувати лише з діями luksAddKey і luksDump." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "Параметр --refresh можна використовувати лише під час дії з відкриття (open)." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "Не вдалося вимкнути блокування метаданих." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Некоректна специфікація розміру «гарячої» ділянки повторного шифрування." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Некоректна специфікація розміру пристрою." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Максимальний розмір зменшення розміру пристрою дорівнює 1 ГіБ." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Розмір зменшення має бути кратним до 512-байтового сектора." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "Некоректна специфікація розміру даних." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Переповнення розміру зменшення." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "Розшифрування LUKS2 потребує параметра --header." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Розмір пристрою має бути кратним до 512-байтового сектора." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Не можна одночасно використовувати параметри --reduce-device-size і --data-size." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Не можна одночасно використовувати параметри --device-size і --size." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Параметри --ignore-corruption і --restart-on-corruption не можна використовувати одночасно." + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Вказано некоректний рядок солі." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Не вдалося створити образ хешу %s для запису." -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "Вказано некоректний рядок солі.\n" +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Не вдалося створити образ FEC %s для запису." + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Вказано некоректний рядок кореневого хешу." -#: src/veritysetup.c:88 +#: src/veritysetup.c:187 #, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "Не вдалося створити образ хешу %s для запису.\n" +msgid "Invalid signature file %s." +msgstr "Некоректний файл підпису %s." -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "Вказано некоректний рядок кореневого хешу.\n" +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Не вдалося прочитати файл підпису %s." -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 msgid " " msgstr "<пристрій_даних> <пристрій_хешу>" -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 src/integritysetup.c:479 msgid "format device" msgstr "форматувати пристрій" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid " " msgstr "<пристрій_даних> <пристрій_хешу> <кореневий_хеш>" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid "verify device" msgstr "перевірити пристрій" -#: src/veritysetup.c:310 -msgid " " -msgstr "<назва> <пристрій_даних> <пристрій_хешу> <кореневий_хеш>" - -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "створити активний пристрій" +#: src/veritysetup.c:394 +msgid " " +msgstr "<пристрій_даних> <назва> <пристрій_хешу> <кореневий_хеш>" -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "вилучити пристрій (скасувати активацію)" - -#: src/veritysetup.c:312 +#: src/veritysetup.c:396 src/integritysetup.c:482 msgid "show active device status" msgstr "показати стан активного пристрою" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 msgid "" msgstr "<пристрій_хешу>" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 src/integritysetup.c:483 msgid "show on-disk information" msgstr "показати вбудовані дані" -#: src/veritysetup.c:332 +#: src/veritysetup.c:416 #, c-format msgid "" "\n" @@ -1571,432 +3107,770 @@ msgstr "" "<пристрій_хешу> — пристрій, на якому зберігаються дані для перевірки\n" "<кореневий_хеш> — хеш кореневого вузла на пристрої <пристрій_хешу>\n" -#: src/veritysetup.c:339 +#: src/veritysetup.c:423 #, c-format msgid "" "\n" "Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" msgstr "" "\n" "Типові вбудовані параметри dm-verity:\n" -"\tхеш: %s, блок даних (у байтах): %u, блок хешу (у байтах): %u, розмір солі: " -"%u, формат хешування: %u\n" +"\tхеш: %s, блок даних (у байтах): %u, блок хешу (у байтах): %u, розмір солі: %u, формат хешування: %u\n" -#: src/veritysetup.c:377 +#: src/veritysetup.c:466 msgid "Do not use verity superblock" msgstr "Не використовувати суперблок verity" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "Format type (1 - normal, 0 - original Chrome OS)" msgstr "Тип форматування (1 — звичайне, 0 — початкове Chrome OS)" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "number" msgstr "номер" -#: src/veritysetup.c:379 +#: src/veritysetup.c:468 msgid "Block size on the data device" msgstr "Розмір блоку на пристрої даних" -#: src/veritysetup.c:380 +#: src/veritysetup.c:469 msgid "Block size on the hash device" msgstr "Розмір блоку на пристрої хешу" -#: src/veritysetup.c:381 +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "Байти парності FEC" + +#: src/veritysetup.c:471 msgid "The number of blocks in the data file" msgstr "Кількість блоків у файлі даних" -#: src/veritysetup.c:381 +#: src/veritysetup.c:471 msgid "blocks" msgstr "блоки" -#: src/veritysetup.c:382 +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Шлях до пристрою із даними для виправлення помилок" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "шлях" + +#: src/veritysetup.c:473 msgid "Starting offset on the hash device" msgstr "Початковий відступ на пристрої хешу" -#: src/veritysetup.c:383 +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Початковий відступ на пристрої FEC" + +#: src/veritysetup.c:475 msgid "Hash algorithm" msgstr "Алгоритм хешування" -#: src/veritysetup.c:383 +#: src/veritysetup.c:475 msgid "string" msgstr "рядок" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "Salt" msgstr "Сіль" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "hex string" msgstr "шістнадцятковий рядок" -#: src/cryptsetup_reencrypt.c:147 +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Шлях до файла підпису кореневого хешу" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Перезапустити ядро, якщо виявлено пошкодження" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ігнорувати пошкодження, лише записати повідомлення до журналу" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Не перевіряти занулені блоки" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Перевіряти блок даних лише під час його першого читання" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Параметри --ignore-corruption, --restart-on-corruption та --ignore-zero-blocks можна використовувати лише для дії з відкриття (open)." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Параметром --root-hash-signature можна користуватися лише для дії з відкриття." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Параметри --ignore-corruption і --restart-on-corruption не можна використовувати одночасно." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Не вдалося прочитати файл ключа %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Не вдалося прочитати %d байтів з файла ключа %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Форматовано із розміром мітки %u, внутрішня цілісність %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "<пристрій_цілісності>" + +#: src/integritysetup.c:480 +msgid " " +msgstr "<пристрій_цілісності> <назва>" + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +"<назва> є пристроєм, який слід створити у %s\n" +"<пристрій_цілісності> є пристроєм, на якому зберігаються дані із мітками цілісності\n" + +#: src/integritysetup.c:507 #, c-format -msgid "Cannot exclusively open %s, device in use.\n" +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" msgstr "" -"Не можна відкрити %s у виключному режимі, пристрій вже використовується.\n" +"\n" +"Типові компільовані параметри dm-integrity:\n" +"\tАлгоритм обчислення контрольної суми: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Шлях до пристрою даних (якщо відокремлено)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Розмір журналу" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Перемежовування секторів" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "«Водяний знак» журналу" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "відсоток" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Час внесення до журналу" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "мс" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Кількість 512-байтових секторів на біт (режим бітової карти)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Час спорожнення режиму бітової карти" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Розмір мітки на сектор" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Розмір сектора" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Розмір буферів" -#: src/cryptsetup_reencrypt.c:151 +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Алгоритм забезпечення цілісності даних" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Розмір ключа цілісності даних" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Прочитати ключ цілісності з файла" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Алгоритм забезпечення цілісності журналу" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Розмір ключа цілісності журналу" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Прочитати ключ цілісності журналу з файла" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Алгоритм шифрування журналу" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Розмір ключа шифрування журналу" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Читати ключ шифрування журналу з файла" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Режим відновлення (без журналу, без перевірки міток)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Використовувати для стеження за змінами бітову карту і вимкнути журнал для пристрою забезпечення цілісності" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Обчислювати початкові мітки автоматично." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Параметр --integrity-recalculate можна використовувати лише під час дії з відкриття (open)." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Параметри --journal-size, --interleave-sectors, --sector-size, --tag-size та --no-wipe можна використовувати лише для дії з форматування." + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Некоректна специфікація розміру журналу." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Не можна одночасно вказувати параметри файла ключа і розміру ключа." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Якщо використано ключ цілісності, має бути вказано алгоритм забезпечення цілісності." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Не можна одночасно вказувати параметри файла ключа цілісності журналу і розміру ключа." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Якщо використано ключ цілісності журналу, має бути вказано алгоритм забезпечення цілісності журналу." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Не можна одночасно вказувати параметри файла ключа шифрування журналу і розміру ключа." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Якщо використано ключ шифрування журналу, має бути вказано алгоритм забезпечення шифрування журналу." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Не можна поєднувати параметри відновлення і бітової карти." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Параметри журналу у режимі бітової карти використовувати не можна." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Параметри бітової карти можна використовувати лише у режимі бітового карти." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Вже виконується повторне шифрування." + +#: src/cryptsetup_reencrypt.c:208 #, c-format -msgid "Cannot open device %s\n" -msgstr "Не вдалося відкрити пристрій %s\n" +msgid "Cannot exclusively open %s, device in use." +msgstr "Не можна відкрити %s у виключному режимі, пристрій вже використовується." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "Спроба розподілу вирівняних ділянок пам’яті зазнала невдачі.\n" +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Спроба розподілу вирівняних ділянок пам’яті зазнала невдачі." -#: src/cryptsetup_reencrypt.c:168 +#: src/cryptsetup_reencrypt.c:229 #, c-format -msgid "Cannot read device %s.\n" -msgstr "Не вдалося виконати читання з пристрою %s.\n" +msgid "Cannot read device %s." +msgstr "Не вдалося виконати читання з пристрою %s." -#: src/cryptsetup_reencrypt.c:179 +#: src/cryptsetup_reencrypt.c:240 #, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "Позначаємо пристрій LUKS %s як непридатний.\n" +msgid "Marking LUKS1 device %s unusable." +msgstr "Позначаємо пристрій LUKS1 %s як непридатний." -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "Позначаємо пристрій LUKS %s як придатний\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Встановлюємо прапорець повторного шифрування LUKS2 з від'єднанням на пристрій %s." -#: src/cryptsetup_reencrypt.c:200 +#: src/cryptsetup_reencrypt.c:261 #, c-format -msgid "Cannot write device %s.\n" -msgstr "Не вдалося виконати запис на пристрій %s.\n" +msgid "Cannot write device %s." +msgstr "Не вдалося виконати запис на пристрій %s." -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "Не вдалося записати файл журналу повторного шифрування.\n" +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Не вдалося записати файл журналу повторного шифрування." -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "Не вдалося прочитати файл журналу повторного шифрування.\n" +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Не вдалося прочитати файл журналу повторного шифрування." -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "Файл журналу %s вже існує, поновлюємо повторне шифрування.\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "" -"Спроба задіяти тимчасовий пристрій за допомогою старого заголовка LUKS.\n" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Спроба задіяти тимчасовий пристрій за допомогою старого заголовка LUKS." -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "" -"Спроба задіяти тимчасовий пристрій за допомогою нового заголовка LUKS.\n" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Спроба задіяти тимчасовий пристрій за допомогою нового заголовка LUKS." -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Спроба задіяти тимчасові пристрої зазнала невдачі.\n" +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Спроба задіяти тимчасові пристрої зазнала невдачі." -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Створено новий заголовок LUKS для пристрою %s.\n" +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Не вдалося встановити відступ у даних." -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Не вдалося встановити розмір метаданих." + +#: src/cryptsetup_reencrypt.c:573 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Задіяний слот ключа %i.\n" +msgid "New LUKS header for device %s created." +msgstr "Створено новий заголовок LUKS для пристрою %s." -#: src/cryptsetup_reencrypt.c:484 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "Створено резервну копію заголовка LUKS пристрою %s.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Ця версія cryptsetup-reencrypt не може обробляти новий тип вбудованих ключів %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Не вдалося прочитати прапорці активації з резервного заголовка." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "Спроба створення заголовків резервних копій LUKS зазнала невдачі.\n" +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Не вдалося записати прапорці активації до нового заголовка." -#: src/cryptsetup_reencrypt.c:634 +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Не вдалося прочитати вимоги із резервного заголовка." + +#: src/cryptsetup_reencrypt.c:705 #, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Не вдалося відновити заголовок LUKS на пристрої %s.\n" +msgid "%s header backup of device %s created." +msgstr "Створено резервну копію заголовка %s пристрою %s." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Спроба створення заголовків резервних копій LUKS зазнала невдачі." -#: src/cryptsetup_reencrypt.c:636 +#: src/cryptsetup_reencrypt.c:901 #, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "Відновлено заголовок LUKS на пристрої %s.\n" +msgid "Cannot restore %s header on device %s." +msgstr "Не вдалося відновити заголовок %s на пристрої %s." -#: src/cryptsetup_reencrypt.c:669 +#: src/cryptsetup_reencrypt.c:903 #, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Поступ: %5.1f%%, час до завершення: %02llu:%02llu, записано %4llu МіБ, " -"швидкість %5.1f МіБ/с%s" +msgid "%s header on device %s restored." +msgstr "Відновлено заголовок %s на пристрої %s." -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Не вдалося встановити вказану позицію на пристрої.\n" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Неможливо відкрити тимчасовий пристрій LUKS." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Не вдалося відкрити файл тимчасового заголовка LUKS.\n" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Не вдалося отримати дані щодо розміру пристрою." -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "Не вдалося отримати дані щодо розміру пристрою.\n" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Помилка введення-виведення під час повторного шифрування." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Перервано за сигналом.\n" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Наданий UUID є некоректним." -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "Помилка введення-виведення під час повторного шифрування.\n" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Не вдалося відкрити файл журналу повторного шифрування." -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"Файлом ключа можна користуватися лише з --key-slot, або якщо активним є лише " -"один слот ключа.\n" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Розшифровування не виконується. Наданий UUID можна використовувати лише для відновлення призупиненого процесу розшифровування." -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 +#: src/cryptsetup_reencrypt.c:1504 #, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Вкажіть пароль для слоту ключа %u: " +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Змінено параметри pbkdf у слоті ключа %i." -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Не вдалося відкрити файл журналу повторного шифрування.\n" - -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "Reencryption block size" msgstr "Розмір блоку повторного шифрування" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "MiB" msgstr "МіБ" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "Не змінювати ключ, не виконувати повторного шифрування області даних." +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Не змінювати ключ, не виконувати повторного шифрування області даних" -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "" -"Використовувати безпосереднє введення-виведення під час доступу до пристроїв." +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Прочитати новий ключ тому (основний ключ) з файла" -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "Використовувати fsync після кожного блоку." +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Тривалість ітерації PBKDF2 для LUKS (у мс)" -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Оновлювати файл журналу після кожного блоку." +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Використовувати безпосереднє введення-виведення під час доступу до пристроїв" -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "Використовувати лише цей слот (інші буде вимкнено)." +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Використовувати fsync після кожного блоку" -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" -"Зменшити розмір пристрою зберігання даних (змістити відступ даних). " -"НЕБЕЗПЕЧНО!" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Оновлювати файл журналу після кожного блоку" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Використовувати лише вказаний розмір пристрою (ігнорувати решту об’єму). " -"НЕБЕЗПЕЧНО!" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Використовувати лише цей слот (інші буде вимкнено)" -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Створити новий заголовок на незашифрованому пристрої." +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Створити новий заголовок на незашифрованому пристрої" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" msgstr "Остаточно розшифрувати пристрій (скасувати шифрування)" -#: src/cryptsetup_reencrypt.c:1298 +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "UUID, що використовується для відновлення розшифровування" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Тип метаданих LUKS (luks1 або luks2)" + +#: src/cryptsetup_reencrypt.c:1659 msgid "[OPTION...] " msgstr "[ПАРАМЕТР...] <пристрій>" -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" -"ПОПЕРЕДЖЕННЯ: цей код не перевірено достатнім чином, його використання може " -"призвести до незворотного пошкодження даних.\n" - -#: src/cryptsetup_reencrypt.c:1313 +#: src/cryptsetup_reencrypt.c:1667 #, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "Повторне шифрування призведе до зміни: ключа тому%s%s%s%s.\n" +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Повторне шифрування призведе до зміни: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "ключ тому" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr ", встановити хеш у значення " +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "встановити хеш у значення " -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr ", встановити шифрування " -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "Слід вказати аргумент." -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Розмір блоку повторного шифрування повинен належати діапазону від 1 МіБ до " -"64 МІБ." - -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Некоректна специфікація розміру пристрою." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Розмір блоку повторного шифрування повинен належати діапазону від 1 МіБ до 64 МІБ." -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." msgstr "Максимальний розмір зменшення розміру пристрою дорівнює 64 МіБ." -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Розмір зменшення має бути кратним до 512-байтового сектора." - -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "Параметр --new слід використовувати разом з --reduce-device-size." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Параметр --new слід використовувати разом з --reduce-device-size або --header." -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" -"Параметр --keep-key можна використовувати лише разом з параметром --hash або " -"--iter-time." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Параметр --keep-key можна використовувати лише разом з параметром --hash --iter-time або --pbkdf-force-iterations." -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "Параметр --new не можна використовувати разом з --decrypt." -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." msgstr "Параметр --decrypt є несумісним із вказаними параметрами." +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Параметр --uuid можна використовувати лише разом із --decrypt." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Некоректний тип luks. Скористайтеся одним з таких типів: luks, luks1 або luks2." + #: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Помилка під час спроби читання відповіді з термінала.\n" +msgid "Error reading response from terminal." +msgstr "Помилка під час спроби читання відповіді з термінала." -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Команду виконано успішно.\n" -#: src/utils_tools.c:191 +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "помилкові параметри або параметри не вказано" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "немає права доступу або помилковий пароль" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "недостатньо пам'яті" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "вказано помилковий пристрій або файл" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "пристрій вже існує або пристрій зайнято" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "невідома помилка" + +#: src/utils_tools.c:206 #, c-format -msgid "Command failed with code %i" -msgstr "" -"Спроба виконання команди завершилася повідомленням про помилку з кодом %i" +msgid "Command failed with code %i (%s).\n" +msgstr "Спроба виконання команди завершилася повідомленням про помилку з кодом %i (%s).\n" -#: src/utils_password.c:42 +#: src/utils_tools.c:283 #, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Не вдалося перевірити якість пароля: %s\n" +msgid "Key slot %i created." +msgstr "Створено слот ключа %i." -#: src/utils_password.c:50 +#: src/utils_tools.c:285 #, c-format +msgid "Key slot %i unlocked." +msgstr "Слот ключа %i розблоковано." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Слот ключа %i вилучено." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Створено ключ %i." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Ключ %i вилучено." + +#: src/utils_tools.c:464 msgid "" -"Password quality check failed:\n" -" %s\n" +"\n" +"Wipe interrupted." msgstr "" -"Помилка під час спроби оцінити якість пароля:\n" -" %s\n" +"\n" +"Витирання перервано." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "Попередження: пристрій %s вже містить підпис розділу «%s».\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "Попередження: пристрій %s вже містить підпис суперблоку «%s».\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Не вдалося ініціалізувати зондування підписів пристроїв." -#~ msgid "FIPS checksum verification failed.\n" -#~ msgstr "Контрольні суми FIPS не збігаються.\n" +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Не вдалося зібрати статистичні дані щодо пристрою %s." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Пристрій %s використовується сторонньою програмою. Продовження дій з форматування неможливе." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Не вдалося відкрити файл %s у режимі читання-запису." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "Наявний підпис розділу «%s» (зміщення: % байтів) на пристрої %s буде витерто." -#~ msgid "" -#~ "WARNING: device %s is a partition, for TCRYPT system encryption you " -#~ "usually need to use whole block device path.\n" -#~ msgstr "" -#~ "Попередження: пристрій %s є розділом; для шифрування системи за допомогою " -#~ "TCRYPT, зазвичай, вам слід використовувати шлях до цілого блокового " -#~ "пристрою.\n" +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "Наявний підпис суперблоку «%s» (зміщення: % байтів) на пристрої %s буде витерто." -#~ msgid "Kernel doesn't support plain64 IV.\n" -#~ msgstr "У ядрі не передбачено підтримки plain64 IV.\n" +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Не вдалося витерти підпис пристрою." -#~ msgid "Enter LUKS passphrase: " -#~ msgstr "Введіть пароль LUKS: " +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Не вдалося виконати зондування пристрою %s з метою виявлення підпису." -#~ msgid "Enter new LUKS passphrase: " -#~ msgstr "Введіть новий пароль LUKS: " +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Повторне шифрування перервано." -#~ msgid "Enter any LUKS passphrase: " -#~ msgstr "Введіть довільний пароль LUKS: " +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Не вдалося перевірити якість пароля: %s" -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "Не вдалося отримати каталог призначених пристроїв." +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"Помилка під час спроби оцінити якість пароля:\n" +" %s" -#~ msgid "Backup file %s doesn't exist.\n" -#~ msgstr "Файла резервної копії, %s, не існує.\n" +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Помилка під час спроби оцінити якість пароля: некоректний пароль (%s)" -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Не вдалося відкрити файл %s.\n" +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Помилка під час читання пароля з термінала." -#~ msgid " " -#~ msgstr "<назва> <пристрій>" +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Перевірка пароля: " -#~ msgid "create device" -#~ msgstr "створити пристрій" +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Паролі не збігаються." -#~ msgid "remove device" -#~ msgstr "вилучити пристрій" +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Не можна використовувати відступ у даних, що надходять з термінала." -#~ msgid "remove LUKS mapping" -#~ msgstr "вилучити призначення LUKS" +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Введіть пароль: " -#~ msgid "open loop-AES device as mapping " -#~ msgstr "відкрити пристрій loop-AES як призначення <назва>" +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Введіть пароль до %s: " -#~ msgid "remove loop-AES mapping" -#~ msgstr "вилучити призначення loop-AES" +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Для цього пароля немає відповідного ключа." -#~ msgid "" -#~ "Option --allow-discards is allowed only for luksOpen, loopaesOpen and " -#~ "create operation.\n" -#~ msgstr "" -#~ "Параметр --allow-discards можна використовувати лише для дій luksOpen, " -#~ "loopaesOpen і create.\n" +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Немає доступних придатних до користування слотів ключів." -#~ msgid "Cannot open device %s for %s%s access.\n" -#~ msgstr "Не вдалося відкрити пристрій %s для доступу %s%s.\n" +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Не вдалося відкрити файл ключа %s для запису." -#~ msgid "exclusive " -#~ msgstr "ексклюзивний " +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Не вдалося виконати запису до файла ключа %s." -#~ msgid "writable" -#~ msgstr "придатний до запису" +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Не вдалося відкрити файл %s у режимі лише читання." -#~ msgid "read-only" -#~ msgstr "тільки читання" +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Надайте коректний ключ JSON LUKS2:\n" -#~ msgid "WARNING!!! Possibly insecure memory. Are you root?\n" -#~ msgstr "" -#~ "УВАГА!!! Небезпека доступу до даних у пам’яті. Працюєте від імені " -#~ "адміністратора?\n" +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Не вдалося прочитати файл JSON." -#~ msgid "Unable to obtain sector size for %s" -#~ msgstr "Не вдалося отримати розмір сектора %s" +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Читання перервано." -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Не вдалося виконати запис до сховища ключів.\n" +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Не вдалося відкрити файл %s у режимі запису." -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "Не вдалося виконати читання даних зі сховища ключів.\n" +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Запис перервано." -#~ msgid "" -#~ "Cannot use device %s (crypt segments overlaps or in use by another " -#~ "device).\n" -#~ msgstr "" -#~ "Використання пристрою %s неможливе (сегменти шифрування перекриваються " -#~ "або використовуються іншим пристроєм).\n" +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Не вдалося записати файл JSON." diff --git a/po/vi.gmo b/po/vi.gmo index 73a2a9c4f6c44d134f9f804a931cce5a3fedc0be..26dba1b37fa8e38c325cf392631ced6300667a89 100644 GIT binary patch delta 4150 zcmYk;3vg7`8Nl(gyfGm_C~pEMk^lj32!Rkt(hx`>#Q*}~5ugxnc5gOoHoM{O1{zun z3W-$^ibsoLMS=PNL1((cNP>byr(!Ky9jl{`ZM0U)SX-xRJC4=qTNM|BZ7UDI)`Tm@E7gb6s3ma89a@z;q%y$s#H5J9HdkU z{tkO zK^N2UZe-2s5uAjNVg|mN^fLZ{>jA7r#?3&cP=z>*`PCvivcmN!8Q7A%Hh2TqPvZo9 zA2oi96ES0`QX_Ca%D^>vJ-VpzzNDv77Wy{k;boM0#&R=_`PCdcPhlm>j=#ov*oXYg z!U`OZttb=RkJ;FTva=qP0l&s6IExPgDq{26my$b7CaD3ym+ub*QZg={CQ;4svDV8y^XS=&rvoolyi~m`6vbMLz(X% zSc;Rzkbg;$Lq*8|yHQeo1Z4*=U=efAP;eTPN{@ETz1-hx75{ zKaoGGW>Vtux)mkG592(%gi8GA)IvT=rZ!;#Mo=FbbD7Tk zY7L#4*nyIwP9zEHGh|I_2&2mYb8rs&k-60)C})2W<+1z(C*VZhTC#z196_qrpe&@x z;vRP3LVN|=WG6!yU8=YYWg%Npe()s9=P%-1{1R(1mzy%-UX%>IlJpYF_ufDmCzW)` zL}kcassm*M&tN`Ii+Q<;Fn#8}`G0p`7hEC_l*L+wy~X{Iwjn zpk&~;_!9OmOq}UOl+OpUO*X04qx^n1%F!G{S@=big{HT$9WR|*@Mm}lo3M(vP6eL9 zQTQEh#gWV^1MI`G_zpJUmv{s>mL#fQ{V?&09*Z*Za+If_8SBs_@3(zTM|M1-H1T|A z;8L!yM+#Ln<2F2ql9A!_62)19vcsEE7P24Zj8CG*_wYLW7W-iTvcyx8in4(@ND|uA zZFKr_qZ8#ZJC78s>cz!GoR0mm8d-zdfMi)6#F6+0GLX8A9$ZIUX>D|x3E6S)`H^of={baiwjb^Yi3IBg)P@2w8|Gq><_Pb1u*PorD~lv{8f#XapeX#SEhE{JC&i!aOYzDv@T!Qvyy}zpC3E8mp4h8R zj)@0BZMu4g{I5=4NJNj!Lcfrm_Sq#HxkmM$gZ@Fbod7^ z{tuZvT~b%l!U@zJa{kh`6D#Ar#J^6|Wc)E&g=>hrh+0D04#F!PS~anY2oh4HYl)u{ zQWw%j5VsIgfKtq9gw)Do0B?8%aRUD z8hceA^_Z-Qo6XX!64Q`!k_Gj zst81ygLbQ~a|2GjZi(1_$J7^OnP&?|j|zpOdW+)*>Ra_T#|=9^T^9^{8zbiT1-a(I z*;CE?v;Shw70oasimli^#rd8Le<ToF7YSK%yOtfse znY$p>*yY2`y7F2xts>hrSLB=QMe8S6R-@Bu)dzx(wq1WqlM{;SKt$WYV0f$J%Qe4Q z)MbuWmYDp-1;$t9ng^?fkBWxI?Z;#)%7+L`f|C9L~S>!8yz>~1a+YPntjMJd`{HyMjfA-wLB-a zdSUshn^sn zD(t9Jr1SG;6k2&Rt-Jy~qo62nj_I&JpI2ioXz@piH2Vs(kEm;hB0*bLp&i!^yAd4? zYjUNR*dc!l2W_o#>?Upde6ACT&#mXPsa`irh3e&V4b!BTH#i4O2|F6T`*o}uq zd(6p)=bMX%y(aC^!|5OH_?2a~v;=$~?szCMiJ5yO+oT>DVj3SSGG&i9#d4mQ>hV;W zUz{CoUOzV2j5|Jlb``66IG|tL-_!K~yN<7eg>@eZ=@5BpiRa_y{DJNxtt!G~rtLyu?BfeP Gp8o+j)Z*m; literal 50709 zcmd753!G$SdFOu=Z;aP?MMXGV2D@ddnL$7phJm>=4s&s)L6DHKy1Kf%obIZ&t7Xq<1_wlff`E9z851;(7}ww$H=1k`SH~o7lHGL^V|J6MalgOkdCxiTsj8kC zv-y8M|JK8=&N=V(d7s<+yzhDEzdrMEH$5gvk~i?5rC|D$Bsuo6N%D;2l0?tXN|WRm za0PfVm;U}BO_Jw;kAj~E{{sA7@WUr1$!EbUPEL}yfKNLmNxlHSA6x-ma%z%%8hjgg z26*n`Bsm|P0*?nj4n70?3ivee+u#eqL*R?SUw}^n7oV0S&jLq4s!UdcYR@?MeDG@U zso?v;CxEwsBj8=&bHP6W&jJ4z_)_pR3KzZ#6b;@54uKDWF9ZJ?d^VW!kR~K&gDUSz z@CD%8!DoVZfZMmHS-~(j`9!AyIPTOOj+Q zxE9p&w}Gp`yFs<<#~?|Q(@yvN+d#eF4f6lwLH?t1{t{IE$1X_{{-2!3e;D3m0u=q; z2&!HCLACcGQ1$%?)c71*@p9LJqTlu4^T6K%8QSFY0sj=F>&d@@D(A%zN$IwLN;d(j z-nWPQ+d-xK8mNB!7$j?Q9F08zTo3Ab9aO#V2G!nAfaik053U9u!=N!l$y!kLO@m7J zW>EEg0u&t{3iy{GRVBwRbG|zl6rWuRiZ5OZYP^3N6hHkA2&t1l2GzgEp6Ts79n`qJ z9NY=cg6qL=f&4#t9!&K#y$8i7SAZ&~1FGCxLG}NOpvwJ0cz!HQq4t~ts{I#&G E z+`kP}Ik$nL&!ZqimHZ#@S>UN>d;iV_Rn8fR5_1f5Fu%@ z7^LgTD?$FB+`xZCuZKa=<@@3ON#{AeP65^amxHQ*4=8%v2<`#D6rP{8-1&M7DE^oR zmG1qZ==l(+@%uYaba^h!uJL*)sCKRfRnIv1Y4Aqyso+H@vkSp3AS6%T1*(7Zp!)U0 zfKRx<+y4?!{oE1oEuhBZ3!vKnSD?o2m!RnQtd&l;bHJ4QjiC7VHK4}j-Js-+B~bMFHVEmHV^+~; za0PfA_wLU-fT)(_S`b!B?hE+0;K|&dijYfxYycVRWH+ev4}crNzW@=Dq_V-^kAtvIvL94C zz6Ua7$rCU3_O1shI+*~k0q+Jie!~<7OC-Mms@#w8A6PZ{5l9iqNiTQ3+yGzA{inb! z;8Qkv{a1oY|6Wk#JPHnhPrk(Y<}C0u?kB+)fbRlN0q+9UpGU!qz+ZskiK3N2Fz7RYS90tz^MfW?he)v|nf7~{&_iS)6&#wyi*MTqM{!^g%@ay0c!5@H+1OFP7eEd&Pe0|(2T<%^0 zDt#T)_+A5^0p1$!{}ZTw{RC7$hquFv;C4{YzXz(H&)(tf*#WA&ec%b;dqC0oUQpxl zT@X?wzc%Xnb|6tom~y`plzd$qp5F$F9=`{QZhr-;Ji>tp7l5Aumw}IhYWFWe@%yu1?dhHmK9l>G zg2#dDL6x@?6kkk$YS+6#wdd2I%KH-d$;Z$?Q15RZL)U^2g1-RouVKS^fA2UpUiWq6 zn){s-Ny4k7ISDU=-v-YHZ=FKdfZqWZgBLV>JZs?b+`kzd0r!I!g5LtAC!X;d@8^l& zF!#$r@y$4>_FoT*U+x3duZO|);5R_Y!!sFtRD7}?+yUMIBFf44!8PErX|JyfR=NKi zcq;h38PC50WN4FFQ0@LED0==B+y_3f>GtML;41Fl0$v1u4HREJspb4}9=MtN2B`LY zA>hwJwRhDlItY9#cpms;P;?x6Exr}_4sZ$h9q{GgW9OW&H-oTv@3#;PKkK_mvKRa^C_10F+wH=ygUh+U7F7O&;054M zL5=U3dz?N~;0o^F1!{c00V>~5LG|kl3RnLdp!)r3a2xoK;ML%I8X@|B1yngd0(q63 z!pqlz9|2zl9>WZ|cfiZQN5NNsr@qDO*$pn`{uAI!!9NDo?xpYXwd2d6=>CLvd$}vX^SIv&YJ5Heia#Iw9_Q<; zK+*NnpxXa^Q1w6IM(5Mhz?A!|z%#%%fRe{ggKF15gImBQ@AZ0K2d?M-b6^GhIjH`< z1g2aLPJpm>vL6(mpYVRC`$kaX`aw|b{RXIZJpLw+CoBf9oo0r-MjTz_5;Zs2}DsC<6| zs=cRu#QQr1Hn@Kftb!+h)amtRP~-j}cnSEg;JM(Y-|{%un?XHabgT34D?#1w2Q@xF z2Co2*|CrNpH#oulE#M>IWA}T%z7Af={R?kHr-6IGaqz!`uLZZ=?(csO+|B(7A9s6t z6R7%r0bUNi{0<-Q+rjg>|9epVt$f1i@)}U%^6`M*0o9);-05_>5ImLpw}L9~9`Izn z|7{LCM2gzze`X0vChNya!$d&jp_Vt_IHmH-aw*uLVy7zX7T} zKMC)j@oBGj11NfZ2)qpZBT(%+{a)8Iv*3l?pL3t5-wle6UjtR%KY=HL&%NL2cn&B! zy%DT|e;l5l{~3S(X7D1OKMGz0KJ5W?A$S9*djA;|AFuqZw|_6Fe$Imx@NdA);PXD` zd|C&OEgW#HML_x4YM7ju6nsB!;0@Fn2z7rdNN@O19q8t}8=F!w(I zHO`A3bp5jh+`|1$;3?o=f@gtG`l82SE&$b!&w(d_{{pHV#~*M$*aE5@uLoZUJ_4=> ze+Z6(!v|geya80dZvmC=E1=r@Jy7HSq%YySg6qL4@Vnq`;Dx{A^7BJb`enoKx<1(h zif*3))!yVGAGfo?lexVV90T`;=YIx@pMC~D4t(sFJ^vFy(dAN5{d*&LHMk!XpB?`d zr^^~pd@>2D{T~7~exC(X@Q2_<;4#1F{{LD~^=t(-4x<6D1xL8Q8x-CC3_KS+b>8O* zSAnazuYpUzJHS)GZ-Y++|2Mc2{8#X0-~|u+{ILtFoOgnc0p-J=2kP%R4))*Ec)pik z%fJ)BD%Z*UM!b_Jfqx6?kKs$s;r^ST=P1=p(Z z?9JeRF)`k_~(io#UOlN-pyqrAQ z-yVKHo10^}j^p=xK=JMw{BCpI%kS@U{Uw*i_z$^$$)&#wxy0Z4JD=;Nq!&N@I@c-u z&i>@PJU-lS;^FDx_g6xKE5X%V8@VRA#4F=mf5L^R*qrO1!R+rh!jB6m=a%dt_@`XY zkM5t(`+K;5G(7vKfLjCp4-k>Fx%i)huv_vx@|?t_zaKl8&C$;}o?pzhp5Hffjqv-O z;CHw>{63ybe@_pn-;d+^U;4qHY={2D>-zhugUxaOp5ME<9?LbvbyX&OHSk=nPjVg4 z^--=ZT=Cx@gqxJ|ev{u1aNW-JSne<6+RyK2a=o74ZwIg9dJ>oZZsd9!SDot)u0P^> zBI%@4-@tVYzpn=0%C(j&{=12rv$=MX=EYnu;?mz!!7u3txQ^@b{M-(n&$Wo(FV{Q% zq(@)Hvx~U&_iFI0@cY>T|0mC1$?xmIec-j=6<`C5|Na{{zsL22@NjX+|9S2o$L~Gh zPOj^?PURZo`XE>Q_Y%@=2oL@bxQ%N=DCY(IzB|188}RAjcMKom=8W**Z1UAZ-Y@d( zKZob<0Oz>&aV_S$mFvk|`kM&p{jU7qN_h8m9`E4y?}L+3`eod2<^GvmujBV$aQ!;J zj|KmgOMf4;|1#$SSMu&s@Y`IU;nLrOT&MDUm`i{6IoN-f^WS#3ukn5n*Bhhvf5q={ zp1qK36W0nZ{Vf5t9{wDzFZd(-?-uSa<@zjlUklHx+`on2=Wre5x`ccE{V~@w!f)Nb zoZqkIdJ4bSM9-hg{h3@{o^1#J16TI<`taku;48R(jWlP5yx$M+W&*w+{9*V#Mw;K? z`gpkimw+kw2j=r*lnky_oAiaXpdik%!SODLR7d z8m{+neVpq-u19&NvDKes=a>9F>8q||^z4}MY#Gl^(gXgoXP5F!I#z$;1Lb`$&ou7( z%hLTV&xZU_{w!IvqFU=TTFsSdqn);z^|Upyd=XEZ)tS0I>rBG1v z?bOq5bG$y6E^aScF<$Ldcl!GxInP3#MJuMN?Ww*5US6%$>{J`gMsqUVU7u@AG-_2f zB~_V=R?M|pot?_PGSz=+SgN+@aoTK+)6!;ID*ab#wzVK{alKia+c(>(kLS(aRo|Dk zr(2yo$t9O=+L2~Y(`I*O3<^Mznbvq?V&9?_dNt9QhG?x>^`bg$sr4wGXpxk*H|u-+ zA@|eWUF}ul?=3;VoLB@)`~^OrdzdL>Co7|PQ5+M^X`&V zDF!{?QH3n+#?|#G8C0FAcJyEY(rHMl&2ie$ZqH85RonG)b2eA^HfFjr8WJ0(Q2zL? z)l1UsU84!HH9)(SIWK3r-kj`AiL67lDaNFxAsNmGaNFulYuBHdHk8*`y3?3(HV{E+ zGWljmpDcRis_k1gik1l0bT-%p!Bd!PqCQt|cG62P-MAJmsy5THYHe3{_M~Ld6|HVs z<3V-0-AcQ3uQffM<^tW`hj{JfWrLoJUs|(ucp`}Kkg>>C9t|%sX4Fr9!Bf?G+iyB1 z75csC*xGcf4fW^hGc8Erx!34f$Zo&${Nc_Eu$x86DQUWDda?yuOwFX%7{6YVrt4hv zB=_8{ty`7cDg9`@-D#)Qxq4ciotTNhYt*V&G?hJ%%Cri?H9U*gxLWIKu(=xg(E47l2Io!K6Qdy*P z4U_*!O+%PUDV|+fsdV-jl{DI z4x<&6S=UBTU5NC{QRNYX56(j?uwYGE-R{m(o%*3>A!_Y<4dyWQ5miD4nUtQkwbO~J zRId_FHzu2OYu|LMI-XWL=?bi5C~K^R39QaF;I4{QBXz#s6cYJd^^1fQ*PWiW!ccau z3#b*DoNUs-z{F9N)2%(oe7jbi8*isW)m_zebo<85!^X@e4eFDVaU@w4Sh|q;nMPZ* zja~&Q80S%^Q>{sZn~+P1WaHuWr$Z9{?Aac~G_7_!t=e?GI+spNS0_c_tT+kT>W!m2 zlGUb+d{Dyh2K6P?8#t+*B{Mxc-m15oFP51z`=9QH9KFN3+H8X~vh2J$A%$0w^uIOX z_4<=FRh2&8iWPRr!Jx!ut6Aw_pBl~CZb$s;nV>E@CcR|q)@>NpR77ZXDa(YpFO^(^ z!za0H-S&;6R}4%fR;`X3iOkbj0#{7iueLa#ItCY-`9itvZcU@R%y&Q!?rw}5gVJOb zQk$wXlrm0c*k9X)oSl6bnYQ)HlDOLzNzU>#jM8{x621ytpANZb8Z{TUHON^d14`i0 zxY%iqk#5bTZQ1CYmCO08K-4!18f`2d-h&+wr}owmn&mdmJSuV&smA5}%rtOR1G7nU zj-(r#@|ln?sAm2YicE?LS@U!k=JnL~)~4y@?mC8}g=wSsC0SwkTbR+JwuuHjTumqD z>h)fsi4r-_g!a(AJyVU^l!T?-X)vUHh4!RhlFq722rdmCuQwa<;7($xLdg<_qE@|V zG$&eV6xTrbYUStyCO zv@(OauFow==ekYv?yyH&3LdZS>BDJ z9(#U-_F9?+3q3+dEVHyaT0jbC2Funlxk2B??T~|2kBzSs^S~B&u#5PJk(-^aL*o$|fm)$=@X z$KcVBnjM_gUL1k5Jogbe$P*P~D1ACmqq)P)Xaq;Cx*JzZc1|5?&CJMQ2(E~EA2rSL z7dP^E!S_Hh_?%ej19cUyC^`92k?n3xIuJ)p4;d5)QpJ&}j@#rxC18lMH}XmgipqHQ z1_wqwX)rG)`N3LwzQ~2N+CoAzfy`wvCz*%2c5}sMb%jqSUflz;c2J$Ti)IOIt{k|; zQ_7D+R%4|z)5VC7)zdm23v>0Q;M6mA z3GQ7*KF}9Z2t{YG%uIvF%?ICy?J4~54cj(ER16Z#V663Vq|b}ni`&s{COh@L4Q7C) zl$rBruhh$`jV?_LhO;OXildqf&QztkdXfca?l1{0PS9IKj~7sC zMW;pUW^nw9OjH^sSYf&~KBwTrkcq??(J!-rbHgJUy#i}6EuWiU`cRYvam?Sgob9?| zM;f1qZSpc~78<&X&w%*i9c8w^?QG~iX`iDR{Li7r1Y>MotD4qmqwn{nW0-;od@3Bj zWNph>!-6T2L8s%A^fhAL!in`r4Ml|HsBCdPlZA zcTTU+a$PL)WHzAYvXxS_yKN>BR!$i7{xscLLfW$QvFt^9^>8@?#}+23zm~arCF@Eg z+i7(|%#hWcEAgnZEEhyKMKR!2JUsGUGY>_~W^~NTC=&L)f{3%NCemkwj!IZ>hEVbr zlz8D#OB~F;cy}qYNNoPO7)6cle{*z&;AVCScFa_4_G8i*JON|uh{|hhevK9Fkjkba zLEtU27zC0qux8V1y^@HbaxYS2Vuev2q49zP+b9n=cVa7g)Xy-eBD*9avJ+ zv|KZrI#fC+;Vxu}1EL5_h#HS1>wWrZ8h>aR;j5+|OfSJ_s9;YUljeY~nPRl->DC>? z>}_t^5|L}~%x9ww>H3Y^c4%IvLD*1lnp#9wG&J}aix(4vY1Y;Kixt*Kg?aF|=T<(C z{H$D!Dg&Yk^J=zlKE+r(#g+dU8_q1Tw5-{>Xy!rEcD>nVu8R_tY7Hi2kx$Z5`mH@o z58Q`<5esLph-a!y&9P$^A2ltn8r!@hDv4UEPVcGi)2yG7ACF4HfofMLSU;Gq*6Jhl zZCXY|hOE6jxtM?-o-aO^MJaK&e4VRk2)d&x8ENlo%qk42VAxolVba{%^0$z550cru zAuFP2udNc$!nwNUX5-1mt!17n*~>-6YlsA2jfbGT4{hMgya-Q|+1qlOI4YB^R*5}K z+hl{wa4UQ>HwOWHdCy#B)M|}2K`1G!8q{E}4T>DmV3)J>OgJ|x(su^q2!!5y(``XS zIzIQ%twrdmxvs4Vj`%i%-(psGSU#Vzx2$!?9dnw`i|sDBpksX&2o7|T@Mut zd{I>vIB}vdezY|2Xq3ppZ|%dpSE#2bejrshxqi!h>>!a@+&>Dj1yxD)3uFmip5{Ke zQxyE!>H1`~#=O||#sc|K%wfonSXItg3$)LcMWtY@O#}-GZ4n>VoZ8y&syGu7yhQvl ztty!+sZTf*QSi)U{}u zP2$cx`yADF_Odf=IXAS@l4nV(B%baxW)V*m#<`Zx>b9oh+<1eSiFfC4k#U{dvL{xp z+DnSyMfE&IVQR^OjKux1*=<}YYY6};usdq)E6tN7}rlt z3uN3C)}M~Lfc}y--WtlDH(EfPBkW1dM1jZaZb&9@Y$Z9f_4Y^_tO+`~G25Ls1530q zZn%>qC?<0?Ve_7fJRDW7zv%FY%JY$GEKkQ;lU+iz`TCiunhx&2mzk#v6TLZRa;$5z zguJ+$R#xIE%f!Y7nko=~hwkSkgic}y1{D#z4k4leZ{>O}tQ@P%IAswYz>bHgK%OQW zNm?59o&p*(>{BpPCI_+<7ajbPi3Kvpf(ad`R9TSZk`R`a2jQUti%Yo2-ec1?SLb#~ zAg$>|pSn#Zryhb@C`Iw!w+jR{7FpM@8vvhYn0D0abzh&!_7H^H7_u(AXk6;s={aYm zn;WY~k}Or|l)sNlX{=7RoUtm|g4#4MChR?tT6HhNyeEsebrdloWocox?9WD{xFrv} zhS^1CkzLQ(M7HQ9!%hZTndWi3!=-Ds_B69K_L3=t(P`$K<|FRhg@P>unv=np(F8hp ze(Gk#Zk8B-s)I^ljnow|mTifgC|14#YXi3UFGk!V|0_x_X~5;v60G(E95$yGDf4xu zu&X1uZl$%d+_!}lC5>Bre-PqhyIXSi4Q-z>?_rV*;`OaENisQso3iZ;HoA@WC9FS} zBNMSZooA*&l?r;Xa%K0buxyug2l+H_SR7>OacNi-z}0juzD(?Dn%p@zOKlB^g)Qvg zF()V4YJM)28oevoYI;$b+ggosv4lIa9g)3;HVC~FUBPNAv$uv(G=0TKSA|7Hx5%zkFI;LjOnj?!wTj{hE zHr?;h)wb)%d?eLuHCzxjbVXfMP^jjM)l5Rn!|JqHo|HooysR)(J()6ZXJ8iBrxlk6 zt2)XZY$ZdM%R$j!=a`AGB&E)VZBIeC6mianx6S@8Y|g@*mzCoUDP`4+?cbpZzKyCf z)xi3pRC7wg(qk-zk7q=*fz5>_Zb_+xC2(SR5F*XSoZ(Th{DYgFg`~6n5IL1t-0UFT z`3AYek;~M%s9q|qMD((X8dTUoZPD$rk>v2HjklFqvE7Jakfo|m!H%NmSzvc7Q%O{6 z*v8}2$$NOPQzBYCwlAYXn~0TP}HyZXGV9K=bJ=L=(tnT6V~GN!nxAM8hNL+ErUNtlPfz z(j6yd*(_mbVnWGt1}EGus-vaL(Y>28Cv(k;?kk7K^G1x{lTNwNOyVGF!3~IEg1h zp(8d23lU*!VvAWN27ZFxmt&=tA=*C?I3=`CnlPgu6l!Y+xE#mK{$}KvtFx2Wrz%QC zbhejnWl!I0Rl2Z7!I(s|A9yNk&*_Qe?pU{GbnEsViS}G4JFqs8jQz!O(Jn(tuF+2U z*eworFWDhOnYpKC*0Z32Hvh<3nf9f2*AGM%Cgp#RkWrf+>tkK*>TPSSuP#m5m&x8@Iw-S`nXXUCpj)`W3PrahP`ahFa1o%*@zB78YR% zL0SBDvIwmg!OoFIK^2>(VQUE*nGv$Eep{jYPJOR-h|y4w-0Wd58+1mWF^`nzWvRj> zfc-k`jD}-I>3Uew2u@cP$Tq6j4w@l0?WAWY$aRME{jg;-ie;I?E^|?`upfm&*7Moi za#{8;Wa517wdE4+BP)ApbC(5Ev{D#$1KY&a zcKAi_6(S~ZnWrz6YKnxSHRCNZGWl#xHZh3WyY5uT+7&Wb`2`ah??6x6+`8CXSG)~7 zYE0lwhI?{{_dbEnwgz6x)`)C}f1JP@us{{%Cir@MwyQIUBIA$0XKjHd@bei^{EVO= zMfJgYxJcSPy0pO`L5qqH`7C0%tW~`7aomeqr_yL)1T-VJ70QAQ+96f8e%)pR+|Jr; zcc%{`(Lh@4&QccmXlPq_2pRU~?v63N-zg8+3s6zS8jh-z2|hHcWi-V3j7b=#tU+B4 zh1=4+4?`(p+mcHWlL^djdVPpUofgv-TrR}0>`~`MmQe^o%) zD5K0R&V5C7BTgVcJ74AMdov)L9HX(WK3~J>D7LwUta__1nWsFX8LQdP-Bu-a=O4y} z1;P;Z2p!0bf6A^i8=^vmgb2JARG45o1Njn3UZgyRO2xEFz91?ZjMXJz&TYgI`1nVf z-Bv0+#6qKO8jU)t}@N1 zmzgjINUNIJmnW~BQ;Hx(gVOYv|K!T8+eSBT-9iN5s^Vj%@TFoUP_wqOoXlB&Ws-d) zLjxmEB*_>yd_~lbJ2R3pHDwm6J_g-mT7U&V9P4Oz9HZs))})wjx%->A7n)f7KJi(x z2NS2YCqe9s2n&oOP!)0GYWgxV6W%P45>~Q@li(b?G=)@2E)1bVN9d2nIO~o{fX!PN zCMVlSGOo=j)}~@*G1>s*?@O8(jyI!WTPz2-bXh;jyg8hBrmP=+he9b4WU9W`mRQ-b z5~5`aU4$>SH)-t-m_Vz*|*&?KkFD@&a+mns)%IfZ9yE58Zo^P(Zs9nW79~rMN z+O~DHlI@AFtYs~Jd3xs3WoK8GzO=IJymaY#%g;Xh^rg#|E+t`QJ3Uu*J?YL|nl63W z^0Qug`qGz??h>Y3l~MezHY@e5x#j8T+@S+^Hq$MWhYr58mcF7pe;cO+>~13c<9I_C zO|rdpdIa6LlB~_iE+(QfTCdJ5PcLiKJK`h6c10%?sM^_|%T|=eMbowuy^RvB)nW0; z`be|hDM}$=)>yQ8XA=B(YeFIaXyCQ5HESbDyWKVXw$tJ0a@ zUt5_@&wnhPIdt%5d<-dTJJg{w|4BY!)f?=`p#u-`#lWG1H>3~Wcmv?bnxEFbmP#$>$?Mr&|B7s^tLD8*u&S&49HNMI&|27%`~w_Rv1_WnbC-U4(l!mYZrlY)58j{hnv2)2 z54}zj-BUHf-_(F$hYs8`yAz8Xmtzl89){eV`7g4>2zlO#ai3x(-pXW%87&)PDy_Cs zjec~v1ifG5bglA*rkXZ$=)f0hR`m_dDaK4>W0u&|qXQ2$;bTUzmiLdxVu{-=%YiSj zP4m!!&o%o`pRm>}wqqt19UBj8XKMbl`WTfHDwM_!KY*pVrK0P)KB_e89^xibhYsAu zzVF^6DHhHrLd=p2kyrEY>>821x_n1>F9nLdWwi5tTm2L0 z-LK6*V7zO*{=;iOBJcEv*M3yuf?(`6aTz;w;CAiFWm)@?`??&Yv08&b*3ala518~` zCuzAyV}1vHtj!;w?)m+*>DW9Es|;MMY;*S>n!|1XZ&7@g`GEjq3F{Y_5Vko<7C z#^#{1QvGqi0rh@+L)6k?8>S|#Bkb~@Zq@GY;DzCTi9a~+hz`I$3KDsr2Pk*TPWWJ5t;dX0%Ybl~2sq~KWZrtHbI zIT;)%J6}c7-{Ev9ZUlp*p>o@VfBVts+!bkI%+4mcg#BT4`_JR%%O2p_B9+D^jJFH-6t^zD_FRR_W(ZVYwcQ9cv&>4>0%d%^kF`LPhLwq#Vq6Q5YkN z1&SN%b%tCEQX{g?Bfc0J2$vMGRl(+G&@4^Lt&q7A1@t&uExyHb;XRNw|$YVlg-R0 z8D-WFYcGe(9Eji=ZNcfmzmsl@TOCv1%znvgE^OL0(JGn!LMzGu*;%+X7mH!-2C<9TL00(MR0@?K_gIvNHhQ=GhEGa|;EQA`6;JObA+p#fU*Q24fzA zc{MeWWTP~I-FoJ%!dv%8Ws`v*rDpc7DMH%vNRX4JhaL~$f!uIplxLHWhg{&Kfissp zek@licj}RbDC$xw!sAxagxKd64!*mWDk4I@T9E~wNmvA< zhg4SS5VlQfai4K35y1ElPX3tWwA8pMj!0w3gCp%0v8=ZuS(QL=a6o@(Kqi>LfazFi z&wFbU21O&)p&ky-T83e979t_@e|pKJ(uKzc9rv9@AeFOFl!s&2nQ}70f+X%FAeQ%Z z*j{(FU+Ntb%*rgvYX5*JW$Q;r$#te1ZIB2ibJGS^ID?zhv{Y(JcDqAD^&w=#$+{I zU92tMPY_Br!`6dEr=l&knXXsoUkKM!!_vOB*~--fVo1BZI7=?m6n$z6nlVitz%xW$ z6p**0>G1Ky_QB-phO(_x+$T3%#voN3lW=;SwOK(%GG!qQqL01|G?Mk##=v;7#F8`F z4BF?;J!jjQ#>_P?;&Hp?kQdM2?y*0FB_43u0yuQnp@R<;o(%hEw=e)C^|ypb?oym& zVAxpkCo*i9|J;H}qB<;4Wo&VTJnnHA`Ln3((c~zazEFErq#dAlxE7b{WnaM&s&<(w zh+c5yQDu~$efWgD#bG3bi;tky5-}OESeyOl8#Oi*&XXllC&~r^rKI44i)E}F+(Yjz zK<0Et{@JIHmBT0ZEi`JH8CMwy#X<&YV_RnUcPK5|@HEKLvB^W+qoRp{dQOG`O;ixC zuPXz5slF;oLxcSE#zErdL}?ddRS)jO?m|ALb8ZM7Ss*`Rzd(iNwI~9oXvkq|*}xY` zn#<)*lNit9q;aFP3&c3Sj~@I zj80ly1CJhWFE^>r4b z=3}LOK{opw@JNinu*j(A_Ml)GN?{EjPJ*q85)?_wT1dVq1!!%ihc%hVMDDltmT7m8 zheOL{xI663UUEX@)n>G01X;Jxo&vRpX0?#sjKGT+G{r0A1h|@Qhw`-qqao zi`Q_?kBPmGkwsx@ucj9rkW+;}Oz2~}3k3`6L>eZqK;uN~ETqwVgr8MhK^C3)B5yR> z>*jvP0noV`l`D zd4n9@h(3(FRCBQA8@HxIirw*<+%TjSv&E8^_tnaRcU+@xJf`f6j?&VA88p_Xxc&$4OG6+zcYkT#mI6N-=mea)91E%_^i)z#~$IJ7Hlz9SG>urc;OrLFtBf) zV^kN)8Qg30deofQwy=9mGa|OzAF-IC0r}?Y!&F+N?rCmzlqY#N`9h#(3ucRY=K%`& zg;y5k&qS51z2YtfCrK-B>2>oG@2Zc^`c!RjucxUIxk9FGa9myI%B5#|LglXE_DYFP zvyMs=WrlqlOU{E~^NR6$&JCV)po!;%P^~MQ*W0kDj*bY`BrTi~DuVS&PLvumaImYNMul+!d+6vgO$ujq|bBYOas@X-Vl zdC3{yF_fsezpvadz7&rZ9h4KR$m%?fpOzqHeAH)Ve7jK&T323bwX!Y3_E463TPmA> z4J&F@F}l5l9&LHO1js83@tJHZ!j{P{E53LOu3U?X84hgA`}o`i-ZhKLaLFfsXN~h~ zd1g)qBo9%cvghR0T__>y9i>c6vJsH~aviMwfIbWDNgf)@Al>SGTuPGn$)du_+qVaJ zG2c39q?uMB3bDHtG6%_IqU}WwEMf5SVcrpl!nPHw20<$wiMl|OTyy&>3igS`#G?NL zTaX=_dK7hTg8}iW+|??Uh%Aijy0m2d7HeZ!ptIRx=uj@g1Hgkq4&=n9<=J6@e1ia` zz)PVoRswX9+Z^al(!#9q8GzQtBsuxlKVpk4JVU!Y5a8t{rSyFXqc2Hd9LmL0XND*z zF;dJSx+1nP63Bsqt9_jWd43;T(98`KC2b<5*2kMt2Cb1k{2sF`d{T1<^ZD38aT?f{ z1{n?9B4mzmy|_J%%jZHB|)O3ZIGcOK|-bO!PLCO7n=F}xf}QK{qRq%0iCm3tl)MEfzn&Q@)vR_uGT z4W+@bA5}T%tzy2*B#>>R67S5p&1W1wqPA_aXhbP9ET>2ahV~8*ZoDaY80G$oaQ%$n zUE#kTZnr6*zVo?@qi2e3LmG`j9TL^JUtWGSB8&6A#Oi&#lHSxO0X^Z3;yVuQG1Sid zU!^7w09lc-e-%FY%DRw!KIZF!!9{}IVNv}XJczPYJ8<9c4)I*R_t-X)i8=8sG}(2t zZF;NVb)WZ^^N0%98CxGNr`(iGktJ(HFonZ1-!nOkeUlI0*onNj)`hk9 z<9ZolFHA4t6M_?7R!lSEJ3R;XD%2A)N-x~YAVvbolHC0>Qk@6yt)|O#Vy}W%;ly4^ zYf)KfatO1OwN6;YI=sRyg(<9|r9*z@u^M~DHcGuz6G&eAe54%n2!+K*{}!bcJqRv* z?gc@;s8_|q=ib9 zerJQt(Ue%>-*VDXpYgfIgUj{}k7}@wPo$GX{%PVhXdWZ)kWS7R4s*YfIn6^wHU#u2 zoP?|@2e7jrhFsLyJI=)rn>XvV5Ab{QY6n)rA-F{q{~vcNKMFaVO_iw$s=cllF#M#O zr1bHcV-C=<=CP9M=}k}B{pT)g2A?Mi=YnOz7G?!e_XjNC<$;+#&g(glxu9pxgl=+r zS*64s=E6xf7p{lnsEWhn4_k|vEB{y0NjX5}>-=VwaTra~TT0Hi;YjDcf-CxmWWv$T z|3=zs>yD<2+4qX>UmSV;Q|wUkXDk3&c7samJ31wSdMspbnQeQXeLPPD-8L3#%^;MZ zp|cSpn8`Zb3JVo?hiX zFm>LD)cBN5M|14={$vTXIY^Nf_riNlkRCmB;O=de(T!Uwn=YPz->So$B>lr{Kf#U= z*@|qJ(X4&QMP*vXbA>ZG|3HJIAz3RUk*x&sUD{EdE^S7SWko)NqCf5#+}v}>v@8_n z2+}aYAep{Jw9{6y8Pagd^4Q{?^CU^;bn}lTDO5S~W*3d7w zK5Q3i!hYa(J}N7_c=4)HDeq9c8$TS18ztu4y)7Fqy&}DM_!7*n^jR1d_K__#Wg%_X7(vU``l7Mge2 zKO$nYd8=F#$A^NyNMI*$T?lG=c)Xa9sQjKulMyAJa~Bgv)Xb(3VK0h^-Av?M3qQU! zFguLfB&1ZxHkw!jzH+WELSPJIzDv3%dmaOd_sI_4SlOG?=R4tJ-5w4X)tE{Sa6f$C zO9S_JT)iU@jh9j(mlOTLMo%)d$?ckQA0QycdVl$?2R&S%vXZP2dPpqPqC+<4@^FNv zgLjGSeomB)k?|qMgpk7!;U?ltnL(9CmH2DLL%Tmcw*nt`bcPY*LE2MFjx}70(6>|r z_)k7bvc*P{0=d zJ>$NQ#`HS#S6X7->!BS-icY2AE8gWG6H!8zG;| zNp)dz?7XZaHM~zBW`x96mel{z6f{WfD_?&>gAIowo_!6Hdgw2}9VR1?D~ZBg88CfS zUrOrSvJWJleVC3j6w$Abo|aqR#-WFPo1tW7HDX}ISWimhgiqvdyYzOxZKq^XGm@yb zVmc2y2BM>_(rW$JA3NkgB_#N`fm$|g>Y@!;>Jp@ZloUa_+<^N%&=(CULkA@7Mb zD8yY#&TVK-SpU-QSX&i|$?wB5sCX0DZSnlnENkHMjJ@I|1$XQRPF64t#rZG`7hx0} z7KQi~3UYe(=d!K*X7C4eA{xVjbxO1J@Lia7c8zhM(U-NKoE^ghEfZ@?yUT`~ zs*z-^#V_JR`rW3Iy|Dd$oOqlzJEea>VilN`iw=n9Gq^o+)bPIV;B%YIWbB9n&bSNw zOHo>TvMqh)>FGcnc_rBwdp;Y86;M`NJmKo`e8tZB{Hy1f|7;KVuUyRF^ZtwC;-2~W z{tMB+OeYjS@r}5L+48sE;1RBYj&HLtMi!~>nY6_+RVrr)HQ{?%LzTssI0M|;-YCU@ zdU2%9cn-m3wv2`iu#drT?aY#xUV@wWJ`Pu&#+UmV_*Xj-Dd64qwPN?;34EOA>Me@*cS?J`j?>bVCv%M{G#GA1+tpk7Z6Hl1 zzcvZVgEo1?uv-t18;w^SYwEi*S#+Ok)~EB&`J{8M3t_v^iIPP4=a)V56IvTH+<*-s z@QyalDICR?DQ!G1wFf^noE9AZnFKe{nE>`r@$>bZ(BDFZI}OcP;|BCr}u)7F|=YD+%>|K|)T2?Eb%3K8VU~OJ#=^weTDhs17 zMW2?aJxJq?skv)q*CKqd{qTE^kTs~Xz`zWacC8O|mubkAqw_akk*>M;(7|_XArQ|$ z=#aZwE7KLUj*vx#k-DApo3axWJ=4x|Ci53b!e##^1TCgI zjYakau|*CBGQQ3YMj-9HE!$5$uyYTH=CR6*)=%;s)58fh;NFxHmNgu$^e7CS{eK`; z!Ou>#SfdPJ4Txw2RCok}XWs-PaBpHbigR0SDDB^-h*Fh$=0U@EcUK6N(ER?iWRsa z#!p|tmU(5kR4M(+7VO07@5XnHo1_whO;jnq0j{*2P&QpUDk%wvX=JlF1DaWGPhzv= zgj$QGJv?eOres6@nVX2XS$_6FPdSGv!B{fxSWk5Y^BS9T)*FGjB=7`1lj_foMGogP z_wQNkWqHvJnF!hCJ>`3r`{$BFGvVJ>8_xcvC*{lhzEace+lM0zmRe^PB0h_H+xCs! zbIwZE+M#;#mh_Jh<^N1mI%I>bfBcPqhm3#Bg_Az(`lk&S+o^4Bedf7?e^-Wo2Sxuj z7J2p0LtR~;Yt_e;fL{~K9-X-4A_r8SYK721M?vA(2j z@R}9s1W;>=T2eS|+L){TcDW@Bvw1&ZIPA;T5yG}F(ufk0O0CAHm#N{S1<_-PAC&a} E0<#$VvH$=8 diff --git a/po/vi.po b/po/vi.po index 42b446d..b1aa5d1 100644 --- a/po/vi.po +++ b/po/vi.po @@ -1,541 +1,945 @@ # Vietnamese translation for CryptSetup. # Bản dịch tiếng Việt dành cho cryptsetup. -# Copyright © 2015 Free Software Foundation, Inc. +# Copyright © 2016 Free Software Foundation, Inc. # This file is distributed under the same license as the cryptsetup package. # Clytie Siddall , 2010. -# Trần Ngọc Quân , 2012-2014, 2015. +# Trần Ngọc Quân , 2012-2014, 2015, 2016, 2017. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 1.7.4\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-20 07:43+0700\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2017-03-05 15:08+0700\n" "Last-Translator: Trần Ngọc Quân \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Gtranslator 2.91.7\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"Không thể khởi tạo ánh-xạ-thiết-bị (device-mapper), do không chạy dưới quyền " -"siêu người dùng.\n" +#: lib/libdevmapper.c:399 +#, fuzzy +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Không thể khởi tạo ánh-xạ-thiết-bị (device-mapper), do không chạy dưới quyền siêu người dùng.\n" -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" +#: lib/libdevmapper.c:402 +#, fuzzy +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" msgstr "" "Không thể khởi tạo tiến trình ánh xạ thiết bị.\n" "Mô-đun hạt nhân “dm_mod” được nạp chÆ°a?\n" -#: lib/libdevmapper.c:550 -#, c-format -msgid "DM-UUID for device %s was truncated.\n" +#: lib/libdevmapper.c:1131 +#, fuzzy +msgid "Requested deferred flag is not supported." +msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n" + +#: lib/libdevmapper.c:1198 +#, fuzzy, c-format +msgid "DM-UUID for device %s was truncated." msgstr "Mã số DM-UUID cho thiết bị %s bị cắt ngắn.\n" -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Không hỗ trợ tùy chọn hiệu năng dmcrypt đã yêu cầu.\n" +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "" + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +#, fuzzy +msgid "Requested dm-crypt performance options are not supported." +msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n" + +#: lib/libdevmapper.c:1630 +#, fuzzy +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Không hỗ trợ tùy chọn xá»­ lý dữ liệu sai hỏng dm-verity đã yêu cầu.\n" + +#: lib/libdevmapper.c:1634 +#, fuzzy +msgid "Requested dm-verity FEC options are not supported." +msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n" + +#: lib/libdevmapper.c:1638 +#, fuzzy +msgid "Requested data integrity options are not supported." +msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n" + +#: lib/libdevmapper.c:1640 +#, fuzzy +msgid "Requested sector_size option is not supported." +msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n" + +#: lib/libdevmapper.c:1645 +#, fuzzy +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Không hỗ trợ tùy chọn xá»­ lý dữ liệu sai hỏng dm-verity đã yêu cầu.\n" + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +#, fuzzy +msgid "Discard/TRIM is not supported." +msgstr "Thuật toán băm %s không được hỗ trợ.\n" + +#: lib/libdevmapper.c:1653 +#, fuzzy +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Không hỗ trợ tùy chọn xá»­ lý dữ liệu sai hỏng dm-verity đã yêu cầu.\n" -#: lib/random.c:76 +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "" + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" "Hệ thống bị nằm ngoài en-trô-pi trong khi tạo khóa vùng chứa.\n" -"Xin hãy di chuyển con chuột hay gõ vài chữ trong cá»­a sổ khác để thu thập sá»± " -"kiện ngẫu nhiên.\n" +"Xin hãy di chuyển con chuột hay gõ vài chữ trong cá»­a sổ khác để thu thập sá»± kiện ngẫu nhiên.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Đang tạo khóa (xong %d%%).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" +#: lib/random.c:165 +#, fuzzy +msgid "Running in FIPS mode." +msgstr "Đang chạy trong chế độ FIPS.\n" + +#: lib/random.c:171 +#, fuzzy +msgid "Fatal error during RNG initialisation." msgstr "Gặp lỗi nghiêm trọng trong quá trình khởi tạo RNG.\n" -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" +#: lib/random.c:208 +#, fuzzy +msgid "Unknown RNG quality requested." msgstr "Không hiểu chất lượng RNG đã yêu cầu.\n" -#: lib/random.c:211 -#, c-format -msgid "Error %d reading from RNG: %s\n" +#: lib/random.c:213 +#, fuzzy +msgid "Error reading from RNG." msgstr "Lỗi %d khi đọc từ RNG: %s\n" -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" +#: lib/setup.c:229 +#, fuzzy +msgid "Cannot initialize crypto RNG backend." msgstr "Không thể khởi tạo ứng dụng chạy ở phía sau (backend) mã hóa RNG.\n" -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" +#: lib/setup.c:235 +#, fuzzy +msgid "Cannot initialize crypto backend." msgstr "Không thể khởi ứng dụng mã hóa chạy ở phía sau (backend).\n" -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 -#, c-format -msgid "Hash algorithm %s not supported.\n" +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, fuzzy, c-format +msgid "Hash algorithm %s not supported." msgstr "Thuật toán băm %s không được hỗ trợ.\n" -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 -#, c-format -msgid "Key processing error (using hash %s).\n" +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, fuzzy, c-format +msgid "Key processing error (using hash %s)." msgstr "Lỗi xá»­ lý khóa (dùng mã băm %s).\n" -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"Không thể dò tìm kiểu thiết bị. Phần hoạt hóa của thiết bị không tÆ°Æ¡ng thích " -"à?\n" +#: lib/setup.c:335 lib/setup.c:362 +#, fuzzy +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Không thể dò tìm kiểu thiết bị. Phần hoạt hóa của thiết bị không tÆ°Æ¡ng thích à?\n" + +#: lib/setup.c:341 lib/setup.c:3050 +#, fuzzy +msgid "This operation is supported only for LUKS device." +msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n" -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" +#: lib/setup.c:368 +#, fuzzy +msgid "This operation is supported only for LUKS2 device." msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n" -#: lib/setup.c:320 -msgid "All key slots full.\n" +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +#, fuzzy +msgid "All key slots full." msgstr "Mọi khe khóa đều đã đầy.\n" -#: lib/setup.c:327 -#, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "" -"Khe khóa %d không đúng, hãy chọn một giá trị trong phạm vi từ 0 đến %d.\n" +#: lib/setup.c:434 +#, fuzzy, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Khe khóa %d không đúng, hãy chọn một giá trị trong phạm vi từ 0 đến %d.\n" -#: lib/setup.c:333 -#, c-format -msgid "Key slot %d is full, please select another one.\n" +#: lib/setup.c:440 +#, fuzzy, c-format +msgid "Key slot %d is full, please select another one." msgstr "Khe khóa %d bị đầy, hãy chọn một khe khác.\n" -#: lib/setup.c:472 -#, c-format -msgid "Enter passphrase for %s: " -msgstr "Nhập cụm từ mật khẩu cho %s: " +#: lib/setup.c:525 lib/setup.c:2824 +#, fuzzy +msgid "Device size is not aligned to device logical block size." +msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n" -#: lib/setup.c:653 -#, c-format -msgid "Header detected but device %s is too small.\n" +#: lib/setup.c:624 +#, fuzzy, c-format +msgid "Header detected but device %s is too small." msgstr "Phát hiện được phần đầu nhÆ°ng mà thiết bị %s quá nhỏ.\n" -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" +#: lib/setup.c:661 +#, fuzzy +msgid "This operation is not supported for this device type." msgstr "Thao tác này không được hỗ trợ cho kiểu thiết bị này.\n" -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 -#, c-format -msgid "Device %s is not active.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "" + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, fuzzy, c-format +msgid "Unsupported LUKS version %d." +msgstr "Phiên bản LUKS không được hỗ trợ %d.\n" + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +#, fuzzy +msgid "Detached metadata device is not supported for this crypt type." +msgstr "UUID không hỗ trợ kiểu mã hóa này.\n" + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, fuzzy, c-format +msgid "Device %s is not active." msgstr "Thiết bị %s không hoạt động.\n" -#: lib/setup.c:925 -#, c-format -msgid "Underlying device for crypt device %s disappeared.\n" +#: lib/setup.c:1444 +#, fuzzy, c-format +msgid "Underlying device for crypt device %s disappeared." msgstr "Thiết bị nằm dưới cho thiết bị crypt %s đã bị biến mất.\n" -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" +#: lib/setup.c:1524 +#, fuzzy +msgid "Invalid plain crypt parameters." msgstr "Đặt sai tham số mã hóa bình thường.\n" -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +#, fuzzy +msgid "Invalid key size." msgstr "Kích cỡ khóa không đúng.\n" -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +#, fuzzy +msgid "UUID is not supported for this crypt type." msgstr "UUID không hỗ trợ kiểu mã hóa này.\n" -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +#, fuzzy +msgid "Unsupported encryption sector size." +msgstr "Không đọc được tập tin nhật ký reencryption.\n" + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +#, fuzzy +msgid "Device size is not aligned to requested sector size." +msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n" + +#: lib/setup.c:1608 lib/setup.c:1727 +#, fuzzy +msgid "Can't format LUKS without device." msgstr "Không thể định dạng “LUKS” mà không có thiết bị.\n" -#: lib/setup.c:1089 +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "" + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, fuzzy, c-format +msgid "Cannot wipe header on device %s." +msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n" + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "" + +#: lib/setup.c:1821 +#, fuzzy, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Mã hóa kiểu %s không sẵn có.\n" + +#: lib/setup.c:1854 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Không thể định dạng thiết bị %s mà nó lại vẫn đang được sá»­ dụng.\n" +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "" -#: lib/setup.c:1092 +#: lib/setup.c:1858 #, c-format -msgid "Cannot format device %s, permission denied.\n" +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, fuzzy, c-format +msgid "Device %s is too small." +msgstr "Thiết bị %s có kích cỡ quá nhỏ.\n" + +#: lib/setup.c:1893 lib/setup.c:1919 +#, fuzzy, c-format +msgid "Cannot format device %s in use." +msgstr "Không thể định dạng thiết bị %s mà nó lại vẫn đang được sá»­ dụng.\n" + +#: lib/setup.c:1896 lib/setup.c:1922 +#, fuzzy, c-format +msgid "Cannot format device %s, permission denied." msgstr "Không thể định dạng thiết bị %s, không đủ thẩm quyền.\n" -#: lib/setup.c:1096 -#, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n" +#: lib/setup.c:1908 lib/setup.c:2229 +#, fuzzy, c-format +msgid "Cannot format integrity for device %s." +msgstr "Không thể ghi thiết bị %s.\n" + +#: lib/setup.c:1926 +#, fuzzy, c-format +msgid "Cannot format device %s." +msgstr "Không thể đọc thiết bị %s.\n" -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" +#: lib/setup.c:1944 +#, fuzzy +msgid "Can't format LOOPAES without device." msgstr "Không thể định dạng “LOOPAES” bên ngoài thiết bị.\n" -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" +#: lib/setup.c:1989 +#, fuzzy +msgid "Can't format VERITY without device." msgstr "Không thể định dạng “VERITY” mà không có thiết bị.\n" -#: lib/setup.c:1160 lib/verity/verity.c:106 -#, c-format -msgid "Unsupported VERITY hash type %d.\n" +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, fuzzy, c-format +msgid "Unsupported VERITY hash type %d." msgstr "Kiểu băm “VERITY” %d không được hỗ trợ.\n" -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" +#: lib/setup.c:2006 lib/verity/verity.c:110 +#, fuzzy +msgid "Unsupported VERITY block size." msgstr "Kích thước khối “VERITY” không được hỗ trợ.\n" -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" +#: lib/setup.c:2011 lib/verity/verity.c:74 +#, fuzzy +msgid "Unsupported VERITY hash offset." +msgstr "Khoảng bù (offset) mã băm “VERITY” không được hỗ trợ.\n" + +#: lib/setup.c:2016 +#, fuzzy +msgid "Unsupported VERITY FEC offset." msgstr "Khoảng bù (offset) mã băm “VERITY” không được hỗ trợ.\n" -#: lib/setup.c:1285 +#: lib/setup.c:2040 +#, fuzzy +msgid "Data area overlaps with hash area." +msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n" + +#: lib/setup.c:2065 +#, fuzzy +msgid "Hash area overlaps with FEC area." +msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n" + +#: lib/setup.c:2072 +#, fuzzy +msgid "Data area overlaps with FEC area." +msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n" + +#: lib/setup.c:2208 #, c-format -msgid "Unknown crypt device type %s requested.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" + +#: lib/setup.c:2286 +#, fuzzy, c-format +msgid "Unknown crypt device type %s requested." msgstr "Không rõ kiểu thiết bị mã hóa %s được yêu cầu.\n" -#: lib/setup.c:1435 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, fuzzy, c-format +msgid "Unsupported parameters on device %s." +msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n" + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, fuzzy, c-format +msgid "Mismatching parameters on device %s." +msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n" + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "" + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "Không thể đọc thiết bị %s.\n" + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, fuzzy, c-format +msgid "Failed to suspend device %s." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "Không thể đọc thiết bị %s.\n" + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Lỗi lấy thÆ° mục trình ánh xạ thiết bị." + +#: lib/setup.c:2809 +#, fuzzy +msgid "Cannot resize loop device." +msgstr "Không thể đổi cỡ thiết bị vòng ngược (loopback).\n" + +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "Bạn có thá»±c sá»± muốn thay đổi UUID cho thiết bị?" -#: lib/setup.c:1545 -#, c-format -msgid "Volume %s is not active.\n" +#: lib/setup.c:2958 +#, fuzzy +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Tập tin sao lÆ°u không chứa phần đầu LUKS hợp lệ.\n" + +#: lib/setup.c:3058 +#, fuzzy, c-format +msgid "Volume %s is not active." msgstr "Khối tin %s không hoạt động.\n" -#: lib/setup.c:1556 -#, c-format -msgid "Volume %s is already suspended.\n" +#: lib/setup.c:3069 +#, fuzzy, c-format +msgid "Volume %s is already suspended." msgstr "Khối %s đã bị ngÆ°ng.\n" -#: lib/setup.c:1563 -#, c-format -msgid "Suspend is not supported for device %s.\n" +#: lib/setup.c:3082 +#, fuzzy, c-format +msgid "Suspend is not supported for device %s." msgstr "Tạm dừng không được hỗ trợ cho kiểu thiết bị %s.\n" -#: lib/setup.c:1565 -#, c-format -msgid "Error during suspending device %s.\n" +#: lib/setup.c:3084 +#, fuzzy, c-format +msgid "Error during suspending device %s." msgstr "Gặp lỗi khi tạm dừng thiết bị %s.\n" -#: lib/setup.c:1591 lib/setup.c:1638 -#, c-format -msgid "Volume %s is not suspended.\n" +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, fuzzy, c-format +msgid "Volume %s is not suspended." msgstr "Vùng %s không bị treo.\n" -#: lib/setup.c:1605 -#, c-format -msgid "Resume is not supported for device %s.\n" +#: lib/setup.c:3146 +#, fuzzy, c-format +msgid "Resume is not supported for device %s." msgstr "Thao tác phục hồi không được hỗ trợ cho kiểu thiết bị %s.\n" -#: lib/setup.c:1607 lib/setup.c:1659 -#, c-format -msgid "Error during resuming device %s.\n" +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, fuzzy, c-format +msgid "Error during resuming device %s." msgstr "Gặp lỗi khi cho hoạt động trở lại thiết bị %s.\n" -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Gõ cụm từ mật khẩu: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +#, fuzzy +msgid "Volume key does not match the volume." +msgstr "Khóa khối tin không tÆ°Æ¡ng ứng với khối tin đó.\n" -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Không thể thêm khe khóa vì mọi khe đều bị tắt và không cung cấp khóa khối " -"tin.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +#, fuzzy +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Không thể thêm khe khóa vì mọi khe đều bị tắt và không cung cấp khóa khối tin.\n" -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Nhập bất cứ cụm từ mật khẩu nào: " +#: lib/setup.c:3483 +#, fuzzy +msgid "Failed to swap new key slot." +msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n" -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Gõ cụm từ mật khẩu mới cho khe khóa: " +#: lib/setup.c:3669 +#, fuzzy, c-format +msgid "Key slot %d is invalid." +msgstr "Khe khóa %d không đúng.\n" -#: lib/setup.c:1798 -#, c-format -msgid "Key slot %d changed.\n" -msgstr "Khe khóa %d đã thay đổi.\n" +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, fuzzy, c-format +msgid "Keyslot %d is not active." +msgstr "Khe khóa %d không được dùng.\n" -#: lib/setup.c:1801 -#, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Đã thay thế với khe khóa %d.\n" +#: lib/setup.c:3694 +#, fuzzy +msgid "Device header overlaps with data area." +msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n" -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n" +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "" -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Khóa khối tin không tÆ°Æ¡ng ứng với khối tin đó.\n" +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +#, fuzzy +msgid "Failed to get reencryption lock." +msgstr "Không đọc được tập tin nhật ký reencryption.\n" -#: lib/setup.c:1961 -#, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Khe khóa %d không đúng.\n" +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +#, fuzzy +msgid "LUKS2 reencryption recovery failed." +msgstr "Không mở được tập tin nhật ký reencryption.\n" -#: lib/setup.c:1966 -#, c-format -msgid "Key slot %d is not used.\n" -msgstr "Khe khóa %d không được dùng.\n" +#: lib/setup.c:4127 lib/setup.c:4379 +#, fuzzy +msgid "Device type is not properly initialized." +msgstr "Kiểu thiết bị gần nhÆ° chắc chắn là chÆ°a được thiết lập.\n" -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 -#, c-format -msgid "Device %s already exists.\n" +#: lib/setup.c:4171 +#, fuzzy, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Không thể định dạng thiết bị %s mà nó lại vẫn đang được sá»­ dụng.\n" + +#: lib/setup.c:4174 +#, fuzzy, c-format +msgid "Device %s already exists." msgstr "Thiết bị %s đã sẵn có.\n" -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" +#: lib/setup.c:4296 +#, fuzzy +msgid "Incorrect volume key specified for plain device." msgstr "Khóa vùng chứa đã chỉ định không đúng cho thiết bị thường.\n" -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" +#: lib/setup.c:4405 +#, fuzzy +msgid "Incorrect root hash specified for verity device." msgstr "Mã băm gốc đã chỉ định không đúng cho thiết bị chứng thá»±c (verity).\n" -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Kiểu thiết bị gần nhÆ° chắc chắn là chÆ°a được thiết lập.\n" +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "" -#: lib/setup.c:2259 -#, c-format -msgid "Device %s is still in use.\n" +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "" + +#: lib/setup.c:4438 lib/setup.c:5915 +#, fuzzy +msgid "Failed to load key in kernel keyring." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, fuzzy, c-format +msgid "Device %s is still in use." msgstr "Thiết bị %s vẫn đang được sá»­ dụng.\n" -#: lib/setup.c:2268 -#, c-format -msgid "Invalid device %s.\n" +#: lib/setup.c:4516 +#, fuzzy, c-format +msgid "Invalid device %s." msgstr "Thiết bị không đúng %s.\n" -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Chức năng không khả dụng trong chế độ “FIPS”.\n" - -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" +#: lib/setup.c:4632 +#, fuzzy +msgid "Volume key buffer too small." msgstr "Vùng đệm khóa khối tin quá nhỏ.\n" -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" +#: lib/setup.c:4640 +#, fuzzy +msgid "Cannot retrieve volume key for plain device." msgstr "Không thể lấy khóa khối tin cho thiết bị bình thường.\n" -#: lib/setup.c:2310 -#, c-format -msgid "This operation is not supported for %s crypt device.\n" +#: lib/setup.c:4657 +#, fuzzy +msgid "Cannot retrieve root hash for verity device." +msgstr "Mã băm gốc đã chỉ định không đúng cho thiết bị chứng thá»±c (verity).\n" + +#: lib/setup.c:4659 +#, fuzzy, c-format +msgid "This operation is not supported for %s crypt device." msgstr "Thao tác này không được hỗ trợ cho thiết bị mã hóa %s.\n" -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" +#: lib/setup.c:4865 +#, fuzzy +msgid "Dump operation is not supported for this device type." msgstr "Thao tác đổ đống (dump) không được hỗ trợ cho kiểu thiết bị này.\n" -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Không thể lấy mức Æ°u tiên của tiến trình.\n" +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "" -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Không thể mở khóa bộ nhớ.\n" +#: lib/setup.c:5475 +#, fuzzy, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Không thể định dạng thiết bị %s mà nó lại vẫn đang được sá»­ dụng.\n" -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Tràn bộ nhớ trong khi đọc cụm từ mật khẩu.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "" -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Gặp lỗi khi đọc cụm từ mật khẩu từ thiết bị cuối.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "" -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Nhập lại mật khẩu: " +#: lib/setup.c:5851 +#, fuzzy, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n" -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Hai cụm từ mật khẩu không trùng nhau.\n" +#: lib/setup.c:5982 +#, fuzzy +msgid "Kernel keyring is not supported by the kernel." +msgstr "Thao tác này không được hỗ trợ cho kiểu thiết bị này.\n" -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Không thể sá»­ dụng khoảng bù (offset) với đầu vào là thiết bị cuối.\n" +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, fuzzy, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "" + +#: lib/utils.c:80 +#, fuzzy +msgid "Cannot get process priority." +msgstr "Không thể lấy mức Æ°u tiên của tiến trình.\n" + +#: lib/utils.c:94 +#, fuzzy +msgid "Cannot unlock memory." +msgstr "Không thể mở khóa bộ nhớ.\n" + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +#, fuzzy +msgid "Failed to open key file." msgstr "Gặp lỗi khi mở tập tin khóa.\n" -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" +#: lib/utils.c:173 +#, fuzzy +msgid "Cannot read keyfile from a terminal." +msgstr "Không thể đọc tập-tin khóa %s.\n" + +#: lib/utils.c:190 +#, fuzzy +msgid "Failed to stat key file." msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "" -"Không thể di chuyển vị trí đầu đọc tới vị trí tÆ°Æ¡ng đối (offset) tập tin " -"khóa đã yêu cầu.\n" +#: lib/utils.c:198 lib/utils.c:219 +#, fuzzy +msgid "Cannot seek to requested keyfile offset." +msgstr "Không thể di chuyển vị trí đầu đọc tới vị trí tÆ°Æ¡ng đối (offset) tập tin khóa đã yêu cầu.\n" + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +#, fuzzy +msgid "Out of memory while reading passphrase." +msgstr "Tràn bộ nhớ trong khi đọc cụm từ mật khẩu.\n" -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" +#: lib/utils.c:248 +#, fuzzy +msgid "Error reading passphrase." msgstr "Lỗi đọc cụm từ mật khẩu.\n" -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "" + +#: lib/utils.c:272 +#, fuzzy +msgid "Maximum keyfile size exceeded." msgstr "Đã vượt quá kích thước tập tin khóa tối đa.\n" -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" +#: lib/utils.c:277 +#, fuzzy +msgid "Cannot read requested amount of data." msgstr "Không thể đọc đống dữ liệu đã yêu cầu.\n" -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 -#, c-format -msgid "Device %s doesn't exist or access denied.\n" +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, fuzzy, c-format +msgid "Device %s does not exist or access denied." msgstr "Thiết bị %s không tồn tại hoặc không đủ quyền truy cập.\n" -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" +#: lib/utils_device.c:197 +#, fuzzy, c-format +msgid "Device %s is not compatible." +msgstr "Thiết bị %s không hoạt động.\n" + +#: lib/utils_device.c:642 +#, fuzzy, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Thiết bị %s quá nhỏ. (LUKS cần ít nhất % byte.)\n" + +#: lib/utils_device.c:723 +#, fuzzy, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Không thể sá»­ dụng thiết bị %s mà nó lại đang được sá»­ dụng (đang được ánh xạ hoặc gắn).\n" + +#: lib/utils_device.c:727 +#, fuzzy, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Không thể ghi thiết bị %s, không đủ thẩm quyền.\n" + +#: lib/utils_device.c:730 +#, fuzzy, c-format +msgid "Cannot get info about device %s." +msgstr "Không thể lấy thông tin về thiết bị %s.\n" + +#: lib/utils_device.c:753 +#, fuzzy +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Không thể sá»­ dụng thiết-bị vòng ngược (loopback), do không chạy dưới quyền siêu người dùng.\n" + +#: lib/utils_device.c:763 +#, fuzzy +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Gặp lỗi khi gắn thiết bị vòng ngược (loopback) (thiết bị lặp với cờ autoclear là bắt buộc).\n" + +#: lib/utils_device.c:809 +#, fuzzy, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Khoảng bù (offset) đã yêu cầu nằm ngoài kích thước thật của thiết bị %s.\n" + +#: lib/utils_device.c:817 +#, fuzzy, c-format +msgid "Device %s has zero size." +msgstr "Thiết bị %s có kích cỡ là không.\n" + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." msgstr "" -"Không thể sá»­ dụng thiết-bị vòng ngược (loopback), do không chạy dưới quyền " -"siêu người dùng.\n" -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Không tìm thấy thiết bị vòng ngược (loopback ) nào còn rảnh.\n" +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "" -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" +#: lib/utils_pbkdf.c:111 +#, fuzzy, c-format +msgid "Requested hash %s is not supported." +msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n" + +#: lib/utils_pbkdf.c:122 +#, fuzzy +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n" + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." msgstr "" -"Gặp lỗi khi gắn thiết bị vòng ngược (loopback) (thiết bị lặp với cờ " -"autoclear là bắt buộc).\n" -#: lib/utils_device.c:484 +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" +msgid "Forced iteration count is too low for %s (minimum is %u)." msgstr "" -"Không thể sá»­ dụng thiết bị %s mà nó lại đang được sá»­ dụng (đang được ánh xạ " -"hoặc gắn).\n" -#: lib/utils_device.c:488 +#: lib/utils_pbkdf.c:148 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Không thể lấy thông tin về thiết bị %s.\n" +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "" -#: lib/utils_device.c:494 +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "" + +#: lib/utils_benchmark.c:191 +#, fuzzy, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Gặp các tùy chọn PBKDF2 không tÆ°Æ¡ng thích (dùng thuật toán chuỗi duy nhất %s).\n" + +#: lib/utils_benchmark.c:211 +#, fuzzy +msgid "Not compatible PBKDF options." +msgstr "Gặp các tùy chọn PBKDF2 không tÆ°Æ¡ng thích (dùng thuật toán chuỗi duy nhất %s).\n" + +#: lib/utils_device_locking.c:102 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." msgstr "" -"Khoảng bù (offset) đã yêu cầu nằm ngoài kích thước thật của thiết bị %s.\n" -#: lib/utils_device.c:502 +#: lib/utils_device_locking.c:109 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Thiết bị %s có kích cỡ là không.\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "" -#: lib/utils_device.c:513 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Device %s is too small.\n" -msgstr "Thiết bị %s có kích cỡ quá nhỏ.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "" + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +#, fuzzy +msgid "Cannot seek to device offset." +msgstr "Không thể di chuyển vị trí tới vị trí tÆ°Æ¡ng đối thiết bị.\n" -#: lib/luks1/keyencryption.c:37 +#: lib/utils_wipe.c:208 #, c-format +msgid "Device wipe error, offset %." +msgstr "" + +#: lib/luks1/keyencryption.c:39 +#, fuzzy, c-format msgid "" "Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" "Gặp lỗi khi cài đặt ánh xạ khóa dm-crypt cho thiết bị %s.\n" -"Kiểm tra lại hạt nhân hỗ trợ mật mã %s (kiểu tra sổ theo dõi hệ thống để tìm " -"thêm thông tin.)\n" +"Kiểm tra lại hạt nhân hỗ trợ mật mã %s (kiểu tra sổ theo dõi hệ thống để tìm thêm thông tin.)\n" -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" +#: lib/luks1/keyencryption.c:44 +#, fuzzy +msgid "Key size in XTS mode must be 256 or 512 bits." msgstr "Kích thước khóa trong chế độ “XTS” phải là 256 hay 512 bit.\n" -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 -#, c-format -msgid "Cannot write to device %s, permission denied.\n" +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "" + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, fuzzy, c-format +msgid "Cannot write to device %s, permission denied." msgstr "Không thể ghi thiết bị %s, không đủ thẩm quyền.\n" -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" +#: lib/luks1/keyencryption.c:120 +#, fuzzy +msgid "Failed to open temporary keystore device." msgstr "Gặp lỗi khi mở thiết bị lÆ°u trữ khóa tạm thời.\n" -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" +#: lib/luks1/keyencryption.c:127 +#, fuzzy +msgid "Failed to access temporary keystore device." msgstr "Gl khi truy cập đến thiết bị lÆ°u trữ khóa tạm thời.\n" -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +#, fuzzy +msgid "IO error while encrypting keyslot." msgstr "Lỗi IO (vào/ra) trong quá trình mã hóa khe khóa.\n" -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, fuzzy, c-format +msgid "Cannot open device %s." +msgstr "Không thể mở thiết bị %s.\n" + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#, fuzzy +msgid "IO error while decrypting keyslot." msgstr "Lỗi IO (vào/ra) trong quá trình giải mã khe khóa.\n" -#: lib/luks1/keymanage.c:90 -#, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" +#: lib/luks1/keymanage.c:110 +#, fuzzy, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" msgstr "Thiết bị %s quá nhỏ. (LUKS cần ít nhất % byte.)\n" -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 -#, c-format -msgid "Device %s is not a valid LUKS device.\n" +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, fuzzy, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "khe-khóa LUKS %u là không hợp lệ.\n" + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, fuzzy, c-format +msgid "Device %s is not a valid LUKS device." msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n" -#: lib/luks1/keymanage.c:198 -#, c-format -msgid "Requested header backup file %s already exists.\n" +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, fuzzy, c-format +msgid "Requested header backup file %s already exists." msgstr "Phần đầu tập tin sao lÆ°u dá»± phòng đã yêu cầu %s đã sẵn có.\n" -#: lib/luks1/keymanage.c:200 -#, c-format -msgid "Cannot create header backup file %s.\n" +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, fuzzy, c-format +msgid "Cannot create header backup file %s." msgstr "Không thể tạo phần đầu của tập tin sao lÆ°u dá»± phòng %s.\n" -#: lib/luks1/keymanage.c:205 -#, c-format -msgid "Cannot write header backup file %s.\n" +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, fuzzy, c-format +msgid "Cannot write header backup file %s." msgstr "Không thể ghi tập tin sao lÆ°u phần đầu %s.\n" -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +#, fuzzy +msgid "Backup file does not contain valid LUKS header." msgstr "Tập tin sao lÆ°u không chứa phần đầu LUKS hợp lệ.\n" -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 -#, c-format -msgid "Cannot open header backup file %s.\n" +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, fuzzy, c-format +msgid "Cannot open header backup file %s." msgstr "Không mở được tập tin sao lÆ°u phần đầu %s.\n" -#: lib/luks1/keymanage.c:258 -#, c-format -msgid "Cannot read header backup file %s.\n" +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, fuzzy, c-format +msgid "Cannot read header backup file %s." msgstr "Không đọc được tập tin sao lÆ°u phần đầu %s.\n" -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Khoảng bù dữ liệu hoặc kích cỡ khóa vẫn khác nhau trên thiết bị và bản sao " -"lÆ°u thì chức năng phục hồi bị lỗi.\n" +#: lib/luks1/keymanage.c:317 +#, fuzzy +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Khoảng bù dữ liệu hoặc kích cỡ khóa vẫn khác nhau trên thiết bị và bản sao lÆ°u thì chức năng phục hồi bị lỗi.\n" -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Thiết bị %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"không chứa phần đầu LUKS. Thay thế phần đầu thì cÅ©ng có thể hủy dữ liệu trên " -"thiết bị đó." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "không chứa phần đầu LUKS. Thay thế phần đầu thì cÅ©ng có thể hủy dữ liệu trên thiết bị đó." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"đã chứa phần đầu LUKS. Thay thế phần đầu thì cÅ©ng hủy các khe khóa đã có." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "đã chứa phần đầu LUKS. Thay thế phần đầu thì cÅ©ng hủy các khe khóa đã có." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -543,149 +947,120 @@ msgstr "" "\n" "CẢNH BÁO: phần đầu thiết bị thật có mã số “UUID” khác với bản sao lÆ°u!" -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Không thể mở thiết bị %s.\n" - -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" +#: lib/luks1/keymanage.c:375 +#, fuzzy +msgid "Non standard key size, manual repair required." msgstr "Kích thước khóa không tiêu chuẩn, yêu cầu sá»­a chữa bằng tay.\n" -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" -"Không thể đồng chỉnh các khe khóa (keyslot) tiêu chuẩn, yêu cầu sá»­a chữa " -"bằng tay.\n" +#: lib/luks1/keymanage.c:380 +#, fuzzy +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Không thể đồng chỉnh các khe khóa (keyslot) tiêu chuẩn, yêu cầu sá»­a chữa bằng tay.\n" -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" +#: lib/luks1/keymanage.c:390 +#, fuzzy +msgid "Repairing keyslots." msgstr "Đang chuẩn bị các khe khóa (keyslots).\n" -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Gặp lỗi khi sá»­a chữa." - -#: lib/luks1/keymanage.c:363 -#, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" +#: lib/luks1/keymanage.c:409 +#, fuzzy, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Khe-khóa (keyslot) %i: khoảng bù (offset) được sá»­a chữa (%u -> %u).\n" -#: lib/luks1/keymanage.c:371 -#, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" +#: lib/luks1/keymanage.c:417 +#, fuzzy, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Khe-khóa (keyslot) %i: stripes được sá»­a chữa (%u -> %u).\n" -#: lib/luks1/keymanage.c:380 -#, c-format -msgid "Keyslot %i: bogus partition signature.\n" +#: lib/luks1/keymanage.c:426 +#, fuzzy, c-format +msgid "Keyslot %i: bogus partition signature." msgstr "Khe-khóa (keyslot) %i: chữ ký phân vùng không có thật.\n" -#: lib/luks1/keymanage.c:385 -#, c-format -msgid "Keyslot %i: salt wiped.\n" +#: lib/luks1/keymanage.c:431 +#, fuzzy, c-format +msgid "Keyslot %i: salt wiped." msgstr "Khe-khóa (keyslot) %i: muối bị tẩy xóa.\n" -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" +#: lib/luks1/keymanage.c:448 +#, fuzzy +msgid "Writing LUKS header to disk." msgstr "Đang ghi phần đầu của LUKS lên đĩa.\n" -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Phiên bản LUKS không được hỗ trợ %d.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Gặp lỗi khi sá»­a chữa." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, fuzzy, c-format +msgid "Requested LUKS hash %s is not supported." msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n" -#: lib/luks1/keymanage.c:442 -#, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "khe-khóa LUKS %u là không hợp lệ.\n" - -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +#, fuzzy +msgid "No known problems detected for LUKS header." msgstr "Không phát hiện thấy vấn đề với phần đầu LUKS.\n" -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" +#: lib/luks1/keymanage.c:660 +#, fuzzy, c-format +msgid "Error during update of LUKS header on device %s." msgstr "Gặp lỗi trong khi cập nhật phần đầu LUKS trên thiết bị %s.\n" -#: lib/luks1/keymanage.c:603 -#, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Gặp lỗi trong khi đọc lại phần đầu LUKS sau khi cập nhật trên thiết bị %s.\n" +#: lib/luks1/keymanage.c:668 +#, fuzzy, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Gặp lỗi trong khi đọc lại phần đầu LUKS sau khi cập nhật trên thiết bị %s.\n" + +#: lib/luks1/keymanage.c:744 +#, fuzzy +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Khoảng bù dữ liệu cho phần đầu LUKS tách rời phải hoặc là 0 hoặc là lớn hÆ¡n kích thước phần đầu (%d cung từ).\n" + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +#, fuzzy +msgid "Wrong LUKS UUID format provided." +msgstr "Đưa ra định dạng mã số UUID LUKS không đúng.\n" -#: lib/luks1/keymanage.c:654 -#, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"Khoảng bù dữ liệu cho phần đầu LUKS tách rời phải hoặc là 0 hoặc là lớn hÆ¡n " -"kích thước phần đầu (%d cung từ).\n" - -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Đưa ra định dạng mã số UUID LUKS không đúng.\n" - -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" +#: lib/luks1/keymanage.c:778 +#, fuzzy +msgid "Cannot create LUKS header: reading random salt failed." msgstr "Không thể tạo phần đầu LUKS: lỗi đọc salt ngẫu nhiên.\n" -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "" -"Gặp các tùy chọn PBKDF2 không tÆ°Æ¡ng thích (dùng thuật toán chuỗi duy nhất " -"%s).\n" - -#: lib/luks1/keymanage.c:717 -#, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Không thể tạo phần đầu LUKS: lỗi tạo bản tóm tắt (dùng chuỗi duy nhất %s).\n" +#: lib/luks1/keymanage.c:804 +#, fuzzy, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Không thể tạo phần đầu LUKS: lỗi tạo bản tóm tắt (dùng chuỗi duy nhất %s).\n" -#: lib/luks1/keymanage.c:782 -#, c-format -msgid "Key slot %d active, purge first.\n" +#: lib/luks1/keymanage.c:848 +#, fuzzy, c-format +msgid "Key slot %d active, purge first." msgstr "Khe khóa %d vẫn hoạt động: cần tẩy trước.\n" -#: lib/luks1/keymanage.c:788 -#, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Nguyên liệu khe khóa %d gồm có quá ít sọc. Có nên thao tác phần đầu không?\n" - -#: lib/luks1/keymanage.c:950 -#, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Khe khóa %d được mở khóa.\n" +#: lib/luks1/keymanage.c:854 +#, fuzzy, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Nguyên liệu khe khóa %d gồm có quá ít sọc. Có nên thao tác phần đầu không?\n" -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Không có khóa sẵn sàng dùng với cụm từ mật khẩu này.\n" +#: lib/luks1/keymanage.c:990 +#, fuzzy, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Lỗi xá»­ lý khóa (dùng mã băm %s).\n" -#: lib/luks1/keymanage.c:1003 -#, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" +#: lib/luks1/keymanage.c:1066 +#, fuzzy, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Khe khóa %d không đúng: hãy chọn khe khóa trong phạm vi 0 đến %d.\n" -#: lib/luks1/keymanage.c:1021 -#, c-format -msgid "Cannot wipe device %s.\n" +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, fuzzy, c-format +msgid "Cannot wipe device %s." msgstr "Không thể tẩy thiết bị %s.\n" #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" +#, fuzzy +msgid "Detected not yet supported GPG encrypted keyfile." msgstr "Tìm thấy tập tin khóa mã hóa GPG vẫn chÆ°a được hỗ trợ.\n" #: lib/loopaes/loopaes.c:147 @@ -693,416 +1068,1408 @@ msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" msgstr "Hãy dùng gpg --decrypt | cryptsetup --keyfile=- …\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" +#, fuzzy +msgid "Incompatible loop-AES keyfile detected." msgstr "Tập tin khóa (keyfile) loop-AES không tÆ°Æ¡ng thích được tìm thấy.\n" -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" +#: lib/loopaes/loopaes.c:245 +#, fuzzy +msgid "Kernel does not support loop-AES compatible mapping." msgstr "Nhân không hỗ trợ ánh xạ tÆ°Æ¡ng thích loop-AES.\n" -#: lib/tcrypt/tcrypt.c:475 -#, c-format -msgid "Error reading keyfile %s.\n" +#: lib/tcrypt/tcrypt.c:504 +#, fuzzy, c-format +msgid "Error reading keyfile %s." msgstr "Gặp lỗi khi đọc tập-tin khóa %s.\n" -#: lib/tcrypt/tcrypt.c:513 -#, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" +#: lib/tcrypt/tcrypt.c:554 +#, fuzzy, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "Độ dài cụm từ mật khẩu TCRYPT tối đa (%d) đã bị vượt quá.\n" -#: lib/tcrypt/tcrypt.c:543 -#, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" +#: lib/tcrypt/tcrypt.c:595 +#, fuzzy, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "Thuật toán băm PBKDF2 không khả dụng %s, bỏ qua.\n" -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +#, fuzzy +msgid "Required kernel crypto interface not available." msgstr "Giao diện mã hóa từ nhân đã yêu cầu không khả dụng.\n" -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +#, fuzzy +msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "Bạn cần chắc chắn là mô-đun nhân algif_skcipher đã được tải.\n" -#: lib/tcrypt/tcrypt.c:707 -#, c-format -msgid "Activation is not supported for %d sector size.\n" +#: lib/tcrypt/tcrypt.c:753 +#, fuzzy, c-format +msgid "Activation is not supported for %d sector size." msgstr "Hoạt hóa không được hỗ trợ cho kích thước cung %d.\n" -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" +#: lib/tcrypt/tcrypt.c:759 +#, fuzzy +msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "Nhân không hỗ trợ hoạt hóa cho chế độ cÅ© của TCRYPT.\n" -#: lib/tcrypt/tcrypt.c:744 -#, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" +#: lib/tcrypt/tcrypt.c:793 +#, fuzzy, c-format +msgid "Activating TCRYPT system encryption for partition %s." msgstr "Đang kích hoạt mã hóa hệ thống TCRYPT cho phân vùng %s.\n" -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" +#: lib/tcrypt/tcrypt.c:871 +#, fuzzy +msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Nhân không hỗ trợ ánh xạ tÆ°Æ¡ng thích TCRYPT.\n" -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Chức năng này không được hỗ trợ mà không có phần tải đầu TCRYPT." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "Thiết bị xác thá»±c %s không sá»­ dụng phần đầu on-disk.\n" +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Thiết bị %s không phải là thiết bị VERITY thích hợp.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Phiên bản LUKS không được hỗ trợ %d.\n" + +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" + +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:594 +#, fuzzy +msgid "Unknown or unsupported encryption type." +msgstr "UUID không hỗ trợ kiểu mã hóa này.\n" -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Unsupported VERITY version %d.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:921 +#, fuzzy +msgid "This operation is not supported." +msgstr "Thao tác này không được hỗ trợ cho thiết bị mã hóa %s.\n" + +#: lib/bitlk/bitlk.c:929 +#, fuzzy +msgid "Wrong key size." +msgstr "Kích cỡ khóa không đúng.\n" + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, fuzzy, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Thiết bị xác thá»±c %s không sá»­ dụng phần đầu on-disk.\n" + +#: lib/verity/verity.c:90 +#, fuzzy, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Thiết bị %s không phải là thiết bị VERITY thích hợp.\n" + +#: lib/verity/verity.c:97 +#, fuzzy, c-format +msgid "Unsupported VERITY version %d." msgstr "Không hỗ trợ phiên bản VERITY %d.\n" -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" +#: lib/verity/verity.c:128 +#, fuzzy +msgid "VERITY header corrupted." msgstr "phần đầu VERITY sai hỏng.\n" -#: lib/verity/verity.c:166 -#, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" +#: lib/verity/verity.c:165 +#, fuzzy, c-format +msgid "Wrong VERITY UUID format provided on device %s." msgstr "Đưa ra định dạng mã số VERITY không đúng trên thiết bị %s.\n" -#: lib/verity/verity.c:196 -#, c-format -msgid "Error during update of verity header on device %s.\n" +#: lib/verity/verity.c:198 +#, fuzzy, c-format +msgid "Error during update of verity header on device %s." msgstr "Gặp lỗi trong khi cập nhật phần đầu xác thá»±c trên thiết bị %s.\n" -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" +#: lib/verity/verity.c:256 +#, fuzzy +msgid "Root hash signature verification is not supported." +msgstr "Thuật toán băm %s không được hỗ trợ.\n" + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "" + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "" + +#: lib/verity/verity.c:308 +#, fuzzy +msgid "Kernel does not support dm-verity mapping." +msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n" + +#: lib/verity/verity.c:312 +#, fuzzy +msgid "Kernel does not support dm-verity signature option." msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n" -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" +#: lib/verity/verity.c:323 +#, fuzzy +msgid "Verity device detected corruption after activation." msgstr "Thiết bị xác thá»±c đã được phát hiện sai hỏng sau khi hoạt hóa.\n" #: lib/verity/verity_hash.c:59 -#, c-format -msgid "Spare area is not zeroed at position %.\n" +#, fuzzy, c-format +msgid "Spare area is not zeroed at position %." msgstr "Vùng để dành không được điền đầy bằng số không tại vị trí %.\n" -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +#, fuzzy +msgid "Device offset overflow." msgstr "Khoảng bù (offset) thiết bị bị tràn.\n" -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" +#: lib/verity/verity_hash.c:203 +#, fuzzy, c-format +msgid "Verification failed at position %." msgstr "Thẩm tra gặp lỗi tại vị trí %.\n" -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" +#: lib/verity/verity_hash.c:276 +#, fuzzy +msgid "Invalid size parameters for verity device." msgstr "Các tham số kích thước cho thiết bị xác thá»±c không hợp lệ.\n" -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Có quá nhiều mức cây cho mỗi vùng xác thá»±c.\n" +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "" -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" +#: lib/verity/verity_hash.c:373 +#, fuzzy +msgid "Verification of data area failed." msgstr "Việc thẩm tra vùng dữ liệu gặp lỗi.\n" -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" +#: lib/verity/verity_hash.c:378 +#, fuzzy +msgid "Verification of root hash failed." msgstr "Việc thẩm tra mã băm gốc gặp lỗi.\n" -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" +#: lib/verity/verity_hash.c:384 +#, fuzzy +msgid "Input/output error while creating hash area." msgstr "Lỗi Vào/Ra trong khi đang tạo vùng băm.\n" -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" +#: lib/verity/verity_hash.c:386 +#, fuzzy +msgid "Creation of hash area failed." msgstr "Việc tạo vùng dữ liệu băm gặp lỗi.\n" -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity_hash.c:433 +#, fuzzy, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "CẢNH BÁO: Nhân (kernel) không thể kích hoạt thiết bị nếu kích thước khối dữ liệu vượt quá kích cỡ trang (%u).\n" + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "" + +#: lib/verity/verity_fec.c:146 +#, fuzzy +msgid "Failed to allocate buffer." +msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" + +#: lib/verity/verity_fec.c:156 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" +msgid "Failed to read RS block % byte %d." msgstr "" -"CẢNH BÁO: Nhân (kernel) không thể kích hoạt thiết bị nếu kích thước khối dữ " -"liệu vượt quá kích cỡ trang (%u).\n" -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "Không thể thẩm tra cụm từ mật khẩu trên đầu vào khác TTY.\n" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "" -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Không phát hiện mẫu đặc tả mã hóa đã biết.\n" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "" -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." msgstr "" -"CẢNH BÁO: Tham số --hash bị bỏ qua trong chế độ thường với tập tin khóa đã " -"cho.\n" -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." msgstr "" -"CẢNH BÁO: Đang bỏ qua các tùy chọn kích thước tập-tin-khóa --keyfile-size " -"--, kích thước đọc giống với kích thước khóa mã hóa.\n" -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Cần tùy chọn “--key-file”.\n" +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "" -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Không có phần đầu thiết bị cho cụm từ mật khẩu này.\n" +#: lib/verity/verity_fec.c:265 +#, fuzzy, c-format +msgid "Failed to determine size for device %s." +msgstr "Gặp lỗi khi mở thiết bị lÆ°u trữ khóa tạm thời.\n" + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +#, fuzzy +msgid "Kernel does not support dm-integrity mapping." +msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n" + +#: lib/integrity/integrity.c:277 +#, fuzzy +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n" + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, fuzzy, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Gl khi truy cập đến thiết bị lÆ°u trữ khóa tạm thời.\n" + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." msgstr "" -"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n" -"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n" -"Việc đổ đống này nên luôn được lÆ°u trữ mã hóa tại một nÆ¡i an toàn." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Kết quả đo kiểm không đáng tin cậy.\n" +#: lib/luks2/luks2_json_format.c:227 +#, fuzzy +msgid "Requested data offset is too small." +msgstr "Thiết bị %s có kích cỡ quá nhỏ.\n" -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "" -"# Các kiểm tra là chỉ ước lượng việc sá»­ dụng bộ nhớ (không tính IO ổ đĩa).\n" -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Thuật toán| Khóa| Mã hóa | Giải mã\n" +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, fuzzy, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Gl khi truy cập đến thiết bị lÆ°u trữ khóa tạm thời.\n" -#: src/cryptsetup.c:587 +#: lib/luks2/luks2_json_metadata.c:1167 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Mã hóa kiểu %s không sẵn có.\n" +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "" -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "N/A" +#: lib/luks2/luks2_json_metadata.c:1208 +#, fuzzy +msgid "Data offset differ on device and backup, restore failed." +msgstr "Khoảng bù dữ liệu hoặc kích cỡ khóa vẫn khác nhau trên thiết bị và bản sao lÆ°u thì chức năng phục hồi bị lỗi.\n" -#: src/cryptsetup.c:639 -#, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Không thể đọc tập-tin khóa %s.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +#, fuzzy +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Khoảng bù dữ liệu hoặc kích cỡ khóa vẫn khác nhau trên thiết bị và bản sao lÆ°u thì chức năng phục hồi bị lỗi.\n" -#: src/cryptsetup.c:643 -#, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Không thể đọc %d byte từ tập tin khóa %s.\n" +#: lib/luks2/luks2_json_metadata.c:1221 +#, fuzzy, c-format +msgid "Device %s %s%s%s%s" +msgstr "Thiết bị %s %s%s" -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Bạn có thá»±c sá»± muốn thá»­ sá»­a chữa phần đầu thiết bị LUKS không?" +#: lib/luks2/luks2_json_metadata.c:1222 +#, fuzzy +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "không chứa phần đầu LUKS. Thay thế phần đầu thì cÅ©ng có thể hủy dữ liệu trên thiết bị đó." -#: src/cryptsetup.c:697 -#, c-format -msgid "This will overwrite data on %s irrevocably." +#: lib/luks2/luks2_json_metadata.c:1223 +#, fuzzy +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "đã chứa phần đầu LUKS. Thay thế phần đầu thì cÅ©ng hủy các khe khóa đã có." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"Thao tác này sẽ ghi đè lên dữ liệu trên thiết bị %s một cách không phục hồi " -"được." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "gặp lỗi phân cấp vùng nhớ trong“action_luksFormat”" +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" -#: src/cryptsetup.c:717 +#: lib/luks2/luks2_json_metadata.c:1323 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Không thể sá»­ dụng %s nhÆ° là phần đầu on-disk.\n" - -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" +msgid "Ignored unknown flag %s." msgstr "" -"Giảm khoảng bù (offset) dữ liệu chỉ cho phép khi phần đầu LUKS được tách " -"rời.\n" -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Khe khóa %d đã được chọn để xóa.\n" +msgid "Missing key for dm-crypt segment %u" +msgstr "" -#: src/cryptsetup.c:884 -#, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Khóa %d không hoạt động thì không xóa được.\n" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" -#: src/cryptsetup.c:892 src/cryptsetup.c:940 -msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." msgstr "" -"Đây là khe khóa cuối cùng. Sau khi tẩy khóa này thì thiết bị không dùng được." -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Gõ cụm từ mật khẩu bất kỳ còn lại: " +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "" -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Gõ cụm từ mật khẩu cần xóa: " +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Hãy nhập mật khẩu bất kỳ sẵn có: " +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Gõ cụm từ mật khẩu cần được thay đổi: " +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "" -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Gõ cụm từ mật khẩu mới: " +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "" -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "Chỉ hỗ trợ một đối số thiết-bị dành cho thao tác isLuks.\n" +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Cần tùy chọn“--header-backup-file”.\n" +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" -#: src/cryptsetup.c:1304 -#, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Không nhận ra siêu dữ liệu của kiểu thiết bị %s.\n" +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "" -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" -msgstr "Lệnh cần thiết bị và tên ánh xạ nhÆ° là các tham số.\n" +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "Khe khóa %d được thẩm định.\n" -#: src/cryptsetup.c:1326 +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 #, c-format -msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +msgid "Cannot use %s-%s cipher for keyslot encryption." msgstr "" -"Thao tác này sẽ tẩy mọi khe khóa trên thiết bị %s.\n" -"Thiết bị sẽ không dùng được sau thao tác này." -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" +#: lib/luks2/luks2_keyslot_luks2.c:480 +#, fuzzy +msgid "No space for new keyslot." +msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n" -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "mở thiết bị nhÆ° là ánh xạ " +#: lib/luks2/luks2_luks1_convert.c:482 +#, fuzzy, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Không thể kiểm tra chất lượng mật khẩu: %s\n" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "" -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "đóng thiết bị (gỡ bỏ ánh xạ)" +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "" -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "thay đổi kích cỡ của thiết bị hoạt động" +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "" -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "hiển thị trạng thái về thiết bị" +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +#, fuzzy +msgid "Unable to move keyslot area." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "đo kiểm tốc độ mã hóa" +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "" -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "" -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "thá»­ sá»­a chữa siêu dữ liệu (metadata) on-disk" +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "" -#: src/cryptsetup.c:1366 -msgid "erase all keyslots (remove encryption key)" -msgstr "tẩy mọi khe khóa (gỡ bỏ khóa mã hóa)" +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "" -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "" -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "định dạng một thiết bị kiểu LUKS" +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "" -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "thêm khóa vào thiết bị LUKS" +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "gỡ bỏ khỏi thiết bị LUKS khóa hoặc tập tin khóa đưa ra" +#: lib/luks2/luks2_reencrypt.c:897 +#, fuzzy, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte" -#: src/cryptsetup.c:1370 -msgid "changes supplied key or key file of LUKS device" -msgstr "thay đổi khóa hay tập tin khóa đã áp dụng của thiết bị LUKS" +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "Phiên bản LUKS không được hỗ trợ %d.\n" -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +#, fuzzy +msgid "Failed to initialize old segment storage wrapper." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, fuzzy, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Vùng để dành không được điền đầy bằng số không tại vị trí %.\n" -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "xóa khỏi thiết bị LUKS khóa có số " +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "in ra mã số UUID của thiết bị LUKS" +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr "thá»­ có phần đầu phân vùng LUKS không" +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" -#: src/cryptsetup.c:1374 -msgid "dump LUKS partition information" -msgstr "đổ thông tin về phân vùng LUKS" +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Gl khi truy cập đến thiết bị lÆ°u trữ khóa tạm thời.\n" -#: src/cryptsetup.c:1375 -msgid "dump TCRYPT device information" -msgstr "dump thông tin thiết bị TCRYPT" +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "NgÆ°ng thiết bị LUKS và tẩy khóa (thì mọi việc V/R đều đông cứng)." +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Gặp lỗi khi mở thiết bị lÆ°u trữ khóa tạm thời.\n" -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Tiếp tục lại sá»­ dụng thiết bị LUKS bị ngÆ°ng." +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "" -#: src/cryptsetup.c:1378 -msgid "Backup LUKS device header and keyslots" -msgstr "Sao lÆ°u phần đầu và các khe khóa của thiết bị LUKS" +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n" -#: src/cryptsetup.c:1379 -msgid "Restore LUKS device header and keyslots" +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, fuzzy, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Không thể sá»­ dụng thiết bị %s mà nó lại đang được sá»­ dụng (đang được ánh xạ hoặc gắn).\n" + +#: lib/luks2/luks2_reencrypt.c:2534 +#, fuzzy +msgid "Device not marked for LUKS2 reencryption." +msgstr "Khôngười thay đổi khóa, không có mã hóa lại vùng dữ liệu." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "Thiết bị %s không hoạt động.\n" + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2632 +#, fuzzy +msgid "Failed to acquire reencryption lock." +msgstr "Không đọc được tập tin nhật ký reencryption.\n" + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3046 +#, fuzzy +msgid "Failed to write reencryption resilience metadata." +msgstr "Không thể ghi tập tin nhật ký reencryption (mã hóa lại).\n" + +#: lib/luks2/luks2_reencrypt.c:3053 +#, fuzzy +msgid "Decryption failed." +msgstr "Gặp lỗi khi sá»­a chữa." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: lib/luks2/luks2_reencrypt.c:3063 +#, fuzzy +msgid "Failed to sync data." +msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "Không thể khởi ứng dụng mã hóa chạy ở phía sau (backend).\n" + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +#, fuzzy +msgid "Failed to update reencryption context." +msgstr "Không mở được tập tin nhật ký reencryption.\n" + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "" + +#: lib/luks2/luks2_token.c:269 +#, fuzzy, c-format +msgid "Failed to create builtin token %s." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: src/cryptsetup.c:164 +#, fuzzy +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Không thể thẩm tra cụm từ mật khẩu trên đầu vào khác TTY.\n" + +#: src/cryptsetup.c:221 +#, fuzzy +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n" + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +#, fuzzy +msgid "No known cipher specification pattern detected." +msgstr "Không phát hiện mẫu đặc tả mã hóa đã biết.\n" + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "CẢNH BÁO: Tham số --hash bị bỏ qua trong chế độ thường với tập tin khóa đã cho.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "CẢNH BÁO: Đang bỏ qua các tùy chọn kích thước tập-tin-khóa --keyfile-size --, kích thước đọc giống với kích thước khóa mã hóa.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "" + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "" + +#: src/cryptsetup.c:381 +#, fuzzy +msgid "Option --key-file is required." +msgstr "Cần tùy chọn “--key-file”.\n" + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "" + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "" + +#: src/cryptsetup.c:446 +#, fuzzy +msgid "Invalid PIM value: 0." +msgstr "Thiết bị không đúng %s.\n" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "" + +#: src/cryptsetup.c:472 +#, fuzzy +msgid "No device header detected with this passphrase." +msgstr "Không có phần đầu thiết bị cho cụm từ mật khẩu này.\n" + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n" + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n" +"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n" +"Việc đổ đống này nên luôn được lÆ°u trữ mã hóa tại một nÆ¡i an toàn." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "" + +#: src/cryptsetup.c:838 +#, fuzzy +msgid "Benchmark interrupted." +msgstr "đo kiểm tốc độ mã hóa" + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "" + +#: src/cryptsetup.c:901 +#, fuzzy +msgid "Result of benchmark is not reliable." +msgstr "Kết quả đo kiểm không đáng tin cậy.\n" + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Các kiểm tra là chỉ ước lượng việc sá»­ dụng bộ nhớ (không tính IO ổ đĩa).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, fuzzy, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "# Thuật toán| Khóa| Mã hóa | Giải mã\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Mã hóa kiểu %s không sẵn có.\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +#, fuzzy +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Thuật toán| Khóa| Mã hóa | Giải mã\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/A" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Bạn có thá»±c sá»± muốn thá»­ sá»­a chữa phần đầu thiết bị LUKS không?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, fuzzy, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Không thể r thiết bị LUKS tạm thời.\n" + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "" + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +#, fuzzy +msgid "Unsupported LUKS2 metadata size options." +msgstr "Phiên bản LUKS không được hỗ trợ %d.\n" + +#: src/cryptsetup.c:1253 +#, fuzzy, c-format +msgid "Cannot create header file %s." +msgstr "Không thể tạo phần đầu của tập tin sao lÆ°u dá»± phòng %s.\n" + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +#, fuzzy +msgid "No known integrity specification pattern detected." +msgstr "Không phát hiện mẫu đặc tả mã hóa đã biết.\n" + +#: src/cryptsetup.c:1289 +#, fuzzy, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Không thể sá»­ dụng %s nhÆ° là phần đầu on-disk.\n" + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Thao tác này sẽ ghi đè lên dữ liệu trên thiết bị %s một cách không phục hồi được." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +#, fuzzy +msgid "Failed to set pbkdf parameters." +msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" + +#: src/cryptsetup.c:1439 +#, fuzzy +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Giảm khoảng bù (offset) dữ liệu chỉ cho phép khi phần đầu LUKS được tách rời.\n" + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "" + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, fuzzy, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Khe khóa %d đã được chọn để xóa.\n" + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Đây là khe khóa cuối cùng. Sau khi tẩy khóa này thì thiết bị không dùng được." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Gõ cụm từ mật khẩu bất kỳ còn lại: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Gõ cụm từ mật khẩu cần xóa: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Gõ cụm từ mật khẩu mới cho khe khóa: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Hãy nhập mật khẩu bất kỳ sẵn có: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Gõ cụm từ mật khẩu cần được thay đổi: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Gõ cụm từ mật khẩu mới: " + +#: src/cryptsetup.c:1927 +#, fuzzy +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: " + +#: src/cryptsetup.c:1951 +#, fuzzy +msgid "Only one device argument for isLuks operation is supported." +msgstr "Chỉ hỗ trợ một đối số thiết-bị dành cho thao tác isLuks.\n" + +#: src/cryptsetup.c:2001 +#, fuzzy +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n" +"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n" +"Việc đổ đống này nên luôn được lÆ°u trữ mã hóa tại một nÆ¡i an toàn." + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Khe khóa %d không được dùng.\n" + +#: src/cryptsetup.c:2072 +#, fuzzy +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n" +"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n" +"Việc đổ đống này nên luôn được lÆ°u trữ mã hóa tại một nÆ¡i an toàn." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +#, fuzzy +msgid "Option --header-backup-file is required." +msgstr "Cần tùy chọn“--header-backup-file”.\n" + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "" + +#: src/cryptsetup.c:2269 +#, fuzzy, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Thao tác phục hồi không được hỗ trợ cho kiểu thiết bị %s.\n" + +#: src/cryptsetup.c:2311 +#, fuzzy, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Không nhận ra siêu dữ liệu của kiểu thiết bị %s.\n" + +#: src/cryptsetup.c:2314 +#, fuzzy +msgid "Command requires device and mapped name as arguments." +msgstr "Lệnh cần thiết bị và tên ánh xạ nhÆ° là các tham số.\n" + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Thao tác này sẽ tẩy mọi khe khóa trên thiết bị %s.\n" +"Thiết bị sẽ không dùng được sau thao tác này." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "" + +#: src/cryptsetup.c:2398 +#, fuzzy, c-format +msgid "Device is already %s type." +msgstr "Thiết bị %s đã sẵn có.\n" + +#: src/cryptsetup.c:2403 +#, fuzzy, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Thao tác này không được hỗ trợ cho thiết bị mã hóa %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "" + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, fuzzy, c-format +msgid "Token %d is invalid." +msgstr "Khe khóa %d không đúng.\n" + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "" + +#: src/cryptsetup.c:2493 +#, fuzzy, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, fuzzy, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: src/cryptsetup.c:2519 +#, fuzzy, c-format +msgid "Token %d is not in use." +msgstr "Khe khóa %d không được dùng.\n" + +#: src/cryptsetup.c:2554 +#, fuzzy +msgid "Failed to import token from file." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" + +#: src/cryptsetup.c:2579 +#, fuzzy, c-format +msgid "Failed to get token %d for export." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "" + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "" + +#: src/cryptsetup.c:2613 +#, fuzzy, c-format +msgid "Invalid token operation %s." +msgstr "Kích cỡ khóa không đúng %d.\n" + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n" + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Lỗi lấy thÆ° mục trình ánh xạ thiết bị." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "Thiết bị không đúng %s.\n" + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n" + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Phần đầu tập tin sao lÆ°u dá»± phòng đã yêu cầu %s đã sẵn có.\n" + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "Không thể tạo phần đầu của tập tin sao lÆ°u dá»± phòng %s.\n" + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +#, fuzzy +msgid "Not enough free keyslots for reencryption." +msgstr "Khôngười thay đổi khóa, không có mã hóa lại vùng dữ liệu." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +#, fuzzy +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Tập tin khóa có thể sá»­ dụng với tùy chọn --key-slot hoặc với chính xác một khe khóa hoạt động.\n" + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "Lệnh cần thiết bị và tên ánh xạ nhÆ° là các tham số.\n" + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "" + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +#, fuzzy +msgid "LUKS2 device is not in reencryption." +msgstr "Tập tin nhật ký %s đã có sẵn rồi, giả định là reencryption (mã hóa lại).\n" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +#, fuzzy +msgid "open device as " +msgstr "mở thiết bị nhÆ° là ánh xạ " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "đóng thiết bị (gỡ bỏ ánh xạ)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "thay đổi kích cỡ của thiết bị hoạt động" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "hiển thị trạng thái về thiết bị" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "đo kiểm tốc độ mã hóa" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "thá»­ sá»­a chữa siêu dữ liệu (metadata) on-disk" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "thêm khóa vào thiết bị LUKS" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "tẩy mọi khe khóa (gỡ bỏ khóa mã hóa)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "định dạng một thiết bị kiểu LUKS" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "thêm khóa vào thiết bị LUKS" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "gỡ bỏ khỏi thiết bị LUKS khóa hoặc tập tin khóa đưa ra" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "thay đổi khóa hay tập tin khóa đã áp dụng của thiết bị LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "xóa khỏi thiết bị LUKS khóa có số " + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "in ra mã số UUID của thiết bị LUKS" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "thá»­ có phần đầu phân vùng LUKS không" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "đổ thông tin về phân vùng LUKS" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "dump thông tin thiết bị TCRYPT" + +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "dump thông tin thiết bị TCRYPT" + +#: src/cryptsetup.c:3367 +#, fuzzy +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "NgÆ°ng thiết bị LUKS và tẩy khóa (thì mọi việc V/R đều đông cứng)." + +#: src/cryptsetup.c:3368 +#, fuzzy +msgid "Resume suspended LUKS device" +msgstr "Tiếp tục lại sá»­ dụng thiết bị LUKS bị ngÆ°ng." + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Sao lÆ°u phần đầu và các khe khóa của thiết bị LUKS" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" msgstr "Phục hồi phần đầu và các khe khóa của thiết bị LUKS" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/cryptsetup.c:3371 +msgid " " +msgstr "" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 msgid "" "\n" " is one of:\n" @@ -1110,19 +2477,20 @@ msgstr "" "\n" " là một trong:\n" -#: src/cryptsetup.c:1402 +#: src/cryptsetup.c:3395 +#, fuzzy msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" msgstr "" "\n" "Bạn còn có thể sá»­ dụng cú pháp bí danh kiểu cÅ©:\n" "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:3399 #, c-format msgid "" "\n" @@ -1135,32 +2503,38 @@ msgstr "" " là thiết bị cần tạo dưới %s\n" " là thiết bị đã mã hóa\n" " là số thứ tá»± khe khóa LUKS cần sá»­a đổi\n" -" là tập tin khóa tùy chọn cho khóa mới trong thao tác " -"luksAddKey\n" +" là tập tin khóa tùy chọn cho khóa mới trong thao tác luksAddKey\n" -#: src/cryptsetup.c:1413 +#: src/cryptsetup.c:3406 #, c-format msgid "" "\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" + +#: src/cryptsetup.c:3411 +#, fuzzy, c-format +msgid "" +"\n" "Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" "\n" "Các tham số mặc định liên quan đến khóa và mật khẩu được biên dịch sẵn:\n" -"\tĐộ dài tập tin khóa tối đa: %dkB, Độ dài mật khẩu tÆ°Æ¡ng tác tối đa %d (ký " -"tá»±)\n" +"\tĐộ dài tập tin khóa tối đa: %dkB, Độ dài mật khẩu tÆ°Æ¡ng tác tối đa %d (ký tá»±)\n" "Thời gian tÆ°Æ¡ng tác PBKDF2 mặc định cho LUKS: %d (ms)\n" -#: src/cryptsetup.c:1420 -#, c-format +#: src/cryptsetup.c:3422 +#, fuzzy, c-format msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" "Các tham số mặc định liên quan đến việc mã hóa được đặt sẵn:\n" @@ -1168,372 +2542,766 @@ msgstr "" "\tdữ liệu thô: %s, Khóa: %d bit, Kiểu băm mật khẩu: %s\n" "\tLUKS1: %s, Khóa: %d bit, Kiểu băm cho phần đầu LUKS: %s, RNG: %s\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: cần thiết %s làm đối số" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 msgid "Show this help message" msgstr "Hiển thị trợ giúp này" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 msgid "Display brief usage" msgstr "Hiển thị thông tin ngắn về cách sá»­ dụng" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Tùy chọn trợ giúp:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 msgid "Print package version" msgstr "Hiển thị phiên bản của gói" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Tùy chọn trợ giúp:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 msgid "Shows more detailed error messages" msgstr "Hiển thị các thông điệp lỗi chi tiết hÆ¡n" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 msgid "Show debug messages" msgstr "Hiển thị thông điệp gỡ lỗi" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 +#: src/cryptsetup.c:3489 +#, fuzzy +msgid "Show debug messages including JSON metadata" +msgstr "Hiển thị thông điệp gỡ lỗi" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 msgid "The cipher used to encrypt the disk (see /proc/crypto)" msgstr "Mật mã dùng để bảo vệ đĩa (xem “/proc/crypto”)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 msgid "The hash used to create the encryption key from the passphrase" msgstr "Chuỗi duy nhất dùng để tạo khóa mã hóa từ cụm từ mật khẩu" -#: src/cryptsetup.c:1481 +#: src/cryptsetup.c:3492 msgid "Verifies the passphrase by asking for it twice" msgstr "Thẩm tra cụm từ mật khẩu bằng cách yêu cầu nó hai lần" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +#, fuzzy +msgid "Read the key from a file" msgstr "Đọc khóa từ một tập tin." -#: src/cryptsetup.c:1483 +#: src/cryptsetup.c:3494 msgid "Read the volume (master) key from file." msgstr "Đọc khóa khối tin (chủ) từ tập tin." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "" -"Dump (đổ thành đống) khóa vùng chứa (master) thay vì thông tin khe-khóa." +#: src/cryptsetup.c:3495 +#, fuzzy +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Dump (đổ thành đống) khóa vùng chứa (master) thay vì thông tin khe-khóa." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 msgid "The size of the encryption key" msgstr "Kích cỡ của khóa mã hóa" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 msgid "BITS" msgstr "BIT" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 msgid "Limits the read from keyfile" msgstr "Giới hạn việc đọc từ tập-tin-khóa" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 msgid "bytes" msgstr "byte" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 msgid "Number of bytes to skip in keyfile" msgstr "Số lượng byte nhảy qua trong tập tin khóa" -#: src/cryptsetup.c:1488 +#: src/cryptsetup.c:3499 msgid "Limits the read from newly added keyfile" msgstr "Giới hạn đọc từ tập tin khóa mới thêm vào" -#: src/cryptsetup.c:1489 +#: src/cryptsetup.c:3500 msgid "Number of bytes to skip in newly added keyfile" msgstr "Số lượng byte để nhảy qua trong tập tin khóa mới thêm" -#: src/cryptsetup.c:1490 +#: src/cryptsetup.c:3501 msgid "Slot number for new key (default is first free)" msgstr "Số thứ tá»± khe cho khóa mới (mặc định là khe trống thứ nhất)" -#: src/cryptsetup.c:1491 +#: src/cryptsetup.c:3502 msgid "The size of the device" msgstr "Kích cỡ của thiết bị" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 msgid "SECTORS" msgstr "CUNG-TỪ" -#: src/cryptsetup.c:1492 +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Chỉ sá»­ dụng kích thước dữ liệu thiết bị (bỏ qua phần còn lại của thiết bị). NGUY HIỂM!" + +#: src/cryptsetup.c:3504 msgid "The start offset in the backend device" msgstr "Khoảng bù đầu tiên trong thiết bị thật chạy ở phía sau" -#: src/cryptsetup.c:1493 +#: src/cryptsetup.c:3505 msgid "How many sectors of the encrypted data to skip at the beginning" msgstr "Bao nhiêu cung từ dữ liệu mã hóa cần bỏ qua ở đầu" -#: src/cryptsetup.c:1494 +#: src/cryptsetup.c:3506 msgid "Create a readonly mapping" msgstr "Tạo một sá»± ánh xạ chỉ cho đọc" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "Thời gian lặp lại PBKDF2 cho LUKS (theo mili-giây)" - -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "mili-giây" - -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 msgid "Do not ask for confirmation" msgstr "Không cần xác nhận" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 msgid "Timeout for interactive passphrase prompt (in seconds)" msgstr "Thời gian chờ gõ cụm từ mật khẩu tối đa (theo giây)" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 msgid "secs" msgstr "giây" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Số các lần có cho phép thá»­ gõ lại cụm từ mật khẩu" +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Số các lần có cho phép thá»­ gõ lại cụm từ mật khẩu" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Căn chỉnh trọng tải ở biên giới cung từ — cho định dạng “luksFormat”" + +#: src/cryptsetup.c:3512 +#, fuzzy +msgid "File with LUKS header and keyslots backup" +msgstr "Tập tin chứa bản sao lÆ°u phần đầu và các khe khóa của thiết bị LUKS." + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +#, fuzzy +msgid "Use /dev/random for generating volume key" +msgstr "Dùng /dev/random để tạo khóa volume." + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +#, fuzzy +msgid "Use /dev/urandom for generating volume key" +msgstr "Dùng /dev/urandom để tạo khóa vùng." + +#: src/cryptsetup.c:3515 +#, fuzzy +msgid "Share device with another non-overlapping crypt segment" +msgstr "Thiết bị chia sẻ với đoạn crypt không-chồng-lên-nhau khác." + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +#, fuzzy +msgid "UUID for device to use" +msgstr "UUID dành cho tập tin sá»­ dụng." + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +#, fuzzy +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Cho phép hủy bỏ (được biết đến nhÆ° là TRIM) các yêu cầu cho thiết bị." + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +#, fuzzy +msgid "Device or file with separated LUKS header" +msgstr "Thiết bị hay tập tin với phần đầu LUKS tách nhau." + +#: src/cryptsetup.c:3519 +#, fuzzy +msgid "Do not activate device, just check passphrase" +msgstr "Không kích hoạt thiết bị, chỉ cần kiểm tra mật khẩu." + +#: src/cryptsetup.c:3520 +#, fuzzy +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Dùng phần đầu ẩn (thiết bị TCRYPT ẩn)." + +#: src/cryptsetup.c:3521 +#, fuzzy +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Thiết bị là ổ đĩa TCRYPT hệ thống (có bootloader)." + +#: src/cryptsetup.c:3522 +#, fuzzy +msgid "Use backup (secondary) TCRYPT header" +msgstr "Dùng phần đầu (thứ cấp) TCRYPT." + +#: src/cryptsetup.c:3523 +#, fuzzy +msgid "Scan also for VeraCrypt compatible device" +msgstr "CÅ©ng quét cho thiết bị tÆ°Æ¡ng thích VeraCrypt." + +#: src/cryptsetup.c:3524 +#, fuzzy +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "CÅ©ng quét cho thiết bị tÆ°Æ¡ng thích VeraCrypt." + +#: src/cryptsetup.c:3525 +#, fuzzy +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "CÅ©ng quét cho thiết bị tÆ°Æ¡ng thích VeraCrypt." + +#: src/cryptsetup.c:3526 +#, fuzzy +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Kiểu của siêu dữ liệu thiết bị: luks, plain, loopaes, tcrypt." + +#: src/cryptsetup.c:3527 +#, fuzzy +msgid "Disable password quality check (if enabled)" +msgstr "Tắt chức năng kiểm tra chất lượng mật khẩu (nếu nó đang bật)." + +#: src/cryptsetup.c:3528 +#, fuzzy +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Dùng tùy chọn tÆ°Æ¡ng thích hiệu năng same_cpu_crypt dm-crypt." + +#: src/cryptsetup.c:3529 +#, fuzzy +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Dùng tùy chọn tÆ°Æ¡ng thích hiệu năng submit_from_crypt_cpus dm-crypt." + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "" + +#: src/cryptsetup.c:3532 +#, fuzzy +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Thời gian lặp lại PBKDF2 cho LUKS (theo mili-giây)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "mili-giây" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +#, fuzzy +msgid "kilobytes" +msgstr "byte" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "" + +#: src/cryptsetup.c:3538 +#, fuzzy +msgid "Disable locking of on-disk metadata" +msgstr "thá»­ sá»­a chữa siêu dữ liệu (metadata) on-disk" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "" + +#: src/cryptsetup.c:3550 +#, fuzzy +msgid "Set label for the LUKS2 device" +msgstr "định dạng một thiết bị kiểu LUKS" -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" msgstr "" -"Căn chỉnh trọng tải ở biên giới cung từ — cho định dạng “luksFormat”" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Tập tin chứa bản sao lÆ°u phần đầu và các khe khóa của thiết bị LUKS." +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "" -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "Dùng /dev/random để tạo khóa volume." +#: src/cryptsetup.c:3553 +#, fuzzy +msgid "Read or write the json from or to a file" +msgstr "Đọc khóa từ một tập tin." -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Dùng /dev/urandom để tạo khóa vùng." +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "Thiết bị chia sẻ với đoạn crypt không-chồng-lên-nhau khác." +#: src/cryptsetup.c:3555 +#, fuzzy +msgid "LUKS2 header keyslots area size" +msgstr "Tập tin chứa bản sao lÆ°u phần đầu và các khe khóa của thiết bị LUKS." -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID dành cho tập tin sá»­ dụng." +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Cho phép hủy bỏ (được biết đến nhÆ° là TRIM) các yêu cầu cho thiết bị." +#: src/cryptsetup.c:3557 +#, fuzzy +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Kích cỡ của khóa mã hóa" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Thiết bị hay tập tin với phần đầu LUKS tách nhau." +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Không kích hoạt thiết bị, chỉ cần kiểm tra mật khẩu." +#: src/cryptsetup.c:3559 +#, fuzzy +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Thiết bị mã hóa cố định (gỡ bỏ mã hóa)." -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Dùng phần đầu ẩn (thiết bị TCRYPT ẩn)." +#: src/cryptsetup.c:3560 +#, fuzzy +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Thiết bị mã hóa cố định (gỡ bỏ mã hóa)." -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Thiết bị là ổ đĩa TCRYPT hệ thống (có bootloader)." +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Dùng phần đầu (thứ cấp) TCRYPT." +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "CÅ©ng quét cho thiết bị tÆ°Æ¡ng thích VeraCrypt." +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Giảm kích thước dữ liệu thiết bị (di chuyển offset dữ liệu). NGUY HIỂM!" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Kiểu của siêu dữ liệu thiết bị: luks, plain, loopaes, tcrypt." +#: src/cryptsetup.c:3564 +#, fuzzy +msgid "Maximal reencryption hotzone size." +msgstr "Kích thước khối mã hóa lại" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Tắt chức năng kiểm tra chất lượng mật khẩu (nếu nó đang bật)." +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "Dùng tùy chọn tÆ°Æ¡ng thích hiệu năng same_cpu_crypt dm-crypt." +#: src/cryptsetup.c:3566 +#, fuzzy +msgid "Reencryption hotzone checksums hash" +msgstr "Kích thước khối mã hóa lại" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "Dùng tùy chọn tÆ°Æ¡ng thích hiệu năng submit_from_crypt_cpus dm-crypt." +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 msgid "[OPTION...] " msgstr "[TÙY CHỌN…] <đặc-tả-thao-tác>" -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Đang chạy trong chế độ FIPS.\n" - -#: src/cryptsetup.c:1581 src/veritysetup.c:439 +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 msgid "Argument missing." msgstr "Còn thiếu đối số ." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 msgid "Unknown action." msgstr "Không hiểu thao-tác." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." msgstr "" -"Tùy chọn “--shared” chỉ cho phép với thao tác tạo mở của thiết bị thường.\n" -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "Tùy chọn “--shared” chỉ cho phép với thao tác tạo mở của thiết bị thường.\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." +msgstr "Tùy chọn “--shared” chỉ cho phép với thao tác tạo mở của thiết bị thường.\n" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n" + +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n" + +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n" -#: src/cryptsetup.c:1657 +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "" + +#: src/cryptsetup.c:3753 +#, fuzzy msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." msgstr "" -"Tùy chọn --key-size thì chỉ cho phép với các thao tác luksFormat, mở và đo " -"kiểm.\n" +"Tùy chọn --key-size thì chỉ cho phép với các thao tác luksFormat, mở và đo kiểm.\n" "Để giới hạn đọc từ tập-tin-khóa, hãy sá»­ dụng tùy chọn --keyfile-size=(bytes)." -#: src/cryptsetup.c:1664 -msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Tùy chọn “--align-payload” chỉ được phép cho “luksFormat”." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "" -"Tùy chọn “--test-passphrase” chỉ được phép cho lệnh mở thiết bị LUKS và " -"TCRYPT.\n" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Tùy chọn “--uuid” thì chỉ cho phép với “luksFormat” và “luksUUID”." + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Tùy chọn “--test-passphrase” chỉ được phép cho lệnh mở thiết bị LUKS và TCRYPT.\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 msgid "Key size must be a multiple of 8 bits" msgstr "Kích cỡ khóa phải là bội số của 8 bít" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 msgid "Key slot is invalid." msgstr "Khe khóa không đúng." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"Tùy chọn --key-file giữ quyền Æ°u tiên cao hÆ¡n tham số tập tin khóa đã chỉ " -"định.\n" +#: src/cryptsetup.c:3794 +#, fuzzy +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Tùy chọn --key-file giữ quyền Æ°u tiên cao hÆ¡n tham số tập tin khóa đã chỉ định.\n" -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 msgid "Negative number for option not permitted." msgstr "Tùy chọn không chấp nhận giá trị là số âm." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Chỉ cho phép một tùy chọn --key-file." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 msgid "Only one of --use-[u]random options is allowed." msgstr "Chỉ cho phép một tùy chọn “--use-[u]random”." -#: src/cryptsetup.c:1699 +#: src/cryptsetup.c:3813 msgid "Option --use-[u]random is allowed only for luksFormat." msgstr "Tùy chọn “--use-[u]random” chỉ được phép cho “luksFormat”." -#: src/cryptsetup.c:1703 +#: src/cryptsetup.c:3817 msgid "Option --uuid is allowed only for luksFormat and luksUUID." msgstr "Tùy chọn “--uuid” thì chỉ cho phép với “luksFormat” và “luksUUID”." -#: src/cryptsetup.c:1707 +#: src/cryptsetup.c:3821 msgid "Option --align-payload is allowed only for luksFormat." msgstr "Tùy chọn “--align-payload” chỉ được phép cho “luksFormat”." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." msgstr "" -"Tùy chọn “--skip” chỉ hỗ trợ cho lệnh mở (open) của thiết bị thường và " -"“loopaes”.\n" -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" +#: src/cryptsetup.c:3830 +#, fuzzy +msgid "Invalid LUKS2 metadata size specification." +msgstr "Đặc tả kích thước thiết bị không đúng." + +#: src/cryptsetup.c:3834 +#, fuzzy +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Đặc tả kích thước thiết bị không đúng." + +#: src/cryptsetup.c:3838 +#, fuzzy +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Tùy chọn “--align-payload” chỉ được phép cho “luksFormat”." + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Tùy chọn “--skip” chỉ hỗ trợ cho lệnh mở (open) của thiết bị thường và “loopaes”.\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Tùy chọn “--offset” chỉ hỗ trợ cho lệnh mở (open) của thiết bị thường và “loopaes”.\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Tùy chọn --tcrypt-hidden, --tcrypt-system hay --tcrypt-backup chỉ được hỗ trợ trên thiết bị TCRYPT.\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Tùy chọn --tcrypt-hidden không thể được tổ hợp cùng với --allow-discards.\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Tùy chọn --veracrypt chỉ được hỗ trợ trên thiết bị TCRYPT.\n" + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." msgstr "" -"Tùy chọn “--offset” chỉ hỗ trợ cho lệnh mở (open) của thiết bị thường và " -"“loopaes”.\n" -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Tùy chọn --veracrypt chỉ được hỗ trợ trên thiết bị TCRYPT.\n" + +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Tùy chọn --veracrypt chỉ được hỗ trợ trên thiết bị TCRYPT.\n" + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "" -"Tùy chọn --tcrypt-hidden, --tcrypt-system hay --tcrypt-backup chỉ được hỗ " -"trợ trên thiết bị TCRYPT.\n" -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." msgstr "" -"Tùy chọn --tcrypt-hidden không thể được tổ hợp cùng với --allow-discards.\n" -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "Tùy chọn --veracrypt chỉ được hỗ trợ trên thiết bị TCRYPT.\n" +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "Thao tác này không được hỗ trợ cho kiểu thiết bị này.\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "" + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "" + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "Tùy chọn “--keep-key” có thể dùng với “--hash” hoặc “--iter-time”." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "" + +#: src/cryptsetup.c:3970 +#, fuzzy +msgid "Invalid max reencryption hotzone size specification." +msgstr "Đặc tả kích thước thiết bị không đúng." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Đặc tả kích thước thiết bị không đúng." + +#: src/cryptsetup.c:3981 +#, fuzzy +msgid "Maximum device reduce size is 1 GiB." +msgstr "Kích thước thu nhỏ thiết bị tối đa là 64 MiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte" + +#: src/cryptsetup.c:3989 +#, fuzzy +msgid "Invalid data size specification." +msgstr "Đặc tả kích thước thiết bị không đúng." + +#: src/cryptsetup.c:3994 +#, fuzzy +msgid "Reduce size overflow." +msgstr "Khoảng bù (offset) thiết bị bị tràn.\n" + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "" -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte" + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Không được dùng các tùy chọn --ignore-corruption và --restart-on-corruption cùng một lúc.\n" + +#: src/veritysetup.c:66 +#, fuzzy +msgid "Invalid salt string specified." msgstr "Chuỗi salt (muối) đã cho không hợp lệ.\n" -#: src/veritysetup.c:88 -#, c-format -msgid "Cannot create hash image %s for writing.\n" +#: src/veritysetup.c:97 +#, fuzzy, c-format +msgid "Cannot create hash image %s for writing." msgstr "Không thể tạo ảnh băm %s để ghi.\n" -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" +#: src/veritysetup.c:107 +#, fuzzy, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Không thể tạo ảnh băm %s để ghi.\n" + +#: src/veritysetup.c:179 +#, fuzzy +msgid "Invalid root hash string specified." msgstr "Chuỗi mã băm gốc (thÆ° mục root) đã chỉ ra không hợp lệ.\n" -#: src/veritysetup.c:308 +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "Thiết bị không đúng %s.\n" + +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "Không thể đọc tập-tin khóa %s.\n" + +#: src/veritysetup.c:392 msgid " " msgstr " " -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 src/integritysetup.c:479 msgid "format device" msgstr "định dạng thiết bị" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid " " msgstr " " -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid "verify device" msgstr "thẩm tra thiết bị" -#: src/veritysetup.c:310 -msgid " " -msgstr " " - -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "tạo thiết bị hoạt động" - -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "gỡ bỏ (dừng hoạt động) thiết bị" +#: src/veritysetup.c:394 +#, fuzzy +msgid " " +msgstr " " -#: src/veritysetup.c:312 +#: src/veritysetup.c:396 src/integritysetup.c:482 msgid "show active device status" msgstr "hiển thị trạng thái các thiết bị đang hoạt động" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 msgid "" msgstr "" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 src/integritysetup.c:483 msgid "show on-disk information" msgstr "hiển thị thông tin trên-đĩa" -#: src/veritysetup.c:332 +#: src/veritysetup.c:416 #, c-format msgid "" "\n" @@ -1542,353 +3310,883 @@ msgid "" " is the device containing verification data\n" " hash of the root node on \n" msgstr "" -"\n" -" là thiết bị để tạo dưới %s\n" -" là thiết bị dữ liệu\n" -" là thiết bị chứa dữ liệu xác thá»±c\n" -" mã băm của nút root (gốc) trên \n" +"\n" +" là thiết bị để tạo dưới %s\n" +" là thiết bị dữ liệu\n" +" là thiết bị chứa dữ liệu xác thá»±c\n" +" mã băm của nút root (gốc) trên \n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Các tham số dm-verity dá»±ng sẵn mặc định:\n" +"\tBăm: %s, Khối dữ liệu (bytes): %u, Khối băm (bytes): %u, Kích thước muối: %u, Định dạng băm: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Không sá»­ dụng siêu khối thẩm định" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Kiểu định dạng (1 - thông thường, 0 - Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "số" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Kích cỡ khối trên thiết bị dữ liệu" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Kích cỡ của khối trên thiết bị băm" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Số lượng khối trong tập tin dữ liệu" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "khối" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Khoảng bù (offset) khởi đầu của thiết bị băm" + +#: src/veritysetup.c:474 +#, fuzzy +msgid "Starting offset on the FEC device" +msgstr "Khoảng bù (offset) khởi đầu của thiết bị băm" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Thuật toán băm" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "chuỗi" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Muối" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "chuỗi hex (thập lục phân)" + +#: src/veritysetup.c:478 +#, fuzzy +msgid "Path to root hash signature file" +msgstr "Việc tạo vùng dữ liệu băm gặp lỗi.\n" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Khởi động lại nhân nếu thấy có sai hỏng" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Bỏ qua sai hỏng, chỉ ghi nhật ký lại" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Không thẩm tra các khối không" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Tùy chọn --ignore-corruption, --restart-on-corruption hay --ignore-zero-blocks chỉ được phép dùng cho thao tác tạo.\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n" + +#: src/veritysetup.c:592 +#, fuzzy +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Không được dùng các tùy chọn --ignore-corruption và --restart-on-corruption cùng một lúc.\n" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, fuzzy, c-format +msgid "Cannot read keyfile %s." +msgstr "Không thể đọc tập-tin khóa %s.\n" + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, fuzzy, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Không thể đọc %d byte từ tập tin khóa %s.\n" + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +#, fuzzy +msgid "" +msgstr "thẩm tra thiết bị" + +#: src/integritysetup.c:480 +msgid " " +msgstr "" + +#: src/integritysetup.c:502 +#, fuzzy, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" là thiết bị để tạo dưới %s\n" +" là thiết bị dữ liệu\n" +" là thiết bị chứa dữ liệu xác thá»±c\n" +" mã băm của nút root (gốc) trên \n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "" + +#: src/integritysetup.c:562 +#, fuzzy +msgid "The size of the data integrity key" +msgstr "Kích cỡ của khóa mã hóa" + +#: src/integritysetup.c:563 +#, fuzzy +msgid "Read the integrity key from a file" +msgstr "Đọc khóa từ một tập tin." + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "" + +#: src/integritysetup.c:566 +#, fuzzy +msgid "The size of the journal integrity key" +msgstr "Kích cỡ của khóa mã hóa" + +#: src/integritysetup.c:567 +#, fuzzy +msgid "Read the journal integrity key from a file" +msgstr "Đọc khóa từ một tập tin." + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "" + +#: src/integritysetup.c:570 +#, fuzzy +msgid "The size of the journal encryption key" +msgstr "Kích cỡ của khóa mã hóa" + +#: src/integritysetup.c:571 +#, fuzzy +msgid "Read the journal encryption key from a file" +msgstr "Đọc khóa từ một tập tin." + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "" -#: src/veritysetup.c:339 -#, c-format -msgid "" -"\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" msgstr "" -"\n" -"Các tham số dm-verity dá»±ng sẵn mặc định:\n" -"\tBăm: %s, Khối dữ liệu (bytes): %u, Khối băm (bytes): %u, Kích thước muối: " -"%u, Định dạng băm: %u\n" -#: src/veritysetup.c:377 -msgid "Do not use verity superblock" -msgstr "Không sá»­ dụng siêu khối thẩm định" +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "" -#: src/veritysetup.c:378 -msgid "Format type (1 - normal, 0 - original Chrome OS)" -msgstr "Kiểu định dạng (1 - thông thường, 0 - Chrome OS)" +#: src/integritysetup.c:649 +#, fuzzy +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n" -#: src/veritysetup.c:378 -msgid "number" -msgstr "số" +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "" -#: src/veritysetup.c:379 -msgid "Block size on the data device" -msgstr "Kích cỡ khối trên thiết bị dữ liệu" +#: src/integritysetup.c:675 +#, fuzzy +msgid "Invalid journal size specification." +msgstr "Đặc tả kích thước thiết bị không đúng." -#: src/veritysetup.c:380 -msgid "Block size on the hash device" -msgstr "Kích cỡ của khối trên thiết bị băm" +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:381 -msgid "The number of blocks in the data file" -msgstr "Số lượng khối trong tập tin dữ liệu" +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "" -#: src/veritysetup.c:381 -msgid "blocks" -msgstr "khối" +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:382 -msgid "Starting offset on the hash device" -msgstr "Khoảng bù (offset) khởi đầu của thiết bị băm" +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "" -#: src/veritysetup.c:383 -msgid "Hash algorithm" -msgstr "Thuật toán băm" +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:383 -msgid "string" -msgstr "chuỗi" +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "" -#: src/veritysetup.c:384 -msgid "Salt" -msgstr "Muối" +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "" -#: src/veritysetup.c:384 -msgid "hex string" -msgstr "chuỗi hex (thập lục phân)" +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" -#: src/cryptsetup_reencrypt.c:147 -#, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Không thể mở %s một cách đệ qui, thiết bị vẫn đang được sá»­ dụng.\n" +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "" -#: src/cryptsetup_reencrypt.c:151 -#, c-format -msgid "Cannot open device %s\n" -msgstr "Không thể mở thiết bị %s\n" +#: src/cryptsetup_reencrypt.c:172 +#, fuzzy +msgid "Reencryption already in-progress." +msgstr "Kích thước khối mã hóa lại" + +#: src/cryptsetup_reencrypt.c:208 +#, fuzzy, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Không thể mở %s một cách đệ qui, thiết bị vẫn đang được sá»­ dụng.\n" -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +#, fuzzy +msgid "Allocation of aligned memory failed." msgstr "Phân bổ bộ nhớ điều chỉnh gặp lỗi.\n" -#: src/cryptsetup_reencrypt.c:168 -#, c-format -msgid "Cannot read device %s.\n" +#: src/cryptsetup_reencrypt.c:229 +#, fuzzy, c-format +msgid "Cannot read device %s." msgstr "Không thể đọc thiết bị %s.\n" -#: src/cryptsetup_reencrypt.c:179 -#, c-format -msgid "Marking LUKS device %s unusable.\n" +#: src/cryptsetup_reencrypt.c:240 +#, fuzzy, c-format +msgid "Marking LUKS1 device %s unusable." msgstr "Đánh dấu thiết bị LUKS %s là không thể dùng.\n" -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "Đánh dấu thiết bị LUKS %s là có thể dùng.\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "" -#: src/cryptsetup_reencrypt.c:200 -#, c-format -msgid "Cannot write device %s.\n" +#: src/cryptsetup_reencrypt.c:261 +#, fuzzy, c-format +msgid "Cannot write device %s." msgstr "Không thể ghi thiết bị %s.\n" -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" +#: src/cryptsetup_reencrypt.c:309 +#, fuzzy +msgid "Cannot write reencryption log file." msgstr "Không thể ghi tập tin nhật ký reencryption (mã hóa lại).\n" -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" +#: src/cryptsetup_reencrypt.c:365 +#, fuzzy +msgid "Cannot read reencryption log file." msgstr "Không đọc được tập tin nhật ký reencryption.\n" -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" -msgstr "" -"Tập tin nhật ký %s đã có sẵn rồi, giả định là reencryption (mã hóa lại).\n" +msgstr "Tập tin nhật ký %s đã có sẵn rồi, giả định là reencryption (mã hóa lại).\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" +#: src/cryptsetup_reencrypt.c:452 +#, fuzzy +msgid "Activating temporary device using old LUKS header." msgstr "Hoạt hóa thiết bị tạm thời sá»­ dụng phần đầu LUKS kiểu cÅ©.\n" -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" +#: src/cryptsetup_reencrypt.c:462 +#, fuzzy +msgid "Activating temporary device using new LUKS header." msgstr "Hoạt hóa thiết bị tạm thời sá»­ dụng phần đầu LUKS kiểu mới.\n" -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" +#: src/cryptsetup_reencrypt.c:472 +#, fuzzy +msgid "Activation of temporary devices failed." msgstr "Việc hoạt hóa các thiết bị tạm thời gặp lỗi.\n" -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" +#: src/cryptsetup_reencrypt.c:559 +#, fuzzy +msgid "Failed to set data offset." +msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" + +#: src/cryptsetup_reencrypt.c:565 +#, fuzzy +msgid "Failed to set metadata size." +msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" + +#: src/cryptsetup_reencrypt.c:573 +#, fuzzy, c-format +msgid "New LUKS header for device %s created." msgstr "Phần đầu LUKS mới cho thiết bị %s được tạo.\n" -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Khe-khóa (keyslot) đã được kích hoạt %i.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "" -#: src/cryptsetup_reencrypt.c:484 -#, c-format -msgid "LUKS header backup of device %s created.\n" +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "" + +#: src/cryptsetup_reencrypt.c:659 +#, fuzzy +msgid "Failed to write activation flags to new header." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +#, fuzzy +msgid "Failed to read requirements from backup header." +msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" + +#: src/cryptsetup_reencrypt.c:705 +#, fuzzy, c-format +msgid "%s header backup of device %s created." msgstr "Phần đầu sao lÆ°u LUKS của thiết bị %s được tạo.\n" -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" +#: src/cryptsetup_reencrypt.c:768 +#, fuzzy +msgid "Creation of LUKS backup headers failed." msgstr "Việc tạo phần đầu LUKS sao lÆ°u dá»± phòng gặp lỗi.\n" -#: src/cryptsetup_reencrypt.c:634 -#, c-format -msgid "Cannot restore LUKS header on device %s.\n" +#: src/cryptsetup_reencrypt.c:901 +#, fuzzy, c-format +msgid "Cannot restore %s header on device %s." msgstr "Không thể phục hồi phần đầu LUKS trên thiết bị %s.\n" -#: src/cryptsetup_reencrypt.c:636 -#, c-format -msgid "LUKS header on device %s restored.\n" +#: src/cryptsetup_reencrypt.c:903 +#, fuzzy, c-format +msgid "%s header on device %s restored." msgstr "Phần đầu LUKS trên thiết bị %s đã được phục hồi.\n" -#: src/cryptsetup_reencrypt.c:669 -#, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Tiến trình: %5.1f%%, ETA %02llu:%02llu, %4llu MiB đã ghi, tốc độ %5.1f MiB/s" -"%s" - -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Không thể di chuyển vị trí tới vị trí tÆ°Æ¡ng đối thiết bị.\n" - -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Không thể mở tập tin phần đầu LUKS tạm thời.\n" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +#, fuzzy +msgid "Cannot open temporary LUKS device." +msgstr "Không thể r thiết bị LUKS tạm thời.\n" -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +#, fuzzy +msgid "Cannot get device size." msgstr "Không thể lấy kích cỡ thiết bị.\n" -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Bị ngắt bởi tín hiệu signal.\n" - -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" +#: src/cryptsetup_reencrypt.c:1158 +#, fuzzy +msgid "IO error during reencryption." msgstr "Lỗi IO (vào/ra) trong quá trình mã hóa lại.\n" -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"Tập tin khóa có thể sá»­ dụng với tùy chọn --key-slot hoặc với chính xác một " -"khe khóa hoạt động.\n" - -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 -#, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: " +#: src/cryptsetup_reencrypt.c:1189 +#, fuzzy +msgid "Provided UUID is invalid." +msgstr "UUID đã cung cấp không hợp lệ.\n" -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" +#: src/cryptsetup_reencrypt.c:1423 +#, fuzzy +msgid "Cannot open reencryption log file." msgstr "Không mở được tập tin nhật ký reencryption.\n" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1429 +#, fuzzy +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Không có quá trình giải mã nào đang xá»­ lý, UUID đã cung cấp có thể chỉ được dùng để phục hồi lại tiến trình giải mã đã tạm dừng.\n" + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "" + +#: src/cryptsetup_reencrypt.c:1616 msgid "Reencryption block size" msgstr "Kích thước khối mã hóa lại" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "MiB" msgstr "MiB" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." +#: src/cryptsetup_reencrypt.c:1620 +#, fuzzy +msgid "Do not change key, no data area reencryption" msgstr "Khôngười thay đổi khóa, không có mã hóa lại vùng dữ liệu." -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." +#: src/cryptsetup_reencrypt.c:1622 +#, fuzzy +msgid "Read new volume (master) key from file" +msgstr "Đọc khóa khối tin (chủ) từ tập tin." + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Thời gian lặp lại PBKDF2 cho LUKS (theo mili-giây)" + +#: src/cryptsetup_reencrypt.c:1629 +#, fuzzy +msgid "Use direct-io when accessing devices" msgstr "Sá»­ dụng vào ra trá»±c tiếp khi truy cập các thiết bị." -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." +#: src/cryptsetup_reencrypt.c:1630 +#, fuzzy +msgid "Use fsync after each block" msgstr "Sá»­ dụng fsync sau mỗi khối." -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." +#: src/cryptsetup_reencrypt.c:1631 +#, fuzzy +msgid "Update log file after every block" msgstr "Cập nhật tập tin nhật ký sau mỗi khối." -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." +#: src/cryptsetup_reencrypt.c:1632 +#, fuzzy +msgid "Use only this slot (others will be disabled)" msgstr "Chỉ sá»­ dụng khe này (những cái khác sẽ bị tắt đi)." -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" -"Giảm kích thước dữ liệu thiết bị (di chuyển offset dữ liệu). NGUY HIỂM!" - -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Chỉ sá»­ dụng kích thước dữ liệu thiết bị (bỏ qua phần còn lại của thiết bị). " -"NGUY HIỂM!" - -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." +#: src/cryptsetup_reencrypt.c:1637 +#, fuzzy +msgid "Create new header on not encrypted device" msgstr "Tạo phần đầu mới không trên thiết bị được mã hóa." -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." +#: src/cryptsetup_reencrypt.c:1638 +#, fuzzy +msgid "Permanently decrypt device (remove encryption)" msgstr "Thiết bị mã hóa cố định (gỡ bỏ mã hóa)." -#: src/cryptsetup_reencrypt.c:1298 +#: src/cryptsetup_reencrypt.c:1639 +#, fuzzy +msgid "The UUID used to resume decryption" +msgstr "uuid được dùng để khôi phục việc giải mã." + +#: src/cryptsetup_reencrypt.c:1640 +#, fuzzy +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Kiểu của siêu dữ liệu thiết bị: luks, plain, loopaes, tcrypt." + +#: src/cryptsetup_reencrypt.c:1659 msgid "[OPTION...] " msgstr "[TÙY_CHỌN…] " -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" -"CẢNH BÁO: đây chỉ là mã thá»­ nghiệm, nó có thể phá hoại dữ liệu của bạn.\n" - -#: src/cryptsetup_reencrypt.c:1313 -#, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" +#: src/cryptsetup_reencrypt.c:1667 +#, fuzzy, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Reencryption sẽ thay đổi: khóa dung lượng%s%s%s%s.\n" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "" + +#: src/cryptsetup_reencrypt.c:1670 +#, fuzzy +msgid "set hash to " msgstr ", đặt kiểu băm thành " -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr ", đặt kiểu mã hóa thành " -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "Cần đối số." -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Chỉ những giá trị nằm giữa 1MiB và 64 MiB là cho phép đối với kích thước " -"khối reencryption (mã hóa lại)." - -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Đặc tả kích thước thiết bị không đúng." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Chỉ những giá trị nằm giữa 1MiB và 64 MiB là cho phép đối với kích thước khối reencryption (mã hóa lại)." -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." msgstr "Kích thước thu nhỏ thiết bị tối đa là 64 MiB." -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte" - -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." +#: src/cryptsetup_reencrypt.c:1737 +#, fuzzy +msgid "Option --new must be used together with --reduce-device-size or --header." msgstr "Tùy chọn “--new” phải được sá»­ dụng cùng với “--reduce-device-size”." -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." +#: src/cryptsetup_reencrypt.c:1741 +#, fuzzy +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." msgstr "Tùy chọn “--keep-key” có thể dùng với “--hash” hoặc “--iter-time”." -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "Tùy chọn “--new” không được sá»­ dụng cùng với “ --decrypt”." -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." msgstr "Tùy chọn --decrypt không tÆ°Æ¡ng thích với các đối số đã cho." +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Tùy chọn “--uuid” chỉ được sá»­ dụng cùng với “ --decrypt”." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "" + #: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" +#, fuzzy +msgid "Error reading response from terminal." msgstr "Gặp lỗi khi đọc phản hồi từ thiết bị cuối.\n" -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Câu lệnh đã chạy thành công.\n" -#: src/utils_tools.c:191 -#, c-format -msgid "Command failed with code %i" +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "" + +#: src/utils_tools.c:196 +#, fuzzy +msgid "no permission or bad passphrase" +msgstr "Nhập bất cứ cụm từ mật khẩu nào: " + +#: src/utils_tools.c:198 +#, fuzzy +msgid "out of memory" +msgstr "Không thể mở khóa bộ nhớ.\n" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "" + +#: src/utils_tools.c:202 +#, fuzzy +msgid "device already exists or device is busy" +msgstr "Thiết bị %s đã sẵn có.\n" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "" + +#: src/utils_tools.c:206 +#, fuzzy, c-format +msgid "Command failed with code %i (%s).\n" msgstr "Câu lệnh đã thất bại với mã %i" -#: src/utils_password.c:42 +#: src/utils_tools.c:283 +#, fuzzy, c-format +msgid "Key slot %i created." +msgstr "Khe khóa %d đã thay đổi.\n" + +#: src/utils_tools.c:285 +#, fuzzy, c-format +msgid "Key slot %i unlocked." +msgstr "Khe khóa %d được mở khóa.\n" + +#: src/utils_tools.c:287 +#, fuzzy, c-format +msgid "Key slot %i removed." +msgstr "Khe khóa %d được mở khóa.\n" + +#: src/utils_tools.c:296 #, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Không thể kiểm tra chất lượng mật khẩu: %s\n" +msgid "Token %i created." +msgstr "" + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "" + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +#, fuzzy +msgid "Failed to initialize device signature probes." +msgstr "Lỗi lấy thÆ° mục trình ánh xạ thiết bị." -#: src/utils_password.c:50 +#: src/utils_tools.c:548 +#, fuzzy, c-format +msgid "Failed to stat device %s." +msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n" + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "" + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "" + +#: src/utils_tools.c:577 #, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:583 +#, fuzzy +msgid "Failed to wipe device signature." +msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" + +#: src/utils_tools.c:590 +#, fuzzy, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Lỗi lấy thÆ° mục trình ánh xạ thiết bị." + +#: src/utils_tools.c:629 +#, fuzzy +msgid "" +"\n" +"Reencryption interrupted." +msgstr "Kích thước khối mã hóa lại" + +#: src/utils_password.c:43 src/utils_password.c:75 +#, fuzzy, c-format +msgid "Cannot check password quality: %s" +msgstr "Không thể kiểm tra chất lượng mật khẩu: %s\n" + +#: src/utils_password.c:51 +#, fuzzy, c-format msgid "" "Password quality check failed:\n" -" %s\n" +" %s" msgstr "" "Chất lượng mật khẩu không đạt:\n" " %s\n" +#: src/utils_password.c:83 +#, fuzzy, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Gặp lỗi khi kiểm tra chất lượng mật khẩu: mật khẩu sai (%s)\n" + +#: src/utils_password.c:193 src/utils_password.c:208 +#, fuzzy +msgid "Error reading passphrase from terminal." +msgstr "Gặp lỗi khi đọc cụm từ mật khẩu từ thiết bị cuối.\n" + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Nhập lại mật khẩu: " + +#: src/utils_password.c:213 +#, fuzzy +msgid "Passphrases do not match." +msgstr "Hai cụm từ mật khẩu không trùng nhau.\n" + +#: src/utils_password.c:250 +#, fuzzy +msgid "Cannot use offset with terminal input." +msgstr "Không thể sá»­ dụng khoảng bù (offset) với đầu vào là thiết bị cuối.\n" + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Gõ cụm từ mật khẩu: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Nhập cụm từ mật khẩu cho %s: " + +#: src/utils_password.c:287 +#, fuzzy +msgid "No key available with this passphrase." +msgstr "Không có khóa sẵn sàng dùng với cụm từ mật khẩu này.\n" + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "" + +#: src/utils_password.c:328 +#, fuzzy, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Không thể mở tập tin %s.\n" + +#: src/utils_password.c:335 +#, fuzzy, c-format +msgid "Cannot write to keyfile %s." +msgstr "Không thể đọc tập-tin khóa %s.\n" + +#: src/utils_luks2.c:47 +#, fuzzy, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "" + +#: src/utils_luks2.c:67 +#, fuzzy +msgid "Failed to read JSON file." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" + +#: src/utils_luks2.c:72 +#, fuzzy +msgid "" +"\n" +"Read interrupted." +msgstr "phần đầu VERITY sai hỏng.\n" + +#: src/utils_luks2.c:113 +#, fuzzy, c-format +msgid "Failed to open file %s in write mode." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" + +#: src/utils_luks2.c:126 +#, fuzzy +msgid "Failed to write JSON file." +msgstr "Gặp lỗi khi mở tập tin khóa.\n" + +#~ msgid "Replaced with key slot %d.\n" +#~ msgstr "Đã thay thế với khe khóa %d.\n" + +#~ msgid "Function not available in FIPS mode.\n" +#~ msgstr "Chức năng không khả dụng trong chế độ “FIPS”.\n" + +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Có quá nhiều mức cây cho mỗi vùng xác thá»±c.\n" + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "gặp lỗi phân cấp vùng nhớ trong“action_luksFormat”" + +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Khóa %d không hoạt động thì không xóa được.\n" + +#~ msgid " " +#~ msgstr " " + +#~ msgid "create active device" +#~ msgstr "tạo thiết bị hoạt động" + +#~ msgid "remove (deactivate) device" +#~ msgstr "gỡ bỏ (dừng hoạt động) thiết bị" + +#~ msgid "Activated keyslot %i.\n" +#~ msgstr "Khe-khóa (keyslot) đã được kích hoạt %i.\n" + +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Diễn biến: %5.1f%%, ETA %02llu:%02llu, đã ghi %4llu MiB, tốc độ %5.1f MiB/s%s" + +#~ msgid "Interrupted by a signal.\n" +#~ msgstr "Bị ngắt bởi tín hiệu signal.\n" + +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Không tìm thấy thiết bị vòng ngược (loopback) nào còn rảnh.\n" + +#~ msgid "Cannot open device %s\n" +#~ msgstr "Không thể mở thiết bị %s\n" + +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Không thể dùng UUID chuyển qua trừ khi việc giải mã đang được thá»±c hiện.\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "Đánh dấu thiết bị LUKS %s là có thể dùng.\n" + +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "CẢNH BÁO: đây chỉ là mã thá»­ nghiệm, nó có thể phá hoại dữ liệu của bạn.\n" + #~ msgid "FIPS checksum verification failed.\n" #~ msgstr "Thẩm tra mã băm FIPS không đạt.\n" -#~ msgid "" -#~ "WARNING: device %s is a partition, for TCRYPT system encryption you " -#~ "usually need to use whole block device path.\n" -#~ msgstr "" -#~ "CẢNH BÁO: thiết-bị %s là một phân vùng, với mã hóa hệ thống TCRYPT bạn " -#~ "thường cần phải sá»­ dụng toàn bộ đường dẫn thiết-bị khối.\n" +#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n" +#~ msgstr "CẢNH BÁO: thiết-bị %s là một phân vùng, với mã hóa hệ thống TCRYPT bạn thường cần phải sá»­ dụng toàn bộ đường dẫn thiết-bị khối.\n" #~ msgid "Kernel doesn't support plain64 IV.\n" #~ msgstr "Nhân không hỗ trợ plain64 IV.\n" @@ -1902,15 +4200,9 @@ msgstr "" #~ msgid "Enter any LUKS passphrase: " #~ msgstr "Nhập mật khẩu LUKS vào: " -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "Lỗi lấy thÆ° mục trình ánh xạ thiết bị." - #~ msgid "Backup file %s doesn't exist.\n" #~ msgstr "Tập tin sao lÆ°u %s không tồn tại.\n" -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Không thể mở tập tin %s.\n" - #~ msgid " " #~ msgstr " " @@ -1929,12 +4221,8 @@ msgstr "" #~ msgid "remove loop-AES mapping" #~ msgstr "gỡ bỏ ánh xạ loop-AES" -#~ msgid "" -#~ "Option --allow-discards is allowed only for luksOpen, loopaesOpen and " -#~ "create operation.\n" -#~ msgstr "" -#~ "Tùy chọn “--allow-discards” thì chỉ cho phép với thao tác “luksOpen”, " -#~ "“loopaesOpen” và tạo (create).\n" +#~ msgid "Option --allow-discards is allowed only for luksOpen, loopaesOpen and create operation.\n" +#~ msgstr "Tùy chọn “--allow-discards” thì chỉ cho phép với thao tác “luksOpen”, “loopaesOpen” và tạo (create).\n" #~ msgid "Cannot open device %s for %s%s access.\n" #~ msgstr "Không thể mở thiết bị %s cho truy cập %s%s.\n" @@ -1949,41 +4237,19 @@ msgstr "" #~ msgstr "chỉ đọc" #~ msgid "WARNING!!! Possibly insecure memory. Are you root?\n" -#~ msgstr "" -#~ "CẢNH BÁO!!! Có thể là vùng nhớ không an toàn. Bạn có đang chạy dưới quyền " -#~ "siêu người dùng (root) không?\n" +#~ msgstr "CẢNH BÁO!!! Có thể là vùng nhớ không an toàn. Bạn có đang chạy dưới quyền siêu người dùng (root) không?\n" #~ msgid "Unable to obtain sector size for %s" #~ msgstr "Không thể lấy kích cỡ cung từ cho %s" -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Lỗi ghi khóa vào kho lÆ°u khóa.\n" - -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "Lỗi đọc từ kho lÆ°u khóa.\n" - -#~ msgid "" -#~ "Cannot use device %s (crypt segments overlaps or in use by another " -#~ "device).\n" -#~ msgstr "" -#~ "Không thể sá»­ dụng thiết bị %s (các đoạn crypt chồng lên nhau hay đang sá»­ " -#~ "dụng bởi thiết bị khác).\n" +#~ msgid "Cannot use device %s (crypt segments overlaps or in use by another device).\n" +#~ msgstr "Không thể sá»­ dụng thiết bị %s (các đoạn crypt chồng lên nhau hay đang sá»­ dụng bởi thiết bị khác).\n" #~ msgid "Cannot find compatible device-mapper kernel modules.\n" #~ msgstr "Không tìm thấy mô-đun hạt nhân ánh xạ thiết bị tÆ°Æ¡ng thích.\n" -#~ msgid "Key slot %d verified.\n" -#~ msgstr "Khe khóa %d được thẩm định.\n" - -#~ msgid "Invalid key size %d.\n" -#~ msgstr "Kích cỡ khóa không đúng %d.\n" - -#~ msgid "" -#~ "Warning: exhausting read requested, but key file %s is not a regular " -#~ "file, function might never return.\n" -#~ msgstr "" -#~ "Cảnh báo: yêu cầu một hàm đọc vét kiệt mà tập tin khóa %s không phải là " -#~ "một tập tin thông thường thì có thể là hàm chÆ°a bao giờ trả lại.\n" +#~ msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n" +#~ msgstr "Cảnh báo: yêu cầu một hàm đọc vét kiệt mà tập tin khóa %s không phải là một tập tin thông thường thì có thể là hàm chÆ°a bao giờ trả lại.\n" #~ msgid "Cannot open device: %s\n" #~ msgstr "Không thể mở thiết bị: %s\n" @@ -2001,15 +4267,11 @@ msgstr "" #~ msgstr "sá»­a đổi thiết bị hoạt động - BỊ PHẢN ĐỐI - xem trang hướng dẫn" #~ msgid "" -#~ "The reload action is deprecated. Please use`dmsetup reload' in case you " -#~ "really need this functionality.\n" -#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, " -#~ "hit Ctrl-C now.\n" +#~ "The reload action is deprecated. Please use`dmsetup reload' in case you really need this functionality.\n" +#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n" #~ msgstr "" -#~ "Thao tác nạp lại bị phản đối. Hãy sá»­ dụng“dmsetup reload” trong trường " -#~ "hợp bạn thá»±c sá»± yêu cầu chức năng này.\n" -#~ "CẢNH BÁO: đừng sá»­ dụng chức năng nạp lại để thao tác thiết bị kiểu LUKS. " -#~ "Trong trường hợp đó, bấm tổ hợp phím Ctrl-C ngay bây giờ.\n" +#~ "Thao tác nạp lại bị phản đối. Hãy sá»­ dụng“dmsetup reload” trong trường hợp bạn thá»±c sá»± yêu cầu chức năng này.\n" +#~ "CẢNH BÁO: đừng sá»­ dụng chức năng nạp lại để thao tác thiết bị kiểu LUKS. Trong trường hợp đó, bấm tổ hợp phím Ctrl-C ngay bây giờ.\n" #~ msgid "Obsolete option --non-exclusive is ignored.\n" #~ msgstr "Tùy chọn cũ“--non-exclusive” bị bỏ qua.\n" diff --git a/po/zh_CN.gmo b/po/zh_CN.gmo new file mode 100644 index 0000000000000000000000000000000000000000..c133bc4123f2276a133a8f91dd1ae4ce0bd1c0a6 GIT binary patch literal 39490 zcmbWA37l2cmF`d4OjgXKCQ)PbIG|vt5^xM5IHN=bB4{+mm`l|ys8Ch6tXm~wItidm zGCCj*D4+;9K;eWyfpj`A>3-cE`*pfIJ!I(ablqD;CwX@Ir8{|fo!9UGt+mf^Ye4g^ zzs+~fp7+{oueJ8t`;;-H$AaSs`h5}n z2zVQ~2P}iHgXf$cMN7cL;3TkgMihM-d;vTQ8~|hRgJ(w3$>2EfL*Vt`$H6awXM=Zx z?**R%j{~0vX(BoVs@;DAPXvDjz90PXs3>|jcq(`ScosMT{9?eh;JLj2A*lNQ4ZH|E ziB75h8$haxn!%I6mEf`9HgGz)4}2$hG=+JLJ^+3KyddCA@EYFl0M-6}5Hd#p3aZ}U zg6jY2qoW8CL|1}WfOA2`zW}O#Z-AGA{};Rvykv}*zY|n@kAq6z2c84|20RrU#mgtb zt3akLx&!R35sq<*GH-%8V71Tw}A{b`YNb--3rFweo*uC1Mo8N zxCW=kjiBU~Hm2Wnv{@w>_oI60#<-4HDzX^)&$Bu_Lz)ynWpNXLAyB<{f98h#w2&&#~ zA^r_ebm|Ay|KEdo^?nkl_X|Mr>Gh!cUjRkNuYsD^=fe9Rf#Sbkg6D(hoac1C9TcB* zgE6=s6n*x9qTkgO*&jpuz7j=_e2)4^kT?+EYrfXcTOWa!Z!fts&hgX-@%I-&Zm z0gZm){XS6R-wJ*R{1Xt?ihcl!-tW24`FcFa5TY-F%D)yA{ayu??+sAx{~Dyr(Z^|A z`KNH#&5?}zmFe9GtXOfV+?Jn%Sh7N~ij z3reot2de+y0pAb)8+Zw*MFlCMOF{8XH>mzT7;q1G3h#dho&f$D6rDayrRvA00)7Sj z2=9-B;=30?jqCfM=Hov=)q6C;*7zO#Fz++KOTpQo@;?o#y>EdU$4|hM!T$h12Ojqs zmvcq%7~Wq6SxV6#g44iXfSQL(C;K{T2KD|B7=!yk(eno&q>kPP5k3Z90Ui(D3X0Ah zpvJi&q#pvcp8p2?IH*pmUnhf#{}gx~I2%+ydqC0q9hdn$)Pw5Bbnq0g8$1epDBvTY z_+=xg_P+xbz@LZr>6d$bcY+%4Qy?r5{RQ|5uO^Z2+07=ne2@u7QGf?gRC#Z3pdA;-1 zwV=j17km%+b?}|wQt*A?N>KG}0M*Yw0Y3`<7!>{f9aQ}%O!N0^K(#XuybpXZ#Gf+V z>2n##l8EjCHD9lRs_#dj`1O~d`ghz6pXZ4nO+?+G_~Kij_~F-}=-j{}Q2)LRHiHj> z%Ksbili)Qsc)MNT8N5Fao&)|lsCD%lumSwoOs{7OsQxSf)t`0X2f-dt<2nRt-2I@+ z*Uj>LX9t`Do=SWXjKL)#ejBLvzYU5n4uhK4_uc6Ixd1$q_b&%r0-nVCbKvFRx52UC zdv9|7y8u)@(*kyY8pi|Rao{&W_2aKW@$0{Xk|!Vdy!ZPYQ1rhVybNpu>%kt7rlKE# z^T6|1oEqmQFa{5Rnx7wm$Aj;@#p!h-$W%w;zz>1n0N)L+1K$O10M7-V03}Dh3#$J= z1x45Qf5GML1)%!91Qh+B0X1L$4SYZNCioHXw_qK3+^xuZ@Dxz(j0RP{0aW|bK;^#? zRQY+}iQocoJoq4}aeNyT-~T;$4EPVA^8E}v7JT;?osK7hs&@jY_4+AL>t;5n{(c2i zJ1YWi0M*ZDK()6URKA~p9|zxY8@%`qXab5ZKmQUs8hqdFQM3ho9b5^1`O7X3eg z9Jn7;yFU$hVxy1$YEa|o051bqfhT}(g!umOepHjMqm#kUl0FtZ3Y-s~34Rq+xy=Fh zftT?9J@7p6*rLzN6z~GxXMz*J72x^c0q`2|7of&HvDx|RX7F0x7lNwi&%iUmXpYar zDDXmFuLL#DuY%&Y7eI~oZ$ORjU2`2z14r}z8Bp`s4659c@V*DUocF&5uK-VI@o{|- zRJ+}v_3-q(PtXCJ73{1Z4D{7ra2qs{A|6tDn_K1)H-;T3QU z_?Mvi@mo-G;PiH1Kj(pJX9^gDcYtc=0q}J2c~Irw0G038py+-^$@%dTQ0s6S_))L` zif``%MVAM_Gr(6u`rn51H$kn3qdPqRCqT7(5vclR1Z)J=?wuih3n+T*2giXw0mVPZ z-Qn$D4aU5G2^7D5Bj6L@hk5S>)z9yOqE8>F^?6jM<0;?=dH)osbvHF&GuXiUJ>W&) zOQ72S7f^ET<7FT3r$No{ZQ;EPeu($=p!&TH90k4sY94}44w<_0mTnh@EGuY^F99w z;752rA5=Y`1y!yKRKItCqR$&(J@{i#^L)%*LB4~EpBC`K#l*gfUkqc@%|G~^YtGAKXSL{KOel2`0GK{|1_w4hrnaO9|!yecn$CG z{HojM*Ml1OCQx*E0h|T?1t@+y>-SxreGb(4mVuhDXTeW`-vciO|1bDa@S?AUbpVRq z1yK1`fS&+g1vTEk1V0WQ^>xQnLAC#BP;%+Z;B;^+I2QaRH~~EE8&3aOp!#z+coeu1 zJQ~~#s-EXS_4CicM)23*Dc~0udcVF3YCfI@HLrgKo(R5ok=u2rgR18?P;^)va3`pG z{}!ACzGJb^<7DtdytjepgI@>L@0Y>PgZ~Jg1YUfP*EbWqT=~EYz;A-%!C!%*=a_q) zZnHu4dkv_5>;%Ohe+z0}e*ub~?_A>f&j%I%W$;w645}Xwf@gw%0A2}JK=JoEOTE5J z!P9uZ1yuZ3LFK<66d&&aF9G{N&BK|?eBM3}s=YF(^rfK6eFyv?_)}2*{XZf8_~qW8 zPk|awGpPRG4~kE|8RCBqiVi2Rm=*sy@M`dDpy>N;a5VTEQ1zT~pSL>=Jel`0D7vi! z#b-U>yTLyNj{?63itoP4dcV&FRsIrC{P87F^mzbO{jY$KBKiwZ^Lq0t z?^hWVy>@^a_xHhLz&AnF|DT}h{oraJcLR70?_UBn|J%WO@b5si_ntMbf5w2f@O~Y5 zJ-7|L2>d0e{A1Vp_`d+gynh2!JDWkJ9|AuK{v1^QPh978yAb>!?}hMw2RMrNjiAc^ zA$S(}Phbqb_kMpL6L1Eo`1zpv`v`b8xF0+n{0Vpl_^t=M-Z7x!r-RDh32OWgfm%;L z0wqUIdeG@N9@PAO7F7ObQ2kvF9tS=W@P&YX04o1q1^ib~e0j`6-tX%`(XR~N41N<7 zzn-+-(=P$X@ZJm_53U1M-!tG<;5R|d=X)M@J~|#0U!4G+2c8OwZZkpAu`|3s0;>FL zp!njqp!nva8+?AogBsWEpxP^e9|2c_M}u2Hweviv@-Kz=KLsVXz6YvbKLgJN|2L@q zjCsWCyA2fIF944NzXqzG_k+iRyTKE{Z-Hv>hoJgj1=a2`k2?L21J%w20WSxYe>$l4 zZUHq)?>Zh3`_a3>gJ2&)yrN$xaTCE^1o1)gyOxL3Lj^zM`FX36lvdx9AXIE@|%p^?R>_`JqlF zUi_5*eU7+0auFx-zLEE)5H}P2YeIqe9&ir$N8km7odo?pL>!_zY6Qc`;!R&zBQkCrG~h7hw}Yzh;7D zTJk%e{D|A=Wx_U4Tz<&S{ThV*Sa{?j%JA;>JL&Wz$>7EZ0&LH2m5HA?b`=`MF3~@JusKE61PSPv9 zO#{yduO_S~EaSZhUPbs*f`s2$LVmv@e1-54;_|-_^8Uvm;+%kAAg;jkQ-n|F@{i+v zUdU5V{AYRIPWUF_MGxOan35H8~RdT=zMh37K(3Bv49?vvmTc-Lw(|bi2oe;Dez9^jpzRk>UXQ>vol% z9P3{?7OO9cj@wI3^t3&$sr`5Aw)G(Gak0Izb3sQ}u_^8LyyAkm+*;~Nvs`!MwKL-+ zHg4~3n+*k^NL#6?rFlW!BqcSsv_iB}helCowcLt|n@eP+@9o9;9?5%a_q_6DO-_g)T+Vi_c$n!?dZ>uAUe(*R9Fi z&n*@-<;+CPc$-LPtku>8=(k zhGEK@<+fs5sdE7n*Sa7c-Cl~zU8T;#oMJq6`k02gXjC~4t$1yk@xXZ`Ip;MshH{vf+v>uW*6?rYuWh~=6 zSwE0@))hD0GGkU;UQq5Tw#9+BwXnp8a8Xx_EwfSOhI}dVb}${xPavw#nc6nq_qlmH zMM|wr!xy0oNSSsPaJjpK#;tey#dJ9V^Gp1+5P9wYJP@XG9BH zONFMm&=pTYj)j_Lmk?5g&K7u}-Wt(@n__%UIbWQbAZqJwZB<Rwk@p>eKeq_tG)5K||l_4?w`icjL^w{*>o3*B9%#@1q? zGj47z%n`Mc>c%ugmrtEFGrHVXn$tH-R9H2I_9jUe8&q_;2?Q;3$w?F9nN%JoRV)>H z5?x-RCtoRbcS?xm*e4NjacIeAD~P*t+}2(0if0$&a!0WdS+4o9ihlP}-I6b5t3A4+ z(0+E8<_|FvUpIaFjLWW?8H-eTHVd=!T!V7D!&F zIZEw_^<)SVQ}gGxG|ttGm%CbM6w%*ZE@m~l;?1qZiHWpqYMF!V3yUHi?aS8Yb5t3w zNxC#l1w=K8Jv*7uQd?Y>W=L4QwpguTHl-%I#6sZG*ZZ7tXqfnO#68se$#Qgf_0 zh-xZO(#u!8=es1SzIaz-E2Fxzh}tN16x*TJ*rcvOWD1ND8iJ~Ckv=x=P~TX?wA@r| zH?|F<8eCU8+&O5F(1I3NO?*pxb15z$e9|mAI;kMM(pW5)!IqNLdRiJosH+7&Va1v; zQi^YwcC{(iVtd9}Lvu;4jF7`SS>J{xE_RNMJG*g_$;m)h&il7h!NhwDO3Q6>xi zZ@V2^2Y&BtFSg3;>1N&}c#BQxOxf(D#82zB=p(a`WkFN~<}ryqANpj}wH%$roIGkR z%`ua!ww+8}*kbYCq*=uB$>il`#-fkhL(7u%u(^}A0g6n>&yot+QM# z&XYA8=C0J-jF~hfRl3M~ozP)W#_o1gJFYd;;_#R{3){hUh|zhW-!&NugO%jl;8#_g za$6=qea*+C3$3E{g4p=KDQ4_O>ta(T6>Dl38*A4i5!}*#Co9p43@eQX6&qQGD5KNJ z)J@7Tw9wI=5qN$Jc40b_lr9#1q&c<~GF(BeoP;}qH9c4?d)XuNs^`i0LV|bX!KS$r z?l5j-doTw+@0dNWsX4cYkz^*Htd)3F3qvlowaKmsrjc1gjoRjoYKccnk=3PH%H53; zq1bJTWR4kYLA#YE+gWJ3(P~MG4A_i@($0f-d!94s9updYWL_+@H?6IZ&lD`%oI0HM1Vf!v5FSex&1lz4yu@d^fwa|g$m*F?%sw=c>W_$=tT+%5*z4s*J5s`#LBpSslf@TG+8sXwioOHi?Npxj*TZe3&PPd5yscLskU2}sqO0Je&iE#pxo>Fm^^?(Q^exmfN->(5DOFDX}(q1??LsNF25OnqkX%A+uDlB$GZSl|i*sBY5wVlsw^O=43|B zNcjfWjpL=G)Xplf#AAf={WFJ7ph!baUUTl4#K&r2 zr&UY1e660-HPex^vIoGKpk_@ab<18!oOan>FW(RII*9vBm6=)0n|LIjE3s^YshV}p z5;AM`2m{v4*z8Y8+yUmy%C}-!kH<&Vu87vL@i?AQ=X12Lh_9H-3>M?*Gsi?%7u!u8KpK&0^r)s$ zqhc(cqD-S}HN{qGKPlky#ORvRe3$}Fp`f+FQwerSSOH#hUn+4>4riYuLbflS~HDp9+8oEr8? z*bK4>yRi($sT#KrbFuhC%6P~`cbrXgF!zSZgla%%*viS$a|$sj5~6H_9K4P0xy?!? z-peE9(JFEaH>p@IVmGDY8?|w><1lfPOrEoqdiGey@n>s0X;Bl-&YE@VxGc+#YqE6n zu$AF3*dXU8{cP~H;t*?N_Pbizicu1mFb*m%Ti-`Y9O{UTTbf65=d$jwR@s*%H4d|@ zIC6zq0nu|veIjsltqW{2*vQFLBaSczY{|M@Zy>u1<~XcL_0X1tZH3^=DEz8z|Ujb9JbHhot${F!6>6!teTJks^}zw9Qgm? zzA^?WOSb^2bXLXChU9PYg*Ldz>|)n^{A6enZKy{vyMx*Z<#O>fo{u#8jcS<~&o0gB z##fo18OcT}bg{{>vT3%k&FU<66gYKjLOFHE^^-Bk(Ymyq<}?16SHt_1#j_+jP$a`v zU}|JuQcHKvKhqFh*TRBvJIzcJGkC}=NjQ8Wsv1VY$xk=ajM$K34g9t`lWK@(p+ICU zDiRm*pY|4(Iusxe=cpDbC8?&p*q_uV?a zv1AicqnPTV>kFOMYY}aHwwp-%-9Qe`WV_pvG^VSYvwdg%a(vFzZ7AYGdx@mPzj z+&K(Zj;CXTIWCQx&h{9NW|HTC7stOXIflpRUL=^61?_o1(62vysnK|IuOzl#T z`EJuzJD4sSWQ}bzjjm!+>bxConZ&dl5K)aCR*NxiDB;vZ;?$(C-EW z`)bDJ*Iqd#v6EEo(9{V@a?QC=sz~4{_-mS9WkaX=>9bHS5><84kjxfm$5r+9HgWaIDReeES6O0~ z?C6;ho2AEK18-`0E%~D`W5?7ukn9b&K5}K}6^k9xf+K23*?MDX1UGPJz3d4|l=^zx ziq+Gl#-b(JUIcZPc8WUdZMNuD#;|F!_Bkv(Nh@q+)5~2YPPL?yNW-x zaV`}MIuj2^<;~^@nplTGdW$Ua<@iD}L2YLP(G1Sv3hl^F#7?rV!Y*Mn{z>+@iPN7g zB{Xsi3&x1&bj-=E#Yxv*b<32g*IhL^{(V1$b^nA(F)fSF)W;1Cto<3-u{bt3dDZnL zc2PP%Cf2V3xPpRpQj_WiIdHTN!oF&BTYMk|YUn{G@)eC1`+uDOgVHxu>grZKN~vucpl;qc2wT?!X8&T}#*O z_t_>)*5#cR8Nk2l5?wUa@vAr>$J~{K&C+MrMWG0=Ekf&H-L#8g}K(! zTJmd?dCG6Ta! zNQ34AbD|kcO;hD}C%Exl%^Eh{ld!1r=`zyb25YTst4`T6136c3bVIlvf+CqRb%yVN z8={$4T`_C=4KpKM8|5?q^p+maU3S}0RbXZ|H#4#FpM~}AJX!0QpE(y-UQ=;)x2}Sg zb@o<{EY7U&x$^pjc#B4v%Rh$Q?Z*VZbI(d@AG(LxQ|XXB$T7RN+0 zyR?lJ^V#hN%ro;km|M(A8_o2c!&}mEreCe30bTTgBTzk^r4Eku%pW)>bJb>!w1&E% zc1*-_6G0v(?gi^gXjx9)uHs!?Z~_zSJO24C+{&6SLCzja7MA4-#xWN=xXy|y(pJ?@ z4})pN3>Yh9TOZ339OOx+WRj$8>_*0DZh*w+B2635b)Fn!#f&&fp>X+IWpYAYB=>V3 z;xol;#l!4CAQSA;h(>dh3#QrB{bX5LXUqt+!ujah_B>hBnapLVSDtB3-ogSUn^=Ie zceB)oEDos>&0n}L8^n!HbsD@VCDf-@ly#yFP=|g_ZW?8F5tp5=!w08;pUTO_BR(^( zhCHD*&U=n@oQr64$D#A$+bd*E1i9b`-!|r&rc(WsZAfybx0AT1%rd5 zu|E=0>AFuSfwpYmcDr3sIs)NrG-=;MGr_vjDl__+NyeFI!ouuFxFKqq#c$Y~FxBBn zR|#hD1tw8#l(E)z=HZ7qZt3VoVcdcyy^|}zvs*P`Y?;Iw+PztQ?!L?Mx7-nJ9GA=P zM)ad2FurGLG1F0_FL(6|s(+&G|Hk9oXQwbBvc)=t7uApr-+932^2T;^P#^(JW&~*; z?ui^JF`kBKEVh@r(RXFcRNQqp>XVJu1>(!VFKRN+aUy~)xpG;sfKj0$e(;d9Wkkm$ zTBlm!W~=QL?Pge(EQ*!dv-g^&OzP2|_Lylo2xgS4J>{gk?srjD8D|=a6W$nQz0DHC zofETI!d13>*^rzWo3&MkWRrcaD@IQDfehdLNWIGmGdCJc0@8+G3P`RshBJO7J?6aM zA-Rzib}rL*ZqNdn!eNz7l;-SyTUo=A9$G-0%truYYNevp=U&eGmJ(`?h2=-~8AFvV zQ*(Jidt=gduD|DcZnv{C&qiQF6Z50-eM#4&yiA{ZTJ7dTL$WGtotW=8InDM=P0^%$W)%rF$(OJ zSz;zPILVohN5h-c_dCg6o*N}M`R#GZoy??7?J~NVPdB5`&JTu37+OdgdA41mH>)>X zmI^g0F+H?x)27^XoZBgB^~xpfm)y0o0p<91&@K$irP!`LFybNod?;~*r_ON%Oz@%y zC(UVfS#B8u_4P*P)a9iv%r1(a&K~$`ABNO8xi*_Gj>%E-r2?(x6nd0wkiv<4Ip4E}nC)(B zp-~+UeYLgI#JcM&Y31PDEO4Zf z2xQZeXhZLG)Yw{L8Hc5x_-5Mt#^#uaE+g$+3z$)PZW!AHF(8zSLdj%|z6q2a9TLPb z-Q@*Q%Hn|vZ$Si|CL}aSYy!J$;?*`pO}db0RL%~=bge|4lJCdTgCUu8C6_#mag+?c zmaE1@fknKM@P>$}nc}&{yEt&rVQQ4_U!yjJcRAvAB6eo-NdttLUE?o{+$4{%vQpy= z_6{GBh24yAog>_>c)5&k2hF1U)Q&LgwjszfC4ya>=U_&K!C8l~=iCFyR7Yj)5Nk5& zV5O_O>?wh=`KaVdd44hiY4AgFu9AG5XCiFS4Ehp?y5?%#m!n$0SyFRi$3@9S4BLlB zFe)E@2EL12ev0iQ9U7Ev0hoLWd!X!#K;JFpi8J4%L>L@XRx8gUPbNNyO*BbzCLo{V zSJ;%-Pi?A4D@g=T%$dpYgobeq=QWJ4W7TuCS$};O{PHmoNhM!^|OkFwu#(p!dZYI z7+r2@LvHAEu`%(amhl(2*WW$&(mAEloK`M3m%2O3wZ$jKch9~3ifMJ%Prd%CY{26i z#?@WH$HZ)j>t%vZw7vAXrYSxxw;%UPx;}H`tSR*uXZh55+-LPyarh!%`^5NS&i3nW zHu6lAoP=VyQhkgN#BUBrDVk=e8IcZ@VR3djH`j-YTB6E~Qn85(9h!v;+5TgTwboBT zW^k9ay~AG1pBevYRGLygGw##+gt>Cxj=qB%C&ztz_g9we>D#-rZ{Nzky$jzw@R+5p zTiw5X_vEwIdshx@TU1&8c%^rL|6}(K?0UVjby?k{>iXT))w}#{a$MQ{ zA|>*1H1y!|%HCB;4pq4B`Rc|Mho4(D(6gxT(3a|=o_u|q_j!TJ!UNWPJh+0*`v&e? z+`o7qh0>hrvVTg>aMVrj^N`*;@B5(d+g#~cnhe7fEsh>bI=pcqbyOdJrTUOsagj*o z!w)=D-F`6t4R&?yy1v&R@9%vy|DCl{R^9U=4=?NM-9r!i4?H~3bANTip32gfE4v;e z!{OdX26k;tzP)CZSJp0uc$$NweQfd~kByz6l_xgDqboZ%F#PcCbr}DU`2NS&Rkm)g z>|U!+t;fcmt-AR@<$%S|mw}zzD)-+vG49{Esj}-yr$Tk}vdY$1To6|tSjF`A^&afo zySo2{ZEqe}#5dQ~S62@7tncex(s%Gs|3f<}OP5r3KJw;)<<$+Fd8jPj5l@}|=7AOe zyl`<{RC(LslL6hz@*+vZSD=*-$w2g%jko%pJO(!%Rg1g{t9D3Zm8~xhyz-3F`u4A}kF5LlK3BE+243ISzaExkP3=Qm4IDf; zu=+J$7TjZH4cY>P(Zu8MW|YoJWyy}i_Z+PDZt2^Qx!%J3E&EbRVoP)Dw`w!6Z z7oCroR+o?}8-9>hIBGg<>c4fEz^JC!OGH?LeCHk)tA@9o7I=LAo6`^bg_ERlFHIo z(I`G&l~oTX-(0KN-=!3X0>5Js?bxT>k`=1H*6S2<>5lZMu2@KCQ^F&c`nN5Dr~39j zRNeTTi~P#!*E~b6qNf*DH$6ja|K>#luk1LyY%Ow}b7mjTz`+-)tDg!h)x;-saDuR2 zvs!}CG_%c_fLg-py#EoYHd`c;y1wdN6q}BvqQF#vgr=E%V|wIf&fts#haT_Wv9j;LBb6n~`}c3pk}J!f zsBB-!vIv}Mlg0Y)e`r&6`MS!ZJ1Xne^grJ-Vu2Bpy;IdkHdl7vOEsc_RDrbT;U}K- z``d7Ob@^)pht>^jSv5=xgQ_4$_+lGjTHU<2x?>BHY2fK4h-f5kW!;8sf_-XJ!eo_u zf=j^>xhiDJ$s}et?(2O9>0ep;Xl03M4(DRedwAJuC!h;LXXL@Hy0**9-Ykc&m0>#U z32(7V`g+&&_bz9iJa-T%wp<1`@fJM|{pfkE`r=~b3Jm4SAgcyTwX*h+ym}eTn{VH? z3Ifacy!z;_!wZw8jM5n@_9{KS)fKN-mhW~lRTi!7-`p!?F>z-#~8^-tFV`62t zu`rN4RlF<%%nA-{fBNu4i(F4r z;|D`&=hMguf2N(3C1jz#_L4-1t*PqrhpVd=!}>LH*o)=Lta8gugkHa#GL>ETunyA( z2KPK)au}I~WF5HYAT&woCuOxiVZPTNtX&!pZae(w*0jp3EhyW!vGN@bHglyaqSZw=2edF!By6~}BX3$mc zKiJp1HPNlB`g)&6i<6)EO_VBo8p|XJeBUOjC&CnLW$kk;P-lQh#?Hp)T%HHZa14cQPnB!rCZ|UgK$x1`E%8WT|?TwT%|T`60z5A9@w_D z|M7>B$+6C>JjLd2?Be@(ZNSKjvOd`d;I*%VqBJjT z7&q=vrCClFS<*$1?@@|*9ahVsuyF+oMPoIZd5IBngcF%8PgcLIH?uivo9*jeO;>!8 z)}~apKF20Hi=*GRr76e0tIMUB*h6$x_diuxwqFU=M_%vWy1#$d!v0M=rBk7iR_eAz zLH2FIYqB*&IafNPN-0Y)$gjdIr7J~Qg8#^Cv2&+3ZpsQXIK0XkoOkajlO*m_=bTdulzhs4~$gNTy6 zp647s|LM1tF?loOL+=5L?(6NX-n%xPemYoL`!oxWld75wE1vB;_~_8obR}!7Y>#Wp z4vmqLNNd6N4UMGL;2p`*(>~;VKZBYe3GIgbOlwU`c}_Lrnl{IFczl-aKm5?6#uccC zS6>?`5tq}$L6Mq*Gbx-m;N?9^>(Vq1DuLw(!>AH7^YcYrxTy~qCT{=dO-dvkC++Ah zFIm%&M+LGa_I{joWU!@U^DsU+amN?ZLQ24mHt&$To}8jt z!MqWZQJZP=v0zl#Y}f`hZ_;OE4~oh&O1rv#ks9faeUpqZ5Yr__k+{;k$k&UP z#$CV;2JN7wWc6iP-DZtP>&OHfDW}Z_=XvYV=VpI`{AAdTHDqPN@`@)+`77*%cet-2 zYf@RQFLHGlQ#q%54!8!!9_Z=8&yzSbhO68Akk!hRU?A40;VcodW>bcSjYrO0l)V0z#((TnMc%Bt@{~yMu}&70xM9fdLt#b zGZft4ho8E?f6cNeRmZ35O06dYJ}Pv!AfM$EJQ>FSf~a&uy5RuT-}R82V_jhmqK66UH& z4!%@7RT(DP$yB@Nc8gWF@iKD}QROxq&d{;ugw z|Nb7AZC-(;ncEigJ|&~PdpkGu?S09M$`>r>C4y?hp2Hhn!RwZ}hr?R0Y+GD?a%1SB zs>*Ws2w}9!@<;QI;(Q*jMa}*HS2Wz_A{&5HI2z~)W@sjy%=_e>L{nKG@+y=)8hd06 zCLiVad zQrIgf4}IP(cNhl}iJ!x}AISGePpl8VHOKm(1)oW-f!+HnJ$ti^7n_~Ba5alQJKE6M z3WD4BG|UXlg(tDPcL@e+Ru$v0Ll`>&@mz3Cb>*{_wc9xGWu!y%+JejH)YSq8~x5D7O|)^4EGQuip#L=*F5P@LF-4dSpLW0hzCG22ZeN??bkW*>;MvNuwY~zRMf@vTk=A9oE7?5lGI6T!z|-pO zY0092U3*#2L4smbZ^2}EX5f`gu%;@NMPu%n%#;-0)*g5&qn}O5YT~HbbSL!Hw3!BX zgC2^6qyA(|jk-mkB#t%_ODoYfcZ14W8#}kU)y!(}DJGK-)spcTabqEO=p$oq&2Fkh zU9;ag{L~}LrwPSkTDCMT?Ifam;n;D-N}XETN*TU@q?(<5j#$R7VY6$nQ$Z2ki~`j* zd7+)O-Dr?t^Grk6P-d^CSrOC~X94pgIgbaaZr7SJ#W?tT zZ%>ia&gXA0w%xrNUdrw1(W+-+4aNTPw?tt0_#2(=k`OyZg~P^A4k9gZsGEwraQKOL zE^(x?mTaGxF66q%d&LN9Kl4t<>6~V#+`8FQ=&~N$98oCw7`1Qj8Y)7rxM#Cw_R<#8 zueyDBl%WRQh{f>8f66VzG}5=+ab?Mibjdnlw`Fp*`={MC{nIy7zJ9&6q`$dZlA$Q8 z>pjmp%vamqv2d?+m@1O*w{1NB0k;>)zTkE#Skp&7Kg#`80BCb~;o>7x-M+sbd4^)n z%x%KtgR5;y-+UjL9$~9(r^(tp*j<}}g&Qin52`8?72*1je>X93XeVB4H|?|}d!Fy# z{s3Y=e39)Humw8&&_Y*bNy5H8^88ssvcdfHkedpH+ov&s&;y77f*kb=nU9t2|g2khanmYO3tx+Jqg7V)$j>VY}PHsgyZrg8nkv1xDCz%Pj2;e1i{-##~AJ z0ztj0$t=xRqMr>=lmnSyC;5<+d1#G+}Y)jMA`Cq&p3nINyBOJKp;+a%_4$_{}N`nnYuJ0Oxr7TEoe^%e)oadaH%|&_^8XN`b)}J}_OOMX^BM^=&p)udFjtXidMo-jBPv zC4|i-R`;E!yOOvRw)Sb&8IIeBF2v;S6^2;u=qqIlFPGJjw+@s&RoPUDDoBQV+|I3W)O4mqnBNeSRcB(21lgc#B?Mi8F_rxDulMTW0wVD6fz2>1 z1_O2iR?AoPv=F4SRj zx!LRztj_@V-l}_+8%g(X?c4tVo-L*c9>ny~QTGem5Vo>F*B`3vmwP2xpe6(>OYZS{ zy#r`vc}B-$qx<*DP&F(BJIhF?*;a~?-Gr~NQRfcHk?d~55tCsmwrf=CYd*?zjSqZf z#q_&R0>i{Q2segdb#~#RcV52-3Z{ue4{!Vus9Og%0ISCds&`M3$2Mso->aH=N}cp% z=m#tf`baveuKN-(ExVR^w&lYOFY#yWxt}v+N<`n zb>kjT&YaGDFfll-Z|_zJHqi4FUM&|MI)62{n|~3c9gU81O|T#(BKAvKp{XHcGwyL( z4e5oRkWX=`36P#Lg=^{hFd@0plcwQk;8`Lr+n6S{0=_bC(%~#lHzIx;p}OMP%8Tno zG*i3-3s(*7SSS-UToYv{c@Y~A_FDCFf$9I%V(BL519Y%mK)I%sJ&lBqrCa~@{J zHm1l{=EmpTJv^!B2LEhU+mJjQc4+ftUnZMe*Bx+I^xU`*0dn?($D^bgiBG}2D-Fe2hao9&rP@UO` zbi2y;7m;7l$~P|Wot-9SRdAKlts0xIh-=`7H|+Gjn>y6hA-}z#btMbNbt8@<7v@eV zcP{!T1Hr~k`-@@f6>8IZ=uz22eqes2QLpX64D*3|VJszj?JHQL#}_8xq6dS6m|tDaslq0 zl-TyQAU{@~SYn%XOV!X?gzo;_|HIVIIBoqzzOeGr#H-b|%-5E;$-B!_twI0(Z^jK% zyDvOHy3+p)5CS*<2PPWg(PFgm_7`DL#C-A2U#{d2Ve@~7@;^)4FebOFOeH#;;N|?B SWnkIM_|Yih!hu;7WBfm=?%hEE literal 0 HcmV?d00001 diff --git a/po/zh_CN.po b/po/zh_CN.po new file mode 100644 index 0000000..8ac1d9f --- /dev/null +++ b/po/zh_CN.po @@ -0,0 +1,4122 @@ +# Chinese simplified translation for cryptsetup. +# Copyright (C) 2015 Free Software Foundation, Inc. +# This file is distributed under the same license as the cryptsetup package. +# Mingcong Bai , 2015. +# Mingye Wang , 2015. +# Boyuan Yang <073plan@gmail.com>, 2018. +# +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup 2.0.3.1\n" +"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2018-04-27 22:41+0800\n" +"Last-Translator: Boyuan Yang <073plan@gmail.com>\n" +"Language-Team: Chinese (simplified) \n" +"Language: zh_CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 2.0.6\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "无法初始化设备映射器,正作为非 root 用户运行。" + +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "无法初始化设备映射器。dm_mod 内核模块装载了吗?" + +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "不支持请求的推迟(deferred)标记。" + +#: lib/libdevmapper.c:1198 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "设备 %s 的 DM-UUID 被截断。" + +#: lib/libdevmapper.c:1520 +#, fuzzy +msgid "Unknown dm target type." +msgstr "未知的 PBKDF 类型 %s。" + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "不支持请求的 dm-crypt 性能选项。" + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "不支持请求的 dm-verity 数据损坏处理选项。" + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "不支持请求的 dm-verity FEC 选项。" + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "不支持请求的数据完整性选项。" + +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "不支持请求的 sector_size 选项。" + +#: lib/libdevmapper.c:1645 +#, fuzzy +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "不支持请求的数据完整性选项。" + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +#, fuzzy +msgid "Discard/TRIM is not supported." +msgstr "不支持哈希算法 %s。" + +#: lib/libdevmapper.c:1653 +#, fuzzy +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "不支持请求的数据完整性选项。" + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "" + +#: lib/random.c:75 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" +"系统在生成卷密钥时熵不足。\n" +"请随意移动鼠标或是在别的窗口打字,以便生成随机事件让系统使用。\n" + +#: lib/random.c:79 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "正生成密钥(%d%% 已完成)\n" + +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "在 FIPS 模式下运行。" + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "随机数生成器初始化时发生致命错误。" + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "未知的随机数生成器质量请求。" + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "从随机数生成器(RNG)读取时出错。" + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "无法初始化加密随机数生成器后端。" + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "无法初始化加密后端。" + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "不支持哈希算法 %s。" + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "密钥处理错误(使用散列 %s)。" + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "无法确定设备类型。不兼容的设备激活?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "此操作只适用 LUKS 设备。" + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "此操作只适用 LUKS2 设备。" + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "密钥槽全都满了。" + +#: lib/setup.c:434 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "密钥槽 %d 无效,请选择 0 到 %d 间的数字。" + +#: lib/setup.c:440 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "密钥槽 %d 满了,请选择另一个。" + +#: lib/setup.c:525 lib/setup.c:2824 +#, fuzzy +msgid "Device size is not aligned to device logical block size." +msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。" + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "检测到标头但设备 %s 太小。" + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "不支持在这类设备上执行此操作。" + +#: lib/setup.c:666 +#, fuzzy +msgid "Illegal operation with reencryption in-progress." +msgstr "正在进行离线重加密。中止。" + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "不支持的 LUKS 版本 %d。" + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +#, fuzzy +msgid "Detached metadata device is not supported for this crypt type." +msgstr "此加密类型不支持 UUID。" + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, c-format +msgid "Device %s is not active." +msgstr "设备 %s 未激活。" + +#: lib/setup.c:1444 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "加密设备 %s 下层的设备消失了。" + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "无效的纯加密选项。" + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "无效的密钥大小。" + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "此加密类型不支持 UUID。" + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "不支持的加密扇区大小。" + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +#, fuzzy +msgid "Device size is not aligned to requested sector size." +msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。" + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "无法在没有设备的情况下格式化 LUKS。" + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "" + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "无法将设备 %s 上的标头擦除。" + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "卷密钥对于带完整性校验扩展的加密而言过小。" + +#: lib/setup.c:1821 +#, fuzzy, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "密文 %s 不可用。\n" + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "设备 %s 太小。" + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "无法格式化正在使用的设备 %s。" + +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "无法格式化设备 %s,权限被拒绝。" + +#: lib/setup.c:1908 lib/setup.c:2229 +#, fuzzy, c-format +msgid "Cannot format integrity for device %s." +msgstr "无法写入设备 %s。\n" + +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "无法格式化设备 %s。" + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "无法在没有设备的情况下格式化 LOOPAES。" + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "无法在没有设备的情况下格式化 VERIFY。" + +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "不支持的 VERITY 哈希类型 %d。" + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "不支持的 VERITY 块大小。" + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "不支持的 VERITY 哈希偏移量。" + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "不支持的 VERITY 哈希偏移量。" + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "数据区域重叠覆盖了哈希区域。" + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "哈希区域重叠覆盖了 FEC 区域。" + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "数据区域重叠覆盖了 FEC 区域。" + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" + +#: lib/setup.c:2286 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "请求了未知的加密设备类型 %s。" + +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, fuzzy, c-format +msgid "Unsupported parameters on device %s." +msgstr "无法将设备 %s 上的标头擦除。" + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, fuzzy, c-format +msgid "Mismatching parameters on device %s." +msgstr "无法将设备 %s 上的标头擦除。" + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "" + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "无法获取设备 %s 的读取锁。" + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, fuzzy, c-format +msgid "Failed to suspend device %s." +msgstr "无法获取设备 %s 的读取锁。" + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "打开临时密钥存储设备失败。\n" + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "无法获取设备 %s 上的写入锁。" + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "无法改变回环设备大小。" + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "你真的想改变设备的 UUID 吗?" + +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "标头备份文件不包含兼容的 LUKS 标头。" + +#: lib/setup.c:3058 +#, c-format +msgid "Volume %s is not active." +msgstr "卷 %s 未激活。" + +#: lib/setup.c:3069 +#, c-format +msgid "Volume %s is already suspended." +msgstr "卷 %s 已挂起。" + +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "设备 %s 不支持挂起。" + +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "挂起设备 %s 时出错。" + +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "卷 %s 未挂起。" + +#: lib/setup.c:3146 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "设备 %s 不支持恢复。" + +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "恢复设备 %s 时出错。" + +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "卷密钥与卷不匹配。" + +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "无法添加密钥槽,所有密钥槽已禁用且未提供卷密钥。" + +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "交换新密钥槽失败。" + +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "密钥槽 %d 无效。" + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, fuzzy, c-format +msgid "Keyslot %d is not active." +msgstr "密钥槽 %d 未使用。\n" + +#: lib/setup.c:3694 +#, fuzzy +msgid "Device header overlaps with data area." +msgstr "数据区域重叠覆盖了哈希区域。" + +#: lib/setup.c:3981 +#, fuzzy +msgid "Reencryption in-progress. Cannot activate device." +msgstr "重加密已在进行中。" + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +#, fuzzy +msgid "Failed to get reencryption lock." +msgstr "无法获取写入设备锁。" + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +#, fuzzy +msgid "LUKS2 reencryption recovery failed." +msgstr "不支持的加密扇区大小。" + +#: lib/setup.c:4127 lib/setup.c:4379 +#, fuzzy +msgid "Device type is not properly initialized." +msgstr "设备类型未正确初始化。" + +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "无法使用设备 %s,名称无效或它正被使用。" + +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "设备 %s 已存在。" + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "为普通设备指定的卷密钥有误。" + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "为 verity 设备指定的根 hash 不正确。" + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "" + +#: lib/setup.c:4421 +#, fuzzy +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "该内核不支持内核密钥环。" + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "在内核密钥环中加载密钥失败。" + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "设备 %s 仍在使用。" + +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "设备 %s 无效。" + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "卷密钥缓冲区太小。" + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "无法获取普通设备的卷密钥。" + +#: lib/setup.c:4657 +#, fuzzy +msgid "Cannot retrieve root hash for verity device." +msgstr "为 verity 设备指定的根 hash 不正确。" + +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "不支持在 %s 加密设备上执行此操作。" + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "不支持在此类设备上执行导出操作。" + +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "" + +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "无法转换正在使用的设备 %s。" + +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "将密钥槽 %u 指定为新卷密钥的操作失败。" + +#: lib/setup.c:5845 +#, fuzzy +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "初始化默认 LUKS2 密钥槽参数失败。" + +#: lib/setup.c:5851 +#, fuzzy, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "交换新密钥槽失败。\n" + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "该内核不支持内核密钥环。" + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "从密钥环读取口令失败(错误 %d)。" + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "" + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "无法获取进程优先级。" + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "无法解锁内存。" + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "打开 (open) 密钥文件失败。" + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "无法从终端读取密钥文件。" + +# stat() 主要就是出来一个各种文件信息…… +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "获取 (stat) 密钥文件信息失败。" + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "无法寻找 (seek) 到请求的密钥文件偏移量。" + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "读取密码时内存耗尽。" + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "读取口令出错。" + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "" + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "超出最大密钥文件大小。" + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "无法读取请求量的数据。" + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, fuzzy, c-format +msgid "Device %s does not exist or access denied." +msgstr "设备 %s 不存在或访问被拒绝。" + +#: lib/utils_device.c:197 +#, fuzzy, c-format +msgid "Device %s is not compatible." +msgstr "设备 %s 未激活。" + +#: lib/utils_device.c:642 +#, fuzzy, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "设备 %s 过小。(LUKS1 需要至少 % 字节。)" + +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "无法使用正被使用的设备 %s(已被映射或挂载)。" + +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "无法使用设备 %s,权限被拒绝。" + +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "无法获取有关设备 %s 的信息。" + +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "无法使用回环设备,正作为非 root 用户运行。" + +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "连接回环设备失败(需要有 autoclear 旗标的回环设备)。" + +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "请求的偏移量超出设备 %s 的真实大小。" + +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "设备 %s 大小为零。" + +#: lib/utils_pbkdf.c:100 +#, fuzzy +msgid "Requested PBKDF target time cannot be zero." +msgstr "请求的 PBKDF 目标时间不能为零。" + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "未知的 PBKDF 类型 %s。" + +#: lib/utils_pbkdf.c:111 +#, fuzzy, c-format +msgid "Requested hash %s is not supported." +msgstr "不支持请求的 LUKS 哈希 %s。" + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "请求的 PBKDF 类型不被 LUKS1 支持。" + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "" + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "" + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "请求的最大 PBKDF 内存开销过大(最大为 %d 千字节)。" + +#: lib/utils_pbkdf.c:160 +#, fuzzy +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "请求的最大 PBKDF 内存使用量不能为零。" + +#: lib/utils_pbkdf.c:164 +#, fuzzy +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "请求的 PBKDF 并行线程数不能为零。" + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "" + +#: lib/utils_benchmark.c:191 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "PBKDF2 选项不兼容(正在使用哈希算法 %s)。" + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "PBKDF2 选项不兼容。" + +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "锁定中止。锁定路径 %s/%s 不可用(不是一个目录或缺失)。" + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "警告:锁定目录 %s/%s 缺失!\n" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "锁定中止。锁定路径 %s/%s 不可用(%s 不是目录)。" + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "无法寻找到设备偏移位置。" + +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "" + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"为设备 %s 配置 dm-crypt 键映射失败。\n" +"请确认内核支持 %s 加密(查看系统日志 (syslog) 以获取更多信息)。" + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "XTS 模式的密钥大小必须是 256 或 512 位。" + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "" + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "无法写入到设备 %s,访问被拒绝。" + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "打开临时密钥存储设备失败。" + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "访问临时密钥存储设备失败。" + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "加密密钥槽时发生输入输出错误。" + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "无法打开设备 %s。" + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "解密密钥槽时发生输入输出错误。" + +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "设备 %s 过小。(LUKS1 需要至少 % 字节。)" + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "LUKS 密钥槽 %u 无效。" + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "%s 不是有效的 LUKS 设备。" + +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "请求的标头备份文件 %s 已存在。" + +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "无法创建标头备份文件 %s。" + +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "无法写入标头备份文件 %s。" + +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +#, fuzzy +msgid "Backup file does not contain valid LUKS header." +msgstr "备份文件不包含有效 LUKS 标头。" + +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "无法打开备份标头文件 %s。" + +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "无法读取标头备份文件 %s。" + +#: lib/luks1/keymanage.c:317 +#, fuzzy +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "源设备和备份上的数据偏移或密钥大小不符,恢复失败。\n" + +#: lib/luks1/keymanage.c:325 +#, c-format +msgid "Device %s %s%s" +msgstr "设备 %s %s%s" + +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "不包含 LUKS 标头。替换标头可能损毁设备上的数据。" + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "已包含 LUKS 标头。替换标头将损毁已存在的密钥槽。" + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"警告: 真实设备标头 UUID 和备份不符!" + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "不标准的密钥大小,需要手动修复。" + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "不标准的密钥槽对齐,需要手动修复。" + +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "正在修复密钥槽。" + +#: lib/luks1/keymanage.c:409 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "密钥槽 %i: 偏移已修复 (%u -> %u)。" + +#: lib/luks1/keymanage.c:417 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "密钥槽 %i:已修复条带(%u -> %u)。" + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "密钥槽 %i:虚假的分区签名。" + +#: lib/luks1/keymanage.c:431 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "密钥槽 %i: 已清除盐。" + +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "正在将 LUKS 标头写入磁盘。" + +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "修复失败。" + +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "不支持请求的 LUKS 哈希 %s。" + +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "未在 LUKS 标头发现已知问题。" + +#: lib/luks1/keymanage.c:660 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "更新设备 %s 上的 LUKS 标头时出错。" + +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "在更新设备 %s 后重新读取 LUKS 标头失败。" + +#: lib/luks1/keymanage.c:744 +#, fuzzy +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "分离的 LUKS 标头的数据偏移量必须为零或高于标头大小(%d 扇区)。" + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "提供了错误的 LUKS UUID 格式。" + +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "无法创建 LUKS 标头:读取随机盐失败。" + +#: lib/luks1/keymanage.c:804 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "无法创建 LUKS 标头:标头摘要失败(正在使用哈希 %s)。" + +#: lib/luks1/keymanage.c:848 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "密钥槽 %d 已激活,请先清除。" + +#: lib/luks1/keymanage.c:854 +#, fuzzy, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "密钥槽 %d 条带数过少。标头修改?\n" + +#: lib/luks1/keymanage.c:990 +#, fuzzy, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "密钥处理错误(使用散列 %s)。" + +#: lib/luks1/keymanage.c:1066 +#, fuzzy, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "密钥槽 %d 无效,请选择标号 0 到 %d 间的密钥槽。\n" + +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, c-format +msgid "Cannot wipe device %s." +msgstr "无法擦除设备 %s。" + +#: lib/loopaes/loopaes.c:146 +#, fuzzy +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "探测到未支持的 GPG 加密密钥文件。\n" + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "请使用 gpg --decrypt <密钥文件> | cryptsetup --keyfile=- ...\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "探测到不兼容的 loop-AES 密钥文件。" + +#: lib/loopaes/loopaes.c:245 +#, fuzzy +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "内核不支持 loop-AES 兼容映射。\n" + +#: lib/tcrypt/tcrypt.c:504 +#, c-format +msgid "Error reading keyfile %s." +msgstr "读取密钥文件 %s 出错。" + +#: lib/tcrypt/tcrypt.c:554 +#, fuzzy, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "超出 TCRYPT 口令最大长度限制 (%d)。" + +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "PBKDF2 哈希算法 %s 不可用,将跳过。" + +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "无法找到所需的内核加密接口。" + +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "请确定您已载入内核模块 algif_skcipher。" + +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "扇区大小为 %d 时不支持激活。" + +#: lib/tcrypt/tcrypt.c:759 +#, fuzzy +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "内核不支持激活此处的旧 TCRYPT 模式。" + +#: lib/tcrypt/tcrypt.c:793 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "正在为分区 %s 激活 TCRYPT 系统加密。" + +#: lib/tcrypt/tcrypt.c:871 +#, fuzzy +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "内核不支持 TCRYPT 兼容映射。" + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "未载入 TCRYPT 标头时不支持此功能。" + +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "读取 LUKS2 需求时失败。" + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "不支持的加密扇区大小。" + +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "读取 LUKS2 需求时失败。" + +#: lib/bitlk/bitlk.c:543 +#, fuzzy, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "读取 LUKS2 需求时失败。" + +#: lib/bitlk/bitlk.c:594 +#, fuzzy +msgid "Unknown or unsupported encryption type." +msgstr "不支持的加密扇区大小。" + +#: lib/bitlk/bitlk.c:627 +#, fuzzy, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "读取 LUKS2 需求时失败。" + +#: lib/bitlk/bitlk.c:921 +#, fuzzy +msgid "This operation is not supported." +msgstr "不支持在 %s 加密设备上执行此操作。" + +#: lib/bitlk/bitlk.c:929 +#, fuzzy +msgid "Wrong key size." +msgstr "无效的密钥大小。" + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1069 +#, fuzzy +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "激活临时设备失败。" + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, fuzzy, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Verity 设备 %s 未使用磁盘上的标头。" + +#: lib/verity/verity.c:90 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "%s 不是有效的 VERITY 设备。" + +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "不支持的 VERITY 版本 %d。" + +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "VERITY 标头损坏。" + +#: lib/verity/verity.c:165 +#, fuzzy, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "为设备 %s 提供的 VERITY UUID 错误。\n" + +#: lib/verity/verity.c:198 +#, fuzzy, c-format +msgid "Error during update of verity header on device %s." +msgstr "更新设备 %s 上的 VERITY 标头时出错。\n" + +#: lib/verity/verity.c:256 +#, fuzzy +msgid "Root hash signature verification is not supported." +msgstr "不支持请求的 sector_size 选项。" + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "" + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "" + +#: lib/verity/verity.c:308 +#, fuzzy +msgid "Kernel does not support dm-verity mapping." +msgstr "内核不支持 dm-verity 映射。" + +#: lib/verity/verity.c:312 +#, fuzzy +msgid "Kernel does not support dm-verity signature option." +msgstr "内核不支持 dm-verity 映射。" + +#: lib/verity/verity.c:323 +#, fuzzy +msgid "Verity device detected corruption after activation." +msgstr "在 VERITY 设备激活后探测到损坏。\n" + +#: lib/verity/verity_hash.c:59 +#, fuzzy, c-format +msgid "Spare area is not zeroed at position %." +msgstr "备用区位置 % 未清零。\n" + +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "设备偏移量溢出。" + +#: lib/verity/verity_hash.c:203 +#, fuzzy, c-format +msgid "Verification failed at position %." +msgstr "在 % 上发生检验错误。\n" + +#: lib/verity/verity_hash.c:276 +#, fuzzy +msgid "Invalid size parameters for verity device." +msgstr "为 VERITY 设备提供的大小指标无效。\n" + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "哈希区域溢出。" + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "数据区检验失败。" + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "根哈希值检验失败。" + +#: lib/verity/verity_hash.c:384 +#, fuzzy +msgid "Input/output error while creating hash area." +msgstr "创建哈希数据区时发生输入/输出错误。\n" + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "创建哈希区失败。" + +#: lib/verity/verity_hash.c:433 +#, fuzzy, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "警告:如数据块大小超过内存分页大小,内核将无法激活设备 (%u)。\n" + +#: lib/verity/verity_fec.c:131 +#, fuzzy +msgid "Failed to allocate RS context." +msgstr "打开 (open) 密钥文件失败。\n" + +# stat() 主要就是出来一个各种文件信息…… +#: lib/verity/verity_fec.c:146 +#, fuzzy +msgid "Failed to allocate buffer." +msgstr "获取 (stat) 密钥文件统计数据失败。\n" + +#: lib/verity/verity_fec.c:156 +#, fuzzy, c-format +msgid "Failed to read RS block % byte %d." +msgstr "无法访问临时密钥存储设备。\n" + +#: lib/verity/verity_fec.c:169 +#, fuzzy, c-format +msgid "Failed to read parity for RS block %." +msgstr "无法访问临时密钥存储设备。\n" + +#: lib/verity/verity_fec.c:177 +#, fuzzy, c-format +msgid "Failed to repair parity for block %." +msgstr "无法访问临时密钥存储设备。\n" + +#: lib/verity/verity_fec.c:188 +#, fuzzy, c-format +msgid "Failed to write parity for RS block %." +msgstr "无法访问临时密钥存储设备。\n" + +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "" + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "" + +#: lib/verity/verity_fec.c:265 +#, fuzzy, c-format +msgid "Failed to determine size for device %s." +msgstr "打开临时密钥存储设备失败。\n" + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +#, fuzzy +msgid "Kernel does not support dm-integrity mapping." +msgstr "内核不支持 dm-verity 映射。\n" + +#: lib/integrity/integrity.c:277 +#, fuzzy +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "内核不支持 dm-verity 映射。\n" + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "无法获取设备 %s 上的写入锁。" + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" + +#: lib/luks2/luks2_json_format.c:227 +#, fuzzy +msgid "Requested data offset is too small." +msgstr "设备 %s 太小。" + +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "无法获取设备 %s 的读取锁。" + +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1208 +#, fuzzy +msgid "Data offset differ on device and backup, restore failed." +msgstr "源设备和备份上的数据偏移或密钥大小不符,恢复失败。\n" + +#: lib/luks2/luks2_json_metadata.c:1214 +#, fuzzy +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "源设备和备份上的数据偏移或密钥大小不符,恢复失败。\n" + +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "设备 %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +#, fuzzy +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "不包含 LUKS 标头。替换标头可能损毁设备上的数据。" + +#: lib/luks2/luks2_json_metadata.c:1223 +#, fuzzy +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "已包含 LUKS 标头。替换标头将损毁已存在的密钥槽。" + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "已忽略未知旗标 %s。" + +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "" + +# stat() 主要就是出来一个各种文件信息…… +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "设置 pbkdf 参数失败。" + +# stat() 主要就是出来一个各种文件信息…… +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +#, fuzzy +msgid "Failed to set dm-linear segment." +msgstr "设置 pbkdf 参数失败。" + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "读取 LUKS2 需求时失败。" + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "探测到未满足的 LUKS2 需求。" + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "密钥槽 %i: 已清除盐。" + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:480 +#, fuzzy +msgid "No space for new keyslot." +msgstr "交换新密钥槽失败。\n" + +#: lib/luks2/luks2_luks1_convert.c:482 +#, fuzzy, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "无法检查密码质量:%s\n" + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "无法移动密钥槽区域。空间不足。" + +#: lib/luks2/luks2_luks1_convert.c:599 +#, fuzzy +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "无法移动密钥槽区域。空间不足。" + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "无法移动密钥槽区域。" + +#: lib/luks2/luks2_luks1_convert.c:697 +#, fuzzy +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "LUKS 密钥槽 %u 无效。\n" + +#: lib/luks2/luks2_luks1_convert.c:705 +#, fuzzy +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "LUKS 密钥槽 %u 无效。\n" + +#: lib/luks2/luks2_luks1_convert.c:717 +#, fuzzy, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "LUKS 密钥槽 %u 无效。\n" + +#: lib/luks2/luks2_luks1_convert.c:725 +#, fuzzy, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "LUKS 密钥槽 %u 无效。\n" + +#: lib/luks2/luks2_luks1_convert.c:739 +#, fuzzy, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "LUKS 密钥槽 %u 无效。\n" + +#: lib/luks2/luks2_luks1_convert.c:744 +#, fuzzy, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "LUKS 密钥槽 %u 无效。\n" + +#: lib/luks2/luks2_luks1_convert.c:749 +#, fuzzy, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "LUKS 密钥槽 %u 无效。\n" + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:897 +#, fuzzy, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。" + +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "不支持的 LUKS 版本 %d。" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +#, fuzzy +msgid "Failed to initialize old segment storage wrapper." +msgstr "初始化默认 LUKS2 密钥槽参数失败。" + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "初始化默认 LUKS2 密钥槽参数失败。" + +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "从备份标头读取需求失败。" + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, fuzzy, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "无法访问临时密钥存储设备。\n" + +# stat() 主要就是出来一个各种文件信息…… +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "获取 (stat) 密钥文件统计数据失败。\n" + +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "无法获取设备 %s 上的写入锁。" + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "打开临时密钥存储设备失败。\n" + +#: lib/luks2/luks2_reencrypt.c:2060 +#, fuzzy +msgid "Failed to refresh reencryption devices stack." +msgstr "无法获取设备 %s 的读取锁。" + +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "交换新密钥槽失败。" + +#: lib/luks2/luks2_reencrypt.c:2318 +#, fuzzy, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。" + +#: lib/luks2/luks2_reencrypt.c:2339 +#, fuzzy, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。" + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, fuzzy, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "无法使用正被使用的设备 %s(已被映射或挂载)。" + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +#, fuzzy +msgid "Failed to load LUKS2 reencryption context." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "设备 %s 未激活。" + +#: lib/luks2/luks2_reencrypt.c:2630 +#, fuzzy +msgid "Reencryption process is already running." +msgstr "重加密已在进行中。" + +#: lib/luks2/luks2_reencrypt.c:2632 +#, fuzzy +msgid "Failed to acquire reencryption lock." +msgstr "无法获取写入设备锁。" + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2834 +#, fuzzy +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "重加密已在进行中。" + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2913 +#, fuzzy +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "初始化默认 LUKS2 密钥槽参数失败。" + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3046 +#, fuzzy +msgid "Failed to write reencryption resilience metadata." +msgstr "向新表头写入活动旗标失败。" + +#: lib/luks2/luks2_reencrypt.c:3053 +#, fuzzy +msgid "Decryption failed." +msgstr "修复失败。" + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "无法访问临时密钥存储设备。\n" + +# stat() 主要就是出来一个各种文件信息…… +#: lib/luks2/luks2_reencrypt.c:3063 +#, fuzzy +msgid "Failed to sync data." +msgstr "获取 (stat) 密钥文件信息失败。" + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "读取 LUKS2 需求时失败。" + +#: lib/luks2/luks2_reencrypt.c:3161 +#, fuzzy +msgid "Failed to wipe backup segment data." +msgstr "交换新密钥槽失败。" + +#: lib/luks2/luks2_reencrypt.c:3174 +#, fuzzy +msgid "Failed to disable reencryption requirement flag." +msgstr "读取 LUKS2 需求时失败。" + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "无法获取设备 %s 的读取锁。" + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +#, fuzzy +msgid "Failed to update reencryption context." +msgstr "打开 (open) 密钥文件失败。\n" + +#: lib/luks2/luks2_token.c:262 +#, fuzzy +msgid "No free token slot." +msgstr "交换新密钥槽失败。\n" + +# stat() 主要就是出来一个各种文件信息…… +#: lib/luks2/luks2_token.c:269 +#, fuzzy, c-format +msgid "Failed to create builtin token %s." +msgstr "获取 (stat) 密钥文件统计数据失败。\n" + +#: src/cryptsetup.c:164 +#, fuzzy +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "无法从非 TTY 输入验证密码。\n" + +#: src/cryptsetup.c:221 +#, fuzzy +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "此操作只适用 LUKS2 设备。" + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +#, fuzzy +msgid "No known cipher specification pattern detected." +msgstr "未探测到已知的密文特征。\n" + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "警告:在纯文本模式下指定密钥文件时将忽略参数 --hash。\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "警告:将忽略参数 --keyfile-size,读取大小应与加密密钥大小一致。\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "" + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "操作中止。\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "需要选项 --key-file。" + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "输入 VeraCrypt PIM: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "无效的 PIM 值:解析错误。" + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "无效的 PIM 值:0。" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "无效的 PIM 值:超出范围。" + +#: src/cryptsetup.c:472 +#, fuzzy +msgid "No device header detected with this passphrase." +msgstr "未从此密码中探测到设备标头。\n" + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "%s 不是有效的 LUKS 设备。" + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "" + +#: src/cryptsetup.c:838 +#, fuzzy +msgid "Benchmark interrupted." +msgstr "测试密文" + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "" + +#: src/cryptsetup.c:901 +#, fuzzy +msgid "Result of benchmark is not reliable." +msgstr "测试结果不可靠。\n" + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# 测试仅使用内存(无存储 IO)。\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, fuzzy, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "# 算法 | 密钥 | 加密 | 解密\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "密文 %s 不可用。\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +#, fuzzy +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# 算法 | 密钥 | 加密 | 解密\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "不可用" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "输入密钥槽 %u 的密码:" + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "确定要尝试修复 LUKS 设备标头吗?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, fuzzy, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "无法打开临时 LUKS 设备。\n" + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "" + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +#, fuzzy +msgid "Unsupported LUKS2 metadata size options." +msgstr "不支持的 LUKS 版本 %d。" + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "无法创建标头文件 %s。" + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +#, fuzzy +msgid "No known integrity specification pattern detected." +msgstr "未探测到已知的密文特征。\n" + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "无法将 %s 作为磁盘上的标头使用。" + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "这将覆盖 %s 上的数据,该动作不可取消。" + +# stat() 主要就是出来一个各种文件信息…… +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "设置 pbkdf 参数失败。" + +#: src/cryptsetup.c:1439 +#, fuzzy +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "仅已脱离的 LUKS 数据头可以使用缩减的数据偏移。\n" + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "" + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, fuzzy, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "已选中密钥槽 %d 以删除。\n" + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "这是最后一个密钥槽。设备在清空此密钥后将不可用。" + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "输入任意剩余的口令: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "输入要移除的口令: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "输入密钥槽的新口令: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "输入任意已存在的口令: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "输入要更改的口令: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "输入新口令: " + +#: src/cryptsetup.c:1927 +#, fuzzy +msgid "Enter passphrase for keyslot to be converted: " +msgstr "输入密钥槽 %u 的密码:" + +#: src/cryptsetup.c:1951 +#, fuzzy +msgid "Only one device argument for isLuks operation is supported." +msgstr "isLuks 操作仅支持一个设备参数。\n" + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "密钥槽 %d 未使用。\n" + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +#, fuzzy +msgid "Option --header-backup-file is required." +msgstr "必须指定 --header-backup-file 选项。\n" + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "" + +#: src/cryptsetup.c:2269 +#, fuzzy, c-format +msgid "Refresh is not supported for device type %s" +msgstr "设备 %s 不支持恢复。" + +#: src/cryptsetup.c:2311 +#, fuzzy, c-format +msgid "Unrecognized metadata device type %s." +msgstr "无法识别的元数据设备类型 %s。\n" + +#: src/cryptsetup.c:2314 +#, fuzzy +msgid "Command requires device and mapped name as arguments." +msgstr "命令需要设备及映射名作为参数。\n" + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"该操作将清空设备 %s 上所有的密钥槽。\n" +"设备在此操作后将不可用。" + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "操作已中止,密钥槽没有被擦除。\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "" + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "设备已为 %s 类型。" + +#: src/cryptsetup.c:2403 +#, fuzzy, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "不支持在 %s 加密设备上执行此操作。\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "选项 --priority、--label 或 --subsystem 缺失。" + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, fuzzy, c-format +msgid "Token %d is invalid." +msgstr "密钥槽 %d 无效。\n" + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, fuzzy, c-format +msgid "Token %d in use." +msgstr "密钥槽 %d 未使用。\n" + +# stat() 主要就是出来一个各种文件信息…… +#: src/cryptsetup.c:2493 +#, fuzzy, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "获取 (stat) 密钥文件统计数据失败。\n" + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, fuzzy, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "交换新密钥槽失败。\n" + +#: src/cryptsetup.c:2519 +#, fuzzy, c-format +msgid "Token %d is not in use." +msgstr "密钥槽 %d 未使用。\n" + +#: src/cryptsetup.c:2554 +#, fuzzy +msgid "Failed to import token from file." +msgstr "打开 (open) 密钥文件失败。" + +#: src/cryptsetup.c:2579 +#, fuzzy, c-format +msgid "Failed to get token %d for export." +msgstr "交换新密钥槽失败。\n" + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "" + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "" + +#: src/cryptsetup.c:2613 +#, fuzzy, c-format +msgid "Invalid token operation %s." +msgstr "设备 %s 无效。\n" + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "%s 不是有效的 LUKS 设备。" + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "无法获取设备 %s 上的写入锁。" + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "设备 %s 无效。" + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "此操作只适用 LUKS2 设备。" + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "请求的标头备份文件 %s 已存在。" + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "无法创建标头文件 %s。" + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +#, fuzzy +msgid "Not enough free keyslots for reencryption." +msgstr "不要更改密钥,无数据区重加密" + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "密钥文件只能在指定 --key-slot 时或有且只有一个槽启用时使用。" + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "输入密钥槽 %u 的口令: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "输入密钥槽 %u 的口令: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "命令需要设备及映射名作为参数。\n" + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "不支持带有完整性 profile 信息的设备的重加密。" + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +#, fuzzy +msgid "LUKS2 device is not in reencryption." +msgstr "日志文件 %s 存在,继续重加密。\n" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr "<设备> [--type <类型>] [<名称>]" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "以 <名称> 打开设备" + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "<名称>" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "关闭设备(移除映射)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "改变活动设备大小。" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "显示设备状态" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "测试密文" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "<设备>" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "尝试修复磁盘上的元数据" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "向 LUKS 设备添加密钥" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "清空所有密钥槽(移除加密密钥)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "在 LUKS 和 LUKS2 格式之间转换" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr "<设备> [<新密钥文件>]" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "格式化一个 LUKS 设备" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "向 LUKS 设备添加密钥" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr "<设备> [<密钥文件>]" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "移除 LUKS 设备中指定的密钥或密钥文件" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "更改 LUKS 设备中指定的密钥或密钥文件" + +# stat() 主要就是出来一个各种文件信息…… +#: src/cryptsetup.c:3360 +#, fuzzy +msgid "converts a key to new pbkdf parameters" +msgstr "获取 (stat) 密钥文件统计数据失败。\n" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr "<设备> <密钥槽>" + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "从 LUKS 设备清理标号为 的密钥" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "输出 LUKS 设备的 UUID(唯一标识符)" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "从 探测 LUKS 分区标头" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "调出 LUKS 分区信息" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "调出 TCRYPT 设备信息" + +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "调出 TCRYPT 设备信息" + +#: src/cryptsetup.c:3367 +#, fuzzy +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "挂起 LUKS 设备并清除密钥(冻结所有 IO 操作)。" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "恢复已挂起的 LUKS 设备" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "备份 LUKS 设备标头和密钥槽" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "恢复 LUKS 设备标头和密钥槽" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr "" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +"<动作> 为其中之一:\n" + +#: src/cryptsetup.c:3395 +#, fuzzy +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"你亦可使用老的 <动作> 语法别名:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" 为要在 %s 创建的设备\n" +" 为加密设备\n" +" 为需要更改的 LUKS 密钥槽\n" +" 提供给 luksAddKey 动作的密钥文件\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" + +#: src/cryptsetup.c:3411 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"默认集成的密钥和密码参数:\n" +"\t密钥文件的最大大小:%dkB, 交互式密码的最大长度:%d (字符)\n" +"LUKS 的默认 PBKDF2 迭代时间:%d (毫秒)\n" + +#: src/cryptsetup.c:3422 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"默认集成的设备密文参数:\n" +"\tloop-AES:%s, %d 位密钥\n" +"\tplain:%s, 密钥:%d 位, 密码哈希:%s\n" +"\tLUKS1:%s, 密钥:%d bits, LUKS 数据头哈希:%s, RNG:%s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: 需要 %s 作为参数" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "显示此帮助" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "显示简短用法" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "打印软件包版本" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "帮助选项:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "显示更详细的错误信息" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "显示调试信息" + +#: src/cryptsetup.c:3489 +#, fuzzy +msgid "Show debug messages including JSON metadata" +msgstr "显示调试信息" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "用于加密磁盘的密文(参见 /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "用于从密码创建加密密钥的哈希值" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "两次询问密码以进行验证" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "从文件读取密钥" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "从文件读取卷(主)密钥。" + +#: src/cryptsetup.c:3495 +#, fuzzy +msgid "Dump volume (master) key instead of keyslots info" +msgstr "转储卷(主)密钥而不是键槽信息。" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "加密密钥大小" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "位" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "限制从密钥文件读取" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "字节" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "要从密钥文件跳过的字节数" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "限制从新增密钥文件的读取" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "要从新增密钥文件跳过的字节数" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "新密钥的槽号(默认为第一个可用的)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "设备大小" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "扇区" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "只使用指定的设备大小(忽略设备其余部分)。危险!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "后端设备的起始偏移量" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "从开头要跳过的加密数据扇区数量" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "创建只读映射" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "不要请求确认" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "交互式密码提示符超时长度(秒)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "秒" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "输入密码的最大重试频率" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "于 个扇区边界处对其载荷数据 - 供 luks 格式用" + +#: src/cryptsetup.c:3512 +#, fuzzy +msgid "File with LUKS header and keyslots backup" +msgstr "带有 LUKS 数据头和密钥槽备份的文件。" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "使用 /dev/random 生成卷密钥" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "使用 /dev/urandom 生成卷密钥" + +#: src/cryptsetup.c:3515 +#, fuzzy +msgid "Share device with another non-overlapping crypt segment" +msgstr "与另一个不重合的加密段共享设备。" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +#, fuzzy +msgid "UUID for device to use" +msgstr "设备使用的 UUID 已占用。" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +#, fuzzy +msgid "Allow discards (aka TRIM) requests for device" +msgstr "允许设备的 discard(或称 TRIM)请求。" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +#, fuzzy +msgid "Device or file with separated LUKS header" +msgstr "带有分离 LUKS 数据头的设备或文件。" + +#: src/cryptsetup.c:3519 +#, fuzzy +msgid "Do not activate device, just check passphrase" +msgstr "不要激活设备,仅检查密码。" + +#: src/cryptsetup.c:3520 +#, fuzzy +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "使用隐藏数据头(隐藏 TCRYPT 设备)" + +#: src/cryptsetup.c:3521 +#, fuzzy +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "设备为系统 TCRYPT 驱动器(带有引导器)。" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "使用备份(次级)TCRYPT 标头" + +#: src/cryptsetup.c:3523 +#, fuzzy +msgid "Scan also for VeraCrypt compatible device" +msgstr "同时扫描 VeraCrypt 兼容的设备。" + +#: src/cryptsetup.c:3524 +#, fuzzy +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "同时扫描 VeraCrypt 兼容的设备。" + +#: src/cryptsetup.c:3525 +#, fuzzy +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "同时扫描 VeraCrypt 兼容的设备。" + +#: src/cryptsetup.c:3526 +#, fuzzy +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "设备元数据类型:luks, 纯粹 (plain), loopaes, tcrypt." + +#: src/cryptsetup.c:3527 +#, fuzzy +msgid "Disable password quality check (if enabled)" +msgstr "禁用密码质量检查 (如果已启用)。" + +#: src/cryptsetup.c:3528 +#, fuzzy +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "使用 dm-crypt same_cpu_crypt 性能兼容性选项。" + +#: src/cryptsetup.c:3529 +#, fuzzy +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "使用 dm-crypt submit_from_crypt_cpus 性能兼容性选项。" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "LUKS 默认 PBKDF 迭代时间(毫秒)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "毫秒" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "PBKDF 内存开销限制" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "千字节" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "PBKDF 并行开销" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "线程" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "" + +#: src/cryptsetup.c:3538 +#, fuzzy +msgid "Disable locking of on-disk metadata" +msgstr "尝试修复磁盘上的元数据" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +#, fuzzy +msgid "Disable journal for integrity device" +msgstr "为 VERITY 设备提供的大小指标无效。\n" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "" + +#: src/cryptsetup.c:3550 +#, fuzzy +msgid "Set label for the LUKS2 device" +msgstr "格式化一个 LUKS 设备" + +#: src/cryptsetup.c:3551 +#, fuzzy +msgid "Set subsystem label for the LUKS2 device" +msgstr "格式化一个 LUKS 设备" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "" + +#: src/cryptsetup.c:3553 +#, fuzzy +msgid "Read or write the json from or to a file" +msgstr "从文件读取密钥" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "" + +#: src/cryptsetup.c:3555 +#, fuzzy +msgid "LUKS2 header keyslots area size" +msgstr "带有 LUKS 数据头和密钥槽备份的文件。" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "" + +#: src/cryptsetup.c:3557 +#, fuzzy +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "加密密钥大小" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "" + +#: src/cryptsetup.c:3559 +#, fuzzy +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "永久解密设备(移除加密)" + +#: src/cryptsetup.c:3560 +#, fuzzy +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "永久解密设备(移除加密)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "减少数据设备大小(移动数据偏移量)。危险!" + +#: src/cryptsetup.c:3564 +#, fuzzy +msgid "Maximal reencryption hotzone size." +msgstr "重加密块大小" + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" + +#: src/cryptsetup.c:3566 +#, fuzzy +msgid "Reencryption hotzone checksums hash" +msgstr "重加密块大小" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[选项…] <动作> <动作特定参数>" + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "缺失参数 <动作>。" + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "未知动作。" + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "选项 --shared 只适用于打开纯设备。\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." +msgstr "选项 --shared 只适用于打开纯设备。\n" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/cryptsetup.c:3743 +#, fuzzy +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/cryptsetup.c:3753 +#, fuzzy +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"选项 --key-size 只能用于 luksFormat, 打开和性能测试。\n" +"要限制密钥文件读取请使用 --keyfile-size=(字节数)。" + +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "选项 --align-payload 只允许用于 luksFormat。" + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "" + +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "选项 --uuid 只允许用于 luksFormat 和 luksUUID。" + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "选项 --test-passphrase 只能用于打开 LUKS 和 TCRYPT 设备。\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "密钥尺寸必须是 8 的倍数" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "密钥槽无效。" + +#: src/cryptsetup.c:3794 +#, fuzzy +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "选项 --key-file 优先使用指定的密钥文件参数。\n" + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "不允许在选项中填入负数。" + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "只允许存在一个 --key-file 选项。" + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "--use-[u]random 选项只能用一处。" + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "选项 --use-[u]random 只适用于 luksFormat。" + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "选项 --uuid 只允许用于 luksFormat 和 luksUUID。" + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "选项 --align-payload 只允许用于 luksFormat。" + +#: src/cryptsetup.c:3825 +#, fuzzy +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "选项 --uuid 只允许用于 luksFormat 和 luksUUID。" + +#: src/cryptsetup.c:3830 +#, fuzzy +msgid "Invalid LUKS2 metadata size specification." +msgstr "无效的设备大小指标。" + +#: src/cryptsetup.c:3834 +#, fuzzy +msgid "Invalid LUKS2 keyslots size specification." +msgstr "无效的设备大小指标。" + +#: src/cryptsetup.c:3838 +#, fuzzy +msgid "Options --align-payload and --offset cannot be combined." +msgstr "选项 --align-payload 只允许用于 luksFormat。" + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "选项 --skip 只适用于打开纯设备和 loopaes 设备。\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "选项 --offset 只适用于打开纯设备和 loopaes 设备。\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "选项 --tcrypt-hidden, --tcrypt-system 或 --tcrypt-backup 只支持 TCRYPT 设备。\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "选项 --tcrypt-hidden 不能与 --allow-discards 共用。\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n" + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "" + +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n" + +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n" + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "" + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "不支持在这类设备上执行此操作。\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "" + +#: src/cryptsetup.c:3944 +#, fuzzy +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "选项 --new 不可与 --decrypt 共用。" + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "选项 --new 不可与 --decrypt 共用。" + +#: src/cryptsetup.c:3960 +#, fuzzy +msgid "Cannot disable metadata locking." +msgstr "无法禁用元数据锁定。\n" + +#: src/cryptsetup.c:3970 +#, fuzzy +msgid "Invalid max reencryption hotzone size specification." +msgstr "无效的设备大小指标。" + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "无效的设备大小指标。" + +#: src/cryptsetup.c:3981 +#, fuzzy +msgid "Maximum device reduce size is 1 GiB." +msgstr "最大设备缩减大小为 64 MiB。" + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "缩减大小必须为 512 字节扇区的倍数。" + +#: src/cryptsetup.c:3989 +#, fuzzy +msgid "Invalid data size specification." +msgstr "无效的设备大小指标。" + +#: src/cryptsetup.c:3994 +#, fuzzy +msgid "Reduce size overflow." +msgstr "设备偏移量溢出。" + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "" + +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "缩减大小必须为 512 字节扇区的倍数。" + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4014 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "" + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "指定了无效的盐字串。" + +#: src/veritysetup.c:97 +#, fuzzy, c-format +msgid "Cannot create hash image %s for writing." +msgstr "无法为创建哈希映像 %s 以供写入。\n" + +#: src/veritysetup.c:107 +#, fuzzy, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "无法为创建哈希映像 %s 以供写入。\n" + +#: src/veritysetup.c:179 +#, fuzzy +msgid "Invalid root hash string specified." +msgstr "指定了无效的根哈希值字串。\n" + +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "设备 %s 无效。" + +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "" +"无法读取密钥文件 %s。\n" +"\n" + +#: src/veritysetup.c:392 +msgid " " +msgstr "<数据设备> <哈希设备>" + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "格式化设备" + +#: src/veritysetup.c:393 +msgid " " +msgstr "<数据设备> <哈希设备> <根哈希值>" + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "验证设备" + +#: src/veritysetup.c:394 +#, fuzzy +msgid " " +msgstr "<数据设备> <哈希设备> <根哈希值>" + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "显示已激活的设备信息" + +#: src/veritysetup.c:397 +msgid "" +msgstr "<哈希设备>" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "显示磁盘上的信息" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +"<名称> 是在 %s 下要创建的设备\n" +"<数据设备> 就是数据设备\n" +"<哈希设备> 是含有验证信息的设备\n" +"<根哈希值> 是 <哈希设备> 根节点的哈希值\n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"编译时决定的默认 dm-verify 参数:\n" +"\t哈希: %s, 数据块 (字节): %u, 哈希块 (字节): %u, 盐大小: %u, 哈希格式: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "不使用真理超级块" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "格式类型 (1 - 正常, 0 - 原版 Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "数字" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "数据设备的块大小" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "哈希设备的块大小" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "FEC 校验字节" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "数据文件的块数量" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "块" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "哈希设备开始位置偏移量" + +#: src/veritysetup.c:474 +#, fuzzy +msgid "Starting offset on the FEC device" +msgstr "哈希设备开始位置偏移量" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "哈希算法" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "字符串" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "盐" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "十六进制字符串" + +#: src/veritysetup.c:478 +#, fuzzy +msgid "Path to root hash signature file" +msgstr "创建哈希区失败。" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "忽略数据损坏,仅对其进行日志记录" + +#: src/veritysetup.c:481 +#, fuzzy +msgid "Do not verify zeroed blocks" +msgstr "不使用真理超级块" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/veritysetup.c:592 +#, fuzzy +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, fuzzy, c-format +msgid "Cannot read keyfile %s." +msgstr "" +"无法读取密钥文件 %s。\n" +"\n" + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, fuzzy, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "无法从密钥文件 %2$s 读取 %1$d 字节。\n" + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +#, fuzzy +msgid "" +msgstr "验证设备" + +#: src/integritysetup.c:480 +msgid " " +msgstr "" + +#: src/integritysetup.c:502 +#, fuzzy, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +"<名称> 是在 %s 下要创建的设备\n" +"<数据设备> 就是数据设备\n" +"<哈希设备> 是含有验证信息的设备\n" +"<根哈希值> 是 <哈希设备> 根节点的哈希值\n" + +#: src/integritysetup.c:507 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"编译时决定的默认 dm-verify 参数:\n" +"\t哈希: %s, 数据块 (字节): %u, 哈希块 (字节): %u, 盐大小: %u, 哈希格式: %u\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "日志大小" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "日志提交时间" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "扇区大小" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "缓冲大小" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "数据完整性校验算法" + +#: src/integritysetup.c:562 +#, fuzzy +msgid "The size of the data integrity key" +msgstr "加密密钥大小" + +#: src/integritysetup.c:563 +#, fuzzy +msgid "Read the integrity key from a file" +msgstr "从文件读取密钥。" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "" + +#: src/integritysetup.c:566 +#, fuzzy +msgid "The size of the journal integrity key" +msgstr "加密密钥大小" + +#: src/integritysetup.c:567 +#, fuzzy +msgid "Read the journal integrity key from a file" +msgstr "从文件读取密钥。" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "日志加密算法" + +#: src/integritysetup.c:570 +#, fuzzy +msgid "The size of the journal encryption key" +msgstr "加密密钥大小" + +#: src/integritysetup.c:571 +#, fuzzy +msgid "Read the journal encryption key from a file" +msgstr "从文件读取密钥。" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "" + +#: src/integritysetup.c:575 +#, fuzzy +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "为 VERITY 设备提供的大小指标无效。\n" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "" + +#: src/integritysetup.c:649 +#, fuzzy +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "选项 --allow-discards 只适用于打开操作。\n" + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "" + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "无效的日志大小指标。" + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "密钥文件和密钥大小选项均必须指定。" + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "" + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "" + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "如果使用了日志加密密钥,则必须指定日志完整性校验算法。" + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "日志加密密钥文件和密钥大小选项均必须指定。" + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "如果使用了日志加密密钥,则必须指定日志加密算法。" + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "" + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "" + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "重加密已在进行中。" + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "无法独占打开 %s,设备正在使用中。" + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "分配对齐内存失败。" + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "无法读取设备 %s。" + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "正在标记 LUKS1 设备 %s 为不可用状态。" + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "正在设备 %s 上设定 LUKS2 离线重加密旗标。" + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "无法写入设备 %s。" + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "无法写入重加密日志文件。" + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "无法读取重加密日志文件。" + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "日志文件 %s 存在,继续重加密。\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "正使用旧 LUKS 标头激活临时设备。" + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "正使用新 LUKS 标头激活临时设备。" + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "激活临时设备失败。" + +# stat() 主要就是出来一个各种文件信息…… +#: src/cryptsetup_reencrypt.c:559 +#, fuzzy +msgid "Failed to set data offset." +msgstr "获取 (stat) 密钥文件信息失败。" + +# stat() 主要就是出来一个各种文件信息…… +#: src/cryptsetup_reencrypt.c:565 +#, fuzzy +msgid "Failed to set metadata size." +msgstr "获取 (stat) 密钥文件信息失败。" + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "已创建设备 %s 的新 LUKS 标头。" + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "该版本的 cryptsetup-reencrypt 无法处理新的内部 token 类型 %s。" + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "从备份标头读取活动旗标失败。" + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "向新表头写入活动旗标失败。" + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "从备份标头读取需求失败。" + +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "已创建 %s 标头备份(对应设备 %s)。" + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "LUKS 备份标头创建失败。" + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "无法恢复 %s 标头(在设备 %s 上)。" + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "已恢复 %s 标头(在设备 %s 上)。" + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "无法打开临时 LUKS 设备。" + +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "无法获取设备大小。" + +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "重加密时发生 IO 错误。" + +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "提供的 UUID 无效。" + +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "无法打开重加密日志文件。" + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "没有正在进行中的解密操作,提供的 UUID 仅能用于继续已挂起的解密操作。" + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "已在密钥槽 %i 更改 pbkdf 参数。" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "重加密块大小" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" + +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "不要更改密钥,无数据区重加密" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "从文件读取卷(主)密钥" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "LUKS 默认 PBKDF2 迭代时间(毫秒)" + +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "在访问设备时使用 direct-io" + +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "在每个数据块后使用 fsync" + +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "在每个数据块后更新日志文件" + +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "仅使用这个密钥槽(其他的密钥槽将被禁用)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "在未加密的设备上创建新的标头" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "永久解密设备(移除加密)" + +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "用于继续解密的 UUID" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "LUKS 元数据类型:luks1、luks2" + +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[选项...] <设备>" + +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "重加密会改变:%s%s%s%s%s%s。" + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "卷密钥" + +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "设置哈希值为 " + +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ",设定密文为 " + +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "需要参数。" + +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "重加密块大小只能是 1 MiB 到 64 MiB 之间的值。" + +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "最大设备缩减大小为 64 MiB。" + +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "选项 --new 必须与 --reduce-device-size 或 --header 共用。" + +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "选项 --keep-key 只能与 --hash、--iter-time 或 --pbkdf-force-iterations 共用。" + +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "选项 --new 不可与 --decrypt 共用。" + +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "选项 --decrypt 与选定参数不兼容。" + +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "选项 --uuid 不可与 --decrypt 共用。" + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "无效的 luks 类型。请使用下列选项之一:'luks'、'luks1' 或 'luks2'。" + +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "从终端读取响应时失败。" + +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "命令成功。\n" + +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "错误或缺失的参数" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "无权限或口令错误" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "内存耗尽" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "指定了错误的设备或文件" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "设备已存在或设备正忙" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "未知错误" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "命令失败,代码 %i(%s)。\n" + +#: src/utils_tools.c:283 +#, fuzzy, c-format +msgid "Key slot %i created." +msgstr "密钥槽 %d 已改变。" + +#: src/utils_tools.c:285 +#, fuzzy, c-format +msgid "Key slot %i unlocked." +msgstr "密钥槽 %d 已解锁。" + +#: src/utils_tools.c:287 +#, fuzzy, c-format +msgid "Key slot %i removed." +msgstr "密钥槽 %d 已解锁。" + +#: src/utils_tools.c:296 +#, fuzzy, c-format +msgid "Token %i created." +msgstr "密钥槽 %d 未使用。\n" + +#: src/utils_tools.c:298 +#, fuzzy, c-format +msgid "Token %i removed." +msgstr "密钥槽 %d 未使用。\n" + +#: src/utils_tools.c:464 +#, fuzzy +msgid "" +"\n" +"Wipe interrupted." +msgstr "测试密文" + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +#, fuzzy +msgid "Failed to initialize device signature probes." +msgstr "初始化默认 LUKS2 密钥槽参数失败。" + +# stat() 主要就是出来一个各种文件信息…… +#: src/utils_tools.c:548 +#, fuzzy, c-format +msgid "Failed to stat device %s." +msgstr "获取 (stat) 密钥文件信息失败。" + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "" + +#: src/utils_tools.c:563 +#, fuzzy, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "无法打开密钥文件 %s 以供写入。" + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:583 +#, fuzzy +msgid "Failed to wipe device signature." +msgstr "无法获取写入设备锁。" + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "" + +#: src/utils_tools.c:629 +#, fuzzy +msgid "" +"\n" +"Reencryption interrupted." +msgstr "测试密文" + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "无法检查密码质量:%s" + +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"密码质量检查失败:\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "密码质量检查失败:无效密码 (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "从终端读取口令时出错。" + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "确认密码:" + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "口令不匹配。" + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "不能将偏移量用于终端输入。" + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "输入口令:" + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "输入 %s 的口令:" + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "此口令无可用的密钥。" + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "" + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "无法打开密钥文件 %s 以供写入。" + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "无法写入密钥文件 %s。" + +#: src/utils_luks2.c:47 +#, fuzzy, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "打开 (open) 密钥文件失败。" + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "" + +#: src/utils_luks2.c:67 +#, fuzzy +msgid "Failed to read JSON file." +msgstr "打开 (open) 密钥文件失败。" + +#: src/utils_luks2.c:72 +#, fuzzy +msgid "" +"\n" +"Read interrupted." +msgstr "测试密文" + +#: src/utils_luks2.c:113 +#, fuzzy, c-format +msgid "Failed to open file %s in write mode." +msgstr "无法打开密钥文件 %s 以供写入。" + +#: src/utils_luks2.c:122 +#, fuzzy +msgid "" +"\n" +"Write interrupted." +msgstr "测试密文" + +#: src/utils_luks2.c:126 +#, fuzzy +msgid "Failed to write JSON file." +msgstr "打开 (open) 密钥文件失败。" + +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "无法格式化正在使用的设备 %s。" + +#~ msgid "Replaced with key slot %d." +#~ msgstr "替换为密钥槽 %d。" + +#~ msgid "Key slot %d is not used." +#~ msgstr "密钥槽 %d 未使用。" + +#~ msgid "Function not available in FIPS mode." +#~ msgstr "功能在 FIPS 模式无效。" + +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "设备 %s 过小。(LUKS2 需要至少 % 字节。)" + +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "已选中密钥槽 %d 以供删除。" + +#~ msgid "open device as mapping " +#~ msgstr "以映射 <名称> 打开设备" + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "不支持的加密扇区大小。\n" + +#, fuzzy +#~| msgid "close device (remove mapping)" +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "关闭设备(移除映射)" + +# stat() 主要就是出来一个各种文件信息…… +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "设置 pbkdf 参数失败。" + +#~ msgid "Activated keyslot %i." +#~ msgstr "已激活密钥槽 %i。" + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "无法寻找到设备偏移位置。\n" + +#~ msgid "Interrupted by a signal." +#~ msgstr "被信号中断。" + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "在 action_luksFormat 中发生内存分配错误" + +#, fuzzy +#~| msgid "Key slot is invalid." +#~ msgid "Key slot is invalid.\n" +#~ msgstr "密钥槽无效。" + +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "找不到空闲的回环设备。\n" + +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "VERITY 卷上的目录树层级过多。\n" + +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "无法清除未激活的密钥 %d。\n" + +#~ msgid " " +#~ msgstr "<名称> <数据设备> <哈希设备> <根哈希值>" + +#~ msgid "create active device" +#~ msgstr "创建已激活的设备" + +#~ msgid "remove (deactivate) device" +#~ msgstr "移除(禁用)设备" + +#~ msgid "Cannot open device %s\n" +#~ msgstr "无法打开设备 %s。\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "正将 LUKS 设备 %s 标为可用。\n" + +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "进度:%5.1f%%, 生育 %02llu:%02llu, %4llu MiB 已写入, 速度 %5.1f MiB/s%s" + +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "警告:此为实验性代码,实验性代码可能完全损毁你的数据。\n" diff --git a/python/Makefile.am b/python/Makefile.am deleted file mode 100644 index ab61082..0000000 --- a/python/Makefile.am +++ /dev/null @@ -1,16 +0,0 @@ -AM_CPPFLAGS = -include $(top_srcdir)/config.h -I$(top_srcdir)/lib $(PYTHON_INCLUDES) -EXTRA_DIST = pycryptsetup-test.py -CLEANFILES = *.img - -if PYTHON_CRYPTSETUP -TESTS = pycryptsetup-test.py - -pyexec_LTLIBRARIES = pycryptsetup.la - -pycryptsetup_la_SOURCES = pycryptsetup.c -pycryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) $(PYTHON_CPPFLAGS) -fno-strict-aliasing -pycryptsetup_la_LDFLAGS = -avoid-version -module -shared -export-dynamic -pycryptsetup_la_LIBADD = $(top_builddir)/lib/libcryptsetup.la $(PYTHON_LIBS) -else -all: -endif diff --git a/python/Makefile.in b/python/Makefile.in deleted file mode 100644 index 05c183a..0000000 --- a/python/Makefile.in +++ /dev/null @@ -1,825 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = python -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(pyexecdir)" -LTLIBRARIES = $(pyexec_LTLIBRARIES) -am__DEPENDENCIES_1 = -@PYTHON_CRYPTSETUP_TRUE@pycryptsetup_la_DEPENDENCIES = \ -@PYTHON_CRYPTSETUP_TRUE@ $(top_builddir)/lib/libcryptsetup.la \ -@PYTHON_CRYPTSETUP_TRUE@ $(am__DEPENDENCIES_1) -am__pycryptsetup_la_SOURCES_DIST = pycryptsetup.c -@PYTHON_CRYPTSETUP_TRUE@am_pycryptsetup_la_OBJECTS = \ -@PYTHON_CRYPTSETUP_TRUE@ pycryptsetup_la-pycryptsetup.lo -pycryptsetup_la_OBJECTS = $(am_pycryptsetup_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -pycryptsetup_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(pycryptsetup_la_LDFLAGS) $(LDFLAGS) \ - -o $@ -@PYTHON_CRYPTSETUP_TRUE@am_pycryptsetup_la_rpath = -rpath $(pyexecdir) -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(pycryptsetup_la_SOURCES) -DIST_SOURCES = $(am__pycryptsetup_la_SOURCES_DIST) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__tty_colors_dummy = \ - mgn= red= grn= lgn= blu= brg= std=; \ - am__color_tests=no -am__tty_colors = { \ - $(am__tty_colors_dummy); \ - if test "X$(AM_COLOR_TESTS)" = Xno; then \ - am__color_tests=no; \ - elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ - am__color_tests=yes; \ - elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ - am__color_tests=yes; \ - fi; \ - if test $$am__color_tests = yes; then \ - red=''; \ - grn=''; \ - lgn=''; \ - blu=''; \ - mgn=''; \ - brg=''; \ - std=''; \ - fi; \ -} -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CPPFLAGS = -include $(top_srcdir)/config.h -I$(top_srcdir)/lib $(PYTHON_INCLUDES) -EXTRA_DIST = pycryptsetup-test.py -CLEANFILES = *.img -@PYTHON_CRYPTSETUP_TRUE@TESTS = pycryptsetup-test.py -@PYTHON_CRYPTSETUP_TRUE@pyexec_LTLIBRARIES = pycryptsetup.la -@PYTHON_CRYPTSETUP_TRUE@pycryptsetup_la_SOURCES = pycryptsetup.c -@PYTHON_CRYPTSETUP_TRUE@pycryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) $(PYTHON_CPPFLAGS) -fno-strict-aliasing -@PYTHON_CRYPTSETUP_TRUE@pycryptsetup_la_LDFLAGS = -avoid-version -module -shared -export-dynamic -@PYTHON_CRYPTSETUP_TRUE@pycryptsetup_la_LIBADD = $(top_builddir)/lib/libcryptsetup.la $(PYTHON_LIBS) -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu python/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -install-pyexecLTLIBRARIES: $(pyexec_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(pyexec_LTLIBRARIES)'; test -n "$(pyexecdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(pyexecdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(pyexecdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pyexecdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pyexecdir)"; \ - } - -uninstall-pyexecLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(pyexec_LTLIBRARIES)'; test -n "$(pyexecdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pyexecdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pyexecdir)/$$f"; \ - done - -clean-pyexecLTLIBRARIES: - -test -z "$(pyexec_LTLIBRARIES)" || rm -f $(pyexec_LTLIBRARIES) - @list='$(pyexec_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -pycryptsetup.la: $(pycryptsetup_la_OBJECTS) $(pycryptsetup_la_DEPENDENCIES) $(EXTRA_pycryptsetup_la_DEPENDENCIES) - $(AM_V_CCLD)$(pycryptsetup_la_LINK) $(am_pycryptsetup_la_rpath) $(pycryptsetup_la_OBJECTS) $(pycryptsetup_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pycryptsetup_la-pycryptsetup.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -pycryptsetup_la-pycryptsetup.lo: pycryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pycryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pycryptsetup_la-pycryptsetup.lo -MD -MP -MF $(DEPDIR)/pycryptsetup_la-pycryptsetup.Tpo -c -o pycryptsetup_la-pycryptsetup.lo `test -f 'pycryptsetup.c' || echo '$(srcdir)/'`pycryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pycryptsetup_la-pycryptsetup.Tpo $(DEPDIR)/pycryptsetup_la-pycryptsetup.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pycryptsetup.c' object='pycryptsetup_la-pycryptsetup.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pycryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pycryptsetup_la-pycryptsetup.lo `test -f 'pycryptsetup.c' || echo '$(srcdir)/'`pycryptsetup.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; \ - srcdir=$(srcdir); export srcdir; \ - list=' $(TESTS) '; \ - $(am__tty_colors); \ - if test -n "$$list"; then \ - for tst in $$list; do \ - if test -f ./$$tst; then dir=./; \ - elif test -f $$tst; then dir=; \ - else dir="$(srcdir)/"; fi; \ - if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \ - all=`expr $$all + 1`; \ - case " $(XFAIL_TESTS) " in \ - *[\ \ ]$$tst[\ \ ]*) \ - xpass=`expr $$xpass + 1`; \ - failed=`expr $$failed + 1`; \ - col=$$red; res=XPASS; \ - ;; \ - *) \ - col=$$grn; res=PASS; \ - ;; \ - esac; \ - elif test $$? -ne 77; then \ - all=`expr $$all + 1`; \ - case " $(XFAIL_TESTS) " in \ - *[\ \ ]$$tst[\ \ ]*) \ - xfail=`expr $$xfail + 1`; \ - col=$$lgn; res=XFAIL; \ - ;; \ - *) \ - failed=`expr $$failed + 1`; \ - col=$$red; res=FAIL; \ - ;; \ - esac; \ - else \ - skip=`expr $$skip + 1`; \ - col=$$blu; res=SKIP; \ - fi; \ - echo "$${col}$$res$${std}: $$tst"; \ - done; \ - if test "$$all" -eq 1; then \ - tests="test"; \ - All=""; \ - else \ - tests="tests"; \ - All="All "; \ - fi; \ - if test "$$failed" -eq 0; then \ - if test "$$xfail" -eq 0; then \ - banner="$$All$$all $$tests passed"; \ - else \ - if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ - banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ - fi; \ - else \ - if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all $$tests failed"; \ - else \ - if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ - banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ - fi; \ - fi; \ - dashes="$$banner"; \ - skipped=""; \ - if test "$$skip" -ne 0; then \ - if test "$$skip" -eq 1; then \ - skipped="($$skip test was not run)"; \ - else \ - skipped="($$skip tests were not run)"; \ - fi; \ - test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ - dashes="$$skipped"; \ - fi; \ - report=""; \ - if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ - report="Please report to $(PACKAGE_BUGREPORT)"; \ - test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ - dashes="$$report"; \ - fi; \ - dashes=`echo "$$dashes" | sed s/./=/g`; \ - if test "$$failed" -eq 0; then \ - col="$$grn"; \ - else \ - col="$$red"; \ - fi; \ - echo "$${col}$$dashes$${std}"; \ - echo "$${col}$$banner$${std}"; \ - test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ - test -z "$$report" || echo "$${col}$$report$${std}"; \ - echo "$${col}$$dashes$${std}"; \ - test "$$failed" -eq 0; \ - else :; fi - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-TESTS -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: - for dir in "$(DESTDIR)$(pyexecdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-pyexecLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: install-pyexecLTLIBRARIES - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-pyexecLTLIBRARIES - -.MAKE: check-am install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-generic clean-libtool clean-pyexecLTLIBRARIES \ - cscopelist-am ctags ctags-am distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am \ - install-pyexecLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am \ - uninstall-pyexecLTLIBRARIES - -@PYTHON_CRYPTSETUP_FALSE@all: - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/python/pycryptsetup-test.py b/python/pycryptsetup-test.py deleted file mode 100755 index c57348b..0000000 --- a/python/pycryptsetup-test.py +++ /dev/null @@ -1,133 +0,0 @@ -#!/usr/bin/python -# -# Python bindings to libcryptsetup test -# -# Copyright (C) 2011-2014, Red Hat, Inc. All rights reserved. -# -# This file is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This file is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this file; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -from __future__ import print_function - -import sys -import os - -sys.path.insert(0, ".libs") -import pycryptsetup - -IMG = "test.img" -PASSWORD = "password" -PASSWORD2 = "password2" -DEVICE = "pycryptsetup_test_dev" - -def log(level, txt): - if level == pycryptsetup.CRYPT_LOG_ERROR: - print(txt,end="") - return - -def askyes(txt): - print("Question:", txt) - return 1 - -def askpassword(txt): - return PASSWORD - -def print_status(c): - r = c.status() - print("status :",end="") - if r == pycryptsetup.CRYPT_ACTIVE: - print("ACTIVE") - elif r == pycryptsetup.CRYPT_INACTIVE: - print("INACTIVE") - else: - print("ERROR") - return - -if os.geteuid() != 0: - print("WARNING: You must be root to run this test, test skipped.") - sys.exit(0) - -os.system("dd if=/dev/zero of=" + IMG + " bs=1M count=32 >/dev/null 2>&1") - -c = pycryptsetup.CryptSetup( - device = IMG, - name = DEVICE, - yesDialog = askyes, - logFunc = log, - passwordDialog = askpassword) - -#c.debugLevel(pycryptsetup.CRYPT_DEBUG_ALL); -c.debugLevel(pycryptsetup.CRYPT_DEBUG_NONE); -c.iterationTime(1) -r = c.isLuks() -print("isLuks :", r) -c.askyes(message = "Is there anybody out there?") -c.log(priority = pycryptsetup.CRYPT_LOG_ERROR, message = "Nobody there...\n") -c.luksFormat(cipher = "aes", cipherMode= "xts-plain64", keysize = 512) -print("isLuks :", c.isLuks()) -print("luksUUID:", c.luksUUID()) -print("addKeyVK:", c.addKeyByVolumeKey(newPassphrase = PASSWORD, slot = 2)) -print("addKeyP :", c.addKeyByPassphrase(passphrase = PASSWORD, - newPassphrase = PASSWORD2, slot = 3)) -print("removeP :", c.removePassphrase(passphrase = PASSWORD2)) -print("addKeyP :", c.addKeyByPassphrase(PASSWORD, PASSWORD2)) -# original api required wrong passphrase parameter here -# print "killSlot:", c.killSlot(passphrase = "xxx", slot = 0) -print("killSlot:", c.killSlot(slot = 0)) -print("activate:", c.activate(name = DEVICE, passphrase = PASSWORD)) -print("suspend :", c.suspend()) -# os.system("dmsetup info -c " + DEVICE) -print("resume :", c.resume(passphrase = PASSWORD)) -print_status(c) -info = c.info() -print("cipher :", info["cipher"]) -print("cmode :", info["cipher_mode"]) -print("keysize :", info["keysize"]) -print("dir :", info["dir"]) -print("device :", info["device"]) -print("offset :", info["offset"]) -print("name :", info["name"]) -print("uuid :", info["uuid"]) -# os.system("cryptsetup luksDump " + info["device"]) -print("deact. :", c.deactivate()) - -del c - -c = pycryptsetup.CryptSetup( - device = IMG, - name = DEVICE, - yesDialog = askyes, - logFunc = log, - passwordDialog = askpassword) - -print("activate:", c.activate(name = DEVICE, passphrase = PASSWORD)) - -c2 = pycryptsetup.CryptSetup( - name = DEVICE, - yesDialog = askyes, - logFunc = log, - passwordDialog = askpassword) - -info = c2.info() -print("cipher :", info["cipher"]) -print("cmode :", info["cipher_mode"]) -print("keysize :", info["keysize"]) - -print("deact. :", c.deactivate()) -r = c2.deactivate() -print("deact. :", r) -del c -del c2 - -os.remove(IMG) diff --git a/python/pycryptsetup.c b/python/pycryptsetup.c deleted file mode 100644 index 6dcda09..0000000 --- a/python/pycryptsetup.c +++ /dev/null @@ -1,772 +0,0 @@ -/* - * Python bindings to libcryptsetup - * - * Copyright (C) 2009-2014, Red Hat, Inc. All rights reserved. - * Written by Martin Sivak - * - * This file is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this file; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#include -#include -#include - -#include "libcryptsetup.h" - -/* Python API use char* where const char* should be used... */ -#define CONST_CAST(x) (x)(uintptr_t) - -#if PY_MAJOR_VERSION < 3 - #define MOD_ERROR_VAL - #define MOD_SUCCESS_VAL(val) - #define MOD_INIT(name) void init##name(void) - #define MOD_DEF(ob, name, doc, methods) \ - ob = Py_InitModule3(name, methods, doc); -#else - #define PyInt_AsLong PyLong_AsLong - #define PyInt_Check PyLong_Check - #define MOD_ERROR_VAL NULL - #define MOD_SUCCESS_VAL(val) val - #define MOD_INIT(name) PyMODINIT_FUNC PyInit_##name(void) - #define MOD_DEF(ob, name, doc, methods) \ - static struct PyModuleDef moduledef = { \ - PyModuleDef_HEAD_INIT, name, doc, -1, methods, }; \ - ob = PyModule_Create(&moduledef); -#endif - -MOD_INIT(pycryptsetup); - -typedef struct { - PyObject_HEAD - - /* Type-specific fields go here. */ - struct crypt_device *device; - char *activated_as; - - /* Callbacks */ - PyObject *yesDialogCB; - PyObject *cmdLineLogCB; - PyObject *passwordDialogCB; -} CryptSetupObject; - -static int yesDialog(const char *msg, void *this) -{ - CryptSetupObject *self = this; - PyObject *result, *arglist; - int r; - - if (self->yesDialogCB){ - arglist = Py_BuildValue("(s)", msg); - if (!arglist) - return -ENOMEM; - - result = PyEval_CallObject(self->yesDialogCB, arglist); - Py_DECREF(arglist); - - if (!result) - return -EINVAL; - - if (!PyArg_Parse(result, "i", &r)) - r = -EINVAL; - - Py_DECREF(result); - return r; - } - - return 1; -} - -static int passwordDialog(const char *msg, char *buf, size_t length, void *this) -{ - CryptSetupObject *self = this; - PyObject *result, *arglist; - size_t len; - char *res = NULL; - - if(self->passwordDialogCB){ - arglist = Py_BuildValue("(s)", msg); - if (!arglist) - return -ENOMEM; - - result = PyEval_CallObject(self->passwordDialogCB, arglist); - Py_DECREF(arglist); - - if (!result) - return -EINVAL; - - if (!PyArg_Parse(result, "z", &res)) { - Py_DECREF(result); - return -EINVAL; - } - - strncpy(buf, res, length - 1); - len = strlen(res); - - memset(res, 0, len); - Py_DECREF(result); - - return (int)len; - } - - return -EINVAL; -} - -static void cmdLineLog(int cls, const char *msg, void *this) -{ - CryptSetupObject *self = this; - PyObject *result, *arglist; - - if(self->cmdLineLogCB) { - arglist = Py_BuildValue("(is)", cls, msg); - if(!arglist) - return; - - result = PyEval_CallObject(self->cmdLineLogCB, arglist); - Py_DECREF(arglist); - Py_XDECREF(result); - } -} - -static void CryptSetup_dealloc(CryptSetupObject* self) -{ - /* free the callbacks */ - Py_XDECREF(self->yesDialogCB); - Py_XDECREF(self->cmdLineLogCB); - Py_XDECREF(self->passwordDialogCB); - - free(self->activated_as); - - crypt_free(self->device); - - /* free self */ - Py_TYPE(self)->tp_free((PyObject*)self); -} - -static PyObject *CryptSetup_new(PyTypeObject *type, PyObject *args, PyObject *kwds) -{ - CryptSetupObject *self = (CryptSetupObject *)type->tp_alloc(type, 0); - - if (self) { - self->yesDialogCB = NULL; - self->passwordDialogCB = NULL; - self->cmdLineLogCB = NULL; - self->activated_as = NULL; - } - - return (PyObject *)self; -} - -static PyObject *PyObjectResult(int is) -{ - PyObject *result = Py_BuildValue("i", is); - - if (!result) - PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for return value"); - - return result; -} - -static char -CryptSetup_HELP[] = -"CryptSetup object\n\n\ -constructor takes one to five arguments:\n\ - __init__(device, name, yesDialog, passwordDialog, logFunc)\n\n\ - yesDialog - python function with func(text) signature, \n\ - which asks the user question text and returns 1\n\ - of the answer was positive or 0 if not\n\ - logFunc - python function with func(level, text) signature to log stuff somewhere"; - -static int CryptSetup_init(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"device", "name", "yesDialog", "passwordDialog", "logFunc", NULL}; - PyObject *yesDialogCB = NULL, - *passwordDialogCB = NULL, - *cmdLineLogCB = NULL, - *tmp = NULL; - char *device = NULL, *deviceName = NULL; - int r; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzOOO", CONST_CAST(char**)kwlist, &device, &deviceName, - &yesDialogCB, &passwordDialogCB, &cmdLineLogCB)) - return -1; - - if (device) { - if (crypt_init(&(self->device), device)) { - PyErr_SetString(PyExc_IOError, "Device cannot be opened"); - return -1; - } - /* Try to load header form device */ - r = crypt_load(self->device, NULL, NULL); - if (r && r != -EINVAL) { - PyErr_SetString(PyExc_RuntimeError, "Cannot initialize device context"); - return -1; - } - } else if (deviceName) { - if (crypt_init_by_name(&(self->device), deviceName)) { - PyErr_SetString(PyExc_IOError, "Device cannot be opened"); - return -1; - } - /* Context is initialized automatically from active device */ - } else { - PyErr_SetString(PyExc_RuntimeError, "Either device file or luks name has to be specified"); - return -1; - } - - if(deviceName) - self->activated_as = strdup(deviceName); - - if (yesDialogCB) { - tmp = self->yesDialogCB; - Py_INCREF(yesDialogCB); - self->yesDialogCB = yesDialogCB; - Py_XDECREF(tmp); - crypt_set_confirm_callback(self->device, yesDialog, self); - } - - if (passwordDialogCB) { - tmp = self->passwordDialogCB; - Py_INCREF(passwordDialogCB); - self->passwordDialogCB = passwordDialogCB; - Py_XDECREF(tmp); - crypt_set_password_callback(self->device, passwordDialog, self); - } - - if (cmdLineLogCB) { - tmp = self->cmdLineLogCB; - Py_INCREF(cmdLineLogCB); - self->cmdLineLogCB = cmdLineLogCB; - Py_XDECREF(tmp); - crypt_set_log_callback(self->device, cmdLineLog, self); - } - - return 0; -} - -static char -CryptSetup_activate_HELP[] = -"Activate LUKS device\n\n\ - activate(name)"; - -static PyObject *CryptSetup_activate(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"name", "passphrase", NULL}; - char *name = NULL, *passphrase = NULL; - int is; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|s", CONST_CAST(char**)kwlist, &name, &passphrase)) - return NULL; - - // FIXME: allow keyfile and \0 in passphrase - is = crypt_activate_by_passphrase(self->device, name, CRYPT_ANY_SLOT, - passphrase, passphrase ? strlen(passphrase) : 0, 0); - - if (is >= 0) { - free(self->activated_as); - self->activated_as = strdup(name); - } - - return PyObjectResult(is); -} - -static char -CryptSetup_deactivate_HELP[] = -"Dectivate LUKS device\n\n\ - deactivate()"; - -static PyObject *CryptSetup_deactivate(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - int is = crypt_deactivate(self->device, self->activated_as); - - if (!is) { - free(self->activated_as); - self->activated_as = NULL; - } - - return PyObjectResult(is); -} - -static char -CryptSetup_askyes_HELP[] = -"Asks a question using the configured dialog CB\n\n\ - int askyes(message)"; - -static PyObject *CryptSetup_askyes(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"message", NULL}; - PyObject *message = NULL, *result, *arglist; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "O", CONST_CAST(char**)kwlist, &message)) - return NULL; - - Py_INCREF(message); - - arglist = Py_BuildValue("(O)", message); - if (!arglist){ - PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for internal call"); - return NULL; - } - - result = PyEval_CallObject(self->yesDialogCB, arglist); - Py_DECREF(arglist); - Py_DECREF(message); - - return result; -} - -static char -CryptSetup_log_HELP[] = -"Logs a string using the configured log CB\n\n\ - log(int level, message)"; - -static PyObject *CryptSetup_log(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"priority", "message", NULL}; - PyObject *message = NULL, *priority = NULL, *result, *arglist; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "OO", CONST_CAST(char**)kwlist, &message, &priority)) - return NULL; - - Py_INCREF(message); - Py_INCREF(priority); - - arglist = Py_BuildValue("(OO)", message, priority); - if (!arglist){ - PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for internal call"); - return NULL; - } - - result = PyEval_CallObject(self->cmdLineLogCB, arglist); - Py_DECREF(arglist); - Py_DECREF(priority); - Py_DECREF(message); - - return result; -} - -static char -CryptSetup_luksUUID_HELP[] = -"Get UUID of the LUKS device\n\n\ - luksUUID()"; - -static PyObject *CryptSetup_luksUUID(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - PyObject *result; - - result = Py_BuildValue("s", crypt_get_uuid(self->device)); - if (!result) - PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for return value"); - - return result; -} - -static char -CryptSetup_isLuks_HELP[] = -"Is the device LUKS?\n\n\ - isLuks()"; - -static PyObject *CryptSetup_isLuks(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - return PyObjectResult(crypt_load(self->device, CRYPT_LUKS1, NULL)); -} - -static char -CryptSetup_Info_HELP[] = -"Returns dictionary with info about opened device\nKeys:\n\ - dir\n name\n uuid\n cipher\n cipher_mode\n keysize\n device\n\ - offset\n size\n skip\n mode\n"; - -static PyObject *CryptSetup_Info(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - PyObject *result; - - result = Py_BuildValue("{s:s,s:s,s:z,s:s,s:s,s:s,s:i,s:K}", - "dir", crypt_get_dir(), - "device", crypt_get_device_name(self->device), - "name", self->activated_as, - "uuid", crypt_get_uuid(self->device), - "cipher", crypt_get_cipher(self->device), - "cipher_mode", crypt_get_cipher_mode(self->device), - "keysize", crypt_get_volume_key_size(self->device) * 8, - //"size", co.size, - //"mode", (co.flags & CRYPT_FLAG_READONLY) ? "readonly" : "read/write", - "offset", crypt_get_data_offset(self->device) - ); - - if (!result) - PyErr_SetString(PyExc_RuntimeError, "Error during constructing values for return value"); - - return result; -} - -static char -CryptSetup_luksFormat_HELP[] = -"Format device to enable LUKS\n\n\ - luksFormat(cipher = 'aes', cipherMode = 'cbc-essiv:sha256', keysize = 256)\n\n\ - cipher - cipher specification, e.g. aes, serpent\n\ - cipherMode - cipher mode specification, e.g. cbc-essiv:sha256, xts-plain64\n\ - keysize - key size in bits"; - -static PyObject *CryptSetup_luksFormat(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"cipher", "cipherMode", "keysize", NULL}; - char *cipher_mode = NULL, *cipher = NULL; - int keysize = 256; - PyObject *keysize_object = NULL; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzO", CONST_CAST(char**)kwlist, - &cipher, &cipher_mode, &keysize_object)) - return NULL; - - if (!keysize_object || keysize_object == Py_None) { - /* use default value */ - } else if (!PyInt_Check(keysize_object)) { - PyErr_SetString(PyExc_TypeError, "keysize must be an integer"); - return NULL; - } else if (PyInt_AsLong(keysize_object) % 8) { - PyErr_SetString(PyExc_TypeError, "keysize must have integer value dividable by 8"); - return NULL; - } else if (PyInt_AsLong(keysize_object) <= 0) { - PyErr_SetString(PyExc_TypeError, "keysize must be positive number bigger than 0"); - return NULL; - } else - keysize = PyInt_AsLong(keysize_object); - - // FIXME use #defined defaults - return PyObjectResult(crypt_format(self->device, CRYPT_LUKS1, - cipher ?: "aes", cipher_mode ?: "cbc-essiv:sha256", - NULL, NULL, keysize / 8, NULL)); -} - -static char -CryptSetup_addKeyByPassphrase_HELP[] = -"Initialize keyslot using passphrase\n\n\ - addKeyByPassphrase(passphrase, newPassphrase, slot)\n\n\ - passphrase - string or none to ask the user\n\ - newPassphrase - passphrase to add\n\ - slot - which slot to use (optional)"; - -static PyObject *CryptSetup_addKeyByPassphrase(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"passphrase", "newPassphrase", "slot", NULL}; - char *passphrase = NULL, *newpassphrase = NULL; - size_t passphrase_len = 0, newpassphrase_len = 0; - int slot = CRYPT_ANY_SLOT; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "ss|i", CONST_CAST(char**)kwlist, &passphrase, &newpassphrase, &slot)) - return NULL; - - if(passphrase) - passphrase_len = strlen(passphrase); - - if(newpassphrase) - newpassphrase_len = strlen(newpassphrase); - - return PyObjectResult(crypt_keyslot_add_by_passphrase(self->device, slot, - passphrase, passphrase_len, - newpassphrase, newpassphrase_len)); -} - -static char -CryptSetup_addKeyByVolumeKey_HELP[] = -"Initialize keyslot using cached volume key\n\n\ - addKeyByVolumeKey(passphrase, newPassphrase, slot)\n\n\ - newPassphrase - passphrase to add\n\ - slot - which slot to use (optional)"; - -static PyObject *CryptSetup_addKeyByVolumeKey(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"newPassphrase", "slot", NULL}; - char *newpassphrase = NULL; - size_t newpassphrase_len = 0; - int slot = CRYPT_ANY_SLOT; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|i", CONST_CAST(char**)kwlist, &newpassphrase, &slot)) - return NULL; - - if (newpassphrase) - newpassphrase_len = strlen(newpassphrase); - - return PyObjectResult(crypt_keyslot_add_by_volume_key(self->device, slot, - NULL, 0, newpassphrase, newpassphrase_len)); -} - -static char -CryptSetup_removePassphrase_HELP[] = -"Destroy keyslot using passphrase\n\n\ - removePassphrase(passphrase)\n\n\ - passphrase - string or none to ask the user"; - -static PyObject *CryptSetup_removePassphrase(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"passphrase", NULL}; - char *passphrase = NULL; - size_t passphrase_len = 0; - int is; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", CONST_CAST(char**)kwlist, &passphrase)) - return NULL; - - if (passphrase) - passphrase_len = strlen(passphrase); - - is = crypt_activate_by_passphrase(self->device, NULL, CRYPT_ANY_SLOT, - passphrase, passphrase_len, 0); - if (is < 0) - return PyObjectResult(is); - - return PyObjectResult(crypt_keyslot_destroy(self->device, is)); -} - -static char -CryptSetup_killSlot_HELP[] = -"Destroy keyslot\n\n\ - killSlot(slot)\n\n\ - slot - the slot to remove"; - -static PyObject *CryptSetup_killSlot(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"slot", NULL}; - int slot = CRYPT_ANY_SLOT; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", CONST_CAST(char**)kwlist, &slot)) - return NULL; - - switch (crypt_keyslot_status(self->device, slot)) { - case CRYPT_SLOT_ACTIVE: - return PyObjectResult(crypt_keyslot_destroy(self->device, slot)); - case CRYPT_SLOT_ACTIVE_LAST: - PyErr_SetString(PyExc_ValueError, "Last slot, removing it would render the device unusable"); - break; - case CRYPT_SLOT_INACTIVE: - PyErr_SetString(PyExc_ValueError, "Inactive slot"); - break; - case CRYPT_SLOT_INVALID: - PyErr_SetString(PyExc_ValueError, "Invalid slot"); - break; - } - - return NULL; -} - -static char -CryptSetup_Status_HELP[] = -"Status of LUKS device\n\n\ - luksStatus()"; - -static PyObject *CryptSetup_Status(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - if (!self->activated_as){ - PyErr_SetString(PyExc_IOError, "Device has not been activated yet."); - return NULL; - } - - return PyObjectResult(crypt_status(self->device, self->activated_as)); -} - -static char -CryptSetup_Resume_HELP[] = -"Resume LUKS device\n\n\ - luksOpen(passphrase)\n\n\ - passphrase - string or none to ask the user"; - -static PyObject *CryptSetup_Resume(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"passphrase", NULL}; - char* passphrase = NULL; - size_t passphrase_len = 0; - - if (!self->activated_as){ - PyErr_SetString(PyExc_IOError, "Device has not been activated yet."); - return NULL; - } - - if (! PyArg_ParseTupleAndKeywords(args, kwds, "|s", CONST_CAST(char**)kwlist, &passphrase)) - return NULL; - - if (passphrase) - passphrase_len = strlen(passphrase); - - return PyObjectResult(crypt_resume_by_passphrase(self->device, self->activated_as, - CRYPT_ANY_SLOT, passphrase, passphrase_len)); -} - -static char -CryptSetup_Suspend_HELP[] = -"Suspend LUKS device\n\n\ - luksSupsend()"; - -static PyObject *CryptSetup_Suspend(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - if (!self->activated_as){ - PyErr_SetString(PyExc_IOError, "Device has not been activated yet."); - return NULL; - } - - return PyObjectResult(crypt_suspend(self->device, self->activated_as)); -} - -static char -CryptSetup_debugLevel_HELP[] = -"Set debug level\n\n\ - debugLevel(level)\n\n\ - level - debug level"; - -static PyObject *CryptSetup_debugLevel(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"level", NULL}; - int level = 0; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", CONST_CAST(char**)kwlist, &level)) - return NULL; - - crypt_set_debug_level(level); - - Py_RETURN_NONE; -} - -static char -CryptSetup_iterationTime_HELP[] = -"Set iteration time\n\n\ - iterationTime(time_ms)\n\n\ - time_ms - time in miliseconds"; - -static PyObject *CryptSetup_iterationTime(CryptSetupObject* self, PyObject *args, PyObject *kwds) -{ - static const char *kwlist[] = {"time_ms", NULL}; - uint64_t time_ms = 0; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "K", CONST_CAST(char**)kwlist, &time_ms)) - return NULL; - - crypt_set_iteration_time(self->device, time_ms); - - Py_RETURN_NONE; -} - -static PyMemberDef CryptSetup_members[] = { - {CONST_CAST(char*)"yesDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, yesDialogCB), 0, CONST_CAST(char*)"confirmation dialog callback"}, - {CONST_CAST(char*)"cmdLineLogCB", T_OBJECT_EX, offsetof(CryptSetupObject, cmdLineLogCB), 0, CONST_CAST(char*)"logging callback"}, - {CONST_CAST(char*)"passwordDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, passwordDialogCB), 0, CONST_CAST(char*)"password dialog callback"}, - {NULL} -}; - -static PyMethodDef CryptSetup_methods[] = { - /* self-test methods */ - {"log", (PyCFunction)CryptSetup_log, METH_VARARGS|METH_KEYWORDS, CryptSetup_askyes_HELP}, - {"askyes", (PyCFunction)CryptSetup_askyes, METH_VARARGS|METH_KEYWORDS, CryptSetup_log_HELP}, - - /* activation and deactivation */ - {"deactivate", (PyCFunction)CryptSetup_deactivate, METH_NOARGS, CryptSetup_deactivate_HELP}, - {"activate", (PyCFunction)CryptSetup_activate, METH_VARARGS|METH_KEYWORDS, CryptSetup_activate_HELP}, - - /* cryptsetup info entrypoints */ - {"luksUUID", (PyCFunction)CryptSetup_luksUUID, METH_NOARGS, CryptSetup_luksUUID_HELP}, - {"isLuks", (PyCFunction)CryptSetup_isLuks, METH_NOARGS, CryptSetup_isLuks_HELP}, - {"info", (PyCFunction)CryptSetup_Info, METH_NOARGS, CryptSetup_Info_HELP}, - {"status", (PyCFunction)CryptSetup_Status, METH_NOARGS, CryptSetup_Status_HELP}, - - /* cryptsetup mgmt entrypoints */ - {"luksFormat", (PyCFunction)CryptSetup_luksFormat, METH_VARARGS|METH_KEYWORDS, CryptSetup_luksFormat_HELP}, - {"addKeyByPassphrase", (PyCFunction)CryptSetup_addKeyByPassphrase, METH_VARARGS|METH_KEYWORDS, CryptSetup_addKeyByPassphrase_HELP}, - {"addKeyByVolumeKey", (PyCFunction)CryptSetup_addKeyByVolumeKey, METH_VARARGS|METH_KEYWORDS, CryptSetup_addKeyByVolumeKey_HELP}, - {"removePassphrase", (PyCFunction)CryptSetup_removePassphrase, METH_VARARGS|METH_KEYWORDS, CryptSetup_removePassphrase_HELP}, - {"killSlot", (PyCFunction)CryptSetup_killSlot, METH_VARARGS|METH_KEYWORDS, CryptSetup_killSlot_HELP}, - - /* suspend resume */ - {"resume", (PyCFunction)CryptSetup_Resume, METH_VARARGS|METH_KEYWORDS, CryptSetup_Resume_HELP}, - {"suspend", (PyCFunction)CryptSetup_Suspend, METH_NOARGS, CryptSetup_Suspend_HELP}, - - /* misc */ - {"debugLevel", (PyCFunction)CryptSetup_debugLevel, METH_VARARGS|METH_KEYWORDS, CryptSetup_debugLevel_HELP}, - {"iterationTime", (PyCFunction)CryptSetup_iterationTime, METH_VARARGS|METH_KEYWORDS, CryptSetup_iterationTime_HELP}, - - {NULL} /* Sentinel */ -}; - -static PyTypeObject CryptSetupType = { - PyVarObject_HEAD_INIT(NULL, 0) - "pycryptsetup.CryptSetup", /*tp_name*/ - sizeof(CryptSetupObject), /*tp_basicsize*/ - 0, /*tp_itemsize*/ - (destructor)CryptSetup_dealloc, /*tp_dealloc*/ - 0, /*tp_print*/ - 0, /*tp_getattr*/ - 0, /*tp_setattr*/ - 0, /*tp_compare*/ - 0, /*tp_repr*/ - 0, /*tp_as_number*/ - 0, /*tp_as_sequence*/ - 0, /*tp_as_mapping*/ - 0, /*tp_hash */ - 0, /*tp_call*/ - 0, /*tp_str*/ - 0, /*tp_getattro*/ - 0, /*tp_setattro*/ - 0, /*tp_as_buffer*/ - Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, /*tp_flags*/ - CryptSetup_HELP, /* tp_doc */ - 0, /* tp_traverse */ - 0, /* tp_clear */ - 0, /* tp_richcompare */ - 0, /* tp_weaklistoffset */ - 0, /* tp_iter */ - 0, /* tp_iternext */ - CryptSetup_methods, /* tp_methods */ - CryptSetup_members, /* tp_members */ - 0, /* tp_getset */ - 0, /* tp_base */ - 0, /* tp_dict */ - 0, /* tp_descr_get */ - 0, /* tp_descr_set */ - 0, /* tp_dictoffset */ - (initproc)CryptSetup_init, /* tp_init */ - 0, /* tp_alloc */ - CryptSetup_new, /* tp_new */ -}; - -static PyMethodDef pycryptsetup_methods[] = { - {NULL} /* Sentinel */ -}; - -MOD_INIT(pycryptsetup) -{ - PyObject *m; - - if (PyType_Ready(&CryptSetupType) < 0) - return MOD_ERROR_VAL; - - MOD_DEF(m, "pycryptsetup", "CryptSetup pythonized API.", pycryptsetup_methods); - Py_INCREF(&CryptSetupType); - - PyModule_AddObject(m, "CryptSetup", (PyObject *)&CryptSetupType); - - /* debug constants */ - PyModule_AddIntConstant(m, "CRYPT_DEBUG_ALL", CRYPT_DEBUG_ALL); - PyModule_AddIntConstant(m, "CRYPT_DEBUG_NONE", CRYPT_DEBUG_NONE); - - /* log constants */ - PyModule_AddIntConstant(m, "CRYPT_LOG_NORMAL", CRYPT_LOG_NORMAL); - PyModule_AddIntConstant(m, "CRYPT_LOG_ERROR", CRYPT_LOG_ERROR); - PyModule_AddIntConstant(m, "CRYPT_LOG_VERBOSE", CRYPT_LOG_VERBOSE); - PyModule_AddIntConstant(m, "CRYPT_LOG_DEBUG", CRYPT_LOG_DEBUG); - - /* status constants */ - PyModule_AddIntConstant(m, "CRYPT_INVALID", CRYPT_INVALID); - PyModule_AddIntConstant(m, "CRYPT_INACTIVE", CRYPT_INACTIVE); - PyModule_AddIntConstant(m, "CRYPT_ACTIVE", CRYPT_ACTIVE); - PyModule_AddIntConstant(m, "CRYPT_BUSY", CRYPT_BUSY); - - return MOD_SUCCESS_VAL(m); -} diff --git a/scripts/Makemodule.am b/scripts/Makemodule.am new file mode 100644 index 0000000..5bf6ddf --- /dev/null +++ b/scripts/Makemodule.am @@ -0,0 +1,5 @@ +DISTCLEAN_TARGETS += scripts/cryptsetup.conf + +if CRYPTSETUP_TMPFILE +tmpfilesd_DATA += scripts/cryptsetup.conf +endif diff --git a/scripts/cryptsetup.conf.in b/scripts/cryptsetup.conf.in new file mode 100644 index 0000000..8bbc5af --- /dev/null +++ b/scripts/cryptsetup.conf.in @@ -0,0 +1 @@ +d @DEFAULT_LUKS2_LOCK_PATH@ @DEFAULT_LUKS2_LOCK_DIR_PERMS@ root root - diff --git a/src/Makefile.am b/src/Makefile.am deleted file mode 100644 index ee0c814..0000000 --- a/src/Makefile.am +++ /dev/null @@ -1,95 +0,0 @@ -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir) \ - -I$(top_srcdir)/lib \ - -DDATADIR=\""$(datadir)"\" \ - -DLOCALEDIR=\""$(datadir)/locale"\" \ - -DLIBDIR=\""$(libdir)"\" \ - -DPREFIX=\""$(prefix)"\" \ - -DSYSCONFDIR=\""$(sysconfdir)"\" \ - -DVERSION=\""$(VERSION)"\" - -# cryptsetup -cryptsetup_SOURCES = \ - $(top_builddir)/lib/utils_crypt.c \ - $(top_builddir)/lib/utils_loop.c \ - $(top_builddir)/lib/utils_fips.c \ - utils_tools.c \ - utils_password.c \ - cryptsetup.c \ - cryptsetup.h - -cryptsetup_LDADD = \ - $(top_builddir)/lib/libcryptsetup.la \ - @POPT_LIBS@ \ - @PWQUALITY_LIBS@ - -cryptsetup_CFLAGS = $(AM_CFLAGS) -Wall - -sbin_PROGRAMS=cryptsetup - -if STATIC_TOOLS -sbin_PROGRAMS += cryptsetup.static -cryptsetup_static_SOURCES = $(cryptsetup_SOURCES) -cryptsetup_static_CFLAGS = $(cryptsetup_CFLAGS) -cryptsetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static -cryptsetup_static_LDADD = $(cryptsetup_LDADD) \ - @CRYPTO_STATIC_LIBS@ \ - @PWQUALITY_STATIC_LIBS@ \ - @DEVMAPPER_STATIC_LIBS@ \ - @UUID_LIBS@ -endif - -# veritysetup -if VERITYSETUP - -veritysetup_SOURCES = \ - $(top_builddir)/lib/utils_crypt.c \ - $(top_builddir)/lib/utils_loop.c \ - utils_tools.c \ - veritysetup.c \ - cryptsetup.h - -veritysetup_LDADD = \ - $(top_builddir)/lib/libcryptsetup.la \ - @POPT_LIBS@ - -veritysetup_CFLAGS = $(cryptsetup_CFLAGS) - -sbin_PROGRAMS += veritysetup - -if STATIC_TOOLS -sbin_PROGRAMS += veritysetup.static -veritysetup_static_SOURCES = $(veritysetup_SOURCES) -veritysetup_static_CFLAGS = $(veritysetup_CFLAGS) -veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static -veritysetup_static_LDADD = $(veritysetup_LDADD) \ - @CRYPTO_STATIC_LIBS@ \ - @DEVMAPPER_STATIC_LIBS@ \ - @UUID_LIBS@ -endif -endif - -# reencrypt -if REENCRYPT -cryptsetup_reencrypt_SOURCES = \ - $(top_builddir)/lib/utils_crypt.c \ - utils_tools.c \ - cryptsetup_reencrypt.c \ - cryptsetup.h - -cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD) -cryptsetup_reencrypt_CFLAGS = $(cryptsetup_CFLAGS) - -sbin_PROGRAMS += cryptsetup-reencrypt - -if STATIC_TOOLS -sbin_PROGRAMS += cryptsetup-reencrypt.static -cryptsetup_reencrypt_static_SOURCES = $(cryptsetup_reencrypt_SOURCES) -cryptsetup_reencrypt_static_CFLAGS = $(cryptsetup_reencrypt_CFLAGS) -cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static -cryptsetup_reencrypt_static_LDADD = $(cryptsetup_reencrypt_LDADD) \ - @CRYPTO_STATIC_LIBS@ \ - @DEVMAPPER_STATIC_LIBS@ \ - @UUID_LIBS@ -endif -endif diff --git a/src/Makefile.in b/src/Makefile.in deleted file mode 100644 index 45ed671..0000000 --- a/src/Makefile.in +++ /dev/null @@ -1,1265 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -sbin_PROGRAMS = cryptsetup$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) \ - $(am__EXEEXT_3) $(am__EXEEXT_4) $(am__EXEEXT_5) -@STATIC_TOOLS_TRUE@am__append_1 = cryptsetup.static -@VERITYSETUP_TRUE@am__append_2 = veritysetup -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am__append_3 = veritysetup.static -@REENCRYPT_TRUE@am__append_4 = cryptsetup-reencrypt -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am__append_5 = cryptsetup-reencrypt.static -subdir = src -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -@STATIC_TOOLS_TRUE@am__EXEEXT_1 = cryptsetup.static$(EXEEXT) -@VERITYSETUP_TRUE@am__EXEEXT_2 = veritysetup$(EXEEXT) -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am__EXEEXT_3 = veritysetup.static$(EXEEXT) -@REENCRYPT_TRUE@am__EXEEXT_4 = cryptsetup-reencrypt$(EXEEXT) -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am__EXEEXT_5 = cryptsetup-reencrypt.static$(EXEEXT) -am__installdirs = "$(DESTDIR)$(sbindir)" -PROGRAMS = $(sbin_PROGRAMS) -am_cryptsetup_OBJECTS = cryptsetup-utils_crypt.$(OBJEXT) \ - cryptsetup-utils_loop.$(OBJEXT) \ - cryptsetup-utils_fips.$(OBJEXT) \ - cryptsetup-utils_tools.$(OBJEXT) \ - cryptsetup-utils_password.$(OBJEXT) \ - cryptsetup-cryptsetup.$(OBJEXT) -cryptsetup_OBJECTS = $(am_cryptsetup_OBJECTS) -cryptsetup_DEPENDENCIES = $(top_builddir)/lib/libcryptsetup.la -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -cryptsetup_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(cryptsetup_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -am__cryptsetup_reencrypt_SOURCES_DIST = \ - $(top_builddir)/lib/utils_crypt.c utils_tools.c \ - cryptsetup_reencrypt.c cryptsetup.h -@REENCRYPT_TRUE@am_cryptsetup_reencrypt_OBJECTS = \ -@REENCRYPT_TRUE@ cryptsetup_reencrypt-utils_crypt.$(OBJEXT) \ -@REENCRYPT_TRUE@ cryptsetup_reencrypt-utils_tools.$(OBJEXT) \ -@REENCRYPT_TRUE@ cryptsetup_reencrypt-cryptsetup_reencrypt.$(OBJEXT) -cryptsetup_reencrypt_OBJECTS = $(am_cryptsetup_reencrypt_OBJECTS) -am__DEPENDENCIES_1 = $(top_builddir)/lib/libcryptsetup.la -@REENCRYPT_TRUE@cryptsetup_reencrypt_DEPENDENCIES = \ -@REENCRYPT_TRUE@ $(am__DEPENDENCIES_1) -cryptsetup_reencrypt_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -am__cryptsetup_reencrypt_static_SOURCES_DIST = \ - $(top_builddir)/lib/utils_crypt.c utils_tools.c \ - cryptsetup_reencrypt.c cryptsetup.h -@REENCRYPT_TRUE@am__objects_1 = cryptsetup_reencrypt_static-utils_crypt.$(OBJEXT) \ -@REENCRYPT_TRUE@ cryptsetup_reencrypt_static-utils_tools.$(OBJEXT) \ -@REENCRYPT_TRUE@ cryptsetup_reencrypt_static-cryptsetup_reencrypt.$(OBJEXT) -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am_cryptsetup_reencrypt_static_OBJECTS = \ -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(am__objects_1) -cryptsetup_reencrypt_static_OBJECTS = \ - $(am_cryptsetup_reencrypt_static_OBJECTS) -@REENCRYPT_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_DEPENDENCIES = \ -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_2) -cryptsetup_reencrypt_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) \ - $(cryptsetup_reencrypt_static_LDFLAGS) $(LDFLAGS) -o $@ -am__cryptsetup_static_SOURCES_DIST = \ - $(top_builddir)/lib/utils_crypt.c \ - $(top_builddir)/lib/utils_loop.c \ - $(top_builddir)/lib/utils_fips.c utils_tools.c \ - utils_password.c cryptsetup.c cryptsetup.h -am__objects_2 = cryptsetup_static-utils_crypt.$(OBJEXT) \ - cryptsetup_static-utils_loop.$(OBJEXT) \ - cryptsetup_static-utils_fips.$(OBJEXT) \ - cryptsetup_static-utils_tools.$(OBJEXT) \ - cryptsetup_static-utils_password.$(OBJEXT) \ - cryptsetup_static-cryptsetup.$(OBJEXT) -@STATIC_TOOLS_TRUE@am_cryptsetup_static_OBJECTS = $(am__objects_2) -cryptsetup_static_OBJECTS = $(am_cryptsetup_static_OBJECTS) -@STATIC_TOOLS_TRUE@cryptsetup_static_DEPENDENCIES = \ -@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_1) -cryptsetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(cryptsetup_static_CFLAGS) $(CFLAGS) \ - $(cryptsetup_static_LDFLAGS) $(LDFLAGS) -o $@ -am__veritysetup_SOURCES_DIST = $(top_builddir)/lib/utils_crypt.c \ - $(top_builddir)/lib/utils_loop.c utils_tools.c veritysetup.c \ - cryptsetup.h -@VERITYSETUP_TRUE@am_veritysetup_OBJECTS = \ -@VERITYSETUP_TRUE@ veritysetup-utils_crypt.$(OBJEXT) \ -@VERITYSETUP_TRUE@ veritysetup-utils_loop.$(OBJEXT) \ -@VERITYSETUP_TRUE@ veritysetup-utils_tools.$(OBJEXT) \ -@VERITYSETUP_TRUE@ veritysetup-veritysetup.$(OBJEXT) -veritysetup_OBJECTS = $(am_veritysetup_OBJECTS) -@VERITYSETUP_TRUE@veritysetup_DEPENDENCIES = \ -@VERITYSETUP_TRUE@ $(top_builddir)/lib/libcryptsetup.la -veritysetup_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(veritysetup_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -am__veritysetup_static_SOURCES_DIST = \ - $(top_builddir)/lib/utils_crypt.c \ - $(top_builddir)/lib/utils_loop.c utils_tools.c veritysetup.c \ - cryptsetup.h -@VERITYSETUP_TRUE@am__objects_3 = \ -@VERITYSETUP_TRUE@ veritysetup_static-utils_crypt.$(OBJEXT) \ -@VERITYSETUP_TRUE@ veritysetup_static-utils_loop.$(OBJEXT) \ -@VERITYSETUP_TRUE@ veritysetup_static-utils_tools.$(OBJEXT) \ -@VERITYSETUP_TRUE@ veritysetup_static-veritysetup.$(OBJEXT) -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am_veritysetup_static_OBJECTS = \ -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(am__objects_3) -veritysetup_static_OBJECTS = $(am_veritysetup_static_OBJECTS) -@VERITYSETUP_TRUE@am__DEPENDENCIES_3 = \ -@VERITYSETUP_TRUE@ $(top_builddir)/lib/libcryptsetup.la -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_DEPENDENCIES = \ -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(am__DEPENDENCIES_3) -veritysetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(veritysetup_static_CFLAGS) $(CFLAGS) \ - $(veritysetup_static_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(cryptsetup_SOURCES) $(cryptsetup_reencrypt_SOURCES) \ - $(cryptsetup_reencrypt_static_SOURCES) \ - $(cryptsetup_static_SOURCES) $(veritysetup_SOURCES) \ - $(veritysetup_static_SOURCES) -DIST_SOURCES = $(cryptsetup_SOURCES) \ - $(am__cryptsetup_reencrypt_SOURCES_DIST) \ - $(am__cryptsetup_reencrypt_static_SOURCES_DIST) \ - $(am__cryptsetup_static_SOURCES_DIST) \ - $(am__veritysetup_SOURCES_DIST) \ - $(am__veritysetup_static_SOURCES_DIST) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir) \ - -I$(top_srcdir)/lib \ - -DDATADIR=\""$(datadir)"\" \ - -DLOCALEDIR=\""$(datadir)/locale"\" \ - -DLIBDIR=\""$(libdir)"\" \ - -DPREFIX=\""$(prefix)"\" \ - -DSYSCONFDIR=\""$(sysconfdir)"\" \ - -DVERSION=\""$(VERSION)"\" - - -# cryptsetup -cryptsetup_SOURCES = \ - $(top_builddir)/lib/utils_crypt.c \ - $(top_builddir)/lib/utils_loop.c \ - $(top_builddir)/lib/utils_fips.c \ - utils_tools.c \ - utils_password.c \ - cryptsetup.c \ - cryptsetup.h - -cryptsetup_LDADD = \ - $(top_builddir)/lib/libcryptsetup.la \ - @POPT_LIBS@ \ - @PWQUALITY_LIBS@ - -cryptsetup_CFLAGS = $(AM_CFLAGS) -Wall -@STATIC_TOOLS_TRUE@cryptsetup_static_SOURCES = $(cryptsetup_SOURCES) -@STATIC_TOOLS_TRUE@cryptsetup_static_CFLAGS = $(cryptsetup_CFLAGS) -@STATIC_TOOLS_TRUE@cryptsetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static -@STATIC_TOOLS_TRUE@cryptsetup_static_LDADD = $(cryptsetup_LDADD) \ -@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \ -@STATIC_TOOLS_TRUE@ @PWQUALITY_STATIC_LIBS@ \ -@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@ \ -@STATIC_TOOLS_TRUE@ @UUID_LIBS@ - - -# veritysetup -@VERITYSETUP_TRUE@veritysetup_SOURCES = \ -@VERITYSETUP_TRUE@ $(top_builddir)/lib/utils_crypt.c \ -@VERITYSETUP_TRUE@ $(top_builddir)/lib/utils_loop.c \ -@VERITYSETUP_TRUE@ utils_tools.c \ -@VERITYSETUP_TRUE@ veritysetup.c \ -@VERITYSETUP_TRUE@ cryptsetup.h - -@VERITYSETUP_TRUE@veritysetup_LDADD = \ -@VERITYSETUP_TRUE@ $(top_builddir)/lib/libcryptsetup.la \ -@VERITYSETUP_TRUE@ @POPT_LIBS@ - -@VERITYSETUP_TRUE@veritysetup_CFLAGS = $(cryptsetup_CFLAGS) -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_SOURCES = $(veritysetup_SOURCES) -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_CFLAGS = $(veritysetup_CFLAGS) -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_LDADD = $(veritysetup_LDADD) \ -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @CRYPTO_STATIC_LIBS@ \ -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @DEVMAPPER_STATIC_LIBS@ \ -@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @UUID_LIBS@ - - -# reencrypt -@REENCRYPT_TRUE@cryptsetup_reencrypt_SOURCES = \ -@REENCRYPT_TRUE@ $(top_builddir)/lib/utils_crypt.c \ -@REENCRYPT_TRUE@ utils_tools.c \ -@REENCRYPT_TRUE@ cryptsetup_reencrypt.c \ -@REENCRYPT_TRUE@ cryptsetup.h - -@REENCRYPT_TRUE@cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD) -@REENCRYPT_TRUE@cryptsetup_reencrypt_CFLAGS = $(cryptsetup_CFLAGS) -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_SOURCES = $(cryptsetup_reencrypt_SOURCES) -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_CFLAGS = $(cryptsetup_reencrypt_CFLAGS) -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_LDADD = $(cryptsetup_reencrypt_LDADD) \ -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \ -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@ \ -@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @UUID_LIBS@ - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ - fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p \ - || test -f $$p1 \ - ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n;h' \ - -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ - } \ - ; done - -uninstall-sbinPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' \ - `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files - -clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list - -cryptsetup$(EXEEXT): $(cryptsetup_OBJECTS) $(cryptsetup_DEPENDENCIES) $(EXTRA_cryptsetup_DEPENDENCIES) - @rm -f cryptsetup$(EXEEXT) - $(AM_V_CCLD)$(cryptsetup_LINK) $(cryptsetup_OBJECTS) $(cryptsetup_LDADD) $(LIBS) - -cryptsetup-reencrypt$(EXEEXT): $(cryptsetup_reencrypt_OBJECTS) $(cryptsetup_reencrypt_DEPENDENCIES) $(EXTRA_cryptsetup_reencrypt_DEPENDENCIES) - @rm -f cryptsetup-reencrypt$(EXEEXT) - $(AM_V_CCLD)$(cryptsetup_reencrypt_LINK) $(cryptsetup_reencrypt_OBJECTS) $(cryptsetup_reencrypt_LDADD) $(LIBS) - -cryptsetup-reencrypt.static$(EXEEXT): $(cryptsetup_reencrypt_static_OBJECTS) $(cryptsetup_reencrypt_static_DEPENDENCIES) $(EXTRA_cryptsetup_reencrypt_static_DEPENDENCIES) - @rm -f cryptsetup-reencrypt.static$(EXEEXT) - $(AM_V_CCLD)$(cryptsetup_reencrypt_static_LINK) $(cryptsetup_reencrypt_static_OBJECTS) $(cryptsetup_reencrypt_static_LDADD) $(LIBS) - -cryptsetup.static$(EXEEXT): $(cryptsetup_static_OBJECTS) $(cryptsetup_static_DEPENDENCIES) $(EXTRA_cryptsetup_static_DEPENDENCIES) - @rm -f cryptsetup.static$(EXEEXT) - $(AM_V_CCLD)$(cryptsetup_static_LINK) $(cryptsetup_static_OBJECTS) $(cryptsetup_static_LDADD) $(LIBS) - -veritysetup$(EXEEXT): $(veritysetup_OBJECTS) $(veritysetup_DEPENDENCIES) $(EXTRA_veritysetup_DEPENDENCIES) - @rm -f veritysetup$(EXEEXT) - $(AM_V_CCLD)$(veritysetup_LINK) $(veritysetup_OBJECTS) $(veritysetup_LDADD) $(LIBS) - -veritysetup.static$(EXEEXT): $(veritysetup_static_OBJECTS) $(veritysetup_static_DEPENDENCIES) $(EXTRA_veritysetup_static_DEPENDENCIES) - @rm -f veritysetup.static$(EXEEXT) - $(AM_V_CCLD)$(veritysetup_static_LINK) $(veritysetup_static_OBJECTS) $(veritysetup_static_LDADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup-cryptsetup.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup-utils_crypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup-utils_fips.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup-utils_loop.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup-utils_password.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup-utils_tools.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_reencrypt-cryptsetup_reencrypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_reencrypt-utils_crypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_reencrypt-utils_tools.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_reencrypt_static-cryptsetup_reencrypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_reencrypt_static-utils_crypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_reencrypt_static-utils_tools.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_static-cryptsetup.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_static-utils_crypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_static-utils_fips.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_static-utils_loop.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_static-utils_password.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptsetup_static-utils_tools.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup-utils_crypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup-utils_loop.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup-utils_tools.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup-veritysetup.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup_static-utils_crypt.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup_static-utils_loop.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup_static-utils_tools.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/veritysetup_static-veritysetup.Po@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -cryptsetup-utils_crypt.o: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_crypt.o -MD -MP -MF $(DEPDIR)/cryptsetup-utils_crypt.Tpo -c -o cryptsetup-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_crypt.Tpo $(DEPDIR)/cryptsetup-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup-utils_crypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c - -cryptsetup-utils_crypt.obj: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_crypt.obj -MD -MP -MF $(DEPDIR)/cryptsetup-utils_crypt.Tpo -c -o cryptsetup-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_crypt.Tpo $(DEPDIR)/cryptsetup-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup-utils_crypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` - -cryptsetup-utils_loop.o: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_loop.o -MD -MP -MF $(DEPDIR)/cryptsetup-utils_loop.Tpo -c -o cryptsetup-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_loop.Tpo $(DEPDIR)/cryptsetup-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='cryptsetup-utils_loop.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c - -cryptsetup-utils_loop.obj: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_loop.obj -MD -MP -MF $(DEPDIR)/cryptsetup-utils_loop.Tpo -c -o cryptsetup-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_loop.Tpo $(DEPDIR)/cryptsetup-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='cryptsetup-utils_loop.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` - -cryptsetup-utils_fips.o: $(top_builddir)/lib/utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_fips.o -MD -MP -MF $(DEPDIR)/cryptsetup-utils_fips.Tpo -c -o cryptsetup-utils_fips.o `test -f '$(top_builddir)/lib/utils_fips.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_fips.Tpo $(DEPDIR)/cryptsetup-utils_fips.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_fips.c' object='cryptsetup-utils_fips.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_fips.o `test -f '$(top_builddir)/lib/utils_fips.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_fips.c - -cryptsetup-utils_fips.obj: $(top_builddir)/lib/utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_fips.obj -MD -MP -MF $(DEPDIR)/cryptsetup-utils_fips.Tpo -c -o cryptsetup-utils_fips.obj `if test -f '$(top_builddir)/lib/utils_fips.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_fips.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_fips.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_fips.Tpo $(DEPDIR)/cryptsetup-utils_fips.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_fips.c' object='cryptsetup-utils_fips.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_fips.obj `if test -f '$(top_builddir)/lib/utils_fips.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_fips.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_fips.c'; fi` - -cryptsetup-utils_tools.o: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_tools.o -MD -MP -MF $(DEPDIR)/cryptsetup-utils_tools.Tpo -c -o cryptsetup-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_tools.Tpo $(DEPDIR)/cryptsetup-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup-utils_tools.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c - -cryptsetup-utils_tools.obj: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_tools.obj -MD -MP -MF $(DEPDIR)/cryptsetup-utils_tools.Tpo -c -o cryptsetup-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_tools.Tpo $(DEPDIR)/cryptsetup-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup-utils_tools.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` - -cryptsetup-utils_password.o: utils_password.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_password.o -MD -MP -MF $(DEPDIR)/cryptsetup-utils_password.Tpo -c -o cryptsetup-utils_password.o `test -f 'utils_password.c' || echo '$(srcdir)/'`utils_password.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_password.Tpo $(DEPDIR)/cryptsetup-utils_password.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_password.c' object='cryptsetup-utils_password.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_password.o `test -f 'utils_password.c' || echo '$(srcdir)/'`utils_password.c - -cryptsetup-utils_password.obj: utils_password.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-utils_password.obj -MD -MP -MF $(DEPDIR)/cryptsetup-utils_password.Tpo -c -o cryptsetup-utils_password.obj `if test -f 'utils_password.c'; then $(CYGPATH_W) 'utils_password.c'; else $(CYGPATH_W) '$(srcdir)/utils_password.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-utils_password.Tpo $(DEPDIR)/cryptsetup-utils_password.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_password.c' object='cryptsetup-utils_password.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-utils_password.obj `if test -f 'utils_password.c'; then $(CYGPATH_W) 'utils_password.c'; else $(CYGPATH_W) '$(srcdir)/utils_password.c'; fi` - -cryptsetup-cryptsetup.o: cryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-cryptsetup.o -MD -MP -MF $(DEPDIR)/cryptsetup-cryptsetup.Tpo -c -o cryptsetup-cryptsetup.o `test -f 'cryptsetup.c' || echo '$(srcdir)/'`cryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-cryptsetup.Tpo $(DEPDIR)/cryptsetup-cryptsetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup.c' object='cryptsetup-cryptsetup.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-cryptsetup.o `test -f 'cryptsetup.c' || echo '$(srcdir)/'`cryptsetup.c - -cryptsetup-cryptsetup.obj: cryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -MT cryptsetup-cryptsetup.obj -MD -MP -MF $(DEPDIR)/cryptsetup-cryptsetup.Tpo -c -o cryptsetup-cryptsetup.obj `if test -f 'cryptsetup.c'; then $(CYGPATH_W) 'cryptsetup.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup-cryptsetup.Tpo $(DEPDIR)/cryptsetup-cryptsetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup.c' object='cryptsetup-cryptsetup.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_CFLAGS) $(CFLAGS) -c -o cryptsetup-cryptsetup.obj `if test -f 'cryptsetup.c'; then $(CYGPATH_W) 'cryptsetup.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup.c'; fi` - -cryptsetup_reencrypt-utils_crypt.o: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt-utils_crypt.o -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt-utils_crypt.Tpo -c -o cryptsetup_reencrypt-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt-utils_crypt.Tpo $(DEPDIR)/cryptsetup_reencrypt-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup_reencrypt-utils_crypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c - -cryptsetup_reencrypt-utils_crypt.obj: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt-utils_crypt.obj -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt-utils_crypt.Tpo -c -o cryptsetup_reencrypt-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt-utils_crypt.Tpo $(DEPDIR)/cryptsetup_reencrypt-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup_reencrypt-utils_crypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` - -cryptsetup_reencrypt-utils_tools.o: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt-utils_tools.o -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt-utils_tools.Tpo -c -o cryptsetup_reencrypt-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt-utils_tools.Tpo $(DEPDIR)/cryptsetup_reencrypt-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup_reencrypt-utils_tools.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c - -cryptsetup_reencrypt-utils_tools.obj: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt-utils_tools.obj -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt-utils_tools.Tpo -c -o cryptsetup_reencrypt-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt-utils_tools.Tpo $(DEPDIR)/cryptsetup_reencrypt-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup_reencrypt-utils_tools.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` - -cryptsetup_reencrypt-cryptsetup_reencrypt.o: cryptsetup_reencrypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt-cryptsetup_reencrypt.o -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt-cryptsetup_reencrypt.Tpo -c -o cryptsetup_reencrypt-cryptsetup_reencrypt.o `test -f 'cryptsetup_reencrypt.c' || echo '$(srcdir)/'`cryptsetup_reencrypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt-cryptsetup_reencrypt.Tpo $(DEPDIR)/cryptsetup_reencrypt-cryptsetup_reencrypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup_reencrypt.c' object='cryptsetup_reencrypt-cryptsetup_reencrypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt-cryptsetup_reencrypt.o `test -f 'cryptsetup_reencrypt.c' || echo '$(srcdir)/'`cryptsetup_reencrypt.c - -cryptsetup_reencrypt-cryptsetup_reencrypt.obj: cryptsetup_reencrypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt-cryptsetup_reencrypt.obj -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt-cryptsetup_reencrypt.Tpo -c -o cryptsetup_reencrypt-cryptsetup_reencrypt.obj `if test -f 'cryptsetup_reencrypt.c'; then $(CYGPATH_W) 'cryptsetup_reencrypt.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup_reencrypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt-cryptsetup_reencrypt.Tpo $(DEPDIR)/cryptsetup_reencrypt-cryptsetup_reencrypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup_reencrypt.c' object='cryptsetup_reencrypt-cryptsetup_reencrypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt-cryptsetup_reencrypt.obj `if test -f 'cryptsetup_reencrypt.c'; then $(CYGPATH_W) 'cryptsetup_reencrypt.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup_reencrypt.c'; fi` - -cryptsetup_reencrypt_static-utils_crypt.o: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt_static-utils_crypt.o -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt_static-utils_crypt.Tpo -c -o cryptsetup_reencrypt_static-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt_static-utils_crypt.Tpo $(DEPDIR)/cryptsetup_reencrypt_static-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup_reencrypt_static-utils_crypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt_static-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c - -cryptsetup_reencrypt_static-utils_crypt.obj: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt_static-utils_crypt.obj -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt_static-utils_crypt.Tpo -c -o cryptsetup_reencrypt_static-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt_static-utils_crypt.Tpo $(DEPDIR)/cryptsetup_reencrypt_static-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup_reencrypt_static-utils_crypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt_static-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` - -cryptsetup_reencrypt_static-utils_tools.o: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt_static-utils_tools.o -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt_static-utils_tools.Tpo -c -o cryptsetup_reencrypt_static-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt_static-utils_tools.Tpo $(DEPDIR)/cryptsetup_reencrypt_static-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup_reencrypt_static-utils_tools.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt_static-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c - -cryptsetup_reencrypt_static-utils_tools.obj: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt_static-utils_tools.obj -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt_static-utils_tools.Tpo -c -o cryptsetup_reencrypt_static-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt_static-utils_tools.Tpo $(DEPDIR)/cryptsetup_reencrypt_static-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup_reencrypt_static-utils_tools.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt_static-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` - -cryptsetup_reencrypt_static-cryptsetup_reencrypt.o: cryptsetup_reencrypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt_static-cryptsetup_reencrypt.o -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt_static-cryptsetup_reencrypt.Tpo -c -o cryptsetup_reencrypt_static-cryptsetup_reencrypt.o `test -f 'cryptsetup_reencrypt.c' || echo '$(srcdir)/'`cryptsetup_reencrypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt_static-cryptsetup_reencrypt.Tpo $(DEPDIR)/cryptsetup_reencrypt_static-cryptsetup_reencrypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup_reencrypt.c' object='cryptsetup_reencrypt_static-cryptsetup_reencrypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt_static-cryptsetup_reencrypt.o `test -f 'cryptsetup_reencrypt.c' || echo '$(srcdir)/'`cryptsetup_reencrypt.c - -cryptsetup_reencrypt_static-cryptsetup_reencrypt.obj: cryptsetup_reencrypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -MT cryptsetup_reencrypt_static-cryptsetup_reencrypt.obj -MD -MP -MF $(DEPDIR)/cryptsetup_reencrypt_static-cryptsetup_reencrypt.Tpo -c -o cryptsetup_reencrypt_static-cryptsetup_reencrypt.obj `if test -f 'cryptsetup_reencrypt.c'; then $(CYGPATH_W) 'cryptsetup_reencrypt.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup_reencrypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_reencrypt_static-cryptsetup_reencrypt.Tpo $(DEPDIR)/cryptsetup_reencrypt_static-cryptsetup_reencrypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup_reencrypt.c' object='cryptsetup_reencrypt_static-cryptsetup_reencrypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_reencrypt_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_reencrypt_static-cryptsetup_reencrypt.obj `if test -f 'cryptsetup_reencrypt.c'; then $(CYGPATH_W) 'cryptsetup_reencrypt.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup_reencrypt.c'; fi` - -cryptsetup_static-utils_crypt.o: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_crypt.o -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_crypt.Tpo -c -o cryptsetup_static-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_crypt.Tpo $(DEPDIR)/cryptsetup_static-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup_static-utils_crypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c - -cryptsetup_static-utils_crypt.obj: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_crypt.obj -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_crypt.Tpo -c -o cryptsetup_static-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_crypt.Tpo $(DEPDIR)/cryptsetup_static-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='cryptsetup_static-utils_crypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` - -cryptsetup_static-utils_loop.o: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_loop.o -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_loop.Tpo -c -o cryptsetup_static-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_loop.Tpo $(DEPDIR)/cryptsetup_static-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='cryptsetup_static-utils_loop.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c - -cryptsetup_static-utils_loop.obj: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_loop.obj -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_loop.Tpo -c -o cryptsetup_static-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_loop.Tpo $(DEPDIR)/cryptsetup_static-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='cryptsetup_static-utils_loop.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` - -cryptsetup_static-utils_fips.o: $(top_builddir)/lib/utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_fips.o -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_fips.Tpo -c -o cryptsetup_static-utils_fips.o `test -f '$(top_builddir)/lib/utils_fips.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_fips.Tpo $(DEPDIR)/cryptsetup_static-utils_fips.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_fips.c' object='cryptsetup_static-utils_fips.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_fips.o `test -f '$(top_builddir)/lib/utils_fips.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_fips.c - -cryptsetup_static-utils_fips.obj: $(top_builddir)/lib/utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_fips.obj -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_fips.Tpo -c -o cryptsetup_static-utils_fips.obj `if test -f '$(top_builddir)/lib/utils_fips.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_fips.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_fips.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_fips.Tpo $(DEPDIR)/cryptsetup_static-utils_fips.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_fips.c' object='cryptsetup_static-utils_fips.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_fips.obj `if test -f '$(top_builddir)/lib/utils_fips.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_fips.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_fips.c'; fi` - -cryptsetup_static-utils_tools.o: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_tools.o -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_tools.Tpo -c -o cryptsetup_static-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_tools.Tpo $(DEPDIR)/cryptsetup_static-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup_static-utils_tools.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c - -cryptsetup_static-utils_tools.obj: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_tools.obj -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_tools.Tpo -c -o cryptsetup_static-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_tools.Tpo $(DEPDIR)/cryptsetup_static-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='cryptsetup_static-utils_tools.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` - -cryptsetup_static-utils_password.o: utils_password.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_password.o -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_password.Tpo -c -o cryptsetup_static-utils_password.o `test -f 'utils_password.c' || echo '$(srcdir)/'`utils_password.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_password.Tpo $(DEPDIR)/cryptsetup_static-utils_password.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_password.c' object='cryptsetup_static-utils_password.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_password.o `test -f 'utils_password.c' || echo '$(srcdir)/'`utils_password.c - -cryptsetup_static-utils_password.obj: utils_password.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-utils_password.obj -MD -MP -MF $(DEPDIR)/cryptsetup_static-utils_password.Tpo -c -o cryptsetup_static-utils_password.obj `if test -f 'utils_password.c'; then $(CYGPATH_W) 'utils_password.c'; else $(CYGPATH_W) '$(srcdir)/utils_password.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-utils_password.Tpo $(DEPDIR)/cryptsetup_static-utils_password.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_password.c' object='cryptsetup_static-utils_password.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-utils_password.obj `if test -f 'utils_password.c'; then $(CYGPATH_W) 'utils_password.c'; else $(CYGPATH_W) '$(srcdir)/utils_password.c'; fi` - -cryptsetup_static-cryptsetup.o: cryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-cryptsetup.o -MD -MP -MF $(DEPDIR)/cryptsetup_static-cryptsetup.Tpo -c -o cryptsetup_static-cryptsetup.o `test -f 'cryptsetup.c' || echo '$(srcdir)/'`cryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-cryptsetup.Tpo $(DEPDIR)/cryptsetup_static-cryptsetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup.c' object='cryptsetup_static-cryptsetup.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-cryptsetup.o `test -f 'cryptsetup.c' || echo '$(srcdir)/'`cryptsetup.c - -cryptsetup_static-cryptsetup.obj: cryptsetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -MT cryptsetup_static-cryptsetup.obj -MD -MP -MF $(DEPDIR)/cryptsetup_static-cryptsetup.Tpo -c -o cryptsetup_static-cryptsetup.obj `if test -f 'cryptsetup.c'; then $(CYGPATH_W) 'cryptsetup.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cryptsetup_static-cryptsetup.Tpo $(DEPDIR)/cryptsetup_static-cryptsetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cryptsetup.c' object='cryptsetup_static-cryptsetup.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cryptsetup_static_CFLAGS) $(CFLAGS) -c -o cryptsetup_static-cryptsetup.obj `if test -f 'cryptsetup.c'; then $(CYGPATH_W) 'cryptsetup.c'; else $(CYGPATH_W) '$(srcdir)/cryptsetup.c'; fi` - -veritysetup-utils_crypt.o: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-utils_crypt.o -MD -MP -MF $(DEPDIR)/veritysetup-utils_crypt.Tpo -c -o veritysetup-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-utils_crypt.Tpo $(DEPDIR)/veritysetup-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='veritysetup-utils_crypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c - -veritysetup-utils_crypt.obj: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-utils_crypt.obj -MD -MP -MF $(DEPDIR)/veritysetup-utils_crypt.Tpo -c -o veritysetup-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-utils_crypt.Tpo $(DEPDIR)/veritysetup-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='veritysetup-utils_crypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` - -veritysetup-utils_loop.o: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-utils_loop.o -MD -MP -MF $(DEPDIR)/veritysetup-utils_loop.Tpo -c -o veritysetup-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-utils_loop.Tpo $(DEPDIR)/veritysetup-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='veritysetup-utils_loop.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c - -veritysetup-utils_loop.obj: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-utils_loop.obj -MD -MP -MF $(DEPDIR)/veritysetup-utils_loop.Tpo -c -o veritysetup-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-utils_loop.Tpo $(DEPDIR)/veritysetup-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='veritysetup-utils_loop.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` - -veritysetup-utils_tools.o: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-utils_tools.o -MD -MP -MF $(DEPDIR)/veritysetup-utils_tools.Tpo -c -o veritysetup-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-utils_tools.Tpo $(DEPDIR)/veritysetup-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='veritysetup-utils_tools.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c - -veritysetup-utils_tools.obj: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-utils_tools.obj -MD -MP -MF $(DEPDIR)/veritysetup-utils_tools.Tpo -c -o veritysetup-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-utils_tools.Tpo $(DEPDIR)/veritysetup-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='veritysetup-utils_tools.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` - -veritysetup-veritysetup.o: veritysetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-veritysetup.o -MD -MP -MF $(DEPDIR)/veritysetup-veritysetup.Tpo -c -o veritysetup-veritysetup.o `test -f 'veritysetup.c' || echo '$(srcdir)/'`veritysetup.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-veritysetup.Tpo $(DEPDIR)/veritysetup-veritysetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='veritysetup.c' object='veritysetup-veritysetup.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-veritysetup.o `test -f 'veritysetup.c' || echo '$(srcdir)/'`veritysetup.c - -veritysetup-veritysetup.obj: veritysetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -MT veritysetup-veritysetup.obj -MD -MP -MF $(DEPDIR)/veritysetup-veritysetup.Tpo -c -o veritysetup-veritysetup.obj `if test -f 'veritysetup.c'; then $(CYGPATH_W) 'veritysetup.c'; else $(CYGPATH_W) '$(srcdir)/veritysetup.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup-veritysetup.Tpo $(DEPDIR)/veritysetup-veritysetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='veritysetup.c' object='veritysetup-veritysetup.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_CFLAGS) $(CFLAGS) -c -o veritysetup-veritysetup.obj `if test -f 'veritysetup.c'; then $(CYGPATH_W) 'veritysetup.c'; else $(CYGPATH_W) '$(srcdir)/veritysetup.c'; fi` - -veritysetup_static-utils_crypt.o: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-utils_crypt.o -MD -MP -MF $(DEPDIR)/veritysetup_static-utils_crypt.Tpo -c -o veritysetup_static-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-utils_crypt.Tpo $(DEPDIR)/veritysetup_static-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='veritysetup_static-utils_crypt.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-utils_crypt.o `test -f '$(top_builddir)/lib/utils_crypt.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_crypt.c - -veritysetup_static-utils_crypt.obj: $(top_builddir)/lib/utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-utils_crypt.obj -MD -MP -MF $(DEPDIR)/veritysetup_static-utils_crypt.Tpo -c -o veritysetup_static-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-utils_crypt.Tpo $(DEPDIR)/veritysetup_static-utils_crypt.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_crypt.c' object='veritysetup_static-utils_crypt.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-utils_crypt.obj `if test -f '$(top_builddir)/lib/utils_crypt.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_crypt.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_crypt.c'; fi` - -veritysetup_static-utils_loop.o: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-utils_loop.o -MD -MP -MF $(DEPDIR)/veritysetup_static-utils_loop.Tpo -c -o veritysetup_static-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-utils_loop.Tpo $(DEPDIR)/veritysetup_static-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='veritysetup_static-utils_loop.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-utils_loop.o `test -f '$(top_builddir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_builddir)/lib/utils_loop.c - -veritysetup_static-utils_loop.obj: $(top_builddir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-utils_loop.obj -MD -MP -MF $(DEPDIR)/veritysetup_static-utils_loop.Tpo -c -o veritysetup_static-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-utils_loop.Tpo $(DEPDIR)/veritysetup_static-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_builddir)/lib/utils_loop.c' object='veritysetup_static-utils_loop.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-utils_loop.obj `if test -f '$(top_builddir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_builddir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_builddir)/lib/utils_loop.c'; fi` - -veritysetup_static-utils_tools.o: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-utils_tools.o -MD -MP -MF $(DEPDIR)/veritysetup_static-utils_tools.Tpo -c -o veritysetup_static-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-utils_tools.Tpo $(DEPDIR)/veritysetup_static-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='veritysetup_static-utils_tools.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-utils_tools.o `test -f 'utils_tools.c' || echo '$(srcdir)/'`utils_tools.c - -veritysetup_static-utils_tools.obj: utils_tools.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-utils_tools.obj -MD -MP -MF $(DEPDIR)/veritysetup_static-utils_tools.Tpo -c -o veritysetup_static-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-utils_tools.Tpo $(DEPDIR)/veritysetup_static-utils_tools.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_tools.c' object='veritysetup_static-utils_tools.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-utils_tools.obj `if test -f 'utils_tools.c'; then $(CYGPATH_W) 'utils_tools.c'; else $(CYGPATH_W) '$(srcdir)/utils_tools.c'; fi` - -veritysetup_static-veritysetup.o: veritysetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-veritysetup.o -MD -MP -MF $(DEPDIR)/veritysetup_static-veritysetup.Tpo -c -o veritysetup_static-veritysetup.o `test -f 'veritysetup.c' || echo '$(srcdir)/'`veritysetup.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-veritysetup.Tpo $(DEPDIR)/veritysetup_static-veritysetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='veritysetup.c' object='veritysetup_static-veritysetup.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-veritysetup.o `test -f 'veritysetup.c' || echo '$(srcdir)/'`veritysetup.c - -veritysetup_static-veritysetup.obj: veritysetup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -MT veritysetup_static-veritysetup.obj -MD -MP -MF $(DEPDIR)/veritysetup_static-veritysetup.Tpo -c -o veritysetup_static-veritysetup.obj `if test -f 'veritysetup.c'; then $(CYGPATH_W) 'veritysetup.c'; else $(CYGPATH_W) '$(srcdir)/veritysetup.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/veritysetup_static-veritysetup.Tpo $(DEPDIR)/veritysetup_static-veritysetup.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='veritysetup.c' object='veritysetup_static-veritysetup.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(veritysetup_static_CFLAGS) $(CFLAGS) -c -o veritysetup_static-veritysetup.obj `if test -f 'veritysetup.c'; then $(CYGPATH_W) 'veritysetup.c'; else $(CYGPATH_W) '$(srcdir)/veritysetup.c'; fi` - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(PROGRAMS) -installdirs: - for dir in "$(DESTDIR)$(sbindir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: install-sbinPROGRAMS - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-sbinPROGRAMS - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \ - distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-sbinPROGRAMS install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/Makemodule.am b/src/Makemodule.am new file mode 100644 index 0000000..ccba17a --- /dev/null +++ b/src/Makemodule.am @@ -0,0 +1,136 @@ +# cryptsetup +if CRYPTSETUP + +cryptsetup_SOURCES = \ + lib/utils_crypt.c \ + lib/utils_loop.c \ + lib/utils_io.c \ + lib/utils_blkid.c \ + src/utils_tools.c \ + src/utils_password.c \ + src/utils_luks2.c \ + src/utils_blockdev.c \ + src/cryptsetup.c \ + src/cryptsetup.h + +cryptsetup_LDADD = $(LDADD) \ + libcryptsetup.la \ + @POPT_LIBS@ \ + @PWQUALITY_LIBS@ \ + @PASSWDQC_LIBS@ \ + @UUID_LIBS@ \ + @BLKID_LIBS@ + +sbin_PROGRAMS += cryptsetup + +if STATIC_TOOLS +sbin_PROGRAMS += cryptsetup.static +cryptsetup_static_SOURCES = $(cryptsetup_SOURCES) +cryptsetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static +cryptsetup_static_LDADD = \ + $(cryptsetup_LDADD) \ + @CRYPTO_STATIC_LIBS@ \ + @PWQUALITY_STATIC_LIBS@ \ + @DEVMAPPER_STATIC_LIBS@ +endif +endif + +# veritysetup +if VERITYSETUP + +veritysetup_SOURCES = \ + lib/utils_crypt.c \ + lib/utils_loop.c \ + lib/utils_io.c \ + lib/utils_blkid.c \ + src/utils_tools.c \ + src/utils_password.c \ + src/veritysetup.c \ + src/cryptsetup.h + +veritysetup_LDADD = $(LDADD) \ + libcryptsetup.la \ + @POPT_LIBS@ \ + @PWQUALITY_LIBS@ \ + @PASSWDQC_LIBS@ \ + @BLKID_LIBS@ + +sbin_PROGRAMS += veritysetup + +if STATIC_TOOLS +sbin_PROGRAMS += veritysetup.static +veritysetup_static_SOURCES = $(veritysetup_SOURCES) +veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static +veritysetup_static_LDADD = \ + $(veritysetup_LDADD) \ + @CRYPTO_STATIC_LIBS@ \ + @DEVMAPPER_STATIC_LIBS@ \ + @UUID_LIBS@ +endif +endif + +# integritysetup +if INTEGRITYSETUP + +integritysetup_SOURCES = \ + lib/utils_crypt.c \ + lib/utils_loop.c \ + lib/utils_io.c \ + lib/utils_blkid.c \ + src/utils_tools.c \ + src/integritysetup.c \ + src/cryptsetup.h + +integritysetup_LDADD = $(LDADD) \ + libcryptsetup.la \ + @POPT_LIBS@ \ + @UUID_LIBS@ \ + @BLKID_LIBS@ + +sbin_PROGRAMS += integritysetup + +if STATIC_TOOLS +sbin_PROGRAMS += integritysetup.static +integritysetup_static_SOURCES = $(integritysetup_SOURCES) +integritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static +integritysetup_static_LDADD = \ + $(integritysetup_LDADD) \ + @CRYPTO_STATIC_LIBS@ \ + @DEVMAPPER_STATIC_LIBS@ \ + @UUID_LIBS@ +endif +endif + +# reencrypt +if REENCRYPT +cryptsetup_reencrypt_SOURCES = \ + lib/utils_crypt.c \ + lib/utils_io.c \ + lib/utils_blkid.c \ + src/utils_tools.c \ + lib/utils_loop.c \ + src/utils_password.c \ + src/cryptsetup_reencrypt.c \ + src/cryptsetup.h + +cryptsetup_reencrypt_LDADD = $(LDADD) \ + libcryptsetup.la \ + @POPT_LIBS@ \ + @PWQUALITY_LIBS@ \ + @PASSWDQC_LIBS@ \ + @UUID_LIBS@ \ + @BLKID_LIBS@ + +sbin_PROGRAMS += cryptsetup-reencrypt + +if STATIC_TOOLS +sbin_PROGRAMS += cryptsetup-reencrypt.static +cryptsetup_reencrypt_static_SOURCES = $(cryptsetup_reencrypt_SOURCES) +cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static +cryptsetup_reencrypt_static_LDADD = \ + $(cryptsetup_reencrypt_LDADD) \ + @CRYPTO_STATIC_LIBS@ \ + @PWQUALITY_STATIC_LIBS@ \ + @DEVMAPPER_STATIC_LIBS@ +endif +endif diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 8fc4d6c..c527690 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -1,10 +1,10 @@ /* * cryptsetup - setup cryptographic volumes for dm-crypt * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2015, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,12 +22,16 @@ */ #include "cryptsetup.h" +#include static const char *opt_cipher = NULL; +static const char *opt_keyslot_cipher = NULL; static const char *opt_hash = NULL; static int opt_verify_passphrase = 0; +static const char *opt_json_file = NULL; static const char *opt_key_file = NULL; +static const char *opt_keyfile_stdin = NULL; static int opt_keyfiles_count = 0; static const char *opt_keyfiles[MAX_KEYFILES]; @@ -37,18 +41,19 @@ static const char *opt_uuid = NULL; static const char *opt_header_device = NULL; static const char *opt_type = "luks"; static int opt_key_size = 0; +static int opt_keyslot_key_size = 0; static long opt_keyfile_size = 0; static long opt_new_keyfile_size = 0; -static long opt_keyfile_offset = 0; -static long opt_new_keyfile_offset = 0; +static uint64_t opt_keyfile_offset = 0; +static uint64_t opt_new_keyfile_offset = 0; static int opt_key_slot = CRYPT_ANY_SLOT; +static int opt_token = CRYPT_ANY_TOKEN; +static int opt_token_only = 0; static uint64_t opt_size = 0; static uint64_t opt_offset = 0; static uint64_t opt_skip = 0; static int opt_skip_valid = 0; static int opt_readonly = 0; -static int opt_iteration_time = DEFAULT_LUKS1_ITER_TIME; -static int opt_version_mode = 0; static int opt_timeout = 0; static int opt_tries = 3; static int opt_align_payload = 0; @@ -64,6 +69,57 @@ static int opt_tcrypt_hidden = 0; static int opt_tcrypt_system = 0; static int opt_tcrypt_backup = 0; static int opt_veracrypt = 0; +static int opt_veracrypt_pim = -1; +static int opt_veracrypt_query_pim = 0; +static int opt_deferred_remove = 0; +static int opt_serialize_memory_hard_pbkdf = 0; +//FIXME: check uint32 overflow for long type +static const char *opt_pbkdf = NULL; +static long opt_pbkdf_memory = DEFAULT_LUKS2_MEMORY_KB; +static long opt_pbkdf_parallel = DEFAULT_LUKS2_PARALLEL_THREADS; +static long opt_pbkdf_iterations = 0; +static int opt_iteration_time = 0; +static int opt_disable_locks = 0; +static int opt_disable_keyring = 0; +static const char *opt_priority = NULL; /* normal */ +static const char *opt_integrity = NULL; /* none */ +static int opt_integrity_nojournal = 0; +static int opt_integrity_no_wipe = 0; +static int opt_integrity_legacy_padding = 0; +static const char *opt_key_description = NULL; +static int opt_sector_size = 0; +static int opt_iv_large_sectors = 0; +static int opt_persistent = 0; +static const char *opt_label = NULL; +static const char *opt_subsystem = NULL; +static int opt_unbound = 0; +static int opt_refresh = 0; + +/* LUKS2 reencryption parameters */ +static const char *opt_active_name = NULL; +static const char *opt_resilience_mode = "checksum"; // TODO: default resilience +static const char *opt_resilience_hash = "sha256"; // TODO: default checksum hash +static int opt_encrypt = 0; +static int opt_reencrypt_init_only = 0; +static int opt_reencrypt_resume_only = 0; +static int opt_decrypt = 0; + +static const char *opt_reduce_size_str = NULL; +static uint64_t opt_reduce_size = 0; + +static const char *opt_hotzone_size_str = NULL; +static uint64_t opt_hotzone_size = 0; + +static const char *opt_device_size_str = NULL; +static uint64_t opt_device_size = 0; + +/* do not set from command line, use helpers above */ +static int64_t opt_data_shift; + +static const char *opt_luks2_metadata_size_str = NULL; +static uint64_t opt_luks2_metadata_size = 0; +static const char *opt_luks2_keyslots_size_str = NULL; +static uint64_t opt_luks2_keyslots_size = 0; static const char **action_argv; static int action_argc; @@ -77,9 +133,26 @@ static const char *uuid_or_device_header(const char **data_device) return uuid_or_device(opt_header_device ?: action_argv[0]); } +static const char *luksType(const char *type) +{ + if (type && !strcmp(type, "luks2")) + return CRYPT_LUKS2; + + if (type && !strcmp(type, "luks1")) + return CRYPT_LUKS1; + + if (type && !strcmp(type, "luks")) + return CRYPT_LUKS; /* NULL */ + + if (type && *type) + return type; + + return CRYPT_LUKS; /* NULL */ +} + static int _verify_passphrase(int def) { - /* Batch mode switch off verify - if not overrided by -y */ + /* Batch mode switch off verify - if not overridden by -y */ if (opt_verify_passphrase) def = 1; else if (opt_batch_mode) @@ -88,7 +161,7 @@ static int _verify_passphrase(int def) /* Non-tty input doesn't allow verify */ if (def && !isatty(STDIN_FILENO)) { if (opt_verify_passphrase) - log_err(_("Can't do passphrase verification on non-tty inputs.\n")); + log_err(_("Can't do passphrase verification on non-tty inputs.")); def = 0; } @@ -108,37 +181,79 @@ static void _set_activation_flags(uint32_t *flags) if (opt_perf_submit_from_crypt_cpus) *flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS; + + if (opt_integrity_nojournal) + *flags |= CRYPT_ACTIVATE_NO_JOURNAL; + + /* In persistent mode, we use what is set on command line */ + if (opt_persistent) + *flags |= CRYPT_ACTIVATE_IGNORE_PERSISTENT; + + /* Only for LUKS2 but ignored elsewhere */ + if (opt_test_passphrase) + *flags |= CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY; + + if (opt_serialize_memory_hard_pbkdf) + *flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF; + + /* Only for plain */ + if (opt_iv_large_sectors) + *flags |= CRYPT_ACTIVATE_IV_LARGE_SECTORS; +} + +static void _set_reencryption_flags(uint32_t *flags) +{ + if (opt_reencrypt_init_only) + *flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY; + + if (opt_reencrypt_resume_only) + *flags |= CRYPT_REENCRYPT_RESUME_ONLY; +} + +static int _set_keyslot_encryption_params(struct crypt_device *cd) +{ + const char *type = crypt_get_type(cd); + + if (!opt_keyslot_key_size && !opt_keyslot_cipher) + return 0; + + if (!type || strcmp(type, CRYPT_LUKS2)) { + log_err(_("Keyslot encryption parameters can be set only for LUKS2 device.")); + return -EINVAL; + } + + return crypt_keyslot_set_encryption(cd, opt_keyslot_cipher, opt_keyslot_key_size / 8); } static int action_open_plain(void) { - struct crypt_device *cd = NULL; - char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + struct crypt_device *cd = NULL, *cd1 = NULL; + const char *pcipher, *pmode; + char *msg, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + struct crypt_active_device cad; struct crypt_params_plain params = { .hash = opt_hash ?: DEFAULT_PLAIN_HASH, .skip = opt_skip, .offset = opt_offset, .size = opt_size, + .sector_size = opt_sector_size ?: SECTOR_SIZE }; char *password = NULL; - size_t passwordLen; - size_t key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8; + const char *activated_name = NULL; + size_t passwordLen, key_size_max, signatures = 0, + key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8; uint32_t activate_flags = 0; - int keyfile_limited = 0; int r; r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN), cipher, NULL, cipher_mode); if (r < 0) { - log_err(_("No known cipher specification pattern detected.\n")); + log_err(_("No known cipher specification pattern detected.")); goto out; } - if (opt_key_file && strcmp(opt_key_file, "-") != 0) - keyfile_limited = 1; - /* FIXME: temporary hack, no hashing for keyfiles in plain mode */ - if (opt_key_file && keyfile_limited) { + if (opt_key_file && !tools_is_stdin(opt_key_file)) { params.hash = NULL; if (!opt_batch_mode && opt_hash) log_std(_("WARNING: The --hash parameter is being ignored " @@ -148,18 +263,65 @@ static int action_open_plain(void) if (params.hash && !strcmp(params.hash, "plain")) params.hash = NULL; - if (!opt_batch_mode && !params.hash && opt_key_file && keyfile_limited && opt_keyfile_size) + if (!opt_batch_mode && !params.hash && opt_key_file && !tools_is_stdin(opt_key_file) && opt_keyfile_size) log_std(_("WARNING: The --keyfile-size option is being ignored, " "the read size is the same as the encryption key size.\n")); - if ((r = crypt_init(&cd, action_argv[0]))) - goto out; + if (opt_refresh) { + activated_name = action_argc > 1 ? action_argv[1] : action_argv[0]; + r = crypt_init_by_name_and_header(&cd1, activated_name, NULL); + if (r) + goto out; + r = crypt_get_active_device(cd1, activated_name, &cad); + if (r) + goto out; + + /* copy known parameters from existing device */ + params.skip = crypt_get_iv_offset(cd1); + params.offset = crypt_get_data_offset(cd1); + params.size = cad.size; + params.sector_size = crypt_get_sector_size(cd1); + key_size = crypt_get_volume_key_size(cd1); + + if ((r = crypt_init(&cd, crypt_get_device_name(cd1)))) + goto out; + + activate_flags |= CRYPT_ACTIVATE_REFRESH; + + pcipher = crypt_get_cipher(cd1); + pmode = crypt_get_cipher_mode(cd1); + } else { + activated_name = action_argv[1]; + if ((r = crypt_init(&cd, action_argv[0]))) + goto out; + + /* Skip blkid scan when activating plain device with offset */ + if (!opt_offset) { + /* Print all present signatures in read-only mode */ + r = tools_detect_signatures(action_argv[0], 0, &signatures); + if (r < 0) + goto out; + } + + if (signatures) { + r = asprintf(&msg, _("Detected device signature(s) on %s. Proceeding further may damage existing data."), action_argv[0]); + if (r == -1) { + r = -ENOMEM; + goto out; + } + + r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; + free(msg); + if (r < 0) + goto out; + } - crypt_set_timeout(cd, opt_timeout); - crypt_set_password_retry(cd, opt_tries); + pcipher = cipher; + pmode = cipher_mode; + } r = crypt_format(cd, CRYPT_PLAIN, - cipher, cipher_mode, + pcipher, pmode, NULL, NULL, key_size, ¶ms); @@ -172,31 +334,31 @@ static int action_open_plain(void) _set_activation_flags(&activate_flags); - if (opt_key_file) { + if (!tools_is_stdin(opt_key_file)) { /* If no hash, key is read directly, read size is always key_size * (possible opt_keyfile_size is ignored. * If hash is specified, opt_keyfile_size is applied. * The opt_keyfile_offset is applied always. */ - r = crypt_activate_by_keyfile_offset(cd, action_argv[1], - CRYPT_ANY_SLOT, opt_key_file, - params.hash ? opt_keyfile_size : key_size, opt_keyfile_offset, - activate_flags); + key_size_max = params.hash ? (size_t)opt_keyfile_size : key_size; + r = crypt_activate_by_keyfile_device_offset(cd, action_argv[1], + CRYPT_ANY_SLOT, opt_key_file, key_size_max, + opt_keyfile_offset, activate_flags); } else { - r = tools_get_key(_("Enter passphrase: "), - &password, &passwordLen, - opt_keyfile_offset, opt_keyfile_size, - NULL, opt_timeout, - _verify_passphrase(0), 0, - cd); + key_size_max = (opt_key_file && !params.hash) ? key_size : (size_t)opt_keyfile_size; + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, key_size_max, + opt_key_file, opt_timeout, + _verify_passphrase(0), 0, cd); if (r < 0) goto out; - r = crypt_activate_by_passphrase(cd, action_argv[1], + r = crypt_activate_by_passphrase(cd, activated_name, CRYPT_ANY_SLOT, password, passwordLen, activate_flags); } out: crypt_free(cd); + crypt_free(cd1); crypt_safe_free(password); return r; @@ -212,27 +374,36 @@ static int action_open_loopaes(void) }; unsigned int key_size = (opt_key_size ?: DEFAULT_LOOPAES_KEYBITS) / 8; uint32_t activate_flags = 0; + const char *activated_name = NULL; int r; if (!opt_key_file) { - log_err(_("Option --key-file is required.\n")); + log_err(_("Option --key-file is required.")); return -EINVAL; } - _set_activation_flags(&activate_flags); + if (opt_refresh) { + activated_name = action_argc > 1 ? action_argv[1] : action_argv[0]; + if ((r = crypt_init_by_name(&cd, activated_name))) + goto out; + activate_flags |= CRYPT_ACTIVATE_REFRESH; + } else { + activated_name = action_argv[1]; + if ((r = crypt_init(&cd, action_argv[0]))) + goto out; - if ((r = crypt_init(&cd, action_argv[0]))) - goto out; + r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER, + NULL, NULL, NULL, key_size, ¶ms); + check_signal(&r); + if (r < 0) + goto out; + } - r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER, - NULL, NULL, NULL, key_size, ¶ms); - check_signal(&r); - if (r < 0) - goto out; + _set_activation_flags(&activate_flags); - r = crypt_activate_by_keyfile_offset(cd, action_argv[1], CRYPT_ANY_SLOT, - opt_key_file, opt_keyfile_size, - opt_keyfile_offset, activate_flags); + r = crypt_activate_by_keyfile_device_offset(cd, activated_name, CRYPT_ANY_SLOT, + tools_is_stdin(opt_key_file) ? "/dev/stdin" : opt_key_file, opt_keyfile_size, + opt_keyfile_offset, activate_flags); out: crypt_free(cd); @@ -243,15 +414,49 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para { int r, tries = opt_tries, eperm = 0; + if (opt_keyfile_stdin) + tries = 1; + do { /* TCRYPT header is encrypted, get passphrase now */ - r = tools_get_key(_("Enter passphrase: "), - CONST_CAST(char**)¶ms->passphrase, - ¶ms->passphrase_size, 0, 0, NULL, opt_timeout, + r = tools_get_key(NULL, CONST_CAST(char**)¶ms->passphrase, + ¶ms->passphrase_size, 0, 0, opt_keyfile_stdin, opt_timeout, _verify_passphrase(0), 0, cd); if (r < 0) continue; + if (opt_veracrypt_query_pim) { + char *tmp_pim_nptr = NULL; + char *tmp_pim_end = NULL; + size_t tmp_pim_size = 0; + unsigned long long tmp_pim_ull = 0; + + r = tools_get_key(_("Enter VeraCrypt PIM: "), + CONST_CAST(char**)&tmp_pim_nptr, + &tmp_pim_size, 0, 0, opt_keyfile_stdin, opt_timeout, + _verify_passphrase(0), 0, cd); + if (r < 0) + continue; + + tmp_pim_ull = strtoull(tmp_pim_nptr, &tmp_pim_end, 10); + if (*tmp_pim_nptr == '\0' || !tmp_pim_end || *tmp_pim_end != '\0') { + log_err(_("Invalid PIM value: parse error.")); + r = -EINVAL; + } else if (tmp_pim_ull == 0) { + log_err(_("Invalid PIM value: 0.")); + r = -EINVAL; + } else if (tmp_pim_ull > UINT32_MAX) { + log_err(_("Invalid PIM value: outside of range.")); + r = -ERANGE; + } + crypt_safe_free(CONST_CAST(char*)tmp_pim_nptr); + if (r < 0) + continue; + + params->veracrypt_pim = (uint32_t)tmp_pim_ull; + crypt_safe_memzero(&tmp_pim_ull, sizeof(tmp_pim_ull)); + } + if (opt_tcrypt_hidden) params->flags |= CRYPT_TCRYPT_HIDDEN_HEADER; @@ -264,7 +469,7 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para r = crypt_load(cd, CRYPT_TCRYPT, params); if (r == -EPERM) { - log_err(_("No device header detected with this passphrase.\n")); + log_err(_("No device header detected with this passphrase.")); eperm = 1; } @@ -274,7 +479,7 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para params->passphrase_size = 0; } check_signal(&r); - } while (r == -EPERM && (--tries > 0)); + } while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); /* Report wrong passphrase if at least one try failed */ if (eperm && r == -EPIPE) @@ -291,6 +496,7 @@ static int action_open_tcrypt(void) .keyfiles_count = opt_keyfiles_count, .flags = CRYPT_TCRYPT_LEGACY_MODES | (opt_veracrypt ? CRYPT_TCRYPT_VERA_MODES : 0), + .veracrypt_pim = (opt_veracrypt_pim > 0) ? opt_veracrypt_pim : 0, }; const char *activated_name; uint32_t activate_flags = 0; @@ -312,6 +518,49 @@ static int action_open_tcrypt(void) out: crypt_free(cd); crypt_safe_free(CONST_CAST(char*)params.passphrase); + crypt_safe_memzero(¶ms.veracrypt_pim, sizeof(params.veracrypt_pim)); + return r; +} + +static int action_open_bitlk(void) +{ + struct crypt_device *cd = NULL; + const char *activated_name; + uint32_t activate_flags = 0; + int r, tries; + char *password = NULL; + size_t passwordLen; + + activated_name = opt_test_passphrase ? NULL : action_argv[1]; + + if ((r = crypt_init(&cd, action_argv[0]))) + goto out; + + r = crypt_load(cd, CRYPT_BITLK, NULL); + if (r < 0) { + log_err(_("Device %s is not a valid BITLK device."), action_argv[0]); + goto out; + } + _set_activation_flags(&activate_flags); + + tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1; + do { + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, _verify_passphrase(0), 0, cd); + if (r < 0) + goto out; + + r = crypt_activate_by_passphrase(cd, activated_name, CRYPT_ANY_SLOT, + password, passwordLen, activate_flags); + tools_passphrase_msg(r); + check_signal(&r); + crypt_safe_free(password); + password = NULL; + } while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); +out: + crypt_safe_free(password); + crypt_free(cd); return r; } @@ -365,6 +614,7 @@ static int action_tcryptDump(void) .keyfiles_count = opt_keyfiles_count, .flags = CRYPT_TCRYPT_LEGACY_MODES | (opt_veracrypt ? CRYPT_TCRYPT_VERA_MODES : 0), + .veracrypt_pim = (opt_veracrypt_pim > 0) ? opt_veracrypt_pim : 0, }; int r; @@ -385,14 +635,44 @@ out: return r; } +static int action_bitlkDump(void) +{ + struct crypt_device *cd = NULL; + int r; + + if ((r = crypt_init(&cd, action_argv[0]))) + goto out; + + r = crypt_load(cd, CRYPT_BITLK, NULL); + if (r < 0) + goto out; + + r = crypt_dump(cd); +out: + crypt_free(cd); + return r; +} + static int action_close(void) { struct crypt_device *cd = NULL; + crypt_status_info ci; + uint32_t flags = 0; int r; + if (opt_deferred_remove) + flags |= CRYPT_DEACTIVATE_DEFERRED; + r = crypt_init_by_name(&cd, action_argv[0]); if (r == 0) - r = crypt_deactivate(cd, action_argv[0]); + r = crypt_deactivate_by_name(cd, action_argv[0], flags); + + if (!r && opt_deferred_remove) { + ci = crypt_status(cd, action_argv[0]); + if (ci == CRYPT_ACTIVE || ci == CRYPT_BUSY) + log_std(_("Device %s is still active and scheduled for deferred removal.\n"), + action_argv[0]); + } crypt_free(cd); return r; @@ -400,13 +680,56 @@ static int action_close(void) static int action_resize(void) { - struct crypt_device *cd = NULL; int r; + size_t passwordLen; + struct crypt_active_device cad; + char *password = NULL; + struct crypt_device *cd = NULL; r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device); - if (r == 0) - r = crypt_resize(cd, action_argv[0], opt_size); + if (r) + goto out; + + /* FIXME: LUKS2 may enforce fixed size and it must not be changed */ + r = crypt_get_active_device(cd, action_argv[0], &cad); + if (r) + goto out; + + if (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) { + if (opt_disable_keyring) { + r = -EINVAL; + log_err(_("Resize of active device requires volume key " + "in keyring but --disable-keyring option is set.")); + goto out; + } + + /* try load VK in kernel keyring using token */ + r = crypt_activate_by_token(cd, NULL, opt_token, NULL, + CRYPT_ACTIVATE_KEYRING_KEY); + tools_keyslot_msg(r, UNLOCKED); + if (r < 0 && opt_token_only) + goto out; + + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, _verify_passphrase(0), 0, cd); + if (r < 0) + goto out; + r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, + password, passwordLen, + CRYPT_ACTIVATE_KEYRING_KEY); + tools_passphrase_msg(r); + tools_keyslot_msg(r, UNLOCKED); + crypt_safe_free(password); + } + + if (opt_device_size) + opt_size = opt_device_size / SECTOR_SIZE; + + if (r >= 0) + r = crypt_resize(cd, action_argv[0], opt_size); +out: crypt_free(cd); return r; } @@ -414,7 +737,9 @@ static int action_resize(void) static int action_status(void) { crypt_status_info ci; + crypt_reencrypt_info ri; struct crypt_active_device cad; + struct crypt_params_integrity ip = {}; struct crypt_device *cd = NULL; char *backing_file; const char *device; @@ -451,27 +776,45 @@ static int action_status(void) log_std(" type: %s\n", crypt_get_type(cd) ?: "n/a"); + /* Print only CRYPT type devices */ + if (!crypt_get_cipher(cd)) + goto out; + + ri = crypt_reencrypt_status(cd, NULL); + if (ri > CRYPT_REENCRYPT_NONE && ri < CRYPT_REENCRYPT_INVALID) + log_std(" reencryption: in-progress\n"); + r = crypt_get_active_device(cd, action_argv[0], &cad); if (r < 0) goto out; + r = crypt_get_integrity_info(cd, &ip); + if (r < 0 && r != -ENOTSUP) + goto out; + log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8); + log_std(" key location: %s\n", (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) ? "keyring" : "dm-crypt"); + if (ip.integrity) + log_std(" integrity: %s\n", ip.integrity); + if (ip.integrity_key_size) + log_std(" integrity keysize: %d bits\n", ip.integrity_key_size * 8); device = crypt_get_device_name(cd); log_std(" device: %s\n", device); - if (crypt_loop_device(device)) { - backing_file = crypt_loop_backing_file(device); + if ((backing_file = crypt_loop_backing_file(device))) { log_std(" loop: %s\n", backing_file); free(backing_file); } + log_std(" sector size: %d\n", crypt_get_sector_size(cd)); log_std(" offset: %" PRIu64 " sectors\n", cad.offset); log_std(" size: %" PRIu64 " sectors\n", cad.size); if (cad.iv_offset) log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset); - log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ? - "readonly" : "read/write"); + log_std(" mode: %s%s\n", cad.flags & CRYPT_ACTIVATE_READONLY ? + "readonly" : "read/write", + (cad.flags & CRYPT_ACTIVATE_SUSPENDED) ? " (suspended)" : ""); if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS| - CRYPT_ACTIVATE_ALLOW_DISCARDS| + CRYPT_ACTIVATE_SAME_CPU_CRYPT| CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)) log_std(" flags: %s%s%s\n", (cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? "discards " : "", @@ -485,36 +828,77 @@ out: return r; } -static int action_benchmark_kdf(const char *hash) +static int benchmark_callback(uint32_t time_ms, void *usrptr) { - uint64_t kdf_iters; - int r; + struct crypt_pbkdf_type *pbkdf = usrptr; + int r = 0; - r = crypt_benchmark_kdf(NULL, "pbkdf2", hash, "foo", 3, "bar", 3, - &kdf_iters); - if (r < 0) - log_std("PBKDF2-%-9s N/A\n", hash); + check_signal(&r); + if (r) + log_err(_("Benchmark interrupted.")); else - log_std("PBKDF2-%-9s %7" PRIu64 " iterations per second\n", - hash, kdf_iters); + log_dbg("PBKDF benchmark: memory cost = %u, iterations = %u, " + "threads = %u (took %u ms)", pbkdf->max_memory_kb, + pbkdf->iterations, pbkdf->parallel_threads, time_ms); + return r; +} + +static int action_benchmark_kdf(const char *kdf, const char *hash, size_t key_size) +{ + int r; + if (!strcmp(kdf, CRYPT_KDF_PBKDF2)) { + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_PBKDF2, + .hash = hash, + .time_ms = 1000, + }; + + r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, "bar", 3, key_size, + &benchmark_callback, &pbkdf); + if (r < 0) + log_std(_("PBKDF2-%-9s N/A\n"), hash); + else + log_std(_("PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"), + hash, pbkdf.iterations, key_size * 8); + } else { + struct crypt_pbkdf_type pbkdf = { + .type = kdf, + .time_ms = opt_iteration_time ?: DEFAULT_LUKS2_ITER_TIME, + .max_memory_kb = opt_pbkdf_memory, + .parallel_threads = opt_pbkdf_parallel, + }; + + r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, + "0123456789abcdef0123456789abcdef", 32, + key_size, &benchmark_callback, &pbkdf); + if (r < 0) + log_std(_("%-10s N/A\n"), kdf); + else + log_std(_("%-10s %4u iterations, %5u memory, " + "%1u parallel threads (CPUs) for " + "%zu-bit key (requested %u ms time)\n"), kdf, + pbkdf.iterations, pbkdf.max_memory_kb, pbkdf.parallel_threads, + key_size * 8, pbkdf.time_ms); + } + return r; } static int benchmark_cipher_loop(const char *cipher, const char *cipher_mode, - size_t volume_key_size, size_t iv_size, + size_t volume_key_size, double *encryption_mbs, double *decryption_mbs) { int r, buffer_size = 1024 * 1024; do { r = crypt_benchmark(NULL, cipher, cipher_mode, - volume_key_size, iv_size, buffer_size, + volume_key_size, 0, buffer_size, encryption_mbs, decryption_mbs); if (r == -ERANGE) { if (buffer_size < 1024 * 1024 * 65) buffer_size *= 2; else { - log_err(_("Result of benchmark is not reliable.\n")); + log_err(_("Result of benchmark is not reliable.")); r = -ENOENT; } } @@ -529,88 +913,93 @@ static int action_benchmark(void) const char *cipher; const char *mode; size_t key_size; - size_t iv_size; } bciphers[] = { - { "aes", "cbc", 16, 16 }, - { "serpent", "cbc", 16, 16 }, - { "twofish", "cbc", 16, 16 }, - { "aes", "cbc", 32, 16 }, - { "serpent", "cbc", 32, 16 }, - { "twofish", "cbc", 32, 16 }, - { "aes", "xts", 32, 16 }, - { "serpent", "xts", 32, 16 }, - { "twofish", "xts", 32, 16 }, - { "aes", "xts", 64, 16 }, - { "serpent", "xts", 64, 16 }, - { "twofish", "xts", 64, 16 }, - { NULL, NULL, 0, 0 } + { "aes", "cbc", 16 }, + { "serpent", "cbc", 16 }, + { "twofish", "cbc", 16 }, + { "aes", "cbc", 32 }, + { "serpent", "cbc", 32 }, + { "twofish", "cbc", 32 }, + { "aes", "xts", 32 }, + { "serpent", "xts", 32 }, + { "twofish", "xts", 32 }, + { "aes", "xts", 64 }, + { "serpent", "xts", 64 }, + { "twofish", "xts", 64 }, + { NULL, NULL, 0 } }; - static const char *bkdfs[] = { - "sha1", "sha256", "sha512", "ripemd160", "whirlpool", NULL + static struct { + const char *type; + const char *hash; + } bkdfs[] = { + { CRYPT_KDF_PBKDF2, "sha1" }, + { CRYPT_KDF_PBKDF2, "sha256" }, + { CRYPT_KDF_PBKDF2, "sha512" }, + { CRYPT_KDF_PBKDF2, "ripemd160" }, + { CRYPT_KDF_PBKDF2, "whirlpool" }, + { CRYPT_KDF_ARGON2I, NULL }, + { CRYPT_KDF_ARGON2ID, NULL }, + { NULL, NULL } }; char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; double enc_mbr = 0, dec_mbr = 0; - int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS); - int iv_size = 16, skipped = 0; + int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8; + int skipped = 0, width; char *c; int i, r; log_std(_("# Tests are approximate using memory only (no storage IO).\n")); - if (opt_hash) { - r = action_benchmark_kdf(opt_hash); + if (opt_pbkdf || opt_hash) { + if (!opt_pbkdf && opt_hash) + opt_pbkdf = CRYPT_KDF_PBKDF2; + r = action_benchmark_kdf(opt_pbkdf, opt_hash, key_size); } else if (opt_cipher) { r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode); if (r < 0) { - log_err(_("No known cipher specification pattern detected.\n")); + log_err(_("No known cipher specification pattern detected.")); return r; } if ((c = strchr(cipher_mode, '-'))) *c = '\0'; - /* FIXME: not really clever :) */ - if (strstr(cipher, "des") || - strstr(cipher, "blowfish") || - strstr(cipher, "cast5")) - iv_size = 8; - - if (!strcmp(cipher_mode, "ecb")) - iv_size = 0; - - r = benchmark_cipher_loop(cipher, cipher_mode, - key_size / 8, iv_size, - &enc_mbr, &dec_mbr); + r = benchmark_cipher_loop(cipher, cipher_mode, key_size, &enc_mbr, &dec_mbr); if (!r) { - log_std(N_("# Algorithm | Key | Encryption | Decryption\n")); - log_std("%8s-%s %4db %6.1f MiB/s %6.1f MiB/s\n", - cipher, cipher_mode, key_size, enc_mbr, dec_mbr); - } else if (r == -ENOENT) - log_err(_("Cipher %s is not available.\n"), opt_cipher); + width = strlen(cipher) + strlen(cipher_mode) + 1; + if (width < 11) + width = 11; + /* TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. */ + log_std(_("#%*s Algorithm | Key | Encryption | Decryption\n"), width - 11, ""); + log_std("%*s-%s %9db %10.1f MiB/s %10.1f MiB/s\n", width - (int)strlen(cipher_mode) - 1, + cipher, cipher_mode, key_size*8, enc_mbr, dec_mbr); + } else if (r < 0) + log_err(_("Cipher %s (with %i bits key) is not available."), opt_cipher, key_size * 8); } else { - for (i = 0; bkdfs[i]; i++) { - r = action_benchmark_kdf(bkdfs[i]); + for (i = 0; bkdfs[i].type; i++) { + r = action_benchmark_kdf(bkdfs[i].type, bkdfs[i].hash, key_size); check_signal(&r); if (r == -EINTR) break; } + for (i = 0; bciphers[i].cipher; i++) { r = benchmark_cipher_loop(bciphers[i].cipher, bciphers[i].mode, - bciphers[i].key_size, bciphers[i].iv_size, - &enc_mbr, &dec_mbr); + bciphers[i].key_size, &enc_mbr, &dec_mbr); check_signal(&r); if (r == -ENOTSUP || r == -EINTR) break; if (r == -ENOENT) skipped++; if (i == 0) - log_std(N_("# Algorithm | Key | Encryption | Decryption\n")); + /* TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. */ + log_std(_("# Algorithm | Key | Encryption | Decryption\n")); snprintf(cipher, MAX_CIPHER_LEN, "%s-%s", bciphers[i].cipher, bciphers[i].mode); if (!r) - log_std("%12s %4zub %6.1f MiB/s %6.1f MiB/s\n", + log_std("%15s %9zub %10.1f MiB/s %10.1f MiB/s\n", cipher, bciphers[i].key_size*8, enc_mbr, dec_mbr); else - log_std("%12s %4zub %13s %13s\n", cipher, + log_std("%15s %9zub %17s %17s\n", cipher, bciphers[i].key_size*8, _("N/A"), _("N/A")); } if (skipped && skipped == i) @@ -618,38 +1007,114 @@ static int action_benchmark(void) } if (r == -ENOTSUP) { - log_err(_("Required kernel crypto interface not available.\n")); + log_err(_("Required kernel crypto interface not available.")); #ifdef ENABLE_AF_ALG - log_err( _("Ensure you have algif_skcipher kernel module loaded.\n")); + log_err( _("Ensure you have algif_skcipher kernel module loaded.")); #endif } return r; } -static int _read_mk(const char *file, char **key, int keysize) +static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type) { - int fd; + const struct crypt_pbkdf_type *pbkdf_default; + struct crypt_pbkdf_type pbkdf = {}; - *key = crypt_safe_alloc(keysize); - if (!*key) - return -ENOMEM; + pbkdf_default = crypt_get_pbkdf_default(dev_type); + if (!pbkdf_default) + return -EINVAL; - fd = open(file, O_RDONLY); - if (fd == -1) { - log_err(_("Cannot read keyfile %s.\n"), file); - goto fail; + pbkdf.type = opt_pbkdf ?: pbkdf_default->type; + pbkdf.hash = opt_hash ?: pbkdf_default->hash; + pbkdf.time_ms = (uint32_t)opt_iteration_time ?: pbkdf_default->time_ms; + if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) { + pbkdf.max_memory_kb = (uint32_t)opt_pbkdf_memory ?: pbkdf_default->max_memory_kb; + pbkdf.parallel_threads = (uint32_t)opt_pbkdf_parallel ?: pbkdf_default->parallel_threads; } - if ((read(fd, *key, keysize) != keysize)) { - log_err(_("Cannot read %d bytes from keyfile %s.\n"), keysize, file); - close(fd); - goto fail; + + if (opt_pbkdf_iterations) { + pbkdf.iterations = opt_pbkdf_iterations; + pbkdf.time_ms = 0; + pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK; } - close(fd); - return 0; -fail: - crypt_safe_free(*key); - *key = NULL; - return -EINVAL; + + return crypt_set_pbkdf_type(cd, &pbkdf); +} + +static int set_keyslot_params(struct crypt_device *cd, int keyslot) +{ + const char *cipher; + struct crypt_pbkdf_type pbkdf; + size_t key_size; + + cipher = crypt_keyslot_get_encryption(cd, keyslot, &key_size); + if (!cipher) + return -EINVAL; + + if (crypt_keyslot_set_encryption(cd, cipher, key_size)) + return -EINVAL; + + /* if requested any of those just reinitialize context pbkdf */ + if (opt_pbkdf || opt_hash || opt_pbkdf_iterations || opt_iteration_time) + return set_pbkdf_params(cd, CRYPT_LUKS2); + + if (crypt_keyslot_get_pbkdf(cd, keyslot, &pbkdf)) + return -EINVAL; + + pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK; + + return crypt_set_pbkdf_type(cd, &pbkdf); +} + +static int _do_luks2_reencrypt_recovery(struct crypt_device *cd) +{ + int r; + size_t passwordLen; + char *password = NULL; + struct crypt_params_reencrypt recovery_params = { + .flags = CRYPT_REENCRYPT_RECOVERY + }; + + crypt_reencrypt_info ri = crypt_reencrypt_status(cd, NULL); + switch (ri) { + case CRYPT_REENCRYPT_NONE: + /* fall through */ + case CRYPT_REENCRYPT_CLEAN: + r = noDialog(_("Seems device does not require reencryption recovery.\n" + "Do you want to proceed anyway?"), NULL); + if (!r) + return 0; + break; + case CRYPT_REENCRYPT_CRASH: + r = yesDialog(_("Really proceed with LUKS2 reencryption recovery?"), + _("Operation aborted.\n")); + if (!r) + return -EINVAL; + break; + default: + return -EINVAL; + } + + r = tools_get_key(_("Enter passphrase for reencryption recovery: "), + &password, &passwordLen, opt_keyfile_offset, + opt_keyfile_size, opt_key_file, opt_timeout, + _verify_passphrase(0), 0, cd); + if (r < 0) + return r; + + r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, + password, passwordLen, 0); + if (r < 0) + goto out; + + r = crypt_reencrypt_init_by_passphrase(cd, NULL, password, passwordLen, + opt_key_slot, opt_key_slot, NULL, NULL, &recovery_params); + if (r > 0) + r = 0; +out: + crypt_safe_free(password); + + return r; } static int action_luksRepair(void) @@ -657,183 +1122,394 @@ static int action_luksRepair(void) struct crypt_device *cd = NULL; int r; - if ((r = crypt_init(&cd, action_argv[0]))) + if ((r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0], + action_argv[0]))) goto out; - /* Currently only LUKS1 allows repair */ crypt_set_log_callback(cd, quiet_log, NULL); - r = crypt_load(cd, CRYPT_LUKS1, NULL); + r = crypt_load(cd, luksType(opt_type), NULL); crypt_set_log_callback(cd, tool_log, NULL); if (r == 0) { - log_verbose(_("No known problems detected for LUKS header.\n")); - goto out; + log_verbose(_("No known problems detected for LUKS header.")); + goto skip_repair; } + r = tools_detect_signatures(action_argv[0], 1, NULL); + if (r < 0) + goto out; + r = yesDialog(_("Really try to repair LUKS device header?"), - NULL) ? 0 : -EINVAL; + _("Operation aborted.\n")) ? 0 : -EINVAL; if (r == 0) - r = crypt_repair(cd, CRYPT_LUKS1, NULL); + r = crypt_repair(cd, luksType(opt_type), NULL); +skip_repair: + if (!r && crypt_get_type(cd) && !strcmp(crypt_get_type(cd), CRYPT_LUKS2)) + r = _do_luks2_reencrypt_recovery(cd); out: crypt_free(cd); return r; } -static int action_luksFormat(void) +static int _wipe_data_device(struct crypt_device *cd) { - int r = -EINVAL, keysize; - const char *header_device; - char *msg = NULL, *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; - char *password = NULL; - size_t passwordLen; + char tmp_name[64], tmp_path[128], tmp_uuid[40]; + uuid_t tmp_uuid_bin; + int r; + + if (!opt_batch_mode) + log_std(_("Wiping device to initialize integrity checksum.\n" + "You can interrupt this by pressing CTRL+c " + "(rest of not wiped device will contain invalid checksum).\n")); + + /* Activate the device a temporary one */ + uuid_generate(tmp_uuid_bin); + uuid_unparse(tmp_uuid_bin, tmp_uuid); + if (snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid) < 0) + return -EINVAL; + if (snprintf(tmp_path, sizeof(tmp_path), "%s/%s", crypt_get_dir(), tmp_name) < 0) + return -EINVAL; + + r = crypt_activate_by_volume_key(cd, tmp_name, NULL, 0, + CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL); + if (r < 0) + return r; + + /* Wipe the device */ + set_int_handler(0); + r = crypt_wipe(cd, tmp_path, CRYPT_WIPE_ZERO, 0, 0, DEFAULT_WIPE_BLOCK, + 0, &tools_wipe_progress, NULL); + if (crypt_deactivate(cd, tmp_name)) + log_err(_("Cannot deactivate temporary device %s."), tmp_path); + set_int_block(0); + + return r; +} + +static int strcmp_or_null(const char *str, const char *expected) +{ + return !str ? 0 : strcmp(str, expected); +} + +static int _luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_passwordLen) +{ + int r = -EINVAL, keysize, integrity_keysize = 0, fd, created = 0; + struct stat st; + const char *header_device, *type; + char *msg = NULL, *key = NULL, *password = NULL; + char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], integrity[MAX_CIPHER_LEN]; + size_t passwordLen, signatures; struct crypt_device *cd = NULL; - struct crypt_params_luks1 params = { + struct crypt_params_luks1 params1 = { .hash = opt_hash ?: DEFAULT_LUKS1_HASH, .data_alignment = opt_align_payload, .data_device = opt_header_device ? action_argv[0] : NULL, }; + struct crypt_params_luks2 params2 = { + .data_alignment = params1.data_alignment, + .data_device = params1.data_device, + .sector_size = opt_sector_size ?: SECTOR_SIZE, + .label = opt_label, + .subsystem = opt_subsystem + }; + void *params; - header_device = opt_header_device ?: action_argv[0]; + type = luksType(opt_type); + if (!type) + type = crypt_get_default_type(); - if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), - header_device) == -1) { - log_err(_("memory allocation error in action_luksFormat")); - r = -ENOMEM; - goto out; - } - r = yesDialog(msg, NULL) ? 0 : -EINVAL; - free(msg); - if (r < 0) - goto out; + if (!strcmp(type, CRYPT_LUKS2)) { + params = ¶ms2; + } else if (!strcmp(type, CRYPT_LUKS1)) { + params = ¶ms1; - r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1), - cipher, NULL, cipher_mode); - if (r < 0) { - log_err(_("No known cipher specification pattern detected.\n")); + if (opt_sector_size > SECTOR_SIZE) { + log_err(_("Unsupported encryption sector size.")); + return -EINVAL; + } + + if (opt_integrity) { + log_err(_("Integrity option can be used only for LUKS2 format.")); + return -EINVAL; + } + + if (opt_luks2_keyslots_size || opt_luks2_metadata_size) { + log_err(_("Unsupported LUKS2 metadata size options.")); + return -EINVAL; + } + } else + return -EINVAL; + + /* Create header file (must contain at least one sector)? */ + if (opt_header_device && stat(opt_header_device, &st) < 0 && errno == ENOENT) { + if (!opt_batch_mode && + !yesDialog("Header file does not exist, do you want to create it?", + _("Operation aborted.\n"))) + return -EPERM; + + log_dbg("Creating header file."); + /* coverity[toctou] */ + fd = open(opt_header_device, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); + if (fd == -1 || posix_fallocate(fd, 0, 4096)) + log_err(_("Cannot create header file %s."), opt_header_device); + else { + r = 0; + created = 1; + } + if (fd != -1) + close(fd); + if (r < 0) + return r; + } + + header_device = opt_header_device ?: action_argv[0]; + + r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1), + cipher, NULL, cipher_mode); + if (r < 0) { + log_err(_("No known cipher specification pattern detected.")); goto out; } + if (opt_integrity) { + r = crypt_parse_integrity_mode(opt_integrity, integrity, &integrity_keysize); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + goto out; + } + params2.integrity = integrity; + /* FIXME: we use default integrity_params (set to NULL) */ + } + + /* Never call pwquality if using null cipher */ + if (tools_is_cipher_null(cipher)) + opt_force_password = 1; + if ((r = crypt_init(&cd, header_device))) { if (opt_header_device) - log_err(_("Cannot use %s as on-disk header.\n"), header_device); - goto out; + log_err(_("Cannot use %s as on-disk header."), header_device); + return r; + } + + if (opt_luks2_keyslots_size || opt_luks2_metadata_size) { + r = crypt_set_metadata_size(cd, opt_luks2_metadata_size, opt_luks2_keyslots_size); + if (r < 0) { + log_err(_("Unsupported LUKS2 metadata size options.")); + goto out; + } + } + + if (opt_offset) { + r = crypt_set_data_offset(cd, opt_offset); + if (r < 0) + goto out; } - keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8; + /* Print all present signatures in read-only mode */ + r = tools_detect_signatures(header_device, 0, &signatures); + if (r < 0) + goto out; + + if (!created) { + r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device); + if (r == -1) { + r = -ENOMEM; + goto out; + } + + r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; + free(msg); + if (r < 0) + goto out; + } - crypt_set_timeout(cd, opt_timeout); - if (opt_iteration_time) - crypt_set_iteration_time(cd, opt_iteration_time); +#ifdef ENABLE_LUKS_ADJUST_XTS_KEYSIZE + if (!opt_key_size && !strncmp(cipher_mode, "xts-", 4)) { + if (DEFAULT_LUKS1_KEYBITS == 128) + opt_key_size = 256; + else if (DEFAULT_LUKS1_KEYBITS == 256) + opt_key_size = 512; + } +#endif + keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8 + integrity_keysize; if (opt_random) crypt_set_rng_type(cd, CRYPT_RNG_RANDOM); else if (opt_urandom) crypt_set_rng_type(cd, CRYPT_RNG_URANDOM); - r = tools_get_key(_("Enter passphrase: "), &password, &passwordLen, + r = tools_get_key(NULL, &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, _verify_passphrase(1), 1, cd); if (r < 0) goto out; if (opt_master_key_file) { - r = _read_mk(opt_master_key_file, &key, keysize); + r = tools_read_mk(opt_master_key_file, &key, keysize); if (r < 0) goto out; } - r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, - opt_uuid, key, keysize, ¶ms); + r = set_pbkdf_params(cd, type); + if (r) { + log_err(_("Failed to set pbkdf parameters.")); + goto out; + } + + /* Signature candidates found */ + if (signatures && ((r = tools_wipe_all_signatures(header_device)) < 0)) + goto out; + + if (opt_integrity_legacy_padding) + crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING); + + r = crypt_format(cd, type, cipher, cipher_mode, + opt_uuid, key, keysize, params); check_signal(&r); if (r < 0) goto out; + r = _set_keyslot_encryption_params(cd); + if (r < 0) + goto out; + r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, password, passwordLen); + if (r < 0) { + (void) tools_wipe_all_signatures(header_device); + goto out; + } + tools_keyslot_msg(r, CREATED); + + if (opt_integrity && !opt_integrity_no_wipe && + strcmp_or_null(params2.integrity, "none")) + r = _wipe_data_device(cd); out: - crypt_free(cd); + if (r >= 0 && r_cd && r_password && r_passwordLen) { + *r_cd = cd; + *r_password = password; + *r_passwordLen = passwordLen; + } else { + crypt_free(cd); + crypt_safe_free(password); + } + crypt_safe_free(key); - crypt_safe_free(password); return r; } +static int action_luksFormat(void) +{ + return _luksFormat(NULL, NULL, NULL); +} + static int action_open_luks(void) { + struct crypt_active_device cad; struct crypt_device *cd = NULL; const char *data_device, *header_device, *activated_name; char *key = NULL; uint32_t activate_flags = 0; - int r, keysize; - - header_device = uuid_or_device_header(&data_device); + int r, keysize, tries; + char *password = NULL; + size_t passwordLen; - activated_name = opt_test_passphrase ? NULL : action_argv[1]; + if (opt_refresh) { + activated_name = action_argc > 1 ? action_argv[1] : action_argv[0]; + r = crypt_init_by_name_and_header(&cd, activated_name, opt_header_device); + if (r) + goto out; + activate_flags |= CRYPT_ACTIVATE_REFRESH; + } else { + header_device = uuid_or_device_header(&data_device); - if ((r = crypt_init(&cd, header_device))) - goto out; + activated_name = opt_test_passphrase ? NULL : action_argv[1]; - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) - goto out; + if ((r = crypt_init_data_device(&cd, header_device, data_device))) + goto out; - if (data_device && - (r = crypt_set_data_device(cd, data_device))) - goto out; + if ((r = crypt_load(cd, luksType(opt_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + header_device); + goto out; + } - if (!data_device && (crypt_get_data_offset(cd) < 8)) { - log_err(_("Reduced data offset is allowed only for detached LUKS header.\n")); - r = -EINVAL; - goto out; + if (!data_device && (crypt_get_data_offset(cd) < 8) && !opt_test_passphrase) { + log_err(_("Reduced data offset is allowed only for detached LUKS header.")); + r = -EINVAL; + goto out; + } } - crypt_set_timeout(cd, opt_timeout); - crypt_set_password_retry(cd, opt_tries); - crypt_set_password_verify(cd, _verify_passphrase(0)); - - if (opt_iteration_time) - crypt_set_iteration_time(cd, opt_iteration_time); - _set_activation_flags(&activate_flags); if (opt_master_key_file) { keysize = crypt_get_volume_key_size(cd); - r = _read_mk(opt_master_key_file, &key, keysize); + if (!keysize && !opt_key_size) { + log_err(_("Cannot determine volume key size for LUKS without keyslots, please use --key-size option.")); + r = -EINVAL; + goto out; + } else if (!keysize) + keysize = opt_key_size / 8; + + r = tools_read_mk(opt_master_key_file, &key, keysize); if (r < 0) goto out; r = crypt_activate_by_volume_key(cd, activated_name, key, keysize, activate_flags); - } else if (opt_key_file) { - crypt_set_password_retry(cd, 1); - r = crypt_activate_by_keyfile_offset(cd, activated_name, - opt_key_slot, opt_key_file, opt_keyfile_size, - opt_keyfile_offset, activate_flags); - } else - r = crypt_activate_by_passphrase(cd, activated_name, - opt_key_slot, NULL, 0, activate_flags); + } else { + r = crypt_activate_by_token(cd, activated_name, opt_token, NULL, activate_flags); + tools_keyslot_msg(r, UNLOCKED); + if (r >= 0 || opt_token_only) + goto out; + + tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1; + do { + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, _verify_passphrase(0), 0, cd); + if (r < 0) + goto out; + + r = crypt_activate_by_passphrase(cd, activated_name, + opt_key_slot, password, passwordLen, activate_flags); + tools_keyslot_msg(r, UNLOCKED); + tools_passphrase_msg(r); + check_signal(&r); + crypt_safe_free(password); + password = NULL; + } while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); + } out: + if (r >= 0 && opt_persistent && + (crypt_get_active_device(cd, activated_name, &cad) || + crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, cad.flags & activate_flags))) + log_err(_("Device activated but cannot make flags persistent.")); + crypt_safe_free(key); + crypt_safe_free(password); crypt_free(cd); return r; } -static int verify_keyslot(struct crypt_device *cd, int key_slot, - char *msg_last, char *msg_pass, - const char *key_file, int keyfile_offset, +static int verify_keyslot(struct crypt_device *cd, int key_slot, crypt_keyslot_info ki, + char *msg_last, char *msg_pass, char *msg_fail, + const char *key_file, uint64_t keyfile_offset, int keyfile_size) { - crypt_keyslot_info ki; char *password = NULL; size_t passwordLen; - int i, r; + int i, max, r; - ki = crypt_keyslot_status(cd, key_slot); - if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL)) + if (ki == CRYPT_SLOT_ACTIVE_LAST && !opt_batch_mode && !key_file && + msg_last && !yesDialog(msg_last, msg_fail)) return -EPERM; r = tools_get_key(msg_pass, &password, &passwordLen, keyfile_offset, keyfile_size, key_file, opt_timeout, _verify_passphrase(0), 0, cd); - if(r < 0) + if (r < 0) goto out; if (ki == CRYPT_SLOT_ACTIVE_LAST) { @@ -842,20 +1518,27 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot, password, passwordLen, 0); } else { /* try all other keyslots */ - for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) { + r = crypt_keyslot_max(crypt_get_type(cd)); + if (r < 0) + goto out; + max = r; + + for (i = 0; i < max ; i++) { if (i == key_slot) continue; - ki = crypt_keyslot_status(cd, key_slot); - if (ki == CRYPT_SLOT_ACTIVE) - r = crypt_activate_by_passphrase(cd, NULL, i, - password, passwordLen, 0); + ki = crypt_keyslot_status(cd, i); + if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) + r = crypt_activate_by_passphrase(cd, NULL, i, + password, passwordLen, 0); if (r == i) break; } } - if (r == -EPERM) - log_err(_("No key available with this passphrase.\n")); + /* Handle inactive keyslots the same as bad password here */ + if (r == -ENOENT) + r = -EPERM; + tools_passphrase_msg(r); out: crypt_safe_free(password); return r; @@ -864,39 +1547,54 @@ out: static int action_luksKillSlot(void) { struct crypt_device *cd = NULL; + crypt_keyslot_info ki; int r; if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) goto out; crypt_set_confirm_callback(cd, yesDialog, NULL); - crypt_set_timeout(cd, opt_timeout); - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) + if ((r = crypt_load(cd, luksType(opt_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); goto out; + } - switch (crypt_keyslot_status(cd, opt_key_slot)) { + ki = crypt_keyslot_status(cd, opt_key_slot); + switch (ki) { case CRYPT_SLOT_ACTIVE_LAST: case CRYPT_SLOT_ACTIVE: - log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot); + case CRYPT_SLOT_UNBOUND: + log_verbose(_("Keyslot %d is selected for deletion."), opt_key_slot); break; case CRYPT_SLOT_INACTIVE: - log_err(_("Key %d not active. Can't wipe.\n"), opt_key_slot); + log_err(_("Keyslot %d is not active."), opt_key_slot); + /* fall through */ case CRYPT_SLOT_INVALID: r = -EINVAL; goto out; } - if (!opt_batch_mode) { - r = verify_keyslot(cd, opt_key_slot, + if (!opt_batch_mode || opt_key_file || !isatty(STDIN_FILENO)) { + r = verify_keyslot(cd, opt_key_slot, ki, _("This is the last keyslot. Device will become unusable after purging this key."), _("Enter any remaining passphrase: "), + _("Operation aborted, the keyslot was NOT wiped.\n"), opt_key_file, opt_keyfile_offset, opt_keyfile_size); + tools_keyslot_msg(r, UNLOCKED); + + if (r == -EPIPE && (!opt_key_file || tools_is_stdin(opt_key_file))) { + log_dbg("Failed read from input, ignoring passphrase."); + r = 0; + } + if (r < 0) goto out; } r = crypt_keyslot_destroy(cd, opt_key_slot); + tools_keyslot_msg(opt_key_slot, REMOVED); out: crypt_free(cd); return r; @@ -913,10 +1611,12 @@ static int action_luksRemoveKey(void) goto out; crypt_set_confirm_callback(cd, yesDialog, NULL); - crypt_set_timeout(cd, opt_timeout); - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) + if ((r = crypt_load(cd, luksType(opt_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); goto out; + } r = tools_get_key(_("Enter passphrase to be deleted: "), &password, &passwordLen, @@ -929,28 +1629,94 @@ static int action_luksRemoveKey(void) r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, passwordLen, 0); + tools_passphrase_msg(r); check_signal(&r); if (r < 0) goto out; + tools_keyslot_msg(r, UNLOCKED); opt_key_slot = r; - log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot); + log_verbose(_("Keyslot %d is selected for deletion."), opt_key_slot); if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_ACTIVE_LAST && !yesDialog(_("This is the last keyslot. " "Device will become unusable after purging this key."), - NULL)) { + _("Operation aborted, the keyslot was NOT wiped.\n"))) { r = -EPERM; goto out; } r = crypt_keyslot_destroy(cd, opt_key_slot); + tools_keyslot_msg(opt_key_slot, REMOVED); out: crypt_safe_free(password); crypt_free(cd); return r; } +static int luksAddUnboundKey(void) +{ + int r = -EINVAL, keysize = 0; + char *key = NULL; + const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL); + char *password_new = NULL; + size_t password_new_size = 0; + struct crypt_device *cd = NULL; + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + + crypt_set_confirm_callback(cd, yesDialog, NULL); + + if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; + } + + r = _set_keyslot_encryption_params(cd); + if (r < 0) + goto out; + + /* Never call pwquality if using null cipher */ + if (tools_is_cipher_null(crypt_get_cipher(cd))) + opt_force_password = 1; + + keysize = opt_key_size / 8; + r = set_pbkdf_params(cd, crypt_get_type(cd)); + if (r) { + log_err(_("Failed to set pbkdf parameters.")); + goto out; + } + + if (opt_master_key_file) { + r = tools_read_mk(opt_master_key_file, &key, keysize); + if (r < 0) + goto out; + + check_signal(&r); + if (r < 0) + goto out; + } + + r = tools_get_key(_("Enter new passphrase for key slot: "), + &password_new, &password_new_size, + opt_new_keyfile_offset, opt_new_keyfile_size, + opt_new_key_file, opt_timeout, + _verify_passphrase(1), 1, cd); + if (r < 0) + goto out; + + r = crypt_keyslot_add_by_key(cd, opt_key_slot, key, keysize, + password_new, password_new_size, CRYPT_VOLUME_KEY_NO_SEGMENT); + tools_keyslot_msg(r, CREATED); +out: + crypt_safe_free(password_new); + crypt_safe_free(key); + crypt_free(cd); + return r; +} + static int action_luksAddKey(void) { int r = -EINVAL, keysize = 0; @@ -960,23 +1726,45 @@ static int action_luksAddKey(void) size_t password_size = 0, password_new_size = 0; struct crypt_device *cd = NULL; + /* Unbound keyslot (no assigned data segment) is special case */ + if (opt_unbound) + return luksAddUnboundKey(); + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) goto out; crypt_set_confirm_callback(cd, yesDialog, NULL); - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) + if ((r = crypt_load(cd, luksType(opt_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; + } + + r = _set_keyslot_encryption_params(cd); + if (r < 0) goto out; + /* Never call pwquality if using null cipher */ + if (tools_is_cipher_null(crypt_get_cipher(cd))) + opt_force_password = 1; + keysize = crypt_get_volume_key_size(cd); - /* FIXME: lib cannot properly set verification for new/old passphrase */ - crypt_set_password_verify(cd, _verify_passphrase(0)); - crypt_set_timeout(cd, opt_timeout); - if (opt_iteration_time) - crypt_set_iteration_time(cd, opt_iteration_time); + r = set_pbkdf_params(cd, crypt_get_type(cd)); + if (r) { + log_err(_("Failed to set pbkdf parameters.")); + goto out; + } if (opt_master_key_file) { - r = _read_mk(opt_master_key_file, &key, keysize); + if (!keysize && !opt_key_size) { + log_err(_("Cannot determine volume key size for LUKS without keyslots, please use --key-size option.")); + r = -EINVAL; + goto out; + } else if (!keysize) + keysize = opt_key_size / 8; + + r = tools_read_mk(opt_master_key_file, &key, keysize); if (r < 0) goto out; @@ -995,13 +1783,16 @@ static int action_luksAddKey(void) r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, password_new, password_new_size); - } else if (opt_key_file || opt_new_key_file) { - r = crypt_keyslot_add_by_keyfile_offset(cd, opt_key_slot, + } else if (opt_key_file && !tools_is_stdin(opt_key_file) && + opt_new_key_file && !tools_is_stdin(opt_new_key_file)) { + r = crypt_keyslot_add_by_keyfile_device_offset(cd, opt_key_slot, opt_key_file, opt_keyfile_size, opt_keyfile_offset, opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset); + tools_passphrase_msg(r); } else { r = tools_get_key(_("Enter any existing passphrase: "), - &password, &password_size, 0, 0, NULL, + &password, &password_size, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, _verify_passphrase(0), 0, cd); if (r < 0) @@ -1011,11 +1802,14 @@ static int action_luksAddKey(void) r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, password_size, 0); check_signal(&r); + tools_passphrase_msg(r); if (r < 0) goto out; + tools_keyslot_msg(r, UNLOCKED); r = tools_get_key(_("Enter new passphrase for key slot: "), - &password_new, &password_new_size, 0, 0, NULL, + &password_new, &password_new_size, + opt_new_keyfile_offset, opt_new_keyfile_size, opt_new_key_file, opt_timeout, _verify_passphrase(1), 1, cd); if (r < 0) goto out; @@ -1025,6 +1819,7 @@ static int action_luksAddKey(void) password_new, password_new_size); } out: + tools_keyslot_msg(r, CREATED); crypt_safe_free(password); crypt_safe_free(password_new); crypt_safe_free(key); @@ -1043,11 +1838,25 @@ static int action_luksChangeKey(void) if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) goto out; - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) + if ((r = crypt_load(cd, luksType(opt_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; + } + + r = _set_keyslot_encryption_params(cd); + if (r < 0) goto out; - if (opt_iteration_time) - crypt_set_iteration_time(cd, opt_iteration_time); + /* Never call pwquality if using null cipher */ + if (tools_is_cipher_null(crypt_get_cipher(cd))) + opt_force_password = 1; + + r = set_pbkdf_params(cd, crypt_get_type(cd)); + if (r) { + log_err(_("Failed to set pbkdf parameters.")); + goto out; + } r = tools_get_key(_("Enter passphrase to be changed: "), &password, &password_size, @@ -1058,10 +1867,12 @@ static int action_luksChangeKey(void) /* Check password before asking for new one */ r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot, - password, password_size, 0); + password, password_size, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY); + tools_passphrase_msg(r); check_signal(&r); if (r < 0) goto out; + tools_keyslot_msg(r, UNLOCKED); r = tools_get_key(_("Enter new passphrase: "), &password_new, &password_new_size, @@ -1073,6 +1884,7 @@ static int action_luksChangeKey(void) r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot, password, password_size, password_new, password_new_size); + tools_keyslot_msg(r, CREATED); out: crypt_safe_free(password); crypt_safe_free(password_new); @@ -1080,6 +1892,55 @@ out: return r; } +static int action_luksConvertKey(void) +{ + struct crypt_device *cd = NULL; + char *password = NULL; + size_t password_size = 0; + int r; + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + + if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; + } + + r = _set_keyslot_encryption_params(cd); + if (r < 0) + goto out; + + if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_INACTIVE) { + r = -EINVAL; + log_err(_("Keyslot %d is not active."), opt_key_slot); + goto out; + } + + r = set_pbkdf_params(cd, crypt_get_type(cd)); + if (r) { + log_err(_("Failed to set pbkdf parameters.")); + goto out; + } + + r = tools_get_key(_("Enter passphrase for keyslot to be converted: "), + &password, &password_size, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, _verify_passphrase(0), 0, cd); + if (r < 0) + goto out; + + r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot, + password, password_size, password, password_size); + tools_passphrase_msg(r); + tools_keyslot_msg(r, CREATED); +out: + crypt_safe_free(password); + crypt_free(cd); + return r; +} + static int action_isLuks(void) { struct crypt_device *cd = NULL; @@ -1087,7 +1948,7 @@ static int action_isLuks(void) /* FIXME: argc > max should be checked for other operations as well */ if (action_argc > 1) { - log_err(_("Only one device argument for isLuks operation is supported.\n")); + log_err(_("Only one device argument for isLuks operation is supported.")); return -ENODEV; } @@ -1095,7 +1956,7 @@ static int action_isLuks(void) goto out; crypt_set_log_callback(cd, quiet_log, NULL); - r = crypt_load(cd, CRYPT_LUKS1, NULL); + r = crypt_load(cd, luksType(opt_type), NULL); out: crypt_free(cd); return r; @@ -1110,9 +1971,9 @@ static int action_luksUUID(void) if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) goto out; - crypt_set_confirm_callback(cd, yesDialog, NULL); + crypt_set_confirm_callback(cd, yesDialog, _("Operation aborted.\n")); - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) + if ((r = crypt_load(cd, luksType(opt_type), NULL))) goto out; if (opt_uuid) @@ -1137,9 +1998,9 @@ static int luksDump_with_volume_key(struct crypt_device *cd) crypt_set_confirm_callback(cd, yesDialog, NULL); if (!yesDialog( - _("Header dump with volume key is sensitive information\n" - "which allows access to encrypted partition without passphrase.\n" - "This dump should be always stored encrypted on safe place."), + _("The header dump with volume key is sensitive information\n" + "that allows access to encrypted partition without a passphrase.\n" + "This dump should be stored encrypted in a safe place."), NULL)) return -EPERM; @@ -1148,7 +2009,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd) if (!vk) return -ENOMEM; - r = tools_get_key(_("Enter passphrase: "), &password, &passwordLen, + r = tools_get_key(NULL, &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, opt_timeout, 0, 0, cd); if (r < 0) @@ -1156,9 +2017,17 @@ static int luksDump_with_volume_key(struct crypt_device *cd) r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, password, passwordLen); + tools_passphrase_msg(r); check_signal(&r); if (r < 0) goto out; + tools_keyslot_msg(r, UNLOCKED); + + if (opt_master_key_file) { + r = tools_write_mk(opt_master_key_file, vk, vk_size); + if (r < 0) + goto out; + } log_std("LUKS header information for %s\n", crypt_get_device_name(cd)); log_std("Cipher name: \t%s\n", crypt_get_cipher(cd)); @@ -1166,6 +2035,10 @@ static int luksDump_with_volume_key(struct crypt_device *cd) log_std("Payload offset:\t%d\n", (int)crypt_get_data_offset(cd)); log_std("UUID: \t%s\n", crypt_get_uuid(cd)); log_std("MK bits: \t%d\n", (int)vk_size * 8); + if (opt_master_key_file) { + log_std("Key stored to file %s.\n", opt_master_key_file); + goto out; + } log_std("MK dump:\t"); for(i = 0; i < vk_size; i++) { @@ -1181,171 +2054,1284 @@ out: return r; } -static int action_luksDump(void) +static int luksDump_with_unbound_key(struct crypt_device *cd) { - struct crypt_device *cd = NULL; - int r; + crypt_keyslot_info ki; + char *uk = NULL, *password = NULL; + size_t uk_size, passwordLen = 0; + int i, r; - if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) - goto out; + ki = crypt_keyslot_status(cd, opt_key_slot); + if (ki != CRYPT_SLOT_UNBOUND) { + log_err(_("Keyslot %d does not contain unbound key."), opt_key_slot); + return -EINVAL; + } - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) - goto out; + crypt_set_confirm_callback(cd, yesDialog, NULL); + if (!yesDialog( + _("The header dump with unbound key is sensitive information.\n" + "This dump should be stored encrypted in a safe place."), + NULL)) + return -EPERM; - if (opt_dump_master_key) - r = luksDump_with_volume_key(cd); - else - r = crypt_dump(cd); -out: - crypt_free(cd); - return r; -} + r = crypt_keyslot_get_key_size(cd, opt_key_slot); + if (r < 0) + return -EINVAL; + uk_size = r; + uk = crypt_safe_alloc(uk_size); + if (!uk) + return -ENOMEM; -static int action_luksSuspend(void) -{ - struct crypt_device *cd = NULL; - int r; + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, 0, 0, cd); + if (r < 0) + goto out; - r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device)); + r = crypt_volume_key_get(cd, opt_key_slot, uk, &uk_size, + password, passwordLen); + tools_passphrase_msg(r); + check_signal(&r); + if (r < 0) + goto out; + tools_keyslot_msg(r, UNLOCKED); + + if (opt_master_key_file) { + r = tools_write_mk(opt_master_key_file, uk, uk_size); + if (r < 0) + goto out; + } + + log_std("LUKS header information for %s\n", crypt_get_device_name(cd)); + log_std("UUID: \t%s\n", crypt_get_uuid(cd)); + log_std("Keyslot: \t%d\n", opt_key_slot); + log_std("Key bits:\t%d\n", (int)uk_size * 8); + if (opt_master_key_file) { + log_std("Key stored to file %s.\n", opt_master_key_file); + goto out; + } + log_std("Unbound Key:\t"); + + for(i = 0; i < (int)uk_size; i++) { + if (i && !(i % 16)) + log_std("\n\t\t"); + log_std("%02hhx ", (char)uk[i]); + } + log_std("\n"); +out: + crypt_safe_free(password); + crypt_safe_free(uk); + return r; +} + +static int action_luksDump(void) +{ + struct crypt_device *cd = NULL; + int r; + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + + if ((r = crypt_load(cd, luksType(opt_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; + } + + if (opt_dump_master_key) + r = luksDump_with_volume_key(cd); + else if (opt_unbound) + r = luksDump_with_unbound_key(cd); + else + r = crypt_dump(cd); +out: + crypt_free(cd); + return r; +} + +static int action_luksSuspend(void) +{ + struct crypt_device *cd = NULL; + int r; + + r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device)); if (!r) r = crypt_suspend(cd, action_argv[0]); - crypt_free(cd); - return r; + crypt_free(cd); + return r; +} + +static int action_luksResume(void) +{ + struct crypt_device *cd = NULL; + char *password = NULL; + size_t passwordLen; + int r, tries; + + if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device)))) + goto out; + + if ((r = crypt_load(cd, luksType(opt_type), NULL))) + goto out; + + tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1; + do { + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, _verify_passphrase(0), 0, cd); + if (r < 0) + goto out; + + r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT, + password, passwordLen); + tools_passphrase_msg(r); + check_signal(&r); + tools_keyslot_msg(r, UNLOCKED); + + crypt_safe_free(password); + password = NULL; + } while ((r == -EPERM || r == -ERANGE) && (--tries > 0)); +out: + crypt_safe_free(password); + crypt_free(cd); + return r; +} + +static int action_luksBackup(void) +{ + struct crypt_device *cd = NULL; + int r; + + if (!opt_header_backup_file) { + log_err(_("Option --header-backup-file is required.")); + return -EINVAL; + } + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + + crypt_set_confirm_callback(cd, yesDialog, NULL); + + r = crypt_header_backup(cd, NULL, opt_header_backup_file); +out: + crypt_free(cd); + return r; +} + +static int action_luksRestore(void) +{ + struct crypt_device *cd = NULL; + int r = 0; + + if (!opt_header_backup_file) { + log_err(_("Option --header-backup-file is required.")); + return -EINVAL; + } + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + + crypt_set_confirm_callback(cd, yesDialog, NULL); + r = crypt_header_restore(cd, NULL, opt_header_backup_file); +out: + crypt_free(cd); + return r; +} + +static const char *_get_device_type(void) +{ + const char *type, *name = NULL; + struct crypt_device *cd = NULL; + + if (action_argc > 1) + name = action_argv[1]; + else if (action_argc == 1) + name = action_argv[0]; + + if (crypt_init_by_name_and_header(&cd, name, opt_header_device)) + return NULL; + + type = crypt_get_type(cd); + if (!type) { + crypt_free(cd); + log_err(_("%s is not cryptsetup managed device."), name); + return NULL; + } + + if (!strncmp(type, "LUKS", 4)) + type = "luks"; + else if (!strcmp(type, CRYPT_PLAIN)) + type = "plain"; + else if (!strcmp(type, CRYPT_LOOPAES)) + type = "loopaes"; + else { + log_err(_("Refresh is not supported for device type %s"), type); + type = NULL; + } + + crypt_free(cd); + + return type; +} + +static int action_open(void) +{ + if (opt_refresh && !opt_type) + /* read device type from active mapping */ + opt_type = _get_device_type(); + + if (!opt_type) + return -EINVAL; + + if (!strcmp(opt_type, "luks") || + !strcmp(opt_type, "luks1") || + !strcmp(opt_type, "luks2")) { + if (action_argc < 2 && (!opt_test_passphrase && !opt_refresh)) + goto args; + return action_open_luks(); + } else if (!strcmp(opt_type, "plain")) { + if (action_argc < 2 && !opt_refresh) + goto args; + return action_open_plain(); + } else if (!strcmp(opt_type, "loopaes")) { + if (action_argc < 2 && !opt_refresh) + goto args; + return action_open_loopaes(); + } else if (!strcmp(opt_type, "tcrypt")) { + if (action_argc < 2 && !opt_test_passphrase) + goto args; + return action_open_tcrypt(); + } else if (!strcmp(opt_type, "bitlk")) { + if (action_argc < 2 && !opt_test_passphrase) + goto args; + return action_open_bitlk(); + } + + log_err(_("Unrecognized metadata device type %s."), opt_type); + return -EINVAL; +args: + log_err(_("Command requires device and mapped name as arguments.")); + return -EINVAL; +} + +static int action_luksErase(void) +{ + struct crypt_device *cd = NULL; + crypt_keyslot_info ki; + char *msg = NULL; + int i, max, r; + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + goto out; + + crypt_set_confirm_callback(cd, yesDialog, NULL); + + if ((r = crypt_load(cd, luksType(opt_type), NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; + } + + if(asprintf(&msg, _("This operation will erase all keyslots on device %s.\n" + "Device will become unusable after this operation."), + uuid_or_device_header(NULL)) == -1) { + r = -ENOMEM; + goto out; + } + + if (!yesDialog(msg, _("Operation aborted, keyslots were NOT wiped.\n"))) { + r = -EPERM; + goto out; + } + + /* Safety check */ + max = crypt_keyslot_max(crypt_get_type(cd)); + if (max <= 0) + return -EINVAL; + + for (i = 0; i < max; i++) { + ki = crypt_keyslot_status(cd, i); + if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) { + r = crypt_keyslot_destroy(cd, i); + if (r < 0) + goto out; + tools_keyslot_msg(i, REMOVED); + } + } +out: + free(msg); + crypt_free(cd); + return r; +} + +static int action_luksConvert(void) +{ + struct crypt_device *cd = NULL; + char *msg = NULL; + const char *to_type, *from_type; + int r; + + if (!strcmp(opt_type, "luks2")) { + to_type = CRYPT_LUKS2; + } else if (!strcmp(opt_type, "luks1")) { + to_type = CRYPT_LUKS1; + } else { + log_err(_("Invalid LUKS type, only luks1 and luks2 are supported.")); + return -EINVAL; + } + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + return r; + + crypt_set_confirm_callback(cd, yesDialog, NULL); + + if ((r = crypt_load(cd, CRYPT_LUKS, NULL)) || + !(from_type = crypt_get_type(cd))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + crypt_free(cd); + return r; + } + + if (!strcmp(from_type, to_type)) { + log_err(_("Device is already %s type."), to_type); + crypt_free(cd); + return -EINVAL; + } + + if (asprintf(&msg, _("This operation will convert %s to %s format.\n"), + uuid_or_device_header(NULL), to_type) == -1) { + crypt_free(cd); + return -ENOMEM; + } + + if (yesDialog(msg, _("Operation aborted, device was NOT converted.\n"))) + r = crypt_convert(cd, to_type, NULL); + else + r = -EPERM; + + free(msg); + crypt_free(cd); + return r; +} + +static int _config_priority(struct crypt_device *cd) +{ + crypt_keyslot_info cs; + crypt_keyslot_priority priority = CRYPT_SLOT_PRIORITY_INVALID; + + if (!strcmp("normal", opt_priority)) + priority = CRYPT_SLOT_PRIORITY_NORMAL; + else if (!strcmp("prefer", opt_priority)) + priority = CRYPT_SLOT_PRIORITY_PREFER; + else if (!strcmp("ignore", opt_priority)) + priority = CRYPT_SLOT_PRIORITY_IGNORE; + + cs = crypt_keyslot_status(cd, opt_key_slot); + if (cs != CRYPT_SLOT_INVALID) + return crypt_keyslot_set_priority(cd, opt_key_slot, priority); + + return -EINVAL; +} + +static int _config_labels(struct crypt_device *cd) +{ + return crypt_set_label(cd, opt_label, opt_subsystem); +} + +static int action_luksConfig(void) +{ + struct crypt_device *cd = NULL; + int r; + + if (!opt_priority && !opt_label && !opt_subsystem) { + log_err(_("Option --priority, --label or --subsystem is missing.")); + return -EINVAL; + } + + if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) + return r; + + if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device_header(NULL)); + goto out; + } + + if (opt_priority && (r = _config_priority(cd))) + goto out; + + if ((opt_label || opt_subsystem) && (r = _config_labels(cd))) + goto out; +out: + crypt_free(cd); + return r; +} + +static int _token_add(struct crypt_device *cd) +{ + int r, token; + crypt_token_info token_info; + const struct crypt_token_params_luks2_keyring params = { + .key_description = opt_key_description + }; + + if (opt_token != CRYPT_ANY_TOKEN) { + token_info = crypt_token_status(cd, opt_token, NULL); + if (token_info < CRYPT_TOKEN_INACTIVE) { + log_err(_("Token %d is invalid."), opt_token); + return -EINVAL; + } else if (token_info > CRYPT_TOKEN_INACTIVE) { + log_err(_("Token %d in use."), opt_token); + return -EINVAL; + } + } + + r = crypt_token_luks2_keyring_set(cd, opt_token, ¶ms); + if (r < 0) { + log_err(_("Failed to add luks2-keyring token %d."), opt_token); + return r; + } + + token = r; + tools_token_msg(token, CREATED); + + r = crypt_token_assign_keyslot(cd, token, opt_key_slot); + if (r < 0) { + log_err(_("Failed to assign token %d to keyslot %d."), token, opt_key_slot); + (void) crypt_token_json_set(cd, token, NULL); + } + + return r; +} + +static int _token_remove(struct crypt_device *cd) +{ + crypt_token_info token_info; + int r; + + token_info = crypt_token_status(cd, opt_token, NULL); + if (token_info < CRYPT_TOKEN_INACTIVE) { + log_err(_("Token %d is invalid."), opt_token); + return -EINVAL; + } else if (token_info == CRYPT_TOKEN_INACTIVE) { + log_err(_("Token %d is not in use."), opt_token); + return -EINVAL; + } + + r = crypt_token_json_set(cd, opt_token, NULL); + tools_token_msg(r, REMOVED); + + return r; +} + +static int _token_import(struct crypt_device *cd) +{ + char *json; + size_t json_length; + crypt_token_info token_info; + int r, token; + + if (opt_token != CRYPT_ANY_TOKEN) { + token_info = crypt_token_status(cd, opt_token, NULL); + if (token_info < CRYPT_TOKEN_INACTIVE) { + log_err(_("Token %d is invalid."), opt_token); + return -EINVAL; + } else if (token_info > CRYPT_TOKEN_INACTIVE) { + log_err(_("Token %d in use."), opt_token); + return -EINVAL; + } + } + + r = tools_read_json_file(cd, opt_json_file, &json, &json_length); + if (r) + return r; + + r = crypt_token_json_set(cd, opt_token, json); + free(json); + if (r < 0) { + log_err(_("Failed to import token from file.")); + return r; + } + + token = r; + tools_token_msg(token, CREATED); + + if (opt_key_slot != CRYPT_ANY_SLOT) { + r = crypt_token_assign_keyslot(cd, token, opt_key_slot); + if (r < 0) { + log_err(_("Failed to assign token %d to keyslot %d."), token, opt_key_slot); + (void) crypt_token_json_set(cd, token, NULL); + } + } + + return r; +} + +static int _token_export(struct crypt_device *cd) +{ + const char *json; + int r; + + r = crypt_token_json_get(cd, opt_token, &json); + if (r < 0) { + log_err(_("Failed to get token %d for export."), opt_token); + return r; + } + + return tools_write_json_file(cd, opt_json_file, json); +} + +static int action_token(void) +{ + int r; + struct crypt_device *cd = NULL; + enum { ADD = 0, REMOVE, IMPORT, EXPORT } action; + + if (!strcmp(action_argv[0], "add")) { + if (!opt_key_description) { + log_err(_("--key-description parameter is mandatory for token add action.")); + return -EINVAL; + } + action = ADD; + } else if (!strcmp(action_argv[0], "remove")) { + if (opt_token == CRYPT_ANY_TOKEN) { + log_err(_("Action requires specific token. Use --token-id parameter.")); + return -EINVAL; + } + action = REMOVE; + } else if (!strcmp(action_argv[0], "import")) { + action = IMPORT; + } else if (!strcmp(action_argv[0], "export")) { + if (opt_token == CRYPT_ANY_TOKEN) { + log_err(_("Action requires specific token. Use --token-id parameter.")); + return -EINVAL; + } + action = EXPORT; + } else { + log_err(_("Invalid token operation %s."), action_argv[0]); + return -EINVAL; + } + + if ((r = crypt_init(&cd, uuid_or_device(opt_header_device ?: action_argv[1])))) + return r; + + if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device(opt_header_device ?: action_argv[1])); + crypt_free(cd); + return r; + } + + if (action == ADD) + r = _token_add(cd); /* adds only luks2-keyring type */ + else if (action == REMOVE) + r = _token_remove(cd); + else if (action == IMPORT) + r = _token_import(cd); + else if (action == EXPORT) + r = _token_export(cd); + else { + log_dbg("Internal token action error."); + r = -EINVAL; + } + + crypt_free(cd); + + return r; +} + +static int auto_detect_active_name(struct crypt_device *cd, const char *data_device, char *dm_name, size_t dm_name_len) +{ + int r; + + r = tools_lookup_crypt_device(cd, crypt_get_type(cd), data_device, dm_name, dm_name_len); + if (r > 0) + log_dbg("Device %s has %d active holders.", data_device, r); + + return r; +} + +static int _get_device_active_name(struct crypt_device *cd, const char *data_device, char *buffer, size_t buffer_size) +{ + char *msg; + int r; + + r = auto_detect_active_name(cd, action_argv[0], buffer, buffer_size); + if (r > 0) { + if (*buffer == '\0') { + log_err(_("Device %s is still in use."), data_device); + return -EINVAL; + } + if (!opt_batch_mode) + log_std(_("Auto-detected active dm device '%s' for data device %s.\n"), buffer, data_device); + } + if (r < 0) { + if (r == -ENOTBLK) + log_std(_("Device %s is not a block device.\n"), data_device); + else + log_err(_("Failed to auto-detect device %s holders."), data_device); + + r = asprintf(&msg, _("Unable to decide if device %s is activated or not.\n" + "Are you sure you want to proceed with reencryption in offline mode?\n" + "It may lead to data corruption if the device is actually activated.\n" + "To run reencryption in online mode, use --active-name parameter instead.\n"), data_device); + if (r < 0) + return -ENOMEM; + r = noDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; + free(msg); + } + + return r; +} + +static int action_reencrypt_load(struct crypt_device *cd) +{ + int r; + size_t passwordLen; + char dm_name[PATH_MAX] = {}, *password = NULL; + const char *active_name = NULL; + struct crypt_params_reencrypt params = { + .resilience = opt_resilience_mode, + .hash = opt_resilience_hash, + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, + .flags = CRYPT_REENCRYPT_RESUME_ONLY + }; + + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, _verify_passphrase(0), 0, cd); + if (r < 0) + return r; + + if (!opt_active_name) { + r = _get_device_active_name(cd, action_argv[0], dm_name, sizeof(dm_name)); + if (r > 0) + active_name = dm_name; + if (r < 0) { + crypt_safe_free(password); + return -EINVAL; + } + } else + active_name = opt_active_name; + + r = crypt_reencrypt_init_by_passphrase(cd, active_name, password, passwordLen, opt_key_slot, opt_key_slot, NULL, NULL, ¶ms); + + crypt_safe_free(password); + + return r; +} + +static int action_encrypt_luks2(struct crypt_device **cd) +{ + const char *type, *activated_name = NULL; + int keyslot, r, fd; + uuid_t uuid; + size_t passwordLen; + char *msg, uuid_str[37], header_file[PATH_MAX] = { 0 }, *password = NULL; + uint32_t activate_flags = 0; + const struct crypt_params_luks2 luks2_params = { + .sector_size = opt_sector_size ?: SECTOR_SIZE + }; + struct crypt_params_reencrypt params = { + .mode = CRYPT_REENCRYPT_ENCRYPT, + .direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD, + .resilience = opt_resilience_mode, + .hash = opt_resilience_hash, + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, + .luks2 = &luks2_params, + .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY + }; + + _set_reencryption_flags(¶ms.flags); + + type = luksType(opt_type); + if (!type) + type = crypt_get_default_type(); + + if (strcmp(type, CRYPT_LUKS2)) { + log_err(_("Invalid LUKS device type.")); + return -EINVAL; + } + + if (!opt_data_shift && !opt_header_device) { + log_err(_("Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size).")); + return -ENOTSUP; + } + + if (!opt_header_device && opt_offset && opt_data_shift && (opt_offset > (imaxabs(opt_data_shift) / (2 * SECTOR_SIZE)))) { + log_err(_("Requested data offset must be less than or equal to half of --reduce-device-size parameter.")); + return -EINVAL; + } + + /* TODO: ask user to confirm. It's useless to do data device reduction and than use smaller value */ + if (!opt_header_device && opt_offset && opt_data_shift && (opt_offset < (imaxabs(opt_data_shift) / (2 * SECTOR_SIZE)))) { + opt_data_shift = -(opt_offset * 2 * SECTOR_SIZE); + if (opt_data_shift >= 0) + return -EINVAL; + log_std(_("Adjusting --reduce-device-size value to twice the --offset %" PRIu64 " (sectors).\n"), opt_offset * 2); + } + + if (strncmp(type, CRYPT_LUKS2, strlen(CRYPT_LUKS2))) { + log_err(_("Encryption is supported only for LUKS2 format.")); + return -EINVAL; + } + + if (opt_uuid && uuid_parse(opt_uuid, uuid) == -1) { + log_err(_("Wrong LUKS UUID format provided.")); + return -EINVAL; + } + + if (!opt_uuid) { + uuid_generate(uuid); + uuid_unparse(uuid, uuid_str); + opt_uuid = uuid_str; + } + + /* Check the data device is not LUKS device already */ + if ((r = crypt_init(cd, action_argv[0]))) + return r; + r = crypt_load(*cd, CRYPT_LUKS, NULL); + crypt_free(*cd); + *cd = NULL; + if (!r) { + r = asprintf(&msg, _("Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"), action_argv[0]); + if (r == -1) + return -ENOMEM; + + r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; + free(msg); + if (r < 0) + return r; + } + + if (!opt_header_device) { + snprintf(header_file, sizeof(header_file), "LUKS2-temp-%s.new", opt_uuid); + fd = open(header_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); + if (fd == -1) { + if (errno == EEXIST) + log_err(_("Temporary header file %s already exists. Aborting."), header_file); + else + log_err(_("Cannot create temporary header file %s."), header_file); + return -EINVAL; + } + + r = posix_fallocate(fd, 0, 4096); + close(fd); + if (r) { + log_err(_("Cannot create temporary header file %s."), header_file); + r = -EINVAL; + goto err; + } + + opt_header_device = header_file; + /* + * FIXME: just override offset here, but we should support both. + * offset and implicit offset via data shift (lvprepend?) + */ + if (!opt_offset) + opt_offset = imaxabs(opt_data_shift) / (2 * SECTOR_SIZE); + opt_data_shift >>= 1; + params.flags |= CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT; + } else if (opt_data_shift < 0) { + if (!opt_luks2_metadata_size) + opt_luks2_metadata_size = 0x4000; /* missing default here */ + if (!opt_luks2_keyslots_size) + opt_luks2_keyslots_size = -opt_data_shift - 2 * opt_luks2_metadata_size; + + if (2 * opt_luks2_metadata_size + opt_luks2_keyslots_size > (uint64_t)-opt_data_shift) { + log_err("LUKS2 metadata size is larger than data shift value."); + return -EINVAL; + } + } + + r = _luksFormat(cd, &password, &passwordLen); + if (r < 0) + goto err; + + if (opt_data_shift) { + params.data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE, + params.resilience = "datashift"; + } + keyslot = opt_key_slot < 0 ? 0 : opt_key_slot; + r = crypt_reencrypt_init_by_passphrase(*cd, NULL, password, passwordLen, + CRYPT_ANY_SLOT, keyslot, crypt_get_cipher(*cd), + crypt_get_cipher_mode(*cd), ¶ms); + if (r < 0) { + crypt_keyslot_destroy(*cd, keyslot); + goto err; + } + + /* Restore temporary header in head of data device */ + if (*header_file) { + crypt_free(*cd); + *cd = NULL; + + r = crypt_init(cd, action_argv[0]); + if (!r) + r = crypt_header_restore(*cd, CRYPT_LUKS2, header_file); + + if (r) { + log_err("Failed to place new header at head of device %s.", action_argv[0]); + goto err; + } + } + + /* activate device */ + if (action_argc > 1) { + activated_name = action_argv[1]; + _set_activation_flags(&activate_flags); + r = crypt_activate_by_passphrase(*cd, activated_name, opt_key_slot, password, passwordLen, activate_flags); + if (r >= 0) + log_std(_("%s/%s is now active and ready for online encryption.\n"), crypt_get_dir(), activated_name); + } + + if (r < 0) + goto err; + + /* just load reencryption context to continue reencryption */ + if (!opt_reencrypt_init_only) { + params.flags &= ~CRYPT_REENCRYPT_INITIALIZE_ONLY; + r = crypt_reencrypt_init_by_passphrase(*cd, activated_name, password, passwordLen, + CRYPT_ANY_SLOT, keyslot, NULL, NULL, ¶ms); + } +err: + crypt_safe_free(password); + if (*header_file) + unlink(header_file); + return r; +} + +static int action_decrypt_luks2(struct crypt_device *cd) +{ + int r; + char dm_name[PATH_MAX], *password = NULL; + const char *active_name = NULL; + struct crypt_params_reencrypt params = { + .mode = CRYPT_REENCRYPT_DECRYPT, + .direction = opt_data_shift > 0 ? CRYPT_REENCRYPT_FORWARD : CRYPT_REENCRYPT_BACKWARD, + .resilience = opt_data_shift ? "datashift" : opt_resilience_mode, + .hash = opt_resilience_hash, + .data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, + }; + size_t passwordLen; + + _set_reencryption_flags(¶ms.flags); + + r = tools_get_key(NULL, &password, &passwordLen, + opt_keyfile_offset, opt_keyfile_size, opt_key_file, + opt_timeout, _verify_passphrase(0), 0, cd); + if (r < 0) + return r; + + if (!opt_active_name) { + r = _get_device_active_name(cd, action_argv[0], dm_name, sizeof(dm_name)); + if (r > 0) + active_name = dm_name; + if (r < 0) + goto err; + } else + active_name = opt_active_name; + + if (!active_name) + log_dbg("Device %s seems unused. Proceeding with offline operation.", action_argv[0]); + + r = crypt_reencrypt_init_by_passphrase(cd, active_name, password, + passwordLen, opt_key_slot, CRYPT_ANY_SLOT, NULL, NULL, ¶ms); +err: + crypt_safe_free(password); + return r; +} + +struct keyslot_passwords { + char *password; + size_t passwordLen; + int new; +}; + +static struct keyslot_passwords *init_keyslot_passwords(size_t count) +{ + size_t i; + struct keyslot_passwords *tmp = calloc(count, sizeof(struct keyslot_passwords)); + + if (!tmp) + return tmp; + + for (i = 0; i < count; i++) + tmp[i].new = -1; + + return tmp; +} + +static int init_passphrase(struct keyslot_passwords *kp, size_t keyslot_passwords_length, + struct crypt_device *cd, const char *msg, int slot_to_check) +{ + crypt_keyslot_info ki; + char *password; + int r = -EINVAL, retry_count; + size_t passwordLen; + + if (slot_to_check != CRYPT_ANY_SLOT) { + ki = crypt_keyslot_status(cd, slot_to_check); + if (ki < CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_UNBOUND) + return -ENOENT; + } + + retry_count = (opt_tries && !opt_key_file) ? opt_tries : 1; + while (retry_count--) { + r = tools_get_key(msg, &password, &passwordLen, 0, 0, + opt_key_file, 0, 0, 0 /*pwquality*/, cd); + if (r < 0) + return r; + if (quit) { + crypt_safe_free(password); + password = NULL; + passwordLen = 0; + return -EAGAIN; + } + + r = crypt_activate_by_passphrase(cd, NULL, slot_to_check, + password, passwordLen, 0); + if (r < 0) { + crypt_safe_free(password); + password = NULL; + passwordLen = 0; + } + if (r < 0 && r != -EPERM) + return r; + + if (r >= 0) { + tools_keyslot_msg(r, UNLOCKED); + if ((size_t)r >= keyslot_passwords_length) { + crypt_safe_free(password); + return -EINVAL; + } + kp[r].password = password; + kp[r].passwordLen = passwordLen; + break; + } + tools_passphrase_msg(r); + } + + password = NULL; + passwordLen = 0; + + return r; +} + +static int _check_luks2_keyslots(struct crypt_device *cd) +{ + int i, max = crypt_keyslot_max(CRYPT_LUKS2), active = 0, unbound = 0; + + if (max < 0) + return max; + + for (i = 0; i < max; i++) { + switch (crypt_keyslot_status(cd, i)) { + case CRYPT_SLOT_INVALID: + return -EINVAL; + case CRYPT_SLOT_ACTIVE: + /* fall-through */ + case CRYPT_SLOT_ACTIVE_LAST: + active++; + break; + case CRYPT_SLOT_UNBOUND: + unbound++; + /* fall-through */ + default: + break; + } + } + + /* at least one keyslot for reencryption plus new volume key */ + if (active + unbound > max - 2) { + log_err(_("Not enough free keyslots for reencryption.")); + return -EINVAL; + } + + if ((opt_key_slot == CRYPT_ANY_SLOT) && + (2 * active + unbound > max - 1)) { + log_err(_("Not enough free keyslots for reencryption.")); + return -EINVAL; + } + + return 0; +} + +static int fill_keyslot_passwords(struct crypt_device *cd, + struct keyslot_passwords *kp, size_t kp_size) +{ + char msg[128]; + crypt_keyslot_info ki; + int i, r = 0; + + if (opt_key_slot == CRYPT_ANY_SLOT && opt_key_file) { + for (i = 0; (size_t)i < kp_size; i++) { + ki = crypt_keyslot_status(cd, i); + if (ki == CRYPT_SLOT_INVALID) + return -EINVAL; + if (ki == CRYPT_SLOT_ACTIVE) { + log_err(_("Key file can be used only with --key-slot or with " + "exactly one key slot active.")); + return -EINVAL; + } + } + } + + if (opt_key_slot == CRYPT_ANY_SLOT) { + for (i = 0; (size_t)i < kp_size; i++) { + snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %d: "), i); + r = init_passphrase(kp, kp_size, cd, msg, i); + if (r == -ENOENT) + r = 0; + if (r < 0) + break; + } + } else { + snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), opt_key_slot); + r = init_passphrase(kp, kp_size, cd, msg, opt_key_slot); + } + + return r < 0 ? r : 0; } -static int action_luksResume(void) +static int assign_tokens(struct crypt_device *cd, int keyslot_old, int keyslot_new) { - struct crypt_device *cd = NULL; - int r; + int token = 0, r = crypt_token_is_assigned(cd, token, keyslot_old); - if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device)))) - goto out; - - crypt_set_timeout(cd, opt_timeout); - crypt_set_password_retry(cd, opt_tries); - crypt_set_password_verify(cd, _verify_passphrase(0)); + while (r != -EINVAL) { + if (!r && (token != crypt_token_assign_keyslot(cd, token, keyslot_new))) + return -EINVAL; + token++; + r = crypt_token_is_assigned(cd, token, keyslot_old); + } - if (opt_key_file) - r = crypt_resume_by_keyfile_offset(cd, action_argv[0], CRYPT_ANY_SLOT, - opt_key_file, opt_keyfile_size, opt_keyfile_offset); - else - r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT, - NULL, 0); -out: - crypt_free(cd); - return r; + /* we reached max token number, exit */ + return 0; } -static int action_luksBackup(void) +static int action_reencrypt_luks2(struct crypt_device *cd) { - struct crypt_device *cd = NULL; - int r; + size_t i, vk_size, kp_size; + int r, keyslot_old = CRYPT_ANY_SLOT, keyslot_new = CRYPT_ANY_SLOT, key_size; + char dm_name[PATH_MAX], cipher [MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk; + const char *active_name = NULL; + struct keyslot_passwords *kp; + struct crypt_params_luks2 luks2_params = {}; + struct crypt_params_reencrypt params = { + .mode = CRYPT_REENCRYPT_REENCRYPT, + .direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD, + .resilience = opt_data_shift ? "datashift" : opt_resilience_mode, + .hash = opt_resilience_hash, + .data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE, + .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE, + .device_size = opt_device_size / SECTOR_SIZE, + .luks2 = &luks2_params, + }; - if (!opt_header_backup_file) { - log_err(_("Option --header-backup-file is required.\n")); - return -EINVAL; - } + _set_reencryption_flags(¶ms.flags); - if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) - goto out; + if (!opt_cipher) { + strncpy(cipher, crypt_get_cipher(cd), MAX_CIPHER_LEN - 1); + strncpy(mode, crypt_get_cipher_mode(cd), MAX_CIPHER_LEN - 1); + cipher[MAX_CIPHER_LEN-1] = '\0'; + mode[MAX_CIPHER_LEN-1] = '\0'; + } else if ((r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, mode))) { + log_err(_("No known cipher specification pattern detected.")); + return r; + } - crypt_set_confirm_callback(cd, yesDialog, NULL); + luks2_params.sector_size = opt_sector_size ?: crypt_get_sector_size(cd); - r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file); -out: - crypt_free(cd); - return r; -} + r = _check_luks2_keyslots(cd); + if (r) + return r; -static int action_luksRestore(void) -{ - struct crypt_device *cd = NULL; - int r = 0; + if (opt_key_size) + key_size = opt_key_size / 8; + else if (opt_cipher) + key_size = DEFAULT_LUKS1_KEYBITS / 8; + else + key_size = crypt_get_volume_key_size(cd); - if (!opt_header_backup_file) { - log_err(_("Option --header-backup-file is required.\n")); + if (!key_size) return -EINVAL; + + r = crypt_keyslot_max(CRYPT_LUKS2); + if (r < 0) + return r; + kp_size = r; + kp = init_keyslot_passwords(kp_size); + + if (!kp) + return -ENOMEM; + + r = fill_keyslot_passwords(cd, kp, kp_size); + if (r) + goto err; + + vk_size = key_size; + vk = crypt_safe_alloc(vk_size); + if (!vk) { + r = -ENOMEM; + goto err; } - if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) - goto out; + r = -ENOENT; - crypt_set_confirm_callback(cd, yesDialog, NULL); - r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file); -out: - crypt_free(cd); + for (i = 0; i < kp_size; i++) { + if (kp[i].password && keyslot_new < 0) { + r = set_keyslot_params(cd, i); + if (r < 0) + break; + r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, + kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT); + tools_keyslot_msg(r, CREATED); + if (r < 0) + break; + + kp[i].new = r; + keyslot_new = r; + keyslot_old = i; + r = crypt_volume_key_get(cd, keyslot_new, vk, &vk_size, kp[i].password, kp[i].passwordLen); + if (r < 0) + break; + r = assign_tokens(cd, i, r); + if (r < 0) + break; + } else if (kp[i].password) { + r = set_keyslot_params(cd, i); + if (r < 0) + break; + r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, vk, key_size, + kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE); + tools_keyslot_msg(r, CREATED); + if (r < 0) + break; + kp[i].new = r; + r = assign_tokens(cd, i, r); + if (r < 0) + break; + } + } + + crypt_safe_free(vk); + + if (r < 0) + goto err; + + if (!opt_active_name && !opt_reencrypt_init_only) { + r = _get_device_active_name(cd, action_argv[0], dm_name, sizeof(dm_name)); + if (r > 0) + active_name = dm_name; + if (r < 0) + goto err; + } else if (opt_active_name) + active_name = opt_active_name; + + if (!active_name && !opt_reencrypt_init_only) + log_dbg("Device %s seems unused. Proceeding with offline operation.", action_argv[0]); + + r = crypt_reencrypt_init_by_passphrase(cd, active_name, kp[keyslot_old].password, + kp[keyslot_old].passwordLen, keyslot_old, kp[keyslot_old].new, + cipher, mode, ¶ms); +err: + for (i = 0; i < kp_size; i++) { + crypt_safe_free(kp[i].password); + if (r < 0 && kp[i].new >= 0 && + crypt_reencrypt_status(cd, NULL) == CRYPT_REENCRYPT_NONE && + crypt_keyslot_destroy(cd, kp[i].new)) + log_dbg("Failed to remove keyslot %d with unbound key.", kp[i].new); + } + free(kp); return r; } -static int action_open(void) +static int action_reencrypt(void) { - if (!opt_type) - return -EINVAL; + uint32_t flags; + struct crypt_device *cd = NULL; + struct crypt_params_integrity ip = { 0 }; + int r = 0; - if (!strcmp(opt_type, "luks") || !strcmp(opt_type, "luks1")) { - if (action_argc < 2 && !opt_test_passphrase) - goto args; - return action_open_luks(); - } else if (!strcmp(opt_type, "plain")) { - if (action_argc < 2) - goto args; - return action_open_plain(); - } else if (!strcmp(opt_type, "loopaes")) { - if (action_argc < 2) - goto args; - return action_open_loopaes(); - } else if (!strcmp(opt_type, "tcrypt")) { - if (action_argc < 2 && !opt_test_passphrase) - goto args; - return action_open_tcrypt(); + if (action_argc < 1 && (!opt_active_name || opt_encrypt)) { + log_err(_("Command requires device as argument.")); + return -EINVAL; } - log_err(_("Unrecognized metadata device type %s.\n"), opt_type); - return -EINVAL; -args: - log_err(_("Command requires device and mapped name as arguments.\n")); - return -EINVAL; -} + if (!opt_encrypt || opt_reencrypt_resume_only) { + if (opt_active_name) { + r = crypt_init_by_name_and_header(&cd, opt_active_name, opt_header_device); + if (r || !crypt_get_type(cd) || strcmp(crypt_get_type(cd), CRYPT_LUKS2)) { + log_err(_("Device %s is not a valid LUKS device."), opt_active_name); + r = -EINVAL; + goto out; + } + } else { + if ((r = crypt_init_data_device(&cd, uuid_or_device(opt_header_device ?: action_argv[0]), action_argv[0]))) + return r; -static int action_luksErase(void) -{ - struct crypt_device *cd = NULL; - crypt_keyslot_info ki; - char *msg = NULL; - int i, r; + if ((r = crypt_load(cd, CRYPT_LUKS, NULL))) { + log_err(_("Device %s is not a valid LUKS device."), + uuid_or_device(opt_header_device ?: action_argv[0])); + goto out; + } + if (strcmp(crypt_get_type(cd), CRYPT_LUKS2)) { + log_err(_("Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1.")); + r = -EINVAL; + goto out; + } + } - if ((r = crypt_init(&cd, uuid_or_device_header(NULL)))) - goto out; + if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)) { + r = -EINVAL; + goto out; + } - crypt_set_confirm_callback(cd, yesDialog, NULL); + if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) { + log_err(_("Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility.")); + r = -EINVAL; + goto out; + } - if ((r = crypt_load(cd, CRYPT_LUKS1, NULL))) - goto out; + if (flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT) + r = -EBUSY; - if(asprintf(&msg, _("This operation will erase all keyslots on device %s.\n" - "Device will become unusable after this operation."), - uuid_or_device_header(NULL)) == -1) { - r = -ENOMEM; - goto out; + /* raw integrity info is available since 2.0 */ + if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) { + log_err(_("Reencryption of device with integrity profile is not supported.")); + r = -ENOTSUP; + goto out; + } } - if (!yesDialog(msg, NULL)) { - r = -EPERM; - goto out; - } + if (r == -EBUSY) { + if (opt_reencrypt_init_only) + log_err(_("LUKS2 reencryption already initialized. Aborting operation.")); + else + r = action_reencrypt_load(cd); + } else if (!r && opt_reencrypt_resume_only) { + log_err(_("LUKS2 device is not in reencryption.")); + r = -EINVAL; + } else if (opt_decrypt) + r = action_decrypt_luks2(cd); + else if (opt_encrypt && !opt_reencrypt_resume_only) + r = action_encrypt_luks2(&cd); + else + r = action_reencrypt_luks2(cd); - for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) { - ki = crypt_keyslot_status(cd, i); - if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) { - r = crypt_keyslot_destroy(cd, i); - if (r < 0) - goto out; - } + if (r >= 0 && !opt_reencrypt_init_only) { + set_int_handler(0); + r = crypt_reencrypt(cd, tools_reencrypt_progress); } out: - free(msg); crypt_free(cd); + return r; } @@ -1357,26 +3343,32 @@ static struct action_type { const char *arg_desc; const char *desc; } action_types[] = { - { "open", action_open, 1, 1, N_(" [--type ] []"),N_("open device as mapping ") }, + { "open", action_open, 1, 1, N_(" [--type ] []"),N_("open device as ") }, { "close", action_close, 1, 1, N_(""), N_("close device (remove mapping)") }, { "resize", action_resize, 1, 1, N_(""), N_("resize active device") }, { "status", action_status, 1, 0, N_(""), N_("show device status") }, - { "benchmark", action_benchmark, 0, 0, N_(""), N_("benchmark cipher") }, + { "benchmark", action_benchmark, 0, 0, N_("[--cipher ]"), N_("benchmark cipher") }, { "repair", action_luksRepair, 1, 1, N_(""), N_("try to repair on-disk metadata") }, + { "reencrypt", action_reencrypt, 0, 0, N_(""), N_("reencrypt LUKS2 device") }, { "erase", action_luksErase , 1, 1, N_(""), N_("erase all keyslots (remove encryption key)") }, + { "convert", action_luksConvert, 1, 1, N_(""), N_("convert LUKS from/to LUKS2 format") }, + { "config", action_luksConfig, 1, 1, N_(""), N_("set permanent configuration options for LUKS2") }, { "luksFormat", action_luksFormat, 1, 1, N_(" []"), N_("formats a LUKS device") }, { "luksAddKey", action_luksAddKey, 1, 1, N_(" []"), N_("add key to LUKS device") }, { "luksRemoveKey",action_luksRemoveKey,1, 1, N_(" []"), N_("removes supplied key or key file from LUKS device") }, { "luksChangeKey",action_luksChangeKey,1, 1, N_(" []"), N_("changes supplied key or key file of LUKS device") }, + { "luksConvertKey",action_luksConvertKey,1, 1, N_(" []"), N_("converts a key to new pbkdf parameters") }, { "luksKillSlot", action_luksKillSlot, 2, 1, N_(" "), N_("wipes key with number from LUKS device") }, { "luksUUID", action_luksUUID, 1, 0, N_(""), N_("print UUID of LUKS device") }, { "isLuks", action_isLuks, 1, 0, N_(""), N_("tests for LUKS partition header") }, { "luksDump", action_luksDump, 1, 1, N_(""), N_("dump LUKS partition information") }, { "tcryptDump", action_tcryptDump, 1, 1, N_(""), N_("dump TCRYPT device information") }, - { "luksSuspend", action_luksSuspend, 1, 1, N_(""), N_("Suspend LUKS device and wipe key (all IOs are frozen).") }, - { "luksResume", action_luksResume, 1, 1, N_(""), N_("Resume suspended LUKS device.") }, + { "bitlkDump", action_bitlkDump, 1, 1, N_(""), N_("dump BITLK device information") }, + { "luksSuspend", action_luksSuspend, 1, 1, N_(""), N_("Suspend LUKS device and wipe key (all IOs are frozen)") }, + { "luksResume", action_luksResume, 1, 1, N_(""), N_("Resume suspended LUKS device") }, { "luksHeaderBackup", action_luksBackup,1,1, N_(""), N_("Backup LUKS device header and keyslots") }, { "luksHeaderRestore",action_luksRestore,1,1,N_(""), N_("Restore LUKS device header and keyslots") }, + { "token", action_token, 2, 0, N_(" "), N_("Manipulate LUKS2 tokens") }, {} }; @@ -1388,6 +3380,7 @@ static void help(poptContext popt_context, { if (key->shortName == '?') { struct action_type *action; + const struct crypt_pbkdf_type *pbkdf_luks1, *pbkdf_luks2; log_std("%s\n",PACKAGE_STRING); @@ -1401,8 +3394,8 @@ static void help(poptContext popt_context, log_std(_("\n" "You can also use old syntax aliases:\n" - "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" - "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n")); + "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" + "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n")); log_std(_("\n" " is the device to create under %s\n" " is the encrypted device\n" @@ -1410,21 +3403,38 @@ static void help(poptContext popt_context, " optional key file for the new key for luksAddKey action\n"), crypt_get_dir()); + log_std(_("\nDefault compiled-in metadata format is %s (for luksFormat action).\n"), + crypt_get_default_type()); + + pbkdf_luks1 = crypt_get_pbkdf_default(CRYPT_LUKS1); + pbkdf_luks2 = crypt_get_pbkdf_default(CRYPT_LUKS2); log_std(_("\nDefault compiled-in key and passphrase parameters:\n" "\tMaximum keyfile size: %dkB, " "Maximum interactive passphrase length %d (characters)\n" - "Default PBKDF2 iteration time for LUKS: %d (ms)\n"), + "Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" + "Default PBKDF for LUKS2: %s\n" + "\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"), DEFAULT_KEYFILE_SIZE_MAXKB, DEFAULT_PASSPHRASE_SIZE_MAX, - DEFAULT_LUKS1_ITER_TIME); + pbkdf_luks1->type, pbkdf_luks1->time_ms, + pbkdf_luks2->type, pbkdf_luks2->time_ms, pbkdf_luks2->max_memory_kb, + pbkdf_luks2->parallel_threads); log_std(_("\nDefault compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" - "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"), + "\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"), DEFAULT_LOOPAES_CIPHER, DEFAULT_LOOPAES_KEYBITS, DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH, DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH, DEFAULT_RNG); +#if defined(ENABLE_LUKS_ADJUST_XTS_KEYSIZE) && DEFAULT_LUKS1_KEYBITS != 512 + log_std(_("\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n")); +#endif + poptFreeContext(popt_context); + exit(EXIT_SUCCESS); + } else if (key->shortName == 'V') { + log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION); + poptFreeContext(popt_context); exit(EXIT_SUCCESS); } else usage(popt_context, EXIT_SUCCESS, NULL, NULL); @@ -1469,56 +3479,98 @@ int main(int argc, const char **argv) { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL }, { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL }, { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL }, + { "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL }, POPT_TABLEEND }; static struct poptOption popt_options[] = { { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL }, - { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL }, { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL }, { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL }, + { "debug-json", '\0', POPT_ARG_NONE, &opt_debug_json, 0, N_("Show debug messages including JSON metadata"), NULL }, { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL }, { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL }, { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL }, - { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 5, N_("Read the key from a file."), NULL }, + { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 6, N_("Read the key from a file"), NULL }, { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL }, - { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info."), NULL }, + { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info"), NULL }, { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") }, { "keyfile-size", 'l', POPT_ARG_LONG, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") }, - { "keyfile-offset", '\0', POPT_ARG_LONG, &opt_keyfile_offset, 0, N_("Number of bytes to skip in keyfile"), N_("bytes") }, + { "keyfile-offset", '\0', POPT_ARG_STRING, &popt_tmp, 4, N_("Number of bytes to skip in keyfile"), N_("bytes") }, { "new-keyfile-size", '\0', POPT_ARG_LONG, &opt_new_keyfile_size, 0, N_("Limits the read from newly added keyfile"), N_("bytes") }, - { "new-keyfile-offset",'\0', POPT_ARG_LONG, &opt_new_keyfile_offset, 0, N_("Number of bytes to skip in newly added keyfile"), N_("bytes") }, + { "new-keyfile-offset",'\0', POPT_ARG_STRING, &popt_tmp, 5, N_("Number of bytes to skip in newly added keyfile"), N_("bytes") }, { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL }, { "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") }, + { "device-size", '\0', POPT_ARG_STRING, &opt_device_size_str, 0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") }, { "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") }, { "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") }, { "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL }, - { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") }, { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL }, { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") }, + { "progress-frequency",'\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") }, { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL }, { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at sector boundaries - for luksFormat"), N_("SECTORS") }, - { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL }, - { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL }, - { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL }, - { "shared", '\0', POPT_ARG_NONE, &opt_shared, 0, N_("Share device with another non-overlapping crypt segment."), NULL }, - { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL }, - { "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device."), NULL }, - { "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header."), NULL }, - { "test-passphrase", '\0', POPT_ARG_NONE, &opt_test_passphrase, 0, N_("Do not activate device, just check passphrase."), NULL }, - { "tcrypt-hidden", '\0', POPT_ARG_NONE, &opt_tcrypt_hidden, 0, N_("Use hidden header (hidden TCRYPT device)."), NULL }, - { "tcrypt-system", '\0', POPT_ARG_NONE, &opt_tcrypt_system, 0, N_("Device is system TCRYPT drive (with bootloader)."), NULL }, - { "tcrypt-backup", '\0', POPT_ARG_NONE, &opt_tcrypt_backup, 0, N_("Use backup (secondary) TCRYPT header."), NULL }, - { "veracrypt", '\0', POPT_ARG_NONE, &opt_veracrypt, 0, N_("Scan also for VeraCrypt compatible device."), NULL }, - { "type", 'M', POPT_ARG_STRING, &opt_type, 0, N_("Type of device metadata: luks, plain, loopaes, tcrypt."), NULL }, - { "force-password", '\0', POPT_ARG_NONE, &opt_force_password, 0, N_("Disable password quality check (if enabled)."), NULL }, - { "perf-same_cpu_crypt",'\0', POPT_ARG_NONE, &opt_perf_same_cpu_crypt, 0, N_("Use dm-crypt same_cpu_crypt performance compatibility option."), NULL }, - { "perf-submit_from_crypt_cpus",'\0', POPT_ARG_NONE, &opt_perf_submit_from_crypt_cpus,0,N_("Use dm-crypt submit_from_crypt_cpus performance compatibility option."), NULL }, + { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup"), NULL }, + { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key"), NULL }, + { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key"), NULL }, + { "shared", '\0', POPT_ARG_NONE, &opt_shared, 0, N_("Share device with another non-overlapping crypt segment"), NULL }, + { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use"), NULL }, + { "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device"), NULL }, + { "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header"), NULL }, + { "test-passphrase", '\0', POPT_ARG_NONE, &opt_test_passphrase, 0, N_("Do not activate device, just check passphrase"), NULL }, + { "tcrypt-hidden", '\0', POPT_ARG_NONE, &opt_tcrypt_hidden, 0, N_("Use hidden header (hidden TCRYPT device)"), NULL }, + { "tcrypt-system", '\0', POPT_ARG_NONE, &opt_tcrypt_system, 0, N_("Device is system TCRYPT drive (with bootloader)"), NULL }, + { "tcrypt-backup", '\0', POPT_ARG_NONE, &opt_tcrypt_backup, 0, N_("Use backup (secondary) TCRYPT header"), NULL }, + { "veracrypt", '\0', POPT_ARG_NONE, &opt_veracrypt, 0, N_("Scan also for VeraCrypt compatible device"), NULL }, + { "veracrypt-pim", '\0', POPT_ARG_INT, &opt_veracrypt_pim, 0, N_("Personal Iteration Multiplier for VeraCrypt compatible device"), NULL }, + { "veracrypt-query-pim", '\0', POPT_ARG_NONE, &opt_veracrypt_query_pim, 0, N_("Query Personal Iteration Multiplier for VeraCrypt compatible device"), NULL }, + { "type", 'M', POPT_ARG_STRING, &opt_type, 0, N_("Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"), NULL }, + { "force-password", '\0', POPT_ARG_NONE, &opt_force_password, 0, N_("Disable password quality check (if enabled)"), NULL }, + { "perf-same_cpu_crypt",'\0', POPT_ARG_NONE, &opt_perf_same_cpu_crypt, 0, N_("Use dm-crypt same_cpu_crypt performance compatibility option"), NULL }, + { "perf-submit_from_crypt_cpus",'\0', POPT_ARG_NONE, &opt_perf_submit_from_crypt_cpus,0,N_("Use dm-crypt submit_from_crypt_cpus performance compatibility option"), NULL }, + { "deferred", '\0', POPT_ARG_NONE, &opt_deferred_remove, 0, N_("Device removal is deferred until the last user closes it"), NULL }, + { "serialize-memory-hard-pbkdf", '\0', POPT_ARG_NONE, &opt_serialize_memory_hard_pbkdf, 0, N_("Use global lock to serialize memory hard PBKDF (OOM workaround)"), NULL }, + { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF iteration time for LUKS (in ms)"), N_("msecs") }, + { "pbkdf", '\0', POPT_ARG_STRING, &opt_pbkdf, 0, N_("PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"), NULL }, + { "pbkdf-memory", '\0', POPT_ARG_LONG, &opt_pbkdf_memory, 0, N_("PBKDF memory cost limit"), N_("kilobytes") }, + { "pbkdf-parallel", '\0', POPT_ARG_LONG, &opt_pbkdf_parallel, 0, N_("PBKDF parallel cost"), N_("threads") }, + { "pbkdf-force-iterations",'\0',POPT_ARG_LONG, &opt_pbkdf_iterations, 0, N_("PBKDF iterations cost (forced, disables benchmark)"), NULL }, + { "priority", '\0', POPT_ARG_STRING, &opt_priority, 0, N_("Keyslot priority: ignore, normal, prefer"), NULL }, + { "disable-locks", '\0', POPT_ARG_NONE, &opt_disable_locks, 0, N_("Disable locking of on-disk metadata"), NULL }, + { "disable-keyring", '\0', POPT_ARG_NONE, &opt_disable_keyring, 0, N_("Disable loading volume keys via kernel keyring"), NULL }, + { "integrity", 'I', POPT_ARG_STRING, &opt_integrity, 0, N_("Data integrity algorithm (LUKS2 only)"), NULL }, + { "integrity-no-journal",'\0',POPT_ARG_NONE, &opt_integrity_nojournal, 0, N_("Disable journal for integrity device"), NULL }, + { "integrity-no-wipe", '\0', POPT_ARG_NONE, &opt_integrity_no_wipe, 0, N_("Do not wipe device after format"), NULL }, + { "integrity-legacy-padding",'\0', POPT_ARG_NONE, &opt_integrity_legacy_padding,0, N_("Use inefficient legacy padding (old kernels)"), NULL }, + { "token-only", '\0', POPT_ARG_NONE, &opt_token_only, 0, N_("Do not ask for passphrase if activation by token fails"), NULL }, + { "token-id", '\0', POPT_ARG_INT, &opt_token, 0, N_("Token number (default: any)"), NULL }, + { "key-description", '\0', POPT_ARG_STRING, &opt_key_description, 0, N_("Key description"), NULL }, + { "sector-size", '\0', POPT_ARG_INT, &opt_sector_size, 0, N_("Encryption sector size (default: 512 bytes)"), NULL }, + { "iv-large-sectors", '\0', POPT_ARG_NONE, &opt_iv_large_sectors, 0, N_("Use IV counted in sector size (not in 512 bytes)"), NULL }, + { "persistent", '\0', POPT_ARG_NONE, &opt_persistent, 0, N_("Set activation flags persistent for device"), NULL }, + { "label", '\0', POPT_ARG_STRING, &opt_label, 0, N_("Set label for the LUKS2 device"), NULL }, + { "subsystem", '\0', POPT_ARG_STRING, &opt_subsystem, 0, N_("Set subsystem label for the LUKS2 device"), NULL }, + { "unbound", '\0', POPT_ARG_NONE, &opt_unbound, 0, N_("Create or dump unbound (no assigned data segment) LUKS2 keyslot"), NULL }, + { "json-file", '\0', POPT_ARG_STRING, &opt_json_file, 0, N_("Read or write the json from or to a file"), NULL }, + { "luks2-metadata-size",'\0',POPT_ARG_STRING,&opt_luks2_metadata_size_str,0,N_("LUKS2 header metadata area size"), N_("bytes") }, + { "luks2-keyslots-size",'\0',POPT_ARG_STRING,&opt_luks2_keyslots_size_str,0,N_("LUKS2 header keyslots area size"), N_("bytes") }, + { "refresh", '\0', POPT_ARG_NONE, &opt_refresh, 0, N_("Refresh (reactivate) device with new parameters"), NULL }, + { "keyslot-key-size", '\0', POPT_ARG_INT, &opt_keyslot_key_size, 0, N_("LUKS2 keyslot: The size of the encryption key"), N_("BITS") }, + { "keyslot-cipher", '\0', POPT_ARG_STRING, &opt_keyslot_cipher, 0, N_("LUKS2 keyslot: The cipher used for keyslot encryption"), NULL }, + { "encrypt", '\0', POPT_ARG_NONE, &opt_encrypt, 0, N_("Encrypt LUKS2 device (in-place encryption)."), NULL }, + { "decrypt", '\0', POPT_ARG_NONE, &opt_decrypt, 0, N_("Decrypt LUKS2 device (remove encryption)."), NULL }, + { "init-only", '\0', POPT_ARG_NONE, &opt_reencrypt_init_only, 0, N_("Initialize LUKS2 reencryption in metadata only."), NULL }, + { "resume-only", '\0', POPT_ARG_NONE, &opt_reencrypt_resume_only, 0, N_("Resume initialized LUKS2 reencryption only."), NULL }, + { "reduce-device-size",'\0', POPT_ARG_STRING, &opt_reduce_size_str, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes") }, + { "hotzone-size", '\0', POPT_ARG_STRING, &opt_hotzone_size_str, 0, N_("Maximal reencryption hotzone size."), N_("bytes") }, + { "resilience", '\0', POPT_ARG_STRING, &opt_resilience_mode, 0, N_("Reencryption hotzone resilience type (checksum,journal,none)"), NULL }, + { "resilience-hash", '\0', POPT_ARG_STRING, &opt_resilience_hash, 0, N_("Reencryption hotzone checksums hash"), NULL }, + { "active-name", '\0', POPT_ARG_STRING, &opt_active_name, 0, N_("Override device autodetection of dm device to be reencrypted"), NULL }, POPT_TABLEEND }; poptContext popt_context; struct action_type *action; const char *aname; - int r; + int r, total_keyfiles = 0; crypt_set_log_callback(NULL, tool_log, NULL); @@ -1534,15 +3586,19 @@ int main(int argc, const char **argv) unsigned long long ull_value; char *endp; - if (r == 5) { - if (opt_keyfiles_count < MAX_KEYFILES) - opt_keyfiles[opt_keyfiles_count++] = poptGetOptArg(popt_context); + if (r == 6) { + const char *kf = poptGetOptArg(popt_context); + if (tools_is_stdin(kf)) + opt_keyfile_stdin = kf; + else if (opt_keyfiles_count < MAX_KEYFILES) + opt_keyfiles[opt_keyfiles_count++] = kf; + total_keyfiles++; continue; } errno = 0; ull_value = strtoull(popt_tmp, &endp, 0); - if (*endp || !*popt_tmp || + if (*endp || !*popt_tmp || !isdigit(*popt_tmp) || (errno == ERANGE && ull_value == ULLONG_MAX) || (errno != 0 && ull_value == 0)) r = POPT_ERROR_BADNUMBER; @@ -1558,6 +3614,12 @@ int main(int argc, const char **argv) opt_skip = ull_value; opt_skip_valid = 1; break; + case 4: + opt_keyfile_offset = ull_value; + break; + case 5: + opt_new_keyfile_offset = ull_value; + break; } if (r < 0) @@ -1568,15 +3630,6 @@ int main(int argc, const char **argv) usage(popt_context, EXIT_FAILURE, poptStrerror(r), poptBadOption(popt_context, POPT_BADOPTION_NOALIAS)); - if (crypt_fips_mode()) - crypt_log(NULL, CRYPT_LOG_VERBOSE, _("Running in FIPS mode.\n")); - - if (opt_version_mode) { - log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION); - poptFreeContext(popt_context); - exit(EXIT_SUCCESS); - } - if (!(aname = poptGetArg(popt_context))) usage(popt_context, EXIT_FAILURE, _("Argument missing."), poptGetInvocationName(popt_context)); @@ -1613,19 +3666,35 @@ int main(int argc, const char **argv) } else if (!strcmp(aname, "tcryptOpen")) { aname = "open"; opt_type = "tcrypt"; + } else if (!strcmp(aname, "bitlkOpen")) { + aname = "open"; + opt_type = "bitlk"; } else if (!strcmp(aname, "tcryptDump")) { opt_type = "tcrypt"; + } else if (!strcmp(aname, "bitlkDump")) { + opt_type = "bitlk"; } else if (!strcmp(aname, "remove") || !strcmp(aname, "plainClose") || !strcmp(aname, "luksClose") || !strcmp(aname, "loopaesClose") || - !strcmp(aname, "tcryptClose")) { + !strcmp(aname, "tcryptClose") || + !strcmp(aname, "bitlkClose")) { aname = "close"; } else if (!strcmp(aname, "luksErase")) { aname = "erase"; opt_type = "luks"; + } else if (!strcmp(aname, "luksConfig")) { + aname = "config"; + opt_type = "luks2"; + } else if (!strcmp(aname, "refresh")) { + aname = "open"; + opt_refresh = 1; } + /* ignore user supplied type and query device type instead */ + if (opt_refresh) + opt_type = NULL; + for(action = action_types; action->type; action++) if (strcmp(action->type, aname) == 0) break; @@ -1639,40 +3708,82 @@ int main(int argc, const char **argv) /* FIXME: rewrite this from scratch */ - if (opt_shared && (strcmp(aname, "open") || strcmp(opt_type, "plain")) ) + if (opt_refresh && opt_test_passphrase) usage(popt_context, EXIT_FAILURE, - _("Option --shared is allowed only for open of plain device.\n"), + _("Options --refresh and --test-passphrase are mutually exclusive."), + poptGetInvocationName(popt_context)); + + if (opt_deferred_remove && strcmp(aname, "close")) + usage(popt_context, EXIT_FAILURE, + _("Option --deferred is allowed only for close command."), + poptGetInvocationName(popt_context)); + + if (opt_shared && (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain"))) + usage(popt_context, EXIT_FAILURE, + _("Option --shared is allowed only for open of plain device."), poptGetInvocationName(popt_context)); if (opt_allow_discards && strcmp(aname, "open")) usage(popt_context, EXIT_FAILURE, - _("Option --allow-discards is allowed only for open operation.\n"), + _("Option --allow-discards is allowed only for open operation."), + poptGetInvocationName(popt_context)); + + if (opt_persistent && strcmp(aname, "open")) + usage(popt_context, EXIT_FAILURE, + _("Option --persistent is allowed only for open operation."), + poptGetInvocationName(popt_context)); + + if (opt_serialize_memory_hard_pbkdf && strcmp(aname, "open")) + usage(popt_context, EXIT_FAILURE, + _("Option --serialize-memory-hard-pbkdf is allowed only for open operation."), + poptGetInvocationName(popt_context)); + + if (opt_persistent && opt_test_passphrase) + usage(popt_context, EXIT_FAILURE, + _("Option --persistent is not allowed with --test-passphrase."), poptGetInvocationName(popt_context)); if (opt_key_size && + strcmp(aname, "reencrypt") && strcmp(aname, "luksFormat") && strcmp(aname, "open") && - strcmp(aname, "benchmark")) + strcmp(aname, "benchmark") && + strcmp(aname, "luksAddKey")) + usage(popt_context, EXIT_FAILURE, + _("Option --key-size is allowed only for luksFormat, luksAddKey,\n" + "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."), + poptGetInvocationName(popt_context)); + + if (opt_integrity && strcmp(aname, "luksFormat")) + usage(popt_context, EXIT_FAILURE, + _("Option --integrity is allowed only for luksFormat (LUKS2)."), + poptGetInvocationName(popt_context)); + + if (opt_integrity_no_wipe && !opt_integrity) + usage(popt_context, EXIT_FAILURE, + _("Option --integrity-no-wipe" + " can be used only for format action with integrity extension."), + poptGetInvocationName(popt_context)); + + if ((opt_label || opt_subsystem) && strcmp(aname, "luksFormat") && strcmp(aname, "config")) usage(popt_context, EXIT_FAILURE, - _("Option --key-size is allowed only for luksFormat, open and benchmark.\n" - "To limit read from keyfile use --keyfile-size=(bytes)."), + _("Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."), poptGetInvocationName(popt_context)); - if (opt_test_passphrase && (strcmp(aname, "open") || - (strcmp(opt_type, "luks") && strcmp(opt_type, "tcrypt")))) + if (opt_test_passphrase && (strcmp(aname, "open") || !opt_type || + (strncmp(opt_type, "luks", 4) && strcmp(opt_type, "tcrypt") && strcmp(opt_type, "bitlk")))) usage(popt_context, EXIT_FAILURE, - _("Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"), + _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."), poptGetInvocationName(popt_context)); - if (opt_key_size % 8) + if (opt_key_size % 8 || opt_keyslot_key_size % 8) usage(popt_context, EXIT_FAILURE, _("Key size must be a multiple of 8 bits"), poptGetInvocationName(popt_context)); if (!strcmp(aname, "luksKillSlot") && action_argc > 1) opt_key_slot = atoi(action_argv[1]); - if (opt_key_slot != CRYPT_ANY_SLOT && - (opt_key_slot < 0 || opt_key_slot >= crypt_keyslot_max(CRYPT_LUKS1))) + if (opt_key_slot != CRYPT_ANY_SLOT && opt_key_slot < 0) usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."), poptGetInvocationName(popt_context)); @@ -1680,17 +3791,20 @@ int main(int argc, const char **argv) !strcmp(aname, "luksFormat")) && action_argc > 1) { if (opt_key_file) - log_err(_("Option --key-file takes precedence over specified key file argument.\n")); + log_err(_("Option --key-file takes precedence over specified key file argument.")); else opt_key_file = action_argv[1]; } - if (opt_keyfile_size < 0 || opt_new_keyfile_size < 0 || opt_key_size < 0 || - opt_keyfile_offset < 0 || opt_new_keyfile_offset < 0) + if (opt_keyfile_size < 0 || opt_new_keyfile_size < 0 || opt_key_size < 0) usage(popt_context, EXIT_FAILURE, _("Negative number for option not permitted."), poptGetInvocationName(popt_context)); + if (total_keyfiles > 1 && (strcmp_or_null(opt_type, "tcrypt"))) + usage(popt_context, EXIT_FAILURE, _("Only one --key-file argument is allowed."), + poptGetInvocationName(popt_context)); + if (opt_random && opt_urandom) usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."), poptGetInvocationName(popt_context)); @@ -1707,40 +3821,199 @@ int main(int argc, const char **argv) usage(popt_context, EXIT_FAILURE, _("Option --align-payload is allowed only for luksFormat."), poptGetInvocationName(popt_context)); + if ((opt_luks2_metadata_size_str || opt_luks2_keyslots_size_str) && strcmp(aname, "luksFormat") && strcmp(aname, "reencrypt")) + usage(popt_context, EXIT_FAILURE, _("Options --luks2-metadata-size and --opt-luks2-keyslots-size " + "are allowed only for luksFormat with LUKS2."), + poptGetInvocationName(popt_context)); + if (opt_luks2_metadata_size_str && + tools_string_to_size(NULL, opt_luks2_metadata_size_str, &opt_luks2_metadata_size)) + usage(popt_context, EXIT_FAILURE, _("Invalid LUKS2 metadata size specification."), + poptGetInvocationName(popt_context)); + if (opt_luks2_keyslots_size_str && + tools_string_to_size(NULL, opt_luks2_keyslots_size_str, &opt_luks2_keyslots_size)) + usage(popt_context, EXIT_FAILURE, _("Invalid LUKS2 keyslots size specification."), + poptGetInvocationName(popt_context)); + + if (opt_align_payload && opt_offset) + usage(popt_context, EXIT_FAILURE, _("Options --align-payload and --offset cannot be combined."), + poptGetInvocationName(popt_context)); + if (opt_skip && (strcmp(aname, "open") || - (strcmp(opt_type, "plain") && strcmp(opt_type, "loopaes")))) + (strcmp_or_null(opt_type, "plain") && strcmp(opt_type, "loopaes")))) usage(popt_context, EXIT_FAILURE, - _("Option --skip is supported only for open of plain and loopaes devices.\n"), + _("Option --skip is supported only for open of plain and loopaes devices."), poptGetInvocationName(popt_context)); - if (opt_offset && (strcmp(aname, "open") || - (strcmp(opt_type, "plain") && strcmp(opt_type, "loopaes")))) + if (opt_offset && ((strcmp(aname, "reencrypt") && strcmp(aname, "open") && strcmp(aname, "luksFormat")) || + (!strcmp(aname, "open") && strcmp_or_null(opt_type, "plain") && strcmp(opt_type, "loopaes")) || + (!strcmp(aname, "luksFormat") && opt_type && strncmp(opt_type, "luks", 4)))) usage(popt_context, EXIT_FAILURE, - _("Option --offset is supported only for open of plain and loopaes devices.\n"), + _("Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."), poptGetInvocationName(popt_context)); if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") && - (strcmp(aname, "open") || strcmp(opt_type, "tcrypt"))) + (strcmp(aname, "open") || !opt_type || strcmp(opt_type, "tcrypt"))) usage(popt_context, EXIT_FAILURE, - _("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"), + _("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."), poptGetInvocationName(popt_context)); if (opt_tcrypt_hidden && opt_allow_discards) usage(popt_context, EXIT_FAILURE, - _("Option --tcrypt-hidden cannot be combined with --allow-discards.\n"), + _("Option --tcrypt-hidden cannot be combined with --allow-discards."), poptGetInvocationName(popt_context)); - if (opt_veracrypt && strcmp(opt_type, "tcrypt")) + if (opt_veracrypt && (!opt_type || strcmp(opt_type, "tcrypt"))) usage(popt_context, EXIT_FAILURE, - _("Option --veracrypt is supported only for TCRYPT device type.\n"), + _("Option --veracrypt is supported only for TCRYPT device type."), poptGetInvocationName(popt_context)); - if (opt_debug) { + if (opt_veracrypt_pim != -1) { + if (opt_veracrypt_pim < -1) { + usage(popt_context, EXIT_FAILURE, + _("Invalid argument for parameter --veracrypt-pim supplied."), + poptGetInvocationName(popt_context)); + } else if (!opt_veracrypt) { + usage(popt_context, EXIT_FAILURE, + _("Option --veracrypt-pim is supported only for VeraCrypt compatible devices."), + poptGetInvocationName(popt_context)); + } + } + + if (opt_veracrypt_query_pim) { + if (!opt_veracrypt) { + usage(popt_context, EXIT_FAILURE, + _("Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."), + poptGetInvocationName(popt_context)); + } else if (opt_veracrypt_pim != -1) { + usage(popt_context, EXIT_FAILURE, + _("The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."), + poptGetInvocationName(popt_context)); + } + } + + if (opt_priority && strcmp(opt_priority, "normal") && strcmp(opt_priority, "prefer") && strcmp(opt_priority, "ignore")) + usage(popt_context, EXIT_FAILURE, + _("Option --priority can be only ignore/normal/prefer."), + poptGetInvocationName(popt_context)); + + if (!strcmp(aname, "config") && opt_priority && opt_key_slot == CRYPT_ANY_SLOT) + usage(popt_context, EXIT_FAILURE, + _("Keyslot specification is required."), + poptGetInvocationName(popt_context)); + + if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &opt_pbkdf)) + usage(popt_context, EXIT_FAILURE, + _("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."), + poptGetInvocationName(popt_context)); + + if (opt_pbkdf_iterations && opt_iteration_time) + usage(popt_context, EXIT_FAILURE, + _("PBKDF forced iterations cannot be combined with iteration time option."), + poptGetInvocationName(popt_context)); + + if (opt_sector_size && strcmp(aname, "reencrypt") && strcmp(aname, "luksFormat") && + (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain"))) + usage(popt_context, EXIT_FAILURE, + _("Sector size option is not supported for this command."), + poptGetInvocationName(popt_context)); + + if (opt_sector_size && (opt_sector_size < SECTOR_SIZE || opt_sector_size > MAX_SECTOR_SIZE || + (opt_sector_size & (opt_sector_size - 1)))) + usage(popt_context, EXIT_FAILURE, + _("Unsupported encryption sector size."), + poptGetInvocationName(popt_context)); + + if (opt_iv_large_sectors && (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain") || + opt_sector_size <= SECTOR_SIZE)) + usage(popt_context, EXIT_FAILURE, + _("Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."), + poptGetInvocationName(popt_context)); + + if (opt_unbound && !opt_key_size && !strcmp(aname, "luksAddKey")) + usage(popt_context, EXIT_FAILURE, + _("Key size is required with --unbound option."), + poptGetInvocationName(popt_context)); + + if (opt_unbound && !strcmp(aname, "luksDump") && opt_key_slot == CRYPT_ANY_SLOT) + usage(popt_context, EXIT_FAILURE, + _("Keyslot specification is required."), + poptGetInvocationName(popt_context)); + + if (opt_unbound && strcmp(aname, "luksAddKey") && strcmp(aname, "luksDump")) + usage(popt_context, EXIT_FAILURE, + _("Option --unbound may be used only with luksAddKey and luksDump actions."), + poptGetInvocationName(popt_context)); + + if (opt_refresh && strcmp(aname, "open")) + usage(popt_context, EXIT_FAILURE, + _("Option --refresh may be used only with open action."), + poptGetInvocationName(popt_context)); + + if (opt_debug || opt_debug_json) { + opt_debug = 1; opt_verbose = 1; - crypt_set_debug_level(-1); + crypt_set_debug_level(opt_debug_json? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL); dbg_version_and_cmd(argc, argv); } + if (opt_disable_locks && crypt_metadata_locking(NULL, 0)) { + log_std(_("Cannot disable metadata locking.")); + poptFreeContext(popt_context); + exit(EXIT_FAILURE); + } + + if (opt_disable_keyring) + (void) crypt_volume_key_keyring(NULL, 0); + + if (opt_hotzone_size_str && + (tools_string_to_size(NULL, opt_hotzone_size_str, &opt_hotzone_size) || !opt_hotzone_size)) + usage(popt_context, EXIT_FAILURE, _("Invalid max reencryption hotzone size specification."), + poptGetInvocationName(popt_context)); + + if (!opt_hotzone_size && opt_resilience_mode && !strcmp(opt_resilience_mode, "none")) + opt_hotzone_size = 50 * 1024 * 1024; + + if (opt_reduce_size_str && + tools_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size)) + usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."), + poptGetInvocationName(popt_context)); + if (opt_reduce_size > 1024 * 1024 * 1024) + usage(popt_context, EXIT_FAILURE, _("Maximum device reduce size is 1 GiB."), + poptGetInvocationName(popt_context)); + if (opt_reduce_size % SECTOR_SIZE) + usage(popt_context, EXIT_FAILURE, _("Reduce size must be multiple of 512 bytes sector."), + poptGetInvocationName(popt_context)); + + if (opt_device_size_str && + tools_string_to_size(NULL, opt_device_size_str, &opt_device_size)) + usage(popt_context, EXIT_FAILURE, _("Invalid data size specification."), + poptGetInvocationName(popt_context)); + + opt_data_shift = -(int64_t)opt_reduce_size; + if (opt_data_shift > 0) + usage(popt_context, EXIT_FAILURE, _("Reduce size overflow."), + poptGetInvocationName(popt_context)); + + if (opt_decrypt && !opt_header_device) + usage(popt_context, EXIT_FAILURE, _("LUKS2 decryption requires option --header."), + poptGetInvocationName(popt_context)); + + if (opt_device_size % SECTOR_SIZE) + usage(popt_context, EXIT_FAILURE, _("Device size must be multiple of 512 bytes sector."), + poptGetInvocationName(popt_context)); + + if (opt_data_shift && opt_device_size) + usage(popt_context, EXIT_FAILURE, _("Options --reduce-device-size and --data-size cannot be combined."), + poptGetInvocationName(popt_context)); + + if (opt_device_size && opt_size) + usage(popt_context, EXIT_FAILURE, _("Options --device-size and --size cannot be combined."), + poptGetInvocationName(popt_context)); + + if ((opt_keyslot_cipher && !opt_keyslot_key_size) || (!opt_keyslot_cipher && opt_keyslot_key_size)) + usage(popt_context, EXIT_FAILURE, _("Options --keyslot-cipher and --keyslot-key-size must be used together."), + poptGetInvocationName(popt_context)); + r = run_action(action); poptFreeContext(popt_context); return r; diff --git a/src/cryptsetup.h b/src/cryptsetup.h index 5d322cf..1afcf43 100644 --- a/src/cryptsetup.h +++ b/src/cryptsetup.h @@ -1,10 +1,10 @@ /* * cryptsetup - setup cryptographic volumes for dm-crypt * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2014, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -37,23 +37,31 @@ #include #include #include +#include #include "lib/nls.h" #include "lib/utils_crypt.h" #include "lib/utils_loop.h" #include "lib/utils_fips.h" +#include "lib/utils_io.h" +#include "lib/utils_blkid.h" #include "libcryptsetup.h" #define CONST_CAST(x) (x)(uintptr_t) #define DEFAULT_CIPHER(type) (DEFAULT_##type##_CIPHER "-" DEFAULT_##type##_MODE) #define SECTOR_SIZE 512 +#define MAX_SECTOR_SIZE 4096 #define ROUND_SECTOR(x) (((x) + SECTOR_SIZE - 1) / SECTOR_SIZE) +#define DEFAULT_WIPE_BLOCK 1048576 /* 1 MiB */ + extern int opt_debug; +extern int opt_debug_json; extern int opt_verbose; extern int opt_batch_mode; extern int opt_force_password; +extern int opt_progress_frequency; /* Common tools */ void clogger(struct crypt_device *cd, int level, const char *file, int line, @@ -61,7 +69,8 @@ void clogger(struct crypt_device *cd, int level, const char *file, int line, void tool_log(int level, const char *msg, void *usrptr __attribute__((unused))); void quiet_log(int level, const char *msg, void *usrptr); -int yesDialog(const char *msg, void *usrptr __attribute__((unused))); +int yesDialog(const char *msg, void *usrptr); +int noDialog(const char *msg, void *usrptr); void show_status(int errcode); const char *uuid_or_device(const char *spec); __attribute__ ((noreturn)) \ @@ -69,6 +78,10 @@ void usage(poptContext popt_context, int exitcode, const char *error, const char void dbg_version_and_cmd(int argc, const char **argv); int translate_errno(int r); +typedef enum { CREATED, UNLOCKED, REMOVED } crypt_object_op; +void tools_keyslot_msg(int keyslot, crypt_object_op op); +void tools_token_msg(int token, crypt_object_op op); + extern volatile int quit; void set_int_block(int block); void set_int_handler(int block); @@ -77,10 +90,31 @@ int tools_signals_blocked(void); int tools_get_key(const char *prompt, char **key, size_t *key_size, - size_t keyfile_offset, size_t keyfile_size_max, + uint64_t keyfile_offset, size_t keyfile_size_max, const char *key_file, int timeout, int verify, int pwquality, struct crypt_device *cd); +void tools_passphrase_msg(int r); +int tools_is_stdin(const char *key_file); +int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size); +int tools_is_cipher_null(const char *cipher); + +void tools_clear_line(void); + +int tools_wipe_progress(uint64_t size, uint64_t offset, void *usrptr); +int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr); + +int tools_read_mk(const char *file, char **key, int keysize); +int tools_write_mk(const char *file, const char *key, int keysize); + +int tools_read_json_file(struct crypt_device *cd, const char *file, char **json, size_t *json_size); +int tools_write_json_file(struct crypt_device *cd, const char *file, const char *json); + +int tools_detect_signatures(const char *device, int ignore_luks, size_t *count); +int tools_wipe_all_signatures(const char *path); + +int tools_lookup_crypt_device(struct crypt_device *cd, const char *type, + const char *data_device_path, char *name, size_t name_length); /* Log */ #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x) diff --git a/src/cryptsetup_reencrypt.c b/src/cryptsetup_reencrypt.c index 1db3588..a536093 100644 --- a/src/cryptsetup_reencrypt.c +++ b/src/cryptsetup_reencrypt.c @@ -1,8 +1,8 @@ /* * cryptsetup-reencrypt - crypt utility for offline re-encryption * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2015, Milan Broz All rights reserved. + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,22 +21,27 @@ #include "cryptsetup.h" #include -#include #include #include +#include -#define PACKAGE_REENC "crypt_reencrypt" +#define PACKAGE_REENC "cryptsetup-reencrypt" #define NO_UUID "cafecafe-cafe-cafe-cafe-cafecafeeeee" -#define MAX_BCK_SECTORS 8192 static const char *opt_cipher = NULL; static const char *opt_hash = NULL; static const char *opt_key_file = NULL; +static const char *opt_master_key_file = NULL; +static const char *opt_uuid = NULL; +static const char *opt_type = "luks"; static long opt_keyfile_size = 0; static long opt_keyfile_offset = 0; -static int opt_iteration_time = 1000; -static int opt_version_mode = 0; +static int opt_iteration_time = 0; +static const char *opt_pbkdf = NULL; +static long opt_pbkdf_memory = DEFAULT_LUKS2_MEMORY_KB; +static long opt_pbkdf_parallel = DEFAULT_LUKS2_PARALLEL_THREADS; +static long opt_pbkdf_iterations = 0; static int opt_random = 0; static int opt_urandom = 0; static int opt_bsize = 4; @@ -49,6 +54,7 @@ static int opt_key_size = 0; static int opt_new = 0; static int opt_keep_key = 0; static int opt_decrypt = 0; +static const char *opt_header_device = NULL; static const char *opt_reduce_size_str = NULL; static uint64_t opt_reduce_size = 0; @@ -58,21 +64,27 @@ static uint64_t opt_device_size = 0; static const char **action_argv; -#define MAX_SLOT 8 +#define MAX_SLOT 32 +#define MAX_TOKEN 32 struct reenc_ctx { char *device; + char *device_header; char *device_uuid; - uint64_t device_size; /* overrided by parameter */ + const char *type; + uint64_t device_size; /* overridden by parameter */ uint64_t device_size_new_real; uint64_t device_size_org_real; uint64_t device_offset; uint64_t device_shift; + uint64_t data_offset; - int in_progress:1; + unsigned int stained:1; + unsigned int in_progress:1; enum { FORWARD = 0, BACKWARD = 1 } reencrypt_direction; enum { REENCRYPT = 0, ENCRYPT = 1, DECRYPT = 2 } reencrypt_mode; char header_file_org[PATH_MAX]; + char header_file_tmp[PATH_MAX]; char header_file_new[PATH_MAX]; char log_file[PATH_MAX]; @@ -87,7 +99,6 @@ struct reenc_ctx { } p[MAX_SLOT]; int keyslot; - struct timeval start_time, end_time; uint64_t resume_bytes; }; @@ -109,13 +120,6 @@ static void _quiet_log(int level, const char *msg, void *usrptr) tool_log(level, msg, usrptr); } -/* The difference in seconds between two times in "timeval" format. */ -static double time_diff(struct timeval start, struct timeval end) -{ - return (end.tv_sec - start.tv_sec) - + (end.tv_usec - start.tv_usec) / 1E6; -} - static int alignment(int fd) { int alignment; @@ -132,23 +136,80 @@ static size_t pagesize(void) return r < 0 ? 4096 : (size_t)r; } +static const char *luksType(const char *type) +{ + if (type && !strcmp(type, "luks2")) + return CRYPT_LUKS2; + + if (type && !strcmp(type, "luks1")) + return CRYPT_LUKS1; + + if (!type || !strcmp(type, "luks")) + return crypt_get_default_type(); + + return NULL; +} + +static const char *hdr_device(const struct reenc_ctx *rc) +{ + return rc->device_header ?: rc->device; +} + +static int set_reencrypt_requirement(const struct reenc_ctx *rc) +{ + uint32_t reqs; + int r = -EINVAL; + struct crypt_device *cd = NULL; + struct crypt_params_integrity ip = { 0 }; + + if (crypt_init(&cd, hdr_device(rc)) || + crypt_load(cd, CRYPT_LUKS2, NULL) || + crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &reqs)) + goto out; + + /* reencrypt already in-progress */ + if (reqs & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) { + log_err(_("Reencryption already in-progress.")); + goto out; + } + + /* raw integrity info is available since 2.0 */ + if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) { + log_err(_("Reencryption of device with integrity profile is not supported.")); + r = -ENOTSUP; + goto out; + } + + r = crypt_persistent_flags_set(cd, CRYPT_FLAGS_REQUIREMENTS, reqs | CRYPT_REQUIREMENT_OFFLINE_REENCRYPT); +out: + crypt_free(cd); + return r; +} + /* Depends on the first two fields of LUKS1 header format, magic and version */ -static int device_check(struct reenc_ctx *rc, header_magic set_magic) +static int device_check(struct reenc_ctx *rc, const char *device, header_magic set_magic) { char *buf = NULL; int r, devfd; ssize_t s; uint16_t version; size_t buf_size = pagesize(); + struct stat st; - devfd = open(rc->device, O_RDWR | O_EXCL | O_DIRECT); + if (stat(device, &st)) { + log_err(_("Cannot open device %s."), device); + return -EINVAL; + } + + /* coverity[toctou] */ + devfd = open(device, O_RDWR | (S_ISBLK(st.st_mode) ? O_EXCL : 0)); if (devfd == -1) { if (errno == EBUSY) { - log_err(_("Cannot exclusively open %s, device in use.\n"), - rc->device); + log_err(_("Cannot exclusively open %s, device in use."), + device); return -EBUSY; } - log_err(_("Cannot open device %s\n"), rc->device); + log_err(_("Cannot open device %s."), device); return -EINVAL; } @@ -158,14 +219,14 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic) } if (posix_memalign((void *)&buf, alignment(devfd), buf_size)) { - log_err(_("Allocation of aligned memory failed.\n")); + log_err(_("Allocation of aligned memory failed.")); r = -ENOMEM; goto out; } s = read(devfd, buf, buf_size); if (s < 0 || s != (ssize_t)buf_size) { - log_err(_("Cannot read device %s.\n"), rc->device); + log_err(_("Cannot read device %s."), device); r = -EIO; goto out; } @@ -176,14 +237,14 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic) if (set_magic == MAKE_UNUSABLE && !memcmp(buf, MAGIC, MAGIC_L) && version == 1) { - log_verbose(_("Marking LUKS device %s unusable.\n"), rc->device); + log_verbose(_("Marking LUKS1 device %s unusable."), device); memcpy(buf, NOMAGIC, MAGIC_L); r = 0; - } else if (set_magic == MAKE_USABLE && !memcmp(buf, NOMAGIC, MAGIC_L) && - version == 1) { - log_verbose(_("Marking LUKS device %s usable.\n"), rc->device); - memcpy(buf, MAGIC, MAGIC_L); - r = 0; + } else if (set_magic == MAKE_UNUSABLE && version == 2) { + log_verbose(_("Setting LUKS2 offline reencrypt flag on device %s."), device); + r = set_reencrypt_requirement(rc); + if (!r) + rc->stained = 1; } else if (set_magic == CHECK_UNUSABLE && version == 1) { r = memcmp(buf, NOMAGIC, MAGIC_L) ? -EINVAL : 0; if (!r) @@ -192,16 +253,19 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic) } else r = -EINVAL; - if (!r) { + if (!r && version == 1) { if (lseek(devfd, 0, SEEK_SET) == -1) goto out; s = write(devfd, buf, buf_size); - if (s < 0 || s != (ssize_t)buf_size) { - log_err(_("Cannot write device %s.\n"), rc->device); + if (s < 0 || s != (ssize_t)buf_size || fsync(devfd) < 0) { + log_err(_("Cannot write device %s."), device); r = -EIO; } - } else - log_dbg("LUKS signature check failed for %s.", rc->device); + if (s > 0 && set_magic == MAKE_UNUSABLE) + rc->stained = 1; + } + if (r) + log_dbg("LUKS signature check failed for %s.", device); out: if (buf) memset(buf, 0, buf_size); @@ -210,55 +274,19 @@ out: return r; } -static int create_empty_header(const char *new_file, const char *old_file, - uint64_t data_sector) +static int create_empty_header(const char *new_file) { - struct stat st; - ssize_t size = 0; int fd, r = 0; - char *buf; - /* Never create header > 4MiB */ - if (data_sector > MAX_BCK_SECTORS) - data_sector = MAX_BCK_SECTORS; + log_dbg("Creating empty file %s of size 4096.", new_file); - /* new header file of the same size as old backup */ - if (old_file) { - if (stat(old_file, &st) == -1 || - (st.st_mode & S_IFMT) != S_IFREG || - (st.st_size > 16 * 1024 * 1024)) - return -EINVAL; - size = st.st_size; - } - - /* - * if requesting key size change, try to use offset - * here can be enough space to fit new key. - */ - if (opt_key_size) - size = data_sector * SECTOR_SIZE; - - /* if reducing size, be sure we have enough space */ - if (opt_reduce_size) - size += opt_reduce_size; - - log_dbg("Creating empty file %s of size %lu.", new_file, (unsigned long)size); - - if (!size || !(buf = malloc(size))) - return -ENOMEM; - memset(buf, 0, size); - - fd = creat(new_file, S_IRUSR|S_IWUSR); - if(fd == -1) { - free(buf); - return -EINVAL; - } - - if (write(fd, buf, size) < size) - r = -EIO; + /* coverity[toctou] */ + fd = open(new_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); + if (fd == -1 || posix_fallocate(fd, 0, 4096)) + r = -EINVAL; + if (fd >= 0) + close(fd); - close(fd); - free(buf); return r; } @@ -278,7 +306,7 @@ static int write_log(struct reenc_ctx *rc) r = write(rc->log_fd, rc->log_buf, SECTOR_SIZE); if (r < 0 || r != SECTOR_SIZE) { - log_err(_("Cannot write reencryption log file.\n")); + log_err(_("Cannot write reencryption log file.")); return -EIO; } @@ -334,7 +362,7 @@ static int parse_log(struct reenc_ctx *rc) s = read(rc->log_fd, rc->log_buf, SECTOR_SIZE); if (s == -1) { - log_err(_("Cannot read reencryption log file.\n")); + log_err(_("Cannot read reencryption log file.")); return -EIO; } @@ -345,7 +373,7 @@ static int parse_log(struct reenc_ctx *rc) if (end) { *end++ = '\0'; if (parse_line_log(rc, start)) { - log_err("Wrong log format.\n"); + log_err("Wrong log format."); return -EINVAL; } } @@ -370,6 +398,7 @@ static int open_log(struct reenc_ctx *rc) rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR); if (rc->log_fd != -1) { log_dbg("Created LUKS reencryption log file %s.", rc->log_file); + rc->stained = 0; } else if (errno == EEXIST) { log_std(_("Log file %s exists, resuming reencryption.\n"), rc->log_file); rc->log_fd = open(rc->log_file, O_RDWR|flags); @@ -391,29 +420,48 @@ static int open_log(struct reenc_ctx *rc) static int activate_luks_headers(struct reenc_ctx *rc) { struct crypt_device *cd = NULL, *cd_new = NULL; + const char *pwd_old, *pwd_new, pwd_empty[] = ""; + size_t pwd_old_len, pwd_new_len; int r; log_dbg("Activating LUKS devices from headers."); - if ((r = crypt_init(&cd, rc->header_file_org)) || - (r = crypt_load(cd, CRYPT_LUKS1, NULL)) || - (r = crypt_set_data_device(cd, rc->device))) + /* Never use real password for empty header processing */ + if (rc->reencrypt_mode == REENCRYPT) { + pwd_old = rc->p[rc->keyslot].password; + pwd_old_len = rc->p[rc->keyslot].passwordLen; + pwd_new = pwd_old; + pwd_new_len = pwd_old_len; + } else if (rc->reencrypt_mode == DECRYPT) { + pwd_old = rc->p[rc->keyslot].password; + pwd_old_len = rc->p[rc->keyslot].passwordLen; + pwd_new = pwd_empty; + pwd_new_len = 0; + } else if (rc->reencrypt_mode == ENCRYPT) { + pwd_old = pwd_empty; + pwd_old_len = 0; + pwd_new = rc->p[rc->keyslot].password; + pwd_new_len = rc->p[rc->keyslot].passwordLen; + } else + return -EINVAL; + + if ((r = crypt_init_data_device(&cd, rc->header_file_org, rc->device)) || + (r = crypt_load(cd, CRYPT_LUKS, NULL))) goto out; - log_verbose(_("Activating temporary device using old LUKS header.\n")); + log_verbose(_("Activating temporary device using old LUKS header.")); if ((r = crypt_activate_by_passphrase(cd, rc->header_file_org, - opt_key_slot, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen, + opt_key_slot, pwd_old, pwd_old_len, CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_PRIVATE)) < 0) goto out; - if ((r = crypt_init(&cd_new, rc->header_file_new)) || - (r = crypt_load(cd_new, CRYPT_LUKS1, NULL)) || - (r = crypt_set_data_device(cd_new, rc->device))) + if ((r = crypt_init_data_device(&cd_new, rc->header_file_new, rc->device)) || + (r = crypt_load(cd_new, CRYPT_LUKS, NULL))) goto out; - log_verbose(_("Activating temporary device using new LUKS header.\n")); + log_verbose(_("Activating temporary device using new LUKS header.")); if ((r = crypt_activate_by_passphrase(cd_new, rc->header_file_new, - opt_key_slot, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen, + opt_key_slot, pwd_new, pwd_new_len, CRYPT_ACTIVATE_SHARED|CRYPT_ACTIVATE_PRIVATE)) < 0) goto out; r = 0; @@ -421,14 +469,73 @@ out: crypt_free(cd); crypt_free(cd_new); if (r < 0) - log_err(_("Activation of temporary devices failed.\n")); + log_err(_("Activation of temporary devices failed.")); + return r; +} + +static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type) +{ + const struct crypt_pbkdf_type *pbkdf_default; + struct crypt_pbkdf_type pbkdf = {}; + + pbkdf_default = crypt_get_pbkdf_default(dev_type); + if (!pbkdf_default) + return -EINVAL; + + pbkdf.type = opt_pbkdf ?: pbkdf_default->type; + pbkdf.hash = opt_hash ?: pbkdf_default->hash; + pbkdf.time_ms = (uint32_t)opt_iteration_time ?: pbkdf_default->time_ms; + if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) { + pbkdf.max_memory_kb = (uint32_t)opt_pbkdf_memory ?: pbkdf_default->max_memory_kb; + pbkdf.parallel_threads = (uint32_t)opt_pbkdf_parallel ?: pbkdf_default->parallel_threads; + } + + if (opt_pbkdf_iterations) { + pbkdf.iterations = opt_pbkdf_iterations; + pbkdf.time_ms = 0; + pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK; + } + + return crypt_set_pbkdf_type(cd, &pbkdf); +} + +static int create_new_keyslot(struct reenc_ctx *rc, int keyslot, + struct crypt_device *cd_old, + struct crypt_device *cd_new) +{ + int r; + char *key = NULL; + size_t key_size; + + if (cd_old && crypt_keyslot_status(cd_old, keyslot) == CRYPT_SLOT_UNBOUND) { + key_size = 4096; + key = crypt_safe_alloc(key_size); + if (!key) + return -ENOMEM; + r = crypt_volume_key_get(cd_old, keyslot, key, &key_size, + rc->p[keyslot].password, rc->p[keyslot].passwordLen); + if (r == keyslot) { + r = crypt_keyslot_add_by_key(cd_new, keyslot, key, key_size, + rc->p[keyslot].password, rc->p[keyslot].passwordLen, + CRYPT_VOLUME_KEY_NO_SEGMENT); + } else + r = -EINVAL; + crypt_safe_free(key); + } else + r = crypt_keyslot_add_by_volume_key(cd_new, keyslot, NULL, 0, + rc->p[keyslot].password, rc->p[keyslot].passwordLen); + return r; } -static int create_new_header(struct reenc_ctx *rc, const char *cipher, - const char *cipher_mode, const char *uuid, +static int create_new_header(struct reenc_ctx *rc, struct crypt_device *cd_old, + const char *cipher, const char *cipher_mode, + const char *uuid, const char *key, int key_size, - struct crypt_params_luks1 *params) + const char *type, + uint64_t metadata_size, + uint64_t keyslots_size, + void *params) { struct crypt_device *cd_new = NULL; int i, r; @@ -441,21 +548,39 @@ static int create_new_header(struct reenc_ctx *rc, const char *cipher, else if (opt_urandom) crypt_set_rng_type(cd_new, CRYPT_RNG_URANDOM); - if (opt_iteration_time) - crypt_set_iteration_time(cd_new, opt_iteration_time); + r = set_pbkdf_params(cd_new, type); + if (r) { + log_err(_("Failed to set pbkdf parameters.")); + goto out; + } + + r = crypt_set_data_offset(cd_new, rc->data_offset); + if (r) { + log_err(_("Failed to set data offset.")); + goto out; + } - if ((r = crypt_format(cd_new, CRYPT_LUKS1, cipher, cipher_mode, - uuid, key, key_size, params))) + r = crypt_set_metadata_size(cd_new, metadata_size, keyslots_size); + if (r) { + log_err(_("Failed to set metadata size.")); + goto out; + } + + r = crypt_format(cd_new, type, cipher, cipher_mode, uuid, key, key_size, params); + check_signal(&r); + if (r < 0) goto out; - log_verbose(_("New LUKS header for device %s created.\n"), rc->device); + log_verbose(_("New LUKS header for device %s created."), rc->device); - for (i = 0; i < MAX_SLOT; i++) { + for (i = 0; i < crypt_keyslot_max(type); i++) { if (!rc->p[i].password) continue; - if ((r = crypt_keyslot_add_by_volume_key(cd_new, i, - NULL, 0, rc->p[i].password, rc->p[i].passwordLen)) < 0) + + r = create_new_keyslot(rc, i, cd_old, cd_new); + check_signal(&r); + if (r < 0) goto out; - log_verbose(_("Activated keyslot %i.\n"), r); + tools_keyslot_msg(r, CREATED); r = 0; } out: @@ -463,73 +588,184 @@ out: return r; } +static int isLUKS2(const char *type) +{ + return (type && !strcmp(type, CRYPT_LUKS2)); +} + +static int luks2_metadata_copy(struct reenc_ctx *rc) +{ + const char *json, *type; + crypt_token_info ti; + uint32_t flags; + int i, r = -EINVAL; + struct crypt_device *cd_old = NULL, *cd_new = NULL; + + if (crypt_init(&cd_old, rc->header_file_tmp) || + crypt_load(cd_old, CRYPT_LUKS2, NULL)) + goto out; + + if (crypt_init(&cd_new, rc->header_file_new) || + crypt_load(cd_new, CRYPT_LUKS2, NULL)) + goto out; + + /* + * we have to erase keyslots missing in new header so that we can + * transfer tokens from old header to new one + */ + for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS2); i++) + if (!rc->p[i].password && crypt_keyslot_status(cd_old, i) == CRYPT_SLOT_ACTIVE) { + r = crypt_keyslot_destroy(cd_old, i); + if (r < 0) + goto out; + } + + for (i = 0; i < MAX_TOKEN; i++) { + ti = crypt_token_status(cd_old, i, &type); + switch (ti) { + case CRYPT_TOKEN_INVALID: + log_dbg("Internal error."); + r = -EINVAL; + goto out; + case CRYPT_TOKEN_INACTIVE: + break; + case CRYPT_TOKEN_INTERNAL_UNKNOWN: + log_err(_("This version of cryptsetup-reencrypt can't handle new internal token type %s."), type); + r = -EINVAL; + goto out; + case CRYPT_TOKEN_INTERNAL: + /* fallthrough */ + case CRYPT_TOKEN_EXTERNAL: + /* fallthrough */ + case CRYPT_TOKEN_EXTERNAL_UNKNOWN: + if (crypt_token_json_get(cd_old, i, &json) != i) { + log_dbg("Failed to get %s token (%d).", type, i); + r = -EINVAL; + goto out; + } + if (crypt_token_json_set(cd_new, i, json) != i) { + log_dbg("Failed to create %s token (%d).", type, i); + r = -EINVAL; + goto out; + } + } + } + + if ((r = crypt_persistent_flags_get(cd_old, CRYPT_FLAGS_ACTIVATION, &flags))) { + log_err(_("Failed to read activation flags from backup header.")); + goto out; + } + if ((r = crypt_persistent_flags_set(cd_new, CRYPT_FLAGS_ACTIVATION, flags))) { + log_err(_("Failed to write activation flags to new header.")); + goto out; + } + if ((r = crypt_persistent_flags_get(cd_old, CRYPT_FLAGS_REQUIREMENTS, &flags))) { + log_err(_("Failed to read requirements from backup header.")); + goto out; + } + if ((r = crypt_persistent_flags_set(cd_new, CRYPT_FLAGS_REQUIREMENTS, flags))) + log_err(_("Failed to read requirements from backup header.")); +out: + crypt_free(cd_old); + crypt_free(cd_new); + unlink(rc->header_file_tmp); + + return r; +} + static int backup_luks_headers(struct reenc_ctx *rc) { struct crypt_device *cd = NULL; struct crypt_params_luks1 params = {0}; + struct crypt_params_luks2 params2 = {0}; + struct stat st; char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; - char *old_key = NULL; - size_t old_key_size; + char *key = NULL; + size_t key_size; + uint64_t mdata_size = 0, keyslots_size = 0; int r; - log_dbg("Creating LUKS header backup for device %s.", rc->device); + log_dbg("Creating LUKS header backup for device %s.", hdr_device(rc)); - if ((r = crypt_init(&cd, rc->device)) || - (r = crypt_load(cd, CRYPT_LUKS1, NULL))) + if ((r = crypt_init(&cd, hdr_device(rc))) || + (r = crypt_load(cd, CRYPT_LUKS, NULL))) goto out; - crypt_set_confirm_callback(cd, NULL, NULL); - if ((r = crypt_header_backup(cd, CRYPT_LUKS1, rc->header_file_org))) + if ((r = crypt_header_backup(cd, CRYPT_LUKS, rc->header_file_org))) goto out; - log_verbose(_("LUKS header backup of device %s created.\n"), rc->device); + if (isLUKS2(rc->type)) { + if ((r = crypt_header_backup(cd, CRYPT_LUKS2, rc->header_file_tmp))) + goto out; + if ((r = stat(rc->header_file_tmp, &st))) + goto out; + /* coverity[toctou] */ + if ((r = chmod(rc->header_file_tmp, st.st_mode | S_IWUSR))) + goto out; + } + log_verbose(_("%s header backup of device %s created."), isLUKS2(rc->type) ? "LUKS2" : "LUKS1", rc->device); /* For decrypt, new header will be fake one, so we are done here. */ if (rc->reencrypt_mode == DECRYPT) goto out; - if ((r = create_empty_header(rc->header_file_new, rc->header_file_org, - crypt_get_data_offset(cd)))) + rc->data_offset = crypt_get_data_offset(cd) + ROUND_SECTOR(opt_reduce_size); + + if ((r = create_empty_header(rc->header_file_new))) goto out; params.hash = opt_hash ?: DEFAULT_LUKS1_HASH; - params.data_alignment = crypt_get_data_offset(cd); - params.data_alignment += ROUND_SECTOR(opt_reduce_size); - params.data_device = rc->device; + params2.data_device = params.data_device = rc->device; + params2.sector_size = crypt_get_sector_size(cd); if (opt_cipher) { r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode); if (r < 0) { - log_err(_("No known cipher specification pattern detected.\n")); + log_err(_("No known cipher specification pattern detected.")); goto out; } } + key_size = opt_key_size ? opt_key_size / 8 : crypt_get_volume_key_size(cd); + if (opt_keep_key) { log_dbg("Keeping key from old header."); - old_key_size = crypt_get_volume_key_size(cd); - old_key = crypt_safe_alloc(old_key_size); - if (!old_key) { + key_size = crypt_get_volume_key_size(cd); + key = crypt_safe_alloc(key_size); + if (!key) { r = -ENOMEM; goto out; } - r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, old_key, &old_key_size, + r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen); - if (r < 0) - goto out; + } else if (opt_master_key_file) { + log_dbg("Loading new key from file."); + r = tools_read_mk(opt_master_key_file, &key, key_size); } - r = create_new_header(rc, + if (r < 0) + goto out; + + if (isLUKS2(crypt_get_type(cd)) && crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)) + goto out; + + r = create_new_header(rc, cd, opt_cipher ? cipher : crypt_get_cipher(cd), opt_cipher ? cipher_mode : crypt_get_cipher_mode(cd), crypt_get_uuid(cd), - old_key, - opt_key_size ? opt_key_size / 8 : crypt_get_volume_key_size(cd), - ¶ms); + key, + key_size, + rc->type, + mdata_size, + keyslots_size, + isLUKS2(rc->type) ? (void*)¶ms2 : (void*)¶ms); + + if (!r && isLUKS2(rc->type)) + r = luks2_metadata_copy(rc); out: crypt_free(cd); - crypt_safe_free(old_key); + crypt_safe_free(key); if (r) - log_err(_("Creation of LUKS backup headers failed.\n")); + log_err(_("Creation of LUKS backup headers failed.")); return r; } @@ -538,6 +774,7 @@ static int backup_fake_header(struct reenc_ctx *rc) { struct crypt_device *cd_new = NULL; struct crypt_params_luks1 params = {0}; + struct crypt_params_luks2 params2 = {0}; char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; const char *header_file_fake; int r; @@ -553,18 +790,20 @@ static int backup_fake_header(struct reenc_ctx *rc) if (opt_cipher) { r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode); if (r < 0) { - log_err(_("No known cipher specification pattern detected.\n")); + log_err(_("No known cipher specification pattern detected.")); goto out; } } - r = create_empty_header(header_file_fake, NULL, MAX_BCK_SECTORS); + r = create_empty_header(header_file_fake); if (r < 0) return r; params.hash = opt_hash ?: DEFAULT_LUKS1_HASH; - params.data_alignment = 0; - params.data_device = rc->device; + params2.data_alignment = params.data_alignment = 0; + params2.data_device = params.data_device = rc->device; + params2.sector_size = crypt_get_sector_size(NULL); + params2.pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2); r = crypt_init(&cd_new, header_file_fake); if (r < 0) @@ -572,29 +811,36 @@ static int backup_fake_header(struct reenc_ctx *rc) r = crypt_format(cd_new, CRYPT_LUKS1, "cipher_null", "ecb", NO_UUID, NULL, opt_key_size / 8, ¶ms); + check_signal(&r); if (r < 0) goto out; r = crypt_keyslot_add_by_volume_key(cd_new, rc->keyslot, NULL, 0, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen); + check_signal(&r); if (r < 0) goto out; /* The real header is backup header created in backup_luks_headers() */ - if (rc->reencrypt_mode == DECRYPT) + if (rc->reencrypt_mode == DECRYPT) { + r = 0; goto out; + } - r = create_empty_header(rc->header_file_new, rc->header_file_org, 0); + r = create_empty_header(rc->header_file_new); if (r < 0) goto out; - params.data_alignment = ROUND_SECTOR(opt_reduce_size); - r = create_new_header(rc, + params2.data_alignment = params.data_alignment = ROUND_SECTOR(opt_reduce_size); + r = create_new_header(rc, NULL, opt_cipher ? cipher : DEFAULT_LUKS1_CIPHER, opt_cipher ? cipher_mode : DEFAULT_LUKS1_MODE, NULL, NULL, (opt_key_size ? opt_key_size : DEFAULT_LUKS1_KEYBITS) / 8, - ¶ms); + rc->type, + 0, + 0, + isLUKS2(rc->type) ? (void*)¶ms2 : (void*)¶ms); out: crypt_free(cd_new); return r; @@ -618,61 +864,48 @@ static void remove_headers(struct reenc_ctx *rc) static int restore_luks_header(struct reenc_ctx *rc) { + struct stat st; struct crypt_device *cd = NULL; - int r; + int fd, r; - log_dbg("Restoring header for %s from %s.", rc->device, rc->header_file_new); + log_dbg("Restoring header for %s from %s.", hdr_device(rc), rc->header_file_new); - r = crypt_init(&cd, rc->device); + /* + * For new encryption and new detached header in file just move it. + * For existing file try to ensure we have preallocated space for restore. + */ + if (opt_new && rc->device_header) { + r = stat(rc->device_header, &st); + if (r == -1) { + r = rename(rc->header_file_new, rc->device_header); + goto out; + } else if ((st.st_mode & S_IFMT) == S_IFREG && + stat(rc->header_file_new, &st) != -1) { + /* coverity[toctou] */ + fd = open(rc->device_header, O_WRONLY); + if (fd != -1) { + if (posix_fallocate(fd, 0, st.st_size)) {}; + close(fd); + } + } + } + + r = crypt_init(&cd, hdr_device(rc)); if (r == 0) { - crypt_set_confirm_callback(cd, NULL, NULL); - r = crypt_header_restore(cd, CRYPT_LUKS1, rc->header_file_new); + r = crypt_header_restore(cd, rc->type, rc->header_file_new); } crypt_free(cd); +out: if (r) - log_err(_("Cannot restore LUKS header on device %s.\n"), rc->device); - else - log_verbose(_("LUKS header on device %s restored.\n"), rc->device); + log_err(_("Cannot restore %s header on device %s."), isLUKS2(rc->type) ? "LUKS2" : "LUKS1", hdr_device(rc)); + else { + log_verbose(_("%s header on device %s restored."), isLUKS2(rc->type) ? "LUKS2" : "LUKS1", hdr_device(rc)); + rc->stained = 0; + } return r; } -static void print_progress(struct reenc_ctx *rc, uint64_t bytes, int final) -{ - unsigned long long mbytes, eta; - struct timeval now_time; - double tdiff, mib; - - gettimeofday(&now_time, NULL); - if (!final && time_diff(rc->end_time, now_time) < 0.5) - return; - - rc->end_time = now_time; - - if (opt_batch_mode) - return; - - tdiff = time_diff(rc->start_time, rc->end_time); - if (!tdiff) - return; - - mbytes = (bytes - rc->resume_bytes) / 1024 / 1024; - mib = (double)(mbytes) / tdiff; - if (!mib) - return; - - /* FIXME: calculate this from last minute only and remaining space */ - eta = (unsigned long long)(rc->device_size / 1024 / 1024 / mib - tdiff); - - /* vt100 code clear line */ - log_err("\33[2K\r"); - log_err(_("Progress: %5.1f%%, ETA %02llu:%02llu, " - "%4llu MiB written, speed %5.1f MiB/s%s"), - (double)bytes / rc->device_size * 100, - eta / 60, eta % 60, mbytes, mib, - final ? "\n" :""); -} - static ssize_t read_buf(int fd, void *buf, size_t count) { size_t read_size = 0; @@ -705,12 +938,14 @@ static int copy_data_forward(struct reenc_ctx *rc, int fd_old, int fd_new, if (lseek64(fd_old, rc->device_offset, SEEK_SET) < 0 || lseek64(fd_new, rc->device_offset, SEEK_SET) < 0) { - log_err(_("Cannot seek to device offset.\n")); + log_err(_("Cannot seek to device offset.")); return -EIO; } rc->resume_bytes = *bytes = rc->device_offset; + tools_reencrypt_progress(rc->device_size, *bytes, NULL); + if (write_log(rc) < 0) return -EIO; @@ -744,7 +979,8 @@ static int copy_data_forward(struct reenc_ctx *rc, int fd_old, int fd_new, } *bytes += (uint64_t)s2; - print_progress(rc, *bytes, 0); + + tools_reencrypt_progress(rc->device_size, *bytes, NULL); } return quit ? -EAGAIN : 0; @@ -767,9 +1003,14 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new, *bytes = rc->resume_bytes; } + tools_reencrypt_progress(rc->device_size, *bytes, NULL); + if (write_log(rc) < 0) return -EIO; + /* dirty the device during ENCRYPT mode */ + rc->stained = 1; + while (!quit && rc->device_offset) { if (rc->device_offset < block_size) { working_offset = 0; @@ -781,7 +1022,7 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new, if (lseek64(fd_old, working_offset, SEEK_SET) < 0 || lseek64(fd_new, working_offset, SEEK_SET) < 0) { - log_err(_("Cannot seek to device offset.\n")); + log_err(_("Cannot seek to device offset.")); return -EIO; } @@ -809,7 +1050,8 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new, } *bytes += (uint64_t)s2; - print_progress(rc, *bytes, 0); + + tools_reencrypt_progress(rc->device_size, *bytes, NULL); } return quit ? -EAGAIN : 0; @@ -823,7 +1065,7 @@ static void zero_rest_of_device(int fd, size_t block_size, void *buf, log_dbg("Zeroing rest of device."); if (lseek64(fd, offset, SEEK_SET) < 0) { - log_dbg(_("Cannot seek to device offset.\n")); + log_dbg("Cannot seek to device offset."); return; } @@ -831,13 +1073,13 @@ static void zero_rest_of_device(int fd, size_t block_size, void *buf, s1 = block_size; while (!quit && *bytes) { - if (*bytes < s1) + if (*bytes < (uint64_t)s1) s1 = *bytes; s2 = write(fd, buf, s1); - if (s2 < 0) { - log_dbg("Write error, expecting %zu, got %zd.", - block_size, s2); + if (s2 != s1) { + log_dbg("Write error, expecting %zd, got %zd.", + s1, s2); return; } @@ -862,23 +1104,23 @@ static int copy_data(struct reenc_ctx *rc) fd_old = open(rc->crypt_path_org, O_RDONLY | (opt_directio ? O_DIRECT : 0)); if (fd_old == -1) { - log_err(_("Cannot open temporary LUKS header file.\n")); + log_err(_("Cannot open temporary LUKS device.")); goto out; } fd_new = open(rc->crypt_path_new, O_WRONLY | (opt_directio ? O_DIRECT : 0)); if (fd_new == -1) { - log_err(_("Cannot open temporary LUKS header file.\n")); + log_err(_("Cannot open temporary LUKS device.")); goto out; } if (ioctl(fd_old, BLKGETSIZE64, &rc->device_size_org_real) < 0) { - log_err(_("Cannot get device size.\n")); + log_err(_("Cannot get device size.")); goto out; } if (ioctl(fd_new, BLKGETSIZE64, &rc->device_size_new_real) < 0) { - log_err(_("Cannot get device size.\n")); + log_err(_("Cannot get device size.")); goto out; } @@ -890,21 +1132,18 @@ static int copy_data(struct reenc_ctx *rc) rc->device_size = rc->device_size_new_real; if (posix_memalign((void *)&buf, alignment(fd_new), block_size)) { - log_err(_("Allocation of aligned memory failed.\n")); + log_err(_("Allocation of aligned memory failed.")); r = -ENOMEM; goto out; } set_int_handler(0); - gettimeofday(&rc->start_time, NULL); if (rc->reencrypt_direction == FORWARD) r = copy_data_forward(rc, fd_old, fd_new, block_size, buf, &bytes); else r = copy_data_backward(rc, fd_old, fd_new, block_size, buf, &bytes); - print_progress(rc, bytes, 1); - /* Zero (wipe) rest of now plain-only device when decrypting. * (To not leave any sign of encryption here.) */ if (!r && rc->reencrypt_mode == DECRYPT && @@ -915,10 +1154,8 @@ static int copy_data(struct reenc_ctx *rc) set_int_block(1); - if (r == -EAGAIN) - log_err(_("Interrupted by a signal.\n")); - else if (r < 0) - log_err(_("IO error during reencryption.\n")); + if (r < 0 && r != -EAGAIN) + log_err(_("IO error during reencryption.")); (void)write_log(rc); out: @@ -934,52 +1171,76 @@ static int initialize_uuid(struct reenc_ctx *rc) { struct crypt_device *cd = NULL; int r; + uuid_t device_uuid; log_dbg("Initialising UUID."); if (opt_new) { rc->device_uuid = strdup(NO_UUID); + rc->type = luksType(opt_type); return 0; } + if (opt_decrypt && opt_uuid) { + r = uuid_parse(opt_uuid, device_uuid); + if (!r) + rc->device_uuid = strdup(opt_uuid); + else + log_err(_("Provided UUID is invalid.")); + + return r; + } + /* Try to load LUKS from device */ - if ((r = crypt_init(&cd, rc->device))) + if ((r = crypt_init(&cd, hdr_device(rc)))) return r; crypt_set_log_callback(cd, _quiet_log, NULL); - r = crypt_load(cd, CRYPT_LUKS1, NULL); + r = crypt_load(cd, CRYPT_LUKS, NULL); if (!r) rc->device_uuid = strdup(crypt_get_uuid(cd)); else /* Reencryption already in progress - magic header? */ - r = device_check(rc, CHECK_UNUSABLE); + r = device_check(rc, hdr_device(rc), CHECK_UNUSABLE); + + if (!r) + rc->type = isLUKS2(crypt_get_type(cd)) ? CRYPT_LUKS2 : CRYPT_LUKS1; crypt_free(cd); return r; } static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd, - const char *msg, int slot_to_check, int check) + const char *msg, int slot_to_check, int check, int verify) { + crypt_keyslot_info ki; char *password; int r = -EINVAL, retry_count; size_t passwordLen; + /* mode ENCRYPT call this without header */ + if (cd && slot_to_check != CRYPT_ANY_SLOT) { + ki = crypt_keyslot_status(cd, slot_to_check); + if (ki < CRYPT_SLOT_ACTIVE) + return -ENOENT; + } else + ki = CRYPT_SLOT_ACTIVE; + retry_count = opt_tries ?: 1; while (retry_count--) { - set_int_handler(0); - r = crypt_get_key(msg, &password, &passwordLen, - 0, 0, NULL /*opt_key_file*/, - 0, 0, cd); + r = tools_get_key(msg, &password, &passwordLen, 0, 0, + NULL /*opt_key_file*/, 0, verify, 0 /*pwquality*/, cd); if (r < 0) return r; - if (quit) + if (quit) { + crypt_safe_free(password); + password = NULL; + passwordLen = 0; return -EAGAIN; + } - /* library uses sigint internally, until it is fixed...*/ - set_int_block(1); if (check) r = crypt_activate_by_passphrase(cd, NULL, slot_to_check, - password, passwordLen, 0); + password, passwordLen, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY); else r = (slot_to_check == CRYPT_ANY_SLOT) ? 0 : slot_to_check; @@ -990,13 +1251,16 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd, } if (r < 0 && r != -EPERM) return r; + if (r >= 0) { - rc->keyslot = r; + tools_keyslot_msg(r, UNLOCKED); rc->p[r].password = password; rc->p[r].passwordLen = passwordLen; + if (ki != CRYPT_SLOT_UNBOUND) + rc->keyslot = r; break; } - log_err(_("No key available with this passphrase.\n")); + tools_passphrase_msg(r); } password = NULL; @@ -1011,29 +1275,33 @@ static int init_keyfile(struct reenc_ctx *rc, struct crypt_device *cd, int slot_ int r; size_t passwordLen; - r = crypt_get_key(NULL, &password, &passwordLen, opt_keyfile_offset, - opt_keyfile_size, opt_key_file, 0, 0, cd); + r = tools_get_key(NULL, &password, &passwordLen, opt_keyfile_offset, + opt_keyfile_size, opt_key_file, 0, 0, 0, cd); if (r < 0) return r; - r = crypt_activate_by_passphrase(cd, NULL, slot_check, password, - passwordLen, 0); - - /* - * Allow keyslot only if it is last slot or if user explicitly - * specify which slot to use (IOW others will be disabled). - */ - if (r >= 0 && opt_key_slot == CRYPT_ANY_SLOT && - crypt_keyslot_status(cd, r) != CRYPT_SLOT_ACTIVE_LAST) { - log_err(_("Key file can be used only with --key-slot or with " - "exactly one key slot active.\n")); - r = -EINVAL; + /* mode ENCRYPT call this without header */ + if (cd) { + r = crypt_activate_by_passphrase(cd, NULL, slot_check, password, + passwordLen, 0); + + /* + * Allow keyslot only if it is last slot or if user explicitly + * specify which slot to use (IOW others will be disabled). + */ + if (r >= 0 && opt_key_slot == CRYPT_ANY_SLOT && + crypt_keyslot_status(cd, r) != CRYPT_SLOT_ACTIVE_LAST) { + log_err(_("Key file can be used only with --key-slot or with " + "exactly one key slot active.")); + r = -EINVAL; + } + } else { + r = slot_check == CRYPT_ANY_SLOT ? 0 : slot_check; } if (r < 0) { crypt_safe_free(password); - if (r == -EPERM) - log_err(_("No key available with this passphrase.\n")); + tools_passphrase_msg(r); } else { rc->keyslot = r; rc->p[r].password = password; @@ -1049,27 +1317,28 @@ static int init_keyfile(struct reenc_ctx *rc, struct crypt_device *cd, int slot_ static int initialize_passphrase(struct reenc_ctx *rc, const char *device) { struct crypt_device *cd = NULL; - crypt_keyslot_info ki; char msg[256]; int i, r; - log_dbg("Passhrases initialization."); + log_dbg("Passphrases initialization."); if (rc->reencrypt_mode == ENCRYPT && !rc->in_progress) { - r = init_passphrase1(rc, cd, _("Enter new passphrase: "), opt_key_slot, 0); + if (opt_key_file) + r = init_keyfile(rc, NULL, opt_key_slot); + else + r = init_passphrase1(rc, NULL, _("Enter new passphrase: "), opt_key_slot, 0, 1); return r > 0 ? 0 : r; } - if ((r = crypt_init(&cd, device)) || - (r = crypt_load(cd, CRYPT_LUKS1, NULL)) || - (r = crypt_set_data_device(cd, rc->device))) { + if ((r = crypt_init_data_device(&cd, device, rc->device)) || + (r = crypt_load(cd, CRYPT_LUKS, NULL))) { crypt_free(cd); return r; } if (opt_key_slot != CRYPT_ANY_SLOT) snprintf(msg, sizeof(msg), - _("Enter passphrase for key slot %u: "), opt_key_slot); + _("Enter passphrase for key slot %d: "), opt_key_slot); else snprintf(msg, sizeof(msg), _("Enter any existing passphrase: ")); @@ -1078,14 +1347,14 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device) } else if (rc->in_progress || opt_key_slot != CRYPT_ANY_SLOT || rc->reencrypt_mode == DECRYPT) { - r = init_passphrase1(rc, cd, msg, opt_key_slot, 1); - } else for (i = 0; i < MAX_SLOT; i++) { - ki = crypt_keyslot_status(cd, i); - if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST) + r = init_passphrase1(rc, cd, msg, opt_key_slot, 1, 0); + } else for (i = 0; i < crypt_keyslot_max(crypt_get_type(cd)); i++) { + snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %d: "), i); + r = init_passphrase1(rc, cd, msg, i, 1, 0); + if (r == -ENOENT) { + r = 0; continue; - - snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), i); - r = init_passphrase1(rc, cd, msg, i, 1); + } if (r < 0) break; } @@ -1098,16 +1367,31 @@ static int initialize_context(struct reenc_ctx *rc, const char *device) { log_dbg("Initialising reencryption context."); - rc->log_fd =-1; + rc->log_fd = -1; + + /* FIXME: replace MAX_KEYSLOT with crypt_keyslot_max(CRYPT_LUKS2) */ + if (crypt_keyslot_max(CRYPT_LUKS2) > MAX_SLOT) { + log_dbg("Internal error"); + return -EINVAL; + } if (!(rc->device = strndup(device, PATH_MAX))) return -ENOMEM; - if (device_check(rc, CHECK_OPEN) < 0) + if (opt_header_device && !(rc->device_header = strndup(opt_header_device, PATH_MAX))) + return -ENOMEM; + + if (device_check(rc, rc->device, CHECK_OPEN) < 0) return -EINVAL; if (initialize_uuid(rc)) { - log_err(_("Device %s is not a valid LUKS device.\n"), device); + log_err(_("Device %s is not a valid LUKS device."), device); + return -EINVAL; + } + + if (opt_key_slot != CRYPT_ANY_SLOT && + opt_key_slot >= crypt_keyslot_max(rc->type)) { + log_err(_("Key slot is invalid.")); return -EINVAL; } @@ -1121,6 +1405,9 @@ static int initialize_context(struct reenc_ctx *rc, const char *device) if (snprintf(rc->header_file_new, PATH_MAX, "LUKS-%s.new", rc->device_uuid) < 0) return -ENOMEM; + if (snprintf(rc->header_file_tmp, PATH_MAX, + "LUKS-%s.tmp", rc->device_uuid) < 0) + return -ENOMEM; /* Paths to encrypted devices */ if (snprintf(rc->crypt_path_org, PATH_MAX, @@ -1133,11 +1420,17 @@ static int initialize_context(struct reenc_ctx *rc, const char *device) remove_headers(rc); if (open_log(rc) < 0) { - log_err(_("Cannot open reencryption log file.\n")); + log_err(_("Cannot open reencryption log file.")); return -EINVAL; } if (!rc->in_progress) { + if (opt_uuid) { + log_err(_("No decryption in progress, provided UUID can " + "be used only to resume suspended decryption process.")); + return -EINVAL; + } + if (!opt_reduce_size) rc->reencrypt_direction = FORWARD; else { @@ -1165,38 +1458,92 @@ static void destroy_context(struct reenc_ctx *rc) close_log(rc); remove_headers(rc); - if ((rc->reencrypt_direction == FORWARD && - rc->device_offset == rc->device_size) || - (rc->reencrypt_direction == BACKWARD && - (rc->device_offset == 0 || rc->device_offset == (uint64_t)~0))) { + if (!rc->stained) { unlink(rc->log_file); unlink(rc->header_file_org); unlink(rc->header_file_new); + unlink(rc->header_file_tmp); } for (i = 0; i < MAX_SLOT; i++) crypt_safe_free(rc->p[i].password); free(rc->device); + free(rc->device_header); free(rc->device_uuid); } +static int luks2_change_pbkdf_params(struct reenc_ctx *rc) +{ + int i, r; + struct crypt_device *cd = NULL; + + if ((r = initialize_passphrase(rc, hdr_device(rc)))) + return r; + + if (crypt_init(&cd, hdr_device(rc)) || + crypt_load(cd, CRYPT_LUKS2, NULL)) { + r = -EINVAL; + goto out; + } + + if ((r = set_pbkdf_params(cd, CRYPT_LUKS2))) + goto out; + + log_dbg("LUKS2 keyslot pbkdf params change."); + + r = -EINVAL; + + for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS2); i++) { + if (!rc->p[i].password) + continue; + if ((r = crypt_keyslot_change_by_passphrase(cd, i, i, + rc->p[i].password, rc->p[i].passwordLen, + rc->p[i].password, rc->p[i].passwordLen)) < 0) + goto out; + log_verbose(_("Changed pbkdf parameters in keyslot %i."), r); + r = 0; + } + + if (r) + goto out; + + /* see create_new_header */ + for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS2); i++) + if (!rc->p[i].password) + (void)crypt_keyslot_destroy(cd, i); +out: + crypt_free(cd); + return r; +} + static int run_reencrypt(const char *device) { int r = -EINVAL; - static struct reenc_ctx rc = {}; + static struct reenc_ctx rc = { + .stained = 1 + }; + + set_int_handler(0); if (initialize_context(&rc, device)) goto out; + /* short-circuit LUKS2 keyslot parameters change */ + if (opt_keep_key && isLUKS2(rc.type)) { + r = luks2_change_pbkdf_params(&rc); + goto out; + } + log_dbg("Running reencryption."); if (!rc.in_progress) { - if ((r = initialize_passphrase(&rc, rc.device))) + if ((r = initialize_passphrase(&rc, hdr_device(&rc)))) goto out; + log_dbg("Storing backup of LUKS headers."); if (rc.reencrypt_mode == ENCRYPT) { - /* Create fake header for exising device */ + /* Create fake header for existing device */ if ((r = backup_fake_header(&rc))) goto out; } else { @@ -1206,11 +1553,11 @@ static int run_reencrypt(const char *device) if (rc.reencrypt_mode == DECRYPT && (r = backup_fake_header(&rc))) goto out; - if ((r = device_check(&rc, MAKE_UNUSABLE))) + if ((r = device_check(&rc, hdr_device(&rc), MAKE_UNUSABLE))) goto out; } } else { - if ((r = initialize_passphrase(&rc, rc.header_file_new))) + if ((r = initialize_passphrase(&rc, opt_decrypt ? rc.header_file_org : rc.header_file_new))) goto out; } @@ -1227,6 +1574,8 @@ static int run_reencrypt(const char *device) // FIXME: fix error path above to not skip this if (rc.reencrypt_mode != DECRYPT) r = restore_luks_header(&rc); + else + rc.stained = 0; out: destroy_context(&rc); return r; @@ -1241,6 +1590,11 @@ static void help(poptContext popt_context, if (key->shortName == '?') { log_std("%s %s\n", PACKAGE_REENC, PACKAGE_VERSION); poptPrintHelp(popt_context, stdout, 0); + poptFreeContext(popt_context); + exit(EXIT_SUCCESS); + } else if (key->shortName == 'V') { + log_std("%s %s\n", PACKAGE_REENC, PACKAGE_VERSION); + poptFreeContext(popt_context); exit(EXIT_SUCCESS); } else usage(popt_context, EXIT_SUCCESS, NULL, NULL); @@ -1252,34 +1606,43 @@ int main(int argc, const char **argv) { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL }, { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL }, { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL }, + { "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL }, POPT_TABLEEND }; static struct poptOption popt_options[] = { { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL }, - { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL }, { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL }, { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL }, { "block-size", 'B', POPT_ARG_INT, &opt_bsize, 0, N_("Reencryption block size"), N_("MiB") }, { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL }, { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") }, { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL }, - { "keep-key", '\0', POPT_ARG_NONE, &opt_keep_key, 0, N_("Do not change key, no data area reencryption."), NULL }, - { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL }, + { "keep-key", '\0', POPT_ARG_NONE, &opt_keep_key, 0, N_("Do not change key, no data area reencryption"), NULL }, + { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file"), NULL }, + { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read new volume (master) key from file"), NULL }, { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") }, { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL }, + { "progress-frequency",'\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") }, { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL }, - { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL }, - { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL }, - { "use-directio", '\0', POPT_ARG_NONE, &opt_directio, 0, N_("Use direct-io when accessing devices."), NULL }, - { "use-fsync", '\0', POPT_ARG_NONE, &opt_fsync, 0, N_("Use fsync after each block."), NULL }, - { "write-log", '\0', POPT_ARG_NONE, &opt_write_log, 0, N_("Update log file after every block."), NULL }, - { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Use only this slot (others will be disabled)."), NULL }, + { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key"), NULL }, + { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key"), NULL }, + { "use-directio", '\0', POPT_ARG_NONE, &opt_directio, 0, N_("Use direct-io when accessing devices"), NULL }, + { "use-fsync", '\0', POPT_ARG_NONE, &opt_fsync, 0, N_("Use fsync after each block"), NULL }, + { "write-log", '\0', POPT_ARG_NONE, &opt_write_log, 0, N_("Update log file after every block"), NULL }, + { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Use only this slot (others will be disabled)"), NULL }, { "keyfile-offset", '\0', POPT_ARG_LONG, &opt_keyfile_offset, 0, N_("Number of bytes to skip in keyfile"), N_("bytes") }, { "keyfile-size", 'l', POPT_ARG_LONG, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") }, { "reduce-device-size",'\0', POPT_ARG_STRING, &opt_reduce_size_str, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes") }, { "device-size", '\0', POPT_ARG_STRING, &opt_device_size_str, 0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") }, - { "new", 'N', POPT_ARG_NONE, &opt_new, 0, N_("Create new header on not encrypted device."), NULL }, - { "decrypt", '\0', POPT_ARG_NONE, &opt_decrypt, 0, N_("Permanently decrypt device (remove encryption)."), NULL }, + { "new", 'N', POPT_ARG_NONE, &opt_new, 0, N_("Create new header on not encrypted device"), NULL }, + { "decrypt", '\0', POPT_ARG_NONE, &opt_decrypt, 0, N_("Permanently decrypt device (remove encryption)"), NULL }, + { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("The UUID used to resume decryption"), NULL }, + { "type", '\0', POPT_ARG_STRING, &opt_type, 0, N_("Type of LUKS metadata: luks1, luks2"), NULL }, + { "pbkdf", '\0', POPT_ARG_STRING, &opt_pbkdf, 0, N_("PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"), NULL }, + { "pbkdf-memory", '\0', POPT_ARG_LONG, &opt_pbkdf_memory, 0, N_("PBKDF memory cost limit"), N_("kilobytes") }, + { "pbkdf-parallel", '\0', POPT_ARG_LONG, &opt_pbkdf_parallel, 0, N_("PBKDF parallel cost"), N_("threads") }, + { "pbkdf-force-iterations",'\0',POPT_ARG_LONG, &opt_pbkdf_iterations, 0, N_("PBKDF iterations cost (forced, disables benchmark)"), NULL }, + { "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header"), NULL }, POPT_TABLEEND }; poptContext popt_context; @@ -1287,8 +1650,6 @@ int main(int argc, const char **argv) crypt_set_log_callback(NULL, tool_log, NULL); - set_int_block(1); - setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); @@ -1302,18 +1663,12 @@ int main(int argc, const char **argv) usage(popt_context, EXIT_FAILURE, poptStrerror(r), poptBadOption(popt_context, POPT_BADOPTION_NOALIAS)); - if (opt_version_mode) { - log_std("%s %s\n", PACKAGE_REENC, PACKAGE_VERSION); - poptFreeContext(popt_context); - exit(EXIT_SUCCESS); - } - - if (!opt_batch_mode) { - log_std(_("WARNING: this is experimental code, it can completely break your data.\n")); - log_verbose(_("Reencryption will change: volume key%s%s%s%s.\n"), - opt_hash ? _(", set hash to ") : "", opt_hash ?: "", + if (!opt_batch_mode) + log_verbose(_("Reencryption will change: %s%s%s%s%s%s."), + opt_keep_key ? "" : _("volume key"), + (!opt_keep_key && opt_hash) ? ", " : "", + opt_hash ? _("set hash to ") : "", opt_hash ?: "", opt_cipher ? _(", set cipher to "): "", opt_cipher ?: ""); - } action_argv = poptGetArgs(popt_context); if(!action_argv) @@ -1325,12 +1680,24 @@ int main(int argc, const char **argv) poptGetInvocationName(popt_context)); if (opt_bsize < 0 || opt_key_size < 0 || opt_iteration_time < 0 || - opt_tries < 0 || opt_keyfile_offset < 0 || opt_key_size < 0) { + opt_tries < 0 || opt_keyfile_offset < 0 || opt_key_size < 0 || + opt_pbkdf_iterations < 0 || opt_pbkdf_memory < 0 || + opt_pbkdf_parallel < 0) { usage(popt_context, EXIT_FAILURE, _("Negative number for option not permitted."), poptGetInvocationName(popt_context)); } + if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &opt_pbkdf)) + usage(popt_context, EXIT_FAILURE, + _("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."), + poptGetInvocationName(popt_context)); + + if (opt_pbkdf_iterations && opt_iteration_time) + usage(popt_context, EXIT_FAILURE, + _("PBKDF forced iterations cannot be combined with iteration time option."), + poptGetInvocationName(popt_context)); + if (opt_bsize < 1 || opt_bsize > 64) usage(popt_context, EXIT_FAILURE, _("Only values between 1 MiB and 64 MiB allowed for reencryption block size."), @@ -1342,7 +1709,7 @@ int main(int argc, const char **argv) poptGetInvocationName(popt_context)); if (opt_key_slot != CRYPT_ANY_SLOT && - (opt_key_slot < 0 || opt_key_slot >= crypt_keyslot_max(CRYPT_LUKS1))) + (opt_key_slot < 0 || opt_key_slot >= crypt_keyslot_max(CRYPT_LUKS2))) usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."), poptGetInvocationName(popt_context)); @@ -1351,12 +1718,12 @@ int main(int argc, const char **argv) poptGetInvocationName(popt_context)); if (opt_device_size_str && - crypt_string_to_size(NULL, opt_device_size_str, &opt_device_size)) + tools_string_to_size(NULL, opt_device_size_str, &opt_device_size)) usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."), poptGetInvocationName(popt_context)); if (opt_reduce_size_str && - crypt_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size)) + tools_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size)) usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."), poptGetInvocationName(popt_context)); if (opt_reduce_size > 64 * 1024 * 1024) @@ -1366,12 +1733,12 @@ int main(int argc, const char **argv) usage(popt_context, EXIT_FAILURE, _("Reduce size must be multiple of 512 bytes sector."), poptGetInvocationName(popt_context)); - if (opt_new && !opt_reduce_size) - usage(popt_context, EXIT_FAILURE, _("Option --new must be used together with --reduce-device-size."), + if (opt_new && (!opt_reduce_size && !opt_header_device)) + usage(popt_context, EXIT_FAILURE, _("Option --new must be used together with --reduce-device-size or --header."), poptGetInvocationName(popt_context)); - if (opt_keep_key && ((!opt_hash && !opt_iteration_time) || opt_cipher || opt_new)) - usage(popt_context, EXIT_FAILURE, _("Option --keep-key can be used only with --hash or --iter-time."), + if (opt_keep_key && (opt_cipher || opt_new || opt_master_key_file)) + usage(popt_context, EXIT_FAILURE, _("Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."), poptGetInvocationName(popt_context)); if (opt_new && opt_decrypt) @@ -1382,6 +1749,14 @@ int main(int argc, const char **argv) usage(popt_context, EXIT_FAILURE, _("Option --decrypt is incompatible with specified parameters."), poptGetInvocationName(popt_context)); + if (opt_uuid && !opt_decrypt) + usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only together with --decrypt."), + poptGetInvocationName(popt_context)); + + if (!luksType(opt_type)) + usage(popt_context, EXIT_FAILURE, _("Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."), + poptGetInvocationName(popt_context)); + if (opt_debug) { opt_verbose = 1; crypt_set_debug_level(-1); diff --git a/src/integritysetup.c b/src/integritysetup.c new file mode 100644 index 0000000..51778da --- /dev/null +++ b/src/integritysetup.c @@ -0,0 +1,723 @@ +/* + * integritysetup - setup integrity protected volumes for dm-integrity + * + * Copyright (C) 2017-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2017-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "cryptsetup.h" +#include + +#define PACKAGE_INTEGRITY "integritysetup" + +#define DEFAULT_ALG_NAME "crc32c" +#define MAX_KEY_SIZE 4096 + +static const char *opt_journal_size_str = NULL; +static uint64_t opt_journal_size = 0; +static int opt_interleave_sectors = 0; +static int opt_journal_watermark = 0; +static int opt_bitmap_sectors_per_bit = 0; +static int opt_journal_commit_time = 0; +static int opt_bitmap_flush_time = 0; +static int opt_tag_size = 0; +static int opt_sector_size = 0; +static int opt_buffer_sectors = 0; + +static int opt_no_wipe = 0; + +static const char *opt_data_device = NULL; + +static const char *opt_integrity = DEFAULT_ALG_NAME; +static const char *opt_integrity_key_file = NULL; +static int opt_integrity_key_size = 0; + +static const char *opt_journal_integrity = NULL; /* none */ +static const char *opt_journal_integrity_key_file = NULL; +static int opt_journal_integrity_key_size = 0; + +static const char *opt_journal_crypt = NULL; /* none */ +static const char *opt_journal_crypt_key_file = NULL; +static int opt_journal_crypt_key_size = 0; + +static int opt_integrity_nojournal = 0; +static int opt_integrity_recovery = 0; +static int opt_integrity_bitmap = 0; +static int opt_integrity_legacy_padding = 0; + +static int opt_integrity_recalculate = 0; +static int opt_allow_discards = 0; + +static const char **action_argv; +static int action_argc; + +// FIXME: move this to tools and handle EINTR +static int _read_mk(const char *file, char **key, int keysize) +{ + int fd; + + if (keysize <= 0 || keysize > MAX_KEY_SIZE) { + log_err(_("Invalid key size.")); + return -EINVAL; + } + + *key = crypt_safe_alloc(keysize); + if (!*key) + return -ENOMEM; + + fd = open(file, O_RDONLY); + if (fd == -1) { + log_err(_("Cannot read keyfile %s."), file); + goto fail; + } + if ((read(fd, *key, keysize) != keysize)) { + log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file); + close(fd); + goto fail; + } + close(fd); + return 0; +fail: + crypt_safe_free(*key); + *key = NULL; + return -EINVAL; +} + +static int _read_keys(char **integrity_key, struct crypt_params_integrity *params) +{ + char *int_key = NULL, *journal_integrity_key = NULL, *journal_crypt_key = NULL; + int r; + + if (integrity_key && opt_integrity_key_file) { + r = _read_mk(opt_integrity_key_file, &int_key, opt_integrity_key_size); + if (r < 0) + return r; + params->integrity_key_size = opt_integrity_key_size; + } + + if (opt_journal_integrity_key_file) { + r = _read_mk(opt_journal_integrity_key_file, &journal_integrity_key, opt_journal_integrity_key_size); + if (r < 0) { + crypt_safe_free(int_key); + return r; + } + params->journal_integrity_key = journal_integrity_key; + params->journal_integrity_key_size = opt_journal_integrity_key_size; + } + + if (opt_journal_crypt_key_file) { + r = _read_mk(opt_journal_crypt_key_file, &journal_crypt_key, opt_journal_crypt_key_size); + if (r < 0) { + crypt_safe_free(int_key); + crypt_safe_free(journal_integrity_key); + return r; + } + params->journal_crypt_key = journal_crypt_key; + params->journal_crypt_key_size = opt_journal_crypt_key_size; + } + + if (integrity_key) + *integrity_key = int_key; + + return 0; +} + +static int _wipe_data_device(struct crypt_device *cd, const char *integrity_key) +{ + char tmp_name[64], tmp_path[128], tmp_uuid[40]; + uuid_t tmp_uuid_bin; + int r; + + if (!opt_batch_mode) + log_std(_("Wiping device to initialize integrity checksum.\n" + "You can interrupt this by pressing CTRL+c " + "(rest of not wiped device will contain invalid checksum).\n")); + + /* Activate the device a temporary one */ + uuid_generate(tmp_uuid_bin); + uuid_unparse(tmp_uuid_bin, tmp_uuid); + if (snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid) < 0) + return -EINVAL; + if (snprintf(tmp_path, sizeof(tmp_path), "%s/%s", crypt_get_dir(), tmp_name) < 0) + return -EINVAL; + + r = crypt_activate_by_volume_key(cd, tmp_name, integrity_key, + opt_integrity_key_size, CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL); + if (r < 0) + return r; + + /* Wipe the device */ + set_int_handler(0); + r = crypt_wipe(cd, tmp_path, CRYPT_WIPE_ZERO, 0, 0, DEFAULT_WIPE_BLOCK, + 0, &tools_wipe_progress, NULL); + if (crypt_deactivate(cd, tmp_name)) + log_err(_("Cannot deactivate temporary device %s."), tmp_path); + set_int_block(0); + + return r; +} + +static int action_format(int arg) +{ + struct crypt_device *cd = NULL; + struct crypt_params_integrity params = { + .journal_size = opt_journal_size, + .interleave_sectors = opt_interleave_sectors, + /* in bitmap mode we have to overload these values... */ + .journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark, + .journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time, + .buffer_sectors = opt_buffer_sectors, + .tag_size = opt_tag_size, + .sector_size = opt_sector_size ?: SECTOR_SIZE, + }, params2; + char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN]; + char *integrity_key = NULL, *msg = NULL; + int r; + size_t signatures; + + if (opt_integrity) { + r = crypt_parse_hash_integrity_mode(opt_integrity, integrity); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; + } + params.integrity = integrity; + } + + if (opt_journal_integrity) { + r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; + } + params.journal_integrity = journal_integrity; + } + + if (opt_journal_crypt) { + r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; + } + params.journal_crypt = journal_crypt; + } + + r = _read_keys(&integrity_key, ¶ms); + if (r) + goto out; + + r = crypt_init_data_device(&cd, action_argv[0], opt_data_device); + if (r < 0) + goto out; + + r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]); + if (r == -1) { + r = -ENOMEM; + goto out; + } + + r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; + free(msg); + if (r < 0) + goto out; + + r = tools_detect_signatures(action_argv[0], 0, &signatures); + if (r < 0) + goto out; + + /* Signature candidates found */ + if (signatures && ((r = tools_wipe_all_signatures(action_argv[0])) < 0)) + goto out; + + if (opt_integrity_legacy_padding) + crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING); + + r = crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, NULL, 0, ¶ms); + if (r < 0) /* FIXME: call wipe signatures again */ + goto out; + + if (!opt_batch_mode && !crypt_get_integrity_info(cd, ¶ms2)) + log_std(_("Formatted with tag size %u, internal integrity %s.\n"), + params2.tag_size, params2.integrity); + + if (!opt_no_wipe) + r = _wipe_data_device(cd, integrity_key); +out: + crypt_safe_free(integrity_key); + crypt_safe_free(CONST_CAST(void*)params.journal_integrity_key); + crypt_safe_free(CONST_CAST(void*)params.journal_crypt_key); + crypt_free(cd); + return r; +} + +static int action_open(int arg) +{ + struct crypt_device *cd = NULL; + struct crypt_params_integrity params = { + /* in bitmap mode we have to overload these values... */ + .journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark, + .journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time, + .buffer_sectors = opt_buffer_sectors, + }; + uint32_t activate_flags = 0; + char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN]; + char *integrity_key = NULL; + int r; + + if (opt_integrity) { + r = crypt_parse_hash_integrity_mode(opt_integrity, integrity); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; + } + params.integrity = integrity; + } + + if (opt_journal_integrity) { + r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; + + } + params.journal_integrity = journal_integrity; + } + + if (opt_journal_crypt) { + r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt); + if (r < 0) { + log_err(_("No known integrity specification pattern detected.")); + return r; + } + params.journal_crypt = journal_crypt; + } + + if (opt_integrity_nojournal || opt_integrity_bitmap) + activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL; + if (opt_integrity_recovery) + activate_flags |= CRYPT_ACTIVATE_RECOVERY; + if (opt_integrity_bitmap) + activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP; + + if (opt_integrity_recalculate) + activate_flags |= CRYPT_ACTIVATE_RECALCULATE; + if (opt_allow_discards) + activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; + + r = _read_keys(&integrity_key, ¶ms); + if (r) + goto out; + + if ((r = crypt_init_data_device(&cd, action_argv[0], opt_data_device))) + goto out; + + r = crypt_load(cd, CRYPT_INTEGRITY, ¶ms); + if (r) + goto out; + + r = crypt_activate_by_volume_key(cd, action_argv[1], integrity_key, + opt_integrity_key_size, activate_flags); +out: + crypt_safe_free(integrity_key); + crypt_safe_free(CONST_CAST(void*)params.journal_integrity_key); + crypt_safe_free(CONST_CAST(void*)params.journal_crypt_key); + crypt_free(cd); + return r; +} + +static int action_close(int arg) +{ + struct crypt_device *cd = NULL; + int r; + + r = crypt_init_by_name(&cd, action_argv[0]); + if (r == 0) + r = crypt_deactivate(cd, action_argv[0]); + + crypt_free(cd); + return r; +} + +static int action_status(int arg) +{ + crypt_status_info ci; + struct crypt_active_device cad; + struct crypt_params_integrity ip = {}; + struct crypt_device *cd = NULL; + char *backing_file; + const char *device, *metadata_device; + int path = 0, r = 0; + + /* perhaps a path, not a dm device name */ + if (strchr(action_argv[0], '/')) + path = 1; + + ci = crypt_status(NULL, action_argv[0]); + switch (ci) { + case CRYPT_INVALID: + r = -EINVAL; + break; + case CRYPT_INACTIVE: + if (path) + log_std("%s is inactive.\n", action_argv[0]); + else + log_std("%s/%s is inactive.\n", crypt_get_dir(), action_argv[0]); + r = -ENODEV; + break; + case CRYPT_ACTIVE: + case CRYPT_BUSY: + if (path) + log_std("%s is active%s.\n", action_argv[0], + ci == CRYPT_BUSY ? " and is in use" : ""); + else + log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0], + ci == CRYPT_BUSY ? " and is in use" : ""); + + r = crypt_init_by_name_and_header(&cd, action_argv[0], NULL); + if (r < 0) + goto out; + + log_std(" type: %s\n", crypt_get_type(cd) ?: "n/a"); + + r = crypt_get_active_device(cd, action_argv[0], &cad); + if (r < 0) + goto out; + + /* Print only INTEGRITY (and LUKS2 with integrity) info */ + r = crypt_get_integrity_info(cd, &ip); + if (r < 0) + goto out; + + log_std(" tag size: %u\n", ip.tag_size); + log_std(" integrity: %s\n", ip.integrity ?: "(none)"); + device = crypt_get_device_name(cd); + metadata_device = crypt_get_metadata_device_name(cd); + log_std(" device: %s%s\n", device, metadata_device ? " (detached)" : ""); + if ((backing_file = crypt_loop_backing_file(device))) { + log_std(" loop: %s\n", backing_file); + free(backing_file); + } + if (metadata_device) { + log_std(" metadata device: %s\n", metadata_device); + if ((backing_file = crypt_loop_backing_file(metadata_device))) { + log_std(" loop: %s\n", backing_file); + free(backing_file); + } + } + log_std(" sector size: %u bytes\n", crypt_get_sector_size(cd)); + log_std(" interleave sectors: %u\n", ip.interleave_sectors); + log_std(" size: %" PRIu64 " sectors\n", cad.size); + log_std(" mode: %s%s\n", + cad.flags & CRYPT_ACTIVATE_READONLY ? "readonly" : "read/write", + cad.flags & CRYPT_ACTIVATE_RECOVERY ? " recovery" : ""); + log_std(" failures: %" PRIu64 "\n", + crypt_get_active_integrity_failures(cd, action_argv[0])); + if (cad.flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) { + log_std(" bitmap 512-byte sectors per bit: %u\n", ip.journal_watermark); + log_std(" bitmap flush interval: %u ms\n", ip.journal_commit_time); + } if (cad.flags & CRYPT_ACTIVATE_NO_JOURNAL) { + log_std(" journal: not active\n"); + } else { + log_std(" journal size: %" PRIu64 " bytes\n", ip.journal_size); + log_std(" journal watermark: %u%%\n", ip.journal_watermark); + log_std(" journal commit time: %u ms\n", ip.journal_commit_time); + if (ip.journal_integrity) + log_std(" journal integrity MAC: %s\n", ip.journal_integrity); + if (ip.journal_crypt) + log_std(" journal encryption: %s\n", ip.journal_crypt); + } + if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS)) + log_std(" flags: %s\n", + (cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? "discards " : ""); + } +out: + crypt_free(cd); + if (r == -ENOTSUP) + r = 0; + return r; + return -EINVAL; +} + +static int action_dump(int arg) +{ + struct crypt_device *cd = NULL; + struct crypt_params_integrity params = {}; + int r; + + if ((r = crypt_init(&cd, action_argv[0]))) + return r; + + r = crypt_load(cd, CRYPT_INTEGRITY, ¶ms); + if (!r) + crypt_dump(cd); + + crypt_free(cd); + return r; +} + +static struct action_type { + const char *type; + int (*handler)(int); + int required_action_argc; + const char *arg_desc; + const char *desc; +} action_types[] = { + { "format", action_format, 1, N_(""),N_("format device") }, + { "open", action_open, 2, N_(" "),N_("open device as ") }, + { "close", action_close, 1, N_(""),N_("close device (remove mapping)") }, + { "status", action_status, 1, N_(""),N_("show active device status") }, + { "dump", action_dump, 1, N_(""),N_("show on-disk information") }, + { NULL, NULL, 0, NULL, NULL } +}; + +static void help(poptContext popt_context, + enum poptCallbackReason reason __attribute__((unused)), + struct poptOption *key, + const char *arg __attribute__((unused)), + void *data __attribute__((unused))) +{ + struct action_type *action; + + if (key->shortName == '?') { + log_std("%s %s\n", PACKAGE_INTEGRITY, PACKAGE_VERSION); + poptPrintHelp(popt_context, stdout, 0); + log_std(_("\n" + " is one of:\n")); + for(action = action_types; action->type; action++) + log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc)); + log_std(_("\n" + " is the device to create under %s\n" + " is the device containing data with integrity tags\n"), + crypt_get_dir()); + + log_std(_("\nDefault compiled-in dm-integrity parameters:\n" + "\tChecksum algorithm: %s\n"), DEFAULT_ALG_NAME); + poptFreeContext(popt_context); + exit(EXIT_SUCCESS); + } else if (key->shortName == 'V') { + log_std("%s %s\n", PACKAGE_INTEGRITY, PACKAGE_VERSION); + poptFreeContext(popt_context); + exit(EXIT_SUCCESS); + } else + usage(popt_context, EXIT_SUCCESS, NULL, NULL); +} + +static int run_action(struct action_type *action) +{ + int r; + + log_dbg("Running command %s.", action->type); + + r = action->handler(0); + + show_status(r); + return translate_errno(r); +} + +int main(int argc, const char **argv) +{ + static const char *null_action_argv[] = {NULL}; + static struct poptOption popt_help_options[] = { + { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL }, + { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL }, + { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL }, + { "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL }, + POPT_TABLEEND + }; + static struct poptOption popt_options[] = { + { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL }, + { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL }, + { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL }, + { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL }, + { "progress-frequency", '\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") }, + { "no-wipe", '\0', POPT_ARG_NONE, &opt_no_wipe, 0, N_("Do not wipe device after format"), NULL }, + + { "data-device", '\0', POPT_ARG_STRING, &opt_data_device, 0, N_("Path to data device (if separated)"), N_("path") }, + + { "journal-size", 'j', POPT_ARG_STRING,&opt_journal_size_str, 0, N_("Journal size"), N_("bytes") }, + { "interleave-sectors", '\0', POPT_ARG_INT, &opt_interleave_sectors, 0, N_("Interleave sectors"), N_("SECTORS") }, + { "journal-watermark", '\0', POPT_ARG_INT, &opt_journal_watermark, 0, N_("Journal watermark"),N_("percent") }, + { "journal-commit-time",'\0', POPT_ARG_INT, &opt_journal_commit_time,0, N_("Journal commit time"), N_("ms") }, + { "bitmap-sectors-per-bit",'\0', POPT_ARG_INT,&opt_bitmap_sectors_per_bit, 0, N_("Number of 512-byte sectors per bit (bitmap mode)."), NULL }, + { "bitmap-flush-time", '\0', POPT_ARG_INT, &opt_bitmap_flush_time, 0, N_("Bitmap mode flush time"), N_("ms") }, + { "tag-size", 't', POPT_ARG_INT, &opt_tag_size, 0, N_("Tag size (per-sector)"), N_("bytes") }, + { "sector-size", 's', POPT_ARG_INT, &opt_sector_size, 0, N_("Sector size"), N_("bytes") }, + { "buffer-sectors", '\0', POPT_ARG_INT, &opt_buffer_sectors, 0, N_("Buffers size"), N_("SECTORS") }, + + { "integrity", 'I', POPT_ARG_STRING, &opt_integrity, 0, N_("Data integrity algorithm"), NULL }, + { "integrity-key-size", '\0', POPT_ARG_INT, &opt_integrity_key_size, 0, N_("The size of the data integrity key"), N_("BITS") }, + { "integrity-key-file", '\0', POPT_ARG_STRING, &opt_integrity_key_file, 0, N_("Read the integrity key from a file"), NULL }, + + { "journal-integrity", '\0', POPT_ARG_STRING, &opt_journal_integrity, 0, N_("Journal integrity algorithm"), NULL }, + { "journal-integrity-key-size",'\0', POPT_ARG_INT, &opt_journal_integrity_key_size,0, N_("The size of the journal integrity key"), N_("BITS") }, + { "journal-integrity-key-file",'\0', POPT_ARG_STRING, &opt_journal_integrity_key_file,0, N_("Read the journal integrity key from a file"), NULL }, + + { "journal-crypt", '\0', POPT_ARG_STRING, &opt_journal_crypt, 0, N_("Journal encryption algorithm"), NULL }, + { "journal-crypt-key-size", '\0', POPT_ARG_INT, &opt_journal_crypt_key_size, 0, N_("The size of the journal encryption key"), N_("BITS") }, + { "journal-crypt-key-file", '\0', POPT_ARG_STRING, &opt_journal_crypt_key_file, 0, N_("Read the journal encryption key from a file"), NULL }, + + { "integrity-no-journal", 'D', POPT_ARG_NONE, &opt_integrity_nojournal, 0, N_("Disable journal for integrity device"), NULL }, + { "integrity-recovery-mode", 'R', POPT_ARG_NONE, &opt_integrity_recovery, 0, N_("Recovery mode (no journal, no tag checking)"), NULL }, + { "integrity-bitmap-mode", 'B', POPT_ARG_NONE, &opt_integrity_bitmap, 0, N_("Use bitmap to track changes and disable journal for integrity device"), NULL }, + { "integrity-recalculate", '\0', POPT_ARG_NONE, &opt_integrity_recalculate, 0, N_("Recalculate initial tags automatically."), NULL }, + { "integrity-legacy-padding", '\0', POPT_ARG_NONE, &opt_integrity_legacy_padding, 0, N_("Use inefficient legacy padding (old kernels)"), NULL }, + + { "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device"), NULL }, + POPT_TABLEEND + }; + poptContext popt_context; + struct action_type *action; + const char *aname; + int r; + + crypt_set_log_callback(NULL, tool_log, NULL); + + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); + + popt_context = poptGetContext("integrity", argc, argv, popt_options, 0); + poptSetOtherOptionHelp(popt_context, + _("[OPTION...] ")); + + + while ((r = poptGetNextOpt(popt_context)) >= 0) { + } + + if (r < -1) + usage(popt_context, EXIT_FAILURE, poptStrerror(r), + poptBadOption(popt_context, POPT_BADOPTION_NOALIAS)); + + if (!(aname = poptGetArg(popt_context))) + usage(popt_context, EXIT_FAILURE, _("Argument missing."), + poptGetInvocationName(popt_context)); + + action_argc = 0; + action_argv = poptGetArgs(popt_context); + /* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */ + if (!action_argv) + action_argv = null_action_argv; + + /* Count args, somewhat unnice, change? */ + while (action_argv[action_argc] != NULL) + action_argc++; + + /* Handle aliases */ + if (!strcmp(aname, "create") && action_argc > 1) { + /* create command had historically switched arguments */ + if (action_argv[0] && action_argv[1]) { + const char *tmp = action_argv[0]; + action_argv[0] = action_argv[1]; + action_argv[1] = tmp; + } + aname = "open"; + } else if (!strcmp(aname, "remove")) { + aname = "close"; + } + + for (action = action_types; action->type; action++) + if (strcmp(action->type, aname) == 0) + break; + + if (!action->type) + usage(popt_context, EXIT_FAILURE, _("Unknown action."), + poptGetInvocationName(popt_context)); + + if (action_argc < action->required_action_argc) { + char buf[128]; + snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc); + usage(popt_context, EXIT_FAILURE, buf, + poptGetInvocationName(popt_context)); + } + + if (opt_integrity_recalculate && strcmp(aname, "open")) + usage(popt_context, EXIT_FAILURE, + _("Option --integrity-recalculate can be used only for open action."), + poptGetInvocationName(popt_context)); + + if (opt_allow_discards && strcmp(aname, "open")) + usage(popt_context, EXIT_FAILURE, + _("Option --allow-discards is allowed only for open operation."), + poptGetInvocationName(popt_context)); + + if (opt_interleave_sectors < 0 || opt_journal_watermark < 0 || + opt_journal_commit_time < 0 || opt_tag_size < 0 || + opt_sector_size < 0 || opt_buffer_sectors < 0 || + opt_integrity_key_size < 0 || opt_journal_integrity_key_size < 0 || + opt_journal_crypt_key_size < 0 || opt_bitmap_flush_time < 0 || opt_bitmap_sectors_per_bit < 0) + usage(popt_context, EXIT_FAILURE, + _("Negative number for option not permitted."), + poptGetInvocationName(popt_context)); + + if (strcmp(aname, "format") && (opt_journal_size_str || opt_interleave_sectors || + opt_sector_size || opt_tag_size || opt_no_wipe )) + usage(popt_context, EXIT_FAILURE, + _("Options --journal-size, --interleave-sectors, --sector-size, --tag-size" + " and --no-wipe can be used only for format action."), + poptGetInvocationName(popt_context)); + + if (opt_journal_size_str && + tools_string_to_size(NULL, opt_journal_size_str, &opt_journal_size)) + usage(popt_context, EXIT_FAILURE, _("Invalid journal size specification."), + poptGetInvocationName(popt_context)); + + if ((opt_integrity_key_file && !opt_integrity_key_size) || + (!opt_integrity_key_file && opt_integrity_key_size)) + usage(popt_context, EXIT_FAILURE, _("Both key file and key size options must be specified."), + poptGetInvocationName(popt_context)); + if (!opt_integrity && opt_integrity_key_file) + usage(popt_context, EXIT_FAILURE, _("Integrity algorithm must be specified if integrity key is used."), + poptGetInvocationName(popt_context)); + + if ((opt_journal_integrity_key_file && !opt_journal_integrity_key_size) || + (!opt_journal_integrity_key_file && opt_journal_integrity_key_size)) + usage(popt_context, EXIT_FAILURE, _("Both journal integrity key file and key size options must be specified."), + poptGetInvocationName(popt_context)); + if (!opt_journal_integrity && opt_journal_integrity_key_file) + usage(popt_context, EXIT_FAILURE, _("Journal integrity algorithm must be specified if journal integrity key is used."), + poptGetInvocationName(popt_context)); + + if ((opt_journal_crypt_key_file && !opt_journal_crypt_key_size) || + (!opt_journal_crypt_key_file && opt_journal_crypt_key_size)) + usage(popt_context, EXIT_FAILURE, _("Both journal encryption key file and key size options must be specified."), + poptGetInvocationName(popt_context)); + if (!opt_journal_crypt && opt_journal_crypt_key_file) + usage(popt_context, EXIT_FAILURE, _("Journal encryption algorithm must be specified if journal encryption key is used."), + poptGetInvocationName(popt_context)); + + if (opt_integrity_recovery && opt_integrity_bitmap) + usage(popt_context, EXIT_FAILURE, _("Recovery and bitmap mode options are mutually exclusive."), + poptGetInvocationName(popt_context)); + + if (opt_integrity_bitmap && (opt_journal_integrity_key_file || opt_journal_crypt || opt_journal_watermark || opt_journal_commit_time)) + usage(popt_context, EXIT_FAILURE, _("Journal options cannot be used in bitmap mode."), + poptGetInvocationName(popt_context)); + + if (!opt_integrity_bitmap && (opt_bitmap_flush_time || opt_bitmap_sectors_per_bit)) + usage(popt_context, EXIT_FAILURE, _("Bitmap options can be used only in bitmap mode."), + poptGetInvocationName(popt_context)); + + if (opt_debug) { + opt_verbose = 1; + crypt_set_debug_level(-1); + dbg_version_and_cmd(argc, argv); + } + + r = run_action(action); + poptFreeContext(popt_context); + return r; +} diff --git a/src/utils_blockdev.c b/src/utils_blockdev.c new file mode 100644 index 0000000..960b7a7 --- /dev/null +++ b/src/utils_blockdev.c @@ -0,0 +1,189 @@ +/* + * Linux block devices helpers + * + * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "cryptsetup.h" +#include +#ifdef HAVE_SYS_SYSMACROS_H +# include /* for major, minor */ +#endif +#include + +#define DM_UUID_LEN 129 +#define DM_BY_ID_PREFIX "dm-uuid-" +#define DM_BY_ID_PREFIX_LEN 8 +#define DM_UUID_PREFIX "CRYPT-" +#define DM_UUID_PREFIX_LEN 6 +#define UUID_LEN 37 /* 36 + \0, libuuid ... */ + +static int dm_prepare_uuid(const char *type, const char *uuid, char *buf, size_t buflen) +{ + char *ptr, uuid2[UUID_LEN] = {0}; + uuid_t uu; + unsigned i = 0; + + /* Remove '-' chars */ + if (uuid) { + if (uuid_parse(uuid, uu) < 0) { + log_dbg("Requested UUID %s has invalid format.", uuid); + return 0; + } + + for (ptr = uuid2, i = 0; i < UUID_LEN; i++) + if (uuid[i] != '-') { + *ptr = uuid[i]; + ptr++; + } + } + + snprintf(buf, buflen, DM_UUID_PREFIX "%s%s%s%s", + type ?: "", type ? "-" : "", + uuid2[0] ? uuid2 : "", uuid2[0] ? "-" : ""); + + return 1; +} + +/* return number of holders in general, if matched dm_uuid prefix it's returned via dm_name */ +/* negative value is error */ +static int lookup_holder_dm_name(const char *dm_uuid, size_t max_len, dev_t devno, char *dm_name, size_t dm_name_length) +{ + struct dirent *entry; + char dm_subpath[PATH_MAX], data_dev_dir[PATH_MAX], uuid[max_len]; + ssize_t s; + struct stat st; + int dmfd, fd, len, r = 0; /* not found */ + DIR *dir; + + if (!dm_name || !dm_name_length) + return -EINVAL; + + *dm_name = '\0'; + + len = snprintf(data_dev_dir, PATH_MAX, "/sys/dev/block/%u:%u/holders", major(devno), minor(devno)); + if (len < 0 || len >= PATH_MAX) + return -EINVAL; + + if (!(dir = opendir(data_dev_dir))) + /* map ENOTDIR to ENOENT we'll handle both errors same */ + return errno == ENOTDIR ? -ENOENT : -errno; + + while (r != 1 && (entry = readdir(dir))) { + if (entry->d_name[0] == '.' || + !strncmp(entry->d_name, "..", 2)) + continue; + + /* there's a holder */ + r++; + + /* we already have a dm_name, just count remaining holders */ + if (*dm_name != '\0') + continue; + + len = snprintf(dm_subpath, PATH_MAX, "%s/%s", entry->d_name, "dm"); + if (len < 0 || len >= PATH_MAX) { + r = -EINVAL; + break; + } + + /* looking for dm-X/dm directory, symlinks are fine */ + dmfd = openat(dirfd(dir), dm_subpath, O_DIRECTORY | O_RDONLY); + if (dmfd < 0) + continue; + + fd = openat(dmfd, "uuid", O_RDONLY); + if (fd < 0) { + close(dmfd); + continue; + } + + if (fstat(fd, &st) || !S_ISREG(st.st_mode)) { + close(fd); + close(dmfd); + continue; + } + + /* reads binary data */ + s = read_buffer(fd, uuid, max_len - 1); + close(fd); + uuid[s > 0 ? s : 0] = '\0'; + if (!strncmp(uuid, dm_uuid, strlen(dm_uuid))) + log_dbg("Found candidate device %s", entry->d_name); + else { + close(dmfd); + continue; + } + + fd = openat(dmfd, "name", O_RDONLY); + if (fd < 0) { + close(dmfd); + continue; + } + + if (fstat(fd, &st) || !S_ISREG(st.st_mode)) { + close(fd); + close(dmfd); + continue; + } + + /* reads binary data */ + s = read_buffer(fd, dm_name, dm_name_length - 1); + close(fd); + close(dmfd); + if (s > 1) { + dm_name[s-1] = '\0'; + log_dbg("Found dm device %s", dm_name); + } + } + + closedir(dir); + + return r; +} + +int tools_lookup_crypt_device(struct crypt_device *cd, const char *type, + const char *data_device_path, char *name, size_t name_length) +{ + int r; + char *c; + struct stat st; + char dev_uuid[DM_UUID_LEN + DM_BY_ID_PREFIX_LEN] = DM_BY_ID_PREFIX; + + if (!dm_prepare_uuid(type, crypt_get_uuid(cd), dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN)) + return -EINVAL; + + c = strrchr(dev_uuid, '-'); + if (!c) + return -EINVAL; + + /* cut of dm name */ + *c = '\0'; + + log_dbg("Looking for any dm device with prefix: %s", dev_uuid); + + if (stat(data_device_path, &st) < 0) + return -ENODEV; + + if (!S_ISBLK(st.st_mode)) + return -ENOTBLK; + + r = lookup_holder_dm_name(dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN, + st.st_rdev, name, name_length); + return r; +} diff --git a/src/utils_luks2.c b/src/utils_luks2.c new file mode 100644 index 0000000..535d85f --- /dev/null +++ b/src/utils_luks2.c @@ -0,0 +1,139 @@ +/* + * Helper utilities for LUKS2 features + * + * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2020 Milan Broz + * Copyright (C) 2018-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "cryptsetup.h" + +/* + * FIXME: 4MiBs is max LUKS2 mda length (including binary header). + * In future, read max allowed JSON size from config section. + */ +#define LUKS2_MAX_MDA_SIZE 0x400000 +int tools_read_json_file(struct crypt_device *cd, const char *file, char **json, size_t *json_size) +{ + ssize_t ret; + int fd, block, r; + void *buf = NULL; + + block = tools_signals_blocked(); + if (block) + set_int_block(0); + + if (tools_is_stdin(file)) { + fd = STDIN_FILENO; + log_dbg("STDIN descriptor JSON read requested."); + } else { + log_dbg("File descriptor JSON read requested."); + fd = open(file, O_RDONLY); + if (fd < 0) { + log_err(_("Failed to open file %s in read-only mode."), file); + r = -EINVAL; + goto out; + } + } + + buf = malloc(LUKS2_MAX_MDA_SIZE); + if (!buf) { + r = -ENOMEM; + goto out; + } + + if (isatty(fd) && !opt_batch_mode) + log_std(_("Provide valid LUKS2 token JSON:\n")); + + /* we expect JSON (string) */ + r = 0; + ret = read_buffer_intr(fd, buf, LUKS2_MAX_MDA_SIZE - 1, &quit); + if (ret < 0) { + r = -EIO; + log_err(_("Failed to read JSON file.")); + goto out; + } + check_signal(&r); + if (r) { + log_err(_("\nRead interrupted.")); + goto out; + } + + *json_size = (size_t)ret; + *json = buf; + *(*json + ret) = '\0'; +out: + if (block && !quit) + set_int_block(1); + if (fd >= 0 && fd != STDIN_FILENO) + close(fd); + if (r && buf) { + memset(buf, 0, LUKS2_MAX_MDA_SIZE); + free(buf); + } + return r; +} + +int tools_write_json_file(struct crypt_device *cd, const char *file, const char *json) +{ + int block, fd, r; + size_t json_len; + ssize_t ret; + + if (!json || !(json_len = strlen(json)) || json_len >= LUKS2_MAX_MDA_SIZE) + return -EINVAL; + + block = tools_signals_blocked(); + if (block) + set_int_block(0); + + if (tools_is_stdin(file)) { + fd = STDOUT_FILENO; + log_dbg("STDOUT descriptor JSON write requested."); + } else { + log_dbg("File descriptor JSON write requested."); + fd = open(file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR); + } + + if (fd < 0) { + log_err(_("Failed to open file %s in write mode."), file ?: ""); + r = -EINVAL; + goto out; + } + + r = 0; + ret = write_buffer_intr(fd, json, json_len, &quit); + check_signal(&r); + if (r) { + log_err(_("\nWrite interrupted.")); + goto out; + } + if (ret < 0 || (size_t)ret != json_len) { + log_err(_("Failed to write JSON file.")); + r = -EIO; + goto out; + } + + if (isatty(fd)) + (void) write_buffer_intr(fd, "\n", 1, &quit); +out: + if (block && !quit) + set_int_block(1); + if (fd >=0 && fd != STDOUT_FILENO) + close(fd); + return r; +} diff --git a/src/utils_password.c b/src/utils_password.c index 541806c..55c1343 100644 --- a/src/utils_password.c +++ b/src/utils_password.c @@ -1,8 +1,8 @@ /* * Password quality check wrapper * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2014, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -20,10 +20,11 @@ */ #include "cryptsetup.h" +#include int opt_force_password = 0; -#if ENABLE_PWQUALITY +#if defined ENABLE_PWQUALITY #include static int tools_check_pwquality(const char *password) @@ -39,7 +40,7 @@ static int tools_check_pwquality(const char *password) r = pwquality_read_config(pwq, NULL, &auxerror); if (r) { - log_err(_("Cannot check password quality: %s\n"), + log_err(_("Cannot check password quality: %s"), pwquality_strerror(NULL, 0, r, auxerror)); pwquality_free_settings(pwq); return -EINVAL; @@ -47,7 +48,7 @@ static int tools_check_pwquality(const char *password) r = pwquality_check(pwq, password, NULL, NULL, &auxerror); if (r < 0) { - log_err(_("Password quality check failed:\n %s\n"), + log_err(_("Password quality check failed:\n %s"), pwquality_strerror(NULL, 0, r, auxerror)); r = -EPERM; } else { @@ -58,28 +59,218 @@ static int tools_check_pwquality(const char *password) pwquality_free_settings(pwq); return r; } -#else /* ENABLE_PWQUALITY */ +#elif defined ENABLE_PASSWDQC +#include + +static int tools_check_pwquality(const char *password) +{ + passwdqc_params_t params; + char *parse_reason; + const char *check_reason; + const char *config = PASSWDQC_CONFIG_FILE; + + passwdqc_params_reset(¶ms); + + if (*config && passwdqc_params_load(¶ms, &parse_reason, config)) { + log_err(_("Cannot check password quality: %s"), + (parse_reason ? parse_reason : "Out of memory")); + free(parse_reason); + return -EINVAL; + } + + check_reason = passwdqc_check(¶ms.qc, password, NULL, NULL); + if (check_reason) { + log_err(_("Password quality check failed: Bad passphrase (%s)"), + check_reason); + return -EPERM; + } + + return 0; +} +#else /* !(ENABLE_PWQUALITY || ENABLE_PASSWDQC) */ static int tools_check_pwquality(const char *password) { return 0; } -#endif /* ENABLE_PWQUALITY */ +#endif /* ENABLE_PWQUALITY || ENABLE_PASSWDQC */ + +/* Password reading helpers */ +static int untimed_read(int fd, char *pass, size_t maxlen) +{ + ssize_t i; + + i = read(fd, pass, maxlen); + if (i > 0) { + pass[i-1] = '\0'; + i = 0; + } else if (i == 0) { /* EOF */ + *pass = 0; + i = -1; + } + return i; +} + +static int timed_read(int fd, char *pass, size_t maxlen, long timeout) +{ + struct timeval t; + fd_set fds = {}; /* Just to avoid scan-build false report for FD_SET */ + int failed = -1; + + FD_ZERO(&fds); + FD_SET(fd, &fds); + t.tv_sec = timeout; + t.tv_usec = 0; + if (select(fd+1, &fds, NULL, NULL, &t) > 0) + failed = untimed_read(fd, pass, maxlen); + + return failed; +} + +static int interactive_pass(const char *prompt, char *pass, size_t maxlen, + long timeout) +{ + struct termios orig, tmp; + int failed = -1; + int infd, outfd; + + if (maxlen < 1) + return failed; + + /* Read and write to /dev/tty if available */ + infd = open("/dev/tty", O_RDWR); + if (infd == -1) { + infd = STDIN_FILENO; + outfd = STDERR_FILENO; + } else + outfd = infd; + + if (tcgetattr(infd, &orig)) + goto out_err; + + memcpy(&tmp, &orig, sizeof(tmp)); + tmp.c_lflag &= ~ECHO; + + if (prompt && write(outfd, prompt, strlen(prompt)) < 0) + goto out_err; + + tcsetattr(infd, TCSAFLUSH, &tmp); + if (timeout) + failed = timed_read(infd, pass, maxlen, timeout); + else + failed = untimed_read(infd, pass, maxlen); + tcsetattr(infd, TCSAFLUSH, &orig); + +out_err: + if (!failed && write(outfd, "\n", 1)) {}; + + if (infd != STDIN_FILENO) + close(infd); + return failed; +} + +static int crypt_get_key_tty(const char *prompt, + char **key, size_t *key_size, + int timeout, int verify, + struct crypt_device *cd) +{ + int key_size_max = DEFAULT_PASSPHRASE_SIZE_MAX; + int r = -EINVAL; + char *pass = NULL, *pass_verify = NULL; + + *key = NULL; + *key_size = 0; + + log_dbg("Interactive passphrase entry requested."); + + pass = crypt_safe_alloc(key_size_max + 1); + if (!pass) { + log_err( _("Out of memory while reading passphrase.")); + return -ENOMEM; + } + + if (interactive_pass(prompt, pass, key_size_max, timeout)) { + log_err(_("Error reading passphrase from terminal.")); + goto out_err; + } + pass[key_size_max] = '\0'; + + if (verify) { + pass_verify = crypt_safe_alloc(key_size_max); + if (!pass_verify) { + log_err(_("Out of memory while reading passphrase.")); + r = -ENOMEM; + goto out_err; + } + + if (interactive_pass(_("Verify passphrase: "), + pass_verify, key_size_max, timeout)) { + log_err(_("Error reading passphrase from terminal.")); + goto out_err; + } + + if (strncmp(pass, pass_verify, key_size_max)) { + log_err(_("Passphrases do not match.")); + r = -EPERM; + goto out_err; + } + } + + *key = pass; + *key_size = strlen(pass); + r = 0; +out_err: + crypt_safe_free(pass_verify); + if (r) + crypt_safe_free(pass); + return r; +} + +/* + * Note: --key-file=- is interpreted as a read from a binary file (stdin) + * key_size_max == 0 means detect maximum according to input type (tty/file) + */ int tools_get_key(const char *prompt, char **key, size_t *key_size, - size_t keyfile_offset, size_t keyfile_size_max, + uint64_t keyfile_offset, size_t keyfile_size_max, const char *key_file, int timeout, int verify, int pwquality, struct crypt_device *cd) { - int r, block; + char tmp[PATH_MAX], *backing_file; + int r = -EINVAL, block; block = tools_signals_blocked(); if (block) set_int_block(0); - r = crypt_get_key(prompt, key, key_size, keyfile_offset, - keyfile_size_max, key_file, timeout, verify, cd); + if (tools_is_stdin(key_file)) { + if (isatty(STDIN_FILENO)) { + if (keyfile_offset) { + log_err(_("Cannot use offset with terminal input.")); + } else { + if (!prompt && !crypt_get_device_name(cd)) + snprintf(tmp, sizeof(tmp), _("Enter passphrase: ")); + else if (!prompt) { + backing_file = crypt_loop_backing_file(crypt_get_device_name(cd)); + snprintf(tmp, sizeof(tmp), _("Enter passphrase for %s: "), backing_file ?: crypt_get_device_name(cd)); + free(backing_file); + } + r = crypt_get_key_tty(prompt ?: tmp, key, key_size, timeout, verify, cd); + } + } else { + log_dbg("STDIN descriptor passphrase entry requested."); + /* No keyfile means STDIN with EOL handling (\n will end input)). */ + r = crypt_keyfile_device_read(cd, NULL, key, key_size, + keyfile_offset, keyfile_size_max, + key_file ? 0 : CRYPT_KEYFILE_STOP_EOL); + } + } else { + log_dbg("File descriptor passphrase entry requested."); + r = crypt_keyfile_device_read(cd, key_file, key, key_size, + keyfile_offset, keyfile_size_max, 0); + } + if (block && !quit) set_int_block(1); @@ -89,3 +280,60 @@ int tools_get_key(const char *prompt, return r; } + +void tools_passphrase_msg(int r) +{ + if (r == -EPERM) + log_err(_("No key available with this passphrase.")); + else if (r == -ENOENT) + log_err(_("No usable keyslot is available.")); +} + +int tools_read_mk(const char *file, char **key, int keysize) +{ + int fd; + + if (!keysize || !key) + return -EINVAL; + + *key = crypt_safe_alloc(keysize); + if (!*key) + return -ENOMEM; + + fd = open(file, O_RDONLY); + if (fd == -1) { + log_err(_("Cannot read keyfile %s."), file); + goto fail; + } + + if (read_buffer(fd, *key, keysize) != keysize) { + log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file); + close(fd); + goto fail; + } + close(fd); + return 0; +fail: + crypt_safe_free(*key); + *key = NULL; + return -EINVAL; +} + +int tools_write_mk(const char *file, const char *key, int keysize) +{ + int fd, r = -EINVAL; + + fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR); + if (fd < 0) { + log_err(_("Cannot open keyfile %s for write."), file); + return r; + } + + if (write_buffer(fd, key, keysize) == keysize) + r = 0; + else + log_err(_("Cannot write to keyfile %s."), file); + + close(fd); + return r; +} diff --git a/src/utils_tools.c b/src/utils_tools.c index 23e4acb..47bcfe1 100644 --- a/src/utils_tools.c +++ b/src/utils_tools.c @@ -1,10 +1,10 @@ /* * cryptsetup - setup cryptographic volumes for dm-crypt * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2014, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,11 +22,14 @@ */ #include "cryptsetup.h" +#include #include int opt_verbose = 0; int opt_debug = 0; +int opt_debug_json = 0; int opt_batch_mode = 0; +int opt_progress_frequency = 0; /* interrupt handling */ volatile int quit = 0; @@ -74,29 +77,27 @@ void check_signal(int *r) *r = -EINTR; } +#define LOG_MAX_LEN 4096 + __attribute__((format(printf, 5, 6))) void clogger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) { va_list argp; - char *target = NULL; + char target[LOG_MAX_LEN + 2]; va_start(argp, format); - if (vasprintf(&target, format, argp) > 0) { - if (level >= 0) { - crypt_log(cd, level, target); -#ifdef CRYPT_DEBUG - } else if (opt_debug) - printf("# %s:%d %s\n", file ?: "?", line, target); -#else - } else if (opt_debug) - printf("# %s\n", target); -#endif + if (vsnprintf(&target[0], LOG_MAX_LEN, format, argp) > 0) { + /* All verbose and error messages in tools end with EOL. */ + if (level == CRYPT_LOG_VERBOSE || level == CRYPT_LOG_ERROR || + level == CRYPT_LOG_DEBUG || level == CRYPT_LOG_DEBUG_JSON) + strncat(target, "\n", LOG_MAX_LEN); + + crypt_log(cd, level, target); } va_end(argp); - free(target); } void tool_log(int level, const char *msg, void *usrptr __attribute__((unused))) @@ -104,21 +105,19 @@ void tool_log(int level, const char *msg, void *usrptr __attribute__((unused))) switch(level) { case CRYPT_LOG_NORMAL: - fputs(msg, stdout); + fprintf(stdout, "%s", msg); break; case CRYPT_LOG_VERBOSE: if (opt_verbose) - fputs(msg, stdout); + fprintf(stdout, "%s", msg); break; case CRYPT_LOG_ERROR: - fputs(msg, stderr); + fprintf(stderr, "%s", msg); break; + case CRYPT_LOG_DEBUG_JSON: case CRYPT_LOG_DEBUG: if (opt_debug) - printf("# %s\n", msg); - break; - default: - fprintf(stderr, "Internal error on logging class for msg: %s", msg); + fprintf(stdout, "# %s", msg); break; } } @@ -130,29 +129,33 @@ void quiet_log(int level, const char *msg, void *usrptr) tool_log(level, msg, usrptr); } -int yesDialog(const char *msg, void *usrptr __attribute__((unused))) +static int _dialog(const char *msg, void *usrptr, int default_answer) { + const char *fail_msg = (const char *)usrptr; char *answer = NULL; size_t size = 0; - int r = 1, block; + int r = default_answer, block; block = tools_signals_blocked(); if (block) set_int_block(0); - if(isatty(STDIN_FILENO) && !opt_batch_mode) { + if (isatty(STDIN_FILENO) && !opt_batch_mode) { log_std("\nWARNING!\n========\n"); - log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg); + log_std("%s\n\nAre you sure? (Type 'yes' in capital letters): ", msg); fflush(stdout); if(getline(&answer, &size, stdin) == -1) { r = 0; /* Aborted by signal */ if (!quit) - log_err(_("Error reading response from terminal.\n")); + log_err(_("Error reading response from terminal.")); else log_dbg("Query interrupted on signal."); - } else if(strcmp(answer, "YES\n")) - r = 0; + } else { + r = !strcmp(answer, "YES\n"); + if (!r && fail_msg) + log_err("%s", fail_msg); + } } if (block && !quit) @@ -162,9 +165,19 @@ int yesDialog(const char *msg, void *usrptr __attribute__((unused))) return r; } +int yesDialog(const char *msg, void *usrptr) +{ + return _dialog(msg, usrptr, 1); +} + +int noDialog(const char *msg, void *usrptr) +{ + return _dialog(msg, usrptr, 0); +} + void show_status(int errcode) { - char error[256]; + char *crypt_error; if(!opt_verbose) return; @@ -174,25 +187,23 @@ void show_status(int errcode) return; } - crypt_get_error(error, sizeof(error)); - - if (*error) { -#ifdef STRERROR_R_CHAR_P /* GNU-specific strerror_r */ - char *error_ = strerror_r(-errcode, error, sizeof(error)); - if (error_ != error) - strncpy(error, error_, sizeof(error)); -#else /* POSIX strerror_r variant */ - if (strerror_r(-errcode, error, sizeof(error))) - *error = '\0'; -#endif - error[sizeof(error) - 1] = '\0'; - } - - log_err(_("Command failed with code %i"), -errcode); - if (*error) - log_err(": %s\n", error); + if (errcode < 0) + errcode = translate_errno(errcode); + + if (errcode == 1) + crypt_error = _("wrong or missing parameters"); + else if (errcode == 2) + crypt_error = _("no permission or bad passphrase"); + else if (errcode == 3) + crypt_error = _("out of memory"); + else if (errcode == 4) + crypt_error = _("wrong device or file specified"); + else if (errcode == 5) + crypt_error = _("device already exists or device is busy"); else - log_err(".\n"); + crypt_error = _("unknown error"); + + log_std(_("Command failed with code %i (%s).\n"), -errcode, crypt_error); } const char *uuid_or_device(const char *spec) @@ -206,7 +217,7 @@ const char *uuid_or_device(const char *spec) strcpy(device, "/dev/disk/by-uuid/"); ptr = &device[strlen(device)]; i = uuid_len; - while ((s = spec[i++]) && i < PATH_MAX) { + while ((s = spec[i++]) && i < (PATH_MAX - 13)) { if (!isxdigit(s) && s != '-') return spec; /* Bail it out */ if (isalpha(s)) @@ -226,7 +237,7 @@ __attribute__ ((noreturn)) void usage(poptContext popt_context, { poptPrintUsage(popt_context, stderr, 0); if (error) - log_err("%s: %s\n", more, error); + log_err("%s: %s", more, error); poptFreeContext(popt_context); exit(exitcode); } @@ -262,3 +273,361 @@ int translate_errno(int r) } return r; } + +void tools_keyslot_msg(int keyslot, crypt_object_op op) +{ + if (keyslot < 0) + return; + + if (op == CREATED) + log_verbose(_("Key slot %i created."), keyslot); + else if (op == UNLOCKED) + log_verbose(_("Key slot %i unlocked."), keyslot); + else if (op == REMOVED) + log_verbose(_("Key slot %i removed."), keyslot); +} + +void tools_token_msg(int token, crypt_object_op op) +{ + if (token < 0) + return; + + if (op == CREATED) + log_verbose(_("Token %i created."), token); + else if (op == REMOVED) + log_verbose(_("Token %i removed."), token); +} + +/* + * Device size string parsing, suffixes: + * s|S - 512 bytes sectors + * k |K |m |M |g |G |t |T - 1024 base + * kiB|KiB|miB|MiB|giB|GiB|tiB|TiB - 1024 base + * kb |KB |mM |MB |gB |GB |tB |TB - 1000 base + */ +int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size) +{ + char *endp = NULL; + size_t len; + uint64_t mult_base, mult, tmp; + + *size = strtoull(s, &endp, 10); + if (!isdigit(s[0]) || + (errno == ERANGE && *size == ULLONG_MAX) || + (errno != 0 && *size == 0)) + return -EINVAL; + + if (!endp || !*endp) + return 0; + + len = strlen(endp); + /* Allow "B" and "iB" suffixes */ + if (len > 3 || + (len == 3 && (endp[1] != 'i' || endp[2] != 'B')) || + (len == 2 && endp[1] != 'B')) + return -EINVAL; + + if (len == 1 || len == 3) + mult_base = 1024; + else + mult_base = 1000; + + mult = 1; + switch (endp[0]) { + case 's': + case 'S': mult = 512; + break; + case 't': + case 'T': mult *= mult_base; + /* Fall through */ + case 'g': + case 'G': mult *= mult_base; + /* Fall through */ + case 'm': + case 'M': mult *= mult_base; + /* Fall through */ + case 'k': + case 'K': mult *= mult_base; + break; + default: + return -EINVAL; + } + + tmp = *size * mult; + if (*size && (tmp / *size) != mult) { + log_dbg("Device size overflow."); + return -EINVAL; + } + + *size = tmp; + return 0; +} + +/* Time progress helper */ + +/* The difference in seconds between two times in "timeval" format. */ +static double time_diff(struct timeval *start, struct timeval *end) +{ + return (end->tv_sec - start->tv_sec) + + (end->tv_usec - start->tv_usec) / 1E6; +} + +void tools_clear_line(void) +{ + if (opt_progress_frequency) + return; + /* vt100 code clear line */ + log_std("\33[2K\r"); +} + +static void tools_time_progress(uint64_t device_size, uint64_t bytes, uint64_t *start_bytes, + struct timeval *start_time, struct timeval *end_time) +{ + struct timeval now_time; + unsigned long long mbytes, eta; + double tdiff, uib, frequency; + int final = (bytes == device_size); + const char *eol, *ustr = ""; + + if (opt_batch_mode) + return; + + gettimeofday(&now_time, NULL); + if (start_time->tv_sec == 0 && start_time->tv_usec == 0) { + *start_time = now_time; + *end_time = now_time; + *start_bytes = bytes; + return; + } + + if (opt_progress_frequency) { + frequency = (double)opt_progress_frequency; + eol = "\n"; + } else { + frequency = 0.5; + eol = ""; + } + + if (!final && time_diff(end_time, &now_time) < frequency) + return; + + *end_time = now_time; + + tdiff = time_diff(start_time, end_time); + if (!tdiff) + return; + + mbytes = bytes / 1024 / 1024; + uib = (double)(bytes - *start_bytes) / tdiff; + + /* FIXME: calculate this from last minute only. */ + eta = (unsigned long long)(device_size / uib - tdiff); + + if (uib > 1073741824.0f) { + uib /= 1073741824.0f; + ustr = "Gi"; + } else if (uib > 1048576.0f) { + uib /= 1048576.0f; + ustr = "Mi"; + } else if (uib > 1024.0f) { + uib /= 1024.0f; + ustr = "Ki"; + } + + tools_clear_line(); + if (final) + log_std("Finished, time %02llu:%02llu.%03llu, " + "%4llu MiB written, speed %5.1f %sB/s\n", + (unsigned long long)tdiff / 60, + (unsigned long long)tdiff % 60, + (unsigned long long)((tdiff - floor(tdiff)) * 1000.0), + mbytes, uib, ustr); + else + log_std("Progress: %5.1f%%, ETA %02llu:%02llu, " + "%4llu MiB written, speed %5.1f %sB/s%s", + (double)bytes / device_size * 100, + eta / 60, eta % 60, mbytes, uib, ustr, eol); + fflush(stdout); +} + +int tools_wipe_progress(uint64_t size, uint64_t offset, void *usrptr) +{ + static struct timeval start_time = {}, end_time = {}; + static uint64_t start_offset = 0; + int r = 0; + + tools_time_progress(size, offset, &start_offset, &start_time, &end_time); + + check_signal(&r); + if (r) { + tools_clear_line(); + log_err(_("\nWipe interrupted.")); + } + + return r; +} + +static void report_partition(const char *value, const char *device) +{ + if (opt_batch_mode) + log_dbg("Device %s already contains a '%s' partition signature.", device, value); + else + log_std(_("WARNING: Device %s already contains a '%s' partition signature.\n"), device, value); +} + +static void report_superblock(const char *value, const char *device) +{ + if (opt_batch_mode) + log_dbg("Device %s already contains a '%s' superblock signature.", device, value); + else + log_std(_("WARNING: Device %s already contains a '%s' superblock signature.\n"), device, value); +} + +int tools_detect_signatures(const char *device, int ignore_luks, size_t *count) +{ + int r; + size_t tmp_count; + struct blkid_handle *h; + blk_probe_status pr; + + if (!count) + count = &tmp_count; + + *count = 0; + + if (!blk_supported()) { + log_dbg("Blkid support disabled."); + return 0; + } + + if ((r = blk_init_by_path(&h, device))) { + log_err(_("Failed to initialize device signature probes.")); + return -EINVAL; + } + + blk_set_chains_for_full_print(h); + + if (ignore_luks && blk_superblocks_filter_luks(h)) { + r = -EINVAL; + goto out; + } + + while ((pr = blk_probe(h)) < PRB_EMPTY) { + if (blk_is_partition(h)) + report_partition(blk_get_partition_type(h), device); + else if (blk_is_superblock(h)) + report_superblock(blk_get_superblock_type(h), device); + else { + log_dbg("Internal tools_detect_signatures() error."); + r = -EINVAL; + goto out; + } + (*count)++; + } + + if (pr == PRB_FAIL) + r = -EINVAL; +out: + blk_free(h); + return r; +} + +int tools_wipe_all_signatures(const char *path) +{ + int fd, flags, r; + blk_probe_status pr; + struct stat st; + struct blkid_handle *h = NULL; + + if (!blk_supported()) { + log_dbg("Blkid support disabled."); + return 0; + } + + if (stat(path, &st)) { + log_err(_("Failed to stat device %s."), path); + return -EINVAL; + } + + flags = O_RDWR; + if (S_ISBLK(st.st_mode)) + flags |= O_EXCL; + + /* better than opening regular file with O_EXCL (undefined) */ + /* coverity[toctou] */ + fd = open(path, flags); + if (fd < 0) { + if (errno == EBUSY) + log_err(_("Device %s is in use. Can not proceed with format operation."), path); + else + log_err(_("Failed to open file %s in read/write mode."), path); + return -EINVAL; + } + + if ((r = blk_init_by_fd(&h, fd))) { + log_err(_("Failed to initialize device signature probes.")); + r = -EINVAL; + goto out; + } + + blk_set_chains_for_wipes(h); + + while ((pr = blk_probe(h)) < PRB_EMPTY) { + if (blk_is_partition(h)) + log_verbose(_("Existing '%s' partition signature (offset: %" PRIi64 " bytes) on device %s will be wiped."), + blk_get_partition_type(h), blk_get_offset(h), path); + if (blk_is_superblock(h)) + log_verbose(_("Existing '%s' superblock signature (offset: %" PRIi64 " bytes) on device %s will be wiped."), + blk_get_superblock_type(h), blk_get_offset(h), path); + if (blk_do_wipe(h)) { + log_err(_("Failed to wipe device signature.")); + r = -EINVAL; + goto out; + } + } + + if (pr != PRB_EMPTY) { + log_err(_("Failed to probe device %s for a signature."), path); + r = -EINVAL; + } +out: + close(fd); + blk_free(h); + return r; +} + +int tools_is_cipher_null(const char *cipher) +{ + if (!cipher) + return 0; + + return !strcmp(cipher, "cipher_null") ? 1 : 0; +} + +/* + * Keyfile - is standard input treated as a binary file (no EOL handling). + */ +int tools_is_stdin(const char *key_file) +{ + if (!key_file) + return 1; + + return strcmp(key_file, "-") ? 0 : 1; +} + +int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr) +{ + static struct timeval start_time = {}, end_time = {}; + static uint64_t start_offset = 0; + int r = 0; + + tools_time_progress(size, offset, &start_offset, &start_time, &end_time); + + check_signal(&r); + if (r) { + tools_clear_line(); + log_err(_("\nReencryption interrupted.")); + } + + return r; +} diff --git a/src/veritysetup.c b/src/veritysetup.c index 8f45be4..e29b75d 100644 --- a/src/veritysetup.c +++ b/src/veritysetup.c @@ -1,8 +1,8 @@ /* * veritysetup - setup cryptographic volumes for dm-verity * - * Copyright (C) 2012-2013, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2013, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -25,6 +25,8 @@ static int use_superblock = 1; +static const char *fec_device = NULL; +static int fec_roots = DEFAULT_VERITY_FEC_ROOTS; static const char *hash_algorithm = NULL; static int hash_type = 1; static int data_block_size = DEFAULT_VERITY_DATA_BLOCK; @@ -32,9 +34,13 @@ static int hash_block_size = DEFAULT_VERITY_HASH_BLOCK; static uint64_t data_blocks = 0; static const char *salt_string = NULL; static uint64_t hash_offset = 0; +static uint64_t fec_offset = 0; static const char *opt_uuid = NULL; - -static int opt_version_mode = 0; +static int opt_restart_on_corruption = 0; +static int opt_ignore_corruption = 0; +static int opt_ignore_zero_blocks = 0; +static int opt_check_at_most_once = 0; +static const char *opt_root_hash_signature = NULL; static const char **action_argv; static int action_argc; @@ -48,6 +54,8 @@ static int _prepare_format(struct crypt_params_verity *params, params->hash_name = hash_algorithm ?: DEFAULT_VERITY_HASH; params->data_device = data_device; + params->fec_device = fec_device; + params->fec_roots = fec_roots; if (salt_string && !strcmp(salt_string, "-")) { params->salt_size = 0; @@ -55,7 +63,7 @@ static int _prepare_format(struct crypt_params_verity *params, } else if (salt_string) { len = crypt_hex_to_bytes(salt_string, &salt, 0); if (len < 0) { - log_err(_("Invalid salt string specified.\n")); + log_err(_("Invalid salt string specified.")); return -EINVAL; } params->salt_size = len; @@ -69,6 +77,7 @@ static int _prepare_format(struct crypt_params_verity *params, params->hash_block_size = hash_block_size; params->data_size = data_blocks; params->hash_area_offset = hash_offset; + params->fec_area_offset = fec_offset; params->hash_type = hash_type; params->flags = flags; @@ -85,12 +94,23 @@ static int action_format(int arg) /* Try to create hash image if doesn't exist */ r = open(action_argv[1], O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR); if (r < 0 && errno != EEXIST) { - log_err(_("Cannot create hash image %s for writing.\n"), action_argv[1]); + log_err(_("Cannot create hash image %s for writing."), action_argv[1]); return -EINVAL; } else if (r >= 0) { log_dbg("Created hash image %s.", action_argv[1]); close(r); } + /* Try to create FEC image if doesn't exist */ + if (fec_device) { + r = open(fec_device, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR); + if (r < 0 && errno != EEXIST) { + log_err(_("Cannot create FEC image %s for writing."), fec_device); + return -EINVAL; + } else if (r >= 0) { + log_dbg("Created FEC image %s.", fec_device); + close(r); + } + } if ((r = crypt_init(&cd, action_argv[1]))) goto out; @@ -122,14 +142,28 @@ static int _activate(const char *dm_device, uint32_t activate_flags = CRYPT_ACTIVATE_READONLY; char *root_hash_bytes = NULL; ssize_t hash_size; - int r; + struct stat st; + char *signature = NULL; + int signature_size = 0, r; - if ((r = crypt_init(&cd, hash_device))) + if ((r = crypt_init_data_device(&cd, hash_device, data_device))) goto out; + if (opt_ignore_corruption) + activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION; + if (opt_restart_on_corruption) + activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION; + if (opt_ignore_zero_blocks) + activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS; + if (opt_check_at_most_once) + activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE; + if (use_superblock) { params.flags = flags; params.hash_area_offset = hash_offset; + params.fec_area_offset = fec_offset; + params.fec_device = fec_device; + params.fec_roots = fec_roots; r = crypt_load(cd, CRYPT_VERITY, ¶ms); } else { r = _prepare_format(¶ms, data_device, flags | CRYPT_VERITY_NO_HEADER); @@ -139,33 +173,48 @@ static int _activate(const char *dm_device, } if (r < 0) goto out; - r = crypt_set_data_device(cd, data_device); - if (r < 0) - goto out; hash_size = crypt_get_volume_key_size(cd); if (crypt_hex_to_bytes(root_hash, &root_hash_bytes, 0) != hash_size) { - log_err(_("Invalid root hash string specified.\n")); + log_err(_("Invalid root hash string specified.")); r = -EINVAL; goto out; } - r = crypt_activate_by_volume_key(cd, dm_device, + + if (opt_root_hash_signature) { + // FIXME: check max file size + if (stat(opt_root_hash_signature, &st) || !S_ISREG(st.st_mode) || !st.st_size) { + log_err(_("Invalid signature file %s."), opt_root_hash_signature); + r = -EINVAL; + goto out; + } + signature_size = st.st_size; + r = tools_read_mk(opt_root_hash_signature, &signature, signature_size); + if (r < 0) { + log_err(_("Cannot read signature file %s."), opt_root_hash_signature); + goto out; + } + } + r = crypt_activate_by_signed_key(cd, dm_device, root_hash_bytes, hash_size, + signature, signature_size, activate_flags); out: + crypt_safe_free(signature); crypt_free(cd); free(root_hash_bytes); free(CONST_CAST(char*)params.salt); return r; } -static int action_create(int arg) +static int action_open(int arg) { - return _activate(action_argv[0], - action_argv[1], + return _activate(action_argv[1], + action_argv[0], action_argv[2], - action_argv[3], 0); + action_argv[3], + opt_root_hash_signature ? CRYPT_VERITY_ROOT_HASH_SIGNATURE : 0); } static int action_verify(int arg) @@ -177,7 +226,7 @@ static int action_verify(int arg) CRYPT_VERITY_CHECK_HASH); } -static int action_remove(int arg) +static int action_close(int arg) { struct crypt_device *cd = NULL; int r; @@ -197,7 +246,8 @@ static int action_status(int arg) struct crypt_params_verity vp = {}; struct crypt_device *cd = NULL; struct stat st; - char *backing_file; + char *backing_file, *root_hash; + size_t root_hash_size; unsigned i, path = 0; int r = 0; @@ -227,22 +277,24 @@ static int action_status(int arg) ci == CRYPT_BUSY ? " and is in use" : ""); r = crypt_init_by_name_and_header(&cd, action_argv[0], NULL); - if (r < 0 || !crypt_get_type(cd)) + if (r < 0) goto out; - log_std(" type: %s\n", crypt_get_type(cd)); + log_std(" type: %s\n", crypt_get_type(cd) ?: "n/a"); r = crypt_get_active_device(cd, action_argv[0], &cad); if (r < 0) goto out; - log_std(" status: %s\n", - cad.flags & CRYPT_ACTIVATE_CORRUPTED ? "corrupted" : "verified"); - + /* Print only VERITY type devices */ r = crypt_get_verity_info(cd, &vp); if (r < 0) goto out; + log_std(" status: %s%s\n", + cad.flags & CRYPT_ACTIVATE_CORRUPTED ? "corrupted" : "verified", + vp.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE ? " (with signature)" : ""); + log_std(" hash type: %u\n", vp.hash_type); log_std(" data block: %u\n", vp.data_block_size); log_std(" hash block: %u\n", vp.hash_block_size); @@ -256,8 +308,7 @@ static int action_status(int arg) log_std("\n"); log_std(" data device: %s\n", vp.data_device); - if (crypt_loop_device(vp.data_device)) { - backing_file = crypt_loop_backing_file(vp.data_device); + if ((backing_file = crypt_loop_backing_file(vp.data_device))) { log_std(" data loop: %s\n", backing_file); free(backing_file); } @@ -266,13 +317,45 @@ static int action_status(int arg) "readonly" : "read/write"); log_std(" hash device: %s\n", vp.hash_device); - if (crypt_loop_device(vp.hash_device)) { - backing_file = crypt_loop_backing_file(vp.hash_device); + if ((backing_file = crypt_loop_backing_file(vp.hash_device))) { log_std(" hash loop: %s\n", backing_file); free(backing_file); } log_std(" hash offset: %" PRIu64 " sectors\n", vp.hash_area_offset * vp.hash_block_size / 512); + + if (vp.fec_device) { + log_std(" FEC device: %s\n", vp.fec_device); + if ((backing_file = crypt_loop_backing_file(vp.fec_device))) { + log_std(" FEC loop: %s\n", backing_file); + free(backing_file); + } + log_std(" FEC offset: %" PRIu64 " sectors\n", + vp.fec_area_offset * vp.hash_block_size / 512); + log_std(" FEC roots: %u\n", vp.fec_roots); + } + + root_hash_size = crypt_get_volume_key_size(cd); + if (root_hash_size > 0 && (root_hash = malloc(root_hash_size))) { + r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash, &root_hash_size, NULL, 0); + if (!r) { + log_std(" root hash: "); + for (i = 0; i < root_hash_size; i++) + log_std("%02hhx", (const char)root_hash[i]); + log_std("\n"); + } + free(root_hash); + } + + if (cad.flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION| + CRYPT_ACTIVATE_RESTART_ON_CORRUPTION| + CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS| + CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE)) + log_std(" flags: %s%s%s%s\n", + (cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "", + (cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "", + (cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks " : "", + (cad.flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? "check_at_most_once" : ""); } out: crypt_free(cd); @@ -291,6 +374,7 @@ static int action_dump(int arg) return r; params.hash_area_offset = hash_offset; + params.fec_area_offset = fec_offset; r = crypt_load(cd, CRYPT_VERITY, ¶ms); if (!r) crypt_dump(cd); @@ -307,8 +391,8 @@ static struct action_type { } action_types[] = { { "format", action_format, 2, N_(" "),N_("format device") }, { "verify", action_verify, 3, N_(" "),N_("verify device") }, - { "create", action_create, 4, N_(" "),N_("create active device") }, - { "remove", action_remove, 1, N_(""),N_("remove (deactivate) device") }, + { "open", action_open, 4, N_(" "),N_("open device as ") }, + { "close", action_close, 1, N_(""),N_("close device (remove mapping)") }, { "status", action_status, 1, N_(""),N_("show active device status") }, { "dump", action_dump, 1, N_(""),N_("show on-disk information") }, { NULL, NULL, 0, NULL, NULL } @@ -342,6 +426,11 @@ static void help(poptContext popt_context, DEFAULT_VERITY_HASH, DEFAULT_VERITY_DATA_BLOCK, DEFAULT_VERITY_HASH_BLOCK, DEFAULT_VERITY_SALT_SIZE, 1); + poptFreeContext(popt_context); + exit(EXIT_SUCCESS); + } else if (key->shortName == 'V') { + log_std("%s %s\n", PACKAGE_VERITY, PACKAGE_VERSION); + poptFreeContext(popt_context); exit(EXIT_SUCCESS); } else usage(popt_context, EXIT_SUCCESS, NULL, NULL); @@ -367,22 +456,30 @@ int main(int argc, const char **argv) { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL }, { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL }, { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL }, + { "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL }, POPT_TABLEEND }; static struct poptOption popt_options[] = { { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL }, - { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL }, { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL }, { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL }, { "no-superblock", 0, POPT_ARG_VAL, &use_superblock, 0, N_("Do not use verity superblock"), NULL }, { "format", 0, POPT_ARG_INT, &hash_type, 0, N_("Format type (1 - normal, 0 - original Chrome OS)"), N_("number") }, { "data-block-size", 0, POPT_ARG_INT, &data_block_size, 0, N_("Block size on the data device"), N_("bytes") }, { "hash-block-size", 0, POPT_ARG_INT, &hash_block_size, 0, N_("Block size on the hash device"), N_("bytes") }, + { "fec-roots", 0, POPT_ARG_INT, &fec_roots, 0, N_("FEC parity bytes"), N_("bytes") }, { "data-blocks", 0, POPT_ARG_STRING, &popt_tmp, 1, N_("The number of blocks in the data file"), N_("blocks") }, + { "fec-device", 0, POPT_ARG_STRING, &fec_device, 0, N_("Path to device with error correction data"), N_("path") }, { "hash-offset", 0, POPT_ARG_STRING, &popt_tmp, 2, N_("Starting offset on the hash device"), N_("bytes") }, + { "fec-offset", 0, POPT_ARG_STRING, &popt_tmp, 3, N_("Starting offset on the FEC device"), N_("bytes") }, { "hash", 'h', POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") }, { "salt", 's', POPT_ARG_STRING, &salt_string, 0, N_("Salt"), N_("hex string") }, - { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL }, + { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use"), NULL }, + { "root-hash-signature",'\0', POPT_ARG_STRING, &opt_root_hash_signature, 0, N_("Path to root hash signature file"), NULL }, + { "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL }, + { "ignore-corruption", 0, POPT_ARG_NONE, &opt_ignore_corruption, 0, N_("Ignore corruption, log it only"), NULL }, + { "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL }, + { "check-at-most-once", 0, POPT_ARG_NONE, &opt_check_at_most_once, 0, N_("Verify data block only the first time it is read"), NULL }, POPT_TABLEEND }; @@ -419,6 +516,9 @@ int main(int argc, const char **argv) case 2: hash_offset = ull_value; break; + case 3: + fec_offset = ull_value; + break; } if (r < 0) @@ -429,21 +529,9 @@ int main(int argc, const char **argv) usage(popt_context, EXIT_FAILURE, poptStrerror(r), poptBadOption(popt_context, POPT_BADOPTION_NOALIAS)); - if (opt_version_mode) { - log_std("%s %s\n", PACKAGE_VERITY, PACKAGE_VERSION); - poptFreeContext(popt_context); - exit(EXIT_SUCCESS); - } - if (!(aname = poptGetArg(popt_context))) usage(popt_context, EXIT_FAILURE, _("Argument missing."), poptGetInvocationName(popt_context)); - for(action = action_types; action->type; action++) - if (strcmp(action->type, aname) == 0) - break; - if (!action->type) - usage(popt_context, EXIT_FAILURE, _("Unknown action."), - poptGetInvocationName(popt_context)); action_argc = 0; action_argv = poptGetArgs(popt_context); @@ -455,7 +543,28 @@ int main(int argc, const char **argv) while(action_argv[action_argc] != NULL) action_argc++; - if(action_argc < action->required_action_argc) { + /* Handle aliases */ + if (!strcmp(aname, "create") && action_argc > 1) { + /* create command had historically switched arguments */ + if (action_argv[0] && action_argv[1]) { + const char *tmp = action_argv[0]; + action_argv[0] = action_argv[1]; + action_argv[1] = tmp; + } + aname = "open"; + } else if (!strcmp(aname, "remove")) { + aname = "close"; + } + + for (action = action_types; action->type; action++) + if (strcmp(action->type, aname) == 0) + break; + + if (!action->type) + usage(popt_context, EXIT_FAILURE, _("Unknown action."), + poptGetInvocationName(popt_context)); + + if (action_argc < action->required_action_argc) { char buf[128]; snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc); usage(popt_context, EXIT_FAILURE, buf, @@ -468,6 +577,21 @@ int main(int argc, const char **argv) poptGetInvocationName(popt_context)); } + if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "open")) + usage(popt_context, EXIT_FAILURE, + _("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."), + poptGetInvocationName(popt_context)); + + if (opt_root_hash_signature && strcmp(aname, "open")) + usage(popt_context, EXIT_FAILURE, + _("Option --root-hash-signature can be used only for open operation."), + poptGetInvocationName(popt_context)); + + if (opt_ignore_corruption && opt_restart_on_corruption) + usage(popt_context, EXIT_FAILURE, + _("Option --ignore-corruption and --restart-on-corruption cannot be used together."), + poptGetInvocationName(popt_context)); + if (opt_debug) { opt_verbose = 1; crypt_set_debug_level(-1); diff --git a/tests/00modules-test b/tests/00modules-test new file mode 100755 index 0000000..64e054a --- /dev/null +++ b/tests/00modules-test @@ -0,0 +1,45 @@ +#!/bin/bash + +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." + +function pversion() { + if [ ! -x $CRYPTSETUP_PATH/$1 ] ; then + return + fi + + echo -n "$CRYPTSETUP_PATH/" + $CRYPTSETUP_PATH/$1 --version +} + +echo "Cryptsetup test environment ($(date))" +uname -a +if [ "$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)" = "1" ] ; then + echo "Kernel running in FIPS mode." +fi + +if [ -f /etc/os-release ] ; then + source /etc/os-release + echo "$PRETTY_NAME ($NAME) $VERSION" +fi + +echo "Memory" +free -h + +pversion cryptsetup +pversion veritysetup +pversion integritysetup +pversion cryptsetup-reencrypt + +[ $(id -u) != 0 ] && exit 77 + +modprobe dm-crypt >/dev/null 2>&1 +modprobe dm-verity >/dev/null 2>&1 +modprobe dm-integrity >/dev/null 2>&1 +modprobe dm-zero >/dev/null 2>&1 + +dmsetup version + +echo "Device mapper targets:" +dmsetup targets + +exit 0 diff --git a/tests/Makefile.am b/tests/Makefile.am index 862e0f0..5a7e21d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,59 +1,124 @@ -TESTS = api-test \ +TESTS = 00modules-test \ + api-test \ + api-test-2 \ compat-test \ + compat-test2 \ loopaes-test \ align-test \ + align-test2 \ discards-test \ mode-test \ password-hash-test \ tcrypt-compat-test \ luks1-compat-test \ - device-test + device-test \ + keyring-test \ + keyring-compat-test \ + luks2-validation-test \ + luks2-integrity-test \ + vectors-test \ + blockwise-compat \ + bitlk-compat-test if VERITYSETUP TESTS += verity-compat-test endif if REENCRYPT -TESTS += reencryption-compat-test +TESTS += reencryption-compat-test reencryption-compat-test2 luks2-reencryption-test +endif + +if INTEGRITYSETUP +TESTS += integrity-compat-test endif -EXTRA_DIST = compatimage.img.bz2 compatv10image.img.bz2 \ - img_fs_ext4.img.bz2 img_fs_vfat.img.bz2 img_fs_xfs.img.bz2 \ - valid_header_file.bz2 \ - evil_hdr-payload_overwrite.bz2 \ - evil_hdr-stripes_payload_dmg.bz2 \ - evil_hdr-luks_hdr_damage.bz2 \ - evil_hdr-small_luks_device.bz2 \ - tcrypt-images.tar.bz2 \ - luks1-images.tar.bz2 \ - compat-test loopaes-test align-test discards-test mode-test password-hash-test \ - verity-compat-test \ +EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \ + compatimage2.img.xz \ + conversion_imgs.tar.xz \ + luks2_keyslot_unassigned.img.xz \ + img_fs_ext4.img.xz img_fs_vfat.img.xz img_fs_xfs.img.xz \ + valid_header_file.xz \ + luks2_valid_hdr.img.xz \ + luks2_header_requirements.xz \ + luks2_header_requirements_free.xz \ + luks2_mda_images.tar.xz \ + evil_hdr-payload_overwrite.xz \ + evil_hdr-stripes_payload_dmg.xz \ + evil_hdr-luks_hdr_damage.xz \ + evil_hdr-small_luks_device.xz \ + evil_hdr-keyslot_overlap.xz \ + tcrypt-images.tar.xz \ + luks1-images.tar.xz \ + 00modules-test \ + compat-test \ + compat-test2 \ + loopaes-test align-test discards-test mode-test password-hash-test \ + align-test2 verity-compat-test \ reencryption-compat-test \ + reencryption-compat-test2 \ + luks2-reencryption-test \ tcrypt-compat-test \ luks1-compat-test \ + luks2-validation-test generators \ + luks2-integrity-test \ device-test \ - cryptsetup-valg-supps valg.sh valg-api.sh + keyring-test \ + keyring-compat-test \ + integrity-compat-test \ + cryptsetup-valg-supps valg.sh valg-api.sh \ + blockwise-compat \ + blkid-luks2-pv.img.xz \ + Makefile.localtest \ + bitlk-compat-test \ + bitlk-images.tar.xz -CLEANFILES = cryptsetup-tst* valglog* +CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log clean-local: - -rm -rf tcrypt-images luks1-images + -rm -rf tcrypt-images luks1-images luks2-images bitlk-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp differ_SOURCES = differ.c differ_CFLAGS = $(AM_CFLAGS) -Wall -O2 -api_test_SOURCES = api-test.c $(top_srcdir)/lib/utils_loop.c -api_test_LDADD = ../lib/libcryptsetup.la +api_test_SOURCES = api-test.c api_test.h test_utils.c +api_test_LDADD = $(LDADD) ../libcryptsetup.la api_test_LDFLAGS = $(AM_LDFLAGS) -static api_test_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1 api_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h -check_PROGRAMS = api-test differ +api_test_2_SOURCES = api-test-2.c api_test.h test_utils.c +api_test_2_LDADD = $(LDADD) ../libcryptsetup.la +api_test_2_LDFLAGS = $(AM_LDFLAGS) -static +api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1 +api_test_2_CPPFLAGS = $(AM_CPPFLAGS) -include config.h + +vectors_test_SOURCES = crypto-vectors.c +vectors_test_LDADD = ../libcrypto_backend.la @CRYPTO_LIBS@ @LIBARGON2_LIBS@ +vectors_test_LDFLAGS = $(AM_LDFLAGS) -static +vectors_test_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib/crypto_backend/ @CRYPTO_CFLAGS@ +vectors_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h + +unit_utils_io_SOURCES = unit-utils-io.c +unit_utils_io_LDADD = ../libutils_io.la +unit_utils_io_LDFLAGS = $(AM_LDFLAGS) -static +unit_utils_io_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib +unit_utils_io_CPPFLAGS = $(AM_CPPFLAGS) -include config.h + +check_PROGRAMS = api-test api-test-2 differ vectors-test unit-utils-io + +conversion_imgs: + @tar xJf conversion_imgs.tar.xz compatimage.img: - @bzip2 -k -d compatimage.img.bz2 + @xz -k -d compatimage.img.xz -valgrind-check: api-test differ - @VALG=1 ./compat-test +valgrind-check: api-test api-test-2 differ + @VALG=1 ./compat-test2 + @VALG=1 ./luks2-validation-test + @VALG=1 ./verity-compat-test + @VALG=1 ./integrity-compat-test @INFOSTRING="api-test-000" ./valg-api.sh ./api-test + @INFOSTRING="api-test-002" ./valg-api.sh ./api-test-2 + @VALG=1 ./luks2-reencryption-test + @VALG=1 ./compat-test .PHONY: valgrind-check diff --git a/tests/Makefile.in b/tests/Makefile.in index bdfc0c0..19c0000 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -77,34 +87,39 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -TESTS = api-test$(EXEEXT) compat-test loopaes-test align-test \ +TESTS = 00modules-test api-test$(EXEEXT) api-test-2$(EXEEXT) \ + compat-test compat-test2 loopaes-test align-test align-test2 \ discards-test mode-test password-hash-test tcrypt-compat-test \ - luks1-compat-test device-test $(am__append_1) $(am__append_2) + luks1-compat-test device-test keyring-test keyring-compat-test \ + luks2-validation-test luks2-integrity-test \ + vectors-test$(EXEEXT) blockwise-compat bitlk-compat-test \ + $(am__append_1) $(am__append_2) $(am__append_3) @VERITYSETUP_TRUE@am__append_1 = verity-compat-test -@REENCRYPT_TRUE@am__append_2 = reencryption-compat-test -check_PROGRAMS = api-test$(EXEEXT) differ$(EXEEXT) +@REENCRYPT_TRUE@am__append_2 = reencryption-compat-test reencryption-compat-test2 luks2-reencryption-test +@INTEGRITYSETUP_TRUE@am__append_3 = integrity-compat-test +check_PROGRAMS = api-test$(EXEEXT) api-test-2$(EXEEXT) differ$(EXEEXT) \ + vectors-test$(EXEEXT) unit-utils-io$(EXEEXT) subdir = tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am_api_test_OBJECTS = api_test-api-test.$(OBJEXT) \ - api_test-utils_loop.$(OBJEXT) + api_test-test_utils.$(OBJEXT) api_test_OBJECTS = $(am_api_test_OBJECTS) -api_test_DEPENDENCIES = ../lib/libcryptsetup.la +api_test_DEPENDENCIES = ../libcryptsetup.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -112,12 +127,31 @@ am__v_lt_1 = api_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(api_test_CFLAGS) \ $(CFLAGS) $(api_test_LDFLAGS) $(LDFLAGS) -o $@ +am_api_test_2_OBJECTS = api_test_2-api-test-2.$(OBJEXT) \ + api_test_2-test_utils.$(OBJEXT) +api_test_2_OBJECTS = $(am_api_test_2_OBJECTS) +api_test_2_DEPENDENCIES = ../libcryptsetup.la +api_test_2_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(api_test_2_CFLAGS) \ + $(CFLAGS) $(api_test_2_LDFLAGS) $(LDFLAGS) -o $@ am_differ_OBJECTS = differ-differ.$(OBJEXT) differ_OBJECTS = $(am_differ_OBJECTS) differ_LDADD = $(LDADD) differ_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(differ_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_unit_utils_io_OBJECTS = unit_utils_io-unit-utils-io.$(OBJEXT) +unit_utils_io_OBJECTS = $(am_unit_utils_io_OBJECTS) +unit_utils_io_DEPENDENCIES = ../libutils_io.la +unit_utils_io_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(unit_utils_io_CFLAGS) \ + $(CFLAGS) $(unit_utils_io_LDFLAGS) $(LDFLAGS) -o $@ +am_vectors_test_OBJECTS = vectors_test-crypto-vectors.$(OBJEXT) +vectors_test_OBJECTS = $(am_vectors_test_OBJECTS) +vectors_test_DEPENDENCIES = ../libcrypto_backend.la +vectors_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(vectors_test_CFLAGS) \ + $(CFLAGS) $(vectors_test_LDFLAGS) $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -132,7 +166,14 @@ am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/api_test-api-test.Po \ + ./$(DEPDIR)/api_test-test_utils.Po \ + ./$(DEPDIR)/api_test_2-api-test-2.Po \ + ./$(DEPDIR)/api_test_2-test_utils.Po \ + ./$(DEPDIR)/differ-differ.Po \ + ./$(DEPDIR)/unit_utils_io-unit-utils-io.Po \ + ./$(DEPDIR)/vectors_test-crypto-vectors.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -152,8 +193,11 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(api_test_SOURCES) $(differ_SOURCES) -DIST_SOURCES = $(api_test_SOURCES) $(differ_SOURCES) +SOURCES = $(api_test_SOURCES) $(api_test_2_SOURCES) $(differ_SOURCES) \ + $(unit_utils_io_SOURCES) $(vectors_test_SOURCES) +DIST_SOURCES = $(api_test_SOURCES) $(api_test_2_SOURCES) \ + $(differ_SOURCES) $(unit_utils_io_SOURCES) \ + $(vectors_test_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -200,6 +244,7 @@ am__tty_colors = { \ std=''; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -209,6 +254,8 @@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BLKID_CFLAGS = @BLKID_CFLAGS@ +BLKID_LIBS = @BLKID_LIBS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -218,6 +265,9 @@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ CYGPATH_W = @CYGPATH_W@ +DEFAULT_LUKS2_LOCK_DIR_PERMS = @DEFAULT_LUKS2_LOCK_DIR_PERMS@ +DEFAULT_LUKS2_LOCK_PATH = @DEFAULT_LUKS2_LOCK_PATH@ +DEFAULT_TMPFILESDIR = @DEFAULT_TMPFILESDIR@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ @@ -233,6 +283,7 @@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -243,8 +294,12 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +JSON_C_CFLAGS = @JSON_C_CFLAGS@ +JSON_C_LIBS = @JSON_C_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBARGON2_CFLAGS = @LIBARGON2_CFLAGS@ +LIBARGON2_LIBS = @LIBARGON2_LIBS@ LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ @@ -260,6 +315,7 @@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -285,6 +341,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PASSWDQC_LIBS = @PASSWDQC_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ @@ -294,13 +351,6 @@ POSUB = @POSUB@ PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ PWQUALITY_LIBS = @PWQUALITY_LIBS@ PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -311,6 +361,7 @@ UUID_LIBS = @UUID_LIBS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -352,46 +403,82 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemd_tmpfilesdir = @systemd_tmpfilesdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = compatimage.img.bz2 compatv10image.img.bz2 \ - img_fs_ext4.img.bz2 img_fs_vfat.img.bz2 img_fs_xfs.img.bz2 \ - valid_header_file.bz2 \ - evil_hdr-payload_overwrite.bz2 \ - evil_hdr-stripes_payload_dmg.bz2 \ - evil_hdr-luks_hdr_damage.bz2 \ - evil_hdr-small_luks_device.bz2 \ - tcrypt-images.tar.bz2 \ - luks1-images.tar.bz2 \ - compat-test loopaes-test align-test discards-test mode-test password-hash-test \ - verity-compat-test \ +EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \ + compatimage2.img.xz \ + conversion_imgs.tar.xz \ + luks2_keyslot_unassigned.img.xz \ + img_fs_ext4.img.xz img_fs_vfat.img.xz img_fs_xfs.img.xz \ + valid_header_file.xz \ + luks2_valid_hdr.img.xz \ + luks2_header_requirements.xz \ + luks2_header_requirements_free.xz \ + luks2_mda_images.tar.xz \ + evil_hdr-payload_overwrite.xz \ + evil_hdr-stripes_payload_dmg.xz \ + evil_hdr-luks_hdr_damage.xz \ + evil_hdr-small_luks_device.xz \ + evil_hdr-keyslot_overlap.xz \ + tcrypt-images.tar.xz \ + luks1-images.tar.xz \ + 00modules-test \ + compat-test \ + compat-test2 \ + loopaes-test align-test discards-test mode-test password-hash-test \ + align-test2 verity-compat-test \ reencryption-compat-test \ + reencryption-compat-test2 \ + luks2-reencryption-test \ tcrypt-compat-test \ luks1-compat-test \ + luks2-validation-test generators \ + luks2-integrity-test \ device-test \ - cryptsetup-valg-supps valg.sh valg-api.sh - -CLEANFILES = cryptsetup-tst* valglog* + keyring-test \ + keyring-compat-test \ + integrity-compat-test \ + cryptsetup-valg-supps valg.sh valg-api.sh \ + blockwise-compat \ + blkid-luks2-pv.img.xz \ + Makefile.localtest \ + bitlk-compat-test \ + bitlk-images.tar.xz + +CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log differ_SOURCES = differ.c differ_CFLAGS = $(AM_CFLAGS) -Wall -O2 -api_test_SOURCES = api-test.c $(top_srcdir)/lib/utils_loop.c -api_test_LDADD = ../lib/libcryptsetup.la +api_test_SOURCES = api-test.c api_test.h test_utils.c +api_test_LDADD = $(LDADD) ../libcryptsetup.la api_test_LDFLAGS = $(AM_LDFLAGS) -static api_test_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1 api_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h +api_test_2_SOURCES = api-test-2.c api_test.h test_utils.c +api_test_2_LDADD = $(LDADD) ../libcryptsetup.la +api_test_2_LDFLAGS = $(AM_LDFLAGS) -static +api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1 +api_test_2_CPPFLAGS = $(AM_CPPFLAGS) -include config.h +vectors_test_SOURCES = crypto-vectors.c +vectors_test_LDADD = ../libcrypto_backend.la @CRYPTO_LIBS@ @LIBARGON2_LIBS@ +vectors_test_LDFLAGS = $(AM_LDFLAGS) -static +vectors_test_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib/crypto_backend/ @CRYPTO_CFLAGS@ +vectors_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h +unit_utils_io_SOURCES = unit-utils-io.c +unit_utils_io_LDADD = ../libutils_io.la +unit_utils_io_LDFLAGS = $(AM_LDFLAGS) -static +unit_utils_io_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib +unit_utils_io_CPPFLAGS = $(AM_CPPFLAGS) -include config.h all: all-am .SUFFIXES: @@ -408,14 +495,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -440,37 +526,62 @@ api-test$(EXEEXT): $(api_test_OBJECTS) $(api_test_DEPENDENCIES) $(EXTRA_api_test @rm -f api-test$(EXEEXT) $(AM_V_CCLD)$(api_test_LINK) $(api_test_OBJECTS) $(api_test_LDADD) $(LIBS) +api-test-2$(EXEEXT): $(api_test_2_OBJECTS) $(api_test_2_DEPENDENCIES) $(EXTRA_api_test_2_DEPENDENCIES) + @rm -f api-test-2$(EXEEXT) + $(AM_V_CCLD)$(api_test_2_LINK) $(api_test_2_OBJECTS) $(api_test_2_LDADD) $(LIBS) + differ$(EXEEXT): $(differ_OBJECTS) $(differ_DEPENDENCIES) $(EXTRA_differ_DEPENDENCIES) @rm -f differ$(EXEEXT) $(AM_V_CCLD)$(differ_LINK) $(differ_OBJECTS) $(differ_LDADD) $(LIBS) +unit-utils-io$(EXEEXT): $(unit_utils_io_OBJECTS) $(unit_utils_io_DEPENDENCIES) $(EXTRA_unit_utils_io_DEPENDENCIES) + @rm -f unit-utils-io$(EXEEXT) + $(AM_V_CCLD)$(unit_utils_io_LINK) $(unit_utils_io_OBJECTS) $(unit_utils_io_LDADD) $(LIBS) + +vectors-test$(EXEEXT): $(vectors_test_OBJECTS) $(vectors_test_DEPENDENCIES) $(EXTRA_vectors_test_DEPENDENCIES) + @rm -f vectors-test$(EXEEXT) + $(AM_V_CCLD)$(vectors_test_LINK) $(vectors_test_OBJECTS) $(vectors_test_LDADD) $(LIBS) + mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test-api-test.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test-utils_loop.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/differ-differ.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test-api-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test-test_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test_2-api-test-2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test_2-test_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/differ-differ.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit_utils_io-unit-utils-io.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vectors_test-crypto-vectors.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< @@ -489,19 +600,47 @@ api_test-api-test.obj: api-test.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-api-test.obj `if test -f 'api-test.c'; then $(CYGPATH_W) 'api-test.c'; else $(CYGPATH_W) '$(srcdir)/api-test.c'; fi` -api_test-utils_loop.o: $(top_srcdir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-utils_loop.o -MD -MP -MF $(DEPDIR)/api_test-utils_loop.Tpo -c -o api_test-utils_loop.o `test -f '$(top_srcdir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_srcdir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-utils_loop.Tpo $(DEPDIR)/api_test-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_srcdir)/lib/utils_loop.c' object='api_test-utils_loop.o' libtool=no @AMDEPBACKSLASH@ +api_test-test_utils.o: test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-test_utils.o -MD -MP -MF $(DEPDIR)/api_test-test_utils.Tpo -c -o api_test-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-test_utils.Tpo $(DEPDIR)/api_test-test_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test-test_utils.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c + +api_test-test_utils.obj: test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-test_utils.obj -MD -MP -MF $(DEPDIR)/api_test-test_utils.Tpo -c -o api_test-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-test_utils.Tpo $(DEPDIR)/api_test-test_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test-test_utils.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi` + +api_test_2-api-test-2.o: api-test-2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-api-test-2.o -MD -MP -MF $(DEPDIR)/api_test_2-api-test-2.Tpo -c -o api_test_2-api-test-2.o `test -f 'api-test-2.c' || echo '$(srcdir)/'`api-test-2.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-api-test-2.Tpo $(DEPDIR)/api_test_2-api-test-2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api-test-2.c' object='api_test_2-api-test-2.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-api-test-2.o `test -f 'api-test-2.c' || echo '$(srcdir)/'`api-test-2.c + +api_test_2-api-test-2.obj: api-test-2.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-api-test-2.obj -MD -MP -MF $(DEPDIR)/api_test_2-api-test-2.Tpo -c -o api_test_2-api-test-2.obj `if test -f 'api-test-2.c'; then $(CYGPATH_W) 'api-test-2.c'; else $(CYGPATH_W) '$(srcdir)/api-test-2.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-api-test-2.Tpo $(DEPDIR)/api_test_2-api-test-2.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api-test-2.c' object='api_test_2-api-test-2.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-utils_loop.o `test -f '$(top_srcdir)/lib/utils_loop.c' || echo '$(srcdir)/'`$(top_srcdir)/lib/utils_loop.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-api-test-2.obj `if test -f 'api-test-2.c'; then $(CYGPATH_W) 'api-test-2.c'; else $(CYGPATH_W) '$(srcdir)/api-test-2.c'; fi` -api_test-utils_loop.obj: $(top_srcdir)/lib/utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-utils_loop.obj -MD -MP -MF $(DEPDIR)/api_test-utils_loop.Tpo -c -o api_test-utils_loop.obj `if test -f '$(top_srcdir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_srcdir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/lib/utils_loop.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-utils_loop.Tpo $(DEPDIR)/api_test-utils_loop.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(top_srcdir)/lib/utils_loop.c' object='api_test-utils_loop.obj' libtool=no @AMDEPBACKSLASH@ +api_test_2-test_utils.o: test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-test_utils.o -MD -MP -MF $(DEPDIR)/api_test_2-test_utils.Tpo -c -o api_test_2-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-test_utils.Tpo $(DEPDIR)/api_test_2-test_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test_2-test_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-utils_loop.obj `if test -f '$(top_srcdir)/lib/utils_loop.c'; then $(CYGPATH_W) '$(top_srcdir)/lib/utils_loop.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/lib/utils_loop.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c + +api_test_2-test_utils.obj: test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-test_utils.obj -MD -MP -MF $(DEPDIR)/api_test_2-test_utils.Tpo -c -o api_test_2-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-test_utils.Tpo $(DEPDIR)/api_test_2-test_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test_2-test_utils.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi` differ-differ.o: differ.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(differ_CFLAGS) $(CFLAGS) -MT differ-differ.o -MD -MP -MF $(DEPDIR)/differ-differ.Tpo -c -o differ-differ.o `test -f 'differ.c' || echo '$(srcdir)/'`differ.c @@ -517,6 +656,34 @@ differ-differ.obj: differ.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(differ_CFLAGS) $(CFLAGS) -c -o differ-differ.obj `if test -f 'differ.c'; then $(CYGPATH_W) 'differ.c'; else $(CYGPATH_W) '$(srcdir)/differ.c'; fi` +unit_utils_io-unit-utils-io.o: unit-utils-io.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -MT unit_utils_io-unit-utils-io.o -MD -MP -MF $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo -c -o unit_utils_io-unit-utils-io.o `test -f 'unit-utils-io.c' || echo '$(srcdir)/'`unit-utils-io.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo $(DEPDIR)/unit_utils_io-unit-utils-io.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unit-utils-io.c' object='unit_utils_io-unit-utils-io.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -c -o unit_utils_io-unit-utils-io.o `test -f 'unit-utils-io.c' || echo '$(srcdir)/'`unit-utils-io.c + +unit_utils_io-unit-utils-io.obj: unit-utils-io.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -MT unit_utils_io-unit-utils-io.obj -MD -MP -MF $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo -c -o unit_utils_io-unit-utils-io.obj `if test -f 'unit-utils-io.c'; then $(CYGPATH_W) 'unit-utils-io.c'; else $(CYGPATH_W) '$(srcdir)/unit-utils-io.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo $(DEPDIR)/unit_utils_io-unit-utils-io.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unit-utils-io.c' object='unit_utils_io-unit-utils-io.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -c -o unit_utils_io-unit-utils-io.obj `if test -f 'unit-utils-io.c'; then $(CYGPATH_W) 'unit-utils-io.c'; else $(CYGPATH_W) '$(srcdir)/unit-utils-io.c'; fi` + +vectors_test-crypto-vectors.o: crypto-vectors.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -MT vectors_test-crypto-vectors.o -MD -MP -MF $(DEPDIR)/vectors_test-crypto-vectors.Tpo -c -o vectors_test-crypto-vectors.o `test -f 'crypto-vectors.c' || echo '$(srcdir)/'`crypto-vectors.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/vectors_test-crypto-vectors.Tpo $(DEPDIR)/vectors_test-crypto-vectors.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto-vectors.c' object='vectors_test-crypto-vectors.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -c -o vectors_test-crypto-vectors.o `test -f 'crypto-vectors.c' || echo '$(srcdir)/'`crypto-vectors.c + +vectors_test-crypto-vectors.obj: crypto-vectors.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -MT vectors_test-crypto-vectors.obj -MD -MP -MF $(DEPDIR)/vectors_test-crypto-vectors.Tpo -c -o vectors_test-crypto-vectors.obj `if test -f 'crypto-vectors.c'; then $(CYGPATH_W) 'crypto-vectors.c'; else $(CYGPATH_W) '$(srcdir)/crypto-vectors.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/vectors_test-crypto-vectors.Tpo $(DEPDIR)/vectors_test-crypto-vectors.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto-vectors.c' object='vectors_test-crypto-vectors.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -c -o vectors_test-crypto-vectors.obj `if test -f 'crypto-vectors.c'; then $(CYGPATH_W) 'crypto-vectors.c'; else $(CYGPATH_W) '$(srcdir)/crypto-vectors.c'; fi` + mostlyclean-libtool: -rm -f *.lo @@ -668,7 +835,10 @@ check-TESTS: $(TESTS) test "$$failed" -eq 0; \ else :; fi -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -741,7 +911,13 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool clean-local \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/api_test-api-test.Po + -rm -f ./$(DEPDIR)/api_test-test_utils.Po + -rm -f ./$(DEPDIR)/api_test_2-api-test-2.Po + -rm -f ./$(DEPDIR)/api_test_2-test_utils.Po + -rm -f ./$(DEPDIR)/differ-differ.Po + -rm -f ./$(DEPDIR)/unit_utils_io-unit-utils-io.Po + -rm -f ./$(DEPDIR)/vectors_test-crypto-vectors.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -787,7 +963,13 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/api_test-api-test.Po + -rm -f ./$(DEPDIR)/api_test-test_utils.Po + -rm -f ./$(DEPDIR)/api_test_2-api-test-2.Po + -rm -f ./$(DEPDIR)/api_test_2-test_utils.Po + -rm -f ./$(DEPDIR)/differ-differ.Po + -rm -f ./$(DEPDIR)/unit_utils_io-unit-utils-io.Po + -rm -f ./$(DEPDIR)/vectors_test-crypto-vectors.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -808,29 +990,40 @@ uninstall-am: .MAKE: check-am install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-checkPROGRAMS clean-generic clean-libtool clean-local \ - cscopelist-am ctags ctags-am distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ + check-am clean clean-checkPROGRAMS clean-generic clean-libtool \ + clean-local cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile clean-local: - -rm -rf tcrypt-images luks1-images + -rm -rf tcrypt-images luks1-images luks2-images bitlk-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp + +conversion_imgs: + @tar xJf conversion_imgs.tar.xz compatimage.img: - @bzip2 -k -d compatimage.img.bz2 + @xz -k -d compatimage.img.xz -valgrind-check: api-test differ - @VALG=1 ./compat-test +valgrind-check: api-test api-test-2 differ + @VALG=1 ./compat-test2 + @VALG=1 ./luks2-validation-test + @VALG=1 ./verity-compat-test + @VALG=1 ./integrity-compat-test @INFOSTRING="api-test-000" ./valg-api.sh ./api-test + @INFOSTRING="api-test-002" ./valg-api.sh ./api-test-2 + @VALG=1 ./luks2-reencryption-test + @VALG=1 ./compat-test .PHONY: valgrind-check diff --git a/tests/Makefile.localtest b/tests/Makefile.localtest new file mode 100644 index 0000000..29a62f3 --- /dev/null +++ b/tests/Makefile.localtest @@ -0,0 +1,30 @@ +# +# Makefile to run tests with system binaries +# USE: make -f Makefile.localtest tests CRYPTSETUP_PATH=/sbin +# +CPPFLAGS=-I../lib/ -I../lib/luks1 -DHAVE_DECL_DM_TASK_RETRY_REMOVE -DKERNEL_KEYRING -DHAVE_SYS_SYSMACROS_H -DNO_CRYPTSETUP_PATH +CFLAGS=-O2 -g -Wall +LDLIBS=-lcryptsetup -ldevmapper +TESTS=$(wildcard *-test *-test2) api-test api-test-2 + +differ: differ.o + $(CC) -o $@ $^ + +api-test: api-test.o test_utils.o + $(CC) -o $@ $^ $(LDLIBS) + +api-test-2: api-test-2.o test_utils.o + $(CC) -o $@ $^ $(LDLIBS) + +tests: differ $(TESTS) + @for test in $(sort $(TESTS)); do \ + echo [$$test]; \ + ./$$test; \ + [ $$? -ne 77 -a $$? -ne 0 ] && exit 1; \ + true; \ + done; + +clean: + rm -f *.o differ api-test api-test-2 + +.PHONY: clean diff --git a/tests/align-test b/tests/align-test index c6de95d..ac3af88 100755 --- a/tests/align-test +++ b/tests/align-test @@ -1,11 +1,14 @@ #!/bin/bash -CRYPTSETUP="../src/cryptsetup" +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup DEV="" DEV_STACKED="luks0xbabe" +DEV_NAME="dummyalign" MNT_DIR="./mnt_luks" PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" +FAST_PBKDF="--pbkdf-force-iterations 1000" cleanup() { udevadm settle >/dev/null 2>&1 @@ -13,14 +16,19 @@ cleanup() { umount -f $MNT_DIR 2>/dev/null rmdir $MNT_DIR 2>/dev/null fi - [ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove $DEV_STACKED >/dev/null 2>&1 + [ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove --retry $DEV_STACKED >/dev/null 2>&1 + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1 + # FIXME scsi_debug sometimes in-use here + sleep 1 rmmod scsi_debug 2>/dev/null - sleep 2 + sleep 1 } fail() { - if [ -n "$1" ] ; then echo "FAIL $1" ; else echo "FAIL" ; fi + if [ -n "$1" ] ; then echo "FAIL $1" ; fi + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done cleanup exit 100 } @@ -32,11 +40,34 @@ skip() exit 0 } +function dm_crypt_features() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + VER_PTC=$(echo $VER_STR | cut -f 3 -d.) + + [ $VER_MAJ -lt 1 ] && return + [ $VER_MAJ -gt 1 ] && { + DM_PERF_CPU=1 + DM_SECTOR_SIZE=1 + return + } + + [ $VER_MIN -lt 14 ] && return + DM_PERF_CPU=1 + if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then + DM_SECTOR_SIZE=1 + fi +} + add_device() { - modprobe scsi_debug $@ + modprobe scsi_debug $@ delay=0 if [ $? -ne 0 ] ; then echo "This kernel seems to not support proper scsi_debug module, test skipped." - exit 0 + exit 77 fi sleep 2 @@ -45,7 +76,7 @@ add_device() { if [ ! -e /sys/block/$DEV/alignment_offset ] ; then echo "This kernel seems to not support topology info, test skipped." cleanup - exit 0 + exit 77 fi DEV="/dev/$DEV" @@ -56,12 +87,16 @@ format() # key_bits expected [forced] { if [ -z "$3" ] ; then echo -n "Formatting using topology info ($1 bits key)..." - echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c aes-cbc-essiv:sha256 -s $1 + echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $DEV -q $FAST_PBKDF -c aes-cbc-essiv:sha256 -s $1 || fail else echo -n "Formatting using forced sector alignment $3 ($1 bits key)..." - echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -s $1 -c aes-cbc-essiv:sha256 --align-payload=$2 + echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $DEV -q $FAST_PBKDF -s $1 -c aes-cbc-essiv:sha256 --align-payload=$3 ||fail fi + # check the device can be activated + echo $PWD1 | $CRYPTSETUP luksOpen $DEV $DEV_NAME || fail + $CRYPTSETUP close $DEV_NAME || fail + ALIGN=$($CRYPTSETUP luksDump $DEV |grep "Payload offset" | sed -e s/.*\\t//) #echo "ALIGN = $ALIGN" @@ -69,7 +104,7 @@ format() # key_bits expected [forced] [ $ALIGN -ne $2 ] && fail "Expected alignment differs: expected $2 != detected $ALIGN" # test some operation, just in case - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1 + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --key-slot 1 [ $? -ne 0 ] && fail "Keyslot add failed." $CRYPTSETUP -q luksKillSlot $DEV 1 @@ -87,18 +122,22 @@ format_null() { if [ $3 -eq 0 ] ; then echo -n "Formatting using topology info ($1 bits key) [slot 0" - echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1 + echo | $CRYPTSETUP luksFormat --type luks1 $DEV -q $FAST_PBKDF -c null -s $1 || fail else echo -n "Formatting using forced sector alignment $3 ($1 bits key) [slot 0" - echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1 --align-payload=$3 + echo | $CRYPTSETUP luksFormat --type luks1 $DEV -q $FAST_PBKDF -c null -s $1 --align-payload=$3 || fail fi + # check the device can be activated + echo | $CRYPTSETUP luksOpen $DEV $DEV_NAME || fail + $CRYPTSETUP close $DEV_NAME || fail + POFF=$(get_offsets "Payload offset") [ -z "$POFF" ] && fail [ $POFF != $2 ] && fail "Expected data offset differs: expected $2 != detected $POFF" if [ -n "$4" ] ; then for j in 1 2 3 4 5 6 7 ; do - echo -e "$PWD1\n$PWD2$j" | $CRYPTSETUP luksAddKey $DEV -q -i1 --key-slot $j -c null $PARAMS + echo -e "\n" | $CRYPTSETUP luksAddKey $DEV -q $FAST_PBKDF --key-slot $j -c null $PARAMS echo -n $j [ $? -ne 0 ] && fail done @@ -111,21 +150,56 @@ format_null() echo "]...PASSED" } +format_plain() # sector size +{ + echo -n "Formatting plain device (sector size $1)..." + if [ -n "$DM_SECTOR_SIZE" ] ; then + echo $PWD1 | $CRYPTSETUP open --type plain --hash sha256 --sector-size $1 $DEV $DEV_NAME || fail + $CRYPTSETUP close $DEV_NAME || fail + echo "PASSED" + else + echo "N/A" + fi +} + +format_plain_fail() # sector size +{ + echo -n "Formatting plain device (sector size $1, must fail)..." + if [ -n "$DM_SECTOR_SIZE" ] ; then + echo $PWD1 | $CRYPTSETUP open --type plain --hash sha256 --sector-size $1 $DEV $DEV_NAME >/dev/null 2>&1 && fail + echo "PASSED" + else + echo "N/A" + fi +} + if [ $(id -u) != 0 ]; then echo "WARNING: You must be root to run this test, test skipped." - exit 0 + exit 77 fi -modprobe --dry-run scsi_debug || exit 0 +dm_crypt_features +modprobe --dry-run scsi_debug || exit 77 cleanup echo "# Create desktop-class 4K drive" echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0)" add_device dev_size_mb=16 sector_size=512 physblk_exp=3 num_tgts=1 format 256 4096 -format 256 2112 8 +format 256 2056 8 +format 128 2048 +format 128 1032 8 +format 256 8192 8192 +format 128 8192 8192 +cleanup + +echo "# Create desktop-class 4K drive with misaligned opt-io (some bad USB enclosures)" +echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0, opt-io=1025)" +add_device dev_size_mb=16 sector_size=512 physblk_exp=3 num_tgts=1 opt_blks=1025 +format 256 4096 +format 256 2056 8 format 128 2048 -format 128 1088 8 +format 128 1032 8 format 256 8192 8192 format 128 8192 8192 cleanup @@ -134,18 +208,18 @@ echo "# Create desktop-class 4K drive w/ 63-sector DOS partition compensation" echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=3584)" add_device dev_size_mb=16 sector_size=512 physblk_exp=3 lowest_aligned=7 num_tgts=1 format 256 4103 -format 256 2119 8 +format 256 2056 8 format 128 2055 -format 128 1095 8 +format 128 1032 8 cleanup echo "# Create enterprise-class 4K drive" echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)" -add_device dev_size_mb=16 sector_size=4096 num_tgts=1 +add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64 format 256 4096 -format 256 2560 8 +format 256 2056 8 format 128 2048 -format 128 1536 8 +format 128 1032 8 cleanup echo "# Create classic 512B drive and stack dm-linear" @@ -155,12 +229,32 @@ DEV2=$DEV DEV=/dev/mapper/$DEV_STACKED dmsetup create $DEV_STACKED --table "0 32768 linear $DEV2 0" format 256 4096 -format 256 2112 8 +format 256 2056 8 format 128 2048 -format 128 1088 8 +format 128 1032 8 format 128 8192 8192 cleanup +echo "# Create classic 512B drive and stack dm-linear (plain mode)" +add_device dev_size_mb=16 sector_size=512 num_tgts=1 +DEV2=$DEV +DEV=/dev/mapper/$DEV_STACKED +dmsetup create $DEV_STACKED --table "0 32768 linear $DEV2 0" +format_plain 512 +format_plain 1024 +format_plain 2048 +format_plain 4096 +format_plain_fail 1111 +format_plain_fail 8192 +echo "# Create classic 512B drive, unaligned to 4096 and stack dm-linear (plain mode)" +dmsetup remove --retry $DEV_STACKED >/dev/null 2>&1 +dmsetup create $DEV_STACKED --table "0 32762 linear $DEV2 0" +format_plain 512 +format_plain 1024 +format_plain_fail 2048 +format_plain_fail 4096 +cleanup + echo "# Offset check: 512B sector drive" add_device dev_size_mb=16 sector_size=512 num_tgts=1 # |k| expO reqO expected slot offsets @@ -187,7 +281,7 @@ format_null 512 4096 2048 cleanup echo "# Offset check: 4096B sector drive" -add_device dev_size_mb=16 sector_size=4096 num_tgts=1 +add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64 format_null 64 2048 0 8:72:136:200:264:328:392:456 format_null 64 520 1 format_null 64 520 8 @@ -213,14 +307,14 @@ cleanup echo "# Create enterprise-class 4K drive with fs and LUKS images." # loop device here presents 512 block but images have 4k block # cryptsetup should properly use 4k block on direct-io -add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1 -for file in $(ls img_fs_*.img.bz2) ; do +add_device dev_size_mb=32 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64 +for file in $(ls img_fs_*.img.xz) ; do echo "Format using fs image $file." - bzip2 -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image" + xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image" [ ! -d $MNT_DIR ] && mkdir $MNT_DIR mount $DEV $MNT_DIR || skip "Mounting image is not available." - echo $PWD1 | $CRYPTSETUP luksFormat -i 1 $MNT_DIR/luks.img || fail - echo $PWD2 | $CRYPTSETUP luksFormat -i 1 $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail + echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 --key-size 256 $FAST_PBKDF $MNT_DIR/luks.img || fail + echo $PWD2 | $CRYPTSETUP luksFormat --type luks1 --key-size 256 $FAST_PBKDF $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail umount $MNT_DIR done cleanup diff --git a/tests/align-test2 b/tests/align-test2 new file mode 100755 index 0000000..f1b387e --- /dev/null +++ b/tests/align-test2 @@ -0,0 +1,342 @@ +#!/bin/bash + +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +DEV="" +DEV_STACKED="luks0xbabe" +DEV_NAME="dummyalign" +MNT_DIR="./mnt_luks" +PWD1="93R4P4pIqAH8" +PWD2="mymJeD8ivEhE" +FAST_PBKDF="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" + +cleanup() { + udevadm settle >/dev/null 2>&1 + if [ -d "$MNT_DIR" ] ; then + umount -f $MNT_DIR 2>/dev/null + rmdir $MNT_DIR 2>/dev/null + fi + [ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove --retry $DEV_STACKED >/dev/null 2>&1 + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1 + # FIXME scsi_debug sometimes in-use here + sleep 1 + rmmod scsi_debug 2>/dev/null + sleep 1 +} + +fail() +{ + if [ -n "$1" ] ; then echo "FAIL $1" ; fi + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + cleanup + exit 100 +} + +skip() +{ + echo "TEST SKIPPED: $1" + cleanup + exit 0 +} + +function dm_crypt_features() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + VER_PTC=$(echo $VER_STR | cut -f 3 -d.) + + [ $VER_MAJ -lt 1 ] && return + [ $VER_MAJ -gt 1 ] && { + DM_PERF_CPU=1 + DM_SECTOR_SIZE=1 + return + } + + [ $VER_MIN -lt 14 ] && return + DM_PERF_CPU=1 + if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then + DM_SECTOR_SIZE=1 + fi +} + +add_device() { + modprobe scsi_debug $@ delay=0 + if [ $? -ne 0 ] ; then + echo "This kernel seems to not support proper scsi_debug module, test skipped." + exit 77 + fi + + sleep 2 + DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) + + if [ ! -e /sys/block/$DEV/alignment_offset ] ; then + echo "This kernel seems to not support topology info, test skipped." + cleanup + exit 77 + fi + + DEV="/dev/$DEV" + [ -b $DEV ] || fail "Cannot find $DEV." +} + +format() # expected [forced] [encryption_sector_size] +{ + local _sec_size=512 + + local _exp=$1 + + if [ "${2:0:1}" = "s" ]; then + _sec_size=${2:1} + shift + fi + + test "${3:0:1}" = "s" && _sec_size=${3:1} + + test $_sec_size -eq 512 || local _smsg=" (encryption sector size $_sec_size)" + + if [ -z "$2" ] ; then + echo -n "Formatting using topology info$_smsg..." + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q -c aes-cbc-essiv:sha256 --sector-size $_sec_size >/dev/null || fail + else + echo -n "Formatting using forced sector alignment $2$_smsg..." + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q -c aes-cbc-essiv:sha256 --align-payload=$2 --sector-size $_sec_size >/dev/null || fail + fi + + # check the device can be activated + if [ -n "$DM_SECTOR_SIZE" ] ; then + echo $PWD1 | $CRYPTSETUP luksOpen $DEV $DEV_NAME || fail + $CRYPTSETUP close $DEV_NAME || fail + fi + + ALIGN=$($CRYPTSETUP luksDump $DEV | tee /tmp/last_dump | grep -A1 "0: crypt" | grep "offset:" | cut -d ' ' -f2) + # echo "ALIGN = $ALIGN" + + [ -z "$ALIGN" ] && fail + ALIGN=$((ALIGN/512)) + [ $ALIGN -ne $_exp ] && fail "Expected alignment differs: expected $_exp != detected $ALIGN" + + # test some operation, just in case + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --key-slot 1 + [ $? -ne 0 ] && fail "Keyslot add failed." + + $CRYPTSETUP -q luksKillSlot $DEV 1 + [ $? -ne 0 ] && fail "Keyslot removal failed." + + echo "PASSED" +} + +format_fail() # expected [forced] [encryption_sector_size] +{ + local _sec_size=512 + + local _exp=$1 + + if [ "${2:0:1}" = "s" ]; then + _sec_size=${2:1} + shift + fi + + test "${3:0:1}" = "s" && _sec_size=${3:1} + + test $_sec_size -eq 512 || local _smsg=" (encryption sector size $_sec_size)" + + if [ -z "$2" ] ; then + echo -n "Formatting using topology info$_smsg (must fail)..." + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q -c aes-cbc-essiv:sha256 --sector-size $_sec_size >/dev/null 2>&1 && fail + else + echo -n "Formatting using forced sector alignment $2$_smsg (must fail)..." + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q -c aes-cbc-essiv:sha256 --align-payload=$2 --sector-size $_sec_size >/dev/null 2>&1 && fail + fi + + echo "PASSED" +} + +if [ $(id -u) != 0 ]; then + echo "WARNING: You must be root to run this test, test skipped." + exit 77 +fi + +dm_crypt_features +modprobe --dry-run scsi_debug || exit 77 +cleanup + +add_device dev_size_mb=32 +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q >/dev/null || fail +EXPCT=$($CRYPTSETUP luksDump $DEV | grep "offset: " | cut -f 2 -d ' ') +test "$EXPCT" -gt 512 || fail +EXPCT=$((EXPCT/512)) +echo "Default alignment detected: $EXPCT sectors" +cleanup + +echo "# Create desktop-class 4K drive" +echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0)" +add_device dev_size_mb=32 sector_size=512 physblk_exp=3 num_tgts=1 +format $EXPCT +format $EXPCT s1024 +format $EXPCT s2048 +format $EXPCT s4096 +format $EXPCT 1 +format $EXPCT 1 s1024 +format $EXPCT 1 s2048 +format $EXPCT 1 s4096 +format $EXPCT 8 +format $EXPCT 8 s1024 +format $EXPCT 8 s2048 +format $EXPCT 8 s4096 +format $((EXPCT+1)) $((EXPCT+1)) +format_fail $((EXPCT+1)) $((EXPCT+1)) s1024 +format_fail $((EXPCT+1)) $((EXPCT+1)) s2048 +format_fail $((EXPCT+1)) $((EXPCT+1)) s4096 +format $EXPCT $EXPCT +format $EXPCT $EXPCT s1024 +format $EXPCT $EXPCT s2048 +format $EXPCT $EXPCT s4096 +cleanup + +echo "# Create desktop-class 4K drive with misaligned opt-io (some bad USB enclosures)" +echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0, opt-io=1025)" +add_device dev_size_mb=32 sector_size=512 physblk_exp=3 num_tgts=1 opt_blks=1025 +format $EXPCT +format $EXPCT s1024 +format $EXPCT s2048 +format $EXPCT s4096 +format $EXPCT 1 +format $EXPCT 1 s1024 +format $EXPCT 1 s2048 +format $EXPCT 1 s4096 +format $EXPCT 8 +format $EXPCT 8 s1024 +format $EXPCT 8 s2048 +format $EXPCT 8 s4096 +format $((EXPCT+1)) $((EXPCT+1)) +format_fail $((EXPCT+1)) $((EXPCT+1)) s1024 +format_fail $((EXPCT+1)) $((EXPCT+1)) s2048 +format_fail $((EXPCT+1)) $((EXPCT+1)) s4096 +format $EXPCT $EXPCT +format $EXPCT $EXPCT s1024 +format $EXPCT $EXPCT s2048 +format $EXPCT $EXPCT s4096 +cleanup + +echo "# Create desktop-class 4K drive w/ 1-sector shift (original bug report)" +echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=512)" +add_device dev_size_mb=32 sector_size=512 physblk_exp=3 lowest_aligned=1 num_tgts=1 +format $((EXPCT+1)) +format_fail $((EXPCT+1)) s1024 +format_fail $((EXPCT+1)) s2048 +format_fail $((EXPCT+1)) s4096 +format $EXPCT 1 +format $EXPCT 1 s1024 +format $EXPCT 1 s2048 +format $EXPCT 1 s4096 +format $EXPCT 8 +format $EXPCT 8 s1024 +format $EXPCT 8 s2048 +format $EXPCT 8 s4096 +format $((EXPCT+1)) $((EXPCT+1)) +format_fail $((EXPCT+1)) $((EXPCT+1)) s1024 +format_fail $((EXPCT+1)) $((EXPCT+1)) s2048 +format_fail $((EXPCT+1)) $((EXPCT+1)) s4096 +format $EXPCT $EXPCT +format $EXPCT $EXPCT s1024 +format $EXPCT $EXPCT s2048 +format $EXPCT $EXPCT s4096 +cleanup + +echo "# Create desktop-class 4K drive w/ 63-sector DOS partition compensation" +echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=3584)" +add_device dev_size_mb=32 sector_size=512 physblk_exp=3 lowest_aligned=7 num_tgts=1 +format $((EXPCT+7)) +format_fail $((EXPCT+7)) s1024 +format_fail $((EXPCT+7)) s2048 +format_fail $((EXPCT+7)) s4096 +format $EXPCT 1 +format $EXPCT 1 s1024 +format $EXPCT 1 s2048 +format $EXPCT 1 s4096 +format $EXPCT 8 +format $EXPCT 8 s1024 +format $EXPCT 8 s2048 +format $EXPCT 8 s4096 +format $((EXPCT+1)) $((EXPCT+1)) +format_fail $((EXPCT+1)) $((EXPCT+1)) s1024 +format_fail $((EXPCT+1)) $((EXPCT+1)) s2048 +format_fail $((EXPCT+1)) $((EXPCT+1)) s4096 +format $EXPCT $EXPCT +format $EXPCT $EXPCT s1024 +format $EXPCT $EXPCT s2048 +format $EXPCT $EXPCT s4096 +cleanup + +echo "# Create enterprise-class 4K drive" +echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)" +add_device dev_size_mb=32 sector_size=4096 num_tgts=1 opt_blks=64 +format $EXPCT +format $EXPCT s1024 +format $EXPCT s2048 +format $EXPCT s4096 +format $EXPCT 1 +format $EXPCT 1 s1024 +format $EXPCT 1 s2048 +format $EXPCT 1 s4096 +format $EXPCT 8 +format $EXPCT 8 s1024 +format $EXPCT 8 s2048 +format $EXPCT 8 s4096 +#FIXME: kernel limits issue? +##format $((EXPCT+1)) $((EXPCT+1)) +format_fail $((EXPCT+1)) $((EXPCT+1)) s1024 +format_fail $((EXPCT+1)) $((EXPCT+1)) s2048 +format_fail $((EXPCT+1)) $((EXPCT+1)) s4096 +format $EXPCT $EXPCT +format $EXPCT $EXPCT s1024 +format $EXPCT $EXPCT s2048 +format $EXPCT $EXPCT s4096 +cleanup + +echo "# Create classic 512B drive and stack dm-linear" +echo "# (logical_block_size=512, physical_block_size=512, alignment_offset=0)" +add_device dev_size_mb=32 sector_size=512 num_tgts=1 +DEV2=$DEV +DEV=/dev/mapper/$DEV_STACKED +dmsetup create $DEV_STACKED --table "0 65536 linear $DEV2 0" +format $EXPCT +format $EXPCT s1024 +format $EXPCT s2048 +format $EXPCT s4096 +format $EXPCT 1 +format $EXPCT 1 s1024 +format $EXPCT 1 s2048 +format $EXPCT 1 s4096 +format $EXPCT 8 +format $EXPCT 8 s1024 +format $EXPCT 8 s2048 +format $EXPCT 8 s4096 +format $((EXPCT+1)) $((EXPCT+1)) +format_fail $((EXPCT+1)) $((EXPCT+1)) s1024 +format_fail $((EXPCT+1)) $((EXPCT+1)) s2048 +format_fail $((EXPCT+1)) $((EXPCT+1)) s4096 +format $EXPCT $EXPCT +format $EXPCT $EXPCT s1024 +format $EXPCT $EXPCT s2048 +format $EXPCT $EXPCT s4096 +cleanup + +echo "# Create enterprise-class 4K drive with fs and LUKS images." +# loop device here presents 512 block but images have 4k block +# cryptsetup should properly use 4k block on direct-io +add_device dev_size_mb=32 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64 +for file in $(ls img_fs_*.img.xz) ; do + echo "Format using fs image $file." + xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image" + [ ! -d $MNT_DIR ] && mkdir $MNT_DIR + mount $DEV $MNT_DIR || skip "Mounting image is not available." + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --offset 8192 || fail + echo $PWD2 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail + umount $MNT_DIR +done +cleanup diff --git a/tests/api-test-2.c b/tests/api-test-2.c new file mode 100644 index 0000000..8386c08 --- /dev/null +++ b/tests/api-test-2.c @@ -0,0 +1,4443 @@ +/* + * cryptsetup library LUKS2 API check functions + * + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz + * Copyright (C) 2016-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef KERNEL_KEYRING +#include +#include +#ifndef HAVE_KEY_SERIAL_T +#define HAVE_KEY_SERIAL_T +#include +typedef int32_t key_serial_t; +#endif +#endif + +#include "api_test.h" +#include "luks.h" +#include "libcryptsetup.h" + +#define DMDIR "/dev/mapper/" + +#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b" +#define DEVICE_EMPTY_name "crypt_zero" +#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name +#define DEVICE_ERROR_name "crypt_error" +#define DEVICE_ERROR DMDIR DEVICE_ERROR_name + +#define CDEVICE_1 "ctest1" +#define CDEVICE_2 "ctest2" +#define CDEVICE_WRONG "O_o" +#define H_DEVICE "head_ok" +#define H_DEVICE_WRONG "head_wr" +#define L_DEVICE_1S "luks_onesec" +#define L_DEVICE_0S "luks_zerosec" +#define L_DEVICE_WRONG "luks_wr" +#define L_DEVICE_OK "luks_ok" +#define REQS_LUKS2_HEADER "luks2_header_requirements" +#define NO_REQS_LUKS2_HEADER "luks2_header_requirements_free" +#define BACKUP_FILE "csetup_backup_file" +#define IMAGE1 "compatimage2.img" +#define IMAGE_EMPTY "empty.img" +#define IMAGE_EMPTY_SMALL "empty_small.img" +#define IMAGE_EMPTY_SMALL_2 "empty_small2.img" +#define IMAGE_PV_LUKS2_SEC "blkid-luks2-pv.img" + +#define KEYFILE1 "key1.file" +#define KEY1 "compatkey" + +#define KEYFILE2 "key2.file" +#define KEY2 "0123456789abcdef" + +#define PASSPHRASE "blabla" +#define PASSPHRASE1 "albalb" + +#define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc" + +#define DEVICE_WRONG "/dev/Ooo_" +#define DEVICE_CHAR "/dev/zero" +#define THE_LFILE_TEMPLATE "cryptsetup-tstlp.XXXXXX" + +#define KEY_DESC_TEST0 "cs_token_test:test_key0" +#define KEY_DESC_TEST1 "cs_token_test:test_key1" + +#define CONV_DIR "conversion_imgs" +#define CONV_L1_128 "l1_128b" +#define CONV_L1_256 "l1_256b" +#define CONV_L1_512 "l1_512b" +#define CONV_L2_128 "l2_128b" +#define CONV_L2_128_FULL "l2_128b_full" +#define CONV_L2_256 "l2_256b" +#define CONV_L2_256_FULL "l2_256b_full" +#define CONV_L2_512 "l2_512b" +#define CONV_L2_512_FULL "l2_512b_full" +#define CONV_L1_128_DET "l1_128b_det" +#define CONV_L1_256_DET "l1_256b_det" +#define CONV_L1_512_DET "l1_512b_det" +#define CONV_L2_128_DET "l2_128b_det" +#define CONV_L2_128_DET_FULL "l2_128b_det_full" +#define CONV_L2_256_DET "l2_256b_det" +#define CONV_L2_256_DET_FULL "l2_256b_det_full" +#define CONV_L2_512_DET "l2_512b_det" +#define CONV_L2_512_DET_FULL "l2_512b_det_full" +#define CONV_L1_256_LEGACY "l1_256b_legacy_offset" +#define CONV_L1_256_UNMOVABLE "l1_256b_unmovable" +#define PASS0 "aaa" +#define PASS1 "hhh" +#define PASS2 "ccc" +#define PASS3 "ddd" +#define PASS4 "eee" +#define PASS5 "fff" +#define PASS6 "ggg" +#define PASS7 "bbb" +#define PASS8 "iii" + +/* Allow to run without config.h */ +#ifndef DEFAULT_LUKS1_HASH + #define DEFAULT_LUKS1_HASH "sha256" + #define DEFAULT_LUKS1_ITER_TIME 2000 + #define DEFAULT_LUKS2_ITER_TIME 2000 + #define DEFAULT_LUKS2_MEMORY_KB 1048576 + #define DEFAULT_LUKS2_PARALLEL_THREADS 4 + #define DEFAULT_LUKS2_PBKDF "argon2i" +#endif + +static int _fips_mode = 0; + +static char *DEVICE_1 = NULL; +static char *DEVICE_2 = NULL; +static char *DEVICE_3 = NULL; +static char *DEVICE_4 = NULL; +static char *DEVICE_5 = NULL; +static char *DEVICE_6 = NULL; + +static char *tmp_file_1 = NULL; +static char *test_loop_file = NULL; + +unsigned int test_progress_steps; + +struct crypt_device *cd = NULL, *cd2 = NULL; + +// Helpers + +static unsigned cpus_online(void) +{ + static long r = -1; + + if (r < 0) { + r = sysconf(_SC_NPROCESSORS_ONLN); + if (r < 0) + r = 1; + } + + return r; +} + +static uint32_t adjusted_pbkdf_memory(void) +{ + long pagesize = sysconf(_SC_PAGESIZE); + long pages = sysconf(_SC_PHYS_PAGES); + uint64_t memory_kb; + + if (pagesize <= 0 || pages <= 0) + return DEFAULT_LUKS2_MEMORY_KB; + + memory_kb = pagesize / 1024 * pages / 2; + + if (memory_kb < DEFAULT_LUKS2_MEMORY_KB) + return (uint32_t)memory_kb; + + return DEFAULT_LUKS2_MEMORY_KB; +} + +static unsigned _min(unsigned a, unsigned b) +{ + return a < b ? a : b; +} + +static int get_luks2_offsets(int metadata_device, + unsigned int alignpayload_sec, + unsigned int sector_size, + uint64_t *r_header_size, + uint64_t *r_payload_offset) +{ + struct crypt_device *cd = NULL; + static uint64_t default_header_size = 0; + + if (!default_header_size) { + if (crypt_init(&cd, THE_LOOP_DEV)) + return -EINVAL; + if (crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL)) { + crypt_free(cd); + return -EINVAL; + } + + default_header_size = crypt_get_data_offset(cd); + + crypt_free(cd); + } + + if (!sector_size) + sector_size = 512; /* default? */ + + if ((sector_size % 512) && (sector_size % 4096)) + return -1; + + if (r_payload_offset) { + if (metadata_device) + *r_payload_offset = DIV_ROUND_UP_MODULO(default_header_size * 512, (alignpayload_sec ?: 1) * sector_size); + else + *r_payload_offset = alignpayload_sec * sector_size; + + *r_payload_offset /= sector_size; + } + + if (r_header_size) + *r_header_size = default_header_size; + + return 0; +} + +static void _remove_keyfiles(void) +{ + remove(KEYFILE1); + remove(KEYFILE2); +} + +#if HAVE_DECL_DM_TASK_RETRY_REMOVE +#define DM_RETRY "--retry " +#else +#define DM_RETRY "" +#endif + +#define DM_NOSTDERR " 2>/dev/null" + +static void _cleanup_dmdevices(void) +{ + struct stat st; + + if (!stat(DMDIR H_DEVICE, &st)) + _system("dmsetup remove " DM_RETRY H_DEVICE DM_NOSTDERR, 0); + + if (!stat(DMDIR H_DEVICE_WRONG, &st)) + _system("dmsetup remove " DM_RETRY H_DEVICE_WRONG DM_NOSTDERR, 0); + + if (!stat(DMDIR L_DEVICE_0S, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_0S DM_NOSTDERR, 0); + + if (!stat(DMDIR L_DEVICE_1S, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_1S DM_NOSTDERR, 0); + + if (!stat(DMDIR L_DEVICE_WRONG, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_WRONG DM_NOSTDERR, 0); + + if (!stat(DMDIR L_DEVICE_OK, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_OK DM_NOSTDERR, 0); + + t_dev_offset = 0; +} + +static void _cleanup(void) +{ + struct stat st; + + CRYPT_FREE(cd); + CRYPT_FREE(cd2); + + //_system("udevadm settle", 0); + + if (!stat(DMDIR CDEVICE_1, &st)) + _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0); + + if (!stat(DMDIR CDEVICE_2, &st)) + _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0); + + if (!stat(DEVICE_EMPTY, &st)) + _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0); + + if (!stat(DEVICE_ERROR, &st)) + _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0); + + _cleanup_dmdevices(); + + if (loop_device(THE_LOOP_DEV)) + loop_detach(THE_LOOP_DEV); + + if (loop_device(DEVICE_1)) + loop_detach(DEVICE_1); + + if (loop_device(DEVICE_2)) + loop_detach(DEVICE_2); + + if (loop_device(DEVICE_3)) + loop_detach(DEVICE_3); + + if (loop_device(DEVICE_4)) + loop_detach(DEVICE_4); + + if (loop_device(DEVICE_5)) + loop_detach(DEVICE_5); + + if (loop_device(DEVICE_6)) + loop_detach(DEVICE_6); + + _system("rm -f " IMAGE_EMPTY, 0); + _system("rm -f " IMAGE1, 0); + _system("rm -rf " CONV_DIR, 0); + + if (test_loop_file) + remove(test_loop_file); + if (tmp_file_1) + remove(tmp_file_1); + + remove(REQS_LUKS2_HEADER); + remove(NO_REQS_LUKS2_HEADER); + remove(BACKUP_FILE); + remove(IMAGE_PV_LUKS2_SEC); + remove(IMAGE_PV_LUKS2_SEC ".bcp"); + remove(IMAGE_EMPTY_SMALL); + remove(IMAGE_EMPTY_SMALL_2); + + _remove_keyfiles(); + + free(tmp_file_1); + free(test_loop_file); + free(THE_LOOP_DEV); + free(DEVICE_1); + free(DEVICE_2); + free(DEVICE_3); + free(DEVICE_4); + free(DEVICE_5); + free(DEVICE_6); +} + +static int _setup(void) +{ + int fd, ro = 0; + char cmd[128]; + + test_loop_file = strdup(THE_LFILE_TEMPLATE); + if ((fd=mkstemp(test_loop_file)) == -1) { + printf("cannot create temporary file with template %s\n", test_loop_file); + return 1; + } + close(fd); + snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null", + test_loop_file, SECTOR_SIZE, TST_LOOP_FILE_SIZE); + if (_system(cmd, 1)) + return 1; + + fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro); + close(fd); + + tmp_file_1 = strdup(THE_LFILE_TEMPLATE); + if ((fd=mkstemp(tmp_file_1)) == -1) { + printf("cannot create temporary file with template %s\n", tmp_file_1); + return 1; + } + close(fd); + snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null", + tmp_file_1, SECTOR_SIZE, 10); + if (_system(cmd, 1)) + return 1; + + _system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1); + _system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1); + + _system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1); + fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro); + close(fd); + + _system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=32 2>/dev/null", 1); + fd = loop_attach(&DEVICE_2, IMAGE_EMPTY, 0, 0, &ro); + close(fd); + + _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL " bs=1M count=7 2>/dev/null", 1); + + _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1); + + _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && xz -dk " NO_REQS_LUKS2_HEADER ".xz", 1); + fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro); + close(fd); + + _system(" [ ! -e " REQS_LUKS2_HEADER " ] && xz -dk " REQS_LUKS2_HEADER ".xz", 1); + fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro); + close(fd); + + _system(" [ ! -e " IMAGE_PV_LUKS2_SEC " ] && xz -dk " IMAGE_PV_LUKS2_SEC ".xz", 1); + _system(" [ ! -e " IMAGE_PV_LUKS2_SEC ".bcp ] && cp " IMAGE_PV_LUKS2_SEC " " IMAGE_PV_LUKS2_SEC ".bcp", 1); + fd = loop_attach(&DEVICE_6, IMAGE_PV_LUKS2_SEC, 0, 0, &ro); + close(fd); + + _system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/null", 1); + + if (_system("modprobe dm-crypt", 1)) + return 1; + + if (t_dm_check_versions()) + return 1; + + _system("rmmod dm-crypt", 0); + + _fips_mode = fips_mode(); + if (_debug) + printf("FIPS MODE: %d\n", _fips_mode); + + /* Use default log callback */ + crypt_set_log_callback(NULL, &global_log_callback, NULL); + + return 0; +} + +#ifdef KERNEL_KEYRING +static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring) +{ + return syscall(__NR_add_key, type, description, payload, plen, keyring); +} + +static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring) +{ + return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring); +} + +static key_serial_t request_key(const char *type, + const char *description, + const char *callout_info, + key_serial_t keyring) +{ + return syscall(__NR_request_key, type, description, callout_info, keyring); +} + +static key_serial_t _kernel_key_by_segment(struct crypt_device *cd, int segment) +{ + char key_description[1024]; + + if (snprintf(key_description, sizeof(key_description), "cryptsetup:%s-d%u", crypt_get_uuid(cd), segment) < 1) + return -1; + + return request_key("logon", key_description, NULL, 0); +} + +static int _volume_key_in_keyring(struct crypt_device *cd, int segment) +{ + return _kernel_key_by_segment(cd, segment) >= 0 ? 0 : -1; +} + +static int _drop_keyring_key(struct crypt_device *cd, int segment) +{ + key_serial_t kid = _kernel_key_by_segment(cd, segment); + + if (kid < 0) + return -1; + + return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING); +} +#endif + +static int test_open(struct crypt_device *cd, + int token, + char **buffer, + size_t *buffer_len, + void *usrptr) +{ + const char *str = (const char *)usrptr; + + *buffer = strdup(str); + if (!*buffer) + return -ENOMEM; + *buffer_len = strlen(*buffer); + + return 0; +} + +static int test_validate(struct crypt_device *cd, const char *json) +{ + return (strstr(json, "magic_string") == NULL); +} + +static void UseLuks2Device(void) +{ + char key[128]; + size_t key_size; + + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); + OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open"); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device"); + +#if KERNEL_KEYRING + // repeat previous tests and check kernel keyring is released when not needed + if (t_dm_crypt_keyring_support()) { + OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); + FAIL_(_drop_keyring_key(cd, 0), ""); + OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), CRYPT_ACTIVATE_KEYRING_KEY)); + OK_(_drop_keyring_key(cd, 0)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); + OK_(_drop_keyring_key(cd, 0)); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open"); + FAIL_(_volume_key_in_keyring(cd, 0), ""); + OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + FAIL_(_volume_key_in_keyring(cd, 0), ""); + } +#endif + + key_size = 16; + OK_(strcmp("aes", crypt_get_cipher(cd))); + OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd))); + OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd))); + EQ_((int)key_size, crypt_get_volume_key_size(cd)); + EQ_(8192, crypt_get_data_offset(cd)); + + EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1))); + OK_(crypt_volume_key_verify(cd, key, key_size)); + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + key[1] = ~key[1]; + FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch"); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch"); + + CRYPT_FREE(cd); +} + +static void SuspendDevice(void) +{ + struct crypt_active_device cad; + char key[128]; + size_t key_size; + int suspend_status; + + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); + + suspend_status = crypt_suspend(cd, CDEVICE_1); + if (suspend_status == -ENOTSUP) { + printf("WARNING: Suspend/Resume not supported, skipping test.\n"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + return; + } + + OK_(suspend_status); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED); +#ifdef KERNEL_KEYRING + FAIL_(_volume_key_in_keyring(cd, 0), ""); +#endif + FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended"); + + FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key"); + OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1))); + FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended"); + + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED); + + OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); + OK_(crypt_suspend(cd, CDEVICE_1)); + FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile"); + FAIL_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key"); + OK_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0)); + FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + /* create LUKS device with detached header */ + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_set_data_device(cd, DEVICE_2)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); + CRYPT_FREE(cd); + + /* Should be able to suspend but not resume if not header specified */ + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + OK_(crypt_suspend(cd, CDEVICE_1)); + FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended"); + FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header"); + CRYPT_FREE(cd); + + OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_1)); + OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1))); + + /* Resume by volume key */ + OK_(crypt_suspend(cd, CDEVICE_1)); + key_size = sizeof(key); + memset(key, 0, key_size); + FAIL_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size), "wrong key"); + OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1))); + OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size)); + + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + _remove_keyfiles(); +} + +static void AddDeviceLuks2(void) +{ + enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 }; + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 4, + .max_memory_kb = 1024, + .time_ms = 1 + }, pbkdf_tmp; + struct crypt_params_luks2 params = { + .pbkdf = &pbkdf, + .data_device = DEVICE_2, + .sector_size = 512 + }; + char key[128], key2[128], key3[128]; + + const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd"; + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; + size_t key_size = strlen(mk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset, r_header_size, r_size_1; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + } + + crypt_decode_key(key, mk_hex, key_size); + crypt_decode_key(key3, mk_hex2, key_size); + + // init test devices + OK_(get_luks2_offsets(1, 0, 0, &r_header_size, &r_payload_offset)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1)); + + + // format + OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); + params.data_alignment = 0; + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Not enough space for keyslots material"); + CRYPT_FREE(cd); + + // test payload_offset = 0 for encrypted device with external header device + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_(crypt_get_data_offset(cd), 0); + CRYPT_FREE(cd); + + params.data_alignment = 0; + params.data_device = NULL; + + // test payload_offset = 0. format() should look up alignment offset from device topology + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(!(crypt_get_data_offset(cd) > 0)); + CRYPT_FREE(cd); + + // set_data_offset has priority, alignment must be 0 or must be compatible + params.data_alignment = 0; + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_set_data_offset(cd, OFFSET_8M)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_(crypt_get_data_offset(cd), OFFSET_8M); + CRYPT_FREE(cd); + + // Load gets the value from metadata + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_set_data_offset(cd, OFFSET_2M)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), OFFSET_8M); + CRYPT_FREE(cd); + + params.data_alignment = OFFSET_4M; + OK_(crypt_init(&cd, DEVICE_2)); + FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k + OK_(crypt_set_data_offset(cd, OFFSET_2M)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Alignment not compatible"); + OK_(crypt_set_data_offset(cd, OFFSET_4M)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_(crypt_get_data_offset(cd), OFFSET_4M); + CRYPT_FREE(cd); + + /* + * test limit values for backing device size + */ + params.data_alignment = OFFSET_4M; + OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); + OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1)); + + // 1 sector less than required + OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device too small"); + CRYPT_FREE(cd); + + // 0 sectors for encrypted area + OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Encrypted area too small"); + CRYPT_FREE(cd); + + // 1 sector for encrypted area + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_(crypt_get_data_offset(cd), r_payload_offset); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1)); + EQ_(r_size_1, SECTOR_SIZE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); + // restrict format only to empty context + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted"); + // change data device to wrong one + OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small"); + OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + params.data_alignment = 0; + params.data_device = DEVICE_2; + + // generate keyslot material at the end of luks header + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_((int)key_size, crypt_get_volume_key_size(cd)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7); + + OK_(crypt_keyslot_get_pbkdf(cd, 7, &pbkdf_tmp)); + OK_(strcmp(pbkdf_tmp.type, pbkdf.type)); + if (!_fips_mode) { + NULL_(pbkdf_tmp.hash); + OK_(!(pbkdf_tmp.max_memory_kb >= 32)); + OK_(!(pbkdf_tmp.parallel_threads >= 1)); + } else + OK_(strcmp(pbkdf_tmp.hash, pbkdf.hash)); + OK_(!(pbkdf_tmp.iterations >= 4)); + EQ_(0, pbkdf_tmp.time_ms); /* not usable in per-keyslot call */ + + CRYPT_FREE(cd); + OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + CRYPT_FREE(cd); + // check active status without header + OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + NULL_(crypt_get_type(cd)); + OK_(strcmp(cipher, crypt_get_cipher(cd))); + OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); + EQ_((int)key_size, crypt_get_volume_key_size(cd)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + params.data_alignment = OFFSET_1M; + params.data_device = NULL; + + // test uuid mismatch and _init_by_name_and_header + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + CRYPT_FREE(cd); + params.data_alignment = 0; + params.data_device = DEVICE_2; + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + CRYPT_FREE(cd); + // there we've got uuid mismatch + OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + NULL_(crypt_get_type(cd)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device is active"); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active"); + EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + params.data_device = NULL; + + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + + // even with no keyslots defined it can be activated by volume key + OK_(crypt_volume_key_verify(cd, key, key_size)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0)); + EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_2)); + + // now with keyslot + EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase))); + EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7)); + EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0)); + EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_2)); + + crypt_set_iteration_time(cd, 1); + EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1))); + OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); + OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2))); + EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0)); + FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2, 0, 1), "wrong key"); + EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE2, 0, 1)); + EQ_(4, crypt_keyslot_add_by_keyfile_offset(cd, 4, KEYFILE2, 0, 1, KEYFILE1, 0, 1)); + FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch"); + EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0)); + EQ_(3, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 1, 0)); + EQ_(4, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, 1, 0)); + FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2), 2, 0), "not enough data"); + FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, strlen(KEY2) + 1, 0), "cannot seek"); + FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 2, 0), "wrong key"); + EQ_(2, crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 0)); + OK_(crypt_keyslot_destroy(cd, 1)); + OK_(crypt_keyslot_destroy(cd, 2)); + OK_(crypt_keyslot_destroy(cd, 3)); + OK_(crypt_keyslot_destroy(cd, 4)); + OK_(crypt_deactivate(cd, CDEVICE_2)); + _remove_keyfiles(); + + FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used"); + key[1] = ~key[1]; + FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch"); + key[1] = ~key[1]; + EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase))); + EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6)); + + FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot"); + FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot"); + FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used"); + OK_(crypt_keyslot_destroy(cd, 7)); + EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7)); + EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6)); + + EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2))); + EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7)); + EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0)); + EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase))); + + EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase))); + OK_(crypt_volume_key_verify(cd, key2, key_size)); + OK_(memcmp(key, key2, key_size)); + + OK_(strcmp(cipher, crypt_get_cipher(cd))); + OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); + EQ_((int)key_size, crypt_get_volume_key_size(cd)); + EQ_(r_payload_offset, crypt_get_data_offset(cd)); + OK_(strcmp(DEVICE_2, crypt_get_device_name(cd))); + + reset_log(); + OK_(crypt_dump(cd)); + OK_(!(global_lines != 0)); + reset_log(); + + FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format"); + OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID)); + OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd))); + + FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active"); + CRYPT_FREE(cd); + _cleanup_dmdevices(); + + /* LUKSv2 format tests */ + + /* very basic test */ + OK_(crypt_init(&cd, DEVICE_2)); + crypt_set_iteration_time(cd, 1); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 0, NULL), "Wrong key size"); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL)); + CRYPT_FREE(cd); + /* some invalid parameters known to cause troubles */ + OK_(crypt_init(&cd, DEVICE_2)); + crypt_set_iteration_time(cd, 0); /* wrong for argon2 but we don't know the pbkdf type yet, ignored */ + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DEVICE_2)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DEVICE_2)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, NULL)); + FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest"); + FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest"); + CRYPT_FREE(cd); + + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 3); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0"); + CRYPT_FREE(cd); + + /* + * Check regression in getting keyslot encryption parameters when + * volume key size is unknown (no active keyslots). + */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); + /* drop context copy of volume key */ + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); + OK_(crypt_keyslot_destroy(cd, 0)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void Luks2MetadataSize(void) +{ + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 1, + .max_memory_kb = 128, + .iterations = 4, + .flags = CRYPT_PBKDF_NO_BENCHMARK + }; + struct crypt_params_luks2 params = { + .pbkdf = &pbkdf, + .data_device = DEVICE_2, + .sector_size = 512 + }; + char key[128], tmp[128]; + + const char *passphrase = "blabla"; + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + size_t key_size = strlen(mk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_header_size, default_mdata_size, default_keyslots_size, mdata_size, + keyslots_size, r_header_wrong_size = 14336; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + pbkdf.iterations = 1000; + } + + crypt_decode_key(key, mk_hex, key_size); + + // init test devices + OK_(get_luks2_offsets(1, 0, 0, &r_header_size, NULL)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_wrong_size)); /* 7 MiBs only */ + //default metadata sizes + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, 0); + EQ_(keyslots_size, 0); + OK_(crypt_set_metadata_size(cd, 0, 0)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, 0); + EQ_(keyslots_size, 0); + OK_(crypt_set_metadata_size(cd, 0x004000, 0x004000)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, 0x004000); + EQ_(keyslots_size, 0x004000); + OK_(crypt_set_metadata_size(cd, 0x008000, 0x008000)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, 0x008000); + EQ_(keyslots_size, 0x008000); + FAIL_(crypt_set_metadata_size(cd, 0x008001, 0x008000), "Wrong size"); + FAIL_(crypt_set_metadata_size(cd, 0x008000, 0x008001), "Wrong size"); + CRYPT_FREE(cd); + + // metadata settings + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_set_metadata_size(cd, 0x080000, 0x080000)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, 0x080000); + EQ_(keyslots_size, 0x080000); + CRYPT_FREE(cd); + // default + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_get_metadata_size(cd, &default_mdata_size, &default_keyslots_size)); + EQ_(default_mdata_size, 0x04000); + EQ_(default_keyslots_size, (r_header_size * 512) - 2 * 0x04000); + CRYPT_FREE(cd); + // check keyslots size calculation is correct + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_set_metadata_size(cd, 0x80000, 0)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, 0x80000); + EQ_(keyslots_size, (r_header_size * 512) - 2 * 0x80000); + CRYPT_FREE(cd); + + // various metadata size checks combined with data offset + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size + 4096)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small."); + OK_(crypt_set_metadata_size(cd, 0x20000, (r_header_size * 512) - 2 * 0x20000 + 4096)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small."); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_set_metadata_size(cd, 0x80000, 0)); + OK_(crypt_set_data_offset(cd, 0x80000 / 512 - 8)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Data offset is too small."); + CRYPT_FREE(cd); + + // H_DEVICE_WRONG size is 7MiB + OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, default_mdata_size); + EQ_(keyslots_size, (r_header_wrong_size * 512) - 2 * default_mdata_size); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); + OK_(crypt_set_metadata_size(cd, 0x400000, 0)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small."); + CRYPT_FREE(cd); + + // IMAGE_EMPTY_SMALL size is 7MiB but now it's regulare file + OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, default_mdata_size); + EQ_(keyslots_size, default_keyslots_size); + EQ_(crypt_get_data_offset(cd), 0); + CRYPT_FREE(cd); + + sprintf(tmp, "truncate -s %" PRIu64 " " IMAGE_EMPTY_SMALL, r_header_wrong_size * 512); + _system(tmp, 1); + + // check explicit keyslots size and data offset are respected even with regular file mdevice + OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL)); + OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size)); + OK_(crypt_set_data_offset(cd, r_header_size + 8)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, default_mdata_size); + EQ_(keyslots_size, default_keyslots_size); + EQ_(crypt_get_data_offset(cd), r_header_size + 8); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void UseTempVolumes(void) +{ + char tmp[256]; + + // Tepmporary device without keyslot but with on-disk LUKS header + OK_(crypt_init(&cd, DEVICE_2)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "not yet formatted"); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0)); + EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); + CRYPT_FREE(cd); + + OK_(crypt_init_by_name(&cd, CDEVICE_2)); + OK_(crypt_deactivate(cd, CDEVICE_2)); + CRYPT_FREE(cd); + + // Dirty checks: device without UUID + // we should be able to remove it but not manipulate with it + snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \"" + "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 " + "%s 2048\"", CDEVICE_2, DEVICE_2); + _system(tmp, 1); + OK_(crypt_init_by_name(&cd, CDEVICE_2)); + OK_(crypt_deactivate(cd, CDEVICE_2)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "No known device type"); + CRYPT_FREE(cd); + + // Dirty checks: device with UUID but LUKS header key fingerprint must fail) + snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \"" + "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 " + "%s 2048\" -u CRYPT-LUKS2-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-ctest1", + CDEVICE_2, DEVICE_2); + _system(tmp, 1); + OK_(crypt_init_by_name(&cd, CDEVICE_2)); + OK_(crypt_deactivate(cd, CDEVICE_2)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "wrong volume key"); + CRYPT_FREE(cd); + + // No slots + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "volume key is lost"); + CRYPT_FREE(cd); +} + +static void Luks2HeaderRestore(void) +{ + char key[128]; + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 4, + .max_memory_kb = 1024, + .time_ms = 1 + }; + struct crypt_params_luks2 params = { + .pbkdf = &pbkdf, + .data_alignment = 8192, // 4M, data offset will be 4096 + .sector_size = 512 + }; + struct crypt_params_plain pl_params = { + .hash = "sha1", + .skip = 0, + .offset = 0, + .size = 0 + }; + struct crypt_params_luks1 luks1 = { + .data_alignment = 8192, // 4M offset to pass alignment test + }; + uint32_t flags = 0; + + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + size_t key_size = strlen(mk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + } + + crypt_decode_key(key, mk_hex, key_size); + + OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000)); + + // do not restore header over plain device + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, &pl_params)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + FAIL_(crypt_header_restore(cd, CRYPT_PLAIN, NO_REQS_LUKS2_HEADER), "Cannot restore header to PLAIN type device"); + FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Cannot restore header over PLAIN type device"); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + // FIXME: does following test make a sense in LUKS2? + // volume key_size mismatch + // OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + // memcpy(key2, key, key_size / 2); + // OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key2, key_size / 2, ¶ms)); + // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Volume keysize mismatch"); + // CRYPT_FREE(cd); + + // payload offset mismatch + params.data_alignment = 8193; + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Payload offset mismatch"); + CRYPT_FREE(cd); + params.data_alignment = 4096; + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + // FIXME: either format has to fail or next line must be true + // EQ_(crypt_get_data_offset(cd), params.data_alignment); + // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Payload offset mismatch"); + CRYPT_FREE(cd); + + // do not allow restore over LUKS1 header on device + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &luks1)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "LUKS1 format detected"); + CRYPT_FREE(cd); + + /* check crypt_header_restore() properly loads crypt_device context */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL)); + OK_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER)); + /* check LUKS2 specific API call returns non-error code */ + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)); + EQ_(flags, 0); + /* same test, any LUKS */ + OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL)); + OK_(crypt_header_restore(cd, CRYPT_LUKS, NO_REQS_LUKS2_HEADER)); + /* check LUKS2 specific API call returns non-error code */ + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)); + EQ_(flags, 0); + + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void Luks2HeaderLoad(void) +{ + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 4, + .max_memory_kb = 1024, + .time_ms = 1 + }; + struct crypt_params_luks2 params = { + .pbkdf = &pbkdf, + .data_alignment = 8192, // 4M, data offset will be 4096 + .data_device = DEVICE_2, + .sector_size = 512 + }; + struct crypt_params_plain pl_params = { + .hash = "sha1", + .skip = 0, + .offset = 0, + .size = 0 + }; + char key[128], cmd[256]; + + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + size_t key_size = strlen(mk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset, r_header_size, img_size; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + } + + crypt_decode_key(key, mk_hex, key_size); + + // hardcoded values for existing image IMAGE1 + img_size = 8192; + // prepare test env + OK_(get_luks2_offsets(1, 0, 0, &r_header_size, &r_payload_offset)); + // external header device + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + // prepared header on a device too small to contain header and payload + //OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1)); + OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, img_size - 1)); + snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32 " count=%" PRIu64 " 2>/dev/null", params.sector_size, img_size - 1); + OK_(_system(cmd, 1)); + // some device + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000)); + // 1 sector device + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_header_size + 1)); + // 0 sectors device for payload + OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_header_size)); + + // valid metadata and device size + params.data_alignment = 0; + params.data_device = DMDIR L_DEVICE_OK; + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(!crypt_get_metadata_device_name(cd)); + EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + // repeat with init with two devices + OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + CRYPT_FREE(cd); + OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(!crypt_get_metadata_device_name(cd)); + EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0); + CRYPT_FREE(cd); + + // bad header: device too small (payloadOffset > device_size) + OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); + FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Device too small"); + NULL_(crypt_get_type(cd)); + CRYPT_FREE(cd); + + // 0 secs for encrypted data area + params.data_alignment = 8192; + params.data_device = NULL; + OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + CRYPT_FREE(cd); + // load should be ok + OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small"); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); + CRYPT_FREE(cd); + + // damaged header + OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8 2>/dev/null", 1)); + OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 seek=32 count=8 2>/dev/null", 1)); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Header not found"); + CRYPT_FREE(cd); + + // plain device + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + FAIL_(crypt_load(cd, CRYPT_PLAIN, NULL), "Can't load nonLUKS device type"); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, &pl_params)); + FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Can't load over nonLUKS device type"); + CRYPT_FREE(cd); + + //LUKSv2 device + OK_(crypt_init(&cd, DEVICE_4)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DEVICE_4)); + crypt_set_iteration_time(cd, 0); /* invalid for argon2 pbkdf, ignored */ + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + CRYPT_FREE(cd); + + /* check load sets proper device type */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + EQ_(strcmp(CRYPT_LUKS2, crypt_get_type(cd)), 0); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void Luks2HeaderBackup(void) +{ + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 4, + .max_memory_kb = 1024, + .time_ms = 1 + }; + struct crypt_params_luks2 params = { + .pbkdf = &pbkdf, + .data_alignment = 8192, // 4M, data offset will be 4096 + .data_device = DEVICE_2, + .sector_size = 512 + }; + char key[128]; + int fd, ro = O_RDONLY; + + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + size_t key_size = strlen(mk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset; + + const char *passphrase = PASSPHRASE; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + } + + crypt_decode_key(key, mk_hex, key_size); + + OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); + + // create LUKS device and backup the header + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0); + OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + // restore header from backup + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + // exercise luksOpen using backup header in file + OK_(crypt_init(&cd, BACKUP_FILE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, BACKUP_FILE)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + // exercise luksOpen using backup header on block device + fd = loop_attach(&DEVICE_3, BACKUP_FILE, 0, 0, &ro); + NOTFAIL_(fd, "Bad loop device."); + close(fd); + OK_(crypt_init(&cd, DEVICE_3)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DEVICE_3)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void ResizeDeviceLuks2(void) +{ + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 4, + .max_memory_kb = 1024, + .time_ms = 1 + }; + struct crypt_params_luks2 params = { + .pbkdf = &pbkdf, + .data_alignment = 8192, // 4M, data offset will be 4096 + .sector_size = 512 + }; + char key[128]; + + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + size_t key_size = strlen(mk_hex) / 2; + const char *cipher = "aes"; + const char *cipher_mode = "cbc-essiv:sha256"; + uint64_t r_payload_offset, r_header_size, r_size; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + } + + crypt_decode_key(key, mk_hex, key_size); + + // prepare env + OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset)); + OK_(get_luks2_offsets(1, 0, 0, &r_header_size, NULL)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000)); + OK_(create_dmdevice_over_loop(L_DEVICE_0S, 1000)); + OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 1000)); + + // test header and encrypted payload all in one device + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + // disable loading VKs in kernel keyring (compatible mode) + OK_(crypt_volume_key_keyring(cd, 0)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + OK_(crypt_resize(cd, CDEVICE_1, 0)); + OK_(crypt_resize(cd, CDEVICE_1, 42)); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(42, r_size >> SECTOR_SHIFT); + OK_(crypt_resize(cd, CDEVICE_1, 0)); + // autodetect encrypted device area size + OK_(crypt_resize(cd, CDEVICE_1, 0)); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(1000, r_size >> SECTOR_SHIFT); + FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small"); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(1000, r_size >> SECTOR_SHIFT); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + params.data_alignment = 0; + params.data_device = DMDIR L_DEVICE_0S; + // test case for external header + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + OK_(crypt_resize(cd, CDEVICE_1, 666)); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(666, r_size >> SECTOR_SHIFT); + // autodetect encrypted device size + OK_(crypt_resize(cd, CDEVICE_1, 0)); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(1000, r_size >> SECTOR_SHIFT); + FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small"); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(1000, r_size >> SECTOR_SHIFT); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + +#ifdef KERNEL_KEYRING + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + // enable loading VKs in kernel keyring (default mode) + OK_(crypt_volume_key_keyring(cd, 1)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + // erase volume key from kernel keyring + if (t_dm_crypt_keyring_support()) + OK_(_drop_keyring_key(cd, 0)); + else + FAIL_(_drop_keyring_key(cd, 0), "key not found"); + // same size is ok + OK_(crypt_resize(cd, CDEVICE_1, 0)); + // kernel fails to find the volume key in keyring + if (t_dm_crypt_keyring_support()) + FAIL_(crypt_resize(cd, CDEVICE_1, 42), "Unable to find volume key in keyring"); + else + OK_(crypt_resize(cd, CDEVICE_1, 42)); + // test mode must not load vk in keyring + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); + if (t_dm_crypt_keyring_support()) + FAIL_(crypt_resize(cd, CDEVICE_1, 44), "VK must be in keyring to perform resize"); + else + OK_(crypt_resize(cd, CDEVICE_1, 44)); + // reinstate the volume key in keyring + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); + OK_(crypt_resize(cd, CDEVICE_1, 43)); + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) + EQ_(43, r_size >> SECTOR_SHIFT); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + // check userspace gets hint volume key must be properly loaded in kernel keyring + if (t_dm_crypt_keyring_support()) + EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM); + else + OK_(crypt_resize(cd, CDEVICE_1, 0)); + CRYPT_FREE(cd); + + // same as above for handles initialised by name + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + if (t_dm_crypt_keyring_support()) + EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM); + else + OK_(crypt_resize(cd, CDEVICE_1, 0)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); +#endif + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, NULL, NULL)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + + /* create second LUKS2 device */ + OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); + OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, ¶ms)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); + /* do not allow resize of other device */ + FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context."); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd2); + + OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); + crypt_set_iteration_time(cd2, 1); + OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, NULL)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); + FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context."); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd2); + + OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); + OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, NULL)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); + FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context."); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd2); + + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void TokenActivationByKeyring(void) +{ +#ifdef KERNEL_KEYRING + key_serial_t kid, kid1; + struct crypt_active_device cad; + + const char *cipher = "aes"; + const char *cipher_mode = "xts-plain64"; + + const struct crypt_token_params_luks2_keyring params = { + .key_description = KEY_DESC_TEST0 + }, params2 = { + .key_description = KEY_DESC_TEST1 + }; + uint64_t r_payload_offset; + + if (!t_dm_crypt_keyring_support()) { + printf("WARNING: Kernel keyring not supported, skipping test.\n"); + return; + } + + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); + + // prepare the device + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_token_luks2_keyring_set(cd, 3, ¶ms), 3); + EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3); + CRYPT_FREE(cd); + + // test thread keyring key in token 0 + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), "already open"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); + + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_PROCESS_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + + // add token 1 with process keyring key + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_token_json_set(cd, 3, NULL), 3); + EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms), 1); + EQ_(crypt_token_assign_keyslot(cd, 1, 0), 1); + CRYPT_FREE(cd); + + // test process keyring key in token 1 + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 0); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), "already open"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING), "Test or kernel keyring are broken."); + + // create two tokens and let the cryptsetup unlock the volume with the valid one + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + + kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid1, "Test or kernel keyring are broken."); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_token_luks2_keyring_set(cd, 0, ¶ms), 0); + EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0); + EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms2), 1); + FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist"); + crypt_set_iteration_time(cd, 1); + EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1); + EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1); + CRYPT_FREE(cd); + + // activate by specific token + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0); + if (t_dm_crypt_keyring_support()) { + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY); + } + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); + + // activate by any token with token 0 having absent pass from keyring + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1); + if (t_dm_crypt_keyring_support()) { + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY); + } + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + + // replace pass for keyslot 0 making token 0 invalid + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_keyslot_destroy(cd, 0)); + crypt_set_iteration_time(cd, 1); + EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0); + CRYPT_FREE(cd); + + // activate by any token with token 0 having wrong pass for keyslot 0 + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + // create new device, with two tokens: + // 1st token being invalid (missing key in keyring) + // 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass) + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1); + EQ_(crypt_token_luks2_keyring_set(cd, 0, ¶ms), 0); + EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0); + EQ_(crypt_token_luks2_keyring_set(cd, 2, ¶ms2), 2); + EQ_(crypt_token_assign_keyslot(cd, 2, 1), 2); + CRYPT_FREE(cd); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); + + kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid1, "Test or kernel keyring are broken."); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + _cleanup_dmdevices(); +#else + printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n"); +#endif +} + +static void Tokens(void) +{ +#define TEST_TOKEN_JSON(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \ + "\"key_length\":32,\"a_field\":\"magic_string\"}" + +#define TEST_TOKEN_JSON_INVALID(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \ + "\"key_length\":32}" + +#define TEST_TOKEN1_JSON(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \ + "\"key_length\":32,\"a_field\":\"magic_string\"}" + +#define TEST_TOKEN1_JSON_INVALID(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \ + "\"key_length\":32}" + +#define BOGUS_TOKEN0_JSON "{\"type\":\"luks2-\",\"keyslots\":[]}" +#define BOGUS_TOKEN1_JSON "{\"type\":\"luks2-a\",\"keyslots\":[]}" + +#define LUKS2_KEYRING_TOKEN_JSON(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \ + "\"key_description\":" y "}" + +#define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \ + "\"key_description\":" y ", \"some_field\":\"some_value\"}" + + + const char *dummy; + const char *cipher = "aes"; + const char *cipher_mode = "xts-plain64"; + char passptr[] = PASSPHRASE; + char passptr1[] = PASSPHRASE1; + + static const crypt_token_handler th = { + .name = "test_token", + .open = test_open, + .validate = test_validate + }, th2 = { + .name = "test_token", + .open = test_open + }, th3 = { + .name = "test_token1", + .open = test_open, + .validate = test_validate + }, th_reserved = { + .name = "luks2-prefix", + .open = test_open + }; + + struct crypt_token_params_luks2_keyring params = { + .key_description = "desc" + }; + uint64_t r_payload_offset; + + OK_(crypt_token_register(&th)); + FAIL_(crypt_token_register(&th2), "Token handler with the name already registered."); + + FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix"); + + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); + + // basic token API tests + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID); + EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID); + EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_INACTIVE); + EQ_(crypt_token_status(cd, 31, NULL), CRYPT_TOKEN_INACTIVE); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1); + FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON_INVALID("\"0\"")), "Token validation failed"); + EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON("\"0\"")), 0); + EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_EXTERNAL); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), 0); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), "already active"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + // write invalid token and verify that validate() can detect it after handler being registered + EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON_INVALID("\"1\"")), 1); + EQ_(crypt_token_status(cd, 1, NULL), CRYPT_TOKEN_EXTERNAL_UNKNOWN); + EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON("\"1\"")), 2); + EQ_(crypt_token_status(cd, 2, &dummy), CRYPT_TOKEN_EXTERNAL_UNKNOWN); + OK_(strcmp(dummy, "test_token1")); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Unknown token handler"); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Unknown token handler"); + OK_(crypt_token_register(&th3)); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Token validation failed"); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + // test crypt_token_json_get returns correct token id + EQ_(crypt_token_json_get(cd, 2, &dummy), 2); + + // exercise assign/unassign keyslots API + EQ_(crypt_token_unassign_keyslot(cd, 2, 1), 2); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Token assigned to no keyslot"); + EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2); + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Wrong passphrase"); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_token_json_set(cd, 1, NULL), 1); + FAIL_(crypt_token_json_get(cd, 1, &dummy), "Token is not there"); + EQ_(crypt_token_unassign_keyslot(cd, 2, CRYPT_ANY_SLOT), 2); + EQ_(crypt_token_unassign_keyslot(cd, 0, CRYPT_ANY_SLOT), 0); + + // various tests related to unassigned keyslot to volume segment + EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3); + EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2); + EQ_(crypt_token_assign_keyslot(cd, 0, 3), 0); + + EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0); + EQ_(crypt_activate_by_token(cd, NULL, 0, passptr1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3); + // FIXME: useless error message here (or missing one to be specific) + FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), "No volume key available in token keyslots"); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0); + OK_(crypt_token_is_assigned(cd, 0, 1)); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + EQ_(crypt_token_assign_keyslot(cd, 2, 3), 2); + OK_(crypt_token_is_assigned(cd, 2, 3)); + EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0); + EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + +#ifdef KERNEL_KEYRING + if (t_dm_crypt_keyring_support()) { + EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), 0); + OK_(_volume_key_in_keyring(cd, 0)); + } + OK_(crypt_volume_key_keyring(cd, 0)); +#endif + FAIL_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), "Can't use keyring when disabled in library"); + OK_(crypt_volume_key_keyring(cd, 1)); + + EQ_(crypt_token_luks2_keyring_set(cd, 5, ¶ms), 5); + EQ_(crypt_token_status(cd, 5, &dummy), CRYPT_TOKEN_INTERNAL); + OK_(strcmp(dummy, "luks2-keyring")); + + FAIL_(crypt_token_luks2_keyring_get(cd, 2, ¶ms), "Token is not luks2-keyring type"); + + FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN0_JSON), "luks2- reserved prefix."); + FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN1_JSON), "luks2- reserved prefix."); + + // test we can use crypt_token_json_set for valid luks2-keyring token + FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON_BAD("\"0\"", "\"my_desc_x\"")), "Strict luks2-keyring token validation failed"); + EQ_(crypt_token_status(cd, 12, NULL), CRYPT_TOKEN_INACTIVE); + FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON("\"5\"", "\"my_desc\"")), "Missing keyslot 5."); + EQ_(crypt_token_json_set(cd, 10, LUKS2_KEYRING_TOKEN_JSON("\"1\"", "\"my_desc\"")), 10); + EQ_(crypt_token_status(cd, 10, &dummy), CRYPT_TOKEN_INTERNAL); + OK_(strcmp(dummy, "luks2-keyring")); + params.key_description = NULL; + EQ_(crypt_token_luks2_keyring_get(cd, 10, ¶ms), 10); + OK_(strcmp(params.key_description, "my_desc")); + + OK_(crypt_token_is_assigned(cd, 10, 1)); + // unassigned tests + EQ_(crypt_token_is_assigned(cd, 10, 21), -ENOENT); + EQ_(crypt_token_is_assigned(cd, 21, 1), -ENOENT); + // wrong keyslot or token id tests + EQ_(crypt_token_is_assigned(cd, -1, 1), -EINVAL); + EQ_(crypt_token_is_assigned(cd, 32, 1), -EINVAL); + EQ_(crypt_token_is_assigned(cd, 10, -1), -EINVAL); + EQ_(crypt_token_is_assigned(cd, 10, 32), -EINVAL); + EQ_(crypt_token_is_assigned(cd, -1, -1), -EINVAL); + EQ_(crypt_token_is_assigned(cd, 32, 32), -EINVAL); + + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void LuksConvert(void) +{ + uint64_t offset, r_payload_offset; + + const char *json = "{\"type\":\"convert_block\",\"keyslots\":[]}"; + const struct crypt_pbkdf_type argon = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha512", + .time_ms = 1, + .max_memory_kb = 1024, + .parallel_threads = 1 + }, pbkdf2 = { + .type = CRYPT_KDF_PBKDF2, + .hash = "sha1", + .time_ms = 1 + }; + + struct crypt_params_luks1 luks1 = { + .hash = "sha256", + .data_device = DMDIR L_DEVICE_1S + }; + + struct crypt_params_luks2 luks2 = { + .pbkdf = &pbkdf2, + .sector_size = 512 + }; + + const char *cipher = "aes"; + const char *cipher_mode = "xts-plain64"; + + // prepare the device + OK_(crypt_init(&cd, DEVICE_1)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NULL)); + offset = crypt_get_data_offset(cd); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 7); + CRYPT_FREE(cd); + + // convert LUKSv1 -> LUKSv2 + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1"); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "device is active"); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2)); + CRYPT_FREE(cd); + + // check result + OK_(crypt_init(&cd, DEVICE_1)); + FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "wrong luks format"); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7); + OK_(crypt_deactivate(cd, CDEVICE_1)); + FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "format is already LUKSv2"); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2)); + CRYPT_FREE(cd); + + // convert LUKSv2 -> LUKSv1 + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "device is active"); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1)); + CRYPT_FREE(cd); + + // check result + OK_(crypt_init(&cd, DEVICE_1)); + FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "wrong luks format"); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7); + OK_(crypt_deactivate(cd, CDEVICE_1)); + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1"); + OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1)); + CRYPT_FREE(cd); + + // exercice non-pbkdf2 LUKSv2 conversion + if (!_fips_mode) { + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_set_data_offset(cd, offset)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + OK_(crypt_set_pbkdf_type(cd, &argon)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Incompatible pbkdf with LUKSv1 format"); + CRYPT_FREE(cd); + } + + // exercice non LUKS1 compatible keyslot + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_set_data_offset(cd, offset)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + // FIXME: following test fails as expected but for a different reason + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Unassigned keyslots are incompatible with LUKSv1 format"); + CRYPT_FREE(cd); + + // exercice LUKSv2 conversion with single pbkdf2 keyslot being active + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_set_data_offset(cd, offset)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + offset = crypt_get_data_offset(cd); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + if (!_fips_mode) { + OK_(crypt_set_pbkdf_type(cd, &argon)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 1); + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Different hash for digest and keyslot."); + OK_(crypt_keyslot_destroy(cd, 1)); + } + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + CRYPT_FREE(cd); + + // do not allow conversion on keyslot No > 7 + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_set_data_offset(cd, offset)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8); + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert keyslot No 8"); + CRYPT_FREE(cd); + + // do not allow conversion with token + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_set_data_offset(cd, offset)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2)); + OK_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json)); + FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert header with token."); + CRYPT_FREE(cd); + + // should be enough for both luks1 and luks2 devices with all vk lengths + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); + + // do not allow conversion for legacy luks1 device (non-aligned keyslot offset) + OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_LEGACY " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset"); + CRYPT_FREE(cd); + + /* + * do not allow conversion on images if there's not enough space between + * last keyslot and data offset (should not happen on headers created + * with cryptsetup) + */ + OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_UNMOVABLE " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset"); + CRYPT_FREE(cd); + + // compat conversion tests + // LUKS1 -> LUKS2 + + // 128b key + OK_(_system("dd if=" CONV_DIR "/" CONV_L1_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1)); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 256b key + OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1)); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 512b key + OK_(_system("dd if=" CONV_DIR "/" CONV_L1_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1)); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // detached LUKS1 header conversion + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 256b key + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 512b key + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // LUKS2 -> LUKS1 + // 128b key + OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 128b all LUKS1 keyslots used + OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1); + EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2); + EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3); + EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4); + EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5); + EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6); + CRYPT_FREE(cd); + + // 256b key + OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 256b all LUKS1 keyslots used + OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1); + EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2); + EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3); + EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4); + EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5); + EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6); + CRYPT_FREE(cd); + + // 512b key + OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 512b all LUKS1 keyslots used + OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1); + EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2); + EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3); + EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4); + EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5); + EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6); + CRYPT_FREE(cd); + + // detached headers + // 128b + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 128b all LUKS1 keyslots used + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1); + EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2); + EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3); + EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4); + EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5); + EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6); + CRYPT_FREE(cd); + + // 256b key + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 256b all LUKS1 keyslots used + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1); + EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2); + EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3); + EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4); + EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5); + EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6); + CRYPT_FREE(cd); + + // 512b key + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + offset = crypt_get_data_offset(cd); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), offset); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + CRYPT_FREE(cd); + + // 512b all LUKS1 keyslots used + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_convert(cd, CRYPT_LUKS1, NULL)); + EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0); + EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7); + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1); + EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2); + EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3); + EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4); + EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5); + EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6); + CRYPT_FREE(cd); + + // detached LUKS1 header upconversion + OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header should fit there + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + crypt_set_iteration_time(cd, 1); + //OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7); + FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space."); + CRYPT_FREE(cd); + + // 2050 sectors, empty file + OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2)); + //OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1)); + EQ_(crypt_get_data_offset(cd), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7); + OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void Pbkdf(void) +{ + const struct crypt_pbkdf_type *pbkdf; + + const char *cipher = "aes", *mode="xts-plain64"; + struct crypt_pbkdf_type argon2 = { + .type = CRYPT_KDF_ARGON2I, + .hash = DEFAULT_LUKS1_HASH, + .time_ms = 6, + .max_memory_kb = 1024, + .parallel_threads = 1 + }, pbkdf2 = { + .type = CRYPT_KDF_PBKDF2, + .hash = DEFAULT_LUKS1_HASH, + .time_ms = 9 + }, bad = { + .type = "hamster_pbkdf", + .hash = DEFAULT_LUKS1_HASH + }; + struct crypt_params_plain params = { + .hash = "sha1", + .skip = 0, + .offset = 0, + .size = 0 + }; + struct crypt_params_luks1 luks1 = { + .hash = "whirlpool", // test non-standard hash + .data_alignment = 2048, + }; + + uint64_t r_payload_offset; + + /* Only PBKDF2 is allowed in FIPS, these tests cannot be run. */ + if (_fips_mode) + return; + + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); + + NULL_(crypt_get_pbkdf_type_params(NULL)); + NULL_(crypt_get_pbkdf_type_params("suslik")); + NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2)); + OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2I)); + OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2I)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2ID)); + OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2ID)); + + // test empty context + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + NULL_(crypt_get_pbkdf_type(cd)); + OK_(crypt_set_pbkdf_type(cd, &argon2)); + NOTNULL_(crypt_get_pbkdf_type(cd)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + NOTNULL_(crypt_get_pbkdf_type(cd)); + OK_(crypt_set_pbkdf_type(cd, NULL)); + NOTNULL_(crypt_get_pbkdf_type(cd)); + + // test plain device + OK_(crypt_format(cd, CRYPT_PLAIN, cipher, mode, NULL, NULL, 32, ¶ms)); + OK_(crypt_set_pbkdf_type(cd, &argon2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + OK_(crypt_set_pbkdf_type(cd, NULL)); + NOTNULL_(crypt_get_pbkdf_type(cd)); + CRYPT_FREE(cd); + + // test LUKSv1 device + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL)); + FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Unsupported with non-LUKS2 devices"); + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + OK_(crypt_set_pbkdf_type(cd, NULL)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME); + CRYPT_FREE(cd); + // test value set in crypt_set_iteration_time() can be obtained via following crypt_get_pbkdf_type() + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + crypt_set_iteration_time(cd, 42); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + EQ_(pbkdf->time_ms, 42); + // test crypt_get_pbkdf_type() returns expected values for LUKSv1 + OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->max_memory_kb, 0); + EQ_(pbkdf->parallel_threads, 0); + crypt_set_iteration_time(cd, 43); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + EQ_(pbkdf->time_ms, 43); + CRYPT_FREE(cd); + // test whether crypt_get_pbkdf_type() after double crypt_load() + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + crypt_set_iteration_time(cd, 42); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + EQ_(pbkdf->time_ms, 42); + CRYPT_FREE(cd); + // test whether hash passed via *params in crypt_load() has higher priority + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, &luks1)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->hash, luks1.hash)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->hash, luks1.hash)); + CRYPT_FREE(cd); + + // test LUKSv2 device + // test default values are set + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); + EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS)); + // set and verify argon2 type + OK_(crypt_set_pbkdf_type(cd, &argon2)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->type, argon2.type)); + OK_(strcmp(pbkdf->hash, argon2.hash)); + EQ_(pbkdf->time_ms, argon2.time_ms); + EQ_(pbkdf->max_memory_kb, argon2.max_memory_kb); + EQ_(pbkdf->parallel_threads, argon2.parallel_threads); + // set and verify pbkdf2 type + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->type, pbkdf2.type)); + OK_(strcmp(pbkdf->hash, pbkdf2.hash)); + EQ_(pbkdf->time_ms, pbkdf2.time_ms); + EQ_(pbkdf->max_memory_kb, pbkdf2.max_memory_kb); + EQ_(pbkdf->parallel_threads, pbkdf2.parallel_threads); + // reset and verify default values + crypt_set_iteration_time(cd, 1); // it's supposed to override this call + OK_(crypt_set_pbkdf_type(cd, NULL)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); + EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS)); + // try to pass illegal values + argon2.parallel_threads = 0; + FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0"); + argon2.parallel_threads = 1; + argon2.max_memory_kb = 0; + FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Memory can't be 0"); + argon2.max_memory_kb = 1024; + pbkdf2.parallel_threads = 1; + FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Parallel threads can't be set with pbkdf2 type"); + pbkdf2.parallel_threads = 0; + pbkdf2.max_memory_kb = 512; + FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Memory can't be set with pbkdf2 type"); + FAIL_(crypt_set_pbkdf_type(cd, &bad), "Unknown type member"); + bad.type = CRYPT_KDF_PBKDF2; + bad.hash = NULL; + FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty"); + bad.type = NULL; + bad.hash = DEFAULT_LUKS1_HASH; + FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty"); + bad.hash = "hamster_hash"; + FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member"); + CRYPT_FREE(cd); + // test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); + EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->time_ms, 1); + EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); + EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS)); + CRYPT_FREE(cd); + + // test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time() + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + crypt_set_iteration_time(cd, 0); + OK_(crypt_set_pbkdf_type(cd, &argon2)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + OK_(strcmp(pbkdf->type, argon2.type)); + EQ_(pbkdf->time_ms, argon2.time_ms); + + // force iterations + argon2.iterations = 33; + argon2.flags = CRYPT_PBKDF_NO_BENCHMARK; + OK_(crypt_set_pbkdf_type(cd, &argon2)); + NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); + EQ_(pbkdf->iterations, 33); + EQ_(pbkdf->flags, CRYPT_PBKDF_NO_BENCHMARK); + + // time may be unset with iterations + argon2.time_ms = 0; + OK_(crypt_set_pbkdf_type(cd, &argon2)); + argon2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK; + FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Illegal time value."); + + pbkdf2.time_ms = 0; + pbkdf2.flags = CRYPT_PBKDF_NO_BENCHMARK; + pbkdf2.parallel_threads = 0; + pbkdf2.max_memory_kb = 0; + pbkdf2.iterations = 1000; + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + pbkdf2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK; + FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Illegal time value."); + + // hash is relevant only with pbkdf2 + pbkdf2.time_ms = 9; + pbkdf2.hash = NULL; + FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2"); + pbkdf2.hash = "sha1"; + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + + argon2.time_ms = 9; + argon2.hash = "sha1"; // will be ignored + OK_(crypt_set_pbkdf_type(cd, &argon2)); + argon2.hash = NULL; + OK_(crypt_set_pbkdf_type(cd, &argon2)); + + CRYPT_FREE(cd); + + NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1)); + OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->max_memory_kb, 0); + EQ_(pbkdf->parallel_threads, 0); + + NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2)); + OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->max_memory_kb, DEFAULT_LUKS2_MEMORY_KB); + EQ_(pbkdf->parallel_threads, DEFAULT_LUKS2_PARALLEL_THREADS); + + NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN)); + + _cleanup_dmdevices(); +} + +static void Luks2KeyslotAdd(void) +{ + char key[128], key2[128], key_ret[128]; + const char *cipher = "aes", *cipher_mode="xts-plain64"; + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; + size_t key_ret_len, key_size = strlen(mk_hex) / 2; + uint64_t r_payload_offset; + struct crypt_pbkdf_type pbkdf = { + .type = "argon2i", + .hash = "sha256", + .iterations = 4, + .max_memory_kb = 32, + .parallel_threads = 1, + .flags = CRYPT_PBKDF_NO_BENCHMARK, + }; + struct crypt_params_luks2 params2 = { + .pbkdf = &pbkdf, + .sector_size = SECTOR_SIZE + }; + + crypt_decode_key(key, mk_hex, key_size); + crypt_decode_key(key2, mk_hex2, key_size); + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + pbkdf.iterations = 1000; + } + + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); + + /* test crypt_keyslot_add_by_key */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms2)); + EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST); + EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_UNBOUND); + /* must not activate volume with keyslot unassigned to a segment */ + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0), "Key doesn't match volume key digest"); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), "Keyslot not assigned to volume"); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), "No keyslot assigned to volume with this passphrase"); + /* unusable for volume activation even in test mode */ + FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Key doesn't match volume key digest"); + /* otoh passphrase check should pass */ + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1); + EQ_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1); + /* in general crypt_keyslot_add_by_key must allow any reasonable key size + * even though such keyslot will not be usable for segment encryption */ + EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size-1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 2); + EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 13, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3); + + FAIL_(crypt_keyslot_get_key_size(cd, CRYPT_ANY_SLOT), "Bad keyslot specification."); + EQ_(crypt_get_volume_key_size(cd), key_size); + EQ_(crypt_keyslot_get_key_size(cd, 0), key_size); + EQ_(crypt_keyslot_get_key_size(cd, 1), key_size); + EQ_(crypt_keyslot_get_key_size(cd, 2), key_size-1); + EQ_(crypt_keyslot_get_key_size(cd, 3), 13); + + key_ret_len = key_size - 1; + FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "Wrong size"); + + key_ret_len = 13; + FAIL_(crypt_volume_key_get(cd, 2, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "wrong size"); + EQ_(crypt_volume_key_get(cd, 3, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 3); + FAIL_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0), "Not a volume key"); + key_ret_len = key_size; + EQ_(crypt_volume_key_get(cd, 1, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 1); + + /* test force volume key change works as expected */ + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1); + OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0)); + OK_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + /* old keyslot must be unusable */ + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Key doesn't match volume key digest"); + FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Key doesn't match volume key digest"); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "Keyslot not assigned to volume"); + EQ_(crypt_keyslot_add_by_passphrase(cd, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1)), 6); + /* regression test. check new keyslot is properly assigned to new volume key digest */ + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE1, strlen(PASSPHRASE1), 0), 6); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms2)); + /* keyslot 0, volume key, digest 0 */ + EQ_(crypt_keyslot_add_by_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + /* keyslot 1, unbound key, digest 1 */ + EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + /* keyslot 2, unbound key, digest 1 */ + EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 2); + /* keyslot 3, unbound key, digest 2 */ + EQ_(crypt_keyslot_add_by_key(cd, 3, key2, key_size - 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 3); + /* keyslot 4, unbound key, digest 1 */ + EQ_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 4); + FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET), "Illegal"); + FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET | CRYPT_VOLUME_KEY_DIGEST_REUSE), "Illegal"); + /* Such key doesn't exist, nothing to reuse */ + FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size - 2, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), "Key digest doesn't match any existing."); + /* Keyslot 5, volume key, digest 0 */ + EQ_(crypt_keyslot_add_by_key(cd, 5, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), 5); + + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1); + OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0)); + FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Not a volume key"); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 2, PASSPHRASE1, strlen(PASSPHRASE1), 0), 2); + OK_(crypt_deactivate(cd, CDEVICE_1)); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "No volume key keyslot"); + + /* TODO: key is unusable with aes-xts */ + // FAIL_(crypt_keyslot_add_by_key(cd, 3, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), "Unusable key with segment cipher"); + + EQ_(crypt_keyslot_add_by_key(cd, 5, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 5); + FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Not a volume key"); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +} + +static void Luks2KeyslotParams(void) +{ + char key[128], key2[128]; + const char *cipher = "aes", *cipher_mode="xts-plain64"; + const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-essiv:sha256"; + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; + size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16; + uint64_t r_payload_offset; + + crypt_decode_key(key, mk_hex, key_size); + crypt_decode_key(key2, mk_hex2, key_size); + + OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE))); + OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1))); + + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); + + EQ_(key_size, 2 * keyslot_key_size); + /* test crypt_keyslot_add_by_key */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL)); + NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret)); + OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + + // Normal slots + EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE))); + EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1))); + EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT)); + EQ_(6, crypt_keyslot_add_by_keyfile(cd, 6, KEYFILE1, 0, KEYFILE2, 0)); + + // Slots with different encryption type + OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size)); + OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + EQ_(3, crypt_keyslot_add_by_volume_key(cd, 3, key, key_size, PASSPHRASE, strlen(PASSPHRASE))); + EQ_(4, crypt_keyslot_add_by_passphrase(cd, 4, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1))); + EQ_(5, crypt_keyslot_add_by_key(cd, 5, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT)); + EQ_(7, crypt_keyslot_add_by_keyfile(cd, 7, KEYFILE1, 0, KEYFILE2, 0)); + + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + + EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + + EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + + EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_UNBOUND); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 2, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + + EQ_(crypt_keyslot_status(cd, 6), CRYPT_SLOT_ACTIVE); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 6, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + + EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 3, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 4, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + EQ_(crypt_keyslot_status(cd, 5), CRYPT_SLOT_UNBOUND); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 5, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + EQ_(crypt_keyslot_status(cd, 7), CRYPT_SLOT_ACTIVE); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + crypt_set_iteration_time(cd, 1); + EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE))); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + + /* Revert to default */ + EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE))); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 9, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + + /* Set new encryption params */ + OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size)); + + EQ_(1, crypt_keyslot_change_by_passphrase(cd, 8, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1))); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + EQ_(10, crypt_keyslot_change_by_passphrase(cd, 2, 10, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE))); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 10, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1))); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_keyslot)); + EQ_(key_size_ret, keyslot_key_size); + + CRYPT_FREE(cd); + + /* LUKS1 compatible calls */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL)); + NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret)); + OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE))); + OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec)); + EQ_(key_size_ret, key_size); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); + _remove_keyfiles(); +} + +static void Luks2ActivateByKeyring(void) +{ +#ifdef KERNEL_KEYRING + + key_serial_t kid, kid1; + uint64_t r_payload_offset; + + const char *cipher = "aes"; + const char *cipher_mode = "xts-plain64"; + + if (!t_dm_crypt_keyring_support()) { + printf("WARNING: Kernel keyring not supported, skipping test.\n"); + return; + } + + kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid1, "Test or kernel keyring are broken."); + + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); + + // prepare the device + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + crypt_set_iteration_time(cd, 1); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 2); + CRYPT_FREE(cd); + + // FIXME: all following tests work as expected but most error messages are missing + // check activate by keyring works exactly same as by passphrase + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0), 0); + EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), 0); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), "already open"); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); + EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1); + EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 2, 0), 2); + FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 1, 0), "Keyslot not assigned to volume"); + EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), 2); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, CRYPT_ANY_SLOT, 0), 2); + OK_(crypt_deactivate(cd, CDEVICE_1)); + FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 2, 0), "Failed to unclock keyslot"); + FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 0, 0), "Failed to unclock keyslot"); + CRYPT_FREE(cd); + + NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); + NOTFAIL_(keyctl_unlink(kid1, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken."); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring"); + FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring"); + FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), "no such key in keyring"); + FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, 0), "no such key in keyring"); + CRYPT_FREE(cd); + _cleanup_dmdevices(); +#else + printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n"); +#endif +} + +static void Luks2Requirements(void) +{ + int r; + char key[128]; + size_t key_size = 128; + const struct crypt_pbkdf_type *pbkdf; +#ifdef KERNEL_KEYRING + key_serial_t kid; +#endif + uint32_t flags; + uint64_t dummy, r_payload_offset; + struct crypt_active_device cad; + + const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}"; + struct crypt_pbkdf_type argon2 = { + .type = CRYPT_KDF_ARGON2I, + .hash = DEFAULT_LUKS1_HASH, + .time_ms = 6, + .max_memory_kb = 1024, + .parallel_threads = 1 + }, pbkdf2 = { + .type = CRYPT_KDF_PBKDF2, + .hash = DEFAULT_LUKS1_HASH, + .time_ms = 9 + }; + struct crypt_token_params_luks2_keyring params_get, params = { + .key_description = KEY_DESC_TEST0 + }; + + OK_(prepare_keyfile(KEYFILE1, "aaa", 3)); + OK_(prepare_keyfile(KEYFILE2, "xxx", 3)); + + /* crypt_load (unrestricted) */ + OK_(crypt_init(&cd, DEVICE_5)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DEVICE_5)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + + /* crypt_dump (unrestricted) */ + reset_log(); + OK_(crypt_dump(cd)); + OK_(!(global_lines != 0)); + reset_log(); + + /* get & set pbkdf params (unrestricted) */ + if (!_fips_mode) { + OK_(crypt_set_pbkdf_type(cd, &argon2)); + NOTNULL_(crypt_get_pbkdf_type(cd)); + } + + OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); + NOTNULL_(crypt_get_pbkdf_type(cd)); + + /* crypt_set_iteration_time (unrestricted) */ + crypt_set_iteration_time(cd, 1); + pbkdf = crypt_get_pbkdf_type(cd); + NOTNULL_(pbkdf); + EQ_(pbkdf->time_ms, 1); + + /* crypt_convert (restricted) */ + FAIL_((r = crypt_convert(cd, CRYPT_LUKS1, NULL)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_set_uuid (restricted) */ + FAIL_((r = crypt_set_uuid(cd, NULL)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_set_label (restricted) */ + FAIL_((r = crypt_set_label(cd, "label", "subsystem")), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_repair (with current repair capabilities it's unrestricted) */ + OK_(crypt_repair(cd, CRYPT_LUKS2, NULL)); + + /* crypt_keyslot_add_passphrase (restricted) */ + FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, "aaa", 3, "bbb", 3)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_keyslot_change_by_passphrase (restricted) */ + FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, "aaa", 3, "bbb", 3)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_keyslot_add_by_keyfile (restricted) */ + FAIL_((r = crypt_keyslot_add_by_keyfile(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, KEYFILE2, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_keyslot_add_by_keyfile_offset (restricted) */ + FAIL_((r = crypt_keyslot_add_by_keyfile_offset(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, 0, KEYFILE2, 0, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_volume_key_get (unrestricted, but see below) */ + OK_(crypt_volume_key_get(cd, 0, key, &key_size, "aaa", 3)); + + /* crypt_keyslot_add_by_volume_key (restricted) */ + FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_keyslot_add_by_key (restricted) */ + FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, "xxx", 3, CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_keyslot_add_by_key (restricted) */ + FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_persistent_flasgs_set (restricted) */ + FAIL_((r = crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, CRYPT_ACTIVATE_ALLOW_DISCARDS)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_persistent_flasgs_get (unrestricted) */ + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)); + EQ_(flags, (uint32_t) CRYPT_REQUIREMENT_UNKNOWN); + + /* crypt_activate_by_passphrase (restricted for activation only) */ + FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, 0)); + OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); + + /* crypt_activate_by_keyfile (restricted for activation only) */ + FAIL_((r = crypt_activate_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, 0)); + OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); + + /* crypt_activate_by_volume_key (restricted for activation only) */ + FAIL_((r = crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); + +#ifdef KERNEL_KEYRING + if (t_dm_crypt_keyring_support()) { + kid = add_key("user", KEY_DESC_TEST0, "aaa", 3, KEY_SPEC_THREAD_KEYRING); + NOTFAIL_(kid, "Test or kernel keyring are broken."); + + /* crypt_activate_by_keyring (restricted for activation only) */ + FAIL_((r = crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0)), "Unmet requirements detected"); + EQ_(r, t_dm_crypt_keyring_support() ? -ETXTBSY : -EINVAL); + OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0)); + OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY)); + } +#endif + + /* crypt_volume_key_verify (unrestricted) */ + OK_(crypt_volume_key_verify(cd, key, key_size)); + + /* crypt_get_cipher (unrestricted) */ + OK_(strcmp(crypt_get_cipher(cd)?:"", "aes")); + + /* crypt_get_cipher_mode (unrestricted) */ + OK_(strcmp(crypt_get_cipher_mode(cd)?:"", "xts-plain64")); + + /* crypt_get_uuid (unrestricted) */ + NOTNULL_(crypt_get_uuid(cd)); + + /* crypt_get_device_name (unrestricted) */ + NOTNULL_(crypt_get_device_name(cd)); + + /* crypt_get_data_offset (unrestricted) */ + OK_(!crypt_get_data_offset(cd)); + + /* crypt_get_iv_offset (unrestricted, nothing to test) */ + + /* crypt_get_volume_key_size (unrestricted) */ + EQ_(crypt_get_volume_key_size(cd), key_size); + + /* crypt_keyslot_status (unrestricted) */ + EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST); + EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_INACTIVE); + + /* crypt_keyslot_get_priority (unrestricted) */ + EQ_(crypt_keyslot_get_priority(cd, 0), CRYPT_SLOT_PRIORITY_NORMAL); + + /* crypt_keyslot_set_priority (restricted) */ + FAIL_((r = crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_PREFER)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_keyslot_area (unrestricted) */ + OK_(crypt_keyslot_area(cd, 0, &dummy, &dummy)); + OK_(!dummy); + + /* crypt_header_backup (unrestricted) */ + remove(BACKUP_FILE); + OK_(crypt_header_backup(cd, CRYPT_LUKS, BACKUP_FILE)); + + /* crypt_header_restore (restricted, do not drop the test until we have safe option) */ + FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + remove(BACKUP_FILE); + + /* crypt_token_json_set (restricted) */ + FAIL_((r = crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_token_json_get (unrestricted) */ + OK_(crypt_token_json_get(cd, 0, &token)); + NOTNULL_(strstr(token, "user_type")); + + /* crypt_token_status (unrestricted) */ + EQ_(crypt_token_status(cd, 0, &token), CRYPT_TOKEN_EXTERNAL_UNKNOWN); + OK_(strcmp(token, "user_type")); + EQ_(crypt_token_status(cd, 1, &token), CRYPT_TOKEN_INTERNAL); + OK_(strcmp(token, "luks2-keyring")); + EQ_(crypt_token_status(cd, 2, NULL), CRYPT_TOKEN_INACTIVE); + EQ_(crypt_token_status(cd, 6, &token), CRYPT_TOKEN_INTERNAL_UNKNOWN); + + /* crypt_token_luks2_keyring_set (restricted) */ + FAIL_((r = crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, ¶ms)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_token_luks2_keyring_get (unrestricted) */ + EQ_(crypt_token_luks2_keyring_get(cd, 1, ¶ms_get), 1); + OK_(strcmp(params_get.key_description, KEY_DESC_TEST0)); + + /* crypt_token_assign_keyslot (unrestricted) */ + FAIL_((r = crypt_token_assign_keyslot(cd, 0, 1)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_token_unassign_keyslot (unrestricted) */ + FAIL_((r = crypt_token_unassign_keyslot(cd, CRYPT_ANY_TOKEN, CRYPT_ANY_SLOT)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_activate_by_token (restricted for activation only) */ +#ifdef KERNEL_KEYRING + if (t_dm_crypt_keyring_support()) { + FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent + EQ_(r, -ETXTBSY); + OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0)); + OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY)); + } +#endif + OK_(get_luks2_offsets(1, 8192, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 2)); + //OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" NO_REQS_LUKS2_HEADER " bs=4096 2>/dev/null", 1)); + OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + + /* need to fake activated LUKSv2 device with requirements features */ + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)); + OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); + /* replace header with no requirements */ + OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + CRYPT_FREE(cd); + + OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_5)); + CRYPT_FREE(cd); + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + + /* crypt_header_restore (restricted with confirmation required) */ + /* allow force restore over device header w/ requirements */ + OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)); + remove(BACKUP_FILE); + OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); /* create backup with requirements */ + + /* crypt_suspend (restricted) */ + FAIL_((r = crypt_suspend(cd, CDEVICE_1)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + CRYPT_FREE(cd); + + /* replace header again to suspend the device */ + OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + OK_(crypt_suspend(cd, CDEVICE_1)); + + /* crypt_header_restore (restricted, do not drop the test until we have safe option) */ + /* refuse to overwrite header w/ backup including requirements */ + FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + CRYPT_FREE(cd); + + OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + + /* crypt_resume_by_passphrase (restricted) */ + FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_resume_by_keyfile (restricted) */ + FAIL_((r = crypt_resume_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + + /* crypt_resume_by_keyfile_offset (restricted) */ + FAIL_((r = crypt_resume_by_keyfile_offset(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + CRYPT_FREE(cd); + + OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)); + CRYPT_FREE(cd); + OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1)); + + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + /* load VK in keyring */ + OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); + /* crypt_resize (restricted) */ + FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected"); + EQ_(r, -ETXTBSY); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + + /* crypt_get_active_device (unrestricted) */ + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); +#ifdef KERNEL_KEYRING + if (t_dm_crypt_keyring_support()) + EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY); +#endif + + /* crypt_deactivate (unrestricted) */ + OK_(crypt_deactivate(cd, CDEVICE_1)); + + /* crypt_token_is_assigned (unrestricted) */ + OK_(crypt_token_is_assigned(cd, 1, 0)); + OK_(crypt_token_is_assigned(cd, 6, 0)); + EQ_(crypt_token_is_assigned(cd, 0, 0), -ENOENT); + + /* crypt_keyslot_destroy (unrestricted) */ + OK_(crypt_keyslot_destroy(cd, 0)); + + CRYPT_FREE(cd); + _cleanup_dmdevices(); +} + +static void Luks2Integrity(void) +{ + struct crypt_params_integrity ip = {}; + struct crypt_params_luks2 params = { + .sector_size = 512, + .integrity = "hmac(sha256)" + }; + size_t key_size = 32 + 32; + const char *passphrase = "blabla"; + const char *cipher = "aes"; + const char *cipher_mode = "xts-random"; + int ret; + + // FIXME: This is just a stub + OK_(crypt_init(&cd, DEVICE_2)); + ret = crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, ¶ms); + if (ret < 0) { + printf("WARNING: cannot format integrity device, skipping test.\n"); + CRYPT_FREE(cd); + return; + } + + EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, passphrase, strlen(passphrase)), 7); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, passphrase, strlen(passphrase) ,0), 7); + EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); + CRYPT_FREE(cd); + + OK_(crypt_init_by_name_and_header(&cd, CDEVICE_2, NULL)); + OK_(crypt_get_integrity_info(cd, &ip)); + OK_(strcmp(cipher, crypt_get_cipher(cd))); + OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); + OK_(strcmp("hmac(sha256)", ip.integrity)); + EQ_(32, ip.integrity_key_size); + EQ_(32+16, ip.tag_size); + OK_(crypt_deactivate(cd, CDEVICE_2)); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DEVICE_2)); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size - 32, ¶ms), "Wrong key size."); + FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, "xts-plainx", NULL, NULL, key_size, ¶ms), "Wrong cipher."); + CRYPT_FREE(cd); +} + +static int set_fast_pbkdf(struct crypt_device *cd) +{ + struct crypt_pbkdf_type pbkdf = { + .type = "argon2id", + .hash = "sha256", + .iterations = 4, + .max_memory_kb = 32, + .parallel_threads = 1, + .flags = CRYPT_PBKDF_NO_BENCHMARK + }; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + pbkdf.iterations = 1000; + } + return crypt_set_pbkdf_type(cd, &pbkdf); +} + +static int check_flag(uint32_t flags, uint32_t flag) +{ + return (flags & flag) ? 0 : -1; +} + +static void Luks2Refresh(void) +{ + uint64_t r_payload_offset; + char key[128], key1[128]; + const char *cipher = "aes", *mode = "xts-plain64"; + const char *mk_hex = "bb21158c733229347bd4e681891e213d94c645be6a5b84818afe7a78a6de7a1a"; + const char *mk_hex2 = "bb22158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; + size_t key_size = strlen(mk_hex) / 2; + struct crypt_params_luks2 params = { + .sector_size = 512, + .integrity = "aead" + }; + struct crypt_active_device cad = {}; + + crypt_decode_key(key, mk_hex, key_size); + crypt_decode_key(key1, mk_hex2, key_size); + + OK_(get_luks2_offsets(1, 0, 0, NULL, &r_payload_offset)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000)); + OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 5000)); + OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset)); + + /* prepare test device */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(set_fast_pbkdf(cd)); + OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, key, 32, NULL)); + OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, "aaa", 3)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)); + + /* check we can refresh significant flags */ + if (t_dm_crypt_discard_support()) { + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_ALLOW_DISCARDS)); + cad.flags = 0; + } + + if (t_dm_crypt_cpu_switch_support()) { + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SAME_CPU_CRYPT)); + cad.flags = 0; + + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + cad.flags = 0; + + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + cad.flags = 0; + } + + OK_(crypt_volume_key_keyring(cd, 0)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised."); + cad.flags = 0; + +#ifdef KERNEL_KEYRING + if (t_dm_crypt_keyring_support()) { + OK_(crypt_volume_key_keyring(cd, 1)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY)); + cad.flags = 0; + } +#endif + + /* multiple flags at once */ + if (t_dm_crypt_discard_support() && t_dm_crypt_cpu_switch_support()) { + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS)); + cad.flags = 0; + } + + /* do not allow reactivation with read-only (and drop flag silently because activation behaves exactly same) */ + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY), "Reactivated with read-only flag."); + cad.flags = 0; + + /* reload flag is dropped silently */ + OK_(crypt_deactivate(cd, CDEVICE_1)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + + /* check read-only flag is not lost after reload */ + OK_(crypt_deactivate(cd, CDEVICE_1)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_READONLY)); + OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY)); + cad.flags = 0; + + /* check LUKS2 with auth. enc. reload */ + OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); + if (!crypt_format(cd2, CRYPT_LUKS2, "aes", "gcm-random", crypt_get_uuid(cd), key, 32, ¶ms)) { + OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, "aaa", 3)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, 0)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL)); + OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL)); + cad.flags = 0; + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad)); + OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)); + cad.flags = 0; + OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH)); + OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad)); + FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL), ""); + FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS), ""); + FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context"); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + } else { + printf("WARNING: cannot format integrity device, skipping few reload tests.\n"); + } + CRYPT_FREE(cd2); + + /* Use LUKS1 context on LUKS2 device */ + OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S)); + OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, mode, crypt_get_uuid(cd), key, 32, NULL)); + OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, "aaa", 3)); + FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context"); + CRYPT_FREE(cd2); + + /* Use PLAIN context on LUKS2 device */ + OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S)); + OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, mode, NULL, key, 32, NULL)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); + FAIL_(crypt_activate_by_volume_key(cd2, CDEVICE_1, key, key_size, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with PLAIN context"); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd2); + + /* (snapshot-like case) */ + /* try to refresh almost identical device (differs only in major:minor of data device) */ + OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); + OK_(set_fast_pbkdf(cd2)); + OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, mode, crypt_get_uuid(cd), key, 32, NULL)); + OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, "aaa", 3)); + FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device"); + + OK_(crypt_deactivate(cd, CDEVICE_1)); + + CRYPT_FREE(cd); + CRYPT_FREE(cd2); + + _cleanup_dmdevices(); +} + +static void Luks2Flags(void) +{ + uint32_t flags = 42; + + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + + /* check library erase passed variable on success when no flags set */ + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags)); + EQ_(flags, 0); + + /* check set and get behave as expected */ + flags = CRYPT_ACTIVATE_ALLOW_DISCARDS; + OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags)); + flags = 0; + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags)); + EQ_(flags, CRYPT_ACTIVATE_ALLOW_DISCARDS); + + flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS; + OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags)); + flags = (uint32_t)~0; + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags)); + EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS); + + CRYPT_FREE(cd); +} + +static int test_progress(uint64_t size, uint64_t offset, void *usrptr) +{ + while (--test_progress_steps) + return 0; + return 1; +} + +static void Luks2Reencryption(void) +{ +/* reencryption currently depends on kernel keyring support */ +#if KERNEL_KEYRING + /* NOTES: + * - reencryption requires luks2 parameters. can we avoid it? + */ + uint32_t getflags; + uint64_t r_header_size, r_size_1; + struct crypt_active_device cad; + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_ARGON2I, + .hash = "sha256", + .parallel_threads = 1, + .max_memory_kb = 128, + .iterations = 4, + .flags = CRYPT_PBKDF_NO_BENCHMARK + }; + struct crypt_params_luks2 params2 = { + .pbkdf = &pbkdf, + .sector_size = 4096 + }; + struct crypt_params_reencrypt retparams = {}, rparams = { + .direction = CRYPT_REENCRYPT_FORWARD, + .resilience = "checksum", + .hash = "sha1", + .luks2 = ¶ms2, + }; + + /* reencryption currently depends on kernel keyring support in dm-crypt */ + if (!t_dm_crypt_keyring_support()) + return; + + /* Cannot use Argon2 in FIPS */ + if (_fips_mode) { + pbkdf.type = CRYPT_KDF_PBKDF2; + pbkdf.parallel_threads = 0; + pbkdf.max_memory_kb = 0; + pbkdf.iterations = 1000; + } + + OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL)); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16)); + + /* create device */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21); + + /* add several unbound keys */ + EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9); + EQ_(crypt_keyslot_add_by_key(cd, 10, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 10); + EQ_(crypt_keyslot_add_by_key(cd, 11, NULL, 42, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 11); + EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE_LAST); + + /* test cipher parameters validation */ + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 11, "aes", "xts-plain64", &rparams), "Cipher not compatible with new volume key size."); + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "tHeHamstErciphErr", "xts-plain64", &rparams), "Wrong cipher."); + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "HamSterMoOode-plain64", &rparams), "Wrong mode."); + + /* test reencryption flags */ + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption not initialized."); + rparams.flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid flags combination."); + + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0); + FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized."); + + rparams.flags &= ~CRYPT_REENCRYPT_RESUME_ONLY; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams)); + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT); + + /* check reencrypt status is correct */ + EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); + EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT); + EQ_(retparams.direction, CRYPT_REENCRYPT_FORWARD); + EQ_(retparams.data_shift, 0); + EQ_(retparams.device_size, 0); + + /* check reencryption flag in metadata */ + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT); + + /* some parameters are expected to change immediately after reencryption initialization */ + EQ_(crypt_get_volume_key_size(cd), 64); + OK_(strcmp(crypt_get_cipher_mode(cd), "xts-plain64")); + EQ_(crypt_get_sector_size(cd), 4096); + /* reencrypt keyslot must be unbound */ + EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_UNBOUND); + /* keyslot assigned to new segment is switched to last active */ + EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST); + /* keyslot assigned to old segment remains active */ + EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE); + + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "xts-plain", &rparams), "Reencryption already initialized."); + + rparams.flags = 0; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams)); + OK_(crypt_reencrypt(cd, NULL)); + + /* check keyslots are reassigned to segment after reencryption */ + EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INACTIVE); + EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST); + EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND); + EQ_(crypt_keyslot_status(cd, 11), CRYPT_SLOT_UNBOUND); + EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_INACTIVE); + + EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + params2.sector_size = 512; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams)); + + /* fixed device size parameter impact */ + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + rparams.device_size = 24; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size."); + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT); + rparams.device_size = 15; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size alignment."); + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT); + FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized."); + rparams.device_size = 16; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams)); + OK_(crypt_reencrypt(cd, NULL)); + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0); + + /* limited hotzone size parameter impact */ + EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + rparams.device_size = 0; + params2.sector_size = 4096; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams)); + + /* max hotzone size parameter impact */ + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + rparams.max_hotzone_size = 1; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid hotzone size alignment."); + rparams.max_hotzone_size = 24; /* should be ok. Device size is 16 sectors and the parameter defines upper limit, not lower */ + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams)); + rparams.max_hotzone_size = 8; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams)); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + + rparams.max_hotzone_size = 0; + rparams.resilience = "haMster"; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience mode."); + rparams.resilience = "checksum"; + rparams.hash = "hamSter"; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash."); + + rparams.hash = "sha1"; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams)); + OK_(crypt_reencrypt(cd, NULL)); + + /* FIXME: this is a bug, but not critical (data shift parameter is ignored after initialization) */ + //rparams.data_shift = 8; + //FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid reencryption parameters."); + + EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21); + rparams.flags = 0; + rparams.resilience = "none"; + rparams.max_hotzone_size = 2048; + /* online reencryption on inactive device */ + FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device is not active."); + /* FIXME: this is minor bug. In fact we need only key from keyslot 9 */ + //EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 9, PASSPHRASE, strlen(PASSPHRASE), 0), 9); + NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device."); + /* offline reencryption on active device */ + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device mounted or active."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + /* Wrong context checks */ + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams)); + /* cd is ready for reencryption */ + OK_(crypt_init(&cd2, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running."); + rparams.flags = 0; + FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running."); + FAIL_(crypt_reencrypt(cd2, NULL), "Invalid reencryption context."); + OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT); + OK_(crypt_persistent_flags_get(cd2, CRYPT_FLAGS_REQUIREMENTS, &getflags)); + EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT); + EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN); + EQ_(crypt_reencrypt_status(cd2, NULL), CRYPT_REENCRYPT_CLEAN); + FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress."); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress."); + OK_(crypt_reencrypt(cd, NULL)); + CRYPT_FREE(cd); + CRYPT_FREE(cd2); + + /* Partial device reencryption parameter */ + params2.sector_size = 512; + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + + rparams.device_size = 2; + rparams.max_hotzone_size = 1; + rparams.resilience = "none"; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); + + /* interrupt reencryption after 'test_progress_steps' */ + test_progress_steps = 1; + OK_(crypt_reencrypt(cd, &test_progress)); + EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN); + + NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Could not activate device in reencryption."); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.size, 2); + EQ_(cad.offset, r_header_size); + /* TODO: this should work in future releases unless reencryption process is running */ + FAIL_(crypt_resize(cd, CDEVICE_1, 1), "Device in reencryption."); + FAIL_(crypt_resize(cd, CDEVICE_1, 0), "Device in reencryption."); + + rparams.max_hotzone_size = 0; + rparams.device_size = 3; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size."); + crypt_deactivate(cd, CDEVICE_1); + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size."); + rparams.device_size = 2; + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + NOTFAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Failed to initialize reencryption."); + OK_(crypt_reencrypt(cd, NULL)); + EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + /* after reencryption use whole device again */ + EQ_(cad.size, 16); + OK_(crypt_deactivate(cd, CDEVICE_1)); + + /* Reencrypt device with wrong size */ + EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1); + OK_(crypt_resize(cd, CDEVICE_1, 7)); + rparams.device_size = 0; + rparams.flags = 0; + params2.sector_size = 4096; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Active device size is not aligned to new sector size."); + rparams.device_size = 8; + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Reduced reencryption size does not match active device."); + /* FIXME: allow after resize in reencryption is supported */ + //NOTFAIL_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY | CRYPT_ACTIVATE_KEYRING_KEY), "Failed to load keys."); + // OK_(crypt_resize(cd, CDEVICE_1, 8)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + params2.sector_size = 512; + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_init(&cd2, DMDIR H_DEVICE)); + OK_(crypt_set_data_offset(cd2, r_header_size - 8)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + OK_(crypt_set_pbkdf_type(cd2, &pbkdf)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_format(cd2, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_volume_key(cd2, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + EQ_(crypt_keyslot_add_by_key(cd2, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); + EQ_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + /* reference wrong device in active device name */ + FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device."); + FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device."); + EQ_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); + FAIL_(crypt_set_data_device(cd2, DMDIR L_DEVICE_OK), "Device in reencryption."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd); + CRYPT_FREE(cd2); + + /* data shift related tests */ + params2.sector_size = 512; + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + memset(&rparams, 0, sizeof(rparams)); + rparams.direction = CRYPT_REENCRYPT_BACKWARD; + rparams.resilience = "datashift"; + rparams.data_shift = 8; + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + rparams.luks2 = ¶ms2; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); + EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); + EQ_(retparams.data_shift, 8); + EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT); + OK_(strcmp(retparams.resilience, "datashift")); + EQ_(crypt_get_data_offset(cd), 32776); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); + OK_(crypt_reencrypt(cd, NULL)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.size, 8); + EQ_(crypt_get_data_offset(cd), 32776); + OK_(crypt_deactivate(cd, CDEVICE_1)); + rparams.flags = 0; + EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0); + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Device is too small."); + CRYPT_FREE(cd); + // BUG: We need reencrypt abort flag + /* it fails, but it's already initialized and we have no way to abort yet */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1); + EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0); + rparams.direction = CRYPT_REENCRYPT_FORWARD; + rparams.resilience = "datashift"; + rparams.data_shift = 8; + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2); + EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); + EQ_(retparams.data_shift, 8); + EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT); + OK_(strcmp(retparams.resilience, "datashift")); + EQ_(crypt_get_data_offset(cd), 32760); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2); + OK_(crypt_reencrypt(cd, NULL)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.size, 24); + EQ_(crypt_get_data_offset(cd), 32760); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + /* data shift with online device */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + rparams.direction = CRYPT_REENCRYPT_BACKWARD; + rparams.resilience = "datashift"; + rparams.data_shift = 8; + rparams.flags = 0; + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0); + FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Active device too large."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption."); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.size, 8); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); + OK_(crypt_reencrypt(cd, NULL)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); + + /* encryption with datashift and moved segment (limit values for data shift) */ + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2)); + + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + + memset(&rparams, 0, sizeof(rparams)); + params2.sector_size = 512; + params2.data_device = DMDIR L_DEVICE_OK; + rparams.mode = CRYPT_REENCRYPT_ENCRYPT; + rparams.direction = CRYPT_REENCRYPT_BACKWARD; + rparams.resilience = "datashift"; + rparams.data_shift = 8192; + rparams.luks2 = ¶ms2; + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT; + OK_(crypt_set_data_offset(cd, 8192)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30); + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); + EQ_(retparams.mode, CRYPT_REENCRYPT_ENCRYPT); + OK_(strcmp(retparams.resilience, "datashift")); + EQ_(retparams.data_shift, 8192); + EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT); + EQ_(crypt_get_data_offset(cd), 8192); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); + OK_(crypt_reencrypt(cd, NULL)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2+1)); + + /* encryption with datashift and moved segment (data shift + 1 sector) */ + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT; + OK_(crypt_set_data_offset(cd, 8192)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30); + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE)); + EQ_(crypt_get_data_offset(cd), 8192); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); + OK_(crypt_reencrypt(cd, NULL)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2)); + + OK_(crypt_init(&cd, DMDIR H_DEVICE)); + + /* encryption with datashift and moved segment (data shift + data offset > device size) */ + memset(&rparams, 0, sizeof(rparams)); + params2.sector_size = 512; + params2.data_device = DMDIR L_DEVICE_OK; + rparams.mode = CRYPT_REENCRYPT_ENCRYPT; + rparams.direction = CRYPT_REENCRYPT_BACKWARD; + rparams.resilience = "datashift"; + rparams.data_shift = 8200; + rparams.luks2 = ¶ms2; + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT; + OK_(crypt_set_data_offset(cd, 8200)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30); + FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), "Data device is too small"); + EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 1)); + + /* decryption backward */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + params2.data_device = NULL; + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6); + memset(&rparams, 0, sizeof(rparams)); + rparams.mode = CRYPT_REENCRYPT_DECRYPT; + rparams.direction = CRYPT_REENCRYPT_BACKWARD; + rparams.resilience = "none"; + rparams.max_hotzone_size = 2048; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); + OK_(crypt_reencrypt(cd, NULL)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), r_header_size); + EQ_(crypt_get_volume_key_size(cd), 0); + OK_(strcmp(crypt_get_cipher(cd), "cipher_null")); + CRYPT_FREE(cd); + + /* decryption forward */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + params2.data_device = NULL; + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6); + memset(&rparams, 0, sizeof(rparams)); + rparams.mode = CRYPT_REENCRYPT_DECRYPT; + rparams.direction = CRYPT_REENCRYPT_FORWARD; + rparams.resilience = "none"; + rparams.max_hotzone_size = 2048; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); + OK_(crypt_reencrypt(cd, NULL)); + CRYPT_FREE(cd); + + /* decryption with data shift */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + params2.data_device = NULL; + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6); + remove(BACKUP_FILE); + OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); + CRYPT_FREE(cd); + // FIXME: we need write flock + OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR)); + OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), r_header_size); + memset(&rparams, 0, sizeof(rparams)); + rparams.mode = CRYPT_REENCRYPT_DECRYPT; + rparams.direction = CRYPT_REENCRYPT_FORWARD; + rparams.resilience = "datashift"; + rparams.data_shift = r_header_size; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); + EQ_(crypt_get_data_offset(cd), 0); + OK_(crypt_reencrypt(cd, NULL)); + remove(BACKUP_FILE); + CRYPT_FREE(cd); + + /* online decryption with data shift (future feature) */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + params2.data_device = NULL; + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6); + OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1)); + EQ_(r_size_1, 512); + // create placeholder device to block automatic deactivation after decryption + OK_(_system("dmsetup create " CDEVICE_1 " --table \"0 1 linear " DMDIR CDEVICE_2 " 0\"", 1)); + remove(BACKUP_FILE); + OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); + CRYPT_FREE(cd); + // FIXME: we need write flock + OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR)); + OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + EQ_(crypt_get_data_offset(cd), r_header_size); + memset(&rparams, 0, sizeof(rparams)); + rparams.mode = CRYPT_REENCRYPT_DECRYPT; + rparams.direction = CRYPT_REENCRYPT_FORWARD; + rparams.resilience = "datashift"; + rparams.data_shift = r_header_size; + OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); + EQ_(crypt_get_data_offset(cd), 0); + OK_(crypt_reencrypt(cd, NULL)); + remove(BACKUP_FILE); + OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1)); + EQ_(r_size_1, 512); + OK_(_system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); + OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size)); + OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_header_size)); + + /* check detached header misuse (mismatching keys in table and mda) */ + OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + params2.data_device = DMDIR L_DEVICE_WRONG; + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6); + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6); + /* activate second device using same header */ + OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); + OK_(crypt_set_pbkdf_type(cd2, &pbkdf)); + EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6); + CRYPT_FREE(cd2); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + + memset(&rparams, 0, sizeof(rparams)); + rparams.resilience = "none"; + rparams.max_hotzone_size = 16*2048; + rparams.luks2 = ¶ms2; + + OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams)); + OK_(crypt_reencrypt(cd, NULL)); + + OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); + OK_(crypt_set_pbkdf_type(cd2, &pbkdf)); + EQ_(crypt_keyslot_add_by_key(cd2, 2, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 2); + rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; + FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table."); + OK_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams)); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table."); + OK_(crypt_deactivate(cd, CDEVICE_1)); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd); + CRYPT_FREE(cd2); + + /* check detached header misuse (mismatching progress data in active device and mda) */ + OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + params2.data_device = DMDIR L_DEVICE_WRONG; + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6); + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + rparams.flags = 0; + rparams.max_hotzone_size = 8; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams)); + /* reencrypt 8 srectors of device */ + test_progress_steps = 1; + OK_(crypt_reencrypt(cd, &test_progress)); + + /* activate another data device with same LUKS2 header (this is wrong, but we can't detect such mistake) */ + OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); + NOTFAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_2, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption."); + CRYPT_FREE(cd2); + + /* reencrypt yet another 8 sectors of first device */ + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams)); + test_progress_steps = 1; + OK_(crypt_reencrypt(cd, &test_progress)); + + /* Now active mapping for second data device does not match its metadata */ + OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams), "Mismatching device table."); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd2); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); + OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16)); + + /* Test LUKS2 reencryption honors flags device was activate with */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + params2.sector_size = 512; + params2.data_device = NULL; + OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2)); + EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6); + OK_(crypt_volume_key_keyring(cd, 0)); /* disable keyring */ + EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_ALLOW_DISCARDS), 6); + OK_(crypt_volume_key_keyring(cd, 1)); + rparams.mode = CRYPT_REENCRYPT_REENCRYPT; + rparams.direction = CRYPT_REENCRYPT_FORWARD, + rparams.resilience = "none", + rparams.max_hotzone_size = 8; + rparams.luks2 = ¶ms2; + rparams.flags = 0; + EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); + OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams)); + test_progress_steps = 1; + OK_(crypt_reencrypt(cd, &test_progress)); + EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS); + EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0); + CRYPT_FREE(cd); + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; + OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams)); + OK_(crypt_reencrypt(cd, NULL)); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS); + EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); + + _cleanup_dmdevices(); +#endif +} + +static void Luks2Repair(void) +{ + char rollback[256]; + + snprintf(rollback, sizeof(rollback), + "dd if=" IMAGE_PV_LUKS2_SEC ".bcp of=%s bs=1M 2>/dev/null", + DEVICE_6); + + OK_(crypt_init(&cd, DEVICE_6)); + + FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); + FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device"); + + /* check explicit LUKS2 repair works */ + OK_(crypt_repair(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DEVICE_6)); + + /* rollback */ + OK_(_system(rollback, 1)); + FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); + + /* check repair with type detection works */ + OK_(crypt_repair(cd, CRYPT_LUKS, NULL)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + CRYPT_FREE(cd); + + /* repeat with locking disabled (must not have any effect) */ + OK_(_system(rollback, 1)); + OK_(crypt_init(&cd, DEVICE_6)); + OK_(crypt_metadata_locking(cd, 0)); + + FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); + FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device"); + + /* check explicit LUKS2 repair works */ + OK_(crypt_repair(cd, CRYPT_LUKS2, NULL)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + CRYPT_FREE(cd); + OK_(crypt_init(&cd, DEVICE_6)); + + /* rollback */ + OK_(_system(rollback, 1)); + FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); + + /* check repair with type detection works */ + OK_(crypt_repair(cd, CRYPT_LUKS, NULL)); + OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); + CRYPT_FREE(cd); +} + +static void int_handler(int sig __attribute__((__unused__))) +{ + _quit++; +} + +int main(int argc, char *argv[]) +{ + struct sigaction sa = { .sa_handler = int_handler }; + int i; + + if (getuid() != 0) { + printf("You must be root to run this test.\n"); + exit(77); + } +#ifndef NO_CRYPTSETUP_PATH + if (getenv("CRYPTSETUP_PATH")) { + printf("Cannot run this test with CRYPTSETUP_PATH set.\n"); + exit(77); + } +#endif + for (i = 1; i < argc; i++) { + if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i])) + _verbose = 1; + else if (!strcmp("--debug", argv[i])) + _debug = _verbose = 1; + } + + /* Handle interrupt properly */ + sigaction(SIGINT, &sa, NULL); + sigaction(SIGTERM, &sa, NULL); + + register_cleanup(_cleanup); + + _cleanup(); + if (_setup()) { + printf("Cannot set test devices.\n"); + _cleanup(); + exit(77); + } + + crypt_set_debug_level(_debug ? CRYPT_DEBUG_JSON : CRYPT_DEBUG_NONE); + + RUN_(AddDeviceLuks2, "Format and use LUKS2 device"); + RUN_(Luks2MetadataSize, "LUKS2 metadata settings"); + RUN_(Luks2HeaderLoad, "LUKS2 header load"); + RUN_(Luks2HeaderRestore, "LUKS2 header restore"); + RUN_(Luks2HeaderBackup, "LUKS2 header backup"); + RUN_(ResizeDeviceLuks2, "LUKS2 device resize tests"); + RUN_(UseLuks2Device, "Use pre-formated LUKS2 device"); + RUN_(SuspendDevice, "LUKS2 Suspend/Resume"); + RUN_(UseTempVolumes, "Format and use temporary encrypted device"); + RUN_(Tokens, "General tokens API"); + RUN_(TokenActivationByKeyring, "Builtin kernel keyring token"); + RUN_(LuksConvert, "LUKS1 <-> LUKS2 conversions"); + RUN_(Pbkdf, "Default PBKDF manipulation routines"); + RUN_(Luks2KeyslotParams, "Add a new keyslot with different encryption"); + RUN_(Luks2KeyslotAdd, "Add a new keyslot by unused key"); + RUN_(Luks2ActivateByKeyring, "LUKS2 activation by passphrase in keyring"); + RUN_(Luks2Requirements, "LUKS2 requirements flags"); + RUN_(Luks2Integrity, "LUKS2 with data integrity"); + RUN_(Luks2Refresh, "Active device table refresh"); + RUN_(Luks2Flags, "LUKS2 persistent flags"); + RUN_(Luks2Reencryption, "LUKS2 reencryption"); + RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run always last! + + _cleanup(); + return 0; +} diff --git a/tests/api-test.c b/tests/api-test.c index 7fd85c2..81501eb 100644 --- a/tests/api-test.c +++ b/tests/api-test.c @@ -1,8 +1,9 @@ /* * cryptsetup library API check functions * - * Copyright (C) 2009-2013 Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2014, Milan Broz + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz + * Copyright (C) 2016-2020 Ondrej Kozina * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,22 +20,19 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include #include #include #include #include -#include #include -#include #include #include -#include -#include +#include +#include +#include "api_test.h" #include "luks.h" #include "libcryptsetup.h" -#include "utils_loop.h" #define DMDIR "/dev/mapper/" @@ -57,6 +55,7 @@ #define EVL_HEADER_2 "evil_hdr-payload_overwrite" #define EVL_HEADER_3 "evil_hdr-stripes_payload_dmg" #define EVL_HEADER_4 "evil_hdr-small_luks_device" +#define EVL_HEADER_5 "evil_hdr-keyslot_overlap" #define VALID_HEADER "valid_header_file" #define BACKUP_FILE "csetup_backup_file" #define IMAGE1 "compatimage.img" @@ -69,6 +68,7 @@ #define KEY2 "0123456789abcdef" #define PASSPHRASE "blabla" +#define PASSPHRASE1 "albalb" #define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc" @@ -76,70 +76,21 @@ #define DEVICE_CHAR "/dev/zero" #define THE_LFILE_TEMPLATE "cryptsetup-tstlp.XXXXXX" -#define SECTOR_SHIFT 9L -#define SECTOR_SIZE 512 -#define TST_LOOP_FILE_SIZE (((1<<20)*50)>>SECTOR_SHIFT) -#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) -#define DIV_ROUND_UP_MODULO(n,d) (DIV_ROUND_UP(n,d)*(d)) #define LUKS_PHDR_SIZE_B 1024 -static int _debug = 0; -static int _verbose = 1; static int _fips_mode = 0; -static int _quit = 0; - -static char global_log[4096]; -static int global_lines = 0; - static char *DEVICE_1 = NULL; static char *DEVICE_2 = NULL; static char *DEVICE_3 = NULL; -static char *THE_LOOP_DEV = NULL; static char *tmp_file_1 = NULL; static char *test_loop_file = NULL; -static uint64_t t_dev_offset = 0; -static int _system(const char*, int); +struct crypt_device *cd = NULL, *cd2 = NULL; // Helpers -static int device_size(const char *device, uint64_t *size) -{ - int devfd, r = 0; - - devfd = open(device, O_RDONLY); - if(devfd == -1) - return -EINVAL; - - if (ioctl(devfd, BLKGETSIZE64, size) < 0) - r = -EINVAL; - close(devfd); - return r; -} - -static int fips_mode(void) -{ - int fd; - char buf = 0; - - if (access("/etc/system-fips", F_OK)) - return 0; - - fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY); - - if (fd < 0) - return 0; - - if (read(fd, &buf, 1) != 1) - buf = '0'; - - close(fd); - - return (buf == '1'); -} - static int get_luks_offsets(int metadata_device, size_t keylength, unsigned int alignpayload_sec, @@ -151,14 +102,18 @@ static int get_luks_offsets(int metadata_device, uint64_t current_sector; uint32_t sectors_per_stripes_set; - if (!keylength) + if (!keylength) { + if (r_header_size) + *r_header_size = 0; + if (r_payload_offset) + *r_payload_offset = 0; return -1; + } sectors_per_stripes_set = DIV_ROUND_UP(keylength*LUKS_STRIPES, SECTOR_SIZE); - printf("sectors_per_stripes %" PRIu32 "\n", sectors_per_stripes_set); current_sector = DIV_ROUND_UP_MODULO(DIV_ROUND_UP(LUKS_PHDR_SIZE_B, SECTOR_SIZE), LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE); - for(i=0;i < (LUKS_NUMKEYS - 1);i++) + for (i=0; i < (LUKS_NUMKEYS - 1); i++) current_sector = DIV_ROUND_UP_MODULO(current_sector + sectors_per_stripes_set, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE); if (r_header_size) @@ -178,170 +133,41 @@ static int get_luks_offsets(int metadata_device, return 0; } -/* - * Creates dm-linear target over the test loop device. Offset is held in - * global variables so that size can be tested whether it fits into remaining - * size of the loop device or not - */ -static int create_dmdevice_over_loop(const char *dm_name, const uint64_t size) -{ - char cmd[128]; - int r; - uint64_t r_size; - - if(device_size(THE_LOOP_DEV, &r_size) < 0 || r_size <= t_dev_offset || !size) - return -1; - if ((r_size - t_dev_offset) < size) { - printf("No enough space on backing loop device\n."); - return -2; - } - snprintf(cmd, sizeof(cmd), - "dmsetup create %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"", - dm_name, size, THE_LOOP_DEV, t_dev_offset); - if (!(r = _system(cmd, 1))) { - t_dev_offset += size; - } - return r; -} - -// TODO some utility to remove dmdevice over the loop file - -// Get key from kernel dm mapping table using dm-ioctl -static int _get_key_dm(const char *name, char *buffer, unsigned int buffer_size) -{ - struct dm_task *dmt; - struct dm_info dmi; - uint64_t start, length; - char *target_type, *key, *params; - void *next = NULL; - int r = -EINVAL; - - if (!(dmt = dm_task_create(DM_DEVICE_TABLE))) - goto out; - if (!dm_task_set_name(dmt, name)) - goto out; - if (!dm_task_run(dmt)) - goto out; - if (!dm_task_get_info(dmt, &dmi)) - goto out; - if (!dmi.exists) - goto out; - - next = dm_get_next_target(dmt, next, &start, &length, &target_type, ¶ms); - if (!target_type || strcmp(target_type, "crypt") != 0) - goto out; - - (void)strsep(¶ms, " "); /* rcipher */ - key = strsep(¶ms, " "); - - if (buffer_size <= strlen(key)) - goto out; - - strncpy(buffer, key, buffer_size); - r = 0; -out: - if (dmt) - dm_task_destroy(dmt); - - return r; -} - -static int _prepare_keyfile(const char *name, const char *passphrase, int size) -{ - int fd, r; - - fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR|S_IWUSR); - if (fd != -1) { - r = write(fd, passphrase, size); - close(fd); - } else - r = 0; - - return r == size ? 0 : 1; -} - static void _remove_keyfiles(void) { remove(KEYFILE1); remove(KEYFILE2); } -// Decode key from its hex representation -static int crypt_decode_key(char *key, const char *hex, unsigned int size) -{ - char buffer[3]; - char *endp; - unsigned int i; - - buffer[2] = '\0'; - - for (i = 0; i < size; i++) { - buffer[0] = *hex++; - buffer[1] = *hex++; - - key[i] = (unsigned char)strtoul(buffer, &endp, 16); - - if (endp != &buffer[2]) - return -1; - } - - if (*hex != '\0') - return -1; +#if HAVE_DECL_DM_TASK_RETRY_REMOVE +#define DM_RETRY "--retry " +#else +#define DM_RETRY "" +#endif - return 0; -} +#define DM_NOSTDERR " 2>/dev/null" -static void cmdLineLog(int level, const char *msg) +static void _cleanup_dmdevices(void) { - strncat(global_log, msg, sizeof(global_log) - strlen(global_log)); - global_lines++; -} + struct stat st; -static void new_log(int level, const char *msg, void *usrptr) -{ - if (_debug) - printf("LOG: %s", msg); - cmdLineLog(level, msg); -} + if (!stat(DMDIR H_DEVICE, &st)) + _system("dmsetup remove " DM_RETRY H_DEVICE DM_NOSTDERR, 0); -static void reset_log(void) -{ - memset(global_log, 0, sizeof(global_log)); - global_lines = 0; -} + if (!stat(DMDIR H_DEVICE_WRONG, &st)) + _system("dmsetup remove " DM_RETRY H_DEVICE_WRONG DM_NOSTDERR, 0); -static int _system(const char *command, int warn) -{ - int r; - if (_debug) - printf("Running system: %s\n", command); - if ((r=system(command)) < 0 && warn) - printf("System command failed: %s", command); - return r; -} + if (!stat(DMDIR L_DEVICE_0S, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_0S DM_NOSTDERR, 0); -static void _cleanup_dmdevices(void) -{ - struct stat st; + if (!stat(DMDIR L_DEVICE_1S, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_1S DM_NOSTDERR, 0); - if (!stat(DMDIR H_DEVICE, &st)) { - _system("dmsetup remove " H_DEVICE, 0); - } - if (!stat(DMDIR H_DEVICE_WRONG, &st)) { - _system("dmsetup remove " H_DEVICE_WRONG, 0); - } - if (!stat(DMDIR L_DEVICE_0S, &st)) { - _system("dmsetup remove " L_DEVICE_0S, 0); - } - if (!stat(DMDIR L_DEVICE_1S, &st)) { - _system("dmsetup remove " L_DEVICE_1S, 0); - } - if (!stat(DMDIR L_DEVICE_WRONG, &st)) { - _system("dmsetup remove " L_DEVICE_WRONG, 0); - } - if (!stat(DMDIR L_DEVICE_OK, &st)) { - _system("dmsetup remove " L_DEVICE_OK, 0); - } + if (!stat(DMDIR L_DEVICE_WRONG, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_WRONG DM_NOSTDERR, 0); + + if (!stat(DMDIR L_DEVICE_OK, &st)) + _system("dmsetup remove " DM_RETRY L_DEVICE_OK DM_NOSTDERR, 0); t_dev_offset = 0; } @@ -350,44 +176,50 @@ static void _cleanup(void) { struct stat st; + CRYPT_FREE(cd); + CRYPT_FREE(cd2); + //_system("udevadm settle", 0); if (!stat(DMDIR CDEVICE_1, &st)) - _system("dmsetup remove " CDEVICE_1, 0); + _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0); if (!stat(DMDIR CDEVICE_2, &st)) - _system("dmsetup remove " CDEVICE_2, 0); + _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0); if (!stat(DEVICE_EMPTY, &st)) - _system("dmsetup remove " DEVICE_EMPTY_name, 0); + _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0); if (!stat(DEVICE_ERROR, &st)) - _system("dmsetup remove " DEVICE_ERROR_name, 0); + _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0); _cleanup_dmdevices(); - if (crypt_loop_device(THE_LOOP_DEV)) - crypt_loop_detach(THE_LOOP_DEV); + if (loop_device(THE_LOOP_DEV)) + loop_detach(THE_LOOP_DEV); - if (crypt_loop_device(DEVICE_1)) - crypt_loop_detach(DEVICE_1); + if (loop_device(DEVICE_1)) + loop_detach(DEVICE_1); - if (crypt_loop_device(DEVICE_2)) - crypt_loop_detach(DEVICE_2); + if (loop_device(DEVICE_2)) + loop_detach(DEVICE_2); - if (crypt_loop_device(DEVICE_3)) - crypt_loop_detach(DEVICE_3); + if (loop_device(DEVICE_3)) + loop_detach(DEVICE_3); _system("rm -f " IMAGE_EMPTY, 0); _system("rm -f " IMAGE1, 0); - remove(test_loop_file); - remove(tmp_file_1); + if (test_loop_file) + remove(test_loop_file); + if (tmp_file_1) + remove(tmp_file_1); remove(EVL_HEADER_1); remove(EVL_HEADER_2); remove(EVL_HEADER_3); remove(EVL_HEADER_4); + remove(EVL_HEADER_5); remove(VALID_HEADER); remove(BACKUP_FILE); @@ -417,16 +249,8 @@ static int _setup(void) if (_system(cmd, 1)) return 1; - if (!THE_LOOP_DEV) - THE_LOOP_DEV = crypt_loop_get_device(); - if (!THE_LOOP_DEV) { - printf("Cannot find free loop device.\n"); - return 1; - } - if (crypt_loop_device(THE_LOOP_DEV)) { - fd = crypt_loop_attach(THE_LOOP_DEV, test_loop_file, 0, 0, &ro); - close(fd); - } + fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro); + close(fd); tmp_file_1 = strdup(THE_LFILE_TEMPLATE); if ((fd=mkstemp(tmp_file_1)) == -1) { @@ -441,49 +265,32 @@ static int _setup(void) _system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1); _system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1); - if (!DEVICE_1) - DEVICE_1 = crypt_loop_get_device(); - if (!DEVICE_1) { - printf("Cannot find free loop device.\n"); - return 1; - } - if (crypt_loop_device(DEVICE_1)) { - _system(" [ ! -e " IMAGE1 " ] && bzip2 -dk " IMAGE1 ".bz2", 1); - fd = crypt_loop_attach(DEVICE_1, IMAGE1, 0, 0, &ro); - close(fd); - } - if (!DEVICE_2) - DEVICE_2 = crypt_loop_get_device(); - if (!DEVICE_2) { - printf("Cannot find free loop device.\n"); - return 1; - } - if (crypt_loop_device(DEVICE_2)) { - _system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4 2>/dev/null", 1); - fd = crypt_loop_attach(DEVICE_2, IMAGE_EMPTY, 0, 0, &ro); - close(fd); - } - if (!DEVICE_3) - DEVICE_3 = crypt_loop_get_device(); - if (!DEVICE_3) { - printf("Cannot find free loop device.\n"); - return 1; - } + + _system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1); + fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro); + close(fd); + + _system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=10 2>/dev/null", 1); + fd = loop_attach(&DEVICE_2, IMAGE_EMPTY, 0, 0, &ro); + close(fd); + /* Keymaterial offset is less than 8 sectors */ - _system(" [ ! -e " EVL_HEADER_1 " ] && bzip2 -dk " EVL_HEADER_1 ".bz2", 1); + _system(" [ ! -e " EVL_HEADER_1 " ] && xz -dk " EVL_HEADER_1 ".xz", 1); /* keymaterial offset aims into payload area */ - _system(" [ ! -e " EVL_HEADER_2 " ] && bzip2 -dk " EVL_HEADER_2 ".bz2", 1); - /* keymaterial offset is valid, number of stripes causes payload area to be overwriten */ - _system(" [ ! -e " EVL_HEADER_3 " ] && bzip2 -dk " EVL_HEADER_3 ".bz2", 1); + _system(" [ ! -e " EVL_HEADER_2 " ] && xz -dk " EVL_HEADER_2 ".xz", 1); + /* keymaterial offset is valid, number of stripes causes payload area to be overwritten */ + _system(" [ ! -e " EVL_HEADER_3 " ] && xz -dk " EVL_HEADER_3 ".xz", 1); /* luks device header for data and header on same device. payloadOffset is greater than * device size (crypt_load() test) */ - _system(" [ ! -e " EVL_HEADER_4 " ] && bzip2 -dk " EVL_HEADER_4 ".bz2", 1); + _system(" [ ! -e " EVL_HEADER_4 " ] && xz -dk " EVL_HEADER_4 ".xz", 1); + /* two keyslots with same offset (overlapping keyslots) */ + _system(" [ ! -e " EVL_HEADER_5 " ] && xz -dk " EVL_HEADER_5 ".xz", 1); /* valid header: payloadOffset=4096, key_size=32, * volume_key = bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a */ - _system(" [ ! -e " VALID_HEADER " ] && bzip2 -dk " VALID_HEADER ".bz2", 1); + _system(" [ ! -e " VALID_HEADER " ] && xz -dk " VALID_HEADER ".xz", 1); /* Prepare tcrypt images */ - _system(" [ ! -d tcrypt-images ] && tar xjf tcrypt-images.tar.bz2 2>/dev/null", 1); + _system("tar xJf tcrypt-images.tar.xz 2>/dev/null", 1); _system("modprobe dm-crypt", 0); _system("modprobe dm-verity", 0); @@ -492,75 +299,14 @@ static int _setup(void) if (_debug) printf("FIPS MODE: %d\n", _fips_mode); - return 0; -} - -static void check_ok(int status, int line, const char *func) -{ - char buf[256]; - - if (status) { - crypt_get_error(buf, sizeof(buf)); - printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf); - _cleanup(); - exit(-1); - } -} - -static void check_ko(int status, int line, const char *func) -{ - char buf[256]; - - memset(buf, 0, sizeof(buf)); - crypt_get_error(buf, sizeof(buf)); - if (status >= 0) { - printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf); - _cleanup(); - exit(-1); - } else if (_verbose) - printf(" => errno %d, errmsg: %s\n", status, buf); -} - -static void check_equal(int line, const char *func, int64_t x, int64_t y) -{ - printf("FAIL line %d [%s]: expected equal values differs: %" - PRIi64 " != %" PRIi64 "\n", line, func, x, y); - _cleanup(); - exit(-1); -} + /* Use default log callback */ + crypt_set_log_callback(NULL, &global_log_callback, NULL); -static void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt) -{ - if (_verbose) { - if (txt) - printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt); - else - printf(" [%s,%s:%d] %s\n", msg, func, line, tst); - } - if (_quit) { - if (_verbose) - printf("Interrupted by a signal.\n"); - _cleanup(); - exit(-1); - } + return 0; } -/* crypt_device context must be "cd" to parse error properly here */ -#define OK_(x) do { xlog("(success)", #x, __FUNCTION__, __LINE__, NULL); \ - check_ok((x), __LINE__, __FUNCTION__); \ - } while(0) -#define FAIL_(x, y) do { xlog("(fail) ", #x, __FUNCTION__, __LINE__, y); \ - check_ko((x), __LINE__, __FUNCTION__); \ - } while(0) -#define EQ_(x, y) do { int64_t _x = (x), _y = (y); \ - xlog("(equal) ", #x " == " #y, __FUNCTION__, __LINE__, NULL); \ - if (_x != _y) check_equal(__LINE__, __FUNCTION__, _x, _y); \ - } while(0) -#define RUN_(x, y) do { printf("%s: %s\n", #x, (y)); x(); } while (0) - static void AddDevicePlain(void) { - struct crypt_device *cd; struct crypt_params_plain params = { .hash = "sha1", .skip = 0, @@ -584,7 +330,7 @@ static void AddDevicePlain(void) FAIL_(crypt_init(&cd, DEVICE_WRONG), "nonexistent device name "); FAIL_(crypt_init(&cd, DEVICE_CHAR), "character device as backing device"); OK_(crypt_init(&cd, tmp_file_1)); - crypt_free(cd); + CRYPT_FREE(cd); // test crypt_format, crypt_get_cipher, crypt_get_cipher_mode, crypt_get_volume_key_size OK_(crypt_init(&cd,DEVICE_1)); @@ -604,7 +350,7 @@ static void AddDevicePlain(void) // crypt_set_uuid() FAIL_(crypt_set_uuid(cd,DEVICE_1_UUID),"can't set uuid to plain device"); - crypt_free(cd); + CRYPT_FREE(cd); // default is "plain" hash - no password hash OK_(crypt_init(&cd, DEVICE_1)); @@ -613,10 +359,10 @@ static void AddDevicePlain(void) OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); // test boundaries in offset parameter - device_size(DEVICE_1,&size); + t_device_size(DEVICE_1,&size); params.hash = NULL; // zero sectors length params.offset = size >> SECTOR_SHIFT; @@ -628,17 +374,17 @@ static void AddDevicePlain(void) EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); // data part of crypt device is of 1 sector size params.offset = (size >> SECTOR_SHIFT) - 1; - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1); - if (device_size(path, &r_size) >= 0) + if (t_device_size(path, &r_size) >= 0) EQ_(r_size>>SECTOR_SHIFT, 1); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); // size > device_size params.offset = 0; @@ -647,7 +393,7 @@ static void AddDevicePlain(void) OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Device too small"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // offset == device_size (autodetect size) params.offset = (size >> SECTOR_SHIFT); @@ -656,7 +402,7 @@ static void AddDevicePlain(void) OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Device too small"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // offset == device_size (user defined size) params.offset = (size >> SECTOR_SHIFT); @@ -665,7 +411,7 @@ static void AddDevicePlain(void) OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Device too small"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // offset+size > device_size params.offset = 42; @@ -674,7 +420,7 @@ static void AddDevicePlain(void) OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Offset and size are beyond device real size"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // offset+size == device_size params.offset = 42; @@ -683,11 +429,11 @@ static void AddDevicePlain(void) OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - if (!device_size(path, &r_size)) + if (!t_device_size(path, &r_size)) EQ_((r_size >> SECTOR_SHIFT),params.size); OK_(crypt_deactivate(cd,CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); params.hash = "sha1"; params.offset = 0; params.size = 0; @@ -709,13 +455,19 @@ static void AddDevicePlain(void) close(fd); OK_(crypt_deactivate(cd, CDEVICE_1)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // crypt_init_by_name_and_header OK_(crypt_init(&cd,DEVICE_1)); OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); - crypt_free(cd); + CRYPT_FREE(cd); + + // init with detached header is not supported + OK_(crypt_init_data_device(&cd, DEVICE_2, DEVICE_1)); + FAIL_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms), + "can't use plain with separate metadata device"); + CRYPT_FREE(cd); FAIL_(crypt_init_by_name_and_header(&cd, CDEVICE_1, H_DEVICE),"can't init plain device by header device"); OK_(crypt_init_by_name(&cd, CDEVICE_1)); @@ -725,7 +477,7 @@ static void AddDevicePlain(void) EQ_(params.skip, crypt_get_iv_offset(cd)); EQ_(params.offset, crypt_get_data_offset(cd)); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init(&cd,DEVICE_1)); OK_(crypt_format(cd,CRYPT_PLAIN,cipher,cipher_mode,NULL,NULL,key_size,¶ms)); @@ -734,6 +486,7 @@ static void AddDevicePlain(void) // crypt_set_data_device FAIL_(crypt_set_data_device(cd,H_DEVICE),"can't set data device for plain device"); + NULL_(crypt_get_metadata_device_name(cd)); // crypt_get_type OK_(strcmp(crypt_get_type(cd),CRYPT_PLAIN)); @@ -743,7 +496,7 @@ static void AddDevicePlain(void) // crypt_resize() OK_(crypt_resize(cd,CDEVICE_1,size>>SECTOR_SHIFT)); // same size - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size, size); // size overlaps @@ -752,14 +505,14 @@ static void AddDevicePlain(void) // resize ok OK_(crypt_resize(cd,CDEVICE_1, 123)); - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size>>SECTOR_SHIFT, 123); OK_(crypt_resize(cd,CDEVICE_1,0)); // full size (autodetect) - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size, size); OK_(crypt_deactivate(cd,CDEVICE_1)); EQ_(crypt_status(cd,CDEVICE_1),CRYPT_INACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // offset tests OK_(crypt_init(&cd,DEVICE_1)); @@ -767,32 +520,32 @@ static void AddDevicePlain(void) params.size = (size>>SECTOR_SHIFT) - params.offset - 10; OK_(crypt_format(cd,CRYPT_PLAIN,cipher,cipher_mode,NULL,NULL,key_size,¶ms)); OK_(crypt_activate_by_volume_key(cd,CDEVICE_1,key,key_size,0)); - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size>>SECTOR_SHIFT, params.size); // resize to fill remaining capacity OK_(crypt_resize(cd,CDEVICE_1,params.size + 10)); - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size>>SECTOR_SHIFT, params.size + 10); // 1 sector beyond real size FAIL_(crypt_resize(cd,CDEVICE_1,params.size + 11), "new device size overlaps backing device"); // with respect to offset - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size>>SECTOR_SHIFT, params.size + 10); EQ_(crypt_status(cd,CDEVICE_1),CRYPT_ACTIVE); fd = open(path, O_RDONLY); + NOTFAIL_(fd, "Bad loop device."); close(fd); - OK_(fd < 0); // resize to minimal size OK_(crypt_resize(cd,CDEVICE_1, 1)); // minimal device size - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size>>SECTOR_SHIFT, 1); // use size of backing device (autodetect with respect to offset) OK_(crypt_resize(cd,CDEVICE_1,0)); - if (!device_size(path,&r_size)) + if (!t_device_size(path,&r_size)) EQ_(r_size>>SECTOR_SHIFT, (size >> SECTOR_SHIFT)- 42); OK_(crypt_deactivate(cd,CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); params.size = 0; params.offset = 0; @@ -807,16 +560,14 @@ static void AddDevicePlain(void) EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); // retrieve volume key check - if (!_fips_mode) { - memset(key2, 0, key_size); - key_size--; - // small buffer - FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer"); - key_size++; - OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase))); - - OK_(memcmp(key, key2, key_size)); - } + memset(key2, 0, key_size); + key_size--; + // small buffer + FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer"); + key_size++; + OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase))); + OK_(memcmp(key, key2, key_size)); + OK_(strcmp(cipher, crypt_get_cipher(cd))); OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); EQ_((int)key_size, crypt_get_volume_key_size(cd)); @@ -824,17 +575,20 @@ static void AddDevicePlain(void) OK_(crypt_deactivate(cd, CDEVICE_1)); // now with keyfile - OK_(_prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); - OK_(_prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2))); + OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); + OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2))); FAIL_(crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, 0), "cannot verify key with plain"); EQ_(0, crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); FAIL_(crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, strlen(KEY1) + 1, 0), "cannot seek"); + FAIL_(crypt_activate_by_keyfile_device_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, strlen(KEY1) + 1, 0), "cannot seek"); EQ_(0, crypt_activate_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0, 0)); OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(0, crypt_activate_by_keyfile_device_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0, 0)); + OK_(crypt_deactivate(cd, CDEVICE_1)); _remove_keyfiles(); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init(&cd,DEVICE_1)); OK_(crypt_format(cd,CRYPT_PLAIN,cipher,cipher_mode,NULL,NULL,key_size,¶ms)); @@ -847,33 +601,19 @@ static void AddDevicePlain(void) EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INVALID); _remove_keyfiles(); - crypt_free(cd); -} - -#define CALLBACK_ERROR "calback_error xyz" -static int pass_callback_err(const char *msg, char *buf, size_t length, void *usrptr) -{ - struct crypt_device *cd = usrptr; - - assert(cd); - assert(length); - assert(msg); - - crypt_log(cd, CRYPT_LOG_ERROR, CALLBACK_ERROR); - return -EINVAL; + CRYPT_FREE(cd); } -static int pass_callback_ok(const char *msg, char *buf, size_t length, void *usrptr) +static int new_messages = 0; +static void new_log(int level, const char *msg, void *usrptr) { - assert(length); - assert(msg); - strcpy(buf, PASSPHRASE); - return strlen(buf); + if (level == CRYPT_LOG_ERROR) + new_messages++; + global_log_callback(level, msg, usrptr); } static void CallbacksTest(void) { - struct crypt_device *cd; struct crypt_params_plain params = { .hash = "sha1", .skip = 0, @@ -884,50 +624,24 @@ static void CallbacksTest(void) const char *cipher = "aes"; const char *cipher_mode = "cbc-essiv:sha256"; const char *passphrase = PASSPHRASE; - char buf1[256] = {0}, buf2[256] = {0}; OK_(crypt_init(&cd, DEVICE_1)); + new_messages = 0; crypt_set_log_callback(cd, &new_log, NULL); - //crypt_set_log_callback(cd, NULL, NULL); - + EQ_(new_messages, 0); OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms)); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + EQ_(new_messages, 0); + FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0), "already exists"); + EQ_(new_messages, 1); + crypt_set_log_callback(cd, NULL, NULL); OK_(crypt_deactivate(cd, CDEVICE_1)); - - reset_log(); - crypt_set_password_callback(cd, pass_callback_err, cd); - FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, NULL, 0, 0), "callback fails"); - EQ_(strncmp(global_log, CALLBACK_ERROR, strlen(CALLBACK_ERROR)), 0); - - crypt_set_password_callback(cd, pass_callback_ok, NULL); - OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, NULL, 0, 0)); - EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - OK_(crypt_deactivate(cd, CDEVICE_1)); - - // Check error reporting. - // This must fail and create error message - crypt_deactivate(cd, CDEVICE_1); - - // Here context must be the same - crypt_get_error(buf1, sizeof(buf1)); - crypt_last_error(cd, buf2, sizeof(buf2)); - OK_(!*buf1); - OK_(!*buf2); - OK_(strcmp(buf1, buf2)); - - crypt_get_error(buf1, sizeof(buf1)); - crypt_last_error(cd, buf2, sizeof(buf2)); - OK_(*buf1); - OK_(*buf2); - - crypt_free(cd); + CRYPT_FREE(cd); } static void UseLuksDevice(void) { - struct crypt_device *cd; char key[128]; size_t key_size; @@ -948,25 +662,26 @@ static void UseLuksDevice(void) EQ_((int)key_size, crypt_get_volume_key_size(cd)); EQ_(1032, crypt_get_data_offset(cd)); - if (!_fips_mode) { - EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1))); - OK_(crypt_volume_key_verify(cd, key, key_size)); - OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); - OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); - EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - OK_(crypt_deactivate(cd, CDEVICE_1)); + EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1))); + OK_(crypt_volume_key_verify(cd, key, key_size)); + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(crypt_deactivate(cd, CDEVICE_1)); - key[1] = ~key[1]; - FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch"); - FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch"); - } - crypt_free(cd); + key[1] = ~key[1]; + FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch"); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch"); + + CRYPT_FREE(cd); } static void SuspendDevice(void) { + struct crypt_active_device cad; + char key[128]; + size_t key_size; int suspend_status; - struct crypt_device *cd; OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); @@ -976,67 +691,85 @@ static void SuspendDevice(void) if (suspend_status == -ENOTSUP) { printf("WARNING: Suspend/Resume not supported, skipping test.\n"); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); return; } OK_(suspend_status); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED); + FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended"); FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key"); OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1))); FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended"); - OK_(_prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); + OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); + EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED); + + OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); OK_(crypt_suspend(cd, CDEVICE_1)); FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile"); FAIL_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key"); - OK_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0)); + FAIL_(crypt_resume_by_keyfile_device_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key"); + OK_(crypt_resume_by_keyfile_device_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0)); FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended"); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); /* create LUKS device with detached header */ OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); OK_(crypt_set_data_device(cd, DEVICE_2)); OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); - crypt_free(cd); + CRYPT_FREE(cd); /* Should be able to suspend but not resume if not header specified */ OK_(crypt_init_by_name(&cd, CDEVICE_1)); OK_(crypt_suspend(cd, CDEVICE_1)); FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended"); FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header"); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_1)); OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1))); + /* Resume by volume key */ + OK_(crypt_suspend(cd, CDEVICE_1)); + key_size = sizeof(key); + memset(key, 0, key_size); + FAIL_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size), "wrong key"); + OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1))); + OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size)); + OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); _remove_keyfiles(); } static void AddDeviceLuks(void) { - struct crypt_device *cd; + enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 }; struct crypt_params_luks1 params = { .hash = "sha512", - .data_alignment = 2048, // 4M, data offset will be 4096 + .data_alignment = OFFSET_1M, // 4M, data offset will be 4096 .data_device = DEVICE_2 }; - char key[128], key2[128]; + char key[128], key2[128], key3[128]; const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd"; const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"; + const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e"; size_t key_size = strlen(mk_hex) / 2; const char *cipher = "aes"; const char *cipher_mode = "cbc-essiv:sha256"; uint64_t r_payload_offset, r_header_size, r_size_1; + struct crypt_pbkdf_type pbkdf; crypt_decode_key(key, mk_hex, key_size); + crypt_decode_key(key3, mk_hex2, key_size); // init test devices OK_(get_luks_offsets(1, key_size, 0, 0, &r_header_size, &r_payload_offset)); @@ -1047,13 +780,13 @@ static void AddDeviceLuks(void) OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); params.data_alignment = 0; FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Not enough space for keyslots material"); - crypt_free(cd); + CRYPT_FREE(cd); // test payload_offset = 0 for encrypted device with external header device OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); EQ_(crypt_get_data_offset(cd), 0); - crypt_free(cd); + CRYPT_FREE(cd); params.data_alignment = 0; params.data_device = NULL; @@ -1062,12 +795,37 @@ static void AddDeviceLuks(void) OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); OK_(!(crypt_get_data_offset(cd) > 0)); - crypt_free(cd); + CRYPT_FREE(cd); + + // set_data_offset has priority, alignment must be 0 or must be compatible + params.data_alignment = 0; + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_set_data_offset(cd, OFFSET_8M)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_(crypt_get_data_offset(cd), OFFSET_8M); + CRYPT_FREE(cd); + + // Load gets the value from metadata + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_set_data_offset(cd, OFFSET_2M)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + EQ_(crypt_get_data_offset(cd), OFFSET_8M); + CRYPT_FREE(cd); + + params.data_alignment = OFFSET_4M; + OK_(crypt_init(&cd, DEVICE_2)); + FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k + OK_(crypt_set_data_offset(cd, OFFSET_2M)); + FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Alignment not compatible"); + OK_(crypt_set_data_offset(cd, OFFSET_4M)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + EQ_(crypt_get_data_offset(cd), OFFSET_4M); + CRYPT_FREE(cd); /* * test limit values for backing device size */ - params.data_alignment = 4096; + params.data_alignment = OFFSET_2M; OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset)); OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); @@ -1077,13 +835,13 @@ static void AddDeviceLuks(void) // 1 sector less than required OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG)); FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device too small"); - crypt_free(cd); + CRYPT_FREE(cd); // 0 sectors for encrypted area OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Encrypted area too small"); - crypt_free(cd); + CRYPT_FREE(cd); // 1 sector for encrypted area OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); @@ -1091,20 +849,20 @@ static void AddDeviceLuks(void) EQ_(crypt_get_data_offset(cd), params.data_alignment); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - OK_(device_size(DMDIR CDEVICE_1, &r_size_1)); + OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1)); EQ_(r_size_1, SECTOR_SIZE); OK_(crypt_deactivate(cd, CDEVICE_1)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); // restrict format only to empty context - FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formated"); - FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formated"); + FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); + FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted"); // change data device to wrong one OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small"); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); params.data_alignment = 0; params.data_device = DEVICE_2; @@ -1114,43 +872,43 @@ static void AddDeviceLuks(void) OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); - FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formated"); + FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // check active status without header OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - OK_(!!crypt_get_type(cd)); + NULL_(crypt_get_type(cd)); OK_(strcmp(cipher, crypt_get_cipher(cd))); OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); EQ_((int)key_size, crypt_get_volume_key_size(cd)); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); - params.data_alignment = 2048; + params.data_alignment = OFFSET_1M; params.data_device = NULL; // test uuid mismatch and _init_by_name_and_header OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); - crypt_free(cd); + CRYPT_FREE(cd); params.data_alignment = 0; params.data_device = DEVICE_2; OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); - crypt_free(cd); + CRYPT_FREE(cd); // there we've got uuid mismatch OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); - OK_(!!crypt_get_type(cd)); + NULL_(crypt_get_type(cd)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device is active"); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active"); EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); params.data_device = NULL; @@ -1172,8 +930,19 @@ static void AddDeviceLuks(void) crypt_set_iteration_time(cd, 1); EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1))); - OK_(_prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); - OK_(_prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2))); + + // PBKDF info (in LUKS1 slots are the same) + FAIL_(crypt_keyslot_get_pbkdf(cd, 1, NULL), "PBKDF struct required"); + OK_(crypt_keyslot_get_pbkdf(cd, 1, &pbkdf)); + OK_(strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)); + OK_(strcmp(pbkdf.hash, params.hash)); + OK_(pbkdf.iterations < 1000); /* set by minimum iterations above */ + EQ_(0, pbkdf.max_memory_kb); + EQ_(0, pbkdf.parallel_threads); + FAIL_(crypt_keyslot_get_pbkdf(cd, 2, &pbkdf), "Keyslot 2 is inactive."); + + OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); + OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2))); EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0)); FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2, 0, 1), "wrong key"); EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE2, 0, 1)); @@ -1212,23 +981,20 @@ static void AddDeviceLuks(void) EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0)); EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase))); - if (!_fips_mode) { - EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase))); - OK_(crypt_volume_key_verify(cd, key2, key_size)); + EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase))); + OK_(crypt_volume_key_verify(cd, key2, key_size)); + + OK_(memcmp(key, key2, key_size)); - OK_(memcmp(key, key2, key_size)); - } OK_(strcmp(cipher, crypt_get_cipher(cd))); OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); EQ_((int)key_size, crypt_get_volume_key_size(cd)); - EQ_(4096, crypt_get_data_offset(cd)); + EQ_(OFFSET_2M, crypt_get_data_offset(cd)); OK_(strcmp(DEVICE_2, crypt_get_device_name(cd))); reset_log(); - crypt_set_log_callback(cd, &new_log, NULL); OK_(crypt_dump(cd)); OK_(!(global_lines != 0)); - crypt_set_log_callback(cd, NULL, NULL); reset_log(); FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format"); @@ -1236,13 +1002,24 @@ static void AddDeviceLuks(void) OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd))); FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active"); - crypt_free(cd); + CRYPT_FREE(cd); + + // No benchmark PBKDF2 + pbkdf.flags = CRYPT_PBKDF_NO_BENCHMARK; + pbkdf.hash = "sha256"; + pbkdf.iterations = 1000; + pbkdf.time_ms = 0; + + OK_(crypt_init(&cd, DEVICE_2)); + OK_(crypt_set_pbkdf_type(cd, &pbkdf)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + CRYPT_FREE(cd); + _cleanup_dmdevices(); } static void UseTempVolumes(void) { - struct crypt_device *cd; char tmp[256]; // Tepmporary device without keyslot but with on-disk LUKS header @@ -1251,14 +1028,14 @@ static void UseTempVolumes(void) OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0)); EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init_by_name(&cd, CDEVICE_2)); OK_(crypt_deactivate(cd, CDEVICE_2)); - crypt_free(cd); + CRYPT_FREE(cd); // Dirty checks: device without UUID - // we should be able to remove it but not manuipulate with it + // we should be able to remove it but not manipulate with it snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \"" "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 " "%s 2048\"", CDEVICE_2, DEVICE_2); @@ -1266,7 +1043,7 @@ static void UseTempVolumes(void) OK_(crypt_init_by_name(&cd, CDEVICE_2)); OK_(crypt_deactivate(cd, CDEVICE_2)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "No known device type"); - crypt_free(cd); + CRYPT_FREE(cd); // Dirty checks: device with UUID but LUKS header key fingerprint must fail) snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \"" @@ -1277,29 +1054,28 @@ static void UseTempVolumes(void) OK_(crypt_init_by_name(&cd, CDEVICE_2)); OK_(crypt_deactivate(cd, CDEVICE_2)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "wrong volume key"); - crypt_free(cd); + CRYPT_FREE(cd); // No slots OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "volume key is lost"); - crypt_free(cd); + CRYPT_FREE(cd); // Plain device OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_format(cd, CRYPT_PLAIN, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL)); FAIL_(crypt_activate_by_volume_key(cd, NULL, "xxx", 3, 0), "cannot verify key with plain"); FAIL_(crypt_volume_key_verify(cd, "xxx", 3), "cannot verify key with plain"); - FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, "xxx", 3, 0), "wrong key lenght"); + FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, "xxx", 3, 0), "wrong key length"); OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, "volumekeyvolumek", 16, 0)); EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_2)); - crypt_free(cd); + CRYPT_FREE(cd); } static void LuksHeaderRestore(void) { - struct crypt_device *cd; struct crypt_params_luks1 params = { .hash = "sha512", .data_alignment = 2048, // 4M, data offset will be 4096 @@ -1331,7 +1107,7 @@ static void LuksHeaderRestore(void) FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER), "Cannot restore header over PLAIN type device"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); // invalid headers OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); @@ -1340,6 +1116,7 @@ static void LuksHeaderRestore(void) FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_2), "Header corrupted"); FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_3), "Header corrupted"); FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_4), "Header too small"); + FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_5), "Header corrupted"); OK_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER)); // wipe valid luks header snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=%" PRIu64 " 2>/dev/null", r_payload_offset); @@ -1348,17 +1125,18 @@ static void LuksHeaderRestore(void) FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_2), "Header corrupted"); FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_3), "Header corrupted"); FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_4), "Header too small"); + FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_5), "Header corrupted"); OK_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); // volume key_size mismatch OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); memcpy(key2, key, key_size / 2); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key2, key_size / 2, ¶ms)); FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER), "Volume keysize mismatch"); - crypt_free(cd); + CRYPT_FREE(cd); // payload offset mismatch params.data_alignment = 8192; @@ -1366,14 +1144,25 @@ static void LuksHeaderRestore(void) OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER), "Payload offset mismatch"); //_system("dmsetup table;sleep 1",1); - crypt_free(cd); + CRYPT_FREE(cd); + + /* check crypt_header_restore() properly loads crypt_device context */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL)); + OK_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER)); + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); + /* same test, any LUKS */ + OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL)); + OK_(crypt_header_restore(cd, CRYPT_LUKS, VALID_HEADER)); + OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); + + CRYPT_FREE(cd); _cleanup_dmdevices(); } static void LuksHeaderLoad(void) { - struct crypt_device *cd; struct crypt_params_luks1 params = { .hash = "sha512", .data_alignment = 2048, @@ -1391,6 +1180,7 @@ static void LuksHeaderLoad(void) const char *cipher = "aes"; const char *cipher_mode = "cbc-essiv:sha256"; uint64_t r_payload_offset, r_header_size; + uint64_t mdata_size, keyslots_size; crypt_decode_key(key, mk_hex, key_size); @@ -1416,55 +1206,78 @@ static void LuksHeaderLoad(void) params.data_device = DMDIR L_DEVICE_OK; OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + OK_(!crypt_get_metadata_device_name(cd)); + EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); + + // repeat with init with two devices + OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK)); + OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); + CRYPT_FREE(cd); + OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); + OK_(!crypt_get_metadata_device_name(cd)); + EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0); + CRYPT_FREE(cd); // bad header: device too small (payloadOffset > device_size) OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "Device too small"); - OK_(!!crypt_get_type(cd)); - crypt_free(cd); + NULL_(crypt_get_type(cd)); + CRYPT_FREE(cd); // 0 secs for encrypted data area params.data_alignment = 2048; params.data_device = NULL; OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); - crypt_free(cd); + FAIL_(crypt_set_metadata_size(cd, 0x004000, 0x004000), "Wrong context type"); + OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size)); + EQ_(mdata_size, LUKS_ALIGN_KEYSLOTS); + EQ_(keyslots_size, r_header_size * SECTOR_SIZE - mdata_size); + CRYPT_FREE(cd); // load should be ok OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small"); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); - crypt_free(cd); + CRYPT_FREE(cd); // damaged header OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8 2>/dev/null", 1)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "Header not found"); - crypt_free(cd); + CRYPT_FREE(cd); // plain device OK_(crypt_init(&cd, DMDIR H_DEVICE)); FAIL_(crypt_load(cd, CRYPT_PLAIN, NULL), "Can't load nonLUKS device type"); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, &pl_params)); FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "Can't load over nonLUKS device type"); - crypt_free(cd); + FAIL_(crypt_set_metadata_size(cd, 0x004000, 0x004000), "Wrong context type"); + FAIL_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size), "Wrong context type"); + CRYPT_FREE(cd); + + /* check load sets proper device type */ + OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); + OK_(crypt_load(cd, CRYPT_LUKS, NULL)); + EQ_(strcmp(CRYPT_LUKS1, crypt_get_type(cd)), 0); + CRYPT_FREE(cd); _cleanup_dmdevices(); } static void LuksHeaderBackup(void) { - struct crypt_device *cd; struct crypt_params_luks1 params = { .hash = "sha512", .data_alignment = 2048, @@ -1493,7 +1306,7 @@ static void LuksHeaderBackup(void) EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0); OK_(crypt_header_backup(cd, CRYPT_LUKS1, BACKUP_FILE)); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); // restore header from backup OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); @@ -1502,7 +1315,7 @@ static void LuksHeaderBackup(void) OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); // exercise luksOpen using backup header in file OK_(crypt_init(&cd, BACKUP_FILE)); @@ -1511,7 +1324,7 @@ static void LuksHeaderBackup(void) EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init(&cd, BACKUP_FILE)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); @@ -1519,19 +1332,19 @@ static void LuksHeaderBackup(void) EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); // exercise luksOpen using backup header on block device - fd = crypt_loop_attach(DEVICE_3, BACKUP_FILE, 0, 0, &ro); + fd = loop_attach(&DEVICE_3, BACKUP_FILE, 0, 0, &ro); + NOTFAIL_(fd, "Bad loop device."); close(fd); - OK_(fd < 0); OK_(crypt_init(&cd, DEVICE_3)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init(&cd, DEVICE_3)); OK_(crypt_load(cd, CRYPT_LUKS1, NULL)); @@ -1539,14 +1352,13 @@ static void LuksHeaderBackup(void) EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); _cleanup_dmdevices(); } static void ResizeDeviceLuks(void) { - struct crypt_device *cd; struct crypt_params_luks1 params = { .hash = "sha512", .data_alignment = 2048, @@ -1567,24 +1379,25 @@ static void ResizeDeviceLuks(void) OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000)); OK_(create_dmdevice_over_loop(L_DEVICE_0S, 1000)); + OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 1000)); // test header and encrypted payload all in one device OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_resize(cd, CDEVICE_1, 42)); - if (!device_size(DMDIR CDEVICE_1, &r_size)) + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) EQ_(42, r_size >> SECTOR_SHIFT); // autodetect encrypted device area size OK_(crypt_resize(cd, CDEVICE_1, 0)); - if (!device_size(DMDIR CDEVICE_1, &r_size)) + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) EQ_(1000, r_size >> SECTOR_SHIFT); FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small"); - if (!device_size(DMDIR CDEVICE_1, &r_size)) + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) EQ_(1000, r_size >> SECTOR_SHIFT); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); params.data_alignment = 0; params.data_device = DMDIR L_DEVICE_0S; @@ -1593,25 +1406,46 @@ static void ResizeDeviceLuks(void) OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_resize(cd, CDEVICE_1, 666)); - if (!device_size(DMDIR CDEVICE_1, &r_size)) + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) EQ_(666, r_size >> SECTOR_SHIFT); // autodetect encrypted device size OK_(crypt_resize(cd, CDEVICE_1, 0)); - if (!device_size(DMDIR CDEVICE_1, &r_size)) + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) EQ_(1000, r_size >> SECTOR_SHIFT); FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small"); - if (!device_size(DMDIR CDEVICE_1, &r_size)) + if (!t_device_size(DMDIR CDEVICE_1, &r_size)) EQ_(1000, r_size >> SECTOR_SHIFT); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); + OK_(crypt_load(cd, NULL, NULL)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); + + /* do not allow resize of other device */ + OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); + OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, ¶ms)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); + FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context."); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd2); + + OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); + OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, NULL)); + OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); + FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context."); + OK_(crypt_deactivate(cd2, CDEVICE_2)); + CRYPT_FREE(cd2); + + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); _cleanup_dmdevices(); } static void HashDevicePlain(void) { - struct crypt_device *cd; struct crypt_params_plain params = { .hash = NULL, .skip = 0, @@ -1626,7 +1460,7 @@ static void HashDevicePlain(void) OK_(crypt_format(cd, CRYPT_PLAIN, "aes", "cbc-essiv:sha256", NULL, NULL, 16, ¶ms)); // hash PLAIN, short key - OK_(_prepare_keyfile(KEYFILE1, "tooshort", 8)); + OK_(prepare_keyfile(KEYFILE1, "tooshort", 8)); FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 16, 0), "not enough data in keyfile"); _remove_keyfiles(); @@ -1635,16 +1469,16 @@ static void HashDevicePlain(void) mk_hex = "caffeecaffeecaffeecaffeecaffee88"; key_size = 16; crypt_decode_key(key, mk_hex, key_size); - OK_(_prepare_keyfile(KEYFILE1, key, key_size)); + OK_(prepare_keyfile(KEYFILE1, key, key_size)); OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); OK_(strcmp(key, mk_hex)); OK_(crypt_deactivate(cd, CDEVICE_1)); // Limit plain key mk_hex = "caffeecaffeecaffeecaffeeca000000"; OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size - 3, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); OK_(strcmp(key, mk_hex)); OK_(crypt_deactivate(cd, CDEVICE_1)); @@ -1655,21 +1489,37 @@ static void HashDevicePlain(void) mk_hex = "caffeecaffeecaffeecaffeecaffee88babebabe"; key_size = 16; crypt_decode_key(key, mk_hex, key_size); - OK_(_prepare_keyfile(KEYFILE1, key, strlen(mk_hex) / 2)); + OK_(prepare_keyfile(KEYFILE1, key, strlen(mk_hex) / 2)); OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); FAIL_(strcmp(key, mk_hex), "only key length used"); OK_(strncmp(key, mk_hex, key_size)); OK_(crypt_deactivate(cd, CDEVICE_1)); - // Now without explicit limit OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); FAIL_(strcmp(key, mk_hex), "only key length used"); OK_(strncmp(key, mk_hex, key_size)); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); + + _remove_keyfiles(); + + // Handling of legacy "plain" hash (no hash) + params.hash = "plain"; + // 0 1 2 3 4 5 6 7 8 9 a b c d e f + mk_hex = "aabbcaffeecaffeecaffeecaffeecaff"; + key_size = 16; + crypt_decode_key(key, mk_hex, key_size); + OK_(prepare_keyfile(KEYFILE1, key, strlen(mk_hex) / 2)); + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_format(cd, CRYPT_PLAIN, "aes", "cbc-essiv:sha256", NULL, NULL, 16, ¶ms)); + OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0)); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(strcmp(key, mk_hex)); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); _remove_keyfiles(); @@ -1682,15 +1532,15 @@ static void HashDevicePlain(void) mk_hex = "c62e4615bd39e222572f3a1bf7c2132e"; keystr = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; key_size = strlen(keystr); // 32 - OK_(_prepare_keyfile(KEYFILE1, keystr, strlen(keystr))); + OK_(prepare_keyfile(KEYFILE1, keystr, strlen(keystr))); OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); OK_(strcmp(key, mk_hex)); OK_(crypt_deactivate(cd, CDEVICE_1)); // Read full keyfile OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); OK_(strcmp(key, mk_hex)); OK_(crypt_deactivate(cd, CDEVICE_1)); @@ -1698,15 +1548,15 @@ static void HashDevicePlain(void) // Limit keyfile read keystr = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAAAAAAAA"; - OK_(_prepare_keyfile(KEYFILE1, keystr, strlen(keystr))); + OK_(prepare_keyfile(KEYFILE1, keystr, strlen(keystr))); OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); OK_(strcmp(key, mk_hex)); OK_(crypt_deactivate(cd, CDEVICE_1)); // Full keyfile OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0)); - OK_(_get_key_dm(CDEVICE_1, key, sizeof(key))); + OK_(get_key_dm(CDEVICE_1, key, sizeof(key))); OK_(strcmp(key, "0e49cb34a1dee1df33f6505e4de44a66")); OK_(crypt_deactivate(cd, CDEVICE_1)); @@ -1714,15 +1564,15 @@ static void HashDevicePlain(void) // FIXME: add keyfile="-" tests somehow - crypt_free(cd); + CRYPT_FREE(cd); } static void VerityTest(void) { - struct crypt_device *cd; const char *salt_hex = "20c28ffc129c12360ba6ceea2b6cf04e89c2b41cfe6b8439eb53c1897f50df7b"; const char *root_hex = "ab018b003a967fc782effb293b6dccb60b4f40c06bf80d16391acf686d28b5d6"; - char salt[256], root_hash[256]; + char salt[256], root_hash[256], root_hash_out[256]; + size_t root_hash_out_size = 256; struct crypt_active_device cad; struct crypt_params_verity params = { .data_device = DEVICE_EMPTY, @@ -1741,11 +1591,11 @@ static void VerityTest(void) /* block size */ params.data_block_size = 333; FAIL_(crypt_format(cd, CRYPT_VERITY, NULL, NULL, NULL, NULL, 0, ¶ms), - "Unsupppored block size."); + "Unsupported block size."); params.data_block_size = 4096; params.hash_block_size = 333; FAIL_(crypt_format(cd, CRYPT_VERITY, NULL, NULL, NULL, NULL, 0, ¶ms), - "Unsupppored block size."); + "Unsupported block size."); params.hash_block_size = 4096; /* salt size */ @@ -1765,7 +1615,13 @@ static void VerityTest(void) params.hash_name = "sha256"; OK_(crypt_format(cd, CRYPT_VERITY, NULL, NULL, NULL, NULL, 0, ¶ms)); - crypt_free(cd); + CRYPT_FREE(cd); + + params.data_device = NULL; + OK_(crypt_init_data_device(&cd, DEVICE_2, DEVICE_EMPTY)); + OK_(crypt_format(cd, CRYPT_VERITY, NULL, NULL, NULL, NULL, 0, ¶ms)); + EQ_(strcmp(DEVICE_2, crypt_get_metadata_device_name(cd)), 0); + CRYPT_FREE(cd); /* Verify */ OK_(crypt_init(&cd, DEVICE_2)); @@ -1795,19 +1651,25 @@ static void VerityTest(void) if (crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY) == -ENOTSUP) { printf("WARNING: kernel dm-verity not supported, skipping test.\n"); - crypt_free(cd); + CRYPT_FREE(cd); return; } OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); EQ_(CRYPT_ACTIVATE_READONLY, cad.flags); - crypt_free(cd); + CRYPT_FREE(cd); OK_(crypt_init_by_name(&cd, CDEVICE_1)); + memset(root_hash_out, 0, root_hash_out_size); + OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_out, &root_hash_out_size, NULL, 0)); + EQ_(32, root_hash_out_size); + OK_(memcmp(root_hash, root_hash_out, root_hash_out_size)); OK_(crypt_deactivate(cd, CDEVICE_1)); /* hash fail */ root_hash[1] = ~root_hash[1]; OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY)); + /* Be sure there was some read activity to mark device corrupted. */ + _system("blkid " DMDIR CDEVICE_1, 0); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags); OK_(crypt_deactivate(cd, CDEVICE_1)); @@ -1816,16 +1678,16 @@ static void VerityTest(void) /* data fail */ OK_(crypt_set_data_device(cd, DEVICE_1)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY)); + _system("blkid " DMDIR CDEVICE_1, 0); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); } static void TcryptTest(void) { - struct crypt_device *cd = NULL; struct crypt_active_device cad; const char *passphrase = "aaaaaaaaaaaa"; const char *kf1 = "tcrypt-images/keyfile1"; @@ -1870,24 +1732,22 @@ static void TcryptTest(void) EQ_(256, crypt_get_data_offset(cd)); memset(key, 0, key_size); - if (!_fips_mode) { - key_size--; - // small buffer - FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0), "small buffer"); - key_size++; - OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0)); - OK_(memcmp(key, key_def, key_size)); - } + + key_size--; + // small buffer + FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0), "small buffer"); + key_size++; + OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0)); + OK_(memcmp(key, key_def, key_size)); reset_log(); - crypt_set_log_callback(cd, &new_log, NULL); OK_(crypt_dump(cd)); OK_(!(global_lines != 0)); - crypt_set_log_callback(cd, NULL, NULL); reset_log(); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, CRYPT_ACTIVATE_READONLY)); - crypt_free(cd); + NULL_(crypt_get_metadata_device_name(cd)); + CRYPT_FREE(cd); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL)); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); @@ -1908,14 +1768,28 @@ static void TcryptTest(void) EQ_(72, cad.size); OK_(crypt_deactivate(cd, CDEVICE_1)); - crypt_free(cd); + CRYPT_FREE(cd); + + // init with detached header is not supported + OK_(crypt_init_data_device(&cd, tcrypt_dev2, DEVICE_2)); + FAIL_(crypt_load(cd, CRYPT_TCRYPT, ¶ms), "can't use tcrypt with separate metadata device"); + CRYPT_FREE(cd); + + // Following test uses non-FIPS algorithms in the cipher chain + if(_fips_mode) + return; OK_(crypt_init(&cd, tcrypt_dev2)); params.keyfiles = NULL; params.keyfiles_count = 0; - OK_(crypt_load(cd, CRYPT_TCRYPT, ¶ms)); + r = crypt_load(cd, CRYPT_TCRYPT, ¶ms); + if (r < 0) { + printf("WARNING: cannot use non-AES encryption, skipping test.\n"); + CRYPT_FREE(cd); + return; + } OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, CRYPT_ACTIVATE_READONLY)); - crypt_free(cd); + CRYPT_FREE(cd); // Deactivate the whole chain EQ_(crypt_status(NULL, CDEVICE_1 "_1"), CRYPT_BUSY); @@ -1923,10 +1797,62 @@ static void TcryptTest(void) EQ_(crypt_status(NULL, CDEVICE_1 "_1"), CRYPT_INACTIVE); } +static void IntegrityTest(void) +{ + struct crypt_params_integrity params = { + .tag_size = 4, + .integrity = "crc32c", + .sector_size = 4096, + }, ip = {}; + int ret; + + // FIXME: this should be more detailed + + OK_(crypt_init(&cd,DEVICE_1)); + FAIL_(crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,NULL), "params field required"); + ret = crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,¶ms); + if (ret < 0) { + printf("WARNING: cannot format integrity device, skipping test.\n"); + CRYPT_FREE(cd); + return; + } + OK_(crypt_get_integrity_info(cd, &ip)); + EQ_(ip.tag_size, params.tag_size); + EQ_(ip.sector_size, params.sector_size); + EQ_(crypt_get_sector_size(cd), params.sector_size); + EQ_(ip.interleave_sectors, params.interleave_sectors); + EQ_(ip.journal_size, params.journal_size); + EQ_(ip.journal_watermark, params.journal_watermark); + OK_(strcmp(ip.integrity,params.integrity)); + FAIL_(crypt_set_uuid(cd,DEVICE_1_UUID),"can't set uuid to integrity device"); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DEVICE_1)); + OK_(crypt_load(cd, CRYPT_INTEGRITY, NULL)); + CRYPT_FREE(cd); + + OK_(crypt_init(&cd, DEVICE_1)); + //params.tag_size = 8; + //FAIL_(crypt_load(cd, CRYPT_INTEGRITY, ¶ms), "tag size mismatch"); + params.tag_size = 4; + OK_(crypt_load(cd, CRYPT_INTEGRITY, ¶ms)); + OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, 0)); + EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); + CRYPT_FREE(cd); + + memset(&ip, 0, sizeof(ip)); + OK_(crypt_init_by_name(&cd, CDEVICE_1)); + OK_(crypt_get_integrity_info(cd, &ip)); + EQ_(ip.tag_size, params.tag_size); + OK_(strcmp(ip.integrity,params.integrity)); + OK_(strcmp(CRYPT_INTEGRITY,crypt_get_type(cd))); + OK_(crypt_deactivate(cd, CDEVICE_1)); + CRYPT_FREE(cd); +} + // Check that gcrypt is properly initialised in format static void NonFIPSAlg(void) { - struct crypt_device *cd; struct crypt_params_luks1 params = {0}; char key[128] = ""; size_t key_size = 128 / 8; @@ -1939,23 +1865,23 @@ static void NonFIPSAlg(void) OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms)); FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Already formatted."); - crypt_free(cd); + CRYPT_FREE(cd); params.hash = "whirlpool"; OK_(crypt_init(&cd, DEVICE_2)); ret = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms); if (ret < 0) { printf("WARNING: whirlpool not supported, skipping test.\n"); - crypt_free(cd); + CRYPT_FREE(cd); return; } - crypt_free(cd); + CRYPT_FREE(cd); params.hash = "md5"; OK_(crypt_init(&cd, DEVICE_2)); FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms), "MD5 unsupported, too short"); - crypt_free(cd); + CRYPT_FREE(cd); } static void int_handler(int sig __attribute__((__unused__))) @@ -1970,9 +1896,14 @@ int main(int argc, char *argv[]) if (getuid() != 0) { printf("You must be root to run this test.\n"); - exit(0); + exit(77); } - +#ifndef NO_CRYPTSETUP_PATH + if (getenv("CRYPTSETUP_PATH")) { + printf("Cannot run this test with CRYPTSETUP_PATH set.\n"); + exit(77); + } +#endif for (i = 1; i < argc; i++) { if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i])) _verbose = 1; @@ -1984,27 +1915,33 @@ int main(int argc, char *argv[]) sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); + register_cleanup(_cleanup); + _cleanup(); - if (_setup()) - goto out; + if (_setup()) { + printf("Cannot set test devices.\n"); + _cleanup(); + exit(77); + } crypt_set_debug_level(_debug ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE); RUN_(NonFIPSAlg, "Crypto is properly initialised in format"); //must be the first! - RUN_(AddDevicePlain, "plain device API creation exercise"); - RUN_(HashDevicePlain, "plain device API hash test"); + RUN_(AddDevicePlain, "A plain device API creation"); + RUN_(HashDevicePlain, "A plain device API hash"); RUN_(AddDeviceLuks, "Format and use LUKS device"); - RUN_(LuksHeaderLoad, "test header load"); - RUN_(LuksHeaderRestore, "test LUKS header restore"); - RUN_(LuksHeaderBackup, "test LUKS header backup"); - RUN_(ResizeDeviceLuks, "Luks device resize tests"); + RUN_(LuksHeaderLoad, "Header load"); + RUN_(LuksHeaderRestore, "LUKS header restore"); + RUN_(LuksHeaderBackup, "LUKS header backup"); + RUN_(ResizeDeviceLuks, "LUKS device resize"); RUN_(UseLuksDevice, "Use pre-formated LUKS device"); - RUN_(SuspendDevice, "Suspend/Resume test"); + RUN_(SuspendDevice, "Suspend/Resume"); RUN_(UseTempVolumes, "Format and use temporary encrypted device"); - RUN_(CallbacksTest, "API callbacks test"); - RUN_(VerityTest, "DM verity test"); - RUN_(TcryptTest, "Tcrypt API test"); -out: + RUN_(CallbacksTest, "API callbacks"); + RUN_(VerityTest, "DM verity"); + RUN_(TcryptTest, "Tcrypt API"); + RUN_(IntegrityTest, "Integrity API"); + _cleanup(); return 0; } diff --git a/tests/api_test.h b/tests/api_test.h new file mode 100644 index 0000000..d1d9b00 --- /dev/null +++ b/tests/api_test.h @@ -0,0 +1,122 @@ +/* + * cryptsetup library API check functions + * + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz + * Copyright (C) 2016-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef API_TEST_H +#define API_TEST_H + +#include +#include + +extern char *THE_LOOP_DEV; +extern int _debug; +extern int global_lines; +extern int _quit; +extern int _verbose; +extern uint64_t t_dev_offset; + +int t_device_size(const char *device, uint64_t *size); +int t_dm_check_versions(void); +int t_dm_crypt_keyring_support(void); +int t_dm_crypt_cpu_switch_support(void); +int t_dm_crypt_discard_support(void); + +int fips_mode(void); + +int create_dmdevice_over_loop(const char *dm_name, const uint64_t size); + +int get_key_dm(const char *name, char *buffer, unsigned int buffer_size); + +int prepare_keyfile(const char *name, const char *passphrase, int size); + +int crypt_decode_key(char *key, const char *hex, unsigned int size); + +void global_log_callback(int level, const char *msg, void *usrptr); + +void reset_log(void); + +int _system(const char *command, int warn); + +void register_cleanup(void (*cleanup)(void)); + +void check_ok(int status, int line, const char *func); +void check_ok_return(int status, int line, const char *func); +void check_ko(int status, int line, const char *func); +void check_equal(int line, const char *func, int64_t x, int64_t y); +void check_null(int line, const char *func, const void *x); +void check_notnull(int line, const char *func, const void *x); +void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt); + +/* crypt_device context must be "cd" to parse error properly here */ +#define OK_(x) do { xlog("(success)", #x, __FUNCTION__, __LINE__, NULL); \ + check_ok((x), __LINE__, __FUNCTION__); \ + } while(0) +#define NOTFAIL_(x, y) do { xlog("(notfail)", #x, __FUNCTION__, __LINE__, y); \ + check_ok_return((x), __LINE__, __FUNCTION__); \ + } while(0) +#define FAIL_(x, y) do { xlog("(fail) ", #x, __FUNCTION__, __LINE__, y); \ + check_ko((x), __LINE__, __FUNCTION__); \ + } while(0) +#define EQ_(x, y) do { int64_t _x = (x), _y = (y); \ + xlog("(equal) ", #x " == " #y, __FUNCTION__, __LINE__, NULL); \ + if (_x != _y) check_equal(__LINE__, __FUNCTION__, _x, _y); \ + } while(0) +#define NULL_(x) do { xlog("(null) ", #x, __FUNCTION__, __LINE__, NULL); \ + check_null(__LINE__, __FUNCTION__, (x)); \ + } while(0) +#define NOTNULL_(x) do { xlog("(notnull)", #x, __FUNCTION__, __LINE__, NULL); \ + check_notnull(__LINE__, __FUNCTION__, (x)); \ + } while(0) +#define RUN_(x, y) do { reset_log(); \ + printf("%s: %s\n", #x, (y)); x(); \ + } while (0) + +#define CRYPT_FREE(x) do { crypt_free(x); x = NULL; } while (0) + +#define SECTOR_SHIFT 9L +#define SECTOR_SIZE 512 +#define TST_LOOP_FILE_SIZE (((1<<20)*100)>>SECTOR_SHIFT) +#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) +#define DIV_ROUND_UP_MODULO(n,d) (DIV_ROUND_UP(n,d)*(d)) + +/* Device mapper backend - kernel support flags */ +#define T_DM_KEY_WIPE_SUPPORTED (1 << 0) /* key wipe message */ +#define T_DM_LMK_SUPPORTED (1 << 1) /* lmk mode */ +#define T_DM_SECURE_SUPPORTED (1 << 2) /* wipe (secure) buffer flag */ +#define T_DM_PLAIN64_SUPPORTED (1 << 3) /* plain64 IV */ +#define T_DM_DISCARDS_SUPPORTED (1 << 4) /* discards/TRIM option is supported */ +#define T_DM_VERITY_SUPPORTED (1 << 5) /* dm-verity target supported */ +#define T_DM_TCW_SUPPORTED (1 << 6) /* tcw (TCRYPT CBC with whitening) */ +#define T_DM_SAME_CPU_CRYPT_SUPPORTED (1 << 7) /* same_cpu_crypt */ +#define T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */ +#define T_DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */ +#define T_DM_VERITY_FEC_SUPPORTED (1 << 10) /* Forward Error Correction (FEC) */ +#define T_DM_KERNEL_KEYRING_SUPPORTED (1 << 11) /* dm-crypt allows loading kernel keyring keys */ +#define T_DM_INTEGRITY_SUPPORTED (1 << 12) /* dm-integrity target supported */ +//FIXME add T_DM_SECTOR_SIZE once we have version + +/* loop helpers */ +int loop_device(const char *loop); +int loop_attach(char **loop, const char *file, int offset, + int autoclear, int *readonly); +int loop_detach(const char *loop); + +#endif diff --git a/tests/bitlk-compat-test b/tests/bitlk-compat-test new file mode 100755 index 0000000..38efd0b --- /dev/null +++ b/tests/bitlk-compat-test @@ -0,0 +1,120 @@ +#!/bin/bash + +# check bitlk images parsing + +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +TST_DIR=bitlk-images +MAP=bitlktst + +[ -z "$srcdir" ] && srcdir="." + +function remove_mapping() +{ + [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP +} + +function fail() +{ + [ -n "$1" ] && echo "$1" + echo " [FAILED]" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + remove_mapping + exit 2 +} + +function skip() +{ + [ -n "$1" ] && echo "$1" + echo "Test skipped." + exit 77 +} + +function load_vars() +{ + local file=$(echo $1 | sed -e s/^$TST_DIR\\/// | sed -e s/\.img$//) + source <(grep = <(grep -A8 "\[$file\]" $TST_DIR/images.conf)) +} + +function check_dump() +{ + dump=$1 + file=$2 + + # load variables for this image from config file + load_vars $file + + # GUID + dump_guid=$(echo "$dump" | grep Version -A 1 | tail -1 | cut -d: -f2 | tr -d "\t\n ") + [ ! -z "$GUID" -a "$dump_guid" = "$GUID" ] || fail " GUID check from dump failed." + + # cipher + dump_cipher=$(echo "$dump" | grep "Cipher name" | cut -d: -f2 | tr -d "\t\n ") + dump_mode=$(echo "$dump" | grep "Cipher mode" | cut -d: -f2 | tr -d "\t\n ") + cipher=$(echo "$dump_cipher-$dump_mode") + [ ! -z "$CIPHER" -a "$cipher" = "$CIPHER" ] || fail " cipher check from dump failed." + + if echo "$file" | grep -q -e "smart-card"; then + # smart card protected VMK GUID + dump_sc_vmk=$(echo "$dump" | grep "VMK protected with smart card" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ") + [ ! -z "$SC_VMK_GUID" -a "$dump_sc_vmk" = "$SC_VMK_GUID" ] || fail " smart card protected VMK GUID check from dump failed." + else + # password protected VMK GUID + dump_pw_vmk=$(echo "$dump" | grep "VMK protected with passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ") + [ ! -z "$PW_VMK_GUID" -a "$dump_pw_vmk" = "$PW_VMK_GUID" ] || fail " password protected VMK GUID check from dump failed." + fi + + # recovery password protected VMK GUID + dump_rp_vmk=$(echo "$dump" | grep "VMK protected with recovery passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ") + [ ! -z "$RP_VMK_GUID" -a "$dump_rp_vmk" = "$RP_VMK_GUID" ] || fail " recovery password protected VMK GUID check from dump failed." + +} + +export LANG=C +[ ! -d $TST_DIR ] && tar xJSf $srcdir/bitlk-images.tar.xz --no-same-owner + +echo "HEADER CHECK" +for file in $(ls $TST_DIR/bitlk-*) ; do + echo -n " $file" + out=$($CRYPTSETUP bitlkDump $file) + check_dump "$out" "$file" + echo " [OK]" +done + +if [ $(id -u) != 0 ]; then + echo "WARNING: You must be root to run activation part of test, test skipped." + exit 0 +fi + +remove_mapping + +echo "ACTIVATION FS UUID CHECK" +for file in $(ls $TST_DIR/bitlk-*) ; do + # load variables for this image from config file + load_vars $file + + # test with both passphrase and recovery passphrase + for PASSPHRASE in $PW $RP ; do + echo -n " $file" + echo $PASSPHRASE | $CRYPTSETUP bitlkOpen -r $file --test-passphrase >/dev/null 2>&1 + ret=$? + [ $ret -eq 1 ] && echo " [N/A]" && continue + echo $PASSPHRASE | $CRYPTSETUP bitlkOpen -r $file $MAP >/dev/null 2>&1 + ret=$? + [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "aes-cbc" ) && echo " [N/A]" && continue + [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "aes-cbc-elephant" ) && echo " [N/A]" && continue + [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "clearkey" ) && echo " [N/A]" && continue + [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "eow" ) && echo " [N/A]" && continue + [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "-4k.img" ) && echo " [N/A]" && continue + [ $ret -eq 0 ] || fail " failed to open $file ($ret)" + $CRYPTSETUP status $MAP >/dev/null || fail + $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail + uuid=$(lsblk -n -o UUID /dev/mapper/$MAP) + sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1) + $CRYPTSETUP remove $MAP || fail + [ "$uuid" = "$UUID" ] || fail " UUID check failed." + [ "$sha256sum" = "$SHA256SUM" ] || fail " SHA256 sum check failed." + echo " [OK]" + done +done diff --git a/tests/bitlk-images.tar.xz b/tests/bitlk-images.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..e3f07d766897f21ea545fc2445de7edcecda1436 GIT binary patch literal 249936 zcmV(dK>WY`H+ooF000E$*0e?f03iV!0000G&sfapkvo}O7C}p=_W`(qi4X; ztU^aDw((r?SIZAhDZZNa3Eg zK9vDTh?F4)OBh|F15)TA;Kt7P@=BG zNr?np51CEt4X^{U$Kij+z7j(hDDUm~1AEkW`X)>X@QTz)t4qc-!jjOUb%QEdo|z4T z2@^eC4Iri=cL)Rm7R1>Qwi>2Ht+K0@+)UgE`qhBhHiApP(F`{aZd~1t4OSzu!wj#p z?L=j%T>WTO2w^Git$F;{i}U{N{=rfPb5+v}=61(eL9bxUb`c0KojmKqa(5 zBcb_;V>R{lg{AMvt%zO`clUWvIEB!+;^SouBM(MB^E6EE;#av{*O=~fyd8=k1#?fL zk6`K$Xj%){ap3+#0x<+LEvlH>LXk>12UFZB!CHR_tt=W^uDT7AKo?PrMXQJS_Tyv5 zq&^8Z+qLL=puxNJ<1z%Ul0a*QcCry_>|c!{0xsxO1$Kg?6Hx?WjN`t(f&m@MV|3_U zCBN?MPkIbOQ^p{cFYYZOosvO)Nd)~J9_RgF(w|!Jg8`{T?1x7tW5g(2=qG+lyBlJ2tqIAsF8aRHq-SSZ{77Z{T)0MnBcVtG z#|&_J^YQZ)T;?ta^o3(C$}yp2DpAWN<`l`&E$}~7NN!H#0Kp{GZMVKq6eRHS$bMXx zou)a!P=-2usM|$_S$bJ_o1zl1R;IodVY@X4s99UclSwOIfGObbS@YKVzPh!3d8^D` zij8@??7Ndfn|1`FudBuddM9#7%5kPD?u+m&USrDfJF&udcLA$zas7ch2tYcU*xAxiMFN>=JR1M7wlZTZ|51dbHl`_{E{!U9UF!?W#!wcHGufSERFP~?who3p>i>h93}_@$_FZ~3F3L8#4#0G#OX zQqqe81EfjE1T*#XM)k`56^a8RVEtRN{EhgpF=*k9h(uTbP?27uWcZ%oZ%3^Dr2OsTwU+XpmwZhn+r^BK2yPt;OI2}+(RMiz8tc` zG2gp>&KUqUy1l(=6A2-u=&>`;TG?J+%rxUk-kP+&##sX|Qk&alts>=cMam7v>^8c# zE|&~@hmvx6vHt*M=auN!y$`kprd}v0m(K3}A_5Jj8uT?`C*pe?y!&rR($WPo?~KLa z>+#ZC{uaH!oMB^2JY_ev?Wtm$C(Q3PjyrywD)s9+Hthm&?>T)dWzE+IK)i+Uy0Z14@k+Fhw!vKib{-AkN81!MTXQ~t|V z!aV*GOq#-r$UrAxIlLBBp;#!tDuR^HI)D{VO0I}G(yTV~xN@Us@kh+sJSdYrT3QZS*#xOUjVvh$PG!n>L~lzf ziR1rbOx9>4Bu3Wde^?%CHewvD#hxaW$DPHmO4Yx83(SW_w~!{I zgpIyu9_&IaR%PIhrut+wvz$<1s$Si-KNnVc6j^NeHS+g(AQUMdA zel!Y=HqrxwI8Z@_@l>Y*Glf}@mPEm2B~u_G9fWO?VqSg*Ez71Pf23OvoRi3mS#&VZ z6NVG@%&mLHdl5lnTvU(u-dE^WA!dy;vmz+UxVaJRk#ie zlPqf+bS#DMwP)_mL)2fx|EvA|;IyKKp8jZ#SD%(c z102c##3pMbI*ARI^-$aT105s@VU)JX4Uq7AXwJDrh$EwLqJFDiD}jY;v=VVs{^Ak< zUX0MPOXt|!@IJk)<);cTvm5w1ea|&=*$u@3S5Zt{@dM&--f*9YuHhO5z>NSeNnYtf z_OCeU*v}<+-ZEPQps&}2>V-O{zkx7;RFWpsG>U-;!Cm`A9xRw69{)yXps%DM?3 z#Q^G|h`|V~#llk+vdoODOPF~F1+F^@KTv_T2=jDK3uCSIw72nBiL zc{|xBABTp|e&sjpueV*-J~wv~o{X95x=i{x!Y(++wRtHsBaD3=f(SP?s-C0|k)jJj zp@V-eqW5|wb1_+@U{-ABE1?{A_b{v^e+@&sW}C02G#&*rMipMTU>bTaSWYD3!xOIO zDB?!P34!P3k$g6PAdbfkZ_pEJyif$UUF%QLOGh!mmxFtsnmoORk+pSYWQ?`paAlo zWi*Q&YC;gwEsfMHfzKMiV;)TQE!GmU(L@~eKl0#S*KL9NSQo^nriZ(jQuc~F zV`E>G#f0=`O2!NQxoZ+!)yZIz(`d3isB>}N5fJfF2Nx5Nj50CZ14^Ulkeo-Sn3oPH zib^(zh3KsvsiW<+*4ld4Iz&v5?-2(50Pbo1&}J=V zqRo99F}K+CX+flKvG-XXTDPXfM@R{lgo?NP{!z$TnWmG{VyUX@JP%k=1wO35TZf z?onO|l{lqFHr{4B-w{mU63B=}%!H=%`YNEp#wVxr;{{Sh6ao5$MA3N~m7M(f5z|Q8 zH?*2oT)f!iS`gx!z5~^M5wK)6x{9_haSKCH)?S+wUM%;@gm3t3rLu>_HWS_WsW`Dz z0~Pu;r2knX0?xqmV|+$#9r$`3YC+v9xH>2eifkp${0b{V6IKhh-ANu2ITe>R5)&@F zT}SU~j$oDVqq+pJB&N?rj{ZBv!7gM(uh@8}gK8*o$o1ot@w(3XD) zsUh&lc&a$C$HhmC+otdsI5$vq!Rf;#@FurOkG_F#ew0cJu|x*s5gEtghOI?1cm!(} zvb~3-JXkuR&wV9 zT68oj@sO#d;PgIjCMu2?7~E%P&R}AQTi$u5E5)5rO3~$ytMgtLx8EG1Mt`>^CMTF; zZ=@<4?o*j;z@af&6M~`&kaHqu%dkUN)m$pG)b;2<;H zXI_@2$DwtrLrYPZMrPvv=`3F9m6=}B!KiDtZh@8f!22Um8sCTc8%pNzE>k$!_y^A` z@!KDDX2k3$1fZ9Cc7(3`BfD-rjYhfoy)?S z5~6Tq1Qpj)$MUVT&;_O0YxP9JaC2$+?4wo;imY3_0}3!OQ|3}~tE9?S-Ga)nUnSrG zp6=ld(qD^`SGB_j0NV2#AOA>*+QhjHC!$GdzL22Jp)&=nIUJ@{$Q1+h(fhZJ`lnWT zT%NuUALZ>ZNhZLayf!$e zjYp(uVvk04ta@J(-NUc|4Ua5WMOijV7Q@WQw;$<%u&a2cJ6a||W~&c&pzC+moltvu zuuAKW|MTu3cgW>joLd-8ZcMBrT^C6Y&S6x9f-|Hl1e+{m<;9v`Wq;-eW`(Hx31d}} zHy1!UlSjBSsx&wr)9Raryxkz?;)XK_bE<8o;_j4iOPdPf)_$*Vc&tE5a(N=Q()BTQ zB?>gZAZjyHbRR$%hBBkzTmNiBwK^ml9)e};E`*+i_ldJd7W~c-+DwRnZ~DV^HkOqW zRzEyqw+-dM$Hsu>9xW?O945w@0oIk-DDWT4u%o%Iwnlp;DfOCP>bDQPwh3FOJ=*Sy zc|y3*`pNbWprk-PMFn6QPB{(yzF^<5ctcOC_-TY`!YxskMYM`g-od<=!G2L_YB*f!7|JU6HgSJCMJM|u}AiiWSxCEM?HVS}%YwmySQMn3|c>KR;s!)$7 z+tEY;TEIHN8zB~_>qhHH zR+&(r0Srx?sw}kl=T>rxex8r(0_-yg0Pk>C zwipFeW-lHjfHUI{Ye7He_Z6ym+)=>sjt#CJV@%5LQ){>SocDHy21qv>SlCe!qNuBT zV~s9pCF+9^t;{F;OXr|JyJm^sw$A3TNDaUWj{hTX@VyVvq0V>@GDJBs+135?`jYM= znU*Q#WFZHTz@=R){$vXd<3-E;e?J;g(OIGiH&OqeQ`5j1 z`!hhgo!(h!6@%pMJ@O@58bh?&Ct57+4~+CHo635P!AZjoIe=o*Fb`f@EOZ)~!NGQL zTTF4EtDS*d_-VOO`FPB2Hmp9K^Sr=G7~$;tB?1=Ej*huL7pc`lCiA|owGw#d=$)I? z>)=lwdf4zA;)M4va4HP5D#gAN5y3lnzy2B#xy_1tKJR?X>t7+Jp-}-+kLp%NLP)d8g-6bzyU**Kt5#VU)l$$_GHC5 z0W3CC@gw4;a;&^FXER}kquGUbf|ZuMn9Eojs(dwvIVP>40G4P7AbxwFMSvM;2z@#F#pMu6z6=#Ny;zg-9HT0K^83+ZS>GOcS_#fDJG1S!B+TtEw|CEn@}p2fLslgwg zA);>d&(oPW^;{WiZ`RX0x@+O3-U`&;Db^yfENe?~jn`|%?q(NYEVAx2!$)X3=Y;xq zkm(q;z2nzqmP~IIP2Z#NkF-zF-(@9iwJ^~utZwXj=HM5Kc4*QI-mlZ;!LSf%5TsgG z?BDovoKnIYjjHPn`Dw{WCXqLMVhjOo(cjabD@|uDllw1=SQLd=#Vvnyp2r_yiMyAz zJ?e~#N1boBWL4}omxbC4sFvLj?2V}HZ^5(*kCwwnQ|+Gmh5nl2B0Zz*XcL`e!S$cR zKp^WMkLU76b$4}9cV}j-^Ipp9wWarRy0Q-42P`+r>(u(h_quM^ui=4AMY*65*ubs{ilrok(9kx~w#74>1 ziUDK*0S89>V)apYE!}OBb$5gvSIT`F0tp|8C*$h?$1t7k)kt{cFrXmCtrLydIcmrS zygP}uB(H*WN^52i1B{!VnMBDCs>PCMc5O`ip*Va?8rB}E#P@0p$TzacaAZQE1xHwM zfyIrn84kuRj)5=vIe=vgk$nBDtcUpo z$ZL^H0Y_Xe4uHgQdYgxvUp1})ujzA6S_@dPE6^0ZZDAf_?~O=Z*%^Q927@+)|IU&2 z4RBx5bM87PT$#dd5p^l?W+ZcS*T^FlO6l)yKwQY`ja*48#z02MS=&xlF3%)$uyQ|8 zQ@kGx<3P*KA_+2ejZQ{&#+h$X4v6~)SXyx3zPMRa3(#LPAfJJ<p%(a92Askef#rM2h!YmvLKRe1ap<{zM$`NXv_cIMWy6(0ojWKD)Az#|s zYm}XF@Wv*svd>y1gZ=|L^Q7Ni@-O9G*lk@Am*1!kA!J~Ri72#_5`{Uku z^}rT3FImMHf1|@GMgaAck2P7QZ4W;AF{sFjscO_lz1QY(fFy&VV-zqvlCs&LH(#bT z?OdPp$fDH_sAZHrLPeF87)CqxeWuY`mWjYvhjn^~Xi}!CkCf$5EEQo@ov~aWt zJL2)^IkcIAxTGLe3iLa+u2(tp*XVR9I;q);Kw2WtgcH^$8=RkLpt44U@{8RLAo^^o zAQvi~#`=4ygqnER3$X175MPxk8Eh|sgq+TPAvlojhFJ559J83b+wEw~W19gKF4Q~w z8;Qe++7HryP4%PWwBPlwL8^sf;$xwDoLJ*j|GzlBd6YWiwt+u#g9R7`B(CTr&GsHW z^YxiBqjR~Q0T3L5Sh88PO-T8KTIglZJa%50>J1t`e8?SFbRBVuyo6WR5o z6mPbVCO2R#DW%J$!CG~vHmx{e-)Ib@8EBE<8$7_H$UR0yw)+BT>#!=+rX-4=7+7Vp zz0I~Wl?a_h8`U#M?{T7}FHujk=RQ4_QsGZ%Jgu{WmaE5lv&dpXBeVCe7Sh3X6sGcY z7s(C_nSs{DJAfDgiR^GQ1Kykj>^L@6y9W|SMD)k`%R%VVs8D@eE07|eW}V{A2=fJ$ z%2-D=k}`x43^RxD39%o#)27ir5A{B!C1szta5PD&$RXBUIIVVlo!^+(q>$Ul#c8hZ zr28o!^44_~e_xi*F+8zl!CmofNEZKG!lQqB92a^J%jV)0A4$VD3@+5ZN5NO*^$?9c zbwttQNXUS(^(Kv_6Vu4?#1*`e_U=$p#mbcv2)|xMYzPpYkR_fFHTP~4k8QB4dsj3~ zxqs(@>B;?#8IoKu%$wTft5JK&O2d9Qy6$XUf;Aj%aAI->nfFp@rlB=!HUWmWpkFV@ zv?|`jNsfemgDS5f)o7)%=?0FM?@=LKe?{OiN<}k0VLcZ3*^S*z3g^npzjeiuSpfvr9SgcG>~x6wZPqJvn4sSVQ=|&J=Q+u z-m7A-FQ={oeK}^*g=YhzLvBGor|%$~hm8aSX4lVC_J7(|R49NlLY~Mr$O7>=7lfGb zi>s6jBlu#I(8t~fBjD%q!bgd5ivK>~J5xB0?2uE8 z&`<+|2%3>riu^0Hr~{C0kQF)3%w=5aj8LlISCOvtdG)f?nd)vc2x06zy_4W$F?Ir3 zj{zkQ)?mr@7kz(s*;~yN!Ypyj& zUc*sEMIK62sUBw-2mG57EWxqRbf&2JxaL(F=~ZX48nt+0J`f`X9#eLp*xa?P^glq3@Q3dWQ0@Igsxrm zAVP%vn@ybASrxEi9hw&}#ddmu5Y6UZSVVm9_hE4SRGt4u1~gSLsnKhu`)(s`%MnYQ zZns6wVd73V-rloLQwTdKim&3f0(YCbGl^OJDemvJ{7sM-ffH;FoHR1}ktk&}&~xRq54)f*8J3xtY=HY1DDqPxyc44$lUCwb5p>e7{wITv}RU8S?VGyl#` zi+rS9ShUvMXq$4jW>E>{0OROyloF2_z+RwV^OYeY?zdp1j z>!97^Y)^a0YC`m05z zH@M_Mr18a(T%&42Yr%QMs3+}9kCY8zXRjd9QkIrXwPyyIww*Eg`)Rk;@3jb=TtU9ICtA5sb z7bgmeZ$yO4^wE<>1{$PqsJ4h>LJB7diI7$TuRVum`2GiY*h z2uA_MA;F3&KJt^vF|{_a+Bod&VAO9zbaAVpZSstA=;;%!>k>eLk6I6&m>*SPdfNWU z`S*mAEY|h=lHXUxS5sX%(7Ne;AuG!jRARB{ChrxbZH9z zUeqbMvl~=ihNqLcae@sK(h`n6THZl8&^q17y zm4JKl)P4flBa5H>yd5XXtXGgB0D?}oJfYv|HD;NXnbO~1kqg-9@gdT`!Gi(!g(rt8 z)9aO`QPe*Hy*Qp{g~box)5JZ|k=x|` zH!`A)UMpMw73mE;q;IMrj3(N~BqZ!Q9D^{)TQ*m&hBdEH$c3BO+uqh^;oobftZ+SU zIk~uVg~oO_oUZY?n^%wMZQz=oetwtU@1M+|q)vkn?3G*1rq|j6%|5v{u#2 zk$W`Cs#M(N1EA#wQc1NERC@?XEz+$XvNiPcv$f(cNKoBMOppJmu;Qn{D~y)S%;%a1X4roi?L{l9l zV$!{i!;HC7pi}>!961&`ZJ?8e|tYXC$Z4!Pxod9-Nsk?;T;kD;tw@FdwYI*;!z);`GrN>+#; zt=u%`0z5nzzGoaG`WpYqxmC|t#ypD}R|PK$Q&s|qD_uz$gaAacOdn!?iIwU>dkZkg z2<76S0*~HgZHMqNp!-An3XP##H)GPONNa5!a+Xs|p5h&kysGUliP4jpQich~j&&w` zT2mH#P_X|4i3Qz!s9*n(T$tWp>LzpD7#=P}}@Viuvv{4Ss=C3`qmh_t35k+f`X|0a&)i(HeT z*r9HctZ=C0tf5nI$5{FVWuvMlcKD3J>y?0D^w`wuZw@;@M2ML8D|41!W2r6PZG50{ zHR~8JdoO%>m{#CbR}N5n=aOmT20`T#n&x#ZqPV#zyS)sxp+npQ0oF=#)jpazy3_49||dsXvRGfk*V_;;R>gAXE` z7EA%)^a#5(c(EU#VDwlwqqE;7_+EZNgISRhej3;$EDMGLMqYz9g94xPgI)8(r8-t2 zgjdj`S2mMWfP(S23Pmc!T%}gYvar9Yhw@w!4HAQU954<8Q3_;Lm%;FHX1 zhPf*LL}HU7jfb?PkCk-3duDmaSZd{{S-_7kYl>5c>WL^D)9x03iAi@OUuP#-mTkP! z&g!5;V43h?AcC7vL|;bW$9y^>S-9-Q87ue|G=Gm{usoJ)KD*wU#9FF7XpA~!P-{Mb zvW<`86&d7u&E0pU9cN(0R35ZMe^E{Lg`$xVFTgx(__M2|i9 zFhOb}IyV=>ughAwQX(iEMHZzCmz@VOWO^-8^-j!Zu|KwfUf6k&s~?S*q&DvEYZ^TZ z+HtrR->=x$)|^jvvbuBAjh4eK6k7c`zPg_E9D8$he{RA{gIjkIrNhI4)S34X{K;!< z1Vs2-+f~y)rLa*&y*%U~Wn{FLI)-fLH|gu<@u`U{TQ!(ybbL|C4H9}K!UNWk34WcS zJ~G3)TCY7ICk7xCbZ0s0j$1lQ;`j{Q6&$CF=}5*mx#0gE_hREK`YsA>@DCA=qDQB1cI5#`9aq0qIF}l*IDZ$A;zp}sR#DUhF$G%LL8J{eh@oD%}ehol(x=~cx*7;FD3MJ znej#SeXQ6b)slxf*RgcO-8MuG61j8;aZvT&rhPR62&A-~AuKtAamc&JIzetJq+PMz zi*AybGAu{{+f#xocQ;n^?xNNy%A&ImZ$9OH;@g4%fK8xS!a>QYgzF;bBJ8wzYvWOt zhGe3^YVx3tZ(gUxWCDiqrbs(qo&=?;z>K(&BW z1~*)CZV7VU#c9=PXQ)LP&1?Oy@dQ288pW1cnVZ#QaqmL?{ttOJBPVH2gC#!WNr!SC zRbgSRuFmsYl0ia^9ah(j`cEAs&uSs}I#OO1h>M>=QN!~41ITK4!G9{@jD#Lhc=v-< z4|FE?7RvPdJI5=Wnc)To3X{L*zj7$ENT*1&oh^egi(&vK9hr>{A;@FpzlfE9cR9{} z!s|JGamk}^Y(=HvP77k?Xl!eTImWxuIl|7$dSlQs8BQf~WzI@sva;to#`Q_cjqX0L zINx4ApQ`k8^t;-Jgy_oyvVwDPz1Y?)d!SH?2YT)7|EXNcwRuE~}%!w5(E)gR9a%zea@23UCgq>n; zDN38fCf1ws;Ry_4m~@FJA7SKPLVm1b_0qf1T#{|T7+m`vxXEr=$Z@KnS{%*Of-KDp zoJ=Ls1?Ulag&i_U>~zI8KKNUt{v1n&q?Lln&!l?_>jjoQpHkrr=hNMss|Xz+l)9}v zyfZQ98Kr~qIx#*n98F#7!%}!sMCv%8xQy}=+;hzF+Q|(*BdUg?Od96b{V6Ab{@#>1vzJCy6+E0dUCfgeI0r#r#e3*^EcA`_l_P7Hm<_}eM!n1Z5k$F zeGkv2-+4@ZH_EO_YimehUyZJfrbG;y78l?Uz2tlF{~Ln|mREY@Wk$1N9z4%i+H45C zd0*CP{zcUINL@2u?pIiwB(1`1H_04tqckp!zdKr-;+1JdD%{nL`RE5vpf)!U;is<0 zAw^DtS&9f+%gNb$!gl_ z+W9QFmYs^`9$bBP2CA~O<6x6^<2J|?|x_G}5c2)D4lrfIG z37V(d(VRX z=xDunn$=`{fYn>b>M_+(P>Im6DXL822j+^)oSVq+}j z`jRTbbtOM@t_+twZZLRcIqq7A`lf1vORh`ID9^mDu5JIG?$;}37$#E-aagb=<;znN zzD+v>7c|&dM55$k@;@Igyokk&_;oxeWquVrGw+8mk4@Z*277JIoMaF&T z(|iaDDH|LlQ(Gax4&r4NTKFomWecyTT)yl@(`h3^x5{9_8RGq9INVWZ7oJ2~rfV)K zZmMDd2NSMD70y_daFRvp4s##huxeI8R(;}AVFGn*R!IymnQ%m>3+L4jK6kX17ZP(w zfr))Nb_fYs9$nqPLfx6%Zcz)q=5x!cN7AvAQBMz(3L`;b+S&$K`@mFGppk)ab^V#~ z85owD;BL(L{`i(R6_9&aU&x$m!my*D%GOLoI^aTvR}6@7f!2kaMi_yLUl##fj11-i zN7DM&Gl3}pY5CVhd=|8-8yQ)Tqd8oUtG1HU=Z9ArmirSMpr@}x*p6>{I&!?m<`t<`_0#p|I307jqV-mK=qASmyRatCjAF9V87J1_*Ls0Jx=~3eyBO z;?G(6uyT~JxiH}0zP6bvDaUj}#a=5nCrB(#VsJzF_VEfFUaK2=0}vbsT`Hc_O2!nk zELG+m;E}SNee=r$-APMu2rgmq;0iz}ACUJlOIoqtCyUe1VB~Q--;YzhYfd=(JO!@T zk+F80!_51duGVf(=h0?9BWsZ?%A zRm9%##j6({%>7RBwpcg^<=!#abe@4vR_*Vwu_pVvHdwAb%Rpx}bed72SIj9C84R6vJ9%+6l~R)a;+yWC74yRMKiW3{iA8_p~|^1yFje z!yhVWEWfrg&g_xF5)|ncR(|kB1@MIZT%D$rp!3kt+sx^9Mr@XGYF&W& zSV(OgD-@vdk}RBDD4Y^eC!1>A_>&T&My3YD$~hrDGz6z1Nb7uXHr4E^{p&`u=UM$R z>2r1H5S=1-;$jVLL#`6E9w%u~<71L2clj?CKD4*jSDGdAS)&xYDN75JoENq(yKe0}w+nWcS{vKkNEcMLVHe`(p_a|JE=m14*v>=BYmTr;mF zP}*vy5Yk=ci?MXWC<}= z?Ao0S?#=nMC}*x3gBiDX*<9r-hx+$hYyMiHufj?kG>nXJQbesV9#Fx!FK%^-uD^(R zxG*3$pfC@Ql6>_A8yDDM_^PY{SP&bQH$qkMCRH8a^BNRx_q9&cuq2g5iK%+Y zcOvTY5P(Y4Fu{LPMK7Y777LL|ignu7umUxBdI5U2ed~4~LHN%#E zRVsL7OtaTdJ&~=(*{VaP{;^P-^=)|X<{)E*?X-@J``3Z zlQO=~C;W-S{cQj>0d~C3J|2pEOp}>5UOBr~Lsxo6j;L(Hjt@SKvhqC##}g)~7-cRj z^f%$dxRt=nWFwI(N+t%r0eB6oo#KlLyyHNIa%Ks&<^HnLSDtmsgI60*{kVs6t^A4J z1sjZu0Y+Abrc~AL3%*&7Bb+(jnfZ~IBD+YN*}$U1T^KU~3o3~W76Xn%$(kdzy{ae9 zZn2=Dj8>rl3$T)e`y2AAALUZUNCOwI0dF{Ev<@MxxWCvQ5)~XGUSlg9))a8cmnmB+ zlp`GQ;3R8#LIl}&6)GyNA9sw9L4vZXje6Yr$}U+1>6wz)BZ#X(L!sus@bXB)#Fx-1 zEgSBDBeKp!c;#RmE&2%qS`F5=u-i=xo^LA$tl#?4yLM&!vEVWWsx2%eo14U`h}T+@ zt}7Wd8>xMbTl%tabtPORcoY?d&i$+&Z3Wxl9)v3hc*9g!Q6ITAMR|7`d()NS0JP_u z;=ylurW{U028BM!3dD#nh<$JCpC;-0`W=kGj+|6DxsTYB5!0AtsKMG>`NdE(0BXb9 z1`Fg|0UAU6lo&8D(l)x2+8>&{8t;(hKmKsksPLU^(+NSxq(O~`5+s1N(Y%g#ct@Dh zhYrr$C2?-mw&VTDruo~EySa}OzCTi5dM~EPUd+w5i*A9l2T>rO{bFV-1V)r?8qXQZ z?yUWr^>sdcPALg5%y+3kQnh*GtcUImGx6EL~{STz^}YUTl9;#b0&(itzV>`BE$q=NW$yrY>i8U#gN2Kp#>tD>Opac~c-Q=3IV z3eedqg0zL{i_Yu7vglMa%XtIlV6jwfL!05?Ub-v0YKC!yPFbtM0%~^o@71FZ&G6;sf_M`#9`U0`Spe_OBe0 zki*M=N+mWws?3Nbfv4hJ(`uQzyvTH{#}}cKnn(KHj3wd+{oetWJ>*k>gf?r9utLDB zKM=DI=aR{s2%!zFmxPLJAqf!e8l3^BcPvG6lBLkw32vvVeLGU@sl~sPa$!*MKUV{J zSw39;s(itD=xwW`Gq!nglnx*kyeE6u9Tt#fK32aY#Q_^h^@`CYu6#W3YRCPm z*MI*PJM;ZEuvaF=wkI0({W2sHS6>wovgqH8?&+-UNq(M{g&bY z26d49p(}-phll}(U+;|e7RLT;)hwSi0!Jp{#Z)|O_XI#HI=2c+K?w&{57JxO6+>d>hD24VX>^LVA;5q9mD6IA%A|o8`+VKp z=;?m{D`>fb${?}|we|}aRo>$Ta600%f(euyh}X(h3uEkNN=eJ-GxGIL8!}o6 z9^yFMP*QjVgI+HuKF|jcE=~|3f1Ki@F9EPUOF`1VBo;}9S0`y#G;(r`hY?i)%=8)& z8fhBbvLa{%uz-JpDIg5zBSyzHp(?_I1mGOjexrx?xVUI>S0s>KJwY%4x3B{$ zLmB_Bylo@@VHKNKhy%3*G#VPhH_^Z-72cy8{JaXG_LU4uD}>a6t6J1bI5rDKhf!Mf6pD@ zSF(&kPw@sD6(<)$8}jha2$!uOgq|pB5hDf}rzQos4b0 zL+fTd)j(bZpB;MiUb~l?_o2_YLm6c71a=ik$$d-$wjvQ} z>)pxRbAIT$z{v8i|Injh{{kVBUAqk;3)k9X<{Q3_r>w98Wsm%@1Ukf$p)^;RqhVME zY;+Q3YxKYH8nrQbg+btmW$n`*U>p~nydQ@iM~y5cN=mj6vT^}@q#K_=n_z(ZVDzF) z+gq%?fq_}K=8{YzKMI`3aD21M+kto~eM{lE4|aL+N`L>P;gJZp0=q(COeDh}5Z=A> zx^J3B^j9mAs|ammtJoiQB)*`C-{oT(QDnL0IKf3b$1^7()=5wOaC^!ycY7qvuV`B@ zTTzyxO;ffZSaB_v(OgSzET)1CkbMO;4n}&fX@L+##b?RF?dFp-0lE=APa7z0tijxo z@dlTumhKN2z${IH_kS~8Amn@U3rC8T;Wsk4E6Wq8fX7Rhso8^?E69&4zv5GysXJ%q z*5z;IEvNm{qk4Gt?liJlQkuA23cGTHl|KCwmA4Lfqe!Gk7T=_Mb;q1AkBL3esT6IZ zYX3wd)t_CQy@L42(TWA25ecHzTxxWdKq%hj!INO1Y+r`Hd4r6b8rKyL332l-AfB;`abVO)?$%(+A$zCAi_uR3GBLKj+3P#r)w zpOB14oo(JVKlE;GpO@5sgDZEW=R&z(cg#T0+)adS||74bPVhcOHf)@FbyP2eP#DTYfwT?kW38W*LuU}tfG>)B1=-F5tN*} zZOGypFkuUSVrGloYCXG6X#c&$4LM(2!;2rz2w$GJ)c3SKtgjYhabcu+)+KYbmb|6F zh+e{*?PCQ(Oz)Q`!MV)qN4Mn>YIO7AIhP(oK7CDMsGwbQ&4|1DPqTe12Z5x$@@dmKU3q?7V)tSc4J| zH$%iAc9r;h2iYRdI@H5p>a|!3^(kJZfcGsh&zv_~X|L}%#)4%I3>&*%MOs%;Jvjp8 zQ~ZDa*xd+tsv+tddS9FgR_8O*?7bt$OSK^U>zoA`n8pR>YnGX#CF)k66`Md%aMdI< zD5Rh2jAoQvOSa#C`+GY$?}I7h%;Ya|QRT111rXkyMffH@!- z`bhZbG>Zd+)UMhLyhP7{ro3*}+IDky$^t~1&WX-l4I+Kr@2}xRwsIk}r9#rtVu9?e zEv44#L#l*eD_TN$zcm;HGDyh`h>4W3zksT-{m@C)d-R!tsxNLVQvIa>J@Iyp|41}n zm=EG}@@K~1bw{9V-|Nt8%DZ0!O-!^g%)~@Sq+Z|#NmEJ-4BIoX9_525M>TEtKUT!~ zU!$zTADG|py675_QCwuabp}wAbNjJ+_Taqq&{D*D6f5PE7Wg?Ws&3lw0bK23)i{~Z zsm@dF_NbWw3(rP`$lqQW)F8ZTsoxrXqpDqb1V>!g@FfXEI`l!0BoC$f3{{}gyQ|m! zuBRcsNUED&ynuuDi!l{39(G$N!JGjQpm4lQaS+h2k4Oiw*?coU-=S-IQ*n#N*R(h zS~l#v$F~v16y#K&&8|qY!~|RL68^@q1D|_VME~tkY88M&I$;54-W|Lk26elncW%H| zpV~Qe@OF3u7b<}oEY|xLbBzLkwulDj@Fr{(kH-@izcOQBDNlGAl7X$Zqbv52&HeEm zu=h;yD9&Yq41CHeyqPG_bshQydFbstW2!NW-qM~7sQoItv2@38qep$49lrL|%ncy4 zB>k?i^0M-95}u*voJpPWO~+;mok#-q{7~J-8IcVJpW|GlB+C4HrQCAdu_hr21AxC| zLOP?R%Gd6vlg?Jb0sXPR2AdH&tIzaMFwUz5ofXP-td4~C%WPCba7JCFKrzrA5CG4Z zZr=n4b}g;4Q@F}u!O`F$fmPloMn?=0DxCDx$EJNdy^Pf{!69apQ+uyRjt6n}2S;%6tSa67OER)s zdtb0rhLhLS&u2M2l!5Scf&?;Zs`r_XdF76jx&gMe^{DaazkA#QGLXFLgRC6{E5)F5 z{;jnHb3YOd<-?bsY}$hZ6VfbXw2(aeXYj;)txNV%N9s>K(cvDG$#wfoJnJS?3d7Sq z=mD@lCB9^xctu_v!dTRx$HoKf{gi$~prg~zL4+LUdGACH?nVP=oGA30fZa_xi&{+X zG;gu+T)Fi?&w~;9RgIW{fzS3c2fh=GWkTJGHTAbawPn_*%snB9c*w$Exj%J*YZv8Fa|^Ua20lV*(|vOe?uDAi3O8BDW1Nva6^LmAVYKN^6~vvmvH_lTi2FGJZUKi{)&w1jJlU2hjjJUSF(iuz}aSAfJC>`l_H@y}DAw#5E@buT&+_2SisD&eFqiwOxO8~-SyKCcU@p`@fu|&`rZTJO~@;aY*MQ3{$Mud404+19RyVOfE;OVU(;uyB`-7( zd&upbq33+w{30oVO=c!uif|=CFWd!iMN{{@WDacJcq^#}6DR}=@Qyg_u|pt@L6J6a znmc4Nb}ev=nv^8(BvXjN1zT!|l$LVZU>-9tjl569dbb&G2Xx32jq{}>or>Ni#}{>u zB&_p9sRxfCZT`w`LHa2i97WFGpEPfNya4=x!441-yPfGfTjl*f-Xg!1kDDc)_u*gQ zhKrlPZMI*7{>i`CSLC}24uOxQYmQ)YPRxUWi}Kv@Fl=6zM2f|h@1lqu+*fxu{V2$A9fZoD;23tuVB$*^ z=XyfqdU=Zzb(pukPu&AWrk3T;NUr=Y-hxVGIbT^tV~P}g+(Vgl`dt69wJsdSkf_$h zWBs0Y_bzN4X#E%$O!?w*g7w!AYuFdOe?AO#@RVgaWnrOpJPZrbWUFFV5fkRBHRvmX z6a3e~Cr_Bm>KVHe^!F1tSfvlio}Cd;h$7}7vUpf|9Pm}~?CmiTj-OM}-{Hejn6%2s zc#hG&P*soH27D5xn>p8)&sM(bWIdJ3)!wK=QI%Ql+9uA-E_pJnEdb>Z+%jwuBhjpA zplK*h_QI~s0wA*&Pk&{XXKdAO*6#|5HjE$qo=%PfeAE(^+J5<|W|?Lq#ew;HP@Y%y znlWn6_%(PTF@PqSJBkIp)`}o3rfhk*ss00Tl6kqL%nkUD;AuUJ5Re<@2RH+oKLXI; zvm>!$+|9jXKMd?no{6o~heSUNccmiC2{RncymY7ajc3ntzSoi&8h72kj5`Uentc0lWdZq^7?w@@YEYU&ClH3A>rmxas9Ja=? z#4K%*Ks>+iJ)?q^s8xVH2ifkD$Qy1rJ}F`(qK;YB<-w>7tY@JQ?*Z!P@@4WS#E*JT%f>EOq3t`Qv1c7D zfxmcrKDYA`GPJ)lo|fzRU4SJnlYsJ+PN#F&2+uI=KZO`VJ9EpRg@VB>A@&yi_e!x^ zAIPr1C0|qo3-*sAGr^S8fs%#&QS^)GT}>Rjqa$rrU)KAOzqZ@F`=szLYE8)4F!F&^ zA4O`sqi#5Qj#2V73!CoJ-y!BVvTAQ5t|3nqzGvo=H#Q3=s@)G1EHYPT0(BQ1R$EM^ zuVSa7)8s}nLaPpgZfDMdXpaWkrcv2Rn0*0{72M*XuL$WBn>hj9d$+tZAX-_iUS4JG z8xIdNr12is#qtavAx|6J6GfQ;^!kG%dfv{UbiLwYhV3~k3S~+bdQt_kRtfClAz z4d+nN`nX~lOHP#{49|1p>sx30R&ScxbTQCPZe;Gb zdtoqy3v2tD;BihkLhN91P-PExiP@S{riE@4uMsojSsHs)Gb+bc)XwnZDd_!|vJTK# z`~U?>`Q(wjHZ)xJ&DJ9mOe17~s|Y%f1Pm=iZp)cyU#qY4-5oxrVpSD}U%hOycnIsl zR0n>F9d7liDGk)`K;yrR8`|s@YcoP;S)o;XvQWi!KBSmBtK(^)#K0)^RDz?mHfX0HOPgJ|!_QpeaxOle$gW9}V@tIvC$Mr48DnZHV@8sH80_`7~2j zsju76VB;=*`urJD(g#_012A@*R0C+J@~-OFI>PEqiJTz@9nPUo73>^PMVqa5 zWA1Wd=~s-!h9Ar5MC2xeoIx7ZK$;cGr(;RWh8*NO9u%`U69n;z(lYjrO}dt7#>cDF6`o1K<^Y}p_28euxr!O<kd6Z zk?Tg(j0HJ;Gji~_|J-63Gbb{(8*>LRYN1c+3c=V<%DIiGmz^LW+{5M4)4t1g0{8t3 z>ivyMK^Vcq90bisv4zjdMOGuo)6dtdD=SVJR8T`x>~|V`l!m$Bfi!z3LC$JSu<4KP zi>zhKSZB$cA?mvYt@V0h_swzIv6=r81<*#*4I|CDX~jI*n}Prn|%Jzd_!ps`p5)g^OX#5W@~zYg;n^0mfC`1b29oCT)OEJX&E z(U$VzjQ5BpXB3CcO8(0tqQ?*8dFH%g_}8;5&41wIl=pnx#A~af-%5_3V-yiwOGtP# z)yPcfEo#fE6HG>kfO!cBUNiW{@Ug{=RTsnYAIPGRp?1arKhy!3XbSj_ zDTPZI4*dN>=Fe=uvnczvbf~RhXU}4HQ09vPtA0=N{d>`a||Kj>mpJ?V=@E52MnRhn*=rC5U6-5_Zq;j z@w|b_%Hr0&@z2@A7j}97jk)>Ir&1ALjKT!sK*DQ79G#K>>De-mD+BJg)g9C;bQWGl zdXc+mRP^Z4@?XDp{WNfPGDYukAIIO^r7{-KdqwUL$9u2b2XzJ3115g-i~7rAt6O?d zw@+U*13YXgMktY_b?O2Jh$xPDN9o+U7PRQPSTG=LM@*4CQzqtV3rfsO>!^jqHRnsD z>Mn@3b}t>H!c)`c_;MYrC~#Oa4Qb4YT-HsA0!-K1b(pLJ#;Pk@C1Xl5 zJYR5GGDRNx5DpbaG`lKaGJP5?AYv2QR1Z%8kM8IN>lBj^c~rQosl{p@;zN2BT^{y7 zAZ({N`E=&4EM$aN%N`L((xdvGODo!>H~UtekwYL6#WOV#jEW;*W1uu zucANH=B{bbVwr7Zj9a~&>L zrq4G3z#87-c6V2uQDc*0E-*(9MEJUF8(m|)ZOeOcmEu-}RInz64*JijOF7qbDQE zFhdk<>{!?JkuPsGOPaL(CuzKBFTcCpW(;n|unrCTzEQNc0z`cS%MkXl7)Zr8pA1Io06K#&xqGRwMTz&34x#9kOTQN6U}y|8rx1SwTfiAXp6V^Yymn6JY_SjdFw8}T%2*Qd`w0slLE5ZF33Q~ZdYX; zIXYSwi0f`VJ(p~$>WA?Q6?yIxwzh<%m5CSBcCn4e1)`e3vWubb9r;Qq{~}x+>3vsr z%(7!13~-O;*qos#H|oN$W}5wShLbXUi9{BYnbNrl6r;Ic*GH{Xc%7acfpe>0s9CZv z_DZx&kh9bFL*o@|YI!f~)%yfn7GEv7HP31QyRELF2#W%Lo=+N~aw!jomR7G-v~-|B zoGA>RMK{Z>V;rd(B*s$9<(*u0TvlKHAhBi*f_y70#ln^`(}(JQYQj4cz#;c165NM~ zl2BISHDgA<+Zu88mC&5rx3J;Ag49^n(?~JBJW#xabavnjqcdlj|4e6{VVy0J9ttQE zIknv4Us=9m&!rhN7Q{$+PXWkChn}X^TyE0z*R=zOl`W@?Fg~*PLe910 z70UmaegG-$3br`Mo*kLC-U#)fP^l3jj<^_H-zaSUa>kfBmc6X+N*g15PL8bKNfIiS z{7p-x7(yL#<0y-R#vT|@RD5l2DvOgH^-(TN(3RBfiu!{txsEKk7K0C>7TvGA=cP9M&lHCQ>!qMGHU1>WQOz&K?|C8f76h zl$e9>Uq=jGnz7I9pa|uMI5Z2F6VhKSD;HpA`&Y8*SJfc&+Bgw1aj)*?{vE6mOj1Xk z2c6;QU`+s?D#K;a+aSE870l&kCFP_f9Ie(NbDqm@vD_CM~YX|<c=W{=G z9o<}=;X&_|xSDvw*mhwn#~TkDMCNZKy52X#=hseN1_$dhxjnU;G_jQZ`URIo%_$NH zlPAj?AJBIqAW$p`^$`kAmZbJefv_Pc=}ZHf8$ukwwrlMWl0{500yDMCqAEHQk1IJs zsw;SM5lyJB+ORnJrFjZU%~V`u2)urE2LQy5+N<`I5R3gZR(Cd(dxlxp35* zKd4#lvHf(e2ZEDm%IR+Y#65YVADHpD_@R_iyY+)zpIZzKqe`4jq$XPy>tC(@&Ux5% zo;Z8O$J>^=_lW6$>0J7Lu6mIsteuL=A>xap=Q@FPztOqjLvO}Yn745od%RI^kT@L1 z0$LnStTtGw)wE*N^^V@4eyI3-D+e(}Ww?){_Qi-HJKy$ei$#HNLrifDoVQqAwuBnn zg$L^|57raHwW7K*M1o;j%}MGvodc|WfW98vsoBcYAHN+@gy^shzU|)e5~VWj(J2;5^d6mmy*tr^ZPGqF37f?>-gJ{;DAKV;}!f~ zAOAd7(LlVNs|Z3#g(D*_x=BM1PQF$!Q3uW4-J^9D$Hb044OgI24}tp}gs? zDAS3)-qd9Udw$qE2>|59yyB_n%m~yBbSycr**qAC@#Ri?S!aU)($|9Ut*YD2De z7}2JEyrb;iWi&D^0P?uK6yHff+haRt^-$68I%d5cOK+TK&7gJ=`i)71HH#Ri*(_CR) z7V7JK!2sv&NhFD^&qj@DO=pTW8B2iMk0gF?(%fs}a%@hW{p)8dC2&StJjSDALy?mf za_jxOJveEaW z5Lf?Ag*e=^TON7W5(&h$^0_cqRYMwCyHx#C=mivIgTsN4Tup@Pf4ldhX9sS?jTb1c#N2~jzhbg zgv8DsDXp`8T9gGXv3)Au$|5l*`7%#b34CEfb-JXhS;T`Mo_mR8#;*AOS>KirB!dh< zmiGS+Bm=pny4p-YOZ@OWvQF7+1~edQWvkE`C91Tz0W~M{01#^N!?gGV(-YZGOr$Sd z_S0I*FrwRW&WMp^yaQ;zvt0h9x!i@U<1v?0#BfO{u2moECT~W9!{13e(e|C#6;d)v=H3hz-~x$1i6Qn3Vc?}XDd8TT zju84>;`jYZ@nNJZbyd3Ehagia)ZLD+uwB!%E%5qoM)wd1IgbKTa$ew_ONkv|SF&8t zRzbdgyo22{9UHc!QoZP5`|6M;;}lqdx=VMZ@M|#0r_0RUlpsgJ4Ow!R7Ru0jf)@M< z9?ER7@4T4I2yb!RgK2gWEQ)?qP)cU{*}VS25~${9`2Mj}T{&yA2Ojlx<#MTr3=+6y zwN)e%u$He^N7;WnB&+?BSIC8#GyCN+cZjaY@zTfQ{%V(79_njdnw+<2n^h`+qc99{ zxPgPWpsdRBX!-)tDS~TU?MroVBD7;8bjkNagCPGF!I*MY+r#R*{!$tsMpYo@y#v`$ zI?j2$1QU4ONUuM=+TC_}DL*NgU0>!?wCRSX#q53P>MEm$O zHbtC-&*9@Ql=a6dO79>oqQC0M&)|74h|*h1dS7D64La@;#D)P-aog5qOCl$+cxu&w zp%Wj7L$Bk#E{&MucuzKlakW_~x)ah|HrD`&QJk`GSJw`q*_GI#r}@hT_VQcLk{$Uc zV%>7Y)&WAv=LuOsYms(imt}4;sDX0ZwPIHwJaNL3#zG8_)psE%d!>kng4)UujSYbV z1xvmlG?iJWK;{ z8UGm|c_aTdLFd1VqD5l=BAQExZ;7llZaVDA+LQWizvMeraZjheFwr*(WAVd}@p(aN z%=>!MN9pe4{u`vnhoMBD@%5}*l~CCp;?Nf%(Q&bX<-a@Nq%Yt$(PkO&1XQcam;@Ld z&>7)1_a=y5cRp>JYb}$}G-Pow5X}*BjYn!`G=D6+Jkd82Mamfmh)?6&X1mo?apQE>ny11)tdlEO!j+r;T#dR8e&_5DK6@fd@(Igl>!pJuqkI=euNR zF|%UWlp36^p3u40n~noKrC@kVHqqoPF3;w}f8TY37B3xdJpU;UEuC-?%1qhCbVlgP z4iPL^me7cZ>xYE8Wri0m8rcmpK-;t7SS(q95n1bRKs!%@ac8LG|sdc3Ya=ty-?9yC=5iD7k zI<^if3n?tCK-!W2K>1|#Ze8O!!Cjbbh5WYI3I^$1T_x4}?-q4+?<}Qwi>Smo|3G@oNeI zRWgaqKgr8x^JMME|C|96;brFA|=*@hMa+h8f(F2Cn>y=}>Zg2#=ZgQb3V)>j~QEPkF#}R8KN7lL*g= zPNUrHL11S74m(bQ6r>W%u?4`Dg@o=((O(cxA$kG<2xGL)B1e402BLdRaiSr9WwIqu zR*oIl3fz12L%OCFlDaU`b%?>`k(EB3Mzd zErE?Ku!t`!tU>&!H)C*D9E+ei647&lJW*i<1Kwlz6%`G=^FRtIMY|MD#%nvisc?6v zcF@R07D0iSl*^HyAN-6l`~+B$@Xbu-nRF8nrk|Wv7GlGlJ{&fG1T9fv&Y({Q=H)K; zYR?(HS_Lu-LQ{(e4tt(5?s}FI$2Y@1v?>KumX9-+fl_mAfSJhYF5znIO5>5#fu6OS z86H(yobq|6Mk(T&st8t&P3k4-wtO}*nzzqV_0J2X4dq>5n@6u+qO+xgYm8Ca&{-1> zK=Sr&EBiHGd+4N;~P*Vg8c;Lw62=l9I{{E_VZH)sEP$cgwbk zpR=Wf_<(YMSB_Z{6zD4AGtCZC@!9uCZ6NbvKvR=WCR&C|m)wEcYhN3CZdo1Ss&DW+ zh8xFeRApB=bR#dLsT68OywO}L^Yxn- zo2;Pr6(Kq=1!;mU72w)Ylzo5d5wXpGgR>nZBQtdbf%G9K=e0-UK@XS8T4p(vT2XIS zzIYVz&}vm4Fz;IZB-{+Sj;WqYbiSLt~gxvBHuVZa;X6OJf~7WkExKnFiWV9=z$5pVSIQL z@A~3PyXqS5N$M{q4>>juVz(6wHtAlUz(g<#s2E=&+b4q-v&Wh!ID9q!+9fhxVhURO9CZNYk`DnvW#KUy%yK7uLm8MQ-4u zwzh{vh{f)pX|zo84VbS$YOiI*cVia0m+()pr&%7VPxa37cU0wN!1gm3H4@*AFD|Np z$oRoVOmbvnIkvI(G6dHRO8{-1mh<;P3-F1dOlz)u_$l}TqR15EM|-=N^0gCul&%~A z75p1=G&2EXyI@0|$l(!mpJA`cx+AHM99!CW3(TOuKEkwG8hTav)c%{$_(Iiw)yaR= z3YdnXOFwr*jfsH_Ok>TuSN0cOxBul*UKJeB%K6nB3F}v{LH;p!;-V52`r#)b(esU9 zLJ%F~zDS@9654-oDY0wGke!``YklHHYT4q6LzE=^rR+YV$KWp;e(x$PXF5qWz5lxu zJt&td9c#Khah<2tb~tL5Rnam}rF4(c83eV3Ce3ji*NK0Nrk^K{G#sQB|-1)n(@c1zN}5FA4B3Y)gEV zW^cl;z>9dV{*!U_rjgYtD)XBmEK0EYxcOx$ypcuhvfrII0curZj5y>5mB_VSOhPK) z4&%ZdE}0S z%8>Lgj)h=gp7(}zy{R8XQ0A!(0Q<%A8X@{hNvMKQkc-e{gCq!iBiag`;7n!1QB;Hr zkmxMX{!ZAz?sD&Fc?42jN~agF%_hnQe!yK{#afH-&dx2UGcBh!ymZ~1+weCAy#L=7 zXUIV*IZHN~(@ws~0k6|hWAL$VTÐ&evo)o@_NRJ`p(8PJv(zkJa}3pl;%;^<3Fc z*vNLhVjyCSy{MQ&Q^((72dSl#R+%OsCjw#ReiOMu1+uKq{F!HiDy1>f`M@fZgWAP1 z;cbgZ`9Z8mO~}kjo%%gdtlS)jMDTAl8K;iWjhQ~)6ySnQuLc(Dvk|z$AKj{jI3AFq zw>X#|jh3U&?J#W()h8l{^e#%Bnu~Er=X`se^jpWSDNc}buKjT|lci~F@wbhot~(cE zKLtAU1-Kw-JT@Pj=Db8}*qz{E9@*WpdGOi0m9iSShJoUFbG&rG9`&K*g2WGM{5skS zyPdv|vV!s{N;c=ZHf7^N5XAjfP-#eXSmE+6td_1hr12(54gwC8**^DBpP@oWhV`@aU$rXMMvC&JVNA$Wug^8lPBp`h? znY?xZtv|)gUHRL2@du;Yuuct3w0uz&0rdm*^*TL+X(|2KQg5MU?+-BH`hVU6pLm@@ zxJcxxFnSH(t^tv)kCbTgj*zR;1sG#r_!VA4FENe7PRFqoe1x|h%0Q)`L!=AB06oq) zRAD#`a+lmqC(-=aEPw=YWx#f<8OBz+*7lwTW5-g9p6fFzm-&5WJX0?-j##yaMcg4# z{@z=)U--GXtg)IB^8J|`_ z@9lotiA>j;60-#EfQj+e0He-DmCw5k^Ofulpgp}xj%XJbGjL_+`i<0^oy*=F$44l) z0sAn$K9pPyBw3fzA&@#uoaATJGhTKaX=6Me>TLS)@|Pr(%VU{ab;~>oaSoC8IP?_t zc1cXp(agizCG+w$NoC5hX?@uX@bS}1?>>$c)^i8us*~j?%pkuket@P@iMN42iTeA{ zy}V1<+@mc#^3`@Q`pTfEsZp2qMI;DOJE&QaKPvFT_R8KjA#Qe>?cvamW;A-6m!h+I z*FHjg`>_S<1OJ?+%k?pMP3VcPLqVWiWpyEKu0Vv$T!j_kz8RHWT^3T%~EPVc;AV`RXFB0wV$zsLqJw( zW9Vmvxs7p#0t|76Oj)vqh-ua6IS3MdEbJ*UE{0g?^b9zAn2t+-zGjT*aQy?y_vFQR?K#qm$wGF#=vw zD;Du`CFLmds%htJ^yM1xLj?oR6KQ)cX`1-Uj%b>Kj{o4@N?>4_WDxi>481!zhXW>itiomzLZ;OSg@z763PAVIaAZj7Z9 zO=n-#lMMr?!Cr5^6nVw;o(FQFTg~Jy1yK@7AZ+F?2!1K}A?gxr+*Bs8Vc_BB5REXb z4FB7{O8YD^UG|*g{G?E2%zE$Xz45Ntdu@@G;SmX-9np#Fb#KJ>0b<{#7B0sBR_rdo zb%}4imcDf^C_y*M6!T@_GR9CyB+{(3t*yABu_UWD>CBo^c6FR#&kT0()!} z&Q0b7nd-m58_f2(jrtlB@IijjRbE88GNDWsL@-i6!8=9Tb(sN@not9X9@y-g(RPKA zj&0<7+HSa8n03=YQM`peEs5i45&ZsWG@9acEut<~f9a{f>-aZY&7R*FscOC68$z z%d~R#fdzHdISnFm`{z?ixNs(+!=7yTUiesiIr1+~c)hve)d1xnAWNkc30Yb%LxE1s z=#v9g33oH7CZhoNt(o%JarysgmSYr~>As0nR`q zYE4m|WtY#C*j9YUw5YYXSq7SQn-ecOWCW%Y56mMGo%K#oqj@<< zxfo2&Dvm6e+Yru^>8j-cck1YY9P`LfTvm&2o9b&XQ4lVmfpMU>lddtL0rt&p;eOvCM`4g{-_i#2n@4rN&o9HVs;V2t=b;!Da0$ z{c_1yNLh=>BigLn^LOyh26V(D3gi&aKoaHr)@>n3I1&g5^YiMzB<1}lnbP#4x%xrD zT|7vjx&0F8*$AuHAG7n<0D-%&I=z@T$YmKjGAM0muOf}ClZi{O;PjkJjz*A3l9w(` zm#Pv6_Ih)jZmpUX5$PfBxE^P`sI)$hxELlhid8PF^3{r^4EcqD#^$LeNifx})s02; zVb;XV*IL3Sry&(vA9IKJHH4p?iRl|Tw*5hFv$Z$Pyd8;wax6>nr z4|u1l2AS*fkDaH{E}z;_;>LKWY|M{Jn6XPk>q8Q(SY4=~pW1ds>iTNRCt8y;^oP>z z`CB4>!WJ;>>1E@siHXrUBGY)oEpy+KRPmy#jp1?1e=u(nTNlcvJ45_dQ#K~LzHSCu za&*W$8~QGK$i$vor=an#O71*`xVM;az|)WQp&p=PB9Zla^f->fTzA{d392HHr&sW& zoqZl8nXPNFbkikT%-GE;$J=hu0onGx-z_zMA2Pb{Ly2rEF#B=>H-s^Hwsvn+*hnNW zB<(1|e|M>^w`{%ykUbxjdUixSM>na{J@O;Wc?6>IY&!zuwX)@3eUJMO?ugcL?^b0V zfjEj9ZM0Qv?h0TWx#kqzxo1t@H+8qFuBh~o2k&VUz2#T}^uIfy9g)Bpi-T2^(vc4h zuHmt@Ss#XQ~WP7at~!Q?ssA~;XA~}@!nO#5i;>Sp0V&qPls{o)oue# zcEAo3Mhu1lWvfW2i9jVMqY`OW%T4p)%dkP8{HauL z{A>~JU0(pH;M^f9YPl@j!Fj&ny4=OcEDj`y%==Do&THUNx083KPW-k0oYi^DuC&Y_ z@Cp1zSXw5`G(P&gh{H&(CMJ6|7!sKTfTfaudmZ8`obJPvIHr1$GlYA#JYt1mBF!_^ zenppP9ANW!CgOF%Rs@59>k2)3(Tw(S3bNbLg=oP4QvexLU2tcsA|Il;7`H~GZtBUl zt>bIG4rUlVPMs<(c(<@S>*qp=YuNxjK*GPJ@h+4!ssjXxV_wsa>z=>&Q8L>;a*fR! zD(M@Gc*VkJiQmkHbY6o|kHb|s*Y3MMOa!jwlM(_N%~DJ8Lme>KoQpa>1eg8~y}I$M zw`E%GiM`AyTI(`%muUDg__$vGd{Cm4&I66*99l#T7R4_-!?$m~Wsa2b#Rfc3$CL!q zn;lCesOpm+eTb#tsRL-SD$}PReL)H}`ku|MvV4juE}pQYpcfZ!1N0dLf=MTZ-V-h; z$UYRtrYTQ0Inj9;FK-N-ZNvxqCaA>KfmODEqBxq-*>?$iq9o!f(S+>`xdLw^mFaX*GkV%q)oKNgt2 zf`563kZuV|<6hJ@yQD*jdYe15nVx?muRtFN|CysY3#o_qze=#_mQDn0eo6w;wnaQ9 zCxAE}kdA4W#)(0xu+Wey}R1A z#ULBX^)>)F;d_9wgdTg{L%vT!9HAq#xLqKt+QO{GdDh5%Kje0^_9SP#d;U`yr&*%BMM8?&wjMGHxJ!K2F&WN z9if&h#YJ0Y+}AMRRCV<9wg6N&9h4bY({+0O+X&ZFc<6bSXQHrMMQ~)P^v4&HuP$`$ zhaE&4g+a4}w1I`5ic;V03EmJpi;)#jXb%^I@-|v26DLo+hO$y=i|hfxa}dhx!Ibx) z^*9OG5Zz3qpCtn=-dA7^1GYZ8-}j`HYs`fm11_)Un}wsNFZn;5znZ0&-I2@BpO-K- zhmgG6DVWH%xG<{5v4-GoeTaoDnoUO8lj!1;z@nw?60nF`?zRKBh)kc%Ff=GceoAZb zzRzlksn;{WsK)tfaR{OQaTfPO<%A!2V^v9rAD3`*5uY1WN8jh3Ftg|I=O02{;OWrV z>$*CaGcBJgJ)J|{>QOs}cQSW4YUlC7`<}>SpOQ8So$ra8!6?ind#?|NHBA+@S~{f2 zV?r@*8$<_9O6f`qT~E=9l8YPUrqn;X`K}&-ssm5L@|6C( zD~7+Z=JWy-Qi=aTCblIMi;gi-ynuuibGEo$Vs2Qlu*(W0g7{&G9ke*6fi8hpPt767 ziT488C|)xF1A<-o>2i%s3HI>vRMX^Ixppu@1{LF(d|3fc1$`+FhRbz7od|lH)Fu4q z7A#cky+P*Zu0Z!wvaJes5sR|c)z&a$L#7S7)OgUW*t6UR?{x+yvb@r5h|!GS3=5w= zJAHwP*9Ay8X;LON)N}47V`PjOyikL^j7H?tVbXIvRX(nqczP3d^>^M7-Z*NsDtLg6 zavofIK~{3exsbzru<`~jWrKRD*fnt^4sA*XS0R{-tOSFjsAW1#2xN&!p!`H^Y9K5DGSDzA%()O^O;)An`aXvc9 zh9)a`t(9mqAyFj@<>|)H)B-QHo;7H~*%4G7Fj&TQ$5H)4+WM0cTzZUSek)WyJ~ygk zkotaFul)n8?KwBvye%m5KLGhAyRq#DYl(xgn7UYYS$6|k(_laAKmDVvLC#X#*2SbR z2llSHx5gVi#>jegaWp4rw_0DMCo~u_cDPf!w2DauB^lye^C`&`m%R%byEkzxd6nKz zjwvNS%69TbSR1MA!vXd8Vwk-q)p0)pSmth#At)&no%%>9 zH@1mQvFG zh4xVDnR<3%X`(~rLVkOj{~>?jc>ge_gt{&V-C1r#Sqa9nXAAoAfko*M73BW$0R@^i zw^I9TsBo82=Z^b762Hl1be@0XvBAx@!9BUyC}@u05KPvkw|pe;+@G-Mb`c_Mb^|E( zkM-KJ4L{Itz%c@~=2r9O|5J5|<#yS^+9a?27C5;YPYti?A7Ce{tmsZeU}EB&AU|mk zt{exq#x;jx)0|+)0>JQbm?M)me*T7%g#;Xj|LY^-a?TgRtTxH6498jMrZHQr9+bCz zDFls%r>t;~yimbZNx>D%1h&kZLZ*bgXT+B5nS@6xF6CtttHCgyX3+wQXrkSO`qXEfq$6P%p|wlS)yi zWM_q~t@wD)_k z1GKt=uiL!Bq-X3BlGlL|vXF=T#AM=$Or>YRizD5wGRDHoTXMx0OKV|ihI%^>sLS&f z%!QqTIJd+Z;VXdv-_K{PtuJ+0O)hDW!TU}-!%#teeGd~6N9?RpGFgjr{TWan+N#?z zz?xl*?YJ`9OfJgvoh4{?-YN~n4DxMtGIiU+txTZfLw4Yvo{&7dGkZVaD;6n}YG_8{ zUx7i2)VHEAK72zxLU^!!Cl(BqwDh9ow-d$-)e`_Xwn)Q)t(OOu(=V<66hX!H&aV)i z1bl8H4tv4#;%DL;D0+mw^Nu$ztRhUuzbO6MD#Zk;t5yRMakg0Sw*WCm+p6iiJWQ*t zdBkhW?n@YMtG`Z@p8(DEDk1>!`7wI>(N@W=zU~+&_y~R0-dzYS&Ij3JRa6+?5&1m) zNCBORW>1C(I;Rswfp#?8V-vnIl2-4-!4gfTgtU@Wq!<+(*xL|TyRvRvOL@65F2?4L zG>fkxO?yK5Te%<>m}>~OK@m|k79O+Xh7cN2_4TV zyJQjOiRQSgWPze`rk|KHmjv`Q(uAbPyn*BbMDenQTgc9@1`BY}DSJ`ngO=YBQT`Ir zT?uSeC@NzOF+-cqQ!}N~T98+ne48jo@r42X*m<*MwULc zj)r`73jrjg7O%--Oq2b?YNst(5S<1`g4PSir`mm+VBstq>)~HJ5k~@Eqo$s4{fOGI zR>*XXgg0yk)17=SZtEcdBZsr5TT&+WhQUT&3zDO8p%SYpRqPQ~JDyT=s-WB;$J)Oa z$1CLmy4imh__>iPj-|{J%x?O%OfMc%q*?WvMd6G!Wj#|m6M5u{+(2=z7lVaT1Lhfc zAETRUmJJ&=dBD3u>p{1IB$K1}>$)7T#tqFbm4vf0(ZVzV9SU9J`z=ceWn-G{N*e+4 zW>=Qshg;d;u8rA65P(r`wPWDx@%@=l)IN;kl^cn*II2|6n(PdgmZ=4hS{kUEv2}HN4^NuzOsXS?NQ+aiZJlu5pO_s<~B4h00m_v{pBw$~U zxoo68yGPh4vzr(wTh7?Zb4C0>CCA+;v|7)cC{w;HCJJgkd71~0vP|YcWsVGU+B7*_ zZR<6l;P?}*ActHH$9ox$!I)Qv@rVA*^R^(EMdmChz?a@6P09IKfAt3mwSo;{cfs9$ zkgfs`L~an5yNn#{j9y}T{nj%Je0ijzrfH-3+UZY3RMnW4J8ehXCBxGdd;8ZkZLy=^ zV(WsSGtd_>>@FGK>uaI#rRUvqOYQYSGK{?~IX+Y~#Uv|kWSFF5x{K*Fsu2M9p)UH;r`h2-`xgln2}E+-*3^7cGj-d*?DXj*>HA5|=StsG9~ z{Oi(4s8wJnE8Om~?fWrxgZ+agMlPv)rnnzuRlc`4Dt2fm_3JNFwD1}B6kZHk^EB(o zcDhw;9?(Bo$(5N&YZz!0$MdREPq&|=LMs;h`21o3M^S894rb)?TE>=zuPpa0J%rHq zuHDrkW-6>X;ukEeyF`6dOcJN{cvFyW@=cx8HW-iQne(gB%mS7lDOFmh2}J1vGISu- z%@CnNn^_u;BL6iW<{y`%i!XSy5vq0#bwJ#9cz|)ho|n~ShPmt6$aZU6=6k>k)nN?A z*RbSbiOaANgWNmi-`9yodnosCmt3L-p=r?PGUa@FW2A0>2_-GPs6Kgz;&#LPk6h3Y zd((m&2@3g^%h!T-s}kyR5uYMW?&qlO*$V`Kw3D6MrfI}qPi;j=%U8DA7!8&$5PX{E zM~9McV^!u?i-(f*KBHJEaI61>bDqT|B2TnfpwEY6W0c-V63yrts|icSuM1dH34xiN z)K4E{4CSElI5_Fl<~n0P2J?Vb;1*kvT6oaUBN2yw59BGmlSjIt*ne}O=>ejzSjHhc zk+MgppiK?D1kxe(UGXgy28ySv3NwivZai?c+zeMH`Yd5^0F1$Vf|o$x5sxBY89;Xr zxnj4vD_kqCBz*2ILX5LGTKi9Kyt65l?v(i$(Y7iB>=wby+Q9Z$tj5rga=ryx8xvCN}o z3o$8$hvL!Q6?;2yWA-IZMPU^jmQae^QvI$;znV$kQgv3|f%7+IfHej#j5!Cw<7wB+UN6@)$N8M(Ln^+WfM+}6B z{U~H0dCM+VykG!JurkxZ%MJoBNYg5AVLIWfk3!4!tth#@KSx9s51`RlWZbG!HIC7r zq~Ymu{p0mn@A?s`o`h35i{RFvg`WxZ26X-;yw=6vA21knW|va&nJZCPP%fq?aVRAw zN-Q_~o)5J!72jWQ#{n+#vO3GCzJ`b<7k1EU52{lj&KW~bFyavcw38*b=+mo z3eryT6+quovA9)rIbFUp$vzG8TF@bs-|3OL;FU2hSeA80G4n}{LHyGipWYF60wF6R zfy2Z|I}tB-ujQWylEp)ReJL37?Q%WZ@7OZ*7;jM7q~#HMWb_rzp$@n*cZS;9gG51- zZDxv1UA_po+qC@Did-)SVQrvS2d7g&!kZYT87zD)>BqYsCJO%qUCo|*3?*ertX-BT zjR@=TP4B4=nsF6_7jFE;sxv$im*!bTk;ynCN(`8Zxkpx=R>&7sY>y91A)r3_wCR3> z8C4ifBEjhkImJI zQjiKK*BnBon=I^!w^0wSj8xoJaWfXsjsLZb!Q#=6s(=i5Baw0OI_V#Fy9XAjnra`O zZRm6;j+Ax_>#e_!jM|F!3Na`RtDP&SigYlIfoG3!v@Z%|DDvpQhkNtG{Ilg+>639= z+4%`gHC^est22Lj5gQeleHaY8XEQ87Q?R+xRjQI9;n#T)3_Lz$dO4rDp0!>fS~>`Z z%c3~nj89u5i4bQ8c>gXgnjl%R_9>>3(oDdlrq$6fzw6&*X*1ifZ4Y?+tEwgnG+|O( zDR~X~ov8@?JtPM-g~|4S{A`?43K4Z%-iaeTq5qWynM&pMXe zx=-yPZ(4f7-!x`1tn`47SD3|tr;B}7WBTBM^;#i6BuX1S0ACzbsmVuh?;p&&^L&a@!)B<|)ys(pN1Mm6PTXVp2Sj>Y%^&;k5OEVFh zKM^blqd^;$xwT5HPkzX1X5T)%z!HzwNQmhJGd^pGzigeScIl((N5kh@AVZlM9)5K*CWVs>)AFo($UP(ewSKENobMn`SrHB%g zK4DCbP|nY^=21knlcW`I!-q+OY!Rwy{96qcQs`;e5_k8ByEcrgVwhfA3=9kU z$uH)5A-AIgvkua^X1>?O!4XdSP#aWPP_kb8`nqA(o7$`xgT;V2Y`ZqA4I{=CibRxy zsOZ9-ChFbT?Zg**T3h_7B~K6K%Bi@a2v9r*rX5 z!bDdsC`xATo`wC@mlfUGkiQZt&S|7xyRISMtC>GYpC<+FC{%j(;yHsS%>~>H#+wEC z4rZeC-ctN7g;Q}L;IVh5Ro zb~Q?)$_%Ex>iUfvd<0Z(&<} ze+UT?08PD}R`~X!WW0yguF1=kV`no`3)G;a=|gYru^&2F#hAx#ZOEKwk+Wf|$B8c2 zAbS&-DPm!E#kG%0s|RN?ahr7@?t4XCNN$R3j9_fCV~68c=p}NCYdBS)_=Y60eV8tg zJiRB{dy8t{o;6feP6!WXUG(g_@BhWsFm7CR6<{g{fcK80%hQOT#t#_;NrnqJ_ghf_ z)NX8v!mPm$xLQ4c zlWk|&H~fJE^v%YwB6$Z=eaP_6qj{-5hB-i{an!bEgtAFFKfpz)ci0#*`J3dK-~sy~ zqj>VEZS*et$VH`RUO6!CVP{NbJ0y0>r}>R!c@+dcs_4CMpa32py^!{x`7JQ2PQzO2 z2sv{k&i~$Kta*=q;H0XCTZ^XwRa=jXP_RXGyg!Ji$T;7Fd1DnGsg$Mx=cfgs#k1wXAsY_p@~!*(~XR!g>Hn;eVyxP zA;a1wk6{^MGJq7Ib2l^qw&tI&X$n$Y1+zH_zirZp|q4a{fv$d_Id?Ufmz(h?*mWKzde(BGWa5Ju-3a z&b*S1MzFS0kOTE|`c z&Ni51&{U(hx{42|2k$AnXpG(PBzC%@qm_%wNbcMgBfiKoF}0@K*kSx_5^!Q&B`_B> zSz3yvYNaK{T4-c2AEI{JdmqB$+p*{SSmE&yp%aMx`lsk>1bZrU9t=cysY*Ku&Av!Xa!+D+U;DK5)*>askN)ty6#`^=)6>MA`E_@Zo%&Xs%oJH)= zY&ob6#K^u+?*0_|yC;1>Kp^XqS=jzVcqb#YAG3%GZ{T*zm1Is&j^EGq8XLX-Y|YSZ z%AnjEYax;(;UMMvst*Q!Y(ohzjCb-Q`jnTNKDMH#$ zPybCr_Ad{mtVod<(wEBjna%jDHJL{W!Vl}wL&RKWk8e`Co1tE>UVN~&j=L?bQ=f}w zD>k@mm#t=c8l`1Zv>wKz+`$V)!3Bzg2J_<*Gc;LRqBOIYCY8kV&H(H>`x#i^ibOmw zGMo*%d@F=DBQ(^zw?GRvbdV5m%;PX4OuabVOAlk6WTop;4q(Xt1BOnK_QJNU&rZfZ z3Dt(Hu6kbl3*`Df*ZXLpYh+vyBv)LKU)FPWGJ9}+_t>UlNedi}pXBlWad2vvV{XC& z%p+gB!X%M>k5yOzE&H*1qx485Ttd_uUz#Q@wR8;WWgm{!b#hyITPFqq z0_<7cetYJ-@MXxS!WWM1$|e0vxy6H0g8XB9x4R|qJtwN7uQj33fu8{w;B3lkc^9}= zF2s7D>X%p^7{_tN;=l1~pq!5oUj+Teprz3d{RqdbjMv(0(}{r~Y>_2?+raWmcilVgn1S1;Uhzo4*)6k%fH9j@t$To!aE`ee(9XB~CbxV?8&k$) zx%H`lOL7#IGqqpoY5!)cN&PB^JZp{aY*&M3{se$GSPl^d)d(jXeYPO*gM3P$L^lTY z39i$BITKtKYKIs8So3)yz zU4(T!XbGw;AB$&IfdeUu6BmNn9s%8V@MZjy)45yzYkeYX`fq)V|3!N*o9nybDJ??| z|Ew3BZrbDJ7BHzuJA%ont9e|5+vT;@@Tzu@$TV0bJ33k*JHfj|P37)74H?2S4GU7# zfAitpm*461N7;3 zpM%^DO{=BHkXnv`Ai%6@h9UplhBz?t+!JZlC8*dIM{)g8@29E;^H`u;!kNJUnUbG$zdp_B?jt>!l%(>I7urpv&`ZI=&z_1F42;eU=&Cuu}(gy0QK z?&1f{m|lPuNfDBfaKFK{@-+y}j0wEmkjfiz)RA~{Q|oMySJ56lLZrYGR(vLAo=;um z*`-eFw@z0EAod3qr&us3@BAAd$=M|T!XNR3``_Kw{2C#xOgUo9SF~KYImX}b6t9b! zlFkE)*wsG243Cc)zkIYf5LmvM4YnBPe@F)9@V_ac=v{4@`Eunn5RQYt6|qHN+v6Bu=d8vac7(zPAu<% zI4wD6evsy0Kfo?sF=zZ~L<)vHciB9q$){Q%94i5j{H|Xz^`egz8xmc^wMkVee=WkI z61^m=BU{Lp$JCLdcts}{*g6Ht2pn_qabxJ-27ielX2T)&Uu-EAWWxIilRUW|>A*)l0!)VUnr~%ScTw zV`(9m6Jk`_(<+5fDe~ag3q>y!ThWtt6D7m+5yHb6MiuSUHSt{}Oykr6d$^4#dK+B2 zf_pX?9zG=N&4*V87@sD%fx|rmzhWqoaB`&zVvvo`Y+{Sgeuzo&|tH2z2ubrgHfX?vc zL7`d{Bu-!JT6uNPqws;T3(OtR@?*uf?MxOpl|Cpsq77QLTkk4xs+Z-`To2}rpHjxz_?OX86f%6X_^}}8kGZj)|D$Ci~g+f2j z6-4sOb}V_|g_uCUGtC|78f49zD9dGSVDS(p78e04xJj+dm9c_i$6#g_Ox90?qT{~X zX2E@-5we&W0uK*VZgT@r*JdBlIVOUprP;;NfyJf2XKP$U_Y$NAM;OyS2!vKMugXKA zD3>c0K4ic+2|fqtq*w$^(loL=YSLta9%pDATTk}&O6>5jPe3USWHHQ*$~~Kte0Z90 z>a9~2RdT}i==-+q5c#^SW-eK5f!|?jP}x*Kc~sVfh`S9z0ELR{X8B zw8=YSYibHjk^{cZ!XcoTj3uT3qh<_-$f+v9s`?L@QMe5t$ zGu2h7YMSV(XI%jfuwM`Ws`+@c=(+Im)U!SmiWF`z4`&=K$?W>nMmpX|mj(|Hn-Ai> zO=yhCiSEPrjurFbL$o5Q`U?32GRXqNrBGXHWIE3m1~DgLO^im9L6Lvw8q3kgBz1#E zT+wN}4O;pKAT`3+l;(gJ*J1+zNTAw0B=9WJ(b^ zekjl`dwKD|@xc;)eQ311HbVw*JE3ZOn@qJ02*#Ex;ky-C(E+1>zLTW!zjlh%KX?7> z^H%qvbwvMb5J7j^EaJyy23`gkHxB$%MTc_|GTnMR1M`kCncrbDk>CKPN1EG33>KI;O}FLhwlm0Bh0o5hUcvd}x@*%} zcGOFM%S-E3*l8}l#zCoPt05PE<~JGdXJxf5g|k#)a}3V18A?BOa!W$>ayOhZ`fsrw||qJE`BP!7?P=vf^K{(bK>a|PmFfBgJ#TXOch z`v-irVt;L_^Q4`(P~~l|4L-K1&2RfdiIQcCi>B9~so3e`O3wy)<_)Ri3Oe(quTpC1 zQrVHE+B!qzf)2lL~x~CLHMXa5E9SQq5RZbNxMP32qlrakA2SZ{o zL9=T#Y*Ir9Bak9A+m*1y5Lh?qjZx}nJoZg&DQD$y0w2HJ~)p zOVUo=nYf$bY3k_wZQJP7V?nu#Ennb&Xr8?Zcd?PocD=%YnlNLPTO|qsv%W7fOEn-3nYOtz zXQCC+g2hL*H$#hciROO#O2khE0+Jyqj?er~xq_y&)`k%IdXphRT~_8<@lRF;9`N)} z6fQkAEH#t}u`)-aNcr$bHuBUmb>$`9>ei5a?$+{~sooDnqh^ke1;6et_A^|Y)l!Kg8m`m#l$8(p;~Xd2dKc2le0OhhisKYA68qTy3cc+M^Apz{u+*n1Hq7Egx*}(8%fy>cJl802srp!|S(!tT2 z<#I#D(^ZKGX7nK3fgMLKlZTOJgnf=WM&^|Bu^qzVD(k$74HF4mIi)yWk8YGT5Ih2t z_C@A-lhoYT19+I}&^%uqp>KXe$`jPAb%1gLbenxg&OOmjwx&sTSDwOc5h6Q)M1OjdsXD{@ImBQ-7>&P|HhSkKe&dqHr-X?#+4Oo7F_54?i;KA(Ie13NeIO85Rs;-lo$`K4Q^41N1KOtUoaqi_cHE3I2f9hhj{rQ@ zfhGk77XsXi$eB2$Fzyq1(SC6nOXS=!FPUDqzjy=l=^7e`bPdO3HuE+Wt)^o1@ZUAY zn!&K}%VZ9G7r?+4t{59dF>`9JQgk(u1n=S?Ar%F-r>nd```dVagQr{-1gdm>jgy8d zb0tM^H$%k4GFm^W*^`q>gGq`%-7#(Yjpa1{JQDP|P^LpG>&u-jfJZz&BT7(KK&N#> z@k;hz(>p=uiITX7o?QpHN<_p@L|4nx8jZh6yCIy_?O2G}H8`vST<=#IZigvB4U(GJ z_I6&I!Bf`RKWvV(srJA4x?IjiH#FJf7=SJYb#0P@jcW(JNdz764+#zGz}0 ztp^-llF2XIV!0a}7$rFJHQ8q?YAh9`Jxz8S%YaDtGedz@5v<&k1$<0|FceveL5%!_ zoK0E>uu`MVuxvSHc{~?|@AU|QjnyyC4dUB)smLN}I=bhEG~Q4e7Dezo4DIaOC>o}_ zLd3(J0VT|m$z>&w*UxrzmPd(^8^xP3L&bi300gEbTf`l95^$BPMBA%l*DX3evv5Mt~9F4;cJC%8#*9 zbGFju;{kCQ&|K}3hAbyXJ$+Db+=H)nolyVvXP>fd$U!F$g3i#rEpDkd7Zgi-FG4H) zlv7u8By;#@3*i@_sC>b!=O_KJ3VS;$cd-Tqg8FM6gzygiF$NzN}ekUsw;5u=K4H_mbh%ZT5 zJS}2;x&Px?7bwV^&a&iKCD%Wia)h;}8!c1k!QJRV?7b*5*xOW?9z`^$tP1J*A5qAa zT#T)mUh+Vj(z;8-ReA19UWIwfFch+^G#$TEU=^YDq9NLPf2M?}cui>kV-XL)k*p9W zIu9q0Z2Z~BKRpwgn82;OG3@BYhtr~0J{}U?B?`hF`xU@*gs66Aa28|56(T*4$cy;o_pVbato%pE{yoE)b17UiJ&;qx<452L7QW*9UX?j;WknX2n z0w|Z!c*nMGfc|K_v?OP+DuJ5eWBwL$AzOl0LCTt!I_sy~3_O37aH=di35%du1 z`i39kJdHfm8_wU(#xU2GY?O+g&~T(q+iG(?(W|)xZa}K_F*>~PRYDuw@>eK-eVbw3 zkGtPPVH_y)<`B*6fvmFIE_9wIf5PwzeB5hvHy%<}*4vh$B{03eCtu6-xh7{d2<`lXaquyh)vDN&>=AB_) zPO?ZA@t9pbu`hru<*cdDo^}r_>%E+%;WL-Q&C>8=_~HBxrr zoc}`U$52EJUo10`r`Ttz$+_a1-$mag;~V(mH^v>3x-?827}7VJSlrU|R=!CXPsAxf)rTyttpeU#ZdM)mR|0KZ+94#z&@>u*QHj1Q9a6@vh5CBGVY z4IEJ|#qJrI#@K>-9Pk{-`4ZZ^aFPvHS9oHC7jB5#c{=rkGbUr)nY1Iv(1tx^^Rv`tUVCT7 z9#EDC;>99OmGlEtIwv}}t-&rqWEg)r$Ik`OsSIkRf-fP-sE+D6}4gaxn)&E0WuR9AjQgYHCE=^Ww3E>Kl^W#!b!L z!q>qMC;9V#nXiLB`EP7-ySP|%%Hv)#*RiMVaG)&G%&uRFO)&k7oB=^Fbj56Hqb$0w zSazqdE+^G8{ZYmmvSt+4AW+8N#|3Cak+9env}@tyqDn6&!h^xUXEHuiIo*wE=(t^b zD#6T%4l~d}K)j@f&UR&0{BVqXgK&~4@c3OVzv*UsfT~R+hLXw3ztGKI+XhM%GN*#zvQ@@TCT<#b9d~vaEehzR{ zSUM!?L@2`>DPST}mL>GQ+j{fjUljcG;BPr8O5~(ERDmk*E#l*B6bN&eAsr-n{_ioc zUT`=cH=OF3Mi^i$Za{U}TYw$9UT2O!RXzI59pWQ!Xpg2Jl#w-t+I$5Lq0Z=*Jzosq zf(>@TIXI9nAy{SN97foIlWBDt&EeNi#?0Evi3QvBpyMiQ+1KBMW{Mf<k5ivj5GVM7fvvS2D|& zkVrXte&zc_$eWXV5qBQulT|Y#Z5j3QUcrGNiROvDvyi!%p=nl!ga2de{XbqUr4uvt z__QtQO+lIIP2j%T42;Hg)Fsunl8T-I4nG(G1DCKDXid1Qcge7oWP-qgv&W7Y3`@*M z39@=Xh>An`*D|1)LMThl_$K_pA;f{b9wB???r(d_Ep+jM5*L_pFGANiI0H16`QH1` zY_E0`R&drB6VirvV?L3?+f`6bw)kr~2Esg7seTAFs#cU&oFcs#9)ncAr@Rj(V}X4f zX%{IOb}$mA+Nm`iJWExYz@a)^)y$7W{G8C^1IHU3G(R8xjkY0)>%mBb1&|T#N(xlG z+sVj*sT$28CD}(Vb<5I-FD#OP4VZ>{dcKpFBbM03=Ey;wf$oZUo>SIXv^Qvbed#WaGzw5#NNB`K((NP;pqM0|r z)W4J%Fqmf2PH{w4>Mr)l zCo6u|rtp=iZ@jOqU!r&ifKl+g@Y-pc95|iGpe7ddjO}C-KdtO^6_T9tzLEeldg5>| z@>73#A1e5VD)r#~6(!fwKkn4`T+<@UbAHm6Q&07px8X-QiEF(1X*)JXe3LFeF?q7F zF-b_ZdQEogx|=(~xAnCt*=>hgs2YS?{vVn+t-`$gTa)EB1;Z#-)uSmiD~%J~DOhzX zYu`7*$tSK=hEio+XY8K6VNg!7NGB{((O!|Gq-6*EPHi<|%{6 zzAFc3&`;pht5_0p!#AA-5j5Id!BV3fVXmWZse7EO~LdRr7_f&$IX8TmPdphb;RDl2u!;ZIT z&sJPr7eh0MBR{~aMiXY}ymmIy8^rvW!ztyoc|?4%(~--XB|RA1nJ-KrE6Z;UNc}K2Dxz zs4{ddbT2I-ENyva+BM5cf8fh50f)9n7RT670KE-%G2#oU)J9l|>XU$=)t8*5GB^ss z`%K~>f|ak?QQtu~Y#-W?HzoubBgJ_S30DcR(vvjT&F)jYxRQOhKkVdsMC$3Q4JX-D-`F#rJgmCtc;TyyXuuXog*1X z8?pd+<7)`PT*BpATuZT!q=G?&ce?$(r5ZOT2%LE%?YRj?t2-0daDxg?LR`X$Q^c?Ab@UA4%X zoJA7{11)t`5-x(u^?#IVK|2q1vw0x^QD&y@3>r~-F^1ywoe9jc$YHya2~y|7N5#*S zlJ(V2w^41j}?=T&lGXJAi~(m}ev130i4G4Pv? z5v}(9f^63eVISPWnpSdfm+Y?>x5ai6RE027eGoS6Cc_IJsB%PXES8TD%Y|4wnobu` zGkW=Uu5T+p2)FGYSgl)j{MK>}rs|3AxUtt0|v{yr7!!9CR0{4B$%0-&kx^B^WlsKNl0 zu&M8QbSelqbIVXqRNb4#h2grzq$Bz1$W)_YQ*7i3alI@Q9%iAeCM}xk#wq)&)OvpZ zOczt8`FB?7<0-0F4g;aPLyb;{oQ#~Q8JB1gV6A$yk1pY#}NX$h1 zL%sV8cU%GZoTErFvz==bTlAb`V3W50y?LcJ6imBWv1T!?V(m&h{b5eUnRcilg3=9W zqEFCmodOFN_u-8;JXD2)2w+kOj-n;kX`wAV1dMTu0fdX5NGl!($Y63vRbfSJyuzWV zC-r^Nk>T!`XP4K6<7zHWO+y)@Cuq7lU8IYzgMn*B$gkXZBT2MCv2Z-?OA+ZqVrt1` zwv>)L26QtlNH{ca$$&C(_jEbQyx>`FB^}2QnRJ-#s~RBF>=J=|pzRq_uMPedENkPd zX2t%?gjPFK?XHbCaq~Q15sjF3&+lxBMy^l@`Py)Jsx?CK2_8`W07XE$za_X~zC?wc z%^$=6^-qUX6SWYF8rBLk!GxHlD^YowPEJ6WT(2^+;4JF!UHr~%JmAGG`!stPfaG)# zdRl}D=Q~grwev&>PRcYUp`V~enUwwy#3oG-TtLdIezdVBrY#m<$nFd1Kw_4Vwae&| z{`i^lp#=&|Hb@0a@z`fiV176t-)?0=&*3qy-=9FY!+MbjhJ!|cmkNpX3GECVORKt! zOorMqKn@*6`tS@KC{C{dPiB^&`mzXC@mC1|m0@*uvxHt}xIybB{>MDck`U7uMJ2J0 zcM+fQZ`;Sr4aXqxemV`M8IoT9V0cNaqlA4ogP`spA0|2v(5g6prR_`2X zcv-YoUi4mB$}iSESJbXQuCQLoS(=oGfTeyXHg`LE|HQ^u3gS)eSGIpEg@#A!vdQaE z*!u8~E0EGX&+Fs4!n33BhT}+X@J$v}(i+!Fk>Oc{H%X z6hX9e3mKvnX@h&3lXefuBE-tnM>w5Km$KfvO5se0m6@rlo-%BPFy^A_TYX|wQELs= zpGao@*U3PTdjMphW>JR!y$Xj!>&3QMu7WM!jqCulb1aL7Xk2BpAj_q9^D4v?UcKPp z&$+E`Eexn~;x(65oPFouUUeM`!v;~VJ$FIC_AxO~C5P@U%wzmww7tc$qCI@u=IEw- zS3;HC8_z;|F+q7fZ*IF+2NupZZ085}Y|L-J|42U@pI_69d%t`~8#)YHVS)Mc?-z11 zj37!mjoT+(k?h4nJaL7@4)z2U3yXk2$bQ_qyv2U4AjviDe7E@pqZ23BqkEAb5e~FU zr@uL{&W++%_%#5ATC?yMgQidZgyVF}Cv;J=)Mn=g2p6T@PXR^0HgiblD4|ZEM5JL8 z2dwfD&9w-0NS4m(RO<}0e2~Oz+~ek3c4P*{PL!Jcmwjx56jU;@>m<@|^SE+&=yP_6 zPJhhN(JYy3Ih+#Gmc7UWABLT5ERBT==ie>BQBegAYffBYXt$ZOQ@5rfGOpvMOm470 zHvlILalDi~)O0$|iI?uzGNezRvq|DdlEPZd;&x_hO2WPRE2!X4$Q{Ta3qSq8dB#wL zXjl*1-%}~l8?jxk4G#!Yrp1d%r~{aEolRC#oXM+AEW~xiAEcWPe!W9;jAgyfA zR!TVI=zYAnL*ojIncLs4q_i|pH%xalU3=;r=zCX{-+333tlN-RGP-+arY}*Y8s5dL zrel@Jhc-IjOsRFHt?x1bS{_V$M4SOz8doURGQoy>xczLqn&pmXTRSaOzCn`Ro(<9h zWmZcNT9$_URsL=}+v0W1MmQ>W##B^E=HSb3biAEP#WYnSh&u}v}Y(*Z0>8!)KJ(!~C zDy7c!oN4+a&{L6=P7je4&wX+}4R|8XMQv=#s5^kW86)nZlO3EtMCi7ut$KuO7$aiK z{yXjjp#S^?*MDLu2H{g5s=c-H^r_2)or0>ztC27y zsWk?j6{1AtI)frIDp!tR7?7~HbdunZg$E>2*D?Wz#JIPPn#W3%Igkt1AwC9F!DOza zcAbSUBN<=tZ=gjn`L?EJg5HcHyEA6RuqpZUb#^%3?Cw;vnT*}~(OHbYRAck(?{;?S zlKn`8SOp)vJq4cIwwfaG?`-TB?ib@H5no{BxJ?eM@jnTyVm zPhYV$=$mK?_YC%@MRb;|==8-r^0ez?ciDYZ@}db_G#H_AwM{Dgzs&37aT5%ry(O@3 zy6;MLDol;p7WLIoP{z4O0#G`FkNQG1-&tpYugnfy5}Vx`?m-;lTlO za7>n^bVXN9bWn~N0F6p&CxVrA(TBMNGcT9Z))^+EuvKj`mGDO1-PnX&YpP8^_Q~5- zUxMMr!gq|K;wl1*C|8!ijfm%-t+kH(^k{0PL$NwgASAqHxA%LNWXO0JOkQb2m#+?w@4~*SW$chQXA2p6LswBDZ&NkvC$q4i&8T0Rn22&Q70=zQ)~*X#nBEFND_$ zf-k(qkCM0vWI2B|NuEQQO!+v~fHr3C1tJo0i<~F|Ml*p z;!d$q)PR*NZQoCj5jpN(v&GdSy-m^vn4lKJ>=OJbBRC*?-S9xk_ zyV6+PUwja-b>rZ+-cqjHzHXvDjQ-~K#LXGu1B)Q>_wLM7d?RtCundGwy{^jN;CZyx z4G(?v!Ih<#KeOD&7V3<4{b>w-Od%4B>V|Xm>f1(Xv6pyg|%VQu%_*_Rd9zZBvwwGXn!?>6mYY$0J@%XRFk+I|>S_aC8yZZy|2P-QR zU<$Z8R98%%?j+G!2_$>{6(Ir1DuwucJVR+*EJD3EJ-y;-1v~||Z&Vb~M2Vx&NbR&b z(y#_3wIcY(rUE_4TdvKZU;}V`Z}2gW4;sTCQIGGNPG7sBxg*#u@RDoZidLHLe$&Y5 zsxtwSfMHTZr5dgQdJ3K9C2^?*a|aq`foa>LY5g{+c&N6#$i0!b)AQPz%0WPCU#+{} zM|;!1bkOA~Z(-;$D-dD4E3TF<%(Z`wVKBe#E7beMj-fReKDoUOhJ-Y^+sug-u@aqq zRrLW>k2=( z9^Qu}FoC77^)p2m@f1yk|D2sEQC<0qUdL}OdD@(P789veKKSkNw5&&cjJ>k&N_I%I z*1TAwn`OG+vTT+#OeTm}=`hac-MwG%k23QJ9+>9L^Nw)-TRbXs@A6||jS;EI3KYz#WB zDnxK2o9QvILvp*w zi_G$R+nUkl?)Ta}3Nqz~z5x=j$Q}FWfm72onz%(8%4$YD< z<0uF}p21j`OG10f1kX|l>C<2HMxtcV5Wydz8eQ1y&70D*8mIzdDd>6yvL`PJMwc!e z0J^|dV~OmkDCg;g}!i6cOb^5(dJ4gYoBtGD!T zEAx#8hKX_tUF*V`*h%bm_g-P=l5;^nn*;F^$D<@!*R|dbX2ItLd+gE8V)qS{DN-~=6&}dN4D*S;|bFv9a&SSZam~=2g=o;C;@64A~oY9->E4o9!KBhEOkEIXu}EuHR>q z^=Vu?Pe9&wds_JfOGO@3*{aIPeCY!m&8yI)DSFZGq{nmSoG6C`s6hclFp$53*S(y? zU;zr%%DvvSC(EK&c&!~hID0*{wl9r^gc6%E^j1haxMQi>JQ{P9!M?#Xfkw>90+7J4 zar`i+lUokK+>VW4=v%tIa3bZW&q=d60$F$JAxBFG_`q(<^io`7p=+wJBGzX8J}sSa zgk=El-CiaKAx+g;=Ok;nBsv@;e;zN|8dzE*!;8)+PSH&v%YVS`-OgS*WW;f^<@!H@ zFxiZ-9#}0`goYhTZ4FDKi}xoi^5h^6i?*70@EXPN6KkOLfLKI=^)|147eiaSw(i$= zD0ZZ7Vb!6Er1?1Ic>bDS_~%u#AQR0%yuOoMp!S$6WW8O>!s&A)AHq?&{!i_9x~!TF zJfkE)72kzkfSMf$P-ZFaft=|l67DL(P^{YZPLRq~?c>NgXrmlc^_}#Z{)9^J%Q*AO z+suW!_Mt$S7Q6%MW@%70QiC$wvf}9DrN6b`G>n_f=*%pnrekS2P*x`){e=$N; zDL^3d0iRXik=U#kCq zKmhAqU!VwSY$vV~N#}#H~j3VSjc_UrW{dw1gD|H56)L#Sc)-7r3<$s&`3k`eqRvjY%E5vq^4OjL_zO*f{X^(H2>6{vBU@jfC$RtB!^|CkUiN~epvq1ND6(QJ8w7?V`Ffx*VSH56RgMu z=F-7xBvdIl!D)VNg1@*@-K`skNvQk(ri?I+v7`WCTiO4ez%J+S&d+Tg38uF zN<(Wj!RccfWUJjn25z#kJyx=Ftz>H zge~?L4eTYjZzH0Kgbn2vPQ}t-aoP9b zmg9XAb2H<&%|}#R%Z|`izoWpJQ?(fB$-=`6jgDLt+2icrbHGDO5RZa681DGylg&xU z6i;1#G-hJzff{maLYrjKMBL9nZ3L&Fdv&|6BmBiH!^T>oru3mrX6WrJGA7;o+B^>GTd)S{xY8Cv9}%LLsJ;x>`V8TW^@Vq}?W zjcaVLarP|%3Rdwai@@JHtT2d&s63n*6#zdL`ISF%t^XSM29NU*Bh)5)1cn8}NCMbF zRv|Eh2eh$gZOIPqI@O%!KJs+;m|psUb%LWx=!ojDKDCtz$UB7NvF>~F*?d-Kr=xN( zqC26Bk5OA@@%fRp>vY!U&k?`hTg)|y9@alb?I{5ak=JuMP{U1UHqZnPPZ2*Z5ut8E zx#(FTY{0n7QAz?(1t|(k%j?^zRXA$h$*{Gk{!R_3CmA8j0-m)1F1As-2>`_FVOe6h z8BVPMt0Nw!X@NJlmjUpjpGTl`*XW*P#K1T1`FyKHi*y2Nf-4%ui}&1)W0QCaKXbzx zxmbCW^gbz-X(Qk4<5Jj?h79OD=swZyiIVDwKYSx^avF?zLq=^0%truhNT{+|_4$dU zHBGU}%Rj5qnkF=nFzg8Cy&zt00ekU8Wc~xJGsrQLF@_y?ruR^Qka_#C`%rVJPzQ?p zv-HX;K8|JF=m#=|B9(i(RES6Pp&I`}?ez1nWD7olxH?-(&Rc8KV4{xO%fhMm-=yX^ zP=SM_<%-h;#(ILV*xX%{Q9p)HZC1D*8b1LmY@qZYM4nqYw1F!9Q^$0ce1~>MpzQ(k zhAG!h{=@=NeWQN+r7rY6V7V9)wECih9*KFLAt{?#3S6w1r9nA7(0Q$PPgd3Gq8eI= zNbBF~yw86NJyH=JHQwpe9QGKP3p0aVTt6_jzPE3#T|ldT4> zrne#&{%k=ZP0cDF_bFyo$(+mwBUfqfK&mAWnckbubj2*J3ZPb@7v?zaoMPJmbai|d znimYfTzuWdVZJ_mT6*H>v~|dplnFYiB~1lAYB4#({I}#VkT|Z?f@o@?KpN3go>j!x zz6+_2k+KYmAb3v9AH>XV5_G52i=&jq+gUi6#lZ>E5~+6wO}KwtebVVexlxcej7W4g zbt}C_SKv64RO;>i@^d8x+%_*inBBFMnn4&74Cjm=5#rI>A3i*FV9NQ`;D8g%=zz9)(QAxMo{ zs2lJp6;;-vDK0Z!iN8Pd<1uV*E<>x?pc!|Sn2VQP5$R*zI=c;#BjYbswHWPIQ(bbt z9?tE^Py)v;7t2?6hd}ba9a+QHX%(&48pAX|VDeKm0k&yi)qJ(nw%645MQtz}SPOQM zcKsR4kkD|vCx^_C)%nb(C~1=w!U@!d@!ywzdGm^2kD4i1xyMIprT9FNUvVP2o*VO2 z-Hz<;XQ8ij4E>?=i$l~2dlcT5%cq`JW2(k8IrH_d8m3a4Rywjkq)?HQybhfd2XdiR zg{4!H%jW9x>G+@4FaO^EXMsuco~zc}rT}wa6q?lpAyJDcOGGyc9y$$U$$=MllL4sL z=|XgwDU_%Zl#w*qj`ZF6Myce0uup8PDfum&YaUlnpxqtw<@V`JOK@Y{9ioNj@evB~ zI9&h-n(MV-(nP9D06e+UOO-Vz_LUqGGLutDdb5R@j7_S@gJC39+#Fy5{-tE{@GFaV|!7JpeH8`j88+Rx4`k2(i2OTTg=BpaW{ zI2W~}G&6uQ{oB?g0wNm<;JKHz5hJ4S?M(F|F{9Y9o_mVwG?3t}#B9aEhcMyIx&t~f z%F{$QL1Jn_+nP3gH(wDsUhT>d<8#t??(HxJb)xf#04`qPCXt9v-vG7Lu6CHeON?Ld zj^plEXksc#di+YaAT~ItYngI{Oo#B`-zj0dsb)pwCd1feRgDC|n6lstdY?gxet0G@ zX2GUG1E1okd0-XwfJXl)g+%_NI_)QvC)*#_VB`bmbPN>1oXc}&*JY`rqT4x8 z=}TtMsPHl+2_i$Pmi={Y;a#KlL-E%Ous!?%%2%kKCR5&kaRwn`+tL%t6=Ybxr<9_R zjkA%Zeah_gee4&TWU2VYppI*pRM-=jw>Ue}c=IEj`;|3URLUFU@=+zKu<`O zRzoM=PREKxeYaeBu`XA}{k{b!L%;WTcZARpF+}WCvLzFK()F6H6{2sX29h2UwHc;O zPD22CiD8V0xK2)=Ar(^ng}TK^G=yvH4OswNAxU&6sb>9bULbZClY=#`BMY@lI}=|D zz7b)Y;`<(Iva31^vZkcQ^%b%UF18h0c-CTFZM^~)JXL=H?@+>_9S%vl_%QC^>oWxd%`Iz-s4N^^Jd3`P}iGRV3Q zWU7u5MfNTjt4J$7^|A+5H>>ThS~f`r?jT@VQ^Xb;#&l?a2vUNks*k6_si^oQC95d56PX7C$XI3|%zv-oAn5YrWmp#u7XJxj2>iE)02gRU;nWt&)=8Se zecv-c_5>Q~A_uzf?}aD#S-66bgiv3+K|#`u?MSaZZf^c(d%@kC`VNBBFL_t;Q|ggQ z0ghEGLFC30bAv7ub`wW0LRPYQuYNS+L0IV3}Qotk=e__A8dHqGVM9kx>iP9mhlvr;gd9>m?*EDX{gChi!5~ zT{lx4-MT9eQh|ETMaJxM(*@^WWfqrM6sJ+M;v9fZrXV7ezSqIX9epaH+Bg$PFk3@T zJw02wMiG~<3J?va^tH2H{txSM~`Ihmo?YZ``oa-3fSx4?cOl& zKj&E=>7FV8``F?@f907C_QG@K~9j@6n0==wga$7VD#iHJ=|0|k}(;FbEgL!l1+DaxX;A7 zQ5J8ega{lKb(jQGFhaSO@&!?CEOIkY%fAkVo|P(S$+3Ws$Fa@B@Sq2_CbGYr1l@woaJ}&a5MaJ?7gj zRD%5`T{^XL$AY10H+X({|IQRRRc>U!+3mTH+eEzFQo8Ljx%p#RSWJcdGfvOUOAEzh zt;LTAgo*mmg4vZEOGSsVw2gU5fXC=1HiO^(;{pb;+|JAKkqUb~o|b*g)PC(8{Ix@S zKO=fXA1ehv2L4VqqZM7m%$ptEk01CC#(xwLx_oF-K?Fe(8NO#FeN}F5 zFaUrwWk?V}vytOU;x{k8B9(P}y6B7AZ<4%rgfhyeL+9r}>;hh)oXh$uB>qgH>7e50 zDuk-`wH!rxj#U1MiUV#*LyQ5ts(+6W#P#p7yutTp-s=hHgMw>>(E7cXs8CJ-n$n&a zAGM>vz;Mz4?j?Zz@JTpNXe6Qq?oa5qX`|~^w9>i((DwhpSQB20RtbOrP_T&-Z~8(@ z%3#vWOu?UXbF)qf5HWvWn58^l4-p5qqn@f^3UO(7$rgB&-q`&6lHhWlYNpd=s$IR` zP_oQ(cIR3V?YC!J%V)f5*Qd+NZHa(0w*$-o;H-8V7hKVbc)pPrOMmn^f1BZ|jo#)a zI?1(_&%0k7bmB!XPIN@CQ1-F9-uciu+4|akhH*Q_-ee>#Gxzvxvg%-qlq;M0SWc6O zk1aX6%>W^keA^0alkf5TPXk*e&8=MPMctDoP1@vOH6T>S>}*sMB@!TduIcrt%00uE zy_rB;>_%We@W1&*7NM71Svk$?Sw^~pA+C*4d!dz1QhqpT8fS#7N@;#F8!*94++o`5 z9WXj}<;AJw>$)LUdyuf;Psf@SrrI9gEMDJ2^VfJ)`0l>gvKOg&f!j*r2X%T_*n<1) zJC7auU6xs%>oy0HRaeQW?q>Wv7@>uB`D^zV>ov|G$K#v2KP2qltAMNWfW7SG2&07H z_D-r_W%b0-Q?3ezq9+ex_fP2VrEHuqN)KsvOw#`J!_bC9{|dnUkD|%rP+a|NWojfW zU5}wHeW<5b0;4@0kr|t^*~G!ijWu*30KYz}l(;AjvS{+Mlj3HL2J^Ebxn)QYs-(5{ z*vNFum@o5<$+Ei+>%{HaG;Dw!AaMDE~NUrHk-CH_A|w5+{K%(al?ytER|0!O{EBI^RUM<=4p{o?R#<=Q^ThZwu1Gqlgk1yOR7Bj({d{w&n zSG4;9-z#k|W0HNa5kP*MO>&OV-Bb!$siE;rzwxM2Ke9l_v2Q#?)TDH^#f~E>T<1hC zm6CZsYx<|pYL3f;{RMSXgLUQh3V#{)Xp)5pkDMNlp3=my6kn*L{xVR8W7{rG1ehqH zpK^ejG02aYsb5*cQPbYwq|ugIl{?AlctdZfbnH|TM6Tn)A%Lje#U(A~r#b*s<3ide zY(&sxm!(~;Ag?TJ5czvyl(eeb{>P7;{E7!;?e{w$R*Sf``vCbOJmuFQkH^cxIz}hKJOX!P zrE%S?wi_Qk!5je;Dh{G~YFTC5f*iUs&5yZ5O6&R_NB#nKA6PF+M#&0#v1JzcX|*l9 zPWdPS(=oRRsDUXl!BAV&r@Smkly`7`2yRSOAUh{o*V9<;ZmPTq9a^ys%f5@q=N5Oh zWU8QyQVB$wen80Mp0mR83_*bD_wfkB9+HXUW$%J@SBy5%k4xd;^`|Lq;phmxae`n`^U7SiS_3 ztX0-&LjxldR+#V2j-H~;p+@FZ;ZcG}J$t9R_sMw54y**I#XG>B>&oWHf4+^i5KoQz zrb-@LtPXwKs0pcgUg2T_BJUSOQqp%`$>R(o(`uZl_bh&RYLwa~eEAP3PWzvEAPXmm znyOH$x0;sBKrqrxMKw>M@yF0uV6z8&l}&47neM(XS9$Mb$)7s`WWDUomAX)FIj>!^ z)O}8Z>wEQ|Gt;|6W;~oIC&90D#2tidWn_yBj-dqpsj`Vop~$cNuibqtE0f5{l*f8S zIJN*ZEN9WuJ8AVW904v$Dn$Xepii$z>zq+Nvnuv3R!jlNW9MWBk0m2>;n6q>vhk^1#+6w~ceKUd@>CEe}j( zUpk_=w8oyzrZ;0hOY|bcq?60RMNSq}KCY^gs&m zr$V8nB_JLFU?l`hXZF?PyoLJoqKjx2hN14&z`~Ghk~$O&{Bnfe6+|vxmqUDxXyHI=B9ZP`Te@qbD@)Q2 zn6Ks8P=Y5;5e#evv=h6w3B(0MiYTlB#5PU19f;pX&sL3P9lMg+64q6^0{LnG>rWVWhG!X7Dk^dZgGX2Q<;oCz=pjeBB|^mfc9YDXJtN*1 z!Q{^5HAA^XxigGEA&6(>A1tz9Qx_YUU)XyCREdJ2lEJ2U4YL__FvyZa=Og$y3bd33|&s;o)HR=hUZDwB=xYzoa+c^blH`z$8?l7H;vYC)l6#U_Crs7};`# z3p8Fqc`?&G(tdc#+%knU34ZbC)srUg*b2Pf>24LKi|{|@?q}QUG;9)yivA0Oz*YAq9BNMDjG zXFYEZo97UxQ`!Oxv1$~-CN0lTfXsoe&#}w;)I^ruDFD9}eWWg^+=e!2HEX2f?o?Y^AYU%aGq76)7QX-J;2PCDoR}3xFum zUOxi}?LO7w%lG*ltM2syPHC8sa?-yJ zG>CON8$C3Ds{7m-F}JyfAU?6H3e!WKMPzI>aO(d&-I za_ARUB<>w!PzWb+4~99|$%zI4ZhCCOAC&gWCHnj1Jl_KOqGNX;14gVuVlw(?_*P6> z4@@iBmj$Zg0=NMQ)?EVl``@tO^Mxli$=>P~z}Z(^8Pc*4)DPA#LYeHlNLt&FsB@W3 z)ralOTG@Yvx+ho~Dy(KhW=`){CxTt^VxnpGi{>sctWMM}8skMwSdmtas0;bVB=Z z(3mZJx$B=Rt)9%e(VoWC(S=`-W!*M%bGM*ME^&u_qsS;#fh>Pv3KdzNA2;QKbQm zEXw17tIaC(p9nIYB|aCYh$6~5j(E~SrX=YrKw3XmV+>ym2(^{)C|)wrb0b5M$ogz4 zMP#wV&VAOH5O2os)>W2Ey5)9oTi($+?*nf!pT$^D+!?jT#}Ok>pcNDW^AYZ9R4eCH zr!GigyfJ>L97^J5Mf@F8?*Jm;IFD#%@!0@{?%MDE0N=iSBWCWDut-B~GgPC5-2v=> zGLCAqEzq_9XV3!zGN76uufT~#$&>TuA<)!4{Z@eXntn;YMOBx#!~A{FYzGNh)B6sG zR1KIG4O4Y+vIAA&rrh2LNW;npqH8FFB`gHbJ2)=X77hW0`9O{Z$Ul2}tY0Ll8tJkx-ufJC^Fz1b8UZF2Mm!U)$C)Y5a5 zY6_vL*OVo*1v*9_p%g?eJfDQV7~5jBvsl-#HLBf>{(W2c;zJcB3REp&qX!=3Ir35uTm33b$zYis)91;Upe0s?`n^=(Ypm?aU50x*k~qRxs}}P;ed$Qeen^G`am5^^eeMDc|5=)yjt>9>Dnfy@k|8g~n*dy~r@oiW>Gf%lBNn+5hNn z5YL?3jY4smNkNTRP-XLSNszSqwvqr5Z7F1!x=dS{H?v=raCXf!WDN|*__C$dpSz{A z=q>%*q_AEOVT3SL=IX+*ic~iwxG*hA0s{%Ye`+%v$hJw!n;Yz)77Q?i6F|KxveBwLB~+hnRD^RI8iLcFyM*HgJBUt*qgIe2XD zT1Xqr&r`lBxUB~R2i$@ihTJ5idKcXy-;}DA5iRMyL)x~Xx=WQJN{7YA78_-n->6IR zvR+^(w7_a?;GgkN={A^^&O~2Mf##vUglQaLvumZRtM2a&B6-rg3bJm?D@m5v@oS-m z@z(YdXkW6t{$GL1t|zg>D`apCOMgjZT}Begq3r-JWm>*yR{?NwkAN?Fip`J~jsNHF zA3Q#B&s$pTY%%~-Rid#gB4o#pXTR~7!`@Bg@zIG%(6p9Gk?4`5*zHx_aZ3z`a`exjFQBUZ(&FXMK?#~&1LTzyUrq$V_8>dSex?ttt6K05qC zZ;;`$I6|%gkgP9wJnz#Z)zQ0Klc*Yjh+piaZh>8hUgW6O79G?L)`a$`Ef@PqyCj24 zZyHPP04IyOSU+ zf!so>p`?9yX}<420fN;=ndB2Lu#sChZCjJhJol&$njQVFWd-uz8n+Gzm^em|3g@(W zBDNB&(l^o7%+#_w)#2Czeg?EVU`aV!Z|DNvO472zZtr(02Gi|g0>k$w=Q|dO2{GpkJmO+67 z<`2=kszly~vau-S^O*sB!I&@shi<_42ki;XYzqKGXp%RCMZ&o;B_%lXf4)kKfqVz) z45kg{5t(Q-_1LHTi;qosa zg2PXqTXr2Z0QJi%3q^Khd41FNv2s3PG&UFdt{@Fibx{ zwc#-lF<%4}R5j<$Uvb3lIN zHU=uAk{1UaUp6>1ka|sJZ#l0R&EQw_piu+}c$E7$0BZXD2KHb<3@Mu!t#e5CV#mVqpK_;^$k5k3W->P0D#*sZLD`%`V9%Ht3F=(yi2vWxgCvj2&brB6p1@R|VoXje z+y_Rt^&{`N8rxZ9vIG_k&Z|3QAX?pfhOT)!=9wyB& zyqXH6?8X(blicHebl5_Ozp%BZ~M z;0@;&HJ+zylPo|=n1v}^&SC(4!7l#@jL5T_dE3#WYs>QlBR3wThwhdqF(&d)a*ra7 zIq0>+;A^wW-Xl`G1(}R$;v84P&pfs8)(NBSCxQ0LVprWU(ssyk<3{8phEv@N1u5=# zlqn|9og7g_rT)K3)02_pNpBPK%PJfdFA#l@BEY$Ja9)HqWw#4yYY6L;>(tI=a@evL ziOm#aZg&?x7`%&Ne37(eX0*93aQ;pA(ZUFMucNaOM?Ty{(rehXt3Vwh?JxbR10u)M zf#2D`kR$8YAJOP&=DmFO2C!^CV&%{C)Lp~K7Hlw;VMIL#DzA^_$!T**Sm zFE_n(KWc%-;3JF|4(Vj?ZxVby-v&_X`ql4qg=#T_q-wp-pb}J*DUnhtn#|KsS(BjJ)f2&WW=I_ykMJ)>~Y09X40w47cATsXceOQ2OtNZjY(Rh%;7*h^@q z*4Q-r>np%XVHz+@KXI?sbZZ;CwhRAklOuOlQQ72!pF&8a$PuE~nWo|m^0zO!@c0C~ zdJ?&o9k#mQYg3$lv8_fZE$y4dOu5NYPcMF53h;19xXW0`CGLvzFVryseHIm0lAyeY z+q$e5H~F!T({8>mcEO?e%+#IetnJ!+o3&ps9!Ahk%c)we*!yL6^^g+Q?}Es4z?^?d4ZBm=**?me=FhJ#kN(tYkPgfOT?VpjQDv2lB}H%?DS~Sv=ipQi_?8P@|5lJ z!3_@ayVH`c4tQiTRTWCgkO(EXq2y(~d>c)3q~)fO`4h;lY6TyEMshTnQv{^(Vn7Yj z_l9@Sd|3$4CD8-0u1f%zP{gy?P-)mJv;A}vy&pIySu{1OU(C~C+O{RQnO&8_BOG>U zv0>2&svL9k2nVF2F69i6A}Mus&HCC2y^dVIK}jDL$EW#MaF=CI^D6xWn4aDqRZ- zxpa-HS+d_s5AYRw+yBtVR)N9Ta3;+^@-4EV@OetuSczrl)ThO|pweMZ2Q8+mtD_;W zWk~##ih`$T1_?AXkIqADbSl+$t%yT^;Vt?078BiO7WcMh3-m_jU(1AYn?Oy@4Tsmm z(yOCL8tK)fsg`pF^g-zgB>WazATcNVI-kA*@tPImS~+qVl$Nwp@Pbo?I1}ZUG3RZu zPiAK<0WfrcgYl`;$NkE+V_MC?e?N{{d9E1zY9W`bxfTdMuW@D+vi3rf*3H)hfAi4v zbWk7^5V*UEOK53(dcRfZKrieT)pBMs9JAOIQFUP@Gw;c|I#=F=kc8?0V_}MN_M7gi zQ+c2Q@Kn4qd90wsGdr8ER{{Vw54h?l3Y^qIm(qY4p>GY>Q>@ShNAJbt{=4gv=r9Jg zog#eC9%I_*^wszVNw+GZ_xy|$JBM@wSqg3u9YlB-iMW1*#ph?FX%WuXnggrMjX$?( z-nb}DWXX#Eb=DSK(++5&FI;tRNpWTgz_R$%(dt^`e;tDswq!!ZahFE7T8QObd@ppX za^yM8Bf@^l_Vg`K61o^27)U5MI8S2})x6(OHJx9*2Exa$!C5+RtXl)!vX<>oa%Kj%<=|~hhl}#hi3cWR zdos$1jdEEBM}E>_sH^C2(tryuBMS#`JPCMmM!OA53?RLPwZ{t1B8>A0TdjTz`R2mJ zrR{N4FOQO9ilXu!it84IG5->Lk24;5V?lr@d{t;G-9K^&I+=+F2p`PpK#JtESp#O> zf{RS!bQh|_Ej5d>)tn;9pL35Aqaelz@uh0vuH9JMwaKuD?5Q8ArT%!xH*>L>5V(pz zHH)X^K-)Z->)8JOj>AQ zG!D^moGs*|is`VzhnW$2&L%w=)24y<&1=rPvJS+rrPkwSk$4@@jyiUi^J#b~?ZoXg9AKYZ$$2gFE+8z9F@Z zeQJZC-|yTtd*SXWo%QtId6LA{x-RECPt0CUZ721$QWS0+HDS+H8Vo{S%<%S`M1=t^ z(<6AKbP1Q!fpqRrwQ<@85Gpo1!S^X-KV~rB=^NX`5$v!L#U9f)vYS zW7Aw)=u3>lH6gZ9T96Equ|#vN-G2;t$n6og8Et!L2$3bO~Vq*3C~ z%%x27eJG7$|v>Q?$QobC{TV< z^(pUWp1YEd%JZW)4cHQKF7lUaJ{#N?*B^cyMSBF-tSM9D{>$b|`&6GTbSlo=ca* z>->Mv>%>#?Cx-i(>Gz(kz)#`4&o4Nf-~Gbl0{b)px20*TrDu)6)OjR{Lcq;%_K%5x z|0Ncd57Yk0*kceY{HdRHB^4znrHq34beQhK1=H03>bn6ei_by`!lpXQT77Lb^qF_= zHNTr{k&YdzCc$NYX-X>XFS+Mtuii`0%rq%uO{WeopFMmAyRrWPK%uV`ZaD^m_Kzo= zRVs;1d`doGt=X%GSch9M>hAFHZhazu7MT9X8=+1MrY!Q*vx^mTP8FGbtpNfIB}}uX z$}!{W=QJ9wG~#B@LF=Abw~dB;F=3!syD0h^BTelT@b)#u@4&xE*FeLDJna?SypmU* zCLeB9;OwesW(sKGT<82-lUw>X;%+mj?6R;T!GSpq;$x8i@ZW`sIP$pE7303pZhn^a zaJqW%!~f5d8Y0_@BjFPRc?{e!^&t3VgoiAQGIbr>t9k(($~(8TkW_bbk?k1xMrooi z6J!6fD%J-#Cj{zLIs6NgY$D~%gLN5EP*&Rs;vV^5W6_!FC6`N!C4ur9F$CgPtMSiY zIjO)6D(Fms=5rI1u7D7E)VjyBG|r?E{;eymmjqh*#unN}~L#&i$fXHfJ7H*!zi{!!Fn z)&4vGTN`k4Tn*5)H@v;ZC4Puo(!eeQ8~9h{{YE-zu@B8qVp1NY6Nz}^^LXq6hq;{< zTyTxpcW}5jOim;Z+PD=DxZv1x5Px0&xgVXUlF`Qx-<3a&V?H%Juu6H&nEs0vsT@`a zh!TP4QxV7-X}5UxLT#{BP|SPXU|wEElZvJ!`tXtVv<4e#+qoz7T0c5g$Pqq}S?N$S z-9S-VUS7WjnP^F~=+ep<*|lc!^j2PlfT_EqwODaKI~_@!M-1DyKf`uuG%8e*HA`h& z-pMXJ)GcmZq_HR{m}{|wSw6DE7L#U?=22_NZCIM*9qK#!)Q3?hd#(tHb>+q5&a^*f zoO+NSx(yt<3Ce{t*jd%ge!JEmAJ)r#_S`39`1`0t4u0A`-E-Wxq5q|x%-IjcPwqdl zK1hr>Wj6g%i%m1TCR$6{Q}9EMHjR_YRovtx0-3euEZta*MjdcWs!IgRet%;;23=h$n8IafeW2$$2DMj6 z5JlD_u7TCQc58j0u(&gm?l%B9k~79s$cuuprQga;X0mpi-{Fj!P{kM)`>x>ByjjNW zbVzYWs?qXb3Qk)O?yw_N<8%CO{)G{`6UH3JsHL6o5~6;deY5=tp(4x( z`*=dh!;TWlad!1uvHA69p+tIC1XPeSwtPX6@xv}SI%^KYE`S#e_SFH2^rf$jhUzfEH?uw64ZlyF-43OOZGo)VX~U~7*E46A!(Zq~w8 zgam#D=nTcn#S<;{!n8m06Nefc@~^pkvVFq%6F}G@;8sF_YUZUr#jdF5Z1F)ANoW7A zZD9TY$7g2m73L*TD+th;FjG3xq`9ypOoy^gf3mlk-0$JR5*BgiqyTz?!6Y?7H7K{% z01FeQa6-C~M>nVsIi7@%atJ&!O1)i?OitdcNg&&g{%${eD@RwN4b8`xp!BHmc^%Jh1vGOJ$VrM$CL4^2&b{EM3`NM1_k^*Vp`%R%(292#P%Ae z5^J+~D63CL-{;x477X(&B4LcjSf~csEmPlfxw&~3 z!FQjrg(bk5*#CR~Pe#9a*{spvXxP1XfhWSm9^~{sk48KKOBM?cz;}{XO2PF=-K5?> z22OD229-5sKFAA<^{ccyu5W|1N z!UD`j`1eUOGIsLohnM4D;zd|O!r47tsei%n(iiTKto=CC#{a?T2nK(Ycc|IWq11!? z@PUHl5#-0?^a2dsm-Y@zj?u7jy*F9&BS;f^5gqE|As8t==Ha3#Wy#5&AnJoPShbi8 z$!j>g3-3@_E$&h~J0trf`(FxGv?5|}R9`$_#{C5agilzCxze3lc@+`OIA>e4D#lz9 z2aW>Lgu!-HHM8B2Rgkv!#Lf zz~}{Vlm)A8%rjx5KA|D6~CtW|@uy)H-y@mNpoqf{q z_r!Z)J_sI$iK-}XKDK^=yq)hkbwdv{9i@cJ6Vglrnj-RBr$Ui!lfJ8zq@Wu%gm+hL zk6XgnLeSzY`_x{-DeXq-d6=*9`4UNd6#imNU${mfl@FWny!&>+uvl_ZwW0e++!f-a zd3<|%rU-!?Xd2Njt6C6kMSiSP@@f6yvKU44rnqyExlWgx&(9!q2dSfv%N7ZcQ6aVE zZutX(JM<0n&=q@MaL;Q!ni_q7_4*BJ8Zt*^ff zw@t3G5@65cMl>ViV2|96P^ zQ4TMt*5__{#R~$vBG0HlGULaj(OGtEnD>Z~edoDb_2(fq8>d!oSZ$b7=*GBtb5Oa($7! z`^WQl3UiybNHk0HX(}aVIdz&-fzq=nZMS7l;Amq6!nN@Ei0ND4s3lEH1r9L3Aw@{- zK%eVN74ePYU%2{K<+p7^CA&bt=nxc}-I}aC;ief70Ew)4x*Ui0a$|qse&Tc}VS3 z_|o#sX$r_IL92}$gH#C9Xg)Nh|I1W+iX<_gOhxPl@m;8v;K9o8%rYtqzXo%WpJ&KAJfjGh;!dIbh+PKq(8th&K!JAoj3T#NSeNW{nb=Fms zCVAG*HhRv5+h?1o{J=jrOkkOilR`dt%A~V>lJGf0B5KdJ?a&vmkUp@ajp8f(=tc71C9{!+9G|s8L3|7QtgAD92^8jf3 zv;#_z0kxyspNXlRvC=q{piPpix;4*#g z*C?EF>rKsMM?Y$Ov>eSn*-Mu;ma1X5A5`@I85xIdRAk%*?4!PW%PZG;y9X&3U@Azj zy=e7;ji5{79@z021B=WM0}%&jIfd`uP+4UAcG-yBIxqy z9tg^($mk_Rf_decszydUCZbn1uNNRU{2olM`jo{l(5g*KJ#o`vM!H(70EWg3UDlJ? z`UUdClCWJ!jIfTTG89WMm%oOYAV4<84 zjfVSeVPG~M7Iy-s`W)-ju;73q)+iRSfF?;6Apou79>2 z1249Nplo5yE4zp)lfzGZ$J2z!(+p>i8KUx*vJo^d58Bk}<^D0ZSP&%-pH^JohL&5- zZ1;;5eSl#xrEeh(<=h1~3SeHsSlmFqaz;>Kd-f+jwz0V+CW0wX z&Q%rnJLG6NUwYlu7gl4?$j6wwRn5Dxv>wU>ZMub~8!m+SSjO%cF(8Pn*@jIuNW9L{ z$w^}pAzm^j9O93JY^lK?P@?!J9*S9(=+S_>VRmBhckMtu9j&sUpQOjoW2>M0*8x98 zJA7j=>*8Vf01GHgCkknV-^eQCD(jBSa7I6#ZJp}Kb>^wNi?Sl7@q1RuD;&8KCL{dtUE^Bq0;9r_SGY52+3k%` zZ2i*yojk8;>gS0IfO=j7A}8ZUi+xG-rBsSR4w%}zgfHPOy%^8UYLlH#1PQuDY;376 z?2@}ORvpz!fwamYhUgEh-$y~oQom2#H>8pRR%qZYc57sgdv&V1Aq{nPe}Y!{E7V(h z(gjB1=5oLhjU@~x=Gt$vQy*i)f>EWwnMZRDx!O`kP62vL0{Ja%F{U1qmj#gr6DXz>A0SLJaI*}f}+=m}L`{AP? z%>r7D;3Z6fbf6?0y7q-nEH8~eWW9$rl~|pcu8kJtvQwdfvzKc z(wQpU5M3!>f%~CHiw>2YkBc292XV@4r>Ef)oNiG9&T+WvTsde%zyQzaI9`qP+hq`F zHgliA-ff}pIJ5WqwM%_Uy;wlRbK)zkCO|XeAj!R3Dz@PaB6Dn*wg|Ci(6H(tq8;a0 zRTC}_%LRP(<))Af;^g$R+GFb>Hrb!&ix1zzJxDQdD!k<{lH=Q}v^#ll2P1{?B2$yd zx_%7oHTkro_|0ppBT(Kl zbrE0`U*gMMBxM9E(xh{)8X-ooV#3!FSX4*uyeuMv$xz4@lC^yzKd9j(aWU_JNBKG< z3li*cn_xPfMT2=d7UiHp9kTatE49U_OU|Tr= za=WSQxALenQi>5YwegS`TVtmk?6dbqM%`{K4udO;HwZnocM1uzL;4RiqtU(}Mr0d1 z2msBt8VDL!*#4?X3sSVm(15O-fu>*KfgfJ7r850Z6gpq=r)}Ck$s60Kzv&f!{Vwf* zFf0l*xh5Q(VdE+r-~^8mX{K2vR~tR6L#*f9e@qlFjA2)Y%amS5acSBY@kt}*I)$ix zps&4C0YUmqB>Y!=a6PfV=_?f8yfKo^@nm?r0Z5fId!OLLc3D(9xjM-sY#5N$AY}c zX(=W)fjwtiYQV94fn_W^@%DO_lWD9wZ?d^e_fed)_E&A3YxUKr)`us*hVj0F4C~Ar zPD-8~Y(_yX+>zD{ik?u@tEE0B$TKj{jhknU9W30utOa>|&Wn@Rl|)E1VG)HWRuviz z9q@^b{@?A zz3_*3JPemYSOJM|OV7twF= zLi<#hGYt&R8H6QXYECsSFH1lFFf`4T9LYLcMp^@6?mI9u5WWFZ`itP+r-|2NFnkr` zxyrXIDILI@&#_4i)Ss#gTjcVh z%^{4%LjkAJ4krR^wMPsbNGb^6*Aw#!SU7BSfaketxv+j+M8k>6Z{s*RQuM!q899d% zsnEBz=Lq|W|2v*EMs~NU7haLj4*<2DYOx_x?1Cm8qpi z=mU-oAbqQS^Yb-BEwM9FvzTwPe*E4LP>}M|g zkr@ds&fT)8q5QWTO_6df?^+KdX8yJF|*vc7*VBq_Uik2}1 zP=%MV73F(mCXTBoTR&TKies>~c29Oly@UH?J_XrGHwe{lo}y9t0jJ!=2_-IWvUu6t!&{`bqdcm>%c15c^P~_ zSukO8Pv9&UA@8bb1-FF~hN}%sRhr49if?~*Sf;FZB+vE2?9UMEY*=f3L=}}N`AO#u zJ-+uG_x{7NX-APunua7>>rYq_@9G$=u&NRwsk1$Vo1g;;u{gp96Med57>qatwf$7* zLMwF6HRILL*30j;YZjcxKLSA+q}+3JoiN~=Nm3=HKO$RW#Q-y_UR%NX4;LqWXg#g--eJ8Ws?f@zf^roT0MrXx7RvON6Otg(AM5A21!ZM`QGUD#{I7RsY ztH#0<=vo>1!Jk(37PAJ!Tn1&3qN039G&kGB54}8nMq5hA2o!n^7vS*Vtwi)7b*Urm zKAhDedUU>3OP4&t>jEo#E2_Dx7I`PT#-zU=l~}xh<(!a7It32}*gY$oYi67HqqgG* z-Tr`B3H&4?IErDLEo1uP#f_SFD8O%yYuAU3GgdJxuT}`poccN{as+GfgTJ;;jMMvq zHZK{8&EdGEy{xEjtrgvPYng$jeo_f1DNfFl-5_Hl8eom2nDwo^?AQy_xI*ikQm#5v zc}74z-id$ZsQBZcZIRO~eAx*`S%9vGrnSo`)jGqs&@%j|BG>cg4G5R3johOlavu zJiOC2#TTex1N2qGk!)mpVzed%W@*j2VpJb2vMpu19?Jw*myu29dIo4WOhRm9hp6NA z`LpMPrJe+Mj~6SKUI!6-G7{WOt|m0h0>QSFq4!K0|ET>UFx@ zbr8LWk)e;g=w<#hKwfhoUnDBaCBOWJmpgA%wqYCF# zUns}z9y(CfMrWa1)kjg= z6-~*mDX#OsagAlU!8Fmg3LgDK0bhv*YFHEwvGG~`+XFoB8TT`kr*7{kPXZ&lAU;pR ze-{k3ZGY&+xC)H9<%K|hlCjJ1YZGw{12o~%bodSi44fqg(2)OS%CRtwZ*UcoCj3Fp zXE1>ASmwO}$VqD|sr5vst`l z*&ZB8FeJBvOm+nNGXxyrvp@L^8AEq$Y_rwF6wCe|YPA3~-#U40nFFdV2F2`kYX7N{ zX32q4pZF2N4M{H3H5z8{kux|6nVku1UqEru=$<68@J3UhPw|^r>3kmk7=IIoTT5M} zs)#-8HEe~vo>Lt%EDD(`3+srb1ZTsWVICt0zGw9 z)u??ib8HH{qlpavTi=2Cyx@knVXc-xJN*^``gYTjd$>fXe7hH?4y~}34((1O%MyYS zVS|mQXl0>&>)r6fVDj+sDquDS$4T$UY>khscL>P;i-s47FxG!N8<*PM;!zDg%|BV3 zPHZaIpJ};>NO-Q^m9BGh>pbLq07j<2qRjK2N(8Eva>XU`u7wc`I=-1Sb`_X%qNNPHmDN2P9Ekb=n zoeFIH)}${V&#{Rxseu7zG^#~30}SvBu#1929PH)e4Z(1fI^E{L$%Aza2kKc;#a;ZI zMqur4`_zWP+E?yEpTWT~{o_c@C;XO_FbVOicx1NBlCi@0rQg-yd7F1t*m! zKe{441HkncM8WCIeKM^8rSCF;$5TCY;LVG)BTqlWL+3ci|5o3lQ+BQxtBPs2(kesGuE!SW3g5+{)odQTj(gg1f+$2p9%6p`mg+ns2zGuF=`7y@obqHCS= zi>1TbN1ffwT=k*uU)eE5PUyZuTm5|<(Zkqwp>yNOfo-Nu+xmLCyyYZx%w;`wT*_$c z%rMZ$#3uObyx0Cm{!dI2jj`f`Y3==Px26@kDOrP#f4A?RT6+&!eM4_~9Nc6I`)0u&YK<#EW10gO1nx=$Pg!D?On`cf!ve}1 zva_zq=}x%IQb~YzItx>O@*Q(A3}YsO6+H|I97TafZ9q@3WK(@nN7nH{O5#njr1jib zWL%i~L4tZ9=m_Q+dOb2e+2n^fI4g`M?t5fKvM2_|%kiqk^itPEy;$$4d_tj0poeFq zqcwK-RG5^2?tn_8Yf4_@RxsP|*8T13=IufAIi5y;S?yeOU2b>kw z{(oy5sq8Eew=Tm@*1bj=@u;EdRBnRkA|+1>5Be*WW>r3P4FEpuJ~@GD>@>t!*#)W{ zxN{i1hsj?|lk6-E>t}rb;{7v7D*sWKHxld04Qo0%rjj=rXo5CzboDMJO^Kmq?DtA$C#0K06f+GHz6P70)>9d+fS2H+v7MmPA$2n3l&bz@8P?!GSK(if z0sbHqn}!>oB=RXT+tE96gA6EB)NOu8R?B#9G#PEZ&Jt(^v|tEgh}tw3UsFkA85~=m zMbS{6g4nWfb_vr-G&#PWPa;m}h=HuG7-!w9oF;0RB-zv@_d9x$3kpp!85>nTZ`|f+ zu1eWKv0Td;AF6b*P&Hr)#Lj$<5E*D#@nzS7F-HNZ$qz>b5{*&xwPdupL?9${lUSn} zH`o%m-5pd6-HD#{ucJe{l$06Bgp_k=JF?oojd@DflfT9}#CZ>b+TaV%WQY@NJ z3a|l|fxjVfV~ZUb!zZ)T(dM!@4^7Jk+Mzhi7Kn3WleVhq9cLMmL()t!CoJ^$hg>dI zr?G7`@TKd@Y7+Eb5^OZhTXahf&iMp`!1#66nAl3p;y-?S!;a0U82dr0Zw&oA`+~Wv zWW~}nnzq*$KV7cGz`iK9uY9q5%jHXdaJ)a*&8jSpw@SG4tqyL8A+;|dutKsGi15J2gA5A9jJ}`%WfCnB>bp3a{gK2G`efU z(4(=lKFnc9OCF=6)A{yvbUV)&IO1hU9Kf}Nc|?i<$yGdJs@G;te$=}5XE)4Gz}bJF zV^6IiLP0PCWm@iMy5~GGk!t>u+I{d804-a(%jk@!j&oGybpOnUlJFc)G2- zMmV>(wLf~#mR@1UbM`^o-TYnzaTGd8Zq-T$1>Ty#s0nCk6u~niCY00jv{2JV1{NQ3 zN={FV14N(B?I*l*oQ*X%J6ZoL)x30_quxiEZdw+(Cm=2VS);NZRZWyxj>{#T z+W`_NwUJ5DoBGeThdKGXra&=LLli_L6fNA*oV}fSI+Wl^4dF9pv(5r*i(5tT1H1tH z?^*V<+8_CxUg|-Ud zzLPrj_J_vxrpPb$HYIiod(E9K3&(vi3B2ID$_t?GErLO_MK|K}fBfM{!W%Lz5ut0% znoHZw-*YHyI|*F3`I0YfD*<)_p1*IvWuHkX6wFsZE=SbezJpQ|MtO6wXg@b+*Q6t; zXB>%4O9i^tx?jwEjTxTa+68OiYUKb@&orjaF`NKWjsLC(tmnkCuTeb-T489V!CBGA zXE{|G?TB0Px;DoaGk=0F=@e~P?z0W>nP5d>%ao#`3kAU&J1lFRCCmnoO7x$TVgufM z!nM`=Y1f***Xpg)pb}zfFQdsgu{UEj0|CzX7V#8&FF9rD|TR zOn0J|kz8UP4M6?ubrq*ILLn+(C|R8nkG{9r{A6tn0rU1|&bTUno@W?KA%2QOT}*dg ztognMxVb19=I2b2BJB?=U+gf_upy7MzlmrVkI2R{eEHPp{eETdiVI5~o7LSv*HWbt zggS3=g-(&eGmUFMcAQTjbdTWp3H+Tr8GeD3tO^3c%MhDl`&sZU81VeeJUh0UE z*%Fi!lz@hj>=)Yz>CF<$gK+Mb3RKVY3QVn6e7+CJ01vCwv8{hxV~^nBfEpTw4MU!r zyU$Sg!*G-iuDf|tcJO~cAZn<=(Zqp-1HBHc>ao`=-*Hu(YHN^FbK_TS$uY8htdRGA zcRF9C7sL=aSns#a_CR#5tDPm@^E^-sl(emf1ygxuSehn90gTtmL~^?^06^7O^fOFa zn?Y&SJ*fX)gJ)>3r&A8U4;X`y4h4b(aZpdM5X>r2E-tjQ-X2dg(`Diyd9Tv$g)G!( zEH``p_<%__3-3Npd%~-&sLIwtJ87h!9ir?RT84R-!=i|!hdE{BTpGty;3P8mty({- zV~CG;e6m(^s4Xu-(6Vj}7g>#L40`d3<(sG*i@f~ZIs9DV%@6h;j;(H4ze?*BNG`#N z^?#`{#ifM$HW8DLGtbGj2cBvx^UPHoL`M$k0-Squs~dVp3j>R#kItGY=Hg5%3>VV+ z`Z>{prxSMf=C60{^2jILNfzR53-_m%oaPVLeZrhE)l3Ge_*DZn2EFtWo|7}&-57Ob za6lY0)~2h^x;!@YbBVpQ0x;E&5HbgjwEkpz)N-=XO0Y2zM;ndbCK3EcCinzDGR7#s zd|Fs31@V!*QiNV7?Y_~`$LEiTNrEaNIA&sh2*Ew#PTwszceEJxt{%Db~ zOE@|w;X=l`AtnaH^iT0m=wI7!{z%;vsc615bf>DCPt}iur%Z`$pM9C6aYPl>M6Z}s z|BbHr57ioI#;KheBs)m`vi?t0Cme=J_~qaOXR;W0t)eGmM>DD zYyzb>r4rm-?h?`4*GD|$bjNG4il&$`Ok2C(37;2#Ma5Qg@5k?Osl_4`t{$@#?urmD zz_y4X^^ub*7hQfrD5DZ*A}^~Jfw7@Bz2?b;B;!w>(Ki4FrXM6>?3A_R?1Ixx7ohg>)V$H(fEUDykT$-MD7oeZ#rfwqlfGO3?V z9$SeRgC=bf7@?!~&)|cp8M!;FQz2CiMqs;O^BW&>B?q4u_Q5yS;Hevgj=uS$x<}A0 zFZD6W?YP*VN*mGnmU2f0APO&(Skjbk=C9&X*|zAzuW24xkFF^y8u-Dh?Pa5E|_iAY&bzcI z=G}boTYUQ7(V>$3z2!cMNqH_wSRU(nt-#t`bey=!y0@&rY1wOw_4^NDcj@OpZR%b^ zQZxS8Ggo&1BH2hb7pH<~2tDI>#SpRs8PEps>|HuW9TA=8)_wCcVHgfl7i42Aqu1`j z4EtMU&A<;^aLn{Vs$(AIr4e93GqmoQvVhf!5=!UB0-Ea8RKtW=3^w#RH^9wUEeYf> z+F>7D6A{whhr6|S^usc)2X;Oui<~AsoEsU`*DH{_-ifgQloSnAy#Bl)!wMiAWGB_< zYg`%OIEM+!e`fo-#{LgU^8FU=yw<5qVoT{hqx-rC%U4&!!f(`$xpvnk97Qc5GS)h# zct9#3KMNJJ)0mRc!wN>KGp;O@c0m^B8AWRblujwYu!5}h`i3I_N z&4UbvJHpl$%Nq-<{Y}Rjyz8M=cYsz|5vCQy>EE#qcgyECt{yR;FpRf+^nhd|>U+su zuGYe1#{S=&)!peNkM+=#^} z+qmcwK8%C56AGJiPS-V8-hVpjK({0V?ch+{CbT;S5RSacttX6YYpA@_K!4_VTo2CJnfm-bmdTrJ|?Nbm71~^OSYR|>nTCe&H>HU<-g!FIEpLx zLXlVwXI^A5W;?dHSLdEgZq*Fe6ebjQg3R?!bGQX%;x%zNz-XX^YedY951oV$u@5lM zKkdGT4V(z6K(5(aStlP#iIMU~QrfsABd%3e^P~h3TPANnY6;zKdQjMj8?0|t`)(p$ zRHy4sO|`21gSpwbub=mC5BRzCsD(h_Co)%)UnQcvdiufiXARt?8uUg zxgMeu$9Chf(j4fuLWz)?rY{n&MLlKfubgb5D z&QU=HXgQtLQ9Bz88KGfq%+ktW-AP$-r5F~HOmTA`hAs(59I&h>uIlG8?}2^S}`Z`9-gCq$`UjWnY2Ps`mSpUO3LLa z_fj68{p0?f+k(8r21DM@cm7E)L!9&yV8S|Qhmk= zRsNU#gjbMeg}9RZRmMop;wU2SjiGe%<68@0&FARlTR6Ai2OMN2O+BI!NYgFqSEUgh zp}cqtl>e*Hs9!WnV2Q`3yP7d^^xL9DmvuX?lmB#lrgbDijg{|45QD{s+xmu*3pjsb z1<*hhn5zqSCK6r2lYau84ei6j+TVzk9hyf zJ3tT?hi~Sd@A?MyM{vJbQLcEcoj^Cqkbh(wZ{qU`Hz(Gkh?@RNy61 zWEF0@b_4yZ+g?J?3-|h^x?25Vbm$Z#$EwD7;HN52k8itC1K1=)&u$Y|a`^yEB@FMJ zlZs)-UiTk`SlUy~HCVfiZH{U%_Rr$pEEYs}ow=K0f3x62PIt&h9iMhop0RIuw%803 z^B`G$(HbGk;vJHW&kJ{D?J3Ruq_{@Ko5E#F zl1n>e4?5ab<0;p6w_1UWot!;2+%}?S6d~9n%?m}DbqLQsX`-j~GZdC#n7Fi(6 z8s}{c(dbVO6VHn2k)$W)%cmcDW9b)UbQe(5-7(4sS_%#*KjkS}P*}HxcarYy0gz>K zjqavS)o#BL_^J)1wTx011{Bu)N>(NB;s)ByckjnLPjseCpR57T@6iG)5w+2{Oki(y z2I^u!`>Xs){Da73k=uKM+vtKBu`^jasO5P1t;xs|l>Kb(&#p4A6I|vvAW#`xw5^bN z(9-4>G$~4`JtzT8>#tx-A#6S<6&Xyk8PUG--p|J@{8!!%H;)L$I-rNyd^ck9*u{L)J>s<;dRk6 zFCI5!YXi80N_mWaa1wYhTfN3AC{uGYmqqdtS_^yaI}lGRHj*nZQODu<$0o5GGqe)W z-eF3mZBYF=*6~$zF^!MHJN-XKZcSSG{hv$B<8s7sZU*??Y=+m|2lhSHIM}g;y8B6N zQz-6JRdR<6S8S|ibo4CBR4PXEaT~b?p2FQ5*6cO~ws|D$^*Z;qg^yJYWy^pLLzeJ1 zY$7?($1BWN2lEi_4A_{$Q%&9#0_H3NqoD$)3t?P%oLH*Vv%6GVOoRhfaP(tge6+%w zJ|1*+^+$(~(9gPw6Rms?o3^faSx>;DZb+vJG=E67FYoO!aPfazH?o~MDqR}YwZYVI z4eg;q2pcdXf8m$V4(ZZ+J2{;qloRAU>TcqKbmRbx6-doWN9A$(!Ob;?JO8OjV1dw3 zg`NOiB^6*#z!@&ZUxVn!nz}a^uB;FeZkeQOIxFF*XjuW^;4!#GnQ-p4KWteo89l^C zriBowPzVxUeI?%M(qJ_l=4VKgJa8@F4-v75oxmUhQb$G#eMWc}F<}~Dj_3kv&tIbd zsc?&TVH24QPws&lsI=Zwt3Ua|0X|6xTz)nx&N)-Uq#@H1&6=dD$?v3wFA1!ouWKRB z{dWG7f=Ts>wLs6>XXhXw*F)B__Ns0(5_@pNOqTQ;Lo~}}&!Gg}sBJMiSX>%v^_?7) zqUJ0BqU%Oc%P8YSdU4*1a7O&A?o(vD%-8L^VL6Num=oZ>!$wgg$z@pSwFMC6oVpfy zK47g`EO74jnOuOrP=jmwQzGFP4G}B`>r~+oPkhdroERz3AH9QV+h`HGRBe0*-2Lo$ zy2{^}T^h&>raho7^^)B0`r#QDM^CV|PFM?ZsSO#JTCd<#Oj!9;vie%UH1_30gc*bQ z57X{ToK+Oeq$6Px@iZ#~j+3eMay5?xv#|d-y<2iH#x&F5QW#-!bG+U~g!y*?y;cwOk%L-Poi>Z7 z=0@SEm)T%EPMtVn>}6C~1!CcG5T0!k`_<(a#Q*0qRzNd@h+M zdV!&Wfc(4O6G$|ypYTx!Xyy9M+TvpNTtB(eC;d+4jY`MI-`Bt?WYJ^l59Yc5xqSQ+3do9Z9_TKQazMY6@FeEC!N z8q*4HslVS;I`9HghAE=&=wLP_hU6wQi0wT*et7ALLa~Gx+d->_LAwqo_R?CNGkos= z`~Sdk?ssSFAkr;bHTx5c6DF=LsV^OhR*zz9ta<}qEz|qq6ooBfFG?S@#)Mx~`syX6 zkx(1!tSNpW*DS7E18Qm+Jl=tcDjQpH48c&~448I0g@Em$kq{SZ9Ykg5eV$a)e7X5+ zwy8^FIV_a}g+~aOOxUOk0s~_m{fow918+qDO6VaSt z9YC+{NeX_txF7O}yz4ypfj>Pm{1f+*WC>tuMtP!w;w@(o^bS=3;jfawAsKQrXG(7- zLbewXgW@jYqm1ruF`MsX0UGNpT$@+Vr5ednEA-<~g|n8>3ctBt0SWiR zz;z1mULcXZyM=cr!lDoa{y}5SyjQGDUi%H@t4iLYDtf9I}KU9ObZ1LcFg+6xYI8#hk* zcotvPXASPeVW^d*xoxvyf$|EG18$5u>qTZ}Hm)}hLLYF6@;ZZ~{9tiA&k#9|bU?Eg z27}Lq)yT_twl-L>oiwC0%g|5(IM*a)qQ~%>x0`SZocsz6r!H{Bhc3e`yh9_<1w9fs z%qR4!DS6d$kAALzE7_J=5t({fNgt%`U}#K>bzDc}@AVQ!58e=^FwmL8d#@<(J2c_^ z$VEWHVkvl_eN9ZcOkHbu{mqnH+ctbk%6qRtigckJPSku7sSD0P^vLvVTqGT$4;^b# z9=!cIF?FWr*Ts^L!mi=iQ7lqD=kvpkZlwLxzjkuAO$wA&8ww}=t<}p+I^#r_j88-3 zq|~HqS6bHaB1-X($Db5#*%6S98LSjs!aP)G@^0fVUzm`b@#0%I6gE`U73I_%%g9f{ z|F?<6b<1FNUM$2LN)FXjh0$-GhMdZ#+hUC|2MPPe9z~q#+Ebe2qQa=-tj62dRnT)DX&c?m5(G$hXS@o2Hz7#(;L>!c z&D|n64gTD|%M3i$c^|7n;%Z1JIWS3Oj!EL0?1jaIHg{9%M;sg3*SQWkhqxIEXvSYSe&I zVN~TJV=lY%z+rXW9MPs7ElH92>YKM`@?SoqVDu&^&Ah``(D^{6Y7gOJ*axOjr{jcI z&a_!&*h6!Y&+Z{tl9TVFd^O+$q`fAZproYG`nHwSuxg#F7I?f~?$gj0$BO0NynR)V z*q70N`qc+k_4P_f$m76r=?xB!@Y-nCB`K0b=V`x}O8IDi^5%EvV+GTO15{ARVFv~i za6&1vhw&q;_?{OHcr5N;w7Z0%2iKKPi()M(B>Um&X2VbxY=2GMJ2Y!CdDkpr?~HYU zH!Q&Zne$}GX_C?pGcNQcvATIvDKp8?QTmg#^@A+k4i`kv<$@RqJ+dvb_tvc88mMmp zH3qw^GhxOPXeY?Gb2(4ipV(^zqOkycOGP>vT~-*`4%;Jrpb31?-xRyiP16WDV(n2) ze}0dDtATkme!7x~MAQbx?vIDwEIR1|9eKJ@f-i<-_Y({E0qHc zuA{|gQw_n~>tL0fIWFKj3#M074s-xuxG3>Bge_0gD;Jp0F zlSHfDeN(WWYeohz=#fg9j1KAo_bl%asaI9>!Wt}ARW=lKtGyX%Amj_39~mVj zEc8Vm=jV(-H{o22wN|6EDI-8po2^+{7}ER>P5)Bg$diZ+Fl52U2IBtFnr7Ro$(LO( zX-S&;*^vPO#C`kKKFo_J+nQtO@Sy?-#T_stD++CYdbn5aql zoE37eovp$I1N5TpDQBuWpg<`9T0boDGaZe9k0eZpF(WhoG`LPS_Lydk zNi1B8RDE_|rpk;r_`0GmqS-_}k>?Tk>4A1$W9}zUFgZZwiwBZS$DR;){NW;99} z8|Qm%atT_C67XFn203gZVh%!zX3d{%@9A+K(0_y{=ZNx~6?-`O7PpuyQvRE~=~<)_5pb@H(Ej z-yH94z~DuVvC#^a?qFuAa!p#0aSWMeu{m*c+zwmBcZ+YFv;w&%uqM^oJo)e00@%4Y)iz0v0lwyv5Sp-9;rIskD(Ikq3l`_ABkSUt{3;?=AQBD>r*C94$vd zpXQCy5IbIH)pn(;8s7i|%LsZS^k13+WKV(FdJi{ZD&4(eiE4Yd=h`4pg^`aV1FTR6 zd%CtO;U8dI8kFf6-Yhg}pRetsvPfEUT)>I(o{FUDLT9szSADm$_$*UMifbk?2T^D( z^JS-mvfodS`Ak4-h-n4daCpaZNwYY|<0I|?GHNU(zPa2)nWsuK>tu!VwUmgyGf2@7 zVycyODJkY0(^siSKux#W(BYQ93q?OSgIXY=K2Yy*Kn^EbN4Dwo?r&)hUvH<{vvINH zTmrBJj?`=0UkDl2r*~Rlix{hI-jm%}_BOpVzh(X=Vpru9dA_q6pS9dvksGyGz7O}= z7(Bp~hNi%)JeDNtMOVF+{xBG0pG;d2gY}NQUh|fMP9j;DjhJG%`X+}AHc+ET6b?M4 zq&odNBbpbGw1|teDgvh1Jxy@pPMez?Ll(d!^z$rYe8m6Pn@sSXTu)F`i@0{wnF~ij zj*Q4WD`SzTn7BC7bA$e}rRZw(+QgvGmAhZWM_x==0w!|&9 zxiy=Q%(0k=rsL5ct%q*xxcGe&M3W6xEEl&PBSE013<`PiQc$*qG-x>Bf-j5^WT_nQ zf@Rfr4@u*nf>_*Z2seixQ-xoqc4Q;nx^N#6Iw}!EDy8B{1iZxQBI!)aR)*V6SUC6& zkMnw;#6t?Bbck!U&Hk_2``4X{{cHBeAK;iDc@UvB-g1U$-h$aQWd8EuGx zL94vf*T225s-hBO9Nb}zHzd0>hE=e2{ekxZV8GS=1jNlpnVPYjz(l6RfO_rgp`ZG0 znoCwJ9Y|3J0g5hO_&R~ zED^U<;za9S65L_L?Hr-x@PX;p?LmV1yf>XY=odWl`9uOsmOehnnRzEGP%E`1{vPnN zK%y#b>|sbYYg=)_{d6=0?3yf&Z9hvWEx>4?ad9H7H>$oP&#)B!6X~hmFDSE2iu#e~ zDx`~D;!Sni|5@?&YOg=c)$6P=XAYx|IkCC%O`B@aIFZxEO$8I)L`&t*jn`v{SM;g! zgU6sx+q?Wwjq~78>N<+_X@)}rfW(`cyv7VbAYECO@gF(=hs+TM-}$00`+$Zd!!x$j z_Z26Il7V=}V15KU=W%yhZ46*iXbPGl{tVAe=*ZrUU(Du0}OSv$Mide<~86*c+!=36Ky$SDM|2xxW*UlQkwD%U@q zj4GZst8y{kbpSep3heZ;dyg;qwOIs$sIw6M9A{7!anSJPPD`V5Jv}*|bsL&Q{J<$$ zqTJ_j;doeBOwXG#>lIhAP`P7$+#tF_pAvwbgQu%UI95gr1Xdk^GK-7dd+VQ?!Ei3$M9IX%8ue5M zv$4fyb$QP%Q~HBo6Rqb`8Sk79tiun-m85~*{V8lz2VasXQOQc)59>YOuDCQAR#IRz zb&O7Q@z}{Tre&Eq`lN#7O1KM;{Y3z2)ZP4>d&YJ^(HroI1n;0UYRV>EoG~X+cFZO+ zN2R=Hx>HScBo|7JX_7M`Fkpinpdn+}*||2EVwY^brkrXe*?3H5>g!z!tkD}?PWoW^ zUF*jXaR?7v2j^#ogW4Hz3>f|h_c38f{5603KNBN1Z0@UAuw;q~@Ui`)`+aDjfHNex+gZcg4SsDT&C17MzxnO7&V@Yz+L;EE`a(iL!P2 zxOd2TAc(;bMhXMN8mkx=;WB*Zw)0U(|Fahp{SgrEFBftB9*$?{9|UbVc$yC*c!-DD zmCm=`7D@4HWkkaW0^^5KZ3q8>|U$sZ4GKTGI5)mUykk9QyF*7z;M30+wYMD7YD?8ZQ| zvp~DuU0uZ>OD~)(9v_OQSf~l>fkP@kDBx$?8m7;Q{NPSLdtMqHj`zDpGPv6s!{s~# zq_ablUZ^}A2(vVmkqyVy>**&1rL1@!=??c9WStL?@`QM^ex$c!F^{8--aVHuxQ^8f z4J3UO|H8gnURoG07`PoW;J*y-qobd9;jL)htI17_31rcN9~k0bHNhbA58eVv@m&O( zQ?D7@q{nW0k{_7htT7(a$MeV4H`o6%bAe||$i1a4>~cZmnCuo)#fZ?5rld1tokaHN ztmaF0hv`x+ho4SGO2gM&i06=Ax2-cS zs|+9K-1Wwhm*+)sd8nA}li%J#N0P}ViEvx$tLLQR7`g}5{bR6GlA&WeX$7Qjx}s2y zT>H31?p1l;pERs>f(0*Kr6np}fHdJ-8d%+o{rVc`z!1&h8jUK7-cj?$5XS^!7`Wgo zV1Al8x_$1!e*$hMg)JKa`#oY^SX=)|<~;KbcDIa4)b) zdOPsr(f9BGAD_ugL&@i+?dj<&WJeU9RoG4d@0`$sQ)Lthw(=putfUeUb6`!O+Q|?P z#0O(k5>Nsn@}}-Us*3eYe`O-NCdOvAa7~`Bj;aMOXJGpYq3=&N0U;Z)*3`~ZwodFEY?vzXL z{9E7o0mA{0=fIY&G8O$huA?H(I#rCt>K+LqCECIKO~tEx)AC1)u2WpmvP;Y@bj@0) zB5K`y1p+#9S1`o+lnD;2xgcy8OFSiLf3c+K$MjSv&uigP9hLtTzL{j&%~UcpKm3r7 z3-FR1=p#ehMkUCQfDdg0h*T>fDg4`z1)W92BCu6B8QG#BBXpTxMLa6I>^FV51W(Hg zI9)~s8obSd)>#fBZgQg1FYzSkFDe&BXG;#(ReAQ1flHV34O%>mv8rW1q+Mn&%os3x zEgr`SWOZqt(8o&kUmjEKbaq;MQ0M=(fzR%QU-9IHm>T;TmrrTE2~x6Sw_< zCBh!#XBO@7`26N@;)-Uahr0)CW9NYY3d9eK$mkuLBSsSgGKdg9taF`a?j)8`pjIRIOxkx;h8oU0M;EtD-thUQyZ&z6hw zUe)nYVAy1R6G-MzLauLN3Zb&V;ufiBDqW$l+M+2)ze;EuiMT_cj@CEHar=_Yn(i;I zTY&6V?|Wsg`o#hC_p~nWi;dUbeiREJebW#yGQ?!q_{$=4Z)r!)k~3AP)zGoC$*$<# zt0R((yqCQu#!b;gqF)=2;?0ZD^mQ@3b_l$fA{f^ zki#g3*E)eqaAEEOC^ma)uS3tXLf=6 z5)z@>*(5G=(7qUqoQdeuM)g`z4>q5f7HIGiz@=evPObU#i_8eLUpxAMHusNoI7RCd zQS`iom3+$d!N}(2eNd~hvA(9ytrOfr92+9dT%P_YB2{HJVgkn6f~};8pM=C6m;9G! zo9UojhDcj{y*lo28X4*(?OQ4t@p!dFDtF#K)Aw3rQvJAc^xnK%JFM%-oyEJ_KGnU> zob5YZ5nQ{Uh{3=Ph;7>(wtsDsTQ$b&*~k@S`zd;86|S>wSm%vEh9r*t_GF3uPg6u^ zt}Q8?Uh7PTbSeF}wFodQ=7|7fgEKHVEQSz)`2dPZSk)f|i`qrXlRwY%?HgS6*p?nW z7xBx6NRTL!$zAjX_Nu}#caU6}vA=#ACF^C_3W?$Y^RX%C%jl2>_=A>sdD3V-N3^7# zPimr!c1y*a?=#{8^)urDzmsL>fAX^@`gJzIR z6^VKmWdW`V2G>T9Ws%OTZk-W((bYx5G{b-=?se3V@qNDwU$P#Y1K;_jw9Srh$zvhH zWWA@a3CZv&@RT^M^|PNJ#&aYJCMNqCJM8U#u0Yltr5c;FtLKr)CwgLQ+Pn+e!VkT< zPT%pI!zg%fJjoC?jg9908$=0bXz~exJEJ>%O$C&xP6>;tYBPpp_RY(WBR&V`V%-an z48}=0L;Did`dN{i+g1Yp%$5WZxUEnThdOi@e4PB$w;>=c$^7*t6$MLi9)#T$jX-kK z{MIk`%OCD|Nhw)S#NA|JI(DV0iL&PUr6e1MiM!ZZ40{PPOaQBS5B7}Ob`Cy$Nr}w! zP*MJiyPIHZZ4>zb?&<8c%C%T+@#c)hf$CCC>n8@n9P?>#P=Gj8?jQDO)n z7gzNZ@=nhr$~r@e2g`6Oi!DS;#CD2CiV6x7`$E?0!PPeP#IUcRdH4qjRPc;U2yuxl--Q z6sd+Ze)o}-856w*W$O-)|AI>KNIM6E@6IyDUm(DPxJvbrOt3_C$sJ>K@j3x_k<<~K z`uj7Zc>kOa4cc6)9^uKG1v2h`rZf)WN(L?U&QmJtWkUqeCVSeAufP;0xo-$P1Kj?q6JTYxB182Q#TcDqqLa!8uN3*$@|npVvW2QQJ7ai+@wDwJ2~ zAHqei&+4%ZzQ*=;u*MiQ1|ec*T1yYpT1L5729YuXyz_aI?o5eNpg>-${wg`;@yxL= zF+Xv|I0s+;*#U}CbmVHf3DPnBe9J)PrtFX`B;XX(?GJ=899#;EI;s$ZBmck_r#PVP zlddGrw+#stBt}HHS8cIhCCh2Ul78XytkL(o%5HrUA$5R^_<}4qvQ~$EWeG`gp_lYE z8)dnKPb*dM*;J!4AQ%nUlxR>eC{||g^AyY4aU~$vY6M-40@eKt_E}{5X%8_zJOHq* zQubrJR>3dmp#i{Qvm^U(fr&8_%FATpI!uC2xB1K_~yR;QNf;!@rT4k(f8Nw5t|EUc#dFp})S-6G*++iTd4NxXg@J^n2<>hG5SU6JP7}zVl z)y1IC-a-xqB6(ynNLhp8@#HY_e$(wubn-Sz`vGxGal&{1A{GNx>0aRIEQ(o_*n+5z zNatd}TRAy2tFsmU&_0uy7f5^S-{1HYZIKm1b>+uHfvtKUCS8{<%&2?VEe49?F{&g4 zM-8wKnz#~z3C5kKzGbQmw`lW;EQ;cH3~@qR7f4Z+PBYeeNBqRIL}kmO#LD*T9<|R+O$~>Po%;WGxcy}z-}rcEz(Lt)1#j-YHFxAYoAg6y zZ06E&xAve~zB^Jdd(e6ZrGxU!d3`hvFF0moA;YB+a8()X$ zJc9AHWw}PR09`-RnUupJ{Yb8;KrF@%*Y~+JzqqWWBq!!WIeBaV*8_-R zDhqCeqb|pI?W3+1`%j%Ck|l-nB<-#N$dqNWdviPXibFd^y&B|nY{S}#qm7|+Zee9) zd4wh6ry^9lc}A-0)~U8)L<#sB2&!K%n*!bDvX`i7a4QFjjR@3vQ(s(Nj187Ah)%NG z$OlI5YyLD7!5$t9I9xH&J~U*zRW?b8i@B`I_Vj)`{kfsoXszb1(L$;l3OmTTJk+w& zsLfBrauX}Le(E+j011g$vU)>|;eJdohHdmb=5F_>in1%<{BUhff#U^v&LUk%<|t>s z%GpGXCqy1K#%9hF2TDTa7uztx&eV^5U$TYav&-c3r)aM>cH<)-c%z?f^VMzD-T; z(DDqwou>uTx@YDXNBt@y8jNQMyG{DBRmFk@_e?D45VuYrk77iqTjRzKnocKcAo^ab z1m48m&NwsLu;R$9Cfw;)p&=D;#w8g_4N8WKWC8iZ8O)=fi$;I0MlX3xc)&}zyQUZ7 zF&3U5;ybdiRT~Ani!k`EWB$A*70I7~aO#=<7}B3sg@($!;~`M=u75_WS@S=e5xj5E zVm79M^UQ7a2J2p%R%2Q(bcgPAHWI+7F5LcHf5nziw}%iov;7EK?<61su0I_ypJNo# zQ{MpkU6*U8M0Q(@Q%LuSlJJZuJc45#M2`fGgfz$3d{dtO-OXI|b2r(Ue!0cn{J8>P z4#<_CrQP#~7Yni#O$v62S`R@8p8@!;tqkc>IXG}Pxzq(8^#nAglEy#Ge0uMeHLOc3 zi10EK4f1!#toU7j4eLqmNOw<%>cePWeiQwI)Y~_pgpRq7{R2n+1)L$Gpu6Ei6;P1Y zK5!@2NN}0>7r)TXP`<6xN%yR_o^)bkQ^x#SwOy7%a+?Yt-hB5K{iuvi&1}9F`{iJ^ zO@28F3oO;#53;S`CVnH8e3855uyjI~OzD&UPHK~_+taWEOPkakLL9C2B&=96`9eEV zE}`E+Y2?I;=I7DfPQ0ok%;Iq-v2tN0Sw7DYa2K)KKpKZ7_4Pu&HR4zMeT2@4 z&1nI92)B~`1Kr9St5sR3EGga+wQ$Pn)HL@>g^@`5D_R(EF7sGJu}zz@(_0Df>4sdx zQNc-xve2%9^agEfIUf={f^NbcH7k+48RGsoaXTa+3%lVRgUM#jCLeG8WE8ARQQKAd zx`=_VZ}YiYH+k@`t>s-WexluLzY;KJx*M-W(K7hn`PxJ#{|OWS9NWZyYa>O3cvz+J%+oeb2kb!GDHVm zY3e1>CTn7Mq4}z2zPNC_8G|zaym2uQ}T9(j#NrLIrx-8SmAZ(B($%>v(PzMO(bg zA`jmL6MKqEiJ^Zr?56+15A94vKHsXE)^mcjsHMewJc^m?@ppRZEWLSl@>*qb)im9 zwpS+GPOqPH1AE4%bvHwMkh9{*&TlJfHTy15gW@waa&>cWg$WQz;Tzo_d;J4<)HGi@ zZluO&_ZI8TXCckVpm`+J-@b8`L!y^Y#T@x~cmU!6@2D#r9@efpZubUzF6Lgyk3h~&conVA;cYlr+w%Jv~1h>uxq z#mDFKyrcMr4@6)`iyHOjI~IV%J;D=S2cr96nyx;M#T4LgyqI_GnkhHVgfZ9)sZVwwd*dP{e<-~z}BxR?~k6K^a1+@ z1JTcWL-(;vurY|kC@R?mg$&*oIn4Q&t|{IGKJ$3RCgE_GPq*dH7CRzBF;GQys3KM=eceb0Roq#0vAMf=o6FY8~xo zD%-~_70hHMP544Z!B9`aG_lqe(t;t|(#3xYusWT4vGW}{AXRN0$Vyo}85R@>gRoK+ zQl6%~L)9hWncozOT#GdYDyl7HJ{Ue`{d^cR%)j-f<8Qthh@ZxN1s4P$sUI1>F&^hi z7cwiF3ch*M0v5aT6Q%3Q1iCy`3CN;EmC=R$Ow_-5plWb2BDLpA{n&6Zmw2hg$C_Du z3Jb*mdf4+u9ZbfMOTj>ce}!yB>%4)Vr({^XSaLe4>ZL}j>cY9-8qB=c4b^vam)!!} z6f;h5f>*uOyc^MBr%I`~u6Q!_LK6BK>qP20G$fi#W6^kPBaa4F8(lh{Fso$Ye(|sw z{`xBizg<%(?h z>NkXu7g+7d$i9XPJV`6yCH4|Gw24AX$o*C5l>1+mSE=QnK-*j+e^F6y5{ zBJ`#4vqoA&7t+HH@jc)_#pV1O?)5nV>oht~fCepHHCW zc|IBn_CUN(>d~H z={8M;P#;{Q-r%T5x!$9|?Vlke5ZwcN{>=$&u(0Kj0rDwXw6;AyodOSj0PoBXwNid? zWNv8ZVxZ6=gR%8WO{>cWr(84kc|R9_tY)KZ@5uvy_Xo-*vj%ZyxTXfQZq7T?51`J{ zFZe^r>+!yWvk#W?rnxlHHnrz73mZ z`V@=jc@n+!^UM? zkfL{H+(7su%fa?DInC^NO0*PNWp z^;9uCy-HZ?aJYFrV4pU5cy!>i&Bx`I!^g`x5b=hs%2P&^m(G|f7~phzWI`YUt_;TE z+}Vh|J=d%y#6^uzD)lIp?1W;mT_&8#t{}TjvFQACvbyW(6f44f2P}r(gAxD85Mot` z7eHL@BLGC~*&#E1ZLNno@@FmP>}FzKu`348s)m=Zcr&0FN9ImQ3DER5E9Rk;q~hAy zk7M08ho1`T8oSKE!=k%VY7Wl2M}K0~Do{C-ia_biihBUsR$=3_KfPGsI?U5AWzQ}r zQF;z7(g|wllWgatSub^8Rs#dm3$lH_S6rOgP~AG5Cj~f3e*{)gTwORE}EJu>pFdXy$!L$Z#>KQIT%5jTy*syHZl1X@FAogOx?ZJw^*Kv9+!SglW}B+rO_iPTr4U^60Dj^Y9m|xdYtp;y7UeCsenveYj;R zSq(azf~XQWz%b;rwHY(9P$EOCgjpyvkxYHH>^2sgoLLX3#`lvG^ zkEyf<&n2>uH1u9uo?nwaPAT@aAb^Exk*3%0*XXPUzy`Z^6i{a&p;!*ttd>5a<=Dk+ z5=^409e@TpMPL$hiy{eqb#AC~LqhoY{7gI*zume_WXdZm+Vc`yq@UnhOyC*EDUB}QO$fA*z$boR%%3Z*PWwzuq_fPqRN1?PKZ~$q{UJ7 zhPg-pg@?f0Hiz=9pF_goUrzxam*s(enzJ$0WO6+1e4!|7)*$BA_sy94|E+hdN~cno z8_GwOV7O4>$NcJ8F>W{SfEy9}HV@;9y5_1|K6UsR2CordEFw(d{G#4WrVqwz^UTCu zaPJipZTX3{k!xV>LyjRPStv7n2ujTLMfGe4duB}}s%q;vIwPif9FogIQYZ4uF`Tox z3m#_D&#wUDLU*`OUiTm9a0CK|>JT$w*BDkA1C}a(WG59ZVej@H`QG;Nmzm3;$+WZ% z^tY)v8v|RJgkM=072x9UDB5n4p!=BEb9JZ-)4^U`sykz>GBW6+HnApIuuP;fF}hoyg3Ytn*E1c+5-)k|G|`7?O} zsK9Kke>)i@By=#=djdTDPcXw#dq2QA1rtdUv(MP&CNNzRbgKq26)%P1=)9`T+lOfk zT>u&IC`z|z?VKE9N^qaF201$~>oM!nTEY}lLb1ui1G(K=bPG!eEjQ;X%+XeVt}po_ zou=n7X42$zi%q}K{vzEu1f+$c#X7v5!h;D*hFxxd3BtPACDhTjbTOsNwlk7p6xi-{ zqpzxRtpq`g6H&3YGB9( zHtCo;9qzukyLmg2&7>W;rW#mbf1 zlyTKba%n-6xFDK`?Jm~queE$j4LjAJ$dW=1JEFdT+l0WkwF}DY;pe|0X#fA?B0`3s zEA_{)EhwetnehlzbyvQd|K#@cK*Upk{3O<-BSoEjq)Zne5p(tYl{Lj&F3!VBOXXB) zupqd|$P*jf!RJ6fgbuCBaL;N6#y_4kiqWVx4E}*Grw=|EO*V6E=Rn)RrU?8idPtzd zrIrBs6lSO0%KEnw|EM`usyVN8YuH<|*C!>ies%TMJ#SD-w)q zGYFui$twG86QfD~`~L8HK~K-`Fc@40g9TUAwDrH{9cov6fd!-?Xv5GuRNj&ryiGnx zp#f0)<3=QE26ntnf#vxF-3ihVYyuM3+%ySW=DcVDBG4|aMm-W!@yW!IEAb>BMV#DH z#F>i7NT|lsd0l;O;tPl|tw&rSU>ak-7=L{UEEKg`68Je|L=Njj1`Dls#2f4_h{u!a zbQ0Qgh~SzD>a@LKY`1rIympE@s&9=gdGx=P_m*siP;=FOFOIAmF$zVMc55}h`(9r! z^+ZQ!zfFWR(-#0qi(W4Db&}h|*%tA;y2+e4@M`}*d#V?#CB8M2xZavIX+|I&e$NOF zm%Ux_9Ik;LX{_na@fA`oe>uow<`QE?yvW*#eAx1lSdj;cDVHw7`zAIKw%6qJD4&?u zV9CPWsW8|~lap8rY-M6?W_1n{(FK`J@7d2Qg13e;ja>^1E09~p;v3(lh8DDuNiuEF zN=5Jirl!=o(^m?f1SgPa#{4|lLQ$|DFk@{| ziLx(kSDl1~^O7(X@wF-Ef)`5-7Vd6L>U?2AZFpEbuvW6LG_*c;a0_ifGRC1370C_D z2(lqWb-b5RL^)`SO0t8YKY_E+XvNy)RQ|3p-5* ziD5VY#)R-!ifd`;&29Ex!r>mZ3KFx>3ojdvq<(0cIe4q});E?h@h-{N z815z5syaQ=Vs^CuS6#wTfxM%?dou9de3m)Y_HrVJpS*4+pG=hjDR?9zLO>Nk(@}~O z%K{FLi%!SH-Rzc7!-1tJtUk**id`m~ zxN{)_xo-q(r6NhLVTQ)VVTe9$jxhw+psS&zFBVb%h~Q@v?vZ31lAK~u_}w3IgR^JD zzmAW@m^$QJ$e(>7GhGk_n2w8Wz$V=8B{HR~84}sP$-7oSILAB&nmC>nL}~kZCKF;l4-8O2A?YkuJ>r>T@3G1>)a(7mQ1`piui0!Gd zyQ~Jn9yUu%1t^&QOfhTuy-zjRVjv>-IsU~@sFGh3`Y2v&a^I__`RL6u{q@nmoFz0R z=u~{OP=+IXM$b<_#R|Ao-#44S-+K53>aHRro#Swz4I5`Eq$)OA9ke)?*B0)$|F?r7 z1zhOZLbs8!W5Qpn!1m1k?czA?XJ5kE;QAOly?jl&HmJqxA(g6P{+TQOi3Bsh5F2}{h5P?h0} z%GDWv7INEv@PP+B*8)&a8GSSyEf&1nIsu1fh)1mlcLZIgTU zCL68XDgbO5s^17Et(zEl$+C~Z5@Y(1zBK%2MnIfk%XUBZuDLmFgsT}Wi)u)c3j=o~ zOR^YvLI{k+7yYQCS^ezADR!Q@_Dyx;qVRX3ppSCrSP#SUXgo zw{QhbtncMgkN&g}Yqtca>?y%a81ybH)U3(@z~{ zB|()^`Irk?y}oHRt(-{!fyo`qrI}-j5&=I-n4$YgLo9}%VQG!YU?Ra4Cx)oRHkNR7 zR2tP~>OEVo_@|Sa+ARw9L>!bEE@B-hvAfZTQFSnq-5qvkPR}pr3Jbr3#pWo313Fw; z@2&7!GFde9<;aOLz9^A@0uSQQ-r_X7a)UQH7w3;fx8EH+-!uyJJngIhFGu%wr)U#b zr%sb+)+htuoFFbu7CsN}dga6AG22_HsOqjY4WMCb=uByuisDxcsVgmnq_X?9bwmvT z4y<9tDR)x8gw9XYSPNj!HHYHw`;N#q%*v0&gpCATy8p1VOTc3`FhyL-lz!+5vn}T>E+O$H0y?Qubs6xlPkYQx^^4ojc zeu-a2_yEL&h=6YS(*$j}h50dDUCdm>gk$nk(=;2h|Dw1i%by>@<~ZMzPAnE6f?)o> z924alQ|`6Mu+aH*%2DXl=TTr@h{)VdvrCxiqcb6|T!3a2Fc7WB4$lvNY>`j_xKvAB z-&NxYKAd?zXgSI)dvbM^BdD<)QW_RSehwJZlSFZHn6q%x?peK*Hkgz10kdvqgqNrh z5Vi*mICahDn6Cm-QF!#AX3SHg@^a+?)aq9uod zhjyqz5EuG&;beFWeS!aq80i9X#%>F=u%(J{sJ=-{2Zs$>fRW$4<8o1E|CF$os`BrxC zm(X}kMjRib6U*x~fp9U2kMW0oLKOve#w^udf34QVUB3M=8awl zSMr5uyNltvA~(E=EFga6*UwH<;-cf_BvGcTDqB-y!!8aD}xo*x|m1lIPqa0dp-w^7E=xs?8bOw z+rr1)5h|gZIvm6WEVW4rSdAU-H@DetGfPkd7AcK1kN!-Sx)TP6IYAa1<=}3 z-YJP+bu-=Da?pju6dLdvfP-s3ZItD@dd_MpVBb^_c?cNX({q*bD7LI3Pwh(N>q3fB zk5D2d+j-2jzULjnNLeEMM*awW19uLbUhru7@S33j}>f3*~qhi=Rv~bUf=h!@63oQn*BiA$*|@ zHChUFJ~BLcr2(s0CN%}O0_)nw7nsdpeupk*CZ{~?K~#3Uq2&{*rEwqI!W&|3RS2`B z^r&DuDYFI8wENrHtHkdJ z!l)Zy)g!fWch_jUE$|X=ijP-^F42dA*V`dWm4!cQg0=k>7W}AbE@|P9q>eQDjT|TM z>JPZE3PLf!509GDH3|UBm-|LFrybtGur8%4x;1xS+ZxK_lnbq89NTV~4ZtmQncr{g ztx3M9)i!7^C24AeRby!6>0>1FK}FkjQtKWqjN{7Kxjf#*INLPJQlw11DQmtrcb66C zmA%dSXITn>56)gFJ7#a~laqCDV5ZD9e^+F#Tq|He?N9Ox8$&F5T*iv)uNk?!g3RoW zBTdps-O{tP%&U6r%YA-83uKC6+X%Xx*1Yiw7NCM*UIx6Mj+b=0V+oByDif;opGrXT zF+mtLqX;|z@RV6jB16Va4;Vls8w%UubnAhkfes;_ySluwvDuDF_l^_|w!u^u?zk4b z^4H~>Z?9y>B+4&ziwH#=kZhSt9o=H~lf#zNjqP|}X*Y&WfyKpef+h%=7)a54d>IO2 zpSk^S+rfxj9VX$b+w(y~H=8y37OHcm`3mU&hI{#M4$6Jf^@5=$YGzSzWqTQ+7n|&q zp*wzReacG*!p^yWb?nDR`!vx%z(dkO zzx!`_lBOe$RB#cOix8nW{yLJ%gJ12=w5{|;bmURE~$ z8^ZlciVZ-yL-M-%q$|jox9}2A2cay{n&So?HE7;YsfyR|nY>2DElSKHiHBT--`)KF zh9rySEt!CcOOBJw5~|b8&j93#Bh9`Gj5?%4@9l8HDNJht1TWLYVLkZGI?{AnBFk-%zrUVbVCgtpk_T`Ri5k-N-N>^od9xm!W!zhVbZK$ zdc{-<5fExXPy=XLV3_=l3_3RFo<$@UcLZ492-=%oo(b}vU+@`NOC(f|L4ZLy;^e(| zOX}BaO;LjT5pRecttMF{|5Ff;vzwM2Rz@f_L-^$aurXDXk?ox%)9i^g?@ia6Sw5}x zT|(G_x3$hf3;SrNRf~n10=f4)ZbR-_VlbuFlQbhCBtAdU%y}o{U1-gnrL;wfZRw)?^+S7-itn1`4o6y++v zQay1%#_+a?RY{ox?ZTi+=}$J?`}o-@&GrlJJ-irg6&&VAscD=Yp8T6*y z{of#WQL7Aq~1v$YTA$4H`Hynr$Dj})_FjWihcGH4b$gQodgxG4e8 z-4c47C7)Ouwokka6dZ^n2K{?EwK8%F;EDv@G`X%F=3z@Hwcz-q@ zZc!%gRu0MhSgmeHoc;^Hr81D{y8}+@APHE@iz!g>Z-?4zQsikiQ_WFXmfc>Xd=?h{ z#@Z6Fy=q9wj|(ZSpa}5^Wh}gxfcrjZn}#=nKJ+IT;m4%0nLJqg@* zwcPu`2*D@hPT0b%&;bm>VL=e}>|T)QOMy^K5>W+(R_+GOaR1j&Cc33+e!|eum2_2$DEPVxAI8Y2^nv(pI#6aDM_+vaz_#=rJB4YUq z%4z(cR)efhsaG5`obxc~q|gy$L+9L~BW&MX*s3hI6EF+kSTYu1#?ol~bVb0&(&Ot4 z?-Rl8pBPXb!ALwb7G_DlUHIzmI6Y%Ebg``&Pt&0gy5w_1=P&BxWMCNgf+>+`<#KM9`7rcd{y186DKq`%|gAGW~>9EUT z70XVn7yFWpN@cEVs4vwC0A|XbY z19IR8VIfJQdbP60XjXw32o+#cnyo5o2j=faa@fu1?Xl6y4?AHBbO~p}m@#-y^@%e2 z5`{A_YJg+^{S+vuoy)JS=Q!E9cHM{XfOE)c11CJUi@$b!$a-_sswnagv`fErMx_As z*PLp5C*L&t6VW^-iZjX^|IRacKktLnWVcY%ZU`jl6B(8VUP_QkBdd4K3_Y#9xiT|b z?l+~;K%@cue&FB@bNX7lP5ic>absEd{43_FyvzJ6E;jb>p?Ns(wBPUtzF?_G0h@0W z%i;xfM5JWe`3@l!PUXOo-1Q~hxrqgFsqwc{KO7;UD0M-9zPjhbm^yZw@&s2WTcI{! z$^94*2LSFx{6)b434pWo1!G)dNuFX$uX2xNf3bylotGD(4;50CL(rB;uj31HmP8mR z(|X16Pg5}tr9WBVeRo-_+#}PUyq-KRFT^0bFlSaKsCGBt_^iePYj^u)!!o@zGP)Iv ziQEWJqhTIj${h0pPh{|voigJHfQ1?FoYk|64DNJSS5u*PQu{$KvB5Cf>?s4XPL6{r z1b1Ji0j#L`xI}W=TJ2Vyp9BKkaZlrx0Qq(1 z?(l0Cw~D5XQIf2=xzzGq<9!#Ai5-jHRrguwzF~u z-q>{Q6h08MW2oA+43IwONIKwH_C8jp^ICDPz;2 zs4N+tw_-s+4B1>lf|Q^T-uPY7zFQ@{B5Di{6*iPC%2|@5@9bg{1yizK>T9_N-NYLY zhOGLCYq|A|G?+Ph1EuNeP;E=K2=Spra_rgC24*2dYiB{%0zQz2aY0SN6!CpOidk+s zHlZSf-Pdsy7(R6dqT)ZCo^y)yqwDl-GhUZj_;%ZKT; zHIT1Vm#iM-Y+C?%co~*lDfskzc#rs#D#i`YjY+(B07LBMX&&us{F;A@oxF^)?P+=c z1_8mQKW0LC#O-=5v>fRY6{M?S^8nf|8?Y&NJh$}Q)CZTJ7H2 zVqYLf`v&xGaN8YBZpJf*xam3uohd`A|I6~V zKP;UiI;f@sX*`Nsm;0qNanSdr4yZ+px7#l7(}Jm1duXW+W*Q)B8H)+eU3NDTXi@!Q z+zSc(rG^u3niQSg5nSpoY5nuv*wP_pGu9^YtLt6c&gKcW;cv!4SsuRk`YL&W3-iA_ zJyF0H>Okqcr-_u{y_mS-k-EU`Gb7}%sAQ()!IBt0nWr^htOxP7VSnq2DMzQp`Z0-b zYt_<{nrxZ+OZfIK&G|v&U_oF)@#t0r+l?*J2ce<(qg0=I#3g0{?=Z=Xv!bVWN$UNG zxOWT%XddK?JzG7ny;YXoZKlT1LmzCIvs@fbiyD^15W7ctiRB zGZxTDVoeW9VIHf2KmCw_9jzixPEXXV2x+K=j9x zmp7i*+YcMi{yG}#}I`8cz676ztC z)a4GTc%4dwI@whnWsjR_8m&sqeUw@cZ||m{2mlK1bAc7nsEs&*2}~0mBg5ruKE3M& z(4VHv9i|nHi8LM5{2leN+~aK$f5XZ=7sU?qJHzzl7v27<9b{9!HwHbokl;%$_4A{& zkE|ON3M`_w%)It!d=$j6Ivld?i6~wkcMk9gFWs{ej%oM2_iz1&NtO8cXpQ`#zERku zIleht+~D{by^Jw(Q5nH9IceoLcKTXVn&t|;or+-Px?l$)Ib4FuiXA0OYxjyjSCT9t zW~u{82y_TtB=Ho;ZYMXO%!^5UWGsOGC<0^J-4vLdiq`TsgfM-uYtXseS%lVlGbl~~coHMbJ{J*o*C zWcMQP4+OFWcaNR#5auySPuPCIGj^v&$RTPh#ZGWhNbYwbf4Y;XgA$pS2O_C`sqc>` z*t%JK-F(egmptl_B(bFs!q0*1bbMm?OL$`Lm&fve!Am(_3xEgUI+t0Bv9W2eyFw^` z$gZGR>Ta*lg#M-&%T$D2(pZnmACvzqZb95#V0JXd&P7!D1 zwf3~1&a^RVvO*$yOuUAGxZ^Wb1O zF0v5CA7c^xDlB2p>&+h#^@ob9X7Wzi3Oo>yXr<4t!cVf05$f(&fcLGA2OIEB63SXZ zZMZ7jx52aJhY+D*@tue@J|vgk>>&Zp0R-#b2GI6@G@X&h06B!P*60&@^K~DOXL^fS zMdbsE1lDfRQx&NCsAcK!JjoB18^1Sj&sX&0;>;Drh3>q*V(=-Uj^f9QGVu$E>H|gG zpaU+=06Wie8_b_&-{khd{5=ot74xf2h~(Hv(5g(d;_;GL!P}vUg?A^L1Wlzz6`j`2 zFCl4bSn(JsKrf$>TWk1+A(X_q8pfBpCm6B*c20n(+Mc>9^DFU9Y=ix5Zc*Fb zg+?dTu~m>62v3EP)`BVYq%ytUs!M6@T6az!H-D{6NJ84Xw(-Pe7x_`VC_kRLu%ZkN zRjIJmCVp0(b(S-)yHeayhXng5(t*;Cz;qEaHfp>rGVmVNsQ={3!5(9z?B(nrKI9=! zC^g}Lf(Le=+?Qg*UqMD;xcS7uxW=2sScV|k_z!II;0I~l5rtwupCuG?Jx3^Gp?{3j zA)0N_7M=#SIu9)%wMa^a5UDq|-*tfSM}6FJZ}}#>FQ#tDotD|kHS{%P|G)*8&PmeNlm!2OwmWxknn&cZ zE}J&YLe{;vJqbA?sb8?G6q$WVbe19@=-t*pS66!bDq zu>`JHan&G~;9c>zeO#ExE(~-ddVZ_e$5n^%4|_Q|p7SbHIvAe+r$v`Yy+%-E!aB0f zo6lW$!-(9;vG#L2cv`BVS`j-_G9p{_c1Gy`{J@#30Q zRGtzy`4xY8Z|^byEP)!~RmLBk_j=48KzKq1gy^h+Ok2iu0_I=NEq2{3n1$U$B(32F zZtFSK!>uu&OZ<&rDg=Z4S9!?|e4ltGWTDDA8=Y<_7L5k;J9u!bTVu@bp^85`(LF&Y zoT`cSz5=DAVD5ANg`|=FwrDMe(ZAEawGIB~4m-njzX9G{;-Dm_Fbq~SwmXhyS;@2< z`Me|xsk0B_ea|3hoBEzLWDPom6%0NGzJL_QqX+?|k_QCa8bBnUm1?VA7nDsIpZ_^k z0~VXa|1E6`)w4GEZ0ZKKCzp{P+{Ds(AzNX2jRjCK_$h_V2Cz^rLi^M0+l)iU6b0t5+HuNF-nv zpRy-alK|<|6bBJ=Wh3Pyvr8CYl82~Ua(I_ZO7b!0u z)g;+5k0Pvk*-Mx5<>C2>&~l7z4r^{CkjTPKXbsd0xl23{l|e3pKKoQiNrhS*YcVlE zEvO&NfKT~jq4KT!5&T4h-okM~n@VVIn`;^6FUq+svu)pOdzhI4fh7xrtP&#lsM@?U z36&U8^6*`TT}Txcc1{!hvwDce=ejyCR6f>d$@JQ-F7}tCBKcm;KZv&v^Jn3+qDf`h z$Ex@CCo%3AX6BE707o-en4x)N_lW7ZRE{a25*rYohlqMvnG&(#X-i|LtJu7)R;*QU z4N5nhW$b*IK(djFAcKncP;rw=tAZanXYW%R0a~-$a{gg*a$vkM52-~iMm9tY)0`p$kSl-z-(HLM&7J` zIVH*l%{GzC&W<0mzuT+!JRaY|gM>IG4~P+r_ND~#yc*BaG-ceRgdM>TBAT{UX~Owcn%>G1hk*M-6ug~vX`14 z8+eaS>oe4Q4&c_Uz##Ixr8PtlCm@kNxn9<>QU&X5j5&rDsA?qCf1Giq>!)YM9$I?7?&e-vN&c(G}4TgE*ei z9cT9N-BCu8tvQH#K0nGD%1HW}cX>++27EtC>e08g42BYQvA6haV++{)!79tT^2c7$ zo)i_IKfbr{sCR6UR{X-%SC4kuhU>RTt}y(zEG+ziM(Hl4Oata2vEvK{KnefPjoVI#M&^~4@5jRJ`afm4uYW(xeRVE&!siz> zz#+O22uo$e^6nt8vAxr}h=nypMI-$LGM=Vqz2xpBE4UqiaP4CWjDAsUUoaZ+oYwE@ z-GDs(G^*$ruC*3Wa8Qis{i}qf==?Dt}GU&q*rgyUeNaxhq zDb%2ZHtt!hkT#n*l_u(4s;*l3?-{z~6+}TZLknQm#C1LF&P6h@> zhX=L^$Ngr#M%5Tf5w<{-kH+o44t%lpz&3o9!ZA9QrJmPO@Azwwj4`e#K4iMjqOi0W zolvTR0C$8W<}-3fCgiO2*2e}CU3JMO0xN~$m%-T^s#5;mucXiERIg=h14y_%HGEj4 z`$K3pMQMhvsZ+^EL8_HBc^%H?@xKj)$RV@4t$YF*30x>4OF@n{kE!n90-2$Np?h{D ze<0YJ{^&!MW%HOWGJ+)x1nMBGW3zm{t9y}XEEe48pA|cDcYrw$502^IjX7f|$zD)` zg8_9S2N&<}?SXUx)Q;2STNI6t^!gEiT8Lp#TZb$h3|mmpkxXunV?$VEvVkN5X(E2q}@*{u0mncCs8Aq zH>?{MeH0XKm!!{UT7A)?U;_lHVB!Y+x;7OT#3rL zS?2EjF*M2n>QvfUy_7h`XFN6hgAI-Tc?-uS*u?rWX_4VoFD8JntpbEift8C?&#PD! zJV#sPtnTI_RyVuocS=eGtYa^ze!nV$MVfrpJI8+NaZ}*12_qRv(xi)7D4q~CHvN^< zGbT{0NS%-1rWKvryh#Kf&CdCMf1i3`CgpCv8a;qtfagnPY64onvgl1fwx6@0kJ zK3os=?}-tDHw>e&8osQULhdE~B3o}k%I$AWW8;!e5wy|`%u$BNigdZ_fhr)8LJxWA zm}~05Hji%%xRH-t54)*ND(v4N2SLWH3z9B;k{IIIj?wqD?sn9yI1c^cR`7Ey9n~*d zen#_-Y>IL?U^G|&oP1>U2_S*C9-@%-`O>io3P(lZ?;f0X;mP zl6#E?R339Cw>+fg#ydzj-KAVo7uWf)p82@F z>rOVy*Nv2?dFn!B4vf$Mpv50=&p{Z9$NX-UR&m_BzkPuiU25;wLTAlbG=&2Chu3wd zMk-A})xrvYSz-l4{=-OEWRu;VWcO^@I2vMq^$;4||3_8&x2SMB6W0P94j`JnF)zn` zWe6#OP`{!;QAhEB98|AX5#Jjqcq8t4-e6|YW$h`t3YbO7n!5xSHo?k}gutNWl?$D< zWBa^_THif{#V!_3uf^Tk8upc$5%}=#UR7sOgQTvJJEz&b8cE->?{VX%=jpv`zlzEH zVv`~}V0t;_A}p~$_Ki^vl;;a|O9w!gB|H*cN(}xVnUEsT9VojzlUGl%=es)$cklj;sj-Zw)jm9zBks$u& zod-~3*NRCS9N5|A!o07BbbK5!Om#KN`U2e-513X}EZ>Hzu@5w(=S!GvuE`vZg`_>k z^MkVaLjWYm#qm#Oip|5FDUF)#h<`#CG7QtHdl{@=c!BS|B+16Y@Oz)R(_|1lS60t? zcAb!2Y!eP%MQKhBr&iS|ciJ;X6I5$-Z`#G3^yNTT&v7ko5Q29?y96)DF0d`u0&GnO zgTJ%ZG)abKmyy_(HOQVPb?PEioi^%h+d`S_Fx^KWBcTfF4|ZTqF|=fylLu&10t9ZMLdO(+KZ#-omZE zQvV*2t;Zh;li#8ult)t?`&U=Rn#%f0ajCgYoiA1R)TuuJBI04W%>~0Msa5 zlj%6qOe*9h?6mJJGp~fyy}Pqy^KD^;q6P%7Z<<#rOikQ;GC@DHTD~mNU_I}5G3qV5 zRvbDfsMdyXl3Bj5+}9nNi5q}>qZeMp??(UKB4e@xee(@(w|T$ z*u=q>X2(~wF@v(W-tGLR-vb*MW=BjhFCL7V&yrAGigLHtY!=Nbf;sj_fv$Wey9P8i z-m)v)T%N)P5qAi3c}w^^Bof?-Jcp#3KSgB0>AODf35cJ6Zv{ES*1MByM?ibvf6{mM zHAhS6asQdCRv%Lvto~~^{7uBEqObniSZrFm)=(vf9!sBXwlZQ#ok9`sMiQK2sNMx7 z&1x$#B>taT*4>-Cg)7Ly*>ENh7{-={Dh&-qM5)>8t!S#G49`#z_wP(9iZF(BjsEz00 z60V%&a(}|>IYaH-2OXpgL=S(S^`q8eed)x!64ei&4G6av{kb+-paL5XCI?0oZbQ!w zw$niwNK{TT?__7juV#~COFpJMKv=FAIY4I^EPiRv^#Q47cGYmSWskeCH)|pG>CJRT zW&wEZX(Upix0_d-JPNDr-oLIeU2(mEiD1O#c=q>4H22E^B?;1;`vbHoh3uJ{RR5e0k1|9ig}K~I9vxaqgMRZIS=F# z)l@i=G7Cgw%pz(B0HMJKKpfi|Qd!85_HzPno(8n_HR2dV#$5!KH4s>BA(@UOwe<_O60A19Rmd^>gz%Sinvedwf}el4WeF1Df73tGtK4m6}g7Ab&peXh9aD z`{cA!`9C)S5we4dEJ#vFzri%HQHEzFyglA~j2-mzUjY^B8;cZ9-+djY$YQsH1GsZW zf$3CAa7h3`SRt~cj-Nn|t2hBeQ+U{ZPE3vu{*Q<$Se-RFvdB)G%t-&gJiKw%j#t{t zSzfy4wsG)HYX&p!5<5T`)p23p8*U(0R{viEVy^V$4**p16V9-V4W3-e5E%8^>itfQ zu&jYu;IrW&X}(I~J*}xt8p|!ojVR*c?U4~-^-N6=cp*g~;#l&D^}#4~#~n_-1!WNz zMk8Yr+WH{SBH1~p}5M2B1PMH zyU;&eNz(wPq45;!Ly}w~a7Bw8o#AgRsQ&SNjKH#Ze*-cPuU@1fKU!0UyW~%Hwp)|W z^^T-5KkQ874*_o&FTTJPY)vGtI9&lKw~X`Sx(08QV&oz3HhIv%pYA$3)t6^AIqNGA zAPhSXf$P?)a)GRXkSoEI048^D`+5?)ppm0Q3=V={3Zf^(XaK!kWXJ_Mi~`wNuI%uFk=Mpnk5Pp(BXFI_}$DwVO)8Co875Kccy^ zETtID>th_e#=HnQC4CbnIgZ_SSAOT23ol8-$Cxi9t~h<4bd#|l`zOi#ru1uGr5IOd z1n$EuEhVb0>ooWpR`a9J&IAmC*4=fN?l)3QI$0d0&87sgv*$Sp5Xo3~DIf8n=BD+a zTLiszh5Oa>g2a`Fy#T)dHI3F+jUswqXiVMuFL-gB0?ZKU{_FGb#(APB^iQesc>A{7 zKXB*Iyk<19>aNV~V_~O@dj<79M?y0q7E1Or6>x;Mne4daLg^G!hev>aBak_t6&G9O zlZbz24rpHU#eeBW<%!85a}WzKGLls~%bK-w_yzH!5RH=FCG=}lt~q7_pAm2sj2A*< zhCXJv567Qz=+xq=TQzpN#ZAjzDJ|SpK(i`v(owYWvu9*{85;XGDM-DNZqtVqxSM5$`-r{`~Uu*2thK%q4mtNEoelRVKt+1e{D0cdBb44i z;lem)F^TfRU~9U=%6EdMy2OR}h^_MMtglBne)Ur`X2|ptB|1IX5g*1@m%<#~7@gFv zO?BiT=MG?8&QZe_Mt^5JIUM=beV(2A;8r_iEl<&igLTBHPeONDH&`;w2`U<Y5T` z`F&(`2g2l6F?spJ$%X4U3oe#3SUS2GYbx@WRT*9l`9Mq`Wu?y;ha$4 zcnbQ~(qGk+3+vDln$?-qt_?V~2N+XwWrOWF&N)V|%jQ~4ARoSDRH{?U^sE_-H+1bl zqOQV{6&rg<+hbzNU0QW`VsGLC#{_JjVc@hgW!5knEgn|h%nz{#iXG4b`pfYBdVq_G z=1K?nlQoS_MYzcz41G6}6e0#0j;8LRzU%F%bmiq!xgk{XG)@msXPJt@Kt`1p;l|mc z)jI{JHg3f(R_(wqEDKsnD`5H&$i#XPk&!VgTZIjOrrwf}(PQ!CuKT;tdf20U3u6kRwr|i&X~6iHTEX|CbVBP`;6xD;H^JdS%s!&+t)f*$5MDMvx@nWg5y_Q z6L%$d!mMJ+qZ_3RY-b$cg#wm8AY?QjuC3!!uof4b4co0^OLnlj9*t(4{=W-TCsMO7 z%o6}@@F{BW0@tY+R)+67W)s>We5Xn3<*VyXST11VL(h_J++YxJ(^UBpd=>O`;L{V|YGycUWW4_OH8-&@3Y0dtR;eH~4b?o07R+ zL^YTfEI(#Bp@%WWg|7Vd+=wC-$qpcuAKVu@U}mH-wj-n%GkT(pdG@)8U4U`J3exPJ^=Uy zTz13G#(c7=PD&u1!~a-|w1Z}N7h*0~nlUl@60$@*S%JP0i(sD0Ka)a5$* z{1rkhEH8*PJS{r19mIZ6>L@QZqyGlDk&EZDK);wbkC3P+0uCo^!dklvvCr*CuKd~9 z8K>^SN=*9992BZ<`vfz2NxrWISt8{P)+XRV?K|v1_&pSW`&?@J*Dz{7I zdk!q>5Z460=$+TtR{ZE>b=MNWyoypk_yftIGich*LZMh>LfPGeSPR{l++|f&s9dID zV#42H*99SMHaLU~@hAFR(_JW{R?b+LH~T*>cyINo3)1f*#pou+Ih=`q0%4lZUnndd zvDQaBl7RRH9xQrZU`fX9ExB2ni}APEib=iA=LGkOwt%oM9UA0e4{onhKITh-uQw(L zo2ziX<_Gw~l`77hNmHEAh>~dMQpFju&a3vuWis1x)v7R^uu|S`z>v?R`!@c1lYN?E zcSa{_g`9>_$GC%$#3T@i2Ji}{9JQ?NxEs=g4_c)ZV?lOxBdks>LFhbro(>Fj*2o5M z7h0Anc9)w4S(vuX%zx+@SB;NUxP47e@4J9u%GOBb$A(?Jr7^0(ccu|4zc5=fVh0l1Qx^o`(@B5G7Aua*6!H#q#wrjZGdD=@|pr-X`W3NpPAOme(5C(*#JY4_l) z8>*%e{V1Kb#{8YXQYvJh=aIDjvkG{lQLvT)Rc$4@^<7qJ*&{TLZw8R=2e4WH7eyyz zZmOb;y;Q7=v4*~@1!WMwy#x!7QR|vJqy+~sFL+ab#WB%F06})T{X&{kI}`%uY>pPr zf~}lAv@UNnf_$Aw%7EK=_~bkL*i(Tl+CtunszPR&+)PG`!!4t`BJoc{9A?iyJilR{ z|D(iBb!9T!*=`5D3M4c`IY4Xy4JuBJeF7@c1F*cQ&oqqa4_Xc=m z*J$d-$;OD=F%)7y#jVxt6fHKEDIGTNLW%+uQ!BYqEjnvz3gF>fW8Q%n`edSdZ0zXU zCvVJSMC=TA%;6Z1wrqv=7++$SJQ9c`Umc~X*bSR|T7P1s4=;Wxhf00bPFosKBmP*_ zE3W`Tv30aGsGQzX#dr3P`kjcR&hVA-+B3f@!`xiegUktcZ~VVZOT{Ub6RS3aUzHlY zLLrp4CB6_l_Gs3dt#u7&^lUc$^LFW;uR@o#U}0k7#u@=`p6L>+73m;jo@WJ4YH@vS zW)pxvvS2#MVx);rJ}nyUThT(Q6+CK`$~+cG^dU)S7Oi0Bu|-MiB@#Ks*H`ea`TBJ6dQBp1;S zt>36`XGLSFxkw4wdKXdOmIB54N>HT$m+HfYDel2jiD#R>^BY_5)?sBtLBWk|uv8TYLDZ1E5H`L3+% zGPDtZo{rtg`u~1)t)>D0EyyN2euprW`q$8zXvI_&75aJ^_i3qXp=OwWt7uTI^;r5} zj>yxrXKqP_C80*au&$Zu6@~$ufx!f;vP|Mx_&Oi6UUi_nYZr?)4=5K1i|ixX4E81| zK+2qciYSf+rgHT2Mp#TY%Aq>7if5lu|CUZ>*G5b})qJIm$^285fSnRc$|2IvAFq745w;VLW z8cUt)j8s!R@TeS=y~Q=Wb^CH|Ei}}5-t^SKvOVY_$$EQ`v_fmk`x3Xb6Bc+AaQGmX(7LFm&rcZ*fBu`-4% zu*EwuX7O$D2)Ul@5$Eed8&bfj0As=jR=YYdG8X=1F`-zMw-%e3=B_O4Ur4;Cr0E7S ze)jt~%u^Ngz8!i3x>%*OFgNssPO92T;w&bNRC?D$k}_(42*(I(s7zDO?SQug6T0ZT z^E^*Ri@OkVhh}$yRcQdAEwIA78q#MA`!7%<%QT&!EhCKws`^>ZcdS*HhCd>Yw+b&# zPy(4)!cd0UxoQ%(}=wH}=v{Jhxq^##<+(d{H@$hb*y#gtJ`TIJ)MEqp9io z^5MgrUSKjX7ShqAzCWiPM#i~+)N z7AOt1{#NAL7g4M9gSkAnI>uyTI~BJ!DOfr^$ZyLe+*<2auo@Xz>O>N zoe`iBcZ+5bVK`5tbz&g1&1gI1U^m_wLg)MoA+j%je#q-}&F@ zD+)mn_=`&}_s8l8*JP0^dT@M-t0#7%k^Zlc(rcglEHU9SR4kbMTCB2R*v z+;frtk<>hJE?PS$=9}Kh2b)3^5M$zAGIlup-ATq8NwHQihv2Ao3NDOv08K=#5<5K+IhMTj+0&!H)KMo?!bR3o-lX zwaN$7p<2aqstFi8c~CrJ1hDR!2f^w|H^l|cVRYncWZsbI4dL=AeEhA2vA9;5o6lz~ zOA?%wQj>Usmxn5(jI|GAxP&*@A@ldI6EjVIR%=pp(M3EXSe4&|f&+;s5cSPP39~Bs ztF>>TaohkqK*YZ?wFpCscvA-bo1no9T)}Tf9&*{<-gC|iK#JmSBM6vhk`U-b!J#8B z2m16)H_%EjVTdW?sM(BgRP2U4kfnVHGt9kg;s+mXzPr09)j{%I}+E4 z+>vegmS#j&#FVf=J;N;Uq&~Vj50$E)*f+$DmUW@SX|M)c>jjMM+fys5ZP`w#2X%w`Lm=kU7v`5zYwB`^#(g5yW+XJ z8e6JbflqLEH*b#Z7T|3BkBEx~NXx*BMP9Jdn1!m;=>rDm8x%m{WaLm4^CK}YM-0BQ zo1Ng3-A0Af&YMnuPAF=SH;+qQHntPR@v6E#OC&x_nL?t+^3O1T9UiNlB)|2{AD~f` zvCMCItazjZnXoWC_LUY4~J0)GK>Kc7}Qk~todt|0)h)WT_v!Ed=)>rD{iAyALnLh> zqZuTmXz!)c#4Gr;r~?-;xZyIK<~>h{fzmrIG}`n^=0uS7B|gpYyX_J6eRZ_*e$`c( zyz@MewI3%_yG#f;qTq>5o{(*@x{H z3R~v*VlApWX&?ii{x*6%kE9b)0ab$IXnj19U%H&+NjV+S?~97W*sM<`#o_z~HxpTN zCiKrTEkSv=h4DvS>wgjdCZJW)q;up82>E1pLEz}Ba6KIcPc(`VX&2DUnEjE9tal(T zFnBu7&}(Z5VX~PXW+(MV4pZcD%uMZhjv~VfH=e{d=&6lO_d3#bg+P-bq&tFD z#U;EoV~X2}bz1QJtM}flHGU8%4k;p7q|u}QS9ib6<~yXD8OXQs^$9tXSmR=^$xtMj z-aRjmos3>{vP8U=W1%fzjCkh^AS2UPwajCwhG+#q8@3IR(s;_02bBIUnzY%zh6p}q z62d?!p@kVJW@}4~bs}5T(3CoB7}GZD16Zs1#%_;sJE+5RGqszVfK7Otygy;A=^RK8i4gl&5~a|J3@#AlnTM z9vel&-7qSZee*3i|YL=lU2UCjPZ#2EisYo1LY+fgl&jc6ET1_1=*cXK8MfIdWg?s6z;9Sut%RlgZsaW9n_Rs-@yo~#*gCt-rK)Hc?!1^^n+RFa zD!3r`oN?UA?mEqvcMzdS^znX3opo%{TP?vC*2o4;HF$)_3lNS>??Kq$H+(UPFPa+G z(=PrY{PV}o(j>Nl7{}P_e<>Y3`z57}TEqkERwQd075Lan{7M~M$8`No^#;rlml66}PF-4S=d)agP()xPJ0hwQ z12o%IuA!)8(v@I8zTX#DOPU^-mK%jNxQw6Ue8sP;q&m~vOwiwhR{SyKk& zL=27ZP?(s^9|mL@hBovY8{L`2R?qumaR! z#r9?5ouQ>9IQuO+srp-jWX*h+Gye>o!du`m;um z6?(9<=c%SHdp|SF%2mhwR^>d3NeHJlVbJB-Y4o*55of`Jp*b`#lPd#zdzEokZ@tR6 z0Av{TI@sb0R`0JTxvtc=_|4ZH#O&M=o$y#+jfPfk?g+C4l{3NX6uEE{l#pEtpc*m3{r0`Ic49I0$5ZfH_MzY^_QEf-1|)XT%rPt3 zB1BPH6 zI?70Z53PLUtFVFBjlsTZj1G#>E%=8hZG2@d!Fvc%v)g6-q4aA~b7u%<1^P_e?o7!S?bpuVe|) zlcJbN6s=Df0CF|dy$(D-DUA*OJ=@SF*3Ku&3L;VF(l}b_rdviSp5cAQl0z*c6agh& zDp%+yxg1*_hS*mGpQ0RfE1R24xgRc@MJB3wC8nf~&+wM*O;m0cBG;0|bM^8a2UtYp zw?ADG-i{@4GywNid>~yhVtXj zfr7E|OSqSZC>e1VCfU}(CKW1{XuZp{z;AQB@yKuUs!-mx{MBrMP~`6A6$wtK(@ z9aDt5E=2d6%4RWFlJ`Iv-P^l2IMVgXJ%vl6-Exl~u{_GmLS#zQ zRyuW^Egr47wrU|Zg$QYg)0%#2^DRnO!_YG7LZ+xhHw`hV5o{XxUep-E83nSRa8D9! zN!^t=<2I#64Y`Jd!tL_IW-ISu{$JR**hnFUa(M8?K5wRfrdRei9boTTT+P(t$S7I>IvhY1C90pe^%#}DCXu8pN0kJy@f$m z^DVc;@{o3OOgVh5AkeZ7`&J=U)44juj6=5Y*-10*vFpMm%Wb4_pA1YzD!No3Cs33UzUG8TwXKAD6-e89G3%D{CfMU_ye!2jCTaUKbv=6dc2s1jptO+GDGfuiuKP9u9a}pkN78-=5pC z=9le?GuD)+QimW>^Y+H{*2;aEXP5iD&suvz8ZYfV$85F3pF7EwMDa{-@9#Pfbz*Nf zKh;SBzK}AUAdpR%!bqgdTAf7z8{ddVr}ZyXcR8dh=p-M^koza%7*2O8ZJ07w!Ez%H z&5LzOoJM?TOS}GWS@I6`vg|ME0tpS&H)wX0YFV7JmCLHN%k+hsAdG~gArSF0AG&z_ zDo2=qig8XmBUx15P;OX;f>f7p0~iT*mdpSct#T5IsAn=6#>ra}SZx`^7)?p+bTN1t z4OcWldzkyNm<|;W>%JCAXP_0pZZ)Z*5KVd?#t>~XO{f+p`CrSU_m0@8IfxfXQi76!q7#$0dH1cTgdZ4#tiJPAbm)#r#c} zn1~JR%r?j>a;!rtl~w7Dhkfz{?>ZGID$n(#zsoRY6_y9~u}eMWKG%6rbDT$7U!{|3 z>lG8obxLh9!p{q&pQ#NAkyE&CvLE`ByB2&HB^q`Jw2mn=HB82|#>%>hbfIc1mlO)Y z(gOxEJh_}Ut;3wU_d6u|3qcwtmy}k+dNv<>pp5Yo_2dBNoC6RB2n>HI^Dg&YFC3$6 z$*8cE^)d16K$Fvig-oSYV@_E{R5cpgsI4-wY&{r}c5=a$n)B@6Tdorw=;+Qn&|IfG z%(tmzm9Pqh!j*%#3#N~H$;-$@A|*(ZvW?)HXsTt9jeq(otwB2ofU?b4&{L>O`nUiV zem44>RCjKZ7M&-V(MOxdX3OR&O8Y^=6pbkT}ylY zo=ktNsvf}k2E3-F03l5?>}}}GYawK87l2rT?*cj`gQK=2qDbB22|$Byl$d6XEe~)O z_4J=R=r$!ly)ZQ-d+aQ^1}kcxWTDVRmNu2$`*Of{RO#zpd!@>p( z6HryY%5g1N1r96#60HW;%R_1dW?H`5TcksaG(f{t%UtT-+@;y9m*Zl$&>E_3NMoNY z5q3apUIIeCH4xhtG?D&Y-YC(CELaUNPTST^o-M2xuNe)JKyftCRxn^7&b)G}y$kL+ zR(u|s_jWpO{=we3_RB=%<=9k{6=}z@CQ|R*E~L#;pMh)LxSZ_0fQ_$DbLS)R-3dof zzwB$74^PDftn4>SEI125@8K~yA56LPNbb2JIEQmx)ZY-sa;$`d8-yJG{HqCSn+!8ym~xaPoxpLhv zFS@<0bGP93@5m9LA}sGOS+@{=q|^a1$a-Xi^sU}D zmjCSAWC8)>WpxPfEQ9<(mg>HgP?y9>jM%|{XFG5r7AlP0t_hXxTb)|^X6*FE7vjfm z-(Kur^IT_F+|>E;wJ<%t9cCj@egM1)m+t=_{?R7ZD8ZgDAau-(6H`ESU5Dxxk%Qx6 z+yQoMfgjE~hypT)VbU)h)&u=wp9Y!izvLR^ z2L^LDAoE-<&O0~$?<^DQVeK_MKI%ZbVD--&ztiZ!i(ps4=92ulcoQH`6zOEMb!g*q z(m#sHw32OwWpE2i~ zjl?(&-7z6CO@|Xd1qxPKWaV%NlX`?AqG8F36`fY&B;6d2Hp#_VKcaMmv}pFm&h^b#ub$&9^b`nAP*z&O`8ktA(}1Jr)!9-h9BqE zMU_O82W62X%{u@5%mdXl@z5li|p|}x^G?E=h|R*`OY?8pvCM{&R<3%*+U~GUdUTW_(=e!aNb@Dr_&iGQ8c5A00oB!t?+Q6ij~kbp|D8 z>&O@~U~v|fpXnMy^&%3dXiqi2$#(w<<7Vx!rt-bQJ!`$^)%QnY2WkogzQvyK38kbi z{pP$4n;27y6OGFCfak?44h$DHKBsFxUFnRpHFI!^5#CdXuDKZS)FtSsiG-5-AEU+} za*C#AB)8P?2pX8YfD(j0kNw4l*cV%HEieDgla0qKh1K@|G&@cQJOivK-$8)igd)Ww zW60FaL~}sny;YOXe6CM=8joQZTK7vmb`CDf(V$87DK!!PNK6ng7r?XP_;sgg-A(8Y z6E_X#ba#;39;_$K@$kj5e1>%q@u{j+_aMF!Bp;2EeR}|qNrTv7z#v+hsxm!rb-Z>; z@69Wr^SVf(`b$s@t6DgJjUTySsQldQkD3}BCovDnOx-wCkfPGBE>+NQEa5mRz ze@5mN58l4)ZdLS|mpABWY`lE#E*XLu3Sq#tp0}?M28(qjRajjnVzjNVR?-cAkoQ;G z&)SgqN!a8Yej$JrVM+$6IMG%^Pw7*Eyh!7~kPayoP9+c~gBm7n0|&lJX#*l9+Y0pM znk7pP|7Y&Eulpd)Iwi~(o zM-i+b2C+D3Rb@#iR2%m7Y`!u=$nHm$!G~LY|KUC7HOM--3iv+ zswjswH688;6`A-zrf3aq94&E|bPcoX>{b2h0T>}J{D)8dA0t~9+0-#nM#t$2Q?8$B z9gK5kq2wJx)a6Xat}22JOHZ5Vsa)5BBE4k~efOU_6PcDRO@<53Jj6P(N6C8f$rz(L z`;`oS{|;*TdI8`2Ox>Zn^9>!_XB#XvWZAv>V3He~V5PNnhUX7q9rMKI9|~D`P)4QQ z3^D`+be#X^R$|XU;R>{e&e}*10z16+-flWIsUCZBL49=EJSGy;XAOq=A2E!4G z)qZcbAi2`#O@~M_6=XN*K)#rGqqbbdIoi0P(h)&QW&pYxg%?gS>KDM_bJcm*@BZ$Z1xS^)p-}$YE>x_HZUYe_Svzw(IqjH#1&uER1x*8Y;UOflCF_tofT0CPa@tyHsjC$U1O@zVB;6c%Di&g`x1l^9dyJ z#gYZjl4W;<5zMiJvhX=S?Yg4+<)zdkK`+*XUOASy?n9F(d$YB-*+oRM3nstIwt%(``hI(FfN-d&SWV^i*e~S zMDN%-vc+egHESCfOnXW*r=(+Ectau!`%9yIb>pbBkVM7-qAw(bQF(Mx;h}jf?Zy8y zIu4Ac45jU=gr`x6G!wLBnR~FPYwss^1B)2m>ZMW!Y&`lgN` zH{dC}n&L&C_)Nn-@Vbs;+i20wR^%FtX3*J_RTv^+y^{KXu}29_*d@8R)zm_a%Z^Pg zd6B1Yk0T7!^5Xx?>REq>8{raLw4+epRX67RH0}w+1>fuo zyc(ImpW0^-UKHy>@a#PggLpDta})lkm5Ys@w^^hmPk=vMWp>K`?!`@=AEAVpP$1qL zdmvv*KFbLr6=3(ZaSqBoiD{whi#DxpM57WHt%BG#Fc!VsE+Uq)3YdZR@*4UZ^Y zTJ4|`2IjEcHzra{=Ghj{@Nwa=8w)K*8?Ohl_9132pnX?bR$Y|lc#Y&TLCO(KJuyVx z#!*YVo@Ub@uC)XI!EPdOE>yc1B~9H3P|b1%JP|gwjwMWe%`&?i+WvJ@?fk?P|x5BH<_DEoXqC0SsZ5WM2<* z&f=?EQ@d77caOgn9vW$H49qtqkF)sP2+|)~u>-uNyx-q7&qI^?0)Z_XE2;TDJ0(+X z^8?;K6fU$lVHFT29jrk>8Ul6e{)H`C_(E5s86sT|3cq3<`vKgdO7Cn*UgV3d{A|n~ zpw`w562${GVmL4|B2@4p{CM)J1=QT{B*bqL_=d)t@DFs9EN9|5)qF;o)Qpk%9net< zgiisi_~VHE7_`VW@}8`}E$7JRO4V*H7`<7iU^ohc_|R0}1(`KFid!%sX2b+Mw#A-U zS~RR;6dC}#JtMZn7uECNv_PaJ*BI;csC!QF4p(xnH-!EUF1_}yCp2*}=V0+53L(bK z+QJHtXoB1;!t7lbKjOxfJzU|9bpfabAS8IS1{eP7bliVpSHrmyqS=LLfehex|I<0z zP91#eP7;lXg#Hr6UNrWRmhzAheNidsYLu3MLC+;{cuQqxNVw#KcIBZ3^?LLnd~@o`c(WpEmrc_aBz8?hn7NU^JAcJbLC6+r%l!TZ;v zQi{2k$H&pH06o`ea{9Q6MEstz7KF5mkC=jtdFWPrNF;I0X6%Df5mX<0t6-m<>P9I8 z1i(#yb(ru6hyKRMb2a{( zxT^U@Ejj!CS}US(Pdc)}`;YG~{^$dGlzWF7I<)o0DRi=}Le^_6txZBy4 zT_~7ls2UewqkOASVgF)=R=FMs$^^^wjuDhuBKw{S8&vwJs10uDSa*^<=YGl(7!g8B z@o>qY6g)>}@{2|b-3W!yq2A@v=%I}ec|JtafW)+GSMjwH`ZHg|2cm@Wa_C#^3falu zfSy!57fa91PhUfgxd51E|LtwB5?N=izn?D3<;dDq&h8>}(xSjw_ zyyT20$Metw715I_@9LK_2pOT2i~ey26ti~eeyUBgVi3Rt|Irs|Q5wXRp>*%)V4AXb z90OWH|7dVY<<=KN%&{*QWkgm|_e5lJfVMDk5x7z#1o*NBtXfX9JVf|l7 zfP`D&V$^WopR1jEsz-x?vX*n)`|M6h&4Vf!`?(u9db=Q^Be`F@uULjYdU8B{w*;-33!$8L>^4X0 z!l2cIm1NOPMQ+UN8F@AXh!Ys3(VwgyLNslF(YjvO`2WL$&3j4a&^rx<_7@=AQG#Q!Eh?jPon}Bd*i2l zOhYCGQDcb18XzeyjA^mI;xlYUquOk;iEC}Y1S#S%l0#SaVsE7KkR*sBT0@c_PV(zJ z(0>@?BkDXNrVv}xo?;70w&&`{Zqvxr22 z5O35@|KFWM8q%FAO3UUe(5={d{{pm{P`l3*c9hs#=)SLb$|5NkWGqe*x@91&V=dQ` zeQc62WTu*HHzV5<$e>QTzsLuj`GS>YKQpOrbV=K<&xN5OzwsyUsur6f!khUbie#?j zrF{GsW9&95UW0?9=q*!UR7|2Dt8zqK_mg;}fIb6rgjJ8Si4WNr{TW7?o+HT#}7J^){|K$l_N<5JGXY9t;fO zTQ^N#&xLf?30`6PH;Curh#>@L%KKTgrvv=K%nQb;k3*1HHf zav40s2?EvAcly$7Vz0O?u>>9zc1E15)Sx_b_rc${5Rk&a$m$M8LaS4mdDLKavI_9)2OEDS5Lms{9Fpk%5b`Ov$;&K zIUu|`4w+%cLagGO;TgPYELYuMr~pc^)aq7-EfSzA%B>LEO|TQ}^t&u}D}#UEy!m6< z@@mJJk*8jYPSsVgNW!|3}*Hlp7&qGW||#YzpgPy zDUDcgVIeRMDH6Qd&;LiJd9(GSxh%52-G|=TL?dl17c9@}t&(G?=&4|F$8bQOs%7rK zyE|@q2ze`9id{2|H-612eDPI0!2$ivRPHa6TZyI8rCoa@X$un7&s31me?k(4!D3}0 zhJ{~YWvRa3us=?|vEZ~X>fhcGh{lY)=J0<}^8kx;vP0?q7QPSlTc*$Zz|#EssNIw* zZPTu!{ScI+Bg>hD&JW#r&57iMLJ+8nN}`eFbHnQ^7n>;YI+?2yguRXR+b3XOBNOVL zPENyhhaHu)TapPpZ6$X3e0~qCHzWdE<^18-#>se*M}St!HoQ5S@RMg9E{IXbIxJWU z$Ag()PvKu+IRxZIM18QRX{oK{pAL^yBV}zoZzloRw)3j6qwIBNt94 z<`F_ye>bta8X`!xfLt51-w?BGe(lvaYw071Jf)Qwy(v#`W$dIm%mPl>WAqp~}cLz$oIkSb; zNVxQwX9~Q+=%YO6y`dWk1{mF1us@=+4qxz2ydP!Pi?oery;Y$WJnl6)9e^20?UvJAaCYech6FmFKNIFW8@4 z-|RJ#Que>=FN@7{Hh7r2&psiz<{&w%Z?tTyu& z@l7Vzgjp`~zxO0U-}78SQUYt2%0+E*x4_keBz3S< zzE~uTsSh>s6twznE@dY=-OpF!h<~lC4}QIBoi%u1#6L`>H9W<0i-34X4{y^z<|zg8 zc?ld@p6E>J=n~?80JnE&4YKPY6tB1)b$Jvd+}nSPboB+)s+>sw$Gx*d>l{4U937?e(H~3{;?c?GRDFe0C;gQ2@L!*D!bG|9C|x51 zhf@Q^M6+-bTY#&97Uoi+)OiE7(nvlOIbMd+YzM7s{rL++#EiC8xgp>FVkUVO=0mh@ z7?@Todwep>4$`sB`RJYthyj+$7Xs6X?7;{IRiWE1a7EjBnh;d|Ro_(u1P$7S3LcbZ zG8vbZu&g3o+ACX&E|*`~)bFs7j$kPLOGKn1MJY~ODk9B>;<>cUT)B?RG!3A|>5VAd zgr)L7#hpVlw+KHA0Sch@X49b`0E*wyV(QZ9OQ70gx+cz)TduNM`e>-|ZQ7!srYNfJ zL0p0dpehTTRaX65?!O187ts0nPbtjL)GAt@dpPUkb#NHy1lI}vAgh}qPU|Gxy+hv1 zL?AaKEn7?SqdH{`t5-C28p+27cuLzK9TrqP=8q=s@EXOWRPmu0wX(PQu6sI>6&|I2 za+l*;S>%wH|68V-p(8T^%8YX_XmXzTf=-S01Cdzcd?ETEBVhG0L3zYG=4=J`@ECrlN3H z{1YHmxH*;@EinC~b9;P4tgvAzp7SX0Hb5cg>g@ViT2_JIar0EWKA0S!;;>B+$JBq` z06X7N6E27n*4LrWXBl5`ox9rGKMfXvgJam&nP$638^@uPScVbyQ?tp_1vCa%6pv<1 zCsgAwgQJZjV)9$U(|kbPddxdX7(#*cU+AU-zMW$?>Mc8Tzfyj%7L`qln=&)%s`&f( z80?xk@&7l&TX?ZC1M)>o0f5=ogv(Lc$?u;?k|_T^g(FIopi$(^kF2=^O?*8{Mt%je z6i8u7QR%koTG=v4_WjN{5ZWWDp=TS)<^9BVD_PufpQUP!_8>WnNqcN(Hg4QGFt)_< zQs#;S5dNcWM2#FIt4NXZ3D8lzPzDUFL7Sh(98j7VYybWEZo28lOJr7m6R2rM)tRs= z7KgnqJ)5FByE?Va1@d;s1zoe_zZ*0C%szR%P-F0C@zJSz6aM3KB-I-A~)KNqGDQc^Z3+^b-gHekecdt-YODb@=2H z)yF3L_Y=v!M0fpeTt_AHpAjMz_o zlkJfhLIvhjbgjF&C949B-KU0`XQ!xRoY7;FT2~Rg2qC@~CYP?a6W5%VFwXqh-pw;3>cAR|!R&^Tt;ylhdett^AX?{pe-Ap%PX84W@pjVlV1(<3ZZi@tMb`*c<_9!;Ga&Jw0Ru5R^OljZUOwvbc zh&X&PWXEsK8(JE!^l!zjCElUPuDSBSf5)CByjHRl9!6P@u4KB7uoNzSuzz;=XeYD|!>`gxuz+m%$jn;ndgik_+ zrYY&aj}+?}E8h3Y%o1vz`83Wm$|oS_Uz*zuPT_Sa1(WziE=Q(dcuLX0=990_x2HFz zVbOW#(T;{{0+k7hMUM7~uV`i#4O-tr@;LaN;8v_216$Rfqzw8o(m6 zaWbefEZdMXE+2NOk5$o8b3)`sL3oQ&)c9JaPrIhDAjL6cNP$XB;RS=AQ0x+(PHDG$ z5Jx~55g^ayDH`4nty#>M7c4qhc#zN5KU%M+?TGwv+94&g+f)IAlY2FPifFdwi8s^f zv7X;iGpb8nQSIN7D`&cma*f%e(92=I_9CqvvkzVo;9U+MQ_P?u8cM|LeEKbSTQjmL zPX1YAO(|X?e9?o!#dv!czf-ToiXkz1UOb_7sOChJaBQwA`e`U#b1g{xg#sKfDk~?N zWBR-B==&Mio3}2Zmt!FVJ6>L{nH^U=SKg-;C%yL~-EbRu|oq2AVqxaaz z=i&IaAPL10%nC4G$~SL>KN*TfGA>APHTz-h>~@(aT1Stmh$^@*ZSaj4VOeu0sb#pN zwwd4X6Wm`7HSJU)02*u$Lnas7pkj4An-=zKwizA9n%0;~`{?g(ztseEKB|+?Rr_lC z!<>8SZp@o-990Xy99!lGlGe~?L&hbp&UH0mSV)8nZ&^zUCNG$9#UC=o5*Q%;WXxXW zR=3slHaR;NzDjjOM!rjW3RhloGE0earR6)ryt3b#!vTD}|12trz~qHaYw+~Dprj>Smrh4^E%$zbjcN?`6&Sjq-JlZl-yNxboTIP?+X zXPBc-gRjNr+EhJqkDEcou~=d+B(uL$J0r{V6rd|pxz6)4To*jaL3Ss7U6ONf85!N? zeLOXDuU4AwDLCOl2>=(D0y3cJd6cdc@3YMF-oH{IE@w%$dm5g2738b?7BkJ$;Tq0! z034OEe5I1WS}_^XbKjFjZUZ6CWG4r&ra&CI+B6G~)iQJ+e@(r(B=z=K8x(8|U?lc{ zyc2O7B}|K0mSZ8edCU;0fLV{XUIz113M!IuE>L6@NX+YiJe6~CqP`F68-XH<`_pLs z)u8}UO9YT}Lxgwq0*cL}XW`?T!$C{uEiam;?Ocb6q$JP#bBUEql;xk=A2}BuHwkP# z{V2ZT+qY;2Pw6kR4(5(n>%93}$HxLdCl*x!`2V`ePhg!>^Ap3+cf6xiz^!Wcsch?$aj~8V&({Yqq*x`28 z_ZV-vjPHTb>%pz*>Ud@Mf4IzNsUC_9qUi?6j#|@ImK!V&y7f_(E-KK}h##KSEsq|G zx+f4txBK5&rJ0oz3blU6DX7Z$F7QwP0P7u_uoL7R2HC}t#>Ln8!h60|_GHf$iq{~d z{#tcN?TBpt+n{>d;Gr*|82mONn^7{$O`!ATnEF{Vs}sM)k(#k?#B71|bggdD?&w^* zaY@ndi4-31H|*N)71;YFcv}Db;E{0i-tN1MK%ebaU0=_N2)tOGEw8`}{5SG6X$gWN za03GSfB5`(Q(e~3f^p?H)}w-Jx3!o|G6Yh+!qFxE_xoV+#@lGi>qM}zC88-W6svJV z+29Bx(=u6+UBEY5)4GH=p(yg`?^z7u&>6=iiV&bPW*|^faj9Q3tt#ED$(^8`LTvZ< z*s5ZYkycml$M5Rof66_=izwoP&$ws8m}Ei3%hTqQCxPz%W!`)kAt@NDC_i&bjlzo{RaqFnp5 z13@+rovFt;`jWLlK6AsDp*))zY9h$=w6CP)pA@%9UdVbQ+~vwZI_}yzqkfV_&{7*d zCnYG5Fb@B1`sK|n0dbSZ|F#*UvA7Y~=pYx}XSWu4 zd3+kKY{8c~@zK{M13E;_tJTEL)zKIhnG4nv6K}L~X#h-$Xu=&DpBJ=|gv9j0$CZ`p z2agFScMPy*poTa@ZL3vVph8J6x>8mY4Q92i^u_D3uPc<+Cg!KPt+bGPM!2SRG?`-? z8MZ0H9#5YB=Kwg43#2-Yy9`DM%en#pfLm5CP0b5RCZfVupSIM|-eUQOSw?wQQKCgt z8HnC1vSgU&q;D+dSvsJG3HqB-$>okhTVtl!>``^Z_;p_sNX6XD?JM;)GCaLAFYSdo zM-?%`Ysr7V*ht`xc#LG|5Z%T>^_-rySGL3*H=TV&#-RXvwPA-w2iZ^7@b>_+Frc*L zPBGj})6+|RjOt%Lf1__=eKARxLc|b^$v2E~RzlHteqnZi66!zxvZoN1IokI)9N;(} z>ix;*&a<*ii>qZ7g~KjDmLl0ZTU1HbXZCrog>iq2s>SF9iU>E z1sF}7h4enI=|zTm>refLzoWq7`P?uUq%(`p5D;`oN+qY?_kHw3)tsQ$j^xPrmctqhPZd8dT@H%_IjZ9d=M_~D@b)mt+mW=&|Kx5D3fq>9J|BSXe z#Vtlaunl&1syzJ61>RAJT?&vi^B&x9cRH3Ia~6NhI<53-tSf{44O5;B0KTNHZrYFD z0e5N&)lDA0AOgfjvE1>&(@D-g0<}=_>MK)I2Pgv-JL+t+ww&q@G2e+rWvkKESYA5S z&Ntj;8)~r}z1u0X%40von;yr#QkqY+b$m{7@tda3f-NXN2zqUnkhsq9tP#`XaQ87` zGMqpLC1qdO0aIn(iy)vtdbKcErZ(Owvwya3>F9Kc=a$&Pl585#WAOW56?(S;-yN-2 z?6wzc)fDA}_9KD=^8gLLg;mUzq9mo^8cQ&Twa3H^5X zhl6BB>jD2uunDWA7zc`$f`7+&4bK7W^u0sdZWpb{EXRCLx3|%`BQ_r;urP=)Tof#V zuxe<3(C>@p`|E8ql!v}mM+V0=cb})SK$F@8IMsD%p5Fy7Fw|Y48;32Jq>h&yn1IWa ztfFYwdSQXfukoGCiV(Z0Dso8exX$>f~mG_mIvUwWr(Kl*3;oyCp9O#FH&kUfegeJxr>qv@ z?!CvBfvWE(fBqVu3d*+AtFuZ@_Mz?as*e^seJXmmMw}OqUk79ueQvFow8bM56InA3^5^-K6F4T79nUJ>Q>AT3j4%^ff>(%xvR;#nc;i9xFM2()%Sst zfGKfkc4RyLM0T38hse*L>z6qR{6q@9Rw^gIA(wdu@~@#i4CMY<*lKs zxCdAC>y=M30;~AO%Uw!G*9Hf!fQOKMa)#du_gw!gk3+jBffY@%g*E|)&%YX)g%W~? zy+VuZx2V_ARa%3OJRpF1cQC(JA*Va%a;^dVwUr>wUf+ zpSKmU@*kw0`PMcb^*h^{>y9u&D`ph9} zT|w1+BmeCf6)=AreB>j4{C0#arttLxCb%TeZ_>y?4^VrOXErdMaJzTE1c<{?$>O2<6mNfHhaYY&NU(k;FvnbZW#0o~nB6SmKhi8@)YapS8)0i9a@uRvd;t<- zN^I^l^ZeMH0#rM?|^=1HS^p;e z7ETUxQMAk`TnG`Rh{;q{wTIDX!mWGa!MZB}G=o)N=H>R$egW&rTkv{VN4C-02r3ti zeW{m*#+=Epr_NbaAQghYvEo@!Q3fY`XIB4lu!yOw&aQ{+^4C#-OL!L!CAQHgkMHB;VL=cF0+3#l#_U+!6;JcEx}1JPKF|%)kJ@; zYtR!EAs?9F5}nTPTLfl&4}=!#3Q-678g#=z^$rQi2Z7$@fPSS%9T{-y2DW99ue!Ju zk@<7k*R~zZ$QrtFJLv25HU1doy0q_3tvjWV;K>8e4Lv_*x#S;m=53WKeCkLJberxJ zf<1#OH@)3jAhwtZiUl%v!I9q)mwi-%rqmbFqa15!S@RwzhZJ{{E}IMZOULhot@QGO zqnPEMP_fYm(JCpYeZU5q^eFjrNY}<5$FOwOMMH_;X!Rz1ZUUgV3yN1XNl6qG#G{ey zbi=7vfB_fZ4@2mcCI!uH%VomgF#P@4o?nh%!13J5DMdb=uj7uGp%t;MFW1cT=9i5e z*UPP9JNp@a46rs=!{mY2Sg2aQFIy?j@lEDL|Ejf^nn4CI?@S}N`R6(x8lSnO1vT~3 zyp7RjhA$#ys;`!hd9!iApqTr-!8xRW=%Z**#iS6#I_~Y`aP%A!BVC2aD9hjqrvLWR zS#z?4?le%*7@4lW+xM_iLKVsZFhOfiH;1=xh4ev}wo9UR$6oH%UQHQdh_WS)HV9C6 z?lY1e$4b}601+ENE@62n4OSpbE{z%_?$C-zQ=;EisQC2`!mbAPQYBSfvQzRGF{wFL z=JL!^kjP-BZk24lgN*W$O|*)ZLXbxxr9Hm7pUj{s_1r~e(f}7Cvd89J>`A~g11+zs z85|6>(Bv=7;EvaCsdI`t;%l4jvV=RB8}W>6Sixbi+e`dY9H{|!ZM&>^6OF@NbAC!5 zZTevh*`)N7C;~9cV6K!yN#On?^CAF9K)1i!n_n~ALpyHC?WayiiJ-bZBH>zq12de# z8-8y@mX5Y^Bpjj-Qi^+e+Y3f@Zv;}(x8qpY?F~-up~N9QUf%fl{JXst@a}9L`d#+q zO^97EVx!%3#D9h~P6P0G>-xX&4IIldy?EkmGBWfS(wWBvZa_;_A_LSv`G6n9_H@_2 zd^tUogE9SKwrWQptV=ym@@~rT#aS=;WwAiNB469_amdMF=om*XVBEg-2q0 zdoOnK=&^(B_CqzK=s>a|{B-dP*Wmb)W3`~|BIb;XfA4#$FPCfTg8CdjLAC*Zu|_;b zo6d!ZdK*<-tf|JS=@gnW#Ob~N6OylKL4k#~z*H8Px*H#o_BhYW7?6+ULG&zLmV`z7 zIRJw72t@R2Sgv+2`N)hlNW#%tE-w^NTo#DSU>=;tk2nLTnkieD!?_WF8o2y(;Xo;P zLTTw!v#N)R+Ep`&oG~4vp(*%h#xnpyjk*SbKm)$-i*YCvCqx`K>E*;XRCHLctv{noV5)ycse^NL zfQlKP4j2?Az_m)c*VUg}M~*AK{0&_TOAR?>2wOY;odv5x9g=eIozCX`2Wbk(cfLCp z;U1XDJax2q4pNFbYpy8={-zZY_Sl_C*)E*Mje)WM*9z*EkqpmZ=+GGc<)>A?z6!^I zA9!gA0>X0K{0EOC6h-g{+w3EF6usb?mB_cAVW3Odyou(E9%#S%6Ldp&<8@^HMU0(5 zwOPq6+*mSQaZ(*4Kb7Kv*3ns? zE}4h3=!x>k9U{$v0Nsm14|Gd@4s_c@X4`)|s6`8vTTuRGzB&&fo;;{0gJ%Lpo z-~DgpjuLFbPr6^%MW`G`DRUB&EO5op=0gDLRr!S0mzQ?ey+hJyWlkWa@wcke7ir4XVb>QzSd8LLOo{YQ=RvS~vv85S*E zFhEA?e$8MBqqzj9KXF4O68yOx7Rqfjyre6i5&zu+v#jHPe)UxTu;H__U2gdgMGXK{ zu0vV6V8&@PYZ}dwQ;jR`(!#R}a6Z|SELx&#O-L6B8O;~aF=(Gn>~UMXWk?N{*4XL* z?IThl?wnMNRE(oUiuI@B6E3_#V2ZU84OV#2QQbH*yQG&vkgs<*1&eeozO{MHM=Hf? zFLN7vJ0+)25KMq#-`CeDY@TH(o(l?L|U2m zF_SR-S}eSD<(dFM3Tl~hHc8TU_w2?-4mudTf}&%(aIEMpVuG=jjcnN26tO$`w$*ZY zKEvy&V~4Hy<*YUJ(uqt%Ma%i;10Rr+&YSo?wFf~`lqr&n4t<8|=bM8u_?zPA76+$; zcL?eT(Ic43+P|1h_jj?GGjz^@#Xl>;!8hOTexPL$KDgR;!CGS-fBZBurG7@b#YMAA zYG0BNPh@j#kjROTdUU$?Pl5244B4KQc_F<9*r#oYhrh*T)?=l4{SchB`r)aMtJ0f+ z6?Ol=sn)mk!bYAm18?@1C8NJ_%g-JUmGU7^ONteFzeW%_7i`im?^}Z7MS7jJ0aNk1 zs%B&cI1@;og8pJ`A&m(G8M<{h&&05P>jE{JWI}I2n>xkO%7^AnXaj2`#?UZr0&ZrP z1k&gS!W$FH;z8@VAmMG#)9iHw!?T!h0`rjql>bvUqRrazT}vKTn(>T2q2=iZ(_ zk}o$9&xomnD}9?XeXLOY!ai~dDjcRqU-6000dMn?EKG10KFdWP{T3OiG4>!m0F)$8 z#{!>#IT7kII6d~kAE%lolkbQbqWd&lYXu1hr)Xdm$q` zh*AQU-Scy-{bTjZfGOKDqJX!X8_YdvSk0qYZ&z2|hHrrY(!OJzjuh~2sHbuwUboH@wNFn)gT8u_u^)biPw}Y06@QZ69LWJ`pL(ra zA-%wayFq-~YNSWCYY44uO?e~sr0CF$auHPJ^A#^wv*(&kYQ6N_ZY2|Vkl+$TGw?0C zCwFo}c3~BunNwrdgWy_w2@EN#`r0+56zs4_LBi5>Ek&d(D9NSqehE+U4cA zE)kR)4Ga~-P{3=3VU9cj&WG^&1Z+Fh2#Mf}e}J#}+6mYBSY5_JKBX}-ifiHy8R!SNmf#B*v+up!K~1(tQwO;23$1r1YdlB_`aoD{fr1!1>R zZvg!DID%y_KAXF>)z8Ix{aOmx(8f!xLXRZ_FEl+aM zYGtoRl_A2W&XfTlR`?{IK@<89HT<_Ziax)r^`dN?eSEd;Ph_txmaaBVl98loWQO;Rt@l+Z>R#~^LD_V0a;9p*EGBH2!tls(AW4} zf){4MKvO7|l76$r*?8XaReY|tixUcwn?rb$)whD=LHWwS1S?yb_ST_qz3pwOqVUgd z{+F@}#nL5n^QlONafrt7MA;B(tADociIsQ3bIDFftgMij@c=w{VFRyh)q_7b5?!zU zU5x}jp1-+D`?Ko?E@b^9&T7=J93DDsVn!?d&{2ds2*wcP%G%aJ<0A`P4b>sXB-aNb zv#T_%y>koFyN)%}WkGA%c>-=c5$A^ux4It4>Rxzn5D^{zDuI%$zxn5EVY^j|E;;<$ z4H33EbDT?wIq4-VES;op;QBKYI$`GOqqFO%%ve&ZYfU@wmTprIrEW!ny^pTqw^qka z&PYD`ZlSc2!gqq&ZDv+dYPd+d0n`qVpylvtG z2rLkz0KWLEKRg0tQ>t%e*}b?UZw#J2(bqeDnAaNXO@2R7p|l&anS3o)%Sy-jo?7Pks`o&!ji>)Da2?~NGv=iBUU8Dqs-vFOS;zsb znH+)?NeVp4F;)A8pX{M(qDvEq#bSeG8%!?vsT@1ny^v7IL&|gSZ_=tR)NPhddlzyr+)RYUwcR2}J$*K1;T_ z?$`O$vN!)v;UoNs0}Gqh!e;hAm`3XsmF9n%Y9hUg9J+tJ!kH^NHQWYgb@2ArW1hEU zo_BgQcYY{fva#50Z8lu*B6Oy8pZne#7#vCfsA>()wysBQUk$DAaJAN(C8z{e`7-`a zv1Bq?$%uDoxD}SKOV)5vNBp&3m&f*rn3bE5O8Hd}?FaKF~d$ny64=(4FIP zJb8Ruv;}G9Y=E^Z!z&;8O)6xB1_=-4j0u2i>g0}IH5AN7oyyPq$jF8X;q`Q~3X3*X zb*VN@v8Xd_WlLny^JG*cB>|d{xQrkJ5?PKybi>05Y3^)#6Y*6mRIWVq41En(gYH?;*p(x!tM^Z%9wA z+VL@X29kwb+)P1W={V7RYhQmT5)bz!Ck?N77ewQd&wh=xgn8NB_%k>9u)04JgtRjt zU@eQsyFjGuiw_dDMQmOx!B4z%?VTl!D%2GLAj+ft1>RqZ_Y>7sclhY*d*6@IBkzmf zL;W+0Xa6(MR28=qfb|SV+vPB|eOHl^-p^Qm>&=aNp6nit;N=Ve{s1unr)qdIApL

    w@s^?;r``RNKU=p%n~rduH<4??psQgJ?%~;SyS%yYjHed)M!N$O_coaE?4)2c zsk0NK`i|}?T%%Za>eS(CW7VNV54kBod;6w5JMy>=+HpqwH7Tr#9ik_95QU7IYQ+sy zu}HY-OjRkx7#O^0L#@A$I}(H*{=dp>?=sf#FghU#Jl-CYB$B zJqK%;EZPg{IQ^CHayA)50uOMDp%L*yXIoE>yOMsllF#%8fkxE$iq-g#ZezcoxDYn3 z>@F%#&;4s*CQH4_c04eG!5?N3q(evH^0XAf1FtZ#q14>inmL+(?zqh21oChuR1lem zo}=m8XAcx^?}){!K|}@vKJM9}WqF771cxAHn8=?=psDWVV`-i3rf7rE^U0d4p`>Dr z1~+C+j`&+_v{TwcH4T5?KB34sL1H6Awb@aA>iAsXr#fv2_;L%3gh0-c-t7Wp);RJ( zP)$H5^n*?o>T5cIpb!&A8W?eS>4ZM$4bpsO_L_2NUB!{{c<64bTuqgeU>9%VC3m@2@d|7(Je8X}TBDeF^iP`xzu*?a zm_zhfmZ-U@N1Zx6R5E|2+YVg_zApSNUVvqL>strh64^{5UA3x^|J7I;j@tG$MO}}r zw;}_A#WPS>FfWVh3a(;?{G|7N4;@PJ`p%851CY$9fv1LWLjW4Bx|jByh-=>W=f$`7 zX3!D^cxzT3Hmr6mY9t$bCUK;$uvOMSD&nrR7`mP8`Lu4&l)bIqOR0yYbaps#JB=Gr zY6D!v-&q^u`M@QY-d7g97*DeJu|t8i)FqTFQx;wVZ2F?wd}}fZ8f#wYb20=)#d)Q& z7jpNtI$NNZ2S7FNM;ek`;*51m z(oCS$)=kt}I{o&~?C8`|Bd=ELR>112GilpPm-hbkEX>U*o&R#6S^yvFDvq~y6gR!T z7uI|c%8C;YL_W2hc;jF?iwe2(}y7h4X&CD{F6_$Qf`DyIXgK^FvG5tOi3F)*#VeA|kP&_z^ z-l3eT?yAY#{TglL%Yy(8uovsBMLXIo8NWhyC!Vj>&P^MTu?V8=!$!58jIs(U>>-1} z8~N~Ij(<4s$x|#hUTaluus;&T&x=3^fZUF=xku~0Af`hSxD;X_jpPUfSBO*s2{gyY zKz_QU!FxtdtlM2wDBUdpMoqO`2ZTxH>JQt7Zk2sU7d4#x;QHLgjhF}-0%dr?9K2yi z9?-jLK>YBBxd1liQU-OByfnjtEe&p`c+{=8yHw6oZDempFWKRUV%7m8dHiy{nflDQ zWv4W#fB4^cboLNYY3Ah!sIR#epg49u-ipTIwJF4`##f)}DIkZqPUV zz?^d52^!t`6lJfbrK4nLw_4aNGqQUCy);$%`jB$}>nhl6wKb+8lde9jr9mQy%F>GDl*qk2agky0u`x841!r`FD^>-wKK=g!e}#qt z0pdXirP|GG_yG>8f8-@62C*NkbmW4fQ~H`CbG({QM$4tDhQ1?CkCXf=**CE znUR1_*QmciB$i2`q?jOfLG06GfGF<4FWKk%(KV3i`B~qJ#~N6HY$x&cw70T%2S&qA z8uS`hvaEExEH=jyWYF_xzfkMtmSDk>FbuiYHJwV|`3s?c zTu;U0;?<;sNl%Tt?1L9Nzl@`pN?qejb!YbHkUB! z;`r_JiDAk>pcWLb>IfTL&2g|wMU$!@D?aVRoXEq!M%-{eH($?A9e2m7H5I(C;mH57 zcxbrB0Acw4t)`w255Slo<0kZ$8jqviyL@N=b-;{VA8i2DrXNK2L4Ua`Q_wBgAm(_~~k{_C9#AaQ+wkuNj^}-dMMLV&65|mBj6W5j#4!YNI(X0+^PDIS( zT~TA>XK20Qgj-2)e1wAVfU+&qORb49dU!46K6snZ5+S~=tFF)l#Wz-dHvpI3iB2Y| zJwZ9A8mwc@+J`IZhXGX92&7? z6z=T|eR_wMR`!CwJ}Yu5%hSpW!n~3ZWt$D_>RZXNc6H%V#|q|TyAdj7)blgvwr4lV z&CMVam|5UWF=yehjnk=x)dfg<7>1H<>?=iFRa@hAQk~4LWjGiKg-3jEWU2+EWB*Tz z&KssSgzYI>5<`HD!Ti8(&G92rR0P;dSmg&_AF1xhPy?i#0*tDbzq_&edyS%O>o|sA zg2R?ZJf2`B@Dw2C`cWoRy|i`it4X`?zQ?o0B<$K^2y?1!W|V259d=zz2X7r3=5di_ zVx-N%BFG_4dFsd?d{2;vkkmH5axi2c4{k+DsrNFUwpv#TS{&LC(uYxC&$PY*d_LPc ztv){)Vr?9;w1bSv0+MiX0*g%QiXq#fp;NKjG8Kv}ido+K=Y^TL*1*9x$~A|%>fv+D zAgt_aW?FqBk`le}Hp;bzPHP8bII;HTpw=P%BQ9 z9zUlgyuFb8vII+^26ahAdo|7m;>ZRfO<0Mzzg1wu3}R3};fS1Zh;(Wh){1xUYjC8~ z>hyVa=|Bp@l_*?GMS{QWNVAV%0WN0mHX?=iiuV3R_LanKf5tAlr}my01bR4O0UC4{ z4*0Ho(oKlH5Pl32=WCs~MwF`M)wb8*x&P#1ZA$*{(uU-c=m7j{0{!XjqR5Fel!)kW zF?jpc3xZm{=){O{#fSm8G|8+LJ8=5Q&av`+UL8RYqc3LnG$^DO5kW&5n)fRLSc6tf z#O{t#(qA4#tmmnJkQ0@_2aX!)rbc#-@W`!X`f28D)zjKnOSVGbJf*OpeU|OjoJ8)b zIyCoq*zlrQ{Zgsv-q@LCr@SbaO}Z<{YI0H8w})$lf6V6nL8JRN^APD_t@n#=_V)x8&h}mS7EB83bKT%ORUEJ4dy@*lonM7*ObUj-=^VN@ zsRX@|E&T13*Dp8{58l&5i`wO9@z$m{D;Y*FSq?ExwGWdROH#Em!f#K|0^`s#SNqem zlJN_Tbt82*81eYLTu{@x49bVP5@MIN5mj~>+8Ei;@0hSWzyD}x_2<)EquW)C=}o1z zf!6bCa2@NQ1%?IPyP`^}u#Ke~bNZAouy{}aa+(g4i*U?B7HG<{OfofW?x8N!LOzJd z)}v3~(tI@u5`r2Y*(_e=RQNPl+5#1%KadlBd&RaEv{E`dc?c2GOhOStlczr)y_UaH zC&rzMYfkl2TQ8pZE0=V|Gf()?XbBZ0R^eoutNCSH@pN-Jofcg;@h-kC3*+m{0SGR- zep?+{oA?phggjL>j}C@j%;<&`LJ15 zFhSnefS;B$#l|cdH_xg^P=y439)b0@DTOk6V@RtIh+(K&ENb)~_S8Z$%uvnkF&Nrk zZB0hnrhA8da>=F=#%LOC-xu}aAw{Vx#`h#yQgm7W=3^w2ZF0uR9AL$~Zzq$RgJBcS z>E=jnxK${OCBRZnRG@j1nh2nRx)P^II`>QEk_wQ@d)CP7>~#bEE?DOYj_F0 zjUeDaW(pvDY-E?Rl=#KOD9eTIt$+`|k!@R$0vzkgyIeKzwLOTURc9{}D_FD}Lgxg< z`rR?=CBKy;Q-8ZuEYABB0lQwS;DR{-HTwK&k0;tHLYZwA^u$$>ji%#|XlOgLX>kG% zSi!G*;Fa`#ZL(?!#Wr) z%6+jNbe2))qBc5A9HVM|7SgWjk@uvMJ|~=Y2AdKqk}OFGv8Qt&s_7mfHAk?v1yMHI z+btjL-zx~V&#eT*L)GPYaWMW((Aj+bp9cSQF zqos&D)S(|929Po7+XWRO7QO{D3t($UA94ZjHh1KEnf6@!_U)~{lTgXoWsZ-+26M&hX*6SV>iV=loQn%cYd>7ho|o5ygOxHuCo(sPHRl zk5jZE%{A$%AgWrzfR(MVsh2ok{UM5ATNAFuS6(9O8FZ1VKlhos{So|U_ISzJZg}5H zdxsJ---++12V1M17Ph1Vrw&hi8EsB;(VbIZo&l?WX%ps6op2Sou7fmWY zG>E7Ue+Mmfi8|JcE#)H9Ink|L`|Rg$BoVK92svTxGmc$n#$qm&SM_s?WI&_gH? z`GW)(){jA-IF0tlgSoXPI~ER#s-Lr5mBZ`P`r6hZv34tgw0ZZ)QD-S!HnCYHDj~3K z6#&$-B9CNFkw4q5(j1OCNLLk*mQ^kElNuAOu=>99{Nc&EoJ|SHwlK5bpe-&-yQ@4L z&^dxGeQfjajJBnom^LB^S=00l2h}yX1zjoRt2I&QjnVbrrsWQD;#N|V3&SafcK!o> zq)X>e^%CSE+syq$VN(8n4AB=o99^=nQjo!+x-^dAZW9*98sCTm1U|=+-l~z#f%2qG zE181kuLP7j9SD}?cz-FG?3=j`>s=AC8(^>~dTPzN3fdc}X{KkK7*EpY1c&0ErwSUD z5N6=(yOh%*+-&oMyzK! z*r5XWl{sC@41VH0!*>gEbwuC(ZPl_*sblx*bCTt(N|3CLN#4qTVg#$RM{PbUW_cy@ ztAh*>5L72TXOT`kkd6S`uoh7&1noH22!b5k?8ALRae4b%e7U~EWO|ACf1_)~C5Jq- z{EKt!xu%mF7XK8lBpKAtXi;OpPYOc;+e6Wl(Q8DzVX36+N!-TmJy z%>J+SMae^Uf{N1NY%;o$_~q6!-?5-+dI~{??~Js|RuhyU(KG74U@I&c3ZYo#3kf+A zUJz@S&a^KyG!}t;Ay71Efgnjt4^xf=ALrh6p;!=pd7w519DEU;$ZZZba5 z!nz;MPwPb7f?L2)Ej>GGJ`N4hdUGxzs#v-69-O+K^HbNGc zM=u+ParW^|g3C|cZ50y=6MFaDiljmc~0Mm#{mohQ|AY8eHj)pVxlEEO;HT`hR{z{CgPk&BGfw5}L z6z9o8$0+YoY<4FPS36QCrKu*5f%_w?_#-I+?HzbA%FyD5;WP**Rw9UDWjL82TOj+wXNuc@a&6$N=6>D@V(`4oXd8Z`sfE8GUCz_ zuzl(U^JDHN2^1J+6!0NH)`?Cuz(Ggo&0^}Y(55~<6c$D(v zn?o~z18lu9Vlj1D7MAiAB0>TMFKvfNbTt#K4Wt{etLQjPm(Wj0 z@L1IbP6%#Z433TypR5)vdMI)M|Ef~2Gm-%AdU?3jB#_pq`?WPT7Vw+mLqChGkh`8s z%1u_X^$^QQw(ddXguTJ;wG{$bw_fF5E2Vli@0$jXBsg#0R@1j~DHRvu7{chZTsrX# zDFMa^{RH0s+&nexGXTHAa#f3}Nzy?Jx@~cw)*T%Cg5_}A(L_isx>ZAm!5DQ3A*wN- zQu7;Qjy>6%x`&#kM^hTQo7N}jU*%b^nZnD9J`CL+*GLR=FCDH%nq?xk zV|%e;y+MZdTd!tBYWm>R=e6AfL0=qWY9wA#mL#8rKwo_rYl6e2SBk-&NEa@oVq%^4_p^_;}ua~bXGxCFg!Mw=lv4E zuXGxwij(?qr8u9ZNZCdJz|*0}{_7!^YsfJymSEBNJpV>NI-bS?TKC})T;7^2Fg$d( z40cE3B5VTm`4w}Ms){mkQL6g@1T-IYld#H%n$<}84HwhsIQ$JL?`nNx5NCni+oqiA z-5uq8TdP^9v$$vys?h?;|GicZH&$oyK$myy)|feGtVCHlJd)a{1UN_-^#D0TDpM~gHBH&xqs z1U+54HCSQo3BZ9O3FPY~O#V?T2**St3kZ*V?U`nm3TYR~fZ#VD;ZM?O zc>P6~vZ%Zm0NXS3+W>i#lPgw?z9!kgz+U&NuO_qFMJ1#V1r#>QDz-`-p zU6D;dB=G{WB&)&2M{v(8#gOR6=Q~#s)pPz~*wUO?-3VR8bD1iq5$p^&Olq$fU?^zm zvINy&_;SI!=OTAOTVSr88)XzB`BO*S<-eNf1qb(k?x7gHJARqNoc&7b=M|azczcpZ zU#osQ0U~Ij6C+ruCp=+^-SW+Os|N-bq&2*q*<^KNCt!5Vg2XIL7g-Ce$Ed9t_qYX7 zA28==>x0&yP{V)7xjWiHxx1NFHM0A2p)Fb-sp#$L`U5V~AsU>DUAtmfxu<`ouMi}V z@r9c|yGtvkUZCThRB?p%c}L5w)_q;Q9#e-+XN%pkWnTur9IBw&gwrEme;eUHM~?^? z#;))IMj$aq$WgK94|s8i!6!J>Q*gPuoB^6o*>@nfExGf|tCFr6L?z$rwAXj#o6~`c z9N(ImCpR3I>`RKuLVrk6;U!morwSKr{U9kNE!Iclz>XZ)s9x*18y&E-Lo}m|Fg~FR zGXKZnta(3QXEg1|{S`726#8O0BlY&kp8Y;wMU`LgG5C{}eEsL#nDr*zOE+_Dieeiy zg<(8$R~jy4DpikA4V|3zd~5fu2JVhl1wVMNxJB!Ed^P(ntv9xKI2#zno<7# zq-Jf48jG4lii_pfTJEE0_9yt1Dp6su8HMYyO(xdG?0SDa`S0!i<@Sq+@jLRJG0grX zaXN524!?#YII|48#!Gj}K4o5)Om?WJr<~?h*;i6TPHKiT1&Eb+wSLR6ZARO8DmfRu zp|Q`P9ty-I)ADbh1}*f{!N+N2<1OmSUem)M0APxNRTmBakUsMR1gu}&zPPB3_o88f z*l8F;b%5A8a=;p>NS~rUm3JOzztAvsjH&*4QRH>et(-+}n7UoMJq$V1cjX+1S99Fx zx@mmr4N13Qddg8Ue~zLzkHznS^ya!(`Ppa(69NMn4C~*XmSyu;Q&Hq@*4Y-e($KcoF!D#eIuU4eZb!&=`bz7kS>&YXdID>q~B*x$oPn38Ra#(r|G_n3Ta~r z4G!50_1|%**Vp4mgX?V4s2ckoA}^F+SlPqXb|z}a&c3QH!l05d$HmhpAVUR1NK_^kE)~waF6*D=+&l@+p1(JcXrrca&Uf?|{oTDdWqrX22 z<8Z9FM?N*x5Tj#}o}8vI0dRFH&-0%QI$3a+;>UVPe~a#QrY&bujasgfm=zJ04{*uk z*2>|%RYP|@J~In^Q9>|Xr)fttjjb6?%iToy0EOb)Gu&0rHfg=Apf!P+cFnIc87Z=Q zX%~m;)BN$%oH(oyvX9t|#cjG${Uttm zX5QR#+P4iUg4)bOhDy<7@nh#(j7;j$x~@7O!2UOdRtJ=59u+)!FvsuV}merzvqo>;UN17*4DWdB$p!jfDSX(n*b z61L7ni(=h)(*lH>f;k-f{;Dfat+*yEV|a~!%S@n*`e|!`HjKhFXsW##1bXwlpO^s2 z6}Xa|Ht~QyQiz0+edAXDsc$VI*}4nn{O~b4NS)!%Bau!`Un9*L*G0JPm35$~fX2qP z)}@cP5gwLeIU#9YBF)85csH$&Sg*nIlaDHv4(W?La2MCU4{P3#ppMl1g8VeFgD5VOa*DaLBGFSRJvZwXPOsE75{rX5Z_~CI?hG9F;Y;3hHR{vZ_~pj=?W%lUPE))o6haXQ#URC2R*Z5)wb^-bX}&3X@CL5Y3Z})`JJEhI5UH`jIsiV&&UxcTNw^Bq~zbm^U&oC_uUcX-BE@ z+xiSyE-v8h%G|Ay?IP2B^WQdB`qe}{ zF?X7bBMeip)8_q(ka$YA|XXu*g6)I=^SkhAM z1wOW^mJ`eohaP6}nNc47;h9lNM8E}m#*({TOspQir{MY~*{k&cKS&TjG*xY)?cDNL zgDb1@T~bO6fU0+d<4*c{8dPQ4aUdCv)&O`Se2IsM6Yh1fDsWTlv=X%ayXuhETUN zbgfhcPWZ?~_A4BPtU2tL>G!vuLKx@rQ8}QWl_>;bvjVA`U;<|QX{1})4Q8>fr6*H% z|0o~NNmDD283e9W(YuP|{)l^wP`8it!TCS;v{1aBzcaKf&E#=ih;Tz>_xT+I>km@R zBuzEh?%~U5RDaNCTN3|)(;5xANks$`}>oTFLyJZQU@j~iH{Idf4S$gAaH51(*t zUG6I-v+3a44=RsG3UWeTMbwW%I5mT4$F;AOANZ4MHM9T~_7uk67Bmf9-7f`t>6*Cp z*yLXm`xoi}W+{g?Nuyl2KnFgduQ%5fF7xVw)t+x=-Y{=%Q1H9q8xCDpniB^GTZY{|7lpyuC=hZyZh}>0KugN(5}uzzrJ$rnxDR4-Im3BO ztr;0M~s=2Gz0V6#^ZWse!Z#bX4zuCw+^?>({UewLfbYrsev=@1M=Ld^5E?JM$ z7V7*C{qPaSAWh?TSq1#^we#kejfp5DX$of!^i!PO01W$5HAg**IchiNtwxVS7d6O# zu4d0IdE269ANwYKJx{H?u24ljefYhcUzSrEMbZ&`r|czJ!_W7YT`w%$S9K^OIw|)w z9rH)tS{JGr;;w*&bLqV*sClR&@2E595}p4Rcf66Oi?$3^TsZBFUi3#SK|)IKCf-LX zQGf&)QV`{C{};}!%{12M#y-n!8SNql%!x=?H^_}-nY>QD8h!U0@2|K7&%PZ0MioI2 z$saqR<2nFU4n6IZ`yzoGcVtLOe+ds@9PoB!UFBqI0X}uMx{>3=bP87-K3OS_-$$0n zJ4JO`+aqX&h8nv1*S3eQ6?pG0nUEhpCKpOD01LX1$?fw~XW}qtUN)of*-t1`I+oZaOX8zR=I zF6&a%dU!P261GBv&JrU(r&>r=~hP9Chel<@EYImF#Nk|$rvoNU6Ee@O4_hgwoR zOVR~s*ji4wK-II%F^3FA?|Ug~si}jm)xIf@r*cxyKGwu(=-ZqhW@_;zEG+(ff4cjY z_>f~Z>5J<->iS5oGxdNq3+24lzJCYwTmrzhlhyEl*-w5`j?M716KOn{idf(Uk+GqI zxhd%wTFg_+0tgIB?u|qx7;X!h(UTc1R9x&(3kfBQrr?WsEcCW2DdH15JjXnc!cd*R zz;6G3{qXD9<6~yttriZ(?(d`)udL+++>&7s#ft0DF(yTBvnsk&GGjj65mNM1XbqEA zqR-|ETl1o3?Y@XuOze;^<3obdM1NsbJRp;7n(2JL`4Fx7;j)Eq$ilT+R4dwx)ld_I#Ume3-1yA|VE|PLG-fA+heRHQ^`qyX-elY4Z zVA91h6u%_nqgBsEOOqHNOZOTcVvxNsGkPCgXJjIo)z=?($PF}|x26w&28&?)6N^K; z3mH+^%k3tbb-&6C2K7*OL{i5TW0xrythRBUpqOlWDO`b);8Ws0#b?;>b{}2-zTG*H z%G@~3q`9uF{d`c$p_B>8Xk_*ZOJICd@MtGS><_pDRSsI=y=)O*EcWKYG!|JZ`R^hZ zcE+GKSo8R#>%DZrS0Fq1@QfhU-BcIg1uy?OBD1UO<7v#~+hx$dEVtleaB(?26+&i2 z#^b#J#Ycq)RqqZCk1J{1S*uQ#3{cHF^ZQ#eRIC`8rSbaT(@SMXL*dbb8c%^8COqZN z6&3}^l`*5L;*`e&AMTi4!|!h&(6YrIrckC*RG6+uTvp{(4X(9^+TjTO#Vap+^H=ulVO1D(8Y9O04o_Rg8 zK5PY#V8w}5KPx|E-)pGTD5RF{XzdQNIV5{AkE5Po!6(vUd486j_4wDm$*&ML#GdiP zIAF7%>TGNgO5qXIgA(ipVNI>0i5agB;2>ng|4}h(8Mb4wLjywVA`;mrt>{G0L(4=P=`B=VX*j)-t^$VYwg;O; z6&6)~2-xXD0sYHQ|1oRg@#lG*5fs{3DGiQ&{Du^MM{lCTCb1zQnoZnT>5`pk0Obhl)+w1aM8mr**f za#i2DMc4dTBsuAlzqaJZ)S%4K!N*&Ok1YW&EB63w z&4RCw!Y0a>Y?~Yhl;+YCHRd$mFRd?a_HffE#a8_B65q0e3w{ZaIIN$Ca>_Gy3Cf{w z+NjMp9PYM+47nXb&yIa`S@8~chvd}@(hX-Wa4uhm7CZ!wH2|Wmzr(@VFvKQLB{8~W zftF|(XvOy64!SXWFQUf^5^|Bg&nuc@37^vPdj)@kL6w3%N&8_%#eh7*+wSZwAvp+gk+La|v7?h6Gn2_EchJ`~V z#3W__tBJEk&Wrn_nHu9?4(ACbY{!`(JMy?3b06O;D^Z%MCu15hE~ZUYM7=UXVqW3~ zC<%JG#oSi85S~-k9=d5Nd&X_mwNrl_cdaaxJywcC?~S2efOyxGDBM4n$_NvmDev12 z8tw50##PXG7d-iL5PNS22A! z;3xWAG@zFy-CAaU03T{m?rwYgldn`e zug{~hdNr>us5MD(-Tjw?Ykd9e`7rY8Ia4Uw*0BMsVRPoEV7f)crWBpi0A@YR28F93WAk z2Y}swNYaaHmD!XWKjiG*yf&1>DU(Zr+h7V{Z=ll2Bic9Ona{$pmW^g*b2R~m;$oy> zGx-~0cAJ?W$^SA{eeto6Y>G>8W7$n$lf-LgXH5MHIoaR0$tS#tUkL%y9X~8%qr4RN z9e42+V3I+@o0p}@Ei+ISxgLNCe~Wr56!rKaZLrEw%uPXJ5b4!8fQP)J)!XP2KGCNc zdqQlHPnmL}+!tl}Uei9B(!^yFKs=ZPXiF`Sg^(Pd!Q(Ph45EAVPUVrx zy(9S*cRjUDzt1hR#<#5UmKRGjiaHFJ(C(qZ5((0;)|;y)OQ>9-0*loJ!cg-#7dipy z750Tx0$!1pU_R9!!k3%)6sjM(cNSe!E6)RQ^T+_c!=CD?isazZ)WpTAPs9e;-UMp;hf${yTqPQf|11luLH ze)?3Ke!%p>md(O_*PamKk*C+>{R4;iBTtc^-k{-d(=QgSXc}K#C7w_J7PCnht-{h1 zCFX8%fnWd2t!v-*^Um(~nfdvSXOC~&+4raCOa;4GUI#LZ>(zIgi)k#liDOXZ4W3{) z+H=C}+`--emK>m@D*;hXh0(H(B&Ml%MX>@Y&@$E-Ulca(`Np`wWk91*@jqQb8OR3m zgw2+?uCdVAAKpv#_v91smiSw{2vRLs-W^j$C+M5 z5l9a!RN5#X5am8{Qo&#N3Fk{o5-ZLk_1BTb;Fl8g{-A{h!xjU)b_NelQAxu3Ra1gf zzUrOBUnTgRSE~BBd&|JZ7re07YuL$Sb!&R~qJnhDPz_Psr76&DPKe5=#huyZw^DBEDcxcp_ekKJt;_nkaxS;Eqi~F&U zY$eel_=zc4>gYmd*rYW;s+3BobTM2bBXDvz zS1V`_FEUtJ+2$&03>zyilv+=cU~%3!r)awGG$J>BF?r}J04sh7EjBzcs{Nv3>7Sg2 zhr)sVD!)+(vV+Q~rf>{Hp4qsLkvBuj!{@`HXPKZKt2u_RCMpdqtzvMF!{h&_X zj}uwG_PgNFJMxC8$f&q=8%4E07~>}ogG(&{m;Y5Vb|I9Gsq?SVbUtRM;!nckSwFuV zGKZXoG%B~eRx`*zX8zq0fm8f*py=GoG-5@BVsK--xwvq{MwNV z=AdqjT}y&t!lB*gr^eQppzR^FGB^@ogWfVdJK(53tRtR zXC-2%fYKc;Acov1dhcCe{xuE79C61Ww^0AJz85S)_#Qpglv0}->HJrVqH=D^GAP2R zsCe^1n1ro%oiyo9uAU`=p({oSb zudkB{4=f1%?`TV5v3px|jWa|F3ERv>rAn*;$%&U2;E+$zbUWtK)1CAG?~8x=!BJ!& z!`zoP?ByNKm|o}#1=n)Z_8j(DLOnHqLoTrOVU`s zu-=9sj}1X<)ErgRL)x=D_aeN--3rc+fr3G*cmDI>vs!{Ys#{Yq!K!b&uDVu$z5AL4 zoz|msZrSH2B^ASmM%nU4VUO_!X)X-Y3!C?h&VZ{cLoJD^?DjRbjFk=4kTE7fyAcCz zRpBA@=lnN7%CbBgo~?jK8Huh|QRgU^B+Z`h=MU0R;k)lt_-T1<=|^fH3X+VMXla*p z^BHm`Dc6qLq)BSE8KDQ6PIJBZ`368JJ=6H6qtK2i@VI;myQ`C?Vg}C1I^rzw)kYjC4Cl& z3I9_BK!%L8)*$zMQ@pvEoevCnr4Oekx)7etSsCu+->G~o4~j`tL$<2ut)6cdZLr+w z7yvxxjeaY6KleNdy0R;j&!_7U21bbh#zxZ-ELO&|(#!Lh3X!uB& z9M4oGQX*K*XBb$eFtN!a^5c$3eKzFeAI1zRjNv$Opf-_Oz6Em{rzHgtv&(w?4woCe z39rbw=l~#M;lxg1z)5~GUqdkdHaGfMY5xM+hCi{)#=M zb0a92y7;yt{<1j>nS;S35z7Pgz&}sg z>ykH|r?DoW)!UPtr5MO|3r}AzvhvZ3A9`!7%aYS!NQ$lYY|9!Okjp8PgmI463<7)3 zvQ1BlZ(|)@&Ki?kg8whdRP-QRBB_WOCz3>A=r5yZ?12&T_&|xNs2G2x-iNaysd=d;#gE-3xt2lh-*FQ@rO?6KG3mB1F;v{|Kt z`gl3hNp!7gxAykq*;hY!2&muLq&gM{HALQ@a7^g*h?FLg&qv6!BSMS4AP<)wab-+1 zhO4R?*G4qd{$@Hi{?xg2dJ+cy#M*+P(j0bb61sfltOpIE4Ne6kw$>Tbj!8zzs3Zmk zAcDVSVG)fjH-bLq9u84`<3X2?Jk$&07D3Vz+Doyi8*B;e)0xcuR`6dGBp5)?HqUHQ znFj>Xprv@pj3-z{Uvum{;xp9Ycr&l+0egfrH5`v9G!@56L<*8$4%8(D6Ar1AQ$I(U z`<79>XZDUjH+(6;bmF2Lg}dobHNn=4-^pP9>Q|Fqe&#GAJfuEMeZ!Un#fP_^6N&nj z7ygcM_1HClQ*}o6zc%1%|=e7_ER2RYU;4|MIOq)nX_!fxN5b9v~*T|9$Bc=L&|{lHVu3yjG1Sm zgH?Y9;fiE!-yq_#K2RoS4&U=K{0M?_-T(n=LqJDAuw1JeLxG19<|ev6QP#U!LE4hr zFH>skNM$1IexgL0pP-=#25qqEKp+!jag43Sxykac6xVsc6s-3-)c z4g0leW80<0$cxok^3F`ez{F(AD5i_8^d_lJlm#3V|6KZ}sqV;=({-QxWt!vU@{?i+ z01roJxWDqK8TPHQUG1)&_l;GI^i54o(qO1)E|^dsd`0IuaH~|cGW>9Cxexsu168=+ zxm7u&%mvoMZ?KkQ^`YSgQ;10>Io%fB9Bsw71D;Hbtvn_ZHT|I7iQ?_TT!Fn_ zZ!matcxqx)#R!`+7#sC+$i8wi_Yu*VSYb}u3gk{c`OdK`O;j~tp1dz8uwcP2^zu}m z^}KS9DLqD-@v-=a#kJ?RC3sKEFga@#;tvAUI#25IEcl6J1;45xZ#};zLN3rmUAsd? z(t;?O{oWZ=3#83#X3~~axaw|88#ciE6_uHoK@4~q-S*`4q8QU-k2uELX}$df1~Bi? z*Zp}G^mmvFI6g*%CZO+DzOH{t>$)U|6E7ov*E7np#FuW)KDGdZAP{WtygNu-`Jnth zLg)>nCkHS?q7!jJpvjw^HJI8SFUx3FGcFAIqxqQ*O+}Zqa|g+CmxQxx?=NU)0<;Fk z7#>9o4UB14)Ct0X6b^aWOawE~z0^}vjCJEZOh2v%Vt;971cx{437g`e$5+r#Ifmj&OTv7wrTHMRIO?(l4eMI`% znPr8OoAGoNjj~BD)y#VAq!5}*o}Uj{RgvDNaCCGEaP#?7x|;_HMR~cNSgIdaPe6RR z5C7V^uT~4c5S#pO7<^p9)H)yW*Jo?x ztjbvGJ;K+COv3{Rk2h6ty>Hgia8%T;xg_l}f6CTNWA+ZmW76|Y{9S$yzh_HdGFQQ< z+(88B(5O^bNp{S<{+dj7R@N=1q4f0P_C{PFf_Y;2MMSNn*6DUyIprjWuLHhEY0utg# z*)c0P#D6P=)8L;Bi2-dFuROL=4S({#*f4Ap(7*z$Hs-AaXW6HXHuc?~G*fC~$6d4| zbu&)C1%S9UgB4L?1R!5OT6X?uso(tql%x80z&ebQI@&?VZ8A~rG<*^O=#`eX4c3~# z)_X9%Bnf>-TUEOExlEbGqUJbj5CEL@ppymu914E;-ygPNhObsv7yc;e;MJ|T4<<{EpSN}PJnQZ z7Bi>2__ZG2rCXuHYEZ9YwQq{d;$<>Q#3b z=)vJQ1dxtN1uZz)(HqEqsoiMqadJqzKatc45G^s_oFaL+BWbsW=u)&cCG9&33+?QI zXkj?~@Gf7MSx$R=C2nsu86$V2LSI%4rHrpC^Z~l2Pju+1NO0yHQj=FjgTtLax4{k8 zg(!eFZ)qqob0q|+`#$rTFDvdzN!(@zrkt44%i;NP+^UiITB>Q*>0iK>ggrPzHWJN{ zyZ9BiZ=Q44U7RCD5`oubwEy`O!pE2@Umo@{y79Q2lTfRqEccpz05!s?^LnlRdGo>K zVP72IdKahjbakoEIQqKK;kdAzeiIR?jxp&P;l*tzVNq5bB1oL|v%%qQ%~+`_ffelD zf#aRPwV&lvM?2<_@f!{JV@dr~@4d)c`b5>%+&T`F1|2U@wpS#x2)@5H3VZkq7}BrA z8nNpQ>H_Ss`JuS?Uyh1|DHyH3pwO`^94OsY>4EZ@MIadN(>aajVN^lXDZAA-Q$LJp zf8KzNEbkh?E|F>qk>A@aCLMClbLo_oC0myNz#U9}g9eU4Z|#xSK3kq`JFs3b-U2EQ za6l`|d;9CMU~i8sL(+~Akt$lw>aZhtz^RS?GBGPEz+>Ve#osdH$@Gosfp!bb}#w53(l)u zJ|=#m=llP}^DA-e_C#7`kSP}HMQvmky70ILU-T^q;UH2Q4rPvYRFw*ph7&SbA9J~P z#uDlWO5%B#Vj?A(z{q(c@1z2rMP6a>;eNq^4fN;X*AFlb6G4*4MM3Djt+;laLiQ`# zgqQr<5xvruXmK%6b%|s)6a@SLdFerzwQFce^^pvf+Zr+;tkB1tqDeOTD!}S;QX)u$ zK5*H3jo*%FeZA@X8g0pX4z5gdJSm!=>59+c4Zhr|QLH7|M zVvIHx2vM7#(?AimNazBzZ=pso^v_cpa4xz<;=@qJZWv8KgZX?MVel~!PuEk59Hwyh zh=YC*bZ@?kJx*Zp3`yt@uJFV~<_CoagIJZa>*Lhh(wI^Bml!EV^ZiXmIASC`E<;LkP+g~knFSd0w> zX4o<>{8&U&8-feC{8;z!hMF9d>^;={ZxtfAtKHwSn|U;-^kl?=y6@z48l25ZiiGH; zMzf!+dL6x1ENmcH%Q1`|yqF}y54-T|qD?!*E9>i%T?Q0=$w-{)76h^+By@zgJ`JKS zYUN(U9A)Y$)R}5d5VY!%kPYn+`zCnn?>Uyh)cI~X@;JQwj5E)ciac_C46o@V^B+hu zA%ScsrtY58|5dx>Ri=vX*dSL$yzdc4y^mywV|C-q4WppK1dl48djMtfts-sUhtswv zQPMSw$KV%?AOFqX-?W@B>hq=yM635_FKYcF8y?QS0lqKnY6c43#*&5@2^77komB&8 ztWVlqw1X=s2XOWL0Y<1Au^*G{(6+96@wg2#nketyGd7!hjJZ9Dk!@oC#>nxarx*RG zi%h;KB#u9ky*^rZ{;}Pj-Owp`a6=>T7TAXebz6nTwLxUr7OfoNb^#zZ?45e(rVIxyLeZ|AW@b?G;(XWl z3!7(mdj2ueV2oGDywiG9Bv{_j#rQo)sk#jQ7cc~t6VH4SyC{&6UQuY1@nq3mD~vNY z+ns}Fzw!=GJ)q50PrL$k^~Nh{9jFN=&r;nMa8*7iySh1UZSB?`Ti)SM zM})6Qa%Z{JG#$kJ-T#bwSY^He&nr56O~Gj&A+m!iu5x2;WTaZ7*T~3z-8bNNZ?xw zJdIR^_F|d$Zya!wfTwdxNAr}vP{8aPBf~*;@#%m=-aeq;WRpbxKH-gdNVe68y)}{|@i?VElLQOe7Ip(B<*R5;10LZy?LDA7 zbGf;g{y)*y*qD@-q6_yJ@8{^6i+6^x`#l_;UDM3E-`rr#Cp+4Q%&#gX{g;wN_o?;5 zOzwWOux)vFk9gs)_}pVwD%9GeVD3ruDv+m5eP9#PMbu*cz_&TJL>*8v$poUxaWp3N zvlLsZqBLYeFY9HO*d+M$ZkqWj`*h}$vd)zC?WOW*_##wZ#>9UbN*%|o;1t)xa2?}p zmtsW~O4nug6DFA`tcBlhc7>i7VFm85Ro zEM+C?hq|o|Pdi0Cpu5~ygN?D1>9KD@{B##%$vW<^$b6};h_QOn@cN{OlNc%vdwj$8 z<~jLxfK-!gw;~#6z@EJamw?TIjOHG>4mZ8Q{UkhhL93A%Fp5CVqNzFvTS6~h&6%9X0U24YKw`-Pr}rRaR~`9+pGo=9Hnf)*A#xxd*U`e@Yf|Feo8{@>K|ijlr!+4!AmxAj3k?YDm;$4kOsCEyoclI zRixYD^jQ=~Olt!G7^~e&TAexHH3PB?<0d|cXh1zO(KYJkqq1^*>6fHsXmNmEaz;4A_h^^k ze1&%0xFk%9cA+kR{_30~#(^1u~f6 zW0NurR{d~;;T10hh@eyindITMJs66ZU}6%?Lx(X2X(@C(49H%2hPj8O4=5)T2wzDn zs^DGpa#(j9=gdaUb8(U~1j|QpOT~+g^kmLCgk+6TFn5u?GoKPumKC z1xb#x?tpRiNvu_Zq_*vE zg|$}b)um}9$ZBi4>AFP`9#y%E~rP<6EEPdd8M}G5!_>Yv*_AaLgb= z{hmoA!Ze(GCWFN5E0oOB!9aPX;iPwZC3eO|;GkxhG3;-2mXl=igIRa793g+9zDvS~ zADM$16@JxWDs~o}TD6ag$kPj|XZp^^M+AlSXdXN?uyu9y?&wHG8tL1T|CtiuWc!L> zf5jhY?-DSMA-|bbo-5wHf!I&)8&IJsKZ3m5TsE!)A)eWnWMZjy-#WN^dqaNJ z>+^zRO+F{Q(|T4-J7|#g+;qFV(+v3t%xP&ROzp_(WxR??y(VYAW@XB(Wrs4Pn~2Jm zl8t&oP=ZPCXajoj);j={!SQv~-a@cl>EqivNmZ(AwLH0`Rs9B|U?2dg)0GexBJL!& z+>vk1p!4{ZLQuF=Sw3`KLC|T3dSP?okNa*+KA7ILL~Gx{o#q@k1IgugD@krp^zrblG@DDUV+md&@n2X65vl7wpMJM{pZ)LKc%!TeAlKeI$FA?aV z>-^kZ5!fhBrG-gW);WbM8lqY|O)I8iA>h=T=BqE0vX27Ct%HA)e?`b1Mppk~M7&m! zm{M_-|$KPQ}fvx`&VbL+|n;l8z&X1Gr#n@DW5v@)(hDlh7 zlkwcbOifQw%!{9f3C$@XSl`}!wl3M3#4mH)9Ar9Dr+aD9iFx-Tu!e)TYGr(r?~r(} zy)5S@3frMJ8L9)6^+Temj~5+mA_EBOX}xF2Fj8~MRec8mH!vWmw^Gq98gj?aZ-0FE+C7})a$|j=~s`adr+nNfd6m5V=X_me* zjeXpNG1EHXB$jsUt65f&4Ym>@y=7PM7rEr(5}$|UQxXmSkT@f?F&kW<8nX&+q$_DF3koveQFl!C!92+Dj^Q7$av!y6~pZB88F`(@i#EnURJ-xd6<%wuNG1+Boa^eGO#mJ$C^^tv|Zq zm*`9YWcxQNVPt3fIqt+sci{TH0pmjaoMAQVvpi(c80+oaU?Q?lA%RXTW7Sg~2E6>e ztzL4FPH{j`S=^*(?Sr-I=G-oe5xO0-7Hu^}JzrI3{`wo*n=sx)s$dDS5}f6CjVd_> zo0LbHVDGRKk}nR}I5pu$Q5PzK#N#OU3{**Vwb|uZ>~D%oL0=_P6A>YWE6qaLRA61T z04yYWI00nwWUE|dB=B>d_B_+%Ot9SNn#`2CRxD)(PSDjo$Jd{ThUWKk`%UQ(fZj&g z{iJW=shG>gV~fTdj3Vk+VD4qKf+(;2#;?&I7a*lUCCIhf^uQGY*D^Dq{cbJCSu1{9 zmi-S8yXoUFr#lD14|GC)zL;yoXtFdfm!{9%nEI*?(XL%Bo3;Y#P$_!CiT*(u zz|9Q_$xl6?Z7rx*5A#05KVBU$$Iy~f>cUzeB1ZUihovS-DsWNtVnt>5!^@GRy~a@B zF9{gx(}8+^;-_C^VIE8N^MegeWp9#W4qncmw=sld^r#^kHVd`GcbcL;fzI54J^Cmw zJ(&zK_bNr6cLc}=H#;;MXh%|+T>mGGSe4Q(@p7ogx@CN=; z6!w@Y@-3m!fkAuL=D=A=r118VNiW*%_P5JnoT5$a0$c`sUkK_ z11dx;YBe#)n+XrRD6_Gs&Q30a?o4|?v!BnUkoHHy_o$@4tK~q%0#Ae7RXMdq#W+y5 zYtOjBT~#)vn{|^qQl~PhhKF2$U(h>*s3Rg-heoE`61TrHvDqV0LJk5l)Q zQd()CCr|~VvSMmj2_cPa#&yTex?$YET7;tuoO^uKb#C-bQOdYAs;8-ZBr=1WLM_}S zCfpkN=UZqyH7QaD_n8;n2lD|vU%hBkib_a|Ep0&45>cvXINq!mC?PE{6qB!)wK8KHP=1R zU6t^d_@`Cp(v8clU}}WqN4{ywl?ka{L_ZoMAufO6y=P1Z`NK07j=T{w|Qa>eu9;ywDC>5=dA z{D+lMYH50xcZI+r2QP&`UZUJxk6%!&?kyTOmoyh)38?>vP~Z$WhXPbn*aDSAUF3X0 zuDVQTwZQDK%v*CxPQG4io$r+ZsD~wZRQHjrHIw*qAwnx^lt*{PBmp*(&HZry)+m=X zK;aF7KmwE#L$z)fE>9zqXv_2>CrK|@(2;^}0DlX}z8~vA(54C<49{YwKE8|RPjuOrA2hvl70h$sK=iV_0hJWgd;n1{KnlkGdyNY8enuk;_t}F~}yx5@Guk-GNP9_1oKA(&OU1CuQ|q z1Kv#8bv9Lv@pumOK7e_7GE-~K&2YIekDM9z)wkOnvbDay;;ZO|agSC%4RD zDHPihS#*%JRsUg3DsW>LJ(rkqg^xYkf&s-HB7ULF)78*WVg}^!|D4p8y#F_30VgE` z#oRLpmpz6DTf-BTiwDQ@*_G<2%EzBX{K`FB-Y!+~av@=Sv$LRiI&PTW)sNaz$=;N4 z7r&^-OlL)fv|7Hlct18CuD`-T^h^J+D|zi-_`aO~hvMtoos{P6dx4j8-*tC^XNEjJ z9-KpZH5s*!)6e$Sk6M(^R#vBZ8INkmWmF;KhAuLFbU{EMu#JWjwCaP57wSj*WcA>8 zqqm39{Qc>hKNkH%FTo8E)z>{PAC`Jb*6U+yaZiwI2hxL6 z(u}+>QO{i4B0tuC_+sHydmJBTi*d111qPR5MC2Ypjm3V_Xe&}3d((!4e)5x52cl<367qhbXDV2AaD2ReSrs{?5)@{=`laNOQe{JX4?_=31iLWtJ~N> zwvR{zG#`Sn4)Tvzq|ws!^#4*HyZaJxcHp#tS^-U!wZY5U?7ZxAi(mU2AATq}a%P}7 zhTsD*hpI?}0O8{Rq>Sh9Rxvall|fPQ0xp>%PG=BE<=r#u^?T;9dlKSu=-)w%qcgR% ztcOo5;;8y}GO;>a*LMt)f0gVJmmBf(k_nxSN@{Bo@UwF%eKci!_9z4Cf{?@MCU|h? zBFBm!V{{+{Mz{Wt!$pYId$f&vcB7nKSPo$&Ow18o z1gLv3c)R>m@LNf_ZST+UCg&PDf-R^Bj8=OnQk5mxf4bqkqDa!ZCFW(Tnv)Kg_lvDU z?bo;BDbgK=iY!NfUk?)Bau*IqF0ZIkwQM88Y_5_ZDQpT0#S;L zW_aNNbXl42mowH-G4@J?qj0_rz`A$lbnM{c07)};I5LLxs}pvDS0Jx9M$JQpm5_2( zmHq8&M7v?pdTU;F(#f?Oq()GEi;Im6#w^Mb$Y;cChY>YPhqabtFs_*>N0*NT6ey{I z_zoJl{OzI4Q6;^fe2pcQb#_lfzuIVYE=8I=x9M{=0#Rg zQI)9Onj8ezJ;#<$5lln~CF+2@aFLvsyLo&(1?n>cEIf5f8%}fywH@YhCIc0gV++(c zT|Ti$TColBL~1pziX~(qey8a#EFkLK4$K7_b^c*S+aqU8g}6^(h9J9tsP_ou^#Mhr zQ#)?CaVq6u+M@wZOTSw@z;Ilam!`=6umF0A2!xo@){QM{XcbrwTgNc-RN|y}m1h}K z#f5w1S)AAH*uA=A!F3TXJW{57pVv9iYd!P8sS>|3YR|Q}4p+nSsH?{9u0p4&8A8zJ zr+Ef{c{{=r5Lzs)ddb57%vRTYC_ZetEHOkpFEiJh9AeB?rtN`Q9WTJM(TTd^mW=1G zdnI%Q&{e4X1;rY|lc-tnxFa1xsB zjSZGSisSL5G=}g`u)-QsJU(0(hLCtrkao~*gKjAXC$+<0q&d8nAHQUWL<1@{D9jM@ zBlH^A$%y6ok-PhWitNOa$a4!Y!+avyn(1#DVkzacvm#X8`7amINVEahQhPR>JM=Mb zj=>bt^kP)oE^-AmZHl=$hLRqAHux!DbE>%cA|U+k_vyz~W87$%GzHjw%w%=PMu1)s z2){bfz|}#D%PvE)QHa>@nFLYc0Bpc&OepyVBhtQyb;|DjT+T>sGj#~81WLWzat4Mp z++m_(Z4re~a=jpPQ^hB6iU7uA_X9O%AmKhcDDla8yT(LKT1+I;%)mdk8K*oY@nzz( zz_0m7$|jgv4k~n`wCaU5btA z7Z9Gt5oJKu5n`W8?$)^_3&E+0Jyxc4WdF;{EggWv*II%w;2XsRGIiDOqQ;Db;U1(i zg!e+sCiZg#-p`Xkm(a`NKL3N9(xK&H@f7Cs;<}mBD67vJolI5bMi-LoC|6h|TNT)t z3ZS0p!E0$f-64}1Guhe{PlidBb|m7|(Gu+kKM3^S@S*HsN@U!u;V%0}(Ys=JTZ9S; ziVh)V8hd&N5!Wyg`z^%p_xf981T1>T4D?yV2K<2Nd2n3gNL%{Ycomn*o$*H4)3zd` zTE4zI=nfA*w&GR_Bd-}fj-sc*2>vWIET zvs+dCOjL0EJO*gecN7_{h;b45!KDhF z#c*6SqfH9Zn-xW6vD4EC*ue$%W*xfV`~vkKJnG37BKpB2vF+OWD6u6bQV)@PC$ZG>aD2BT^HH9=7;+B1R&N$mMmh2^mz6qy1$s3dL zrF7XK_nZQ{hp3C)Krt9ms-}@mbC4KuhEWupl3x%cLm~dNf=btr>3+yip_>hqTP2~H zk|m-D@(T+>`Nw2>%(Hh?_fD2H8yMNRywTS$ScQ##{Rjy;WOa4jJgwSt*GrMX4*vPX z&>sH{XF8C+=}9799kf=@7yzn=JR|OCE*`GQ_UKIko&{E6iOv+rKPY<+;ep!51+n)v0> zuQ+xR8)|qg zaIfdxB)(x(fj%y7SBMt%#`wPpME4D^S@U>$R0w`YshT2lr``DLZTcS>?ndqZ4I;@iibl)_3}8@7^=%89Lxp(XBZhkB7|5P8ILvmQ~Zd46d{GxA6#DZ5~ z1wt{ewT!6UyV$f^o#FuDnM_6HC#+5k4MKm0d%O96`V_lgmh}Iumy``66wtP^ zEY$$;(#eoaHZyj$24270$hYgeXpt+L(OGPiMt3(`OfR*+iFf5NV~aiRnE9C^!0pIL zfMT+!!a``nl6~Cj&0hc-lOh^LDp2r+=g^OZ>RC;A=ty_>)>>e~P3N_k=V1VXEoKqn z%5%@)BQtJpSQW`)H(+$Zpm=sVh9)9)KuvTxTPO$R>W7)xlqW3Ea%_bY`Ako(BtG)~ zdO;lnorp*G*-OLo6I~sDnaG5kSgPM$HsAbE1BVsF*0B)RvM=mPjgqlPLSqIUM!FT zd~`eRx(&-xd0?ATC=E*1_gzvl5vOCnh!K_aqMe+YyOAr-$joHQG&6a;w$&)BL|T~E zTwm2nu^BIjoZ_#=j!FuV>YpxX`rufP^Qw*1+pJSfYPVWuYINV2%Wa(0LCFRN`kR34 zZBdWLjrM<|z(Mfh>=xgd&oe)+=2FTpiDv`6QDrws(u8i>@&gs}FOMy3An;5+oAf}=-4Lbx#ztzS54+yXuRb)ljp4JS)}|xL>)4q?8GuR zq~U5Kjw9A~qB{)A#%{MLZ`fV36v@vMqp7*1JME$m9Lzw(cI7Qi4R~d&)F7y z(%&IRaZ^P++h=Uv6f&3sYMBhyyQ7!;Ix4}ItzPB)p%81ZKiA~lAOTg90aM)5sexfm z%XH+bUtv9NIxi2I1Oh)WLS}94+bGJYYqG{iNeo?m=!O>fl`d*2=_4mQuv~{~!20qaA)UqjpLj_q0ybAtojZJYfl0*qODG$yX3dznPnHxw3YYXa;>Bruw z;AIKZu#9wPpVlt>UEV0xE7O_;T$dooLXuZ({FtW^rPBS@1XtfARH89A%x-lSHh97C zKLxTnBNnG+$Sy@Oa(Zpwtt8vcg06&F@ILnA|1x_2-`+}F-x1oj$};R5FKtW!d`-yk zbZU$2HB^J_&9Wu1PzSqtHSHmz_T#@qsRI3X@3g-nTR%kRXXwaS-d>G?pv}O#-IAnL zyr?@c1RN6RF^JV}-yf1IQ0q!Hz`E2tl#(9e2AkbzI>TA7C!e8J6^t~UCuuUyVz}D& z>**y4-6@nBU~LFTGqO^=n>6uoWU(5hXhY@)A5`v}>TZ_XsPkKR1gMMW8C40T?sSNg zBj65cvN78{v+O~09fDO)lzRB!GQC>D5y*tK4?{fhgZ~BGL<*X_7I6AW5?ZXX6`jCk z^2H0M_f|ZkMPP4se(&~ze*loLMxPb7L36fRqF+FQc-M4^+IQS@+{3}khQxe+UP^lP zqzNhWHC2beUrNa^zKWnp#tw-L#m1O|2F^~TM>*oOoZjRQVQh$Cj;Y3LU-&7aksrnI zmD<$CQt}JvA~W?&M*p^VzOK zY!jBV2~gNfcxcrV)(FRSl6)Os(MINo7;wvQfzOctX+h5|pKzN~f=*64j$;tI7?2J1RbgCjNY*;|-4VG02$FQ7hG=G%-v3zp-$@W_7de;;0N-mp)SN6p1tlA?2 zQgKP4JGvTr4AD=0~1S^?%fS8vJ({~+p0yur_> z)0cN?bj9QT0oSBszc0?#Q4!)n^C8X&OBptxfHHa+_TCXxhj}k*5#u6$%=5|jgN9cBcI#KhI|HEO}}^vjw+#nq!K*cz%B(MKB7Te7EnSUH{JTy9@D};o)Dk-02}&%cy6HWwPkrl=>pWUBeX-?Sun{53c7o+zesOxRbU@Zil2!*ikcI4= zb~W95NS8{?t~Qam4hu@?dCl40NI?Is;=a=?Mb$S;AG&KXbV4K&XzQ_$u)>IP=MWZb!*xPOD?d@H0N1I5cykLC%3 zN^dkSw(tjSRyA-f0(i-LiDYUuyfu%ilfS-w(S4wDAp{LeE$~jxPk4kS)iYg)SG#h^ z*ScZ4!T-#$1{haVisAZ!i$otD|9(W#`0@_U)oHXWlOOXvkLt;X^v6;x<$y0#AbgLqNR02>upi^RvZfaL`m}#`?emt{59# z4N=e&ZH`iBbOQ_)vJWf7J!kL~EHM*4=dFPDW8>Wq`T)z^(JY>@F#ktIP{5aiA3F+& z&+cc!s{_I5ok+?1!d;5G9933(^LTtgF+cWHi@lzuR;D${Ig*|ZnkLua0zsu$D?PMW zkuhs|NPh#0v2qlFtm2)4(p$VGEgb#S5%PTH>@lz>WM=Qg0B)+Ae_W4kdI;&XqcWj6&^f+WW)KN5 zp}PBI!FlDtOdww@$i>BFipJn5OlU{=Bkej9^$cagT?hbB)&AtA3|PwRj`#$QN@CH4 zPF6qQ7FrO(OZXREPXn2&k%80NjLIIcdC{*h0j@+(MJM&Qb`)LP*sKa*Kef2j9 z6zV$Y=4+x9e9hRGW=(y8ivJ52&@J)SCHk3@ZT*L(2he*f;Ki^!Y?O+=qfLDx$E|5$ z2M5gbg&I2L@0fWy#C!qPu@WQ8uECNJ9o0&Bnx7`5Q7_uN0o3jII0M9zh|}b*7I%bV zt(V}8E^6#%-zJBM1WU>Ra0TmGSKRA#r$JQwz330xvqM;pE)Weaykl9JpTEVaeU{uV zyia3SX**8n-8mbP?ah63FT=X>^pq{8xZY}uLj*jLGT(r*$%zwZPo;HLaQioKH5&{q zKZ$2BK0+gRjvE-$2|3bA1Pk`wv_D>8>vg*+NvaMLMbZgp;5wA91l!2q$`&tYSAlcd zmJsrSGf_;svb;iL^c^ivIL=gjX`IVeCh-wJ8(r(T8j70OM>UGy`(*OzbXCKS_|xfG zbe@)q{H0_`eFXN`{C#dV*cV-$A#duD0gK);<#KFHI2iCbz&8Sprz;B{tt^-mD4^V( z!VOKGiCDn*lxMAR71iJR()U!=TEkO5NSgax6+Yi#ErLySd+sp7jzsvea2aqurHLQL zPuTr8Q_L04E_(A3go&I`^`gQz0nV^EUfZrr22|8iO?X`;up^bP(3;S|H*< z^8&22in#3R0;6Dt!>5{E^9$*x9dm+ksUizPM)Thf`L=dC+^@#+0U@RY&n~4&2}!rX zG3K!UU#d^zRzLRrtNy5elrq{o4_?tKu7QxGJWGTFsA#F)nm<{pgl-Y?!n=?TmvtUC z4jS_HIoowfVx+=8-}*w5#wczFDCSY{r6dxTDJ!oGhvM}+P}=JH9T_B?M&SN{ubWm5 z4aujh9X~7xK?h4zmVlU&yX|GAg6n_p0dmpng2Ky(7r7%acw~U5X)g>ye9?kGgJ~_^ z4ipxLdtR_t9q(}j4(#(tHYDm@C&&OPwcBouKIDG1RmHc$msZy;|0+E$TJdJa>8;BriGKsmgNx)Y#tiEJJJR^SqMgY_by5Yhy@4Y=;guWV;Gv@reBTzxUCGuQdd$(W{tHd;>sR#d8R6W|^9@EV?1*Tx=gk=V+)EFmleR1=; z3Q--D63Ye#c1{8R46|18+WIs46oQgu-U<|isCF4_q}qx@15HUqW_V2@Cnw_77YKbw zk7r7`GK^1(|JL_Mfc8{s4t~2eE4A<6f_UROLYc`tj~DKvu2)3bo9Td&U>r_Q41B6) z2{KpOYow6$Q{rgV9(kcWaa~RE$)E+Mgrfk7Q0coYr_1|rESx~+kjzVO}FPV*Yrxg6h z88WaU{VrS$9hRaf-xe$S)#>T%;iwrCOYk~?3q@G2M+ff3<}2TE7fcMNRg;yZ_-$WG zP<7XuOtE}ox!-|{l2Vunx1|8#n|s0E6 zDqmq}h5t|MA?5Kx8oVThtPBe)`Y(qz2MtxO`hXR;bka9PK8v;VjMcqExDt?cVtxO1XHHY4@#uBS%XW72smZV$4pmb{F+i?FJN zh#&<4^%*Emny2BbCIGCD(+LS+>jRcUolg5oxH(D)QYv89>Am`p`rp+ZA1AKm7<#MH z=7b)8rPS1=y(BAZNof}(@?zJkEb+KyaLmMv>tS6k0_JXMTN(k9fn+r z8PtW}L$Ttp5D@*^ZtN@;&;3<_IgPj;4FbUty%tHKg24fjL^Sm7AbgqIc+f#^9{~5vwoe!`M24nG;;}fe!$nC*h=e|H=ULHK z1oBJBmy+cx?DC+4%;kkJsx3=9xQB>jxr6vPxs3rYL{#A|lSoUmdXV(dS#b?vbO|vi5>%+vNQ7(KeIqn7RS_fsv%Cv`My(MmU*&Rl+PZxrtWKPTFnBxyN7~U zCA(h~hz%(Zvm*D(>0+2Lq+tefjEEOrN1vLJ69FZh)k!J(1u2gdbyR9(@2X8dDC1ZW z_VnvE;szH%V2KFIb>L^PY+ShXP;r!sB(9w_32}Zx!4F4JsD#cdJu&PwmF>=Qf(vhY zr;uLsnMxeLz3kRzBmN5*h}73l$FUBR;2>;_Q zYAc?Dr=6^kV9;G>aNcB)r5(ks&%Y`G(4dwd39TbBB9gomRua0RPNY;4QBLk8i!?w| zhk~9HPwaS#L7LrWF+h<5a`N^201~yLX6|Da>x2Xz;|_?};bA8n*aR*3%~phxpM2N; z_?&{$od^J@3z{c~qi(jm+IwR8ZjW}pKJHs`gKuvxid6VRMdkIW#p2KN5QckZVQsT! zd}78_ozGe@0?mHKm>xOKjcPn%&=Z5tBpdbqr?H-s_CE6hves7dku&y~#xKgcS_W^6 zHMGLqc0Y7q^29bD8?S%T0yK}_RrQ|BP=WIWINsr)cF2;JSA#S**MP(-g3+BtLX`$^ zojn40tx6?KEEMHsk^Y?AP@A`nZop2n6T`4( zrTOx9ns7{6IR)Kpo>JBbl7;9M$BA2RDfbMB>Rjo)$es628D%RXn9&q$D2L>ehQw8e zm~rzJMTqgG%D=N|K4%0_v;;IJ(3zWm2MkxWknSDc;WI%cAiA8B=|}neG#7Me2t1oo#g5ay2M8QIyN z6-u6)!7D#i=f0i4p-Nv*4b{TTm-#x3mNiF}(N^T0&Fl!!4*Inzn|2!8`CZrwE-(u6 zpokyQ8nvuNXX-RL7E6&sfdl=>sdL>LAI1BLV2#wSL zv?|{1((#Y$%hNwRzu+Cj%M?iYw24#1Zb?O4oM8 z#ve!>R2yj4>x8n4#!`MbA22m^1;(mKq1H9gxe7?!ek7%=aZ>(UHKfpfDQxsRYY0Yp zVkYfypN|6XXX|GVU9>ot{JNIYiJZ*Vu|g>ZG6n{gv%AhkyQCaGMdpr3)P^e{z1G)z~UOg zW9|U6)s#|+?@^8ZbIBynEO2V>03k$}P8t~X9h>2CBcJwpQBw@sVs#d>i3dLDj+uo^ zA0nyNEo#1$lxzxY4+QJPs5xN0V&+;U_p$Mog2i5Cn0{$4OqEu<;F0uubU^4Ez?c zhAO4x$KIy=Fem!tWtZq&x(={t*#Fa5`GTk8^y+mklcT9D!0d8=+G2|u=+>H20wn*| zmSMQFTR=!tLrRNeaFKBk)VO6WT%b-KPA9?M z4p~`x6t(=s9L!0>(vWC*Y;rYx7!~*xlvr49pUvP6SG%6N5H*=P;z@U;^-U8MrD5<3 zmaiEIf;spa##9qGgj<|eKY3Ro&4y$tsWjOvf>8VaH1APVgUgV-grNS@o;HwmwER7E z{(f(08SohJQa!#(zJ(1P`sO70J4MhWd6%NXo?ixvA(ktxjZmWIfrP+I-z~66(}VJ5 z&8XZxlc|tGKS@zkdhqfYB(Jb!0;Nx+j{{iHLPehe_4^V<0-)idv10pRt)yzTbt^Q6Pb zhnn}1T_@&&aVv@x0v7fVAfE7kmaf{C|E1SaFY#eiNKS=~VH@71|H*mxPfx^_j8BbnukYno1BgT` zt~E@SFknZOD%3d19@b5c^jtQP!xR-oj_1l@J|nI;)KXjPFFRfX?69WcpN^S=uDV6R ztdz~Zq}P23M2%9pEnoq{ZXMe6YdX9fLKEJrdredaqll9Z=#{&ClIs*>r*GHPm-#V( zU5B6+L{5F&m-&=~E~C-nY1H-NWATD8;~Mcy2aV&|mdD%Jn|J!x!685IB2fg?$@|Z);BOB#OYrHDB|9Y^B0?QkI$m!x zcd+D#UtW4r>Joxf9p`3i06=JX0%nmYxTu2qQST=Zc*iP3-pG{n1S8{{@_YnbGsA(Q z<2DqkNp7}*FkiC1v+H3x+sHw)$FggOqWN4s`T5gMzXE?sT(+t>RC16tPV6~%YX-EtF$~zYAt z+mn!3Dv)n~MK2oPE=wl&Z6!wv)E%jflcZTBKyY8=|EW{e`(&}g{FXD6~_%cuIgA*nS3rra_ zDJK};l){M)*35al_6D4}+XfM4pYr@v4BXV&%M;?7@ORVq8jVi5j}dUocj#31h}*VE zZs_Vg-Wp6qt}OOzrJJw!QeqI4Lh!U7QzjHcg>AfvnJJ{KW~jZM8IL-CJjX5! z7dnG~z+jsRk}K}$Jcwx%c%M_XC=ORd-`WiuLz|-Zg0eq+Jg{DUFIlpGJMd3-Mh^;9 zo|Y2oj3Ur45G{6=gjlP*UYsXoh^Sk$7@6KOI*t!Mrd%os6{79Q{&?5y?w4)5 z6Y0V~t0vAx^I_%0HHp)h6Of4bf`Jkno5vYHd}~xr}U4O35tT&fZdU zM!l`3=};NEyfAtl01$sB-k9lY2*=a0(O#jP8FoDqoA|6_lf_cI|5s5Fwd~}-$anaN zgi~)#WpqvYv6e{*b147!&zi;zBl8j?+#?MdhIFv7XJe6992P8CCkPPE0#{7dRC<15 zSDt4;QXi?8L5!RVi#{|#H}^BYP5PGZrBL82uo8oY@OCh3^#=2IenKW)>J$Ha^s|LG zMde=FxE&onL-;q-$w3a2TK)11*Cc<*^(+(*f)7yZmiO@NhatiL=YR}AHeYoJNpqHB zDW&AHq=QuD_wn9j3JLr;$qJ;5-nY>3MNT_8pp$;7*kXr`f+uXCEMw3^-?>5J4H7jt zgue8o-su}}@6Q}+(@Vn^5+l=+tx*T-n6)ZXy-OEC31fHECFFfSy&rt$BdlHC9Vm~; z>M6~^xty!yrqGAI^!;7^ogc-|_%R3e9@uvmd_+VE8o5~u{SqCbpa*25up?P}KJ5?! z<_XX5WfL?aIG8ETpj6}}c5fP7KpSqXP}10@HFn@_hi!R#P_>{&gXQluMzU>3XU(8o zh#)!3f<~?^20-QPA04Ff8SS|gE@s9S>Z+*yQWtF~#||^}&?g1NUCS)?Yfp<6b`QzmYH=6Rv1Pr@KIJvIPc#jU>yxLucR` zr`r07r&@5_=&*?K&ZoV_SIedN;U+M*GlRpi@zbVsqEd*t7oH)Vj^2RRH9;;7Ta%3o9))fB@tN7H}m?+*|#BRYh-V6^vc`FCW(`<&$6i3ym`^ z58e|#8a(Nz$+TisZ~n7lWUYwAzG;Pc5FT|;rK}JQ3hG?*{l+SUhK1zG1?iwM{pV*i zT605t_4apo-jG}wJN7&{43sJ+Yh_TArE|}o?r=;qX*78!@Nv6H&F>UFuS#`G5Ls-T zhb+J=I}%vuqo>F_b_%hekYxkjRGZi*{&y_fM_gd`WGAb#?)rlB_FtQQ*}uE*|BESr zsBRTD47v8oE4N! zux988pJ5?MgkBkcIawfDT7d&(Z)pjw!O(Y-S&fYca0re-PJP0geZW=HJ5Hnj8-2f@ z-?;a3y55(zk$otFI&BD|sk~^9zM@R6x@Jv~Br^W3Y31AB;C6;r#=2`q2sRlU*`P|* zbmI)*QY4Jq76l3MLPr7%a8|m!s0tFEG3kPP4mzy2IGcY4`F%YGX{k#>`Y%(80itaM z;?zc*l*4VS>)9d>1uiD%>OpJuujzBaY~#WP5fKWQk>f+e6;1CZGGT=Ax=MI`N%k%J z9jFkx0x$2pQs?NQNVEi(mbVtuvLvTQ!(xQcDrC~U(5DZJ5E3|jk?tvc@;UT>{vY08 z29)-XxixUsP3wZfM4v#!&qpr{%4tO#W;6V9O6iE?1o+RLFUE#UUYQa$GyLn|ADXKD z|4j9U|5qtn0M3kX0w4A#ph7nm;z0RoMr^hgR{(+OwTDpZ`aedV_{ zATw~iQ(#xU$jIv-`UxHtYg{1!ZRkZ${6NRdNOz3Z=taT$wLKEBb71iTG~s$z3zb$@HI0GO zFdfIO4Dxgxrbx)PogDjYlQ(CM@onEX5z{gH?ThP1E6(m&9OUn1=K3S&q6K3AQMIHV zhD6{TBbH?Mrap=Ygzzj8MhJnDC5p1Ca`64;3uJ2RO!*Nk!6E?MmV}E2N%dL7MPn7$ z{`)pogDx})yDoDGodPd{LVeL=?T&2!pEPm9aDh4>AfJcZjTM@?YFio;o@i*;X}sZH z=o7okPp);zI=fln5JsP3$fN@PTAb-RCT$4T{o>4{SgE-%rSHmT8zpq@YC?f3({L+x zHOJt6n>ha;0ZEukF!jLd$m05a^RdbyH zGfjnJrd7cGjv%s$P=5rxoUVO<3>R%0dw-Z!_EudA!`XQxQ9~e~ zkmo|x0dXrVcG{!h?*{^ePeD3s=R&-@`mp({9z!p!sTupta|3zjvkkd@z0OQyhAdh4dG}&5`9N}-dEL6ys0jY4w8@T3+Q|>sx3}k zb3t|teMhr<)BsjYcwtjeo4C|rp9-ZVcsizwRqy^W#stmydm8~mvBD?)G(?nQYc7C@ z?h7xVNXTGW`A$p0$5LKi^Xm9AXj;|Y*7!=g!0$#>Qztqs8AVF{Fk%v^!n8fn^$V(P znDJkTlk?)b!yIYZzTYgR`f+==*4j$VCKgWLb^zZ0sLjG?AL&$Y`1BVSK7yyVrtn91 z9Kd}iePgEE?TOj#D6`2KCjwU}JR>I7hNy_b?sR*03xXsSD9znr=_JW+b*XCWT*4iJ34F4_!WX^uxOinbT z(nh-*fv6e?Sj{R0EVTqPCIkYKB0{!4s^^w*N5CdQ)9m+?L_@544WD?s0 z3mA4p?VY!C=Moghf#@#YFSmz1OjUVsJj$9DW?}&>`R>Y`)Y3oaHLdwW0JQZ>r5}Q1 z5AXf9^n-B3j$!jl#rja=as29JZ^D*e!q^l+`Xe=n@8Y~b)FtZ>%~2NGFZ_1(ahJg-L0d+D$sI)M z2CvazC$P1zW9~Gi0*xw5YAK$jE%DJ=2EUE+Q^deVKALZ#YMi}BwDaXljcm8Z&sjpw z9{~6Wd0kqq?^Et+KRPg})4Zc_kiUaz*b=3*I;3%{UdQJ@Y0^rP9SM+BPxpk=Zp-lu zt|!$1>2lrm!P9-lB;N?QYb2CRS^waJc)4QAqM>~q(tqDyWxY`! zyUFu*-69@DF>x4iS|#eum9erv)FyJ&;WGj$^)lQ(l8>=BnKLv6&;0HC38NS+7%lOa z;d~(S1Tws}ys-C2^Me%$l_Un$rvZGXhvb+oh5zNhjB7D&1imj14JaC-2m`w+BX>%l zq;L6+-TDGdo6$bPHaU7trQj7K_Z-etF*Wr2%mx?CYKLj|VsbHVg42Xdm0b9Sq{$~u zDrFZ6OEIdxf&fZYRL!tuhlgBt<`3rNWtCA$YT}xjSKPk5#;GVR<4Tr$Sf|JLwE=6j zVi`MDlCV=Jkg~8d%uIgqX$54x1M9yEu9H3b8%+eX$YYykL@wI|mDF4tD+@Gkw#vz7 zE`THO?n)d$4U#>Va9k8raZg6>dzYH;%9HCnU>d<4)X6!3qIhaBe_4ao#97q{AJfdjGk_mM zEN>2Pu`xeFkUd+_UaXReO0SH`2RT_E6MTWCB)rbJV{*Rx`Py^68d}SM&-8qe|HE7h zP(54K0M*my_;N6+V#VH`4a>-1+O4}?FCF0Cma9BcJC{!GAs)T+=f;#U)<`xLQf#*M zXSHE8;XpVBPuI!oWmtCSd}ARa0HmE@aMjj@7j65iVzy6VC7V%nAU^11fx2@v;3&_o z4gbl2RK)x~knXhT6gX-%3vs#M!>BL=g-NhaFsE+v)YzGwdX)c&+_SUKK$rvh63L2l zHS*-m4vq=_owzWsQ9gc6vYAt_p3?>{0^hWHe04TWEG=p2B?!=Zyx%n&1K%^$%nKLdYLwbZODOO-VsilC? zhpN?5$T1itF8~3i;-wQBecI_+@RmkDKsl;B?G^5lHk`YxP)W5SOUni=Xp4sZ+ZB7ZBzFmAn(f(u?mk-Wn?ZLc>Jsi)rS6U=^EFA`7TSNx@YMOlJab2F$TDa*nZ#cIpF5 z3jE87C2pW8=v!S6;j2~zS1)ZuQN5trmlOg_lQ)SOahMal5o16PXgWGhJ2gVt8}vZHNojQmnPjb$$*aCYGsUO-CSp zHkAVjsg4SPUJwLIc$(TW<4U>5@N=^KU`|loJ7+}#LTC4K2xAoHyK{NtKxSpI^1Cs; z8BCdm4bGpv8(~; z%xS@$Mf=ap;Rck>O2b9a*Q?Z9=CJ-cf13bM`N=czxdx?!1Ulo7CUka9B^GQ~884q3 z0Lqg#x1}yut4eJC!e#;vC@oz7nn$*Mp(8aKq@YVutuP$ zw7+C9EYoJk)+WI^mH7H0{kADD2nryW+h#ar9e&gUlS-rHnI{FwKCk^IC{c@w&M%Xw zMdAPf3H~W0N1+{)+}30GLIo@muo5UgzE2!LWG*9;zK_+MRju0$K!a0-{|r=XGli_bP3h8_ThT>WRjE3 z0?F6#1qd=+iIv^}`FdIEkO%j{w?4Rf7Qh-uD7$|sA?Eg3>ml;Gb96^o;_k7ewyRpa zdg43v@OLub9@x&}pS7Px*$6ZMsr7yMBd6l33V_noJmjb#b4+IG1f!E}G~fijFF&$* zfLV1LQn`XFMb4mTs4p(dat!z^CV85`GR7+NFC z+!ajkpT|v7$h(=25z_svO&tmiDuT!{sPar2L!2qy(ii2MgIo|dd-MDD);TU07M!ji z3(Lg~ImjZf&F_%MPx_W%Qb$uzTNxfZURP=SfeO0PFDJWo)USeITq%_D&}-b9SoP?3 znyEQ;{3v@@uO6p5SU5Wr9~WJev&&#|?fD~6trt%-GOFmYN?P;1ac?3m*JOiWrFFVXj zc^$p2nHo_0k0}9ctdQUheIEgMehkOs??jl@MluRSe6@?G#8+%>qna9s5RUH*0?Pa_ z;2j7n5WIpUz2%7Ze3M~;R&_Xh()ZYdrm^t$Dsj77ItaqeSGB>o95nO%V`kudY1B&J z1S?h$@uyd15cITvSZ?Sg0Fn6183HZBxI90U z&A^?;d7(pS;YxbivxqLIJ1?L4<+p)dMXae?VHbFtdk+0DWmHpF*owQdgv?*6i!KOi>8Oyr3}r9$5? zPbUthdr#H~_M>G+`et%>VU}qw?9>|IIFuwiPO(o>5G%CZq*66~O1B97sIqSQ1m&sO z6_pJ>nA26O%zgaXr`IQvl0jIJi4$n%WIMGHYQJuwgUH&G<|a>?Y?C*j>Ia~V13T?o z1wt*`y#&_giC7T791NJq(wTGASFQf>s&q!es)8YLc^XJ6vy7wQ#r>cmi!oVWsJO@G z(nn0-$wdLONV{WHW0XV4%!vZ=T?q-nTS zG{t4@d<-Q{i;J z&uBn;EQ-RTvc%b%@ue@Q9boOa244bpn7S9^O!YCs#j^;$A+2hrp3!-LH!pm^f*1Y> z?Fs?xr-QHKv)CG|LwG8zV!;PYfp*|W2p(ql?y7ynXt0(O*t;RSPnrM#=F%f1=*jCKz68Wzk4cR{$4$&NUvF_9Y9A-}=Eem%BL|PVpO?*`HBm>J-Pgv~Y;!SfCEf zn`97dzjmqS^GQkstG;cH+qh!x;`qKP?Ebq^xZL6qf|jyF?W^og;#C77!{6+-08 zaLJ)IM-$+j6V2}rjT9!LHzNX2S%=wNz?uxl#tGWjh9ym{Ri*d6g0%;DxE(MRFz8Yj zrq3Ih00#nLK!jlLPYaOvJ|cfkmrw&$X)YmOevirE;R{83b1c2RDIAFrUVv`7yT|Jj zC#X=Akw=btZ#^aRgINsPuUo5KeXOH3jOg&LyX`Jk%9I654jVKJo?Z~oTcT+Meo-tY zyP&g2E7n@?UQsl8Xapp|JZv^QcDw!&45eluB;XXN-Y{UZ@?%jL?y&Of=s`KP-^~TI zmU0%uD8hDq3RnrkWJkDPHWMLLU3x22 zYp|XMGji7Z;_Yf%K}Btcbm?3?QU6o>lPY?ZPX4T%-CtG2sfKjC~BqlR+!U z_z&Rccfn3jJ*+1gSFzNf*)-C0YFuBy*t(!1Kn;lWSa==Ng$w;!fljK;;z5>N>>Ol% zg&UBXO!Z1M%m1ed0qNq~AE;)Ax#qPdXdYW@ZX|c^H;2yb*pv^hb7jLc)fT%POIyJW9}w?~e0G zpPR^6WU3V6AF=&sH{>rBw&fM~*G!V#CLsoc;0 zY}HX~yR_DNT@^!ZFEhbRBs#-ujz4fEGKK^A8ML>k;*(@_#FqAhoCFM~LAAqhQf|Al z3Z}U61r7&{gdTI3OI@G=$P>Z&anHf{ruZP5&Alg2SGcXx@ifJ|(+Q&wtz zM@!4F!Q0~`bHOEfx;4UO8S)ccy1yg->r&Ca;2R6Wsbt~mYlUvCGR|0$tqmfXCJ*xX zXe2PhYGgKPgxAldePq4oSVWDL0zA+zh+Xa13==zUWb+w7J1Ky81~#8Bi#=HLH9zO` z%WF{`%YFAxJjM7+!dSmWl468sp|Z>2Y>r8y(dc=5UN1=ghadb zv2X)CwIo80`o?gUde7Ig{tZ~{jfHr|U8ZQNTA2u*J1v{kw5|z13(AKzmk~VD=%JRf zFUN`7&uB|rYF5WbW5>(;w$(-&cbUQ1JG3z~(AgHh`FGp_rEua=j)DT>b5(;Qt$$lE z7t^y-d7c^Bi01{eKS<0S#_=On15oZf$4mIs-F)2$UO6reHlY13gPk;lTC+q9Ri^ed zlxGBXr{Rp7`Tg}n+42(;KtcE|8{~c^wl!BIL8cqfT{^}@?&UlS__o^rpS9&vx=l7F z<<_pELh!>A!j{mP#GuSWG5mzAx!?3)y%Ro87B9I*Z&=}1^O#)nXM zWAtuXA3qW%nbxP5Nu*v$#e)fRI@hg#dzqgFMsT}%m?UZEf)2O#lurFZ;GOqms2Fc4 z-E8ahl40^%xeMwSCoQwm71pj{15gMby&tMI>Nvq9Xs zzM!!i?Kl{#CF0;wA&-*jGtMf#D9vxjlyUzIIThqF(9~H!jt+V?WUzIEs|Fh~V+rWe)Ip)Gkw z%W0$=@=4K4)H)sUA~cgrO8^#3y2_b5W`(9%mfz7^u&-$qqFq=g`ykreOwnJ|Wt%FZ z0xvG0=x8RVG6pA%-89rW)p%lE{VksBV~j{47S5L;CuI(DbHg)b;ly{uX}qyVF5;VI z)6M6ly#RnMw~M{rYrdGRpk8oDkJ!?^Lqo!0qR7abLSuLV-RSO*|G%y9&^V`Vg|lx< zEFy&vSW>CQQ{pEe@>lzxCf-Yf=pM7gVa&;jvv~p0JLTnc@id?R zk)^&rGyG6Y(QwqHJvD-a_0;mZV?r`Q!><9MCu4VA;qsZ6|Gw-v4H1D==CNHtmup@s z=8{KnqM;-`l%z9ISDnf4G=qZQ8`{0*G;ZCf!nT z^vt!b#NZ|NU)sjDgMgW2A1H_~EAGBZ$Mek>>J>7P|I8RyHE!qS08Tw!_R&)Mdr- zA#gcj`MxaGW_@v_vmBAXD7%SL#P;|3yV;TmMGk*TA)a#*fsjSEa{4+EDfPo?x%ILI z;PkG3;Gwco*o*@}uIa?dv2n;b_{9WK&}2i0mfBNDFH3Dj?vCL5jUFy+9w2G~G_7qb zT;Ru^<6|!oprF3pH(UtB9S(%0<8kTL*E^K%?UwR`>o14rooF)zk`vkDmrPUOvRylh zVT)DOll9BmenUvB_DX(l+vQdN)_N)Au|AH|MULhHg_iToX?U^NWLI^FNc{Hz`c?2( z!jE=0uJ}b*Wt|$PAK0DbP}fxcE=r%f1}yp+QY$sEsR#4lu zeZKXJnm>}w-;I_7bK^HtwZ&H2x5fp1I` zyS<&GI?oL0Dehu)rI_YwaNkA_bCuzb*S#-TW0z=O6&mBWx(gn-vP&ef*;KQb`S7!q zg*wxdf`;xyYya7L$41i0k{}*%aS@Mv_dX1JgM;T#alJU~fEv^4cdJH0I(0u#FpoUG z!J5d?%6B$0p}FBYT3zz}D0uXP-bP-+g5@%`qOpgg;Sv#Q!?M8dlbmipL?j5QIBono zOvNw4gv9LGXsv-dnmT!Sd1c!v;9&E@&uCTgl@*kqaofN4DD;gGCAu*%NBgR{OVD^T zcyr|@(-&!-n6`p3nu-5yshHlO8iVod!V<}S%T8zl9b>1(%FoT7JV??ojzr3lHkjBF z%==ftVf4(7Am_AxSph~JK9#C9P2^RW`Udkgn$7Bh>uBO=`EI9Zb1Ht9?^OR`5WWrF zAO%)s+@w`g8Uft?=lxiCQ~eI55OClIkI-bVjvVNAE*jE4C$OOGbu(lX^J6rpbvbmL zm`=MgQ8esMJb}>&Qbh%no<}Vg7GF6&B{hfwO{fpD1M=-l>`mZjn zzwpL+>d0S4!KHyumQsfUwc#ZihOOWhTnTJIT-%o zLJ^7$j@~1z;2{bm(9MkLwADB027eF?$YM@?9`k5M4XnRSOvRK?RL)u&Up4~i7+vrXI!@Y%!ej8tf9^Y>?2EK8>QRp zIIO8=P4^#@eLR;)PCd8*ppj8IJ)^}dU}SZcYP(gCExpvVJoO27!IsPz8F#h}NC=&9 zKBH*S8fs;E*dTds4t2$)RJxkQZfriUEq&w&twW95XD=UiIdKl{)4Dnqm~v0xZRT;1 z%$-aa`TMp~D?{>XI=Hr|P2DaEe3=ABLYSQEf76GqKDex|#Dt3YSa1Z{-0Q`C zo3AGJf#62=uC1FXi3@4%MXzXWTCkQuBI8gEzYtAX{=A26lxFv zML@d0Cry9OfC_PJhvWi;ZxRx3V{4#+4V$u^c&|uU)~tw>mRa54sD{316B}%PIB(Pw z{Z2)Cr5^rOklmw^9l(A6ut?OM2Iw6Mn2*SWeUq;5nDh)3b0F_$C8D!3!VNl#CJ#Nn zIw6dcOf=nMqjXbAk>ti`-HWs@K-5QrrUXcA;~eN6H$U}jaW7^Jv>_b8hOszWFzyEL zGSetf5#zru$T-nqbgnhUiMh-f28v(e7M#GPD7IrUtAea>EgudM8Q)WGI)O$`CCtyz z{_Shu&p}{w3>l8TTPq-=NeL@V8P}t17>=q7s+a@64)&eSr(y$vJqK%z$JLb(Hlqkg zhr)UR`R_0O0@JW7RZ~RPsj4Tg_I=I5P=N_^&!}+6$tu5og$ah63(k;Cz!|`vAE0D7 zGU9e7sW1?zn83|>hPjP0>6}A1)EdNRt$1o4yy)I@oj?m_g+<7Ph%3NdCgp*EubX^$}L%JB^2RWYPua@K3#^bOT(*peyJS;E1*nRler@kxtX<5 zF+0?)0+5#tj&ts@6&! z_tmL-R-b>7FPaXF#1Sq-#c)Yz&G~1j3B$_UyV<&*M|Bf=;~g-E5n0?|SDRu-fJ{%r zP?XBIKPt*Lnb@n(mxjDe^9)cv&^gw6D#-|Z1+njYcKUB=u zL4i%^;1WXq;S%^u-1u8GPm+K7?e=`FnJ9eF#Nj!>P!CN}pp@Ihv|)O5rj4LZp(|(S zoA?=BDO!{S+$FjlSYl1IRwx$`R%n9130lSz>vLw3GQ%Ia_nSVxd=CqChGA`ZpFth8 z$lMQLw=~rVqlNq8I6CNGQE4#3x(UylS0s|@A*fgXzNM}V0|tmNow`uucNv!g%!vXzzdpNrWYFULukPfYhCbTteNj@(2W3>Dgz96lW4HD@G7c4F zJxZHKh^x%xW@2#y920BVB-V4W7T*lsnA#2A*ZUNlG3nk?(I2qZEXYdi z7lM_)LP6pfRvcCT-nSPjeW&1LTzFw72C(nv*wU;yV3h&8#}U}Jg?Ol*D`(DGe@*mT z(bLbZZ&KOOo@9_gc6_+DsCTge5jnpdnE`GdT?bri(byL^%qRHA#=u~>tghlCf8Hz2 z!`y{0nKeF9#*)2Y*3O*M()+-Z3Lon8wpd2`ylw<)cCPGK!_i}9tubkL!W46<4#2lx zW{X9!%Dg-wN4~6O`|3k#?Z@&(ZE!prh*TrnW;PQGQFb*ARn5|TH4n6dw?fEGZqh?3 z3ot7g{Mx!TN`J~t>O@*5U4}~=&vb2poF}CD>t9Yd?@EOQgryc`z+ z4RP;=^ZhsWay@Sb56Co~qEl@UhZ$zLXR@~%&P|^gv}zgKSp0Q?Qx-sZYR&HL=v)E%we#WdXOX&=At&WFzYJ)* zdw_<14Sv74gcYAxWcMf_$k$z)w#VTJA#1nb!z6q^d=WTUfd(~Ia5$r1CTWZK-oFUk zdVubnwTE_`JZE711_XJo6Cq-nkyblIg^KKjiQ-4giE)EGWe~RBqp^oAxobXxZToD8 zk8M@+cvG9!((*rAA^VzQoAiqoj@8TFk}2lf@`KmOva%sYY!0CKEoO!!GYsCSa8%S{LS2DoNL;Mm!^Y1Wm{8Ji4H1yR=~d{B4mn{TSGfgv zK$hq6wv1rr5c3$9K{cHtVk5e(w;+5vJ#RV@SY+1Sb1(=xy0pGIozWm5yF84Jxw*bi z^?Y>~pwQ|f@ic0YFkdSj9vJIk)Kd>}9Nb2@`cfsL6MZk6%8IU1qYIOU@jkI$~ zYr)S7(CJ#V%Q74P6z)i0LHH#Wc;t;$Z_=ScoDuHVj9q7*Y~Q#jTZ-zQkSR3?h_45e zVxm@tjk9rvJBmEhi_RFf1_%`vJ<4{2TYSu#;2kga2u(*zekDLxpuNUrToZLoE1kr- z5oV*ZapQ#gblsz8Hp+cyyOARhLDD8n|{_PxxN zk5aeQExZ?}(BAElO`^&BW5f)aEJ_BF6-p+CdwmfPp6)@&&71;=H<@*Xa?F>U8kaq% z->sWxQ_Bz-_c;>m)2${vTAiBISX;tqdGmK~Dw9Mqhnz;){CMdfC=15i-oo|k61t^r zkOpyan;=v7@#~2!g`T6E=>)$%?jyh31I39hOEI9i^N*7ai8^7$pwQ5>F zi0@>IAkj;@C55PbzTm4XHDr$@v~-fkjDuq>_2{587m?aEn!xU7$5ME!^q}D6R(KdR zuu7BDjHJ`d$t!vDPB7tl3=K{cSpihh+%cp0;$-XEN%aR8i)CxFZ<;PylN-0~ zL+mKY0{fT(Fj-go3l`vj*_!%_X9Vxe2fFBwf>Wn@=w$hJM+thgQ^M!<|#XrF(#_?>_LG9~r{K zty6V%AC^ZqBRv`3J96d=sCVm;X^XPgCY(|cVL#9NuyA)k@qKV+6vvy=a5?4KD6M21 z!?0`fH=eJOhQAv4%$R^_JHDm9J>rd}tq_vVyMPLALfZuf%Qf)kN=J(AjVvQ193Q+C z7TgBuoq!!EbsZ$G7l90r+q2({RZ*XhJ#a3A!us$20G`vLTM&v+SwHCTOERKuBzyF3 z_id8!|5>**&h@2kif<<7#(yVk!(EFov0lFvBXBj*6Js7@xkfJEyEWrniapwzt&6i}&OTFJ z4u;)MNDDrg&Ko?=l>WEy+If`dLEVP$+YeqOlTbnFvAFaZV$gmZ=<$}F$5diKqFac} zFSSPjV-M3$+>2LZ815+7QbdMeVL2DSyRyNG)MGc;SGIBPTKNasl9JdK?z)J30=M2m2j zDogk}OBIruWiev@gnfm*GD_fER%_hju)iK~?<53eb{6C1KD>O?Z!)}#;c7SwFZzTld2DW(1F`YI4~7Y~h2o)ipM*gIHPyB^fe9Si`)p4R z_szVI4AB?!*)S1px>tcrR3h00y`iDhh^|LSf%=%_+Z7l9={>sB6lJAuh=W(3(V|_hwtD$^CZ@M7CgsmpZKDHHp`{DeKFOt8 zEOnbVO!iV7BasN0xV8Vi4GckK*!NYJr|yhMG0j~k^nvng9-Ti|@igy+=xG}-$ni;A zG+B9~FzFvKP~b;2=AZPpO>%*@P;QrbPS_`|Fw?OnbAp+GrsL^a(+ACwvEF2w^w6%a zU|yA`aF9?R^=gFKpmrz5*!jQq6qaNOxolJtufkYCLCq10(2dmlR=+nL{Oy;7DG_k; z7DwtYtbNS?xhyDk<8sM6WdIRF^-^S3)kC8)!vBU8L$2yYwF^AV6WPQk5`%`Kd|`sB zDKzdP_<}8<&z7%D0e*guK?!sh+`}2Wn}c9&%V2;B5ymiZ3IRL-O9`(TL34z~%^=rg z(o=SFU&APbT4AuE)9wXJ7&?Y)wJ7>m$%)AfE(HAktYTVC+p{K5b-R!HtA4fH#xlfW zXYL!AbVDfL>2Y!9%Qv)0C`M(N-_3-$3@7R{C&<3+FO0vRH-s&MzJiGmG|4y`JQf_m zoJ0AS^;4~2T}HjY`*77nt-)IT!CN^Hz`so@D7qipIF4+Jf$ND(IRVZo?4nIz7}_<{ z3J)##4`IHkGv@+tl-z?tVwj>H^b;INl)+`11;dtoXJnhLLQo&qmW}M&*q<$tk;{M} zqSB$~pEs$G6y!Cw9mZMXMI^8KS7{`ujSUC=s04W%P6_(jjnWcxcA12CFDxK?Eot8N z8M8b0nC|wswO+J6>icEFX2ls&oWPtkAA_Vu4o=jT8>*JQKq*C# zlGZ{3(1U2oh96&s@edZvPtmHa>W!1+*S$$od%1=Jy;X`YCTfe460h8tu7<^=Y-}l2 zn2oJz4Z!;B_GSvhBXr(Seaxpt5QC})P|Soxa)j-$xPnr35Zf@ZN(OA$vIe_@@W{HE z0tE}+R>3n?BOMAYh}_DFlmRFKvr_sg0OB(B^>^Ucph67X5 zuY)aogM7o9dL4Bk9PP7|!hg-Q($`#z=)A&KjEoBwj6Ryp?=hH1c%FD_FAU< zXBVSEIz0v4^1KY3*_^GxBXZgSuuc;&v?1 z?K>O=rk|_y?#w+ZeKT();uZt+Qj5GJOOKI&FY`JFa4j6oxaP9?nzxw9f= zmRcg)KPcst(s#GP?xUK+mKt6Fb68q{(5~UbPwW{=yfzG_jv?0eE0B~9%r{gKbqp&1 zm$Z8TaiuYQP@2U~H$rVwIgurVVxX>m90f+Ifjnt4V=M!^rw3uWKod*LGrUirjFRk` zaFHAE)i?vFAD{T*KLra0-at=|;3Cz>3TP4Wr1(X~_DXnpKK=GIk&?n$9N95|IDfB~ zu>Kc9Z9;HG#Yt)E@y$;SU}(?-9Ug=K%eVQ9gYD2QjY0y$V?LXG)FSnX&6No9D=c(s z{;BW_$rnuwl)<97R>0M`OUhlEipS}TdC`~e)kwE%RomYg0fmKOyCZ&VyWn*AKb2t{?3#D#xFy?Rk5DMd&Gq;k?RGhGRs~M;4ohelj1Q3kq090c`?zQP^7M-VB zFev3}7;Oo~7V#IM#*g_c?GAr5TMLSaHeZ=Mlxtpwwoli~9) zsr~Wi4H6Nkr@E_-n#E+TNQ?A<(~r$dI&g{cALGzT&@x_Gzkc7W=EdiY+e*Azs%ad8 zpg>;)SeZ2(jZl{qN)$;#Vj;7588JlhIF!7dO=*l*fMSe&W5=y)$DZDSquz5Lf^4Vk zOIiNfX;P%x=-TLRSbRw&^AoaPn*V~eM|gfYO1Q2e0O7MV71d4C5&C#GZJRc)e1Nq{ z59~rEvYal4W}8Hq$dzFAc!G_x=EcapIVN1m7UYR;^TY;o5*;*>+jGR6B`$cjG3j{_ zojq3x1L*i~U}UonMnKDnzpARCjWxr3NHT_iP=viqJOdHCyG#D`?+QyJsymysvO@PZ zq?&&~;M2wpC@v;cUYsQ3)i;kIFKEZ2)x1q8*ybiu<0#xyL$NK~8<9mw1ekZU0Z-Gx ze97_YS^*mMM#LUs`Iy}Q=GMdkul4Y+>??Kc=)XA8nx)=S6|pYd+*!4yMkl*eJ@uCRwP z`H!~>{B&>c(^>GuMEf!P4uVHX)M5;l4NG}Ew=4Fz5tI)kuWu`Ph^71ridt4J;mFc91RSK2p z_f-KLxh2hww?^D z4}IKH!tayEr2viVh9ft!frh!rq@(OiTrKxqa{ELN7p-EF5Rn+o$*(55(7CWkTuFF9irfW3YjUmQ(=fhHs=E-l|&v5^qDTR)vZAdHJX z*Tuon;j;IQk-smBW^^Tn)@*No0lXT}qTXYF#&L-iOWnwLf=#utVYcY-`MUBM63Xo* zp_sLigfvc?8{`z@jxIiTat|>~8vVEU9JV&d-)2CHnM~=N>}am8np=AfA$mTEo%w7Y z4m>c1=%Cn01%;g(@`6O|Gkv+o(H9{01Aak{ZWJh1<={WYKf$Oeh<~I}4%uGp&hZB1a6^;TirAs-|7w?(nV^ zaME&+aBkc(!NBjVC!#{tF(vs|^nr0F#9XHgmY873l866O7>CLz`tFEA2EZawR7ps9 zJV>$wd7YNB6aIo!5uu{1L0&`S8WY4KU^~S$Tfl~6KPfKtG2U^DeQg)i>v3{7l4C42l9w>dYkIJhuNMLkVWmY4No6D zJDStD^hqgSSQNV#&#yOV=^MXwIH9fvS>7YLM5HX+SoU|dABQK3d464ju_vNbJc{?(Itmlz0L5&d0 zW;ocmmgN2%c8aq|)uMON&WkUIkP|0AJBp%`Q9w&PzXOA& zDw{q}AGj+*LPf4qob6p%>LPxp_<%2+;v4MQWR`Mzdq**C~i+*;j5iqVE+WS45qI+jk`=bR+RyZ9*IQeb385NzQ5~yIA zw=d}nUnu*kYs%e~Vm!YvO&=QvQijk4RZiwv5pHOJRdP5h)3$vL>Wt_(t~kxPP#1Jv zyf=PbD+;O8Y6Jb=4VRJ&=Cd}V`OZ1Q=OMZ+=^INo?6e>Envu9Evm4jz`;*r5s!3R~ zycs3NuU?XmTI;CUKqQ*AFB0MrheVG2F(?9s{`E2!jxDE2{{A1B&DOGk4A7O1eTdn-dYh`jL&kK|HAwAUTvy%FBU!mbnD^VVsw{N0xFy_*fB*%+6?ndTUh7#2N4Q^(21m94AMxd(Dgb_WV)p`7%iV@5 z^xmOf=H@_ntNE}!vbEUzR)8@*r~wo1ki&a@p>tPCAj(GU8%BL7H=GJl6-UnHSrnpO zRplm?U~L+cPybzIF@!MQL_bJvWFGm+70XxxTm3&BoExRu`5W(h|d4D=9O1*12d1 zNv(EM1$gVcx^julUwyadYIjbCVp>fSOG5bE_aj6+x)rW4xYH}A2BX)N&lW~3e0p|W z$KlH2lNtimaLvDcS=Q}4N!qi~s3<)E9keu`Y=#zdvAM6zCcK{J^6)RA-*aRyMS)Jo z34<0?OOD{V{+wqWUJK&d^NdyvaV+5k4#N{2K#{# zyHTp{y{E!~{JV}!&fRIU$HtSfud-3P(Tr}^UAK++d7h{dt}|F8W5lusIn2{ucZAl; zyF6f)*0>IO{q|-PIgD%vOk?dK`S~3|El5DYsz?j-wB<3G;J#p>+fh<5(GUw1=|$?M zfUf**M6klr!i79dJW1#2gTxb8GzW6=xoXU;4Kd<|2pQt>7FEGuYjo5CAOMh)2=oh) zuyZ+3KcuL>nN%)Y8w6@C+I)#lf4~+>snO(Ps7KU|>#d?Y@J`+G_79vbpP-er-u5i+ z`>XJ6CgS{ip`J!%5#x3MsTd&59DepywjGDw1B0-+?hG2H6th##^Xd>#D}n^&@Y}1T zK?|OVns5hLJz!MI=?_`z^L78qx&MJ;No zw;hnoWd*O;-JLjb0Cz1=suXsJ_EJIv)WDSqHFr1UqHGib^&67)6dhw?Bn>Fo%K+)) z3dE>M_m!Kzx0YZioUnBC?j3P3IZ)q01@=(DLa8N4_wQmr1`Lu(%Eo{#ZEg_f|3>s$ zu5@^cUa^(jYeV6M=(Pvj3hKEwYk{||np8uQuoc~HIR=Xlo#{fxM^e3j_Qm$h-Kw?W_ zEsswYsLtE8sq#|^tNRIR1_e^JQR2j&7M}RBt3WwU|(5nsK;X`pUa zkXj4~%=Qz#ak^@ZUVZ_(5gQ7PKd71VeN!n-C9P-BPp@q*Mf`!gXy^;PWU zXUpO=+4q;q7DIgH7w{3Mq_k(~wiJK){9$Q*9I3S-|D1zM6x&Ku)b- z5Swq`dyXrO%RDNAj29bkX!W-jt+c0aMGSNuoR%4 zPDaa~8d1JZ>KZ&~*$s@}q;z8N)wFlV-LmX!t11B37o=fLY0%14GhG+=YaZ zufV5^8iQzwVUl#oU2?0{3^ibCuf{+mUx$+nwIpYzYTdz`p1E$Dr$U04!4Z1|rP&I3 z_!C>+S~46Wj&H_T!V_vBlJAuZxhH9RsvcGc)w>_jA9 zSbG(O$oH2Rd#2*4^3!i*)uWdC_2h!%TQjXzUpx(2FKf2G;nXV*HZpG28@le6gNa5w z&-#B`Xog!f$fy66%13#Ki~Gt}#;n;o%wOjG%jK<6g7b0DD>Gm0EMf53C$#9B#IIzefm2;9NW>SmkK z{uX6e_t-8f^!G3nJII{6+M4rq2tLE#Jd1*K-|4hbDpe&su=SJfoB7SM7QpPJ_kCdp znr)i-J{OKtDZJw+hzVeN4+0 zBQ4|$-dk8^*_|$2xp}{t2xu&(M5>{fglkI~tshQ7SFEr9+)%!?U!ZS5*%DA5j_PtEH?-lsBbWuABW2 zZkC!s6vL7S8 zxMPBu;{BpazDWWszj=^d`ri>_J3s(jIGjA#gJgf0Q7)*xXK`XvuqY<=k{NdxUJNL7 z@n0kf2$#)|%)TooyxXT~l8p?|cx*Yu^#5s^Md}iEILVEy<5&G)hacZomWUnvusY2xrU=PCB<=ms^l+Gevqtne|AmSoRfTECvvItvSW?ra)WFTLYQy=;+UzwpZ)h z#`blgd#NK?CA3tm-ssIdHEOsW0GXf3`iOu!eGnRoh`ax>R`1WZ(6&&#KqU_I(_`IM$*4=9tC5Zb8KsdhW z0XZG~;uV>#wh~n_WNN(;UtKqV3vWj1w`_+MoS%;6N=XkapRDy&CqF3+ zs_Op5Yd}zr-`Snf7Fggl3Nt|9oJ#pEiBKof)6LW8`~N#77o`Fdy>M7ezfF!y45Gv| zJQ-6WB6Ru_156qI#kIbqd}>RQfjYWi0Enm5PX9H{rgPJUiY4Qy;wPc9il6Jg@8J=g zJ*!aJ?0}J7g%5;YaNx)AZ~?5AQOqN;o=G?&S)+c2A4EL2yb_0|s7e9t8T3oIBlCnk zMg|z*V#3_#ia$&15XRy;R$pvH7?S{V#<~O$*;LQHu04_6&Z(I;D?yyvi!&{P;I61< z5-W~^D1^RzO6TRJ(0w~l>_6^9+03T=A9gUBNrY3!q5W+w0&UQ5OV&8m;>oJ;KB)WU z5kIGIF$Tz^T_OS7rBel>6%myeJL7YzsvtJui7md(>&FhG;2L$9;aWC}etenzUT;6@ zWUNX%<$-uzY|yZY((1Ot(iPe@BAXcMeFshf(OuEYeNbHh5#b5@`A67#USZ0XELh0Zp*aqxHYc)wBLCNqLSF*Q=5C28l~U6`}*^l;Jfye*%TTs)_MV*Jl2jzh@J`PYodwR9G>7sTYl$8X2L3grctGZ=m`;p514 zXDXp)4fJdlqb;X?{1!*iC+2&3KyXNR4NaaJ+KKv2^DCw+5$Q$kY7Sz+ zH()d2L%U6q=Aza@zs@!b4!uyXeZ{%gA5vR}tP#gc9)C9R07qpj4_|o+VOBJlNZkKg z%28V3Ny44iXz*)VRjShX-$qjwQsqY-dwJTYG(R6GEOxm$>0zuzF#vaI9YlUS#6k!t zILh#>@)}9P0Tal#b>3Dt2;F{(#qe2${QTD)8|K4XwCvz4mlx`vtpd5Jm$*_FUL# zhki85%f-w|8(eKCRnuovJusGYJ8Ic1<_QY2lp17pskZxUp}r9XAI5w4xJIp?rKoxx zG&lu`(er94OM6U1s)LMu)kYachk|UDe`a~?@tv*;MxHRekJjW|Hl0nlEoH`KwJ7l2 z4gkhT5~A?u5DPTb{~FOrPBR59M(d_JIfAvLgvD*jiHH>e6GE1Wco(~NK;KfJwoRlo z%47i_&k~v$%>NfKPatS->b5T`Nh$`e9GkGcWBPsiVinDA;e+3piP?h`h)7SA6|OX6 zL(Q4kk&a{~#6;jUG}0}J#yoIQXx*&l;yE3JyrA!WO#efvi zR;6dtXK;Z)k-s4J(k>Fm1ZtWJmp&Hoz|A?}tUJ)wM4o3U{V-3-&dT1pEM!;)8-oVT zhrw5f%E}$%4A$nVAxN8)*q;t4J`*&(zKCYZ1aUKiJv{%z_Yx{@Gy^>^#A9zY(i(kB zYCI`Eg0y>|gICZg8_Cv26t+& z$#mIu&a-q@e@*^(QfLhncH*Bq=txs?rkcTUH!(I)dk|`Yz8spwdA~%bGaCE4*}bUS z2H?GENpnzN%My`!!?vq`B&`lVTKfY1Xmds&9e(y&8$ISIHD7(U)27vMi1&hD5wAX~ z4E&Cc^2{HpYCbON!w{~^IB_^UtvhxWn`dxOHW#UEko)cJI6qK5kvGcmaOOhf6>Zhm zSU$CBO9*#6pP6@@JLH=kak0jjqC5;HmAPZMQ9=@Vm4O z7s8eo%BTI+IJ$T`k4gPBlCYZESYv+q*EN$KeP%a#dA@r>LU(|PN5)B~Aa3ENJ0S^w z&`)+zK7Gg^nfCUszfR5Rh8T?t@hgX;`B;5B-6JddWC_B_NIL8;pWo9K!T%=WI z>b}9Rj`Px3H{qdcHjqWr5HW~F`$n7is2piB-T!+ZJhpR|*r`x;UED5VeJpamtVRK# zgB-hKi1R9z$)>A2?!;@4JFB! z{5J!)_C4=wGV{C7qJ_xM2x13zs-DSr(Jm-XhCaN-)C)yolv&n1QJ~-Qa6tO)dJNeZ z(0_OK$s2yU82)180srWrT*!>eA9Bf$$ptd1yFpdT*V_L5GK&>jp8LEF@9h1`Rnw#Yr)fe8pZL~psu3n<$V@+>j}3|sId z`t5;S@Z@U11ahV2T6sr7qF$P>52teJn;eef;b~81WbU6}3>uBC9jT=Dmu9Qss%=^d zMz3YeyPkmrtMKY#g<5-r>L&9s-U>Z?an%kJI!v?g)>$|?)t3~AIRl40JTAv7#wy+S_jMk z3&dQ3@OAXDErq>Hpmsk<}#GT4H3pphnHou(br|cYpVdxf^oaZ)deh3>|bAe1QpY4=!m>u?771xAe(dRdjU)9LcXx(A?cM zLM{bJ@(q!}MOa7GczdH8g;)uh-7w%=S->stcOv)hU15py7}DE`WIXoS>A$9^EZu*DB-j{kviTF#t(E<>#8>OU5)&0-nU7aY#)bOC_a7}3NjOM^CkaQi z9$;>x1yE*s`BY`IUq zr|LA^RauY#MKyU-X#kpQV7rbMUGmtn-%jG4#%3bDKtwm9w= zk(+o;Z;P@$kK~h3b|&CIftmlx*8K%msA2gJ18g;AWcHcm;b-Q3hzX=lCJ zJ4!`3_TX4NY0`wt@nTm=8;s|d8IK}VpDvjx{x?hBfePA3d)B-xffN@j!+f-cmGzw1 z>SrRprbyD!*_Zkdz?cE$!8;UZ`mjm}NdF4FnGA%DB9mAxNQwpVyfI&u zS>DtN2fSzM!sF;q*;S_7#}M?4>-AnWh~)z&%cw<$5H(U|VRK`h8m9a&bsb$h8CUsH zldCny!QtctxZZrb)_;-kxW#1X7Qid6BZOA5AqmhTo^SS`?Hdxkz(XwO`goD7G8^k{I$dJ!S}+u% z$7st6F!`tQI!HpWktL`*!eVLi2h|lU9w>({oz}FEgw-G1;VE0O!8*$9_Mm%9+LcwM zKp=2`f9E?%#3H{xwD!dnq4kejB!$J{W@<|1Is#vG?-uxgwX`S~ zk%^~UWTh)I2cu0w#HM;#xXMca>J16s6W@V|6e|M7c148oJHXC!h64I~sjUwL zhn2?wv=Wn2gD2t_C7kD%dynDuYFKibOSg}mtCy418oBJXR=a`2n*VwxrMAg6+q z5o{hw*{}!QqkoRjAN==y-E3r1luE#LlLD64t9|csPs0V<7qyq0yvv&pu5F`iVg=gq zjXInM^MBVs1p|Hj%MAU5DCo5$@u3DCj^ajx_Xd;*Io>Odmw;Cal}jbf)7=ugnF45@ zcdi3|34;u+TSeF2LAh)SA;>(c_UTEosV=lP$LP95i_FNo-bO_Uk4Ofdi3ilBvyHQA ziI7e&kUtirMLNEk;6A$h7cj1_*Ca?8cORR5zq;3`Wu71F{?g-bV{7{Gy>17jU4m+J z=eV16B5*>8KrIFW)#?A)U(+ci<}h9c+7fps*VKmOq!OmSwQCYWhKAmcf4&15A+Wnh zk)=g~-wO8VS3Cm7{>Cp!8b|!tPN=nt8W00GRwKJlsORafD86+-)vVw<^aGuhPi>_W zI)_YyJ0?rLy+<)5Uj-SHX_mWra!tTTVdke@QU4vH#$+8v%IX<*+Mfv*)m*aWvgXW1 zL07B|-pjt}s3}O@_kZ~8hUnELXSjsKhZBeWtLYkcNmz0{$h<+^CDkfro_*>+Q-=y; ziR=m64>}2H@8bC0xrmj94Btx?^-+a=tS0N~sZP={6P`C#STTp073xNaJdGvAktjk1 z%SJXd3tHP1@ELjujQ6DqX7J#TeMRp+;|Jul)6QL2rz(WQEC^*=yvk;)I8TFlE34YB zwoY;za&E}0m#-G#lhdvN&f5g1KwndU(A|C+pf8kIYEbnPKY574_HHMhe;UPqNOYed`A>ZubH-KA7p}w7P053f}m0WFicI?y#IY8 zNv~h}O|*p2&Fx^gj)s`^b>LTH=7Pex1rugq6guM^P?8woB>}S^V<})bt_LiQI_UHl|jDu<;x_ zyp)dvh`n|?T+_2uxw5ia68=bE9{slYS{N)-+5bmT{{y3**4f5yyPcy`R#8-;S61!N z?zR(&?*5B}RA^Pmn$%tqqgwk97RzPs_W(#hx4#V0ocd!_6GGGi+Cpl`=YySaly2Uu z$4@@u8PqWLOC&htsi^1aMG>`dhgk|D!-sHdI0M)t|BR|Y%6%8Yp z_kt(8Or+EVx^NEDjRWX;8f8yZ_YBcDp+{`|8U|*kLR-nFz|v+Vb*Y$;dZQt*YZS!p z9gyci&Lu7Ulj5SU&i}+On3N2^dhJv>S$&-k!u?EXD!LkZI!PSvDLbx0+FoU%M!)^SpKqoCnEp`f6{>}1@$ZkU5jhS@A~*zYY!Y?&g2rK?H@UX z%4^72v_ZtVR=h2zAi?-ZVP>*UW~P%K2rV|sTrIiwOs*suS&D#6HYyJ_sHE|RkTbsk z8*RbWqlV`|ji#r%ZL?RTJ4eoY9A~IS*6&_4M6VF#ixkH52Uex!UI>E(Mu`pCaC*t0 zh+;eLK(2V4M3_y1GIjfLpYUP+Q2dcP-kt!a5r=D768i(Z>V%C;tQ~?nK2r233UmXR zXjbOO52Uc7TyBi_)QaIcqOKn%0e+WMhqB?J@LI=D*W4<%|Jw_Pi`MOx4*^3muEhO! z>am;~2ccQAEt8=(1#Bmbyg25Xfy?in9<4G<0F*ZXh)>xV^7*v{+uR=Ld=gkTrcSLD zW)Q&Dae`&`YP`RK5HPk`73KlLa0ia)RomLHT^yv4%>Y{KOSRYZy~pNnp7+xBn5Tb9 zo+E$WD?kU@$-XlwBam6wbVpyU<%Z2E`$+xuw=w5+`JaD;ttP*P?w&*e=5Cd&5fKJ< zW~HyXa+dZ(AZ%ABW7?S1_ zUm=d^IsoX|yfCT6y!i_n8y&RAesX;^^KubrifSAIwQg)IbNK`GG>Wuon!qgL7;@2{ zVnzK8$1Z_3g-`7QaZPl<41_9SI~+zGaS&Wq7N2Wy*?4F9@|wTslT~8;Q*p?(l;PGo zrK)8e2O+LBCG||3s?tzDyKA4O=-<|k`2M8mheMK}dxGq!+X~1@-_fdT5K~wZzr`S| z!llN(*<3I+zWWwbC74)^bN$m<1+0G2z)ZUw8_;w?)%?c+`;rMMGnD?yGTPTmj)pVM z-z0E*{=g8AkjD?K(<@5B#!;yQ)JE)N+8|zvx{67x>+~D#C|SQ`X@ZS6%}7h~p<{%G zMhkU0Ri26?qqpdzvKqhwuIX>gAthN*IY_KNVIv$wR|Y<4pV>sWimQEMO4oEUXVoAw z+~+(HbIm>RZJS;IUBj7C`!Nnl75LHX&ugdVblG$KPGqNGmVsOQY#if%l;Y{yv|`&dt6Ln8(ggG5|9 zzOFZiGg0gmt8DDH0Bj*!Zy&Q9e7!YeD*4K@(^V^dU<)8U@Sc#Ij;<}3m{>+uhUp0^ zOOaAWXGWI;(fcy>&pPFq=`t+u-@o`N9Cs?3x{4bXanZ^(f6?Xw<5^&3za$oq9lx#W zZZ67ODcdyKQ%iAapgfF!i^zW3jvo#MW5V##+F8|#I`b+Sl%Ooh1V*^rEHAFuyIi}B z$m?JC7tArnm$T{GxII2*1YfEo3gf5EJz3u(TEnVFe`t+OzE0klktj16pE|6G=}SYpEWj zFq5%|ta||AYPV~NKGuN+CpvSS?B)Ucs=YW>*bjIQ)TatE?eHff!1(u+vs@GwX?adVi9Xi z0;pvUP;b)1GhEri?t2QpN^bIk?MY# zYb+Obuu5A(8%*XsZ#sa!rjy*G64+x=dYmP348B8n<~k5rY&pGGy}M3$Qg!VI9CWeW z61DZS18kG)U9G|8&tJn=hAGNh0W1cGUyTr2@D}kIkiznUhTSu9VeEK3%lgcg|$%k5J=&tVAj; zOKFltDqptm^>4=yGGhDa(v7WYLupn&;Zi-}eOmP@bKXj_VMwCkDK{w0E^EWx-N%~{ z9WdeyWSE&j>@KaUgc18T8k4YKea|_^fzzCAGIomhfgSrK{3&)LprMDgGUzQ;&H%(4 z$mW!{L2HW(d;@wtMIC}6c%PvTt|tZLhBTvpg0QwNsUW6sSDVidnpNF1B2vFxvZyaV z<~Tx4pWl^U_+qnX$0oJ_{=T;1u(AnZS=@NYaA)q;x#WFSLU=@kcJcNhG9Wu{0zW(r zPOX_mPu-{q9pr67`xgyRVlhQ}GxSE9x=QjJDC_37`FNrJA{0tiA3Q*)+QbhJn%7#XZF3o-ozPN9iT@S_01BRx$hA2)yVT*(5OPW($IbWs)h?y1m*VbHFIEc?v?< zHrBLsCt(Rc%BuDvg?m4M(!I?IPZ9cwR>@20d?+(}m?_EhxzsZPe)2EF=*Hl7N3tjD z8DC*R4#1;?cVc@Crl>HKvqcj^NUNo=M!at>{Sk58sNU#Q#A^r8( zsMTHsTkfcG#j4)R!z|Rl+7Rqf%N9(31F(a0@=gBuV5oHYu#+Dzx|8E2!&waa4!@&X zMTOqYJMy3vAlPE6U(;+T^v7zsOys&)?XmQdgx=!0;W=qp>2a%M$E+TXq#n`44~u^I zf<+}oh#Q@1E;v*RWMNSU*LJC#ZM;wg8T0B@0>G9RG0_q7gUU7Yfb`U!FJibV{Dcq_ zKREPr;!yp#Syvl#?Dt1meN)|U*lRe>ejy>p4KZ@Et5;^gLVwf_A|&6!IP|36Cdbve zKQl@*1wc*#To9W!Mj%Z=nmO8M8jOSZeHX8@;e~AD44P3&F+xkt+b2bg=`5t;rWdh8 zbPx$u9Agd_CUyk|J#6r9h3flOblWOF2$l`|c#TvAp4_<+ZP)L794yaAhx3C-5U_pX zPI@B_2;;wE$zo7>`ZV|39c#3;=HWICES!)MVRyTn8{0uMA_m1d^ppd|f)8$TW5YA_ zhnO3iH={;;?6R!*?nHOzvss%t0Pn2GF#yeHPDaH5hN-5pr(dBxF7#OzI|)bZO9F7Gi z>Z#;eB^m-j?opv@PvxER)8udwq{CnQWFZOQN8xd|HJeTaYhGWaW9>VYS%8)(4Er>7 zNFS?7(T#9iVL)#8r+R5Z`E~h?h#WFTAca~qyYe-qE=}UV-*D((>(CE0Q&9g>T7O=S z95@s);bwY(ji2J<_c0@vzZ9s853tS$3$vhBrk3KBn0AFP@}3z8eW}8HGEpTJGI8l9 zNw}^kOoYOse#FcHr9)2=E+%KE4g$##4xdoRkKBL~c54_^9#(@fh*AQx>(Q+(r3ln} ztr=5bqR#w!(*sXDkpcy`HUc~TPcoIOwQVXmMw8~-*-ZEll)A`-y)x6dtRy^b^+D_j zsj(u%^K13Bspx#IswLmIk0VS&z*5UUmEhIIBBfJ{;kD`AoGNgdQ% z<|=gx1}Jgr#`lKKA)Wj2AX{>|aD}Yieb$!)-v3k6H|-?#PCJ-CGA;BIXb!-PgU}EQ zS+sd(oOMvv%abLR)2!MH-a9G&I^H#x?-Ltriz=6!t=c)}%0g*( zR~))i{4ty8BqFCHro!3~d))-4k;j++9f0)BUF3i97IY<78G)V*MaO9Q=$7fvXmAj4 zmEn@4Gs5(MbYbU5`Szasxo^lhIo9XWS^ZfBCAQm$;WBcc{>2oIF_z{rwz^5_JH%jy zn&W*KW)}b~^>A1He1wSUaNaq6&EZea{#b)uXvB(I{kFFwth|P(Wl8r2gMe;vp6vgz zJy^G-zQ_VT&S~Dn+iM(r+nR@1pQ1_$I@FNEak$h3*c4I9kS|xu{g0(!z(>5_$#-*V zP#)UXr;u-9_>`YgDm~91y~dmnUlLrT+5mn#IYr|Fw~x0k^QB0Llg8_+fE9cyzq|WD zoIwK_HD#|dL4WuD@m!u&G{x6w(yg-7$jNiA*15yY39t(6s3X^ru3F{e_Ks@y*$#jp z1T@8=(iolng|(>+x_thdVP}f`_sx}|aQMhupaHG35GcOxEQUs=z1HwV-TC+dKB7VP zl%8L(Knic3$~$J8CqA-YykRnOnFsj=H2Sgaj2H>RyIB!tcTRX!BjY~0Qk&>;i`Pk3 zf49ls388-jy@CoRjt{!_6m1!?X!hgeX&Kb@I=>{194srr74r2}(}Pfn?2I^|w-i7# zZy9V*D|6F&7KEc8@FqAdvJD2%uS7eq*dd&0u$6U>DW17hb$3h^@v}0y)?6^Tw-X?v z6>1nv0<}G%{#Snn?r|j4_!95FHud}>$0m}d0#yct-Cy{<%)LWhF z3$w>B9*Dnjsn@-uAlpz`dxwNrFJx;~Ab(uTd#iA&&_b29`D46$W1nGBj=_{Nq0286 zqyQ1gokOKv7n$<=2pwyTv|rXOyegc~q*-e{=lI4ON4BDXu}RL5E{^WNH_bzY_@}Kbw zQD06IF2u8BRA@@MtZVKW^TjXemd*}Q!Y0cOMqMtSbKwgQ_aWZAipMwh0fhBEd{-lS zSWtzu9F5$OA$jTNd?L2umJ(tCeCq?8jXz7O7HcW}ousaP2;%RO6GO-zhf*<_jl}>h zYZF;c(*a!n>A3&dy}Y*Kf0>e%DK6ioa=|)Y#_ch&mYR*m%tXOcmsgBb7+dPGN=yRb z_}Ih=bhk^GvA3QUJPmjJ@IZ@renM%cxZb(eXFKN{Ys?JR!U2oTm}nfLPme>PJ#TOe z5^sfvV$Q^SeT7R)5u*csycJwrk5sHe_cIt}=woKS7Nm5hTb*eTa}}l&bK+z{ zuZ)j4y*`d)pv+T2YBUT(r45Ke?}&vNy*o9^Y1xcC*!wk7o$guq(hN)J#?l)wzt2Pxo`>50dpCksFr2%=Je`T{p$o3 zzhm6MbV!2l&rpyBL=zG_FTadt>)TW2LcX-{>B;C1Dt(y-tkrAi{iqtY#7cxyy(6{m zlR)|i8`}ev0z&n*kS1QAF9RW@yI>_{u%PWH789SRoLaN$wS~-|x0~cCD-(kYy(u~V zUQkfP=pVx98SzWy(ilh>WpkK&5~QyEpFij^)Dj)d$B;V;~yL zC+hfWN(s99^fVq2@0k1tE46vGofP@od*jVDk8I(shOGJB2-gpI|Omd`&$^hW%#}Uj{!#@zUbfZA2EBl!U0%Xx1 z1Q;puf3J1CYosV?Zs+^=YLa${h(u z;$Zroq|pu~*auKnB)~!UQ>J-iM9+g`D#4sdxHDB?SV4W8aB=S-48zv^*sLTbjrQz+ zndqYe*ybH_pK$^l+^)`MEAG7FVzVTkwcfG`Mf{B(C5om!Gw<)KD-CS3CW+#;5WSZH zwR7|ckYxIhq!#-IXsU!>T9Yq8(hT^_5FOh}@^ay4TwY<-F|_yc*arnIMxZbfD>un_ zLkNzrOS7fyNqh|K{p=gvWTroxHS7d%N(~+x=0&(iiFE@j+ zGCTrgk4^(;+HTM@Qh=N1IN(Mi6VZWNd*rU^NRCPyPwI)29CgXSB&pm8Tc?XGCfD4A zbIG4)SKB!2=`IsFM(Eq4aG17BzAzt;rP5#Ub$tCcB$WeouxmKa0&1ZBH z&JK5iG}s>zS@2Lw(F`{a_WTxT@TG9Hq}j}hQ&RK2T;UxFy-D)9AP#|eGROJDmw^?_ z1ukUThKa7NVCHWmz--D*Qd^(23?{tMzP)yZZOP-G!|Mfok80~l?{LC>JkEm(CO+nr z8CrdR`YEHyxHS)0S`uvCHxS6EzGU&uf4~c;+Nme5;cf{VL_X7D5I6qSYC>+ji3pCA zpnPg@P}JDao|tHpXP$D4thl0R;Kl9qWF44;`Up*ykZ${+L1w1{@-?qfi%CLtBT#2uq+P2YiRuNc6pitxl?ePtIfku8` zpLO3%Yd7uIrsZv~DV*k_o#brxwG>v)N-~DhRIbqxWkzkQts#5iV5mBMI;3ZK+KFRB zpBbgUf87A!U2r+!R78R6!oW;(J$*wOrTrW&p5CZMvz)~zst_2|GOs9T;SBoh^k22N zmGx*S1|1579W_n_l7~whPa%?Kxd2O_z#t+%gghO+t(^a*l6W_tPvNy+iX+st{;q3 zv{HR*%G+8~U1`PGj69E;fmOkM4PQ<&Krb8x;9mn=YpIfI`=U=8SvIro#@95(C*_25 zr97tzWNl9ILIgnF4#ncw04@#Po{t|t&tlVrmfcO8nAPJ&>4Zh!S^WhXxSZr2%K z19{uWY>3SX+?oY9%s92oOhiCyP>J0Kmab|GH>69Hef*gD=i2o()p3$mfUN~Ibez7L zhgItb`|>Tl`<{L7W>fZtRDFya+yxOOvOMgisJn~RN-JsAF2Gl%vCfj%Qih1Kbt{n* z=reORJ+NU7XU`{S@ANH)F7Jx~Y>L$*qJ@><3&2d|DjseDL=Jq&sgOVLQK zSEK)twwjywIkM{@9KX9=B3a-+{pI~82{M|uoS@h%x;x9;I?WTUu`R;oYA+m;yZ%;6 zQt3~@xXbB9=0vQJ8+fH~uD7a2Q(}jBG&Vjs4I#|F#-c9>3QX4_2*c=Yr}J@C9t91@ zA7Bfz6^)~?BVD_my{^)S3P%R}T_Aq2^pVX^;)J^>1`Nn(i>zdqJF;_6WjmI_QVwi* zUaKdimBiw_U5P+o87~ty5Fla;9iFV^;(i@9_dU5AfS3EL5p*3=o5{-|kzgq1R9~^{ zVoak+V+2quK#JJg*<8;kYZ_~kNM?NKX2L4fM>cg?%X_LV(3!|(y^ah1KTb|T{oNE^wMvVElZZDN{TU_Ih z?(!7pm6ciZAHT%b?T98X9W+sD%!!H*CA4NuXV6qqYk!PFuTuEj3f)VTru-ekNjH>4 zoZC=P?K=r0oDC4IY~k}>Q?6-qs?n--0x%v6ck%s5qXgt0u^3?@SY7f9!@3o?$dg`RT|*Kq30I0mbYpMheMabc9v#d%Olmk(d^q=sw)KmK&SX< zSWw42v^ToWQnZ7KlhGzX(GAd7cY`&w+$}x z_FuicTHG`hn8co09Q>dZUE2yKp@XwR!vBzZa>U% zI6=;>6a?8aut<)RPJIZbSwUnMr2sF$KA+~AMI-cCPr#7(_~02-N?Ym<)3rpp{yN5) zrx&W4dZ$bf2!goyf)>eDFkZtuLM!6w?U+K(9DMl3-T!o^uQ3V|!)j5N%r|fV_Kk4A zF&xPK(J!r92B=(n+BtK5RXV~va}g4^OqsI?m?}={&t3fw!+qa_E24NL<`U~6-iN~l zR9L3SW^6`g>Ef?Df8edR`noUPY%H2gCwQcOQJCtwV|FE=zywbI$p&$_=4EzTb zpR_{0jldt(`#igq8~kP};;nYVdnX$C&S1+m#^%0e@E4HQ5*bzdMmMGOEAl+L^w0*SdZz3LTLu;`^=x-Cv%QO}Wakd{ z1F`O+>c%T@Unf-@jfF`a=)e2}GGGXw@wL9+8V2Qsx`f#>=sVs8T^b4{#W<0jjwYY{ zp$W)AzaM$7Y(x8g28Cccqp+&=HF%hCliUGr3X=@8rbkSEOjg*uqCTL==OleXiK1fI zdMp1&%RsI@pto?SaIMowk^5Cox<&ilOUo9L?bKoNQ*ByO|mjsRJ}ir2*vPap0xyq8)S^V`ni>bx7 zKyisBZ;DJQ4j9p;v5F1U0+c+)_&OPrO1~4E?&`4ig6Kfrc5B^zcV0oXW*20O1^CJh zO)+4DHFFI9B@1 zrGA_6!PoC*S!hip*mLB^`7{ii(h{eL@M1#a z`+8#jj&OQm08D*wca89H(li|fWSi#7A3e;Fd~}*5nhBv0h2`h*@SNTq#OHDcC_?B`o$$0 z^SVqPSuf8DzN)q~gxJp#cooB^30~5(N?wSjvjj3ECr3Wv>}I- z>?4bgqWj*TQ%o+)1|qROUWEmh%80EGaM&O^8QzorI5F50NYehGM-bthddK-x7AQg9 zh)s)%;Gkou8M~xUA|Tt-rF(vpNx41<)%m8dOV0RQFc5nVgycx(M3T0t{NbT=guK4V z7b17ABWNJhl2@4#h#YC3?NKLkVXeK*3tVpx`zkXw84!$(l%)m? zZ22e!L>>ENnKq|(YFDI(GoO$u_WR_oSZ7#d{gjIy50zBAyXc-tv&k|`K7-n&LM3F( z2;vJv5^($3NCkkWDYdmEoE~3aW>%R%&L8Y3+1V2zrb3L@yuxLTX64=IqqZ+q9F2<~ zPocmfShPo|VuOoZV{Jki6wm0S7wOzcbk5%)bi6|!7M@4FfiROfyfjH^!ir}-+tt`< z?rLR=)8*&Zx-fl#Wk}AlmGE6&QxW%};gXW_kLPcJzE+B68UMSxRA(e@cHH+QpRjuG zP^~>j0^%FzyqGxk({e(ku+f(uPG?}n9BAnq`U<7K zCeV|FK-^7w$mjO7AfmiA#0H*stHnva2$tMw-d8uKq-o`-NF$cOAVWb12^QSk8agCo zuIIibb|z+dM%j^HQ0kGOYWHwfC5UL|c#@6@hy6{{w)QBxREa%dlQ?s^pPF57yQhJX zJxrs61zFN)3lPb1P^T{2dc8`HGBj|fyRe92l5Y zs8`UvZ|n8cDF|RSKoIBsQ$w(LFnUdQ8iP7b*{i+0({$P;2Yaj}#^S9GM#h04LR@BMx}1NR443J=81su)ykp8#Z2D zh`1-D;)G-153?eUSF^4z`6ZLN3&w3@HIMWBzbWHv*6-IjDVPV%d^*k>6t4q)Hb#ka z4Gsyzb|V}Pf9iz&%opT)HOZ7(_+X3YW?>0HUpg)4#Lsq_q$~Y z>c9j~yYGTbWz<}XtN{a%WE3-rx>qNLS-ML4>v%8R}1ETql8KYOR0hXA;NNgEv+Hp@(NSE4)Agw(Qc zwYP(Y`|hyz7#RC_Nv#=97w4%9|c*nrQM=Atr7`ium62BR(HCPnizP}3=u0gYzrkUED=lT+DZ&h=ooRS zFvqzbV4#ar)PweUw-M>V_6f{@B^+{Rcc@`2HB)V;tA&wi*R0D?G97@ma1c~fJaioE z=yd*k8~dqCzng=d845`ZvN1xHD#j;5+RWIGhtg(Q`0?R3C(2hywB}pJa>sva*<7|Z zEcii|8Z8<5cAZ^^}<=1f^BA)UJuoM@ed(#%lw0i|tC2d4UtqY1SW zk?7{+XwT@)Lv7CFR|5QC?&rfwZ4GzfU(=1wiPfYW8KOz}@HO_?mm<9mpE z#V+=ze!94z!kLNISKFf`ivN0E?34i-exR5-=xpk_Hoz3z1*y}UlhoV3vsN4r9m!c{ zl>V2wifinG%xcnan2_5?rAL*YGzukVux$E>7-+Y}ijj^R?<8Bn*f52@e#2ubf2eYP z%8AsLf+ANKXfsi8RI!7JH1$9w{pn}F8Zci>ef2~c#kx`J2cSZVO;q&3%F%dqAqe*b zKUHpe4M{Fg+cTmdRN2kpCdq8(+1m(toEo25)q0uAIFJIu)iaiVSDr?n_TZrkVk?2# z?~tsD;JBFl>JiVLXCKG&%%-vYSNCO)fU$2&sQV0MRMBiQOD@{)&@{5no-OQH0y&`< zu9KA1USUU9TCCX$PzOmaF{S5dL9}1__oLhY2eo^8LJnoC>exT}U%lM$J*)v>FkNyB zu7FXGDNM5JT{lMhaJZ*BPa9D-O3c+0{mQbaPjt-0Z7kB_K6)YY^e-biHTR*?LZt=# z!$10u<`sf1q2rky1L`)|N>RK8)cDN(g)EHsBA)K6HXgt*-u*2#R9CcWO0alltn0%t zxYX>eIo<#TJW}9CPLcmO-XO!8EI_=4>xT@z06JjJ}wtq&6piiQfNf$E**#{PXTM`jLJBl@Jf zopA)LkZ6k~q!%-0nYj?$8*gO}L97?0>Z=?8EOkExFRmJ1 zADmLkAv%$8(sx@ArhNh$bOa1Py?TxS`6!C)DOoC{kSX4HcxX+napv`kspmV$g-1@$ z!P(vo}O_;bZrbQG8qh_|o`H(m)I1&5ShV^ueoI~N@fT(Dx0P_>b83-8Y2 zN9yG47o{69u$<(r$~;>lNX@6jg;Fr8Vrz%SvH@2B_?Swoa0l(zbyMSTZ3Ix5nuO=h z5P1GQnxKYOPCZb>g!w0hF|y`e;uYPPVx8g8UvP=)?u6kybBv!ct{9T%wdzaf@kAS% ztuR-sOv9*qUEXP-tmkUGH=(8}7jJofUur>&uA>sbBK--G{9=56=~@(ijRmoh6wk5+ zgV^5ZCV`6umkbnwC87NTb^Bxx0gsud>j zZSdVqRdMC(WHjptr%d;4`?e5cr$C&HlHv%{W2D16HU_0`&l ziu^0{iqaNv2|p+t1kF3z8tDi?KgmpK9~IbD$|(=YVTS`0F<+9F({;F$=Ex_I%X<$M zYk0fog~74B;KO>NN!?z)=Z-_JaHBV-5BPi~%o0|gbAbQPz_NwHD=0TwO0Rcw;;J4Q zP(0SMepyrqf1cw69gO|pT427p23HSZp@=)6(ggN^K#)FcXCxbfFfQV|d z2Zkq0chWDTeQQAiqWppV4?2vtLu=d0V5s>BKvRrpM_9bPO90H*IdF#}MgLS@> z;Oh%<_EskrAmLGB;|G|5Elgc$p}a(&k38?&on#>35zkoi7GzS4zVyJGLWY-QiT@!% zLK4!gTn_kE*OeI1UrDa-8U+8_I>oxExDL{6r3{jpGMIh5{VZNL2(==YSzgEoMKqaZ*YQG4^eieQjO=xKpnML^13ktd{gjuM~ldL~C}V!VwlKMy$>jzX+KiN3;4U zsnh3VI>8M8oD0Xtojv>5Z^hFZ=QTzK;vAnU6tX@Eqi8T%tG-!I6zBgSefN?2QRxd% zA;fzapG}ZDuja8A>P0(n)!>C<#<|%ygX5VovLYm2R(`A1BFf(1mwFx^2cI)2-$0qh zkFu2`<6Vt<5Pqh*M^8UV)S1+`^@;9)C3^aY?-3^_^-p?rhZs|9a(YaYDV>pe?CePs zmaH17mW^-Ww%dI{7efI+z}g|l>UO%hZST)Qc}o{?DpDWXWlf&O!><5d5Of}H4n)eY z%W&J;KR{eGDhrg`G=WC}W}hBq=K&ZcDIlpFcA1*TL(46dTcPF96T<@8HYBdi*Ljin ztHQV#pw;D?PE)f$w|DA1hawZ8Un-RFwVI znGqw_rG;*FQRnE>wV2AFFQDhko>Ai}D{xEa6fgC;g;W0rC*avi4Ec8&>?~M!4&OG% zYS3p}Bg}!x*&g#0q+W^ZENGTM_BCtENrNZi9W)(54+l94Rj5WUj*f}8!Kkc;;p7sc zNN721;mUOjOw&25hg8N3^>a?6K2UKHu|)}0#8d0P^}-g!U8H3GVgS)0y+b|Xm>f;so|gpj^A#O3gK zDu&FQQeo?xCOF!m79?zIMgil`^A zGYhh_UmA;e#oy=ElC{paHDhNmToaPeVO2gV6gAfEJPjP#=WbRJK-y)Y<|i&F4Kk=O z89P=VT}#mObwN8)!`Nni{$!!0e&-SA;tf$77zp4WC(pG3Jb z*x)ny$4^Ijdssk+(?d@ibGAU_p8^~aJzb%FpiMNcE-ApS{8z+SsFQ@vBZ*mY6wwE` zx%Y;?>vB|sHLx*k#5-eEj3M9Lsd*T0l4bP>(S9Mo&3rTyj`E~qYb-VP5vw5g@2}3N zP)^C^i9zP6k=tW$!G*G?7WUCycokF=1&!Ik^#3Ma(m~!b=!^ChpD~fT;9zL)Y~v)# zQ={s0QX&H`>SBe&Q@H#2yV?K4katt0>jXr=8v1tjyU^|*RQAE`RFps;JOArr#F84a3Co$N=nXpGNOsRkNY4jO0-(?jiPP!1) zDT|Z3ECp+T#{OYEXviyTPq*gNt&OI3%2+_d;jfBMajDF&n=z+~05bPxwFY|$u7@yn z23eC6RtLIuu#*m~d}4qDcZ~OB1=h<2fvXXT~HZclI*c^Cq3l3^l zgo@(HgfNrMT-M0SH_>Tq)ACc9Wgv!&5YRCJy&VpZ*eO;yD70lB39QAR7UuP0JH;YI zu&iQ!|ESsazPQ(ToTh4#liYD`gLjbPN%jV~gdj{-l()<=cPvu1Wi!jreLb+C z+Hq|0$bFHuZ@#o{feam+MOyKl8XJ#ysxt{vdlD};ekJr>WuRGo&v!8nlXmNk(RsCe9D_JUrgvn$H;m52UYR*t} z>IU_1IO^&>b6y}=2|kNNAL=IY5a6PKv+?ky#v}Z&S<_~TrO%Pih1Q%!IbhHt4TmRP z)b=}NA>_k%O(}uqLn3g(!@Cs`TqQe6Rb!aH0IcC?dWAm~;WZ%d>bopIW(vZzcHTu7 z1E72{)6=rwB1B#O$Dg*4oGFJs<+T0jbxD%%3^ubr!*DzgV+akcVRyf8ZocW1QE_vO zM#)$P^n^nM?IxyGch^l$mU-J+L8)|-v9n6m#&bN2Du_Nu+#FGzWab%la_Tg%57|^V znIqsW{>-Iq2PNWrQ>l{X0qI>N{II1zgGYWB%)ahS2pp~M`6{74MTYpbtYi0hyLz%3 z!#%^uhtUUL%hkx0}s>6H8jDjT2;5Pb6zmoYrCbto5B%e8cvQC|1zmW!6$7*(Y2; zj5MCfK4B3PN%jXq#afP*uEhEY9gUUlSGRIdfvKCblySWxmBDJRm?fqEIB74 z`u?%;lBP;&FIO?fedJ@e=q-cxO<-I;K~`5~vq!-q=zSHY4X&Nc0djO~8WDCFhpgC< zV2w7CtF{BXwiB{sdp9vb_@0KgdejoeKXJeMgp3BqYJ>RXUfLDwOjnO1$RZEwl7mo2%DD!QMAJ zSEnD)8Je5X5Tf=jL}?XsSw*6UMZcVC{^ZdNeyvDpZMz;N zG#W?};1TV?+g|g?oWXq0DvM$m!Hi7(1=PK71+UvdBs+b93g*=;pfnyLCPSJ?3miMc zEh?o__GfT8=tCB0Pg}T4Y>KaLkgaG+xG6lYWVf|m{a-a2Ecvvlk%gGx3mv8e`efwy zhS^FHKi@lbSZN-JA~;788FKp~hM*@VytSC**(nC!##cw&X567e^}84GsVmS5-?^(A+sOBG<}RltME|RmFpV7W8r@g{j42 zBTG>w`U;u~oFK&TzG7>=lVYZzw*zC|a%?eS%c%TmYRq_!VDLU)bB zAGMqqExov6Ty+~+K zE8V-HrojwO7qoPuOmDYWPLiZ-&fs8|r(u!9rac%1i7Vk z0J0Rc5H}z9i;etGkD7Q#A8Q1mqbY_d?8AU`g^+?lK|#&9in9gotrYbt=eJBk{H^mk z`sB@%p|BrN6w_%9His6~@gDZ2`+B}x%T~gfl^Rl`Cxc>}y#V1;DR`qQ5Vz(@+S zMC|IjvwgI{ykKE$1M5admuHnoT~xzYnw(m?cjHGOTc3W%HWS)gB4*J`Bwj}KB3m%& z<;wz_NYA1*EXutgS2uLLN0?@4lckpr+oK!O2!*^97&%tzc9uSpP*&>Bkj08t*z?FL znYycJ3j4*i#DT%C@t|VKoZ4 zITagD*{l)2wcy!w_)`U4pT?0~`U<&;JjT!4@v%}YBmcfN*di8!CB*{N60Wb`3d*M` zNN73eQ*BENI-@{JX)~6-BC<6%`LA1U+zwazk~-;%(1PWsOX$uzn6DE%aY;!4vcDoO zq6Vyrn^_Ou9p}w+xUGTna4jQFdq`ZxBBbEM?H2iTX<9Z5*l5KFHVj9GWSV<%uV+xa zS@Sp=0z9Wdl#`fMPZ?ti$d>suQ=G?V#$ugMBIZ9UQaNeCY5e$-6~ge#L6VwJP2K#z z>gbz;WdtF{4Hci$ho@A zOm+W~DZI!r|2k%F)T7|$9kP3-k-tDk>PQnz#~fin<~f3JDoa9_(bVWu;V~O;dDS%z z=ss(Oq=*oR{LLgbE8NT9fu;`h|DPgPs|piMJ3goefz%&`2<098HC@(CG?u8X1*cK! z^JO{0tY=x41S3M`_*}Ok@hDb|HtUC;cSLy9oKQ&F^O=$+5_&5jP{Kr&$R?0lrIgMN zN#1JW7M)&!HW7JzoQD5PJ{=Ke4U2)cuS;s|%!LHJ46A$5kJ4UM!5A_EFuxl> z13TW^+J|auQK@_T7`*J#*}_dmqon2Fk6sAY45SZp!?cohms3_a(1Xs+z#J(hJvSVH z$#dqyNIB|}>mc8Ka6{adsNXd`h6Yd7>1?oCg)VyFg}Q@IC%mNG@cA9CP%=g@Yn^em zmg!5=sZ2;9>KBYGzjszIVu*47dXHxlScBf@G^KXyteJ(T>#I;=vC4CAeL_T&4ywSnZ(&~aP;-x2q_>>g!y-V8aXhIqZLcUH1&Zh@Oj`dSIGxjY zz7R=&$SXmvh<6VhZQPw;amN5WVRiN&Wl^^01m>w6D?8HN1K`BcLX#j~9gmKf&=3Y>&Hmni~PiCS}*bx832Mi#_uJMb8YVMg==;u#wk^=Q0lz%;L zk2uRlkNjETAA%+N-Z}2CZ|rYcgH7)lG=pSJqg?C14mYZ~lOTtuW0h-fe!=_m!D&p7 z2J!u55t+~i^{80a_ixW`19l2_47Tg3@=qC(ix8^zxM!VkKj0K=AN}g`h)`8RMbY zA#wPcKYQlw}F+9DhY?<0Z%Ko&Sn@{P4kML|w!NYR+#rW99=t z<5h)I@qo6b%`FohQUOvw(#{K=KeNWe+!7#{-Tuy1E^&#r8eXYS+;~!(k5*F6BD*EP zavm|dkjvHlw7|FuN`K~%tJyXcU^eXvEpu~YT@{v6NbEmd^A-%Bou4fzX?vsl89$a| zR!PPfH(}C3E0ixT>83+{?}oIIPkRjaRr*H>|@d4 z9=*7iP~kKO3G@Sk4;iI~oX3qgl5=6v!xwR94VW=fV0j$LDu9zdN`*LN7A(3mB(f1LBsUj)9#Ad%bwES6 z>VQZdcI5@CtRIJ_WBax#+9{y(6a4bXwlXpsi$nqFL4P;5c?}OC6^&mI_OVmS;h$ju zE0mG-D3OeyTxDHHh*yVQt~|x*m8k?j(j%_DGByD;k8=JrkVW6sr$bkWj~+&6fld~b zw;HKz8b_x>5L7CpTwQl^0YnvWEi}4$NF~>{_GPXqg?Y80V~;j*cG$=nOTWC&qTx^b zkv?I$F8C8+0ugF0d`;G2D~?1PI^N z8dpS|l^b=ybTS5hJA)y6$LBPmLQC{h**9E_nNHt5jcJy0#A9v6Nh`3ytheQb7wFk` zW|rQ%TrP}iR}oUK87Nan?zyhYSfOYQtWFhbhqYpaCt8XXp1vx!dc&w?xIAAmWhq}@ z_lhrXY{@K{d5s$JtT69&tSy0LdBMVKDlnNovNJ=@=9Z0n4ZUuOkI6X3kO82#O#j*X`~GEklq+&$b0GFk|P<@hswMd(}}KKbLmyO(3#o(}s>0(i9uLYjV%wJH^8O zgJmVNWU?<|jtxFl!b2NKmaw$ZV^gQ8tW8cEPWvs8$LX?Mv+qK53389N^^hjJB}(t> z8!Hs_J?R$bLbbejQ&NE-a$ z^ox(fPa6@3Sj9HzEoz<&*P85p5d(ho9AjW_)%DTx*!Kl#jz7@1I^)NA-zz({*)LeK z&=QI*w&e}A`@A{b%NJ>*tIi-OlZd@+a{Wf8KD5`uSYlylSBfV(X>KvDeXwNPJYd^( zf ze((i}+G`9*iTxyHM#G*~rJ(tOp#YBYs5+G<+>vp~c1;1r3^P0rU*M8p{HoDCE?H~I9(vtHE z63%!wl4nYKUKvk)Tn>b)1Vqj$!5|gS#6Ar3s(>3AK)d=M)?&3rJm?cH#ghCxf(lka zZ7Aj+S=mZQIG4o}F=>)GCgN&;2lRwhh2v?fe2m19^wcvEG-(y{m^rD*e^sIRKoY>3 zTZT=RkL&{$d=i3;3NugjihH9lTbiAm>mjbCk~i46Q@>j7t>!`}=cd$kQn|77k%r@R zF{pb+p}^O`*k+Og+$hPz(Po$M6S12Q`ISTmDP7szQIsY`KSO9cT6niC(oRF~zP@A4 zlxa2Wu4BONLOG$u*!air$G=lzQ7#GJp8gI$?n^oEUB#p&%swK@6hHZl`ykJ4H1{#y zkR5JS%DO&Ho#2?HBPc@f#-YTvZCE0~E9new^ zJ|WI1jY)EwUgyyDr6$vv&uZvV=@wryN5sHyWalRQktLR)PG#%ht--O&gR!VYc;4yc z_1RGs7l5Oe75zanu6=Oykdbc9Zwk?2w_1%aoJPCguPH&D;zRRnFr~KUQ6!=t>11nM zNXd>o`EXOi@h*=9FGUUW$7EYeMXxAAF+-gZ>z^}C(Gyf$#QdZ(SPLXyv9%zPPp;V? zece>~K#Ve((f5kq7LX~ea=Y%Q3Q5Ti4j5Xn zh3fdGqAWPFuK`Xw3Vp7<)fghxX!)Z>-%Z{r%1pXgP37Ij+}%a3Y55|W0KErGa;p{1 zyB9lx#L*n+_(-l~+wk2ZnU1m|LuN-4ZG$zaR%jyik!%Eerr+tr6swU!+lK!%(q1(ae!h zTE(AxIdkS~xDSr~6C+7r^zUO5ObOoIGpPb<&(K1~3`lMaN zi+j)5LW6B5)_5#S)U(P;d$d#GWi&fSltbn#kYIbi)4Rp3evJX+E6!FiJvgW6n6htN zZwAU{a7E>QyuS+ui~JkoTxDU$_`3Y)c`(VUzdQWg=^=SVRdbJLXFD58&MQj^mnvv& zA}$D8-lj8Dxs>Y?AUF&laUf&JL|%MR4l}$x?2T-L=t->+_p-XEH)RCKpm3U;EQyB# zUMk>5gMfPAbykg4vzK#K*P9mU_i}c@_5Z+{Ezv4gPEvc-%wF1%NLpaj*mwIS*)#y$ zOijsT6%s&6IPrAN`Y*pdleFK4fSedqqNRhh7;cz1a>o^-%Li7SSrws)J|37e9~n4pFni_Cb;68ddF;2*)dX zaB{x_gR={v>~~pq(eW>g?Cq)X|^Lj ztfJ$2DK5BSiB9YX{T#o7$DQJ^gvr|3XGzh@MselO7PgX`xL0o(^pB(;7=*|56aY3lfqo~2?m5uLF zR#&W(>NDx4#hg|8k6?`9~2q_y79Re8U!c zWW`W#-Q_zcOFwg7ogDYMyf^66k)2f~#P2Q0i$m(>^>W8bUX;&GWrVr!fQrI0(ZfrG zrk0-wZd9K@XZ+8MfckGn<&`Et#7j_R?C+i|O;P0yWE~?h6c#9ykCX=B4Ny_61dB8Zmy#N0W0^Jxs;sM$zpITA%$5(WnOL&pmU%)sb z1#IE9aS~^WuKH{=!GEm*x71FI%a?a0pi)(O{^F+jahzMMjr^SKwd3tYAW0dYvFWUV}}7bjG3HQ!WyuLLRgQ zlX+0)YH(NUEOLV6tcZGqb3%#n!2aSdw9(_nBLk9N}tZq#ENQ?GF#JGmX|#Q-*b!fYD${?$j|CebR}Jl1$i9xIF|!k9wUmlO*X z6}1t_9Wp993?8sL*Y^hFKMpV-$22(X=vCV4Ez;HiU-%#w4}eZ`JDXLp;5Sc*yTu|4 zvp~#sX;CnaX~=3L>5D-hAS5nY4TG4+A^k$LoiFiGCWRivGR(`2yJcuqyng-jB<=m7 z)mRnotA+YSysBn>(ct5w+wgxcm|#0re1?AEowV4|rf~XY^OpKR7+nX33?r=^I;r7% z))0lMvt|z`w-nG>3n!dFGWO$9p%te!BN!8QzO`%jSHM#mcW2%L!FiCQ3!ldZZDLr^ zR803T?we-59te%g6VWP(@iWXi{%dXErX=;4D4vV(SDB}p(4La!!n z_90j^)Af<30tt5dbR2AU_sp8~7`;$m{2Hy;XVS58+j4k126JYTBlC}So^TjE5Uz(7 zQ0tuzbc!rd1S-*7HgsNeqvdAPCu6f1#gv>XQl+QC>DDf^s!Hr1lm2oHo1ke{D6n;2D8kp4j)bI6^QVS0`TT4xDcN0X28%JMIoRfAp@B-fct?$XXCmbfo zSoQuRlKE!JdfeTQTkBc-fO=x&`sV7tK3*>4*q`Z!rExXNLxx>CVbT4J@6J=&nTf*& ziDFDU8_d4Bcmv*KRy=}k&&x5yYJQ?m(0?z{6lT{02gGyR^Yf*?WW$wFE3ld)aHDCdms1wRPd0d3JRd*|dkwQ10vO5~3dMxF3^*#AaF!)a3N1Z| zFw->#ptx}!<}8KG%k^HVU)*TuQh8i!HdRq zQ=p0rXClOSvQi?mL0rR4KuMOjw`H_upqs>PqmzQ$%Dda|#1Kw+tn?rpk2K@H3`LNj zFR$~)T~rfqQ*S_UH66x$?C1-j&FgD!J=qr`tSBS5hnnORAJ^Q=|hKv(nMYp zTR^)g!zQ!G>7XLY`sxAxak|SV z60LscK-5=(b~t*-JcCHmvRt3{j9M8l!vq#Uayjts_;8kpB{HDU(JlMC_ctN}YJUi@ z$VV!wPnQqkb8~d?F|Dw=fJ=t0J9Qx>?6PjKqWBTo^e%h95+O~fd9BP5zlvKTVa zq!~^6Hj2<$2n-Dz$<=T2QuZED;c#)2}M{(?vNIAj!l{Zm9)>#WAC z=)6Its0lhIevArpL;n;FWF-n1YVR#Yqdl79A2cM7=ae;6>2$hBdQ~V8m9uau#|DTe zdVlRz^^R4eG3_z2p22$49n>VwsN&748uggBA|ac8dhER1bW9`TKbAbl1(ghj|JWj*;qDT_aA0%`c29kS|n_e+P>{!|s_ z57A;FTtpJj;~IjtX*^LM18Xp*WUit%U`JolcS&ytz9FyHJxq^uZFhBY1=4ayR0L8o ztFFj_KY!#3hGpnL#&H~#wGb|eDY}cOY38#7=_zL#gJ{fZ=^xx(l%hpS~vZXG~2 z6Dxh=zI!9a2TKqnDub5E^Vq5?SL9mtp((|JgtZDo4_D>rji@y*2O1}8<7-obn}skX z7y7mlFhA0PJ}AWHS+}Q2ZggMxwWoWEC&&j>ilEDWVP8n?8R8rxk17U?*K4?zUOEfy zoltZ6kOTw7k4~KhL?rSs)bz_O?Z4B-9dVZ~IPceg0uXA1ylC`)LJEL7w4# zyC+Axuoif|u)-bg7MsYZ6^^Oq|7rq|iFaL}8vmvs&iemBMCM`v*Bwc>dC(%U>o5Js ztyDA_%pFw6=1hH+5k1{^PREwl5Jn79j}gyDP2t5amU_lMFy)EzGZzi^hHR(n1C7$+ zOME%-3C)dJYO)Ei;t7igUY9NNfB3V%>?)OdhU`|tl?k@FL*IFC2>&7HESo5$5dsMP zqI|<)V~CR&R=H*>$^AsO%qIzLjL?HW;$yV+LEpC)3?-ucT@IRD?9G|GGIW96iDhpC z>w4E7#1nsM(6Ya3Erl1MV7)FK9s%;Ew%Vq;UDOQpAm8LP@!fV3Fy$_JH6?VXjolybe+WI$B`p?0f> zQeB<%Y3 z_3`dSLcU#hj&`im;I$*I7jTFmF08x7hF!u_-HXV?s&T1aHQ1Yjg+lYi=DC$UI*%X7 z#fE*oSJ=GeM_2z;%XKD}0$*sda@_dGnN{w0#57CaN9J(U;U*{tv!WE6UbjAe0wA* z(BZxA2k*Iquv9=Qw^9#FtgH)Y9QF??b?v>#hHHNzBMz%~&z5_`BFWe`dFPit7um&? z2xfSeW3qx`bJMm2pcc7nx^bS`=y@8wOe)xAilFsd7m?@7Fyhy%pUu;svD&@Z3`-tm z#&`8GM;qVDXPHHRGx}7~#8C^Q^~l?uxGkAAELx&TEAV(A)YT%N^6x#kc=at1*~sw8 zIu~N8VEt0=u{hI}|A{G9*S%?+rK1NjiW`uzK~xPtA7!nG*nIuIU@ zjM=cDRt29qkx}zkpJ374)%6%oKU_x{QoN}C2zlK5rdPKpjxL$vO1#ux5HUB6B*YO; zOW-ktw4KJuTvkVNlOwnaO&+K11iY$e1cS=vQI+XC{$Dq0?lRr8*Iuk^>O{!>ijCpy ztZYukWO+DV>%nAu|?%ym(B+t)l9BQtRjZ#}&x`q&Z>XQ8b*CfPPs7omKj}NzYz3hhp=5gNMn=P4VD}$7ai&XbR zg1o_?nB29I|Nbk=g(Thl5V!0+wZ5~z5;N4?bn^Mof3P_UhqkxRnV2OH<+hu-M!Nem zrbY<@b?qOj7bEL$b}Y#YX1GShpC|pHKpd>M3mO8sfG&;sYZL7Kp@>W)a}Ih8{rjb8 zxz=}U&#NIUx8BLF;w41ti-r`Dc+G^TSD6Pgq88_(T~^+hqGX%J;LK27=qsrYbp*Psfrz|UQ2zb{)jmgr@;rI3q+WS=}y`;z~DR7Y=x_E zjDBq=k=N|+PSoHoGaw`40X1u`8&&M*;1LfiM+<)B#&D4eXtN*pMf(qW13clydZiOl zFTbnW6FlNd#x%EGCY6blUq9~hLvm{1lET9iEYyv-8& z^Ya&`fC5Qg(!7ky&7F1r@$tN%CkX>j3;yJ6q3MG{lv?UO!X6%oZwajMq=FnRguRL! z{O=42lG$aHD&R1i$?MFF>!N~Evy7 zr=puh(fQojxGQM9`OhY_V3*Kh_2yRGg#}Qal922pxG9P0@9C6l8+pG~Vj;2Lr_iC< z(k8_bbtcgcBkMx_X0raE2Yd%XKTxp~ zmqnLV$tt{tin5J9uZhjyBLaw8F0M#{mlZ;u_QC$=gGD`XExy)t8 zO^tG|re}*EA*F0wEdLNO9{AFS5fCeXN&Xc4enK_7+;e$6Q=;PlcEf^hoCDrW*8z@{ zuEJQmd_Ccg)+iTvsj$ByeIK-|wHPTZ^FO9JxM5v=Su?}eT8lLF09Z#HBdjj;c#N5{ z%FKm)=VGM++L@LLc27)hje?SlBI-x2DUxM)!!4qk{Lb<6{b!5e=jin;b1QBwTaE}F z3j@-p4~oW>5cfi-e-3d3{NRrY?3of5=BiZW zKbm@=WQ@|bBq#(N07(y_^$iaA<3W!REiYODJxZ+O8B51@9hK5kq(p8HkJ)!+;|!O z+#ldNe2VA!mn_j_@JTj2bP2FU=$O}N) zZa@%w^dhDt)YpeP4;|z4J`gD|&UlGm^2ktEN)#(C$BIePN8OrgTNpARrP3 znAx0Cxc-wG+>Fv>pej)6&4)!5)kkqYdM|!B7CMWP1-{Vlvd`C@iyUnp;QS);V0HnX zSM@Yr;&>y)*(TxkHgZ53kUua zwUayYelsk0(Boo;9RD=Mcc+x*7;nZ|d6PTZ8%!jz0cZ)=QvQA6qOP|tTXmFQ+AF>~ zIBl9Y$Pgd}ZiYB%qu>|FO3U7grVBHiSYHy|dm!YD9bg#BsruL3~;yr$P!Ist?Xp@o*4}yIP02 z(dQil@*jcK-eb`>$F)iN^-`a46I3r?#TI!d5#zqWtEj2PtN+;Z$xIP zAESU=LUx&}?=l@j$<(bt=qL}e%?VUvAM?yp>IK#q`L{AcFr2X|lkCW6BiE)UH6n_> zkHV*hG^#1?nI3xjDG>}v)`*b-xyrzH7W1VQZilD+ZZS9B_D7ww58mP76}5+C>6ZiW z(#;1?TUy4-fnsI(rK8qEJ(L2msDdQGIqq0Z4(*ha22tbx#}m6-(fiCOl8wo;?21;e z++oX?Mk@DO3@CKVz)I@{*o{vLb&KrJ6@kjdg%1DUg$vKFMUeAE3tBEdP=MB7&HLD9 zWD{NynA>d+NgRT@Oe7rOa@O`uA3AGY3bvO1{RG0a6Yu=WWgwB0u|F`U;oE-$IY!b_ zB%#uVj1}Red<4p(k$iNchi00ShW}5*gE5U22^2EJTd^3B!@s-Pmo4_E3TTxkZm&=M zJjSBe`MA?V1U0_W9{F}%!z&G%VhgJq61_#;`Yl%EKurGfg;yE%<=y*B7LN4k$HMQq zF`Nl;lSu#GPM%N!@?b^AZI9f2lOytSA}nYGDBXo+qv=vZiw?}`H~59)Jz#_`e`Lsq zqb)!Mx7XFr<#@p~zI~TPV~A}MOMi(T(Q99f9;vTW-rEAU1pxJgJ(A4jAf;?Z1}r-N z*O0CjOa&llC-@BfO#IelS0Kl=hX+SfUqKf3;&Jz9m6e`oxU@#bb6$ny{l-;TF8n*o zc=K}TJyD5%R{ zS6|&&@v&&gC8?*v1$KV9LJ`n0V6z_(W74Nf=^?p=S`42_f^qX(D0aZ%vEoiwft*f; z&&eG=j~yY~v7%iGr&zOcp;z zj)BK6{l$dnkfKHApzkz8i*JUeHy`O>IX?8C!~|4f^En(j*dHjTC zsLxKr9R~hdd9^b)+r=YM$UTG#dxWlP7q11Yst~s+nJ_VH6{t(aO53GL$-DMMMQxZZz*2HKnX;@hYBD$x zCy#_`40y?Hy$aDuw{rqAs)k_^#mX)oRHrD6Bm@bFz#> zSdwJ_bzQF_XHH3llZ(7fwRTj_^_33(ul)vzMuws&6*S&DDXzw___DyRh#>+cqR7h0 z15FmO2H8of`&O?#k70!^&zaI=sOqm?P!=-;{U&i1MIp?mj!V@9V&W_dGk5>a9y3@v zSPw2Ua!Iz;^QF}~#=@pq6Zb^h_68{wZ;M#2Q%2KiI*NDR!r|aQOld_o{hdM22JVXw zJ%l={KQ%XPEu17>Z0{G7@}4N`hx8;Hk`Pxz5x$r0A;lxRl>Mnu(Tm4AN^B^A4p&Qis%9_e? z$c??B-neDl7b<#gw0zqbe6*-5Iz{g~eh*~qkiYMFA1CQpJUTJ$e=xZ#TJ*www9wpT zN0)V$cp8|GD`I(tYci~96d&zJ^%zhhzZo$^@Mg#e+3yuka7URSC*z`?EYRxhI|N9*?#Q*ad0_3iCZsi+%6dzaz3n!whv0!JZWJ z^T>66Is6h^#dR8q-7?iyCqjD0`M)sFjI7qeSo!Z&gl`T+6;N22k02tRw^L;#gw|Tx zb^wbAbiKQMnZwc#@C{k8O36=eSpdl{w$4tTB5-*Q9zk-}7%zwiD}OJgC% zR>jFoD6l$eTp4)YmY-18`3WRvh0|D)Nk~WZS*1E8-OgC7+*YS{kFE71wBE9gk>(pP zRNv~HRQj-3wnv!by+&3K=+O3xTG_xgS?=OX`49kWL^`meu*y|9vCSu7RrmaO8o{aw zV{^~H5dS;~0>kJxsubVIPZ}#snNLoHUCpX;( zo*#-cUh=qmC8!ao^dI9o1VE?X8FH{bGPNYv+i5_?B$xmG2w0ItP_`Ri1ZNhMfY#Sl zxZ2qi=~Lut($~n^qP%EjL$dvb1UT2nAU(r)&jg`*=)*JIPG5#~MH4R?dEgJ{6|sLT zD95SoCaouce7S!+$ynN=@yCdZE&au21D%pQ^h9k6vuCCSrjY~ml zDYfzu?v|cMOp1@cHDIbp_XS*%fKj15CcgJL65n!JX7}SDm%x5)s+-G#RA&KpynzF= zKsH^YI4m$Y1nTZVD{=sDStBEgf}0S$s$(TED7Pm~`2-dpsV8z8{zI*fys%+CKf}QN zSZaE7TBK{VnFX(d$fp)}43xh)sdP>g1}-7EC;hgk31iG_Lap^P%OOq0oR4gcPXenf zCL40}4$|yfqm#L(@)lh{h`EyBAmdhi%M&Pu$0xC@&b<0g;;bh>=zf(2aCVV~Dq6K= zNm96z1dj>=IQtS-Oz4Xx9j*-|*?A-FNa+RQTN?`7eVnf7T?1XsRYr9xIl_iA+xc8R zVll{kh%5}xxquo2F7yUST58lTVKEB*(GOCxU6C(VOM{Zwnk``mJ^2+Y>RZuoAreo9 zv!hVA8RxM@0VGQNbq#csKl(jL_2h71EY*N$13xmLhC;9`BRGgfhP~vdHxV<PLW!qR6CUFhTqK5AOAfEGv$z`~G5yM+`!?FA1(!Uw;iA9=$M zo@8k9|3#)5tJPE+u#3jcbty=I0bkS;W=lgvdeJ)##5Ds{GGzO> z>cS}qf&euaL(jHVFQnNVE!RYh?;fB&pp-)|Y-(0#MFvRUp1;Q*;4b>&&F0i(KuvBr z^}}m{XdLM;GI8y3I}l6_IEP_Jret(lmtnVVDcP38+NSlq&m(`mCzPSZ3>)AguyniK z8r9}~!V1Pd-t2lxEW3=)md3MzZ=}q<#tNdqi6|a{J!9Ygg|zIi*GP=Gxsj z%gsv`*2i%)$u?mV;>D^IYaBLJWFLzoJT%EDEAjz-wWk`_KPKu&EV8fv)=OMRUdq!J z?03-ch$=9%cNfgI46HQM!Z{@%I`oz9r_GzhryEWHi9KgDH`!z^Eii7R-heqN{XU_o z2^h{-xLtGC#4NIUA#RiyVKOZ!LgzSxwi?$Wyi0>7|q#r zeMMHuR8pnBe~saP2>Xt=))h0o(~Q#1@j4aYbOT}~G>4+$A%G}hc%*r(Hv9*Biath0 zks|%UqQMd~1B$|ur3wSLf-2tI^`vriKgzsMzT>KiaGe9O)93jge`Tb%&-aRkE~JNR z`9$Y3hG7@nHKTN<)I@;QUkM6+gqBTX~7aBM2u#p&r8z7y~MrNZe#%~z1!tUchf z6x)bR6c6~20iMFf5Qa>r+^g|yDG&uL6s;o-PR1MHdtHJq<-W||(|+2!x*t^pXLYjZ)Ui|3QT};U1nh2fBvAFd1e%^ zdzu2(6e-{V1})ge3xzVpw@n3_mY$xeeYzy+j2U`O-PG}MGq{gH_Dl;(p9P?wco;u4 z?RZ_o*qCanDWl|kTNCJ!o+G%u3*9*BV7ZFDR0Sn0BzwY%h_&FdKyv}G$igxY_))<& z5xc>pg0Gkj*pq)QNGp@aM|8$6WY-93S>v5_|`pv5n$(Am9 z(1@LmDbHF}b2vN6qc}TLaBL;8*5)xW_#zKu*>f_y;c(;ty2N#KAe$J_UA&NjVD%!C zS|bH~O*gJ0p+Bv0Bw0Qy$RYmIq$MSzHo&7AY&OU+_;sSa%kgo;t8al(!8W6cyVoTB za+`_?ILGHGKcCF7m9UMdVSNu+}lB$uiC%wi_n^VU#bU`q5vejP> zUaBJ!*_UyrUnz$K3GB%aMjH((<1Z1fb7Jx9`>+|QSwU?ySt#k&J7!IVHq7 zvFwl%;M(3yn=H`IfqvFvd!7A-Q_xop8xJ<=O8gAc;gDHsPREv0n8K;K-zn32?bW54bYklZj#F*)|5`HPm3wqdXkbA1dmTABn%661q! zK0yMgM5a-(E8~JOorHc+5o^VS+cduB75X>#cr-QHS}M^|touh76NM8!G^5^~smV04 zEGUrwTS%R_?xt)=&x3$J@vALtpNjR?vlBzc<9a2F@tKUh^P{@oz7q%(bH67Ng{ z^F051W3v*n@xaGL|L(qSopYVBm!G7UlCT41pV=m!z^I0RWS05b9|;tf!>bB=Czo>N z{r7>c_1L4gM&zu6IFz4|qm2%^=Zej|RCbdat1y$1&-N6WFW2uS_n(7n!h}!%3=&^9 zGEI!-1~kUPWN_-Mwpz9n`>j;}wHv)jZ_O|+pKn);I(2kvj{22ixvz3aOJ!W>ZK!Kk zI&n6{xFUV}ZOIB;kEND5{QOLEl);qOkZBzS)}jNP3-ZmtEa2MB>{sw8`^z=gOrg@s z!+L<(aVwwheZye!OcEPXRc{f$fs!r1VRUr85Md0fM-4TO(&VNbX)B|V!{EZAl7K^Q zR6hoT$#S7 zEaaQbe!%x_418(h86TpEheL+Av$W=w3rAMX@EdFpv6AZ?;4rmo*h)c2yRP5^HfATt zM`59tBdm>USX2ujuU03l*cfz8O2PQfoUifesmA#Tf)U!*MyM##sIrnvj>D%tX;k8B zMTaFH8u<7>*t?WVjTa|qj-nom(EQLmj~|d9SS-Vo7vx{X3(P8;-FT?Sq3(17`0ccZ zV4OkG)(g9x64N~bXMbgR{=2#Z8=FPzH7QJRpHUvx4b0v%BeYa)Fjq68d)ViBy4ku( zL?&tw1^F2}WQ<|S*3(x5BNGBKDt*HS5!WV(vk{9zxvOTU0gUJbjQ9Rq1+Kfsc z&nf<}2~2`~J?=8VWKOSLHDvMOE8lADI;0|Qx7{u?eXjLF2jLa@!Bi*C?x(kqam;mOi%?1=Xnz$ zXA1cj4dhpD{MJFo*w!1$uuyhIne;08C#np{^0I>WqMgGp`jUl5Z6C0%=#xu7Y5B75 zM+RpfX}g>7qG&#!q^UN#1qrM((ShF&!*3`7Q5@Y>NczpKoEXnG+Q_ zJdd_n%4!ud(WhTdGWb1Llr`2#GtWjaqX&PoNbS!a*{|lSNv0a;30^$Yj|yJ9?h6ht zw1BMj6hSI+bkVUA!YYj8aYB<+!d_JO^1k{o|Kst;;hsyOVQlXL(fQdsY~4H?GC0AJ zi_=}`oh=-jxvl#O-!V%21b$VS;R3`uz=T(VuwdPjXU3?G3=qa0!coFkCdm&NolF%P zIN{XqTWefRV_OKJCi*xBljfdJ2+K4X!Fn+P z%jzhFCS=TxATzpOeGmccMgVh>=nAkt9v)AD2%)S$4}e^p(%O3vD75l`3!GEUdfi-gq9;XE(a7pdIzG|M#S!%0%m-c%ZgzCHHId02U-c{Ld@0>d8&C9pyMN7OoBE* zNqH0;e-c^J;$hl*Twhe4%`&k0*yMn=(E=#)@2i|r5ua}e^WE9M5;5MRVs23`OCq*A z|IsQkhz_iMCtQ2kYoA}UHKnLN%YI*1TjQZo70s>@{@~+Xz)rXd9))RP>_$<@sABra z{y|2JgaUz&DwC$;)#K94qu&Lrx~Evl6m1s)dqA9v+iWa3uv=m5$zXCzx|ss>9DZ(I zx~WvX?e-;mPlCm0;hYsyFlLpQcscdB_vui%ag5})!Lk??zVTqK(4aT=l0bTqOtO9$ zFOk@*+Q!IBo0jdOqwPj^fGv znl1)g$*Q8gH5j|)`9m*akqv?WJ!V0P87U=fVmBj{^5Xs|Bf@aT-@NAQsBH)LvP{AC zj37o;eE(qh05?F$zf>YMIwyVWv(ndW^_W_}B5=32^bf}A%DD9F>ZQ7MnQ6_ug3PJD zI4q0fb0N&)jZnJrl*{+|ZgiE$jR#l!&U-b+eJ+m7BNVQj%@QqIcf3U#eEQw9B4VPg zU|aeuNzNNN*AKdx8nFpMV(UyH1glJ38SYp`Bh;M}7~p$1wzl=?L%e!OU<1}XBOQ(8 zn%NN`VHG{`QS-XhGpHU#0iW~TJj#wvH`@fPRTx+lL3^<<1sVdc9+74JPB|Q3t~*IJ zoOrr`H;RUUj)M^cajp3-5f@!r+}d3!ddO0OJd0CHHJy9A&cj`eSuVjin~t3P!7+oR)BwD@ap&G`&Xfn5D`vP@c~5)t;n%;c zKvvIvJ&v;)q~E1tQ%Gy(Poh&6a#@cac&k?vdT8w_jaml6c;Oq?G(5sDulVpQQx`Ya&< z@rGd>KJfX}P7lF@c1mc$0;&BSA?YXy}Hu!IIAgPk}uPlvLv&RNLNZG^g#=~e_*|ra;Q~t zNw-aA=$CfL43SUB8!O8j~E~ z^yMM43gQ=aCwZ)tUTN%smF)SJfbO$xc68=sQ-Ib6cSD)SSVpnS2ITv&6b&Yr|8&BE3c#Iz-GLI~i&*m6i5W56+#a6ZNRJ zBx@i9;sQ8_c8J`Hu{4kJ?v?nmE$J|{2X8xe;l>ud2svl1^=^wDAFRq>{$I;3o4MJ3 z<#lz32Bjz260O;b;0D(&T|4_mQjA$u{mRXWnz16tA@#ntuwFpnW+(a<5 zkJOd=igaN?Ak`M8B*)l1tbu|ogJX02jB$AkO`|?z{OiQ*H>fnV217@8oRfRE>WlN+ zY%nB4n1xMhTA!mI-uFbN?{f~bK$p!wgl6d|5X^;5Z1mgr4+DtfFtjf0zB;XB0 zgKY>_6yga6xs=Q5PEL^z<9S3j;-KxRv@y-;B)k(Sq13Os?f|UAHD7x85&7CNd2|&G z8;0^2z@dKDTXRK-KeDjJ4w-5Zu_@N4H1L-ROTYxImbURE<`JEF>G#SQbKW7Sv`GZ@ zu~GI56AYBb5V4gwZC>;O1&RYAM31-v|p{?a9;}Zj! zx4$0c#%w9jx1vfg1xb_FoEf*w*fK5-o~(!<8Ob>oWT5A*o1Y8##gE_bZR2S-v#D4Q z;<*;Vh`VCI6uRrowMj=PrpGZ>C?lIS!BEKs0tw+=x znn&z@;O7$g$j=g`9LDv)UqLL`4<$yh6S|eY{)6ATnu9~|54puvWHi+29sp^rqZ&wJ zl9EqCeiONrOWxnAs{W(t)ooln+r8-T3lqu)wpogf*C&p0=GYE9V|ugnS$r*xw!d>X zOiuA|e9#9iR;R^~GJ=(QfSmsgIvDG8ZEA+J@njYi+R#KMgqx5`+AJKbX z!v8k{cxYd#^7F_BxVX^Qb|`EHFe|_E@GUDYWHa{P?-wxXWI{!{7_CI+oA}9TuQ0+h zI=d1fEiE8O>ps2Z1L5G(&ZM%sYQ9;Xk_6sF)bq+IQ(+14t+7&;yWU+fg1EYQQy!-= z0IK$0_=Xjete>X~h+*As~&NrFITXWR*N;ho0k_!h&d=co(p^%AdpZA8@cOXWMc`c%QN z(3f1Z#XK#LuqZPi?Dj2>LYJmV@q$B)73cbPq>$3vW-$iI7KD(f-keWAa;iTSaL|sW zV^L}!TOr*Q!Hfs6{g}NY_)8FMX$#-r3w49T5N9~~2JRUik0hhG@FjDtmRYd@F-3&$ zVaEB34D_!E!6bv2U6E}ooCc&JU^6}S(;LhDvMFINTii8&?0zhdR(~&L9q#=+s3lB> zaABL^z*6sj&m=GFU#qej@V>r4DyqHb7u+=gDM=k!*$s4w^tk7oiPR_TaBGx=cwd%2 zfA-j7WAiz0iRRx59NKHQK!AZh5#2X`2xmbU9}+~ZzKTfodw%QL{iJC@Fnu{UUgQhZ zd$44V>K<>HBpzzp^+?tvYX#BN*46F^HSKlNbFl>Zmu?%8SF~6xEJDaFLIStFf1uTi z)*$K=u7KOVgLrrK|2F6=Cm(}o9HQNq$!9j|g$3C*wnR~?{Nj2hUF$8}+kA`3Z{zYs ztQ)7B^huzr&$PiskY5B-$~G-9m1T>-u7%q|SPgM$VTB%xWk}{zC&-Mt zvW=)Gi~VF=5k!@B(wE?(Ag}Q*0r<_}t|k={K(FCIed|kvSmdjEjRly8jL_}vePHj+ zQ9ctT!i4OvcMBjnpdYcf!qG?CZWLz_N<|An z5D1yD7uV?%l21p&vbr3WpMO>73V=|&1fc5)u6gs)o@uaabnn;yXKH4&@+K@>Va&#yMK^71OJ-m5QV32 z14~mZatfaznk9}?LR8t(elCa2rwUMmHdyI{fV;fJc{8j_ki1BkX~yea90i~Gs}lQy z`w#?|S>VC|D^wSOj2}G6H0}Z$B{({+;hXZ-iVV+C!9&!Z>pNv9#|_9<)yXSW5I&5G z2f`!?{U!AUcmVZH62r}gKQs7vkiydk5e{j0AYY>I&YoqX$}k(##{+C6p=;&z>_&S zdL%Fdx_{ct!u7M#rZrv{%m1f3?^=by!cI+OlDV-m%TK#mS^SlrBwSoON#@PSQ^gR9 zL)f7b*Z!>M1FRqhhv5bpjPni1Cem*?UdNP<6jy<%k z0WGx^_#;Y~#+~}1NIwyhJqb$DBkcQd2A+#O6My83!o$|ep^E0>wh#eOd!0CP!3>lD z{tOUSQ@U6c!WDB*}#eT?4sBKPF!b#taNOUos(YDnb=D=NBV%U!vj zXYtQ*&^iY?i2wgk(V&3Vphz>bAn^#GeAhrgz`?P!Q$bOJ(P!s`6&fauEw2C6PmGl; z$J>vAs9M3x^#-UWqMJSEFmY9F3-tRXuJ#Uw?ZzMjX!fR9Pn}?8?rU>oT}r$=q=ZqK z2GXKdn8{Sr;+yj@l>c@}SgjH2j^CX#k497=iqTFrgr!g2sfGPM0 zZ$E8Ha5>uq&fHp!KAct@#AQC&HB8!un`AfW(e<=k^!ajrh)VHgW2(V&K2x0ti6R-z z{4k-B?%q)bhwtUk<);J+PB$~@2?xy~`w;U}by@ev+>n|=F*2rYV7kw^5^ z1PSDEV*YuK9(M3EQ%@rHE$zy}j>$bGI*I_$wqA-Od2>&kc(mo`LMrle4vc=__=@ z<>t3&&W|I)p`EmIb|0?%XmH7~2fTIZzaN6LwPeZ)bWkAv7$UFM5{mwv%vXcp6urnD zu#P)!9Q)1Mgzg)>ywc!isd3Zzr*UVk#pV|io$8Gd5VD%+dc{fOyd&x2p)zB^RlhItQ>p9gfwI6hL!GqW z_yM|mZ;~8H{{TRk*yc0FI(=8ocmne!;T(mqetLZXEM}wS}(%4s7kqI za7SDw1JWY7A||%><=Nc{ZOuT_t+aqv+6dNL-^q&kW1CpQ^P!RRu31uEmzsfyj|HvO z_#5WhbOg?wo%0TByCSAHFXo$-w6#)16s`<{d|h`|aGBcH*LKImRF1FuwB@A)vVx(4 z_#N^}PlJDJ=fpgmNUF)0PBI7pM(1f*CxsDx?GU;tTy51M1)ccJOojhef$^Uuk}09X zmEQ)N&Z?i&Y8?C#k6u9fA(B;(ywnCDVk3MrCa}W`h>f7hn{v zAg{g;tAMw0&rm6n%#2SM6s{9tdG!m~f6_o?o^A>@(k{k#LpX5#I`A2Vu_^trDlnf`!GTb;dDV%I2wNHhX5Q5%9kp7n}%0g9UE*|k9VK2 zMl%HF>`ntiDhlq;G-X1BY31ArQv1I*3kqT7?vI$fRvWJEAq7us zH&|Z>0SFHa*chAJ zi|5OAF#8|n)I%(dkfUml?o)|d!gpLwu6|KtlWjJHUiVp?Aa6Ms z%g(^9y|vJ%X<+(Y!QZslCy)0@7St4u`%L{wu)GqQ*6J?2hK?}pFAKPwkxIQG%hm}M z;)&kTuXx|neM#}C4}3>osdCc0M$G5Ig->J6S}$F$)i}yr(Y&NV8DT-hG{;i3iO)>7 zyq9b=%$0{NV_Ag_A`gy>g)k$v)^5aR44k{~Cd-VE8F_#8v$jdv|5tPJ3M&O0$$m^9 zs)!nLI-8nVECin+WF&`_t;xktLf=h{!Nz2wZ%@~E6Gv^bmac3Ek80C zVnExBpCS1%@Bk;mSt5a+GxQ$vqblxP3XHRtfxf{dg+R(p{G2?4atdGr5?s7Y4sxKz z(|VR76LkUT$yemFgZ$)q`@?Y!V6RqKG}lr3w=`R-Ksd3Q!%*aEdRYfVeDnI`_Q~xo z)hcn~L2kiZ&lUSyyG-#_`QK-To&my}EFL4lzb54MqDZbCbjz3Mqnzu)ikl#Ry$~JM z`*OJaHCJttY@Z{kJ^Uk7IKyu8FFQhm(G{&P!gCPMCJS)HJ*Ebn#CTnvBv!;|f|=9F zOXfLSmXCGN^ZoXF!3YnYV&p2CWsY^pSM>bD&fe^M(%x3*h20oi zkSqCuw(@QLDFRkWy`IAVtOfr~ZBdMQQ+?6kMU06R$Dyi3@pnJX8K)__RSiJr9gjac z$n`;iNtBfn{HPI@+dIEokAv|qN31StiEmJIqE27KOtsF>P7)rxqdzwq!4@$f(lhF| z;_OPnVl0?>=dU`y)DvPFdg~pGhuZY*nOR!XC{o5a?c0*lK)8z{us0GB zth9;fkOWua<}mg^w+>WulDD~_WCkr@0&f!AQX~s=@l}4aFtVoBsyqacbstmI|1eH*HYZ}ST zb~kVOaS@v}<*wX8Bm&43{rE_jfvcy#0#3wQ0D<=NL5%lV;TM}GR6AxmUf}(HveTYS|}uhB>c3~5b`Y}Nc#Hz za01YdFo;$16)^W>0rqio81g2u_^ha$rPG|=W2n8@(tnT<22i>M%de%1)%rkdPyPwuY2vh0g0?5bw&N~YaI`BeQwCp~#@GOKi zE9R0JIgBB$y+4L29+-6^)kD>-rR+d4E>pn^`ym?oTDEOEt1TXc3<5PCf@QiZov~EV-IBhru?LA~-jO_mF-_mpu!DcRI4A zMO6*FRVz2OdYbCtTJKHo`M%2|pHRP?$8pHv{^%^!sld_!Kce8t!<2(>#r0tP-FwHD z_mY1MtXek@wM5mZ@XTt_ecHUaJun@X8x0c6D)u}SMO4o+@PcWvP#D2bip^kAepee% zpFcwsZqF2ffVN;!z5!x;z+xVqfv;P%9ULjTDR@Tl0K=*&TKeyz3Q%Mb9MV}C!u?bd zhu;g2u2UIFI(Sqi%in7a)e%Q1)khK$$WEF#uZrUMgJgMf-imK#by zj+X-zb&Y)49h;CKI+(d-Mzpchw$~TL<<*VHKPZ^*82iy(HULf&Yuy;~wiQ)+z>pvG zs~SJR6=@tP>Mxla$Ggy_J5qa00V)Gp=UK-+VtJoET)EO%*<>+q$yi6g*8}}w112O( z4cr8aT-mK%DGBpKudLQOuFj$8F`%w1pqFw1rMb6QR=2jWeUhb^4$Z`YLw&I+>Arzg zG^{>#rEg4A0h2=@<-=;UQ8E;fZKZaTuU~-nckTW|7eJBo^9Kqw8l3AH2tg^!DWoqs zUcm9A_XFWWKzL+H1!~8rq~{>c$5PQrRv;I`9~n1;xa*Y=v6Mte^mY%*z{ri_^y^B>YG=Ybp$z#4=5TD$`pCysBU$GZTkS}>d^WBqB=>+N=k_3p)mMuGiuGv( zrt++uS~^woN5~XP1je0C$vQDLWRs1q(lszX)kHU(pnlUlEn zv!|;NO;+ON2Ful^f`tVi5;JPIL0?5oD#6`EQ)V%Zz~+0$ z+q{Ck66&nl_Ag;nM7 zxgw(ta*8;q9=2begPvEn==F|#xw_;aK$$}#&g6gQ=QXzK$f}|t3~?pIAMk=h_5MEu zXoh|(s|~hWs1Fvwd&j=zg1~Qf4nP<6T6@8jYG%nLXymln6HI>s=7%_tKi-w7=I6d11m?%UJL0L zk@;-7zh3*t_4~2kP?{Q-hf1u)JozU9t5^Pp`gan^nhiEW*T9l}v8yBZ!g>+vgctez zfjv=(OJ&)BD*6F%gDGpmX?}c3fryept4Yb54h|tdVJEE{wjnvj(@t^p=%B!eyAtQv z{oj-oXn8fZ`yKb{qwC!W9#Z^k9lo04?#!q0#b!r-Ho7# zb^^;LlnK{aQ=!o;@!TG-M-bf%XvwrEkb9NUQFY$!Q zH-!WPhujL*TA&eRkMP7{S=7gTLE{rd#w`x^_tCk1l8hams%8TRu>9kwNge3Yu(ROO z>1XX=F}^^Wjpt)(Z)N?NW&jq6nq!bQkU@(-3D@%teHj-PJ32r$UJVzZ!H8GHq&cCe zvaoJ-cXkt(l8jn6rZtNl$0Gpk`h$Njs%~RkmXD1nr^R@=*mc(7d10F_|HoZoBT-tQ zx)fGwwcZ?)mc`*d8vC&W7&g{BsSG-B=3-LE6t7CCUMXg_f!w&N_pA}H4tJnVU0(C_ z<8{RT0Ycjr(5PTw!ba99j}7{(sx8RF>49hx!q>v0Mm4~x3jetH1OCIg^445-%Tojj zIr>%`OIyN?;$?UVgz6-JXn=5tQ3|lybD%M2E&gG@R5RXYu4o=84?LbgXbYc?ONCs( z=YT&=Zf8lw6VCg24lD3^{^-yQO9%IYfgXM6dT!b!po-&5Y#GqC3dzDCAcKuRJW+j% z_6)J7<5AJtgl8~)*P>(PLNWO~ej-Ogbsi`MOJ?IC|7|AWs}FAsZ3da}qk?Jju>xy5 zAYy?WjyVju*q`ixAqt8m9Ah{&wvVLVUr9~bbIK`E?LH#t55VP4PslX;IJILzC{x%d zE`~lN^Y-vz9`UaHZD0Mt9&0WOqM&)w2g13|Su58-NdRuNMRcCZMo@`Z>N|#Sb{_77 z50V-z;ttZC7#g>4d|~GE^r7mcx2K(O2`m~Uk$|+xX5G>xL7(o^3Lf_%h@Ln`NeN`8 z9oig_$9?j(er%-w*ka3jh>%48r2}7u$3H=#^cf6xQSXxVTncYu$5#3!c3!apsE)r# zsHd3GYPH+WaD-2w+a%U>m}J{-*$bj#!%T*MQ}zO3Ri8!9n;QF;Kr5b7Kp5%y#vHoi z@HuZV+~byvAig+v(K3sUD%JrGx1Rk)-X#JX?~9YYJn?+zymqMZ*yxSr{;YjxIyvDF z;!XosKi32sqWCGsbkzZ=Z&XIRRNY>D=(}0BH}}3jKvv1;FV0yM^+(zzh6slcyo?qr zq7gbGqx(=;9a>z!f!t{v#I(^k6!2mpm)MtibONv?aXYEL3&phai)`<<#*Tzzb;`{e z_CJmGLBJg~va~y1J;`9|b){zvJjGb}+?)jsGE^xcx++<~C=b1j1xy>Gm^ZBan_07a zW&u1q#|`OJjDj`FvCHOl@lHYnD~V53f|iqArpmj^UTaH3Le_2jo*7&HgL#Ar!@A}2 zMQI&^ar7Oq?xXwhtE{wS)*yUSyh*-A#6--&p7HJ-zuxqUG)!%s_ya?Diq!)ngn-eD zPse}JQc-pD`G!9S`203uSLro1DiQg%F&Aia8>el8Vm*kQP5Aa_ejSQNetCg!cl2g!ED!?e6~uHR(AkF;O3|70Y^1@4HY88xnRt~% zPWa6r^Pu?H_L%iSpsJO+CC(K$KIWQ{RO_CYljG`AualtHSPE&B_JjJdcpc3&FL0=$ zgCHg#3Tz?kG^*J@D@9mRiH%PuosY2syf!Q&mMow5CN4!QNIKf%m3g5YN_v2vV^X8Tl4&q+eph+6m7fb4hIP7z{H2qgY8x-rzACVA~% zy`fO;p*MI%yXSXOn6-fj;W)y+#Y3@sKPLX3_0QWWW)$a~82B5@RkRny^d(<~8uuw%m?VmwJd zoU1#iMw>7sPcmEE7G3@e2C!XA6Y946Adlu9T#?n&bJ-Qs^}Wn)-LtoS<8DeA(mw^x zpJEK$Mi)u$GFAPIt7G_|TuJ*CV%ft(R2e(h#ML?Vx$p9e)zkid0rdtB^l?3bUyqRw znSjXODNksYcIj9xjCp`0ax}4jTXzp)Jk}krP#;Ze&%o7ATItvRl>jga{EvJJ20*u+ z*oS^V$^Rpm#mZ~Dh1*y!#}V+T4)`kg{Wo`caN#j@5bM<~gI385k>7HC{+B3jn|87v z9D|2Qw@_64A)>5$sUxwC~p zGXz3g;haZtNkM#t@RSB5#k{hVj>w)pkxY%jNK`*<5|vp4-Rb7e?Xa*#D`;YRYs=|a zXaigSouoytal9SYo8ItB!QbP4e>tw@Z`G#EZ8+$&7&5o-YOSzyv?nU$j~%+wJ>|8L zxz^ZnG%JCU_#(GDKd(2UiBXvQMNh4qT%3*RDrpMD*bwHGjw7l0kS!7~#4R45Nu1+y zl}rTnt;`tGFGM9`y5rzoD; zi&@k=WSq{pb6lIdW1D+&uSq%UZ32liVZKhfX&%osdg`dQD1}}*7<@#kgzi>@PW$cZ z$cqmrD1fVDcf~|e%JJ;I0kYYgR|8;0v~n00gZ0JYAN2mGeZTKAmYlZ?tqXI}?tgeF zU#=B3DgL7ZdKnRO(LH4)M_v9UkI8B(c`Mi4@qFrK&%;LNzNeOh(~qDhlCch!O>XNpVJ}A|X}z03P|> z&%iPYY#5l_=&{e$+w2|!#wpqX;|ZaoP)gjG$=GH76^ZTAG5PCFx^Zc|q>O*}iAp=7 z?2b^-(JWggiTJ6{*izSDZ<^5Sr+Z>1!PqLE?v|%|{xK{lxT(S!O{a6Xh3PLHt*E&> z06)la=41Lwwxcn#^!>fl6Zb)@S}TQa`%&*04CZO2cJCd=ZA?d%Tey~Pt-IDwCJF2} za5mVj5j@syK4-Ex;D-Cd*_FraN)Z&OO<2TZ+ahD$@Xd>)AB(Ch>R1*= zq(9L4$!=(^SZZSwP_;0FN?g#q1c-Rl+C-Htg8XR=}*={&=l>(Ly;w943I zQ5vN5x^_@g;)q?H#v?8O#3RMSN;6xFVA|_+aWC^gYNk-0F(Mahcu^Q+X>FZe1f#*D zXQr_3R!aH}bot^KF%_N^wfotsg7#y#(RX`aCikpnv#rICJp9cHrKteXHaHe8F^M08 zjlT_-At6;2feod3)9SK2FzaT6|Id&LHLBYa{-wCalWbg=CBSlUUz-nYNm#YCQM1e56lFTg%`9!-`pnQLn+kvwxe!0(60v{MNQ z0-PYUA9h(3u z3L2TwJ%urb77s~KECaK&OzPg>mn7VL`zhj28ft$2<;&u=*HtJFdvPe=(1!A7h`FR< zOqRe+g&cAC$&i5_BVPzE69sDGY|ZD^sqL6UJ&S_cKGNn8-nBQVdVtlyh#$5hO_Yb< zZn4mb*w$>Pvl>gzg>N+9l>}PP$V;*;Z3o9cud~n5n1i34 z_<6-tnXvpj0v&}=6bf92BA!k=K0gV{L}aHpOq0VJR+92(*#WXhmQ5ZPZLUE?&wNp8 zc~!ixoKkOWu>hQH?`~KI!RN=qW$XH!qn^z$XZ;DVi>0JHFbWTx*z==P6VvPD`@}Oy zxQKmKqZklYmlszjGmqRhgCgN4p#vpoEls1hPT7X9@Co{NcY}1?C-#J7ueGy_2qxm)@ zHT&UAm$cLE5w5h=B7ZPgH%AWsAr}hL?s85|pwmDA%m>hRY<(6G2UJBtl>Gm}-mRW# zl0ok1@=-Uz2T#vn=F#s0*KOSm0Lc!pgqoI5vBnW@?-cAN;NFc8c9cLRO4~YsSEtm@lI{_LY65HR-8S?>}@L=u3eCrCVFn<5s3UIB#%glOTS@SwxO zmYmsa;-ejPVGa$eOLn~W+TclAy5{>;VI9nA-KOXPUdChBj>nt9Nb!wt>S0 zbE+KgME>Wtn?#AG)w89p0hOhu5SZ7KEfZJ;n$OFK7I2egbZ3Geh?7_kzc@nyjN+Fe z@f@TykuHScU)93$&6SF!_At>c5Cjv2n1whPikL#0{Ud~I#S2|Me0o_j5 zQ!$Twlgj3H4NV9UV~{u{FJ6l3#eD%%qfQLpayR%2=s(D`-=1Ix6)_^$dpbsQTK5sz zxFid={7|WVt;Y;pV-(==r`zD)sQfnW!l#~pNP{T^#J8jzc@4m=h+e8vKdq5q>Kas# zrZS}4?^0j=Alxfxf00NbxUrlK5zP=@=5XIORnhvMfYqrF^lz-}MT;~l#2!&}l(&6v ziONZ`gj*GMOptkKWr|^^GA61|onC=3rbx<+Ba(@}m7jH?L;m}AmBPUdtYIobTVXg| zmW<$m&~198Iw~`yFsjeNy;np@91D-%aux&OP#Sj7-5IXnw@3 z)`_PhN6;{P01*@(sNH!O9()LA3+3i@$w&hZr_z@C9pN8XdqbyNcMVnerrsAMWp*!D z9Bm4}+aJh;xu*im_O?i*4c0V+wIqIu|;(w$= zv#NC~jFO`eZ_{&^y-7rYWYvY5ZS;<-J0UQz;KA-($^-^N)c5CdEAc&tvNF7Nfxt;- zUT!6mp#nik!YQZLhwHze60V;)V3awQe}A>#amr8({Qf>YedH_#vBg94v(1}^(np^8 zpK|%4GIb-GpFsl^IVE(}D^13I8tN zDOJIJPg->$7I0*Jy2I_D6pGOQVY;Az$*j`WO5YMD0|=Pm8A9^baf z`gz|G=Z}qvLucrbrOIv1jJBf3aGy7)B#Nxf!%;wSta$C3^Mmbu61y~b3u^62j(S)Q z#(E9wiTK+xmd4OfU#6IX#;_#M-Ql8ZD6_TxUCTi|U^n4tX~2z}Zn)mVMz(FOSh&tj zi5*jgUO4N@*s4dj8C9{+^?p3O#ixv!2%9R3CFARe`d|x-JXvuAs6p*n@B5Y{at z9)9Tz@hiWzN`LKLJ*X9UK~mzvacE$D*C9T^$baswV^&)TuF1lo@cE{9R7aVJRPaT zH-~#N*w2i^P6C|f8pdK&_t1zv$Q^siTjlRcc6^rn?<~GTpcIQq4V1**7(LBgDO@W9 zK(Ud+v2lvn4C84^PxyjA>0-|P?vjWnRfp~{&*G7L7DRqUh>546(OC)0^>Y2Bd^RvY z;NjI+t$9_+w5%mEV`D&4Be`FMFNAK(PKEd>DHW^!-8hY=uxIlX>UEra*j&bBApHSM zEJf(Ir?fc!0r#Ibo7wi7e;H%7hNq#Jw^mEj1U|*@4BO|n0F@eUfp3DW+j2SIah#km z-Va$PA?tilo9eIRy-JFm+PzGIKw>yve?W7gLyyz3* zcRO4!@rWz?kO0E+uC~}-cb4rIVh7i7wlL~fUT*u~Uh|8&V+wpxNWqus@2`t)>cOkJ zB0TM32MHOh@QO3OYy0;z)^ckJh_CR$e@hshMyno`@o8-Dz!*hU&N*Mui!Vc8o<8(; z-N(@gh-YF}zq&5I1zB0g<<+Ev$_wy2qLzrF1fSDC@7Jn8ayLs;vUAYpjh0+kRzE_w zVE@j;qS`=$c(yx*@=Qaz6!9z0?qMGkMa~xXEm_YNtm6!NyX&ht^BU-`$Z5G_u)ty1 z{q74C4XKdoKAVrYCfh=8VJh*hs!Vq<+cn~qz}|}Tilj0_pa!f7PLV5@*uC zp}_G%+0;oHchZ%#?%p8XRS;5vdh3MxiV;tR+5O<;VnQoa&dpP`uMp)cI3~7wE2< zxXpwzI{pr^?NdW)#p#sq+Mex=&y=VdleeAaD!_ts7rB}jHb9Koe0IT41XoAF)9?Ygxfo*biPEd1EP~*0C_-0|-Zy^tLfGM^#NF+jXsh|GU zD_N#N?h$y#x|Xx51ZUpJZs;!@yesSAXTJEJH&S~{unCafM%PQV?yZTaTM4f^r%8-6 zu(HGW;C){L)ZZBFLdAwys?^h8oI6?ZJFaEy=-Xh*IIzo#qBq(mCB|YDz1HhE<~*>H`)g9xRvuN7j;illzZr zW3e?(;AD+yz+vJv_|SSTd6hSx@Bn}}vk(3N&i(BXq7`?V%tpnsXcg&Lj4+OS5Vj*a zVB&Dlf>;ZBI=s`v$;uTIVCPA3Vy(qMvsIJ9tznucO>4A5RFXs|$1^ifDz0VxAlTnQ z*Kc~{E-*B?6X5VBZ%rl!!@vUzkoZ;j8eM4Slt?Houh=#0!O~( zkkD{|m$SGFEjxh)SjY_PfZvB!#C)f^`BwBO?8Gi2r;W)F~v9<%Hs9Wl)?J$;D=ZhX0x!aXXAU>1)*F{vA7wFf8iL=4OgWK4oc^?s#?>9*(Xm`U8bEvBe*J=3(C^1!O7pk@b6|CM4clZXI2qu_QsF zj|D^ebJft~o{LeVu(9cGyqAes(TNQhY=0Rn8;Kt?vF9M2*mloIncA{SAWVmZ29Q=x zA*msVkS$E+4PK-|7%Po(=xH2GR30Z;BH)6q03W~=Qxh&L)6lr1O%G&nYoNqCg`yUj z$46G4Lp_m9w0b2#9BINn$8jL!qLn)2J=hz9%{sEn@MN7Djmz5G;Tw66U4Hs;{{Z){ z71&7`I2-uJZqh5@dK8QOk@?Nf3_&ZL+@RlJ%yq%^;9al9L~J>rCiS(fiuG0+(VIn5 zj*IYD6LcgXD;k|Hr!P#d%e6|L(`VrtOOT5{v`OsM6_G)IOY9?xs-ETQ)O2z zeT7IXS{@5`81aR`17GT6+J2zFc_)Qbx5Bkzq?{?Cb0(@xUVg-08GkcC5M02-TNJ+T ze42!>(Re?_1O{wJJrnS%s9JXvWRSeitGL9IgBZ9F1NgnUHtM1ki8x+~n-lI8c4Jgc zd9ANpr;3A3NnDqMV9@Fus31Qs0qG1D^CH$rp05K{JL_gc{0dn&b`7^YDXa8K< za6;0%T14Xbap(Z@0c{(yqMEk3@kmqLI=Be8jm1qi$X^1Wfl*nL@b-jH2L%>fU&|>! zByL_FzJb=|nNRw@VCpiH|1kog|0=rdO2blXYS^40;`QmwIMaug6<^`GXWyDHRJk?Q zqG!9HHfn_!X(5@d=xYQbt>)$uM545x2e`kTkmWljcFY0`Tljj+zeSf!f=qi$733mw z;X0V5hdyMhINH3CQ#k?dW=31Ag&yS3&B-v%HI^^6bf4u8dYG@7>q)tm(!-^=cqszi z|E`BZ6EjGGom{FvC?EMx_4YJ-;p(nL3M5Jf&W%Nt$@Q5RFnep9`>-ovg1*p1U<7OM zfQaM`v11WwQOZl-m`+q4l%kB9SWBjXtDgS?$(31?a-`W8T19RJP zt}6UXg64ZT&d;>Jppr0Ff`?rWJ!-36z%1rJ>~yN!U@>b@Ta$nTUx6upt}htNmi{nZKg@EU7lz~y4LFp7Hk;!bYImNTm=0Y2REjAt3f4V?AR z+v!i7P%HCith0aKp`-U_Vnzenq)GaXBc2%2!LJ_ss+WkQ4<7U|l9u=OA7?C#HHqVJ$!mXR#WhXb4R@5))||_? z0M}JpEpZ}CIAabb?(hV4AU9^(CPkj2&VUt|ML6Y(38!i|!d3?V<%XN|(Of;MBLSVh zH_H(CjEwy^YD1*KKX!MAoo(#tCoZ!5GL_=tX%MW9end0BkU9w1S`4-VVnZ-aWx6S5 zNeZci+WB_-q0*Sz+B{;I-TBp1uRaHtHG0AVkhBPBqpS_$E6X0;*;gQ4oo z!nA}qh4>KuDhiV}Q++Qfq+@AAhOXFHYjX`EKY&&8H&8@iB>kPAlo^0)4CkEhcP3gS ztwSI(CNRtU!i`2AanPn9(F4?cDTCl(1rTC)y}qV4ydVp$CJI5Q(ast%M#&uHgix=m zA!+U>f{e(PC3s0Eocf{J*0T!W^5>cd$uVXfJWND5{+xppM9Jla>Y~P3Qo{kYv8SY- zEghd7~h`bP_!+KOWX$KuBvFHy+G*2~(>*-f@@AZHz#A zo2D;Y00I-OnEMgZ!!T%VQ2_QDlX9%F*k#-wW*XiVbv3p%ZG)=)E@gYRXbaM`2~8Y5 zN)kK+1h?S#fZVAN7wJ9Ogvs^{S{}BA%Fwpo168NFOoN%RJVX9iHpYC9R30O6qz#S%P7rS19=(=RgNB( zJi^_$<>?L2$8l^o*jnadygE5XpWi_=MPD79cg{g~+be0SuZ{v)RT%r0{J7KQ=hqyq+dcU6L}EyOU;3SJ-L^(rDU`}oot(oA@&Uq!VKqm zX4d^9ZbREQXtBUy_DNY3TrredHo^-kkT;6q)+xME(;6phJA z<~}O=SDNvNo5wZVYLFbb>4CKUuTiIvy;H}UV-41!pXs@WtDlxI9Tq9Wes$e9>^y1; zy2W2N^jgBvtKPjRcwbJ9ivz+NA52?3zAI_>S>|~95D7J~5JVk0w_hV<9ox1Ec&b?S zLA3|LYrnuYw<20@NbVddR5EmG(S~@<(3k3So1;f9FqFY{UhMJex=QL2OZx{ONB}cq zkjNx^Qc6c$(*F7|jQWPvSH&SnBWJ;XM;jIIxqLmEhc@%HJ#>cpnLFSDY!$r;JKOE* zf`ToT%CaY11{FmgAnyPki~-qtkB|L30KkTdwLx&AZbsW6_`Dlx;sKY6`7jwc%h|_o zqx{)y>5UdfysDEiILXkt!2+3Y*@s@T%7NL($_S8cnB&{ z-v4O=Q9-9^q`Wx~f<)Vu)42{v|bp>f7u1)+Mwx4nM zb%M*e9XzJ#A9HSXnsK_`kfT+k(3hom2$w#9R^76Emsh`$Z+Yw(GZ-JAo?RBZkmIpf z=R3(6#BwjWRz7zq>h`r3br4`ybuNen4S8eWr$?y;RoL-f>}JVqEfrr1M)Mu=UuU07 zn6+{@)h?Ii?u!gf%^q>7hsMOp?UIW-=VV<5^wVb~)ccIOyOED>DS^mzhO~N8Lj-9R zYYnVuMFES-UY&^66Du{2sCO>_wDS0?E+UmqAqIZhNGWD6QY{3y*Np~9dKxV?7lKL^ zrLsSaZcU0_=elQ%hpMIHxE(v|HQ97qp(zs2G`geV7gL2jZ$BdICQq}^+HKyiJyH(; zkZMG8H~{feW^+J$Lx>lS$}yt&-qmLOhIcbo_2_o6&}ZY=EetlyP&HDqXuYDtoTwm? z_J-*^V|Wuz`m)SwkOfauaB@ZZZN9uBq0$HttlcJtr6Nu_Nd4KC2b=-wVpLsUgQ*CdqVBBn}(gbzP6FBdcF+MTIUZ5D$e;L#T26LC(a!q4RhLtmPk1y6E( zJJ88Xw?K=t(=W2i<$8exNkSgU3n(d%e~^rm;5)N(RM-1&EAxce;W~cUyu*fkjN^rSCv77^Vtf z+QD1rv%iI7Gey`!&Z$Z;KB|e(vH%{-9fPf-F~5-hgT-Sk`HZ#mXH6x;zij7YL+u8?$DMV;=}MA z&2m!m*YL(?pP@)EdpVjZ8kbOrrPj_zI^5e*!!8-}``G(`3L%hzJd@zw2yyRLb`MjM zu3A?KnIl?VVbXJoemuwzf`-GZ^iXZr#G00004 FSz2Dxzd-;1 literal 0 HcmV?d00001 diff --git a/tests/blkid-luks2-pv.img.xz b/tests/blkid-luks2-pv.img.xz new file mode 100644 index 0000000000000000000000000000000000000000..c9d0e57160f68fe87f631fa08d2d0354e79c1c88 GIT binary patch literal 5236 zcmeI0_fr$d0>=}iOBF%Eh(|{}N)Q35N9Z8Z!a?XIG${!s^pa2%bJAPxMC1&}L69O% zKza{&f{L_gs5z0)L0UrYyqWh0+?#XW%p3N{ot@d)&wTg0-~H0nVjLU+0A|Yj1|#M! zf;1Y9<`M%60ltpdq7VjyG0Z}D0RRy6lZIzzEju{DxYY!Zl>XqQ*mlp`lvIn>8GZHu z-A9_U%XMRMX1U5|b?C_pgRv$gC4Qt#8`#m&3e`f2l;rk;xD%TX3n zNn*wCP~-zeRNhg=a8r`A`jQsRaXKZ-1Sw7Ga{1!m> z3Cs%;1~KtN^}uv;W__t%AW#O@+1Kl6@>RCZN)8YS~BlSrr~b*kEc8vzx& zLEJI-B}f49fLnXAssW43`lwg2Ect1`dmth&#> zndthuaHb@AdStVrK~iH(zQraNi#dKkbH5t@S@IncrdA!wQ2hDhq-RI6ay!>hE^8;X z4JO=j+lHH`nQ7dz?t*4(C2<8ZVr<|N6FHYxc?Ed>=cgE|O5f}H#5=VP+F3H{;sT}y zcE;L*R|Ht-L{~)R2O8@8A0bW&ixvairXY2un;ZeC7x?vu>6;3URXP4g9!a8t@$%)8 z`|aVJLxd^qTUwhr#kgBaBe6Mj6lSh}N|khE7@as)px?MFHvQ{G@3hFo%``u+`%xW; zqup&v%DDO-!63pZ-{;9dL^sF<>V*<7sanbiJZDwwaGBdv@4G(jGIDC7h@q9Led;hi z7{4F9dt%b!xZ_S;XErAAJ*g1g0YAs)TlsEW877`h*UL zHtsR;8ny>^+7-!&>>ZtbUh1@cElvkM4x}fwqbve@RCeqhrVPu1`l!*VjEX5*?UNF; zB?wDH6%6i%T`z|Z^~`r3XplF+piHStCK3270gj}x_?j+TMMAvV&MV!RYaWOvhAJj;Zb*SegyPMH4pliTpz+gh8Y2A+k4$OT z)7g)hSm53g!5*WKQg$j{B1;gXCYP>Yvt2;Ju@PT;A!N_#_ZoSY#;wB!;#OLn#++SK ze@kmbj0U?Z$LyEK4Blxx9E&C);1~$;Vbq&6WNh>+%JDm)t#O0l_rvrC3b+nWhGJdM zsk2~xOR+(PFJswO!a-B>_Zx5UZwHzI85^w@NiHn--rU;y$9VOfTy5(ia*XtVKF#H2 zDLJESU!ZqO;qqFK_4`U&Vlf31*J;^1137jIJMmX;1Nz^En-h*dNnM)If9F@W14**; zZ$n)$TNN@-pBT>UoF>RwmY?0N=3J)qm-vSF#d^IHlMah1bcZ@vM(4I;^!EJ4K&h=l zEQ2BLR_l`os|&mX9r7=#TGpX$ezOtn83oxr=m@_Twr8TGsQ!sRDSL!INOlZ@%|{%^O2+07h1X7B;80jOcN<@Ao~IIzg$ z=5%oI|KVBx70lMWy3bF6{R3T|0{e#-`4reGuy6ZRoGR>8VW$fFw<6SOtoUEV-BS-c z^{{X6VQ9`601M#Nly4^*0GN-XP*Zs3N140kfoSv(|EbXc(M@488w>_u`tKf%!N4~& zjCD)|LvMOmzsQlL;P0{>t}lruy;bbj&;pv*B@AP+7K(W8>BOgt45y$3fe1VXWG+k#v z=Gg5TY1zDxE85@edn&iTlrQyHTL=L3d}-Brf(&p6Fb)3QBhtT8_-mdUyT)H7qa)A! JbrCbn@lV6}MUemi literal 0 HcmV?d00001 diff --git a/tests/blockwise-compat b/tests/blockwise-compat new file mode 100755 index 0000000..a764020 --- /dev/null +++ b/tests/blockwise-compat @@ -0,0 +1,377 @@ +#!/bin/bash + +# set _FORCE_LOCAL environment variable to run blockwise unit tests even on local +# nfs. Some tests will fail because nfs is eager to write for example 4095 bytes +# in O_DIRECT mode. + +BW_UNIT=./unit-utils-io +STRACE=strace +MNT_DIR=./mnt_bwunit +LOCAL_FILE=./blockwise_localfile + +# $1 path to scsi debug bdev +scsi_debug_teardown() { + local _tries=15; + + while [ -b "$1" -a $_tries -gt 0 ]; do + rmmod scsi_debug 2> /dev/null + if [ -b "$1" ]; then + sleep .1 + _tries=$((_tries-1)) + fi + done + + test ! -b "$1" || rmmod scsi_debug +} + +cleanup() { + if [ -d "$MNT_DIR" ] ; then + umount -f $MNT_DIR 2>/dev/null + rmdir $MNT_DIR 2>/dev/null + fi + rm -f $LOCAL_FILE 2> /dev/null + scsi_debug_teardown "$DEV" || exit 100 +} + +fail() +{ + if [ -n "$1" ] ; then echo "FAIL $1" ; else echo "FAIL" ; fi + cleanup + exit 100 +} + +fail_count() +{ + echo "$MSG[FAIL]" + FAILS=$((FAILS+1)) +} + +warn_count() +{ + echo "$MSG[WARNING]" + WARNS=$((WARNS+1)) +} + +skip() +{ + echo "TEST SKIPPED: $1" + cleanup + exit 0 +} + +add_device() { + modprobe scsi_debug $@ delay=0 + if [ $? -ne 0 ] ; then + echo "This kernel seems to not support proper scsi_debug module, test skipped." + exit 77 + fi + DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) + DEV="/dev/$DEV" + [ -b $DEV ] || fail "Cannot find $DEV." +} + +falloc() { + dd if=/dev/zero of=$2 bs=1M count=$1 2> /dev/null +} + +run_all_in_fs() { + for file in $(ls img_fs_*.img.xz) ; do + echo "Run tests in $file put on top block device." + xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image" + [ ! -d $MNT_DIR ] && mkdir $MNT_DIR + mount $DEV $MNT_DIR + if [ $? -ne 0 ]; then + echo "Mounting image $file failed, skipped." + continue; + fi + rm -rf $MNT_DIR/* 2>/dev/null + local tfile=$MNT_DIR/bwunit_tstfile + falloc $DEVSIZEMB $tfile || fail "enospc?" + local iobsize=$(stat -c "%o" $tfile) + test -n "$iobsize" -a $iobsize -gt 0 || fail + local oldbsize=$BSIZE + BSIZE=$iobsize + run_all $tfile + BSIZE=$oldbsize + umount $MNT_DIR + done +} + +trunc_file() { + test $1 -eq 0 || truncate -c -s $1 $2 2>/dev/null || dd if=/dev/zero of=$2 bs=$1 count=1 2>/dev/null || fail "Failed to truncate test file $2." +} + +RUN() { + local _res=$1 + shift + local _dev=$1 + shift + local _fn=$1 + shift + local _type="bdev" + local _fsize=0 + + test -b $_dev || { + _type="file" + _fsize=$(stat -c "%s" $_dev) + } + + case "$_res" in + P) + MSG="Testing $_fn on $_type with params $@ [expecting TRUE]..." + $BW_UNIT $_dev $_fn $@ + if [ $? -ne 0 ]; then + if [ $_type = "file" ]; then + warn_count + else + fail_count + fi + trunc_file $_fsize $_dev + test -z "$STRACE" || $STRACE -o ./$BW_UNIT-fail-$FAILS-should-pass.log $BW_UNIT $_dev $_fn $@ 2> /dev/null + else + MSG="$MSG[OK]" + fi + ;; + F) + MSG="Testing $_fn on $_type with params $@ [expecting FALSE]..." + $BW_UNIT $_dev $_fn $@ 2> /dev/null + if [ $? -eq 0 ]; then + if [ $_type = "file" ]; then + warn_count + else + fail_count + fi + trunc_file $_fsize $_dev + test -z "$STRACE" || $STRACE -o ./$BW_UNIT-fail-$FAILS-should-fail.log $BW_UNIT $_dev $_fn $@ 2> /dev/null + else + MSG="$MSG[OK]" + fi + ;; + *) + fail "Internal test error" + ;; + esac + + trunc_file $_fsize $_dev +} + +run_all() { + if [ -b "$1" ]; then + BD_FAIL="F" + else + BD_FAIL="P" + fi + + # buffer io support only blocksize aligned ios + # device/file fn_name length + RUN "P" $1 read_buffer $BSIZE + RUN "P" $1 read_buffer $((2*BSIZE)) + RUN "F" $1 read_buffer $((BSIZE-1)) + RUN "F" $1 read_buffer $((BSIZE+1)) + RUN "P" $1 read_buffer 0 + + RUN "P" $1 write_buffer $BSIZE + RUN "P" $1 write_buffer $((2*BSIZE)) + + RUN "F" $1 write_buffer $((BSIZE-1)) + RUN "F" $1 write_buffer $((BSIZE+1)) + RUN "F" $1 write_buffer 0 + + # basic blockwise functions + # device/file fn_name length bsize + RUN "P" $1 read_blockwise 0 $BSIZE + RUN "P" $1 read_blockwise $((BSIZE)) $BSIZE + RUN "P" $1 read_blockwise $((BSIZE-1)) $BSIZE + RUN "P" $1 read_blockwise $((BSIZE+1)) $BSIZE + RUN "P" $1 read_blockwise $((DEVSIZE)) $BSIZE + RUN "P" $1 read_blockwise $((DEVSIZE-1)) $BSIZE + RUN "F" $1 read_blockwise $((DEVSIZE+1)) $BSIZE + + RUN "P" $1 write_blockwise 0 $BSIZE + RUN "P" $1 write_blockwise $((BSIZE)) $BSIZE + RUN "P" $1 write_blockwise $((BSIZE-1)) $BSIZE + RUN "P" $1 write_blockwise $((BSIZE+1)) $BSIZE + RUN "P" $1 write_blockwise $((DEVSIZE)) $BSIZE + RUN "P" $1 write_blockwise $((DEVSIZE-1)) $BSIZE + RUN "$BD_FAIL" $1 write_blockwise $((DEVSIZE+1)) $BSIZE + + # seek variant blockwise functions + # device/file fn_name length bsize offset + RUN "P" $1 read_lseek_blockwise 0 $BSIZE 0 + RUN "P" $1 read_lseek_blockwise 0 $BSIZE 1 + RUN "P" $1 read_lseek_blockwise 0 $BSIZE $((DEVSIZE)) + # length = 0 is significant here + RUN "P" $1 read_lseek_blockwise 0 $BSIZE $((DEVSIZE+1)) + + # beginning of device + RUN "P" $1 read_lseek_blockwise 1 $BSIZE 0 + RUN "P" $1 read_lseek_blockwise 1 $BSIZE 1 + RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE-1)) + RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE/2)) + + # somewhere in the 'middle' + RUN "P" $1 read_lseek_blockwise 1 $BSIZE $BSIZE + RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE+1)) + RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((2*BSIZE-1)) + RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((BSIZE+BSIZE/2-1)) + + # cross-sector tests + RUN "P" $1 read_lseek_blockwise 2 $BSIZE $((BSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) + RUN "P" $1 read_lseek_blockwise 2 $BSIZE $((2*BSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((2*BSIZE-1)) + + # including one whole sector + RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE)) + RUN "P" $1 read_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) + RUN "P" $1 read_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) + RUN "P" $1 read_lseek_blockwise $((3*BSIZE-2)) $BSIZE $((BSIZE+1)) + + # hiting exactly the sector boundary + RUN "P" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE 1 + RUN "P" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE $((BSIZE+1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) + + # device end + RUN "P" $1 read_lseek_blockwise 1 $BSIZE $((DEVSIZE-1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+1)) + RUN "P" $1 read_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE)) + RUN "P" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE-1)) + + # this must fail on both device and file + RUN "F" $1 read_lseek_blockwise 1 $BSIZE $((DEVSIZE)) + RUN "F" $1 read_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+2)) + RUN "F" $1 read_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE+1)) + RUN "F" $1 read_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE)) + + RUN "P" $1 write_lseek_blockwise 0 $BSIZE 0 + # TODO: this may pass but must not write a byte (write(0) is undefined). + # Test it with underlying dm-error or phony read/write syscalls. + # Skipping read is optimization. + # HINT: currently it performs useless write and read as well + RUN "P" $1 write_lseek_blockwise 0 $BSIZE 1 + RUN "P" $1 write_lseek_blockwise 0 $BSIZE $BSIZE + + # beginning of device + RUN "P" $1 write_lseek_blockwise 1 $BSIZE 0 + RUN "P" $1 write_lseek_blockwise 1 $BSIZE 1 + RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE-1)) + RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE/2)) + + # somewhere in the 'middle' + RUN "P" $1 write_lseek_blockwise 1 $BSIZE $BSIZE + RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE+1)) + RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((2*BSIZE-1)) + RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((BSIZE+BSIZE/2-1)) + + # cross-sector tests + RUN "P" $1 write_lseek_blockwise 2 $BSIZE $((BSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) + RUN "P" $1 write_lseek_blockwise 2 $BSIZE $((2*BSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((2*BSIZE-1)) + + # including one whole sector + RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE)) + RUN "P" $1 write_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) + RUN "P" $1 write_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+2)) $BSIZE $((BSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((2*BSIZE)) $BSIZE $((BSIZE+1)) + RUN "P" $1 write_lseek_blockwise $((3*BSIZE-2)) $BSIZE $((BSIZE+1)) + + # hiting exactly the sector boundary + RUN "P" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE 1 + RUN "P" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE $((BSIZE+1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((BSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((2*BSIZE-1)) + + # device end + RUN "P" $1 write_lseek_blockwise 1 $BSIZE $((DEVSIZE-1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+1)) + RUN "P" $1 write_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE)) + RUN "P" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE-1)) + + # this must fail on device, but pass on file (which is unfortunate and maybe design mistake) + RUN "$BD_FAIL" $1 write_lseek_blockwise 1 $BSIZE $((DEVSIZE)) + RUN "$BD_FAIL" $1 write_lseek_blockwise $((BSIZE-1)) $BSIZE $((DEVSIZE-BSIZE+2)) + RUN "$BD_FAIL" $1 write_lseek_blockwise $((BSIZE)) $BSIZE $((DEVSIZE-BSIZE+1)) + RUN "$BD_FAIL" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE)) +} + +[ -n "$CRYPTSETUP_PATH" ] && skip "Cannot run this test with CRYPTSETUP_PATH set." + +which $STRACE > /dev/null 2>&1 || unset STRACE +test -x $BW_UNIT || skip "Run \"make `basename $BW_UNIT`\" first" + +FAILS=0 +WARNS=0 +DEVSIZEMB=2 +DEVSIZE=$((DEVSIZEMB*1024*1024)) + +PAGE_SIZE=$(getconf PAGE_SIZE) +echo "System PAGE_SIZE=$PAGE_SIZE" + +echo "Run tests in local filesystem" +falloc $DEVSIZEMB $LOCAL_FILE || fail "Failed to create file in local filesystem." +BSIZE=$(stat -c "%o" $LOCAL_FILE) +if [ $BSIZE -gt $((512*1024)) ]; then + echo "Detected file block size: $BSIZE bytes" + echo "Tuning it down to system page size ($PAGE_SIZE bytes)" + BSIZE=$PAGE_SIZE +fi +run_all $LOCAL_FILE + +[ $(id -u) -eq 0 ] || { + echo "WARNING: You must be root to run remaining tests." + test $FAILS -eq 0 || fail "($FAILS wrong result(s) in total)" + cleanup + exit 0 +} + +DEVBSIZE=512 +BSIZE=$DEVBSIZE +EXP=0 +DEVSIZEMBIMG=32 + +echo "# Create classic 512B drive" +echo "# (logical_block_size=$DEVBSIZE, physical_block_size=$((DEVBSIZE*(1</dev/null) function remove_mapping() { - [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove $DEV_NAME3 - [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 - [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME + [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1 + [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 >/dev/null 2>&1 + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1 losetup -d $LOOPDEV >/dev/null 2>&1 - rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG >/dev/null 2>&1 + rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $VK_FILE missing-file >/dev/null 2>&1 + rmmod scsi_debug 2> /dev/null + scsi_debug_teardown $DEV } function force_uevent() @@ -60,28 +66,40 @@ function fail() { [ -n "$1" ] && echo "$1" remove_mapping - echo "FAILED" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done exit 2 } +function fips_mode() +{ + [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] +} + function can_fail_fips() { # Ignore this fail if running in FIPS mode - [ -z "$FIPS_MODE" -o "$FIPS_MODE" -eq 0 ] && fail $1 + fips_mode || fail $1 } function skip() { [ -n "$1" ] && echo "$1" remove_mapping - exit 0 + [ -z "$2" ] && exit $2 + exit 77 } function prepare() { - [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1 case "$2" in + file) + remove_mapping + dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1 + sync + ;; wipe) remove_mapping dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1 @@ -90,24 +108,26 @@ function prepare() ;; new) remove_mapping - bzip2 -cd compatimage.img.bz2 > $IMG + xz -cd compatimage.img.xz > $IMG # FIXME: switch to internal loop (no losetup at all) echo "bad" | $CRYPTSETUP luksOpen --key-slot 0 --test-passphrase $IMG 2>&1 | \ grep "autoclear flag" && skip "WARNING: Too old kernel, test skipped." losetup $LOOPDEV $IMG - bzip2 -cd compatv10image.img.bz2 > $IMG10 + xz -cd compatv10image.img.xz > $IMG10 ;; reuse | *) if [ ! -e $IMG ]; then - bzip2 -cd compatimage.img.bz2 > $IMG + xz -cd compatimage.img.xz > $IMG losetup $LOOPDEV $IMG fi - [ ! -e $IMG10 ] && bzip2 -cd compatv10image.img.bz2 > $IMG10 + [ ! -e $IMG10 ] && xz -cd compatv10image.img.xz > $IMG10 ;; esac if [ ! -e $KEY1 ]; then - dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 + #dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 + echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1 + echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1 fi if [ ! -e $KEY2 ]; then @@ -139,6 +159,34 @@ function check_exists() check $1 } +# $1 path to scsi debug bdev +scsi_debug_teardown() { + local _tries=15; + + while [ -b "$1" -a $_tries -gt 0 ]; do + rmmod scsi_debug 2> /dev/null + if [ -b "$1" ]; then + sleep .1 + _tries=$((_tries-1)) + fi + done + + test ! -b "$1" || rmmod scsi_debug 2> /dev/null +} + +function add_scsi_device() { + scsi_debug_teardown $DEV + modprobe scsi_debug $@ delay=0 + if [ $? -ne 0 ] ; then + echo "This kernel seems to not support proper scsi_debug module, test skipped." + exit 77 + fi + + sleep 1 + DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) + [ -b $DEV ] || fail "Cannot find $DEV." +} + function valgrind_setup() { which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind." @@ -151,13 +199,92 @@ function valgrind_run() INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" } -[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." -[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped." +export LANG=C [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run -# LUKS tests +# LUKS non-root-tests +if [ $(id -u) != 0 ]; then + $CRYPTSETUP benchmark -c aes-xts-plain64 >/dev/null 2>&1 || \ + skip "WARNING: Cannot run test without kernel userspace crypto API, test skipped." +fi + +prepare "Image in file tests (root capabilities not required)" file +echo "[1] format" +echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail +echo "[2] open" +echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail +# test detached header --test-passphrase +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --header $HEADER_IMG $IMG || fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail +rm -f $HEADER_IMG +echo "[3] add key" +echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail +echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail +echo "[4] change key" +echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" +echo "[5] remove key" +# delete active keys PWD0, PWD2 +echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksRemove should return EPERM exit code" +echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail +echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail +# check if keys were deleted +echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +[ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" +echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +[ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code" +echo "[6] kill slot" +# format new luks device with active keys PWD1, PWD2 +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail +# deactivate keys by killing slots +$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail +$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: ENABLED" || fail +$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 2: DISABLED" || fail +echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 0 2>/dev/null && fail +echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 0 || fail +$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: DISABLED" || fail +echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksKill should return EPERM exit code" +echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 1 || fail +$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: DISABLED" || fail +# check if keys were deactivated +echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +echo "[7] header backup" +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail +echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG || fail +echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +echo "[8] header restore" +$CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail +echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail +echo "[9] luksDump" +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG $KEY1 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG -d $KEY1 || fail +$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail +$CRYPTSETUP luksDump $IMG | grep -q $TEST_UUID || fail +echo $PWDW | $CRYPTSETUP luksDump $IMG --dump-master-key 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksDump $IMG --dump-master-key | grep -q "MK dump:" || fail +$CRYPTSETUP luksDump -q $IMG --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE >/dev/null || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $IMG || fail + +echo "[10] uuid" +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG || fail +$CRYPTSETUP -q luksUUID $IMG | grep -q $TEST_UUID || fail + +[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." +[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped." +# LUKS root-tests prepare "[1] open - compat image - acceptance check" new echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail check_exists @@ -193,11 +320,11 @@ check # All headers items and first key material section must change prepare "[3] format" wipe -echo $PWD1 | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" prepare "[4] format using hash sha512" wipe -echo $PWD1 | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" prepare "[5] open" @@ -229,7 +356,7 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not prepare "[9] add key test for key files" -echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 || fail check "$KEY_SLOT1 $KEY_MATERIAL1" $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail @@ -242,20 +369,20 @@ $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail # Delete last slot prepare "[11] delete last key" wipe -echo $PWD1 | $CRYPTSETUP luksFormat $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail # Format test for ESSIV, and some other parameters. prepare "[12] parameter variation test" wipe -$CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV $KEY1 || fail +$CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV $KEY1 || fail check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail prepare "[13] open/close - stacked devices" wipe -echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail -echo $PWD1 | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail @@ -263,33 +390,33 @@ $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[14] format/open - passphrase on stdin & new line" wipe # stdin defined by "-" must take even newline #echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail -echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksFormat $LOOPDEV || fail +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q --key-file=- luksFormat --type luks1 $LOOPDEV || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail # now also try --key-file -echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV --key-file=- || fail echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # process newline if from stdin -echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV || fail echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[15] UUID - use and report provided UUID" wipe -echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid blah $LOOPDEV 2>/dev/null && fail -echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid blah $LOOPDEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV || fail tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) [ "$tst"x = "$TEST_UUID"x ] || fail -echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) [ "$tst"x = "$TEST_UUID"x ] || fail prepare "[16] luksFormat" wipe -echo $PWD1 | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV || fail -echo $PWD1 | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail -$CRYPTSETUP -q luksFormat --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # open by UUID @@ -298,52 +425,82 @@ $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # empty keyfile -$CRYPTSETUP -q luksFormat $LOOPDEV $KEYE || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEYE || fail $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail # open by volume key -echo $PWD1 | $CRYPTSETUP -q luksFormat -s 256 --master-key-file $KEY1 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 256 --master-key-file $KEY1 $LOOPDEV || fail $CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail +# unsupported pe-keyslot encryption +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-cipher "aes-cbc-plain" $LOOPDEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-key-size 256 $LOOPDEV 2>/dev/null && fail prepare "[17] AddKey volume key, passphrase and keyfile" wipe # masterkey -echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail -echo $PWD2 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail +echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail -echo $PWD3 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail -$CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail +echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail +$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail +# special "-" handling +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 - || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d - $KEY2 || fail +$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail + # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2 -$CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 3 || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail # keyfile/keyfile -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 4 || fail +$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail +$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail # passphrase/keyfile -echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 0 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail # passphrase/passphrase -echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV --key-slot 1 || fail +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail # keyfile/passphrase -echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 1 || fail +echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail prepare "[18] RemoveKey passphrase and keyfile" reuse $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail +# if password or keyfile is provided, batch mode must not suppress it +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail # kill slot using passphrase from 1 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail +# kill slot with redirected stdin +$CRYPTSETUP luksKillSlot $LOOPDEV 3 /dev/null || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail # remove key0 / slot 0 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail @@ -361,6 +518,16 @@ $CRYPTSETUP -q resize $DEV_NAME --size 100 || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail $CRYPTSETUP -q resize $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "19997 sectors" || fail +$CRYPTSETUP -q resize $DEV_NAME --device-size 1M || fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail +$CRYPTSETUP -q resize $DEV_NAME --device-size 512k --size 1023 >/dev/null 2>&1 && fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail +$CRYPTSETUP -q resize $DEV_NAME --device-size 513 >/dev/null 2>&1 && fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail +# Resize underlying loop device as well +truncate -s 16M $IMG || fail +$CRYPTSETUP -q resize $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail $CRYPTSETUP -q remove $DEV_NAME || fail $CRYPTSETUP -q status $DEV_NAME >/dev/null && fail echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail @@ -370,6 +537,30 @@ $CRYPTSETUP -q remove $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail $CRYPTSETUP -q remove $DEV_NAME || fail +# 4k sector resize (if kernel supports it) +echo $PWD1 | $CRYPTSETUP -q open --type plain $LOOPDEV $DEV_NAME --sector-size 4096 --size 8 >/dev/null 2>&1 +if [ $? -eq 0 ] ; then + $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "8 sectors" || fail + $CRYPTSETUP -q resize $DEV_NAME --size 16 || fail + $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail + $CRYPTSETUP -q resize $DEV_NAME --size 9 2>/dev/null && fail + $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail + $CRYPTSETUP -q resize $DEV_NAME --device-size 4608 2>/dev/null && fail + $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail + $CRYPTSETUP -q remove $DEV_NAME || fail +fi +# Resize not aligned to logical block size +add_scsi_device dev_size_mb=32 sector_size=4096 +echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV || fail +OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') +$CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail +dmsetup info $DEV_NAME | grep -q SUSPENDED && fail +NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') +test $OLD_SIZE -eq $NEW_SIZE || fail +$CRYPTSETUP close $DEV_NAME || fail +# Add check for unaligned plain crypt activation +echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV -b 7 2>/dev/null && fail +$CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail # verify is ignored on non-tty input echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail $CRYPTSETUP -q remove $DEV_NAME || fail @@ -387,59 +578,61 @@ prepare "[20] Disallow open/create if already mapped." wipe $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail $CRYPTSETUP create $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail -echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV 2>/dev/null && fail $CRYPTSETUP remove $DEV_NAME || fail -echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[21] luksDump" wipe -echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV $KEY1 || fail -echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV $KEY1 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail -echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || can_fail_fips -$CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || can_fail_fips +echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || fail +$CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE > /dev/null || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $LOOPDEV || fail prepare "[22] remove disappeared device" wipe dmsetup create $DEV_NAME --table "0 5000 linear $LOOPDEV 2" || fail -echo $PWD1 | $CRYPTSETUP -q -i 0 luksFormat /dev/mapper/$DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail # underlying device now returns error but node is still present dmsetup load $DEV_NAME --table "0 5000 error" || fail dmsetup resume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail -dmsetup remove $DEV_NAME || fail +dmsetup remove --retry $DEV_NAME || fail prepare "[23] ChangeKey passphrase and keyfile" wipe # [0]$KEY1 [1]key0 -$CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 0 || fail -echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 1 || fail +$CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail # keyfile [0] / keyfile [0] -$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 0 || fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail # passphrase [1] / passphrase [1] -echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV --key-slot 1 || fail +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT --key-slot 1 || fail # keyfile [0] / keyfile [new] -$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY2 $KEY1 || fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail # passphrase [1] / passphrase [new] -echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $LOOPDEV || fail +echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail # use all slots -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail # still allows replace -$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 || fail -$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail prepare "[24] Keyfile limit" wipe -$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail $CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail @@ -448,33 +641,42 @@ $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAM $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -l -1 2>/dev/null && fail -$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i1 -l 13 --new-keyfile-size 12 || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l -1 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail -$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail -$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail -$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -i1 -l 13 || fail +$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail +$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail +$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail # -l is ignored for stdin if _only_ passphrase is used -echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 -i1 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 $FAST_PBKDF_OPT || fail # this is stupid, but expected echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 11 2>/dev/null && fail echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 12 2>/dev/null && fail echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 12 || fail # offset -$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail -$CRYPTSETUP luksAddKey $LOOPDEV -i1 -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail +$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail -$CRYPTSETUP luksChangeKey $LOOPDEV -i1 -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail $CRYPTSETUP luksOpen -d $KEY2 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail +# large device with keyfile +echo -e '0 10000000 error'\\n'10000000 1000000 zero' | dmsetup create $DEV_NAME2 || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV /dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 || fail +$CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5119999999 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d /dev/mapper/$DEV_NAME2 \ + --keyfile-offset 5120000000 -l 13 /dev/mapper/$DEV_NAME2 --new-keyfile-offset 5120000001 --new-keyfile-size 15 || fail +dmsetup remove --retry $DEV_NAME2 prepare "[25] Create shared segments" wipe echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --offset 0 --size 256 || fail @@ -491,48 +693,56 @@ $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail $CRYPTSETUP -q remove $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail # LUKS -echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail -echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail +echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail prepare "[27] luksOpen with specified key slot number" wipe # first, let's try passphrase option -echo $PWD3 | $CRYPTSETUP luksFormat -S 5 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT -S 5 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5 -echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME && fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksClose $DEV_NAME || fail -echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -S 0 $LOOPDEV || fail +echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0 -echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail -echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail +echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail # second, try it with keyfiles -$CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail +$CRYPTSETUP luksFormat --type luks1 -q -S 5 -d $KEY5 $LOOPDEV || fail check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5 -$CRYPTSETUP luksAddKey -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1 $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail check_exists $CRYPTSETUP luksClose $DEV_NAME || fail -$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME && fail +$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail -$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail +$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail [ -b /dev/mapper/$DEV_NAME ] && fail prepare "[28] Detached LUKS header" wipe -dd if=/dev/zero of=$HEADER_IMG bs=1M count=4 >/dev/null 2>&1 -echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG || fail -echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail -echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail -echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail +echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG || fail +echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 --offset 8192 >/dev/null 2>&1 && fail +truncate -s 4096 $HEADER_IMG +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG -S7 >/dev/null 2>&1 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 80000 >/dev/null 2>&1 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 8192 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 0 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail $CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail @@ -540,14 +750,18 @@ $CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail +$CRYPTSETUP luksSuspend $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME && fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksClose $DEV_NAME || fail -echo $PWD1 | $CRYPTSETUP luksAddKey -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail prepare "[29] Repair metadata" wipe -$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 0 || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 || fail # second sector overwrite should corrupt keyslot 6+7 dd if=/dev/urandom of=$LOOPDEV bs=512 seek=1 count=1 >/dev/null 2>&1 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME >/dev/null 2>&1 && fail @@ -556,13 +770,242 @@ $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail prepare "[30] LUKS erase" wipe -$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY5 --key-slot 5 || fail -$CRYPTSETUP luksAddKey -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY5 --key-slot 5 || fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksErase -q $LOOPDEV || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: DISABLED" || fail +prepare "[31] Deferred removal of device" wipe +echo $PWD1 | $CRYPTSETUP open --type plain --hash sha256 $LOOPDEV $DEV_NAME || fail +echo $PWD2 | $CRYPTSETUP open --type plain --hash sha256 /dev/mapper/$DEV_NAME $DEV_NAME2 || fail +$CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 && fail +$CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail +$CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1 +if [ $? -eq 0 ] ; then + dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail + $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail + $CRYPTSETUP close $DEV_NAME2 || fail + $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail +else + $CRYPTSETUP close $DEV_NAME2 >/dev/null 2>&1 + $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 +fi + +# Interactive tests +# Do not remove sleep 0.1 below, the password query flushes TTY buffer (so the code is racy). +which expect >/dev/null 2>&1 || skip "WARNING: expect tool missing, interactive test will be skipped." 0 + +prepare "[32] Interactive password retry from terminal." new +EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/") + +expect - >/dev/null </dev/null </dev/null </dev/null </dev/null </dev/null </dev/null </dev/null </dev/null) +[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) + +function remove_mapping() +{ + [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 + [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME + losetup -d $LOOPDEV >/dev/null 2>&1 + rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE $HEADER_LUKS2_PV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1 + + # unlink whole test keyring + [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null + unset TEST_KEYRING + + rmmod scsi_debug 2> /dev/null + scsi_debug_teardown $DEV +} + +function force_uevent() +{ + DNAME=$(echo $LOOPDEV | cut -f3 -d /) + echo "change" >/sys/block/$DNAME/uevent +} + +function fail() +{ + [ -n "$1" ] && echo "$1" + remove_mapping + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + exit 2 +} + +function fips_mode() +{ + [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] +} + +function can_fail_fips() +{ + # Ignore this fail if running in FIPS mode + fips_mode || fail $1 +} + +function skip() +{ + [ -n "$1" ] && echo "$1" + remove_mapping + exit 77 +} + +function prepare() +{ + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME + + case "$2" in + wipe) + remove_mapping + dd if=/dev/zero of=$IMG bs=1M count=40 >/dev/null 2>&1 + sync + losetup $LOOPDEV $IMG + ;; + new) + remove_mapping + xz -cd compatimage.img.xz > $IMG + xz -dk $HEADER_KEYU.xz + # FIXME: switch to internal loop (no losetup at all) + echo "bad" | $CRYPTSETUP luksOpen --key-slot 0 --test-passphrase $IMG 2>&1 | \ + grep "autoclear flag" && skip "WARNING: Too old kernel, test skipped." + losetup $LOOPDEV $IMG + xz -cd compatv10image.img.xz > $IMG10 + ;; + reuse | *) + if [ ! -e $IMG ]; then + xz -cd compatimage.img.xz > $IMG + losetup $LOOPDEV $IMG + fi + [ ! -e $IMG10 ] && xz -cd compatv10image.img.xz > $IMG10 + ;; + esac + + if [ ! -e $KEY1 ]; then + #dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 + echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1 + echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1 + fi + + if [ ! -e $KEY2 ]; then + dd if=/dev/urandom of=$KEY2 count=1 bs=16 >/dev/null 2>&1 + fi + + if [ ! -e $KEY5 ]; then + dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1 + fi + + if [ ! -e $KEYE ]; then + touch $KEYE + fi + + cp $IMG $ORIG_IMG + [ -n "$1" ] && echo "CASE: $1" +} + +function check_exists() +{ + [ -b /dev/mapper/$DEV_NAME ] || fail +} + +function valgrind_setup() +{ + which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + +function dm_crypt_keyring_support() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + VER_PTC=$(echo $VER_STR | cut -f 3 -d.) + + test -d /proc/sys/kernel/keys || return 1 + + [ $VER_MAJ -gt 1 ] && return 0 + [ $VER_MAJ -eq 1 -a $VER_MIN -gt 18 ] && return 0 + [ $VER_MAJ -eq 1 -a $VER_MIN -eq 18 -a $VER_PTC -ge 1 ] && return 0 + return 1 +} + +function dm_crypt_keyring_flawed() +{ + dm_crypt_keyring_support && return 1; + + [ $VER_MAJ -gt 1 ] && return 0 + [ $VER_MAJ -eq 1 -a $VER_MIN -ge 15 ] && return 0 + return 1 +} + +function dm_crypt_keyring_new_kernel() +{ + KER_STR=$(uname -r) + [ -z "$KER_STR" ] && fail "Failed to parse kernel version." + KER_MAJ=$(echo $KER_STR | cut -f 1 -d.) + KER_MIN=$(echo $KER_STR | cut -f 2 -d.) + + [ $KER_MAJ -ge 5 ] && return 0 + [ $KER_MAJ -eq 4 -a $KER_MIN -ge 15 ] && return 0 + return 1 +} + +function dm_crypt_sector_size_support() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + VER_PTC=$(echo $VER_STR | cut -f 3 -d.) + + if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then + return 0 + fi + + return 1 +} + +function test_and_prepare_keyring() { + which keyctl > /dev/null 2>&1 || skip "Cannot find keyctl, test skipped" + keyctl list "@s" > /dev/null || skip "Current session keyring is unreachable, test skipped" + TEST_KEYRING=$(keyctl newring $TEST_KEYRING_NAME "@u" 2> /dev/null) + test -n "$TEST_KEYRING" || skip "Failed to create keyring in user keyring" + keyctl search "@s" keyring "$TEST_KEYRING" > /dev/null 2>&1 || keyctl link "@u" "@s" > /dev/null 2>&1 + load_key user test_key test_data "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped." +} + +# $1 type +# $2 description +# $3 payload +# $4 keyring +function load_key() +{ + keyctl add $@ >/dev/null +} + +function setup_luks2_env() { + echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $LOOPDEV || fail + $CRYPTSETUP luksDump $LOOPDEV >/dev/null || fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail + HAVE_KEYRING=$($CRYPTSETUP status $DEV_NAME | grep "keyring") + if [ -n "$HAVE_KEYRING" ]; then + HAVE_KEYRING=1 + else + HAVE_KEYRING=0 + fi + $CRYPTSETUP close $DEV_NAME || fail +} + +# $1 path to scsi debug bdev +scsi_debug_teardown() { + local _tries=15; + + while [ -b "$1" -a $_tries -gt 0 ]; do + rmmod scsi_debug 2> /dev/null + if [ -b "$1" ]; then + sleep .1 + _tries=$((_tries-1)) + fi + done + + test ! -b "$1" || rmmod scsi_debug 2> /dev/null +} + +function add_scsi_device() { + scsi_debug_teardown $DEV + modprobe scsi_debug $@ delay=0 + if [ $? -ne 0 ] ; then + echo "This kernel seems to not support proper scsi_debug module, test skipped." + exit 77 + fi + + sleep 1 + DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) + [ -b $DEV ] || fail "Cannot find $DEV." +} + +export LANG=C + +[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." +[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped." + +prepare "[0] Detect LUKS2 environment" wipe +setup_luks2_env + +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run + +prepare "[1] Data offset" wipe +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 1 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 16385 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 32 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --align-payload 16384 --offset 16384 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --offset 16384 || fail +$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 16384)) \[bytes\]" || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 1024 --offset 16384 >/dev/null || fail +$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 16384)) \[bytes\]" || fail +truncate -s 4096 $HEADER_IMG +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG -q --offset 80000 >/dev/null 2>&1 || fail + +prepare "[2] Sector size and old payload alignment" wipe +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 511 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 256 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 8192 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 512 || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --align-payload 5 || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 512 --align-payload 5 || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 2048 --align-payload 32 >/dev/null || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 4096 >/dev/null || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 2048 --align-payload 32768 >/dev/null || fail +$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 2048 >/dev/null || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --sector-size 4096 --align-payload 32768 >/dev/null || fail +$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail + +prepare "[3] format" wipe +echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV || fail +prepare "[4] format using hash sha512" wipe +echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV || fail +$CRYPTSETUP -q luksDump $LOOPDEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep -qe sha512 || fail + +prepare "[5] open" +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail +echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail +check_exists + +# Key Slot 1 and key material section 1 must change, the rest must not. +prepare "[6] add key" +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT || fail +echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail + +# Unsuccessful Key Delete - nothing may change +prepare "[7] unsuccessful delete" +echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksKillSlot should return EPERM exit code" +#FIXME +#$CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail +#$CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail + +# Delete Key Test +# Key Slot 1 and key material section 1 must change, the rest must not +prepare "[8] successful delete" +$CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail + +# Key Slot 1 and key material section 1 must change, the rest must not +prepare "[9] add key test for key files" +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 || fail +$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail + +# Key Slot 1 and key material section 1 must change, the rest must not +prepare "[10] delete key test with key1 as remaining key" +$CRYPTSETUP -d $KEY1 luksKillSlot $LOOPDEV 0 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail + +# Delete last slot +prepare "[11] delete last key" wipe +echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $LOOPDEV $FAST_PBKDF_OPT || fail +echo $PWD1 | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail + +# Format test for ESSIV, and some other parameters. +prepare "[12] parameter variation test" wipe +$CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV $KEY1 || fail +$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail + +prepare "[13] open/close - stacked devices" wipe +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $FAST_PBKDF_OPT || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 /dev/mapper/$DEV_NAME $FAST_PBKDF_OPT || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail +$CRYPTSETUP -q luksClose $DEV_NAME2 || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +prepare "[14] format/open - passphrase on stdin & new line" wipe +# stdin defined by "-" must take even newline +#echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q --key-file=- luksFormat --type luks2 $LOOPDEV || fail +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +# now also try --key-file +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks2 $LOOPDEV --key-file=- || fail +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +# process newline if from stdin +echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks2 $LOOPDEV || fail +echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +prepare "[15] UUID - use and report provided UUID" wipe +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid blah --type luks2 $LOOPDEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 $LOOPDEV || fail +tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) +[ "$tst"x = "$TEST_UUID"x ] || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail +$CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail +tst=$($CRYPTSETUP -q luksUUID $LOOPDEV) +[ "$tst"x = "$TEST_UUID"x ] || fail + +prepare "[16] luksFormat" wipe +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --master-key-file /dev/urandom --type luks2 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --master-key-file /dev/urandom --type luks2 $LOOPDEV -d $KEY1 || fail +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +# open by UUID +force_uevent # some systems do not update loop by-uuid +$CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +# empty keyfile +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEYE || fail +$CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +# open by volume key +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -s 256 --master-key-file $KEY1 --type luks2 $LOOPDEV || fail +$CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +prepare "[17] AddKey volume key, passphrase and keyfile" wipe +# masterkey +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail +echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail +echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail +$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail + +# special "-" handling +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 3 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 - || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d - $KEY2 || fail +$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail + +# [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2 +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 3 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail +$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail +# keyfile/keyfile +$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail +$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail +# passphrase/keyfile +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail +# passphrase/passphrase +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail +echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail +# keyfile/passphrase +echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail + +prepare "[18] RemoveKey passphrase and keyfile" reuse +$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail +$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" && fail +$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksRemoveKey should return EPERM exit code" +$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail +$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" && fail +# if password or keyfile is provided, batch mode must not suppress it +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail +echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail +# kill slot using passphrase from 1 +echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail +# remove key0 / slot 0 +echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" && fail +# last keyslot, in batch mode no passphrase needed... +$CRYPTSETUP luksKillSlot -q $LOOPDEV 1 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail + +prepare "[19] create & status & resize" wipe +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail +if dm_crypt_keyring_support; then + echo | $CRYPTSETUP -q resize --size 100 $DEV_NAME 2>/dev/null && fail +fi +echo $PWD1 | $CRYPTSETUP -q resize --size 100 $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail +echo $PWD1 | $CRYPTSETUP -q resize --device-size 51200 $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail +echo $PWD1 | $CRYPTSETUP -q resize --device-size 1M $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail +echo $PWD1 | $CRYPTSETUP -q resize --device-size 512k --size 1024 $DEV_NAME > /dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP -q resize --device-size 4097 $DEV_NAME > /dev/null 2>&1 && fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail +$CRYPTSETUP close $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksOpen --disable-keyring $LOOPDEV $DEV_NAME || fail +echo | $CRYPTSETUP -q resize --size 100 $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail +$CRYPTSETUP close $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail +if dm_crypt_keyring_support; then + $CRYPTSETUP -q resize --disable-keyring --size 100 $DEV_NAME 2>/dev/null && fail +fi +if dm_crypt_sector_size_support; then + $CRYPTSETUP close $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 4096 $LOOPDEV > /dev/null || fail + echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP -q resize --device-size 1M $DEV_NAME || fail + $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail + echo $PWD1 | $CRYPTSETUP -q resize --device-size 2049s $DEV_NAME > /dev/null 2>&1 && fail + echo $PWD1 | $CRYPTSETUP -q resize --size 2049 $DEV_NAME > /dev/null 2>&1 && fail + $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail +fi +$CRYPTSETUP close $DEV_NAME || fail +# Resize not aligned to logical block size +add_scsi_device dev_size_mb=32 sector_size=4096 +echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $DEV || fail +echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail +OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') +echo $PWD1 | $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail +dmsetup info $DEV_NAME | grep -q SUSPENDED && fail +NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') +test $OLD_SIZE -eq $NEW_SIZE || fail +$CRYPTSETUP close $DEV_NAME || fail + +prepare "[20] Disallow open/create if already mapped." wipe +$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2>/dev/null && fail +$CRYPTSETUP remove $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail +$CRYPTSETUP luksClose $DEV_NAME || fail + +prepare "[21] luksDump" wipe +echo $PWD1 | $CRYPTSETUP -q luksFormat --key-size 256 $FAST_PBKDF_OPT --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail +echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || fail +$CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE >/dev/null || fail +echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $LOOPDEV || fail +# Use volume key file without keyslots +$CRYPTSETUP luksErase -q $LOOPDEV || fail +$CRYPTSETUP luksOpen --master-key-file $VK_FILE --key-size 256 --test-passphrase $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE --key-size 256 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP luksOpen --test-passphrase $LOOPDEV || fail + +prepare "[22] remove disappeared device" wipe +dmsetup create $DEV_NAME --table "0 39998 linear $LOOPDEV 2" || fail +echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 /dev/mapper/$DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail +# underlying device now returns error but node is still present +dmsetup load $DEV_NAME --table "0 40000 error" || fail +dmsetup resume $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME2 || fail +dmsetup remove --retry $DEV_NAME || fail + +prepare "[23] ChangeKey passphrase and keyfile" wipe +# [0]$KEY1 [1]key0 +$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail +# keyfile [0] / keyfile [0] +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail +# passphrase [1] / passphrase [1] +echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT --key-slot 1 || fail +# keyfile [0] / keyfile [new] +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" && fail +# passphrase [1] / passphrase [new] +echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail +# use all slots +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail +# still allows replace +#FIXME +#$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail +#$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail + +prepare "[24] Keyfile limit" wipe +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail +$CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -l -1 2>/dev/null && fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail +$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail +$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail +$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" +$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail +$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail +# -l is ignored for stdin if _only_ passphrase is used +echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 $FAST_PBKDF_OPT || fail +# this is stupid, but expected +echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 11 2>/dev/null && fail +echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 12 2>/dev/null && fail +echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 12 || fail +# offset +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail +$CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail +$CRYPTSETUP luksOpen -d $KEY2 $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP luksClose $DEV_NAME || fail + +prepare "[26] Suspend/Resume" wipe +# LUKS +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail +echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP luksSuspend $DEV_NAME || fail +$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail +$CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail +echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + +prepare "[27] luksOpen with specified key slot number" wipe +# first, let's try passphrase option +echo $PWD3 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -S 5 --type luks2 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail +check_exists +$CRYPTSETUP luksClose $DEV_NAME || fail +echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +# second, try it with keyfiles +$CRYPTSETUP -q luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail +check_exists +$CRYPTSETUP luksClose $DEV_NAME || fail +$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +$CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +# test keyslot not assigned to segment is unable to unlock volume +# otoh it should be allowed to test for proper passphrase +prepare "" new +echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail +echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME 2>/dev/null && fail +[ -b /dev/mapper/$DEV_NAME ] && fail +echo $PWD0 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU $DEV_NAME 2>/dev/null && fail +$CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0 +$CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail +echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail +echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail + +prepare "[28] Detached LUKS header" wipe +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 4096 >/dev/null || fail +$CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: crypt" -A1 | grep -qe $((4096*512)) || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail +$CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail +$CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail +$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail +$CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail +$CRYPTSETUP luksSuspend $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME && fail +echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail +$CRYPTSETUP luksClose $DEV_NAME || fail +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail +$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail +$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail +$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail +echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail + +prepare "[29] Repair metadata" wipe +xz -dk $HEADER_LUKS2_PV.xz +$CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail +$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail +$CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail +$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail +$CRYPTSETUP -q repair $HEADER_LUKS2_PV || fail +$CRYPTSETUP isLuks $HEADER_LUKS2_PV || fail +$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV || fail +$CRYPTSETUP isLuks --type luks1 $HEADER_LUKS2_PV && fail + +prepare "[30] LUKS erase" wipe +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail +$CRYPTSETUP luksErase -q $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" && fail + +prepare "[31] LUKS convert" wipe +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail +$CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail +$CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail +$CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail +# hash test +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha1 || fail +$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail +$CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail +$CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail +$CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail +$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail +# sector size test +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 1024 $LOOPDEV $KEY5 || fail +$CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail + +# create LUKS1 with data offset not aligned to 4KiB +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --align-payload 4097 || fail +$CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail +$CRYPTSETUP isLuks --type luks2 $LOOPDEV || fail +$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail + +if dm_crypt_keyring_flawed; then + prepare "[32a] LUKS2 keyring dm-crypt bug" wipe + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail + $CRYPTSETUP close $DEV_NAME || fail + # key must not load in kernel key even when dm-crypt module is missing + if rmmod dm-crypt > /dev/null 2>&1; then + echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail + $CRYPTSETUP close $DEV_NAME || fail + fi +fi + +if dm_crypt_keyring_support && dm_crypt_keyring_new_kernel; then + prepare "[32] LUKS2 key in keyring" wipe + echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail + + # check keyring support detection works as expected + rmmod dm-crypt > /dev/null 2>&1 || true + echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + echo $PWD1 | $CRYPTSETUP luksResume --disable-keyring $DEV_NAME --header $HEADER_IMG || fail + $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail + $CRYPTSETUP close $DEV_NAME || fail +fi + +# FIXME: candidate for non-root tests +prepare "[33] tokens" wipe +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail +if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then + + test_and_prepare_keyring + + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN0 --token-id 3 || fail + $CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" || fail + # keyslot 5 is inactive + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 5 2> /dev/null && fail + # key description is not reachable + $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail + # wrong passphrase + load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase 2>/dev/null && fail + load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail + $CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME > /dev/null || fail + $CRYPTSETUP close $DEV_NAME || fail + $CRYPTSETUP token remove --token-id 3 $LOOPDEV || fail + $CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" && fail + + # test we can remove keyslot with token + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S4 $FAST_PBKDF_OPT $LOOPDEV || fail + $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 4 || fail + $CRYPTSETUP -q luksKillSlot $LOOPDEV 4 || fail +fi +echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 10 || fail +echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 11 --json-file - || fail +echo -n "$IMPORT_TOKEN" > $TOKEN_FILE0 +$CRYPTSETUP token import $LOOPDEV --token-id 12 --json-file $TOKEN_FILE0 || fail +$CRYPTSETUP token import $LOOPDEV --token-id 12 --json-file $TOKEN_FILE0 2>/dev/null && fail +$CRYPTSETUP token export $LOOPDEV --token-id 10 | diff --from-file - $TOKEN_FILE0 || fail +$CRYPTSETUP token export $LOOPDEV --token-id 11 | diff --from-file - $TOKEN_FILE0 || fail +$CRYPTSETUP token export $LOOPDEV --token-id 12 | diff --from-file - $TOKEN_FILE0 || fail +$CRYPTSETUP token export $LOOPDEV --token-id 12 --json-file $TOKEN_FILE1 || fail +diff $TOKEN_FILE0 $TOKEN_FILE1 || fail +$CRYPTSETUP token export $LOOPDEV --token-id 12 > $TOKEN_FILE1 || fail +diff $TOKEN_FILE0 $TOKEN_FILE1 || fail + +prepare "[34] LUKS keyslot priority" wipe +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -S 1 || fail +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -S 5 || fail +$CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail +$CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail +$CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase -S 1 || fail +echo $PWD2 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail +$CRYPTSETUP config $LOOPDEV -S 1 --priority normal || fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail +$CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase 2>/dev/null && fail + +prepare "[35] LUKS label and subsystem" wipe +echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "(no subsystem)" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "(no label)" || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --subsystem SatelliteTwo --label TheLabel || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "SatelliteTwo" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "TheLabel" || fail +$CRYPTSETUP config $LOOPDEV --subsystem SatelliteThree +$CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "(no label)" || fail +$CRYPTSETUP config $LOOPDEV --subsystem SatelliteThree --label TheLabel +$CRYPTSETUP luksDump $LOOPDEV | grep "Subsystem:" | grep -q "SatelliteThree" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Label:" | grep -q "TheLabel" || fail + +prepare "[36] LUKS PBKDF setting" wipe +echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --pbkdf bla $LOOPDEV >/dev/null 2>&1 && fail +# Force setting, no benchmark. PBKDF2 has 1000 iterations as a minimum +echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 999 $LOOPDEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 1234 $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Iterations:" | grep -q "1234" || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2id --pbkdf-force-iterations 3 $LOOPDEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2id --pbkdf-force-iterations 4 --pbkdf-memory 100000 $LOOPDEV || can_fail_fips +$CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "argon2id" || can_fail_fips +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2i --pbkdf-force-iterations 4 \ + --pbkdf-memory 1234 --pbkdf-parallel 1 $LOOPDEV || can_fail_fips +$CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "argon2i" || can_fail_fips +$CRYPTSETUP luksDump $LOOPDEV | grep "Time cost:" | grep -q "4" || can_fail_fips +$CRYPTSETUP luksDump $LOOPDEV | grep "Memory:" | grep -q "1234" || can_fail_fips +$CRYPTSETUP luksDump $LOOPDEV | grep "Threads:" | grep -q "1" || can_fail_fips +# Benchmark +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf argon2i -i 500 --pbkdf-memory 1234 --pbkdf-parallel 1 $LOOPDEV || can_fail_fips +[ 0"$($CRYPTSETUP luksDump $LOOPDEV | grep "Time cost:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips +[ 0"$($CRYPTSETUP luksDump $LOOPDEV | grep "Memory:" | cut -d: -f 2 | sed -e 's/\ //g')" -gt 0 ] || can_fail_fips +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 -i 500 $LOOPDEV || fail +[ 0"$($CRYPTSETUP luksDump $LOOPDEV | grep -m1 "Iterations:" | cut -d' ' -f 2 | sed -e 's/\ //g')" -gt 1000 ] || fail + +prepare "[37] LUKS Keyslot convert" wipe +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail +$CRYPTSETUP -q luksConvertKey $LOOPDEV --key-file $KEY5 2>/dev/null && fail +$CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail +$CRYPTSETUP -q luksConvertKey $LOOPDEV -S 5 --key-file $KEY5 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips +$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || can_fail_fips +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -S 1 --key-file $KEY5 || fail +$CRYPTSETUP -q luksKillSlot $LOOPDEV 5 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail +echo $PWD1 | $CRYPTSETUP -q luksConvertKey $LOOPDEV -S 1 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips +$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || can_fail_fips +echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 21 --unbound -s 16 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksConvertKey --pbkdf-force-iterations 1001 --pbkdf pbkdf2 -S 21 $LOOPDEV || fail + +prepare "[38] luksAddKey unbound tests" wipe +$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail +# unbound key may have arbitrary size +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 16 $LOOPDEV || fail +echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 32 -S 2 $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" || fail +dd if=/dev/urandom of=$KEY_FILE0 bs=64 count=1 > /dev/null 2>&1 || fail +echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 512 -S 3 --master-key-file $KEY_FILE0 $LOOPDEV || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" || fail +# unbound key size is required +echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $LOOPDEV 2>/dev/null && fail +echo $PWD3 | $CRYPTSETUP -q luksAddKey --unbound --master-key-file /dev/urandom $LOOPDEV 2> /dev/null && fail +# do not allow to replace keyslot by unbound slot +echo $PWD1 | $CRYPTSETUP -q luksAddKey -S5 --unbound -s 32 $LOOPDEV 2>/dev/null && fail +echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail +echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV --test-passphrase || fail +echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV $DEV_NAME 2> /dev/null && fail +echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV --test-passphrase || fail +echo $PWD1 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail +echo $PWD1 | $CRYPTSETUP -q open $LOOPDEV --test-passphrase || fail +# check we're able to change passphrase for unbound keyslot +echo -e "$PWD2\n$PWD3" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT -S 2 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP open --test-passphrase $FAST_PBKDF_OPT -S 2 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP -q open -S 2 $LOOPDEV $DEV_NAME 2> /dev/null && fail +# do not allow adding keyslot by unbound keyslot +echo -e "$PWD3\n$PWD1" | $CRYPTSETUP -q luksAddKey $LOOPDEV 2> /dev/null && fail +# check adding keyslot works when there's unbound keyslot +echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-file $KEY5 -S8 || fail +echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP close $DEV_NAME || fail +$CRYPTSETUP luksKillSlot -q $LOOPDEV 2 +$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 $LOOPDEV 2> /dev/null && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound 2> /dev/null $LOOPDEV 2> /dev/null && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV > /dev/null || fail +diff $KEY_FILE0 $KEY_FILE1 || fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV 2> /dev/null && fail +diff $KEY_FILE0 $KEY_FILE1 || fail +rm $KEY_FILE1 || fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV | grep -q "Unbound Key:" && fail +echo $PWD3 | $CRYPTSETUP luksDump --unbound -S3 $LOOPDEV | grep -q "Unbound Key:" || fail +$CRYPTSETUP luksKillSlot -q $LOOPDEV 3 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" && fail + +prepare "[39] LUKS2 metadata variants" wipe +tar xJf luks2_mda_images.tar.xz +echo -n "$IMPORT_TOKEN" > $TOKEN_FILE0 +for mda in 16 32 64 128 256 512 1024 2048 4096 ; do + echo -n "[$mda KiB]" + echo $PWD4 | $CRYPTSETUP open test_image_$mda $DEV_NAME || fail + $CRYPTSETUP close $DEV_NAME || fail + echo -e "$PWD4\n$PWD3" | $CRYPTSETUP luksAddKey -S9 $FAST_PBKDF_OPT test_image_$mda || fail + echo $PWD4 | $CRYPTSETUP open --test-passphrase test_image_$mda || fail + echo $PWD3 | $CRYPTSETUP open -S9 --test-passphrase test_image_$mda || fail + echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import test_image_$mda --token-id 10 || fail + $CRYPTSETUP token export test_image_$mda --token-id 10 | diff --from-file - $TOKEN_FILE0 || fail + echo -n "[OK]" +done +echo + +prepare "[40] LUKS2 metadata areas" wipe +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2> /dev/null || fail +DEFAULT_OFFSET=$($CRYPTSETUP luksDump $LOOPDEV | grep "offset: " | cut -f 2 -d ' ') +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=128k 2> /dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=127k 2> /dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=127k --luks2-keyslots-size=128k 2> /dev/null && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=128M >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k --luks2-keyslots-size=128k >/dev/null || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-metadata-size=128k || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "131072 \[bytes\]" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "$((DEFAULT_OFFSET-2*131072)) \[bytes\]" || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --luks2-keyslots-size=128k >/dev/null || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "131072 \[bytes\]" || fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset 16384 || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Metadata area:" | grep -q "16384 \[bytes\]" || fail +$CRYPTSETUP luksDump $LOOPDEV | grep "Keyslots area:" | grep -q "8355840 \[bytes\]" || fail +# data offset vs area size +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset 64 --luks2-keyslots-size=8192 >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset $((256+56)) >/dev/null 2>&1 && fail +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --key-size 256 --offset $((256+64)) >/dev/null || fail + +prepare "[41] Per-keyslot encryption parameters" wipe +KEYSLOT_CIPHER="aes-cbc-plain64" +$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail +$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 2 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +# unbound keyslot +echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-slot 21 --unbound -s 32 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail +echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-slot 22 --unbound -s 32 $LOOPDEV || fail +echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $LOOPDEV --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail +[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail + +remove_mapping +exit 0 diff --git a/tests/compatimage.img.bz2 b/tests/compatimage.img.bz2 deleted file mode 100644 index b351cc6555028f211348e10e3a5300d7a7a2ddb8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 64972 zcmV)NK)1g_T4*^jL0KkKSzJd&%>i9hfB*mg|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0 z|NsC0|Nr2i{~LYY?Hlb=z4xy6j@@ndp7%<=^Vi+%-ZJ`q<-P5<-S>8P+WX$V_Ithc z_ZDZ@ednJ0wNu^Az4PCF_3nFX?Hc#n+q>^;H*ary?W^1GecANOyxz_B_qVURvflT5 z+wQ&hSGxIgzMpRHy6>IeZ+G3h?Vh*3+wW5DyH`8CbJv~j_V?S*o$l@I-R%2!Z+Y-sfLFS9Z1^Z9VPxzWd|e-kY@dZ?kpnTk8Ae_r34FpL+A%>+f#b z`o6sT@4K3**L?52bM7y<-)S#F-tS*udA|ESKJUHfuXkS_-uqtr?zeU3`{-`3OzV_RC`!nxuzWT{;ue<5@wtG9Ty86$zwOUl~ zy0<&t)r3WZ(jB8y?3YIZF}v{z4K3$yX>oPdwqLqdtUq1>aO2+Z)v^X zZ&%yrZ)V=z^UGb|ZQhsO?HjK9@2#$DyH@k>Mq9U+wBK8IZueU|@3+16)91eH?ar4w z-t}L0?q|5t_TKy2``bLe+t0o}-LJb{x3|^i_dD9>x<0#mvwe5lc?zF^CIAxv0Wc;2 zMg+hB1i=|k0WbiV695FlV3+_V38qW|G{67?U=08b42+CJMuDn`RQ#9;fihqMU`z>s z011GZFalrz38p3{2w(uGrkDXRi~wZF(;=V$X`!Y~001T$OaPe}ltQQA0W`rF0%@iR zrkI!sf?xt5N;s9!BXlQ5v)Bpe{06>}m0t5&U06>8P00*hnH(Klv000|}I?OmWm)EXm0F4b_Sat{U8-M~N(mK=00gJPc!F+-6 ziNge$%~dn6P2Xn*GZ*uo{5rQpQEm1fiO1@QZojy5wX3aV{>d$u!r;#&TSHV+tjo8WfMFxt z&$`x(DzS%Q3IqtJ6kbFSyS?mGaIpVZYu~JPZV0jCwEi7-xc^|_06>8P00C6pB&iX=^@)GR7t7*HnK6JI7Pc z6|ZuTk$} zH;uRoaxYIVB)Iu>oj$`oDQtVOW(-bS-^R7FP{q=d%Cma>9SXw!JvtV0IBIrB%2;x& zl~%g9F_&s7lTCvi(P~EK1Ivn~Q&Z}hkVDps%lUZFb(;c&eH~v9lb?~2ipmx^;LxmR zt|JXfSma8<1E3s@2k&RK>i9%jw*R^SZneria-y1TiV}E~tE|%2qAY~UiHlZG?D3DXHtHrxirJfg(wx~C=l8^;$Q=ZA-qFSt zVNGW*$_wtZDz^ExyC+X=uZ1u901LVzg{AT$1%+43n6M>p7SP3oBX=0Np%bX%LxEQi zHAnJWH4bFoo(2egAhluXr2i1|ER}r75P%7GeLi<ooessfR16u*jrR;_jWmXE%vdKK|4)`fn|B!j?-))W4Eu*I2xXGX~<2=SGvA2 zCR;%40~8}BA~fL(sH6H8`5-K0yq3ot>z(p~BxbF0ovj3EU)rG6V=hqgjCiec<*9cf zvABKoWk-9Vu;Y4?yX}I;23vUe6dG#a#fJgm+-Js`z5)B)6!s2ch9IrQu)8U;h$OrG zyZdeE(N)E?&I3a|AqPhj4q?w+Vl{USex&&VLR6D!LQqbBQK@42ZL9q%am99 zM0Wr%wxM|H-zz-e4av0tmC15VNRRVE8OUf#0pD#;E8i~ck zmJFe5E6R@dMW0$t9&)k$C&%&ruUhxT(vtbSn#8yrCm2pP;AE9p?BncQ(v4bAGaDXA zqU3)-Z*Vq)d$HMB42`QU;y$(E^r9Lrfgyba_+kiP=c2c z!ov=76-%+mqIqWR&e?fVV$r6An0D_FyeeZOkH=c0M#WtgYc^~D(h>C0JX@Izoj$Xu z4-VB8qBwxN6Qa!jpdDZoW+V*W1cX6Ia*B)kVPi*Q_#&X_O|=aRQ9_3P(E z$grE^YJc*VOZQRdpshG8-##Y9XeYc8>ypLU-|9u3WH0iDA(>~IFag{ug8ia=cc*`V zKNkeUf6@;flP-`g-~Yl2i0QTl!dCGerHN;E&d_C| zXe~dETF5MGr*2b6A4TS3?7)bAo3@D9i|X3hUk?7FWgZ5Z=3$5eJ|lE5M|4cnc~@56 zV=Mm+c7_VQJMOMo4&)JFs)`hl`k%kZt!ssS(Yyp0gg`S0(H+wza)>A%(cqEFfnjmRcp z(VNjRsu}Z}bX}_hV`$aN!5MNbdQDrNc)y2->iEe=pnmQiVb^h^;1WdZ13KfCH=(+~ zxZ2y6wu9Jg76C0%9_;1pO=ubyzwh|}!D=rCdYffW-aBuRf6&))qMcUb52hK;g@7P3Ak>n%3Xbdw4?Z=*vw-)q&dO7)Ey!`ToMs%C$*nvtPNOVBR9wy9 zG^iL3Zz=y~3c>>1nxLSap=5%aG&wpm??hytFcHpj-HiBjf;R_oxy~5gZym3~1(Se6 z*o+Lo#`J%bSSYImU46f@w08g7KcreFm%eFhh+-leAia9AL&$gfS_s(&Xy$DrDFFLJ zR!xcORig41s<*eb$Ve$F%eTt?0z*Mzh^!y0ypBEH41A^0VqUTy(=8#Nr8MNMIxteJ zz!YerQTy5)uc90d-5wlS!1^X(-yoe8Eu#vnQmA~c{<9PK<8kxe5y=me_|jhh*pto4 zZsqG-rJ79-LH{jE;r#9=^R6!@DuB;4Be+kp*ur*|qOt>{$-Ywf(i~Z}-Gt_?)T!1x zyjOIF9_=Ft)S%{E?4zjO6E|JS2;F0f#yG~v|Ed&|QFs-wG0U{{ z4!!)%{YZ&THOjG7X=)-YYSqhwY&qJ6{fv+%Gs2|j3gdh7<{6!9=IQ}6<5kzdn_@ee^+rT-NU-yI3|F(H)sUU`-Oqhkq=J_83`2h|IW zNRJNn`l)lVA|*aI!!)YAQETs#FT4r2nZS03Yn+#^>Br{tCxKjIrtI~^ z{Z891Hn*1`Ac#e%`mVPC@oT-i3_P72cv`y$7PonS0z{4b+q+7yv{Qtq%iH7n86RL_ zD`!V~nQ&;D_iHw&cHS_aG`SJ00{@6((Eq zdRpd*;(&bs-LerW)zh(^jJe=FJ=2?Rj~V6Dg8y;Zwd*LlqC+4EeKQ+7)zP_1j>dTt zlA=3#MwkQJ{fN8C?mx~2E%wxVOf8SQnhg`tT}K7EV>jZ!seMtR3;HX2qc(E`{U}dO zIMkthiv$mOiW#5xBqx&?)#4QzQNTqW1L7@F)O!0ZIPl*0eQgWQoh;(54KWMbbMmVL zIr!K=xxj9B>bkL=N!E(i>x9-jMRx%{rb3q^mDB})Ri>DFL?NM}VBVv*E{@3P?^=+C z7Kq7&#yIjGH+j-v;d%{5(9x4;)91ff`zO&2ewlCU-KAGhn%&_y_$!7dsBtT;)=sf+ zLq%JshBbiO8zfYMP9_5%3Mm|ca7oMQRi<)Y2kkp(ED&HxKSyt~VWPz#mw9|Qi*z2J z?2aPATHWNX_h5a^wjv`Jzou-nd|x^3JUz9&XHQWJG`m2a7th9sNj9w>l&NT>$GeqS z<9+VJRs?d`sNK{^w}=1a=-L_GL4a=^eiQL@(f@}H5ER0<_MDxL|=<6m-yZYXR&k`B;3>C z4%*OF?kEEY4)YrKNCd#irER6!e;cCqxLMTj?5?p+Uyhd&ZooylIdd$sx}S40VyM{| z-hC!R-3#hcu}_>=ebqFD(F=^GEe-B%;f-j1Y&Quz6T6=;3q9Nn2Z7qdbO5^=5N@^F zYc9iO=p3{ng#hlYIGl~qi)8k-Tdqb{hV+2e&Hj%lex>&n09uq{~#eXUMo=I5Du5l-8`A`G%p$`Xy$ z*3jWZVY85M&xP%Oo}dT45b+{x0D0U_d93D9(EuYh7gF}QeFo-HZ!?&(_Y)fBx%C(L zwm&&vd@iya?PVl0U${OPqjRL?3MgZLM@K^1&f(e-33&4#Xe!WP1ko;aiCc~=>xL3`4U;>rpN z3FIWs&;)+~k8QjRU(g1}I-tKj4`a=weMihOhGfg>lIKX5TouD=CJq%h@?7&9e7&CT zh@oU_jA%@TrFo=AcDix)PC{917LOxP`I;tnru%E+NnRZzOFmJ`zFyKJG1EzWHz`*o z=nlogW14!0TR0!&GqwABwd2{1Bdq%?)gm1PudosJ=dtWhxfxv5w?)|@pyD?_xHY{; zyf>q}vC-z)$EX4!^;f!=sjW6DZ-B1eCt5nGIWGVa&>i7G_p^oNAsK;rvBO2bQyyt$ z0CON`LuUE%eqav@Zx+bR%S*hmVLp<_kslqRJ*g;#hV3sWSBP(_^3b?h=Hss(sV9yA zjs^An9E@Uo-KhJgNqkc`_bux+o-odkEQS*T^<(puj#hds4DBA1`{5xb8n4M3e=`&2 zDqt(BKXWRU#dcNblc;2ke%}G6d<#vcCR!H)d(dkCQF7W;4b1hh5A!!_o^}*b41aLG z08LR_H-cwW9nF`Z8fFcG-9{l6!A4I$ON{EEeR)^~w#_{;GCy7HDx_$D)5R7~XVL zcICs>vA)~)+=H%YLHs)dK3QPaqRqZ@crq4Wz(0CJ=Ovd3N@feDuUnl!;=1 zXwK1(h(~b`qXqm>Cll#M3Ji&uZZ6FdC2F2rOT~B$9jHQ{3EJ#Tq1^ei@Btg7>3Cfn z&h*SsM36I}ds!wN)3df$wx?&LL>x0^H(^w6B%xFzZ%EwV5>p(gR6PvU5|$JlO|ixP zFdw99yK<-OQ$=k{eHCUQ2DY^iFFYoC4*%{EMwY7()5l-2Pc zg|6X#aE22GMM_=|CmPE|l71O@$V3O!3Ur_yE96!2>+$seL=63F4E7BWv2uFl)qsN} zOA?V?ca&8?aR6Q(w2iz=mmKE$Zwuy6kSOzkh~*fM*)wlZ#u??HwSccz z6w7VOnR|2cayd$A4X7hRfxUq6jXES7jkNl99_xMV1%JD|a=bl$%HALxB6cNQlQ+xK zK>r&cvr0imB^z)N#M3~|&xCZQFKK!=KOtvz$G(-zK@ZW`#>$C4S0X{+dvH0oZ~(8h zYqnEv55r?<<4+S5Tpn=!1^w}Q7|8Iv3b>L7Qyi70k^pj9BD~WYJuC{vZvJW$v8T#5hPq4yL8XDCsxz2eBHAYo&)D~*67?ksSH@aCcVSii3*Rn17w#N zau7|N8NCTW+D@(NYgML8J^dhXE1|?CuppNKqv0n?;(% zG_UoZ{-A?5Xx^9+-fH8}zL3!%;nKwLVrL`qi0H0%J?8AZRnYE{xTd)IOVBoUVNE-N*oom zUW6V67LZ$kA`g9y=0JxYAS`w<>iBL1o?c7))&8u3XS#g zqhy)x$^?hfYRJ5y$>Y)(v~P+ZpYv2Rby#bam2IKKo#Q;yPc7wH z#M?OBOHni5s-+*mE-_l5c-IoZz5MtNJC~co&timSc0gt4;8js=NJ?GNjjF28FhI6N zDGp4JqUtl{7X6}a>zs!A4}1+Eg9`&zp&fIQ=6I$G3Zt4=Hj+s}eq7!`W&H^eeKA^{ z;6~Rq(Bj*?%9Ha#kmPvIeAVxZKO;8H!@ShkBSJLg9H3`HuQ=uwUueUAFK#aTClAfu zaq@18&oktmM`xxDeV4|07BJhW7Y1-MRs;WX!ME>pc_c=EwzrS1S->-1K-O7@0k;sy zpqsh=;C9%#4cv6+vcI@3VaS``;h&c_!kno<1()FxwLGG{WfkDk(v+pOQi-Ew3U%Do z)Toni`$lD6V@23Vu}eEow}Afc05GyPLq>Bdl2x^eP4|a!zIM8iVB7Onq%0-@uqCJX zcwRN6Qs{2W@sz#9etJD-?lU~B)nnRqyF|31WlaIhmAFxU9J!xnbqa)5ebeQgEi_d< zA=-A%5a!}5CCGXr0-{YO>y(&G1JZtAL2eW&bxoWfWTeA&xErZ2;+~OEmTzu0%Dpzb zOcIoO3D6n849b1`SO2Yr{;q>2&m2pG{8G}n%hq5C%s#Ac2Gx6$HNXm(pT)rNI-A(% zQJvN4Z_BObl@NG(?IgxB6~z9a~Pp;6#DVp>lPdJ|kh*7<19jt47;@Za$4gkLBL&0{WE8RU~8A z{g(K>r))^SW<|E|G*U21i*T@5E5*fB&4vwg9BNxN0UJg$Ei$*R;$Y`ms6Zg-ZOY4`lVTm(Of7uhr#0*<T<+!ZRfWK@VB={83HP%<>eg?S*X0))Lid^`P6r)oCAHf4Y_U1V9j{o%bFZt z+^H;W_M6n7tCUV`*bI9v=hdLlnuDC4^BUx*ZkAW!y63{=?a?Ju#>X*0Alk8fkw-Og z?9Iec(~VeLm6>??mQ>9B+gr~*2x?;*8~*7`+1yxiFknoRia`rh+eERSao8_(ECD}b%i2z6evbzE;q|^ zkWfeXZ%}*xz-_hSf;Qq9qdmWu)gw=}h|_w40KPYd{Y~Fc7xT{@Rs@G7p5PgaEePCTfco$_UH=#6|HBm(TOLMf{FrcCbPvf z53iEY#JC}*f2*knbfFXW`j6-p| zwWP`9P@27?WE11h))jY-YMRXJ>q7qLlLR+~E|x~r@bOw4b=x0!4ubT*BJsV-;f+z! za(U$awgKpMRmloV9k(X4L7h7jhQZNYK@3J4i>23zUAecy6>yhQ=3+v6pE@kx7b#6` zw{Z;8qo$74(YE&KZxm)40%!ycGomZD`@iRiP>c)h_- z$vKx?UlpUwkCaLe^%Zuq_WYo>P$qwn-y;2(bfnk(9FF1bz;fdCl|6{G%qX^C`8COU z-9FqNyl}`rIK{=r141v>k0aqO1N=A!qkso=cMAFPvm|z9V8VyE*5b!<*vu*2nB zjq6%#osu#TutPJxog5gVNK!-odiM>w4*sqn+Yr1}OWeOAWwF|vFWU|+No~uz*+c1& zSh53Igkd<-zx0H{&G9I(mVCQiiLriG>!;TB1<)GQpRtiXxHO{QinaJO_rA$91*HJ` znwJUA$|06@96T0EGC;SBb+Rk~S#}rk+F#fua8;Ue&g=VIFUp>?5Oq6?MTOC`aHY#Y zix?(Nfy$I*;qkcMRZ{EU>YV9A+-k4*zJt+_-Nf>om-#1ny*Nr9x|F5vQ#mRTVMP;r z1AiTy&Kj1xhEC77kMF?|ZZ_R%K+#?W1jD1yFzjR7t}`yeh*=l^+2D5R6^U)kLPs%U zq>GxTY!}sDYpiI``;{{Wcxw?1i#Ko5iZ6xMe>N|^wP+iKq6!02pNpS@PbwMeJ51Xo zt!1bh@eV@Pf5(KBmHR%af*^n2QJahm)5~0RjYW->OXgVTa5Y;6H{u*|CM(t>DwT?V zTLrWW^>@eyJx`|V1-^|4Eg)OnU5Fx`p1T+Yr)&-x)_Fo=oajjW|e4+2PyMq&Lcl$dXM)}BzvQfl53l$CA+jzQZ~2Wma&eFJP(7YN3yeczip3p zja)-SrRHtHlJ|kbX2U&rHx>^UE0h$l+G8(&jj#4Ls#o1_+C64hsotnuzr$K1R}{^Q zXf1F7lM6zf|5?MZ$=A}%7+=%Beqin>OEl^np#Fvw+ht`pi7khIjlQO%nX{xtN4#rm z25qO8kr#Te8?J_?MRSe6>>fTP#ckrufM*U2drzbGugWlDzmJ`(44H+}SQa|oG)5ks zN2`Rkgdcxdpw;rw00?ZGkia6dmkzwg>fyO%TaIU1-r;1so{IP~#f8iCKblC?{5BtV znWX+8_V%mEt3Z{Or&9TGX+1b|k966V&=5b#I-)awa}SE)`OFno6A``|`m`#)0r|-H z3-C|;`6V>335JTD%_xpWqGtEei;S6yc*uDf0oCuK@2O1qnA z@O?Ad&9gYDjg~8jy;W+_Jp?r9TZRWuoL4&nRbchrvvT+tb~CKAOZvP=f~=3;(Qp zYFOrK@RV{1QA zwlKCSl*DG%woJte_hHCza2<*4IRIh+c#Qx6#`QbiZGKPuu(_fc9&o)Wc^PvsL|9cU8J5CZzSiT4!$%yIQ&{RrL@rQzsy5g3^O8Ws(Z^q z`lx7|HCVn>?qG^9emvj=jEVcAAc@Yw?O#y&4nJz%gJ`{98cO5-u!$J`sXEw2DMf(2 zJ{}2ioorBqWm+{!)@!0SD{?9PHlP6~raNu*GhitO-Gj3&G;+2&`CwuVJtpmS=;E9d zJ@5v1CN+I8;P$AkVlE=H2x!{J3Fq+z(--4H$RR@9j^W&UZY3Yl1B(E2P z2^ad2#_$beY5SX%R_BUrwQ$v8sIE*>dwVmZhu8AbM(c*!+Dwv0$J_ZJy=#hC8Uoc@eA#NY-x9^aX4zy6r&g0*0@hh3x%LoFwyl1pi<~?SX z;x*n~r)z~hkz`v;d@*klJiC4nmihwikfNkLFaz_tz!uADn-e$R@u?U#f-P?i^Ws%Q zVlz=e4ofubF@mA|(?JHGt@qqUlQU!%q)^v)l;bv5-{osp#P4SUtWB2~1^Gqq#TcYim~s>5Lyt7KbzipI3?) zzHdRo!!~KZau2h)Avin{3GFo*zR6I#6YO=8q4dPL0+l`o${CS{PxfkrQKeQpLV-c2 z9?t1`#rD6Ys_%8Hn4Qe%*z0maxN%&2O0snaJNg-S4&?6x{@igL0S+>5iY&&lBbk{W zTJ`Q!sUtM{(Q%tdgS>yzY*WBC!oP&dSCGM5K6FVN!~1fQUi{w%OoQIW(m7uXt&jlk zz3efFApaj%R6R{@3A(hqseg~fJ{L7-R0!zy3$7)MQxca7eOZK@`TsU##9`UZJ+;Rr zXZxb=4eU9=FZBm~f6jf(Fa2iRIUHM#r51K20;+6WC@UEq0&It$o$hCV0i@h5#Bb~^ z>LG1n60*ax7PN-r z?(dMox1(9Ur-)!^p1zR*`8v1~D6d@5w3X(oBXqX&y#~DC(Tygaf6OKSJxa{5Frc*{ z%Ypw}r%%08lIBhwe04L9cJw^C#_Yquxx2_h*>h)PYdf>|FC>!_<#2IGcbmG(h-#Qm zIdf6mLjn=<#J@fqh!=+$6a zfJ~JLoG)vrKQ7%UZu^7|#;?}MRPKp8NO726`9k;gQE!6=@ry3t-*r*K&P``%@ zt9B$Lke3Z=@%m9pD=o*S(R8v$neqit2riO>J@iKMZ=g-?(E7$19O;} z6isRTj(w!CnTlzx%Dm7Y7+h<;=v zeY6r~QxD96xyiF`bPbI^X&2MzH*6YTyqt3=VA+kUv!jFh)`!J-==)J^X2Z8#GiVEP zB>sUNTD)giWoU6BDCqJu^YTO@l_}{QN%KcUjw9egZk_8#Y&bv#wc9wGse=oKUuSps zeE+ETk@2?6<^1Um_MgTorF5ogc7l^KF?hh(Y-HjN-h#UZOxnOkFl(_=#s0^yK(ak< zTS~u7Jle_&$~NqjEIf!Yu|rxdP`s6a-`eq2K()%cCY5lBwbD!SOCxeYpm2XvIj7I1 z-RLIH7Y3>tUFU%E$r8b;)_TbjE=GKU~$DHi0l=0PcVrUcyTGrQ7M=j!)SA7o=yh5<|xfBT>l-#pjRq({# za?<*mky%61nk~<)93wpJymlC1j4%T4NxTjiDe zy}v@ct`-frhk7gs{wUZ(lP%O#mE9WyDJl&}p#iQ6U}sLk;K z)hI*QQ%=&Hl+fAF7rZ6GFXQn2;WFJw)^Pfh=Wmt86RG6JR0&Et&I+sYC2KhCEf4ji z%87-NOA*SH55fVt%l{bLN9$#d3yb_&!AcAWm3E zSe31<{0j~LGnaU;ncrf^Q*AdH4)i=7yJ7PkOKIRPvjQfNQ7EMF+v$|VEw{Z%SezI? zlbWRp#UH92Gi+7K2PWAnr}!X$`a3P%q<(H=#f5X}BJnkmfq%WRvIoN!H6&W9J^0GS z!wsrD$t4F`#c|gH3~Re^H6I^L`tO!U4t#ZjS?|B0H|`FOFku$|Yv*PXzVrhYP@*-jQ?gLao=i`&|3b0T&5sAv z1+0ul{9AS0hrW_rg&_ft(n$J~$Hw)7vqMK7$&Qsld}Fuq#R8iW@Y;GOM9*r(fFZm? z1RLgJ>=JkCfo2HkspfZ2G0XdaXS)Lz#mySfCOZ%2CMp7g?KMl%3b zGAQ-+*-w5L0#uxmQcLbNrUZrpf8iQ;EU~QTNxIejH8}m$CNTjG-q>xHlB>kg)OwG_ z$BE~)5E2U2KyV@X^+S$3mXr7IgDDBFz{S($Pd#THJaM?gG2H)c%YSULOTs{Mr{Vno zwmnPL_+_JAZrZy2V+nGAD@>OXOEG)}h8sV~>S=|UBgWTTb72u;tclr(%VoC}sDl1% zeJ5@MWmzgED{ggKUEz29%3KV6u65S()bJGcQbYu84+(49{l+bk*h#d`9Uq87_Hgrn zqby-Jr*yjkEj{p)J8F9DR#&~2AL3{RD&3E}7d6sxu~KUf#3ljR@ktn-pQK|8E-@NC zAETY*UF1&3$W=@vsWxOp2lMU^?|gYoaX5G30;uzp3yhm0Y=#GFc+m?<6N!md@B>= zWJ>v49bKVW7W{vgDWKmJiF3jv&K}v8W=}EVe?bAmz@7DV3E-W%mxb$|dAH02*R?608#P25or95E;!O&}npT=OMIdb&5fzPl+6w;9xGeo!} zYlGRqXzQo+TcxHWth$JN<$ZX!UU_%ErQ@OwHS^mFu zJp5NlEz&y^KbdFZ2C8KJqIxa~3Y?Na(oY*8WLf!~5D3)vQE;@q1exvh)FM7a4M?vl zDPNEp-fz=mg+iFW-5fp&U57;XZ6wzUQw)3{H=gb|iaKsRR^C!jZ*{dzk%GMnC!>Tk z@$+b2cMLE!HO-3d2~%9lyYE+8BO_aHXLV%|HWDt-)<|cX?DLaLa^i$MnC735uFyH* zvR4yaqJxt6!wLpv@G7_O#_lB5`>m879-%|n7Dw5sRN+G+PLDkh-fM#GMFwqxqZj%q z>sBHMJY3%r1$vo5fL7@Y2BRHXW1V55O@kl%h9c+??0^ZYq1iNY9@9#1&0PY}N*9wnl^{5wj*+(3K`_N|M#51CBXr@(y(mJ=!v zqnh6wNErCyghxlS3><=2`45!_YmE&Jb>(Jv#NGBBnUlnZAE6K+>(z*0Y4FH^RLKFy zE3=nKU$K{#m zG1}|_bmI?e>2=SN^JT#;St(Qa(k@)-!vuApbZkMPpLX#@SIB2F+2?ITVH#O_`d^;` zsdC()iDG_dUWaq*6qj_->Li$)YI<%^^-X%3ioZVBdjl&9iEPUVuVXBeB@^t>Y73i9ZyzcqXfx#mD5*o6b zk5QKNAOvOxM%oq*T)h=90>33Q`4|QO7`8GM_B`QzwfxKsWA@+O8kszaup0`gV^(bmJtywX9?Bo zZWX3Rc4o{oEp~wQq~mqM@=gIK#)_DTP4AGct0iNFknI(M;SMdY{!Wh~y3n1|D$wbc zQ68M$%6l}PP7%I{^gQ9-#ZT9gD0Dwkd_h(_YNjRXfc|KC5X3RDz~eh-@{-_GDQ+K+ zOC&5a-4F`Yrg1)c4QexQl?!v%%wl0fV5ZMOW{}q@wMAt>z+^oInjU{`ioFuvPx5B4 z5yK&sW4r`!&~KxrZ*6r;cd~b1LWGv>P&};Ur@bxGc%AMC_2nh@H&BnzkJOshcevAW zQjWI>o==#ruLJAeg*Ndm#oO&%-%uy<-~2;c>P;Hg^(s^PL^E_k;Y1X6XdrBARAZ!I z7Rse^a1cI-XC#_pz#@I&+CoXtd``l8zAv5?fy|DwyGhIARKjz_T-Sx$X}9bZ4{E}< zSyP=!W&0N`K#oXjAZ}amla94QjDEr2XOV4(uggq`Bt+-l^y;nVv`A!JwSLst5&Il? z<5CNQsqjIKJ6vRqN19T(rvh7_Zb7Qj&8>on{ZRgls4}KX7HGq>Q+F)ot2a;?YA}IJOt1{;dpaIS7J^Yt8}A z@UXahhd!MlcTJ*y)9~lugU9KY_p!*f+TZWLA0h1ezjtbQD1mNI*a!xdzP#{=lw1x% z?{*gX6DTqaLayRNLmpRF7&!DC5?DHe`akiX)y)gW5A8$(r67FrD_|-8c55R%vsaCS zHt#7~VeW~8US#vVD70_ZjgRxdG~4WyfhKj?m~lZ0C_9&?!a1O~Z$42lC;B8-#V1o; zpU}CUisw)6%y4RP9PfBJUUQse3HSpXx&mPw&pYe>PPaPVod`7LIhehI17q*TtC8Ft zV5Kk}8#N>`v575teYM(D=ibg=sccV64*d%}?);~|G3o-QezX|~Y*DVkV0wJk z{qk~=9qo=IJuuoz>l}P% zG(x1$q9pcFo7CFT6fYNuZWQaIRf=+|Isgc&8_O8F6Ev5*cL&pto=#VYWDHquFqdVAhgM%uW!6#yPZQH% zJo?~FTTYnNH}`_Muy&Up!d-XJ=!ffz(78LtNeUlW74i4m9gI<2BLo5Qsctssb=}7O zm9x*Rvzj5qvXI4PEg_*|Uxw*LE2q$`8d|#8am@67R;IRbfn&OuC&b6I?0392(|Fi6 zK*AY)+2gr0=K=+URCHg-vnn(w*7&$UDQ{_wi0g{ z1%WX4p;31HS_YJR5TN`WoOC4RR_<##Q2I}yr8F8_h|OS0Dop(4@XoTP8MrJV9T;-0 zL`aiAd<{YZ4})lNnBGITlGc1+=C#s_Hm;o(E%HiG^|KnjB%$%RM_0tdRC>^a{fs{F z*AyNWv_bq#?^qp$CIr+%=Cqwg>%5sIL?}Q_kAsu68-{N6S^Xo{6UaWlUZCoorjdqq zdc8>;XU1>sDql4Xi9A_PcwQ zL9KA5b;HcBRpSYCb6c1kaC z@kPqgqO+txMTE?IqHN8!%}Gwv_O5YNtyD zN@GZE(7&S!l4gPXSj`M}zHjl_5J1}N>~4?(@uoRnPMaB;5|F?hYT|7{Pf;9!ai88o za~TA!X+pU;n;~RfU=)g$(Emb5Ez?7)l(6byc(KAhi14Ttr!%V+4k+dEHe*rX6$H4z00)V-vV=m?pI=O1ycPlRdIS5LO>tNcUYVB^U3cj>)bsGtaF zcFE@NO5AyLSl8!DS8&^~R*Z^);o+rg4!o+q*H1^EdGl~-Z1g}zBVKS7o^RX?Q2zz9 zrGSpvhVf1@#u--cLK5N*&q)T1^Xm>HJOqBygA85(9YEs0RX0ef`JYnw)lO`_-sJP zIe>_fM1;-HcE}C64RU3zEd+AH$C<%3&X>A^Yhim?NYElhYTJ=K1BGHYaM-7x$E}mH zOYJ;>K##|8#x(CiWzzKtGG6gZvB6gCm*Mr8T*u8VkWYn=3FUysmI@lrChGq!iw-@rv*VC2WWO#rAo4!oMPm_=6@xfXrK;-7N9-UK3 zfU+}adWBoHSEcKYHT%DCPhe9m(-If3*Ud{nr?$d~G@I41*EU~=!G8B(#o=4gUhx<~ zQfh5%zg4JbZ3!i%$mB&K)=L7UHNXXnF`>*a7RDxxMxvbPr2+L1l6z=*=j~Ku>q0A1 z@1bE6^z2Dqro5SXjzS3y*oOYqJ`+|gGP-I3P}yc(>U}7L`^(hC6QLoj+ad}GufM|& zMNDA7-rq@il+b~h4)GBhCKS18*K>hfSI#Cb$`nwP-e!651GDh;^c`WPV0OU<#~EcY zWw;rg7xHKdMBnQF`j2N;5EJS1Dqv}n0z<-4s?1l#&HPq^E~gqF2|kC8Hu6Nz|Bb)s zII7aNZI18sdq{P%LOYA@#u6!|C~+i3*=h|nyz#(4?yAzFf8BjU-JleV+16L0 zQ1q$r?@OUHNuddvW8@vRp!J9s(F?kNG9B^rxSlOdLEW!Y-zt-Xw60#*u0c1Gs>P4X z5$2#f(@D_Tjo{G6ld3*-Tmda^t7m4Gm-+$8x_t z1M;;Re>Un`Zo`Egb9jZ6td@q7|5Jpq`;F|Z_ciA9y+&y4Fkq@Q=s{r;6v8{55d$I9 z(HM@=&CZC^J{Az-*LXqFP}#EGc^Lv=kKnq$)7%l)-JR3Ze-lXY&t;}#dY2nSNM-m957Vx7K# z$NZ3L7y+RQ9oLbNp%`Muj6A7jzFJlW$#CjlQrS?a6r!-*ygkj%+!*PGdOD)^h>qk{ zqj7_&w&kwa)ub)lzwgpZ=P0cei0^Ncia=&89bbhbyFh-0MN!bpq~OE9#yU#RScMTHL~PnBXX=;&Fx71m+@iO%!S3X6kx>K2G4c^eT?y*G9CS(njhbbzTdl0tXf`GRK+;)*%G8A&m zkkYRG{A9O-e{9N5y?Kz%wKiOnaa15T9DFQD85>Ibc17NiN~BsjIHP|B)6Fnve!QqJ zLR>kYrOEC}Pcbr+K75NH>dJ2}4Um0P+O29W}^UQL^u z#kTS=pk#Wo(WHPq*?Ba{maB?yKxmUo=wgaJb1VxPyV$^53W_ z!AI5lzRl(aG}Q|1-H)g`|3hMPjg^#-b3DV$6TY*jA%;y50SXkfJ_@^UF4<8`&$?&+ zJcjt&ojb)bhB``Cacz)+8U&G9pdtV!`*>yuL@(|T7w%=jdHjP^gcvxqqqes0Wk8&g6 zC%3@OYu=}Y?U~e>edq2=gm*miheq$Vvlx8Zo9}Awtu8+|ScWLP!wWJvJ@gn)==JyO zO4C&B^Dj83*@^E0OmIjF?5C{yI3sE!UUENeu&d;&>1dhi&)aRj108;6^2-Y(GZula z?Y<>x71l+yYS}6`*hz60zx+LMUVX@aoe+%lneQNW*C&U}QG$|q5{UKe*IQ_Lw=Km} zuTNt;WB{4tLClAUm2XqkpLjMt_n>A@;WFX7hsUTHQKXue=F}570K-0$*`=Ye@!Ef$ z1Usi_B@Lwfkvw*D4wDvcC0h=Sno5|N>lax%&g<5ERy~l_~ zarOmN(iG67qVb3CqT((g4`;xtk^{EOF%lG_g5=3 znzm=;Uq;EW#zzFkPRjH}H9E%exYTVgA}4C!O_{q%^#Za~%K|s9r&I8#&Ljg2x_P+3kX{cyZ;_J?z6h;-cs_D2vIHb1Bz zTiA-&*jFx@GZuSMG{+CqDA>m)om+Vs^(oxIX73w9jt@vnWJszgCK=G!v)I}oXmR=x z-fX92l1#7?_^&*2xylow0`x&wSK8~U>Sb|;P_$Ht`y>?v&L+-vPaZ+mEz4H@>CxNxC7fg@+a4;pM))+sqv zKJ`wo*Mah=*{n9`8}n4A*lUJ?I(5I;sTL0YlS$&2ddrwKQsxrXf@o%WjY8v&WBS|V zce>ipHa2_Tih?0+f-=xWe5b^`>(tncE%FHlW0N16ypzp5fb5H6=){vE`+We_2)tX< zSm3NFdHVha?%L$a255`-N9ATon}|C32KnVHP43y+vRk{P{Gyt?m0rC9mvAePDJEgg z66N5KdfAs68sZ}V zeS+@44*Qi!=qqNBoDqAWd*1Y6QdsfJS3h;U6#R0b5_2#*H)#fQAN_BCbmn*W3Clw6 zV&eKDe22^k4Eh&B>T!sY>+Z(QVf&T3B&H1>+R-C9zjZZc4$vB#QLtU14g*I^!Qy=e z>NEWHbsQdF0mnd*(cci%=-ROqk5TTDH0vgIh5CZViKciZX2^eKR+c%Pjf+Ju3wrUT>^kK=)Bad(zK zD1u_k%#>eruw8r8F~$u!K`)`fm^BrQw~kHXz8KA4mr_WAch~H!L$ZAhFX4IR6S`Lm zwFAZ$(@9}|ME7CayNjGoGJCx{iVeB#DLH;t^x{U`2eJ$vEAL9s|8#|9?Nx!-5Vtj5 zk9JsiToKPg4 zr3)7^6>s_j#32#iG|NtHx!lt~U$7yWsQatBZV(6-)GJ^vBs!Vv4uc&|#R3R{7_Y>0 zhWii*@H`HtpWnvnaHNhOMy|a#^_1HrD#56^)WXaWE4dNS7uAf}w+f6jXhjf?s4?-K zVQawJ=$g~%J0Vu4y2z0K)|1UOOUro9K>q={b}AkJ4$2ZL{8Wr)k|d8+2+LKN=RA{K z?;egRq^|K%Y)pdRz$D{qwhn^Z6`yYSK ziM5mPM^W^WsNNjgB^E}H-I1sBs+0r$oJCux59;{&s%aGS(>QQ?VYArDDs(>iJuEp> ztnJFcPmi)mAkK)B)RKRqOPm2UNS$m(e?KL_EVdv-%XYinVhtA~5fOwD&u#3Jkulm? zX0*(EZa3Ww8@a3koiRV=1f>@In&wg$ah1Nzgmd)~B(vZ-@XIFeziX{jVg&kEK5o}X zZd{VUXXkBZV%a}cMHUQ=8_Nkb@f-gTDPo$*O91SzAkINQ{;F{{3r|dXS7xh4NQ0X=DzN5F~7_fRPm4p zpxC7Bz~`MJhJLphtS{E0P=@d8m;6Rso4Q}SVYB-56O9eCy)GEK^ny4zcXN%k#`mPC zO?496qCz;F129A@_{;xFKw@NMfPdSjcL35ygMT*NbnLT~I5w+2rCQdp#A>UJR*q0q~BPn%R?4?Jhs_jTM`C=U{ zs4bC>3$5!>s4HBy5{gUR?Xrca3hcUu5+}Zxti5}^iub<$FVd|st!N@x43BFi( zsJK&lK;m!p3mU~rZKA#R#*uSFMvl7DdN2^*yY z3%0YtSH#-5$er&*rPBiVqO$hoRxzm0XU1v4rx>(|VBNUO4HAMsl5K`guoK@2!mL1B zn=$oPJ$|OxYd+LBJ`M|p4=I~5VYrmfL%`mOi;W~*4<_!_B)bY!o>dM2S5(i3v3pdn z50X3S!vfy~^1lh5^*DPKUHgZ7H|(Y%$h7Ws(fetv!72E91)(=y!QuvWeTz4&&&gIz zt~@B3tGQoq4I=siIobX^lW-@TpiwBVn}9h#1&(wOx&49&C(5 z?8xduy{ZUOxmpwS65b>BlikGK!x<)KuGY+tBO*=X7v42W^Hvc4{ zQKEe;kIrAQW}x2{6QTZ_n^O!Thk~!F3h}R^_5NO0B(Qf)sY6gO4J@o-N_^Be^rTHN zR7GZJA3%LA*MM~iOuxV(UH5+EfU9-=X_AJIm(h_*w$rK~BT76i%>YN?Q3^uQXxr9` z@;jx6K`8`jT3$p4G!pj#1GmIR*9?hG&DpGuv0HDQn~KbuDm6iwi& zkLr^0*^*Mv(4)j}`%A0}`f17UzOf8ngt7Jhr~7f#)EJAJFh8JlgVrMnGHvA(EQ3jU z-HhhK(4+!Jfxcf{gk0|g3s+*YTY|s5f+TjTAP}?{qYuB3pxPR47Q86!V>eKIeH-M+ zUK*HJ7(7L_s4s*QkbMJ*$jH#e32CETK3Ob75j_tY?~4a8b^z7_6Oh|c>n`^F-%gAz?9sBNEPh^-jR&D@b}O36 zgqkhrg3kWn#Z(z@3pvWOWe6mo;EIn6l*j=QuAC>rnXR_Rit3Z#r2%?EPhn%y^zm6) ziKYu2gL!~<`u|59Nv5-E@mIqErnTJxKe&A+Tlu!|>L8&DKp}7$_P~^}Zugxz+SQJT z^o|pFx;ajYW2c!Nl%1iE4|=DP7EnvNfL(av%U|Z*5a1{ePJ!0%m;LZ3Ons*LY)4*l z;*NzPgQbGR+4ZJDrJu2vMGoDRnrJiv{!(G6<&Iswc`2Sesw&I2c%HI`1=jE|zTC>k z1;|+_N4ZfiBM*VaR;DNp1D$yazqg#E!oQ+}pf3gIMhwpP?L_hBU+PxTSN8aJAvN@K$jX4ncWA0+~sCA524<49Pw5%5 zF_W7PQxPwh%~=8|Qt6Up{I5yo?=6$6PAmv~=HxIxExa?t>R)Sf)b~Z!%5?H9fQ04w z2Qc>s?Gm59nVYGI%Z#%@ryRV%(~qd5tm5Dby{c5sH*Ad{igf#jM|y>d@bN^BPS(fg zk5Gq?2}6gL|68k+XFq-^J%{9}dj7F>@Dp(uw-RcLC<`$me3s*CvCVH43mx54${28x z-Tf-$FdAC%{>h5vh@+7lO+%xxzze=Qd`>^1IsQy${s18-q0#98PWyj0?Ltc(pQ}UN+L&0nJ7r{J; zF9Hf-Qm#l=p|(@fk;yVQ!;33^p(kDnnrGWujYi)TQk52paQqL{iKF_i z)uS?+=5@XM+V3J}qr4_}^88k}y54L;D@fBrB}{*mP9~V&V~hpY4r%1{U4w=tMW{FA z&1}Xabrz5vyg5iPd`IZVlsZsZ6f~2V<)Qv-SM3WUa~ytPf_pZU;guL=F2rncF{WaE zK5qD0Vjq{%8Ql0zE{d`)?w*|@O|oQrC<29B4q}Nv)yv9Xjgr8-o&Do#Piu`Zayv}B z<)iWEpdCl{70vyjhp`Z(pPkI*Rg+1(eHD2D&%W}hokMMpa3kn(7wNS1#fn}8g$?%V zYJI5fT9!9d4D7yNo|)MKxtd{JQePUY)kLkuD!6i3yBHqQRExn+?lJi2@0U$-a*iW7 z6f(Z>U3MP>40b!){62raTj80dG&O&!-;;+Pwnzz%WReu5VgW2vd!x z$%J|9fU+i5Tt8nDUY7#nM>AthuaY;y9SxZ3xmQESj5UiC6sqR3I6$7TXdV>xs5{b0 zxTW4|v?)hblhr)zURatnxe@Ptgajg#GfR^4nZQp59{Gqe9lmx+%|&oAL+@&b@lEJc zt?#;hp|m@gApsrn=O$jPwQWW#e2=4Os%#9%x4mv?iuA+~(r9!@0AkHAsZaFI$TOhj z+HiK`l$Cm+_9%!r_P?5~cPRQ&31w+vJUyQ9!Jzg0Wz#Frckw5bC?+ENV>$&%p+LUg`M1+e*} zqu)@B024JCnHABgNoc){P_qN$Td?mre_je&ssx7=0HW;1kGdC+NhQxZ)px>TIe}47 zLZJk@scDpl*Aw4tO1; zs?JJ+e&no2ZTv4MLc3%zom6>-Ce(}M3KVJ3F_)tq{xAW%1%KIJ+treVom~On(DMD| zZKt^O!qV-&7+4-MP{(W7(HM6$=s1X~vgBA5FkzPXdouhr{6$BVI~v!{j=jaFLKyP0 zN0zw2sGDYwl8aCcnSEX|b+^@ND$7*IR(8H>dHFuO`P;UxfH6COJGpw|e8nVW?Jgcw zY4blc>S1-T5X$HsY8^GAd-vE^lil)u2XhoeMDb@}EAp;b12(s+VckB_DXZl0IRQL# zyd}*4EjF>Z-O`Y=i4}M0a-JMREAhnZoCU~6knW*OKjK@%`46dCmn`g~{V};NL4e=u zoNVsbAY(0<3c`ioM_P29$0^Urs1_d#!<8516)$_VuTF49;)VDdu~~pdCb$sPt_8Lb z;bq3ls`H|K+QQoH7fJY|XLZhYCZqv}$H|!x$2BDD()q5b*=a9OI2KR7 zq|NbKb41tX+SE&qY)|xresJ}`Q{u%}wNX>@H>>P}DeKMj*^cmyt7%J299X<38=t^t z>+KY=JJ0A<@r~naLoN2Ran?%LL(gqyzNV5s9-J>;z6*pGgfgk`l3lHL^`#rbLha|W z%Ng1v^xF3~QE94m?ic#Fk=>eaOST@dpo(l^_|^1_XQbq3+J6sMLesOUYYWNhfH3WA zgh81u1qCA*ffUmyFWl|(9F)mqUGJ*LLiI=w&{MSQK%6)sG6pj4mHq0M~mg+@VoPixK~`c({-$K16Etu8XTx zkSiK#{$|Bm+K%gr!q!qtN@Opaef+p)nd3u^T%BBTZg;=3sZNAO%$xR!P9}$F1&QPR zU-sSi89jnj+VG#uwcN4%c|WqhdtFHQV!&b|O0{8l^#tOAe{r3aR3ndW{ucQpai(;s z>htno64i41I=Zc;n|u5uGyCg2k-Ba<$}^bdQPci&<{V8Y<;3L*>*qy(gw6%b{!Fk~ zAq{TtfQ5~A>}j9;9%&3)!k$Hlz(u*(%q~uebg0sSqw{0{k|UgQd->Pd64M6;0e%xN zERt0gfk&vF=^?{(8UVm0ocSE;>sCX)HW!onm-+}W%UJn*GD_)nkHEi~#?rep1}8mN zbr==s8n`Zm>i}DV@^#bNhE~VenLf#)gW$wpA1!{Z!HNR8B+v1lE=n#OGBj$`PU_re z31viq2IRR5N*l#6t%cXsPIF92A;i5%ehO(yqkiuyTDyr;1@$g82LP*Cpa}wMz1&>W z8LKF0__0`9cJDN|_s|Hp<|bo8;J>sWOOuMq{!ucJ+8N}{ry0}G5u-hlogy?}pxM?x z$1<6~s|T>$*M&_p-D6a~b*}C5zp2q1fq{rS)jQ4EdO}FQ_b2K7CDwi4qawMx2_oQ$ z$F^)+H`8`b;?8tZ7bDvQc?{j{jFWA8Nq59X@>{YAia4|&n_Wm4w8=hch0xT>J`d(5 z({SkS1la)G#xSbK%XxXi>-0POE`OD(k#N`Yesk@1vyvsktdTlm99itC%3e4}23T0& zB6^hVwl%)AI_&Q^BU?T2fZ*3AuZnBt07OIco+15+iMl5`Yis=05}!yh2Gvu1U|`>f z?^UEEUgjEE#&YF5Ntq*vYHjt;8)SHmjpsAG$UqpH1IEoyu_o}(H@E#iaO&zza7vXA z&~Vt4tyra~mzj#sQhk(2#hdx+~Mj!TgVBU&;bD?3cLB7Iy0^EDP>vyBgDe1kg@ z8uXd{ULN#@@}Ee^VrKX}9M{WqH{a`i!2?3AY%C&Ssx*0rh|G5w%M_piwo^aD3H$9E z-dNZiCN&g(RyX48BW}(OqS9$B>1(i%?873NX5O{)P7q>YCwFja@+uF~u{>C9iyaiJIo8zv~;ccprKf4>*iN>g4xgR?@rL7;N5RHS6Bmv+7f9D(o&C$U?Y|k$JEpIrotk=o)Hx6=L~Dsr`XyhRJkAHwX7V72+rg5e>pYB<@|f_(N^S$o$&q9QX6C+%g&{Yf*c}4 z5Ib%8mQ?s#C8P{iHROE+)9I#$8afuZhcN^(Gu^#F*@oYSla2oyn{-VhO6tW0z1@+* z4Cef)c2uV*IP|VgcS7nzo2+~&%;Y`O47$N?mAM6fZ$f@0bTwDD+9DIg!%!pWNZ+r9 z?yNxFKo!@y-Tq(PuT7RB1@5^1SBR|Ps-+L%P2NlBojRx-ZNW&x;maLG`~%BKz(e#N zyk&WpunrUtX(n$p+Kv=B=TFZsH3DHH(*-+zw3k)R+z5{H5Nf3JOXj5Ze&B}tP;w{M zg(k566g{Rk7mC~*suO|X-K<|8sSi`vs7tmC?-JhI)JdQgWU zWFCwD{|^ZMF!e07@u#8Tbt=e0{*oj3Z`1AztiK1`oR7=Q3(fTxHKGtuYj+SystL$? zF68Uxmmt3f9aT@)Fjcs@Fg+)bxfD}Yd*tApLD)!BM?Av#h1h?xt~{V}kD zvW}hw1gYdd2{wc~mU@iBk6O-m`pE&+-fTf`t8l>%?&QZB)Cm9^fCS0^%NIkQ; z1j(dD*E+*lgfO3oAyO-k-lfEzI;owTp?L=l@ucc zNZ7MnD>Z+F(ZIXO=57y179dd*WhkFNX_@P4F+N7TJ2K4^QLhv-38d*Ydx}t4*;FgN z?z@N>V?+qDFT{m*lfMz{wzrh@FZ_nwD$+L+XDex()xq!=f}zP6la=a^aa&Ivbf4Pj zoB8ANhMn;#rr3Z)8^}1+L5K@lqmcxl`qjy`0bv?bCl2}9EBd+M(TX=xH)N0;-ua58d2+d_y3o9tb9TY@^5Sb`J6}GydvX^!L6^I1IPYDceEhx}Q|9+^j_CfH zp`S2J1cK=+%qPc)4qaD^zf#hzyYdRTOol&Z`jE{_*pdo?P!ZodijX3^uzXFL(>wVbydC z#@43VA7KC?k-3MVkf8b4fZEbdQ?A&#|B#lVE7zmXzM)_F`UF|a!ei2Eo(7v{v7-Y^ zU*1t4g~m~T;yn%tN3wN^jliPfA96BU-}<2)3WQR;5o@<}C3$r!(dIAXx2w4OQEr7q zvQhq3p)`_El*jfnD}!SxuiYc^jJ+*3-f)mWZ2$)Tyq#<{ouOr>v)@#%t;Ow1Y82Ez@8E@kF6Wry`%{m@8@aT*LeW0_9uLV2+v%nyJ7}8|962&llnp+63dz1e_mysDIygpj(fwNH5ng-emahl3 z88&eNCX4(?x2<=^JAZ90=!5;^uz*`)W7ycSyS(HRtCJQK*GT91m0q#b8Itqc4k?tF zmc1&0Lu6GD6tnlNMI8likU||XOHJouFYt5MGT_kmQl|i&h}-JP{H}~Q0Pf{i|p}({(aW^`M?gmrFgUu%T2PTTM2ul>zw6;c-84#Vi(}(vfh10 zCM;2R*nMxj2_rG_wCELgSrac7dPWLL!W^1Yh@M;NI-1FO8{#LHH$oNB6ZlXJkGXi5l&r(OE80;tO33p?)I3<1R0(Y@?;vn_qfW`9Oe|Xe` z1#ba^8=5D)UV(Vy45V|_i;2Mb1C^L1@#N$9CBJ$)s+~>uFzRU8+jD>p3e+wp%VQYj z^7e||(2zMQ%}FuWGf`>s`i7=v2UO&r-YE^adN}?Fx9>m}{Zbxd@M>~UJ?t9(bsioo z9OwY>)IpvaHqX)HoN8}P38naG2l)`kTiC~%Tvsy={+arh?$__f!&v=cy1P^*+8z0` zf-qR;;5njGy3DK!x}GdFFA}$cvyfZgnt_Qn!p)2;~arz;%mV+z_`V+Jmj3(^pbIdoEZ z_pKGP3DEteI`ibPn(+Xk@&QkB3|W$YZ@sv9={5WPa6s3%l`d-&7SAE2*JTJq$)?Wu ziv$XHC(Y^NX3kSyG!t9rUp~nTPe^L1?5gU+!2XzmA^MZ0D)XL6K4;*_D_(SO6MwH$ z3Ty|@=qXsEr^r?_PHYq*-;d7XUYl>h27|XNUE{FM|5p~fnc{B8zvlU>=uQz{jtj$h zQgDZa5w-i&svY**!&MMrgUNCJOT$~T+wMG$*8^I%-GfdeL&v1TF(_TXmISyIRwLAlgwGYPsf zhE$Y{cr(`rOry)P76kEHFL}A={;4X~B@da4@E(@`ipE%ekrUGoae1KlCULHa1KKst z5J4HoiGMVY)A3qy2|EtcKXBYwVi=(D&-q4nqOWyGg2x0lMGatZV+oLdgo5QO&ud;y zzm;+#40bDjerC@qZPOf@jA6ik(KV_jY~%tTlD0b~x9m~B`)q9{sZa}kKbWF$4A}Ty zwTjHS)7HdqkjY(PF8w4*(sIXz?)YJSXRooMpqIo3h`@=CwDk=Q;<~bHskK~+p9pBC^3hXv3B!H^q!IP!8J>>G*(!d^E*ilGPS+e(T=4yl~Dl9 zZSgYcr^I-j%e}@iiCnGhlqX_%;8l`w)>3NCNv84oGv)f%e;k#_dWj#kYO;_RHI$ zg)@lzZBust_M#lxbgkf*5sJx>6V-5;L8yzE%y(x#yD+A+9NIW@Mc+(jZDA92bE8En zW-^XWh=38;%m!4f>%4j2Ujrd)TVUSDdTh_>QZ>cVkj4wIt935i6U^8aSRl!p&Rn#SCK zqYx^IH;Fc9&Llfb_(Z#EuW+${~gcG9BRaU~a zoKiIO(~{skp1!P{IYrHgDlE>aV%Y#gwb`Z}%88|y)XV#b$uO0%|1Q!7eME~ViM48ggagN&wfx#CL1q*|DA{2HMU}d}1 zIiei>sTA}Ru4zSR_%hNMBwi%(_M)bMmKF({rL-ZbLL zVyug=j#t)6bjZ^z%BD%y)b5O|j>v@dX{h7VhOKE+wcs0am*-|XvuEh)Kj2`kpZRV= zz1SUxhPumU`kTKcTC|~3!Kkq$cRs3S*(SbB2g9j>kNB@|gf6DlPo4i>du~97qmQi5 zIJA#GH*dUEc*~)P4IR9bvl9gEZ;_By0Ovx09UZkb$-Rd%s}Jvx!UOb%Gll@AF07|kq+`a!a~7DQp;!0WF^UB2644fe2Lotn!v8c%sTCy)H)=;Iiw}t8xWjN{ zELCJ9j$hM31e5zSUkSteyjE|%^3cZTq^eEuP^2uKqiOdx%pKw@z5u9|zbP|fh}1B~ z?n(ys-A_D~P&_Sq$C&#!L}bgp*eB#*2p@QsFRO8gizXj7mhnnnG7V|JE9ko(cH#S? zE{>BIVRCL684_#=b0~~2YgzInw-fWSCRw1JpsNq}L~F`^=CsEL^Y7)Wb7Ho=78_PK zv!gtkxwz4E8958Qe{40i%;V8yssKcIm&=v>BR)rxeu@!_z1@GSKUO-)*imAd8|Znp zuIWLn?i;h=$CLi!J;praLgx9~bN{fyg^`)TdF9h@jDr@V9yRN}q0CXB>ovW&Y7?8; z^kF%=EX+wHFLtI8B|dG@pz!%h8hZgjFkT+~Jjw30Tpyt_fQoX7!>&m?hJXrw=b3E! z?<#Gesq9@Ak4=69&%PS+aXK%+{iZA!F#f3`vmdQScXSltd||L+~_QVJ;a z5uA>C&<_iR?VrXCzV5f|NEajHt^oP7BvRY{nEC3|`E44>xf-Ey2e(t8DH`W(^HvpD zY6Jk_U;yl!zNnXz$Nxy)3j~g%{j%Zy`!Um^g@mUd8TA38(wNDr zn<#T*Kqn;4h3NWMX18c0JtA`(^B~;o5G?F_Ax|Eo+AD1&n;Qk_ldt+# zP39v`Q$D(lsCvn(2-3@cWi-PafKg7nT7+b|>Dn@!pgmAwgkM)`V!fBp1q?%en<7lE zPOg$B8=`@+oF~;+MiU)6VhmY-HPTb@T|k@p1AA)mfXK${nfirWc^Fw7$&C$Nr@hPw z07H%lGMl@SrTjW)#jM?B-ro|p<=J%yzQ1{juU55IffDtEq`r{WGnI=LmkA%PF@|~e zd0C*O3j#8}j&|L(^{Sg$4?zv4l5$c7h23|;dWLpWsj6u+)`d+Xle6z97)K<86)RDlFl$owe6@41xu9p0^izcLC8<@T`mDrZ~$V2h$?ys`-thdc6xI#@gUpTO>n117fE&d84_IJ))A_yD~N|uxU%{Vvv(CW2F<{j1%aD z3=E;|?^T!=^R5BPmxEo94i|SU^&JxXvHRo^)=PdA{RZ`wN*L^r#*5?@{uo$RIz$D| zt$wgC+Vif3$XO6%C#d1upC`FJuE;aiQT87gV#&TQ?8G|?V!}5z6bfJV;#!4Reu{u| zZVe|9&rX#}rBlTXa|>vn@nn)@b(GSEtz~p-GHtgbZT;~~M%FzSb~?McJ?zEk|51HQ zLGlr&cN8-m`IUqfV%FHSTwRdbbug__W+@2W%uCafvO=}2m=^RoBaiRy^KxbXcf#H7 zAaWIe%(`+&FM8*@CmcJ1TV`{4qfEcNCfaIsAu0-wIAyUn-LHVlggldK*S14i5Fxve zPXe@W295%`KM)#@vzIS)w7fQ2TMNDv{%xsDX3e~hi&cjp4CQAc%j4R8`Dj3HQEJ}MPni_(1H8^EWBiYA)#>?QC? zFpJ%QZ+aR`Yc`0hCnoLw<3g*UW;UeeYmuv@T0(wqmZpa?@6JEk`VER9hvNG^EmB39 z_XZMxu0?mfCB8bVtLlG;Wp`xJk0#4Q`7*wJJ1Phw_1!SpQPX-k`R}1w!iC6+ z0Cc!E8LOHU6$Dm3OtF|1uOoY}*0rzk#&!#{){aGgyPh-`a^fBRJvBvmYZaXe46X+*kiMW^tg1-Q|=jnriV!=!zCx?$D@JkvGcH+ zB6AniP6^P3LBn zHbxc52H%c)gQ)Dr4U4nNuq&giZ=PSt7t(Akc=Ky%C*u&=ZRJ6GVctttUy(z^@qC3W z(b9A!fWGd|po>V&|z|$@m_ExHMp!4n#Qe>uz8J1SG=e4SRj! z`3uvT+Fj=x*3GkXnnA_T$Wp(KuEoTz3G}R7ZbI$Md?_w$P6dYt7J$@Vn-# zgh)JaQ~_jk%ko;U9M&{xB7_->T0ZUhz|WNa7wOSnC63+sv6};C-Fp zyndvUMWL2imbu|~j4lAsm7gv=@YRQ(p*ic{p~8*N`UvHC^0oll)FZ!=<|L8_D8_i0 z3i$#MWxk(<#Dku53GFcI7!PN}`j60|KmLYRKDZLZigM2Q)ldt5aJ0v|LmEd$N8kGNk6L&PW2Bpvf0NTM^`TOg_5~Uq#W_r zU2^G8yT1%&PvM`p=m>|dIGQQwU4IV()hY_4Nqm{f$961YgP&29J(+UB)N=HFcgB5` z=O#hA;X7`N4#%ZXSW*|dF*WBDMYld^YgJle%yOS<_QPQd6$QtJP}qSI&k&^i&QU0L zDyeQ5)|FC+7EJBS5n~$CG4O*+GyE=}n3s$le*6}o>IHKS=kJIqYUmQ%+`Z|vQXOJ* z&84qwCv+(CXI`6zp}e+P_guy_h@`)bBHC;;8;o#b(NZTT&iq~jrO~jYq5l;98tou; z*+nEgdD5nqr!o=8^j`tX`Aj%%2v^iLFxv0jbKkB%Fem6HyPaHw12i%tvn18x4|e~p zjcACn&6s_rDh?HH*Kh9`(x-NE#Xo%)`E(D7LII` z9`${)`WuAuY9=S?m2#Km6F12kK{z9BG#m?cfp{A4hv@eH445CMY19j7;dS`m(N=yDaNm{kpaBFj;WYO8dz3j@kFA?-gkCGTf-e0xh3>*`Kw3*!&Yj~fTHh-!~GhB-L=FBVy z`?3HIwt&U$(8i+38$MEB$I~o6?!UQ9|>iEOjuPEPrdY|ALlnMjvS_7 zrD^d4L(NDu5y_Rm#3bV-Ip>LP(^B`eD?lL=`M>W)G33>KN0q^AQmDjI*r?RZ^qR&r z8)MP9@8#t)LgrB2B|h=TBmh4^z`qfQ2Yr2=62`zif2s}x)pgX9c${dkYfUXAq%q0U zCa(tV`2L(a^;3TWe{&?U$U^tXw-+9Z*|;u}K77rF#0Q|#NdOu4=)hT6vomgy2DR;c z6%X=|Ve6dVM4TWs88`7b@0u72#B2f5*4s52MyB5ej=@x^5L0=z zkN}El3%ku0`#H{z%L7e`uh|mq}^5+R{uIX`!-J?^<%aKIAq%e5(4_;9TwN^_81rBu=JpTtV;0;0^=*ZnbK>aASMgMdjf@(zNCXnS*Sik9_`Usbq z3zPVM7yACb;fNU-aNHAU{oYFyzbKJ5s3d>8XXnSpLXvmalU9aLqishvMbX%VYn{2; z&)G_ByjfHSd-FQXec4uhb#HrR8+S`J`r}&0I`T&zA)h;@Mc4;8gWC8JZWShrA%5e| z@He=+x`Tna6?M$48#|hrnUoyIc+)PjWEr4N%17UHaw=U*r_g}lWklz`P!8;Vkj(K_ zOjg6AEYCz4g&gOb2F?l~KZJyrVZ0gC9qPCXCXCN>AI&qL551G#^Gsn1{(#h=&x&>? zSU%ngPD#ucROoV9j3~hV&LZ>1`aTVfj#3F}G#m*S+EnoS)7d0~&@b|{(?%ZK%baDw zujFbs--1fv;L~YyO;o4}`qD*>=m=6>mH!qem1bNc$`Ri8^IIu9GSE4k{+N0e9N_XD z4eD1&wKbB{dhbO@YgY(UnOtxvU08zlN@x>pSq93jblQ%JJ+^`QY%30#S~vH+ZYSyW zleM_3u_45IT{ck<2s!)%>XEq{IgNV=)D+l0-77JdJ$B=MMhS=O(g57>L8(;GyjW?)iT93@rLL3!!Nt zd->JYG!fIaZxpsTMc5X#H}#$u1)QPxnmiXrS&^%W@3TX(Mya``su>f9CPShzB~Zvc z+IlW4tGK7PNI{A%8+k!KfMLK-6zXidnk8v=b7G9;^Urbchiao>UOU zGCaik^h+_?-C$Rv9PZe9ec+1VTPKvdRR+jcR!a2+wXnr6985}`#-9e^_1iGmkae<3 z>LB>i$fmtQ^a>=>HP)lGU_u{FeZU z6UAo}A8Na~ij-1z8Ey6NUY+w68DR;33@Memt{tLja_6+oJcfE?G{cg%oX#%Rg|qlM z{agv3z&TtE&4{rx&%RS(^qtVu`I2|5DE*SZ%A16`_)WyXPlgTU{?tlKL{Ey64}Pd{ zP3Ze6t|q@!w=K)$;HL*mC4Bylo7j;=|4^JZ$|~}JxszH_10Y=G!&dcp+emYivOA~} zJ8?%eezjQWWNGV=uf$jTLIL;GLRgnaha&Us#dqSO3?k;KdKY?j$Na!}Yok{pGt1a8 zt}iJr+E>O?@N>U@L*LNcVo~U1$~z&@L;0GJmA6cGnSv@*QxAb#rd7v@@{nc%k7tXVS1E+nS=s3lX<9O z)F=SCM-DS9J8RmlNZPAEnydv}o4ggFfIbTv^G>)dD;r7CIIsLi>eLsTDs(8_Y~pl} zf}9XZS&OT1+DT`?{G#`WZYa|(wZ`7wG9lsd-}1k&h}TQ(-l)-(RP0&WB7%kV$Z|Ld zwyVJ+MH@=H!={(=N(JOFhUPy2zJ^%Lf0#;?ymDjB0lMhx*DT)000uFt!(;~aeOEHa zz`hLMR_dQGOqmS*L&<}9;QOI0v>+m)2ALHIp^n2MW^jwG+6*y>4S0Mnv|j_{=M-LbWiB#K2|y&RQ@@-{m>C zeAlo_#DZv;tor|PjoQ1>TK&ogC84mLrJFIEV2vc7byT)b;EZpVSxRpNdU* zde1tVk7E2RB2|$7S%T63M4A}tEH%Wf9&Wc%aydoe%L=q6x#hW2og+XLT0&hr5WCmb zWOX=ZfumWdmZhVSfA?{0M@S3QS-+t_`bAcNB((7+6Z5{Lz`-Bb zwYzvUnF9tU=PD#&_(Y}3KRH)LEUvkDs|41Sn}WErhJNr1m-Mh2J?ncDZc$*>kooI? zSZ%rEL25d8J8Usb?n-~Hf*>Smmx`a($u>mCRfV6NnC#B${vJ zbsF(KGMU5cyK9@_ka0$R@BY^M>(7=h=J_JW0kzCKV%-gyWzjR!wII(bkDQ+-lxU(r zm`Lu|sl%tBX~28nX~?X8jwY~&LIB~ciQ%G0IWm>HgrVz!#b>Th($oJWzKr&Vv`jp= zje0mPGER0{{?2WBv7Q0U6AbM8BS6>OKtoQy6txLu4OuMDa63A)^Hk5#EVP#~o#Y|h z26EXbS`dz;-X<~l-Z6JOuhEpzuCKByhOzR|IAQ@@UP$7}&VkUEqghAh>Ao?3jQ3dN zV{=6uf7UcwEdL2e3~}!>7eMomn~YRU%&jQJ%Mf^{HjoPeRH;`6-yZgc^hcS80|H@S z?gX93VW!ku2Dx8Ql71hi(Y;GS@0(Yf<*Kb5dsMB0c=YT{9uFdQ_ub>$FtJMvTUO3| zIPW%x2|MiXH*&LM;3)`)WkcTf4G&SNI`S<&m>J6BMr5|utl@K267}A~9y&<$qJ{3` zfgD}-1*D=uixJ9$-Ibim70?%K1zI*-;i-Q5QN^86{9erVw$QkaDB_sPT{GCL*0$e8 zo1-na5NZN~lYYN!SyzBF^(W%qm?GzJ{-=RH1_6OXkE(1Z{T>o=(BUsK*J(xCX7cH7 zar)Ve^YzdO>XuMff2$ep#|ZymYWCC2)r^Dc&#F9Raw2TA%LeTqT$ihKF9kA%X zF}(V$BVr!D^ZZ$tDMUq>-=$!lSkb0IJzD@*D}rFC7MtoDjJo|dj`u_0%)X<9rEh)l z#fs8c;Tyf57Q31hH`Ui68`^(Hl(zz^+sw?TQyoQ6vDpMAoU(>(Ekst8mxofyX6CR+ zrkTcUmOi-74Q{z!`Ai}ZDbk4_*bR3kGG2gSw#AXR8SaysLEeBx9^$&cO&N<&wy@RE zprtVm6N9u6-8gy~%c-I$Ch&&H@X&WyxrM_VVHB%SGUNbjWf-5b3}ko3&mN7 z5kA4cQKQTjCaRrraJ;c-QPeRaWQ9K#$vbzH_cljQ+TJeYca!{1uwlGtNZtUFRkk`3WA3F8;IWyeHtbQz;zg0|)kry)}8j@5`l`?uyW)S)#^a zP_PsMM)QR3;kK3IClaLKC0*oFYP0?t&oYZw)C%0T>hw>}-PC>k1-d0!_uJvcHYE`v z!bT%dJ4W4blMHvFr-7-5QSDH$v&{(-&TL-^vN*Qx+64V`okN*zL~jB(lam^|Ef+yM z?;;Q@_c)SXvus{wEfUq~;T%*(nqSJQCM1&W6htX}Rvv6Vk0fv8SQ-6!JUSXf3HE7N z6=IHmK#;0FXBi)-liw0aoXYNz@eIF548%i>-@G*Cyzvw}O(V5bl0nLTD*YGUM|GjR zF+7LNJQ~ZfveY$cu`!01%J1~3O$XNH)E~tCK8TW83mf)PE@i(2q+S9g|FLfIJs-E{ zL4Q4ZY4o9sjVf}vmxY%`QXBFZVInku?xyHVHsO#|=V%fSaXYw7CQtEs*->jR2gy3z zePox-{Y(z0hUr$+<&(<0#m6G@ESpIg(2MYr^pWExye+HGhq8~p^7W=*-XZCy3};+j z#P~>K=dr@(&M0Pb56-HZm^4t-AFE>%vVX$rN(je#_W}~#ay#|?igs+wFB=R>P%9B{ z^4CO7lh+;e)4edBdY6)L)DO`=OX%%{I3vTjI(nqC{z%dCbU)ij02Y>tc#Ny~0m{lw z-F&F@q{`))q01-z_FZNlcr5DRVfjcmZi@d-xchXrRg1be|E$yL&;q~F6ZT0g86V!? zPiUbKoD7}j$@1!;$aPy8j{dY{Ba^|i?#HVd z15`(a)8Efw5DOFflPZii(Zh4AC8x5Yo>(w7mSBWuRrVp1^eOlYMRk~U1Ni+F$JY!^ z=FaNwd83h4*I}BIr;7h21|WMyJ6a`Z0)vUk_plb1NA()jceWa_kER6$g&xYg+Ou)d zyClohGQJ@JDcFd#aPxE*{qaWomjLr2BSYu(2~9(o-d_-li|dt|Vz@5B&VPOH8qY?x z?s(io5hGoyQeU3-R&$gG$)-A)JEGmM5s@F@hzB{b8`N|5$|4L90O2}O!Au@(I=kh! zg%T&_F`!7}T|fB)^|cL0X6+3QUnyIQSN*BroQ+gLGb%XwLRhi$%&t@ff(iWIgEwdl zdIJxk=GH2$`zXfgy-0Gv>8a4QG41Rmyl;ljH#~+j!ZEzNILdmbhlf(kJJlA_E6^6L z1H*|&XP=r#A~y%Tn*40RYFU10Uw=Z3x@<}jPdAzOX;pDZboN0*^TI;?Z?<*cY#*iTAozt~G%0a>81Nj|c)A`Sv?*5ONZ{t4SV9ernLx|j_+n+YtH z7W}HaMsN5Kr{?LV@k4!^U3)>btNiR7{~bE=I9}4tcmK$<@?OpidK`u+I;V3^PKSv! zl<+*`u&6M@;Uu8?A?wTRF;NtJCj_O(HEFFCqc>+2j-_v{d){5#5PV7{rBmI$qm}sT za27mF4<-Gs9*qWD)nBl%xM5*SzNvuV^aN_WRW6ULIw$qjM`tbuT9AY(E~e2&t#?N~ z-_^;m*!cJHyU5&`an}X>6W9lEqqBj(TRxpc)~8%A5B*MVs-=5fr}ffKa`U6AUf?Y8 z31HJxft8F!9Nb&jDkq!Y^74sBH>QnYvNz%Ckvy##4k)J2>jC?mm)DNP2$KK<>>sgJUgPe8b*P(8a?NKJaK>I*3Q4$WwKv;ppEa|V^n)L-G)r_ftFi+$ z+2BKzX@H#M5wEqEpiD3TxsS-PWe4%y1HN|-BR7=5Ek-q+-yb=o zL8gRI}!WMEZdR6XAt@?O$kF>sM9Ln`g;2?2tRD4$@QX=5fmZA=ua)&jKRl3Pe!{JennH5d~)KjzshRar$z z9sR5mJ_wyz{Q0)j#u{==uH)F?LZPM^Ci*V+{sDg3LCM@3lY3K5QohfLCW=|9j~NK$)#VyWiUjy7USMs~8|JAVb$GVf92 zkAZ92&9hKEcFK`6^0ErjNt;D`mw#A|3%T~&9HjDnRZ$5hKu=k}@RakwgZ&c1li2>s zMGPY_FV*o|?qj)jdto!2y6;+%f>1P^pOnauPRn_-_)=qYe~FU3GJL?~AH5r=ca&X}4<_>uf|$s28RE~lV@u9TUY zz-|FXjt>!=i*`U$;dC0fT;I~MYaOx$-T4-tyK}LM?=-UpUpIoMsp3(~EZEV0gA8>% zW_!pd(g+}a(07!3qwgQfre8JsB;@TBk^QYp7@8L5bKClNW474K*pY_W~08`H$b6-*6U)lWogPZM;~n3IRv&)IEpoLgINnGLTQf$Lw(2AsWq zplCsV+RKXhagXO3vtyq8YTqhKmK1e&_T#tGgu$+;HN7-OrT8wP{(IM2)EN7O3|~*K z5hZM|IxA^gyDQd9{8!diDld_pEB8nR8~{i-NRD+mNL@F7_5@sHgPokC$8j3L?=6zR z@~{kKWHbi==_QIB#xuV58I)k;0FGW`^^k2IE5U5)Z^?{^9r6EE0 z&&&6%AR-l3O<=7}G>wSco!$?jzBSkl+5ZWXVJEgAONPHS!&9#6f%D zf1vZl6uz(ZaC#$53e)TLB(@NgoH6;_`5mAcR6R&Rr@Bj$~)4GtPZ^|P0*G*eae-ij| zBC4;|g#3SHlG^^rO|VyMayDc0DW7d+s*!Q1j%huY#hk(%EPD#RJ>37<`}JWfUCCna?3FMe69F?q-L)W|%r5fc!nIoyOoi`aoFxXhD-zh0?1m3F`?WlG$=^jEEfaqgdx+nVQQ@lweBHR(}_Hd6fvSU&7+f=m*wq z=g`a^U}um{V`(n$tlmmtz5Y%7e)$=t0{x!YIE9OEfAXsG%W>Otws7LpIWle@76&M6 zQBX7JrOi1N9koYD@jd^Lgs{sWpWM~=we3aupA*?#MZ|<|r|?Zdn_zw8f1_A~nB(nzY|t&!0P;UO>TbcaF9_PIbyG8D_>|m#~~E zhRk|?9i;xOLVV6@t=$%BMm^o@%OdzW%G=dvAYS+Yw#X0{H!+D5zw>UQwe6P@nJv_dz`#PeT(-1FB(6&zs=7b?1a4!u*Ag3v%WaZ3VB%IhB2o4% z{-t`kFUR=It$A{g{B4LG3LmvY`ot1z&cw1e;WWk<)IQHlQ#{iz&sz0LAV#e&?U(qe zf_KDYq&W1lU^7Px&KA>3CxUY_x%ybhAJv^rWxkGivv5L&_1s;LfT0e6j#o%#p-K$% zX6t$vk9KOiq&$Qe>b960Vo*KO1e)bf$29z#HYnZsx0fH9&|8QH8L=v+PyjDKVKi`9 z5i7as(HmpL4;!8CtKyaS#vTzhaR-_EJH0}ZorLnvtE8ie&89X(z6??4#|$&xt1fxU zyx5%}91(&Hp&fVzjI$YXzC(rtdy7kYG)>t>Ph55Z{)Y%TQY}*>w_v31ts2{2^W=pQ zSF5UI*a4L@C6Gb{N~7KJXce;ms3v2&?LX3=w~F4GOHjzWeH*JG$U$6#!tJm|gux@h zpDOo<@?7xATtU%mEcAK^7TuY*#Vp94y5=IT+AFUUfpT3s)0Zrd;5E>PYA~sj`lCUR z4C#N0EAH_XGYnj;w@bFMN{mnx_4B`261P;ZHMm)&F+AwEK>fo4XcE_qG_&XEi0S zHj;ISHy_N7m#K}(@1`kIjut`dgP57?DBvN!25e1~<`6HuDn&Z9p?62ih^>}!!xrf>O$wmmzE;;0%g{xY95Y#gwP>+p ztUa5Zb3x}!ts!bzae$3KkqZpP{J}}n7RCA1hIpZ$?cxgkB+f*5RM_G^C$woATyz*; zCNAEARaA4SLb0Ex5I6~nh~$sM2sn?tc400gOn*c`RoCu98^05)pK>Rfc)?GiddJv% z=qQuZ%D-LbXYbG>rfcL1SrXR)iE|)8bFrx#1`lZZZ)EnYV(q#|8EBNYBNG3j z{@K(k6C=DUp*=nOHv{|H8=q+dazr_L+LTrZ{_q8@4ggwEhNJxrt#Dd+rR1CV1ko%P zG!VJ#De|k94Xti1jl#d2JW{gBJ&Qkdk6gybpSJ53IS|FA6P*(BUr?cq)22Yt`%$Pa zovhFA0(*or#I-WsZjUFtip|O_B(fOlata(RgiB(Y;o%D9U9v*IF1+krf|olOH(Y0G z)O^Dwo)JS_aS16e@pwS3PaFwXI(*!odR1bfhy@cmnA4sG_hdHEaTdG{ zlDJsOr=2(cRqgHqOaJpNZ|d0N(=}wIE?(AKsZLEnDoO}NY$gF{thKBMQP_qY9{uWP zt!d%m;pc0KSDDY255|eX5tn&EFd{|(|Jr2iL4JihkF?3fsp4jbO!!P#j+kufL;_kR zAuB%ML~V=2l@6HVG$LswW3Arnj#9Gus3^9@g=6Pb?(L78Z5g8tCcS2Ar&zzZ6Fk8o z2_8oty+ox&{Y+bJ&_-qae}}U%BivTRZDySsUls;Z{45UJZC&j2J_3hOsBL2O%35H) z_2P(Xsex`$sjCAgVwf{fwtK_;b8VsJgnCQp<9_4O0Vk#}jN1`s{^_s(rTdk=RJK=}tOXKxQ%bdbi7CD)?Xkb+`GQssUjdrAr0 zl+TkM6m4G79t1CZ<%FXsz)r+jmx@$_ae}!%*mhBPY(Ly4G}-C2N888!QTFyQcSX)x zl^-?*Vht#rGNONn5hm9InIhbw7`Uj^g-*ZCCJz>0+q~2m-g{PBG$~m@8g!%E zaBr30vW55GJ?sID7E6K;+H~`*L@Wn88oMKlN}f$IM%3LoWB`D=t!BH^|k|tu38jofIZYY z_}M<#q0_B_XmM8+g0K~ipX!SE2;rkRh-k)k5WSvcz~y5si_`4uJ6XuchX$2!HPcNeg4HT`{0&GEnv~8^t|URI zke-jnK@{}Q3m-7N$HY1eZwOd)f5|JCympvddAWy*3DHch9>|3Qqv=kO-dd|TB2&wc zQ{`D-TINKB(fxKIDBr*Lxdms&+s+(KuGYn5`C{P5YqIY#Wq2?OO&~z@R5~h2ifAkU zC24gbh-9t3GyGWxNa88%b7T4LIXv@d%sxlDjTj$V8aYX+I><^Dzg#_Ux8G+n0~fSD z^9fVL25}x+ae`QfLP(0*=9CXMsGQ&|Sh zHZ2Ye+3m%&Wv`Z>m=&U~5*hb!d~B2%!$bflI39IUT}+y$|Fb+kR|XnOp7eFYY0f&3 zt1_(>74!PB&8AZqmV~KgAZ^;ayj*awX?xyT*wqyF8TC#HGHe~F8kiCIMC+BS0Piaa z#mXgKPt@2PyzI{#uj6STv%{_TDV6HD8B*t4hcO5w_`fxcoC(@Tu}M~^xK!7ti2%+s zzka6*0+zPFijRfphNCQBcQClPo+4*`f5&5bVBo01dEyFt>jtK_MQ+jBvXHqR!h>>! zTAxVm$o8qxfk=FNs6&$g53s!CDTA#Tw!)s3YmX7AxU*^8f=Rzz;td7vKnujnuN?RM zt#hRz<+ijbfvr>3-LlEGW0o>@hyF=>p*UJH4LR%vhA}nZTH-Y9`@O%s&!b;1Ha+&| zm&kVGXNQ?ivrx^po1T!97n%utnxE-M&7Jq!KH^Uq7f=Ib7p0_RbVld^lB;bd2D!&$;$|f#yP=wp| z3D1chR-zhPf_-L*h&3tXRZuZSHmc-)>2bBu&0+jBrML1oq^H3JcTrRCaN*jFpTzj; zbSTP|mqyz)$O@WZfw1yg4h%`+q0iR3u0Lum+)DV0g4%bb)xt?N89;;xgXhAYNR2?? zaZIt}Di@jiTGy()zB1h(SJjb1o(OfDl{Y!7vB`$@s5$@D&%sym+S8ZrTe5<)+oBuc zwGlO{#^SaO)W|AAv1%84 ziu_@A#FU#|DZNL~Y*p)g0*1kW6hF=EP~~b5u#-y}t`GTifUBd7PPr^q-g%41%k{O5 z^yi(e&|A5=qLNmDm+qO@U!0q+ho%;J+ySlA135wf>kW=F?_Q76oxbO;R)Vm$2zV%ZO%-x?mrcU|V)^ww z!+)g8*=$OYYq5!6GIRd^v3nKbcnIsy8jvlCr#GbGXzJpafloO#88lnkDoh@4%&~8F zWt(c;aMoHL>;Z{*b|QXxK<;y20}b)s6y1QDs*&45NptIRp-(Wt4qs{Ti@e97n}4tmja1Guycq8O^`@W8S9iB!eo|1r@@+gnYy196hBPvQaUYj@pR8S!)VLm*-H@1!j&e| zuajJRHdEio+wh`U=bp30oP&OQZM2$|zI49cvIM9)BJrRE&!NH%c5_; zoXrLtY#f%$h!GvjX7cR+Xhg>#ZxBSmnCuiFxN<7{X z)Yyj}L;Zbf=#vXdGvs|{m8^6lOuW4<){fdLftH6@LwGFWS8j`9EDx+Kw0N@6I7~X? zz%5Fs8|Y@Xz0DG8lurL}ki=BpdIbaSk*=|b3SdZDzJHE9Z|l~$3|^JfdN>jZ2`k*K z0kt3}GV5uV?x??BQ&#|r=lgQZFA78#`FgS9ai6H5lDn4kjtiA)wYbrS*%f(3Z`H!bOd4Z&bfhX!3HZLCc%n&jjCzIsRPFx~lS_Sx2)$Q;6Ut?n z8ieSx98Gji6svT<^+z8h*9{M{_!?u^}rtd6- zN`ckN%)jCgc~$`D2?QORq$M7`&-Fj&S7M{E%@bFlrtw;U)CG2NDbPvFy|b}U8!fl6 z6Q2-JNn|v6^X6B%CC0hkm2!ldS#_oS37zE_eC=0*F6;IEpC^W?$soo59@d|3YxJny zblUyqavC|0f09^MDwscDN(bj@;sNWPLU^j~@Hw~E#7tuqGj|y#P-aGlAAexXG%4&6 zxH-wxYmQ`q-SDpYf37x1GTyk%SZu)^2vFGfS(}xC$Kfn8_`b_eizXD<4{BawQ*ASX zJ9b!K_7qlAeXU}v)1qLqBPFgx4DZqxRr<6;H+~lmV7l@`|J{zsW3?EjlrhzP2P(}l z>k@8D8+(@t>D7WyEH~Y1M@dUw#E@k{Dx#S539>M!OL^--s7?%WykQDvAb0M_eNl%f zK7?V96$cR-^?4NVDG9L0HUYQ`U+P=N2MKptZH{TXa3SZCj>= z9S}B$j*_b(wdG$Tr$B46HXbDEQcb4%dPBrA_`42{#w5&RZ$Kc|Vg1lL$g}0g_8|U8 zeOM$Fmu^WuL3K(WBcpE7I@1;F6)horgaQmhcoi}p_^m-nQ|!2t*JJp7sxUW2To6|C{VgqPOYQ%LjbaPFlHiKnSR zSqv272>hp$Cp^eU{??n7aE3sks1+OP7`iUVQbgWiO zfem>Y+Ly_TCCF^j&lsR zJH3pG+YC3%$VbZ#ri19j3j!Rqdm%D91gtIT-Vufp~F*fqe zFf10lFDrcMQx&3ieA&`N{BPz*pJr9=EDfWtNSnXS@KAY%F-9^#@}0OMM?&O-aK2H^R=c`K{jl-H z;#%08DPjy3M6Je0bA2YV&xeNx!3)Y72}@<|a2sYHo_2u*{@2!AQ+MFpy6%s>koe^x zNstpa8?@}iM}<~MAEO9B-FqR7Sw}IyO%-oOI#4W#|-GLuf% zVLo5B-g3C5;A~i{+GV1?_n3g71sb~=$8f}B;LEQT>}Gge-$*LMTlA_#{$YcW$XClD zdnEpl-poO!E0p^wj*K*xaDNIHVGjX`kqdf@x^ucv>$1ja*-+ZxRkR#jgXQ|D`=bbl z@>aMN>vkfrRlU=t#E~L=c9)MBA3-l7cfT!G@LmsFeE-F(NoE!0xMT5pz)_xOj%loYB5X?XlwJsqkyRzZj6wV` zp&iDrZ+w!f8E>fJfw^>Y@GCsdR21R$jm|IWe}UY~QruOFy4Y@=6XLebHP=5@s7Tre zImf}Ik0=SspkKh4JT2cJDB1dI1QpN~_wfj8DOiz54Z6}0t=)+M6*7hRX}iUu0&bF?auD)?KJ8_sl){Ul$kD=n zw2e0(>!rX2)&pqYK7XX4jYY+70~G5z*MGTwdDV64&Dp2rfsL<_|0HDtLFw?Ixy2GWrZ2de8$Z zt23rSUEPQpFNNzxQtBb7JFNtgiU5ie(@I@@J;VDo}-$=6!^7{<9iCTY{(epM1}1G(|Ra zw23y$X)_vlzXrQCS)$qGsDy_(u0p<$Ls37J>6wO!Y(cYsviLZ%1Y^>k3k^_cBI?%|1IDM!DuO4Poqark$f= zt~GdaG)BL3*h$A60r$&-z3Uq~z8L-+Al@vrjSos7Luz?0nGpK9#GkodblYa zEc*ut<^ud7<3o#C;`1T)bjil$_n{c6#G_k@bBOEc4N6+VR3K}EWnN{wlO{t5?otiF3?fWTdo5e|AJ``jsZVM*S0`>RJFGr|s7=;7QDzB!6EPu;OteTe^ zZp(I-z89sg=XyO_15SbK@g>&KctYA+Dtz+kofd^cu+c*+nV(dCL+>hj$L~Y3Axx=^ zcl~{dt@3So_FBvgBQ*%QNR629HcK)juVt&a%GO{RSYn|>h#rfcfhhf-lIo`OVz{hK zDgF5}q*6boCsVwcvl4ieLuV~Rc%&UCQ8mV^aS-i_O6H1?^>%z5eGX!alUv*cXxm1L zH%})>(4q1ng7o^G6i$Y`I+7u&PrZcMv6@uPy4tk6(VwYTfCpbICUy2b5(<|T$|%p= zp7#SuOfVDEj3oX)pN>Cq&6|MgUFh?u`(_P~^?EQ3I~FZL6rU|^L7RPuPa9?>J2%m? zGS(Vo@`&#iXH&edIYB{8kL@$96P5^>D5!~P^_rew%J)qFWe_X@2ii%?o-kmiqYEiz zHgjlf=A-f*)(zB*y6#znHhMCKA4}I=Z~5swTxD2KQq$dR#!`V%x)6O}Wh&{uvhi@V z`Hd9ZRwvw62E)Q@mDds2f%>I-;g|sP5e*3molAE=!*BYJqSfhfnG{Yp!3EGFW=ELa z2ItHH!c%1-3IcMaD@goXYZD7umB{r(W}I|9B)|zo|JlAq?50n1&@f2nW8;z9QTS`4 z&^CS*X$+bQx@M;xgI;{5btQP_A%Bz2LkJgZd0K|35tI5Ec@4Pnm%l-vt}^JqN(?YF zeH2xXU?;{w5MAp0B1 zKQ>mSoHZsbap2hZ-xH}}gW^d-@r&VN&4P=UXhp3TUW3Iyz(}^LJXd1OwXZ<&6>7ZT zd|9wfvjVF-uQ+<;jb|(1a~5`7`PwqbpXa02{mtDXatr__Rh1+*L>kAiGle{3+4mPJ z4;Hub3e+^({1E@SDWv;`nre>=X=gjruCf3kBuxc5-wa6c*aH8m}ioX<<`vZr(zHhz)EUBk0|8cLnJ$ zLM^B>1^BbU+}A3h+1ka#qA6-kV`6g}NiPrcT+Do~u8eEv$d`Pj>QtszFA19#+|J zJ;|I|)=A5=xDd9kLKz#aD66(3giQHEABCx@)Uva;bFTX$?KsIWf!q^)(oZI$-j5_B zV8^qXIoNAiOdS7iWE4{Z*>3`d z2)1%)$^FW!;KL+MjeAy=t-JLiKRCc0mG%Dq@C|WD^jHM{^^kcz!E|@a7xg*!!4p?2 zJR(H9O_mF>qUIu3V@5qjrXZE7%m63L2pdBl*^+?LD*c!*lrJ}d;Cd6%72#s#e+)c& zV%i^F3zvI)3mt$Rb)>zD#a0oH)(E07l+L)cZTsh{CRsXf`k8duUxQF>VZh~WVdoM) zgH@1&7+E`2{V%(J!qD3q4TcC+cF8+mrD(Bcc~c0?znT9`+(k%NTJO41#K=2ylSC!d ze+qBa4Avob=a@8!%MWZOQY9R%Y=C99jXaY0Au2ZzL3PA%&|jKdd(>eE7Fl2y?9T0P z(n%obL(`xqJ?_4&)!m4H@kxBttylH-Yd^+6!D}BRIu}POG>N=_rIb%U?0khi67L%h z?`e4;c1;rdTpv&6UG5_szA#+fpCJH-0Ai4 z8gR>$U^=IxEA_5&eHQUI>!z75N-&9!|d* z+s+Tb6)yJZuaq)LS*U%+WXC_&`;o3(b?f_jJYJh}u)cT1bC-vF{={_Lvnv8W2zPcmt_6=duy21RaczbeT8;Tg+iXs!hCaou zdCIwCnE85Cn?H@Ks+~3KR>0DBo#wV;WpxH@Von#t$G_)TE{P%s*4N4yJKfTGG zWKDNyqY_Y*o5KNE7jvC5u)>;yP4^(g8_tK58DO(CG!wai66Kq zUnUYo4lDiLQp{=oFY<2f&fzMCT;oQ41Z8A-KXoeqx!#{-$0^dmuhlg2QOfLE>qB~> z?ufP!%gxby4a{=4??Fo?4{jVQBBy>r575gkj*wT}8X~h2W{e?^>m4_EtxVAJO%HZ% zj%8Ay5A-ORNU)EQV>2_6^pP3jGJP3f$?P!_E$qkf4(@<7gtGcJg@sr*w z_)Y^WmeLx>>=0bR5F!bpKX#paT_wxTcboOfMao+~iZmGvrfUN=kWFQjTBn53`%0k& zKf~z7(P)evAi3%~L(%7twVGL_h3G$XejE6l%%Y98Ui7m@0V`(nbhI{pQRz*&OCSP} zDJ>nei9f^fFbM_%A2l>P91~mk$eYeW{$l49P%~E88fIryOt2hP8I@xh%BbL1Og)*Z z6&`-_P+z8!V$tR{#u-mIDiPBpi?XOZqU6tlbCi)9PkQyrnXEO zI=U~UEx+qL&K;cTeRVPTk&W5J-45pz273pihn1OB_armolO_8#?8_-q9>p=7>4VP5 zEI5A!8^BB#^-rvAaV;}+dm^3E9b?F32*kvGMk40>I7Ab9?d8Dr5I*DUpN$DOw-h#` zY^V`+Wx-GJG&a|akQMgEVdd7%_2=n=x+OK*-d@k5hq5fx#TQVWR zE!gO6@^lKee5LIW^ZVKX;j+PF7R^b|mp7lk@rp)TmM=vGMx8a4M+9>U)fsUeT{>o6 z$vJ5){+Ub`!ddrmz*TJ4?1R@PmHC2vp`1Pi3$QG*RI)dk*{2V^E zP3WBl7D__SOQ5oM(1HPBLoZUrdJiipN{;;oxJr<#|Cdfx!18oKNeV=NF8KUX&whzz zCzD*Sr14~0o>_k#CZ2ybxzYUc~99zKt8yhUizq8r!J9 z5fZ)$5#Xqk6p~@$T)4rHz~ce<^T29YBnX}|XluLn;LaXFhV0es& zFhD<+VM8*^bU>Wj+qB6$+_7P%a{Ic@!R>TPeS>dOSl-6uO93c7*TVZA^7f-N*Dg;B zNp4%l31x+F0#(R$$wD60psY<}HO2!r@&;ujv5+(tCQlb1nrZ8bX?>H<4sEA>dZut? zH27?|ewrcufmdH45b{t%8zFd^gCyb@H_twPFD8_ql^}oV@{v7#fN9*ayBh8b8`x?h2i!#;=S-fR zW7^vI)vBNpj{4&9^^pL9a~SvhM73SIlWzmrRF!Hd)-0nPVW>Z2Y>dFHzo#5e`}R9w z`u_Y}A$%m~odTHVoH2nMpBRTH!E}RuVD22Ty$& zyQ16XWTB=#rX4a&h8NBYO<_C zoqk3Ethi@JBR%MHsP8D7H&QkRDRAL)PgE_d^}zbdR%;UN%sDW;*BF}Nl^MVlf-l7$iJyLG#I;r4n1kasgYUcL4P1;4uiqnxb)tpa!={jtsLS%ERJA7SZvWqN8PiY(P1f8l)?L0zpuO^)?3s=mf(o)lUdwlcpPE;kU zF$~6oLDw#;C(9JeMiXv#MhZJ*$Ct$E00<7#tka_hpn;>$4*iJLxX%U!9YsCtX~}po z>HXMQ;i%KuE#PVXGu;T_@6s~7BRGCb26VfU1fqo$0&e_aNOqe)XE{mj7}pm0zr{t7 zLK2nvl$OYxO0esr{#%yS;NQ(=stp3B`#tbSCHr<816G;`L7tG+6v#8%(3CcA!nt1y zpT3lp$aJo{)^HlXVg}&k$(6&xR)0WJe+`ii(+rTv_K@m$AFOZ_a4xrqj(Uz{E z^#&Ec!2vgww?A9KR;E)Y+GEu$qq_YpgZ)g+ySC?OH0QA6>_e}oC>@Bumq7DG`*J#o zSkbzXtHv)E5>NbmU-lrN2$&$Lb;+uhx%+LfDF5r^&=ps{jXz*lls0)43?>r~eBj&g zEWqj^c+!{oh5#0MKSkR1sGvDLTh3chLxBI0W%&1JLCxX#83nRdeSDo2$c+vi7T`){ zsZtSip3wIzDQRw7Z?A&e6MMYoqPY;7q^dV2SIrQM7aZg-+85JF>&`sKG( z@{Z%Hk_79T*&;&D;CAPNY@GjY8&yHea8eSSlB6amG!+faWx@DK2^Xl1wTKDaJ*WP(Pa1CJtMM^#cUHX3ca%->O z`TJ5_RfU+IaQ!5Umk!MBAN9n;#S?(w{RX`y0UQT3q!o;yV-!SBpDi2DE?qy}X>>p5 z3Wiv#1^kCwdT!2lc86lUWx<6=R$=6Ai&s7_>FZ7wrVzZ^(&#;xX4+_D6iud$hrAEK zl1>+SjD%e#YM+U!YnAeF#F_#mZ?eyoDh4a1vK~pa!rgMxs^K9T5`6vC3gc6~kdUgm zPB7LpdY5`#MNJ!=GGLbMl(h;k|tYz=G-G2UhBSmBsAl?nUe?Kcn3C-7Ilbu5MXP##EF6s%)7u zDW~$zya`mN;E#vP_Aj|KHaIkeBlBcX7COI_wcT;z9Sug5y&_PGcHrvm^5)iqSL{^P z6b*A4{oJ+7DPx35eKu_xH-r5XmY~>5T=+@Zy5|>m-Lj@SGEr)i*41(&k2uj$HhzT= zzr_wKtTd+aCX{ZzBod=e&kSempTPtle{5~%uMltW2ZIHV9#5nY22M=><6L~h%30PI z$CNkBoJ%1Xb&S$@+}6xtRD{TOjdNOp4j{T~UH~Jf&%mRlTTH;U!{27xBK&mZMb6e< z+Cjhc*XciQ`3UM@>#{fm{~4Zp~Yyqqj;~Bqdj6@ z$&nE9q+DamQB`EQRC*%~&uA;W2M#f74l)d0ia$-)gBab5-qAZqanQc~qduUmoGa;6 z`~3ahiiOg|`F2ZVIAXhB7S_QN5?T*yr5ml9C*8 zj3B>pDiGy9I6*i%cald7^$Qen&HcY+WrzAh>jOtZbMcab(jBO=|(!mP@#8{$5=Ki@FXU(AcePMC8zDo44 z9-zfoOfP+XVK6%l5->4^{(p!+TYnF}IF zE!4;o-$0=mtd^F@i+<(cG(GRp=X?yCBNJ_FK4uaH=|G;e^0LI5t};gz=yF&;)SP8U zRKg)gZWDX$+jA#&3Dur=8b@bEt-h^dSrs+>d1VI-uQrXZ zvX8-i>yFz)`-B-Qjk{~^?l>ZMKMOb?@A>M`VU7@_toN4A7v`PkL_*2wyX1k?Y1R{) zLowY!-;31grATL@V&kR-uUGT*UjElaubhTb8WE#+l+?*^3G9?pFzbL?_0hP+p5c_n z$OQ6WdeIP$;UxXW>3cbJW;Z~uiFk1QEL;_F^QiL4{x*8isl2&TjYR0xg~GYaV)`(; zo3#h3)C8_xAM1moQ_W<$teO_Zz%qen>*<`%UGQCI%5U^mXs{2mM`LjUgu=tlC4`@} z!_Z7qgU#Z$deZbuJihbW6gIU1uM<+O9i~T$q`pG~V#~23*iMm=O6 zHzEmSvOS*F3Rkq$~Kw(+Z@x6GbT=;McB z!e{VS@}Yk7fx#*T(4#eN<*e$^Zit~6LKyhL2&UNx`*n0KW}c~JN!4#wd7c{yAB{#n z2}v>H0qe`02ZJ#@+kFKUYTks0s+nHQi_B+y%V~!kMY_qLQDi3`;wlsv|(%( zeo(lfkA?8+!n6?)-NbPcK@pjj<20OUzPN3PWB$x8F4rF``7QX?#BSp(A$nn{W%>+3 z3RkT$uGZUXA}zH%>_5-IEQ|N&%Z0L*im2{mTv6jXPFPvx1K-dTwM62Y7!#=lA_npE40kd>S-P_qI|L^P zsX4GP!OrG@e_=3e-54=f{F-N83(SV2d!kXR;JZFWRA2QFRXjGSdyw8wA)`Sl51>1z z?{z7<2_JA&f)|-VR8*=!J3v0gm!F}uRR_A)o+{Q9&Vf#yP@xgOgBF9hu8fTz%5lZo z=|)am16fIPcfj`p&z1riZh+F4K=5}voliyqR!$$8Kg|x1b%QR8Tn*Q2D)zS)Cvz-U z*&YPUEWqjNuSY%q4M9*xiWU#-@_0nRE-teJRb<9#s=>Vo+x)cmW8ladbn%ybk)>kr z3jN3)mAuDtZ<`eAEHO=#>(XENR({_UyH@{=eN?f6(9suR*WWQq0W$`lfJqE>QGJIp z&pGJOjMSxByTzwWw}P{39~#J1bdtrW2Lp5v%QGBuP9kgTBXGW-GbhtU-dnjuvfSHY zhbp~4@V;eU$(za;X&Xm`9Z&_FD6)bZ7M^TfhO<~FD6=9GjHR|)O|%mmMiqb0B>E;t zp{S6qxInQ=oCevv8_i4&)PE0L;mpdb1Av;*Q@Z#)_HqXY-!9My;62zb94LrfKbOP1 zTQ6J<-Jetu_78LGVUWS~GyL+~j9t}R!|3afo z&;Dn_eV#e%irx1Q_uEdzG8?XPp(#44nrxCkm=z%(JGt8Xkz7?kcwAs}c}A9;f4&N# zD(fLw#p-FfFmQ^Q(I|+BN!L-Q2$^26nEH7-MK1A-9%gq_1wvhSYt6`c6$vMJl>aQV z#w0rue&FWKyQSi#oqmAzOtU598J__805e}|GlY4dCLcgN70t1A39=Uk$bgsDekEd3 zjp(WB`NF%s0jIcmJYEw_*^P$=sdq>&JgUAi= zg>+T7VCyfgagWngmJQ`6TR&#R3gL1ORW5>k)Z`pd4Re}ZJjDtJ?OnlAu|&j|HCTV9 zyM@4$O^td@d`?Y=-?4BCEYuj1Hb}n~DA+%A8)&u?xzsM?r&aCh`pT!6J&v>XR*Ow) zc}=~-%|-$BtJvK-8P7cIkdFR})HH`=Hc9iTMoOpP|J0!(1^a92vP-#ZgEF63e@R};+eO4urp2P7xtR>K?;veCVKA3N+9YRVA2lb;@q2% zaZ+dYKjTna95ykV(S576P-)_zsi+U2?A&k+Ui`O3x$ZK4G^x+7Tan zZjnt_i#8Tpbfc>*KQHc|ddc;4Xr*@AeN|doZ;J zk$)sbmaI$3qp+{=I0EBt?BWT}(*b*zHe*t#Zr>SQ_!Se!`uDpQRl|`ds$y*4=smI5`CQXf*V8{!jR7oefKQUAr+UQ(UTF2|=47C{Udrm!xUCbf2;GZa zFRAFTf3bKE`!DZyWj;_UurWL`Y*FJHDbW_J&g%WWhX^r>xC=-3OHx^A^>=T@iCyxe zu7}@dO)3_W@nVI^!itxjM75KDc1c=LDVitmkd9&zg_Kvl3hxm9F9a@T;oh?8Ywt`V z|D)+ZH+aI0UQ0|>0y9?GYq@j76aBBsm3;{U?a4DDb{!q3@wk$}G=m;!BL5t{?N)O^ zbBKl04c)SefO*Wei{H89B&cZ5a7gz7Tri6V?{?MWlW13aOudnu)i#6vD(iRhKKX4& z>Bo~qyK7kOZryoF*4kn>RB7>pW_Cui2@Ug%Q*sZ4Y^NhZPtL=yUfTY;_^H z+KmU{N+-A$`(03f$OHi`{BDFR*fJNht8|RC7LMvHy{KK)WsVll&rcDl(p~>npqi>C zsV4)^GF01#1-)X!RD=hToD;R8sXHijdTywaQ#%V-qv%>;HA%_0kfsd9gbX&I!#~($ zMNiD>7g^kt4@6LUz^mm$k67ZKs-XC1FC0h(CnctNZ(LFE{n`|7X3o`>i)1{Z^6Y|CbgU{u^yYO-LeqxbMgD5zrn}+ly+ZfBAwk z2_6F4azZWH?al(L5t(t{Jke3p``6xS4h(8@=11B65L@}T$XEnbM0lm5IYAa3ON@gE z`)9<+cL2P<%$|M7V{{ueIzg^>U=%o>X6C3o;x7UG-M{7QT-NA7K3yhIXx-nFjutr#?-D@X3}j|(bG@c~(UmJuT&d8H^W(ze=*%V~pdZzTndZX)vTZcs$Sj+m zl=MOgl6sSi>0e^O7}@KRM7hePD2c0J&(+=J7a?nwQHl6YNXg&yR|HDZcF_!PT7&Ly zVVNh?+phkrk6{eev|+Xiv4=BswIMM6N-gWm!aRWlVKFy`dsCgM1g7C#=^F7l$`{w+R_yU3JfVL_M?qdNd1Zv7squ(nS?jL!JH&f)v0GEX^ zkHGzPeSep|j`CB_8Vj^j#9P1}zm3rUeKtqj#c58QoGjur%o4ZLJ5p0yklLP|mq4(1 zh5o$(A<)Ehji+?Crdmux3WrY_)22}?eOwWWoZ2#z+n<#Xllt=II>){!_vqY1*U(ti z+}l=h2iW6=&R9SGhH~l{>;qjgpY>;`>f7G4mU4qe3x7W|U+C3K9$PPr`@=85Tlpq$ z$q-}W)`Ns+Eb@cC8{G#UKYz8Nbh00@vI>&Tb-;`1i^y|DjXL)Bwe>cyzisj<23bqS zhL8TUha%*QNNyqcmU$Zc*Aq;@{a?mz&H)aGbr7#WmkN%k`@QpM1(sP=o0P>sxus#K z)6Z*lp!N7IniFnDn6uQF$c0{DUC(kW-R)?DK$&W9ea6@zwUa|;3Ir342Ok?nL7Fn^ z@FZ%LMN8zCZ{}4z;(6_t14)yDE8-7)QJKl+2Cabp(R`1nv{>%FXLKTd9V-*UZa_^V z4oKbrI2A+)1n#d6;IH~ztS$PZe%N5oBG~%^+TSF(&lXsC6xh+f7Hqh}j`h9Q%DQ;Y z1T+OQk@lbc_Cjg(IZ8i!F~E3;XnlWUYK&fIKhAV=?CU5Pf|6Ik{}FM!ux4K4LiM2f z?3dScl2WQ0ZSxldPN+~K`dWTzluPiRz9uVdwm`xCsY4BK_(UezLuB9S{oL@KQ>gQtM?j`uCcAMpJFKnw6cAeAIC4vxdOnw#-0%*8qwL&aa z$tMt9UwFkAD}69?oh#PoIh^*HpkTyqlKQk^loiUfiujaNQr|khga5Yvb zm%;{EQ{&vE_FztkXO8skRrZRIZ?WD!E&Adnj!BlFS8hhF*uwLCIR~ z`h5BPP!l`HO1Q`y5{Rn3xM<4J=(s<#&>BIg-V(0Q8A0OkR2&(t^K}^AjAa^VTOgWN zqLrM_3ayA9lBKi%Uv`Ef@>U}2+ltd_>)0R2}#mFnF`NDQ<6c>BywHdezf#wbOieRtmt>=oj#myby z=I?t6*y<7^QR(l+6kaLa^6{M#QSQ0YSv zH&-JWZ->eZ2mJ;nWfqP7{m~s5-AgB=y3SD8rbKoo2LWQmTm$UA2Ee%tDh_8(ZrM-| zj#I`2N~Vr}$iIn`R^LHRDP}gvx_Xhs^JSA!a4>$X8CFSuyx81b6Mbu@x(_VlRf2W~ zR}tmiK{%00+;R%{$#^k5Gm?EywaE+~8{M-o$2-7n&rt`gJrKt(EB=4kX^FAv6n6ZJ zmxt=4FHME9kklBIQ5B6G0eU6bEcx})qo==|L0#ViLUo>LF zi(=4ipzjMEtjgJ4FS*5H<)Y^!jFh*>ZKyX_Wbbt6g}8R;pfP35@F-4m1H{jx(&wIz z3l#uZ%{VU;sugUd>r{2;3$ey2jm$!zXy(i)UXDO@wpO3%{FF+zbsw-;1ePv2m!$Jm zJ*_2)(yYW1iL!}MlAw?1*8Iits~4w~x_LP@MZIkG7ys6$g+^zBVwU;Q96+Ik6hMY$b=j9GBV4lyve%3wXbnx z{J}oP4&--sJoV@jNVM51!5gD4msKL#x#;NRt{E3^>LP%Ev{o0MPRpCm_J|3uEY)l6N=6)}!I50It5Op43Tr1R8} z;l??TGk@@GN5Q7aEvLo>s$R*g{J)k9;jH*4D(MR@=Nq!oU`^Y6i`k!5K?eT#>2t%1 zW=;(21%(CDcCKfch{fCskUNLgsYzV<)GJ+al}A>(-slB^DRX$hur`gDak4`HTShQc zEjIt>>AjOp!j&r+f+?n5OG!L0D&H6P-jBmhvNsy#31+%f&8)(MK%EWN@#7Ao?^J*K zcXUs)s$OVDX%WI51{y1>?}YCH`Z-sq4mA~Y!>6TYz9bQH*GEe-QTVE(()_`>TS~G4 zI$^R1JqYY(Gd0OrX%YGN>CS8I7EPulclC~_q1{yeNnnYcDyyCbm3(B@-P)L#>~bGW zQ5<4uCKjFRs3pfe%tAyp=xOy1^o_l{rVCZ>;D`6l8YS16KkX$*A zw(dZIaLq zPFqTgMEP_b)W>R+k}n-};MyLFIS3~E%4Ct({?To%vuf+gpmHkp0A|d_8)H*&7CUQg zWl-~6QUEt;1@|5G(^Jsv@^yz{t(+@Bh!c4x0(m-RVZb(lB8*wcMva(Xj42Mxy*iJQ z$;tsOQ7N#5-%NY|`k^G2XtJ$W zJb~ggvewl8j8wOHO4H2*(ids78UKzv@iY~<^G+cj(JiK%71>?Ua3arXj`<#4;EM3O zI||5{GMoa*DC*z;3EXM)WkjAU%D&-}hv?xiJWt(~;`(%k@o;y5gS$n+8;BoFmuh5d zRq@J81~$(9^KyW9i5IIP0)gbc-YN=Qna4fy0q8(M^}l4D@=`he`D@_5KgWw{)mY;# zcDH1*<26>MLEvzP1Ud-Ew&+rq^$|O(9<%y9`HD2S_SokO`>g&HMp+lC=Jt~@-Sf%`NwaluP8@Ww+5Izht4~D70 zAYCz}T&(SnY<9*zux6c5$0fQ1Yn@>%iPkDm=)tkM?kq(0>zDJMtL=5;!MZN}#d?G| z*V1#bUQg$(DD036S?9-X=$=kcfbZlCMW>NXpSd@&B~$U%5cu|G6$SrGjYhTA9#Y)e zCf!QKcwtx#ZG2MDmGK$}wGa=tvDRiAjrPvjKX>N!NiFrm!_XIC{iVAw|ydlVXVSx1%dLpNi9X^ z5hEn2sk&}Z+(3lT1D=E}*^_(`XG9jSUHNOk+aJCdd>r#yil#zm4ti{q(QO#G)3>m1 zsr>()DXsi5PDTOtapsZk*EVgtOP@qtES6E#l*l@z?G_W`KsjIE^;UgtZ_hZL57P38 zvOcq)dF-o&^Uj`Sbrluo0PxHXJCs^coFp<s@K_;d3 z*(`QmlHM|~?dog9em-9mL3why?uJPZ>vni(l{szxVi5fi9_!891trGJ#mbG}O$T7I z#sqn13*_(nm}2{OXd#yX4o@ksi&)aS2oF&d%h^2CHYwZejQqWaxId0iQ!0~jT5}f< z_!m%si`sxLDq@5&=ATlko7ULf3TB4{|bv|gH=;c@etB|adU2MG_Zg0HmT1Oz0{o|krp-ivV7I&L66Gm zw;I1j(yykIdG(w+^NRAP`lGrD(5MxM(mqi1$Oz&Py+@yzUpJ4!vw2fJf)6YBd zIgF~~wLbp7fU$q4wku4Jw{Zw|Vq{| zx+z8Z)|TbR*J%Fn0??nUc5_qOk&Skk%^Ye(875fKi5YM>J{X@n8qO5Q$+!IV((iiJ z9h)Y^ye=0QUALZT@|6PnvpEmcT7hwd2v^Y8+elPTbF407Iy>*-Dsv7|g|6u@D@pSd z@kHDvUP=JlA%B~r!IC;V#F*lz@p~Y`b>D-DNm_%)$sQQn`6=N-8z##TzY3*3N`)|0 zV}RFJoAFGa8Tk~{y*q{TSU8j{20GsTg??oWFkD=xx=6aY54)e7h3jjSxRf|H`Fm4P?QjbIA0WS=H=qg|f=4rvYj%H3;;W z)bvDsYn)q%PB_TUZ^c8;Yo?L7W5X)bRd)$;i(#J!FIvpPkGn==WB%)z73|dU#l;=j z|Fm4W*v?2?AlIpkPf#^{1#_gL82=_&K>BM8yGhk*#em-nGG@nHnUqAXR{dDTjiL+U z^ZWZ#XJ`a_|228@z(#gbdBOwh$WXqOVBE&%a?K59WiN6@#_Qj0D9J1eBJWm^tBS{@ zbq20%$Rbce3N6`LG2`**Pk9VdIEXKiG;tmgk7@r%L4uh%a43pM-tzm`RAgsadEtv|+K*poV1l^sXwRczIf;ykGQtbLG2y3;lNO62B|3_s7F6Vr;BNjVOItp5qP7yMip&ed2 zT+{Z`-q#O&AyRbw(`up)_xWE#q{_Q;ReOj%oDF`^lMhNK=~;0ajkG{TeXdF?G;p+1 zo>CVKkII^j(s76en;D9R8j1hM@u1&c56C8tbfoCvk=&S^_HvSrX)w^-BYt3ZmKF~S zv7)A5+I8|UI zV7-$ztjuqw``MdZC3PbkjsPC!E~AsJcd4lke3fdy5CtKUXc81mCr0;9MyW3@2R11m zv5v`WS?8`KwlU7`1P9pQdRRg9f=;(`GfeX%YvzgHs!PsN024bJ2i>>il$RKHRa!-- z!Y$%UdCf21YBqH45z4dyQD7NrbrhfQPcO!u7B}b$J2Fo;FU{;jv?~n`h5FrmEWGGs zEVk5%1M7&OQi?fh>#Xxj%ju4DYc>W69IqpQwIl~8ILBUW7g-;cv0e$9E@?t})~#;g z4NIk2#!t1Dd#m~rv5_mc+t18hOB3u4R1BC`LoQGzXa>?P!ys$rq~W)y4*5E($x0F% zoxWi|eU13wD$ve#<^gkF0H%??+i_CR{pqO&y;@8zaEyq6oakNX$qvm(YZuj(_JHm5 zDS~X}K@%Y)K)dXKyLP9Tdj&t9o937dJnssE$)19@$!^Fv|3N!Dv$3Q&a$eRpCH7?? zhN4cDb@Y8kagbPyeTQ}3!Ib2+1{_n z>0~3H7SA|}g&kJkdSwX!ov#JuyC@R@pa?j{Y`q`ehfg6VV28oFE9!sLBt zU6fGCbrY-;^UcFtZ+Fcc0K34GjSzC04Q=M-GI*?0j_-KL(?~ql;+mlpC~4fB6Z z4ZKwBqD}RkD@z2xRb4Enjt?S$0VuvVhV_K>w()!GQZI`lo~D8)>74?;K^g-#_*b{z z4u-iXXl6fPV!xKu&V$GTm{**9VZ`O-xl_`LprkK zSE7^M(0x&ev${H!JFn)_|pD`H4{lPFd9+fOrF-QUayNG%J?bf|^Ag0gIF&9a@l@fSc|dMs9E?=-@l zbj{vL`ef?XAC&2qcmB-@NkO6mYTsh}g5>=pY=fUjbMiKFTgSxMUL$nVQCqOC5|$8K z&t^_Ikox_x&y$IFW}E!MX;)%?ka(ATa;mv9xI*(WSh67IEBy}vHW>tSjVvX7K$(>G zW51Ak)QwEAf(A9-q`%)Z^3gkVeq@G1MUfQLLa0k6WUR5beDRQE<*S;oNzCF26Hrl2edB0Wj&@`7SKj7A8FdVlp)Fd5Z zXaYdDr$X#0pyAGYP@cWV(#41Z!B_Xz{YLBSDz-Wx#&<@~%5~o2vD5MTkrI*M{$$t_~9tb*3)`fBSY!O9VB0uAIxD3dXkT{$^L=Q?aB#1-7* z9OJ`-AqTOmnXQ|9?}?}TuJ)D$wmD1V^%WW9t~V{pERkPW2r$zLlfa0fc2vk5Ob^-b zc$JE0x%Rh!u0KP)LByyZW_}Zcm2lS^P^f99U*Mv&;_QW; zl3OVr+!cCm2G08`LoE?tU^D%_Bv6D^&}!iQC3`DATCKuDspRr?^fe1$Brr~?!uU4d zTQR*65}y>$`?6{T4CS#?R1|t(f6(8Yx@=MkF3Y9<*oIZzG^m6ZN8|ro0(w?1&f)aR z)%UTqqM92;!D(tuZI}ph)cn2(9pW-9kHhujusoCKwvSq5nSL^yYTwN|zBLIeFp$EF z4`vqr(=sWkt8Khpj$^~)V^;v&B@Twu>XER$7-`4x1I|=Cf3lMvl3)@XRw71IQD!ho z)L~hI60L9k%XP${PH-uRyU(RL$^3pxF`=qNR{gWAFX>oWUv)VzH>_0_iU z?>CCUfJRio_;0@YWO3`0p&|_yd})2Hjvq>2`+)yeK;_v35>q9)p>Wtc+TZhlpQWsg z1AnpEhD=7$DrR`%H!I#eQ{?&4inY4Es;*5wYy7i-vMo3Re5Iq-+LqUd$;0yq%0W*} zU2At6t zC><+=b|&Gz1EP@36>L$@kb{txKjAFW-3>QZ#l+)aYk@D3x47pa(r1Jhg)Gm~sg7F~ z^K>AV>Ej5*xz*P^p#`41iSpUJaS9DHXU4MEO2nt19GO$9zB#i#d~|P&D>2Y*juRSb z5T4Km9@)(Q!7uu|aDX6|0f!cI{U2nT^_0aDU8KaqzItZl6jv&bqycK>CR#FBbTV)8%`8Fg&p?6`HENwH5- zmk8x2NzI{LyH-s$&dXS?&=S1HBhwy$LO5MKS^4*d?+n3{7LIJ4+&Y|*+q)Z9`3oyg@ZY^A2v-j)rJPj5+^%boQfb;|uQR(LPy0gR zpJ6H)$HVZM+2p2+PIGHE=UT|>EWb%I!3kmiO^rOKog88x`Y(*o`=3eNRIZrncix`p z!;iZ(K{UrQ`Rz~e@ohXB?928;UKdgPlG5e+BK&!K{A4umap-+i*mU43)p>Aq5D+%F z8Yn3Ph|8=nw4SXtRzoa#h`D!9)`QMy{Q2%TynR!m>d~#f{trfu>#Fex7(`8z1;~Ft zNnICms&c?WzH$TNs3HElWup4Wm65jmnHiX@d*ccy)iEAO=#mhwJX0i;Moo)U)XAmM z5-9-{8m9U;-v`qzNZ2*|4s+%+DcBhDtG>)^#+qzBxc||+cy@udbaQ;IeKBopF9mP< z_&rd0CMqbilO~mQ5eupDU|^R;?_{*iPcA~uaqwv__MrFlkMuMi1ZN^asPQ|eC?Hn@ z^tQvzU0k8Km=45~E;s&#;?M8*N;q9vkHr}j3lPVhYic=FH5iT-6gky%sdszm>Ym)> zUwM{^;)kK0TOEOhb?w@FsReW01Gf^=M-Sqa;>?%MH%YK?Ga0WJ3&I`-dXL_*dgp&c zMAZ8x_|SAl%_Ea_1<5_=aE(P1ZJaw2*y2xw2lhd6=M()xn^RiTC9lCkNjHzXUu5il ziqR3X2#;+wJ=m7?&R)@!0`a9kH7YHa=UX;6Vea^W3!d0){r6-gY>{s^aiO7VZXJ7) zQnl^2ie9(4%+Cz?$=JPOS$?Kw$Aai$RKcyq^a~9ZWmT zNFH@6=B~AD-YtL8U4m2@79*RR#mc^(x5qykZe*3W`gDBlR5YHp0D;Rhw7Gg@Ele-+(iUd(-kJ5Daj*cq)}*R|D} zx>_%I5tXI_Pd%&()p_@yM8)uP|39KUw|7>$i>34c(p&HEe zB_dLYW-l`5dKQ2I0t5&EAV7ft1PA~XSBgGQd;SM|z^pE;9n-`v%=Y*A9Dq3CJ3frK z(v=x1EFK-Y7mLb{AEXy0O9tNo z&=fq8Oi26|VOWA@wkTgp$rL!lPiVJ&&6y(ZaZ|DrPiX){51qn1hU|A&9sROfv7#s!V821^@s0}lq5S?;d-Tc9;ydJ|}X4;hodM37UlrQWB z9##PK{{ZULu-9%;9`!%2K;QXlaMyixX7CCYgKEFJ=t4Q*z&W>91e}sr}*hcBfzI=}!fK2}q4CoBf2$=#mc4F+~+<3L!0$QKAewe*i z_RFPVup(Aah>RX@W<~P~evUYb@&`~1DK{2cXF@A-5+pzH;wH}V*H)VTR)@$*Tu;H2 z*nT-~%dD7kq-eB{D`vw7<(2xs?!vh3mSHnQc@ZTfL=~qP z+`4CZm2-=kPqn3f#d!EW?K_%NOyTTXsjH74(ep|3z`Vv&UxGV-gHzpppO#rd?yiec zcc*Sg?w9ATFLR~~`r(a6B&Qfw!zRv_+bW=$aeUYd%oW`+?dqUE)uL8i)1ZSI*>+`5 zd?mu6#9Z(X-FAistjKgg!5r{quQKN~&U-a3j)-nDz@|q-AmM%c0rB**JF5GQGKu~^ zXPdxmIC=cbqHjQ1JwPxE^)!MI8~DnEZ*_!+L+@cY&sVcfxVkx=oae;@!<@P9{a4Id zdcFG{4*G`I(SjN%0-1D0J9m`st@mhL#4{IVxWvb?kz7eXbDaFY*C?EQ?+c`mI^ccP zi{`0g%wxdQSjcJR4BM5#EQcX{x{4I?J>{%+>G|$K;$YpBpUi8EZC|$J@`- zH3iuOn*|>^AwbjA`+c>+nI-qK@88F$DcKKM&rhigaR&HQ)bZ`#&9EBw3#wYoy#DoE zo_wXICA@;jDKNOd-Xv~oZ3RRllK()OaHIT?CpBDFL$~@aDorBwayZg@%1~*Ke+rp9 z3*>uGVAAxXdQ06w#VuP42W(C1eo` x>vkMp@W>swsJywNG3Hv@AB6PS>25#;6bB8Cl^yAFrW5~*xgwk>NG>Cy=74Q8#S;Jk diff --git a/tests/compatimage.img.xz b/tests/compatimage.img.xz new file mode 100644 index 0000000000000000000000000000000000000000..37fe163f148c7f7fe8ebc39a651504809418a8d2 GIT binary patch literal 66732 zcmV(xKvH(MR~g-V6Q=l=qEr> zlo?oSmTk8i;88RFqHMs{jt&ljKy;tY4^<81uKVgWVk7VnC?TBZ4M8YdKw)L=^2D%9 zk}_)xJix1W*W^m3CvIUpr3HB`X}AHzoPn2e$V`wUtL7B7^zw2)71r}Z&va~){C<@- zkdJ}43rsi4TDqOjXS~OaRT5j#!jZ?ynoJv*$5)Ae-%vH+1lqm5 z=ryQ&@=J;J(UyNt)(g+Xt(+OBWL5Zf;lnHnM@v;T4PxLG!1i5pU_@+i@IPNuHBj!_o)^HItd!8odNL^ z4iEe|NOPbF2M(@9a_e3jFNp{F9UE;nteWyrasFP4>78qH6frRrG=so@!1i=AoJZNv zvM=&V$C8`QzElfXIp5BUSlVCa{wjF<@YZ6j70}H;uaKr(I;3jRXNF5dGS|e+7JF8W z)6tC0x6rQaLCU2XR{_&z4et{T;Vl9wl{edUA=NJ5iQ6T2)aax`TE~fCmM&y0SVYG9 zYG`L3-5MQB)?il3xtt2Xse2>^z`iQyh2L^?MGP6uwTdgTd^3=)ta zqnmQ#7F4NBQ5GlPDqgw5r7b+_l4pv!3~93seV~uvEQwx5T!FYt_YJQoiYL=Ksft_v zfuOA_LYKFrz^BL|o$jcn1{D3Xqj{BVd=L)NMoZc{SG`d+;5isNCy>(*DTlGxn>KaP zI^-_Y62{@)RQ53H(!z> z5s6Ku-NqF0qO=79A>DTU1g7~BHJ>rB<6ss#=bB-0|NN~n)HQti3jeim2}PUqk2j$5 zx&12qg!kZR>1_`ACSu?it@(wynY~TeNOYzY>BLdzLx{Jq^->@kaf&()M6X@5cJCP* z3-R{?`r1?$jd`bq7tBMf2MURDFKREWAj~|^_rey7BdU+u$h;1-A}KO(bYw3tQ$hyrDe`$&heQU`RbIai|~}z)TE-ov~-04Tx0}5uM3P6d(Y0W0pU|Q4=R?ceP=p0oE5)v8mR98Sb4yU9qm4IHZR<>jG27nlOH4i@2_ z{V{Uu7YrzPCD1oQLPS^L@lh4#_M4D;Qfe0#+UpjNfb$apQwe3E z23p6zxl)`rkN4;hR&z*5XevhTiGE!Ak52;f@njDsXJe7gTc zoPP{8N<8WtJ(aJgb!8KTddw(vOTlC5$Y_qE$+-_ry#%h(+JLaHZ{0r1?7x8i`q4U# zPZJqqNve%{ne8oCAmyleh>pT@hC_51_$9XmuE-B65E#H zR&Hp-z?(=R266hTgPfQrj#&tHH~9I=NrfUP^yY$pwgnA>y!S2iUb)hCAyV4>6*_Zm z5#QimBdh+Sr=IVX+hDfuVB7)+@MvYDPvPUjP_uH&f0uvMRZMzv+r{_*?T1|R{q-ZI z`DR2wDi9^$8))jRBq5_a2t%GGq9X+gdggVJ7SIGW<$V=lL!mL z;m-&J@cCxmy}&MorBSP6kF+?3sy&4$z~pEJ_nSwGM*| zh)`{{Eok1b_6y@)W0^)IsF==`C_SK!nFOor&+Qy)?sD#)pv)^-`S|t&*F|33H2H(l zdV^{;gNiEcf_!8H>oIF(`8f?gM=w!_Kt?J@wQl~QoKh2&vBZ6N^FVXa^*We)7d~$I zJwlkpGt>6oyOFCiTT|bmXiSlHXcm_}Q2@HuUSrvBv7rtawVkAIdj#(H2n~FJ@V8-$ z6OZgT+~;kH2%~V;PuUeH9wUl(w*V$7hQjqrDe!5?m`2gta!i z+XbE;3zsRWG8*3UvIaVafVz0!0Bp6zL`gG0GAFcQ;Azv#m~g^m*+Abuo<@0hw7})v ztuG4+W+(Y|_f($$*yAu1+T44{)zZr#jBMKKYf0V_@Gad8(O zEw-fULCZ%vnmU;0mr>)VH}=KIS326XoY;!IR4`Z3)R(WY)fXWaja#^IOU8!aGDz1y zP|<~1Ff$J4x?BHLqV9lwMQD7K0o_)dyqZ{P^g97my1Z0(I)MAr2%SCU9E_*6OZpXW z#s#h8WF$x5Y2}-bUZQx?(dN2G8bK6q3r{oQbC$}Y@xg-5?|pa8>=$=;A9CwrTIqs=Kn1MhJv2qo5W4>PEzye+){# zPn-zD2OYs?paI0ym66r>6A%H34lF$K@#^_J854L>Y_4?Lz;*KV#G6WD>hCT$U3j%u zzVx~&AC!Y6@!38%PH`XOJ09OWlHxV7WRxb`ah#gAPBcsqkDnn}P3k16hh|s2|7}(_ zHrjMVcy*Xs?ny$h9>8nuL6Qtis)=zBoYDbl!mX$w!Xm`U*jGKhB=i7>8BQ;BxS)}c zW_bKN281rOSTr-Nwif!jO%Y&ttk@ZQ68x_IVpopKvOZgug_f&himpMLJ!>m;%zq{m zsA}_7o4PY$Bd?;B?w2(4NBtWor%6PPF92C-%M6O_BWL zbek?5^|GfnUyaY}z<1CS zyYIt)Bi^V-yL+syWa#1-Hf=;&nXd%`e(-VtLYE4Qr;s5|&Cn2T*?R6u2{dNG@Yz2x zQjeLZp6pw%le?QHe||Tk7F>x!DP=-DH-1b*!7R1@3BtW(v(-Z5TgK^tXRIb0(E&jc zr&MoTgene==O%ik#`W~TH1w@osE-w%3E|msi4v953)qeL0$-Wm^i5~bHClIYuFaB32bHGB5v8v$XUE;g!T--!}34 z4G0NySyrDePSA6Xp!SOb4 zCnBnjJ7=cWb0rn8E#Te~#q=vbh!RTEg|~M7M^yyb?yKPp`a4GRk`@b(QS$FfyCOy7 z-a1P$1^Gp9#$+(onn6Lfza7`ls7^S{iVFd`g-j0ZpaAa?655Q=EjVhz-Byx!SWZ!1 zcAhO>KV>@3&|9ir&jF*>M1-j5cq3z zxYl%ItJk))&@bsjElei<4~;m}$D^O$dC;uuGJAsQWgXUv8$Ip1!^yBa4!2Nb zyca0(XX@mix2~DP9i#?Hj9hS?G1hSE?Vw`B+&+Heat*(OQASPjCPd@NExm=*&i_+x ziy(zxiUwLhvW9tyO6@+%FA76LIij~UQr2mhYYgNfo~a|H?Ip0J1A7w1wxp>T8C28r zhb@%n6x4yD=kIZmVL z`TTNbwS=SYb@Eqw;6hu4BA>yuY~bz;Bxta0pB?k$*FTiuS-o%54zvIX0N>#nbSF1j z#AGJ>Th+jBLuF=$0of1^^)4QTkK-6vcGdEpr+^#%u7_$AVC$}ItyvRcKh9NFJs2O~ z>p48x`LrMh-#$I0qz8&y(LHi&GcLL&arqiarJZj;3lKA- zn^umUFb`(xX7b)$k^_Hv4J@#Cj?%FiPm=H1!_9nZ5w+iylJByuZRdqrElnp+gYb0X zR$fo1+Tz!B24TrdLlB@>AtNK^GDSY&`^F~H(WTQAre#K-)u6qp;m?zV@Xg9t8>!1V zR_xs*U3wA+k&lZTYZJa7Mf#Bp-V>+$!lBfa2_U?$$J{@1Pgr7^C2y~6CLWaU8mMei z1qP;~`_hTM_S`Ly#gol`2cGgQ47~~G_9PRGWciDA>nUq?_?c`}NR<)pq$Sq! z@$k>d`@9p1^uNLlQa1X{d|B}F*)^VgNN4}pwJ!MxzCM`v@0t<4z--?7<^q)LH!k^b2*xkdHj*=6Ry6KKF>f5TN44-i|Ss+jWhM(PMaBSpf!}ZT$BJz z3}>O?4n?)|>4W{K%dKmu?%PWV&eEM0J9UT-0p%s{FlKR*b7?aYQ>O@M@^8*hizJ9V zm;o~*G(28PPCZb=2L&WYu(GkI;zfnLAK=uiJ2q4+=VjwgdEE86NW)Hw78y)$fDaGP z1~7SrTQJdI8x9qk!O6vvjN_t0@sIgpI=N$Igh{2OnK!uA0HsU^9r|>lx&3~%y^VQC znfo=`u|zpHH{+zV&ST}H`1Aqo*ngJuLn1*Jn$vQ+{?Q{!{gJeu^)PJ(g z3)Hr)d>d#JwNWl)QEtMBSklw-Ir00sF9Jsl8yHbzCO{sdb_gzcJuqb)U-Z=S+siux zd2%$AZyT|P*L35q=*vLD^EXTRz zb>PYXt>>3)QI4#>xa>Hvs3@ZR8_MytuwtSUmsd4_r%n5zm^CWOt7|pY(5b=rOq)G6 zy(oVu8gquX(g%nX-}9og3cS=7fTr;@;Y}B89=WWH|79ZGcM<~Ehr;S`#aYWeS+4Ch z)+x&|OsMyPqg-uXX|MuMjHgI^USoHl_os@c0k~WU=lU+>S)3p2D7NaFK`z+~T+y6! zbV3|^Y-3Z%qo>1-|IVcHD@|W$7)6uQ30>h41`L%4o<~H!A`I}93aO=?R&-3C;o2Lz z*vGE_!15Tt+1$U%I$Pb3%i!~mKB*I^?754?VC38E;M!_nq_H#o(Lj2!UxKtK4lxrf zTsN$xU)}(YxEb^*Wb|}A4(i8W#;!k{TnftXGPOk)h)01DT4GtPOkuJ(eE)uy z3b&<$umL{n@ClR=Ov4z|s0%j*6&^U?G-kYtYL|#i)?Rf?i?M=*D0Y#(3%5DeCctP+ zjP%M*#sr~`>>AG+b50Rr2rhNu4Na};WTI8_=dB!e8O4p}L2T(Urwg5$jIyN*OY3vs zveD#C+3!PtH=?zNiJWZ16$o2D5T)-sA{m6Y{X?M6YFNIYNgPX0CVr7vTE`+L!q^81 zC8@CDW!XxL6m{MizyzG4kL%Fw%qKLrwy3gTZ$j*SM$pb56%SqSuH*D~SuV6&Q4EdI zBnuH*wfr@W4^yN{4}b|HV^w~DDCf(&|0fuhyfo^Vwb7;ba7F4zT2wM%*+T&^&~P%X z9*bM*YW~8H6tM37^^KdVt9kEU_Xf`mc^CoXwdl@ioj&T3+@V3?XSt&^$xT z-@Dr?0>HOzNE8hLmOG7AFC1^%w?eKVVjo^bR7pzcH-AXFGF`qt`Qht7nNWBgd?pj9 zjwKJ!rf5T9-}EH58CLk{%e9oDu<|Or(iIVr&2SQ0Hu#vpC-U0EPk}aP;d-g@!Jh88 z_4DJ;-wevPw#yj(VCUN#ZlXPT4D>9E%$XWR0t?-ht|o;$dBX$AG1Z>{iJ!0_Q~t?1 zm@b<>^6h8NioAH;mx+bryZ@6y?J-f_;uQ20*)s-EIr#7Cw(hXx7wLU7(5=g~1=_rY5{VwFG%L-lUejo$kb3~_OieSe94XU08VOiC zBB1|$-1Qa(x{2C5B_p>+JF-%9t#lck#DUcAHyIyTWc*U3R z%TKK~m&roQ^o|tdcaQ}fu2|*Ft}FJAD?`!2x}-!A<<`scJQ(AY;P}n63D1W3BuA{8 zA={?YVE|EL;y)$quZT7`Or=9<^Z(s3PgXzhrxav$XX->%&V5nK9+hh7=uEOiWs0IV zx@FgUdN6$u-OCk!;Xaj>Fl1V$X#&QxkF0n_t?MP-imm=vO z{*i69YbPdSp!cB`^VHOF^X<@HaSonrOox+KNG(5bDG6X^*9*d8HIuhlG3&cRl59Z;4ab;`RDM6FEALE^W|Goj|+ExKjc zTkt5D{Gy!AZhe~#A^Xz&+L}bp2!_}@IIJ!KoOiC@e}x{?+dm_YOB1m!_62% zU|L5EZ5c%DL0`qgr++?nqQpZHh}+mo_>}f;iyf{ z1fUsz58rWpXW7NW-=-{T)S39hcDL@vXRBv_?$a#9A{kF}oAB74JFA#H(lgDz{W={mI2eU+QrQ1mL z`COJSorZeJhMk@W!7))0r9%b75`}9^+5bbHn%IHzhE>sOZ$5WuedQ3VgxCBEg9M8* znr^eu-|EH+M}aQ}=Z_HxswW_#GgMw?u=<$#0haKvq>?N5jys5cl(`Eg1`-#!Gkc9& zovCr6yAWVsCY2NA+&7NZ#G-}>IQ+C)1V#d+yU4Zh0SJ!MD92gZ5|R$3Zyuly&KMk_ z->ZE~DRnXP9O#<8J?bkVQ4$iIz@&z%^UF5dX9ku-p0lLL7vRZKvWTitq~K>7M{&ck zG#%Pm86`pcoergKmlZ{JCv@iR{WY$^V*m-C?WD?4Uk0_SG@FgK#zC1A9$U{k`j7?b z)qn^6m}hf2vH!$M3L?X^xE}x*l#Kd+%GTqssJ+&cr?+1Qjpm|DCqpak%wtt&4F!a5@ElZJ^&<8mrTj`gV?CK-5pwq zM6G~3(ZASSrl-L-rK4A5L!F)Ba#qxG5m^q4nxUc6Bl=~S%fNlI%5yEYJENN)8q z50ivWLP4ZnT)WCO-sBx0+aUGdOzdtr3j-w(wR-2Ws&&2EF7>*_=P!qx%`lD<7(Tc% zGbrQe7f?5LTR`NkkwJ@SgOWdlc0=%8#D_CFWw+#WccC;o1IRiWSEQl4c-2V6r(Z%7 zHc$A%pDomB@V}Y+hhSYm!(Ezq#=yv6V9sJHkF7DGD!lk9=cc->o1_gi4F#i)(>H1P z9}{Cs%w|XQOjl*g*7#rBjq_Pk?TWd`GDo!D_zL<|!B2I=uN>Y_6uMW?y>gV_u@$5+ z+uj10aD>XFAyN6ys;SB4q1UA<391FIcF_%J63xHyS1#|Fl+UHQfz}Wg6^YgMD2@KS zjzC_s9$U0h3idiP7v>R>*0k!EyG6PA&$?FuU4+Lz!<_Muc9Kc$HW#i10U+&$&iw|) zCLMrqap#i9(CxKpHXqhW5;WJoTB}d{=FksPth8Q#)RTx46wZ-Wt+Y!DVDjE?+O7Sw z#_lGATHJgO`oVhMC|U$q*EXn@(t_?7=Hevt$Bv^R-DUCql+H6bfL_Ih4PUKVuBUvFq&6Ho#p=C?vO% zb}z%W=EM+(hyhcwc4L-`IkQX*Z%@_L$CfiAQ3ZfG)sW8LycA0g>>|KAlTI_|qNbSr zYH7*WwSU8%W$k=(tN2Ek=|u{{P2A&kJ{$oM6WXNoPF^B&`G;zqJ$y3u&5r(<_|6Dd z3D$_lM1q@$j&@WiFL_T%6@f?xQt5?!e84WN+vBngj`EvcD30)iZD=$!0m-Poq(E4t z9h9TEUA~%2qQNf-wv5GCQ3Aoq zIqWQRC)dt}ELQOm3 z4l{An>TV$B?EWl>e)5$Ak|QyOYLnkm>I|dc%eYJ5Ew~fk3xA}eb(w`f{iauonLX3e z*Ah<{6WP)i!uWZFHyS=F}c*PD;+XBucWdx)NDp?j-P5f4FfsGRe7~Dk=fNX z7J8$KOTW|s3PuCpm!}+t4NxHW%I8j)`Gg0dcIrmiB}|Kdj@N^Iu#I5xE3N);^Zk8l z)7|SkPNFdJ^^Whz?!dleAg=I2D%Zi(Xf#Z-4;3oVCd|DnFvNylV&vWSatD$&X$evD zX_)9=Eb3MwuHA#f4#kZGDqhfTf;!%EGT#=}QPDxK5 z%J?Gf+_6rx@vGJ&r4fWb>BAoqYUbDKRXTU+3ydK7FO(CYHgz8#%7!K?(;tbjUnT+^ zJ^Wo-r8?sjM!1~(2n=i{HhNcdKnZR}%o5ykyMrv$uxVFIX@u(8;$~bMN|83oM!!@E z%rPr(p99BDui>(?9l5r0FIr0gSoDgairpfAvI>s&Kw83Zv(AKoS2j~J-C^) z-Hr9bpn?h zplSZpF9YkmD>!Sqkm0P4FqBHXuH$w|e8B()XN)Nub63ovZ4*zYKt<>I zC;0UFKai_F&lpCHb`=o^AJ>=bY*VLpqO$+P)$f-hu2cqI-M6{`In&hNqPk}CqYWQ9iN4SCCRJKgRjq>Y5@6a{Qd1W*(43^ zA*Hy4*%CkIQk!q923~&qbs!_WhD=G8gClVXOPE(7y&Y;fI@t z^8AK>4D9)|g2!gLEOO?9#0UGGa|onoa&}CE4knAGAE7l1VuOvYT}gvy@yFfEmGS;d zA(&g)-~ijl+`43vLcmVMCM2;S+BoolmlezlW{13LCqC=FItVo6ELkoy>BwHAjcoAn z*mvKzg~>9ffW2J#2-@RbhQ+1x6`m0zB)mZ`yMVOfdoN%P2ER(+$V&fE`+-$j z==iEd$Z^-;x%$nUXH1WjNxx@{UZYbC~lC+~NH zYrEVMF7C2z=trHq*H2+Cz%>n{;dChnqjA|$vWGr0b1>c^%0%DyR6?p%H5^flvoBCY z@h{S>t(3qgT3XNqyvPEh4Zf8LFm($92X|lYm^gp3U?NwDxxQzyv8}PawnTJlE6RaS zjN7x7IWGldq%{!i;gh{7qLnmN`4SVFgQ7cTYL7N-CtoP7xHnHMU#4MOfU@TUu7@;) zM)O@!>`Te7MGBy6{O_;sgWMNw5vbu}fU(9YiDbP-#D+E6H4ADWv9XtRI1Njb1)%VB zqPdH0PUAj02RDEoG0Q`ZNtXJ#_;3p0sO+!wCR9COq=L=LvFCk{H!h-m zx`Setr+zb)phAvit;3BR5v>@GsQskP%dJ7@yf2F2>Uo#19;$b*%_rcF? zSiC0&STiZ@HB(dS;d^_WfUoyUAM(Gg@LzvEl>T1~)`cJ1wOwZ7fMsk1uLe1Hw9kvcO&;SgAjDT%sk^>MiA(c{<+ z!wwc@^carM3E%qyU(=|SLF$~+O>O*@E2q(~Ojjrz{xTC^Wy0Zb7^s+aDR+!ZBB1)jl z<4|cZtI?SKV@;A^&%q@*akhrtINcLVYo21C`r*S2?tT7XE26dxSSUJT1e85FN+oqc zaw2rSA13A&iTx@W3z0gFVSj!{d;a4b-sLIzeQd) zO*H_t5Kw53Ndr@~v)J1FT4b zQVeyHZnSL=i&hxv$F&eb6j}F%<_pe^DFh z>+qTU$^NzdA0qQEVJx@@G&M4eJK9U8(38AX(Ec1C^$hK`BsXo6bnDpDvie0r+zsyw zc^C+J)Mhx(ZriDW#)C3t8mx+fZE~P;fnt0D#}gmnK^y<2&ugc^mwH~K3S{SAw!q*! zC@4{;Q9bFlq`LjVV|`M_v#EP6`=T>HalIWA7l7q;F=u0duSZ(0-$GdX9KrCu%gm~I zwrwe7&W@c}??n_9<+btT`=H~`<9);(JmI&(%UY;Wm%$!>O4EUy0C*+v&5fw*BP!@k z57qd2mVh0DJ6Yim+vViE@T5HI?*&QlG02RS)@x%4tKr}Qvrejeo7>n9EW8@VrU3V> zU7OaFzm6{MikB0c7c3D0Ph!?BU2wlnXKknSbM*@JB(fZ~>u_NN!YeT23YH}!lVxTt z?#k5b4}6sQ9T6V|AP@!J57|<~y}IROe}2yNHkdOt5Iz3far#C{dW>7c>m50WcQCvymwII5`Ev>IJ z^UeqwA3iwZJ-|$xT9c5f7~B!ko$s`|E2R202U^oznkARZ6OPa_YlZ9tw_;@F$0t9w zt?}m7iU7MXo9+f`PW&Jh?tS-hoeevuiCsnP_uN5~G1rMT#SD*vbIY(r9O4ipbWt$< z7xGmq0D1N~$RFmpM4JYPQO6p+Yq+?7WFj6}$u_+<^sS-JN-ohh&0wIwSK;_voHpxO zDANHJ&hq2c!$S698)L&(``t7>XlWH|++K7Nt_?SIBe$a_oj#5iBa@|%?QU62I{7o& z^(9@$Uv7B1x1++o1px7m63oN=E&Irb%cQcS%|W4XZ4I8NcToQm@Q!IKlF;{kgSG|c zn{aG31S+f$V_&dEe7u`Yp-Gx^(}_!+p4ARn4Y?ll+Veh=J=Kr+pPa_#D)7WMqSdaS z0{Re+ikg41RC$ejYff?#Pv3L*lP8)GjIna7cD>Y)KeJ3yFh`)=cKDMOd$W`({0;7t zwH`;@hz)8Zi}$!o9Ucv28^^+$fTO%a`Qcdv)TAG$!?6czJ<62gG=JoiTs1x3UXg>dd*9Kgg-lMa#a{$fjYEFDx zw8Z2+{6D4uU2 zHgI_k!oe25R+$N)Rh~+Ku3-o^JjKk%9$Vsrwke=VhrpukWR`%O|7wWtBnKzzPX-e7 z4Bl|GdIZ=HfOs-2IL^(}Jdm9RJcxOGdZ4KnZP!^`4ns4;k;Zn3Q7!nk-+hh_Bb}(Rl;FsDceBOJ z&#>hA@y&E zM3@QdQ6wnRC6j^3wCtUJJ}@(wX_;Fla0c+7H=N_Fk@AAL>E~qRc&#$*$4wJO8-??ta`c6=DTR{NS*FTZedU0nF zR6MEwM2UdQ3R03JYJ{h8leNq#ZFr~8E>=ss+%Bz_%^^8JX@4kk59J4L8qC`Yc8k9Q z0c&Z+O0{nmF}n%1hiUak=Ao|M>0MZtTPq2 zeFRpdF>B164~P(|-cLS8m^(JIP9V)~;sEjBa#fY=8f7IIvT6`C9uqb-_Ri zo_sq)!fda7w5X;No9+!b1JPKt@nn{wGt)FhphWw_xRgqG*JsIU{hd^1?|{t(15L*; zyTzd69wTu;e=-F{DADa{=_HY?E8z-N!}Iei{q~b~OBd?A!LS$u`zT@+%c9_V9~hZ) zYt9uofW`^2o*8{Jv2S$<5Vk+iIUkP}guU(l^>(Aod<< zr@n0k!9H0Z>1=#6x*{g42lT^j?IWk-a~;0UXbvouhf=8tR2X~Oax{C~O{7B|;p9jY zjHaJdmJ&B^`VlK~J;N0Xx7o*jMpm0l)8qUmSJU1$5%O6jFzSnk2kSv|nz5c{jZVhk zWOVZZzVZv&a|<63%)lwDB>+N~y5UI7c0Z8Rerr4{Z)JQ%olYCe17ri1p$~H$r5}*z zLJ}{x9(t~YsT};QFZ3HN$;h7U@;bK);U+sd#EGNqcRW5-H%E~g^D|Pq4+k4-8b-&I zFk5nLIv#a2u!n_^(Mf*3k5)i`E;*(75$zooALb7fj(UwyjLN()KDA0#A%%b7!EGax z!FV>}4el4JDQ1B;@Q>sv(Ng<1@4*cuM{-b3IAOE*1|F7gIZ7HWF~mwN*65_d$e@wa9}ykodRParodh_7Zs`+~_oX5biD{xPKg$^X2||))xFJFh zb+7A^T6L?K>#)OR+QBPB9dDv-t$hS%l|+C_5|JAXc+Kkw8keslJTSkf*2KKTSSaYQ zg0+oPN%6;=t=7gFu}Sii&CEYbyy|CbP1qFrGbD|nF;la-WhZz^L=TQt4AhoIcatlvCg?gaeU=grwFyUR?Pc zKH8$0sH)5PJHK**{}qj~a+1Bi5OEjv0CGnjj`GgZWcYmf>zpjcCA$n>RyD-ta$8d` z(EH#{mZo;B-%o~h&9v%G*`7vxG>1xLR(s5vD2vZR*+tx{fI=?bZ59YU>lcfQp3e*# zNuZC#ULqQ17VrVUK$0AYAG_o4mOVd;uen?-EuKI|39oAcwN~x-nbg z4o4110Hjo#wBb9oGkQ9CiyfdBAB?xa{+FTjgc`f|{ArpEP~~nma4qb^F$B9r{gC3sHUqe)1y7G-u065 zitlU~HQLqd%SW$^og-r@EO2MWSSKaN?2m2GZ1=z@i=1Zak@Cdfjv>&MYEiZ?8V&8s zke4AR2!W<=dBp@kzzV&AyzV^mBCnb}gx(&k)+3yj`|&OvZz(+CzINv1*b8qux-V<0 zp$nI6TYXHiHyZVGP8r|UjxUJK4^;_~y7+C9u;f94Xa2 z6y!^V;1hIwAm6W_Kpet5UG35Ov+S=-4MHV>-&x7qG$*j*n0s5xXffr2sX);=+KS*A zyuHZwswj$a9;E1g*0}}jY#;?NE>o4^ry`15GW^l;bo9DkWR}EFyP&$tpw>!gZ<*{%w@hb~ zOf3d5sQhP1ur1V+XW_eTNb=7bR5&B`{rAL77jG%}d^BqE45b1pFfPX1u_SW;9W$(! zBAm_i;7+%J@9sZy)qty2i=8QA2*qUockecgjEJoqS)el_S^ydQu}!(cx?N_{Z5D!b zQ6QtVXrV>Nzw+m^O4($dvX>(7s;q^z^O1djh?lC2STvsgPUPLV9Xh9=r%f6Mk;u?3 zc!2aklqFzvX?sWKs!(?%%S`L2uRgy%IMzkG%cb=cyQw!X5K}DfX|3QV80DJEdjbM1 z!g#bx0WySq=N6qW)>T`>x$bWSoC`+eZB&mXRcx5y%BuJ59STei^JcElQrEfT)E4#A z_w2j=hGahI4Nof1&xY!QRxvDTOb^R#?6iq>(B8{za_b6dh%@(numZNPwW&lwMg}tj zmYH^Gn_lpnZq+lEF{0Z!dhnQ4OCp#jlXfde+XtFhOzTbq-58u-%{`XDOrp}x4-CQf zilFT!*0GNw{;g9NH{MTWcJdK9Mp%u|G3p9yme-79z)9HSiAtv&5L6!k9RGuUalmMV zDG9b$JO;m?&&x|yvSShe=X%C+gB@;Vzh7b$f9A~{tpPd>X6#0nzFdT z4=oem0l-}L_&j9zcg6j4e`q)xodbvJ1AyTA>2keCc>!ELk5Wcx#|> zV>IQ;YuhHt@t=SvRwSd8{sca`{R%&RoPFW`$nHv{sQerji()-v86RpHvh1m7V6L3V{ zaVa)$xR1gzZ+)!+RG0{nOB25XiLF39!4zTiCM3l0@TRH4r$Y;sUrj8PH7i8eC+e+j zA1OVuQ?(U_g%>e~X|)bC~tpr~quQvF6jenL(>z*eoNdlb}J_Qp(mc z1Y13o$O?o&MD^R!ts}e#@JG+-HKpkPt|s)2ZnT8AgT0-DRYJiuw5X;uXEwb-uyOX| z2420T_klQYD7QIq`35%^QXnM8KIx6B(yGr=1Z+#47elZ1Sse+)xFQj33+K~CRCmV; z!37M=T%t4>#^tU|4hyXK?JIWdK#vQ^!%b+xVFga8NBZ~pa3fPa^^eM;ttwtL4-}v+ zr+Y4Zwp~@7yA90lEGc_*QD2i~l3}-@WSy$hn==@?wHqHwHYugKnL3_{S|N=_BUN$| zv=(nHg0@m{)L`DBBpMyig;8qpYp!?h{Z3ZC?09-s-2Gkjn(E@5pawJ!ipAiYxgm`! zdxe+{+POoe${5wiIP&jAFPxB^yuu zQ_Ft9Rn{2HPz)`~6YSWi(XwlikQxd%mC^w;f-CN&zyLb+2UWIdf@xgLfzp!o+!?tn zIkTQxipc*jJ3H$``}}FFhONa?&Hsu@f#YTd<+77Ap0vMAp(v7t3VAuT9g+SV(v`iT z`+K>gcFR*M`sWVrN6+Kts5{#OTB}NZbtqnFQt3SN1JBwwC}ZP1%W{A3`>yD6B-MFv z=2t6RR(3GIvF&F>pn$yAF5#6(amNHrM88#lGQ+gQ=v+x%4%DZO(WL{TkB|*^Bf&>a zt?3`KQ|^?OAcnhvTGkHXlB9vA)80!cLCO{Dn)&Qhu9!ynbMmb;`b4<($zjp&-hRbf zU28*GfSmx%&ev)VnaI+8+xyIaC1*Pl7=A-VX}FD3j4WEke8IN@tG4%#%d((^#5Olq zE>&@mag)4L`GEN+mtKvyNdQt8wb*6iXYGK@r) z7|~PfqYCf_@TjC8C@I_!nR0eRwmahT*x$MjLO{A%T7(R@3t!L@`AdDlFCF_@+DX)p z=f-MxfVH=pbu!I~ZuVP>kg6iN*=}M6qx{2La|0+>nx&>h3;8P1k1m_^BoXBE`ehlf zTv_J`uyxO!CjgMe8sXTZ8h%p%_br}h_zj~YjJJHG(G!IA@+{*S9m!t7HfFzB$Cbo! zJtgq|!wPiH#N8l8b6#I^b4;=2LIDkT;?brFz9?UcMk49wY{YZO1s^jS=m;^W&hIZoH5~ z0Ss74s?1%yO?S^RmBTMh_gfqLr`d!h{eV_tcB77pq7jET=qJWg$z_*0$GiNGzzN0N z7gj|#+HH}?AVfM`yWKx27J)VxdwOB5* z$?-(o`tZXAtTJ~-7)B>rdOjdR$#@kc`p&2K2uO-BcNti56LxxeiicLFqx;69f?mGw z0g;-xYh?rQXZuU<=kn^HeV2G4g1z*X%hQ&(Zcr*1@)!p3%CXi)CJ|qI2 z@sU-VB=PSs6vz;(s^Iz%Cs^sBWzd2Hx&FtaGjE*&%+6D(Df%E4|BJCYrf;g+Q4ub; zvd}XZil105Bcn4Q9apC3imy?#nWG~nnSQq-Jnd?SBaHt{{ba2ZN}}WMU1AO$|;mV#Dyr}@_$!d5}DS`)2aGBrjrieh2ZOb!u{N{;2>bK-j-n&(QX(7BFIe4$RPN z{)S6ZKRx;Q>^`ryH);$g-)DkRab@T1bIuc)xP25p&Y*&iY^4t!|AAGG=M<7bm6h?L z=nl6e{`!MxwGQ6g`=Ku^M^i>@LJ-*(Eo>{e7J5NEZ&aXJSX7qTVCoR;RYegCePok@ zwwKMtnK}B{ZNonxF0&Z^mw0o`icc478U8S;=_pGJ z=SsmW{+e$H(^@1H>N)Iq-Or!sLxLN6J9KnU&R53@FKl=HE8UObrN! z;!N16G3k{?qIAUJhYJSGcp&AI;5)G`LrAoMX{nr=O!x}DltMrY&$ zw9vojWCY*6#+yetQbUT+Ic-&=+GnI7lg$mcX87&Xa^&EK>i4C}5PP4heZjAJ=ipx1 zl*87Ab!gXG1_m(9CAq>Lk*C;wn7ubidZ@H;$z+vCmg*vQCJ_?RdRx{_(u#DP4#1dD z_D(?gB1(D>DL3u|n&f$A`jk?-Ngmv$YUBBcF+2K$He>*ogTl)eb?muNzIfq4E72hp@oHzh6Bhy9_snuh#b<<=yby?7;UAzRP+DJ0f+D zd!Dx2CUnCZ?QkS3T@CzpBC&^GMz}R)ymkCYP8%|ku=)1p8wg@*f>OwtYg{o^_HChf zP;V?06ea}n%{9cKt3dakct8fUnAKlqRKjfJN z6|~|&RrstS4EMuIr<8o|@O{pV7!^Ayy`ZEeb`cRTgU#fKmqccWElE-wOycjVM5T zSZqtU2^~b959UP4rv^m{Qs2MMIqt4j?a8{3u4Gb~zDv-Z!NcBW-{HSz!8#pE94JG_ z#4FU8ni#XHf3)J3S{-C>O-5{Rv8U74U)==}lc%Ila?LJ6=-pJyYTd#h4A}=}V>>h> z3DbC(1{ivj=%q^0GrmGrHS*-F8k*045pl^p@L1jXA~~wAwvGFtl%4XYos0>_k3;t> zbMl2iumVI6qhc#07mGE(Q&A-Lj&B0>Vu1X1_G;I1%!I^>{bLH1Jw$#e<~8umrJ;3* zV%coI_J3EC8lV^2(o3xv4K6G^{3+Wq3u&la!y!90m7X8jVpw>eDl}ML7K>QUu&yL9 zataoG7h>Il4BSC|=wc1aczo34UHb-oe9f*J^)$!Ax|8u^AmB{ZHXomqI zMM9*)@2CG^78L|6ZZy39QpFv?$i*qm3&@F(jvU_6gJ6Rv?wf}#UGQW{#)|M0Pq1uG zlkWy;*gApd_VMxz9ep1*?YKLj)bv6knTIsW)bez_aC8dGbCuS}0K?;yxuTqF1RjF> zEosF!vU1gCpbnuGN(aUs;t^-;EVh4Sgw{pH3@|n~1dAx=aRI=gXl^P@fXSjxJzI}Yb_>a*tPsfpY{^J~#Ay~BHnf&OCev#dZ zp8Bm8V!vE6Pnbx(T;>hE$k-Q5LOH|6VBkKs-wbCb=0DU=Sk;f^*Cej$H7%)5D1niCSgK zp_tQMugEb3DS8rGQc4PYsq4%iXz|(527~HkGOKVzVZ>ldm**MEX4%zYd$@=^=_7F}2 z!Bp>XOwP}IW55+nf%&*gc^0?s$jo~emsIiP7LA5movdK;LI5iyCI-}@R{|2zVUcX( z(!rbU$Og^J{$MynIRpXQN)^(Hc;Pe^>azi?{Ty)2$`spIf|L$3tXCbQZ9g1EBF7ZY zQaA{=`9ZAv((}Saa=c z!hyf{=2onbfD*2og#SU(ub*(fxs?LWJ2=m!UFce1Yn#&2j3NN{!)C~wA@2oot?{_N zZpLPl8I$w`ZnhAK>pTj|c_64+F%VBsTRT+*E|1+Riv~ak#&0JUpTL=MbkQ_fED`xJ zbeNs^qFBv}S3dG2V88B-8Uj;S@wdh0@jHswKa#k*%UMhOL(_sk^OJ(dUP`AQnN^>~ zct&khZC3g>o=us|orTm>f~3?hne@y@fOtZb%+H;t$mzYw2>m6=>K11}qrvfe>(1ND z=l93XAE5-@S4T61)2q-13X+2Pz{Rfp$gp-cIcUYAabaRNZ8UW$ZfUKj^q?jsfOSv@ zOkG$&id^#yVr#A_7jvOsb&iLGz$TheJu-&>k~H_@YLj5Is-@untvbvGUa~~S+!mp9 zhKXhRF3*8wT|Qc|M1{>L@epy#RzBGNU$sB*J9udwJodSCTn%hDN!z%SmF}M+FHhui zZ$d&Xh@nqHsYF+uoqrzH7giEofW4TW!A77NuO)qgO1(Q7&@9WOfi6kgEgxN0Mj9EN zfi;Jvp)li%Jk#PTci>4;UwI7>X}n|~i+LusK9ctAlmkR4>V}vD4cMI*zeH1uu=ouG z{_ik}V@OJZI}QJs)>aSrlpe^nVoWw^gd@PVttsob14232;JVo0*7wyD-RP|*e*k z@3ltwh0B04J#5ImH*l3|K>kYU(+xoLCCqn+jaEsOb)?T zuIYhzdE-q0a`mA8)s>o_koVM%AK*?yQ%wkx!{IU8H29NTRps-5O^~3Zg)r^^%pY9? z2n;1DirqByJI|3f0jV3x?-8>LqN_A*EgO0*vLybZ6gDu1Xc>Az@0qpUA&_bHxJXhi zM!5gx%m3ITx7;w6$(EhXZ;X4mAO&A-7Rvtn8gE9~#G{iwetuV0vm>amdt}-}$;Byy z9w-e_roN>QRt(jXHMUkbT!)AtAjfkk65_92#6v>=n6%?2g znURzd{Uyb1E~HJdp3_wDUSCA6rKb6!+7cx>P2OY4rCV+!GaenmpAotxXia6NcI`l9 z5ehDU^mTOXjMF}u6vzi+4Z0}5CvmR#!6r3RoDFt56Z(QSvfujXpr8vhG7oC6NTh5k zVsH$)8WvnFN$#819Ko1B0gvGs1eJ0dJ%x!Pd*Ayzt{f5#^ueJb2SoS!_KlAWdg(An zAJ|Fl@SOV@@7X_;OPV^@>&mpBeR6 z_jFF;ehq6|9S=3%EntA(CwRitUSJoqa1W0mXA03 z8c)*;s9M`QTj)EoH)7D&b^$c{q@IM0U)X#D)-)eONPqPirI^+Ka63e|UjW&%T0`=#B)_5~)Oz3f~QbSszT zY-3^|)ff5Sr~kO)u4Mc&RKawkA4a5y`#8WrY_Kdh8Ic@Kn|@d&RK2yJc}x4XNjdhk z$EB#no4(dJnY72E{&?)6W^RFLM_Cr2og)Y|`>i2PNV+^GF{*l3tY6Yf?4+A_;JP9VUAc1mqg3>s)K`q zX;tc6Rqa9*x5QWyx@ei##LmJiKkewfSbSo^CQ%U}_CgW88x}#Kb2{K103RNlORBq( z*&FU{gn9#qH{*!OwZX0oPo|_%)W1;A*TlJ`em8En3O%o$rR)`3ozYdI(qv21V4_a3 z#4KCn#1wJYTR~?Q{Sw3r604)krBC*Esi4};!e*! z@B2c{Rz|NABIWTmXa3dlsaoNy%5Ewrn~7k}f|qH?vylF`QegM6u*9$EQ*C~MFCm92 z25BX^$#Z9O2ttI6CAluJcN&}3f|i;LxW|*RN%<76Hkn!MU6eBHNC}7Go>17cMOc&5?!?@N}QqLNpf@?0O0>K z;PFDKUNUeH%n^C9HbuLp)<$dS?66T(aD;ZQu4s%ii27 zPHr2P<_!#$;}*gV^PBH}((7$oCxn1MyssL{9UQ3JwL75w6Tg^9q155bjOEbrykxJV zY%%Q{@HS?-Ko#uq*hq&B32uGpGmWgHWW+=JJ@X*^UCO&l%~T53CNM9x3szW1HKQ%F zU4vj>cY&&p)%9G`CirOVV=PW9aW5MYk1``J(UVz~3>EKyf6Nd-CR7dnJ9%S23X!P| zxF@zMThx-CwUY_>n~X8JXC&I-PY9iNJTTgTFF$85H?H{)#AA;9U1FKB(s~as&0;1F z;?_@GenS;Txw3SuvzQh*J8VY2LX-xc@9Gv3E+EHiI2CZ%AaKz%L8e_q@8sr6&EDPb zjP&SuYe2k{Ap9Ac)Tv)iYbjZs1DfTc;URPX0B&|6r%5Z|k7%N0gYd=a-M(U|27%i* zCJCx z(2|Y3Op0mzGbGou29x&431|+8D62yZ+x+2uI%E4bm*73hHpX83*t{C);k-%fMh5R> z+CL;N2M?G*3QDG@Q5G{a$B<=jIT7V);&UI;-CmJ-F>oK5jnzzEJ`5J5H8wTZlAE5V zKo*-k;q@jMCWEgWt_RKFMt_QUI2jHa<e_! z;X<>Wr`K5)25Z2)0rRbIIW(`?4|pu++Li5n_dD5}KLk?FG*OSQ9ZEj+CTcB=A6t;q zf0zjC2?+86=Xt_LTq2@82m^@Yd#d~IQ^EF3vva1X{i=QV#3R_NBKpSD4akI!zvpZi z`BYjTRtlDbWu$h74_XIKmG=Jq_h+Fau1V0SSXUJNO zcUvh+6Gfv4NUFFoTg)of$|`B@${>2eg>tgyq~K^-ak{}|O}p>jDl z5NKYD9m&<|I&6yy^O}@IZKL2IDFj>BZ&ayr0+qJx;;-swDhK&;4y<($3JbAmcc|HR z7Oe&6BtadEqjg#sUBvUbmGmRMtlolglttr*mJmg+Np&*KsiTmaRk<7u#`t^?S;Tvc zdJs{BzDy59XRHj4@s@mOrbPUCgFbk6n)AEHT2W?he*XJ*F$p#o#^>CUyc5yzJK*!4&=-Wf&l%#TC>l?7kOi70%eJX zS{~N_mnELbHRkOPBrjsu%e}kdg|aYFr;K{?@;jbSZ=Ib9C9Fdx@E6s$VyPDyM)zxb z*AzM*A-Ii{`Edt)S>_3)b=%?rZhlT)q?z%y3$;3kN`FqhTn(`>!d!_dfz{qkr-UVd6U2BN zIiWQ(lDm}do~nQc4ydD-^Pr-8DRNP2dHthML^~S8v0O{AKG6}+A(mIR9npt#LzUyg z(d%Ga{D2*wKM2h(cllQUOZQY>I~%@Fb@z?m2XHecf*z&_u^7f@Qw>6$u!s=DQsT3O!vz^S*tpf}QuF(klt3MA)a3A9%u0{5 zUHCX>$AjrXHk>>f$8J#uX1mme%fgi3PeI+L zAnTNM;fNs5$W$1<YM&5qYeu)A$qdt*LJEzEn68S^#AI)tPQY5xr_Ro3KM_h4@5x0WuKuo zoB0&4Hl*F!lcDm|nikd(6$eU3PkyYEtTG_9;X-~CpncsM*2{BiLO~G`jDj_3dspV( zA4_i_u@=VO2Kyr?npU1VTsloYwj-@Rzwg=VN4#FP8U|tU3Y_mF?Mnm+= zvyIYCh;BKkST)1w`0gIIw0d)a{fTCy-zr^hhWR&O4n$q)GhwRXr^3xB@rD6=xxsAE zLctu=a_sT7Q({ROyz%i&Py6#y|KWFzZ<8|YUQS!u9M76IlvLd8fh>JzQBw`5-`0ekvRsdt>2Wtl$l$y zr`)(nwf;bh-Uk@iMu1~2Uf-6GU8YKm>k{{dj3Ww8uQTyvLmaSYEpH-}TUFFFU1~9u zX*23d+vf?%1Ib?GEH_>L9Nu2hIxSFwIFsfSR6QR9-`jzqFg^}IJ@+BPf6GkJT`)Lc zIO79Du520yf56NOy4i;=SiDaM9d97;;znJ_M7=|5a}jK~kOCIEG!iVLQ%js9MjCxH z$5Xzw0f=eDSkbGn1?Az&Ydw0FG7oIVxNG(_EflDz9P5zl)T-((ww6w{P<^t~XsaKj zfPP;T%)9OZ&weg7K5+&uK#$of zK8fHNz)hj|)U~@6?HXE5aOwUvS+@h}Ct8K@JrVjgc~gLPiLn5at?lh?Lct$~zE|n@ zPN$47fGu(xYVayVQ_Geu8K?hlOfdxWgoH_B96ER){Yls@&lZsD!^32#5wTDVcn(uP z;}nfVN96G!E2r}Gf99j{=#+01qrlu^L_Q>muUXJFKhVxifBP`_8uJRr1X4L zQ-oKLuOjB2+_c)mq^WD}Q^dPcJuDVC<4kIEl=F4kR9HT74d1~f<@aQs6ZU<`&@vZ| zpkgDGL{uXp5udyb4GRrTCNMw2GkY%vGRa) z&Beu+;9296<;T^ZJU8YDTn`eLfP?#}&%PA@dL~MQJ0!pK+rL_IpA(}+a4)5xivkWF z*Exz^MC9Y3g(}{&Iil$ttoSsWsseFX_I-vCmTndh%nq7?<9R#WM$RQgOxk2Dn^6U)CKlA zkVz)HqyBw`z~As_#$sxO>{{wYRV%s9jvcp)>2;kl9{)yt>#r*4EmPRR$RgFD(B};R z)Fpy5#QBf!M&YOD&K3tv)PTE5p<2@-c{q0xH-B9$Cv*q~i7)k)5llK)%Vd>rd~CAV zjFJl;-#t|419CjSZQe2IX?95zfLHv1`Qu7TZU!>Zj@n@9U5a3@GBS;b*L4?pmK}s% zAem6~@;dXJsKOcRuu1c;E_f^7V`%I_@v;9j@Y#dE95Jz>A`2LJ8{Xdr$G7X-@r%$hHwKQc~AT zq5-Rdb7#{aOqUyJ;m*Jbzj9t*$TCOalQP1`{mRYahZ19Sb@ArG>u@!fkZ$;(65;Z* z&c0hb>=UNg0y3hh*cH72`SfW#D`E<=|C;v#3*tqIRLz_ofy?c`5={`Z-;og2V4?q+T6hLtu2Dho4kpfdab9r7q*sR4d!Lzrv* zl-PwF>P(?@|w*DS@7$Xjey=DDrgVt6X9pSuU*g^1azB1YNE}$c2WAx)$?^Dc%+sX zZx!FriG}`s^=7kYDm`jcUzLfcg}6JUf@MBW=+_;vP$Z{j4&?{GuJhC4NJoxmBFsYcV57{daH$=5V?P8{1N0|U^6^p zm$_lhxo)+0tX->z7@nm!4@jfaURq;;7P<_vskQJpD>O>#(BFw);Vv(^b1Hq?Tpe*` zkG(HoiX3ELi3AN+1G;DgU^dA0K_VsN=5H^c425p<(UzQx>LA{lJ{?DB;4g9fc+Dsv zKpuwf89Ku-E?3|SdN*Y%wr`3{m-m+kb5ZCp6s4eQ!Jp#NRee({kXXa~Vm@0BVS&#)0V%beG25kjbLVZ zvBM49ITzfroJIdzXuTzxh_d9ir-Ri4PZ7f3Wb5zT;aNO@8b3K&v$8`3=wq?BG0_IkYGtDGdT3p?*CLgb`$n{%zS+GI#Z;{I&}E9{o+sQLStx z>^%H+@FF=!8#?Wg_F@49Zp@N2_SkVL{9DUV3Mg`O1^aq@ZA!l& zs?tr=Co<14{X8Y|3;jdR#%5d}Zt9x|4>FW+)@#n{U()>YB}tE$4;TEwCUY1rQWm3` zPa4I#vXj49)^s|>fY0?)Pjx-8if}v80=L<7AJ#COk>#~bub=iYD>drK(3?nJp(cK@ zOT2Bbg)JQz7_ydj?1-=#a3@Q?E;yjvI;6kUy%=G*wxm7I*)+7%a%EL5N(c`@-Wm$h z#~bBx)DMGxW$8mOC5Kqe*Nm~;)t4uGcq@lz?fJt3NT5x_kvKVi7PIj)a*Jfkdm%FKk6`7c zwcDvq(=jW*ybda@=}t%GUH7VKWAc(4P4#Z7wct_pvk2ZxErosamT$s}A?DY)B`;c6 zefsil!}7G&kj+N(fYF`4jyb)B8__gP#K;YKyY^FRQd#%ykB4}%e-d*9r{Zd8-6~9n zMK9^c-G3gEcj${4+8h>R159euTX+*VlnRL*P&f}C)Xgau#E5oX;ZEuS7xW;WCWEK) z^12_#W-2Mvpfo5#WHoJaze&;WGk^D9aFK|+634|BMnBs88PJG7+zmn9UGoR4Mk1Q| zEmBtpjX%I+5_icSMFJ02fwXI6fXf(_pg0pFu0s&OS6p8(!$7aW-wXe}8L* zmNiS+;j?AnH*UR%<|^O+sT@G0%K~0BHoBU%V=JwNkNmLa{)>u1vQFp3zL0Duf8dTz z22dHyxNWLh9U$I-_1{tb9!w*4_g$aA`M#xe!*4E1hkIFe(#_38G--k%>SNYdVtMR> zy_}}VW{?l2Sn9VGg?m8*2y-v2V7sduut$6UM)O+lrYqQbZL(2ks+@=s=j0ZE-HkJb-B4o$)wVA-RBGGop-G78>&+e2#jUSqvaW3F0T+{0Xt zF*J?^+CC1RW#}4xmol@-rmHtZ*o^!>1yT^o7FxP0sEWytP=-m1TN`j$#}Xly?cmeC^+f(1bDe_CZ>aBk4iBwGi0Wp zxjNp>*Vf6DpcV2Z9xE&oEXENe>=wt^EB^iR>K*;$LU^%IZ3t@9aS>p36=@hjZX;k1 z=|&^!u2y#+jNKBAWtUZxmVsCn9Mdf6-X4#37^mpel_E8;I77Z45qUWR+)L<1Hd)h+ zE8IkYjsv+tXJ|WCCY?bI=U^-oy|?^g3R85b1$TnS03=l=7DKkW{zT3@nQ&=~u$T_+ zgD<`?@#y8!U&gAzEDy;w++ZO>$5lrw{`oPF)@TLY2B?<<7db$eo12vXp>`#QV~i#O z^#NgcOR*G$VhpRFux9#cIM+FEOi=+&OR0|NfX2@oT28I;S}Tfj+u7v|iWveKZB<90 ztOG4yyU*kT4G*2Wg6+HTz~=1`0E+Bf^L43l8-EJ`B$2u;IhJ!Vk|rZmC!!*a{3kH` z_I)uZ-=JurAEO<({$G}H551^+jr=*^2eeLN-~I@EQk)yYEta+v>R<-&$irMHXYG%Xsk z;nP7XmmggsrK-_?_Lk0l>St!JA}gt}&ur)t)25&>FZ?g0;|kAr zUA1f2I!tDY=f`xBiilIhrLK^99H1M*Ht#H!r}9`k+UD}5lcNeDSJJtRXS`GlWrsH~ zvvZ7sK)OrWdA#J%`~IFmqkyPr56eXP9JM29vh=t`Oa<;QmE>5^I;&rOF=S@f&f&Zd zk38m-pU3;E^L zT3qO2>5@eJ*miHOZ4nk02a!(i2N*9}mpO;zxD`Jtmq(AIcKi^a;gm^z^n%yjE#~v< zP)Y&*c9}`7%e%`>wQ|>}vL%T1Bfqm=7v~L~U%@ht8*DSNr&rVmm*>sB$M)Wm^xD0E zlzYuEwVtf#63C{0z_k3}e(2M83T0p%BW5*+y`?O_acD3e*bez=+>DC=eBIBvrw`c% zonkFJ-}M<>{~f-MRVAj=7_9Y6u4uUQ!5nf;DeK7~L~2!4QM%+xjQU+OcSt2dRm=uv zMiwsg=;}mcwMB!rBx{TokY$DQ`oWmVb_X#-SZ*D2W2B|@OwnU0g0b}_j|m-2VjGp; zoVd;M6o~f(;f8h^X*2LNGnAw7$MvgVC<(d6dGU|Q0xeF_t&$AXi_2yb@|eoJAP@*~ zZLL0sm*%cj(<6Q)PkU*DCj zLO=)WFh`8*#ZpjbR24q4=ewLiqFBo zQbt}JoPBHx(V6HcRHk77O0Xe-7TnRvW*-%Ute|UTiS?(tPiYwlgb#P#Xpwml!-MNj z`Q42Xn>q$Quj2<2?WCyP!8sQFo?%R}%yth^fl6Yqk&7gv&#~8F@Wd-2WbKnc`f^Q% zBkTK0iZ!ooecY$06`JY5^eO*NF@ba3k1+ZvWBP&dO9r7)T_q^)*q31Hd#b}v^4&Rt z#@JJB}Km!-D#LeXMS zcYv9mWBh`j7bP>nXH`JM$LA`8Kc;;O-W{SntN6v@E^KQ*fXs~zqWPeHk+IN_E`H)F zuoPxhS$`tiFrl1)9mcv0!8%}Gm=zlso`gNZ1}0Db@I+ySoaJ&MwYF2`b*x`cHuq*(6$L;&_XQ-VooA+uP!A;UJK zWvlT_BC8l=4d+gPkI(DTy3y)&KU~pv+E^}SylnBKUFp2i=RVY*{qzTr6{@Lo%54af`pG2`Sd=5RZ3vD%lq>oELR&RFAJ_(2CW0LI5R zQ!waLNMg7w&ek59s_OQ1FOEhaHL8+okcXcDQkU0?P|eZ-tsa^NVjt+C2F3DIz@NH> zAkGl4FCF`WD(F0}tJVRr95Yh!ro5c($u}EyEm+66nfIdZrNQgde-D%xqql<^T;_n) zcCm}Xl3rf~lF?ZzEcw5nf~7v(=B-7oTG7HhQh9TdsDwIKtzEfWoF%Aa9~3L)yoxfP zVl&9COxF}ei&$3etWXL+IPQ3yWB5BI4#fOeWIA$bNcYn z<}?~7OIKhF=Exw)FJ}u8&(DF{mpdEi13>Qh^cB4qPJ%&#)$}u0+kEQ5l+%1h0{X6f zBc^n|0W+%F46qPWh-U20MQoh5!N@#WkD;sU{n;T5dEr$`aEu*Uz{9AA<+9TN7GImIuU4vZ}z( z1;Jr0adg4;i5FqtDxgQRd(Tz4y(I=w1hKr%qOY|{x}ie;f@s;1R#jtWH^ze)NM%BD z8ALS=PANswa=$HotI8ijg9dgynj(DMS)h~?oC$h3z@duU0g0b0nu)%AC{+J>&X}Y& z68bz#mlv1%)+z0p4X<7Mb26{b zV2M1pRq1q~8z2GgEcp@ z6R$GaX)7SuTNGuliHxzRz_!Cx;|n&unFt61bN(@&5lgxGa4)tns33hnSE%a`mHSLvKARDxz}AsQ;&bF4#z@l_8fIWGCFfsS7=&m{~yy}~y4N0q)idQ*m~?RDPGx8TR#lgp;K!F4@<^ zIQ@!_xE)2s{w>SPuB>u#7^bixA7z4O<%CTzaCK?NbZ--XoL&iW=j zm{UtpT*UaSyF*PZ$;&QJdt1G1-VmI!SjV8Oyg?qMOX=b&3EFaTz^&lNSdsTHK4v z`~-qss>XW2B8_Myk)mk?#E>M42=ZVIFwHDG+o1V}TQlvx$3qeN|K6+;ptr;*gbJMU=0n%LH{{Iy?%)n&m611YMu~GUvY6d(-jf!@Sd%orKsl62 zLB7e^Yymi#Kp%7ar!68e7!U~?NrP5Vu3{z+fu+;#@HSe;BMq<0}Ms9|OX(-0) z15XY5Z_$=Z)zxc8rhf81(pLpRsy>*VdP;&Nq6>vbyI-qWGZ;u3tPh&_N$PZ?{s4R7 zK?;DMU@ID@Qj5s+c0e=ZbYu$`Y8l1Ws7MlKC=|u6L;QTIzZ$j$} z-wk=q-WzFiNUBGW`$UT|Ia})OZKzajpveV>gMuA>Xd!QcwF@vO#bh&$!p7C~?j7{L zjL^+q!n2r9OD|H8LtL@lsrUF8M8N=|#mycMVZM^gxu~FBwYyLK2A4iSWg+KU7-GEI zJqc-QHahc3`F(oFzpwTbmUWM5YgOoBo3K2cE1=rMHDu>C%OPHRe`fp)l*l*f%z5e} zBg)dIqLno3?#P_^Y7tm^4mKBx|O+aUG_YoS<~5hx(}K!0KQd$S=O4-apHHkvSZdT8Pwf5Rd-zUv(7HgO zAx~{O)}!g2V(ggdvZKo&zVZ;FW`1q9!=yS=Ce+580{EZP`RrNrp73V^?TZwmB|Pn+ zC}9HHKG#92pyt~!G3lm1i7QK3sdxIyg)b2~4G)0Po&bO(ZE_XBX-Y^w{tYDBRaif8 zPsO$1C(uH=Sj4s?&3d?6A)yW*bde?ikQfylDPV`I-O_QwF4Mb(1#P387mTOU-Gj5jzenJ#0U~E>9+R$M+XL-j;2)#<|W&T z(FFp#U5I@OurmE3hF^N1RCJ(!Q7mbt^A$QNYK_r=QX5xgkDdE?___kNW>kIyWoo8A zv?K?=(Kr_FiVHsr1u)QRxKGuy9JL{I=2;d0NE`|8?c@BpGI}Px@totVLy-IYXq0mR zOIfGy3T{v-viL#3VtF6XOaQpwPHXRH#c4Y?ljX!zIgYB)B0zZOa}^n*DwD?^&(2JD5pQiJ1mJeCO+kWl8jkqZ|+MFSKKEOf5HigBSef;2rF z5&bHhNl8vX`07LhSGm5oUY%6qmN+aYl!$6XI4T##YQ& zEG(=i7fsS?W3&K^R0#cz+#Y}(Mwj^RAf`^(A_Ha=Fg)m+YloZ(z?1%DVtdYnxD+_T2}>>Xub`P6j} zzt95K-z)9OUE7v*8&MRJk~F_GNkzuMK(PH39ul5Z5CDrvJqMIrvCm298r%X4(gBBwBXO zovfNi#FWrhQt6Z9dJGs)9hgCkH>C~ynB0%$`Bp1VQ6t272^dv)+b5*(@$_5VEF&nR;R12Thr-P%!(_aSY6L4DC6hX+Z_qa<0 zf0Ap`<{Xuju`k`7UV^dJt-@Nft&R3_k`X@CkiD&fPTYMV>1FZqE;22tzPQ7+TyC7| zsws_BD~IE}Qam%M8yg`%R8qp9yt0?tVaknKF?JG&_*6djl?k|Ke#|9@ONglh(|0z& zo)Z3p_6T^#r!M`Sg~~;D{=&1CQ8Fw+kUmh*Goh3PIVdStbl4vy;NaoE%gQt%RJ?2) zK(8=1phjJj1h0G`8ix&AOCjaH(A4DZjD3>A3@)OzF%Y>jy9@MX;%UPlwasL5tN6Io zzNUY=QTWQ4K=5M|)xtgJ0M)epB_KgDTv=iBe$BS~?4`SyhBq;?3^O6)PM%o^47fJu zp|BLPPbjwCcp~~OF|Cw3oRjyi3xK0Gtn9C=eU|?p&pka|h`gt@V1g9VJK>Ua=RWD~ zBq}gUqmE)!Ug%>smXV=~zWpcWrLk_8bpOl|(zB3=i$d|+LTd^H@I5n*bNHBG|6;`g)$kVw(h4RBarpWNxn&oI@wcqZ z6sI9g23j3et-7IV3M+o?|6AY9fEPz`I5}Tl?ZH34mG;f6E$zygCnHUX;suwmPR47d z^wJ1o+8OLa05X$s;Fye0);fjXx#Z$~rMj)io!}y??HU5nX#mqZozmuii!KfIp1x

    oZp3_qNspLC*LkkAW+I^}nL@4eFUXa`V^1GaR4 zBcuJYH@_&jj0RaY?*QA(d80Ctde?Gxl$9@Y`}J2qc0hpuu01H{nPM7~Egv&W6XB8@H$am;Gn zBwXL@8BL|Z;jCV`q4i=wgViFq>Jq@g6w_MS+YpUOu*>B+ju? z@QEA4*8-9-Ob_oG2$K-4wOp{1LA_|%nhTRG`J0Wqg2<7i3X0>GVbw@(T)nQ@>h{eh zwsqL=6p{L+*=k+C+R=F@`TORl(O&vt56k6gRqSA8kAO8gKkmQGFAuKH?I__8u7N9o5^p zwvW#5wi>mmtZPm|+wmV00Kb;4eeJX%?(|C|Qq+A$a>d%(+2nn1bcf)ID##l@aTQ@j z&gEqcB8+IEPf>0v^umWjQ%I)dA<7DJEugr z#8XJohjlX_FJX;N>FhUREN86LFF97LD5`Lw{<=d9qxY7eX8AtGx{1@oIAMd-d3BPM zJ`~cyZ?EL1NiYAt$kkoFWDP42-T#rb!Tl4_w)$aVmfJsl?~1$BjW%$rzZl~5|Hdd{5Vk$kuREQYS+TtT=sP|cX0fPpi8Qn-_+hAEoAd9j`7opl@@3D%uxhA4Y_(UAH^P)};8(&0unKW- zp!!5zO^-~|a6Ok2?G%PY{w%zoJyT>hGnv!oQm;06&ZTR0O@3h3XJAX!sbGKKQ@@Ot z&C&Vbo5{#tOfuUlBin0kG+Q+t8$V2x*{20SXFz3URUZ%@^V(MTaQ%~Pf> z(lIMjbOo$PsGn)K&|^C8z#CFt-ol4GqG=cJrmYK>brk3?xJ;KcDnIQ@uUQK_;1Ap* z&J$0J57w)e4Rb^5ZA_Y_+3d%r&PgZ9Bob7R>#Pj^ZQc9L6TY^Xln5ThVIbjj~e*dpQErbOB{V)2ikL zaLRV5sw~!Wr2OWJR%^NT*sfY8M zEjyp&-Z`k#ty)Rh|B2tP2gKaK>L8;)uJ=TYAe6zkMi$`g4A*A?YnJA1S1UXS^+Z@t z<7W6bgt`Fcd8z#Ek<+4bg^pm(B`BVl90J%&!P<`KpHM8Qk+U?p8H4PGIk1#|mg0cg z!P|R$MR>xSq;ZOyDJQe|K5hl<#nlM9qPkkWU*PPfm<;@E6F9&zHe8|}LN2lS+JlSO>{n?ct z5+xD9N>(j42vChtGd`?ef{uMs2I(%l8&&iM6ah=*-+%DWK{=!R6F^wrR3hWJK^wQH zIEYX#KmiOzeUAtU5poBsvwCgJbi{l4Ut(v$*>#%DLb}rIwC`<8N1T?5;EYTt%tPAp zcklVw!rS;nNKWl?`fZa2r@$h&J^Hu>S81Mr2rI>vH&ov6mG{@xEv<1?tf|;gw(*WK z5Bf|sI-hX!y}<8~G$IOM~XujVNOiLT-52 zESkzI!UUZB*;U+_M*NENmsdT+bXgycp?y8mf8++1A{eHn3BNe79%UFCOT625WMe26 zq{c@Ze-{_Xl-Mbteu?Lxa*qQ=diIDGVFoFkX<9^YEw~Png5-nCHFR#I@Sk9nUoGoE zWc3bMgm-0&{ATA>SF~9(a_z`Lg>9B%|8ZZ&VQ4Av^+MwM<6NNJ=$KpF*a@rXDjKll_ zFxyg%H}8wP0ID?Sf~4Vin%w{R6zqsh!EI+#|n^LeJj1?OL*{cdBi^ zYhWH9wDOm=Soj%v7A;dSx-IaB%ySfIUs&quk@O*FT9!_BEPzT3FBupC)EfgimoM$Q zuNY9Kq$RL>wQS5lo)Csigm(EKxFgie7$?GB4#;^Tyv5RI(;V{%y1j*KdA3#QE9Jdl zuEQigzIhhF=P+k(aEYvjO-8w{xa-R{uMi}ab8D&}IQjqY-1n(i@=%;j=Zg?QSKm1$ z-67YIrL6qk8h5G-{~wy%sm-g1RPxF5M%~-ud3UzYZ<6!26@joIQ3VwPmfX^J?ZN_V zB^#77`gkh{3pq#2v@Z7ZJK2lt7Kvt!*r>Tz9!&K+*{UB^pP%e;r~ z-FqW|J$P2FKISsSHM4f#(5mxAD$x?F3*QL7m?=m^Uv?klmKrQzC)S8Jv9N!qsFd4< z+$cPrpHf90;?SGKcvoL%wz3FwnYF!mlXc08%ZpN)(}SEzUys)jxN7H5hN zt*gk_Lx(05?{bv*YpRl^tMS_*foq%N zarC-L@B(bkk!>if`&QY4)Z&S&azNB8LR-|{oe6TU{La!2fM-0Z`NC1?m%Y@M%N&b{@uO zX#g=T*TO^D9eQYbK&7>Yxm$AEW3dd*Q5aof{kNBx7%6iAF0cx(HXua@Zjii+Zk?#q zWdxUKGDyWA;|5NfT>kgd>BmioLSsYr-mP2`oi(_tjD>0XL;a=;2EpeI^vN{w&}Q|b zBe|SG%O*ngf-#JQWK}b!^zwK;OZ<0HxL3MbfQ{;f2Uj7Tm6OT-wnWWPi2K`RMWEpu z)FPuJOV`Fvk4AiLa}`oh4!T8quY_hA}iguv8U(TQfTW>s=2 z!dr&Y35uvi?sW1gN2Kh5JF=Qet3q{FtynF8yZH0O3NbF%!!)sKViBTp)Po$CNTyS!9zdN0ZFkrvAR4`Jc**VXDJJtMZV<9O2d9dG#sy$2))ZmzU`dhV@ zfR;+eHP`chKxf+;7|2Z8%VDfdaRz2&* zJ=${5bVq@;8uId%zfq6#6|&QRMh!L%>mT-QTtZ~wXZ=T~PVQD1Z^vIiz(6|@%MMDW z%%Sv430)d{QG!h^8GTa?ok(!kFiv5Ns@<%I75&%K=i*j*(cS__aRgedix*VIe}zer zr>x%b@D(>_``ssMB2~6xxJH%iDZ}^A2WZ{%Xd~wy4Gzm7%Bi4ZdQ;uJghDl39Av2@ zFrj~29zKksror0c=yaka?C`Hb#AHrkmTZHyzU8v<*O*{j7$Feyv>ryoD=ZOiCJ@QG zM2h+UhF_kNd55xLA*EskVf2=w)DymT-sq92Yaue?QDgV<%jtDl)zBr8I`**+sl3p) zCh*x^pn6S1R17{TOdVl&fM+A)7A!I6XxKwCM~(TY{vAjSw?zA?UYvQOKgt|y$si9+Lv3wFKqmZQD zVpUoVF?#3LYmmA1|IiV*ew7>vs(>{-)YJ|bZxw5UtAAw=l-_s6*_b-+xm8$Mli}%k z8Jufmd-M2Ej`Fe0)^rfc*EIuV#_91drcLQVT8Y+)ePOd%QuLQS$6cL&h9AbOmOPsklC~fS|*#*4lTz0AoXZ zn6EOW;DI2nizz4ZHU7f(B=_2677gazWz&WrYj4+U+-DoOYj@-3!SsoIHt6~Wri_J}pSV?K zoK5Xs1YIo+sJGwl$BE3#;lT)=OW3M@>rPZnl(^)FvwJP;)l4+_0`CP%4+q6PX>3j- zXXQ5QuYh8m&Mmu4n})EY5(|Ja;Z_=h!l3y3!%r&vchH`&*9dsL8!9G=kb`kJKo_1C ziG^q%VX6Ht>c+BAlT+hoA{};izc|p739I$Q+PKwtK|wuu2W*)P{F%V8sn}l^k!>~5 zcO;zO>=?AQ04LdHW`!6QZaD+kK7-$oCoj$>Q%*)((4odkejL7N^AcfQ2mIxc#1Sjf^ZSQ0NDzYkd z^xTRIoao7H90Fz-yP1vBh`Gz%4{oXZmIN`p-fuuFH^V3#+T9O?()|QjGiSF5si*Nc7^F2hMpRQ1FUdM zn6;+*=r!ltQwb2{a6y}gEkPY`#4(5#Q`a9~!zrT-Y!c~fT=oka_5wDmw~M@kVV&V&Smty>roVCln_GOv&Mk zsJG*_-o+1BuWlanr`0EpQb3m5jpAlsL0-6PCSZ4>)Bf*qVo&Lbz;hk*qbn0-DA&js zb*oY~i>*f9yp{^&u`H^lk~H=}LKer`=Ef_rM)5pXhcm_vW|PY~HJBwJ`g?+Tv8CBQ z+e-CzYG%5wg4e~O?Wu2Oxb2?s{k?2c?9)tv>E$>gx7KqZ%3;!#SeEzm?(~&OjZ$W5 z>I99P#Jn(|R1rJ}l_ZsXII!u{7qx)%bhEy&4h-&q05)3Z@p1g#R)SDDv!xv%Z6y8dPr5v zxN>@;iDlY^%(8ET^G@|M+4(H$&ETUaQYJCyoqJBt%J_zuPK)`X?Uzwf+@#+Rwswf(QS8l!{Ia zuNr;yD|_kX$PUW$ZlFYw>0&GzyRNqvVO?a!D8Ocf#zp)t<@F9h8jAa+48qp|Epkh| zPzkU_B0)Zap=k$@@dzIpJGr-})$W7@>Zii@-xI0Vr5pm46B3%I>%j=|08db zluO@8`lG-USRh!k4lD^=7_>4g*#u$6_|z1!w++6hT0i}(qYDI$(C#plQ5q?;tQ02j zondVHo;^e9aFVD?TDUpbcR>TS77{j$I(_7R?O-;A;!7mrMw>^=nuFbr5n9zs zd-{7{LLUJ=HWj9!b{C=QdQLB?^swQdEPNd+b|;KSnQaSwl9^-oLW^^4U{(y3XGe*B z<>t!UKv?$c#ZYM=a|=u}jtu3DCnr~^Zaj>>L%JwW3_mun+O|~~)Ij~6Xe^vrV4G;T zv8q(=Xznrl_1WlrAPGrJqN+ID?jg*lM+4o6LpkyX>7Zu_qP1Td_5{Jr=t@R{VF%&e zN-p*PL-t-veW(%~a{Fx7gA;yOeG?V+=4_8>0H=5iH#L+Lv?rQ2zv|%oA^9jGQE4!T znQLu<6{#M2>4*jEF;@wn=^)pgb9jOkAJLT$&mRZ~g&S>5p+AR=Ebq7DO_E4o9L9}! zS1vB^&`#qKy^MT}p~gK)IoMZkNAF10bp6}BmqRCf7ygK@cbr@Vz^a1&vJ45F=~DqqqG#>#Zqly1`1xQZVb z%2Z6%J5>!NF9PCg*j2o<>;o}?s~G|}5z76Z28)9| z01?TEJ=WMpwbe`iSQymLdJmA~$^6T6REl`R7&fJ&-?CZp;~pc?@|+_y@dQ|Vu`$?a zpXlQiv0nKIQTtNgxIxL-mN=f_dR$mq*M>xpLPBIAv=B{n{ywU(!%1t176W8iJ>8GC za><$#f^TRAZ4;+u|Czc4E29Lr4(3i^Zy6#LuQwp(o_5w!wHWcUAz@F_CZ7iT zc)l{zc;XpZIE!T9_q%uVdA|DB6C~`5TPfqEIR(cJ*-~V>`;m2c06}BfGEj|`dI$rq z9Gjh)bb>9gR0y^mhne_R+km*pgrOp4d(_#|h6Rj;MdQV2kE%fQ-2NYqz-meqHPd~y zmXXK<43f+MhS;$RZ}!Ms!W1%MKa!Hq=)PUlRG0#seRi23e0kHS)kc86B`0;`Gh5ZD z+YvY3Cyx#n&RKopZ&Z7=R&t|C3EPqgAzsW!kvKp>)9VG&1+_#8mD}iLiC%Q+wb5Me&HI?CE!L7H(TVDQxYs~!?3azN% zcF-OwWCI4(w(cFaJ-cI%w&nkRrxh+-R3;GgBKvAPF_cUL-^SNfyl~KWxLra;O z&Y)$$)Q%`%jx^`0*3rs?Dhx4S?-d0w%~~6tw8unBgTRYP#SdKqgag5b87meQavV8A zBvCE0MaXMl`wC-ptW3$&ZmD&n|K0zoI?H^pZ4PPNBFPL58&FSv-b$lFYaUK}>!Vq` zTD6uc;1VxZ=MsFsybj$jcYCv+?6@s2xIgB8PE@ud{2>&VSiTz6vswO^R-YC9SFe|6 zn%m~=L1NcJZQain$KtGQguepcgP$GF9s)FK^PKd`ZEPkaTNUV(Jj+;5-&j5r${st) zonFEGbw94$#TKx-JN#ar%H@ifZ*_?WqeBIt1c6AQt*lXMF#5>te_QtA%8Dcn$+UCI zd)d4Z7OKzgG>vV|O83t|lpXrbP?kzaR1&{V2~?Pq=$T5z&sbVNJNan3vxkIz{~QGp z`iE`w>`$pKJwbYOsA?z*2QKuUrB)H`2o>lasFnjUCT5s9j&D&b&oodCFAIkb8Vwkc ztW)(O;-x?#$juV7IuT(=<7*T)dEWqo@CdQQ>&3&PSL#wkB60p?_4?dLG42imLhr@U zj?La0E!pb+w%4l z<|E=eE`Yiwz%LSzlIIWWt|P0NF$CybPr$%!Sb##xE@C*EtQEkv)@^%{r2GZpvCFBp zX$?$Q??GdUtiY}HGKUnXN1P0^fX5KNv7FJJVGneO*i zpUVr79I^hXEJJ`{6=~1IVPpLHPA(*=#2P-I{1Pcd))j6U`#SBPH-0-itt_pmc{(kl z*dZ*;<8liZ2dU$X{pZsrcsKb<6~E--G9E;xpmu#JNr*-Y3oej8ovnln11sWw8Ko zLdNLS<4`>(cNK5d@%NqwXij(EyVvYMUj@98U^#uBd3Y9b!e|3}J&l4^EWr=1K8s-U(3GNuo>rd;!yhKO zj;mf${lvKIKg9@KEx+?7wZeTi@-6ZpXW6z0NCV=WuUpbdw)3fYsBphHhmp=`jv5f5&kg{L%nR$H%pBdt--k_6vpi?RcXgG-K)95s zhb?60wpuZ#tGACLa~U5lLN;yCqRK9#&^)S? z?85lUk@Zq~St>hgv@_8$=^G*$w29Q&?F_3KdnW>R-vY4U13%OZopLP40_vx@6EmV- zLs`&?s3q|NkARlXA9K~=ohiZl@@25oMjWgVjt$_IHKoS=Tn2a4J^$7Q7xig%z>%%AM&cZs z4q^dXLwMliFR2B=7;@dh%oqL?Xn;*zbh;rZI%Gyg%dlzogw0j?220TCPJ@d5>PdC_ zChJJG5TKoR`nnvte@_;ZfLRA&2OhH{UY+qWVhcJxn;4}MI$z8v3bzu3#rb`;k@z=S z(pQ7TeM#ZLdHZaM>XW&G+nHL6{|EmMkJ7!_t1;G8I_cVEY7x0t)qG_TMXxZkOP_&u zTy?JeS@gOzW8PecXqx_6*?U$gLkXYYH7*)GYuC4~Wq-6v>6bMNxcWY1XG|_qfxvP} zB~cbk>*yaty@R%$Nq;ZuJE&}Vj2etI!kGPnn(y+hWE)Ch?xar+ zn&w`P?F%n8`heNg0zTmIX+*!ODCZBpzkp9~*R02}hR#pe;40XFxSsx36z0g|Pb_xg zWs9Y|Kc;1ouxCQ$5Muji-5+Q#ZNo6~@k4R>^FJ_Zy1aE7lli2rCmJtjqiT_vT|q0n z9`z-n_i`z2Ohia-7sbSCHal<=DD_R0S7gcZ9<5f-h;m-Qzsq>=Ms%XOgzN>#0%qmo z9WmdC1E*cuk`)y(hkDFK3Nc^C+QZ!OjZMFgQX8#S9mX}a-ggOJo-ms<^o*xrjmV?+ zHMfqZdPP${VfR;Mi0g!U(M#CQE9>)a)n?D8twM(ay7JK!tLIDzvL3KrqJN;k(sNQq zIu?UjG=P@8RI5K5;NNG=^?&^NkRtDiK$mx}Ll&2LpdUvM+8ll{x&&pB(5=j-MN?By zp)C_9fder@Y2&~hpEp)^e&j#q`wed3e~Z8}dvdCgcx<1Mb^5aL?ct)vX74v%r!ATI zavl_7(!nJ9?fHODjD0wGL6GDnkvjQU=ctDRYC^P71bxD2TUX&$aivrWDTBr697V!? zKcE)^;}4a`q5Mf@Yq~C0aySVLU{k?PYH-6~!TWI?CLkQAK?vWe*vsnyd+|$!)Do4I zobt)`Q>ESi@#T#>K$mmI=?3e-jQCkdnvVvHYtGm?l@Iz#*%0q{>F6nL6CK0~@T$=W zpJA8dil*<+J46`@t)TvxE6w&v<8j)`-&n{?ibUQ7U5pN)A;d}{{dBTaovKSXT)tKC zaISCWI-{&uWx7e^76d43k+KS(%jBU?a9!U-^$iizohPYErW54)0ya=A-M>-w&5uJO zzu?oh^`48RCr4#}>LOIeBSu(?Yng9_k0F<{bay}0%GH<6DRQ~aoUdqpHetD8P!vkW zj~PZs{p2P%->7^LKd6MsVL#Z`IuIeAemkTtbK+a*Se~=s&Fdz*QxkdZIKJ19H0;rI z^SE^|Og{b4njx6D@p^Fg;8;C42*M*Jv8dsPV}=mKFF1#5a698x!|)y#Yy$E(Lcc6* z&X(`mder$T>bzJxuekAX*l$$&V&s|C@q)0UP-z%znC`vQ>B%81%7ldSQDnUa7u-=K zbU4aXoO%g~y79m;XyzBJ4XT7219s{o>h?6Kb5Ue83mgKf7JbqMud4wENxCzwnuG_@ zpk|-u4%s$IWiyi+GREX*C$`%Zz6Hnx)R(>t1=#S%RKe~{kF5xy;1uTdf~Bvc(gW_1 zwC4q*RFah+3317l;AXPWz}^3$LV*fr5&{t3e^s}Pi`oSF)G0zeBq~j?Js5U>aNhmx zR=UO}Z1SBG4pyR&;IYR&m3i+Ed_+!Sb1LQm*Y<8j#Snn=K@H!dZjL+7HoJ8V#$|59RQFQVEw=woXZojS!1vPf zFGqABTkJ{gFWdh}!J2Mv^4ts~`kg6ZMOJ$Ed;1WQ0PSyv zA2RVzA1AyQ37IZ-$wozweBX{ib-*Kmq?e&JzLioDt860-9M5N>ycTj0cjSH_S-*7qVL%wX7o#@>2sh zeuCHPAVUBK>bgNJC8OmtC_Lfam9Xvx$gL^n%mUya-!BeL&X*8`T@VYwMl^e7!*hvf zM9g$Uzik!x5u|8z({oR-v&p;UnIDt?0QN($dLZe0xbqCVu01d8`i8xA!-O(8}Q3c#_O8>_G!&kiZHsb*9XZ;yBXfj_TPBcBE1r|o0hg0 zIHfjT^4Q>m1tsa^Sifgd2=Z?s1o*dVjx~vaA_s$T=Qr{m2yhz*Ki+AZ48s6sbrr#% zN(Wpanj*0hlfWkF@&XMUD%jxh=g=ZjRbv$=XRa;x?*dp!y`T;taS@3S_Sc@#F1>kq*&CYE`rmb>;^HlL`VzO1eu2GUw&h;!6EzWg3t)@@Z>)ieZglCbMZsp;hs@ zWD8g-|6jnENzKLrHAI=t*p+-<`w2py(0=^w`b2c}!Spa3faf4n z);(Ful}Bh9hi8jdpO$UqehN3sTio&)j$@EU0zSv8niF9M?0?@;P-O`!fsE(soq|+) z^KpnyW@UT4^WF|PZRj~8-`%~@hRlY_&q)QEW_bVue+=O-+P{-1rp`OZcEx z`{612F8;5{_;X@OlA`(?c5&w^0F^^WtgxfAR{4i9uPr3SfNcG8A?N^w0`g*cZ71-oX;?&de~M z3B`+Q8mGKYbf#6Mqx(G)+5=&!v6goSBfMkPsW;j4J8Ne~d5jp`xO8CM5S8!%UA*9I zVLTBjPS8!}z&R!I<(^mRA+o&(kc_x(v!AQ9{m#S{XJJLOupZpcw#)Z+Ygg~WTJK@D z8ZAzKZmpHMnIuaXO*(DpUt^@T(NKeA2`&9Mq?DhmXF9{^cineBBbuGeHbF-PjU#YQ?HHuBkPJgoGPg%=ie`d^KLjo9O2=g$ClZvAOp zl0KE90?1VbaC#D9s5TQI{-Qm-7Htm$gbe1TknbU|arx;U5>JUsizZ} z3l1`h(8VX)cawL{G*k@|()&6Y43H{P*y%T=&I@JCSx%hTu@SzpLx3yCkS&U}NKbMQ zWQqIh`l8Z92}}c{cu8*+D%j$ja!dXEyGjTruDA z3p>}zpOj(H3w9Kmc~pXZfv5hK`gRa=r!PnDLwp}4p2U}9iZ;ZJZj5Kj3v7_=wWOdA0=reL5-OBSro` zf-BYiAmlH}lClqIe8 z6l}KVTIEd3YvZe%#x1cM#|_{aG+{!@mijmgXi`4@+wNruJ7%wya9RA$@5wq6QJ_6Y zo8C@APq4&$9O{0FWi7sNs1lO8(7n|N2+OeEP5(G1h!dCzs!=Eq10rI;_Y$t={~qq9W1wg&H-Uzqzrou3(#7?9J$ zj;j*=+b&OxEDNC2QN$7uQ30~#9ex)PHQAr<15yuX?1c;=j|T6mkehF(J;7uG=9VgEw5hk$$^sz6RCcC;V| z>ALoQ2fp2hFvPAfc4B6V4-{huMW`pM7@xaK@r_ZQT)wdRTZ2WP zbQa2!`)l6CcS5&na_c|0eJ}g8lr*j8>nB+O#*_mOhPzZ@yW`v?=wHfZJgw~p@;uig z;D7gSr|1iI=O!gY!^FbprCUgnsfm6-$5oKy-w^c7HVoEkF=Xz0Q;Z~JqAfYxHxW~w zSU18EHjiCd@B@B{l2a5Qg$#Q)SLx+V%^`l%f5LP#Lx5rPlKPC8H*nmLDGIA-SXpni-;Uxc?{8T-UsdB1k=s%0J@xk?@&Zx)<6x#x;`j9hmQIv}xsMyA#)UNz%;&fxcAa?eeN(DFP5#Qx8dQAcM4( zYj1{g*=c=YuzNQb*ghQp9Z&u~EAjY;!&S#d%ShPvg{|sFHo;MT&6$R{=o+ghYpf31 zJu7v-+BkK!{8UMnKMmDMPf~vMNhkcY4=+zmV!;1zf4-yO+x|Am9kY4-)RW~$B9>0} zqVJUtRH*D51sOcb$Acj=x3@BGVw0c)C-#da6=*XYA3J8nmNn5-iSw!IG#=l)dTskX50a? z*hK}tUfl$~_@dVohp57?&z4>kd=iKvP%h*3NRIln&sYriBK6`BSCFg! zy#Th&o5ahtuwb+NM0xuPFOS!F*P1L?qZ+}am}C%G9=K$AAF76C1R7{{gDmXp_+uqm z`V-3zr3X*GN^J79NLtY{&d!ebyl&KhGF!vhXn}`wXibYZOJR$*&n_ZeJqRg zX3KCrI2{Nt2JSrSizG6t#~kjUns3NL$cfCqeNO%RxxKA#YJa}q9n~4I^k#A0lgCY- z%Q&@aPp+=D_A%j4_&X}JUNivit$3xSm+8ZUaWOQ^a58=3HF$Xp3YwBJ(<*|WjW^q| zIOAiY*wcj$bNp^c#tfd$AXtN9y{_lv>z(f7p;EnwMpL+67fgh*4>J&S8)MqcmGTs& z#Hc+rS_xb{It@$xR$t%v3DNoXGk?X!9;?`F)u+0(rw%)AFx<9HBaQp3O&79$He%-# zy8i@_Oa!viOB&>w(}{mOOXd|qvWCx?;N9(xBazSdqN_W8)k$SJ5ps@y!Bp#lhO3Kv z9_D#U8^1c}O1GhNYSomiF;iCFn~Z;@Ey5MGZ$sXoRs#~4`1bQFl*qT{^k(B2}8VLdD?U|Jc_2L-YD7Yjx-? z3-u`k4{#I~D;lyhNzgr~Z1>$gilJm>qrpThnv%!U^t`RCqB|{Nu7R-Z_+x~J1}n1- zia~v;>k#%BVl*p;k(Jk)f7Yk>QYa8UCZy`vwLSwXrlV!Z%<#Td3H)>DsN~ zXvO^`v5SB*-tg4}sZq174N&KolL1wP9#gi_P*PczxD$q-Z(o+*_?4S7*cZsQ$m?ToSGE-7Y)>_M1N4Fs*wgO+8eo;{}!0F0mVvOb1(h`Ohaz{Tk_G%LrcgqGGS9vuYIK zPfSvYNX*4O?F9+Hb2*#iJ@B_bH^)E(3QFpr*~~vLQ_Q=X$8;O&w*qouRqFIlvpx*O zSJ%NeMH*^O&4tt0(8 zvO6b?ZoWK=0)lE>h?``w+fv24NSlDy71;~IS3Uu?9 zNGlUL{f1v^)D3^|fTA{TTD9s(Ac_Gx1w>NR)K-iq2fS)>HsNxvR0I-YJ=epkgo>QW zl~Te*k(rzv#*OY|ed`V7~fH!7OM&-I3fqnhX3evSOhZq#5W8X{U|~ zWkCc_1v}Hv9jj%%%Aqpm{*%@hg`|4V>?C@YTmE_wSuW1{bc1VlUgKS+ZG!KRXjWp| zfOAQ;*y#>N($dw%+{8mrEtu;s_nbJH!fh(x9#nHt(TtT|wIWE7iN^nvICDlwEks(! z{%%{Um=ecsCugRFH9&kpRByWroF&v%s3jPOfQaM_A~3arNIL})qffHaj9F%nj^(^g zmL28I6k`kvA7{s4x=IxZpw;2JjprZRK z&{D>wZdYIFl_RA)77(TeDxv#Y?VWANn#=hscQx;bY32v&e+IR8*6>xt3m^!3vw6ON zDbMZy-%Q*^;o)4h_G9mBt(1CSzf;w% zDAs_mf<%kbZ-a08vqQ=6wH28!^fAPe%9%7_G-lC26M3tj$biVa=U!Rx6cDzqEvf{k?vuNY2Juf1jQWm z?UWE&zqOgNbLQ_IiD?#dO$oesbEONQH+&r6~g zf@liS&<66?;LW+`Ph#o3v4X;LOZ5EPoN-;go{fUwzYaq#(+_b+vhxR0&mX4JB4kog z?PlIfYY{oAq%RyP|Eo}AVtu~Qr52V&OR}LPzPWn(B6gHi&ClA>Wck(={mlqN+$G(E z%6&9wG?F;}KY%BL@Df2{zQPmKk94KR^$CBkbfKPM0FD4;ERN$I@Khr!Bu@?x9W+U_ zNoRY+f%~djly|6vsJfS9Z@VQbt6zwDyiyxfkQ`_0_gZm}arxxd+4<8nkr{oO5lYTh zjtnKJS(zMXRB9qhuvhZN*^&3dnEoUzbUxjQUbvW>4}(Pkm(xG~3udayzjT@RfA z3#}mypbji)QUObJfy3jLdbW(}NgnkBLp(oy>)?EWz@LI5mw_2&-e_&4EiZlE964Tq z!jL)8je7S>?Xm+9CO7hPVC2%edG!4Qy@BQdxsOk&P%gjlj2t%UfCA+z0|Kq3_^O)R z>WG8oBI$qc^$6#BzYD2Qh|h_C@E8`6vBctb)kR>R#kT?LAt+tQfyFOE7QL7xPX%AK7Dj^&_jQ@wRHK_A$gE4o1NXRIKPpLUv_ky7#E@=O(A3rZ4LwBcdWa> z7T0>NP7}ok_NGOr=GmG8yRz_O>=-0u#`0jS?Q{GHY_XzN94WD?@)~?g3lP@69zgFD ze^2m1db|;sj!Ooq4i%{j8L&qBmOuS&#CN;HCJbH^C z-N@#M#`d!_|3N?aUmU3@apCT�O8dm$YC*ic3tZ=tYQ|45-r%p@4sd+(EtE3!`7x zlB_4X`UdKp=Y^FyE>dRUBl7ZetPYKDa7pZuncAnC4)A z7yej9@v&0j9znJ|tRsc9iTnRTt`lCJucq<7?`RH>eC1J??=9_CJEjKA3eu^{)*Q$M z6vkm946k&P{!62q5qQ_Z>c2=w0v5Swwi8s31p!Y_A@qrDY@;Jo&DZjFPr^1L( ziKcX;Y>HvL*@<{S;+OL4OxX99i#aI0)bBM4p(rrbXL)4DcMKN8fn)OQ5st}yO_wzJ|l%jX+4d3}7x*ayDno};>>+0b@u3Mh9O zqRo%0%^{l#bFm>eirx;M8b1 zl|hQ>Da2v$dA{qUh3ns6KYE+%Iap>sm)moJ#FXfU>R*lz(1cf_6XKp=m>w0R>676h zWqVR9>EQ&p#O90fQ(M>+%I#jxo`I$F7v1u4)ivB`Vl(N34zHe5e|PtFuAO=Dp=HD# zLt^{>jC~v7UQ|o530{lZc?DjfZ~=olT-fHne90~&j%V0N!r4SB4M1;$8l-OyvTpiH zsz=@^QKn9yUsqW}oaE6c3d~m{t!YY6+; zUL~&4-?yMiPIM^R^RcyGf^BQ=iiHs7(mFIdW&ly6NWBVZ%6;Qm#m)NBNB*60K!iX; z5<^gk%_w7JkTs?u!5RF6S9WM6kGHtDFQ?n@J+Z+kYV@~ZeirvvGU1=-^WP@|0knHE%(CdwgAm=fA%Rz%84lGKTya_)Pk4P8P~ z{a#2(-`Tr*CI~7}z3OZQ#tT_tmz~yhKz7mTU*}oQVS-#PyDV(N*%F4cA_};1Z#VW~ z`Zq&y8;_|jq;Ou5Qx)oYOE$4$b4E2@DT>fjNiYK~W=o0)=1!PmML0m+a3)IR{75$a zLRLbO7Y|azJ)`pU#A8C!yX5sEzp5p$ze^IAF~p#4+qzi%l!!b(EbSe19$D_K-reRCvxhq(Sc}}m0NDeXz1!$ zq*fZxBWuuG7wrf^lQDQl^RLYd!7@5`J)S>3+>Y`qsgDHgF7<6AedPD z&CZPW&M$i#Ff=^It=nVr02iUaXPxS5TE6oKy^+fDM5sWKOSnCvmgH3yv8z z66jS6uU!$1jdzg0`f`SKKW82m$7x$t>A^(wn`w0CW)@i&)VN zeRzjxZW^rW<8IvK%Y`9LvW^??4z<=ecd6Cj8byI^p#nz07r`NK7<3gsi;@7W+Ro6I zdV!quE$_BmtSI|E&b4b$YO94MPk;PrIrxa8CLwssK~C88>}- z4dRimHQ*gmn|y@}w;OpX6PW9780(F2(w^vg=TClPkZiPaP>!wT?gc%`9RY}Opa6&ZN>BJ zlke}S9Y2ttb+Uj*6-Thp)ECQgj}pb+=zk&5IXZYh-+G0XSZ2ha|8~*W`{}+B76;FL z#m$kVrcsx>R6hRAk$7k+t-D9Bko1A>$8&UZ05ODDRY-zKHxAEe@=-g);H^2TyN5KY zRw&&605xsWhh6!JWb1dWb%!T}t4lY6k>Ve{`5^Q>;VO^fxdsZx!9w82Dc<|=^V3Vc z+g8~pKMH}@!*^NY0nPy>d*+hgd?#vA!hQ1Z4c_>IsytSw>2I&pq3Z5JS$9g%OH(t zJ0Aa#9KD&7x_~ZD9p9ENxYaf760}#B#6_Pb6g;*7Wszus3AwQP#wmObLC-omsf3dQ z0IlyFMnS0_cD#c+t}YF95fX`^7`^C?c)SrtfLh0E-X+vAW$JE-*_I64z&jGd-1_RmLA@mk}K>O-j z82|;L9>c-%y!rKG!Ldc0WIW1+gL))+`R_C_gIAyA=FW!;PYR>o+f3J9qCk8Y#}C2K z!1y%mCWM#-j(!`p!aqxLT$Qz&ddOZPduNes$=tO=$KPu7|C}H9z|1ej6NX6nYQ^J_ zAg>=un@^t9BOyE`!`)BA-SCnP!<6sWs2?59$dHRNq47}#8D&g)7r{}NhlHpGi1uY= zk9ZP=lvthR-hIy668d^#d-iIH5eIT?#I~!ucIj%mT|qwjAvJ3(737cBXBEk4{>5og zRrQ9@f#U;``$%=lRr~J+AOuwG$LuSH^OBl_w3SCi+x2b-cXQSu;rs70XT?nkf6uc@ z$@pHgQKG12TAS=;N!~0CrJgR zbfAI*bwc_`a6)ak48GIwz1UUP>eI=^1O9hOG)5V>4)_{1j%VW!Uv;43CpX<6>Tzgg z!@SxU16K8-kYQjI;isj0gDy#kK-C~X>dH*czg02f6|r;py)Ciy94O*qUAUo0%?>P| z#58JRf0I!#fetHqa_}c6wM#*lweiqvlEcurrHJ*qwvlJ&GlSM-dVmO)nle#)$v^jV<+{jaIrPJuvzeRMMjwoHzt*&ff$<(qJ0*S}Ye;bMCS;LRug-n3L7q>Ojk^MNbgwynYykN)c zys{oHP}QoNR-Jz5cJ?@rP)OGrqN!DZ|5XtHaFT_ifndg6126;KRwB=Gk}rq?26i}7 z+cQ|jzTK2_^dYRxikkmnA%7agAP~MXA;cGl9Emrw3_yikj0cHh{vkUvBlMhY0&O;9 z-{0Bep0yJZru385yZuw+7~(__GZD0)8EGQ5qeYG%Eule>AYVLI_RgO6M~Z50)QVIc z(Winbo>uK;HDD8aWGH%gMxr3or$0yjMOm2+ZDcpY{fKv#OIz_Xkw1)xLQ0y5b?4c9 zwoZ3uRK5i$k!My@p2q1uLs!5Sw#KM`89&d)SwW&e2UG31CBeM5^f&sRvBNcUW85aI zsVF9HFV%gQI%>Ys{QLL-q7|#mSUZq}z4dkul0(^*FmxHq0JqB9Q(sdzne_Y~ks~hr zM|pQ01?plo0{6SgWB06sebtaJN=3G@B%iqFz~HoqV`O#>~kB8n7;Do1{0RVW1os)jWzawE5jj5hfeZLGb;lb3<;2 z58%+Fa@$!0cHMomfr`Z54z>liI)zFYO&E*5+)s^g!@13V0Y3w^op2`{scEdpB)dSK za`*$HOH@e=BCRKb+k5st!y#-77?lNG_==H@Jw*uz?rceI&5g zI@-(}!tCGTI>jW4>CV_clg-%@2wN9JDuQy6J$nHbw`?tr8KV(4Q{iz4VU=uZN|vxM zj*(22>>Mi+vvbWGuL3gtp0NEVsy?o@p6YJjyOGARW69mPcJlFz9#Bdfs3M>y-yK@i zsg<;YIVjG@a!JT*CN)@%!`#=xZ}n}sfBtkj7xtNpSg7R(T*9Ds7$b@=iYk=-B?; z%$?MULAeG#X{(;~_oh`!R(oF-{Z5ZO?v~yH{;Mzs+cKJcsNPq>s8TfWsg_q%(!V@Ejy>3ep{i0eN+lJ`n9s&uOg zLc7<%L`1GF0KW+pIU?aT1kJrpv>+%J6?u3$AO9C3sy%5)#{f=V$jHB$S)_kaLm$q(*$p)X&TrVNu zua&%%U7amE#XWpPkHc2$q62shT1)ehDh^C&a0~&iIt`!*C8f$ctEnof;JrmY@ws)ANdl!=KbpS zU*?P5>3jeroOnB9K~y_A#DH`(eux{H#PhD)=mZ-)IbXt9{645LHhnk^8EJ@RAE+zx zwWsPU8-0|zxr-sTI}71${XwGdaujS=)XmF>H|D)b>Lt(aWiK&{>5_mF_xKe--kQxW zIB31x`+|_o&a~i?NndbK&sQ{uC%l4ySYoFh+BllK}3 zeQxOTpY&M5D^@O*b#L!wgX#S`YB{)xP#T4$Q{D z8-GuCh_p#_uBoS-uAvyfplcN89-In95h3G;q_g|Mj1Kl0Rll!05H48}dKOr4N32?_ z)l^*WrItZ)2`$aIL_(9Io^-!y_tNWViEpx21muI`MabsYttN1mt>Yt)VMu!RU!Gf&AIYJ`w7CwRcA zSnh-GexFKBWjSkc2w^pkWG~4*novud2ng6WAdr0X~Z>;p?7_VX4G+B zcmUW;2xvlfBGKW@&ctPsn`oWeN2m8z9wo06gK}xY(c&aBJTW}$QWSo zRlvxbcTYZ>XZj3Mt1z?R&O87)Kx)3ykHid{mUi+h9IXYW?Z+3Thow!Dvjx1L455EIssI4=>rkn(r$=W6+0r7vgUkYG@bgCM$&smM5}!~GkD#;IwyKz$w%vx*As|M*CVk;eBR+j)F>Ex(dtZootyh- zfJi&Z!Z1|*P>|5uaTGAcW@V;58r80olY3%;a&MOd5gXSc$=g6JlSA+!ik1U_5OH~S zk{Yp~y4V|W}A7$M%hmKy@54)KrOhh@G)&*Z@wBJn>o$eM;tv+R1M z8-4BKvxyS~hON$&WCG`6H^->Mx_D+K5XR7eUo$3p1+XFgRl5Y3o!PwGqF%cyuQsD* ziN+r>4Cs}t_f~@lj~OBR)T!6aSXq9FSl@B;N(np z1XA9S5*OcN$Uven5-9ea8|d$*dZ8F?Q*%e2+Mu}t(hN!?NH43M_whRJz@Kj~%ztKM zpK8)DZVZO5AXnMU#^DY~AV#?&mJ(?$fe$O}o~i#i)JmWS{4>N}U-Q3$c0dy*mcEWy zZXl^r0s93FktxemdC%T~%BVN0LF)nS2pabXUFEa{k}+1da6^k_-sew>nDb=yw>C4> zQ8FJB^lGr&dY7&E?8MV6=n#1uiBt@#E3z95EC72M*Ash(bRQZ^S?2ir+DlF*j3?52 ze9wXpvc0KH!L(T)6Ppg!(Kx@aDws7CmhHT+zF7q;#Ij!Au`u0YVvb`C}h#6+D3_gu_JmR$Z?Y zZ^q(q?fP#?|Atd*t#Z? zY7)I%`Tnrw1^D>J=F`c*^mXHhsRow(+1+&0oLztY$5%b*0eC;D^3u+g03fDPNtt^M z6atmew%(>ls1i#+j2^!buQ)6tF0w7G7s7LHwXiR{#{S67Z_#aSQE=ajd)ihqH zo-C^t@o@0#bo;IzPI~`LSy514>peOVyRi!$5IbQrgYWMfvpWsV8k_AQg z2zGVZ_h1S6-8L)og06q;7?RC{;nnWGO=y^8`$iOpk7f;R9oe$JU65#EmOGMFCVX_k z4`btKi&-Bk-coO1DUrCSkO5{4?qFX`4iH34FvG&>pJg=<^@DIo8kN4)6vohKBjKo+ z-t;q0DW;krl)ng56GC?xi+5yS{2R9}rUk~f{KPx}BdAq+PXoL=rSDcmf#1>=B|Dw< zgTX62=o=KyiWLif;t?=hc@;X>(G_yJwge^+t4DA|SN4-aYWgL`qiPm2!%Z{s{;_=> z{#Ekn&%XqMUBkg;%**sJ{E;2r+9@sd;{zg!BaW z9>N+{#!?t)Y|w>EH1i6pu-N;xGMvXlFll`Czps@aYfNA-!wFu9bEP3(N653hU)F!% zK)%WwKNH{=oa@V$mW&mVM1~UWA}z~zmSm$&B;5}10;(_B+hxxPUGalBE_oas z&?;h?%DSI@z}O$9$Gh+^g=;I&8LeqY)!0k2(WosP+odh-BCU~o09(E^f01Di-vOEG zROSlA>!(EIVmfuAT@_Dk4S2XZQ|-HEQ!P?w#FmJUcdDxxsVd7nwNM7krn6&jvu?gk zV!c@;#QSSpx5OXlKX4HMXA+Q#t1TWYyTNvG4vQ^d!dc!sAPEtbpE9@vtf&qt1|dw$ zpi;|lf0SK4%2r@vl9Pmm*iQA3-{%)vZ0vy(dVtj*!-jw2Yn{A#58P@wiMh7^i!$>T zp}}+Jp}Vo=9et$)cP{u)m(&11jPQoZSWTUgeJqML|i`)6nY?LT%T^+HgO9M&->+L_ZoLNBHlA2Cvp%_aO&JD?i&$di%gU^OtUAZ?#`WGW+deO6u97OljmhAl$a3^*Y|q zjAPvl_;g~0oDjgy!2vGc*93;1DxHGyJbGqf!lG3di2|kq>onoji&RZbrS`-8ZI&r@ zDs-b5sPNa8;i>#085oRR4r+BgfM>do2InRCU*?lLz_p8}D&P9l6!_-9FH|y7A#8B< z_Mk`zy@u1P+L{dVd*W0qT!w4`M&Nm!x9qO%Ho&0zVC3vV)jxp3L7xdE}*)4ERQ_Uc_``1>;u74gd`o^~3z zY}>%LL)rCeuOtP~BT1MWl1VZ@;VU)n651EHUHQYTzg7}b5w0gp#I6aRkk~8F!)mZF z!Fz&*^ti*xPLy*z9GpsT0u3k{yLh0%@A90GZz<5lV#Y={UKZXE-)X88PcLa4&Do<_ zx91B)?eS`1s;@o%QNy@7;^o^9n5S&@8YHIkR!`R%tC+3;bf9*tN=~u{OVQUZANtVH zX^fsJ-q}sV+h+fMFrFacLIzEONarFo0~xHPcQS{zXK2F!WzgRQS|Pj`J|$B)Wl z71t{f)n?_*f1y11%#p&+=OOa%cpf!cNsKl@;P4MWRtP)3IN(|xYxXtlB;5Q#qzh^y z4k}2&sXwtw@qd3(_RDzTFgyVz6q7Dx^2BA19tTQ-oAfoBFwI+}gkUhq*P(fNhUi-b z?ed7E#ob6p5k^-3r3fu+ovhAGimw#9fNHe&;hyQjfSgbcOU*DAX9>1^-VS!E#BQy| zGrM>#Oq9SfJ#_eOLYmrS6-SJaHEGAT*R1#Lx6|vkU*6G?w2uzsF@tMQ32K3_1olr z)=OIStq~WEJPQpY^;Q(8!8BfZzJgQZziM*+WWjZ^z_?6Ya1MnW@Q*qmGw=*%%#Z-X z37cQoQ7PY}TG3UJKo}AS%YsV38aYqbx+T3x4g^AIc~swP;8BdIONzFR&R9$6w8nBF zNE2onh!Hx*iEGxiY((ZBw=9_~HUj>Jr}j$(HSI|Uji)-QM|a3z$0;!$84Ervg55YM zY#Gi`1g;5DD1<38_w>Q!ea6>+_a-6ubWSO2;qzYSo~{=K2{%-a0t-Lt-)0I-PB2aEBfXiisd9;LQfld=vV zMCw;ORUgJ#+@Q8sQpN)+!S-Ez4xtK3PS5ow=;jMmGr2FC@CPj>P2PUL`>$4*Uc_yl z8wkCW!X#rY&ETE~@TR8_)Se+c*WW^%XCae`u#XK$I21Nq*x1vnto28eHRfno#L@iJ zP!wv$7~)If8RWHo4k4o;RgH=2REgpZf+Dqa^04)`E-2aU>5&PoWfmNCoz+?jEwntR zzozdCZe;gNa105W*Ju;zy_TktZ&Q=?Q4>!Nn`1J{c4a%q2pzC4!$Xu$B9z;ONU9bU zf4T}zCsQJi6rL~dlt+C*z~GIADV0*sfU-&%fR`76F8FGzB*t8a^Yy#z6&&6Rf8zwA z>m~Kge};XkR__-iO{xz8xp&nT(W zHKJ*Zt!E30=kSW5p{^-(;k)#dn784*>7f?vKPG6pIte-w@bbkvA(`zfm$HVof7#Cu zBIJzTOn*7p!n@(DcLo4t@7R$U*ZB8~E0M)d7bY@DdDYRj#7F;pb4vhU#O2l0&UZY} zS@a;T2=audt0o~O`Lhdq4;wGEoVt}&xzM?11>n|VO<30!nm8?Kv-8f}8b6J!?mo5x zU?$TTWG!9XXeaqHwaz3UKZ|-%9Nt!Y+4K!96<$)u57l`;Oz`%~tihXDl4$wm?(z3a zgfHB-f5S56LCS*DybSeVCPjL*tge%kLBrufOTgb^aSC+t!fIvkNehR#81STYfVqfm zy%R_5(Hx{AODY9TpRb=O*onFTEkf!YJ%7Q5q*>PJKVYK9M6NdA6vH>p$$3+L>=HP> zO_*#x`>b#DdZ2gL=Om!iUTLg}{d!|2*C+!_ut-OcaN~FhZ5;j4J%~~30lK&$fM66a zk)giE)g$_X&xb-&UZl7s9Y(as7e0AZ_I(vv$n7FSjMIBmByX~u<5^Scz<|@^WKuz z$mPVu+xh+6 z8#N}<2YJqL3jd3>d63zU-_F=`;UQla+Y3MNvLF=+%V|CvfgcLbC4Snd6j8`(t%iR{ z-<_-LdO$&^FVlg)sv0HKpvm0K&r{#tN`lQ~+X@sf;~eD%aIZ>jW-uSMucfMkvCgM3i^<4Uv^F)Sy`%XKMh60B2JY2Q7SsA)h`3ZkW_<xihlcXb!bOf!sDm7a6?l^qYHY8JU6u`G)yRwXOdD6CGz1(0 z&fg~`q-XwK@!WX$!V`Q=@s6*e5}nwc`$gk|NLcnr?k~#MDdz})%WrGRo2hr>wYugY zA4D)wmdncf43FZ6)YVYWv7y4Y5&QcZiux%V(aZgJd<`zAq!Tdtl-WFVMv;o_d1h>+ z%iXw^kQjoNNbzFp1JT+7izlPX?BO>~^OULuULY2$lgxxIZX3EtA7x^YiJ4;ji*n#f zBoB3YLW9E@ADD&}p2ysZB<;ILO|0!JZJInO;@>MLCh=56eRe$NZOdbMO_w`!^4wW1 zJ1occuAjL3nY%ur=n|i06b47e^jtMMtby`ooyn(9^EZ`Pr|S@95WaL!+ptAo)PW{< zk=yrqv<&jL0&Ci_5yk+&ZFm>QI42Ey>ImH5A&OP)?0EuthNHAh?}>T2e42(6pq$aJ zO^0{go^4I8eZ?UAHY&gnd7Emk7SLVKiVR3yer%j4F%5eF%KtnQ9ObcK#K`+GA0Wzr*-Y1H6%2jH+ip);{b>lRMP_b`0nf@|Q+w*jvAgt7t@ zip$jR5}}W$b>Z&S7<;5|-Gj)wTXK78BoGX~A0wV-Sqm#ow!j`Sp*|9YsnWge1n^!U zcDPDW%YP=Z4irR9>U7U~YYezN@h3ldXJ*gS<2n#kf>$Kv!IjnS=w&A8!Wvq3Mmk+d zfDk(|4r@r1?SB9QFc@s324Y!w4Sdy~Lg%6+J0wMno`tZ(lgu!>bRL202B_yGTfjeS1NpW;kaVWGWz4)pr0*OS4#_s;q37A za(DOBbJyH^{)%Ix;~}-g*d-g>X=+##PJ@hItOiU4>V^mZ&EUpPCptEuNIlgf8z$c2 znQ9+7-QHs1DT!w-4_sR1zYVoWr(L^cX2Pa z=rMMmwB?prLHsi}6B0L$$ArHZsLam~Bvg)vZ-&ilGm|%-UUMTVBaLXYBJZ3kc|)DD zXOBbne*$t-C4=n%`|K5&_Gu*>^1ho1mApMaxkt=^>2DSDUQwCt7ChUEE1(k7j3 z(J4iox_O>CCV)^>-*-Y~)RtIoKp4zW;ja>#@~I~=N>kNRsGgL*eI@qoej*ZuBPdRM zIya^JS2RA!1x_`K9*X}CA|4{S#lhciwm!xkZCwDHeS4^vcA1>FSpb1gzzXCUX&Im% zvxMVU^st5+PV3;jno2%l9bEHdD?^x??`J}Pg z^zNksRAO6|HwIEmPrwLhGyZW)Vy?EvE*e>M>QcmZR~w zMR*PXB-5Zo)9s5}X$TAD|6BvF#@MPmU(O}}k%GxcH(_;f1xM5EU?6+=6{Vj?U2-aj z3e-1bH+xCf3KqUqT{mnP9aiR-*@Vlpv1~ik7(G8w6L3tBwaL1R+f{KH1{<^c1BIuY z!0A`{MHi8*Ts|6{gK7gvYEw5mBV{Ocanujt&#{Apl_O6f&3mZW1o3-t>Z|@S(Y2bx zn>Fs!@olXn(NKJn^=rQgttnQ{T}~emBlrFt?)M7>rp0eS(hrum7#dzF`Ik0^4kN?? z_p;^t{#Hjd;aw;7@fuzJm}^tN;nt+@&YVCQ-9wrvBSo5vWsVz%ZcMcOdbx`-nVZRS zxx?rlmbgHYOw zt^9e=*jc#abZD6MxWi1bk4YxP=TJQ$>TPCF1tL?`ps=Bs`K?IOOwK?L^~j{8i^s;^ zC=?9V?R1zRq~;)A{#ZWus>su=;fwQ4vtWfSH06-vq0w^GA;k7yK$_rk1n_onsI8_9 z|86GCPLFqUXooG@!yVEfjr-|h=WxT4i^WnHCq(1$?}@D66u458?;T^Cbf3!{&qS%i z)5l(ztFpNkE-2OZv2dYRV1py}iJNlq^r3A7HaI?&re*oQTG{*Rh#<^R##m?u-sUMo zpP^LIOx@UjCc-@uInTtOVaRCpO-R~qFqdn1Da==kS;lH( zwv8mRxHg~`t|Ks+H*+XEry0d|3z)YzE@Ci67!5lrijn?PC$QPnNzfHwBt$+&h&s`u zpwt_vF{ERbs>|4ZmFE-0t)_yeEM(^ra=U&fcE#wQ(LNj&{ts8b z6yf0*4i5jVf{}%nMsVl!-40_^+e{jh9^n5*{!SRx&b#i z>=$#2A$JjHs%j~!Ux*)3#`r&7S+uHefYR74YLRntvNb0K>4o`m)EHAa04D}wx4&EN~*&XjUq5O zbH=*xr;94+HTf6DS@;Y2U&}gQ7a3~00lm)m&CG_~66P)g8b+Gn?P!Opx#u_k!9PKB zinf7d7oqG7zc=|U9!CRy!>uu>90WQ!{Br|Ll?;+(K zuPfgXk34^i*M?KSt-;~WSVVi>{)-b`8!J*~xV$A>x^_9Ffib1+evH%|llc|=dV{(!&0a_P0O86BL#X_w+<#4PE$l%Ft7h?ly)5+6Ou=I62`M>DUVWd8K_3`Q6Sg_9&QBtOP zB`@%RTzm3u_{{V&myPIB-pz6xOztvmKIm&6W|UVc98t&g+%C0;`WqZi(ReRxhIc{p z;$%Ouj>h&6jfqn*n;GZUp9)R}QNTSEL%4PaJRTO8-uiU}xA#Hs5^bN9%Wi2Zf(rD& zwxllax1?5pUVw>3&AchwbUhizWZo>T6}>ina8f}O5O_5x(2!yjuW6o(2PD{i*9192 z{?3sHk<-e1H(MPYd3KNR!SyF#exvP{kxrEvzB*xdY84MMsYg_O8)7y5X}CwVgbkY0 z2+KcIEPqJ-QLXLT2x$BsTI*V<7D%x{|189RP3f_G}roS4JyTFjbwr$n|!d<{V((%V(?oz`u=!umw zSp*VlLUJ|48Gg#t77}rU29av*)z>dp%26Cpi{krkv_pJ zYJX~+&c;fK;AeJrHpYGH%rkfJvmQDO`8L)kNcQ5Ave`+e3;mhZf_7U9cbJa|ok|a6 zZ7lY-&XBxE(+Cac+{$WPBC0ORuT$kz%T@@c2Ew-A1-kIBsae0qimT+B@m z!Pf+vPB}X+at@(@#(GDf=wB?e#68&`)a43=FR{{!hH?Y70&<>OvjgZrP!=}`g+pJ2 z9ctsg9bG1`+zM8%C^m!}&N|XnjXgDn0PXFuRD;bUyvj94N4cKU+6^@BGDgpv8ZC3!R`g%a2;&ATP|&*GFIgcC_SfZZvB0&sCvUu z)~L5mw%yEr2A@TrIVDuDGY_h$%0nfdhdl+=&3u#LR6u)k-$D#xgj$RvYhY)IXjlOV z?zpWRp#xfZ_FoHq<5ehprP!naUcb_YFA)e^O8x_6tPeEXxMIAmVg7UR@BhO3J+DPm zJgpnadnT%vU()vQsi}Q#Z^R*2Y~d31&B!i(7LGe?5HDwVt73h+UO*DEl`g#Y*lUy{ zFptqxDOqoKuSdszrs51L(Li6ztO@BYj0gJhPk-zU5RxDBUJSXi*JmW|bHUjZCDL-x z03b@8uQr}4)^?NNGAF<(-6DTc4KPErRv6_9u9ZhKAt1wAXZ`0a@BEZe3s({iz~7(7 zdIE6$k50N-?H$FNq7};)JaCZ6l3Vw9b`=%>`Pj@EOzDyc%im;+N8Y=Jl#av*rg0%6 z+nDHm9D+d03mF06hlYgP%YGh>kr+!D8&_g0X}~X`kETu&V*&$#FB2UJ@-cWb7YQVI zD~i>;V!Q`Vh>+Hug4TcrNxG{2N>-^r?7|<$NUc2UM47LnOWc%r-3FUBjz?8hYYnSd zqU4n5PFWtrSWS9|MOQQ*O`ZM;jDKVP2p403V8zT_AkHs~3Z_TW-rDNu$EnZ<_@A>Z zh-Bv#{MVQ=T1)8wjeKJp?caVC?{J&Zro9ud$JQsJTXOyitbm#Zeoasu&XkimeOZG< zrLWF*lXD5i&|dF4`E$R5+&#Dgm1D)-v{F`SY_a~6dmmmF(ggp15l74c^w>Qg73F-U(SZ=6M&KVsSG{ja(n|{s@aLe&=bmIGKbXB!!O8siN;wmtbAF$3y=aa( z*BX=g9^8VGE)IVta45U>2iC@IfVbC@60%iMs$tbD_ImR}9~-A<1C=X&+iSPL5j0jy zUh3*E4xsT5n-*4azk<#F%>^HuCR>bP92>6P27aK#eIMkr;G#Mco>im?)_BZfMq(x} zyruKpC03?yP)GuX<5I`R_7vGcy^EGNa*qrD9PJp;rei$Jg(5|~A?V2(@r z;@T{D*rKs9iQnVA+KSWc6-B!%h%iySWgEMC|U$s%j%kJsw_$7&vu_N=PF-ma`bAIHadiG)m z8X`PPa5SJR8zY&bvL2)Lt+Nhtu;L7dI+pmMKJVGL5mFnc>LWajdbtJWc}*PE9p0_! zGU-3-bu01k!=y^@F9~dnpe6OUb_4b@VlWE{h?O<^xSg{Nb)1P)f&eq zTA&agW1BVKUy9VuGk97Af*(6dyzi98klg-LRMvYf-1oyhbb6KWd{U-@@yKw02ube_ z?i%mVGk+-*qVN^p-n(C!40NjfaUoAZ0sSWbFAWWC7owZ@hX6Zka|Nnyh4>yPZD_E9T zIw0Wx>Lsa^2V)5U05FgK#}uLlQ3(JT6anJz{{Zq|-x9D$3JN+m1Mq)s01yq${{z30 B|Ahbm literal 0 HcmV?d00001 diff --git a/tests/compatimage2.img.xz b/tests/compatimage2.img.xz new file mode 100644 index 0000000000000000000000000000000000000000..ceaeafceb8d5ba4e2e9164e693a5130824eede42 GIT binary patch literal 66356 zcmV(xKvH(MR~g-V6Q@k(#Z2B zp{MsOVr~!*V%Pt^Fz*Ns+1ZQ_Ib1=1?jz=^vo}$W-;60IPBfRRbV!tFg#?_0JZEFkhm12+v=vx zsr&DhI{Kb83&GUSqL-~;@LQLNBS!^_i+8cH+L!;fYvz7 zemq^=dVgoC6bB_YVswV7A5byMHIzv)F@gNApI%ebm^QU(8N1R$A&(0RqH*P{h2_mN3l{ek3d`6CAgS087wx@=mRdk}9YWVW1{TDe4T z(tgU*(bqI_rsI_OT^GLv`bqLu)~Yk^mggog(@qQ_uwti~5_em0)G1c~1^C zZPI7c>z;6442I;h4t+;an=#VYlJ<&GD_O(8a|&ko72MDl_tAh!^<)e77;(Ko;yhid z*}T!G1;`E0vnO|@0V6%;t|sK^8z;*5;YP2Q@%5Nfm~DL4?tkXifbH8f@xDFn#fw~y ze06@23G*pBi;;wa_KgpwG#QqaDS{Fq_|7=jbY4Hd)5nEQ-w<&sh+MbMWYO9h@G@4n zmCB_DbAWo%7DF+0b>2kKLIg&l3L+OXjP;v$m7khDUUeV#vLt-h{oBLkmPPf9f9-5% zgKUzN3@&c+tB0@+>@LFsT>4Pn&=f28Z8q$50v$&8kRfFY%W;|n@mj$skS1!bS*-I) zA2P=b!JW-J(|SH0*Y+KrdN5!hp!sKVMU(dsOEGV=;H8aZt}d)@WjBR)j7>{FA$8m$j!a^o|@GUp|F|Ej20u1@mk~ThKgg27_5q=(a>RHGp z+mSB`92?39+b24>$W$^vQT(fhyj1<@4(@5cTjy^yaf3yV^+79|FHNhGnqQi;5KJ(7 z6v^?U;puS8_oEk4uoH%Tb!pf_jGMNdVG3i4hyRxsP9YvzPoQ1<519bG+SWJSe zkul8X?;D`XYLw*Qo%!dPs(89U3LT z@V5`W#zy?WFK5-~zqqpgE2o$o>m5t@xRI|F9efh2heMu5_}!78yT^-skOUjhGTJoK zh|-uvhw+GiQq@6s+Bz^C*TB&U`psv zR14{{h8|F)w59<*b2HeX=}G+2;b!rR-oU;cdCW6@tSHoRTHE2~U05oV>{6p`I8>}< zPVEz#M*t=@;E>8-Ez!|@x}WFLO}q$uKxQI)9M(#@V&`nx!`GUHuc|X# zgq?bxNly~g3$7BI!H->GJH2K5fXon_d;$&2nIky-5K3P#g{Jte{QT-&di!~>z0ZO=S-M! zIAM&Do9QR~2>j5siOP48OPlkLaEDUp0dv_T3mD3&Y;^aX-$rn@knIomB!3=RquJW8 zAmN%FBjPx}NtXj5>Lf%euLiX@i7;SjfF4p-AT8ZAdOgmz{)L9zA#oPGP%}aj6JNAY zde_fZlnm1d|A8~N9khM{WvX2rf`$>WlmuNlxBb6G$=hM0zh0c+U+9=sIu*(tLnjnJ zOr{4NhfnmohCdkQfSyA>pct|%`lU8*a0MAz9J$4n42;xSQewUbl#WBQ;4cU9sLfO4f+T+)F>zwawJJ*s6Fim}ce&3t@BUv6UQf6@ z;f;{f*adc^v`u#QUOhJR6>EzYv@R{6*j`__N2gP(4Lgw|g!-khL7txWH!V<-KM2v? z(&yeobja{wX@XqbeJUGr%P&@I-h{u0)v?`GP1_-4yi2a9+E0U2E0o|3OGQix_W3Vu zz-SkHG1q9PdZKQRXWyXeTKR3cjuV+YUBUuNv6MgscQw76{Ma`xy|=)Rq^-dqn0S}u z7t&>}k{={Ix6d6fL%~J*IQxOftE>7DPvtOm0eU7N`5XO1MY}hoN-)em)9GWNf>WrE zy?WH2Q=VU1G%2C?XgNa?LM{5AE4@=8EODk7swPI7W?W@uH4bZsz6*oK>P)$<+ay;b zz?HMneS9=X;3UcQGs)9dfYqMqXd~qXZo(^*A-|{^U;%`r7iImO``AO+1Ve#lXP9W@ zS6E~W)NQX2n5$Lybf^PfpMJob^EPh}oxkr>N+p)}SRgyfSD785RJ>A>fP>Z(paMp( z(h)6}MXNWDuPrc2gOc_?Q_0q#5%zeF-u@1n+1*BI#**sLcl$I~_b5o(6Zz=^wmfPz zjQYU*NvOHf)N8|P5SO2anDDDLWAss?{Xj!0%1sK-bx1^TamhQABwT?WBOn(T&WuT>_lKu6W!sa^_{)6^!Ypl&Q-}Vj3;XVS@y=exi;-Vwytjkt?t> zpqIYbgUu;H0J<4lWT->0g!D2Fx!bC>qEv2j!m#VzVoQ-Sq)}Ckbi|P$hjFz!fgP$Y ze=-d+8P@x3ui}q>CEqcb6(0z8`m7lobontIAdxNV^z4P!17h+pCBP5Ny?6qZ z!}z$x2#y_sA^X7%l%e6VU^lGUnsmiMHc%Vd~`LaKN*w+~J>5d&I7uRiAnWcm=_ zdn?&df!L%Liy13#nLu|dkEgFql+3yYqO^Gd!cmRb| zv(Ssa0PpxK7PQ0k;QVgt*Gzdway+`K;(SVl=Etb1JoB+K9l^o}zTV?tC0t>XHYeAT zKKN9UszQIK+>vskMx31k+F!UXd@3pwyy+5KC9Q^rIVX1kUI9P-ZCk$gQ8 zQr*kL->m`SWTmHgj{VM5wh|GQZ!`Y(^yXK+u3@u>@S0D(6T@7$6%n2#H>Hv2#S{cj z#hQ4_X<7iUSBCAJ$|8sR>Z;wsW~lMo$QMWKSR3nyH(kP+F5NUhM{s+irQUo(U}oOm z1Z51jAzGDbm5g%G(MR)QDf}y;NXZrF@hQf;jP2Eszwk1-Y!bqZfXNm8H8x(FHkW1X z08J9kc~R%b1;U~E@`eJ!)_qEDRgE=Wlik_>*D1gkS!FkmPU1;D9h)x)igK-#mdN5I zu+$kV)@91qkp|+?mG3Fjed6fS(Zw=WZdl+@@%BzaBeZ7vOX+113)`YQGPbx$oiuZj z)V$6#KLEAcly)hDckx{hvGmjCKV|qTbfZqWn-iZr&i-1S5Svc|3Z#~{lkusKbTajJ z#T+259R++9z_EJShDLvM$VbG(mvK}c5H zN2h1tYN{kepGOCtHKJh#kgt)U6|MX;fAjN@zRl$h11fO**kg`)B!$V{w035! zyU$`pkSTg#+U3}d=Ch&0xtxPqdpOYv21@=Yb|E@5w$(BtgywkFMYj!>uA0j;w%>o- z9fQ=>j+!s(PiZFd&5C`SM1qUq)+Am6O|cA8T;0C%`BjIMi+7y8AAD+*8^C-_CZZ$S zB>4=0{c-bp=f?RgPzM4XnM%_JKZ2WKy-7{Y_pq$=m|^$U2sIXfneOZtsvLc4_Y z62W9~DCjhtRwAuRoc%+hsED9-cSlI8Ha1^lT&~>^k74JL4(*yLStUZBDW}t0IC&NX zV>=tM%MnffRd0O_QQgZaPi8jq6loPE^XCp{fawjjK0q*5Izge8)M z($m5SavB?M<e4Z?iE$iEwzdnPrB`eYK6(vwA1%O;*fMMT--SKXDC}oRGBl#&N@x}rea|Rfu zNO}d+yP}8z7yjqr65aMo-LX9KOzq+Ch5%X`T&Th#elThb&o*Hmg~+GGNb{B!HM{2p@0SnbOpOz>5#waZha=qpPY z>{7b%p$t&}5)@78+nE&7>W_5y_7tC1>3jhRPWE$G`|nqU@8KOZes>?QB+U4g%EdB< z^)&N$Lp;qembUF1xcL5x3|_icFd!_ZM%rD0{0jt&`fO4IQv@BV2F zJLHqd=&z-LZCULh1kM1g1>&mevCWg&j9c_N4M;hiEY&jFfROuDCWuY6D5L zOw7#BO5a&)H|w}?=Kt(1`TwoX5Amjcsc#({Qe?WDP@ybkE!3N>pYj=xGjhIPt3hQD zg6osgZ6?8>Nl(Pj@%ykm3ezs~%P56!%zzlXKr4JfSQ+(NBEKtWkf);$DI>ZK&SfkK zjxlBhNv6^+@PbK5$gsH(>=BM(!0_je73(^=<>^O1RvX#%m zNr&FCzo)wtdOrSu#hoN4R_hprM&IKNPi9McE|kr9^2@sn&Av>7G_}1-%-l`{@d(ir zhW5>H3M%iNSt}ahg4_Le0ij(5jOcP|S^$3@n$-bQP(Z=cTUi3?EYc%*1I_@9^0!AT zr#LYuLY;PhELFI$TFu@_oDb|yc=KK}Z-Q#^_2 z%%i3ujqLu2JVg28z2Hp_BYYcj5uL_ZoO2mA(D8%RRP&M?g3YCHaQ3>3{C+kR`*cC#W*gbCzJ;b z4iX#s3y@JZtIl@}sWMV`KI)zA3X+1KW%ElxojrhR)@<3Za&7f54U}czFNh0v2I&>b zW~Q51HWAEVSu0Z3_L5&~Np}Z;V6VxKU-1f`3@7x#&tsW%0uf>hzlZ&)CAr8u1;2-A z!G{F93|)t{ENSS1`EIOv=@JwQ(fkOT6eliI;)SR=f$4VUI(uhcXC}SGDreX6jxIn7 z8CT+_*lnM6CfqwG3DtkA`JV72A?EHOQ|@zcOyvoHmVCR(Yr{_R;RQ1-k}~r0;02{# zN*n}Keb(*+InuauCg+=y!*Kc5D)Z{yd`Joo+<(He;byjQ~Q5I+3h-hHkUNNF@CAu3{@5Q8KaQ$HAGhw1I$7HXf=NPYT z%m!%cFSZKebmWkc|hEsbQp2?>!M30;LVANR2K;IxHjY8*(; z2jRw%ZycnjBGQ9>;1dWt{|6B# z^e{r_sZ~rx7zLX1+*R=2`MP%(_igdRdcU^53Rl5ijWZ)! z-a)+=QBwi+vT_|Bd0%W*p7UYPo>~Wz6W8DSR4|I6j$%lFhKwi=SMwMl#IANzJrQek z%TClwVQT_@AcobHR)zL;ViADpRP+%itMw2csWjPKNSMBN?C0PthXe31I0$*s2H2l@ zaq#^@b_H0tezT$+&-dgAHd&4aZ>U^)(Uca*9iZ2=Q0}$LNoXgZiCLEtzdZGbYS#e& zKBoJsbY=dqQkT4j=j~Uow9XEK655vFqrf|JBvYg_(D8-)hMJ~2w@W=_-QGV=L^wUX zdzMofqt{5=lAagZgYo^2#%CBjspMd5VH-MLw$7Fb+C;rP?F6}LAY;Tm73OFAGJA+WtKsCBlB3k?}1CX+^|jH;}5mVzCW+ zA?Sw;V0jDmXkX}X>=BvoJU?GU=y_Vj`dzZ%Z;e8P0$P=b1KJzRoMp+$OhNu7yPz`2 z^=>%g{IoECkMBq0i65TL5!=IsefKJ1ivUo#t30=b$CR(r5u+;DtDmEfWoc>MY$TV3wO5XGg9sb zE;B5OIZ|MTK#001K}TwQYdW&TR893O&n8$Od_$h*zTfFu&*sfC;nua$ zfUZxh@xg-^iaY~}f75A7t@>+s>JkUvb!Ii4OesNoFmhTJfUkSr?aW>1M`oXmkDsAm zQ8DT0oE;{O2nikq%S(dKy+F3bsnJ}Pu_OGPN7v=@_J73#k~u6wH;O7d8|wLKNy1nS z!GK(UglK4A0TiE;!2Zh-NmTMKvNUpwzSw&N9R4xb15FJY~Uwfyz~= zwQaetTkeH1=@;Z7h8B+&Jf?p`4-E_L@gYP1kEW$=>i3oRIlOw%=1HejmeJO$!;bb) znSq69V%}ymZ$|nw-ZiDI)Fm`x|G5fubP-kZW!xk@);*#HFQw99pHoy3cpKQc4)>@w*n!r-n?4yL9$1a`K@!xg z(Y`b8RH^l8;yW$KaTSO!@)b0CliGZP6<{3&_Gmr7)L93Ueac0o{GJwP=SD9yd^xWn zrUYky!+)ZPQos?f)N+`_Spc&$Zl+&&Zvvs zKC25I*$$7pf=ud52fJoa3%}U(%uU@{b)Xxi`sjxKyGDXagnG9LWTrl1aoL0nC9gEq zt2%)C`XfpCheVel%5iz~Fgn7vv~d%zbPH=Om!OCmH1~oFm>WV!!Ie)iP*oCUk54)T zSAp7jq!^GBQ5nvxtPk)7bFbS|KHRGP*M6iqo^lX*K4zgb?Fubxzrlw4T~8b{N*&T~(!F z{7*WKMXHWK5Ax6~zRQp;YwMir@^HBe*%Jm#O?>y>LoV4-{w4R+_)M-*c)?t}#QBcm zWI4uJ)V(Tjrb`wLm62#HMzWJGvb|#E2(yBFWwBDSSi18CYu842mTuad4)G#29jj#K zNnb&qm)z_m?JmWO(}T6#N0^a~QMBd+-Shf@-vfRUoNEfBM=2SIr=)TX&W^H!s{Cz| z5fP*c|KxzV(f6pNBwmeZe}7bBq^B_%__4NPvBSEbomgZ7C6C+;@g=#2%@d91*=B@l zz2pep^@QA77`8spet;{AOkgY)jR$5U6Q(fD!Ckfb$+}_D=3AMM4Xe@@4Ptzd1O@0h zX{_)*o7z(`{S#c06ZgX2ORRYE$%efIqWTjavhM&aHa$-OAB4_vAjC(vQ{|3m7O z{6HdRqzhozt#ff%TFe03CkK=|Dml|Ok@{bcNo{b8%%e(zS}^wWy#V75Q_w+G<~>Y< zkzf0Zv?;Ee($SyxH|VzlA1iU_@yOI%)8|qW{Tk{`aEu?Crrg57#~PCi9*4wef=%)p zh$Pik@q%WH9w?B;mz#4~OgacGNbevAcR9}7`|Hd8q9IpTKSwwfd!cP*>Xr-WF3)L_ zU3rCaYnhzkHQ-#x*WkA{e`k`|Ec(&*^#f?67flfmVAJkM8TOO-86N__a%_d@%k!5*5M6G2d&DsH;l=`YrbR-vVv}v z0K7va@o+VsrIi{50uk_U95w&?`X30?q2wbbmBv3++hvC#6ke@N)=#=ObjrDC?I`*j7$Ot#`9=< zgp)g)g2eAHJim@?czB5uFep|!d4>p7OIO-AW8q}5?+9HVNF*sBIlIBHxZ&Pu*x~vy zdi}X~LBQb1uODk9LLLtV1ricI6WFVFLw;g`Xvo#lbdFAv+D#~Rb;YaK>;%VxTYjCj zcFuE;XWQ!Y*EWKX+G3!1Um2%IZ8mkBrSKERC*sXw@xEkKJyosW`wtmvF4PQ4AgP!J z+6Mr@eyJf=O|c!l(m*|(Co-zK2(z-Ggf;g}QF$+7mLtzhRk>F+AN_B{B;SVgdgwfkz;qzv}hU zDCcu@h9V$8hzA9;xc+jhZLrzl7!-M2fk4oir_F^n@#h2;W^W;jI;7)DaE6x_%=8!+ zZ>Ww36)akc_q=LCXklZ&lZk+t0CfKFpkFB&jY@kDQY}Jq2LpkGPpzT2>*7Fveol-% zOl;tEXQp>ehF^|9iROl*DA&3pOg`=&5U1mSs!~^JFtD_M*IWO_vJXY?_K+%<_V9!VzXbc(qAi_({@cw4J27H#=`J|v?KFXp)ow0~ z;KOGsujh`#ZAXRq2}q%$4Vqsd!eYFMp5+|6mWH&-gqHC>XM+@=q)Jm@&~PJJhg}hy z$kksvhxI%w4L9AM?`WQH)YdVIhw-CGy);!Ukli3R>$_hDjvXkhwjj*JC3yr&IrU`9 z*kc1999hd5Gbd|iTd7C7-4kvJQN9vIps~k@xHA~d8@@^a<6~l|43bbUY4E^p4JULqQo8ZRWf(;ui9y+gS5DJ1lcwTc9#MU(BR)s zn#-Xus6=*?d9H8jj~d*8;%&4%uJ#tACk@51{PcX&>5`Txu#h4Mftlir5ti5KFEjb! z%VpbIr2M`#Q8ai*c>s5fz(kOvs~Gf>gLI|fT2<`yuKravJI)~-d~>PmOx=6>C(6#j z!d4F_*^|SIw->G~78k$dQAIkhH^?XaA>|v0=K_#3T`sv=^+IVTl`&kc^bKt$Ha^cw)9-Bt;E7cTISn&{N0+K zN{>dlIsrN6lys57=gmuO{)>Y>|DV$F#$``JB|?7W&uB@{7B)bBtO8o<`V!AT^=;!j z0j52JQ-(>=%MfZ=U*>O$`VKCzL_X7idjLj130Hn5+s4oB6?;NQ0m!R0?6Lysqru=6 zY{2(dC9ER}ViwU{kVB&N z`kTR0-q8Fo)_zM*E?*8jd~fod;n)hq)DOzh`H!lt4R|xohEtt7!hLNJ zuUlU%HJ~Oa9QHD}S%rW6%Zcmnzr}|Yl6`Xn*zx|nGJ5~4BU%*-G{dN}pS6n3)_9!U z>%fBp@%w7Ya567=uS}!e9UGc8=U^c5q&v(D6D~KbY~H~j#=K@#$j^JHU!#T~@j0Fu zPPcMi>_@igvHOt6vTawj>u^lo!y5VQwW8RVGt7IyGW2PZF&M2vdg+%zF`44;P%5O} z5enPdcHmC~_2FoVDdvKPSkN$dDWK^Lm)Mgbq@_B%@2SEzzR)UF7^R}4jx~EK10KOW zqD^@a70r5vM1M+$nnCRpTshUjVlDw(%r#2GeI}Sqyk;p#SXXi*n^#-CBu$C?kVBn> z3VR)TSTa_mG?w7sc04_~3O5u6_I7~|93G7ihhd57!MLtUe5S4XyzECc4W_3i0qCE$ z9TyT-afJJJX%gJe91u1x4CI=#u&S6kBI@Q%X3j7bxpIxRGRR?eAF7NnLldPeu{z~+ z5Dy`mpLl=;=FYSouTJbAYu|6Lnu<$JB&dxxjvkcMK)N2e5jHmci%8qFA(&$cw5~fX z2h7eUAsev9|32uxOO1X@YX82Ek zn>@yfi^k{;TE;#+vG@^4_h)RrftGdyz6oQVfTW;Qu=?#b6k0_yMnz~}vv|d{$L9I> zwy?cKx|S72vcFS;y?#}EyNl@-qYFo`>nMx*{@?%l3coL54uC&l$qIKS;Jw^41NKJB zRkyiv_aPd~6)2_@&i*}G7>1;IpYgOV$OqoUXHeZV7Ll(*K)irl)6tC&NFuo)Ez8wk z{8h5ZT+iE+Q=U775!|IcuOhw(j3*?754TkCC=s<321!a9l+*%)@IL^sh2(T4rm}oN zf$0uKw*Ag-Y^)2K6XAq%4&au^ec!5O(#>fyOO#Px$N&`f=qhDz2#E6NR8X?wwG&0z zdVEB64tXbnrO$5ktRe~Wxh)TOaL&Bvl(syN;jGFv{NEPuO}A01)#K&;^1Mpax#F9U z4%TJ7VExiAD$uIZzVP!5$9%@E#H7I0mPS?M%G7i} z0Q0p9Ekk!~_R+Hlj>u3DQJyw6>^#TkHA2-P9TbDJYKeJtnmI8x+cU>s5VMPpwF87i zU=!d`5j?==MSmB#q;rvT2Q(B@04^+2Plz=YP+p`p@%GMcuDdpg@%7>HVhx#3;4DP#>G<({~=emjS?-U^>v@&sZ z&)dcGr9=lQGINT!!2n3DSznn@Oe6YtJ-I~f#r!(3i z|8)?m%{$+Sc(u>qJlgJ`E#AfawvS0k)5Z5!Qy>u9T?+hba?U9&`9Rna^q_)>WzPn8 zwIajbA)BCB;FYA1_gtY%sQO`uj#k>4szeq-@@S+QQ#2SVps6_A2MqJGsCiTiLT9RZ z6{k~)X_Vk2j5T1?Uh4Di+vDajfF`d@p5I0t3+HjY!rEt&icSUPO;pil(p_ODDjN=W zi!V3!$VT1!?Kz7rOVMN8_pvgpF(keD#{u0?+1%KAYL&o&q>kYTI2nhqy#_K`g_nmm zd$%cKNLbEY2QePAF^)mNXbw6!Q`e7uZ1O3^O$J%Qd7D6WD)NaV@Tl0x_BrReYch~y z^7?lA4Wv#QzEZyt&H)Ov1dSl?jKqdDGknCY{{+ueB(^wkX%^!VLXPLnsBPgZrkts3QA$L>sN!T!nu}ZNF9UiUL#jShh;CkCOjv8hX)XNLJW3 z-i%puZ8We~>Tpdiijka_TTUp@EPt(>Q61R1Pzt9;bCv#mxoo66WixS811t4-AY24u z43(TK5zYK9;A(XlA7Aw}w|&G{EBz?1`q(S0K0R?suJfMNi5P)WYP6Wq%ZyVqRqlJULi# zDL8^Ji`u`W*$d`@9$LUy$Gnzdc`<(PF92Cn|RB}3Ti9#)7zZzZs`TV zD-7{8tRjZp923ix<}&(Jo0u?(cnEtZ0V3gy%1WiR%kU^_*MKr*wJG+H{D3|l!<`^5 zBYFet?>!mpwVY96RMRoM>aNRTvmM`YkWwPdz0X&n8zDksWN7L(6b|uEUGutg!*%ci zXzLofv~XtF?81dhr^L_}b7wchZoImj72$S!Pe{;0vuOe&IvgvsEPK!OevR|lVy%9D znJLAQ&i`@>nY{U{lR*UQ5J)FF9B-QKvB(}l>VnRugSgJ>Q7+U#PS15$iXtoH>U+f} zq3IX>*ymG`v`hWoy0fy#{E^ubzI^%SnB`Mu>I-9cY=0fL1ubI@ejT8Yg-}YweU~>H z(ECxD#!-@pc6XuWWuzty9eT#0&&mU{$S350L72H%Y?GAU8;nY{v`%bmaG7FfV59F~ zjrSsNFwG=sPdeyi+v0SXmfec-X^H!~!1E6%S=a-(v84AiwCLQ!k`S6Bq~mjC{yz$T zU58C#zvGF8@F<{5fXS&uJr`vNflcbG$$gr>UI;jW5-Jr7{XbWLl$k|Z105i2?~0R% zrgOenep%Q9canT$iqxnr_Nczk4s;Vh24wh@YJ7L{d)e=Kxt8s5*f9Z$NelH$3Z zR9?=h56}?jr|Mo&9{0kEr&;Ecj&TYg&OXRqIa^-zclc1>g-5GAL5wE&m+I#vaOLi$ zrMJO*4BdbG81tVY>%kTBr>RIYf%V?+w>BnchTlACz$pk}(Yj4EUL!>O9sT5X)uOzn zn00J9m-#tNt=bjI+PMiyt}jn8oDcMo@4!6M0VUT8R@g?}0?#rW03NbDW`TgzR*C#R zuN1v^<;%ZUfOhc_;@=gw3%HlnY_Mq&jedM-0Bbr>cs;Q6XOeBJb!WUb8H zqe2YBzC<67m@aTZ3OJ)W5*b!z6aqGCe2J&7Lnh#te;y`64HV-hnkVK7TZ#{KkF7g6 zr(B1{M8D!^vr#WoF@Fo;C)Y{dAeCD)yFgufgHwB7K?ehdXctY1)0UGd;<*I@;J8WB zIJ|TtviBV)XnZ15XJ`b%Dv51N1m=o_WUV3m;C`EYA9@-K#2sFkJp>%5vVT#&>*4tm z{)Z#%aQ{Jt`lbV?kq99aR&%}OhhYLr!p!fACY|)v`85n0v;V#WL1fh*2Ej3TFD*dE zQjUZg&&SH=v^+0UqTz{rfleqo&@W)yNIp#!mF4pdu7^b!^`x4(ITJ!}0Ro&u6mX42 z9vdUq2#vH?)-@AC*tdXfSGth155-7)DjX>#dQlpeRSe5r{SC!<*V^2F9$k2ZU9%YG z_OqcsSajVzU{MEUe6G~&+J(pl`iMU=!?^(m3wdCK++5gfH(n>23_VyY3wnC1IuZ*tES<^>^tj{gUXy`A%n5dIa=SYd3rn%0MI8A^CL0unIHNqIv;qu zM`s#Uw-@;SyQSAXk}$8{48(9FpGK2uUEa>>y;4V_oeg;h3RCqA@t#HGwkjBIOREsw zZDGdq{ibK`8-wyl{efYg-u%(04a}J7mT`43YT1}GF~`d|w}8oy1$9>NA>XWqO4(v> z!(}A?V#4J5h7|A&>F8~tFR+fV;dA9v%8lsQ8JzTlelL>z-8Y^x8kvSTq)BnXrp#+s zZGr&snE49m?+*qqlh&UMh1-GZ(a?5D4h&K~EwYc|(q$z`il$Myk!(76ZS?BrOz5?Z z^{AWW%E_X^Na-l+E)Vxc5%Id$iO?d<= zvI842?zyun19H)7Ee^}KSOFFDVFI)T9j3td0$?=I#=Qs>W&b@HQdj+XQZ#lY+xP&lViV9Si(7^UlciGN2;tGXi#1%_ax^{GL_Y254vwxm!=oa-jBI+1~ZK(cL(7 zK8eyE7H}D}*}%Nap}>%5O!pD9s?;=pi>7g__BuC&Pc~HDA96KyO zWxpgoMjbUI<34UAbJ7VjHW525Rp?Tc~HBTBl=#=2~gG)Ge|}>S+6SgN)T8* zp+oL-XmA88q=erJ-$=V>w>T1>J{m^`Y1{BtTa3tW-Kc{!A9v;e2qz|N;~Zd5<&*UC zqC(~m&-IJyl(;c*9bG}se$9dCg?u7}oPE0u41;VQ)I;UB;7~9{%V>610@?av+n$RLL;;FGn9T}k9pZoR(bx2Ru z#BZFK!Etc9QLFN|t{I$E0nmX7_UeK0PHHZ{Q z#IPn61-gg_U#Y7b%-SBs1tn`CaPEx_Ok_Yt0=}=J*Y-zz=6@|FH&6}9bPDB#6KTrj ztHx{INf!>=$H;$`kL^Z};)aZE;z2|H(E7!To8JD5oh⋙%TMbX^{z*G2Gw1R@Ta{yP&+6lr^^b?;3%G~E#shBd&-EE zFE=GMrdt&}unD;(w8^S@Lah)15y`1`HQLZXbanl=%#o&?9(7zG_blRR zDK3h`N8t=q>x7Giw??P)m`rmy>B@PzVeSFXaJJex3JCwO>ct>G4R4EW7-oawyDT}| z!@doH+#PNG-6I!P^-3zA3DXvmwgIt}^*2^XzB7%#V+#S;z;qS~!k2tB;dY=H2X=(f zjCI-BbS2L043oeY)Df+z^JFzafAo9cX~l%kKO^07>1#rb_t;qhIM?Ei-Qp0{(Hp;p zcgH@~STJ7WD`pBT^b`MEsWz8jgX0AY7lmhEiXp`xA!#9Na7>nQ(mQa{xiGT*Cva2- zHGDxAlQIb+4mWmA=fPKk$x5)})Lw8lfC70X$ZiK(*1swNMK}V-aX^+VV(8;;E$8nF zB%WrQW|`Ir1H|*H7Vi&vE6ey>9#Q<0{6!vcmc|LkZs~oO^p=ny;>?A;=gdY!acspJ z5YxI5>{&G0tY$roc+ZpXO zY5FC56NeNdw{U1g12%ApWlB)LPERr^TN^Z<-Mco{tj(LojJ=>%SW^Bo{T%+fijXE0x7<|+}DFkBq&-;fYCd?P#pLav=w>) z0_N=cItv@$alB=i?jR>Pa_a(z^%0%ikDjkY(ZMUPaMp5J`Ht7>xq^ z&d&M`Yw(Lv@74z?c@Q+8<)EA~T2J7wSf%#%3$r#e z`+?_jzJyPZU~R1aW?`v1YvKIq7^4Gwn+teV31m1BaCfkiP@zB}>6^!Tm$U7$az^cbqb8$G=*E%QCbgM4yncY={!uuZfiHp)yg$sK? zL_}IiyXHZB2oK0zHQ?v{=B^!Q%&?#6`kQ>f>_TXnWvMvTR4M9=w+vA&%ZlL06_Ik) z%9EI)#z;;rs??!kw|=s`$~K$@0RXzFSrB+7S3S?A!qkb4y!%;U5DcsFm!#1iV2I_S zC#tPMY}@f83o-=QSDlj1mtA=`{K*#$Isa~n{a$|eYnO=ESU#@!_S*0Q12m`>d~W3P z`fjcBL-me`pHuU6)#qz~z#s?wVvWIVK*=MAPvC061I(+*#FG_tM)f{fBCx$Ynp;?D zvy!vuX)9Bl&b(CnAtmvwz7YCf=M1+)%@+Oz=UtUBW76+O!IU8mk193uj@}hEqP3p! z$Rx-fv!(|?JkmwI<4TJ|aUsd3dD{l((N84~Q=1T@K?aWD>4Jef&B?JM>fP~o{}2ij zO|BT%Hb!CL-NKet$Sk5I8z#Ef)A!Jpl4;ut5}v{WeHi=2cF_}61^D{&$DrkFRSnJ3 zWV@N$DCdh1=eZ|Fac)8Sw``t=jDlwr43nggWiO6l+8*3B{3Vu;*0;lB7n4dn36q)g zxK&G`ue_>9bxcrA>u9-LRjz?Yu5WUHTTQ=#M8*%5PZZk+V6{APf@Bg~VxR`;+7LCc z6z_*TWgilKk#v%)^wc`ZS&rPC!J7RPw#-xP7w;2pEw;AXtot_AVS5hBe8og<%z2oKr(x?fbiH5Bl}tyvJolPv8Lk74j^+kew%Uv4 zBSP|WjWgPR9QrdfLmR)Hp+srbJ29|>Or$eLz99^4{IO7rwEKt{UqY(hwev$hsa=1U zHdvDCJ-Gv>WA0{p+A(nJql8#pz%P84(eKQP zP=bLizj>*BqW`iDJorU89p6v(8Qme$_5@vF^WBD82(UrEO>G^n^HtFufgphWp_@h3 z&B3ipfjAvv2iay^*2wmx0vbQVv%7@*CERXD9BijyVyy3)go?|4#xxw zt??H+>h~H20j(1Pv{Kz&$e{>kntS3AB7;0=-8sHe)BoklW>1vq%nnn%H!OgNSOF|f z4&*b_6-sknnkVjZHq=bO_)Q(Zg$JI+iix=5)-iIna_cUWkz!wpwGH#~r(AYPed|^^ zZC?oi_4Sl3C6De8s_~$1?iF+p!n%oG&~6HihA6gND<^!>fv`?~91IAyghLL?&27mR z`~)4cblmcZA&#ybRiqbUaT6*r@_$l(LsX?EEzl9h2V3<8U#9>sK+wO8EdDpU->#NFO|p<- zg6`VwxsuUY`!p?#iB5$~NpS0LC_XWS3vSZ4hNfV7pd->noRLYj1PT1KECX=z#jup; z5P8${e1BtaE)!F@EgsEW89n~Zx960@Z$F5VLi3WD%I2yRs+O@5*EMx_KxLW3&uo)o zI1(S-JPSOGV4hYM+VSp`NzRV(EiR5RaJFSM|fV>MFjO zT0I8IiYc!b#$Hq>|bq@Y+hb>xVF~!5X=5sh>&S@;gj0uMb;_`p6kkr~lrb_t1>YK5_1U3;?)VaBX_=e&qG1sRh{!G`@N{5&?WPQ7W= zE6lmyi_QlLBaV8>#UKGy!$LK2U6?;d@$-~c8rHJ6#9mO^vkCqA=4^>rtiI$SC<>V# z8DA_(fzFil0DaiF#fgabaQY&%S!Z=<)96WBK9(Sq%_EoFJfDfLZ#0z$!PISGHnIit z?IuUv-i_^+oi!T3HAyAPF0V#D_G$C&f7O}C*x zUw8YSv;RMuk5_Rd3IJLh)emB;WqLF=&#Sx~H?E>3QNvSJTr4c8zb zCKK2AsFHd+0?4^(QS2>43oPr1$NkGVJw2$u#(UVj)Y56y7J-~!H*%rEqVE3`HU1<$ z4tBq5i$b=o3mhk^!fyNq4$&f9DtG&);|ayweC>VT=^)1fLsf_*a05kOx395S#80Ri zIhcCAnzIkEHB@}6lrn4ojfy$Sspe*G9hFPmAOJ{jSJW$S>xJHMwLtYQS}JGlOz5`1 zMsUv7%JV|es&sn%8Q}gk80SwWwU$p5ze}8Sxvn#u0=M%wv!@a$P=z$oE}ti(MVQFi zkgl>HqMOG^u#4SdcZx`VL9r2BmlLgaaCgGbfT%k*hegmxVgxnIVe7y(PO<=SetT3b zP2@pJe8mQ2!2IyALumIY_zn#H0gQD9apD>rhGm1%td!q#Vhnf;D9|-~8Q#mGqC{t^ z68amp;>Y@F&h#EO)hQia_qWhSBNuxU6Y~{T@{5|pk}8V%kK(_(QHSH; z8G3oFkyg&;aBdrP1!hHncg}iuJ?ds+E45oz=ePSL?VxK;e~xVan5b4>Js}m`?|d$! zl>r#V@UVY%*Y;eu3FhxL;{19lG$i(pxA z%z7PW+p+wq5=mh`F~xTpHsqNUjULu+TkJYpl~|gfsy*LOxZ|_546kQzXMFsq>MV}6 z4Y!Z1gN-?wMe5#(4(#W6vy~<~#1Vie8j zZ&Bp%(Kt;za$+;i5uxv63|Fk5DlKB5WY3KB8UoKVHAH5-Z+RIqc;gBc_fMI~69Qg` zdbX4pYzck}<&|g#yygw4N*CZR^3~3N)f0=9Q0_T>H9K!2u-4y#M=zxxTsR*hCEk!# z=^9(>N$S>zm_P~uz^^Pkw;nhobdOnGWdmsJx=(RpQWWd}{`|_(!jSh$oJ<>c)dHtX zl5Kz=-8hnyp`IY2I=@R0IDqOt$D#bn)mcXOGDIdf64}Qb6D3uZC^4^qQbAL$N@9X8 z(;7seH@7^?SD>g$t7%h_vHB6w2b;W@3Z21!UKw%Z>cWkX}e()87}j8 zFL)O)EAQFo{Tmty>_acpB6r?(^w5Z>DdF3CSmBVrA;~IN>#24Fo6+{{5dG~B0y|R0 z(?_^`Xru)>IqV*f?3G|idu`v|M;08_UWQIcSaMR2?aGZss6ByivahO>m)H)$O_wvU zsP{j94(H~RA_V5F^oxqeEsmeN3=V;W7Yef!eWrvL7FVv^+Fa^mf=x!*0$JF_)di-6 zV4+P708`(BVZD+XAoyPMK{u=AJn#0{#$!7mj3KZiZMyoAueN!ihB34JeI;IX(f}(K zw-8e@ot!rCtV~cS9uv?!c?(%@&(nzL#2;!ga!fSP{uADKF@dk35J{nF1*1q=_@kh+ z3*aOp8DDZx+QWpMG$NGUjEtNspW#n>#UJ+*O!bGCdjU5aPu1|>{=8lolvnLT_6`ir zoREse_+oQ7Xyps`$=P~u^u>@4vHP{bz@wsNgSzYXd|+xBuv93}3(B)@ZJP*ClGR5i zQgG#;Aqt}@LIxPdg4al9TG&g2!dkqb(}^rNo0zyO{?d17fOM0nc%D+0F)B5yw|Y1D zqrmGA}MKb0X0>Q@pEOTPaw zqxt>8H%8lLaDh}}s_~Btn~*39f_>rs#M~~Nf=6!`3w%~jdeW)O9}AE2t}zM#Ve=z! z?pT;U_=c`Ys|8TDDqUO72A2BhY%G*Skjyg;CPUh+O`c8%$@CGl99w-0t- zqC<;amcXVjoez$RAc8X@W^cgAgDd=!$+YU-Q;Y+ zYwS1Gr}kW*M6mNfm9zX_#~v7!#@xW41@b|Za(>ruq$g>lA>p|6;>5dx6TGP7`B8Z2 zT4E$0g_(=j@tSy*-6+5<#ILaik!W7!P$jO|^D65_!5al=6Yoaip-`hkbZDs|odrCa z-jfabh*{NyoJ*Lltrpgo(U`xb37f&xw?yXY5?sYyXs*b9B!5-=5>|Q1re!x z_RLK|*K1-!HLeF_zv;cW0{-b2E9(N~j2^g7dB@#BoF2ZSm;(IRd*o-n6D~nXu~a-t zzbB|iuA{BYkd9$ZIJ~~KW84aBNmZ4855*Hhjyim)WNHe-n6&hFV0Btwt5^dPWs9HQ zJKjqAZmT5>(qMO>Azx6?QM)>1`f@(&`q#E3CMOXlbW=->`7p}2bl9~?KCP#A9p$}ESiELJ zWMaL9h|M--B|!ca<10iSu+C-5wECMJyMc7Oo5+mucxtlk*6og-M1rYjm^2;@%H2ZHjIf@}gwn+UHYsOdH(ttyqlVG(O zuLt-RA6##+wc5!K*+?4(mGe9UDzT!=I`;T91p4Q}DvEWWe&Z?r<~i%KdJIW6#}{D% zRjEFm8e%UPVAOnR1o+5)VE8h2jcEPxG8k!no?tGp=g@gS8jF2y(M{h%$x_{Ol32-U zhH`h?4)y>i`zG)MWF-oQsQ}sHlTiS<@yA5vHl&r?%SzhvwT!!RRvp#e7joAsYw2>~ znIFWlBD~Keqs<(OgU?e(^LijDl?R3r>??`B82m^_!KTKwIE^c6>X)=gXarW3p5*PB z3DkdT5vpM6ulBVKhvkC?I0^GMkPmi;^L400cwpPw^Ir8 zL1kj{Br^`mDQVZ{danktyRD0mY(4lAOuieC+ywT?(kCIyn+Ij(>ods&{R-4yJssVZ zEW(9KwM~!;H!rMX5hpZex)kyE|J9f!jW4c#-F(c44wS-PmJPv-1G13p;QvvY*6nDE z9Ywz?gcTN-GD+ON-#^?hn36EjJVAl!hw=;rDnlX6?Ay(J*V{jfuUT$I1aZr0(qFyJY z%+z3ve`+tUj_-wDd39&VyBTp7k10{dWsd1#DNI-Cp(P-CICPv6p%#56d>|0HZGMN< z&`8&{daR{q3u$WwPpa2M)8X}D^oIBKGkEmC>Vr0hsH92fgnInS&1}~ZSzd%+>(W~x zM!`3L|AZ0ljz$T6<8NqCQZzq~r5|BNRyhJ5v|y*Y>IQjg+yBFF0sj&J$snP!C5h>%ze$HTCV%&KebTS&Zg(@CO7KBQV5)&LxF9(^j*&Pojuf zvD}G_w|Sc(ka?jkBSVf3l=0G9h0O!iDieONEK3G@nU_8ETykQk30AL%Ruh#s(8C^w zJm%X6n_z?YiAGqtu!8uGPgR-I0`ds%faNsf=4T4)2%XlI1=CMjoU`LrLBE)*C@ze7 z>$8wJMdxk#p&^0MExw-_oRu${dN`g6*GhC$tx3bFQbOJ*_7p8tI51@h&A-fVaeq<7 z5+~W`aOPLmtZ9ol3T%z{EkZIey1u^geP587sau`znuSBFet8rpgwd5{(8#^053>T& z2mgnMZ16D{h!WHc;Ay`4ymiEUfA25nR8cOybb-9A&XGT!rfdDF*Pd6wqAePv+=tH@ zt{u`Oe4^c@FE&>EoR@znRH{Hwr(DNN-0)r3`ASSEdTb6^!Rb!y#UeiT>^B#E{gqYV zpK^V_9UEi6(@_&PqnMn!zDvd?*CzLvAC0K0(d!8zoI55l;PC((D3q117a$n#&iG3> zMhX24I>_HT=EFNNClWYNr9!>t$T_0Gk|0OsAdQckNln0X3zeNRQPNX=wJJ-LPF3h% z{CusQA8O~sQ`ahQxhY!+ea+tn#i&_NKLsxI|D(}~HgpbtwQYvikF%;A7m-z|2GC27 z%>2Q9H^SXh$m1bvaJxW3y&N6!wNVGqgH?=RGXOBGrSd%vXgL-JPKfA)n)>2}iMW&vZ zBEdc1^K;4x+=h=N?lc7YRBNoHK+2=)dr~j4Iv;B(xziShAPf08Oub!1H}j37qa4mH zV(Yg;l0KF+7>`fY<0#;K60pU?^EY05(%IjqZuRrI7*wDb3JyLU!YwK+Q!;Zs$^kh?NYDYkTZ)vN>RlSpA3fKV2qL`hx##&WPsn!n zPr0E@{4@4f5Z#hses&+gYR`qIAAM%XEM%{!J{rWEY!A-r(gJOkuUT`d_u zk4Mj~PtO0wJc)?PUWke43d=(!c*ay*HuUmNUf-Q&W#TD7ZHcEIij6H-Kh*O|HASqA ze&nFPIyGgp_O)oLo)3w`PWD&@m7Qx1%T(m4&)JkCA3E(zO*dQQ_ce#M8$o|s$Pb;j zQ(2M{Tk8PfX^KB8p>y&IN(lajoDQ@{4^c6p73Q)m4oz8S8ik=lLz5Nf=PEv+)*AMlTK(xL z(InKl8q1=W>8>RN0*qF3Ze>fYHy*t)jF*;}=oL_|?zI0h?-QOe7 z!5Sfg>&f1p!Wlet88vVYchQ`GR9+L-Ova$J!OK-~j*f;9_r;s{I1t}7c)rS7(NTY0 zp05CX-m3U=r;hSW->cXsuiNa+U`RJKl;vwzu!wA1@)mzvDb^Rs8S-Z`r_S}N@&=W! zu-f);LJS0fXuP_@pO)e`q{8ESnV9@?CskDvexGi@UE+{0gQ@5KIev!1kMOE3VqyIF z72=GWA#CU}8_n;Oits)eYpib3uAHJ+Xo!(+t-cm;IakH}kVsQ9LBm(%n5Z;kV&;VP zo?{5hI-O{Ks)4!S7bbkmYT@{+m9lhZZdxJRqn02E>xT{i7EzJlU5wB9qe?sgS z_7LUK5bV-?S;>JTMk7@&+l>Z6IG=SacTu~d6&)syAMoTLX|KJPolChN>KI1!WM zi3cu)@9AR05+ogmutkq5%*e5cE=qiu%Y_u0_SiCrWTg2-t_Pa`L5XnKseQK- zZ2|&*8-)||iXQjUkerbCL9hyMED&_A%30rC92JUn-kj)cC2bbh`z53i~#< z-@?ICz8bt(h-dCaw=QFUX%>s>?Mg0szmtRi(IUr}b5^A%oto;dC!i9lG{${8(CKez zC?V*BFj8n>^p&yWZO>Mu5JkF>U7SXzK;psy#NANM{3{0}cP`$z%#l=mDoLjW7jwgR z60d!j)R7Vg`JP$hmpwT6ih=2h5+e_+kRVWAjF5bqllBJKWqR+`Fvi*pRW!n_39@@U1+XPBXwltZ->ltDMt$ zr(RhsWuQVD)|#`bSaxWVs3H`{P3hMKssf8s2Ao(aF^UfYI{)B$9BAPJ2>G>I>%CpV zU7D@~B(So_8O{+;_k6y!$XQUdWRWjlMPEE3A||4#c+`$HkEU)38*C@+Vsaxl3IJn4 zvLvCP>yLFJ%>XygYV)H`_{CV|A?(!#kk36r5{E2+_F!UkxH zRO6X5*KSlwB0F?hf(5vqwKIoDzofJXG!KtA{xF@+ai;3AzQ4$di;JhN?Yyj73$U(T z=$0lrbd8h9rFTy3LJ43StRSR$2v_xKQ7LZ})eVYjH11PBOiRg!Q4{KJin`hEzS`i31l-< z9$>WLAi6PK1aO}xirylgB;W7>+nd{+*ya*LMzVd&sRO&nqzA6}dY4B@U)>55E2X9x zJKrxP!xh=6GJ;RMSn1WDvy(b=RR+ly>+23U*cs)pO+!J8R#^E-WZyTvUZJ7` zc^wrB`a0o;YB$3;6tAUQ{lrFJ&y0F?=1@Vh7oWq?KXsV4bo;Y9sf#8B7l=6S<1!xq zf;MblFnQK&B#=P;NQ;L`q)el)i5Wn$+0OPaXjb6Cd%tM;5M6+bApn3(E%@)1!c0_t zEzds~LU}MgShiB}16$PZlZwYN|6D%z(as6XDfx}EF z_e+6&P(pzGn{gCKT&52Df1G(_UD)9A#?2I)J9T?*jLzI7UzTn!s4gNV{^)cPm8x^I z$NSD@h3QYT%jYH>5%bi6n-PX*>+UP>a}`-}Z-9 z_lC^>r0Nkh#Ys3nat5ODs_{=POX{ZkSSLT6NngzF?ei&>p<^Zl9q@z zh`@)Tu+f+hgLxSp@QR=SlL;pR#qZl0tYC3^O|s^>*S#7xNsrRL0#6a9-{coIY! z{NN)HS?~Gdim@$8TH>&xe#o~m&-jTR6$DB)vWm%jQ57`dcvx1wkA4~1R5`?uf1+7M zUP2|lDv2WY5`^;xAOPWs zcWD5wWYy|l2zZP{|0LXOuQ&<&J3`9*U>MkxU;+aQ2$jUKCj4v)t@@0K=?&uJwyXZ^k-WCZ(-v#nicwP@&%0`Ydhxy-46J@ct)zn(FG}{twD`Y z($}|cS{Nt}Xgp{MdR*|GInLkGq6xhH=eXMPsyIuJg|FZm^D6q&zwK{2oDg5R zrxxYFp!bpd-Q2hXtMcP?){z1geBA-P`3)E*1c?1s8gh z%7t5*KiaKcRUsDD%Fj2?&BsQhj~h8hnh~og7(IVbY=oM17Ld;yBc+_tK1%fL!qGPh zR0g9z!L@91JgmOA;Z<#i?Thh{E z9BjR#Rzf)8*MnCHP*sopFQDm;HgX=)mG;pE68|Hhf&I3M8K2RIvB;>Kip7ULU(Qod zBtLE(s1qsY;%1tQLbse^*Q5qWJ#3IOX5>c#K5|-8aveTt?7yAEK88nzG=!!ErxlH- z>O>nq3KCL&*)N}WW-N^DD9)KlHOxh&f)#$nIOdpZ|n| z4Ud-HX2xW{#)BNo*`7+Mu4w~PqU^6Hv|p)!V+(f<@fDr6U|dgI*CY}>7Ol3tRtGFd zm=D|8_8^8NAw8*l@#Q?=xYZX$H|;5R7Vwb04Q&#n7kU&S0l{8N^jIPj`Y6ruNKPh- zR7mKP2tV-CCuJXZt1F_!_yz+EOO@fT*9WaEiF-&Ilr7q)Au65O2xbOP+b$Lm0Ft!=xsbK~)%~k&G2mAb9xTm-AhpyS5vSvG`I?#+J ztqg|Wa2ee-+>DPE?KzMp7#XE+$EIFs zB4On>VYc|iRiWcHRDk0|%AxrFq&%KyjlxzqIv;~e6CeuB9NNIVMD&!^>ABuJiRcHL zN~7kqVEj2>J@UcJ+b@4_g#qQ~t%+mCvq}_>VN#AZ_khUsADs#anIwF6gMa)L=JB8j zfGBvEMs1NwVCK#pMHN+%=PlK3-Bfv2a zWe}_2=@VLvcA&rur1}x^l%E%0wh+@D3gyYkAnCzKClE9Gf>CW=gB@0p~>NS6}eq zxLbbSOyzjrl^bG$VMx3N2muyR^MIqi&nl{DYV5y^_&j@8J>nK`B-FN!7LKb4?zfsS z5m1=ZalbdJ)_0AVJ6?_dCa?DfN|~%a&1;MHIbDP%3pWEBZiodo5g^NcpNvAuogu#C z%`FQR54{S&AEp6wJ!v%r<2%e_6RzGb0~U>L-5S{*i!}jX7CzK>b_82g)BnQW+?}eR zYh(&}`4Afjc?DXa9W^!){gLu;#?p44|I;Mzk}Q@+oPvf;Pk5|tR+%E8FpVcBG6~ia zZ}bd3xh!Fq#+ttKkq!PM^c9lfl`&B#0BKS5G+W)vwW!w`Qkp}5wK1MfDdA_0+_f?Y z1Wr!&M%ZdX7i*)yl}rvuQkT46l%&86LQo`Ws@zSUq1$ZuM>M@!5(`+sC}|`v|2OZw zpI)83h1t+(+i|y)!}1WZN7d)KT)rF_#A)nr+|zjxY^j}nEa%`bla*}g4=0f|D45(a zZM8q~_eBrg&2A|7kGrXNYVcl3FDkLgQ_*2UeM`QV_xF{ontWt`I{(4mJA~s>$33(w z_AQ3&p^rlJ_EN%iES<$4nEe31(%{1uk%%lOF#SjvunOa68;o_8x>i zM&F(PpdVhf!aF!;SuiHHl4$DH*C8MF5vuz z!PTnWh2+s!FKqCZ1W^oM-5m5JG_FijNp=id=IK%*Jy)6xBB+-|)yI)YDNDD!w|plX z!+^N*D63H5zI?MCpNXfFmQsT~P<-|3zHVMy>#qD)%j>a(+EFmT5ATstP_WIF*JTuk zx7!2@Y~F50O-pk=0d@N08I4HtKwtu>1;)UtuP^+UB9|yhBlo%l(0^Ta1s`<18k4Xf z!kCW6HhxnGQDZ&^XC=j0hHPLL;ejUI63GYP>$9l}dJSu^(YoqFIFK2@2os-#BNQxu zX$ov;CHK0X*~i4GVlVR;pKJ3BIuS#ye(t$%M{Cgprh6UTKr` zAa!AOTh@|V&*?d}nrxRFs$yk*M{Kfb8OYeQDzyAinQgKFkjbl@K{-8y(-<~t0CBFC zI2H#e$OipkK0XLm`$>~d*Jvk7yAvmMew~+HSi!L*_jIV39Nj z+*EhN;oE)N0X{Q<`c*QG{hOgkHsdg4wMe(XKaA5L022Pv;-vHw1$x>OkO9>JezxoK1H4N4b-vs*T6%j8_u|@AoIy}3!i;1f zGK_wtZ4vV0HSKbqkN`EWwgx|pre!eJR(^{f;W!D}9i0$leJf__Zu)gWpXmRTItXlc zjWEQrnC6(ugt)nB-3mgBJtop@2r(5wCUl@QWxX_3p$ve~@9O76Lewo=M)NLEkY_$r zf{)hT-toPc<@X8s$ALQ5E%tmuq;@8)68v?`sWJ_#6J&XTlN#H+_qYiN{k`~q4esx` zh%eNnaNwURoYYk>zD<@`4x*5OvrW&+Ye6irKY#E8Bo4BQFYbUth z0wg48CX2RW`wR@C09YAcJd}FujhaOUV7U6ft)3Y?@&U_ndJHMO77}SpP_$~1>&hFS zZZ7hAz;Q=Qt4n#*aaf7lR{>cHURN)9A|SU4g}`NBr2QDm6hFask7tX(QR+{5w|H9n zJj)A`uu#QOf%%ks`^wfsP;8-?wA;2U4%^(Smt%q-sbF&%o>WT;+Q3{6i$4$-vw>3! z?Ei8Hzz3PWCu~6w`Hy#7WV}+5pv4!uLa3n*w@wnqV3GBHHvIhZ6bwfsVuTI+yIFa=yQF4Ti)C zo|i`i$)Wf(@Bu|Do`L6m>t{WtJIQw+LXH-fifK+$-D}%{#40)O*4|(^bV6R5zQmxEs zR8%yUmK=tTILeQhRZTHYPhih$>ZHVru(zj2fy7Bx{u7(F^71&8CIZ<&>ar-(lTN=a z!>_JzF=az5n52oZcY1ZnI@KhUI-976Jr5BXlWjhSy0@)>(pcB`bfE7Iy5Z8$qRnkv zFabYe@w5cT)|w^CzaY=rjmG1{DH4WX%FhuSrrXfJ1l;IOsL%72ujrQ^{bM+ArU;Cy zN8AnjJ~ND}y8A;LX2soX^dunF)Mc&32Gn*SwU}B%L2<>(4!Fr37-K0OA#`e8IGkP6 z&$VEh`bQ1>CRciLe-f9V@>6L}Ca_=_x&?ZN0TZIHE{$k%(1}iL`&Phklc0sy9^wWXN-7RP`d0&D23d5kn zcP`hr3O*QqN_sMAWkOe3ad2|{QebEhD(}k>C<1``k_9*e@)jcbTcLef|K8! zzoA}2Zikc-fN6;PJW)s?y4C$nO{`|_Tg>?JYZPT7T9_a_1x`!?BsX|os!-BDJX_ss zMQU>%+~sX|1)%XsJiBRR47R=*k%G24{WaPAliJSzmAuVDCK8LUgr*E{F~>UGQXz#_ zCNiZTyUU@9x%;#ukh^*|1MDI@Zss;^9yX-Iz@-%#!ZtZxP5hY|C*hu5LTdm-pO+BU zRb13UEy2nbxo|U7T5@*)l#IKaM+amZImigHuYub{9WQ}I_6nW*Ak`5T`Jg_Z)QmMR zP!p6F8U4=<|J_Yt1!{?j<-U5pA0V&HV&bCvvGy3?Fro9kyCD(LZ|1tgcCc2Q0_iML zm6Et7r}tq!&WKy!Kk&esnQ{0h5uVF10g*v*7zkpek&2g*P-EdVKfex4j4z)4$Yj$^ zLedgQyja8CQQN62hzcQE$nV*7>Mq)J2m^dTO7o&<%`xBlE%0$bi5b@f{Y3RXdVeWy zev&E@V*0cv$>{pB6U;MEWk!m{@9B62?029K@JDjH6cB}XZ`}|TIsQODS48If#Sq7! zI-erNOX}D8Ju$&9E@@p_apT~iaK2EdJdriSjgGSpf@@ zet8QtFJB%!&=EiZUPL3mnwpmz01aa1uGa$H9LI{&#@28yTQw!s2>~1L%8}(gKhA4IuWL=U3X;L&o`ujl> zJt-P#8z(C{topD3s+m93LC|iAhQ_>F>9o+t*T)aP;n-;qDg%&sQe>S~};dRbJ16=4{1CMQf zPvd71HV}8)$W|qa@98v7=@LY@QYD9F6)4tjQ~pAow6=s9iT4W}-?4h^jBLB<7SJ>t z^pfAY6s#bDpz8seAa8uw;UyLa?;A>vkhLfA83CMdSlos=(a#`{-gM8(*6AkKz&6$m z;`noNe4QH9KOmYr`YakF0Gui}61e+e?IZR2sjC32bkN=J^_3+3g*zrLg*DWk(v7tIEKH?D+}Z2Q&?K%#ej3!V^qGSF=1c zp9uKH8901jlG)TG*336H=7z^-M*Fj#jz46~hc5U3+*Xj74h*C#K;$#nfPQ~1Pn!cn zlm&J_mw9n1e;>6wur8ITVp&nY_!5SA;ormWtbnPY?OrN5E9<|W`C<6W^wb)n#1F7W z5Y#w89v9YqFz>32Z&hrSwbEYuJoVrE_!1$-%rcURLb&~_9!sUe>Qh9Q9$X!mvv;F{ z(9O-*?Z(s0;bdB8s-=R-p|_GVg^@$@g){pU~JFv^XckvuD#L_!+%eNjsdYY{?cX!LYpaC>-V-T!MxEt zU^XH;T6Svup4avj?w9)I@wxp%W}F`p?-t8!)35n-+e4xK8Q>6}q!B<#y|ZMzj5WQJ z(x^y3&O<6;QOlC)e<8cOiej<0Bj^a=(KkeByl3tbL=fWGRdPlOY>+mESkv+IbheSh z*+1Z@6*e__;G53#g{64WoKLNSA}O~>2$Lh}I?SP&3Nh@m+|Ryh5?oiv;)AjF(N{_J#t=gKDgOh`^P453Z zb8*^O)Gxh{=rpl*2=EwV128A($w2_T`-*CeQ<2HNC+>Tnw@k|gQ(-Q=t{GC@M*G|)m#v&oB!QNu?-1=zE75+`|d8A;J zKUB3>FrZQXFNu>Bck5St0L~u>RdT{}XQmMG9hla}BjhUFt31ir&57d1qlE-GA}I9I z$u%8Z_#x?BiU;wS?f$Fwf?dR}i~fjOe$4-+TFaes5?V9< zrl_XWa%&K0);|Nkf%Z|K-7aCF5jn=|?Ji1WW)Z3_J^=0_cAVVmNiu(g0D&|Taw95S zK=YysjlWg<#_g}u`d#u49mM*?YZwXLNDe=~JGQsOg8)Rg^Dy!xmI5;MLS)?G_H zr&GNKTt^k1Dfg|H#nGJUDY`H5onV=U$H_WNjUeqp469;w8U~7S_)fm;t^zW5%`7Cz z{nhMrD%7o#RfRF$s8oc2nt9z+!|qr9Wf-3_HgP({(SbfdDZJ&(2#88~LaNHmNgc`? z$ywWg9gg-@-)FOI-?;`d@MJV3Zbgm7gL1j9Sr9_#K89L`2613PHPJv_1Yb|gf958? z;qklX&ZdgmWp13_8pa1YK-;CPZ<`d^kE*{fW~m0jdS^!Gm;wG4 z+HtNp-w{jC&@=VC5YWl=-u(5+R-LREoKPwiOscZF{z@JR>{_gnjD2qkPyUx6Q#<+( zJ$Roc!23d>&{+&nh<^LIR^aTWvprU;h2f(BHqD!S8wsg#>f0XKGh&zDX;3jA<#E|8 zwv*u2DUTPm`j}%`6jWL|V5^_LHN=$+tNu)u%y>xD*@e?zx0C3*v4}WfW6(h?3U-#o1(=T#X#m>sUeccanE*V--1TrD- z4rHz32f4`r;ddHycaw0GBC6pDxB^xv=LX+}O9>5cccc{GZrf2&*4IVIo1tyO%CBL_ zc2jOnRq`G70l+fvLY?*ua!A&e{vFc!dLUAb`(BRliRDw}p-x)qgkd;`kw2f+bJFw7@8d zSrwA4!g;%H__aT#Oxn(Zuw2bkTS7U&XAP)y9+;Nj(-6?XU0_6$b4Ip>FCr?1hla(g z%r2#-bX}vT_)@73hIV+k+2C6$E_nB|Bc7s}&(QavuRSg2I)JLHxn0CbwpMC{JFe_c zu$7$C5a(*22TGx9ee`{)v|1{T3Km$gE^+(JvMFgWMHFB1l!)#^FhjyM;=`xr{UlbKtE5nK%hUE(`h0Aam#g>7_&d1@)**=m!(XKE?R_E<#K!6n#2z(5Ol-S?RmF8K-9>Oxla&`G9{0fYfmJA zFPOIOGNknWw|d6bf`kO9PS9bdQFq)uY33OA_0r8lmKogax=Bo7ryuy_^ZBN8t2+fX zO6G(v1U?hZ`j}tJ;UfnkV);UU`U*XpYnfr%3K4i+y^=-HX(VQ7y5m_hW;eavWOli)VWvKB&vk?!-YkcwuP-o{_@(d8_xV09ZJE}}Kp3JQ1l_D8t6E|oTdhyJlz z5%Rpy%tmmZR$H)v2p`gsXGf#n{q5?*YLyCU+EXJ7vXW!09u4*LkD^ZnmKprWA}m3!NNnEhvb7L zRPhcYb0Yd@+W~4fOSkYOs2MM9%SzZp_~OsIEysdN5WUnxK0qMSgB@<7*@@;BIcIrN zd;o-a#PJ5=dm^w*;3DlPKsNnX=hJ{)h?tJwP5^}k=nr6gKKOcNNwE)xnf2f#Lnt13 zi2lX^a;csQtPyFd{oty{dj>eS9*1LUlw-GY|l1v_HfC=Oz!z2ERm-7EU&G{ zZ_nh$f_vuE+RDJZg`LP^R_i6m%EDP;zj9R}Bj))5n44Z z04O-p+ud}qee!>219(2m;BAJ)f`fbhzzo4B8LT}O@AHC9-_;xY zsmeJ_eIc~(H6nSK`P^^2fg$BqWjJ=P;qrCJbhkXfT}d(e?4FT4{s(~za-cua`QMCQ z=SbpyTZ@rcZ3*zWH}v6%>wyPD{fH%^8fM-IcwjC z3^s0%^||D@WX%0@QVyT|D&rJ!hRzh7sN+zBUgeAlBUa_6?qhuLie>gV_d5`UyQIM} zkwlK#e(a1lu89eK5gP9r;o~f)nP34(D{=|#oW3p`A!b1MJutMzLwQhj`Vv511wykTc|{HKwTQwFh-mq-Qae>h^r*<+x7; z_zdH%fRNbYq>iF+MS~OW>=#_uVi9JhqZpsYhA%70(_4~lxc@?uh`r&njqV|Y!uJH> z8uYmXI~>yHWd}PAhH-w~@lfs=yHD=SQ_`fM?8(iG*VqX@wiUfi{P2QW#2ecjcx48W zV;J;FgC6b}n?+i_idQZcJ83WAkXBpp(`#I|&}ZX7-+O#k8SZ@=7!emNzX_``;Ld|# z5lR0Wu-$y=(}=g!AR20Q5FHUIoAa?@*SBnbn7JB3`2_YbTYaY^@EpJ@!y> zvI<@?;RP3`H6{>x_rG%NdRm=PYo?lUy>jeD;ZZ7OP8n?-uT;7KtOfm#kvVT$S__zyV`E`Q70Tz_-_w|O zEoGv9kMfPBNQf>-_51T5nOqB8p%P^lHH3_jqs4-g=@lIX{|<|8mV96IXptpaPT$h3 z=zc(p5W)lqnCtk27Kh%Vq;#kWZX>`#+wt%_M4CVmU%W!J#$nHJ$|m!ssD{4xR6|~m z?84KhAGin;6(sNf>9U9II8MO46s%18>=_&_YxfX*F?+hKOLgYOvR%NL9D($bC@sVm zwrg+CvSB!DV3NUooi(jaV2jR*1wu98=>`4{fYEe)txWTUHm;0;=Aq1_9L;N>C7C;I z2YrZG#x`58^goy=u|}XiIHYz6IDMA_g`>v8GVJVgCb6me`C$v0JW=)nkdVsqb^jyG zX_@cSm_A9m_9nK^y7-lDB>=b|mTG9HA?;@xnyy45IxkC_H$#8#K2db}G(Ab!yGs*! zJ#aimn~>i*42Lct?3dbB_tEdYTkekasNz<0n=b1_=*=b_Kb=5*IeQ)C+J(es>ZgeY=HIeCHW{fta*w{J7|fk0`#3I+(cOE z$4KbmwB&NRZ6Rp!ZjXvIbuX*BOPY3%>S%6b)0UVosBcaoM32*EgL*pT5pFmLJkliB zsd*~|32>LO(=w{uAmhZxvNu;@Ep^>_<{hGE;&q)E?5|mT_R{K!E#3YQYSzL^%BQ57 zNZD7t285Z1Uu`QYhKwS8>u$YT2P251$y8)TOnCBetrZW3_XnsNdNQ#q_62jfHM8@s z&CZJ!K74f_@??g<3|cQPkZKk3NP2c9uro?rfm!NdaV_2$1iL_Cc;GOK5j+<;+AKF) z^UKGfQ7}_P8aPl)c20$(^{mnvDDa=MFVQi=cGn*M;eychuls4L?9+1(6iiv`wS96u zTld2@RL__(x7}FBn)34wHgU2DAFC6_psTU#48$c7WUBkWuqWpSHc@YOdv!6FPS;E~ zJ0djep3P?u6oYILxJ|YGaAzI&JkgLz{j-#cSkNj`=aQ2`o_RIb(#i%3*Aj&&?*j#rp7lmZ^Wuv}>xpMwuTH&J3YG+6%5gF>9OSFLzju(HK~nuf*_(JA(_?*p;f3lp;)n?J#=2L|RM~fEx!bEg<~p`Evc2bP1xoo(0EqeY$O2 z7{(b(cJPP9N-7I5Gqk6oW_{VNc)={kDp*079{^cr^dLEHq|CjiHH3HGj0VFd2orX zjaivg#olJuH1iZYfBMb&&)cHdeNXiw!6Z=grNLaxW2YX`^p5f#o-i=%nmg7i zma8n93KJ$+jvm%a;aZEyqB?+HyR)4SFgHQ`YJ&<8ubxPOjNxR1%UD)3dbMaoyR0mG znWfkWX`n>6Jb3f;@EB-`>7Mo4PN-5tSJaOS3JabPx0XzmHBN#^hWuhI|92ysgr!u> z01urS=4Ts2h4! z%nrZg`OE*|7Tl09TLo+H-x@4`w-c;{7?yfRgzEEN@p%7O(8|pZ=4q?Sx7>ax!vhPF zHAe7{b5{uI&D%%(lkmGsZWF-|2>t<7A@HdaqkGU1MvpR(zTQ)aU8)m+%IBQqrzgQ9 z4I$zmG4njoRYN$iji7~-yb7qF9nxyA%)X&zA~N%n_?SCX6ekZuuLe4d4lJR&jxRGc zGq;c@V$*yhE8;zTG<*FvO8|vUnY^DFcczBH2bl-Hz(wxD>FeOE)uh=R4mHxlEO@p9 zlJ0lDO)Hm$V%or(i_P>|z92X-mLvWMQnFN0PcS?Tt0wUy{K0KA=BBUbgpR3^M3yde zFKboLJbO`#f%B|4W1i$W^6F#&6Y*KGsPVSebGi}avT8%816ZfkrV8n5$QC%A8kzLl z58CINT(Ty{K+Qiv(I=;tNd1x@>3&s2EhtVp&2-PsL#IxND-f@}l&Q5Ef15K&*{^UF zSk-b>?C-?wA<>HxB`nJTlCnEXm1vU;v+C%(g}T!uQu~oK>R1s~u+}RO+rz>{P43)46z14k-~h~pl-g)kEQbI?zA%y$Pc$R!Cdahs zL$JsMMYmZ>)~@Hqv7F>Lqy8Z`?w3Ke%^rSt<#%s;F)Dvo?`ok>buzC&0Y2j0 z!R$l79ZbQLgwM(TaPo?5Hv5m2o=+*Tk|;J(NZn7$Wx>9XrbLH31lfRmoIiUpCQsKW zLQJLjPXMlIq&9Vfm6nZ(CJu4&XHkw0KU}^0S@^8x0T+?~vB6NrM~kkv&+tN9RnDa( zaV6!VAYj9wxtXqG5$2n9wdw$ui1L+aK&CQ(hulVbusk$nw?d6T2smJ8!n(UZ8QFahNJ zse(O=Nx2pr9X&DSc-y$(>*8#|x1Q1$z$2x)3z5F?wof8kH5;VUtP;N%EfCtK_GV$R zjHLFz{sE8369E{hN~X8{Y`qb2p;Hg|AC*iVWt{~rPOA2X|K=@mm4F$|viAXczf(7r zbgYcg-^~VJR`%GxCrtZ}-qdWfIUiY$z*;3ebV}V?E&Moqyx?O!r#Wsg&m8WUCidW2vv=a+DU_9_KN6U?cPeh5j@xWL{K$_zcce9C zrYK-Dt!~${Oi#uE%twGGD`bc*1JnnpOw&H!f>(NIf-CZ+S$C{*-Z9kO7))Z1MXXNy zk$6%X(tUH$1oClXsv_MD{OZ?g2@icALELu(={iQ_cO7onEj{ZFZredUCQ#EGf;a*c zR7j^|&WWDdHi@F^l&e+oPq~k}>YIz(m1xo;n=GL6lFqc1b(LFDSqPS)>yqxVpN0TtMOz5Srh|RzSX2ZP#rany88is@<0`S2sCP;6 z^h?J$AJ187SEgW0MmMo64GQB3s{aS?N8mjIzKhCUhGn5H#G?ydk!!fGL2hykwv0{&>z{ zPw4=0*XiZfB$UdAQ60xUiJkJ>Zue&nu%1FRtsKJMI#iCjFJbBwgwNA$qbCA4y;J&p2+T*9I6C`9ig^iaIGeu~frt9&6@@bs&X-oyO}=gh5U()mGuq(q_}KI@TfG4jmz z#CV9OkNj8sRFX;^qA9+7I4xI;us@BY+_ADd0hn#HhxV`@!&2;4 z+49L}Xr_8<3z44-e2L21+8r`Ejz9C2vCK?T%5uhg?$bExyHRg=fL488mx!0bMh5UB z_Zh^Mx3FENf7$8cHLls}UK&e>VpO_ps%PxrC=u^KV)oTJ@vQl|$_dt8itF2`hD<+K z0u*>NSA-vYf;L5!t=w^lna=$rk4O(D2vZvtXXSc7F;?vo8Dlw~s4E+h_9&86olet@ zKPVo^__p6L_LPLX%tv`H0*WTbUNo;XO1!|2x6+=Ze>Ci>Sml2CMePaRZ84;nSTY1&UsJkK9m~Rq`<) z0Co(LkJ~}rtXJVqg~1jR(Gjf+v<}nBMnyzZHDn(0+Nc0MhmmZzXsR>g3{AIyzkdst z18GtAMnIo0TlaCp=evDpWf`R=tHX4XA3Bn?hzjKxXhZ2_|yqraCqna z8L}%a+tds_9&rBuUkBN^%F38&h$Lf_QeY-S4^ZK?#Ny(&A8E|fOjyr27;8K3>f_c; z7pBuym7C+9-~LZBG-Lt_jZ`~OEW~6kjoZhPfgXts5@~Uhz*|-_QDKKsXlN$004k}2 z@C|avxi`YzbmC#OUF-5p7YfFm4Q;z>N;gET0Fdr4NSu3GWU@EJW+6bOu~Z(E-R;5^ zcsFTnB)(Y?u?lez{0}165^Z*{`|+D?^?mPAVu>zOIpWn|p%#ekgS%@`W4}r&$i|IM z5vgOCsl8QPdw{=Q#JH^(H)h+5o@eTem{L&v7{E}b0qL)Ox;Q1H@M&f#Bpe^!>wlRH zL{juRy;DfqPJVd0LlMwNaHsllD!_QIr+s}cN%lC9hH;d%I@F`qJ@#DDrZ7H~LpqJc zL6u2}MNIJ2=%Hx4-ygEYToS-}2N)fhnQokOW^ezBVNmKcQjC#wrb6bx3e%iQ$qQ84 zGZN(Vax;(CCDu^A+wS@~t6IGT$kNFQQ~Dw*;R(=1zmUasoJrC&rxDB>ZP!?jc_Psa z4pv?tpx(V*S<6`I&q1W$kjHIJQ9F@N$T(7PnF+VR%##r=1{h> z2x%d~`D#`BFaS^?GNXhhkrh9T za2*alL-Ix@OsprAuS#1}AAS@{(AR{N=-aVLBQP$b*7 zLZF9Uk%j5OI|`7rBlVx)racMgA;l$RSA zMsC;~Ypho7gyCt2!oaemrQ_rZVpuHIBEKwdUMS}gel-eOSDw8>ji%!d3R`+7eyHqJ zBq84^+yc=P#D)~X7_WK5`00NZ!(m?QW?5IuYimhBzx(sWhE+2kAWW!-aJAm~IyYj? z%%h~;aUAfWa6!NDdB=c%&mUk7ZI?|6g?J8`=xz3bv>0A2%Y2Ok$Avk& z8jh(Y(%2B7i#(+DWtb8JE))X;$-z0b+cp=>xAo(euo!Ns07E#9;2+M`00#_oK)(}; zY;4EX^W0m;?N?UU=U`K8<>|@pwDI_} zA&%nOKb|f|WfKOB(bItSpyOgKmkN;ruK4qMEuwP1I7|Y`K-9dZ$ANQlc>LVB$7=Vo ztwGY=Pp>*lQ=IY6aj8!OemEoqy8PjAngMK9%>4|dQp8K0hoC_@_Ux;VI} zqy;(R0^5Xl#g6#!3g;WAE_I>Kl<#zKy3SR_n|R3!nrz}W))y#`bEXKNJ}0S2Xm1r+ zxtboWxrN@m-*`Zvu2=#2&Y7(InH#+aX3>z!r$z6o64nyPAAHgbk?ahZ$rgC=pF)fa4*I1&}^|193%TtbD!$XAU3EI+5 zbgAgkuz`F*imge$1=Hhdb!M44u~Vf3z4@k>V?_~{oroSmWmc++{J;fY&d(|4{{(fL z`U=;WQ1tb3j|?`C{e<%JME~9IZKMtpy}Q%%O=X{{qA1?!vRORmzIyG#0_ah8^2SNG zaG4*RMYIVNp2ROytjKiQk zTPY;k6X2eBUl>0-2mu4<18C)gUyEiL#;r)(I%$t!{IlzF;Dy-iRR4VrX~~0Nn8$Ft z%7Xcs;jd1V?3Raa`DJ+B7wP|2O#wCt-{B6N`;vp*g+7K;xoC@#<;GIUZiz9w*9LC} zquvU6CG_~OW^WM?pD8^FF-BI$fM&`B4lq(Ygp_GMQ#)H=7=9;SR5bhtFOYpmjH028 zG;er;-fVs=rkp`^1BOeylRx%S`($2BI$Jt!7xM>mtXA_GdH+n6zo(XZxQlSo>b_e+ zc%YY4u#Ngd7-vD-ovAd)VkS#vL}mr%)AM^aK1WieNa8}Tu34(C_DZDQe+QlJ1P>G> z>+5-sfSY$=R{)$FH+jc!(;%Jx9`u|nPwnaO!6f#xl60E_nBSIm!T=rvF*e%Wmsm)j zZanLou{@X(h6j)wPoi;wf;+REP`bvwm{4lQWd{M-li7w|rTtXRx2 zCtgdi1GZOCQ~QLF<)5k#PQ362@3y_2HB*TbXw-&umPh2MB89<{NuZxljPSznPC21$ zj=j-pX3i|CCW)SW#?b`aEU1C+J;GK56X!|Tv>>Ciix?5i;pX>M*ATTVoUHA(Z8v^4kI-Y!l$!B3w?R@<&Y zsj9!f4R41J@jZd_?0~q-HlJ~KM^Qk*A=Jip8x1N+@BkQcrgxDyI6cBp?8^=h=)|qp z6RD?8O3;+PFD?5M?bS(xGK!mLIZG79czo*2eowA$PWrJaSOiK7S%7U}3sCBh=z?j1A_s|T$FuLo*Aqw>(DN{)=%^lNJE22sVS!xNe4f}~OmkAISI7524( zwIbILPFRMr5ginZCr-NW#jMwB!Wxq~SuIwdO)$CZrT*2Ffl%1RipXkhO#i)#Z(ip5 z-+lihlX^X;Z%*f7cqPn@k*NP$`7irV&LeOQ9>GE^vam}ld}#?Rs!ir6-4@A@wAK9! zHYchZ6JyuaS*2QkX*s=)M9V}_h&*P$IW4iek@J(q3B37mwz6P;ILZ&fFxvAx+>tGT z=MY`VG{!;okV39*b@m-s)*tblOd(6a+J7GG(q&`9Duy9T=-OR%h zp@?OP&$a6FrXwhqNmd6tM_K(;pBBhtd~@me{)BnLr;3L7fK;XS45+3jq?n54Fq2sLGOZ=CxfKQ9*T!i|v$aJLE2h&)`6!;z!) zI0aApL8<+57NEs>qEXV{ET>7AqihHDX1Pr97-AJYgDJVtp!Im+qQ)G8?axfz8_RU@ zvkBgilmmGvn{8G4BKjpAc~pEECAjaXLE?07y`h{?&0WxL7z;;J@D7hZq_G{oz_BvM z#rpyJ;&nT@4%RHesQ6zpKu+8ko=k9$I8z zIVl-rZb{ITOtAs4r;OBLY>VgPUJ=MxxI2n2nUW3$ox$k%hsPvH_i3d6A|`B3nu&S1 z(K+e*9Rw|~@oj4zqjOT>o{_)*o|Ur~*}z4S^aAHoOTFdMk!=Edx)l~66Hjy8?3Ux; z42hZRl5q88{K>*2KJevR0>E;nG?PY>IPiW7c1it_0(U4Hv4X+^M$mjNx6XrKHs95% zev`;JUcj(g2i2Rpj4V&-?NQY?od_Ih2JDo}uG+0*yJq8!iC_LZvUe^6VE(kR~m z3b)SqZL70vZvVF8^~%7m%ZYqyd~5!hTh1EXAw04ShUV!|(v^xwiTs`@CJYmh*P?Al zXg>394~Y-|q#cE=*s|+U9_X4(3PsAast+HZfM$INqo?du{=hz?N>M`?)Y2Vg!w%1y zHRS+_YvO3QPI&@Zw@s(9MjW0|;LH*{L?GGh+Ys=vf=gNu=VA^`z@34zsM#^rzVBrE z&qW=D>y>fmL-596QMC<5gpEhYfo+o8%D5}hzx)4u?|PxDJh!$?S(h#I2(`dGEPXXk z9M)_EV`3!jn9#x&@;{;Ei>qsRp@bbKycXv9EPjv?Zr)V!3#gj#i>&%MRyuhg)6qqR z8J`ySskVZdeKfOdqE%U;I9nO8i6k;=OW^q&5-bmXu?Cg=uDmwHsH~847kLs9s1~gv zjixHMz><0U_N*a8uf60TkshDKgJz9BNeY(~q>pR3jkr7`77&vs1=k_bWOI~?#+FnT zf_sPZp;7uxM{3RO(JgcgLyqR#nEYcsnN^40Zm0exyl}f|LyO0&+54NW)^^>^ex0lm=bZ@aKF(0uLulT|6wFR0%8k=wNDrpj zF{S9IacD;Mw;Y!&0IY|(q>@#v9NF%EQtXm?T9)=K+K^5NnWzmR3cs!+G%*L-#hQnW z71FN0GvkKX@WJow*+yJa&+qHlvU2@B!}n-{zW@iMKk(bK)hmO2Kl?vj!`~x;=)g#9 zoJ<`{sua1U*Ab-%rjrp0ye4N4g@|Gy4Dfpb1JKNvdOE=J%z_~WbhRU;53$0n2+Y|t z_KDxqj1?t95#nE*j4-`qy`LESgK`=>ix7*ttG!G>E~UKVAUVTRa?X2{;a!df>-kPd zMFDf#a%6-|>!AX8V@w^Gba7=n;ioyc7tcTDeKL{Cf8s%o?E=Gz4v{L1%7HdO#Rc)l zqLXq6!g4_4WLzIU$srWqLwJk4pXeJ2S;p_Vch35Ga4a=KlXZhmp8TB{hIq zB~o7ST{zwn83WM#WspJzyK<*03E2W@Mf-CO%c$0tMST*W<+Evk=sU%pBQTBF3s?+YW``^y-#J+NR=jW4O$PU$LN)ErE8oC`7-4QB$Q0Y*$$;@cqna*=I+mp!oeMlkJg zR%cCqaEW(s$4bH$w_ftejzXjEywNlo|M}~RrB|E923_PRtbxndSD-$D3b#d z_nFfHi60bM{THpDmm4_$6tc~6^jr%Vw1=Nz+3T3q-TQLMwlQ8T*#Q!(vcCLB`5w1} zy%y~Mn>sSHAE5E)Y-=wMCV_5D1~*u!M1HMNf!kD;wt_7HO)o8Efct9l_)_&HZ9R^* zrHwsOB^idfe!o#PdkQIiIij%^s`R{uRUyp9GN{~)I`7nyM5Ae@P-zQB+rhA}&KCgr zzWegOl$+Y7ReqGs`SVD!8I|bZ5q)hYBT%1vrkPm%Exe##VacAytG$7WXi{}}6$cTJ z?2HqDb-%p@FFKGy%ubYG{>`ZYtIX(UKVdhPis;Zdn&+V*v1h#n;D*O{Jm^{cc($L_ z40MLrI(J`UMN|e(O+lyP)gz*|C0{@#(v9!WyOFGOx}`i`&)Aypqtsoy=qx>m>5aAH z-x`(iga~?|DaD*dB+7C!86nIo(oP|SL5cEWb*E=kJ1xNQ#vLb|(Ev9{fIpeE`>+SSlGiz?v#batlOIBcunjlha*!nR^I;@k>Ut|;WSl9ym)Z}<< z1R=#p>Pa*n?z+=vM$M$eY@(wjym6qMA@aP0I>B^Ud6NkHf+#xmRHb@A4xYv-SotcA zKz~)6+bb#|`{~U`;}S#F_A9IJ-AqOJPMfqkbrclRsTuE)0e_Khw^ov+%pdaZ)UOBQ z!}kt!kP$K)IH9nK8$ugTq%ECp$uG1^FN9Gru{YywJs)t30DRuYLt}BY4ugmfCM(jh z3%zuE=Hp|69PnG^g``|FRmhggfbe z$Pr3SoP-NBmQXJMcg#0RTAv8zO&O3^sqk%xomt;Wl*U{#iE*Y!yxwH1*%qW7^>U4= zI!Q3@=X!YDN_#q#IlIUyYFvGF$-v+;4umu5dgW7xD)ct+4XborW8ve=%pB4kVUXGC z6+&@@hkep%rHKY1S&q^Yh15}24jPm#>@qjlf*O6VYZ}-|~0&Tic5(@9z@#36%BVMo` zjw=_IOK_E|B(uC<^5z1+L4&YZ{_oDdXc&uY)GKk(t+~Fi>_Y;jPex+ppbk#^34da4 zyq{v?G)V3CpKn2@P4>J&4i>sR832zwiGM!Id#a5lZjc_WnjbEYNIMj20X*)D&WAng z8u;QCQy_qBe|K;py=hdS{hELe`|Iz_tQXtBhG>8!&4daoh&CEWptMa3RP#8>4x2?E z()EofvP3SIsCac_mmezoxnpIp`fKkTY-z=)LtrpS+NN`A%dJI3L^F9p>-O3IZhyJTROT@a^|AHBe}_qfwZdPZeLoG(GD zWo%wvBb1Kto)O~wdzuY^qKgsA^}Q@sF+xu*^7Af3!8>qfK*K<1vqp@D{0Qj6FdL&! zcx)UUgyG^z@c|9u=k9CN0H=#x!J0rQxt~8XSLaCjfLM=?6}_si5l1wL|%#JKCnj1G^z0f?^a4KGzt+-F`YF_ZSZ`qg(1- zGP!jHdBds5RL4p9_MY4yJA6Y_BMK8ObcqLrh{ZnfKmfYb^tSSYxUaMbPX*GooF?Hc zaX0U!vYJr!U=4dFaGtzd8`?5GY=sGrIuiAyV^}o?iZUtzP1lCA@Q@*!Fgbr}^9bh* zM+)~*pUX8HZU%g)Y;DuPIwPMRz($ftb>SsG)PFBC7OU}%IzGCO1dTBD2+aYnHV7Z@ zTk)n?6FTu=Wx5=NVz@gZKpT;nxN8PrhZqWn3d*v|h)syoF&bgk(ZU)_G@BIY231tK zn|(yp3@ZU6kt#pIYZt1pxq+A>P?S!X=&GpHrD1R>I5XJC z`(qy#{TRmyl@cb;IRZ&s)@MVUdX0EVDtY6@u4$tw8;PUK7pw z_<_KOQxDqVu7>|}d@~Mp9{dYR9(B6VQEx?Qrk9)**FbVR1N&i z{9JNRQ|o*!@ddA5VGF3d)0NohmRm+bhRIBiWU((5;P0Q!*V;#s8UKT)=AZjJ$H{1* z!8Hb!D{^13lXh@f;&u3+o?fkFG`hLHX@d_9SgX>`cf-xm-6{L`?0si>B}rQpg0Bgt zR6jHz1pEj0$sF+_`+Mbk$mj-YQ`DhQ=iC}JjoLO_t(780zVJ1|L~GER4VeHcUDKD! zR$*#Dpn3I3OIYFv`P7i~82>X7BsB#NXix#v$3k^R!V6&50PT~Y4}@%C#xdW0 znsS`;A%^WrAR#n!m*~M42mmqP>KJ3!EiQ?Bx0zry(`h%MF*0$Ke zL)$~UJHVUj+(jCxG7_?lx)=2xi4}KTH*WQi^OSUqdJ(j5%FuOb5U32|(=8<8x~XdBAd@zl_q&^I0qc#q zKVZuDf0*>Yuh!Zv+s*4Y*(y$KSR;9v7loOh^MWUW2*!FQUImjntNs-LP3$r*Np)jh53`v&yWK>D6MvC85g?HbQRRtKoV|WmZ!!^BtQ#=+uBI^s& zNsi?MWw-O4Kl7cM#BQeOo&11-O{V_RS)Fb{9v=J4kh*GZpXJ#*&DZVwkQjk|-*cv6 zF6WJsZ;|Ns{f|*;#L%}pmh3KkpJOo0S52p(oY~|$0O4VoaHE;Efe3 zFFCAefoJn=T984Qwi}(MKtY6K-sH@GNT9Y?lG2{GzCSe;mTgK=MD(N+!~9l?Q(8*e z3}=BG0CRlusphb5{OKQ_!P9wzaUqM+HiVu(eU2{tbQNOW<~d}GMu8u!km4KltK3Y= z%d!Y+-v^cx&VV58jJ9p)?6j7fN%}Kaa>Nu4Oh)5Py6!3U6A<|ov+F;s|fbDpzMcP9!;^vtql01q}V54 z<>3Ar{4raGW?oAda_By61NNLVi5a8uh1ZiOWti6&2{Pp(T91GBTn#VHPc6Bjhf8|fRv5v)1EHLoyeJMTJ=Gx-OJsO_b$H{IFL2Xu_stj`j7l54sG{!1 zPM)!94^MrDM}Q;hwNLCt;-t3BPVth{^-7yH{dPb3q^Iy?0G-1RlQGeG_zUXLL8?6O z<0cg(fD3yy(|i-_#?5c_k z+%RMHO6FVmrf><@M1+{2;)Mu$34iIkf!)T#kYfub(U2vF2EJP8RyUL(X0a4}Wu4rd zsZR-3;=su~Y5QKkjwuuq910{R`ARb{4OQFj8L0>b98UqH%-#{M~f0kE!*EGe)`ajR%m@2ik@6i~SoP&{O*J5a!RoPEC^g|1bq zv%V)OAj;Qi`8B|rOMl6twJ{JiR6!zDhV;_c4jr;G@xw1ap#w1S(Fmx#WsIwv_KAbP zNZ3~*4P>L=D|~M|?+ot2z>7h=)p3ktd3y-;I%%7%w9Wi{pW}g+4fozUDNLuFtm{Su z<5F8lE7l*F(`q=yfGHzmmmWXJup+&kFlMLW_C1&oDtbL7k#+Y^p;(?Ch&7I5H`s!d zoMer_@=>4RCPsK5at;@vJYh~VYZ5uR8Amm*=yU&Vh(bVkgwIZwug8&|2P(pg zMnH`b&U0!%>1#VN{TG)J<35W6=_*4}*VA}_hB@FjHNx*IO|u!u(@p}+M-%`XR#;ln zKRV=*Kr$&he$7GNi_#kzj|_+3v4?%CE z(eXEs$zS+f2LqR~y2otlhNSTV_?|8#iZtgg5FtA=T!9>A2`yHmu|f|}!DlY^h4|tO z-oZrGFk=SKnWII%Y%)N`>67J1Oc;F+@PXd2`dOt#bZepx_Dc1g<)zY_{-?z_6T>)U zbO;jo+hc2svKA~kr?i$5ZCIg~YvO7lg-oL{EKaI3IG)h01knSk`%uD6+^R**jhf5Z zYB#%J7bm+x4_)DHe$=o zy{s!Vk4`#X>sr3;CGd*qaWwx<73F0FyEpp`6h#6T31Ej69}=w|;Zb8&8f$H{o8*vi z(AnNA28`9XA9nti^u{yuWBgUv;I?7{D90gw^Gs;UN&>u*i7l(c$H)!Zir=r~h`ker zK{yZ)Y*7JopD&RVkFt8`+5j%3?oRQ`G=x7{#~jGJ+@m z1oA-JQzLteKPe?Ux?HYLHbk!NX`_d}zA^pjU}35e$kiVAybi5_Bk7?rVeS|(0sNt0|bD``~TEOZ%I2t`ln3B5#L9Zxe>5v0Sy664BBOPZuufh zWU2$jJj6RDyZ3<@`?w#oGWgx1WVWnv=|BbPJlXK1ZXbw=*({LFA`DdzGy(PE<&Yc+<1}gw6q3Kf;YOF^acWZa^&nrK#=@dq2 z=W>6#ynBX$&Z1dyJ3_^B=Pkk>de>$``NqB;GochZa2o`dHp5xmSO`AI4H=?-+qYory8zkBzniWG~pVA5_|Wcgb9sZeH%+ z*>g2_Fu#CZ!my3+aVXmGMQ8= z=SgT^DWbzwtsUnoL~@^$iim6VMFh{t%^qX4heqcAYk$_cgg*07ZyFxH(x1Y!mc0nL z^~svjpI)`#iTL8mXjRTd-~guM3M6r~=DzOaboqEj!s1*2Bl`wy^oDzuB}|cyyWZaz zH@85#6y-Hdp%YGeQ8wy)-|nW2TR&MU@Xa}}A&vKeLy{z?(a3)5Fm=Q~vwbk#W9397 ze-}f-7CnKiun&@`k}xr$Nb?c$-{Ph|{r5$^_L>TxG>6+K6a*>F7hyP+hw2;isi2Y! z_rwISnK1gN7;_{^{wC}$@aE&S1B4LYL}?0+jX#$IbWKdl7`t{$!LJw4WTnCEJe%Q`RN^aCsR~JFJF% z)t<4!mKy{oqKLauUjmf23Z6IUdwTgNA?$ZbkO!5k8s3jTI*{f??vhshEi__%XZBEn zStP=0@{+_$m+XGt)U@TOBQ!l3k+g%5xxH(${f28zw?)Q_7@K?dd&K7$Boza|geq@Y zFz&Fj++uVm9@yCojY~VUbF1jg>P{kUJdAuY#r3AI(4L$9FMDqCR><1tS( zX3!1P9-h5~{~6m?1Q#%+=50K50<@qypZGmWe9`q1TxfgcF0%C}GRq!JL)x-_EWGmD= z>AM%6doDk}CtC726~0cnkU(ut*Dvv=9N`c+8OK`O>VEpAZ_=Qvt(rqY?LR3 zHphB>Q^^dV;za{C6e>Rba5?KRUBo2Mub_;<+Af7s1XoGB8$7$Hs@Bv*{$c*B-57^| zUw?XZKlnIW6GadKHYl~}khXZD#Pg4so;~Hf?KOEQR2aY{S{PId?Ui zUFGQYAoH-;;JoEZI-Fxk!qL%id!rI|${JeM#b>!kkiupt1RaXqiwLbXm|`o2&YCA0 z5OQ{(*^E-VC|(sh2!6lO9VgvdZJ~9QIGkri#Wq0etRMocCcyg%i|Mlmm};aT%gXnC z>)>zJF|;bp->TfU@QR?65m-d`S*Kd4WB4}-P`hx@P1n#mt0*5$R>X|#SNP5s#dStX*vN{~sxc{x*XO$*f`@iWbzuySaOkBWc? zE0svHrv^F(LJ*pty|ST1l=^RD*yYSeez2C{>|>18u;011_FP39?B3IcJIcM)ALw`7 zHft>gaMaHM8NXm)cJy2>V(By?pM6-1Ce*qnHWs>z_?gzM-o)(;6&n$>!JjOgR&PbLke)@V;FWP zB+T`ndMth68(uhe_3wAzNj$*w>9X5J0jwIGFeYPkxKU0k)OA5TWNKbLEOB+Dc<&#? z{#yJA+PbJ8$Ez8jgR-_LfY7XO1exD!$DHto+Br>Fu)jn0n6>RS%zuC>?3S$GPP78h zc;dF@JSoAd(UylcXa`hhd!TyM{q$;x=N;5aV;^f?*#96faWfvqM>I63EZ@M2)h={0 z9G1sU0u0fk2M77>wxtElq7s$&~w!Obj!PCw# z_u{tdEXj5Ll2o9vMfoE(`vg?IgDn+-qcDx=bbV^L)xF4wbRn%TBni%MXJlxMrJ0bN zyBus_D2(C84_<6TPU@HWqOVM+@DyVkd?-WPfPC{i!$N7A2<(n6nj96(rr)!>t9q7? zAx|n=s>LQ51FY2VO*G-y>J+}zSaG@{HvKe?h#}E|>~GyQ_XMKvD*546)EGe_7ibP# z)%5q*C&B{HQ>cN3c`ZKTQ!WV@V(x0Dd-tHt6G<$4=GMS^89 z*`;|B+#MZe60Ub-FvwLbxEk7=^?O5s%6esc3QSm4G%8`V)^SoBsmkGvo)$MKtZUIcW_m;(pb+l|X+V1-It2jnhHIlI6d{t&e{XmZpUO)%$b zH*~XUEn#V9s`tK>KM=uC`Bsc<6ws>btj*5Q$?qo0#mP*%_s>AIwBm3!V7G3ub=v?h zK+wNsWoSu`E`G}0!Rqo+F$^6m_I{>Irkmijs>!yX+9-1Dm|26hynr#xht(Za_#;CB z1T_1{tdf9@3dNTdja&PS>c?sUX@!?eT>wt4_6j_g#PnxPMq65qb3^GnUl!AfB>U~3 zDClX<|E=G@p7Bvaj}~7)s!;=HdL#tMawR~29M^|+P&N?xMI-ya@p!28wj9_#yYT4j zcBJZ&v@*;R1HVE&|8xiiOu96}W#hP#b_t=|$=w1rdk!j3@0CgXfW4r&K}@Qh`z>j& znjGP@qQ-PI!Lz3uR#c2OM2N71a#vt_X=kzH#4Q5Fseu^sgrD`OV8sYKr7lIrwR!Wq zN1lLuY_aKyZVu3hm2r3a&jq%cUa2x91t*U`A4!Pk6Kk}|Ep!1)Fz5c}E6{1q-Z~m7 zqEu4I$EDrJqwJVh+LW&M1!d!7H(OH$`!57M;I1-JO9`1?D-%?Hv(l_Ajkq*Uz;dHL zK!wi57aoi$Hbc`M-QGgsGG63)FX|5)QeL>g{0GXdI{A6Cj`wfInHCU!dp|+NDZU)SMM1)4@dmWPd}RC zU4ye(^9Ez4@FwQ=d6cw;N{LAkF>cHKJ5E^#1rrsj)L-zcjFW6xo49Ncxg_L{y03#; zWzNefQHj5044ut((_^hH!92dGAlT&w*{2`HOgM-!qNHxysH$n?scQp!Zt~ljt6LH{ z*zvhvNukISQI||iQ2qKBMH%~F9v79iD<8EZ^3+?5U}GX8zS=g&T3*NW+bsg)2%5gQ zH2+fRzUTa6pJ$ke*82DD>tF1vw%SdgaWA%a{AaH{!=`hD<2R1zS}ozBUP3kn~$aq^Pz z_ZZ6!jyY!A4^=U0{&wGKdnXc&oRg zw#tKxut<8qC=maSp6#}+jvUOEOqaS(5}o-@?H2&LzdK~>U49$-T0hOCth^gZSuK^l7Tcjk%$A!hxMJr@nN_t=C&>|SD7-}=IKL}4gg zW7EG0plW12;dQ!Su$T3OI*!i(zxc_nn&HSY{nwJ!Oje$i0ptYl$i_|!w2Vkm(=|Sl z+K}uhD!cE%l?^Ltqaty#5hMgr*%x*{9iQ4Ds$p%5Bs5F`9l)KqOU=uIwn#8LGP)!d z&-zsnCu_@-Seja{42wEXubx9z3ER*ch%BY%O$S0wuxp8e2G8%TfmD|teLjdWx+m%I z%Ax9JEm3(y{DoG6H&{nxLe8#yCHrJ2tA9At2@*I=SY~Vyv>fjNNNe)uZ-C(T0hw$r-RWUOQ%9o4je_M5d-Yac zwA_D27GaFOFF=;_EH#RYTNwF;Ig9tv)cpx_$59tJdw32 z>)YoeCPF;L8Gc!Y>E>qlJ|*)>(^?jIlHL&(-wK1MwmJevuzJd*c_Xu++;HUajUqtA zkioo2&1m{7bc1waV?Qk#$=FsHhSQTWrexQaktPb4v9}@FI%E08=@dCso$M4+$QFyY zkNcrv7c>B{X*y+A%)BGDX6pkkl5fHPU3y1n&$s4HjQXQuQLt|bW1C<}+)JF=>x_V9 zVN&{Bs9-Y%Ec42jq|mJ#S=oIY*hja@Jd0QXV&|`KU*S$Bt}eHXeb(=KS&I0ww@LN~ zJ$fdyYvw*20^!E3OH=I={_6PjW}KS?v@vCV?0azAj}I)gL>P1WjaLbLi?{n=)}-_^ zqZk*wULaem^;)jdAIug3nu^$F1A$uw^m9bsiTF;h*-0cjZo)p%fI^OBP-7PY+b!A3 zISc2WzL8v5fKU!si$MVjIB!~+eTfde$T>D@l)i%T+St=UC%1vgjToa?!_^T$ln9(I z;Z*fE)M+JTu7mue$^fTeZ&AX)@BN8~0h1fpp^kbh8q^t)PW?&Fkii%YED(l@_uTD> zZAh8aX0LZny0I)Ze{X>PgUIl!Wa|}Wl>fz8^nTbL(LZBs7;P65r7PL)gZBJb4{D*H z=^fPI3}|u6Gs>WG{k?UbWjc*v{30xYrfSvxvC*^9hmd35Dyr?TOFg1lE{2Ff{2J^_ zEsTm9ey=qM^8oNti?g3d;5HzSjKLFj>bPLJp9A}H`GQ})*UWAC-=5%$xzmC+8pK!$ zfY}%M@tR)ksm;+;p1jl5c#f>;0FEBlhU758M4JG38*UpoQ%ImYOIsfV|zCtr@?LcPgBJ zFP8z}BrW-_6=Z?_+2o|xO0R2s91r{o^iF-a>3#2=-L0DPx998w$5^EBSLHa02+N@_ zg_iDl9EEf92QEiIaWD`f5`_$D%6YY*Ml+6#QdS5#il7(Nrkvca7+>kwj-~?4z0v%= z+b`tzEsk))-CXTAgVD&Ki9Vw7A<}e%83-qZQXj`D_yn67U>s<3iePAdS~pPC&Amdl z8;zeW;a$-eTZkN{XH@b}7B<@RBvc(-g5n^hX z))G2Xy(}vcT-vVZzD7*txz_ySh!qHd&BiowQFgEmsGcNNS{8XoO)&-xHqEXJD~6$k z%7?F8;1rjN2Pi(V=*=();39%;NR$wcIG-6|&Xj%GQ8W$|*_%~nSCc_4_{yBp&R&51 z)seEK^L3WSi>K-Jn1uc?RIQ&Yj9R9Eh{upIz2yGc#Dlf8krvk=c<<=pYG^&s<=-s{ zj#+bg+lfOouf}((ZTRGc{X~DGatf{1dr7PVjB?jPn#b%|z?j)bZ2xRfP_biNbc`c9 z|C94imdeB*hR>#V_V&LgPD*L?^}6lSUyClAjjI|`NxzAWo>@C$ce5=HUN;kj-}18xqOhrfE%~UHH<79b zDWhLxtQHLnW@CK}3!)b0sKgp>ol{#dU@S@Y;fX#p1vlEsDn8kxA})FkVqjj+a#|pjAw{FI0+bq|{Xn5vM0QKr zWoX!9AfMrOm#`G23+J3ODOpPe3M?sz^y)Y*RzNj?#OPBnlEoZ;l{*HTFVnK@1;3rW z4lxDL@m?=e?*O7IJpz{o!Qd21?NuFM`Tcf0{+XzEx?-KO!=>#)VHwUtdi&g%Jt_+1 zEFx5+Kj}XfUl|jrt?Y#SZcsl#HcWO2HAfINU_1MZIMdy_=uPo!oYo&956?l{Z+Zx7 zX24(HQF@Auq<0cfre*+A=5v1^LybOu5f=W3-msIrwz5&R8O#!a zGy7&I55MNAb--r!YSX%!XU$Z!lCOOHSz1-sd05Pz5zvJ~+TnQSG1#brxj;CYbMOR4Dv-QAKRn~_704V{7q0WaVOqj9JN2_+ zi+0DV#&+)3Id?;{$P&zJ`@&x=d!w;;VID220dfG3ccOlrxd8jv*Udp0;|Q{MRwWW>sks4d9C8hE}omGe-YAR-GA3(ALfcg zDv}eZS_6u|QRPSetDkW&!w4?y-o|_8Rr)-B@60w zI8d}jZ-a`ao_jsIV`t)I&qY8Kj6J=qs4bGa9{&ToRkpeEK36swEfk#B8@6=z74eJZ!pY_F@Il2Z zIM_;6W3Nvs&l^Us*a$IFwTL^;4in2_EvYTTd;;lpXOMW;9XdT|%H4Rhc6N9-U4^|B zPj({D3?2`zz_R;qO8WxNKRdPS;~4v+|A}_CYl|G=WL6F5Ns9UvZ`t>lJr}rA+oRqN zV;S%@6y{Bj*^h5YmI!|D77TxuA8>RPEd~ce<8etO9rJISpOLS}%_SR5KYSiV@}^*8 zk{DRJ2p!spDdfVmdR}1k{S^z9pGe>X1#zo(8>mlz*=SDiI-pbYbHq_a?xEk%sRG4( zT?*e3_HBEgwY|WR@2AIFwvK4<8O(3@JnjE0NkhZX3I`hgnvt-(rVSx@+oa$^Q?QyX zk;CAir)k!W#x(|pz8syTZmZmcb->a_R(SH!;J5-+Tz-S+Nc$XW&EjUD55Q30&!Hw#!jhz%Ccd_4(hwn%{8EO`5u{R@+acYwVm&1oB^%?pvl(PA|sss zrHk#p8!D=&CTzP(_}0QzbX2#UJPcdNDmlm0-TCx6@-a%78sxP<$qZ6%=>BxbT{$aq z+ubw{d&@XXRbI;%lD#De{d&1uiBH|2L>km!LhA{ zF4zt_E|Z%r!ZUD#G;#kq*|d+(xtJ2IFT8iVzA})SWI69X%wk9o=PKfL!tELS-soS% zw~4e_8^dy=3EY1L;KXMvvVzg#zVRAF7Ti=1g6vmst*F!ijn;(#p0JF#^~bN0BV1RV z=_c12b}DY{9O42dicc%<`Cnef5oI4Odza|N(F3nCN-`!^{0=CouXMV9H(W*Nxd6Fl zS->=7b6-|$Q3>Epq_dac$1k)*w%?aLia780ldePtFf1H&_LFA|CA#%fXlJ(d#g7*S z4}wnwoV;RiOP$d*F=fK%*V7e!pLc0uJ`Se&^g5b1&6Jm~4%Dx@FEru!7-;%0={4h# zb-Cos#x|J(BR3aIhS($$bx`kH<^v73puY0f`D!#-(HC0VP{?k!wR9q*WbaJ{YzS*E z$Z~!&>IAecKY#Ns?@Oo>q?+M<@Sb6f7~gQ(_62BzD`6AnU`rV?ruGMV)Yl`xmD3_! z;cV&?y}^wK&`%GtnJF%BFqkjOwF}>2gJ|*2l=Es|?c-utqtlBP9g=Q3i~VWcQdmx= zphyg@iL96Ha&sXIdSo*z(vC<*eqe~c(Y|7I^JQ$Y+-HnHg&s%~RP#Gvie+LaX^2!{ z>4A!OY?)C;xH~@U8c7~IKIOt){1h-;5p)fMv--3a`1C`Jf{?l-iwua2RTClZQo=iB zu}cO5(D=n9D>_COa~)-Q1V@P}JL4xp{LSr{?1q>j28%`c;4N z*M9YYAF!gs%CX^1iTiNcZQ_61L)Is!62zn>N#k}aXFSH5qzOJfzWM;>8jymCk16#} z>EY4iR$Nco2B^s@S!Np+WF&8BfXaclB%q&`^1A&Wm+0)y(d|W2KefMqJsRuV#@f9j z;S0jQTheLL1Xw>1KyD&!H9;ho_dsWFV}Dz#>aW#L+$J@jFU^??&xj3IAtj3L3yYyx zTX?Xd(pa25q*AZVMj#QFq60R)Qy1bmgtYRjM?a*pV&a)-NeFS?AM$Q~-t+{->9v|I z;P!64r_Fe4=yI-I{;kUbCKD*yny*xa&U}V&9+flPXuG6nKLa{RdkcatPb^pdOQHK= zDu-Q3d7;;5%3e9)J3Nd@9?zQr*2HM;H2A3KZTo>qvo2fL8IyE_BTIz0r5pjD%FWV& z*N81%?JuM{s0V$-QmIH0PD`~bsvGW#e&}iP=X9@OrK&26nay|0w0D0a{Z~69O5WtP zNydK1(U$JYYQKU5b|#(SC)T^xTW1m5hU|>f#>1M(7>4?a5_X7W;Np+Lt)@z?TFQB4 z3Cyu7+wxy0Pqt+nX5e7{ z)%x&dn6G$?Rb zHd@*Xf|{?VWi2q$S%$!Wi*hB{Qv*+bDxF1=tWTG6K`W~^mibW2`%zY z)odm_1q_i}pI7Ui3_ZvB`C9PVLZ5w3%C=fMtBsyrT6WZs-X8#j?H<$=| zcRE=UkIoJMlJcpa1w)x=gv}JC{S)!*g@UZ^3ILc?|&Y` zX0Ala>MN7$#$2;6sDY6K>j1`0>5Gs)Q;SLAdRjx3l<%20y=?$>e>p#lQNAuCWQ<;k zq$6_0uJQnO>7SYd!5B#6uvRvTzTWT^`E0nm)aLxC%cAAXT~4n>`V{Zy5SVgU)JRIY5uz43{C@0dV# z7PgFlDv}-PFbZ6e%P_Z|`9538N(9tsfQ2v)=BLuHMYYmIz#y#q=Ja=UvXwOBqeL&J ziAK_N_7gif|& zQNJSPH%Ui?7dzY16%)u%L95Il@z1w0@o*N!bP@=&$7Y$fka-@z9S(#Zu!{MpmheSp zq_=5&qq23tmAL{A}(^ios@wN_Y>j-Q1f!Ho+*#*zZ3{iDu@nN=O6hJmW|et;B-Z*E+HXD z$X=s$TqQqv!hrUC39gJWfc459iGqIBr-V5{!BMc^Jal&m!x|u?9xSn@4~G>NDZo26)T`0_|2Sj*7k?%u_P_m*G{(^d5_{sqRM4-|T(S=;pYLCNDw>^=4|I zKCU-87MZ5YMtzY4l2A7Z>w(}csI@b>Mk_N=5BAQfb*Py4YAa9A#e2~uK=NPb63 z0St}IGJbbE=ky6!cA}*S#z<%RnX%gcE5e~r&g@jTXx&}mYpfJt!-DM^-B(KKRVVRU zN_He4EUf6(7yob0=5d7Y`3%*|RfX0GQcQfe%>;XCjtkEh#6pg&jhb$p0HFuvpsrwh zVGdj7^(4S{r&wQ1!^|gwa)^F!*9;}>mSkYO`BU9mv?lLH22Xdv*31o`SY4y1tcJ9 zrnGSuB$+Hyti2T4kdFjiYrlD!ri z7m54T0mBzs$>Fw}_>gESvmccuzBnD$S2$*+b2(jd%VAfSD&7j9I2jo^f+Oo_BlY9U& zPDRo)#k?E7qLqt{5J-H-D7@c7{uM>55?}ySj!>};R~a2gMCGpQ-4N~2L1=kfK-fF! z!Eog*t*55el6+l)*95* zvpKw=o!2y_KyzqO<2Rye^DE0UHmeO;sKL@-_dc}`z+q&qW)~fxl^7_z^haRoNAdCc zI-4>XI_0uv5~q~dj{~c$m(`$hsq^vdhFEVBy##MEN0=74H4Ht1tJS&5r~ zxI=HsKc`!D36=!U+$KK|q3B<^#U07D7?Ck4KxL_JYJwl}i0bYYSu!cQrK-2t7W9Zr zU8R94BCu93bdviqYxYM{`7Z37r>C+62sWx$$GszxZ}|tOP>RVTZ1Z#em`#{Wu`w{{ zMw{3GgpAU)ZJb>@Xh5-wQNWO+ryCb}CDz|-?EN~t@Ia^gdC^?sYq*bOH_yNwOo11A zF)`TojFsOn;4nklvH1go_TbJ+yuLDN%9hYU1VNI;mXrXrW_uH|4p_4W((MPrgre#z zP3~gD&s2{97HJc*ROW(2A4^{G73$M!&b;F5xw?&`u>pKBZ~AT8GCoNIPtG6{-RK>u zuQVw~zyn4oFu>-=Lr0E$)8(9$z79qgJ?#yUTdMq#$XV?Eo}LlQ+3 zLdTFWW2lqr4xyWI-;^qMvMTQ~@Hcp&Od39mXW363hZf_OlMd8d-cl3(#$;|n!16%U zcE^0SnlP+K8IGe{%AQxarJm*r3&l|tld@|NtUz^X5dccAFE-1#G{&XG*R;0q!vzMR zTen;kq|!Ui*Aph2dfdMWIaF2EwbsmMU-_$F(6{|K*thFD$Eo|ymO%ziSqo;zhW}e~lsHJfI>Pn5{_^|4% zS3cGz2g_GA)5?-Vwsp-8&ob8INW+E-RZoy8e#to?dGeYc|-A0r1iUwSdDXuFMdIBb?6Hk!cibqu(5SI zosFf0c!{fV&;SUq4t_d~^bf zbcCMqel1ZpAipOnX%7Gn$kSu3gDnEe_ng40KqtcM$SAksl`KxY(-8>oTy?=}h*N9A zO@*hCwm<#s^OcP=dFY@LRWMosS2*2HQc|mn;E~M?^_!i86wfbxVh?)HE zM+E3PyXHouhWdD#@mMjCz?zhVs7#Mb2(Sv+HB7(0#2V)<*(2aP<6Yg--&wI~$uC*V zNX|rrJRCOE?Lte5lfL$)Ib!*RFlqIepro8^v^r^M{2iDdU`x4-3G3KG!`s3&>m;y1 z-Y(}o=XThQ<>!O-naW&q;k6hXe@OtDrodC#wG?c4epa@&bkJdlLBz$}Dy+gg0rRUX z)BRWyqSDSS#a+zfu`$5?h8VFC_a_(Wvl$7CF;QcNKlMvIO$TFI(_y{9M;^mBi3e-v zpUdi+*#_A6CRIARZayDy8y-<7hfb9)tp29oT~#>SY3Ar%U3PNazb$Cb%Di_Dtc=s%=W zdee+K9^{15+gjjvb1cvoXZ*XL|F3fTGw&j}Q}<0SAGgP<8GnOj2T|Sgj>K#epTlE7 z%*J(YR${$q9e2{zp8=X>4#hzRPDTTbMAQs?tpr#p2qiqCS(J}(=YGTe#B zhFbai&_npRm)K$WU{l|yiK>rL-c)a;n} z+Qvv7*b3YAs^HTD4WCAXsNh+n9f+g@MOS1EDYOZWtA9|jMMO^ zfp&VXN!^!>Qrr}lY2g4le2BSI?PMPIUTC4tuIh7B@R(v94!^H0MzmV2Gtc=L7aGcq zlNSwkN}cQTJJ&G~c-3b^Rxr70OsF|dITrxQ2-O`TV<3c>2{$ zX9v*}JQ9AEvyN((`WPh>5sYGRduf*C@f?_LFimrpNT!dty_a zIf^xlHJ!4t$Fwc|H>qq}6zVBVu-6m{Q%D1DE!mnP!U4E2p$L;%(tgcNLK1484@6Abg4XLz!*h&IwQ7dc@H6I7)xxzQ_ko@o;{zn2yp(sJ70#yp; ze-(bKqvaD1qlX2SiM$Fx^G*EMatnL>OM1e5!W&{FIkMdj^U-oeHR|q4u9u{um958v zw#UF#e})JbFNVDI9s~(b&~6R8Gx>&jVP!ku!yK7^Ho-nPEAEIz2c{7~z2Q=^rR$bu z6tK2U#KxmQNOXo$?}_ENZNA$Q84nX1KEjr>j2$ffFvky1Ic>SexvbgGULxVc15s*V zFNly0_RQ6uwV&4$K$^Exa*r}Nouqd5)4q8#lfwiX8MKh@P)h8nb~hH#S6Ii8WJ|v4 z4ixx!&t(2?jdeN7CNGt-ipM{)UnEeHSj1=f*!PBj4(J6lE^%@f)9n(LU8;1<+;UY) zMCti@Hg_&*A^1{0dqN=>Psft8+{S0=fxUfWqSMHF9zf3?VKUR#1HLp7lNCaIutp?y z{}X&}9^3s6#}^xQ=i8-wUlc9-DLRp}715!uZ8d^1&-Qe9CTu<3d8D0Bas#BEN@_@w z=EX&*Q;Eh~s*s9>0J_n$mV|dZM;EvT*diq`pC4eI!9J|8i@e()BQcd}Kelkft8n~M zEUz#>?ZwK3^Q1AGn$MtBjW>9phbp&(x9I_=`kWj;PzRGdDYrn9{3jaC1+J$srzgfw zt&Jt4bZ0S+Rwyc0%08_$|HfSwmX=-C8>>?yNAU%ngGkQt>(& zT!M)OxeS4lJOQCB>{JO+7abY6`*6Z@epq8{?CfT~zFt|`PejSdFVx3G-Xd#sm*N*L z8|4zf8P{unCKnoF4C2^cP}(vbznORaK$0pmK*YQzwP~V%MS`x4eibITaamHi~HNge*YKk%kh|kGiOlr z>YW3e$E=9~N3N5Wt*~#bBwK8(#Y7Mhc4#5AYz6i_1);KS1alAI+N;&a=AmQhQWGH- z{L1pC9Q@EES6b46o<`$G*k29!=xct74SsBT5Ptgm1KS$)YZ6m!SpY>SIaum7UaGni z`*MfP`c|#r-6gyW4deHNI7Nb8G{(dX5)}v#rj-02!BB79tInVB{5p zHX;nLJ*!3ulCfA$$Sxqe7h)@|_{hc8b&ZhCv*TIp?#d&yt328^k4bc68h|_p_N65! z94V6p!I0H$1N8z4n{>R&;#`@T@3lvWms? zA&MRfRy=sfwBaWK-QKU~K$}2U3HyTt29DvT!YYj)vNA~WP#wx7KSCJ}Be3)20N{IW z>%ySdTuxMY`ACdH6>wR++?*&d?h6eUN2)Qve|9*3VG?qAx?OQXP$<#!wNX>d>PMJA zqdM>0*S2bFRv7!$DyML?cN;L^>gR@KTWIX$n79)t4Sn1H1ih~VO}LA)q8>-J5Q>Y+ zZ_u!hTi6s-lB@bLzj&~pnjItJNsqGk_&XjXaPl#aYA%4uXw0~GZB;u|+`ov|1`d+d z3-1GKeqB~rXVa&|P0-UxQG}9x{M>(XR59oL-2RaJ_POX|sY=9+OprYCkf$s?~)j#1P9 zRY{v7f7!^IvdIU-k#W5${jt-rt$LIKX1}g6Q~fvxa@3M%D4d4P(x5(e$XLtG@mXlqK}FRp7zP3X@EY_!l3|1U0c4mV<@`13^mOqVWBO!i1rGWvK@q*`uCi z&_HhfRPw!dcspHvj~om^ZajnyfG1PJio7FdV5d0xu?-9(9_^|u=pt|2|9vR}Uy}N9Z99msE zJQVpJL}?U$NnMoxKpA;Y!>MG-=9UsAIZV>o%y6J+TJl3VLujkNqo`zLp(*!C_9U-P zeNT_?VZn#&T=AYlS3K5_{jH@)^4!0F)tR;3RmkUbiMgVd-{a*$sIQ_Z3M7R*l^z_^F~pM}iSzsVAj?Kvsc%$D@Zq!ROry9#t7UY6YJn90zvN7i;Xpz@0E3 z3v@eYonTV)m)-(wWt?v=59OuxGS6P6f;Ejc9xVf29Bb0^nhwjCtpEBiSf@|zV(}Kv zDg@~uw~zxk6s(xr*%#r1Q!LaZ$eE?vWmNww*hkzeM?N;>VnjFpBLJQ=I zZHL{y$vkYeayxR5<~07lLW5ZRmjRLYg@LXoAs5+2*HTU+uS&Gj{F!Z_D}^Gy_~#JaO744XJE+@`pvnGt5$9DmS(c7?Ny)R)2yLz8*Zuq*U1KaKX5_P z!re!N-IWT;jdBJ~!bxv(iXqBdl|jd!36??l>Y&a}?eQsuP|<5Ea(&s1el_fzH5$et zNz2fu8mwLfkp>1qS)ST_fiP0gP+_f*NXGpE(UFDqR#-`_?tgsW_9p!5vxG&tf#m3o z#?UH{gh{7}30rb^pfEaf!hOee=IO}m7BQKQF8nmd7rb022Jo~1I~t(XPL9Ew$bbcT zk>>+s4A^wuwRj74|A9*+Kx6P4#bPE#nw^RL$Tq|Q6|i_DWs*`^Oo}4v_&ziEA5=b; zq$}Yb{bZkowd43>UiFmE?^ZVk%0e;*fW}zd{2&TJ)0Mq^q)`FEG-je;gMjvq2A5X+ z^XqZY6`W((PE!`VRp7RGT{6nyh_uoRQ)Cws_7Zv1*-Ej0cxm#@ek@7LK~3!GeS0Qb z)@CNYtR<+Hc|R@X(loq=tFIdc$S3SL^!WZ7%Co@8B9MEFVcXT_vId;e;NCzJa@~DI zB{|ZFoa8(v|0l|BzM7$~^7|D^l5Sp(Nx-|mr+0}_u}9pQfO#DP0d9Fb1eDEgX0Ms| zbN1t|C7Qe;&F((b@;Wouqi?Gp^$wnrY?gOcu7ST>IF^b=t^lK#4jJ0O0b zJ6b|P+THn{@qFOxSUr@ra0IyF3}qbn|;o^o=6@ZviiMLIrC-6%?20+`G`; z`1XeHXd0u79nB+~H!|NC8BVwS{9j=$DU~dMo+$x-7!`Nwc(5U=hY`2Dpf(7sLI#@< zQAzkE(KssCe*|KRrv>d^dIq)Xdlfy1UNRAD6m?H4w zVzpPBT@0C~EBBpC?YI_Juj6Ny2B$sd#0Q#7?`knxH$f7DL1+K``f0yfV));7>ZiTv0i#klPOB~ zR595IwC$f(21HLWg&zCijU-i^3R?T}DtQBH6(k>Xlo;Wxma>?hl(5uUeP?iBNfS{a z1#RCXssM)>eCDMR2zj%l)1Mtol3uW!(ISIH7&{$*&40fMq2s)(Zc+F_wh&O9lbc%B z#8c(CD|9UdPRb8|dmj_#YS3FiZa!2ReuFl`h{^Io?7flY#3hsUOgR8&j`<=swpz1% zAdT`$DEAfqlPkd22E=xd%0&cEEbWjch9F!*_D!CO0E+@snxy!d0;nLel*bAzy7uAO z?}^Z!St+6pG5g2yURZ65tBG{gmgCPBjl1}1JnC@nKSgPks`r9BLu%&3Wm*$>Lr=5k z*Ci;!@w@jlyTjvz=1Sy+;qj#F-SO7&qSa9u@$!1@*pR{b9gD=pq=bVbt#k2f4K6_C z#R?V^?JWi9rkg_i|Jh1YT())r4OMWueBxK?RLeMZ4APaz!M|XFBw;kv%Z`%i@a<;V z26r^bZb2But-0_lULY%2*{SLXL}{Qiz;+BHp2?uE%H^YE(z&E`lX^fr5nNexlxCx zyJ9M7x}Dr+mzivKxrpP@qc)>@Mo@Yo7?rkN4kyn$=1)qK0Tj*lKiElE8cF~0;jZlm zpd(b0A2dKsZr`u84b}U-ezkcp6uY)*{jhVoYwl7(-M1>FwLMmcW;4`)15EQqsP~FQ zirmR@`g+=2zNJFg7|rN?BDi~+6r)w<-{4yG))saJ$)61vIhb&MkpkHR2(c{4(4XO$ zr#rg)OUOkZ`8+?6yhLXFCk3h}s|b zEIsO$6!Xq9hL}zJ2Wy-=D}VCv3?oRELY4a-wEvHO+_pD441(hF%s=!*z|J;xpf#A~ z=bE>tnBzl?WM|r`!!Q!JSWtkZvBnjFaeHS)u`YXyzbkF`o-53eoi4sX;79H+uy&T zHunz78Ho-Pt7od*RTGPNoz&Nk%9BfNXjwjJ)J{AL%^t~)%fFo0z_!v{_|cjWY)sOZ zTgozqk@e=?+~JDcgvF?tOAXS=LLWqw^3-N6O)csVK6mByx!Ou)5A%}~QsrqMa9L?+ zEuDLvGle$T36dpdSX*M%*WE^6cEO4>;0H?DSu^>#M1f_{=@96Z>r!Xb((n?SNl%<8 zTlZ96g$TZ@jCU&%T}Y9R1U@KZikJ{Fpt=td0aAv+Pmf}O*;uU`LD)Ak?yTfb71BM3 z8)CF!-_5nui*!nOKk~OQo;$b|7k0MnT_lV@blR_Ed?N^U*q~tIlsSJ*Kfz?YPaH4$ zB$-TfOz0YxpO+FyqLb9z-`@^mWv{_rVr}>U2&s`61Li}U3HxH=hmUjA*Zv8iMKS45 zZL|9c>3+IK`#Lsez)Vg$r=SO4AnreMD(7f9Vli7-J3aM)y;05J=f+oNgYi!{l@H!Z zOrLwpp32i!G!f5&Y)@;-y7y{z7Cj5m>(b5ho8)kWTiL1mILZ{NMe4O*C*I65q$TCw z6HVs}{n(gny!RFA(O#MBdCS1kpJUY}j4?dkb)H&NsIOObU;}Ojl=h4cY%9}G2`;R} z9eYnnnY6>Ht~5kos*S2DSD?8rL3z9`N5u)w9OGB>mjMS3DSl{?`Ug5_t8a$2M1Dgt z+`xeDYO&wFP~Iikg}fK^1-T0Q>957O)$k~zU-F-5?+g;1ez37;!06hl8r?T04C z&)kdhYav16vQ3auqg(=rh1KMln_O3{K*< zxH;a-q%S~Ria~`By5?3Ot1%0|BdZ;G50Iu}5KHgB-Qs%5X=fAK{L2kmXfPv(oA}cn zSyMMbG)#UjnJS9p-w9>jyJ}EUFn`l5%1w$9mO{(C4XIwAcuvd@C5Fg}OkR3=J)q^d z$4<{TuLLDK3ND|b)93uMys6!c?m$0Q1yQp5#A)Cvu%Rz8pcF73X}-sNaX<#~dM>Az zEU}#;7XNgP8QI|F(%J7mmC!kKKzu&-YQ`PGip3A8*93(RtYyw^f`gW6|nb zAQ)WKo_z;xJ@f9OSr@(a@M5j_On@#kBF@||h;Od6x~^RVFMcg6`|aEjC=K3pi6Od% z^V*+a5lTDW174P+>6IWiZ~()75!z@nc(cqpbcgpibt=@d=$ZU$Y44;{(SOKVrV)J} z7;P-&tU{x~prK}J#bjAfSNPxWa3}MN>Wn~$S9t7#>=&`~bK!W9Bf;7nv~`cPAq=XY zot?Rds}Z@}Q!o6%aF&aSL_5~qF!G03mPI^*MIZTlHqb$6xq@p+2vd-z!e@ruH3dHj z4VkdPhzJhvKsX_?b#2NPQxW~bYb7Tb>#mntOGuE19iY0!gTy$XVa6yBuAdJ0s@34D zXVQ6vxAV#aVJ4*_+kv73Nq!<>MvW~>#7DJ4Lzl#2_bwh~t91zmgiD`(%{F7i4uf7S z2$_OFo{UhfLJm*?CH-`=8?OKXH)6C`CeL=pT6G9P67qd;C9!vkE z6m>&=RuA!h(w8i{styzt&=ellKE<{d+7dau#|%Z6r`W|rMUFUjLtEU~^EKiFD`I1Y zhzAa*1Gf|-vm{K|iKNj0|Ab)Z;szWRQeh=14Co&D@6W@(p|}O8XD7BrALl{PyO%`9 zAWJ^^lMkcuS69fa2V~0}&Da5HeZSiQ#S<4F>5`dO;pGX;AY!FeJ+#;3xXp{RuawoAbJ7;D^LQ#f#K6y zGji$avBRIj8Xppw6{q`8^9?OWDZt3kg@bDu;CIkl#~_>_pcGEkg!6sslm#RG*l0^1lgmYO1jJ|0f#H~>N4sS$RUlE zpS@h0G191JDqm|@9>!;tV!J-a^oN zV)3=vvR2Zm@_Rz#tl$H_D5Ns%H7w4vG6)09GDE~%UDUxIM=cwRzNk-|IvjSMev4$t zd+G~G+xxLw`^w_{m3+S^Pq+A6(6_p^XoFm5fPDk^&SQ0FW_|n7vu)!~PHW}d-)jBg$X>npRs43|X-*S_`Th$`{!v&F`GfoH|EU^o{44*|-1|Mt zKrie-f9vPw#sjHGRD*wf9i&#j_?cdLV&055j0y~Iii4N`-M6mBP-_16UcDq~vKd$+qX5nr7zY3V literal 0 HcmV?d00001 diff --git a/tests/compatv10image.img.bz2 b/tests/compatv10image.img.bz2 deleted file mode 100644 index be6aecad10dc0d9f75e7d0515173abd75a60fa72..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 64969 zcmafZQ?M|+66CRMeaE(K+qP}nwr$(CZQHhu{qMf)Pfc;oSA=X2LI*Vemp*ZbAxw7YS8$NRNM+jE!a z<8{>Ci}q!7S3_4#1$(x_Rrm z8SB0CezkK-c{$zVz3tue>ixQMdF$G^YU{bZsq@IQ>%ITdbLx$(*}Z-9xpJE}{JQJC zm2=(d?AiUAtJM9Eo;}Yqo3}i-wK<=*^flXF&(9khw_2UsH`}k>Ik(>14WGs%*0-J4 z|8m7z({-~};?{E8`r325rRmCo6~7=8 z{(wyUkpAZBWcdK30O>H97Ns%FjOL8y^T^W3006{~`uIzv>6E_6(g27NrO~92{*eBp z$dnOE_eB4N5ry=(2wx(NmSM(XU;s#m^ao;K#Kb^WT9RQjfC0!frUyU616m6 z2%rb}??k9@_)F5rGBEt(=7vytNuPwRXD5s2m}CTk@8M6&;LL3e=Gh# zAOH}!;lAd!Oy>3e{D24`5cmN6|IZzCoEAY(#h3b}>EE9sfja;I^?=nex*d;ln!ls< z`zH*5KL-f#m?xC{yX7J9Dc#4ME)ad!ULAs(B;lb0RG~Qdjc#YFb1*KeH=mGB85QcK zSG)Y=kv;Kk9txhg?&KEw`3p^%N5Ph9W^FrAfrP8wQU*Y(LMG3O`KzsH+M>r*D9nPW z&{U=F`GerhKmtMK_ofL&|8z4lYeHJSO4!M3_?n8llK!>$wvwQIeYwU&qP5x2kLc!~ z%{0@k**d-6N>xF`BvF!cw%V6LS( zbw_J*#v?Ozji~|wAbr`a@bL#3j`BoD=0|6qgnyzwf{|9s95GVstse-zy|fSA?z62Q z)<5wJYFWv3>ujilO1x2fE ztn7(B{xf9njF85-0;}f)gl2|jI zEn7XRKnsYeWi}y1$Ay12M}e6RiBpAJUb|1RW4b67EF;Jk^?sdPX1+_`nr9(?Vazs; zfGWt~P~fc_Qjbv~jHC1@eax3b=^)m@TRA6g={+|~Ly{EX;~hiyeLQ|ULhl&yS;+A$ zsn(d+ZyI(IJ(<2-_&1c`PMPEEiTS40__r}9@o-P`qWnEphXNn3YPb(|90kxX4t|TU zC4y$XbwOJu>^{IV)6bczUiK#s2qmRO^XEe!?79^_R(ZAX5ZUix^dP_(E>^J9mRtV} zz}>8@VCL=Qbnap=?#?zCz)Ll@6BQ`V#+ZBIuPtMN-s_P@DSQ)uE?BQDJ%=uNjXP3%{`l8d<$eCZvf-BRPIgfkGZCLxY?BQHFxkVyv zu_K}{OOr9_;&mpLAOh2nmSe02r=igKm;~niJN#c4K2(hg`D1dl92Q?aaJfd|<8R_0 z$S1h8VWOKxwkKlGX!4626K00W;x&Eqi_l?miscPIsYHcIEc0*yxTs914rQ+ogL8ns zvx=u(hq#Amc{6giQ)7+&A>>NtGAkt2&PmNbLd`AQrNRGnJR0$GaSn=N z@dKv&{z)SG4Y7GeJ*fHc_B(n<%8u?tv#M&$_n$2WmMF6o`rU2 z%F`4Lf1eJN)RzT{;g-sFqP^nS5GO(WC~Iy@YnYF2o`Z5lO2AXiHQqOl$iEdKA~Dru zeJwx}qY~P{)BQmQV+bG_crO^p4{5HQ+K~BKq%QPoY$ql;dl02_qEI0DbP?Wg9#Hjs)JyiM~ zRiFM6 z3+}YPa6ns$IxkGrK&GfQmoh zCDt2qmsCo+z<{Y;D)kemI+otTqt@_+_+my;a)&2-??65-r>2zXa6XuK$T9wgNMJ~N zCpy6~TeT5AsL5tj7(>Mhe4A~B;J!0DGn;K`eUvV6x$@w$poASZ~q?W%2!+^e`iE+!-c z4}+8bs)$l{sJXG?NL(#XzWa~QcLF+>_s}L&iD3r#iYR23Fy;w|CvV?FV=)HTOMi-+Vx&9ge&$>`4jO$5d3V7l z-sM_X&K5Q5VH%IPW#;)x-;YoaV*|T|#H(FP>o6_wJOrVTjOb zV4rrnHe;cKx6zlsE#nd$`6F4;erHnmoVPsc~?#yK1egKq)Zp6;Ur zs2J=Qg>mgF2AXndRz&DI!gQ#m{tvdU#_5cb7O$7Tn}7Hn4cB)}W3s}ijQ$?5#4d}e zQ#`EV9d#Ael(Wup9sb$A5Im+F_TCnH0Mg?43weE?U^WS0O`wkn8@2RLhcV#WPioPk zyp;ryMyp78fNS2fPP*Do9(zOy_tfX4oYUZHOS{DG!S~pumU6c>? zyZL*ZVVv94A%@i?Ojc9l z1v_%`Cb*er0~S7rc(f()dRiiJ}DR~M#` zr&g9oXR>TghuYEG-EA(^*&kju;}sSdWrSCZY+6=v7+W+MG7OUGcAm|ml<=xjj_1b^ z=7TwhloSJW)<<2Ggkfb=YJoVYrhas=FmX$4A@%^r;Eu8?LZvq*1wKS)dwNHEC?Qhe zUl8=FSHxk>*R$`2W|gghqN(|1>yZ;lts>ruWjJdbOW_bGn#le_He-r7&te6slXDdh83LMnG{`YUw> z=l7V+*S8jQxDndhckxZmvZ@~nSM7YI+c|u12Y*sVq`!&sW%FJN?a@|tf@8$L%q2Lj zLqYRFxo~qZN!#-G)R1t8?H5!-K`DL_Ee-zPrcf2tMq7kShDHdZ$}urP%A+sfA5I)? zCiv9H@SRyj`4hH13^VTZ(0B<-N}(MQ6f?q8r?`*|9?Nk547{y~Z30c9MdQZl#i3CW ze3U5prMUjDmIR3EutQR_ymJWE>Az!GTcx~)7@kZ{ZY^48BV=^OgBRDbZ;hkz#2g7y z)AC!Y!XN`1H^(RH;qiykHSHuT9Rb?7gHPvcvHOUx;Sv|-K^x#JrdhhrL!Iuy7@(xf z_O2#KI{rN;Hn{puB4`8fnQ0yI;-q>d$vkVc{nPEH9zV{xmP{*3fi=B{ns(BHG#Loj z`+sJuR-Ez<4Cg%nGb}ttJ=MnolB4h2wWOD6G4@D1L3e(sQ^~tHU;~^@qYj4_6f!{F zX*F3$e+aw(#WAW7&s}CfD1dsWA!~+9Z{{My7lvvA>kPDbnu3QvKZUcB{F8I3_jxhtj}$q5v@ z$D0_ovz8N-S&^_v`-+9|^<6GnB|p!aTD)$T&QO_X4~qHOX9L}8M!mvGu@uCyC=^Jp z=B~z!b>UmNZ5jEovVe-KsXLUOf_ggPy4;Cd0@G`Vptaj_E=RhsXlCzfa8Gy`hZn=a zv}KNqNkfUfHGOzio_kC zmK~j29|n}KNhM}@VD9BTSLGv|dG&MBE~iN@0{{j;I#m1XB(5uUh65L@m=I2$oMoA6-JOE_zByl`fmgMYz zHu6kHn1zHD64E^@@+jd!A{i^TSlpedz1D=_EfAXbMmV109D0S;{gHL=jP$Nzg@An* zh4!~KAO)GVd<~#Bqi;DRT;*bD$-428GTTLRurt z0U&k~JdLFS!t2VTztjC41vkcA#6H1mQs%h@1S&3r5{C}0ya-+{S_P~}%q?J8GZI7G zriiNy6MQe&1K0-A%B_=M_JYti?YLq-{a`mKw27Zk-xJWjSZs-2 zS?SwJlr&e092B29;W%f&8n3rXqj1BrWVgjaey-5xR@%zTy~9K-d2tb{^XX-#V)gLt zSyLM6-m_C$d~>=$SFd}GKJWBB=tkXQqh>YjPaY{L)oIl7%am7(oBr96m0QSjOZ#9) z5U)6yV7fSZ%}iZ(vdxZ1#=aaf<;yy_g5Or_qP<$ekbL9hYC5hG743}FWw{%fjc331 z75Q+9h4MszYB-mRLY<=DaQV`E7Q-!97#A_mdl!_hAli^H`MSQ7e2(kg!g<_a=^SoHW3vGN zPRf|RYrdI!1TtFsuDJ$ z$Vj}3naOe#M*PHhe??42B8}3MV@ybJ{Vg;TX!kMN(S&)`YU8n-=Ppi5bjVvLMjo!> zuK4v5NRAv5vvQ194;Q=k2F!goKT*oM@3{yjwav>rL3y|VplCUo)}_xg^_>eE+A-1p z!{ZW=*VZE+j%r2JkwqwxKq#!C7QcCJAp6X_D*Fdqcko-$ZBvipqE4eR*;K41dWl%g zaul6)F&a8ST_2SGL!AqW5tLV)1>1aDB-gR^=?9uP7Hu~r8rfz9?5^`X9b`<35Bb7# zdEy0{TjcZf)!$pZm1iXwr;9;19^h-eN}J4VOvHHjT^K)Zu`T~CU(FXuRMKVz3jYu|tt2nBAMN!>` zyO`+V?gjHX>6O|}z+jIkNe_<-T);|~|M~fi$PnMp@y}+%dIh&YJcJQTefBGwo@v9* zB)YT$2C2}rw^_zTC{B}dS4aBFApOd$lXy8jb5pIaeul=M5Mw6_Fh%7%;5~KNRuB8t zFLb&N@M+hjDLV(EuFBaxhG?x|n_QwNQTfQq?9Wr4XP6!1ZJ+?-VX zwQ=IyOY`?t>*IujRQzBLtRj=#qj6S}lGpgT9C_Y-KeGIc- zh;T~CRT`r=8>U3LU4y7^UzpHu3b8tAnsa_eIIOvf(pBAK@=byT&S+zm+!{hs*<_Ao zhk7(Rhb{Pcmm3@8;w)-35w8$GSb;o-$@q^USKDbEhtb_|=R=c#H6LJ=J^{C#21!eV?eFE+6M z(%YjuuYuapAV3w2=vfS?Tm%WqmPC&hB1~~m-H+CG6uYXRS?0%>#w(!XsE+#b zRnZ7s=LxPy4hy-;_;IN}jXhSjs^T+L9Z({177?|ClmO~Fzj9C2y=D%W5XJ~U^q2O* zBKx*v<}tQxqH+e1(UJD4B=65&=5Yo~&My6kVi3k_&RAQty<-2vLD=SbRT2gGOmCVw zj0-y7vhE!Z@3x}ph|5rac|y1fPu)vWHI!x25uP(YA6%b(E!*zZ{%_GAGw3wf^ZmH- z%M;}%=GGN2=?FpD>-UL7dYZ1P)rM(n#MBm|iuVU=Pe-2{Qcm5rrV?m9Ys)7}$&CeA z!R40b7lG`{`zXUzLZD1?Vffxp8kK~~UFfpFb^mQ-S&siyMC$FHrK|~FIQ%Lw&gk=N z8H{+G!GD%v;QWRsQnFx=l*DQubj<7A`WJj1>egDL^4Q#uv&>G^%mkI|ABA%Ux9T8-&q$NHUH#93}@7I&KIj z7zqqFJ!VeM&@ZPCfI`Vl{XNwMfG;;7gn7BojFq`jiv$MiJ5gXa2@gilc_yRJ^Xc{r zpb8@WBD#0qc*RO{=SLEYWvmh&#8bI6^+vBs(3&uDo_LIx;k97PwM;T12Lw zWn2cyEJV*Uw)aPZ73p~L8`u5)HO9-$4_ymp*%M@hIq%^0*56gS))m_w?VCGOK+eVo zFfo_$mN7A0xyVM2T0uAX6uWx#O2r^Ov;0nTBn&@9t4ho|N}-Vu^ihZw8k3V&VB0JE z0S@Fm|C|fB6FNOV-!}t3X{GK*HC-FT#h~I|l+jW$@#d>)Qr{nTj)weuoY#;Q`X>mO zYaZOZ>v&J1HTz7h#Esb1I_}-K!R;};$Q+O(t^E{dbs(lZQ21G3b5s75>u~mg;`u1# zwy;k%cfMk2IrwU+!H>-}3p&vi((U$m-6~$IPHio$6Xd6tBw_%r&dW- z*owo$p#IK3uq7=0y!|6qIq-jE+_02s2Qu|9{DCklv|9n#G zV3JOrV9{%7MdY^i=xNv4*P2`moiM8=5d21i99`^nTGm;~dLL+c&4#tfeBG7Te_W@n zwoRtcU?h_!QVD7ttAk}DF5(O21;ydoLJEZckWpX0VYs5|p?~n6XmNOf0TT=3XK>io z3V)-dvx=Bk6p98bx{qSV_D^ZYa{rV8VrnV1C5V3dV5plV|$$113PLC!caa#kEvYx z4)YvdXXQID9|3xMg{L(&(QX{sUWFGy?*DOk+Z(FyB)o?aw;tp#AS(2)2)`vMBrznS zqsQ~$k^k(iawo@(03c7^FQ!ap?aKOQiDiD+PhbDyZ)OoKM6Fk78$d96W}GV4{YJF4 zrpG>l-^$+qL44;fV%rgZ!%buCVqztSQ>p+csuo(-6Jh3pD7Dm#HU}Oa?@RJz68$Q! zHQf;2WF~NF2*&a3)8V@ByCmi?zO?kVIu<(kmyH0|52Jh>mzg>pU8eLUI#;s^Pzoap z5?C24g>w5o;bi>N9`zT+5Yk)2oUYB4pQF%~kH5(X6!{Jk|E2v(-t7ua zgUaF$hcv9{Szs{TyV*C!gZKTg$ZI-tq&Z-PXn!(Fy0ML8(^!<<38;FR*T#?klt-75 zeP@V9;AfK_e}BYnmOq5ij?}Yx(WiEx78~;_&jGzz_eP@oKLZ_?v`S> zFfBxHSvN`SO<1G6c0x!h7YsIbMaywnVdjr#;4Uf;TpbOexz3JfHw|L-{;X=abE^2( zV29r?t;k!my$LsK;xxn<+b`z7D?~^ITeGAV1ijU^)T>Uzv++qC{vd(%sYOLgORp!Z zD3mF0I|*DI2f=1bkn-33V`666%t~413NBGVj@wWG=oc;YQgb$mBkl*ig?)C-QKBh-fYE-aN=2%5{~ zuwc=g?5-IZC{>lqC3@I%Azp}RAT>DdLT&S~du_!;A|o_*c_uU1;&=3KH-BD)h4g)D zNsBsM6~*pM8#+8fbuuZ#WVOY^=6)oY0ZyeH{?ynUdxpKW*$6N=vS)Tkg+XU}u*e(8 zm%L;ta@_cmV!ZpGw2+?h!l{Rpc$y&t?$3GO`5;O!SPDHZwQxcD)9E1qlHWhR%s#m+ z-J}=8o@=?Ts<7c|HwpC=Ay+hKe$^sPBtQj0O$4;NbSe^vLcck^v57YzZF&8k89$>e z`ZS>mrP1>OoF3M@pf* z&E2=7R;Lv{m}vU23R44*g0LhS7tCdEi>`s)BtWq{{RF_}w+57{5Gb+rC~`Adl`B5J zDGzq>343tmS=yBKXFr(;%uuYz$+}-ivDhnB+{;M*>-KqSW1D=RKed^=tW5h&erdo2 z$hcUmPniSpjF)ND3goGCFc2jZ%+^0!g-IN*Y08WuitWaCVrxDJ2JO!LU=Z_@j}5mi zQ${(ckrzlFl+je+{6aKZ+HzB3Jr`yx1dP$WH@Zgo4h?gZZYaKp`RmwUm$=_JT0>gV zAi;wu_5TD2G7rvrj4H7t|0z5zWZnanUxJlerLsh=n0J%c=_my?E#_G`Xno^)l!qvWy|B z;j@~EoidLFmQC~hXv*^G^79g6f8o_L3AEoUem4QH(Qa=x0|XNL*ACt+XR6^WWQd^6 zKzVpX?Pz()DLg($qjgr=RU!CKb?dLu-+dZ7?iSGN2P2$=aWdah=zTN`5#A35d^!XgNE;k0GL zq0*5|aR2OZQM{9W1KaAQtj~ptQ)b`OknN8L(}4NpH(AVU@k*wMGCI%o$Q2lqUYA=8 z<3muxZqkZm05m2|oT+4IzD4?Kx#C*i;BoBmdw z`|1nFyzEf+7FbQ=Dw@fs2%?(%PCM_*KMTwZ2TWR;YtAJ~lkX68`0sLgOZZInj%Yq-OF(7u1enMnfYe{uZuo-rsbP z@Bv1bo)_uQ(n|(Y9+=*&ySpFP+v=c7|4Qx?kjiwLm9@{=SNvrv`b;VXU+s{K;G1VZ z#<8=N(}z~VwLAyEz+B}=>A;a^>E>>JiK`*XmBDVZLnwJx;#TH#vBa3(-WohiinL$n zOJ-jam6z#skzlNf)hvS2a-nJ;?`qa@q3+g8s!%?2T}rUfp-2lHsVXCQmC%fxf9h&E zf9*MhV)C|d_O~B4vlmtXDE2C4p%-bWH8A>lQcyV1r9R{lCD**W1;QCwhP!=7WM96x z@I8OlSqs#k=t9uu9e9cB?3Px6JgUv{<%U*Plh{BvBLu{jkZ; z3p(bsa*LYWN&G|Kmw=W!YBZUN>X;Dv6hq-IJ0NZ(dVr|cCZ}*AZ9(_X1bFtCJH%CV zRlR3gmtW_=4tXu6F)0)Sp>Rk6{34$o7@ycR9pK5)wD9^Cvzb;*s!Fm2{56cVTsd80 zelxqdEuH>*S~sAj({6v~EfSNS(m`w;tF~OjRVtanLJ*+GAtb~G8*Xv}6$r_7)Btcv z9;E12YOTs2h`KGBfmSrf99{W0a!BYuStT)MmafmTT9>Z>*p}j&^9VvFX3!GrE&p@3 zdHWj;`_8c1B5*<((c#c=Dy0DZ~6_x>GKoLA=DSGn)ROgY0DfxHcZoNOUPce=)j}l0oymLP%u68ia2Iaj&F;+MtS)6uXaV79Uz5!awRCPcuF5kB&|D}N^LdWEsVE+#t~T|Z>2xQ!G$bltu{Kf zIJ9yZw%N7V(7+c*=|FpIGjKGHN(|HMfFzJw!SC9gF%iYeeIW$pZDokQl_ycDMxXi> z^m?n^+{I`Q3x373*IcY&te0Mxps4aBy7543F8>I$0iv( zGPVuxF?Tx*;=eDv$kunXGg)WRB$m|>`8s6vgf5dl#E@rFKkE_v1`o3fd19A zEAh1VHWb?fa0YF2EX%^9T^VW5D4HhgSb>IoXnTkrLCw{cgM+Acd8#wu765#cU|V4!)#HT~GBrS38VD zeh$ZmYvrJ+bQIi;r|Z((A%$cJMd)f!xSsrRGC4GvH4Cvg>Rh5O)VDw_%R9tm_CiEmDVx2`#mmQ=QB(KedHwBGZOJbvUYo>e5O&I)nxoOwiV=!1 zAs2-T`(q$6fAi(^=MIUTLqDPpm51nX<(YI#DJ0rD^TN=GRdUqc0BNx`;aS&m6@2n~ zZDpxJ4$*lV{!*Vq-vp2e8$M=}N6;!{jV-=Ni3)k*7!@Y~MbxBi_~#H!+Xf-9I8VDz zq}Xu17?Q6|v;F~5D(yy!)#Fq9uP`Hq>|8Ne#~7`a{lH)OW^`HE0Iz(Z^SZ{r8&{La z;>Pz%3reCSYQT+641j5R*0@77LWWt@E5YvY&1K|%eMC!zZQhKS@49o}2HVaGcFo^` zBJZIW-&tGsx4x^#(=d$2ySpi|`yQY_PWE{83H`?8AER(mz{lLq)OrwpTw7m@*s!v~7gmr%9jJDn zgoCz0s*@o?nKv^I3&n%jd);zZVv~RBVY$#yJqS+xQPjFM8=hV1aBK9~8kN);Yr?PyzQ>fvsV8TX6h z4;F6Zx0Rw4>TXpS#2?EF7#5{@I?*kL0&;@0Y?r5kDp0$9ot%P@#KSJiCzp%L55%Nt zM!Z**C~{FGt5{G~&o zS8ji|-D`>O((I{X*8vQsX9ClnWFC(e1a#d=dbu%SdM5urp6f~-;^`gmg(!bOe|7^;%rjn)C=f4fLS9eLnL^ zKAm8fq^k-%(J!%^LnovQ=ur;#Kj*Qftj*tGcKJMy0dKV5WyyHb0nj}k+@~cl((729 zb>kR>ewgWRGFvwibiyYicgOH4BAR*Kaj+}r;!Rf=U-A|9tvEo0SmkosZ$nRVTccAj z7%d#Qu1Jn!wTkirnB*}d>lCbWdyV3Zsn96l&5vGHFB_8!BhNbjVNPmqOVdPj-Sfm% ze3!1dpkIn_omO$6y%y|1TIwTfE^bH+2DaLkk5)Gmtb4s@-Hteob0c;8A5kgQVqPfX z_2#}^e_PA#W1Ztc>LM97*_R?U2=aq;sTe}+pW~nw4bv!oMbD={nTu9fg!eBmM;wlA2?gnFg3h%K2Hzz)$+9jl z->`0+uH(QRdg;W}sdJaMQ|+koJ&dtQNlIuyjhH|`ktV5@!;y}91Q$y44aWo@ptX!5 z;j$j!fq_ftlxR;D?Lz0&NMc57W7~U_Tsp{(D2_d{PqUJgnF{Vjf41aGB{cK)xr}3w z84z;eN&m+e05HaC^jNwh(v5TNT3xl>eu`xaqRcE*1CPEq9%^;Ru&e`A304KRg2`LE zEAyuW5Q8JCf;*mYMv0h2?dF1|llIfwivGidQ;;b6qw5I;a5}RZhSJx_ARic%2`>Es zk*SMWkEOV9>InGeDj02QN#=A%;_oGwFHcO`xv-9Be1*+dC-6_}U1Clcp@3+1&(1Ac zXED^)wfSq=3u+ob5A%jx+{+ot`vwyDz5~z(9>=7&)&9N?=+fBltutpG4{?)9QuKLY zR=0LOV`O52zT9@Xtqv~QrTgKXd~F?eREgCbN(62s-4BTQU~MKvZri6ochfE4^P#$5 zaTbW}*K8Jjrr6)i@KP@$v?Yu-42xp3$k&H*?}G#PQL^+=Me>OB=NWXH%JNW0cMo$j z)-q+(*cL{giw}UCPot$lBaDqg(Vmoo-BZyH=5f8qHr0Vzl~bAO{97z*XuC1#E9z7W z_pT4#bp26KYU9!5Pjv=K2!{;X1KG2J1D?n^gP)E3D7G|wCq#R4d zy3XL@B0cKMf=v)ih>a0Xw}zK+tY|@vnhgyUYHt_Q{qeT}?SZHzuuPiBZDU@-|zg z19^sb3cKCCdhGMcWD8*(dcd)6?+AV1nf~oj&TzwI0Q;+x&BI#=n8k1C%v$!Bjr21z=Nc zWdEc$Tpq3o0-M&A`uJ7@D+A=&|x`r_Pj0tvrZ&-y89@)U*s>a zw^48;PNe4bB4SjgRre8rVtI4;atnhlaGFu%t%0~FUj~rf(I~AuRiLNt31Hnaa!6Jk z*2k03`(XSO+iyG{t#g))|1hd5v(3G+$)&G z>%{Lp-ix!2V~XLQIi_~lEiwv!p*mLMC#!2CS3Ae`RbIJM9 zum*(B-tr~U%3zMv*@m87V!%I&Wg`FWd1XEA%x>7zR}Y-wdh$p)4h}g{=SzJApfHie zi$zwvaM6Yb8jIWrUGhDw#m}66Bl~%q?`_Tc%aWtOwhKay_cmMjXrKOjo@h)IQeI0= zef3cdB%+KwtiK_gXZ3PcNtdH1zeqxo;8*o+S0A7DU)5L0la?{U-0ScEyj#=SWm{1h zlHproxF@XzW@P+Gqx{JWu`5LJ zcf$LkFxKaCE1})X3t=YFDg(E_%rBe4H+i;Oxp1(OC=6}aFhOZPkhTvZ8+|NepTyI1~G%w(m;o?(C}jFR3I1}mmV%w^kkm7B}5E#JhUorZHfQ~Z>0LNJw3zCRyn zgwBlyQL=y6gvJ;|cThU6c59c&vqTu`FmY<_@GjF$7^(#Rtq;(O^q}xi{>+FQ_N@LF zvoV2mpruN_ETbsRvt+Ro9X>W6IbQYt>IMpxwt2EbP41;xWC{r0$uBY}1tKnFr=uU;c!Pu~IIL7f!!81N%g8Xm)O zY0&64%+_E2WInG*P|QnT^0#bqVF_5w<(Rlih$kkLnU5K~8I3w^pFmV6eH8O-XUwg5P$wSns%CM{Uh~pjPr#832f{ z6I%9XLOdY5WV`Sie?RiVt0(Lqe{sr z+27IYGi-TQi+y6b)g?(dOV>X(uxK1s3JYYOg0>&EuUZ5dM;k?ST+lQ;DKZi~Q;E$ikNc__uuQwC_}r&Q@YyrN{&0UUb`5? zW=LfbSV60C2)8d+H5Xk^wV%{p8H)xpoRrU%Op+U342B?q%b*=dkZqX8Z6e0g+xj>u zkj;N(1KJrB@vhGi4>(0B8Q`zg1OA*kBYh=tzFiF_Ron1 z>dm8eUS2va>x<$bBzly@d8BmIsrvq8_ePSCzubV&Llk}@)uj`>O8l}h5h7SpCE{T% z5=S6S$7Q3u?P^->9+-jym%rJw?0U%GN-x>aw z&7N}m7=L2RX0}IRXy1w3RG^Ui1~?y^!g@iMMA-d*D7|6ugq_Bq$e?Q;{X9gS-$9j@ z{$Dka#omHM7Wv89iV5= zqv}maUL)IQr~|wZXK$HWUF;0NPP1f)GRPONxGd0fpdU8yJH|;R2$uQkXNitLVA;5) zOfB2S)ODH+Km_%igw#>z z&3Yxy4mYWS?)|nVFWVfKJV-=u%TJhMJZ?kAjC5;`ZGnW`OrK8sL!|Ajbb9m~26r;; z33VkKJiDW8;2A-_1aGD{*XlVO6vTbvPL}P-MbwX3Gp-#37^7rdUT_A=DAU}kvt=Tl z(6VJrgL`1XOc*kKvTrKj;?0(uWNUvQUZq8w3h{8baj`yP`;S|Sd?@-@m>)5*R(Mr2 zOF25>$P_P>sun!s&QyuU38xTJQE$eTikUm{_Djn_LIUc=y)wKaw9RjNOvW-a?RZ^# z`40HL2?*8o2sQ&Dn*aSH@hZq9VTW#o=y%6tem7QAzzsK#zyMSkB%|Q50Hyo}ZKg>! zY8b&?5xlBzeI#*w{q-=2eV5I5aA4x2&-&Kxheqg3s}R$mc>Y&(+yf%|T`O4BGc?2e zJ4I^LhCxtOf73@|LJMu!iNw_8gQ)j#D*HPRD;$xq+t6oMagPz%8=P^Uok=f%osa6( zadvsri8?vnhf1)|6C|gc3iw4S=)^^aw%aUzyRXb8PFxjrX=#@Ipy;s@QLZ8l^CF}W zs^%pl8jVUSs1v-SDA3wbAq%=!TUS@2TYYDaw{BvSJ`tYn}7*@rR@U9YaB@4wHF=Msr1fFLGEgZ$kwtOD_ zs!DNjGQ|}KTvTxopOT#3Q&ez~56{%On{hfbvn~?QG2+&J z2=9{buIiz?0Rb94T8B;G)oLx>B+`|mFhhD9o+C>V&b%G=*1p!J*klf#yyGYry8Us3 z9|XTH>uVKrY=4U;SqGIihTNcJb>ssP)@mApXD#C2_WYe7K zu&NGoPAtM+r6x=lX2O9}P|4D?Dod7%9_BLo!f^c(HIZf}sK_$;KXqeuW0kLS>T3o2 z>@@|M7l))YpPj0Y-_Hl`;!Ap zOC#SCL4{?m60I>i$LjIE7#ZVZIQrN%Ch=CDPp$abfIFC3GJB;e)x{DyWzFVq5gZCV zOCm=C`ei{K$voCDSDA7vHfAx-Jdq8#LLn!Btb=OJ7gfW0qngQeo6!k)o|Yv#p(j5T zox|uS8L}42o1zW!jQ2D;OH>p0{z*t^@bQfc<3{Su|9kg$S^}0#l_l9aujT-V80rrf zQa9=rmP@_!6o3FHG>O$@yj+5G4wi?$BL(@M*fF~>)+b3-E&c+EH@p$`2MTM*K`a?7 zGF0Z@x}k)0g66~bJDnaQ>=XuXGY?BbIUn{i4K7L|km!`S3EN3yG@-tYPF5_;+Z-#P5ggm6C` z3Job+kA$KVEY-+JW*7G~v1d4bhlw!GlR*WA9r*}$ciUa}#M$8+(GHo(9n)`6bDNK& z&_+4XI_$cs_kw#xvHo5zJQ%^g~}w~O|z6yt8Ik_n^x zjd9RWLB|W-S(%ZrWDy9!{-2L1Vo6#nM{r;XIMMAa>Co?R)3w zc#@B&y_|>+SBz=$xuXlGW56v`86dd~N73m2cB!tYKaZ~n9V&+AxGC;rje2GR%8)f& z2Gp*CC@K{X9e?(TQfz6FXNKj>jAw)G@k?ZL8HG+VpDHy~ap%VaG7H(EtD%{8O2WEJTl_3wKjJ9Hec= z;3PiM0}`kjQ0C(HwS6pavTqx3{rtVu?fx?#u< zq=9B?GIX9^MEEqr_oNs~Sr1Rl+=R~Edvi^1QS9NhAyxf^>RVp^oK_MMo36y9neA?U z=GM>PG9s>SY`MQz$qiY6mg?Qfve^6Mq%VwtX})b>0Mk$!01IXs60xldO)d<-W}>1g zuQU0tqw+8W_eqRwH}V+(!o;hHk5?HIvqr?4rC01DW%5c#G{?p5mW71#ZiH9QrY%ZTACsjYLBfoX0#x~j4>bdgs~MCsvVl$qiN zcj+FzJ!0;Ryv;W~J)9%Nj#xL;1W-$ANGM_Uo%!S^`VSb$u4C-#Y?=N=i=>9#Ds2Iv zd=+m>B_T_bRH**ScvwTCG`K}8lLe4LCB$U*0uW?um>7?~ID`4;e@70I;JZowTXW>e z@j~KTEjSllF796gWR4XARVZdqC$CuF#&?w=S1Y{n)p9lDQZ(;N?rfYDnLTmO$PK3X zkSSjWnWQ(e2@ao{-?PdKyoxt}_M9Sb)7Qjlg-^NHJc&B#W{|Ef@!Dr08t%}nC`uF`~OA3i0Bj4tk98d0FKA_Tw!tGmSMN<;-Yl@jo zKXx=ToB_=To=T&_jJ`<;BMKFK^)Au9lk~c_=LVkv;mr#SZM1*J`h8cf$b#Ym^^)3) zv$(I75b)Y0G*88Q+#ynd*^g?Kntpe3dZOEd{j{q^ddt(s=Dm1?J5B+|RAY&wHQ*M$ znK4uTBEMwJ59#wx2e{^7gBa665s{}nDT=)(=us0XpVZ~5r{ksQQ?!s2K6|Z24S!-D zVWASVFV*A*Zmzn}6Bth7`tg$i{Mkqf-|rXRk+>~f_)241pR@=eb7tn_HgsT)3tYr` zNk|*CafWS}VJBarx?dTgJbUgBZkcs2Rezg}5159}7)P+>joG6?c=5A@GwITt5CY;5 zq6$X8S}?%-%2sdn(lm%3qqm2yqw~eI$UoDfqhX{OEIF{EBTq$h4{14u6BG`I(ErAI z^26P5$0%Lz*0o#R&PxZy@7Ut()y}y5-YmX4Rd+1?R<=ftFHZ4-*%d(I?+H0>62GX#%94oDLYKgDiM+zC2G^d0_&iar=$~7AWjTGQ~NCwU1Ws70k@)Gx}$+MnS8kS z)ro!^5nYi-Y^n2fi-Sn}PK>AS&|cV!*G9Pd2dr5+7J)dLD5ms{-D2IRC@?U%e}2Jc zS>`E2qnB5#-lSh6#oV~%`gx`xRmpwW2DlN3u1Lx@Bye-#pLWRd9ZSqr>_A+!?2ZEM zPXd>@<6PQ}=*?;LyXPNSjE2hMliF)q;j?p!F60pN8 zMX4=?5;hm8XFJn$Z59BLFLowuVGE#}yLC_LI?d}6YCOYe3#-@FZs1Oh-K+Pfzz1ZF zQ__m8^AZnb4?(OsJpsBJc8?IElkWFD8f%uQP>zIh4en;fgw8B#4JIioDgf)2Z z3qV3<6Q6fWF4Bc$O-@LEbsky2Tta;!ZfJ>ja)_1+&o}Hl9mwlAOLV$SRY9>pv$$t$V5`rw$uVl|k z7-~~DaGRbBK1|w8V*XgI)aM@)_3{s<3an&d5;A9rTiZQP zpJ?xqLJa3grYM*4I!p~Jt;%BB?)&bd1}P14jydQx3{-3axl2nQgK!+;5(IIY1bOdiUwUvxdH-oe=m(5V?@8)7EYorp%kKkh@p1POKiu z@7j<`ziuCc#Coq%!{iG{8!yM%olC8X0V7xO#Tqg+HN zYGfQ5_@(qAAF+_4yYn=6CCK}0mkAU>U&+yFS0a{LM@P#!gSbX(Lp{5YrOTS0bVQY^ z#6qMP(jgRBnS)_)v^i7daLXwXe>*Y%vcWA&9GjmD{7rivx>u;*LmYaiNyh_P4l4H;cL`keEIuWImZGm&3J z)byDS&_GZp3mnIQ8{3iB!-M=6|Cr`J1G3i|?qfFqzpR@|?(;}IJ;=0?j3*AVWf}P< z_U~pSqttsGsQ5NBTaGe-d5ThUC9pi)jUB38-eK0B^-VeN zjM38u>uAw~w#0I;>|b(7yg|N3b^@JnC*cr-2DYkq(&2J$SIAS9gnWwef#Q~1sVGqx z$tFUx{*p7dvXy#w(#hMV9@t6@;6y^sXqsX`@^@v8l{QF-o4t%7h5`sauNfMDd5~5P#vY1>t@{@~ z^RG5}7r@DSA?c*;a-=a6>7Jv06ttn5GU+EHR_`uh$mQUi#grmWR0?=b16YQZ0S_(b zL~+%kasL9HPj`D7iG5wV!+*1}UfyX7D(k556Vvy^-h^$(Fq~XSBCBVp?&SMj;IknQ zXb6^?_Hz|WjA21p@>0KE_DqPHZ=Gf%4lHiyVA0E`SJ)k%^2`gy#)jsdTPc*tw(l+S zEcGb!JA2x~KBib%C~LgC*HM1sBn~zYY3sQr<^C;W(mvR%(AtT7d@m|7h;Qx&3!^@u zxOR=f6ZmARioFqpY++p`TVnl*Gu&_gR6ZN?Q^mU79!DAIXs%3~&t8EujQC?+5w(pt zmP>5ry{OT+zC>ngU}+83M?uUOvmaSIi#MbpS~$O!K>noNqbI1jVhn1b z4!$?Y{%Yf)>33`DwAaR7p*1BwOKV+*hiuPUO1Dvu9PK2W16g5SxPcMwj#h@`X*mnR zN~8J77y{h<=6|^X{2+9M{-G@iCkhSvYe@t=YhfMFtu{iK@A}x_+Wn}m46z?{!a9L{ zX3hJQJ(P3gEuHj;ziZx`q8dGIBkH%xyd+rr7#t_lNTlTi%BlexJ_|?LtQ!bp1cJ8> zlP$?{6ugh4FTtiemu3P1oAQ!EDj~D30`hkpc(EZDI>Wd&?&XZ%J@621ek> zPm1=ZBtyL-@f&SZwm_LH6ARf@2$6r8*Ta{*@jMNc*||Q;?tZU*s|2>0r0)zLSMK6N zCWq(XGe5@j!=$)Jr6>#}(lzqiY!3_JMpshNDF7K_m)<&n_Ay^S)VsG0rFJDMG!%>M z9>_^~FzgamE_w(aqTwXB8+TDBJ|=w+5@6fnEtaJ^4e!^jZN?}!5s33&Wgf10y2uxg zEf7V*4y%Oq0j_?0wjbuEp)#-D395}cA8uOvrGhJTNV0dq@DoEFu#fMFM4PS6UGP*y z6ZHmfI|Z1}4^%C|$j_a6A8%uZQf6eY6u76q4PqSeLsvgBua={E2U=TYp)7SzL~1n* zsftbwGsGTz*zr%cy(>qy`hbd}1XyHpGz@Lcr)lke^$xPq@FQsFmwHhqjI~?0@N0n8osUhgMaN5ZK|)ZjUG8MIFHDmq2_^0H6u->08#K z!xwYJw?iVvyyGzw!%|*Rs%u$4jE<8yqoWSiD*n5B7Q$k9NknbA7ZlXLcHwgBXjuTc z#!;zE#aW$s6WHH)&lvusZ?oxe?e2`j(IP|2WWQJ$2rk25`rXx4Pr2e21sD@1NRniO z+mBeWtx732kv6Gmos0o8e@F8G1v}dv4?l_uF00K|Bk%pMN8d{3HKvSgo`pZ}4(d*) z`i{oD>?Dj>IK1!c$5{vTfB$r`kaawT@TR)BpXh``8eJKv-2WjnM5epPvyT%>``uV5 zU8}Cn8pFZWHR)&2F8yk}L$y~Qhf2O+kXNmNYaI=4&1t?KemfHY34hP{<#)M!b`cshYl;OP|Qn$b^_0N^56^+zvv{3XZy>77zR2ozvne0;eov&nF952Z9 zCWD^|7EYHF{o@bkbk@-Wo!K+YVgXfDQD>wYfj)exO<8{QZTshko|@}?){wM4%)kJJ zP{&1oYk_e}sv9Y0ev$50HrGg?+PuAb!0~1LO2GzfJ28tLp`|?y?_v$7y`{hw0kLu) z{Ra2{7%*ZYN&XO+abq_3?`(-w*5%h~-2);m@oJgG<==6!h_|=k=`(9xQr7K+DoSg~ z_SAE?tts#MiDm4i%xPflOBGGo4yZNb4oDuk(mI&HqFpV~rt9l?z^GO(A=t68|I%ID z-$!9;PTR?vF5V`s-@WW$n?3nC(4M>>SaAn(VD9n*9gXWv~j0w z@dT+gy>=oI+r9mXbK_D}6e4r`gtqRJb46HlQMAa``V30P3C}OIzZ|#rrYNa$Uj{mN zfS)l*&&9zfJIHGa3{tO9U*|$X33Yc{i0+Q_=wt=8EtMi?J^}h>S#9}A;3e5HOzG%z z;8KK1ApK&?J+3xoJxra+h(dQQNKzcW%mTW>PE@HO%IIGQEtNN%&SBN)mEuSMPS#hn zz!+%mwd}z+@v%yT<}V(>;mEiq3T;Noc0V5(C*uC^TY`As7KCp?Y)KpzK>2`TlYC@X zFLqOjxug5G$7b^~%I+Q@@xExL`23IFIVm^VFw27oj4U45VMAKg-0Tzjyl)P%4w6Xz zyCn>g{xm92RVcjj04zjDn=_LNp%ZHN1&H?h`?xag3Yu$}nXiTQReDpJA#UbP;HaC3 zoHB21^0BL~eJkfhC|bp;t<$jhT%rl*k<&)w1e*_@qI%+mL+(fU1E8w99+v&^eiwZa zW(}XIPud_uI7!^}9bCdB2eroDBseF^hVJF`tOx7+G}c}y=q}gB79}}D8sRpUI|?o`!}|U86kUD^t(vmo7w9CXD_hfErSP>@G4hBDozS8vzJ!*) z3oQf~UrpaEjXEiluM+tLr+9)8ewDRpV*jP66f)Hdr|hQC*??5;nVXdDQ4c4Ue4#v~ z9}c@*IwM8QR9qGLc8A}78`?sGI6D^c|EwcLaow^BkzQJIP0OVf{EFYy+;0yj{9f># z+O9AcTGJZ^xd3JGWQRLg!o1lkta|lGm@XArFOlnC!XR|-!ulZE^Lfw`j^=`9qA~s+ z1qZzoG`+&{N6tWod+*Jt>!B#71QhcOX*zeWDlq+}%H1KsX)^Lv@VF|@`DI)=D`Yq= zn17`FWhi5%}oj(@8&mfxFL8 z@H}u5EDuomueri|sNAcL$u@i3M+saGC{!(voXuVxp6u|m^XG4pAfIO~ixT6tKsJe} zfeP2cQgYXPHC9LvpQ5bLW$49?bMaIsyEU6Q%>8WA-*iv52~tey{csEuD@W0bGj&&z zG{N#|UTvt%dQ0t+=-#vnWyIO03z9zrfmx(mKv!3it8A`sM`Ln(23!e*e6${TWxqC{ zVH+ZgmaY`aS$Lbu&OQr^l)!PmBkY#OToO)U5jp?B4x?)hUat8xmoRU`%!>=ECLh8f zaChUdBItDcCP@O3^?93YYU&`lGZGAIeK+?+5hZvqj zfmxq4jcN}E0Yob198XO8dWy4l`p)CAf85S~jwaxk^#%?7D_sH|CQ?$m`%qPa5Rf!~ zmXhz6rV^0K*Cm{7ZQ31V+sEUN>-iVZYm%!W_8r{i&`gsdiSr%hV*oNz?qZJ);Y#dl z&#S*D!5JsD!#$Y&{PM76lgDfOjTabt8LwA2{Zay(yC=mH%G0gh#C0Y+N+z{EooYIm zubsI`X}Pn=IrdYd8{{>#{A{o>4&aFDvYX+-aWtLj6Sc2WiX@AQY2j*khPAMS!Engi zIVr;{375&dS+i#vF%z+wa*jjTrSHCuO=7*=O&w?<1-Hl(nrE>_gwP|KJX)ici#ozY zY**{5YJ}1*2-)Y-byO$F3=ARyW>i*PVvYEy$gEy1j|=>1vW)@n-EsQYsQkfI`Dv05 zh5LWbP4QEo-cYK`>z46@ZLKbQ5o%;)=<4BFdk^2g{$Y2Jyh1oz=1aPOH7HJ#Ls_l) z)ie32j4S$FC$&@m3NqvkX9)`Tr!EumZFqXSa4edMSCqq=Y8+%US0fE{_3MGMgsg?xC%66#7tsB6v3tt|3VX4r+9 z#uAPUnW)v7r7E&@-=@^kPWE)?s`_r@Zv$Zj3nD*Z@Wpx9F=3iC$Vfcd!+9C5PRI)? zkRyZfxxK7DCQXFEl||y6jazW{LWz4m{N1~`8Y~AAGHT$+_WRn zVYZi}urxT5+9ORop3v(PHO|YPNBSVl%Yej_LMe%veXa0ijX@v6F7B&Ym_rUq1^Bxm(^y8R(Mpb)6thgV&Ewi_obH zg_N-pwaEmhu3#(f1mHWPS^Ge_c1t~&!i zetj!haUIG$X>{+H4b})}CxdtGcWa+3UqqVCgtBnhhzEbwA{Y$-ffj0Kx}jsV7|u%1 zo&FdJIv=UeS3@0rzo6kMtEj3T$l>W3+2J!(;HN9LUHZ*x{5qvr5Tu&#D)6Q3M#t%p z_O|kF4>)M8BuC+Dyl$Q0gF~s<`;dhiO|1epX<_JpZ ztV}c*Q;*pT?e|`0%_ngUId?0L+jmP|@~GoF?yZ~^M3v0e!3mUz~MqU1c)JS|^x zF(Un>J95b-1Z-WLz0r9_>=UXBk6<61kbMz!$dvd0?!5gV#FIUOvG3CD*YHH7pVzYt z;nBDpIf;z`-z<(|-IraE*vw}CK!6qzj;dk}-~r%m_fxj}AI!GNe@X^0M=jo@D!qy8 zp4NT;h^3=+?2Od{KeY4#WF18@JIZ_Iu32$(h-B-eG8+~H6n9c~0>CFf0uU*ptH1;r zK!M7=e`CozyFOATZ;C68)sJnRU`LOWf3-3KJSM+6bDZpUec-=h5h% z1g(uYxJ5jx`x9{2D8jU{7J8%%Js9W$^v)(ITcQ2*0O9t=5`R0#!(W9Ibm5@KV~VSX zf$gP}BauQa32OGAy*z!0fe382>mOU)If^hD%hxBGT^B9px4I^j{e_vpe>Uvqx3CNC z2>#>fr|_?0Lm^*AxEv`~U>micLz7C6w%S`idGcCY7r9J21K!>K&rX9E3+Rr?fVvvn z?k9o#^Q>X!y%a83jO85R=MfLzyoJ`O0oDVkNZbXOckoGhL@jK2Z03& zCG!3}h4G|yFE#B=es{L9#}>2moJ6}Vy>-q${(_0NIN9t}1VwpTBe9oo>a4D74keNb z)53W4TKBtMrLKAaN070)Gvj4F5b0y!#ID`0zA)=UwW)A!M|)zvTJK8}d2|Vkm5iU- zW65vvq=Q0G)a%^sV>uT#sUID#4yBTr&mB!CdXCn`p%Gpj zj9_Ch9?wW83XE86n)6sbq+(319p#vvALiE`m=!+1^)&>hd)Vtm_Ma}oK6YN9P24_Y z&s*8aintfcGhU&B4ULN(hhZ00KkSdv>;dyV4>!B{k<+_EZ4M%Uk3B7=F^^> zw2@BzVG(Zbv!BBQb8tAZK9XR(g6i-eGMSRy=SnTutdb`?sg}IH`1b0 z)@js~Q;|jmq?Ak~&4aG%l!|ld`$Ep6woFq~W-&E#kj>ww^t3XM~zg8RA&%tH^I;UG_DV zzvrhHQcR;$&>a}n_Mt0(tUTh9rGPYzM{^R>QFnke+N}tj9HDHu$o-Fv77z@p>sC&= zGEc{q9%{1!_t0}29{FL3-7w4&N$iC6ty^9i;x+}M)#H`|H5r*Dba%ORbfM{z!bu!t z_m60w8_GY!#6-tA?swY@NFJb0>jTJ=>Q!Ra;A`-(p*qCT_X6ON%1qz1#qy_jJQl`h z*Uj4^gAj#97!Fp1q$3NS9>YbS3;cBziYDS)*)quw#D{r6iWB|YV)k)kLs#(*9pJ&B zieq{Up3xdu9W-ihzgY+HYDgI8Y7`@zt$ba;Mb*m+nL-%i18epe;r%pG)lt;W1UH;& z#+5&8g#vzQy_+u+ePwa%)}eK#&ra!I2+iUS&0yx9EH7y{P$J*a-WI_6~T zUWh}c!Hx3WiAD~8ajWl2w{|8{cNZCZm8jqL_ivNIDlsxoug_XGBxoL zCfGr(sA@6kun1t(Wl+Py;K(jSf)VeGQk&>+Q)051|jN#o!SYA#cYe?j{XIxCqF zuqQ&T-#Y~dD>Uq!P%%3_37+c1G}j@QrC^ZCTW+?6Myh_O`2p*0B_=(nhaO7%#3=c{ z7mF)KCdL6fA0+$FdKasd2%As5&?48JUOh#Q3rIzoM-R61OfEVT{Ha90q!2V zs%4Y86!N`_N}wW?TW!&nT)I1W|2DbLSse;a8xHu~LiTpoMq z4ew=3D+5lf^Ni*({@Gt6OQ$6+iUJFWri}@wJmX9?Jq5LTFF#03mPBEMY8(@@~h}h#O!A|LiyuSab+B+YOxJgItkH9Wezjp4zb9X+#$O4 zD1*}et>~tWtoQ`pW9+mrc$^}RhE-i){~4S2RQLk*T^AMAM=s99LK>YS)_aNaN347S z)5I?0$Z=72YG{+_a={lFFYxBgJTv>nr5U#sMtUEDBk4qMK((1Y*Ojk{YxU!dk-9s- z#W}Q&_DV;&)Ip7b{!|t*RF&ef@|FfQxlHRow!l}Tn+Jw(d-x>YbMJuD8W462#v4qZ zXScLl3g z;;ZP!^oze9@Po-~%yvA&pbkcx=I8!7Ml`DMZgrEl8p|FcpPb5 zb$=iuxPDdp`vxkkUPN`alPEjEbh;YME;VdPa7OwZIdajh2VkLtb#te>#~g@;uI7R% zV0_+@4)beXzU*IWn2jt{Ia}1pC>TV#?AtehOdqCZ+r)5VpZQ2+^(1j}&*Dm&HysmN zw9w>@Scfe&_;>_`Zf1}wzTPqW6!?srTW5ThG4J4HgCy|I-+5Jton2dNpz=LR<)(`j zJv8roXACy`CNt*@UZTulBu!?EUvUXP8jC2^GUa%V8vYuMiIRIePPs@?j-wD^|MoFu zA?Y>Tx?HmO-zb#ZK;{d+38uUU9+S2W+V6U>6N4?0XwfYvjle~xh5N-;y zV>2Km5BrJfgKAe05e8NxNIHmH$$<10@|1b#+0}}=eFt_JI|kP zUvipH$mM1vQ$I;j6C)PC@RmnOv}@kwmK4ivQS3yK8*Wu&+ci#1vQH4Pu0aC;U&5Y3 zX|3H0O5?DbaZp-yMfdPCmj(*6=jw5aFlJ=!3=;pZ@`yi}uisTPw)ZcoqUjsMQ=3=S zB7;LhwY`x`28gUKYd&| zo$y2sr1|B@afPnF0;5pP+G~ia$^pO9KRhI!$R8@)03TkS|(n%8+OxL71 zv;80yS35eBx$unWGNsRk37RK(c&^V*Kqmtsd2+}Q!tu{}FS*i`5Hzg!MG6E|xdIVj zy;NQf;72a;tXMX`f6PI3X=lVw+w5gB2-t!}Eyx5XEM0giGGi=W=_>m|`uT5IbZS^_ z!o?z9H^+Bz)N~6|H}JR5liV?v_d-!fnz%0J>8LlPn?Y@f!)PkQs>E?=cZsgW@~^N+ z6BPV~S;Nf{3}u)`_hgP}&W?dWho>=&%ZM1w zFD0Mh1$X^?Biu?3b##0~K<8UnVp(`QMymC;biEO~$h5l8?Ixi=Q}aKzz{Acjg=MTB z%yxjFCqlML=pp71L*MKdXe$oWM>;PU>DU!+PL-6y^vL;08H)k#pJQS0*uNcuzp=*! z8qv?XXcGbEMf;#v4@S7 zSgBBtNzW#ua(iDwF%PTX%Y4alExbxSNnc=m2%Rc!T&IP%@E+sWt}@PJZjcTdN0CEn z0xd;^^blP9gSt(!xJSR#?N{(F0n$=(e=sO#UMKVy)H*NQnV}nlZdvk4%#i@|q86HM`UGgH#Rg<5S9E*YU>G_*^*fow7}Qfu%+EQpGca4+nCq? z#rlF>LT?q@OwzuW9T;#8tj3jlgR00@1CHj!L1#x0;%m9Bs~7@Bdk0>*e634WTB4s%WHUi(6!JuP_cu3=yN&z;pQYSGxd^w+fR>r4+AGap}wMPqUNN>be zKQdYZ2WWk>++?l>b8XYWs}qB8EVJqa8*5DH{xynTys(`9)GiUR-{i#9L5e>~qFlAA z*Rtq3yqA+vm}EG7@_Y)4t%Ar_ca!-Yz00qG-{*u1!4T^+A!~Sn1Q97T18q!E?7}uz z3|3NREP!$zzGHobO2z9k@MiN@^a-KI-Snx&0d2;#i}u!}b9Q&SgjTVuU-LwkCVg>y zy(oSk$@fd;EowVkY49X0Al29@ToF43fNxnBn|=tAqpeMYVKY@pa8xaCX<<-jOWNJI zAu=f8JW^+&8V1oPkBT-S5i<V5o zNP)N>36yRlNj#Lw)ERkp@ap+7XZ9uMVMHO0@hM?HjFU{&Tv%5o~7vzFsviSD)%mLPC zxks^g`n5t8Wo^T12?zHS6BQUrZDOCl9U7Fk+Fl;{VI5)&6~{9WlON^TW6j`T8ngB4 zsCa&))~2Z-Nb@ag>lfcg7C;=$aG}4nz+`un07%whIN+h`0d3PD;Ao>gv4+QFf}+gw zWnaFh0;V-jTb?Tr7Xg@a$a9QkZyo*&mK)CqbM)UU-6mn9iAAeCsiJ`T;X zJY+7>)H$$aDXisq4`rS;susUN$ghb}ObJ*RPRjg63GE1CyJt|Ug_8_QImIYYZnwbt z%(ri6qtzXbUIiB?T_QTKp)QX{ng`wN-%&sGIR|VP$&;JjvukIqT`}g|hE;M>9VcBB zezMnXyniInmYl+j$%0sJSbCdO1*Zqwh0E)T$C=2MnDFwBhv{0Z*6N{?35E|i z`DOgBnAqC{yh@SMvP@ELoI;3){WK8G8y)%5LYGB5cL^!W%|-ucNT$f-W0cG9+c0E# z4=Ll?$c^lp`_5%@$bNgweY4gw!t3CQFBB(o$*V;NpcE7x zgPF;(7c_9$(GX4YLi5+Uz?o~0J#p&gSTNnRdaj)LZ-@)U{^s1^jwuwO4cs4-f@W>u zzSI9&N!hQSQNDIe*q@S<@zj$+z;TtYZE?G+qLdMvElcmT^PsqIcrDG%2QvW>dh-60 z5%u+O5oD$?2_if#%nxhH7stU|B?^k<=maobf2Azl29pWW3mb)sIQmhq&j{yN_&wr*a&{(_Q;(Atj0#e(uqd z;DW*9?}mbt?ti%wW@V;P5IIDLmt%kn(I%y_Z^w}{7)kM3?bz~EQF$b0Q7spKJmbNJ zNj5_7V-3$pWR*4Q_aqoLvS1tj!7O-9-5g9j8&h4+ZCkppgyJ3QzuGKe5s8CvvoPf$ z+P;7qOxppi;EsRep>lsI_MX8YpD4F7HZp6H~`G!B%`FaP(sgUJV#IHZAWt{PfU0q@F|f{4b(Fw zyhb*C$}7cSYnEznal4fs^S0z*WPdYk2X@|y4=9agUSNUIUA?fJKuaGz&56YM*fo-` z){=^E1_QG85UgpgYWH&K7;u(JgKvcz*>Y7&jZz_-{E_&*T$DrPvg@aFj(EO??z6zQ z0B16O*+{EAzWO(`Ev)gpTt}^VN@i8)`xa9e%S+AVxaAU);nd3&=4%Yl7g%p_q zVw0EVlJYw(tX)nzT0_M;NhVAt#AGjbO^CR`Z6&4!mijj#ltd?s5(Ca~tlh;hb6gU) zCef3dYn!S5r}xtfu5g|e^*PUfk7USoiSapsonW5S%jg9c>{W5A+wq3@cxl13cQB|R z5rr{$a9}%S#!a7($b4EK_z{UpLqH9oMfw$ooARiUwq`G;r-w{fkL!Z`j;36Fn&{lx zRB}j~OUqIwi8v%jmWf{ULsiRi>%u~|#^$K7wk98H*UKuXAdDa5k?@7I&!HpORx!l|5=N)0UhoWw# zp;A6yB^<_X?L_-6eSTQ{)5aU$dDL`xhszr2BRi~)0{JKt7muge!tlQX1AW0=3O_`5oE(au!ybST=_Si)Kp)|sO1O&j-u2wVj&xmG zZ#Z=8_=Qih;@@qd|%{M9m*+e zq!~q8BNj;p!rhob>Y!45Q-34!+aQV`@kH9+0*a^FOazc^HzWBYQL%yz@+5TLTPEa< zv?i&1`7yb_7K%A2X+qTGktwI7Ns7q>Q`}>evIxizVW)TDd#@422of#rGzL2BVj}IQ z)=PNLeKe`as*L!@o&Jc3Zz_UOe| zoFC(B2X4j7SJpw^X{(JhPo+4VpV!XQeWx25dO3UBrIv^ah#Cy#3*LccS*IiqtwZoJ zU#$F%EyFAkhX|lJFQDt28asU?Bgrn!73Ty86H#1Mldroe0Vs`lWYHV<&yhjaMXzI( z=5`M$4zJX0L1@RQz*5^~(U%Ls>#cc^NEM?B3NvM||47 zhJtTkXa264B0^&~YjeRz8q$Rg#Y1Lrw=OhDLsNaO(ws>y_CUKQ48=0BuXpwINTpes zLEXZ0_3AA%z!C1`SHdeK)-pudMZn7YpAaO?f6i@Al3mbpQC0`7>u6QUplef??TGSJ zJ*HQ;8?Tl6?h*T?bW>H0Idu)?>u7ej;eR?1TUWUfh?}4gJ84zH#qM5rmETWmkjfBR zS=aX|RyvL$uE&HttgM-LnVxuMrr63*GV(KfxzMD<>Z*c>T3*+YO%E@d*Y!JmbayzK zTQ7=#Gy?WU6$09T?Qj)se6|98x!-uW8^%i8MCjHa7XK)=BHa^@psbj#M_Osw+QFbQ z#K3>LIx&&i?H0*6%j{m98R)}~TH9FsVl#ALZ0&;d+yjT9x+d8NM<%&2M6~&?*FjdH z^(*{}sIY9bJ9(9wQZEwX2|#LtHs|m0D0l7aB1 zHMkMb??G1D#b|bMuF8@gi^OTzOBIzy%r3Cs*xYXl=un!7ozcrMBG*c1 zT)6HPB|_!Q&|vQZ6>1SjxdK^*>bbIIW_%mWVwkd?!77(uMzHP+Pq3B_{uAhpx)ryTY1K1V(ssBAlE}#WW?o_5XEDqcF zvpi8)szHY`D>_omt7#aXS;qgb%f(ND@MwK^#^M6;z|*zfKk^1vpxp^H@SIMK#MkwP zFt$}})NCX~a!noAB&o>{Y0bcM5*5mg^A}6ap-$CsEdvhw)wBW$j_B2p#o>(d%bWoF z{(#@wil+7EcgZuj-&jp2@==dmt6?;MKBfxmo$FNo_Ncltb;6r6(mp}qW#<|^;aW6z z>u@h|{$Fg9c6k5!XE^vJx614J#u=5egw2A_hFABEaxy1;o8q)ulvNxF__#KGr-DK} z9D?M5lvh|{68}keCHBE4?%`=TYbSd@>>2)0fW&1kOgBy+i*e)!Sz2AhQraJu=&#a|LVrdxRgU@5UY%ScUJsC8mkm60TFKJ7Nz}{I z;G~5Z&I3+prpwqLqzHJeFfwDF8IrI%auou~?ShS5k|q^tRwSi zmPcEaSf!{rTS3%bO^C^VmS~8VD!ppMh zj=JM_>#FIrnSO=c0G)0YiNJk{GV6pzy%YbPv!RP_w4L1;pnq_BMs5VXGJuir7YA{L z&|H)^(&q-6_T}A&CPRwKr+K4hK=nf~O3 zCi#L|@6Yqs28i1{Ko{JYNY8p>6aF{q^u0|rN>vTccJmB8TXl~SWBZJ^QIz{V6iq&4 z&R5!@PN{lp;!;0-Ps5uPh@LVmfnGk_bR7iu`vF}nS?k!W%j2iZJ21M|-K2$3CfC?- z;!ga2o}kTNKKOF}*lWFMju$ktLla*h!dUPk<%+&uoOQ^D0J#lCw!7%Cr><2Deqev9&%N==eH zkD!+iBeU#>hq`vVA@Z+Wb)+KYet%U%G^-75gLEY|gZAP%O|lI@Iu>}c%Pno*wNh{t z!*z+W`jP*7d%k%#h)+4$j&CH7dJdpJsaDC`Xi&K2^L`98yF@}p6Axc>IquNzLZ6Nj zH8@rmd#|VId(w(O)^2=oKdSh8*pi15xGz$zwIa16&4^f^#mH1lIV?tB6`*@*>+85mXLOTYX4A9hV1Cz zJAZOR1F}R2eDAl@#S_oIt{zZ$_9Bjt_-utQRhAGS5BSZa?-ohaLiLlPa>frFcpUs0 z=szvg=k^r6%8?kxG!*z@7^LrWy56#$D$bDIACD!bPONb$ja&$ySj80c;0P0v+zp%c zmYqfFThewK{|G0yEl#wla@;2x9VS&PlxZ-2ZUyuq8!#ilGrkL#y&dAPA~i14N5Fm`x6ap6U91Lvb&Gn zqfJxYe7FJ*5-_aE&5K_L@J*&!hr69UQ^QFXWUqIZYe;&U!KRT7&>vGEWnd>=doh6q zw{b6EtZk^N_{&m|p6;qYMkVVZpWqXx7||OjbyRuYd;?b6mk2LuF3Rsfd47CFci0Y7 zM(RNmN%X})&@R>CcRB6I@8sjJPq}~@llQLxPe8E0u$ccyW*9T>%8+JZze-|)bs4|% zRGJfHh&9k`e-)KDuOibVHW@je7$#i11FX_KsZz9P^Eav0`~__XW%kKsVEW6FZyb=z zV10AJQm$}aUW!}{awox|axx`w3$BvyLKyg4XjtR-QiJsrbD2%UHMuk5F8w6s%ic7+ z5MPQFGK-KttMg_~&%|=wUlwC~6>mQnQYN{8t^Hkm;IFgaBu~-#N{ zQeVj#nb)a=sjL@MnkJUc-AJrBb~90=JS5ClrVMpSJ;b5j(BU&OJD0I= zPTCpljx9YUTs_%2LIm{s8U|LKP10L7SjSm$=1U{*_4_CX^!)J3HfXq?k2yrIcPuVl z--vKOS?{-R4eOZu4fTvI-sH9kD)swV@6X~qwKb?1%BdEBxrj;ra+rN2HV2#BEioOr zVrb}IcDtb*tsFgfmdMFLTr!^2lL+e@EQ5_l7pW*+{`r1NFkszsj7Pb;z|}-IMpCwG zth~}8_{78K%%gQKtR<5_JgPMYh$f7bO)q&esOYc@67vXw$dLEXS*T2I@WJQ>&LYoM z3{VQSEMA55+MPpGu)`g_L{+ZsT05|*SI^0%{_n4q|D2wHE4xHiFR?K4N^<8N7{)&e zD4xeD>~l-t5hNJ)ZRTAyC{F&LWJwFMAVm7;Tu5xlgt>mM@ zo#0QeoDHY1@Uv?8+>wX~BJ#@N$apGS=Y^dRVN0>WQEs{EX7w=55nN92))Z6b2ka|0 z8`=VDcKqAQAwX^W)b59cIhu55Q5_ zm(}sMYx&ZnH~yO9Iq`4*Iq|F81K}x@hLVGhYWQ7!Lz#lZcbWu<#OgkS z)LhPI@)0m`F!Z9(TcBY&mAVn3Of+X?d+yIJP5O1Ia*A28z(DZzlVIiBe@Ynl6jbxj z?uP2eoQmgPIjRY_`VXwF^Q_RmF0s9e;(9F^E)JA?l~aiT^iS;wd+GR+RCZuEjj+Dw zk@0L?E|a0a&9mp@DHFTO#x3yAeB&Q}@L^+1i||2#s=Ee-pC?L$VSxF7BP`SAb8Xft zso1Ol@YZy9HeP|O2k&I}Vz&R3io<7>b%kE~VT-0ZK73q2EQsLnWy87&!WumhCPXcp zaQV7Bn**Z!;ESd7SD`-&uLiCrw}#UwO0EAa9qYbG+5J{~5IfF!9HxU8vJl<}>XqU2 zJ+b@Xub)ooe;L-Qn^S7W?J}VNL)=d+dox< z>cW^8=_Waji^WY$tmVG+Iv+gbR0wpsans97XC^40G&5w|QT@+Pc#wbZ%oA`|N+I6c zF^JS6IvZH=ob8yh{7GCPy~_Vyow#cg79|hzqX?R!RZXHB2m$mr32)xUaUx`)Wk+SK z27NAKA6U<60DU(=XWNT<{OxEVBI<#%cK1RDTYSD4lrm7Lo*uWTBNKK_@!A+_6~z(l$=b3z%T{T6BAqni(_A7r+wACP(@pi}2H^?KToR4ytd zq>kfH8HcFo{C>f$jGapx3I}pvf3!(R7Y0~asbwVvCp-y_Ilmg}-agGMhmc1e)8gIHUuJTgDjpTVRlhYModW($uC>}Y-i>kcuM zAP@sVow78Vxr`N;>DA|9{vtKS7@He5`ZiHBXY!tE+E#4&hqR&2@@cypZik4*QXH0Z ztTzj5HV5%bVNUQ>u+gg4xcMR3AQs-o24&r7!frD!m9-<~a>uVjC$#B0e~K)lswix| z0l5;aD&9R-kVf}xE}2G}7su`UGAL5JgX*0Das155c94F;$_3h27<)~8xaQKC0zRN> zrPb$Fo4IxabVA!0e{}g_eYn|ZQknqwX)ll<#ftbmi025OfMw*>@1G2&I0;8DPi!+W zI~-(8otLId$~K$#I2oBG?6o7$+2cGKg-2R(g*y$TFM7!D^tRv?d*OwVOXwu?$^L#2 znNaD(rC&sde6-%1-f|_6two?9$65;$O)g-!zp;Fn#kFV6RBWL0{JaBtZdp@&Ea+=@ z_?j!fKaO{K<~AM^hWOQySZ|qs4ASCT36EWP1G(Staz--A-@N%W2Ct~@*Ifo zt51C23MD;6nPURMTRF#jVex+UAuspcVyIPF_t!hCjY^A>ix@97Iz{|!9m`QRHDGew z$Rq}Rbm_Y$QjcuUEJ7wOyRGfExY!YMFV3?|Cxs_}-dq5+9R=8Fn@ip}ig3}zjrfDK zx%j7~rq>GaQFbd)QgBx2VkrB{0*lrCz-5nbli`g-<_212ALPw!RsUL*W@s5rk@V(w z3J&pBwE;?akkpOs@^3im+vfjo4U^xIYScU!Ap$-m#o;68%YR*mfUjA@d&nU%XPr;# zll{K1pfxVp&X8o2&l+xqaxlFd(7sM5u*x=) zPz4u>%jB%1B&IDY|D%W>a~4fQ85R_}lr=miKUCAOAsAX?F9suc7=x_Y{j_y%@*eZE z1o%B??B&ok_SwMvju0HT<>VmnXcZ2c`NGE8klL*AM(m{tYVOhTZvv_{dfA=`iHTaU)EOA8;6x? z{Qjb{@o>*`z|&=`?fIW2$W$}VF8)vT)()t}$MF#>R6g5>r^ZeXVh@0Dz1ir=h5vly zGkO5Od=1x!?`EXXeLrFyEA;ozLWZJega%PGZm&TBtj45q-`!$j$y?#ZlPhTWrNz9f zm$;{HcEAMAtoJ5qnLWNQlwd>v-Nc9)SfwXPwGYe(KOc%Nl=lZ22&q=K+Egk+&k9)> zlK-tDp)l_ao(>U*L4RV^urL}xF_B95{@#$ThjA!CtBvoC#FQ`{B*v1Ae3mI9l5kgj z?xDk$ENN>1cBPa9d4PS3tNzsd-|qyX}Lk{M(A{W)8Cg8%07RF=dHniCbk-tuAw!v00=yk2kLNzFv7jFh&lYS+E7I_Plp+0zxiR*~X4Mj`)I zbXqWL);sc|ytIbCvyA+-9}Da2p4t%}q-cnhP!dRuCT`3--Ms#$DJ>s5 z&)k*d`LvY)#x$bA(!?kuerAW!brmT@eTMw-X<~0iEx+;fUI10{H5O}yjACBrV5P_k zgMdXAdeaHhcGaOm@w8vvDg-ft)~3pNJ3L{yM)O9x)jL*>xyCk;o+Q344d1lFkMwc^ zBMM9^U&$&=C_*>LwlN>)s+~*29d2tK9!%zi4BY6H`lm?CHMm{kYh+P-gjO_pMPw24 zu~N^=6I-)P`hPvPH|*R~=5W^nFYj5h2H}}u=oXYRM!w$9UWWxW&LUGpRjvv{`i0PL)S7` zl94LO8=m#QNC(J$5E#TWHpl)iD&3DNC}CkC(Zs8!GO<(^F7D}Gk5%Yg&kg&&ry>YX zwxSYLY%7XvD}ktzUlZ6DJdxdJiz=Gi=t}pGS3ab`s>_bhMb@ct`epviQPsO~W$_Z* ziWW7qKfnvngZ}ojt(Vy`9RL!2&h(8aLjj++t7X{Uez8q8U)p7XuXK+o1;ZY8bl!Go zdolquvEQdmsB0>j{5w~@fc7(m?h__nN1|Tn-UUR}HTxvHDi^;+kx-|e;ZyiR^>F%m zdDkLZ@ubuwuF#pIk;)2m8<D_^+|}@lO>`WV z5`b3xe!W9iQ+lCJVW@gwcU_qD=eoWhD)7pu{f4s-8e;0g%f)9yMRvSrG`3g8rTHZ? zEYp^}*QmqK-40{w&fu(-_VHP{?QdYaQ}Ee8p6mmd63sx`E@5~j%?S>|nhh3IG$hg1 z6FQVaT1}!2xB5c(Rs%9bJcTopK}lH%|FL8VI=zab6})0|*J4+!Lr_Vn46khaq3c!* zF9%%sm%7&iO;jM}#;dhmyBt@~CO6q+7-d=uY+O2wr6w+W4BA`SOJ5f{qJye$i^YmH zVS@CzU{wdMTJ4Gt-9B^wNyI=(0AZCrw92$j8eTtd3Y@4kLpILUyMI~vtb<)+>TqXW z4R1o>BgGZtW9QjFB1=D#`7PcpadA#^%I9l-1lC*RcKKNA4L;@9VC_3C^vac=bXKhmJWY7r*05g#=^Gh8`OHD z1F|4?|Kg1jXNoa-krxRb4STbPd38x;3>9-pL@-1l(yk20_G@tXQ(;l#%AjSE-U$r% z4V(=F1IXj$J7p+ylBpkRj5$9JQyy0C$%Q7NmEBJ|nTg453zk2JC_mT{WtlmL-BQ;E zcFUdoi(C|*1cM0EhxK!_1t|Vj~0E9$RQx+4*;MMI^HxYDAXc zR6;)jTtye8NSW56cR44lUMrpRHHe$egjW7FE1(GTjsr8fuAyJz*h}l_I3O0T=M{3R zKcm67);^w6F?k26^LRh_YJUMM0xiPXw5EpTBs5|{+xXPRcfBBE@kEZjvc!)pp`?rT zxvbo=Hb51xBm>wg+PGMt+uZoan_E@XYh;Fhs?_no^e0XSU_^S2TDuACTCZrzBArK- z@nUqVGYHP_XRbY*29p7iw$+@G!hu!snP@81?SLXfap6-ok&{<&jzX&Q==607#l$*ZMR#%7 z(9)>c_v22nus{vmjz`z=KTsUy?Gs1pP!+cyT*f6))Dgw`7`n}4V+9)ywSsv-TPX*3 zzsg@%6v>~h^3OCjqCz3l&9uuD*F6?i#*N^YXHz9aZaex+x8A8$&O_m=kuCF(Uf*o9 z;Dc16??dug)2CIBdsN$O$CG-0N=E~bLC7KwmkohU^T5M;D?u*|Jl));c(H4eM2-pl z(*{M{TVZuD-=-MRBfXg?<`g5s@}K{WVKc%sBUKF|lh$Sw-CRfJ=HSa_>*-C}BhX2r zUHyr7LSUYO#^k{MZohvw_?xKXt~}M&Lk+SX#4b_hxQ%BM*|pnBZ^J{*+l7DJPHPt_ z=(zLD?rc7@!lnGQU9;O=pmPCkFoA}*pdyTI(J_L0!FL=j*P5hbu5_1KznLRM>Yx2P z(PPEdXnaSU35q5{I}B=_?2f5$>dH~4kz~KXdW}JzOuZ>5X=EW9h3a+dDg$p3KDNbKV_XtIaZl9cwaE>~vhxirSt*XgC1mxa8fq6i4AtjRQ9 z>!pS-&eGQwo1CnDhT4Yz0Jj4o8%Yw>xNKct*R~ekY4T6ToAwq{W<{CH5GOd?SpytT zrDvl&q?8-}Hac4G0Y=qX5;=DXy~!>6zwiTzzP2mugG9$OXy?DtJrVRY z>^aV%WU9EdI|iBK$h&alF@69YAbv+tQrwo($tzbjVg$(~63A9rUT zoA1Hj@(6M(BVOT@t8&C)W*G8N1K>rpxiR+7dK!~`dnVBy>2$NJBp4Vj;$lJz#DgyA ztj2dExZ_AmD=G3x|2{%E6fTO~C(B;;&n5cTW%y;1TN5a@9SM9?a?5w;TBPi>@ADr= zW3<0GVq1fG%tcS`{dhvjvS@FIMw{RiH_3u@iTI_1z$T~=Y>-nJH`DCgc0AS|0V*S; z`vd7<;`J6*ukyI;rR3AL{)}`byoG$tzfZi3-1dMHHoH_<>fWdJB0DQ;_4n>|+^n(% zuNFya#CDL;yO7P44{52HO6r{O6|7VLL`fU`l-2O#Eti8L;}dEJZrvb-Ta{IzTykn< zxklsf-)?8{sr|y@uoHgb(%p+JyE!meZ&0saodF5q==4NM#k!U0mdbPXmOj`R_ssu6R@S+XY^0TGa z4Q$2qUDnWp?O#*k`qWtKvd*;rOWONg*B@Lic^NE`4YdOybr=?;;$1fU&xIl;hczxO zZZ}`?N--@r)RVmS|4T-6j-JBI{s;!rXRV`oyF}dgfh=s_C=U6ZG6zaE)Q)mcNE zZV&tfYE5aCsV%4AO)?cZnLXEQ-u=d-1KVmOVgapeTQIg(mVc-ioo!eG7rpMi%|!`* z4)O$_x1NVKqu*m`$YEECY}ybr&zMIxJ8VhHPAKR+=5?vM-uV}CUlP{X1)}#W(8=Ps zJ=&X_x!c%+024K#3Dd(|(hPk}K&IQdG4g$S`rr^a^v?ceG2CxRFvGclP!Nh5uy4#p zn`7b^_u@S!>nUye@_+Du_;=3~U8$nz*|3V2;upA4o#OW2RX>(dFiwaIBfIv=Uh@ZD zvAUJ8zN@Ka?~3foWb#;1YB`A%8re1yUK8x(pSLSFU0x}1T<%q01(^z4mu4SXEO^Hm zAN%6*_kMSiYt2d_fc4=r13=tgN)s*aqRzN@o{3Wlp7#~T<{47jeIH?$iD@Mayshd* zTji0H*9+6trck`|)~%SEYb+d$-cY0Mp!KmOVbFVA_6}e6>xk1ZK{^PGS zD}9W#yLFRhc5%gm3f_MA$U%Xn=Pr-h62Kxqrx%zebi6rrg+W&V*|>d7s7sf(L&r$6 z@>q3}R}iW#b`0cVWi;r*a7NZRev1D(n5##CwuwyoiDa7;Ktfuv*i8D>UE2>Eqk0R$ z;QVgIU_{D-2c0D1FZWEr_xuCz=c=^Yy0P|4Iz6 z2Kc5pjIK>#s_vv#9GTFs!ZRME#0aRN(DQZQmQmEBs|OFglc!`ukij5b4DjrOi4mA> zU7A-Hz+jPys&>)fd4U~Tm5@4(?yiwHZ;R8Ia=$8d&i0bNxxWOV>*Uy#^DWHL zWycqzSz$^YOO_Wa%#S`dZCh*SI@+2TY^7d*7j~ikQsTHTT*r%Qs_B+FyC#$JT(f#1 zt3bmikdX6(Rg`%8o^mnKTS4*b#gbH_q&KGGKgRqP|xBC&yOkRzft% zCz3sf`IOd~AYX=1PO#QE#zPg2?XvvXyI{tLs3}Hx*v{3H2JDn9xZ-2#z*;8iiPq%S zlduQYiw)(4T(Ir2!R_!SstCta72r+#eZ2X9YQZbQ*O;gLl zo(4D9N&83D?fTf#QEMQwOqF!^V3qQ6<7Fu^_9fB<-Mnj}{`+oMvKUuQ&sy1P;#{wb zkSC9}uuick(}!}oIwCRZEv%?xw<85uLuJjgV z$zWD5I2^a8b)cm9Z|V9!v*PEN6cpC`%<*-{)=7zcv9I{jVk)W1FdTdu^moH}5Du~{ z?NT7LM{c>}4dh>HEKsA@@8}a5SDqozm@86!oTBybZ7j^uigMMcsEmIXdh@5UhoooN zM}%Nh6pWH#R@>KWDq#{8SNk*PBY*oIaNUZZw8K7ACmlFaN|o4wzkgy-Oe3y z>}tXWZEJ7Kh(`pO(DBs$Cst|L?hG2iBx&M=?cZ{Z{HM6N_d!Emv*?>?%rV0nt63Qv|@)5 z;l=&(Di0t?&g<6VD%tst`U@lR&b)Fe=5dym}d%6_gDL7~_=F^kHpe0lWke+HmE zlIk1c?s01!AIH`Hlus}{1rWMT=f@Sei|1%uCL9A|+CGY0LV;TK{Ld4=vh7~5B5wnd3)veMX^1V0e9u|gkGW$DEYx4;t4S#6Ore-KZun@fKEzz^ zuJEM;lB6?FCsiz5r=x1hvn#6xcXWdFI${llMi5c zAC~j7u$EXyWO^(qk+Zr!HM6>9Z*;AzG&c?h6RCD1T~wdyvh?)U`z(;AtG|EQ4@C(r zg9Iyar?B0{Z7P@zXci24-5zTw%ie@(dr40Eqfcb5G*WyT$>=N*+I2HZYvh5d0>OG| zn0A}7=yC%Ndwx2rD0_G|YK6)LVKNP)Y%~s| zv;VM3TIkZeP^{eu*&ja@bHkO>#sh6hWxjP)Fuo+Jak1yMezWpo)TGjG1f6UW+;2@C z5N(-a%JB(Emn=^nTDNdEsUJVtzG}jotYSpo>{>jBRL8~#s%L{eLt+3GCpN|jfu(ai zx_l&7+89|M>8iAz z4SF!MHjB`;d0v*WVO-n4a}_ax)cSOlR@BcT$TY_}Y3 z=FwdkKVTpqR&%vA#Kfjcw|IjbQ3Z7Fov3Z{Y5->PFS#>YyY730s^9m2DovJ82F&-W zT3Z6=+c%Y_qG-v!Hg0`Ueo?T|Bw-Vc=_@pSW06LV9Ue4JB__-iB%fT08o>W&XB<dFhX#mZv-DRaZyeo?VZWEtT)U|Vf$N38c)Y>&a3&Ccg4>GH&#`%=S$vtD^jevEH{!D~CYR5WuojZsIM5{JACgp#M{`G9N!h60TT-ZnhP8uXmV>Z_pCH%p%XoUFuRbEh084L4| zEMdJ3ikZJWv4dXYbTK4xB5$W{od*qYOOP>iUaYN#ipprs&a9qp)f>j7{$%)e@Nt!1 zc?)5KHHiSrW2nH<-Vf%-?I2m9apxaUw6`ENVGtWRLK({m5%F~8a)SI^-EH11>skwM zo6I-r?%6SVe?QA)M^GoeV1#ad!eKI$)%fZK5^M4rD4AQ)l~c+!Dgw3veObl4OBDw%->Q-+;W&s)4(VU4k50`-cU=S)<00dOV{X#YkBH#$&0*%|-Y9JZNVaY?{~wTU zV6p1Xl%|8}42RBnTi=lqi&4bJ*hsM?TyF_u(;ImSsqD2RA{7yKhEU*9?kI~TfuaH& zd*j;vn@as*~wxx53aSiobGA9$pZazn{LD?ja-q)&c#Ka^GW_QJon& zi;$~D53UI_@#k!1k(16Z+ zpS2TpYi#Z2nwi^E_U|)#pV_1~gz;ArT+SWkdp!qFD(vhy0-*aS%iCRpzhA@#R#$RG zf_vU_O0+G)N5OUBoeEX;rcMO;b!TJWpX`Babgoqb>n9Uw;D|Qa-#X!xH4r(mnFq+n z&l@>(@nrD1c`6*;g@Z2IXiaGs@@_TGMbn4oCjEpG&$yf;HIl{(7wI* z%*Vjgg@f4)G4_S)R*LP`+x^SAOp?;1G>)`rpduVuJDGu&70N(6gCokHJemRO#V!pl z|6h2~*ljn3;Q#itv%!tC!|AmV6Isc{*X~4IdW-O#^YZ6O@WDV2v--E6c%*d>!i;Wu z^sW$}-1?8O?T1}k2jV)g?t(7uc3Qd2oe8Z{wsH)NLoB-c-4%slIQY zPSvgsacyjj4f6#vO14iTT7Y*`RvrzzI40%XfkOZ0IYRj`eIY}wcE~y7v-H|6*bq6( z62R0-hd?TJi)72kSb~*_rfnwkga1)69>?-Dx)&p6OP(G{pU{%+mu{UgHmP)B-`F$< z$oeg;Ia@KjF#1I0%b$7FOsDTQ$! z(DHMvy=nVPpGi~qsg#yH4d2q=OrW;v)-#6?{R-*J%~bZKRrzn?d4U;|EOnQd=h{rF z2+PGvFkjworrbj?ua|O2T<=C>%l^7VyemH{niEX^`j0tU4*r*wu`7sCRmvKS(aCG( zYJ9%qwo60eg^iYNuVD$U6RD!Y^6V~0Qv@Tt2VD=EC)Tr`iR}Qe3Xa}l=~+G ze0F6D%lcdGrr;)xmxiKdyHJz0V~7zVcxiv?wE7Tu^`gY&8zPdNEbNurM8$0MJ{J<) z>B6<6F9Fa(e%|e3q&LWPy=bMT?xkX^xH6mt6?9jS?D>qusRvi+-5x|G6a58xn8wq@ z-qN?DD+<BLBGk~!An^a$&5}AotK-~qvN%foC^zkQ_5Iu6kR@d zxhw~;-3B3b*M}X;*Sf2SLCBgkJY8Q8qAqH}tv{aA;2t54ztN-)ml(WXr8;Tk+*1QK zr9QHUB?qIgi+^5O07h~y99J?LIK`aKM{T(`Eu)>z&W%@Yj^pSf^_z}%nIhM4IvvV? zOMu*#4n%J*PM53eAI3#)B8Xo()yCAL9_HK*KBwM=FaBHy1-5^c2o(3&o2}WE5QP#J z^M!>Y#fIs5oIAhTddPIzlI5Xj0d;9U%Mv+fQT=ri(lp@3oXPC63#D$3vVBrUwPe15 z1BT{jq4%pGxMp6|aXW|Y``E+ntyci1+dBQ|N)TiaML1p8r3eOea~RH7MST;-C~#@zVG>av!{{f@WA3FwiQUY+CJYhja(#Q@c$L=ZBTSXAbfNsF z2%Pyqe*pQZ^f3!v1V}`=aDU0yJ#7dYT3zJrWDis*A8`7UEe_EFY;^u6C9f5ejNKZ8 zI5!THCE2e(sh;0AT7CIm0*Sckg(c84!in`k4ocNiB@d=Q%%(tEE^dj4_EDdTlH+TK zR2Tfm?ML0mIU-LhSQ0FH*}WKuix^*3+^&rN22}~idKB?w>t)T-BWj8-o-VsK{HRgo zmYylWP(_KgHH1gFS`Rk9#+_{E0KY7W0h(l|k_bSy`=lx7~ z>aNg4-X6L|21>O5cmGLkx}ulr`cAKH8rBBVJ7{o``%|1#I(Ey9AE9dWJ_G~ z_auBY-%#G18k6aeJlRGWxzuktqW;y8zgQ4GxOL5g?*5ADoKaEOi0B#Pm|HbNi*2Hi zR@@tKD?UlCnpF?or*X8K5e5A$-+AW&b#PuWuc3@NU4Q!+M0B^NGqjvz7YsfY%m3DkT8&dYW z!vQ1{&bsT1k}EZ{!PZ?vN3yw8w!*C`O(>h1$%CU?skHHV7qyC`{<5^ z04>1n6=0Q*LQl&(^9(5z5x{%~X=s`UQsk}lXP2yIkwznclVTn&)8;ESpRSV1sCV9IQZpK_ zbZv;THC2p7=hN&!CAaD}A9B)(*8d612G<2^pG+{ic5-hw9MjZ}qsdEz>Rw?UcNN2z zkerCnsANl7D8F|B4B-%3hbXLS9{0s~74x>o=d>@|a<>P(Hrm{z{%-lvboe{v{yJo# zCV(`~(kRb9Gk+Uw&q`v+v^w-KoEpv^%SRY@;*A4{<0EDJ;HkPZW3Yy*!;9U7`n#OWjPg3a&|`j6tyz8x*RldKDZBX2Lmd{a;}^I0pYR6l-&8`XoSvl=8~rxcyS%CH#0Yk$j65mfw`<(_si0wWqU?IgUog>i!2hA z;^-^3JZJn>bYYkYfBB$>V1#lk!Pby?x>+f9Yb_H1*aP2&_5?Mtx&mHI><7WQ`_uK*d0nE!YP zYm7vxCpS=5j7((=;-9!pwD#~cCL-ne*DDDJSzm9rU*)2mZ%da*8~o0#)IW!3U8Vl{ zwVP|JjF%)#3iVh)48WG)+qp(~$&QQaEim3D$z`5`;6yr0Uw1$CXwT!_I%|!IOf=_A z=+`E5#eO5`eE+gf26D2`bx*F#0&9O5Q0eaEIocczt{EpvCE!pVdak*L8YOx8sLy>4 zr&sM+aJ0=1_9?^(m^%JQnOVj4-RRz@)CGr`xzK#{z-DnHuZUQ4c&{$n+`Q)wG} zV1Fgx&fE}S$~1mHDk__n_X(&7sC{$Oil56g&r2WFMCz}4MczmJ#99WAjxUz8%ro%A z^4_7;!f%T2-`f3!EX~RaBW;;N2(H3Py1HWxl7CN2Xs0B{4Ly;IR=|t8T3?E%OZ67p z0_SGSQ((}RZWGTf5&~s@@cSH?e_AyJhju~!?GQSJ*u7fhcC+KnpLsD0qoO*v$+y?i z&x=!{je^1V*?sCB$zd=>xU_bhXOmnEFV-t`f*kej?_42J7z`TV%UVPcS8>RF`0zd; za8UU}PPpns3UZy4A#cN&GSe`CW*<>_(n4%Y?d%uu=6Ex49}%+XL^V1+s&|c{Os)nE zqaMs#$JmGsn;u~>O+6i`w8V<~l^_;b&qd(d_cN@m9MHZW>Rk{1!^M2;L^~6$USER@ z_sp`*FKZ*T5ZNWd5FN3IP#t@ra8Q;VR93vlPrwi|3cM zmMA(oUdw!rQ}D+}V7_xMg^^VQ!c@-b;Rnz-i-?A8v z6lOh8Kz`|=j{5F!Qc^L(V8AGPa(nR3)A0M|<;| zko}Eo40Dx9(=4l)KKz+)B{hX4>c`5DeT`if-(T*OG`BUm?xPLxOYoA@RB7~X5FVMU z_nv(UQgn2u(W21{7$L+FY)qq2V%X+t?06H#se8g7oRy?1ZVQCk4bOXOEd^eIb{bKq zWJVU%Ef>4P!$b{Oa8$}Rx;Q*dZI2 za`{6;k4#he(@B@Sf@^4jYOtZ&Sv5z`PdHMAb>^V8&H>a}$*QnLX zXO`N@;~c8`;MCS8HuYXZDsE}-lwL1vx@lXETlH?UP!jq!ZUV#wHGTm0@0nLnISfJuIS_(0-qbDNIRT+JNRnFq{&*Idi_TX7@O+_@Ly2h^7$95iTho2C`fX&G9rlVP5$ zs(gUxlJ-~IpflSu2*2baj0e+6QShW3ae)Mm<>7(eSuzk4&I4ojF*~4blXJpn2eC zAPO~xUIZ({SDq)#G{{$rao*a4Q&fl_a8)}AeP+K_^A0Y@8i%9!8BxDS!W!y}V1`)q zeO7&0NPi3U)ui<8VQT>{n%cDJDEo-;)7k=4hwrq0UpdWEyDagbQ?Uxea3BZvGC7}` z#T~6nUG%~A)DOalNsY4pdt?2EiItbu=Wi^}ZfdaYNiGX^#)PRC+(eiH61WvYXjR(T zJaXJr_Sobx!Q0m&)#3L>5vzFY(d%nP#NB6mF^rL_hYp6a_Tol2l-zM5nvG;(&qA|G zBQFA-Vyf0am*BtYQI;X{ny&#O5kvJ3-{%W1}GqU|pq@Dn~l0*SsvXPb(J==<|6oiU7sG7)l3tb2N9*`3L6& zw$h`mNP`;kfRSiv9J(g~1^!scQ+jeNdp???+m=NKC>yt2!AW3K{}YotgdPs|{yQ3; zNgc|E?Vh-XzgG0=kXT%Mg}7f#C*f6;3-Wh$xOVKNvjMZ|2*#BS&T26$)jL%Q-Iy1l z4r5IxZ5fgsi+_>jgIlpd3A>ft)Ysmy6QY|bdE^PLGPBh-#OL_%Ab`$!IiXTBX5=Kt z;P2MrmCpJrk&+Ae;4r7eFp#wqnA=o6%~PbhT*p?AxZF!w6D;e_Ss5M$P8z;t*xr%o zIcwGCLpSQtyRCDgwSAe<=B4QrNiPkC3N<(IhbiopqR3(WEL}L4o3)Z~mmQfluiD=k zsB-vdOPlq9N;*!QB-VO&)`tjTv~}M|eTh~T3fwpD3;6$o4$|>}NUP^1XoMAT^Czz$ z63wikO?MmV$7WvHW-=P0GWRb7y;@F%fd^J=faF$Jr=9d2uDzJw66k2nyBz)YFaE3P z%lPZ@usK93oy&pG46z?v(#agF`w34UzIWB139*yu;Yti+-$UtE6+pt7?yWU<@@V}T zu4pUqBC(Q#jIvc|>Il0?j+B&9DL5!X+IQ@sXiS-PmUCRWv%C5OeH-sxUt>49l=sbS z+`U?TUiibtd+rgdVuZb?QzKd5q-8KkQ*k(hiE0PySy%ei+i^s*^5_}+LDvW6NAhYW zOg^~P`Jgsm$W~ltM!18vZ?P=#daXow8W@9?z_>|T-z26iwyh^!tT)2NsSf4R`Gd-fE-9XI0{$uYv z-f@|W1jdu1^X-valWcVL)!A{B)rA`6IeXP8=1l2AlYa$UuIOsX;7A;%-AtGy_Yx(j zUAH}!PmJr_lkn^Dvf(($L5D{2evy1F!%aNC<>rBsEAI3sks5R2I()h)?b$P)roVm+m*Wb+DPuKl?Uq(D7#s=Z6gflexi01gw(LfMk5D~oV zHy|!MXZS0s7q2)arePmz%ucbJQqhQeP;{6evaJtUb1bE6v#dA+{zuTk6h`70g5S+6QM z0LdNJz&#TWrX#@vq@TB;e`kn2x!Ish5#tSfY$sVCOP78e?^_eu`?H)SUgqtcajRgt zhLJDhnoq(k+Kl8jn>IB))|Z8;T0S_u2^0q1>{EPK)6OY8t632)!;)ynUnd#D_R&NT zs|#Cq5V-1o#uHSc9jbWM;Us}(qvh~s28OY|DspUDf~9mD;`A#oS-hHbV=O|<6FSPl z+PyMWXLLVXr~WPV;ep}pV&#o<12c^~q#T~PHMix&`{fi%5Z?&_p@aVm&M_OUWQBy#uBwM8+Gz(Tma13O z*5atNQyZRP6-MviVH+^r%i<-OVui!nJ3F+e4NG8ndx>|$&C;SSzo%X*LOL9f-d>sS zW0ly03a{4@o~>IBos*W`aFtW*X*}D)H8DyN^eN=4t-FiNzFX#6oL=-c>+8iKQXTEd zQd66PO4A#NR5)C79Uh{lC}6(E9QX=SlAFrmD@U5fJ19x_n$@gsHT~U^X2rXLb%aS& ziUj1Si5B#)N2K1C=hcyuMTbWFk&g@qfVI>Q*Gk*(0`-ibnsaDj4qc^miLvX#!e z+gIt>zmor=`YFxTr;2#UZ%(5Ws1_Cr&h9CnXE+15G7I-8CF9$w`vy1Gz51jIWUY~i z9Rr_{D*l|wMSRPvv?qis7uKvcT9(<#&lMY@gEuM2)ikK49WfmabzY$Up67_V#@z7_ z>$ZMvUj(N7fT{5>KQX27J5_rDd3yD?b_1G&e@(~cGsMgME6?zv4;r8T- zdh?2xEF{c};7!u^=;Zq5hT|Nsd7xW1~{5$rkPSgX+khy$k|8?39$9xrctv)=ErU&`Dkca2Tuag)Ix4m+B&~}t^hJ! z%~w6=Th$fv$a}e|fWka7@f*?AAIlUZwWNF}rqi>H*v~I;%$cz7HH`|0VFVfew!JEjNqvBxGELDxlO|1v0nB+~7$8d@#|CR?H1Z zq+7=~J$%nNu3YI1Dmz*LB5$7mCwMJa49~WX)EucF@PfjsR=-B8mF_PU@ z&RagQ)0^_kj2^=_DUs^on|ic;=`M5{Y8f>gC1uu3annV1wm zj+S2PU37?XKAoegYx;lIu{=`I52IjB8Pej1*=Q#MJVMp~dkK-l2{c>1bFl~`g!NrF!nDnZ+9?$Fj?)!ULz3+Qu8d!N6@;*(sZnjOJ7j+@sJ`>+vJ$`0)MwPHsf5=p zA_T0y@Ex3KYy7$DZ*i?^Ag5{gjXf^@_z83{oi5&;Ba8T?aAW&e&Pf$W4I`#o&G{ei zChp?a^+zpzA-~s;lkSA@mwnZ~JzubGhTXgBPSK^;z=)NW{Wp5TM<#gYx=G=SZM{M6 zL1KxdCj2gp+SjjlYx9#wu^j@M{>J2{*&LZ}#^tKR;w696FgtbwUEU6)WCOY|rYbEq zH=s#Q10Rmf3TTp*TF>l!;>?HpCk>nM-H=n((vPYlPWrJ;43 zbd%xgAlw0qI1qn`A9YoF1mwpY9^+M&9-1(>a)|w97oGf|QoFI0J|B)sz~gVb0BuG6 zQa%8#9`LUwRZdgbzO}}HCUtb)Ir=wlV45Bxl~a0c=|N#k{`i%7`}8kgsv_+zD_1zR zp^f6=iVMa5W6xj1$`!FMw;PLrNS>=M~t<9)nUpkHy+H4G5 zrc*0ZJ}h3&c!V6OsYwQNP$ItA72W@!EoO5%|0K5Xjiu@#=9W`W#p3#Q{$N1On^@iZ&uhMU_cjG_WoA@@{ z7|;(+i?{?W(QkeEYj!AFS7p6T(^ZWap(iaHT@VH^BfdBJtn;71aAhQV^7dh$Vii(O zx5ri|bj68YFu5T!h0Y%%G`x9Va=jc8?N@7#&s0MpXR$@WmNi2qI@KOf*&U z^zbA*iF$3PG~ghv)biEC8G}5M+da*s4jFPDaa<^eA*_!(*1Sptn0E;>l*(&{IG;WI zQyJU4<#*OnmB~UNLK}f-T~? z$N~mKgYauy@UL^Ij6b3Xp7ULZ-C=69!mRfmolwE3&L(@RPT1F!|G_Atour^e%$5(< zOq^er_S(03na2yav-+#BfYdX*-D;V5HOeLm)YlGhgadw2Lp5I{@XDYm08~$j@h#OZ zXwkW3{cEMV?+-z*pz@8wf0L6|M6-)Z0+M6NKM^3&^(mKMssl?x)2V#`DFL^apT-eJ z;DRC+%|YR`UBlnDKzx5f9k$=r|3h|b)5L(y%D@sC+7bC7)7}ULviFffK0U4+8(b|6 zu^igrJq(2um(kSUc6i5#_G|q9w27~@M6&#wy z4O>cJt=`Kb(+yoWan|5SSJ8q-hDAXU8cjV!0SQ!ucal{Oz^ z_i8@d$^J)HEyC`tQ|eBo3dkpFJo1RS)Hmj_P`*VTE}d*{tey-1`OAmr`$UojJ&75q&+=6yFYuf@-<+02t^!_zv>=pYofgr{)39rdT z*C}ET65{iR{oC0jGLO+h#&1A4wwQdOYpKBi3r{7d>oknT2Dl?e=iO#1tc;hdGn~8$2fb7_837fViwfN_3Pt4YQ);* zTN_U~58>luO>@4Nf$Zqlh>JQ6up3IC4Yg8g* za|py=^rO9WXmD?syr&k-YNYF$M|70XKJ}j^k3wb*UF;pWAm1w9Mfr&X-B0_jSLpjQ z$`!*-4=I!^RjG>Mx*d1)0Xa&W_2i^m{d`uzAKo`qZX)x+p96SG^9J|wXD{ui@Qc7z zCIq7+*HH&^-wP6nY)NGKxXx@c_XE8qi8csR&^Y>kyU)o>c|YIzRx`gNE)8R(^c^$5 zKk|sgwnR`nxZB0je(Yd>4VG>}k?~1*O+if8wUH!8yV7=*M(7W>65Sl^!}SoDBzaY zRTOILc$r1@9lVMyiMb6rNQ@QV(W&)kry|>BWn`RO^v?6L&O*LhRY-q=0ISQFl_DTLm?nV+N(QPM|`x@E1nK3VgXKnM$ksbor*pgGpZ#+92!MWGd9N0pT#3I`2M<1Gdse1jC0w_-p1Xf29yQ z;6Ia>1bIhAF+5lsZWK=nR^omQ?^&Z0?DRJIKddCplSQd@s)b#Kz;{+_ca23+bSoDb z7EAhVtlk!R&wk7Vw~!~Perg0f>wo7q=m{`YL8enQ1kqGWYlqZl43a0Pw?x+halfZK zLpbM)$Jl-TiX?Jqzglbj8SWV2^>u`V%|eG5)zO| zJbN@XfnzheGZ8c$t&96UhM-TzDqVDiqMG=S`(Hh(hJG+aDmQzQzOxX^xMLWRb#=xw zPTXG|y>}H&c50l2ow&ONGOcy5#%7k&{#-AY{Y@^eJFe$@Gw+PU%?pSg&yF_WU1Zh3 zyJK>zDw8pVHP^*!V?OW|Jmwz0pPtBUjQpfe6CG4Bxm*uvzVxc}%t9H`*#p-N`31!t z#%#JpY%T9Ci)ne0DjzT_${({`lWl=#e6k2nPIwYpm~3q|%cN=gB3h89#nnaX?O`39 z!A;C5U`};cuXpRux|)y<&VPoL;@kNL3#4}R3;mj_j{1sj=oa0fH>vuy^3hwY$o~8k zf=q7v)$;H)g@vjiDJw0fXIf7`anB?mMYFr{-7FDrmU9VH^L#F8qkz7~4Qb`??7O<< zgtl2~DP_ZkmZ^{NL3-=DPVtigA+fd_opk2`$0kDAp(yi=U8j;4mq%)4nj;=HiImvj zzViv$JDdgx0novmdB51;aH@L0^sh;1JE*3N-@bDyyvvnuX}^5mu(geZdLYQClvJ%7 z!`L5Nu=lHoOhdU|0KHPq-6IVKSXLQPpZByISHuS>>s!ulTOcM8Lxbay9gdNj&so8$hH z*^|BXXAu<~6xqBH;cYsXu(A-Do|YqUhl+g?=onR_hHg%)tkq^#n(jp`{h9GWjOyotBuW zgMYhV)-CyZj;;`UW$>;${@tR#`CygpspxC#R#6}>gh$DearIPuC(<8?BkTj zPB=4$A8;MpNl#Z;YgcoNbWPGed{-{m&{9sF$7Ke%nF+z``9C`}8Yf=R7DL}7Sntw} z7@s}&fFBkUcxa0)z-O#;A>HZxJIKj5zkja?OB0{B!us*;DtuMi zBOo1S`EJ@|b~>7?6|+U0rGT-n>oqknfr%h1%;GpVR>5kCr1?C{8li+5FpvcFyDc>uiyLMy8roaC#BhlzrB2^vUjEml{Kr!=J5|hoZ%v@}e z=b>G|KlQU*s9(PzLP2RXWOE)D8Rfga&tLG8|7GZ1m({*f#lV(6O)~@o7poUTM6xo?dCK3>G$RwGrT&AbGEI*v<58PE$ra zbXs8{-eNuKnG5nc99pAP;sJcbVwBziKQVczxT=Hmnn``sms8dios?dd@PKZ-Up#^t z!yEj6Eq8{XlG89R`AAB(X3wd;RaC#Zgd~c;AdqoZ#_1$93^zPPUdtcU7x25k1L?ZR z_PHAo?$p;K8?xdEjlcK~-|L7%Ka+m_>*i1(o7`aZO1Lwm#{M*nPa!+P1rRN1o76XE z?ZyybXjB?2NCAnGnF{RO z@agty4-4Z?oJk4zQ#Vocr#WkE}VqJR1yk_j$zlU&?uUzrs%*U!2$Kx>?kpklG{ZH2Iq$l{5_uCm_UechBAQ-u+p@T zwv#9`U0#AR-iuFqDAaY&FsWmvK+oMNULO;>O!#DiP#4!|R?w>!QBmMEUAI^0w66>! zmFp#*R|KdNRA()KZ+#R=^MfT>Wxk#5Iak}3CU%B^%64Mbdu4Zh&eU{aQ(`)kVRyTW zj^k{GCsYK70Xg2{*$e8-A;Z!RMtqwUSLt&dTEL$hqe05<_GJ@sJkS1;lr`++pv@Uf za@?qeiSu9FUu)p8a)MXJz0PHXh>>@qoEp1KG)O3C0vc(kiFB`j3p(oQN8&)T)U}ST z+>@A-pJ~h6;;LgDZ>RIxS2*Py9@rQo`+)iz(Xzbr-wr{9>$4_W-npos#ZkeGlr-s$ zZb_~r`{0pB-YaFFxV5e=-q{zOzqf1ClNZ zA*?MaaVlL?rKg|mmu46!7f)bF%kat4#^qs~PnryDTLI|CnSbz)3;MG;4U}wrkPQ z(Q*T)>x2RfkXx)B-$rObh~G%c9`?-Xm>Du{jSXH7s1yTbNr6+@-;ZE@U;tb&ux6Tz z45%NMhmjN2wtR{n`6`W`*W52so>k2JAV5db3s?2YuVJ z({6NCL#3Y@+{&d-sD|&%HPr<}#;O!80}*o5axOxdHDH|;slTqjE9F}rt$>)@X42S2 zn8`U0BwRu!wnvUj%kds9^lc0g*&@Vz?WXV)L`FwCuolmV3E{5em-Cz9A2Vjkq&!|G zO*IWlu73W5J2@=M^;2|U^h|;}5B&MfMzumGM51|Ke%({GL0C0=jr+(n)*sw`4Nl2acFPsW%9ZJEY>#W9Tw{Vjt z=E>{J%7O76mybVKTsVtXGS%Og6Wyag#!#fHEl|l73D;Ts)AC)kR^ev@j};#{qIsZh zi@Wld&!e0f0Z)D>X6f9%cj9yagIQjd!E?!qcu~&9eof^hi(gh_Dvuu@R$q8IkJ-0O z!z%Av^0GY-vjun4j%HrN>n-Tq(p~;q3>Hj%`!nz+%Bx7MD9pZU8Rl;{4xLpv_+3&{ z&evij2#As7xu*EQJ~%DiBx)g=jay4BthzZp#9V1aj+wq<7!b ze-JV$4g}c?(IO8j3-s;d7!3M$LBNU43o(61kE^`~c>A=Y?dx4+2EU*Xh?6bi=pt?h zqyxlW28idyxe(J8`@u(NCgP(3%VbpynoFR`#b~>K@Ut+Ds6bR zJWY3GP)$U}9pA1X?j`Y8!K!!q+cGdWQ8MErCE0^|tJ0Ag<9d#395S}BRI&Dnb*}ke zuhux7EJH^V^E#q7evM1^x1`^h?wmUc`3g(Xst8z2Gq9MSiaHkl0B)#A^*E?|d&+uU z=ci^p11lx|x3xJ}X>4+=+M-Fj-zQ113+^4C^7`} zFJ)c05_!JfYPjHQ)VISrJfpF2ZW9Ksl6y$Hu-8!6iO7~V!7jI8Kj^aOCgb^f z!>j&?siY;Zpzz>qVoLMr7|=+FF13d<*=Keq#BrdC=7;w=aiq0G-you-_#0<&p=V(& zkV>+lPLi6HQ~ok1y@0;mfT*uDwls_yCH6{W1L7U%vJ+gPyb8$-RLRDTVQ~#!3B zk@g7g4P7HV!Q2z7G-CxCn@i-_M;~HX$)lFo6$Yb z_Sl@xj~Y;N8bf&r=-DroPhv{LNp27iZflk>1zyI6Gxnro8ND5d01&L=q_#0glwFoCReh1@e0s9T#Nqt>1HT zXLQLB{4IF1GuA5IxaR+L?|5zlcCAq#^g#Dy23Q0R+q(Z@nD*H1`(%R#js6n3<&Rwy z{)9U`^9Spdxzxua(oD9DJiH3AAFT)mK?5J) zC|DUvWyQYlYK%IGUgtHHeJ2xEW{){~!$$}&doZ6@ zIEX&}?a}SlKd%3hH!^AvQuP$&Q&;>XEH2|1n!z5hYaL_5xb>lO&dv4KIvhO=FDaX( zW9-~6^|o;V1LTt*F0q^|%&zp(qNUa%rZ0>CGegy>-obGW7nMYjc%wy1`A97 zNrUo0Lt`Pd(wVr;tV)|cYfpU4#WJhZo$JP7YL9M-P(L|)wy`*ybWXtA4O;w*zlm}Q z{W%8^#Z;+L(w|u_gIjG5;@e7%k#Z8=?@_OINnAqHPrsw^8%*BX;3Pli($6_RH?^9> zcj?@&YxMJ5FXDO58uEq2AAW;kI;3r8;qPqzjHMAdsjEbwUKPDBt1hHJr=epyp-0b6 zGJH9p^=}xZub*-1)uHWE2FNvoP$KAEagYi~*=xq_h>6?hM0pC;)mh}M$;2<;@t>Cc z4O>~z*4X|wM>d1HeKOtJc%HZUprJWhKf*-~2(udxs5NOPUZpc7qFSr-g;#cbL6spMbN2(#s?Wu!3~;v(vIUcsnHaMg!9XesX;erG{Hs+mKliv4B_BY z_w_->)7blcEW-s?4^IG}A6q(;a7d7z-`5$*@h&}yVKCFJ#=J!e=>~3Jir^{HN+g|NCmTPg1S7@ zi(8T0s%!GktvP?fNs4X@3DyY3NIeb>uPo}N2Ix+xh-@eRm^4@=M-*e_RWfVjLPywfCWnq4UB`!lM+9{V8DNy84p!?3yP$Zxw)F2qn-BU?Vb_r zV`vs@Y>nIosG^#O!I*c@Uh;G2VMAT-4pY%}P}%CyZDmEenz8pr`gfzDUQ_OqGmB{7 ziuz5H&7)uMcRLt2Q23F>3sb$c&eEA3ST?N6;ye>sn}28?T_=Gv>uZ4=f~XX?XD4+E zf0oo=e={Hu^$r@Ysh&|gix)F8D6v`2ai0V5eRbr3xgEb&RAWB3*)p!F;&8fU-c$Nm z%;|45$gd};DXHDLVjmPOW0iOkZnl^;4(x4ozYY)zS*kkS^Lry1>UW@VvpVg3gn z2E0!()03gal&0GmM&cow)uWOnGhVLuM`m2Mo9FH&XQ~jDw)qBO| z#_f3Q&0mM~(RU6#ah`pYWjG}=H)+4F(*`NoC9tIumB|4Uy-pk$ZOCsMAW;xVtY-Jk=wDbd&<%c1y>zuT^8Tv1)WmBi9zeb4 z$r_+5A~kYb5F{7d+`>glE{fVXjn~p$@UIDeKm0xK4{(SE+#@vy#|vq22{sVZw%PH5 zjW3H_p#uB1-}Y{^;Rq+VV1x3B<_Eb9eg9rHEmE=a%)I`g7SDb*<$E#_?_lKsZsXBB zp5OOHK^@@kcIOVm-oKV>Rf|?ADmtsmLnYhw*M4_Zd-aSRCi^+)8+BuJ)Td6nAU!SA~LzEKavi%mcjUB==qh)8U(UH_jr<^ z_U_%RTvz%x0s1y9$R-3h|!``+wRqUj<4!a!KF2cJCR_ub;L|P#z5YP zIk4Pd)qpsK)4pY(#lwRR=Vfl+JK3lJBNvA)jMSIup&JRi?bTxlL+%|_Pjq(>`nbZV zN6GUih;e!aJV~2`*DAZJoX=tg)iR0N$9^R+zO=x*D}oWl(T+uOXXLo!!?)O3VqAUV z@j?0GrdmxHD1<~CRkzZfRzQWa>5O|uaaN#L%GrVtZ;W$`OIObVdTBn35tWGR`uBrL z5lNGDO#N@ThG;}qxilbeUSDZE8@BsN1nA@qRD}x-nbd!{(2#_DrfB6m`k+3l3YM~X9BTd{n0@}_sU0E8xEp;O^Xbdaya$y^wJm#aS-gS2-aKU& zLtvxV^a!#%@!4>Dus~j|x@|09z^~1Gt(Z0d&UwlM;?9K4eHpCShiE1P?x~kn%S5E% z<{Q733fQ7#e3Ll~HC+8OeOD>ewnh; z8gE6T&$kgU!1?^J?MUjSRUJ+Yc?nOZNy<@@SpxfJw-T@3Avj9@a!;}NY}Z!<0)cQg zG2;W@bQF<$9VxQU*)RUx6M876^)vpBj`xs9ty-jGLE7F^eNkE&mofBzjtRLdlwvY? zzsvjMcf)B84r@fIMrUWDyA~2Bi^Yc*#)5=|=ytjV)N_sdJatp3Th}1z1By>;Y`#U| z5ei?_W1sg3sD+79lB)~(hfF2FP%uq}GQv;=l3sSLoP+x8g?DW8)-COL(`4P9II_@R zt|ikmEe^_hamwN=tZ`7NX};kGz~;1wV3vQ9+^_@-CJ1YIZJN!n`!^Uo26(WuNWKRMP-7i zot$=U}Vnu2=#v|l4v{SzL>>d0w9NE_w2D_SGF77nVe+3>0R8n7~Z}SMdxe_=e z2}UWov8}z>_rcYlnLg@Iod~0;x@{2X<}s6-C80dQR#M}#puG60Fp_pL=(Th0+U#fb z1oY+x7fXvC_reC*YlRz^zUzEPAl}qUeIFVE`&~sNxPKyDb!+C2l;g;YpeTv&uq`&U z$Ig$sLf0MXcKjNIAiiJCWpN;=MhxD zvY^)w)Vb>bVg)*h&C|SZyY|oUoiHGKcPw6S**ZLpganieF}IU%q+akI;5nzt`a^#> zp5||0DVppJ$r;mjAa-YYd_t5&9b7^iVb{b3UdBp95d2dsmOg>Y0OPuJNfvXD#nfHl zt%qmL3xK`M5o+vrale8Ca+bQA;YOC&b9+M zS_$g2=BuGi?do)U6D>qQ2nRTJMRF;i%`%Z3hF%)ammC?mzI7>2ef*k;#7D9m!RwE7 zym#39)~8k+;oX7iDDgosW~ll3gnP^BuwACCn1hPtP$QS>#V?d0F=n^K)_~ ztlN@kXzRR$Rk|Ea_RZK$i?)y8Biz#LeO(@C=Y?Y!%G?9o3{p}=E&XpVR0t$jw>b?d zX?M1B`){*`LF`3`O8q(T6e4vnNu-!zU|a1@UDFfjnqZ)Lg8Gh!RrLodR_iYnTP01X zKxAcs%GKTTJd|P1q}j|E65$t~RUXrK9x?}x^n!6(FwK zXM+Kkq8YP8b0AJW*kdb(JgJT2AGB%H|1+BHZYbBuboS1=|0fa)6ajcsS%LFw2HJ=IQj z*{@d?lh#rE#GvDCn5s^gm)u`9ESLE=<&K82YZH4uVq!=t5RwuL$Pl^BYwV&i%&2{e z8c1U{Y7uk++gTK&+Ah*?K36{qOlXwT!Pt0&vK$eKav$DFQby}#)yBvE=5#xS1<@1P zi~Y2DT~W95$Zsqr3|7$2kQDx=agYB7P1-4|=f@uYAO$=N!7e|#rLF*S7G#apZ*?G? z;!pi%C&!w$eqwSHMV%Z;QKVH9R*3dXyl4QdlLYo!s2K|pBxv9j>DKY#&!W#Ezd_$t zS+hge_)H&D?K`{FIVKa1{jNg1;KA%vE}w6@)TCqqydAibDX27|4~F@25#DU*TqAxm^g z7Icm6^R__*!z8gRcIJP2$6_LP`EKf?@VVIz(WP+E>k)2{cBa57$95fcoRKXdMgFWg zK}AQ80EMEaLWl#&MMFzsvwlZVr(lvT!}8uI(tlAhQa7MV-9OrElS`dTc-+^D`G62y z=&Nal;+Chc}x7}8Qj}4~~hNx!FDY!US-eSMIHb$;v34}7k zI)uNh>I2JCRVmxPmSOidcjFOPgQ`9)0nMRZ9S-yXq`W(<|AI7kUqDz5t;D4IHd326 z*UaQaoKU~@U@o~G#LEhqq2tC?JLiVnCUB%MSsSd~6`VYE33)x~{iulH@~JmuNxL8E2QZqXtdQz< zmNweBpWdUTZc2^dx&FGct)onyBQY3EQNwceEBDq3hpA5rZVIFG;&%}a6)4T=F)FQE zPD6rN^c3uqq6e0^!e(Y}1moZU|DE|%tD_g~tUE2wakowF0}Tn@WC=i-MV(+9N^?( zt-yZVb9`sreZigs~wCXV5Ms#I;mE$kkiu`OBsWn zNumA^E{SfxQS%Yx&`Re|d}K%2R-#q!08JjpuYMnXe<}OxuiUkn^u(G`P=(o;HBooM zKV9BDxIKk!5-K6_0AHLOxUP+Vg9ay67%!ZThauGUTmWj5N$2!Zpgks|uH#`4l zNzN?jOAU1cz6&&SW-S+hrAt+As4beDhS-Uk8N zu^iG~&ByMgRbi|t6+Pc0*NlX!WbAaC!UuN^8pPS|L(%E8+-IBkN0dY%4yoccj{}qV zW(MyYF3Hr#u_Jd0F~R(X^jth1B8lOE@g-_F^XA{}FFOW=Okj-Q144Q)w3TLC6R8HH z@)T1P^c-SEdplSCfaOtr-YgTiW&VI& z=q(hlJ2bMd^$`Bh`pH&0Is)786f%>)0m4?8h7XKC94MehZ^_s6q*!9FJ|P`m{H=tfyqJI$Xcj;sD2?@>fF0;G26+l2hT*u(-@6VtSVIcT9EBLD2d2m?wHc*Z|W1 zRm-DTK6$21A;XAU&V9X|0Wmf-7mw5D0|iHuy`)V=#VXR4WjUUqSsbNoN?Hb}IrZu- z5Xwn9-lOg-Xkw$}pBIdfGt@K*IJ=5rKeHdc=h#aM-_SCy9=%3(n}Mz!Dm>Sa=Is~) ztb9+t0L8A+*BKvD!FA}&heX;n$ZZiXUZP*M{MK(FUbd`*gkqq3$7l6O#(%vG?MKz^ zp2bcHS5RM{Se;VhfR)p~BR1$rlii|!i-Kk!sA+MNw$1#MO?YWOA(I}$CT{t~tIIXL zz>6zXGC&wuVlZ_J;{9`ypX64pwTyl$j)6?{2{wEds~+bSj1|YhN%$d?z3&f<9dcnR zByw|S?$DhdP*u$rbF~x?;mDKNbNi>vFeH@opJ(XHdhI|j`8TmbRev`hG>c`)yaGaM zPIdR!0FXC3om(>(*i9eM#ytvOuY>(x9XKiAN3kg?8~CkcwL#$V6vjnWS=>i?@%*ruk-(O~7v?}IHgZwJ4@PSD=FT1z3T z7q1iP%jpT;;L2bP5l9No?R8Zq35F+l=R|maQQ$!tgDSnzc}v6rF{M3_eO!=R@c;*3 zXp;TT&);kfA?E7Jlh*&ZqLdWK)AnNdSA5I%9d3VmI^&H~U5hPba`Vu*ujjlcl{1PA~iK!E@R2ml!LDHI67dk(+$rxORK4)>BFnW%jP(6O{& z7}cMBRGaBil$3TgzLyyG4aY5f*YM-Fi@13~z{6@PSJ!^NRK>665LB7!`iAZ4Vd$N|eR|)tQKhXeF!M3*lVR>u^nif( zy^gz@gc>pi7-X^Y+>xqf_tlWIy4qMP3Y}@QpO?7F<2Poq{N>Q*-5*^jSYR@IbcaQe z4NRc^Nh#;Ais#ge1^s_0GnG82PqVYN)%U*p&==k9UD_lO&#it7&sAX3t8(Ov zHA|?7Jnb<x`9NZgCQLk*Z~5l}S-n!iFS&3e4(-E~>37EB z;=V4l$_3gYIKqBW)I8O& z?X4(@+Lq2|&lvA4KUX3LNf1d&YGNtY4w~nXBkH-Nq($8fyUHg}4C><^8t-W^3VeD` z&S!6y+34azOXalR9nH#t^q>26bjIxLVla#y47!Ii-r|%ZSx23Ay)Ddgwa=>*EIil7 z4E;dJAARz%v^!vcC0t_$l~~p7WL8c4A&pKYziVWyAk=XmCH6U2x4ja)TnnQ(o>nT<`2+eEI-wvkPy6bkqxRU(sNMfX>3Hjz z#pG;=I#KV#Yl4(?!t3t^AsB1V9Lg0{{SkFt0HKcz-IRDy`hr2LNbj>inPZe?N?kjAc zH;A)^A>;o>_5X^2AOBk*Xv?nz4(`D7kn14YN%T_NTdV$kFn#dFsHZU?)L&2Z@>Stx zezR-`ml!5*bZ30#kItq2-}X?Z3?^)hOe{vUW}HUsv@EQgOtc)vOzgC*h9-t4CPwUL zjD{@#Yoi*+Cjh`NfEsBO{3ERTgO=_Smesp04*PbJk;iE-A=M+gWD={2$^Td&008&` z0D!&P|7G`oo&x@d{O|va2lV+L@}K`R9?0W=$iM#2cwm?RhyOo2^8Y9PzvF?j9?e1W z&z}J1F%8!-bzLlo^o777>Dmpg!@5qlox~h8$R^83D;4?Mrw~}M8Sl?CttmTO5Q0y4$TT!nuTPRQ>J}~vx48!a#LEx~gk>)(U*O>?d zW_}Z2X1YmQLXeaFQ8rD+(CsD891yf?51QL_=oR(`XOgN_)*O%}oA?6R57k+K?W}{h z0Ltq2r}mH@U59lwuI$4cBS-O-jMkGW=w(rNG}gp52#p+?^b&AaG%az8VP6ZO)x~P@K~JO1k4F6} zf;mWIq}`4-+!sn)s#q^ofQyLxgM$6@xvOS|aTz+!v958=Ulf`?*^uKTD_vlOPk~B6 zI-y5i`n9l%gKve(|nctJ*lPI!$ z{~9_nKvYU2IXk!^Yh*$HP>3#j;bvRV4=Q`8&kwO*t-?M&L!qX|i0D(KnbdI^MGJCX z2;L2I^_-An1WNjdHNpmIUy{50f(GIcL!;?xlc*!d#gAVn+XVhoE5fI{FDmuko}(VwJtsRwvc(Vs*FlEd#-4Z zlE+*a{2*sDSu_>{CfQnpm&)jsbE-e=VbJ07gv~Bj#_L25)7Yr#tm{qx)`ZR~TGY#Q zxkNvA_-)hpEHPZWBk1NeH3)!bqkoCIT+hmVXFT*`iQ{?~&Zhwio>IMCd{a7MBP zc@$cf&u1Lse4)5PGXqtZ37AqbsO=FD*neuh((0f+zxOGOv2+3>Jn&6thyymz_KU^+M7p zwncadSS=$rV=?q%Lp*#mx^>m!#ejNRdD2#prYyq6ad#lW{}lq2<)KER#5NPqH0vwpEO$&1k~eT>1=% zv&c^fzr%(#F+yv$xm7*$S5XDVF}Z+onp}h{+JS6tt@DU)@IeK?zkq;*y=!y%?AmeL zf`F?>r24wG-m9QrWRB64?Ut5cHy@jSm1eri

      &(mna3vb}=8t$@#8y#v$58mz$)?zYdg-$^*nEUuvEfA8? z+|AQ(#z~vi(HA1DY}4UaMXm(*%q@AR7x={{I7|6@luz5>@+E~ly?>F$vBv?xSjfYP zPW|MJd4$XQ9XkoO@2p?*2X+?P1A>=qNc$tIyR(5+b{L4EV0Xr8*|ya~#Z6N#DjS|n=k>Bq$1=>pKmTHv<#V-8u~1GPX>|VLnP&X;f(8f zjWy+7?7OUd9((sgnxDgR0*$^zCh`?dGQ3?7Bt9AzE4^lrJdV=KN5-epd*91S)% zRQ-%g`1-gR*Hb|;E{!Y)_@Zg%?e|0LSZpfl`uhM)UCLX4urZkN3|A&PAQnJa*UqLR z*o}Pk4F*e(6>Tn)t$reKW41~%qvhUkZR}J~r3m=dB~cLM#ie4(S%(;w@duMyq}*{v zuz?bIHs94KWZ;{$sY&Z44CCQ`qaLiAV_%P<^pB@r%cy#OzULtG9y}B4C%X!Y&m-6< zRUb(wBODX&Fagofu{118i>CoVLQ|(LIPKFY!^^i~6V6gq<6P2h+7rTTdA>Ow=G^^I+q-iL zMeG;YNTnr(Af+E^e9{^%A6dK{b(w{&(voVv<;a?$9;~Fe*2x8yJNgUU(~0K9jxSP_U0bfy;(!bGH5`?#v+cYQ8 zxr-B;nEo1bmXk4LG-j)d#nFL#m%1y*P_WqdogwbD4`g_xS_C2Q?<(~XoLT`!&i(Vv zJF*-CaJ8joA7YYV2IAYa5m`u4+~LA9q^}Qdan4O@o3QfGhtS!_?yF{J7^1~+T@ZUS zA60ZF0mERY_uN(1nx|Kbz<^1Dk8<|tR=n_e@pe-z#JY*n4hv+o4NnOm`z3*BEhQrG zeSv_1C54xC-@I5qJ82UvC=RHRb=2R+Y_)jvl29vN>f{POccX@ka!AvmFzTS1_D%9y z5kT(BRHbvG+eY{G{+8YEz!}n_cA#3!tPErs1d>yjAjCR{%e{mO%mg&y^+0=QVCa9m zek!_BV7schMjO)@Q3EL$E?);QZ|2jY+Z~Et;yCe+M}~1o>w4V~9j!OuAc`+V5lsw6 z$$WO(W)@H3?ILD*h~BmGrEGQQ?7Vw#|EOBBDw6iOWCI`f#O*26*59}1m}f>cuhl-A z7b??L4m{zxjzgkYw`S=r6oVBq+B&C_iEL1i%9DmZM0<4mxI3{RifmfUxHCzLx(W@Y zEw57{?Q~UHZM}c@x(t%%Y*xWs;)s_HcY!PH$YRKiBg%#-enb#2waLyy*VZq2LRGBy zV9is7?-o7cj_uk=&S}7H1)t1jF13o-9Cb~s`POmQl0;Ab+_6)dTmha@NYDrXU->k< z!8oB~(_IiS1}Q7&+Kg&t*ikp*;eI0AcQuUZ8S*t_&(|qbv9*}xld3rrys94H8C1QD zT?n%|r#r(U8`HNvD!ErLgu;4{Qs^I6G$-9haf{%;DZliO20Ne01GLX`K`U;8(=8KZ z?h>r7SISh_n@a9=)+#@!c-$-M7nRW8ivZlfV9&WRi%qHOCV&biCkCp7bPeSIG6!9r zyM$tKCal;n)8sL<5|f=aL7aICpupo7A3=JX?n5mSRTQ%%kN_El-hSBsi?C!AxdwfW0fz6@(OLiHS^JONNRCrK=nr z@4V9Fj28kROHLic?C3zd{XKIijce)n-_9C%KKrNV%ttIHLt?hoF&=X88_P&8 zFB>oh^P7572&Jr@;`x+yaj&g!Id9FygVRl|mhNv3>k6sA(rc>JTMGAT09==*Gp-B* zXocwNaiqbXm=NT0ZEB}?Vuw}l(iF_}%G?0mhnvziGN06hUj+%m>pc3ltPy4Ib(R|# zfJuGY8a4d2xFqFJ-$xHhFdC zG~ECY=O1Hpbg>ugSi;r={G(^ro8%b+(?fL#8|WbN(}5ZiiEk5uV2$Q)RzXXE*QXvg zxCu)-sea;uFJ{OVwhZ14_u$2X!ZEyVaBZff8c|bVfcmSPBHZkAen0O8ttohL%1Ej+ z^>8n@*)?!Xw*2K#ALB{rsS2v+JvKqBioc{I$5D3>s(fS0(}8uTi1%L|ozzw@*2@J? zQ7xKOhQ<>d4@F?C%RuUpePN8SX%%jFJX*5g1n@4<3{(MwC3|>)&t9xQK)R|YqSL9O zXg+i1E$z$1o$iVpi=`k>x2;Jj82z!R5nfpxo%ol9efxUH`XzhJ)ySE=!EaS>c%@vx$XZDWC2Y5)FZfM*PQ!B>BcJ;_Cv3{aE53Zhsd6w!A}N=qxENG zO(*ch!SBk=sNYOmD6cgqhD}ltog{~vNZK0{9JLssb<&QNfxFj|qW7E^6yhI@n=TsN zsdJ}25WTiGkw_)Dy|>n=8MNF3Q1?j6ZKK<jh8|^2CsPQfV^>?atOJ@#8_}vS{k!P}{W%`D*Q)77j9I%=K5_C1=6exbeFG1Vd=?e_ORD zxu_CxK4ORl`4eN1nzNIt)CFsB;5DAgWqCOHQfs@jd zB5c^*bn+)*rt+_H-H$6T_)3lg_dUtGaX)lwKgQPRjYtPj)UwP(Q+z+qZ9wQ-={8N8 ze%PluqPT5Ljx}1|yW+UR3N_uTK~}qj{Op>h%zIma#$5n15jNi{w7c|NmGxb6`k40} zwTJ7^N_J56E64-?6zEHz&h!>oq7_XM0W7>J#wDIL#cwWkU%ByFySM`j^2N(irItT(m?a&vr+ zRRp0H4sgx5nyOjN7{J$G65RSW__KfLClKOYI{l~gZ!O_)cR15SWRT*Ig4vh(%C!%ItIO74)fA4YclCacQQ z9jKA@&R7F@`u~B6i^Nbx+b`rQWZ=_T7|J{AOR;8LNlD35v90q%6not_4DO=G>I8Dw zze)}h5@yu2uNQi)v4KjQr^_`W{Nz@NZ%D~qd{8oSqWcYCJ%?5hXHe2@k zKYt4Rt~N!P++w|VhD(ZpHnar`t{`l1gST}&vdH$=?zMg&@kQaN^kYG(iNEtJm$r`T z3bJM~Zq}A%!YuZ1h?uWD;FEIYGYfEj48B5Hif>Rdr#>l$tm#WESwpX#(`0Qm<3j(4 zH_>zjzMQJ38k5C+n{{H`J3NJG1cAD)4cq#$MnOX47)PJ3$p zG#RO|QZUHXC>Sn++<@}^yCzT&mjHK*Tz1xTPt&{r@eF!H>Eq%X9zuq}xJbRJhPww3 z4QL%Dw`v^s#XvoN!uoLcEGOHtd=#K9=Pd=L0Jj3@h znd14$U|LB5BJIT>ZwiP7yy&`}OQKalkNDxwZP_iI-^ssF*K8)p$L6kfQ}@Ndb=QR! zs_Zj;bPYs77sD~pKQEH!cIZ2F3omDMax@~<5;t@l8ZT(qJY4Buq~|-#xN_e9BIv^8`#F zmgilch17n=r-0~qQ($ilxBb#xQxXTZzdjBqBh3&@Hpwt{Vm~f+G2d`&{G5rln%{zF z z9mP?sA%4y#igCuXMu#olK?(gA9cwJ}ZgG{F`w7 zrRA;C-puAXV+H5Bac4;5iZ=es5LLM+@BSh!0$T!+Aw|Z`fUXL;uA>VY!#{X z)Wy*_n;HIza-caf?)bCHd*Hv@dA`+?0BSFf8h>d3jCmM5j5z$J? z%?fopi{r8#k^5x2{aRv~Qx1`D7x>b1xu{~MKwH37OwpB3KF^Bx@l4QbnwAot9Ee?x zARXo)q1k)qgL{HR>iWZ_n|$l97tux#k1&NKggBb_`F8i|_O#F&^iP*R=NBHci^0kL zg2!c^AZMSl83bRA>Vg8jpD}5s*G%| z&T7BfBD_0De`px7$Um$Xn&3HT@XvLt7|RF(jxJ9W|lhMNdb*O zKn6CaIUH&w$SsbiCO07)xhgifJLHCtQO$26o!>LG?<^W8stX}Hcg%Cf`){Cp6lIZu3B@Jf+qX;zPt_m6xBhqBmYod8U1WqO{y# z+8%w4248Q1brsVhhp`-OO-tKa#q&nbc~@R;DSH|D(=+9Yj5IT}8RONGXi1_UBP93X zw={8ojqt4g{g<@#1G3$LQpAp?cnEtLzIKS7A-a?PdTN|TRl6X_jRK!=)hT^%81D?2 zsh#AU&_sDoS;}m5NA-*3@4ISlWSc-rKKv%2z$e(D;lawfaQnd;rQ_jg+I^a0e2v;X zo3iKwA7Kc+LQY|FleH)tU#-{D_W6~>I4sTTrYL6m(}z9IiDyzeAjFntqLsCErMe7d z45XPTE6l)+WOic?(9@mL*CKO$oB=8nZr&^`t%LYd_w{&yoUQ+kcXbwT-GIv{rbaPB zo|g)>-|-;zpu zK;zSatGrg|cxO1=pCQ|VJ#MQVZ|lDgMAy#=O`Im?GoeVGN9PP1N8d#VCMkypzrw2~ z+W7;0K$vVu2IE{XNvXMYY&F*3aIoo$rKqUJ+Gy8Fpb{}}o=Gs^d*&1^K>CbB=(I(* zcghl=^HiI7OWd!jI~3f=PaHEGY~#vpB_mpk+0q|WkIzqb9)}6EZY=^kwh5$%W`k~p z0rX5(ig=ch?MX*muJUg601JmC^*<3P=5H4pC%|QE)ohJ8A?8LUR>#E=U0p${GK@fcBMhT;c9BSC%6qGeEGORs(d^mS=neRm5xxJ_&ku^1FXg>n02?TQ-|V zHHnr9u5a6@^02nI5;;Qs0g!)(ShjHSqwaybHL!XomN0^JZD|S_DvITA=1iN+YzxZV z&!5*7lS?X=V$NExD47W+K+ff8H->UG&>JLw&ciuNB9omF+vqrz zj07sAZy@l@ZvCsPR&^oN19HsZnmP*x$6!VKTHk=)Li17q$5Z>_3+Ml=?OVR9lmnMd zrVRX;Qt~tHWO4w@nzF{|@1@?S4JrX*&Hfz)XC&rF>wEfR zq^*nnltbYwD-Hcr%{-X$%1JR&#+ur$GKdN4`!Do=!oltJZR51Vo`y?ak87yXu%K$3 zK1JDg?wM7!_@o#4<-jjZFj>2yu9Gw0J$4N&#I`iYbtRrEOAfbOUytr*j`F@Cs6#V` zaZ7)#<(j}5oUN7w#0(SHLy4^k_aC0km#g7GNb-j5IZ;yuieocjMORf?>0m$-pFeeH z84=^{&TBXhox~(D6z&kFcbncmR)w z2v@o!{RLBb!rYg9J09rBr3yNHchnQEgBxRUSv>w%GdDCaf-ZP&t2a!agsHQxtA7Nz z$8oY1GI?aJN{J~~<=+hnL$WA@gP<&=*_4cUwF+=C_&S*%F#IrY14PaMoFG<+_}4MF zy4i1XDQqb2h|y9v8Pq&Hw|7SX5+omp>y#AV){)<*P~9e;yKy2Hrm6)?QPjmymLEeN zZ)(la7B>QE^$OTosYjk0O8=8#o58cD-xj zmm!b{sLSi5-6;@d5XW=Q4jfV7j6_r2Xl#z+5qMvXwCFbnXa_fO7rnGP^F)N?GiYS8 z2bv#GZoRUh3#|#89nwDK48rd-C3OLflMX|@O*8wW_uY459&oTBY?U%JY9x7I%CQ4X zkMDkr#?W|DzOHe_)8OE~7Q5@|pFOVgdJNM<0MGuYkDir!rf63~%FV55=Na`pjAD#! zQtl6DvaR7;xe?K;1cOsU4)Ch1seXqHBHoMu!NE;7hPT<_yDpr`sAp^%NL+(moI{sA zT>sEK%Bl@-TXqu4oWwX_JMqFzHZgZBp0Q4y0Qu=Ou1wRxTza_mEEf_`(`S(JmyY(QJer(%by$UR^FnFwEW7k#DI8~%DkEfdGY>>4uR#v- zO2N*AGYf|{Z=e*K2V3!4fC?z#G-$@XDHs38F0a%4GWXEC7zdsH>-}PcfoENKqye8a zRwxnW90pLj=~|ZzFIm##J!H`ec5kYt{CyW1Xd{{M&W>7Wkq)Teigh_%t<_G~EOnbg z5bB%DmaieT{tL()hKZud*gqDIYprWi*HwpGmKCl`*{jhy!44KbE0j&~O(AULonp92L0z>`dyriuo{ z(z1^H{`E;W8vCl-Jr>+x?$|FkgEku9I$EsszA>4!AU zA*9OPKs+xQqbD@F2Y|Eef#M)6tz^Vhb*!?&FbVm)X~bkD{9w|SaT4~k*_#WYa)W0& zO@zj|Lz8O(57I*Z=#xr|ks<8V)}W@A11_rpu-_eLw|t2DQiS-eMh?dh!OkpD^8eq)g5l_Z%?)@#l3|mWYaHY}DIiO+Lt}2MY zNKa^Vqy4YtKJvE%RD?xei=3S}p-1mUs6#xA@Oabg3!$Ue`koj(tqzNwN-J40BRAQ!wwJ z=QTn#$UH3VNw)xbYZ@c0Bh6Vd&BLBg%h?Ze&qfy%F<<52Yf>9L7^{?;UU=dS8;QAX zc%R5uy{YzKAn%p4&^o$0Sa)Cxsr;(sIr+-T0{J=cK!Bu2LrCJ(Ny`F9+pHVo;fkxW z=tL>1_|J5ur-RLiOzv_LTlUo6G#L~iQaR3k$}t)wIxqI(@X)^qhzQNtTRq>E#`NNDia? zOecszp-GEIK%MAlEH8S~NH|6Ea#Sr9PDzB3OZ_*};sE+7(_LGxcHyBnkg+$glZG7j z3{Nz&B{NwmlVO7+Pj0JU4uX#^bvVUVW+67k$d!MSM1G^Y$>|P5Td)P zI9+3Zv0Rcs$Pk>q=dD>?QoVk?CIxKU)*u{tZ#*R`K1LB(Z-ps0;WfO}*gXocyJ0A(7T#7s>XsxY2 z&^&_OVBi=p%GOLyTF9`;HC6?7)w;SZS82Neyi?JP8D`&;ihgFVGrjX`q8GA~!4484E}{xW>)o-H1-zmH=v4fLz6a0-)3uR<#maS3T}45*^4wkh*228e|1E2^0f9WvJqs zpE;l0s%so5NyLNftt7#g@Z3i133}?$F>_O48_Psi=*~zjEJnFX8ui}y=| zOJUzl*kW%mk7BWlu8_IqdxQdEoKAM4V4y2kbIdejLOLS{axeP3(JGoJyw7K|%HI{k z$vU|okd{?n`0iFGO#G>$*7_(Yzj}25n8xRvXvs&oVpoL4e!@&# z;8#jK0eB`oc*y|B zqT}x|4Qxd;9$uLodgy26gH9grP$E=wXCWT zXf5t|B%-!-qGVG3!wAZ6Rmg?1+Wt&p2zu{A3Q%GUvjV0D-qQT?UMruD89dRV9#yEe z|FLXK5{7Sq&X{le16yt%A@E6$tIV3I{_Ak?LE}_rF!aO+62shzk#41Vb?AxFVB^7x z?F9%3)RwF~>aen^Q_1#n}Lf)hfw8FBTJ$YcR z%ve=1Awm8Jdj%tVxz+#dmt!A_vsUF;OIgt$TJ6nKKjn?oANmL-Kb>R~5`X3p{Z!mI z{m?!T>7eGZjK8{*Bu_ZoqOm!~sMt(2hsn(MMvKl$p}sRIQZ; zF@Ts2_>fCC2PIZ^dtcRWCft@c^-`)u(=AXOcAq6>Ct2pzgg}k~PVh_j*@jOFQu|4d zHS`jgZ{D0(Ttp0?^Vja1Zaf%g<|wu5Lg>uGx$%+SMS{(F!M)y!T(@SZPsKoQH%V+x z&TOl`3d`+Oy5wsCo5mhIS%a$<+$&!J`Tk%5<4uw{{9}+~3#oHXd$jzr#ZHQVWP6~i z)EggLLdod34X&x-GBj`l>`+x>f2AMBu{#6t;VVaTd@4c+8=e4>bS9zC+Y-K$~{1cI{+v@AU9so361%|PN*m* z8d@WJ7CObdAjiNKrSg3l%$MAZ0pz3o4*xc+8b}|DK02Ft3}4xR#eeD4(}B%stSYRM zx+_D(jP;5rt7B}rqS)tJ74q0mo>KU|2g3t=R1d-$D#>tS6-B#<`TG9C^NC+8+!7F5 zckp;5`J3bp5k_er8_n-ut#vn=4LooDeQFnhkPWAQ-fg1s(uOzrd4B|{z|o7Bizi52;GRz6QP6_y+Z}Wo&BVk&yJJE++U4}ynh!+xXGC;j@erdc*;v8 z+zouQ3%}b=@rd!CHX%<1&&d+N*(c77Q}og{Yts+shh$4$n6@(>;-bP(QxS>GC3w=a zyOQ3oL*ZrebY+ocB=w~Bb<cGU)diGgtu{!KXAW z*BM7T=~0-)9&NE^#Y20@wKW3@&qX+`*=gBG&bKy5s7$*tq_h~h+0Q&!x~oIuWL=9l zv}uwylsk5go9LO>7&w#63-R8u!{`2L{K}%A z5TR{guto; zYm`fwP^6{YRNuVfbD|f9aMtSXpQ-6&8lz(WXcV}C!g1aUecjpWt)iR0DF%XPB@mkk zbVGXpb3Kwo7e{m(jWjNg+Ipi#2Yp-PGew`8y;LQ@>A82Ww3|rvK`YBLg=UZSG3EDmqKOYwT=>m#eFjMYN^{7>Vw?vFG^qW=un8n;u4dagCx+OxJU& zZy#43u|(}eLUbn@%VjN=Xpyd=~<5pZgCK%})ow2uE?@wX{rnks@_^O0auuxm z(AR`+rd-GD0=ivazAOro49H`wh;(G+~s(7d8XxV1Z^UiN6gcXp4sxN z3aTYU6}&=Hi;8sC-Gb}7o-i>rdfIM+Dh*EafSWkp9$>R3+^6y=iFA|q$Z_Oas#bZ| z*c3fn7Z?Tm4%I=W%07RovQgU37%`0IV`rI5Lr>YLKXm;+pizThT{fM`mH-5v;L^VB z`_GU)N&84hBpYa4)p@?9}Rk`golz3PSr3<;D`kf_wiR# zo=j&uB-v`t2%=nrul<$U-E!zVN`TKe)PDH8 zQbDB1e98#wE|^4Y<_TJ_zGigPXlUl=OsBnQ4JuuBEBqt{5b6c+1|;9ylPyD(&CK=M zF$M*lecL=y4WcNcC3w*dL+9!U3spa7mQQurn?-(W;8&u|mFCp?RB#z}L`yYjaxQuO z-DI?WLhLlQaHzdar!SbkqGGTUK4%4KM>$l^nd{$M=6tgQbyP**2VAX!X7qpvRO?*n z9{m9i;aG}P(1)If-`NQ4JEcrUpIYFbclU|NofZhXvG?`!@UPK8appy{o_w101b;-U>oYu5$z)HfO^tklLxTx96Cb(s^4h zQ6BZ|hKu!kQvlz&!>yTx4E!o0Uh_K zfr8e%DB`@A+GTKv-~pHcYDQ zE!`@!ZRsqnACKx|A+ZUstcJV|X>E(Ir`!ibSF?n0TM}A^(&r7fs7q$gOwPTI z$hNIDhy1WjQGY?Xb!V<{b&$;mbp9fwiU(Dr1(I4j#1x3l(f4E> z$gavakjiG^sjPXI?J{gb^DW5e93bu?+dYXh4#}K(@7B2~6z|jf?b#v|$R=wi?Z!eY z&pR8;xiQkD?TF*|hKmf+JTp7@B-vOtRqx>}!lzQLmV%D>j4lNtsNDEkfwp~_7|36? zS0KOCM-->Xr0IEC!wFHJA^mKgze}nvHRf$U?w^5Tfu_w)TT{v`)~0LDP5 zFD`wi1i^#6tIO7E@CcQl_EEkT0#c+g0RW{Yu&LpXhO;#S+0G!8wC0h^RZ^++XTU0F zBSE<;43XA5?-LL@^ANIqSW$r!+%V?YGWNrE?_BP@P@|)Z!}v#MWTb)s(@O1c-TliV z8NI@^lP)7}Di;M1=8(=|lna_1O<3!5Hnzs_;{Q?%xcyB%bhLo7116DqeMO~e% zlO-gqkXyIYTV3y@#@|-oE@!C{NG?|Iitc~`b^w1MF6}zF1kx0!`3+%XNKdY!{@%b= zmatWPA3@)7Tz=SS#K@F-7zT%4?+b2vycI8Y9kcfJYOBkCV5{$et2xF=u=X2DLu1k^T8^UZ#jxdi;f@zq0R5Le%WWh|3d zkD0-3;+eC4P{S)s?v|3>Lc%y~mzO6PJ-m2hiGEK5oIg^r1e5)lnn0zIJQZu2pj4+C z9q10@blzU|$`){cI{?$NJ0RW#L+jd5YN?J0?vCvZuu-%7=SL(S`x>Yjlzqn%#O@1s z(VHI+=RQ>>1{Cv~Md4~aQk{EBp`cDAcSHb=>ZFft4KF3=XP=MB` zMp&2Bfr$7R2vS5d#oOVsPx1)G%CUx15jEBbWt+fKfL67uS7KaJCGCb~_Iqu_^#Xl> zAbMjq&sU!{-3Y@WX6^c2*^{werv#CKaBR`A{SlpbmEzq2BLARC<|&Efh1lzgo>}y# zozSsMVTzVWvOX_}+CbvI`?=09vlB4t#Y~yjAtM!G$$Eb`F-{FzGgWX0XZDtm zw}`<3fu(iJBm>9o9u8opC!#nH`clZra#>M%h5yibpL~7B|K--B+NCE$Tj}w8OaHFe zhLUT)Nqzja8TL+&6bk7Da+E^?kpme57;d&v(~J+@j)C`l;NH-hA;)FxUkGfCX#wHD z7UNd7rK~r)-=CdA_l;d$*h%8}`w%Yj3Jb?Iv~+Z}C9FLkqVTGOVJu0S5Sn08t$B11 zwZv{eo2mNfj{N0*`Tah~`V=-xDePW$Pslje2gJN(L3WzpcQD-d)Krikuf*HC%$9r; zHq#rlQz_*&!|j1UV_TgAXqmsoQ2K64E+kaah`(tOp!>wTE266d$J<<9p37{F>PpLu z5|0OVT?&p#MRs=m5Q`;uzC4t_MUUczJkR-@MTkupYt*EazTUHia~ZpQkKl+`U;@h0 zVo+GE2OooBY0)hI6uSL#Z46M8{PsZ1^b{2Fc00by?CM#)X6w`c#{cjI-WI=4l(mVW z*Sf>bc|$+3rs}C;xGLkC@bq6SE3mG*tZcoOpJAtGE#e6?U*4j(l&EH93DCX}YgDhE z>z|ZlVOkuIg{=@e&yJyXG9d>GA%J9%nC2~?a+Wrzd#xYfSFsUrewai@-_D=@=E(lK z+eLk(CZlu0?AC5IjzT1o(XANt@Z$tj2d)xEtxJcyYe%K$y?LF$&v*@r7w} z0#N}}3J?o?W^8!#94Enp;0~9IYmaFu`i>uwhRlZq73(0?dvA(R#3`L=-cQ;Z3mwxI zbnbQL8hMw;V67!+3I(z>uZDMkwwSzXA-e@5d##Nsw_*cm=&J-XwMQ(fX$F?b3A_WBC{@QyLc{OLt?g@2jl^i@-X+8-Fy`N+a zLxbyYye;@UaITI^NkLE(AtaCIXw#6~N^&+s95Nw4M5>NjTwME?gp{~rK!!N2VX+W| zkPPxie?F`(Sx*0|zs*r0hXYQN4_eQCSQRgYl?vA4-6#l`c#Vf0{1KarPkJ{D;kiFR zvhOT(0K9Jfj{Uf1_>1t!-CM0^M0f1SUM-5JCJEj-h|nCNk7iM-!*kRN^Lh91@k!Sz z3y)e4*`!p(s)(6<(7+C+v;I^1vIc$pVoEM-70>!d*;o_TLbEv5J2h>bBm1zZbup-0 zPmz^Y3K4yLf1`<>d}~Ifie&x^timffzr~|PJ+y6VO_PIs-k2pQkRdNp z^fQRRBdVaDVN0M?zTu^8Xy#5DAnRW+GV&7P)5~x9nku{xm@9GX*z?!6o;FRQW}kYs zq#~5aD>P`E5&7tdhn2sYx>o$v)y@i#X=bEx=I9)QB2XUwdY;O8niADm>#_USMZ4(J zIMSSaL${Q=1gyf5?3g3j(=osaL=fK}GS*wZG*Y7%R)+!8cLdPZOIK*YAERe?@*UQW zmDBogZ*5N}7q|&cl3RT=1MFp(v>~dY74v4;H$wzK{=rHAV{`uQ*70~7?b2s}Q9guI z?Dv@80b;;sC96h%vpd$soNZ^-*bh!P13ZTCdnl1WQ-)5>IBsJC|6F7XfFMJYY@pHb z^&9#x<2|;eH}Mq7k;o&^^f`J>j371!xG&B_-gP1q9GqP}IFFdDIDgqt2%cN<=2qzh z?}qn7tUPyZMNo!8y*36K0jZH&!JCADjTXY0>7+86cxb{G9_@W0h@#u&J-#6}Vfq`-R-O;T;QP&C@@92~Yx z>AUxKmV`T>@v5bfI;NEiWm?ij5DV6E;Lybfwr-4$;rWi3+ENRBdg#i;k8AC&+)`}{ zlRBn*U)!vxQKaRFOq~q|<&RD|fOZnUm6g zonsTTUoBnh*juLS;9g^9SqZ_&2v!10S^#!lYU|amtrA}*qEI`OaMboo7Db%S&2X2_ zB*lW~ZXli0`Z5a}hzlSSkz2p#?8@8KITlVQ+e~R*{SMh;qgI26_2aHG5Ah36pzEnATfhX z_l2?;P*)++cj13j<@1wPiT7n$b!t*vrw|O+d>m_TZjb}f@UqA zEj6sa#-8k4at4LlXs0fZR@wDI^Ko)!3 z$=aUmV~jxPjn@ozF;z|QmL(rNT&MG&6y-t)C=tx{7Tfg>9wDbTMZvvShXO%NUpuY! za@Chw5|jHC(75t`9`+gycDTNAfwDp+yQJB|M-kK5rX$fYC3;$dMm+Spd8xwu`Fbp^ z;D%#X|1KV*Sad~S-mS@k90`(O7M7!04r==VU2`N15ZIAhtcWp702{evZLx>>wBC1w zlom;wlmc_>8Ts1_`jN1WL}AWOBUUv%pO$=+OM}GUKm!jhbj$WoKxr&6?I$G7pkD8D zah4Zlr)a2x@8+q=){Jx#687B zqtv5dOw_e!`PM@`8}eL?VRZwL;{B82 z&kyhOhZK%J9ie2lznl?u?UdxX9YRn&b@CJ#uA9ZWhzn<}#xxyd;u$4 zX`9ON!&sl8cftufV(ieaHm&k4NTgWDkOV{>C%DRBre>zVrB$^q_>Go1&=%u-{W%}V z>=8en9D{qkBq@!-81$LP88p=eft-{qa{lO?Tsub}!NT@n;iWA^VtS0nOuaJZ7cf;3 zwQGB*znSwUJxb)GcQ{h4A5$B8^1fXqn#o$ob#npzDof*M)P{_ zTy?#kCNj!{+M0u|@yy&q-Y8;)to3=QIUHjnPA<&N4U4#`%sbHp%X|JaAJ79N{ry`{ zdIGv_@JS7Z!*BTi{ZGqDyprXnFoP;tx&vcI@g^e%I{$77@J3XJyramiR4S*4vJ)XP zB;>#kPGt){ZIC)Nkg1sozjdXvcU@U`5>E#7BZoxoH(Sc^dCIYDPNMrxxXXh+yfcw2 z_(=kH(Uz!ru_cJM2U$$_RHsKFBb|M1;uU=~Oc1L4((A4rn_;{)SE|KvO{lWpRy@rt zjkmE0KOP9sNF4F|Lwax>v!X?cCfLRW(JL6<)>R17UPi6w$avpa9;?POk7KNp+hG3- z_z(Yem;7CvG|+PQSp&UkPAlkh%@Bu77vNsP3BG^o6UTm};YileK)-nyJFBXIsZrx@ z?x&b`v$u6nVzOCzKP({J=CnJmSq3vJcCcx|+sCmzc}xM+tUWJ1Jqi$wI9hqx2c;K4 zlx#w(y-zmg_P@si7KZ@>G*IZP3p9@vWNpavbkI0%OM&8>5-maM>n_$wY5IPc77{Ma zjzH$AcTUGt)KSeHo>9Y}S^C827+#;^%ypEl5y-CPK5m}ISuCb{4dTWG4nxd2#^Ldsex4>*sCf# z%T?Z%1g|$Un7>K918ng(VG&x3FIQwP&L*X6m=4Nasj;p`@cd)j3{2Z8A8GrvIeRH8 z*nc^M=E#*J^rGpz_R6oql+0#5C!WWuMKmVH%d91*EP`I*GY5P}$Y}6FPd_i8OV{4= z>;>URY$IEb0UI*{)-Ne5%Cyz_bPqvew^8Oc%l=~xfl18bQ9^?FVrF-oU|NX51(WLd z8uoz^ZhY*IlSd_L3%W?)VWpMjYH@*|Qvbr!7?BWmlp9MU=Ruf>#)N40OhymnnX?P? z3N?0h-f8wN*u9g^WP@hyrq=+gRK-aU@Tvcm!6v$@t)lEh_E#}f;7W`Fhbk%3?vml_ zCe9N{mwUbB)L?=zH#q%!wZk4Y6b>27qa@lH6sOWtlYiE)iPfwy3w@)pu-beVX>2md zG4RW9AK`~`e}#GOO9Ish#rlytTGQ;g1c(H}U~VvPOrh^Fi8Uy!6$>{Hp2SK@D>ENn z@tKiE2#`b=oBs*|L%{zlMW-uxA8AJ{e$b=fK&iD3TS7l~tJ04}j5!c@1%8aJ%| z>HUYKe~_=$GboH1+>!(`-ww;1N8a*eqWn&MBmHN*2jYpW!tEbfI|Hu^^@IJFuBnCg z$QQ`pcFb$9-^AWt8z0A;-(B}jZ`Rrt*CI|}bwQwq@H^s@nh_5oHsbjXP~c-X!QR72 zg~g7GCXBg>BcI-$V7xIQj5bI57^~OESj9Rm%9B0{M>6sND6SZs?&AMx(^qM)1)xG| zX3y1f?4QIN@k3UPfD)B$x|6W$7c!!MUsK>Iphe>UpQlBm04$Q;)$qE`u;@rGSAPN^ zE+W~dr{ap=2@f<9@&UoP2N$Tvm_-Ga+eMPlm5?9of0xIbd`a=s0wTFJr85w5zvtl< zgdI(dLIQM#3E2x{D&ygzY5H3%nHnY20~oi8v(xf@d#!a!gO4wLF|Ffxg5c}MCa45X zr(BVh+rOLJoykBGZG=ghX#zaxK&L(VjNVTlj&yb2;PSYdV_Wt#7;4j`Z@DpKAnAEq z2UAL!y}3wDeiD_C-OtBUvXHu>@8~Lol!MiPc{*PnGd5@%hjd`HY@Adch%0B$rMVrg z+=7jikRi)4xtaa1t?#87PB^9F>uNysc5+UXEN;elBx)&7%_wCs11cJd{*nO<)q=ITR%TcSO)F zLcc7o7K;v%s_WhZRTTD(2dElHzFaX+Aa=XQ4fac8(5M1!pOR_xFK)I3+>RPsaed-n zv}kppNz#$oDDTXLf9ShsXoWqcFS7dB2k%~Xjz9q)J>4ME%=dxl#A3r4<%2;$g3qS( zN}y#Q^O>*-wRMs^QR*?mw^f~wFcC_cIa&>jirlpK%LA`(`6(+PKY>ttt8Y=&+zZp# z5i>Me5S5%q6myvp0ps~&8hGko&zr{ln+t>R_1tvhR&2Ihx;L7dbTo~l->$ncSOb?v z1GX#-NX(m6gG@e53jMfbU}A&-F`&r*jF;`f%!T#@MGXAI^^Q+( z(kc%O51u$Koc0xcYc7gO(-lL@8h`EO>H)W8bkfP>@`|kJ4ZV6MAnv<;iiMMsQvnpn zNsnjmt>j|@#^qVw*}2k-nh{tZD=q_y3_6T*PQpmYEfd~o{6{h+1h_ zh8v0U`0*rm@7A*}>Oe4K9Y};;(<+*Mt#~aIfXx{7fo>nOpG)tf_p)GOUMj^)H;3p? zx`pab-03{njCfSv*%;^M?Ct%>A1k)S0!EhdfcX1PvZHKK9lx#O9SAaf=;bORi4qdq zKyfkZ;?%#A4I@YPhY;7%HREer+eBMi&tFgGydm;rx#>R$h-K}pkx1^2Pez-ASGuh@0=LpS*~#D`F6ijo8BUrp6P2)5eGnt5HxMI(9vW zu(@_nC<}Tt)19B&rm;vXB)Z*_7A?!F205|=_{~hnG%eL-1*+Sfe1y@$=(eC);X*kE z*CpfIf!tp_OM+tgR)39PSurML{>re|Jen<{k(R2ce-8k!H>~KgxoSJ_^h)r~2C6kD zyjvpqqLUUgr&M-UwQw>`T%E$^B?sf$&v#aU7Z81t4{2RXLthB$3?K+Uw=gl;Mj^4j^ zQ>%=dLr+LJ4Si*gsIfYxx@vFeF{DtscH;Pqu7n__T~k}^J;2>n=i~I#T|NjDRQ~B3 z%>U{K-saRsJ62K!UOa0Cd|^6-yGk+(wjz+3ZMCgk_8MW)D{)G}p1Q27@anhd%i^qw zX~D;b@nu%lr_QXZco?3_Kg0x=Hlu<}x5} zoI!6p7QyZcV^c~K6~Y&)gE6u6B6wJ~s$c`q(`L+S16fleeGxNlOk z(H*;TaMz!zbE%=30~oyV{{cV=m$kIY;e8}BjR8T|9h6vtsujmbx}4EKD63BK#fS~X z0t+HS1PyhJ=2zyN&MlAPC}=FK2nf&oqB<&|Dku+o2~dZlD(i?A*>hS5?-n+6{Hp(U z*x5yZN?0?7OwRgfk5OZa;aiXH4gMYb_h>#%7qVMcCrlsGJcbbw|NE)OjiV_>DZh9G zAsT-^aN+db4jb_8(bm-XBGN2D$dh&6Caib8T~R7fFFoA2`qpgpF?j&ulJH96q55pv zr0wx6{Hlf?rwF8yhKB#c#oc8z@cUV-wDt@64YBLUzi#ij>siSnqnMlQj!`Z@+0j0e z2W93R+I{%rpB3ld+(-8j*R9ep$XXCa>>>b>e^YnQM+T&ZUj%NP3qCm&i)=;w%hs38 z%8PbX@p6@#y*bjFI;W*)kKq9a8(_PfS`?jBwrMS7dn6Abe18JAGVUL>w9EFNgy}-* zk5={{*Mm3gf88CzIi1PS3XKYkw;iTzN|}$QBA?Z5w&Ba6Rb2T7k$@v2%r{ zlIV3lZq^|6qrJ(~CGFCdfhD5_<3-IU8hzp9+Q6aZ=M)t^Vs3;FKfiD%(da%gC=r`& z{@1AJ$N)k+gvytqd_jTtQZmbB<0OeCXcz_(r;^!>y-uDpup3SDgDA- ztGn5ps_n;)?B$p%l&KVl&)26!lsX^y%@&a# zCp!0U22dbPmlc2CLy8tlOl~QOPrB7%yl8wtGdBlZQ7_PrUeHG3^4c~Kf3|?*o+A?I zedFhFVtW&qlWxHL2N+ZeL*xj zIcRdK_mqQ*gvCCkit(@1dkbBH=3<{@ii)S9=}zt)ZlA%U^xu0~lL1ZBrHW~}`x5I7 zy;+Cdtel74Upl1t8IKMbbka**E_F^K_y~R-2U2o`? zqGkWw4(A;;)DjNhdUK8pu6pJ2X+OI8zd7qj-|n7326e4 z_Q1zS<1;%rsyMB*cYt+)8g)paT^;Tp6cu~vQg#1APd%1v#Zgn6waBj#HG(YKdfE0; zA4$qc{MjJpgh702(hx5;cAu0$nY=C+gUzy6iSjQoolnnCFD#t)2_>c6#r`ax5`Z*? ziK`oabUc2^RE%|Sb+HR~A0guj#2A~z%YGN(_>^2h(lO0?7jW{03+{&9W_t`2Pn9<8 zvQCb`!)bdXd4gHN26HTU^+71hZn^;c%(KPaGTKQV7T|MvBetAI_7jnhvf$AzU#FZD zo-luK>9O1*@k$qGmP|feKFFR40F1)T_r_jqFrWP?F-vD+Y?KM+g6if$D9KAu|X|E ziu^rwh+vp1lTX;(7Lu!drwG9QNN6p;ag&dV)>?T>TIZPmm?2dG9j`u6Ec7RLFl$u2 z9y(ibfJulBR9`mp-t3jBEdj1B)kl6-tR6K*0@+2d1FFCt2!E2YQ;|rKUA_xRnAg94;!}FO`!>je&u|1aw)Q2VWK7o%7j8sczZ9y7t~unCgm1 z*XyNzwOfk>yNchwZuJ2ENoXgLMY>%CDX?HG{On}nj8$|@6La1q52UJ zvrjRx$YjM`>ZdU&fQFsTu?i=oS$_N5cvshDKeqncIKlf8kM;`dJ6$>})_aX;jIb?q zmatD(cHA7{l`k%v;GlA(#QNQN$YQlQB5jM+7M4&!L0p4P)^u_G*ka20po;SUmA8@mp2*iN7x94se5wmgK%`u^C}hg@jBe%l>U`wBas_FsqgRLMEEZr}Jg}$y!hiN$;zt=!!9+RiN)H>t_judM6b{22>|ZGx5vD16fBPMNV6V!yr1sUM(3jgxfPINJnvN zZVZ)3Z=5&~l!9#~P>k}>pI;z2E^6NZvz_V1U+SEjsLI3SHsw!6_wwZ2xt(uE*clUVfiwRuD-yk4jhMkHXwqzLOcUMF3S@t$J<|@89|eQVDdX?Bl6N8zg+W0!^|b#(fR4s_No4^_*r!9V*&Apymr&L>D&4-Gch_ALN<5 zLrk|}yZA?IxQYnfN(*t}GY#`BBc2eDV#^_?CHsHqEX^$#_Oe)!Ysm@Bf71BEOltKN zx`7T%fV7pa>DA7;jdy{DuidO{38uYkaMs?(9(MZ%Jn3ZJHAJh;=Q@=cVHVg zS)Nx~%ZOnkF={8jbE)|ji~MGhin8@u{HuS5vBZ^9S5qz<^s$lfJVvI!_%-QJ^(`@s zjjGV^vyWNFuCiPw#3;8*{qJI)Y1(NJW?|iVE z@`)?oVw$B3{pX~)wKe%Zp`6=XiAXB*oMzO?5!7>R_tf4@U?v((ZFf37=fsgI1tK`s zsGXr;>*Y*s{mbXOzIrMS=tP|=ly}w})Z!Ug9y}qrm8^p5Qt4Sb(xY#G!GRyj*{a4e zt>Y+__-~~nW#jyqoc?vN1QtNdc#hW{sMcdBg#XNh--YadP1jyLhfQ(-#pc(Y~! zy8uehDbQiK%DQ%YL9D}xwG)akngfru4i!4ne^X8JHCON1mtq2SyW%(UH{UNxYipTU z1XY}bWEWJm1|XHq=?SaB72yT`bv?Ngnu-!bda-JZ6F~MY$mW|k7QbUhni8GixCm}? zbtF!Ix#gZ8hp-HK7hY@vgg zI6%3IY{8DGxG!$e=eq)d2`+}WNDoeE(MxT$)5W7NN=eUiq5xieG z5%$PnxNfYul{273$b>0yF`jsP&73-qH#)~-_6&;h&XEhgKwMitf&0#D=!M~Ka`QK{JpxVmvO)sXtcTw&iV`y+E815Q7;oj5`kdCqy5dGwp&1hT><>zPPuB5z2 zRRAOryU960D0GVU`YB63ljR_v!ml33>3;l{)O&IU-Ck6a$jH?PMPY~Q4pnsx8y@|Z zOa!yrY1D&D+s3Y~ehHrE{N2(dgs7q<(2_6@ew~BHL)y^7jYuA&$@0;zE)&tQ z0nT9?v8auodK_P$911i}uutuOii5%AOqH6SPmR|v$LI?m{1`g$;hEQe2qH{~Fb^p7 z>?G5}hB0ZmWY%m4t0$6URpfYY#bw#cZWVZ7A*j-aut8gL3&(@qQAs;ekTsJN@BI&) zd#{H%s`?~Gp*K|8U93r-#Wbu8W|J*)Xzs1aBj-p#@a`~YkBsAA6=Jm7_s29$Kbf=$ z<^J2R0Gvxw&K`$?Y(4S~)b**ZSz9hptWv$1pZ8a5x7Gc#Ik3^(L0vIE+?;>{bnd2q z>ET|CUDI1L%zC;GqNj52g{epMM@mb!m5QZ2tsx&zKd490nE&ZV|-huim|mZIMUS0beIqwPeTJUjOOgo0M}?O^Yp96tGsWSBAU zF;s%#zX2m|ZhPe9dbb++IManrsi6}@5h_n&)m!4q;7=Q{`ePyJYT;wC8KtV~i>RYOr0j zh2JtmaezJ+aV_&t;O~c*m{aOlg?Tuz2%@a^tnQWRYDlw>K4*NxY)v!HsISNkeUytz z3`p4UIJNiT#n!yyMx}vs)U(CZTJvPK0Pn}F$vZ&wdU0C^x8I4a_e}T#WoYCm-(>*c zgTJIo%Zd_%nFZz>^En1ftXFptyNjAlr>(sSM*i7a+mh$ffeHsk`mKK*r%cz zrQB-as1?IyJ%_0G;@bVe%G3Ti$)y;ei`axgoF?mdT}}pbxE$Uw9OyO zKXH=|wE;Uii!928uB6}!n$jXq;Xbwx2pxB(2Z!8KZxlni;Gh*FW%PYXtRI|+60JR? zSVCeu28m>wq|_^en2^gg-s_qaB6K(RfNk<$BiN1MMfOp9BE_&If5aotV`R@c&qk3r zUuVdCb_nQ%`&i;Dp3Es-ujFd(HY|zc1uJ;;=iL_F8G)DxgJ#(-l^Gr7Q_;$G`p!4V=Z)@Mu)`!PT9a(-0272^i@-km@&@t% z>WoilhS%AhQDlkTyBxB+kCNvha(_j~)TW;s!d#U@_i)5rDI z*u&zrp1OGp)qhG^?$tyd#ySD;=H<{sp`CU*YaE$+Rq>oJPU+-gW2uu;(av05YImT+ z79^K%UatH2Pw|;wB;YcnqKIB*v9tIvK0Y!Y{u?htx7gc!B;L8oqHx)!p`p^ku5?lT z_j4*=4gg(P?<5OATH_a0Yst8Kg|4vq-ct+2jFR_{CKeYKc;93h3#pa@6!ii=e)9Ay zD@8qdMu^y>)JvoRA)^tW1U-b;)C}OU3A)k>%|a>x8G=^Q2l^?WaEr|P8_GJf^yf{S zFx6CiEA=_sJ%*~v0RbN%i#B&AE8q^KJ6O%~-0CwgZc+Ch6_aFG6>csuXNZeaEe0?C z;r;4#h^}iLCyO6;hqNj&%rDY(?62kfIR8aM@J>RO7gZoVEpr~D!Ot3UWR0uUtytYp|We> zO3rg{B?~LE1-T}ccaz0oti8H;#Nguksf&fehD4>B=xITCrU29h-r4+~$?-h}lBvyl z->WH`LnT5h$$JU+sNoET<~2=It84EX$?AH{hh*gj3#7!E{{r9r_ecdcL{>Oe>CUZ; zFBT~g=;y$_n1jx)ITGYk5RT8BF5lhKwPQ%2Gw{vH^E^u@B?5l+z+;&Fot8VLctZ83 zV)NCfGHFToRv4R=ADH$zOZ_IzT<4oANloAsZ@o*QSugk2-Aq9y*5lDGZe6vA1t(U+ zH}fCjdgk>fvW%#bmM)aaKLpCC8!&uz8o=VI!&%|aX$`})wX-ZVrU#5Hfb})N$Mr@r z|Jz}$p1|QDB_y0<{COYWQbV2x)y|5k&k*;yLaSyc1cc7~*(Ow6%riIZy}`sY3*(1&KDrDjX^ zhK?sCx?s$`ad5cxcW3ydcgg%UtF2quK>oPpeT%c(p=Cz}hpCD5zI z#Au1audKyONUG7Aljc>B6G0-ga@7o-Qq;#_iixX|BZKYU!*ak>X9{hl-W${w1b3tC zvQr5_yWT^g6Fr)f&X1Og=)Y3Uco{cN)g>{dwugKNt%C|vSC^N?NyR{x)b+iD3AK{I z6sw3Pe-nJ_IXld6)S9WFT|i%;Wy9(?}!4ZR3$8 zF4&UKn9gnv+*UNnHJZF!(=z2s^T&{5?H?Q0oFYW{IP)>*qLq+V3r$f)6=ExQd~ux? zk_awPWgrbkafRZ`xk&Z)>=8L$*QW_sAw0+&o5{7h%M>t=B-ka*ptpZ21>m?!4AcVV z%-qZW8wx^U6Iy_2shjoboX|I#K+qP72gC#;c}6O!W~s9?e^K*f7hpWbyAr#q8ZaI} z1QXvwAia{x?V{>-{r?g(H3_>x*C|%Mjn%TcyxAN*qX^2;LceQ^t+P4mu&T|PlTR87 zVf7g z5&bM)Qf&i)lYnF6RVZaQdLA`@@}Mpsx|I6E9V}=&_g(`BKNQ;s>4f@BuC&6-f~>fK_;@&om^)sSeq{6GZwoXxW>UJe^L%4)}{NM(K=jV@=`I2B`SiJ?f;B!Xy1uH6U zpmiNJ{(z-C+)8`fl*W6*)e3!b}b4g$2LA?0S{TxkbY$b3Ud2}c{(8MMnmRzIt1hf%1D2t>|@>z8H{q@TcWDSZ`QkX zKE(KL-J&T_O6j5b3ED|p!>FK^DwR8l2tf7VvsSK-Vg#eE8b^}#M(E`j*>E4*hCWE| zeWBfqF7ty7(w7YhygpY`JhY@^oXt8jk?HK>Vk>`+2 zryxEFo5ufcDGi8glS1k0-ZGU4F+z)09iWw#PBv5@B60CwXioY+ujih3)Nj35v-(ZG zlTVMqB`Jy!dGs5b1f{T1LQUMV$Z6siwOE?EeDRKA5mLH{|7a+{KMoPqY*FH)W)|%v z${H6=et#=hlLSHA7RJrqVsb?%-(!IvOn+;de@59jDiB&$O2e^!1j75sUsa+!8%g=~ zM}+pN)NiFOTb=H?^li%~96j3fGfY5-Q>Hn;z`^pB2n4QMhyGp1U19?1!xWg+0+)NM zW%WdHA!jAqxU`_3X9*c!;`{U%FU)++g1UJ}As;JcQNYAtcR)E-{WersV zGby_{3!^iy8{siQF4fG3mCWMb89adnPeh6X0c2mv-Jv7nfrR0} z(c@F$tuP}{t3L*S?I5%*ARq5?*7TJSlRb^q_&St}aHE z^RG$|(bP8x_uV=agz{u;t1Y51_53Pmzcg%u>XQ4HW$?LKq1S&+uDIbmavI9-bUL+L zf-29{4wMBxC~M%-|GNWJA#0~h9i7);3$_{5j<_|Zr`!xCqPl?w^MAK}sQ>;9!GF_? z&MmQ`=x0KR`=1FhovZK;xKa1g=`)x)gA?<{>xuFgK!C`BzVYA*N zGlUMKk;u?mX>%JK6A&JV5xP|^eJeeg^USe04Og&@`ak7!aC^8-0-1hh+pmD7DOKL5 znZH9oqI%aN92^fP)qJtQm$>)yi;&X?&3Ar$?RihxT*~y`J_$r(W#-V{@58I~f}u{n z@+46Yp>}WgS(@fgHI{@OmoV(S?E~fBFfvfa_M|(vodHqs6Y8axBv8 z1q*vLjndIfV57^2U2<^RK48m0!uG+!iHYz8y{z!9mv-Q+d1AZ$c7S%5o4(}_wAV`o zoO_lpT_Z${JfQL_Bi=&jV1n7E|E#axpTUf^{na6m{7*oPr_3DRln2MtEkA%AW`cE_ zTU6>>*zfb(_WT8GcW>9d1;3r`*7h3C+b`DIW2*BnbD~WtteMHx(x~bG>=naq-;W|) zSm+p**-c=XtGsWTGZ8n(rd6q)r?Gc-+A z@u0E=I|KxFLO%q!Pc4@u6eh1*@HMVf{Q7?tq~soWsdsEa*(ECMbm7N?w8(sSHQfad z`EW>Re@cHUxJZCaJCcD|w%Bj&{b^c0gd|(0|`f zgLFpeL(qpjh-bCq!>!9;A`^4iTH{8|eC)?D$J$-nTrk*7UjX{)L?_o@Lwf-+WYe*N zsw;^ID=~Z(#J8qcy487Mg;Xm$t|i^=!*Sw#E!gs&g=tytMn)_z>|ncnr9MEyfv3MrfzB8b<+|I>?D~7tblJB`e z%GQ*yeg&V6K~SdTZi2XoJ2eUcBp9~KXyWzn@YYTTU6G+qqQu-}zgkqmEEnKOl|cx} z0U2>W$FG5!K`7mu%50q8Q0-MWeE_KQ#(YzhCNErpEczd~KUZK>V^$qFbJci~94XB! z!Da7x&Rw$%nnE%r(4$K$t9YXK5T$V!=M>+p+50r%KU#f}LksT%Mk{^$rBt`Nmf&q1 z{_2`*7^pFmt6+2>E+Cr&A;b@A1gPSfVQ?^S(SIUv6+rkS-3=;K6NLd~fNDvbXTy&+ zDM_=1VEn*6B&_uD7K>drt%sRLD7n-h$WSi7IrDaE319D^-Sx?M*tg`?vQlKksRXuo z+)PuUgOju za#Q2|3}SR1>N(|M<~I~v`53V*e4!Z^AeROrmaW&V|jqV?e(@P!cksG%)^NhQ@N20KZBVZgC8b9KZU1JP~g zMNI#yZu7|AkQ^npA9?V-fU$|e`HWfr!(n-_o~e7T!FY2x%e%?u z8d`ZRF)R_Jhywa4`dc`m*I}18*~s}XD3&iJ`!+o5AWIZ12x_u5#1(#9#|PC8cifeP zLuAWH#p&YI@)pbA*dVTbb1+>vU~dM;qzG9>WLHTFb9UAd@ld*R&^t_`(k6QxWV+^L z)~RJgOv^c&IF3R7WaM$5$JN@o(b6v%oAVIRahj-#O7iZ@H^rCTWfl*BN4}?vD}e zS9dVGkfttPg@9K@D(aqtSd2ir{oth)s|WkXlXsTaFcPJ9``ssQlXz(Bb6|V4 z4`qGSGQgv$8I2QWS*c@6w97z^CdG+~-eS`j6saje3JQ|VIPm!cfqmDcjBvx`-=~pV zpte1Dww^6E{yx!27ITAQbmvkhaLlhvtWD->mhboNlvJ}tEUDRFEJ`P61w3z^_K1@U z^?7rY@Jf>Y*qK*59*jQ-y5Vy_zq5jMO=v5bm-!Y!DIg-g>xvm)?^1N{lj=M+>vxmL z5qe?BFwE`gS+)`m-J}S`1m?AH!3e-Qr9(Q-EqM#0ELqUGRFio{ri&lx;sBu?^}D=n zmx5w_g83pZj@*M+_cYVvBVzEN7=cou_SC?Q>d_f?eCKM<=3wI{>Mjt2Gi(3;TRl5m zf>$H;L8uq>S^FCYc7CY8J~bYk;Gi+C)#q@3eSe?2BFf{Rff%NQh6!>V%!O-`yKGRk zE6y?w-8$N()fSni7M_>gKwDa?3Uj*!U!U(6?W?)BT>n$tRe%l1v!&N6Rtd?05wj)! zY>uqeM7#r_o!#Ky#%#WV@+6r_NV-bHBzk5>TAogc?^~p(r8B5*Yth|hvzRvn82)r} zboBQQy^^!>C?`Og0UGSd>ymNXS6QcJTxff3vMq?-sLnF6pLRx}JFq(O;qie=zBY4_ z_0~cF`))o68VW&x07oy9>?1kTw1Op*dY<_+;d094?qe+nebwwmFTg%GITF#TuAJ06 z5$>BN0EnFoCzEj=ZNpQ6e2cEpxuSvYv!K7f4aZ2J;&Yo|Nv#$zl*4fPjvHMRh(e$^ zcJ%I>v0jSjbNnja9Ban)NH;EOZYBYi_ps2}K|dm}meQyR%A8Bs{e{@Ya~w}iBWDBX zy|#owzAg~Ie0OyC&!1uNPmr_Vs*)F);cJ{{n#ZAxd)_SUPfr!etL`vhx{WH2LVvMg z6iP4Bhc-&fWqScW^S6{SL7t^(I)lv$t90gU6d(zc$A&R5f>R+Fag>U$YqHXf!Am|x z>?jTHU0!C08eb{*9PmDCTgX@O}UH;_7baORJ$fpOv zyn%U?EIw`-GUPx5ILV%FpfZJiA3OcpPfhT&m1a?^(7(d z_of<`UEJi4pGENOLP)_?X(%x)ane-cUVB1oGwx6)C3lh7%cY5#IxKpcyKBv`p>>%Z zRq)tD$qahU&Xytl$y8*Zl@|gdpl2#?S`-H%`5W?93Kq~%A<+l8lh(O-F~&;}zFVJR zc5JCF8ovTfuPdc9idHv`AZ)GsxdHc!T^8}epQ-u}-XKiONMqx5U$;w&zBmd_tf7=j zN9}6d{xicisK3~3$e&ymW?*T=V~%7;XCbmMC_yBJ7Rfh|-(sAx8Im;E{Rba0@DSK) z?{<6_C>LgcuuHc0Gc)_=oJ42*WuK=4pp5oSV+R93)J1sWp7r|HT2kb!oU1r%)=8TWKOdKi2W<6>eViqO;0Eb_?3T`?<|?3 z+8z*Gjk}bJH#@(|p;a$~%(y8V&b6k56e7-^2QOwQF%HOZF(1b~wh@q=e^{)Y0V$$7 zhUtrk^KDLq28wNw05^jlen&ps*CyAXxunJYG>eo}ZBY)CS9T6~)+Ks1cWYW*jXB;} z8TylRKHC~7A%GhXItET2ftPyAB}oi~u~x=>N)T^iD%x*`s=(#-G0xbRzgs)yFXpC@ zwk9J9-VtCVeiub#^2j1}fFO$HU-xEe#p?lx+c5nr^N(8lkF^TS5kC)XtI4uTOettD z|4lOPQEMhZI`KpKyAasxj1^vp0)kOghI0gP_RH0^?a*V=ib3lQ3lV{;KVIw3H|2UZ zmuKiMv}e&sjdc-i*E!pZO{>aA2 z57e@|$v37;4K8(5w3nQk4%#O(PsQV+u#)?AZD7ByvvJ) zmzRK=bP^WAunLJBdAPNZP(z|j^;O*Y+QBK3gMPtGD;S76GPqmoe@QULgX@!YtTe26 zE*xxei(wl;7?Fi-P-@?rEbAFXNHUm|y%cx-wIukXnjMWjfyRNW=K0hGq-H5A%tQ=7 zvWWmi2FaZ@lzW9S)sD+Cw?Vv|7qN?a$z`cRvf4L2t1OAXY{`ALJR_p&)yJpSJ z@*SDvZpg_BQ7MDRlM<(*#U};>AfsKZvep>Hmvq95)P!C! zwl&{1C-u&jPbJE*ZzjM%=T7E}pM|mZ@;MblKO1AM`blX$Va6_HS3|kOEuT}Sjz$8X z&nVLoO4;X>9%8^}m0n#s!@a2uSpIs<*@65XYUD9eAcET;+n(2>H|OvuoWxesWKqnP z=cUHh-GXaZ%%E8JI!StM4Iob>ah*ui*)h(Gx;K{Q!=U8>#re?c)Pzg!Tn|$vy*1!$ z`ZghslAMCrcA#60Q`gNIcTZi8Jw#t35Q3t+y>nsiHjl6aV*)3P8);bS#^l0_@6-i^ z_;i4aPI?7%r_rC_Z6q!62gAD_t-p=m7prH}DukKyX`w&3w_SceJY!G@UuU_i*oF$@%+tsg6l zA8srbS**ojHS}Rhu%xaKJSK5OZw6<-5%iIKA*TxYo3-0U^OZukae{EzJEB4kzaCw3!RK{$9I^%RPHYe^@RU3OP7Q zqmq@iabQNfY6|ve5^MHDG|Kk{>94CxP6|wfB^ffcGY<^`!%q1oLx3y2bpDLA3Xv_A$L5%?)$DMO zsTDsSb+KOFIqxv2#lML-q~PopBBGs}s&yqCD?;D`P;} z6*cr;C6R5hDC1RRVc(X-4o~s3;)^Gv&$UPYuY=E zf`65mROhCS<@-!>Jsj>gFllHNZx~mzrYW_V$VY;5oT#Zv9F1J$i`5y{NM+mZqFvv{ z2j{PT3lj+#&AGXUSaWY_Yb2AG)M)}?36?7V49|>yUsbGv6sdEfW0;-OsHrMXxM7}W z-h(O)p$_yM37scDn@7lYjN_Bg5?}=C!zz6K9TJC2G1!Crxw`4n0WeD&K2NH*%-ELx z_&KL%p`A#eYxEo(B4L z<#2SbWK3JIK1hOBr+^?Xyt|<*c++<=D?=Y?|BC?HY9fJpbC>pwXvlHnhP`&!e^k5u z2aG9kw7ri7im;HF7L{$oTHRJzqzXFL=7G;|{O}6cgjG{@Cyy7i1LT{K2kCHS?Oa`b z?5=lihv;cgvscRhNu0d+i@j9x9L@2YfHIIal6orpda7yIIIzanM$IK3_}T%c6mH$| zTb1}=4?Tgl;cX{Nna@MOKNi?uZVPqq(1F%{^bL6GpDJ0UQ3!M;tk*Fiy56GKYTp|h zZ|k@JE5`uv6y7&jRVXLz^S8=$UC>EgK7vBDn#LL`1OB<)j99r&Ll#}O>~XFKu?zZnJ%Z2@R+EA<s4Qs!0QWt$lS^0RwOgeZ@%&|E1N5s(=MSg|ub zBzmUuNZ1Z)0W@XW;Pd6pyq{eR2PSg+tW)aB=YHYv3*tq*-1tnzgi#7pP*z#xZhLF* za>7Is53Oes9w?3;XJ~LKOb~+IFFG(>dlLMMyA<1sx2%nsT zyUuvY?;dFU|HdR8JjN`du})vkA|MjV`oQ-q9|}udYueFaIDg7pM=R3^_f+tg&-#BrIHBT3P0K(V_-It#5`m6+{d^+kFcJV$%NqkvQ`I& zda^o0*-j1nuT$4LgrpPeUa>)1Duq(H3^WPmR6CudR&}}@kzV+$_o|xW`iRB1!ca=O zjbN?7pCnof4z$!c_}$o-QW-cZPE0M-nRi|9fm=z4YHW%Xh5F{P@VM62X%hXIq`d^0 z&p+L{egz2a;ZF`bWbtj8Mz068&$91O-n6^j1i#(oMn?8SMUFUhZ;DPT2C6ao(gBo= zSN#+^(R4d+P(Ij41NkZyJ-L(i3L4;VkF^&MTGJl=hZF(25A7%x($@?j*jF&R9r}9_TarUJ$=2HGace_fg3cGI^kDzboGy53r@fuwA$-C8xYYE;7SSp z^Z{!j7IHAT!v$(C}Yol?$!+1RAQ1G7W$+2gN!x{>^4SsOOL1YE~F>GLwt)#CM3Q>$#h@fu0os9eox2h-p8{ew^#Z@gp+( z0!29CWMkS8aXG(RBP%TCIMN!2fgbsP_khik(r{*fNm==XzHOs_DbsvYdc;MCo9^juiP3^DGKCA zFGYF2SM0(w;TDB4H4E+0ciOV+F>c7;|9K3~`5j)7<&VFZ<7fYt9vRVDe#=WNO2(lG z)O2u3&`5oDD$v23$kS{-77E`ky`#jrbQMNMT{jtG6)-8tkJZ7@XN&@Y!nQoWfmF}T z(mcS+qt9yS3zY1#g!9g5Q}dbIiyPUK);9w^^}AgeAp4Y$3Iqxr)d=d)xvq`ENRB%& z%d$4{JqkSNA50oVa<8BbVI?~euv_=uu9H7l3lK>tDMf2UQ0>q(f$OoPt8wq8ikaC6NrS3r{1iaZUUgt{UaGK*j}1ebWSbRT z)D59(_0fZ6CJ4Z{Y?-yaWMBX9|5^3L`Sz93G2V5;p`MI&Q5il>*04tzx8ANUt-y`;b~ z_>4(D%>tfBYIhYey`3eC)#2lNn$k5=WWiqu{$mW3OL2VyFD?=6{PwJ&PWI!%T4}tR z%2Pb7a@XR3jydk?~wL*Ffm2EDzy3xVsMjMZpec7b=Fn^ zlKoT9CEl7gkil*wv;jf&)rUBqS@r|hHZHCn{i(MY%|5 zcleqM;xEP3L=c{&!37%Jl#d4QNq*mwssY}MNM`m+$O<%s43v(ZW% z%`3%}qO=^W$OyW~yS{_m1lbo+Ue+YAqxV4Xzt19>5)SGEt!iphcyXSqLh2#oHa4(h z(ClV|IqJU>6U}-v+Y~qyE)iF7frt~x`%S91z!mMgjUpI{0~&x z_?iFzo}UrWla@+sfEbBx79bJ*b)p@9T5`yitxC3FT$uoK!Y{JL6cH?bk?EYX4$__`ZNU&X@SaA*%y z$EE9Q%-2ikr*~0D?HsmgTvEQzVUYFJ0n4~n%YODbuRM$_8rb1F#P|5_xC`mP+`)=yFlI@OFV{VrY2srcBTP45=x1Ij zOL@0BaWfm+DRLG;EX0O)s=ac8BHu#?_1f*cT0wdE{@b>8&;n?~w##rBe%!(06*=M( z(;86PNhQj8Q@&-su+x?lfh2XJ!S=1Ff2P>xjUj9r-_Ofa1a$;%2rN`()C&}sup8a! z;6vxTnJK=^AkJ0t3vuWEJeOW0ESPwHuxo<*zSO^JMNR>iQMPsrSG>rF7VVovk(zs? zJk-yYNeoOYEmNfnB@BHbcle*>`J8dq?@AV9@YLBSs`#U(JafKhed+f2|9+U*Q~&xJ zyr5H3E`xCmBM~3{W{tw02Atd)u`XS@rw>0dH62hGrD#CE^XV^`d)@BXJ2bfPhS*Rx zdALv;VaEP`(1qgdmW~{;|vm1^{^LT2S-2@QLGqFgP*u4G86GpqHylSy`W65k6awk5PM0 zi!lk^nH3W(W5eoz=NR>={X&;AS3RW1B*#CtEJh80#0Ve7QRQ&bRlOP}**!)77S{$c3?`8#6ObJKqK}KvfBf^sV2>A}a-Dd5Yg4?*vbpz@ zD7#ncJ-f#01j*XfDYCj3v7B!CAd1ChxGMUmE_P4`tQVdq`+A zIT+{jJCHq$TQ(<=?AbHU!V;Jf{FN8VnMI}S+Vnk`F3cXzsM`Th46C5X7sxc?GUJ$H z9i6t7TVedSZ)FbkP#-yh%JV_ zu={Mu)H)HF7{^uHca?>!`At+hetL$+1r;6hb}9^ZF;up`mSE<%c1hL==q_bZmmT?6 zFNh(jO;kzpZz?jaAIN1oG~gDce@BK!l}65iRxSC~IAEfQ_%+cg!HoNYH#2LIqJJuf z$_e;Ufn>vQ#|lN1LH2r?kMv-p(#;XPrq`^ATbDa_NbLj|K&JOFS%lEzzyDZ7pM058 zD?KBz^<>zngzYkU!mHXaaEQn{6X5rG^XJtjAAuuYG6|Ff68Bh!xN*fiR_~%Ngi)-W z{^5!dl$WRVd43!Zk5TW2cQ`L(q&Q|6`;0^0LT|RR#U!QaMugk?{ zRgqX^B1*-f73Ua&i>8B;@5=I0TT%YwfAVGl^0s@VKG=J z;+8Pbv2-)kUtXAcwopbT>)jC#)e4L=X^i}U^4j`=sbQg;EJijtEoAteFnSx^IFD`* zcIcQ&ZXCnc+NIqvFujkP1;E>p+zHX{Ridv~@SvjTKO9U-08CbVm@t8o{4V>o(5j6h zPR=V(Cs;vmCiRI~nOAeHc$N<2kWrSPt>5^CE!RRy*HqwJd~szA6TVMfu4vwJj)YPT z@Vj&>X6E{C8S0QYlb-+}W%sd`u9)@PANHt6QjFG!!AtxM+sbf46;35$W^eAH(kG50 zTx1M5Hs0)oji_-_jPk)mra9wahTrySio;563I-nfSBspKk;sj#FVGqrO=8N=~0 z2oH=tZ;N9(`GkpQkb*ycO=uJLeLWRtU>_Xi-GnDD_)sJybdIoaEXwz_LQ51#riome zVf{C!%~-xdWY0t#(jeVwyAK7uYRX@)i28TF{YP}V2Ebtkdre0=CWyNbCqw!AS1-={-skRI2` zKrTr8M|3HgdqyTj{)@2-|9+yVarep}8oii5SwG6PZ1zxNj%Y=6E#A z71(z!ALP7bxXyy(>W#DGbO0r}^rZEVglG!zYlc5aZ)^UBLIg%1O;bW$ozvrjo&Que zfX#b^ghJGEaJzJ|x_Hec02CkRhDcd6glY^p81YoIeL__>p1bU}_L1LJ#`_3Ff!rYF`Frv{!Xc&0XW4mDR zGUAl3KAYPTt$P z2GIHesHv+Kd)%Ao^&Kfcp=6Phwjf`!;8XdV%wt=wmxbQ5iA#Ky{Z|w-PAlxUh&Ykc zUw%@Jx+IEf|3T3u(+VG3_*~QmIOENIv1$5wMTlgj$v!k<5-^_e1tj@y8Y?j6H)k>G z4q~ltZV00BxVsxUhizOCLy|3V`PoPa#C&mg>?*6XdDD0n{=Viw;e-LV>;xy{_l-=8= zMsys1V`ex|-W~=6=nEZosF=nCsGQTG66uuRaiz>{KXT*$v`*tN$#CvJipwUU@AeDU zf0}kvuytB(7n4(VQiWWVK!n^Fl+~A2P3U^jj3{YAO*x%`43uD-|za;mh<8YwDUaW`JE9ILU8g zR2~d7X;{1*dxamgMFj32;f4V@V1lU3V@f^wVSoftzTTYJ28e-DPj0{}nP|n74muq(if88Y zyBhJvYC>hz3Y=`SNgXAJ8FXZw8edPYBU8jZJfFwR1S!j<{UytmvK8X`b}%a0NTL8t4R|ud4IsrV#s0N4m)8IY zEqeS$rh3LhlYl7|Dy$mjkWJM>uPoNfx1aWvdj(H3i~4&gl$bq-eY-|}p`V(QMh^T* zu_#Zf3c3Mc)wm;MmFG*udEtsxQCtD$S3J;O4)Ct1-(q8ggpesv_t$@0DSMN@ zATp+NdHxFOF;W{*n2QO>@)^7G-4uYhJa33Kp^I)aTeO2j)6DoS>tIIU%g_PlINeFS z_CzCYhh=t4Q}Vmo0}9>Dx8^e_H4k$bBCF=zNt};&9iF?t#n{9JcStM)l4Ml%uwYjd zqP5sVh~s-Kr$B_^q){H3S|@C3*^P|@roeQn=WD(#OTML!e3#J~RAH(|s+faHnIVZ& z1}%@(Ug#6!44T094qHm(hK2rQ>|G>ZYHOu0YOpI>qki8Is-$WNyJc<{?IeYhDu9w! z85wSUNdZLPuC0^=b<$5$SR}RDa=AulT6%9sxX@=rTuK4a)T5*AxS}JmNJ1Hl;`VFq z!SB;2&RRm0tLO#0$l~AAevz9>^UCQ+$Px?<2Znf$pbf6s4VAUlKIt`tj%S}V$7O`c zhj5UV!QF549WHm;&%P1eOf0q@PYr0gjxYnqSxse>8AG{{cd zRJ4wqq5n81XE0iT&=*4mB!={Yl&du_^*C5hX73@2dS{@7d1E20X747RbYjJwsG&3p zs9@`!LMdpxmqok=LV))ho&p)OC~1n{Qv@^U0AW)51Lm;ScG6T=cFvVt;r}$kytKV0 z$BL}JHSnZ0EZZTk^VkW+Ge) zE5`Ulna3sG3rRn55uN{LF<46$D0Ge)o_GKwU9O@AJVxn3W7b|>PqDCHHZhp)E5E;% zrL9eMk}(G+@0G>TSf3Xf;f6_*zj0x5ttnaQw+2o&qDND)zAWEUx0j0=0kq&m;4BZ9 z_=McadNfg{v0Z>M3Vn>ID9y8pQkN6L?CWkI=a_4PKll#mXV4i>2X<3Cy_=YW0A6YW zfR?LuVkyg7(ks#MZ#GS2_F`JSj;riy~#2iDOv86zXWu~)d4?zWOS7%+!@4;=B z5FK$F3_93Qzxx%*SDguUtmC5rzP&&pxi1D$xwNE}y4PNx>i|Q&vS0&c{|247AetL= z?6zNnyk{T_?VV|5Fk)6W z*PFacEL`ZPr?OOw_8E9kX0BYn|DnN7UTXEJ_Uxz}PgOBMvqu;BlK-5>e+TSzvMTAH zN70+6Lq{wJSPg)PPrQ;g+!8~+Q@DIDhD9x^p?>X1uELmIr&J=}E`C&$&ESzGrMT;~ z`#~V%{s$N~z3@smo&*7yslwPoE)J6MCEg#ThOW)eipjKl4|5G96GC)|jSyq3{aE%n zOqXfpu{xbGn?fvh+>&Kusi+LNVlor z(Q}Z$8hfe1<;;a-AG}%nS$_>Ykmqp1RVIvo5V(#7A)dUK$~G23%m5Mk;?OK-0V9;! zLp)kI#5WrPRM8qN`KCwWHb_n}FfU-d=&>t#Atp5y#saFW;BcT$@LEH&KY(Ej<=(4 z?1`EpA#+YC`AkO)4nMx2j3Q12YN z=Z*$?KIs!q2Ss^F0^7#NdegQxUHWN}bb3i}$>#rL-|HU#)}K?czS+CAM&kWiH#&@v z!UDHd$CZu6047lN5?xR3hBxzA0=rHqJbM+hjPM_%`g>Navhp1qBi~Xv{-hG5>RKM? z<(1(-BojOq{B9kYAoyw38+PvgD-wXW12Zz)l9L; z<$Ysg!Jrvp!RJ9B?F#@oJNh#ckTIo|kW!q>dz4Trc2Eob*YbI-{A7dYUaR61Fa^}f z{3IM}lKD{bOc+%$FYU{$y@I&D5AOv~`QW_mc-O?IKGL2ng99Ph1j3iM0)9RO?cjNsT=ujvV3Sy~=*9_Pf#$MaV;YN50iU&GE#SF?Yw-I}ovoBjPp8p5Kx+ z?PzchvH#Ba-mY+r=E)r%-kFge6)&UaTIK}-Fb4EF;Pd0*$clW5qj_nWp?1`Js^5|4^<#f*BxHmFM(!YPp{+^)Ds&z@0g$sQk#b zOB%ckGw$&1z-b5gXSA{Q%spx;nnH^@uc$xtLMyjk_mEX50Q1zOBY`JN{p4T(<)u}0 z^P$?@v_fiu%gTEdC*&7~2Op^f+WFjHb)-cPPy4so7d#xJ#jX}OZAuMgD%}rmTQiyd z8zGEL`yUq^nE*#B$djh!0rSlc=vXYRL_f1JqSIQKsc~UM_UA0katDJD3o(Z2N5&DM zGl9SrD+efMe5Feq^KKsK4JwleC5rtSn_?kOqd)d25}%2ej9E-xd#oWJ{LkfnrDO5o;leN_pF zp0cW$R4+EJ2`j?wSm@IoAW5Fk>vo>zofT(?k**?zR~~8`J>l(q9y*FUZZ+mYKx`u( zt*`cdYTR~@y1trgGH=ckN=4pBdK{?!!N_>$L~ zW^`UAbBus+&^I)sUA(4&Z7;zd!Lnp_;}*&~=fJ$NPwi^FXDC|Pt}KKw_Muhi=w)?> zyB8nyd`4)nuuKjTUU4xo!8;S&?Oh0GEN{3{9QG*%Y*?Bkxd0?Iz-&<| zP{3(XX&*MQVHo_TGsdK7VXO&1`TQDB^Jm<5R#ofO?$KXLT}(X`h<&owP&12jUzbVM znJx3d9JXB|TH~Ut+MNU4%)o_z0(8rwrO)?oWLdOq{g;D4|0(5roE|bl5L~9cP;tVa z5pUC5QUZ_(c?M#zp;sqb1xKVPm1^CZVFqx5eby`)VSm*?!QPj{5Y;5T5Zq+9a1zst zWG;}10JBzf@k=#QVwv9ufOa=#+j1a0+t~E-%Xxz zv#Jayod#l__^oK#i9s_ApkvZQ@R+-3QW_?NO?x|TABIHF>~PV=OOtisv)GeCp>5@)RA)S z=8WoXs>@EG+?@7k4DnMwObBq)G%O_oYY?l$s<9{q1~T;{K|6w7DJ|-Dinj^h`+h%| zS{hb$1`HHqd4$LXpk}@a%`eVRn3bkK*E?d7=Ev=wvg=Xw^@%b=lBtT3azJ~|iqy;o zqfz`Y`Wk;>olP&~I=DX_Sb?#!esiCJQlqDEnpb=A^!0rlfEG1a!K#m(?rgH8Y5=i^ zx{@M^V?Ftgvu<|b&`R>ejj{@}aN_&CMi9Wq6Xr)jbDz}O#wqHF?NY&HE88|JW_@g} zL9zW65OcE;EJDk%9*lP8e$YJCixJhjqyahJuW%Tdfy^dImO4pXZ+u-St^hVusd`sN$_D{LW@VC=Dc9Gy&`@akyhlwrB>3vzEBb%h)xX93ghmevoOS1?ZSi4Wr{iET!OnWQCwnK3i47g3R@6Vskxaume=YLl_6jBkKs1`y**3 zd=t50EbEg8A2FoyW^N{r9qUKAblgda)|`6?t-EH?7cAY&+q(-CASzYe)dnN6(Qjq( zGaV>9i&az@Xh~1lfE#ybg6mWZb&W~@Q#FZ(&D9_gtO$|9Xc$+_SJ`$RWYueqFoX1}FXt4hhx)L=g07p1kwPpn5ki@?Fn)S(TFW|PGk1Xl94#x+q z0jM)X@r-8`vdRrJB$$0~4Z=-RvvKffuQ3!cVmc9aS=&JpgMl?#1QOyCKy$-ff0mMA z2;iNA^&tO;s(;G_1M$AEp?^%$b!8chnhM5XFx3{=hj*1NHF|?HQe4T)DWJ|5mSWBn z@p>>oKPpcV{eZ?Th(VUw7qj$CTfzipBzsK)vUMQTrX7c(GxlbN{!F73_34ysKHOPy>20 zWt)WGUj!%v+L9tDA5UWdk|Fy$>u2qK~={Wx_9+M&S%kx5U?Y#m{JsA(< z&2(kTZcN@qC9RYeyp5+c{nQy;%`5=HJUk_Qs7f4IRod6c72bfMqTxNu>1n0pEfy(+V z&I&8H#A&7rFb*3?-=J(20}=eX9kkZT@mwkX>_0?15hQ)Q1Zw2Bp)Rge3*o*w=X&Ud zp=_c{7Rl|QgovjdsDg(;$C`1CjFCg$UT)DZzPQdCC+4c^9e4_j+`|2!|8avnb`D!3 zWT@I~kaAviC_d!oe8UbA5xA_)j~6OqGu#t}(!~X!o%Jw<$@qIz{cofqP8pt0>k@=- zQ5%UCf)UBPT8H9VRMzM>BU`^VX554N{b@DtYo0msGdf(cubf+RAjPlH$*Y^%#>um2 z1Q$Qmma-#+H>S-%6!>QjW%02KQ_PElqCS^z#mzs2E0`_Apm{njq_rDJNCj)DgGA7u z|CSSEBve~zjQOdQ1W+iFmrOoxS^&_I;CUTRm>EEl>}UGfS zkJxzi+~W`MbKuC*J&!;_vx)^_X(DWIEBSzHYpS-_o&&1>=Axst3?Moa3L8Mtg2SNZvo-l`RXdA@4nE?PuwDgMkylze!Lle7 zU3i;=@e&6iA@r3wDNh&0laInth3 z{i_^WKMq{s;aHk>T@S>vi~3N0y2EmPHn-Nv;>i|&K=xE4@y5M+zkC@pzokB6^FZ69 zs6QpGE*;)i$L7q$_iI*U899QhxGg8Y{TXDx^RQnnzS`=&E5E3GwKcrPENu5we+cde zY|?SyejpljzDwyzJ_&MXVm!xPxG1kpt)|0G&H-)cOj87B>PdE6sA9XKQ*18nU-PwT z;CzP%n4|@|!$$7FeQbvKRKN*})Rf$t1hDC!lt3nZzb`UEe`|2c$NFYeu~r~&2js3b zu*7iiizV*GN}ZTea#ZXUXQMV@_K;l>XMQDEgKb^#1ySGSi^JJWy8YzbNmH$6aAH=3 zy&>fo6x^eEfPC3nF=iAK;(xjh{}bt?KPD-@QfWnZr~ zDp;Zcdf4sm^Y{CrS*=&8d{;9|^|fk{nf>hn3@>AnmuWVrok%!XV@cV*=)zZVby9q4 z@J5y>2)hUS!;g68+^ET;ip{eRYH@UjiCmsUsm(yVSfcQNW z;`NOPLSrHPSBqY@pQfU=Fc)R#jEV6TYiuvEMGE_+OXj|~h;9hBiU7iG7}gJl1OGy* zfA{@y+k_y7h;qg5JI4r)7GZ%k`G^EitykQLgtR-Z`*~&p*5=%gUgMH~y!4ex!Y=L= z4sHp2SCmQ{IQ_XQH;n=7$hC02ys}R`?ddAFGNxF$P(qpS6 zXd3kjz%$L(e%lR7_{aPnCQb|t1*|H=!REjYZ6mx+rB=NhJPtr!(itx|D@TFp4Gcwr z_gV%rg5-R|V802&Hg0L^$ZnctNv?m%VB*jUr9P?EJ*9Or3Y!$o$CLYg^7xt8C+{{H z=EB(5Cy(>+yxE5k{QJP7!LnZ0xr0=B5#3vpGnY;>nvlq)x9I+1lxQ`*6;+Of%_X81 zPgb;iFlPEbGadsh7q`MF``@JJuo25+13YFVI)q!g;C;{maL$~nN#T{Ws6RM!t3RKrjR|%o@&%q@}bPvQ_Bu z;OiiY5l(N^&3EyHJUz~7OS|}p#;?<8g3uPwex{AbAajlRc46L$1|c5D#9SuvXGMXa ztbhU7=y%7r!snqH$4Y>VZt8E5d1#W~Wb}@wscxVUN>TJ6$mHoGDGD%6tXM=AeDc|s z4)s|n2EXZ+5k~Fm(?}ICex$ry^bbBS^HV;~+S7#EpR8wJsuZz>;kG)EaT?3mkh7eh zh18ocAXohZB{r?&%;3rH1jzjK&La({eQ=AU%7a!yTxYkrM^j2zZZ}rKSE0oe&TorxS zVT6eQgA5~^oI^4Hg>B`F6=5N^T6H2IXmLK;v`=OpEX4vtAbn{I8#P5`Tm-nwNah62*j%XR4y{Dbcb%Y;3H9!;775-?_$okoL+wtD-;Y+9 zP-8$$;O+j{<(IYzSI9E`2vf-dzGPME(6c#QSHnHZoA?xpMi(K1TBUd6CnmeaD+}Xa z=0Tq?nK(1M2Hr1YBz@;xr~){JG`ER?t;EKvyrtU6FI_k|4rtFNL0sH%P38M=Ik113 z1#=H%Jqx^PXGBkHWmv{!#95lH(eOAbvvIXfM;s*J8^Vj#9|qRezH438p(DwTnP^7k z>pwePrCcR`9h>3rfNZH8@~k$F*D}?FQuaXVQ)pD3N+BZNZ3%vXepYrPk@iD*@7Mrr zdUQ3+p<~6Izr;tIjj9Q}n7M~Ts2pQSQYQz>5+8O(a?Y~Ix+yk&Z8aFx>w)Oq|BOA! zqYhy2P0kY)YT7{oaFp%EnA^=T%bll?4_t$<$CH3kmEHh73aOc$gY?e>Tbm5=2dOwd zK^`Ftci+D2;RdOTPv(NWMC|HZf@CakNpY z^(+68>rw*hvW6(8nTV3okN6F?u2JS4ZC(f?L1ceaZNr>KslY+nxrrM6pP3j*7}&nC+iQ^*R@8S?}>pdOTs!`TIq2uB8%m9l>$jlHNeOg$Uh2qtk~jI^tM z7a@&~I(zm%c+=)}HT8mQ6VuyP5u3&ebuebM;SB zJ(h+i{hEwB(bFR{m6J=E1Kw)8@0=S6MJcd{mHG)H16quMl3Xd1RY7zyFBeKz;NQH2 zk6fKMb;VAJ1`%LMSz{)mP4dO~ws!lL8-h%K)GQBMjO?P4A4j7cOD){kJ=lL3{**K# zTH?&8aeEvc>c<0zJZlQp3)Oh2Q?ap>upFRa#TX=7LWM`y71jmN;whLVnwTi1de;x|` z8wafxJ?Z|qB%WAH9!hAGd#lomd53d1A+E8Wi|SSr2_dbbI%RgpQ#!X)^!bMyNS)M# zA2zD!SenCh8*C-I=Jt%s6Z?3C%*Dz1*=YNbcU4JM9*`YL*;@((=E>}M$hRgafyLDJ zhdZdu*9p(ezDpY_85N3vq0dIf92?KSs9Up7_fTH}>ZQ6Y<l&@zXIh*(bq+|l zm0lEs@;oqW3vxd|Y6^7PL@#`c$G)1-&~*l-c+4}fFBb+Bu}1+;6W2If_>6-sY7f~+ zBCq`(p%-fb?9E%85X!X}P3~sA7jvHkdCwn_eJM;>7qefv^-ahbrV}-Y;zT=;7n>YC z!z&7@qO-~$jE%Ok%?j+}_{k7>KjWzt#6dsG69_RoS$t`GM-sI24+&M2ZNm>x))$ALVS~=8nfdeiuEv;{IxtAMS-qJal89 zEbKBoCD}-+NquN7EVxoK$+^zY#Ff)=aj9fDKn}WO)Ob`0kN8AF*xnhy^ zCIL}_)5WuB%v3N-=hg4$ADc^qrwD)4j2rRkl^X*qroQOoJ*m|Rsc*B|^QwGKwaM_t zlXlg-Rw&{i43QT348ax9zXnl_4b1F-!y?QfkMZ;3jm z?%;O2>t%mlOl$$$9l~tW>h0uK?TpwGFVqL@nwiCcuN$&ezV7EX!|gmuw!E>_Od8}? z=|kr@UGFd;n( zZ=N=Cm+HmsqQc}dQ;HXHys?_3gj&$)sII^6E<~()G!zBIJOodJc{=!WP`P1!u#1{gK5P1CskPt_ zwKrg+a!7fRogZ)_lTl*xs)y!Qy>fm*aMg}a)`EZ3cxcWpP-H$I_Vs4lquyZz)?ZQi zT08_WM5|3<_jW!<iMr1k@X`eZ zb=pFyzJ zyC&%0+LX)4JnuB=_Or&e#zv+Pi1X{Cf1gV#7RFx^I8-#TxP>{|*svKdbcL+_?|rHe z0mHHaMxU*bBnUJAMPrR1b8DlcLbo)i@@0o$o7pj7ap29Co-=CRRMcdDsT?tPmjprM zC|HS^ZgbOpl>Lw#H4}PtawPhY3l2fh={S^6KrNA*!_K_5TgB;&LH`tL%-k_k@cQ;4 zrQxcSs}USM{3laJaY_d)@&00I^1rp`M$XX$!1!vxajC$5U=l9rZkTuCqWa0@R_f?Z z_{|f71P(W2HgYhf`iqe&qF&h8g5pB>qm{&HIq9U#Gzh;IcV&-3{T(YTn}4iE5O2#gq;W`;Xq2E{iFfGr&L+BVB^!4)#BCKU_e${d!1!sh_ZIM&m_B$#o#+Fx_(w)O5GF zy>APc6jDrNdB{m*;!Z6}t6CkuDe1_?d@L1lr)x#?dS+EN^?&#nOWth&GNo=jRz#}G z_QV5hbK)vg>i(ZKCr^LbmgpG-{I*I*6~T-uYa>mI1iUAAlsZ z7pGE3Nh^AnE!O!w$i|5tz_kv?GT!q}U|kVX{yyTFi1+=pur5T5Xq){gVd7u(?yTJ& z5Mzd@8R`-sVPQ#;wlTe%KQk%+nxGf|9IsmojVi*7&LQheg(tk`MO&MFXWp`1Uv8*% zn@myBRCWZ`u6U1jy=aU^J-PfwM_VEQ0gM|}vJfB6<0(%s@S9SR@#3!BH*rA9QRIq@ zKr^UCO|3GBK}>RvHg>w$3f)Khp@IY``$aF3yTinn0MbEL}^0i zwLK%cUAmzkrP%?G&qKBM5bM_!hu1bo?H6v^B?L5dksj`u2t*X3^OFoGQa;h?KgKzZ zbrzN6Dd7Nc^KoHJ@#ZF9$9;WGgl_9`dHnmUjxvq<#b96GMO(wFTfzyikaBTBkf-2& z0!0%q#)1TdJz^hEbki=lXI9v(K6$x^hF-jXj4FxsY#ug@p;l!uCp`}t?%eQTQtGWX<@_tnO62v;$$27<)a+9w_ zH|4sM#=pA;T0zUA>p1MS>r@9C*jmG=1;B^F8kJK9?P4(GDhp!87V*%t%tMM2H2cR; zgALe;%NJOz?i%~Kf^krD92+OXxaL zbFGkNWNgP|gg_j&y-1sQnqqZN;M?rxj+*mblx_I5J2P}t_>c4*d2xtS8j*^m6k-X* zMXvV@PqZohJn3gBL^Z)r-=Su2SJvUJN;)^NIr%d=NOa%L{5iDOnCXt@3<&v}N6;UL zunignilQ5Cv5X)m&cmiF6_axnHIGd=Yc1&{W5bZm@cf? zJApsqN7HiJoaD7D-%X2~EAXk*2t}C2xF#1b0Om?SY#E=L50$XtZEntzWu-znhsJCF zaBY8RD*<>IO+)1`e`#B|aLxqQ_U#@wqw+9x7dZGW7^X3P4v$$acX~F$;2D=Ts<_cH zJNTZD0>GrEuiW_N6KLk@K@E8kQvUHz^6qNaM2F>VV-e>HCH+cUZ-b8DCbbIUSjRJ> z@4wwFW7Yrz!z&{-@hDsfLP8Td@cCg8=(eB^FzGYh0^xpl>S3t%B1u`_c&`eeIJd|cNW;bd?J~=*@Pr953&?`49 z8;kj49o_v*blv{cwvh%CQMU!;mxFyjyCOQS8tA=^_7fS)swO+N;ND|*DS>xs*^d*$ zoG8-J$Rp~bpKW&~5g%%m>fR zO(aS`HetlqenJwx>N{;C@6qwd3(P8}^6T8AGNqi!K6>W~LjVv*t3*rZC^S`gS1afl z@3@vwr`~-Y?d?ywyKC<<*q7ii1vb#9F$ykNJf> zAs;i#QP{!ZK7%s0Vc4kW00Cfd@^+sE4Q6ebeJeK$oy-ayl(G>_H z({no^z01C`hg}Iafl@&hukn%rtkStGb_Te}5oO0Y1$pyPvA9M>Oc{~=+TSRF77pXJ zrbN>`Q%Pq>e!NdFg9GfY*!EJBq!4$v#QE}#KS#5Z(|UKFWVj?=9k0ShRcI-_uG4d# z;~{w7JoHZ9OmbylH>W&K!t%7k*(7_wV3YiI8c+;mG6BU}aAEAjzL+lZM7Y=1CLZIgR6{CpdhroD`w47`cU$F*gB<#m6xHG81l zVhouca*I@in0RS5<#sj;CSs3nj+eZcCNbFi1&B5O9q(P+W*v5MWk%{g55s6oi`fFhZ(o=s|WcmbQ>6oe$;kDcnrMe$vR2Pm-_{AN6ZS zBYN!AeLZ9$w%M%JiIj(sdZu1MerP^*G z375wC6XBYy&3^u4L_q||#aVsRfYUvsL;e8+`W>pFkM-z#9V{OGq~;^;5bQWM0yWk` z733#bwZ?IBz|sWblTgOF-_x}uJYfcV9YulX6}1(@^4_II5O5)W8O)(t7aG}w-;&;I zj19p8az`KZ%SKO<5$821->d%qL;n+AAuEJ9MpEhE4;MH_i&W_b_l?&u8?+NXRz*Dj_JupA~mVg6u!3 zSHVC4KfbeYOj9wyl$j~>B=vPzD07R;ERL2Cx|D?l-5jdYJa5SzTwzk2%*8QqgE4ewHLyT$64hpD~d2y~AR5Q35 zY7E^seog~P871dz1NFaVNjgoLUR$kD10qo}6rKoNQQfH}v(F?f$4a+y$qVx;73ttx zlWbL27vSB zJ)VS^!3iEHv+JgNJE0I;v9(fX8FSG=D!0GVAw_+2s;${?)CT%!y+GOxSMyVErlvYCM89K{(W$3S@DGKU97fcZ%ppF(@nc@Ic!^6%a$D;1V>q$ zz!utbl(zM>OJAt85z!vE#C%_7{p3iU-BGzVH8t*zp$97){Y8v8h`jx?{q>Oofx}i< zwi>zJ*y;mJP6Cc%5D!x*>tHK2G^qdQ0&4>Ozmx;9x~g9JCPqTZrMDs_$0b zBKYkY92O613mM6Bic3Jo2N~bnc6$YHz;u7s%N5iQq!gtY36J7Fw}89j4F;EL;M`fP zp3RPiDqQa_2w^WC`>wxIg2L|pYANpx^?=IbSVDfdy4gTTMh|3))hdEgmUI?wz44^h zM;C?GH4hSAI5TCf-7E-0&r{ecmEBXR#J?QDgcRESI(TD&KLXtAj^YC&2G8b5ukk|~ z^AkIaXYFd%D+5ims-F>xo^ub^#K9uZP!|TbTw|ncg!Eb0=qa3UIE&GB6mWo~YZ6Pz zBk#PFPwi-eAR9c3g5ugS6Oxef>)tP`32f&>X`E7!1Yx3e{t_>oUS1ZQiXO2C<|%1O zFfw-kRTiyS87#Q2F3b^Y3fqrEF%dIZt*}*Jikb zO*~gNHO8U`bDxp_VCaS9W%1U0Do|olwJkus1HCzH%u=xCE8&v^`=e+WZ@akEDD3=# z@lEU=lcKp9HG2*brXL%7yoE&6EWTcg0st20J+^oldw>XBVsXPpy>s>SL1x80-9>p> z2U+VKg0_@TkwacMuQ>i*!v&M+E-74#at*LX@ev_Xi$MC~v~G=q%KIg2m;)m0BuEJBNvie!+F^lLm&vOAu91R5>v4Q4-tDhAdy=&vdIFn=8xCA&bFiV&%{B1JPF1cm3jXTZIrvS z;*n<;-vaxI+w7moKZ3HOb-ZDT@=GeBj2sE8MS1w|!d4Z*lZ~v;F(udz+sC{jVidKnp6ZGq4S?#Ker# zEu>%2MSV{OnF5!0CO8Fl$)Da@0*zv0fM99n9;d^@>mvo0?=zLqr1);<Ah$++0O z-MLKL+a2 zl0Q)OQ}z?S$nU6np|0GYkkLOv-Ys3oF0Y0;41lhS0D_-KJYr_|)O9d1{379$aL%VI zM!+=9OTmABEI~O$+d}gyaBV}9spavj>^72arL`>M>@Iv3i?F^F65(>YfV3oR_*c(T zSwGcuPOCz20xcgXR0@+PG=O*k=mCamR;$L)45+=pvZ13<^&s@7(xU)JmkYe4*V@Vc2UZEOT*fpo%;XeS5RiGa14Zy8jIy>@wEowaZXu3TB zDxt*n2%QLoQ0kA+Z*&!*8XS;>AI|W^_z81pcprRPLBgHOmt(cP0>C4C7?@x{6htxZ zQ4v{}JyEJn^w{b>>kWd;JG)_k#Fn+CS|bb!D8>%uSBb6n>0g()1pMkpE&13lgNeZ4 zD$w0EIM|c2etOH-mV^xyhw0m?iT5_a8_2%CcY9|#g4|ym)?(E~84~>tj9@2{pHF0M zWTjfOuZaUDOf3|gt*n8r2bVp09?5CZJ9zJTe_M%FF8EyVqI^O$zaCa1?&(wx5PmMT zbL4}jJ}=1$h2#3STnIsrjF2Y3%lrHeOpbB553OBA$meK2$}3Hm3!eyfA}IiHhK`d0 z6qGNxWqm8Exa|3rOWA&ertyE-Ezh%?LL|w3m0`j*>cIDrZx(DtKVYlzc&@T*iisWw zoej<1oYy4yKNXN;fCvr~fwigqH(u^$71bo7%jSqPsgzz!W+b~$5X^8dr}Ir%Z2KZ^ zh89Cs88~)U{W>!((Hn0B1V_}VoCJNP4jS4D$r6wG$L>Gf6zjy(qJksp`3UA4lSHpS zkx1w2_%o}jb&BDhwv<{D##`((mk5=yYo(hKkq?$ul>0u=ehy5e$5Hnc+Da5sS;_yc)JS+?ZxeBLns8??j2+ySLk{+g^lhn9crbz;c;o}mh%S+9K-beUdsY6@ zVgfS$C1p1@DVDbUFqN)f(dHyEq;2uK4g@-Ir!kl%6bpl98^eOwNZk1`)7HktGSPYu zG38#hDrD|+@jlU5D|Y_23O-eLencD{xdVt!A9&gviwa!IXL6w<*C`{QkRv&Vghlq3 zV7FwYL|FUr)OjT<+vYpB?(B%O_@b6XdpR8MmKxMz-}k7Zmu+Mu$c3TMd>i!VRr_e7 z7AtB)28Yngo?W%#hruf)vFOc%=cUzNP%aQRDuhS3ak+*PYS2m7YR-ZqNK`AUb>u%J z=K+mgvBpB#Hr<5WtOY6d$gdyU+-ZVqM{lR~^P?~p-pC=VUxVeBD_(aqAHU|WdZwjA zu8kAognCC6rk!W#&KMfIMCO+~;1c)Cn6NfB(DnDRCykH%%uj1vqcl2Q6KAmuRlk?p zs3o)fb{OgjA=O=7?l~#>khhYS^(SnohBG5X`zG0tI+C$$6Nqg7j(<;VR zJyI#QhN(=bWz_rAOTMq@M=5@%O4v5T#r3sgCX2v3%@hJ|ooQ&kOXIDu?AWgUJ@EIK z{u#)*S~+`%+=Pp+XI-{uXN@9l3~Bj!94WKO9&ajeL`6+7Hn+9 zC5h!6RwDpZkjb1;1rY$4`Q`rIfby6&fo9RpUH!Do5#B^jEneB$%n)|{&WM+%WIEss zM_Zs8s}es-u3sz)h)eV^0=N;1S~Z&8${=2{>z&<20jcbTLyMH;)=852!$=NkYw~IRW3yLA_?%i-yv-UDlO7x?D~z=OECztKRUnr zKhEmX`Wwyd1Cn!!D<;tZ7F@GqA2%$g3?-mnfavyS{fVJyHU^fmtH+h-k9kumx@qcD zd`%JApmmpOD~Hef&O!r~?-$s54XkRIdkuX`Z#D=jV|IFGpO7H>y|?I`?aDL-ai;L zFY%iRfSYw;9flHZDY*}ncI;55}7WyZ|{HPAQ2wugP`ctsrGa)A8d+9Uv) z{WL0irnIGgR@va;1G1_0e6mhB_o!V`tP3yR_CTV^#L>m;m)Y4rtmvqnvIV_>E!kl^ zfc(-M3qLX|v@J|^j(=NsifOm&iacz^e+x!GdJ?%Gl0iDr`G)Ze)Eu==`NJ|im!)(F zMkPo{WJ3Wz#=lVQcgcid0xUc8o^I~GX#(Uk`ZV_uK|khz=53CvQ(nT1Tns={FX0)I zdbBu-{NXDGU}OUFaDl|y*F`&c-iXbJtLRmW&^w^Mysi2o;-W9fBx58)=cJFcc#g4g+Hh|E3F7Y7SKotS=>o ziW~wVixfe&x1Ef(M5WGrDB=oW5H#r-uZ0ZHt}GlGXsgYsE^YkF(c6(V1;o+(4WllL z{ILD@P;q#pjy%G>G4tvu_88PTl)Lg`aHDYJuY@1b^(ip)89pz^+@eazpZ=1&6%!Rk z6_FlcITOCbwY%qAB_ZyJkzIS#Ijje!vxj}3;JGXw?_{?NC|12Vt?nojr z-AK}{^B+E_j=UOL ztNzuP+*@Jp)0Tk^EY@&1wHt8QCpBAD^u8J$vGv*E59z2x;XH5sGc*Hv>`B&66DCYDTjIQ4fb_3%cPc1_2|72( z>t@3K=Qk%uwz#r-FV*HVxlb71?8$F~c8L90n^xTBjOkWVD4qr*ur>${y2fPmziDJ7 zv#Rt3XpRF+(_q_jiSq1@1d~xr0#f#{hIQdq-x70=`wz zk~654K-^qay_=>mBF1BrJeb41n&cYVsKki>5O@uIg^~AJ>(|`CT?_de?62us*{Vi$ zqgmgQCyEEyQJ>$cC?4>lEN_Ou&MaH_O6Ct-5bx2nlY8p(y8cuIXZ8is11- z!$(-GxrIntE}}M3YY&R6vVZuf&8Rry3|!ofVw!=pIn~ zhYu7gPl0)C!djI4F>k{UIX*hYwY%4-JxIp;aNPZ%Gu^aqU}6`hwaS3vK~3ZQh9v_^ zN~6gXgZia^&1)-TQ!K&&+KRcp8x-7JnfuSP9^b0|2q_$x}K}&MyP< zVG&f4G(zMzw6RyIkBf5Q;s-i!SUX~trvo{NQGNGUXOBla)n9gZ#gBgtob#a7>}Br6 zh{XMW&xK`zX_}MBn4oIToMz0d=|yv4p**tcjVoh>cA7l95=^wD(Fx{#YSPj0=|n6B z)9Mae_IG*8pnCB|#fQ?L(A}^ewKiG8`mjh}i z`;_Q}TjJ)L@_swk-cT>*b*UjrA0dv3@8?>Cy5TaTmZGqY*Wqu?yqO$?$1R2chgoUR z@GHrg6d*=@DvoypJcs#JI7S)=KJw~qh*v}XR7)gY{&zG1-$O#`9JceyOoPM7Wkij9 zMaT_%2RmWMpsL1Imd^wbePiH|9{!{=dY7xv(p`uI8NYTNQ&fwHS#t5SkK5Jl@O zzB(_-X~zy1%xGio;pBj7^WV@&IB8p|ZN>PZrimcnY@u;1FsmHA!yUQDZ8aT>%V%W{ zpcp+Iq~!$x>0#jtw;9xOoldIt5)4mTyA1UDo08qoc++{(_e_?%rBL0!#ZppqGy#DP zG<&!8(77U>&qkrTBbbz+=(mU(yRnD!86pq5n4cj_hr4+o!gzw|8AoU+osCi>be{!! zPTYq&ol)#BF-$5z*)oQ1fuN;c-?CSDu1j@;;7?ly4z3L$_#R zSZ8|BY|Rt<^-m$ycd9ukSqBn5dTp;nI3nG+2#(Xf(8+=b!-zzEwhDuaNZ2IWddx#M zfQ6exjFOs|Pxg$PLcg3=CGen0-g8I6d*a~?0!#FGZ)NGZ&Oftp+xiD6y!9pbTmx<6 zXzsrSHK35M<0->!u!6g&4G(nKH=scaeGcL!am^pFU7jWP>$3le=!y?Esz%zqu$3Z4 zR0z`A$Jg2|W>T8Lxu$DI9E|O>zYzSVp=K_B%R$~ozMv(C@eY%y_)#raCmNr#S}%_y zeaDwbZ6>EiBAI&2$f**2R5#_C=r{m10Zc_!F_3h#K5DOfH0Xx{8QQh<;V0W%p~)O| z>+TyBd!!=Ul}P%n#WU5sk1nAaNV@42G}pIQ3+xk}d4^c?8xL^J?gg9YjRRdMcdyIY z8VfIBkj-04-KK49aUU*^7ylZD({c%R{C(=HSQgg9t5RR4`ffEomlKz8(abjLyn#7- zW!9zM=R^uKIJodPfh<5X@CHVE!5mSRgTUn}CRXMU!OWz8;q=xqiQz<+^{fK^ilhHJ zbwLfR@$UK~M1iw6(zC>g`J6#Nd1uY&?Otlht0q$YQEmQ2sT8acD%D9k$jFQjzaDe` z{SjfV@=PM2-et1g=EW1hl)8a1+KN}D&I(BH)otx|BNjj4Qm>~GY%hHn&4e{K>NJ3W?R2-YnOq0GulOTmjJf6ei(<1m$p_kRSgOoO2RS=sch~chP*n%JRJw&(y0M9 z+)}xBj)nl|hU>|=?wT8&BX_C9&h7yt2qw9qMf%N&s&+= zR8EnEN@*W{9J`x#o{gMuRt%W3eZar&+#a}TKT8YhkyJb1ODRhLvSP+iR9m}%qLv{{ z+R-#}L(6@{V|};My8;^U@8@E7?C&nzxXi4Z`k9?&ZOqPl_R{5a)d?nh=PaUX#`(n# z5DqZmI+wYxM7+@X*Le7+x+o-+*$GuSd-8l>1S8xH>Jl|^h1L->NhuBDSN&mBQ*J;3 zH;l*2WTFCbZbhJgoFzK!!f8yyMmbV98HcZX629n5T(>8c7wA0;WQlMY&(wHGeIWM= zAD83@Yg>t(<#(ik@&Gr_=>a73J+U0`Z}woF1C|u4=9B5E zPxJ19uvfDlf}?AkJ1nDxh%uiDPP{5Hc+(GP8TcP~Alg|bHV6upkJhjhY2d4M zt_{-Q(9}XXEo>P{G3_77?f1J(BF*~VKJ1>9{Mh;V#MN|u`UAP=6-0ZgWwZ%9ZVB7N zLj0ezHTP&<*>MA2=y`}yp*~PALCO3Ab{OdJf6{1&qnX&y3u7SilwttV4Xhs(MQ#nW zCEjGh^n4H57 z2(sQnn?X!0xu=m>JMVi~@&kF5fhAKg={t1tEhGS?Z3>%1+wxnjaqf~^OjgGjxJbmK z-zv=J2*lxYk(66ehB7HD)E8Ty($Ne>eadtn?qQh4BEuMtHB%O0!T3i!^IG^rEYgxD zr~MIudb0F%2SHBJt_j>6us%ofr;cvl_8Hg{OTiBcC@tUm^KK(Pz`cPxWr`#NLSsJo zG{mEz9HD?bK@($ib+k`F|$V=EZJ)#sz;&1Rv@+6rZW+l4l(9St3Lz8a&%0?V`umF zXL>c#3ViEg$U!Nn(JwmoEE``w+IPZd#u(G_a5WElDn+z|l;-$L|5~sM3=jYDxHH|x z+mHVvmL!8F<9%Gx399}8oUETe8?aZCeCk1b#-%i9pJml)kIOO2~ zNpen?$I_Ucq_kEt^|~!N5ii(HEm{aGhBK$!& z)bMhto;?eV4scy5*Tk`+T1QBei%u$^YDr|M z6PJx6Xj=C<{k8w(R1QHCy_&mi_FO6#-)yWZvrtP>xw1FR&Z=9KgKzHEC0b&lEf6c&x!wJTIE_fmWj z*F|Vy<{%)fDlCLnsihaAN(?@DUC4t|}n&zjznD#onQR6e0XX9ylO&C18I_E*?LzE@H)Du0(DK-Ab zq<<8NAije(%|>`NfvBw{%T|c~U!magoxpgh`-#vrS&SlVvOFv z&$ag7R(Syn9wP22tMly)6s@&sSdU*lt2PAm+Jk%!avAq&L;A+J)fWu=__|9)*gr1T z9VxWe97UK#QX)e@%&yp<;}JFg9Jno{y^#vu6d^tD{?~I!=DXcB{{7`44`I+5tC5K6f5hZ(IYs_YFXk zjPGiIANBvLQg-cHCZEUmKIc;Z!^9%!Gt;=XrTj(^hR-C`LSOI`kK>}nX~sF&f!iI# z^$a%0AUCkGF}NUOdUp`~^7q`#{$Mn@AdQoM{%A$uk}owux7FrWz;t~#2LDwqK;_0m zn6n>P??y!tewHo^WL8xd594ccX3Hd>h7);7i*SxC=85~>4)q5%R&;ww0+4E;3`(H= zcRhl1Z!6%CAG}Kf)!GwRy{K(;gi(dprAsfTRsueuw*eygVn)}NHzPKKvuRL7nF~EQ+xmn)nV*G9ZaR*fj0lRSqp5T6~xk|8EjW>YE=7e+&Ds#GuvEc{B zsEh~XvmE=$X~qB4@tT%pFywobMRG{TX+(Eip8|lZ<%9WlI~0`RtIg8Ri!k`TCotw}X*Pb!D9pWNHU1i9zs`|EGW!oih6OLOdHJK!QEj zzZJq0c+#E=#{CCK#qxBR#}uCt_l%ci-}{BJhwcmFKICOzx=Z=uD07 znEw=O1aap>$97k@iM*{et;N5F!ETW%esO%(PY5*3zruGiEzH3r9Uv@o=7q&5aJ&ri zI4@zx?{hwXsvhnSjU5#X)@aOSWs@+;*hS}v>#6CZOfaC-w^0eJ$MmfCBVY)||kGM|j*G>9RUx=yTYG2N2KipoQA z&Fm?ssFbiz#U~YL8Uc(v6gdV9I8Ab;{h7ml$#m=z#5p?gHY>ixn;oMzjNHV-xSq_i^Mml)-vc;btT?{a z9}}!~qcO8xXYDS9Ogc&UGo(llC@{Kul^MZeg8RPj3{O8=Cx=e zqYh}nX3H&vSZAHr8J|`4Gyg!CV=NGAvs6-wnnv{QYbdF=)1Q=0|7YTZD(@ogMTVH^ zcG^mLaSGVmj|BDBX=bm3Nl+J3%Xi+<<&rqgFZA$icyQ9PW%IRx`8bL}Y}`WRL^LL@ zQ{Ou7fgEW{MiF~*$e>nDgjL6jK_t(JCLefB(TqGZrUC%3)vfw}2R;(5)WWOexj_lB zIu(AScEn5CFQ}Y-n#oKnS$wiwPVg)g9gxF9?q2O^IseMam&um5_KVY(T^g73a%xpSFu*Dt>1iDVZfY>PXKnnnoKyG?uOR?xQfj0ND(;}__oBTR~1^msf36;e(hR7Y=n zp>hm^2WNqgW2e?p9g4jp1)mDI8hVWUHnyiz+)gqkun(~0@Sb}acHl)%o9!hy2F_~} zCwEWe0jTe-ENDSN7N0-~FLD98etx+BiLJWt+`j$ft@v&auF+sFGwbh}-loinQ7y7T z`1(JA)`3 z{R&E?Sp%viyU=C9bKeAGyO15cwD$iAZ&HVQv^WNU0x=v2JnD4jO9t8 z*hkc|dU*Ab zWX-N~jycWypQwxR!vLkcPJPOv`SN=U@VnX%uFwQ|@!+BN)U34$BkFnraPB;o>#IZP z0@2E%(y2RLjQPGF-D5y$^i6zxStVXs)16<_^F(N0>vmJls&6!^8LAl14?iWOZo(0> zni2+dCwd4*$f|7I#mMM80mR0NPo%2@J87cH+CZ$DFT*{opF04T*rCx|0s&HbLbX)P zsk~8P4xGy+MCO%lEvBVc&F)^mmZfTwY!hcWTxiZ2RHruFO7r0`T^6*apZ<(ZG(YIb ze)}9~fCuUBH17cM%VEBH%$pOch0~E^TB?cO_U=G^1btDM)w2f-DU)!jqi##h8vaM~ zE(5A8ua=)u6Z9aBb{+Jbn~EY%1)-D42pfVgMT}7RzfhT`UK_}ycJ9XTk5ct#KoI#$ z5r3tGftH7%GlqGpCD#wzNfw<|Ei*&_ep(6@2^G76KS2%j}HY_=H?XMFo0 zLw~@_1>y56?W9*kWHOtMfHVZFwI35D8W|k}_-AWO!QJswfeRhi2HnWsE?O1;*~|ol zxoA?Bf~D#ke;TUEofu{z(TKSO!BP}4wQaK=kghIPsjMoR=29FeKPcp8ThZ5i2Dwk4 zfIT*>d(PW%pR@-aIVwMfxP#!&U{F?py%p1J76rjiZ}&8kIYJ_|C?Brnl{N~b>YYQZ z*P<=%-Ch~N`|EM&D6zIo#YftjB2~)~IqXKf|MHm4QK;MSKk#moaM!yQfxbND3Ltu4 zLT@XG+X31Ti>>M61Gw8PKM|Bw2#95=>G?k^HBEzp&VYUy`RjW07!ZfhK~ zy<<)(slgT1WY~OKMzlXo(gUU2D|R15hJ42NTJ7?Gef)pfME`d!uQH-w!~ZYX|3W|f z|APH5ZXo}&U|Fgez`*}cw`2j&$1>1=kL@W0otQG4KM?RrBv@eJJ=lL^|8zjN(J*z0pVA?wW13%g*1ONa4 literal 0 HcmV?d00001 diff --git a/tests/conversion_imgs.tar.xz b/tests/conversion_imgs.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..cdeb96108fc3e48ce7c6289d60b686c3b739e68b GIT binary patch literal 8149472 zcmV(pK=8l)H+ooF000E$*0e?f03iV!0000G&sfaiYxwW}T>vqg${Gd}^}m&AH0OHD z4UW8qkz`xOyHcl*YqdHS5|vvs4ASb8>A{L~SNzdFGM!zUs}* z!UjcZM0trd-mb0VX}?1xcw`vW6Uf3Ye#jC1X&6O=xbPnV$^)=@|~VKv`eDvz#kCQV&BY-fEu^k{XeUnN~~6wT}QbKLU|sioP7lDGLvDN z{|4bNz(40}H5dZ=5d|`FjLjikj-KW1UQx^sTL@@+T_G=+8VB&Y{tvU^pU&e-_EiD= z@DQciK-92?A|v0ez?JajhH<&GB^^RZS2{^P4!L^gXAP^i4*zvAQEaHa*N!{ zzD4P$@wyL2Tw7JJFXTpWc(cVv>4kser|Uxc8JL`@dAk>~(JKPfYe2OlN0W=Ush6J8 z5o96I4i-5Tb9)nEOy%n1w6tgTNGA-&h~oj=igt8MxZ%x2|JOIB-&AK*20+?ydXs6< zb>DATD>b-x%oh(@NF&2Ht%Cp9F|S{mL5OrUU&5hNNox_clhmZ})4TQ-GysHm7>fhEfJ90)qvES$Kh_$1sE7}W@y2c4I~BEhTyEwm$I;K~q| zC2b}~ME5Qi9EK`$5hj{2K1e3Z~3Do2;q zZqpMU39t%$tmT`2yOn+nugqCNOhLYF>%0k5LAWW@wbhm(Y~{(wf!^NP7YGYg&ajQMaW$!@AT&Gq3iA?xDkVM3vMo)?mvM{~zsh9Ax9l;tzXOYUE@ct%b zGPoB(`+7p91EL1hJHbPB6)*=#&#wkvdi4se zhYIDZu*DLV+J_6x4SU5o3}z?zP#f4P-U(V6)~?ex+X2ZE3U(z6tUq{ecg!h^LVqJC zyY2;f^{Bq4yWDm?yBq)Qlzs=8B4IYKz0s(6&QSPiE@{-`Jb%mZQxbUIwq}ra**!={ zI?Zuuw5}(=!0Sn+b~c{6{_sK7tk;@8gDF7Ncz(p;LG85WM6c)~7+qYpp~>j-=>zO~ zWDjhYw8IkF>G<^A=Mq0K>Q4}SlYB0&*6RNJ#Oxoa@*JIl!h-e zrnSM106|qs!hk$Z7e9{4thg*GgF0GQceI~KH|AdLI#JU3f&qSTV2_T~`Iw|Lzm}$t zog-#$u(-`zotWU@^(P+Dr4M_;!HZ+N&dZ;~5eJ(phIDNM+mYwmJ*C_HD}lNzu3N#7 zO(kexCg0Y_$I&MLwl5Q?ga7D&eu;S757bmF#}Va)sty^L9@@dE)_F~xsZkd~JGzwP zT34#@ANC#hO&)wnIHtW^%B10O#nLT+D!s@afNDb99xSYqxgLQE}c?45G z6#dy@y8y4IKB5AJfg-e~wwKQy`l`UIqxI2s?WZG&{+;2AS?LV6*1(}4^;5H+va8`N zysThy)BIAL7$gAZ?lF|fhm0(4bW6N$x(LZFO(abR+Nl8cM@e=#)PF>csZ=6l-j&_a z2FOXB-pm*bUu-?T{8aE>(`_Y-JPyL15ttQqSs29uLDX&z@a(^{{nYs+eI3h0>&xF3 z;}Y`xI-&FSRL9KsR;k3f{!1=(Q(K{CXEiPU@!=pdw$cEG2TO}!ssNZDKmQQKx6oJU zSON(FSGm(RDGt!`sEZgC*-2tK_+upHVIyJl@klA5`=U|+OCtPc&B1tV$QOi?;iV;`gwOo=0dv{Av^xREf94Ul8jqcWu zrOLCA0RVh{Xhq`L@mkhIN!d1_P0l!GVQWDkY3WT=dk%FHgpDp1rph4>6xM9f0>qr= zDEibZC!qjjl0S>@P93Q_?7}m6{W~YWqv*{M&JQT#ziphJ04QZnqoNW@ z2HGxyW28vSm>n?c^h6`kvb+amp|k0%IK^!X!Nafl&B?4FlN5+?aa>2K6=~g_or(M@ zE4-$WaS@c*9pci%x&A zPChx=kvST#fj=xrEo>XH6wES>!*cx!4%Si0D5Mp>4~bom=0e^NEzcEbo&i zW?D@_E#Yb`Wo(eHC80^r#U(lc#JAEo?1L->3kU#EKl?8qR{V`v?+HNT>0=sx&-Znu}>M?YA^XMviu{>TX z^Mksyh!ur1?k0V0_T#m{FG*yaTx$8si$tNF!xpK@OH=)I;5~Tc;pzPdm@k2sk;-4M z2Au{2QM)yP39Tw`89;qzpk=9u$D3S42!5ts0iB zgM)uNT1r+k-Kf$wj(=ty6CvLr($fcrpBiS>Bp}6D!N;$Z3gWAFNDQE#RD>NkU~v@gR}&5KNfsbr1w&ObSakt)(F< zw*z*j%STW}=ety4ywYI(>U1|{>FQ%18?m4@ToNaF1aQn_Q9&t3t<1NpOLN2j=G2*i zB45ft@uF+kxMKm0v6fhvHowRZn8}7+70?Whjdv}pKQ>=$&A65hji@m~Y;Vl0Pb+?{ z+E<=iz(DRl78|n!9AfLQ``h{7`k(~#>!{JbM@nP-*26naf=wT?&D=&PF6LA+&AcHD zgvcKWv}C>*V3%16X=7IAS8;6HeWgvRZ=y?ZMCzyxZyiT2DIv%qu%>xQIE|Gge*2QS z@5iiohdTj;f)gEqH_f7?Z?tS0P?|_Jdn_vlt<~&yBu&`G?3C|uP@XKit{)Fv7Mw(P z>^^m{px}S&wli=kk5jVw9O)**fvg4(@crOlCX(+qKXPYTs*jQ$WaE@*ZN#nt52fsE zbK6lTgN3B}Qm0v0$Ocjf}KJEJ}+sb`!246CPJ>mUqY-%ks(38m~`-KyQexi3BBHblc~Zo zNI1X~HjA6gXBgI8rx037{{S{t0qQo@BI5)E_$YB2Q%bf{>iI82 zWS)7@8Y+N&9wJxdRHBk>41#J;n0p6o6bu+Z)m zO5ca(5{44^QR#N1iL zWj22Ln#S$IMinjl-2D-hW>WWNCu44+EX@QNhjO>qxP-YLCVV1TM0u~EmOl_FQU8oO z{$>^6-+DzhYSPw2ro7)&Fn9TdcDiipTaM|hrp*2JPG+Hzqc)dtIx81CP^#W}ZeJB2 zD%~n0`D#R~+xLOZ$^IudLW}A!8fm~A@3boGGe1Wc*)kfqcxFoo$~)8F6WPwEy#BWb zsUlE)a(fE{Q>4kk?%bd8loX(yGiaL%pAM8@lEeT(ch}t&koUKytiwgYrFfc2aU}aV z=?#}6SXiDAi^`l41T$H~=vrM(L*CuVKhe~`SVTsf5G3@bYF~I~tMyo)87mOvrL&$K zb@=jTG)ffHUE#XoOB0(h1Z3eJwVm^<{QvsxV9^F*V>3c@Hm+8-9JBZ>#doW5fNm=K zI`w-kPBK{gnCJu6ZUs8lFM^ZA-yO!&sPeR#Rf!7j9c*OCq^_&LNxRZiiB_ zu^YS?+OEgsb@f?mZ1vic(x%PgywYaG;T3f6bY zN5kt5XVNCtk$|>gTh%I#nNt{ZQ0Sa+(jj~e2JD}l>S3DAw0b;$>G2?kn_GfXde^!l z7c1*}IxhKmAX`cm_p%vK@=g~xnA^V$WF?}71lW5j=$%jk_6$Ij9x9-Ng} zrjniJfWKle2aV}1yz3j-LJrXVgnY)wh9`0c*dxpk8+ZmFL2OQ(@>97aU1UIJ?A@?fidw-;TjKvi+A=9cUFuz)WWy=0UMI8F^U7tX(wUk|()Xkf zw5*b*@yg0o(?U_+(9W@y3xDTG+ywj)2c~X7{&fxWCB`8?>S8Wb1+#*WvDk%_Pk@0#qJkr za}A;n4D)BGUJu|_))_FNXIJpbks9M6?8r}Nx-M8Qsd^>8Ng37D~4c z-(EDiV_av*bf?y~xY80D?hO3;xe6;MO^*#%^6(Uv9k*pvXC4Df%++@e<_~AGM60D> zbwh&7ihD0*gP;}>WOtMk0Z=5tZ${mb6;zp8$FMK_(iDRQcxI6tNzbkj9pjpl$>UyB z&t2pF>nTg(ly2x|`Pv8}KE92Z(;gtX^A=oV!Q>PN?LDMy=a3uoy0Bv&2~)6(nE)*f zfX}I;lAgz-$)G0>og{PIqTiP?IcuB-6XTe9ZB1D3)&AgE7fd(vUodz~hg4xnbC706 z6W3fH>s1-9i`L*kvT*AI`&og{M4-0clw3+TKbv!{b6E(pNg6;&#Bq|^)sGzoe*Lb8 z$Yx=56x6v$frm!@OAbr;CgD}GVz5;mJ{HQ_H!s_1e{cE+7eNmk+1s{XexEv) z`$Sh%Vg&4c4R}SY@1ol@BYd@X1s&cF+YM||>yU8z;BI1aAl9;7?X5fxJ%KOy|H$cw z^5Ycx&{LP=NtyCbJOo%>Lp{xv>#mIj#{OBfNo3}%gQSGBeG0;49f(Xi=)ajYx;bfw=7l5aXhtGLGPYQfq;QM1>U z&vt6HuRFCZO8sD->iQ)n)ne_&nw{0hC-ED-l?K!sR4%izT@SB1)zOP#OF96S z8I}YXGUh_AUmQ0hU&Mw|#F)9^aV2nu)ymiyojWz{=K~KVDeu$ugv8Z9LOm|AMk<*LGXk9NQ;|HJl#FnG?~C)6wbLyN>)Tw z*qAz9QfyUIf_isMjC*|PEqbrNyb`|taOX+64C9XehW?I@# z`q8n_S&KV zp*njtQ>|$2WKF?3=Y4&k0>V5nIwG^w#>amh+q_R|hf`{%fV~$V^CE{hH+DLmc~~cT{?oTZjmITzUbnI6BM;c9frsr6=@PR= zjYgH$v^~kf*)O@6@joC&yZw?Ep$BAOp+TDz#jw~wd}G>jWLrV!%9zb_zC}`LlMd_D zIB1AFV35?*gF+acHi+7;e^tFn+xGl#gIt~2pFnI1LII4D6*&0#e9S0rN;%%3Ak^r6 zVNONg`3@>?0V?w*nHi63Ht|^>1#C}M04hX0gPyvPvG8kXzc?kUGBS|#Q!!fKu0sJ= z)y5~%2b|oYO2nBxj(Ns5@jc%r*1qhbbk+>`bKQR-{USY74tfgiyd3!6c85XT znuKx3xg|Eo*|js5&eExu%ipQ`1gYI_h>b9P@V4qnEc;p=8NdxLeAgA(J*U0I&H0^5 z!_>X>+$@*T$yG;M__=9TH895TC6)B^bG?9}^a)2Gq#q8L=?zAY)>3WI=nGS_i(weg zrhA&1t0R^<au|9r7Y#`5R;T$EYmFncG?hL%Su})095_ej7XOo_G|=aW-R~I%jk*nV zgK#_y3Mp2VR9UlN8s;UmXZe(PLHIneW!cPr%AiTD{lQZRugQZ~_J}%SHL`3m z&m)T0^Loc$r#$^*GPX^{pA%YKZ>FJ0SKF=%K&2C1+q>p8cvS5+3jo1_q|V{uHDX0d zU&=^``pzv=v0)rcCirMNlU&*+p-%wHzn=JleTMd+>rCSw8M!Mm#$2~*W@?G~$wjM! z@GrMN$0Y%!B;@t&lq#c5p@`|0WPy;LguxuCZjA42n-&_wIV!*rmA@=xgZCJINi?tkb8$I9Fr0I>H^ zCMCmLu5ZDA$KpaCeJWxKy;~0O{aZa|PDl2n6%FcY%mTE*et@8k-RGxl!c7siP+1gk z65&0zF~yTJ@Cs4MN@X!xp1c!ac{=`#H*SJ`B*7sDkw{II>)2|-_ScChAh<#{{0}qP zdk(Paw>esRq&T+oev3o1SB?XXZZ2By<8q|TXjIH5T=J_V$-gYe5E0ItHsI;@~7?*;$5}eBz&}5 zX`Mfd(!toMLIyh&x5xD~1_u(Ys4fm)dnX>5*jS|8R`=p^QLIPe5}kc$<{kKVX>J%p zK^pU}598V-LtX;_tS(zNZM#Y_bTQA4gjr9_j5_F?fn4w5aoR+ovGoL%jGSYz0zOr0 z!9!Oux|+mT#+oT48HjnlTM@+zusTxT z&EBOREv1b;IO`vd%!FGqqP72*fVfRhwK@-qv$u6a#vl&_VJnYz$Xq42jOLG<;Tjd^ zbP#pTdVE8B)IctKU;9k%9VMs0zY#`RX`JFUqKjtY>W&NBmsHuW&Z20@!O*LRgkBs5 zM;5Jx8?IVm^&QS=>IbxR!Hz_7sxWR-Vzu%co^>|d*#1w|7WrjB6$z>ku7DbK$c{Ow zG-}lMDfShpsQ6yq6)fIqD2L9u4keg^R1+Ic*?Eu;7gqPm7!e4Vz*AWC?Xk%Fo*x0I zUzEGXLm0nTE4-J&B}(+H5vRK1o#7eh<0+e~EhtBG7$5x~j!?49l=w*%N`om=Mgp@vP7a>6Ukd1cdfJIb~->qR{%WE;CY z*LF|_!zUeS7LjGvp8u&4d3di%@Ylbb4d>$y0W*vKQE&~b5)X)bU<8fJ0Z0K$AQBPu z<7jDOlK}%UsO9Bl%1L~JT>2T+3{*oGoxUwv<;SMNp=Yl$qufXGC#3~o_z~TiV?*0Z zL+En2=hq03vSR)aRaMK*jOVqBt*}KxzZxmIH?{~3-PF_=9icml@lL9^&7DgTdHJ)k zSK^e5Y_=*}h3ZfEAI{!TbNi!byYCj6*Gl;^JW>kfEc?r#nmxmib{=W6bxgfSvLhFV zM&l1yo|kUB$?e)x)Dn!LDJ&6UF9%5^adTfg!PVqZF7}V>^J=rClcI&!QDe1*i#?OL zD?|b#tm{#Wg=9N2rQZ`om>vc~IQmPg!rAt0mcBQ66RjT`u9B*`g$tn^?hE&q92Ezs z8To4q1PeHsL}hDlOHBz^0?9Uvh)+xqgJOiB)Afk`IYYdOE$EQi5?~_X{>F12L9x!Fr_xr_x6${^=xBzu# z4IX&H`@T4;T@7qH=T4LQs!W(9E&Igldaiy`$o@l`7EDkYoih3V84+CDi5?*iNQvsP zCe^JoxZX|`=+E1Gw{97LNj&2UX1*QB$~RWHi$Nok3s6Za5l|mDKK-Cz5SPt-Ee%d| z0IaA+lJ&|8?b}sX>B>j*3KSYTL`%mhg62e^9wjqVw#8zrGyco-i+Jxph~t_ zs1+Q5F*66Hli$TS{U{cKgHImsnt~6+`O)9GFOnDjf@a2=Y}>>$~-Gv z$eOC5Dhl`M22}+Al14~5gLE}=-?yZ|oO!g(-`B=CG!Un6%UosNKr!BK31u5Y49{}? zO++PRv_C=bx+(OT@g{Q70% zBtoAu9Yh+ni-mPrB!@O@1ka##osvbr@5cGLKQQler<8FyD$2$WiK+LrU-(aNu^=aP z6i&`VW{2IhHF`EQWZ+Hf;j0KVW7mTy4pKPsBO)iI50&$MP41q8+3p)E5|+fTMn3+q zUiEs^ls`B3FKpGQ)=rWSC3t;So8LIuIhW!q=W@*<6j=x|k*%?#spu0V$9xZbUgbwQ z&i@QQ$>R9n_@X&QntIMvr0)aAA`|T(MwQY`XRy|A#9{U1V~gpQ^JI0%ZMrQP?548S zIw@+q@dxm+a{uWRe#Yg4ZD*b-gXw-`NKcYsL2Whh!-q}B2coI_W(p9%FQ3L-#R$y$ zYXaA^rqpq3zC~(UEyyUNKKHoL=K{3@NlOJHT+_VyI9uhyT4~lW)?q3w)l(4_VApqU zQK*W;vWE#KXasl|{_eYFl%#N+tA=!=kA3>eXi~~R;12V|vt0WCA}P`7q6P$+meZi< zafa0#tcN6Npcl4q_^42N9nhHx&s=?VY}&liuR%+D#yEZNsCB^kj5>uv6yj)LKVeb# z{wsVLqZL6#L&w`S!!zqM;RpLtE2!kv)G#Q1UXpbFz7;&AG0xgp8puhE3hp$ z^)KD=?W@>3Iv!sA*ZB{uq?w1=Xw0bQh&|!GSr}2GrNIZikC?}GI=Or`{B^xVbxVxF zqj-9UP6dpEs`^%>@CPo7r2luoZ{Et2&t?T{Zd`6bzeGtS=ouP_V}2wO=WImetcGzmok~14fvuR zV8~6qdkD@x(ghj)mC@=>N7JjY^l>zx)1hxC3qJ)S5b~W8U&QOKYu#roUZizAzH;UD1!B43U)q}NUmxuBO6_nHDaT+iXtWl|RfJFOTD9J!|*R+z) zD1Uc{1DQ+)mq_IvnUOG-SIqh7$62pR9S~Sx_AfefRuJzT(ST%qSo6hiHkd*uiQFD_ zh4S|UZrG4A>W~n$sy{c|NS)dJbk}}57;TfDIHU{lJug%tX+yP0&UQ@2azXt;9f6y| z+1iUj3Nw$m-dm>LoUdO&9O#k))%z@%<@B(UT)AzkhGfx|<<&8sBn`EkKk?H!p@sO> zT2vONJ(h&>k?1uNivfXcp0C$CIcjNd?FR&6=^Ko0>^DtJQ1@rmQ~HkCjjQG&(8#Z1 zfODA*#^Q{FOYGkt*s*(XE!G~5MgJg% z5ccHiPFpxdQUdn817xJYk8LS^M_rglNW&Xx)fN@BWa+D{z>Y-zD2D*20=0KCf=|s3 zN;3l>e%eCI4pf_kjs9s)lAEP7Zf7t{nxnthiy`E(-uEu9nG8o(mk1X}<5(O}an{YZnXSSGhcGvkxu?&=YR>a3%w}+q~aa`7B*^CWt zf2Z!&rmy32Fnx5#&)UyjUX;jzjqA-}vJGITHWf@LYNE-8xWIpvHGD|OqFT}V_N97s5I1SPdY&sVn#SC9dlD^8NS|hEd~ggokt+ulL8VNiKv#M@;x>X z-*TNipV<*f@@EMo=Lr`^jPuce~QGg8pT89eR@X3hk6lajizU zd>OYJY#Iu>0m<)v#=Q_e7I$I5B2&euEdms;$PeK`i;}XhMBWEb zodJ4TH9I_a&$g!(o16eAFemTI{#F#;put(!q(l!Gp5TNgq^-np3m-OsF#mVMEVjXO zM*U7PHd%!|qkNULN}-YcvY$vv?<4G!KbVnpx2reWUQ8E=JttybNCdZuNYi9H6k-C3 zh$O+MaU$^co$ST;m1i?2~`GRc>wWAb!lSOt>88n%|z7Ml5`pA|LJ- z7mYF|Vqv^V3ue%20-Qkx=9OdFJ;A=dk9c=+ROS6e)zE5!-ig}oSn{cn1mO7w3!_!? z$B;C^V!gmCK_0_&zuw$Vvx~DJo~Sk}2Gw<@r@$ZO8yeGCdl2 zg%JD%({Zkc_GYTulWBV$=SNGv??fz<9B?ZUBNSu-*CU&&CEjaZ(v^(Q!0c_o_GYz* zX?Bg@t7|`W(KY?7H$sMFD3z&gVaM`sryqbn;=G=Ts}=@3Vck$xsD~gny;TYFetR_@ z5+TwsOUX-QG$KQtVnC@Pa!3Z*a16{Qv@$i&H{!^pZ#f&??fAzaVm6n^6hv)X!5CGv zpRdw`Lvqv0GotC9kJJ)WGo>Vf^txu0LEMp&x&dLIbJAISD>*W64jv|$Vpm+RsR3(x zI2c;aI1B=ZLJoi63iWR0LhT|c22%=~n#s3fYNv40Y)8;LWz zLyYZd-f0v>{P-*n4wCz{^P0!VMog!Nhi*|W^$kMgT@K>QT9$zGVGyKe_CmP{p+rcW z!$iv&ALyS8>)7677l$#t^L6koI$2PHh1L@C%K{`+AG;M#U0*Pm1tp)X*nf|b^9XSt z&Iz2#MzTnF{Zq$`G-Wxto+#NUNr47i@jLOyoGr2Cc)&EI%7ZDLA9>VHw|O)bG9O7P z9VV`IO@4sJM6Ol?|C~gn2e*Qo3rtC{`?UxR`DG^2`hnTxkG3qB*ZTe8%m!Y8TENpG z86_q8YOq(1rGn)~qaJTLb^JMIDT_2_Jg=#7_!6>q+UK9AU&b(Z1-f5dl4se<(bI`I zPj+bD_&tuDJ z?2Om4)U(RuraNjN7YF25_6sUFOllbPKSDy^8?$h9sv%@^{6{2_oEgdW*l@B@XE=LO zB|3?|-(DPsHhHe3L^_qt8l%OT@3oK<-HE?(TGd`vF}42x7AfNjcnR>S$=3viRJM>T zt8Wets;(#I@vqA=7z=>5*HFd(_^f1mG%R3RV|zMWxzefq+k#yBOj4Nml{OhE1i;ZezPo|4M3$)Iwg}p25KFD!auq z-pgN_++H00MBXW2TtW79rxesYZIZ4*MO)e*WNpEZ15bjP`qxGw57MdZWM^+T{^2-rA0#SA*C|Z(#+E2sG1RRAEw|=?aCKMJ zJ1|O@cyZ^gRzRIsHmBHyGYvNMICV8rpv3z&Ld3=U>MM%7|6S8AMqER&IPg-iUuWc< zQesnl6bx~-jBvA9d%=cht$$a}v~qq$5bDC^Ej{ya|AXz-LEiGXlhuw!sKM~eS3Fga zt-%sgCrd*EkHPq&;?f~cH&o%x)c@Qz4ic}?r2r22jg~NIX*=O--#d!yFrGNJrxmr1 zmg#r=(jnzH*Vjuhs$OMl&tV7-y@GgmC=!R39hQ&Qqj8fi%_6{a)Pyy`diKdza?lTW z`S5pS`t>soOVkl?)AB%=yUlAE>7Z%4P&V|<8uG~q%Q$~JBAU*&Jiq0*0llA1ZR9bT zL_xul*HVtBLjnD9%useRYq|v)|I4MwD~!%aA|Ni zL_h(6V%W*BU<5|l0NwEH@g;g=v*UqN7ARpYcW&NJ{wH_9_iYB$&c7R)3IyE95S|+Q z69KiF2`FQX)vQt_=x3rfJ>$3{vaonWauJSk4k!;Usds0nIdSk6B*yg=_42$`NVUfL zX%e_X_2S)TBv&Dkw$@%`pFKI=y+wg@r-d%CPYHlu6p|`0x)iDmcvO z=FTDXZ||k{Z_ZHP()3P zs&GBvy z2xpqcLB{G4kYyTQ!3eb)1U^Hy8YEkahEnBOtO-inZr3{hoP45TSHs1xE#M(ZkZGyV z52Ruf01OiYI6J!MOQc?Wv}si#iq9}DZJ=vnN$AYAe?g3`kQ5H(*vBTb#E}6aY_0;Q zJ-)@jMz79K$kt20E$S8_S+U>n!}U9sf5lcqiB^7yo<*m+$=Sv<6tswXZs3vbpLj)U z$^S8~jtR5uT549hGq+08xpk{GI>%d@LudjcxABsjojE5e8kqBx_%%d}$7!RG%Fy&^ z@zfy*z508YJp#a-VhP^S%?ogeMGiTP1Np8J(P9L&l5QeBG<~DI~eOUBQoIEzjcvZI!+%2bvCH$aWd0xQ9lJTgb1obr5#XQz&R22ekl8hI;_sg!E75^4u5 zEZ|0qtxoFepu^6)2heZjn^gvqRxN>mxPZY!W-PL#r3qX+{v(vGyi)|28_Etj3T=(^ zMobKF7GN+MuzEt0N%_8U(*zaKEKoOP4U07Hj|dev<61Uv8girEi*HPOl`*fpxE%WL z_&};`P|jx&M-Ttxc=d|Z9niD?wjf*Yz`yRqBVV*^o&k&j`XXGcY_nI37}07>%4J;s}`|<6`C_XhP{Ojn~AiOf$c<@?V(x z*O!4QAg*EEyvrFY(PUOZk>kcvo+pJ+0Q?EE(ZHO6=@}27LN^zf)?;@+NS*!I^72{= z*X$NJ{;y(S7&BmodkkkS0c7RrgozM7P3fw4=;rp=d@X{ZeGdpeu?Y_Kup~%>(9`~( zEW|Vtw@J^#@c$O!(WS^3D;hxTZs-4XGBiZJ!`!V22{S-&wX#ri;u%KFe&M+IrPBYe zNsOpY4~iPvAI3UZJ>>;ZGhU=$WBpVsx-t+fUct*l)7JN?UpNeb-nsv3=fk+jl?c=*g4dJ{6f@ zW!&!Iqfs~>NXy&oUFQE2rI~GRY*kq#W4Br3loyV~2l6aNN%n#{=H8{PsUM1-P;L#v z?9@LtGpk`EMm3N0{<22kh0203v$I3^fUrMUKpx=ehI!b((+^bYZM%RT6FGP5X$JpI z+`0cS&#r~%7q7PVSExl{B#uI&ud$;rGIJ9E9;iKdojOM^88yME0pLh2W5pdV{Ex4K zsyDZvQIzYx6-c2Lf*#-aeWC`GxrED_so+-VMjxg^!D_f!H)lYh?IKLIXRxU1RShNE zqU5nMwi*P~sO)#l5un&d;6z^XGR0lPpR1IzlX?szkop=7WuEcEj|kr&>Us03vFPfL zk7WcQrHcopdE{9Gqym+>jEL5stg{|JzN7{+m|ktE!(RRELpEQoPzjTNd^PSzKX}5du^YU>l=wr5$5R*{b72hz0rh+!I9oy1Dcc{ zw*FEY_&GMmg$Hjz>6V|$Dw-X^+tVQut4B7gFO}|DW!~1l*v;p6cKnl0WpQ~P!gSjx z!dGiWg4I*NW`83bQYs32Y)EhJ0rk0l!>#vr$&OU1IwshaAN`y%kTie1UK~LDa6LK@ ztREL)H?R!+01Fy0-xgHg{>_2Q`kzSusL*1aqLP#!*pZ7jjcJhzO&TwyGs}r==7izd-iU|ZzZ__cwauM@Jmfb$Xx*G zu;y_k$+O6aO(Skp%0qg^!02F?G)>(PsQb6_jK4{ABuHy6YZ#mZb4!vK%z$y?^E|m)G|DG=z+c0Qpbe@MFP3lb zUx@9i8V15jH)fZQNJXCFi_SJXHow3BPn@9@asnF`#KNF;>I-3p zsak`0*3ro9rf%S6$8iA8_v9`2ncu}YtdA5t3aY7RFlndHo^QKsLf}dZJ#JTC26itl zcUKZ!_h}$l?E6uI9Qc~~2+%9GxJv_2Se}OjDz0c_ifT|kr6}r=f=1Y4a_lC}6SYbY z(LcJ+vf(55DA;Dc zArhqg(AaHFP~~S>6KU)wAygPB-weij67KRSUCS2>C~|Z?q?Bvj-vMZf+s?5jx`{w< z&h4<&*m0EJ>@u{gUG$jzucngZc3jQb;aH*#y1TQ2ZooML_CPKerO}6qP(iytgO=QC znz5irO-Oqb3X{C;%G|s7i1N^eM|Dr*C3>)e>r}1AsNYL2R)~^{LT5a$<|!L7WuZYr z1uU@PqRMk7pJTk|QfBD+bzD$m&)&P%Ii>$hCI?{UxvTkbyRirRQf;x1#Byz!vOYNz z1nW+s_|LDZ9udiCqla-v(duYjtTl^gxEXIH^fYZN1c32Zm-N3Ag?ToXOVYosr&bmL z7^RFuzU(wO_xd^_wL9RYy%Fn}V~lE<|FQ(@qBl|u)!8qrZ_16?)`Ly_cOYm}okSEn zI0!n7z&eZgoIg-a4FjYKh7qx#Oz%F8IVUq%UhQJS!=nf2{Lx`OH$oH)A<3#1%U@ON z#yl*Ql6-80%r`iPcdEL*rbODejMI3rbdkTQdK6nS3X?P-YB}d zw4CQU#~(}oN7yskB5>|>C+586YBs?j{6@_36~;3xAUNy2pq_&9CB(>Z;Xom=T%lO< z%su)FDyv$Y*9K`K`)+T100);VTghUGdd@E_jbarI1KVQ^jUWoT>gy{_Bp*xui!WNZ zUq-=6W&wn5Fp+r~E<6TkT)@-+D+*SU0fn*K6KbPqU(U~?^`svymjUx8QROAl3bZ-3 z0hz=Eb1Dd?-6K!5YgB|m>n1FrGJ9utAW}4}9`Bk$=9WnTDCNm(c886EfA5uiG`+`^ z=*HhsTOdVKor9*F17;tTUi1nM$Pe>oh@AjCK*YbB6Mm;9)Kf4LvEcUJ9=^z6co$3E zt?lh&#Iq3!`|;2IYW9-PQyqyz=#K^h1A16Mbm5JT zI7gSKgQ6gkV28t;?mL@1D}~GnU~A$Q+*AWN3nG3L)w~tbf+oJ7W!y!~{?mU59V$c; zpFx2F@+ABeo4}l?G;Gas`A4>4CjYuX|17^^XJRLbGxVfQgUEZ<5>H%&iM0L8nh^^p zoKVh<3P^dAn~LbWMVbdQNB9B91WQHY?f`e1g?VApvhtAt!MoJVJyvop*=|@9-?{Dp zQ_qBL#Y0s%G!g|gCm`B6U66oTqHGJ6y|@Pk#=SF*>7k+e+W7|Lw5zJpRh9CyVKI+h zZ0|I?$9F`$Avk$|Y5Ee1tJpgzMGCUi7oK)1DrK)xOs3(pH@IaN$p!aL8iC9jk&}-% z1dwLbRF3I+Lmsl-cV&Op*jCpz5@VSzlf6xq z>rAcePV*JbTc2iYFcV8-So*@poEa+C98&V>7EzJ;uirYbG#d4JdTR={U%}w9F?2nx zSc2-4r;#P(Z6^>g=zD>xrI~w`We;kwC`?sNchVB#1>+&w;R1cV=&_19Q(*BEH)y}^ z)R_qMzfRP!j?qvphp>v|-#a;gzW%`rS1Q!>xc?~<0&Y$npsS0pyKnA&^J^I*r+d@= zEE!vTPEAbDY2`!&iuBKW)aFngUBcb#L&QovB3fHm;$45M(HcDT=MIi|3%sY;Pi2TC>oWTQz1IZWe2{%A06U#T$fmJCFTOij(B+1^p^xOQ{Mr zR_H6r$vo+rn>ChTu|L{15?K{(2;FAN6dzTYyEuVIXSx43M~;=E6K5ofqDa*9OzWqb zPxCbiB9@+1&pS-6bn`@h!A577C0oK!cmTtw87VwCTZ-2?d2APue7|Mz!p!(5EyjCD zTa~E3+Qz$9cA~~+o*Z!Rc@v!Cg5qLQ?*xeCkmpqQG-2M%Wo8D#%H(G(x zbjVsQ?cs~~`LJxLkMP-3*^2#qUV77v|I&U3m1M;FgcJ}r;E3}WEMKjevHtTei6Qg6 z4{4iR=2iXunJSOY0^(>+W_hZIsbOWI**HI-fJF`**`CjGLwqNgv?qEi9x#O*5(kmz zHOQO9RC#gH6en<0uYG?u!@?+=k&f~rSB0H3J1oUDik}MM2Hg#)caFs1AL2)yfRXwn z_}E#ZQ4(J3sf4`YAdP(5Z#7{gxt^s!aewd2de&dgQfBSTA>5Ar?OSYKIcTYiH1VkA z*4lh!0=UQdL7@aP(LfbrQtc}WU>IKyuuW8tY6)taQN2HFqjYYY$>mT(Np3whO`Bv2{3{qJltLvz;%UJuO5EX^!35n()0&R+l%X*avHcNa@Tf^6Nu z{bCHY!a6*GU0HIYIV=LaW$z_B;@20$PeJABbKhK?8YrtLKOmHQfv3gPGpYKp0K^|E zZUVdwfDW*@=)R<(dkd|aVz;rpUyoZL{tvI*89aMA`v!?x^TQ|$PUBncKM7_Xd0@!g zgb$n%uS1Y^jjR^7dKtP>ue597%%qr6{#&xM>rk%xiJ!0NUZvIe59=8vLtP2k3pX!f z-s*B4>bCP~>Jl#o9~l6oPDv|zu;GeSksP~W9-jPvFD_@VKiMI^f;(w>vjF@08f&?@mz zUN8HC?W@3K_D*LyEnlb59i0Ek0a$` zLwEj>V}b-ic*a`juOwVudgPK>74Y9=9(aLnXmqM?*ns5P*&&*1NO4GEi_0b!5qpyX$2NK|m_V zn})&^%sd#n?f!jsCL9G-kT~jEOk0Ran1e)lG$CAgz93)f6>eRR%M!!1~cCwlDRqmvoZdZ z$J&t1>27DES#!2LbH)5wGKa$2=Z?oU1UdxnmH)<|hftGGceR|}IUuP1E?!Kr8z+c)(3xgG z!CVFqfX%vk50XUKs$&hh8@zMHr9;a*mWh+j5+`ze`9h4uGC~$IKQoNBZ*R$uo?YXg zPSEw>8K$ONL6)aklSPTDS)x29KPOlh5pIi3Y%C43e!wX{a8)ydeiMO7RLkgOw9QS9 zt(IgUPI6VI>i-P2@vsTlsN}ar4CF$XPjD6?4-4YduV)Q&5roE@h_=J&v{WYlriDaT zM(Cb*Xdp`hM!bm^?Hu2(`z%cwql#^2o$967RemIgwfxB(;b9r!H0j5fW1CX+RY5{D z#%3wiL+9r+bzN3H+ptdSO9aDn(u;Uvmx4-Ivls zfDXyydX*j(-IR6l3j2}(U7JZ1<%o+l#%;-}#I|UD+4Q(;a$Lo_rI`ckF!L=QY zGS=ALL2oEAw^UD)NQ{0~%uHs)f-fH=M!N}Hz5jT*5V$dlbe?#NHHfYZ%Z2w;lT3tU zq156#+Q!^RuW$|-L9H-NsI59v{q^{F8$oyTo^i|0l#?m9xc`PVq!<9*!-~ zJ5XD1oFlgMQni<8aN5!@yI)o&-cXD+>oN<0-xQNSxfE;?S++D@#Jr)I`9L%BXv#(M zsgHZ+XRZCs?r4_rym>X?iPN{8nF*qCsVbWk7eK!$9&||?m=l0i?bDXp&34LH`O(;b zR|j}dALNcNnTTFwgb4S0A}ylwC^aLufWXSZ;K#!GGgMDmniLRl8T7aC zmzGi2Vc@5zF2UfTpl9}WTgi|&a^GpgcE$o@a_@Xe`H|NAwB~0AJ!S3c^#sE(bBXd> z2Fkq6o8HnnbAkQ+@;ey6b@Yi4MyYXx`+-7SubEZ=uwn%3zd#DEYYwut)jpWyoXGl8 zF|W4F&1lF4>e5}HB1fnQ1Y%Ta<9J4pV|#h_#ncG!klStdXLBP^EE7D%E~G$=(V$0WU@He%}FbP(s!Mi!|%we_QJ zrJ@9cWuf*&RShSU{iYzj%hSXfXcJ^}{wZ_zIII_DOZoh81r7`}&gUXTy*?LaefUU8 zL;mA#O$|Q@yhohIWNM!^FsN!i_x%zc-Wb2MaFR@gMDG65Xx_jS!kW6ow2R7|6;w!6 z3fQQI7{U&vG9EZEg=B<3@{EwJ86dK#WvKBWO#TJ))$Hcj*=vn{xCo0`H(j0BCW9}~ z_nc+2Dn>{foe&B%er&IBWoNdrMcVb!g?j0F+d&CbmnyCZ+`OAb{I3tDX{s;qdP&i2 zX#c#vAZi0+K4vc1Ot%oem<8l0If519>NCeZw;)LzbY9XHQ143_e0~*wC$uj!}I*f9xn;qJ%ij zJo}}BP8EWZ5{(2nv@MGfpVgG4E&a7i)G7!_%a}9B=&&NNuV0+ZUK|}{#`JN}nDZAA zryfsRFV4;F_odkkUIt@zcQ2V6cV*fd{Ys?awNXToGc0vPwp#YVl%_Z!VP2ic;+%wd zOhhOpZ$~(1%=)z_b|Zt4@Z69lNpo!7{SIHo>+Kr*rU~yJm@H0h*0yQE?3+IxS;f;t zuxHi5)+nHDx_qn1q=Jp>&UO4rxOIhUUUOsh+ZMk}6Ejr#9AjikpsXm1XV9C-hY?;%n>TH7QGv9CfLycQMH z2T>^n=uZ)aO{pWxhVbRw6BtqNWZ8rU17&Rl?K4^Le-_al)5xC%n|fgcDWoeZ?R=r~ zpo}nOxVo@Jc4)zMnmhP{`c5 zF#UO%yC%l9c%5#YaI;!ysH%DT=|dfW3NVd^Gs}EW9ZG$G#)s(fi#70wH>5o7shmqT zQRyCt{VBO^*4XCgpaRhr+S9L|Jh+eg{^Zg~%rZn_GN_*0^kyyBX4#ZJZ@JU7bZA1q z#&U^4ZkqjmQdhzwaTGs#^SSJo0zl+=(hd3#D;$~R1q3C(fBgW4>AUmIQ6!-~=bgGG z^I}Rs-bU?JFs3!0{T(yMLn?(c)4gbavCt+hWODz^o5W`G^LyjoPZJv1;Tc7+rP%8} z`A|&3FPI>hL*KAzeSNNAZNGKKauhG9rJAj4(HSRfk<8c9f z1@qiGN>jAuy74QL)4Td-N)iZp%=@YeP@EN__#Nb)+S`rFJ9ig=^zP-t%4yH{eU1lW z`=)({gAU|z7M5jO+N$3>-tf>80%(Kn{D3h?836YsU+6E5jXjK_)yq>=Gu?1L!>*}# zA7=t%!@Rgc1dU8r&We!)m9R+cq4Hh=)HM#gg{{q&nc@Hi4wX1+nIv1}w+hr5`3T2P zK??H>>=^g`BRlB-yL@h=gNEvZMs5kyqj2Jk-z;)Lwr}-2Sa6Euf%X|rLXM@DU~g2z zG`GfTU1>}6)VviN)U!-9(QYACyOIQ81%zA?3lZE{rOney>|By+nFLaL?s^M?x}@q} z)9X%0OR?t9i6>qy8fLdpSr$=>f1{e+f)K_pb8q}okc`~Z)$4+DQAl1Tu)W5r5e1nC z`;d7z#N%ll@gbs<>H0(D7o5&95(c5RU`NieoqnB3P?k zwHTU@H6|O7P=~YwyeGpyF%d(g;7ZRe)xM=It8y2s!QcVfKAg^EMRmDTxPd2CO{7NsLCIgk1-zWjg>!k=2?Y*22@SaVyja9MOv<^n*qN!^}7^l}Rk z?rDt8b?r7Rz7+T)C-T=N@Id1#qXkm8%n|6YuI_=A__^UK-um{x=* z8$Lw#%Rh(sM$xb9+J{!hIKueAD92)YHB5Bs2wsu3zAUJKa|3J>n3@JP1U=67?7wau z?N8!k-H9N4_9t zH*d!KTN!bku$(Q`cV8hs1FF0}m{BMT=8QTl`(>{n$onEPQUKf&{cxa~f(t^M)S0_o zU0jvhrIaGvGhFiNQF@T8cVA)*tm3Y|konm83ICje#(;br^Ik?K(CDdt-^`yk*qNp< zb5-+ORGnb`kj-Rsn~K?dR}YBTT|MA%kp9NYGgSob9`ft>&=_|Wz;Yf83iu2=Rp{!` z*oS8HMH6O1FZ-{LijTd51vsBW)R^=)w^^Sfr-X07xSXD88}*J^DYGZ~EDza_&9n=A zXL51F`Ns^z#GPQ;trU=(s8PD!Lbh^x%-WA$qog(g($E}{!Uf{Mr_n%iB=YHOuYiAO zx)#LNh0F_xGnJVQg24!vBuLB~M_Q4Wt~M7PSNHDEr4V@JB;B+Q#fmCymF*8`32l<@ zA~fcwFTX2QY80{WG^RtOz-%~ob2O81XLl36D4K=JK^vinef2PE!&_zGGAW}>u|Jhs z-(G`+dGceasrTNbVl1NO?VkTDX4Gh9M=Qy68rYF*&U-0#J+Np<1`7w27A(d5Da`_( zladaD<$p5yU6`_mi zU&Ux2k(*GuHOmnDN2MRwMruXKs=nm(i&D>igP-_&S9O3^;_-qk*SfpwzNF37%{{9> zint&`h7qFWP#GJ^o1wGeCkyBsMV&JGXrw>w;nCLXn&m*GI3Q0#&7KP>- zFUsP;=rYSmDdhTwM3p3R77D;74H;WJse%kOt4Bizg*R*5=tlwtZ6WRpOzrp#Ux%BP zL+a^WcsDQMgc0|&YWe!Ak8Tj0gh=(+>U{~F$ z#^>boR|Uop&q@)8v*3_H<@Od_du&)B{qS;K89VJXy&I_W%xfBNmx7936CaCPa7*zL z-OIOS*Q1n18a(Bo`i7nfox61V7RAqxF0;B;7jKM+!L6Uuj|nKm2(s7mJ0Ep5#dEm7 zD|eBImL-&u7h&(|lC$6usEpebq|gVrfD8&-7jN5;uJZ9I;RK#ki#1Ehfo?D`oT=64 zC&JTY&D&R}XUWaaZq}Akl^g;~Lq3{Ux1_HaMfFQeRn{3t?wu6Z?Q7d&5O_@E<8v4I z$S6_{^8eyB1ei@EO)WvEuH4wD1t^x8J;XB)$B7|$z1)hHpv?3NRD7_S@4e;+ej-{J zt%e6w!C8I?%H0mpgOrovkUpp-`l)|H8y~p@?r+JIOXhSWKp(zNel%%wv`+<=t^JGpjU{nqdM)$T5Q zoWH7f-p}*)2=O)w^jq&QanL74QR16-7Kxr)sJwSUHEQR`{*J?`R_poysxIoL??e-^ zy81Rz5y}|tKz8}2-a5AwnZHuI53iln6?GUPDEmf5znHF&C{sJHW^++W7t6W@TZtEWymw@gwE4Fey9TYy!H;>ulpkkb6e*^9B zQPj%7Z~}``G1sD)7@{3>^}hGK8Q zzJ&HHWg*=mjp$i~bM1|KE)MHQa2#Hi#qHxos@++M9o)F$yO-I!i>sl@7npnNUJ9ARwnz?=?bK-Xx9WWe;%CC9d4;xLL| zT=Yom4QWC4Rk>}JkWRqFGc?yy*P(`M^|Gz<$`TD+!yDQ*{B%#`5)gR`0D18E8Vi~Y z4$v%YZ>AN&!E2W;Y|)J-N(rtuTNj%*)T0cgQ(laZx1(88vX?`->s>-8&eX7u@_8Fv ziWFjc0l$V3e)=Q(($fWJNguA(gJ-N0s}$6gg4O*xa&c*weTbQf~*?SpZ%530WC}=L!a2;W|oAqJ4^5))3+{+cIUty@rw3=bE_A8tFDsxa(v1G z6BdA;c)b`g+by{zZG#Et*iB~3Z7aiz;+zv|tsIs^>&Y)Wx)?PCQJ$nD9i$Qu$cwfx z;eQ=CMO`SxbCrx%)95m*z;i&owJ^g>Q91b?y8w*a1S>x5H57}(|Jgm%Pq#{yW*iuj z?kcoY|KGY3!i-{o3A#!slwKcMATT7WiXo@tE2gm>!@KgQp^gWH*h?~qcsq2#ft5^X z^jYd($~h{ZE5Ngw1tO^Sxqkhh3lid8Z*&%Bk&O5K@3v7I3IO;lSw_?r7*4W86LK0U z^_(Qw{kk@7!5?F@&i&qXEGrRN^ItHHC?bJA7*=uN&qT#M_6SOoxFi7ikE-dOy`v-3JNRR~DjZdWbiB`0{Yb*Pf-Kv;WQ^;aa zoHia9{Px9*-X0St8}eNgNIUD6x84*B!mlHS%{Ua$lAz3}@NOrFSk+Hl8qQGuzHiGT zTkDH?1<1~2TKv)}?oJ*}{t!+js zBp9T_=V_%DvY0Ip9^OJF2>sAc1i<{68A&AMA4 z{&>f|%KUrwnV+=MpIQ}%Yoi?)^^tDU1z_;(aF3MeC7l%>_>o&dvT7M%^m<%VO%$hp zLaK_=J%I~WxR;LpUQl7%REn9g^DoG^C>B?r9amM0+mQF9d*g$JB;cjic1iDkh5u_6 zV5A(8lkbiA6LQmQG8XA)#Y_ulES%Ii|8~=Ugszwy!~qC>l|Go5!o3e!r(~w0u&-f^ zV`M>nsTH7oHNBfQN4WobhcmuEEo^;(eW?ij<%XSP2nEA)C)B{dG1jc)7x0ov*_gc* zDdM_4J6My46WZJVqhP7xMV&eLy*$OM_I;d;4nDsnrNCXfJ&ylbsW7Q8Z+{x;LZ*q2 zGakDqXz2_4^%dY&2Jnutki4Ph2+L1;piOkT#zyAZ*RxC*#&wET)Xiyw2UHM=pjP!r z&4zk%RJHcyqv-%zek!Go4uP4W1z3qrne+Nt-=d<1HU=lM>*OuoE(=Sv0-Z6yWwRJ9 z?Fml3q>B_GNUI?cVdRqdB~qXG3f#%TKvBMJprX72Oa4;?zYs5mEl!*D`fJ>7OFou+ zOzdcQy@Rb33rTHVcerKDDyNVg&61wy)5fqipprJ!4qfFP>RuxTaZ>JIFY6wpo~ETY zJLh8|bI_=Vy?JSha3(pspwe_K$ZnjC72%qLo7=P)|BjM4uI5H}m3eg=>CuV*SPk1w zh3sg)CeqxeJSqd7+XCctQSddfZ|_!Kd8EdsRBlr04;dW~#$)cuX1V;Bi*cLKpP1z` zuXX=SgFE$1Bg#9hngiJoGFtJ`ym;@WoW~mB%C_diwKhP)S{6ETEzGkGa`%!}ltzW6 zvU{rQn}T*7i>o5ePP&B`y)?&g>zR(*vHM{ik&<5k^_scGj1O`)l{ z{hs35sx#*T$a^_o5>QIqr($Sxm>+2MeHBeML`hu;*S1YEXkl+H)C&?diWJPnznEJZ zY;Ex(%%Z%{nbqHlD0kRGrK}~j<;EVn^O?fDfwZqq(v-)E>u3pGp0fO%oZ82++9UvV zvGoZQo$X2--AJ!*YMOInxv;zGxO(#RILoPfNi#cfl6FPX z8r|PPu`#9F1jEfxMY*s^EA6W8Ek~8E)cH}>K1+yFaRy|dsuoU$VjWb&0UE6NX;Xc8 z2!!FKR~~Sjix~5vol0EUM`H0#9 z?k(5qN_dA(g5u499}iJxOiUA9^E7y0oxIrGWeY-s8x~O5VCoI`k-98!{UO)DuD`j^ zI*;i_-2^mvQBoynn+^!gjKXN$i!q!*Fn$rRi-abE;HaNNKRKHv51H^yzh@TFo&uJ| z-s>)It%n96>R85FGo5M*-WvoB-ubf~jZ8ywUG6exzZCO@pJBT9eOsBV()rdnNX+8QW(QnE?zS}nB zTaHtP2Xk|B=J{tU;E2I`GcLw1Oc_6|{5hR21iqx^y{{v7j`H-6%}(6=J2%E^hUhE@ z3C*}k&SYdrCOE9)+?}B})0!ldVs#V??jJWTH(``^0QVu!+XBs3d&set4NiUkY>~S3 zV9mq$`$Cl2;7w9&FS%IdO9$OR^kcSPC*XlYE-3owTe>|mNJ`a=SR!#9uUV~M%}aNa znD6(DtXH>(RKKP=ko&iDCGjcqr+FFPA%pGzxu|JD(uJ(eM@C6U_ljEIjp!&^xO^@- z;7~`J^nooE;b8o%8>?v7tLW-BCd_ev>co&qdq*&>hd|x-IpQ`gv3Ua5f->#!KmoK28UQ?gm>mD-D#GH7L02+0PjN)0OqY z8TvV7;@yk*2cB0Uzc=h4Ba(bC@kW?1Dl<08IAX#A2`PVb(^Zb19hs98xyr{IWl%95 zL_%=^I3dx;%SXz~!wc0+fbrnu3o)R&D8m*OR@#s%6bkG5o}og5h`E$@dbs@x9@-9; zE9q#C7(8~IM)%&l)xiKB+UIt0OAe7BZDeRcZDIrWXjraI&N^u&!Qup+7ss0 z!Te^ z#v$S@p@M@8xB@? zH~>4!kGfMW==Hz$OpFMzVWv{zBXJTGe96{US*N-P>2r&0VIi?`_6*)3zebu&{EerM zgN!)Z%LEY7ox+cc7T`Sb*|$lkSPi1YOZDb(wpbC52(>D@Z9uO%^(kcCM;)FFm1lgz zRBOlE^x}x~IQEWGZ;DP1+>>?{duGLl{ofTot~9*T=JV@!9v50cf&>n_;POiU;*=_< z;eWRh=|R)D_x0Tlqjc7Fu~N<5-u~$+#qe6PX1K@c6E}~tEZBT>9xMNoDfBK*p*0h4 z4dve)Q%+HdtT(It>CM)Jd+BXl1>r|>spg&Z=pAFM;iEtZJbeqoT6Rk@7VO)YRZuU{ z_MCF2ZLdJ<_rv|32dMm0m`{)WUD$ZmSjhT8uAjw`z$sTkAt`80*gse9rJ#CfH3Xs^|bY5hObPJX`eoZs4v3z7#gEa35g zL+ul`E_l|;Ak;yhY_~bzrIPQZ8IA>UX$YCDrZN2G&72VEG1f1oLHh>KkQIb0ZszEI z&jV*rmGc5QI&&02(~KnOenbqy+kW@7C$J$l6=Q=%cZ8VYi}BJw9p`8Z;ix7t+ihNv zh{y3PNKtdYq~xs$mPn7F`}6r`$D9$*G$@xfdP_@1*`?Ak6%!%>Mkef%eSCLYl+b=h zY9YzprL48Se*Z4K#ba71KC@C1>f*hd0X&EW8!?#NB?w&*HM`3XnFYZ6ODN>kKQ@R! zgb5x8MqHeYh~;1w9}2)~`zTImM49Y54G{_RHuNTqZFM}{^D31mAl6iMmW2RE9Y`d_v#x|_L_X(=u zPH?(u8`u>^xUDw<3biG*07~ZN93JXX=1Zwo`&VuvG>HZnHe7*v3xQSv-sCc;!+Wl? z3P1kKQgar7%;IQt4j1Q=`9~RY|j;O@#g*FVCx6Bct8!Eobp}cAJV7 zVLSB3=7RCn#`yZnEWfkToj~5^{wXi<{>@&6q5K2C*Pko7Ia@G{=hh|&|%CX~HQex+kY009e;U4%zn+k<`R-m8{o-YP{+4U0y`qCO2K zmQ#`N>)|X?hEXSPB56kwKgP_GY`<2{!2}I4Lop(A%*yNB5dfRN21kc-kB;0-*WdGQKW7W_X_HcIQ7>Caf@tLqC))W#C!$f$BE#Pz z6*)f!kS$Og@xXo7%L#=^qGR0FrNSi$583G7Z*m6Wv;rdJKs3&)2myjQUovDHON$3nQL)#>u#p%l!ui$d(; z&5Xfl@iIIwYM#M8;uTQQaK# zbC~2`(HLTx@O?7Y#4yy_Lo^T~0zDfVer7J|-aAb!7ER8(zb&`%MCb6<)^JMqLLJwV@_HG)qfF;is zgv~ZJIKZsODlP{!8(cJBTXLmh$XgSS-4O^ zMZp$@vH*?j(9K%5c#L47pKUhdZ8(8w3!KUsbaCS*^pqz^Oe~ zj?5F~T_MT06N%ld8!sDQJZjS>iVlw(s}6xmKf4CW|IsLxGJ>~Reu#e+(V&NWUOc>8$)_<5@q)7MFq18 z*o26xVzwp;Kul+aA|UX_zJ%6L=YP0LCt}#tMNo{5n2D?76RY-RCWaSKCzCJjk$vB^ zSJZl7cy2Xv35(NPjdysxl!icpC> zGBX$!OKaHipQ;HEy@Lt9)7-2BI+>ESp-``}E*5C8j$Mo)(%pzOh~K}KDmV3>j4kF~ z-vFtx1M1Wz0Q1O^9v=3x7N|9$_}^%*3$keQ=GI!>3EiK~Idp`iW_aRl>w25_NWIhW z2Y+vyzeh0%-RJtcH2b#(#d*Y^pTlCu#Voqih;oR7bCq3!SUliI^cA3!{Kt3x#=1r?Pw)|-eG_w+K|Ii}-kB*R zO+yA$UP^7Q2u+B?dc(C5|4jOTie1x`!?qnMsW9H#w)kS*Sh}PyQIZ6)=N0+-aNC@~ zWMQPFo`<|ZI*bT}Kk-Dpa7|^gpcSK%7)6cfaPxSqZm6Y6(!p~M zoSRsIu~8-_K=!X}=@&wJ9wHQ18`al8c?$8`6IWSBym=gt$&b<@SK|FI67A@r^Cg=5?e&55(6LLzGT?vL2>tb|iUOf?!67|9r=e#a&gDn?9itXl3v$>WI*l$97>?@aw zZM$vvV3Gbni)WR~4s z9OugtL>GXgL^SCer%i8-1SEAljT(rkuEu_bOVB#!XNSqvw-|jMhtpj04h$-9(i#B& z>y}@QbuD%rN7q}h1x0m;vFS8Mdt|W=$VTZJJ8uv-=fsY@kPH)H5}BC(47Aj&WZL5;#6n}R;?b2lt7-ci&x1H(pXtFpvxuQ*4?2lL!wI% zHH4ShsP8#yn6}O|zVcxKY2}jYj`JmubZ*xKyAQdPziJg{=-n99#_lXL2xZ9o{R>Vi zXF9c7w&HW@!VX%{-n$;_Jg{Vju`h`ktQuXA{5+$9@QH7N$vE#U&qNaBnVpmtC+&U^bMF1{vwGdDCQBB zd&1qjiVXiNeh8f8KXTtGf4k5mj$M}4KYJ6U3(^6x|kY@<{QmY{08ZcBHL)+JTFJPDs#fLQeX2Y)`g(%>hY11Fu`m(K z2d-R{G(m)JmtzS9^O~I>3Zy`FSM!|t41ozvr~CH7$!dl%@vIAX9)>>AS+6V5-WZun zIGRF~qj|q6Mh!&ta2+t0nAENK&5RAd_JKJo z%Y6o~LdQ+}D-uD_(#1MQ$aVY3YvYZ$4_3$@PF32e+@P(peX>w2jcmh`p8F0goIOa- zF}-S?rd0utti60aM{0Fc22cDFFS4=y- z(e0xaT$ZYZdbR|iqAPs{T}_EwF?{?ue;apH1dDFzynqs?gvwSl*rUK6{H|W_`wAdO zXiO~jnbKgWe}$$XAGm{huJvY`TUZC!v0^I7t?7yX?s|HD{r9SZrax+w0<{A`^%9=w zUDCLiXoYhF?C1Y0g_AahvfcoW8bB|hWk?KFwrxk}?|*-9ZY6Z~m%1SAsUy>WS%G~e zYcV{M)8LFF$_&YM&%6G3<5gU$_mO|5Gg)|003nkJPg76`6J@C}L_mtY>1NRpnJC4o zp$X+g{o8`aUeTpu?U@7{9K`PScjN=6XgK`9y0y6tslYUw^etd_$uv5P#aEXOc1opj zn9~}u{(F5?BX$*Od&T^eJPDp+rsLd0JFt=mt_ocra;`HxWNJ-SE{j>};1DbrUMogC zk1v=3?x?2paPSbi8l=^7x3l5Y@e(q1K})u0*r-sh2g)xuZlT8w=UOn?+b`lriwjIj=dZlHMr=wV|z3#8;sU{elshs8n{|ux3wvwp1w4Dc}SLD(r=Z>>!Qk z_^6-a?X0=P!Gr8Yt1&6D@NGK_AgPXL#X8Fiun~m!E~vgBM+<*h=6HqYw+^dLsEpHJ zsO{Aj|6Z?i9yv0Nz+d{UDy)DzT9$yYt-O`vBuo0Z3#PBXp_1w?cngN3GoFjl z%%+2%@aBVaIAh72s%2Z0arKjz4$`~;^H!W78-%{xDT#FA2;mvg=wXpeUpu22`C3lJ z7>mHt)Y%>T)nxxUux{#}g`w)cKgjz;9%w)DTYMW8(um%oPX_4zLkNtYuRvC9)#2M4 zQZxrrRol98fU@4L0uBD-o;J}75sm$q{`oH*)Wu8B{uGoWV9OVt?My9g%g(}NyhGagBAa6yxh8zdYw97F@-z|;m|SD>1Wzg(6LZr3 ziM;U=I6%Z5DY3YIvU#RG%kHKRJnV6;oP$8FHCf|C$0qoWAO-wG`H!YKmM!E=y3S~L z{Hy?-I;>kN6_%g6>nf~cw#4OaOd|ZxU+!EB+S$QfEu}MJ6$=d~CYbT3+jvP6KI8^t zqZ}_z-GZd|WVvo=k=pLeHQNv!_TzW_#%G;~v-Qldm)1v^CKnMLbWX|+Y!=zLFvfX+ z-zua&c}Klfc9=yig>p4i%QmLeMsl!~jt@Q#;IKmir;aLqfOJ_L&oYQYVN~JpNwnR_ zS|j(k+MAh1+j1x@b>CTO8wZ7bDQr|YA<3|0dn82^?{7rISrW2GKulU0l34N|vgo?9I>wv~zU#QX zkf3u}9VEOfgos>-2oMA*_W9WWq~TAas(hD=Ho7>isB?x#79eWI)@A;?74+nUD)jZV z{DunC1HujUbgZC6XzoMsa*q0i@|%M7`75FFDt)ZnGyJ^P``HVzc_;h4=YqGH(w-8W zdZ;O1^Ov!OIO7Ecgv6sd7z!|bgyEMX5fLPSW{MDu^@N0KGHuaUwps)wc!+vvl+DAb ziG>>!kvUOJ(W6$;&(>UQ^RF)IeCYEY9G+@*4hHTX)Ht2fE@~Hg_ zbB=)7)3_>EyrsG9rz>0 zj|pSDL56VQDaCbPbeua+=_9s7e`WpXG2|vUj)K*s5L?RPX2BAWZ!Oc$fvFASrJ_=hEM(&x(B5`w z0(d2UppmuQOT3UrAY~QaU;qk?W`%~d=$ejSq_`@j?cge4+p~FECSw$ha`80-+=MDD z?@d_cq{2soAg7~(b+IU>TKYRZknD@5fHlmn$>odn3dCfhIYfRZKIeIL;uPR99`_&G zk6-SlDg*N4DwCeoc6BRt7IL$P`GayPn~bBnPeagPBZ?eL7XwdnX17S-I$9Th4$b)! zqctA+lgm{YwA74v~ z92aiJmN;*4F4PJ@k;L#_<-R4HRzPDn=>PDIFdn$OT&whHZe38%=;>>vi+OUqA zqzc#A5T?TtHTA(3(1LSY+6la_`fkr>#1L#_ zmJ3bdKApOft99XdU}NM^RXgCSQ4!$gpofgix4YkpMRDcE#Vj4KAy7<$MtD#_C(K#n z{MP~)vWwlAxus?RnAU(cprm`t5=BLfhVSE#)fYzvLI;?+BnEpbBXaYE;G20hh!u_k z90V)=2C?faUk2)NUqR2HUK`6r_~_-q6cr!#;SGEYO9Bn#7i_-)%{@ucyhJ)$!O9~a zF}kv3I%DlNYn*}e(++o-w~`-1IKZEf1N7h=qgt!FNn<-+Gk@DBAaH;^JHPU=#48r# zD&<9FOicXY9p(@!&xn6QU7)ZM?sGB_-+VAry6R(}fOi8fNpJQcQu`H$Wa>jnDbmsm ze<^jRl0S5|7f>IocSP+WT{6D#=cxiK&{UbJ@XGZ1XdENh-!PRwQhDm3EYUi->#SQa zCD)f*Ccx<{hQB%bd2$3Sy`57a=HfSVvLb=%6ho)9y%|xxtIJS|phBn5M5e#j4X2&suhu*rTt1c=SAJmqw&vf9;m7BqpUfK6v}TIlNH zz(1aU*%4hEAb#Ulp`P0UW6_k#hezsLC}omjTnP<_uu4rwCFM!x&!d9%txHR~U#RgH z*XwO)ZD-=OoggA*>)0Wvzn7uVX&#q-9%=pbT=7RNQpUiV8TfCI49I z_`AQ+h?(Kg4qWMN(5>uezlTj^@(V7|`I&7ew-_V23S}q6FZW`L9)DM{(7g6UF!=Z( z27%T8i2@vw;hzyD)g!?#CG;Fi1&miK*aYl8qn;hGO{C1`#blnQ{_2n8HGwBeIe=h; z99zgb%r;#$Kd>^@_BFxo>+vx-DT(`IUkj4+pZaV=^Sbx~9LT*!SLos#2_fU&nEr@u z_{xqWOJ+qX$_VC|>0yjbZ7J!7>|So(rm(&bfusghf=0}*Qu+cpy6H^lY^`b00Vs_0r||fG1LU`06stR(is-B!F(Y&KLCzmy=wTy4~>K&(b;&{1y! z_hUHOqMFA9ak^y^G|%!BZkI1h*YW`IJ$XPBGbw&FLCd6WRXB!4gQe%IKMSkR9h&E5 zq;S{d@4yw&tG7F%i+=85yKX;BiH5SN<2R`%$qykO)c{m~H@@@88iec@mZQ91fPc`J zJU89476?O@PY~{{C#6f6u@9sE(SWS?y5kt3@spnN!w-(U_6*zyJr|qwG9sG!wsRqK z_gx#MW_5|5Vf7>x@mU)D`^@OQP)P6CxAc|@tw-R#_qa7`r-%r_$x|Zvj5$AnzG8oBL^Eve`-JM=}@@m_Qw@nCT;b$h=^+k zbXNTlj&ebMlQeU%?f94^h?rHk?b)%m0STvOOzKt6{LK8Qdm+>nzk zZ?YdTb^pWA?P&{oCwnoKG&B=#)Wds-zdjErfYCE!^CsovC7E+{M7pWF=>mJdYlkr+ zv<3A}{fFEE{lppXFSn((GEQ(`kcS44VU_*YO8JLSIs6g5JFF8Ig3P&-esE_N7Za|v z*iR}k>*=zL9pm7pSt`j|cd3!F9QscxubHtc{w-h-uGNzh>)l`jcjLXdSwd4+>xH12 zd7dcji8d7D8E(Nh46))E%*vv0?ZS>dR(zfSPW353C1skZ&&w=%X&FluY)FBF<8D-{ zl_JfW=-Jd4kAMIyfF^h96vCwBC|hWtxs?5Lz|O&(dlAYnx+DyZUL&j)w8#r;VOKE1%}(}JbA#$e)MSRsVI&~^$@ zkz8R4{^K#PQyqieTX9oP7Hmu9A2aSbB>L6p_g3E~9N=NbGeai^f@n`37spJC4t-g3 zTx3P6D{TYe%-$g9Op{06Zq!)1dTC)CoP)N|)CM%7$n=o8NAt5$3`0K52`>6W>JHlc zLi9vD_*#}YlgeWEoXdYPgA`GyhPH!27|Q%snyiq|ltLjX1P1M6EF?cPrH|1$ZG|Y# zdB^ZzN%$Z;15fDH43BsQSA0T@MKbJdxYka5Lq=u#095Wc9MK^o7ZlPtv@dj~xQ^B^ zQlHAu38bcV*VW2!pQFO_MBGu*;ojJQQNE9@7xzjmr=-1&;u-S4w9d1RkAVy8XE=TvMKJ$q*cLL_?)c}{u@I@fVLYQ z{l0R;j0V*4G(l)*=g!;RLEEH?bs~!~)H-gMd{|C}@1{3S(omm4`^39!ykYepU{JAyeURfNT7~#(T)2MIk_M7=;HuHP@ybknpJIcm%Uv^-Rglt! zY(ZIaZU`^y%p7|wSNwp|Jhs`vvgi%}fU;PPd07M3#jjbSV#_7d=I;AE3ohF7T!-DT z7R~{W~;0bI#$#gU@-26oLH3kId7J6@G7M`_ev>3 z;n43g8p5b}NvYh@s^*|RTz_P^dPZw~N!mPckktz`at#$`r`VYE3)gX|QmpAbguyP{ z6$T8jc4f^V&I!{;rEb6iLy%}Sa{HD-o*kB4ufMI1^o2NnzUty%CNAd68kr}Emp|<2 zx}@0s)$y0uZ(!?(@AhRou1U@i!xVC~dwCur+iV-m@g<6Rs9GFEH3xe41boM#+EwPz zxQL`pe<9>Lr492&55rIcLmBcZK?9Q3wic94l|DN7V8mE2Y~J@fMT3FMaiWRlGtcKR zD=K%5kw)BfyuV>@m-u;9oo*RHrwk$YZ$!B&DL^QuKRNm3u=(o=1Vn(iqhp!ZQMI$Q zT+o-=gkUu*dLSD4C_g@nX)W?;uo&(|uaA`Pp0RKkfAul1+MnT!;`tD1&X!@O45&p> z_z**s48P(uQchX|dnJV{`rL*-1EoEmqy-(#H2TDwfwg(64%aX6^8Zhy26~xx-PaL7 zX2&0iDor*|3YPbGt9Ef`0kSkzHQa<>j8+@B=gnTY(`Q6IAO8|f!_nx>T4S%|c>Qd6|-%p{+T52Wz zY{9EV?7W!vEgjW`=aD-e#4jCokR#6DC+d~$!*JZpRMnq<@F`dJ|Ag4q+**r-nJpnz zep6A<=l0&&RuN?Vx-YFJb)rXn$rftINbQv@&k*iF474ljK*C0X6#kbw4pLM{>BTc3 z$9d!Il2Ooaq|}=R@$IY2Im75*KUGaAtgze;*EL%nwonn1Le~rX)_K;(#}KaldvV-- z9rJ}+7~#LnpiW4V^wO%r#)#hED$J)igp(#)+Khq= z5#L3am+k8hFvnwrbX+W36_@m2<&3PM6LdIz3t5bARZSGGl=_cg1aqg!f5yld1qz&16-^FfHR(+tr)x76ykhNts6ZysBuje=>w%ATJq ze9|{wEiV=T^AUCi+fd3IEG?CB3Yt&K3Vx_!0A{luLWh(!a087&bg_n^R&f+=)z2=+ zpTWz=p0AzMolWYX^%E|(;L^0$L(9-AgFfz5;oDOovoz!s0mP2G<%pNhO4@aRoE|gq zvhoDpHn+t(tp%kXx9;2l<1TJO2WozuG821uM!Fw23hNO_kKikUBA`k_8+LW!=!AdN zW!);kq9?Pkwfg(SQ9@qZTl+pQU>ZJ*GrJB_=wNT4!w~wHN=S;FiRQ9h4@FuyFhA`tcGoBXkMhP4s~%}nS-6pL_R z3S8iXVu7@FF2T3yv-*=6rUQlzRaf2t-;$(M(tu4vIQq@lIF02hNI=G!O_qxbKRd|J zQgy?;v;&;?77)U z@eZPVlvI zTwUag$|pKDm}1~HwGkVkN60Z~J$hiM!J6C*YxnlA(n|L>Fd!w1k)uf2jL>XEcYB_j zf}T^(VtFmSNm)7p$~@6E=WJ%h3xipv*fou`f(D1jP%hLns`tYJYaj1sIDXXwMYR+J zr3|sq2>M?UhJ_&J+&CRqggUe95-%eb$)KEXF+5Vs@V#=?L-m((q+p23bhYS%(&-Sj zn24E%RDOv`7GwabG)hGsaVi{ z!D0k9^$~%E6ULQ3N|%zK;_IN?Fc9N}Bvk9tSrytsJvf+LH7rVz9u|c>I4Wn|=G$0T zC`zstC^o-Ab}n>-1Tr^JXxDlp28+t41~mW+d^@3%pt;Gd_}D<}>=db_0K)>%9UcgP z7o{9U6j2)?Be=_c9Uu1CsBX^;6a8{(RvB#%@#FEnT~vv#2m)d9Ef^lq0cuG z)OW{t9TM&xG~^aGe$r3~o91qTu1#Rb@1J~7Z5)Ce;z+n)(Wq4OCCIH@-eL{je}Nu2 zO~@@*g%zQGNycH|^>{otiw1Fbr?ctSOdMvqisQ*|Q@$a-Naw?Jk{V+8TASO|gx~1n z=Ll8Oyrk4T7}m!SzsZB5_jp^Q zo}*)0^0cpJj4%8DDr+8CvCR_BQhJ;wg**6rpedhCfI~DR>KdHYrCccOQu1Frheau4uL|i8KvAdyHo)8>74(WF|**t6Sd3%yt zj4eidKxd2wK)PgW%t?(3Yd9veWw;+}cb9Tsc%bV9?it?`Wo4#ZBl>PmE;772f*<<4 z6S9Msg4t0%#tM@uvds0E$MVYUhyz{%dh7*sztdum<{$weK1BcgMMm%3Pf$oZhy%-b z#Vqq1%Lx62$`#`I$1XYi8|YDvM% z(L<|iFq_RECR1)uSFqn*oj#;!(X3;=kg-yUUFHo*C>W*!m>zEF>CHA)I73}4@>!AN z@%y3wxJDIMC_AlPGyblLXHQKgO@ptoQiq>|d-o3FDxBLdX_hFLmQQVwa%D=;gs+B# zLvZPl8BixLznkCL{3b77N3i3(Ae4h!dy1JTH2?HzK)1xkV%1=(HAbc(iJJHhVTzZ2_VuBS@(S^fS4|ai47=;CqWi-bmc!-0dk5@vI^;RJp*iUWu~C%YfGjkzk8g4g=6kKMfaqo_v=C-pFh zAgkjM&I`z3VZP-eHR<->(Cyu=>H*Y8#4P-j30XE^GJqeH5a~;DDKu)Ud((E9)u5x@ z*kD5wFK32QjJNyi%5=4 z3?*ZUy;Zd^&OIzHs1;1sH;Ypk9rd5z9x1(?7ORe6l9!7xK`VX=sp%JV3KHrBodgxX zEt;;!hEd{(p4;gm-FsFG7U{hKK}0dr7rx*yN@+FyJI@DY3@YswW_h?` zs*GDrvyJ#XQL|N{mU8+7I#g37g`M|)(@pNhG1h+-&e=PQaWz>@^c)b?q(G>YupWoT zcy$S343=rmXpJ~z4x{QO+WQ*wyIZPsP!nzP@O%shK1Q9aH}tXiFU_C>h{pItdEjPR z)#&;d)iD1Al%n4!OytWY#Jx>~+|YcJ+o@bc9N-7~qiX*(#Yvn=lgcQvB$O&$>+I}S z3WL!@Hv7qXtb2kVPAgiTjt4)YEWng1?rdw&C|%%$uiK-_|BV!ZJ}O`om_zsIvm$9m zJ0Chol=Q=|%Wskns?xvjH87U0%1-iH@b!u|n#p0?^*nTGGN(UO_rQq&j{rq;ra$i@ zb&3{rM~(Krt|uy5F?vjKcIKv6$P~44PkR9==1mnUpXlixVqDC^1t&H!mh2A%VAlX> zL%@`1@((de*hcTejY@P(Dd(k-J+~K*!~v6ZLIkx?B9c=stSTQt4)2&oVqr%F2eHQi zr#)}@WY8{P^@V@Gv!CB_V5jG}VpF_2LMZi4UJTW?^h*`@mrKR8$~C@llC<>gw1^~y zLitRs)faWI&>P3F$bhMen$dw^YYof=>RI>OfNq|FambIOfK=gIx!%J2p)8T{GGAa+ z6D~uhAF8W&Qg#D~APw|VKX|}1)h4u%8pToP{`+2*PsuwMfQYzP{nrg?6d#pZoAlyQ zafFu01M(FVQ-TWXrZ)0z2g6l~YWVlR<9yyDq+W@;83r_D7uytOP!1ar$Y6R%r6e?Y z&qw>B%+NYHVH@;$E+zBxEyh_kZ+3G^P1z-z#biXLmW}u)v^P(IB6g#`o(Dhh>4jx! zGCeezJyMiayM9&O=s$f-^+x4jSYN*HG-S~dP5*rzzLU64CJ~@U1#DdNw7u-OgMQ);`tHkE zF*0%5;zd5Cz1VeM-vSVJE@+f@f@xoPNS2E4SGD6HbrnY%lEztZD_3G7vYTVJv}O~p z5vy<9-K$XkZHVX`3j*g7KJbV!EXy_UV^+&~-$T>SoBe@3e`tzc2cSkh^}(DW--KNU4^HgRF0%lXLp4d`j<7VBI27$pyDf(f+hDR;w2K zk2ZMjTpO_ldK}lG6dpPwT2Dc!?Wg|Nky|qZ#N;#TSdg|aR|m?Ay6hhVVWajh4@>UZ zT?y>h=16HgVg5@vE2BUqSG|jMZ zGlpt**dPlUAId-jmFzO~o)RfIwN)qEilmzK zi381RI6;^a;3<;v;RTW66$)tdGRYSQLf;Cq4_4~J3Qs;r#moozUh=Ft?hZ~1>~bL_ zf8W-1FOQh}d)c6q%Y(|_JM)ghfeEzX$@Ia*34QH(7#ej9Vxc0kk?U*T@tJnjXLL2c zYtGw!Uu^=2{x+)H7Dm+nwPl5Nifgv}f`$a+5_6nw&68vqiR)1M+9w?|n`8pDQhrOJ zj0_u65uP<0Yk8M*?Nlv)5Ue45lm0n{tCDPd*x69U4=%XWbz8L-&&VD)3J5cp;spPA zN3-!62K{dy{B7$uFjj6;tRa^YY))R7;HuWIQeu9kT-(|i5QS?Lu+v|7#hVcjD1vwh zi_SIbgI<{QUsF@H4c=EY^5b?E)E3=C`${c?+X~k*F%kYMxa*9 zDL7ZB!XR*AMFlJQ9jG!U{ik4$v;^B#knl)=B3Q6-YY@%!dQU^T^1hnh1-Zi!wyO>B+^e_t~;FXp+p!CQ1^_Hfv~hv zhVD4sX29bZA+Bc#(f5mHP=&fFOZ$z$y~L_a6hyRcxgb}e;N{W$=WVg>sVau*Ld3#7 zV63>cV_y{*tSS_&-e^BRGveF>^|IE^A5ZfSp?O9H>-RO_N!=e58eP9r^D`v!Oya(e zgC@-F%&A|pJS#y0YsQ~Eh%Z6J-LCGw>^lm_Z0i2O!v74J5??Df8e115!dKjZ0tffl ztC0bXUhqgGtCuQT#XDG-Q0P*`T=Km;u=|hF`kwE$D**z*CMP#`P&D7t*^@zy=v`m4 zUM{zDp@)5RK6bu$&VaANpOJnOa(@=4rPpDM@t)v7#zFy5)l|#giJ8wuZhi=!eO+B_ z2ph25SB%CL{5N#7nR9tpd;ePK~nqcdtua#9XvGG)(R45PppRl^#v18>9nF0;Ncy@2R)j0n%HPWfAb8m|Wk zDMDH-W1uxfmut!mAyxNu?cbn`Mj_qps>xa+gG{C=z}iVjAodE?`>lq5hhP^j@Jlob z(xWI&&1y2is}7dc?IzI;_m$0|Lrmis!@#aG_LYIt@bt-D8qQxzkRZjw2?B+9T;sc( z$vs0E0aIn%fQJBHOnF4U#kuxomUZi#+99vFM={8{Dv0AoV4cQ}z` zMS9b+v-F^2goe+XCrzRw1qFOo18&cXr$i;gTtn!VhTR6Vg=ni-fZO|XW%Wi7V)(|m zII@|DZedlz-S#TK`j&xiICDE-eVcV!PeYGCL?1I9*b07>Je7iD(G%jt?!yqM8H!pe4J-JW=3e!v7HAyLrVzjw zVuVAH7WU&{)+$R5}?zlX&@fzWffr z^U3l;)q$PTp4ag8hp{yV+UxjjBg*UfC&epjn@0u0N(EEn0zhxc_c(cN7z|Z+pje9M zVyUL2Q0&^X3VIJYgO6eE5CkDn)Nag10Wr3&;sIJ?u>sUq%M23<8r;NW;TMTR5o8rQ zwa(FN2f~Q7&grdnLsc!xHS;n6$XZ(vC4qt6`oBi)EG1oIXU0jdiV`YU0HrZrm0$w) zBsdU3bSw2aaGplM7L`TrqVk;#Xtz6lip$S@vSNWw|LvKLtlzIP@jEnSKO~ljUa3d$ z-g^u^!Nw(x61J6es@`}CIGDqarx{bDV^;apbUf{#1lNlLvAP&uuoNzLrLmYl4IV z@wyCcbN)QTqdcT9^7;OxPa1wtiVBWi9000KNhVr{uTdz@WJWK3hDfl5NqqQ^u`+ay z3P7k!jWXtBUqi1}FAO6hK;b5P>iE2Y@ulD>zfrDeTO&L@G1VI9&od4O0sZlB{aGL( zy}6M;lo*V4?1pJ(%P1{Yj2j4Da>#m6ng!c2jHygRMn}K75pn{YiL||XT?AhoZN%@i z<^Vr|B9Vc(qw(-X<5_sel8_Jm)NvH80X-z81~J;^b%e;Zf8d5*IQ(S^#IPMcR!@s^~+eCEr-i10DP-M7R4z`Fv z1s=t-)TcAch=v57Z_Iet60pz0v+0KsW^qUnCIb zvx1|ZpD2i_A5Q)lA6-Ld_Mp91K<&uy@M0EMH)JG;1l)D*V!zPz)EpjJ8cn=_BcgQ3-FL7<76I&?RF+97FfWtD1EZ0 z>a@-~%Hj@TmC^P4Xpja~9uDl=dYGj$aDUOTbqLBR!EM|^AL(+YXS)C0x(1VTpaO>t zZscv!o1sa`xU->eo|p2=AP17&*p6;5#Rj)jVJY;ET~e)f-6S(8Gxo5bWq1|av(3iR zcVeb;O?W5GddNg`K7e0`O-<7!qg2A~((wmG9+g*&fzGz=&4Qbnzy?1z!wtcCTaUGWutRf!p=Rf`g@|sIc)67Y6k}dg8vR|JD3*V2F zJdAMcR5WU5eWo+66}oP$FvmY&iEvakjH2n^`HCXS#g8AHoCu<;NGuyM#58_kOs4O~P^T?x zm+vE+VW=vw?8}Fvk7lh5Hr`}G{t|VKcz~yy0{{)q-91~RwT^IdhkQ%nbBQtuDPbkU zD{Su^&~1g@eFNSKy;ez1`EN_*N-51(BVq+I;Am9@;y`P^YM)udmLcR*IyF7_X$|KF zUXI5exMI-}5K6f#p8B1-OBF`U7axFh$ z$nE!|7tqPQ2~VV@nKCBZSd!WEfBI72IsyPjvpQByrWc3M}#SRMaKmoK_-71)O;T6uq?w8%xAZv7x@gR3R$aM_Rl z;d3$w_P9Ndq|{A}GqCqJ54=ao-<=Ym#~Y?6=W%PN!|y#14m@g)6B%5alZv~Cito?KUyECq7BfZ^f%_brxd-YZ&A71e1If69*TYOV zJpVPm0m%yu5334s<%B_84BZMK-$_-oEPQHZSaxJ^fFlkINiWyS&y%ESj=Lenx;t5lHB_O`qt3-iPhOi?`ZzEi#K5*(Q?9KR9J-nIgP+$%aCqto|cG zb!!okXql9(IU-iH+%_&K4y5lokN@r1KW>j%J9mI^H-|b%@BAw{+?mn*Y-Yy_2EEVB zOIuyYuoo0K*ub~>-dWQTZ|~G%d1RwRzp$8Hg3yq z_gO?i@K__r#j}JeQZ9TZYzuPYXrY5MhX(q6=L?R(Gzz*KuRS;36dWbq5x0_JjVT!K zM@tmd3iT=L_L=&dNRumh^SF`maG5X>94>lw`|;%=>tpW^iULCE*7M}CRsh;>7}Qw& zP4m9V90B4nZI66qvK580pCNQl?_5`->=NQ6}*RX+*MJ#Vwkcl1Mi!63A} zq4iNJ=g5oNgb(ooJ-;~cQMQ=2I^O(V%1*y1>g`y=Of5dgxf<=}K>NBwp#Hx4_VU0V z@xT!A1hVI)DB%y6*x5|W=pf&#gREDUY3K@!75Ibxr8e7Q1su>5?cDOZ*`)d963J$h zn=tutp@3>aCffAT+5QsG%J`w@phfTd_z~!QGBL5v7{5QduNu7;blW>FGR-h~ zbqz7QMHSqf{~tHjrd>wZRJ5f#*fJ)D6Z+JY&EN)+pAqZ>FgxM<5|>& z{?}U-O?Y;)7V)BySIWctf&zCq_OSSX&jMfBL?>JNbhd(IA?AO!D}+fx+SMuoRjaGi zMG+K&684i9GDx!EqPIv~9gQ_IBfUFm)JQJxi(@tx>XU}Rf0;iY)WrQtRgkhq6Q4NFC$2VtZ_G(ZY zTTdESZzw<~%mHD>ByZF;Fp5cOeGnh$WtX1#m~R)w?o@=|K09bPt*uNbGVk=dpHPomh+cZ|a~e&F89+5Cwg^X0%1L}B6KVW@UjG=}FLA%{AwqfZt?!T5#+ zB#Vv*!=5QSW}H^wwldAafSMPvnq5U=D_EgBP!zGpO!vM9@gmNzQY{qp_rVb)C(L)( zTfmOeJc2r)kGMsYRffzb$x_*)eoO;vnNljtSc?_+xD(B1LkeYmiex+(ECDy%Ere!6e-HV%`Jah}j9)wSpQ^u3x0z(&xzvm`c4G>{&FUb?Srfwu7j^|7mf+%>-}VPqOdp)Jdt#*o%>BtjCC)&J03~ zeu&#nCyL#^dueSAyoqIpm)N>He;&H<=Z)7bSD-mPdI*>enQ`O2{YH)(g4+c3iU`23 zZafZccc-mGM*;NyxCU-6jR%#mf(B(zFu))GVNv9v`@j%=rUjTse2(E`dIHc)pa?-i zr#BX@?;3Hcmce6cdQyR#;~FU6)3BZWPS+*VoOu5Bm>fpfi#xLit7y`Jek3GTUbUPN zivo#8Q*q8$-YyHS+2xU6gwIt90xDmhGzp}!P_d}bHSAW(=&J#tQW~qeIsFXPuUEXz zAukVrRDi68eMIDr?qn#u%ms)Gy$05HV%j3&u!4f2b2i(R=BkQ!{%;>S)Ju}&zoqhV zCVcb9YRlyvsE$U1c;8WOPqQhoL_dG+B))!dyyzi3tYPYx%LJ>~#i4hLkL~>rm5t07 z$Y=Bi9oJo#VgxHgY#nBgpOen1YrLav4fsjzCy7i`d#OwKXg=kh6-}42i`x50eg(#C z(n)_c1o<`go}ZezKzN5{90;GDhS)5gci3}aQM5*)X&q$ z)5%AMlSsS#pRE)jh^+gq2K1XISn;1O@Cz=0?Aa`lyu+0bJml(4T{Uxs*B?p~@JP)S*D>rg*tD%S z^HcQO?O0?~%jdTs?BsR~1cc|``zBQaHrrux2_T6Plah&t$8@$bROdGDeV&-n$f+Yv zRvVDe86=gzbBTpf5)`g?Q40)gQ1|oRPBK{4L@YD}di{!}C`rs0Xw*PSh6#+Abla}9 z$}e)jZH&F^uql&_%P7q5=-n{Y0v9jU$qR=sFJC@7wjydAP%%9{UY_ovn72X)-XeLj z>;2P?k&e872cu<1$4Qm}Lc;c4N^`b-+ut>Uf`$`0V-Cj1q z$26tvK$Yd0Wu;gZdKs25i^el|*8^yOU~}l4uRZD0vo(nEzBJY{2lUmLg2s z7fHG&7+zNqW^?23=^BF12$HCzohvwbw+~^U3|4~h-TAm?EXxm{DN@CUoF}Y*zofI7 z9t@6b+-@LTy%x}lZ;?o<0mdqn=Hu+9lUY%5uI1zn&R4i^r$a)2=B~Z07C1#PSTY%J)X~lHuF;G}pBOxYii=CXAFm^u z#wZXYT!tHb*9G6xBG@bmv4lIeZvT=LA@P7BK$#>B6%Rp2;$%mzx%CNsBN~6b1E@1t zg=b|;Qf0=%NQr1xjlNqt5N?uUS;hC3DA3!|ZO|-{_h4)YC8oBZ>epRSPjTN%semN( zSV6O?8+D%emv4eej?GJsm&@5Npo#zd#!~jQgYJ&!m4ur|6DZ6jJ?@_axC+7ui^Aea zr}Rhlj54fs@X9cbh^KQH&8%Y-)8?)QLP zPN>$SBR+?v!53{HIjiRv6?tq*;D#hycuKrH@SAapK0hOk1$TEox7mY?$E~N1bzTX( z*A{g_r6M|S6l?Gmy<%%r|0*^Yal{ZMeZibJnj!lp9!g=_CsGf{rRqr8Eh7WxH)JOe zq{jj_VD;p_&djX0+BY7w5(wTzuBdG8LSL4fekIs}mjZ*Y07e)#Fquh}P5wAZk+|io>Ply)Olzz|9cDiVsCwE};gYCoFc0AW}{%~dofJ|H5i^#ySOCzDNL^B0>#t}Ry?M6fD=gis&IBl?;r z_3_&w4Z%U-AZlGVh1{0(V#|#i4AS_QDee)G((ULxmZ7%4jWv=-jP!sTq?68{-H3}3 z>0N81_Uqi#Q#YI_`B0Zb(6HfR>JLZ&Nd@wLp=Htw#y}JEx2QUsT&!ErvsBIQpj>W8 zvPPs34*Zv*19Q|Vcf~7o0l_-GkZ_a_A%qK&{PcTk-ZT}~=#e*E;HXy9Ymy^9tb#J; zE)#ii|68EN&%ew&w{B~xI29P9(@H!cs{OWZ&P$*fQKmrEp<8vH9JAt4(##T!!<=PQzuU*7#2xk2nn3Hcz7{?+bY-n9!IoJsUoqk{fA4E-XK8 z=-zietP!qlSiB~B^{h3S{1%ZwKr3*w21zPTl&e}I?VW}kRqMo}YZG6#;mlHyh3x!fCzgN6 zV-Xf4utcs|en!u`Sn@+gq0(1j8jOj%%?c}(Pgsmgd&8>`ixk2PiZA7a)9f;vN^7kk zH-R$ayVwzc0als2lqh#ytaWBY%sWl4eV8E?kr{O8C+*Lt$4r25w>9?&D(DRXIGZQ) z{1_=pi5R#@UxX~44mBP^o1A^pfha#bN<+OfVZ|ea(fI`+6;9VBKpzklg1cBS4C=9q z(o*$9VNrlT0JDU_(UiG-`6WOW(qf&OYiiQm{dVtcH;wCAeQHz2RDs?tL=J{_8NVpR z5eNkdPs5&r3mTs+RL{CrmJThdr!!`9^rVkYujmb~7*+jQ>o7j*FJK}8bDm*7A4Us_ zlNhX+L7*sXqIfAy>w}}%QrCL_s>pVHPl63X-=rVVVo=`wFjcFVf%nfhvE^(x%C~xc z0c6@OMRwmyUfJan3@{-wLL(K&>dRl|zjWbwpqcWo08H+>d%VFdL*4g=jy+^gz)!;w zo^b-ULUHBMdRF4B+N_d7krn_nQT@Hy{5}n35HGAYLps->SdJgVI$)B<9%(xl;&u%? z#0LF{JZ4-c~4QP*P%5n0M5vPL$0hTc`K4 zjaeAi({sJ`k8LhcLuySAQu#{VrV!Dvx2M)OH*T7tvdBjCYfw2FSSbHn{*^ddO)tey zly`(}1$5|Q3zDUOm+*oz4|$)U3z?PO5qJ-iPC0uVHtPi0=xa70a`<&CjJTFYN&i^h zzm$|9ww*ZX@m=N`t`M9is+8~VX4GU9jG?bY@e zp)_iHN>nHD05QDgbFp?88VO4zd8hFfQ5APB-(Vse+_8yD4DYrhqM4q?(C_E%2QR!A9yHKp0BuI zPzwLH;`-0e8l)?cj{}$zs(44r=oZV-LiPJo&r__16}xZf>j$61;x(K{fn_}ub5NkK zlm0oQU)H^j)2am2o7RS%f&1CTDj=r5@`a}RBx;GOGeYhHVWLnZO<-Et;OPHj-GOG@ znC@?*hQHAZl@U5Izi?L^J~RQWoZ)B1&g&wkmDp#m$W%(nqy29vv*}5jR|&qoIl-c!|%(`;GIhMOpAl_((A|8Bq zV6#FvVePE#@WAPISp$^Vd$dGtGyfdQF3OtzK?&R|15-n=D)X64T{wo*4qQ{{0^-$G zS$b&Zd+PI@PXkXlD3BjCCQ!nf&2l+_uh|Vipb^HW|2qJ$yNbKG3pr62xIhtgSo?Ps zR26WPY?0OxZ*JucTIr#slHT(+Zs0h>5zLF88JR>{jLE^hp@p@Uj-9!az=xQH1|xpA z0$mxB9GH_^n(;$%xf$g!Kqw%R^qm`4 zx7MY&cEP+4@WgP%VV#>R?z$UsX8EB{#mtz^rt_J;&d{u-=;VMSIRfBtCgZaj z_lWu@r9NBJQ(h%DpQ0^B^ES%OD8|qe%o**RCC-DJnx|i&{^3rgVo_p>Ofou|L0F*vtZxKE?| zw9+7Ti(77TA>y2XLZ~Xiu{isgG#Gi<6E`7s8Czbk;N{-Ygc=160Uoxrvo`1KR0Vza zFBSknK)$~`Zy$I;o#`XIbqObo&Vw@`Xm!EN;###aBb$ z%-z|h7?qk-_|#VuyUXGasys^Ae%~*@-<+lT{?AlwtEx$bH5?{ zIbN}~*32FX2#UOEYZhkYcHIAT_{PMnS0x zQifnBf^zW40Z-;rWh?7ptQ$iQ2fxCdR!ERmcg#m$;&b@robtHmKcl-2bK*p)60V*2 zkWNw=kr^N$demF}O~|H9gqxE%$(CGIjFcT--@`v=>pC*;I@~)RH#VB_ygV34>_s;+ zW{C%r<37(kA%!SFZGW#7(7ekPy`=xebeC;{6g&M}Pder->J7Im<{X zgFn-d-(GuA(S8$on7r^U;DgFEEp&#!Gq;0Y{7dX-cl&EAT-$Q{aY-+4dx$=J&c$JC z{2$jMImJt8XN!JUt{VDX1y-c^CV+lL@xf;?=Aex*FnR!U+GtxC7xeT4;kg?$=OV6; z>RwdfjDP|zs`hG4cS?VKPU*}lA3xoV_*8Q78-JW=Ge|cDj2Eehx^o^tCp&Adl*qIj z_USbFOXLl3_)XX#*1>%&XU6SBRXU|`4lBdpgEYux2d?LsOhN#R{M&gUz6b)V+nOGq zYX=b|Lt;nH|Ji1(E|Vkx?=_{kS@CBmywmda7OS3W=MFN6P)SfS zTZ{iSnFC4Ge&2BL>$zNT8XTS)FowcK0PDUCPm}$i@+Tnrh^`CTH)K~>E8^c76%U%# zjQD$F2Eo#Qp_)V896`(p1jT(h;}uG&TGg)iK^v1x^$ol`gu`xL#tN) zIV0??xG|67D36c20tYqA%%|dF8J;KRA?YW{pKh>8Q@kub_QUs>Z4D|pKPGFvlYEY= zxDBNG+nFGXP-8Z)$hkhe*Z+DZH0@dAqA+v=ttO`K1Pm**igeMCXwYp+*n?(&X;RNm zBP5B#<_s6fSbzY}Sc6WMObOF!)4nos!L|>5WvhvSGR=H`h2NllJ*PZ@pfi6CjQ4o)Y z2}5ysW*rU9xF$u`?6a?RG4j|O%e{dkG~zU36~7L3jLUB~b^HoUn957FoLS|*K)=0g zX=0trEq`x=FITdQs=_FJ`>h5SWrT#Y8?2gMUkI#LV8yui`_QeHoDpl@cq_3aVr+Fo zefNPyJb)azb!oRuf>a@Ceo!V&1t8Q!Vl#EO5Svs;iE-ZCSTDw{lMmYQ1!P2GxN|?p z=!^z-WG~13HxsB{LxcpSAT83`>RIO_VM(bSf>|!1zrZ|zcM2~CLKV4ThnD_)OSso-^B;! zvY!eQb1_L-+lBOHfmg`Tq?r(LoB6Xcci0IY+yDrX^|qa%P|BMV84L$0_*rLm^4KWH z?%+YE4Va$NjWY8oh)J=*tn(urY9Ho0hyATjk^dfwb>%5PKak-`nu8)ymR9W`{uC&pnpDp&}T)6sU&_yu+4ECt(7?4ZW zwxJk;zhsq6T1KnuAryl+$(&_NGIT&lABxd!w!vMw4yl1R>1V9x@->!3M-^rC8)fIE z8sVeDYtiwvAe^?7--GL3+HSG>m`Ll97J$KIVGtTJi`uS*}pPD7=?<8QxvHDcd5$ zbzaM!U6ozO*vjjqSSRlo!1w}}<+w|3+DO!;&zX&Z=?eV!IS26`?99Bb3Vy<(096wd zXU0vMlZyv?Q3881TdL0n2oV`>qdc-~j3I~)kE6~y+SUzo!hq-}2d5^&6s$nA4Xb%a zh-5fcrF|0Z3L~rWuWZnKHpz^0@N=oTjT)qa@uA=ImJN>J`hFFb+%{6NYn1np54tZV z`u{NnS^)PiM$n}~KylBbP(!{0n34{~3KSMUc4@)b8=pvWFd*;ZSgP63#a0Fe?%Aqr57CE?NisFg1%Kyf_i;tH?idvM($+IxVfFQei3BKa%@paV=R0oJ4$d7 z)2o}%m&<1Q%k?rO8-9d{D0m=2>%?X-SCVjTor_u1p1c{ni6Fg5q~#NEoHJwfMEyRW zw>rIx>Kz^AL96$(8=L9WYBPtuXCTISYN0lzlM$Z-W;7D%ffkhXh42|#_4Q9!SCO1VO?9q?;S0vr^Wh`)7l| z+~iPN0zZ9gEL@iDBcs{nSLRxY{x;fPr;gB#Q~5bnhVJIdEHvrv#1er^uUYOY6W|4; zn;$l%`iD)Q)dWMEyBb+*EY5bB|5|}zME72Ux*usvIgq1&FA^dzk;wuAcl&pXWR(@I zAIJ5xPj|O}#T8BKex15VtfQAKfR>Feoz`YWuz~P2I@aD`?78GszO97EKLwQS5F|!O z2`Bw{#Ty~eLR5mp&D;O8ZVPwa^y7Ik4@3P=Te2Vx!k{9?_1dy*;Pm3ru^<%Jw&?y7 ziHFn~hcOy4D~J}>tUYK14z`;9jZssiCh18i_5+5K&9LKh-l_(msdkkhlZAUiaX1;C zNqP{6bm`LZhz1A)I$x7`T1;5a=z;a^ z0(1u$&^>ZNH*(FVRY5vVV{vY%(n72LTF_aDF%k5JKDCPsbODlYLi7eo$_Ik$z1RCX z3Zv5wb2eOwp&}KSdflctNBtq8GFtl?vr~hb#gefmaiGsNRv=1HS zA>m;W-ky|?f?{F?gJ@diJKK8=rg>}Lhtsld^Yl95wDZ3)pmH6|ox^vfx!_Nd#|!S( zy?vN4J68O2JZOdydbc(W94hf@N*?@bD zivae*X>Oci+mo%EgcKp^33a@{C$Zv9KQj{FFNA&PhZ!dC`lD+y{^VBQCUuku-`zV=g9o^o(ksPu&2ttWCWX)LxG!SPee9Cb0 z+B)1eqijJNimYT}pkhj~uG&qYW>+;MdBky?2 zTm>f(K^uwSclQ~lWJ?rNi#HN|i`bdZ-gAxSP$*}iuce&idL(sf)w!u}ZDEhcsb6?2 zWVuJ(YUVYja?Q#ilXV+1LMjdbI~Sav-eg3gG7F%M6HKT0X$gkQ>>Ok1On8_&Kj+8I zYujLsbwHpJu2~rzl`PnKrWwfDvf8bhnJFBb*<;C4;e}gMiT&R?nt_Mhs%U2MDE=}n zYFhzV@2aUj4a9C!s=Nc;P|Q=mPui-n?Uz^jWCqe}XfW4DT%3tdaT~hk+W-U`h!-AR z%li^1C4r9n7e(f*P$yC$Tr!F`EHMqE&bGP-s%ActP2i?I!Yii7Dy9;g->FrnoVU=_c>GM5k9siiR4R2zWWgAxV6hmoeZIv)+~US1yX81jvEU98=r{!?q0FEV zR*J(V*d~3sS0K92tm-V2p~s#DbeQf4USgW#W(geU^4XU=l+)~>XhlR7q38eoQy!k# zUECmPE;%dPDjxd7l1iBZ+Khn5gg{tRp_WU_6X$LB!fHNv*UPa=E#h!DCNe<3+$3^w zE~9WdXP1Ge@eGOs0D9-4maqKF>2LI+F=v9p6YxQ>L@+5AOUc^VgROh$(%1IB)>BH8 zwG`|$0ci^?AzGF*Sc%{`qm0Q&n#!nd9nH#vg7&K>Fr;Zi%!n59kvy`r2RmCCE({Mr z;2uV*0hnfXs^TpH$1hi~7WWaR%&eH@2lLKk-+To`=bkI7;clS!z;drDBI1p1*kAp5 z4xTvC!(04k9#g15*SXZsPhRnF$!9hSlO(&!oSdI6qfg-l0MfM&0Ju*K$Ut-W`f-!V zn;WU)u*72HwtK`pW()SWAPK|_O3YeGaSE0lPHbhNqI6F5X-PR38PAg_KAQirs# zmq{il5(Ua4U^p4S$AD!jV1HHl2qfsNz%2dWRbj)jV^Ero1NdZqu9`A%@X@v1XQObP zkAP|e^thEh4NGb%ELWb`n#HI7BV}L*h-q(#=!1D;Lx}ec3aRpeXE`cD;8%FLsk7GG zOmud~DDV7;I*ATv&nNQ?t~IhS55Y2w7v9n9S4n+Zl6k4M65$74YP;ikG~{r0b$sie z&)y<|WFHyF#Xxys^=Z-*QZEv`qTwRaN-WDlS%$JSJ~UHZFhH}109l#_?&Y(cyquOd z-5gZZBi~YOi5nV$Y2ipjf;devCS73(-l;xtc(O^y4|&W@>;@)1F3ygFO7(^IZIb@= z%RJ77W|e+FBXQr`AeaZx7yrt03U!oM`@4|RGJ>f<$!%+Ll=*Go&owl+?_N;SJ#F$x zt*MLSJ*IFo{0B)JK0jFI2}XUl06SQT{=9&(zE0G4frwVKXk+F!4IbSXCK+W9JK`*9g8!LH^X;2egl<+p{s}GXIgxehyErBvi>}(6*pld$oPDA>HI<_q#soEhBma9;@K}?1DF#nO zh8m`KC*V4uYIh$`^;G0EX3|@~kWUVF4a0Ko8l>l(15aR8Y_O773FMQr=cupxHn6qs zNx{+z>PDUeyRr7P*tyERu)o4SwiDZ(W5TVHU+@W{1~kqD3sJPMkbaAtA&*^9B|##= zW?9J}R*Wg%3}xuKv1AI3?%vw5k&OzCFRGBXs2HBf1O`OZdnhN5 z&NpCu(gU=-wPL$XEx!|W{41q!2H1h(1sRU&%^ZY2vJJ>bA4;1J2zyPDI}#b6^s($}pWW0h=GiGKJ#8W> zMuxFo>7*~fM_CS1hma6`oA3@1QbUv!eu3%1Jx`1Acg3rkX`n82#N+mqmw6{MWl-0o zaW52S$xxG7t_Bc8$W=-nBL2A6DFM(4s(cWmZErUXhby~|thO6?6?L^THA6a+-1-pC z8#Xed9k{_gf=`C;8)ZuuG0?PS>M!16Gcotd-fO&_G+Tv~nWQH5buWs_FG*gs%{twA(c_x8u|{gIwy#Q+!~dnM zXC=IK=rNQ1;LQY=nIBD%muIgmV7);WdeGuq3r43G0jrBg7hnm)3X8TsOVbsHHnma0 zPTnlv*VC+eWIgufH-l&??6bPozw456P;qcEE9|;_ufF!1pyvE zv2j;NHYXBZA@}=fHzHNN->&2mKd@;*>wl@i^wH?(%%I+bH1z%7DhArAY9E5d7+O_- zYsMylLhi?TS~ZUgwI(fhm%(lYl;Zsm6FyZVN^nx(h7$-Cyn#p!O@!JHNGqqh2}I#8 zN>7NWRn)KVl5$GiQ}uZ%?SU20l0mP*`vu60G^jV&YVp#;x;3(5)t%0zLVy1;LQP^- z7mR+yI6D(mCxRD2$LRF=J6zxi`_y?h6n}+>oSdP1@^HrHnQu5am(T!Hb1ESiN>sjj z=Ef|>&hL|S7T7XH>baH(wA<)zJp_pq#la%E_h`OU+Wj6VYfJsy8;BW`O{%s5Q;s7N zBplF?%rfzHG(r;alVt=BH=%h-0dW5lOp>6+2F(THuBU9*bhSYM@N zQmCMkJ)QszdOI1#^MqQ5+~X82oAB3w5@S75Q#xkGOI;WOm{$5zA+(=S=CI+b;FrFU zwrbEoXBn$cJMyZeZxitZT=2hGh(JG!r9sCH$HXVTs=gilxod8qL@yOptB%lj=5P#6 zR?(RPJUBpvBQ@bx_ezXw%L<4zdJr9~`Z&}6mz{4hXq3_AVm4pF`d&n2Bm*v;c0Z4< z$<9{OF?_S_QlTg0teUdM+8BL;HwDyb59*lxLrWJXVvs`-X7*%~_@4wv&iytu0`W_b zzHGe#eW^O`HSSW;4@5R?ENoZb_HPEj)vNLM9he)!n-V2HHF>F^_ue!o>F?y@`!MV? zo>DnKk)^GZH}z^6Z`$=nZ-91vzSqE&XDFap&`$^;i^;Zh*CLfKI(`G0kr7qzAn|C< z3C^`SE9^x@hMX8@+GGx{xcee>n=4V=ov7=R58Q{@r~4ZzoW3s*78+%7obD|*tfYlL z29?q<6;~ce!Q++`34NSinzlshI#owz!Y}1I?-gPrSuSzl?G^OHeXo{e{Y7;MC?6Zz z#8Geub=q22Z3<P%^-|V;KHg=_ls3v}*>mxP zRKkv&Wo&GoA2f}@<1jEdayW3cv9YuJxpTc8wc1W@c%iQ`2sm~U=i1~hZP5XF85xij zGCJpMF+O+R&sO}{prd&)!Y_bO3oxVpbr_<>7`b`<^Uc78!&%@mXKo3{ zh`xOAsO5z!k7z==NA@sk8JT*b9$8x)p0lM!=KfcSuboBu?9I!aes_q zS_*>JQ4Qepub{O9ONE7@f+IjUI^DIDX9=7jo07OJQachhi4m$KQ%RZlmi$8#tP@tH zzer@%Yus|+)bH4cSQVSA$W*Af9=w=Ob=kJMKHLUhP$ANu^5V5KQOEA;(pl$n#8BW5 zjgd|)+gqi^6$3b+vVU?y<*j*!YQCL47m3|z8FNHlf_wpZkdFmR0%{paC#k?uMeanE zXDEL=oI_AMfLBx)z=@uip1oy@{R57o*f*ntn)$?)2(9DGk!G*b_aU9`&%ktbRGv<0 z)Whe8M107qLaj6AcS9XaWUBzCdPr3m1kuD9!i^5_C=DhNp@R{)4G?hv4DUl7Tn#^r z>h6hyO_A1U%t~X)N~Zr&G;3j*UUPtH1_f1}TL&a}c?arn`4)v_F~k0`?>n;xeedj3 z5{IH-D6V)gEzci6)cf$rX{@&^N;2Z8EiU9{*y{MTna|$nSVE50`E2RV z9l6~~7^dIahNp$s%BEBYJASKr`pQ#&{PvH7aH?rQDr;hw<4mWiVA_-FS zB=QoMn;ur@|L_9?E3qAV$+d{Pg&{h(P)g2%{3PFlED11J9E2y8kSrU85KJd8r3(&( zW>PQwfVc=jwm$kPlN)DKDaqVR(-W-mM0$lM=1J%J?nNh0naQV42qAecI3Pb0y%q0Z z17^>5Y4TK*y4c}FW~(!lKn`ddWQb_-$v1%^Xy ze~n`3(|@V?8qGtxby&XAyHU8gq*cf3pa_0V8y+O{38V7jtq%LiVz-_mvUhwY zM)>ZCvcxyNbKqr{-7(L~^pd#3zuUJ_CL$cx9B3YwB9dS@ z_Yc9q56f3JHEi?ahH(zK?XhXKA$ae6;Pi+em&u{h_Ew|ytAE`oI81_G3~4#ejQ+Q5`5 zT*`#7mxCx-jYq>1%QVL4DY=tC+^+63c{>os+qiy!e2=8bhvc9nCmG9guqMg;Y6MG_ zc5VgsB1)iq4>D;UuCgk#4(;!l_Ja?ioyO{^DUT9e5oz76X*N&Rxe}${J3BL8WtQr? zw$yHqr#1V`nLNq#zz@Rk3ZNCR0WEKn&fqa7V~UP#-5Hr%&yOJAU^{BMNH{eggW}sh z(56+iAq-=)6Q2>BdeS&xet{x)??f-LOl506(AFk?1sow}SuvA!Q^XUk%^683^*O1U zG)Mph1$#K>bNGHT-&*^mXiWin&5U*@kvt8DFimroQ1Fc!2Jqpm*eH(xZ_0|YvFgC5 z_ZO4f#(tRMcJlf5;g+4hbZto%@9%BYHB^-SB6pEY&ma52m4>KAE3+5)YG$|+>gVcERaVO>- zy68Qf*f>CbNZ)*05#HHFp7R1N;P8&L80(R0NmQ67XnsWlgg4_t8QX~gYcn6n-c;-I z?kEZ6axqD~0NYT~;Cwy!xySv$^G%e}!N zQyodOkUX|#D9Rz%%#>0D>kOz9zywf-j0vFQeBkq3j>u+%?$fY))P7}VJ^Pn0UM8-?a>DY_Keq|aq1M%HF_o`i~zNQO-j>$B{ zxRq~yNp3^!yl3RT^>9!w#=9w-A(-{!LMT~Xgarlrs3lh4Mn<2Bc(O%Ok3uv|?FZ9} z$_}*XpZDs4-(b?LBjb9I1w@lCvf{a9cw@5k9f(SXLb2=X?uKjlF}HfK7A0K|d+@@E zga9Aj`OaJi!xB!darh)T=elErPTr|L?18Qp=B|08<6Ue0z_8BO?y~8d(yy<4QKU;~ zb0YtVt4emt=jhfr*<)D$a15SzJJ&Az$ey%=bOrGzpjd!Tlf0B0_>~Yvx zRp#)%gdTz>csHytUJaJ{OA2VvTMyXG?bh_9Y5yL79!VOy6gBYe8R*V!$gTji6#w$B zQFa>*4{0hILe8^wm4MzXt5WC*$e4hL?} zK`x7bBrb#tSg;XZ{z1%go;Z;9D!vE3D4W zEr05A`8h!mxi^}d<`9vkph@|y0V`6Ocb>3mms4OyJ}{~?)S*9J#kGK4htex&dZhYX zA^&$oC!hCoHT16Y{zSnG=-@3=NeN8e=50XV`r+ttoAhbgHlpj*D*KQwM4s>8BUl7t zyRw`bp7^=1oQh}Ki?sZbsH8I5!g1ovr)RD7nk+dyEqq5ILF+} zW<|=%v>I_fWFt%oK-p?+nNliGk+}uYe0<&kU!yLeAb{afeqC+DK#*EumXuU>TVmp| z4{XrjL8ZdQJ8=kEzXR7AR`~pCXt=L%i&mA%khFwLx;O{SV@2~&QRM0?tCM#}zPQJ^Zqi}x!!mel< z-p34)e;&tw#ZZNiXo4Y(&w2difiXJpQ;n-<@gl*~()Yc{WQ+aqGbEj4Q}Dni3Yhf* zz&m=9ug77r%vj9~1RqKu`D>`Jk-2D*cBI8OOrT4t_8bFV{JusreN#sNa=Dqx5U!R< z`3mDV1cc!uwo*TMD<~W1tqmP`3HQ71G7vp^qH`LVx#k@b&+%@QMs>YZ45Pu0pk-;8 ziZgC-<52X*pxP&q^%pm(3}x(87qlZpDi7kRI^XPF7)9ivQ1ArbESVX4Tx>sn(>9~$BxlUq+H@`cZhk)pu5Av0f6Oq6J{ zFdbscTKfi?9zGfNM~OF4DY@9{MZ&r254#<|%9k@|M+Fignf70XcUjoKaLv1P#XGSQ zBg&Di8rJ$&c%Kf!H;!lR$b|J1Pgi-lOY*!DU%87WY44xg6J+JO_v|s?dpm#6v4_Jj z|JskY_$6P;hQ-y~o&wN*EfZs<4C8ZWt_2L>VAec0_8Rf>P*Us!ia*0{XM<6xHLX}r z2qC3niCWKgoqA0u{K&dvVC2YsmGjj|f|EhyocHQJrj@}MU%b11>Wo&Af(+Ki3%x?Q z%X+&F45J|l|JJV(`my28LnpHC&53VZM`P?f&sXSx%9dGM{$Rnr6BSa5G-^lSF z0y&=7=Ext>JnW7NBz^&Gi`G6RN3d6cypkr-mW=$W7z%ws2VnytO`%+mH4%4FNxming|owQgdya>W>{+It8DJjN;Z@0=%!h5Sjyyf zn6tVW6UbW3bC>*89bRvE3?{2U&KAoPyyZlAuWN?qX-Qf4-2@}1{t7Y;fSz?<{n6UP zWwt*^6I(5+jV+@wbEi}0;?`7a?d=&hZMWUX#yYe=xtE_Re!57S%eq&zqHPLPOrRaD>3j0S z331olU?n^Jq+zuk+`1d(Ebj%ME5Rl89ea}~@QXy$D>x!YnHaMpKCdh0KKUk@p#1Lp z?W9ea8gG`EO(f$7Nt3p>q%&=lWEce&osDv*I9~7S@JqL*Od19o`^ulsuLkpHYR#GCJx}Iwfe-Ps zFw{B-8qD5OgzSaJ?WN*VML)vu4+LSRp!m~K4XeX)iBDB#J?^JV7-pjoY`bvx z`DDwRejPB~f$27|wFIlJSHXDop3Z@Ha5U0{eKgN>F<~JpdIWIg1;QDTOpm12G~73L zfd=s;26#6l1?xtxLJr@w+|yq6)rx$&F@32_ZS_7?&b${QLkUK$?U2r}z`(V!=2GbT zOyu9;p49uaMTYRDxV9v=BTSFQop=cJfgdl#`b0%11&Qf&Fi_30yIJ>@akOYPeqPV% z5%K%uO(miG5*B{cvfF|B;dDE)Kaf|C?fd`&?8p5?{O~iidzL{5a)??LE>5O^Tg7kU zM1rEFP#|$k;2iRBWCBBOcaVzkMMyAE9lWDyMGUCt>B&=)$0Vh&)$#6 zT25ns5TO-PaQW~IH)};o&I$?`jE|BO1StbA=Kg3~ScD0G=$nDb^)Mf5omP9|i-~Zb zs8)lE4_|+Y%1n#=aS*=f&3(z}z0wrw>yhvvP$L$wCe|70hnD# z^ttypMp>5ajPX-QKb~HHwBudvBSU%#PhkGDLpq@06GtFcZ}w*k(AllV1X#Ar3Ih24q`pirAkza5@d3Dvdx zFPUVigN-cQn_TmYPT<%pQY2}MS2t`#PD`}UTxQujQ<@;ioq8$B>)fkddOjJT5uu(r zwNG(0OJJc0srhZH-%`~cRdJ-}OQ?siJDwZO#-JF5$G-+a^mv$Dx>gbaG`jS@+i zvu@7FFz>S-KC5c)o4KwMhCTcPfqK}jEYpg`Kxl8hxdGkq(t4+;vK}qRjhJ&M**9){ zZ_dR4zt<*!uFUYY2S@}~O1tKE8wZ+<&CEWcV<;il1Rrs3#PL`@N_cIZ-VAXz9@^%E ztAja`97M| z8oou-pFJmgBFt5M1UU>))JzA}YCUBB{8{Y`>Hg$AVYRc=1eIK3j1kH|#l*n*6Dv53 z)T|WB@r;?S?yLTVmOn#$CINVG83HyH-&K26Fv_>QsBN?;|K`UM@}t$lfYO;ADe zW~@M|%UErY?J3QX!-z*H8)#o3IcAK5>xkAMjP1%|7`>{V9C1{D@TvXfgcqIksYyYE z7?38Yp8xHuh`)b!;%z9$xvRkMKC7mHp5PVdt2!`vr|Oc)e9n+-J~SbF!gVg>!Ta)2 zF3?bg_gMV6f919!QWBcvm^o?D;gr)rTyQx49Q~R~wa9T6W(UiPgS8w;;3ts040FhaJ0!TX|>Vul%+Y&p;|yDq2qGwgy6LJy-D#+BDr z8|O5b8UdAbP(fDn3J`sYsAdMy*cSOqifeKQgz!Zt$E{m|oyQF1du8W9(zy!;Xwf&0 zJ21^P6^L?W?KjIiS*JX`O;OTon@xmUEw^=y31=A*S(h&P&wC#Qexl`6Zd)@E&L=g{ zH=_&kb>f;6F}a!tDIWm@TN0+SMGF^c^*g&?KCUO{ZHFMmawTM;%>isHUlUum7^Yde z^Zfm*vTSYCct@n#Xb%#I%$w`jBH5=_Nf_5GYXjN%QQU8-xjZc+ZipLkdaci=z73g_)`R4xH0o z(~?$lSn-gs)E9@u^OpCvJf(Y*-G=a+Bcxn=8D#Ok0S@mW34`CBf*m>X6P%wzR^b|l zPJ)y>Tb}B&UM!nS#NG%WWp&x^386b*RUX$0fgkyC&D#RCP6{vd!tpReo5D)V#!P8Xc z&*0hQ`BcK^er{i{YI7gli1#pezq8k}{G`!S5zYX0%4nQ@-GQktO*9RH=?4J&XwBNW zQ^(YpKxLbsWJ1daR=mPEEN0C*ZgY+oV&biQy@=W~OLZN5xhC%;EHogdGW1oS{=nuo zjk{-agquh8aMJ$r_)Whw1d2!cZ_~}pNzq7NPFitL6nPKnSJKB<;bm7p5d+@E!Lf#t z9%*2yk zWn_*RNT4=YgQ}(z=T?GixWiEI?DH~N1kejSIa&lcrmA2(yUSIm=|BsvbFcsG$Fv+g z>j0KZ=se9fS@JG65kU}L(ZfY%)S$SEgfGN0L1oK~WWmGXY@f2yr?$xe{`WM0R zUU;mVGS&*#%HEF?eKFi#k{)VSN&WN2JjIQeD z#Rqc_lIL*Q1{2}mjY&vwO5&_>gZoc?QrP0&9k;yHFDDXz!MLwZLT5}>$_S9d%;UJB z_Tn(stC%rP2I(Oo|0?Bg*K!|Ux1Oo9g4!u&HPn+QJ>WvZHmO{_=&=1&Mg1gCz5R>* zA|{=qge^N2Fr!v}aHOmp%r6+p65i-GmoMW&OajzGrH-)DTiGNTGFZU{)X`zQ>J&B9 z@=d69UU0Lhs%ir#2kJc?UBgOBYnk!?qn|@Xnm25RaNN>LAa{cTVM`p&3hYhMI|l$} zD(N$cIaG>5gNRWNDVC%q(uZ8MH9=k*g-12=6y0JXjRsC6u}_X3)Sz?ifC&r&20^e1 z=c`WN6?$n^0V*i9F=RT1xq?*@%wRGkY1f#qxhEF}g3y_9i_Yo<-E+=ta}$q#Ifacv zsRm{zv95}=baXHG# zL}UJwJjeNHy>XaqjlrD$Ei#LeJwQ{i*F^%dJ8u9>NNd*$nH)Zv0?R6w*Llz10<&B6 zhxSJ0vi=*Z2^cjpW4#k!-I>>*4){s6Y*W@%>mYAN5Ds(GG>-?^H5PoBs8&EqFrWx; zQRQ@>)+9u8f}Nz3sK?HFAV!h=<)e@*&9!~S&+h;`2vPzo-`~cq&$$O^=oI!Eh{`7= z0MX5cNDtClHjg5Y>U+;QlceSeHWGBK%pJJn3EC~cE^X-YEs8!{Y$TSQyU^} zGDsp=%cH|IpQ-{72>GlR6I6W$!9fk_elH8QE26PjQlpe+$K@#{*EcxS-52vj zR(c`fHT6&wEL;Sk$#7(}sZik?k}x@XLmaeI3WF-TKNbbNdL?~kBtwlxo)qw3Q^SPI z3OFz|{Hn;GM7P3-a#sGAju9v`2ux((g&mz@wSjWRUvTPCAUI0`{9bkHg^2ixlBg#o_hk&$C;~ro!c=5HJo~8@Vv(~{ub59;@;W53qire&1z&1$mZy)xS5G5h z!}%-7AW<4HY8~J1qE(Stv?YyOxOuTgVPma$4)0zW+hT*|NK!$-sMIRpvW1)z2V-94 zK#n!tPZ+AbvVH&Sl#w2tctz??_fc3X%5#~SvqChusCk2TeJ{dfol_j#4SUoRfzCqFfapCEfE2mI3%5FZx_mv)^@71k zsugsve*d2f)@|P`!W&CK!Y~AGkv5&C8Qz6Gh`G8ttAgDa`+tO zW&T};P&GX2w~P9#QK^Njh_`fh23#Y%G&Wg%N;=qtYV`5=n8Csx7xF>0PgYE>-7a)< zDagc2WV5Vu{It;Ok@1F3LN{(U|Kv+8(B$z2SIjYbb$io~gwEcu*jzQoYP20rCIVhK zy~aTKOxO>Q-8l9+Eutg5pE8(4&ebPqUefuEWqu<^Tb5umClK2E4Dc$OJL&1lom+Ju z2~2F3thG@BXo#qmSnrDzVYn6W@2KlGq)YKpk?Rxg`E8dfgS3si-?6x%g+y8?UQm%j z%7kbzXoF=j=w$Xa6m67iyy!n&d|E0sjbvDolJr|{+$3;jxaA^R?j6N-{qk#5;07F2$zsix?gC}bQ=G4rOBIV|N7yK+eLzE;e zON7DrY>_vBqe#4xoKxXwjg^fn_NvrCWzR-)?`~={Qt61&wMYZGMLFMGs4(!ZxQ!#2QT1(pgH@G(P z(X=J!1`DXGxCU+qXpd=Gpx{tLW*)4IJjlx4*1SVXr@-f|B1$q3)=O*IsUG9$$6e`A zwPIwl90aws^er?&$%xaoUR5J^wcg%=0U-|iu%u`bPZ}E#KD>fS8bJm<3TJ=p)4;RErGhE9`iT9y4whBg|JW`?<@n(DpzCC@+cA2u{ zSgPwWVH~I2(W~dax^#Ci-4yto2)^Zfn|g`pxrYC1Alnja3=ZZJ-q17#NCtkt64^x& z@6j|fI-9S=Wn45Cq6uh@us$@p6&-?}{}@lrSrRcLU1kS5jrNIMS@0k3Lo)^E1LSHS z!?YzW$BTt^$IcnJAmvD5G zV$KXhzC0GD?~(7nR9iMH)t^X^U1NO6WHIAoR083sf#B>b9$Sx3s(dkBl-PIjE@wtoj$03%Z|<4#YGk3dt2Gu*9y8-169 z@4iV|Y1YUaM;DZr5UdRWObor=PIBlRqA(v$w*u-%EssK>D)m&~n@B>``^7%is9>Rg zP*UZGd|6AQXqygXDwf4*rtXh0iTsl24ciSwzdFe>te;NtOA&HAiTKqn8a#H-M}XOh50va04b|ug@}Fq7XYAE960$S~~%M2uewzP~E#jXtPs7556Uqqw~Bk!erki=D$?aMwmlviq1kE~(3Dh8y1T*zwyJ7{{zA zlSZse;0(CB2wjyM5D}~pUfH$uojBf@T5*gKEQHDq*7ENH*_RP%C!dAHfk=Vgr2#gA zPNn3-Uwbq4>!DR}I@1Qs+n3WhA$QQ?zPZI6@Rq~@R{~vHR38py;?z8}`nag%M3iZt zw30sH#>&7mxww~>6*cs!j z?uvNLeX0~;I=hH45QI4q^H0ZpTr3boXrpjubUd9^sE2bwS5`}wbq*O@i!uLS27A;+ zQ+*hV?#sEa4RRk{XTf=oE9kPX)Sg^0f99wWiDK9QO3iI~3O!2~TfNi&=c}F!9W-1@ z1wUCnII~=f!(J9D#W1u4H1slgIz$6l3iyIjxz37!F%{gOT2bQ~N^2l>PSrs5yu8HQ zKQzkC+Zb#lTA)LhNJwt5A=$C=nS-N=HAV^Hkr+p#u|ctFA_Nb0uR)dQYWgI0>g*5` zpcFstff+{E=BwsT+Ni78I8b?z@By6uwGega2lp5t@gtk*b{?QOn`3Cg9^ zqL#fgj&hGzRbV!=EZqTT=;)k_`%iZj-_XmnN6T9^H`Km2Yj}!qR9JA9=D6D1w{Ii~ zILgkms*c)b5A55Yn4t!h5qk2pIl)mt$8BXrGst}*C{mj!R{qS8;{l?sc@#=R$Kkeh zdSi@aIv^iod`R&S`xK=YJ>!w4`bCROOBv$)5&hP~UWBjBiK<>{FS~4~;$9df$ArDQC)z+o339d&U zOI=i-KnCqYO(@5|(=^M|*I*t;$H*>rdmiVz4++#vimcHg*4WJgG`K4?<)hB(~i!2*wCi4*CK_t{7ycVtTe*d|LTJ9?H@5WWG}(yd3l@AyMP@<5>P5%vquEcP>ER;7)}Y<9PFQe zGn;;Jo0>N4K1Rb<4z}=xcT;QN1A*z4ytwahLa9vVRLgHqrwUUO-w1}_o$zLPlLWk0 zDP6a?pe11^dq@Huf50tQ7jls>Dm$vlH7rEpPS_fIPxj#-wmnaFXRi1*AY4_UK0)kX zcVIK~MH{QNeen_8IhOy3q+!?wp4%GV5L(W24<$Tcw?d$4D+DxU94bv2~In){BeB#Gi zYHfLdI8y0pScbVHc9?G^_d)d<@L4SMJeGN(G5Ii9u}2X*D&q(rgJ`o7?3ts}P2Y}@ zLN)!SZj zvNImwvaC?D03m1Fhp|>XuR@O{E7vzZi>ct2){Dwk__|~jko+IiPkBeW^=MAlN#J+(&xud>elq zo0^MxkCBk2@;V3o2f>fO9A>yFd|D*-^{%c!CD{R*U~+e8x)a?JHh^(|qaOY)ggvzU zM&3S5+hTF9U+pyL!|B&qa=5&MC`=}5KA!3un-HMM1OMDRaWbo1SQNFHJG#=fQFOnSnUJxZ#hvs{a=RqHH+SFb&p!=my`= zmO$2Rh2ZQ46`}?h)>@K#UY$jkQrqsyl857{Uc?Q|3XuL`ZaJXqwKqs(G!#RX7GiiM z2{C3kc7?tKCl&XJ-|1#oaIfPkGE*+d9c0r{fk1%IZ3>9Rwg#lf9+yDE+ zveYhHoUuSS-^}~V$U3FO$@ke??vIwIIS##OF#a*;Y>zVhLk`Uu`=$q$nvv=8+<5Wd zZ+1tDHcj$!g9pB-HJx(DHe-O`*z?kD>)$-xJH>vpP8}V)x@{Omd!gB*7+4?x%83Vq zLEsG8GwRFADkPK$#1+{%noiy0Y3fxwdL(Y$%}Rgd5G zuM<&Ptw0N=PNXCP2rHBdb4o}`Y(Q`IxmS!I?W$%dvqQnHAsB|9M%Ms+szYE9?W(6( z!H-vU7?^O2^s>(gTT>3;-(Ip#*i3&UZ9d0cWuJkr~DPxqQn1QGh9?$+z9fj2}Ec4cLK(#2}H6BNHgv~yG0#T_CaOZ+gRD|-1l zrNnC(ZRr}H2=a)UQ#6TSd<&FOraa-NoNi7T(*ivXIOQpezSs>PTVz^}gK7ZHrcQIY z#w_^&)84M`^`Nq~pF%YxqJ3e13oPT^!9h%hqRVI*9JAiqJ5=lh!WTHom1Y)^Y#dEU zXu3cW3@t!Jrt0?0l&&sH$YHB4yi1BRgL~m}W06h;W`W%;|FA?^NRNzG1Y9*zo;J6M zop|&^H-_%VwM&7Eq5sJm_`u=jn^zAYOKQ|#Kpigz@T!QJ>ktrC5WLN#&Sx(?GP9aK zEe|gbK-n$YZ{;>{xPQt^G}c!us@XmbUrq8^vRuKOC^Nax1`T(Qc^b67tCz+q&7F=)~S| z@PE{b9%bsrGYGyD1`$)MBg1Gcr5q0DF5abO$dV5HJ&~1_4Dc?#ROh4Gh=cp#?yovS zeW#eoc$vE(#{*@4>T%8(7`42>gCl{EsYwe&FZXl2ZHNl4fhf5Q*;y88=yqA38K(!9 zg^ZyGs3vWm48M&<1H&$Vsg#MvTub|QzD-h%1BNa=o z{b6lT`~}lyaqa5l7guYOixo(JOj%}u&Og{U7ZEwP$-911Dn&<8x>N|B9mw&p%lrt{ z&68>BQ{@icN`_pCys5-A3Cl-b|F!(7sl_~I8I}>U2I;gvId~e01!Qpe@kee2Ij6;4 zqDEv?(}leOT#r*7muS-jfa)*c$*&RDE6KHeNCBa zRT3e#dHcdh-bE?;@!SE}$Yv1W5lDXwVpQ$)q~6KAmJ=sUiBk8jXU^9eFt`e8(;xq` zXZU{(YG5?|;FY~QlZJ3zZTv-N(4mYAFyLr1>8*CH%`n4JsnynPz{&QKbQ->96`8kI zAiefP6Na7q!k4aEEPGw2G?sYG{u7@BM9bfr_+lO?`0Eu<@bH`^5lE)(s!HI(X;Y!A z)?rMhkVg@w;~gnlc>L7Nz5i>(E1bCt1G%vQ?f2Q>f=FWRUaZ~2vBke=o~Ei!aAnq1t&{=;y)UAbwRawrFs z%imp*f@X0up|DRMR<6e}h{FQVI~Ea=-k2%>DvI;g4M_p56?5#@hC9m!ch!~Ri(}P( zht-t4QDK3U=H)HL<$J2DOShvx@MjW3s+=A|Gaxmv!$qP>hN%pnhBd{ZU zf*O}O)hzDf7$IsRxvPVtNHA@3=Zp|*v>u36-sZO}U2P1(n3cQe9TGk;{N2(l?SH=r z#ye8U_ObF30GyrxNqs+|Bv&J14zV{x20La|oln^MziYHm9rnhP4LaS1P(aM8J5iTh z-ha!s;ii@v5RcYYCiWN|^=~a>6HrsMG<7MypH&neAw;QTLNUZVZ5FeN&sY#$9;5|A z!(ABvYm8@-b~v9fYO%&VU9pBIXgZ%XPSpjf@WE$31A9PQop7QtoDg`nXrP&m^2QV2 z(1dcdY@(xoBel(RDea9UFI8Jlx4&*Bx=SkWc=Coc8^n%1K(yjdNX%bChU*^tH4`mlH}OMs@*0 z7CATNCri=<4_S4#UADprEnwT}G^Mre)rJv9!{;frvzh;BmC*oQo#(VEp^$+ec|kN! zI8_-dDb2)EMrC^k3g0}9SmEU$uI36%Up!Ep=1jU9ZBQi!!OKbpT#;3+0zhxUIKCoR z&U)_!G5`&MAI3aI?GPk{LX+B3Gj%ERxE53ow76r4SY1OGmRAO8Z7Yib)!EAZJx>TM z`j6w37=SxL*6=eARk19b@G+`q-k+n4(GpQS#iWHydr%fZNz)SLmxpRTb>4z@btZ(_ z6Q1NQJ?+dUIb3`SKN%@SJZ3o7M zCugd>QA(U7@Z_2;TK4rzF9J_a!0$#RM%J!#WYtf7g;x&0r!IT$0bYCQM@_}SaLPSB{C;}|AX-k9RHvea$8Z< z>^;)MRVbu#lyHtP0<{{yD#tWM*V!AJH6oedtG$zgDoTIdZ+8PEN0=US z8vmYcE=)S(Q;egdjHsdb`S=u0biL-yPl&y_?d++uB312X zblB>&bw6KRmC5USU(Q~lN}ALMZEgG2F^QyP!Nmb+Gzp+;3SiOfyUHl-F))g{BKMS3O?M7=9isSvzK3nwQP0cu8(8UbY zFY-lNaUTtqn_N1sRe}iu!J&?>h|nN73U&?i;QdWkcFU<3oUh;@|P5PuRC}t+6rVJD1Z|N#ZiT7jE(}#%RZLQ zZ~f#S7a8UPC@aHaHpl)x8L*xyJVQ7&l^F!)hdL_a#HKQ*o9?7cn)00YvZW{~;4El|vPZ}kt4Tv(?2f97LX z=>p3OF7y>W+SI6xM4`cCA>O*EVr>S;_wEnIFg;;ngI{pg8vX1O-{>8&IGEhkEO^F) z6prR)to^p*jktR7_4=~XHcH$1-VdhEsQa^dq7J^?d(Lw_$2S5=hIUzgxDE$23{zB8 zkkBw_Q1Z1$wR2eR<_DSudQ{sh+jW8kbw0LOr`r=8b!!aal5YOU+pCv;U_Fm-Q+yXz zon4zXG=+?|zHdBIdhz#TU68+oex?Jukq92ow6-zbwQ~ZS?;c^o@7X|IN|NJk>HQ@y zIsnTNzI}IldImw_?L_8Tw&OB~_e`7J|9JKng$0|-p-w2$YL)p0L`Q~^u(=REIAl;>zP8XgF-`b?RD+%8ugHC$VYGvJRD4ny z=t)%b8Aop=NzPBp3;@8@K7yNM`s4kODYW7Va;GK2Te>GuIb`;h3M34}Y4K_8een2Z z%9qvJpMo%0O;V`_jQlXHOaaM>oGkW*2eGYIFNt0n7W7s6loL}K_<&_B&Ob(yNw!K` zi;TE&xamg43-@EGWEWl|@sjTn`-*Xq8vN}u;)pLS;fYvfgd70pi{d@E@&Vc``Zj-& z#*?}E1pr;*m0Z|jLYu9V9$xMDuDLOeBjbRft3d*m?w^!48%aB@2Bm<=N4F+9 z#YqbABt7%f48JyWm!l4P%#&O>&3P1vCtM$4T#$on#wH*BV?oy$jsAHf@lKt3%WI{k zI5PLwW>)cM6N6_d4QyU3=^V&3I!w5OmP zumEncBa`9&R=xb?7c(8X%AIW6t5_l^9Y=fezXT9H{f~(Jx^4cBT+3_An)irZBPD<; z8XKJ3nyXs*PxYj>rqywMg?Cf&qvi@R?;G)un-0~oAinp+wIQ$@i}K6SF}edV zCap z45>|wQ>u3ns+vsBQbXM~#F60~wrJ0A3i~-SEn(`OpSl<&u2Ei-LKcX;evku`W};Qn zB#vmh0BEj?YQb!>)f4Is1IydRU*xJ@JMNy)+Ue_NXwjYuo>%(UJdToI&p;PlpOw9= zhBgv8yEve~Zf%_p6NmhpM5?V)D>S2z3t6m(;T>e(z#K){gWH=BaAh%a{eSyr_pk4) zIc8mG6L+7w`V7Q{z^%1Kp8=Bs*jM^MB2)#i4u}HUYo8=lH@q<9_*%PABhxx#PqNbL zH~2S5=5Jio(qtb0@5^rDH*gloylX#tC;C6E446L2(nhC)qr!G6h@1V~szL0L+JgIi zXMNSvhgnKR25`=NLlOAiK0;eX0t-OJyM3+1w@QruR@|o;M<{nv zNAgtx&c-gipbHhFq|ELI?ey<7=Xoz%`1AxpNOiEvQFe(+segpWJ{S$>_PjC7L%Oa0K@ov(|iH7%Td7`^^J#_{REj3y< z2aOklswW}0q1p~=X4I4eE{1@ADPR~(3O@HWoF0D9$xEVXuHyH!76a)Jr3(MncHrPe z5cM2L5%f0Ve_|@fx<*pOKsZC-F&&+0Q#r1oAco-y&+I>hS|KRsYvmpw$wtaI@>9ay zMJI81+$2c;zmkp~=0x?KzJS=Mjed&yAeW_xS8X58a!oTYj?Br|>7d~`-jzjB4XS8# z8PF3;b-20MLj$%5fFFJBq(E>%%0RRQe)FMD~C({?Bxlb!%2s^)&VF6 zS+J#u9!WN=@}&39rNmiw`W+L7Hh}$DXLCaKPf{>29iZ7yK*>_O_Ds#Ebvxl!;;s#Q@xnb zzbj5KOPu{MpLv&4#Zb4P-!Ko?rk;WlX8myypRfm0!_CG0P?g{ziWvLVl@Hi4+hXjS zV+$NJ`JoEI_XOKt0@GcIc-u77pNlw=$JRoYX+GWW<1)Zv)eT*7x{pGKcOWYem}fQ< zE8_~~rZFiHI4$54xId^Vb=y+$pt!ex_|N}E_C{w62eIYbO^q#^NWca37#wU{oIq~n zd3YpYc5%3D~-7+pxO`IHF05IU(ZP1CT)wTqO<9j7E^pMk{C^Mc1e z**-4Q+!{RWRr;M{gf%8~EJ|j-wwJTOAaqVfwRtEt$ZsNaGr6hwkr_Lzot-5A(_19@ zl@KhjOv@WlLbV>p(j3Q4Qb`!32j2?XNKC9MDl-TS=MEqnHL*bunLW`{Zl%=T#e;8} z@@iiq7L#`+Wfy89Bx(2(&B~qIKGqp{P9vvA(a6hNVOb8PCbNYGq~hY|0^7@^nPz!r z;gqaGA%|F&CWQAbP=oZ!NLE&J{PGoKZq(QL5G_2f-|Jt$y!B|iKaYK5Qg3Nl)%98m znvIsCHo8Zt?-R8^(4AB6p}jCxRjP#8lBD#O8Vq>NI~j2O=Lgj@4z}uMl0XT)kbD1V z*{|Gjsh58?MmNPQhG7EwHy*UrBi|cqbn5dRXRN+T!1y0r6OJ@!`$f;SE*gy40BYk# zvj^cnYWeHcwB{&$@x@sLB2D9BEh{fKiY}-npX*T}0~Y4vB^M;PSHHXkJCUui6mgg{ zNepx15Rs|;=9i`BVSE%e6}{CKgV1|DEzf=zCgIZg~%u-%1|AB;#cV9kmQO0M}*WL{^nE*JWRW5q+YP7=~D3e$xScr#caNscty)mhA(ZT4a}?QF^TOGf}97F{(S)>dTI54C8T0 zjEL=_*5Fc9w-Sm7wE1|X`u#&F$Nm%s;ChHwZ0~t2utY!*I}vVdr#Nwbj@rnlZsr!a z`K-xZ-2Q&fGl#jSfW$aj2h6j>Y!|o_k+YFkxfd-2eS6Ld?91&Ey$}6DA;KZ|g@avN zqqffA8xm6R2xn5?@!3HFWw(F$6R` z_QfcP&2+RI4VLNVDaGj<%~(@@DZ#nr-6DQJu^HbhjP-xa+Rfuv-N)JMwNZ@mn1Jwf z4EfVJgN1}{vFnnH_SAnZ&yIx)`XXA)@iR)ef&Gxk2Rs^1m4jE-dwLE*+6~aS3AP7IqUwOGpaO{{0T0wR z$W%u(h|zI3WzDq)Tr3z>M8i8RU--M6CMH+0h&HKS?@(DOMO<-bTG@&m9ja4Xgt$js zfmRbfV`J#iNh*V=cNW`9xqwVWGO)p53AVxVq5|eNxF6xgJ6w!&LiyeANP*C)dN(OE zig(QUN<(37da=5$7dl!{b=*IUA4$y1TJn|8gPyCkH44YWBl%&dv05v7T|pZSmNw(H z!pRGNe@eeGVBTjrEp_F4Q$h7|NiM*XA(h63obWsv{>2U7s<_u6s2)^z)A~w9YzNE~ zXe5Isv}*~?pQ2?W@HY82>%V*9|%Z}HO@lrV_p z6kjb9+SKiy&v@YqRQ~Xn4%m&;wUZ!e3~0i#;=X{z za2A7(GW{X4+vY&XiQae8X^P(RmA(vw* zmO}q_kQ}aNi|!%Jb{1?O9<^326Tv|sVG3f}eztVYRN$FBc9X{En~GS;@O>2&6VM1h z%WhTwt6&T;2+yRqkUQl>C}}%vBn~PqW&AO-xaO%F25dO8=bcVMOJuTLa@$CR+f*He zS~c0rG)+5z%;3rtkk+LQ0AAt6(M_7m>fgHbtfP@XIF#>_sUZx@zXa*E?dT%>u5|l$ z@j(Hy6**;zOeJJtc7_hmos}kgM|KWnJ&DMn3o<4QvV67Sx!&KJQigEJ1pxthOBxjlFQ&nZIGbC7-_;Q$NC;tzSM@O?#h8_H^#YycP# z)NLi)DVMi$u!fZ)DZtzgSc1OUX1$224VgE-<~$x6CU%~F{oZb1$in3p3+ne3N1wpe zJ%89B8tu9VP>XN`#atu`*rweg?m$k@>A0z?+f&L9YFl#c&fCchz#${_mDiRw2AQsn zCNz934sbuVnE7#n523KenH;U#?(AysxZDpf$jxyKDNtBrI_Y0FlT(*=@Ot;|A_$nw zhc(S=&!8btPdUyGc67$#Kiq=Ki7MbWGyUI}r^d3`upWOf00LF3}O2F|&n%ts(P2d1jqu%23! zo3vD0nROQSj7w0427aKB2e-93RJgigT9rS^kF#@c`qVJNK2=D`Cpm`Fvo_@v-a(I` zMc#nMXmF`f^h>Ykjvk+^wj~P`vtq}E;zJsoAma}ej)>J~?&m8jfU=5O2UvR@e5pqV z4M^%`r0jH*;&{Y|%;aYqvPOtGm4Cas*3YC@=TQdo;VuE*c{Qvvh{SuL+FWy&ISCB_ z>~IM(d8E4+ZD_(@se%o2WM_&wzV_#KY?LA>lX->`BvK7P;_iv5ZhlZv0X6-bq8+%R zu922JA~~Ef%E<}yAolWvBz4azT4P|`Sea|>%LPC;MG_Wk1Uk4p)?^ie_@=B0C&XN6 zbV54D9MV|)HkV?-gERQ`nyr3h&}|W_#Ol_5kX>Pnq{ z%JJ5(Ew&0?8e}>id!Ae4c6(4r6F~!QKjvfyK!j)q!9-;0FW3u*rRkXUue(^%FD`WdJ6G zKjkE4S^BF5e8K!1f+rnX8%USfy|X6G(rK)oh5@A8^`_(6ml6cB6@?04#J zD1K}S(+PI5@p2%>6CBPi(uwel3~>c4iJLqIBuWV$L}ntcMI~9?+IS9sXy4?za|9x7 zxj;v~8BfNxvPT9m;?l|dfTV08o#F<5RpHxe50SV&o#(v6Ww;M`UFEVJ(=;mb`i>k` ztfNO*3J~N*-^fK$=T8h6DI;3}T=nr^*$oTDoZ#Aiu&Ro>73z)Z!xtj|Os+N^B|CG? z=iJ3f1Z*M&Nwp7zwBx7O2e0B5g4N8~d64Hkr@@atgNT+a83T0)^0y#b-NBsw>Kc^C zP7YWp^ASYsy1eMPXQY<;U_-8h3`(jaZs9U9=4LaqqtAz|ZV^3lz!Q&*ByU+4DJVeQuS^K*(I=@+ZLZ`xZO>lhM1o^) z^33&%172Uv_stRk3qiQ^XuL~wO9tA)78QU9;Ya)RVhrVAhkYTFIgAB5ESVULErQK2 z&=n-Dii2#I?FRzIEZw)So{6x6o(A}#MImf&KJB-Ag=pxtUloek`i)gys-`M&1%+z3R)I8!Y9_z}Tt}fx zp~E`gfra0(Cldu)$gAr{ctPQSK%-j%(hZDDLqqvmIB0w=ihD-bG0|=j18y6_LaY>| zwPtK2Vca7I76MDis}F`-m&)>N6Q;?M&T5g?f&hU)%+Elx?qooPYZyLVze``c5=6O< z?rYFv5DN7MB-3x)woRcW|8G zibKn7Id$eK&K^*@Z<80(E)4y6e~pU84w`KVoxzGa=AqrKbF-pIH3QGp${x9S z@4Yi_h`!OQp|+Ls9=Jmxo1A1|3-ygLuA~_F%w#Z-RQ=&sjl zN|x2rNtyv}r8$`^Qf&A?Ct4bk!*}xQ=ophIJX|!?U`=ha*P^;@cmr^wUVDV#$j0?e zOGO^5jbcYumbuoBoc)g(34YxBI`!qYx+`w-iyXZv9DCcCmmv-v%Bb_1Dsz)9r3obO zr_y>QZ|PeGUc+@GyMfN+4ZEA&Sn=&E^YW=M(SG1|>>*Ajb#PW9<4~M=9`i{>Noe zz*WC1RV9ZI>U*q@{}XtN9MK1>dL+ccL5f>U@gvKxKT{eWR*-51^+_%TtHf2RH}7=5 zHVaD4YjISI&^baMOR}V_0YD&EOcKDjhzCZXv^60~umUK*`{M1aWGBLW8JJuCm^BEt zTq6~rdgiEsS!EB!vN~gT{M3UYkZEW&2K@Oak-0K_oi~ZZd&3n^0`S(9Z zmzOiRe8DBxq~(%VHW@C?%@KS)E?t+lZiKTx#J}15NyJ7Y&n{`tR76LuA`UOUdmQQl zz)ExV{O$|g-R$n0)d*X<_NCKW;IN=27~!J|2y;UbcgzIwL6NWl&e zI*C4h8<_~Pb`uJa0oEL)KtRn1B;Ois3-h}YaeI{dD3g771iZ{z7;k?N=5H@#;$0lo z^kaYYCcq;ruGo(83l%zlN~vtK^=U@l&w21LjS7VxVQK))1aTNwU&J3u49_Xm z3ZxkKh^FasgR zzBgxT#dS3bs)@?PqiL^gobJ}oSbIcJ)Q%MQ@@Ve|z`gn_Yw!su_#{SzQ(qun7q1rR z@W+O^&!VvVQl?l1;RSR*O8&}7{dJoMmaqL*(~avVN`+%KA5=EEB0+AD4{{pXs3n|rNXZHj}Ugh+&ehN9h8F^}gdDSqW9QV7>g zA_eNyzHlVF8$t|w)K>ugFu2#hk|%bSCN7_N`#S|y`zOy4V#)$XoD*Y% zq0Z;8-bRA)mjfHI*)4~RLMvv;Tfr35+_m|zQ7uEUKDQT}dZ8GI@Xp2-Vot4DL#^uQ z2;BA`(2&89lo=5Rg{quO3nUh(VoeccVZ5bk@TN;4%XA)}?OR&v)s6DhbNY9CvAB2G zASr`jT1{FVMAN{+r*@cS>5p9Oq%Em3yqi2kV~{(}NOxGQJ;L{DJ?VBSWGH<=g9L|Kn>Ed)bTe-? zMV~p)nhPtN#*Z8Z%_g~(*kA`E0H)f!2Em+&&cV};qjK4Hsy=G~u!k{upej%;)h#Av zl5i_sv0}9mHTm|^$C0AJq{C3D4fBz7olv%?i_83`sKH7DoMN=hRb!+L7NRefe0lyA zzopqD2o%8)L!Q-2ECK@cQL$o7O;SxkU5J%S>AioG2{N zgoGh9R(L){1??s zjiUGLoXXt(+dsC-0runws}k|0U>>PpE$lYc!JjG#hn-zc0*4UVkDWORD6RK&B8#)X z+NlsrKou|UJ&te7TC}~2afSrkjeP{W~)w|Kq@ehHgV<8=;5 z%u}brpdF1~^;*UMV*TnA6t*j5(ssDcH{_2b;d1y*r@Qix*DY9iB+GyUr#-yFMFij3 zb=^EwMv)zCZy|>jGB+c>7HNqz3AyLop4cO(usxbZE8Y{y5IfJ|ujcBPt_z2x)tQJA zN#y+hMxgl)_am6C+77sZ^vfDVvw424?%@Xys7IxZ~Z zUgVtih4bM=_6V7@?nAhIy@YwXE;OE&(1DkCm$`TxrC&*!1|SQw^e*F$@H69tyy=td z8r^oF>lygtGSAzD+3yhMdsDhn>go2meswm9>>*yLEWxG3Qb#sYvSVX)tGLC2C2tO> zdal+Noa>WCo_Lq$>MpT&1!#DLnpupK4It*ZRF)>4__dwLDMI2?>c*-U!z)7iwzoUR z{UbjfSb_5+4bA(umM*suLZiZ^5HxD0gD32or=<_!s|O<0pR0LqA|sQ(*az_(;^p|i zw|h;VC$YiI@J!6*3oZ@+ce;na=J=&NI@_%k)%BX9Xe*3zc{h;Ym@tFMQP9|7+K#L1 zb8|SMh(=^k4qYPEr0QjVO}veh9G!(GCyeOPnBMSdlInN55vKcyuP!M7At5N;g!6jP zUp288w9&J*k?Gshk2=fz=`DDA!}p|}ZEk*0d7n6~O`6_S+q*{%eV>BSha zDC|TNwBO@8Q4NLyj0$q^7i{pY3A&qx`(R%1I!r;9+%o_CK1Gb8vJz#-FT0=S`9KXD zJB4rGuPFWWPINs{IbKW3)BzU-0f|C#Et2kQhDwY_ugle48v*Sq1O@EoR2M%m?(*DO zhwJuR!P9j~u~`K0aTu-3mcAh}Xw`Ndret2AFjpS_aLIWm(>7AUbBv(deU(3eYo`#I zcB@A#BNPIG0eToH@d8b{aNf;HqJv_vf<=Wv6qk2R2`n-0hec9eyJX{32V2a1fo!I^ zZ?bAqn{x*iZ>njczgw4K3?R8$v=&A&DJ^?nlO zzk^&y|0dcx+;QNU>r_3E`HLIGAaE&A!6DMzVM>=5Ds{|;F+$xvJR=Gl*J^0m4W4)H zV(P$ZjxtYK>f5SW{Yx4j16AJ+7wE>8z;LcGN5j@ksEsId>&wXD|LK*n-u1x3fyM}7 zAi!Ss%AnJf>Euc#wMY6?)ywM|)=X3X9bMYfk=fZ1rhww(GcLukXB4%j9lygEM8oPb zOKN|O-n=U)A-ZJJ%WlIDUfjld-c^H(r?aL;%lz1p#>MTmH7i+0CqL=FO*y=Zlo;qU zyj8&Qcbto;m1m75D|j|vnkTZzo0orI#mDHGdhB(7mfQr608ANG=$XN^zP-N|MsIV!E9{MOSJ!v$vc#E!{y#GA$qc7P34sArec7ZFwcv>D{#=R{1@ za8dqahv)!f-#2hEf~HqAZ0BGi}%kLg|O^OXyHN1W}Q zi`WhDPRZ5P-%P|?297)-HR0FFKsZl5OE@MoCl8aJ?Y?e>&K85pv;phl^FvB-YW&21 z^K!(L^bc*?P{J(+A0f%x(GcEoHI{^N@Ra2l^*>I~ekfFY>Yw9^lD}KVJo;F{{Q_PT zN?sv109`hOB_W9u2gMJ%X4lf-b_06{=QN49GTDc4lvbMh!CK4~j#mL;O%R6qe7 z+?T!lG-2?#nJphNZFEpRQ!gh=X1MROfCy+In2wG*B~zGFLSlh_lB?a!=;dp?%8B#( zeJ|-lAt*Frkie0}M`SBt(zquOp@`23XP#9xtjX?|?RkK9>S}K```e`eYAWNjHP=@U zMWWiNQzdZQxNw8P@wq$z8Nk=*?Qyi1x+zfLp?(Ys2&u>{MIt&dFuMW@61RcnN6Mdu zQ$hbJz&_up9vD4qqqia}Lu@ga>N-l`V*C8$SgC8xA&@3k>s=M9TOJ!Ivbxj^@%3cA z!c!-^`CeHC4^nU)QgcdKyY!fI#rGBhRwziMbeomqIT824L$SRiumq8mcD?UI08c=$ zzl419ph)>muqICJP<{Jr?fb(7;e|u+AT^T-xnsj;{cuP8Y?zB>);eb`sbx+= z);hHrKZ^hSy!=f!LV8z%Va-{Y#jA-zf2Ko6P`Pea%jLp=_^iB(KqB4Loo=YkoWGL{ z3qjToOKxGnG5!oi&ktMNX;&L#ze>B>i1#p@|PCjnzXv^h0pbY>!VpE^N zN+gWmuDs_u#t_oIW=Owkuj1EVbuISc6H)k|ejmpVc@#A{QU4;rp6;n>XmY$gulP<3 za@!ioqR}zLx{2(my>T=ow5jh*`qm2&Zg%RP5D3E1#|HBT-u4|@OSD$N$5Gc!(z-8< zkF3sU8hm%oai@*|F?@)`@&8#C;JDp5e+=q&O0a~NuX z?ELTO#`ot@xy);MiQ6XNE>j7LjBH}~#iiqqp3`+r+NVDY(-6`6dE9@7Rct>Y6CGqM zTF#xBBp@%mp8cOW3Ce2~bUd(QjUTzrCpW3)AkuGPDXnAI&T)|h!VDTs?MY_S#C!1vD%=7;&b&fQgLIHwU#dbl=1$Sbq+DxFY2H@IO(SS2w+4} zT7D-X5y7H+lg97(a&z`on;C`7FpVXFHdI6MDq zM>BkzhfzXK^U0t<3J?+!T%J zmgtjiElt`Mr^S#sm0;Z7G=}@x_T5w~V{=7BM|Qsy2+xO7k9En^29=m;(L<`eaqmJQ z?Cs5{H#Jzpb$Mf5!VW8j!CN_%{hUphk8pmq&>@r|!%%pcV^7_aBZ2C4N-e)WdaZS zOaEk>0~f5-Ig?F!VHeKA@a1xS_mMdyitJEyIaC=mUM$M$g<(h+QOG4VX%d_naI1OE z4K9T`A=(vSi`Tb6;Uo5qYv_dJQuJ*)H-CW;yZpVHupW`aJDE1loQZn7c9{NZa`6Yn zdH+%R+AiJ*G^|J3_iT~hMak$&z}joiD)<{pofoWpyD>6PEM~Ks?T%e-#yvO;30d4p6#>1S-2NS0()r-|fec*=B}1pB~>88|TR4#FLRZ z!Kbl6Jg1W~hbD3g`jDBEbeTe88ixJc6-x)^@>(mruMgvnQ}-LZnNDvQsI6Gm`!x<( z_Q}QYAH7TFmDvMs+PsTl`hg+ibFpbg+(AF5b;Mvsr1t=rDVlsKrF}3BQN1 zNecNHp%StsonT6Bmf^*fzK(tde(vNrq%pbC2-bx)zqCuOH2bq%$>;Bi6c~cILkcP6 zaDn(d3ja)_B(Sj@z=P1PAu}G2)Ee-Is9Gw+zrEk50@BYeW}R^)Q=J^jVXXpPDRRj_ z(rgypo%Z%fc6_!yX9(iklCBTgiKUTst}MYJ#)LX)%-1+n%XIIM!d>;jRv!Y5!s{_P zUY{*ynj0src+Kkz3SnxyiN~DD@=6=2)d=vJBgpSW`Wgip9CY$)pg7~28+N|vUSRVn zH|=(t%n%>%ykA4-*zTZuTCvx|Ez?qFyG~~;IWmK9bmCBR_L>oGm=kbt)>nin&HpU$ zt!@JI(f=dlkkUok^fkdwn7I?T_=QP_kuPnkfbtk;-&};?Dj#+}I;5}TTXbGboe!;- zQMgG-p%xIqbk3(mm1(`#2+ejX`mCCqC9}87fhziCxaE+7;P?nI%L9mw{YV&s^9WF~1sU~42hj-Ma6 zp>^24B$XpfUl-T|tczHwxiIVxtih2bo{Ua8?YvxLBlS5Ih4Q0EPL4Qgtl=eEk7m7- zhtb;oyT+5UJiltk_@3a6haWXYZ;ZNwFlCFt0b_(4N|%=($ESFLk|D^U?P!>AWQW?K zWQLO$(z-_O=$28Z8$xGu;LZPDGA~Koy-U>TT{h2Ww|@q-4NkCx#dg+QDxYxO{sqJf zZe?F!aKvA>oV_z>dT-3|M4gPV%sCeu9nzcWyBxcb&p@@;`fuvqu3%2C+SShus}bj# zv|;f;$PIu{{;aCHY-pXt3dNDFQ!Y(*N2o#;4a+;4j@jSMu@#EkjO7{T@?s%>3B5s0x$j`WXPq znMdD_=sTO%KLVLHav18o?^j79;f4MA#Q8g>MuVLtDe)>OaSBm%5}OHcS7%LGMDq90 z%-@_DN6FeV0lhyG#3};rYwE0XTjN&<{-!*B;yw^HRY|SIFWr~FKdzJD@dVdg1Z!=L z%Fj|=mUnSELUAHsvgvzu`=`I;fe0pZ*{Wk)zOPw)6&Zo3f)oK})LbU&9bbSt{`crIKcHQ~HdZyOCDMg@r9u#6*+rG$_?Dds`YuR?< z1Qa5QindeJnM*Lqg^dzB<;}+RDrc90rRANKdPA?XG^jx zX(O4WD$J?!ku+JEI0Iy*t=-=_iz`MM9acX)(jj=Z)+B-G{9%4@D+3F`hsYEhWOKze zC&6uUDx3S6Zt2^ZOP^lp8`X!I1P|f%H^LuGdk+gwfjfC|zR~7Su&!f-6I*5k`pE=Z z!?}sB-Lmp#t&ORQqc$Tc!e(~@17Iqv;i)dC#vF8EM`glj>ea}&Dbr0WP_P8Ak{IXh zVR{)pbrX-brjRaEdcpu=pup@eEc6bC;L(-}xG%oN*sETUQO3Ule*Zm}-QOI6Nm)damnM5m?IC zc0PF>Jj3TH%+|UK0Gsdq*!La7kp90U#XRhs;?H!cz4EjH zKD%1PO11z2q)%ZCO+!hhExX-}VbbxBGsy!*oZ<;bI3Zi~L!N2`*pze(Bboo^0z)Xj zi`4F}sV7S9=V!=gy~&s*IxMTN@f$ioM^xAqGcbh(JZM%1pgxx;s*)YP0Ud7F2X@(_ zG-fIEj}k=vS8qe0g>`)KBS3IITwAuSn6qTtJ{si_;ciH!=8ZlC?)VPhB}I4&_vb} zVqa?b=(ipcKw8sBI_V1%=tb;z*1y1)$VRkb->*lC$Og@Y%}ZsYy~Elm5os=b>+6D7 zvPwGE^unKy8Ow4~tIKCNNzJ>$?O#PM#T*r-we$zD!^T!OI|Yo?iDF@RcZdr`z2vqx z-d6cXiWdMug-==j{GUqsgBW)B_Or#Kig4y1;S)b-A>!w;7gE>(KY}{l$=GJnT31VH zh22~fHR(v>!J~~QI1u}tZ3%_CM-5^l3ny9#uL-o1&`s;vb<9o|`N!AI#UrY4&v^?w zi4&CYuct=;0}|+YD)S#ct`92=8^J0Bx4G!1B=DbqbyXVnNE;n+Ha{>h`PGtMob1rR z+9%s-TfO4IV}v1#6nzT6J04;8d**z>emQOr;aqMw0202*+7ep;hB=N+d3 zO8oyOyYAHuPv%P4SvbrCIE(l^7R`&cl2kEe&Mq6g)aZB7uN%&|Yx0*N^r8Kk{TFd} zInGBCN5GodDYcoK@OpRX#yv$H#--how4-}@&)ww_&W%rXNyH>%5A#hQelzLrCdNn| za~q9YcpAW^ym(Ct788B~r&#e8@I#bdUtqcMSpFY(pT*BlfZb!8@6G&sT!ZvRdK>Zi zkg7#K@@o433c=%0gi2c1V;Oc8LF(UfJ9z>SNvpYS+l*lg$%c*`@;|&hxnN?Vh7>|( zuWNY3ml#}u1Fw$w8v{do4SS71>?e|OC&-IAuZ?I7aufakYTo3>760qi$|=Q0vIjR% zUw;vpuqVI$W2>k9f?ZH^q})!-2l+`>KRtsw+NNpYL981{8$ef6w(cNhI^M`tl{2-? zS?$UhOtu~hilfkKbQeu~e6^hM*`lKmr3dz6uqidmJmigpO}J21rNgOwt95q^1!I4z zIUn|*m;eQcy#BC_b04rf!UpH7w5(0Ha*F zL-Gf{AGJm>W2rQJ{%D2~1o77}^#xTTJj;dGD87E~)mh7QE+lh&soZxl4`Wi7rEhwQ zNYm^V`CO-^q;$I4`C(JOuVVC*S|~>o>Ir3ys~MN@1WWy*@%CQ%9sZ9O161R;qZ>^< z_OA%jobzA?3x_8zaIS2iRNj*hJwcz8+5>Xe_~`Nh0I?C4T2twn^$?nz&s(1_pXwG; z;^!5wS;H~)t!*Vrm&_IBfil66<&o|16;pE)<35D_%!*_*NNZt`NFgvz!|7|Y-*af z-oSg#x7o<`8>4GO1t{d`aN_*Qh8X<$gyiCY*hDB4S!bhnj4WfPn^(~qU=)Lyv*Fmg zmr6R6_RX*Dz_RZ4M$65Ggnk>wbC?@^krmCojQKV)RiaAhMCfcp=a0-si+Z0 zoN&W&psFJsAu0J^)<6;gB4F)6J}%@!DO$8(_>y{MX_d|I0QpZC~6KsiuMEfp34ceEuEtvWUv&lf#!A&Z=ZN=FND6)>7RR{-85=4`S) zSMeObtExx(yhvdGr@Oz9aj^1mhz1@LUU8ZHCcUpg2k~E%|39JmWUPDS;~dGj1MonA zOJSD8XwUH7NrKcjSX)oogGYTmD*G_vx-xs!3^6C|>HX=f>1_wHQ|D*i2dTxhbVEAw ze>Bh|%A^N3d1M$q#GCfhYZ?nP8`pBHCEDfXK&jK(tx`>aD>_WvCbSyQn;jS%cNIy< zMhU`}8v(`FuZN=x1vK*Q73oD9(jaIUgSm%zJ?d$w8a11^2i+mFTsJ?ba-}IkBU0sT zvk#|I+{=<1Gk4i3LKWbKY71sK&hR;Il+O2fx1Zy4X$VQ~pTte4b=k>R+Og>8VlNg5 zMQgQb5D)7HAC9|D1I3@4)Pa1B1u%di>Q+)(W9)?$V9ient`6ap#9Wz^QQdD(3Mq@l zKxfR-5XVdB80tYmHmgE48VbPNCQ}%MK*z~}yj6Y?$(6V|fubr27ldOOUN~gvaK_fJ ziWDh9>yLh)ae$e^dd=rpZq@5Zrw?|8={1&FPL=R-2zNf3Vcmi4ih%Om=@VTBcS_)2 z;U(Z3&XaU*ko-6lA5%#;Se8fOg%@WllqQ}JLH2;2>qF=)im|4QQbT@DXPX6Q*iPi4 za4KAYB+DhtOUG(FWp)G9B(aR!TvBp$I~G3 zvp*V(#jB8iUzxIOmY@sY8Xd2JBfc?MpY)rxCvoxl};K)iaGgE|Zhj!m9P8-_0Vw<3|LCxvx7 zBnvj0`TfxRt~qdoFW&|~hk_xRS|yeDNKK%}VU|d*eCTz13D}$glx{cjvwdP{8w!My zTn?Tf`lxi7c`)g;rBy9Pyk?ZRAs|iz-b9Tjc{jc%Y~c6j#;bqCMXcUq6%(CEzJcf@ ze=q*u2@C)O1$CF>1x=WW{^$9av(xn`V=2k{5A9BW?n21^P4#tPZoyr2(8~LYhH5$4 z>ir_FJ}F;XFY5we?SZfd%FFQ4DdUS<+k4nJb}t;W=K^4 z;+Y=`*s1eKVIS4;jXf0yP6HQ&f|a&a01+B?oBaQ8rpmoYzO*JU6n+s`aN+br{x4G_ zz5NxWsGd(-0O?$omJ-$ygBhu}-3njd06t#(M(Tl*h(!<(=J+3nQ=P>T<#x5_&6cQr zNtJIMy&scA3V$|-s0XVKXgJ4wm~-@9>K@IwYHe-6^o?FsRLE#c$j)vVU_u#IkdwYy zep(p(@>xvlMy^q|T9L(;5k3rZ;Z|2w#d!!XLq#^Kz>{DNs@Z<-s(4<@hwUgCVu+ou$fg2I$iojtv`%QlJ12#;jihM^0+8f1|YG33myh+YFMGC>A;0 zQ;p2g;ZP#DvEJYj=qJqm(GzYpEN&7pw2mJ`M*N8smn1Jcl5>%h zsK!d+$6%;{B=lD6dGtYzKAW8N$r0t#{_&Q(N$pPC=Dgov>oS-lmsVAUMbPIQj(edl z6Z}#|^K85vpMndh%iMsqT9-lSAxYTTQv>ccaMIf9JQm&XUrfkMOY*YgxqLH41z!k^)+9Xb3x`ahYz@t$-n42CU00A-l4^vbQ zgE6@m?bvC(w@*a+(M z-zH3*D%(>`&obhhoiLv(#?|6lC&23`BacF2$3FQ=c6Y?oK zQFLvx05w=@QDss~L`Q@VJQae=746cASc@RY3@!BS{Wbl6&;sw2jw1ZF?Vp%HpEn)5HQ%V>ZA%%8EuIH zWsZv8M=obLU`v=+3V5SbHJC4Y_8G~ym@A&_EBm0$BV19JqFJy@E(|o zm9~N}nCTQZ4xrF5Xz6)h@!-7r0m}ll)!Jb!H%L}v;u1349#1G4TuSCC zKZqHR#H{v;6mChabT?;D(Wp;Wn7dd?E!49kolSBOhKq$doSS6N*O!2J zPY@#tK?ywcW~tHVz#=#sF~WdRDv*k`=uyv%Yo^!6R#S^9SX?r#Ot=AMxjrzgf#24c z7vVvo%Iy|&V7!(%yi`Q(i+&f9Vl>+_ST!$czZi^UumJL z1AhM9qgY=gJ%0;U>ZmU%tZ&Id5t~xNj(^p!#=rTF3%nIjsFlawUDejSKx6rXK>%h= z6Hdml*3~}-p7sOBNcu@cge_l5jXz~3K3><^2)nR42?r&MFx}sz1?Q1tTBE5jMm?(eDbI9B1qdIPM5+G0IGq zk21-Fq3YJAAkQ1dyS)npks(#CdJ!=yoZw%YFq9c^G25G~bU|)%4>MfxCuHwLR2in0 zg_pU=e0+V)GnL*C$a(Lb8sUt@A`_+FSuY@5kTG}mPNg|yeb*Tzb-Jrmu+tuiuztpG zdSH~#640oO3Opa+Wm^(bzVKjTkDy6hsZ`ej`~E9P>a89c8g+l!m{vNcm? z5T;R8L#$VVAn>|RS^MghG`G3ScPXTq|Hz|;T)P!lmAEgoEJJo4lI!QOq?mTLi6N^I zKV?o)iIp@T`V8@QahE2%3n`L~kvj&LqSsk~U!fQZg~K|1x0^T5?ZY&l>OrxhaS)82 zek+WTr0Bvek8#jPk5Lea!3<4_dLi2tQTLQ6T%M~KdmG)3NXgbwJ$ zNPLzFwX$PO%?;K4{ptN1uB)*r79t^@`TAg8o*>6to;=5rTi6vr2;{passxlT9xO(f zlc+efXn=etFo>FRFAUeXdwuw7g*lmbIj)GvaXl@=zr!FOO=ryva&RhWTh6~PS8c;c zZaa(DyWlpo3du<_7g`R9hFSRyKF@45$tf98`c- zWZzXOW`^;$dXv6M;O-LxL>xRCLK`{Gbpg$>DRvI`)9LK4u3i#aGytZ=ws5wYIz1La zJkFdsRFAhsD!>MyzzTja4ZlVbt>h?MZ`|(O@#V`HeE4lKSSIk$3Frv_Vf{&Pb#noS ze*v9hBp!cN9^{Rf^(q>AP2M#-1*((HBZVX!9jUNhpHg_L&aRX>$Icz7V_P7~R zyX@|ndW*lj5}Jdh$|q~yw{ze?8n6A$03vC`R?AsncQFts*(tcG^;^`*Xvb?(W`)8EH*TS5ev?2K;*FqmU%bE2a3>C(IiPAzBp2 zp;aRtG!Hw9qX2EZiXFRY@=9ze|Izg7uGqlL(&1b@(891m5_N+!Htgkm&^-)%ODAHg zTN|w^YdqmA(jb&qeM@KWoahT*wSq4C^sMd{n`bDwU>FlCURRa|3OH`ojoF;n+{`z% z7810P7Bb_sMNaXiu>?^Q^wC(%#9D?sjR(3=0(Z7k&lCiyzF*_jyq)@{=hbK--uiCC z%}|T!GJQ2=_fC6O5S5cY9!Xl;qZ`eBR(A1ohbmXX*d{zY1VRbMLT2D@nuAEDI^W4{ z`P$??D!agmy0?&zF`fL<9x;)8-|rfOQ$q}DGX*d-=2EqljA9+Pwx#&fX#4^x9Jfob zL$(F2M~|1o9J&X_mGGZrsB2NTJb5{~pvK(_zaul!iuD!{A~j6bo=n&L$V#8*xt>=e zvlQmQ+JvEKTw3-vWXWY+V=W%xP<<*}BDsG0J{#Yd_1N}Fgms&{GO^2eX1zF)a@hAg zV5A+G!_C>WJrYQSl;s0Z(||F^;9BuX8pG7dJN^1a2&Q@?^ah1C8HEL}~+F`LbQ>od>%uS+PI9_5@ci;nGI`Tr#JZn)qj- zw0cilCNp7Bb*#&LgDsHCq)rQ3M0;Gn4*E0X8tWl%qwUCu`G4dLq0o+nXiugszrRPj z88n2LR4s!pXOz?;2>?lriJICKHlT8)oWP7hUCULsrR$oW^pr^VI`vtu8V`rHf+LPq z+2z)5bvQ&IZ-U{t?#;9pgXME3}LJ*Ga4&vYL%H7Z9Pu!XL!@k+l#~+{3G-1 zAZ(%qa<|nm$F&jZS?-)&GlEIX9$T?3?bJu)W-omk9#C0VynSF&BRc4*%rWu|iPOhL zwTakB9s?+&g?HWavp+XepdRUKeOtsrtTKN8`p+yO#5`-(UssW)p`h-f9m)AEf+9ex zJ!=GvQd3w|m~zBN2`C$;b``j)TWUsQ>rgcbxsaY|hWrM%&GbwgE&| z2kGfQYqV}|x&u;$#;E6nO4{Kk4IqZW$tEDe%CZ!~?+Fwy0a#RBB4|d|qu0-5OOhkX$KynoQ%v1JaHt3ZR+P zc4WyJ_7lFfsG8{JuHc~~7@Or~$#nhvdnRV#XIhF39pFV>N~^pa(${1W0Wt=5tn6s z>%?NJteOXO?AM~d8r)jOAHKZ7o6`}=nx?4pS}85!c!2dt6b34K<6%geaQj68krCT zX4p=fGW^I~<@Pv#I1xoN-2^>>cbSzLx5Jft8tZ;T3dqj%R=P%+AeybEnGf6px9QKn zT*m)w=K7_{6$Tm;rWAzhaERNXwmNEWoT1t8;ZW&=BzTk%ndNWI3gb=64FM~h(4~)J zmLNe2{dAsqy$C62kzSCpIzflG7=SMJit0LOF~*NCq)Ay4fAIPgp`pOH>=^+Vu3UXx zmz~EXeo4N0YUU-omY2}Q_J8Vco8Xwc9HEaDs$tw5AKYTM+Ugcw^9!INaXuTre5LmU zZNxFLO2)O7knzetrSq4>YGjtBCg@gA2DGv2vD5EwiV43}(=UQ{c<=f$G<}lgDp`a# ze|a^8UXPGF%qwZAdd&b3s-s?c8_mB(+C*AESVqc;e+>D~B-@xHW_FkJZ?e3ay9 z1I)ET-pCd|Z(1G8VyH@=DZk;ApV@STpQ-Gp2?%5)fV#V7h`DTT^b_|F}o`C3Vr z@?w})6?z^#eAD`G;{ojZns`vOQ^YIE4+gO?&F`KDyp8r3@A+GNF?%i036t>l9zUq? zCxPjM9IZnV{i;N_Qw})B4>|0MHj>oyrpZ!#j=<_&jn)_PX@rqvO0B3=f2U*2n0##Z zyX-A6C9DBmHRehpO__zC=%6}gAucUd_#DgPIcGX^4(zQWPsaAx2|mh&`oq3GaYr81 z2jdG)*m45RhF^1n4+NG;QXioWTJVJj#o{y@Y}QFS9|L+oWn7y}>dy2G?F7$`N9act z%29HuOCB-Z?QvAumF@8t)f=8-c($JM*9V@6vqBOINIV+s*gLH+y0=<=*0p7)BLQKO4?ocv zEumS?$4Zihd06M#w5EhlT})5jNulU8#Z;wNg_F`X+1TENLlIG6cUL>W(8diOc?~FC zVoN^OO8)JHC(E(u!@wWJf3e6g{F)B&hp0!DAWe3PKS!Ia%Y!)R6gV4W*#{XE?0ELW04Wn6tYi0J#kDIK~qCo+iDlJDyz(<&HI{IcdBzNR8 z^3;zbb!B7<^xP>nM+nk7=p0V(k#DSnF2yZ;oL-~B;w^0vBL|xFUlt%{Dp&?!)wbYI z88cmgk#ZNw z&;1X&U`?FtOnNZNEAYjTrQM0XncgX&&qf!_otMyYlaZ=nxM?)>!9X;V_~M`|KUshD zCaEQ;+5#^2&UC@sEm<_&sXp%~!bA1)sarKRLE#u~{hKCqS}ju#xYfDR<7OjPv$xe0 z4rHnUq4w}nO~xMt2z6?ygEO&^EcQN9{zB4%GL_qrI@=Zi_|khX3hl1szQlOMUnn~V z<~8nN>D|M>zbj$6(D@Uob`gewl_KS@lV+#BT$a$?grcbs=Vg;s9f8LcgTIv`Ey(vH z4-rT9`90nyUP>r9vzE-l`42T9G9{*sy_(#iWEyj5_ev-hJBoL9(YBQ?2w>^#gXtwl z3zd;fl^c(}AdpCJJBP}g{;e|e#(U!aDRUCDjYPpjdGQliLjA2#=l+Dh<>BK#q>dQy zRg+?qS%b%=^MW$o9ePuva1uA-S7g5D=@<}W*PqZ!lw-!qAkDl6QUcbP;c-@V-EE$* z!}06zPf2fXg~6p^qmX%eu?0U+g4Z(uMD$D=&+aaO^Y#T#^I>LRpj81`m*;>nMcvB* zh`*&5DxZxq#>50mi5QJmPYLr}0Qe$a<|F0`+edKo&1e9zr$owV*&z7=x=7(4vS_20 zKErQvU;q@b{wlt~nG~5E5); zMYX}u^6+A}yRy_*z2ckux%S{y|oc|Sg}!wL(q>tueYCc7w~z9$B7s*4nC-?xJ@7h63I+7 z&M5S?^(Vnj%h?+*9cIa?BP_Brw6OK_WL%9jaHqvfe;tKN(P7HIF_D5OE~z6hu3l7w zp4xTaaJ_<^;2kZlc?U+9kunRGDkeBq<3DE_PX-PErVDET-)w@5&+TmSex*5Qnj|Kq z#b~r=vPwYvY=FQoF^?!x5AnFY--z8$qnNI922Dtv3Un1P@>IkL&gOrf8kh$!!Yc*J z&;%zs3KN&OT`d8E$>1*(?9)2grEawiSpxQRDj$wfkDCHeEW6d`3tqD(sma)+b%N?B z4`|F#?+Dk(@NAm}Ceh0fTXYt>G(En(wy0%M zbNvBAaO|I3=q;RbF`vf+GsEtM{l&bNf=EpmOxfB0V7oc%-%Fk4COks->MplMrZ(>2 z^}sOdzRAD?bfoHTsW6}iYK9q^uyc>=UmU*v)Ea44R^KKvCS7`^jyFpC0xco>XT?~* zc>_>v;p0~OaHf|daC+|PpOopS!$neekcQSOG~lbG)3)L#+f3|=Q^@Um?>45oT!epo zhYjmOHzST(?gz8Kth z_Ch+Jbku|KO2T0l{q9vp_$lc5L~u)Gn+O&o%}hPJCU6?GNHvpKd*~-o_O372+&$7< z5_J}yym~)vsT_$vkD#Z89eL|$WdB>4RBMyI$FOmUGJBNkKBcsJpOym%Hz*rYrCOz7 zkboR)AC$8A`j=V5*~?(M!l;`--?O!)A`8a8&3&jR6R|Zj(H&w*++aaaC|wdKX&%+X zbz#vz^m3*Hv79hLm+tsr@h>1uUGe%cDVP!pEx%T*prx+fj9>{7B|+@j&a;$quY6t^1(U}v2~*19o=6y=9*#krS{ElCl zSRm4Z$%@(tty|5UTo_cMu^0rsUP1M|Dy4bUb@v?y2^Y&bcyv32u^|7BDXYxlhk~@w| zVw+3p2#s1mG;`46!?X4Nnw}KDkln4sr$}W`BIIDi9Q& z&`*ww(E$P8o>#Q(-Tg9lciP_rh*BisRAT&X{u0N_BJ{@_zvy!}6|T2G(ySb1qdf4c z#c=038_s*)&k|Dp#>&fp$Gy2hSYNgG`1kmDq5xvUEqveJ$+-X{o>c84=k1x_o|;DB z6PIh2j^H6@@d@d4dH(KQC3)$-Lv+Xre?cthWlPm>84faGgQp&&;xzv;8F+xWvo}=; z^$idbd}19rvt1ky(#?YiaqQ;<0-?c!vgC7)t1o0Dkd8f?M3`SW>Q|V`F6x(pdWF(B zG$$gV0#^l6_~%TXJ9ReT)P7T>)~Z+BgZ4EHg~&l7*r?F7La-?=W8$f~Pwom3l7E9T z)V@`6l~^tINUN*`WQki*z3m7hUg>5!NHt6Cy$7Vp5_@iZR*pU0C3jr0JXVfE2TgGt z^MC`T?xjC4_PU;}SO6cJ$AfBJ*b7VcXporgkyV*N*&{F6Q1k4m#ve~}@-6enOpc*f zpKn;eimmk+L_i3_(2_0yCDS*G?j3>TWYH!7`md~TP1m(Wf|t^ni#?pe|m(Mmr1aKj3GCJg>4-d^CIVr`%aZ#F3OGb;==`ojC`x*11xxfz3&! zOO4d&MFWJ{-`JdhP!Mp@Xk zf#6(x!3;)`q{3&&5@GlDW7+B_w*h<#&2#bUbhnSlF|5*}HgC15>v@B07`~m-$mm%J z!QmPbQhy7PO3QcdQ2lvWSq>C_uDBJ@hCF3%BHBj6IpUKw62;`>#X-PPqBhv7h@~`# z3myqAq++Uq#HcR!p!-#xPX9Es&!H9Ikfbb_86gsCPv68iY@|B$W}-!-|6E^fmdRj{ zOG2XYsN3ZlWdP^owyaRcjDK>vB$ScrVgln4n#roP;8Xs zJEV#|v&Q|FxA&U~8oppL;7JEFRw~VVzNV4f+$t;ioePX*C8;L6gu}g~yyNIZJHNz5 zXgpK!WPqb#R-ATcvOBHrWIe_Ap05-q)*?Txij_3jk4@?zTB@>XXi!r6%yzL@+-)`P zz_i~CtCp_rDn_pbtX0f2ian6C&)#L9oQG##d-G zQ}j&N8)%|&ik94)GhJ>>^h=BAU3s6Z3qF=9U*Ic>J*KH@^`re#5b51=3PqzpN$kD< zv6&nhD@At_1VBt0Q@4J$MorZpiB zrFk}71xD|@BEwr{Hh}A7=78;Hc=B=&*dH{iuNh!cMKNLBK2zNQmsJ=mKBnjXj_VQ8 z7TEhQ`fD1S$|{GN>*Ij&Q|!whEwC^d!`~bUoC+PB923gPlZ?mY_?@-i9ut&^Xg&f! z@cMSFx{w8C=k(Rg{xNaZE$fT52ml*gTK=z^R^!#%ipy{TbhLiK(2{d)4aQBtt)WIy zO!pf8xu=O4So>*I8o^t~Z>Tx!bp{fwtE#|m$0OK5k%v<=RxMbW;fDEEW={hA_CqIkTf(9f*YW`wP9Rori>w& zJ*?)40{W@V!_nLXCdC)_rh>s;0v$S3J^7y^obj;2GR}#Jd8BlpCDHnl6k0!Poow_9 zQvb*r4%gXr#Wan9YJE8c6$w`=EXX3W8~ym;}N%Qx_-0>$A@LcGz4f0t1+$Zs|? z`*mXh64{+P{#4=$lhE&F#D}K2GZj8QWV3^0bbehZT4a=|VN{77GB;ueh$`mBWmmY; z)Z#1-5Ly>|JKB9}=J#!E@6JHM^06XFmA;@GNkuIZT6)gxb#uHbJDLnBkJITrJw&sj zPIxMfgD*f0`T4U9#e&fh`B{umZB)NtxW6@hC0`~G!T0d1|HgO65V6QycBtRmEB`qM zGosl8XY)alZQV~OS*MeZK)^1ro6}z?-1l}>z|bjgKwV`ZkGiu_TPFrTmNI<@{8?_6 zB*xROQ^t@`(b;V-0T+n^+$Zy@42vvnPpBU0H8%Rit5}+|=QIAFFy(zSRN-Ae zYCkv~3dQn(gd31E1G6<07fjL*+(zP$H641M7wQno5Uz|)R+`kyNvc^b2Xj1LYVWwC z21>hA9OIfw{65dR=I!{XIB`~MU*O@uRAM)fm9v{^1~-@Va*H|)r?&cB-susR15g1$ z>|M6muDzCfZyFOHA&xn8Do~)(GL~bPBnmYxKzBr02Ey=h1bWFOdE$Eh+84s9el+Zs zxnZ5vVHG6L6ED1Mx_oKQr@0l+Gda5A#&u})Q|{@OyW1WcUFZY({)k6pM^!K~{+PFXV}V;V&PDI(dIcGp z^tC}F6ks&J!XSyK&*}?fWbm36d!}nm$AD=7mk~@ggX5 zER++Fv&(gXH%1toscqIi?{x{n^n`E9iBA-ImgCTu%@1zaD^n^;suWLGpGMrNL`2~> z-tG%t-r1Jt`A4qWI@crn-7HN_&Y_ke=)46ep1|6%7(-`g3^W3#3Ayb(*IJ{x?A=*z z7lD`$LW5-U23|g^6+Z5oJa;*iQNp}yEX{2fQ&ghi zkDe!eAfDx!nluS=$ysy*Vl6kK*mvTnB2o9kxh@PsshVa$d;s@*X@CnTa}%F<=Fmxw zSPbJCcNPo&S=(lDr_R}LyZZ4X)tq}-tQj<523wAyJl!F@P%ZmHXkPadgm1ycrY*qK zq&YV{RN7Kysu<qYk1r(II&rFW% z7DVxb>ofxh_7YeX)`O~lu}PZ1A9jK8gyY^=B^K%fyOeNA)3?0=2o~@qfAUdz_~ttf z>sx_qm#O-bel~g+Mbg((;U%Af7OnXS*aZgrh}BeW5MjtiI(3xT;vC3X_)e-<>SDHP z6A)XM3$!g&$#l=y*2pt`Sl!#U<(_k|`3&OcWunB@aNCPVjIXp$f0wEGU^4PSe3)l) zG^fx3nGJVZJ1E{6atvDFo|lfz0mFH%e^|3Teyq&zsR3z8mJJ2&+G!yS;kR4+=^+v> zKcP;hcdx_+j1QRVZWavj$#R!`#=Ns#mBliC>j-<8EP=>ZYbK}h<->5x1DiEV`ZuOL z$7>8@ouxix#-SMzj`*Rtob7?FlOjyZK-gWFPVZ1LJq;qawhT6X44NBkFenpMH)Td} z5d>k^=T7P!9D)?{;lT%1H?*I{`aKF%Er;W|^cnc|oAOE|12k1_P{sz|B%2Gwv5S}6 zI8#xoqZ0@4)^PZU=RXw9!wM8ORY!998;}%CoLd9*GO8a48SDFMYU9MUt6DUy#{gU9 z)eP*?f*R2TvIMK{m%bb=f7g^u=sJO(rx_HC>9ytt^9W>py`10V3*ljmCxjiq#TF2i z{c_ROJaT8=U$@#3A=Jd_gUD~qgtnBT3_AZ4a(TG2fr`(zn3qw8)uRW89Ktymi{U-W z8-)d`K-&%BfCU3Bv_me`A2v^WWNgyShmX%|l_pq6nD+^wtD)LKe3hsftpy#uCv>xv z>=M)#;x2)(H^9&Ymow6^Hq!!TFG0otU}13Rv`_@oT#J4uXGUx}5JA6kG#MX?pCbfVNkrcTIWZH>&c<5|_# zSBGQ!r8W~7Tl3Z+WU%qlYsai~kz52z2_1F~e3O3_GdVGBN(wDp!pmK}e01=&^ScQf*JAT9S7j ztcC?98iJY2TK~%0DAM3_anV2casO>9ZE%BWeu^nA-=x)lezUVkhLurh84Vy$ zpV37^CS&^QzjGq#`z*GA$dpJHL)kLo|6G8nj#9sKA|#;h1s+T*kKNWH66^6X)j+2n zQ?~RB+V?PMe{2`4*ugFYl#R**gcsssCkJW&Bb|iOgt10_Fz-2R%yX~vSF*oxYU8WW9UDlU zA$|Tab@550{s};Ubl5VSdyd8))DP?#!+l?+tI{+xXZ+%_C~SCI6VD}%_O-vQQY(Fn zU79*o>t566C=UqVdypz3+%?`2jXI|zMKLx{6R9!W6CJ4|*%;Dj1-4{e15BkfZ&}Mi!1F^p z77|d$VU`SGEH}026LUTUxxu&vS#tO~SOi({M>!WHzqij(!2<&wEyCk|TB*A@M1+%x zU=dPBzfdI-xp4woHE#IY9*!L2R$PrkO0_dD(bwg0u%d2( zp7M|zklopcT}Vp-JrOap!vLZ))$EL>b9$|1z3Lyp0jX(0;&T`1&DhJ#NvICkOoe4Js0eW4$4{tl|^BGzRXXSRPvdOVqC- z)CdWgWwtXh;+cM9+{Pn+U3uQoF#_{D^^Zf72`};lx*b`may5J05r3TwTDbUZl!1`< z+M)M)S@E=vC~7_HjE@trSBz_x#;xAW9Z`mogSWt0i=T})JGsxOK*C_Z0jCNOE*OKb z8J`x>1|ycZ2bLvZ`*V0sjij8z!qdfd4IJ#)V~YzT%&{ZX7KVNk^X z7zr6jYPAk!oTGaWlK`nu%on*hjC}q<3Q(FJXa+Mv?ZoE0X7ncTkb}HuJf9ebJTCd- zj9);L{~=U=CoEX2xZCn4;36G>B5BM}7uFr|zE~&@VrY!V+36LdNyR}{<6*gvSP*?% zHmcw1aq-5@on3hRbuQR$JSDh``f_$aC*;Y;zcHEVR;=zMynt z$2B(bbAJ)m=e4?s1q8aDqs#}4F|B@2^_@sTAu(jrcz>*ODG$9$U4fnCC6vX>UVrjQ z1F9_Y-~#=AtwQIetBG6a9k7<8hyh6Of-aO{Q##we^?B7sn-1tcF-H0JhfJvsnJ5dp zDBPZ<#zU`Su1)rBGv_*^ziaxn3~luImiYpti~5SNW6T%)5Umcy-In_l3?_hpvy?UK z*A&_boD0g#og{$E?(@^~S(b%ZaK~!Z4je*xkPJ1-EDefB{?^Fa^h~>kykrtO@QwHg zneq2VfWNzg!v**Fb$CJ*WEfq{LdR$uAK&nPK#Z$>1Jt<XJ9!%6DX}3O}}e8XeLd zml&*nMn8Z^KcV+o{#yvY(`!7+B;qK8%hKgT|_P@rGJ7SF# zq70V_gG1$}Y#Y#~s%7JOzF_uLhIjSlfJ9)o8hnR9C;Wk ztHaQkY1T>S8;}Iz-6!=#VxHy>Cr+h_0c84OP2rfotv-Z|wOE`EEKv1F+S< z=3pI?G_rHBb~)E$CxTaJ7}pm)ghg7MY^^9}#wVZ?hH`r7kB`m&2$&=lJz-7+ArNZ~ z^SyX9PkbUfRqn(QTX%H?hh#T{ZyX5{Rwo zZT}fgkzX`&=VgpY11<#1Q|o{623z|*o2yRApYD(ZNKpdXJw;ZKInF(#iJFo?4JqMV za-ltOxOZdp3~#VCyboE#NSHcOD^lh-=}6BRLJVv2(s@n*;Y?&~UO3nheh z&Ge}QV1c1Z?7VkTXnR(m`)6d5*LO&%Hk9&+D#iW$mMIAP8#u-kbIe>*#@%y<$!7RgNcmqPoK^GDJ1JGUwmOfQPjNcSlDk z;Cd?-$cH01SwPFSPf~?ia93)kwQZTr5|R7n6`u&0acpH;!Ul*+Z&X@UgJB15YfmTy zAn#l;$%bqt4YUF(uUpG~Up-1`o>JQT5J%>*((=e>O0ya}G`mvjjVZ~a9T+EQ>k~ck zB)LU>go5bhoI>@mx88QE0Zk9{Lcap?e5jTg93$MRUukA&A2`28uYJqghwpv00kmQ! z#7?k%W~1DNrh56XdR6iuI7;{*STg>Dry+Ar`mQj>24m~Ec7D_L6(c6ZV#O>@wBJBi z2k$)S-<1qzkpr#GbctzLdLEU8=EIxO$cq)Y^&NO6&)qU!rHDM*@3VeALExDAey}_)|Ub(v2*^HBk!%G=+pz3UGD6LTr=P9q%cTa8nyzFZkq_1twoiy zzl7YL|HLze*n7_!=xlFi-1z2GW>gb0c8&vaT6}O2WU5ykou5VW9WpCpRnJTAE`JQ}NQND&a*dm(8q6`Q# z4tj43ru?{Wqf^S9&_P^I4TpKJmyC(aptojttL+{S^K%ycA2zC0lo833qX}uB{;iLW z0_-*Jj6gv&()jixryrH1KwvwDB)GiS7DZQ8e#<0TP$Ptl#^w>HkM#(Y?-=-jDGTi3 z_ZHRWa>)TG`406k@*u3<#RMu>TJ9lv^c4O)ds02xs+Y^NK4eX5&en@TGI!Y5j$Q-e zGv1uxTKqDk7@QP8`J>QnjqXWiGivc~u#^ zMscaOspJ7&C9X8d_-IcrFdn32B{;d_427%9jLN1s;5a9eFGx7*53{uRWF%c@Eizm7 zHj-JfQ8Ml40;L6sk|{x6?PU-VK3zk{Jn1ar`!WQ=K@YHeq7+MygTLw1J`gPOoOKwO zY6#3@^SfaQwRX`G2&yF5@7(i!fnN_~9Hboc4(x2}+<}ADw;ZQ{Xmb>vtX38|hND4J}5gN%}I;^?L)vdcRfj(6fl{*uda&{((6rSZiE#m@DP2q#8boX#TH^MLV&8q7Ka1c1)wTYn%@GVth<+7j!BICt~D_9rqJqI`y^m zUg&JgizF?M*)cP@$`ulI2|F&q!oAG{Oc|XS>MrD6Yq%ezx1EJM?aFJW0a^PWo)y$) zWQk`}zJu+Wc%^OFu#n#KLu+mdkI9Q+dQ>gQgp(|quoZ2TrkWpTj$wqvL%kgd!T!cw z1GP;UeSAbenHltBf#HAR!~az?%raVUof#d~Lz>iND0M-M5K7iz?RV6B| zF?^ncy?`x#SL1v!EPED{#<@x3rmx;~6h%B6c(mb35g`&Xv>z086xaBIBGy`l>A#uF zuBVlI{F+)D-usy#EINmdNXGi*lOXq`bfR=~B&-f&{g_}=5zASFWOKH01H3stDelkT zUWrc4=9UFQp%Q>9TH1XC(tu!gr!wR=)}C|6oZ_${MTBjTnckZa3`(2B0oJtfOzQmzkE* zgg#kXMBC~fSmf{L8P(oz9K1WD7)|@QXTN1vjON&yP@Xz- z$oDV)L&2)?1?(QtOvF!2|12llc*lLJt&$fmi5tl*P{eE#HE8VrwYYtxx+Z?xA1~k~ zj^ZS3l~h1CJlQ9^`ZT?D-_+xY22qyb{M1R<`I^vmEY39=rc+V7xTz8u675(u@Xf0H z$)BK2RZ;_P(+Y*2OXpe8Lx;RI?`(!As6#fbRPC{B%mjSXea(d`Oc<)=;)>$C<7Xtwt63!*?npF61`28+ zLJ+36J+wDliL?Czm~V>k$)zH(F{1Bw>!mHZC&`HIQo5W3y`g|Zi@^uf2%Yf9o+jSL z4Y!8pTj?Acx_yR%-7fSE%5m#eAi#sjkKMzW$NpZg&^Z@0`xN1Db1U^f!9Nf0Cj zEtj{EYTzt@l$P?~U1?9(y6@?EasU-*>9md_20wPpo1sx$nf7x-ok{T9p0@5UcKKB* z12NL@yaD906~Wq98!^m+VN~0!%tLR@{^>-g{LPf!axUf!PL5QyM#)#MKVgp3|ATgW z!&M;iygOFGz&9uo%jKwcq`I{KZ|JZ_sl&DYpT1iZ7AvR%WT1y|XAo}BApDEasyW{- z3lJB`E#;`g46VFTMD|5Th+s&csaCv&hK+30)6?e3Gm^5Z)FV6R7b+wRzWFZUPyMHI zA4;!>6dS*Kj&BH6fSHDzpg1xxMZOkngiypLdRT?-_UD{`ISdRL+|s4kjh{)U7PK%U z<0$42X-b{+=COcZcFHQ~HSKOgeA;GyGEX)Fm@JHF7RI2Bb#KyAqp24B%4-_;pruvL zS;QE9GPV~sIlJQ8U{J7pC|8=p-~6Z0JNc;nSk4wzPE*rv_VmuVrf_zCqOKDsHa38` z$>a!pa{a?IUi|q?WI?9+Vea<|Oo00iuNZ z6b6@o@1!-<#7Z9Fn7{S0q0%S~%HbtUQz8{2)(k|btalJ8?xOLu;iPzk-qCmVa-Xlw zZ7#80yvx{k?TA)c4#$oYaBwiXQTr^pGcur4{)PB)pr4qjf0Qz>*`xspgJn(a$r2s`-Vtg@j zzpqkPi`%X2FtarsGI027Wm!mHFXtt-r#j9{S-WD<;~MosaUw4de_Yc^i^Y}E1yG24 z@=#aXq@clb@3iPBnskZt#^rcu;Q|TL@jaJYCoQ<~SMH;Ffi;*VO8YWmMJoVAvWZp$129Mti%=TMvFRC0rO^GVhV3I zt2-*r=O!a;RI-rHF$-d8mEN|ChhN{GYxaj@*8y2H=hK|Xeowi_p#RW(bzo0z0lCb{ zV?dkR5qaQ@{2>$Pl7u+TDyH?pI+!dq3z{O)UaOvC5M}{Dn{z#pIQ65a#r|Fxv=v(u z!5X605xC=``S!#OnMNJ~_v*i}8g=o?xS4G;NE@>ydWcM($L{!tKjR&ZBSfyZ8%cd+ zHr2=o(u@fxK+qYMm{c~3gxGDf^nR$N{@y)VX~r$egw5!5I9}?r*(K22lZF!M+<{oc z-5A>o;^!fd{>p%uM`jJtg1F)P7#PCCG8({rgV{i@3m@jbF_M~k8o--=wjS%SRTSiK zdS-1^wstA*1q>;q#!W?z8h72hcUkS88J&TOql!j*YBG_I~?-H zQYUnI_Y%F9lfQ`zB>1dSxhn9$g&P6+`C0I9J$5k-z^&4)@Gogp9=0;Rr>H{hmnr!9 zq0v_ZjG+s3zCZP8UyFatZAKnOXd@+p3+$7bK*^j)#HuI%~vJTQrKYfz;@XY zu?!*NeI+a;L&?LN68ORMj}iqV^D)#&fcJ=TLsY*!17y*@B?UgBUkqJy{i}q5A`=>M1D~_cYS!WQleFMNW>}|h45As&Y4E!WR^LaQDhQqL7c!sHQ#jgvZgRywr$_J6w8m!$EJz-n1SL}(U zuL8g-2f08{Ldoo_-Qi5|^51=3(%l4VC)Gn`qc(~2Yzi((XJJ85Rl^(rWvB5}NLy#E zM1!I)bpMLvqY+5lx_(-141F%JG#k9_ybO}Ky3h;16}7e1 zi45ms~))Pt8O2p(4;P@tJHVxdD2=pWeVS<+Ytd>zmo}W4ddafOC>s1 zQrh?(bU9X;$K13V50dlT0*6Prcx)B1A7s8;U<%;7?umPCn1UQ9U|4q@nA3;(u^E!< zDIM+~Jl>TUx5N!tJfL(Prc`j|qw5iC%NPPv3trBzBZu#0*?F7beGaG14rvtIfkq_fKkHLB zJ->NfEA1Cs3lwPSHgEeR67m_@1ZKx}g;)QV+Gx(G9+${+umh&S#RX~D$|?UlojeDZ zedTcW_o-5`_>KdNnhhACmn73U=ks1)(x~utgr@>Nm>eEA2?64Zkhb*)Lsgbjxk@&8 z$_CsCuAoi?-y8(X5B8v^nN!d36$d3~Bf@L!+D;z7p6E9lFv-N%6)L>DQ9^5pNouYw zgrFK!(8C;k_NVnZM$;ibTu!J=Z)C*|8DMlmORRP`0hFAxznQg6KOzn)S)9~n^|b?} zjPs;=nAccl#7O`2kD=O^s(w$d^MSd6j+8}GzO|mUN^Yaw1XHg|oWy-rK_n?#f?1$z zu6n0^*V<*Sj`SA*AAsMQN2X#ZS8z9uv>7O_d97sMT5_!w(IR{$S>}_w_E|5l>%8{_ zW|$02QgGU-%SY2nM}V*pb4~7w&RyT#K5@AB{c;F|+0-z)#2QCI(Q%p`A^rGm@&>~I z?2vQCP$2J7SFgX6%; zm%Ia{aXnqO|Cu?ICV`-s1F{qcp|hXu(G}356a|s&!;cfH-C3=T-vxgp1^8j90A1Ru zM8dQ>DLHHQlB3FyhN3~Rm@z{m3La(Yc**OEV z6E#J(aP$g)@qZ~0sC+*7v%}E7q8Y2V#6#?GFjLh)t+ZOG(^j)=m063oon- z^a-qimf7^~kv+>x5Mt!MuYUYuOEh19>MC^L)=Zr~^oI*vxpUsJ5gZ}~X%Je(L^qtP zF!Y8HRLY)bZ@rTMg_}x-h2FqMH0h=(>{1B=R+vTUc;TpXh$n>bqOFyx#rWRak>QCq zRx>F+vk{sZXw}D;2Ak7$Jnq!6TviK9)Z;{~45Qd2Z+CNVF!(^nxET<_a+X(>MM1BV z9kSjn_`j)%cnZeU8FW|MXZMvWnf^-*o~B&Nq9~z$O%qOKoDt2B<13z~9XH)&GbOrT zlCv!3-ub1(yQB~;D5gHww*`e5YlgLzMaGwxQ@1A6k2ZNP|P zH?Gyhz@N9ph+VX;N2I-6@bvz)cJ8PVhtYRfroh_8=GYh3wc!$WG?r|74md=Qdoc3g z0$G!TAta?9GTbDh+aFaIy|h^yLoV9hF7Y`+{Fb)AF-;KWP1YH);Lgi*bpL$)SyI$q z4hv7qFC!o#2?%zbOX79vx~UXsP~}+3f|kc6-Trs&zQ&W!acW)dhV1%v4Ti_ug*%xo zIWKBx#E|G40nS-Z#{s#k-|F)-%#t;?^VpNo=5SjlWmb&rF$RW(z~|#=2QGHxgA}`9 zq5e5VvtO}iwI`?W$*n-#J6O09$4g3OZ0-_hjgkqdhpZnWMmub2ZE?S2yl{`jNT|PF zR=JA=fL{J?7u_2-4yH@-2{Z?goT!0+D(Y7Wp}6YBWq789dBTdrw&pKr+qf@k1e;WY zf7!4w4SD6c*vUdZEi1yFu5E48b1Xk>q}X3%Ypj!FNZ`GPT!lH0p&V=#Z(R2-6EHb>nGx`^x^`hTl>~n~g z!~)cr+ZUu`c>fDIpeqtX#VvNyTM|Xj7-d+aJV)s*7LSaE4mCh&^E#fOj?`$b)Iz4i z-!_=caEC2n_VLyyuR(={%c7(g{OD`b|BES6mTwNx?o;IKcJ~|Rd8X7B| zk3w&(9+H;a;S6FnBqeARctGM1l&{|JEoy#Kmso9Q&TXSH!qEFS3C3(k#%sV+Fa`Z3 zYruuCRdWY9}G}PE!Tn!kZqcs; zk@9K+n*jVzZlcZ?Xk@+;@dn6LNUn2jd33T%6o`7d#W*4;%%uzvCeId167RZsAr?>` z+w~1{>#{1RoU-6CX>yAy#WNrTE$E-S*JB)B8yOwKrv*9 zbIG&I6g}ur^!Xln)3G=S&eDg@`ucqBXt9n+>>#~mI8S|;US@z=X;@zXnA zD@70nV_OPK3z?#IC2L(lXNY3W;H*}r|=Q9#`VF=qIwkz|xUQN?33J%p@Q}mJ; zQ}@LS-U(a3{256X<|wCh&Ar=l9Xgid z{OuiK`#(nd1qWrM7Hk*Et&AkhLEJn|QgVN7pMTxQaSN>> z(DYLCe;|P}THezsjk6kShi=Q$JlO)c+8 zG$q7F@X_G;0#w1olDDJo%wFl%tsp|<+X&+k#?|WhnKWY+5}6BDp>U_ECNWNsbbtH_ z?{EmiP5=EapRqFgZ5yzj@S@okC&t=bIdhY;^pUSywJk`<5e&EjDvxzpr$1aM7Ly7#VR4#hcLDc+p`d-9M)&woFGfk&~izh zg{po;>UlifWOC@amfPxOjQo}2DCoF4`^~>nI}xN?W)4m9yuh5Kvi|R#4Il(`rz+QB z*vM*W)((l8q@qDQGawZz9^F%eH7|5gqUK5n*+7R!!~@K8-3o~B_SjBc!O;5Ptz^g` zZ|KJjFu_VT^srO?Hd(@X@p5g|*q&?5ws4Ai^0euC%pox7=DFR1mWyaGOPlT;YI&D! zfS-a39?F`42AQeX+Z8%1E^iShBz%KvaGPm@F4am_N>K7Op<+q@RUC_@Zoq^X^U+*- z5HSnyjNHwFgweD%^Sin0D=DE2N4oO|6H~5i-g{URY$a^vE8?@eNZHeQ!f)e(7O%Vl z`m|6P7|@Nwl8{fp`^mHMZ2e-OvZI!C?m^oOZKr!QjUQcDcp_=oIK$M+a&_ zUENX@reHy*$CJ|UeCHH5yd-=M>5q-DFJ$0tQs-^+>>&ua_7f`&U9uKs8eNNx7#A~0 zHmMq!YDF6Zcw0iG)mtLNM2j5Phi{acs}wwmEen0J(I3mu)ND;7ZpG^Zu-0aWV*#G; zSlHX(7J9zpm!z;h&zG!MmE8j}zN$tu;g>BqO)~3TCp@Xo0w%EOYLNgR4s*pE0pRgi zKNws+)i#^Ut#$5l0+DN4Wi1qJGf%*&A#7PL1|9LRlbkUuuTQ))IMV_@c8jCX1$eWJ zTmamRhwHHdj{xt3x*p`wFfO$T>kj$<61l2R=vM`|zNu_B(t9HMjF#9>>XLGSlkMgS zcxf*w3Jm|1SJ}M)HiF4puF*Pq`u4Xo14wCln~-W>g_q%JT^xG|NoJdoT-7W&lUu+c zPKfx?0MV`WWe=eXN7b}^Q_%#7+WvRegPI9BIaRferkYRGErNLUYdR4C&lFr+I{Qh| zjMRG?FK8K%6uO$>tli4pzlZ2yW>=ECV|{s#rksY#xU>mvS)Kr_4jS?ZvnHga^jHIS zhK%+=mZLge?$OBf2l$nFLH1CqQwFvQ&Cn}x!N5lgK$EDMWvKjNCUgzkQ_hj!uM%+G4jSbQn8tLPe}$w>-I5x2oR-6^|#oA zMT&9D;JCNVn6JT)-~?S{GkB|&c-=Hdap^PLYb4`l{b0QUAn*c!(LIl54J%NHcnQ($ zeY7q?pEA?jB4-{qWz!O#IbhAv6q5kG({JWM!lCx(PdpzZGK zjs5pT!vY7wN<4xv9Is**ynuTfn{+2K8%A-_+f^&EYkW3__>=0RhMq9b*1e$&8XKs$ zn_UA}Reb?p`4M%ogls}>Dfz#^dYfB#ux|XM?LR1DUnfZB1iRWbtFsI!>JHny1f`OO zr3|(>-qVZ{NaA&hVGM37Pa}zxg`}YswmP!GSj8jja{IP8*S9xv^vteYq2Tg6ZS`#$ zAD{x}xS_niX!`fF<@O8EXLk6i6h0&7vwZC7%aRR)Agn;1AZ2OR+|tvJ^tl_39KLCi zvLBQIviT3()Y3r#VW36BRt0QuIfXgL25%+S1xhj46UJ*t%7z-ovvB}B)&q=6_w7vl zRJrclVIVC_$Uh2{()_QkP1-h*Jj$|r{pxGYoHx75CfbO`3bah1g?H{-pd2)0xdMhB zZTKzPq}Fg!rhv(HBtkQjng4OJ&cxEBn9g5Oq|*h9LwHO-fs$SR`EETW_GO)EpYq%> zm9Btwxhga(_))BK&djftl})$58kiR_{AQ1r(ul3`)0==hqjvUjkk4Jj{_6|sM6uF( zm@DhtjbvMhu$|x5Hu7h{+I{(za6fu_`zv)fS#Td>bWxN#)hS$2i89Mm%$c3x?5MDW zW#;Gks!0%>FJI0_)ycnAU8`I|SW#yFg-j}RT}7wK?sGKTs=t&!h*7tKptL6fJW??$ zF~fJyoSBlIDgc{ghsCDInWoV?U5TY@!DqCCKbVvOKOJ{N44%~lZ)Cre^ zF@*5|2q>=42R6QCj=*=|B<}P8-w7Ut(lT}_W-yRdN6pS?DM4NISbm_I3~zL~1{+X! zp~_1OX^UE{d3&F-BGJ9kV6pil3D*UmX)=sB-G`si6?kGM4+n|rhh-}>l&{Fz7j`?b z#T}s=PXU;a93eRCuzVWxRpGTBCleV=Ie$U75~nM-g=++dC{Ka0i<;Kd@Lq1F+7F=t*>mHm=m((DX<8j_hqazEWiW zf&g`ce}vj6Z=<^2c^B1kdN|ip^QL0c=K^O+N%Vy)6%by0ws@2!|2-$mxgE6l&o;?r z$%WR+2=Ky6EeUsY>N$R(Ph^&Lvx%lnVL~E_IoiM-!L*T(ub)y;18wTL@}>#$MVCed zGtSIpXEnuK?)Gb=*9Q+X7Xq|92A~IWO?K#{ii28favf<9h%t`V?C!;!pK^RK{?kps zrqPQhU2$9O6?cjaE(1t%ivpQRENX)$unA1}wFm(P~)8i$Mh_VyV?TRsqE&tDw zDW{}MuuF<0UdOyXCjGf(aficY8}Qfal@>g#(}>3%E89eA6IoSilcNcCRbM{1hqe1KmBw3pILQefgw^1!@q>v^B6Nj)hBu@JW zJhqgd`5LHY_LJ_NW=Ly1a*J@;==lmyQhJ7dH3@ZTs}8wty&mFF^k<7NwtYTfk;R0s z#fk2t|BLZwkPv`Ti){NYAtw}1Nh>vS!DlaboOql>;yRQ_gbkf1%*wF%1wN)AKM&X@ z_nSzEqOXragP#!wMfUeF-1-74FE(4A*Du68>wOzCHhk25PhR+FYHa`qKWQm2TCa!w z5M)aaDx7bh+(2^jTBPs+)+% zJm7yF%{_B^S>j_r3ZX+i@r%bwTNU^g^8BDBD6(S=brpJ(DoJc^7ogZ>HU2MhB1xUC zxSgJmD>nx4I5}suhE_JTU_Ur5WVOI38-q;WxdXi2X|jp-4o@z-IlYRFnigKgoDK(vcTqFVQmTUKm+eVV@t_zg)+<G#J~Q?!R+GpanIMg*pRhPm14|A?$-z% z2OtcSR5_r05b9k5c@d z)ai77)r=ttaAM7_l9B340@F1hF`LL1fcR!%XMpL@J><1zH{W$N1frpuF1QG8`MZ6o zFke9AJl|F>&VmBme#8yQe&$DVthzQyzZQg!FuBYScT*hvVhDkPjT_kVE6J~qN zGF>v0$Gum|3R^&m0Wo%$+%u&luX_Zbc^S8MATX4^(UFiKRW{cCbC|!=~W< z`k76`g@4cvzD4&#k(se%?G1o8F=56RBRAT|l|464`55s?niYy6*eUd`|!Q z$4!B8brB0!qGxPQ5|@By#8xS|nQ6DmLZg6Z_8|^aMoT~o5&PfBZS`vUch0Kt9^*%s znHmP_Tu3X+lAU-1JF=q>850>+*@ldlE=M)GC5`ND6w>G1en<^9z)or*afR0;Wvjw;!-Z&nPhQ%BiJ{dc(Zkgm%~>^+o0K7lS`5mS$oU{ z-}i=gAi#KunJ@TM&6Td?I(yL$1cWeZ@INY)_`B?b#}_zd8l5p8`>=maDy+<#IdiHt ze(&8tW#Q&}$O9$~xpYHU^|k)TygeJX{?i}Ex!Ljkl0DU4PygC2#MdEt%#Y7f(l&nu#dQyXXaAKEaIc@CR0<# z2UoFsjp!cLCZGPxkNi&Cm5o<50hrjVpnC5j@}<2G6gXen?X1`-_(os_1yFBoWlv{8 zj49Q(nQFJ9rTRlKHN!jVB zXu4rp?bUbZaA7zgTWxwwkL5t_TgkLkF64~_1y-5~G|92G%_QT!6n@@02}9ifsfM5F zX9`HB#J*xE-I0ZpCA)yR&3{Ac2y_Gbzp0wvkV{o{FReIonSl^9EUVN-b4C}^8FQ%} zwBN5-s&`Jo73XJ6(}!;1)uOBF+i_c~=cxxnrTxk%kxS7vBN1J_F-)C@S)eE3pjeM*LcjT6_SJI5ht}Zv zN^94M2l}lChSPKFZuvrJn)Jepr8d~?eql)|?ZL_UF7uR-Bj?8OfaoVBq9>qesq^!x`A-WG0V4=&_*+W!H*K%K~LCNpl!I zM3NUZYWz;F)6}nhX60X}E~%d^zWYOfKYE_Dj@92H>qj(k363>MFm8s9U&@a#c{rp4 zaXKh5w&_jbX&P5j#ZP1DfL$!$WGSFFBFyN_$X-OPPcX(It>E&f6+iJEq9VPvxtcua zdaO(^d0dfeIKB4ZL{5>)YRgO^>6t4clH4lRbmqAPn^?glRwS*#fb(*}sl=$(*WJxVLS}cqi<4zwbE0*9wt{IB-MTV41+F&M}{>uGT$$%B@DV zTK-Cd=FV8LhkcSk{_+`1c2{RzfdaB!RUZDfIvGYLBxqDP;jyUo_(??#UjC=GWrzLa z@aURR3uM*@n$BoPNc&9B2xRozOPTo(iuMX};?5|f${157=}CizD;4EU98HZAJPIBc zZlSbSNMkpdE_x0G2s~I7O|-_-5~GXO2T|QG;#$fO8Alx3-wLUv=3=5^xSStlN!v3V zW-XDWmkr;>D<`HUK`y@7WQIos<>~ZL%3ctc5hw`lITO;xY$odzTg*V>?~%$$rc?c= ztCB01sJ}iquJ3u7{=7x2lOGM9+myy3t6ZmrVZtUbrll6KF;55dGC|vN-n$wIEm7m6 z*J!MSQr)61pSn{UYKfes=FOPRu2EortjjbL)>veZ0$j32beTL1K%#5tlk(_VB^u#- z&){i-Kww8yegkXoI*nJPOF7AO08ZLCDY^|~!%p7pcL}0rJe~i$jGGre?H8YrcrMqm z`T&x;-h;5_k?if?c02vr&nsEOKh(w3T8Gp5KEe#LCJG3$b+rUgC&Rc~|JW&_wtyaa z&Gr>bTp{pq3y!Z4ZAZt3_0_d3GOlEX)gcF#rZcTsq=5(Zyp8rZHEC&hxfBybH9*S0<6dWSN?LVXmX4SX6*|u(OutC*RWRq8H=HCR@I8)w8IxhMjN2Z2c-=#EghUr3Qk{wyO=iDc6gW4s+vJH4k@rgX4EEY!pTCk ziPD%TW3G}BKZpg-I^l%K9a$CLHN~h6ao~k1(%MB|o1Sv*!UkZwC_pDI-RoyUb2%Fm zTHTL?+V@&Vy!e~?x8VW(Ys-fBIn^*%LHYN#SmMJsc_>~vZU$+_nQtN&fJwD`!(~r8 z`<5MN>c6UUBM$x+7yb$e=wk!?u1ujlD+_9IzX6;OIK1HJRL{AVnx{1LrQIF}Xl8kj zFWasTqYA~CJbTaZ#yI~5JsFkB^H$6XJEL7Z&+^mD>M<^#qR{y{NZg%hWE=_$S9i#j zLxzCkT|*eJIx7jK1+4J;08~v)8o`qdyhd!wloDm&z&K^t=?Me;kyZ&y#nZ1VJ1CSWFyJU=CT)Gj;Fl#y zPWaKrXvyg~WEzmZe4}1i)#@m*3rV^%&}qIbp|~kZ=w2`_l9IBJ0>y&~V(=TYOK3r$ zoe31!dGVN{Ug>+Wi7nKRXmX`NGP!b!Vya&Fh}PwQ|3nFAJi4SSQdHoA~fIXxz)K zufM-}K$z}IK`eZWn|YI8SrCM`1#GL4;sx3Hl~7+BKS4Ch6S?8^Bn+Vr<;n-?;)E99fi*3t+Uh2 zh(gQq=W)6NiBRjn2^}>uiO<(GHLB&6O3e%`$!P>`{#nR(2z^PTi&L_*2?b!HW^orY zojSDB2A zHSy^vXbp*BMr_E#N!~>KBR<>Q-hl<*5ZMC`GN0(YD=)xOs)XxZTJzAk`Z5rQXl%w= z>4Qo6jYpi0x28W+UHD&^S57kjgb2b-I<#Uy+tPdC1mdM?Nm5BOzHA!8_ra6b_`-Q~ zAQv2)S9JSYpwT-q{i(~21}UN1Y~+N{Qq80);H&@5h*ig$j%8634~uljnWg^XVK z`W)YYe^yVS*E8}ZVcIrek;szt3&EKM;4JQTSG68E8YMqx%qLEKba;uEg1e4`jBque z8WqWu=mLoIqrmWBN&~O$lrsoJ{ef0G|7rArjtZ}a1*JEBsM5smEg^XzqqJMK>Nw-@ z3GC@*PQ4?difRP5Z*^CkBrFv+bK1)uFHK--;x)|e>(DwKXV7y)FypdiQw={5NEEUO zJqvcTZr4!>{|&L;`7Nq|336xo3mfFhs7n3N7x5xFdY=W|OeX*V0ecsa_@K}yfag1h zgj#Pl_y=Si-=ME8sG34Hiocr0XwKT}cD%IdM%J0ibKgJwkY0K>cDET2ecKjF!FBS` zsI(?kmWmA16mb>Cg@~)p&{M%KL z<93eXV#IB-6r!_Jx#m>coN2#>rsI7@#%+1NiG6!4}Z;?efk4*u??cyrX9*e zP8~4#T-9B0?RG2zy>h?Bm1X~F}7-vJNztQXJ1*e;yQX^hR!yo#hrWHtSB@e2Z zWr>R;oNxS=H14(XM~BfR3JYmE;kFs(z+3PoBBE*%DOORC#5b^Y;?`lSYikYEdLKpe zz(+VS$9E?AdZc7K3MMSX~;I0#6K_JB%9#6&@VY~?zrL)gUbQdg zbJ~eDt#w2DOpBd0fZnkvT_E+D>p&L*Pk*3>Qa?+GtS*IT48a{QF0-AJV3aJd+iczMY{TJ;N*iVuoY-Al z@mowWQ`AXU8DM5qQ3d{hOoxpM1M0N6Xz!iVaUhIVHIONkl+uvnOC-cs7Ze`K-(X64 z(QQDp4%nKswmZU5reeWbeOB|8Iv) zJPUy8jCN%cEf;h1Qh%JSO_aoKn1{Y2dB6=kn4G-J9^$?MvqOyd6Wjls<3{(XRfo`T zmw8B@uZG}qxtJLxNDL6!q+F=bfmHL z_YG6qo$RWw<@?F$y$sCucC4_Dn5aQ(&01FDko$~%fAdvpfkYFs&05($c|B)Q69rQh z@LeiepPhlyLxH{RI~`*)qeJG)KgFF|9I$21(y#=|vZb!VdH2WBbF2t^&hVkqSAO)? zkX@fcw3b3R@;OH%Ci<0@y+fC`{Mr@J<4OxVjVJ{abZ1*c!v>z$KG5WpeF5OM)@iQ$ zfbxGP)+3ru%nicaP!j+)XiPpBlB+ce}8yb@W!**so8g~eUbApz^c2ye^hVhKmSF*g%*+SD^P2MS9 zy$TF$$AOpEnrC$8NTWSMPEG^~q^N#Rh;cZ#_7pDp^X7qb#dOpIjjY=jF+w%a(}~S* zT5h~5`=KTC5OLS&&O;}DSB}?U_|0vkh3CQ)AN*kIg+a;Y9kW1Vx&w!?kysJ zoS2#m#M=IFS+v}G3tG(@dGNW$Ko@pkkE$8J5Dh>7*D4`~BT+w*DSVE7+(bl>t_*eb zCw;Q6)H;N$-6Z58j}sYXXh7@(8o4Mdsmj10r}U(2>-TDw9a&bH&8s36(BQ-7b+ zc0cpkhGAG=yA-gJk|D-YCZ>1&wFK+garnv=gcBHO=6w-pX>-I^uFYC2KF8`_FLcGw zQs7u;`PO#$#GN6KZnEA7C8NdcME%wHr+l{>Cqqj5tYGbL8#rl+$F}~{UDQo=o5X|K zO1(yZ63zY6jxXtsNHUYFs@5(HbCTnJ%6-&>GuTQCdY)o6O=|=);B$Uoqx}(+0@$VS|a*u5{z0 z(cmG(HZ0*9`v2UQle8>f8(j=P6%shk@o2G5*75|(U~yi1hm8j#x$dVCZ0!5HZVluh zP=RUiuDMQdtn9%{W;Pb>8G4lUkLvJnV_{8!>C+fW!#<3_Y5I$|WbY=6W=KIjNBat3 z4V?u-UFXK?DklCJ(!~Db)$RWj_p&uXtKyZnNWm=2X0$c`Sc+_bGuFLBY#CA}P^2u# z1T<%V`%fD!=yvTM9t2`~FvlcRH!aDA0aUgMb5ub?n8X!%llFs;yk*i!THakOgem#l zmSxS-?A0r06!$AyCmzb=DA}B&I7hw|0zxp)h0ZX+eRDxAsL&II;iN$s+TqvnJN0V5 zS^-Au%g;4fBgR(s!v3> zz*Ry=vc@hO53aL5sE(k?%!SV)1mb73rY&4yc6$Fo$=xMzuDfWqu->l2ACi}>=Gsw& zifDa7=5KSjPt!@UBu7hxSzK~g|A(KP>!DO_jD9ds4h8MEOf)ellP$6vXk2&DAiJ2) z;=jdT+06cw^`<(ejj5bVpwVvYWzgoGUm%~z%d7Z$$}-)tTg-v83ALq2lwVLm_VJ}E zx0(%554Sst^+r!-f-*N}Ar}-d8$_>J*6SQo4|F5nn(c#d|H^ixyS~BIk^FEiMHLs;Ul!t@{>8ds)0#D-E)AgA5*8^%K4U&!tuF!s{0qMgqk zSC;Fr(?fX2@w$aFBZD+KgA{rZZIaEQKs8Sj?Y0L{Aucwl%d#!!aASBaWZ@0M;GfkW zj?bywvKLmCtDnK3DR4W4943L`4ZW-E!%CIXtI>EzOfWkx)76h0wMjV0?YYUgPQ#Bd z$ubMx9htd>?(h5~f+39$PLj$x`L+wWec`>RIJONBcGu=Q)4nVBQqRi+8ayMbkMeRx zS^MlwQI5b$b<{CE^a@6ml798a1{Nd~k&>Pl0-R93|%UG7E6tw(gNgIm`X;B!OX5-Y^I6tF900%RBqe~IeiEyWoi$);{% zxeuEf)u~4hmY}%=8KO}3Ur$!QF>DeEe7)wSo3{R|h$(9ZxiIblILvmaqY%gm3F9T_ zO6^3hlnh#^j_CP3oRoEPy4lc>@qDw3L2Sj5&5TCWRY%;7_kd+~x6S8btO(rC@5GVT z7m+l-+Y`QCqdxyIBCr!#1;CW1!|+lTend%NAX4pcCG{k~qBQ?pEXfz%qn{90gnfC! zbHNmmBgNg%)6(t*4Wt6cYl4+xlDvX#KMe>KI$sS_2k*7TMt!C5|1E(7@q2QuB4lzB zZE}C?LZBt75SfHHDzD7bLvyr0uO-Eyy%}a<=RU_}@64!QUwG5$pl3;IaQl7t)amix zdz!Na%@nXRA)Sf}*re@UD=Q!Apveh9a`=T{&>gKb`Bs;ryKitVj9;qVAc2N&Q_h%J zoDM%*MLNKAT5=^*dqwN>5^KW~=Y$(V92JXOtsYaTaE6*g>sXqJkNXYHZ}@r z(a_}?r>pFL?EX(>)T;Eo5>e(OpbC87cctO8r~QB`h8A!>0psJriGa9P911eRXUFRm ztp{vb0Jk^`(b+p1R^zHP3RalDme{>L@ejVl04{$Loi^JCV+*Z$F&r_K7A*)kHghnE z(oB{E^4XxfxeB+MYK{5~s})TMm(%01OX~4^Kc-lk1BAb&Qq_8*YwIY<-mOgZ54u2+ zL(?F|tQnf`gWhMiCd_j*IMS=!*c(CO46{Z~D^bp>QaUTkY3Wy@!eY(y@K#Rj%9m73 zfeVAa$T*559V9ce!kFyeC#S|M(kj@H2;=K6CoFZ~Cr9W78BtgqhLDn~Bb&7g73QHaUJz2{H>>()^iHb|@$w7MlIv!HXqANXd^ zv4mCak1dNFbam4?FdJ6jmahMO1pMI-kqPOg-p^?j&E06O>D{^(ub46kpfSH5^M0xgJf{sf zjq7oFBcN@*MY#3vL{vK{7T(aRFw245xycNT_=xD8jc;6rlv2!#HQH4;;txC9i)ovs z;LH3CuPqn0pT(x}cC=sx>fUhA0X~K!U3_&RfZN=Bo%W&3njMiYJN-D}MCNwiMk{6*r8wJY(vKGI7l-$X;7^5TH%t%oAx7R$}CLgrSR zt!&q_X6o!7YP#JBg;=2i+BNL-*M9;QuaQ;}2HoRvb%KgRcRHP`eAcsD7Xk2=P)+#K z&!N2>5)G!bRH=f?^-rGrkWs-K`DQmjv6=ru3*4<(FI|Hf%<%D&Fks7vtyALS!%q&d zq#)oPz!Sx9&lFCC%}#6a7g`;rrS5c31UT?Df7a+fxo$_07(d~Tss@j;G-7xDAdDb3-!6fFK!6#EdaXgKwQKyhuxzvEth_Rg zpj`1~3Lq8~mciE#xh2S-J!eA(o}t_$9u}(PXbhIX!+G!9f-wdBAw(Dd3UW{tMJNK0*GJRA2S$Hs5L<4vtzAskbdD-m?_8QzF?mZG= zEpGu*r^IQNhRE`C&`~@v;^vZ!2S#?j_GQKg5V`@Z(}1&G7g2~HU&1ijlxRXRfC$*Y zDFAaymt;gRuCJ}GQaxy5)0Ox-*T%2NB@Z)mrNm2IOAuAqY*`Mq@QxHiz%6yM=1;t! z%Ho4wu4Y!@8Qbv11pu?nuc`SO#}QNxV3Tq5Mg=*l=*^1QOe?JC z#g*L404CwANV3xP*kL$4ofD{Ek*xJ~f4sXs59r(Je*NBGWr~hyV;5!k7$w4BB%U_=qnx`XgIByr8>Tcs z**aOE`?+t6Lw)l~Em9l>E|?P>Y7xUxBpF~n@!rFA5ee|h0)7>9h8v;P6O4>r{|6>$ z!^Er{u3Hu}4q4n=zDfYRaWD{REGjh0sU1i6TOJ42kS)2P#LMUiWxTxsE_@xD01Rfr z$RMod7&RGwXh?=QSQ*NsIv6g6sGdE`6`5!3!7?;Pg|(_u zo6otbKXq`W$kA~^OA^d&@N0rmCr8yMd^bJ=)e0zUOOPVE~3zP+ZS>~n6~tTmlOUA%^JS)l?8be;%j1j zEA}6CO-szsHV9QsuT$mY)jFQPG|pIYrzbHZwxUCed|+8-I>KxaLfheU-rYfJ{1YuMrs#+S+qe}@>J$5koOgx% z#OFc}n81R4g)u2BYnY7ZZqOjM}=Zj%X$PsXQW8zX}BO3oq)m;r1A)5e2so%%{* z?^}zeZV-Jv&LN-5mc=F=>E5&2E%U+K;9}eNJ|#S<#x{X=5N_HQs}19i$nv%(SiSE? zgv#1QJ4GMj)k&k1@K*vA-Ng(({c?-^BUDEjGQF`(X@fF3rjm&yTO9rRN~swNQ{lH) z;KNC=J==ix7|8q;{`vp5sO`2`a`KYQ_gxWPoZmV$%~QUCg~o5Vs>t)C`vC(~5pYZ7 zHX6m+vg9r*URc~Yw;8<%@CafP}bP|{AcWMl73G)Qd?G0TmlP)=MQj3Ci+?H{LOhR*6p z?geS75K&{pw(`qWY=}L60>{Vyc5wq$y!`w+c)N9!8z^uz6x8FD*+ev+R3CFulHTe< zLy`(}(e&eFEC@8OsRm-&Td5^Hx=9G_Ck&2fJ5nb8R44#!mDCl33Z)56ih3@}zY!0{ zB*?#M;^{-q+weBK{?h?)%q~Mk^^&J4B^Q&Y-+*Gb&SnP23ZRz^tYT- z2OulkaA%5j4waY|+L|&#^t-(9e+P;L4^;1Y!tv;NbD&MbwCTdF1Zm-d+EeQ0(oJY5 zYIe{GD{gqh-KI^r%QhOKuprFC@zZ)#{##oAYLG|cn}_o%Y9EZHhy(V6ug5;! ztQiT|@0*>yjzq9_!0Z3)f*U3QXDKx%o`3!aRH1vV1r03rNk=BAfZRp>9BMlRy$?{~ zxAnT0w=Cg=4&#kASDQ3UsicqaptY;q@l|`P)#lk*sM+7ut$zSqNTBf0WRLhdgW<}5 z+AwQ~gAC)NS}%gq1e@N|B(jVwA&t??jR5_p2Dhb^Z}cvC6mSSXu!3n8aa|XR8 zU;WRh=}~6fWweqThzVI*=j)r$g#CcC|6a)BF^?s{w!3Qm{zdeT1R_Gj9mAv9)fjG) z!?X6n5d5Eoa%j&?k`~fqrDP=wTc5VY)|vTYramg1^BXp7`2<~hE3He^V<`f^A==i+fAhI>PkkIFeDx}XmK-(p7Yk|a#v`M>wT}$#?PoDR!=GA ztW?I@_q<4!WS((hH)j?IAChrlq!$7=;pEG|^+_IHVYT;knyF<=^rDz$1fb6wpxVv_ zN^VO^nr51iZz$B6{@@yrvZ#te(WIN~r%{$ASU{cdv|c^-XhJ!x#wY14<8@{E#STET zVcxQC1>~!)Jl!u{p0_X-;CUOGbTW?;gv1pA_K2ym9Y^t|N4yT(GUnB{bmDS-WaMxo zV^xpq79AO)>byx@UnTh)lm|DtYGQ&teyjM7%<+K$+bE|J8GFyxC{^NW#9QN1`d!Jn zV#vSXuBSIi#~^S#6_4wqLb)V|5d_G=(i;cGe)gRYv>}5vP3!g8{!MRKLE4Tu)ylht zHJf3LB;vhOnvvh_>2TcU6CS2fG%trsDERg$tIYBrW_qZ1j-a=!IH+xG0~2`XupYkFcgk6YKORNk z6!Q|^yh2=R-ClY8^5DHSu91^kflaQx(56H1vn@+eR}TP&xl;fRxSlp7i|h>^KV>R0 z2!|^yQhk#c!lJks#bxq@b3Q>(b*{FzV4a2-Ex3Sk^DxDZd?mqtmmq-_6znx9lVW2V zE0oYOK4v#mDQ@Ec{(tcPVY{jv&e``Cvqtl=dd*&u?SJXFm!}*AS!VF^I!7LWJhj=^ zMfDB#`;9iWg+xCAA7A(KpJ$Av8Q2dFGDF~T@3NO%o5cdZDXja(*d%2fk8qla$tdl) z>P$Z^8-w8*@@G+Hg6ht3W(u2bP6%7@x{9K%k9jWe-tSpsSA3diL{w7BV*@5lqbJnt ztANTd4`|Cx@-6DD{kG3(y{usqn6Z-HIOaYGgQsEwQ+NM*0-Mv5m@OuGu6Hxiw@4hi2S!708z^) zC0m$Qp9A+7+4&!(Y3JqgSJF9fJyaf2VpHIdpoqegsQ{u5%DeH|1Z&^p5q?(LHL__7 z&XW9qf!n)o#wpCA-;=WL4b_SwanYwA`ylq&bRN@j4{E`XG%fnav2tTxj5ak-C`8mt z%P|i)W-Q9TnO}XEMv2Brx6AGiLF9`KR7hnCRg<5w-V|~o%pX+aX67<%uT23CbHQlQ zbP5H|we!sla>TNc2#;b(^lHDOxX^cO9ZwMpfo*?e*DK64|DT_#U=H1`5+uxQuE8{8 zN6yzn{HvqlG=1?{4D1$}^YY!Q?yVymDJoY2Y!&B)1ByCmFLS6)pxOe^V4(fG_khaI zY}BOHF=?0vHxDPp{tSc;S0d$uo9(-g$TzRos5mT-TkZ)5#=(0gQLbp`u)u8FJQ7on zdm7(PZU6VIDeinn$A_Az$|#)Gy0+$GV^<417DWCwbPcG|xj{|C2YAw9w|;t-Dmj_s z)V_1Yq}3hOm4#0hJjGkHgCX#s<3C{JQZ$#s6NSyOOk=f3FuN3W;0Fym9Z|cAAf~_G zZiqOaEmrbP1#A1S8sV#%^~v>u6Y%JOx@OIqgnjj|f$g$MsHzByf@Du(p%qeUmG&j8 zY^n&36l#6f`aeA!H@tC$)ExoE?w8e3MIEBMw4WL^KTVD?@UaoN!oOK7wZd7Dxayr5 z4V~AiZKTg$2pk7Am+2DqMj}(Y?N5rFw=ApV^dHH@OHX37+(tt#KO{)h7NesDD6q+B z;W`Q~qv{j#bhBhp`rFay;?pS*v}M3SCtJ4=B|l*xCWR12xk*mQIYQ)T3AFHh-Luvc$bAv1znsF7eIr!mb72Bx5JQSL___-#iVRfPt273(HUqLX-; z>;Oh#igPC5?%7gqne!9wA&HVsF=fWV21fhf2fax@y1_7_|)(e zk(;p1t6XXtIOsAFZZ_CV(Gh~?6-O7_{ix~Sy3M$@>Z`WmmumJjnKt_l0X`v(0R;2N zD#9zpRT&2^N2bEKSn_POPfE7oc+u!*B~NNd-YxWjHNY!-tFGAfd^NG{S^+kWT9H1R zn+bn}k;#)9VOuZq9BL8}XWM5iIMTWa@YO9zUV@38`L8G7gArU|{J3ek=|FSFoo>b& zM*KBgpKEg;&?`3u`uyh0807~}AG$7@iDSdzr8qv4*2kbZVnge>1u`Xp(d`Z>8iT5a zj?cP;{~zOXAw6Xl! zxt7pNJGd5<5A}VF6uJXN4nh9?vFtp{3fk%xSpCI8>GrixzmjJ8pa*AQf&%D_ux74x;vlybgHPsui+w75M4kmq0L&33ky+x$|4R=;*B>sU53^#Vk4U)q14Lm7_etMI>?*y2syu*ykevz_q4y89a8v}SDZNUqU{BG>tPm;dBn9&wX} zvBnr0O_JGec3Iaje_fAizJOYqQafIm{EJs-SL9wRb&aEQtx543$^*EHr@WP-Lv0KIWh%KU#IvB6Ced*M^e|Z*BAKeLb&IWVE@46EPr# zD`%xp?|RjTv-yxl%|w+(5vl*L{BzNMBlCaJniSsR0Y_y3JMf!18JKcc!OosPNl`LprivXP(-ZKeXoH4}QEh(3%;Rb`bJh!)=o zXKW9k8jyTI;nq@~h=)+$?Gnlnx1t z8qDh9?HYeGGU{{f6?AJq!tGYJ)t5K?r-XNbiaB$L4Yp~oDCGR6=u{Bjg^rXw5a14N z;$)Jm04GH1pdc%gbr7Re=08l{k?)B#=hNuM$kG+*&Af0MY46l44g#(a35Pp<%2@s?x5G{!2zBl=m9F)JkcLMcAQi7}BBALCi(Q z0=O(u2dmCfhuOQ3y9&C_k6?T6sEF$_E!eQ~_B~Em@j)6psT6sEakyJ_cSSlde+Raa%Zz6JY0E<6QC0sVX=zp+X z)%FVx+r4$`!!;av<*d*nm$6>>S^5m1&RMwWT_0MhaTF{^5LMslNzUHS=xI-q$B40P zbMO3B(LoLoRCOL?J4^j;y1psQ{-}h$I+G{ztEmKe#SK`}QFl;uBBIvbC<&JI5}!uY zBX+(wlYp|fNW=7rl43G42)TJACZvOs25={St_4}7b@6p~v+q9Cx6-Nb@4(q?6GqiG zWv5koaTxqa4apHo`&&;%qKO`TSiX07l--2if5ese!Os6E0BJaQ-Zhi@N7{3aMxKt| z<))?j4JiYRNy^09rH6>)5%%Gv%22X&(h~Do_pyAV4%0A4Hp;JasNgRMKQ7MiQYvfc zCttxON`fEmaJalOa!%UlKeCJrXy=+#y>b&#f2FuNz|hpVT+-4GD=eT`c+0R=#e@fP zGHcJK^i!vMRL%Z46cK#`Btx+OG4NrU-#ZxI()({9yHu+euJYLQ@*g-19AK0!@~E!C z8X_#>?BFSHRbx;Re_o}Iz^r&i=Q1CoR@8{r7qkDT{4Ek#^NBNIly3}n0tJFWQYQSK z#BlHXW)s)`1fwgRmQ-^pFmOr>bQTdfM-ltFeKmSjairf01Oe>L7-ZXuVa8ryx#GTA zCx<)M0=X|2T^k=Cw=xIS^3U!`8|d20@49GQ-{P0tCf#x1Hys`&Uk7(v4!FDC6KznYZGpMm_9VlJzxrqxE(l5&?MFUt_}M zmXO9M8bNQ>7+62T-aDYHf=KG;i<2+4KXvnONx;$#c>iD77&zt!%ejlu?i7pWWsFW? zDbX}k>(&{A27fq-qyEO^=t!M8)$1UD6(jEm$3|VDBf@=?_C&iqMHUBUrE~)k->`_= z7@^19|NN3rGQR_}NKU55sLUVAT+Q#b2gGKO33(!J2vd76!xpWDDQ|QlX{AYuj;=a_ zN;-!bge7rwzn^ktOUEWY0Ct7Gd^Zvb96n(Po3q0@;sJfH**0|-wnhKM{(8uA z-;A5%W>TVHy^mXEiYj8k=7TjRt$orn8(W-gKR%0lwM#=w>NmyjxFg=|mm}r1pQ7;{ zN-1Z&9h0CK3A?G345FN|(rxsEPCt?l0e8MjCWzti!{4;AJXZ{qt9kUYlV13>* z^{P4mU25MU65I}rZkuXoF_YnF!|kdBopTW$RI19GmixWJofc!(PGbd71ESEAQIC8i z9{|hH)*tk+yoqd{UAa$EVP0Xe_;o<&`Zp%G++efHzqGyJ7DyE$gj{bBtx03*FSM02 zN)oiPFfcLi!>Lz02O3>>zp~LvCKY9pMClPFX>mcav^DS`3x)Lq!Q;7f<8vXd4w)7C zy{!9LiYh$4w=NFCO6JQGqe}OjPP#vj3=#dSuo&dy*>1If%GS;)6;a0&Knyrgz)p08gVd7p2tRuX;~d<)a^yYY|ily^4|Q2B*tjdZqy45y~4R2bFQn7>WwoB`v#^ZLw-op`XQaYo_h=r zwtL%%1RI23i|?lXcZDs7SP$J($j{657~wPHx}}b~lgL7SuXR0Dy|(XjV`q@N!TV z8nTk@Fz~ve{|WmOSUhe8%`w1vwn)$Y#0nYAa#mlzmCZYIDtZhKQ?hzL#`$PE**|PJ zH?v=?MnPG1PhfNAdp$JJu%}L0OnU%ixp}<2S;jA6S)niM{D`N=hEmC>js-(B92Hyk za{0(f(Twv6kKiHlp-<4R6GdnTA0Dh?CjgD+^q!EGlxmoiluHcQRboI4K74=-fpC(T z6YKc5L?7Yf>AodwUqprJ>M8$F+Tmr{k_z99GS$P`4FeuoVF*g-VPW%U!v{40u39Fi z+VEh)!@wgX>&mwbT@SG3-3UA$si7+->vtn?;*gC=Xfr!^tN&8NV}jHFZe=!46d6$4 z6Ver?zXXl$jx08Ng?>Kvc(0gmI5F!ET}Qxi)V4Cn@%*;VaoS{Phu)EMsv%W!FZ69y zl7L*5GMRmqbbFYP1{y;{96nSZuX7Z$`O7KrBFa?Fv3=dw(+jbW2FzWQ4L{!#A2lV; zA`&JOsus@)>v$=o#kPeK2+1jLtiRb432J5#p8(g?6f;};Rnqq&O)l7Vp#RR8M)NL}NfZx&-pAseN%-Ed zcga}9nFuARqPBoac7pD8k|IgpkF7-$vIvVfa9ETwg^2gi9wTj|u?$Cfw^VILMV7>le-NW0-gP@Sd=oHq%q27kd`D8etw{ zNje?`O9E2N5eU=&Jn_M?KFq`9zq=6nF(h?L^x|HbN%&NbU<5$T;UQWI(XYp2*2{(6 zwsj3z4yc`|wqITi4iwf4r$agEoJ95tpEFankRqR6-+im`% zc~vQA82wZph*?2+DRH8%zfNcada5Jn)^UseO2(x@VaKaA9f=1!%XmR8;;7>j^`Sf; z=W#9R^pYyrPG0AJ>y!><6LdD@Ed5R8uvFxB93ztbO_#e=_&E zvC)`0Gxg!*MA9s#Lg&I5B)9%U_R*}=_1b*9aB25=Y%v0tWmDj*PWt;Uk3mrm`O1Qt zzt#&?hhft58A^3J`QuI`y^YMl<~AFlgLIY-V(j)klk8g9(7>e=IRQxBsrF`>&2pw# zb$1sEd+_J2ZA0qXM3=-&m11mkkOynv<_X#Ijr1yV|LpU*xd-<}r!picBnkWdcn5BR zja!}w8ZTlKo33dL)|Q1j>KZ?6N{dbCg+@t`oUIO9Xx`=NA_&AE#Ne60JZ3cm@T^N-gG#F zCWm*}ujqGcSK%)wBKdOHv6F_P(lM5e{gnxf>!KrlRtHzx&&nuuEqAYxYbQfCNJsg~ zoN?%$awxvbYZ4Y%UHYzEj@qG%2lWjig&wXM*anz>E_rpKdIGx13lcw69;dyEtlJ=} zs@9gpY{f7wf~d+jfQ^(OUP^kQ7o;1X(OBYXW;CRDUIaglqf6?XA744@4ev)?W>EDY z(l>8RfN0k3rD+HLC8f3AXVBA{>b*mFC+ank3%EqLdY}&mjbytoo2LgY>L@i~rk61dS)o%T0 zQxNCg-3~tGzM$|;YGb|nUksGN;^U#blrtO-)vYb71#O#d8Av%H?-6eIQfl!QyjMx$4Vw{E03D8(naPz&QVm%TZ6Fjnsg1d*LAr-h{YPYkFXgK5J zWz%Fu1q&^sF|iuE0CZyM={-K&6St;La9e3ARU7%4u4DAyxl$JzDWV&Hm)459qk&g3eS>3 zxxXS*n$Rr}Fn&}>`KBe6seSeBGP$OT8Gig*iu^2fn=x^E1=!yGFg@Vgt)Ei+0@3sV z=tPk+>?NYw^Tf5F)3a9Wfu2kHWwuX^*oVZPGT8fQX`u|-O{I+QX+Rw}Y}Iu2X=-;9 z3)a1kf!OD{vZxuW z+@#ws-;J5Nx~IV1&dhE;kBgQ)3qG)(>$sFb`|bbb)d>bUJr5kdR3UJN;ZI|+5t|x4 zf9-KTw)bP8XX5iARs~USLEKW^X4P28qw;ioXycT7R85bMVgB>tPkyrLz(}XF%ASh$ zldxVkUmwa+dt?CA)2%fUEsy%bBmFM=BpDrT!qP(w#!VBSI3MVoQt*5BXL@K| z-{>RtUY6?mb}LzSt9<-Z@LS_2P+hmVDt?qX4nToFOMC#;gM<84a0tyO^#l$RLkJ>yfH_~Cf>8Pt#$ADEio@?-`U{{~>ok%&dJVbJC; zEBAAxfSV&=e7R2{9IFro(Nbw8CwZi&jLv`lAXHSV!P;u=d7>g)Wjw|vDr$$hM52M< zu>gOA@l5@a0S}7Yh8auOV+S27&_{udP;3w`Rqng%dl)`kY{Z*il1&n5i8fh{IIu~m z89`RXk}3FjU8>PDtU0)Qi&D2)=`Xly4Lz!b-qcutB_;wEE+9L^<#a;G63o^M0l9@H z&W0Ynw~K4==e51(Sj23VkALz1Dz#b~bU1f}86VY_3B!?{`7%;ngqM$J-spUIWg5_w&Z6ri@lMHL5LD1mLpLv5!rwqK zVR@Gt=s6bL5LOl zSi4_=G9}MX_&Ge(XuCn|9@Og%SsKCR=QSmo{%Y~R{5wOW6hHRihZ1n9EI7Bfuc83J zS75mie98W=wK@I+;t`0w()}pxR{wF=_vM_*6Ta|L>|+Ypsw{x!Jys}`zIh@q+C2W9 z8A8!Xs822RdHuH2_Eu=o-N*cWbtmu0-GzTWWPYW(Y57%@R<%GG(_1i#Z#eW?y18Ka zi~9k5UKxHjZ$)&(tT(3DKT4q{rYX*|ot_S&5m{b56E%=7N4({iFj--jcM((D=UF39XeiAU5%DKkbu`NJ>z;eZYPg(T|(j$M4R_SxCp_$m*0*+U1Nf zZ7S7bZDWJDceyl8Dy`+IH5dCZ8nN8KYw+B2DNIg4- z=I5l(=9^#v6~yV7l{10-nOeRvGeY5eMR3Gw!$5Q+1m#rey6F%onLut$2)nZ)&Mts9u*ViohHH z(%}^)RW3wm`J~Z@C20^)!3R_jI(cIbIg5w(!WHerfRwq(m4)nqAVlZ2DQNEQvq$JG z8)d>S1F`)Mi$I`S6yX>AoFZ&7&GV$k;I1DUjLhU$^Uxv;+&^J&Ik%Qd!e|HT@j{GN zBQFu+$wlG#&=`x}O}p@Lf8hO1Cf+~vfi#!}UW2ZesO~h5P|PFI6fLp&3;USdTK`-a z_&~wDF9+9^u&7sDNFmHyOgglpT%%AsRr*Lxkh;fAw#a*@5lH5uVLN-H0u!C!`DR*G zZTK-Mes3)x`N#9#!@x3f$n3%U8W33=;lfh$n#OxIz1F$0iu&or?jitTjoHu?mENsH zUxRIHc)p)`y(StBJx(NR@H}s0t9WUr8eX#lS*-Fn@}D+rWZN6O+V82J$uvQYq2U80 zfs{m0AVWpezWe4(eE>;7w!a+f?J9lFCIvdP@Gt;y5DbAlEwmWnmyd`nQs-ep zs;c3Fyu9#EvAb>s#>wewNDLeAqG9vxx$0QYeQaQ_DH4eB?w90Eh@&V@+XPYFOQDzZ zc%=TR_&akhTlfg3SnpZHIATEge6mnSN!Gp6w~029j+j;5E;B&FLCU_)=4U%}2@~3m zLQnB3ajVL2EG+k>VqS#Q%PTG$qs#v!SkhEzhixITdU*@v77`q}MFMdiER5XEH*Xmo z26*c%611L5Qhjqy#rhDll? z+n2dWEj-x%D?0Sw4ZMxAYNZOXuAWpxgT}vZxFH(_B+xmp1Dq=7kRg%|W8W|qH-HDIgjsHPFj$>Mvje2b*5>|Q+ssN>=4XB0 z9}G#aH(E}qz{`}Dg$Wxa^ufVB-@V2ZTvx=)Jvxw}J(h5<9^`;3Es!OaraZN0B2 zZa(B%FYIpnzo>H(3a}ZZ7o~aFHNA%r&Y57FGTFE^fJv)NM6f)+@9^QQ%B9hr)}x_U zw{C?NrpC2_=8q_I97L*+5bjS##k-K`HW{a2sH+CCiy^lKXDNfQ2nXz8R*#=|7 zpO=7K86w3k55q-=QTcGhBOIWt9g8P1Lh^NM9pFhEd5R4Q>{txP7%WE@9^s|l!IH&fz^5*Lu?(_N zWk$}%fW{bqd)sz3q`4tzk6D^5F2H8YAXJxO!iOr#SaBdcs`jtW8fPV2t>+YRu9OtF z;JOOY0=p$rryKa${m{CvVOpT*LFet%G$~$(HZq z3f~xRgVw$1s^CmNa3~?4ik_nmAX5{1UAU*3472g*F2XsyrZ$gggV@m{V0CcTbKlU6`GPEmSRaQ6 z0H}ivN~7~P|AM2J+80bwWoge+xbs`N=w4Z^n*PO5k$NG2Zv_Ja(>?El(0Jo1OyoVr z+gVC`@!Gl`P}(BY?R1v#_IexLbE6$pI=0>8q=j-p_NLCc18PU6Rx+K8H(EmM{RcWq z4DTR{BXl}@Rw}s(z9f`_rbDC8Rt%wT-&F0a6vjB4r}IxbWP$ zPx~AB$lSDm2(Tn3mtQo07Vh2un0VoS&xB#V4s&-h`L*6!%(mhRvclu-qn6(42TkBu zjt!g0$$05K`_hJpGftmC3xFBaU{n3Advw)SfN0(LSFRNQ)EAG&vPf@H(N?@_s|g%i zbSsgjA^8r@=pi?))H7O<*_nNWIOPymv-UT*R3+n0hvk$~N|Jp-2>ICkKres{_xRZ0 zd-VwQR&(RG(&hMaj^bidKP{1c^l2i;Zc%#=FMoPd6UyAOd!b7T8|@^`Q)S_kl0V85rSgq%@x*_FvG!8U;r?AtRc@*82KqNgD1idJ+T<+>f=J z_0#8OEi-WlydonFu)C#!I&^t;Gc9NWlGlB+j7RwL8gJT>2OO^LCN=kS zS9pMlF$*g2_w|9Ma#0iHB%tQ2LP7+8-DQRx^Sz|o$ zDHhrT#FT?D0puyNCXuqhV5qB=`J@!Co0=v<*?5FXDR|kLi_StNX zjZwQpXDnnzKuUgk;JGl>E8ET+0XENA8VJuJ1y0%&5rp_#rR*sL@|kdYjJ`vyv#-Ud z2C*y0^Np%&H?Z++#yk!{0wRazJ)YGoeU1u#!)6;SzQ2j+4T}&zUrc5Rem3cn6jcE} zMyKQ{UyJ(4j(4JC*jdeg+9JwUvBX})>yw4{8C1AHlGRuPrEU@o#MwpO!uYGP7nGnC zMSRoyZxmzz|6C^G8g2lR#(!nNg5tBr%D2ncx4JWNhq>n=d8%RJ~bYuNPeyR z1%Jj%-4M1ZVfB`H!$Fh^ai+5L@4Uh2Q_9{8q}>@{gGBXJNr|oc^^{^CR=50#s;+H? zPgNaHtj)nhOJ-fd-#ZA&AYcuk>To1)wmdXFnK`%*ngd0NtEd@G`}Z0;+xJ(ODjR-Y zMD;2a6|=0!Z0L(AeI?a|0@4h0ZGIx=mo!i!WQ1JT`d6kKl;!w4fB%Kpr?eM`K3^F{ za`|q@f89HQzl9;0ok`o#Y46Lg3}YuwK!w>>q})rl^tu)W7BHgRd7y(@9sU(~x>{MM zZDOi!Zi%nePT5gciGCUOY*sTqD;J-E(F}vSOwM@8b_JYDEZV8kNb5Q1B~n5S+MXpk znizk&ek>0TLk+5Eeos?xCvpZL|3w%}2W1hG))FXK$@)=a}_0`WD&@%zK>N#GxN`gf4(bEH=WeHv^Jt%ZuL*u<YYkcJnqZS#5g-g8pPfG7545zo z_^ha;iKJ;`aU;qvJzLR9DG|DL$Ac|ihZY-4&QRLx^H7aW_br)Sc4CAsL8!ubjk4t5 zPabTSRFIxhH>`bV_#WC6DA@+8xJOjWop{4&4BSKVPDjv~y_@}v(ofe35z5~qf#ED8 z@WpMtt&y_gA*J8-u=>gU+gJcaN**$Oeo_=vBU^pNlR0rJIne;3dK+|JZqfpd=aYPM zgdKgHu}7|2SQ23@Tpw!!NZ@lwZK}2gA&)R(AF@?_XA$ zQIyy=2f>_YdWubDQYYsLPQ088n$_I=1Yl5&4oc*&+~y>2_sUGh+3~~rkKHr+?YOj6 z2cP(+PF6#`$tS2eT^gxMjUJj>H3uiu0wiiDmQ&KM!K#IKV+g|H6@Gxzs({1Ne{JIE z$#doc&WmNjJPnEDr+5sE*uQW6uJ`o{d~#R3E@tNX{B38#-oiXuk$CJrExS3avaAII z+)L16GbouQik~DX{q@}m6~x95EaG6+Cc8RGNJqyvjz(q=xbrl>*N9eZk0(s5LT>gD z%(w(#WoMf|VQJfg=-mSXzmd0L)9y}OvjRCn8N{&;W8ABKgblxZY1x`&t4GFxSz*c` z-%7ORQa@GJpadx-xM>o>A!gcNXlmHkN}@`82`%T75vJu6?5hFoMDanUE(Ctt6vGWdLpdpd?9FD z9lvzxXo4H4F%m~6l9Kx(%m+P;<$T!W7b=0fN_4ssQHizLBEm!xqMAbdrUFhpCZd-g zr|9~w$yEFYh+&e{Np_Bf^uV&m-th-3-U4LsnnkYFSPN$REc_&fT$K`(AqFM~jJ~ID z63@ztx`UZI&ukvrvkRgy*pqELq2DWpV8@0)Hmm>zgTMU4iJmaU-l6P4CGp8hx#^b+7#Lst4d) z4))ND7;8kktdGT|grz>gtA3$>F>byBYk~F+ecIM!x$SvzQZ;?&+B_nxv~K&@##Hqe zT@iahu^1GQ_vPnj4pX!|pbVM7rjz_cP&{E~=j1QWAD5Zq{hB>(>LxvvUuHmGyc6l8 z@7=;t{)aeR&+MvAG8B>TwX1iwo1ys|-ULH%1W~z$3WMbIjD31vUw&2No_x|_O7(Tf z4NFt}b&SaLY#T4Rl6#YXIk{=#@3#e}FiVY7KXn_nl zKNm=aY*=451f16ffgbt3@>5zy&V4Z=p$4ISt*|Toyb}2v>Q2~CnrQY(7b1>Be3*la7E)Tp_-Ij`TR&zEKR>fwr*%5TrB;UoDtQ)@ztqidvB3V zrm}xRlTGBdjG7;i0QZx*r*CL_moNM#tfUtjR#$?3jR+U5yLcsL=+HLnXPX416^Abs z%(Dgqa{xF%J*Qg+0PnW15Pb#C65)HK@cTrX-r?r!lJ?3+v15@4d>6(L?7Uh@T(lfEtYjKKlhZOzw^M9qmO`Um1WP2hcPb!6PLUiHGRRoBdB zhYZ)W{y0tvl13~x%xYR9kbJM`8De;m;sf&=Qs~NDf-m7XbH(Bk0Y>29^@_iDjKrZkEFpCf1W zeEFnA>9dly10;O-Th$>2mZ&-B>xV$@rBvGSxT=uVM})7L*^1yuEfZN3=pk4r1}~_E zPx|giQ0pxa7wWu;=BdH%Gch!b#p#i!>OP^y2!1lHH)B61ekTO)_&zg-0(7=C#j z!znMX;tkeWEWzR2QXuZF$&QiM^Fx1%vWU3d?N~YNuSmTDU#-4;6{izj8_RP~(6L33 z%HvN;5?x1li7+duC+oQU4`ft~YJ?-i=-HQ0QMXY;g1Jcj#!+x)3iI8!$$wDe;M6Pp zb+@_fDs`#0!X*ByuUPOJ>75ZLr&d!*w%uJ>HWphXL+6x+z)zJr_^NetO0Q{Ncf+5$ z+7V!w*k5%SJ%o-@)$@spPjsp=1gErnrlyOVJ@XOmUxpXVo zn22x+v)8}x1tMfY5#tc>nln|1@BfBnKlM|)5o{N!=*H_tRz?EVBqWPDr&1 ztC~e*AMa51${h(i*xnS(pwhZ(lJtn>%utJ=_9}GsMke|?K#C9N^@&;De2ATJ4K(Tt zGXfomOPy*I0QpnWcP$S=sJ9P(4icjBg_Z{&4{LK`jH18S}pX~=+dFoLX#tVDI5G1ZSK)K!1#+1 z>isvCoINP3E%neX-t7-ILc1b@fQu0+Qw|L5TNNE{#G2bzC@3l-woUCrGfwf>pt2I_ zJXZ&`JJc+gPCadU-0oNB3nPo!>5wC=~ zWm(Zclme#$r$;0-HBOu0sx5J zAjr=e1G?i4kCV>rvmEK#>H)uFgKp|WlDY0#^=h@P%wDU;8m`?suLy3UqGhMzp8b-q z+^rd5fCV5_FaxD2+!_eR@vyMk!RK$VS02dd_<-WPfuDiqGagw3;Kb5m)*f#$@NIvb z34Vy2u+TcJoU=ZRO|etv`5x{xCXwo`*L`FY(F|uP!d>H~GIyOdx&bqtH;H#odpJ$A zm|@UV95T?%LYIh0N#6s|tEk&^R5Fy<;UD}5@KvH!p0sXY{@s6JaxT2*u&WE_(-)z* zNGgAx!meC{{w@qOBnEw19ZzIUV{_IVEEe!FU|<^Io>Um=f*OoUl58nsy1>u6gI9<9 z-w#x^Le<5o0q9Wz}z~Ij6nh_ij&K*N_#LOybho!PC=*zFXu? zW2Jw&Gorq(@yRx9b5wNoH^@n7#Vuj0hcGVnIijB&mhv20=UoQ6{q6T=d&-?w%5X^; z9`KwMAhwX4eN$=pD46NZ`7RD{60ZdnEyx{UGQF0ndn1pE-JMIF6X+?#!3~}bY8ecm zg5eAV28pr}*o(!|i9XNVFg^c^YO?aHBp^RD1TM2x)&l^gNXup9gvw^r3}y=Z*ln2({rS7WL`k1 zf;hnEa2pXlTe|zrk5-Uhg74`8?NVYHRE?G-R_05p-yJz~`Q>{yVZXGSiOT9F$tdoUJx516@Z?0gJW{M58&%Rx}1QgHhjf zQEJKkdTK2@M9i?Fw#Nf+YNg6`egdn_)f9v52wG=q%hNl`VtLBB6UYYD$&+&y0~pLD z|# z#fw@tiuXw`+QzP*OYo0&hz5v{(_(sELpHiPep|dp&RC)#SfYJSQ7m=zD48qKgb_u1 zy+gq0u%e1o3UZFETDZP6Ec-~`Opkp-+HcTB%cSMW<0OgCXVl*z&KE5M84N$tHxB5KHB0t8Hq;hF$=vUxWGB_?(}#d3 zT)C`}E&7PTg7Rh;m!2?QS14EOcs;<=ZQ&ArGruwc6gOwE1_Wk%fVX4tye9^RqYr&M z7pD*t2&xrIc(DCpK9?fIREH!j0vSqz2-b|ai8J8Vp@a=`rZI_)--h4}nCfgWH>>MM z@Geo5Yh(Ps z*Ke3>`_JB5sx+Bx#Wz+qxArS7HPOe!rc^Q^%@b zZ~%7ip8e!kUdOV{s zD*q@3=6_G$HKy?);C;BeU>BFb2F$Y|M*X6qfJ5AbAYVm6@za5;aK2zb_4@mBwMT1C z*pc0+)kqWBZMr6WWh^g66@rWSsafzZk@la6BMtbFi1t=fZm?xm{L(nqp9+_7ZLAJZ zDq32-fGPI<4`ElB{K0Fr!Z}T{VHKUh?_M!oT@h$NcQ7_(j%AXQBRZ=Qu&lO#q5A~*nU$27d1|-XT}3SN zSbid38FnE0A12sOCtsA5jEd)9m&KO|JHo%0w}mbhKEHmFGrz#%(~GW&XrE_?Af2yV zCaz@sCQ@)7fbq5x4g4BGoG*S_;*7HhStL-QeN6r5e`@{b@QXSjalK;4LYwiusiI`f z1SAGY)tt_i;UGEjvGG`{ZgPo_j=XiXjOX$ZRYXty_6p$Gi5I53%&IL6Sy;+scLybc zW0cT-z0*o@#V4bn1xVz!MG`pRYM)?_p{kVyNvM6RNV^So3)~lLkNLLK787=F=e4ys zW~K+^b%)ILx{lxss8yKVy@-rmw3^}s^=x@xcn2R9u|+6S^jv+n_d7?4Jx`NScQn7pvJzjjw8QiF&a zT?k<#27Q{jBC1yY+LYx4F5M^1V4#i{^f(e%|yZjIqr2@qc9X`c3QW-v4*<`?+HD4fR8!__rh@ zMSVn`ca^N&MMIV2cK5;;z6H;%a;mXEqIya>N<(LK{PAKwiyw z7Bj4_uP`wUqJemApL29H_2sQu&TMNymku*0z*o$y%oKejptU?rHUg^YELXLTxZA)) z*sYYN=U@qgV8S<_K?Vk}*0XKty++$};UnW{28#!?!13faAbe04?6za37+5bbymR|3Ms+4+C!bFoe375}Cyc z%BZc_)u=C0Y6HUM*~|?0Ls@H1NF}=S@)G>N`bm(=^G?oG=UQYafQz3_Mz#NEq-At- zI@cq-n{3SlaTh7Bbm+!|CIjU8OO{^Q29Nnlj5%A~NzHG@dWgb+4w?+L8R(rL>aCSx zDc4lW(5k4P;Z>GJy?!$u^~`Z?`~(Lu&$0{mar2!hl+wepoLb?g?|xnJjEe&$fkVv` z%c^wObL>{$9x)>TzNdCTQq+ zxA5-SYSb-+!Xxs<>H)`D;<$9*BJem%<<_Ga>2Uus7wBsHr06hL)@yQxgmK7Pm5?Qpcg4ln zQyjK|tNH>faL^zafPiwcf*vT>TpXKo>yR9l4=d_lOvWOWfq3UPPM0eIu50Fy%o~N2(>|3}u=RSeE<mtVCdYRfaT1)G^ZG{By)jeub{xh#k zh6zp8>p`Xe%r}8oy>TVYd~oZ}{VDqVzFC23tAn;(hV?8OaDpLv!7GU;9H6{N4NCy~ z_3f+ASo7C6D@@lA&KYJZH;u4e(joY=%Z2VpbRDA5)3}~~Qme*KlzQP;yxMf{optOx z#{Ua1lR$;=;kMQ>9m~yPpS{(MesT%f>?{!b+y>!yk=gJ-BhG672Ry75J^iW?uj(q` z#Z?&4MsoNgQR(~k<6b5<#Y#!Jtd0SCS%9~YQw&iuiE9lP5i z1`t7}49e+8Nf>`l@jqr<{6DTjUMWVC0C_^%@#x~2u4o0_>q@)Fu$sl6_$loc^8ikR zd_69mZb{o>#k_1)y&~XV4yp=AT3|_nPKTv568#YqL%)eu?0Z8hJ{hp$E2}K&)ycpD zcJF_MgM3b~Yb3)X&hwGYd5Hb9c+>P35}HsY4qAk+Tm4+M%+ZBVtS zx@KulQK%byp$?~t;#k_#!2B>Ey{S;8YwhTCcB@^+c2PlR)pEpN)S7fSl=eY!CU%@> zgLv?nQ3s7JDcz|EVDwQ#9Ci(g=i4m8J!W1j2;LiBOd>c5!8I?kS;6m`v(z))N?|*y zh>8+fi^T`*K)Q*z{2;8R-}+R@fTR~B>1A_nd4UJ{K<>T8Jz)DAy3JoR4#`b`|CC+f zPA+Bvo(&tAZ5+$3brX}PFXGCc1M-(tJko0nlROE<+FcRMD+mHxJ?WtoEX$)KBMA>a z>aW~L`48QH?WocSE3~o7O8iok_XhvUZ;%*5cutM#jRHPW(~%XMgSW}1{TTL3h$#NN z-Bs3yI^j*XBVkD88@e_PKyl3qaV>=<(fGwRL$gGg|Ghgj7eyA~mIYlOkVMN-vjCMs zP;bM=j3E?2!_L@|QmhuOeJn|WN4J)}wGiY>3Q2!|W<|v}N@wLz|0KgPcz-r0rO;meO1BNZui=oQ@hK7EiyrMJ^hvFV&uAgnu)y-Qp~3c@Y%gN*JuK#QZp#91+Jm&K&tLOLRKM+SDRkH=sv6Dlj5TS_G3hS zqTQD&S{_4KRjN1{q{iq+f#8kyo+5d#fEXv8x9eM2!O;F?>C<#TaZ$LJllN29NCx~6 zi3#S2 zh8w;A@Ku0E@4Qv3Ip4qDp>|iSk2mMJ62?^XoW+nFqv8}yh8!vFH?fq77gbq$j};N; z&`IGEB)+zBRDE_dtdvY-Sb;E+Fg(Dm@NTQbB}IDTLvwBn)4v2r6q=TLlSIlYRw;uu zr(4g?CeC-2M%`XaMSYi&iD{|pJCknwxgM7<_{qK2bkA;z&2vy3)->;f?s>*cjYDMn z9M6$e5qa%#i^oWs*u{sOubU8F{~jM1e@#cP7{pZj`<7)RLtUe*NvY^(UI1Ep0a#U&^b58z8C<(k)=zkK8{V zH>*dX327tBxgOs+ZXuHxuH$gG8%`}8`OsT8fAHXI1qka1%mdwo@Tz-0`ZY9zwjjIJ zTMZELdzU(Ics8gMS#VlmAr~Lhp?07H49@Jhd>Go26|wDZhy!vZNatI=STGb40)9$3#v+SV))q092y3-?vx zHUo*!OZlA9uoa&>)teFARKf}dbG9g_GRg&vtClE?QAxL;jQUsEle}ZDCmNIui*CDa zH1+~*4OZFQM>m0$Q{;+6RA0u3>N5*VBzNO5{+`9z3?8!OqJ4UvL9&DPgC=VwBeYozHI@sTsZp zzh`z&ey#6Sdr1|$ocmP~eQV{dOKSZI7dS&eDr0Z;)2uw=;4(2&;{!8krMQRisp$mN^2c z6k;BX)6CXuMYhPT(DOh@oe?Mp$hwFgYZ}Xeiu9AVV|&~mE98rQnetbYC%hu zv~P{2jrW6TPqm;#U`CL#kDcgwg~S|8&(aosP=9@lx#4u7jFWrm@Z_!39$tse&S|?E zi4nB{iRxp>sxgR+Iw=p>zUMi`=~mO3(F7%BSC6(;8n#LL(j7!=8iku2K_&tooH@=@^&;;o6-I5s)C%nuIu4gs`PVN!f4o{lDg$Q0FL z6-T$>0wmuQU!uw5z~*uGi21U8pwn%cLs}(1MwG#dBPp#4I<)*v9jyj?mntDO$zTIN z6jDsjmwue6Es>aM=7Zfp-_O2%;I7_+N4f@zxZz>u+k?^o#}`5zJZg_)6QHx6zj%RC#YnlY zN|a@D+&(BpXVUSVLp4klM>8}&%n8^<#`34 zjsHLZ1cYf!XmTMJt+p|PubW#^oX$Aa*TD?Sgv?Ngyt=Hy8zT{2z)s4x)A)9MncFrm z1*ruVdXT@>dY4<&sDAi#n0!Vo!Q3n2+||#+;eY)=NCd=9GX85b=}oHlFw*LO z*Eb1JG4zZRwckFfMHf|rjXxaR{U;oLA(y@lOM^{TEA~RLU!!llKvWe%+-%_JU+}+s zA_&q&f0KlE@|_Q_fR=38)uIRwARxgfY6e3q$s&AU#3?AKN#S_TQGc8@u*lPyTsKq1 zlCX`nVrLtq3jI_rE%6|^)T5^SLnmDLbh$gRGbbCCRNme72%)Cv6=tsek$iNpijZq85 z(ba+7EWyhor=nZ!Z0QT;yDVV*HKk{Mr2apr4~yM)QP<=1zs$%EkN0m5hz49XDv~Qf z5Rrw&w2e4{Fb*!#lB(x@d3o>8_Cq77T2*Vt&gxV0v7PkaHpE^`Hm7v&X#l3*@>j&% z=f~JwGQ;u23oI7Ix}pWi0!-P9;%_0cJT;hhcOh`}C5a-jIQ4bHP(olI(cjB_YI|ye z4j}`~>QxuUhdbk#8Gt6NEDWjN@_NtaTn|n^JY|E>4q~r?I%)YYFz7vxZ4(uZZ3M^) zhSpen19;9PHnC9_Lb!At8#D=RKb(6w&F`ncW~U*`9z=!pO=ydT^t_JUdRz5-5NCEx zR1=B#(~W$omTh$4m#e*z1R0i`iG>-UOle|5WbbBoGZ|2_#o;B*;h88IBRPl+tg%jz zI%f_!@d3HZ2{i%82Z-fObGq~a=!OLrjX>;4S82}Iq(EvZZLOo!TQBFRhikjJMozbuB7N0e0BzdQ! zk0Gn*Bp&KE9Fd^k=}OZF_(2Gi`3>8@X@2SX4|=LIFVhD+>fT4meek{IK1FjIXV+{1 zVK5CRyUgRRGxs34?y)ps*>5$Lo^hex%IKM(qk?dld6851OD3|8oKki!LGs#wK)F{| z;to&Iu0^+5K_Wxe^$iy7mPm@g^{5bue#jCavms7>S2M$#l%GI$A(g3 z=ks3->4K9I?F-3Jwz>1`Vd~;HFh@1*i%#}PE`kKNmX0=G?SVkn(UUhN{z>i+AdCNj zr~cBiyqy8-?~u|`ZKT-K0>G^{;=%$m`i&8~f2V~J(GMDOyRIg}BnAl3|0B5%R6M=d zkpg%x=8QU#MU2ro^nRJ!5YugP6+$Jal)61wQ<{t6v<3j8Q8On<#6h{TnlVj@)XhmI zGB~F84AW5kJ<-2K)A<6ga-{2qGs!MR)>yXoD^Kuc$M#>C5ku4l-|TTJD`*&8cG z`NoH#LOSh+;P8{#Sm*@?vY?y%VQx;PE8To-+w`wbu60_{b;$7ytAk>kNFi}5=#;c1 zRKG-wzN^Dt+dHwazVh&HJFczImE1WfH1BMm?i=Nve2%`&(pU@1pM~X#W#c`w-l4UqS%ynn%Ay#II=GW6%SF`0q|+9-)6yw1p3MpSRB?fxU|);ndX34 zyjumHcM8hhNHlO$jG|P{I&2@-iTv2i#^-iFSV&hs?FHX>2}Yym^X)c%t4?P#dg7A> zU3QbFGB7Jv*c~myd0Z27>Of3lqJfyUc=sOco`LchGtbc%JuqW|Rvw_1?$L=7r`%#< zQrF8L`27kF2*d;F9`e2lMIWc(9vYqbZfGv-s^nha>}vQ3*c)rD8-HUgjwxjrNzNWx zI@3{%fe|m#LJ;@n)Yxe5HOc3*Dpfp=_(!2{l5+@yf%6V(GS7Lj|`OEgYK_uu7|#}nSh znFuP*K)(0qrfc?xCsTC<^kDC)>l$vsmkc1W21>$Y9u-|7pULz{@_z`aH;6T+H;h() z*x9gi!j`slLf9t^QE(3i-a9OG@}30L_%WbICauuOzYFksHjzRio%Uo~)u}l`hJAPT z)LJ!5U>7~%I5YV==fAv@0wVUCZ}RO%8V!}58=GcDFTUN7i2=)E6<#jxreh_(pK;FC zS;J^vflq3~%nqQ_Q*RfRhClknjXZ6PO>Jyv-4^j0-pLnu4J)b;TK(gi=0HcBOmzXw zJK!(P#$z5)=*nbRgp`=LCefXU?$&pDgTr}LQ&+6v))=@9#|h;^Eh{A5OXuuD7zzga zMOR3%Iv!`-P?(Q5xO_VO&-T+ltB_XpI8XPGVYSA7WJv|jGm!$Ru6G1fBl_zd#SsNt z3KKa0kK{93dN??Ac{2e_x0oGNs7oxpN}-J11ccI2u)1qmOGd*MhMu05PUU^ka#ju1 z82!5cwkOj4&A$=N%5QWd4I4q1y2S#OiHVoatLoBn?CvG>zLd|Ry31>&OlHY`29LLG@A zBa&b20A(MNJ`3`>k%$D$Kf!FGE#ojtkH(Wl_0F7=pCk?(4fOI&DXN~szyaM zlKD4ft-|33AwuIoe95HD1bclhANAbgxI3`ZEC{@DbFeG` zT9{A$S{b^)cP^htqQj0HTsI+{+KG9<2TT$omCxD9a@yhdRZf7}wDGQ(;{{qCnJxys zgj_UplB(Q9oCqmJwPdhvq_6#z)EY8n8n-c}DDtTD%vVmc&x!m{IzD~%YgqDKG7YS^ zfHvk;9)VWodc1%nRPi4h4YU+=xS%={PmI+MDd1Qy+wYOw@kcfTc4%4bLjxe|w;SAM zL=^xRZ4aJlDi@_cl82eyq$jZd5gy-&7cl2sYO)=DXk*=R)a(RkB}vr+SAl9U+qhU< z#4t&et-KTTVMhXKr}S;EN{e}YqDslG6)4jNhX_*m!W|0598`rSR!}L5Q&k!1_e{qv z?c@(+T&RV4jUVlHbEyKZ!vPMf(=}YR?$9$?IPdlp-YHoKk@L}4rRs|d8BI=J^Oi0! zgoKbJ%nITe=GgzG)n^?DKvQ+JIcDVHAXV-xfeBA;EO$`omNtOEcF3nj*}-^G_t0}s z^dJNGG^RBKr6xm@;-(xJT&9P%WkVF5P?{7?DV%I06Yy3!sAHkR?cZtc^X(1^xPt$a zMo)gF(tm`Qd;S0B1-eYa0B!=BdJ#wS!L>h*n-0}{ELew!k43o?rB|gYxd+u<9PXd^;W(FA%5lA0A}Mmp`}%6H(MrOx6j?ps45uBY_pH zF%j*_dk&R_jh+)$mQ5|#7LD;?a&L70E*Bx?AJ#xzIzXAhf!11HJpdF%^QleR!xp6@ zw^N{0X22Pt-N^9DgBn<_!Mi|?_(bR&&rw4EjGPEY^SGU_P5YMgbuf0fMZKsbD^^t9 zYO$wPu+FV+D(HirX>7Uc6$>TFlk-p+gJM-F0@)C5yZ7MVE5#>wW;QYC*91IAcS;-Z zFH7pw(ukH(j{a8+Trzs}kJ5YtNI4H?j&tk`WIjkXmd3p=(u%k}F<(`fB6V6qgNqHH zy-_dh6((*KGwQ3O94(24%LEj6ZDCB`GXP$bmPWo#Tm=)SWFeqA%x@=UQ20(EM7^5es|5&oO7qeR1#@$e zK^ZWUpGU9tZM-POv%%y4# zdshP$dpNoqu>0OVUhQn@F}HvWYj;*av2Kj`=|DRS#?Uldo4i`5j~S&p7(eXaLBLf( z$7(n3^%O&Ukqa>i) z#y?Qpl@(|eF2RKLgtX-uEWV(( z%n1a)7YZ%`zj?3#d%5S(LfyukTvQRpgTwYwFb7?NC^E3a4zi#=a*Py3{gS2Nl+kRs zm;d47hu3bw75gqGSw%ja)t4H-Yq1;-LY#BPkRj-lkED?fQDw}Wog(goqKHzUU-Pg~TCn_Nlqy16C`&fS(zx(14Y;9tSoo zuv|;0MW|<2)cjZ72=lJbRKD!y_8mz!-fFsjhB)r9gfjTWN32>EVmtRZon%^GHCA9K zY&sCN{iH|-BR=kis5YURpW|c*^y6{V))&nz?{nI6m^(~dpdBKr)*8*=+D}0FTz0{y95IH&jON0%z(#oQ`>otnC zs9gc(u9I+@F;OSC-LLeJuO!f_&cbG_a2Ziq_X@=#+PQ4NrKpKg7* z7($c?aSUv`@v*^~@VZH*WTsat1hzVzHx>e$B^f?qoo`~8btWiFGxD5C-T zAaYpHshw#lhT>620?;L(fI#f`9&=b7d*0gZBz&~-qrn*OEFA(}afgn*UZTCh4 zY8P99KO2l`(UF{cE=Xh4ORM+eqB7dcF3Fai0jd_yHhskTX%?5MNS!t2ztct4_<)_) z{Rq0GR>!5`HN2NV`{|Qz9U3L$I<<3!dd_@&A5jj1zJE9zxKKm=gi7AAT@AvMXv-u) z-!S`~2n#5UV=7HTqvfR;>KPx!mj{*RJ2a+<63MR9+T#Y>P65hk0w8j3N0BUZiqr-!LS(CojbUvKkG* z2|20^ij+Ab(Hg8tclDH;P`NYp`XD}vK`)BHkyweZWwko)$929H1x46lcH_|51a5w! zocQxm2@snLcn_=efh+PIXMtN-Pk9WU9?m{%hZ$n}keJIwczNL3Hcxh@6gc1?MBYq6FQuyfLK4c^SKm# z=cnXCDLY9*T5cgRy~9e*%R0oAhoYFVJEqCFARd9RkgD>);50SD=P=;vvw`fqc?%JX zQyj|My&h3e)_80sIJP=Gg&*dp^SZ>WN0q=<*$u-9+bD+* ztGJ3aM~IblpBQAYd(B?q1+R&D{fpV9e#7=wYoa*jQhtsp18G{OWxWHtRD`@^ z3Pg+(kaqg#;`LzPOUGxEYI&vwN1BO%U=4a^FTeH>-amggJRNMajZtUo4vr4y9wJcp z>ce)Jn_29)Xdv{hOc-d<3Tnh2j!H8P!-I95%q`3 z;IGyQkC0I$+`|KbLu(VjPviijM79BC#Ms%j8)%9e5$WhCq@fUI+(gAIXs?x^ets+( ze}1hPSKZ6N5rndF8D`kQ_kG zpkLM!rJQH}As36%m^z0DXmWf>;#;rNlnud9B*?&aMI!7Wfva;*No#nrrgB*sPz=8> za&0n7t5!|tBc6TZfn##)*NM~P*3mZHgY4|C6Br#g%ots~uuWj(i(c3c#T9&ssFr19g zU;;+hANY?{~$S#Fd7ybVf#scvYt}b!=`x zbOYfub3&qrOwuKsiQ|;bRto8Us;O3yXFqfzqq4$-8DU%IXbDT>==br**KAskLH48= z{g<4WQy1z9+L}F&kY~3H)P_?4PcLGsuRfIWbP2_S?QyQG((8$q_{Eb!Zb&?2uN6_T zqx_ zQjxyP2WyFD2_N-e}#MDWgK9H z-|>|=q}QmcM{diRMv25XM>?w>&{47oc-G*AJS+}V9}bgB+kzc4y~_*dAs-}P4X%R^ zI6G$Bov`@Vd|F6X)%pCgZ3MH}RYp`YNC-=wtAq}iT||hAuo|xHc1IX(h%0$9GqRtU znZ`9@^@I8iW}JHUe3w|~tp{oLhUVVlDEH1O3u)?P#dE5&#hMwnEI z^3wvRwBgm6@1cJtm?GjWn9!ec$$YS6>yFZ5 z#1L3(U>z9<19OV}5K6(ctDkqknv`>m06BkhnbRatgERN?I+#7yR=M$~05D;TO7Sjf zjpzq(ZqP=zz7p3cC5u{6Od1lag7jp&lujI`S@b`}#Empl3`tTdey@}AI^29p>A?~V zlPc}4l2=j~bBAZr1{Omzey81JB8e7E73Lw7ULM~Ulr%i}+4g*6HTbSlQCe(p1FJ(6zRFsfF`81t$c_&+N- z4{lP&#*lL?>YkZi`H|Mq^~3`KUFC&K{$|7W}bElX?RqX@#Io34>J zu$i}!ekGB0{$Wo*qTK`AcsaWW(tcd(L(}O>~g~9$C)ot~!+slc^+_DD;pd30!+8 zffvrvYRcjJ=!l23k9CliJpr7{a2{(Cd|Q*H|5=Z&Qlz@533(pm!Du4}g#VZW-M}Rm z1J;6-wi@Kc^K*rHHxX{%gteh;$W{!vtt;l=t8+v9o}6A_7j2EMxfH2Lbo!`OPgUz!*dr4kih7 z!)KFFM`B4Z1YrR2xDz52t)2;sGwJt6JiDmxlg?mX1?}-jz?nWjsVuNl&~&J8UI!!X zkq{)pB^12d5@88~wvNAs-22mlYtmi+ZpV?GKg5O7!H{jcl_m!1q^KQ&W_TbXyHs8# z!T6NhGbO?-2Rx#2bKH$d9#|%1$~q#A(+n>S`d~aIK*j->R1Zzpbi$_rR@Ic+`aVh|+`bQw!$O_u-!G`LM%CIh-X`||W5#ON zkc!S^Ou%e&(y}Y|g7+W}5S7PKO>?fRo!K1@9V(X^&_nU61V5Z*3lk2?tBeW^LV z&~BbxcS?m>htRxWroHi)H)ys;TH?=rBGda0%Suv*CmU=;){WVFY8L4q*qD$|#IkxA zjB5-)-StJsg653Dc|7?wEdpD9@XeP>VQbIQ5aR)6hG66jcQWt6-iv_bk2GU*7Hq1I zVHBqGxcW;Igo;wNcvZ0m#5AlNK{Bq*CJq2+`*9d?9CW@T^8=1Dqdyfp1gpHfH@xw6 z>XBkpq9=cFO6o3bC)-%%Z+k37o0Hp;(C^%+iwDsz>@~Yf9VIRjFaYreZj%%21?XCH zHa1dxU$&jEICTgrLI20O3h?9qx!Lgg3>@Ss*tye)(d*E3VX?(o=s0Siq;C&g5{q%xj ztT1y2OADmHZ~O!wbW|~bEa{nz-s@i>n@J*)eX*dL@#H6!%aYVUOI;b~A9HMKsUFxC zGn4-b_pP zc&gDx%f+Dm__E%Y5+Ek@T!vJt-SSv!k}Y-gu@@#1(87~PY+gFD8V!WXxl;p!=6n#M z9IUTqHqnJ}a}9Pu!-`yhc@S`Q-}dzo`zd7cV4lD(SwYYE6AlPH3Itb{MqfsxVS2^XPgQxWl0P7TV?}*`xdXiM8U}1S9huz zf;DSPOd}U51xaAo?DpvNb4p9@{{8nrxc# zwg8|j5V+9Ulx@6u6K!dBG`2Bn3I8!!F7(0RwBJR@+d}jJdUo;EkZb@1Un@kpplER}PU4A-5z46y^WFxqG=VHIpE2V_mTYj*gPH{2T zsRdYLzj21)z2u!Ek6c@J=fgq0COXe^BsA~etl}AsK2CJ z&Ta#P2T_5%#zrd-v<}@mS4s(;i$*cxWu`qb@Rpp?*e$`MS}QyxOtTK#DrKJgbsWcq zYkncaC(EA=QXg;mgLi7AY=IRH!D ziD3q(ef}w4o0zkA-H1dQLhYy%QtoI?pJ0@q$UUXMUzFQe+_np2@>3$%$eo2Bldd1v z{R;8;h)qcvai_hINt?$3;|7jidOU?f5&U?@;R2ES^iO;2S?dW$Ebs-m0z>=4`tT?# z?{IFMGo73OErb`a03PjOvGtxR0;QzZtG91@_mic^V!yI&ZGiNEj)J)16dr9-pS@of zU!^-U)8D38@%F~5APXCos;Dt4>{$^Sav|Za{{O5|TRwWiAt=mi9-+)>hRc7rhS1tJ zl2U*r4oQ%4P5G$e(GMdceA2_R&|6hiilC?=EvR{24LRDcb1$%KT&LRigl6^BY)+K{ zN$CbJr23Wcd|_K8hr|C3$O%x0b+uBTuhBFR3aQuCJE!4Qph`T?qsA-Iq2p~c-7U`B zl7y0#*u*}JqmP#0y?CJUwgBNAo-q6Q-hXDL0Ap4Qsgn1*9S zhgc69$jn|x>c-=YPHuJdJ+k&F0%BP0Q8=k<8_y}HllwlMJk1&9vb0oVv(6qyI%Gl! z@cw`vU|fhDb5bVl3-gznah{e$lnFqbB^&KL_xeR14{${xaeF+#^Gp-y;rYm7ik|z_ z;^4*jT(@~w;@7u$QbmB(sqgY}eALg7EM^u4W18YOy!m`iJA|9gmPt8|T6Fl{WIR|% zYR(+4%#C-Elb8z>Fv&1qFqe<}mqP%T@3GIVPyEENKYmIl~6+j9~CIRbd#*M_X z#lojBhn#bQrm-irCOscerN1hGpn|F{OxN~OM7m;_EV@s+O&5b*`UZO2_w@bl>wC|00` zaAv?+=~b$ldzT*bA(_~(;_o+qY1n_t**Zvz(p_SCW|ios*mDw+Tiy~4PuP)_KROV4 zJ}OO;o;^i&7>a=iF-2l-z8?Gh*=vw~;3EaWuVB ziQw&D`D0RLZ^kdp3zATn5r|2xBrt0o}u_0$BUyqwAv0VfFRIl0Z2v zj<88a_D`aGq}#<(`~kduZ^;Mut5msTgns+g2~^N%> z7{6fo(fj9iono$9W-xCj+;s&Ww?I69BVn+nn6}+tL5BoZ^&YVrE2=+>6J)q{PVuPf z{uwOETXSQ{+vDYEVWn2UX=6Xs+n+9Oq?xU4Lv?~N5^=NpeP_{n%#arZu4UplrZW_| zrmG|JTeywIKJh?)*lqzKnVPU~J)fAe+*sue2lv6@-p>ToE^?WiJ^GiLUKU#L%qd(e zs4ZGmH7qBr$mY~x$B74Jil!)waqABHsyKjV3zEAlQUyUE3ja_Bkl&EDNFl~M-HwOZ zfKbTx1!6OTk+}3sOo5%p#~um`L;L71^$4ikP97zL?RaoB^%bbeu9potKh$J{#wF)g z`MCJ#E@~yeOWkkre;(}5|Noa&ze83(W{x>-S)8ckHb0DD z=^Dav=?cWn+zC$zvR%Lj)T7KG*4LE(Z_u0X=E-#&~_6bC~{F@?$gW`OUZ4@@G|~FW;u8ib6@W*R`F4+k>%m zGWa)XX0_ItXRW~L2LT+PWQIKIJ3NgGT9=B6FNUiz$!oSaJ_qeB;v~bN@Q6VoW~q}8 z+$?w5;lSm9l=P8EigHyqWxGW)zM(wGp7fBn8x`z2uFY8SaUMxiX}*D?QDFs=ElyOd zO?Bm5HtB+CjP%R?e!d1=hc3%uiLlvmNoQ92kImdUi@Zfk%ELcSzQy;kd)$9<%4T(1 zcPc@_KYU-4zZ(yn4ha3cW`(BIAJNHnx`PtArQWbaS8w-JIVNO`vPKJ#DujF~Q7L z-yluk`C7G-i4T3NX%ypC2cQkaM+7!A6sN(`0wUv9Z)cFuZ)ZP{mrtz6C0k&hg> zHM7-{)hx@lddPFo{r9_qZTO;zSLtg6 zC5!3)Zo0s!VJi5#hmjYHd-($!LDf{A5YLYOX$>-P4z3W8VjtQHr>eHzntTWEDSA>g z4R^YUo||jhdxVAWI+$uS6!sLC%=-zFQ?|12d?IDQ{U(3GA~i6 z4`1`cBEY(-N~5G8dGGw_7#})lCcrToPDNsB2RZnTg3cSXF%?ZLBnv8-dx$uO;s|a~ zV5ZY}rPMs}-KE5v0OINeYM&9X2vzR?xJIUxwdhkj*WCHGu~L zd6UDz2g7}!-2O)i0B~Y@AWa6@*TZF745ha|Wj++!#*lZSOZRW?Uw{>L(=XL89mv8S z>tu$<2JR#Ci0B5_nigUhl8vzXV{K3?oY}&G)O?DBfZ4C(%j8*6su^u!qk=P_LJ}KR zbW+V6-;I}%xcZ2^twZWYKYqcei6(F!7$@U?pzqX0Qd$L#Vtq<Y|UhGhEj!{uZwO;QD_h1!-+dpqaol%Y;12j)B^fU9EJhoQ**__-uFamG<%RhorZFozNbPIJ}l z+89J$R()1jwAubb>tj|89-N?g64N@?(~u4}hzS-2POD^|*L}7DZ1jclV=fijMM}Lj z4Op`Cmn|;)=_i(dZ~BnO>o!A4+QHC13_|f3WdR2hGD5@F>*$*gxK{@&z8aBM+3VU_ znX+!m!Wh+@2pIc7BT|#dA>COWD@($nTdD@xICh9{^a!VS9Doqz0;VQbs9wSB)!!hb zpj~+p873VE6=OUBDh|hK>Qj7Z*r>WBEgdcCxMoGlUTmmp{8ukI&}7IrWia}PsxDv% zYb(x@E8x)ow}1@1WSi=Smh)_S6x- zlRkxG%=V-?PK%VWo&m2e?XGXpvJr;~GlT|mU*bor=^KWJAyB8AnHjnPs>CdQH*w2& z;|yfhhBeYfWI)YO={kA5^(zR@ASYuy7Gvd*OPRogKL;-SZy{i-~i z_>Od15sOgE^OxacftK1YcEMQKpyo8ZPK-{~*y63pR3omia4<`$^$kc^^x9Qxae>?N zYg+1sA@(&IC&ZMB&gF0FDqMLRy#x;-(*_0L;5+F~r*o%QEIcBuQ|?>7shwO-CwTz{ zhDHF`Yg$`70)Z1ss)`1D@7gzYaJ}nppEp<~Ot;XZN+Y)HI{SoPljZxGe&CfB6(uMUut$Q(}% z!T|U^<2>Z?Ac6kwkrhS zGAU4hU{X$|h!FNX);wf;mYReH{YTm|(UI9NWi+v1E7Vi}k>9y9b=tYF_ZI+rx@th?tj2@8+>&0^3`NHivK84n)#RGq@U$gDt~o8gQmo% z`StW@->)nFQy9u3pFjyOa%P2CgNAjE_yD3K`CL(pWGO(~TQjrW=mJj3Fu33)xq&Fa zo}nU2Os@gONN;7O14Gp5xJSD&p_M@pbC#*QdBaY06jI#M zun96XgAWBYu2vWM642i+AoV0jNOBhhU4y}rz-Nzt&H3L;G2mapET_ldwaI6mvIfL= zkP1o4mZ7o}?3Qv;a?OhiR{HrqZ~~MEKIb}%gSTcSog7;7htDjUJSX`-iRtIXf^^eA z`3BqP1_1ZB>?p#5BkR`$xQ-HlgR>x{^(WUnus>8dzmJ_5^GsnqfVBwd8ru~*`IOjG zkiKJbuqa_Qrb+mPvebQZ6l5^@dGcc3{?B0%dQTjN=eMZPDbouLw(0Q)^3OwSW?avo zs%v6{Tr*jG|ya|i$%WkdvD$dOw~C+#@AGtQU+4xArnsLsc6~(5>%y*zjUmR z0+)#;z@#2!*k?Q(NIf#%L{Vs>rGQCq^r9+Kq1su2-jso{FupTr_etT;@`tXLSNh;2%0}k69L0D*(4B9R)nWKD{$> zzC}>=AIiBNR+Eyy5@mo4sQ>=v8k37s&o78hzGh|=_T`?gi?hkyV8K>v@}0Qhqizv! zq5}5hS<4VyceDOMFS`4VyInCuc|D3g)4x}fpp(uR2ZM}e8wB{5!4h>`T#w_t`VaW% z&a*U)c4f(XPcjbbQ<8f1Bz$IApci>zyEubiR+AS8A`&gYXLiG`UVU)4Y5B>u*GtuNDEEBs)QfoxBn>w>;O{V^0x% zKDy;|Z$7$9;6-@^*LN7kR8)hoXzi*M%N?!4#Tr4h<60}(q$llKl33GpbANTN*7*hw zg-%X9cwpK}m55Bz7!?cqI&RJ$iDz^_38lF&iiUL<`@)tvaBsHZ8+W#BdbMApny8WK zU0ca(9$jwLqV9dYqF`4Ejg{e3DDeLBDQTe1F0)o$0$>{3N-Z>z!BGoT8^Vs|K<8b5 z`7t@U$W&hy{`tjJbjZzKMQ?N-CRcj=PZzIniDnW(Pe` zE3jyJ5L4c4R2{1`Hc8x3#if@p$5C%`r zVnk&tvG6I7Vc!c@G2Sp#O^}v$Od>nWcIvtaBj59xyPOU+@;c5{5T$KYi3kx6G|+Gm zsPw8Sqkia-CE%?GHCVl6^ln&J`-RSyZimp7}nFM2!N;}@< zy}c(gvVRr-T*IAep+~m_=w@RDnuO!NGC2Rpkfc z@rg0|)1Z|?3lW?cp-{vo_kY<5+i8F9oMwIU{yrh6<8@P3XLTfFIwjWYBk6y4pZzx| zf4<7j>Mj9$i;68@%iQr_;Z`D@d>=`2q3m zJQD0fgPPh<=MJWn124saWdKA%>x?csv~taW5(u%Xb_mwY?x+FCB2Zzn=rUNi^>Sq8 zAvt8Zwndy_v0S^BPt@cx)+f7#n3kH-2`nFSvk0d+6(g)%pabM?ktjOv?RVYu6&-K0 z(bPo_9nyod^~k#j7>WvPP&z_MHr`mhh-w@N;!-J7&q-kQw^qQ~@8%nUK~ge)?5Tq8b?9jI4J8vOmO*N@5#F@GJR_ZN6%~t5O(RI^0m1*M2vAhLqn22snLt#+r z``i_>UfJgB{wiu-Fy`OlC&YX8{|R01|9#Xm1TFIKf4FEf&rs)-_VkMcRXtjyCle5B zLwZH2i!ZIqumNyU9_7;o?AXcXCqMLIS7v=#J56m^MSFmxe^r?L-FBFOire%IUSIEoAo7%A9eo+$Z^G;^3R4u)d z=<(kEj*LI3(l5Sdah#79P}wc?gljb>s|*jNGylT`@cH*4-=y8Cr+T# zjf`HLUW6X*7onv>S0R8pXj>pzDu1v~5n>j+I&?_@$FevPuc3L#?~-#n9*7lGRH^B#{5KPsFa=@>AI77s;v zgU(%s0-@C{f3JwIK=^ok^b)7SKSZ>eEar!9l3bvV5CTlhp=}*HAvq?_tZ&kzqud~Z z=^jKi>HdpeDup67^Gx=75dpbMh*lMdp~^o$oQZsz$yZD`H93PXjfp!A62kX=*nip= za2L2&ZvYjmr<1?NAt~RQ#L#dM3*D2ss=q_11y9DP2IG#z&qh49Ll2cL1v&CcgUM{_ zX5AXiKMcJTeaObMcAHC2-6EXTFEgfc;n*X|f9AXXhg;f6#gJRvAO)vxLdDjh7kk-kdw^~7oqK~DdH4D+RY(+&7{6}C60 zV}HhMDgIN=vhm(eBfNTDL_j!fKoCKxuQ8mIMj3XZR{GoIsBhima|LAr~RT@{D92tPz?=?-4Prbl+B3KQ#&g+8?e>s}ymDQW**c+&&n#|9_2kT*njfD7iBVKK@~ut>Y~@%QVAy zU$p$=i?uM_0N)`@4R53pD;p%cg2K-UgddMyU4h;zQkwai-;Y&FL**Nk&WB!(NexAe z=0Nvc*J~@)>61aBs@j8p+ej^k3UdM7R{l$~==WDJt3vWB>K9=_d0~tj9!Ms!^IC)Y zh{?F)l>FEsB5|*k-l63ByBML%%)UGdEn=$oDlMcV1zfBU|AEYkYS#asWDP7cbsVSA zSAs6?33}iVyGE6x-4%TKp zyQ#Kak}2W#z4*r5{}UlbQ6bKYZ2+iExP`f>Qy*iHiXmIo<>JeuX9d)DQ+<+!KB|47 z(=mV zE)%}B(AI_v&trx;XXOKNVW>c>%(F3vkkx3GQcOdk=>ea#^Rl_EJ+>g!W>CsuLcmTM zm|Y(Y!t{V$2-S5W=yaE^*qF5$*|g3Ceh2|@T{Frs?&k?e%j5yvR6tk$N>K!t@<#Q( z82KiyVZLS;6)0_**0|R)ySChMmTvEKAzsa~thzH_nhA%^-;6ieab$1x#4p0p37fan z)0x{KH5$p+dIg5C8-_aZd&aAqkQn(hOD=db*Z~n+53qs1M}2|-WLeY2l9^qJmPyk# zI?TM7ncf*pjS7=YuDJ_?@6Sx+oUaQ`3wHg@2`RkE^IdGRh%Ud0t}=4ONZ})eq{{GD zg~1ijIA(xD$$Jw7FKDRWFukA#RNFH@wM*dBzGM4?Y1C*rnpQ7FTja%zt%DV%A`**s z?oCnzNVF@9fx!a#EJ$uL*Ml zb>Nxh8FA~TFq;=Al%rdffY;I59l_l?5vsEChOELAwc)+jM3Xcv z3o26RO#_I3#zs}i6D(V$BM(Ff-$E7vYq1Vu0w;~q&T=dEumf5a)e+Eb=bU_ zlCJgcA420Jza!W=!jM&DrLe}4J-Pc#3tprH`HYQRZ>T#vp(x<0*>BA1y$`-2BI})Z zx1i>$i3dSfOUx&&V*f@=fqa;M;_T9%vdfB=h zd)MB8=1*!ZLZ_OdAdeDTSoHpoBw3Pi$Q_PJYa3PuZmh5GP{m%|tPeCe5`F}(x23^M zdZGWmA~B%mMS1~`iz&fe_;yl)G+kieQ>|F(xx}}%m~kWT6-)a+7MPXY09jK3&9Nr? z7t!w^d~l>#krL7koYO$mG|}!yYNh*MUc&TQY%d-JP{2C?nX&)0iKJuabm9eThL?j; z0x3DUn5=h^Fp8u!Hb~Ksn0PAHRcOrFEI#XrqaTpA{iv!2=K<~~r=6pe9Ca#=gg}=L zb$35#tTA1CVK0pc4>4yO>i?spavVL*?CmuK5ykX^%{O4%W+Cbf5E zQ_!RN@SyUHbaNbNP(X(>l)!WI*zj*4t{3f(m8M?^nnH27khW;JS(41e{5Ax*;ezXy zHAUx>IA?Ysq~)6pU=O76lujS+K}8kQK7!rRc(6Vp#?fB3Z{1fGy`JK^LWRGvfsHx+ z_m%{rsH{#e(sUMGvX@1ZUZ7?cEBm()?}apc(6rsYYg2qP%*gzoPV17^$wm7G&Vv;*9ary=3i?ut?s@ zT|P}yZXQ-|Jw5++ zoolK?fzj_#ya6D0XZ~5@n-E+DnPpzeEAx3pbEw-v)b9W_#=L_wg){~;2)6ubD_cn< zTiQfVy(s;R2-J_Ht8CQJ%kiUO^R2j?)jpYd?ioEKMoHB>+{V%FDOll{m$kNy?UAi_ z%}CcH=QS|mJm(&b8(nb7Daln?*EHlyb%v%XH#IyW@DOkGxrS>T37zHt7%nvJyqeq*U=>oNI(J`fGy=323u%i$EHFwA@LV7rm!=89@4`;;%aa2_I|gpk zy$o;p!$$I7B*-#C=F|$O{2^$Ye{!7W%k>#~#|+qXV6gC8OWM&9N;NJyM8&c33e)W$ zj_J(TEmEBbE>Ry36LmvW^wT;P+7Gz4{`hlb`Z8k{S{g*0Xih2lWwIsi@Tss-kpBUu z4tpQomQfO7K<3+nE#J9?im_2m;MEBD_hBa#xPemx8{Nl!4ZObF2-Pa{55$rbyja?1 z3ks760!2aiAfCZ9s6gx5{|9_l@%5ox2&Oq&2Ftv>@A7L;C1Lt*IXYjNtpDsrx{|Y> zJ6gu6)xOe`SY3X7-y5p-Ki`|3`NrI7?CJh!L9ES!(t zr&^b#H18T>-BlgNm6DZ~T2Y0$(Y+!0sZe^nmI`chZNg(70AjT2YWLz4tSQ$abHQyhH&ND`!1&iM6uWWM&@94crw@iKJG7&-b!L5>pUX;xwJ07?(tdcbrRu*zRR81{J+PT=E$(O zf*sg(0-x6K&M2P&$TeVzeY?dW8%I1dK>^<-E&28VQ0*C*&Cm%?EJhX5tkq)=45wXM z`d;!)Nujg-&vrghB9!ptT+(&Nr&cGy9;X6nRD zdsx?pPRR!+*5jljt4s~cM#*GR8tk#Z6;d1dL*cI2)VSB?el> zJP@gm?2yZOhE$Ptys$ne&R`HL8&QtT%mRNd`&$7(c2-55hL`3?;m5KAC1slX!#7yu zl_oW}x7lX~&i#c$62?M58|$We8on;!u3cNM#``MOFYFouze+qJcy})l|GL}VGaepn z$F$@&oH0jc&86f?8YF9?*SukNR{6fx55bAXnyde%?&B^oTG5zf8t&K+<3BN&8)FnG zO~-1hDe5PBliX1>$h90Wr(&euWhA667(SDK6>tpc3E2=9*AsjO<6mo9AdaIvdiE6+ zpae7vM0X10HR!tG0sCx|I<~JK2{1K?86KF+w(J-gmCY@jjpT!g+yxs}#1&G^#Fh>B z(v}!5uq>{VMnZLG?cqCZ80FA?1%BiUm81vQZ5!C3@E(kz7Z4RHUO7SzF-tC zB;MO$|Hj3ja4)kqT!DYCemHvZ4ox*0=E_4pzKR&+SPq{|eIz0nyYMq&tc{&Ov@iK5 z|585Y{p|6=mL5oTFkqPm5ADe;v+3a2hLC!MmY7I7dcDj5R8Y(KJpEDp)C0KH9BLaSqM#J(5no&pt;y5j%qdGu zh6xFmoU0|?K@9s#x0%@uVoh)6e1jn~ssgRukz04CRcUwJ_FnR3sdHSR4mUEWi5rI& z^7hTOi!INn)@M*$lz^OI!6_@#D^dS`eW>>UJwU?0m#9MCXLsOe@FHb@9w1t^QCpjH zo(r|Dnmc|pA@+-&+*idj6R(x_;UbiDOVcN&0+JlUyA8oCK0?8zcWzjQY%N-zzveo3 z2P{1`}6ob{Y; zJs2Z8$C$1(8Q!T4Dq%`|{6vOnu{z6tR0r7!dWlcO$uoMr+X?4|JPT){p__P?Dl zb=We{tk^~ss)8uq?ve407|zP26tbsj(>RCgu#vP~RbuWZukuSDQ^new`t#Pw4+QSX zT@3KDdfbLCz~~EKYK#{OK9Ec(El`BRa)+>TMIyU?{}Tnv3KY>?#m9x=mlFgW=-;S+ zLJiy(QZJQMC=%7h zR2hSo-(AE=%-HqaKtzU>q%R}kJ56hPx`P8VI_Sv4MZyNS%jM3cr{|TQ4R(k^uWzzC zV~_u%t3{ z17tauszTEM)5Wb%*N5`q`G+p(dnyL&T8EUF=gsZH#3ggwDKvStj2gps$MtnN{pTy} zBk*#W(Q-3QbLKv`Z}QmbTDANjoc=As07~hh$cbm+deJ z2SuVv#u($`c7D?Hg=M6unS7xf59UZ{5D|hFdZm2r02LtDCDz3ruXnV&u(@nI1`)dc zNK(k%@koqoKlQ`iW(kM6ve4~#{Q**NMEN~*K6b5XaL}lFHK8Q^ev~!*WF;3=`ci<4 z2TVUd8t(xiL&$clA?G_M$$WQUQBJbl*+}R$0m-{b5nQ;R*&YLDw2U5`VVF~Fw_AnG5yGZLv zI{Z%L=qvEKOmX|H3!SyOrzbc&7vV_4?Kk7qK2{S9dPlR7S1Y0iXpYKv6vip5hkiUS+ z%F1U=#OIviUH$~4mBNp`T2GIYe9%zy+&1Brl<|{BdP!|?d^_yGNFdP-Ez5&jfcpUCyg#3XbKHbWsML*TzS5&U|iSXG`MWry`aJE;(>!RA)7*DR- zjg~n@d!4;Nxa0NtUh^>19HJe(`@UtuXge=nkfW^5hUi_ci~N9X#3G$1p4W8V3QTg0 zm7iscC7W`Z%hr$-aH}mbg!r8P1n6&5!_pN3;55W|=5*jxnmNYORby---zLK$Kv4df zX&d;Ekfoel%q5#46Oglj`{(|1nv1HP)wZ9f@~S^nd;l;~>4S%6t|#RWH;gtZhe2)u zdx4Gm5Z(VcsK-rR|5DRUWNRW~Ml2QD280iWQM#Ii?tW#4$K-zR)tBB}I=&#JoISfy z9y+wutMW5n`jkj#V!@v1glR+>gmzi%X{f2r0)j*=p)eTboX;#|fyUH?g#cZG} z>b7L{A-9o8#2*WbgqXb1ePir&gZILR(eCN`IlM`C8A@^Iaq-2lRTYAl7fKC3j{5CJI{rU{okplDDv zB5=ax`9H2u&iTkg@qwUmJc)LfoKmjkDHh+9neX7!9mCbD$)s~|v~XBnX}e%W5jo5% z^bBLQs^u9~o{ryJ$**aX5GdgzR4qLngfAkLyR} zRXmGV)sy(sx>6wK%e3mXiZ#f!hWY-uVMwOR>}^=GU@q~akfU6yYuDTZqs*j4_woe35W~>l1@QwJLKdq zR^XC~{MHE{x~Yqlyp2Qklg$YxtGssG+x3O}z#iUKhEWU{w~9e1Q`bOT=ku57d2ZJT z65)XGUK|gLmyd+&JhyC$1%pC+Q0V1rHf?}lGInrTY$Zfv+2$}AMjx%ck^IZyZH_nu zxZC3hb6Fd_s&%PcD0ULqtdpOay@ANU@EzLVI#7f7c?SAr$Ragk3w9#6Cy{GDVq^oj zGl)0?vTFkZ?(9>E6*%oS7;Ii{&Cr=5ri~7bq2o`=YwKTDCdL^j!+pV5g0}1|3^k#EshTr;j^;Y*4|_+VFYZ zw%cul;@1ZQC}&he=NNQp(Slw?fSLP-Kyc6rC7h?#=Uh$C=GGB@+0IwiDfX%AhuFVe zyiE9SNSFh-x-r5TLuY}Ud>tf+rWa+mbQQFSlW=ktm=~LiVjoO50Z{W}^#M9oDBxOdt5$IeTaE@z;%t_JSj4KT}Y;1`Ezocs5lD)fRCc_SoHpzKBmsU@N0 z_7*lYPr9E0G28HHiOCQWN)-iRY3NQNdk@qv#%!x=|Nh|!?Alc$d64%ujc_&fM*n07 zIMQ-*l7RcJ!moAr$POd&9^=PgO?4)Dt)_eiw)*2rue-x-@;^q> z4oRBP#V;wl02-nDWZUumg+3=mI|>$I^Qf$`<(eh)-pS1{4l&~tkkFCVCtea9^w7_8 zfyVUHrgC5Mg&@>;=pPQG2o(n>=*RSQ?ka(%JvlfKKwL|yMZeZhiG7ebY(Q$VbE$=2 zqPcM*pd?@bx}_>3FD#1aiP#TS7y_oQ(-^K$j`-AYRutQY;U;OLEJcC_k;~&oISF^jp|mS!F3Xu_BM^_y2!9abRC zS7eE(id*C|sT~bR1Qfb!iCnYyPr`$_pCXkKp;rt_Mr+(MN74Zt0;6Bp;%qeA7nNR# z9VnIA4986>R^j=4Ts54|j8DTt^P zNYG#GM)5BNHy(bh1~z2R<`jFj27(8I*!TM#UC&g&9LQa+Lb}3P;FEn+5sCt8lSX|O zyAM*}9ZfYrhk&mm>1i%!tTtY7)f>z@VbBY%7{$T<8--I~u$&XHquAT&2((1ov~)j= zr`(i_(dfAl{Ae%;#*l;0n=9XWdO!-1^lLP<#8sJ(?sBC1J4K8NKz}nq7zxv9jkc7O zl!5s_LYo7`A1j_4SZWwqF*@E@FL}14eXrs*=xkc90erl9Ej9IH6xu%L^2*$3^4A;7SVeCNu9PKT~Y5BI6#MOe$TiBSo`!4&;&8ljt1WHlw z9oJp@Q72%%#_(lJIq>Ct_JhWfrcTV{)q(mRp9h8uTLo;_uHL&SWpp*@3Pzye1Ojey z==Vrf31j#{T0T*a_4vucKU4}w(RE$wLlUm zdtXlI@{o@I-3AA_u24q4Z3<3KL6DWM?|g~Jxr18ai?hSVqIT-!U6>wUTrn zuS=BiX^ckwbC#OZ0SaL7|3M9smK{4!VVewBF-g1xn6!KlwN4g$Yl3oLR$=OI29uyz zx;PlHwc)J#?24@iYP2F%WuY+1fd z7C{?;M)MV4)b)wPX%n8nbDe6}J^#1qLF^DRcK*zkZ%c^&-5m)*g7%5nQEKM0@Q`X` zm8L)Oh?r|?V^Tt3sK8Y5X+H2~8rnBZ>dkxoKlUgGe&VrjCOl5+KN8uS!PR1VIMt1* zX0fO`3v>H1gQOLB?{3X3L&W+uipmBj)1CJ@AES(aG35j_ID})`e00vWT@+E(4@j!@+qi~rN>yb+IFipqA2(4UqGPyf=9BnQYqU>;{#-br zj4*p)m{lv0Kc-XB07x#5?e#br!0EUN8B}apK{0*y4(x-4AxP z3_V8E8Ut^fSVYm>O!m7tAw##Ajw9QgCMf8?c9t9$Q*~Qqo%e0*BkA=~Ia$JE@>eW$ z;$0O)BPSP2U2i}GCh>sNY%ppVRe)uX<3^m}m9rEjSLG7(yjHYcU@|bQ9VHKGdeF1& zOfhg(hDlsIQs69fVFP*QbjxeLtya5ba604{u!RuUN1h$3)Hn7uc$rPEt&c5duFBv1 zwrInP>74qCBfo`fk`IniWYM&gG5&GPH`!WUqQa!(`%V;(uxhmo2!t%3#{*?Vs#W3q zvwg+uUYE>dWyJL#ck`Y4ETnoH@jz&{XqlBkBs(11H~Iq2Wl& z+z6iGP!GKEBd(+Z7t(SFo;1TgGj1>OwV(ne&c^g1Z@9FCEyr4EN}AlLty(2E zi2I~g`DgVF46pvJ9kIRMJo5DQwIWbxyym<3`I}I&TU1A@j6{y-t#4ok$WqJ26r|xz zbR{wKthEpzwIHtU&HfB-5_G))TMf}$T^N=Fm09-BYTFTcHujS9Ij+$B5N3F{{d1~7 zi@Y-eS758ffpFU2LrgD?R9XK9F|T*;tXLtkz&$viUj6V}6yr=IBkD?OT!FzYLOXUu zao3dp{BGJzgm7TlZiN3;uw*etj^)x4U=%?ib48IP-Rj`W*-&-!whM83f{X_%8k~Ct z8nnHyPANK(D;%V(${Qrm>W%_$FAJ1+Xv7~ymULGSTZe2j1m4{_wx6*FSFY}G#5W(p zB1f<>uK6ZYDi+uQQo@OS!?Jny;*HQY4k6m1c3#FT7dSB-V(Yu?iQYAFLjJ_33<8m* zBN#b94J@#z%I->S#T^R^?KbrmzJ5|?7DcFmf|5u-q!n@2I8-Tp7IUnTwr{O$y@W3~ zzFS;k%Orv9_{AcyTV-Zo!n9y|?pUb!QCJ!MX-C;ta(>T3m*~81-czHC#qp+QLAv0z z@~Ci>=A_{iYWt!Z{$pBJY_Q*p1YD34G?)W&s-Tm!ZR`7tiPaU4ip@;w~1i9uMt0?Nb<{( zjBMsm<}^AKIeE`6wD3bO!0p~emto_9Em+d<4#rSfM zAr%Q)vaIf`dDxz=J=AB6?#(+qVr~B?urXptY#;Di$Na=&3My%95SP@VXP>Q_GO-0S?Ba09gA-Nc@VObj^J#e=6VMeKt7Az9F&X za6e}EePQ?OGtcs!s-fjMqjuWay=-us;P}vbEQL&;&m2-UO!@t<)x~l|T7)G!oY$m@ zyslf4q`!=mVZ%;F7UMCp`Wd_FF{xCRZu_ko5>GP+*Xl-4#WG_Xe&L`wp60chyTS<- z0>6_*F@j@9+tVbH_rTkzNiYM}lhZ_?HAK@Mmz}0D^5fO1U9AekbBm#6AnxlT878UR{*Ip`JE8*Ki!_%2s z0c(_1QOsOB4-M%JY!-lLz~Do7CXp=a97vWPZP@X93n;MQnn4(^P*nEUtiHLLgSogz zk*>p#?v|K&J*^W!Pea2YEH<*Clm6X0I=D}f$<-G1A;6O1xxaOxL>hxTa3(MC@d2gS zzixI4g}!f!3;d5pK>e@;XTi+)#`dv`MhF5q?IZwMOpa?KL-hbS)$ zWE%QYSDUK^EI$3iI*X`1Q=YyT5`@(E?g9;DCTgZS7K_8<0OF zr{a=1y|0wF7f$?*#8QFp4i9^iB$)U1yHiJIY-~rkcnPtuG|>5f^Y}&wqp~8-UvAqd zbgt_?)lzIQQmw>y`&aJE)UT}qa$PBf$pqQ%gSLZxahVmMYo%WpjC{#DhZk8)rC-S! zc;S^7AZ?&U!wyhsEW6TVBRi=IMy#6EIz8t&(eMkWfr%m@nEa;x)^#X?@j@Wj2TBQi#YPAh@0P z!%33zQ)uty5-tn>TF9}m+Z}-NCxqFNh-MAvM=sYlKBnc&IB&Wm>)6wjW33LcTz$Xs z-G;$b0y=bTj;6D9rq&WBTNhGzRrR~)i*L|8lj|7ihjiIJA;$-*pRe{`s%qh#+sJ{0 zi|IXmOcr-z>RkpxkcQe*ksEaB@0ID( zo1`RBX0f|oP6MaJ<`eF%jx0+Ng7*0#l_GKg{m^6eW4B%qpb8(>=_Blnacalyz|F%W z4W{jg-hUn7RYV_)z`$WZ5qvaS`+IY99Bqoi)e|jk-HPb$m`nk|CID zg>;XtVy*lq)kbSC3Ejx!MyVr+!#LjKmRzM)2O|={Gxf{@y2t4vpOVsqb76`IzZP2J zCT=?5ak(&F%+^7r@n4alTo-9q4J$OhU1%Py9_=r@QWG-4YKp~_p$6hiZMOFT16PMm zW>P`KwS)}#%xBj+7~|&EVo7zlk=cP`gt9BNtgWEdQZ)IH=cHdj716&E$8;de<;YCV zaMHX9aTu%l3Z0OJMYg3>*uEmF%wYcbKOHmO0)J%P;Lj4% zjP8~pe$|)JE;#rnjxhIK3t2savJj;j0=$iq9qqrIDoJ>SuZiC9l4DFsq9k=?^d|f z_siWkm`b`Ri%26G0_kOP7Mz@Hg^p?+CDm!LvaYYuRG=JJJWIbVZ4kjSVn`(|JTt%k z;=&k@e31klT=;dWfT{5lG`kRDSB<@8Jg_r^k*DV{|^;GRHU9SYrQ-L7e%6bQ=9rRfepOSc;z&VIn9y z%EChneJabr4Qnb;rFa~4N!u(fMCUK!1^vucj6}7Kwd2PlkT}@!-`Qju7P;<3_e9lzdvx>YJ<-*YNhM z5(rT79Z1h+S_ z!!b~dW6?ApP6T=uZYQjp61jed89+&EnzFOH$StWVO99 zeLPR{fBq~pgt>zU!~_`j0JH)mdgAg&pU)58OowB|D1=hFL)29VcXbwBR6EX@HUaC` zp!yVmq&WjHzykByn+L}oE1)jg-KC^AVj_+4;%|->1v-o5(d`4Z76L!TBA?Bb60PT{ z3&1_?PE&1yK04ZUmv7gvEB-&N*_?m30k}>{X+?-|e=+ zmFr-o_O+{{!l4n}OqO0qKyNXm=dGS)%D2Ux7b$hL7UF%EY2_UX76`4sG6RN+v9C#Z z@TVLt_A<7v*R~xi_PW{V)ag9`@|i~h4rb%fxw;?3O)*`8^FA{odtxyN9&egIm{-%H4}k)Xe{nrEi}}N?xybThbCZVFj8j zd@b80;A2Kdw)mTcAHcHD_;t0CM%q5Bu+W}lCVcq5lr!04ic8@i;oE8Qr%o-tSi})Z zBs$Uf_ti+SX0?a+B}>J$SzLKxKLIAPQFJeCpI)4y5zIscEOdr^I2jkIR9v@R_Rt^= zS=8qIN&^IgY?-{#rlEW`)Y zx0Za$6s#?`2D0qzxDw~jnU7Sw-3-;mDi8e?66I*!xyZ-4V`N_~wmH`(wxR%JAORJU z$%)vJQs#i0G;#KoXz?=yuAR$P=F^DVME~%-008gvP=D&YnwluO$unHBC|0!MP?h z_J@<2M6gfV%^|c3t%9u9`wO`i`X`28kwSBe=8MVkilur3Gd z$%la^-JwbF=iG7MS+^f38^vA}Fuwf;9HG$y48r~gMFFIt=%baDNNH$>1Lq{nD>dyE z?g=Yj!|}tnv^M89*cdSx4f@6ED?(}9Hxov)kOzP@J{C4*>xiuH6(Cz?1JpOhqEH^3e!H&ZU%;`;&Lic2tw%oBNPG@#h2(_e0JQRlyv@Sp*sdASH-2F^U8EmIi zu-?TQ{3PO&a-ZRR>m%^ukRV1-ZKEYA3hAl__@)pMyBX{8&CKg%>k&wGjY!MKph{^6_bQ-(eb8((M(C zK5C-CY-z)+K*qnIBb8ypbiG^xODCwc=O#hx;MTlkpn6Fyi$ALyjeA3G-8_a4=TS)1 zue@xjo#WRG!DTJNl)4>NHc0%U=l-2+a;1i;{NCiQ_(#oMq0G74*LAF9$bph&BC)`# zxi2`Ralo2-3n@^?){P9J&yH%bco#vweZa?LLFk?!?7hf}f4|LkHausyAqma)VEqxj zwJ(PQQ}$_Ev>bkp#K>Gp8absd!y~?UnwNvUuqmvDro8DRZLGe)d2vWm97o+3(<^nq z$euxJ={0ix68vgJ@8S?va+psBv4KWWH_;InaQ~ecY>8K8$z>et{-Q=d$7O0|zdMii zEL@ko5@bfqPRZTihokDW=q*pFjC^ z9x$_Zzb3PVK6DJ?a8rWLY^e)J&o%1j;gKI>(!$98y7CR~Y*ci6T)19MO0%BM`R+5# zURY@B%xv%^2R~maFjlBG51$S`n;zSvrj28PL(7-Dv(~dQawpF=z;_p$;p@&f)^f;V zN;1z0hk?HN|9ceK5|Nn^>*(x+6tkwRpZ&OkmR98j<0_r>-`rEEpsMz~#*`Z$mxg=eyh~A( z+x^y>f$-^LU;_PTWOPWc1O~V;Vjh`C;_^&_!H35M=z!x;-^>ItOjtVf$WGkj5+mXo zwi8bv40}{EmzpY9gVdD&WU3*`4fr8j+KhAi7^7oxq7Uk&+R{QQM?s4y;aLL!^Ch4e zlwV)t{}RN7CEMFDX^Ty;Q7-JxDd8>4Yuh6qprI3UO~6D7iLhEtKLW@rLZ`{El-?r& z^}>aG$)$INAY8?zQqI@WitOp^Ia3UeH9e|J`Z5jRkY**s>6pk_PF8OSu&4wRyCYeY z*$rCmE@Hg*n|`~qP$dMK)eq&dE*FGiujml#@pWjd+INf1qlmwG2p}UME{b9!#3<)yB(MNgS_lQ z0intxU)5|AJYYI&s?Vzqz;PPRLn1-<>AR1CK%C-Qg2p}#!B;2Xd`k_kb2!WiL;ZCc zMjwl`&@&!0o(vJG^w%D(pWC4sCyP)cgI0RKm&NU-qvy=%-BKdz67 z2S3 zX18yiIc8DR@@Ns}7pwyia&{%z&^tS2B`>bwxIo*QAT=DF^Q+TakOfsVQ_eKDvP1r2 z$ezAcD!t0}&D-4Cy^D8Q50?V@sT3ei7*s=|hVL}nky2gJ;sF~hj|+yI-mcb;;no!( zQsMxInt2DF)+!(R9wHW_{49iko&4HnsD;V+x^e3nLu&?+w7uR?>;7WxCjIx7DnPfQ zsj%MoaFeb`masD~_1!4CG}o+(r{L1N4%T5r5uok#5ng((M0fS6L3PC7U-8R>2P9KM z&p&5$4+T*ETG7V@X=1CVxuD_SjPJk&YJfzzV6-AmF**+^ev9FytLJV&(9q-}rWpdS;#(lLw3G`com2$V5=mz5P!O#LH?U!|*=~0=G({yoI|J5P~l*28{Xdt0Ra}c1_HxLq|1tg^g7~6iMzP zw?UPd_Oi_yn>6ZYsVPJbA$HDf)H0d7*G1M=?Jm0gJQ{a z5A439Rc}yw@J9(;uhvGs~ZvfKb%wM+zM-{S5> zSy!8DvlG7WH-bI$UY`5(>rc-J4>&8cPnDGe-WWIGV)Oji(F;{wg8uv4m;Tj!;Lc?* zZ&?6^4>c=gIUL68&#I5|Lyev^Wq_;qwF_hELT+||NSy2fAhxST3R}zCqC~FRy8P32 z!v;e;4zx{<3gi?U5Qw^h98tG_*xbI=itKj! zugK(Ntt7i=V^~wrJ^wua3Ff0LHt`!31IR~=)#$8{Yx^apP|ArcvV*W1dEefzAzn=e z?auu&>tVJlR&G8SSz@bkJwg>qG6SV#j}@zJ{(`@S{vp;G7(@Q!rVdd zxO=kT_9k*(Ff~Ud*8i~?*Kv@?;h@}8N*8xoO3(N++WfEP;}CpU<8W%h{RCQ_8ZSbs z=J;31cD{r`P@VnH9od4W-WL{CzlSqB^nn)`_g4nI zI{a<1J{gT#NCR93jfFV7yk$iX+G;}^fwez}Lvd%p)UQyIqT`R$Y50<1*^L!Ro&X?l z@9m=}=TfkE+ugV=X(_^@Y0Y1{BrcTeb}$6-_%C|WBJAgJM#NNdZniXysuD&axO*Dl zOT^VN7#1ga`909-3a45GM|*qaw%~sDJGH?#MH8!gY*UvdBlS|r##;wv(Ire0p$nA% zkchZ54K*|+O#wE;q3%k*h-2YXY8Da@A=of(LipQfm|f-zs`6OC4e*6=`ncJ6+g@vC z_zojzjNSz~ZX49Bkub7wOX_FsOolmXa%il1TU3`Qo8zB>fw%>mLg2WGO`zZ+KMYh) z25A>kx9A7%RV6c{<$QQ0(?Y&9X}a;TFP7ELA4>#aF(~1@xjJG$UE1V)soLM+*H_u} zBlLG49xvv~qack~FzI;MM85>+@+`9(%))*XTKp9@vCpie?HroKV><{+!cx~UY};J; zXg(df=DD$09{9Oe%}p2d%nJD}6ovV)eA}Xw_S2Phb{WsrRI*~+zs2?98?Cu44fvN2ifPwSh^jPMN4wE~Km)pSQGVGve|_yHMLZ za30N{Mm7a*X)iO(EyOQ?@rY`MS+|wS1TWfb=u~Ac679r=6*m)`p@Lg8-%kEPtpxtz z%St>1Ys9Ri|N9c->D_f_7==ufoK`ZwA%t^PsYCeP-sS%7(6hZFzkWhNyq%n~<`P=j z1&1}uP0WcMORyAE*YRmas!21{B>^_9oHz+#yUh~#e6M3|F?6d&M(<7$7y1IQBAf~ZjQIs;ZHx^N>1Ef=}ZFH{=e4L~3 zy6_EbN7*pIEjwq&_S6N?^*E^#H3gG@!-U}}PA951sMJ9WkUZ9y{mn@Iy$uZUq_f-0 zdyd6Lxs2cubTJ+f9)CwIPbdIzZExkQ{hH?C8vW|>O?4B-LYb&+X9?y)!JG9i)1b@{ z8meozFcHFj>-BYuH{+F^ntBp?D{gxbLs4jM(7l9YFT9n3;nR-P@RRdY3B$RVTh-D7 z-nWL^^{TN~J?3yv?hn1##S9O0QS_{aNSP_Ng0mcu2rxg=v{)$GEOJt%C~lL%1s7rx zTH@FF(yWxL?$RYa1KBU%6Du2IgrvB@R;XDSBxO$I-=`o1nCz`Wry$)klf7q)> zr*g=s>~Pyp#tib!aA10lf6HW@&pY587?_CimQOr$mWBP-cJ}}E;s=#FC zSi8D&sf%}fHS|El0t4XlO*!9%b*qI-##2sC!LqU*Y$S1Db7(9;Ysu2zbCk6G-g*Ab zWA~Pn2-wNO5x5XBFux|vCDjE~z^^Sh@v!R3H?xwi;UtHCkW21vjOZ-dU_Q9e=|1~p zQqP*@K6d+7?ehix?MTtnpE40C7T)s!e}h|oyuBEg4W`ZqL7^r4k=JJvS6r}NV*0u_ zy0NY^PTKC0&$7sm>~Yk6f$)PoyLLl`(pkINE0BshCUpD+64y1cb!j*NYmNb-#3=_G z;f?-VB^&((@A*;98TS%J*VhtW6d7eVR(bO5eA}k6PFN&9Ae2L$*z9x6;joC}ht5OAL>40b3`r6IfgO~8e*eI;qf8e~cf%*_UA)#a+yC|Va zwJ`RyI#YWBlErn~g^(KcDqo{uT*>fTrV@y_R=4QBY)7GFEyT4SeEex2r-+lukU4#K z%Qut@QoxWr=9JzE*HR%gK>T^x<9ABm4#QcaPMb4T8@wVfv<+T{|q6!%}NJtx5_s3S_Q#5%Ii_XFnkp;81fO;oc+ZHB}um1Yk*Dv%5T z&xc|+nfEY~RIw=*pfhO0y{+&?!%0iE+cnDwhe>jtwS{gNH5p>T7lbtzg?<=!n!z)d z#dc}(EySnYr_(`kvcCI!&HO%+qtvom^8sy_=I|di9xo(Q2G6b~aQ}88yccv^nQglg z%8xMDn935G+9a-Un6Mv7GmX`fg6z0PKHWds9PfHw1tu@?<(`#f%aPU>sTH=n;bS;U zaI{_9_D~vAwdnzZv}}7`|Jiu;)!DgGrtF#Hnz^b#7Q0JK_XVUiBX+$DBZ|mxGC`b} zJ?Rf(%r;rxeeiHQ-YmZ=h;Y$s8H<_~9W11=ffSZ}*lFuTq;9tg%D6{r?qYo}g12?j zrjnVjtvTS20yVViqCTl z!}1E~s5j4#RH%Xz^W>$DUz7z+tq|lM-HE0osPcdfq=}_dfN4AMxAESxZ%T7X4^t;p zc7};{dhHZr9D9U3nKC$8Z7Cp$5JDv#(jknW>)>iV_G*MGt<4Dpg9)a9ncf4a8nM?+ zBJcOe{EHDRw{J@3tMBn5{2aQ~7yYl|qd=Z&8!F8-aodhD5Q*`{^O9w!TYl508e!9( zzO1Pw$J$GJ{Y*d>M#IoJu0aE14EXKV;aS3Mv#<$s=8y-eRT`0ilt5rnID+`t6jk>T z_Pg)ihAm5So|ZZ0d7W^S|7L%r59W?Ml0Ag(=AI&$_sn3U4eYb7=5Z%oCToQ*oXz=E1la&Wl1Wg4CCx^qTJCYy<#q!G z;&Z-ATV^kdZIGjo6X1ti-Xdov8^-eIDSWaPO~J;g-9yrzV^_uyJO95481WpHrZdr| zLMW(=pNV;2Q%hXInVEi)@Wj@kRK8*Jjcdd z2^%7{`Z%w^?HmYzVHGRnG!xPlHsHT)LvS1pjNDrnz9Gx2(t3@;`Z(rk#K^y+CjwXL zieRR#hCQdICQ)WP8< z2vAJg2h9%*My<#IAEaPZ9$V5Z<54NtifgRLwcn)ob)othxAZ73Ik)V(hpq|bi3dd8 zgzkM!V%#fCMPcEs9!0M+|Ho0Zvp~J!SG7DIyBg>%ZD{{)<1uK&3JLuK#3>Gq-E!04 z=G?sQjwu6_;hyOngwRrC*+v8Moy>Oy!G6o!fH^E9#pHiRbj^HH(ZERpNTJTQ-+&!?gS zUo)y&*bXlGs(m}ZRI0U?4od_G(baL;mr1n0*Z3K=%fv)V5a9R&A@5rzAZL332ZnWj0sa@w`6$w zGK9nXFHfQcTdZLm?U=4Vs{>W}B8G`Z3#oP0SBEws1SmUu*Ktu$M+|sXcYDds*3|-! zFGT9PdVe%rF3xT7Z}xXKnKNZm?UbN^$NL`*)$84ez7n#^aHhqd)G+J!b$kV#ORB+) zzB-3Ugp)+u5bkGY7FLn%92|UubjI|At9!25R_*sW`9?)3B**UuZ^Tht7q@=95^>J(95|6QD_+Sdnbgtblc z;%cdZ6(G4bHn7A9bH--`grWNEm^R$ZS*hW{ zkn4hGxzNHt#g60vt^)|cH$Ll@*@b!sMJRHi{sSqaw=^D>&)w1{&jiUKqQ-S|KXWKG~bHCV!B%#N1q`wn$Si!eP+0G{&JUUIFE)wUd^CVI_DlQ#3Nv!zt;6`y|kH+wZh+hbyw$58N=n%6N))yo^R<@=6SNp7nv*V=jpA#cgu;1L+-_1#L(N ztKD{Ru+rR}xE`N`zwD9v)=cJ0mFeOq-z=cQ^6$M5FA(8*0`~P&QT|ciY==Fw%A<(3 z88P{SmSQgwoy@*?^tgvcSCymh=W1=#!8#NkVxdzXxvY_SEeFM{p~;L)vAKDKkaQP3 z@B@P;O_KI|>%JPhPW>~Db5&LCs!G!xmU*)OD_!TJO3z63AEDVA#`zyjuWNS&kD16w z$yTxDbww{sa~>)K)0zv)LN7eQ57*)olSQ`UXs|fc+u>3w7GQm;a&V2g9z#2an)a)Gxvn-V<|)IzMjM_Pv7tkJOvnxpMe4Xu8_$nvST}}2X`4( z=smuYJI%0Uy%Izc=y$S1S2e(bpv|f-!+vEnSfZCq6UJic$yPvUtV}MK++Pa!1TGfA z0jEtKFYgJf{8+bor+yQjb1$}XYhd;`+cg{4cx0K_Kx=G16_^@tG!I#&^ap44Z&*4J z;TZoeC6adqW&@Ej-_7DJ{tpRG^!WM->drlX>u_|=V7tX(MJPP%g+o&~Gd_O-1I|3u zkKSxA2aj;z{bhCTA=V@u*Y{^v<;mkp%Il*{5X61iQcEW=AoPOh0PXSrW&k!o$-juY za?igqd1jhs=eAW1sw9*l&Mht;vE_;}sMwYgjn_;n_8&7=Z|6yLOYUx8cX;?a|0vEL zl@quNX}2E>h|j8T8b#(9QfPd#6opeT{)`%H6mx4wUgej3}m&^aU4gGrIR6UAAh!sV|lW~iVm zS2gCWtp2f#_8%_A!>f&>f9nVwIrnYn3nAep$<4_$T=Kl^0FYci!lG5X##o1T;aT(r z$-h$-)~%Hjn0&|Op;;MJV~7r-GFVhS1m)$D&w)Id_Wq>p2%lyEYC^zn$H1^;GW!c9 zCW{~RJ)ygOsuy3P+iArzVbP@ha|LJIpOUeTcKMVGgufQPJYM2l+hALG#|d__tx43aZ=?f8Jw;! z%t~i4<#6A%62_~oyZ@e6s9sMwL znGz^DHbBSDdb!FFcLd0KZt|Tw`eog;C>mM$^)~2i1bTPXR?p0!zYrQePDQNL3%X0 zJgeS^1mtSeT)zl$K1+@U3GLo7{GM;>LS!=@j4&I=Gf;DnzeJ%{oQ%!%F6boMg-%im z^CIGCZbfsY*Ii`HlVe(2peQ!Q8w(E04cW=iXu}$E^T5L+_v)21OR^Ufeb~FzeM~E` z)zn0}fTXeQd&s1gZf)Pd?^*0XFnfW1(RqeLNAff;d0!A^DC<)ZJ-c*7kFNWAjN9-O zJArZ9ljJf0?>JX;T&i1;A$ZSCIu?OON_E&3>nd?55QVt|DTmDHM{F&VfjojxA!SWM zn4_R^H?!trktR^F44Bk{#vF?;r4%UJBaWEanSD4zTB`|vu}XA+ldqOsg^aGRLp*l1#Y0E}@BSSeNlZ#ar+P;u%#$3%J#aOOkEQ&Mow37*6twYwW!T#-?*R%I|} zMw-D!7*#$tOvYv5R%=bcXEcfgP|YAAz04oMA#O|(*lzu)(T3TrHQ2H?tL}bnT9a=| z52Xq+1sq@qZ-x;t<(?ee(KAG!jw=cvWbozno89@~%v@1ZN@xlk{6 zYTRb+=+N8d`lSKtpa37LA-%If?^+A8$1g?L-Y+bd$H2`QgsM{;UQZTXV>>hj2|xI4 zuJMFxuq(VGAU|YCL9UKO6Qi35L;W0>rA7&i%&dZ4cJ#ZJ`HrCt(mtNDOBdvty zj@)Z~p82|bm5Y2IWa-k_fPLtaC-m3@sYWq7|3xjSm%(chbKa9;3HI=lQ#(iXF{&H$ zR?uZB;T4Pu&z@$|FfWL6<`3apu4}nvy@LqS60aDu;j<)>Qj-~2fd*TsX}CzBe}(i`uJR6kR?qH#SjY%JI}a4h;@Of&$cgB)^P zCfr7{6aD-;>tXoF6;x?|^iH~Suy@6}sDtJz>qC7imMSCKA-~VqWk_-7%3QA##jc0H z4{AsoMr+=h$1B2xdop7k_&Js4TO-PBY|)<=+_0~s6Cj+Z>IiGPmoUSxQ%SN1gxCD8 z5+e4|X>(b;w6q}LnLL`DiSW(NN>zpTDk>jUyZ>r-Ke4zJjq7lpx`i!n>wwhwDeP1O zXp_;EB^g^%Y}H5gu2vciIvXRlSG#f6yCv=q(R|HFE%v%L(e#8nKx!QFq7aXpH~~ms z0E>vkZPUmw{D9W{2nVGySM5?FfB=cEqDT0{5Ki!SWrQtf?r!PmmYHt#UgA!}X*2@c z^A+FBeXb&=U_2{BHRtz@1^Do1Dj+i0+5op$5kFkzakoV476vWr06wlzn6L~6b-Jg=Ro0Sv@EWQ_11~^|&SfoU(DHfe& ztBHMaq5Y<1$YoyXinU7;_@r8w@giFcxm0kj5qHs{2%~umsWO;*mrJ1vM4UXYEa6H^ z`fT2tQP9n(ZelwgqWJ>pJirqYAG}~;W8&2I4}{os!x{kGy&;~8749Gy{%guGyW7Jv ztRjSYgi!w>6Hk!nH}?S>a>;_SBSJv#cu^W(AZ+O%W8&&ID@v6Ut5)2mBi+@?ok@3v z(hqJY$NNmm2Z};CvLY$8hwWnX@`obj3M3SF@fR`~M7|JnC-C;Kl{UfTu57TtV?_-D zI9^@(iS^UqKW5T>?cC)_{{$T9EF0UEUoXsLg8MrKrmlShMF`fT%~gxjh}WI!+wDhw z)=CRh>ONZwGSy)xvHIs#%GYnaKk-Lyci9o;IFU#vRUI$rrIVKU@QmDpTzV#X)DRVK z9DUmV4mVa;F*5J}Aa@hWbv5H}B)KX=TRwR*;}KHQmoiQ3cq*@t0(Jb(jr&kxJ5*b9 zK&6gDs(D=Q?asW=-60!PD>2J1XaCGqI7c}ERx4+_{B*5<-uSA%y`v$52GF{>u%NZD z-R$~Kg}XnAv^bN1(mM#i=y#oKDc1t*vd6F^mvQ>xoz~e z5kHUzoUWW04#N|g!HJv?VU}jpE4aM%9ed9{VI8mT)xm17$1^x9dN&NhY-CNS(Lr9} zj`A~ct(yc@;`6|zz4Q5jQnUfcupKDb1~SDm+B-rva$qx2v*mn5n|M1?- zA~bjJL6$=wP9EjE%lqvtCmY~6KF7MdzhIPX=rr^A=r$(#R37DwEp|vmC=BkSI6%hF*!giE$@)FkH+A!fDN@AQ?~N z`ONZtY5Htbfsxba8gfRi;Dnz2v%Z{6-W8;tf5Bsl1?5_zte zNd~`!eD8i3#vjoNB_B)IYG`b-F%oa?Pql#0+1|4V4|xAZyoPbztHyWzQOzX3X176#J_(6SWsF=t=)nR znWNj&X&!&dVYWLytE=Y|^vwm2=}$HVg*A*H#as&=py-Y&1G$7Af`+QFx9 z)##djJ&L0VxlNj|peQvgE4f-<@r0(g2I{S8id7BTJ|aTg$#w4&=~I<-ofBefaipQ( z^I2vTWwm5>vG7IWbXS$x_<1^Vx7k=#+9^G#9%my5Yl6isfG1|m+u@i#V4lk9+bp(~ z>Ga;4`DP#9y*$9GtbWe*+eQAym^Clmpxb=L6k}8^&H{hlVgOQbjh?5_8#w}XBi(`b zSNFBWvAR9Fi0H#Q#4zmA2~x19{sI|N&$u+o9A+1+vISkt4$3#Y5i^`~Jb=H0Dq7jZ z$kaRdoKFD~Mf!ujt{eKhNiwQ7u=I^YJcvvcTg3A36R5T}wGJ^~DbUtMX}^g|E$bme?kMPy6u5{)GpxjvV7% zz=8$5&4N1I__=rs0rEV;+#EG1!L0<=4+x3nc^~KDV=g%tTzh#V36l=cG`+x;+cbQA zUFxz1J??P|oYXtYHg0B$gYpe_!g#-XGS=(ua!GO{7=dmu8ni;seLmtyl-ZD^Xz^}X zD2@T$C&ms$S48yN5m)1*Y`H#`drya(bygZtLgS+!j)f{h;l81@^!C@5b}P@WrjBm{4@u1Ti*E7Q<`bbtZbey4u6g%1$%F zIn)NRtlIacWg^%|H`yts5w_KQb`@!hs;5P23cUzjSGhW~zS zw%cTPpFX2iy334Gcp_lP%q$kOqSK?GhQ{2I!5MdM1^OK=u_U@g%uc<_cls3FHX;V9 z3>KNp*6!}DQz^9PJM4c4T#%h6uX5t<(t7=hYH9@N`1H^4YMx2m`pk863^+Ne4cggm zkyfyIYy$o*9v)XA{-b^upC?rH4JpvcUf@q$+|auuyUIu|qE*_YzCbF}ruL7+ZYNJB zLSjrcjjnal`{Bvl4~*_6vs}-cgt<1+T(wTK;F6fs%{IV5YP=`MiqBVD1Nsi(k(F#u z$7>+#RvAp8FPJmHt3{VIjTUJl1T2FMZO-{*j-1>X=5iePrv1$0gQCT>eU&K+{yuar z)`lx>URIf669NF}pggiYmvcB?D}*GAmZr<3m(u7}6P&utxCNE$W7YJA22P(AF%Oih zT@+raoKxiV!h<`ZtMQnbXD*x>OnAW&m+WJ4m)PZPx~!@>S+ISWJYx6X36UovsukMq z&aWj$le5t4=`xFzl&JqNF9}7(f8GX01x5Z3W|Eq2@4V6Xmvi4{cPF|mA+2{P8fywo zm&|iR`9lq@uzdMMSh_ffd}-wVEDCzscIU$hXkXKD+O7CytU&0R-4Z z$v)X3BWZTV5c@`O9U5UQg%%G*n3H-l(osf2g^&m}PZwI)Ri6&kOmtroNJ*Z1qmbw= z-TU$N_0p3E6X;=p=kuLf2R~$`CB-gG0xn|KDh&8hX1NGQ&js;N{8t&+Nws+RodQ^ZXk2bX=cz!yQ7}8n>W;$V8<=c!`p9s8m#p zHC$T!C~a~NLt<(N4m30gydoeim(A1$=D6hxD6Z>Wfs=+1-W-0!ofNtkEC2#^F zh~mKgPz}%75hh0F%>}{eO)nG22lFnEhee87CH?ugUK?rbc%4=lu3L3Wx!!}>uxc3N zhCdSB5R}(0!^PWWmWWi;FQA$WRpAeawqXT<1M2-|#^lQF)4K6DaxNC6H?)NsBWps_ zDa8&Ll6qlAMVEOXEqN|p>;JJ$w4f@DBBIyIfD${?HI`fcdR$B@moYGc`YHeEE)Q~w z*?a%_c-Kt7x)rw1ZA3;h>fH$kDXIkpbQ8GDh1PJJKwi-ED2@% znjUB|SCXM*=>gN-gt7yt@9edHf;aaSysMgwCOKJ1Yxof9E~MMK8IqB-T@XfGvKi9q zF&_mR(GHlEWNq1Rapa~O2pg5mjX*jl>8GbIB)%8hHrW$R)wSCu+r00K9bTG_Dux#9 zI$gRSO$?Um&ncnTyEe9`JKs~_POyj~SgBuUF4LBYMWg$(^B~8>_H^#@Gd}tq$k={w z?}RY%Hnx6u012!gr9nnUA8WUC8TDW;+)j@+u8VK&h9~8c3Mc=J`GbuBB*ttA%c>gFwK&y;_ADv`G zdfj=_{oWFooNg=Zjvu>Nt6^TFY30liBM3t!6&Xo|%j_DT%D=Rlg1UgYj*?Z77<{%^ z1}5J*vkpQ0gLy&mctOI0fL?y)CK@vLIWpxL_Iwf)@wDU| ziNAceRhKeKt|Na2Y(~*9K3bTwOKe-@enV!X20*anbYq+3Gjjz-(*ivA7E6@f8kr!T ztv1L74K(QPn4MfDnjY{taF$vPnvU@WDB0p&;=e#n)@4rYZr-LKp%A{z^lGGitxKmy z5WM9!j3*P_4p>P8b9mP#CXqDH)}aJtX=@!v2@+7Y{B0zqEWmzl^@+Pe1~c&gOTDfA z8*;R_m-f8c4`jz$VN1$9W5qdiP99zCS#BpU+wh|2I2;utL~%$ILtL`l(ELxP-TV8X zm)uWB0ITmL}H&%h*RGt4BmcLLi>Th~2AHQ6Gt z{=q_g+Rx|1a02JBPS0}lze?W^Y@gX7rD01YF@0Shd0}jCb?3(g$v~$qfZxr zFHA<{x$y`-V%fF<#LnQ`<=fFFTR_T$64SZuY3Q{MR&EYpw@3<9A>ZfGCchx|!3u$< zk$3flE((AOUsQqbI7y7IR11o2?EpnVzT=Pb``YY!ui1QsZDvVd*C%U{rpG8WU&j_8 zjf&DnBD75WqjeTwl=FJYC91};$!2qOvxpa8FNo^Xq&LibzseVxn~J(B&36}fB{a|~ z>QAE2fzitHr#uUi@Ayr`%B;HnIi<@=_f}oO2P}8g(FgnEW&$y<6YBe6FV!zBZ@Mxv zBs~X>A@Yakk(}%qdAEW@8|K@R8e3>fEMGduE^GtyJDb=2|7;EFZ&5!uW`ci;3(GFa zKT3I$TRkvSx?UF?(z48D!X5=Wt#(g{UtD2DrE5YasaV?)pps$2^i665N zd=Q|k{?4~&QLi|uZq4>7jUmegy73gf&vr-xdt{|j=ep^>ze;os$59ag12u$)Jn$Jr zN{ER;r70L^Ic&v@^QqieVA8&IMQX8wn4Jq|S|0I6yzGHC zKWs8QL!*_F%ahY_M}yGPKP>g#Od#2HbAffu&r@_$9oHFZrap!&E<+4DlL(T2`Y!1q z)dO#f%O-lJpiI861iKo*L_)GCQZ+1TD{3?_vcyVPbK6h6G7xB@M^G`K7)8JV$=X%b zdpJQ*7Pga%W5AVdq#2W^6$dkcbdfs%HGeSP2_?vd?oGE&IOF(l5JPtFEgp{x6EN{e z)cz0hQ;VvRZpbE_z2~|*E7)M5XYK)*I0|9uHs2jl zoqLI(8eo7gc@iHHFkWJbmqY7AHHz4(uz_GL$u@Z7SqpMrf0G=uZL8mq z@$zOAbAOMiiyFCr_^Ubjn#m2tPe{x>ww!eZ9h-mOocnUuuWF2&x^NgKt|*F^nhoFjajf zD*WJBo+xpNVtl>ikI}LnbI78{WSenrIxv{k?@GsCk)V^XJ9c4BB@Q`{Sb3LJaDx2f zJ;oF1Z3uR#&|d-(O&EkpK|y`*X5>o%{Mgq;@H*f(Hgqpu#-Blkn#Rrl5I#cB;pbsj&+wldcI$$wN>ES{!|kon$#nQ^H*P2|7wJRU(x{WbAAz@wlBOfmYW!iCi_8R7G736 z0*>zf(&nWC^a9>iL3R~pPO<%+1L*ri)rWY{j~0dA-Yi4(e=ZMRWh?W4lPY- zgY;WX-6Xtu>U@oA9|i&)%`Jo67_Mv^!|+k8b)BO4wIVh?7{)$RDpl$DM=K zzmILxyp$4WY4X|k@`1Kq2Ko)5soTkJ9=?j*WXsl-)@6w1hT_vQU@cRyqN z0L*b&J!m)Y7!td@NI7X_ZL%@bh3qO8Vj8qih-qNrhKig6+c1H#p1z>^1#Lee0|q8z zO(sd-fPipovv^ghH(r;x1068`NoI*aKbPdoN%t-Wt!_EaDG^KU&&PFR3hn`!FAC0`6X4MkZBkjr<##kkI_vwzZwJO6<(c7W%v;X{X{O^gGjM|jtDsn>n zOdO5MMxef%b>dkLcGrTB2U1oOdQ(iq{7@OyZgE3)jhX&-nK0HENQBoYM!f`(TRnL1 zxfVN3OIG%IDA}P7Z#=IL|JeXI>aJUH=EamwE61&fklS)KdnA3*cQ1qMn67mvE1dcs zWd5yGgP(AKYx*XYSMM%b8WK9hp43;Br+@T_8_iVkUI z>r82>$b3FhC}O)Q9E5(n zh9Og-)bRkh`+qfX3YOYRmD!3%Wn_=xnYadgY9~W6=z>cL#y&fiG})Zh zo@cFxPDSaRD6w?y5svqEyg*NJ*)eoY<{BkWiNi|=jO?k#@37@e8n4R{@kk8Ko@Uw(E!@pZOTWH14PF>-r6dn`!ySGaqoL^)EyDu=g{Ua7tn| zPZ&dqRl}`;Xt2ZO@M+E)mfKF)H)jmK!Z$9Q<&mNEwRyUhB)dbUFo1N9^t>4nJyziQ zr8@)1Y2ZJTSQ$$bm6d$sa+Wc|XI=mNka6cloy7w3Z1XlE!(-CJUw#k&u3b~kr% z;b{?^6&_LR7=NtYdZ(s*JH>4!)(=swuQRg@531_DC$|$Lz6JwtE_VbsR0|3^$n^es zSvWS;^LmwhRmp}>tQRd*k!qXHqHZV1`rR{h9OFuytJMPApg+t@Gg^@GrE`XdHu3qG z0woU3sHH@B>qEfKtR{oUSK04{zY$HwD9G8(SkeFCW?RMY&KAbSXekx_|M44e;x< zLhgL^QmS0SXWGK5ApMe8j*K5$8zM@>=0@#@lbm{t>f_*LPyt`vFY;DsiM`T;Gwn4(~)rN9xme5V6^OI@Y zEN*u8BPkwRw-MF}ZJ$VX~B*l*rm*=KzBG0u8mAZA{>gvuhP2kx^G~#e;BBs_`dClwNFv)ksW3 z=uu$}P3u>kj#bjc_{_tzQvz2Wvsn@z$I1|i;uFP-xI3pX?;UCAiaym%?hqoK=(Rs* z0GD@hE>kZXv*%ToB;ojn)nve*0lcFsv*BQwqoBTWHM#vSXxx9WP*}3|LQRdAP;GyW4?}XdoGAGo+7O;G*P{Y z@weMIA|IZmq1zn{KYJdQP!zV6N95B}P(d^p(OcJAHYD*iJrR&keTk0sTYiAar|>4f znWI4~P>t{T;WM4pD~oV+xZJ=43Y_8=#PcL4!-~&1*lWtyzdHD%b z-bpLbS3T`y5IiFmqrl5&MaS7*-lW{Q4ES)0aC`?Fxf(VUmd1tC`Fh}Nw}PI!H0@78 zAmtPz|Aa^}$p#mXjh37Py}d%Da?H|3Au7NWO^A%pOFe~ogGnNynNi@;4^ zHo_XcOHvUz*ER^@o(|AU=OqayJc{DUyW0aX3AZazSm;_lAx}7|K0vX0k&Jjy$hX_+ zkj$pJ&uP~s)Ef3~=uF4u(?M|?`=FG=`vjGaxKg$v4SZ1vyY9G}nf#2-Jf;9ug`3Are3z}UT(k%}fnTO0e0b`^oEY?fg)Epby-X*HT5z-VQ>}`PjQE{{(uJYCk^P^69wTXCxg*C45JxXICM_OB*zFHHhn^U_(Kb=*bxu8 z{6H*O$0{V&b-U8}AL}lAj^{mRXie2;I3ryWQXOFfhbP5$E3o;i(b2C%K6x-7p4gkP zUzW+wtGeohgV0;(vNfX4ny%;<#A9jQnH^hsnEL{DOQ#eWu3HvMZ|beGk3Yr;Jh%5i zi1X(6Mmh04|FD`{*m?a=B*x?VDoe*%6T%Vl^wE^fH1B=Yz`ugVD3QupAPkrbN@uJ$ zrCQ`)_N&_ME+-4yZJ4n7SZE&hn!}zga3}fJrzz>655*jyGHw(!V|^v-T1y`50`5!4 z|6fhjjAfPPEi;BQ!}&kWGH@MeBr-xxfG@}xp zL8KW3OAEzXZ+M6VEmo71;-&=|&;b2;3%3iO-YXA$;6pRiN(KBiIm~LPV7yUB`ZLj# ze^~)Y3vjEk`Yaa zw}VF>%o)Ok_;H?auw0w(35_l!2IHx@bF@8NLlD>aClqeNs@EjC+jm6&xdxB?ntD^O zxY;5jgx*$3Jk79-4Oh?FXDTM)K0(@&w2w1Y0CV^1Z z2FvPZKO$M2w}L9!4wGn_4~_vnyo%+{i9I2#qF(@!7fl%R#5Hb*EMzn$Q^(QUWV@?@ zrxuaP7!UcWh88=NFePA9fRY}^S@NNVyz$qOU5@C5tNXh;4>vlz634=13XV}R;|k>H zy)mwo7np=FaI`G1O=o$kT9vgsI-Vj=EqT#6QbX@;0XGBlwya75I(@nQ#VtSu` z7F%jpYRrTrA?E{@g!R<_fNgHdO%V6`IcEn@)7$CKU=vVXq#3lR##xd$)b!_~$O(J7 z?|85GLV~t*6gJMb8H~5RB^>#^*fAJ*U3T#5&A2)a6Joh9@%1k<09GSRypM6Kcw^V**gRH^J{b; zRz{Mgo}_@U+qX%Np@lZi3(-=CL;_4WrAT!oF-@^I+T5rLuYbh@ot}7+&b4pR`r2+x z^uJp91JJ-NZul2cGOvsk(B`dW!=YW5OW%oFcqQ&<3=-?6af~UDt1au@g8`*afIRg; z=m-z{Bzi8kcl&u-%N6xWfn-;a@%DhZpqm4wjF^uG+iYpptCnCioWYN&3L8^Cqcv}? zSiGX_sh^JTfOFa_#AnV|G-@xhaFHFP=f9~~z5K4r7apc&r>Y&`&p!pOh6i@v>3f3; zz;x!};@<%+=}pTjNyvkLq)f#zMwa=N7acs)4J7d{fqz` zl0d9hrOt$T1wNccR<-zyGo$kvK{mB~v3db_PXzp=vA?qC5>f8X#5?m|Y%c$$TeLU_ z@oRrYEfoy_(mbe{lHlSQ_L?_Jl&QnZ6SC(XDo|9_-%!fw{)TRWUh^g+$Pxwtm36aw zZbCN|=vHwFOJ2be6(+G=vvL|}twQ=S17noabtsBoAvr@kA|*#ZYeHzA0Ip%gi=1B_ zTFS^tX5#b`5YeU&{9kS4H+B6Og_d@DbQDFqn&{hc#mFI@fXxN)T_InLk#ngs-+;3V z4-1_|JiSWd;-4TtaR5;iduG0QRx#^OXoq--vN|?F&`FB(jzemh+i&CrZc4Tq?|^rL z^<_PB)mZOdo&&mNRXQm_yMzpin0Pyr^S#5 z)*yo~vXRaF%yK|1#eC2oAtxiZPVEXk#4_5Zwx$sr;vn$FASAflY%BXxHBxQoa_=Sr zy;mH?zA4b6=)O0sS{ec+UdJ)6!JgdC?jlzznFoy{ zsP~Kl0l;h0`U5Pex8_JIh6kz^k^^0jniU^5Idf54b&D8OCVmSzp4otN6z0Z*t=C&O~e--F9tC@-T}X7S993PHs)Tk|$G zg|V_XP@c1&CW*ELz_H4Jn&29x=7nOef-THdkOMP|lgbbWVm^fOzSxX+05FBdNkh_W z*F?Z2k=SE821Ba`B0gE$MSD8FM`&|~m=MW94j@qV6Kq&~@M zS}0n1r;^-`j0*ImN53tz7~$g=!T3Ji?pFj{n{2mtL@lMUj@pNBX%Qv-VoK ztp~k+?aGc~~+3EX^zmFAbd%Dmvm z{?l~KiK09SjRC|U^~7S#_sL3cpfl1coqaYM8r~M}bfau+ZMD*YRk7viIsye(If7;r z9bpU@+^Z%4K7@^<8NDwNI^N<|XhRFyjtzzU_m%&W3B5KOkHPb0%xwsL<_z?uDS3gC zFaZ&_?o!^DDRz34Ji_2n6W?()h48f(A)WTY*`m}_=o~JC>_&yGW|=VKb3S8yXCR%8+BtV8+sNh*y>QkRzHCk|z#NtN=lUc@jQ|~p z78t_JSwsBb0GPbeMSDU;+QZ?YUSlSs&_K|TE$h0*OuS{t%VAb46B9i2b|E>a#y zaj)s!&;Sd1Jnxzu-!jS;oc@fsLKG;5MEPoQr0=MXEN@})t(y_I1g7h@T3*Tre21s* zW`XNRIAYDyvA;B6t087Zvjoa={`U65Sh!`rKnfvYvwWx&2gayz1uCzg@O>A;*G%K& z8fGpzLz;nk6PA8;r2Ge)D6YUH7dm;;z)@qHb3a3E1fC^t>>1Yv#8`wi&`Zq!M36U1 zb&I8Mp|k5t<#~O5>$KI=9~wrmyL1JYG*TdXxGV}>?~;CnX2XdXcN9%vopP+S+SUty z;UfFW6W(6EKwy0nS7p@gaPr~kPq#Y`B(are1M>)A&fz4mq-TjHKQ@`iVnS*aeGW<| zDt#D4*OQ-Gk@6~~%={&hd(FxQ7Z1fqcs>pK`=q_*RL4@O;5o5)K)w}KxF`BRAFfV5 z9NhcQ7c{V5@NOEnjLM(MLrI{Ss(UIfKmVNZ@%2EJ)JBb?scH2xOd%|2;J;74y#90P zx;PzzA|C~@eGCJJ-ctl0;LxI5XxU8@>f5%{4oa9cV56PBN0xJXP2&4j;c(S$3&B6_33u24KpSW9#w#>5J+s)J`d&fUbzp60pZ(&(tm3mGoEcv)sEku$+@F5;W-JNJk#sVq|}NFL$&~w~D1ET@0gto*Sii%Y$8%wB|gA zc)KK>NDm0Kp4IABF4@YO7Cm;6#>U;M__Gw}Ykfc1PVelrb0JOCHo%tIRjM@S)Ov)m zc!N;GgEDuC*!xY*4CxeedNCs2YTXJkN7zcs7p1lb{L}O|G;k*dcVkuwm52P}6#mvB zx^zYVpMDU^vlq{o8csP>=FbfZ&4d-`7_tnVg9ox{I!*D6=|he2J$w@p>tViy3VXq_<$u9(c(-tmpl#zW-~J~4r6o7 zaO|p}$qlED`yL{*Li%QNpwdN4_N>}LyRk`-=gT|k?dlTd?4Gci3wc8zgheIm-b za8ScjFDuadPiEGUy{-VsMVN~VmAFvYMZefyl=Z#z-!nZ|==4*qiH zxoUYg7tV64sv1x&J`yt_j(g$+=&>k8yQf+}2;u7RLM7I=65X~%>dLxV%BtnTb7?8O z!|nc~%3d8aOqE*|eFxN)tU>z1{?Jhi?l%6@}Q z%t*>XnN@UO10j!qsJ<0A>#}7;Xl4pX-;$Cl>SnqarHJy_INtb?_zi5L@p)qhe>9P< zX?`x2m&9)wra<%c|Bgy6)jkG4R_p-kCR3SCK;@&QHFTk?hM5Z`xv;%PJ70s_@>Z%307ki@ zgacJ|1&%d9)S=!XU#pd<%gKhKg3%xBocE%x_2RsTJKslo>+o*0r$&ifsm$l`13l4a z3mJXR1hb@Y<=dzIu?6$ud2r5w_B7N)m^nvlD>)x9B7!zCiNaw ziHBAB<@IDhoZQTj0#2e`cBZ)**B^L_=BY|aKNw#!oQ*lCr4waXOpB#v`y&;hYnU?o zgjeW3jeRcIu^a}b)!Sa_KS%R;9TJZi1!8{PEBFZ7RzdTLaNMv-j3!@up5=+p1HnjU%rI(1Oy-)1ztYqfnueJz{TP-gbrf zsLb2j2ghO1G_Y(TSmU<{EdqI-38 zRCU1gAPPqKBY223!C0TO`}+`Est|@ytQSbI`UQVC6HN)dt;m8%n#kF?d?%pSm5WvQ zfRRNg06{>$zcdFT1LUXVOC-l4^J~%Y+hYJp=18El+k?_c)(2H969E6SX@uPe;K!q| zF5|C@q|uwSrb$Ei`rJtNO?tN#bT~!;9REl={6~y8Y)&0uZ)>2im2<_s!TQ*t+hvbDm5c;4@WOsT2rAP{b29z*q*AlEH<4_^)<~%HbbgKtg5Nb~ zYVp}5v^?vSUxKJi9xRBa)eGEav$c{OIq}i|I-q5Q0_+3C^gB`+A8gqO^8ri);dB%m zK9i=l5yCNZk$eITAKFx(*D!G{SYRi=m?1xRK8-_=Fh$t*ri!&3w z7^~X4lH7z~jU)bl+A^6T!3U{vP~X3Sj&{JhuDEsMdg`X6lUBlvCf=^kXXv3Lk_`_j z$m0(9>>v$kPlo@c;5`n~HO{%J)j(HmSmQayqvmiBJf+jlufMa%d9X8og*#mJQ7T`$ z09uMIFV*j9Md18uk&V%DjHbZSM%)>63ri*`r-ot}L&Wxj?mSY3)&~IxNWxPvl=ye$s82a_P5}+*0e zcZ65>XvkY?V+x<2ax&jBVfbQB-eJ+X!Hj5Drwm)>jr^7^<3ec$YA!}S3V6S|EHQ8x zYWF^p1N_qmIcov#80?8w;XttOL7rSmHF24s*dzv5*p zAu&TP!UP9AVhhH$dr3j{|C%4PlwaYo1xt@2AEp;P?9{0{I-;`&yS#)T}7%j&UDA*#Sk##{vB4 zrprO9$c+dmOaU2Ob>tTdv{kKwe zf=s3TLq>q0uGygvt+vluVkj2}zAzy| z{=*>}$S`1#k%tB*Ao`=)dLz!aVn~z3h#y)KZ2KFstKhnc1&p>8M40(3&V4n6o-xZB zud!K)zzbKSCviLRE`Jkw3JI`>27eFYSh~fA4wNt{(IyWl9;du$UgWzFU0j8XCRsHJOwiO7>j~3OZ?I zAKt%QVO-{Hhf{D!k$>^rVfJ1$!J|>=-Rgo9I@3UA?$BCJwB|0X2{+caE8wVt?Yx`} zBD`WL$GpRIOA%<0Zes%0%GOerW8#F-7h;s1w}o9$C08tieolGt{vsNju6AJMh}d*$ zqc4a^J$6Tf6Zo-2LT`%PTK+ zl!U1X10aJFw1?Hgn4qbR?qJ#XQyDo+b(=eHiq30tfLqO3)ozN@x^c$YBkxM;T9o*9 zJfziMNMZfv6wQo&sk37Ot7Jd;{mmVKoBD3*FCcK`n_62tQMXRqu&vJpJ`VeGFWx*~ zI<5cpAOh3+{?T$YZDbbi00Id8kTD;Ty@xV=VNDLCs?BZ;Rw>Xpt|80v7vw~AdVZ4g z*kP0vH&k`;utRb=_YMrepPx|$7x*nn*cR=fkk@{itI>gbLAE7}F|b{}mC`plj2l-t znV_D$Yf~mB>GbvgHrsn%eEAo|VE<%&p_&8tV5SmiMOFcO?w6xRQ<3T1>r$!9Qf*RX z+3M7zJy$tDOKUO>YX{DkK1l`D4RbC1>XMTSMv_ML26{RB34H(|c1Xv*7wq=+Wh}I3K^yr8pEMYMNduFPKngh)cr6|`b zX|E5Qn$XV)6A?{Y^vhrK;P^7io})g%t@a)M`$6%-APKWxKstQw#xmjRh+T0WHW>Fm zS+u*{|H1F5v$TtO>@t9)=`vU>T?a0 zq&Q5MKpH&k-^N`8bF+vs`ce2D!4kiUiCEgD=B4eb%W{Zy$Y`vSnAf?+(~92V=eIDx zJD3as_rl_McR^JJbODBjES0a2|HYYdsPrCwHcGJN9T=;t^2YF<-;pcTz_1{kPFhFQmDrN)xFp#UUV_YW!Bk{RIz_6PoC zqoFUle2d{c+el6Kx(@|#0e%zBnPW*aj=VjTy+tG`-1)GA`B&n04KzuA+-4v=JaW4W$2yuiAHd&g5jAm+N>@;k` zslTRjLT)QGLt}}NCnp}iH%VTD)0mP5G0vt`v0jjsGRjmpg%Srh03VJ?vMc$c$D~DG zp`>`bwM{8JV*4+#q{6nfuhMmqE!+jx_s!w7%4Mu&yYSe^8M8>&t#@hQ0Y2#xm>Zz2 zeSEAUcb@&_NM8|T6lrmXHe8i#!3Z4{(L*op;qCoGjWjtn0))+)!!tGaRU_gDlqf%z(^Ix)ZF-nx zdeSZ&MVY;xhp`4Aj>SOr6PA8ESo6*ah4-Kcb0ZSuTgq(_Oi7yC8@MLb5Y9Znw4|F&FL-%`cOb&x|BjhApX=ng~N2eqbHJWcq z3g2a&LeU%ur4!E6)z>o^eB^h5Se$bg^;uf{v~VW26Q1=4*SL0ys+!*{aOHfK2lm|A zrC*+3Uq;@!T_h;_JCDlZ6mL*ZnCF2P7G80A6aI>`?KJ>bGHoWJAHUpc{e5Cmc!Js^ z2jtGE#lx^@`BoX5oVW7m%Jpf>A-9#0o+`d+MfS6jpg{Vy=1^+qEHKHtR!(nj^)@hq zJf}C}8PJ4+%4qF(|LlA0QTRC9LD9&fe<6(0hUSA*NeTU^r)a8sNhZf+KveGVs;@l? z_IWi&_Jz|D2>o!NP*_1Mep!n$iPTzLePdh119?v5Ds0U_N}ixCZX3zvN__}ljxpCZ zx%j|8k==~{z!YX-m>Kq*p&>3Nw1uR?8jD`mY`n|;q+h8zKYv-zlv0Mw-aDU;?7!s# zV#cnUFJa0i9E2ZBETptRBqre--ZtE1T>2j4T=fN{d|U+)Km@KNuq1^KJQA(ybu7}> zxBVR>x#~*mD!qEi-z-?hJf19I;N%N5V_)~ zVYUp;t8ksdUk81ZZS7uKttM4iB;xP0TG7O8 zFGA*Wb1$07P0K*dmXzaIJ32X_ZTCs%vOdr+SIK{CLL}HFdURyBfTGwuDM3$J%^&mR49_LvJ~=&5`aF ziA@~F>$FMVM-1vUlJ&!OU`+4=LWX*(Za{Q+4KmT-$EI`CLi7E@-O(v+2%?vk4OL=A zW~4f2oY4aRWkyH9XM|Yx_2i!%;sN zSl=&D9S6!qWPw35*9wY9e7`*s^n25|Cc9hB;+9l+H-cN45o`Onc1(wr{OpKDBiAMT z_{FCd3Gu?)B6e{zS6&`F@w>a-Sa?vN^2{Q!69IF*2lM-5XM6m(qPImjTWX*i^Iil$ zw8dg}0$iXxxLQbP-kI-R>>5~_*&8G^a0u`8M@%{8$?Dy5Aq;F5z@Uv@Wr)Rj#a!Hk zGR=k9VKXJwf`x_teEXzo@Z?embi`}Dy zxchTc7bU`fR5*-E!v*`8bGXAI6@p67n81&en7GKU zklj%{kpTB=&h#K=&5$ux5MB8W;Xu(8?OtSPGbd<+NGynk<;$B~*Uu?MSq-}h;zF8C zDphwF-fZCzf7z!m8CX#LvIyRdJNo?0=rDRSq_>7Q@9mpoH{MqeZ(2?PWuNZLf)woi z5-1T*Hw<#R4WdU@AIQ7A^$Us%Ch5gvkYnB2Tn2*u9F<-)D5COx8fZ!OOSOdgkP|-X zKZ0^rdWCj5e5llSm?Q}2UrNKStQ8En5@`q|%Op5riv0yRZKY(mB69M~7&8QZ}DkfQcWC@!Pz zMPC=P#CjdoQZ^>v=;Bz&FH(N=_b6W_61AvRPv6?rL+#Ca7iI}Pe23`P21YrvH9M2{|T*97$FkeUg``OXQ>2j`>%X8v~|$U9zQz(BMC z*;P6ST)ex!lQGBrn68N-K(V?kq%JcWVGtRJ=rZlS8z4&IQ5H-Ww6_H}@JGW8I-5TL zdJ*0oi9IpQS7)y?GEO5v!Iz^F6gUY*E;RY9E|r+FLENekb!t!1Qgt z00O>b+C0jUINy>QSm6yeQBjpbr`PzhxW1+7T;3?UFUxQ#I726-J{t#9HVaISUT-n5 z|M#BU9`1cYq*?pgA`PViLgp;GX4SLV1G7VTKrH#S6qieT0MrUV+WA368Q+cXkf>Sh zVWPuUU!JpUchNr2{_%_W$UK*eHLp@kd&V%v@inw?g^`2I4`r1xo0V|Vnrj4}-gyYW z1oTr9$GU0oVhXto&5B)DAhn8H4O@KUq~y7arKhW<6QKrBLH z??VCd_R+S*ql8(ri30ah2L7_QB`Kq{GB2=i2;WA41|?L}lTTh@%Xp%KKsrlqEYffG z;H|>M*i}QpnG-@K9onfXM)~BkX*}7)GUsBxn&9&;Xo_1^@VwAHg1MeY);|{AEV(hN z-vO^%4ap~V1%ZQUyi!t9A3f7NR^cGdK*>T$=BTKu%qx_LKue5`FJ4g4Cs*sY+V{!` zXn|PO34tj11GxVm-;Xik6M@$~c*Q-;85OiKQFlnyQ70BA+Ro0uwQD z6>J!iy4n(7cOdBrEb?Y7i)0pDh%T@LVb^nB(zIf#X3m?RxYanN3H_XYcXPrx%h=cmB9%000|<$$e_T;jOT;64c#d`hi8pDk_#IQaGsbrT0V&-I0&X0 z6g53oEg#lL*&CVG^yZ zsd@E=7LOh~F6po?l7_@!9b!>@g@sQbiw{x zh5Joq;#`Z|(lh-%zpa+bch;wF2reF_*w!ftkWxMHHBn3aH)K`EAiXGDcW`z6&*G-H znE;}1q#4J|ZJ4;SHlpPM`wcuV!OVg!-ITY~+#!`Hf|q> zN&AfP;EJ`9OMGSo6CL;o%@C~kPJ%IT=Ala=P$Sam_~%U0)PM5|PTI4MM(#s5)iND1 zOUZHIauz*q<0ENx1hgtFSsaRPZi5^qme*)=83PO<^*F4lz zau|qbJq6A?ZatsOMr{$FF(J|Qz7EuqD2&ZF5xz7q)`TisCNIh6HBiI` zlhD)qF4xZnfuHjkDTj(c^LW*!hWmltfddBCp{Ty2-EqIgOwp}*n3d_EFcp%CSDR{^kXZYOF~@0X zxw;s4@FJWm>Q}O0QQbV{T?9DmMINZl6hBn*(+~`NZQn7I-(%$PsYQ08eXqU6N885q zV`<(6#MNJYi9HCnJw&}XVPvkrt7E+HY0VTU|57Ntt7m)${^3do|80yB}l+?mvJzc|x(>{i|{$D~Q0$ zwi7T79))5z)`1$C3Nusx2dx*mDIA!A+ROYLa^P_Rdz50KoN!44tNdCNWQDF$dWF7x zx?d#A5Q+s_@K+`h({_NX%LuxWz>|?(4V|IQj4d{ddrqL)HGm+WdIqM{4L+GJI$Hzq zXxyQ#aIufHqoQ&XrDKRc$pKPAito_8`i`Od5N7!%t)=pSFs;$q^H5@rSYSqf2ZW)D zPRYu#*Z{&KNk$8r$K}{-9tq=S6*koQvue~%;~Ne4Otb;0S8PvZ$D}J~(;l{YT8t6t zd_9(MjR=M5=LgT1Bfx2m1mMYgUB+&E)#rB=WEj_qQxKz=dM$}&?{HOlw?cPx2MsE_ zou^fCKvLY8g>*T%J=(l!-}Mf#6|!3ktV>`>6VW!S4PFHMFD4i>a#ninEm)ErZX143 zcM!U_U}~JMm>BD%V{^)Vcnr?_XGuk3Wjfvl_)S#~bX>x@pbTYQbF=p92!_b~FsqWR zn^lX=%mK`FU}h@5f5wRIDj*Mgme;k@NU22Hx7!G49+QIFGm8@GO_~!r=37o&sKJsj z{NcDij@bmc(2w%woZZqnRb2G)Ey@ga)Lz{l}EG~ zspzSZetLv!PqEG+4us@lUK}62o}Ld424R-1lmd~G?0u@SoA75W9CDi&D`*#kTxw>$dKN|~OmC*CKD1QL5|bg-3ybnZQ` zk!&Bqw~?kX96bPTBp7dXPDB^>9`JbV z**~&BRNBRfEsOKE-h2HBS3hqst=Q|0z~g;%Isxjp1y58$V#t%u`v4uI({{G`)uie` z2=oKN=kWa+FhgCUo}>#9m@@7Xv)SW~iwuJB$k%4uVGzO2?qoBqOCYgd<)2x^Fa8Nrg*A&Wj}C8!f|Ab#Y18nDWdCA?5hAul?4 zD%5G}c`@}&)Ke>xnV|P!$8C8%Xk|Bx0}D!cuMdE7Gw;v31d}t5Z^iA6%yM>h4hqZ0 zR3P#k8n)ygbzs##68@0q!N<8;4_fPinm{KUioG>I+=B~&$nl66Zb$A1nhVXlJ@Em( z8p#w7e~Zwc0~D7SpcNX6RAE0u!LKun$_#QAG9(vxuFpcoM-=~ zORxrofQd}r-E*#s4noOV_sMxb{uZC$r925J!Ie-|d6=p~Z(QvnGb>q{A5Ru5j;-$J zHfn-dU>1-jut|Sej?g8-^9jr^Q9m;EccSh6dw=;qWu;9AIVYBG_{TlG!X4lBi@I&) zrMMGw4{jg&{oB)sJ?q5Q{vGTlAt)k%r^4N&D}Qt1%6u$K_DdgyK2$8WH@~^`?3rwSb~qWB5?`mjL%4(A%LwC19MrY2^K2XK~ z(>b&kSAh&x9w9wvDJvn>aFh#G{jfw7)C*`_BTACtCTS7H+df1I#o>>+_mv5V+6)h6 zLF1Ln4#yjMj0{dn52uD4c9{zfz0Cz0xa+Gix~U@B!dYExZ3M97wunh}GdGP{Sf2i) z?!sF8VY+1%0u)G$v0S}l51qv0b|6Q+)8RC2yrr$&#)$o92$+CicN*QENp^Y@UmM+Ur5ha-BPzux9=Kz z+s66wyxv9~nN=NzTutGJXN{8FwLLN(S-U3~YzOT7}^4HmDtOtax^wE9Tj++?^0dyqx zCY0v0DW6g$hYwkJMXI>D1*kYwFzzhe=&-F;fYYdV?H3dvlr)~}!tMkEX~qg2c?3J6 zg2(b4+6TGl_@BNCe@UaB?bIjssm%*|-p|!e!n{*IO4m=~k{I_jdDUODg9>1#>)ogl z<;UZY9V4l$_dGin>+=;RX+Y)k zv1IsKkQK-IgO^?4_sdnRCTyHiLPG(tX@>%K-{_g=BIIOW(pXQctUB%-^mfsdcioW#yb-?)0xtf(PwB;cVv zIr*-vf0m)Fds4H`#Cqd^sJwkD1y7yZQ-_dryEt?r;HS7;!E&}x1WV~3DmFob{~Hdz z&8Or3w{PLozCa&m;747hX|E~tKlTA|)peI5`v${xw+QcxK~wPgksmL9K)E4M@0VKc zoPzorek&H9IZ6BtasUmMGEyh*)g_X-M99_jm}L9pE-+@>R=hseT`0nNZuZ<@>&2K~ ze_v9kvY#}Urq&BPd>!_j(yI5$hDG7_qjzs<9*;4I&uRBY3A--ZPgM&cJHDz!+*z*e z<39RkNr;V&4!;lCEH%;G$$An=k#alc%_u=?^Mb8BN^6Pck3}QYIJkvlZ%*bkGw%bX zLtQ@+UNIwsi-L4EU}vOdv{XZ6>xbS^!cM%0gi#q{qy2Cj{zviMFu_|{$(7eLyFK7Z z1CvG=cO{nD1-p^D9MiG54`X=yhAW+On^p^pZsQgA6=-Mbo&h6R{gxqX3E3ONFrx1V zw9gai^>OlK&o7vQ<4b<+gsZd7g0V+LfKj*_8kCIbH9N^th6;FH$>!HSa?#=Pp_Z9| zIo8LK3BBZ&8k-H;9Ntkkc^%Z`r@_ICfekuEk7_w+ijC7HuF7A8EKV*Y_2V!dK@LF8 z=*ZHkp`Hj(fijc@$tASzrdyLFZ@R{dx|c`i-4ysfrEInNfT&ST%LNEI^0Yh6`jimb zPhcR+89~Tfbl2jMEq>8hiTTXj-KL2eS~4$E0O8=aE3m+=1OoVm*bLTFFv;42MKc}Q zkLjceOD!d;n?PrJ3f&?4ZJ%Xj@kWyjQW)=C5@wNoT^_wvSz?}eWGCde=O@nI9<3LZ z<#|JY!fl_;En=cXmYZ~{Q;3Y0Xb^gi^6m`m$CMKg9?bp6Fmu@2n)zkDpE7gsbU`32 zHHL&bR!UXnq0#i(x64pEuhd;1y(q0^xwBkrFX3_$^`qN^4gIUz&>C&1+REb)&vb;z z;D5>R@GpL%94^S27I3TElaXCku)gniBSOu$^DiiZhrZ1sWJ*dkiam#_Da=Q*_d4B< zuB$q}oCYdo23JqI9AUqEzhxGxiku|ZeGmO7rK^{{)%-k0&-x3~Q(QoY{eJ~q3PTad zEUYWj+mUhoG8n(K+U7(`=sx2JWO}=W{tkqRo{@FCJ1YDU=~}EbYD&L$MNPOsal))B zg86Qjm0jS7;02jYy?Kk=%kj9k^Q7WpKccFUUAMS1z6F8FZbbk81N-*5qh`cQnzF+g zzUB|49xG(yl`7OKhB}34px}ASX2rVzOgc^XGr0Hw10#wE{8kE9(}tX1#bO-6*}Hd5 z`!H;Wev<-1vlFt-bp8a;p{2T!Pupxo>!CoKi?Nr2LDD;I&-K&#)eNc+Al{kn0FeGq z&2V>(V)v3w+*WbO?hRkVJsY%YX`b?L&Wbi$N)nNjyQR42X$(v^dCzjU7Pg-MwyFPW z1bp^l7Su|CsQGf{IBe@hK9uCd^$1tpV#JS1mTAJ(c1SS3 z!3YDe} z^5Wofz}awR{_5u~NH*z?DIl%&0ILIa>5}9ATWBig^kD-vAX$fhPg}mQHB>>fPV=%w zTKuK#f$)&EEu$MxXZUM;8=aY8v{tD2!PP!gZS3+u($9FK4>}N& z4u)#!QVhcX!G<@DVL1bK{>|GnqT27|v7m9hGjArc|77_C96*Xi4=1x!DxH)Beos$j z3kpCj;5P3+xDzB#_lB1M0-j0kg2ZC6Pi_W_(6?v>1)myKVlpoyuKZ{Qv{w2(9rw)M+}7_j%7{XH%hgG@D%A zOX@VAVtt<%%V-c~KBs>*APdVX`(~tK{&D)wcx3JE3Eg<&pXVijcKFCs!tqeBHf~H$ zdjj@`rc)cEkzN2_Shak&AZZPW-O)1wYSWlkLZW(`{m+%U!sAG`qRNUwfbkNLG0A-d zhhni4?eMVedk8;2KS4t9cKZt@*tcY|1QQbsM8trSDxUVxy+i?K3&x~wSv(2@*= zk>&Sbf3T>Z*xq8KBy*{zpTDR%F4CJsy0LfduX%3HWQ0G=)$!E1@k-FCa=>f0xHK}M zTzAv;YWTCYD5 ztW!$)yLs)T?|!dx=u#-?hvb=<0V^0~i03o#WoG{3H|!o^p?lT5U84-Z$2-Qj#f!7o z0lRbB))C=OE2#FxxSQl{7!K(Msu}_5cOHFgp3;_cH5)K~+3#=$i!4}zG(+k%qz>S| zoHP3?U-?r~hq%A%>;J(i-`fvBR5#Sd>yvA&LC;D$*YQF&Z*&XJTYzr)1VuCntS~-< zbPh+7g#D=wFY;)D!X?K^Vsc3Qy~Lr;*KV;ilBS>>P{1M6V#y+#xA^2wITc-TWJkkI z{d*NSq(sv0EXUY4mx>wPLRfSOdiN$`bFzpEDvLxeNMRMY$j!JZiDEdJ)i^1j<}(D_ z<`FBl%QI*PNu1Y+u`V*6Y0S)aV;Z43oMkr)oo`|qOs0q0{ldHtUl{TFb~IPBFxO+7 ziCvhA3UX7I%bS((5;D}0{jYb7Y?G3Dw$4d`>cO&?+#_nr(`{@mgj7xs{G7mt@0`?M) zd4x7Mn#jBn4BSkHJ}eHI{xvCNui7x2*f_&b9Q%pOYzg^L?jFTPGxB3%@@Tzjgm+CA@y#hX%50#Qe0W*HB3MRbZBKQ+#+|V-nPFaZ*@iqL%N{6a3?0O^e!X_1RU z??tV%g&snONmKNpjsW3%+va}7bdlq~_iiML>PQ?he2z49|5ngwTKbKX6;C>yHu2>T z&u-*@Nk3}*zvj6#O9GSUzYbM%)S``oVAYf-CO$~}55=~^Q$)xL*^isyNoY*KHkR&y z7x4>~E66z@iZ$`Lrop?ER}T|gfdymIhBUUVB--e)@(_KCZZp~sH(B|_8~8iMCKIu79f~37X*f-uM>`7aermD2A!PnVxnAtso`o629rS%!6>2C za|gMR&BumgQ|#o2bjoIo=$RAqn8Tp_J`z+|Kx)bRk%`gigp z0G`-e4bro7krLf7d^jka#>t)qwSx2vo&|DF(@%KHQl=s81v9e7=vHo~Y!x3{%YX^3 zYO2ZFw&60T{BpJM3+&eN_8HtH+=IMPT#jIYroLnkhul-8So=gdfrp}~uC_sZzg&D% zA_f^tHDu#kHdTpQ{IGGmVk&PLPe0ul%#@K`dXp+5{lhW5jpM$yas=#cW<^304RJDn z1a}VN#>jb$V2{X*3qZHKSUa>*ig9J;bwM6Wxa2&^`8Qdv7y?I`ffM!uGl?Xua;_LC zFsWMMDY)mZZbYK}dd;&TJKN_wNTkWlFj?%`9Em()E)PJQ{Id&+nBC~DnNWm8YRnjK z^_C|R0vNa33}vRHnZkvx{Zwz9BpU`P6PUsn_x1mh7-Na_m%Yo@0}l*y1BtDTk7GqI zhkT*Ev0xw)v6ip~)~UMh{yKw^NJQ)juJr7Z#SEFI6b^e0=_UWVxw`Mc`gWbtKnS7i z3~wK-y(lXPIK$iW;e+xLRZ&PVJ3L3fuj6q(7 zvRL6Tp|RZ|fl+~}IFJH6rT{H*^W-lYtKiLqIeh)icc$(5P;)!R!ZC$k=v9@z6g|O^ zx&wjUZCJjBRUEiTVL8vc!fFfJE1tY5kdb7aNz7C0z069cR7(u1vJAw@zGFYV^T-2d z$mA^vSY;w0u5xE2oS$V~Je?w&^DT~+tH$mV4-gqj-B58SpX>@6_ueJVcwCg~d3=07 zFF!nwfOgEli=RA_F4l{G6e|ku%ShAB4D`e+cvQ_g z&Dx^gZeC_)$4_R&{_c-iLl}%V&A>vy1mF7a*5GOsRi7^=1c9i8RdyZPt4427;v!WP zC`j$JAxD7X#$j`QYM9ZrK0=q{A$4(s^nszJZtd;p%t2$o|@IlStPK)<+S8Aa=F!O$gB*x9RT?MI z(X&g<)*zqGT}qlI``%`LdzeTFFAMpQo*ONIQDMETqzp@Lk(dW}TW3LkMb`>4#|wdA zfhf+taMD;a(+HDf?bB{@E@Xx{|I=0vy5Smm>_3dgx*FR!S)_I!3VFoJAhbAf`@TG; zHm0U`)J%1jY`~Z0TBQ5jLT$&j2>w2N&t&>*49sWdm~XsS+05dx(0sx>noTCN20kpR z(tT)ls$9DFMR-O28i|P$9ih#Ocf3&R$^U4i+|dy(SD>tP@sCD$h)_)%R^{|Vn#l2B z;%Mh2bP*;sfq1od22fYtMBi|M|A!+359R8n{o>lB)$<^H@w!l|A?IyzHHA3hWk5M= zZqyi|tp_5XL!0WU5UB3S*PRTcA8*>Tp_Qx1V6=K6W*+T1PQg!7d4pXR%tH`cQR8d11=Im!0M)xg2~cfBHDa|nucW9 zlLHiO5`RL*0&(39oSCW|&Vv^04XZHiZNYBpx3}Zdq1%nFlHR}$88WrFr1dm&{Q;4) z2htpTps2sebG!qvL-+}NA@yT|)p&>Gh{Ay-Mic5Kkf>uCKr;hiniA-j z!u~5?hAW`=@|k&um^ynXS_qA^NCW}(H?&6WulAeV?DZfF0v7X*B?P~>>mO+59mNb^ zrcl@#u%1GXSZ**u8KOVYz_uN)m*M)5(`Qg`;pI4&!Rm*+BnExlgHh1}rEBZ9sySg7-~Q&o!d@=kPb$-_ zjiHs4UV8$TxJAA5gqO$eEUyQL+3^Yc9X6!@2N5t z=wx}X{C0KACW59%RmF+9+8V^8v=(ri7xS{tX!uJkN*$6J&@mJR9_i8&`;^oRsvr!~ zsF&EggWKl^f;a=S=*pE`j$KdgsVf%$doShIgue93%2)(6@keWjojUCk# zNbZbBUg$lRke0u{avnIst(5Uxa&U-w$-y6Anf{gGe2SjsT0<9gmRqio>R*LK$wQL8 z`+5OvUq1K~oNNr)yH|M)2m)D@=-*6^=}?5}UxoZQr6o(6>ILk5Kzkh?P3)ra`IfY& z^N?1KaE#z3ThKvH6M}ro7i5$e3pK;^XVK{q3!-#AZo)7(J3XS%dv~Pw_Waic**E!} zqWz4%4_9uXdgU(VWS@3edM~<*+Z{gnqDYTF{(O{glEw7S>3Jeqn7kBHY^)#G+Ff~p z@7X$WVBi*>4r2dja#5xSZHOUZ_wULfTzW)NoXdLly<2wNzhBf8BMSW#E`vz+M8WF& zy_60*FgF4L3_#cg{Ia9&cm5^`b`~7Qa8b{lj?D_VjYK-q_$^>}KM_aC)$yT3bRZ?$ zfgho=lPQf0#`ELn6!+pP=>|&1tItFO-1$Ut`S&M3uJMBclEX98GGYC6WXV>^*r}8o zjD~n3)z#H3^~UDnBeQ)hsMJQg4IUq|skBiCG9_E0OlE>nkPB>rgD!P3%K zW)#!189;9}>}daQZumauh1+FQvBzWg*Ji1O2Uz{fR5%%pL{+_7x^@9ts2WaFN)W5H z%V`V&1=`$0=){#6W*T_l7jEc88&XU4{>X%^RLjx|J8>fFwXF!o^pvL`2jQd<+>7b> zVre#!4j7#jD6S8Cct>%Xix3~6&ZLH5(tR=PAN<(4_f)FtNLmLnyMJmu40(R+m(@e$zXQLRrbaQ3a)G zDF;;|Tez-uw_-*dTHVG!?)Ak^wM=%j$jXG;%H#RXsmwQ`0_#*I9RS`}7TcS*FnOcb zMOp}!rdt$4P0kNfU{Zde5_KP1-=@XXH;xO~o8w~i zv_O;P5q<{7;t+LFO2@v$5}izNwusJIW-|wgTo@q68-CG ztK8*9{K>5_32Sn8oJegkG+$ZhSPN}ByW9LG3c74OcHtilmsA5)?2%%Q1Gi;CD!d*T z`RB-Fq>c8`qN7iNEcGc6>-tw0Bf;gNnJoqdyemX0v+yuw-#&OK{k0JiXPx>hafZ}i z3fo$U&j5^eI01#`QXA1V>HvTQf919v?U~9CeB;2Hg`0#okt= zu1l<&=I+gaXTYUb%y~AjVaHK+H#m?{|C>(dto5L~@aEq7wo$=6c_#&gP*Rv6*k(20 z_#nl^Id=Wq&nUZLVX^8L(qgu!OHI5ifKf(^^RCv9Y1r4Vz(5iD)NJWCvwzdT>!(+9 z^(lqcEDQyXV5-w;&Wvn`R%~-QAe|Q&Vh~M!t<SnZnSm?t(e?m#NB$;p2td#0URYFUM*C-&vdweh-LJYv|_wJ5~0bx_4~ zuqDxSHU!`*JF9Ix3WN);osSfzp`b&M;xol= z3;n>5qDUJljoQ*Gk6+V0nXKZ!FYnNKwAoxH4kbSTgdJoSco#x@9w?^*>^*|U$iTqP=;6-nWnx&RDTwgr?SP9$?~h?V z>(gNcr|D+;_fmlz8EFKa2zEuj1Zp^^)M9kS(Pp?77zIPt#rdaM!4|IcSWi`f30dUvDH#3b#*iL z-|McN)&E#={rWp=SO$yPmi7DX>P@7_<*VxTEp4qj4|=%E(>T-!Y=#l9WT-`{-25J% zC6uz>3MScLta_`$x(hUyzI}IH)c?(~lye(Co^dt4xw<-1T2y(U@}1t*H^ZMleJ)8` zE)}exvVb#tox516gO?VoJ@8 zsZp!Tj+eKQfWD9i{jh51zR;=07@6q$OhQxCt?*t*ox+}(LshTVZaVsnO~oLWKT{4XsA|bJhi4W`Yht> zF_<=9g~QFkV8lfp+2E(ch46)tP4bjirE)#Pd~l27cP73WyxGJ(9qF?v)w7j7s%Kk? zwVG6QoH1M^v76Ed!vZENmbgfL^dJbiTlR)1+&hFt^DL`sULjOMhyZ*@v0sV6XzKrY z>4zf#_zzFA>JYyi6kh4wllc_VrZbf!U9Uj?&+Z^qtUM;F&DMQMxUOIRlySMnTTO$} zXzwC(JL>th34C?^PRIR`Z*=rbVhsJwo>3(f(nyX-)KQLKd^wOnllP}sy7Ug;V^Du- zgGLK-V(Wz6@Eyeg(tFA~O-75U*?TO^yD}6FJDct;l&geZYT@+O)gA@|p1j}=nQK(A z2eGN9h$$@;0U=d%ac;SWH`wIF3H!=es6)2^E8_S~OIn(qW!y=C8Hf<`h@~nact1{Zd^AsnF?=#Al~s#sZg2VpjA}#u(GGncFZ72Ft-*;STwW4rgeNS z?F3rh>7;X#G?3}d7VN=0;**$~AUoc@MDM%|cV(nDs(((Rl7BZ-p&`)N9bSLhCPo80 zVZCthIf>Ku;_hj񕦅NGZ>W)H}g7vJPk&?`(Whr#r%9KbX~F*(1$JowBKoRBB zIIuhyW-H&XMyKLRhTzKbmy+TAnvsJDd zLfSsBer#-hpjy?jpd0Zn<>f2pL)=H25_*sGXz>U&aCG z#f`Xfk}W%nUjEynd-@~Jog{K%9H4+-hVKhk#Rqy?Bk=VD?U&thTig9-Cgl?gow49m z@Fq@6O%1i!EKWK(7)R27P3GZO>2iGm-_n*_sQnbmJj0=y1u3}_*2X>!(yz+$$lq7L z`uAxg%aUV#Y|9YtTOC*5|6r}-I8SQw%;YeEYrUU@O~+o^f4{k`1FkR+F|Z?Nxe-$r zsXe|=y^9Fm_~{00)O&2w5vc-mbPPX6T$l#2P*Ce5;0=Vjc^l47mbHz+@UhFxm5{yIGq<*f5&GGr_GNESBzje^iVKCDe&m_fXrt6X zGWT5W(bl(<=Ka^-2benWq3q+@Dr`n#7Z(v3dhWi5rq#l_2|?5RV?HAhb@pX$C5Y4- z$=>ui;O)sGm=KSgyxty5_9_mT>XOoUeh;2VLBxN7lvIl3{(di078i?j!x$cvL-#;+ zL?Qvly^d&;`ti5}2R!S2sZu18U?R;m8q($joJeU{ltaF3@J{je3&eReTL96DjHW5m zT1Bj9y*@RioW%fzQ`7`gn!i(vVpOW!I>rOVE2mdD5V;ukZthNwg{AF#I>F7>G#F#S zUAXH7bx7e_8{;e{Cl&3eE5lMr#fnU`+6am=u9t*i@VxN>o1 zEcQVlOwY(G(qVsB!qQ;Y%n*o5O^~t1D3h-l7fW4GOKvg*Qx9%93Nxsh)oO00zp}1j z0rzHwt3?OnFj9<@^%W12ikRnQl?h`kP&L!uS>2O(|U ze~Cgl*7zW%dS840#8zhoeo~QEaG9if{bQxLAYlXR&%di`e%Y2>rcJ}>mkYLZ%I&)M zgvCAugMKpOU1}N|`J1y(X!C_XU5uSjRTDuWD;|wGV)C)bN$AYk>jW+rkdw@=t3bqA zoU}oH{u%AF<3`CR!|*I|v=>(E#wy?E&ezVnQ^%-xzbyuj;Rosn-(Y0DSBvMji zc*C!CXenF8&V*4utAG&Q(#lNX4r^!ScQ4%ed>}|$~g<%Ykr zu*9iAHRFf;gM?O}Ss99r=$3l75&k_`@omv=W(rDAhY!OU{B0TsjlM+jb&9luJgBKO zouUQ@BEP7?oL2T~I5`<3W+cCl6}?I-cAtAPxtgnKDaImOaYpunVe9_L)i7`=STkia08meN_g-nLP52PLOx|Zn1>Dv^k@zRmm*_SezX;j#%^1DHL+QDb z%eqm;sMHHw<7a_ebf0q7SnY@-uPQWQFlUaa~T=h0y zFiz_+2;Bi&b_jAr7JcBr!CiTMM+L5o&e40q;)EXiDZ6tr^rgPw$KWbH?ab41wNd7!9*j zU{?z2-q)H;p%{vS-9rFEqR@M9uv51Oc(GwTe6p}}QjEol%Rk2rSP=3VX@!6@vZG_e z@77WOUSqoAqM_`@;cd2I#vnKpuzA(C)}`d3Sxo87>M+ar;&w#qu%ks8j)w(T8#QWt zgE566+=qXMEkEDJ!~#Jk&OGUAl{aNipsr{GfkuBhF8vZ`seloB*}&V1!iree&3n)- z^|}$;0|NT7d6))jUJZdd1@X2JcKriY=E1by+^HRW>g%XZ{yjX^&(+tMAWj% zxgHtoH124mSq#N66>r<3s&RN|kh2sxcVCdm7DSMaz|Un|COeOjell~2FW!#~HRBZT zi3O!QmBxT-F3H-ptxOKRy#eunuqKagIy89B<78U%{6b3MqJr5W0wyNW<3g1G{D44$ zxf;A(TFW7oIvzn-Tnv$%IWb$Ce1B0kvq*4^*s$q)M*S)L1XwJqr)R@>fAdt+*K3K4I~zE0mtfb!OX5Zyo_bcOwVB5G|q++1Bzq*P8Tz% zk#uq3sh=EP+mUi{;V}Hno7ZIsYhpKiob2%NpxNkN4V|SO$RazjL4JR-tJBK4M71Wj z@z(V*k53|cn~VQf4N-ZY0094hYT-GpCUw!*JnXzVc@eV?2T8>iZEPKRLaXXFAwKZ> zF!YY5@Tqm)FBja}VxxeO;%L=RiqX34elt>KU-9zfCt1HRO;IXn99?9sunp4$ip1|> zheylQ7&He8<=0 zM_a3foAIT>`H!cH8n6#XmifiD7rE8Sm6vr`Axo&W)3;K4kdLi#t}z2w14iZG4iWoCbnLs{eTf) zoYKO~tGC4myrCoY%m;JkA5iDSSump1% z)z)X5)3Qsp)>@gza6!5hiz(XP;8y>nQ-posM(d7vv%jr?LWnWx3Kf}_Bg!!6qgGK4 z+poL*JddtF?ZXp4WF`sj&`Cv#y)?mi*NUVX@BKck1o#o`C^J}<7WXIac2786eEu$S zDRdPDp~^=UVFVdkmexh7>Q8;zPsLp^mC`zg(-8{!vy*e@tpSpBpdO#Pcrul=67Q*X z(T(Cma+E0Jm99(2B{IHk{$peeU~De7PSTzq=B9c{##BDXuInA1>lWwUC)svkJ7fMS z368(_y_+`ub6=XxDTtG|-2Op@@^g#;z33?X<=KS`}8jmKN}xSYWC$O4$Qxan`%tgpu;{ zR;V){0!ty$vj@B85+Sx-bKA8Pmu9oQD(DCap`>@$*U#IRB+0C=^1XQN9_bm2c!i`X z*w(4Kitmwv|6*F~2ZTa;=(<=Nmv)EgPUgwS>TC+}ZGp0q$F$=Qej=PUV+1ZxVp!=} z*dkIGBk$QMtaINg3*xou)Sgdzg)<%Ogw^O~Z!JnAK|~))1(H|&F;gu1gXWv7^T_L) z)j(RRnU21?)~dPJt`)kC5f=MYRl{WC#Hls&^pC^=A?@L#|4k3&HN&9`SgzEllOd*p?)-H|Fn zhwym)1{3mK`rmgd4?l1K+FC^1dBHi0j`#;mf7od1Vlq;zWQ7Oyw$CasIpj`}fl#*< z>E)SWDW@bN-98-WxSQFhk*vI?+fIw4w@(_1mGudbqc>1s3tY~ZW|ptk{Vdt=AbR77 zMyb=wsX}#EDE~Syu!_)${J+;tM9=cQFth9UiVO z>znkwSJubqV|54jBiiph#>YNDJ^S$XI;%-*Ye=<1-GE0}*?HjAqODJw$?FIz!j#}84}|pC zzEi`&3PfebE=I@nD<;J&L>jsLg0IeRBL$AWK+W+Zi|$fsD(=0E`N#Q(C~SveizA?I zqk?c&tep60yy|Ahr18YNsGIBP?l@z>B~dH`G+QVDr>>&r14^Rx1OOduaj~cW=eAez}ZgVQ}?{7;B2jHR*qJ)kFzr<#{ zoF{#(>1F#xe7=Fpgw|LkpU(DBfg68#rhl**%~9?7c@i14bf(>Kp9(^BZozc^-VqwJX#Ytv_*oP@AG7Wyz}%dN z0g%|EFN|u%8Jjj{a{id-<0#IO7u`YOp>)5}cLg2}s&mc5E`fs?Hd)Qm$|hpI3Ok~k zlwr9y!CFgL>@D_Ej9{8t_q)Ztdu7A?;}b;`^w#SkIPf%C$RxozK9B`n;ktx(gomEH z%9WChpQ+4b)Z=p0Osl8)t3#8d8(n8vZw-{mM0l}07;rprA{+P>Bm<@yO!1<9Z0`D!r>LN{-?6EPs3mDundA%MVJ*dl8uF8()r_Qs2#AoQyD0q#5Gb?^6S)}6C*_)d8 z^ZSe*sjyPa^I0+3_$8^j&_o}8xK7=o#AgN>*W&i@NmL>is?{EngzRQVoAGD^P0Q=BK zyNe$Rre>M!hp;CMI$^w@Bd3F{S`vfi|Ae#6ZsUUmoj%Ah%{o-3zVpzAfm{v`WYORl zGftmM8wJcL=H9<=)s6z%IEUNwF}fa+IKbwzX2W`mFxeO*B-*J)0w92r650v- ze^Zoen8X-q#b9OB6C$0HncO;o&4WxQKT<89u!Q>F5hCra%Pj0S*@v~c9j7062|0^Q zXAj>392PVJ#p|I0|NY9erol?*=pTzWRkmXbXcZIgXv~_~O^oBks zc0=N?*BH>6c;^$$$BX%8&u_C3+e3dsX(!+vf1b)HX!SycWd^J z^{75=h>w+)uf+LMJPeG`)^t!4_<;YM4#bO4;)kXWP*JM4l$BDPS<_HNCR#B{!B2xy zf9dSLwxkrA$}72p1?SXOWx9#_;D;;|>n3o}OY0Ce2oRVBwhs*^h^9$IO+Hk^0^|SK zh<~C<4vU5yTLfD0D!}pWR(W@`nukE-hgkBF$RxFpBjAiqc>g5*li^-4*+6ThLqK>K?5 zlv-Ei^e{7%W_o)SS`S#A=s!BPppQRUalIH~V{|LIZb`*Dr#_l;A@JzhK{D|8?is0d z1(6-vpt$1xS?mziLUapBxvPSGz4isg&l^b)TcoqGAurr(^2ahJMYg0j%!4i`#uBa9 zf#rB`^#y)4RuB`;fKoSzJwP%viJHtv0qjkEo%OG1jX6ZQ&6d!Md69}GF>jJ%L#fbU z2bNm>=@@{M^nqM{%L^OT;}Hh2mV{%+@cSNh_1w%tw=UC6a~!1_p@Znnb5m@@Ty-=; zjKUF1v8g=1|7(so45w-G3j8VMgR)3s2&V<(_#VOz7e`t5JtO29TQ?G<_&aG=qLRK( z&|ie@y`$nb;^XyN7UvCipDhTw6hek2D_)-op+&3E{Fy8%wf=NCxAqW zq=V(?o{wkzl9lDz9nD6R{35S(TJI=tHv!M~OMIeh4Jg^Tpc z=xJssq2==CL^B!M9Ro_88<;VhA{`5b3I^)Sr}95SppF>hz5qm=8v^}jEiTF)2c(d&&x1VQrDeFeEl~J zqkc6(b?AWFoQTB0!h?ww*-QmCukJhD_d|xLbCugJB`DWCTlP7GjYC*w`wT=iIytTI za6WX*`z)nU{$nHlOj-JsFvP#CbKv+#4e<>woMItLiJtMW_~KoK@x|?G2a}7adW`gz ze*6^5d8P(GD5VOJt7XWFKoPd(*E4=}Zu{i;Rb^#^9XiG><=!i(Jmq}`4}@~M48PU~ zCT<<&{_G8V02xvc_p3}if4+GUk9(x~2MEMYO)_OA;dqKCj5kSRjhqnO=HDKGikm{A z^bg3I5tC}OMcbH8Y-zw!C0>|{MU;Kd21(<|e1Tg!*khL0GbSN+t(U2P4(vC8!ZVRb zD`Z^);)pcuG)E+rRMsuY}u zLvjy(Vx7Ezijb%Ax=}pm?K_9(GZB&#NI3qmFyDdv4IgW?{XSiv?Tr&Eso^uh@ zu>@8{^Iz1@4dOZ5MA%=Vc;?3O zj@6JLTv8?THOQAT#gF>y8N&i|m&C*KI@Nn7S4 zMBTA}sA_}CQn-Zi?GCHpO06__Zo!Fk#X6g}8A(_eDhv!tg2wRDG!F}XeCW~8uI z>5oU;Je<3aA(9*H=C!b%JBluPUwmVsx_&(t(X=foH>)oWh)M&jYM6UT2l^oc_bS=} zq7kQACjNSBe{MxQGxvO;3tv+3UiT`OpRo-QXc1)0`>h=s2ZCGbBE znwh{lhFb_VFSW#CDDmI5^=|Mf-0dZ*AN9U~qRz%96K%Gp0rjR;1{aXh z$e(7bTR6s6Y34yNALLXTEA()GAN_3w*3&iYotUUsiv>;I2uh%qYEeUrZ?4O%as1Fl zi1_YPDk+7+IwzskJX=dW3QjWLq_6~Y%R^Tqr9f8-MnpjO%aMpuBKlI{WH-+#>oO;g z8Urrf3^b%x6cH*?#S!(qJYe49fwGxQ9O%~o;r@~Qlm|3t+Ml3iean%R`i#X@S-SfQ zN^edmZ>(0+Q~sKq`|tR(xsNWtq<>A`AcR~1)*#25tnBDntHIXPQLs^HW_Nk zyD$OQe;m3rDH`HB2ma4nDL&l?LHJ018kP^{oT|vPjccQ!y%wji zfYGoMHg*?CAL$beL8a1(mgT{bXbQ_BCI{rG=}MH;8Ub3fG7)V?9In-#ocxe!p+Uo1 zW{pb+;nAI?PyiOt+)|}J<#pZF_?lkUkHO_GIam@f)9npX0hI2A0`($*^MdD}YY7jT zv-ebnMWKa4H=7#26W5xlwgJ^_NNm|GZe0K*S`Lnt9Dj$23{*WMvb+TDkI}8h)`f+Q zD>H@0mXk^Zkr3W1SImL!FmLBA85g>vjUZ=2GLB{dFowJRUgkD~(+@IWu}H1ZS*77z zz)D?hK9T|VL#KEY&Ba@G*8()f_tgDMF1`DBw=`H0gNhJ3r_IllhVou zr?n;(k8_3bSJTwXD~QTt{lSN1^p75v*&S?ih0yVODDSd^ayj4>v>kXb-fF0=I_uS1 zV6MNDx+v~s`USUfR~Uy*CB@fgepOBd0BT{*-4B!T!wwtGv-EmN^J4#ce%=H(D78py zujOByUuQ=;nST5&U|nt=?|?iolhxRF#4PEhmdZq>bob?H$7wqRpTI_gmU7IQibCUO z)Yer2#&x4u7>3U`wYcCU%Aj+n6CzG3Rs~QOatnW>TkE^2G|swC$8!iAN6(WHxXiV} z4z`Ye9uGSR$a3O>?oF~mfu`o-6u2-%u9uu*q)v*mdBPw2V`M-4qC&Xi{ z3Q%aznj$`aIix*3fnvHtGvBM1cwsNsx+v`9?sXpG1^?rkj2qxkn%u${2K`*cNit#g zzw~e;VU4k7$LsG%fzrvwDvId4MZPD>$!$5l%T+GL&k(H*;a^eo$Hm-zY_pECxZoCa zxvQ1{HLsO6gB2JQy;vs9K0W!cBTczNackI0I5YKK7oFV*trRDL}QeAUb|L%DpnV060zJlr_#%sSo?kIiI$$;;fig}O1 zmAMTD(2hj@Kc*^zYsF#pDxD3BG}6*7oc!15wT>9`2(t5L_*Mla^YoKe4P4di>bFYu zU}7B<=r^k*fkDwIo#A_2i~_rI{9#GbJ@{s~w8iBRn)29)ZNME(ft?v!A}Fu)wvTFq zK7JEyD5oc+9APO@Iy>UGVDA6jdcb%g9VWNJz>R3+M14UU9HD4zpw65_yj`)s0jNp`zhbfFF9^9iPzle zP*cf6hl5D?2pl)8&npIa+-D)2!9TGW45G0Ih~TkP^B@=Pk5|Sr2@e`}r#P$B{vH#O=KCzx+&?-f@{xwDO#UDt{jS|f6gY6a)5czO>2wG)j zWvkDyHS7?U5KtKYufkNj-)Nxr;J(Ny5w>4pcMu+=w5$D3y!Md%p6l2&lOa)$N#Haq3L9t!w za_=h1i@R=7N)G^;=E*339-^50t*2lTKjwTkRp-&j=C$|4HIKqmAyI`#xEOezrwdzp z#v2wJH0i_2RRS)e1-gWOH_VHXAfNv)7=HM_anEw--%gU)qROoo-z<)43wd(uE?5M- zuK5aPZTWdi>r1U}=kOtkdc;Tq4>hu;9uRd6ouYy77RYWlvVX4Z1X5>$<>!&0#1dIC zq-gylNpGb3;qaDUN81Zg9F@SLfgnO9nu{bvRe5@!IQ?+c#P%2*+TiiWPryX6`MP1} ze}{J}ZwHD2Gzs`bvlD^Ok^`zYfSZD(S+w#&Z3w#hz#c>5VRPJ=0v?Nt- zcp^Luw*b&8S4W&QH<|JG;RF#Z)8RjWr-C53I*e{0*3t0n0jDrBFvJ&M)Y$FZdh$z) z02x(e#I%A+MSXLA*+q1l$*j`K6as&+^-k~r0#)>R-WqlfN}^=M$MP#KOdjsQ{{%Ih z0(}fNA1q#XJpSF+(k8xTPw2DjP1G{Urhcw!9_XY1T*V2rqD+&Vd_P&H9=V($v~f{1 zSz;nDBfIgUyrh%wBT)%X`|x+{@_p}Egj|-lPt!I#hVao>D|6!nZ5U+eT)ui*GvXNR zbcjY{Q?l=BM?XrQFY3@dx3_bQ%zN|6H26iUrU2lpgZ+S6p0}}jCO~Tgy2?}!tleWn zbZ|S`T9+4T>J_K0MSu!0Jb}uXqg|PqC9m{0p+bCo(m7z&_6L(Z_c2^Tb02*}j^cN) zgc*;OnxE^9x#7vRLIXTk*+cv0Oa*j?#dHpo-1ca}|IvAEaYK`6COo|dlPgq{LmZ;$ z?{jgU*i2{@LKJSnRoOnqTDDH5)nSzVOi*+l3aVuZ6qJ6-m_dST`Lg4SNe^|_^B=j- zyB!A?w#wGSe@>UT;)*zzpn1RLd4;b$cvmK&h&P$oJvxsiTY@E#NXagq`GpQ5ql~vK zD8|mN|C)TiM0>dp2W#*Ax{p$0ch;fH+U;}&=AE}ln77qg%GN5cfBk897LTdDJjGZo z*GRiS+wU|Hu52y<(@* zG5NTqwIE4uhy;o_ld6$JU%_TFDMWCP+zVa@WJX-lbu+aY|PD9 za+-Bf5-LhvJEk%z1Wg_mk8M=+n8Q;n_k{u@5la2S8AkD8;N_{M^?b`tjb2`o`kR*! z{u(DW8~aXKVF|w;-*(_4oR*~Q8l@KKl=deq((p3g(7|3_jyU&^yQi8^fZ-j2@t#Ok zMw_7c=zq7BHPd!XOS(L9q%m`_GM zT^-z-4U_>1kAUo(w4bt#wH%fMoK*x`#HmX$ES$}+U>1E|I=7%h@BZlJr;1#3C&~Ty z$TEdY8BdFc)QV7iVJI>PvzyGFjNhyeP2DG)_{&aTQtgEF9ZBjH zL5lFqS#<536_K@~aZ}aVn+x(n#rBi;e{Q*UgqK=3Pbi_@HVyMu#nkNu-jaU(Iy?QY zWDxq_@87fZFK~0g_9W-qQTepZ$K!SJRN-Y>2hH!f%PZv8wL53;D+b0XH-SyVIi9rA zztPHhP(z8R5)q?~U2mSE3?zI&gwgQ=9aMLisl7qE$+ArvoXE`jXg|c3w7}Z^$k_R4 zB8SjJm*9EEt4R7wZLvk*+L_WcFNfA4p1b8V>0vp-_(k^qLQyxCNXyDNQUnvQv27B7 zzr2tOqoAi;3;r?K5Kcp9nn@h%?iIbM4#O;+?kV~$c{{2>NikWw5*@<#>YeU5UY+mM zZX;|(0>_hLScLPF+zlGeCbE?1v=StAn2Fj<3RekPwm~dUyw(S2ga~`5?T^N0I&S4u zCQ;s)m1K{IWAL=8+IZ^5*DDD6o`T1gz|UW>+{--)(3&k02X=GJ(N6itMn5%%9s^vQ zEK}C{H&df%<$5IhJ$e&~T~?PLE+W51?IS|~2lB%ZGL;68<3jIqw-{I}4f*m|`vNZI zEq_Bcp#55E%bhUyz_m_@%i#Ca(e7rra4vm94rGOCL5z!A2dZ7MYzg28Q4sN-qdn6pk8%mN ze?skXdv@a*LFd`3Ur3xG*$v*gv#AEICzOr$?fPuCFK(PD{<5rY=6H%WoKE^V)2*LX zV#z=)1w~#K1Ju;|>*M-^R9@ty9M6s|V?fbg8dev)ZFaz=QeYGGIApKCp?T9sYcy#* z`$3BdH$Q>=kv-*6&s%|Gr>D>HPC=XvFh<|7Xfa$22Kn2_H;_X@HTSiP04^DWiu?D( zUN6*tr=MhVPB}rS_bXe)qX!|agUsfdWMkl0qeYmsU@o+d4M@xKGnz~Nuczs>(eIaF z{t}?3>1W z#x$2Z_sc0HC{iYKDEp&uzoq4=76^lGrEc;@43zjpnOU%yfPIqIYc^=N7uf~>E4LY5 ztNotgwhu{;aCP+Ac_JwtE|KjWr}WL!|A5qVD!d2 z&!%<}@yRJzVroT+M_zd2Sh}Y`ME;)+RJF6ZJE%_K$MQhuoNX^SY*oz+{?_Ov1J=f# zqu+!1EC=4QtbbcZk2bKC2eS$$ek>Hdedva5x!QJtRD^t(Vg50$9SH71DZ>5i(0jMA z+5lHy`VM*iVFVHr-R#X(u&l-vC2+ikm-$j%M*`vX5bfw@FIH zQVFYVeWn4LB44wSp#o*jJnEVvGCu{%KfxcmK|c$%g*eBi0}jk!f$J~4wT7>O=B1G* zG=u`9ZO;f4B@oS^BB)Gh^DrZNn2;Y*E=?^^+x_(&oxz93Ucs=kzlL1mWg&}IFhjQDMdvvlK$=YBy5SG!qM7VO{)KUI~Omg~NFqekz3JF5aR=ZXgerRp=^+lX(x<{AcS?ob`w;{NTxv>s>77V@)g zpv2t)AhvAE^xua`HYGu@qgSHq5rA1l4UDGMjOTeuo6W zYJ3RI`6YgmFw)y#lL_Bv!*}?`*Y7J;!S<=;XYf|H%{QkTp1$#w(zmTST6qYibF%M~ z^j?8fz)c%4Yq%~qD*@jj%}@b?F3I$WcwomUD+G0P}*p*F5E##!GsW?agT6aG0szWT(00? zasgpXAU1xJ9IeiSPLVxJh$Srx5tq>?*{fU^45cioBq;@QbEJ(|R_-&7aT|Hhfw>N8 z>J3!ZC?!*?!j@&*rlBLhJF>tx0kL-~GP~~}Ot`$2v81t9@&!BM&IRbY10WC>eyfZH55)w+8&)T=r8mGdf*ev?5+h2s zF02D_m5!BA0n%xcHu=yT8>df_%1zaK9!}|iW7Al!KADFh04<^Erha=8&!bqnWDiz9 zwEOChc_K*D;3e=f{Jlq-qLf3vojRi`XH7b&!Mu4VP(3rMS2(2AplFL506lao62x>H zon0hGtg!;ei{s<#>;pBOQ926m>SL3RH=D9q&o@hpkzgv-)rYao+4HiUDbqo} zcs%}4`i!WpiKa-=;P3*LHK4(m7k`no6v{eZ8xs;iXzmHnHb0e?G^pS7(MymmVPi64_9%ZE4*@Y zIufbFrcvMj)kR(^*??(JiN%{>@vTyr3$>E7BtSEg=XTC7ADq;6dNU-(VkyHDBnqy~ z;u%JsbGIDsJweX6s9$bcg)Mf@!%yqPauvFE$PPD9U}hM@gWN2R;SJ!V#*!^3&Jp6_0aAx%VPJ|)>_&pMfk;tj8E{qqb+{lN~Z)JyD{jJSHQszo*PJ#$myT|8~e&<`C1gF_vRK4 z2A)@|Qxb&4e&WO6$F2hMgH#Vt9k+0N9r%11ycAzj?Y}i3S+7@47ZHW~G>u#Yk0k0S zYV@p2?t0Ah&(OVeg7Rg`EzPq=A2XxK1vJNBXXIZ6xWCUgaLs>@*Crq2?N!mZq1Z%9uq6{wG`FC`^0Q)8cxCA{hqFNYcv)Mypec}yPc4JXidK84|=;sW;@%<@o zZi!~W9x%@Nl|xQFDPVl~&|lTuyU5OwW0m1-$&&&teN_7*oZO)uMm=`T5F1PEa0&J=H(`u2YJz#a=)aD+mkEMn_~nFNQR zM7=Q;>p~u`9X}R7u&J|SD9p>H2nk=H`64e%&F7mFP?ZR#X65Vloy&D0YjDcWtt<$n zN@o@HJ1O!)T>4#OKi##k?mSeYFR3b#&2uSS7N}e3HrYd5mGrXHxD;@%dQzla@wiS% z*r0EE4ofioc>ZoMn9*QyIK&=hkxo)4^b*9| zd*)4NRnlj%&f%lhUJg~e6YCGw4_~0{)b=TzMqYbZqjPBSvMSt98^Ea`JKZ@9&6Zh& zG3h||4^@2#q{Ka=S4fl#Xy}$J73SMlx|h6=6<(syZzm{v(mx#Bm7Vj;l>+Z!RGp!bk}qdTD3)Ms0`BhI@(JTUZ8FNP|$=VUIp z2hZ@)M~}n@vNK>Q(Pu8Zi(8dH5_-KLFET9#M08LLt44V&fM_?Qw z=^ce6<73WF=5lfipx`GToW=R8__d3=_ZO&c&*@P>C8*;We`S!~uBv4+AYv*6hi`w=_$}$g) z@0!bLC3x~fvYfM`lBsp_R$#WuEaKqim+{-NUq*1MvYz%EaO%Sbqj?m)7vwUs+cJ@h zx0*La;N#hV>l&a2{IH(jLFx12iNoQ!xjctFFl1{rNhF2BKiA26jp&F%Q6}X;aSK$t z6-Oq?nf4)A8`(7+LO;V;X`jf+D0_Jlvfcn8K;FNtL!uOw_G5ubdj0-!O{`%`@>NLE zI=*PSRFRcZ-YA#?Kcq9%euj7i2u0s@uiIh)^G=D<0yc2pPgAGC{9B5XWMVc+C@Yx7 z00`kaKU5K=yF6%zJt21;DeOiGfY+E;zZxduqH!9d#o44#R@5u0mKwP>EsL9c#VsQ!u+jF8xvm_|cQEX3%mV()2$OjNc)0pe@t3K<;_w6!V!R8jCG6;p`i^F0oTo zv}^=upqNS*=#8Tanalj9`r}E*Jm4KGu}3!=K7x6+#pT-xs{!+>aCyE?pyM`U5f<`Q z{i=%8{s&!*?vN89=fF#N&ghpM7En1(QvA|H`k-6NxE?*4Sc3*JZ$<0Il977Js3`Jk z8`Gs(bw?wful5WNXqCH>F}{zO@EKfL1q||rU+(4om|k&$Q{v>p-#`(Q=_#vZNGm|O za;7)P*4+pRhfayVyd+)3ZVeXPW1ak6UO);(Lz#bt{#IJHBwn{aV**n%loy!(>tH-c z02UEvGQc56`_hO^@gZdERGtia_BXS&I1y{Eul>_aN<@XE>&G|>i6z7C9BsL(^8Baf z)AZOZ+?7ObMw5S%bf}()uoWrdwG(hryl|m;R>$-2mnG!vc!?GZXOA%@ePW zjDHw%@G$xvRSIOeZ12|@67^__Qw6OXrJ3CF0aC8ykwxYjnWd4L?sIVJ;x7){h4{5v7v0*)H<@!1cDuG2!RNAHCcbU@9KHH za%h7t8t96T20p~v0cs4!?2#UAIgI6RC2vMmPNx-p#ce?w1#Yy}ksIP$>Jkkqn;G6Z z53wIZ2bL>{-SEbeyeSGGky7h*Y$mHou^P6V2+U7!i+7IU7Aa2809tiQ`n4K;;~2$b z`pjz2piFAVb~ZG{L{45J_34xGwP&%nUV?^qK$i#4ao{ZX9s3@&AbrRrxatJhcU5Qo zOz{EQ4NTN&xExrg=nRM^iw~c+>58Fzu0H-FKi#+ounHqmXZ0SWC~x&mRelR-)XAV+ zVZ%?}wM|}Cuth(oe(P8u5&YZ*IH6eotzE01o+I+H`63<`x!_xa%_zPNf9KyTWV%F& z{|7sd-_J5oj}Y1};mN$2v&aO&IJF}nVg9MbUl4^L8!_hdlH)U^PX?pQ; zchJ)Kgdy-ddCllGGlN%XA!pD+9=SyvB`ljV3eZpJ32vC2hpkvlzy08 zRJLUl&yYYqj79AzYA(h>utMDH$|f)VFY8m}V=@4Q>?FMs{AWi1nFkH8^5#M$gHp>aIpi(5By!ljhYGjx3@##b%Nqpn|1&U(FQU+=XX z$Q(K*$bxK(&yFNr;nHv(vyEv(EOM2cZi|BX99i>Jt6W&w`Du-_0U?I9o{*%()W$^r z5|}d9VJ-sc*6ji$belG@;>}AfhZYx^#ku=84gDz`P`6x}$KGf!N%5qB<=h$z_aVo3 z0UxtZv74(12$!YAjqDVtP!t!xrssy(58-KR9jm$1R(=X-m~m8%Ra_)5I!sH53TqIq zS4OyhI1gW>WuxK57=IL0-d;o2UeEJHcjO6{5vhd7&6221Y=xi*_wJh$q#YTaHO8+R z75mHvYb=@k)ike{Uh(eJ$Ro@?Ew+6iP@@^f!5$pxM&}1DSqDol*0w_gE5SO7F&*AX zhp|C{eKm5gcV)C{0T{YW_yce}_EiuWSomRSp*h#bC7yfQ#pu1s?uQBw7Y)mjq%N4@ zZQ+aOh~TU;i26x=sF6^&t+LZLbg>xKM+A~i3VUVkyzDI436;^nbb|nHGWU_CLc}_o zNAcpL<{sI<(G>?uyE!>MVhr^=e}p#C1uoQSF21>qWp9k@KiET+vn>ef0E^f_G6WjC zdZ&m6Px3K4V-|h^H{yw*67bVBFf> znKn+}IC*{f2~-29U2kEaI2NZvV6>}o)0(SMnAPF@I8vp7$W4MD+Sl4l8T--F5KD?c z2v}#Caf^%UCn0%gY1FR>izDJpT9)UOvRo=)UNiKgKjKgFDSvx zVe%^dhbXO7>0@juO+TSRLn@;=NeB=!X-8hho(CiLwk3b9(1<>(YRCC3xli)iNl1j@ z;n5{NRe}c6_zvV>iN5yy0^-6*q7BitoJwi&wD6^%MTUNsQElEMv20+~HS>UWp=X1I zw=7DJHby3l@;2l$^`}uEMQ5ms>C89p2WM4sH-%1|zJW0}NT%7tRAH8+JC6lg*i9eLYE+iOIPBojC zGRJ|?WWDWcZWbpBpeE&qo+v2*`8zv%aW|{j#P3##C7wnnW%zhyyqS}?XnVs=YY(8z z?e||MX~8$gEj}p`I|K3p6|6eORdeDaR*A9GTM`e$rHhs~LXYgG!$C&nVw5c_gJC>3 zR+_ZGgH30(e9v+F%G;B6hDfUC>w+fs0u!{ylRl7rpq9$p^G_4RVB?6&S;dvv^dDhA z`OFy`)SydH)b6{wza*I)u@W|%kPmW%;gV{qsTNaTFdx`3usY5agb)tbLFJ#)6VfIp z{R{-|_>g3%wX=>V>&2s$7Q2gvsD+TF7wjc94Zcu?oDVXSSdD$@&NzHF#H4>Y#zF`a zz)v4%R%;jo9$?0SP!bM?IZ^r^CMgCKpKW}2fF2Ny5AQOw9hC7Zi{^apsYXn3diP)8F_gBR({xGFTD+W~N$Go#NcM~6z2NaR2&vtvoP;!dq zG<5uRh423J%MEQ@$P?$LLjQT`Do2_OZWeKCN;AquIk0C4`#Zn-`_IVpMA}bJCeOy; z8D;jZST6cL@jLG+j$Wl4ZTR>?9^JWd>?Niscnvs`<+L)&?%@h);~3+P%N73uL>x~1 z!JR2(%LD_v@Q*Z-7Wm`bW>{oFLB^UPM~&=nu6&(hiiY6LT0wpz?irxt`*Rur^Yixvj+g@RY*J_;`lN0-t^racub1fNSZXN&FTm(_kU9cmaH+9#544#A|Y?C zQBrIz5}c%4S3!U)_Vgr;OT~|5J3x?KAMcJJp#qj>Wqxb3^efTPeC84BjV)GB%e_D@ zRv|s`;2QHX2lGMuMs$P{m@3qvU|j^Y{ji;;oAxkmimy4Kn_3-XQd`7pOe;@+&_mj- ztJ7OE1olXH!Lvb^l~fpV!ml5~leC3x^EH8H0t9A`>H-DNX7_NEVg=ErP{`?tk$h&t zBAso=f8LiQAs`#@cjv0jYDe;d?Ka%ejbp>d>ER6&HFk|H7r=A>hV)o&_`wJC6z#yC zkT4m0Tb62v3)9yr?jCj*`flmpWPKhzyb6XM)1$TtiV4)0%p@AOCJzYm{`)9)*Nz>;Kd{}N=7`#O=&0T5zDxQ(VV8N3 z68U?4ES*SDydMYv-2je!;@Y`SxSVWh-yU3VweEmc*xxe7I3E4gju`2PKOWEdI^Fs; zsA~GlfK*Ek$^8>`UuZLkFm~jz)%gtpc^N-L4G9OLxw^5wo;ClJ1*psuD9i?jv;bnL z2ObWZvYSDHHbn|4M<7AmQ@aniEo+*RD7TP}7|~ice7sUb$pE^duo2F?_I|&} zT5Efk_Jyyf*c?$##6OBmG)GMfh4jT+2pUvmI%1#QHrC#@wn1Hu=`pCKX#z2z&6({f zB#CjmlsfLpkOzvn|0+DyMdBTHQa=rKOtPjP*`Z;&he7M@Thna=kAVoN-KSuQ(Jbg7 zhgN^WKWLOE?2cad%~IxN^;Xv7vnh~888AEgtF*WT(^I6re9Fq&+Iv)(w^Q>5x#Rcy zzRFp)fohydpzDC^q70(5ulP>52)nq9U`XuPZfK@DJ+peR4Kk6;L zCaV#Lk|@tVEJ=?6!5C?j?J1sSH+4!vvE^9+UM}V36rQ0bAtBA0KJCIlUlFb!T@1 zC^QNX^vtgzhIPA8MhAl2-DKhz$jq!BVm~#%H<~`VxS?m}$j-iWx-}Z^WbdSF*BL8< zY`Ic)>|GGqiUP|Y7{F0l1mRHHWQg;d!aredV<`PL?;a4e!Q#MlZ3P)4BV`WubouH* zE;FoG4XEgiLD9-6c@gsF$vGnmQHxS1jqnh*8&)E0ox((wP(aKhCivmk_j4di;#F`6 z@=m{56b1;@#)6lS4fEX7xHxwa6f@P2c>5(@`kfnOxp0MGCE^794E@!TTjBXg(T4r3 zWO=H=90olh*BegLW(bP*tWH1=Zdf8-O8@~~QVXvM+d!ex4j9IsgjOrk^(GiMwU30hG6d zIFzL337A*H!s!h)J#J_LYP@zNjJ?4Z=9jl~al>Ur;(FzRNfu9st*Hd%#m>mwCyp=5 z%@f2OmPXU%v$Nj`j-}9R1P}Xx*~-h~DOI{SHW6}ei!fhDD^mhWoF^la@3f%G1>a0x zX&T>26^^1w+bsYp8U8en8VCQHchm{Q2OJ$koga>NRg;@yr}W z5v$>o69Ra#tB?pOOH1qO#m(!RaGHOHjQb=mOjX|DejypOBT%_1GN&Y*wY?M#K-W-G zaDp(OVNG3}T0=-H+K3vY{(__-UABSB^0*wB0iKC=ueAen*Db7-AmN8c4vS>Nmm0yd zMYqFZiOj_~ug$poJqXX6c3%=6VV&uAw`6{HstlFG{n5P!+|>fX-er#qySBPCHx~kF z$8Rnec-#G;2PSBl*DjGwsiStqVsxnwD%eFQ+<7ohh%hC;Z}N#iM-f3FWEiY~xVK6w&Zx`=bf z9Z;jV0BYFO;e3~z@%|?nzq{|=eZ{7a?qsR^=c&wjA&77FP?UYZoC_Sj*Wgt{yYwek z0U~&%sv&20%-!*?)Rf(EgysxK{w=74i~`qeA9d$AZSIl16WGxa4QYa+42^G}evHLM ztvo}vH-gbb)?bGoJXsQI>P7B-6!MmGF|n}R7>hG|+y-NU&f=)QUQUZ(kK;$zcm@8AE#m3_YT!4W4N#k%(pNhB zp;WstP8BBA;0IZ=I@!618@kdqTEBa6{dp(@?=C;na7lq+4mDxiaSU|pLH|Lx` z1=`&%M=Edcv^4q90zz8A5DqeDs%%^+Kpu0j1pZoDALJg%%8QssQ#u_GotzWY?kM3B zid4>EVq;v93;)RWr1)QnUL@f<0bUG&0+#BY2+G>+TWTIXx^cQ6pi;v}qHXO%k80cT zxnK@)GpBF6aCSP#-(x8wxFBdl{=~Dnm((EIy!+?L^Fb1Nv`^1_+7khT1js<69 z<@oPdb`WTOt&qHJvGw_7iNA#B?GM1yO;$6sG40)|tjpX$Gju`Op!P$dd`4N_wm@cU zJ*Go_8N@!(%Bm9((ToMxwd{N~&z>?A9lsis|7&Hv9D`oVIq3rx>~!y6l8pjJvu-?Q z7FEM7Ep1?=Ck?tIJ={dZMW<}?JRW}eqDLKTjuwU?@JDFhYJgg#>-bnNJCm86chiSA z&eO2YdK;pN6$Gqh_U+#U#%w8;Y<#@6;Kdp8p}?p)fRt<7 z2LN~!x5?j5@0ZflX=FyK54f27z+X!zk>gjUx9;o(34N;m8mG6+1iM-mY`*hfn51}-Z74|PmNTfpwudvN%i%7Z%om30+ z)4?xL9)*<&!mCA`?r0CdbxXT|V`k1Y@G04?dbxmCcNk~C`yFST?HJ5*uZt2ZI$|k3 zG4QVuv;Vppl)VxOrD#%R~mUgk;YsZ&iVl5119dLt{6fjza_QmUN;* zSUtCXGw0A5+~$3tIvpdJ&~)z_P&yXW=)1i)4bg3_up&W)t7s?32|spIhFTB~Qyvs} z%bQ#J(UT>h9%2YZdLc%f*%vq3H!8e88RB`=i?%1s*V~v2WN*J$C$cq0Z>EIS z+62h(umm;cd)pv@GlbFDNntVj=x!DfJelMM^*2L5$amGSN2n~708GS&6#&}GXP49q z)~x}}cMu$3V}CFT;pQ&G;b~(t8U{B&5f*D`>M@VUFE}T2Ze_EGzn7O(J~1g+Oh2R% zeH-@-1O2m4@I|?K(-N`!S;CrdSuN>Zn;>u|TIx@O8)bfrxo+z{AnFI@>Gr5YVPVke zh$x(tYr&0z~`t56A@o)&{)Tst2I zUWD~8j;#-}ibpo8N_oWqXRZ_-t!l7w_@j2v_h{G`r%4&XU$3`c_?1J;k8O$$IFjt4 z=I-`gOU|wm{5OxN^1IH69qt&XWJfaz?KSsJH6kzF@-9;Bv)0LBo!z=ZT6@JZ5E~-y z*CHpZx|546B58-O9!?rpbzo$G4m}_#dX^JP$V&qg&3ez<^#}if7cR7yS&_$-xknCH zT!C=Udus1QTFZXXw%%sXUZ>AKMfIeu05w)lX$o>jAt}&CaS8K)Pk??Hv^sGBA?{O- z`dj{_=eizda4O7&K3s5Q2?Tk+Zd@<2iP%!GwH-sd-(h_C9fUZ`#lHz}8&Prsh~<0i zPE5Lb2zVL7GV6Bs3d=d%R}j}Sud+1-G@$`S_U5w@wks*WA;BkfN^4{ddZeVNbP>_c zy#Ka%U?F;+L|ss{2IjLH)UYwDxEYz4_PJPg(}jMhhLL3hu7&a=TBqJmh%3h0QPpGX zt@byXx?@<={Gt6H{*j(s>ZPCp$HaZHNmhJPb4grmIW85-9~PKnMkUt(+K)!VMjEg* zE0jn+VPJHeo>|?T?VHXnLPw!bhT79@t?%{zL*BxW2mZkHLk2K`6U(SVlle{{ECQWp zAEGhiIk^FP3jFt|;9-K=D_h~t+hfyKqW=PON+a5`7rJrNEFq5U3Mfzb^J-X*1y~UV zk@b==Ww-DiCe>3w?A$++cfF14NEO=^*Q-B z@vLTOc3cFy-@oN*#QKq(V_tyGu6E=?e6;m?7Ba!T$t5R=L94CV>1D=kw~=2E45UN~-787EMxD~^0QL@)qGB<(!F{c<5Wn_m`*H~SDU@KgY{9DRz#&%HMb z7v9b6eM20Zw;tcA~dlWr8tZ4{5XMVn2D{7-cO(z25w)I}BQ8t4#Y#W(o_7fQ`bU&!oLWF=Vu%uCszFC)z$V5AXPGnqQO;J75&W(~?IS&Ta4J^HAyGYO)fb`DPa5}9WfFnTM zd>x^dKebqH*Rz^6)%PLKsn$(kmx^tzq(Nj(HNRdTHi>0SHfnhjNKHW_+8u>VtC~ z{B>;bj?GJvO%aI1&zil4*?0IQS@bTZ^QyV36yG~rHenh95&er>x^yB*f?{1y0CSRw zpB@@+N~d!j{Q6c%jI}2+>>ng>_wC!nKHNX(thb0`hSMK!sMx<1sucAKHhK29!A)@J zB?h4@sML_NZwh#->7Vgm(8-t=lxq*!twvRCC6@f~|%L9H{ z-u8Z6^g(qX1C5*LyQ8A!0zciyQVIPqitZPL&$~b+6E(vL+9oXWjFR5rZ6Wzo=~O)a-MfNZrN7Avv1Y)mG2i7P-(w&d(pQ! zjtEbV7S)*DJ>tm{{~;G7)FsZeTtC#>BUo+-YxQGqSQn)bi>quc0}TXfNhbYK)`C3- z#oLbS`%X%cX!x~-p8w&nU#%e^@b>K;E!otTF@^}g^V@bg)@nm%$t#y-S9b|+yV>8c zyOVQEso3eN6EP=^OfuhlDdfX?y>}ImPz(tMb(VLx_--FkQQ-qxB!Acf`S+C6cHyWd z1vI}vJCqO!yJD@ zo)8`EK{jcEc3Tdy*P3E`VPj0h_p(<8jgC*HT}^}|i-YA|p98XM6S?rp}r!?k&jQWc91mf9H70T&B<68+`Ln9T4SRN!m2I!C>GdGEQ8uUkU$ z*R{v}=Q?T~hgX07@$b&YPm-M!^YjGrLKhj%py|XA{J6gp3w$gAJbUc>Qc$C|-CP!r zKCi&huH5i?L!`m+mm(Z@24mOH+%bYrXs^0Mq0A3tSRyrD+Si9f=PKS+hnN9N5YQ%M zxK>Dg;6O$^OP)f%!s};T)k$G#0NF<&_B&c?xbfq7ma7?2;pm?|Vg3wlu6+39{P`9( zhXeLQU6cWN^`upqP`XlDv1JoQ$Ap1knbu?T~&@*%eHva=0rEh%&rmh5-#K8hU+I1Atr zYM-B-&yA<6;@<7lBQvwh7?W%dk>SFfqu0>eGHcKiwL<7zZ!8!c~i&)HlTa zy-H8w&U_E#cTP9ZY#yb%Ip!m4mEp!4Es~06P}34gO$(0NA6+9{EGKwLo$69=%W9iq z2m5Rw82pjh6XBNYoKcoq_IQ~HxeF;df!!dSa99(K#J2i^?q&e55CL0+MGC>9F6ax) z6|5P&f-)`ADVJ|c3C0u4^-8PXIePeoEexYqMBEJ=~fEfhhB~jDgF6O`Pdc9tf6%$T@W^l2bx)KU1e*FjvgqU zNd@e;r~b$u%LZXk(QKtLjk#xA|I|V9>>Xv-;3*2vLRl58WH0bY>1F=UO!GNEdxSLde-b0S&a7V$Zmb=7^-gJ;D!cP%ejMPqW=a#|q>iU&%hYX5 zJ;vb?CkCqBQR!v?)rnJacWN3C)&%wNY{K4e1sS--pKDm9T}WargR{}_e7N)@Oj}xu zk>w`T$2bQ})t^iYPsH~wGkBACQ51}^LV8eg%!4Eh8;GbXMgex-FX(}!uWQknu2VIH z`Q@%49UyE=Ec%_GSg(jJ5d%JompeNY-~%RGUsd~2_{%t!6mk@C#$C+U#T@^Q_IZ|i z_S2!j(t_$+3bzzf2~&WKH|x@odeHTT)51Z$xM>J#gq{JizJ{Wg|0X4SQ%@L?zx

    LWcQdY-=*mT^=K0>_S(A3Hd-JjNk>cPS(-~=@zUPO-}a9BFK_zvze zSD1Arj0H^{LItbr$RVyhQ-0yAQbk&t>~zJc1EVfERu>f?zS$2_*Q1INf-1xbmJzAE zs1VNY*H|n~U_zT3Wr=EBAuHfArFc!Am3lHLQ_mdx?UOzq!;KX%K0s)vwy+@0h!hqa z6p5>2m953G;Q~=&V=es*1fIf<{aG1b!~Rnn^id#Q9b%O=F9rLs@wFcodcXf5#lKa& z;?k+;_2Aiq3II1KLg*d@JE#Zd_AL#~Gv#Kni-eqg7#S4vND`e02JZ#1r{3>nL~RjD zI&~aHJe+KOHw^1%w6=4RUimQabPh<#0UWl=tVRjIC-p>5n@M#sipjSSI{#FF2z?@Y zAZBvd82L1Vf~oSl#7x7B@?CgqqN4-BeWv^gMHV1Q)4i0q*f=Xg@0Wjs#8WMw5i?n` zb+mLRsuJ3@_gAy`B7h;T0GRWxqKmrLbmpH#@|vhM!tzsLNTL(E$qzkt#Ac*6QRn9FAk7v8gtxe{~fAkQxh0dlT1#+-J z{W$8pa41Ex-VDQ0B~O|?>_X9iBZt%f#eK z0$kkds_`>q-xD*siM0ZU3Y1&5)oN6t>u0LlQPymvMRsH;z0uz;5s*0Xxx6N%VsP1MGY3-`ZH6A`Ud5h<*H@_3g_~UDnJ!YsCDY>na90~ z{WPv2)Ax`!@81-kOF*6<39U)6b-RPzYUczzUH3ohUte!mT$hoX;{h;dzWO)S`DZHf zpT+0@Se^e>eD$};#b;of`qM1?X{Pv0w*HaZ`mDSEo5XzTOse|8}RKO+~if67bzmV+?;3_n=?7IOGgG5#-Yhu{D7KNsSE{$Kp(kpqU$ zgyWwI@x(;;??}d&1EiqaCJ6P$vxy7ig4C$3CiUmXX5|gxj^WfjZq(~d#4*5PfWUD! zMC1Jsp}EuCXa=9He)RPd(UAP7aSUr{Q~p zQi{(DZn(WMRnhWa1IauQ28^l=h?&F~np;FONaZh)?3At+Em!L3V?VA}>eC-9(ZIv| z*i_}c#FO}msD|X}SOy>64cPQ@`Nw6J2;|9j)3x2iO1@VNQ;=y9QjV;)P{dXuQwqMW z_2}u!mB@B&;Kx%uw$?xfysA2y8_9^(0J?_qtMtjlLIeoOL-(SJ?X8A~p;$u(n7R^N zRVy>=t5DplQ{k+Beq!%+ORHF_zAmw!N>O2~h8E~RRRu2T87-?IJH;uExv>s*Md?xI zQRF3y0FnAK(l>$++5q4TkP;eL>|S6})THUTNW45mQ1#(rq6LYsNSBA5|Wx zTCUTJfZZ)4g6-v;o;h+G52-C8<9xhY`$V_c5tD-*WhWRTvIiDmetX>VnqF$>tD8Am z04M>e=^0XZ7p^(L+cac4zlT-s5<)27={13s-1Hv87FTn=q!z-MbfMw!0FLqz&rwVc zr=0ByFkjQLS1(WSKWN?NVfxavp+HPd%%lhwvIIW$(o1G5>|)T1?4A&{cig|92HjQ4 zlrys`B~1XHyFzmq$Xx>_Jy=%7;>4~h@C=*Bw?fPg#M(2hSBKbcWBssa zc@%sNjL84uWu$%{ftjgBT_Fx~{bJ@3>6Ys^mogF}fobJQw=_R9hYLIZ@&y+%WM+ow zR---!zSCAT4$8%DUMd*IqF#%@=~*9KrnaZ-Xsokl`WZ{3ysK=Z=Qc=A^UO~PaBUk8 zKwQLCG$_fESMD|(*fTjl&GXdSq*|p-uy&cx4^$F0u594LVyorZvYycABm8D>{OvZ* zU;J4a>yRzroAW5M8~&!lw<5$bohq~PA1E2JP|WU7I9O~srULQKSm*~A-dBPfmX4k# zrkdfkjeAHURTa7BRJ?2_0-1zU5K{9>WOPZ$0{B|za`fTWxQCM$UdF})e5qkYxZ@{m zuig$9ShPZzX0Nc~P3!}rq3OJ(BulXe1UJnL;WfbGm*UDGLLeTb!i*bh!nDJYlP-5^ zLPK2~rCg=H?Jl``gkKe!Q3g=jb_SxX4trKd+Y16g3PhY`c7F+DN#}s%1O1FLqm@}F zt~YMF&S1Nv3kwE}cV?Gf1W$9RKHPx*u+>f2HP(ENiL4=vNmkeIx3nf^kWC&@NT-4O`KXk6zR3^t282)2?Y>S$3@fSo3|t2BR$x>sjFX{-BNqlW%ovM`gLp7zxEB1p+`>G*Bp+A2`U6KYa5CIv~3T5 z4~cvkb7Qz*o=mZcrlm^bZeW_eD! z)FU z1$wkwB!rDL<2M;`tlf(>z5#yQzJSQG0F>qSUNU;cJ1H?XT4B2B5^&>w(LLhVsbSX z87{?%!rsM%Oc5sjz2I2ijC@D7e>qnH{~M1>5cs>5feHHMXk>b%@Blv2&eZ&eU4Ru2 zrmo2$y?B`R$#@{NI3`prOJ^YB*N@AerX+|v$X@xS&C9DM2lelv&lXM{{ma-BTBZ35 zDBO!^Khk>3CAEb)x7$4V(-hmnrzj)lb3A5JN|&-bJueyuHExE;+#n}*aQC1)@9%T< zMeI`RQZpM4Q(MbqXrnX?^1F{rDmrUa@srU;6eA6N@6Ye8)*FK9HLOEI$8u(^tv`cE z-@NHO>tmu8$3aWVmnWdsv5wF6os!_LCCtU8)cCbs5(Y*Y>jM=L$@<|QLZ#`Sw>3Xz zi@elpPBI6du_Mpo1*zEca|@e$%i<+3T{||IP%3O0HEWM=qg(E81>)vX%yT%c9^CV) z*I_?=q8IIcxxaI?N+k}^$$sIA1SnlwA9>ABUtbK;a_{0FM#eH!X-*E81}7RJNd2X~ zbYfX--|Sk?TsjZgG;dbop_xDt3y%r20~@-yB;_<&v^dRKXuWpnO=nz;n@GaRAcyTmj1O=`)75g`%eS!XX;h|_dx4! z+10-UR{s%Kwf@(t?YA_k1Fh@7)^5LB%>Fbo`m>e!Kd;>wKUWL%OSxjh(X(Um z4hAS()sG%Mq5z{6_EhC#>~(d1Ix*rfUn1|LA6Yh|6?eljBoLT{sPC5Z`HM9OBv-&s z9Nu8uz7%L-p?dawKW)lQ)MRi4`I}k!1?%-TQ>l^KNzPg}Lvz<$pY+MCg41nq3CK}4 z{^#DSgg2C@U;Mh3;>R))0sQYWSzc;Hh~+y8%H^f-$el3_Btm^CNk2|0%P5fNkWqiM zeeXspJl#(~E2J`Nw7MeB&&$xJrb7O4`jdJGEo1KE=l(lN6sAwF1SI3Fbycz4&2+9j>2yc>BKdN{v+2YlU( z?VBs+re`k!7hVL#D0YE7OVcBO7|~JnTks)1>;NxZu#y?P1Y`7pW5Ow2P88@Ly%u9r z-uS}gBCULNct9$b)?Wfxj}7g}&fkAfbOzEkaCjGxq3aHIgv%4Irvvyg?zxQNEmEKrp2Gwco3DDoz>|+-R1#Hs z3nJW>i_>Qoz98(x-`ET#-6iG;Jb;*0)zZCK2E2@4#a`ZEqX6ZKS>7PV@0#oriB5)7 zkXQFH+7jbP)R;0#ctRS*1oa-7ZqEC&0*^G1>SegmN(;baskt(uw`kk7GUm?j*O-9M zh2q5WIEj6JreuVb67bYrx)%FEohpf4ZY@>3D|$6I0F;BTwo=|yvM*{fN8eUM$iY}a zX2nc$7@V>MM8At~-)y6A&$B*EhVb)A(PRg<2Pv?ofr%g$kCeEfUZm#;=J znxbzN*GeV%sCkyZS577v0~?quz_#8I#J#+I(I1V_?=^-J83 z`B7cBFVQW~%E7%Yrl7TY=^^G%#5q`zDA>2nkz7 zrEeri&H1G&_O|6TEz~f0#EpG-xpO3N-~0l<#;7C!8p6Ps0^Dhw4zPv-_T9mn;9K__ z$^r>zN<%W-Z>_&deAr)c&)n&hDI(NY9(?HGZhC;%FXi+v2+?de&RBz2@GgCOe)?`V z6MRS;Pqi4^k)|*O<{QH@v#`O*x8aB%Hmy>QZ}8GzX$MdlAU&yIeu^>tW z0~a=`HlidiX~tF`q}FarbOXe2)H_RujNasHJd4ZTyVuBkFJgt;8Q>t7(XNoy2CXB3^GjdDHp6(vuL|3gs`$! zbi1^Z@6^LSJ-C34n;Nc^d~+cG^XxI~!QNczRO z`8H8eyraygY^>}T<4U1D`J)Kog0Q8Qd(}+fOMkzu(5s2cp8VY-bN!;A zZjfG3Yn=CJjE1Q^kg$~L(T!XocXC(FfQ?~*dlp?bF61UU-uD+gxAL#MS+H&+XX|!f zF0JtmgPru%0~L;UebH})Gx_X0zrEtE@Gp{_v(MZ!#zKmza$Q!q&N<%zYXD(!%RB5R z4wjHADWsl=u&lo?Ixd&ETu64>FD;0v`IqtC?$C})cY&=u{TeJDmt~Kp>xW?WeiWih zL;sP;%srYdE&UAn=9QsXTk>92Sm-x8!IK8(h!?!m<@|Iu4q(#12GcRJvQy*t+Oe`+ zY2?MULkLgUQadaGRc^{>a`%Z2h!CxvCtbDLDa+H($x|e{S?oNW)lGG@fcqP#r(c;5 z^|A|}eNQ}l$DpqB55ib9fm1_el?kGOgPASeks2gHd6I$2XkB5xTO$%KSbr&>*0J~k zq`p;r1M;h!hH-kA%h$`~L`|b3YPN8o0qGsd-+JSbJLzJSn0Rk6RIsk;6yYTw<#4O? zpwh-GJ_A{(_7Gx$W&83`X4>{UgM#tW+Q~WL1|N^J)9k}_btQ68*n(Zjx3k4KyW1ch z?U)25m4eNZeuJmzy@I>j-XxS`WV{|I_G=o?>F}BKkRKbS`TRSM1gvyINESPtGI<@7jB()sAeKq2XjjGB46Fr-uHR4sIBcnQ7~!7zZGp0^M5K z;o$e~gOwnK2CjR#Y;>r>~}jgF~QKZw7O*z`IW9h62n$>2?4G=Fn7GJy8bQAmlv zu5SST4%N!EG{1mb!R2~duOZEyywoT_K^;4F5^A(dbAr7S&eFN#h|?l6Dn;qXes5kB zF8uPAiO(|aHgYrZW>JqhbqrC@8%MtX{mY9vJ?VPph91J zpXjb!_Kq}T6Fg`6b8FW!fZNw?jQd8|w*%~n^E=#e&Wv~k>Ea6Gmnc3|Z1TPLYj^s9 z!#7^3Z~o7>r@(JxkIFfxhlJmccIZLPp+o5dC^P(J}E62!U@ zNP%xy&CK=82(#Fu!H>pI8%G7et%ghvDf^Bwv``~`{)rs3x$b4^l})0Uc120TA$WUD zj5v!~L*V3y>jXhE@Xy?=ccx~9dcqsvGyo)S9%5Had~K-&dAL1U2wM3^nUdh_@gJ3W zwDCU3i_5!CrH#wy1lUf&mWV4|a7D;gmcb0g6nQf^)AQp8(TjCvncR(~YvQ-L^Gf+& z%eu~6_N}T-(y*X!(Gm>G)vEBszM4qgKvlO;KD%7rm;1s45o-wSKeW1~4(S@6m3WuF z?1Li`HjsiVmjB3K$ImlF# z+%GY_U%4D^sCci=J1-kQd3bXMZH^T$F3j?mT$zjep|TI4M(_W>PD3Xd%4rCR`eYYJ`wvXVs;u9-|*oPjviz?Zn%N%Y6-2OI&mf0&m}d(t8)Q7 zKsklXqP6WCK9enMZ52%?6aE!%PrYl481P89!OR^OJx98TcGs9W_ivsp?pD$Q{QZxPM7c7==cBtjz{Ky1V5eWg7WrO*2vX*SB68aej8AsRV-Yv4()H6e+^ew-J1cww8Lf6b1 zg$DQU9IDp!Q@e_psRSP*iEn51O7=3eQp-ca<{XB#ho|z)%dJFy2)%S{3%W77OMnZ0 zYXhoO%Fj|Orq$GK2p=@S*R|#zAMEeMr7?z-Pwzco3UnMhUyAk@8+wj>+}jl{dE;q` z`i9!3?nO<~2cKFm3|{TGJn`Ftf=4B0<0Vof!O_ybY|4fKL@TYz_af?P45v}Skcyx? zIiLr{vUE$syZcgm<`Iwa!bgZ&DDiWAyTH&=+o;0M`Hn50!SgMTJle4nT@9QFAG$Pz zr#wJt$!O<2bAPW8Iyz~Knp5B-^49(%;xRukH?e;$d)mc>3Y0$KHW)OtWvHC#!-$S% z&CSmx^bxt?M9G>;1LEb2>)YlP@lx^r$>mP^4i`e@t|4!pU>&c0h}btv=kq4PIfy$O zu+Zd08<<1s+FnzqdQgv3JRdk$#F*DB{Tuy|m$j3PTsMK5OFC#x@ zjv`nFB24?X*Q~K99~5?u1rx&gK?}G{7iHm}PXmfsy|XJPq@Ls}xChP%2Pg@Xs<0k~`_!zo}s(mua0ns+FM_B9vjrW$nomOUg5|rFf>E{k`M|yN_-sfP0vv{l7Uh z{$zjrA4hC|S%2^^hsJLk1pY9ZG5#@N``uyoCjyTC^ECKl!1mvs8m#~J(D)|+_qpfi zkNMhvsyF+;sLlRiGy6w7=r;l5-?e4`J7d{z8=YuvY5$9m?0>H!`&0w}E1>uLga0+4 z_qo}e`A@wiM`Z{VB;~~{bOwxNLBr?R1rl2@Iav*rM8$wFezM3=et6(C-~^>PnhUARuV zPh67K>mo-F=AW&#wT&q{$2ZZs{7TXNmFyAVOfF5)02xDqYx*-W8iUIanZ=0c6bm5S zk&HXK(W+PJC1fa|STR?3TK)|MbOvL8zfhroWVR?>!m?K&PpKSSgVYf!0u~AaE`lVy zUcNE}rIbGp>BqB@?(}pl>cD`lt*x-{7FGm79{&M`Wa2=17;L;-kOg>X7z{)byKq@} z5)CvoTr4cR@wZ1yTm&2pq_2p?j^W_2p=u&>3FT+(tsw>XvDzGE*|>X6x_osC5%v}u zIT9W*<~@*&k=;-Nzm(kqf?O-EpUom4R{FP4lkD$cJYb4w7#Xs-dkyx>*mlUxu=k`R zi#W-k%mC{{YJQN&XU!3fgr`Y*3LPn|Cjiu^r14YddXRB^8pRT7iVEel6<`w(_9VuO zBFII|*z0}L_}Jto<|M_1$McL7D(0|9A{h!$<+Ww?$>^Cfieu-< z%)S*!RL^;nF^xq1@YNVAuAhTh7tMl!yE=!P#oVVq9jbDAr|UrAiT)5CmmOE9)-0DT z7t$digMXF0F@a+bt3bI9@a@sqk{C!??&id-VEHBD+0;_*R_N9oB-+cT?>_*Cnasp( z!fqO5Vq~^HqgQuYpJeV?saSa@dE(y?>y&$chOi_2Bf2SXhvC|uMoL{bIIOEWD_wDD zM-URjTyiH5AaxUe4YUKWIQK$dyW1R-M^=_9qR$)L2DN-VF^51J?||zV_(Pie0EX$b zy=hQobi`TJrS5Tpb8lN(6ltAvW&NJgPK9(pF_Ygikosq^9@}ZzLHjev3hs?|Y%t7F zjv%-KH|K>rbGvGb_Vu%S3EZP<1nT4T7IA>)nk;y(DX}Pz=hohIU7(&I@@Ph5V>eXFWEHY zNqcMr2=ACOUA0&8ry%kc5TkCCkkTx%@Zy)-1Sy2U6(m~5q(7XmySF*j5tNYZA?U5M zI)Z3}p2`J_GGw zRE;JF3HC|5j(_Y&>hmKMXN}Oanpb&QnTDSNM_|%rf>8R@Kvl?6zz}t8NVSu>=X=YZ z((1Tf5uTp?mwLViY{c_xEyNUwoXo_XgBTTZj{x==T>QdPRSeE5pK!BuNg09JnIe2p zyMUETtlVNT{L0!)xWcM1p$iVL^I-$EfP0LITs|Dh=yE&TR@roS{v~f|*b;#S#!Zsy zcg7#dP`G))M{o$U%VipzRXK20hzs7Sc2HW(*CXn>x|F!wHVtK~)rQM_A)y2D2n#pV zFdOLvB^sU%#u4Qd%tPpyiuhk~oMQb8hTWH{-CAFc3`mtm;36j;PeR0%; z-3tUJJG|JT{01%nZTs~+n7tQ36_?Y`>$O;h7?%7l!)S}tc9TY@CXYF#1qEuSW0%A!*Z za`B>BxF27iAxQ#wo-ylY?a}Qqu@i9ow0iU=a~UDs?Tm1~T3SchH?}fj+(t20OJP;A z@+V|bw-0myh!nNNY0pwDJoK?N^&)afU=AQ6W#0OZqTr1^RUA%i-D@gJl4PP}V`bDE zT7MDWsO^9uY{%JNNY#n#tu#k3kOM#Jrr;5 zltd)!V=htIjHW{G+(}vsTvMHo+>UX|#Sm3R4$tG)&yQ0o8o(bge%exS))}tw0Cetx z$E$RE{6#hq5r{~JfIcPeD=*bmB83}s$J-Vo8UbE&`DOY*MuiW7sA?0y9Jtm*-mLJ4 ziPSK)%MQ~L8Yy^-X$thYPRJUF446G}u(4f;EDEFn;xs++p*rjkd+E`uR6W20{Ehk| z)-^J<@g|nw%7sQ7Z_Q{THQDnOuw3TJ1JIS|*o0Q~l;N68GY3Rx1>&0Pjkf9TSUQji zltHYOZwh>3I_o97^NoUZdG#qJ)e0NWna5`9?o3W2*68B8uB7Ruf?L@))e97v0KSBf zo|@hpd+a+W!|xWfBE-dz^FE;Y<4*|8JPPD6*^FRecbe_2-CybL+s@nCw3lDpcOHgI z&4`}HwKgipYe|XetzZ}WFjb1sZZ>Q8v%|zE#Oipwn1OFrVb4v#vP%OVPTfeYsifc2 zZ1hKu3_m3r0O6Z~T0Lw43)nG^HY1YklLwg0OIUn$7Xj;8O#%}3%=DJuO8Oo^P*}Q% zI@JdcEc5UVq(H0AnfhhuiyQ@3i{9+so0p9NSppFsKE3@`izp zEqlHipVFxN;3Ow~-Qmba4t+>&urF>1S`MfIyMLEMbCB5t=3aTjW*(w5eHGELdEy&M zcdquuyF+C$ghF<9Kp-C7 z5+uxY|2f@7`GpmifHFKMJ5bi*OKmmv6MBpmMwq`YBr^b36$lWWuMWLcKbmS8ejq}? zF-^`rfXTI7ydK7V%r=6GKpsqEhz`s*pXiK-sM{}SiAz^lbTH6s1RM5L4`6jyb&pYW zu8V10eHY{nPVvNymcP^z^H&r-Gc&lRz7#30!K<}Cb@35H>2KTvUG)C&;*|Eg`5vb% z<`2AHjhE1>qSn%+BkVWWZ3;No$a=^gVcF{THHqaK^TPLZ-PhfNCib?+WjDZLk?2fQ zbvGDYpCdh0j*T)JL}EL?As`}vBE#pM8 zSNGy{VV|E#y;*!YIL?zJEu4QT4PH;nRxey`XuG=JhxaGII4k}9m z!mK)JZKsA%YnR}0mA8BV{t%vRuyK{HkXQ>-RnhA~q*Y1c(N2KJyQoLu%?*Xmu>i$|GUfh_!XPA0ce?&MMAx3wYbjoullH5*@7Vi4`@TN?3}n z#Cv%uNPV%>&)`~@zq%l ziv9E6&=)^Z%R`o*agUME)eAR-VT`6=HPo`^-keLq}%hAZ|n zB_e#Yh@zPAO}bTlzChHv;>QC@Y}dA29Ul}GE%r6OX!uDhkR4$uK{fS7h+x| z2ZAtK67O}=cc^}RaK>f6F@h@-K9sjcs2phzl|0B_N((HP)3Trqw>nlq(vC3O6^KQe zLb&aa!>ipc+>L@;qvs>zBf`s)eAg`MND2yZ3jL2~xHmHmg++Pa<>c4zf4wcc-_-Q) z>O^G3kGd9dY~kgetH~c7?%fx8!6|DyQ927t#0s>1Xz-NQRS(5d(Rohf85yk>)*fP- zv1!b!x;i_vm>CbD+xhhq0DIA5%2{?359h8H$;7Dw3W9TBQS(MkGlpm_DI0 z*@VIzh-&4D^|O$TEvc-C8HMz~?~rf?nN9CqpzpD$EW&7g)6vX5=A~3#=-ZjgzRvxT z_*PrGt?QtA)QUD3-Ek4OnCk@^U}SxnQe6Rcw-`1_%MRH~`!?kxI9WkOmwjF{w4lnr zZ{*$$IMJlYiq44L31JJ=mrE-QJ&%bx+x*8tWm*{?=(y;!b3wAy%AXv-Q}K=$Rc_NY45I9!d$SB3@e%kHBMEUxf_L<)KeD#}Kw6CE)!~rSEu_MtR8_Gt zkN(u>)5h08ZUyVUbyK+5na}?{Rt{@$^G4he^-MrD)jhQV$}*Z_l;!Cw3R;j+`R6p1 z4pOa?lbe&k4k9j(2tE5A=xF=xr*bEzB8ULYRuX~lWFp}76Y#S_{kG^cwhCld*8BIB zrGO4N!(~@8D8umU&#Q;tPguAi7hmzDV9k-^A-C3j6r})8g3QIogB_wjdlfrvI--$ zVzxGJ5rtYtZH4f>cetwN#^JyAuYTXy_@6Yr|LfMrzXRgTe{=G)F?=RC|7c+S_x-Ei zI#&Nd|B9aR-zGT!NgeV1Q^@}h8UH^d{J+Wfe{<}AZW{g@jPwtc{vR!R$AXF5TS32lp+!Y0<*2x{%Sxhv2 zS{kk9QIi)6^w8wGLE!1BeBr@4z;$87I*5P`HX7l(e42c>JLZ&5W}@oUIGnB)8>CCm zB+Cy9gWum|5KZ5V*=N184!mJyd=8oqeqFpJJ$T9hC(MG2<9*t}v|Fuw&!Wj+aY0^Z z2_JbN2&=aSQx`amZ4msz6&_|~&ar|!Y(xU}<$SP+k--fh*hcrRj=~Oyiiv11Y;Y@= zq0lC>_nC|r$^x|{3=xGKTvRd^SE_!Hg;G(4z9OBV;K4;F5f!+*(ng7khk5JnkIl`^ zVd&QMVb}@nN^sA%$>+!CwJnGt5{DrV!&ahPHxX4X_81`2s#`Ex;EwLqJnj;O_L!G@ z1PdaF$jy}%*k12l(RSvk#HJ*)u@f^{NUb=1++NmWa1bHH%1r~z+|gs{v5XY9NT$=< zFPySXMi&-`&YjF*%@G|-nK3X0Lgp08pOnDN36CU0{_ra{ocm^m^eLs6wk*^tG?G;> zRxU=F6E{PtPjgFj%Tf~qjqPjGmHFW4KqC+R6~r=9c8&cqu4{d%BbB#E=!A}SK4KW}4mlJs8)*U0=T-Sz20qqCjrB;*8-Al?b9y(}lQ?Q* zKQ4zpeDifPVDzx?UW5zpd3v3^x zsUnk5Gq_nx9~cYEn#e7+ke>2wCO>q&urkyz$Y^(u$<^;(=gD@bMA2)P#gaO@cF0 zuA&LUwUGHVC@08xA7#JGwhT5_8TlFNP3w`B=aDY#bYAqPp5#ZN^II1bvjF_#BW>hL zhtVLmx*ee?P^g*)x{gH?!rNZJIfB zN;hta{qd(f?ARR?B%wnP6SsC8o_>eWZP}kUQ`DxlLkL#mv|C;xYL2koLU-|Xumt#G zr9A&1XXh9sd4pyBF59+k+qTUv+g(PNZQEV8ZQHhuF7vIP-Pw6&cXng<{aF9V{E!h9 zdGnro&iP3i?)1?LdsWa;k4^*=lQy!H)ijhe=93L#zgQd}{zR62d+p%Ap?EaeVdW(uq8XPe$JW#5PT!?G{}O0=GCsG{ zNt$s4dQTpwIprG6l{4d>P_41d$s!u;ymLtL&FX49vPg}c>%bS}J(xswH}*bJU~uPe zyWPXRf7z!CBv0;|x@1Y%+Sa7W6S0747fb?0#SphIsJMd>s_bX|hWO*sfL4L>B_-j? ztM=}?ro%Jz&fv$huHU_t4bo?UNOxD%M{i@+N#*GR11e`&Mib7hK2`tfRK5qZ@kk6n z3#N(!ZZ1_m7;c~@R9O!2U6!>+PE_6W+PoG4jG{hNKl?*F&|q(x*?#zyN5UmFL4g8H zVOvBZYnDU%+-W55_c6`Wm#LLa3X-dJPzHFu_AWi8Sbk)|654rW=|1;piQ$4$KpI$=8A|nIv4^x+Y1+_qbnqY7wY2AtHpxAy{K|Qn&mk z6w!WnVyhkz)ejiQ_Tsw4!b0obaSe6E7673yI0+MJ9-OUQG)Y;wb0As`)(pWvAve)4 zt3hRI5Nipv3YATs>F(7%)ikW*J>|%0O3dpnz}3L`qdNSeOT9pxR*|aSaoRk_Zxx4$ z8eh%13!SQR6GDP?SgJeJcmC?kcgZ<{N4WB;iL7mXIwe;JmAH1;UmT99SW#qT-m!*wO@N7J zzE~L=eXr9oPMA9HH@v~rH(?hJvMuz;d7*7uBZO3-Bl2%O)l*BjBHH&rwPpJ4(+Hl% zix#Kx8DPz|re%YXbx*%r$Os%~;dDgo_M+mfHKgBgnP8EFYPSgUCErw_5g2Ll1P zhK_C1n_MtDepzeerhKq;R>Fv6I9iHbpT?{pQGnwnc1MYOZi(vrr3?cZzu^CQ7 zGk5kKO{pwE8rFwIaaUwgCok?Q-6IAGfi4#O5hjv+c+L!eiYebup5{eYIhvJyD9nK& z9yMYJQ8`~Ex`|T4{4oc9qh2FdEDlLR>|$dTT^#qvkf7f9Zq1gg=-wm_%cFY#2Xop( z`1rL?{(BH@ozY~N^RLl9f21Zs`hX_Vhruf)91;rmvU7eZIm;`8-}dZ)Vu)No7-BSi zGG@LTn@PF|w{@Xv=Cr;^Yw14SNY&|A#OFa8!ZIWz*gogqrD|Haxx|#@ixI?LCRK`% zaKUZjaFTF>Tyo=QQkNO`?=>vxa$@Bp$d2RC)tokDiN%F7UWyHY!# zZg9F6cQuxaYmFBkl`!I`OPGl>H7v2Ey!3Li(x%q+g!jop6|&uIU#$>qM)Yw`mxkm0 z$jN{eIO0g~$$!m&r}2u8WFcSu4p*O)keGy{e6G|0=;(9Z5&d9tF3TKRMnxkd_Cv%X z5t1?WuJrunl#|e6Wg{0uE3DU#L*zZGwW8aVPU~h@RY_T?lwBhh4=A*{gQ1awh~DxQ z7ThH1ljoZoz6Ft-%xTWYf`v)g}sh-=^{N=f_S0*DodA+MaSC6vTCfaPv_uXi~8te)Vk$4dCH@pawbK? zs%t^?QbI{deW(|0A><%pJ&t&L8$#Ra7`sVjzL6!afqR6S&ZG-m#6JUkAd^i9Q-Uy5 z&PUT)op#D&)v1=6lP?$p0bx=W6BAfu$`GbJWx9HI3Vbb@TC$<}Fc+Rdq%IOIfJ(CBxw4x-j6-pt)z-L)bQ zNSKd!6Xb?q!u8~SPk(QivI}dj5KTwtU1ZvtR+Gi(Mpj8b)QDG1*G$*UTuu1Kl^Vg^ z5a(#-gwq1X2J0e%UVtVB3tzJ?lxC2jL+!>EK0SKlUk(xFX}VMbZ$P$(k1UAId5>cy z0l(+L?CpN*H-c4diKf|iL)�DLVUvv40pynpcF2Pj*K(IkVN+zwFMnjYlo8u$O5C z*sIbP)3CmGqfn-Q^^(1TGxBH!ski`wOAf3)#xY(!sM+wPF-uZ$ijiy%#Hd zlx09TkV{q&OTaYTnP^5I1DJ!g9cDtFN+5_}zlO>>xz&#yv#&DFV(@+_w#)kh!SoeD zGaUlujpURXbsYL3dTf8Ts?yRE#go8Q#F_hdwhx@c-f>_!iolsqGTKMHsYI096lwkZ zApY67V13kQ5J>j$_B6d6A^5!VzM$O(H3kQSGmQtcTjLIK)W-Z(#=Q zE`q2HlMO`i%+3R~Y7R{lvw9-{42w4~V)%{E(nn8IQvpq^qLtV#p236_?F}90ZKLg2 zH{K_>^cwL9u{VGBH&ulhd`&?-YL%c+`@SxpIJ9YC%*`k8)idDLGZyNSUBRy81q;PF zL9W_TIbK29A|*MiSW>e7l^7N^HB9J-Nusq*VL<{&o(bn6wz2&9y#rRo6C2V310)8a zxoCh$KgTy}0=(}V{g_m_=y%d8Hg3))v5FtiF8t@EN-mW_K-KE0gK6yTnw(oSVrYkt+z}j)oZGFY z7^s4{QYtg8OCnV@tL`J#IzWeFMblc9Hn<8lkV{Ho z3J{TlAwnYRbwQ&x=t@oEPRhano$tAa(O0*Zt4?ULIl*jWs>>bM)6nZZNK#(qGwC99ISGgCpx||rz8{DQC3-6$^K;58??*5#T{%s6Z1 zWZ$BC#u$|M0p|Y^UHdQe!~d=SOHEv)|KBTp3{1@Ie^L5KVm+ke)zE{x6j!~?$b{a1xjwH_useb0 z#iz@rN@Ft$3!uU)KvonAnwvv~sJHZM9*>dW=X}?P0@pDQuQNoX`w4`cz%el|Lrlo| zW5zYSHFFAkLY0}!&2f_N$jf^wTBNxZo*FeA2^R;8-R;KYur|ewcHEP7pOI|~*zxBS zXlI!huIX>5f;;|^OY#RpzX^kpy6|3F*hYGNd#6P+qDTUJu9gFX{^&q6{-Ai zX8D)=>@I{L`*A>zjZ2%4$Y-ahkLt`K%iY z=MXBy6f;#fG*vmY(XT{vSJ4=Y&@2;0gVXDI-pI{MJfLc3WodhQK5VY2I#cwDD@YU5 zL3FxZk(%xE3uzxK!I(teikz{Vw>AeC^W>2+HrQW+z82jeV*)x~f7Ev)MW!9KSm7W! z5jAQ0>3Pj43O%yi;e{GHudZL)@Hv0f<~T^KP_(aLidq*QyAfj0wP&0V@-uj%{gDG> zHf$Xa*BO;%%vXA9#SCUnY(p{>gK>`86z&vBd48ucjL3v}7bo57D|w5b8caxrW@<~94m zmtK1722O9kuI@^_73LJ1jTH>=GXeq1HEBXR&&1wrKuE`Roc8yeskrnRO8W5cV4h$I z#*7+inpp}l!285;p(kGS=F~?J=`FqOITmL*faAoKN5A}9wY6I+YOCM$sanFR1|TP+ z*CmxU0)t+J7F=?B%!!k=3L>KwO=)^;u&x2SJB=WSGdZA&qNYu7b1HP?Jc5SddbT)( zqH{t4ScP(3=3&;lHJU|vb*7u(9Z_x7kv9_W>cT4L8ZN8mL`vUw^$|ihVunzK3FY<~ zgO=4qbY3x!d1OLON@DwCr;2NDftfN0eL9Rg7~GjitYqv;1*NLqf=ZX(vF0jSF0PV= zs9RR~Sf*_c=#Y>Mf!+t4IhZOk(5&IhU)sp^Y#>5xelZsel&v>fyuxk z(uL;b39KmSD`wDV1PC;LgVjo2v9UaL#7u{BwbtxDRG|W%%Q)@Bipjf-2@Myy=N?M9 zDY-*l!YA6A(Cj;kX1nDh4EY3LU`kj27lY}K(f5CI*byqr(LXL*j9(M%Ur(m5ktN{#cT_#&S3{D_ch`Rh z*Z=LWe?r;+dGa5wZRWqWA_;w=sAay&O20cAnwvYBTNxSu`{B##3oiW+tn|N%;{W6R z^>1_U@4)DP>r(o6ll6aNt^Q$S^u?Jrv~@848}RvG;-1-A|MQUi^WgvNv1VfBVED_B zEL8g{L0wwxVi=iF5m4};S$xpd#lhVTxW?uW2mB$3(69@vir`C60u2FxNDv^w{v8Yl5;p%aNeC)>-%^X#i%iDN&*>tVBN>*K=9 zH9#M{XYWSbW$MRS#&|ZV6P0pRm$4Z_4>E7j*f zu;n{;w)~^2HfC-?TBwlPn}kd7kT`hY?_{y9V#1;#bcrK|$lhyvZ#;W0z`&rP{z8I% zy_rQ*%bauGN&bete23$Xgy3`rEDW*gLggf#go_A`0c)dkuEDY9lX`m!|& z)ay048x>`4Z$dtCTg;8p6a5pt6L8cx{K|kuU1x?pZ2Zb(JSSmri}b8{ zFZbI>c!__OjLln{qQ-F*;xiYZCe#kezb^WsWC$hA`~Erv&oO8cRJ(2BdX>wj4b`2< zIhLQ1h1gUv-85!1Lkqog@d*qNXWu~8ASgp~mj4Dqrz=PW z`b^}pI&ro*N2W%%)$BGf_dO{&9V=X>I1-!w7B+o*gv*mQsZA=`Z&lvS!k{`XR>f1N z4O8BXdN*HghOr(RRv=rzlHBw5ceobunN|&wo{*G)B;rVpB++HVx1BIV<*XoB42T^#Fj6iIT+9K?tW2agie9i>Klaf+u!y$^7p?B?} zFDX4vUixN4M$S7^TI-ia)9zj&^pQ|V5#)3ZY@3Vq74J?075PB`Q~esyO8AA9%q6@x zYz`xy0H^m7xYYQ#oH)xFS`+TKuoAgC=ILzR2+VRV(oVgfNx0N2jcW@U{CkuijUHlR zmkj(kGc;_QGg;?<9{$2@q7hdChAjdOc1)4h#dp>MEe?d*>h9{JaM9Z`=iAv+95yMb z-A#Li7F3-_QYw{9`>BDZ-T^yg#DEYfHWqt?Wdswf$G%=XR}BhAaUqbsJx-U-gahjNSGp;F4A8midVNWbv7@5*ubBs13K5pUAk%-Es# zJ_lRg<-_F}bK8=rDlL55F}(Wq-pKrFNfH%?=#@fUNLF|-beg;zqd($1P(%rty$&xW zWH}%xeI?*IhzMA*_nvV^+SIeb-j4fZHW7L1@4ZVV^8D5uY}9mq-@K;IaBEi>F{tB|2UU_;4l@l-YsUlt zaxSyMH3ssYF@{&sq;pX>uRS%Kz_2Y$Oa0dXz8Dwuk}A-{(Z)Kq)BKKnlc^a zr~Ej>6RVjjad4Cr+Hg0}gd?t=N`jk{vrepRK!%{KL|m39RzK|00E^fQb?sSif3X== zNHMs(X$-VH2j(R70t}{3Q8H-Oh@|=HJX!HflD$E9)GV6p6Z=WWP-x}E4Zo9|7Dv26 zo<+PXc7i42dtwq19AFnK))zPIY~^ECDQ-gVo;Kb#L!3h34=i@!uqQR>haVjUcxmU*J|`E@-%{? zPVT0F)8FpdwN>3gJBiYvoUaV&LSKkUk|6j&@_No!m-=YSQG9x6nIjX_p42LaN(Zw! zQ6dG2vR4ImUCS=J0a&5?@r*x+p)2jEFWwt|=aH0E@wpqEw=dY6_`789&Zy;*(B^p9 z!PzWM+QC#*0fP}7+{g*%Bg~QJ?hKzs(!7CtJG_}UU>IWiYxjv(=>W{@!=$vy-T2Mw z7E*b)I~;R2Lqu7P=*?#nnE7I*fK^5V*2Tc$5Elr^#Wc~HW2Kyf`_FzW4oi#sH73h{ zu-k4;+Gc+Gv$|9GA|9*&WDzc8(5P-Xce!l(S#eFJ`Ga!G40Z9>m?yeZpe!f^K8IE) zl$tfE8v{8gM-F*Yj_N|O`4@C+u3|_gt@R1Bv9_4GOgJ6QT%5K?ry;MsRdusjw~<8! zaaeN9AL{EL;_~zmT^(B!cfuk;A{HO<38O#*L+ahx?HkI$lb)^}H1>Pr9z(`YRX~V3 zjIiU#HO;j(Ev>ax%_cVw+qK5ng*>{Gq8PBlXSz*Rx3IO?#iUdukJNNpIpK!SI`eqU9Ag!{hB#EO&isp&sm6fHXQ3ASV)I9XO;0j!r49BYv z0O-8IE+e>PuOd)by!TY~Lo*>Cvv;g@Cyy1_Q5TIQzKFoWpdz4B)w`F#CH#ddCdL*$ zm*YYNAfZ3w#3+PxK0sjmB*1p6&!~?`-F?2(jR>b00jq}P(`N_uHxkRyWf(6jqY5HbnBDgyMa|^x ztYT%ZT~EqN5h?KaagkKsUqNG>Q7)*Wt0S+QGIrOcB%7+wWMT>2&fljJzda=WGa!D3 zY#6BG1;{HxkE?fUhiuwkfPg&sqZbLbPcBYk>2qb_#|Es7a6I?SG~G)ps`(obTr@=r zc&1l$){~KpASF`cGGDJxGNn=$Kre;JcZ2&KAy6-rIi5Lzf{1f}*hARr-rQ(ai?94g z75!BIRl77X%!!6tiR>xeVoqw#$*%Iz!_%_DNea!%t zTBQyTm&5l-3I?cp4b7Yhs&5(^9`%|rAP&VHkU~cF(kSOoo;27XL%c5s1JPMWo-pGT zbl za4{kuo~J;V1qCSyQsFjbFwJll(()3Jh~$4)<|3J?!G|a~8cZfZrGW0i#}p=(H1q^w zisMH_(L=4Gnw+8|*O!z!Eu-qjjfwxIgi3O1_~2_Hucd6tz7p2}c79?lR~3mJ*mHWi zjTi89k@zPxypV*0GpzSPNYX|G4-tc}!X=yb!^VOfqJ9pT+B z@f$Bjv?w87LC~9sE&i1rpMVs(lWQ388S5aZwQ1NiGA43?slUVN+jC>vR`$J}i)PK@ zyCcV&_!zY4tseyH9#?i>_AylJXS=?@aSViH58;F~T8;<^wZcZJLW?glpUg_vq*BOj7V=Eg0s_zJIT+CjQbA zGRNgS|Ere3{1;@={}}StR8>}$lKUfav;9L#p#M|M_a!8-{QrvFUzXYbR!aCEn)&`O zA~&78vBN);OxW4}^Ai8(!T))QXJG!Pk_eJG4{0SAe84b5 zURD_|YD!s#ZKN7OYp8_qLiry*@p+4jL_h$5oIpTEg~*{r1P}y7$Ov|k(c~HTSo>m% zf7dupOp#DgckS=LeLQDQJvw?5j*3W!3KOb{$lGppZp**AMogSIKvix;eAmu~ODo;FxS3S8naNL`|Rp-aSgx0cxCI~9v&Er}9p zZt)8R@@FYvCZ!@gq4085FknYJlFgxmnn`$hMf2^m6w&yim&&?QS;TDSF_~}mRoW%9 zi^CGCb_`)|BPBB>c>`E&i^*MewEYAMlfiCcDZQw_xFufihjiC^&E)#__#%<{+~jhj z;RYo)^S~B_ETJ!cm6Of-aop&z&aRJjRux&~C@Ph5-vvhTv zt)B>UVCFr3XX+KiL1cl9>ABI`hJUX3i+ zQ!Vnk$JMwME2AnOw>ixaDQq-j$xmPvp{irU3=YH>;3+?|iJv5cuvK`3F^g6dUMefJ z@7{23Kd05h=$5mz2po1Rmzy{Y1Z>(A7mY?bz(u50-k#C3`08CQUnAKujjLX^?#izS zc7Lx2x3-emMW5VTlQHL_1yV1d;uROyXEr5cg&R<7Pb5~ZYwA~S%3Z6G246(Sij=s{ zJwSJi01wGA{&G^XxYZ!XhP~pa3$E@fsqG3zm9%F#!>@;@rtvEe=p)1Dh$QOr+T1H0 z{Ka2_3QM=MJ0E8v6+8gYF#X+v6{aL2p4PYBLL=L$h2H<2nlx~Br@*JHN5%Qhlb}}t zb{scnM$F96wm_L5fS$ePXzFb}KXoWm7=z5{Moci0$~RbktTnEFj+7lj8nWO6pJ=Hd zc-yW=qmG0w*wU;mSqI1^*XroR$#Nb8#R?S1YBum}!DH8@oAYTh_o{sCsRnp7CCF=q z;#Vg8?$S}P&2bAH_aE8xG+ZQWddE0b8Gr$@OG>QDh?6W1=0JvPmHlH+q77>`mG+5LeJ=U5&Vz zN7j+HVE;E7WeD4q4DM=v3ZYvPgcu7|QyU)R(NS`vdPJB|hl(WiTSrbPhuSG_f6t;Z zb%}ZhEqOvY(ioKB5y0jC0zvgTmS*>;vSh%Z#m|{(PVT}}q>Bg-v^JaBkSDq|rKNRX zo$>96q!r=wqLjKabxRh9#s2cIb12QtCc!m{kXZs~E-=p)pHL~&?c$*YEs2())TD`c z_qR5_Y&w6ywu^`S z@Xxj?Oji>$Qugn*!?H$ zD{gty(*1P9A;m01O~8(;#UbL?h9O65E$qAIeG_Fz9E{d1SP-w1H<3Y_&Cu3%V5ehe zbo1KO7QR^W2s+hW(y1+&%+MHJ24|o)5i_LZw+yUD<|Lg2yVEGHd>VF)5sxkrss*-<%bcw$T>3=Jx{el;=v$6d(BJzg- z@b60c|7XVu1Jjq3{$Jzi~gDM{X}#ELMz+;1DY_V}3H@p?QWit|Xu zizCZzZn&5!gK5(9T1wVI*5S(IbL`5kH#Z0_pB)>P&U>L1<+tD!DM{>n`4p4 zR2qk)?%gi6g3Sx;PUW#muV)RpREiw0ktmtCb3yoR;mlMg_2kr47N4Q0f`URhJr$j5 zTzaG3X#H{Cou~bsra~5ZlY9bVhjc9!-wVw5By#s-yBeXYo4E3GKTidlJ4%T#au+la zg=o4>6tWTBxHf7!y=DioF!CQiG~G=WBQ%ijneRziVl`zdat(@sEf^c3Bnx(n&F2v< zC>kO(WqIT}Bs)Ya@-}k@759qC34vKMEOyF|)^Q#nllu}Kx-h)W`ooD@U72eT$rLw`hlFUiAZx=cffT zZxPuuX(P}-@$Hy4JZ|^#wICs1#KLKdJU_o|s8rY-ATJ%El@ z;Ux9^LCT%gzCNYGogdu&6Gu-K-(H^a(vwAv>?`GTp=3;)-eT=B6K*R{pSGiC zRJcg})ueT^ke;q1#vHVFw%TnUo1Cv|Ay|HA#J&D@w#ebA4OxxgPuznI3+;67_h$_T z>dg?oqhxpmWz=H8^aV$dAELSJn3HMa zd)IqU6x>JIu!h22zsiBPN#H zS%kouTPSs}#O8WGtlE3uk#L8WjLhyS_{&iGUm+vItwFj9VK{Tgw&C1t%W!Wyov7F; zb-<>rw20178j{aJFmI;OnL%V;q;^-H?(^oyp&QSI9UAu0#=JXYuB;we+1$9^tfMe< z1qc2jaYXhB~?^=ws&Zo2EcrH>wOBRU=uov z02=oYI`XzHD#FaZm^}* zr5@|Lj&&J^KaV2kzj0+m2xb~<2m3UWOAGt*ZDad0_OY{qxky^iiri4fJs%XhejP?N zdPURHSQbBYMfE#Sc#eB9o%<}Bxwh^NVUFH@rkIUsG7_ga`p~Vs@PbyEQ;b$;JPU>B zuwXFb+8JevNxgeO@YBRP(ygQf>AniViqmL}6(cI2y{)afgMhe0gV2=`kll1G-plvy zX*9@)z2NR@OkHmFGHdzo6$EZsWp^EpNCUdu(u_QN$nI~1$A`?La>)6U2x^q(LdY4p?7XKqzl+PRR0H)7MvN=byH1=KTcgbPRh77#WaL&QRom zB(Y}q1|QWkHISj}awEO9wh6kJ*v{632J7q6Rae?6ik7W@59}-PC{I% z9@cyU$!RhyWt1r1io4Qe9JdC5 zBK4fJO&_s&+_%A-cXDcINm|y)3Ewvww64sqm+s)K;HZb9cW$1{v48j8farZZ*AZP^ z7+$7FDZ&ML@$s=I+Lo}Y{RAmpKp`0nJtfyLQ%;^HR{jB$qi`nZPH$2Nk@*?WEMLITlvj>Rivh=WQM^xSl$-1H$n&?Z#gd@$y$6lx|&+ z=$G(Jt$Mu)nLTV#<1+fRYiLYuqiwUWBI@)C>TN{k%tss8&OfuaxJ;|`&e+WMM)%P` z1MC^=_VH!#B&C&plnQxBD5d2#GRqhb1LNo@mlfNt$~;w1q}MX&6wfkp?ADU#Q+5;O zCw)R)opWr?dL$T-pcjq-ub$TmGoTM6Q-7?8c-{gq?fXPj{|E^Xhd*!QbHBW$ z&7@V&n~_~1Z?O;@^VJ?#<=9YJdx~bIb z&>lk0ry-^*Lxnpy(46ST?XQ5UzDNcG+A8}B?XJ*oAXEtw}Eqb zZU}4bZEx?@mZ+ONu(YuGzW#Xo47a{;dOktRcXr|%)(WKKl24hgb1}`2CwnEGmK0_< z56QO7ZIZq=%C711dCxqpLTf0S)mUsqMHRImAr%PPz^_z1>7R$^BG`M6S!jDbcE&}LO<7M?PbvAWp^y4drJd&m8rVdk?#>+Q&%3cC}@H>+`x)`e^O;$CE}pq1L6 zo4LPw;PorpIfV5V#3c@6bI7$JBvG!wKJU;WT4;EQ^U51VzYOl~J6=&y-pHx_01pmT zx$0Rw8q6sXar7e(952l&Gu-4o%ja%#p*u?x`E?}u=$pvQ)}UTSDA`0WM0nG4*qY6K zZb%lYaj>+hpYgAA8ul?;3 z{k+75T$$p$!O><9%(S!-%ryn|qGRe~@^ccXv*SK9g@*KThP)>2Db&tJ8j4u(6m1nV zkG{IGasnSyXwuBkC~7mv!8ZBMmd4QFz{=Q<8MQ(B{NO3;2=s$GF=6>H?3wF#VXptW zvM~Q8ef>XfEE0m^Vxq!d8;g=O1N}bla;uoV>`EQhBH9B=VjW0^E z^Vb^l$HDr?y!!7jwExDr`k%?f?0?zo{`U*amnrA38TAG=h%YknS4RENT}5~eQ|cFM zk8Fih!?vnRg~5iMo*f1VLjF&DaENq%{Iib74hY}ska7fMh;+f3p4N!H;=S3xo2G?U zCyO)bp^8=2u5|BI#}7K-2FF8bxuc9vJ`QZaBkxDA%_E(xqj-594|&AU0=41Y#PC62 zkFHLVPErK0M|iztK-gD^7PgUYIY@7wGq5i04@L_Qh{AiZGf;WOP+|c~XbEv?xv&+~ z3J7dm7DBu6{ShQFkSG|~ENpfv-ArU8lold8`vOu;9J~?&pMH=^>5wo5%UPgcx$s3Z z#3Epj!e75Skub8~WCdp%F^EJ#ehr%C0jU+oFGx_F()cRveVenMvk2H8H*CE{@2ve{>k1r{) zoa?Tbh*%k1JA`pUdeV@^<^G}M97B6fa`q!qV|e`nXZ6(r&vMJI%h!A0-S1`L8S5?c z-T2)RterP!zwm_c>}t^;s=_f8s+1V!vPH3Gxr2XF_13KoABh^ZkJfYXcl0-Fqr1uH z?t@znZCWK7Pkn2D%BPUBz3A6>)-K&&dRa@C-_9<*N=p~h42^$41G@9!5>)%)s*6~W z6H~YWr4O8?nyl$78Hs){n_Fl$W?-8}Ahxoz38xvL4o&&3H<7DJ*m`MQw9gmZG(Ru^P z!J!ALqDyr{s)8geCgP!yW>si(H3I6}{T;R@PN*S%ciNT;cU^gYR)ZwWV$ zWLks1s1X@iY!ScNfv88yX*V+l2l**e_5k~r%$T7ivbf(&R!eRIOT`kmydk&f*-X77 z-V@n@Tt?So7rgoHu)#oX^RJR8mRa3o=`SmK`)-zQ1DJ~&eHR+V7JMy?%^2RBJ*||d z&+*rl?lXM$k7Q$7mqMEMaZKe7n%tkm_wt^;^5O@JnSdih*kqQpW71=@N9gyI?I>I~ z_)g39Sm*fUr@R4Pl8TjP&Zxx%u&7X46*^*-0yV~R5rC1sTP7g(sTcx~vO^Yg1x z{q9JX1Rb-Iygt6DbX(49faW90WrCIq2Ldb!3;89^bS_#Aw2x+h@$Te5xHg~;VB;r@ zzH=lgIdEGZHZOz&L4$6);p6qF!+X1nEGX(qf=^VY2+jQ^Y)YmBwOvGTT7KxcH3;^fglyN)kZk9Sbw(<$89>^b*kjZBidn3WnQF zmt>z4Kl?5X=++8YGb>u)F`!M6dAF;CLL@)2AYX6>me~gVG}>Rq^@jTkf->&)^3kEf zPTuEtB!`!`+D=J)PNOe6OJ{L%l_mOek^#lSDuKBXUvMd}Of8q!cU^v8c7q=Gnv>1* z=Alf{CgY=B1tn$7v;wU{;{~iT9CuvagrqnK#1v&CWa8n^^GSY^oorUX4IfIf5;J)= z93Lo7^*bY9;yv?j0MQT<3cE-x@*bPs_Q*+zKew>WRIFX_kmIW*>QoR%SDvV_7(gf9 zM?$Z3sY1e(Y5DHRm&sqr1r&fO)<&0ADN0G zBD_=EX5PVyGr6pm7?W^Wd*b#nPv|E`r;<||V%e0!u;RtJA_~k>L&<(Dpw2$K9l-UIf zN*3AVo%n(R_qH)j2O#9GTkMk=pTY;G+9}PQT3hC}C0ED}a;`0Nq+5{SQ*g@UTqGyp z%BQQz=X{?RlV7qKOdWN<<5kST6;2#Ie|e*xrZDIwkTH)c zt8U~cA?FO_WbbYG9pXcV34m zDkk5p8SgaM-yT_4#GCnvXFeEu(-k>tG4GyS=S0ChXf#;n85D#CC1)lxMA7T^sqFA~ z_quyM@>Et_gq{v+0VEE`kKfw*o>-65yiUI4Pw`g;#Ry)MVoK(BSj^Y7r}mDEKi<+H zKlwlP?)t224pI?4MfCWR*?GbvM>g^#QT@m=4 zD9JrYk*(KMiZqSSt{VVYm6Ij*dGzwU*1i7Z4WY}<8~Rk#6kNtgM~tHjJATD#qnSx# zgtlKQZ&%|frrOR6nu1eOC{qzhV_g)^TG<%OF>jU`(8tF_5Da8@BMA~BVTU!c*T9eCWrC0l! z4F&!Fttd{}xGoZs5Wi?Oo~JI+c_1c=y*G=*gn7e^$_T8wg$T`*d2_XB9eWBLcpw-XiuP* zWeuW@!o}KJkEu2V+Hw%h%}llcM)Y%sVA1ZDZ}!4hlVv{BmM1RE1}n%bP+`J(=+o{0UdYHKah}*_VqX9_ys&zJ*PkyCZCE6d zhYIr$1mg~ZQ@@H+nY+4lUYh4OgJD3{Mp0M6F-ViB7qn{oSMly{6++f(&QNg~Ln<<6t~)bt?(}L_B-LH_Wx(75bkCd&&B2$N^NB zZkJQ=cPG`R=ZS&qGQStFE$}G0JI(@#uI}6if4X zb{Ce4FX7bYgZ`C7DsgSczm&00y+v$jh~cfqZFr6o90iABuma`89(wHA>ulSL7`w5D zjH5wGC!1t!<6Er#*FN(;Z|?3gj(B7Go5Q@{ZV+}{rjhDTqLift>q7M%2Ir^Cp~DAy z)7?;6YZQ!{CUZM3uAdxUdz8ecbo{y)#5o`K&A445z1;+q>sp#SI}f)%?rwpRS}fEP zB9lKnufKZhSSmBvxSSzzL*A9yQEi7OSWJcfUv2Llm-83?kK2(54N|xX4Rv?#(UhhZ zEtJu`TiQcKWj7Q`$jD48l!i(rB+--x4H^r#@xy%!Tg-XL;l_mw;VdOfBp2Zy<)1q?WUV~hzip8X3j~y zB=T_iu;@ai{C4Z>{h?`TBIf7v&l9UUMLjzn?ZbB~8?E9k33~A0WA%v6ntm0(ZfvYI zT1FAi_lU6jN&3B0?a#7GpEVX5MkfFITE5ty_E^l(VAuIr1r=$%_+6qE8mW$}H3aP2 z%;ugu_jX$1pvTFe_lv}DuTCg3H8OlZKR{EtLG7m4<;qgSy}uMi2dU0$ZKXHQbgBAe z=dNi}imt&~RzLWa-8iaV?-mkm`_f`ZK+UH$xdHaO8kX%2`>gO~+x)m8Yq#&#o7_Y` z2Hd&2od4x2iM>NxJkGRdJeT}%Rxtip#|IvtpE=TBE_HP?i>_@0vb$#l0dc}aHU zoX~RqyVVWU^u_ZYi`>8CGvc?t?!rBc?HA$2v$tp+OwalKbkz8OSydhjUjptixDf>a(|H$Dr|%MSx@ zms)fQs+CrqXbX@yPL3J$9QuC!Zu+LmFw>y?OGkr(1cx3)E?VBsy4I)u*H4@qYHcvy zssU?#{f(5#OMMKAiY1{)6#S%R{^aAQ$QR8gmih49#4?{#UJe$|eT}cpu(L>S!Q>;Q zlbiJ47v=;Ue$rtX8(T{&YfD>OTd!|JL-(ennFML$MzZaRm ztaL@vhL*S)k3t6a^Dnftw6iT==j!=FE>WgbuTs+RrS@wR%)NVrIztQ&lWO8#t}k1v zXHahZRbQq=yFy=Ps;8&mp@C?;v97cb!5OEc!+U3NsI07PXpvX=P=9!J55Y&U6t9aD zJY*DZ9A0WuVUC{_rts9g(F@ACw;FQlZOm)>MPP5_6|R|oFei{sOZv8p?+oO z#-^izvQ1(=ubPB1@wxVQ&8l`bHNSdgDDmY_-r=EPA}l9&C*1jR$uoYtr*fM7e%;?@ zZ%#Khbl1z88Mf@KYObT$G`BTh_U}(<*yStNbFQ`m>tQ$i;Ji9R9T`KJA}{7ZpN z#<>!M2Hoe~M}OkNzSPzC2YJQ+B7OSoTAI}T?MqwYUGb_V^B<uZ*{QpG^Tk=PHeA_-MHxB z@9sczg{}6#8}0N^)mX3!*>m@n^Zt9oBICGV{t7G=DfnL}py9Bj$pNc))47`khecWj zTK5qBq`P!pc@HN(&7Q4eLo{4C^Y|g&Ro9n)nzML*RGr5ILBlGw-iOm?9zL*240Y`4 zj(6>uZF7%r>7fi6-j2I;;v{_k>skFdw~CgHd6t9{J^3CzdwbtM3O|4UX&L?*c=F02 z&rU5VLEgQt+UsxJ-Soxt9>Hj3e#@pG@r$%;vsdJsxAVH{xO+JUKKcWn%Gp2rCf}1Y zho#~-M8!U|arM;6!YaS8td2M?lF)ZaIj~W^LU6^E&I{DAy*2?6=#2u`;ZpZ7`RHG1 zsu?oWwY%I(Uq}3|x5UMlpHrmb@ip6H&V9V(9C4B8dVMXv+4kj;&YHnze1Uh?N>WR1 znBCE>-QBF-@%tl@OvSEgxGtU_rAC~kz7Ef_HS3d2-2AWZw;5*(l z3+G3(K1`t<>sN?zh}oBN@Yb-Yf~jw(Vs1pQrC>x@j-*hcMb6>S%6)BOy@{vpW+wJq zDttKlG)h<1{6}h!wbk5vPiB@`b#2Txv|jMp(d6xyhXLi6u@@yWRdyR`?$3YVQ+^~g zwb>Y*^vK=qu5V?PTQ@k?(B3 z7Gg&h2K{QK&TlJOzNmbmaOB>Xa}uOa&M|%DlHsc+de7w+w*LJ}u`T$Z^^#BeaZ47h zyq=(DH29R#WKoLQ^L{h`x8*lmuTT@y8>FRUpKn@RH^pn{t#zA$;`FUDZ|@w^R|lz9H<-B9A?pZAW8IPQBiLw7n!s z?cPV#A44iWmmif}snV<-5U4(-_D)CkNt<{XR}V25%)Mx70@bkBr3GMC^r2O zx3uDvaC56&^^$Gf($y;!u9{jZtjVbs{=L2rw|B3t`r|u?4%_<&^hc{)bgal9-2c^i zi_+TzDGHva<@Pkj7hJ!-OFsVevDM_1`_@}age=t?9X6&fEtp+(RD?v;GS9tr%`)$m zQ^R?Q1;K&~g}ZiE9=kOpY;jxY6fMIi&~B?k?9ayJ@@?}!U>+>e3D@aKkMXk8x*n=~ zqIGr1K7nsnj;g)9yI3!n&`QdldVRFy%4X9T)txTrcHVH8{$}%80-v-7f;K%nx^U=4 z((Vfx^NFN}Hz#aOg$4UV!Y?}09=~;ZT_N1&xFvS$dY%4a9`UuUt=%eLouBPo03RE~ zidMy3)ZTP1c6UUCWAA$21d~{qwpZ25bLR0-g=9TNXSFU^^YH9i_lAoyB9YG@40&C_ z6kW3&728l|8KQDNw0Y#+LR%eaQel?!?KR{po96AhBs7O_;gsjzm!^va@9?6js^+|m z$y7HqlE>V8o?lneyDO1e9n$kwdg}FQ%$xhi}_#kMt$nV=pPosae zxe0jOdHnI$e1lrza@()zbEU3(L9Dy-Y}2i&Ji8R8+IMX~8ca&NxA4Vb{I#_kKjs>w z1Wm6gp4~=Q&j{P@n2Nk<9%42>fY9JSK+1i z+x*UrC~1%7((kNV1NpyQOuo-kct6QKGeaOnIbinO>v2{ECI=I+DLh+Yg?{Zn3MY+q&h|D_7?erB%X9UVm+%$^R6iF2DQr{K2kU zb;J^Ur_dQ^%-zZ*Q>l4dr~;mIr{PfN!n*skWM?(!xc3x)E1P?wuWY{D!8wti`(QJ8r-Y2ak*+oRfdL1td<<# zhFwyoSEFif@!|%AU7FKgb@N|rKP4KsX#1vY-{l&wEK)+ho>tvkyW+!ZF^bev-_Eeu z+_m-q3gWZNsHltIUti?@G4bRq=S$=5ZZ`HqVX!bob?a1HUO1fl((D!gQL| z*B?C)v-8#VVI5tSLWg~wyM)4|uN6&A+MP0uk$Z)~qpQ%+lM>>6%lpK@ZC^6zEb^ju5FNt>1Sat?CiPT|-G;h68@ zrl(_qYv|xfqm4O;a=vo@j7}o+mn^COpT1;CAYvzf%JR~-IVOU2S;<+~ZmX*oo!$`f z3UzG2`OpvRi0hO^9_kutste55o-aD+|EafT9xfbrxcFtLGVzvN+ihLZLURoo zU3Yrj)|q$a?+~!120dw)GET^^z!aXNMNEJHjL-foUi_R;xsKiHjALdM5q7UJHcNc% zWbrW~&nfu#=ZDG_?WW9T$vNYXWyyg`p10Y(wEUMp zY9D`?UeeiizlaCKX^R=}t3j5?3TOhGGY50iRl0@TZo6xKQFiMxM&Nn=oRE=76 zf63AA1HA%?!P58VfB4KVyNu6y^~eV8U3=$$@)k*^6wlJ7EiPU?(8p_bDP`HxYx9E+ zm!>4W-{xuYwnSX(LV1bn`7>2weAkceI%IVEss!Y-sye^l->{>sE#eLT{!zytrqyJv6NR_uHy@0CYm>0u_QLut(Utx( z&o#O;s?EAS{-i`Vd*UtxJbxeZslfWnh9`b#(-*7nyw!2mbzIO=tLs#?XrRhSdW+TU zlWJ>~S4M}`5O{E*d_juKCE{v+OE}0bSZ4MjTJ=Ewm)Ilx;iBy{t&@vIT5TNaw=6Mg zltjx%vc#Pzl^JKkT1x58|{pkBTTSWY2 zx&>O@KdorFCeACc{M1U<-Eq@NWtFM6FRr}mDj(hFxZ~;C(XUCbe`_7ctNp0yTs*rY zQ&;d68qE3dhYEi^td`AoV@kD#n6RMwT+J@Hqq4Irme!6{ax$oX(+j{4z*8ZNjs4Y@8PjfeT%zLDfWtY3Z>_@JK zpjyE@7hD8IF_6b)>Gt$ZSE2+e>(Wc7migcHZL-dumThY$I$!nqU4yJZuYix5rAPFe zYJ*09iFg_f7HIFfa@062J5@p1pXaH2^N(d`&ir_CQ+W9B@-NamAM7zs*QMG1cohA6 z?as8Nu4)=}7iuJvVc_6a;fvs0G>A27qE24a{yR^v*SyW(--T5>3Wi;d(UuiGB+xlXiQQBR~ zMY-TRJEfeo->$il)D~@Qy7FhX?T@L8)t^lfA@KdwdVRC>w$YH3h&!RrVTqr|7yUzt znYzQ-A+x2{EbW=!dVRgnN(q^~Wv7N|otFE<+^>$@|D&~eMwY$DdgaE;ysxwtm*jVy zIe*(Lrd_t|u<_gYkj=-c%fDO6tBPK9X|t5N5o4^kxT>aTsr#O=cCt>v!wRE80j;l; zx9fx7>&TtAJN-P-P};T2#i*>YCG7s5_w_lV8*axa!o-ZtA$ zv%Uy7Y9D|1tRNsnRrpTUbQSq-)HW?EWADgSo^!+H`MO(D&QXfDbd4UEB|m!LGx}Ul zAEkNKa|_?2TPk7?m1X`~<5Ryf=vl}NC6>fLu%!ondLXWFIA0PH!;b0f}JxS}(;$`9mce^~Q?qpm# zCsjYI$=KoMdntnVz!UEft)%!>ZjqrIuM1ttloS6s&3)GEP06#|>SsA^tMcK=x+Oz2 zn|`5o2DMY)bI!@3kM{G@XAcF)OD#F8=1_NUuFQ+BdoLPNbY;O=j7%<*dY9}vqn&0Q`s-%gwvoEpyx`41g!2o>(D-#X))a?CnMe;hCrfU)}%4DzP6TbLSD{=A5?^9c+swxe51aus@b1tGCms%00 zSBma@yz1iobQOu}!Ky62YJA4AM42Tq-p!~ z-wIEzPjZ8I{kn`bG(_mt+$+(CA1seS)h_?FE%`%?ic-dm5F>i@|+FDrwVX|||N z|LFY7@blCS&v!bdsy$a(rPf4p=Kp&3OJ6JhC3)joy}Ls^IQJ-tJF{C>@ekHVE|@ac zvMi~I=DjjuD+c4a*6hrhyzU$K(KBA0IF_5Nnzc)5=Ih78sPwJAQkTgd=bT@L$MBuP z88@7I8Wdoss`*VrpyKrBd;8a7U* z>MEkEue(#M%W3-qWdYiUDWR3Mj=TG>Mb(7F%$gajB}En+_|g7Ci+tkD>@C-i9Wy?e zB(r{Q(x;R8-+%dO*C$myjfbx#Wy{9S7E9w1^L?Nne%Ql(%SCz9xT-{==Naiei;sBh z8d8wf6&=3(K&`&~)l-_XPte&1LpADRVbQyz%C7IA)*P-Wj&Ad+Sw*BoN|dx+Q!h=I z{JcZwSSd|J-HC9`5&PLepU-_EuUSs-MRdoHtb`{E@63t%I@rp0T)33dcjs(T=?j%_ zPwm$V9&%Y}`?0sAaH)-)X!0CuvopQa+L}JGTe)GYvwW9?o;rR=T|45(;tLP%nFKiX ze_lRsz*an*Y?}A7iQg+$r#rMT+V|zR?h@e)`Od z^A6v{^7Z_B^V4cm;zaWn*Ew{zycEh7j?1szc0%Rrr%f}wS6i))!TRKz zPpNAA1_iVwa?0g`<1-(w*tcWT@2HPQH`RP0?WBGy$}A;0wO^6ErNl2+=^Nj#C>``e zJ_hqax=7}NUIexF!Z)JzZr`?oXm8ceRUQ5Tn}Yw0ylckWK5G)kw_kdndtUBmURmo! zYlV{nR?iM;w5qQy4HMg*bT>QdxDVw+Uxj=`a!hS=!PgVz3Pxf_!oM3|>#)4i`SSAb zAK_OZH1E9qX5kS12^zA#ORdV~^uXbkTWVmE7-^{yy6twi>3*xLJMHTHuD0 zkeSDE6KY20&;DLklw=2iyLl#_8$GyBKP)Kjh4vQ)a9aluXhePsQ)aO?iZ4gJJT`?itx4IC@cqh6|7O$3mOp}T3%eiJ)NAb#{M=T$VfX2Kht0J^e8c-A z{w&iMaewqdMOso%=VVjL#uKlKjq7G=9(}w>`(fw3V#?LkHF77_NNi`?T*yEU43y>|VdbS0CGX{r#!?)~%~_dmym;v*g;q z=BmE9F7Z`KH)cpC%|LI`zpS#NEXT>SX|oR@ z^TOtBa~3u|jIy|MWMKfj$7va-OHtX&tT zlM<{O8r)Rtwa)uWO_J>9DHTong9f3&em%W|_Xho<`$m`BFDPHBacc;%UcB z9^5hSHI1tp&zyhqLdMB_B|*en#fG|lrhMXN(*#H2f)bzkmSKnAds?f;)_koPI7IoK zxzP%z>#+RuQTXs4+C?b&DB3!#N4Dt>?+@~$FU_4XI~9KSpLyRenO0jL60EpiywJY4 zqBwu*j%%vIiF<-q{|Ft}^<|XV~VHM+7!gx%raD3*s(DD z)t~NYflF}>ZpWf>B8^MU^3M&G<{i>+dSvuoY47NYpRp_LPKXN6=oZ}5ygk)zPQ*;# zI!XTCM?wCmoWPGy-lZ3t{ZZu`4VQ9`k$)GCud7P0tsT6^U(}m)|JWw+!Yks%z?(KWgd!-mG%qgu3Q4sf`u|9w*vn`S-~m=$rY%ejT1T>ghS) zQ&%*HFmtHD|KytQ_0mPUl#~1Q%q7xqni~b)4=;?r|Jyu9am0Dv;J4R2%R5i;e4Z!x z%DXUa(VSjQFDYegdO+sVX-BBKp|yig?DMW~+cVo7f3o+3d|Bv@0#a8{NVK>2ASQ;7 zrthmd_d#fu?5q;%Jq>bzn)GMPftwUllk_(!M{cy6rG_^?Q#Z3|8n);uQ|t8IYTjx; zU$*<Sb|v?T!8<=>&Wo40FkN>#{z#mJIbH|8v)LWkVYWLqU&wQj`gMUtoePhp zHLWxt%Zm68&gOLp{Dgj3^%nJg*1l`EOR#glqFoL>E+`b}o+FScncuADTHLU8E^&vk zduH}l_td(l3AfW$ycqfRGa&&2aRRrG@R(i+n$_Y-z9hGRioN)b!k7Cy0S&7*G`7^>oKcqrhm-4Hc6?US!pcvpXv zutH*>Cm7o%W){CzTt;(VUfYc7=A7~!2SXei*4#Wjdc<5)NwIUzRvU*|i`4x3*BtEK z85B0%{lVx~LS+J(W?&hb^y(t2x1%fiR-*sb$Isn!lCnn1JsK^#5B{PYUuq<9t&AVp0{ZQ63=X2kZ1-=!`>ETaPG1q^zDcJR!Ht*)*Z0p4;M8#-8pf8MwdvOwbrK06XIwek<9nyfq09KSbr-+#U7cC)&4nO0y=_Pez*Mj z9XRbtUC4sjGp?IeVX@H?{(nxi1<$$vPWf%#lZyJ{hMfK1SMFcgKb*XxdEb7N$xz7C zDceTpuN0h3D9OnnT#PV}-*GKE!i>BHM_t|ie$J`ZjnNxczjHdjCC4DwaFOgQDO;zc z6Z|Hp)?Dz>IsZaZ1i$lIjSKH3is9Wlo{g_IsxD0qcve4WQNB?^q|DhhCHJJ#hfXzI zI4)l@Ey;Xsr{d1d9X4k*^QFurYILp>yJ(HaXQ=YMO>DTKU%jy|MR%uM^t#h?q=yDY ztW;;DMUKR7Qzy|a2%Si{pD*2@=a1Zb)Y%nkLObJp+VY}Bm24GSKs zudP}&dtrURhJex|;z!mz33=!hurughi>{HuWg(3)nOYO+levxSZf?bOe0ole6g6+c z_C8Kn9@@vZsO7+B*C|b*rFB^R#%STB+RWn8<%P)}ZmUKj@4deMW0ou~&11pFV<(j! zJ^XXAW=q9}SzUGE@~?Y_Qhr|T$R+d_rHj{y^c~NU+~SDY{HxjD_5M5I*rD~uwTeqr zHPrrGePn6TElQX*{JibCz+;|(B$gS$tqqfen$_wq5YWp}%)dlaSl${+?fATi@Klt$J?+vi1;r(|<}_e7t>ss@81t z6F01un(ZpQq7t@v&Za#5Eh|H+FP@t7J+WpHF)=njWT2!k=7UR}+cL+NwRuZ5Va@KK(JTqbj`t~pED)(FJxv? zLS~-%^toEW@9BjohntPAjmEt)E?F3dydvv$>E?T`8L9v7J1u=kXvOoW?-a}LBiAzI zH1lnrN>wCgw);&#Q!?CRv#|Qw=^;&jCz(=JlflND(^K*)FrK<~j@?sSzwYa~O9)b* zRkPq#!^>>FjN`R&rvvqiw-ko%tX6yQCU^)Vy3SyGnDucTp`$TBv%-Sjy{r?c`grih zo|V~CXWa7=FU8Y@K6#yg;9YpjU0wf@&xe9J5}}soeora2lRYLquw1<-ZR_jI-?NI^ zQjhwLgw+3e9<^Y$b4`X$)|=#MF+B78Y_bGLRo}RrwKmyETq8dH@QSEDDz&fMDQfB( zvj6YG+6_^&EuN$Z23jfWEW7S~RXTVs3O1|foiXlEzpJpWaK52$A=+1a&@@~9kK)F% zsPCv6%`LTGf9t5*ku1)r*HSV*L;PC`UFy!Jo4KAw#6^r{N=m+7xKJ| z0>ssItrIFjxA|rME;*yS^`Vb!Sf`QG$jl|J!m)jimp@GDOg)md^_m^3L#1%K$CbV~ zk14&w)`BlFBO||;-aYXwHb4!1@qx2r)~ut~QloF?o&GS*#YJKNM_&1(=9%&051OAn zo4X+BTlvgwfh$vcV++EIrgsSM6kR>KZ|%92hjvLT1^wu*ic1LE@AqnP`1`h?=LTC| z7R~(WgH~5^&U?M<%FdY2wmk~N&JDDNtR#6~p6k-LeP5f3Es9Cv z)GFuC7fMGwr>}daep5=pOi57cPGfb%*KGtInvwA?*#lECt)^X9E*zJL>7iBY-Z)Vb zdTh1VX8BSn9W{T+!V8YF_pYtF7hjx9{^9SZQUy4GAh^lMc|0;a-yRqlWUpWG z<@vsobM8lZtL85kS$O89)ahk`MQvN66ytTf_Fd}GR`nGA82U8jo7!`J)9uD_OPqy8 zaz*=_wug^)oRZTZ&9F_~>+)moyy(|A8kU`u>`R_;gCwzLAJ2`V7ex&-WZ$k{IZU;` zUZ%6hMa$GA(<(tq;SuIddFva$oqJ%90mrA>`3CRX{$!_&sB;Ax-EOtRFf$|f*#7NL z+74qXzw~&AUptF#`luhW=fi2*nbtg%s581E+g7~Pw)myUNOq2l*wX>bpNjIHdbO=* z3=Pelr84&zy%QzZ4yYW8ljS!@rE3%)Z;kK{GSm{fqOM;MbieY<%dQlOkd?m{O%pir zxUf&bZ^7m8j`b>vGgc3OiB0x$+PuX{xwO<;XimD`n*IA1y+3eZ*s41`MumEkCYxy2 z@&5Lpbm!5Fz7LhXM(V3Hu3bwDuk(&rGPwA$^e4F^7n8j+a!IN;O_NBq5~SX{jt-VT zXlFe#bl%nA7K!Sr_cmWv)^oFnd-f>iO-sxBmKfCNJoF8Dc8PWWb-z_#O+(cP`Amti z8N(HB7!(=4@{1#nC)G`S;us1i`-b%Yj^)&GOc6yKNY;JU@vT)CM^_&&M&AwbaT$EK zNlx$o!gnK4*{6xlJ3-)KOcV7g8UApmNwK_1QD*KVU*5ozi+(MC@kdGhz`^rT*t_>j zsE@9uOX8K{)K$gJj0;{?SMSg&D1Q9dr~pgOl*Ci9n+nKjtHp`rv>C-EhO=L6dZ8zq zWb!h#L{dsBwYpADPOeV3T=sRDoKAL4t)XP4Ov&ciIzhtd z(C62a@8}RdefEa1)X2w#8^Ry37z}1wA8yuKO-kiLC(Yi` z%iGgmioQ1Rma}qqr@7iX`k^=Q%5Aptq`7*d5E>f6|2%1XP_WoQ{-dmnRE^{{PShvo zZe>qHV^Q1bkD%nXnVF-oI3k)#C6I9_GJ%YyP;o>u1?B4F?7S1IbF+~(_O|l$WXa z>FVQRP4fg8mm2XD9GXg?5{cuz!~o>nKs*@>KoUZye+^^+vM6(0Gk6jPfOtHWEsnrZ zH+TXSkrY0u!J<$uQeyCED)cmQTrc#lhFU;V|BZwb{RVB~gkl;UjNJy}alnzVL^Od! zf>w<+YLXJ^MBxO)01yiUbG%&)K+ZK1sRRIGNx1Rx!T{vlL?Q(l&SbdBl(oBYXwC{H zlHspd0-iJuoKPqi6qby}5OEYDX;O8QMgnI!p(ZqmfG3dHX$Fss1P&@C;K*n&BxDSG zAZL{lup~5=K!I!S{%MBh;X}9QFk}hL6%vRKwQKUOv{7`jNSn zSQrogCJr1Pi^fne1h`Yp~JE5J$$t(|8n-L_(9v1R`~O8X21wpa(eBgvB5jJh+1YY8ulb zothj_1W-Q}+BdNwo-{OFI0h7sLPZm) zL@Jhy!o#FRAYurZ@c}T70^yiYWH1ImdOQk@7n(%G;+ZC4GJ>ExIb;3-XJU-08+glv z8ShyV6$3iJ;0WWgjcJZPGC9JCKw2yTM;W)vbk$LyA}j-I$17rWUcj!787u-C0>m7l zBs>@%Dh#o4;!ZNjf5qfbDGA0Fi3((5k3_W335ml15<{LC&T<)h6p@q9%F=Z;Sw@Qfxvh?2Mu!}6I6!?j3aW;Fc&s~i;W13nONj8 z2n;vMb8agRVG{*2;nFZdxv&X_8bArKGGI#y92YhbFbJElpeOcFE^NZXYy|g8ArTgK zM1+Mh$F}0h2%Er@9yj%jZRNryn7a^xiEt4X+giD>2~R}W1d|2_C>J*22?(2@cR6U7 z3!8v}h`=~bYU08su!M-fI1GEUkLSWBJQiUS0W;x;FlZRhg-v)2!X^xrgPQPM*o1?b zAB-u5%3i}jGLDqMkr6g=oK|5NbB2PahRmxR<~W#cIYWsEn@F%gW6LJ!Zq87|mx439 zu&DS)#D5+b0nOY@98iEvp}+zVg#+siaRcJSOip)l=p>+DR{cMFU=z+1y(bt@6Rr`{ z;&=i?7mhuM2zG=*pyH|HET4eU_0JxL$5YS*Jedfj`lktco9I&~82$g|^a4F6d2UFT zae$J@^r1+^vf~&LSrlc1fSY$Kw3iyzmkw|<6yiB&M5g0L*Y_-INNCXI$fxs9FJ68q~h_jj?pbCG- zPXrYh6ioNpI1qvW0T3(|1Az>-@!XlbvG#mW&IR zV111UOai{KQ!w3Y^ zypuw>j8HCQg4i}9FrIBt1KP@kOgJ(^Cfr2$m$6bVT*8qME>W-)4qd~AOE@CJB_d`b zj?Yjl?CEi|E;s_hC8T%QGMK={FyZhBm&mY_#vaOrOORv;P>xe8=$*5`7=%n%()frQ zcc+=>H}J#I5QrzkY>S1d9HJ=XiK+ar>xr}uhRY<^lXFB9R65D?MA*ZKoa9qOTobyH ztx*6@azTP$g$MSK#~U}PA4zo2lT)4GSK%QN!Pe4)8aUSpYZE}?*iVNfy64HEP7=6Q zAT68DC(+$bPB7>TJOq8&hD~6t#6?u_s$gS=4Br}JwYCuN=Yj;M3ak)BM%f~fQOQYK z@Tovr65E&wbU7C!_*5V*Y_+qklkRzPsuX-G5SOic4FuxCAQHG#ATA!pEjty_9ZwFG zBD;?uFK%KJmw|kA$CDEjTq=;4Bjb^g$q5QB6$p%B8!>^lA_krl6nrWWn0-UJ(1-{Q z6&?$AivyGkkBHzkyEZ3z1;M6rdRPt4e@!VG?Y70u=Vi+0CC|77+8!Nk`yN zfxzr1L4b0h5{ytpU;^842|y9^&Y@NUcvK+pq&+(ZD$)H;PEhcuKw$Q>Ak@l*N(Atz zKwu0fHF2R5ToHi?jNxF-=#D2Rfx)8!`^kQR2?BFr69GIbFre%gm;mL%CfKNhT8U(~ z8v_94!X^T^R3I=kmhH%)JDwcc3K1VfVD>Q;Vo z0Kt&761W6~KpbD?O$3^lQLu_1+t$V-+u9Rz=-;WHPS^h$Wg6SPq*uZo1Pd}W#1(K8 z`+I-uL8e+T-2cg?_*acIeST&HjW-6um1rV`0NGk&iui zL0A%!CkD~$iI4{!BM6bDX$V;s>XsAWu-lPodG6WjO|*oD#{%bZ3_X z5YkN$VcG7Y0u2xkg%c8d1rQd#oyoSDbZ3_n6nq7c7CSMp7}`m9b~!=8bb!2=2~)=i z(5Fv=!3z5P@Oo&K62{cR4{J`T_!jzs63% zbZ?gv5~434FN8zbL%G-^a8D3K?9|L4B^M$QU$&g@6U8lfArLhy)>XL|zUJpt&+i}OsMwnM2}1? zkfT3oqURi+^0u;erlB{`=iJE{h$cZY9|=;PNHCnq5L};dS;sI4yO}YtNe5z~kWR;A z2#_>2rp7T4Vj~$qFoYnP6tNaKDh`ra;jjO+psf7w6a=g%p*8>Rd8Xfus892@vbFNI z;*~S@vG(?Nr^#*8*OSwux!QX>ps+;T#Qn~SDt_)(HoIxwC~G*2;i@F@CGU|0%F$Ly zVk=P}qwlUpb8yt&>q#@-YhYrtcef4IRzgLYS5d_Z&R@`E{jA(&?HrxqT!a^j=4GR_ zO3g@5a~1M{pS+)oy9Iv!|P_j}6UJ*>;bkyBBI5N^7$oO3T5`%loecC|Ir$6y+Em z<)tHaY5t%eTQ6lvslR_8FW^;_L$o!i5&!fzsRV^Q@xN~tbSrxW0vG;iP!XPy*LSmZ zwDVVoQ}@bn?&gD#|fE3A_QQ8vU^Te}PVVauU?d(*)S0 ztY>9H+lKOW1j@tJnKVyNnjH$^Ivf=GTQME|@8SO+6=vnGug_g&E-uJ$K%SF_b4flf zaPDcNx{`#CkE5;pe_@>5|5@+a+Kfx;?&Il9A5yk9ax`ZeB9s?&Fcw6$wUM`T^K`L- z0Re{C`QK?SgrdM{_@g&+^h=pOU{#&H|Ni3ahzvk^XDe5GB?&)STbiAfkF&P~ox2DV zogJ0`_5mFsH}Mwu%?2Tao9Evb8Phz*-pC53{}BO?L*RGYiLv~@c?AQE&3K|0fk6W0 z%Z-~mWnR?((a-qmPx{|sy^Nh zZl1_*W42FHYJ6VwgAvb*LBXPp7ctU*e~^!o!UDw(^|uT%r(nrT{}amfZyA~`Sk)Y#Po`YRTmNI02iTQnSwu7aN2tE$;b4dC!a~X2Fin)wJ zWT}^oVQmK)$v0=hl5xys&>yfb&-5IiU|GnB#o)=v84=`XqJPPFmU`^ zXTpMa4GVO}_dyN@q;D{l0o!2cAwOgF!a)%vm5ZSaLxrFYldiCkddyNUa@L0FeHbzs zNuFbTAC$q;im43ZuFN_By+9a>@i{n63?XvHGAby6sSFFbiLe9C_#Bx`f`e+zWfV9{ z!&pXvY%L}%r14Tvo2+77^D8nKft4vr(P=~XmjL$(CY}YZD!D#{JIzabey%_2MlZzZ!W-KF9 zh%9_YvS69&g)cTkjx!S$k`EyLfZ=^$ASkSM0|o*o0A~GRz*;enL6`&K z1UXYXAhj1c1&;iTjdKhV_h#;M5QT+n1PaVF%vcOd9avb`6Itp2p_$qSho<4257YaQ zBBu6YpbR;-%^))wkEFFTmLbz1b9*7B99fkzVyQ$Hy+FhnVzJE6u^H!Zke`JwRLJaM z#=?FWv#vlESeCH`Wsm^Gh$TZN0JALcK1jT0d=3)XSmqfxng=0N z#^)#)IK9hK28lc@WkiFFzFBKV43%!1kM^W>KWe0(hkVeVwvA4$PsX6EJTJ`bPq)=?Z6RP z#ufzzHM6cLFqg4lAt{CBIY?+=ZU=1fvDgS`FNOJiBsliYtSdNjg9I)o^A8L5fTb_t z96Fgr2Y84DGGbvzj0h2PhW8<5ELbuD&SEh=2Oa~9Z2}LDb!>s_!;GcC1j14;q^hv= z5$q4K$V^~e<3O4y%N#%yy&nZX)B;Fzhs1aK~x%KjckWPA=zEiv~S_~T&68L?Ol z=$@&)aO@Px%VKyR_$qMZi>VBYV_Eyb*-{psf{R2ya*Dig%nl*pUS_`&EDj_9G1UR5 zx0vT6;1Gp*Y(cfKq+!D1Vem8c5m*=4>tT8h0{2J`3WI#$?lN-?u6BTx3gdI&=a5+J zDX@jr=8%y4BpB)dl_DF`%w??WS~$1PEHegHuqNTBrt%IGjenDMuAq4`*}9H+PR@XQsly+jq0fFia1rO+6D|p9h?AF zO;uG@3|5mu(bU8f)iD}sWOah_|NO*Gvqoc+Chz|P{Qnc$ diff --git a/docs/v1.3.0-ReleaseNotes b/docs/v1.3.0-ReleaseNotes index 9ba8a3b..b7ae977 100644 --- a/docs/v1.3.0-ReleaseNotes +++ b/docs/v1.3.0-ReleaseNotes @@ -15,7 +15,7 @@ Important changes * NSS (because of missing ripemd160 it cannot provide full backward compatibility) * kernel userspace API (provided by kernel 2.6.38 and above) (Note that kernel userspace backend is very slow for this type of operation. - But it can be usefull for embedded systems, because you can avoid userspace + But it can be useful for embedded systems, because you can avoid userspace crypto library completely.) Backend is selected during configure time, using --with-crypto_backend option. diff --git a/docs/v1.4.0-ReleaseNotes b/docs/v1.4.0-ReleaseNotes index 6a176d4..bef4e74 100644 --- a/docs/v1.4.0-ReleaseNotes +++ b/docs/v1.4.0-ReleaseNotes @@ -89,7 +89,7 @@ WARNING: This release removes old deprecated API from libcryptsetup (It can be used to simulate trivial hidden disk concepts.) libcryptsetup API changes: - * Added options to suport detached metadata device + * Added options to support detached metadata device crypt_init_by_name_and_header() crypt_set_data_device() * Add crypt_last_error() API call. diff --git a/docs/v1.5.0-ReleaseNotes b/docs/v1.5.0-ReleaseNotes index 16a34cb..9f1e1d1 100644 --- a/docs/v1.5.0-ReleaseNotes +++ b/docs/v1.5.0-ReleaseNotes @@ -46,7 +46,7 @@ Side effect of reencryption is that final device will contain only ciphertext (for all sectors) so even if device was not properly wiped by random data, after reencryption you cannot distinguish which sectors are used. -(Reecryption is done always for the whole device.) +(Reencryption is done always for the whole device.) There are for sure bugs, please TEST IT IN TEST ENVIRONMENT before use for your data. diff --git a/docs/v1.6.8-ReleaseNotes b/docs/v1.6.8-ReleaseNotes new file mode 100644 index 0000000..43b4f2c --- /dev/null +++ b/docs/v1.6.8-ReleaseNotes @@ -0,0 +1,47 @@ +Cryptsetup 1.6.8 Release Notes +============================== + +Changes since version 1.6.7 + +* If the null cipher (no encryption) is used, allow only empty password for LUKS. + (Previously cryptsetup accepted any password in this case.) + + The null cipher can be used only for testing and it is used temporarily during + offline encrypting not yet encrypted device (cryptsetup-reencrypt tool). + + Accepting only empty password prevents situation when someone adds another + LUKS device using the same UUID (UUID of existing LUKS device) with faked + header containing null cipher. + This could force user to use different LUKS device (with no encryption) + without noticing. + (IOW it prevents situation when attacker intentionally forces + user to boot into different system just by LUKS header manipulation.) + + Properly configured systems should have an additional integrity protection + in place here (LUKS here provides only confidentiality) but it is better + to not allow this situation in the first place. + + (For more info see QubesOS Security Bulletin QSB-019-2015.) + +* Properly support stdin "-" handling for luksAddKey for both new and old + keyfile parameters. + +* If encrypted device is file-backed (it uses underlying loop device), + cryptsetup resize will try to resize underlying loop device as well. + (It can be used to grow up file-backed device in one step.) + +* Cryptsetup now allows to use empty password through stdin pipe. + (Intended only for testing in scripts.) + +Cryptsetup API NOTE: + +Direct terminal handling and password calling callback for passphrase +entry will be removed from libcryptsetup in next major (2.x) version +(application should handle it itself). +It means that application have to always provide password in API calls. + +Functions returning last error will be removed in next major version (2.x). +These functions did not work properly for early initialization errors +and application can implement better function easily using own error callback. + +See comments in libcryptsetup.h for more info about deprecated functions. diff --git a/docs/v1.7.0-ReleaseNotes b/docs/v1.7.0-ReleaseNotes new file mode 100644 index 0000000..cd568c1 --- /dev/null +++ b/docs/v1.7.0-ReleaseNotes @@ -0,0 +1,81 @@ +Cryptsetup 1.7.0 Release Notes +============================== + +The cryptsetup 1.7 release changes defaults for LUKS, +there are no API changes. + +Changes since version 1.6.8 + +* Default hash function is now SHA256 (used in key derivation function + and anti-forensic splitter). + + Note that replacing SHA1 with SHA256 is not for security reasons. + (LUKS does not have problems even if collisions are found for SHA1, + for details see FAQ item 5.20). + + Using SHA256 as default is mainly to prevent compatibility problems + on hardened systems where SHA1 is already be phased out. + + Note that all checks (kernel crypto API availability check) now uses + SHA256 as well. + +* Default iteration time for PBKDF2 is now 2 seconds. + + Increasing iteration time is in combination with PBKDF2 benchmark + fixes a try to keep PBKDF2 iteration count still high enough and + also still acceptable for users. + + N.B. Long term is to replace PBKDF2 algorithm with Password Hashing + Competition winner - Argon2. + + Distributions can still change these defaults in compilation time. + + You can change iteration time and used hash function in existing LUKS + header with cryptsetup-reencrypt utility even without full reencryption + of device (see --keep-key option). + +* Fix PBKDF2 iteration benchmark for longer key sizes. + + The previous PBKDF2 benchmark code did not take into account + output key length properly. + + For SHA1 (with 160-bits output) and 256-bit keys (and longer) + it means that the final iteration value was higher than it should be. + + For other hash algorithms (like SHA256 or SHA512) it caused + that iteration count was lower (in comparison to SHA1) than + expected for the requested time period. + + The PBKDF2 benchmark code is now fixed to use the key size for + the formatted device (or default LUKS key size if running in informational + benchmark mode). + + Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab + (http://www.club.di.unimi.it/) for point this out. + (Based on "What users should know about Full Disk Encryption + based on LUKS" paper to be presented on CANS2015). + +* Remove experimental warning for reencrypt tool. + The strong request for full backup before using reencryption utility + still applies :) + +* Add optional libpasswdqc support for new LUKS passwords. + + If password is entered through terminal (no keyfile specified) and + cryptsetup is compiled with --enable-passwdqc[=/etc/passwdqc.conf], + configured system passwdqc settings are used to check password quality. + +* Update FAQ document. + +Cryptsetup API NOTE: + +Direct terminal handling and password calling callback for passphrase +entry will be removed from libcryptsetup in next major (2.x) version +(application should handle it itself). +It means that application have to always provide password in API calls. + +Functions returning last error will be removed in next major version (2.x). +These functions did not work properly for early initialization errors +and application can implement better function easily using own error callback. + +See comments in libcryptsetup.h for more info about deprecated functions. diff --git a/docs/v1.7.1-ReleaseNotes b/docs/v1.7.1-ReleaseNotes new file mode 100644 index 0000000..057c135 --- /dev/null +++ b/docs/v1.7.1-ReleaseNotes @@ -0,0 +1,36 @@ +Cryptsetup 1.7.1 Release Notes +============================== + +Changes since version 1.7.0 + +* Code now uses kernel crypto API backend according to new + changes introduced in mainline kernel + + While mainline kernel should contain backward compatible + changes, some stable series kernels do not contain fully + backported compatibility patches. + Without these patches most of cryptsetup operations + (like unlocking device) fail. + + This change in cryptsetup ensures that all operations using + kernel crypto API works even on these kernels. + +* The cryptsetup-reencrypt utility now properly detects removal + of underlying link to block device and does not remove + ongoing re-encryption log. + This allows proper recovery (resume) of reencrypt operation later. + + NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility, + this link disappears once the device metadata is temporarily + removed from device. + +* Cryptsetup now allows special "-" (standard input) keyfile handling + even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices. + +* Cryptsetup now fails if there are more keyfiles specified + for non-TCRYPT device. + +* The luksKillSlot command now does not suppress provided password + in batch mode (if password is wrong slot is not destroyed). + Note that not providing password in batch mode means that keyslot + is destroyed unconditionally. diff --git a/docs/v1.7.2-ReleaseNotes b/docs/v1.7.2-ReleaseNotes new file mode 100644 index 0000000..6323430 --- /dev/null +++ b/docs/v1.7.2-ReleaseNotes @@ -0,0 +1,37 @@ +Cryptsetup 1.7.2 Release Notes +============================== + +Changes since version 1.7.1 + +* Update LUKS documentation format. + Clarify fixed sector size and keyslots alignment. + +* Support activation options for error handling modes in Linux kernel + dm-verity module: + + --ignore-corruption - dm-verity just logs detected corruption + + --restart-on-corruption - dm-verity restarts the kernel if corruption is detected + + If the options above are not specified, default behavior for dm-verity remains. + Default is that I/O operation fails with I/O error if corrupted block is detected. + + --ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected + to contain zeroes and always return zeroes directly instead. + + NOTE that these options could have security or functional impacts, + do not use them without assessing the risks! + +* Fix help text for cipher benchmark specification (mention --cipher option). + +* Fix off-by-one error in maximum keyfile size. + Allow keyfiles up to compiled-in default and not that value minus one. + +* Support resume of interrupted decryption in cryptsetup-reencrypt utility. + To resume decryption, LUKS device UUID (--uuid option) option must be used. + +* Do not use direct-io for LUKS header with unaligned keyslots. + Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005). + +* Fix device block size detection to properly work on particular file-based + containers over underlying devices with 4k sectors. diff --git a/docs/v1.7.3-ReleaseNotes b/docs/v1.7.3-ReleaseNotes new file mode 100644 index 0000000..4a2757c --- /dev/null +++ b/docs/v1.7.3-ReleaseNotes @@ -0,0 +1,20 @@ +Cryptsetup 1.7.3 Release Notes +============================== + +Changes since version 1.7.2 + +* Fix device access to hash offsets located beyond the 2GB device boundary in veritysetup. + +* Set configured (compile-time) default iteration time for devices created directly through + libcryptsetup (default was hardcoded 1 second, the configured value applied only + for cryptsetup application). + +* Fix PBKDF2 benchmark to not double iteration count for specific corner case. + If the measurement function returns exactly 500 ms, the iteration calculation loop + doubled iteration count but instead of repeating measurement it used this value directly. + +* OpenSSL backend: fix memory leak if hash context was repeatedly reused. + +* OpenSSL backend: add support for OpenSSL 1.1.0. + +* Fix several minor spelling errors. diff --git a/docs/v1.7.4-ReleaseNotes b/docs/v1.7.4-ReleaseNotes new file mode 100644 index 0000000..73dbaa7 --- /dev/null +++ b/docs/v1.7.4-ReleaseNotes @@ -0,0 +1,22 @@ +Cryptsetup 1.7.4 Release Notes +============================== + +Changes since version 1.7.3 + +* Allow to specify LUKS1 hash algorithm in Python luksFormat wrapper. + +* Use LUKS1 compiled-in defaults also in Python wrapper. + +* OpenSSL backend: Fix OpenSSL 1.1.0 support without backward compatible API. + +* OpenSSL backend: Fix LibreSSL compatibility. + +* Check for data device and hash device area overlap in veritysetup. + +* Fix a possible race while allocating a free loop device. + +* Fix possible file descriptor leaks if libcryptsetup is run from a forked process. + +* Fix missing same_cpu_crypt flag in status command. + +* Various updates to FAQ and man pages. diff --git a/docs/v1.7.5-ReleaseNotes b/docs/v1.7.5-ReleaseNotes new file mode 100644 index 0000000..eec4315 --- /dev/null +++ b/docs/v1.7.5-ReleaseNotes @@ -0,0 +1,22 @@ +Cryptsetup 1.7.5 Release Notes +============================== + +Changes since version 1.7.4 + +* Fixes to luksFormat to properly support recent kernel running in FIPS mode. + + Cryptsetup must never use a weak key even if it is just used for testing + of algorithm availability. In FIPS mode, weak keys are always rejected. + + A weak key is for example detected if the XTS encryption mode use + the same key for the tweak and the encryption part. + +* Fixes accesses to unaligned hidden legacy TrueCrypt header. + + On a native 4k-sector device the old hidden TrueCrypt header is not + aligned with the hw sector size (this problem was fixed in later TrueCrypt + on-disk format versions). + + Cryptsetup now properly aligns the read so it does not fail. + +* Fixes to optional dracut ramdisk scripts for offline re-encryption on initial boot. diff --git a/docs/v2.0.0-ReleaseNotes b/docs/v2.0.0-ReleaseNotes new file mode 100644 index 0000000..779dcb0 --- /dev/null +++ b/docs/v2.0.0-ReleaseNotes @@ -0,0 +1,605 @@ +Cryptsetup 2.0.0 Release Notes +============================== +Stable release with experimental features. + +This version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +NOTE: This version changes soname of libcryptsetup library and increases +major version for all public symbols. +Most of the old functions are fully backward compatible, so only +recompilation of programs should be needed. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +To provide all security features of authenticated encryption we need +better nonce-reuse resistant algorithm in kernel (see note below). +For now, please use authenticated encryption as experimental feature. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.0-RC1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* Limit KDF requested (for format) memory by available physical memory. + On some systems too high requested amount of memory causes OOM killer + to kill the process (instead of returning ENOMEM). + We never try to use more than half of available physical memory. + +* Ignore device alignment if it is not multiple of minimal-io. + Some USB enclosures seems to report bogus topology info that + prevents to use LUKS detached header. + +Changes since version 2.0.0-RC0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Enable to use system libargon2 instead of bundled version. + Renames --disable-argon2 to --disable-internal-argon2 option + and adds --enable-libargon2 flag to allow system libargon2. + +* Changes in build system (Automake) + - The build system now uses non-recursive automake (except for tests). + (Tools binaries are now located in buildroot directory.) + - New --disable-cryptsetup option to disable build of cryptsetup tool. + - Enable build of cryptsetup-reencrypt by default. + +* Install tmpfiles.d configuration for LUKS2 locking directory. + You can overwrite this using --with-tmpfilesdir configure option. + If your distro does not support tmpfiles.d directory, you have + to create locking directory (/run/lock/cryptsetup) in cryptsetup + package (or init scripts). + +* Adds limited support for offline reencryption of LUKS2 format. + +* Decrease size of testing images (and the whole release archive). + +* Fixes for several memory leaks found by Valgrind and Coverity tools. + +* Fixes for several typos in man pages and error messages. + +* LUKS header file in luksFormat is now automatically created + if it does not exist. + +* Do not allow resize if device size is not aligned to sector size. + +Cryptsetup 2.0.0 RC0 Release Notes +================================== + +Important features +~~~~~~~~~~~~~~~~~~ + +* New command integritysetup: support for the new dm-integrity kernel target. + + The dm-integrity is a new kernel device-mapper target that introduces + software emulation of per-sector integrity fields on the disk sector level. + It is available since Linux kernel version 4.12. + + The provided per-sector metadata fields can be used for storing a data + integrity checksum (for example CRC32). + The dm-integrity implements data journal that enforces atomic update + of a sector and its integrity metadata. + + Integritysetup is a CLI utility that can setup standalone dm-integrity + devices (that internally check integrity of data). + + Integritysetup is intended to be used for settings that require + non-cryptographic data integrity protection with no data encryption. + Fo setting integrity protected encrypted devices, see disk authenticated + encryption below. + + Note that after formatting the checksums need to be initialized; + otherwise device reads will fail because of integrity errors. + Integritysetup by default tries to wipe the device with zero blocks + to avoid this problem. Device wipe can be time-consuming, you can skip + this step by specifying --no-wipe option. + (But note that not wiping device can cause some operations to fail + if a write is not multiple of page size and kernel page cache tries + to read sectors with not yet initialized checksums.) + + The default setting is tag size 4 bytes per-sector and CRC32C protection. + To format device with these defaults: + $ integritysetup format + $ integritysetup open + + Note that used algorithm (unlike tag size) is NOT stored in device + kernel superblock and if you use different algorithm, you MUST specify + it in every open command, for example: + $ integritysetup format --tag-size 32 --integrity sha256 + $ integritysetup open --integrity sha256 + + For more info, see integrity man page. + +* Veritysetup command can now format and activate dm-verity devices + that contain Forward Error Correction (FEC) (Reed-Solomon code is used). + This feature is used on most of Android devices already (available since + Linux kernel 4.5). + + There are new options --fec-device, --fec-offset to specify data area + with correction code and --fec-roots that set Redd-Solomon generator roots. + This setting can be used for format command (veritysetup will calculate + and store RS codes) or open command (veritysetup configures kernel + dm-verity to use RS codes). + + For more info see veritysetup man page. + +* Support for larger sector sizes for crypt devices. + + LUKS2 and plain crypt devices can be now configured with larger encryption + sector (typically 4096 bytes, sector size must be the power of two, + maximal sector size is 4096 bytes for portability). + Large sector size can decrease encryption overhead and can also help + with some specific crypto hardware accelerators that perform very + badly with 512 bytes sectors. + + Note that if you configure such a larger sector of the device that does use + smaller physical sector, there is a possibility of a data corruption during + power fail (partial sector writes). + + WARNING: If you use different sector size for a plain device after data were + stored, the decryption will produce garbage. + + For LUKS2, the sector size is stored in metadata and cannot be changed later. + +LUKS2 format and features +~~~~~~~~~~~~~~~~~~~~~~~~~ +The LUKS2 is an on-disk storage format designed to provide simple key +management, primarily intended for Full Disk Encryption based on dm-crypt. + +The LUKS2 is inspired by LUKS1 format and in some specific situations (most +of the default configurations) can be converted in-place from LUKS1. + +The LUKS2 format is designed to allow future updates of various +parts without the need to modify binary structures and internally +uses JSON text format for metadata. Compilation now requires the json-c library +that is used for JSON data processing. + +On-disk format provides redundancy of metadata, detection +of metadata corruption and automatic repair from metadata copy. + +NOTE: For security reasons, there is no redundancy in keyslots binary data +(encrypted keys) but the format allows adding such a feature in future. + +NOTE: to operate correctly, LUKS2 requires locking of metadata. +Locking is performed by using flock() system call for images in file +and for block device by using a specific lock file in /run/lock/cryptsetup. + +This directory must be created by distribution (do not rely on internal +fallback). For systemd-based distribution, you can simply install +scripts/cryptsetup.conf into tmpfiles.d directory. + +For more details see LUKS2-format.txt and LUKS2-locking.txt in the docs +directory. (Please note this is just overview, there will be more formal +documentation later.) + +LUKS2 use +~~~~~~~~~ + +LUKS2 allows using all possible configurations as LUKS1. + +To format device as LUKS2, you have to add "--type luks2" during format: + + $ cryptsetup luksFormat --type luks2 + +All commands issued later will recognize the new format automatically. + +The newly added features in LUKS2 include: + +* Authenticated disk (sector) encryption (EXPERIMENTAL) + + Legacy Full disk encryption (FDE), for example, LUKS1, is a length-preserving + encryption (plaintext is the same size as a ciphertext). + Such FDE can provide data confidentiality, but cannot provide sound data + integrity protection. + + Full disk authenticated encryption is a way how to provide both + confidentiality and data integrity protection. Integrity protection here means + not only detection of random data corruption (silent data corruption) but also + prevention of an unauthorized intentional change of disk sector content. + + NOTE: Integrity protection of this type cannot prevent a replay attack. + An attacker can replace the device or its part of the old content, and it + cannot be detected. + If you need such protection, better use integrity protection on a higher layer. + + For data integrity protection on the sector level, we need additional + per-sector metadata space. In LUKS2 this space is provided by a new + device-mapper dm-integrity target (available since kernel 4.12). + Here the integrity target provides only reliable per-sector metadata store, + and the whole authenticated encryption is performed inside dm-crypt stacked + over the dm-integrity device. + + For encryption, Authenticated Encryption with Additional Data (AEAD) is used. + Every sector is processed as a encryption request of this format: + + |----- AAD -------|------ DATA -------|-- AUTH TAG --| + | (authenticated) | (auth+encryption) | | + | sector_LE | IV | sector in/out | tag in/out | + + AEAD encrypts the whole sector and also authenticates sector number + (to detect sector relocation) and also authenticates Initialization Vector. + + AEAD encryption produces encrypted data and authentication tag. + The authenticated tag is then stored in per-sector metadata space provided + by dm-integrity. + + Most of the current AEAD algorithms requires IV as a nonce, value that is + never reused. Because sector number, as an IV, cannot be used in this + environment, we use a new random IV (IV is a random value generated by system + RNG on every write). This random IV is then stored in the per-sector metadata + as well. + + Because the authentication tag (and IV) requires additional space, the device + provided for a user has less capacity. Also, the data journalling means that + writes are performed twice, decreasing throughput. + + This integrity protection works better with SSDs. If you want to ignore + dm-integrity data journal (because journalling is performed on some higher + layer or you just want to trade-off performance to safe recovery), you can + switch journal off with --integrity-no-journal option. + (This flag can be stored persistently as well.) + + Note that (similar to integritysetup) the device read will fail if + authentication tag is not initialized (no previous write). + By default cryptsetup run wipe of a device (writing zeroes) to initialize + authentication tags. This operation can be very time-consuming. + You can skip device wipe using --integrity-no-wipe option. + + To format LUKS2 device with integrity protection, use new --integrity option. + + For now, there are very few AEAD algorithms that can be used, and some + of them are known to be problematic. In this release we support only + a few of AEAD algorithms (options are for now hard coded), later this + extension will be completely algorithm-agnostic. + + For testing of authenticated encryption, these algorithms work for now: + + 1) aes-xts-plain64 with hmac-sha256 or hmac-sha512 as the authentication tag. + (Common FDE mode + independent authentication tag. Authentication key + for HMAC is independently generated. This mode is very slow.) + $ cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --integrity hmac-sha256 + + 2) aes-gcm-random (native AEAD mode) + DO NOT USE in production! The GCM mode uses only 96-bit nonce, + and possible collision means fatal security problem. + GCM mode has very good hardware support through AES-NI, so it is useful + for performance testing. + $ cryptsetup luksFormat --type luks2 --cipher aes-gcm-random --integrity aead + + 3) ChaCha20 with Poly1305 authenticator (according to RFC7539) + $ cryptsetup luksFormat --type luks2 --cipher chacha20-random --integrity poly1305 + + To specify AES128/AES256 just specify proper key size (without possible + authentication key). Other symmetric ciphers, like Serpent or Twofish, + should work as well. The mode 1) and 2) should be compatible with IEEE 1619.1 + standard recommendation. + + There will be better suitable authenticated modes available soon + For now we are just preparing framework to enable it (and hopefully improve security of FDE). + + FDE authenticated encryption is not a replacement for filesystem layer + authenticated encryption. The goal is to provide at least something because + data integrity protection is often completely ignored in today systems. + +* New memory-hard PBKDF + + LUKS1 introduced Password-Based Key Derivation Function v2 as a tool to + increase attacker cost for a dictionary and brute force attacks. + The PBKDF2 uses iteration count to increase time of key derivation. + Unfortunately, with modern GPUs, the PBKDF2 calculations can be run + in parallel and PBKDF2 can no longer provide the best available protection. + Increasing iteration count just cannot prevent massive parallel dictionary + password attacks in long-term. + + To solve this problem, a new PBKDF, based on so-called memory-hard functions + can be used. Key derivation with memory-hard function requires a certain + amount of memory to compute its output. The memory requirement is very + costly for GPUs and prevents these systems to operate effectively, + increasing cost for attackers. + + LUKS2 introduces support for Argon2i and Argon2id as a PBKDF. + Argon2 is the winner of Password Hashing Competition and is currently + in final RFC draft specification. + + For now, libcryptsetup contains the embedded copy of reference implementation + of Argon2 (that is easily portable to all architectures). + Later, once this function is available in common crypto libraries, it will + switch to external implementation. (This happened for LUKS1 and PBKDF2 + as well years ago.) + With using reference implementation (that is not optimized for speed), there + is some performance penalty. However, using memory-hard PBKDF should still + significantly complicate GPU-optimized dictionary and brute force attacks. + + The Argon2 uses three costs: memory, time (number of iterations) and parallel + (number of threads). + Note that time and memory cost highly influences each other (accessing a lot + of memory takes more time). + + There is a new benchmark that tries to calculate costs to take similar way as + in LUKS1 (where iteration is measured to take 1-2 seconds on user system). + Because now there are more cost variables, it prefers time cost (iterations) + and tries to find required memory that fits. (IOW required memory cost can be + lower if the benchmarks are not able to find required parameters.) + The benchmark cannot run too long, so it tries to approximate next step + for benchmarking. + + For now, default LUKS2 PBKDF algorithm is Argon2i (data independent variant) + with memory cost set to 128MB, time to 800ms and parallel thread according + to available CPU cores but no more than 4. + + All default parameters can be set during compile time and also set on + the command line by using --pbkdf, --pbkdf-memory, --pbkdf-parallel and + --iter-time options. + (Or without benchmark directly by using --pbkdf-force-iterations, see below.) + + You can still use PBKDF2 even for LUKS2 by specifying --pbkdf pbkdf2 option. + (Then only iteration count is applied.) + +* Use of kernel keyring + + Kernel keyring is a storage for sensitive material (like cryptographic keys) + inside Linux kernel. + + LUKS2 uses keyring for two major functions: + + - To store volume key for dm-crypt where it avoids sending volume key in + every device-mapper ioctl structure. Volume key is also no longer directly + visible in a dm-crypt mapping table. The key is not available for the user + after dm-crypt configuration (obviously except direct memory scan). + Use of kernel keyring can be disabled in runtime by --disable-keyring option. + + - As a tool to automatically unlock LUKS device if a passphrase is put into + kernel keyring and proper keyring token is configured. + + This allows storing a secret (passphrase) to kernel per-user keyring by + some external tool (for example some TPM handler) and LUKS2, if configured, + will automatically search in the keyring and unlock the system. + For more info see Tokens section below. + +* Persistent flags + The activation flags (like allow-discards) can be stored in metadata and used + automatically by all later activations (even without using crypttab). + + To store activation flags permanently, use activation command with required + flags and add --persistent option. + + For example, to mark device to always activate with TRIM enabled, + use (for LUKS2 type): + + $ cryptsetup open --allow-discards --persistent + + You can check persistent flags in dump command output: + + $ cryptsetup luksDump + +* Tokens and auto-activation + + A LUKS2 token is an object that can be described "how to get passphrase or key" + to unlock particular keyslot. + (Also it can be used to store any additional metadata, and with + the libcryptsetup interface it can be used to define user token types.) + + Cryptsetup internally implements keyring token. Cryptsetup tries to use + available tokens before asking for the passphrase. For keyring token, + it means that if the passphrase is available under specified identifier + inside kernel keyring, the device is automatically activated using this + stored passphrase. + + Example of using LUKS2 keyring token: + + # Adding token to metadata with "my_token" identifier (by default it applies to all keyslots). + $ cryptsetup token add --key-description "my_token" + + # Storing passphrase to user keyring (this can be done by an external application) + $ echo -n | keyctl padd user my_token @u + + # Now cryptsetup activates automatically if it finds correct passphrase + $ cryptsetup open + + The main reason to use tokens this way is to separate possible hardware + handlers from cryptsetup code. + +* Keyslot priorities + + LUKS2 keyslot can have a new priority attribute. + The default is "normal". The "prefer" priority tell the keyslot to be tried + before other keyslots. Priority "ignore" means that keyslot will never be + used if not specified explicitly (it can be used for backup administrator + passwords that are used only situations when a user forgets own passphrase). + + The priority of keyslot can be set with new config command, for example + $ cryptsetup config --key-slot 1 --priority prefer + + Setting priority to normal will reset slot to normal state. + +* LUKS2 label and subsystem + + The header now contains additional fields for label and subsystem (additional + label). These fields can be used similar to filesystem label and will be + visible in udev rules to possible filtering. (Note that blkid do not yet + contain the LUKS scanning code). + + By default both labels are empty. Label and subsystem are always set together + (no option means clear the label) with the config command: + + $ cryptsetup config --label my_device --subsystem "" + +* In-place conversion form LUKS1 + + To allow easy testing and transition to the new LUKS2 format, there is a new + convert command that allows in-place conversion from the LUKS1 format and, + if there are no incompatible options, also conversion back from LUKS2 + to LUKS1 format. + + Note this command can be used only on some LUKS1 devices (some device header + sizes are not supported). + This command is dangerous, never run it without header backup! + If something fails in the middle of conversion (IO error), the header + is destroyed. (Note that conversion requires move of keyslot data area to + a different offset.) + + To convert header in-place to LUKS2 format, use + $ cryptsetup convert --type luks2 + + To convert it back to LUKS1 format, use + $ cryptsetup convert --type luks1 + + You can verify LUKS version with luksDump command. + $ cryptsetup luksDump + + Note that some LUKS2 features will make header incompatible with LUKS1 and + conversion will be rejected (for example using new Argon2 PBKDF or integrity + extensions). Some minor attributes can be lost in conversion. + +Other changes +~~~~~~~~~~~~~ + +* Explicit KDF iterations count setting + + With new PBKDF interface, there is also the possibility to setup PBKDF costs + directly, avoiding benchmarks. This can be useful if device is formatted to be + primarily used on a different system. + + The option --pbkdf-force-iterations is available for both LUKS1 and LUKS2 + format. Using this option can cause device to have either very low or very + high PBKDF costs. + In the first case it means bad protection to dictionary attacks, in the second + case, it can mean extremely high unlocking time or memory requirements. + Use only if you are sure what you are doing! + + Not that this setting also affects iteration count for the key digest. + For LUKS1 iteration count for digest will be approximately 1/8 of requested + value, for LUKS2 and "pbkdf2" digest minimal PBKDF2 iteration count (1000) + will be used. You cannot set lower iteration count than the internal minimum + (1000 for PBKDF2). + + To format LUKS1 device with forced iteration count (and no benchmarking), use + $ cryptsetup luksFormat --pbkdf-force-iterations 22222 + + For LUKS2 it is always better to specify full settings (do not rely on default + cost values). + For example, we can set to use Argon2id with iteration cost 5, memory 128000 + and parallel set 1: + $ cryptsetup luksFormat --type luks2 \ + --pbkdf argon2id --pbkdf-force-iterations 5 --pbkdf-memory 128000 --pbkdf-parallel 1 + +* VeraCrypt PIM + + Cryptsetup can now also open VeraCrypt device that uses Personal Iteration + Multiplier (PIM). PIM is an integer value that user must remember additionally + to passphrase and influences PBKDF2 iteration count (without it VeraCrypt uses + a fixed number of iterations). + + To open VeraCrypt device with PIM settings, use --veracrypt-pim (to specify + PIM on the command line) or --veracrypt-query-pim to query PIM interactively. + +* Support for plain64be IV + + The plain64be is big-endian variant of plain64 Initialization Vector. It is + used in some images of hardware-based disk encryption systems. Supporting this + variant allows using dm-crypt to map such images through cryptsetup. + +* Deferral removal + + Cryptsetup now can mark device for deferred removal by using a new option + --deferred. This means that close command will not fail if the device is still + in use, but will instruct the kernel to remove the device automatically after + use count drops to zero (for example, once the filesystem is unmounted). + +* A lot of updates to man pages and many minor changes that would make this + release notes too long ;-) + +Libcryptsetup API changes +~~~~~~~~~~~~~~~~~~~~~~~~~ + +These API functions were removed, libcryptsetup no longer handles password +retries from terminal (application should handle terminal operations itself): + crypt_set_password_callback; + crypt_set_timeout; + crypt_set_password_retry; + crypt_set_password_verify; + +This call is removed (no need to keep typo backward compatibility, +the proper function is crypt_set_iteration_time :-) + crypt_set_iterarion_time; + +These calls were removed because are not safe, use per-context +error callbacks instead: + crypt_last_error; + crypt_get_error; + +The PBKDF benchmark was replaced by a new function that uses new KDF structure + crypt_benchmark_kdf; (removed) + crypt_benchmark_pbkdf; (new API call) + +These new calls are now exported, for details see libcryptsetup.h: + crypt_keyslot_add_by_key; + crypt_keyslot_set_priority; + crypt_keyslot_get_priority; + + crypt_token_json_get; + crypt_token_json_set; + crypt_token_status; + crypt_token_luks2_keyring_get; + crypt_token_luks2_keyring_set; + crypt_token_assign_keyslot; + crypt_token_unassign_keyslot; + crypt_token_register; + + crypt_activate_by_token; + crypt_activate_by_keyring; + crypt_deactivate_by_name; + + crypt_metadata_locking; + crypt_volume_key_keyring; + crypt_get_integrity_info; + crypt_get_sector_size; + crypt_persistent_flags_set; + crypt_persistent_flags_get; + crypt_set_pbkdf_type; + crypt_get_pbkdf_type; + + crypt_convert; + crypt_keyfile_read; + crypt_wipe; + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* There will be better documentation and examples. + +* There will be some more formal definition of the threat model for integrity + protection. (And a link to some papers discussing integrity protection, + once it is, hopefully, accepted and published.) + +* Offline re-encrypt tool LUKS2 support is currently limited. + There will be online LUKS2 re-encryption tool in future. + +* Authenticated encryption will use new algorithms from CAESAR competition + (https://competitions.cr.yp.to/caesar.html) once these algorithms are available + in kernel (more on this later). + NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305) + in kernel have too small 96-bit nonces that are problematic with + randomly generated IVs (the collison probability is not negligible). + For the GCM, nonce collision is a fatal problem. + +* Authenticated encryption do not set encryption for dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* Some utilities (blkid, systemd-cryptsetup) have already support for LUKS + but not yet in released version (support in crypttab etc). + +* There are some examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be deprecated soon in favor + of python bindings to libblockdev library (that can already handle LUKS1 devices). diff --git a/docs/v2.0.1-ReleaseNotes b/docs/v2.0.1-ReleaseNotes new file mode 100644 index 0000000..0cc13b9 --- /dev/null +++ b/docs/v2.0.1-ReleaseNotes @@ -0,0 +1,109 @@ +Cryptsetup 2.0.1 Release Notes +============================== +Stable and bug-fix release with experimental features. + +This version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +To provide all security features of authenticated encryption we need +a better nonce-reuse resistant algorithm in the kernel (see note below). +For now, please use authenticated encryption as an experimental feature. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* To store volume key into kernel keyring, kernel 4.15 with dm-crypt 1.18.1 + is required. If a volume key is stored in keyring (LUKS2 only), + the dm-crypt v1.15.0 through v1.18.0 contains a serious bug that may cause + data corruption for ciphers with ESSIV. + (The key for ESSIV is zeroed because of code misplacement.) + This bug is not present for LUKS1 or any other IVs used in LUKS modes. + This change is not visible to the user (except dmsetup output). + +* Increase maximum allowed PBKDF memory-cost limit to 4 GiB. + The Argon2 PBKDF uses 1GiB by default; this is also limited by the amount + of physical memory available (maximum is half of the physical memory). + +* Use /run/cryptsetup as default for cryptsetup locking dir. + There were problems with sharing /run/lock with lockdev, and in the early + boot, the directory was missing. + The directory can be changed with --with-luks2-lock-path and + --with-luks2-lock-dir-perms configure switches. + +* Introduce new 64-bit byte-offset *keyfile_device_offset functions. + + The keyfile interface was designed, well, for keyfiles. Unfortunately, + there are user cases where a keyfile can be placed on a device, and + size_t offset can overflow on 32-bit systems. + + New set of functions that allow 64-bit offsets even on 32bit systems + are now available: + + - crypt_resume_by_keyfile_device_offset + - crypt_keyslot_add_by_keyfile_device_offset + - crypt_activate_by_keyfile_device_offset + - crypt_keyfile_device_read + + The new functions have added the _device_ in name. + Old functions are just internal wrappers around these. + + Also cryptsetup --keyfile-offset and --new-keyfile-offset now allows + 64-bit offsets as parameters. + +* Add error hint for wrongly formatted cipher strings in LUKS1 and + properly fail in luksFormat if cipher format is missing required IV. + For now, crypto API quietly used cipher without IV if a cipher + algorithm without IV specification was used (e.g., aes-xts). + This caused fail later during activation. + +* Configure check for a recent Argon2 lib to support mandatory Argon2id. + +* Fix for the cryptsetup-reencrypt static build if pwquality is enabled. + +* Update LUKS1 standard doc (https links in the bibliography). + + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* There will be better documentation and examples. + +* There will be some more formal definition of the threat model for integrity + protection. (And a link to some papers discussing integrity protection, + once it is, hopefully, accepted and published.) + +* Offline re-encrypt tool LUKS2 support is currently limited. + There will be online LUKS2 re-encryption tool in future. + +* Authenticated encryption will use new algorithms from CAESAR competition + (https://competitions.cr.yp.to/caesar.html) once these algorithms are + available in the kernel (more on this later). + NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305) + in the kernel have too small 96-bit nonces that are problematic with + randomly generated IVs (the collision probability is not negligible). + For the GCM, nonce collision is a fatal problem. + +* Authenticated encryption do not set encryption for a dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* There are examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be deprecated soon in favor + of python bindings to the libblockdev library (that can already handle LUKS1 + devices). diff --git a/docs/v2.0.2-ReleaseNotes b/docs/v2.0.2-ReleaseNotes new file mode 100644 index 0000000..a85a248 --- /dev/null +++ b/docs/v2.0.2-ReleaseNotes @@ -0,0 +1,93 @@ +Cryptsetup 2.0.2 Release Notes +============================== +Stable and bug-fix release with experimental features. + +Cryptsetup 2.x version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +To provide all security features of authenticated encryption, we need +a better nonce-reuse resistant algorithm in the kernel (see note below). +For now, please use authenticated encryption as an experimental feature. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Fix a regression in early detection of inactive keyslot for luksKillSlot. + It tried to ask for passphrase even for already erased keyslot. + +* Fix a regression in loopaesOpen processing for keyfile on standard input. + Use of "-" argument was not working properly. + +* Add LUKS2 specific options for cryptsetup-reencrypt. + Tokens and persistent flags are now transferred during reencryption; + change of PBKDF keyslot parameters is now supported and allows + to set precalculated values (no benchmarks). + +* Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags + combination. Persistent flags are now stored only if the device was + successfully activated with the specified flags. + +* Fix integritysetup format after recent Linux kernel changes that + requires to setup key for HMAC in all cases. + Previously integritysetup allowed HMAC with zero key that behaves + like a plain hash. + +* Fix VeraCrypt PIM handling that modified internal iteration counts + even for subsequent activations. The PIM count is no longer printed + in debug log as it is sensitive information. + Also, the code now skips legacy TrueCrypt algorithms if a PIM + is specified (they cannot be used with PIM anyway). + +* PBKDF values cannot be set (even with force parameters) below + hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2 + it is 4 iterations and 32 KiB of memory cost. + +* Introduce new crypt_token_is_assigned() API function for reporting + the binding between token and keyslots. + +* Allow crypt_token_json_set() API function to create internal token types. + Do not allow unknown fields in internal token objects. + +* Print message in cryptsetup that about was aborted if a user did not + answer YES in a query. + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* There will be better documentation and examples. + +* There will be some more formal definition of the threat model for integrity + protection. (And a link to some papers discussing integrity protection, + once it is, hopefully, accepted and published.) + +* Authenticated encryption will use new algorithms from CAESAR competition + https://competitions.cr.yp.to/caesar-submissions.html. + We plan to use AEGIS and MORUS, as CAESAR finalists. + + NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305) + in the kernel have too small 96-bit nonces that are problematic with + randomly generated IVs (the collision probability is not negligible). + +* Authenticated encryption do not set encryption for a dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* There are examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be deprecated in version 2.1 + in favor of python bindings to the libblockdev library. diff --git a/docs/v2.0.3-ReleaseNotes b/docs/v2.0.3-ReleaseNotes new file mode 100644 index 0000000..030a1b4 --- /dev/null +++ b/docs/v2.0.3-ReleaseNotes @@ -0,0 +1,121 @@ +Cryptsetup 2.0.3 Release Notes +============================== +Stable bug-fix release with new features. + +Cryptsetup 2.x version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +To provide all security features of authenticated encryption, we need +a better nonce-reuse resistant algorithm in the kernel (see note below). +For now, please use authenticated encryption as an experimental feature. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Expose interface to unbound LUKS2 keyslots. + Unbound LUKS2 keyslot allows storing a key material that is independent + of master volume key (it is not bound to encrypted data segment). + +* New API extensions for unbound keyslots (LUKS2 only) + crypt_keyslot_get_key_size() and crypt_volume_key_get() + These functions allow to get key and key size for unbound keyslots. + +* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only). + +* Add --unbound keyslot option to the cryptsetup luksAddKey command. + +* Add crypt_get_active_integrity_failures() call to get integrity + failure count for dm-integrity devices. + +* Add crypt_get_pbkdf_default() function to get per-type PBKDF default + setting. + +* Add new flag to crypt_keyslot_add_by_key() to force update device + volume key. This call is mainly intended for a wrapped key change. + +* Allow volume key store in a file with cryptsetup. + The --dump-master-key together with --master-key-file allows cryptsetup + to store the binary volume key to a file instead of standard output. + +* Add support detached header for cryptsetup-reencrypt command. + +* Fix VeraCrypt PIM handling - use proper iterations count formula + for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes. + +* Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim). + +* Add --with-default-luks-format configure time option. + (Option to override default LUKS format version.) + +* Fix LUKS version conversion for detached (and trimmed) LUKS headers. + +* Add luksConvertKey cryptsetup command that converts specific keyslot + from one PBKDF to another. + +* Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata) + header is detected. + +* More cleanup and hardening of LUKS2 keyslot specific validation options. + Add more checks for cipher validity before writing metadata on-disk. + +* Do not allow LUKS1 version downconversion if the header contains tokens. + +* Add "paes" family ciphers (AES wrapped key scheme for mainframes) + to allowed ciphers. + Specific wrapped ley configuration logic must be done by 3rd party tool, + LUKS2 stores only keyslot material and allow activation of the device. + +* Add support for --check-at-most-once option (kernel 4.17) to veritysetup. + This flag can be dangerous; if you can control underlying device + (you can change its content after it was verified) it will no longer + prevent reading tampered data and also it does not prevent silent + data corruptions that appear after the block was once read. + +* Fix return code (EPERM instead of EINVAL) and retry count for bad + passphrase on non-tty input. + +* Enable support for FEC decoding in veritysetup to check dm-verity devices + with additional Reed-Solomon code in userspace (verify command). + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* There will be better documentation and examples (planned for 2.0.4). + +* There will be some more formal definition of the threat model for integrity + protection. (And a link to some papers discussing integrity protection, + once it is, hopefully, accepted and published.) + +* Authenticated encryption will use new algorithms from CAESAR competition + https://competitions.cr.yp.to/caesar-submissions.html. + We plan to use AEGIS and MORUS, as CAESAR finalists. + + NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305) + in the kernel have too small 96-bit nonces that are problematic with + randomly generated IVs (the collision probability is not negligible). + +* Authenticated encryption do not set encryption for a dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* There are examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be REMOVED in version 2.1 + in favor of python bindings to the libblockdev library. + See https://github.com/storaged-project/libblockdev/releases/tag/2.17-1 that + already supports LUKS2 and VeraCrypt devices handling through libcryptsetup. diff --git a/docs/v2.0.4-ReleaseNotes b/docs/v2.0.4-ReleaseNotes new file mode 100644 index 0000000..9731f59 --- /dev/null +++ b/docs/v2.0.4-ReleaseNotes @@ -0,0 +1,119 @@ +Cryptsetup 2.0.4 Release Notes +============================== +Stable bug-fix release with new features. + +Cryptsetup 2.x version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +To provide all security features of authenticated encryption, we need +a better nonce-reuse resistant algorithm in the kernel (see note below). +For now, please use authenticated encryption as an experimental feature. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.3 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Use the libblkid (blockid) library to detect foreign signatures + on a device before LUKS format and LUKS2 auto-recovery. + + This change fixes an unexpected recovery using the secondary + LUKS2 header after a device was already overwritten with + another format (filesystem or LVM physical volume). + + LUKS2 will not recreate a primary header if it detects a valid + foreign signature. In this situation, a user must always + use cryptsetup repair command for the recovery. + + Note that libcryptsetup and utilities are now linked to libblkid + as a new dependence. + + To compile code without blockid support (strongly discouraged), + use --disable-blkid configure switch. + +* Add prompt for format and repair actions in cryptsetup and + integritysetup if foreign signatures are detected on the device + through the blockid library. + + After the confirmation, all known signatures are then wiped as + part of the format or repair procedure. + +* Print consistent verbose message about keyslot and token numbers. + For keyslot actions: Key slot unlocked/created/removed. + For token actions: Token created/removed. + +* Print error, if a non-existent token is tried to be removed. + +* Add support for LUKS2 token definition export and import. + + The token command now can export/import customized token JSON file + directly from command line. See the man page for more details. + +* Add support for new dm-integrity superblock version 2. + +* Add an error message when nothing was read from a key file. + +* Update cryptsetup man pages, including --type option usage. + +* Add a snapshot of LUKS2 format specification to documentation + and accordingly fix supported secondary header offsets. + +* Add bundled optimized Argon2 SSE (X86_64 platform) code. + + If the bundled Argon2 code is used and the new configure switch + --enable-internal-sse-argon2 option is present, and compiler flags + support required optimization, the code will try to use optimized + and faster variant. + + Always use the shared library (--enable-libargon2) if possible. + + This option was added because an enterprise distribution + rejected to support the shared Argon2 library and native support + in generic cryptographic libraries is not ready yet. + +* Fix compilation with crypto backend for LibreSSL >= 2.7.0. + LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility + wrapper must be commented out. + +* Fix on-disk header size calculation for LUKS2 format if a specific + data alignment is requested. Until now, the code used default size + that could be wrong for converted devices. + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* Authenticated encryption will use new algorithms from CAESAR competition + https://competitions.cr.yp.to/caesar-submissions.html. + We plan to use AEGIS and MORUS (in kernel 4.18), as CAESAR finalists. + + NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305) + in the kernel have too small 96-bit nonces that are problematic with + randomly generated IVs (the collision probability is not negligible). + + For more info about LUKS2 authenticated encryption, please see our paper + https://arxiv.org/abs/1807.00309 + +* Authenticated encryption do not set encryption for a dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* There are examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be REMOVED in version 2.1 + in favor of python bindings to the libblockdev library. + See https://github.com/storaged-project/libblockdev/releases that + already supports LUKS2 and VeraCrypt devices handling through libcryptsetup. + diff --git a/docs/v2.0.5-ReleaseNotes b/docs/v2.0.5-ReleaseNotes new file mode 100644 index 0000000..907d5aa --- /dev/null +++ b/docs/v2.0.5-ReleaseNotes @@ -0,0 +1,102 @@ +Cryptsetup 2.0.5 Release Notes +============================== +Stable bug-fix release with new features. + +Cryptsetup 2.x version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.4 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Wipe full header areas (including unused) during LUKS format. + + Since this version, the whole area up to the data offset is zeroed, + and subsequently, all keyslots areas are wiped with random data. + This ensures that no remaining old data remains in the LUKS header + areas, but it could slow down format operation on some devices. + Previously only first 4k (or 32k for LUKS2) and the used keyslot + was overwritten in the format operation. + +* Several fixes to error messages that were unintentionally replaced + in previous versions with a silent exit code. + More descriptive error messages were added, including error + messages if + - a device is unusable (not a block device, no access, etc.), + - a LUKS device is not detected, + - LUKS header load code detects unsupported version, + - a keyslot decryption fails (also happens in the cipher check), + - converting an inactive keyslot. + +* Device activation fails if data area overlaps with LUKS header. + +* Code now uses explicit_bzero to wipe memory if available + (instead of own implementation). + +* Additional VeraCrypt modes are now supported, including Camellia + and Kuznyechik symmetric ciphers (and cipher chains) and Streebog + hash function. These were introduced in a recent VeraCrypt upstream. + + Note that Kuznyechik requires out-of-tree kernel module and + Streebog hash function is available only with the gcrypt cryptographic + backend for now. + +* Fixes static build for integritysetup if the pwquality library is used. + +* Allows passphrase change for unbound keyslots. + +* Fixes removed keyslot number in verbose message for luksKillSlot, + luksRemoveKey and erase command. + +* Adds blkid scan when attempting to open a plain device and warn the user + about existing device signatures in a ciphertext device. + +* Remove LUKS header signature if luksFormat fails to add the first keyslot. + +* Remove O_SYNC from device open and use fsync() to speed up + wipe operation considerably. + +* Create --master-key-file in luksDump and fail if the file already exists. + +* Fixes a bug when LUKS2 authenticated encryption with a detached header + wiped the header device instead of dm-integrity data device area (causing + unnecessary LUKS2 header auto recovery). + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* Authenticated encryption should use new algorithms from CAESAR competition + https://competitions.cr.yp.to/caesar-submissions.html. + AEGIS and MORUS are already available in kernel 4.18. + + For more info about LUKS2 authenticated encryption, please see our paper + https://arxiv.org/abs/1807.00309 + + Please note that authenticated encryption is still an experimental feature + and can have performance problems for hish-speed devices and device + with larger IO blocks (like RAID). + +* Authenticated encryption do not set encryption for a dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* There are examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be REMOVED in version 2.1 + in favor of python bindings to the libblockdev library. + See https://github.com/storaged-project/libblockdev/releases that + already supports LUKS2 and VeraCrypt devices handling through libcryptsetup. diff --git a/docs/v2.0.6-ReleaseNotes b/docs/v2.0.6-ReleaseNotes new file mode 100644 index 0000000..7fe276a --- /dev/null +++ b/docs/v2.0.6-ReleaseNotes @@ -0,0 +1,97 @@ +Cryptsetup 2.0.6 Release Notes +============================== +Stable bug-fix release. +All users of cryptsetup 2.0.x should upgrade to this version. + +Cryptsetup 2.x version introduces a new on-disk LUKS2 format. + +The legacy LUKS (referenced as LUKS1) will be fully supported +forever as well as a traditional and fully backward compatible format. + +Please note that authenticated disk encryption, non-cryptographic +data integrity protection (dm-integrity), use of Argon2 Password-Based +Key Derivation Function and the LUKS2 on-disk format itself are new +features and can contain some bugs. + +Please do not use LUKS2 without properly configured backup or in +production systems that need to be compatible with older systems. + +Changes since version 2.0.5 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Fix support of larger metadata areas in LUKS2 header. + + This release properly supports all specified metadata areas, as documented + in LUKS2 format description (see docs/on-disk-format-luks2.pdf in archive). + + Currently, only default metadata area size is used (in format or convert). + Later cryptsetup versions will allow increasing this metadata area size. + +* If AEAD (authenticated encryption) is used, cryptsetup now tries to check + if the requested AEAD algorithm with specified key size is available + in kernel crypto API. + This change avoids formatting a device that cannot be later activated. + + For this function, the kernel must be compiled with the + CONFIG_CRYPTO_USER_API_AEAD option enabled. + Note that kernel user crypto API options (CONFIG_CRYPTO_USER_API and + CONFIG_CRYPTO_USER_API_SKCIPHER) are already mandatory for LUKS2. + +* Fix setting of integrity no-journal flag. + Now you can store this flag to metadata using --persistent option. + +* Fix cryptsetup-reencrypt to not keep temporary reencryption headers + if interrupted during initial password prompt. + +* Adds early check to plain and LUKS2 formats to disallow device format + if device size is not aligned to requested sector size. + Previously it was possible, and the device was rejected to activate by + kernel later. + +* Fix checking of hash algorithms availability for PBKDF early. + Previously LUKS2 format allowed non-existent hash algorithm with + invalid keyslot preventing the device from activation. + +* Allow Adiantum cipher construction (a non-authenticated length-preserving + fast encryption scheme), so it can be used both for data encryption and + keyslot encryption in LUKS1/2 devices. + + For benchmark, use: + # cryptsetup benchmark -c xchacha12,aes-adiantum + # cryptsetup benchmark -c xchacha20,aes-adiantum + + For LUKS format: + # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 + + The support for Adiantum will be merged in Linux kernel 4.21. + For more info see the paper https://eprint.iacr.org/2018/720. + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* Authenticated encryption should use new algorithms from CAESAR competition + https://competitions.cr.yp.to/caesar-submissions.html. + AEGIS and MORUS are already available in kernel 4.18. + + For more info about LUKS2 authenticated encryption, please see our paper + https://arxiv.org/abs/1807.00309 + + Please note that authenticated encryption is still an experimental feature + and can have performance problems for high-speed devices and device + with larger IO blocks (like RAID). + +* Authenticated encryption do not set encryption for a dm-integrity journal. + + While it does not influence data confidentiality or integrity protection, + an attacker can get some more information from data journal or cause that + system will corrupt sectors after journal replay. (That corruption will be + detected though.) + +* There are examples of user-defined tokens inside misc/luks2_keyslot_example + directory (like a simple external program that uses libssh to unlock LUKS2 + using remote keyfile). + +* The python binding (pycryptsetup) contains only basic functionality for LUKS1 + (it is not updated for new features) and will be REMOVED in version 2.1 + in favor of python bindings to the libblockdev library. + See https://github.com/storaged-project/libblockdev/releases that + already supports LUKS2 and VeraCrypt devices handling through libcryptsetup. diff --git a/docs/v2.1.0-ReleaseNotes b/docs/v2.1.0-ReleaseNotes new file mode 100644 index 0000000..36d2247 --- /dev/null +++ b/docs/v2.1.0-ReleaseNotes @@ -0,0 +1,210 @@ +Cryptsetup 2.1.0 Release Notes +============================== +Stable release with new features and bug fixes. + +Cryptsetup 2.1 version uses a new on-disk LUKS2 format as the default +LUKS format and increases default LUKS2 header size. + +The legacy LUKS (referenced as LUKS1) will be fully supported forever +as well as a traditional and fully backward compatible format. + +When upgrading a stable distribution, please use configure option +--with-default-luks-format=LUKS1 to maintain backward compatibility. + +This release also switches to OpenSSL as a default cryptographic +backend for LUKS header processing. Use --with-crypto_backend=gcrypt +configure option if you need to preserve legacy libgcrypt backend. + +Please do not use LUKS2 without properly configured backup or +in production systems that need to be compatible with older systems. + +Changes since version 2.0.6 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* The default for cryptsetup LUKS format action is now LUKS2. + You can use LUKS1 with cryptsetup option --type luks1. + +* The default size of the LUKS2 header is increased to 16 MB. + It includes metadata and the area used for binary keyslots; + it means that LUKS header backup is now 16MB in size. + + Note, that used keyslot area is much smaller, but this increase + of reserved space allows implementation of later extensions + (like online reencryption). + It is fully compatible with older cryptsetup 2.0.x versions. + If you require to create LUKS2 header with the same size as + in the 2.0.x version, use --offset 8192 option for luksFormat + (units are in 512-bytes sectors; see notes below). + +* Cryptsetup now doubles LUKS default key size if XTS mode is used + (XTS mode uses two internal keys). This does not apply if key size + is explicitly specified on the command line and it does not apply + for the plain mode. + This fixes a confusion with AES and 256bit key in XTS mode where + code used AES128 and not AES256 as often expected. + + Also, the default keyslot encryption algorithm (if cannot be derived + from data encryption algorithm) is now available as configure + options --with-luks2-keyslot-cipher and --with-luks2-keyslot-keybits. + The default is aes-xts-plain64 with 2 * 256-bits key. + +* Default cryptographic backend used for LUKS header processing is now + OpenSSL. For years, OpenSSL provided better performance for PBKDF. + + NOTE: Cryptsetup/libcryptsetup supports several cryptographic + library backends. The fully supported are libgcrypt, OpenSSL and + kernel crypto API. FIPS mode extensions are maintained only for + libgcrypt and OpenSSL. Nettle and NSS are usable only for some + subset of algorithms and cannot provide full backward compatibility. + You can always switch to other backends by using a configure switch, + for libgcrypt (compatibility for older distributions) use: + --with-crypto_backend=gcrypt + +* The Python bindings are no longer supported and the code was removed + from cryptsetup distribution. Please use the libblockdev project + that already covers most of the libcryptsetup functionality + including LUKS2. + +* Cryptsetup now allows using --offset option also for luksFormat. + It means that the specified offset value is used for data offset. + LUKS2 header areas are automatically adjusted according to this value. + (Note units are in 512-byte sectors due to the previous definition + of this option in plain mode.) + This option can replace --align-payload with absolute alignment value. + +* Cryptsetup now supports new refresh action (that is the alias for + "open --refresh"). + It allows changes of parameters for an active device (like root + device mapping), for example, it can enable or disable TRIM support + on-the-fly. + It is supported for LUKS1, LUKS2, plain and loop-AES devices. + +* Integritysetup now supports mode with detached data device through + new --data-device option. + Since kernel 4.18 there is a possibility to specify external data + device for dm-integrity that stores all integrity tags. + +* Integritysetup now supports automatic integrity recalculation + through new --integrity-recalculate option. + Linux kernel since version 4.18 supports automatic background + recalculation of integrity tags for dm-integrity. + +Other changes and fixes +~~~~~~~~~~~~~~~~~~~~~~~ + +* Fix for crypt_wipe call to allocate space if the header is backed + by a file. This means that if you use detached header file, it will + now have always the full size after luksFormat, even if only + a few keyslots are used. + +* Fixes to offline cryptsetup-reencrypt to preserve LUKS2 keyslots + area sizes after reencryption and fixes for some other issues when + creating temporary reencryption headers. + +* Added some FIPS mode workarounds. We cannot (yet) use Argon2 in + FIPS mode, libcryptsetup now fallbacks to use PBKDF2 in FIPS mode. + +* Rejects conversion to LUKS1 if PBKDF2 hash algorithms + in keyslots differ. + +* The hash setting on command line now applies also to LUKS2 PBKDF2 + digest. In previous versions, the LUKS2 key digest used PBKDF2-SHA256 + (except for converted headers). + +* Allow LUKS2 keyslots area to increase if data offset allows it. + Cryptsetup can fine-tune LUKS2 metadata area sizes through + --luks2-metadata-size=BYTES and --luks2-keyslots-size=BYTES. + Please DO NOT use these low-level options until you need it for + some very specific additional feature. + Also, the code now prints these LUKS2 header area sizes in dump + command. + +* For LUKS2, keyslot can use different encryption that data with + new options --keyslot-key-size=BITS and --keyslot-cipher=STRING + in all commands that create new LUKS keyslot. + Please DO NOT use these low-level options until you need it for + some very specific additional feature. + +* Code now avoids data flush when reading device status through + device-mapper. + +* The Nettle crypto backend and the userspace kernel crypto API + backend were enhanced to allow more available hash functions + (like SHA3 variants). + +* Upstream code now does not require libgcrypt-devel + for autoconfigure, because OpenSSL is the default. + The libgcrypt does not use standard pkgconfig detection and + requires specific macro (part of libgcrypt development files) + to be always present during autoconfigure. + With other crypto backends, like OpenSSL, this makes no sense, + so this part of autoconfigure is now optional. + +* Cryptsetup now understands new --debug-json option that allows + an additional dump of some JSON information. These are no longer + present in standard debug output because it could contain some + specific LUKS header parameters. + +* The luksDump contains the hash algorithm used in Anti-Forensic + function. + +* All debug messages are now sent through configured log callback + functions, so an application can easily use own debug messages + handling. In previous versions debug messages were printed directly + to standard output.) + +Libcryptsetup API additions +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +These new calls are now exported, for details see libcryptsetup.h: + + * crypt_init_data_device + * crypt_get_metadata_device_name + functions to init devices with separate metadata and data device + before a format function is called. + + * crypt_set_data_offset + sets the data offset for LUKS to the specified value + in 512-byte sectors. + It should replace alignment calculation in LUKS param structures. + + * crypt_get_metadata_size + * crypt_set_metadata_size + allows to set/get area sizes in LUKS header + (according to specification). + + * crypt_get_default_type + get default compiled-in LUKS type (version). + + * crypt_get_pbkdf_type_params + allows to get compiled-in PBKDF parameters. + + * crypt_keyslot_set_encryption + * crypt_keyslot_get_encryption + allows to set/get per-keyslot encryption algorithm for LUKS2. + + * crypt_keyslot_get_pbkdf + allows to get PBKDF parameters per-keyslot. + + and these new defines: + * CRYPT_LOG_DEBUG_JSON (message type for JSON debug) + * CRYPT_DEBUG_JSON (log level for JSON debug) + * CRYPT_ACTIVATE_RECALCULATE (dm-integrity recalculate flag) + * CRYPT_ACTIVATE_REFRESH (new open with refresh flag) + +All existing API calls should remain backward compatible. + +Unfinished things & TODO for next releases +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* Optional authenticated encryption is still an experimental feature + and can have performance problems for high-speed devices and device + with larger IO blocks (like RAID). + +* Authenticated encryption does not use encryption for a dm-integrity + journal. While it does not influence data confidentiality or + integrity protection, an attacker can get some more information + from data journal or cause that system will corrupt sectors after + journal replay. (That corruption will be detected though.) + +* The LUKS2 metadata area increase is mainly needed for the new online + reencryption as the major feature for the next release. diff --git a/docs/v2.2.0-ReleaseNotes b/docs/v2.2.0-ReleaseNotes new file mode 100644 index 0000000..b1fd363 --- /dev/null +++ b/docs/v2.2.0-ReleaseNotes @@ -0,0 +1,279 @@ +Cryptsetup 2.2.0 Release Notes +============================== +Stable release with new experimental features and bug fixes. + +Cryptsetup 2.2 version introduces a new LUKS2 online reencryption +extension that allows reencryption of mounted LUKS2 devices +(device in use) in the background. + +Online reencryption is a complex feature. Please be sure you +have a full data backup before using this feature. + +Changes since version 2.1.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +LUKS2 online reencryption +~~~~~~~~~~~~~~~~~~~~~~~~~ + +The reencryption is intended to provide a reliable way to change +volume key or an algorithm change while the encrypted device is still +in use. + +It is based on userspace-only approach (no kernel changes needed) +that uses the device-mapper subsystem to remap active devices on-the-fly +dynamically. The device is split into several segments (encrypted by old +key, new key and so-called hotzone, where reencryption is actively running). + +The flexible LUKS2 metadata format is used to store intermediate states +(segment mappings) and both version of keyslots (old and new keys). +Also, it provides a binary area (in the unused keyslot area space) +to provide recovery metadata in the case of unexpected failure during +reencryption. LUKS2 header is during the reencryption marked with +"online-reencryption" keyword. After the reencryption is finished, +this keyword is removed, and the device is backward compatible with all +older cryptsetup tools (that support LUKS2). + +The recovery supports three resilience modes: + + - checksum: default mode, where individual checksums of ciphertext hotzone + sectors are stored, so the recovery process can detect which sectors were + already reencrypted. It requires that the device sector write is atomic. + + - journal: the hotzone is journaled in the binary area + (so the data are written twice) + + - none: performance mode; there is no protection + (similar to old offline reencryption) + +These resilience modes are not available if reencryption uses data shift. + +Note: until we have full documentation (both of the process and metadata), +please refer to Ondrej's slides (some slight details are no longer relevant) +https://okozina.fedorapeople.org/online-disk-reencryption-with-luks2-compact.pdf + +The offline reencryption tool (cryptsetup-reencrypt) is still supported +for both LUKS1 and LUKS2 format. + +Cryptsetup examples for reencryption +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The reencryption feature is integrated directly into cryptsetup utility +as the new "reencrypt" action (command). + +There are three basic modes - to perform reencryption (change of already +existing LUKS2 device), to add encryption to plaintext device and to remove +encryption from a device (decryption). + +In all cases, if existing LUKS2 metadata contains information about +the ongoing reencryption process, following reencrypt command continues +with the ongoing reencryption process until it is finished. + +You can activate a device with ongoing reencryption as the standard LUKS2 +device, but the reencryption process will not continue until the cryptsetup +reencrypt command is issued. + + +1) Reencryption +~~~~~~~~~~~~~~~ +This mode is intended to change any attribute of the data encryption +(change of the volume key, algorithm or sector size). +Note that authenticated encryption is not yet supported. + +You can start the reencryption process by specifying a LUKS2 device or with +a detached LUKS2 header. +The code should automatically recognize if the device is in use (and if it +should use online mode of reencryption). + +If you do not specify parameters, only volume key is changed +(a new random key is generated). + +# cryptsetup reencrypt [--header ] + +You can also start reencryption using active mapped device name: + # cryptsetup reencrypt --active-name + +You can also specify the resilience mode (none, checksum, journal) with +--resilience= option, for checksum mode also the hash algorithm with +--resilience-hash= (only hash algorithms supported by cryptographic +backend are available). + +The maximal size of reencryption hotzone can be limited by +--hotzone-size= option and applies to all reencryption modes. +Note that for checksum and journal mode hotzone size is also limited +by available space in binary keyslot area. + +2) Encryption +~~~~~~~~~~~~~ +This mode provides a way to encrypt a plaintext device to LUKS2 format. +This option requires reduction of device size (for LUKS2 header) or new +detached header. + + # cryptsetup reencrypt --encrypt --reduce-device-size + +Or with detached header: + # cryptsetup reencrypt --encrypt --header + +3) Decryption +~~~~~~~~~~~~~ +This mode provides the removal of existing LUKS2 encryption and replacing +a device with plaintext content only. +For now, we support only decryption with a detached header. + + # cryptsetup reencrypt --decrypt --header + +For all three modes, you can split the process to metadata initialization +(prepare keyslots and segments but do not run reencryption yet) and the data +reencryption step by using --init-only option. + +Prepares metadata: + # cryptsetup reencrypt --init-only + +Starts the data processing: + # cryptsetup reencrypt + +Please note, that due to the Linux kernel limitation, the encryption or +decryption process cannot be run entirely online - there must be at least +short offline window where operation adds/removes device-mapper crypt (LUKS2) layer. +This step should also include modification of /etc/crypttab and fstab UUIDs, +but it is out of the scope of cryptsetup tools. + +Limitations +~~~~~~~~~~~ +Most of these limitations will be (hopefully) fixed in next versions. + +* Only one active keyslot is supported (all old keyslots will be removed + after reencryption). + +* Only block devices are now supported as parameters. As a workaround + for images in a file, please explicitly map a loop device over the image + and use the loop device as the parameter. + +* Devices with authenticated encryption are not supported. (Later it will + be limited by the fixed per-sector metadata, per-sector metadata size + cannot be changed without a new device format operation.) + +* The reencryption uses userspace crypto library, with fallback to + the kernel (if available). There can be some specific configurations + where the fallback does not provide optimal performance. + +* There are no translations of error messages until the final release + (some messages can be rephrased as well). + +* The repair command is not finished; the recovery of interrupted + reencryption is made automatically on the first device activation. + +* Reencryption triggers too many udev scans on metadata updates (on closing + write enabled file descriptors). This has a negative performance impact on the whole + reencryption and generates excessive I/O load on the system. + +New libcryptsetup reencryption API +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +The libcryptsetup contains new API calls that are used to setup and +run the reencryption. + +Note that there can be some changes in API implementation of these functions +and/or some new function can be introduced in final cryptsetup 2.2 release. + +New API symbols (see documentation in libcryptsetup.h) +* struct crypt_params_reencrypt - reencryption parameters + +* crypt_reencrypt_init_by_passphrase +* crypt_reencrypt_init_by_keyring + - function to configure LUKS2 metadata for reencryption; + if metadata already exists, it configures the context from this metadata + +* crypt_reencrypt + - run the reencryption process (processing the data) + - the optional callback function can be used to interrupt the reencryption + or report the progress. + +* crypt_reencrypt_status + - function to query LUKS2 metadata about the reencryption state + +Other changes and fixes +~~~~~~~~~~~~~~~~~~~~~~~ +* Add optional global serialization lock for memory hard PBKDF. + (The --serialize-memory-hard-pbkdf option in cryptsetup and + CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF in activation flag.) + + This is an "ugly" optional workaround for a situation when multiple devices + are being activated in parallel (like systemd crypttab activation). + The system instead of returning ENOMEM (no memory available) starts + out-of-memory (OOM) killer to kill processes randomly. + + Until we find a reliable way how to work with memory-hard function + in these situations, cryptsetup provide a way how to serialize memory-hard + unlocking among parallel cryptsetup instances to workaround this problem. + This flag is intended to be used only in very specific situations, + never use it directly :-) + +* Abort conversion to LUKS1 with incompatible sector size that is + not supported in LUKS1. + +* Report error (-ENOENT) if no LUKS keyslots are available. User can now + distinguish between a wrong passphrase and no keyslot available. + +* Fix a possible segfault in detached header handling (double free). + +* Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. + Integritysetup now supports --integrity-bitmap-mode option and + --bitmap-sector-per-bit and --bitmap-flush-time commandline options. + + In the bitmap operation mode, if a bit in the bitmap is 1, the corresponding + region's data and integrity tags are not synchronized - if the machine + crashes, the unsynchronized regions will be recalculated. + The bitmap mode is faster than the journal mode because we don't have + to write the data twice, but it is also less reliable, because if data + corruption happens when the machine crashes, it may not be detected. + This can be used only for standalone devices, not with dm-crypt. + +* The libcryptsetup now keeps all file descriptors to underlying device + open during the whole lifetime of crypt device context to avoid excessive + scanning in udev (udev run scan on every descriptor close). + +* The luksDump command now prints more info for reencryption keyslot + (when a device is in-reencryption). + +* New --device-size parameter is supported for LUKS2 reencryption. + It may be used to encrypt/reencrypt only the initial part of the data + device if the user is aware that the rest of the device is empty. + + Note: This change causes API break since the last rc0 release + (crypt_params_reencrypt structure contains additional field). + +* New --resume-only parameter is supported for LUKS2 reencryption. + This flag resumes reencryption process if it exists (not starting + new reencryption). + +* The repair command now tries LUKS2 reencryption recovery if needed. + +* If reencryption device is a file image, an interactive dialog now + asks if reencryption should be run safely in offline mode + (if autodetection of active devices failed). + +* Fix activation through a token where dm-crypt volume key was not + set through keyring (but using old device-mapper table parameter mode). + +* Online reencryption can now retain all keyslots (if all passphrases + are provided). Note that keyslot numbers will change in this case. + +* Allow volume key file to be used if no LUKS2 keyslots are present. + If all keyslots are removed, LUKS2 has no longer information about + the volume key size (there is only key digest present). + Please use --key-size option to open the device or add a new keyslot + in these cases. + +* Print a warning if online reencrypt is called over LUKS1 (not supported). + +* Fix TCRYPT KDF failure in FIPS mode. + Some crypto backends support plain hash in FIPS mode but not for PBKDF2. + +* Remove FIPS mode restriction for crypt_volume_key_get. + It is an application responsibility to use this API in the proper context. + +* Reduce keyslots area size in luksFormat when the header device is too small. + Unless user explicitly asks for keyslots areas size (either via + --luks2-keyslots-size or --offset) reduce keyslots size so that it fits + in metadata device. + +* Make resize action accept --device-size parameter (supports units suffix). diff --git a/docs/v2.2.1-ReleaseNotes b/docs/v2.2.1-ReleaseNotes new file mode 100644 index 0000000..34bacc1 --- /dev/null +++ b/docs/v2.2.1-ReleaseNotes @@ -0,0 +1,36 @@ +Cryptsetup 2.2.1 Release Notes +============================== +Stable bug-fix release. + +This version contains a fix for a possible data corruption bug +on 32-bit platforms. +All users of cryptsetup 2.1 and 2.2 should upgrade to this version. + +Changes since version 2.2.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Fix possible data length and IV offset overflow on 32bit architectures. + Other 64-bit architectures are not affected. + + The flawed helper function prototypes (introduced in version 2.1.0) used + size_t type, that is 32-bit integer on 32-bit systems. + This patch fixes the problem to properly use 64-bit types. + + If the offset parameter addresses devices larger than 2TB, the value + overflows and stores incorrect information in the metadata. + For example, integrity device is smaller than expected size if used + over large disk on 32-bit architecture. + + This issue is not present with the standard LUKS1/LUKS2 devices without + integrity extensions. + +* Fix a regression in TrueCrypt/VeraCrypt system partition activation. + +* Reinstate missing backing file hint for loop device. + + If the encrypted device is backed by a file (loopback), cryptsetup now + shows the path to the backing file in passphrase query (as in 1.x version). + +* LUKS2 reencryption block size is now aligned to reported optimal IO size. + This change eliminates possible non-aligned device warnings in kernel log + during reencryption. diff --git a/docs/v2.2.2-ReleaseNotes b/docs/v2.2.2-ReleaseNotes new file mode 100644 index 0000000..9e68641 --- /dev/null +++ b/docs/v2.2.2-ReleaseNotes @@ -0,0 +1,56 @@ +Cryptsetup 2.2.2 Release Notes +============================== +Stable bug-fix release. + +All users of cryptsetup 2.1 and 2.2 should upgrade to this version. + +Changes since version 2.2.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Print error message if a keyslot open failed for a different reason + than wrong passwords (for example there is not enough memory). + Only an exit code was present in this case. + +* The progress function switches unit sizes (B/s to GiB/s) according + to the actual speed. Also, it properly calculates speed in the case + of a resumed reencryption operation. + +* The --version now supports short -V short option and better handles + common option priorities. + +* If cryptsetup wipes signatures during format actions through blkid, + it also prints signature device offsets. + +* Compilation now properly uses LTLIBINTL gettext setting in Makefiles. + +* Device-mapper backend now supports new DM_GET_TARGET_VERSION ioctl + (available since Linux kernel 5.4). + This should help to detect some kernel/userspace incompatibilities + earlier later after a failed device activation. + +* Fixes LUKS2 reencryption on systems without kernel keyring. + +* Fixes unlocking prompt for partitions mapped through loop devices + (to properly show the backing device). + +* For LUKS2 decryption, a device is now marked for deferred removal + to be automatically deactivated. + +* Reencryption now limits hotzone size to be maximal 1 GiB or 1/4 + system memory (if lower). + +* Reencryption now retains activation flags during online reencryption. + +* Reencryption now allows LUKS2 device to activate device right after + LUKS2 encryption is initialized through optional active device name + for cryptsetup reencrypt --encrypt command. + This could help with automated encryption during boot. + + NOTE: It means that part of the device is still not encrypted during + activation. Use with care! + +* Fixes failure in resize and plain format activation if activated device + size was not aligned to underlying logical device size. + +* Fixes conversion to LUKS2 format with detached header if a detached + header size was smaller than the expected aligned LUKS1 header size. diff --git a/docs/v2.3.0-ReleaseNotes b/docs/v2.3.0-ReleaseNotes new file mode 100644 index 0000000..2b582c3 --- /dev/null +++ b/docs/v2.3.0-ReleaseNotes @@ -0,0 +1,209 @@ +Cryptsetup 2.3.0 Release Notes +============================== +Stable release with new experimental features and bug fixes. + +Cryptsetup 2.3 version introduces support for BitLocker-compatible +devices (BITLK format). This format is used in Windows systems, +and in combination with a filesystem driver, cryptsetup now provides +native read-write access to BitLocker Full Disk Encryption devices. + +The BITLK implementation is based on publicly available information +and it is an independent and opensource implementation that allows +to access this proprietary disk encryption. + +Changes since version 2.2.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* BITLK (Windows BitLocker compatible) device access + + BITLK userspace implementation is based on the master thesis and code + provided by Vojtech Trefny. Also, thanks to other opensource projects + like libbde (that provide alternative approach to decode this format) + we were able to verify cryptsetup implementation. + + NOTE: Support for the BITLK device is EXPERIMENTAL and will require + a lot of testing. If you get some error message (mainly unsupported + metadata in the on-disk header), please help us by submitting an issue + to cryptsetup project, so we can fix it. Thank you! + + Cryptsetup supports BITLK activation through passphrase or recovery + passphrase for existing devices (BitLocker and Bitlocker to Go). + + Activation through TPM, SmartCard, or any other key protector + is not supported. And in some situations, mainly for TPM bind to some + PCR registers, it could be even impossible on Linux in the future. + + All metadata (key protectors) are handled read-only, cryptsetup cannot + create or modify them. Except for old devices (created in old Vista + systems), all format variants should be recognized. + + Data devices can be activated read-write (followed by mounting through + the proper filesystem driver). To access filesystem on the decrypted device + you need properly installed driver (vfat, NTFS or exFAT). + + Foe AES-XTS, activation is supported on all recent Linux kernels. + + For older AES-CBC encryption, Linux Kernel version 5.3 is required + (support for special IV variant); for AES-CBC with Elephant diffuser, + Linux Kernel 5.6 is required. + + Please note that CBC variants are legacy, and we provide it only + for backward compatibility (to be able to access old drives). + + Cryptsetup command now supports the new "bitlk" format and implement dump, + open, status, and close actions. + + To activate a BITLK device, use + + # cryptsetup open --type bitlk + or with alias + # cryptsetup bitlkOpen + + Then with properly installed fs driver (usually NTFS, vfat or exFAT), + you can mount the plaintext device /dev/mapper device as a common + filesystem. + + To print metadata information about BITLK device, use + # crypotsetup bitlkDump + + To print information about the active device, use + # cryptsetup status + + Example (activation of disk image): + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + # Recent blkid recognizes BitLocker device,just to verity + # blkid bitlocker_xts_ntfs.img + bitlocker_xts_ntfs.img: TYPE="BitLocker" + + # Print visible metadata information (on-disk, form the image) + # cryptsetup bitlkDump bitlocker_xts_ntfs.img + Info for BITLK device bitlocker_xts_ntfs.img. + Version: 2 + GUID: ... + Created: Wed Oct 23 17:38:15 2019 + Description: DESKTOP-xxxxxxx E: 23.10.2019 + Cipher name: aes + Cipher mode: xts-plain64 + Cipher key: 128 bits + + Keyslots: + 0: VMK + GUID: ... + Protection: VMK protected with passphrase + Salt: ... + Key data size: 44 [bytes] + 1: VMK + GUID: ... + Protection: VMK protected with recovery passphrase + Salt: ... + Key data size: 44 [bytes] + 2: FVEK + Key data size: 44 [bytes] + + # Activation (recovery passphrase works the same as password) + # cryptsetup bitlkOpen bitlocker_xts_ntfs.img test -v + Enter passphrase for bitlocker_xts_ntfs.img: + Command successful. + + # Information about the active device + # cryptsetup status test + /dev/mapper/test is active. + type: BITLK + cipher: aes-xts-plain64 + keysize: 128 bits + ... + + # Plaintext device should now contain decrypted NTFS filesystem + # blkid /dev/mapper/test + /dev/mapper/test: UUID="..." TYPE="ntfs" + + # And can be mounted + # mount /dev/mapper/test /mnt/tst + + # Deactivation + # umount /mnt/tst + # cryptsetup close test + +* Veritysetup now supports activation with additional PKCS7 signature + of root hash through --root-hash-signature option. + The signature uses an in-kernel trusted key to validate the signature + of the root hash during activation. This option requires Linux kernel + 5.4 with DM_VERITY_VERIFY_ROOTHASH_SIG option. + + Verity devices activated with signature now has a special flag + (with signature) active in device status (veritysetup status ). + + Usage: + # veritysetup open name \ + --root-hash-signature= + +* Integritysetup now calculates hash integrity size according to algorithm + instead of requiring an explicit tag size. + + Previously, when integritysetup formats a device with hash or + HMAC integrity checksums, it required explicitly tag size entry from + a user (or used default value). + This led to confusion and unexpected shortened tag sizes. + + Now, libcryptsetup calculates tag size according to real hash output. + Tag size can also be specified, then it warns if these values differ. + +* Integritysetup now supports fixed padding for dm-integrity devices. + + There was an in-kernel bug that wasted a lot of space when using metadata + areas for integrity-protected devices if a larger sector size than + 512 bytes was used. + This problem affects both stand-alone dm-integrity and also LUKS2 with + authenticated encryption and larger sector size. + + The new extension to dm-integrity superblock is needed, so devices + with the new optimal padding cannot be activated on older systems. + + Integritysetup/Cryptsetup will use new padding automatically if it + detects the proper kernel. To create a compatible device with + the old padding, use --integrity-legacy-padding option. + +* A lot of fixes to online LUKS2 reecryption. + +* Add crypt_resume_by_volume_key() function to libcryptsetup. + If a user has a volume key available, the LUKS device can be resumed + directly using the provided volume key. + No keyslot derivation is needed, only the key digest is checked. + +* Implement active device suspend info. + Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags + that informs the caller that device is suspended (luksSuspend). + +* Allow --test-passphrase for a detached header. + Before this fix, we required a data device specified on the command + line even though it was not necessary for the passphrase check. + +* Allow --key-file option in legacy offline encryption. + The option was ignored for LUKS1 encryption initialization. + +* Export memory safe functions. + To make developing of some extensions simpler, we now export + functions to handle memory with proper wipe on deallocation. + +* Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. + +Libcryptsetup API extensions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +The libcryptsetup API is backward compatible for existing symbols. + +New symbols + crypt_set_compatibility + crypt_get_compatibility; + crypt_resume_by_volume_key; + crypt_activate_by_signed_key; + crypt_safe_alloc; + crypt_safe_realloc; + crypt_safe_free; + crypt_safe_memzero; + +New defines introduced : + CRYPT_BITLK "BITLK" - BITLK (BitLocker-compatible mode + CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING - dm-integrity legacy padding + CRYPT_VERITY_ROOT_HASH_SIGNATURE - dm-verity root hash signature + CRYPT_ACTIVATE_SUSPENDED - device suspended info flag diff --git a/docs/v2.3.1-ReleaseNotes b/docs/v2.3.1-ReleaseNotes new file mode 100644 index 0000000..1c1d365 --- /dev/null +++ b/docs/v2.3.1-ReleaseNotes @@ -0,0 +1,45 @@ +Cryptsetup 2.3.1 Release Notes +============================== +Stable bug-fix release. + +All users of cryptsetup 2.x should upgrade to this version. + +Changes since version 2.3.0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Support VeraCrypt 128 bytes passwords. + VeraCrypt now allows passwords of maximal length 128 bytes + (compared to legacy TrueCrypt where it was limited by 64 bytes). + +* Strip extra newline from BitLocker recovery keys + There might be a trailing newline added by the text editor when + the recovery passphrase was passed using the --key-file option. + +* Detect separate libiconv library. + It should fix compilation issues on distributions with iconv + implemented in a separate library. + +* Various fixes and workarounds to build on old Linux distributions. + +* Split lines with hexadecimal digest printing for large key-sizes. + +* Do not wipe the device with no integrity profile. + With --integrity none we performed useless full device wipe. + +* Workaround for dm-integrity kernel table bug. + Some kernels show an invalid dm-integrity mapping table + if superblock contains the "recalculate" bit. This causes + integritysetup to not recognize the dm-integrity device. + Integritysetup now specifies kernel options such a way that + even on unpatched kernels mapping table is correct. + +* Print error message if LUKS1 keyslot cannot be processed. + If the crypto backend is missing support for hash algorithms + used in PBKDF2, the error message was not visible. + +* Properly align LUKS2 keyslots area on conversion. + If the LUKS1 payload offset (data offset) is not aligned + to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly. + +* Validate LUKS2 earlier on conversion to not corrupt the device + if binary keyslots areas metadata are not correct. diff --git a/docs/v2.3.2-ReleaseNotes b/docs/v2.3.2-ReleaseNotes new file mode 100644 index 0000000..eb0d447 --- /dev/null +++ b/docs/v2.3.2-ReleaseNotes @@ -0,0 +1,42 @@ +Cryptsetup 2.3.2 Release Notes +============================== +Stable bug-fix release. + +All users of cryptsetup 2.x should upgrade to this version. + +Changes since version 2.3.1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Support compilation with json-c library version 0.14. + +* Update FAQ document for some LUKS2 specific information. + +* Add option to dump content of LUKS2 unbound keyslot: + cryptsetup luksDump --unbound -S + or optionally with --master-key-file option. + + The slot number --key-slot (-S) option is mandatory here. + + An unbound keyslot store a key is that is not assigned to data + area on disk (LUKS2 allows to store arbitrary keys). + +* Rephrase some error messages and remove redundant end-of-lines. + +* Add support for discards (TRIM) for standalone dm-integrity devices. + Linux kernel 5.7 adds support for optional discard/TRIM operation + over dm-integrity devices. + + It is now supported through --allow-discards integritysetup option. + Note you need to add this flag in all activation calls. + + Note that this option cannot be used for LUKS2 authenticated encryption + (that uses dm-integrity for storing additional per-sector metadata). + +* Fix cryptsetup-reencrypt to work on devices that do not allow + direct-io device access. + +* Fix a crash in the BitLocker-compatible code error path. + +* Fix Veracrypt compatible support for longer (>64 bytes) passphrases. + It allows some older images to be correctly opened again. + The issue was introduced in version 2.3.1. diff --git a/docs/v2.3.3-ReleaseNotes b/docs/v2.3.3-ReleaseNotes new file mode 100644 index 0000000..75471ac --- /dev/null +++ b/docs/v2.3.3-ReleaseNotes @@ -0,0 +1,42 @@ +Cryptsetup 2.3.3 Release Notes +============================== +Stable bug-fix release. + +All users of cryptsetup 2.x should upgrade to this version. + +Changes since version 2.3.2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* Fix BitLocker compatible device access that uses native 4kB sectors. + + Devices formatted with storage that natively support 4096-bytes + sectors can also use this sector size for encryption units. + +* Support large IV count (--iv-large-sectors) cryptsetup option + for plain device mapping. + + The large IV count is supported in dm-crypt together with larger + sector encryption. It counts the Initialization Vector (IV) in + a larger sector size instead of 512-bytes sectors. + + This option does not have any performance or security impact, + but it can be used for accessing incompatible existing disk images + from other systems. + + Only open action with plain device type and sector size > 512 bytes + are supported. + +* Fix a memory leak in BitLocker compatible handling. + +* Allow EBOIV (Initialization Vector algorithm) use. + + The EBOIV initialization vector is intended to be used internally + with BitLocker devices (for CBC mode). It can now be used also + outside of the BitLocker compatible code. + +* Require both keyslot cipher and key size options. + + If these LUKS2 keyslot parameters were not specified together, + cryptsetup silently failed. + +* Update to man pages and FAQ. diff --git a/lib/Makefile.am b/lib/Makefile.am deleted file mode 100644 index 6662568..0000000 --- a/lib/Makefile.am +++ /dev/null @@ -1,70 +0,0 @@ -SUBDIRS = crypto_backend luks1 loopaes verity tcrypt - -moduledir = $(libdir)/cryptsetup - -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = libcryptsetup.pc - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir) \ - -I$(top_srcdir)/lib/crypto_backend \ - -I$(top_srcdir)/lib/luks1 \ - -I$(top_srcdir)/lib/loopaes \ - -I$(top_srcdir)/lib/verity \ - -I$(top_srcdir)/lib/tcrypt \ - -DDATADIR=\""$(datadir)"\" \ - -DLIBDIR=\""$(libdir)"\" \ - -DPREFIX=\""$(prefix)"\" \ - -DSYSCONFDIR=\""$(sysconfdir)"\" \ - -DVERSION=\""$(VERSION)"\" - -lib_LTLIBRARIES = libcryptsetup.la - -common_ldadd = \ - crypto_backend/libcrypto_backend.la \ - luks1/libluks1.la \ - loopaes/libloopaes.la \ - verity/libverity.la \ - tcrypt/libtcrypt.la - -libcryptsetup_la_DEPENDENCIES = $(common_ldadd) libcryptsetup.sym - -libcryptsetup_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined \ - -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \ - -version-info @LIBCRYPTSETUP_VERSION_INFO@ - -libcryptsetup_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ - -libcryptsetup_la_LIBADD = \ - @UUID_LIBS@ \ - @DEVMAPPER_LIBS@ \ - @CRYPTO_LIBS@ \ - $(common_ldadd) - - -libcryptsetup_la_SOURCES = \ - setup.c \ - internal.h \ - bitops.h \ - nls.h \ - libcryptsetup.h \ - utils.c \ - utils_benchmark.c \ - utils_crypt.c \ - utils_crypt.h \ - utils_loop.c \ - utils_loop.h \ - utils_devpath.c \ - utils_wipe.c \ - utils_fips.c \ - utils_fips.h \ - utils_device.c \ - libdevmapper.c \ - utils_dm.h \ - volumekey.c \ - random.c \ - crypt_plain.c - -include_HEADERS = libcryptsetup.h - -EXTRA_DIST = libcryptsetup.pc.in libcryptsetup.sym diff --git a/lib/Makefile.in b/lib/Makefile.in deleted file mode 100644 index ca389bc..0000000 --- a/lib/Makefile.in +++ /dev/null @@ -1,1023 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - - - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = lib -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/libcryptsetup.pc.in $(top_srcdir)/depcomp \ - $(include_HEADERS) -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = libcryptsetup.pc -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" \ - "$(DESTDIR)$(includedir)" -LTLIBRARIES = $(lib_LTLIBRARIES) -am_libcryptsetup_la_OBJECTS = libcryptsetup_la-setup.lo \ - libcryptsetup_la-utils.lo libcryptsetup_la-utils_benchmark.lo \ - libcryptsetup_la-utils_crypt.lo libcryptsetup_la-utils_loop.lo \ - libcryptsetup_la-utils_devpath.lo \ - libcryptsetup_la-utils_wipe.lo libcryptsetup_la-utils_fips.lo \ - libcryptsetup_la-utils_device.lo \ - libcryptsetup_la-libdevmapper.lo libcryptsetup_la-volumekey.lo \ - libcryptsetup_la-random.lo libcryptsetup_la-crypt_plain.lo -libcryptsetup_la_OBJECTS = $(am_libcryptsetup_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libcryptsetup_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(libcryptsetup_la_CFLAGS) $(CFLAGS) \ - $(libcryptsetup_la_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libcryptsetup_la_SOURCES) -DIST_SOURCES = $(libcryptsetup_la_SOURCES) -RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ - ctags-recursive dvi-recursive html-recursive info-recursive \ - install-data-recursive install-dvi-recursive \ - install-exec-recursive install-html-recursive \ - install-info-recursive install-pdf-recursive \ - install-ps-recursive install-recursive installcheck-recursive \ - installdirs-recursive pdf-recursive ps-recursive \ - tags-recursive uninstall-recursive -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -DATA = $(pkgconfig_DATA) -HEADERS = $(include_HEADERS) -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -am__recursive_targets = \ - $(RECURSIVE_TARGETS) \ - $(RECURSIVE_CLEAN_TARGETS) \ - $(am__extra_recursive_targets) -AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - distdir -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = $(SUBDIRS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -SUBDIRS = crypto_backend luks1 loopaes verity tcrypt -moduledir = $(libdir)/cryptsetup -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = libcryptsetup.pc -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir) \ - -I$(top_srcdir)/lib/crypto_backend \ - -I$(top_srcdir)/lib/luks1 \ - -I$(top_srcdir)/lib/loopaes \ - -I$(top_srcdir)/lib/verity \ - -I$(top_srcdir)/lib/tcrypt \ - -DDATADIR=\""$(datadir)"\" \ - -DLIBDIR=\""$(libdir)"\" \ - -DPREFIX=\""$(prefix)"\" \ - -DSYSCONFDIR=\""$(sysconfdir)"\" \ - -DVERSION=\""$(VERSION)"\" - -lib_LTLIBRARIES = libcryptsetup.la -common_ldadd = \ - crypto_backend/libcrypto_backend.la \ - luks1/libluks1.la \ - loopaes/libloopaes.la \ - verity/libverity.la \ - tcrypt/libtcrypt.la - -libcryptsetup_la_DEPENDENCIES = $(common_ldadd) libcryptsetup.sym -libcryptsetup_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined \ - -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \ - -version-info @LIBCRYPTSETUP_VERSION_INFO@ - -libcryptsetup_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ -libcryptsetup_la_LIBADD = \ - @UUID_LIBS@ \ - @DEVMAPPER_LIBS@ \ - @CRYPTO_LIBS@ \ - $(common_ldadd) - -libcryptsetup_la_SOURCES = \ - setup.c \ - internal.h \ - bitops.h \ - nls.h \ - libcryptsetup.h \ - utils.c \ - utils_benchmark.c \ - utils_crypt.c \ - utils_crypt.h \ - utils_loop.c \ - utils_loop.h \ - utils_devpath.c \ - utils_wipe.c \ - utils_fips.c \ - utils_fips.h \ - utils_device.c \ - libdevmapper.c \ - utils_dm.h \ - volumekey.c \ - random.c \ - crypt_plain.c - -include_HEADERS = libcryptsetup.h -EXTRA_DIST = libcryptsetup.pc.in libcryptsetup.sym -all: all-recursive - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu lib/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -libcryptsetup.pc: $(top_builddir)/config.status $(srcdir)/libcryptsetup.pc.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ - -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ - } - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libcryptsetup.la: $(libcryptsetup_la_OBJECTS) $(libcryptsetup_la_DEPENDENCIES) $(EXTRA_libcryptsetup_la_DEPENDENCIES) - $(AM_V_CCLD)$(libcryptsetup_la_LINK) -rpath $(libdir) $(libcryptsetup_la_OBJECTS) $(libcryptsetup_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-random.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-setup.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils_device.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils_fips.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils_loop.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcryptsetup_la-volumekey.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libcryptsetup_la-setup.lo: setup.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-setup.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-setup.Tpo -c -o libcryptsetup_la-setup.lo `test -f 'setup.c' || echo '$(srcdir)/'`setup.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-setup.Tpo $(DEPDIR)/libcryptsetup_la-setup.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='setup.c' object='libcryptsetup_la-setup.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-setup.lo `test -f 'setup.c' || echo '$(srcdir)/'`setup.c - -libcryptsetup_la-utils.lo: utils.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils.Tpo -c -o libcryptsetup_la-utils.lo `test -f 'utils.c' || echo '$(srcdir)/'`utils.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils.Tpo $(DEPDIR)/libcryptsetup_la-utils.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils.c' object='libcryptsetup_la-utils.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils.lo `test -f 'utils.c' || echo '$(srcdir)/'`utils.c - -libcryptsetup_la-utils_benchmark.lo: utils_benchmark.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils_benchmark.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils_benchmark.Tpo -c -o libcryptsetup_la-utils_benchmark.lo `test -f 'utils_benchmark.c' || echo '$(srcdir)/'`utils_benchmark.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils_benchmark.Tpo $(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_benchmark.c' object='libcryptsetup_la-utils_benchmark.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils_benchmark.lo `test -f 'utils_benchmark.c' || echo '$(srcdir)/'`utils_benchmark.c - -libcryptsetup_la-utils_crypt.lo: utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils_crypt.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils_crypt.Tpo -c -o libcryptsetup_la-utils_crypt.lo `test -f 'utils_crypt.c' || echo '$(srcdir)/'`utils_crypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils_crypt.Tpo $(DEPDIR)/libcryptsetup_la-utils_crypt.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_crypt.c' object='libcryptsetup_la-utils_crypt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils_crypt.lo `test -f 'utils_crypt.c' || echo '$(srcdir)/'`utils_crypt.c - -libcryptsetup_la-utils_loop.lo: utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils_loop.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils_loop.Tpo -c -o libcryptsetup_la-utils_loop.lo `test -f 'utils_loop.c' || echo '$(srcdir)/'`utils_loop.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils_loop.Tpo $(DEPDIR)/libcryptsetup_la-utils_loop.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_loop.c' object='libcryptsetup_la-utils_loop.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils_loop.lo `test -f 'utils_loop.c' || echo '$(srcdir)/'`utils_loop.c - -libcryptsetup_la-utils_devpath.lo: utils_devpath.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils_devpath.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils_devpath.Tpo -c -o libcryptsetup_la-utils_devpath.lo `test -f 'utils_devpath.c' || echo '$(srcdir)/'`utils_devpath.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils_devpath.Tpo $(DEPDIR)/libcryptsetup_la-utils_devpath.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_devpath.c' object='libcryptsetup_la-utils_devpath.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils_devpath.lo `test -f 'utils_devpath.c' || echo '$(srcdir)/'`utils_devpath.c - -libcryptsetup_la-utils_wipe.lo: utils_wipe.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils_wipe.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils_wipe.Tpo -c -o libcryptsetup_la-utils_wipe.lo `test -f 'utils_wipe.c' || echo '$(srcdir)/'`utils_wipe.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils_wipe.Tpo $(DEPDIR)/libcryptsetup_la-utils_wipe.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_wipe.c' object='libcryptsetup_la-utils_wipe.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils_wipe.lo `test -f 'utils_wipe.c' || echo '$(srcdir)/'`utils_wipe.c - -libcryptsetup_la-utils_fips.lo: utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils_fips.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils_fips.Tpo -c -o libcryptsetup_la-utils_fips.lo `test -f 'utils_fips.c' || echo '$(srcdir)/'`utils_fips.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils_fips.Tpo $(DEPDIR)/libcryptsetup_la-utils_fips.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_fips.c' object='libcryptsetup_la-utils_fips.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils_fips.lo `test -f 'utils_fips.c' || echo '$(srcdir)/'`utils_fips.c - -libcryptsetup_la-utils_device.lo: utils_device.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-utils_device.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-utils_device.Tpo -c -o libcryptsetup_la-utils_device.lo `test -f 'utils_device.c' || echo '$(srcdir)/'`utils_device.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-utils_device.Tpo $(DEPDIR)/libcryptsetup_la-utils_device.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils_device.c' object='libcryptsetup_la-utils_device.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-utils_device.lo `test -f 'utils_device.c' || echo '$(srcdir)/'`utils_device.c - -libcryptsetup_la-libdevmapper.lo: libdevmapper.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-libdevmapper.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-libdevmapper.Tpo -c -o libcryptsetup_la-libdevmapper.lo `test -f 'libdevmapper.c' || echo '$(srcdir)/'`libdevmapper.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-libdevmapper.Tpo $(DEPDIR)/libcryptsetup_la-libdevmapper.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='libdevmapper.c' object='libcryptsetup_la-libdevmapper.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-libdevmapper.lo `test -f 'libdevmapper.c' || echo '$(srcdir)/'`libdevmapper.c - -libcryptsetup_la-volumekey.lo: volumekey.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-volumekey.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-volumekey.Tpo -c -o libcryptsetup_la-volumekey.lo `test -f 'volumekey.c' || echo '$(srcdir)/'`volumekey.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-volumekey.Tpo $(DEPDIR)/libcryptsetup_la-volumekey.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='volumekey.c' object='libcryptsetup_la-volumekey.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-volumekey.lo `test -f 'volumekey.c' || echo '$(srcdir)/'`volumekey.c - -libcryptsetup_la-random.lo: random.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-random.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-random.Tpo -c -o libcryptsetup_la-random.lo `test -f 'random.c' || echo '$(srcdir)/'`random.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-random.Tpo $(DEPDIR)/libcryptsetup_la-random.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='random.c' object='libcryptsetup_la-random.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-random.lo `test -f 'random.c' || echo '$(srcdir)/'`random.c - -libcryptsetup_la-crypt_plain.lo: crypt_plain.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT libcryptsetup_la-crypt_plain.lo -MD -MP -MF $(DEPDIR)/libcryptsetup_la-crypt_plain.Tpo -c -o libcryptsetup_la-crypt_plain.lo `test -f 'crypt_plain.c' || echo '$(srcdir)/'`crypt_plain.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcryptsetup_la-crypt_plain.Tpo $(DEPDIR)/libcryptsetup_la-crypt_plain.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypt_plain.c' object='libcryptsetup_la-crypt_plain.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o libcryptsetup_la-crypt_plain.lo `test -f 'crypt_plain.c' || echo '$(srcdir)/'`crypt_plain.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-pkgconfigDATA: $(pkgconfig_DATA) - @$(NORMAL_INSTALL) - @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ - done - -uninstall-pkgconfigDATA: - @$(NORMAL_UNINSTALL) - @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) -install-includeHEADERS: $(include_HEADERS) - @$(NORMAL_INSTALL) - @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ - $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ - done - -uninstall-includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) - -# This directory's subdirectories are mostly independent; you can cd -# into them and run 'make' without going through this Makefile. -# To change the values of 'make' variables: instead of editing Makefiles, -# (1) if the variable is set in 'config.status', edit 'config.status' -# (which will cause the Makefiles to be regenerated when you run 'make'); -# (2) otherwise, pass the desired values on the 'make' command line. -$(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-recursive -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-recursive - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-recursive - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - $(am__make_dryrun) \ - || test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-recursive -all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) -installdirs: installdirs-recursive -installdirs-am: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(includedir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive - -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-recursive - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: install-includeHEADERS install-pkgconfigDATA - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: install-libLTLIBRARIES - -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ - uninstall-pkgconfigDATA - -.MAKE: $(am__recursive_targets) install-am install-strip - -.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-am clean clean-generic clean-libLTLIBRARIES \ - clean-libtool cscopelist-am ctags ctags-am distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-includeHEADERS install-info \ - install-info-am install-libLTLIBRARIES install-man install-pdf \ - install-pdf-am install-pkgconfigDATA install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am uninstall-includeHEADERS uninstall-libLTLIBRARIES \ - uninstall-pkgconfigDATA - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/Makemodule.am b/lib/Makemodule.am new file mode 100644 index 0000000..bf4230b --- /dev/null +++ b/lib/Makemodule.am @@ -0,0 +1,115 @@ +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = lib/libcryptsetup.pc + +lib_LTLIBRARIES = libcryptsetup.la + +noinst_LTLIBRARIES += libutils_io.la + +include_HEADERS = lib/libcryptsetup.h + +EXTRA_DIST += lib/libcryptsetup.pc.in lib/libcryptsetup.sym + +libutils_io_la_CFLAGS = $(AM_CFLAGS) + +libutils_io_la_SOURCES = \ + lib/utils_io.c \ + lib/utils_io.h + +libcryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) \ + -I $(top_srcdir)/lib/crypto_backend \ + -I $(top_srcdir)/lib/luks1 \ + -I $(top_srcdir)/lib/luks2 \ + -I $(top_srcdir)/lib/loopaes \ + -I $(top_srcdir)/lib/verity \ + -I $(top_srcdir)/lib/tcrypt \ + -I $(top_srcdir)/lib/integrity \ + -I $(top_srcdir)/lib/bitlk + +libcryptsetup_la_DEPENDENCIES = libutils_io.la libcrypto_backend.la lib/libcryptsetup.sym + +libcryptsetup_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined \ + -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \ + -version-info @LIBCRYPTSETUP_VERSION_INFO@ + +libcryptsetup_la_CFLAGS = $(AM_CFLAGS) @CRYPTO_CFLAGS@ + +libcryptsetup_la_LIBADD = \ + @UUID_LIBS@ \ + @DEVMAPPER_LIBS@ \ + @CRYPTO_LIBS@ \ + @LIBARGON2_LIBS@ \ + @JSON_C_LIBS@ \ + @BLKID_LIBS@ \ + $(LTLIBICONV) \ + libcrypto_backend.la \ + libutils_io.la + +libcryptsetup_la_SOURCES = \ + lib/setup.c \ + lib/internal.h \ + lib/bitops.h \ + lib/nls.h \ + lib/libcryptsetup.h \ + lib/utils.c \ + lib/utils_benchmark.c \ + lib/utils_crypt.c \ + lib/utils_crypt.h \ + lib/utils_loop.c \ + lib/utils_loop.h \ + lib/utils_devpath.c \ + lib/utils_wipe.c \ + lib/utils_fips.c \ + lib/utils_fips.h \ + lib/utils_device.c \ + lib/utils_keyring.c \ + lib/utils_keyring.h \ + lib/utils_device_locking.c \ + lib/utils_device_locking.h \ + lib/utils_pbkdf.c \ + lib/utils_safe_memory.c \ + lib/utils_storage_wrappers.c \ + lib/utils_storage_wrappers.h \ + lib/libdevmapper.c \ + lib/utils_dm.h \ + lib/volumekey.c \ + lib/random.c \ + lib/crypt_plain.c \ + lib/base64.h \ + lib/base64.c \ + lib/integrity/integrity.h \ + lib/integrity/integrity.c \ + lib/loopaes/loopaes.h \ + lib/loopaes/loopaes.c \ + lib/tcrypt/tcrypt.h \ + lib/tcrypt/tcrypt.c \ + lib/luks1/af.h \ + lib/luks1/af.c \ + lib/luks1/keyencryption.c \ + lib/luks1/keymanage.c \ + lib/luks1/luks.h \ + lib/verity/verity_hash.c \ + lib/verity/verity_fec.c \ + lib/verity/verity.c \ + lib/verity/verity.h \ + lib/verity/rs_encode_char.c \ + lib/verity/rs_decode_char.c \ + lib/verity/rs.h \ + lib/luks2/luks2_disk_metadata.c \ + lib/luks2/luks2_json_format.c \ + lib/luks2/luks2_json_metadata.c \ + lib/luks2/luks2_luks1_convert.c \ + lib/luks2/luks2_digest.c \ + lib/luks2/luks2_digest_pbkdf2.c \ + lib/luks2/luks2_keyslot.c \ + lib/luks2/luks2_keyslot_luks2.c \ + lib/luks2/luks2_keyslot_reenc.c \ + lib/luks2/luks2_reencrypt.c \ + lib/luks2/luks2_segment.c \ + lib/luks2/luks2_token_keyring.c \ + lib/luks2/luks2_token.c \ + lib/luks2/luks2_internal.h \ + lib/luks2/luks2.h \ + lib/utils_blkid.c \ + lib/utils_blkid.h \ + lib/bitlk/bitlk.h \ + lib/bitlk/bitlk.c diff --git a/lib/base64.c b/lib/base64.c new file mode 100644 index 0000000..aafb901 --- /dev/null +++ b/lib/base64.c @@ -0,0 +1,605 @@ +/* base64.c -- Encode binary data using printable characters. + Copyright (C) 1999-2001, 2004-2006, 2009-2019 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . */ + +/* Written by Simon Josefsson. Partially adapted from GNU MailUtils + * (mailbox/filter_trans.c, as of 2004-11-28). Improved by review + * from Paul Eggert, Bruno Haible, and Stepan Kasal. + * + * See also RFC 4648 . + * + * Be careful with error checking. Here is how you would typically + * use these functions: + * + * bool ok = base64_decode_alloc (in, inlen, &out, &outlen); + * if (!ok) + * FAIL: input was not valid base64 + * if (out == NULL) + * FAIL: memory allocation error + * OK: data in OUT/OUTLEN + * + * size_t outlen = base64_encode_alloc (in, inlen, &out); + * if (out == NULL && outlen == 0 && inlen != 0) + * FAIL: input too long + * if (out == NULL) + * FAIL: memory allocation error + * OK: data in OUT/OUTLEN. + * + */ + +#include + +/* Get prototype. */ +#include "base64.h" + +/* Get malloc. */ +#include + +/* Get UCHAR_MAX. */ +#include + +#include + +/* C89 compliant way to cast 'char' to 'unsigned char'. */ +static unsigned char +to_uchar (char ch) +{ + return ch; +} + +static const char b64c[64] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +/* Base64 encode IN array of size INLEN into OUT array. OUT needs + to be of length >= BASE64_LENGTH(INLEN), and INLEN needs to be + a multiple of 3. */ +static void +base64_encode_fast (const char *restrict in, size_t inlen, char *restrict out) +{ + while (inlen) + { + *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f]; + *out++ = b64c[((to_uchar (in[0]) << 4) + (to_uchar (in[1]) >> 4)) & 0x3f]; + *out++ = b64c[((to_uchar (in[1]) << 2) + (to_uchar (in[2]) >> 6)) & 0x3f]; + *out++ = b64c[to_uchar (in[2]) & 0x3f]; + + inlen -= 3; + in += 3; + } +} + +/* Base64 encode IN array of size INLEN into OUT array of size OUTLEN. + If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as + possible. If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero + terminate the output buffer. */ +void +base64_encode (const char *restrict in, size_t inlen, + char *restrict out, size_t outlen) +{ + /* Note this outlen constraint can be enforced at compile time. + I.E. that the output buffer is exactly large enough to hold + the encoded inlen bytes. The inlen constraints (of corresponding + to outlen, and being a multiple of 3) can change at runtime + at the end of input. However the common case when reading + large inputs is to have both constraints satisfied, so we depend + on both in base_encode_fast(). */ + if (outlen % 4 == 0 && inlen == outlen / 4 * 3) + { + base64_encode_fast (in, inlen, out); + return; + } + + while (inlen && outlen) + { + *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f]; + if (!--outlen) + break; + *out++ = b64c[((to_uchar (in[0]) << 4) + + (--inlen ? to_uchar (in[1]) >> 4 : 0)) + & 0x3f]; + if (!--outlen) + break; + *out++ = + (inlen + ? b64c[((to_uchar (in[1]) << 2) + + (--inlen ? to_uchar (in[2]) >> 6 : 0)) + & 0x3f] + : '='); + if (!--outlen) + break; + *out++ = inlen ? b64c[to_uchar (in[2]) & 0x3f] : '='; + if (!--outlen) + break; + if (inlen) + inlen--; + if (inlen) + in += 3; + } + + if (outlen) + *out = '\0'; +} + +/* Allocate a buffer and store zero terminated base64 encoded data + from array IN of size INLEN, returning BASE64_LENGTH(INLEN), i.e., + the length of the encoded data, excluding the terminating zero. On + return, the OUT variable will hold a pointer to newly allocated + memory that must be deallocated by the caller. If output string + length would overflow, 0 is returned and OUT is set to NULL. If + memory allocation failed, OUT is set to NULL, and the return value + indicates length of the requested memory block, i.e., + BASE64_LENGTH(inlen) + 1. */ +size_t +base64_encode_alloc (const char *in, size_t inlen, char **out) +{ + size_t outlen = 1 + BASE64_LENGTH (inlen); + + /* Check for overflow in outlen computation. + * + * If there is no overflow, outlen >= inlen. + * + * If the operation (inlen + 2) overflows then it yields at most +1, so + * outlen is 0. + * + * If the multiplication overflows, we lose at least half of the + * correct value, so the result is < ((inlen + 2) / 3) * 2, which is + * less than (inlen + 2) * 0.66667, which is less than inlen as soon as + * (inlen > 4). + */ + if (inlen > outlen) + { + *out = NULL; + return 0; + } + + *out = malloc (outlen); + if (!*out) + return outlen; + + base64_encode (in, inlen, *out, outlen); + + return outlen - 1; +} + +/* With this approach this file works independent of the charset used + (think EBCDIC). However, it does assume that the characters in the + Base64 alphabet (A-Za-z0-9+/) are encoded in 0..255. POSIX + 1003.1-2001 require that char and unsigned char are 8-bit + quantities, though, taking care of that problem. But this may be a + potential problem on non-POSIX C99 platforms. + + IBM C V6 for AIX mishandles "#define B64(x) ...'x'...", so use "_" + as the formal parameter rather than "x". */ +#define B64(_) \ + ((_) == 'A' ? 0 \ + : (_) == 'B' ? 1 \ + : (_) == 'C' ? 2 \ + : (_) == 'D' ? 3 \ + : (_) == 'E' ? 4 \ + : (_) == 'F' ? 5 \ + : (_) == 'G' ? 6 \ + : (_) == 'H' ? 7 \ + : (_) == 'I' ? 8 \ + : (_) == 'J' ? 9 \ + : (_) == 'K' ? 10 \ + : (_) == 'L' ? 11 \ + : (_) == 'M' ? 12 \ + : (_) == 'N' ? 13 \ + : (_) == 'O' ? 14 \ + : (_) == 'P' ? 15 \ + : (_) == 'Q' ? 16 \ + : (_) == 'R' ? 17 \ + : (_) == 'S' ? 18 \ + : (_) == 'T' ? 19 \ + : (_) == 'U' ? 20 \ + : (_) == 'V' ? 21 \ + : (_) == 'W' ? 22 \ + : (_) == 'X' ? 23 \ + : (_) == 'Y' ? 24 \ + : (_) == 'Z' ? 25 \ + : (_) == 'a' ? 26 \ + : (_) == 'b' ? 27 \ + : (_) == 'c' ? 28 \ + : (_) == 'd' ? 29 \ + : (_) == 'e' ? 30 \ + : (_) == 'f' ? 31 \ + : (_) == 'g' ? 32 \ + : (_) == 'h' ? 33 \ + : (_) == 'i' ? 34 \ + : (_) == 'j' ? 35 \ + : (_) == 'k' ? 36 \ + : (_) == 'l' ? 37 \ + : (_) == 'm' ? 38 \ + : (_) == 'n' ? 39 \ + : (_) == 'o' ? 40 \ + : (_) == 'p' ? 41 \ + : (_) == 'q' ? 42 \ + : (_) == 'r' ? 43 \ + : (_) == 's' ? 44 \ + : (_) == 't' ? 45 \ + : (_) == 'u' ? 46 \ + : (_) == 'v' ? 47 \ + : (_) == 'w' ? 48 \ + : (_) == 'x' ? 49 \ + : (_) == 'y' ? 50 \ + : (_) == 'z' ? 51 \ + : (_) == '0' ? 52 \ + : (_) == '1' ? 53 \ + : (_) == '2' ? 54 \ + : (_) == '3' ? 55 \ + : (_) == '4' ? 56 \ + : (_) == '5' ? 57 \ + : (_) == '6' ? 58 \ + : (_) == '7' ? 59 \ + : (_) == '8' ? 60 \ + : (_) == '9' ? 61 \ + : (_) == '+' ? 62 \ + : (_) == '/' ? 63 \ + : -1) + +static const signed char b64[0x100] = { + B64 (0), B64 (1), B64 (2), B64 (3), + B64 (4), B64 (5), B64 (6), B64 (7), + B64 (8), B64 (9), B64 (10), B64 (11), + B64 (12), B64 (13), B64 (14), B64 (15), + B64 (16), B64 (17), B64 (18), B64 (19), + B64 (20), B64 (21), B64 (22), B64 (23), + B64 (24), B64 (25), B64 (26), B64 (27), + B64 (28), B64 (29), B64 (30), B64 (31), + B64 (32), B64 (33), B64 (34), B64 (35), + B64 (36), B64 (37), B64 (38), B64 (39), + B64 (40), B64 (41), B64 (42), B64 (43), + B64 (44), B64 (45), B64 (46), B64 (47), + B64 (48), B64 (49), B64 (50), B64 (51), + B64 (52), B64 (53), B64 (54), B64 (55), + B64 (56), B64 (57), B64 (58), B64 (59), + B64 (60), B64 (61), B64 (62), B64 (63), + B64 (64), B64 (65), B64 (66), B64 (67), + B64 (68), B64 (69), B64 (70), B64 (71), + B64 (72), B64 (73), B64 (74), B64 (75), + B64 (76), B64 (77), B64 (78), B64 (79), + B64 (80), B64 (81), B64 (82), B64 (83), + B64 (84), B64 (85), B64 (86), B64 (87), + B64 (88), B64 (89), B64 (90), B64 (91), + B64 (92), B64 (93), B64 (94), B64 (95), + B64 (96), B64 (97), B64 (98), B64 (99), + B64 (100), B64 (101), B64 (102), B64 (103), + B64 (104), B64 (105), B64 (106), B64 (107), + B64 (108), B64 (109), B64 (110), B64 (111), + B64 (112), B64 (113), B64 (114), B64 (115), + B64 (116), B64 (117), B64 (118), B64 (119), + B64 (120), B64 (121), B64 (122), B64 (123), + B64 (124), B64 (125), B64 (126), B64 (127), + B64 (128), B64 (129), B64 (130), B64 (131), + B64 (132), B64 (133), B64 (134), B64 (135), + B64 (136), B64 (137), B64 (138), B64 (139), + B64 (140), B64 (141), B64 (142), B64 (143), + B64 (144), B64 (145), B64 (146), B64 (147), + B64 (148), B64 (149), B64 (150), B64 (151), + B64 (152), B64 (153), B64 (154), B64 (155), + B64 (156), B64 (157), B64 (158), B64 (159), + B64 (160), B64 (161), B64 (162), B64 (163), + B64 (164), B64 (165), B64 (166), B64 (167), + B64 (168), B64 (169), B64 (170), B64 (171), + B64 (172), B64 (173), B64 (174), B64 (175), + B64 (176), B64 (177), B64 (178), B64 (179), + B64 (180), B64 (181), B64 (182), B64 (183), + B64 (184), B64 (185), B64 (186), B64 (187), + B64 (188), B64 (189), B64 (190), B64 (191), + B64 (192), B64 (193), B64 (194), B64 (195), + B64 (196), B64 (197), B64 (198), B64 (199), + B64 (200), B64 (201), B64 (202), B64 (203), + B64 (204), B64 (205), B64 (206), B64 (207), + B64 (208), B64 (209), B64 (210), B64 (211), + B64 (212), B64 (213), B64 (214), B64 (215), + B64 (216), B64 (217), B64 (218), B64 (219), + B64 (220), B64 (221), B64 (222), B64 (223), + B64 (224), B64 (225), B64 (226), B64 (227), + B64 (228), B64 (229), B64 (230), B64 (231), + B64 (232), B64 (233), B64 (234), B64 (235), + B64 (236), B64 (237), B64 (238), B64 (239), + B64 (240), B64 (241), B64 (242), B64 (243), + B64 (244), B64 (245), B64 (246), B64 (247), + B64 (248), B64 (249), B64 (250), B64 (251), + B64 (252), B64 (253), B64 (254), B64 (255) +}; + +#if UCHAR_MAX == 255 +# define uchar_in_range(c) true +#else +# define uchar_in_range(c) ((c) <= 255) +#endif + +/* Return true if CH is a character from the Base64 alphabet, and + false otherwise. Note that '=' is padding and not considered to be + part of the alphabet. */ +bool +isbase64 (char ch) +{ + return uchar_in_range (to_uchar (ch)) && 0 <= b64[to_uchar (ch)]; +} + +/* Initialize decode-context buffer, CTX. */ +void +base64_decode_ctx_init (struct base64_decode_context *ctx) +{ + ctx->i = 0; +} + +/* If CTX->i is 0 or 4, there are four or more bytes in [*IN..IN_END), and + none of those four is a newline, then return *IN. Otherwise, copy up to + 4 - CTX->i non-newline bytes from that range into CTX->buf, starting at + index CTX->i and setting CTX->i to reflect the number of bytes copied, + and return CTX->buf. In either case, advance *IN to point to the byte + after the last one processed, and set *N_NON_NEWLINE to the number of + verified non-newline bytes accessible through the returned pointer. */ +static const char * +get_4 (struct base64_decode_context *ctx, + char const *restrict *in, char const *restrict in_end, + size_t *n_non_newline) +{ + if (ctx->i == 4) + ctx->i = 0; + + if (ctx->i == 0) + { + char const *t = *in; + if (4 <= in_end - *in && memchr (t, '\n', 4) == NULL) + { + /* This is the common case: no newline. */ + *in += 4; + *n_non_newline = 4; + return (const char *) t; + } + } + + { + /* Copy non-newline bytes into BUF. */ + char const *p = *in; + while (p < in_end) + { + char c = *p++; + if (c != '\n') + { + ctx->buf[ctx->i++] = c; + if (ctx->i == 4) + break; + } + } + + *in = p; + *n_non_newline = ctx->i; + return ctx->buf; + } +} + +#define return_false \ + do \ + { \ + *outp = out; \ + return false; \ + } \ + while (false) + +/* Decode up to four bytes of base64-encoded data, IN, of length INLEN + into the output buffer, *OUT, of size *OUTLEN bytes. Return true if + decoding is successful, false otherwise. If *OUTLEN is too small, + as many bytes as possible are written to *OUT. On return, advance + *OUT to point to the byte after the last one written, and decrement + *OUTLEN to reflect the number of bytes remaining in *OUT. */ +static bool +decode_4 (char const *restrict in, size_t inlen, + char *restrict *outp, size_t *outleft) +{ + char *out = *outp; + if (inlen < 2) + return false; + + if (!isbase64 (in[0]) || !isbase64 (in[1])) + return false; + + if (*outleft) + { + *out++ = ((b64[to_uchar (in[0])] << 2) + | (b64[to_uchar (in[1])] >> 4)); + --*outleft; + } + + if (inlen == 2) + return_false; + + if (in[2] == '=') + { + if (inlen != 4) + return_false; + + if (in[3] != '=') + return_false; + } + else + { + if (!isbase64 (in[2])) + return_false; + + if (*outleft) + { + *out++ = (((b64[to_uchar (in[1])] << 4) & 0xf0) + | (b64[to_uchar (in[2])] >> 2)); + --*outleft; + } + + if (inlen == 3) + return_false; + + if (in[3] == '=') + { + if (inlen != 4) + return_false; + } + else + { + if (!isbase64 (in[3])) + return_false; + + if (*outleft) + { + *out++ = (((b64[to_uchar (in[2])] << 6) & 0xc0) + | b64[to_uchar (in[3])]); + --*outleft; + } + } + } + + *outp = out; + return true; +} + +/* Decode base64-encoded input array IN of length INLEN to output array + OUT that can hold *OUTLEN bytes. The input data may be interspersed + with newlines. Return true if decoding was successful, i.e. if the + input was valid base64 data, false otherwise. If *OUTLEN is too + small, as many bytes as possible will be written to OUT. On return, + *OUTLEN holds the length of decoded bytes in OUT. Note that as soon + as any non-alphabet, non-newline character is encountered, decoding + is stopped and false is returned. If INLEN is zero, then process + only whatever data is stored in CTX. + + Initially, CTX must have been initialized via base64_decode_ctx_init. + Subsequent calls to this function must reuse whatever state is recorded + in that buffer. It is necessary for when a quadruple of base64 input + bytes spans two input buffers. + + If CTX is NULL then newlines are treated as garbage and the input + buffer is processed as a unit. */ + +bool +base64_decode_ctx (struct base64_decode_context *ctx, + const char *restrict in, size_t inlen, + char *restrict out, size_t *outlen) +{ + size_t outleft = *outlen; + bool ignore_newlines = ctx != NULL; + bool flush_ctx = false; + unsigned int ctx_i = 0; + + if (ignore_newlines) + { + ctx_i = ctx->i; + flush_ctx = inlen == 0; + } + + + while (true) + { + size_t outleft_save = outleft; + if (ctx_i == 0 && !flush_ctx) + { + while (true) + { + /* Save a copy of outleft, in case we need to re-parse this + block of four bytes. */ + outleft_save = outleft; + if (!decode_4 (in, inlen, &out, &outleft)) + break; + + in += 4; + inlen -= 4; + } + } + + if (inlen == 0 && !flush_ctx) + break; + + /* Handle the common case of 72-byte wrapped lines. + This also handles any other multiple-of-4-byte wrapping. */ + if (inlen && *in == '\n' && ignore_newlines) + { + ++in; + --inlen; + continue; + } + + /* Restore OUT and OUTLEFT. */ + out -= outleft_save - outleft; + outleft = outleft_save; + + { + char const *in_end = in + inlen; + char const *non_nl; + + if (ignore_newlines) + non_nl = get_4 (ctx, &in, in_end, &inlen); + else + non_nl = in; /* Might have nl in this case. */ + + /* If the input is empty or consists solely of newlines (0 non-newlines), + then we're done. Likewise if there are fewer than 4 bytes when not + flushing context and not treating newlines as garbage. */ + if (inlen == 0 || (inlen < 4 && !flush_ctx && ignore_newlines)) + { + inlen = 0; + break; + } + if (!decode_4 (non_nl, inlen, &out, &outleft)) + break; + + inlen = in_end - in; + } + } + + *outlen -= outleft; + + return inlen == 0; +} + +/* Allocate an output buffer in *OUT, and decode the base64 encoded + data stored in IN of size INLEN to the *OUT buffer. On return, the + size of the decoded data is stored in *OUTLEN. OUTLEN may be NULL, + if the caller is not interested in the decoded length. *OUT may be + NULL to indicate an out of memory error, in which case *OUTLEN + contains the size of the memory block needed. The function returns + true on successful decoding and memory allocation errors. (Use the + *OUT and *OUTLEN parameters to differentiate between successful + decoding and memory error.) The function returns false if the + input was invalid, in which case *OUT is NULL and *OUTLEN is + undefined. */ +bool +base64_decode_alloc_ctx (struct base64_decode_context *ctx, + const char *in, size_t inlen, char **out, + size_t *outlen) +{ + /* This may allocate a few bytes too many, depending on input, + but it's not worth the extra CPU time to compute the exact size. + The exact size is 3 * (inlen + (ctx ? ctx->i : 0)) / 4, minus 1 if the + input ends with "=" and minus another 1 if the input ends with "==". + Dividing before multiplying avoids the possibility of overflow. */ + size_t needlen = 3 * (inlen / 4) + 3; + + *out = malloc (needlen); + if (!*out) + return true; + + if (!base64_decode_ctx (ctx, in, inlen, *out, &needlen)) + { + free (*out); + *out = NULL; + return false; + } + + if (outlen) + *outlen = needlen; + + return true; +} diff --git a/lib/base64.h b/lib/base64.h new file mode 100644 index 0000000..a0360dc --- /dev/null +++ b/lib/base64.h @@ -0,0 +1,68 @@ +/* base64.h -- Encode binary data using printable characters. + Copyright (C) 2004-2006, 2009-2019 Free Software Foundation, Inc. + Written by Simon Josefsson. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . */ + +#ifndef BASE64_H +# define BASE64_H + +/* Get size_t. */ +# include + +/* Get bool. */ +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* This uses that the expression (n+(k-1))/k means the smallest + integer >= n/k, i.e., the ceiling of n/k. */ +# define BASE64_LENGTH(inlen) ((((inlen) + 2) / 3) * 4) + +struct base64_decode_context +{ + unsigned int i; + char buf[4]; +}; + +extern bool isbase64 (char ch) __attribute__ ((__const__)); + +extern void base64_encode (const char *restrict in, size_t inlen, + char *restrict out, size_t outlen); + +extern size_t base64_encode_alloc (const char *in, size_t inlen, char **out); + +extern void base64_decode_ctx_init (struct base64_decode_context *ctx); + +extern bool base64_decode_ctx (struct base64_decode_context *ctx, + const char *restrict in, size_t inlen, + char *restrict out, size_t *outlen); + +extern bool base64_decode_alloc_ctx (struct base64_decode_context *ctx, + const char *in, size_t inlen, + char **out, size_t *outlen); + +#define base64_decode(in, inlen, out, outlen) \ + base64_decode_ctx (NULL, in, inlen, out, outlen) + +#define base64_decode_alloc(in, inlen, out, outlen) \ + base64_decode_alloc_ctx (NULL, in, inlen, out, outlen) + +# ifdef __cplusplus +} +# endif + +#endif /* BASE64_H */ diff --git a/lib/bitlk/bitlk.c b/lib/bitlk/bitlk.c new file mode 100644 index 0000000..2ce3a94 --- /dev/null +++ b/lib/bitlk/bitlk.c @@ -0,0 +1,1217 @@ +/* + * BITLK (BitLocker-compatible) volume handling + * + * Copyright (C) 2019-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2019-2020 Milan Broz + * Copyright (C) 2019-2020 Vojtech Trefny + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include +#include + +#include "bitlk.h" +#include "internal.h" + +#define BITLK_BOOTCODE_V1 "\xeb\x52\x90" +#define BITLK_BOOTCODE_V2 "\xeb\x58\x90" +#define BITLK_SIGNATURE "-FVE-FS-" +#define BITLK_SIGNATURE_TOGO "MSWIN4.1" +#define BITLK_HEADER_METADATA_OFFSET 160 +#define BITLK_HEADER_METADATA_OFFSET_TOGO 424 + +/* FVE metadata header is split into two parts */ +#define BITLK_FVE_METADATA_BLOCK_HEADER_LEN 64 +#define BITLK_FVE_METADATA_HEADER_LEN 48 +#define BITLK_FVE_METADATA_HEADERS_LEN BITLK_FVE_METADATA_BLOCK_HEADER_LEN + BITLK_FVE_METADATA_HEADER_LEN + +/* total size of the FVE area (64 KiB) */ +#define BITLK_FVE_METADATA_SIZE 64 * 1024 + +#define BITLK_ENTRY_HEADER_LEN 8 +#define BITLK_VMK_HEADER_LEN 28 + +#define BITLK_OPEN_KEY_METADATA_LEN 12 + +#define BITLK_RECOVERY_KEY_LEN 55 +#define BITLK_RECOVERY_PARTS 8 +#define BITLK_RECOVERY_PART_LEN 6 + +#define BITLK_KDF_HASH "sha256" +#define BITLK_KDF_ITERATION_COUNT 0x100000 + +/* maximum number of segments for the DM device */ +#define MAX_BITLK_SEGMENTS 10 + +/* January 1, 1970 as MS file time */ +#define EPOCH_AS_FILETIME 116444736000000000 +#define HUNDREDS_OF_NANOSECONDS 10000000 + +/* not available in older version of libuuid */ +#ifndef UUID_STR_LEN +#define UUID_STR_LEN 37 +#endif + +/* known types of GUIDs from the BITLK superblock */ +const uint8_t BITLK_GUID_NORMAL[16] = { 0x3b, 0xd6, 0x67, 0x49, 0x29, 0x2e, 0xd8, 0x4a, + 0x83, 0x99, 0xf6, 0xa3, 0x39, 0xe3, 0xd0, 0x01 }; +const uint8_t BITLK_GUID_EOW[16] = { 0x3b, 0x4d, 0xa8, 0x92, 0x80, 0xdd, 0x0e, 0x4d, + 0x9e, 0x4e, 0xb1, 0xe3, 0x28, 0x4e, 0xae, 0xd8 }; + +/* taken from libfdisk gpt.c -- TODO: this is a good candidate for adding to libuuid */ +struct bitlk_guid { + uint32_t time_low; + uint16_t time_mid; + uint16_t time_hi_and_version; + uint8_t clock_seq_hi; + uint8_t clock_seq_low; + uint8_t node[6]; +} __attribute__ ((packed)); + +static void swap_guid(struct bitlk_guid *guid) { + guid->time_low = swab32(guid->time_low); + guid->time_mid = swab16(guid->time_mid); + guid->time_hi_and_version = swab16(guid->time_hi_and_version); +} + +static void guid_to_string(struct bitlk_guid *guid, char *out) { + swap_guid(guid); + uuid_unparse((unsigned char *) guid, out); +} + +typedef enum { + BITLK_SEGTYPE_CRYPT, + BITLK_SEGTYPE_ZERO, +} BitlkSegmentType; + +struct segment { + uint64_t offset; + uint64_t length; + uint64_t iv_offset; + BitlkSegmentType type; +}; + +struct bitlk_signature { + uint8_t boot_code[3]; + uint8_t signature[8]; + uint16_t sector_size; +} __attribute__ ((packed)); + +struct bitlk_superblock { + struct bitlk_guid guid; + uint64_t fve_offset[3]; +} __attribute__ ((packed)); + +struct bitlk_fve_metadata { + /* FVE metadata block header */ + uint8_t signature[8]; + uint16_t fve_size; + uint16_t fve_version; + uint16_t curr_state; + uint16_t next_state; + uint64_t volume_size; + uint32_t unknown2; + uint32_t volume_header_size; + uint64_t fve_offset[3]; + uint64_t volume_header_offset; + /* FVE metadata header */ + uint32_t metadata_size; + uint32_t metadata_version; + uint32_t metadata_header_size; + uint32_t metada_size_copy; + struct bitlk_guid guid; + uint32_t next_nonce; + uint16_t encryption; + uint16_t unknown3; + uint64_t creation_time; +} __attribute__ ((packed)); + +struct bitlk_entry_header_block { + uint64_t offset; + uint64_t size; +} __attribute__ ((packed)); + +struct bitlk_entry_vmk { + struct bitlk_guid guid; + uint8_t modified[8]; + uint16_t _unknown; + uint16_t protection; +} __attribute__ ((packed)); + +struct bitlk_kdf_data { + char last_sha256[32]; + char initial_sha256[32]; + char salt[16]; + uint64_t count; +}; + +static BITLKVMKProtection get_vmk_protection(uint16_t protection) +{ + switch (protection) { + case 0x0000: + return BITLK_PROTECTION_CLEAR_KEY; + case 0x0100: + return BITLK_PROTECTION_TPM; + case 0x0200: + return BITLK_PROTECTION_STARTUP_KEY; + case 0x0500: + return BITLK_PROTECTION_TPM_PIN; + case 0x0800: + return BITLK_PROTECTION_RECOVERY_PASSPHRASE; + case 0x1000: + return BITLK_PROTECTION_SMART_CARD; + case 0x2000: + return BITLK_PROTECTION_PASSPHRASE; + default: + return BITLK_PROTECTION_UNKNOWN; + } +} + +static const char* get_vmk_protection_string(BITLKVMKProtection protection) +{ + switch (protection) { + case BITLK_PROTECTION_CLEAR_KEY: + return "VMK protected with clear key"; + case BITLK_PROTECTION_TPM: + return "VMK protected with TPM"; + case BITLK_PROTECTION_STARTUP_KEY: + return "VMK protected with startup key"; + case BITLK_PROTECTION_TPM_PIN: + return "VMK protected with TPM and PIN"; + case BITLK_PROTECTION_PASSPHRASE: + return "VMK protected with passphrase"; + case BITLK_PROTECTION_RECOVERY_PASSPHRASE: + return "VMK protected with recovery passphrase"; + case BITLK_PROTECTION_SMART_CARD: + return "VMK protected with smart card"; + default: + return "VMK with unknown protection"; + } +} + +static const char* get_bitlk_type_string(BITLKEncryptionType type) +{ + switch (type) + { + case BITLK_ENCRYPTION_TYPE_NORMAL: + return "normal"; + case BITLK_ENCRYPTION_TYPE_EOW: + return "encrypt-on-write"; + default: + return "unknown"; + } +} + +/* TODO -- move to some utils file */ +static void hexprint(struct crypt_device *cd, const char *d, int n, const char *sep) +{ + int i; + for(i = 0; i < n; i++) + log_std(cd, "%02hhx%s", (const char)d[i], sep); +} + +static uint64_t filetime_to_unixtime(uint64_t time) +{ + return (time - EPOCH_AS_FILETIME) / HUNDREDS_OF_NANOSECONDS; +} + +static int convert_to_utf8(struct crypt_device *cd, uint8_t *input, size_t inlen, char **out) +{ + char *outbuf = NULL; + iconv_t ic; + size_t ic_inlen = inlen; + size_t ic_outlen = inlen; + char *ic_outbuf = NULL; + size_t r = 0; + + outbuf = malloc(inlen); + if (outbuf == NULL) + return -ENOMEM; + + memset(outbuf, 0, inlen); + ic_outbuf = outbuf; + + ic = iconv_open("UTF-8", "UTF-16LE"); + r = iconv(ic, (char **) &input, &ic_inlen, &ic_outbuf, &ic_outlen); + iconv_close(ic); + + if (r == 0) + *out = strdup(outbuf); + else { + *out = NULL; + log_dbg(cd, "Failed to convert volume description: %s", strerror(errno)); + r = 0; + } + + free(outbuf); + return r; +} + +static int passphrase_to_utf16(struct crypt_device *cd, char *input, size_t inlen, char **out) +{ + char *outbuf = NULL; + iconv_t ic; + size_t ic_inlen = inlen; + size_t ic_outlen = inlen * 2; + char *ic_outbuf = NULL; + size_t r = 0; + + if (inlen == 0) + return r; + + outbuf = crypt_safe_alloc(inlen * 2); + if (outbuf == NULL) + return -ENOMEM; + + memset(outbuf, 0, inlen * 2); + ic_outbuf = outbuf; + + ic = iconv_open("UTF-16LE", "UTF-8"); + r = iconv(ic, &input, &ic_inlen, &ic_outbuf, &ic_outlen); + iconv_close(ic); + + if (r == 0) { + *out = outbuf; + } else { + *out = NULL; + crypt_safe_free(outbuf); + log_dbg(cd, "Failed to convert passphrase: %s", strerror(errno)); + r = -errno; + } + + return r; +} + +static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, int end, struct bitlk_vmk **vmk) +{ + uint16_t key_entry_size = 0; + uint16_t key_entry_type = 0; + uint16_t key_entry_value = 0; + size_t key_size = 0; + char *string = NULL; + const char *key = NULL; + struct volume_key *vk = NULL; + bool supported = false; + + /* only passphrase or recovery passphrase vmks are supported (can be used to activate) */ + supported = (*vmk)->protection == BITLK_PROTECTION_PASSPHRASE || (*vmk)->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE; + + while (end - start > 2) { + /* size of this entry */ + memcpy(&key_entry_size, data + start, sizeof(key_entry_size)); + key_entry_size = le16_to_cpu(key_entry_size); + if (key_entry_size == 0) + break; + + /* type and value of this entry */ + memcpy(&key_entry_type, data + start + sizeof(key_entry_size), sizeof(key_entry_type)); + memcpy(&key_entry_value, + data + start + sizeof(key_entry_size) + sizeof(key_entry_type), + sizeof(key_entry_value)); + key_entry_type = le16_to_cpu(key_entry_type); + key_entry_value = le16_to_cpu(key_entry_value); + + if (key_entry_type != BITLK_ENTRY_TYPE_PROPERTY) { + if (supported) { + log_err(cd, _("Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."), key_entry_type); + return -EINVAL; + } else { + log_dbg(cd, "Unexpected metadata entry type '%u' found when parsing unsupported VMK.", key_entry_type); + } + } + + /* stretch key with salt, skip 4 B (encryption method of the stretch key) */ + if (key_entry_value == BITLK_ENTRY_VALUE_STRETCH_KEY) + memcpy((*vmk)->salt, + data + start + BITLK_ENTRY_HEADER_LEN + 4, + sizeof((*vmk)->salt)); + /* AES-CCM encrypted key */ + else if (key_entry_value == BITLK_ENTRY_VALUE_ENCRYPTED_KEY) { + /* nonce */ + memcpy((*vmk)->nonce, + data + start + BITLK_ENTRY_HEADER_LEN, + sizeof((*vmk)->nonce)); + /* MAC tag */ + memcpy((*vmk)->mac_tag, + data + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE, + sizeof((*vmk)->mac_tag)); + /* AES-CCM encrypted key */ + key_size = key_entry_size - (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE); + key = (const char *) data + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE; + vk = crypt_alloc_volume_key(key_size, key); + if (vk == NULL) + return -ENOMEM; + crypt_volume_key_add_next(&((*vmk)->vk), vk); + /* clear key for a partially decrypted volume */ + } else if (key_entry_value == BITLK_ENTRY_VALUE_KEY) { + /* We currently don't want to support opening a partially decrypted + * device so we don't need to store this key. + * + * key_size = key_entry_size - (BITLK_ENTRY_HEADER_LEN + 4); + * key = (const char *) data + start + BITLK_ENTRY_HEADER_LEN + 4; + * vk = crypt_alloc_volume_key(key_size, key); + * if (vk == NULL) + * return -ENOMEM; + * crypt_volume_key_add_next(&((*vmk)->vk), vk); + */ + log_dbg(cd, "Skipping clear key metadata entry."); + /* unknown timestamps in recovery protected VMK */ + } else if (key_entry_value == BITLK_ENTRY_VALUE_RECOVERY_TIME) { + ; + } else if (key_entry_value == BITLK_ENTRY_VALUE_STRING) { + if (convert_to_utf8(cd, data + start + BITLK_ENTRY_HEADER_LEN, key_entry_size - BITLK_ENTRY_HEADER_LEN, &string) < 0) { + log_err(cd, _("Invalid string found when parsing Volume Master Key.")); + free(string); + return -EINVAL; + } else if ((*vmk)->name != NULL) { + if (supported) { + log_err(cd, _("Unexpected string ('%s') found when parsing supported Volume Master Key."), string); + free(string); + return -EINVAL; + } + log_dbg(cd, "Unexpected string ('%s') found when parsing unsupported VMK.", string); + free(string); + string = NULL; + } else { + /* Assume that strings in VMK are the name of the VMK */ + (*vmk)->name = string; + string = NULL; + } + } else { + if (supported) { + log_err(cd, _("Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."), key_entry_value); + return -EINVAL; + } else { + log_dbg(cd, "Unexpected metadata entry value '%u' found when parsing unsupported VMK.", key_entry_value); + } + } + + start += key_entry_size; + } + + return 0; +} + +void BITLK_bitlk_fvek_free(struct bitlk_fvek *fvek) +{ + if (!fvek) + return; + + crypt_free_volume_key(fvek->vk); + free(fvek); +} + +void BITLK_bitlk_vmk_free(struct bitlk_vmk *vmk) +{ + struct bitlk_vmk *vmk_next = NULL; + + while (vmk) { + if (vmk->guid) + free(vmk->guid); + if (vmk->name) + free(vmk->name); + crypt_free_volume_key(vmk->vk); + vmk_next = vmk->next; + free(vmk); + vmk = vmk_next; + } +} + +void BITLK_bitlk_metadata_free(struct bitlk_metadata *metadata) +{ + free(metadata->guid); + if (metadata->description) + free(metadata->description); + BITLK_bitlk_vmk_free(metadata->vmks); + BITLK_bitlk_fvek_free(metadata->fvek); +} + +int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params) +{ + int devfd; + struct device *device = crypt_metadata_device(cd); + struct bitlk_signature sig = {}; + struct bitlk_superblock sb = {}; + struct bitlk_fve_metadata fve = {}; + struct bitlk_entry_vmk entry_vmk = {}; + uint8_t *fve_entries = NULL; + uint32_t fve_metadata_size = 0; + int fve_offset = 0; + char guid_buf[UUID_STR_LEN] = {0}; + uint16_t entry_size = 0; + uint16_t entry_type = 0; + int i = 0; + int r = 0; + int start = 0; + int end = 0; + size_t key_size = 0; + const char *key = NULL; + + struct bitlk_vmk *vmk = NULL; + struct bitlk_vmk *vmk_p = params->vmks; + + devfd = device_open(cd, crypt_data_device(cd), O_RDONLY); + if (devfd < 0) { + r = -EINVAL; + goto out; + } + + /* read and check the signature */ + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), &sig, sizeof(sig), 0) != sizeof(sig)) { + log_err(cd, _("Failed to read BITLK signature from %s."), device_path(device)); + r = -EINVAL; + goto out; + } + + if (memcmp(sig.boot_code, BITLK_BOOTCODE_V1, sizeof(sig.boot_code)) == 0) { + log_err(cd, _("BITLK version 1 is currently not supported.")); + r = -ENOTSUP; + goto out; + } else if (memcmp(sig.boot_code, BITLK_BOOTCODE_V2, sizeof(sig.boot_code)) == 0) + ; + else { + log_err(cd, _("Invalid or unknown boot signature for BITLK device.")); + r = -EINVAL; + goto out; + } + + if (memcmp(sig.signature, BITLK_SIGNATURE, sizeof(sig.signature)) == 0) { + params->togo = false; + fve_offset = BITLK_HEADER_METADATA_OFFSET; + } else if (memcmp(sig.signature, BITLK_SIGNATURE_TOGO, sizeof(sig.signature)) == 0) { + params->togo = true; + fve_offset = BITLK_HEADER_METADATA_OFFSET_TOGO; + } else { + log_err(cd, _("Invalid or unknown signature for BITLK device.")); + r = -EINVAL; + goto out; + } + + params->sector_size = le16_to_cpu(sig.sector_size); + if (!(params->sector_size == 512 || params->sector_size == 4096)) { + log_err(cd, _("Unsupported sector size %" PRIu16 "."), params->sector_size); + r = -EINVAL; + goto out; + } + + /* read GUID and FVE metadata offsets */ + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), &sb, sizeof(sb), fve_offset) != sizeof(sb)) { + log_err(cd, _("Failed to read BITLK header from %s."), device_path(device)); + r = -EINVAL; + goto out; + } + + /* get encryption "type" based on the GUID from BITLK superblock */ + if (memcmp(&sb.guid, BITLK_GUID_NORMAL, 16) == 0) + params->type = BITLK_ENCRYPTION_TYPE_NORMAL; + else if (memcmp(&sb.guid, BITLK_GUID_EOW, 16) == 0) + params->type = BITLK_ENCRYPTION_TYPE_EOW; + else + params->type = BITLK_ENCRYPTION_TYPE_UNKNOWN; + log_dbg(cd, "BITLK type from GUID: %s.", get_bitlk_type_string(params->type)); + + for (i = 0; i < 3; i++) + params->metadata_offset[i] = le64_to_cpu(sb.fve_offset[i]); + + log_dbg(cd, "Reading BITLK FVE metadata of size %zu on device %s, offset %" PRIu64 ".", + sizeof(fve), device_path(device), params->metadata_offset[0]); + + /* read FVE metadata from the first metadata area */ + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), &fve, sizeof(fve), params->metadata_offset[0]) != sizeof(fve) || + memcmp(fve.signature, BITLK_SIGNATURE, sizeof(fve.signature)) || + le16_to_cpu(fve.fve_version) != 2) { + log_err(cd, _("Failed to read BITLK FVE metadata from %s."), device_path(device)); + r = -EINVAL; + goto out; + } + + /* check encryption state for the device */ + params->state = true; + if (le16_to_cpu(fve.curr_state) != BITLK_STATE_NORMAL || le16_to_cpu(fve.next_state) != BITLK_STATE_NORMAL) { + params->state = false; + log_dbg(cd, "Unknown/unsupported state detected. Current state: %"PRIu16", next state: %"PRIu16".", + le16_to_cpu(fve.curr_state), le16_to_cpu(fve.next_state)); + } + + params->metadata_version = le16_to_cpu(fve.fve_version); + fve_metadata_size = le32_to_cpu(fve.metadata_size); + + switch (le16_to_cpu(fve.encryption)) { + /* AES-CBC with Elephant difuser */ + case 0x8000: + params->key_size = 128; + params->cipher = "aes"; + params->cipher_mode = "cbc-elephant"; + break; + case 0x8001: + params->key_size = 256; + params->cipher = "aes"; + params->cipher_mode = "cbc-elephant"; + break; + /* AES-CBC */ + case 0x8002: + params->key_size = 128; + params->cipher = "aes"; + params->cipher_mode = "cbc-eboiv"; + break; + case 0x8003: + params->key_size = 256; + params->cipher = "aes"; + params->cipher_mode = "cbc-eboiv"; + break; + /* AES-XTS */ + case 0x8004: + params->key_size = 128; + params->cipher = "aes"; + params->cipher_mode = "xts-plain64"; + break; + case 0x8005: + params->key_size = 256; + params->cipher = "aes"; + params->cipher_mode = "xts-plain64"; + break; + default: + log_err(cd, _("Unknown or unsupported encryption type.")); + params->key_size = 0; + params->cipher = NULL; + params->cipher_mode = NULL; + r = -ENOTSUP; + goto out; + }; + + /* device GUID */ + guid_to_string(&fve.guid, guid_buf); + params->guid = strdup(guid_buf); + if (!params->guid) { + r = -ENOMEM; + goto out; + } + + params->creation_time = filetime_to_unixtime(le64_to_cpu(fve.creation_time)); + + /* read and parse all FVE metadata entries */ + fve_entries = malloc(fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN); + if (!fve_entries) { + r = -ENOMEM; + goto out; + } + memset(fve_entries, 0, (fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN)); + + log_dbg(cd, "Reading BITLK FVE metadata entries of size %" PRIu32 " on device %s, offset %" PRIu64 ".", + fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN, device_path(device), + params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN); + + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), fve_entries, fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN, + params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN) != fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN) { + log_err(cd, _("Failed to read BITLK metadata entries from %s."), device_path(device)); + r = -EINVAL; + goto out; + } + + end = fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN; + while (end - start > 2) { + /* size of this entry */ + memcpy(&entry_size, fve_entries + start, sizeof(entry_size)); + entry_size = le16_to_cpu(entry_size); + if (entry_size == 0) + break; + + /* type of this entry */ + memcpy(&entry_type, fve_entries + start + sizeof(entry_size), sizeof(entry_type)); + entry_type = le16_to_cpu(entry_type); + + /* VMK */ + if (entry_type == BITLK_ENTRY_TYPE_VMK) { + /* skip first four variables in the entry (entry size, type, value and version) */ + memcpy(&entry_vmk, + fve_entries + start + BITLK_ENTRY_HEADER_LEN, + sizeof(entry_vmk)); + + vmk = malloc(sizeof(struct bitlk_vmk)); + memset(vmk, 0, sizeof(struct bitlk_vmk)); + + guid_to_string(&entry_vmk.guid, guid_buf); + vmk->guid = strdup (guid_buf); + + vmk->name = NULL; + + vmk->protection = get_vmk_protection(le16_to_cpu(entry_vmk.protection)); + + /* more data in another entry list */ + r = parse_vmk_entry(cd, fve_entries, + start + BITLK_ENTRY_HEADER_LEN + BITLK_VMK_HEADER_LEN, + start + entry_size, &vmk); + if (r < 0) { + BITLK_bitlk_vmk_free(vmk); + goto out; + } + + if (params->vmks == NULL) + params->vmks = vmk; + else + vmk_p->next = vmk; + + vmk_p = vmk; + vmk = vmk->next; + /* FVEK */ + } else if (entry_type == BITLK_ENTRY_TYPE_FVEK) { + params->fvek = malloc(sizeof(struct bitlk_fvek)); + memcpy(params->fvek->nonce, + fve_entries + start + BITLK_ENTRY_HEADER_LEN, + sizeof(params->fvek->nonce)); + /* MAC tag */ + memcpy(params->fvek->mac_tag, + fve_entries + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE, + sizeof(params->fvek->mac_tag)); + /* AES-CCM encrypted key */ + key_size = entry_size - (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE); + key = (const char *) fve_entries + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE; + params->fvek->vk = crypt_alloc_volume_key(key_size, key); + if (params->fvek->vk == NULL) { + r = -ENOMEM; + goto out; + } + /* volume header info (location and size) */ + } else if (entry_type == BITLK_ENTRY_TYPE_VOLUME_HEADER) { + struct bitlk_entry_header_block entry_header; + memcpy(&entry_header, + fve_entries + start + BITLK_ENTRY_HEADER_LEN, + sizeof(entry_header)); + params->volume_header_offset = le64_to_cpu(entry_header.offset); + params->volume_header_size = le64_to_cpu(entry_header.size); + /* volume description (utf-16 string) */ + } else if (entry_type == BITLK_ENTRY_TYPE_DESCRIPTION) { + r = convert_to_utf8(cd, fve_entries + start + BITLK_ENTRY_HEADER_LEN, + entry_size - BITLK_ENTRY_HEADER_LEN, + &(params->description)); + if (r < 0) { + BITLK_bitlk_vmk_free(vmk); + goto out; + } + } + + start += entry_size; + } + +out: + if (fve_entries) + free(fve_entries); + return r; +} + +int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_metadata *params) +{ + struct volume_key *vk_p; + struct bitlk_vmk *vmk_p; + int next_id = 0; + int i = 0; + + log_std(cd, "Info for BITLK%s device %s.\n", params->togo ? " To Go" : "", device_path(device)); + log_std(cd, "Version: \t%u\n", params->metadata_version); + log_std(cd, "GUID: \t%s\n", params->guid); + log_std(cd, "Sector size: \t%u [bytes]\n", params->sector_size); + log_std(cd, "Created: \t%s", ctime((time_t *)&(params->creation_time))); + log_std(cd, "Description: \t%s\n", params->description); + log_std(cd, "Cipher name: \t%s\n", params->cipher); + log_std(cd, "Cipher mode: \t%s\n", params->cipher_mode); + log_std(cd, "Cipher key: \t%u bits\n", params->key_size); + + log_std(cd, "\n"); + + log_std(cd, "Keyslots:\n"); + vmk_p = params->vmks; + while (vmk_p) { + log_std(cd, " %d: VMK\n", next_id); + if (vmk_p->name != NULL) { + log_std(cd, "\tName: \t%s\n", vmk_p->name); + } + log_std(cd, "\tGUID: \t%s\n", vmk_p->guid); + log_std(cd, "\tProtection: \t%s\n", get_vmk_protection_string (vmk_p->protection)); + log_std(cd, "\tSalt: \t"); + hexprint(cd, (const char *) vmk_p->salt, 16, ""); + log_std(cd, "\n"); + + vk_p = vmk_p->vk; + while (vk_p) { + log_std(cd, "\tKey data size:\t%zu [bytes]\n", vk_p->keylength); + vk_p = vk_p->next; + } + vmk_p = vmk_p->next; + next_id++; + } + + log_std(cd, " %d: FVEK\n", next_id); + log_std(cd, "\tKey data size:\t%zu [bytes]\n", params->fvek->vk->keylength); + + log_std(cd, "\n"); + + log_std(cd, "Metadata segments:\n"); + + for (i = 0; i < 3; i++) { + log_std(cd, " %d: FVE metadata area\n", i); + log_std(cd, "\tOffset: \t%" PRIu64 " [bytes]\n", params->metadata_offset[i]); + log_std(cd, "\tSize: \t%d [bytes]\n", BITLK_FVE_METADATA_SIZE); + } + + log_std(cd, " %d: Volume header\n", i); + log_std(cd, "\tOffset: \t%" PRIu64 " [bytes]\n", params->volume_header_offset); + log_std(cd, "\tSize: \t%" PRIu64 " [bytes]\n", params->volume_header_size); + log_std(cd, "\tCipher: \t%s-%s\n", params->cipher, params->cipher_mode); + + return 0; +} + +/* check if given passphrase can be a recovery key (has right format) and convert it */ +static int get_recovery_key(struct crypt_device *cd, + const char *password, + size_t passwordLen, + struct volume_key **rc_key) +{ + unsigned int i, j = 0; + uint16_t parts[BITLK_RECOVERY_PARTS] = {0}; + char part_str[BITLK_RECOVERY_PART_LEN + 1] = {0}; + long part_num = 0; + + /* check the passphrase it should be: + - 55 characters + - 8 groups of 6 divided by '-' + - each part is a number dividable by 11 + */ + if (passwordLen != BITLK_RECOVERY_KEY_LEN) { + if (passwordLen == BITLK_RECOVERY_KEY_LEN + 1 && password[passwordLen - 1] == '\n') { + /* looks like a recovery key with an extra newline, possibly from a key file */ + passwordLen--; + log_dbg(cd, "Possible extra EOL stripped from the recovery key."); + } else + return 0; + } + + for (i = BITLK_RECOVERY_PART_LEN; i < passwordLen; i += BITLK_RECOVERY_PART_LEN + 1) { + if (password[i] != '-') + return 0; + } + + for (i = 0, j = 0; i < passwordLen; i += BITLK_RECOVERY_PART_LEN + 1, j++) { + strncpy(part_str, password + i, BITLK_RECOVERY_PART_LEN); + + errno = 0; + part_num = strtol(part_str, NULL, 10); + if ((errno == ERANGE && (part_num == LONG_MAX || part_num == LONG_MIN)) || + (errno != 0 && part_num == 0)) + return -errno; + + if (part_num % 11 != 0) + return 0; + parts[j] = cpu_to_le16(part_num / 11); + } + + *rc_key = crypt_alloc_volume_key(16, (const char*) parts); + if (*rc_key == NULL) + return -ENOMEM; + + return 0; +} + +static int bitlk_kdf(struct crypt_device *cd, + const char *password, + size_t passwordLen, + bool recovery, + const uint8_t *salt, + struct volume_key **vk) +{ + struct bitlk_kdf_data kdf = {}; + struct crypt_hash *hd = NULL; + int len = 0; + char *utf16Password = NULL; + int i = 0; + int r = 0; + + memcpy(kdf.salt, salt, 16); + + r = crypt_hash_init(&hd, BITLK_KDF_HASH); + if (r < 0) + return r; + len = crypt_hash_size(BITLK_KDF_HASH); + if (len < 0) { + crypt_hash_destroy(hd); + return len; + } + + if (!recovery) { + /* passphrase: convert to UTF-16 first, then sha256(sha256(pw)) */ + r = passphrase_to_utf16(cd, CONST_CAST(char*)password, passwordLen, &utf16Password); + if (r < 0) + goto out; + + crypt_hash_write(hd, utf16Password, passwordLen * 2); + r = crypt_hash_final(hd, kdf.initial_sha256, len); + if (r < 0) + goto out; + + crypt_hash_write(hd, kdf.initial_sha256, len); + r = crypt_hash_final(hd, kdf.initial_sha256, len); + if (r < 0) + goto out; + } else { + /* recovery passphrase: already converted in #get_recovery_key, now just sha256(rpw) */ + crypt_hash_write(hd, password, passwordLen); + r = crypt_hash_final(hd, kdf.initial_sha256, len); + if (r < 0) + goto out; + } + + for (i = 0; i < BITLK_KDF_ITERATION_COUNT; i++) { + crypt_hash_write(hd, (const char*) &kdf, sizeof(kdf)); + r = crypt_hash_final(hd, kdf.last_sha256, len); + if (r < 0) + goto out; + kdf.count = cpu_to_le64(le64_to_cpu(kdf.count) + 1); + } + + *vk = crypt_alloc_volume_key(len, kdf.last_sha256); + +out: + crypt_safe_free(utf16Password); + if (hd) + crypt_hash_destroy(hd); + return r; +} + +static int decrypt_key(struct crypt_device *cd, + struct volume_key **vk, + struct volume_key *enc_key, + struct volume_key *key, + const uint8_t *tag, size_t tag_size, + const uint8_t *iv, size_t iv_size, + bool is_fvek) +{ + char *outbuf; + int r; + uint32_t key_size = 0; + + outbuf = crypt_safe_alloc(enc_key->keylength); + if (!outbuf) + return -ENOMEM; + + r = crypt_bitlk_decrypt_key(key->key, key->keylength, enc_key->key, outbuf, enc_key->keylength, + (const char*)iv, iv_size, (const char*)tag, tag_size); + if (r < 0) { + if (r == -ENOTSUP) + log_err(cd, _("This operation is not supported.")); + goto out; + } + + /* key_data has it's size as part of the metadata */ + memcpy(&key_size, outbuf, 4); + key_size = le32_to_cpu(key_size); + if (enc_key->keylength != key_size) { + log_err(cd, _("Wrong key size.")); + r = -EINVAL; + goto out; + } + + if (is_fvek && strcmp(crypt_get_cipher_mode(cd), "cbc-elephant") == 0 && + crypt_get_volume_key_size(cd) == 16) { + /* 128bit AES-CBC with Elephant -- key size is 256 bit (2 keys) but key data is 512 bits, + data: 16B CBC key, 16B empty, 16B elephant key, 16B empty */ + memcpy(outbuf + 16 + BITLK_OPEN_KEY_METADATA_LEN, + outbuf + 2 * 16 + BITLK_OPEN_KEY_METADATA_LEN, 16); + key_size = 32 + BITLK_OPEN_KEY_METADATA_LEN; + } + + + *vk = crypt_alloc_volume_key(key_size - BITLK_OPEN_KEY_METADATA_LEN, + (const char *)(outbuf + BITLK_OPEN_KEY_METADATA_LEN)); + r = *vk ? 0 : -ENOMEM; +out: + crypt_safe_free(outbuf); + return r; +} + +int BITLK_activate(struct crypt_device *cd, + const char *name, + const char *password, + size_t passwordLen, + const struct bitlk_metadata *params, + uint32_t flags) +{ + int r = 0; + int i = 0; + int j = 0; + int min = 0; + int num_segments = 0; + struct crypt_dm_active_device dmd = { + .flags = flags, + }; + struct dm_target *next_segment = NULL; + struct volume_key *open_vmk_key = NULL; + struct volume_key *open_fvek_key = NULL; + struct volume_key *vmk_dec_key = NULL; + struct volume_key *recovery_key = NULL; + const struct bitlk_vmk *next_vmk = NULL; + struct segment segments[MAX_BITLK_SEGMENTS] = {}; + struct segment temp; + uint64_t next_start = 0; + uint64_t next_end = 0; + uint64_t last_segment = 0; + uint32_t dmt_flags; + + if (!params->state) { + log_err(cd, _("This BITLK device is in an unsupported state and cannot be activated.")); + r = -ENOTSUP; + goto out; + } + + if (params->type != BITLK_ENCRYPTION_TYPE_NORMAL) { + log_err(cd, _("BITLK devices with type '%s' cannot be activated."), get_bitlk_type_string(params->type)); + r = -ENOTSUP; + goto out; + } + + next_vmk = params->vmks; + while (next_vmk) { + if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) { + r = bitlk_kdf(cd, password, passwordLen, false, next_vmk->salt, &vmk_dec_key); + if (r) + return r; + } else if (next_vmk->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE) { + r = get_recovery_key(cd, password, passwordLen, &recovery_key); + if (r) + return r; + if (recovery_key == NULL) { + /* r = 0 but no key -> given passphrase is not a recovery passphrase */ + r = -EPERM; + next_vmk = next_vmk->next; + continue; + } + log_dbg(cd, "Trying to use given password as a recovery key."); + r = bitlk_kdf(cd, recovery_key->key, recovery_key->keylength, + true, next_vmk->salt, &vmk_dec_key); + crypt_free_volume_key(recovery_key); + if (r) + return r; + } else { + /* only passphrase and recovery passphrase VMKs supported right now */ + log_dbg(cd, "Skipping %s", get_vmk_protection_string(next_vmk->protection)); + next_vmk = next_vmk->next; + if (r == 0) + /* we need to set error code in case we have only unsupported VMKs */ + r = -ENOTSUP; + continue; + } + + log_dbg(cd, "Trying to decrypt %s.", get_vmk_protection_string(next_vmk->protection)); + r = decrypt_key(cd, &open_vmk_key, next_vmk->vk, vmk_dec_key, + next_vmk->mac_tag, BITLK_VMK_MAC_TAG_SIZE, + next_vmk->nonce, BITLK_NONCE_SIZE, false); + if (r < 0) { + log_dbg(cd, "Failed to decrypt VMK using provided passphrase."); + crypt_free_volume_key(vmk_dec_key); + if (r == -ENOTSUP) + return r; + next_vmk = next_vmk->next; + continue; + } + crypt_free_volume_key(vmk_dec_key); + + r = decrypt_key(cd, &open_fvek_key, params->fvek->vk, open_vmk_key, + params->fvek->mac_tag, BITLK_VMK_MAC_TAG_SIZE, + params->fvek->nonce, BITLK_NONCE_SIZE, true); + if (r < 0) { + log_dbg(cd, "Failed to decrypt FVEK using VMK."); + crypt_free_volume_key(open_vmk_key); + if (r == -ENOTSUP) + return r; + } else { + crypt_free_volume_key(open_vmk_key); + break; + } + + next_vmk = next_vmk->next; + } + + if (r) { + log_dbg(cd, "No more VMKs to try."); + return r; + } + + /* Password verify only */ + if (!name) { + crypt_free_volume_key(open_fvek_key); + return r; + } + + next_vmk = params->vmks; + while (next_vmk) { + if (next_vmk->protection == BITLK_PROTECTION_CLEAR_KEY) { + crypt_free_volume_key(open_fvek_key); + log_err(cd, _("Activation of partially decrypted BITLK device is not supported.")); + return -ENOTSUP; + } + next_vmk = next_vmk->next; + } + + r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, + 0, &dmd.size, &dmd.flags); + if (r) { + crypt_free_volume_key(open_fvek_key); + return r; + } + + /* there will be always 4 dm-zero segments: 3x metadata, 1x FS header */ + for (i = 0; i < 3; i++) { + segments[num_segments].offset = params->metadata_offset[i] / SECTOR_SIZE; + segments[num_segments].length = BITLK_FVE_METADATA_SIZE / SECTOR_SIZE; + segments[num_segments].iv_offset = 0; + segments[num_segments].type = BITLK_SEGTYPE_ZERO; + num_segments++; + } + segments[num_segments].offset = params->volume_header_offset / SECTOR_SIZE; + segments[num_segments].length = params->volume_header_size / SECTOR_SIZE; + segments[num_segments].iv_offset = 0; + segments[num_segments].type = BITLK_SEGTYPE_ZERO; + num_segments++; + + /* filesystem header (moved from the special location) */ + segments[num_segments].offset = 0; + segments[num_segments].length = params->volume_header_size / SECTOR_SIZE; + segments[num_segments].iv_offset = params->volume_header_offset / SECTOR_SIZE; + segments[num_segments].type = BITLK_SEGTYPE_CRYPT; + num_segments++; + + /* now fill gaps between the dm-zero segments with dm-crypt */ + last_segment = params->volume_header_size / SECTOR_SIZE; + while (true) { + next_start = dmd.size; + next_end = dmd.size; + + /* start of the next segment: end of the first existing segment after the last added */ + for (i = 0; i < num_segments; i++) + if (segments[i].offset + segments[i].length < next_start && segments[i].offset + segments[i].length >= last_segment) + next_start = segments[i].offset + segments[i].length; + + /* end of the next segment: start of the next segment after start we found above */ + for (i = 0; i < num_segments; i++) + if (segments[i].offset < next_end && segments[i].offset >= next_start) + next_end = segments[i].offset; + + /* two zero segments next to each other, just bump the last_segment + so the algorithm moves */ + if (next_end - next_start == 0) { + last_segment = next_end + 1; + continue; + } + + segments[num_segments].offset = next_start; + segments[num_segments].length = next_end - next_start; + segments[num_segments].iv_offset = next_start; + segments[num_segments].type = BITLK_SEGTYPE_CRYPT; + last_segment = next_end; + num_segments++; + + if (next_end == dmd.size) + break; + + if (num_segments == 10) { + log_dbg(cd, "Failed to calculate number of dm-crypt segments for open."); + r = -EINVAL; + goto out; + } + } + + /* device mapper needs the segment sorted */ + for (i = 0; i < num_segments - 1; i++) { + min = i; + for (j = i + 1; j < num_segments; j++) + if (segments[j].offset < segments[min].offset) + min = j; + + if (min != i) { + temp.offset = segments[min].offset; + temp.length = segments[min].length; + temp.iv_offset = segments[min].iv_offset; + temp.type = segments[min].type; + + segments[min].offset = segments[i].offset; + segments[min].length = segments[i].length; + segments[min].iv_offset = segments[i].iv_offset; + segments[min].type = segments[i].type; + + segments[i].offset = temp.offset; + segments[i].length = temp.length; + segments[i].iv_offset = temp.iv_offset; + segments[i].type = temp.type; + } + } + + if (params->sector_size != SECTOR_SIZE) + dmd.flags |= CRYPT_ACTIVATE_IV_LARGE_SECTORS; + + r = dm_targets_allocate(&dmd.segment, num_segments); + if (r) + goto out; + next_segment = &dmd.segment; + + for (i = 0; i < num_segments; i++) { + if (segments[i].type == BITLK_SEGTYPE_ZERO) + r = dm_zero_target_set(next_segment, + segments[i].offset, + segments[i].length); + else if (segments[i].type == BITLK_SEGTYPE_CRYPT) + r = dm_crypt_target_set(next_segment, + segments[i].offset, + segments[i].length, + crypt_data_device(cd), + open_fvek_key, + crypt_get_cipher_spec(cd), + segments[i].iv_offset, + segments[i].iv_offset, + NULL, 0, + params->sector_size); + if (r) + goto out; + + next_segment = next_segment->next; + } + + log_dbg(cd, "Trying to activate BITLK on device %s%s%s.", + device_path(crypt_data_device(cd)), name ? " with name " :"", name ?: ""); + + r = dm_create_device(cd, name, CRYPT_BITLK, &dmd); + if (r < 0) { + dm_flags(cd, DM_CRYPT, &dmt_flags); + if (!strcmp(params->cipher_mode, "cbc-eboiv") && !(dmt_flags & DM_BITLK_EBOIV_SUPPORTED)) { + log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK IV.")); + r = -ENOTSUP; + } + if (!strcmp(params->cipher_mode, "cbc-elephant") && !(dmt_flags & DM_BITLK_ELEPHANT_SUPPORTED)) { + log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser.")); + r = -ENOTSUP; + } + } +out: + dm_targets_free(cd, &dmd); + crypt_free_volume_key(open_fvek_key); + return r; +} diff --git a/lib/bitlk/bitlk.h b/lib/bitlk/bitlk.h new file mode 100644 index 0000000..a784883 --- /dev/null +++ b/lib/bitlk/bitlk.h @@ -0,0 +1,131 @@ +/* + * BITLK (BitLocker-compatible) header definition + * + * Copyright (C) 2019-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2019-2020 Milan Broz + * Copyright (C) 2019-2020 Vojtech Trefny + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRYPTSETUP_BITLK_H +#define _CRYPTSETUP_BITLK_H + +#include +#include +#include + +struct crypt_device; +struct device; + +#define BITLK_NONCE_SIZE 12 +#define BITLK_SALT_SIZE 16 +#define BITLK_VMK_MAC_TAG_SIZE 16 + +#define BITLK_STATE_NORMAL 0x0004 + +typedef enum { + BITLK_ENCRYPTION_TYPE_NORMAL = 0, + BITLK_ENCRYPTION_TYPE_EOW, + BITLK_ENCRYPTION_TYPE_UNKNOWN, +} BITLKEncryptionType; + +typedef enum { + BITLK_PROTECTION_CLEAR_KEY = 0, + BITLK_PROTECTION_TPM, + BITLK_PROTECTION_STARTUP_KEY, + BITLK_PROTECTION_TPM_PIN, + BITLK_PROTECTION_RECOVERY_PASSPHRASE, + BITLK_PROTECTION_PASSPHRASE, + BITLK_PROTECTION_SMART_CARD, + BITLK_PROTECTION_UNKNOWN, +} BITLKVMKProtection; + +typedef enum { + BITLK_ENTRY_TYPE_PROPERTY = 0x0000, + BITLK_ENTRY_TYPE_VMK = 0x0002, + BITLK_ENTRY_TYPE_FVEK = 0x0003, + BITLK_ENTRY_TYPE_STARTUP_KEY = 0x0006, + BITLK_ENTRY_TYPE_DESCRIPTION = 0x0007, + BITLK_ENTRY_TYPE_VOLUME_HEADER = 0x000f, +} BITLKFVEEntryType; + +typedef enum { + BITLK_ENTRY_VALUE_ERASED = 0x0000, + BITLK_ENTRY_VALUE_KEY = 0x0001, + BITLK_ENTRY_VALUE_STRING = 0x0002, + BITLK_ENTRY_VALUE_STRETCH_KEY = 0x0003, + BITLK_ENTRY_VALUE_USE_KEY = 0x0004, + BITLK_ENTRY_VALUE_ENCRYPTED_KEY = 0x0005, + BITLK_ENTRY_VALUE_TPM_KEY = 0x0006, + BITLK_ENTRY_VALUE_VALIDATION = 0x0007, + BITLK_ENTRY_VALUE_VMK = 0x0008, + BITLK_ENTRY_VALUE_EXTERNAL_KEY = 0x0009, + BITLK_ENTRY_VALUE_OFFSET_SIZE = 0x000f, + BITLK_ENTRY_VALUE_RECOVERY_TIME = 0x015, +} BITLKFVEEntryValue; + +struct bitlk_vmk { + char *guid; + char *name; + BITLKVMKProtection protection; + uint8_t salt[BITLK_SALT_SIZE]; + uint8_t mac_tag[BITLK_VMK_MAC_TAG_SIZE]; + uint8_t nonce[BITLK_NONCE_SIZE]; + struct volume_key *vk; + struct bitlk_vmk *next; +}; + +struct bitlk_fvek { + uint8_t mac_tag[BITLK_VMK_MAC_TAG_SIZE]; + uint8_t nonce[BITLK_NONCE_SIZE]; + struct volume_key *vk; +}; + +struct bitlk_metadata { + uint16_t sector_size; + bool togo; + bool state; + BITLKEncryptionType type; + const char *cipher; + const char *cipher_mode; + uint16_t key_size; + char *guid; + uint64_t creation_time; + char *description; + uint64_t metadata_offset[3]; + uint32_t metadata_version; + uint64_t volume_header_offset; + uint64_t volume_header_size; + struct bitlk_vmk *vmks; + struct bitlk_fvek *fvek; +}; + +int BITLK_read_sb(struct crypt_device *cd, struct bitlk_metadata *params); + +int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_metadata *params); + +int BITLK_activate(struct crypt_device *cd, + const char *name, + const char *password, + size_t passwordLen, + const struct bitlk_metadata *params, + uint32_t flags); + +void BITLK_bitlk_fvek_free(struct bitlk_fvek *fvek); +void BITLK_bitlk_vmk_free(struct bitlk_vmk *vmk); +void BITLK_bitlk_metadata_free(struct bitlk_metadata *params); + +#endif diff --git a/lib/crypt_plain.c b/lib/crypt_plain.c index 3f8e96b..77d72fc 100644 --- a/lib/crypt_plain.c +++ b/lib/crypt_plain.c @@ -1,9 +1,9 @@ /* * cryptsetup plain device helper functions * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2010-2012 Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2012, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -64,7 +64,7 @@ static int hash(const char *hash_name, size_t key_size, char *key, #define PLAIN_HASH_LEN_MAX 256 -int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), +int crypt_plain_hash(struct crypt_device *cd, const char *hash_name, char *key, size_t key_size, const char *passphrase, size_t passphrase_size) @@ -73,7 +73,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), size_t hash_size, pad_size; int r; - log_dbg("Plain: hashing passphrase using %s.", hash_name); + log_dbg(cd, "Plain: hashing passphrase using %s.", hash_name); if (strlen(hash_name) >= PLAIN_HASH_LEN_MAX) return -EINVAL; @@ -85,11 +85,11 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), *s = '\0'; s++; if (!*s || sscanf(s, "%zd", &hash_size) != 1) { - log_dbg("Hash length is not a number"); + log_dbg(cd, "Hash length is not a number"); return -EINVAL; } if (hash_size > key_size) { - log_dbg("Hash length %zd > key length %zd", + log_dbg(cd, "Hash length %zd > key length %zd", hash_size, key_size); return -EINVAL; } @@ -102,7 +102,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)), /* No hash, copy passphrase directly */ if (!strcmp(hash_name_buf, "plain")) { if (passphrase_size < hash_size) { - log_dbg("Too short plain passphrase."); + log_dbg(cd, "Too short plain passphrase."); return -EINVAL; } memcpy(key, passphrase, hash_size); diff --git a/lib/crypto_backend/Makefile.am b/lib/crypto_backend/Makefile.am deleted file mode 100644 index 942d258..0000000 --- a/lib/crypto_backend/Makefile.am +++ /dev/null @@ -1,30 +0,0 @@ -moduledir = $(libdir)/cryptsetup - -noinst_LTLIBRARIES = libcrypto_backend.la - -libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) -Wall @CRYPTO_CFLAGS@ - -libcrypto_backend_la_SOURCES = crypto_backend.h \ - crypto_cipher_kernel.c crypto_storage.c pbkdf_check.c crc32.c - -if CRYPTO_BACKEND_GCRYPT -libcrypto_backend_la_SOURCES += crypto_gcrypt.c -endif -if CRYPTO_BACKEND_OPENSSL -libcrypto_backend_la_SOURCES += crypto_openssl.c -endif -if CRYPTO_BACKEND_NSS -libcrypto_backend_la_SOURCES += crypto_nss.c -endif -if CRYPTO_BACKEND_KERNEL -libcrypto_backend_la_SOURCES += crypto_kernel.c -endif -if CRYPTO_BACKEND_NETTLE -libcrypto_backend_la_SOURCES += crypto_nettle.c -endif - -if CRYPTO_INTERNAL_PBKDF2 -libcrypto_backend_la_SOURCES += pbkdf2_generic.c -endif - -AM_CPPFLAGS = -include config.h -I$(top_srcdir)/lib diff --git a/lib/crypto_backend/Makefile.in b/lib/crypto_backend/Makefile.in deleted file mode 100644 index cb6dcfc..0000000 --- a/lib/crypto_backend/Makefile.in +++ /dev/null @@ -1,738 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -@CRYPTO_BACKEND_GCRYPT_TRUE@am__append_1 = crypto_gcrypt.c -@CRYPTO_BACKEND_OPENSSL_TRUE@am__append_2 = crypto_openssl.c -@CRYPTO_BACKEND_NSS_TRUE@am__append_3 = crypto_nss.c -@CRYPTO_BACKEND_KERNEL_TRUE@am__append_4 = crypto_kernel.c -@CRYPTO_BACKEND_NETTLE_TRUE@am__append_5 = crypto_nettle.c -@CRYPTO_INTERNAL_PBKDF2_TRUE@am__append_6 = pbkdf2_generic.c -subdir = lib/crypto_backend -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libcrypto_backend_la_LIBADD = -am__libcrypto_backend_la_SOURCES_DIST = crypto_backend.h \ - crypto_cipher_kernel.c crypto_storage.c pbkdf_check.c crc32.c \ - crypto_gcrypt.c crypto_openssl.c crypto_nss.c crypto_kernel.c \ - crypto_nettle.c pbkdf2_generic.c -@CRYPTO_BACKEND_GCRYPT_TRUE@am__objects_1 = libcrypto_backend_la-crypto_gcrypt.lo -@CRYPTO_BACKEND_OPENSSL_TRUE@am__objects_2 = libcrypto_backend_la-crypto_openssl.lo -@CRYPTO_BACKEND_NSS_TRUE@am__objects_3 = \ -@CRYPTO_BACKEND_NSS_TRUE@ libcrypto_backend_la-crypto_nss.lo -@CRYPTO_BACKEND_KERNEL_TRUE@am__objects_4 = libcrypto_backend_la-crypto_kernel.lo -@CRYPTO_BACKEND_NETTLE_TRUE@am__objects_5 = libcrypto_backend_la-crypto_nettle.lo -@CRYPTO_INTERNAL_PBKDF2_TRUE@am__objects_6 = libcrypto_backend_la-pbkdf2_generic.lo -am_libcrypto_backend_la_OBJECTS = \ - libcrypto_backend_la-crypto_cipher_kernel.lo \ - libcrypto_backend_la-crypto_storage.lo \ - libcrypto_backend_la-pbkdf_check.lo \ - libcrypto_backend_la-crc32.lo $(am__objects_1) \ - $(am__objects_2) $(am__objects_3) $(am__objects_4) \ - $(am__objects_5) $(am__objects_6) -libcrypto_backend_la_OBJECTS = $(am_libcrypto_backend_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libcrypto_backend_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(libcrypto_backend_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libcrypto_backend_la_SOURCES) -DIST_SOURCES = $(am__libcrypto_backend_la_SOURCES_DIST) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -moduledir = $(libdir)/cryptsetup -noinst_LTLIBRARIES = libcrypto_backend.la -libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) -Wall @CRYPTO_CFLAGS@ -libcrypto_backend_la_SOURCES = crypto_backend.h crypto_cipher_kernel.c \ - crypto_storage.c pbkdf_check.c crc32.c $(am__append_1) \ - $(am__append_2) $(am__append_3) $(am__append_4) \ - $(am__append_5) $(am__append_6) -AM_CPPFLAGS = -include config.h -I$(top_srcdir)/lib -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/crypto_backend/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu lib/crypto_backend/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libcrypto_backend.la: $(libcrypto_backend_la_OBJECTS) $(libcrypto_backend_la_DEPENDENCIES) $(EXTRA_libcrypto_backend_la_DEPENDENCIES) - $(AM_V_CCLD)$(libcrypto_backend_la_LINK) $(libcrypto_backend_la_OBJECTS) $(libcrypto_backend_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crc32.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libcrypto_backend_la-crypto_cipher_kernel.lo: crypto_cipher_kernel.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crypto_cipher_kernel.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Tpo -c -o libcrypto_backend_la-crypto_cipher_kernel.lo `test -f 'crypto_cipher_kernel.c' || echo '$(srcdir)/'`crypto_cipher_kernel.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Tpo $(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_cipher_kernel.c' object='libcrypto_backend_la-crypto_cipher_kernel.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crypto_cipher_kernel.lo `test -f 'crypto_cipher_kernel.c' || echo '$(srcdir)/'`crypto_cipher_kernel.c - -libcrypto_backend_la-crypto_storage.lo: crypto_storage.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crypto_storage.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crypto_storage.Tpo -c -o libcrypto_backend_la-crypto_storage.lo `test -f 'crypto_storage.c' || echo '$(srcdir)/'`crypto_storage.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crypto_storage.Tpo $(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_storage.c' object='libcrypto_backend_la-crypto_storage.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crypto_storage.lo `test -f 'crypto_storage.c' || echo '$(srcdir)/'`crypto_storage.c - -libcrypto_backend_la-pbkdf_check.lo: pbkdf_check.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-pbkdf_check.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-pbkdf_check.Tpo -c -o libcrypto_backend_la-pbkdf_check.lo `test -f 'pbkdf_check.c' || echo '$(srcdir)/'`pbkdf_check.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-pbkdf_check.Tpo $(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pbkdf_check.c' object='libcrypto_backend_la-pbkdf_check.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-pbkdf_check.lo `test -f 'pbkdf_check.c' || echo '$(srcdir)/'`pbkdf_check.c - -libcrypto_backend_la-crc32.lo: crc32.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crc32.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crc32.Tpo -c -o libcrypto_backend_la-crc32.lo `test -f 'crc32.c' || echo '$(srcdir)/'`crc32.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crc32.Tpo $(DEPDIR)/libcrypto_backend_la-crc32.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crc32.c' object='libcrypto_backend_la-crc32.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crc32.lo `test -f 'crc32.c' || echo '$(srcdir)/'`crc32.c - -libcrypto_backend_la-crypto_gcrypt.lo: crypto_gcrypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crypto_gcrypt.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Tpo -c -o libcrypto_backend_la-crypto_gcrypt.lo `test -f 'crypto_gcrypt.c' || echo '$(srcdir)/'`crypto_gcrypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Tpo $(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_gcrypt.c' object='libcrypto_backend_la-crypto_gcrypt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crypto_gcrypt.lo `test -f 'crypto_gcrypt.c' || echo '$(srcdir)/'`crypto_gcrypt.c - -libcrypto_backend_la-crypto_openssl.lo: crypto_openssl.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crypto_openssl.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crypto_openssl.Tpo -c -o libcrypto_backend_la-crypto_openssl.lo `test -f 'crypto_openssl.c' || echo '$(srcdir)/'`crypto_openssl.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crypto_openssl.Tpo $(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_openssl.c' object='libcrypto_backend_la-crypto_openssl.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crypto_openssl.lo `test -f 'crypto_openssl.c' || echo '$(srcdir)/'`crypto_openssl.c - -libcrypto_backend_la-crypto_nss.lo: crypto_nss.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crypto_nss.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crypto_nss.Tpo -c -o libcrypto_backend_la-crypto_nss.lo `test -f 'crypto_nss.c' || echo '$(srcdir)/'`crypto_nss.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crypto_nss.Tpo $(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_nss.c' object='libcrypto_backend_la-crypto_nss.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crypto_nss.lo `test -f 'crypto_nss.c' || echo '$(srcdir)/'`crypto_nss.c - -libcrypto_backend_la-crypto_kernel.lo: crypto_kernel.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crypto_kernel.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crypto_kernel.Tpo -c -o libcrypto_backend_la-crypto_kernel.lo `test -f 'crypto_kernel.c' || echo '$(srcdir)/'`crypto_kernel.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crypto_kernel.Tpo $(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_kernel.c' object='libcrypto_backend_la-crypto_kernel.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crypto_kernel.lo `test -f 'crypto_kernel.c' || echo '$(srcdir)/'`crypto_kernel.c - -libcrypto_backend_la-crypto_nettle.lo: crypto_nettle.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-crypto_nettle.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-crypto_nettle.Tpo -c -o libcrypto_backend_la-crypto_nettle.lo `test -f 'crypto_nettle.c' || echo '$(srcdir)/'`crypto_nettle.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-crypto_nettle.Tpo $(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_nettle.c' object='libcrypto_backend_la-crypto_nettle.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-crypto_nettle.lo `test -f 'crypto_nettle.c' || echo '$(srcdir)/'`crypto_nettle.c - -libcrypto_backend_la-pbkdf2_generic.lo: pbkdf2_generic.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT libcrypto_backend_la-pbkdf2_generic.lo -MD -MP -MF $(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Tpo -c -o libcrypto_backend_la-pbkdf2_generic.lo `test -f 'pbkdf2_generic.c' || echo '$(srcdir)/'`pbkdf2_generic.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Tpo $(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pbkdf2_generic.c' object='libcrypto_backend_la-pbkdf2_generic.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o libcrypto_backend_la-pbkdf2_generic.lo `test -f 'pbkdf2_generic.c' || echo '$(srcdir)/'`pbkdf2_generic.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/crypto_backend/Makemodule.am b/lib/crypto_backend/Makemodule.am new file mode 100644 index 0000000..f33cd45 --- /dev/null +++ b/lib/crypto_backend/Makemodule.am @@ -0,0 +1,39 @@ +noinst_LTLIBRARIES += libcrypto_backend.la + +libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) @CRYPTO_CFLAGS@ + +libcrypto_backend_la_SOURCES = \ + lib/crypto_backend/crypto_backend.h \ + lib/crypto_backend/crypto_backend_internal.h \ + lib/crypto_backend/crypto_cipher_kernel.c \ + lib/crypto_backend/crypto_storage.c \ + lib/crypto_backend/pbkdf_check.c \ + lib/crypto_backend/crc32.c \ + lib/crypto_backend/argon2_generic.c \ + lib/crypto_backend/cipher_generic.c \ + lib/crypto_backend/cipher_check.c + +if CRYPTO_BACKEND_GCRYPT +libcrypto_backend_la_SOURCES += lib/crypto_backend/crypto_gcrypt.c +endif +if CRYPTO_BACKEND_OPENSSL +libcrypto_backend_la_SOURCES += lib/crypto_backend/crypto_openssl.c +endif +if CRYPTO_BACKEND_NSS +libcrypto_backend_la_SOURCES += lib/crypto_backend/crypto_nss.c +endif +if CRYPTO_BACKEND_KERNEL +libcrypto_backend_la_SOURCES += lib/crypto_backend/crypto_kernel.c +endif +if CRYPTO_BACKEND_NETTLE +libcrypto_backend_la_SOURCES += lib/crypto_backend/crypto_nettle.c +endif + +if CRYPTO_INTERNAL_PBKDF2 +libcrypto_backend_la_SOURCES += lib/crypto_backend/pbkdf2_generic.c +endif + +if CRYPTO_INTERNAL_ARGON2 +libcrypto_backend_la_DEPENDENCIES = libargon2.la +libcrypto_backend_la_LIBADD = libargon2.la +endif diff --git a/lib/crypto_backend/argon2/LICENSE b/lib/crypto_backend/argon2/LICENSE new file mode 100644 index 0000000..de14cd2 --- /dev/null +++ b/lib/crypto_backend/argon2/LICENSE @@ -0,0 +1,30 @@ + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: + + the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; + moral rights retained by the original author(s) and/or performer(s); + publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; + rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; + rights protecting the extraction, dissemination, use and reuse of data in a Work; + database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and + other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. + +4. Limitations and Disclaimers. + + No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. + Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. + Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. + Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. diff --git a/lib/crypto_backend/argon2/Makemodule.am b/lib/crypto_backend/argon2/Makemodule.am new file mode 100644 index 0000000..6fef2f1 --- /dev/null +++ b/lib/crypto_backend/argon2/Makemodule.am @@ -0,0 +1,30 @@ +noinst_LTLIBRARIES += libargon2.la + +libargon2_la_CFLAGS = $(AM_CFLAGS) -std=c89 -pthread -O3 +libargon2_la_CPPFLAGS = $(AM_CPPFLAGS) \ + -I lib/crypto_backend/argon2 \ + -I lib/crypto_backend/argon2/blake2 + +libargon2_la_SOURCES = \ + lib/crypto_backend/argon2/blake2/blake2b.c \ + lib/crypto_backend/argon2/blake2/blake2.h \ + lib/crypto_backend/argon2/blake2/blake2-impl.h \ + lib/crypto_backend/argon2/argon2.c \ + lib/crypto_backend/argon2/argon2.h \ + lib/crypto_backend/argon2/core.c \ + lib/crypto_backend/argon2/core.h \ + lib/crypto_backend/argon2/encoding.c \ + lib/crypto_backend/argon2/encoding.h \ + lib/crypto_backend/argon2/thread.c \ + lib/crypto_backend/argon2/thread.h + +if CRYPTO_INTERNAL_SSE_ARGON2 +libargon2_la_SOURCES += lib/crypto_backend/argon2/blake2/blamka-round-opt.h \ + lib/crypto_backend/argon2/opt.c +else +libargon2_la_SOURCES += lib/crypto_backend/argon2/blake2/blamka-round-ref.h \ + lib/crypto_backend/argon2/ref.c +endif + +EXTRA_DIST += lib/crypto_backend/argon2/LICENSE +EXTRA_DIST += lib/crypto_backend/argon2/README diff --git a/lib/crypto_backend/argon2/README b/lib/crypto_backend/argon2/README new file mode 100644 index 0000000..5376b52 --- /dev/null +++ b/lib/crypto_backend/argon2/README @@ -0,0 +1,5 @@ +This is bundled Argon2 algorithm library, copied from + https://github.com/P-H-C/phc-winner-argon2 + +For more info see Password Hashing Competition site: + https://password-hashing.net/ diff --git a/lib/crypto_backend/argon2/argon2.c b/lib/crypto_backend/argon2/argon2.c new file mode 100644 index 0000000..f748bcc --- /dev/null +++ b/lib/crypto_backend/argon2/argon2.c @@ -0,0 +1,456 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "argon2.h" +#include "encoding.h" +#include "core.h" + +/* to silent gcc -Wcast-qual for const cast */ +#define CONST_CAST(x) (x)(uintptr_t) + +const char *argon2_type2string(argon2_type type, int uppercase) { + switch (type) { + case Argon2_d: + return uppercase ? "Argon2d" : "argon2d"; + case Argon2_i: + return uppercase ? "Argon2i" : "argon2i"; + case Argon2_id: + return uppercase ? "Argon2id" : "argon2id"; + } + + return NULL; +} + +int argon2_ctx(argon2_context *context, argon2_type type) { + /* 1. Validate all inputs */ + int result = validate_inputs(context); + uint32_t memory_blocks, segment_length; + argon2_instance_t instance; + + if (ARGON2_OK != result) { + return result; + } + + if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { + return ARGON2_INCORRECT_TYPE; + } + + /* 2. Align memory size */ + /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ + memory_blocks = context->m_cost; + + if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { + memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; + } + + segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); + /* Ensure that all segments have equal length */ + memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); + + instance.version = context->version; + instance.memory = NULL; + instance.passes = context->t_cost; + instance.memory_blocks = memory_blocks; + instance.segment_length = segment_length; + instance.lane_length = segment_length * ARGON2_SYNC_POINTS; + instance.lanes = context->lanes; + instance.threads = context->threads; + instance.type = type; + + if (instance.threads > instance.lanes) { + instance.threads = instance.lanes; + } + + /* 3. Initialization: Hashing inputs, allocating memory, filling first + * blocks + */ + result = initialize(&instance, context); + + if (ARGON2_OK != result) { + return result; + } + + /* 4. Filling memory */ + result = fill_memory_blocks(&instance); + + if (ARGON2_OK != result) { + return result; + } + /* 5. Finalization */ + finalize(context, &instance); + + return ARGON2_OK; +} + +int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, const size_t saltlen, + void *hash, const size_t hashlen, char *encoded, + const size_t encodedlen, argon2_type type, + const uint32_t version){ + + argon2_context context; + int result; + uint8_t *out; + + if (pwdlen > ARGON2_MAX_PWD_LENGTH) { + return ARGON2_PWD_TOO_LONG; + } + + if (saltlen > ARGON2_MAX_SALT_LENGTH) { + return ARGON2_SALT_TOO_LONG; + } + + if (hashlen > ARGON2_MAX_OUTLEN) { + return ARGON2_OUTPUT_TOO_LONG; + } + + if (hashlen < ARGON2_MIN_OUTLEN) { + return ARGON2_OUTPUT_TOO_SHORT; + } + + out = malloc(hashlen); + if (!out) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + context.out = (uint8_t *)out; + context.outlen = (uint32_t)hashlen; + context.pwd = CONST_CAST(uint8_t *)pwd; + context.pwdlen = (uint32_t)pwdlen; + context.salt = CONST_CAST(uint8_t *)salt; + context.saltlen = (uint32_t)saltlen; + context.secret = NULL; + context.secretlen = 0; + context.ad = NULL; + context.adlen = 0; + context.t_cost = t_cost; + context.m_cost = m_cost; + context.lanes = parallelism; + context.threads = parallelism; + context.allocate_cbk = NULL; + context.free_cbk = NULL; + context.flags = ARGON2_DEFAULT_FLAGS; + context.version = version; + + result = argon2_ctx(&context, type); + + if (result != ARGON2_OK) { + clear_internal_memory(out, hashlen); + free(out); + return result; + } + + /* if raw hash requested, write it */ + if (hash) { + memcpy(hash, out, hashlen); + } + + /* if encoding requested, write it */ + if (encoded && encodedlen) { + if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) { + clear_internal_memory(out, hashlen); /* wipe buffers if error */ + clear_internal_memory(encoded, encodedlen); + free(out); + return ARGON2_ENCODING_FAIL; + } + } + clear_internal_memory(out, hashlen); + free(out); + + return ARGON2_OK; +} + +int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, const size_t hashlen, + char *encoded, const size_t encodedlen) { + + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + NULL, hashlen, encoded, encodedlen, Argon2_i, + ARGON2_VERSION_NUMBER); +} + +int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, const size_t hashlen) { + + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + hash, hashlen, NULL, 0, Argon2_i, ARGON2_VERSION_NUMBER); +} + +int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, const size_t hashlen, + char *encoded, const size_t encodedlen) { + + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + NULL, hashlen, encoded, encodedlen, Argon2_d, + ARGON2_VERSION_NUMBER); +} + +int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, const size_t hashlen) { + + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER); +} + +int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, const size_t hashlen, + char *encoded, const size_t encodedlen) { + + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + NULL, hashlen, encoded, encodedlen, Argon2_id, + ARGON2_VERSION_NUMBER); +} + +int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, const size_t hashlen) { + return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, + hash, hashlen, NULL, 0, Argon2_id, + ARGON2_VERSION_NUMBER); +} + +static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) { + size_t i; + uint8_t d = 0U; + + for (i = 0U; i < len; i++) { + d |= b1[i] ^ b2[i]; + } + return (int)((1 & ((d - 1) >> 8)) - 1); +} + +int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, + argon2_type type) { + + argon2_context ctx; + uint8_t *desired_result = NULL; + + int ret = ARGON2_OK; + + size_t encoded_len; + uint32_t max_field_len; + + if (pwdlen > ARGON2_MAX_PWD_LENGTH) { + return ARGON2_PWD_TOO_LONG; + } + + if (encoded == NULL) { + return ARGON2_DECODING_FAIL; + } + + encoded_len = strlen(encoded); + if (encoded_len > UINT32_MAX) { + return ARGON2_DECODING_FAIL; + } + + /* No field can be longer than the encoded length */ + /* coverity[strlen_assign] */ + max_field_len = (uint32_t)encoded_len; + + ctx.saltlen = max_field_len; + ctx.outlen = max_field_len; + + ctx.salt = malloc(ctx.saltlen); + ctx.out = malloc(ctx.outlen); + if (!ctx.salt || !ctx.out) { + ret = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + ctx.pwd = CONST_CAST(uint8_t *)pwd; + ctx.pwdlen = (uint32_t)pwdlen; + + ret = decode_string(&ctx, encoded, type); + if (ret != ARGON2_OK) { + goto fail; + } + + /* Set aside the desired result, and get a new buffer. */ + desired_result = ctx.out; + ctx.out = malloc(ctx.outlen); + if (!ctx.out) { + ret = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + ret = argon2_verify_ctx(&ctx, (char *)desired_result, type); + if (ret != ARGON2_OK) { + goto fail; + } + +fail: + free(ctx.salt); + free(ctx.out); + free(desired_result); + + return ret; +} + +int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen) { + + return argon2_verify(encoded, pwd, pwdlen, Argon2_i); +} + +int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) { + + return argon2_verify(encoded, pwd, pwdlen, Argon2_d); +} + +int argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen) { + + return argon2_verify(encoded, pwd, pwdlen, Argon2_id); +} + +int argon2d_ctx(argon2_context *context) { + return argon2_ctx(context, Argon2_d); +} + +int argon2i_ctx(argon2_context *context) { + return argon2_ctx(context, Argon2_i); +} + +int argon2id_ctx(argon2_context *context) { + return argon2_ctx(context, Argon2_id); +} + +int argon2_verify_ctx(argon2_context *context, const char *hash, + argon2_type type) { + int ret = argon2_ctx(context, type); + if (ret != ARGON2_OK) { + return ret; + } + + if (argon2_compare(CONST_CAST(uint8_t *)hash, context->out, context->outlen)) { + return ARGON2_VERIFY_MISMATCH; + } + + return ARGON2_OK; +} + +int argon2d_verify_ctx(argon2_context *context, const char *hash) { + return argon2_verify_ctx(context, hash, Argon2_d); +} + +int argon2i_verify_ctx(argon2_context *context, const char *hash) { + return argon2_verify_ctx(context, hash, Argon2_i); +} + +int argon2id_verify_ctx(argon2_context *context, const char *hash) { + return argon2_verify_ctx(context, hash, Argon2_id); +} + +const char *argon2_error_message(int error_code) { + switch (error_code) { + case ARGON2_OK: + return "OK"; + case ARGON2_OUTPUT_PTR_NULL: + return "Output pointer is NULL"; + case ARGON2_OUTPUT_TOO_SHORT: + return "Output is too short"; + case ARGON2_OUTPUT_TOO_LONG: + return "Output is too long"; + case ARGON2_PWD_TOO_SHORT: + return "Password is too short"; + case ARGON2_PWD_TOO_LONG: + return "Password is too long"; + case ARGON2_SALT_TOO_SHORT: + return "Salt is too short"; + case ARGON2_SALT_TOO_LONG: + return "Salt is too long"; + case ARGON2_AD_TOO_SHORT: + return "Associated data is too short"; + case ARGON2_AD_TOO_LONG: + return "Associated data is too long"; + case ARGON2_SECRET_TOO_SHORT: + return "Secret is too short"; + case ARGON2_SECRET_TOO_LONG: + return "Secret is too long"; + case ARGON2_TIME_TOO_SMALL: + return "Time cost is too small"; + case ARGON2_TIME_TOO_LARGE: + return "Time cost is too large"; + case ARGON2_MEMORY_TOO_LITTLE: + return "Memory cost is too small"; + case ARGON2_MEMORY_TOO_MUCH: + return "Memory cost is too large"; + case ARGON2_LANES_TOO_FEW: + return "Too few lanes"; + case ARGON2_LANES_TOO_MANY: + return "Too many lanes"; + case ARGON2_PWD_PTR_MISMATCH: + return "Password pointer is NULL, but password length is not 0"; + case ARGON2_SALT_PTR_MISMATCH: + return "Salt pointer is NULL, but salt length is not 0"; + case ARGON2_SECRET_PTR_MISMATCH: + return "Secret pointer is NULL, but secret length is not 0"; + case ARGON2_AD_PTR_MISMATCH: + return "Associated data pointer is NULL, but ad length is not 0"; + case ARGON2_MEMORY_ALLOCATION_ERROR: + return "Memory allocation error"; + case ARGON2_FREE_MEMORY_CBK_NULL: + return "The free memory callback is NULL"; + case ARGON2_ALLOCATE_MEMORY_CBK_NULL: + return "The allocate memory callback is NULL"; + case ARGON2_INCORRECT_PARAMETER: + return "Argon2_Context context is NULL"; + case ARGON2_INCORRECT_TYPE: + return "There is no such version of Argon2"; + case ARGON2_OUT_PTR_MISMATCH: + return "Output pointer mismatch"; + case ARGON2_THREADS_TOO_FEW: + return "Not enough threads"; + case ARGON2_THREADS_TOO_MANY: + return "Too many threads"; + case ARGON2_MISSING_ARGS: + return "Missing arguments"; + case ARGON2_ENCODING_FAIL: + return "Encoding failed"; + case ARGON2_DECODING_FAIL: + return "Decoding failed"; + case ARGON2_THREAD_FAIL: + return "Threading failure"; + case ARGON2_DECODING_LENGTH_FAIL: + return "Some of encoded parameters are too long or too short"; + case ARGON2_VERIFY_MISMATCH: + return "The password does not match the supplied hash"; + default: + return "Unknown error code"; + } +} + +size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism, + uint32_t saltlen, uint32_t hashlen, argon2_type type) { + return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) + + numlen(t_cost) + numlen(m_cost) + numlen(parallelism) + + b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1; +} diff --git a/lib/crypto_backend/argon2/argon2.h b/lib/crypto_backend/argon2/argon2.h new file mode 100644 index 0000000..fc8682c --- /dev/null +++ b/lib/crypto_backend/argon2/argon2.h @@ -0,0 +1,437 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ARGON2_H +#define ARGON2_H + +#include +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* Symbols visibility control */ +#ifdef A2_VISCTL +#define ARGON2_PUBLIC __attribute__((visibility("default"))) +#define ARGON2_LOCAL __attribute__ ((visibility ("hidden"))) +#elif _MSC_VER +#define ARGON2_PUBLIC __declspec(dllexport) +#define ARGON2_LOCAL +#else +#define ARGON2_PUBLIC +#define ARGON2_LOCAL +#endif + +/* + * Argon2 input parameter restrictions + */ + +/* Minimum and maximum number of lanes (degree of parallelism) */ +#define ARGON2_MIN_LANES UINT32_C(1) +#define ARGON2_MAX_LANES UINT32_C(0xFFFFFF) + +/* Minimum and maximum number of threads */ +#define ARGON2_MIN_THREADS UINT32_C(1) +#define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF) + +/* Number of synchronization points between lanes per pass */ +#define ARGON2_SYNC_POINTS UINT32_C(4) + +/* Minimum and maximum digest size in bytes */ +#define ARGON2_MIN_OUTLEN UINT32_C(4) +#define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ +#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ + +#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) +/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ +#define ARGON2_MAX_MEMORY_BITS \ + ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1)) +#define ARGON2_MAX_MEMORY \ + ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) + +/* Minimum and maximum number of passes */ +#define ARGON2_MIN_TIME UINT32_C(1) +#define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum password length in bytes */ +#define ARGON2_MIN_PWD_LENGTH UINT32_C(0) +#define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum associated data length in bytes */ +#define ARGON2_MIN_AD_LENGTH UINT32_C(0) +#define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum salt length in bytes */ +#define ARGON2_MIN_SALT_LENGTH UINT32_C(8) +#define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF) + +/* Minimum and maximum key length in bytes */ +#define ARGON2_MIN_SECRET UINT32_C(0) +#define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF) + +/* Flags to determine which fields are securely wiped (default = no wipe). */ +#define ARGON2_DEFAULT_FLAGS UINT32_C(0) +#define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0) +#define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1) + +/* Global flag to determine if we are wiping internal memory buffers. This flag + * is defined in core.c and defaults to 1 (wipe internal memory). */ +extern int FLAG_clear_internal_memory; + +/* Error codes */ +typedef enum Argon2_ErrorCodes { + ARGON2_OK = 0, + + ARGON2_OUTPUT_PTR_NULL = -1, + + ARGON2_OUTPUT_TOO_SHORT = -2, + ARGON2_OUTPUT_TOO_LONG = -3, + + ARGON2_PWD_TOO_SHORT = -4, + ARGON2_PWD_TOO_LONG = -5, + + ARGON2_SALT_TOO_SHORT = -6, + ARGON2_SALT_TOO_LONG = -7, + + ARGON2_AD_TOO_SHORT = -8, + ARGON2_AD_TOO_LONG = -9, + + ARGON2_SECRET_TOO_SHORT = -10, + ARGON2_SECRET_TOO_LONG = -11, + + ARGON2_TIME_TOO_SMALL = -12, + ARGON2_TIME_TOO_LARGE = -13, + + ARGON2_MEMORY_TOO_LITTLE = -14, + ARGON2_MEMORY_TOO_MUCH = -15, + + ARGON2_LANES_TOO_FEW = -16, + ARGON2_LANES_TOO_MANY = -17, + + ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ + ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ + ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ + ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ + + ARGON2_MEMORY_ALLOCATION_ERROR = -22, + + ARGON2_FREE_MEMORY_CBK_NULL = -23, + ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, + + ARGON2_INCORRECT_PARAMETER = -25, + ARGON2_INCORRECT_TYPE = -26, + + ARGON2_OUT_PTR_MISMATCH = -27, + + ARGON2_THREADS_TOO_FEW = -28, + ARGON2_THREADS_TOO_MANY = -29, + + ARGON2_MISSING_ARGS = -30, + + ARGON2_ENCODING_FAIL = -31, + + ARGON2_DECODING_FAIL = -32, + + ARGON2_THREAD_FAIL = -33, + + ARGON2_DECODING_LENGTH_FAIL = -34, + + ARGON2_VERIFY_MISMATCH = -35 +} argon2_error_codes; + +/* Memory allocator types --- for external allocation */ +typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate); +typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate); + +/* Argon2 external data structures */ + +/* + ***** + * Context: structure to hold Argon2 inputs: + * output array and its length, + * password and its length, + * salt and its length, + * secret and its length, + * associated data and its length, + * number of passes, amount of used memory (in KBytes, can be rounded up a bit) + * number of parallel threads that will be run. + * All the parameters above affect the output hash value. + * Additionally, two function pointers can be provided to allocate and + * deallocate the memory (if NULL, memory will be allocated internally). + * Also, three flags indicate whether to erase password, secret as soon as they + * are pre-hashed (and thus not needed anymore), and the entire memory + ***** + * Simplest situation: you have output array out[8], password is stored in + * pwd[32], salt is stored in salt[16], you do not have keys nor associated + * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with + * 4 parallel lanes. + * You want to erase the password, but you're OK with last pass not being + * erased. You want to use the default memory allocator. + * Then you initialize: + Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) + */ +typedef struct Argon2_Context { + uint8_t *out; /* output array */ + uint32_t outlen; /* digest length */ + + uint8_t *pwd; /* password array */ + uint32_t pwdlen; /* password length */ + + uint8_t *salt; /* salt array */ + uint32_t saltlen; /* salt length */ + + uint8_t *secret; /* key array */ + uint32_t secretlen; /* key length */ + + uint8_t *ad; /* associated data array */ + uint32_t adlen; /* associated data length */ + + uint32_t t_cost; /* number of passes */ + uint32_t m_cost; /* amount of memory requested (KB) */ + uint32_t lanes; /* number of lanes */ + uint32_t threads; /* maximum number of threads */ + + uint32_t version; /* version number */ + + allocate_fptr allocate_cbk; /* pointer to memory allocator */ + deallocate_fptr free_cbk; /* pointer to memory deallocator */ + + uint32_t flags; /* array of bool options */ +} argon2_context; + +/* Argon2 primitive type */ +typedef enum Argon2_type { + Argon2_d = 0, + Argon2_i = 1, + Argon2_id = 2 +} argon2_type; + +/* Version of the algorithm */ +typedef enum Argon2_version { + ARGON2_VERSION_10 = 0x10, + ARGON2_VERSION_13 = 0x13, + ARGON2_VERSION_NUMBER = ARGON2_VERSION_13 +} argon2_version; + +/* + * Function that gives the string representation of an argon2_type. + * @param type The argon2_type that we want the string for + * @param uppercase Whether the string should have the first letter uppercase + * @return NULL if invalid type, otherwise the string representation. + */ +ARGON2_PUBLIC const char *argon2_type2string(argon2_type type, int uppercase); + +/* + * Function that performs memory-hard hashing with certain degree of parallelism + * @param context Pointer to the Argon2 internal structure + * @return Error code if smth is wrong, ARGON2_OK otherwise + */ +ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type); + +/** + * Hashes a password with Argon2i, producing an encoded hash + * @param t_cost Number of iterations + * @param m_cost Sets memory usage to m_cost kibibytes + * @param parallelism Number of threads and compute lanes + * @param pwd Pointer to password + * @param pwdlen Password size in bytes + * @param salt Pointer to salt + * @param saltlen Salt size in bytes + * @param hashlen Desired length of the hash in bytes + * @param encoded Buffer where to write the encoded hash + * @param encodedlen Size of the buffer (thus max size of the encoded hash) + * @pre Different parallelism levels will give different results + * @pre Returns ARGON2_OK if successful + */ +ARGON2_PUBLIC int argon2i_hash_encoded(const uint32_t t_cost, + const uint32_t m_cost, + const uint32_t parallelism, + const void *pwd, const size_t pwdlen, + const void *salt, const size_t saltlen, + const size_t hashlen, char *encoded, + const size_t encodedlen); + +/** + * Hashes a password with Argon2i, producing a raw hash at @hash + * @param t_cost Number of iterations + * @param m_cost Sets memory usage to m_cost kibibytes + * @param parallelism Number of threads and compute lanes + * @param pwd Pointer to password + * @param pwdlen Password size in bytes + * @param salt Pointer to salt + * @param saltlen Salt size in bytes + * @param hash Buffer where to write the raw hash - updated by the function + * @param hashlen Desired length of the hash in bytes + * @pre Different parallelism levels will give different results + * @pre Returns ARGON2_OK if successful + */ +ARGON2_PUBLIC int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, + const size_t hashlen); + +ARGON2_PUBLIC int argon2d_hash_encoded(const uint32_t t_cost, + const uint32_t m_cost, + const uint32_t parallelism, + const void *pwd, const size_t pwdlen, + const void *salt, const size_t saltlen, + const size_t hashlen, char *encoded, + const size_t encodedlen); + +ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, + const size_t hashlen); + +ARGON2_PUBLIC int argon2id_hash_encoded(const uint32_t t_cost, + const uint32_t m_cost, + const uint32_t parallelism, + const void *pwd, const size_t pwdlen, + const void *salt, const size_t saltlen, + const size_t hashlen, char *encoded, + const size_t encodedlen); + +ARGON2_PUBLIC int argon2id_hash_raw(const uint32_t t_cost, + const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, + const size_t hashlen); + +/* generic function underlying the above ones */ +ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, + const uint32_t parallelism, const void *pwd, + const size_t pwdlen, const void *salt, + const size_t saltlen, void *hash, + const size_t hashlen, char *encoded, + const size_t encodedlen, argon2_type type, + const uint32_t version); + +/** + * Verifies a password against an encoded string + * Encoded string is restricted as in validate_inputs() + * @param encoded String encoding parameters, salt, hash + * @param pwd Pointer to password + * @pre Returns ARGON2_OK if successful + */ +ARGON2_PUBLIC int argon2i_verify(const char *encoded, const void *pwd, + const size_t pwdlen); + +ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd, + const size_t pwdlen); + +ARGON2_PUBLIC int argon2id_verify(const char *encoded, const void *pwd, + const size_t pwdlen); + +/* generic function underlying the above ones */ +ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd, + const size_t pwdlen, argon2_type type); + +/** + * Argon2d: Version of Argon2 that picks memory blocks depending + * on the password and salt. Only for side-channel-free + * environment!! + ***** + * @param context Pointer to current Argon2 context + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2d_ctx(argon2_context *context); + +/** + * Argon2i: Version of Argon2 that picks memory blocks + * independent on the password and salt. Good for side-channels, + * but worse w.r.t. tradeoff attacks if only one pass is used. + ***** + * @param context Pointer to current Argon2 context + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2i_ctx(argon2_context *context); + +/** + * Argon2id: Version of Argon2 where the first half-pass over memory is + * password-independent, the rest are password-dependent (on the password and + * salt). OK against side channels (they reduce to 1/2-pass Argon2i), and + * better with w.r.t. tradeoff attacks (similar to Argon2d). + ***** + * @param context Pointer to current Argon2 context + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2id_ctx(argon2_context *context); + +/** + * Verify if a given password is correct for Argon2d hashing + * @param context Pointer to current Argon2 context + * @param hash The password hash to verify. The length of the hash is + * specified by the context outlen member + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash); + +/** + * Verify if a given password is correct for Argon2i hashing + * @param context Pointer to current Argon2 context + * @param hash The password hash to verify. The length of the hash is + * specified by the context outlen member + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash); + +/** + * Verify if a given password is correct for Argon2id hashing + * @param context Pointer to current Argon2 context + * @param hash The password hash to verify. The length of the hash is + * specified by the context outlen member + * @return Zero if successful, a non zero error code otherwise + */ +ARGON2_PUBLIC int argon2id_verify_ctx(argon2_context *context, + const char *hash); + +/* generic function underlying the above ones */ +ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash, + argon2_type type); + +/** + * Get the associated error message for given error code + * @return The error message associated with the given error code + */ +ARGON2_PUBLIC const char *argon2_error_message(int error_code); + +/** + * Returns the encoded hash length for the given input parameters + * @param t_cost Number of iterations + * @param m_cost Memory usage in kibibytes + * @param parallelism Number of threads; used to compute lanes + * @param saltlen Salt size in bytes + * @param hashlen Hash size in bytes + * @param type The argon2_type that we want the encoded length for + * @return The encoded hash length in bytes + */ +ARGON2_PUBLIC size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, + uint32_t parallelism, uint32_t saltlen, + uint32_t hashlen, argon2_type type); + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/lib/crypto_backend/argon2/blake2/blake2-impl.h b/lib/crypto_backend/argon2/blake2/blake2-impl.h new file mode 100644 index 0000000..e77ad92 --- /dev/null +++ b/lib/crypto_backend/argon2/blake2/blake2-impl.h @@ -0,0 +1,154 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef PORTABLE_BLAKE2_IMPL_H +#define PORTABLE_BLAKE2_IMPL_H + +#include +#include + +#if defined(_MSC_VER) +#define BLAKE2_INLINE __inline +#elif defined(__GNUC__) || defined(__clang__) +#define BLAKE2_INLINE __inline__ +#else +#define BLAKE2_INLINE +#endif + +/* Argon2 Team - Begin Code */ +/* + Not an exhaustive list, but should cover the majority of modern platforms + Additionally, the code will always be correct---this is only a performance + tweak. +*/ +#if (defined(__BYTE_ORDER__) && \ + (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ + defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ + defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ + defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ + defined(_M_ARM) +#define NATIVE_LITTLE_ENDIAN +#endif +/* Argon2 Team - End Code */ + +static BLAKE2_INLINE uint32_t load32(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + uint32_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint32_t w = *p++; + w |= (uint32_t)(*p++) << 8; + w |= (uint32_t)(*p++) << 16; + w |= (uint32_t)(*p++) << 24; + return w; +#endif +} + +static BLAKE2_INLINE uint64_t load64(const void *src) { +#if defined(NATIVE_LITTLE_ENDIAN) + uint64_t w; + memcpy(&w, src, sizeof w); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + w |= (uint64_t)(*p++) << 48; + w |= (uint64_t)(*p++) << 56; + return w; +#endif +} + +static BLAKE2_INLINE void store32(void *dst, uint32_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static BLAKE2_INLINE void store64(void *dst, uint64_t w) { +#if defined(NATIVE_LITTLE_ENDIAN) + memcpy(dst, &w, sizeof w); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static BLAKE2_INLINE uint64_t load48(const void *src) { + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + return w; +} + +static BLAKE2_INLINE void store48(void *dst, uint64_t w) { + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +} + +static BLAKE2_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) { + return (w >> c) | (w << (32 - c)); +} + +static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) { + return (w >> c) | (w << (64 - c)); +} + +#endif diff --git a/lib/crypto_backend/argon2/blake2/blake2.h b/lib/crypto_backend/argon2/blake2/blake2.h new file mode 100644 index 0000000..9f97e1c --- /dev/null +++ b/lib/crypto_backend/argon2/blake2/blake2.h @@ -0,0 +1,89 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef PORTABLE_BLAKE2_H +#define PORTABLE_BLAKE2_H + +#include "../argon2.h" + +#if defined(__cplusplus) +extern "C" { +#endif + +enum blake2b_constant { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_KEYBYTES = 64, + BLAKE2B_SALTBYTES = 16, + BLAKE2B_PERSONALBYTES = 16 +}; + +#pragma pack(push, 1) +typedef struct __blake2b_param { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint32_t leaf_length; /* 8 */ + uint64_t node_offset; /* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ +} blake2b_param; +#pragma pack(pop) + +typedef struct __blake2b_state { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + unsigned buflen; + unsigned outlen; + uint8_t last_node; +} blake2b_state; + +/* Ensure param structs have not been wrongly padded */ +/* Poor man's static_assert */ +enum { + blake2_size_check_0 = 1 / !!(CHAR_BIT == 8), + blake2_size_check_2 = + 1 / !!(sizeof(blake2b_param) == sizeof(uint64_t) * CHAR_BIT) +}; + +/* Streaming API */ +ARGON2_LOCAL int blake2b_init(blake2b_state *S, size_t outlen); +ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, + size_t keylen); +ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P); +ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, size_t inlen); +ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, size_t outlen); + +/* Simple API */ +ARGON2_LOCAL int blake2b(void *out, size_t outlen, const void *in, size_t inlen, + const void *key, size_t keylen); + +/* Argon2 Team - Begin Code */ +ARGON2_LOCAL int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen); +/* Argon2 Team - End Code */ + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/lib/crypto_backend/argon2/blake2/blake2b.c b/lib/crypto_backend/argon2/blake2/blake2b.c new file mode 100644 index 0000000..b8651f2 --- /dev/null +++ b/lib/crypto_backend/argon2/blake2/blake2b.c @@ -0,0 +1,392 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "blake2.h" +#include "blake2-impl.h" + +void clear_internal_memory(void *v, size_t n); + +static const uint64_t blake2b_IV[8] = { + UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b), + UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1), + UINT64_C(0x510e527fade682d1), UINT64_C(0x9b05688c2b3e6c1f), + UINT64_C(0x1f83d9abfb41bd6b), UINT64_C(0x5be0cd19137e2179)}; + +static const unsigned int blake2b_sigma[12][16] = { + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, + {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, + {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, + {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, + {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, + {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, + {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, + {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, + {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, +}; + +static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) { + S->f[1] = (uint64_t)-1; +} + +static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) { + if (S->last_node) { + blake2b_set_lastnode(S); + } + S->f[0] = (uint64_t)-1; +} + +static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S, + uint64_t inc) { + S->t[0] += inc; + S->t[1] += (S->t[0] < inc); +} + +static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) { + clear_internal_memory(S, sizeof(*S)); /* wipe */ + blake2b_set_lastblock(S); /* invalidate for further use */ +} + +static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) { + memset(S, 0, sizeof(*S)); + memcpy(S->h, blake2b_IV, sizeof(S->h)); +} + +int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { + const unsigned char *p = (const unsigned char *)P; + unsigned int i; + + if (NULL == P || NULL == S) { + return -1; + } + + blake2b_init0(S); + /* IV XOR Parameter Block */ + for (i = 0; i < 8; ++i) { + S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); + } + S->outlen = P->digest_length; + return 0; +} + +/* Sequential blake2b initialization */ +int blake2b_init(blake2b_state *S, size_t outlen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for unkeyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = 0; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + return blake2b_init_param(S, &P); +} + +int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, + size_t keylen) { + blake2b_param P; + + if (S == NULL) { + return -1; + } + + if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { + blake2b_invalidate_state(S); + return -1; + } + + /* Setup Parameter Block for keyed BLAKE2 */ + P.digest_length = (uint8_t)outlen; + P.key_length = (uint8_t)keylen; + P.fanout = 1; + P.depth = 1; + P.leaf_length = 0; + P.node_offset = 0; + P.node_depth = 0; + P.inner_length = 0; + memset(P.reserved, 0, sizeof(P.reserved)); + memset(P.salt, 0, sizeof(P.salt)); + memset(P.personal, 0, sizeof(P.personal)); + + if (blake2b_init_param(S, &P) < 0) { + blake2b_invalidate_state(S); + return -1; + } + + { + uint8_t block[BLAKE2B_BLOCKBYTES]; + memset(block, 0, BLAKE2B_BLOCKBYTES); + memcpy(block, key, keylen); + blake2b_update(S, block, BLAKE2B_BLOCKBYTES); + /* Burn the key from stack */ + clear_internal_memory(block, BLAKE2B_BLOCKBYTES); + } + return 0; +} + +static void blake2b_compress(blake2b_state *S, const uint8_t *block) { + uint64_t m[16]; + uint64_t v[16]; + unsigned int i, r; + + for (i = 0; i < 16; ++i) { + m[i] = load64(block + i * sizeof(m[i])); + } + + for (i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = blake2b_IV[4] ^ S->t[0]; + v[13] = blake2b_IV[5] ^ S->t[1]; + v[14] = blake2b_IV[6] ^ S->f[0]; + v[15] = blake2b_IV[7] ^ S->f[1]; + +#define G(r, i, a, b, c, d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define ROUND(r) \ + do { \ + G(r, 0, v[0], v[4], v[8], v[12]); \ + G(r, 1, v[1], v[5], v[9], v[13]); \ + G(r, 2, v[2], v[6], v[10], v[14]); \ + G(r, 3, v[3], v[7], v[11], v[15]); \ + G(r, 4, v[0], v[5], v[10], v[15]); \ + G(r, 5, v[1], v[6], v[11], v[12]); \ + G(r, 6, v[2], v[7], v[8], v[13]); \ + G(r, 7, v[3], v[4], v[9], v[14]); \ + } while ((void)0, 0) + + for (r = 0; r < 12; ++r) { + ROUND(r); + } + + for (i = 0; i < 8; ++i) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND +} + +int blake2b_update(blake2b_state *S, const void *in, size_t inlen) { + const uint8_t *pin = (const uint8_t *)in; + + if (inlen == 0) { + return 0; + } + + /* Sanity check */ + if (S == NULL || in == NULL) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { + /* Complete current block */ + size_t left = S->buflen; + size_t fill = BLAKE2B_BLOCKBYTES - left; + memcpy(&S->buf[left], pin, fill); + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, S->buf); + S->buflen = 0; + inlen -= fill; + pin += fill; + /* Avoid buffer copies when possible */ + while (inlen > BLAKE2B_BLOCKBYTES) { + blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); + blake2b_compress(S, pin); + inlen -= BLAKE2B_BLOCKBYTES; + pin += BLAKE2B_BLOCKBYTES; + } + } + memcpy(&S->buf[S->buflen], pin, inlen); + S->buflen += (unsigned int)inlen; + return 0; +} + +int blake2b_final(blake2b_state *S, void *out, size_t outlen) { + uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; + unsigned int i; + + /* Sanity checks */ + if (S == NULL || out == NULL || outlen < S->outlen) { + return -1; + } + + /* Is this a reused state? */ + if (S->f[0] != 0) { + return -1; + } + + blake2b_increment_counter(S, S->buflen); + blake2b_set_lastblock(S); + memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ + blake2b_compress(S, S->buf); + + for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ + store64(buffer + sizeof(S->h[i]) * i, S->h[i]); + } + + memcpy(out, buffer, S->outlen); + clear_internal_memory(buffer, sizeof(buffer)); + clear_internal_memory(S->buf, sizeof(S->buf)); + clear_internal_memory(S->h, sizeof(S->h)); + return 0; +} + +int blake2b(void *out, size_t outlen, const void *in, size_t inlen, + const void *key, size_t keylen) { + blake2b_state S; + int ret = -1; + + /* Verify parameters */ + if (NULL == in && inlen > 0) { + goto fail; + } + + if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { + goto fail; + } + + if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { + goto fail; + } + + if (keylen > 0) { + if (blake2b_init_key(&S, outlen, key, keylen) < 0) { + goto fail; + } + } else { + if (blake2b_init(&S, outlen) < 0) { + goto fail; + } + } + + if (blake2b_update(&S, in, inlen) < 0) { + goto fail; + } + ret = blake2b_final(&S, out, outlen); + +fail: + clear_internal_memory(&S, sizeof(S)); + return ret; +} + +/* Argon2 Team - Begin Code */ +int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) { + uint8_t *out = (uint8_t *)pout; + blake2b_state blake_state; + uint8_t outlen_bytes[sizeof(uint32_t)] = {0}; + int ret = -1; + + if (outlen > UINT32_MAX) { + goto fail; + } + + /* Ensure little-endian byte order! */ + store32(outlen_bytes, (uint32_t)outlen); + +#define TRY(statement) \ + do { \ + ret = statement; \ + if (ret < 0) { \ + goto fail; \ + } \ + } while ((void)0, 0) + + if (outlen <= BLAKE2B_OUTBYTES) { + TRY(blake2b_init(&blake_state, outlen)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out, outlen)); + } else { + uint32_t toproduce; + uint8_t out_buffer[BLAKE2B_OUTBYTES]; + uint8_t in_buffer[BLAKE2B_OUTBYTES]; + TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); + TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); + TRY(blake2b_update(&blake_state, in, inlen)); + TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2; + + while (toproduce > BLAKE2B_OUTBYTES) { + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, + BLAKE2B_OUTBYTES, NULL, 0)); + memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); + out += BLAKE2B_OUTBYTES / 2; + toproduce -= BLAKE2B_OUTBYTES / 2; + } + + memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); + TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, + 0)); + memcpy(out, out_buffer, toproduce); + } +fail: + clear_internal_memory(&blake_state, sizeof(blake_state)); + return ret; +#undef TRY +} +/* Argon2 Team - End Code */ diff --git a/lib/crypto_backend/argon2/blake2/blamka-round-opt.h b/lib/crypto_backend/argon2/blake2/blamka-round-opt.h new file mode 100644 index 0000000..2c8942e --- /dev/null +++ b/lib/crypto_backend/argon2/blake2/blamka-round-opt.h @@ -0,0 +1,471 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef BLAKE_ROUND_MKA_OPT_H +#define BLAKE_ROUND_MKA_OPT_H + +#include "blake2-impl.h" + +#include +#if defined(__SSSE3__) +#include /* for _mm_shuffle_epi8 and _mm_alignr_epi8 */ +#endif + +#if defined(__XOP__) && (defined(__GNUC__) || defined(__clang__)) +#include +#endif + +#if !defined(__AVX512F__) +#if !defined(__AVX2__) +#if !defined(__XOP__) +#if defined(__SSSE3__) +#define r16 \ + (_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define r24 \ + (_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define _mm_roti_epi64(x, c) \ + (-(c) == 32) \ + ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \ + : (-(c) == 24) \ + ? _mm_shuffle_epi8((x), r24) \ + : (-(c) == 16) \ + ? _mm_shuffle_epi8((x), r16) \ + : (-(c) == 63) \ + ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_add_epi64((x), (x))) \ + : _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ + _mm_slli_epi64((x), 64 - (-(c)))) +#else /* defined(__SSE2__) */ +#define _mm_roti_epi64(r, c) \ + _mm_xor_si128(_mm_srli_epi64((r), -(c)), _mm_slli_epi64((r), 64 - (-(c)))) +#endif +#else +#endif + +static BLAKE2_INLINE __m128i fBlaMka(__m128i x, __m128i y) { + const __m128i z = _mm_mul_epu32(x, y); + return _mm_add_epi64(_mm_add_epi64(x, y), _mm_add_epi64(z, z)); +} + +#define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -32); \ + D1 = _mm_roti_epi64(D1, -32); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -24); \ + B1 = _mm_roti_epi64(B1, -24); \ + } while ((void)0, 0) + +#define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = fBlaMka(A0, B0); \ + A1 = fBlaMka(A1, B1); \ + \ + D0 = _mm_xor_si128(D0, A0); \ + D1 = _mm_xor_si128(D1, A1); \ + \ + D0 = _mm_roti_epi64(D0, -16); \ + D1 = _mm_roti_epi64(D1, -16); \ + \ + C0 = fBlaMka(C0, D0); \ + C1 = fBlaMka(C1, D1); \ + \ + B0 = _mm_xor_si128(B0, C0); \ + B1 = _mm_xor_si128(B1, C1); \ + \ + B0 = _mm_roti_epi64(B0, -63); \ + B1 = _mm_roti_epi64(B1, -63); \ + } while ((void)0, 0) + +#if defined(__SSSE3__) +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B1, B0, 8); \ + __m128i t1 = _mm_alignr_epi8(B0, B1, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D1, D0, 8); \ + t1 = _mm_alignr_epi8(D0, D1, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = _mm_alignr_epi8(B0, B1, 8); \ + __m128i t1 = _mm_alignr_epi8(B1, B0, 8); \ + B0 = t0; \ + B1 = t1; \ + \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + \ + t0 = _mm_alignr_epi8(D0, D1, 8); \ + t1 = _mm_alignr_epi8(D1, D0, 8); \ + D0 = t1; \ + D1 = t0; \ + } while ((void)0, 0) +#else /* SSE2 */ +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0 = D0; \ + __m128i t1 = B0; \ + D0 = C0; \ + C0 = C1; \ + C1 = D0; \ + D0 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t0, t0)); \ + D1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(D1, D1)); \ + B0 = _mm_unpackhi_epi64(B0, _mm_unpacklo_epi64(B1, B1)); \ + B1 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(t1, t1)); \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + __m128i t0, t1; \ + t0 = C0; \ + C0 = C1; \ + C1 = t0; \ + t0 = B0; \ + t1 = D0; \ + B0 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(B0, B0)); \ + B1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(B1, B1)); \ + D0 = _mm_unpackhi_epi64(D0, _mm_unpacklo_epi64(D1, D1)); \ + D1 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t1, t1)); \ + } while ((void)0, 0) +#endif + +#define BLAKE2_ROUND(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ + \ + UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + } while ((void)0, 0) +#else /* __AVX2__ */ + +#include + +#define rotr32(x) _mm256_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1)) +#define rotr24(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) +#define rotr16(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) +#define rotr63(x) _mm256_xor_si256(_mm256_srli_epi64((x), 63), _mm256_add_epi64((x), (x))) + +#define G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr32(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr24(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr32(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr24(B1); \ + } while((void)0, 0); + +#define G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i ml = _mm256_mul_epu32(A0, B0); \ + ml = _mm256_add_epi64(ml, ml); \ + A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ + D0 = _mm256_xor_si256(D0, A0); \ + D0 = rotr16(D0); \ + \ + ml = _mm256_mul_epu32(C0, D0); \ + ml = _mm256_add_epi64(ml, ml); \ + C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ + B0 = _mm256_xor_si256(B0, C0); \ + B0 = rotr63(B0); \ + \ + ml = _mm256_mul_epu32(A1, B1); \ + ml = _mm256_add_epi64(ml, ml); \ + A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ + D1 = _mm256_xor_si256(D1, A1); \ + D1 = rotr16(D1); \ + \ + ml = _mm256_mul_epu32(C1, D1); \ + ml = _mm256_add_epi64(ml, ml); \ + C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ + B1 = _mm256_xor_si256(B1, C1); \ + B1 = rotr63(B1); \ + } while((void)0, 0); + +#define DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while((void)0, 0); + +#define DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B1 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B0 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0xCC); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0x33); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while(0); + +#define UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ + C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ + \ + B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ + C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ + D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while((void)0, 0); + +#define UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ + __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ + B0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + B1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + \ + tmp1 = C0; \ + C0 = C1; \ + C1 = tmp1; \ + \ + tmp1 = _mm256_blend_epi32(D0, D1, 0x33); \ + tmp2 = _mm256_blend_epi32(D0, D1, 0xCC); \ + D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ + D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ + } while((void)0, 0); + +#define BLAKE2_ROUND_1(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ + } while((void)0, 0); + +#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do{ \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ + \ + UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + } while((void)0, 0); + +#endif /* __AVX2__ */ + +#else /* __AVX512F__ */ + +#include + +#define ror64(x, n) _mm512_ror_epi64((x), (n)) + +static __m512i muladd(__m512i x, __m512i y) +{ + __m512i z = _mm512_mul_epu32(x, y); + return _mm512_add_epi64(_mm512_add_epi64(x, y), _mm512_add_epi64(z, z)); +} + +#define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = muladd(A0, B0); \ + A1 = muladd(A1, B1); \ +\ + D0 = _mm512_xor_si512(D0, A0); \ + D1 = _mm512_xor_si512(D1, A1); \ +\ + D0 = ror64(D0, 32); \ + D1 = ror64(D1, 32); \ +\ + C0 = muladd(C0, D0); \ + C1 = muladd(C1, D1); \ +\ + B0 = _mm512_xor_si512(B0, C0); \ + B1 = _mm512_xor_si512(B1, C1); \ +\ + B0 = ror64(B0, 24); \ + B1 = ror64(B1, 24); \ + } while ((void)0, 0) + +#define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + A0 = muladd(A0, B0); \ + A1 = muladd(A1, B1); \ +\ + D0 = _mm512_xor_si512(D0, A0); \ + D1 = _mm512_xor_si512(D1, A1); \ +\ + D0 = ror64(D0, 16); \ + D1 = ror64(D1, 16); \ +\ + C0 = muladd(C0, D0); \ + C1 = muladd(C1, D1); \ +\ + B0 = _mm512_xor_si512(B0, C0); \ + B1 = _mm512_xor_si512(B1, C1); \ +\ + B0 = ror64(B0, 63); \ + B1 = ror64(B1, 63); \ + } while ((void)0, 0) + +#define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ + B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ +\ + C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ +\ + D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ + D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ + } while ((void)0, 0) + +#define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ + B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ +\ + C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ + C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ +\ + D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ + D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1) \ + do { \ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + G1(A0, B0, C0, D0, A1, B1, C1, D1); \ + G2(A0, B0, C0, D0, A1, B1, C1, D1); \ +\ + UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ + } while ((void)0, 0) + +#define SWAP_HALVES(A0, A1) \ + do { \ + __m512i t0, t1; \ + t0 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(1, 0, 1, 0)); \ + t1 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(3, 2, 3, 2)); \ + A0 = t0; \ + A1 = t1; \ + } while((void)0, 0) + +#define SWAP_QUARTERS(A0, A1) \ + do { \ + SWAP_HALVES(A0, A1); \ + A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ + A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ + } while((void)0, 0) + +#define UNSWAP_QUARTERS(A0, A1) \ + do { \ + A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ + A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ + SWAP_HALVES(A0, A1); \ + } while((void)0, 0) + +#define BLAKE2_ROUND_1(A0, C0, B0, D0, A1, C1, B1, D1) \ + do { \ + SWAP_HALVES(A0, B0); \ + SWAP_HALVES(C0, D0); \ + SWAP_HALVES(A1, B1); \ + SWAP_HALVES(C1, D1); \ + BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ + SWAP_HALVES(A0, B0); \ + SWAP_HALVES(C0, D0); \ + SWAP_HALVES(A1, B1); \ + SWAP_HALVES(C1, D1); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ + do { \ + SWAP_QUARTERS(A0, A1); \ + SWAP_QUARTERS(B0, B1); \ + SWAP_QUARTERS(C0, C1); \ + SWAP_QUARTERS(D0, D1); \ + BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ + UNSWAP_QUARTERS(A0, A1); \ + UNSWAP_QUARTERS(B0, B1); \ + UNSWAP_QUARTERS(C0, C1); \ + UNSWAP_QUARTERS(D0, D1); \ + } while ((void)0, 0) + +#endif /* __AVX512F__ */ +#endif /* BLAKE_ROUND_MKA_OPT_H */ diff --git a/lib/crypto_backend/argon2/blake2/blamka-round-ref.h b/lib/crypto_backend/argon2/blake2/blamka-round-ref.h new file mode 100644 index 0000000..b8f2cf4 --- /dev/null +++ b/lib/crypto_backend/argon2/blake2/blamka-round-ref.h @@ -0,0 +1,56 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef BLAKE_ROUND_MKA_H +#define BLAKE_ROUND_MKA_H + +#include "blake2.h" +#include "blake2-impl.h" + +/* designed by the Lyra PHC team */ +static BLAKE2_INLINE uint64_t fBlaMka(uint64_t x, uint64_t y) { + const uint64_t m = UINT64_C(0xFFFFFFFF); + const uint64_t xy = (x & m) * (y & m); + return x + y + 2 * xy; +} + +#define G(a, b, c, d) \ + do { \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 32); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 24); \ + a = fBlaMka(a, b); \ + d = rotr64(d ^ a, 16); \ + c = fBlaMka(c, d); \ + b = rotr64(b ^ c, 63); \ + } while ((void)0, 0) + +#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ + v12, v13, v14, v15) \ + do { \ + G(v0, v4, v8, v12); \ + G(v1, v5, v9, v13); \ + G(v2, v6, v10, v14); \ + G(v3, v7, v11, v15); \ + G(v0, v5, v10, v15); \ + G(v1, v6, v11, v12); \ + G(v2, v7, v8, v13); \ + G(v3, v4, v9, v14); \ + } while ((void)0, 0) + +#endif diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c new file mode 100644 index 0000000..f5b0067 --- /dev/null +++ b/lib/crypto_backend/argon2/core.c @@ -0,0 +1,641 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +/*For memory wiping*/ +#ifdef _MSC_VER +#include +#include /* For SecureZeroMemory */ +#endif +#if defined __STDC_LIB_EXT1__ +#define __STDC_WANT_LIB_EXT1__ 1 +#endif +#define VC_GE_2005(version) (version >= 1400) + +#include +#include +#include + +#include "core.h" +#include "thread.h" +#include "blake2/blake2.h" +#include "blake2/blake2-impl.h" + +#ifdef GENKAT +#include "genkat.h" +#endif + +#if defined(__clang__) +#if __has_attribute(optnone) +#define NOT_OPTIMIZED __attribute__((optnone)) +#endif +#elif defined(__GNUC__) +#define GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#if GCC_VERSION >= 40400 +#define NOT_OPTIMIZED __attribute__((optimize("O0"))) +#endif +#endif +#ifndef NOT_OPTIMIZED +#define NOT_OPTIMIZED +#endif + +/***************Instance and Position constructors**********/ +void init_block_value(block *b, uint8_t in) { memset(b->v, in, sizeof(b->v)); } + +void copy_block(block *dst, const block *src) { + memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK); +} + +void xor_block(block *dst, const block *src) { + int i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + dst->v[i] ^= src->v[i]; + } +} + +static void load_block(block *dst, const void *input) { + unsigned i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + dst->v[i] = load64((const uint8_t *)input + i * sizeof(dst->v[i])); + } +} + +static void store_block(void *output, const block *src) { + unsigned i; + for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { + store64((uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); + } +} + +/***************Memory functions*****************/ + +int allocate_memory(const argon2_context *context, uint8_t **memory, + size_t num, size_t size) { + size_t memory_size = num*size; + if (memory == NULL) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + /* 1. Check for multiplication overflow */ + if (size != 0 && memory_size / size != num) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + /* 2. Try to allocate with appropriate allocator */ + if (context->allocate_cbk) { + (context->allocate_cbk)(memory, memory_size); + } else { + *memory = malloc(memory_size); + } + + if (*memory == NULL) { + return ARGON2_MEMORY_ALLOCATION_ERROR; + } + + return ARGON2_OK; +} + +void free_memory(const argon2_context *context, uint8_t *memory, + size_t num, size_t size) { + size_t memory_size = num*size; + clear_internal_memory(memory, memory_size); + if (context->free_cbk) { + (context->free_cbk)(memory, memory_size); + } else { + free(memory); + } +} + +void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { +#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) + SecureZeroMemory(v, n); +#elif defined memset_s + memset_s(v, n, 0, n); +#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(v, n); +#else + static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; + memset_sec(v, 0, n); +#endif +} + +/* Memory clear flag defaults to true. */ +int FLAG_clear_internal_memory = 1; +void clear_internal_memory(void *v, size_t n) { + if (FLAG_clear_internal_memory && v) { + secure_wipe_memory(v, n); + } +} + +void finalize(const argon2_context *context, argon2_instance_t *instance) { + if (context != NULL && instance != NULL) { + block blockhash; + uint32_t l; + + copy_block(&blockhash, instance->memory + instance->lane_length - 1); + + /* XOR the last blocks */ + for (l = 1; l < instance->lanes; ++l) { + uint32_t last_block_in_lane = + l * instance->lane_length + (instance->lane_length - 1); + xor_block(&blockhash, instance->memory + last_block_in_lane); + } + + /* Hash the result */ + { + uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; + store_block(blockhash_bytes, &blockhash); + blake2b_long(context->out, context->outlen, blockhash_bytes, + ARGON2_BLOCK_SIZE); + /* clear blockhash and blockhash_bytes */ + clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE); + clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); + } + +#ifdef GENKAT + print_tag(context->out, context->outlen); +#endif + + free_memory(context, (uint8_t *)instance->memory, + instance->memory_blocks, sizeof(block)); + } +} + +uint32_t index_alpha(const argon2_instance_t *instance, + const argon2_position_t *position, uint32_t pseudo_rand, + int same_lane) { + /* + * Pass 0: + * This lane : all already finished segments plus already constructed + * blocks in this segment + * Other lanes : all already finished segments + * Pass 1+: + * This lane : (SYNC_POINTS - 1) last segments plus already constructed + * blocks in this segment + * Other lanes : (SYNC_POINTS - 1) last segments + */ + uint32_t reference_area_size; + uint64_t relative_position; + uint32_t start_position, absolute_position; + + if (0 == position->pass) { + /* First pass */ + if (0 == position->slice) { + /* First slice */ + reference_area_size = + position->index - 1; /* all but the previous */ + } else { + if (same_lane) { + /* The same lane => add current segment */ + reference_area_size = + position->slice * instance->segment_length + + position->index - 1; + } else { + reference_area_size = + position->slice * instance->segment_length + + ((position->index == 0) ? (-1) : 0); + } + } + } else { + /* Second pass */ + if (same_lane) { + reference_area_size = instance->lane_length - + instance->segment_length + position->index - + 1; + } else { + reference_area_size = instance->lane_length - + instance->segment_length + + ((position->index == 0) ? (-1) : 0); + } + } + + /* 1.2.4. Mapping pseudo_rand to 0.. and produce + * relative position */ + relative_position = pseudo_rand; + relative_position = relative_position * relative_position >> 32; + relative_position = reference_area_size - 1 - + (reference_area_size * relative_position >> 32); + + /* 1.2.5 Computing starting position */ + start_position = 0; + + if (0 != position->pass) { + start_position = (position->slice == ARGON2_SYNC_POINTS - 1) + ? 0 + : (position->slice + 1) * instance->segment_length; + } + + /* 1.2.6. Computing absolute position */ + absolute_position = (start_position + relative_position) % + instance->lane_length; /* absolute position */ + return absolute_position; +} + +/* Single-threaded version for p=1 case */ +static int fill_memory_blocks_st(argon2_instance_t *instance) { + uint32_t r, s, l; + + for (r = 0; r < instance->passes; ++r) { + for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { + for (l = 0; l < instance->lanes; ++l) { + argon2_position_t position = {r, l, (uint8_t)s, 0}; + fill_segment(instance, position); + } + } +#ifdef GENKAT + internal_kat(instance, r); /* Print all memory blocks */ +#endif + } + return ARGON2_OK; +} + +#if !defined(ARGON2_NO_THREADS) + +#ifdef _WIN32 +static unsigned __stdcall fill_segment_thr(void *thread_data) +#else +static void *fill_segment_thr(void *thread_data) +#endif +{ + argon2_thread_data *my_data = thread_data; + fill_segment(my_data->instance_ptr, my_data->pos); + argon2_thread_exit(); + return 0; +} + +/* Multi-threaded version for p > 1 case */ +static int fill_memory_blocks_mt(argon2_instance_t *instance) { + uint32_t r, s; + argon2_thread_handle_t *thread = NULL; + argon2_thread_data *thr_data = NULL; + int rc = ARGON2_OK; + + /* 1. Allocating space for threads */ + thread = calloc(instance->lanes, sizeof(argon2_thread_handle_t)); + if (thread == NULL) { + rc = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + thr_data = calloc(instance->lanes, sizeof(argon2_thread_data)); + if (thr_data == NULL) { + rc = ARGON2_MEMORY_ALLOCATION_ERROR; + goto fail; + } + + for (r = 0; r < instance->passes; ++r) { + for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { + uint32_t l, ll; + + /* 2. Calling threads */ + for (l = 0; l < instance->lanes; ++l) { + argon2_position_t position; + + /* 2.1 Join a thread if limit is exceeded */ + if (l >= instance->threads) { + if (argon2_thread_join(thread[l - instance->threads])) { + rc = ARGON2_THREAD_FAIL; + goto fail; + } + } + + /* 2.2 Create thread */ + position.pass = r; + position.lane = l; + position.slice = (uint8_t)s; + position.index = 0; + thr_data[l].instance_ptr = + instance; /* preparing the thread input */ + memcpy(&(thr_data[l].pos), &position, + sizeof(argon2_position_t)); + if (argon2_thread_create(&thread[l], &fill_segment_thr, + (void *)&thr_data[l])) { + /* Wait for already running threads */ + for (ll = 0; ll < l; ++ll) + argon2_thread_join(thread[ll]); + rc = ARGON2_THREAD_FAIL; + goto fail; + } + + /* fill_segment(instance, position); */ + /*Non-thread equivalent of the lines above */ + } + + /* 3. Joining remaining threads */ + for (l = instance->lanes - instance->threads; l < instance->lanes; + ++l) { + if (argon2_thread_join(thread[l])) { + rc = ARGON2_THREAD_FAIL; + goto fail; + } + } + } + +#ifdef GENKAT + internal_kat(instance, r); /* Print all memory blocks */ +#endif + } + +fail: + if (thread != NULL) { + free(thread); + } + if (thr_data != NULL) { + free(thr_data); + } + return rc; +} + +#endif /* ARGON2_NO_THREADS */ + +int fill_memory_blocks(argon2_instance_t *instance) { + if (instance == NULL || instance->lanes == 0) { + return ARGON2_INCORRECT_PARAMETER; + } +#if defined(ARGON2_NO_THREADS) + return fill_memory_blocks_st(instance); +#else + return instance->threads == 1 ? + fill_memory_blocks_st(instance) : fill_memory_blocks_mt(instance); +#endif +} + +int validate_inputs(const argon2_context *context) { + if (NULL == context) { + return ARGON2_INCORRECT_PARAMETER; + } + + if (NULL == context->out) { + return ARGON2_OUTPUT_PTR_NULL; + } + + /* Validate output length */ + if (ARGON2_MIN_OUTLEN > context->outlen) { + return ARGON2_OUTPUT_TOO_SHORT; + } + + if (ARGON2_MAX_OUTLEN < context->outlen) { + return ARGON2_OUTPUT_TOO_LONG; + } + + /* Validate password (required param) */ + if (NULL == context->pwd) { + if (0 != context->pwdlen) { + return ARGON2_PWD_PTR_MISMATCH; + } + } +#if ARGON2_MIN_PWD_LENGTH > 0 /* cryptsetup: fix gcc warning */ + if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) { + return ARGON2_PWD_TOO_SHORT; + } +#endif + if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { + return ARGON2_PWD_TOO_LONG; + } + + /* Validate salt (required param) */ + if (NULL == context->salt) { + if (0 != context->saltlen) { + return ARGON2_SALT_PTR_MISMATCH; + } + } + + if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { + return ARGON2_SALT_TOO_SHORT; + } + + if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { + return ARGON2_SALT_TOO_LONG; + } + + /* Validate secret (optional param) */ + if (NULL == context->secret) { + if (0 != context->secretlen) { + return ARGON2_SECRET_PTR_MISMATCH; + } + } else { +#if ARGON2_MIN_SECRET > 0 /* cryptsetup: fix gcc warning */ + if (ARGON2_MIN_SECRET > context->secretlen) { + return ARGON2_SECRET_TOO_SHORT; + } +#endif + if (ARGON2_MAX_SECRET < context->secretlen) { + return ARGON2_SECRET_TOO_LONG; + } + } + + /* Validate associated data (optional param) */ + if (NULL == context->ad) { + if (0 != context->adlen) { + return ARGON2_AD_PTR_MISMATCH; + } + } else { +#if ARGON2_MIN_AD_LENGTH > 0 /* cryptsetup: fix gcc warning */ + if (ARGON2_MIN_AD_LENGTH > context->adlen) { + return ARGON2_AD_TOO_SHORT; + } +#endif + if (ARGON2_MAX_AD_LENGTH < context->adlen) { + return ARGON2_AD_TOO_LONG; + } + } + + /* Validate memory cost */ + if (ARGON2_MIN_MEMORY > context->m_cost) { + return ARGON2_MEMORY_TOO_LITTLE; + } +#if 0 /* UINT32_MAX, cryptsetup: fix gcc warning */ + if (ARGON2_MAX_MEMORY < context->m_cost) { + return ARGON2_MEMORY_TOO_MUCH; + } +#endif + if (context->m_cost < 8 * context->lanes) { + return ARGON2_MEMORY_TOO_LITTLE; + } + + /* Validate time cost */ + if (ARGON2_MIN_TIME > context->t_cost) { + return ARGON2_TIME_TOO_SMALL; + } + + if (ARGON2_MAX_TIME < context->t_cost) { + return ARGON2_TIME_TOO_LARGE; + } + + /* Validate lanes */ + if (ARGON2_MIN_LANES > context->lanes) { + return ARGON2_LANES_TOO_FEW; + } + + if (ARGON2_MAX_LANES < context->lanes) { + return ARGON2_LANES_TOO_MANY; + } + + /* Validate threads */ + if (ARGON2_MIN_THREADS > context->threads) { + return ARGON2_THREADS_TOO_FEW; + } + + if (ARGON2_MAX_THREADS < context->threads) { + return ARGON2_THREADS_TOO_MANY; + } + + if (NULL != context->allocate_cbk && NULL == context->free_cbk) { + return ARGON2_FREE_MEMORY_CBK_NULL; + } + + if (NULL == context->allocate_cbk && NULL != context->free_cbk) { + return ARGON2_ALLOCATE_MEMORY_CBK_NULL; + } + + return ARGON2_OK; +} + +void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) { + uint32_t l; + /* Make the first and second block in each lane as G(H0||0||i) or + G(H0||1||i) */ + uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; + for (l = 0; l < instance->lanes; ++l) { + + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); + blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, + ARGON2_PREHASH_SEED_LENGTH); + load_block(&instance->memory[l * instance->lane_length + 0], + blockhash_bytes); + + store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); + blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, + ARGON2_PREHASH_SEED_LENGTH); + load_block(&instance->memory[l * instance->lane_length + 1], + blockhash_bytes); + } + clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); +} + +void initial_hash(uint8_t *blockhash, argon2_context *context, + argon2_type type) { + blake2b_state BlakeHash; + uint8_t value[sizeof(uint32_t)]; + + if (NULL == context || NULL == blockhash) { + return; + } + + blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); + + store32(&value, context->lanes); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->outlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->m_cost); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->t_cost); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->version); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, (uint32_t)type); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + store32(&value, context->pwdlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->pwd != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->pwd, + context->pwdlen); + + if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) { + secure_wipe_memory(context->pwd, context->pwdlen); + context->pwdlen = 0; + } + } + + store32(&value, context->saltlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->salt != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->salt, + context->saltlen); + } + + store32(&value, context->secretlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->secret != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->secret, + context->secretlen); + + if (context->flags & ARGON2_FLAG_CLEAR_SECRET) { + secure_wipe_memory(context->secret, context->secretlen); + context->secretlen = 0; + } + } + + store32(&value, context->adlen); + blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); + + if (context->ad != NULL) { + blake2b_update(&BlakeHash, (const uint8_t *)context->ad, + context->adlen); + } + + blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); +} + +int initialize(argon2_instance_t *instance, argon2_context *context) { + uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; + int result = ARGON2_OK; + + if (instance == NULL || context == NULL) + return ARGON2_INCORRECT_PARAMETER; + instance->context_ptr = context; + + /* 1. Memory allocation */ + result = allocate_memory(context, (uint8_t **)&(instance->memory), + instance->memory_blocks, sizeof(block)); + if (result != ARGON2_OK) { + return result; + } + + /* 2. Initial hashing */ + /* H_0 + 8 extra bytes to produce the first blocks */ + /* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ + /* Hashing all inputs */ + initial_hash(blockhash, context, instance->type); + /* Zeroing 8 extra bytes */ + clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, + ARGON2_PREHASH_SEED_LENGTH - + ARGON2_PREHASH_DIGEST_LENGTH); + +#ifdef GENKAT + initial_kat(blockhash, context, instance->type); +#endif + + /* 3. Creating first blocks, we always have at least two blocks in a slice + */ + fill_first_blocks(blockhash, instance); + /* Clearing the hash */ + clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH); + + return ARGON2_OK; +} diff --git a/lib/crypto_backend/argon2/core.h b/lib/crypto_backend/argon2/core.h new file mode 100644 index 0000000..78000ba --- /dev/null +++ b/lib/crypto_backend/argon2/core.h @@ -0,0 +1,228 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ARGON2_CORE_H +#define ARGON2_CORE_H + +#include "argon2.h" + +#define CONST_CAST(x) (x)(uintptr_t) + +/**********************Argon2 internal constants*******************************/ + +enum argon2_core_constants { + /* Memory block size in bytes */ + ARGON2_BLOCK_SIZE = 1024, + ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8, + ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16, + ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32, + ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64, + + /* Number of pseudo-random values generated by one call to Blake in Argon2i + to + generate reference block positions */ + ARGON2_ADDRESSES_IN_BLOCK = 128, + + /* Pre-hashing digest length and its extension*/ + ARGON2_PREHASH_DIGEST_LENGTH = 64, + ARGON2_PREHASH_SEED_LENGTH = 72 +}; + +/*************************Argon2 internal data types***********************/ + +/* + * Structure for the (1KB) memory block implemented as 128 64-bit words. + * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no + * bounds checking). + */ +typedef struct block_ { uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block; + +/*****************Functions that work with the block******************/ + +/* Initialize each byte of the block with @in */ +void init_block_value(block *b, uint8_t in); + +/* Copy block @src to block @dst */ +void copy_block(block *dst, const block *src); + +/* XOR @src onto @dst bytewise */ +void xor_block(block *dst, const block *src); + +/* + * Argon2 instance: memory pointer, number of passes, amount of memory, type, + * and derived values. + * Used to evaluate the number and location of blocks to construct in each + * thread + */ +typedef struct Argon2_instance_t { + block *memory; /* Memory pointer */ + uint32_t version; + uint32_t passes; /* Number of passes */ + uint32_t memory_blocks; /* Number of blocks in memory */ + uint32_t segment_length; + uint32_t lane_length; + uint32_t lanes; + uint32_t threads; + argon2_type type; + int print_internals; /* whether to print the memory blocks */ + argon2_context *context_ptr; /* points back to original context */ +} argon2_instance_t; + +/* + * Argon2 position: where we construct the block right now. Used to distribute + * work between threads. + */ +typedef struct Argon2_position_t { + uint32_t pass; + uint32_t lane; + uint8_t slice; + uint32_t index; +} argon2_position_t; + +/*Struct that holds the inputs for thread handling FillSegment*/ +typedef struct Argon2_thread_data { + argon2_instance_t *instance_ptr; + argon2_position_t pos; +} argon2_thread_data; + +/*************************Argon2 core functions********************************/ + +/* Allocates memory to the given pointer, uses the appropriate allocator as + * specified in the context. Total allocated memory is num*size. + * @param context argon2_context which specifies the allocator + * @param memory pointer to the pointer to the memory + * @param size the size in bytes for each element to be allocated + * @param num the number of elements to be allocated + * @return ARGON2_OK if @memory is a valid pointer and memory is allocated + */ +int allocate_memory(const argon2_context *context, uint8_t **memory, + size_t num, size_t size); + +/* + * Frees memory at the given pointer, uses the appropriate deallocator as + * specified in the context. Also cleans the memory using clear_internal_memory. + * @param context argon2_context which specifies the deallocator + * @param memory pointer to buffer to be freed + * @param size the size in bytes for each element to be deallocated + * @param num the number of elements to be deallocated + */ +void free_memory(const argon2_context *context, uint8_t *memory, + size_t num, size_t size); + +/* Function that securely cleans the memory. This ignores any flags set + * regarding clearing memory. Usually one just calls clear_internal_memory. + * @param mem Pointer to the memory + * @param s Memory size in bytes + */ +void secure_wipe_memory(void *v, size_t n); + +/* Function that securely clears the memory if FLAG_clear_internal_memory is + * set. If the flag isn't set, this function does nothing. + * @param mem Pointer to the memory + * @param s Memory size in bytes + */ +void clear_internal_memory(void *v, size_t n); + +/* + * Computes absolute position of reference block in the lane following a skewed + * distribution and using a pseudo-random value as input + * @param instance Pointer to the current instance + * @param position Pointer to the current position + * @param pseudo_rand 32-bit pseudo-random value used to determine the position + * @param same_lane Indicates if the block will be taken from the current lane. + * If so we can reference the current segment + * @pre All pointers must be valid + */ +uint32_t index_alpha(const argon2_instance_t *instance, + const argon2_position_t *position, uint32_t pseudo_rand, + int same_lane); + +/* + * Function that validates all inputs against predefined restrictions and return + * an error code + * @param context Pointer to current Argon2 context + * @return ARGON2_OK if everything is all right, otherwise one of error codes + * (all defined in + */ +int validate_inputs(const argon2_context *context); + +/* + * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears + * password and secret if needed + * @param context Pointer to the Argon2 internal structure containing memory + * pointer, and parameters for time and space requirements. + * @param blockhash Buffer for pre-hashing digest + * @param type Argon2 type + * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes + * allocated + */ +void initial_hash(uint8_t *blockhash, argon2_context *context, + argon2_type type); + +/* + * Function creates first 2 blocks per lane + * @param instance Pointer to the current instance + * @param blockhash Pointer to the pre-hashing digest + * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values + */ +void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance); + +/* + * Function allocates memory, hashes the inputs with Blake, and creates first + * two blocks. Returns the pointer to the main memory with 2 blocks per lane + * initialized + * @param context Pointer to the Argon2 internal structure containing memory + * pointer, and parameters for time and space requirements. + * @param instance Current Argon2 instance + * @return Zero if successful, -1 if memory failed to allocate. @context->state + * will be modified if successful. + */ +int initialize(argon2_instance_t *instance, argon2_context *context); + +/* + * XORing the last block of each lane, hashing it, making the tag. Deallocates + * the memory. + * @param context Pointer to current Argon2 context (use only the out parameters + * from it) + * @param instance Pointer to current instance of Argon2 + * @pre instance->state must point to necessary amount of memory + * @pre context->out must point to outlen bytes of memory + * @pre if context->free_cbk is not NULL, it should point to a function that + * deallocates memory + */ +void finalize(const argon2_context *context, argon2_instance_t *instance); + +/* + * Function that fills the segment using previous segments also from other + * threads + * @param context current context + * @param instance Pointer to the current instance + * @param position Current position + * @pre all block pointers must be valid + */ +void fill_segment(const argon2_instance_t *instance, + argon2_position_t position); + +/* + * Function that fills the entire memory t_cost times based on the first two + * blocks in each lane + * @param instance Pointer to the current instance + * @return ARGON2_OK if successful, @context->state + */ +int fill_memory_blocks(argon2_instance_t *instance); + +#endif diff --git a/lib/crypto_backend/argon2/encoding.c b/lib/crypto_backend/argon2/encoding.c new file mode 100644 index 0000000..9de606e --- /dev/null +++ b/lib/crypto_backend/argon2/encoding.c @@ -0,0 +1,462 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include +#include +#include "encoding.h" +#include "core.h" + +/* + * Example code for a decoder and encoder of "hash strings", with Argon2 + * parameters. + * + * This code comprises three sections: + * + * -- The first section contains generic Base64 encoding and decoding + * functions. It is conceptually applicable to any hash function + * implementation that uses Base64 to encode and decode parameters, + * salts and outputs. It could be made into a library, provided that + * the relevant functions are made public (non-static) and be given + * reasonable names to avoid collisions with other functions. + * + * -- The second section is specific to Argon2. It encodes and decodes + * the parameters, salts and outputs. It does not compute the hash + * itself. + * + * The code was originally written by Thomas Pornin , + * to whom comments and remarks may be sent. It is released under what + * should amount to Public Domain or its closest equivalent; the + * following mantra is supposed to incarnate that fact with all the + * proper legal rituals: + * + * --------------------------------------------------------------------- + * This file is provided under the terms of Creative Commons CC0 1.0 + * Public Domain Dedication. To the extent possible under law, the + * author (Thomas Pornin) has waived all copyright and related or + * neighboring rights to this file. This work is published from: Canada. + * --------------------------------------------------------------------- + * + * Copyright (c) 2015 Thomas Pornin + */ + +/* ==================================================================== */ +/* + * Common code; could be shared between different hash functions. + * + * Note: the Base64 functions below assume that uppercase letters (resp. + * lowercase letters) have consecutive numerical codes, that fit on 8 + * bits. All modern systems use ASCII-compatible charsets, where these + * properties are true. If you are stuck with a dinosaur of a system + * that still defaults to EBCDIC then you already have much bigger + * interoperability issues to deal with. + */ + +/* + * Some macros for constant-time comparisons. These work over values in + * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true". + */ +#define EQ(x, y) ((((0U - ((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF) +#define GT(x, y) ((((unsigned)(y) - (unsigned)(x)) >> 8) & 0xFF) +#define GE(x, y) (GT(y, x) ^ 0xFF) +#define LT(x, y) GT(y, x) +#define LE(x, y) GE(y, x) + +/* + * Convert value x (0..63) to corresponding Base64 character. + */ +static int b64_byte_to_char(unsigned x) { + return (LT(x, 26) & (x + 'A')) | + (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) | + (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') | + (EQ(x, 63) & '/'); +} + +/* + * Convert character c to the corresponding 6-bit value. If character c + * is not a Base64 character, then 0xFF (255) is returned. + */ +static unsigned b64_char_to_byte(int c) { + unsigned x; + + x = (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) | + (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) | + (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '+') & 62) | + (EQ(c, '/') & 63); + return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF)); +} + +/* + * Convert some bytes to Base64. 'dst_len' is the length (in characters) + * of the output buffer 'dst'; if that buffer is not large enough to + * receive the result (including the terminating 0), then (size_t)-1 + * is returned. Otherwise, the zero-terminated Base64 string is written + * in the buffer, and the output length (counted WITHOUT the terminating + * zero) is returned. + */ +static size_t to_base64(char *dst, size_t dst_len, const void *src, + size_t src_len) { + size_t olen; + const unsigned char *buf; + unsigned acc, acc_len; + + olen = (src_len / 3) << 2; + switch (src_len % 3) { + case 2: + olen++; + /* fall through */ + case 1: + olen += 2; + break; + } + if (dst_len <= olen) { + return (size_t)-1; + } + acc = 0; + acc_len = 0; + buf = (const unsigned char *)src; + while (src_len-- > 0) { + acc = (acc << 8) + (*buf++); + acc_len += 8; + while (acc_len >= 6) { + acc_len -= 6; + *dst++ = (char)b64_byte_to_char((acc >> acc_len) & 0x3F); + } + } + if (acc_len > 0) { + *dst++ = (char)b64_byte_to_char((acc << (6 - acc_len)) & 0x3F); + } + *dst++ = 0; + return olen; +} + +/* + * Decode Base64 chars into bytes. The '*dst_len' value must initially + * contain the length of the output buffer '*dst'; when the decoding + * ends, the actual number of decoded bytes is written back in + * '*dst_len'. + * + * Decoding stops when a non-Base64 character is encountered, or when + * the output buffer capacity is exceeded. If an error occurred (output + * buffer is too small, invalid last characters leading to unprocessed + * buffered bits), then NULL is returned; otherwise, the returned value + * points to the first non-Base64 character in the source stream, which + * may be the terminating zero. + */ +static const char *from_base64(void *dst, size_t *dst_len, const char *src) { + size_t len; + unsigned char *buf; + unsigned acc, acc_len; + + buf = (unsigned char *)dst; + len = 0; + acc = 0; + acc_len = 0; + for (;;) { + unsigned d; + + d = b64_char_to_byte(*src); + if (d == 0xFF) { + break; + } + src++; + acc = (acc << 6) + d; + acc_len += 6; + if (acc_len >= 8) { + acc_len -= 8; + if ((len++) >= *dst_len) { + return NULL; + } + *buf++ = (acc >> acc_len) & 0xFF; + } + } + + /* + * If the input length is equal to 1 modulo 4 (which is + * invalid), then there will remain 6 unprocessed bits; + * otherwise, only 0, 2 or 4 bits are buffered. The buffered + * bits must also all be zero. + */ + if (acc_len > 4 || (acc & (((unsigned)1 << acc_len) - 1)) != 0) { + return NULL; + } + *dst_len = len; + return src; +} + +/* + * Decode decimal integer from 'str'; the value is written in '*v'. + * Returned value is a pointer to the next non-decimal character in the + * string. If there is no digit at all, or the value encoding is not + * minimal (extra leading zeros), or the value does not fit in an + * 'unsigned long', then NULL is returned. + */ +static const char *decode_decimal(const char *str, unsigned long *v) { + const char *orig; + unsigned long acc; + + acc = 0; + for (orig = str;; str++) { + int c; + + c = *str; + if (c < '0' || c > '9') { + break; + } + c -= '0'; + if (acc > (ULONG_MAX / 10)) { + return NULL; + } + acc *= 10; + if ((unsigned long)c > (ULONG_MAX - acc)) { + return NULL; + } + acc += (unsigned long)c; + } + if (str == orig || (*orig == '0' && str != (orig + 1))) { + return NULL; + } + *v = acc; + return str; +} + +/* ==================================================================== */ +/* + * Code specific to Argon2. + * + * The code below applies the following format: + * + * $argon2[$v=]$m=,t=,p=$$ + * + * where is either 'd', 'id', or 'i', is a decimal integer (positive, + * fits in an 'unsigned long'), and is Base64-encoded data (no '=' padding + * characters, no newline or whitespace). + * + * The last two binary chunks (encoded in Base64) are, in that order, + * the salt and the output. Both are required. The binary salt length and the + * output length must be in the allowed ranges defined in argon2.h. + * + * The ctx struct must contain buffers large enough to hold the salt and pwd + * when it is fed into decode_string. + */ + +int decode_string(argon2_context *ctx, const char *str, argon2_type type) { + +/* check for prefix */ +#define CC(prefix) \ + do { \ + size_t cc_len = strlen(prefix); \ + if (strncmp(str, prefix, cc_len) != 0) { \ + return ARGON2_DECODING_FAIL; \ + } \ + str += cc_len; \ + } while ((void)0, 0) + +/* optional prefix checking with supplied code */ +#define CC_opt(prefix, code) \ + do { \ + size_t cc_len = strlen(prefix); \ + if (strncmp(str, prefix, cc_len) == 0) { \ + str += cc_len; \ + { code; } \ + } \ + } while ((void)0, 0) + +/* Decoding prefix into decimal */ +#define DECIMAL(x) \ + do { \ + unsigned long dec_x; \ + str = decode_decimal(str, &dec_x); \ + if (str == NULL) { \ + return ARGON2_DECODING_FAIL; \ + } \ + (x) = dec_x; \ + } while ((void)0, 0) + + +/* Decoding prefix into uint32_t decimal */ +#define DECIMAL_U32(x) \ + do { \ + unsigned long dec_x; \ + str = decode_decimal(str, &dec_x); \ + if (str == NULL || dec_x > UINT32_MAX) { \ + return ARGON2_DECODING_FAIL; \ + } \ + (x) = (uint32_t)dec_x; \ + } while ((void)0, 0) + + +/* Decoding base64 into a binary buffer */ +#define BIN(buf, max_len, len) \ + do { \ + size_t bin_len = (max_len); \ + str = from_base64(buf, &bin_len, str); \ + if (str == NULL || bin_len > UINT32_MAX) { \ + return ARGON2_DECODING_FAIL; \ + } \ + (len) = (uint32_t)bin_len; \ + } while ((void)0, 0) + + size_t maxsaltlen = ctx->saltlen; + size_t maxoutlen = ctx->outlen; + int validation_result; + const char* type_string; + + /* We should start with the argon2_type we are using */ + type_string = argon2_type2string(type, 0); + if (!type_string) { + return ARGON2_INCORRECT_TYPE; + } + + CC("$"); + CC(type_string); + + /* Reading the version number if the default is suppressed */ + ctx->version = ARGON2_VERSION_10; + CC_opt("$v=", DECIMAL_U32(ctx->version)); + + CC("$m="); + DECIMAL_U32(ctx->m_cost); + CC(",t="); + DECIMAL_U32(ctx->t_cost); + CC(",p="); + DECIMAL_U32(ctx->lanes); + ctx->threads = ctx->lanes; + + CC("$"); + BIN(ctx->salt, maxsaltlen, ctx->saltlen); + CC("$"); + BIN(ctx->out, maxoutlen, ctx->outlen); + + /* The rest of the fields get the default values */ + ctx->secret = NULL; + ctx->secretlen = 0; + ctx->ad = NULL; + ctx->adlen = 0; + ctx->allocate_cbk = NULL; + ctx->free_cbk = NULL; + ctx->flags = ARGON2_DEFAULT_FLAGS; + + /* On return, must have valid context */ + validation_result = validate_inputs(ctx); + if (validation_result != ARGON2_OK) { + return validation_result; + } + + /* Can't have any additional characters */ + if (*str == 0) { + return ARGON2_OK; + } else { + return ARGON2_DECODING_FAIL; + } +#undef CC +#undef CC_opt +#undef DECIMAL +#undef BIN +} + +int encode_string(char *dst, size_t dst_len, argon2_context *ctx, + argon2_type type) { +#define SS(str) \ + do { \ + size_t pp_len = strlen(str); \ + if (pp_len >= dst_len) { \ + return ARGON2_ENCODING_FAIL; \ + } \ + memcpy(dst, str, pp_len + 1); \ + dst += pp_len; \ + dst_len -= pp_len; \ + } while ((void)0, 0) + +#define SX(x) \ + do { \ + char tmp[30]; \ + sprintf(tmp, "%lu", (unsigned long)(x)); \ + SS(tmp); \ + } while ((void)0, 0) + +#define SB(buf, len) \ + do { \ + size_t sb_len = to_base64(dst, dst_len, buf, len); \ + if (sb_len == (size_t)-1) { \ + return ARGON2_ENCODING_FAIL; \ + } \ + dst += sb_len; \ + dst_len -= sb_len; \ + } while ((void)0, 0) + + const char* type_string = argon2_type2string(type, 0); + int validation_result = validate_inputs(ctx); + + if (!type_string) { + return ARGON2_ENCODING_FAIL; + } + + if (validation_result != ARGON2_OK) { + return validation_result; + } + + + SS("$"); + SS(type_string); + + SS("$v="); + SX(ctx->version); + + SS("$m="); + SX(ctx->m_cost); + SS(",t="); + SX(ctx->t_cost); + SS(",p="); + SX(ctx->lanes); + + SS("$"); + SB(ctx->salt, ctx->saltlen); + + SS("$"); + SB(ctx->out, ctx->outlen); + return ARGON2_OK; + +#undef SS +#undef SX +#undef SB +} + +size_t b64len(uint32_t len) { + size_t olen = ((size_t)len / 3) << 2; + + switch (len % 3) { + case 2: + olen++; + /* fall through */ + case 1: + olen += 2; + break; + } + + return olen; +} + +size_t numlen(uint32_t num) { + size_t len = 1; + while (num >= 10) { + ++len; + num = num / 10; + } + return len; +} diff --git a/lib/crypto_backend/argon2/encoding.h b/lib/crypto_backend/argon2/encoding.h new file mode 100644 index 0000000..7e83ec9 --- /dev/null +++ b/lib/crypto_backend/argon2/encoding.h @@ -0,0 +1,57 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ENCODING_H +#define ENCODING_H +#include "argon2.h" + +#define ARGON2_MAX_DECODED_LANES UINT32_C(255) +#define ARGON2_MIN_DECODED_SALT_LEN UINT32_C(8) +#define ARGON2_MIN_DECODED_OUT_LEN UINT32_C(12) + +/* +* encode an Argon2 hash string into the provided buffer. 'dst_len' +* contains the size, in characters, of the 'dst' buffer; if 'dst_len' +* is less than the number of required characters (including the +* terminating 0), then this function returns ARGON2_ENCODING_ERROR. +* +* on success, ARGON2_OK is returned. +*/ +int encode_string(char *dst, size_t dst_len, argon2_context *ctx, + argon2_type type); + +/* +* Decodes an Argon2 hash string into the provided structure 'ctx'. +* The only fields that must be set prior to this call are ctx.saltlen and +* ctx.outlen (which must be the maximal salt and out length values that are +* allowed), ctx.salt and ctx.out (which must be buffers of the specified +* length), and ctx.pwd and ctx.pwdlen which must hold a valid password. +* +* Invalid input string causes an error. On success, the ctx is valid and all +* fields have been initialized. +* +* Returned value is ARGON2_OK on success, other ARGON2_ codes on error. +*/ +int decode_string(argon2_context *ctx, const char *str, argon2_type type); + +/* Returns the length of the encoded byte stream with length len */ +size_t b64len(uint32_t len); + +/* Returns the length of the encoded number num */ +size_t numlen(uint32_t num); + +#endif diff --git a/lib/crypto_backend/argon2/opt.c b/lib/crypto_backend/argon2/opt.c new file mode 100644 index 0000000..f6c2052 --- /dev/null +++ b/lib/crypto_backend/argon2/opt.c @@ -0,0 +1,283 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "argon2.h" +#include "core.h" + +#include "blake2/blake2.h" +#include "blake2/blamka-round-opt.h" + +/* + * Function fills a new memory block and optionally XORs the old block over the new one. + * Memory must be initialized. + * @param state Pointer to the just produced block. Content will be updated(!) + * @param ref_block Pointer to the reference block + * @param next_block Pointer to the block to be XORed over. May coincide with @ref_block + * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) + * @pre all block pointers must be valid + */ +#if defined(__AVX512F__) +static void fill_block(__m512i *state, const block *ref_block, + block *next_block, int with_xor) { + __m512i block_XY[ARGON2_512BIT_WORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { + state[i] = _mm512_xor_si512( + state[i], _mm512_loadu_si512((const __m512i *)ref_block->v + i)); + block_XY[i] = _mm512_xor_si512( + state[i], _mm512_loadu_si512((const __m512i *)next_block->v + i)); + } + } else { + for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm512_xor_si512( + state[i], _mm512_loadu_si512((const __m512i *)ref_block->v + i)); + } + } + + for (i = 0; i < 2; ++i) { + BLAKE2_ROUND_1( + state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], state[8 * i + 3], + state[8 * i + 4], state[8 * i + 5], state[8 * i + 6], state[8 * i + 7]); + } + + for (i = 0; i < 2; ++i) { + BLAKE2_ROUND_2( + state[2 * 0 + i], state[2 * 1 + i], state[2 * 2 + i], state[2 * 3 + i], + state[2 * 4 + i], state[2 * 5 + i], state[2 * 6 + i], state[2 * 7 + i]); + } + + for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { + state[i] = _mm512_xor_si512(state[i], block_XY[i]); + _mm512_storeu_si512((__m512i *)next_block->v + i, state[i]); + } +} +#elif defined(__AVX2__) +static void fill_block(__m256i *state, const block *ref_block, + block *next_block, int with_xor) { + __m256i block_XY[ARGON2_HWORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + state[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i *)ref_block->v + i)); + block_XY[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i *)next_block->v + i)); + } + } else { + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm256_xor_si256( + state[i], _mm256_loadu_si256((const __m256i *)ref_block->v + i)); + } + } + + for (i = 0; i < 4; ++i) { + BLAKE2_ROUND_1(state[8 * i + 0], state[8 * i + 4], state[8 * i + 1], state[8 * i + 5], + state[8 * i + 2], state[8 * i + 6], state[8 * i + 3], state[8 * i + 7]); + } + + for (i = 0; i < 4; ++i) { + BLAKE2_ROUND_2(state[ 0 + i], state[ 4 + i], state[ 8 + i], state[12 + i], + state[16 + i], state[20 + i], state[24 + i], state[28 + i]); + } + + for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { + state[i] = _mm256_xor_si256(state[i], block_XY[i]); + _mm256_storeu_si256((__m256i *)next_block->v + i, state[i]); + } +} +#else +static void fill_block(__m128i *state, const block *ref_block, + block *next_block, int with_xor) { + __m128i block_XY[ARGON2_OWORDS_IN_BLOCK]; + unsigned int i; + + if (with_xor) { + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + state[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i)); + block_XY[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i *)next_block->v + i)); + } + } else { + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + block_XY[i] = state[i] = _mm_xor_si128( + state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i)); + } + } + + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND(state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], + state[8 * i + 3], state[8 * i + 4], state[8 * i + 5], + state[8 * i + 6], state[8 * i + 7]); + } + + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND(state[8 * 0 + i], state[8 * 1 + i], state[8 * 2 + i], + state[8 * 3 + i], state[8 * 4 + i], state[8 * 5 + i], + state[8 * 6 + i], state[8 * 7 + i]); + } + + for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { + state[i] = _mm_xor_si128(state[i], block_XY[i]); + _mm_storeu_si128((__m128i *)next_block->v + i, state[i]); + } +} +#endif + +static void next_addresses(block *address_block, block *input_block) { + /*Temporary zero-initialized blocks*/ +#if defined(__AVX512F__) + __m512i zero_block[ARGON2_512BIT_WORDS_IN_BLOCK]; + __m512i zero2_block[ARGON2_512BIT_WORDS_IN_BLOCK]; +#elif defined(__AVX2__) + __m256i zero_block[ARGON2_HWORDS_IN_BLOCK]; + __m256i zero2_block[ARGON2_HWORDS_IN_BLOCK]; +#else + __m128i zero_block[ARGON2_OWORDS_IN_BLOCK]; + __m128i zero2_block[ARGON2_OWORDS_IN_BLOCK]; +#endif + + memset(zero_block, 0, sizeof(zero_block)); + memset(zero2_block, 0, sizeof(zero2_block)); + + /*Increasing index counter*/ + input_block->v[6]++; + + /*First iteration of G*/ + fill_block(zero_block, input_block, address_block, 0); + + /*Second iteration of G*/ + fill_block(zero2_block, address_block, address_block, 0); +} + +void fill_segment(const argon2_instance_t *instance, + argon2_position_t position) { + block *ref_block = NULL, *curr_block = NULL; + block address_block, input_block; + uint64_t pseudo_rand, ref_index, ref_lane; + uint32_t prev_offset, curr_offset; + uint32_t starting_index, i; +#if defined(__AVX512F__) + __m512i state[ARGON2_512BIT_WORDS_IN_BLOCK]; +#elif defined(__AVX2__) + __m256i state[ARGON2_HWORDS_IN_BLOCK]; +#else + __m128i state[ARGON2_OWORDS_IN_BLOCK]; +#endif + int data_independent_addressing; + + if (instance == NULL) { + return; + } + + data_independent_addressing = + (instance->type == Argon2_i) || + (instance->type == Argon2_id && (position.pass == 0) && + (position.slice < ARGON2_SYNC_POINTS / 2)); + + if (data_independent_addressing) { + init_block_value(&input_block, 0); + + input_block.v[0] = position.pass; + input_block.v[1] = position.lane; + input_block.v[2] = position.slice; + input_block.v[3] = instance->memory_blocks; + input_block.v[4] = instance->passes; + input_block.v[5] = instance->type; + } + + starting_index = 0; + + if ((0 == position.pass) && (0 == position.slice)) { + starting_index = 2; /* we have already generated the first two blocks */ + + /* Don't forget to generate the first block of addresses: */ + if (data_independent_addressing) { + next_addresses(&address_block, &input_block); + } + } + + /* Offset of the current block */ + curr_offset = position.lane * instance->lane_length + + position.slice * instance->segment_length + starting_index; + + if (0 == curr_offset % instance->lane_length) { + /* Last block in this lane */ + prev_offset = curr_offset + instance->lane_length - 1; + } else { + /* Previous block */ + prev_offset = curr_offset - 1; + } + + memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE); + + for (i = starting_index; i < instance->segment_length; + ++i, ++curr_offset, ++prev_offset) { + /*1.1 Rotating prev_offset if needed */ + if (curr_offset % instance->lane_length == 1) { + prev_offset = curr_offset - 1; + } + + /* 1.2 Computing the index of the reference block */ + /* 1.2.1 Taking pseudo-random value from the previous block */ + if (data_independent_addressing) { + if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { + next_addresses(&address_block, &input_block); + } + pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; + } else { + pseudo_rand = instance->memory[prev_offset].v[0]; + } + + /* 1.2.2 Computing the lane of the reference block */ + ref_lane = ((pseudo_rand >> 32)) % instance->lanes; + + if ((position.pass == 0) && (position.slice == 0)) { + /* Can not reference other lanes yet */ + ref_lane = position.lane; + } + + /* 1.2.3 Computing the number of possible reference block within the + * lane. + */ + position.index = i; + ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, + ref_lane == position.lane); + + /* 2 Creating a new block */ + ref_block = + instance->memory + instance->lane_length * ref_lane + ref_index; + curr_block = instance->memory + curr_offset; + if (ARGON2_VERSION_10 == instance->version) { + /* version 1.2.1 and earlier: overwrite, not XOR */ + fill_block(state, ref_block, curr_block, 0); + } else { + if(0 == position.pass) { + fill_block(state, ref_block, curr_block, 0); + } else { + fill_block(state, ref_block, curr_block, 1); + } + } + } +} diff --git a/lib/crypto_backend/argon2/ref.c b/lib/crypto_backend/argon2/ref.c new file mode 100644 index 0000000..ad1cf46 --- /dev/null +++ b/lib/crypto_backend/argon2/ref.c @@ -0,0 +1,194 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#include +#include +#include + +#include "argon2.h" +#include "core.h" + +#include "blake2/blamka-round-ref.h" +#include "blake2/blake2-impl.h" +#include "blake2/blake2.h" + + +/* + * Function fills a new memory block and optionally XORs the old block over the new one. + * @next_block must be initialized. + * @param prev_block Pointer to the previous block + * @param ref_block Pointer to the reference block + * @param next_block Pointer to the block to be constructed + * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) + * @pre all block pointers must be valid + */ +static void fill_block(const block *prev_block, const block *ref_block, + block *next_block, int with_xor) { + block blockR, block_tmp; + unsigned i; + + copy_block(&blockR, ref_block); + xor_block(&blockR, prev_block); + copy_block(&block_tmp, &blockR); + /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */ + if (with_xor) { + /* Saving the next block contents for XOR over: */ + xor_block(&block_tmp, next_block); + /* Now blockR = ref_block + prev_block and + block_tmp = ref_block + prev_block + next_block */ + } + + /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then + (16,17,..31)... finally (112,113,...127) */ + for (i = 0; i < 8; ++i) { + BLAKE2_ROUND_NOMSG( + blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2], + blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5], + blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8], + blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11], + blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14], + blockR.v[16 * i + 15]); + } + + /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then + (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */ + for (i = 0; i < 8; i++) { + BLAKE2_ROUND_NOMSG( + blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16], + blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33], + blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64], + blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81], + blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112], + blockR.v[2 * i + 113]); + } + + copy_block(next_block, &block_tmp); + xor_block(next_block, &blockR); +} + +static void next_addresses(block *address_block, block *input_block, + const block *zero_block) { + input_block->v[6]++; + fill_block(zero_block, input_block, address_block, 0); + fill_block(zero_block, address_block, address_block, 0); +} + +void fill_segment(const argon2_instance_t *instance, + argon2_position_t position) { + block *ref_block = NULL, *curr_block = NULL; + block address_block, input_block, zero_block; + uint64_t pseudo_rand, ref_index, ref_lane; + uint32_t prev_offset, curr_offset; + uint32_t starting_index; + uint32_t i; + int data_independent_addressing; + + if (instance == NULL) { + return; + } + + data_independent_addressing = + (instance->type == Argon2_i) || + (instance->type == Argon2_id && (position.pass == 0) && + (position.slice < ARGON2_SYNC_POINTS / 2)); + + if (data_independent_addressing) { + init_block_value(&zero_block, 0); + init_block_value(&input_block, 0); + + input_block.v[0] = position.pass; + input_block.v[1] = position.lane; + input_block.v[2] = position.slice; + input_block.v[3] = instance->memory_blocks; + input_block.v[4] = instance->passes; + input_block.v[5] = instance->type; + } + + starting_index = 0; + + if ((0 == position.pass) && (0 == position.slice)) { + starting_index = 2; /* we have already generated the first two blocks */ + + /* Don't forget to generate the first block of addresses: */ + if (data_independent_addressing) { + next_addresses(&address_block, &input_block, &zero_block); + } + } + + /* Offset of the current block */ + curr_offset = position.lane * instance->lane_length + + position.slice * instance->segment_length + starting_index; + + if (0 == curr_offset % instance->lane_length) { + /* Last block in this lane */ + prev_offset = curr_offset + instance->lane_length - 1; + } else { + /* Previous block */ + prev_offset = curr_offset - 1; + } + + for (i = starting_index; i < instance->segment_length; + ++i, ++curr_offset, ++prev_offset) { + /*1.1 Rotating prev_offset if needed */ + if (curr_offset % instance->lane_length == 1) { + prev_offset = curr_offset - 1; + } + + /* 1.2 Computing the index of the reference block */ + /* 1.2.1 Taking pseudo-random value from the previous block */ + if (data_independent_addressing) { + if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { + next_addresses(&address_block, &input_block, &zero_block); + } + pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; + } else { + pseudo_rand = instance->memory[prev_offset].v[0]; + } + + /* 1.2.2 Computing the lane of the reference block */ + ref_lane = ((pseudo_rand >> 32)) % instance->lanes; + + if ((position.pass == 0) && (position.slice == 0)) { + /* Can not reference other lanes yet */ + ref_lane = position.lane; + } + + /* 1.2.3 Computing the number of possible reference block within the + * lane. + */ + position.index = i; + ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, + ref_lane == position.lane); + + /* 2 Creating a new block */ + ref_block = + instance->memory + instance->lane_length * ref_lane + ref_index; + curr_block = instance->memory + curr_offset; + if (ARGON2_VERSION_10 == instance->version) { + /* version 1.2.1 and earlier: overwrite, not XOR */ + fill_block(instance->memory + prev_offset, ref_block, curr_block, 0); + } else { + if(0 == position.pass) { + fill_block(instance->memory + prev_offset, ref_block, + curr_block, 0); + } else { + fill_block(instance->memory + prev_offset, ref_block, + curr_block, 1); + } + } + } +} diff --git a/lib/crypto_backend/argon2/thread.c b/lib/crypto_backend/argon2/thread.c new file mode 100644 index 0000000..e099a00 --- /dev/null +++ b/lib/crypto_backend/argon2/thread.c @@ -0,0 +1,57 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#if !defined(ARGON2_NO_THREADS) + +#include "thread.h" +#if defined(_WIN32) +#include +#endif + +int argon2_thread_create(argon2_thread_handle_t *handle, + argon2_thread_func_t func, void *args) { + if (NULL == handle || func == NULL) { + return -1; + } +#if defined(_WIN32) + *handle = _beginthreadex(NULL, 0, func, args, 0, NULL); + return *handle != 0 ? 0 : -1; +#else + return pthread_create(handle, NULL, func, args); +#endif +} + +int argon2_thread_join(argon2_thread_handle_t handle) { +#if defined(_WIN32) + if (WaitForSingleObject((HANDLE)handle, INFINITE) == WAIT_OBJECT_0) { + return CloseHandle((HANDLE)handle) != 0 ? 0 : -1; + } + return -1; +#else + return pthread_join(handle, NULL); +#endif +} + +void argon2_thread_exit(void) { +#if defined(_WIN32) + _endthreadex(0); +#else + pthread_exit(NULL); +#endif +} + +#endif /* ARGON2_NO_THREADS */ diff --git a/lib/crypto_backend/argon2/thread.h b/lib/crypto_backend/argon2/thread.h new file mode 100644 index 0000000..49d8836 --- /dev/null +++ b/lib/crypto_backend/argon2/thread.h @@ -0,0 +1,67 @@ +/* + * Argon2 reference source code package - reference C implementations + * + * Copyright 2015 + * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves + * + * You may use this work under the terms of a Creative Commons CC0 1.0 + * License/Waiver or the Apache Public License 2.0, at your option. The terms of + * these licenses can be found at: + * + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * + * You should have received a copy of both of these licenses along with this + * software. If not, they may be obtained at the above URLs. + */ + +#ifndef ARGON2_THREAD_H +#define ARGON2_THREAD_H + +#if !defined(ARGON2_NO_THREADS) + +/* + Here we implement an abstraction layer for the simpĺe requirements + of the Argon2 code. We only require 3 primitives---thread creation, + joining, and termination---so full emulation of the pthreads API + is unwarranted. Currently we wrap pthreads and Win32 threads. + + The API defines 2 types: the function pointer type, + argon2_thread_func_t, + and the type of the thread handle---argon2_thread_handle_t. +*/ +#if defined(_WIN32) +#include +typedef unsigned(__stdcall *argon2_thread_func_t)(void *); +typedef uintptr_t argon2_thread_handle_t; +#else +#include +typedef void *(*argon2_thread_func_t)(void *); +typedef pthread_t argon2_thread_handle_t; +#endif + +/* Creates a thread + * @param handle pointer to a thread handle, which is the output of this + * function. Must not be NULL. + * @param func A function pointer for the thread's entry point. Must not be + * NULL. + * @param args Pointer that is passed as an argument to @func. May be NULL. + * @return 0 if @handle and @func are valid pointers and a thread is successfully + * created. + */ +int argon2_thread_create(argon2_thread_handle_t *handle, + argon2_thread_func_t func, void *args); + +/* Waits for a thread to terminate + * @param handle Handle to a thread created with argon2_thread_create. + * @return 0 if @handle is a valid handle, and joining completed successfully. +*/ +int argon2_thread_join(argon2_thread_handle_t handle); + +/* Terminate the current thread. Must be run inside a thread created by + * argon2_thread_create. +*/ +void argon2_thread_exit(void); + +#endif /* ARGON2_NO_THREADS */ +#endif diff --git a/lib/crypto_backend/argon2_generic.c b/lib/crypto_backend/argon2_generic.c new file mode 100644 index 0000000..64cf10b --- /dev/null +++ b/lib/crypto_backend/argon2_generic.c @@ -0,0 +1,79 @@ +/* + * Argon2 PBKDF2 library wrapper + * + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Milan Broz + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include "crypto_backend_internal.h" +#if HAVE_ARGON2_H +#include +#else +#include "argon2/argon2.h" +#endif + +#define CONST_CAST(x) (x)(uintptr_t) + +int argon2(const char *type, const char *password, size_t password_length, + const char *salt, size_t salt_length, + char *key, size_t key_length, + uint32_t iterations, uint32_t memory, uint32_t parallel) +{ +#if !USE_INTERNAL_ARGON2 && !HAVE_ARGON2_H + return -EINVAL; +#else + argon2_type atype; + argon2_context context = { + .flags = ARGON2_DEFAULT_FLAGS, + .version = ARGON2_VERSION_NUMBER, + .t_cost = (uint32_t)iterations, + .m_cost = (uint32_t)memory, + .lanes = (uint32_t)parallel, + .threads = (uint32_t)parallel, + .out = (uint8_t *)key, + .outlen = (uint32_t)key_length, + .pwd = CONST_CAST(uint8_t *)password, + .pwdlen = (uint32_t)password_length, + .salt = CONST_CAST(uint8_t *)salt, + .saltlen = (uint32_t)salt_length, + }; + int r; + + if (!strcmp(type, "argon2i")) + atype = Argon2_i; + else if(!strcmp(type, "argon2id")) + atype = Argon2_id; + else + return -EINVAL; + + switch (argon2_ctx(&context, atype)) { + case ARGON2_OK: + r = 0; + break; + case ARGON2_MEMORY_ALLOCATION_ERROR: + case ARGON2_FREE_MEMORY_CBK_NULL: + case ARGON2_ALLOCATE_MEMORY_CBK_NULL: + r = -ENOMEM; + break; + default: + r = -EINVAL; + } + + return r; +#endif +} diff --git a/lib/crypto_backend/cipher_check.c b/lib/crypto_backend/cipher_check.c new file mode 100644 index 0000000..2119d97 --- /dev/null +++ b/lib/crypto_backend/cipher_check.c @@ -0,0 +1,161 @@ +/* + * Cipher performance check + * + * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2020 Milan Broz + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include "crypto_backend_internal.h" + +#ifndef CLOCK_MONOTONIC_RAW +#define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC +#endif + +/* + * This is not simulating storage, so using disk block causes extreme overhead. + * Let's use some fixed block size where results are more reliable... + */ +#define CIPHER_BLOCK_BYTES 65536 + +/* + * If the measured value is lower, encrypted buffer is probably too small + * and calculated values are not reliable. + */ +#define CIPHER_TIME_MIN_MS 0.001 + +/* + * The whole test depends on Linux kernel usermode crypto API for now. + * (The same implementations are used in dm-crypt though.) + */ + +static int time_ms(struct timespec *start, struct timespec *end, double *ms) +{ + double start_ms, end_ms; + + start_ms = start->tv_sec * 1000.0 + start->tv_nsec / (1000.0 * 1000); + end_ms = end->tv_sec * 1000.0 + end->tv_nsec / (1000.0 * 1000); + + *ms = end_ms - start_ms; + return 0; +} + +static int cipher_perf_one(const char *name, const char *mode, char *buffer, size_t buffer_size, + const char *key, size_t key_size, const char *iv, size_t iv_size, int enc) +{ + struct crypt_cipher_kernel cipher; + size_t done = 0, block = CIPHER_BLOCK_BYTES; + int r; + + if (buffer_size < block) + block = buffer_size; + + r = crypt_cipher_init_kernel(&cipher, name, mode, key, key_size); + if (r < 0) + return r; + + while (done < buffer_size) { + if ((done + block) > buffer_size) + block = buffer_size - done; + + if (enc) + r = crypt_cipher_encrypt_kernel(&cipher, &buffer[done], &buffer[done], + block, iv, iv_size); + else + r = crypt_cipher_decrypt_kernel(&cipher, &buffer[done], &buffer[done], + block, iv, iv_size); + if (r < 0) + break; + + done += block; + } + + crypt_cipher_destroy_kernel(&cipher); + + return r; +} +static int cipher_measure(const char *name, const char *mode, char *buffer, size_t buffer_size, + const char *key, size_t key_size, const char *iv, size_t iv_size, + int encrypt, double *ms) +{ + struct timespec start, end; + int r; + + /* + * Using getrusage would be better here but the precision + * is not adequate, so better stick with CLOCK_MONOTONIC + */ + if (clock_gettime(CLOCK_MONOTONIC_RAW, &start) < 0) + return -EINVAL; + + r = cipher_perf_one(name, mode, buffer, buffer_size, key, key_size, iv, iv_size, encrypt); + if (r < 0) + return r; + + if (clock_gettime(CLOCK_MONOTONIC_RAW, &end) < 0) + return -EINVAL; + + r = time_ms(&start, &end, ms); + if (r < 0) + return r; + + if (*ms < CIPHER_TIME_MIN_MS) + return -ERANGE; + + return 0; +} + +static double speed_mbs(unsigned long bytes, double ms) +{ + double speed = bytes, s = ms / 1000.; + + return speed / (1024 * 1024) / s; +} + +int crypt_cipher_perf_kernel(const char *name, const char *mode, char *buffer, size_t buffer_size, + const char *key, size_t key_size, const char *iv, size_t iv_size, + double *encryption_mbs, double *decryption_mbs) +{ + double ms_enc, ms_dec, ms; + int r, repeat_enc, repeat_dec; + + ms_enc = 0.0; + repeat_enc = 1; + while (ms_enc < 1000.0) { + r = cipher_measure(name, mode, buffer, buffer_size, key, key_size, iv, iv_size, 1, &ms); + if (r < 0) + return r; + ms_enc += ms; + repeat_enc++; + } + + ms_dec = 0.0; + repeat_dec = 1; + while (ms_dec < 1000.0) { + r = cipher_measure(name, mode, buffer, buffer_size, key, key_size, iv, iv_size, 0, &ms); + if (r < 0) + return r; + ms_dec += ms; + repeat_dec++; + } + + *encryption_mbs = speed_mbs(buffer_size * repeat_enc, ms_enc); + *decryption_mbs = speed_mbs(buffer_size * repeat_dec, ms_dec); + + return 0; +} diff --git a/lib/crypto_backend/cipher_generic.c b/lib/crypto_backend/cipher_generic.c new file mode 100644 index 0000000..0ddec59 --- /dev/null +++ b/lib/crypto_backend/cipher_generic.c @@ -0,0 +1,90 @@ +/* + * Linux kernel cipher generic utilities + * + * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2020 Milan Broz + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include "crypto_backend.h" + +struct cipher_alg { + const char *name; + const char *mode; + int blocksize; + bool wrapped_key; +}; + +/* FIXME: Getting block size should be dynamic from cipher backend. */ +static const struct cipher_alg cipher_algs[] = { + { "cipher_null", NULL, 16, false }, + { "aes", NULL, 16, false }, + { "serpent", NULL, 16, false }, + { "twofish", NULL, 16, false }, + { "anubis", NULL, 16, false }, + { "blowfish", NULL, 8, false }, + { "camellia", NULL, 16, false }, + { "cast5", NULL, 8, false }, + { "cast6", NULL, 16, false }, + { "des", NULL, 8, false }, + { "des3_ede", NULL, 8, false }, + { "khazad", NULL, 8, false }, + { "seed", NULL, 16, false }, + { "tea", NULL, 8, false }, + { "xtea", NULL, 8, false }, + { "paes", NULL, 16, true }, /* protected AES, s390 wrapped key scheme */ + { "xchacha12,aes", "adiantum", 32, false }, + { "xchacha20,aes", "adiantum", 32, false }, + { "sm4", NULL, 16, false }, + { NULL, NULL, 0, false } +}; + +static const struct cipher_alg *_get_alg(const char *name, const char *mode) +{ + int i = 0; + + while (name && cipher_algs[i].name) { + if (!strcasecmp(name, cipher_algs[i].name)) + if (!mode || !cipher_algs[i].mode || + !strncasecmp(mode, cipher_algs[i].mode, strlen(cipher_algs[i].mode))) + return &cipher_algs[i]; + i++; + } + return NULL; +} + +int crypt_cipher_ivsize(const char *name, const char *mode) +{ + const struct cipher_alg *ca = _get_alg(name, mode); + + if (!ca) + return -EINVAL; + + if (mode && !strcasecmp(mode, "ecb")) + return 0; + + return ca->blocksize; +} + +int crypt_cipher_wrapped_key(const char *name, const char *mode) +{ + const struct cipher_alg *ca = _get_alg(name, mode); + + return ca ? (int)ca->wrapped_key : 0; +} diff --git a/lib/crypto_backend/crc32.c b/lib/crypto_backend/crc32.c index 332f383..9d43623 100644 --- a/lib/crypto_backend/crc32.c +++ b/lib/crypto_backend/crc32.c @@ -19,7 +19,7 @@ * order from highest-order term to lowest-order term. UARTs transmit * characters in order from LSB to MSB. By storing the CRC this way, * we hand it to the UART in the order low-byte to high-byte; the UART - * sends each low-bit to hight-bit; and the result is transmission bit + * sends each low-bit to high-bit; and the result is transmission bit * by bit from highest- to lowest-order term without requiring any bit * shuffling on our part. Reception works similarly. * @@ -42,7 +42,6 @@ #include "crypto_backend.h" - static const uint32_t crc32_tab[] = { 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, @@ -113,4 +112,3 @@ uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len) return crc; } - diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h index 0aab38c..13fd47c 100644 --- a/lib/crypto_backend/crypto_backend.h +++ b/lib/crypto_backend/crypto_backend.h @@ -1,8 +1,8 @@ /* * crypto backend implementation * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2014, Milan Broz + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -22,15 +22,17 @@ #define _CRYPTO_BACKEND_H #include +#include +#include #include -struct crypt_device; struct crypt_hash; struct crypt_hmac; struct crypt_cipher; struct crypt_storage; -int crypt_backend_init(struct crypt_device *ctx); +int crypt_backend_init(void); +void crypt_backend_destroy(void); #define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */ @@ -42,71 +44,95 @@ int crypt_hash_size(const char *name); int crypt_hash_init(struct crypt_hash **ctx, const char *name); int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length); int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length); -int crypt_hash_destroy(struct crypt_hash *ctx); +void crypt_hash_destroy(struct crypt_hash *ctx); /* HMAC */ int crypt_hmac_size(const char *name); int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - const void *buffer, size_t length); + const void *key, size_t key_length); int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length); int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length); -int crypt_hmac_destroy(struct crypt_hmac *ctx); +void crypt_hmac_destroy(struct crypt_hmac *ctx); -/* RNG (if fips paramater set, must provide FIPS compliance) */ +/* RNG (if fips parameter set, must provide FIPS compliance) */ enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1, CRYPT_RND_SALT = 2 }; int crypt_backend_rng(char *buffer, size_t length, int quality, int fips); + /* PBKDF*/ -int crypt_pbkdf_check(const char *kdf, const char *hash, - const char *password, size_t password_size, - const char *salt, size_t salt_size, - uint64_t *iter_secs); +struct crypt_pbkdf_limits { + uint32_t min_iterations, max_iterations; + uint32_t min_memory, max_memory; + uint32_t min_parallel, max_parallel; +}; + +int crypt_pbkdf_get_limits(const char *kdf, struct crypt_pbkdf_limits *l); int crypt_pbkdf(const char *kdf, const char *hash, const char *password, size_t password_length, const char *salt, size_t salt_length, char *key, size_t key_length, - unsigned int iterations); - -#if USE_INTERNAL_PBKDF2 -/* internal PBKDF2 implementation */ -int pkcs5_pbkdf2(const char *hash, - const char *P, size_t Plen, - const char *S, size_t Slen, - unsigned int c, - unsigned int dkLen, char *DK, - unsigned int hash_block_size); -#endif + uint32_t iterations, uint32_t memory, uint32_t parallel); +int crypt_pbkdf_perf(const char *kdf, const char *hash, + const char *password, size_t password_size, + const char *salt, size_t salt_size, + size_t volume_key_size, uint32_t time_ms, + uint32_t max_memory_kb, uint32_t parallel_threads, + uint32_t *iterations_out, uint32_t *memory_out, + int (*progress)(uint32_t time_ms, void *usrptr), void *usrptr); /* CRC32 */ uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len); -/* ciphers */ -int crypt_cipher_blocksize(const char *name); +/* Block ciphers */ +int crypt_cipher_ivsize(const char *name, const char *mode); +int crypt_cipher_wrapped_key(const char *name, const char *mode); int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, - const char *mode, const void *buffer, size_t length); -int crypt_cipher_destroy(struct crypt_cipher *ctx); + const char *mode, const void *key, size_t key_length); +void crypt_cipher_destroy(struct crypt_cipher *ctx); int crypt_cipher_encrypt(struct crypt_cipher *ctx, const char *in, char *out, size_t length, const char *iv, size_t iv_length); int crypt_cipher_decrypt(struct crypt_cipher *ctx, const char *in, char *out, size_t length, const char *iv, size_t iv_length); +bool crypt_cipher_kernel_only(struct crypt_cipher *ctx); + +/* Benchmark of kernel cipher performance */ +int crypt_cipher_perf_kernel(const char *name, const char *mode, char *buffer, size_t buffer_size, + const char *key, size_t key_size, const char *iv, size_t iv_size, + double *encryption_mbs, double *decryption_mbs); -/* storage encryption wrappers */ -int crypt_storage_init(struct crypt_storage **ctx, uint64_t sector_start, +/* Check availability of a cipher (in kernel only) */ +int crypt_cipher_check_kernel(const char *name, const char *mode, + const char *integrity, size_t key_length); + +/* Storage encryption wrappers */ +int crypt_storage_init(struct crypt_storage **ctx, size_t sector_size, const char *cipher, const char *cipher_mode, - char *key, size_t key_length); -int crypt_storage_destroy(struct crypt_storage *ctx); -int crypt_storage_decrypt(struct crypt_storage *ctx, uint64_t sector, - size_t count, char *buffer); -int crypt_storage_encrypt(struct crypt_storage *ctx, uint64_t sector, - size_t count, char *buffer); + const void *key, size_t key_length); +void crypt_storage_destroy(struct crypt_storage *ctx); +int crypt_storage_decrypt(struct crypt_storage *ctx, uint64_t iv_offset, + uint64_t length, char *buffer); +int crypt_storage_encrypt(struct crypt_storage *ctx, uint64_t iv_offset, + uint64_t length, char *buffer); + +bool crypt_storage_kernel_only(struct crypt_storage *ctx); + +/* Temporary Bitlk helper */ +int crypt_bitlk_decrypt_key(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length); /* Memzero helper (memset on stack can be optimized out) */ static inline void crypt_backend_memzero(void *s, size_t n) { +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(s, n); +#else volatile uint8_t *p = (volatile uint8_t *)s; while(n--) *p++ = 0; +#endif } #endif /* _CRYPTO_BACKEND_H */ diff --git a/lib/crypto_backend/crypto_backend_internal.h b/lib/crypto_backend/crypto_backend_internal.h new file mode 100644 index 0000000..6128cd4 --- /dev/null +++ b/lib/crypto_backend/crypto_backend_internal.h @@ -0,0 +1,63 @@ +/* + * crypto backend implementation + * + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Milan Broz + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef _CRYPTO_BACKEND_INTERNAL_H +#define _CRYPTO_BACKEND_INTERNAL_H + +#include "crypto_backend.h" + +#if USE_INTERNAL_PBKDF2 +/* internal PBKDF2 implementation */ +int pkcs5_pbkdf2(const char *hash, + const char *P, size_t Plen, + const char *S, size_t Slen, + unsigned int c, + unsigned int dkLen, char *DK, + unsigned int hash_block_size); +#endif + +/* Argon2 implementation wrapper */ +int argon2(const char *type, const char *password, size_t password_length, + const char *salt, size_t salt_length, + char *key, size_t key_length, + uint32_t iterations, uint32_t memory, uint32_t parallel); + +/* Block ciphers: fallback to kernel crypto API */ + +struct crypt_cipher_kernel { + int tfmfd; + int opfd; +}; + +int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name, + const char *mode, const void *key, size_t key_length); +int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length); +int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length); +void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx); +int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length); + +#endif /* _CRYPTO_BACKEND_INTERNAL_H */ diff --git a/lib/crypto_backend/crypto_cipher_kernel.c b/lib/crypto_backend/crypto_cipher_kernel.c index f7d2bcf..1a8aecf 100644 --- a/lib/crypto_backend/crypto_cipher_kernel.c +++ b/lib/crypto_backend/crypto_cipher_kernel.c @@ -1,8 +1,8 @@ /* * Linux kernel userspace API crypto backend implementation (skcipher) * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2014, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -22,11 +22,12 @@ #include #include #include +#include #include #include #include #include -#include "crypto_backend.h" +#include "crypto_backend_internal.h" #ifdef ENABLE_AF_ALG @@ -39,125 +40,77 @@ #define SOL_ALG 279 #endif -struct crypt_cipher { - int tfmfd; - int opfd; -}; - -struct cipher_alg { - const char *name; - int blocksize; -}; - -/* FIXME: Getting block size should be dynamic from cipher backend. */ -static struct cipher_alg cipher_algs[] = { - { "cipher_null", 16 }, - { "aes", 16 }, - { "serpent", 16 }, - { "twofish", 16 }, - { "anubis", 16 }, - { "blowfish", 8 }, - { "camellia", 16 }, - { "cast5", 8 }, - { "cast6", 16 }, - { "des", 8 }, - { "des3_ede", 8 }, - { "khazad", 8 }, - { "seed", 16 }, - { "tea", 8 }, - { "xtea", 8 }, - { NULL, 0 } -}; - -static struct cipher_alg *_get_alg(const char *name) -{ - int i = 0; - - while (name && cipher_algs[i].name) { - if (!strcasecmp(name, cipher_algs[i].name)) - return &cipher_algs[i]; - i++; - } - return NULL; -} +#ifndef ALG_SET_AEAD_AUTHSIZE +#define ALG_SET_AEAD_AUTHSIZE 5 +#endif -int crypt_cipher_blocksize(const char *name) +/* + * ciphers + * + * ENOENT - algorithm not available + * ENOTSUP - AF_ALG family not available + * (but cannot check specifically for skcipher API) + */ +static int _crypt_cipher_init(struct crypt_cipher_kernel *ctx, + const void *key, size_t key_length, + size_t tag_length, struct sockaddr_alg *sa) { - struct cipher_alg *ca = _get_alg(name); - - return ca ? ca->blocksize : -EINVAL; -} - -/* Shared with hash kernel backend */ -int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd); + if (!ctx) + return -EINVAL; -int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd) -{ - *tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); - if (*tfmfd == -1) + ctx->opfd = -1; + ctx->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); + if (ctx->tfmfd < 0) { + crypt_cipher_destroy_kernel(ctx); return -ENOTSUP; + } - if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) { - close(*tfmfd); - *tfmfd = -1; + if (bind(ctx->tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) { + crypt_cipher_destroy_kernel(ctx); return -ENOENT; } - *opfd = accept(*tfmfd, NULL, 0); - if (*opfd == -1) { - close(*tfmfd); - *tfmfd = -1; + if (setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) { + crypt_cipher_destroy_kernel(ctx); + return -EINVAL; + } + + if (tag_length && setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL, tag_length) < 0) { + crypt_cipher_destroy_kernel(ctx); + return -EINVAL; + } + + ctx->opfd = accept(ctx->tfmfd, NULL, 0); + if (ctx->opfd < 0) { + crypt_cipher_destroy_kernel(ctx); return -EINVAL; } return 0; } -/* - *ciphers - * - * ENOENT - algorithm not available - * ENOTSUP - AF_ALG family not available - * (but cannot check specificaly for skcipher API) - */ -int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, - const char *mode, const void *buffer, size_t length) +int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name, + const char *mode, const void *key, size_t key_length) { - struct crypt_cipher *h; struct sockaddr_alg sa = { .salg_family = AF_ALG, .salg_type = "skcipher", }; - int r; - - h = malloc(sizeof(*h)); - if (!h) - return -ENOMEM; - - snprintf((char *)sa.salg_name, sizeof(sa.salg_name), - "%s(%s)", mode, name); - r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd); - if (r < 0) { - free(h); - return r; - } + if (!strcmp(name, "cipher_null")) + key_length = 0; - if (length && strcmp(name, "cipher_null") && - setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) { - crypt_cipher_destroy(h); - return -EINVAL; - } + snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name); - *ctx = h; - return 0; + return _crypt_cipher_init(ctx, key, key_length, 0, &sa); } /* The in/out should be aligned to page boundary */ -static int crypt_cipher_crypt(struct crypt_cipher *ctx, - const char *in, char *out, size_t length, - const char *iv, size_t iv_length, - uint32_t direction) +static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx, + const char *in, size_t in_length, + char *out, size_t out_length, + const char *iv, size_t iv_length, + uint32_t direction) { int r = 0; ssize_t len; @@ -166,7 +119,7 @@ static int crypt_cipher_crypt(struct crypt_cipher *ctx, uint32_t *type; struct iovec iov = { .iov_base = (void*)(uintptr_t)in, - .iov_len = length, + .iov_len = in_length, }; int iv_msg_size = iv ? CMSG_SPACE(sizeof(*alg_iv) + iv_length) : 0; char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size]; @@ -177,7 +130,7 @@ static int crypt_cipher_crypt(struct crypt_cipher *ctx, .msg_iovlen = 1, }; - if (!in || !out || !length) + if (!in || !out || !in_length) return -EINVAL; if ((!iv && iv_length) || (iv && !iv_length)) @@ -208,74 +161,183 @@ static int crypt_cipher_crypt(struct crypt_cipher *ctx, } len = sendmsg(ctx->opfd, &msg, 0); - if (len != (ssize_t)length) { + if (len != (ssize_t)(in_length)) { r = -EIO; goto bad; } - len = read(ctx->opfd, out, length); - if (len != (ssize_t)length) + len = read(ctx->opfd, out, out_length); + if (len != (ssize_t)out_length) r = -EIO; bad: crypt_backend_memzero(buffer, sizeof(buffer)); return r; } -int crypt_cipher_encrypt(struct crypt_cipher *ctx, - const char *in, char *out, size_t length, - const char *iv, size_t iv_length) +int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) { - return crypt_cipher_crypt(ctx, in, out, length, - iv, iv_length, ALG_OP_ENCRYPT); + return _crypt_cipher_crypt(ctx, in, length, out, length, + iv, iv_length, ALG_OP_ENCRYPT); } -int crypt_cipher_decrypt(struct crypt_cipher *ctx, - const char *in, char *out, size_t length, - const char *iv, size_t iv_length) +int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) { - return crypt_cipher_crypt(ctx, in, out, length, - iv, iv_length, ALG_OP_DECRYPT); + return _crypt_cipher_crypt(ctx, in, length, out, length, + iv, iv_length, ALG_OP_DECRYPT); } -int crypt_cipher_destroy(struct crypt_cipher *ctx) +void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx) { - if (ctx->tfmfd != -1) + if (ctx->tfmfd >= 0) close(ctx->tfmfd); - if (ctx->opfd != -1) + if (ctx->opfd >= 0) close(ctx->opfd); - memset(ctx, 0, sizeof(*ctx)); - free(ctx); - return 0; + + ctx->tfmfd = -1; + ctx->opfd = -1; } -#else /* ENABLE_AF_ALG */ +int crypt_cipher_check_kernel(const char *name, const char *mode, + const char *integrity, size_t key_length) +{ + struct crypt_cipher_kernel c; + char mode_name[64], tmp_salg_name[180], *real_mode = NULL, *cipher_iv = NULL, *key; + const char *salg_type; + bool aead; + int r; + struct sockaddr_alg sa = { + .salg_family = AF_ALG, + }; + + aead = integrity && strcmp(integrity, "none"); + + /* Remove IV if present */ + if (mode) { + strncpy(mode_name, mode, sizeof(mode_name)); + mode_name[sizeof(mode_name) - 1] = 0; + cipher_iv = strchr(mode_name, '-'); + if (cipher_iv) { + *cipher_iv = '\0'; + real_mode = mode_name; + } + } + + salg_type = aead ? "aead" : "skcipher"; + snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type); + memset(tmp_salg_name, 0, sizeof(tmp_salg_name)); + + /* FIXME: this is duplicating a part of devmapper backend */ + if (aead && !strcmp(integrity, "poly1305")) + r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc7539(%s,%s)", name, integrity); + else if (!real_mode) + r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s", name); + else if (aead && !strcmp(real_mode, "ccm")) + r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc4309(%s(%s))", real_mode, name); + else + r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s(%s)", real_mode, name); + + if (r <= 0 || r > (int)(sizeof(sa.salg_name) - 1)) + return -EINVAL; + + memcpy(sa.salg_name, tmp_salg_name, sizeof(sa.salg_name)); + + key = malloc(key_length); + if (!key) + return -ENOMEM; + + /* We cannot use RNG yet, any key works here, tweak the first part if it is split key (XTS). */ + memset(key, 0xab, key_length); + *key = 0xef; -int crypt_cipher_blocksize(const char *name) + r = _crypt_cipher_init(&c, key, key_length, 0, &sa); + crypt_cipher_destroy_kernel(&c); + free(key); + + return r; +} + +int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length) { - return -EINVAL; + struct crypt_cipher_kernel c; + struct sockaddr_alg sa = { + .salg_family = AF_ALG, + .salg_type = "aead", + .salg_name = "ccm(aes)", + }; + int r; + char buffer[128], ccm_iv[16]; + + if (length + tag_length > sizeof(buffer)) + return -EINVAL; + + if (iv_length > sizeof(ccm_iv) - 2) + return -EINVAL; + + r = _crypt_cipher_init(&c, key, key_length, tag_length, &sa); + if (r < 0) + return r; + + memcpy(buffer, in, length); + memcpy(buffer + length, tag, tag_length); + + /* CCM IV - RFC3610 */ + memset(ccm_iv, 0, sizeof(ccm_iv)); + ccm_iv[0] = 15 - iv_length - 1; + memcpy(ccm_iv + 1, iv, iv_length); + memset(ccm_iv + 1 + iv_length, 0, ccm_iv[0] + 1); + iv_length = sizeof(ccm_iv); + + r = _crypt_cipher_crypt(&c, buffer, length + tag_length, out, length, + ccm_iv, iv_length, ALG_OP_DECRYPT); + + crypt_cipher_destroy_kernel(&c); + crypt_backend_memzero(buffer, sizeof(buffer)); + + return r; } -int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, - const char *mode, const void *buffer, size_t length) +#else /* ENABLE_AF_ALG */ +int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name, + const char *mode, const void *key, size_t key_length) { return -ENOTSUP; } -int crypt_cipher_destroy(struct crypt_cipher *ctx) +void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx) { - return 0; + return; } -int crypt_cipher_encrypt(struct crypt_cipher *ctx, - const char *in, char *out, size_t length, - const char *iv, size_t iv_length) +int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) { return -EINVAL; } -int crypt_cipher_decrypt(struct crypt_cipher *ctx, - const char *in, char *out, size_t length, - const char *iv, size_t iv_length) +int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) { return -EINVAL; } +int crypt_cipher_check_kernel(const char *name, const char *mode, + const char *integrity, size_t key_length) +{ + /* Cannot check, expect success. */ + return 0; +} +int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length) +{ + return -ENOTSUP; +} #endif diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c index 9037ad6..f2cf3c6 100644 --- a/lib/crypto_backend/crypto_gcrypt.c +++ b/lib/crypto_backend/crypto_gcrypt.c @@ -1,8 +1,8 @@ /* * GCRYPT crypto backend implementation * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2014, Milan Broz + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -24,7 +24,7 @@ #include #include #include -#include "crypto_backend.h" +#include "crypto_backend_internal.h" static int crypto_backend_initialised = 0; static int crypto_backend_secmem = 1; @@ -43,6 +43,14 @@ struct crypt_hmac { int hash_len; }; +struct crypt_cipher { + bool use_kernel; + union { + struct crypt_cipher_kernel kernel; + gcry_cipher_hd_t hd; + } u; +}; + /* * Test for wrong Whirlpool variant, * Ref: http://lists.gnupg.org/pipermail/gcrypt-devel/2014-January/002889.html @@ -81,7 +89,7 @@ static void crypt_hash_test_whirlpool_bug(void) crypto_backend_whirlpool_bug = 1; } -int crypt_backend_init(struct crypt_device *ctx) +int crypt_backend_init(void) { if (crypto_backend_initialised) return 0; @@ -121,6 +129,14 @@ int crypt_backend_init(struct crypt_device *ctx) return 0; } +void crypt_backend_destroy(void) +{ + if (crypto_backend_initialised) + gcry_control(GCRYCTL_TERM_SECMEM); + + crypto_backend_initialised = 0; +} + const char *crypt_backend_version(void) { return crypto_backend_initialised ? version : ""; @@ -217,12 +233,11 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) return 0; } -int crypt_hash_destroy(struct crypt_hash *ctx) +void crypt_hash_destroy(struct crypt_hash *ctx) { gcry_md_close(ctx->hd); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* HMAC */ @@ -232,7 +247,7 @@ int crypt_hmac_size(const char *name) } int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - const void *buffer, size_t length) + const void *key, size_t key_length) { struct crypt_hmac *h; unsigned int flags = GCRY_MD_FLAG_HMAC; @@ -254,7 +269,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, return -EINVAL; } - if (gcry_md_setkey(h->hd, buffer, length)) { + if (gcry_md_setkey(h->hd, key, key_length)) { gcry_md_close(h->hd); free(h); return -EINVAL; @@ -293,12 +308,11 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) return 0; } -int crypt_hmac_destroy(struct crypt_hmac *ctx) +void crypt_hmac_destroy(struct crypt_hmac *ctx) { gcry_md_close(ctx->hd); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* RNG */ @@ -317,38 +331,191 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips) return 0; } -/* PBKDF */ -int crypt_pbkdf(const char *kdf, const char *hash, - const char *password, size_t password_length, - const char *salt, size_t salt_length, - char *key, size_t key_length, - unsigned int iterations) +static int pbkdf2(const char *hash, + const char *password, size_t password_length, + const char *salt, size_t salt_length, + char *key, size_t key_length, + uint32_t iterations) { const char *hash_name = crypt_hash_compat_name(hash, NULL); #if USE_INTERNAL_PBKDF2 - if (!kdf || strncmp(kdf, "pbkdf2", 6)) - return -EINVAL; - return pkcs5_pbkdf2(hash_name, password, password_length, salt, salt_length, iterations, key_length, key, 0); - #else /* USE_INTERNAL_PBKDF2 */ int hash_id = gcry_md_map_name(hash_name); - int kdf_id; if (!hash_id) return -EINVAL; - if (kdf && !strncmp(kdf, "pbkdf2", 6)) - kdf_id = GCRY_KDF_PBKDF2; + if (gcry_kdf_derive(password, password_length, GCRY_KDF_PBKDF2, hash_id, + salt, salt_length, iterations, key_length, key)) + return -EINVAL; + + return 0; +#endif /* USE_INTERNAL_PBKDF2 */ +} + +/* PBKDF */ +int crypt_pbkdf(const char *kdf, const char *hash, + const char *password, size_t password_length, + const char *salt, size_t salt_length, + char *key, size_t key_length, + uint32_t iterations, uint32_t memory, uint32_t parallel) +{ + if (!kdf) + return -EINVAL; + + if (!strcmp(kdf, "pbkdf2")) + return pbkdf2(hash, password, password_length, salt, salt_length, + key, key_length, iterations); + else if (!strncmp(kdf, "argon2", 6)) + return argon2(kdf, password, password_length, salt, salt_length, + key, key_length, iterations, memory, parallel); + return -EINVAL; +} + +/* Block ciphers */ +static int _cipher_init(gcry_cipher_hd_t *hd, const char *name, + const char *mode, const void *buffer, size_t length) +{ + int cipher_id, mode_id; + + cipher_id = gcry_cipher_map_name(name); + if (cipher_id == GCRY_CIPHER_MODE_NONE) + return -ENOENT; + + if (!strcmp(mode, "ecb")) + mode_id = GCRY_CIPHER_MODE_ECB; + else if (!strcmp(mode, "cbc")) + mode_id = GCRY_CIPHER_MODE_CBC; +#if HAVE_DECL_GCRY_CIPHER_MODE_XTS + else if (!strcmp(mode, "xts")) + mode_id = GCRY_CIPHER_MODE_XTS; +#endif else + return -ENOENT; + + if (gcry_cipher_open(hd, cipher_id, mode_id, 0)) return -EINVAL; - if (gcry_kdf_derive(password, password_length, kdf_id, hash_id, - salt, salt_length, iterations, key_length, key)) + if (gcry_cipher_setkey(*hd, buffer, length)) { + gcry_cipher_close(*hd); return -EINVAL; + } return 0; -#endif /* USE_INTERNAL_PBKDF2 */ +} + +int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, + const char *mode, const void *key, size_t key_length) +{ + struct crypt_cipher *h; + int r; + + h = malloc(sizeof(*h)); + if (!h) + return -ENOMEM; + + if (!_cipher_init(&h->u.hd, name, mode, key, key_length)) { + h->use_kernel = false; + *ctx = h; + return 0; + } + + r = crypt_cipher_init_kernel(&h->u.kernel, name, mode, key, key_length); + if (r < 0) { + free(h); + return r; + } + + h->use_kernel = true; + *ctx = h; + return 0; +} + +void crypt_cipher_destroy(struct crypt_cipher *ctx) +{ + if (ctx->use_kernel) + crypt_cipher_destroy_kernel(&ctx->u.kernel); + else + gcry_cipher_close(ctx->u.hd); + free(ctx); +} + +int crypt_cipher_encrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + if (ctx->use_kernel) + return crypt_cipher_encrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length); + + if (iv && gcry_cipher_setiv(ctx->u.hd, iv, iv_length)) + return -EINVAL; + + if (gcry_cipher_encrypt(ctx->u.hd, out, length, in, length)) + return -EINVAL; + + return 0; +} + +int crypt_cipher_decrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + if (ctx->use_kernel) + return crypt_cipher_decrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length); + + if (iv && gcry_cipher_setiv(ctx->u.hd, iv, iv_length)) + return -EINVAL; + + if (gcry_cipher_decrypt(ctx->u.hd, out, length, in, length)) + return -EINVAL; + + return 0; +} + +bool crypt_cipher_kernel_only(struct crypt_cipher *ctx) +{ + return ctx->use_kernel; +} + +int crypt_bitlk_decrypt_key(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length) +{ +#ifdef GCRY_CCM_BLOCK_LEN + gcry_cipher_hd_t hd; + uint64_t l[3]; + int r = -EINVAL; + + if (gcry_cipher_open(&hd, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 0)) + return -EINVAL; + + if (gcry_cipher_setkey(hd, key, key_length)) + goto out; + + if (gcry_cipher_setiv(hd, iv, iv_length)) + goto out; + + l[0] = length; + l[1] = 0; + l[2] = tag_length; + if (gcry_cipher_ctl(hd, GCRYCTL_SET_CCM_LENGTHS, l, sizeof(l))) + goto out; + + if (gcry_cipher_decrypt(hd, out, length, in, length)) + goto out; + + if (gcry_cipher_checktag(hd, tag, tag_length)) + goto out; + + r = 0; +out: + gcry_cipher_close(hd); + return r; +#else + return -ENOTSUP; +#endif } diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c index 874d3a8..bb80d73 100644 --- a/lib/crypto_backend/crypto_kernel.c +++ b/lib/crypto_backend/crypto_kernel.c @@ -1,8 +1,8 @@ /* * Linux kernel userspace API crypto backend implementation * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2014, Milan Broz + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -27,7 +27,7 @@ #include #include #include -#include "crypto_backend.h" +#include "crypto_backend_internal.h" /* FIXME: remove later */ #ifndef AF_ALG @@ -38,7 +38,7 @@ #endif static int crypto_backend_initialised = 0; -static char version[64]; +static char version[256]; struct hash_alg { const char *name; @@ -48,12 +48,21 @@ struct hash_alg { }; static struct hash_alg hash_algs[] = { - { "sha1", "sha1", 20, 64 }, - { "sha256", "sha256", 32, 64 }, - { "sha512", "sha512", 64, 128 }, - { "ripemd160", "rmd160", 20, 64 }, - { "whirlpool", "wp512", 64, 64 }, - { NULL, NULL, 0, 0 } + { "sha1", "sha1", 20, 64 }, + { "sha224", "sha224", 28, 64 }, + { "sha256", "sha256", 32, 64 }, + { "sha384", "sha384", 48, 128 }, + { "sha512", "sha512", 64, 128 }, + { "ripemd160", "rmd160", 20, 64 }, + { "whirlpool", "wp512", 64, 64 }, + { "sha3-224", "sha3-224", 28, 144 }, + { "sha3-256", "sha3-256", 32, 136 }, + { "sha3-384", "sha3-384", 48, 104 }, + { "sha3-512", "sha3-512", 64, 72 }, + { "stribog256","streebog256", 32, 64 }, + { "stribog512","streebog512", 64, 64 }, + { "sm3", "sm3", 32, 64 }, + { NULL, NULL, 0, 0 } }; struct crypt_hash { @@ -68,16 +77,46 @@ struct crypt_hmac { int hash_len; }; -/* Defined in crypt_kernel_ciphers.c */ -extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd); +struct crypt_cipher { + struct crypt_cipher_kernel ck; +}; + +static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd, + const void *key, size_t key_length) +{ + *tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); + if (*tfmfd < 0) + return -ENOTSUP; + + if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) { + close(*tfmfd); + *tfmfd = -1; + return -ENOENT; + } + + if (key && setsockopt(*tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) { + close(*tfmfd); + *tfmfd = -1; + return -EINVAL; + } -int crypt_backend_init(struct crypt_device *ctx) + *opfd = accept(*tfmfd, NULL, 0); + if (*opfd < 0) { + close(*tfmfd); + *tfmfd = -1; + return -EINVAL; + } + + return 0; +} + +int crypt_backend_init(void) { struct utsname uts; struct sockaddr_alg sa = { .salg_family = AF_ALG, .salg_type = "hash", - .salg_name = "sha1", + .salg_name = "sha256", }; int tfmfd = -1, opfd = -1; @@ -87,7 +126,7 @@ int crypt_backend_init(struct crypt_device *ctx) if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux")) return -EINVAL; - if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0) + if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0) return -EINVAL; close(tfmfd); @@ -100,6 +139,11 @@ int crypt_backend_init(struct crypt_device *ctx) return 0; } +void crypt_backend_destroy(void) +{ + crypto_backend_initialised = 0; +} + uint32_t crypt_backend_flags(void) { return CRYPT_BACKEND_KERNEL; @@ -150,9 +194,9 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) } h->hash_len = ha->length; - strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name)); + strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name)-1); - if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) { + if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) { free(h); return -EINVAL; } @@ -186,15 +230,14 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) return 0; } -int crypt_hash_destroy(struct crypt_hash *ctx) +void crypt_hash_destroy(struct crypt_hash *ctx) { - if (ctx->tfmfd != -1) + if (ctx->tfmfd >= 0) close(ctx->tfmfd); - if (ctx->opfd != -1) + if (ctx->opfd >= 0) close(ctx->opfd); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* HMAC */ @@ -204,7 +247,7 @@ int crypt_hmac_size(const char *name) } int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - const void *buffer, size_t length) + const void *key, size_t key_length) { struct crypt_hmac *h; struct hash_alg *ha; @@ -227,16 +270,11 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "hmac(%s)", ha->kernel_name); - if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) { + if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, key, key_length) < 0) { free(h); return -EINVAL; } - if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) { - crypt_hmac_destroy(h); - return -EINVAL; - } - *ctx = h; return 0; } @@ -266,15 +304,14 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) return 0; } -int crypt_hmac_destroy(struct crypt_hmac *ctx) +void crypt_hmac_destroy(struct crypt_hmac *ctx) { - if (ctx->tfmfd != -1) + if (ctx->tfmfd >= 0) close(ctx->tfmfd); - if (ctx->opfd != -1) + if (ctx->opfd >= 0) close(ctx->opfd); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* RNG - N/A */ @@ -288,13 +325,79 @@ int crypt_pbkdf(const char *kdf, const char *hash, const char *password, size_t password_length, const char *salt, size_t salt_length, char *key, size_t key_length, - unsigned int iterations) + uint32_t iterations, uint32_t memory, uint32_t parallel) { - struct hash_alg *ha = _get_alg(hash); + struct hash_alg *ha; - if (!ha || !kdf || strncmp(kdf, "pbkdf2", 6)) + if (!kdf) return -EINVAL; - return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length, - iterations, key_length, key, ha->block_length); + if (!strcmp(kdf, "pbkdf2")) { + ha = _get_alg(hash); + if (!ha) + return -EINVAL; + + return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length, + iterations, key_length, key, ha->block_length); + } else if (!strncmp(kdf, "argon2", 6)) { + return argon2(kdf, password, password_length, salt, salt_length, + key, key_length, iterations, memory, parallel); + } + + return -EINVAL; +} + +/* Block ciphers */ +int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, + const char *mode, const void *key, size_t key_length) +{ + struct crypt_cipher *h; + int r; + + h = malloc(sizeof(*h)); + if (!h) + return -ENOMEM; + + r = crypt_cipher_init_kernel(&h->ck, name, mode, key, key_length); + if (r < 0) { + free(h); + return r; + } + + *ctx = h; + return 0; +} + +void crypt_cipher_destroy(struct crypt_cipher *ctx) +{ + crypt_cipher_destroy_kernel(&ctx->ck); + free(ctx); +} + +int crypt_cipher_encrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + return crypt_cipher_encrypt_kernel(&ctx->ck, in, out, length, iv, iv_length); +} + +int crypt_cipher_decrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length); +} + +bool crypt_cipher_kernel_only(struct crypt_cipher *ctx) +{ + return true; +} + +int crypt_bitlk_decrypt_key(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length) +{ + return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length, + iv, iv_length, tag, tag_length); } diff --git a/lib/crypto_backend/crypto_nettle.c b/lib/crypto_backend/crypto_nettle.c index cc6617a..c2ec305 100644 --- a/lib/crypto_backend/crypto_nettle.c +++ b/lib/crypto_backend/crypto_nettle.c @@ -1,8 +1,8 @@ /* * Nettle crypto backend implementation * - * Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2014, Milan Broz + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -23,16 +23,24 @@ #include #include #include +#include #include #include -#include "crypto_backend.h" +#include "crypto_backend_internal.h" -static char *version = "Nettle"; +#if HAVE_NETTLE_VERSION_H +#include +#define VSTR(s) STR(s) +#define STR(s) #s +static const char *version = "Nettle "VSTR(NETTLE_VERSION_MAJOR)"."VSTR(NETTLE_VERSION_MINOR); +#else +static const char *version = "Nettle"; +#endif typedef void (*init_func) (void *); -typedef void (*update_func) (void *, unsigned, const uint8_t *); -typedef void (*digest_func) (void *, unsigned, uint8_t *); -typedef void (*set_key_func) (void *, unsigned, const uint8_t *); +typedef void (*update_func) (void *, size_t, const uint8_t *); +typedef void (*digest_func) (void *, size_t, uint8_t *); +typedef void (*set_key_func) (void *, size_t, const uint8_t *); struct hash_alg { const char *name; @@ -45,6 +53,24 @@ struct hash_alg { set_key_func hmac_set_key; }; +/* Missing HMAC wrappers in Nettle */ +#define HMAC_FCE(xxx) \ +struct xhmac_##xxx##_ctx HMAC_CTX(struct xxx##_ctx); \ +static void xhmac_##xxx##_set_key(struct xhmac_##xxx##_ctx *ctx, \ +size_t key_length, const uint8_t *key) \ +{HMAC_SET_KEY(ctx, &nettle_##xxx, key_length, key);} \ +static void xhmac_##xxx##_update(struct xhmac_##xxx##_ctx *ctx, \ +size_t length, const uint8_t *data) \ +{xxx##_update(&ctx->state, length, data);} \ +static void xhmac_##xxx##_digest(struct xhmac_##xxx##_ctx *ctx, \ +size_t length, uint8_t *digest) \ +{HMAC_DIGEST(ctx, &nettle_##xxx, length, digest);} + +HMAC_FCE(sha3_224); +HMAC_FCE(sha3_256); +HMAC_FCE(sha3_384); +HMAC_FCE(sha3_512); + static struct hash_alg hash_algs[] = { { "sha1", SHA1_DIGEST_SIZE, (init_func) sha1_init, @@ -94,6 +120,41 @@ static struct hash_alg hash_algs[] = { (digest_func) hmac_ripemd160_digest, (set_key_func) hmac_ripemd160_set_key, }, +/* Nettle prior to version 3.2 has incompatible SHA3 implementation */ +#if NETTLE_SHA3_FIPS202 + { "sha3-224", SHA3_224_DIGEST_SIZE, + (init_func) sha3_224_init, + (update_func) sha3_224_update, + (digest_func) sha3_224_digest, + (update_func) xhmac_sha3_224_update, + (digest_func) xhmac_sha3_224_digest, + (set_key_func) xhmac_sha3_224_set_key, + }, + { "sha3-256", SHA3_256_DIGEST_SIZE, + (init_func) sha3_256_init, + (update_func) sha3_256_update, + (digest_func) sha3_256_digest, + (update_func) xhmac_sha3_256_update, + (digest_func) xhmac_sha3_256_digest, + (set_key_func) xhmac_sha3_256_set_key, + }, + { "sha3-384", SHA3_384_DIGEST_SIZE, + (init_func) sha3_384_init, + (update_func) sha3_384_update, + (digest_func) sha3_384_digest, + (update_func) xhmac_sha3_384_update, + (digest_func) xhmac_sha3_384_digest, + (set_key_func) xhmac_sha3_384_set_key, + }, + { "sha3-512", SHA3_512_DIGEST_SIZE, + (init_func) sha3_512_init, + (update_func) sha3_512_update, + (digest_func) sha3_512_digest, + (update_func) xhmac_sha3_512_update, + (digest_func) xhmac_sha3_512_digest, + (set_key_func) xhmac_sha3_512_set_key, + }, +#endif { NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, } }; @@ -105,6 +166,11 @@ struct crypt_hash { struct sha256_ctx sha256; struct sha384_ctx sha384; struct sha512_ctx sha512; + struct ripemd160_ctx ripemd160; + struct sha3_224_ctx sha3_224; + struct sha3_256_ctx sha3_256; + struct sha3_384_ctx sha3_384; + struct sha3_512_ctx sha3_512; } nettle_ctx; }; @@ -116,11 +182,20 @@ struct crypt_hmac { struct hmac_sha256_ctx sha256; struct hmac_sha384_ctx sha384; struct hmac_sha512_ctx sha512; + struct hmac_ripemd160_ctx ripemd160; + struct xhmac_sha3_224_ctx sha3_224; + struct xhmac_sha3_256_ctx sha3_256; + struct xhmac_sha3_384_ctx sha3_384; + struct xhmac_sha3_512_ctx sha3_512; } nettle_ctx; size_t key_length; uint8_t *key; }; +struct crypt_cipher { + struct crypt_cipher_kernel ck; +}; + uint32_t crypt_backend_flags(void) { return 0; @@ -138,11 +213,16 @@ static struct hash_alg *_get_alg(const char *name) return NULL; } -int crypt_backend_init(struct crypt_device *ctx) +int crypt_backend_init(void) { return 0; } +void crypt_backend_destroy(void) +{ + return; +} + const char *crypt_backend_version(void) { return version; @@ -197,11 +277,10 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) return 0; } -int crypt_hash_destroy(struct crypt_hash *ctx) +void crypt_hash_destroy(struct crypt_hash *ctx) { memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* HMAC */ @@ -211,7 +290,7 @@ int crypt_hmac_size(const char *name) } int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - const void *buffer, size_t length) + const void *key, size_t key_length) { struct crypt_hmac *h; @@ -225,12 +304,12 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, if (!h->hash) goto bad; - h->key = malloc(length); + h->key = malloc(key_length); if (!h->key) goto bad; - memcpy(h->key, buffer, length); - h->key_length = length; + memcpy(h->key, key, key_length); + h->key_length = key_length; h->hash->init(&h->nettle_ctx); h->hash->hmac_set_key(&h->nettle_ctx, h->key_length, h->key); @@ -263,13 +342,12 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) return 0; } -int crypt_hmac_destroy(struct crypt_hmac *ctx) +void crypt_hmac_destroy(struct crypt_hmac *ctx) { memset(ctx->key, 0, ctx->key_length); free(ctx->key); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* RNG - N/A */ @@ -283,23 +361,84 @@ int crypt_pbkdf(const char *kdf, const char *hash, const char *password, size_t password_length, const char *salt, size_t salt_length, char *key, size_t key_length, - unsigned int iterations) + uint32_t iterations, uint32_t memory, uint32_t parallel) { struct crypt_hmac *h; int r; - if (!kdf || strncmp(kdf, "pbkdf2", 6)) + if (!kdf) return -EINVAL; - r = crypt_hmac_init(&h, hash, password, password_length); - if (r < 0) - return r; + if (!strcmp(kdf, "pbkdf2")) { + r = crypt_hmac_init(&h, hash, password, password_length); + if (r < 0) + return r; + + nettle_pbkdf2(&h->nettle_ctx, h->hash->hmac_update, + h->hash->hmac_digest, h->hash->length, iterations, + salt_length, (const uint8_t *)salt, key_length, + (uint8_t *)key); + crypt_hmac_destroy(h); + return 0; + } else if (!strncmp(kdf, "argon2", 6)) { + return argon2(kdf, password, password_length, salt, salt_length, + key, key_length, iterations, memory, parallel); + } + + return -EINVAL; +} + +/* Block ciphers */ +int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, + const char *mode, const void *key, size_t key_length) +{ + struct crypt_cipher *h; + int r; + + h = malloc(sizeof(*h)); + if (!h) + return -ENOMEM; - nettle_pbkdf2(&h->nettle_ctx, h->hash->nettle_hmac_update, - h->hash->nettle_hmac_digest, h->hash->length, iterations, - salt_length, (const uint8_t *)salt, key_length, - (uint8_t *)key); - crypt_hmac_destroy(h); + r = crypt_cipher_init_kernel(&h->ck, name, mode, key, key_length); + if (r < 0) { + free(h); + return r; + } + *ctx = h; return 0; } + +void crypt_cipher_destroy(struct crypt_cipher *ctx) +{ + crypt_cipher_destroy_kernel(&ctx->ck); + free(ctx); +} + +int crypt_cipher_encrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + return crypt_cipher_encrypt_kernel(&ctx->ck, in, out, length, iv, iv_length); +} + +int crypt_cipher_decrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length); +} + +bool crypt_cipher_kernel_only(struct crypt_cipher *ctx) +{ + return true; +} + +int crypt_bitlk_decrypt_key(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length) +{ + return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length, + iv, iv_length, tag, tag_length); +} diff --git a/lib/crypto_backend/crypto_nss.c b/lib/crypto_backend/crypto_nss.c index 4b9f943..f141432 100644 --- a/lib/crypto_backend/crypto_nss.c +++ b/lib/crypto_backend/crypto_nss.c @@ -1,8 +1,8 @@ /* * NSS crypto backend implementation * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2014, Milan Broz + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -23,7 +23,7 @@ #include #include #include -#include "crypto_backend.h" +#include "crypto_backend_internal.h" #define CONST_CAST(x) (x)(uintptr_t) @@ -59,6 +59,10 @@ struct crypt_hmac { const struct hash_alg *hash; }; +struct crypt_cipher { + struct crypt_cipher_kernel ck; +}; + static struct hash_alg *_get_alg(const char *name) { int i = 0; @@ -71,7 +75,7 @@ static struct hash_alg *_get_alg(const char *name) return NULL; } -int crypt_backend_init(struct crypt_device *ctx) +int crypt_backend_init(void) { if (crypto_backend_initialised) return 0; @@ -88,6 +92,11 @@ int crypt_backend_init(struct crypt_device *ctx) return 0; } +void crypt_backend_destroy(void) +{ + crypto_backend_initialised = 0; +} + uint32_t crypt_backend_flags(void) { return 0; @@ -175,12 +184,11 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) return 0; } -int crypt_hash_destroy(struct crypt_hash *ctx) +void crypt_hash_destroy(struct crypt_hash *ctx) { PK11_DestroyContext(ctx->md, PR_TRUE); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* HMAC */ @@ -190,15 +198,15 @@ int crypt_hmac_size(const char *name) } int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - const void *buffer, size_t length) + const void *key, size_t key_length) { struct crypt_hmac *h; SECItem keyItem; SECItem noParams; keyItem.type = siBuffer; - keyItem.data = CONST_CAST(unsigned char *)buffer; - keyItem.len = (int)length; + keyItem.data = CONST_CAST(unsigned char *)key; + keyItem.len = (int)key_length; noParams.type = siBuffer; noParams.data = 0; @@ -277,7 +285,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) return 0; } -int crypt_hmac_destroy(struct crypt_hmac *ctx) +void crypt_hmac_destroy(struct crypt_hmac *ctx) { if (ctx->key) PK11_FreeSymKey(ctx->key); @@ -287,7 +295,6 @@ int crypt_hmac_destroy(struct crypt_hmac *ctx) PK11_DestroyContext(ctx->md, PR_TRUE); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* RNG */ @@ -307,13 +314,79 @@ int crypt_pbkdf(const char *kdf, const char *hash, const char *password, size_t password_length, const char *salt, size_t salt_length, char *key, size_t key_length, - unsigned int iterations) + uint32_t iterations, uint32_t memory, uint32_t parallel) { - struct hash_alg *ha = _get_alg(hash); + struct hash_alg *ha; - if (!ha || !kdf || strncmp(kdf, "pbkdf2", 6)) + if (!kdf) return -EINVAL; - return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length, - iterations, key_length, key, ha->block_length); + if (!strcmp(kdf, "pbkdf2")) { + ha = _get_alg(hash); + if (!ha) + return -EINVAL; + + return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length, + iterations, key_length, key, ha->block_length); + } else if (!strncmp(kdf, "argon2", 6)) { + return argon2(kdf, password, password_length, salt, salt_length, + key, key_length, iterations, memory, parallel); + } + + return -EINVAL; +} + +/* Block ciphers */ +int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, + const char *mode, const void *key, size_t key_length) +{ + struct crypt_cipher *h; + int r; + + h = malloc(sizeof(*h)); + if (!h) + return -ENOMEM; + + r = crypt_cipher_init_kernel(&h->ck, name, mode, key, key_length); + if (r < 0) { + free(h); + return r; + } + + *ctx = h; + return 0; +} + +void crypt_cipher_destroy(struct crypt_cipher *ctx) +{ + crypt_cipher_destroy_kernel(&ctx->ck); + free(ctx); +} + +int crypt_cipher_encrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + return crypt_cipher_encrypt_kernel(&ctx->ck, in, out, length, iv, iv_length); +} + +int crypt_cipher_decrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length); +} + +bool crypt_cipher_kernel_only(struct crypt_cipher *ctx) +{ + return true; +} + +int crypt_bitlk_decrypt_key(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length) +{ + return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length, + iv, iv_length, tag, tag_length); } diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c index 5e4345b..2edec7b 100644 --- a/lib/crypto_backend/crypto_openssl.c +++ b/lib/crypto_backend/crypto_openssl.c @@ -1,8 +1,8 @@ /* * OPENSSL crypto backend implementation * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2010-2014, Milan Broz + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -33,33 +33,110 @@ #include #include #include -#include "crypto_backend.h" +#include "crypto_backend_internal.h" + +#define CONST_CAST(x) (x)(uintptr_t) static int crypto_backend_initialised = 0; struct crypt_hash { - EVP_MD_CTX md; + EVP_MD_CTX *md; const EVP_MD *hash_id; int hash_len; }; struct crypt_hmac { - HMAC_CTX md; + HMAC_CTX *md; const EVP_MD *hash_id; int hash_len; }; -int crypt_backend_init(struct crypt_device *ctx) +struct crypt_cipher { + bool use_kernel; + union { + struct crypt_cipher_kernel kernel; + struct { + EVP_CIPHER_CTX *hd_enc; + EVP_CIPHER_CTX *hd_dec; + size_t iv_length; + } lib; + } u; +}; + +/* + * Compatible wrappers for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 + */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) + +static void openssl_backend_init(void) +{ + OpenSSL_add_all_algorithms(); +} + +static const char *openssl_backend_version(void) +{ + return SSLeay_version(SSLEAY_VERSION); +} + +static EVP_MD_CTX *EVP_MD_CTX_new(void) +{ + EVP_MD_CTX *md = malloc(sizeof(*md)); + + if (md) + EVP_MD_CTX_init(md); + + return md; +} + +static void EVP_MD_CTX_free(EVP_MD_CTX *md) +{ + EVP_MD_CTX_cleanup(md); + free(md); +} + +static HMAC_CTX *HMAC_CTX_new(void) +{ + HMAC_CTX *md = malloc(sizeof(*md)); + + if (md) + HMAC_CTX_init(md); + + return md; +} + +static void HMAC_CTX_free(HMAC_CTX *md) +{ + HMAC_CTX_cleanup(md); + free(md); +} +#else +static void openssl_backend_init(void) +{ +} + +static const char *openssl_backend_version(void) +{ + return OpenSSL_version(OPENSSL_VERSION); +} +#endif + +int crypt_backend_init(void) { if (crypto_backend_initialised) return 0; - OpenSSL_add_all_algorithms(); + openssl_backend_init(); crypto_backend_initialised = 1; return 0; } +void crypt_backend_destroy(void) +{ + crypto_backend_initialised = 0; +} + uint32_t crypt_backend_flags(void) { return 0; @@ -67,7 +144,7 @@ uint32_t crypt_backend_flags(void) const char *crypt_backend_version(void) { - return SSLeay_version(SSLEAY_VERSION); + return openssl_backend_version(); } /* HASH */ @@ -89,13 +166,21 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) if (!h) return -ENOMEM; + h->md = EVP_MD_CTX_new(); + if (!h->md) { + free(h); + return -ENOMEM; + } + h->hash_id = EVP_get_digestbyname(name); if (!h->hash_id) { + EVP_MD_CTX_free(h->md); free(h); return -EINVAL; } - if (EVP_DigestInit(&h->md, h->hash_id) != 1) { + if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) { + EVP_MD_CTX_free(h->md); free(h); return -EINVAL; } @@ -107,7 +192,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name) static int crypt_hash_restart(struct crypt_hash *ctx) { - if (EVP_DigestInit(&ctx->md, ctx->hash_id) != 1) + if (EVP_DigestInit_ex(ctx->md, ctx->hash_id, NULL) != 1) return -EINVAL; return 0; @@ -115,7 +200,7 @@ static int crypt_hash_restart(struct crypt_hash *ctx) int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length) { - if (EVP_DigestUpdate(&ctx->md, buffer, length) != 1) + if (EVP_DigestUpdate(ctx->md, buffer, length) != 1) return -EINVAL; return 0; @@ -129,7 +214,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) if (length > (size_t)ctx->hash_len) return -EINVAL; - if (EVP_DigestFinal_ex(&ctx->md, tmp, &tmp_len) != 1) + if (EVP_DigestFinal_ex(ctx->md, tmp, &tmp_len) != 1) return -EINVAL; memcpy(buffer, tmp, length); @@ -144,12 +229,11 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length) return 0; } -int crypt_hash_destroy(struct crypt_hash *ctx) +void crypt_hash_destroy(struct crypt_hash *ctx) { - EVP_MD_CTX_cleanup(&ctx->md); + EVP_MD_CTX_free(ctx->md); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* HMAC */ @@ -159,7 +243,7 @@ int crypt_hmac_size(const char *name) } int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, - const void *buffer, size_t length) + const void *key, size_t key_length) { struct crypt_hmac *h; @@ -167,14 +251,20 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, if (!h) return -ENOMEM; + h->md = HMAC_CTX_new(); + if (!h->md) { + free(h); + return -ENOMEM; + } + h->hash_id = EVP_get_digestbyname(name); if (!h->hash_id) { + HMAC_CTX_free(h->md); free(h); return -EINVAL; } - HMAC_CTX_init(&h->md); - HMAC_Init_ex(&h->md, buffer, length, h->hash_id, NULL); + HMAC_Init_ex(h->md, key, key_length, h->hash_id, NULL); h->hash_len = EVP_MD_size(h->hash_id); *ctx = h; @@ -183,12 +273,12 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name, static void crypt_hmac_restart(struct crypt_hmac *ctx) { - HMAC_Init_ex(&ctx->md, NULL, 0, ctx->hash_id, NULL); + HMAC_Init_ex(ctx->md, NULL, 0, ctx->hash_id, NULL); } int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length) { - HMAC_Update(&ctx->md, (const unsigned char *)buffer, length); + HMAC_Update(ctx->md, (const unsigned char *)buffer, length); return 0; } @@ -200,7 +290,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) if (length > (size_t)ctx->hash_len) return -EINVAL; - HMAC_Final(&ctx->md, tmp, &tmp_len); + HMAC_Final(ctx->md, tmp, &tmp_len); memcpy(buffer, tmp, length); crypt_backend_memzero(tmp, sizeof(tmp)); @@ -213,20 +303,16 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length) return 0; } -int crypt_hmac_destroy(struct crypt_hmac *ctx) +void crypt_hmac_destroy(struct crypt_hmac *ctx) { - HMAC_CTX_cleanup(&ctx->md); + HMAC_CTX_free(ctx->md); memset(ctx, 0, sizeof(*ctx)); free(ctx); - return 0; } /* RNG */ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips) { - if (fips) - return -EINVAL; - if (RAND_bytes((unsigned char *)buffer, length) != 1) return -EINVAL; @@ -238,21 +324,223 @@ int crypt_pbkdf(const char *kdf, const char *hash, const char *password, size_t password_length, const char *salt, size_t salt_length, char *key, size_t key_length, - unsigned int iterations) + uint32_t iterations, uint32_t memory, uint32_t parallel) + { const EVP_MD *hash_id; - if (!kdf || strncmp(kdf, "pbkdf2", 6)) + if (!kdf) return -EINVAL; - hash_id = EVP_get_digestbyname(hash); - if (!hash_id) + if (!strcmp(kdf, "pbkdf2")) { + hash_id = EVP_get_digestbyname(hash); + if (!hash_id) + return -EINVAL; + + if (!PKCS5_PBKDF2_HMAC(password, (int)password_length, + (const unsigned char *)salt, (int)salt_length, + (int)iterations, hash_id, (int)key_length, (unsigned char *)key)) + return -EINVAL; + return 0; + } else if (!strncmp(kdf, "argon2", 6)) { + return argon2(kdf, password, password_length, salt, salt_length, + key, key_length, iterations, memory, parallel); + } + + return -EINVAL; +} + +/* Block ciphers */ +static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec) +{ + EVP_CIPHER_CTX_free(*hd_enc); + *hd_enc = NULL; + + EVP_CIPHER_CTX_free(*hd_dec); + *hd_dec = NULL; +} + +static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const char *name, + const char *mode, const void *key, size_t key_length, size_t *iv_length) +{ + char cipher_name[256]; + const EVP_CIPHER *type; + int r, key_bits; + + key_bits = key_length * 8; + if (!strcmp(mode, "xts")) + key_bits /= 2; + + r = snprintf(cipher_name, sizeof(cipher_name), "%s-%d-%s", name, key_bits, mode); + if (r < 0 || r >= (int)sizeof(cipher_name)) + return -EINVAL; + + type = EVP_get_cipherbyname(cipher_name); + if (!type) + return -ENOENT; + + if (EVP_CIPHER_key_length(type) != (int)key_length) + return -EINVAL; + + *hd_enc = EVP_CIPHER_CTX_new(); + *hd_dec = EVP_CIPHER_CTX_new(); + *iv_length = EVP_CIPHER_iv_length(type); + + if (!*hd_enc || !*hd_dec) + return -EINVAL; + + if (EVP_EncryptInit_ex(*hd_enc, type, NULL, key, NULL) != 1 || + EVP_DecryptInit_ex(*hd_dec, type, NULL, key, NULL) != 1) { + _cipher_destroy(hd_enc, hd_dec); + return -EINVAL; + } + + if (EVP_CIPHER_CTX_set_padding(*hd_enc, 0) != 1 || + EVP_CIPHER_CTX_set_padding(*hd_dec, 0) != 1) { + _cipher_destroy(hd_enc, hd_dec); + return -EINVAL; + } + + return 0; +} + +int crypt_cipher_init(struct crypt_cipher **ctx, const char *name, + const char *mode, const void *key, size_t key_length) +{ + struct crypt_cipher *h; + int r; + + h = malloc(sizeof(*h)); + if (!h) + return -ENOMEM; + + if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, name, mode, key, + key_length, &h->u.lib.iv_length)) { + h->use_kernel = false; + *ctx = h; + return 0; + } + + r = crypt_cipher_init_kernel(&h->u.kernel, name, mode, key, key_length); + if (r < 0) { + free(h); + return r; + } + + h->use_kernel = true; + *ctx = h; + return 0; +} + +void crypt_cipher_destroy(struct crypt_cipher *ctx) +{ + if (ctx->use_kernel) + crypt_cipher_destroy_kernel(&ctx->u.kernel); + else + _cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec); + free(ctx); +} + +static int _cipher_encrypt(struct crypt_cipher *ctx, const unsigned char *in, unsigned char *out, + int length, const unsigned char *iv, size_t iv_length) +{ + int len; + + if (ctx->u.lib.iv_length != iv_length) + return -EINVAL; + + if (EVP_EncryptInit_ex(ctx->u.lib.hd_enc, NULL, NULL, NULL, iv) != 1) return -EINVAL; - if (!PKCS5_PBKDF2_HMAC(password, (int)password_length, - (unsigned char *)salt, (int)salt_length, - (int)iterations, hash_id, (int)key_length, (unsigned char *)key)) + if (EVP_EncryptUpdate(ctx->u.lib.hd_enc, out, &len, in, length) != 1) + return -EINVAL; + + if (EVP_EncryptFinal(ctx->u.lib.hd_enc, out + len, &len) != 1) + return -EINVAL; + + return 0; +} + +static int _cipher_decrypt(struct crypt_cipher *ctx, const unsigned char *in, unsigned char *out, + int length, const unsigned char *iv, size_t iv_length) +{ + int len; + + if (ctx->u.lib.iv_length != iv_length) + return -EINVAL; + + if (EVP_DecryptInit_ex(ctx->u.lib.hd_dec, NULL, NULL, NULL, iv) != 1) + return -EINVAL; + + if (EVP_DecryptUpdate(ctx->u.lib.hd_dec, out, &len, in, length) != 1) + return -EINVAL; + + if (EVP_DecryptFinal(ctx->u.lib.hd_dec, out + len, &len) != 1) return -EINVAL; return 0; } + +int crypt_cipher_encrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + if (ctx->use_kernel) + return crypt_cipher_encrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length); + + return _cipher_encrypt(ctx, (const unsigned char*)in, + (unsigned char *)out, length, (const unsigned char*)iv, iv_length); +} + +int crypt_cipher_decrypt(struct crypt_cipher *ctx, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length) +{ + if (ctx->use_kernel) + return crypt_cipher_decrypt_kernel(&ctx->u.kernel, in, out, length, iv, iv_length); + + return _cipher_decrypt(ctx, (const unsigned char*)in, + (unsigned char *)out, length, (const unsigned char*)iv, iv_length); +} + +bool crypt_cipher_kernel_only(struct crypt_cipher *ctx) +{ + return ctx->use_kernel; +} + +int crypt_bitlk_decrypt_key(const void *key, size_t key_length, + const char *in, char *out, size_t length, + const char *iv, size_t iv_length, + const char *tag, size_t tag_length) +{ +#ifdef EVP_CTRL_CCM_SET_IVLEN + EVP_CIPHER_CTX *ctx; + int len = 0, r = -EINVAL; + + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) + return -EINVAL; + + if (EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL) != 1) + goto out; + + //EVP_CIPHER_CTX_key_length(ctx) + //EVP_CIPHER_CTX_iv_length(ctx) + + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_length, NULL) != 1) + goto out; + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_length, CONST_CAST(void*)tag) != 1) + goto out; + + if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, (const unsigned char*)iv) != 1) + goto out; + + if (EVP_DecryptUpdate(ctx, (unsigned char*)out, &len, (const unsigned char*)in, length) == 1) + r = 0; +out: + EVP_CIPHER_CTX_free(ctx); + return r; +#else + return -ENOTSUP; +#endif +} diff --git a/lib/crypto_backend/crypto_storage.c b/lib/crypto_backend/crypto_storage.c index b0452a3..846f17c 100644 --- a/lib/crypto_backend/crypto_storage.c +++ b/lib/crypto_backend/crypto_storage.c @@ -2,7 +2,7 @@ * Generic wrapper for storage encryption modes and Initial Vectors * (reimplementation of some functions from Linux dm-crypt kernel) * - * Copyright (C) 2014, Milan Broz + * Copyright (C) 2014-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -25,23 +25,23 @@ #include "crypto_backend.h" #define SECTOR_SHIFT 9 -#define SECTOR_SIZE (1 << SECTOR_SHIFT) /* * Internal IV helper * IV documentation: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt */ struct crypt_sector_iv { - enum { IV_NONE, IV_NULL, IV_PLAIN, IV_PLAIN64, IV_ESSIV, IV_BENBI } type; + enum { IV_NONE, IV_NULL, IV_PLAIN, IV_PLAIN64, IV_ESSIV, IV_BENBI, IV_PLAIN64BE, IV_EBOIV } type; int iv_size; char *iv; - struct crypt_cipher *essiv_cipher; - int benbi_shift; + struct crypt_cipher *cipher; + int shift; }; /* Block encryption storage context */ struct crypt_storage { - uint64_t sector_start; + unsigned sector_shift; + unsigned iv_shift; struct crypt_cipher *cipher; struct crypt_sector_iv cipher_iv; }; @@ -56,24 +56,31 @@ static int int_log2(unsigned int x) static int crypt_sector_iv_init(struct crypt_sector_iv *ctx, const char *cipher_name, const char *mode_name, - const char *iv_name, char *key, size_t key_length) + const char *iv_name, const void *key, size_t key_length, size_t sector_size) { + int r; + memset(ctx, 0, sizeof(*ctx)); - ctx->iv_size = crypt_cipher_blocksize(cipher_name); - if (ctx->iv_size < 0) + ctx->iv_size = crypt_cipher_ivsize(cipher_name, mode_name); + if (ctx->iv_size < 8) return -ENOENT; - if (!iv_name || - !strcmp(cipher_name, "cipher_null") || + if (!strcmp(cipher_name, "cipher_null") || !strcmp(mode_name, "ecb")) { + if (iv_name) + return -EINVAL; ctx->type = IV_NONE; ctx->iv_size = 0; return 0; + } else if (!iv_name) { + return -EINVAL; } else if (!strcasecmp(iv_name, "null")) { ctx->type = IV_NULL; } else if (!strcasecmp(iv_name, "plain64")) { ctx->type = IV_PLAIN64; + } else if (!strcasecmp(iv_name, "plain64be")) { + ctx->type = IV_PLAIN64BE; } else if (!strcasecmp(iv_name, "plain")) { ctx->type = IV_PLAIN; } else if (!strncasecmp(iv_name, "essiv:", 6)) { @@ -81,7 +88,6 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx, char *hash_name = strchr(iv_name, ':'); int hash_size; char tmp[256]; - int r; if (!hash_name) return -EINVAL; @@ -109,7 +115,7 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx, return r; } - r = crypt_cipher_init(&ctx->essiv_cipher, cipher_name, "ecb", + r = crypt_cipher_init(&ctx->cipher, cipher_name, "ecb", tmp, hash_size); crypt_backend_memzero(tmp, sizeof(tmp)); if (r) @@ -122,7 +128,15 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx, return -EINVAL; ctx->type = IV_BENBI; - ctx->benbi_shift = SECTOR_SHIFT - log; + ctx->shift = SECTOR_SHIFT - log; + } else if (!strncasecmp(iv_name, "eboiv", 5)) { + r = crypt_cipher_init(&ctx->cipher, cipher_name, "ecb", + key, key_length); + if (r) + return r; + + ctx->type = IV_EBOIV; + ctx->shift = int_log2(sector_size); } else return -ENOENT; @@ -151,17 +165,27 @@ static int crypt_sector_iv_generate(struct crypt_sector_iv *ctx, uint64_t sector memset(ctx->iv, 0, ctx->iv_size); *(uint64_t *)ctx->iv = cpu_to_le64(sector); break; + case IV_PLAIN64BE: + memset(ctx->iv, 0, ctx->iv_size); + *(uint64_t *)&ctx->iv[ctx->iv_size - sizeof(uint64_t)] = cpu_to_be64(sector); + break; case IV_ESSIV: memset(ctx->iv, 0, ctx->iv_size); *(uint64_t *)ctx->iv = cpu_to_le64(sector); - return crypt_cipher_encrypt(ctx->essiv_cipher, + return crypt_cipher_encrypt(ctx->cipher, ctx->iv, ctx->iv, ctx->iv_size, NULL, 0); break; case IV_BENBI: memset(ctx->iv, 0, ctx->iv_size); - val = cpu_to_be64((sector << ctx->benbi_shift) + 1); + val = cpu_to_be64((sector << ctx->shift) + 1); memcpy(ctx->iv + ctx->iv_size - sizeof(val), &val, sizeof(val)); break; + case IV_EBOIV: + memset(ctx->iv, 0, ctx->iv_size); + *(uint64_t *)ctx->iv = cpu_to_le64(sector << ctx->shift); + return crypt_cipher_encrypt(ctx->cipher, + ctx->iv, ctx->iv, ctx->iv_size, NULL, 0); + break; default: return -EINVAL; } @@ -169,10 +193,10 @@ static int crypt_sector_iv_generate(struct crypt_sector_iv *ctx, uint64_t sector return 0; } -static int crypt_sector_iv_destroy(struct crypt_sector_iv *ctx) +static void crypt_sector_iv_destroy(struct crypt_sector_iv *ctx) { - if (ctx->type == IV_ESSIV) - crypt_cipher_destroy(ctx->essiv_cipher); + if (ctx->type == IV_ESSIV || ctx->type == IV_EBOIV) + crypt_cipher_destroy(ctx->cipher); if (ctx->iv) { memset(ctx->iv, 0, ctx->iv_size); @@ -180,22 +204,26 @@ static int crypt_sector_iv_destroy(struct crypt_sector_iv *ctx) } memset(ctx, 0, sizeof(*ctx)); - return 0; } /* Block encryption storage wrappers */ int crypt_storage_init(struct crypt_storage **ctx, - uint64_t sector_start, + size_t sector_size, const char *cipher, const char *cipher_mode, - char *key, size_t key_length) + const void *key, size_t key_length) { struct crypt_storage *s; char mode_name[64]; char *cipher_iv = NULL; int r = -EIO; + if (sector_size < (1 << SECTOR_SHIFT) || + sector_size > (1 << (SECTOR_SHIFT + 3)) || + sector_size & (sector_size - 1)) + return -EINVAL; + s = malloc(sizeof(*s)); if (!s) return -ENOMEM; @@ -216,33 +244,39 @@ int crypt_storage_init(struct crypt_storage **ctx, return r; } - r = crypt_sector_iv_init(&s->cipher_iv, cipher, mode_name, cipher_iv, key, key_length); + r = crypt_sector_iv_init(&s->cipher_iv, cipher, mode_name, cipher_iv, key, key_length, sector_size); if (r) { crypt_storage_destroy(s); return r; } - s->sector_start = sector_start; + s->sector_shift = int_log2(sector_size); + s->iv_shift = s->sector_shift - SECTOR_SHIFT; *ctx = s; return 0; } int crypt_storage_decrypt(struct crypt_storage *ctx, - uint64_t sector, size_t count, - char *buffer) + uint64_t iv_offset, + uint64_t length, char *buffer) { - unsigned int i; + uint64_t i; int r = 0; - for (i = 0; i < count; i++) { - r = crypt_sector_iv_generate(&ctx->cipher_iv, sector + i); + if (length & ((1 << ctx->sector_shift) - 1)) + return -EINVAL; + + length >>= ctx->sector_shift; + + for (i = 0; i < length; i++) { + r = crypt_sector_iv_generate(&ctx->cipher_iv, iv_offset + (uint64_t)(i << ctx->iv_shift)); if (r) break; r = crypt_cipher_decrypt(ctx->cipher, - &buffer[i * SECTOR_SIZE], - &buffer[i * SECTOR_SIZE], - SECTOR_SIZE, + &buffer[i << ctx->sector_shift], + &buffer[i << ctx->sector_shift], + 1 << ctx->sector_shift, ctx->cipher_iv.iv, ctx->cipher_iv.iv_size); if (r) @@ -253,20 +287,25 @@ int crypt_storage_decrypt(struct crypt_storage *ctx, } int crypt_storage_encrypt(struct crypt_storage *ctx, - uint64_t sector, size_t count, - char *buffer) + uint64_t iv_offset, + uint64_t length, char *buffer) { - unsigned int i; + uint64_t i; int r = 0; - for (i = 0; i < count; i++) { - r = crypt_sector_iv_generate(&ctx->cipher_iv, sector + i); + if (length & ((1 << ctx->sector_shift) - 1)) + return -EINVAL; + + length >>= ctx->sector_shift; + + for (i = 0; i < length; i++) { + r = crypt_sector_iv_generate(&ctx->cipher_iv, iv_offset + (i << ctx->iv_shift)); if (r) break; r = crypt_cipher_encrypt(ctx->cipher, - &buffer[i * SECTOR_SIZE], - &buffer[i * SECTOR_SIZE], - SECTOR_SIZE, + &buffer[i << ctx->sector_shift], + &buffer[i << ctx->sector_shift], + 1 << ctx->sector_shift, ctx->cipher_iv.iv, ctx->cipher_iv.iv_size); if (r) @@ -276,10 +315,10 @@ int crypt_storage_encrypt(struct crypt_storage *ctx, return r; } -int crypt_storage_destroy(struct crypt_storage *ctx) +void crypt_storage_destroy(struct crypt_storage *ctx) { if (!ctx) - return 0; + return; crypt_sector_iv_destroy(&ctx->cipher_iv); @@ -288,6 +327,9 @@ int crypt_storage_destroy(struct crypt_storage *ctx) memset(ctx, 0, sizeof(*ctx)); free(ctx); +} - return 0; +bool crypt_storage_kernel_only(struct crypt_storage *ctx) +{ + return crypt_cipher_kernel_only(ctx->cipher); } diff --git a/lib/crypto_backend/pbkdf2_generic.c b/lib/crypto_backend/pbkdf2_generic.c index 2e9a3d2..3f6163c 100644 --- a/lib/crypto_backend/pbkdf2_generic.c +++ b/lib/crypto_backend/pbkdf2_generic.c @@ -4,8 +4,8 @@ * Copyright (C) 2004 Free Software Foundation * * cryptsetup related changes - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2014, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -25,7 +25,7 @@ #include #include -#include "crypto_backend.h" +#include "crypto_backend_internal.h" static int hash_buf(const char *src, size_t src_len, char *dst, size_t dst_len, @@ -230,197 +230,3 @@ out: return rc; } - -#if 0 -#include - -struct test_vector { - const char *hash; - unsigned int hash_block_length; - unsigned int iterations; - const char *password; - unsigned int password_length; - const char *salt; - unsigned int salt_length; - const char *output; - unsigned int output_length; -}; - -struct test_vector test_vectors[] = { - /* RFC 3962 */ - { - "sha1", 64, 1, - "password", 8, - "ATHENA.MIT.EDUraeburn", 21, - "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01" - "\x56\x5a\x11\x22\xb2\x56\x35\x15" - "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3" - "\x33\xec\xc0\xe2\xe1\xf7\x08\x37", 32 - }, { - "sha1", 64, 2, - "password", 8, - "ATHENA.MIT.EDUraeburn", 21, - "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e" - "\x98\x8b\x62\xc7\x3c\xda\x93\x5d" - "\xa0\x53\x78\xb9\x32\x44\xec\x8f" - "\x48\xa9\x9e\x61\xad\x79\x9d\x86", 32 - }, { - "sha1", 64, 1200, - "password", 8, - "ATHENA.MIT.EDUraeburn", 21, - "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e" - "\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" - "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f" - "\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", 32 - }, { - "sha1", 64, 5, - "password", 8, - "\0224VxxV4\022", 8, // "\x1234567878563412 - "\xd1\xda\xa7\x86\x15\xf2\x87\xe6" - "\xa1\xc8\xb1\x20\xd7\x06\x2a\x49" - "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6" - "\xad\xf4\xfa\x57\x4b\x6e\x64\xee", 32 - }, { - "sha1", 64, 1200, - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 64, - "pass phrase equals block size", 29, - "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b" - "\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9" - "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc" - "\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", 32 - }, { - "sha1", 64, 1200, - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 65, - "pass phrase exceeds block size", 30, - "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5" - "\x1b\x10\xe6\xa6\x87\x21\xbe\x61" - "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b" - "\x36\xbe\x92\x46\x91\x5e\xc8\x2a", 32 - }, { - "sha1", 64, 50, - "\360\235\204\236", 4, // g-clef ("\xf09d849e) - "EXAMPLE.COMpianist", 18, - "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43" - "\xa5\xb8\xbb\x27\x6a\x40\x3b\x39" - "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2" - "\x81\xff\x30\x69\xe1\xe9\x4f\x52", 32 - }, { - /* RFC-6070 */ - "sha1", 64, 1, - "password", 8, - "salt", 4, - "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" - "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6", 20 - }, { - "sha1", 64, 2, - "password", 8, - "salt", 4, - "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e" - "\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57", 20 - }, { - "sha1", 64, 4096, - "password", 8, - "salt", 4, - "\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad" - "\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1", 20 - }, { - "sha1", 64, 16777216, - "password", 8, - "salt", 4, - "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94" - "\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", 20 - }, { - "sha1", 64, 4096, - "passwordPASSWORDpassword", 24, - "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, - "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8" - "\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96" - "\x4c\xf2\xf0\x70\x38", 25 - }, { - "sha1", 64, 4096, - "pass\0word", 9, - "sa\0lt", 5, - "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37" - "\xd7\xf0\x34\x25\xe0\xc3", 16 - }, { - /* empty password test */ - "sha1", 64, 2, - "", 0, - "salt", 4, - "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" - "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97", 20 - }, { - /* Password exceeds block size test */ - "sha256", 64, 1200, - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 65, - "pass phrase exceeds block size", 30, - "\x22\x34\x4b\xc4\xb6\xe3\x26\x75" - "\xa8\x09\x0f\x3e\xa8\x0b\xe0\x1d" - "\x5f\x95\x12\x6a\x2c\xdd\xc3\xfa" - "\xcc\x4a\x5e\x6d\xca\x04\xec\x58", 32 - }, { - "sha512", 128, 1200, - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 129, - "pass phrase exceeds block size", 30, - "\x0f\xb2\xed\x2c\x0e\x6e\xfb\x7d" - "\x7d\x8e\xdd\x58\x01\xb4\x59\x72" - "\x99\x92\x16\x30\x5e\xa4\x36\x8d" - "\x76\x14\x80\xf3\xe3\x7a\x22\xb9", 32 - }, { - "whirlpool", 64, 1200, - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 65, - "pass phrase exceeds block size", 30, - "\x9c\x1c\x74\xf5\x88\x26\xe7\x6a" - "\x53\x58\xf4\x0c\x39\xe7\x80\x89" - "\x07\xc0\x31\x19\x9a\x50\xa2\x48" - "\xf1\xd9\xfe\x78\x64\xe5\x84\x50", 32 - } -}; - -static void printhex(const char *s, const char *buf, size_t len) -{ - size_t i; - - printf("%s: ", s); - for (i = 0; i < len; i++) - printf("\\x%02x", (unsigned char)buf[i]); - printf("\n"); - fflush(stdout); -} - -static int pkcs5_pbkdf2_test_vectors(void) -{ - char result[64]; - unsigned int i, j; - struct test_vector *vec; - - for (i = 0; i < (sizeof(test_vectors) / sizeof(*test_vectors)); i++) { - vec = &test_vectors[i]; - for (j = 1; j <= vec->output_length; j++) { - if (pkcs5_pbkdf2(vec->hash, - vec->password, vec->password_length, - vec->salt, vec->salt_length, - vec->iterations, - j, result, vec->hash_block_length)) { - printf("pbkdf2 failed, vector %d\n", i); - return -EINVAL; - } - if (memcmp(result, vec->output, j) != 0) { - printf("vector %u\n", i); - printhex(" got", result, j); - printhex("want", vec->output, j); - return -EINVAL; - } - memset(result, 0, sizeof(result)); - } - } - return 0; -} -#endif diff --git a/lib/crypto_backend/pbkdf_check.c b/lib/crypto_backend/pbkdf_check.c index c6236cc..7444e0a 100644 --- a/lib/crypto_backend/pbkdf_check.c +++ b/lib/crypto_backend/pbkdf_check.c @@ -1,7 +1,8 @@ /* * PBKDF performance check - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2014, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz + * Copyright (C) 2016-2020 Ondrej Mosnacek * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -18,11 +19,52 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include #include +#include +#include #include #include #include "crypto_backend.h" +#ifndef CLOCK_MONOTONIC_RAW +#define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC +#endif + +#define BENCH_MIN_MS 250 +#define BENCH_MIN_MS_FAST 10 +#define BENCH_PERCENT_ATLEAST 95 +#define BENCH_PERCENT_ATMOST 110 +#define BENCH_SAMPLES_FAST 3 +#define BENCH_SAMPLES_SLOW 1 + +/* These PBKDF2 limits must be never violated */ +int crypt_pbkdf_get_limits(const char *kdf, struct crypt_pbkdf_limits *limits) +{ + if (!kdf || !limits) + return -EINVAL; + + if (!strcmp(kdf, "pbkdf2")) { + limits->min_iterations = 1000; /* recommendation in NIST SP 800-132 */ + limits->max_iterations = UINT32_MAX; + limits->min_memory = 0; /* N/A */ + limits->max_memory = 0; /* N/A */ + limits->min_parallel = 0; /* N/A */ + limits->max_parallel = 0; /* N/A */ + return 0; + } else if (!strcmp(kdf, "argon2i") || !strcmp(kdf, "argon2id")) { + limits->min_iterations = 4; + limits->max_iterations = UINT32_MAX; + limits->min_memory = 32; + limits->max_memory = 4*1024*1024; /* 4GiB */ + limits->min_parallel = 1; + limits->max_parallel = 4; + return 0; + } + + return -EINVAL; +} + static long time_ms(struct rusage *start, struct rusage *end) { int count_kernel_time = 0; @@ -50,35 +92,285 @@ static long time_ms(struct rusage *start, struct rusage *end) return ms; } +static long timespec_ms(struct timespec *start, struct timespec *end) +{ + return (end->tv_sec - start->tv_sec) * 1000 + + (end->tv_nsec - start->tv_nsec) / (1000 * 1000); +} + +static int measure_argon2(const char *kdf, const char *password, size_t password_length, + const char *salt, size_t salt_length, + char *key, size_t key_length, + uint32_t t_cost, uint32_t m_cost, uint32_t parallel, + size_t samples, long ms_atleast, long *out_ms) +{ + long ms, ms_min = LONG_MAX; + int r; + size_t i; + + for (i = 0; i < samples; i++) { + struct timespec tstart, tend; + + /* + * NOTE: We must use clock_gettime here, because Argon2 can run over + * multiple threads, and thus we care about real time, not CPU time! + */ + if (clock_gettime(CLOCK_MONOTONIC_RAW, &tstart) < 0) + return -EINVAL; + + r = crypt_pbkdf(kdf, NULL, password, password_length, salt, + salt_length, key, key_length, t_cost, m_cost, parallel); + if (r < 0) + return r; + + if (clock_gettime(CLOCK_MONOTONIC_RAW, &tend) < 0) + return -EINVAL; + + ms = timespec_ms(&tstart, &tend); + if (ms < 0) + return -EINVAL; + + if (ms < ms_atleast) { + /* early exit */ + ms_min = ms; + break; + } + if (ms < ms_min) { + ms_min = ms; + } + } + *out_ms = ms_min; + return 0; +} + +#define CONTINUE 0 +#define FINAL 1 +static int next_argon2_params(uint32_t *t_cost, uint32_t *m_cost, + uint32_t min_t_cost, uint32_t min_m_cost, + uint32_t max_m_cost, long ms, uint32_t target_ms) +{ + uint32_t old_t_cost, old_m_cost, new_t_cost, new_m_cost; + uint64_t num, denom; + + old_t_cost = *t_cost; + old_m_cost = *m_cost; + + if ((uint32_t)ms > target_ms) { + /* decreasing, first try to lower t_cost, then m_cost */ + num = (uint64_t)*t_cost * (uint64_t)target_ms; + denom = (uint64_t)ms; + new_t_cost = (uint32_t)(num / denom); + if (new_t_cost < min_t_cost) { + num = (uint64_t)*t_cost * (uint64_t)*m_cost * + (uint64_t)target_ms; + denom = (uint64_t)min_t_cost * (uint64_t)ms; + *t_cost = min_t_cost; + *m_cost = (uint32_t)(num / denom); + if (*m_cost < min_m_cost) { + *m_cost = min_m_cost; + return FINAL; + } + } else { + *t_cost = new_t_cost; + } + } else { + /* increasing, first try to increase m_cost, then t_cost */ + num = (uint64_t)*m_cost * (uint64_t)target_ms; + denom = (uint64_t)ms; + new_m_cost = (uint32_t)(num / denom); + if (new_m_cost > max_m_cost) { + num = (uint64_t)*t_cost * (uint64_t)*m_cost * + (uint64_t)target_ms; + denom = (uint64_t)max_m_cost * (uint64_t)ms; + *t_cost = (uint32_t)(num / denom); + *m_cost = max_m_cost; + if (*t_cost <= min_t_cost) { + *t_cost = min_t_cost; + return FINAL; + } + } else if (new_m_cost < min_m_cost) { + *m_cost = min_m_cost; + return FINAL; + } else { + *m_cost = new_m_cost; + } + } + + /* do not continue if it is the same as in the previous run */ + if (old_t_cost == *t_cost && old_m_cost == *m_cost) + return FINAL; + + return CONTINUE; +} + +static int crypt_argon2_check(const char *kdf, const char *password, + size_t password_length, const char *salt, + size_t salt_length, size_t key_length, + uint32_t min_t_cost, uint32_t min_m_cost, uint32_t max_m_cost, + uint32_t parallel, uint32_t target_ms, + uint32_t *out_t_cost, uint32_t *out_m_cost, + int (*progress)(uint32_t time_ms, void *usrptr), + void *usrptr) +{ + int r = 0; + char *key = NULL; + uint32_t t_cost, m_cost; + long ms; + long ms_atleast = (long)target_ms * BENCH_PERCENT_ATLEAST / 100; + long ms_atmost = (long)target_ms * BENCH_PERCENT_ATMOST / 100; + + if (key_length <= 0 || target_ms <= 0) + return -EINVAL; + + if (min_m_cost < (parallel * 8)) + min_m_cost = parallel * 8; + + if (max_m_cost < min_m_cost) + return -EINVAL; + + key = malloc(key_length); + if (!key) + return -ENOMEM; + + t_cost = min_t_cost; + m_cost = min_m_cost; + + /* 1. Find some small parameters, s. t. ms >= BENCH_MIN_MS: */ + while (1) { + r = measure_argon2(kdf, password, password_length, salt, salt_length, + key, key_length, t_cost, m_cost, parallel, + BENCH_SAMPLES_FAST, BENCH_MIN_MS, &ms); + if (!r) { + /* Update parameters to actual measurement */ + *out_t_cost = t_cost; + *out_m_cost = m_cost; + if (progress && progress((uint32_t)ms, usrptr)) + r = -EINTR; + } + + if (r < 0) + goto out; + + if (ms >= BENCH_MIN_MS) + break; + + if (m_cost == max_m_cost) { + if (ms < BENCH_MIN_MS_FAST) + t_cost *= 16; + else { + uint32_t new = (t_cost * BENCH_MIN_MS) / (uint32_t)ms; + if (new == t_cost) + break; + + t_cost = new; + } + } else { + if (ms < BENCH_MIN_MS_FAST) + m_cost *= 16; + else { + uint32_t new = (m_cost * BENCH_MIN_MS) / (uint32_t)ms; + if (new == m_cost) + break; + + m_cost = new; + } + if (m_cost > max_m_cost) { + m_cost = max_m_cost; + } + } + } + /* + * 2. Use the params obtained in (1.) to estimate the target params. + * 3. Then repeatedly measure the candidate params and if they fall out of + * the acceptance range (+-5 %), try to improve the estimate: + */ + do { + if (next_argon2_params(&t_cost, &m_cost, min_t_cost, min_m_cost, + max_m_cost, ms, target_ms)) { + /* Update parameters to final computation */ + *out_t_cost = t_cost; + *out_m_cost = m_cost; + break; + } + + r = measure_argon2(kdf, password, password_length, salt, salt_length, + key, key_length, t_cost, m_cost, parallel, + BENCH_SAMPLES_SLOW, ms_atleast, &ms); + + if (!r) { + /* Update parameters to actual measurement */ + *out_t_cost = t_cost; + *out_m_cost = m_cost; + if (progress && progress((uint32_t)ms, usrptr)) + r = -EINTR; + } + + if (r < 0) + break; + + } while (ms < ms_atleast || ms > ms_atmost); +out: + if (key) { + crypt_backend_memzero(key, key_length); + free(key); + } + return r; +} + /* This code benchmarks PBKDF and returns iterations/second using specified hash */ -int crypt_pbkdf_check(const char *kdf, const char *hash, - const char *password, size_t password_size, - const char *salt, size_t salt_size, - uint64_t *iter_secs) +static int crypt_pbkdf_check(const char *kdf, const char *hash, + const char *password, size_t password_length, + const char *salt, size_t salt_length, + size_t key_length, uint32_t *iter_secs, uint32_t target_ms, + int (*progress)(uint32_t time_ms, void *usrptr), void *usrptr) + { struct rusage rstart, rend; int r = 0, step = 0; long ms = 0; - char buf; - unsigned int iterations; + char *key = NULL; + uint32_t iterations; + double PBKDF2_temp; - if (!kdf || !hash) + if (!kdf || !hash || key_length <= 0) return -EINVAL; + key = malloc(key_length); + if (!key) + return -ENOMEM; + + *iter_secs = 0; iterations = 1 << 15; - while (ms < 500) { - if (getrusage(RUSAGE_SELF, &rstart) < 0) - return -EINVAL; + while (1) { + if (getrusage(RUSAGE_SELF, &rstart) < 0) { + r = -EINVAL; + goto out; + } + + r = crypt_pbkdf(kdf, hash, password, password_length, salt, + salt_length, key, key_length, iterations, 0, 0); - r = crypt_pbkdf(kdf, hash, password, password_size, salt, - salt_size, &buf, 1, iterations); if (r < 0) - return r; + goto out; - if (getrusage(RUSAGE_SELF, &rend) < 0) - return -EINVAL; + if (getrusage(RUSAGE_SELF, &rend) < 0) { + r = -EINVAL; + goto out; + } ms = time_ms(&rstart, &rend); + if (ms) { + PBKDF2_temp = (double)iterations * target_ms / ms; + if (PBKDF2_temp > UINT32_MAX) + return -EINVAL; + *iter_secs = (uint32_t)PBKDF2_temp; + } + + if (progress && progress((uint32_t)ms, usrptr)) { + r = -EINTR; + goto out; + } + if (ms > 500) break; @@ -91,11 +383,53 @@ int crypt_pbkdf_check(const char *kdf, const char *hash, else iterations <<= 1; - if (++step > 10 || !iterations) - return -EINVAL; + if (++step > 10 || !iterations) { + r = -EINVAL; + goto out; + } } +out: + if (key) { + crypt_backend_memzero(key, key_length); + free(key); + } + return r; +} + +int crypt_pbkdf_perf(const char *kdf, const char *hash, + const char *password, size_t password_size, + const char *salt, size_t salt_size, + size_t volume_key_size, uint32_t time_ms, + uint32_t max_memory_kb, uint32_t parallel_threads, + uint32_t *iterations_out, uint32_t *memory_out, + int (*progress)(uint32_t time_ms, void *usrptr), void *usrptr) +{ + struct crypt_pbkdf_limits pbkdf_limits; + int r = -EINVAL; + + if (!kdf || !iterations_out || !memory_out) + return -EINVAL; + + /* FIXME: whole limits propagation should be more clear here */ + r = crypt_pbkdf_get_limits(kdf, &pbkdf_limits); + if (r < 0) + return r; + + *memory_out = 0; + *iterations_out = 0; + + if (!strcmp(kdf, "pbkdf2")) + r = crypt_pbkdf_check(kdf, hash, password, password_size, + salt, salt_size, volume_key_size, + iterations_out, time_ms, progress, usrptr); - if (iter_secs) - *iter_secs = (iterations * 1000) / ms; + else if (!strncmp(kdf, "argon2", 6)) + r = crypt_argon2_check(kdf, password, password_size, + salt, salt_size, volume_key_size, + pbkdf_limits.min_iterations, + pbkdf_limits.min_memory, + max_memory_kb, + parallel_threads, time_ms, iterations_out, + memory_out, progress, usrptr); return r; } diff --git a/lib/integrity/integrity.c b/lib/integrity/integrity.c new file mode 100644 index 0000000..86305ce --- /dev/null +++ b/lib/integrity/integrity.c @@ -0,0 +1,366 @@ +/* + * Integrity volume handling + * + * Copyright (C) 2016-2020 Milan Broz + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include + +#include "integrity.h" +#include "internal.h" + +static int INTEGRITY_read_superblock(struct crypt_device *cd, + struct device *device, + uint64_t offset, struct superblock *sb) +{ + int devfd, r; + + devfd = device_open(cd, device, O_RDONLY); + if(devfd < 0) + return -EINVAL; + + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), sb, sizeof(*sb), offset) != sizeof(*sb) || + memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic)) || + sb->version < SB_VERSION_1 || sb->version > SB_VERSION_4) { + log_std(cd, "No integrity superblock detected on %s.\n", + device_path(device)); + r = -EINVAL; + } else { + sb->integrity_tag_size = le16toh(sb->integrity_tag_size); + sb->journal_sections = le32toh(sb->journal_sections); + sb->provided_data_sectors = le64toh(sb->provided_data_sectors); + sb->recalc_sector = le64toh(sb->recalc_sector); + sb->flags = le32toh(sb->flags); + r = 0; + } + + return r; +} + +int INTEGRITY_read_sb(struct crypt_device *cd, + struct crypt_params_integrity *params, + uint32_t *flags) +{ + struct superblock sb; + int r; + + r = INTEGRITY_read_superblock(cd, crypt_metadata_device(cd), 0, &sb); + if (r) + return r; + + params->sector_size = SECTOR_SIZE << sb.log2_sectors_per_block; + params->tag_size = sb.integrity_tag_size; + + if (flags) + *flags = sb.flags; + + return 0; +} + +int INTEGRITY_dump(struct crypt_device *cd, struct device *device, uint64_t offset) +{ + struct superblock sb; + int r; + + r = INTEGRITY_read_superblock(cd, device, offset, &sb); + if (r) + return r; + + log_std(cd, "Info for integrity device %s.\n", device_path(device)); + log_std(cd, "superblock_version %d\n", (unsigned)sb.version); + log_std(cd, "log2_interleave_sectors %d\n", sb.log2_interleave_sectors); + log_std(cd, "integrity_tag_size %u\n", sb.integrity_tag_size); + log_std(cd, "journal_sections %u\n", sb.journal_sections); + log_std(cd, "provided_data_sectors %" PRIu64 "\n", sb.provided_data_sectors); + log_std(cd, "sector_size %u\n", SECTOR_SIZE << sb.log2_sectors_per_block); + if (sb.version == SB_VERSION_2 && (sb.flags & SB_FLAG_RECALCULATING)) + log_std(cd, "recalc_sector %" PRIu64 "\n", sb.recalc_sector); + log_std(cd, "log2_blocks_per_bitmap %u\n", sb.log2_blocks_per_bitmap_bit); + log_std(cd, "flags %s%s%s%s\n", + sb.flags & SB_FLAG_HAVE_JOURNAL_MAC ? "have_journal_mac " : "", + sb.flags & SB_FLAG_RECALCULATING ? "recalculating " : "", + sb.flags & SB_FLAG_DIRTY_BITMAP ? "dirty_bitmap " : "", + sb.flags & SB_FLAG_FIXED_PADDING ? "fix_padding " : ""); + + return 0; +} + +int INTEGRITY_data_sectors(struct crypt_device *cd, + struct device *device, uint64_t offset, + uint64_t *data_sectors) +{ + struct superblock sb; + int r; + + r = INTEGRITY_read_superblock(cd, device, offset, &sb); + if (r) + return r; + + *data_sectors = sb.provided_data_sectors; + return 0; +} + +int INTEGRITY_key_size(struct crypt_device *cd, const char *integrity) +{ + if (!integrity) + return 0; + + //FIXME: use crypto backend hash size + if (!strcmp(integrity, "aead")) + return 0; + else if (!strcmp(integrity, "hmac(sha1)")) + return 20; + else if (!strcmp(integrity, "hmac(sha256)")) + return 32; + else if (!strcmp(integrity, "hmac(sha512)")) + return 64; + else if (!strcmp(integrity, "poly1305")) + return 0; + else if (!strcmp(integrity, "none")) + return 0; + + return -EINVAL; +} + +/* Return hash or hmac(hash) size, if known */ +int INTEGRITY_hash_tag_size(const char *integrity) +{ + char hash[MAX_CIPHER_LEN]; + int r; + + if (!integrity) + return 0; + + if (!strcmp(integrity, "crc32") || !strcmp(integrity, "crc32c")) + return 4; + + r = sscanf(integrity, "hmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash); + if (r == 1) + r = crypt_hash_size(hash); + else + r = crypt_hash_size(integrity); + + return r < 0 ? 0 : r; +} + +int INTEGRITY_tag_size(struct crypt_device *cd, + const char *integrity, + const char *cipher, + const char *cipher_mode) +{ + int iv_tag_size = 0, auth_tag_size = 0; + + if (!cipher_mode) + iv_tag_size = 0; + else if (!strcmp(cipher_mode, "xts-random")) + iv_tag_size = 16; + else if (!strcmp(cipher_mode, "gcm-random")) + iv_tag_size = 12; + else if (!strcmp(cipher_mode, "ccm-random")) + iv_tag_size = 8; + else if (!strcmp(cipher_mode, "ctr-random")) + iv_tag_size = 16; + else if (!strcmp(cipher, "aegis256") && !strcmp(cipher_mode, "random")) + iv_tag_size = 32; + else if (!strcmp(cipher_mode, "random")) + iv_tag_size = 16; + + //FIXME: use crypto backend hash size + if (!integrity || !strcmp(integrity, "none")) + auth_tag_size = 0; + else if (!strcmp(integrity, "aead")) + auth_tag_size = 16; //FIXME gcm- mode only + else if (!strcmp(integrity, "cmac(aes)")) + auth_tag_size = 16; + else if (!strcmp(integrity, "hmac(sha1)")) + auth_tag_size = 20; + else if (!strcmp(integrity, "hmac(sha256)")) + auth_tag_size = 32; + else if (!strcmp(integrity, "hmac(sha512)")) + auth_tag_size = 64; + else if (!strcmp(integrity, "poly1305")) { + if (iv_tag_size) + iv_tag_size = 12; + auth_tag_size = 16; + } + + return iv_tag_size + auth_tag_size; +} + +int INTEGRITY_create_dmd_device(struct crypt_device *cd, + const struct crypt_params_integrity *params, + struct volume_key *vk, + struct volume_key *journal_crypt_key, + struct volume_key *journal_mac_key, + struct crypt_dm_active_device *dmd, + uint32_t flags, uint32_t sb_flags) +{ + int r; + + if (!dmd) + return -EINVAL; + + *dmd = (struct crypt_dm_active_device) { + .flags = flags, + }; + + /* Workaround for kernel dm-integrity table bug */ + if (sb_flags & SB_FLAG_RECALCULATING) + dmd->flags |= CRYPT_ACTIVATE_RECALCULATE; + + r = INTEGRITY_data_sectors(cd, crypt_metadata_device(cd), + crypt_get_data_offset(cd) * SECTOR_SIZE, &dmd->size); + if (r < 0) + return r; + + return dm_integrity_target_set(cd, &dmd->segment, 0, dmd->size, + crypt_metadata_device(cd), crypt_data_device(cd), + crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd), + crypt_get_sector_size(cd), vk, journal_crypt_key, + journal_mac_key, params); +} + +int INTEGRITY_activate_dmd_device(struct crypt_device *cd, + const char *name, + const char *type, + struct crypt_dm_active_device *dmd, + uint32_t sb_flags) +{ + int r; + uint32_t dmi_flags; + struct dm_target *tgt = &dmd->segment; + + if (!single_segment(dmd) || tgt->type != DM_INTEGRITY) + return -EINVAL; + + log_dbg(cd, "Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".", + device_path(tgt->data_device), name, tgt->u.integrity.tag_size, dmd->size); + + r = device_block_adjust(cd, tgt->data_device, DEV_EXCL, + tgt->u.integrity.offset, NULL, &dmd->flags); + if (r) + return r; + + if (tgt->u.integrity.meta_device) { + r = device_block_adjust(cd, tgt->u.integrity.meta_device, DEV_EXCL, 0, NULL, NULL); + if (r) + return r; + } + + r = dm_create_device(cd, name, type, dmd); + if (r < 0 && (dm_flags(cd, DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) { + log_err(cd, _("Kernel does not support dm-integrity mapping.")); + return -ENOTSUP; + } + + if (r < 0 && (sb_flags & SB_FLAG_FIXED_PADDING) && !dm_flags(cd, DM_INTEGRITY, &dmi_flags) && + !(dmi_flags & DM_INTEGRITY_FIX_PADDING_SUPPORTED)) { + log_err(cd, _("Kernel does not support dm-integrity fixed metadata alignment.")); + return -ENOTSUP; + } + + return r; +} + +int INTEGRITY_activate(struct crypt_device *cd, + const char *name, + const struct crypt_params_integrity *params, + struct volume_key *vk, + struct volume_key *journal_crypt_key, + struct volume_key *journal_mac_key, + uint32_t flags, uint32_t sb_flags) +{ + struct crypt_dm_active_device dmd = {}; + int r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key, + journal_mac_key, &dmd, flags, sb_flags); + + if (r < 0) + return r; + + r = INTEGRITY_activate_dmd_device(cd, name, CRYPT_INTEGRITY, &dmd, sb_flags); + dm_targets_free(cd, &dmd); + return r; +} + +int INTEGRITY_format(struct crypt_device *cd, + const struct crypt_params_integrity *params, + struct volume_key *journal_crypt_key, + struct volume_key *journal_mac_key) +{ + uint32_t dmi_flags; + char tmp_name[64], tmp_uuid[40]; + struct crypt_dm_active_device dmdi = { + .size = 8, + .flags = CRYPT_ACTIVATE_PRIVATE, /* We always create journal but it can be unused later */ + }; + struct dm_target *tgt = &dmdi.segment; + int r; + uuid_t tmp_uuid_bin; + struct volume_key *vk = NULL; + + uuid_generate(tmp_uuid_bin); + uuid_unparse(tmp_uuid_bin, tmp_uuid); + + snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid); + + /* There is no data area, we can actually use fake zeroed key */ + if (params && params->integrity_key_size) + vk = crypt_alloc_volume_key(params->integrity_key_size, NULL); + + r = dm_integrity_target_set(cd, tgt, 0, dmdi.size, crypt_metadata_device(cd), + crypt_data_device(cd), crypt_get_integrity_tag_size(cd), + crypt_get_data_offset(cd), crypt_get_sector_size(cd), vk, + journal_crypt_key, journal_mac_key, params); + if (r < 0) { + crypt_free_volume_key(vk); + return r; + } + + log_dbg(cd, "Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.", + device_path(tgt->data_device), tmp_name, tgt->u.integrity.tag_size); + + r = device_block_adjust(cd, tgt->data_device, DEV_EXCL, tgt->u.integrity.offset, NULL, NULL); + if (r < 0 && (dm_flags(cd, DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) { + log_err(cd, _("Kernel does not support dm-integrity mapping.")); + r = -ENOTSUP; + } + if (r) { + dm_targets_free(cd, &dmdi); + return r; + } + + if (tgt->u.integrity.meta_device) { + r = device_block_adjust(cd, tgt->u.integrity.meta_device, DEV_EXCL, 0, NULL, NULL); + if (r) { + dm_targets_free(cd, &dmdi); + return r; + } + } + + r = dm_create_device(cd, tmp_name, CRYPT_INTEGRITY, &dmdi); + crypt_free_volume_key(vk); + dm_targets_free(cd, &dmdi); + if (r) + return r; + + return dm_remove_device(cd, tmp_name, CRYPT_DEACTIVATE_FORCE); +} diff --git a/lib/integrity/integrity.h b/lib/integrity/integrity.h new file mode 100644 index 0000000..38c4c5e --- /dev/null +++ b/lib/integrity/integrity.h @@ -0,0 +1,101 @@ +/* + * Integrity header definition + * + * Copyright (C) 2016-2020 Milan Broz + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRYPTSETUP_INTEGRITY_H +#define _CRYPTSETUP_INTEGRITY_H + +#include + +struct crypt_device; +struct device; +struct crypt_params_integrity; +struct volume_key; +struct crypt_dm_active_device; + +/* dm-integrity helper */ +#define SB_MAGIC "integrt" +#define SB_VERSION_1 1 +#define SB_VERSION_2 2 +#define SB_VERSION_3 3 +#define SB_VERSION_4 4 + +#define SB_FLAG_HAVE_JOURNAL_MAC (1 << 0) +#define SB_FLAG_RECALCULATING (1 << 1) /* V2 only */ +#define SB_FLAG_DIRTY_BITMAP (1 << 2) /* V3 only */ +#define SB_FLAG_FIXED_PADDING (1 << 3) /* V4 only */ + +struct superblock { + uint8_t magic[8]; + uint8_t version; + int8_t log2_interleave_sectors; + uint16_t integrity_tag_size; + uint32_t journal_sections; + uint64_t provided_data_sectors; + uint32_t flags; + uint8_t log2_sectors_per_block; + uint8_t log2_blocks_per_bitmap_bit; /* V3 only */ + uint8_t pad[2]; + uint64_t recalc_sector; /* V2 only */ +} __attribute__ ((packed)); + +int INTEGRITY_read_sb(struct crypt_device *cd, + struct crypt_params_integrity *params, + uint32_t *flags); + +int INTEGRITY_dump(struct crypt_device *cd, struct device *device, uint64_t offset); + +int INTEGRITY_data_sectors(struct crypt_device *cd, + struct device *device, uint64_t offset, + uint64_t *data_sectors); +int INTEGRITY_key_size(struct crypt_device *cd, + const char *integrity); +int INTEGRITY_tag_size(struct crypt_device *cd, + const char *integrity, + const char *cipher, + const char *cipher_mode); +int INTEGRITY_hash_tag_size(const char *integrity); + +int INTEGRITY_format(struct crypt_device *cd, + const struct crypt_params_integrity *params, + struct volume_key *journal_crypt_key, + struct volume_key *journal_mac_key); + +int INTEGRITY_activate(struct crypt_device *cd, + const char *name, + const struct crypt_params_integrity *params, + struct volume_key *vk, + struct volume_key *journal_crypt_key, + struct volume_key *journal_mac_key, + uint32_t flags, uint32_t sb_flags); + +int INTEGRITY_create_dmd_device(struct crypt_device *cd, + const struct crypt_params_integrity *params, + struct volume_key *vk, + struct volume_key *journal_crypt_key, + struct volume_key *journal_mac_key, + struct crypt_dm_active_device *dmd, + uint32_t flags, uint32_t sb_flags); + +int INTEGRITY_activate_dmd_device(struct crypt_device *cd, + const char *name, + const char *type, + struct crypt_dm_active_device *dmd, + uint32_t sb_flags); +#endif diff --git a/lib/internal.h b/lib/internal.h index fb265ee..a418a46 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -1,10 +1,10 @@ /* * libcryptsetup - cryptsetup library internal * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2012, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -26,64 +26,150 @@ #include #include +#include +#include #include #include +#include #include "nls.h" #include "bitops.h" +#include "utils_blkid.h" #include "utils_crypt.h" #include "utils_loop.h" #include "utils_dm.h" #include "utils_fips.h" +#include "utils_keyring.h" +#include "utils_io.h" #include "crypto_backend.h" +#include "utils_storage_wrappers.h" #include "libcryptsetup.h" /* to silent gcc -Wcast-qual for const cast */ #define CONST_CAST(x) (x)(uintptr_t) +#define SHIFT_4K 12 #define SECTOR_SHIFT 9 #define SECTOR_SIZE (1 << SECTOR_SHIFT) +#define MAX_SECTOR_SIZE 4096 /* min page size among all platforms */ #define DEFAULT_DISK_ALIGNMENT 1048576 /* 1MiB */ #define DEFAULT_MEM_ALIGNMENT 4096 -#define MAX_ERROR_LENGTH 512 +#define LOG_MAX_LEN 4096 +#define MAX_DM_DEPS 32 + +#define CRYPT_SUBDEV "SUBDEV" /* prefix for sublayered devices underneath public crypt types */ #define at_least(a, b) ({ __typeof__(a) __at_least = (a); (__at_least >= (b))?__at_least:(b); }) +#define MISALIGNED(a, b) ((a) & ((b) - 1)) +#define MISALIGNED_4K(a) MISALIGNED((a), 1 << SHIFT_4K) +#define MISALIGNED_512(a) MISALIGNED((a), 1 << SECTOR_SHIFT) +#define NOTPOW2(a) MISALIGNED((a), (a)) + +#ifndef ARRAY_SIZE +# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) +#endif + +#define MOVE_REF(x, y) \ + do { \ + typeof (x) *_px = &(x), *_py = &(y); \ + *_px = *_py; \ + *_py = NULL; \ + } while (0) + +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + struct crypt_device; +struct luks2_reenc_context; struct volume_key { + int id; size_t keylength; + const char *key_description; + struct volume_key *next; char key[]; }; -struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key); -struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength); +struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key); +struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength); void crypt_free_volume_key(struct volume_key *vk); +int crypt_volume_key_set_description(struct volume_key *key, const char *key_description); +void crypt_volume_key_set_id(struct volume_key *vk, int id); +int crypt_volume_key_get_id(const struct volume_key *vk); +void crypt_volume_key_add_next(struct volume_key **vks, struct volume_key *vk); +struct volume_key *crypt_volume_key_next(struct volume_key *vk); +struct volume_key *crypt_volume_key_by_id(struct volume_key *vk, int id); + +struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd); +int init_pbkdf_type(struct crypt_device *cd, + const struct crypt_pbkdf_type *pbkdf, + const char *dev_type); +int verify_pbkdf_params(struct crypt_device *cd, + const struct crypt_pbkdf_type *pbkdf); +int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, + struct crypt_pbkdf_type *pbkdf, + size_t volume_key_size); +const char *crypt_get_cipher_spec(struct crypt_device *cd); /* Device backend */ struct device; -int device_alloc(struct device **device, const char *path); -void device_free(struct device *device); +int device_alloc(struct crypt_device *cd, struct device **device, const char *path); +int device_alloc_no_check(struct device **device, const char *path); +void device_close(struct crypt_device *cd, struct device *device); +void device_free(struct crypt_device *cd, struct device *device); const char *device_path(const struct device *device); +const char *device_dm_name(const struct device *device); const char *device_block_path(const struct device *device); -void device_topology_alignment(struct device *device, - unsigned long *required_alignment, /* bytes */ - unsigned long *alignment_offset, /* bytes */ - unsigned long default_alignment); -int device_block_size(struct device *device); +void device_topology_alignment(struct crypt_device *cd, + struct device *device, + unsigned long *required_alignment, /* bytes */ + unsigned long *alignment_offset, /* bytes */ + unsigned long default_alignment); +size_t device_block_size(struct crypt_device *cd, struct device *device); int device_read_ahead(struct device *device, uint32_t *read_ahead); int device_size(struct device *device, uint64_t *size); -int device_open(struct device *device, int flags); +int device_open(struct crypt_device *cd, struct device *device, int flags); +int device_open_excl(struct crypt_device *cd, struct device *device, int flags); +void device_release_excl(struct crypt_device *cd, struct device *device); +void device_disable_direct_io(struct device *device); +int device_is_identical(struct device *device1, struct device *device2); +int device_is_rotational(struct device *device); +size_t device_alignment(struct device *device); +int device_direct_io(const struct device *device); +int device_fallocate(struct device *device, uint64_t size); +void device_sync(struct crypt_device *cd, struct device *device); +int device_check_size(struct crypt_device *cd, + struct device *device, + uint64_t req_offset, int falloc); + +int device_open_locked(struct crypt_device *cd, struct device *device, int flags); +int device_read_lock(struct crypt_device *cd, struct device *device); +int device_write_lock(struct crypt_device *cd, struct device *device); +void device_read_unlock(struct crypt_device *cd, struct device *device); +void device_write_unlock(struct crypt_device *cd, struct device *device); +bool device_is_locked(struct device *device); -enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 }; +enum devcheck { DEV_OK = 0, DEV_EXCL = 1 }; +int device_check_access(struct crypt_device *cd, + struct device *device, + enum devcheck device_check); int device_block_adjust(struct crypt_device *cd, struct device *device, enum devcheck device_check, uint64_t device_offset, uint64_t *size, uint32_t *flags); -size_t size_round_up(size_t size, unsigned int block); +size_t size_round_up(size_t size, size_t block); + +int create_or_reload_device(struct crypt_device *cd, const char *name, + const char *type, struct crypt_dm_active_device *dmd); + +int create_or_reload_device_with_integrity(struct crypt_device *cd, const char *name, + const char *type, struct crypt_dm_active_device *dmd, + struct crypt_dm_active_device *dmdi); /* Receive backend devices from context helpers */ struct device *crypt_metadata_device(struct crypt_device *cd); @@ -97,16 +183,18 @@ int crypt_dev_is_partition(const char *dev_path); char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t size); char *crypt_get_base_device(const char *dev_path); uint64_t crypt_dev_partition_offset(const char *dev_path); +int lookup_by_disk_id(const char *dm_uuid); +int lookup_by_sysfs_uuid_field(const char *dm_uuid, size_t max_len); +int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid); -ssize_t write_blockwise(int fd, int bsize, void *buf, size_t count); -ssize_t read_blockwise(int fd, int bsize, void *_buf, size_t count); -ssize_t write_lseek_blockwise(int fd, int bsize, char *buf, size_t count, off_t offset); +size_t crypt_getpagesize(void); +unsigned crypt_cpusonline(void); +uint64_t crypt_getphysmemory_kb(void); -unsigned crypt_getpagesize(void); int init_crypto(struct crypt_device *ctx); -void logger(struct crypt_device *cd, int class, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6))); -#define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x) +void logger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6))); +#define log_dbg(c, x...) logger(c, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x) #define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x) #define log_verbose(c, x...) logger(c, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x) #define log_err(c, x...) logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x) @@ -116,12 +204,14 @@ int crypt_get_debug_level(void); int crypt_memlock_inc(struct crypt_device *ctx); int crypt_memlock_dec(struct crypt_device *ctx); +int crypt_metadata_locking_enabled(void); + int crypt_random_init(struct crypt_device *ctx); int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality); void crypt_random_exit(void); int crypt_random_default_key_rng(void); -int crypt_plain_hash(struct crypt_device *ctx, +int crypt_plain_hash(struct crypt_device *cd, const char *hash_name, char *key, size_t key_size, const char *passphrase, size_t passphrase_size); @@ -131,23 +221,49 @@ int PLAIN_activate(struct crypt_device *cd, uint64_t size, uint32_t flags); -/** - * Different methods used to erase sensitive data concerning - * either encrypted payload area or master key inside keyslot - * area - */ -typedef enum { - CRYPT_WIPE_ZERO, /**< overwrite area using zero blocks */ - CRYPT_WIPE_DISK, /**< erase disk (using Gutmann method if it is rotational disk)*/ - CRYPT_WIPE_SSD, /**< erase solid state disk (random write) */ - CRYPT_WIPE_RANDOM /**< overwrite area using some up to now unspecified - * random algorithm */ -} crypt_wipe_type; - -int crypt_wipe(struct device *device, - uint64_t offset, - uint64_t sectors, - crypt_wipe_type type, - int flags); +void *crypt_get_hdr(struct crypt_device *cd, const char *type); +void crypt_set_reenc_context(struct crypt_device *cd, struct luks2_reenc_context *rh); +struct luks2_reenc_context *crypt_get_reenc_context(struct crypt_device *cd); + +int onlyLUKS2(struct crypt_device *cd); +int onlyLUKS2mask(struct crypt_device *cd, uint32_t mask); + +int crypt_wipe_device(struct crypt_device *cd, + struct device *device, + crypt_wipe_pattern pattern, + uint64_t offset, + uint64_t length, + size_t wipe_block_size, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr), + void *usrptr); + +/* Internal integrity helpers */ +const char *crypt_get_integrity(struct crypt_device *cd); +int crypt_get_integrity_key_size(struct crypt_device *cd); +int crypt_get_integrity_tag_size(struct crypt_device *cd); + +int crypt_key_in_keyring(struct crypt_device *cd); +void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring); +int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk); +int crypt_use_keyring_for_vk(struct crypt_device *cd); +void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype); +void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks); + +static inline uint64_t version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release) +{ + return (uint64_t)release | ((uint64_t)patch << 16) | ((uint64_t)minor << 32) | ((uint64_t)major << 48); +} + +int kernel_version(uint64_t *kversion); + +int crypt_serialize_lock(struct crypt_device *cd); +void crypt_serialize_unlock(struct crypt_device *cd); + +bool crypt_string_in(const char *str, char **list, size_t list_size); +int crypt_strcmp(const char *a, const char *b); +int crypt_compare_dm_devices(struct crypt_device *cd, + const struct crypt_dm_active_device *src, + const struct crypt_dm_active_device *tgt); +static inline void *crypt_zalloc(size_t size) { return calloc(1, size); } #endif /* INTERNAL_H */ diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index 21b91dd..bfb0ca1 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -1,10 +1,10 @@ /* * libcryptsetup - cryptsetup library * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2015, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -38,10 +38,17 @@ extern "C" { #include #include +/** + * @defgroup crypt-init Cryptsetup device context initialization + * Set of functions for creating and destroying @e crypt_device context + * @addtogroup crypt-init + * @{ + */ + struct crypt_device; /* crypt device handle */ /** - * Initialize crypt device handle and check if provided device exists. + * Initialize crypt device handle and check if the provided device exists. * * @param cd Returns pointer to crypt device handle * @param device Path to the backing device. @@ -52,12 +59,29 @@ struct crypt_device; /* crypt device handle */ * * @return @e 0 on success or negative errno value otherwise. * - * @note Note that logging is not initialized here, possible messages uses + * @note Note that logging is not initialized here, possible messages use * default log function. */ int crypt_init(struct crypt_device **cd, const char *device); /** + * Initialize crypt device handle with optional data device and check + * if devices exist. + * + * @param cd Returns pointer to crypt device handle + * @param device Path to the backing device or detached header. + * @param data_device Path to the data device or @e NULL. + * + * @return @e 0 on success or negative errno value otherwise. + * + * @note Note that logging is not initialized here, possible messages use + * default log function. + */ +int crypt_init_data_device(struct crypt_device **cd, + const char *device, + const char *data_device); + +/** * Initialize crypt device handle from provided active device name, * and, optionally, from separate metadata (header) device * and check if provided device exists. @@ -77,8 +101,8 @@ int crypt_init(struct crypt_device **cd, const char *device); * crypt_init_by_name_and_header(cd, name, NULL); */ int crypt_init_by_name_and_header(struct crypt_device **cd, - const char *name, - const char *header_device); + const char *name, + const char *header_device); /** * This is equivalent to call @@ -89,15 +113,71 @@ int crypt_init_by_name_and_header(struct crypt_device **cd, int crypt_init_by_name(struct crypt_device **cd, const char *name); /** - * @defgroup loglevel Cryptsetup logging + * Release crypt device context and used memory. * - * Set of functions and defines used in cryptsetup for - * logging purposes + * @param cd crypt device handle + */ +void crypt_free(struct crypt_device *cd); + +/** + * Set confirmation callback (yes/no). + * + * If code need confirmation (like resetting uuid or restoring LUKS header from file) + * this function is called. If not defined, everything is confirmed. + * + * Callback function @e confirm should return @e 0 if operation is declined, + * other values mean accepted. + * + * @param cd crypt device handle + * @param confirm user defined confirm callback reference + * @param usrptr provided identification in callback + * @param msg Message for user to confirm * + * @note Current version of cryptsetup API requires confirmation for UUID change and + * LUKS header restore only. */ +void crypt_set_confirm_callback(struct crypt_device *cd, + int (*confirm)(const char *msg, void *usrptr), + void *usrptr); + +/** + * Set data device + * For LUKS it is encrypted data device when LUKS header is separated. + * For VERITY it is data device when hash device is separated. + * + * @param cd crypt device handle + * @param device path to device + * + * @returns 0 on success or negative errno value otherwise. + */ +int crypt_set_data_device(struct crypt_device *cd, const char *device); + +/** + * Set data device offset in 512-byte sectors. + * Used for LUKS. + * This function is replacement for data alignment fields in LUKS param struct. + * If set to 0 (default), old behaviour is preserved. + * This value is reset on @link crypt_load @endlink. + * + * @param cd crypt device handle + * @param data_offset data offset in bytes + * + * @returns 0 on success or negative errno value otherwise. + * + * @note Data offset must be aligned to multiple of 8 (alignment to 4096-byte sectors) + * and must be big enough to accommodate the whole LUKS header with all keyslots. + * @note Data offset is enforced by this function, device topology + * information is no longer used after calling this function. + */ +int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset); + +/** @} */ /** - * @addtogroup loglevel + * @defgroup crypt-log Cryptsetup logging + * Set of functions and defines used in cryptsetup for + * logging purposes + * @addtogroup crypt-log * @{ */ @@ -109,6 +189,8 @@ int crypt_init_by_name(struct crypt_device **cd, const char *name); #define CRYPT_LOG_VERBOSE 2 /** debug log level - always on stdout */ #define CRYPT_LOG_DEBUG -1 +/** debug log level - additional JSON output (for LUKS2) */ +#define CRYPT_LOG_DEBUG_JSON -2 /** * Set log function. @@ -136,145 +218,121 @@ void crypt_log(struct crypt_device *cd, int level, const char *msg); /** @} */ /** - * Set confirmation callback (yes/no) - * - * If code need confirmation (like resetting uuid or restoring LUKS header from file) - * this function is called. If not defined, everything is confirmed. - * - * Callback function @e confirm should return @e 0 if operation is declined, - * other values mean accepted. - * - * @param cd crypt device handle - * @param confirm user defined confirm callback reference - * @param usrptr provided identification in callback - * @param msg Message for user to confirm - * - * @note Current version of cryptsetup API requires confirmation only when UUID is being changed + * @defgroup crypt-set Cryptsetup settings (RNG, PBKDF, locking) + * @addtogroup crypt-set + * @{ */ -void crypt_set_confirm_callback(struct crypt_device *cd, - int (*confirm)(const char *msg, void *usrptr), - void *usrptr); -/** - * Set password query callback. - * - * If code need @e _interactive_ query for password, this callback is called. - * If not defined, compiled-in default is called (uses terminal input). - * - * Callback should return length of password in buffer - * or negative errno value in case of error. - * - * @param cd crypt device handle - * @param password user defined password callback reference - * @param usrptr provided identification in callback - * @param msg Message for user - * @param buf buffer for password - * @param length size of buffer - * - * @note Note that if this function is defined, verify option is ignored - * (caller which provided callback is responsible for password verification) - * @note Only zero terminated passwords can be entered this way, for complex - * use API functions directly. - * @note Maximal length of password is limited to @e length @e - @e 1 (minimal 511 chars) - * @note Internal compiled-in terminal input is DEPRECATED and will be removed - * in future versions. - * - * @see Callback function is used in these call provided, that certain conditions are met: - * @li crypt_keyslot_add_by_passphrase - * @li crypt_activate_by_passphrase - * @li crypt_resume_by_passphrase - * @li crypt_resume_by_keyfile - * @li crypt_keyslot_add_by_keyfile - * @li crypt_keyslot_add_by_volume_key - * - */ -void crypt_set_password_callback(struct crypt_device *cd, - int (*password)(const char *msg, char *buf, size_t length, void *usrptr), - void *usrptr); +/** CRYPT_RNG_URANDOM - use /dev/urandom */ +#define CRYPT_RNG_URANDOM 0 +/** CRYPT_RNG_RANDOM - use /dev/random (waits if no entropy in system) */ +#define CRYPT_RNG_RANDOM 1 /** - * Set timeout for interactive password entry using default - * password callback + * Set which RNG (random number generator) is used for generating long term key * * @param cd crypt device handle - * @param timeout_sec timeout in seconds + * @param rng_type kernel random number generator to use + * */ -void crypt_set_timeout(struct crypt_device *cd, uint64_t timeout_sec); +void crypt_set_rng_type(struct crypt_device *cd, int rng_type); /** - * Set number of retries in case password input has been incorrect + * Get which RNG (random number generator) is used for generating long term key. * * @param cd crypt device handle - * @param tries the number + * @return RNG type on success or negative errno value otherwise. + * */ -void crypt_set_password_retry(struct crypt_device *cd, int tries); +int crypt_get_rng_type(struct crypt_device *cd); /** - * Set how long should cryptsetup iterate in PBKDF2 function. - * Default value heads towards the iterations which takes around 1 second - * - * @param cd crypt device handle - * @param iteration_time_ms the time in ms + * PBKDF parameters. */ -void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms); -/* Don't ask :-) */ -void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms); +struct crypt_pbkdf_type { + const char *type; /**< PBKDF algorithm */ + const char *hash; /**< Hash algorithm */ + uint32_t time_ms; /**< Requested time cost [milliseconds] */ + uint32_t iterations; /**< Iterations, 0 or benchmarked value. */ + uint32_t max_memory_kb; /**< Requested or benchmarked memory cost [kilobytes] */ + uint32_t parallel_threads;/**< Requested parallel cost [threads] */ + uint32_t flags; /**< CRYPT_PBKDF* flags */ +}; + +/** Iteration time set by crypt_set_iteration_time(), for compatibility only. */ +#define CRYPT_PBKDF_ITER_TIME_SET (1 << 0) +/** Never run benchmarks, use pre-set value or defaults. */ +#define CRYPT_PBKDF_NO_BENCHMARK (1 << 1) + +/** PBKDF2 according to RFC2898, LUKS1 legacy */ +#define CRYPT_KDF_PBKDF2 "pbkdf2" +/** Argon2i according to RFC */ +#define CRYPT_KDF_ARGON2I "argon2i" +/** Argon2id according to RFC */ +#define CRYPT_KDF_ARGON2ID "argon2id" /** - * Set whether passphrase will be verified on input - * (user has to input same passphrase twice) + * Set default PBKDF (Password-Based Key Derivation Algorithm) for next keyslot + * about to get created with any crypt_keyslot_add_*() call. * * @param cd crypt device handle - * @param password_verify @e 0 = false, @e !0 true + * @param pbkdf PBKDF parameters + * + * @return 0 on success or negative errno value otherwise. + * + * @note For LUKS1, only PBKDF2 is supported, other settings will be rejected. + * @note For non-LUKS context types the call succeeds, but PBKDF is not used. */ -void crypt_set_password_verify(struct crypt_device *cd, int password_verify); +int crypt_set_pbkdf_type(struct crypt_device *cd, + const struct crypt_pbkdf_type *pbkdf); /** - * Set data device - * For LUKS it is encrypted data device when LUKS header is separated. - * For VERITY it is data device when hash device is separated. + * Get PBKDF (Password-Based Key Derivation Algorithm) parameters. * - * @param cd crypt device handle - * @param device path to device + * @param pbkdf_type type of PBKDF + * + * @return struct on success or NULL value otherwise. * */ -int crypt_set_data_device(struct crypt_device *cd, const char *device); +const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_type); /** - * @defgroup rng Cryptsetup RNG + * Get default PBKDF (Password-Based Key Derivation Algorithm) settings for keyslots. + * Works only with LUKS device handles (both versions). * - * @addtogroup rng - * @{ + * @param type type of device (see @link crypt-type @endlink) + * + * @return struct on success or NULL value otherwise. * */ - -/** CRYPT_RNG_URANDOM - use /dev/urandom */ -#define CRYPT_RNG_URANDOM 0 -/** CRYPT_RNG_RANDOM - use /dev/random (waits if no entropy in system) */ -#define CRYPT_RNG_RANDOM 1 +const struct crypt_pbkdf_type *crypt_get_pbkdf_default(const char *type); /** - * Set which RNG (random number generator) is used for generating long term key + * Get current PBKDF (Password-Based Key Derivation Algorithm) settings for keyslots. + * Works only with LUKS device handles (both versions). * * @param cd crypt device handle - * @param rng_type kernel random number generator to use + * + * @return struct on success or NULL value otherwise. * */ -void crypt_set_rng_type(struct crypt_device *cd, int rng_type); +const struct crypt_pbkdf_type *crypt_get_pbkdf_type(struct crypt_device *cd); /** - * Get which RNG (random number generator) is used for generating long term key + * Set how long should cryptsetup iterate in PBKDF2 function. + * Default value heads towards the iterations which takes around 1 second. + * \b Deprecated, only for backward compatibility. + * Use @link crypt_set_pbkdf_type @endlink. * * @param cd crypt device handle - * @return RNG type on success or negative errno value otherwise. + * @param iteration_time_ms the time in ms * + * @note If the time value is not acceptable for active PBKDF, value is quietly ignored. */ -int crypt_get_rng_type(struct crypt_device *cd); - -/** @} */ +void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms); /** - * Helper to lock/unlock memory to avoid swap sensitive data to disk + * Helper to lock/unlock memory to avoid swap sensitive data to disk. * * @param cd crypt device handle, can be @e NULL * @param lock 0 to unlock otherwise lock memory @@ -287,14 +345,58 @@ int crypt_get_rng_type(struct crypt_device *cd); int crypt_memory_lock(struct crypt_device *cd, int lock); /** - * @defgroup crypt_type Cryptsetup on-disk format types + * Set global lock protection for on-disk metadata (file-based locking). * - * Set of functions, \#defines and structs related - * to on-disk format types + * @param cd crypt device handle, can be @e NULL + * @param enable 0 to disable locking otherwise enable it (default) + * + * @returns @e 0 on success or negative errno value otherwise. + * + * @note Locking applied only for some metadata formats (LUKS2). + * @note The switch is global on the library level. + * In current version locking can be only switched off and cannot be switched on later. + */ +int crypt_metadata_locking(struct crypt_device *cd, int enable); + +/** + * Set metadata header area sizes. This applies only to LUKS2. + * These values limit amount of metadata anf number of supportable keyslots. + * + * @param cd crypt device handle, can be @e NULL + * @param metadata_size size in bytes of JSON area + 4k binary header + * @param keyslots_size size in bytes of binary keyslots area + * + * @returns @e 0 on success or negative errno value otherwise. + * + * @note The metadata area is stored twice and both copies contain 4k binary header. + * Only 16,32,64,128,256,512,1024,2048 and 4096 kB value is allowed (see LUKS2 specification). + * @note Keyslots area size must be multiple of 4k with maximum 128MB. + */ +int crypt_set_metadata_size(struct crypt_device *cd, + uint64_t metadata_size, + uint64_t keyslots_size); + +/** + * Get metadata header area sizes. This applies only to LUKS2. + * These values limit amount of metadata anf number of supportable keyslots. + * + * @param cd crypt device handle + * @param metadata_size size in bytes of JSON area + 4k binary header + * @param keyslots_size size in bytes of binary keyslots area + * + * @returns @e 0 on success or negative errno value otherwise. */ +int crypt_get_metadata_size(struct crypt_device *cd, + uint64_t *metadata_size, + uint64_t *keyslots_size); + +/** @} */ /** - * @addtogroup crypt_type + * @defgroup crypt-type Cryptsetup on-disk format types + * Set of functions, \#defines and structs related + * to on-disk format types + * @addtogroup crypt-type * @{ */ @@ -302,12 +404,21 @@ int crypt_memory_lock(struct crypt_device *cd, int lock); #define CRYPT_PLAIN "PLAIN" /** LUKS version 1 header on-disk */ #define CRYPT_LUKS1 "LUKS1" +/** LUKS version 2 header on-disk */ +#define CRYPT_LUKS2 "LUKS2" /** loop-AES compatibility mode */ #define CRYPT_LOOPAES "LOOPAES" /** dm-verity mode */ #define CRYPT_VERITY "VERITY" /** TCRYPT (TrueCrypt-compatible and VeraCrypt-compatible) mode */ #define CRYPT_TCRYPT "TCRYPT" +/** INTEGRITY dm-integrity device */ +#define CRYPT_INTEGRITY "INTEGRITY" +/** BITLK (BitLocker-compatible mode) */ +#define CRYPT_BITLK "BITLK" + +/** LUKS any version */ +#define CRYPT_LUKS NULL /** * Get device type @@ -318,20 +429,28 @@ int crypt_memory_lock(struct crypt_device *cd, int lock); const char *crypt_get_type(struct crypt_device *cd); /** + * Get device default LUKS type + * + * @return string according to device type (CRYPT_LUKS1 or CRYPT_LUKS2). + */ +const char *crypt_get_default_type(void); + +/** * - * Structure used as parameter for PLAIN device type + * Structure used as parameter for PLAIN device type. * * @see crypt_format */ struct crypt_params_plain { - const char *hash; /**< password hash function */ - uint64_t offset; /**< offset in sectors */ - uint64_t skip; /**< IV offset / initialization sector */ - uint64_t size; /**< size of mapped device or @e 0 for autodetection */ + const char *hash; /**< password hash function */ + uint64_t offset; /**< offset in sectors */ + uint64_t skip; /**< IV offset / initialization sector */ + uint64_t size; /**< size of mapped device or @e 0 for autodetection */ + uint32_t sector_size; /**< sector size in bytes (@e 0 means 512 for compatibility) */ }; /** - * Structure used as parameter for LUKS device type + * Structure used as parameter for LUKS device type. * * @see crypt_format, crypt_load * @@ -340,14 +459,14 @@ struct crypt_params_plain { * */ struct crypt_params_luks1 { - const char *hash; /**< hash used in LUKS header */ - size_t data_alignment; /**< data alignment in sectors, data offset is multiple of this */ + const char *hash; /**< hash used in LUKS header */ + size_t data_alignment; /**< data area alignment in 512B sectors, data offset is multiple of this */ const char *data_device; /**< detached encrypted data device or @e NULL */ }; /** * - * Structure used as parameter for loop-AES device type + * Structure used as parameter for loop-AES device type. * * @see crypt_format * @@ -360,7 +479,7 @@ struct crypt_params_loopaes { /** * - * Structure used as parameter for dm-verity device type + * Structure used as parameter for dm-verity device type. * * @see crypt_format, crypt_load * @@ -369,6 +488,7 @@ struct crypt_params_verity { const char *hash_name; /**< hash function */ const char *data_device; /**< data_device (CRYPT_VERITY_CREATE_HASH) */ const char *hash_device; /**< hash_device (output only) */ + const char *fec_device; /**< fec_device (output only) */ const char *salt; /**< salt */ uint32_t salt_size; /**< salt size (in bytes) */ uint32_t hash_type; /**< in-kernel hashing type */ @@ -376,6 +496,8 @@ struct crypt_params_verity { uint32_t hash_block_size; /**< hash block size (in bytes) */ uint64_t data_size; /**< data area size (in data blocks) */ uint64_t hash_area_offset; /**< hash/header offset (in bytes) */ + uint64_t fec_area_offset; /**< FEC/header offset (in bytes) */ + uint32_t fec_roots; /**< Reed-Solomon FEC roots */ uint32_t flags; /**< CRYPT_VERITY* flags */ }; @@ -385,10 +507,12 @@ struct crypt_params_verity { #define CRYPT_VERITY_CHECK_HASH (1 << 1) /** Create hash - format hash device */ #define CRYPT_VERITY_CREATE_HASH (1 << 2) +/** Root hash signature required for activation */ +#define CRYPT_VERITY_ROOT_HASH_SIGNATURE (1 << 3) /** * - * Structure used as parameter for TCRYPT device type + * Structure used as parameter for TCRYPT device type. * * @see crypt_load * @@ -403,9 +527,10 @@ struct crypt_params_tcrypt { const char *mode; /**< cipher block mode */ size_t key_size; /**< key size in bytes (the whole chain) */ uint32_t flags; /**< CRYPT_TCRYPT* flags */ + uint32_t veracrypt_pim; /**< VeraCrypt Personal Iteration Multiplier */ }; -/** Include legacy modes when scanning for header*/ +/** Include legacy modes when scanning for header */ #define CRYPT_TCRYPT_LEGACY_MODES (1 << 0) /** Try to load hidden header (describing hidden device) */ #define CRYPT_TCRYPT_HIDDEN_HEADER (1 << 1) @@ -419,10 +544,67 @@ struct crypt_params_tcrypt { */ #define CRYPT_TCRYPT_VERA_MODES (1 << 4) +/** + * + * Structure used as parameter for dm-integrity device type. + * + * @see crypt_format, crypt_load + * + * @note In bitmap tracking mode, the journal is implicitly disabled. + * As an ugly workaround for compatibility, journal_watermark is overloaded + * to mean 512-bytes sectors-per-bit and journal_commit_time means bitmap flush time. + * All other journal parameters are not applied in the bitmap mode. + */ +struct crypt_params_integrity { + uint64_t journal_size; /**< size of journal in bytes */ + unsigned int journal_watermark; /**< journal flush watermark in percents; in bitmap mode sectors-per-bit */ + unsigned int journal_commit_time; /**< journal commit time (or bitmap flush time) in ms */ + uint32_t interleave_sectors; /**< number of interleave sectors (power of two) */ + uint32_t tag_size; /**< tag size per-sector in bytes */ + uint32_t sector_size; /**< sector size in bytes */ + uint32_t buffer_sectors; /**< number of sectors in one buffer */ + const char *integrity; /**< integrity algorithm, NULL for LUKS2 */ + uint32_t integrity_key_size; /**< integrity key size in bytes, info only, 0 for LUKS2 */ + + const char *journal_integrity; /**< journal integrity algorithm */ + const char *journal_integrity_key; /**< journal integrity key, only for crypt_load */ + uint32_t journal_integrity_key_size; /**< journal integrity key size in bytes, only for crypt_load */ + + const char *journal_crypt; /**< journal encryption algorithm */ + const char *journal_crypt_key; /**< journal crypt key, only for crypt_load */ + uint32_t journal_crypt_key_size; /**< journal crypt key size in bytes, only for crypt_load */ +}; + +/** + * Structure used as parameter for LUKS2 device type. + * + * @see crypt_format, crypt_load + * + * @note during crypt_format @e data_device attribute determines + * if the LUKS2 header is separated from encrypted payload device + * + */ +struct crypt_params_luks2 { + const struct crypt_pbkdf_type *pbkdf; /**< PBKDF (and hash) parameters or @e NULL*/ + const char *integrity; /**< integrity algorithm or @e NULL */ + const struct crypt_params_integrity *integrity_params; /**< Data integrity parameters or @e NULL*/ + size_t data_alignment; /**< data area alignment in 512B sectors, data offset is multiple of this */ + const char *data_device; /**< detached encrypted data device or @e NULL */ + uint32_t sector_size; /**< encryption sector size */ + const char *label; /**< header label or @e NULL*/ + const char *subsystem; /**< header subsystem label or @e NULL*/ +}; /** @} */ /** - * Create (format) new crypt device (and possible header on-disk) but not activates it. + * @defgroup crypt-actions Cryptsetup device context actions + * Set of functions for formatting and manipulating with specific crypt_type + * @addtogroup crypt-actions + * @{ + */ + +/** + * Create (format) new crypt device (and possible header on-disk) but do not activate it. * * @pre @e cd contains initialized and not formatted device context (device type must @b not be set) * @@ -433,13 +615,13 @@ struct crypt_params_tcrypt { * @param uuid requested UUID or @e NULL if it should be generated * @param volume_key pre-generated volume key or @e NULL if it should be generated (only for LUKS) * @param volume_key_size size of volume key in bytes. - * @param params crypt type specific parameters (see @link crypt_type @endlink) + * @param params crypt type specific parameters (see @link crypt-type @endlink) * * @returns @e 0 on success or negative errno value otherwise. * - * @note Note that crypt_format does not enable any keyslot (in case of work with LUKS device), - * but it stores volume key internally and subsequent crypt_keyslot_add_* calls can be used. - * @note For VERITY @link crypt_type @endlink, only uuid parameter is used, others paramaters + * @note Note that crypt_format does not create LUKS keyslot (any version). To create keyslot + * call any crypt_keyslot_add_* function. + * @note For VERITY @link crypt-type @endlink, only uuid parameter is used, other parameters * are ignored and verity specific attributes are set through mandatory params option. */ int crypt_format(struct crypt_device *cd, @@ -452,7 +634,49 @@ int crypt_format(struct crypt_device *cd, void *params); /** - * Set new UUID for already existing device + * Set format compatibility flags. + * + * @param cd crypt device handle + * @param flags CRYPT_COMPATIBILITY_* flags + */ +void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags); + +/** + * Get compatibility flags. + * + * @param cd crypt device handle + * + * @returns compatibility flags + */ +uint32_t crypt_get_compatibility(struct crypt_device *cd); + +/** dm-integrity device uses less effective (legacy) padding (old kernels) */ +#define CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING (1 << 0) + +/** + * Convert to new type for already existing device. + * + * @param cd crypt device handle + * @param type type of device (optional params struct must be of this type) + * @param params crypt type specific parameters (see @link crypt-type @endlink) + * + * @returns 0 on success or negative errno value otherwise. + * + * @note Currently, only LUKS1->LUKS2 and LUKS2->LUKS1 conversions are supported. + * Not all LUKS2 devices may be converted back to LUKS1. To make such a conversion + * possible all active LUKS2 keyslots must be in LUKS1 compatible mode (i.e. pbkdf + * type must be PBKDF2) and device cannot be formatted with any authenticated + * encryption mode. + * + * @note Device must be offline for conversion. UUID change is not possible for active + * devices. + */ +int crypt_convert(struct crypt_device *cd, + const char *type, + void *params); + +/** + * Set new UUID for already existing device. * * @param cd crypt device handle * @param uuid requested UUID or @e NULL if it should be generated @@ -462,14 +686,48 @@ int crypt_format(struct crypt_device *cd, * @note Currently, only LUKS device type are supported */ int crypt_set_uuid(struct crypt_device *cd, - const char *uuid); + const char *uuid); + +/** + * Set new labels (label and subsystem) for already existing device. + * + * @param cd crypt device handle + * @param label requested label or @e NULL + * @param subsystem requested subsystem label or @e NULL + * + * @returns 0 on success or negative errno value otherwise. + * + * @note Currently, only LUKS2 device type is supported + */ +int crypt_set_label(struct crypt_device *cd, + const char *label, + const char *subsystem); + +/** + * Enable or disable loading of volume keys via kernel keyring. When set to + * 'enabled' library loads key in kernel keyring first and pass the key + * description to dm-crypt instead of binary key copy. If set to 'disabled' + * library fallbacks to old method of loading volume key directly in + * dm-crypt target. + * + * @param cd crypt device handle, can be @e NULL + * @param enable 0 to disable loading of volume keys via kernel keyring + * (classical method) otherwise enable it (default) + * + * @returns @e 0 on success or negative errno value otherwise. + * + * @note Currently loading of volume keys via kernel keyring is supported + * (and enabled by default) only for LUKS2 devices. + * @note The switch is global on the library level. + */ +int crypt_volume_key_keyring(struct crypt_device *cd, int enable); /** - * Load crypt device parameters from on-disk header + * Load crypt device parameters from on-disk header. * * @param cd crypt device handle - * @param requested_type @link crypt_type @endlink or @e NULL for all known - * @param params crypt type specific parameters (see @link crypt_type @endlink) + * @param requested_type @link crypt-type @endlink or @e NULL for all known + * @param params crypt type specific parameters (see @link crypt-type @endlink) * * @returns 0 on success or negative errno value otherwise. * @@ -480,38 +738,51 @@ int crypt_set_uuid(struct crypt_device *cd, * */ int crypt_load(struct crypt_device *cd, - const char *requested_type, - void *params); + const char *requested_type, + void *params); /** - * Try to repair crypt device on-disk header if invalid + * Try to repair crypt device LUKS on-disk header if invalid. * * @param cd crypt device handle - * @param requested_type @link crypt_type @endlink or @e NULL for all known - * @param params crypt type specific parameters (see @link crypt_type @endlink) + * @param requested_type @link crypt-type @endlink or @e NULL for all known + * @param params crypt type specific parameters (see @link crypt-type @endlink) * * @returns 0 on success or negative errno value otherwise. * + * @note For LUKS2 device crypt_repair bypass blkid checks and + * perform auto-recovery even though there're third party device + * signatures found by blkid probes. Currently the crypt_repair on LUKS2 + * works only if exactly one header checksum does not match or exactly + * one header is missing. */ int crypt_repair(struct crypt_device *cd, - const char *requested_type, - void *params); + const char *requested_type, + void *params); /** - * Resize crypt device + * Resize crypt device. * * @param cd - crypt device handle * @param name - name of device to resize * @param new_size - new device size in sectors or @e 0 to use all of the underlying device size * * @return @e 0 on success or negative errno value otherwise. + * + * @note Most notably it returns -EPERM when device was activated with volume key + * in kernel keyring and current device handle (context) doesn't have verified key + * loaded in kernel. To load volume key for already active device use any of + * @link crypt_activate_by_passphrase @endlink, @link crypt_activate_by_keyfile @endlink, + * @link crypt_activate_by_keyfile_offset @endlink, @link crypt_activate_by_volume_key @endlink, + * @link crypt_activate_by_keyring @endlink or @link crypt_activate_by_token @endlink with flag + * @e CRYPT_ACTIVATE_KEYRING_KEY raised and @e name parameter set to @e NULL. */ int crypt_resize(struct crypt_device *cd, - const char *name, - uint64_t new_size); + const char *name, + uint64_t new_size); /** - * Suspends crypt device. + * Suspend crypt device. * * @param cd crypt device handle, can be @e NULL * @param name name of device to suspend @@ -522,23 +793,21 @@ int crypt_resize(struct crypt_device *cd, * */ int crypt_suspend(struct crypt_device *cd, - const char *name); + const char *name); /** - * Resumes crypt device using passphrase. + * Resume crypt device using passphrase. * * * @param cd crypt device handle * @param name name of device to resume * @param keyslot requested keyslot or CRYPT_ANY_SLOT - * @param passphrase passphrase used to unlock volume key, @e NULL for query + * @param passphrase passphrase used to unlock volume key * @param passphrase_size size of @e passphrase (binary data) * * @return unlocked key slot number or negative errno otherwise. * * @note Only LUKS device type is supported - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_resume_by_passphrase(struct crypt_device *cd, const char *name, @@ -547,19 +816,26 @@ int crypt_resume_by_passphrase(struct crypt_device *cd, size_t passphrase_size); /** - * Resumes crypt device using key file. + * Resume crypt device using key file. * * @param cd crypt device handle * @param name name of device to resume * @param keyslot requested keyslot or CRYPT_ANY_SLOT - * @param keyfile key file used to unlock volume key, @e NULL for passphrase query + * @param keyfile key file used to unlock volume key * @param keyfile_size number of bytes to read from keyfile, 0 is unlimited * @param keyfile_offset number of bytes to skip at start of keyfile * * @return unlocked key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. + */ +int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset); + +/** + * Backward compatible crypt_resume_by_keyfile_device_offset() (with size_t offset). */ int crypt_resume_by_keyfile_offset(struct crypt_device *cd, const char *name, @@ -567,48 +843,53 @@ int crypt_resume_by_keyfile_offset(struct crypt_device *cd, const char *keyfile, size_t keyfile_size, size_t keyfile_offset); + /** - * Backward compatible crypt_resume_by_keyfile_offset() (without offset). + * Backward compatible crypt_resume_by_keyfile_device_offset() (without offset). */ int crypt_resume_by_keyfile(struct crypt_device *cd, const char *name, int keyslot, const char *keyfile, size_t keyfile_size); - /** - * Releases crypt device context and used memory. + * Resume crypt device using provided volume key. * * @param cd crypt device handle + * @param name name of device to resume + * @param volume_key provided volume key + * @param volume_key_size size of volume_key + * + * @return @e 0 on success or negative errno value otherwise. */ -void crypt_free(struct crypt_device *cd); +int crypt_resume_by_volume_key(struct crypt_device *cd, + const char *name, + const char *volume_key, + size_t volume_key_size); +/** @} */ /** - * @defgroup keyslot Cryptsetup LUKS keyslots - * @addtogroup keyslot + * @defgroup crypt-keyslot LUKS keyslots + * @addtogroup crypt-keyslot * @{ - * */ /** iterate through all keyslots and find first one that fits */ #define CRYPT_ANY_SLOT -1 /** - * Add key slot using provided passphrase + * Add key slot using provided passphrase. * * @pre @e cd contains initialized and formatted LUKS device context * * @param cd crypt device handle * @param keyslot requested keyslot or @e CRYPT_ANY_SLOT - * @param passphrase passphrase used to unlock volume key, @e NULL for query + * @param passphrase passphrase used to unlock volume key * @param passphrase_size size of passphrase (binary data) - * @param new_passphrase passphrase for new keyslot, @e NULL for query + * @param new_passphrase passphrase for new keyslot * @param new_passphrase_size size of @e new_passphrase (binary data) * * @return allocated key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, int keyslot, @@ -618,26 +899,19 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, size_t new_passphrase_size); /** - * Change defined key slot using provided passphrase + * Change defined key slot using provided passphrase. * * @pre @e cd contains initialized and formatted LUKS device context * * @param cd crypt device handle * @param keyslot_old old keyslot or @e CRYPT_ANY_SLOT * @param keyslot_new new keyslot (can be the same as old) - * @param passphrase passphrase used to unlock volume key, @e NULL for query + * @param passphrase passphrase used to unlock volume key * @param passphrase_size size of passphrase (binary data) - * @param new_passphrase passphrase for new keyslot, @e NULL for query + * @param new_passphrase passphrase for new keyslot * @param new_passphrase_size size of @e new_passphrase (binary data) * * @return allocated key slot number or negative errno otherwise. - * - * @note This function is just internal implementation of luksChange - * command to avoid reading of volume key outside libcryptsetup boundary - * in FIPS mode. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, int keyslot_old, @@ -648,24 +922,34 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, size_t new_passphrase_size); /** -* Add key slot using provided key file path +* Add key slot using provided key file path. * * @pre @e cd contains initialized and formatted LUKS device context * * @param cd crypt device handle * @param keyslot requested keyslot or @e CRYPT_ANY_SLOT - * @param keyfile key file used to unlock volume key, @e NULL for passphrase query + * @param keyfile key file used to unlock volume key * @param keyfile_size number of bytes to read from keyfile, @e 0 is unlimited * @param keyfile_offset number of bytes to skip at start of keyfile - * @param new_keyfile keyfile for new keyslot, @e NULL for passphrase query + * @param new_keyfile keyfile for new keyslot * @param new_keyfile_size number of bytes to read from @e new_keyfile, @e 0 is unlimited * @param new_keyfile_offset number of bytes to skip at start of new_keyfile * * @return allocated key slot number or negative errno otherwise. - * - * @note Note that @e keyfile can be "-" for STDIN */ -int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd, +int crypt_keyslot_add_by_keyfile_device_offset(struct crypt_device *cd, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset, + const char *new_keyfile, + size_t new_keyfile_size, + uint64_t new_keyfile_offset); + +/** + * Backward compatible crypt_keyslot_add_by_keyfile_device_offset() (with size_t offset). + */ +int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd, int keyslot, const char *keyfile, size_t keyfile_size, @@ -673,8 +957,9 @@ int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd, const char *new_keyfile, size_t new_keyfile_size, size_t new_keyfile_offset); + /** - * Backward compatible crypt_keyslot_add_by_keyfile_offset() (without offset). + * Backward compatible crypt_keyslot_add_by_keyfile_device_offset() (without offset). */ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, int keyslot, @@ -684,7 +969,7 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, size_t new_keyfile_size); /** - * Add key slot using provided volume key + * Add key slot using provided volume key. * * @pre @e cd contains initialized and formatted LUKS device context * @@ -692,13 +977,10 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, * @param keyslot requested keyslot or CRYPT_ANY_SLOT * @param volume_key provided volume key or @e NULL if used after crypt_format * @param volume_key_size size of volume_key - * @param passphrase passphrase for new keyslot, @e NULL for query + * @param passphrase passphrase for new keyslot * @param passphrase_size size of passphrase * * @return allocated key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, int keyslot, @@ -707,8 +989,54 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, const char *passphrase, size_t passphrase_size); +/** create keyslot with volume key not associated with current dm-crypt segment */ +#define CRYPT_VOLUME_KEY_NO_SEGMENT (1 << 0) + +/** create keyslot with new volume key and assign it to current dm-crypt segment */ +#define CRYPT_VOLUME_KEY_SET (1 << 1) + +/** Assign key to first matching digest before creating new digest */ +#define CRYPT_VOLUME_KEY_DIGEST_REUSE (1 << 2) + /** - * Destroy (and disable) key slot + * Add key slot using provided key. + * + * @pre @e cd contains initialized and formatted LUKS2 device context + * + * @param cd crypt device handle + * @param keyslot requested keyslot or CRYPT_ANY_SLOT + * @param volume_key provided volume key or @e NULL (see note below) + * @param volume_key_size size of volume_key + * @param passphrase passphrase for new keyslot + * @param passphrase_size size of passphrase + * @param flags key flags to set + * + * @return allocated key slot number or negative errno otherwise. + * + * @note in case volume_key is @e NULL following first matching rule will apply: + * @li if cd is device handle used in crypt_format() by current process, the volume + * key generated (or passed) in crypt_format() will be stored in keyslot. + * @li if CRYPT_VOLUME_KEY_NO_SEGMENT flag is raised the new volume_key will be + * generated and stored in keyslot. The keyslot will become unbound (unusable to + * dm-crypt device activation). + * @li fails with -EINVAL otherwise + * + * @warning CRYPT_VOLUME_KEY_SET flag force updates volume key. It is @b not @b reencryption! + * By doing so you will most probably destroy your ciphertext data device. It's supposed + * to be used only in wrapped keys scheme for key refresh process where real (inner) volume + * key stays untouched. It may be involed on active @e keyslot which makes the (previously + * unbound) keyslot new regular keyslot. + */ +int crypt_keyslot_add_by_key(struct crypt_device *cd, + int keyslot, + const char *volume_key, + size_t volume_key_size, + const char *passphrase, + size_t passphrase_size, + uint32_t flags); + +/** + * Destroy (and disable) key slot. * * @pre @e cd contains initialized and formatted LUKS device context * @@ -720,18 +1048,15 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, * @note Note that there is no passphrase verification used. */ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot); - /** @} */ /** - * @defgroup aflags Device runtime attributes - * + * @defgroup crypt-aflags Device runtime attributes * Activation flags - * - * @addtogroup aflags + * @addtogroup crypt-aflags * @{ - * */ + /** device is read only */ #define CRYPT_ACTIVATE_READONLY (1 << 0) /** only reported for device without uuid */ @@ -748,20 +1073,49 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot); #define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6) /** use submit_from_crypt_cpus for dm-crypt */ #define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7) - +/** dm-verity: ignore_corruption flag - ignore corruption, log it only */ +#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (1 << 8) +/** dm-verity: restart_on_corruption flag - restart kernel on corruption */ +#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9) +/** dm-verity: ignore_zero_blocks - do not verify zero blocks */ +#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10) +/** key loaded in kernel keyring instead directly in dm-crypt */ +#define CRYPT_ACTIVATE_KEYRING_KEY (1 << 11) +/** dm-integrity: direct writes, do not use journal */ +#define CRYPT_ACTIVATE_NO_JOURNAL (1 << 12) +/** dm-integrity: recovery mode - no journal, no integrity checks */ +#define CRYPT_ACTIVATE_RECOVERY (1 << 13) +/** ignore persistently stored flags */ +#define CRYPT_ACTIVATE_IGNORE_PERSISTENT (1 << 14) +/** dm-verity: check_at_most_once - check data blocks only the first time */ +#define CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE (1 << 15) +/** allow activation check including unbound keyslots (keyslots without segments) */ +#define CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY (1 << 16) +/** dm-integrity: activate automatic recalculation */ +#define CRYPT_ACTIVATE_RECALCULATE (1 << 17) +/** reactivate existing and update flags, input only */ +#define CRYPT_ACTIVATE_REFRESH (1 << 18) +/** Use global lock to serialize memory hard KDF on activation (OOM workaround) */ +#define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (1 << 19) +/** dm-integrity: direct writes, use bitmap to track dirty sectors */ +#define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (1 << 20) +/** device is suspended (key should be wiped from memory), output only */ +#define CRYPT_ACTIVATE_SUSPENDED (1 << 21) +/** use IV sector counted in sector_size instead of default 512 bytes sectors */ +#define CRYPT_ACTIVATE_IV_LARGE_SECTORS (1 << 22) /** * Active device runtime attributes */ struct crypt_active_device { - uint64_t offset; /**< offset in sectors */ + uint64_t offset; /**< offset in sectors */ uint64_t iv_offset; /**< IV initialization sector */ - uint64_t size; /**< active device size */ - uint32_t flags; /**< activation flags */ + uint64_t size; /**< active device size */ + uint32_t flags; /**< activation flags */ }; /** - * Receives runtime attributes of active crypt device + * Receive runtime attributes of active crypt device. * * @param cd crypt device handle (can be @e NULL) * @param name name of active device @@ -771,25 +1125,99 @@ struct crypt_active_device { * */ int crypt_get_active_device(struct crypt_device *cd, - const char *name, - struct crypt_active_device *cad); + const char *name, + struct crypt_active_device *cad); +/** + * Get detected number of integrity failures. + * + * @param cd crypt device handle (can be @e NULL) + * @param name name of active device + * + * @return number of integrity failures or @e 0 otherwise + * + */ +uint64_t crypt_get_active_integrity_failures(struct crypt_device *cd, + const char *name); /** @} */ /** - * Activate device or check passphrase + * @defgroup crypt-pflags LUKS2 Device persistent flags and requirements + * @addtogroup crypt-pflags + * @{ + */ + +/** + * LUKS2 header requirements + */ +/** Unfinished offline reencryption */ +#define CRYPT_REQUIREMENT_OFFLINE_REENCRYPT (1 << 0) +/** Online reencryption in-progress */ +#define CRYPT_REQUIREMENT_ONLINE_REENCRYPT (1 << 1) +/** unknown requirement in header (output only) */ +#define CRYPT_REQUIREMENT_UNKNOWN (1 << 31) + +/** + * Persistent flags type + */ +typedef enum { + CRYPT_FLAGS_ACTIVATION, /**< activation flags, @see aflags */ + CRYPT_FLAGS_REQUIREMENTS /**< requirements flags */ +} crypt_flags_type; + +/** + * Set persistent flags. + * + * @param cd crypt device handle (can be @e NULL) + * @param type type to set (CRYPT_FLAGS_ACTIVATION or CRYPT_FLAGS_REQUIREMENTS) + * @param flags flags to set + * + * @return @e 0 on success or negative errno value otherwise + * + * @note Valid only for LUKS2. + * + * @note Not all activation flags can be stored. Only ALLOW_DISCARD, + * SAME_CPU_CRYPT, SUBMIT_FROM_CRYPT_CPU and NO_JOURNAL can be + * stored persistently. + * + * @note Only requirements flags recognised by current library may be set. + * CRYPT_REQUIREMENT_UNKNOWN is illegal (output only) in set operation. + */ +int crypt_persistent_flags_set(struct crypt_device *cd, + crypt_flags_type type, + uint32_t flags); + +/** + * Get persistent flags stored in header. + * + * @param cd crypt device handle (can be @e NULL) + * @param type flags type to retrieve (CRYPT_FLAGS_ACTIVATION or CRYPT_FLAGS_REQUIREMENTS) + * @param flags reference to output variable + * + * @return @e 0 on success or negative errno value otherwise + */ +int crypt_persistent_flags_get(struct crypt_device *cd, + crypt_flags_type type, + uint32_t *flags); +/** @} */ + +/** + * @defgroup crypt-activation Device activation + * @addtogroup crypt-activation + * @{ + */ + +/** + * Activate device or check passphrase. * * @param cd crypt device handle * @param name name of device to create, if @e NULL only check passphrase * @param keyslot requested keyslot to check or @e CRYPT_ANY_SLOT - * @param passphrase passphrase used to unlock volume key, @e NULL for query + * @param passphrase passphrase used to unlock volume key * @param passphrase_size size of @e passphrase * @param flags activation flags * * @return unlocked key slot number or negative errno otherwise. - * - * @note If passphrase is @e NULL always use crypt_set_password_callback. - * Internal terminal password query is DEPRECATED and will be removed in next version. */ int crypt_activate_by_passphrase(struct crypt_device *cd, const char *name, @@ -799,7 +1227,7 @@ int crypt_activate_by_passphrase(struct crypt_device *cd, uint32_t flags); /** - * Activate device or check using key file + * Activate device or check using key file. * * @param cd crypt device handle * @param name name of device to create, if @e NULL only check keyfile @@ -811,6 +1239,17 @@ int crypt_activate_by_passphrase(struct crypt_device *cd, * * @return unlocked key slot number or negative errno otherwise. */ +int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset, + uint32_t flags); + +/** + * Backward compatible crypt_activate_by_keyfile_device_offset() (with size_t offset). + */ int crypt_activate_by_keyfile_offset(struct crypt_device *cd, const char *name, int keyslot, @@ -818,8 +1257,9 @@ int crypt_activate_by_keyfile_offset(struct crypt_device *cd, size_t keyfile_size, size_t keyfile_offset, uint32_t flags); + /** - * Backward compatible crypt_activate_by_keyfile_offset() (without offset). + * Backward compatible crypt_activate_by_keyfile_device_offset() (without offset). */ int crypt_activate_by_keyfile(struct crypt_device *cd, const char *name, @@ -829,8 +1269,7 @@ int crypt_activate_by_keyfile(struct crypt_device *cd, uint32_t flags); /** - * Activate device using provided volume key - * + * Activate device using provided volume key. * * @param cd crypt device handle * @param name name of device to create, if @e NULL only check volume key @@ -856,20 +1295,87 @@ int crypt_activate_by_volume_key(struct crypt_device *cd, uint32_t flags); /** + * Activate VERITY device using provided key and optional signature). + * + * @param cd crypt device handle + * @param name name of device to create + * @param volume_key provided volume key + * @param volume_key_size size of volume_key + * @param signature buffer with signature for the key + * @param signature_size bsize of signature buffer + * @param flags activation flags + * + * @return @e 0 on success or negative errno value otherwise. + * + * @note For VERITY the volume key means root hash required for activation. + * Because kernel dm-verity is always read only, you have to provide + * CRYPT_ACTIVATE_READONLY flag always. + */ +int crypt_activate_by_signed_key(struct crypt_device *cd, + const char *name, + const char *volume_key, + size_t volume_key_size, + const char *signature, + size_t signature_size, + uint32_t flags); + +/** + * Activate device using passphrase stored in kernel keyring. + * + * @param cd crypt device handle + * @param name name of device to create, if @e NULL only check passphrase in keyring + * @param key_description kernel keyring key description library should look + * for passphrase in + * @param keyslot requested keyslot to check or CRYPT_ANY_SLOT + * @param flags activation flags + * + * @return @e unlocked keyslot number on success or negative errno value otherwise. + * + * @note Keyslot passphrase must be stored in 'user' key type + * and the key has to be reachable for process context + * on behalf of which this function is called. + */ +int crypt_activate_by_keyring(struct crypt_device *cd, + const char *name, + const char *key_description, + int keyslot, + uint32_t flags); + +/** lazy deactivation - remove once last user releases it */ +#define CRYPT_DEACTIVATE_DEFERRED (1 << 0) +/** force deactivation - if the device is busy, it is replaced by error device */ +#define CRYPT_DEACTIVATE_FORCE (1 << 1) + +/** * Deactivate crypt device. This function tries to remove active device-mapper * mapping from kernel. Also, sensitive data like the volume key are removed from * memory * * @param cd crypt device handle, can be @e NULL * @param name name of device to deactivate + * @param flags deactivation flags * * @return @e 0 on success or negative errno value otherwise. * */ +int crypt_deactivate_by_name(struct crypt_device *cd, + const char *name, + uint32_t flags); + +/** + * Deactivate crypt device. See @ref crypt_deactivate_by_name with empty @e flags. + */ int crypt_deactivate(struct crypt_device *cd, const char *name); +/** @} */ /** - * Get volume key from of crypt device + * @defgroup crypt-key Volume Key manipulation + * @addtogroup crypt-key + * @{ + */ + +/** + * Get volume key from crypt device. * * @param cd crypt device handle * @param keyslot use this keyslot or @e CRYPT_ANY_SLOT @@ -881,8 +1387,9 @@ int crypt_deactivate(struct crypt_device *cd, const char *name); * * @return unlocked key slot number or negative errno otherwise. * - * @note For TCRYPT cipher chain is the volume key concatenated + * @note For TCRYPT cipher chain is the volume key concatenated * for all ciphers in chain. + * @note For VERITY the volume key means root hash used for activation. */ int crypt_volume_key_get(struct crypt_device *cd, int keyslot, @@ -892,7 +1399,7 @@ int crypt_volume_key_get(struct crypt_device *cd, size_t passphrase_size); /** - * Verify that provided volume key is valid for crypt device + * Verify that provided volume key is valid for crypt device. * * @param cd crypt device handle * @param volume_key provided volume key @@ -903,10 +1410,11 @@ int crypt_volume_key_get(struct crypt_device *cd, int crypt_volume_key_verify(struct crypt_device *cd, const char *volume_key, size_t volume_key_size); +/** @} */ /** - * @defgroup devstat Crypt and Verity device status - * @addtogroup devstat + * @defgroup crypt-devstat Crypt and Verity device status + * @addtogroup crypt-devstat * @{ */ @@ -914,14 +1422,14 @@ int crypt_volume_key_verify(struct crypt_device *cd, * Device status */ typedef enum { - CRYPT_INVALID, /**< device mapping is invalid in this context */ + CRYPT_INVALID, /**< device mapping is invalid in this context */ CRYPT_INACTIVE, /**< no such mapped device */ - CRYPT_ACTIVE, /**< device is active */ - CRYPT_BUSY /**< device is active and has open count > 0 */ + CRYPT_ACTIVE, /**< device is active */ + CRYPT_BUSY /**< device is active and has open count > 0 */ } crypt_status_info; /** - * Get status info about device name + * Get status info about device name. * * @param cd crypt device handle, can be @e NULL * @param name crypt device name @@ -932,7 +1440,7 @@ typedef enum { crypt_status_info crypt_status(struct crypt_device *cd, const char *name); /** - * Dump text-formatted information about crypt or verity device to log output + * Dump text-formatted information about crypt or verity device to log output. * * @param cd crypt device handle * @@ -941,7 +1449,7 @@ crypt_status_info crypt_status(struct crypt_device *cd, const char *name); int crypt_dump(struct crypt_device *cd); /** - * Get cipher used in device + * Get cipher used in device. * * @param cd crypt device handle * @@ -951,7 +1459,7 @@ int crypt_dump(struct crypt_device *cd); const char *crypt_get_cipher(struct crypt_device *cd); /** - * Get cipher mode used in device + * Get cipher mode used in device. * * @param cd crypt device handle * @@ -961,7 +1469,7 @@ const char *crypt_get_cipher(struct crypt_device *cd); const char *crypt_get_cipher_mode(struct crypt_device *cd); /** - * Get device UUID + * Get device UUID. * * @param cd crypt device handle * @@ -971,7 +1479,7 @@ const char *crypt_get_cipher_mode(struct crypt_device *cd); const char *crypt_get_uuid(struct crypt_device *cd); /** - * Get path to underlaying device + * Get path to underlaying device. * * @param cd crypt device handle * @@ -981,7 +1489,17 @@ const char *crypt_get_uuid(struct crypt_device *cd); const char *crypt_get_device_name(struct crypt_device *cd); /** - * Get device offset in sectors where real data starts on underlying device) + * Get path to detached metadata device or @e NULL if it is not detached. + * + * @param cd crypt device handle + * + * @return path to underlaying device name + * + */ +const char *crypt_get_metadata_device_name(struct crypt_device *cd); + +/** + * Get device offset in 512-bytes sectors where real data starts (on underlying device). * * @param cd crypt device handle * @@ -991,7 +1509,7 @@ const char *crypt_get_device_name(struct crypt_device *cd); uint64_t crypt_get_data_offset(struct crypt_device *cd); /** - * Get IV offset in sectors (skip) + * Get IV offset in 512-bytes sectors (skip). * * @param cd crypt device handle * @@ -1001,17 +1519,29 @@ uint64_t crypt_get_data_offset(struct crypt_device *cd); uint64_t crypt_get_iv_offset(struct crypt_device *cd); /** - * Get size (in bytes) of volume key for crypt device + * Get size (in bytes) of volume key for crypt device. * * @param cd crypt device handle * * @return volume key size * + * @note For LUKS2, this function can be used only if there is at least + * one keyslot assigned to data segment. */ int crypt_get_volume_key_size(struct crypt_device *cd); /** - * Get device parameters for VERITY device + * Get size (in bytes) of encryption sector for crypt device. + * + * @param cd crypt device handle + * + * @return sector size + * + */ +int crypt_get_sector_size(struct crypt_device *cd); + +/** + * Get device parameters for VERITY device. * * @param cd crypt device handle * @param vp verity device info @@ -1021,20 +1551,29 @@ int crypt_get_volume_key_size(struct crypt_device *cd); */ int crypt_get_verity_info(struct crypt_device *cd, struct crypt_params_verity *vp); -/** @} */ /** - * @defgroup benchmark Benchmarking + * Get device parameters for INTEGRITY device. * - * Benchmarking of algorithms + * @param cd crypt device handle + * @param ip verity device info * - * @addtogroup benchmark - * @{ + * @e 0 on success or negative errno value otherwise. * */ +int crypt_get_integrity_info(struct crypt_device *cd, + struct crypt_params_integrity *ip); +/** @} */ /** - * Informational benchmark for ciphers + * @defgroup crypt-benchmark Benchmarking + * Benchmarking of algorithms + * @addtogroup crypt-benchmark + * @{ + */ + +/** + * Informational benchmark for ciphers. * * @param cd crypt device handle * @param cipher (e.g. "aes") @@ -1060,49 +1599,51 @@ int crypt_benchmark(struct crypt_device *cd, double *decryption_mbs); /** - * Informational benchmark for KDF + * Informational benchmark for PBKDF. * * @param cd crypt device handle - * @param kdf Key derivation function (e.g. "pbkdf2") - * @param hash Hash algorithm used in KDF (e.g. "sha256") + * @param pbkdf PBKDF parameters * @param password password for benchmark * @param password_size size of password * @param salt salt for benchmark * @param salt_size size of salt - * @param iterations_sec returns measured KDF iterations per second + * @param volume_key_size output volume key size + * @param progress callback function + * @param usrptr provided identification in callback * * @return @e 0 on success or negative errno value otherwise. */ -int crypt_benchmark_kdf(struct crypt_device *cd, - const char *kdf, - const char *hash, +int crypt_benchmark_pbkdf(struct crypt_device *cd, + struct crypt_pbkdf_type *pbkdf, const char *password, size_t password_size, const char *salt, size_t salt_size, - uint64_t *iterations_sec); + size_t volume_key_size, + int (*progress)(uint32_t time_ms, void *usrptr), + void *usrptr); /** @} */ /** - * @addtogroup keyslot + * @addtogroup crypt-keyslot * @{ - * */ /** * Crypt keyslot info */ typedef enum { - CRYPT_SLOT_INVALID, /**< invalid keyslot */ - CRYPT_SLOT_INACTIVE, /**< keyslot is inactive (free) */ - CRYPT_SLOT_ACTIVE, /**< keyslot is active (used) */ - CRYPT_SLOT_ACTIVE_LAST /**< keylost is active (used) - * and last used at the same time */ + CRYPT_SLOT_INVALID, /**< invalid keyslot */ + CRYPT_SLOT_INACTIVE, /**< keyslot is inactive (free) */ + CRYPT_SLOT_ACTIVE, /**< keyslot is active (used) */ + CRYPT_SLOT_ACTIVE_LAST,/**< keylost is active (used) + * and last used at the same time */ + CRYPT_SLOT_UNBOUND /**< keyslot is active and not bound + * to any crypt segment (LUKS2 only) */ } crypt_keyslot_info; /** - * Get information about particular key slot - * + * Get information about particular key slot. * * @param cd crypt device handle * @param keyslot requested keyslot to check or CRYPT_ANY_SLOT @@ -1111,7 +1652,37 @@ typedef enum { * */ crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot); -/** @} */ + +/** + * Crypt keyslot priority + */ +typedef enum { + CRYPT_SLOT_PRIORITY_INVALID =-1, /**< no such slot */ + CRYPT_SLOT_PRIORITY_IGNORE = 0, /**< CRYPT_ANY_SLOT will ignore it for open */ + CRYPT_SLOT_PRIORITY_NORMAL = 1, /**< default priority, tried after preferred */ + CRYPT_SLOT_PRIORITY_PREFER = 2, /**< will try to open first */ +} crypt_keyslot_priority; + +/** + * Get keyslot priority (LUKS2) + * + * @param cd crypt device handle + * @param keyslot keyslot number + * + * @return value defined by crypt_keyslot_priority + */ +crypt_keyslot_priority crypt_keyslot_get_priority(struct crypt_device *cd, int keyslot); + +/** + * Set keyslot priority (LUKS2) + * + * @param cd crypt device handle + * @param keyslot keyslot number + * @param priority priority defined in crypt_keyslot_priority + * + * @return @e 0 on success or negative errno value otherwise. + */ +int crypt_keyslot_set_priority(struct crypt_device *cd, int keyslot, crypt_keyslot_priority priority); /** * Get number of keyslots supported for device type. @@ -1124,7 +1695,7 @@ crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot); int crypt_keyslot_max(const char *type); /** - * Get keyslot area pointers (relative to metadata device) + * Get keyslot area pointers (relative to metadata device). * * @param cd crypt device handle * @param keyslot keyslot number @@ -1140,56 +1711,60 @@ int crypt_keyslot_area(struct crypt_device *cd, uint64_t *length); /** - * Backup header and keyslots to file + * Get size (in bytes) of stored key in particular keyslot. + * Use for LUKS2 unbound keyslots, for other keyslots it is the same as @ref crypt_get_volume_key_size * * @param cd crypt device handle - * @param requested_type @link crypt_type @endlink or @e NULL for all known - * @param backup_file file to backup header to + * @param keyslot keyslot number * - * @return @e 0 on success or negative errno value otherwise. + * @return volume key size or negative errno value otherwise. * */ -int crypt_header_backup(struct crypt_device *cd, - const char *requested_type, - const char *backup_file); +int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot); /** - * Restore header and keyslots from backup file - * + * Get cipher and key size for keyslot encryption. + * Use for LUKS2 keyslot to set different encryption type than for data encryption. + * Parameters will be used for next keyslot operations. * * @param cd crypt device handle - * @param requested_type @link crypt_type @endlink or @e NULL for all known - * @param backup_file file to restore header from + * @param keyslot keyslot number of CRYPT_ANY_SLOT for default + * @param key_size encryption key size (in bytes) * - * @return @e 0 on success or negative errno value otherwise. + * @return cipher specification on success or @e NULL. * + * @note This is the encryption of keyslot itself, not the data encryption algorithm! */ -int crypt_header_restore(struct crypt_device *cd, - const char *requested_type, - const char *backup_file); +const char *crypt_keyslot_get_encryption(struct crypt_device *cd, int keyslot, size_t *key_size); /** - * Receives last reported error + * Get PBKDF parameters for keyslot. * * @param cd crypt device handle - * @param buf buffef for message - * @param size size of buffer + * @param keyslot keyslot number + * @param pbkdf struct with returned PBKDF parameters * - * @note Note that this is old API function using global context. - * All error messages are reported also through log callback. + * @return @e 0 on success or negative errno value otherwise. */ -void crypt_last_error(struct crypt_device *cd, char *buf, size_t size); +int crypt_keyslot_get_pbkdf(struct crypt_device *cd, int keyslot, struct crypt_pbkdf_type *pbkdf); /** - * Receives last reported error, DEPRECATED + * Set encryption for keyslot. + * Use for LUKS2 keyslot to set different encryption type than for data encryption. + * Parameters will be used for next keyslot operations that create or change a keyslot. + * + * @param cd crypt device handle + * @param cipher (e.g. "aes-xts-plain64") + * @param key_size encryption key size (in bytes) * - * @param buf buffef for message - * @param size size of buffer + * @return @e 0 on success or negative errno value otherwise. * - * @note Note that this is old API function using global context. - * All error messages are reported also through log callback. + * @note To reset to default keyslot encryption (the same as for data) + * set cipher to NULL and key size to 0. */ -void crypt_get_error(char *buf, size_t size); +int crypt_keyslot_set_encryption(struct crypt_device *cd, + const char *cipher, + size_t key_size); /** * Get directory where mapped crypt devices are created @@ -1198,17 +1773,53 @@ void crypt_get_error(char *buf, size_t size); */ const char *crypt_get_dir(void); +/** @} */ + +/** + * @defgroup crypt-backup Device metadata backup + * @addtogroup crypt-backup + * @{ + */ +/** + * Backup header and keyslots to file. + * + * @param cd crypt device handle + * @param requested_type @link crypt-type @endlink or @e NULL for all known + * @param backup_file file to backup header to + * + * @return @e 0 on success or negative errno value otherwise. + * + */ +int crypt_header_backup(struct crypt_device *cd, + const char *requested_type, + const char *backup_file); + /** - * @defgroup dbg Library debug level + * Restore header and keyslots from backup file. * - * Set library debug level + * @param cd crypt device handle + * @param requested_type @link crypt-type @endlink or @e NULL for all known + * @param backup_file file to restore header from * - * @addtogroup dbg + * @return @e 0 on success or negative errno value otherwise. + * + */ +int crypt_header_restore(struct crypt_device *cd, + const char *requested_type, + const char *backup_file); +/** @} */ + +/** + * @defgroup crypt-dbg Library debug level + * Set library debug level + * @addtogroup crypt-dbg * @{ */ /** Debug all */ #define CRYPT_DEBUG_ALL -1 +/** Debug all with additional JSON dump (for LUKS2) */ +#define CRYPT_DEBUG_JSON -2 /** Debug none */ #define CRYPT_DEBUG_NONE 0 @@ -1219,6 +1830,539 @@ const char *crypt_get_dir(void); * */ void crypt_set_debug_level(int level); +/** @} */ + +/** + * @defgroup crypt-keyfile Function to read keyfile + * @addtogroup crypt-keyfile + * @{ + */ + +/** + * Read keyfile + * + * @param cd crypt device handle + * @param keyfile keyfile to read + * @param key buffer for key + * @param key_size_read size of read key + * @param keyfile_offset key offset in keyfile + * @param key_size exact key length to read from file or 0 + * @param flags keyfile read flags + * + * @return @e 0 on success or negative errno value otherwise. + * + * @note If key_size is set to zero we read internal max length + * and actual size read is returned via key_size_read parameter. + */ +int crypt_keyfile_device_read(struct crypt_device *cd, + const char *keyfile, + char **key, size_t *key_size_read, + uint64_t keyfile_offset, + size_t key_size, + uint32_t flags); + +/** + * Backward compatible crypt_keyfile_device_read() (with size_t offset). + */ +int crypt_keyfile_read(struct crypt_device *cd, + const char *keyfile, + char **key, size_t *key_size_read, + size_t keyfile_offset, + size_t key_size, + uint32_t flags); + +/** Read key only to the first end of line (\\n). */ +#define CRYPT_KEYFILE_STOP_EOL (1 << 0) +/** @} */ + +/** + * @defgroup crypt-wipe Function to wipe device + * @addtogroup crypt-wipe + * @{ + */ +/** + * Wipe pattern + */ +typedef enum { + CRYPT_WIPE_ZERO, /**< Fill with zeroes */ + CRYPT_WIPE_RANDOM, /**< Use RNG to fill data */ + CRYPT_WIPE_ENCRYPTED_ZERO, /**< Add encryption and fill with zeroes as plaintext */ + CRYPT_WIPE_SPECIAL, /**< Compatibility only, do not use (Gutmann method) */ +} crypt_wipe_pattern; + +/** + * Wipe/Fill (part of) a device with the selected pattern. + * + * @param cd crypt device handle + * @param dev_path path to device to wipe or @e NULL if data device should be used + * @param pattern selected wipe pattern + * @param offset offset on device (in bytes) + * @param length length of area to be wiped (in bytes) + * @param wipe_block_size used block for wiping (one step) (in bytes) + * @param flags wipe flags + * @param progress callback function called after each @e wipe_block_size or @e NULL + * @param usrptr provided identification in callback + * + * @return @e 0 on success or negative errno value otherwise. + * + * @note A @e progress callback can interrupt wipe process by returning non-zero code. + * + * @note If the error values is -EIO or -EINTR, some part of the device could + * be overwritten. Other error codes (-EINVAL, -ENOMEM) means that no IO was performed. + */ +int crypt_wipe(struct crypt_device *cd, + const char *dev_path, /* if null, use data device */ + crypt_wipe_pattern pattern, + uint64_t offset, + uint64_t length, + size_t wipe_block_size, + uint32_t flags, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr), + void *usrptr +); + +/** Use direct-io */ +#define CRYPT_WIPE_NO_DIRECT_IO (1 << 0) +/** @} */ + +/** + * @defgroup crypt-tokens LUKS2 token wrapper access + * + * Utilities for handling tokens LUKS2 + * Token is a device or a method how to read password for particular keyslot + * automatically. It can be chunk of data stored on hardware token or + * just a metadata how to generate the password. + * + * @addtogroup crypt-tokens + * @{ + */ + +/** Iterate through all tokens */ +#define CRYPT_ANY_TOKEN -1 + +/** + * Get content of a token definition in JSON format. + * + * @param cd crypt device handle + * @param token token id + * @param json buffer with JSON + * + * @return allocated token id or negative errno otherwise. + */ +int crypt_token_json_get(struct crypt_device *cd, + int token, + const char **json); + +/** + * Store content of a token definition in JSON format. + * + * @param cd crypt device handle + * @param token token id or @e CRYPT_ANY_TOKEN to allocate new one + * @param json buffer with JSON or @e NULL to remove token + * + * @return allocated token id or negative errno otherwise. + * + * @note The buffer must be in proper JSON format and must contain at least + * string "type" with slot type and an array of string names "keyslots". + * Keyslots array contains assignments to particular slots and can be empty. + */ +int crypt_token_json_set(struct crypt_device *cd, + int token, + const char *json); + +/** + * Token info + */ +typedef enum { + CRYPT_TOKEN_INVALID, /**< token is invalid */ + CRYPT_TOKEN_INACTIVE, /**< token is empty (free) */ + CRYPT_TOKEN_INTERNAL, /**< active internal token with driver */ + CRYPT_TOKEN_INTERNAL_UNKNOWN, /**< active internal token (reserved name) with missing token driver */ + CRYPT_TOKEN_EXTERNAL, /**< active external (user defined) token with driver */ + CRYPT_TOKEN_EXTERNAL_UNKNOWN, /**< active external (user defined) token with missing token driver */ +} crypt_token_info; + +/** + * Get info for specific token. + * + * @param cd crypt device handle + * @param token existing token id + * @param type pointer for returned type string + * + * @return token status info. For any returned status (besides CRYPT_TOKEN_INVALID + * and CRYPT_TOKEN_INACTIVE) and if type parameter is not NULL it will + * contain address of type string. + * + * @note if required, create a copy of string referenced in *type before calling next + * libcryptsetup API function. The reference may become invalid. + */ +crypt_token_info crypt_token_status(struct crypt_device *cd, int token, const char **type); + +/** + * LUKS2 keyring token parameters. + * + * @see crypt_token_builtin_set + * + */ +struct crypt_token_params_luks2_keyring { + const char *key_description; /**< Reference in keyring */ +}; + +/** + * Create a new luks2 keyring token. + * + * @param cd crypt device handle + * @param token token id or @e CRYPT_ANY_TOKEN to allocate new one + * @param params luks2 keyring token params + * + * @return allocated token id or negative errno otherwise. + * + */ +int crypt_token_luks2_keyring_set(struct crypt_device *cd, + int token, + const struct crypt_token_params_luks2_keyring *params); + +/** + * Get LUKS2 keyring token params + * + * @param cd crypt device handle + * @param token existing luks2 keyring token id + * @param params returned luks2 keyring token params + * + * @return allocated token id or negative errno otherwise. + * + * @note do not call free() on params members. Members are valid only + * until next libcryptsetup function is called. + */ +int crypt_token_luks2_keyring_get(struct crypt_device *cd, + int token, + struct crypt_token_params_luks2_keyring *params); + +/** + * Assign a token to particular keyslot. + * (There can be more keyslots assigned to one token id.) + * + * @param cd crypt device handle + * @param token token id + * @param keyslot keyslot to be assigned to token (CRYPT_ANY SLOT + * assigns all active keyslots to token) + * + * @return allocated token id or negative errno otherwise. + */ +int crypt_token_assign_keyslot(struct crypt_device *cd, + int token, + int keyslot); + +/** + * Unassign a token from particular keyslot. + * (There can be more keyslots assigned to one token id.) + * + * @param cd crypt device handle + * @param token token id + * @param keyslot keyslot to be unassigned from token (CRYPT_ANY SLOT + * unassigns all active keyslots from token) + * + * @return allocated token id or negative errno otherwise. + */ +int crypt_token_unassign_keyslot(struct crypt_device *cd, + int token, + int keyslot); + +/** + * Get info about token assignment to particular keyslot. + * + * @param cd crypt device handle + * @param token token id + * @param keyslot keyslot + * + * @return 0 on success (token exists and is assigned to the keyslot), + * -ENOENT if token is not assigned to a keyslot (token, keyslot + * or both may be inactive) or other negative errno otherwise. + */ +int crypt_token_is_assigned(struct crypt_device *cd, + int token, + int keyslot); + +/** + * Token handler open function prototype. + * This function retrieves password from a token and return allocated buffer + * containing this password. This buffer has to be deallocated by calling + * free() function and content should be wiped before deallocation. + * + * @param cd crypt device handle + * @param token token id + * @param buffer returned allocated buffer with password + * @param buffer_len length of the buffer + * @param usrptr user data in @link crypt_activate_by_token @endlink + */ +typedef int (*crypt_token_open_func) ( + struct crypt_device *cd, + int token, + char **buffer, + size_t *buffer_len, + void *usrptr); + +/** + * Token handler buffer free function prototype. + * This function is used by library to free the buffer with keyslot + * passphrase when it's no longer needed. If not defined the library + * overwrites buffer with zeroes and call free(). + * + * @param buffer the buffer with keyslot passphrase + * @param buffer_len the buffer length + */ +typedef void (*crypt_token_buffer_free_func) (void *buffer, size_t buffer_len); + +/** + * Token handler validate function prototype. + * This function validates JSON representation of user defined token for additional data + * specific for its token type. If defined in the handler, it's called + * during @link crypt_activate_by_token @endlink. It may also be called during + * @link crypt_token_json_set @endlink when appropriate token handler was registered before + * with @link crypt_token_register @endlink. + * + * @param cd crypt device handle + * @param json buffer with JSON + */ +typedef int (*crypt_token_validate_func) (struct crypt_device *cd, const char *json); + +/** + * Token handler dump function prototype. + * This function is supposed to print token implementation specific details. It gets + * called during @link crypt_dump @endlink if token handler was registered before. + * + * @param cd crypt device handle + * @param json buffer with token JSON + * + * @note dump implementations are advised to use @link crypt_log @endlink function + * to dump token details. + */ +typedef void (*crypt_token_dump_func) (struct crypt_device *cd, const char *json); + +/** + * Token handler + */ +typedef struct { + const char *name; /**< token handler name */ + crypt_token_open_func open; /**< token handler open function */ + crypt_token_buffer_free_func buffer_free; /**< token handler buffer_free function (optional) */ + crypt_token_validate_func validate; /**< token handler validate function (optional) */ + crypt_token_dump_func dump; /**< token handler dump function (optional) */ +} crypt_token_handler; + +/** + * Register token handler + * + * @param handler token handler to register + * + * @return @e 0 on success or negative errno value otherwise. + */ +int crypt_token_register(const crypt_token_handler *handler); + +/** + * Activate device or check key using a token. + * + * @param cd crypt device handle + * @param name name of device to create, if @e NULL only check token + * @param token requested token to check or CRYPT_ANY_TOKEN to check all + * @param usrptr provided identification in callback + * @param flags activation flags + * + * @return unlocked key slot number or negative errno otherwise. + */ +int crypt_activate_by_token(struct crypt_device *cd, + const char *name, + int token, + void *usrptr, + uint32_t flags); +/** @} */ + +/** + * @defgroup crypt-reencryption LUKS2 volume reencryption support + * + * Set of functions to handling LUKS2 volume reencryption + * + * @addtogroup crypt-reencryption + * @{ + */ + +/** Initialize reencryption metadata but do not run reencryption yet. (in) */ +#define CRYPT_REENCRYPT_INITIALIZE_ONLY (1 << 0) +/** Move the first segment, used only with data shift. (in/out) */ +#define CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT (1 << 1) +/** Resume already initialized reencryption only. (in) */ +#define CRYPT_REENCRYPT_RESUME_ONLY (1 << 2) +/** Run reencryption recovery only. (in) */ +#define CRYPT_REENCRYPT_RECOVERY (1 << 3) + +/** + * Reencryption direction + */ +typedef enum { + CRYPT_REENCRYPT_FORWARD = 0, /**< forward direction */ + CRYPT_REENCRYPT_BACKWARD /**< backward direction */ +} crypt_reencrypt_direction_info; + +/** + * Reencryption mode + */ +typedef enum { + CRYPT_REENCRYPT_REENCRYPT = 0, /**< Reencryption mode */ + CRYPT_REENCRYPT_ENCRYPT, /**< Encryption mode */ + CRYPT_REENCRYPT_DECRYPT, /**< Decryption mode */ +} crypt_reencrypt_mode_info; + +/** + * LUKS2 reencryption options. + */ +struct crypt_params_reencrypt { + crypt_reencrypt_mode_info mode; /**< Reencryption mode, immutable after first init. */ + crypt_reencrypt_direction_info direction; /**< Reencryption direction, immutable after first init. */ + const char *resilience; /**< Resilience mode: "none", "checksum", "journal" or "shift" (only "shift" is immutable after init) */ + const char *hash; /**< Used hash for "checksum" resilience type, ignored otherwise. */ + uint64_t data_shift; /**< Used in "shift" mode, must be non-zero, immutable after first init. */ + uint64_t max_hotzone_size; /**< Exact hotzone size for "none" mode. Maximum hotzone size for "checksum" and "journal" modes. */ + uint64_t device_size; /**< Reencrypt only initial part of the data device. */ + const struct crypt_params_luks2 *luks2; /**< LUKS2 parameters for the final reencryption volume.*/ + uint32_t flags; /**< Reencryption flags. */ +}; + +/** + * Initialize reencryption metadata using passphrase. + * + * This function initializes on-disk metadata to include all reencryption segments, + * according to the provided options. + * If metadata already contains ongoing reencryption metadata, it loads these parameters + * (in this situation all parameters except @e name and @e passphrase can be omitted). + * + * @param cd crypt device handle + * @param name name of active device or @e NULL for offline reencryption + * @param passphrase passphrase used to unlock volume key + * @param passphrase_size size of @e passphrase (binary data) + * @param keyslot_old keyslot to unlock existing device or CRYPT_ANY_SLOT + * @param keyslot_new existing (unbound) reencryption keyslot; must be set except for decryption + * @param cipher cipher specification (e.g. "aes") + * @param cipher_mode cipher mode and IV (e.g. "xts-plain64") + * @param params reencryption parameters @link crypt_params_reencrypt @endlink. + * + * @return reencryption key slot number or negative errno otherwise. + */ +int crypt_reencrypt_init_by_passphrase(struct crypt_device *cd, + const char *name, + const char *passphrase, + size_t passphrase_size, + int keyslot_old, + int keyslot_new, + const char *cipher, + const char *cipher_mode, + const struct crypt_params_reencrypt *params); + +/** + * Initialize reencryption metadata using passphrase in keyring. + * + * This function initializes on-disk metadata to include all reencryption segments, + * according to the provided options. + * If metadata already contains ongoing reencryption metadata, it loads these parameters + * (in this situation all parameters except @e name and @e key_description can be omitted). + * + * @param cd crypt device handle + * @param name name of active device or @e NULL for offline reencryption + * @param key_description passphrase (key) identification in keyring + * @param keyslot_old keyslot to unlock existing device or CRYPT_ANY_SLOT + * @param keyslot_new existing (unbound) reencryption keyslot; must be set except for decryption + * @param cipher cipher specification (e.g. "aes") + * @param cipher_mode cipher mode and IV (e.g. "xts-plain64") + * @param params reencryption parameters @link crypt_params_reencrypt @endlink. + * + * @return reencryption key slot number or negative errno otherwise. + */ +int crypt_reencrypt_init_by_keyring(struct crypt_device *cd, + const char *name, + const char *key_description, + int keyslot_old, + int keyslot_new, + const char *cipher, + const char *cipher_mode, + const struct crypt_params_reencrypt *params); + +/** + * Run data reencryption. + * + * @param cd crypt device handle + * @param progress is a callback funtion reporting device \b size, + * current \b offset of reencryption and provided \b usrptr identification + * + * @return @e 0 on success or negative errno value otherwise. + */ +int crypt_reencrypt(struct crypt_device *cd, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr)); + +/** + * Reencryption status info + */ +typedef enum { + CRYPT_REENCRYPT_NONE = 0, /**< No reencryption in progress */ + CRYPT_REENCRYPT_CLEAN, /**< Ongoing reencryption in a clean state. */ + CRYPT_REENCRYPT_CRASH, /**< Aborted reencryption that need internal recovery. */ + CRYPT_REENCRYPT_INVALID /**< Invalid state. */ +} crypt_reencrypt_info; + +/** + * LUKS2 reencryption status. + * + * @param cd crypt device handle + * @param params reencryption parameters + * + * @return reencryption status info and parameters. + */ +crypt_reencrypt_info crypt_reencrypt_status(struct crypt_device *cd, + struct crypt_params_reencrypt *params); +/** @} */ + +/** + * @defgroup crypt-memory Safe memory helpers functions + * @addtogroup crypt-memory + * @{ + */ + +/** + * Allocate safe memory (content is safely wiped on deallocation). + * + * @param size size of memory in bytes + * + * @return pointer to allocate memory or @e NULL. + */ +void *crypt_safe_alloc(size_t size); + +/** + * Release safe memory, content is safely wiped + * The pointer must be allocated with @link crypt_safe_alloc @endlink + * + * @param data pointer to memory to be deallocated + * + * @return pointer to allocate memory or @e NULL. + */ +void crypt_safe_free(void *data); + +/** + * Reallocate safe memory (content is copied and safely wiped on deallocation). + * + * @param data pointer to memory to be deallocated + * @param size new size of memory in bytes + * + * @return pointer to allocate memory or @e NULL. + */ +void *crypt_safe_realloc(void *data, size_t size); + +/** + * Safe clear memory area (compile should not compile this call out). + * + * @param data pointer to memory to cleared + * @param size new size of memory in bytes + * + * @return pointer to allocate memory or @e NULL. + */ +void crypt_safe_memzero(void *data, size_t size); /** @} */ diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym index 27c5cb4..59a998c 100644 --- a/lib/libcryptsetup.sym +++ b/lib/libcryptsetup.sym @@ -1,21 +1,24 @@ -CRYPTSETUP_1.0 { +CRYPTSETUP_2.0 { global: crypt_init; + crypt_init_data_device; crypt_init_by_name; crypt_init_by_name_and_header; + crypt_set_log_callback; crypt_set_confirm_callback; - crypt_set_password_callback; - crypt_set_timeout; - crypt_set_password_retry; - crypt_set_iterarion_time; crypt_set_iteration_time; - crypt_set_password_verify; crypt_set_uuid; + crypt_set_label; crypt_set_data_device; + crypt_set_compatibility; + crypt_get_compatibility; + crypt_memory_lock; + crypt_metadata_locking; crypt_format; + crypt_convert; crypt_load; crypt_repair; crypt_resize; @@ -23,51 +26,108 @@ CRYPTSETUP_1.0 { crypt_resume_by_passphrase; crypt_resume_by_keyfile; crypt_resume_by_keyfile_offset; + crypt_resume_by_keyfile_device_offset; + crypt_resume_by_volume_key; crypt_free; crypt_keyslot_add_by_passphrase; crypt_keyslot_change_by_passphrase; crypt_keyslot_add_by_keyfile; crypt_keyslot_add_by_keyfile_offset; + crypt_keyslot_add_by_keyfile_device_offset; crypt_keyslot_add_by_volume_key; + crypt_keyslot_add_by_key; + + crypt_keyslot_set_priority; + crypt_keyslot_get_priority; + + crypt_token_json_get; + crypt_token_json_set; + crypt_token_status; + crypt_token_luks2_keyring_get; + crypt_token_luks2_keyring_set; + crypt_token_assign_keyslot; + crypt_token_unassign_keyslot; + crypt_token_is_assigned; + crypt_token_register; + + crypt_activate_by_token; + crypt_keyslot_destroy; crypt_activate_by_passphrase; crypt_activate_by_keyfile; crypt_activate_by_keyfile_offset; + crypt_activate_by_keyfile_device_offset; crypt_activate_by_volume_key; + crypt_activate_by_signed_key; + crypt_activate_by_keyring; crypt_deactivate; + crypt_deactivate_by_name; crypt_volume_key_get; crypt_volume_key_verify; + crypt_volume_key_keyring; crypt_status; crypt_dump; crypt_benchmark; - crypt_benchmark_kdf; + crypt_benchmark_pbkdf; crypt_get_cipher; crypt_get_cipher_mode; + crypt_get_integrity_info; crypt_get_uuid; + crypt_set_data_offset; crypt_get_data_offset; crypt_get_iv_offset; crypt_get_volume_key_size; crypt_get_device_name; + crypt_get_metadata_device_name; + crypt_get_metadata_size; + crypt_set_metadata_size; crypt_get_verity_info; + crypt_get_sector_size; crypt_get_type; + crypt_get_default_type; crypt_get_active_device; + crypt_get_active_integrity_failures; + crypt_persistent_flags_set; + crypt_persistent_flags_get; crypt_set_rng_type; crypt_get_rng_type; + crypt_set_pbkdf_type; + crypt_get_pbkdf_type; + crypt_get_pbkdf_type_params; + crypt_get_pbkdf_default; crypt_keyslot_max; crypt_keyslot_area; crypt_keyslot_status; - crypt_last_error; - crypt_get_error; + crypt_keyslot_get_key_size; + crypt_keyslot_set_encryption; + crypt_keyslot_get_encryption; + crypt_keyslot_get_pbkdf; + crypt_get_dir; crypt_set_debug_level; crypt_log; crypt_header_backup; crypt_header_restore; + + crypt_keyfile_read; + crypt_keyfile_device_read; + + crypt_wipe; + + crypt_reencrypt_init_by_passphrase; + crypt_reencrypt_init_by_keyring; + crypt_reencrypt; + crypt_reencrypt_status; + + crypt_safe_alloc; + crypt_safe_realloc; + crypt_safe_free; + crypt_safe_memzero; local: *; }; diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c index 316fa5f..a82163b 100644 --- a/lib/libdevmapper.c +++ b/lib/libdevmapper.c @@ -1,10 +1,10 @@ /* * libdevmapper - device-mapper backend for cryptsetup * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2015, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,26 +22,41 @@ */ #include +#include +#include #include #include #include -#include #include #include +#include +#ifdef HAVE_SYS_SYSMACROS_H +# include /* for major, minor */ +#endif #include "internal.h" #define DM_UUID_LEN 129 +#define DM_BY_ID_PREFIX "dm-uuid-" +#define DM_BY_ID_PREFIX_LEN 8 #define DM_UUID_PREFIX "CRYPT-" #define DM_UUID_PREFIX_LEN 6 #define DM_CRYPT_TARGET "crypt" #define DM_VERITY_TARGET "verity" +#define DM_INTEGRITY_TARGET "integrity" +#define DM_LINEAR_TARGET "linear" +#define DM_ERROR_TARGET "error" +#define DM_ZERO_TARGET "zero" #define RETRY_COUNT 5 -/* Set if dm-crypt version was probed */ -static int _dm_crypt_checked = 0; +/* Set if DM target versions were probed */ +static bool _dm_ioctl_checked = false; +static bool _dm_crypt_checked = false; +static bool _dm_verity_checked = false; +static bool _dm_integrity_checked = false; + static int _quiet_log = 0; -static uint32_t _dm_crypt_flags = 0; +static uint32_t _dm_flags = 0; static struct crypt_device *_context = NULL; static int _dm_use_count = 0; @@ -86,96 +101,194 @@ static void set_dm_error(int level, if (vasprintf(&msg, f, va) > 0) { if (level < 4 && !_quiet_log) { log_err(_context, "%s", msg); - log_err(_context, "\n"); } else { /* We do not use DM visual stack backtrace here */ if (strncmp(msg, "", 11)) - log_dbg("%s", msg); + log_dbg(_context, "%s", msg); } } free(msg); va_end(va); } -static int _dm_simple(int task, const char *name, int udev_wait); - -static int _dm_satisfies_version(unsigned target_maj, unsigned target_min, - unsigned actual_maj, unsigned actual_min) +static int _dm_satisfies_version(unsigned target_maj, unsigned target_min, unsigned target_patch, + unsigned actual_maj, unsigned actual_min, unsigned actual_patch) { if (actual_maj > target_maj) return 1; - if (actual_maj == target_maj && actual_min >= target_min) + if (actual_maj == target_maj && actual_min > target_min) + return 1; + + if (actual_maj == target_maj && actual_min == target_min && actual_patch >= target_patch) return 1; return 0; } -static void _dm_set_crypt_compat(const char *dm_version, unsigned crypt_maj, - unsigned crypt_min, unsigned crypt_patch) +static void _dm_set_crypt_compat(struct crypt_device *cd, + unsigned crypt_maj, + unsigned crypt_min, + unsigned crypt_patch) { - unsigned dm_maj, dm_min, dm_patch; + if (_dm_crypt_checked || crypt_maj == 0) + return; - if (sscanf(dm_version, "%u.%u.%u", &dm_maj, &dm_min, &dm_patch) != 3) - dm_maj = dm_min = dm_patch = 0; + log_dbg(cd, "Detected dm-crypt version %i.%i.%i.", + crypt_maj, crypt_min, crypt_patch); - log_dbg("Detected dm-crypt version %i.%i.%i, dm-ioctl version %u.%u.%u.", - crypt_maj, crypt_min, crypt_patch, dm_maj, dm_min, dm_patch); - - if (_dm_satisfies_version(1, 2, crypt_maj, crypt_min)) - _dm_crypt_flags |= DM_KEY_WIPE_SUPPORTED; + if (_dm_satisfies_version(1, 2, 0, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_KEY_WIPE_SUPPORTED; else - log_dbg("Suspend and resume disabled, no wipe key support."); - - if (_dm_satisfies_version(1, 10, crypt_maj, crypt_min)) - _dm_crypt_flags |= DM_LMK_SUPPORTED; + log_dbg(cd, "Suspend and resume disabled, no wipe key support."); - if (_dm_satisfies_version(4, 20, dm_maj, dm_min)) - _dm_crypt_flags |= DM_SECURE_SUPPORTED; + if (_dm_satisfies_version(1, 10, 0, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_LMK_SUPPORTED; /* not perfect, 2.6.33 supports with 1.7.0 */ - if (_dm_satisfies_version(1, 8, crypt_maj, crypt_min)) - _dm_crypt_flags |= DM_PLAIN64_SUPPORTED; + if (_dm_satisfies_version(1, 8, 0, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_PLAIN64_SUPPORTED; - if (_dm_satisfies_version(1, 11, crypt_maj, crypt_min)) - _dm_crypt_flags |= DM_DISCARDS_SUPPORTED; + if (_dm_satisfies_version(1, 11, 0, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_DISCARDS_SUPPORTED; - if (_dm_satisfies_version(1, 13, crypt_maj, crypt_min)) - _dm_crypt_flags |= DM_TCW_SUPPORTED; + if (_dm_satisfies_version(1, 13, 0, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_TCW_SUPPORTED; - if (_dm_satisfies_version(1, 14, crypt_maj, crypt_min)) { - _dm_crypt_flags |= DM_SAME_CPU_CRYPT_SUPPORTED; - _dm_crypt_flags |= DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED; + if (_dm_satisfies_version(1, 14, 0, crypt_maj, crypt_min, crypt_patch)) { + _dm_flags |= DM_SAME_CPU_CRYPT_SUPPORTED; + _dm_flags |= DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED; } - /* Repeat test if dm-crypt is not present */ - if (crypt_maj > 0) - _dm_crypt_checked = 1; + if (_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_KERNEL_KEYRING_SUPPORTED; + + if (_dm_satisfies_version(1, 17, 0, crypt_maj, crypt_min, crypt_patch)) { + _dm_flags |= DM_SECTOR_SIZE_SUPPORTED; + _dm_flags |= DM_CAPI_STRING_SUPPORTED; + } + + if (_dm_satisfies_version(1, 19, 0, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_BITLK_EBOIV_SUPPORTED; + + if (_dm_satisfies_version(1, 20, 0, crypt_maj, crypt_min, crypt_patch)) + _dm_flags |= DM_BITLK_ELEPHANT_SUPPORTED; + + _dm_crypt_checked = true; } -static void _dm_set_verity_compat(const char *dm_version, unsigned verity_maj, - unsigned verity_min, unsigned verity_patch) +static void _dm_set_verity_compat(struct crypt_device *cd, + unsigned verity_maj, + unsigned verity_min, + unsigned verity_patch) { - if (verity_maj > 0) - _dm_crypt_flags |= DM_VERITY_SUPPORTED; + if (_dm_verity_checked || verity_maj == 0) + return; - log_dbg("Detected dm-verity version %i.%i.%i.", + log_dbg(cd, "Detected dm-verity version %i.%i.%i.", verity_maj, verity_min, verity_patch); + + _dm_flags |= DM_VERITY_SUPPORTED; + + /* + * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1) + * ignore_zero_blocks since 1.3 (kernel 4.5) + * (but some dm-verity targets 1.2 don't support it) + * FEC is added in 1.3 as well. + * Check at most once is added in 1.4 (kernel 4.17). + */ + if (_dm_satisfies_version(1, 3, 0, verity_maj, verity_min, verity_patch)) { + _dm_flags |= DM_VERITY_ON_CORRUPTION_SUPPORTED; + _dm_flags |= DM_VERITY_FEC_SUPPORTED; + } + + if (_dm_satisfies_version(1, 5, 0, verity_maj, verity_min, verity_patch)) + _dm_flags |= DM_VERITY_SIGNATURE_SUPPORTED; + + _dm_verity_checked = true; +} + +static void _dm_set_integrity_compat(struct crypt_device *cd, + unsigned integrity_maj, + unsigned integrity_min, + unsigned integrity_patch) +{ + if (_dm_integrity_checked || integrity_maj == 0) + return; + + log_dbg(cd, "Detected dm-integrity version %i.%i.%i.", + integrity_maj, integrity_min, integrity_patch); + + _dm_flags |= DM_INTEGRITY_SUPPORTED; + + if (_dm_satisfies_version(1, 2, 0, integrity_maj, integrity_min, integrity_patch)) + _dm_flags |= DM_INTEGRITY_RECALC_SUPPORTED; + + if (_dm_satisfies_version(1, 3, 0, integrity_maj, integrity_min, integrity_patch)) + _dm_flags |= DM_INTEGRITY_BITMAP_SUPPORTED; + + if (_dm_satisfies_version(1, 4, 0, integrity_maj, integrity_min, integrity_patch)) + _dm_flags |= DM_INTEGRITY_FIX_PADDING_SUPPORTED; + + if (_dm_satisfies_version(1, 6, 0, integrity_maj, integrity_min, integrity_patch)) + _dm_flags |= DM_INTEGRITY_DISCARDS_SUPPORTED; + + _dm_integrity_checked = true; +} + +/* We use this for loading target module */ +static void _dm_check_target(dm_target_type target_type) +{ +#if HAVE_DECL_DM_DEVICE_GET_TARGET_VERSION + struct dm_task *dmt; + const char *target_name = NULL; + + if (!(_dm_flags & DM_GET_TARGET_VERSION_SUPPORTED)) + return; + + if (target_type == DM_CRYPT) + target_name = DM_CRYPT_TARGET; + else if (target_type == DM_VERITY) + target_name = DM_VERITY_TARGET; + else if (target_type == DM_INTEGRITY) + target_name = DM_INTEGRITY_TARGET; + else + return; + + if (!(dmt = dm_task_create(DM_DEVICE_GET_TARGET_VERSION))) + goto out; + + if (!dm_task_set_name(dmt, target_name)) + goto out; + + if (!dm_task_run(dmt)) + goto out; +out: + if (dmt) + dm_task_destroy(dmt); +#endif } -static int _dm_check_versions(void) +static int _dm_check_versions(struct crypt_device *cd, dm_target_type target_type) { struct dm_task *dmt; struct dm_versions *target, *last_target; char dm_version[16]; + unsigned dm_maj, dm_min, dm_patch; int r = 0; - if (_dm_crypt_checked) + if ((target_type == DM_CRYPT && _dm_crypt_checked) || + (target_type == DM_VERITY && _dm_verity_checked) || + (target_type == DM_INTEGRITY && _dm_integrity_checked) || + (target_type == DM_LINEAR) || (target_type == DM_ZERO) || + (_dm_crypt_checked && _dm_verity_checked && _dm_integrity_checked)) return 1; /* Shut up DM while checking */ _quiet_log = 1; + _dm_check_target(target_type); + /* FIXME: add support to DM so it forces crypt target module load here */ if (!(dmt = dm_task_create(DM_DEVICE_LIST_VERSIONS))) goto out; @@ -186,26 +299,48 @@ static int _dm_check_versions(void) if (!dm_task_get_driver_version(dmt, dm_version, sizeof(dm_version))) goto out; + if (!_dm_ioctl_checked) { + if (sscanf(dm_version, "%u.%u.%u", &dm_maj, &dm_min, &dm_patch) != 3) + goto out; + log_dbg(cd, "Detected dm-ioctl version %u.%u.%u.", dm_maj, dm_min, dm_patch); + + if (_dm_satisfies_version(4, 20, 0, dm_maj, dm_min, dm_patch)) + _dm_flags |= DM_SECURE_SUPPORTED; +#if HAVE_DECL_DM_TASK_DEFERRED_REMOVE + if (_dm_satisfies_version(4, 27, 0, dm_maj, dm_min, dm_patch)) + _dm_flags |= DM_DEFERRED_SUPPORTED; +#endif +#if HAVE_DECL_DM_DEVICE_GET_TARGET_VERSION + if (_dm_satisfies_version(4, 41, 0, dm_maj, dm_min, dm_patch)) + _dm_flags |= DM_GET_TARGET_VERSION_SUPPORTED; +#endif + } + target = dm_task_get_versions(dmt); do { last_target = target; if (!strcmp(DM_CRYPT_TARGET, target->name)) { - _dm_set_crypt_compat(dm_version, - (unsigned)target->version[0], + _dm_set_crypt_compat(cd, (unsigned)target->version[0], (unsigned)target->version[1], (unsigned)target->version[2]); } else if (!strcmp(DM_VERITY_TARGET, target->name)) { - _dm_set_verity_compat(dm_version, - (unsigned)target->version[0], - (unsigned)target->version[1], - (unsigned)target->version[2]); + _dm_set_verity_compat(cd, (unsigned)target->version[0], + (unsigned)target->version[1], + (unsigned)target->version[2]); + } else if (!strcmp(DM_INTEGRITY_TARGET, target->name)) { + _dm_set_integrity_compat(cd, (unsigned)target->version[0], + (unsigned)target->version[1], + (unsigned)target->version[2]); } target = (struct dm_versions *)((char *) target + target->next); } while (last_target != target); r = 1; - log_dbg("Device-mapper backend running with UDEV support %sabled.", - _dm_use_udev() ? "en" : "dis"); + if (!_dm_ioctl_checked) + log_dbg(cd, "Device-mapper backend running with UDEV support %sabled.", + _dm_use_udev() ? "en" : "dis"); + + _dm_ioctl_checked = true; out: if (dmt) dm_task_destroy(dmt); @@ -214,26 +349,38 @@ out: return r; } -uint32_t dm_flags(void) +int dm_flags(struct crypt_device *cd, dm_target_type target, uint32_t *flags) { - _dm_check_versions(); - return _dm_crypt_flags; + _dm_check_versions(cd, target); + *flags = _dm_flags; + + if (target == DM_UNKNOWN && + _dm_crypt_checked && _dm_verity_checked && _dm_integrity_checked) + return 0; + + if ((target == DM_CRYPT && _dm_crypt_checked) || + (target == DM_VERITY && _dm_verity_checked) || + (target == DM_INTEGRITY && _dm_integrity_checked) || + (target == DM_LINEAR) || (target == DM_ZERO)) /* nothing to check */ + return 0; + + return -ENODEV; } /* This doesn't run any kernel checks, just set up userspace libdevmapper */ -void dm_backend_init(void) +void dm_backend_init(struct crypt_device *cd) { if (!_dm_use_count++) { - log_dbg("Initialising device-mapper backend library."); + log_dbg(cd, "Initialising device-mapper backend library."); dm_log_init(set_dm_error); dm_log_init_verbose(10); } } -void dm_backend_exit(void) +void dm_backend_exit(struct crypt_device *cd) { if (_dm_use_count && (!--_dm_use_count)) { - log_dbg("Releasing device-mapper backend."); + log_dbg(cd, "Releasing device-mapper backend."); dm_log_init_verbose(0); dm_log_init(NULL); dm_lib_release(); @@ -244,16 +391,16 @@ void dm_backend_exit(void) * libdevmapper is not context friendly, switch context on every DM call. * FIXME: this is not safe if called in parallel but neither is DM lib. */ -static int dm_init_context(struct crypt_device *cd) +static int dm_init_context(struct crypt_device *cd, dm_target_type target) { _context = cd; - if (!_dm_check_versions()) { + if (!_dm_check_versions(cd, target)) { if (getuid() || geteuid()) log_err(cd, _("Cannot initialize device-mapper, " - "running as non-root user.\n")); + "running as non-root user.")); else log_err(cd, _("Cannot initialize device-mapper. " - "Is dm_mod kernel module loaded?\n")); + "Is dm_mod kernel module loaded?")); _context = NULL; return -ENOTSUP; } @@ -275,6 +422,7 @@ char *dm_device_path(const char *prefix, int major, int minor) return NULL; if (!dm_task_set_minor(dmt, minor) || !dm_task_set_major(dmt, major) || + !dm_task_no_flush(dmt) || !dm_task_run(dmt) || !(name = dm_task_get_name(dmt))) { dm_task_destroy(dmt); @@ -289,6 +437,16 @@ char *dm_device_path(const char *prefix, int major, int minor) return strdup(path); } +char *dm_device_name(const char *path) +{ + struct stat st; + + if (stat(path, &st) < 0 || !S_ISBLK(st.st_mode)) + return NULL; + + return dm_device_path(NULL, major(st.st_rdev), minor(st.st_rdev)); +} + static void hex_key(char *hexkey, size_t key_size, const char *key) { unsigned i; @@ -297,14 +455,158 @@ static void hex_key(char *hexkey, size_t key_size, const char *key) sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]); } +static size_t int_log10(uint64_t x) +{ + uint64_t r = 0; + for (x /= 10; x > 0; x /= 10) + r++; + return r; +} + +#define CLEN 64 /* 2*MAX_CIPHER_LEN */ +#define CLENS "63" /* for sscanf length + '\0' */ +#define CAPIL 144 /* should be enough to fit whole capi string */ +#define CAPIS "143" /* for sscanf of crypto API string + 16 + \0 */ + +static int cipher_c2dm(const char *org_c, const char *org_i, unsigned tag_size, + char *c_dm, int c_dm_size, + char *i_dm, int i_dm_size) +{ + int c_size = 0, i_size = 0, i; + char cipher[CLEN], mode[CLEN], iv[CLEN+1], tmp[CLEN]; + char capi[CAPIL]; + + if (!c_dm || !c_dm_size || !i_dm || !i_dm_size) + return -EINVAL; + + i = sscanf(org_c, "%" CLENS "[^-]-%" CLENS "s", cipher, tmp); + if (i != 2) + return -EINVAL; + + i = sscanf(tmp, "%" CLENS "[^-]-%" CLENS "s", mode, iv); + if (i == 1) { + memset(iv, 0, sizeof(iv)); + strncpy(iv, mode, sizeof(iv)-1); + *mode = '\0'; + if (snprintf(capi, sizeof(capi), "%s", cipher) < 0) + return -EINVAL; + } else if (i == 2) { + if (snprintf(capi, sizeof(capi), "%s(%s)", mode, cipher) < 0) + return -EINVAL; + } else + return -EINVAL; + + if (!org_i) { + /* legacy mode: CIPHER-MODE-IV*/ + i_size = snprintf(i_dm, i_dm_size, "%s", ""); + c_size = snprintf(c_dm, c_dm_size, "%s", org_c); + } else if (!strcmp(org_i, "none")) { + /* IV only: capi:MODE(CIPHER)-IV */ + i_size = snprintf(i_dm, i_dm_size, " integrity:%u:none", tag_size); + c_size = snprintf(c_dm, c_dm_size, "capi:%s-%s", capi, iv); + } else if (!strcmp(org_i, "aead") && !strcmp(mode, "ccm")) { + /* CCM AEAD: capi:rfc4309(MODE(CIPHER))-IV */ + i_size = snprintf(i_dm, i_dm_size, " integrity:%u:aead", tag_size); + c_size = snprintf(c_dm, c_dm_size, "capi:rfc4309(%s)-%s", capi, iv); + } else if (!strcmp(org_i, "aead")) { + /* AEAD: capi:MODE(CIPHER))-IV */ + i_size = snprintf(i_dm, i_dm_size, " integrity:%u:aead", tag_size); + c_size = snprintf(c_dm, c_dm_size, "capi:%s-%s", capi, iv); + } else if (!strcmp(org_i, "poly1305")) { + /* POLY1305 AEAD: capi:rfc7539(MODE(CIPHER),POLY1305)-IV */ + i_size = snprintf(i_dm, i_dm_size, " integrity:%u:aead", tag_size); + c_size = snprintf(c_dm, c_dm_size, "capi:rfc7539(%s,poly1305)-%s", capi, iv); + } else { + /* other AEAD: capi:authenc(,MODE(CIPHER))-IV */ + i_size = snprintf(i_dm, i_dm_size, " integrity:%u:aead", tag_size); + c_size = snprintf(c_dm, c_dm_size, "capi:authenc(%s,%s)-%s", org_i, capi, iv); + } + + if (c_size < 0 || c_size == c_dm_size) + return -EINVAL; + if (i_size < 0 || i_size == i_dm_size) + return -EINVAL; + + return 0; +} + +static int cipher_dm2c(char **org_c, char **org_i, const char *c_dm, const char *i_dm) +{ + char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN]; + char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1]; + size_t len; + int i; + + if (!c_dm) + return -EINVAL; + + /* legacy mode */ + if (strncmp(c_dm, "capi:", 4)) { + if (!(*org_c = strdup(c_dm))) + return -ENOMEM; + *org_i = NULL; + return 0; + } + + /* modes with capi: prefix */ + i = sscanf(c_dm, "capi:%" CAPIS "[^-]-%" CLENS "s", tmp, iv); + if (i != 2) + return -EINVAL; + + len = strlen(tmp); + if (len < 2) + return -EINVAL; + + if (tmp[len-1] == ')') + tmp[len-1] = '\0'; + + if (sscanf(tmp, "rfc4309(%" CAPIS "s", capi) == 1) { + if (!(*org_i = strdup("aead"))) + return -ENOMEM; + } else if (sscanf(tmp, "rfc7539(%" CAPIS "[^,],%" CLENS "s", capi, auth) == 2) { + if (!(*org_i = strdup(auth))) + return -ENOMEM; + } else if (sscanf(tmp, "authenc(%" CLENS "[^,],%" CAPIS "s", auth, capi) == 2) { + if (!(*org_i = strdup(auth))) + return -ENOMEM; + } else { + if (i_dm) { + if (!(*org_i = strdup(i_dm))) + return -ENOMEM; + } else + *org_i = NULL; + memset(capi, 0, sizeof(capi)); + strncpy(capi, tmp, sizeof(capi)-1); + } + + i = sscanf(capi, "%" CLENS "[^(](%" CLENS "[^)])", mode, cipher); + if (i == 2) + snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv); + else + snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv); + + if (!(*org_c = strdup(dmcrypt_tmp))) { + free(*org_i); + *org_i = NULL; + return -ENOMEM; + } + + return 0; +} + /* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt */ -static char *get_dm_crypt_params(struct crypt_dm_active_device *dmd, uint32_t flags) +static char *get_dm_crypt_params(const struct dm_target *tgt, uint32_t flags) { - int r, max_size, null_cipher = 0, num_options = 0; + int r, max_size, null_cipher = 0, num_options = 0, keystr_len = 0; char *params, *hexkey; - char features[256]; + char sector_feature[32], features[512], integrity_dm[256], cipher_dm[256]; - if (!dmd) + if (!tgt) + return NULL; + + r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size, + cipher_dm, sizeof(cipher_dm), integrity_dm, sizeof(integrity_dm)); + if (r < 0) return NULL; if (flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) @@ -313,37 +615,60 @@ static char *get_dm_crypt_params(struct crypt_dm_active_device *dmd, uint32_t fl num_options++; if (flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) num_options++; + if (flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS) + num_options++; + if (tgt->u.crypt.integrity) + num_options++; - if (num_options) - snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options, + if (tgt->u.crypt.sector_size != SECTOR_SIZE) { + num_options++; + snprintf(sector_feature, sizeof(sector_feature), " sector_size:%u", tgt->u.crypt.sector_size); + } else + *sector_feature = '\0'; + + if (num_options) { + snprintf(features, sizeof(features)-1, " %d%s%s%s%s%s%s", num_options, (flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? " allow_discards" : "", (flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT) ? " same_cpu_crypt" : "", - (flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? " submit_from_crypt_cpus" : ""); - else + (flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? " submit_from_crypt_cpus" : "", + (flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS) ? " iv_large_sectors" : "", + sector_feature, integrity_dm); + } else *features = '\0'; - if (!strncmp(dmd->u.crypt.cipher, "cipher_null-", 12)) + if (!strncmp(cipher_dm, "cipher_null-", 12)) null_cipher = 1; - hexkey = crypt_safe_alloc(null_cipher ? 2 : (dmd->u.crypt.vk->keylength * 2 + 1)); + if (flags & CRYPT_ACTIVATE_KEYRING_KEY) { + keystr_len = strlen(tgt->u.crypt.vk->key_description) + int_log10(tgt->u.crypt.vk->keylength) + 10; + hexkey = crypt_safe_alloc(keystr_len); + } else + hexkey = crypt_safe_alloc(null_cipher ? 2 : (tgt->u.crypt.vk->keylength * 2 + 1)); + if (!hexkey) return NULL; if (null_cipher) strncpy(hexkey, "-", 2); - else - hex_key(hexkey, dmd->u.crypt.vk->keylength, dmd->u.crypt.vk->key); + else if (flags & CRYPT_ACTIVATE_KEYRING_KEY) { + r = snprintf(hexkey, keystr_len, ":%zu:logon:%s", tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key_description); + if (r < 0 || r >= keystr_len) { + params = NULL; + goto out; + } + } else + hex_key(hexkey, tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key); - max_size = strlen(hexkey) + strlen(dmd->u.crypt.cipher) + - strlen(device_block_path(dmd->data_device)) + + max_size = strlen(hexkey) + strlen(cipher_dm) + + strlen(device_block_path(tgt->data_device)) + strlen(features) + 64; params = crypt_safe_alloc(max_size); if (!params) goto out; r = snprintf(params, max_size, "%s %s %" PRIu64 " %s %" PRIu64 "%s", - dmd->u.crypt.cipher, hexkey, dmd->u.crypt.iv_offset, - device_block_path(dmd->data_device), dmd->u.crypt.offset, + cipher_dm, hexkey, tgt->u.crypt.iv_offset, + device_block_path(tgt->data_device), tgt->u.crypt.offset, features); if (r < 0 || r >= max_size) { crypt_safe_free(params); @@ -355,19 +680,61 @@ out: } /* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity */ -static char *get_dm_verity_params(struct crypt_params_verity *vp, - struct crypt_dm_active_device *dmd) +static char *get_dm_verity_params(const struct dm_target *tgt, uint32_t flags) { - int max_size, r; + int max_size, r, num_options = 0; + struct crypt_params_verity *vp; char *params = NULL, *hexroot = NULL, *hexsalt = NULL; + char features[256], fec_features[256], verity_verify_args[512+32]; - if (!vp || !dmd) + if (!tgt || !tgt->u.verity.vp) return NULL; - hexroot = crypt_safe_alloc(dmd->u.verity.root_hash_size * 2 + 1); + vp = tgt->u.verity.vp; + + /* These flags are not compatible */ + if ((flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) && + (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION)) + flags &= ~CRYPT_ACTIVATE_IGNORE_CORRUPTION; + + if (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) + num_options++; + if (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) + num_options++; + if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) + num_options++; + if (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) + num_options++; + + if (tgt->u.verity.fec_device) { + num_options += 8; + snprintf(fec_features, sizeof(fec_features)-1, + " use_fec_from_device %s fec_start %" PRIu64 " fec_blocks %" PRIu64 " fec_roots %" PRIu32, + device_block_path(tgt->u.verity.fec_device), tgt->u.verity.fec_offset, + vp->data_size + tgt->u.verity.hash_blocks, vp->fec_roots); + } else + *fec_features = '\0'; + + if (tgt->u.verity.root_hash_sig_key_desc) { + num_options += 2; + snprintf(verity_verify_args, sizeof(verity_verify_args)-1, + " root_hash_sig_key_desc %s", tgt->u.verity.root_hash_sig_key_desc); + } else + *verity_verify_args = '\0'; + + if (num_options) + snprintf(features, sizeof(features)-1, " %d%s%s%s%s", num_options, + (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "", + (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "", + (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "", + (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? " check_at_most_once" : ""); + else + *features = '\0'; + + hexroot = crypt_safe_alloc(tgt->u.verity.root_hash_size * 2 + 1); if (!hexroot) goto out; - hex_key(hexroot, dmd->u.verity.root_hash_size, dmd->u.verity.root_hash); + hex_key(hexroot, tgt->u.verity.root_hash_size, tgt->u.verity.root_hash); hexsalt = crypt_safe_alloc(vp->salt_size ? vp->salt_size * 2 + 1 : 2); if (!hexsalt) @@ -378,21 +745,24 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp, strncpy(hexsalt, "-", 2); max_size = strlen(hexroot) + strlen(hexsalt) + - strlen(device_block_path(dmd->data_device)) + - strlen(device_block_path(dmd->u.verity.hash_device)) + - strlen(vp->hash_name) + 128; + strlen(device_block_path(tgt->data_device)) + + strlen(device_block_path(tgt->u.verity.hash_device)) + + strlen(vp->hash_name) + strlen(features) + strlen(fec_features) + 128 + + strlen(verity_verify_args); params = crypt_safe_alloc(max_size); if (!params) goto out; r = snprintf(params, max_size, - "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s", - vp->hash_type, device_block_path(dmd->data_device), - device_block_path(dmd->u.verity.hash_device), + "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s%s%s%s", + vp->hash_type, device_block_path(tgt->data_device), + device_block_path(tgt->u.verity.hash_device), vp->data_block_size, vp->hash_block_size, - vp->data_size, dmd->u.verity.hash_offset, - vp->hash_name, hexroot, hexsalt); + vp->data_size, tgt->u.verity.hash_offset, + vp->hash_name, hexroot, hexsalt, features, fec_features, + verity_verify_args); + if (r < 0 || r >= max_size) { crypt_safe_free(params); params = NULL; @@ -401,11 +771,208 @@ out: crypt_safe_free(hexroot); crypt_safe_free(hexsalt); return params; +} + +static char *get_dm_integrity_params(const struct dm_target *tgt, uint32_t flags) +{ + int r, max_size, num_options = 0; + char *params, *hexkey, mode; + char features[512], feature[256]; + + if (!tgt) + return NULL; + + max_size = strlen(device_block_path(tgt->data_device)) + + (tgt->u.integrity.meta_device ? strlen(device_block_path(tgt->u.integrity.meta_device)) : 0) + + (tgt->u.integrity.vk ? tgt->u.integrity.vk->keylength * 2 : 0) + + (tgt->u.integrity.journal_integrity_key ? tgt->u.integrity.journal_integrity_key->keylength * 2 : 0) + + (tgt->u.integrity.journal_crypt_key ? tgt->u.integrity.journal_crypt_key->keylength * 2 : 0) + + (tgt->u.integrity.integrity ? strlen(tgt->u.integrity.integrity) : 0) + + (tgt->u.integrity.journal_integrity ? strlen(tgt->u.integrity.journal_integrity) : 0) + + (tgt->u.integrity.journal_crypt ? strlen(tgt->u.integrity.journal_crypt) : 0) + 128; + + params = crypt_safe_alloc(max_size); + if (!params) + return NULL; + + *features = '\0'; + if (tgt->u.integrity.journal_size) { + num_options++; + snprintf(feature, sizeof(feature), "journal_sectors:%u ", + (unsigned)(tgt->u.integrity.journal_size / SECTOR_SIZE)); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + if (tgt->u.integrity.journal_watermark) { + num_options++; + snprintf(feature, sizeof(feature), + /* bitmap overloaded values */ + (flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) ? "sectors_per_bit:%u " : "journal_watermark:%u ", + tgt->u.integrity.journal_watermark); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + if (tgt->u.integrity.journal_commit_time) { + num_options++; + snprintf(feature, sizeof(feature), + /* bitmap overloaded values */ + (flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) ? "bitmap_flush_interval:%u " : "commit_time:%u ", + tgt->u.integrity.journal_commit_time); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + if (tgt->u.integrity.interleave_sectors) { + num_options++; + snprintf(feature, sizeof(feature), "interleave_sectors:%u ", + tgt->u.integrity.interleave_sectors); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + if (tgt->u.integrity.sector_size) { + num_options++; + snprintf(feature, sizeof(feature), "block_size:%u ", + tgt->u.integrity.sector_size); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + if (tgt->u.integrity.buffer_sectors) { + num_options++; + snprintf(feature, sizeof(feature), "buffer_sectors:%u ", + tgt->u.integrity.buffer_sectors); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + if (tgt->u.integrity.integrity) { + num_options++; + + if (tgt->u.integrity.vk) { + hexkey = crypt_safe_alloc(tgt->u.integrity.vk->keylength * 2 + 1); + if (!hexkey) { + crypt_safe_free(params); + return NULL; + } + hex_key(hexkey, tgt->u.integrity.vk->keylength, tgt->u.integrity.vk->key); + } else + hexkey = NULL; + + snprintf(feature, sizeof(feature), "internal_hash:%s%s%s ", + tgt->u.integrity.integrity, hexkey ? ":" : "", hexkey ?: ""); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + crypt_safe_free(hexkey); + } + + if (tgt->u.integrity.journal_integrity) { + num_options++; + + if (tgt->u.integrity.journal_integrity_key) { + hexkey = crypt_safe_alloc(tgt->u.integrity.journal_integrity_key->keylength * 2 + 1); + if (!hexkey) { + crypt_safe_free(params); + return NULL; + } + hex_key(hexkey, tgt->u.integrity.journal_integrity_key->keylength, + tgt->u.integrity.journal_integrity_key->key); + } else + hexkey = NULL; + + snprintf(feature, sizeof(feature), "journal_mac:%s%s%s ", + tgt->u.integrity.journal_integrity, hexkey ? ":" : "", hexkey ?: ""); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + crypt_safe_free(hexkey); + } + + if (tgt->u.integrity.journal_crypt) { + num_options++; + + if (tgt->u.integrity.journal_crypt_key) { + hexkey = crypt_safe_alloc(tgt->u.integrity.journal_crypt_key->keylength * 2 + 1); + if (!hexkey) { + crypt_safe_free(params); + return NULL; + } + hex_key(hexkey, tgt->u.integrity.journal_crypt_key->keylength, + tgt->u.integrity.journal_crypt_key->key); + } else + hexkey = NULL; + + snprintf(feature, sizeof(feature), "journal_crypt:%s%s%s ", + tgt->u.integrity.journal_crypt, hexkey ? ":" : "", hexkey ?: ""); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + crypt_safe_free(hexkey); + } + if (tgt->u.integrity.fix_padding) { + num_options++; + snprintf(feature, sizeof(feature), "fix_padding "); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + + if (flags & CRYPT_ACTIVATE_RECALCULATE) { + num_options++; + snprintf(feature, sizeof(feature), "recalculate "); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + + if (flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) { + num_options++; + snprintf(feature, sizeof(feature), "allow_discards "); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + + if (tgt->u.integrity.meta_device) { + num_options++; + snprintf(feature, sizeof(feature), "meta_device:%s ", + device_block_path(tgt->u.integrity.meta_device)); + strncat(features, feature, sizeof(features) - strlen(features) - 1); + } + + if (flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) + mode = 'B'; + else if (flags & CRYPT_ACTIVATE_RECOVERY) + mode = 'R'; + else if (flags & CRYPT_ACTIVATE_NO_JOURNAL) + mode = 'D'; + else + mode = 'J'; + + r = snprintf(params, max_size, "%s %" PRIu64 " %d %c %d %s", + device_block_path(tgt->data_device), tgt->u.integrity.offset, + tgt->u.integrity.tag_size, mode, + num_options, *features ? features : ""); + if (r < 0 || r >= max_size) { + crypt_safe_free(params); + params = NULL; + } + + return params; +} + +static char *get_dm_linear_params(const struct dm_target *tgt, uint32_t flags) +{ + char *params; + int r; + int max_size = strlen(device_block_path(tgt->data_device)) + int_log10(tgt->u.linear.offset) + 3; + + params = crypt_safe_alloc(max_size); + if (!params) + return NULL; + + r = snprintf(params, max_size, "%s %" PRIu64, + device_block_path(tgt->data_device), tgt->u.linear.offset); + + if (r < 0 || r >= max_size) { + crypt_safe_free(params); + params = NULL; + } + + return params; +} + +static char *get_dm_zero_params(const struct dm_target *tgt, uint32_t flags) +{ + char *params = crypt_safe_alloc(1); + if (!params) + return NULL; + params[0] = 0; + return params; } /* DM helpers */ -static int _dm_simple(int task, const char *name, int udev_wait) +static int _dm_remove(const char *name, int udev_wait, int deferred) { int r = 0; struct dm_task *dmt; @@ -414,46 +981,75 @@ static int _dm_simple(int task, const char *name, int udev_wait) if (!_dm_use_udev()) udev_wait = 0; - if (!(dmt = dm_task_create(task))) + if (!(dmt = dm_task_create(DM_DEVICE_REMOVE))) return 0; - if (name && !dm_task_set_name(dmt, name)) + if (!dm_task_set_name(dmt, name)) goto out; #if HAVE_DECL_DM_TASK_RETRY_REMOVE - /* Used only in DM_DEVICE_REMOVE */ - if (name && !dm_task_retry_remove(dmt)) + if (!dm_task_retry_remove(dmt)) + goto out; +#endif +#if HAVE_DECL_DM_TASK_DEFERRED_REMOVE + if (deferred && !dm_task_deferred_remove(dmt)) goto out; #endif - if (udev_wait && !_dm_task_set_cookie(dmt, &cookie, 0)) + if (udev_wait && !_dm_task_set_cookie(dmt, &cookie, DM_UDEV_DISABLE_LIBRARY_FALLBACK)) goto out; r = dm_task_run(dmt); if (udev_wait) (void)_dm_udev_wait(cookie); - - out: +out: dm_task_destroy(dmt); return r; } -static int _error_device(const char *name, size_t size) +static int _dm_simple(int task, const char *name, uint32_t dmflags) { - struct dm_task *dmt; int r = 0; + struct dm_task *dmt; - if (!(dmt = dm_task_create(DM_DEVICE_RELOAD))) + if (!(dmt = dm_task_create(task))) return 0; - if (!dm_task_set_name(dmt, name)) - goto error; + if (name && !dm_task_set_name(dmt, name)) + goto out; - if (!dm_task_add_target(dmt, UINT64_C(0), size, "error", "")) - goto error; + if (task == DM_DEVICE_SUSPEND && + (dmflags & DM_SUSPEND_SKIP_LOCKFS) && !dm_task_skip_lockfs(dmt)) + goto out; - if (!dm_task_set_ro(dmt)) - goto error; + if (task == DM_DEVICE_SUSPEND && + (dmflags & DM_SUSPEND_NOFLUSH) && !dm_task_no_flush(dmt)) + goto out; + + r = dm_task_run(dmt); +out: + dm_task_destroy(dmt); + return r; +} + +static int _dm_resume_device(const char *name, uint32_t flags); + +static int _error_device(const char *name, size_t size) +{ + struct dm_task *dmt; + int r = 0; + + if (!(dmt = dm_task_create(DM_DEVICE_RELOAD))) + return 0; + + if (!dm_task_set_name(dmt, name)) + goto error; + + if (!dm_task_add_target(dmt, UINT64_C(0), size, "error", "")) + goto error; + + if (!dm_task_set_ro(dmt)) + goto error; if (!dm_task_no_open_count(dmt)) goto error; @@ -461,7 +1057,7 @@ static int _error_device(const char *name, size_t size) if (!dm_task_run(dmt)) goto error; - if (!_dm_simple(DM_DEVICE_RESUME, name, 1)) { + if (_dm_resume_device(name, 0)) { _dm_simple(DM_DEVICE_CLEAR, name, 0); goto error; } @@ -473,36 +1069,87 @@ error: return r; } -int dm_remove_device(struct crypt_device *cd, const char *name, - int force, uint64_t size) +int dm_error_device(struct crypt_device *cd, const char *name) +{ + int r; + struct crypt_dm_active_device dmd; + + if (!name) + return -EINVAL; + + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + + if ((dm_query_device(cd, name, 0, &dmd) >= 0) && _error_device(name, dmd.size)) + r = 0; + else + r = -EINVAL; + + dm_targets_free(cd, &dmd); + + dm_exit_context(); + + return r; +} + +int dm_clear_device(struct crypt_device *cd, const char *name) +{ + int r; + + if (!name) + return -EINVAL; + + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + + if (_dm_simple(DM_DEVICE_CLEAR, name, 0)) + r = 0; + else + r = -EINVAL; + + dm_exit_context(); + + return r; +} + +int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags) { + struct crypt_dm_active_device dmd = {}; int r = -EINVAL; - int retries = force ? RETRY_COUNT : 1; + int retries = (flags & CRYPT_DEACTIVATE_FORCE) ? RETRY_COUNT : 1; + int deferred = (flags & CRYPT_DEACTIVATE_DEFERRED) ? 1 : 0; int error_target = 0; + uint32_t dmt_flags; - if (!name || (force && !size)) + if (!name) return -EINVAL; - if (dm_init_context(cd)) + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + + if (deferred && !dm_flags(cd, DM_UNKNOWN, &dmt_flags) && !(dmt_flags & DM_DEFERRED_SUPPORTED)) { + log_err(cd, _("Requested deferred flag is not supported.")); + dm_exit_context(); return -ENOTSUP; + } do { - r = _dm_simple(DM_DEVICE_REMOVE, name, 1) ? 0 : -EINVAL; + r = _dm_remove(name, 1, deferred) ? 0 : -EINVAL; if (--retries && r) { - log_dbg("WARNING: other process locked internal device %s, %s.", + log_dbg(cd, "WARNING: other process locked internal device %s, %s.", name, retries ? "retrying remove" : "giving up"); sleep(1); - if (force && !error_target) { + if ((flags & CRYPT_DEACTIVATE_FORCE) && !error_target) { /* If force flag is set, replace device with error, read-only target. * it should stop processes from reading it and also removed underlying * device from mapping, so it is usable again. - * Force flag should be used only for temporary devices, which are - * intended to work inside cryptsetup only! * Anyway, if some process try to read temporary cryptsetup device, * it is bug - no other process should try touch it (e.g. udev). */ - _error_device(name, size); - error_target = 1; + if (!dm_query_device(cd, name, 0, &dmd)) { + _error_device(name, dmd.size); + error_target = 1; + } } } } while (r == -EINVAL && retries); @@ -520,7 +1167,8 @@ int dm_remove_device(struct crypt_device *cd, const char *name, * CRYPT-LUKS1-00000000000000000000000000000000-name * CRYPT-TEMP-name */ -static int dm_prepare_uuid(const char *name, const char *type, const char *uuid, char *buf, size_t buflen) +static int dm_prepare_uuid(struct crypt_device *cd, const char *name, const char *type, + const char *uuid, char *buf, size_t buflen) { char *ptr, uuid2[UUID_LEN] = {0}; uuid_t uu; @@ -529,7 +1177,7 @@ static int dm_prepare_uuid(const char *name, const char *type, const char *uuid, /* Remove '-' chars */ if (uuid) { if (uuid_parse(uuid, uu) < 0) { - log_dbg("Requested UUID %s has invalid format.", uuid); + log_dbg(cd, "Requested UUID %s has invalid format.", uuid); return 0; } @@ -545,102 +1193,182 @@ static int dm_prepare_uuid(const char *name, const char *type, const char *uuid, uuid2[0] ? uuid2 : "", uuid2[0] ? "-" : "", name); - log_dbg("DM-UUID is %s", buf); + log_dbg(cd, "DM-UUID is %s", buf); if (i >= buflen) - log_err(NULL, _("DM-UUID for device %s was truncated.\n"), name); + log_err(cd, _("DM-UUID for device %s was truncated."), name); return 1; } -static int _dm_create_device(const char *name, const char *type, - struct device *device, uint32_t flags, - const char *uuid, uint64_t size, - char *params, int reload) +int lookup_dm_dev_by_uuid(struct crypt_device *cd, const char *uuid, const char *type) +{ + int r; + char *c; + char dev_uuid[DM_UUID_LEN + DM_BY_ID_PREFIX_LEN] = DM_BY_ID_PREFIX; + + if (!dm_prepare_uuid(cd, "", type, uuid, dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN)) + return -EINVAL; + + c = strrchr(dev_uuid, '-'); + if (!c) + return -EINVAL; + + /* cut of dm name */ + *c = '\0'; + + r = lookup_by_disk_id(dev_uuid); + if (r == -ENOENT) { + log_dbg(cd, "Search by disk id not available. Using sysfs instead."); + r = lookup_by_sysfs_uuid_field(dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN); + } + + return r; +} + +static int _add_dm_targets(struct dm_task *dmt, struct crypt_dm_active_device *dmd) +{ + const char *target; + struct dm_target *tgt = &dmd->segment; + + do { + switch (tgt->type) { + case DM_CRYPT: + target = DM_CRYPT_TARGET; + break; + case DM_VERITY: + target = DM_VERITY_TARGET; + break; + case DM_INTEGRITY: + target = DM_INTEGRITY_TARGET; + break; + case DM_LINEAR: + target = DM_LINEAR_TARGET; + break; + case DM_ZERO: + target = DM_ZERO_TARGET; + break; + default: + return -ENOTSUP; + } + + if (!dm_task_add_target(dmt, tgt->offset, tgt->size, target, tgt->params)) + return -EINVAL; + + tgt = tgt->next; + } while (tgt); + + return 0; +} + +static void _destroy_dm_targets_params(struct crypt_dm_active_device *dmd) +{ + struct dm_target *t = &dmd->segment; + + do { + crypt_safe_free(t->params); + t->params = NULL; + t = t->next; + } while (t); +} + +static int _create_dm_targets_params(struct crypt_dm_active_device *dmd) +{ + int r; + struct dm_target *tgt = &dmd->segment; + + do { + if (tgt->type == DM_CRYPT) + tgt->params = get_dm_crypt_params(tgt, dmd->flags); + else if (tgt->type == DM_VERITY) + tgt->params = get_dm_verity_params(tgt, dmd->flags); + else if (tgt->type == DM_INTEGRITY) + tgt->params = get_dm_integrity_params(tgt, dmd->flags); + else if (tgt->type == DM_LINEAR) + tgt->params = get_dm_linear_params(tgt, dmd->flags); + else if (tgt->type == DM_ZERO) + tgt->params = get_dm_zero_params(tgt, dmd->flags); + else { + r = -ENOTSUP; + goto err; + } + + if (!tgt->params) { + r = -EINVAL; + goto err; + } + tgt = tgt->next; + } while (tgt); + + return 0; +err: + _destroy_dm_targets_params(dmd); + return r; +} + +static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type, + const char *uuid, struct crypt_dm_active_device *dmd) { struct dm_task *dmt = NULL; struct dm_info dmi; char dev_uuid[DM_UUID_LEN] = {0}; int r = -EINVAL; - uint32_t read_ahead = 0; - uint32_t cookie = 0; - uint16_t udev_flags = 0; + uint32_t cookie = 0, read_ahead = 0; + uint16_t udev_flags = DM_UDEV_DISABLE_LIBRARY_FALLBACK; - if (!params) - return -EINVAL; - - if (flags & CRYPT_ACTIVATE_PRIVATE) - udev_flags = CRYPT_TEMP_UDEV_FLAGS; + if (dmd->flags & CRYPT_ACTIVATE_PRIVATE) + udev_flags |= CRYPT_TEMP_UDEV_FLAGS; /* All devices must have DM_UUID, only resize on old device is exception */ - if (reload) { - if (!(dmt = dm_task_create(DM_DEVICE_RELOAD))) - goto out_no_removal; + if (!dm_prepare_uuid(cd, name, type, dmd->uuid, dev_uuid, sizeof(dev_uuid))) + goto out; - if (!dm_task_set_name(dmt, name)) - goto out_no_removal; - } else { - if (!dm_prepare_uuid(name, type, uuid, dev_uuid, sizeof(dev_uuid))) - goto out_no_removal; + if (!(dmt = dm_task_create(DM_DEVICE_CREATE))) + goto out; - if (!(dmt = dm_task_create(DM_DEVICE_CREATE))) - goto out_no_removal; + if (!dm_task_set_name(dmt, name)) + goto out; - if (!dm_task_set_name(dmt, name)) - goto out_no_removal; + if (!dm_task_set_uuid(dmt, dev_uuid)) + goto out; - if (!dm_task_set_uuid(dmt, dev_uuid)) - goto out_no_removal; + if (!dm_task_secure_data(dmt)) + goto out; + if ((dmd->flags & CRYPT_ACTIVATE_READONLY) && !dm_task_set_ro(dmt)) + goto out; - if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags)) - goto out_no_removal; - } + r = _create_dm_targets_params(dmd); + if (r) + goto out; - if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt)) - goto out_no_removal; - if ((flags & CRYPT_ACTIVATE_READONLY) && !dm_task_set_ro(dmt)) - goto out_no_removal; + r = _add_dm_targets(dmt, dmd); + if (r) + goto out; - if (!dm_task_add_target(dmt, 0, size, - !strcmp("VERITY", type) ? DM_VERITY_TARGET : DM_CRYPT_TARGET, params)) - goto out_no_removal; + r = -EINVAL; #ifdef DM_READ_AHEAD_MINIMUM_FLAG - if (device_read_ahead(device, &read_ahead) && + if (device_read_ahead(dmd->segment.data_device, &read_ahead) && !dm_task_set_read_ahead(dmt, read_ahead, DM_READ_AHEAD_MINIMUM_FLAG)) - goto out_no_removal; + goto out; #endif + if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags)) + goto out; if (!dm_task_run(dmt)) - goto out_no_removal; - - if (reload) { - dm_task_destroy(dmt); - if (!(dmt = dm_task_create(DM_DEVICE_RESUME))) - goto out; - if (!dm_task_set_name(dmt, name)) - goto out; - if (uuid && !dm_task_set_uuid(dmt, dev_uuid)) - goto out; - if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags)) - goto out; - if (!dm_task_run(dmt)) - goto out; - } - - if (!dm_task_get_info(dmt, &dmi)) goto out; - r = 0; -out: + if (dm_task_get_info(dmt, &dmi)) + r = 0; + if (_dm_use_udev()) { (void)_dm_udev_wait(cookie); cookie = 0; } - if (r < 0 && !reload) - _dm_simple(DM_DEVICE_REMOVE, name, 1); + if (r < 0) + _dm_remove(name, 1, 0); -out_no_removal: +out: if (cookie && _dm_use_udev()) (void)_dm_udev_wait(cookie); @@ -650,301 +1378,664 @@ out_no_removal: dm_task_update_nodes(); /* If code just loaded target module, update versions */ - _dm_check_versions(); + _dm_check_versions(cd, dmd->segment.type); + + _destroy_dm_targets_params(dmd); return r; } -int dm_create_device(struct crypt_device *cd, const char *name, - const char *type, - struct crypt_dm_active_device *dmd, - int reload) +static int _dm_resume_device(const char *name, uint32_t dmflags) { - char *table_params = NULL; - uint32_t dmd_flags; - int r; + struct dm_task *dmt; + int r = -EINVAL; + uint32_t cookie = 0; + uint16_t udev_flags = DM_UDEV_DISABLE_LIBRARY_FALLBACK; - if (!type) - return -EINVAL; + if (dmflags & DM_RESUME_PRIVATE) + udev_flags |= CRYPT_TEMP_UDEV_FLAGS; - if (dm_init_context(cd)) - return -ENOTSUP; + if (!(dmt = dm_task_create(DM_DEVICE_RESUME))) + return r; - dmd_flags = dmd->flags; + if (!dm_task_set_name(dmt, name)) + goto out; - if (dmd->target == DM_CRYPT) - table_params = get_dm_crypt_params(dmd, dmd_flags); - else if (dmd->target == DM_VERITY) - table_params = get_dm_verity_params(dmd->u.verity.vp, dmd); + if ((dmflags & DM_SUSPEND_SKIP_LOCKFS) && !dm_task_skip_lockfs(dmt)) + goto out; - r = _dm_create_device(name, type, dmd->data_device, dmd_flags, - dmd->uuid, dmd->size, table_params, reload); + if ((dmflags & DM_SUSPEND_NOFLUSH) && !dm_task_no_flush(dmt)) + goto out; - /* If discard not supported try to load without discard */ - if (!reload && r && dmd->target == DM_CRYPT && - (dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) && - !(dm_flags() & DM_DISCARDS_SUPPORTED)) { - log_dbg("Discard/TRIM is not supported, retrying activation."); - dmd_flags = dmd_flags & ~CRYPT_ACTIVATE_ALLOW_DISCARDS; - crypt_safe_free(table_params); - table_params = get_dm_crypt_params(dmd, dmd_flags); - r = _dm_create_device(name, type, dmd->data_device, dmd_flags, - dmd->uuid, dmd->size, table_params, reload); - } + if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags)) + goto out; - if (r == -EINVAL && - dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) && - !(dm_flags() & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED))) - log_err(cd, _("Requested dmcrypt performance options are not supported.\n")); + if (dm_task_run(dmt)) + r = 0; +out: + if (cookie && _dm_use_udev()) + (void)_dm_udev_wait(cookie); + + dm_task_destroy(dmt); + + dm_task_update_nodes(); - crypt_safe_free(table_params); - dm_exit_context(); return r; } -static int dm_status_dmi(const char *name, struct dm_info *dmi, - const char *target, char **status_line) +static int _dm_reload_device(struct crypt_device *cd, const char *name, + struct crypt_dm_active_device *dmd) { - struct dm_task *dmt; - uint64_t start, length; - char *target_type, *params = NULL; - void *next = NULL; int r = -EINVAL; + struct dm_task *dmt = NULL; + uint32_t read_ahead = 0; - if (!(dmt = dm_task_create(DM_DEVICE_STATUS))) + /* All devices must have DM_UUID, only resize on old device is exception */ + if (!(dmt = dm_task_create(DM_DEVICE_RELOAD))) goto out; if (!dm_task_set_name(dmt, name)) goto out; - if (!dm_task_run(dmt)) + if (!dm_task_secure_data(dmt)) goto out; - - if (!dm_task_get_info(dmt, dmi)) + if ((dmd->flags & CRYPT_ACTIVATE_READONLY) && !dm_task_set_ro(dmt)) goto out; - if (!dmi->exists) { - r = -ENODEV; + r = _create_dm_targets_params(dmd); + if (r) goto out; - } - next = dm_get_next_target(dmt, next, &start, &length, - &target_type, ¶ms); - - if (!target_type || start != 0 || next) + r = _add_dm_targets(dmt, dmd); + if (r) goto out; - if (target && strcmp(target_type, target)) - goto out; + r = -EINVAL; - /* for target == NULL check all supported */ - if (!target && (strcmp(target_type, DM_CRYPT_TARGET) && - strcmp(target_type, DM_VERITY_TARGET))) +#ifdef DM_READ_AHEAD_MINIMUM_FLAG + if (device_read_ahead(dmd->segment.data_device, &read_ahead) && + !dm_task_set_read_ahead(dmt, read_ahead, DM_READ_AHEAD_MINIMUM_FLAG)) goto out; - r = 0; -out: - if (!r && status_line && !(*status_line = strdup(params))) - r = -ENOMEM; +#endif + if (dm_task_run(dmt)) + r = 0; +out: if (dmt) dm_task_destroy(dmt); + /* If code just loaded target module, update versions */ + _dm_check_versions(cd, dmd->segment.type); + + _destroy_dm_targets_params(dmd); + return r; } -int dm_status_device(struct crypt_device *cd, const char *name) +static void crypt_free_verity_params(struct crypt_params_verity *vp) { - int r; - struct dm_info dmi; - struct stat st; - - /* libdevmapper is too clever and handles - * path argument differenly with error. - * Fail early here if parameter is non-existent path. - */ - if (strchr(name, '/') && stat(name, &st) < 0) - return -ENODEV; + if (!vp) + return; + + free(CONST_CAST(void*)vp->hash_name); + free(CONST_CAST(void*)vp->data_device); + free(CONST_CAST(void*)vp->hash_device); + free(CONST_CAST(void*)vp->fec_device); + free(CONST_CAST(void*)vp->salt); + free(vp); +} - if (dm_init_context(cd)) - return -ENOTSUP; - r = dm_status_dmi(name, &dmi, NULL, NULL); - dm_exit_context(); - if (r < 0) - return r; +static void _dm_target_free_query_path(struct crypt_device *cd, struct dm_target *tgt) +{ + switch(tgt->type) { + case DM_CRYPT: + crypt_free_volume_key(tgt->u.crypt.vk); + free(CONST_CAST(void*)tgt->u.crypt.cipher); + break; + case DM_INTEGRITY: + free(CONST_CAST(void*)tgt->u.integrity.integrity); + crypt_free_volume_key(tgt->u.integrity.vk); + + free(CONST_CAST(void*)tgt->u.integrity.journal_integrity); + crypt_free_volume_key(tgt->u.integrity.journal_integrity_key); + + free(CONST_CAST(void*)tgt->u.integrity.journal_crypt); + crypt_free_volume_key(tgt->u.integrity.journal_crypt_key); + + device_free(cd, tgt->u.integrity.meta_device); + break; + case DM_VERITY: + crypt_free_verity_params(tgt->u.verity.vp); + device_free(cd, tgt->u.verity.hash_device); + free(CONST_CAST(void*)tgt->u.verity.root_hash); + free(CONST_CAST(void*)tgt->u.verity.root_hash_sig_key_desc); + /* fall through */ + case DM_LINEAR: + /* fall through */ + case DM_ERROR: + /* fall through */ + case DM_ZERO: + break; + default: + log_err(cd, _("Unknown dm target type.")); + return; + } - return (dmi.open_count > 0); + device_free(cd, tgt->data_device); } -int dm_status_suspended(struct crypt_device *cd, const char *name) +static void _dm_target_erase(struct crypt_device *cd, struct dm_target *tgt) { - int r; - struct dm_info dmi; - - if (dm_init_context(cd)) - return -ENOTSUP; - r = dm_status_dmi(name, &dmi, DM_CRYPT_TARGET, NULL); - dm_exit_context(); - if (r < 0) - return r; + if (tgt->direction == TARGET_QUERY) + _dm_target_free_query_path(cd, tgt); - return dmi.suspended ? 1 : 0; + if (tgt->type == DM_CRYPT) + free(CONST_CAST(void*)tgt->u.crypt.integrity); } -static int _dm_status_verity_ok(const char *name) +void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd) { - int r; - struct dm_info dmi; - char *status_line = NULL; + struct dm_target *t = &dmd->segment, *next = t->next; - r = dm_status_dmi(name, &dmi, DM_VERITY_TARGET, &status_line); - if (r < 0 || !status_line) { - free(status_line); - return r; - } + _dm_target_erase(cd, t); - log_dbg("Verity volume %s status is %s.", name, status_line ?: ""); - r = status_line[0] == 'V' ? 1 : 0; - free(status_line); + while (next) { + t = next; + next = t->next; + _dm_target_erase(cd, t); + free(t); + } - return r; + memset(&dmd->segment, 0, sizeof(dmd->segment)); } -int dm_status_verity_ok(struct crypt_device *cd, const char *name) +int dm_targets_allocate(struct dm_target *first, unsigned count) { - int r; + if (!first || first->next || !count) + return -EINVAL; - if (dm_init_context(cd)) - return -ENOTSUP; - r = _dm_status_verity_ok(name); - dm_exit_context(); - return r; + while (--count) { + first->next = crypt_zalloc(sizeof(*first)); + if (!first->next) + return -ENOMEM; + first = first->next; + } + + return 0; } -/* FIXME use hex wrapper, user val wrappers for line parsing */ -static int _dm_query_crypt(uint32_t get_flags, - struct dm_info *dmi, - char *params, - struct crypt_dm_active_device *dmd) +static int check_retry(struct crypt_device *cd, uint32_t *dmd_flags, uint32_t dmt_flags) { - uint64_t val64; - char *rcipher, *key_, *rdevice, *endp, buffer[3], *arg; - unsigned int i; - int r; + int ret = 0; - memset(dmd, 0, sizeof(*dmd)); - dmd->target = DM_CRYPT; + /* If discard not supported try to load without discard */ + if ((*dmd_flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) && + !(dmt_flags & DM_DISCARDS_SUPPORTED)) { + log_dbg(cd, "Discard/TRIM is not supported"); + *dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_ALLOW_DISCARDS; + ret = 1; + } + + /* If kernel keyring is not supported load key directly in dm-crypt */ + if ((*dmd_flags & CRYPT_ACTIVATE_KEYRING_KEY) && + !(dmt_flags & DM_KERNEL_KEYRING_SUPPORTED)) { + log_dbg(cd, "dm-crypt does not support kernel keyring"); + *dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_KEYRING_KEY; + ret = 1; + } + + /* Drop performance options if not supported */ + if ((*dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)) && + !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED | DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED))) { + log_dbg(cd, "dm-crypt does not support performance options"); + *dmd_flags = *dmd_flags & ~(CRYPT_ACTIVATE_SAME_CPU_CRYPT | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS); + ret = 1; + } + + return ret; +} + +int dm_create_device(struct crypt_device *cd, const char *name, + const char *type, + struct crypt_dm_active_device *dmd) +{ + uint32_t dmt_flags = 0; + int r = -EINVAL; + + if (!type || !dmd) + return -EINVAL; + + if (dm_init_context(cd, dmd->segment.type)) + return -ENOTSUP; + + r = _dm_create_device(cd, name, type, dmd->uuid, dmd); + + if (r < 0 && dm_flags(cd, dmd->segment.type, &dmt_flags)) + goto out; + + if (r && (dmd->segment.type == DM_CRYPT || dmd->segment.type == DM_LINEAR || dmd->segment.type == DM_ZERO) && + check_retry(cd, &dmd->flags, dmt_flags)) + r = _dm_create_device(cd, name, type, dmd->uuid, dmd); + + if (r == -EINVAL && + dmd->flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) && + !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED))) + log_err(cd, _("Requested dm-crypt performance options are not supported.")); + + if (r == -EINVAL && dmd->flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION| + CRYPT_ACTIVATE_RESTART_ON_CORRUPTION| + CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS| + CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) && + !(dmt_flags & DM_VERITY_ON_CORRUPTION_SUPPORTED)) + log_err(cd, _("Requested dm-verity data corruption handling options are not supported.")); + + if (r == -EINVAL && dmd->segment.type == DM_VERITY && + dmd->segment.u.verity.fec_device && !(dmt_flags & DM_VERITY_FEC_SUPPORTED)) + log_err(cd, _("Requested dm-verity FEC options are not supported.")); + + if (r == -EINVAL && dmd->segment.type == DM_CRYPT) { + if (dmd->segment.u.crypt.integrity && !(dmt_flags & DM_INTEGRITY_SUPPORTED)) + log_err(cd, _("Requested data integrity options are not supported.")); + if (dmd->segment.u.crypt.sector_size != SECTOR_SIZE && !(dmt_flags & DM_SECTOR_SIZE_SUPPORTED)) + log_err(cd, _("Requested sector_size option is not supported.")); + } + + if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_RECALCULATE) && + !(dmt_flags & DM_INTEGRITY_RECALC_SUPPORTED)) + log_err(cd, _("Requested automatic recalculation of integrity tags is not supported.")); + + if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) && + !(dmt_flags & DM_INTEGRITY_DISCARDS_SUPPORTED)) + log_err(cd, _("Discard/TRIM is not supported.")); + + if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) && + !(dmt_flags & DM_INTEGRITY_BITMAP_SUPPORTED)) + log_err(cd, _("Requested dm-integrity bitmap mode is not supported.")); +out: + dm_exit_context(); + return r; +} + +int dm_reload_device(struct crypt_device *cd, const char *name, + struct crypt_dm_active_device *dmd, uint32_t dmflags, unsigned resume) +{ + int r; + uint32_t dmt_flags; + + if (!dmd) + return -EINVAL; + + if (dm_init_context(cd, dmd->segment.type)) + return -ENOTSUP; + + if (dm_flags(cd, DM_INTEGRITY, &dmt_flags) || !(dmt_flags & DM_INTEGRITY_RECALC_SUPPORTED)) + dmd->flags &= ~CRYPT_ACTIVATE_RECALCULATE; + + r = _dm_reload_device(cd, name, dmd); + + if (r == -EINVAL && (dmd->segment.type == DM_CRYPT || dmd->segment.type == DM_LINEAR)) { + if ((dmd->flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)) && + !dm_flags(cd, DM_CRYPT, &dmt_flags) && !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED))) + log_err(cd, _("Requested dm-crypt performance options are not supported.")); + if ((dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) && + !dm_flags(cd, DM_CRYPT, &dmt_flags) && !(dmt_flags & DM_DISCARDS_SUPPORTED)) + log_err(cd, _("Discard/TRIM is not supported.")); + if ((dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) && + !dm_flags(cd, DM_INTEGRITY, &dmt_flags) && !(dmt_flags & DM_INTEGRITY_DISCARDS_SUPPORTED)) + log_err(cd, _("Discard/TRIM is not supported.")); + } + + if (!r && resume) + r = _dm_resume_device(name, dmflags | act2dmflags(dmd->flags)); + + dm_exit_context(); + return r; +} + +static int dm_status_dmi(const char *name, struct dm_info *dmi, + const char *target, char **status_line) +{ + struct dm_task *dmt; + uint64_t start, length; + char *target_type, *params = NULL; + int r = -EINVAL; + + if (!(dmt = dm_task_create(DM_DEVICE_STATUS))) + goto out; + + if (!dm_task_no_flush(dmt)) + goto out; + + if (!dm_task_set_name(dmt, name)) + goto out; + + if (!dm_task_run(dmt)) + goto out; + + if (!dm_task_get_info(dmt, dmi)) + goto out; + + if (!dmi->exists) { + r = -ENODEV; + goto out; + } + + dm_get_next_target(dmt, NULL, &start, &length, + &target_type, ¶ms); + + if (!target_type || start != 0) + goto out; + + if (target && strcmp(target_type, target)) + goto out; + + /* for target == NULL check all supported */ + if (!target && (strcmp(target_type, DM_CRYPT_TARGET) && + strcmp(target_type, DM_VERITY_TARGET) && + strcmp(target_type, DM_INTEGRITY_TARGET) && + strcmp(target_type, DM_LINEAR_TARGET) && + strcmp(target_type, DM_ZERO_TARGET) && + strcmp(target_type, DM_ERROR_TARGET))) + goto out; + r = 0; +out: + if (!r && status_line && !(*status_line = strdup(params))) + r = -ENOMEM; + + if (dmt) + dm_task_destroy(dmt); + + return r; +} + +int dm_status_device(struct crypt_device *cd, const char *name) +{ + int r; + struct dm_info dmi; + struct stat st; + + /* libdevmapper is too clever and handles + * path argument differently with error. + * Fail early here if parameter is non-existent path. + */ + if (strchr(name, '/') && stat(name, &st) < 0) + return -ENODEV; + + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + r = dm_status_dmi(name, &dmi, NULL, NULL); + dm_exit_context(); + + if (r < 0) + return r; + + return (dmi.open_count > 0) ? 1 : 0; +} + +int dm_status_suspended(struct crypt_device *cd, const char *name) +{ + int r; + struct dm_info dmi; + + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + r = dm_status_dmi(name, &dmi, NULL, NULL); + dm_exit_context(); + + if (r < 0) + return r; + + return dmi.suspended ? 1 : 0; +} + +static int _dm_status_verity_ok(struct crypt_device *cd, const char *name) +{ + int r; + struct dm_info dmi; + char *status_line = NULL; + + r = dm_status_dmi(name, &dmi, DM_VERITY_TARGET, &status_line); + if (r < 0 || !status_line) { + free(status_line); + return r; + } + + log_dbg(cd, "Verity volume %s status is %s.", name, status_line ?: ""); + r = status_line[0] == 'V' ? 1 : 0; + free(status_line); + + return r; +} + +int dm_status_verity_ok(struct crypt_device *cd, const char *name) +{ + int r; + + if (dm_init_context(cd, DM_VERITY)) + return -ENOTSUP; + r = _dm_status_verity_ok(cd, name); + dm_exit_context(); + return r; +} + +int dm_status_integrity_failures(struct crypt_device *cd, const char *name, uint64_t *count) +{ + int r; + struct dm_info dmi; + char *status_line = NULL; + + if (dm_init_context(cd, DM_INTEGRITY)) + return -ENOTSUP; + + r = dm_status_dmi(name, &dmi, DM_INTEGRITY_TARGET, &status_line); + if (r < 0 || !status_line) { + free(status_line); + dm_exit_context(); + return r; + } + + log_dbg(cd, "Integrity volume %s failure status is %s.", name, status_line ?: ""); + *count = strtoull(status_line, NULL, 10); + free(status_line); + dm_exit_context(); + + return 0; +} + +/* FIXME use hex wrapper, user val wrappers for line parsing */ +static int _dm_target_query_crypt(struct crypt_device *cd, uint32_t get_flags, + char *params, struct dm_target *tgt, + uint32_t *act_flags) +{ + uint64_t val64; + char *rcipher, *rintegrity, *key_, *rdevice, *endp, buffer[3], *arg, *key_desc; + unsigned int i, val; + int r; + size_t key_size; + struct device *data_device = NULL; + char *cipher = NULL, *integrity = NULL; + struct volume_key *vk = NULL; + + tgt->type = DM_CRYPT; + tgt->direction = TARGET_QUERY; + tgt->u.crypt.sector_size = SECTOR_SIZE; + + r = -EINVAL; rcipher = strsep(¶ms, " "); - /* cipher */ - if (get_flags & DM_ACTIVE_CRYPT_CIPHER) - dmd->u.crypt.cipher = strdup(rcipher); + rintegrity = NULL; /* skip */ key_ = strsep(¶ms, " "); if (!params) - return -EINVAL; + goto err; val64 = strtoull(params, ¶ms, 10); if (*params != ' ') - return -EINVAL; + goto err; params++; - dmd->u.crypt.iv_offset = val64; + tgt->u.crypt.iv_offset = val64; /* device */ rdevice = strsep(¶ms, " "); if (get_flags & DM_ACTIVE_DEVICE) { arg = crypt_lookup_dev(rdevice); - r = device_alloc(&dmd->data_device, arg); + r = device_alloc(cd, &data_device, arg); free(arg); if (r < 0 && r != -ENOTBLK) - return r; + goto err; } + r = -EINVAL; + /*offset */ if (!params) - return -EINVAL; + goto err; val64 = strtoull(params, ¶ms, 10); - dmd->u.crypt.offset = val64; + tgt->u.crypt.offset = val64; + + tgt->u.crypt.tag_size = 0; /* Features section, available since crypt target version 1.11 */ if (*params) { if (*params != ' ') - return -EINVAL; + goto err; params++; /* Number of arguments */ val64 = strtoull(params, ¶ms, 10); if (*params != ' ') - return -EINVAL; + goto err; params++; for (i = 0; i < val64; i++) { if (!params) - return -EINVAL; + goto err; arg = strsep(¶ms, " "); if (!strcasecmp(arg, "allow_discards")) - dmd->flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; + *act_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; else if (!strcasecmp(arg, "same_cpu_crypt")) - dmd->flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT; + *act_flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT; else if (!strcasecmp(arg, "submit_from_crypt_cpus")) - dmd->flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS; - else /* unknown option */ - return -EINVAL; + *act_flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS; + else if (!strcasecmp(arg, "iv_large_sectors")) + *act_flags |= CRYPT_ACTIVATE_IV_LARGE_SECTORS; + else if (sscanf(arg, "integrity:%u:", &val) == 1) { + tgt->u.crypt.tag_size = val; + rintegrity = strchr(arg + strlen("integrity:"), ':'); + if (!rintegrity) + goto err; + rintegrity++; + } else if (sscanf(arg, "sector_size:%u", &val) == 1) { + tgt->u.crypt.sector_size = val; + } else /* unknown option */ + goto err; } - /* All parameters shold be processed */ + /* All parameters should be processed */ if (params) - return -EINVAL; + goto err; } - /* Never allow to return empty key */ - if ((get_flags & DM_ACTIVE_CRYPT_KEY) && dmi->suspended) { - log_dbg("Cannot read volume key while suspended."); - return -EINVAL; + /* cipher */ + if (get_flags & DM_ACTIVE_CRYPT_CIPHER) { + r = cipher_dm2c(CONST_CAST(char**)&cipher, + CONST_CAST(char**)&integrity, + rcipher, rintegrity); + if (r < 0) + goto err; } + r = -EINVAL; + + if (key_[0] == ':') + *act_flags |= CRYPT_ACTIVATE_KEYRING_KEY; + if (get_flags & DM_ACTIVE_CRYPT_KEYSIZE) { - dmd->u.crypt.vk = crypt_alloc_volume_key(strlen(key_) / 2, NULL); - if (!dmd->u.crypt.vk) - return -ENOMEM; + /* we will trust kernel the key_string is in expected format */ + if (key_[0] == ':') { + if (sscanf(key_ + 1, "%zu", &key_size) != 1) + goto err; + } else + key_size = strlen(key_) / 2; + + vk = crypt_alloc_volume_key(key_size, NULL); + if (!vk) { + r = -ENOMEM; + goto err; + } if (get_flags & DM_ACTIVE_CRYPT_KEY) { - buffer[2] = '\0'; - for(i = 0; i < dmd->u.crypt.vk->keylength; i++) { - memcpy(buffer, &key_[i * 2], 2); - dmd->u.crypt.vk->key[i] = strtoul(buffer, &endp, 16); - if (endp != &buffer[2]) { - crypt_free_volume_key(dmd->u.crypt.vk); - dmd->u.crypt.vk = NULL; - return -EINVAL; + if (key_[0] == ':') { + /* ::: */ + key_desc = NULL; + endp = strpbrk(key_ + 1, ":"); + if (endp) + key_desc = strpbrk(endp + 1, ":"); + if (!key_desc) { + r = -ENOMEM; + goto err; + } + key_desc++; + crypt_volume_key_set_description(vk, key_desc); + } else { + buffer[2] = '\0'; + for(i = 0; i < vk->keylength; i++) { + memcpy(buffer, &key_[i * 2], 2); + vk->key[i] = strtoul(buffer, &endp, 16); + if (endp != &buffer[2]) { + r = -EINVAL; + goto err; + } } } } } memset(key_, 0, strlen(key_)); + if (cipher) + tgt->u.crypt.cipher = cipher; + if (integrity) + tgt->u.crypt.integrity = integrity; + if (data_device) + tgt->data_device = data_device; + if (vk) + tgt->u.crypt.vk = vk; return 0; +err: + free(cipher); + free(integrity); + device_free(cd, data_device); + crypt_free_volume_key(vk); + return r; } -static int _dm_query_verity(uint32_t get_flags, - struct dm_info *dmi, - char *params, - struct crypt_dm_active_device *dmd) +static int _dm_target_query_verity(struct crypt_device *cd, + uint32_t get_flags, + char *params, + struct dm_target *tgt, + uint32_t *act_flags) { struct crypt_params_verity *vp = NULL; uint32_t val32; uint64_t val64; ssize_t len; - char *str, *str2; + char *str, *str2, *arg; + unsigned int i, features; int r; + struct device *data_device = NULL, *hash_device = NULL, *fec_device = NULL; + char *hash_name = NULL, *root_hash = NULL, *salt = NULL, *fec_dev_str = NULL; + char *root_hash_sig_key_desc = NULL; - if (get_flags & DM_ACTIVE_VERITY_PARAMS) - vp = dmd->u.verity.vp; - - memset(dmd, 0, sizeof(*dmd)); + if (get_flags & DM_ACTIVE_VERITY_PARAMS) { + vp = crypt_zalloc(sizeof(*vp)); + if (!vp) + return -ENOMEM; + } - dmd->target = DM_VERITY; - dmd->u.verity.vp = vp; + tgt->type = DM_VERITY; + tgt->direction = TARGET_QUERY; + tgt->u.verity.vp = vp; /* version */ val32 = strtoul(params, ¶ms, 10); @@ -960,28 +2051,32 @@ static int _dm_query_verity(uint32_t get_flags, return -EINVAL; if (get_flags & DM_ACTIVE_DEVICE) { str2 = crypt_lookup_dev(str); - r = device_alloc(&dmd->data_device, str2); + r = device_alloc(cd, &data_device, str2); free(str2); if (r < 0 && r != -ENOTBLK) return r; } + r = -EINVAL; + /* hash device */ str = strsep(¶ms, " "); if (!params) - return -EINVAL; + goto err; if (get_flags & DM_ACTIVE_VERITY_HASH_DEVICE) { str2 = crypt_lookup_dev(str); - r = device_alloc(&dmd->u.verity.hash_device, str2); + r = device_alloc(cd, &hash_device, str2); free(str2); if (r < 0 && r != -ENOTBLK) - return r; + goto err; } + r = -EINVAL; + /* data block size*/ val32 = strtoul(params, ¶ms, 10); if (*params != ' ') - return -EINVAL; + goto err; if (vp) vp->data_block_size = val32; params++; @@ -989,7 +2084,7 @@ static int _dm_query_verity(uint32_t get_flags, /* hash block size */ val32 = strtoul(params, ¶ms, 10); if (*params != ' ') - return -EINVAL; + goto err; if (vp) vp->hash_block_size = val32; params++; @@ -997,7 +2092,7 @@ static int _dm_query_verity(uint32_t get_flags, /* data blocks */ val64 = strtoull(params, ¶ms, 10); if (*params != ' ') - return -EINVAL; + goto err; if (vp) vp->data_size = val64; params++; @@ -1005,66 +2100,465 @@ static int _dm_query_verity(uint32_t get_flags, /* hash start */ val64 = strtoull(params, ¶ms, 10); if (*params != ' ') - return -EINVAL; - dmd->u.verity.hash_offset = val64; + goto err; + tgt->u.verity.hash_offset = val64; params++; /* hash algorithm */ str = strsep(¶ms, " "); if (!params) - return -EINVAL; - if (vp) - vp->hash_name = strdup(str); + goto err; + if (vp) { + hash_name = strdup(str); + if (!hash_name) { + r = -ENOMEM; + goto err; + } + } /* root digest */ str = strsep(¶ms, " "); if (!params) - return -EINVAL; + goto err; len = crypt_hex_to_bytes(str, &str2, 0); - if (len < 0) - return len; - dmd->u.verity.root_hash_size = len; + if (len < 0) { + r = len; + goto err; + } + tgt->u.verity.root_hash_size = len; if (get_flags & DM_ACTIVE_VERITY_ROOT_HASH) - dmd->u.verity.root_hash = str2; + root_hash = str2; else free(str2); /* salt */ str = strsep(¶ms, " "); - if (params) - return -EINVAL; if (vp) { if (!strcmp(str, "-")) { vp->salt_size = 0; vp->salt = NULL; } else { len = crypt_hex_to_bytes(str, &str2, 0); - if (len < 0) - return len; + if (len < 0) { + r = len; + goto err; + } vp->salt_size = len; - vp->salt = str2; + salt = str2; + } + } + + r = -EINVAL; + + /* Features section, available since verity target version 1.3 */ + if (params) { + /* Number of arguments */ + val64 = strtoull(params, ¶ms, 10); + if (*params != ' ') + goto err; + params++; + + features = (int)val64; + for (i = 0; i < features; i++) { + r = -EINVAL; + if (!params) + goto err; + arg = strsep(¶ms, " "); + if (!strcasecmp(arg, "ignore_corruption")) + *act_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION; + else if (!strcasecmp(arg, "restart_on_corruption")) + *act_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION; + else if (!strcasecmp(arg, "ignore_zero_blocks")) + *act_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS; + else if (!strcasecmp(arg, "check_at_most_once")) + *act_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE; + else if (!strcasecmp(arg, "use_fec_from_device")) { + str = strsep(¶ms, " "); + str2 = crypt_lookup_dev(str); + if (get_flags & DM_ACTIVE_VERITY_HASH_DEVICE) { + r = device_alloc(cd, &fec_device, str2); + if (r < 0 && r != -ENOTBLK) { + free(str2); + goto err; + } + } + if (vp) { + free(fec_dev_str); + fec_dev_str = str2; + } else + free(str2); + i++; + } else if (!strcasecmp(arg, "fec_start")) { + val64 = strtoull(params, ¶ms, 10); + if (*params) + params++; + tgt->u.verity.fec_offset = val64; + if (vp) + vp->fec_area_offset = val64 * vp->hash_block_size; + i++; + } else if (!strcasecmp(arg, "fec_blocks")) { + val64 = strtoull(params, ¶ms, 10); + if (*params) + params++; + tgt->u.verity.fec_blocks = val64; + i++; + } else if (!strcasecmp(arg, "fec_roots")) { + val32 = strtoul(params, ¶ms, 10); + if (*params) + params++; + if (vp) + vp->fec_roots = val32; + i++; + } else if (!strcasecmp(arg, "root_hash_sig_key_desc")) { + str = strsep(¶ms, " "); + if (!str) + goto err; + if (!root_hash_sig_key_desc) + root_hash_sig_key_desc = strdup(str); + i++; + if (vp) + vp->flags |= CRYPT_VERITY_ROOT_HASH_SIGNATURE; + } else /* unknown option */ + goto err; + } + + /* All parameters should be processed */ + if (params && *params) { + r = -EINVAL; + goto err; } } + if (data_device) + tgt->data_device = data_device; + if (hash_device) + tgt->u.verity.hash_device = hash_device; + if (fec_device) + tgt->u.verity.fec_device = fec_device; + if (root_hash) + tgt->u.verity.root_hash = root_hash; + if (vp && hash_name) + vp->hash_name = hash_name; + if (vp && salt) + vp->salt = salt; + if (vp && fec_dev_str) + vp->fec_device = fec_dev_str; + if (root_hash_sig_key_desc) + tgt->u.verity.root_hash_sig_key_desc = root_hash_sig_key_desc; + return 0; +err: + device_free(cd, data_device); + device_free(cd, hash_device); + device_free(cd, fec_device); + free(root_hash_sig_key_desc); + free(root_hash); + free(hash_name); + free(salt); + free(fec_dev_str); + free(vp); + return r; } -int dm_query_device(struct crypt_device *cd, const char *name, - uint32_t get_flags, struct crypt_dm_active_device *dmd) +static int _dm_target_query_integrity(struct crypt_device *cd, + uint32_t get_flags, + char *params, + struct dm_target *tgt, + uint32_t *act_flags) { - struct dm_task *dmt; - struct dm_info dmi; - uint64_t start, length; - char *target_type, *params; - const char *tmp_uuid; - void *next = NULL; - int r = -EINVAL; + uint32_t val32; + uint64_t val64; + char c, *str, *str2, *arg; + unsigned int i, features, val; + ssize_t len; + int r; + struct device *data_device = NULL, *meta_device = NULL; + char *integrity = NULL, *journal_crypt = NULL, *journal_integrity = NULL; + struct volume_key *vk = NULL; + + tgt->type = DM_INTEGRITY; + tgt->direction = TARGET_QUERY; + + /* data device */ + str = strsep(¶ms, " "); + if (get_flags & DM_ACTIVE_DEVICE) { + str2 = crypt_lookup_dev(str); + r = device_alloc(cd, &data_device, str2); + free(str2); + if (r < 0 && r != -ENOTBLK) + return r; + } + + r = -EINVAL; + + /*offset */ + if (!params) + goto err; + val64 = strtoull(params, ¶ms, 10); + if (!*params || *params != ' ') + goto err; + tgt->u.integrity.offset = val64; + + /* tag size*/ + val32 = strtoul(params, ¶ms, 10); + tgt->u.integrity.tag_size = val32; + if (!*params || *params != ' ') + goto err; + + /* journal */ + c = toupper(*(++params)); + if (!*params || *(++params) != ' ' || (c != 'D' && c != 'J' && c != 'R' && c != 'B')) + goto err; + if (c == 'D') + *act_flags |= CRYPT_ACTIVATE_NO_JOURNAL; + if (c == 'R') + *act_flags |= CRYPT_ACTIVATE_RECOVERY; + if (c == 'B') { + *act_flags |= CRYPT_ACTIVATE_NO_JOURNAL; + *act_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP; + } + + tgt->u.integrity.sector_size = SECTOR_SIZE; + + /* Features section */ + if (params) { + /* Number of arguments */ + val64 = strtoull(params, ¶ms, 10); + if (*params != ' ') + goto err; + params++; + + features = (int)val64; + for (i = 0; i < features; i++) { + r = -EINVAL; + if (!params) + goto err; + arg = strsep(¶ms, " "); + if (sscanf(arg, "journal_sectors:%u", &val) == 1) + tgt->u.integrity.journal_size = val * SECTOR_SIZE; + else if (sscanf(arg, "journal_watermark:%u", &val) == 1) + tgt->u.integrity.journal_watermark = val; + else if (sscanf(arg, "sectors_per_bit:%" PRIu64, &val64) == 1) { + if (val64 > UINT_MAX) + goto err; + /* overloaded value for bitmap mode */ + tgt->u.integrity.journal_watermark = (unsigned int)val64; + } else if (sscanf(arg, "commit_time:%u", &val) == 1) + tgt->u.integrity.journal_commit_time = val; + else if (sscanf(arg, "bitmap_flush_interval:%u", &val) == 1) + /* overloaded value for bitmap mode */ + tgt->u.integrity.journal_commit_time = val; + else if (sscanf(arg, "interleave_sectors:%u", &val) == 1) + tgt->u.integrity.interleave_sectors = val; + else if (sscanf(arg, "block_size:%u", &val) == 1) + tgt->u.integrity.sector_size = val; + else if (sscanf(arg, "buffer_sectors:%u", &val) == 1) + tgt->u.integrity.buffer_sectors = val; + else if (!strncmp(arg, "internal_hash:", 14) && !integrity) { + str = &arg[14]; + arg = strsep(&str, ":"); + if (get_flags & DM_ACTIVE_INTEGRITY_PARAMS) { + integrity = strdup(arg); + if (!integrity) { + r = -ENOMEM; + goto err; + } + } + + if (str) { + len = crypt_hex_to_bytes(str, &str2, 1); + if (len < 0) { + r = len; + goto err; + } + + r = 0; + if (get_flags & DM_ACTIVE_CRYPT_KEY) { + vk = crypt_alloc_volume_key(len, str2); + if (!vk) + r = -ENOMEM; + } else if (get_flags & DM_ACTIVE_CRYPT_KEYSIZE) { + vk = crypt_alloc_volume_key(len, NULL); + if (!vk) + r = -ENOMEM; + } + crypt_safe_free(str2); + if (r < 0) + goto err; + } + } else if (!strncmp(arg, "meta_device:", 12) && !meta_device) { + if (get_flags & DM_ACTIVE_DEVICE) { + str = crypt_lookup_dev(&arg[12]); + r = device_alloc(cd, &meta_device, str); + free(str); + if (r < 0 && r != -ENOTBLK) + goto err; + } + } else if (!strncmp(arg, "journal_crypt:", 14) && !journal_crypt) { + str = &arg[14]; + arg = strsep(&str, ":"); + if (get_flags & DM_ACTIVE_INTEGRITY_PARAMS) { + journal_crypt = strdup(arg); + if (!journal_crypt) { + r = -ENOMEM; + goto err; + } + } + } else if (!strncmp(arg, "journal_mac:", 12) && !journal_integrity) { + str = &arg[12]; + arg = strsep(&str, ":"); + if (get_flags & DM_ACTIVE_INTEGRITY_PARAMS) { + journal_integrity = strdup(arg); + if (!journal_integrity) { + r = -ENOMEM; + goto err; + } + } + } else if (!strcmp(arg, "recalculate")) { + *act_flags |= CRYPT_ACTIVATE_RECALCULATE; + } else if (!strcmp(arg, "fix_padding")) { + tgt->u.integrity.fix_padding = true; + } else if (!strcmp(arg, "allow_discards")) { + *act_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS; + } else /* unknown option */ + goto err; + } + + /* All parameters should be processed */ + if (params && *params) { + r = -EINVAL; + goto err; + } + } + + if (data_device) + tgt->data_device = data_device; + if (meta_device) + tgt->u.integrity.meta_device = meta_device; + if (integrity) + tgt->u.integrity.integrity = integrity; + if (journal_crypt) + tgt->u.integrity.journal_crypt = journal_crypt; + if (journal_integrity) + tgt->u.integrity.journal_integrity = journal_integrity; + if (vk) + tgt->u.integrity.vk = vk; + return 0; +err: + device_free(cd, data_device); + device_free(cd, meta_device); + free(integrity); + free(journal_crypt); + free(journal_integrity); + crypt_free_volume_key(vk); + return r; +} + +static int _dm_target_query_linear(struct crypt_device *cd, struct dm_target *tgt, + uint32_t get_flags, char *params) +{ + uint64_t val64; + char *rdevice, *arg; + int r; + struct device *device = NULL; + + /* device */ + rdevice = strsep(¶ms, " "); + if (get_flags & DM_ACTIVE_DEVICE) { + arg = crypt_lookup_dev(rdevice); + r = device_alloc(cd, &device, arg); + free(arg); + if (r < 0 && r != -ENOTBLK) + return r; + } + + r = -EINVAL; + + /*offset */ + if (!params) + goto err; + val64 = strtoull(params, ¶ms, 10); + + /* params should be empty now */ + if (*params) + goto err; + + tgt->type = DM_LINEAR; + tgt->direction = TARGET_QUERY; + tgt->data_device = device; + tgt->u.linear.offset = val64; + + return 0; +err: + device_free(cd, device); + return r; +} + +static int _dm_target_query_error(struct crypt_device *cd, struct dm_target *tgt) +{ + tgt->type = DM_ERROR; + tgt->direction = TARGET_QUERY; + + return 0; +} + +static int _dm_target_query_zero(struct crypt_device *cd, struct dm_target *tgt) +{ + tgt->type = DM_ZERO; + tgt->direction = TARGET_QUERY; + + return 0; +} + +/* + * on error retval has to be negative + * + * also currently any _dm_target_query fn does not perform cleanup on error + */ +static int dm_target_query(struct crypt_device *cd, struct dm_target *tgt, const uint64_t *start, + const uint64_t *length, const char *target_type, + char *params, uint32_t get_flags, uint32_t *act_flags) +{ + int r = -ENOTSUP; + + if (!strcmp(target_type, DM_CRYPT_TARGET)) + r = _dm_target_query_crypt(cd, get_flags, params, tgt, act_flags); + else if (!strcmp(target_type, DM_VERITY_TARGET)) + r = _dm_target_query_verity(cd, get_flags, params, tgt, act_flags); + else if (!strcmp(target_type, DM_INTEGRITY_TARGET)) + r = _dm_target_query_integrity(cd, get_flags, params, tgt, act_flags); + else if (!strcmp(target_type, DM_LINEAR_TARGET)) + r = _dm_target_query_linear(cd, tgt, get_flags, params); + else if (!strcmp(target_type, DM_ERROR_TARGET)) + r = _dm_target_query_error(cd, tgt); + else if (!strcmp(target_type, DM_ZERO_TARGET)) + r = _dm_target_query_zero(cd, tgt); + + if (!r) { + tgt->offset = *start; + tgt->size = *length; + } + + return r; +} + +static int _dm_query_device(struct crypt_device *cd, const char *name, + uint32_t get_flags, struct crypt_dm_active_device *dmd) +{ + struct dm_target *t; + struct dm_task *dmt; + struct dm_info dmi; + uint64_t start, length; + char *target_type, *params; + const char *tmp_uuid; + void *next = NULL; + int r = -EINVAL; + + t = &dmd->segment; - if (dm_init_context(cd)) - return -ENOTSUP; if (!(dmt = dm_task_create(DM_DEVICE_TABLE))) - goto out; - if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt)) + return r; + if (!dm_task_secure_data(dmt)) goto out; if (!dm_task_set_name(dmt, name)) goto out; @@ -1081,35 +2575,49 @@ int dm_query_device(struct crypt_device *cd, const char *name, goto out; } - next = dm_get_next_target(dmt, next, &start, &length, - &target_type, ¶ms); - - if (!target_type || start != 0 || next) + if (dmi.target_count <= 0) { + r = -EINVAL; goto out; + } - if (!strcmp(target_type, DM_CRYPT_TARGET)) { - r = _dm_query_crypt(get_flags, &dmi, params, dmd); - } else if (!strcmp(target_type, DM_VERITY_TARGET)) { - r = _dm_query_verity(get_flags, &dmi, params, dmd); - if (r < 0) - goto out; - r = _dm_status_verity_ok(name); - if (r < 0) - goto out; - if (r == 0) - dmd->flags |= CRYPT_ACTIVATE_CORRUPTED; - r = 0; - } else + /* Never allow to return empty key */ + if ((get_flags & DM_ACTIVE_CRYPT_KEY) && dmi.suspended) { + log_dbg(cd, "Cannot read volume key while suspended."); r = -EINVAL; + goto out; + } - if (r < 0) + r = dm_targets_allocate(&dmd->segment, dmi.target_count); + if (r) goto out; - dmd->size = length; + do { + next = dm_get_next_target(dmt, next, &start, &length, + &target_type, ¶ms); + + r = dm_target_query(cd, t, &start, &length, target_type, params, get_flags, &dmd->flags); + if (!r && t->type == DM_VERITY) { + r = _dm_status_verity_ok(cd, name); + if (r == 0) + dmd->flags |= CRYPT_ACTIVATE_CORRUPTED; + } + + if (r < 0) { + if (r != -ENOTSUP) + log_err(cd, _("Failed to query dm-%s segment."), target_type); + goto out; + } + + dmd->size += length; + t = t->next; + } while (next && t); if (dmi.read_only) dmd->flags |= CRYPT_ACTIVATE_READONLY; + if (dmi.suspended) + dmd->flags |= CRYPT_ACTIVATE_SUSPENDED; + tmp_uuid = dm_task_get_uuid(dmt); if (!tmp_uuid) dmd->flags |= CRYPT_ACTIVATE_NO_UUID; @@ -1118,11 +2626,145 @@ int dm_query_device(struct crypt_device *cd, const char *name, dmd->uuid = strdup(tmp_uuid + DM_UUID_PREFIX_LEN); } + dmd->holders = 0; +#if (HAVE_DECL_DM_DEVICE_HAS_HOLDERS && HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS) + if (get_flags & DM_ACTIVE_HOLDERS) + dmd->holders = (dm_device_has_mounted_fs(dmi.major, dmi.minor) || + dm_device_has_holders(dmi.major, dmi.minor)); +#endif + r = (dmi.open_count > 0); out: if (dmt) dm_task_destroy(dmt); + if (r < 0) + dm_targets_free(cd, dmd); + + return r; +} + +int dm_query_device(struct crypt_device *cd, const char *name, + uint32_t get_flags, struct crypt_dm_active_device *dmd) +{ + int r; + + if (!dmd) + return -EINVAL; + + memset(dmd, 0, sizeof(*dmd)); + + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + + r = _dm_query_device(cd, name, get_flags, dmd); + + dm_exit_context(); + return r; +} + +static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_deps *deps, char **names, size_t names_offset, size_t names_length) +{ +#if HAVE_DECL_DM_DEVICE_GET_NAME + struct crypt_dm_active_device dmd; + char dmname[PATH_MAX]; + unsigned i; + int r, major, minor, count = 0; + + if (!prefix || !deps) + return -EINVAL; + + for (i = 0; i < deps->count; i++) { + major = major(deps->device[i]); + if (!dm_is_dm_major(major)) + continue; + + minor = minor(deps->device[i]); + if (!dm_device_get_name(major, minor, 0, dmname, PATH_MAX)) + return -EINVAL; + + memset(&dmd, 0, sizeof(dmd)); + r = _dm_query_device(cd, dmname, DM_ACTIVE_UUID, &dmd); + if (r < 0) + continue; + + if (!dmd.uuid || + strncmp(prefix, dmd.uuid, strlen(prefix)) || + crypt_string_in(dmname, names, names_length)) + *dmname = '\0'; + + dm_targets_free(cd, &dmd); + free(CONST_CAST(void*)dmd.uuid); + + if ((size_t)count >= (names_length - names_offset)) + return -ENOMEM; + + if (*dmname && !(names[names_offset + count++] = strdup(dmname))) + return -ENOMEM; + } + + return count; +#else + return -EINVAL; +#endif +} + +int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix, char **names, size_t names_length) +{ + struct dm_task *dmt; + struct dm_info dmi; + struct dm_deps *deps; + int r = -EINVAL; + size_t i, last = 0, offset = 0; + + if (!name || !names_length || !names) + return -EINVAL; + + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + + while (name) { + if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) + goto out; + if (!dm_task_set_name(dmt, name)) + goto out; + + r = -ENODEV; + if (!dm_task_run(dmt)) + goto out; + + r = -EINVAL; + if (!dm_task_get_info(dmt, &dmi)) + goto out; + if (!(deps = dm_task_get_deps(dmt))) + goto out; + + r = -ENODEV; + if (!dmi.exists) + goto out; + + r = _process_deps(cd, prefix, deps, names, offset, names_length - 1); + if (r < 0) + goto out; + + dm_task_destroy(dmt); + dmt = NULL; + + offset += r; + name = names[last++]; + } + + r = 0; +out: + if (r < 0) { + for (i = 0; i < names_length - 1; i++) + free(names[i]); + *names = NULL; + } + + if (dmt) + dm_task_destroy(dmt); + dm_exit_context(); return r; } @@ -1135,7 +2777,7 @@ static int _dm_message(const char *name, const char *msg) if (!(dmt = dm_task_create(DM_DEVICE_TARGET_MSG))) return 0; - if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt)) + if (!dm_task_secure_data(dmt)) goto out; if (name && !dm_task_set_name(dmt, name)) @@ -1148,51 +2790,78 @@ static int _dm_message(const char *name, const char *msg) goto out; r = dm_task_run(dmt); - - out: +out: dm_task_destroy(dmt); return r; } -int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name) +int dm_suspend_device(struct crypt_device *cd, const char *name, uint32_t dmflags) { + uint32_t dmt_flags; int r = -ENOTSUP; - if (dm_init_context(cd)) - return -ENOTSUP; + if (dm_init_context(cd, DM_UNKNOWN)) + return r; - if (!(_dm_crypt_flags & DM_KEY_WIPE_SUPPORTED)) - goto out; + if (dmflags & DM_SUSPEND_WIPE_KEY) { + if (dm_flags(cd, DM_CRYPT, &dmt_flags)) + goto out; - if (!_dm_simple(DM_DEVICE_SUSPEND, name, 0)) { - r = -EINVAL; - goto out; + if (!(dmt_flags & DM_KEY_WIPE_SUPPORTED)) + goto out; } - if (!_dm_message(name, "key wipe")) { - _dm_simple(DM_DEVICE_RESUME, name, 1); - r = -EINVAL; + r = -EINVAL; + + if (!_dm_simple(DM_DEVICE_SUSPEND, name, dmflags)) goto out; + + if (dmflags & DM_SUSPEND_WIPE_KEY) { + if (!_dm_message(name, "key wipe")) { + _dm_resume_device(name, 0); + goto out; + } } + r = 0; out: dm_exit_context(); return r; } +int dm_resume_device(struct crypt_device *cd, const char *name, uint32_t dmflags) +{ + int r; + + if (dm_init_context(cd, DM_UNKNOWN)) + return -ENOTSUP; + + r = _dm_resume_device(name, dmflags); + + dm_exit_context(); + + return r; +} + int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name, - size_t key_size, const char *key) + const struct volume_key *vk) { - int msg_size = key_size * 2 + 10; // key set + uint32_t dmt_flags; + int msg_size; char *msg = NULL; int r = -ENOTSUP; - if (dm_init_context(cd)) + if (dm_init_context(cd, DM_CRYPT) || dm_flags(cd, DM_CRYPT, &dmt_flags)) return -ENOTSUP; - if (!(_dm_crypt_flags & DM_KEY_WIPE_SUPPORTED)) + if (!(dmt_flags & DM_KEY_WIPE_SUPPORTED)) goto out; + if (vk->key_description) + msg_size = strlen(vk->key_description) + int_log10(vk->keylength) + 18; + else + msg_size = vk->keylength * 2 + 10; // key set + msg = crypt_safe_alloc(msg_size); if (!msg) { r = -ENOMEM; @@ -1200,10 +2869,13 @@ int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name, } strcpy(msg, "key set "); - hex_key(&msg[8], key_size, key); + if (vk->key_description) + snprintf(msg + 8, msg_size - 8, ":%zu:logon:%s", vk->keylength, vk->key_description); + else + hex_key(&msg[8], vk->keylength, vk->key); if (!_dm_message(name, msg) || - !_dm_simple(DM_DEVICE_RESUME, name, 1)) { + _dm_resume_device(name, 0)) { r = -EINVAL; goto out; } @@ -1219,7 +2891,7 @@ const char *dm_get_dir(void) return dm_dir(); } -int dm_is_dm_device(int major, int minor) +int dm_is_dm_device(int major) { return dm_is_dm_major((uint32_t)major); } @@ -1228,3 +2900,147 @@ int dm_is_dm_kernel_name(const char *name) { return strncmp(name, "dm-", 3) ? 0 : 1; } + +int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct volume_key *vk, const char *cipher, + uint64_t iv_offset, uint64_t data_offset, const char *integrity, uint32_t tag_size, + uint32_t sector_size) +{ + int r = -EINVAL; + + /* free on error */ + char *dm_integrity = NULL; + + if (tag_size) { + /* Space for IV metadata only */ + dm_integrity = strdup(integrity ?: "none"); + if (!dm_integrity) { + r = -ENOMEM; + goto err; + } + } + + tgt->data_device = data_device; + + tgt->type = DM_CRYPT; + tgt->direction = TARGET_SET; + tgt->u.crypt.vk = vk; + tgt->offset = seg_offset; + tgt->size = seg_size; + + tgt->u.crypt.cipher = cipher; + tgt->u.crypt.integrity = dm_integrity; + tgt->u.crypt.iv_offset = iv_offset; + tgt->u.crypt.offset = data_offset; + tgt->u.crypt.tag_size = tag_size; + tgt->u.crypt.sector_size = sector_size; + + return 0; +err: + free(dm_integrity); + + return r; +} + +int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct device *hash_device, struct device *fec_device, + const char *root_hash, uint32_t root_hash_size, const char *root_hash_sig_key_desc, + uint64_t hash_offset_block, uint64_t hash_blocks, struct crypt_params_verity *vp) +{ + if (!data_device || !hash_device || !vp) + return -EINVAL; + + tgt->type = DM_VERITY; + tgt->direction = TARGET_SET; + tgt->offset = seg_offset; + tgt->size = seg_size; + tgt->data_device = data_device; + + tgt->u.verity.hash_device = hash_device; + tgt->u.verity.fec_device = fec_device; + tgt->u.verity.root_hash = root_hash; + tgt->u.verity.root_hash_size = root_hash_size; + tgt->u.verity.root_hash_sig_key_desc = root_hash_sig_key_desc; + tgt->u.verity.hash_offset = hash_offset_block; + tgt->u.verity.fec_offset = vp->fec_area_offset / vp->hash_block_size; + tgt->u.verity.hash_blocks = hash_blocks; + tgt->u.verity.vp = vp; + + return 0; +} + +int dm_integrity_target_set(struct crypt_device *cd, + struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *meta_device, + struct device *data_device, uint64_t tag_size, uint64_t offset, + uint32_t sector_size, struct volume_key *vk, + struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, + const struct crypt_params_integrity *ip) +{ + uint32_t dmi_flags; + + if (!data_device) + return -EINVAL; + + _dm_check_versions(cd, DM_INTEGRITY); + + tgt->type = DM_INTEGRITY; + tgt->direction = TARGET_SET; + tgt->offset = seg_offset; + tgt->size = seg_size; + tgt->data_device = data_device; + if (meta_device != data_device) + tgt->u.integrity.meta_device = meta_device; + tgt->u.integrity.tag_size = tag_size; + tgt->u.integrity.offset = offset; + tgt->u.integrity.sector_size = sector_size; + + tgt->u.integrity.vk = vk; + tgt->u.integrity.journal_crypt_key = journal_crypt_key; + tgt->u.integrity.journal_integrity_key = journal_mac_key; + + if (!dm_flags(cd, DM_INTEGRITY, &dmi_flags) && + (dmi_flags & DM_INTEGRITY_FIX_PADDING_SUPPORTED) && + !(crypt_get_compatibility(cd) & CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING)) + tgt->u.integrity.fix_padding = true; + + if (ip) { + tgt->u.integrity.journal_size = ip->journal_size; + tgt->u.integrity.journal_watermark = ip->journal_watermark; + tgt->u.integrity.journal_commit_time = ip->journal_commit_time; + tgt->u.integrity.interleave_sectors = ip->interleave_sectors; + tgt->u.integrity.buffer_sectors = ip->buffer_sectors; + tgt->u.integrity.journal_integrity = ip->journal_integrity; + tgt->u.integrity.journal_crypt = ip->journal_crypt; + tgt->u.integrity.integrity = ip->integrity; + } + + return 0; +} + +int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, uint64_t data_offset) +{ + if (!data_device) + return -EINVAL; + + tgt->type = DM_LINEAR; + tgt->direction = TARGET_SET; + tgt->offset = seg_offset; + tgt->size = seg_size; + tgt->data_device = data_device; + + tgt->u.linear.offset = data_offset; + + return 0; +} + +int dm_zero_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size) +{ + tgt->type = DM_ZERO; + tgt->direction = TARGET_SET; + tgt->offset = seg_offset; + tgt->size = seg_size; + + return 0; +} diff --git a/lib/loopaes/Makefile.am b/lib/loopaes/Makefile.am deleted file mode 100644 index 0687c40..0000000 --- a/lib/loopaes/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ -moduledir = $(libdir)/cryptsetup - -noinst_LTLIBRARIES = libloopaes.la - -libloopaes_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ - -libloopaes_la_SOURCES = \ - loopaes.c \ - loopaes.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend - diff --git a/lib/loopaes/Makefile.in b/lib/loopaes/Makefile.in deleted file mode 100644 index 24747de..0000000 --- a/lib/loopaes/Makefile.in +++ /dev/null @@ -1,645 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = lib/loopaes -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libloopaes_la_LIBADD = -am_libloopaes_la_OBJECTS = libloopaes_la-loopaes.lo -libloopaes_la_OBJECTS = $(am_libloopaes_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libloopaes_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libloopaes_la_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libloopaes_la_SOURCES) -DIST_SOURCES = $(libloopaes_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -moduledir = $(libdir)/cryptsetup -noinst_LTLIBRARIES = libloopaes.la -libloopaes_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ -libloopaes_la_SOURCES = \ - loopaes.c \ - loopaes.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/loopaes/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu lib/loopaes/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libloopaes.la: $(libloopaes_la_OBJECTS) $(libloopaes_la_DEPENDENCIES) $(EXTRA_libloopaes_la_DEPENDENCIES) - $(AM_V_CCLD)$(libloopaes_la_LINK) $(libloopaes_la_OBJECTS) $(libloopaes_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libloopaes_la-loopaes.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libloopaes_la-loopaes.lo: loopaes.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libloopaes_la_CFLAGS) $(CFLAGS) -MT libloopaes_la-loopaes.lo -MD -MP -MF $(DEPDIR)/libloopaes_la-loopaes.Tpo -c -o libloopaes_la-loopaes.lo `test -f 'loopaes.c' || echo '$(srcdir)/'`loopaes.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libloopaes_la-loopaes.Tpo $(DEPDIR)/libloopaes_la-loopaes.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='loopaes.c' object='libloopaes_la-loopaes.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libloopaes_la_CFLAGS) $(CFLAGS) -c -o libloopaes_la-loopaes.lo `test -f 'loopaes.c' || echo '$(srcdir)/'`loopaes.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/loopaes/loopaes.c b/lib/loopaes/loopaes.c index 28a70b8..92090aa 100644 --- a/lib/loopaes/loopaes.c +++ b/lib/loopaes/loopaes.c @@ -1,8 +1,8 @@ /* * loop-AES compatible volume handling * - * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2013, Milan Broz + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -81,18 +81,18 @@ static int hash_keys(struct crypt_device *cd, const char *hash_name; char tweak, *key_ptr; unsigned int i; - int r; + int r = 0; hash_name = hash_override ?: get_hash(key_len_output); tweak = get_tweak(keys_count); if (!keys_count || !key_len_output || !hash_name || !key_len_input) { - log_err(cd, _("Key processing error (using hash %s).\n"), + log_err(cd, _("Key processing error (using hash %s)."), hash_name ?: "[none]"); return -EINVAL; } - *vk = crypt_alloc_volume_key(key_len_output * keys_count, NULL); + *vk = crypt_alloc_volume_key((size_t)key_len_output * keys_count, NULL); if (!*vk) return -ENOMEM; @@ -137,13 +137,13 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, unsigned int key_lengths[LOOPAES_KEYS_MAX]; unsigned int i, key_index, key_len, offset; - log_dbg("Parsing loop-AES keyfile of size %zu.", buffer_len); + log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len); if (!buffer_len) return -EINVAL; if (keyfile_is_gpg(buffer, buffer_len)) { - log_err(cd, _("Detected not yet supported GPG encrypted keyfile.\n")); + log_err(cd, _("Detected not yet supported GPG encrypted keyfile.")); log_std(cd, _("Please use gpg --decrypt | cryptsetup --keyfile=- ...\n")); return -EINVAL; } @@ -164,8 +164,8 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, key_lengths[key_index]++; } if (offset == buffer_len) { - log_dbg("Unterminated key #%d in keyfile.", key_index); - log_err(cd, _("Incompatible loop-AES keyfile detected.\n")); + log_dbg(cd, "Unterminated key #%d in keyfile.", key_index); + log_err(cd, _("Incompatible loop-AES keyfile detected.")); return -EINVAL; } while (offset < buffer_len && !buffer[offset]) @@ -177,7 +177,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, key_len = key_lengths[0]; for (i = 0; i < key_index; i++) if (!key_lengths[i] || (key_lengths[i] != key_len)) { - log_dbg("Unexpected length %d of key #%d (should be %d).", + log_dbg(cd, "Unexpected length %d of key #%d (should be %d).", key_lengths[i], i, key_len); key_len = 0; break; @@ -185,11 +185,11 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd, if (offset != buffer_len || key_len == 0 || (key_index != 1 && key_index !=64 && key_index != 65)) { - log_err(cd, _("Incompatible loop-AES keyfile detected.\n")); + log_err(cd, _("Incompatible loop-AES keyfile detected.")); return -EINVAL; } - log_dbg("Keyfile: %d keys of length %d.", key_index, key_len); + log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len); *keys_count = key_index; return hash_keys(cd, vk, hash, keys, key_index, @@ -203,24 +203,15 @@ int LOOPAES_activate(struct crypt_device *cd, struct volume_key *vk, uint32_t flags) { - char *cipher = NULL; - uint32_t req_flags; int r; + uint32_t req_flags, dmc_flags; + char *cipher = NULL; struct crypt_dm_active_device dmd = { - .target = DM_CRYPT, - .size = 0, - .flags = flags, - .data_device = crypt_data_device(cd), - .u.crypt = { - .cipher = NULL, - .vk = vk, - .offset = crypt_get_data_offset(cd), - .iv_offset = crypt_get_iv_offset(cd), - } + .flags = flags, }; - r = device_block_adjust(cd, dmd.data_device, DEV_EXCL, - dmd.u.crypt.offset, &dmd.size, &dmd.flags); + r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, + crypt_get_data_offset(cd), &dmd.size, &dmd.flags); if (r) return r; @@ -234,17 +225,29 @@ int LOOPAES_activate(struct crypt_device *cd, if (r < 0) return -ENOMEM; - dmd.u.crypt.cipher = cipher; - log_dbg("Trying to activate loop-AES device %s using cipher %s.", - name, dmd.u.crypt.cipher); + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), + vk, cipher, crypt_get_iv_offset(cd), + crypt_get_data_offset(cd), crypt_get_integrity(cd), + crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); - r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0); + if (r) { + free(cipher); + return r; + } + + log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.", + name, cipher); - if (r < 0 && !(dm_flags() & req_flags)) { - log_err(cd, _("Kernel doesn't support loop-AES compatible mapping.\n")); + r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd); + + if (r < 0 && !dm_flags(cd, DM_CRYPT, &dmc_flags) && + (dmc_flags & req_flags) != req_flags) { + log_err(cd, _("Kernel does not support loop-AES compatible mapping.")); r = -ENOTSUP; } + dm_targets_free(cd, &dmd); free(cipher); + return r; } diff --git a/lib/loopaes/loopaes.h b/lib/loopaes/loopaes.h index 00d1a87..5f6e93f 100644 --- a/lib/loopaes/loopaes.h +++ b/lib/loopaes/loopaes.h @@ -1,8 +1,8 @@ /* * loop-AES compatible volume handling * - * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2011-2013, Milan Broz + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -22,6 +22,7 @@ #ifndef _LOOPAES_H #define _LOOPAES_H +#include #include struct crypt_device; diff --git a/lib/luks1/Makefile.am b/lib/luks1/Makefile.am deleted file mode 100644 index 5d6800e..0000000 --- a/lib/luks1/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ -moduledir = $(libdir)/cryptsetup - -noinst_LTLIBRARIES = libluks1.la - -libluks1_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ - -libluks1_la_SOURCES = \ - af.c \ - keymanage.c \ - keyencryption.c \ - af.h \ - luks.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend - diff --git a/lib/luks1/Makefile.in b/lib/luks1/Makefile.in deleted file mode 100644 index f5d3fde..0000000 --- a/lib/luks1/Makefile.in +++ /dev/null @@ -1,665 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = lib/luks1 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libluks1_la_LIBADD = -am_libluks1_la_OBJECTS = libluks1_la-af.lo libluks1_la-keymanage.lo \ - libluks1_la-keyencryption.lo -libluks1_la_OBJECTS = $(am_libluks1_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libluks1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libluks1_la_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libluks1_la_SOURCES) -DIST_SOURCES = $(libluks1_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -moduledir = $(libdir)/cryptsetup -noinst_LTLIBRARIES = libluks1.la -libluks1_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ -libluks1_la_SOURCES = \ - af.c \ - keymanage.c \ - keyencryption.c \ - af.h \ - luks.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/luks1/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu lib/luks1/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libluks1.la: $(libluks1_la_OBJECTS) $(libluks1_la_DEPENDENCIES) $(EXTRA_libluks1_la_DEPENDENCIES) - $(AM_V_CCLD)$(libluks1_la_LINK) $(libluks1_la_OBJECTS) $(libluks1_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libluks1_la-af.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libluks1_la-keyencryption.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libluks1_la-keymanage.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libluks1_la-af.lo: af.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libluks1_la_CFLAGS) $(CFLAGS) -MT libluks1_la-af.lo -MD -MP -MF $(DEPDIR)/libluks1_la-af.Tpo -c -o libluks1_la-af.lo `test -f 'af.c' || echo '$(srcdir)/'`af.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libluks1_la-af.Tpo $(DEPDIR)/libluks1_la-af.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='af.c' object='libluks1_la-af.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libluks1_la_CFLAGS) $(CFLAGS) -c -o libluks1_la-af.lo `test -f 'af.c' || echo '$(srcdir)/'`af.c - -libluks1_la-keymanage.lo: keymanage.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libluks1_la_CFLAGS) $(CFLAGS) -MT libluks1_la-keymanage.lo -MD -MP -MF $(DEPDIR)/libluks1_la-keymanage.Tpo -c -o libluks1_la-keymanage.lo `test -f 'keymanage.c' || echo '$(srcdir)/'`keymanage.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libluks1_la-keymanage.Tpo $(DEPDIR)/libluks1_la-keymanage.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='keymanage.c' object='libluks1_la-keymanage.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libluks1_la_CFLAGS) $(CFLAGS) -c -o libluks1_la-keymanage.lo `test -f 'keymanage.c' || echo '$(srcdir)/'`keymanage.c - -libluks1_la-keyencryption.lo: keyencryption.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libluks1_la_CFLAGS) $(CFLAGS) -MT libluks1_la-keyencryption.lo -MD -MP -MF $(DEPDIR)/libluks1_la-keyencryption.Tpo -c -o libluks1_la-keyencryption.lo `test -f 'keyencryption.c' || echo '$(srcdir)/'`keyencryption.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libluks1_la-keyencryption.Tpo $(DEPDIR)/libluks1_la-keyencryption.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='keyencryption.c' object='libluks1_la-keyencryption.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libluks1_la_CFLAGS) $(CFLAGS) -c -o libluks1_la-keyencryption.lo `test -f 'keyencryption.c' || echo '$(srcdir)/'`keyencryption.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/luks1/af.c b/lib/luks1/af.c index 835d997..a781376 100644 --- a/lib/luks1/af.c +++ b/lib/luks1/af.c @@ -1,11 +1,11 @@ /* * AFsplitter - Anti forensic information splitter * - * Copyright (C) 2004, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2004 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. * * AFsplitter diffuses information over a large stripe of data, - * therefor supporting secure data destruction. + * therefore supporting secure data destruction. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -25,7 +25,6 @@ #include #include #include -#include #include #include "internal.h" #include "af.h" @@ -34,7 +33,7 @@ static void XORblock(const char *src1, const char *src2, char *dst, size_t n) { size_t j; - for(j = 0; j < n; ++j) + for (j = 0; j < n; j++) dst[j] = src1[j] ^ src2[j]; } @@ -45,7 +44,7 @@ static int hash_buf(const char *src, char *dst, uint32_t iv, char *iv_char = (char *)&iv; int r; - iv = htonl(iv); + iv = be32_to_cpu(iv); if (crypt_hash_init(&hd, hash_name)) return -EINVAL; @@ -61,34 +60,38 @@ out: return r; } -/* diffuse: Information spreading over the whole dataset with +/* + * diffuse: Information spreading over the whole dataset with * the help of hash function. */ - static int diffuse(char *src, char *dst, size_t size, const char *hash_name) { - int hash_size = crypt_hash_size(hash_name); + int r, hash_size = crypt_hash_size(hash_name); unsigned int digest_size; unsigned int i, blocks, padding; if (hash_size <= 0) - return 1; + return -EINVAL; digest_size = hash_size; blocks = size / digest_size; padding = size % digest_size; - for (i = 0; i < blocks; i++) - if(hash_buf(src + digest_size * i, + for (i = 0; i < blocks; i++) { + r = hash_buf(src + digest_size * i, dst + digest_size * i, - i, (size_t)digest_size, hash_name)) - return 1; + i, (size_t)digest_size, hash_name); + if (r < 0) + return r; + } - if(padding) - if(hash_buf(src + digest_size * i, + if (padding) { + r = hash_buf(src + digest_size * i, dst + digest_size * i, - i, (size_t)padding, hash_name)) - return 1; + i, (size_t)padding, hash_name); + if (r < 0) + return r; + } return 0; } @@ -98,53 +101,57 @@ static int diffuse(char *src, char *dst, size_t size, const char *hash_name) * blocknumbers. The same blocksize and blocknumbers values * must be supplied to AF_merge to recover information. */ - -int AF_split(char *src, char *dst, size_t blocksize, - unsigned int blocknumbers, const char *hash) +int AF_split(struct crypt_device *ctx, const char *src, char *dst, + size_t blocksize, unsigned int blocknumbers, const char *hash) { unsigned int i; char *bufblock; - int r = -EINVAL; + int r; - if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM; + bufblock = crypt_safe_alloc(blocksize); + if (!bufblock) + return -ENOMEM; /* process everything except the last block */ - for(i=0; i - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2004 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. * * AFsplitter diffuses information over a large stripe of data, - * therefor supporting secure data destruction. + * therefore supporting secure data destruction. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -24,6 +24,8 @@ #ifndef INCLUDED_CRYPTSETUP_LUKS_AF_H #define INCLUDED_CRYPTSETUP_LUKS_AF_H +#include + /* * AF_split operates on src and produces information split data in * dst. src is assumed to be of the length blocksize. The data stripe @@ -37,8 +39,26 @@ * On error, both functions return -1, 0 otherwise. */ -int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash); -int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash); +int AF_split(struct crypt_device *ctx, const char *src, char *dst, + size_t blocksize, unsigned int blocknumbers, const char *hash); +int AF_merge(struct crypt_device *ctx, const char *src, char *dst, size_t blocksize, + unsigned int blocknumbers, const char *hash); size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers); +int LUKS_encrypt_to_storage( + char *src, size_t srcLength, + const char *cipher, + const char *cipher_mode, + struct volume_key *vk, + unsigned int sector, + struct crypt_device *ctx); + +int LUKS_decrypt_from_storage( + char *dst, size_t dstLength, + const char *cipher, + const char *cipher_mode, + struct volume_key *vk, + unsigned int sector, + struct crypt_device *ctx); + #endif diff --git a/lib/luks1/keyencryption.c b/lib/luks1/keyencryption.c index 3bc9c33..fdab63a 100644 --- a/lib/luks1/keyencryption.c +++ b/lib/luks1/keyencryption.c @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup * - * Copyright (C) 2004-2006, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2014, Milan Broz + * Copyright (C) 2004-2006 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,58 +21,59 @@ */ #include -#include +#include #include +#include #include "luks.h" +#include "af.h" #include "internal.h" static void _error_hint(struct crypt_device *ctx, const char *device, const char *cipher, const char *mode, size_t keyLength) { - char cipher_spec[MAX_CIPHER_LEN * 3]; + char *c, cipher_spec[MAX_CIPHER_LEN * 3]; if (snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, mode) < 0) return; log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n" - "Check that kernel supports %s cipher (check syslog for more info).\n"), + "Check that kernel supports %s cipher (check syslog for more info)."), device, cipher_spec); if (!strncmp(mode, "xts", 3) && (keyLength != 256 && keyLength != 512)) - log_err(ctx, _("Key size in XTS mode must be 256 or 512 bits.\n")); + log_err(ctx, _("Key size in XTS mode must be 256 or 512 bits.")); + else if (!(c = strchr(mode, '-')) || strlen(c) < 4) + log_err(ctx, _("Cipher specification should be in [cipher]-[mode]-[iv] format.")); } static int LUKS_endec_template(char *src, size_t srcLength, const char *cipher, const char *cipher_mode, struct volume_key *vk, unsigned int sector, - ssize_t (*func)(int, int, void *, size_t), + ssize_t (*func)(int, size_t, size_t, void *, size_t), int mode, struct crypt_device *ctx) { char name[PATH_MAX], path[PATH_MAX]; char cipher_spec[MAX_CIPHER_LEN * 3]; struct crypt_dm_active_device dmd = { - .target = DM_CRYPT, - .uuid = NULL, - .flags = CRYPT_ACTIVATE_PRIVATE, - .data_device = crypt_metadata_device(ctx), - .u.crypt = { - .cipher = cipher_spec, - .vk = vk, - .offset = sector, - .iv_offset = 0, - } + .flags = CRYPT_ACTIVATE_PRIVATE, }; - int r, bsize, devfd = -1; + int r, devfd = -1, remove_dev = 0; + size_t bsize, keyslot_alignment, alignment; - log_dbg("Using dmcrypt to access keyslot area."); + log_dbg(ctx, "Using dmcrypt to access keyslot area."); - bsize = device_block_size(dmd.data_device); - if (bsize <= 0) + bsize = device_block_size(ctx, crypt_metadata_device(ctx)); + alignment = device_alignment(crypt_metadata_device(ctx)); + if (!bsize || !alignment) return -EINVAL; - dmd.size = size_round_up(srcLength, bsize) / SECTOR_SIZE; + if (bsize > LUKS_ALIGN_KEYSLOTS) + keyslot_alignment = LUKS_ALIGN_KEYSLOTS; + else + keyslot_alignment = bsize; + dmd.size = size_round_up(srcLength, keyslot_alignment) / SECTOR_SIZE; if (mode == O_RDONLY) dmd.flags |= CRYPT_ACTIVATE_READONLY; @@ -84,45 +85,55 @@ static int LUKS_endec_template(char *src, size_t srcLength, if (snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, cipher_mode) < 0) return -ENOMEM; - r = device_block_adjust(ctx, dmd.data_device, DEV_OK, - dmd.u.crypt.offset, &dmd.size, &dmd.flags); + r = device_block_adjust(ctx, crypt_metadata_device(ctx), DEV_OK, + sector, &dmd.size, &dmd.flags); if (r < 0) { - log_err(ctx, _("Device %s doesn't exist or access denied.\n"), - device_path(dmd.data_device)); + log_err(ctx, _("Device %s does not exist or access denied."), + device_path(crypt_metadata_device(ctx))); return -EIO; } if (mode != O_RDONLY && dmd.flags & CRYPT_ACTIVATE_READONLY) { - log_err(ctx, _("Cannot write to device %s, permission denied.\n"), - device_path(dmd.data_device)); + log_err(ctx, _("Cannot write to device %s, permission denied."), + device_path(crypt_metadata_device(ctx))); return -EACCES; } - r = dm_create_device(ctx, name, "TEMP", &dmd, 0); + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, + crypt_metadata_device(ctx), vk, cipher_spec, 0, sector, + NULL, 0, SECTOR_SIZE); + if (r) + goto out; + + r = dm_create_device(ctx, name, "TEMP", &dmd); if (r < 0) { if (r != -EACCES && r != -ENOTSUP) - _error_hint(ctx, device_path(dmd.data_device), + _error_hint(ctx, device_path(crypt_metadata_device(ctx)), cipher, cipher_mode, vk->keylength * 8); - return -EIO; + r = -EIO; + goto out; } + remove_dev = 1; devfd = open(path, mode | O_DIRECT | O_SYNC); if (devfd == -1) { - log_err(ctx, _("Failed to open temporary keystore device.\n")); + log_err(ctx, _("Failed to open temporary keystore device.")); r = -EIO; goto out; } - r = func(devfd, bsize, src, srcLength); + r = func(devfd, bsize, alignment, src, srcLength); if (r < 0) { - log_err(ctx, _("Failed to access temporary keystore device.\n")); + log_err(ctx, _("Failed to access temporary keystore device.")); r = -EIO; } else r = 0; out: - if(devfd != -1) + dm_targets_free(ctx, &dmd); + if (devfd != -1) close(devfd); - dm_remove_device(ctx, name, 1, dmd.size); + if (remove_dev) + dm_remove_device(ctx, name, CRYPT_DEACTIVATE_FORCE); return r; } @@ -133,20 +144,19 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength, unsigned int sector, struct crypt_device *ctx) { - struct device *device = crypt_metadata_device(ctx); struct crypt_storage *s; - int devfd = -1, bsize, r = 0; + int devfd, r = 0; /* Only whole sector writes supported */ - if (srcLength % SECTOR_SIZE) + if (MISALIGNED_512(srcLength)) return -EINVAL; /* Encrypt buffer */ - r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength); + r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength); if (r) - log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).", + log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).", cipher, cipher_mode, r); /* Fallback to old temporary dmcrypt device */ @@ -160,9 +170,9 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength, return r; } - log_dbg("Using userspace crypto wrapper to access keyslot area."); + log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area."); - r = crypt_storage_encrypt(s, 0, srcLength / SECTOR_SIZE, src); + r = crypt_storage_encrypt(s, 0, srcLength, src); crypt_storage_destroy(s); if (r) @@ -171,24 +181,23 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength, r = -EIO; /* Write buffer to device */ - bsize = device_block_size(device); - if (bsize <= 0) - goto out; - - devfd = device_open(device, O_RDWR); - if (devfd == -1) + if (device_is_locked(device)) + devfd = device_open_locked(ctx, device, O_RDWR); + else + devfd = device_open(ctx, device, O_RDWR); + if (devfd < 0) goto out; - if (lseek(devfd, sector * SECTOR_SIZE, SEEK_SET) == -1 || - write_blockwise(devfd, bsize, src, srcLength) == -1) + if (write_lseek_blockwise(devfd, device_block_size(ctx, device), + device_alignment(device), src, srcLength, + sector * SECTOR_SIZE) < 0) goto out; r = 0; out: - if(devfd != -1) - close(devfd); + device_sync(ctx, device); if (r) - log_err(ctx, _("IO error while encrypting keyslot.\n")); + log_err(ctx, _("IO error while encrypting keyslot.")); return r; } @@ -202,16 +211,17 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength, { struct device *device = crypt_metadata_device(ctx); struct crypt_storage *s; - int devfd = -1, bsize, r = 0; + struct stat st; + int devfd, r = 0; /* Only whole sector reads supported */ - if (dstLength % SECTOR_SIZE) + if (MISALIGNED_512(dstLength)) return -EINVAL; - r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength); + r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength); if (r) - log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).", + log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).", cipher, cipher_mode, r); /* Fallback to old temporary dmcrypt device */ @@ -225,35 +235,33 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength, return r; } - log_dbg("Using userspace crypto wrapper to access keyslot area."); - - r = -EIO; + log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area."); /* Read buffer from device */ - bsize = device_block_size(device); - if (bsize <= 0) - goto bad; - - devfd = device_open(device, O_RDONLY); - if (devfd == -1) - goto bad; + if (device_is_locked(device)) + devfd = device_open_locked(ctx, device, O_RDONLY); + else + devfd = device_open(ctx, device, O_RDONLY); + if (devfd < 0) { + log_err(ctx, _("Cannot open device %s."), device_path(device)); + crypt_storage_destroy(s); + return -EIO; + } - if (lseek(devfd, sector * SECTOR_SIZE, SEEK_SET) == -1 || - read_blockwise(devfd, bsize, dst, dstLength) == -1) - goto bad; + if (read_lseek_blockwise(devfd, device_block_size(ctx, device), + device_alignment(device), dst, dstLength, + sector * SECTOR_SIZE) < 0) { + if (!fstat(devfd, &st) && (st.st_size < (off_t)dstLength)) + log_err(ctx, _("Device %s is too small."), device_path(device)); + else + log_err(ctx, _("IO error while decrypting keyslot.")); - close(devfd); + crypt_storage_destroy(s); + return -EIO; + } /* Decrypt buffer */ - r = crypt_storage_decrypt(s, 0, dstLength / SECTOR_SIZE, dst); - crypt_storage_destroy(s); - - return r; -bad: - if(devfd != -1) - close(devfd); - - log_err(ctx, _("IO error while decrypting keyslot.\n")); + r = crypt_storage_decrypt(s, 0, dstLength, dst); crypt_storage_destroy(s); return r; diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c index 8ae2af8..a08ff50 100644 --- a/lib/luks1/keymanage.c +++ b/lib/luks1/keymanage.c @@ -1,9 +1,9 @@ /* * LUKS - Linux Unified Key Setup * - * Copyright (C) 2004-2006, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2013-2014, Milan Broz + * Copyright (C) 2004-2006 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2013-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,7 +23,6 @@ #include #include #include -#include #include #include #include @@ -37,24 +36,7 @@ #include "af.h" #include "internal.h" -/* Get size of struct luks_phdr with all keyslots material space */ -static size_t LUKS_device_sectors(size_t keyLen) -{ - size_t keyslot_sectors, sector; - int i; - - keyslot_sectors = AF_split_sectors(keyLen, LUKS_STRIPES); - sector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE; - - for (i = 0; i < LUKS_NUMKEYS; i++) { - sector = size_round_up(sector, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE); - sector += keyslot_sectors; - } - - return sector; -} - -int LUKS_keyslot_area(struct luks_phdr *hdr, +int LUKS_keyslot_area(const struct luks_phdr *hdr, int keyslot, uint64_t *offset, uint64_t *length) @@ -62,32 +44,70 @@ int LUKS_keyslot_area(struct luks_phdr *hdr, if(keyslot >= LUKS_NUMKEYS || keyslot < 0) return -EINVAL; - *offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE; + *offset = (uint64_t)hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE; *length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE; return 0; } -static int LUKS_check_device_size(struct crypt_device *ctx, size_t keyLength) +/* insertsort: because the array has 8 elements and it's mostly sorted. that's why */ +static void LUKS_sort_keyslots(const struct luks_phdr *hdr, int *array) +{ + int i, j, x; + + for (i = 1; i < LUKS_NUMKEYS; i++) { + j = i; + while (j > 0 && hdr->keyblock[array[j-1]].keyMaterialOffset > hdr->keyblock[array[j]].keyMaterialOffset) { + x = array[j]; + array[j] = array[j-1]; + array[j-1] = x; + j--; + } + } +} + +size_t LUKS_device_sectors(const struct luks_phdr *hdr) +{ + int sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 }; + + LUKS_sort_keyslots(hdr, sorted_areas); + + return hdr->keyblock[sorted_areas[LUKS_NUMKEYS-1]].keyMaterialOffset + AF_split_sectors(hdr->keyBytes, LUKS_STRIPES); +} + +size_t LUKS_keyslots_offset(const struct luks_phdr *hdr) +{ + int sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 }; + + LUKS_sort_keyslots(hdr, sorted_areas); + + return hdr->keyblock[sorted_areas[0]].keyMaterialOffset; +} + +static int LUKS_check_device_size(struct crypt_device *ctx, const struct luks_phdr *hdr, int falloc) { struct device *device = crypt_metadata_device(ctx); uint64_t dev_sectors, hdr_sectors; - if (!keyLength) + if (!hdr->keyBytes) return -EINVAL; - if(device_size(device, &dev_sectors)) { - log_dbg("Cannot get device size for device %s.", device_path(device)); + if (device_size(device, &dev_sectors)) { + log_dbg(ctx, "Cannot get device size for device %s.", device_path(device)); return -EIO; } dev_sectors >>= SECTOR_SHIFT; - hdr_sectors = LUKS_device_sectors(keyLength); - log_dbg("Key length %zu, device size %" PRIu64 " sectors, header size %" - PRIu64 " sectors.",keyLength, dev_sectors, hdr_sectors); + hdr_sectors = LUKS_device_sectors(hdr); + log_dbg(ctx, "Key length %u, device size %" PRIu64 " sectors, header size %" + PRIu64 " sectors.", hdr->keyBytes, dev_sectors, hdr_sectors); if (hdr_sectors > dev_sectors) { - log_err(ctx, _("Device %s is too small. (LUKS requires at least %" PRIu64 " bytes.)\n"), + /* If it is header file, increase its size */ + if (falloc && !device_fallocate(device, hdr_sectors << SECTOR_SHIFT)) + return 0; + + log_err(ctx, _("Device %s is too small. (LUKS1 requires at least %" PRIu64 " bytes.)"), device_path(device), hdr_sectors * SECTOR_SIZE); return -EINVAL; } @@ -95,40 +115,67 @@ static int LUKS_check_device_size(struct crypt_device *ctx, size_t keyLength) return 0; } -/* Check keyslot to prevent access outside of header and keyslot area */ -static int LUKS_check_keyslot_size(const struct luks_phdr *phdr, unsigned int keyIndex) +static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr *phdr) { - uint32_t secs_per_stripes; + int i, prev, next, sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 }; + uint32_t secs_per_stripes = AF_split_sectors(phdr->keyBytes, LUKS_STRIPES); - /* First sectors is the header itself */ - if (phdr->keyblock[keyIndex].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) { - log_dbg("Invalid offset %u in keyslot %u.", - phdr->keyblock[keyIndex].keyMaterialOffset, keyIndex); - return 1; - } + LUKS_sort_keyslots(phdr, sorted_areas); + + /* Check keyslot to prevent access outside of header and keyslot area */ + for (i = 0; i < LUKS_NUMKEYS; i++) { + /* enforce stripes == 4000 */ + if (phdr->keyblock[i].stripes != LUKS_STRIPES) { + log_dbg(ctx, "Invalid stripes count %u in keyslot %u.", + phdr->keyblock[i].stripes, i); + log_err(ctx, _("LUKS keyslot %u is invalid."), i); + return -1; + } - /* Ignore following check for detached header where offset can be zero. */ - if (phdr->payloadOffset == 0) - return 0; + /* First sectors is the header itself */ + if (phdr->keyblock[i].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) { + log_dbg(ctx, "Invalid offset %u in keyslot %u.", + phdr->keyblock[i].keyMaterialOffset, i); + log_err(ctx, _("LUKS keyslot %u is invalid."), i); + return -1; + } - if (phdr->payloadOffset <= phdr->keyblock[keyIndex].keyMaterialOffset) { - log_dbg("Invalid offset %u in keyslot %u (beyond data area offset %u).", - phdr->keyblock[keyIndex].keyMaterialOffset, keyIndex, - phdr->payloadOffset); - return 1; - } + /* Ignore following check for detached header where offset can be zero. */ + if (phdr->payloadOffset == 0) + continue; - secs_per_stripes = AF_split_sectors(phdr->keyBytes, phdr->keyblock[keyIndex].stripes); + if (phdr->payloadOffset <= phdr->keyblock[i].keyMaterialOffset) { + log_dbg(ctx, "Invalid offset %u in keyslot %u (beyond data area offset %u).", + phdr->keyblock[i].keyMaterialOffset, i, + phdr->payloadOffset); + log_err(ctx, _("LUKS keyslot %u is invalid."), i); + return -1; + } + + if (phdr->payloadOffset < (phdr->keyblock[i].keyMaterialOffset + secs_per_stripes)) { + log_dbg(ctx, "Invalid keyslot size %u (offset %u, stripes %u) in " + "keyslot %u (beyond data area offset %u).", + secs_per_stripes, + phdr->keyblock[i].keyMaterialOffset, + phdr->keyblock[i].stripes, + i, phdr->payloadOffset); + log_err(ctx, _("LUKS keyslot %u is invalid."), i); + return -1; + } + } - if (phdr->payloadOffset < (phdr->keyblock[keyIndex].keyMaterialOffset + secs_per_stripes)) { - log_dbg("Invalid keyslot size %u (offset %u, stripes %u) in " - "keyslot %u (beyond data area offset %u).", - secs_per_stripes, - phdr->keyblock[keyIndex].keyMaterialOffset, - phdr->keyblock[keyIndex].stripes, - keyIndex, phdr->payloadOffset); - return 1; + /* check no keyslot overlaps with each other */ + for (i = 1; i < LUKS_NUMKEYS; i++) { + prev = sorted_areas[i-1]; + next = sorted_areas[i]; + if (phdr->keyblock[next].keyMaterialOffset < + (phdr->keyblock[prev].keyMaterialOffset + secs_per_stripes)) { + log_dbg(ctx, "Not enough space in LUKS keyslot %d.", prev); + log_err(ctx, _("LUKS keyslot %u is invalid."), prev); + return -1; + } } + /* do not check last keyslot on purpose, it must be tested in device size check */ return 0; } @@ -152,16 +199,17 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx) { struct device *device = crypt_metadata_device(ctx); struct luks_phdr hdr; - int r = 0, devfd = -1; - ssize_t hdr_size; - ssize_t buffer_size; + int fd, devfd, r = 0; + size_t hdr_size; + size_t buffer_size; + ssize_t ret; char *buffer = NULL; r = LUKS_read_phdr(&hdr, 1, 0, ctx); if (r) return r; - hdr_size = LUKS_device_sectors(hdr.keyBytes) << SECTOR_SHIFT; + hdr_size = LUKS_device_sectors(&hdr) << SECTOR_SHIFT; buffer_size = size_round_up(hdr_size, crypt_getpagesize()); buffer = crypt_safe_alloc(buffer_size); @@ -170,49 +218,48 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx) goto out; } - log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes).", + log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).", sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS); - log_dbg("Output backup file size: %zu bytes.", buffer_size); + log_dbg(ctx, "Output backup file size: %zu bytes.", buffer_size); - devfd = device_open(device, O_RDONLY); - if(devfd == -1) { - log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device_path(device)); + devfd = device_open(ctx, device, O_RDONLY); + if (devfd < 0) { + log_err(ctx, _("Device %s is not a valid LUKS device."), device_path(device)); r = -EINVAL; goto out; } - if (read_blockwise(devfd, device_block_size(device), buffer, hdr_size) < hdr_size) { + if (read_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device), + buffer, hdr_size, 0) < (ssize_t)hdr_size) { r = -EIO; goto out; } - close(devfd); /* Wipe unused area, so backup cannot contain old signatures */ if (hdr.keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS) memset(buffer + sizeof(hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(hdr)); - devfd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR); - if (devfd == -1) { + fd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR); + if (fd == -1) { if (errno == EEXIST) - log_err(ctx, _("Requested header backup file %s already exists.\n"), backup_file); + log_err(ctx, _("Requested header backup file %s already exists."), backup_file); else - log_err(ctx, _("Cannot create header backup file %s.\n"), backup_file); + log_err(ctx, _("Cannot create header backup file %s."), backup_file); r = -EINVAL; goto out; } - if (write(devfd, buffer, buffer_size) < buffer_size) { - log_err(ctx, _("Cannot write header backup file %s.\n"), backup_file); + ret = write_buffer(fd, buffer, buffer_size); + close(fd); + if (ret < (ssize_t)buffer_size) { + log_err(ctx, _("Cannot write header backup file %s."), backup_file); r = -EIO; goto out; } - close(devfd); r = 0; out: - if (devfd != -1) - close(devfd); - crypt_memzero(&hdr, sizeof(hdr)); + crypt_safe_memzero(&hdr, sizeof(hdr)); crypt_safe_free(buffer); return r; } @@ -223,8 +270,8 @@ int LUKS_hdr_restore( struct crypt_device *ctx) { struct device *device = crypt_metadata_device(ctx); - int r = 0, devfd = -1, diff_uuid = 0; - ssize_t buffer_size = 0; + int fd, r = 0, devfd = -1, diff_uuid = 0; + ssize_t ret, buffer_size = 0; char *buffer = NULL, msg[200]; struct luks_phdr hdr_file; @@ -233,10 +280,10 @@ int LUKS_hdr_restore( return r; if (!r) - buffer_size = LUKS_device_sectors(hdr_file.keyBytes) << SECTOR_SHIFT; + buffer_size = LUKS_device_sectors(&hdr_file) << SECTOR_SHIFT; if (r || buffer_size < LUKS_ALIGN_KEYSLOTS) { - log_err(ctx, _("Backup file doesn't contain valid LUKS header.\n")); + log_err(ctx, _("Backup file does not contain valid LUKS header.")); r = -EINVAL; goto out; } @@ -247,26 +294,27 @@ int LUKS_hdr_restore( goto out; } - devfd = open(backup_file, O_RDONLY); - if (devfd == -1) { - log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file); + fd = open(backup_file, O_RDONLY); + if (fd == -1) { + log_err(ctx, _("Cannot open header backup file %s."), backup_file); r = -EINVAL; goto out; } - if (read(devfd, buffer, buffer_size) < buffer_size) { - log_err(ctx, _("Cannot read header backup file %s.\n"), backup_file); + ret = read_buffer(fd, buffer, buffer_size); + close(fd); + if (ret < buffer_size) { + log_err(ctx, _("Cannot read header backup file %s."), backup_file); r = -EIO; goto out; } - close(devfd); r = LUKS_read_phdr(hdr, 0, 0, ctx); if (r == 0) { - log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device_path(device)); + log_dbg(ctx, "Device %s already contains LUKS header, checking UUID and offset.", device_path(device)); if(hdr->payloadOffset != hdr_file.payloadOffset || hdr->keyBytes != hdr_file.keyBytes) { - log_err(ctx, _("Data offset or key size differs on device and backup, restore failed.\n")); + log_err(ctx, _("Data offset or key size differs on device and backup, restore failed.")); r = -EINVAL; goto out; } @@ -287,31 +335,30 @@ int LUKS_hdr_restore( goto out; } - log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.", + log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.", sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device)); - devfd = device_open(device, O_RDWR); - if (devfd == -1) { + devfd = device_open(ctx, device, O_RDWR); + if (devfd < 0) { if (errno == EACCES) - log_err(ctx, _("Cannot write to device %s, permission denied.\n"), + log_err(ctx, _("Cannot write to device %s, permission denied."), device_path(device)); else - log_err(ctx, _("Cannot open device %s.\n"), device_path(device)); + log_err(ctx, _("Cannot open device %s."), device_path(device)); r = -EINVAL; goto out; } - if (write_blockwise(devfd, device_block_size(device), buffer, buffer_size) < buffer_size) { + if (write_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device), + buffer, buffer_size, 0) < buffer_size) { r = -EIO; goto out; } - close(devfd); /* Be sure to reload new data */ r = LUKS_read_phdr(hdr, 1, 0, ctx); out: - if (devfd != -1) - close(devfd); + device_sync(ctx, device); crypt_safe_free(buffer); return r; } @@ -322,45 +369,44 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) struct luks_phdr temp_phdr; const unsigned char *sector = (const unsigned char*)phdr; struct volume_key *vk; - uint64_t PBKDF2_per_sec = 1; int i, bad, r, need_write = 0; if (phdr->keyBytes != 16 && phdr->keyBytes != 32 && phdr->keyBytes != 64) { - log_err(ctx, _("Non standard key size, manual repair required.\n")); + log_err(ctx, _("Non standard key size, manual repair required.")); return -EINVAL; } /* cryptsetup 1.0 did not align to 4k, cannot repair this one */ - if (phdr->keyblock[0].keyMaterialOffset < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) { - log_err(ctx, _("Non standard keyslots alignment, manual repair required.\n")); + if (LUKS_keyslots_offset(phdr) < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) { + log_err(ctx, _("Non standard keyslots alignment, manual repair required.")); return -EINVAL; } + r = LUKS_check_cipher(ctx, phdr->keyBytes, phdr->cipherName, phdr->cipherMode); + if (r < 0) + return -EINVAL; + vk = crypt_alloc_volume_key(phdr->keyBytes, NULL); - log_verbose(ctx, _("Repairing keyslots.\n")); + log_verbose(ctx, _("Repairing keyslots.")); - log_dbg("Generating second header with the same parameters for check."); + log_dbg(ctx, "Generating second header with the same parameters for check."); /* cipherName, cipherMode, hashSpec, uuid are already null terminated */ /* payloadOffset - cannot check */ r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode, - phdr->hashSpec,phdr->uuid, LUKS_STRIPES, - phdr->payloadOffset, 0, - 1, &PBKDF2_per_sec, - 1, ctx); - if (r < 0) { - log_err(ctx, _("Repair failed.")); + phdr->hashSpec, phdr->uuid, + phdr->payloadOffset * SECTOR_SIZE, 0, 0, ctx); + if (r < 0) goto out; - } for(i = 0; i < LUKS_NUMKEYS; ++i) { if (phdr->keyblock[i].active == LUKS_KEY_ENABLED) { - log_dbg("Skipping repair for active keyslot %i.", i); + log_dbg(ctx, "Skipping repair for active keyslot %i.", i); continue; } bad = 0; if (phdr->keyblock[i].keyMaterialOffset != temp_phdr.keyblock[i].keyMaterialOffset) { - log_err(ctx, _("Keyslot %i: offset repaired (%u -> %u).\n"), i, + log_err(ctx, _("Keyslot %i: offset repaired (%u -> %u)."), i, (unsigned)phdr->keyblock[i].keyMaterialOffset, (unsigned)temp_phdr.keyblock[i].keyMaterialOffset); phdr->keyblock[i].keyMaterialOffset = temp_phdr.keyblock[i].keyMaterialOffset; @@ -368,7 +414,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) } if (phdr->keyblock[i].stripes != temp_phdr.keyblock[i].stripes) { - log_err(ctx, _("Keyslot %i: stripes repaired (%u -> %u).\n"), i, + log_err(ctx, _("Keyslot %i: stripes repaired (%u -> %u)."), i, (unsigned)phdr->keyblock[i].stripes, (unsigned)temp_phdr.keyblock[i].stripes); phdr->keyblock[i].stripes = temp_phdr.keyblock[i].stripes; @@ -377,12 +423,12 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) /* Known case - MSDOS partition table signature */ if (i == 6 && sector[0x1fe] == 0x55 && sector[0x1ff] == 0xaa) { - log_err(ctx, _("Keyslot %i: bogus partition signature.\n"), i); + log_err(ctx, _("Keyslot %i: bogus partition signature."), i); bad = 1; } if(bad) { - log_err(ctx, _("Keyslot %i: salt wiped.\n"), i); + log_err(ctx, _("Keyslot %i: salt wiped."), i); phdr->keyblock[i].active = LUKS_KEY_DISABLED; memset(&phdr->keyblock[i].passwordSalt, 0x00, LUKS_SALTSIZE); phdr->keyblock[i].passwordIterations = 0; @@ -392,13 +438,21 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx) need_write = 1; } - if (need_write) { - log_verbose(ctx, _("Writing LUKS header to disk.\n")); + /* + * check repair result before writing because repair can't fix out of order + * keyslot offsets and would corrupt header again + */ + if (LUKS_check_keyslots(ctx, phdr)) + r = -EINVAL; + else if (need_write) { + log_verbose(ctx, _("Writing LUKS header to disk.")); r = LUKS_write_phdr(phdr, ctx); } out: + if (r) + log_err(ctx, _("Repair failed.")); crypt_free_volume_key(vk); - crypt_memzero(&temp_phdr, sizeof(temp_phdr)); + crypt_safe_memzero(&temp_phdr, sizeof(temp_phdr)); return r; } @@ -413,18 +467,18 @@ static int _check_and_convert_hdr(const char *device, char luksMagic[] = LUKS_MAGIC; if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */ - log_dbg("LUKS header not detected."); + log_dbg(ctx, "LUKS header not detected."); if (require_luks_device) - log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device); + log_err(ctx, _("Device %s is not a valid LUKS device."), device); return -EINVAL; } else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */ - log_err(ctx, _("Unsupported LUKS version %d.\n"), hdr->version); + log_err(ctx, _("Unsupported LUKS version %d."), hdr->version); return -EINVAL; } hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0'; if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) { - log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hdr->hashSpec); + log_err(ctx, _("Requested LUKS hash %s is not supported."), hdr->hashSpec); return -EINVAL; } @@ -438,12 +492,11 @@ static int _check_and_convert_hdr(const char *device, hdr->keyblock[i].passwordIterations = ntohl(hdr->keyblock[i].passwordIterations); hdr->keyblock[i].keyMaterialOffset = ntohl(hdr->keyblock[i].keyMaterialOffset); hdr->keyblock[i].stripes = ntohl(hdr->keyblock[i].stripes); - if (LUKS_check_keyslot_size(hdr, i)) { - log_err(ctx, _("LUKS keyslot %u is invalid.\n"), i); - r = -EINVAL; - } } + if (LUKS_check_keyslots(ctx, hdr)) + r = -EINVAL; + /* Avoid unterminated strings */ hdr->cipherName[LUKS_CIPHERNAME_L - 1] = '\0'; hdr->cipherMode[LUKS_CIPHERMODE_L - 1] = '\0'; @@ -453,7 +506,7 @@ static int _check_and_convert_hdr(const char *device, if (r == -EINVAL) r = _keyslot_repair(hdr, ctx); else - log_verbose(ctx, _("No known problems detected for LUKS header.\n")); + log_verbose(ctx, _("No known problems detected for LUKS header.")); } return r; @@ -468,7 +521,7 @@ static void _to_lower(char *str, unsigned max_len) static void LUKS_fix_header_compatible(struct luks_phdr *header) { - /* Old cryptsetup expects "sha1", gcrypt allows case insensistive names, + /* Old cryptsetup expects "sha1", gcrypt allows case insensitive names, * so always convert hash to lower case in header */ _to_lower(header->hashSpec, LUKS_HASHSPEC_L); @@ -488,16 +541,16 @@ int LUKS_read_phdr_backup(const char *backup_file, ssize_t hdr_size = sizeof(struct luks_phdr); int devfd = 0, r = 0; - log_dbg("Reading LUKS header of size %d from backup file %s", + log_dbg(ctx, "Reading LUKS header of size %d from backup file %s", (int)hdr_size, backup_file); devfd = open(backup_file, O_RDONLY); - if(-1 == devfd) { - log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file); + if (devfd == -1) { + log_err(ctx, _("Cannot open header backup file %s."), backup_file); return -ENOENT; } - if (read(devfd, hdr, hdr_size) < hdr_size) + if (read_buffer(devfd, hdr, hdr_size) < hdr_size) r = -EIO; else { LUKS_fix_header_compatible(hdr); @@ -514,9 +567,9 @@ int LUKS_read_phdr(struct luks_phdr *hdr, int repair, struct crypt_device *ctx) { + int devfd, r = 0; struct device *device = crypt_metadata_device(ctx); ssize_t hdr_size = sizeof(struct luks_phdr); - int devfd = 0, r = 0; /* LUKS header starts at offset 0, first keyslot on LUKS_ALIGN_KEYSLOTS */ assert(sizeof(struct luks_phdr) <= LUKS_ALIGN_KEYSLOTS); @@ -527,25 +580,35 @@ int LUKS_read_phdr(struct luks_phdr *hdr, if (repair && !require_luks_device) return -EINVAL; - log_dbg("Reading LUKS header of size %zu from device %s", + log_dbg(ctx, "Reading LUKS header of size %zu from device %s", hdr_size, device_path(device)); - devfd = device_open(device, O_RDONLY); - if (devfd == -1) { - log_err(ctx, _("Cannot open device %s.\n"), device_path(device)); + devfd = device_open(ctx, device, O_RDONLY); + if (devfd < 0) { + log_err(ctx, _("Cannot open device %s."), device_path(device)); return -EINVAL; } - if (read_blockwise(devfd, device_block_size(device), hdr, hdr_size) < hdr_size) + if (read_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device), + hdr, hdr_size, 0) < hdr_size) r = -EIO; else r = _check_and_convert_hdr(device_path(device), hdr, require_luks_device, repair, ctx); if (!r) - r = LUKS_check_device_size(ctx, hdr->keyBytes); + r = LUKS_check_device_size(ctx, hdr, 0); + + /* + * Cryptsetup 1.0.0 did not align keyslots to 4k (very rare version). + * Disable direct-io to avoid possible IO errors if underlying device + * has bigger sector size. + */ + if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) { + log_dbg(ctx, "Old unaligned LUKS keyslot detected, disabling direct-io."); + device_disable_direct_io(device); + } - close(devfd); return r; } @@ -559,20 +622,20 @@ int LUKS_write_phdr(struct luks_phdr *hdr, struct luks_phdr convHdr; int r; - log_dbg("Updating LUKS header of size %zu on device %s", + log_dbg(ctx, "Updating LUKS header of size %zu on device %s", sizeof(struct luks_phdr), device_path(device)); - r = LUKS_check_device_size(ctx, hdr->keyBytes); + r = LUKS_check_device_size(ctx, hdr, 1); if (r) return r; - devfd = device_open(device, O_RDWR); - if(-1 == devfd) { + devfd = device_open(ctx, device, O_RDWR); + if (devfd < 0) { if (errno == EACCES) - log_err(ctx, _("Cannot write to device %s, permission denied.\n"), + log_err(ctx, _("Cannot write to device %s, permission denied."), device_path(device)); else - log_err(ctx, _("Cannot open device %s.\n"), device_path(device)); + log_err(ctx, _("Cannot open device %s."), device_path(device)); return -EINVAL; } @@ -591,16 +654,18 @@ int LUKS_write_phdr(struct luks_phdr *hdr, convHdr.keyblock[i].stripes = htonl(hdr->keyblock[i].stripes); } - r = write_blockwise(devfd, device_block_size(device), &convHdr, hdr_size) < hdr_size ? -EIO : 0; + r = write_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device), + &convHdr, hdr_size, 0) < hdr_size ? -EIO : 0; if (r) - log_err(ctx, _("Error during update of LUKS header on device %s.\n"), device_path(device)); - close(devfd); + log_err(ctx, _("Error during update of LUKS header on device %s."), device_path(device)); + + device_sync(ctx, device); /* Re-read header from disk to be sure that in-memory and on-disk data are the same. */ if (!r) { r = LUKS_read_phdr(hdr, 1, 0, ctx); if (r) - log_err(ctx, _("Error re-reading LUKS header after update on device %s.\n"), + log_err(ctx, _("Error re-reading LUKS header after update on device %s."), device_path(device)); } @@ -608,139 +673,142 @@ int LUKS_write_phdr(struct luks_phdr *hdr, } /* Check that kernel supports requested cipher by decryption of one sector */ -static int LUKS_check_cipher(struct luks_phdr *hdr, struct crypt_device *ctx) +int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *cipher, const char *cipher_mode) { int r; struct volume_key *empty_key; char buf[SECTOR_SIZE]; - log_dbg("Checking if cipher %s-%s is usable.", hdr->cipherName, hdr->cipherMode); + log_dbg(ctx, "Checking if cipher %s-%s is usable.", cipher, cipher_mode); - empty_key = crypt_alloc_volume_key(hdr->keyBytes, NULL); + empty_key = crypt_alloc_volume_key(keylength, NULL); if (!empty_key) return -ENOMEM; - r = LUKS_decrypt_from_storage(buf, sizeof(buf), - hdr->cipherName, hdr->cipherMode, - empty_key, 0, ctx); + /* No need to get KEY quality random but it must avoid known weak keys. */ + r = crypt_random_get(ctx, empty_key->key, empty_key->keylength, CRYPT_RND_NORMAL); + if (!r) + r = LUKS_decrypt_from_storage(buf, sizeof(buf), cipher, cipher_mode, empty_key, 0, ctx); crypt_free_volume_key(empty_key); - crypt_memzero(buf, sizeof(buf)); + crypt_safe_memzero(buf, sizeof(buf)); return r; } int LUKS_generate_phdr(struct luks_phdr *header, - const struct volume_key *vk, - const char *cipherName, const char *cipherMode, const char *hashSpec, - const char *uuid, unsigned int stripes, - unsigned int alignPayload, - unsigned int alignOffset, - uint32_t iteration_time_ms, - uint64_t *PBKDF2_per_sec, - int detached_metadata_device, - struct crypt_device *ctx) + const struct volume_key *vk, + const char *cipherName, + const char *cipherMode, + const char *hashSpec, + const char *uuid, + uint64_t data_offset, /* in bytes */ + uint64_t align_offset, /* in bytes */ + uint64_t required_alignment, /* in bytes */ + struct crypt_device *ctx) { - unsigned int i = 0, hdr_sectors = LUKS_device_sectors(vk->keylength); - size_t blocksPerStripeSet, currentSector; - int r; + int i, r; + size_t keyslot_sectors, header_sectors; uuid_t partitionUuid; + struct crypt_pbkdf_type *pbkdf; + double PBKDF2_temp; char luksMagic[] = LUKS_MAGIC; - /* For separate metadata device allow zero alignment */ - if (alignPayload == 0 && !detached_metadata_device) - alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE; + if (data_offset % SECTOR_SIZE || align_offset % SECTOR_SIZE || + required_alignment % SECTOR_SIZE) + return -EINVAL; - if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) { - log_err(ctx, _("Data offset for detached LUKS header must be " - "either 0 or higher than header size (%d sectors).\n"), - hdr_sectors); + memset(header, 0, sizeof(struct luks_phdr)); + + keyslot_sectors = AF_split_sectors(vk->keylength, LUKS_STRIPES); + header_sectors = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE; + + for (i = 0; i < LUKS_NUMKEYS; i++) { + header->keyblock[i].active = LUKS_KEY_DISABLED; + header->keyblock[i].keyMaterialOffset = header_sectors; + header->keyblock[i].stripes = LUKS_STRIPES; + header_sectors = size_round_up(header_sectors + keyslot_sectors, + LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE); + } + /* In sector is now size of all keyslot material space */ + + /* Data offset has priority */ + if (data_offset) + header->payloadOffset = data_offset / SECTOR_SIZE; + else if (required_alignment) { + header->payloadOffset = size_round_up(header_sectors, (required_alignment / SECTOR_SIZE)); + header->payloadOffset += (align_offset / SECTOR_SIZE); + } else + header->payloadOffset = 0; + + if (header->payloadOffset && header->payloadOffset < header_sectors) { + log_err(ctx, _("Data offset for LUKS header must be " + "either 0 or higher than header size.")); return -EINVAL; } if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) { - log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec); + log_err(ctx, _("Requested LUKS hash %s is not supported."), hashSpec); return -EINVAL; } if (uuid && uuid_parse(uuid, partitionUuid) == -1) { - log_err(ctx, _("Wrong LUKS UUID format provided.\n")); + log_err(ctx, _("Wrong LUKS UUID format provided.")); return -EINVAL; } if (!uuid) uuid_generate(partitionUuid); - memset(header,0,sizeof(struct luks_phdr)); - /* Set Magic */ memcpy(header->magic,luksMagic,LUKS_MAGIC_L); header->version=1; - strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L); - strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L); - strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L); + strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1); + strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1); + strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1); header->keyBytes=vk->keylength; LUKS_fix_header_compatible(header); - r = LUKS_check_cipher(header, ctx); - if (r < 0) - return r; - - log_dbg("Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes", + log_dbg(ctx, "Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes", header->version, header->hashSpec ,header->cipherName, header->cipherMode, header->keyBytes); r = crypt_random_get(ctx, header->mkDigestSalt, LUKS_SALTSIZE, CRYPT_RND_SALT); if(r < 0) { - log_err(ctx, _("Cannot create LUKS header: reading random salt failed.\n")); + log_err(ctx, _("Cannot create LUKS header: reading random salt failed.")); return r; } - r = crypt_benchmark_kdf(ctx, "pbkdf2", header->hashSpec, - "foo", 3, "bar", 3, PBKDF2_per_sec); - if (r < 0) { - log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"), - header->hashSpec); + /* Compute master key digest */ + pbkdf = crypt_get_pbkdf(ctx); + r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength); + if (r < 0) return r; - } + assert(pbkdf->iterations); - /* Compute master key digest */ - iteration_time_ms /= 8; - header->mkDigestIterations = at_least((uint32_t)(*PBKDF2_per_sec/1024) * iteration_time_ms, - LUKS_MKD_ITERATIONS_MIN); + if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && pbkdf->time_ms == 0) + PBKDF2_temp = LUKS_MKD_ITERATIONS_MIN; + else /* iterations per ms * LUKS_MKD_ITERATIONS_MS */ + PBKDF2_temp = (double)pbkdf->iterations * LUKS_MKD_ITERATIONS_MS / pbkdf->time_ms; - r = crypt_pbkdf("pbkdf2", header->hashSpec, vk->key,vk->keylength, + if (PBKDF2_temp > (double)UINT32_MAX) + return -EINVAL; + header->mkDigestIterations = at_least((uint32_t)PBKDF2_temp, LUKS_MKD_ITERATIONS_MIN); + assert(header->mkDigestIterations); + + r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength, header->mkDigestSalt, LUKS_SALTSIZE, header->mkDigest,LUKS_DIGESTSIZE, - header->mkDigestIterations); - if(r < 0) { - log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s).\n"), + header->mkDigestIterations, 0, 0); + if (r < 0) { + log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s)."), header->hashSpec); return r; } - currentSector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE; - blocksPerStripeSet = AF_split_sectors(vk->keylength, stripes); - for(i = 0; i < LUKS_NUMKEYS; ++i) { - header->keyblock[i].active = LUKS_KEY_DISABLED; - header->keyblock[i].keyMaterialOffset = currentSector; - header->keyblock[i].stripes = stripes; - currentSector = size_round_up(currentSector + blocksPerStripeSet, - LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE); - } - - if (detached_metadata_device) { - /* for separate metadata device use alignPayload directly */ - header->payloadOffset = alignPayload; - } else { - /* alignOffset - offset from natural device alignment provided by topology info */ - currentSector = size_round_up(currentSector, alignPayload); - header->payloadOffset = currentSector + alignOffset; - } - uuid_unparse(partitionUuid, header->uuid); - log_dbg("Data offset %d, UUID %s, digest iterations %" PRIu32, + log_dbg(ctx, "Data offset %d, UUID %s, digest iterations %" PRIu32, header->payloadOffset, header->uuid, header->mkDigestIterations); return 0; @@ -754,7 +822,7 @@ int LUKS_hdr_uuid_set( uuid_t partitionUuid; if (uuid && uuid_parse(uuid, partitionUuid) == -1) { - log_err(ctx, _("Wrong LUKS UUID format provided.\n")); + log_err(ctx, _("Wrong LUKS UUID format provided.")); return -EINVAL; } if (!uuid) @@ -768,50 +836,40 @@ int LUKS_hdr_uuid_set( int LUKS_set_key(unsigned int keyIndex, const char *password, size_t passwordLen, struct luks_phdr *hdr, struct volume_key *vk, - uint32_t iteration_time_ms, - uint64_t *PBKDF2_per_sec, struct crypt_device *ctx) { struct volume_key *derived_key; char *AfKey = NULL; size_t AFEKSize; - uint64_t PBKDF2_temp; + struct crypt_pbkdf_type *pbkdf; int r; if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) { - log_err(ctx, _("Key slot %d active, purge first.\n"), keyIndex); + log_err(ctx, _("Key slot %d active, purge first."), keyIndex); return -EINVAL; } - /* LUKS keyslot has always at least 4000 stripes accoding to specification */ + /* LUKS keyslot has always at least 4000 stripes according to specification */ if(hdr->keyblock[keyIndex].stripes < 4000) { - log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?\n"), + log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?"), keyIndex); return -EINVAL; } - log_dbg("Calculating data for key slot %d", keyIndex); - - r = crypt_benchmark_kdf(ctx, "pbkdf2", hdr->hashSpec, - "foo", 3, "bar", 3, PBKDF2_per_sec); - if (r < 0) { - log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"), - hdr->hashSpec); + log_dbg(ctx, "Calculating data for key slot %d", keyIndex); + pbkdf = crypt_get_pbkdf(ctx); + r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength); + if (r < 0) return r; - } + assert(pbkdf->iterations); /* - * Avoid floating point operation * Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN */ - PBKDF2_temp = (*PBKDF2_per_sec / 2) * (uint64_t)iteration_time_ms; - PBKDF2_temp /= 1024; - if (PBKDF2_temp > UINT32_MAX) - PBKDF2_temp = UINT32_MAX; - hdr->keyblock[keyIndex].passwordIterations = at_least((uint32_t)PBKDF2_temp, - LUKS_SLOT_ITERATIONS_MIN); - - log_dbg("Key slot %d use %" PRIu32 " password iterations.", keyIndex, hdr->keyblock[keyIndex].passwordIterations); + hdr->keyblock[keyIndex].passwordIterations = + at_least(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN); + log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex, + hdr->keyblock[keyIndex].passwordIterations); derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL); if (!derived_key) @@ -822,10 +880,10 @@ int LUKS_set_key(unsigned int keyIndex, if (r < 0) goto out; - r = crypt_pbkdf("pbkdf2", hdr->hashSpec, password, passwordLen, + r = crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, password, passwordLen, hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE, derived_key->key, hdr->keyBytes, - hdr->keyblock[keyIndex].passwordIterations); + hdr->keyblock[keyIndex].passwordIterations, 0, 0); if (r < 0) goto out; @@ -840,13 +898,13 @@ int LUKS_set_key(unsigned int keyIndex, goto out; } - log_dbg("Using hash %s for AF in key slot %d, %d stripes", + log_dbg(ctx, "Using hash %s for AF in key slot %d, %d stripes", hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes); - r = AF_split(vk->key,AfKey,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec); + r = AF_split(ctx, vk->key, AfKey, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec); if (r < 0) goto out; - log_dbg("Updating key slot %d [0x%04x] area.", keyIndex, + log_dbg(ctx, "Updating key slot %d [0x%04x] area.", keyIndex, hdr->keyblock[keyIndex].keyMaterialOffset << 9); /* Encryption via dm */ r = LUKS_encrypt_to_storage(AfKey, @@ -859,7 +917,7 @@ int LUKS_set_key(unsigned int keyIndex, goto out; /* Mark the key as active in phdr */ - r = LUKS_keyslot_set(hdr, (int)keyIndex, 1); + r = LUKS_keyslot_set(hdr, (int)keyIndex, 1, ctx); if (r < 0) goto out; @@ -880,10 +938,10 @@ int LUKS_verify_volume_key(const struct luks_phdr *hdr, { char checkHashBuf[LUKS_DIGESTSIZE]; - if (crypt_pbkdf("pbkdf2", hdr->hashSpec, vk->key, vk->keylength, + if (crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, vk->key, vk->keylength, hdr->mkDigestSalt, LUKS_SALTSIZE, checkHashBuf, LUKS_DIGESTSIZE, - hdr->mkDigestIterations) < 0) + hdr->mkDigestIterations, 0, 0) < 0) return -EINVAL; if (memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE)) @@ -906,7 +964,7 @@ static int LUKS_open_key(unsigned int keyIndex, size_t AFEKSize; int r; - log_dbg("Trying to open key slot %d [%s].", keyIndex, + log_dbg(ctx, "Trying to open key slot %d [%s].", keyIndex, dbg_slot_state(ki)); if (ki < CRYPT_SLOT_ACTIVE) @@ -924,14 +982,16 @@ static int LUKS_open_key(unsigned int keyIndex, goto out; } - r = crypt_pbkdf("pbkdf2", hdr->hashSpec, password, passwordLen, + r = crypt_pbkdf(CRYPT_KDF_PBKDF2, hdr->hashSpec, password, passwordLen, hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE, derived_key->key, hdr->keyBytes, - hdr->keyblock[keyIndex].passwordIterations); - if (r < 0) + hdr->keyblock[keyIndex].passwordIterations, 0, 0); + if (r < 0) { + log_err(ctx, _("Cannot open keyslot (using hash %s)."), hdr->hashSpec); goto out; + } - log_dbg("Reading key slot %d area.", keyIndex); + log_dbg(ctx, "Reading key slot %d area.", keyIndex); r = LUKS_decrypt_from_storage(AfKey, AFEKSize, hdr->cipherName, hdr->cipherMode, @@ -941,13 +1001,15 @@ static int LUKS_open_key(unsigned int keyIndex, if (r < 0) goto out; - r = AF_merge(AfKey,vk->key,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec); + r = AF_merge(ctx, AfKey, vk->key, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec); if (r < 0) goto out; r = LUKS_verify_volume_key(hdr, vk); - if (!r) - log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex); + + /* Allow only empty passphrase with null cipher */ + if (!r && !strcmp(hdr->cipherName, "cipher_null") && passwordLen) + r = -EPERM; out: crypt_safe_free(AfKey); crypt_free_volume_key(derived_key); @@ -961,7 +1023,7 @@ int LUKS_open_key_with_hdr(int keyIndex, struct volume_key **vk, struct crypt_device *ctx) { - unsigned int i; + unsigned int i, tried = 0; int r; *vk = crypt_alloc_volume_key(hdr->keyBytes, NULL); @@ -971,7 +1033,7 @@ int LUKS_open_key_with_hdr(int keyIndex, return (r < 0) ? r : keyIndex; } - for(i = 0; i < LUKS_NUMKEYS; i++) { + for (i = 0; i < LUKS_NUMKEYS; i++) { r = LUKS_open_key(i, password, passwordLen, hdr, *vk, ctx); if(r == 0) return i; @@ -980,10 +1042,11 @@ int LUKS_open_key_with_hdr(int keyIndex, former meaning password wrong, latter key slot inactive */ if ((r != -EPERM) && (r != -ENOENT)) return r; + if (r == -EPERM) + tried++; } /* Warning, early returns above */ - log_err(ctx, _("No key available with this passphrase.\n")); - return -EPERM; + return tried ? -EPERM : -ENOENT; } int LUKS_del_key(unsigned int keyIndex, @@ -998,9 +1061,9 @@ int LUKS_del_key(unsigned int keyIndex, if (r) return r; - r = LUKS_keyslot_set(hdr, keyIndex, 0); + r = LUKS_keyslot_set(hdr, keyIndex, 0, ctx); if (r) { - log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d.\n"), + log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d."), keyIndex, LUKS_NUMKEYS - 1); return r; } @@ -1009,16 +1072,16 @@ int LUKS_del_key(unsigned int keyIndex, startOffset = hdr->keyblock[keyIndex].keyMaterialOffset; endOffset = startOffset + AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes); - r = crypt_wipe(device, startOffset * SECTOR_SIZE, - (endOffset - startOffset) * SECTOR_SIZE, - CRYPT_WIPE_DISK, 0); + r = crypt_wipe_device(ctx, device, CRYPT_WIPE_SPECIAL, startOffset * SECTOR_SIZE, + (endOffset - startOffset) * SECTOR_SIZE, + (endOffset - startOffset) * SECTOR_SIZE, NULL, NULL); if (r) { if (r == -EACCES) { - log_err(ctx, _("Cannot write to device %s, permission denied.\n"), + log_err(ctx, _("Cannot write to device %s, permission denied."), device_path(device)); r = -EINVAL; } else - log_err(ctx, _("Cannot wipe device %s.\n"), + log_err(ctx, _("Cannot wipe device %s."), device_path(device)); return r; } @@ -1077,7 +1140,7 @@ int LUKS_keyslot_active_count(struct luks_phdr *hdr) return num; } -int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable) +int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, struct crypt_device *ctx) { crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyslot); @@ -1085,7 +1148,7 @@ int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable) return -EINVAL; hdr->keyblock[keyslot].active = enable ? LUKS_KEY_ENABLED : LUKS_KEY_DISABLED; - log_dbg("Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled"); + log_dbg(ctx, "Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled"); return 0; } @@ -1095,39 +1158,87 @@ int LUKS1_activate(struct crypt_device *cd, uint32_t flags) { int r; - char *dm_cipher = NULL; - enum devcheck device_check; struct crypt_dm_active_device dmd = { - .target = DM_CRYPT, - .uuid = crypt_get_uuid(cd), - .flags = flags, - .size = 0, - .data_device = crypt_data_device(cd), - .u.crypt = { - .cipher = NULL, - .vk = vk, - .offset = crypt_get_data_offset(cd), - .iv_offset = 0, - } + .flags = flags, + .uuid = crypt_get_uuid(cd), }; - if (dmd.flags & CRYPT_ACTIVATE_SHARED) - device_check = DEV_SHARED; - else - device_check = DEV_EXCL; + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), + vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd), + crypt_get_data_offset(cd), crypt_get_integrity(cd), + crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); + if (!r) + r = create_or_reload_device(cd, name, CRYPT_LUKS1, &dmd); - r = device_block_adjust(cd, dmd.data_device, device_check, - dmd.u.crypt.offset, &dmd.size, &dmd.flags); - if (r) - return r; + dm_targets_free(cd, &dmd); + + return r; +} + +int LUKS_wipe_header_areas(struct luks_phdr *hdr, + struct crypt_device *ctx) +{ + int i, r; + uint64_t offset, length; + size_t wipe_block; + + /* Wipe complete header, keyslots and padding areas with zeroes. */ + offset = 0; + length = (uint64_t)hdr->payloadOffset * SECTOR_SIZE; + wipe_block = 1024 * 1024; + + /* On detached header or bogus header, wipe at least the first 4k */ + if (length == 0 || length > (LUKS_MAX_KEYSLOT_SIZE * LUKS_NUMKEYS)) { + length = 4096; + wipe_block = 4096; + } - r = asprintf(&dm_cipher, "%s-%s", crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); + log_dbg(ctx, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.", + offset, length + offset); + + r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_ZERO, + offset, length, wipe_block, NULL, NULL); if (r < 0) - return -ENOMEM; + return r; + + /* Wipe keyslots areas */ + wipe_block = 1024 * 1024; + for (i = 0; i < LUKS_NUMKEYS; i++) { + r = LUKS_keyslot_area(hdr, i, &offset, &length); + if (r < 0) + return r; + + /* Ignore too big LUKS1 keyslots here */ + if (length > LUKS_MAX_KEYSLOT_SIZE || + offset > (LUKS_MAX_KEYSLOT_SIZE - length)) + continue; + + if (length == 0 || offset < 4096) + return -EINVAL; - dmd.u.crypt.cipher = dm_cipher; - r = dm_create_device(cd, name, CRYPT_LUKS1, &dmd, 0); + log_dbg(ctx, "Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.", + i, offset, length + offset); + + r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_RANDOM, + offset, length, wipe_block, NULL, NULL); + if (r < 0) + return r; + } - free(dm_cipher); return r; } + +int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf) +{ + if (LUKS_keyslot_info(hdr, keyslot) < CRYPT_SLOT_ACTIVE) + return -EINVAL; + + pbkdf->type = CRYPT_KDF_PBKDF2; + pbkdf->hash = hdr->hashSpec; + pbkdf->iterations = hdr->keyblock[keyslot].passwordIterations; + pbkdf->max_memory_kb = 0; + pbkdf->parallel_threads = 0; + pbkdf->time_ms = 0; + pbkdf->flags = 0; + return 0; +} diff --git a/lib/luks1/luks.h b/lib/luks1/luks.h index 7aef82f..d54276e 100644 --- a/lib/luks1/luks.h +++ b/lib/luks1/luks.h @@ -1,8 +1,8 @@ /* * LUKS - Linux Unified Key Setup * - * Copyright (C) 2004-2006, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2004-2006 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -40,6 +40,9 @@ #define LUKS_MKD_ITERATIONS_MIN 1000 #define LUKS_SLOT_ITERATIONS_MIN 1000 +// Iteration time for digest in ms +#define LUKS_MKD_ITERATIONS_MS 125 + #define LUKS_KEY_DISABLED_OLD 0 #define LUKS_KEY_ENABLED_OLD 0xCAFE @@ -58,6 +61,9 @@ /* Offset to keyslot area [in bytes] */ #define LUKS_ALIGN_KEYSLOTS 4096 +/* Maximal LUKS header size, for wipe [in bytes] */ +#define LUKS_MAX_KEYSLOT_SIZE 0x1000000 /* 16 MB, up to 32768 bits key */ + /* Any integer values are stored in network byte order on disk and must be converted */ @@ -96,19 +102,20 @@ struct luks_phdr { int LUKS_verify_volume_key(const struct luks_phdr *hdr, const struct volume_key *vk); -int LUKS_generate_phdr( - struct luks_phdr *header, +int LUKS_check_cipher(struct crypt_device *ctx, + size_t keylength, + const char *cipher, + const char *cipher_mode); + +int LUKS_generate_phdr(struct luks_phdr *header, const struct volume_key *vk, const char *cipherName, const char *cipherMode, const char *hashSpec, const char *uuid, - unsigned int stripes, - unsigned int alignPayload, - unsigned int alignOffset, - uint32_t iteration_time_ms, - uint64_t *PBKDF2_per_sec, - int detached_metadata_device, + uint64_t data_offset, + uint64_t align_offset, + uint64_t required_alignment, struct crypt_device *ctx); int LUKS_read_phdr( @@ -147,8 +154,6 @@ int LUKS_set_key( size_t passwordLen, struct luks_phdr *hdr, struct volume_key *vk, - uint32_t iteration_time_ms, - uint64_t *PBKDF2_per_sec, struct crypt_device *ctx); int LUKS_open_key_with_hdr( @@ -164,30 +169,22 @@ int LUKS_del_key( struct luks_phdr *hdr, struct crypt_device *ctx); +int LUKS_wipe_header_areas(struct luks_phdr *hdr, + struct crypt_device *ctx); + crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot); int LUKS_keyslot_find_empty(struct luks_phdr *hdr); int LUKS_keyslot_active_count(struct luks_phdr *hdr); -int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable); -int LUKS_keyslot_area(struct luks_phdr *hdr, +int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, + struct crypt_device *ctx); +int LUKS_keyslot_area(const struct luks_phdr *hdr, int keyslot, uint64_t *offset, uint64_t *length); - -int LUKS_encrypt_to_storage( - char *src, size_t srcLength, - const char *cipher, - const char *cipher_mode, - struct volume_key *vk, - unsigned int sector, - struct crypt_device *ctx); - -int LUKS_decrypt_from_storage( - char *dst, size_t dstLength, - const char *cipher, - const char *cipher_mode, - struct volume_key *vk, - unsigned int sector, - struct crypt_device *ctx); +size_t LUKS_device_sectors(const struct luks_phdr *hdr); +size_t LUKS_keyslots_offset(const struct luks_phdr *hdr); +int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot, + struct crypt_pbkdf_type *pbkdf); int LUKS1_activate(struct crypt_device *cd, const char *name, diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h new file mode 100644 index 0000000..6ab753a --- /dev/null +++ b/lib/luks2/luks2.h @@ -0,0 +1,609 @@ +/* + * LUKS - Linux Unified Key Setup v2 + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRYPTSETUP_LUKS2_ONDISK_H +#define _CRYPTSETUP_LUKS2_ONDISK_H + +#include + +#include "libcryptsetup.h" + +#define LUKS2_MAGIC_1ST "LUKS\xba\xbe" +#define LUKS2_MAGIC_2ND "SKUL\xba\xbe" +#define LUKS2_MAGIC_L 6 +#define LUKS2_UUID_L 40 +#define LUKS2_LABEL_L 48 +#define LUKS2_SALT_L 64 +#define LUKS2_CHECKSUM_ALG_L 32 +#define LUKS2_CHECKSUM_L 64 + +#define LUKS2_KEYSLOTS_MAX 32 +#define LUKS2_TOKENS_MAX 32 +#define LUKS2_SEGMENT_MAX 32 + +#define LUKS2_BUILTIN_TOKEN_PREFIX "luks2-" +#define LUKS2_BUILTIN_TOKEN_PREFIX_LEN 6 + +#define LUKS2_TOKEN_KEYRING LUKS2_BUILTIN_TOKEN_PREFIX "keyring" + +#define LUKS2_DIGEST_MAX 8 + +#define CRYPT_ANY_SEGMENT -1 +#define CRYPT_DEFAULT_SEGMENT -2 +#define CRYPT_ONE_SEGMENT -3 + +#define CRYPT_ANY_DIGEST -1 + +/* 20 MiBs */ +#define LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH 0x1400000 + +/* 1 GiB */ +#define LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH 0x40000000 + +struct device; + +/* + * LUKS2 header on-disk. + * + * Binary header is followed by JSON area. + * JSON area is followed by keyslot area and data area, + * these are described in JSON metadata. + * + * Note: uuid, csum_alg are intentionally on the same offset as LUKS1 + * (checksum alg replaces hash in LUKS1) + * + * String (char) should be zero terminated. + * Padding should be wiped. + * Checksum is calculated with csum zeroed (+ full JSON area). + */ +struct luks2_hdr_disk { + char magic[LUKS2_MAGIC_L]; + uint16_t version; /* Version 2 */ + uint64_t hdr_size; /* in bytes, including JSON area */ + uint64_t seqid; /* increased on every update */ + char label[LUKS2_LABEL_L]; + char checksum_alg[LUKS2_CHECKSUM_ALG_L]; + uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */ + char uuid[LUKS2_UUID_L]; + char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */ + uint64_t hdr_offset; /* offset from device start in bytes */ + char _padding[184]; + uint8_t csum[LUKS2_CHECKSUM_L]; + char _padding4096[7*512]; + /* JSON area starts here */ +} __attribute__ ((packed)); + +/* + * LUKS2 header in-memory. + */ +typedef struct json_object json_object; +struct luks2_hdr { + size_t hdr_size; + uint64_t seqid; + unsigned int version; + char label[LUKS2_LABEL_L]; + char subsystem[LUKS2_LABEL_L]; + char checksum_alg[LUKS2_CHECKSUM_ALG_L]; + uint8_t salt1[LUKS2_SALT_L]; + uint8_t salt2[LUKS2_SALT_L]; + char uuid[LUKS2_UUID_L]; + json_object *jobj; +}; + +struct luks2_keyslot_params { + enum { LUKS2_KEYSLOT_AF_LUKS1 = 0 } af_type; + enum { LUKS2_KEYSLOT_AREA_RAW = 0 } area_type; + + union { + struct { + char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h + unsigned int stripes; + } luks1; + } af; + + union { + struct { + char encryption[65]; // or include utils_crypt.h + size_t key_size; + } raw; + } area; +}; + +struct reenc_protection { + enum { REENC_PROTECTION_NONE = 0, /* none should be 0 always */ + REENC_PROTECTION_CHECKSUM, + REENC_PROTECTION_JOURNAL, + REENC_PROTECTION_DATASHIFT } type; + + union { + struct { + } none; + struct { + char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h + struct crypt_hash *ch; + size_t hash_size; + /* buffer for checksums */ + void *checksums; + size_t checksums_len; + } csum; + struct { + } ds; + } p; +}; + +struct luks2_reenc_context { + /* reencryption window attributes */ + uint64_t offset; + uint64_t progress; + uint64_t length; + uint64_t data_shift; + size_t alignment; + uint64_t device_size; + bool online; + bool fixed_length; + crypt_reencrypt_direction_info direction; + crypt_reencrypt_mode_info mode; + + char *device_name; + char *hotzone_name; + char *overlay_name; + uint32_t flags; + + /* reencryption window persistence attributes */ + struct reenc_protection rp; + + int reenc_keyslot; + + /* already running reencryption */ + json_object *jobj_segs_hot; + json_object *jobj_segs_post; + + /* backup segments */ + json_object *jobj_segment_new; + int digest_new; + json_object *jobj_segment_old; + int digest_old; + json_object *jobj_segment_moved; + + struct volume_key *vks; + + void *reenc_buffer; + ssize_t read; + + struct crypt_storage_wrapper *cw1; + struct crypt_storage_wrapper *cw2; + + uint32_t wflags1; + uint32_t wflags2; + + struct crypt_lock_handle *reenc_lock; +}; + +crypt_reencrypt_info LUKS2_reenc_status(struct luks2_hdr *hdr); +/* + * Supportable header sizes (hdr_disk + JSON area) + * Also used as offset for the 2nd header. + */ +#define LUKS2_HDR_16K_LEN 0x4000 + +#define LUKS2_HDR_BIN_LEN sizeof(struct luks2_hdr_disk) + +//#define LUKS2_DEFAULT_HDR_SIZE 0x400000 /* 4 MiB */ +#define LUKS2_DEFAULT_HDR_SIZE 0x1000000 /* 16 MiB */ + +#define LUKS2_MAX_KEYSLOTS_SIZE 0x8000000 /* 128 MiB */ + +#define LUKS2_HDR_OFFSET_MAX 0x400000 /* 4 MiB */ + +/* Offsets for secondary header (for scan if primary header is corrupted). */ +#define LUKS2_HDR2_OFFSETS { 0x04000, 0x008000, 0x010000, 0x020000, \ + 0x40000, 0x080000, 0x100000, 0x200000, LUKS2_HDR_OFFSET_MAX } + +int LUKS2_hdr_version_unlocked(struct crypt_device *cd, + const char *backup_file); + +int LUKS2_device_write_lock(struct crypt_device *cd, + struct luks2_hdr *hdr, struct device *device); + +int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair); +int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr); +int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr); +int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr); + +int LUKS2_hdr_uuid(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *uuid); + +int LUKS2_hdr_labels(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *label, + const char *subsystem, + int commit); + +void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr); + +int LUKS2_hdr_backup(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *backup_file); +int LUKS2_hdr_restore(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *backup_file); + +uint64_t LUKS2_hdr_and_areas_size(json_object *jobj); +uint64_t LUKS2_keyslots_size(json_object *jobj); +uint64_t LUKS2_metadata_size(json_object *jobj); + +int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *cipher_spec); + +/* + * Generic LUKS2 keyslot + */ +int LUKS2_keyslot_open(struct crypt_device *cd, + int keyslot, + int segment, + const char *password, + size_t password_len, + struct volume_key **vk); + +int LUKS2_keyslot_open_all_segments(struct crypt_device *cd, + int keyslot_old, + int keyslot_new, + const char *password, + size_t password_len, + struct volume_key **vks); + +int LUKS2_keyslot_store(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const char *password, + size_t password_len, + const struct volume_key *vk, + const struct luks2_keyslot_params *params); + +int LUKS2_keyslot_reencrypt_store(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const void *buffer, + size_t buffer_length); + +int LUKS2_keyslot_reencrypt_create(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const struct crypt_params_reencrypt *params); + +int reenc_keyslot_update(struct crypt_device *cd, + const struct luks2_reenc_context *rh); + +int LUKS2_keyslot_wipe(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int wipe_area_only); + +int LUKS2_keyslot_dump(struct crypt_device *cd, + int keyslot); + +crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot); + +int LUKS2_keyslot_priority_set(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + crypt_keyslot_priority priority, + int commit); + +/* + * Generic LUKS2 token + */ +int LUKS2_token_json_get(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char **json); + +int LUKS2_token_assign(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int token, + int assign, + int commit); + +int LUKS2_token_is_assigned(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int token); + +int LUKS2_token_create(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *json, + int commit); + +crypt_token_info LUKS2_token_status(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char **type); + +int LUKS2_builtin_token_get(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *type, + void *params); + +int LUKS2_builtin_token_create(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *type, + const void *params, + int commit); + +int LUKS2_token_open_and_activate(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *name, + uint32_t flags, + void *usrptr); + +int LUKS2_token_open_and_activate_any(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *name, + uint32_t flags); + +int LUKS2_tokens_count(struct luks2_hdr *hdr); + +/* + * Generic LUKS2 segment + */ +uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise); +const char *json_segment_type(json_object *jobj_segment); +uint64_t json_segment_get_iv_offset(json_object *jobj_segment); +uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise); +const char *json_segment_get_cipher(json_object *jobj_segment); +int json_segment_get_sector_size(json_object *jobj_segment); +bool json_segment_is_backup(json_object *jobj_segment); +json_object *json_segments_get_segment(json_object *jobj_segments, int segment); +unsigned json_segments_count(json_object *jobj_segments); +void json_segment_remove_flag(json_object *jobj_segment, const char *flag); +uint64_t json_segments_get_minimal_offset(json_object *jobj_segments, unsigned blockwise); +json_object *json_segment_create_linear(uint64_t offset, const uint64_t *length, unsigned reencryption); +json_object *json_segment_create_crypt(uint64_t offset, uint64_t iv_offset, const uint64_t *length, const char *cipher, uint32_t sector_size, unsigned reencryption); +int json_segments_segment_in_reencrypt(json_object *jobj_segments); + +int LUKS2_segments_count(struct luks2_hdr *hdr); + +int LUKS2_segment_first_unused_id(struct luks2_hdr *hdr); + +int LUKS2_segment_set_flag(json_object *jobj_segment, const char *flag); + +json_object *LUKS2_get_segment_by_flag(struct luks2_hdr *hdr, const char *flag); + +int LUKS2_get_segment_id_by_flag(struct luks2_hdr *hdr, const char *flag); + +int LUKS2_segments_set(struct crypt_device *cd, + struct luks2_hdr *hdr, + json_object *jobj_segments, + int commit); + +uint64_t LUKS2_segment_offset(struct luks2_hdr *hdr, + int segment, + unsigned blockwise); + +uint64_t LUKS2_segment_size(struct luks2_hdr *hdr, + int segment, + unsigned blockwise); + +int LUKS2_segment_is_type(struct luks2_hdr *hdr, + int segment, + const char *type); + +int LUKS2_segment_by_type(struct luks2_hdr *hdr, + const char *type); + +int LUKS2_last_segment_by_type(struct luks2_hdr *hdr, + const char *type); + +int LUKS2_get_default_segment(struct luks2_hdr *hdr); + +int LUKS2_reencrypt_digest_new(struct luks2_hdr *hdr); +int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr); +int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise); + +/* + * Generic LUKS2 digest + */ +int LUKS2_digest_any_matching(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct volume_key *vk); + +int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment); + +int LUKS2_digest_verify_by_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, + int digest, + const struct volume_key *vk); + +int LUKS2_digest_verify_by_segment(struct crypt_device *cd, + struct luks2_hdr *hdr, + int segment, + const struct volume_key *vk); + +void LUKS2_digests_erase_unused(struct crypt_device *cd, + struct luks2_hdr *hdr); + +int LUKS2_digest_verify(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct volume_key *vk, + int keyslot); + +int LUKS2_digest_dump(struct crypt_device *cd, + int digest); + +int LUKS2_digest_assign(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int digest, + int assign, + int commit); + +int LUKS2_digest_segment_assign(struct crypt_device *cd, + struct luks2_hdr *hdr, + int segment, + int digest, + int assign, + int commit); + +int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot); + +int LUKS2_digest_create(struct crypt_device *cd, + const char *type, + struct luks2_hdr *hdr, + const struct volume_key *vk); + +/* + * LUKS2 generic + */ +int LUKS2_activate(struct crypt_device *cd, + const char *name, + struct volume_key *vk, + uint32_t flags); + +int LUKS2_activate_multi(struct crypt_device *cd, + const char *name, + struct volume_key *vks, + uint64_t device_size, + uint32_t flags); + +struct crypt_dm_active_device; + +int LUKS2_deactivate(struct crypt_device *cd, + const char *name, + struct luks2_hdr *hdr, + struct crypt_dm_active_device *dmd, + uint32_t flags); + +int LUKS2_reload(struct crypt_device *cd, + const char *name, + struct volume_key *vks, + uint64_t device_size, + uint32_t flags); + +int LUKS2_generate_hdr( + struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct volume_key *vk, + const char *cipherName, + const char *cipherMode, + const char *integrity, + const char *uuid, + unsigned int sector_size, + uint64_t data_offset, + uint64_t align_offset, + uint64_t required_alignment, + uint64_t metadata_size, + uint64_t keyslots_size); + +int LUKS2_check_metadata_area_size(uint64_t metadata_size); +int LUKS2_check_keyslots_area_size(uint64_t keyslots_size); + +int LUKS2_wipe_header_areas(struct crypt_device *cd, + struct luks2_hdr *hdr); + +uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr); +int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic); +int LUKS2_get_sector_size(struct luks2_hdr *hdr); +const char *LUKS2_get_cipher(struct luks2_hdr *hdr, int segment); +const char *LUKS2_get_integrity(struct luks2_hdr *hdr, int segment); +int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr, + struct luks2_keyslot_params *params); +int LUKS2_get_volume_key_size(struct luks2_hdr *hdr, int segment); +int LUKS2_get_keyslot_stored_key_size(struct luks2_hdr *hdr, int keyslot); +const char *LUKS2_get_keyslot_cipher(struct luks2_hdr *hdr, int keyslot, size_t *key_size); +int LUKS2_keyslot_find_empty(struct luks2_hdr *hdr); +int LUKS2_keyslot_active_count(struct luks2_hdr *hdr, int segment); +int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment); +int LUKS2_find_keyslot(struct luks2_hdr *hdr, const char *type); +crypt_keyslot_info LUKS2_keyslot_info(struct luks2_hdr *hdr, int keyslot); +int LUKS2_keyslot_area(struct luks2_hdr *hdr, + int keyslot, + uint64_t *offset, + uint64_t *length); +int LUKS2_keyslot_pbkdf(struct luks2_hdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf); +int LUKS2_set_keyslots_size(struct crypt_device *cd, + struct luks2_hdr *hdr, + uint64_t data_offset); + +/* + * Permanent activation flags stored in header + */ +int LUKS2_config_get_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *flags); +int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t flags); + +/* + * Requirements for device activation or header modification + */ +int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *reqs); +int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs, bool commit); + +int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs_mask, int quiet); + +int LUKS2_key_description_by_segment(struct crypt_device *cd, + struct luks2_hdr *hdr, struct volume_key *vk, int segment); +int LUKS2_volume_key_load_in_keyring_by_keyslot(struct crypt_device *cd, + struct luks2_hdr *hdr, struct volume_key *vk, int keyslot); +int LUKS2_volume_key_load_in_keyring_by_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, struct volume_key *vk, int digest); + +struct luks_phdr; +int LUKS2_luks1_to_luks2(struct crypt_device *cd, + struct luks_phdr *hdr1, + struct luks2_hdr *hdr2); +int LUKS2_luks2_to_luks1(struct crypt_device *cd, + struct luks2_hdr *hdr2, + struct luks_phdr *hdr1); + +/* + * LUKS2 reencryption + */ +int LUKS2_reencrypt_locked_recovery_by_passphrase(struct crypt_device *cd, + int keyslot_old, + int keyslot_new, + const char *passphrase, + size_t passphrase_size, + uint32_t flags, + struct volume_key **vks); + +void LUKS2_reenc_context_free(struct crypt_device *cd, struct luks2_reenc_context *rh); + +int LUKS2_assembly_multisegment_dmd(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct volume_key *vks, + json_object *jobj_segments, + struct crypt_dm_active_device *dmd); + +crypt_reencrypt_info LUKS2_reencrypt_status(struct crypt_device *cd, + struct crypt_params_reencrypt *params); + +int crypt_reencrypt_lock(struct crypt_device *cd, struct crypt_lock_handle **reencrypt_lock); +int crypt_reencrypt_lock_by_dm_uuid(struct crypt_device *cd, const char *dm_uuid, struct crypt_lock_handle **reencrypt_lock); +void crypt_reencrypt_unlock(struct crypt_device *cd, struct crypt_lock_handle *reencrypt_lock); + +int luks2_check_device_size(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t check_size, uint64_t *dev_size, bool activation, bool dynamic); + +#endif diff --git a/lib/luks2/luks2_digest.c b/lib/luks2/luks2_digest.c new file mode 100644 index 0000000..94b3abf --- /dev/null +++ b/lib/luks2/luks2_digest.c @@ -0,0 +1,455 @@ +/* + * LUKS - Linux Unified Key Setup v2, digest handling + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" + +extern const digest_handler PBKDF2_digest; + +static const digest_handler *digest_handlers[LUKS2_DIGEST_MAX] = { + &PBKDF2_digest, + NULL +}; + +static const digest_handler *LUKS2_digest_handler_type(struct crypt_device *cd, const char *type) +{ + int i; + + for (i = 0; i < LUKS2_DIGEST_MAX && digest_handlers[i]; i++) { + if (!strcmp(digest_handlers[i]->name, type)) + return digest_handlers[i]; + } + + return NULL; +} + +static const digest_handler *LUKS2_digest_handler(struct crypt_device *cd, int digest) +{ + struct luks2_hdr *hdr; + json_object *jobj1, *jobj2; + + if (digest < 0) + return NULL; + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return NULL; + + if (!(jobj1 = LUKS2_get_digest_jobj(hdr, digest))) + return NULL; + + if (!json_object_object_get_ex(jobj1, "type", &jobj2)) + return NULL; + + return LUKS2_digest_handler_type(cd, json_object_get_string(jobj2)); +} + +static int LUKS2_digest_find_free(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + int digest = 0; + + while (LUKS2_get_digest_jobj(hdr, digest) && digest < LUKS2_DIGEST_MAX) + digest++; + + return digest < LUKS2_DIGEST_MAX ? digest : -1; +} + +int LUKS2_digest_create(struct crypt_device *cd, + const char *type, + struct luks2_hdr *hdr, + const struct volume_key *vk) +{ + int digest; + const digest_handler *dh; + + dh = LUKS2_digest_handler_type(cd, type); + if (!dh) + return -EINVAL; + + digest = LUKS2_digest_find_free(cd, hdr); + if (digest < 0) + return -EINVAL; + + log_dbg(cd, "Creating new digest %d (%s).", digest, type); + + return dh->store(cd, digest, vk->key, vk->keylength) ?: digest; +} + +int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot) +{ + char keyslot_name[16]; + json_object *jobj_digests, *jobj_digest_keyslots; + + if (snprintf(keyslot_name, sizeof(keyslot_name), "%u", keyslot) < 1) + return -ENOMEM; + + json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); + + json_object_object_foreach(jobj_digests, key, val) { + json_object_object_get_ex(val, "keyslots", &jobj_digest_keyslots); + if (LUKS2_array_jobj(jobj_digest_keyslots, keyslot_name)) + return atoi(key); + } + + return -ENOENT; +} + +int LUKS2_digest_verify_by_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, + int digest, + const struct volume_key *vk) +{ + const digest_handler *h; + int r; + + h = LUKS2_digest_handler(cd, digest); + if (!h) + return -EINVAL; + + r = h->verify(cd, digest, vk->key, vk->keylength); + if (r < 0) { + log_dbg(cd, "Digest %d (%s) verify failed with %d.", digest, h->name, r); + return r; + } + + return digest; +} + +int LUKS2_digest_verify(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct volume_key *vk, + int keyslot) +{ + int digest; + + digest = LUKS2_digest_by_keyslot(hdr, keyslot); + if (digest < 0) + return digest; + + log_dbg(cd, "Verifying key from keyslot %d, digest %d.", keyslot, digest); + + return LUKS2_digest_verify_by_digest(cd, hdr, digest, vk); +} + +int LUKS2_digest_dump(struct crypt_device *cd, int digest) +{ + const digest_handler *h; + + if (!(h = LUKS2_digest_handler(cd, digest))) + return -EINVAL; + + return h->dump(cd, digest); +} + +int LUKS2_digest_any_matching(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct volume_key *vk) +{ + int digest; + + for (digest = 0; digest < LUKS2_DIGEST_MAX; digest++) + if (LUKS2_digest_verify_by_digest(cd, hdr, digest, vk) == digest) + return digest; + + return -ENOENT; +} + +int LUKS2_digest_verify_by_segment(struct crypt_device *cd, + struct luks2_hdr *hdr, + int segment, + const struct volume_key *vk) +{ + return LUKS2_digest_verify_by_digest(cd, hdr, LUKS2_digest_by_segment(hdr, segment), vk); +} + +/* FIXME: segment can have more digests */ +int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment) +{ + char segment_name[16]; + json_object *jobj_digests, *jobj_digest_segments; + + if (segment == CRYPT_DEFAULT_SEGMENT) + segment = LUKS2_get_default_segment(hdr); + + json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); + + if (snprintf(segment_name, sizeof(segment_name), "%u", segment) < 1) + return -EINVAL; + + json_object_object_foreach(jobj_digests, key, val) { + json_object_object_get_ex(val, "segments", &jobj_digest_segments); + if (!LUKS2_array_jobj(jobj_digest_segments, segment_name)) + continue; + + return atoi(key); + } + + return -ENOENT; +} + +static int assign_one_digest(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int digest, int assign) +{ + json_object *jobj1, *jobj_digest, *jobj_digest_keyslots; + char num[16]; + + log_dbg(cd, "Keyslot %i %s digest %i.", keyslot, assign ? "assigned to" : "unassigned from", digest); + + jobj_digest = LUKS2_get_digest_jobj(hdr, digest); + if (!jobj_digest) + return -EINVAL; + + json_object_object_get_ex(jobj_digest, "keyslots", &jobj_digest_keyslots); + if (!jobj_digest_keyslots) + return -EINVAL; + + snprintf(num, sizeof(num), "%d", keyslot); + if (assign) { + jobj1 = LUKS2_array_jobj(jobj_digest_keyslots, num); + if (!jobj1) + json_object_array_add(jobj_digest_keyslots, json_object_new_string(num)); + } else { + jobj1 = LUKS2_array_remove(jobj_digest_keyslots, num); + if (jobj1) + json_object_object_add(jobj_digest, "keyslots", jobj1); + } + + return 0; +} + +int LUKS2_digest_assign(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int digest, int assign, int commit) +{ + json_object *jobj_digests; + int r = 0; + + if (digest == CRYPT_ANY_DIGEST) { + json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); + + json_object_object_foreach(jobj_digests, key, val) { + UNUSED(val); + r = assign_one_digest(cd, hdr, keyslot, atoi(key), assign); + if (r < 0) + break; + } + } else + r = assign_one_digest(cd, hdr, keyslot, digest, assign); + + if (r < 0) + return r; + + // FIXME: do not write header in nothing changed + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +} + +static int assign_all_segments(struct crypt_device *cd, struct luks2_hdr *hdr, + int digest, int assign) +{ + json_object *jobj1, *jobj_digest, *jobj_digest_segments; + + jobj_digest = LUKS2_get_digest_jobj(hdr, digest); + if (!jobj_digest) + return -EINVAL; + + json_object_object_get_ex(jobj_digest, "segments", &jobj_digest_segments); + if (!jobj_digest_segments) + return -EINVAL; + + if (assign) { + json_object_object_foreach(LUKS2_get_segments_jobj(hdr), key, value) { + UNUSED(value); + jobj1 = LUKS2_array_jobj(jobj_digest_segments, key); + if (!jobj1) + json_object_array_add(jobj_digest_segments, json_object_new_string(key)); + } + } else { + jobj1 = json_object_new_array(); + if (!jobj1) + return -ENOMEM; + json_object_object_add(jobj_digest, "segments", jobj1); + } + + return 0; +} + +static int assign_one_segment(struct crypt_device *cd, struct luks2_hdr *hdr, + int segment, int digest, int assign) +{ + json_object *jobj1, *jobj_digest, *jobj_digest_segments; + char num[16]; + + log_dbg(cd, "Segment %i %s digest %i.", segment, assign ? "assigned to" : "unassigned from", digest); + + jobj_digest = LUKS2_get_digest_jobj(hdr, digest); + if (!jobj_digest) + return -EINVAL; + + json_object_object_get_ex(jobj_digest, "segments", &jobj_digest_segments); + if (!jobj_digest_segments) + return -EINVAL; + + snprintf(num, sizeof(num), "%d", segment); + if (assign) { + jobj1 = LUKS2_array_jobj(jobj_digest_segments, num); + if (!jobj1) + json_object_array_add(jobj_digest_segments, json_object_new_string(num)); + } else { + jobj1 = LUKS2_array_remove(jobj_digest_segments, num); + if (jobj1) + json_object_object_add(jobj_digest, "segments", jobj1); + } + + return 0; +} + +int LUKS2_digest_segment_assign(struct crypt_device *cd, struct luks2_hdr *hdr, + int segment, int digest, int assign, int commit) +{ + json_object *jobj_digests; + int r = 0; + + if (segment == CRYPT_DEFAULT_SEGMENT) + segment = LUKS2_get_default_segment(hdr); + + if (digest == CRYPT_ANY_DIGEST) { + json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); + + json_object_object_foreach(jobj_digests, key, val) { + UNUSED(val); + if (segment == CRYPT_ANY_SEGMENT) + r = assign_all_segments(cd, hdr, atoi(key), assign); + else + r = assign_one_segment(cd, hdr, segment, atoi(key), assign); + if (r < 0) + break; + } + } else { + if (segment == CRYPT_ANY_SEGMENT) + r = assign_all_segments(cd, hdr, digest, assign); + else + r = assign_one_segment(cd, hdr, segment, digest, assign); + } + + if (r < 0) + return r; + + // FIXME: do not write header in nothing changed + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +} + +static int digest_unused(json_object *jobj_digest) +{ + json_object *jobj; + + json_object_object_get_ex(jobj_digest, "segments", &jobj); + if (!jobj || !json_object_is_type(jobj, json_type_array) || json_object_array_length(jobj) > 0) + return 0; + + json_object_object_get_ex(jobj_digest, "keyslots", &jobj); + if (!jobj || !json_object_is_type(jobj, json_type_array)) + return 0; + + return json_object_array_length(jobj) > 0 ? 0 : 1; +} + +void LUKS2_digests_erase_unused(struct crypt_device *cd, + struct luks2_hdr *hdr) +{ + json_object *jobj_digests; + + json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); + if (!jobj_digests || !json_object_is_type(jobj_digests, json_type_object)) + return; + + json_object_object_foreach(jobj_digests, key, val) { + if (digest_unused(val)) { + log_dbg(cd, "Erasing unused digest %d.", atoi(key)); + json_object_object_del(jobj_digests, key); + } + } +} + +/* Key description helpers */ +static char *get_key_description_by_digest(struct crypt_device *cd, int digest) +{ + char *desc, digest_str[3]; + int r; + size_t len; + + if (!crypt_get_uuid(cd)) + return NULL; + + r = snprintf(digest_str, sizeof(digest_str), "d%u", digest); + if (r < 0 || (size_t)r >= sizeof(digest_str)) + return NULL; + + /* "cryptsetup:-" + \0 */ + len = strlen(crypt_get_uuid(cd)) + strlen(digest_str) + 13; + + desc = malloc(len); + if (!desc) + return NULL; + + r = snprintf(desc, len, "%s:%s-%s", "cryptsetup", crypt_get_uuid(cd), digest_str); + if (r < 0 || (size_t)r >= len) { + free(desc); + return NULL; + } + + return desc; +} + +int LUKS2_key_description_by_segment(struct crypt_device *cd, + struct luks2_hdr *hdr, struct volume_key *vk, int segment) +{ + char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_segment(hdr, segment)); + int r; + + r = crypt_volume_key_set_description(vk, desc); + free(desc); + return r; +} + +int LUKS2_volume_key_load_in_keyring_by_keyslot(struct crypt_device *cd, + struct luks2_hdr *hdr, struct volume_key *vk, int keyslot) +{ + char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_keyslot(hdr, keyslot)); + int r; + + r = crypt_volume_key_set_description(vk, desc); + if (!r) + r = crypt_volume_key_load_in_keyring(cd, vk); + + free(desc); + return r; +} + +int LUKS2_volume_key_load_in_keyring_by_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, struct volume_key *vk, int digest) +{ + char *desc = get_key_description_by_digest(cd, digest); + int r; + + r = crypt_volume_key_set_description(vk, desc); + if (!r) + r = crypt_volume_key_load_in_keyring(cd, vk); + + free(desc); + return r; +} diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c new file mode 100644 index 0000000..bf1e4f9 --- /dev/null +++ b/lib/luks2/luks2_digest_pbkdf2.c @@ -0,0 +1,211 @@ +/* + * LUKS - Linux Unified Key Setup v2, PBKDF2 digest handler (LUKS1 compatible) + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" + +#define LUKS_DIGESTSIZE 20 // since SHA1 +#define LUKS_SALTSIZE 32 +#define LUKS_MKD_ITERATIONS_MS 125 + +static int PBKDF2_digest_verify(struct crypt_device *cd, + int digest, + const char *volume_key, + size_t volume_key_len) +{ + char checkHashBuf[64]; + json_object *jobj_digest, *jobj1; + const char *hashSpec; + char *mkDigest = NULL, mkDigestSalt[LUKS_SALTSIZE]; + unsigned int mkDigestIterations; + size_t len; + int r; + + /* This can be done only for internally linked digests */ + jobj_digest = LUKS2_get_digest_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), digest); + if (!jobj_digest) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_digest, "hash", &jobj1)) + return -EINVAL; + hashSpec = json_object_get_string(jobj1); + + if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1)) + return -EINVAL; + mkDigestIterations = json_object_get_int64(jobj1); + + if (!json_object_object_get_ex(jobj_digest, "salt", &jobj1)) + return -EINVAL; + len = sizeof(mkDigestSalt); + if (!base64_decode(json_object_get_string(jobj1), + json_object_get_string_len(jobj1), mkDigestSalt, &len)) + return -EINVAL; + if (len != LUKS_SALTSIZE) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1)) + return -EINVAL; + len = 0; + if (!base64_decode_alloc(json_object_get_string(jobj1), + json_object_get_string_len(jobj1), &mkDigest, &len)) + return -EINVAL; + if (len < LUKS_DIGESTSIZE || + len > sizeof(checkHashBuf) || + (len != LUKS_DIGESTSIZE && len != (size_t)crypt_hash_size(hashSpec))) { + free(mkDigest); + return -EINVAL; + } + + r = -EPERM; + if (crypt_pbkdf(CRYPT_KDF_PBKDF2, hashSpec, volume_key, volume_key_len, + mkDigestSalt, LUKS_SALTSIZE, + checkHashBuf, len, + mkDigestIterations, 0, 0) < 0) { + r = -EINVAL; + } else { + if (memcmp(checkHashBuf, mkDigest, len) == 0) + r = 0; + } + + free(mkDigest); + return r; +} + +static int PBKDF2_digest_store(struct crypt_device *cd, + int digest, + const char *volume_key, + size_t volume_key_len) +{ + json_object *jobj_digest, *jobj_digests; + char salt[LUKS_SALTSIZE], digest_raw[128]; + int hmac_size, r; + char *base64_str; + struct luks2_hdr *hdr; + struct crypt_pbkdf_limits pbkdf_limits; + const struct crypt_pbkdf_type *pbkdf_cd; + struct crypt_pbkdf_type pbkdf = { + .type = CRYPT_KDF_PBKDF2, + .time_ms = LUKS_MKD_ITERATIONS_MS, + }; + + /* Inherit hash from PBKDF setting */ + pbkdf_cd = crypt_get_pbkdf_type(cd); + if (pbkdf_cd) + pbkdf.hash = pbkdf_cd->hash; + if (!pbkdf.hash) + pbkdf.hash = DEFAULT_LUKS1_HASH; + + log_dbg(cd, "Setting PBKDF2 type key digest %d.", digest); + + r = crypt_random_get(cd, salt, LUKS_SALTSIZE, CRYPT_RND_SALT); + if (r < 0) + return r; + + r = crypt_pbkdf_get_limits(CRYPT_KDF_PBKDF2, &pbkdf_limits); + if (r < 0) + return r; + + if (crypt_get_pbkdf(cd)->flags & CRYPT_PBKDF_NO_BENCHMARK) + pbkdf.iterations = pbkdf_limits.min_iterations; + else { + r = crypt_benchmark_pbkdf_internal(cd, &pbkdf, volume_key_len); + if (r < 0) + return r; + } + + hmac_size = crypt_hmac_size(pbkdf.hash); + if (hmac_size < 0 || hmac_size > (int)sizeof(digest_raw)) + return -EINVAL; + + r = crypt_pbkdf(CRYPT_KDF_PBKDF2, pbkdf.hash, volume_key, volume_key_len, + salt, LUKS_SALTSIZE, digest_raw, hmac_size, + pbkdf.iterations, 0, 0); + if (r < 0) + return r; + + jobj_digest = LUKS2_get_digest_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), digest); + jobj_digests = NULL; + if (!jobj_digest) { + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + jobj_digest = json_object_new_object(); + json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); + } + + json_object_object_add(jobj_digest, "type", json_object_new_string("pbkdf2")); + json_object_object_add(jobj_digest, "keyslots", json_object_new_array()); + json_object_object_add(jobj_digest, "segments", json_object_new_array()); + json_object_object_add(jobj_digest, "hash", json_object_new_string(pbkdf.hash)); + json_object_object_add(jobj_digest, "iterations", json_object_new_int(pbkdf.iterations)); + + base64_encode_alloc(salt, LUKS_SALTSIZE, &base64_str); + if (!base64_str) { + json_object_put(jobj_digest); + return -ENOMEM; + } + json_object_object_add(jobj_digest, "salt", json_object_new_string(base64_str)); + free(base64_str); + + base64_encode_alloc(digest_raw, hmac_size, &base64_str); + if (!base64_str) { + json_object_put(jobj_digest); + return -ENOMEM; + } + json_object_object_add(jobj_digest, "digest", json_object_new_string(base64_str)); + free(base64_str); + + if (jobj_digests) + json_object_object_add_by_uint(jobj_digests, digest, jobj_digest); + + JSON_DBG(cd, jobj_digest, "Digest JSON:"); + return 0; +} + +static int PBKDF2_digest_dump(struct crypt_device *cd, int digest) +{ + json_object *jobj_digest, *jobj1; + + /* This can be done only for internally linked digests */ + jobj_digest = LUKS2_get_digest_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), digest); + if (!jobj_digest) + return -EINVAL; + + json_object_object_get_ex(jobj_digest, "hash", &jobj1); + log_std(cd, "\tHash: %s\n", json_object_get_string(jobj1)); + + json_object_object_get_ex(jobj_digest, "iterations", &jobj1); + log_std(cd, "\tIterations: %" PRIu64 "\n", json_object_get_int64(jobj1)); + + json_object_object_get_ex(jobj_digest, "salt", &jobj1); + log_std(cd, "\tSalt: "); + hexprint_base64(cd, jobj1, " ", " "); + + json_object_object_get_ex(jobj_digest, "digest", &jobj1); + log_std(cd, "\tDigest: "); + hexprint_base64(cd, jobj1, " ", " "); + + return 0; +} + +const digest_handler PBKDF2_digest = { + .name = "pbkdf2", + .verify = PBKDF2_digest_verify, + .store = PBKDF2_digest_store, + .dump = PBKDF2_digest_dump, +}; diff --git a/lib/luks2/luks2_disk_metadata.c b/lib/luks2/luks2_disk_metadata.c new file mode 100644 index 0000000..9654cdb --- /dev/null +++ b/lib/luks2/luks2_disk_metadata.c @@ -0,0 +1,806 @@ +/* + * LUKS - Linux Unified Key Setup v2 + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include + +#include "luks2_internal.h" + +/* + * Helper functions + */ +static json_object *parse_json_len(struct crypt_device *cd, const char *json_area, + uint64_t max_length, int *json_len) +{ + json_object *jobj; + struct json_tokener *jtok; + + /* INT32_MAX is internal (json-c) json_tokener_parse_ex() limit */ + if (!json_area || max_length > INT32_MAX) + return NULL; + + jtok = json_tokener_new(); + if (!jtok) { + log_dbg(cd, "ERROR: Failed to init json tokener"); + return NULL; + } + + jobj = json_tokener_parse_ex(jtok, json_area, max_length); + if (!jobj) + log_dbg(cd, "ERROR: Failed to parse json data (%d): %s", + json_tokener_get_error(jtok), + json_tokener_error_desc(json_tokener_get_error(jtok))); + else + *json_len = jtok->char_offset; + + json_tokener_free(jtok); + + return jobj; +} + +static void log_dbg_checksum(struct crypt_device *cd, + const uint8_t *csum, const char *csum_alg, const char *info) +{ + char csum_txt[2*LUKS2_CHECKSUM_L+1]; + int i; + + for (i = 0; i < crypt_hash_size(csum_alg); i++) + snprintf(&csum_txt[i*2], 3, "%02hhx", (const char)csum[i]); + csum_txt[i*2+1] = '\0'; /* Just to be safe, sprintf should write \0 there. */ + + log_dbg(cd, "Checksum:%s (%s)", &csum_txt[0], info); +} + +/* + * Calculate hash (checksum) of |LUKS2_bin|LUKS2_JSON_area| from in-memory structs. + * LUKS2 on-disk header contains uniques salt both for primary and secondary header. + * Checksum is always calculated with zeroed checksum field in binary header. + */ +static int hdr_checksum_calculate(const char *alg, struct luks2_hdr_disk *hdr_disk, + const char *json_area, size_t json_len) +{ + struct crypt_hash *hd = NULL; + int hash_size, r; + + hash_size = crypt_hash_size(alg); + if (hash_size <= 0 || crypt_hash_init(&hd, alg)) + return -EINVAL; + + /* Binary header, csum zeroed. */ + r = crypt_hash_write(hd, (char*)hdr_disk, LUKS2_HDR_BIN_LEN); + + /* JSON area (including unused space) */ + if (!r) + r = crypt_hash_write(hd, json_area, json_len); + + if (!r) + r = crypt_hash_final(hd, (char*)hdr_disk->csum, (size_t)hash_size); + + crypt_hash_destroy(hd); + return r; +} + +/* + * Compare hash (checksum) of on-disk and in-memory header. + */ +static int hdr_checksum_check(struct crypt_device *cd, + const char *alg, struct luks2_hdr_disk *hdr_disk, + const char *json_area, size_t json_len) +{ + struct luks2_hdr_disk hdr_tmp; + int hash_size, r; + + hash_size = crypt_hash_size(alg); + if (hash_size <= 0) + return -EINVAL; + + /* Copy header and zero checksum. */ + memcpy(&hdr_tmp, hdr_disk, LUKS2_HDR_BIN_LEN); + memset(&hdr_tmp.csum, 0, sizeof(hdr_tmp.csum)); + + r = hdr_checksum_calculate(alg, &hdr_tmp, json_area, json_len); + if (r < 0) + return r; + + log_dbg_checksum(cd, hdr_disk->csum, alg, "on-disk"); + log_dbg_checksum(cd, hdr_tmp.csum, alg, "in-memory"); + + if (memcmp(hdr_tmp.csum, hdr_disk->csum, (size_t)hash_size)) + return -EINVAL; + + return 0; +} + +/* + * Convert header from on-disk format to in-memory struct + */ +static void hdr_from_disk(struct luks2_hdr_disk *hdr_disk1, + struct luks2_hdr_disk *hdr_disk2, + struct luks2_hdr *hdr, + int secondary) +{ + hdr->version = be16_to_cpu(hdr_disk1->version); + hdr->hdr_size = be64_to_cpu(hdr_disk1->hdr_size); + hdr->seqid = be64_to_cpu(hdr_disk1->seqid); + + memcpy(hdr->label, hdr_disk1->label, LUKS2_LABEL_L); + hdr->label[LUKS2_LABEL_L - 1] = '\0'; + memcpy(hdr->subsystem, hdr_disk1->subsystem, LUKS2_LABEL_L); + hdr->subsystem[LUKS2_LABEL_L - 1] = '\0'; + memcpy(hdr->checksum_alg, hdr_disk1->checksum_alg, LUKS2_CHECKSUM_ALG_L); + hdr->checksum_alg[LUKS2_CHECKSUM_ALG_L - 1] = '\0'; + memcpy(hdr->uuid, hdr_disk1->uuid, LUKS2_UUID_L); + hdr->uuid[LUKS2_UUID_L - 1] = '\0'; + + if (secondary) { + memcpy(hdr->salt1, hdr_disk2->salt, LUKS2_SALT_L); + memcpy(hdr->salt2, hdr_disk1->salt, LUKS2_SALT_L); + } else { + memcpy(hdr->salt1, hdr_disk1->salt, LUKS2_SALT_L); + memcpy(hdr->salt2, hdr_disk2->salt, LUKS2_SALT_L); + } +} + +/* + * Convert header from in-memory struct to on-disk format + */ +static void hdr_to_disk(struct luks2_hdr *hdr, + struct luks2_hdr_disk *hdr_disk, + int secondary, uint64_t offset) +{ + assert(((char*)&(hdr_disk->_padding4096) - (char*)&(hdr_disk->magic)) == 512); + + memset(hdr_disk, 0, LUKS2_HDR_BIN_LEN); + + memcpy(&hdr_disk->magic, secondary ? LUKS2_MAGIC_2ND : LUKS2_MAGIC_1ST, LUKS2_MAGIC_L); + hdr_disk->version = cpu_to_be16(hdr->version); + hdr_disk->hdr_size = cpu_to_be64(hdr->hdr_size); + hdr_disk->hdr_offset = cpu_to_be64(offset); + hdr_disk->seqid = cpu_to_be64(hdr->seqid); + + strncpy(hdr_disk->label, hdr->label, LUKS2_LABEL_L); + hdr_disk->label[LUKS2_LABEL_L - 1] = '\0'; + strncpy(hdr_disk->subsystem, hdr->subsystem, LUKS2_LABEL_L); + hdr_disk->subsystem[LUKS2_LABEL_L - 1] = '\0'; + strncpy(hdr_disk->checksum_alg, hdr->checksum_alg, LUKS2_CHECKSUM_ALG_L); + hdr_disk->checksum_alg[LUKS2_CHECKSUM_ALG_L - 1] = '\0'; + strncpy(hdr_disk->uuid, hdr->uuid, LUKS2_UUID_L); + hdr_disk->uuid[LUKS2_UUID_L - 1] = '\0'; + + memcpy(hdr_disk->salt, secondary ? hdr->salt2 : hdr->salt1, LUKS2_SALT_L); +} + +/* + * Sanity checks before checksum is validated + */ +static int hdr_disk_sanity_check_pre(struct crypt_device *cd, + struct luks2_hdr_disk *hdr, + size_t *hdr_json_size, int secondary, + uint64_t offset) +{ + if (memcmp(hdr->magic, secondary ? LUKS2_MAGIC_2ND : LUKS2_MAGIC_1ST, LUKS2_MAGIC_L)) + return -EINVAL; + + if (be16_to_cpu(hdr->version) != 2) { + log_dbg(cd, "Unsupported LUKS2 header version %u.", be16_to_cpu(hdr->version)); + return -EINVAL; + } + + if (offset != be64_to_cpu(hdr->hdr_offset)) { + log_dbg(cd, "LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.", + (unsigned)be64_to_cpu(hdr->hdr_offset), (unsigned)offset); + return -EINVAL; + } + + if (secondary && (offset != be64_to_cpu(hdr->hdr_size))) { + log_dbg(cd, "LUKS2 offset 0x%04x in secondary header does not match size 0x%04x.", + (unsigned)offset, (unsigned)be64_to_cpu(hdr->hdr_size)); + return -EINVAL; + } + + /* FIXME: sanity check checksum alg. */ + + log_dbg(cd, "LUKS2 header version %u of size %u bytes, checksum %s.", + (unsigned)be16_to_cpu(hdr->version), (unsigned)be64_to_cpu(hdr->hdr_size), + hdr->checksum_alg); + + *hdr_json_size = be64_to_cpu(hdr->hdr_size) - LUKS2_HDR_BIN_LEN; + return 0; +} + +/* + * Read LUKS2 header from disk at specific offset. + */ +static int hdr_read_disk(struct crypt_device *cd, + struct device *device, struct luks2_hdr_disk *hdr_disk, + char **json_area, uint64_t offset, int secondary) +{ + size_t hdr_json_size = 0; + int devfd, r; + + log_dbg(cd, "Trying to read %s LUKS2 header at offset 0x%" PRIx64 ".", + secondary ? "secondary" : "primary", offset); + + devfd = device_open_locked(cd, device, O_RDONLY); + if (devfd < 0) + return devfd == -1 ? -EIO : devfd; + + /* + * Read binary header and run sanity check before reading + * JSON area and validating checksum. + */ + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr_disk, + LUKS2_HDR_BIN_LEN, offset) != LUKS2_HDR_BIN_LEN) { + return -EIO; + } + + r = hdr_disk_sanity_check_pre(cd, hdr_disk, &hdr_json_size, secondary, offset); + if (r < 0) { + return r; + } + + /* + * Allocate and read JSON area. Always the whole area must be read. + */ + *json_area = malloc(hdr_json_size); + if (!*json_area) { + return -ENOMEM; + } + + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), *json_area, hdr_json_size, + offset + LUKS2_HDR_BIN_LEN) != (ssize_t)hdr_json_size) { + free(*json_area); + *json_area = NULL; + return -EIO; + } + + /* + * Calculate and validate checksum and zero it afterwards. + */ + if (hdr_checksum_check(cd, hdr_disk->checksum_alg, hdr_disk, + *json_area, hdr_json_size)) { + log_dbg(cd, "LUKS2 header checksum error (offset %" PRIu64 ").", offset); + r = -EINVAL; + } + memset(hdr_disk->csum, 0, LUKS2_CHECKSUM_L); + + return r; +} + +/* + * Write LUKS2 header to disk at specific offset. + */ +static int hdr_write_disk(struct crypt_device *cd, + struct device *device, struct luks2_hdr *hdr, + const char *json_area, int secondary) +{ + struct luks2_hdr_disk hdr_disk; + uint64_t offset = secondary ? hdr->hdr_size : 0; + size_t hdr_json_len; + int devfd, r; + + log_dbg(cd, "Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".", + hdr->hdr_size, offset); + + /* FIXME: read-only device silent fail? */ + + devfd = device_open_locked(cd, device, O_RDWR); + if (devfd < 0) + return devfd == -1 ? -EINVAL : devfd; + + hdr_json_len = hdr->hdr_size - LUKS2_HDR_BIN_LEN; + + hdr_to_disk(hdr, &hdr_disk, secondary, offset); + + /* + * Write header without checksum but with proper seqid. + */ + if (write_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), (char *)&hdr_disk, + LUKS2_HDR_BIN_LEN, offset) < (ssize_t)LUKS2_HDR_BIN_LEN) { + return -EIO; + } + + /* + * Write json area. + */ + if (write_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), + CONST_CAST(char*)json_area, hdr_json_len, + LUKS2_HDR_BIN_LEN + offset) < (ssize_t)hdr_json_len) { + return -EIO; + } + + /* + * Calculate checksum and write header with checksum. + */ + r = hdr_checksum_calculate(hdr_disk.checksum_alg, &hdr_disk, + json_area, hdr_json_len); + if (r < 0) { + return r; + } + log_dbg_checksum(cd, hdr_disk.csum, hdr_disk.checksum_alg, "in-memory"); + + if (write_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), (char *)&hdr_disk, + LUKS2_HDR_BIN_LEN, offset) < (ssize_t)LUKS2_HDR_BIN_LEN) + r = -EIO; + + device_sync(cd, device); + return r; +} + +static int LUKS2_check_sequence_id(struct crypt_device *cd, struct luks2_hdr *hdr, struct device *device) +{ + int devfd; + struct luks2_hdr_disk dhdr; + + if (!hdr) + return -EINVAL; + + devfd = device_open_locked(cd, device, O_RDONLY); + if (devfd < 0) + return devfd == -1 ? -EINVAL : devfd; + + /* we need only first 512 bytes, see luks2_hdr_disk structure */ + if ((read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), &dhdr, 512, 0) != 512)) + return -EIO; + + /* there's nothing to check if there's no LUKS2 header */ + if ((be16_to_cpu(dhdr.version) != 2) || + memcmp(dhdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L) || + strcmp(dhdr.uuid, hdr->uuid)) + return 0; + + return hdr->seqid != be64_to_cpu(dhdr.seqid); +} + +int LUKS2_device_write_lock(struct crypt_device *cd, struct luks2_hdr *hdr, struct device *device) +{ + int r = device_write_lock(cd, device); + + if (r < 0) { + log_err(cd, _("Failed to acquire write lock on device %s."), device_path(device)); + return r; + } + + /* run sequence id check only on first write lock (r == 1) and w/o LUKS2 reencryption in-progress */ + if (r == 1 && !crypt_get_reenc_context(cd)) { + log_dbg(cd, "Checking context sequence id matches value stored on disk."); + if (LUKS2_check_sequence_id(cd, hdr, device)) { + device_write_unlock(cd, device); + log_err(cd, _("Detected attempt for concurrent LUKS2 metadata update. Aborting operation.")); + return -EINVAL; + } + } + + return 0; +} + +/* + * Convert in-memory LUKS2 header and write it to disk. + * This will increase sequence id, write both header copies and calculate checksum. + */ +int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct device *device, bool seqid_check) +{ + char *json_area; + const char *json_text; + size_t json_area_len; + int r; + + if (hdr->version != 2) { + log_dbg(cd, "Unsupported LUKS2 header version (%u).", hdr->version); + return -EINVAL; + } + + r = device_check_size(cd, crypt_metadata_device(cd), LUKS2_hdr_and_areas_size(hdr->jobj), 1); + if (r) + return r; + + /* + * Allocate and zero JSON area (of proper header size). + */ + json_area_len = hdr->hdr_size - LUKS2_HDR_BIN_LEN; + json_area = crypt_zalloc(json_area_len); + if (!json_area) + return -ENOMEM; + + /* + * Generate text space-efficient JSON representation to json area. + */ + json_text = json_object_to_json_string_ext(hdr->jobj, + JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); + if (!json_text || !*json_text) { + log_dbg(cd, "Cannot parse JSON object to text representation."); + free(json_area); + return -ENOMEM; + } + if (strlen(json_text) > (json_area_len - 1)) { + log_dbg(cd, "JSON is too large (%zu > %zu).", strlen(json_text), json_area_len); + free(json_area); + return -EINVAL; + } + strncpy(json_area, json_text, json_area_len); + + if (seqid_check) + r = LUKS2_device_write_lock(cd, hdr, device); + else + r = device_write_lock(cd, device); + if (r < 0) { + free(json_area); + return r; + } + + /* Increase sequence id before writing it to disk. */ + hdr->seqid++; + + /* Write primary and secondary header */ + r = hdr_write_disk(cd, device, hdr, json_area, 0); + if (!r) + r = hdr_write_disk(cd, device, hdr, json_area, 1); + + if (r) + log_dbg(cd, "LUKS2 header write failed (%d).", r); + + device_write_unlock(cd, device); + + free(json_area); + return r; +} +static int validate_json_area(struct crypt_device *cd, const char *json_area, + uint64_t json_len, uint64_t max_length) +{ + char c; + + /* Enforce there are no needless opening bytes */ + if (*json_area != '{') { + log_dbg(cd, "ERROR: Opening character must be left curly bracket: '{'."); + return -EINVAL; + } + + if (json_len >= max_length) { + log_dbg(cd, "ERROR: Missing trailing null byte beyond parsed json data string."); + return -EINVAL; + } + + /* + * TODO: + * validate there are legal json format characters between + * 'json_area' and 'json_area + json_len' + */ + + do { + c = *(json_area + json_len); + if (c != '\0') { + log_dbg(cd, "ERROR: Forbidden ascii code 0x%02hhx found beyond json data string at offset %" PRIu64, + c, json_len); + return -EINVAL; + } + } while (++json_len < max_length); + + return 0; +} + +static int validate_luks2_json_object(struct crypt_device *cd, json_object *jobj_hdr, uint64_t length) +{ + int r; + + /* we require top level object to be of json_type_object */ + r = !json_object_is_type(jobj_hdr, json_type_object); + if (r) { + log_dbg(cd, "ERROR: Resulting object is not a json object type"); + return r; + } + + r = LUKS2_hdr_validate(cd, jobj_hdr, length); + if (r) { + log_dbg(cd, "Repairing JSON metadata."); + /* try to correct known glitches */ + LUKS2_hdr_repair(cd, jobj_hdr); + + /* run validation again */ + r = LUKS2_hdr_validate(cd, jobj_hdr, length); + } + + if (r) + log_dbg(cd, "ERROR: LUKS2 validation failed"); + + return r; +} + +static json_object *parse_and_validate_json(struct crypt_device *cd, + const char *json_area, uint64_t max_length) +{ + int json_len, r; + json_object *jobj = parse_json_len(cd, json_area, max_length, &json_len); + + if (!jobj) + return NULL; + + /* successful parse_json_len must not return offset <= 0 */ + assert(json_len > 0); + + r = validate_json_area(cd, json_area, json_len, max_length); + if (!r) + r = validate_luks2_json_object(cd, jobj, max_length); + + if (r) { + json_object_put(jobj); + jobj = NULL; + } + + return jobj; +} + +static int detect_device_signatures(struct crypt_device *cd, const char *path) +{ + blk_probe_status prb_state; + int r; + struct blkid_handle *h; + + if (!blk_supported()) { + log_dbg(cd, "Blkid probing of device signatures disabled."); + return 0; + } + + if ((r = blk_init_by_path(&h, path))) { + log_dbg(cd, "Failed to initialize blkid_handle by path."); + return -EINVAL; + } + + /* We don't care about details. Be fast. */ + blk_set_chains_for_fast_detection(h); + + /* Filter out crypto_LUKS. we don't care now */ + blk_superblocks_filter_luks(h); + + prb_state = blk_safeprobe(h); + + switch (prb_state) { + case PRB_AMBIGUOUS: + log_dbg(cd, "Blkid probe couldn't decide device type unambiguously."); + /* fall through */ + case PRB_FAIL: + log_dbg(cd, "Blkid probe failed."); + r = -EINVAL; + break; + case PRB_OK: /* crypto_LUKS type is filtered out */ + r = -EINVAL; + + if (blk_is_partition(h)) + log_dbg(cd, "Blkid probe detected partition type '%s'", blk_get_partition_type(h)); + else if (blk_is_superblock(h)) + log_dbg(cd, "blkid probe detected superblock type '%s'", blk_get_superblock_type(h)); + break; + case PRB_EMPTY: + log_dbg(cd, "Blkid probe detected no foreign device signature."); + } + blk_free(h); + return r; +} + +/* + * Read and convert on-disk LUKS2 header to in-memory representation.. + * Try to do recovery if on-disk state is not consistent. + */ +int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, + struct device *device, int do_recovery, int do_blkprobe) +{ + enum { HDR_OK, HDR_OBSOLETE, HDR_FAIL, HDR_FAIL_IO } state_hdr1, state_hdr2; + struct luks2_hdr_disk hdr_disk1, hdr_disk2; + char *json_area1 = NULL, *json_area2 = NULL; + json_object *jobj_hdr1 = NULL, *jobj_hdr2 = NULL; + unsigned int i; + int r; + uint64_t hdr_size; + uint64_t hdr2_offsets[] = LUKS2_HDR2_OFFSETS; + + /* Skip auto-recovery if locks are disabled and we're not doing LUKS2 explicit repair */ + if (do_recovery && do_blkprobe && !crypt_metadata_locking_enabled()) { + do_recovery = 0; + log_dbg(cd, "Disabling header auto-recovery due to locking being disabled."); + } + + /* + * Read primary LUKS2 header (offset 0). + */ + state_hdr1 = HDR_FAIL; + r = hdr_read_disk(cd, device, &hdr_disk1, &json_area1, 0, 0); + if (r == 0) { + jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN); + state_hdr1 = jobj_hdr1 ? HDR_OK : HDR_OBSOLETE; + } else if (r == -EIO) + state_hdr1 = HDR_FAIL_IO; + + /* + * Read secondary LUKS2 header (follows primary). + */ + state_hdr2 = HDR_FAIL; + if (state_hdr1 != HDR_FAIL && state_hdr1 != HDR_FAIL_IO) { + r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1); + if (r == 0) { + jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); + state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE; + } else if (r == -EIO) + state_hdr2 = HDR_FAIL_IO; + } else { + /* + * No header size, check all known offsets. + */ + for (r = -EINVAL,i = 0; r < 0 && i < ARRAY_SIZE(hdr2_offsets); i++) + r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1); + + if (r == 0) { + jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN); + state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE; + } else if (r == -EIO) + state_hdr2 = HDR_FAIL_IO; + } + + /* + * Check sequence id if both headers are read correctly. + */ + if (state_hdr1 == HDR_OK && state_hdr2 == HDR_OK) { + if (be64_to_cpu(hdr_disk1.seqid) > be64_to_cpu(hdr_disk2.seqid)) + state_hdr2 = HDR_OBSOLETE; + else if (be64_to_cpu(hdr_disk1.seqid) < be64_to_cpu(hdr_disk2.seqid)) + state_hdr1 = HDR_OBSOLETE; + } + + /* check header with keyslots to fit the device */ + if (state_hdr1 == HDR_OK) + hdr_size = LUKS2_hdr_and_areas_size(jobj_hdr1); + else if (state_hdr2 == HDR_OK) + hdr_size = LUKS2_hdr_and_areas_size(jobj_hdr2); + else { + r = (state_hdr1 == HDR_FAIL_IO && state_hdr2 == HDR_FAIL_IO) ? -EIO : -EINVAL; + goto err; + } + + r = device_check_size(cd, device, hdr_size, 0); + if (r) + goto err; + + /* + * Try to rewrite (recover) bad header. Always regenerate salt for bad header. + */ + if (state_hdr1 == HDR_OK && state_hdr2 != HDR_OK) { + log_dbg(cd, "Secondary LUKS2 header requires recovery."); + + if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) { + log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" + "Please run \"cryptsetup repair\" for recovery.")); + goto err; + } + + if (do_recovery) { + memcpy(&hdr_disk2, &hdr_disk1, LUKS2_HDR_BIN_LEN); + r = crypt_random_get(cd, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT); + if (r) + log_dbg(cd, "Cannot generate master salt."); + else { + hdr_from_disk(&hdr_disk1, &hdr_disk2, hdr, 0); + r = hdr_write_disk(cd, device, hdr, json_area1, 1); + } + if (r) + log_dbg(cd, "Secondary LUKS2 header recovery failed."); + } + } else if (state_hdr1 != HDR_OK && state_hdr2 == HDR_OK) { + log_dbg(cd, "Primary LUKS2 header requires recovery."); + + if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) { + log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" + "Please run \"cryptsetup repair\" for recovery.")); + goto err; + } + + if (do_recovery) { + memcpy(&hdr_disk1, &hdr_disk2, LUKS2_HDR_BIN_LEN); + r = crypt_random_get(cd, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT); + if (r) + log_dbg(cd, "Cannot generate master salt."); + else { + hdr_from_disk(&hdr_disk2, &hdr_disk1, hdr, 1); + r = hdr_write_disk(cd, device, hdr, json_area2, 0); + } + if (r) + log_dbg(cd, "Primary LUKS2 header recovery failed."); + } + } + + free(json_area1); + json_area1 = NULL; + free(json_area2); + json_area2 = NULL; + + /* wrong lock for write mode during recovery attempt */ + if (r == -EAGAIN) + goto err; + + /* + * Even if status is failed, the second header includes salt. + */ + if (state_hdr1 == HDR_OK) { + hdr_from_disk(&hdr_disk1, &hdr_disk2, hdr, 0); + hdr->jobj = jobj_hdr1; + json_object_put(jobj_hdr2); + } else if (state_hdr2 == HDR_OK) { + hdr_from_disk(&hdr_disk2, &hdr_disk1, hdr, 1); + hdr->jobj = jobj_hdr2; + json_object_put(jobj_hdr1); + } + + /* + * FIXME: should this fail? At least one header was read correctly. + * r = (state_hdr1 == HDR_FAIL_IO || state_hdr2 == HDR_FAIL_IO) ? -EIO : -EINVAL; + */ + return 0; +err: + log_dbg(cd, "LUKS2 header read failed (%d).", r); + + free(json_area1); + free(json_area2); + json_object_put(jobj_hdr1); + json_object_put(jobj_hdr2); + hdr->jobj = NULL; + return r; +} + +int LUKS2_hdr_version_unlocked(struct crypt_device *cd, const char *backup_file) +{ + struct { + char magic[LUKS2_MAGIC_L]; + uint16_t version; + } __attribute__ ((packed)) hdr; + struct device *device = NULL; + int r = 0, devfd = -1, flags; + + if (!backup_file) + device = crypt_metadata_device(cd); + else if (device_alloc(cd, &device, backup_file) < 0) + return 0; + + if (!device) + return 0; + + flags = O_RDONLY; + if (device_direct_io(device)) + flags |= O_DIRECT; + + devfd = open(device_path(device), flags); + if (devfd < 0) + goto err; + + if ((read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), &hdr, sizeof(hdr), 0) == sizeof(hdr)) && + !memcmp(hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L)) + r = (int)be16_to_cpu(hdr.version); +err: + if (devfd != -1) + close(devfd); + + if (backup_file) + device_free(cd, device); + + return r; +} diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h new file mode 100644 index 0000000..a5bcb1f --- /dev/null +++ b/lib/luks2/luks2_internal.h @@ -0,0 +1,203 @@ +/* + * LUKS - Linux Unified Key Setup v2 + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRYPTSETUP_LUKS2_INTERNAL_H +#define _CRYPTSETUP_LUKS2_INTERNAL_H + +#include +#include +#include + +#include "internal.h" +#include "base64.h" +#include "luks2.h" + +#define UNUSED(x) (void)(x) + +/* override useless forward slash escape when supported by json-c */ +#ifndef JSON_C_TO_STRING_NOSLASHESCAPE +#define JSON_C_TO_STRING_NOSLASHESCAPE 0 +#endif + +/* + * On-disk access function prototypes + */ +int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, + struct device *device, int do_recovery, int do_blkprobe); +int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, + struct device *device, bool seqid_check); + +/* + * JSON struct access helpers + */ +json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot); +json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token); +json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest); +json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment); +json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr); +json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr); + +void hexprint_base64(struct crypt_device *cd, json_object *jobj, + const char *sep, const char *line_sep); + +uint64_t crypt_jobj_get_uint64(json_object *jobj); +uint32_t crypt_jobj_get_uint32(json_object *jobj); +json_object *crypt_jobj_new_uint64(uint64_t value); + +int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val); +void json_object_object_del_by_uint(json_object *jobj, unsigned key); +int json_object_copy(json_object *jobj_src, json_object **jobj_dst); + +void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc); + +/* + * LUKS2 JSON validation + */ + +/* validation helper */ +json_bool validate_json_uint32(json_object *jobj); +json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name, + const char *section, const char *key, json_type type); + +int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size); +int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr); +int LUKS2_token_validate(struct crypt_device *cd, json_object *hdr_jobj, + json_object *jobj_token, const char *key); +void LUKS2_token_dump(struct crypt_device *cd, int token); + +/* + * LUKS2 JSON repair for known glitches + */ +void LUKS2_hdr_repair(struct crypt_device *cd, json_object *jobj_hdr); +void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_hdr); + +/* + * JSON array helpers + */ +struct json_object *LUKS2_array_jobj(struct json_object *array, const char *num); +struct json_object *LUKS2_array_remove(struct json_object *array, const char *num); + +/* + * Plugins API + */ + +/** + * LUKS2 keyslots handlers (EXPERIMENTAL) + */ +typedef int (*keyslot_alloc_func)(struct crypt_device *cd, int keyslot, + size_t volume_key_len, + const struct luks2_keyslot_params *params); +typedef int (*keyslot_update_func)(struct crypt_device *cd, int keyslot, + const struct luks2_keyslot_params *params); +typedef int (*keyslot_open_func) (struct crypt_device *cd, int keyslot, + const char *password, size_t password_len, + char *volume_key, size_t volume_key_len); +typedef int (*keyslot_store_func)(struct crypt_device *cd, int keyslot, + const char *password, size_t password_len, + const char *volume_key, size_t volume_key_len); +typedef int (*keyslot_wipe_func) (struct crypt_device *cd, int keyslot); +typedef int (*keyslot_dump_func) (struct crypt_device *cd, int keyslot); +typedef int (*keyslot_validate_func) (struct crypt_device *cd, json_object *jobj_keyslot); +typedef void(*keyslot_repair_func) (struct crypt_device *cd, json_object *jobj_keyslot); + +/* see LUKS2_luks2_to_luks1 */ +int placeholder_keyslot_alloc(struct crypt_device *cd, + int keyslot, + uint64_t area_offset, + uint64_t area_length, + size_t volume_key_len); + +/* validate all keyslot implementations in hdr json */ +int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj); + +typedef struct { + const char *name; + keyslot_alloc_func alloc; + keyslot_update_func update; + keyslot_open_func open; + keyslot_store_func store; + keyslot_wipe_func wipe; + keyslot_dump_func dump; + keyslot_validate_func validate; + keyslot_repair_func repair; +} keyslot_handler; + +/* can not fit prototype alloc function */ +int reenc_keyslot_alloc(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const struct crypt_params_reencrypt *params); + +/** + * LUKS2 digest handlers (EXPERIMENTAL) + */ +typedef int (*digest_verify_func)(struct crypt_device *cd, int digest, + const char *volume_key, size_t volume_key_len); +typedef int (*digest_store_func) (struct crypt_device *cd, int digest, + const char *volume_key, size_t volume_key_len); +typedef int (*digest_dump_func) (struct crypt_device *cd, int digest); + +typedef struct { + const char *name; + digest_verify_func verify; + digest_store_func store; + digest_dump_func dump; +} digest_handler; + +/** + * LUKS2 token handlers (internal use only) + */ +typedef int (*builtin_token_get_func) (json_object *jobj_token, void *params); +typedef int (*builtin_token_set_func) (json_object **jobj_token, const void *params); + +typedef struct { + /* internal only section used by builtin tokens */ + builtin_token_get_func get; + builtin_token_set_func set; + /* public token handler */ + const crypt_token_handler *h; +} token_handler; + +int token_keyring_set(json_object **, const void *); +int token_keyring_get(json_object *, void *); + +int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr, + size_t keylength, uint64_t *area_offset, uint64_t *area_length); +int LUKS2_find_area_max_gap(struct crypt_device *cd, struct luks2_hdr *hdr, + uint64_t *area_offset, uint64_t *area_length); + +int LUKS2_check_cipher(struct crypt_device *cd, + size_t keylength, + const char *cipher, + const char *cipher_mode); + +static inline const char *crypt_reencrypt_mode_to_str(crypt_reencrypt_mode_info mi) +{ + if (mi == CRYPT_REENCRYPT_REENCRYPT) + return "reencrypt"; + if (mi == CRYPT_REENCRYPT_ENCRYPT) + return "encrypt"; + if (mi == CRYPT_REENCRYPT_DECRYPT) + return "decrypt"; + return ""; +} + +#endif diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c new file mode 100644 index 0000000..1416766 --- /dev/null +++ b/lib/luks2/luks2_json_format.c @@ -0,0 +1,405 @@ +/* + * LUKS - Linux Unified Key Setup v2, LUKS2 header format code + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" +#include +#include + +struct area { + uint64_t offset; + uint64_t length; +}; + +static size_t get_area_size(size_t keylength) +{ + //FIXME: calculate this properly, for now it is AF_split_sectors + return size_round_up(keylength * 4000, 4096); +} + +static size_t get_min_offset(struct luks2_hdr *hdr) +{ + return 2 * hdr->hdr_size; +} + +static size_t get_max_offset(struct luks2_hdr *hdr) +{ + return LUKS2_hdr_and_areas_size(hdr->jobj); +} + +int LUKS2_find_area_max_gap(struct crypt_device *cd, struct luks2_hdr *hdr, + uint64_t *area_offset, uint64_t *area_length) +{ + struct area areas[LUKS2_KEYSLOTS_MAX], sorted_areas[LUKS2_KEYSLOTS_MAX+1] = {}; + int i, j, k, area_i; + size_t valid_offset, offset, length; + + /* fill area offset + length table */ + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) { + if (!LUKS2_keyslot_area(hdr, i, &areas[i].offset, &areas[i].length)) + continue; + areas[i].length = 0; + areas[i].offset = 0; + } + + /* sort table */ + k = 0; /* index in sorted table */ + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) { + offset = get_max_offset(hdr) ?: UINT64_MAX; + area_i = -1; + /* search for the smallest offset in table */ + for (j = 0; j < LUKS2_KEYSLOTS_MAX; j++) + if (areas[j].offset && areas[j].offset <= offset) { + area_i = j; + offset = areas[j].offset; + } + + if (area_i >= 0) { + sorted_areas[k].length = areas[area_i].length; + sorted_areas[k].offset = areas[area_i].offset; + areas[area_i].length = 0; + areas[area_i].offset = 0; + k++; + } + } + + sorted_areas[LUKS2_KEYSLOTS_MAX].offset = get_max_offset(hdr); + sorted_areas[LUKS2_KEYSLOTS_MAX].length = 1; + + /* search for the gap we can use */ + length = valid_offset = 0; + offset = get_min_offset(hdr); + for (i = 0; i < LUKS2_KEYSLOTS_MAX+1; i++) { + /* skip empty */ + if (sorted_areas[i].offset == 0 || sorted_areas[i].length == 0) + continue; + + /* found bigger gap than the last one */ + if ((offset < sorted_areas[i].offset) && (sorted_areas[i].offset - offset) > length) { + length = sorted_areas[i].offset - offset; + valid_offset = offset; + } + + /* move beyond allocated area */ + offset = sorted_areas[i].offset + sorted_areas[i].length; + } + + /* this search 'algorithm' does not work with unaligned areas */ + assert(length == size_round_up(length, 4096)); + assert(valid_offset == size_round_up(valid_offset, 4096)); + + if (!length) { + log_dbg(cd, "Not enough space in header keyslot area."); + return -EINVAL; + } + + log_dbg(cd, "Found largest free area %zu -> %zu", valid_offset, length + valid_offset); + + *area_offset = valid_offset; + *area_length = length; + + return 0; +} + +int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr, + size_t keylength, uint64_t *area_offset, uint64_t *area_length) +{ + struct area areas[LUKS2_KEYSLOTS_MAX], sorted_areas[LUKS2_KEYSLOTS_MAX] = {}; + int i, j, k, area_i; + size_t offset, length; + + /* fill area offset + length table */ + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) { + if (!LUKS2_keyslot_area(hdr, i, &areas[i].offset, &areas[i].length)) + continue; + areas[i].length = 0; + areas[i].offset = 0; + } + + /* sort table */ + k = 0; /* index in sorted table */ + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) { + offset = get_max_offset(hdr) ?: UINT64_MAX; + area_i = -1; + /* search for the smallest offset in table */ + for (j = 0; j < LUKS2_KEYSLOTS_MAX; j++) + if (areas[j].offset && areas[j].offset <= offset) { + area_i = j; + offset = areas[j].offset; + } + + if (area_i >= 0) { + sorted_areas[k].length = areas[area_i].length; + sorted_areas[k].offset = areas[area_i].offset; + areas[area_i].length = 0; + areas[area_i].offset = 0; + k++; + } + } + + /* search for the gap we can use */ + offset = get_min_offset(hdr); + length = get_area_size(keylength); + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) { + /* skip empty */ + if (sorted_areas[i].offset == 0 || sorted_areas[i].length == 0) + continue; + + /* enough space before the used area */ + if ((offset < sorted_areas[i].offset) && ((offset + length) <= sorted_areas[i].offset)) + break; + + /* both offset and length are already aligned to 4096 bytes */ + offset = sorted_areas[i].offset + sorted_areas[i].length; + } + + if ((offset + length) > get_max_offset(hdr)) { + log_dbg(cd, "Not enough space in header keyslot area."); + return -EINVAL; + } + + log_dbg(cd, "Found area %zu -> %zu", offset, length + offset); + + *area_offset = offset; + *area_length = length; + return 0; +} + +int LUKS2_check_metadata_area_size(uint64_t metadata_size) +{ + /* see LUKS2_HDR2_OFFSETS */ + return (metadata_size != 0x004000 && + metadata_size != 0x008000 && metadata_size != 0x010000 && + metadata_size != 0x020000 && metadata_size != 0x040000 && + metadata_size != 0x080000 && metadata_size != 0x100000 && + metadata_size != 0x200000 && metadata_size != 0x400000); +} + +int LUKS2_check_keyslots_area_size(uint64_t keyslots_size) +{ + return (MISALIGNED_4K(keyslots_size) || + keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE); +} + +int LUKS2_generate_hdr( + struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct volume_key *vk, + const char *cipherName, + const char *cipherMode, + const char *integrity, + const char *uuid, + unsigned int sector_size, /* in bytes */ + uint64_t data_offset, /* in bytes */ + uint64_t align_offset, /* in bytes */ + uint64_t required_alignment, + uint64_t metadata_size, + uint64_t keyslots_size) +{ + struct json_object *jobj_segment, *jobj_integrity, *jobj_keyslots, *jobj_segments, *jobj_config; + char cipher[128]; + uuid_t partitionUuid; + int digest; + uint64_t mdev_size; + + if (!metadata_size) + metadata_size = LUKS2_HDR_16K_LEN; + hdr->hdr_size = metadata_size; + + if (data_offset && data_offset < get_min_offset(hdr)) { + log_err(cd, _("Requested data offset is too small.")); + return -EINVAL; + } + + /* Increase keyslot size according to data offset */ + if (!keyslots_size && data_offset) + keyslots_size = data_offset - get_min_offset(hdr); + + /* keyslots size has to be 4 KiB aligned */ + keyslots_size -= (keyslots_size % 4096); + + if (keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE) + keyslots_size = LUKS2_MAX_KEYSLOTS_SIZE; + + if (!keyslots_size) { + assert(LUKS2_DEFAULT_HDR_SIZE > 2 * LUKS2_HDR_OFFSET_MAX); + keyslots_size = LUKS2_DEFAULT_HDR_SIZE - get_min_offset(hdr); + /* Decrease keyslots_size due to metadata device being too small */ + if (!device_size(crypt_metadata_device(cd), &mdev_size) && + ((keyslots_size + get_min_offset(hdr)) > mdev_size) && + device_fallocate(crypt_metadata_device(cd), keyslots_size + get_min_offset(hdr))) + keyslots_size = mdev_size - get_min_offset(hdr); + } + + /* Decrease keyslots_size if we have smaller data_offset */ + if (data_offset && (keyslots_size + get_min_offset(hdr)) > data_offset) { + keyslots_size = data_offset - get_min_offset(hdr); + log_dbg(cd, "Decreasing keyslot area size to %" PRIu64 + " bytes due to the requested data offset %" + PRIu64 " bytes.", keyslots_size, data_offset); + } + + /* Data offset has priority */ + if (!data_offset && required_alignment) { + data_offset = size_round_up(get_min_offset(hdr) + keyslots_size, + (size_t)required_alignment); + data_offset += align_offset; + } + + log_dbg(cd, "Formatting LUKS2 with JSON metadata area %" PRIu64 + " bytes and keyslots area %" PRIu64 " bytes.", + metadata_size - LUKS2_HDR_BIN_LEN, keyslots_size); + + if (keyslots_size < (LUKS2_HDR_OFFSET_MAX - 2*LUKS2_HDR_16K_LEN)) + log_std(cd, _("WARNING: keyslots area (%" PRIu64 " bytes) is very small," + " available LUKS2 keyslot count is very limited.\n"), + keyslots_size); + + hdr->seqid = 1; + hdr->version = 2; + memset(hdr->label, 0, LUKS2_LABEL_L); + strcpy(hdr->checksum_alg, "sha256"); + crypt_random_get(cd, (char*)hdr->salt1, LUKS2_SALT_L, CRYPT_RND_SALT); + crypt_random_get(cd, (char*)hdr->salt2, LUKS2_SALT_L, CRYPT_RND_SALT); + + if (uuid && uuid_parse(uuid, partitionUuid) == -1) { + log_err(cd, _("Wrong LUKS UUID format provided.")); + return -EINVAL; + } + if (!uuid) + uuid_generate(partitionUuid); + + uuid_unparse(partitionUuid, hdr->uuid); + + if (*cipherMode != '\0') + snprintf(cipher, sizeof(cipher), "%s-%s", cipherName, cipherMode); + else + snprintf(cipher, sizeof(cipher), "%s", cipherName); + + hdr->jobj = json_object_new_object(); + + jobj_keyslots = json_object_new_object(); + json_object_object_add(hdr->jobj, "keyslots", jobj_keyslots); + json_object_object_add(hdr->jobj, "tokens", json_object_new_object()); + jobj_segments = json_object_new_object(); + json_object_object_add(hdr->jobj, "segments", jobj_segments); + json_object_object_add(hdr->jobj, "digests", json_object_new_object()); + jobj_config = json_object_new_object(); + json_object_object_add(hdr->jobj, "config", jobj_config); + + digest = LUKS2_digest_create(cd, "pbkdf2", hdr, vk); + if (digest < 0) + goto err; + + if (LUKS2_digest_segment_assign(cd, hdr, 0, digest, 1, 0) < 0) + goto err; + + jobj_segment = json_segment_create_crypt(data_offset, 0, NULL, cipher, sector_size, 0); + if (!jobj_segment) + goto err; + + if (integrity) { + jobj_integrity = json_object_new_object(); + json_object_object_add(jobj_integrity, "type", json_object_new_string(integrity)); + json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string("none")); + json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string("none")); + json_object_object_add(jobj_segment, "integrity", jobj_integrity); + } + + json_object_object_add_by_uint(jobj_segments, 0, jobj_segment); + + json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN)); + json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size)); + + JSON_DBG(cd, hdr->jobj, "Header JSON:"); + return 0; +err: + json_object_put(hdr->jobj); + hdr->jobj = NULL; + return -EINVAL; +} + +int LUKS2_wipe_header_areas(struct crypt_device *cd, + struct luks2_hdr *hdr) +{ + int r; + uint64_t offset, length; + size_t wipe_block; + + /* Wipe complete header, keyslots and padding areas with zeroes. */ + offset = 0; + length = LUKS2_get_data_offset(hdr) * SECTOR_SIZE; + wipe_block = 1024 * 1024; + + if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN)) + return -EINVAL; + + /* On detached header wipe at least the first 4k */ + if (length == 0) { + length = 4096; + wipe_block = 4096; + } + + log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.", + offset, length + offset); + + r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, + offset, length, wipe_block, NULL, NULL); + if (r < 0) + return r; + + /* Wipe keyslot area */ + wipe_block = 1024 * 1024; + offset = get_min_offset(hdr); + length = LUKS2_keyslots_size(hdr->jobj); + + log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.", + offset, length + offset); + + return crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_RANDOM, + offset, length, wipe_block, NULL, NULL); +} + +/* FIXME: what if user wanted to keep original keyslots size? */ +int LUKS2_set_keyslots_size(struct crypt_device *cd, + struct luks2_hdr *hdr, + uint64_t data_offset) +{ + json_object *jobj_config; + uint64_t keyslots_size; + + if (data_offset < get_min_offset(hdr)) + return 1; + + keyslots_size = data_offset - get_min_offset(hdr); + + /* keep keyslots_size reasonable for custom data alignments */ + if (keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE) + keyslots_size = LUKS2_MAX_KEYSLOTS_SIZE; + + /* keyslots size has to be 4 KiB aligned */ + keyslots_size -= (keyslots_size % 4096); + + if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config)) + return 1; + + json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size)); + return 0; +} diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c new file mode 100644 index 0000000..e346067 --- /dev/null +++ b/lib/luks2/luks2_json_metadata.c @@ -0,0 +1,2414 @@ +/* + * LUKS - Linux Unified Key Setup v2 + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * Copyright (C) 2015-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" +#include "../integrity/integrity.h" +#include +#include +#include + +#define LUKS_STRIPES 4000 + +struct interval { + uint64_t offset; + uint64_t length; +}; + +void hexprint_base64(struct crypt_device *cd, json_object *jobj, + const char *sep, const char *line_sep) +{ + char *buf = NULL; + size_t buf_len; + unsigned int i; + + if (!base64_decode_alloc(json_object_get_string(jobj), + json_object_get_string_len(jobj), + &buf, &buf_len)) + return; + + for (i = 0; i < buf_len; i++) { + if (i && !(i % 16)) + log_std(cd, "\n\t%s", line_sep); + log_std(cd, "%02hhx%s", buf[i], sep); + } + log_std(cd, "\n"); + free(buf); +} + +void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc) +{ + if (desc) + crypt_log(cd, CRYPT_LOG_DEBUG_JSON, desc); + crypt_log(cd, CRYPT_LOG_DEBUG_JSON, json_object_to_json_string_ext(jobj, + JSON_C_TO_STRING_PRETTY | JSON_C_TO_STRING_NOSLASHESCAPE)); +} + +/* + * JSON array helpers + */ +struct json_object *LUKS2_array_jobj(struct json_object *array, const char *num) +{ + struct json_object *jobj1; + int i; + + for (i = 0; i < (int) json_object_array_length(array); i++) { + jobj1 = json_object_array_get_idx(array, i); + if (!strcmp(num, json_object_get_string(jobj1))) + return jobj1; + } + + return NULL; +} + +struct json_object *LUKS2_array_remove(struct json_object *array, const char *num) +{ + struct json_object *jobj1, *jobj_removing = NULL, *array_new; + int i; + + jobj_removing = LUKS2_array_jobj(array, num); + if (!jobj_removing) + return NULL; + + /* Create new array without jobj_removing. */ + array_new = json_object_new_array(); + for (i = 0; i < (int) json_object_array_length(array); i++) { + jobj1 = json_object_array_get_idx(array, i); + if (jobj1 != jobj_removing) + json_object_array_add(array_new, json_object_get(jobj1)); + } + + return array_new; +} + +/* + * JSON struct access helpers + */ +json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot) +{ + json_object *jobj1, *jobj2; + char keyslot_name[16]; + + if (!hdr || keyslot < 0) + return NULL; + + if (snprintf(keyslot_name, sizeof(keyslot_name), "%u", keyslot) < 1) + return NULL; + + if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj1)) + return NULL; + + if (!json_object_object_get_ex(jobj1, keyslot_name, &jobj2)) + return NULL; + + return jobj2; +} + +json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr) +{ + json_object *jobj_tokens; + + if (!hdr || !json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens)) + return NULL; + + return jobj_tokens; +} + +json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token) +{ + json_object *jobj1, *jobj2; + char token_name[16]; + + if (!hdr || token < 0) + return NULL; + + jobj1 = LUKS2_get_tokens_jobj(hdr); + if (!jobj1) + return NULL; + + if (snprintf(token_name, sizeof(token_name), "%u", token) < 1) + return NULL; + + json_object_object_get_ex(jobj1, token_name, &jobj2); + return jobj2; +} + +json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest) +{ + json_object *jobj1, *jobj2; + char digest_name[16]; + + if (!hdr || digest < 0) + return NULL; + + if (snprintf(digest_name, sizeof(digest_name), "%u", digest) < 1) + return NULL; + + if (!json_object_object_get_ex(hdr->jobj, "digests", &jobj1)) + return NULL; + + json_object_object_get_ex(jobj1, digest_name, &jobj2); + return jobj2; +} + +static json_object *json_get_segments_jobj(json_object *hdr_jobj) +{ + json_object *jobj_segments; + + if (!hdr_jobj || !json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) + return NULL; + + return jobj_segments; +} + +json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment) +{ + if (!hdr) + return NULL; + + if (segment == CRYPT_DEFAULT_SEGMENT) + segment = LUKS2_get_default_segment(hdr); + + return json_segments_get_segment(json_get_segments_jobj(hdr->jobj), segment); +} + +json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr) +{ + return hdr ? json_get_segments_jobj(hdr->jobj) : NULL; +} + +int LUKS2_segments_count(struct luks2_hdr *hdr) +{ + if (!hdr) + return -EINVAL; + + return json_segments_count(LUKS2_get_segments_jobj(hdr)); +} + +int LUKS2_get_default_segment(struct luks2_hdr *hdr) +{ + int s = LUKS2_get_segment_id_by_flag(hdr, "backup-final"); + if (s >= 0) + return s; + + if (LUKS2_segments_count(hdr) == 1) + return 0; + + return -EINVAL; +} + +/* + * json_type_int needs to be validated first. + * See validate_json_uint32() + */ +uint32_t crypt_jobj_get_uint32(json_object *jobj) +{ + return json_object_get_int64(jobj); +} + +/* jobj has to be json_type_string and numbered */ +static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value) +{ + char *endptr; + unsigned long long tmp; + + errno = 0; + tmp = strtoull(json_object_get_string(jobj), &endptr, 10); + if (*endptr || errno) { + *value = 0; + return 0; + } + + *value = tmp; + return 1; +} + +uint64_t crypt_jobj_get_uint64(json_object *jobj) +{ + uint64_t r; + json_str_to_uint64(jobj, &r); + return r; +} + +json_object *crypt_jobj_new_uint64(uint64_t value) +{ + /* 18446744073709551615 */ + char num[21]; + int r; + json_object *jobj; + + r = snprintf(num, sizeof(num), "%" PRIu64, value); + if (r < 0 || (size_t)r >= sizeof(num)) + return NULL; + + jobj = json_object_new_string(num); + return jobj; +} + +/* + * Validate helpers + */ +static json_bool numbered(struct crypt_device *cd, const char *name, const char *key) +{ + int i; + + for (i = 0; key[i]; i++) + if (!isdigit(key[i])) { + log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key); + return 0; + } + return 1; +} + +json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name, + const char *section, const char *key, json_type type) +{ + json_object *sobj; + + if (!json_object_object_get_ex(jobj, key, &sobj) || + !json_object_is_type(sobj, type)) { + log_dbg(cd, "%s \"%s\" is missing \"%s\" (%s) specification.", + section, name, key, json_type_to_name(type)); + return NULL; + } + + return sobj; +} + +json_bool validate_json_uint32(json_object *jobj) +{ + int64_t tmp; + + errno = 0; + tmp = json_object_get_int64(jobj); + + return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1; +} + +static json_bool validate_keyslots_array(struct crypt_device *cd, + json_object *jarr, json_object *jobj_keys) +{ + json_object *jobj; + int i = 0, length = (int) json_object_array_length(jarr); + + while (i < length) { + jobj = json_object_array_get_idx(jarr, i); + if (!json_object_is_type(jobj, json_type_string)) { + log_dbg(cd, "Illegal value type in keyslots array at index %d.", i); + return 0; + } + + if (!json_contains(cd, jobj_keys, "", "Keyslots section", + json_object_get_string(jobj), json_type_object)) + return 0; + + i++; + } + + return 1; +} + +static json_bool validate_segments_array(struct crypt_device *cd, + json_object *jarr, json_object *jobj_segments) +{ + json_object *jobj; + int i = 0, length = (int) json_object_array_length(jarr); + + while (i < length) { + jobj = json_object_array_get_idx(jarr, i); + if (!json_object_is_type(jobj, json_type_string)) { + log_dbg(cd, "Illegal value type in segments array at index %d.", i); + return 0; + } + + if (!json_contains(cd, jobj_segments, "", "Segments section", + json_object_get_string(jobj), json_type_object)) + return 0; + + i++; + } + + return 1; +} + +static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests) +{ + json_object *jobj_segments; + + json_object_object_foreach(jobj_digests, key, val) { + UNUSED(key); + json_object_object_get_ex(val, "segments", &jobj_segments); + if (LUKS2_array_jobj(jobj_segments, segment_name)) + return 1; + } + + return 0; +} + +static json_bool validate_intervals(struct crypt_device *cd, + int length, const struct interval *ix, + uint64_t metadata_size, uint64_t keyslots_area_end) +{ + int j, i = 0; + + while (i < length) { + if (ix[i].offset < 2 * metadata_size) { + log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset); + return 0; + } + + if (!ix[i].length) { + log_dbg(cd, "Area length must be greater than zero."); + return 0; + } + + if ((ix[i].offset + ix[i].length) > keyslots_area_end) { + log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").", + ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end); + return 0; + } + + for (j = 0; j < length; j++) { + if (i == j) + continue; + if ((ix[i].offset >= ix[j].offset) && (ix[i].offset < (ix[j].offset + ix[j].length))) { + log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].", + ix[i].offset, ix[i].offset + ix[i].length, + ix[j].offset, ix[j].offset + ix[j].length); + return 0; + } + } + + i++; + } + + return 1; +} + +static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key) +{ + json_object *jobj_key_size; + + if (!json_contains(cd, hdr_keyslot, key, "Keyslot", "type", json_type_string)) + return 1; + if (!(jobj_key_size = json_contains(cd, hdr_keyslot, key, "Keyslot", "key_size", json_type_int))) + return 1; + + /* enforce uint32_t type */ + if (!validate_json_uint32(jobj_key_size)) { + log_dbg(cd, "Illegal field \"key_size\":%s.", + json_object_get_string(jobj_key_size)); + return 1; + } + + return 0; +} + +int LUKS2_token_validate(struct crypt_device *cd, + json_object *hdr_jobj, json_object *jobj_token, const char *key) +{ + json_object *jarr, *jobj_keyslots; + + /* keyslots are not yet validated, but we need to know token doesn't reference missing keyslot */ + if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots)) + return 1; + + if (!json_contains(cd, jobj_token, key, "Token", "type", json_type_string)) + return 1; + + jarr = json_contains(cd, jobj_token, key, "Token", "keyslots", json_type_array); + if (!jarr) + return 1; + + if (!validate_keyslots_array(cd, jarr, jobj_keyslots)) + return 1; + + return 0; +} + +static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj, uint64_t hdr_json_size) +{ + json_object *jobj, *jobj1; + const char *json; + uint64_t json_area_size, json_size; + + json_object_object_get_ex(hdr_jobj, "config", &jobj); + json_object_object_get_ex(jobj, "json_size", &jobj1); + + json = json_object_to_json_string_ext(hdr_jobj, + JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); + json_area_size = crypt_jobj_get_uint64(jobj1); + json_size = (uint64_t)strlen(json); + + if (hdr_json_size != json_area_size) { + log_dbg(cd, "JSON area size does not match value in binary header."); + return 1; + } + + if (json_size > json_area_size) { + log_dbg(cd, "JSON does not fit in the designated area."); + return 1; + } + + return 0; +} + +int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr) +{ + return hdr_validate_json_size(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN); +} + +static int hdr_validate_keyslots(struct crypt_device *cd, json_object *hdr_jobj) +{ + json_object *jobj; + + if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj)) { + log_dbg(cd, "Missing keyslots section."); + return 1; + } + + json_object_object_foreach(jobj, key, val) { + if (!numbered(cd, "Keyslot", key)) + return 1; + if (LUKS2_keyslot_validate(cd, hdr_jobj, val, key)) + return 1; + } + + return 0; +} + +static int hdr_validate_tokens(struct crypt_device *cd, json_object *hdr_jobj) +{ + json_object *jobj; + + if (!json_object_object_get_ex(hdr_jobj, "tokens", &jobj)) { + log_dbg(cd, "Missing tokens section."); + return 1; + } + + json_object_object_foreach(jobj, key, val) { + if (!numbered(cd, "Token", key)) + return 1; + if (LUKS2_token_validate(cd, hdr_jobj, val, key)) + return 1; + } + + return 0; +} + +static int hdr_validate_crypt_segment(struct crypt_device *cd, + json_object *jobj, const char *key, json_object *jobj_digests, + uint64_t offset, uint64_t size) +{ + json_object *jobj_ivoffset, *jobj_sector_size, *jobj_integrity; + uint32_t sector_size; + uint64_t ivoffset; + + if (!(jobj_ivoffset = json_contains(cd, jobj, key, "Segment", "iv_tweak", json_type_string)) || + !json_contains(cd, jobj, key, "Segment", "encryption", json_type_string) || + !(jobj_sector_size = json_contains(cd, jobj, key, "Segment", "sector_size", json_type_int))) + return 1; + + /* integrity */ + if (json_object_object_get_ex(jobj, "integrity", &jobj_integrity)) { + if (!json_contains(cd, jobj, key, "Segment", "integrity", json_type_object) || + !json_contains(cd, jobj_integrity, key, "Segment integrity", "type", json_type_string) || + !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) || + !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string)) + return 1; + } + + /* enforce uint32_t type */ + if (!validate_json_uint32(jobj_sector_size)) { + log_dbg(cd, "Illegal field \"sector_size\":%s.", + json_object_get_string(jobj_sector_size)); + return 1; + } + + sector_size = crypt_jobj_get_uint32(jobj_sector_size); + if (!sector_size || MISALIGNED_512(sector_size)) { + log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size); + return 1; + } + + if (!numbered(cd, "iv_tweak", json_object_get_string(jobj_ivoffset)) || + !json_str_to_uint64(jobj_ivoffset, &ivoffset)) { + log_dbg(cd, "Illegal iv_tweak value."); + return 1; + } + + if (size % sector_size) { + log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, sector_size); + return 1; + } + + return !segment_has_digest(key, jobj_digests); +} + +static bool validate_segment_intervals(struct crypt_device *cd, + int length, const struct interval *ix) +{ + int j, i = 0; + + while (i < length) { + if (ix[i].length == UINT64_MAX && (i != (length - 1))) { + log_dbg(cd, "Only last regular segment is allowed to have 'dynamic' size."); + return false; + } + + for (j = 0; j < length; j++) { + if (i == j) + continue; + if ((ix[i].offset >= ix[j].offset) && (ix[j].length == UINT64_MAX || (ix[i].offset < (ix[j].offset + ix[j].length)))) { + log_dbg(cd, "Overlapping segments [%" PRIu64 ",%" PRIu64 "]%s and [%" PRIu64 ",%" PRIu64 "]%s.", + ix[i].offset, ix[i].offset + ix[i].length, ix[i].length == UINT64_MAX ? "(dynamic)" : "", + ix[j].offset, ix[j].offset + ix[j].length, ix[j].length == UINT64_MAX ? "(dynamic)" : ""); + return false; + } + } + + i++; + } + + return true; +} + +static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) +{ + json_object *jobj_segments, *jobj_digests, *jobj_offset, *jobj_size, *jobj_type, *jobj_flags, *jobj; + struct interval *intervals; + uint64_t offset, size; + int i, r, count, first_backup = -1; + + if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) { + log_dbg(cd, "Missing segments section."); + return 1; + } + + count = json_object_object_length(jobj_segments); + if (count < 1) { + log_dbg(cd, "Empty segments section."); + return 1; + } + + /* digests should already be validated */ + if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj_digests)) + return 1; + + json_object_object_foreach(jobj_segments, key, val) { + if (!numbered(cd, "Segment", key)) + return 1; + + /* those fields are mandatory for all segment types */ + if (!(jobj_type = json_contains(cd, val, key, "Segment", "type", json_type_string)) || + !(jobj_offset = json_contains(cd, val, key, "Segment", "offset", json_type_string)) || + !(jobj_size = json_contains(cd, val, key, "Segment", "size", json_type_string))) + return 1; + + if (!numbered(cd, "offset", json_object_get_string(jobj_offset)) || + !json_str_to_uint64(jobj_offset, &offset)) + return 1; + + /* size "dynamic" means whole device starting at 'offset' */ + if (strcmp(json_object_get_string(jobj_size), "dynamic")) { + if (!numbered(cd, "size", json_object_get_string(jobj_size)) || + !json_str_to_uint64(jobj_size, &size) || !size) + return 1; + } else + size = 0; + + /* all device-mapper devices are aligned to 512 sector size */ + if (MISALIGNED_512(offset)) { + log_dbg(cd, "Offset field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE); + return 1; + } + if (MISALIGNED_512(size)) { + log_dbg(cd, "Size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE); + return 1; + } + + /* flags array is optional and must contain strings */ + if (json_object_object_get_ex(val, "flags", NULL)) { + if (!(jobj_flags = json_contains(cd, val, key, "Segment", "flags", json_type_array))) + return 1; + for (i = 0; i < (int) json_object_array_length(jobj_flags); i++) + if (!json_object_is_type(json_object_array_get_idx(jobj_flags, i), json_type_string)) + return 1; + } + + i = atoi(key); + if (json_segment_is_backup(val)) { + if (first_backup < 0 || i < first_backup) + first_backup = i; + } else { + if ((first_backup >= 0) && i >= first_backup) { + log_dbg(cd, "Regular segment at %d is behind backup segment at %d", i, first_backup); + return 1; + } + } + + /* crypt */ + if (!strcmp(json_object_get_string(jobj_type), "crypt") && + hdr_validate_crypt_segment(cd, val, key, jobj_digests, offset, size)) + return 1; + } + + if (first_backup == 0) { + log_dbg(cd, "No regular segment."); + return 1; + } + + if (first_backup < 0) + first_backup = count; + + intervals = malloc(first_backup * sizeof(*intervals)); + if (!intervals) { + log_dbg(cd, "Not enough memory."); + return 1; + } + + for (i = 0; i < first_backup; i++) { + jobj = json_segments_get_segment(jobj_segments, i); + if (!jobj) { + log_dbg(cd, "Gap at key %d in segments object.", i); + free(intervals); + return 1; + } + intervals[i].offset = json_segment_get_offset(jobj, 0); + intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX; + } + + r = !validate_segment_intervals(cd, first_backup, intervals); + free(intervals); + + if (r) + return 1; + + for (; i < count; i++) { + if (!json_segments_get_segment(jobj_segments, i)) { + log_dbg(cd, "Gap at key %d in segments object.", i); + return 1; + } + } + + return 0; +} + +uint64_t LUKS2_metadata_size(json_object *jobj) +{ + json_object *jobj1, *jobj2; + uint64_t json_size; + + json_object_object_get_ex(jobj, "config", &jobj1); + json_object_object_get_ex(jobj1, "json_size", &jobj2); + json_str_to_uint64(jobj2, &json_size); + + return json_size + LUKS2_HDR_BIN_LEN; +} + +static int hdr_validate_areas(struct crypt_device *cd, json_object *hdr_jobj) +{ + struct interval *intervals; + json_object *jobj_keyslots, *jobj_offset, *jobj_length, *jobj_segments, *jobj_area; + int length, ret, i = 0; + uint64_t metadata_size; + + if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots)) + return 1; + + /* segments are already validated */ + if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) + return 1; + + /* config is already validated */ + metadata_size = LUKS2_metadata_size(hdr_jobj); + + length = json_object_object_length(jobj_keyslots); + + /* Empty section */ + if (length == 0) + return 0; + + if (length < 0) { + log_dbg(cd, "Invalid keyslot areas specification."); + return 1; + } + + intervals = malloc(length * sizeof(*intervals)); + if (!intervals) { + log_dbg(cd, "Not enough memory."); + return -ENOMEM; + } + + json_object_object_foreach(jobj_keyslots, key, val) { + + if (!(jobj_area = json_contains(cd, val, key, "Keyslot", "area", json_type_object)) || + !json_contains(cd, jobj_area, key, "Keyslot area", "type", json_type_string) || + !(jobj_offset = json_contains(cd, jobj_area, key, "Keyslot", "offset", json_type_string)) || + !(jobj_length = json_contains(cd, jobj_area, key, "Keyslot", "size", json_type_string)) || + !numbered(cd, "offset", json_object_get_string(jobj_offset)) || + !numbered(cd, "size", json_object_get_string(jobj_length))) { + free(intervals); + return 1; + } + + /* rule out values > UINT64_MAX */ + if (!json_str_to_uint64(jobj_offset, &intervals[i].offset) || + !json_str_to_uint64(jobj_length, &intervals[i].length)) { + free(intervals); + return 1; + } + + i++; + } + + if (length != i) { + free(intervals); + return 1; + } + + ret = validate_intervals(cd, length, intervals, metadata_size, LUKS2_hdr_and_areas_size(hdr_jobj)) ? 0 : 1; + + free(intervals); + + return ret; +} + +static int hdr_validate_digests(struct crypt_device *cd, json_object *hdr_jobj) +{ + json_object *jarr_keys, *jarr_segs, *jobj, *jobj_keyslots, *jobj_segments; + + if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj)) { + log_dbg(cd, "Missing digests section."); + return 1; + } + + /* keyslots are not yet validated, but we need to know digest doesn't reference missing keyslot */ + if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots)) + return 1; + + /* segments are not yet validated, but we need to know digest doesn't reference missing segment */ + if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) + return 1; + + json_object_object_foreach(jobj, key, val) { + if (!numbered(cd, "Digest", key)) + return 1; + + if (!json_contains(cd, val, key, "Digest", "type", json_type_string) || + !(jarr_keys = json_contains(cd, val, key, "Digest", "keyslots", json_type_array)) || + !(jarr_segs = json_contains(cd, val, key, "Digest", "segments", json_type_array))) + return 1; + + if (!validate_keyslots_array(cd, jarr_keys, jobj_keyslots)) + return 1; + if (!validate_segments_array(cd, jarr_segs, jobj_segments)) + return 1; + } + + return 0; +} + +static int hdr_validate_config(struct crypt_device *cd, json_object *hdr_jobj) +{ + json_object *jobj_config, *jobj, *jobj1; + int i; + uint64_t keyslots_size, metadata_size, segment_offset; + + if (!json_object_object_get_ex(hdr_jobj, "config", &jobj_config)) { + log_dbg(cd, "Missing config section."); + return 1; + } + + if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "json_size", json_type_string)) || + !json_str_to_uint64(jobj, &metadata_size)) + return 1; + + /* single metadata instance is assembled from json area size plus + * binary header size */ + metadata_size += LUKS2_HDR_BIN_LEN; + + if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "keyslots_size", json_type_string)) || + !json_str_to_uint64(jobj, &keyslots_size)) + return 1; + + if (LUKS2_check_metadata_area_size(metadata_size)) { + log_dbg(cd, "Unsupported LUKS2 header size (%" PRIu64 ").", metadata_size); + return 1; + } + + if (LUKS2_check_keyslots_area_size(keyslots_size)) { + log_dbg(cd, "Unsupported LUKS2 keyslots size (%" PRIu64 ").", keyslots_size); + return 1; + } + + /* + * validate keyslots_size fits in between (2 * metadata_size) and first + * segment_offset (except detached header) + */ + segment_offset = json_segments_get_minimal_offset(json_get_segments_jobj(hdr_jobj), 0); + if (segment_offset && + (segment_offset < keyslots_size || + (segment_offset - keyslots_size) < (2 * metadata_size))) { + log_dbg(cd, "keyslots_size is too large %" PRIu64 " (bytes). Data offset: %" PRIu64 + ", keyslots offset: %" PRIu64, keyslots_size, segment_offset, 2 * metadata_size); + return 1; + } + + /* Flags array is optional */ + if (json_object_object_get_ex(jobj_config, "flags", &jobj)) { + if (!json_contains(cd, jobj_config, "section", "Config", "flags", json_type_array)) + return 1; + + /* All array members must be strings */ + for (i = 0; i < (int) json_object_array_length(jobj); i++) + if (!json_object_is_type(json_object_array_get_idx(jobj, i), json_type_string)) + return 1; + } + + /* Requirements object is optional */ + if (json_object_object_get_ex(jobj_config, "requirements", &jobj)) { + if (!json_contains(cd, jobj_config, "section", "Config", "requirements", json_type_object)) + return 1; + + /* Mandatory array is optional */ + if (json_object_object_get_ex(jobj, "mandatory", &jobj1)) { + if (!json_contains(cd, jobj, "section", "Requirements", "mandatory", json_type_array)) + return 1; + + /* All array members must be strings */ + for (i = 0; i < (int) json_object_array_length(jobj1); i++) + if (!json_object_is_type(json_object_array_get_idx(jobj1, i), json_type_string)) + return 1; + } + } + + return 0; +} + +int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size) +{ + struct { + int (*validate)(struct crypt_device *, json_object *); + } checks[] = { + { hdr_validate_tokens }, + { hdr_validate_digests }, + { hdr_validate_segments }, + { hdr_validate_keyslots }, + { hdr_validate_config }, + { hdr_validate_areas }, + { NULL } + }; + int i; + + if (!hdr_jobj) + return 1; + + for (i = 0; checks[i].validate; i++) + if (checks[i].validate && checks[i].validate(cd, hdr_jobj)) + return 1; + + if (hdr_validate_json_size(cd, hdr_jobj, json_size)) + return 1; + + /* validate keyslot implementations */ + if (LUKS2_keyslots_validate(cd, hdr_jobj)) + return 1; + + return 0; +} + +/* FIXME: should we expose do_recovery parameter explicitly? */ +int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair) +{ + int r; + + r = device_read_lock(cd, crypt_metadata_device(cd)); + if (r) { + log_err(cd, _("Failed to acquire read lock on device %s."), + device_path(crypt_metadata_device(cd))); + return r; + } + + r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair); + if (r == -EAGAIN) { + /* unlikely: auto-recovery is required and failed due to read lock being held */ + device_read_unlock(cd, crypt_metadata_device(cd)); + + /* Do not use LUKS2_device_write lock. Recovery. */ + r = device_write_lock(cd, crypt_metadata_device(cd)); + if (r < 0) { + log_err(cd, _("Failed to acquire write lock on device %s."), + device_path(crypt_metadata_device(cd))); + return r; + } + + r = LUKS2_disk_hdr_read(cd, hdr, crypt_metadata_device(cd), 1, !repair); + + device_write_unlock(cd, crypt_metadata_device(cd)); + } else + device_read_unlock(cd, crypt_metadata_device(cd)); + + return r; +} + +static int hdr_cleanup_and_validate(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + LUKS2_digests_erase_unused(cd, hdr); + + return LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN); +} + +int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + if (hdr_cleanup_and_validate(cd, hdr)) + return -EINVAL; + + return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), false); +} + +int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + if (hdr_cleanup_and_validate(cd, hdr)) + return -EINVAL; + + return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), true); +} + +int LUKS2_hdr_uuid(struct crypt_device *cd, struct luks2_hdr *hdr, const char *uuid) +{ + uuid_t partitionUuid; + + if (uuid && uuid_parse(uuid, partitionUuid) == -1) { + log_err(cd, _("Wrong LUKS UUID format provided.")); + return -EINVAL; + } + if (!uuid) + uuid_generate(partitionUuid); + + uuid_unparse(partitionUuid, hdr->uuid); + + return LUKS2_hdr_write(cd, hdr); +} + +int LUKS2_hdr_labels(struct crypt_device *cd, struct luks2_hdr *hdr, + const char *label, const char *subsystem, int commit) +{ + //FIXME: check if the labels are the same and skip this. + + memset(hdr->label, 0, LUKS2_LABEL_L); + if (label) + strncpy(hdr->label, label, LUKS2_LABEL_L-1); + + memset(hdr->subsystem, 0, LUKS2_LABEL_L); + if (subsystem) + strncpy(hdr->subsystem, subsystem, LUKS2_LABEL_L-1); + + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +} + +void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + if (json_object_put(hdr->jobj)) + hdr->jobj = NULL; + else if (hdr->jobj) + log_dbg(cd, "LUKS2 header still in use"); +} + +uint64_t LUKS2_keyslots_size(json_object *jobj) +{ + json_object *jobj1, *jobj2; + uint64_t keyslots_size; + + json_object_object_get_ex(jobj, "config", &jobj1); + json_object_object_get_ex(jobj1, "keyslots_size", &jobj2); + json_str_to_uint64(jobj2, &keyslots_size); + + return keyslots_size; +} + +uint64_t LUKS2_hdr_and_areas_size(json_object *jobj) +{ + return 2 * LUKS2_metadata_size(jobj) + LUKS2_keyslots_size(jobj); +} + +int LUKS2_hdr_backup(struct crypt_device *cd, struct luks2_hdr *hdr, + const char *backup_file) +{ + struct device *device = crypt_metadata_device(cd); + int fd, devfd, r = 0; + ssize_t hdr_size; + ssize_t ret, buffer_size; + char *buffer = NULL; + + hdr_size = LUKS2_hdr_and_areas_size(hdr->jobj); + buffer_size = size_round_up(hdr_size, crypt_getpagesize()); + + buffer = crypt_safe_alloc(buffer_size); + if (!buffer) + return -ENOMEM; + + log_dbg(cd, "Storing backup of header (%zu bytes).", hdr_size); + log_dbg(cd, "Output backup file size: %zu bytes.", buffer_size); + + r = device_read_lock(cd, device); + if (r) { + log_err(cd, _("Failed to acquire read lock on device %s."), + device_path(crypt_metadata_device(cd))); + crypt_safe_free(buffer); + return r; + } + + devfd = device_open_locked(cd, device, O_RDONLY); + if (devfd < 0) { + device_read_unlock(cd, device); + log_err(cd, _("Device %s is not a valid LUKS device."), device_path(device)); + crypt_safe_free(buffer); + return devfd == -1 ? -EINVAL : devfd; + } + + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), buffer, hdr_size, 0) < hdr_size) { + device_read_unlock(cd, device); + crypt_safe_free(buffer); + return -EIO; + } + + device_read_unlock(cd, device); + + fd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR); + if (fd == -1) { + if (errno == EEXIST) + log_err(cd, _("Requested header backup file %s already exists."), backup_file); + else + log_err(cd, _("Cannot create header backup file %s."), backup_file); + crypt_safe_free(buffer); + return -EINVAL; + } + ret = write_buffer(fd, buffer, buffer_size); + close(fd); + if (ret < buffer_size) { + log_err(cd, _("Cannot write header backup file %s."), backup_file); + r = -EIO; + } else + r = 0; + + crypt_safe_free(buffer); + return r; +} + +static int reqs_unknown(uint32_t reqs) +{ + return reqs & CRYPT_REQUIREMENT_UNKNOWN; +} + +static int reqs_reencrypt(uint32_t reqs) +{ + return reqs & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT; +} + +static int reqs_reencrypt_online(uint32_t reqs) +{ + return reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT; +} + +int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr, + const char *backup_file) +{ + struct device *backup_device, *device = crypt_metadata_device(cd); + int r, fd, devfd = -1, diff_uuid = 0; + ssize_t ret, buffer_size = 0; + char *buffer = NULL, msg[1024]; + struct luks2_hdr hdr_file; + struct luks2_hdr tmp_hdr = {}; + uint32_t reqs = 0; + + r = device_alloc(cd, &backup_device, backup_file); + if (r < 0) + return r; + + r = device_read_lock(cd, backup_device); + if (r) { + log_err(cd, _("Failed to acquire read lock on device %s."), + device_path(backup_device)); + device_free(cd, backup_device); + return r; + } + + r = LUKS2_disk_hdr_read(cd, &hdr_file, backup_device, 0, 0); + device_read_unlock(cd, backup_device); + device_free(cd, backup_device); + + if (r < 0) { + log_err(cd, _("Backup file does not contain valid LUKS header.")); + goto out; + } + + /* do not allow header restore from backup with unmet requirements */ + if (LUKS2_unmet_requirements(cd, &hdr_file, CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 1)) { + log_err(cd, _("Forbidden LUKS2 requirements detected in backup %s."), + backup_file); + r = -ETXTBSY; + goto out; + } + + buffer_size = LUKS2_hdr_and_areas_size(hdr_file.jobj); + buffer = crypt_safe_alloc(buffer_size); + if (!buffer) { + r = -ENOMEM; + goto out; + } + + fd = open(backup_file, O_RDONLY); + if (fd == -1) { + log_err(cd, _("Cannot open header backup file %s."), backup_file); + r = -EINVAL; + goto out; + } + + ret = read_buffer(fd, buffer, buffer_size); + close(fd); + if (ret < buffer_size) { + log_err(cd, _("Cannot read header backup file %s."), backup_file); + r = -EIO; + goto out; + } + + r = LUKS2_hdr_read(cd, &tmp_hdr, 0); + if (r == 0) { + log_dbg(cd, "Device %s already contains LUKS2 header, checking UUID and requirements.", device_path(device)); + r = LUKS2_config_get_requirements(cd, &tmp_hdr, &reqs); + if (r) + goto out; + + if (memcmp(tmp_hdr.uuid, hdr_file.uuid, LUKS2_UUID_L)) + diff_uuid = 1; + + if (!reqs_reencrypt(reqs)) { + log_dbg(cd, "Checking LUKS2 header size and offsets."); + if (LUKS2_get_data_offset(&tmp_hdr) != LUKS2_get_data_offset(&hdr_file)) { + log_err(cd, _("Data offset differ on device and backup, restore failed.")); + r = -EINVAL; + goto out; + } + /* FIXME: what could go wrong? Erase if we're fine with consequences */ + if (buffer_size != (ssize_t) LUKS2_hdr_and_areas_size(tmp_hdr.jobj)) { + log_err(cd, _("Binary header with keyslot areas size differ on device and backup, restore failed.")); + r = -EINVAL; + goto out; + } + } + } + + r = snprintf(msg, sizeof(msg), _("Device %s %s%s%s%s"), device_path(device), + r ? _("does not contain LUKS2 header. Replacing header can destroy data on that device.") : + _("already contains LUKS2 header. Replacing header will destroy existing keyslots."), + diff_uuid ? _("\nWARNING: real device header has different UUID than backup!") : "", + reqs_unknown(reqs) ? _("\nWARNING: unknown LUKS2 requirements detected in real device header!" + "\nReplacing header with backup may corrupt the data on that device!") : "", + reqs_reencrypt(reqs) ? _("\nWARNING: Unfinished offline reencryption detected on the device!" + "\nReplacing header with backup may corrupt data.") : ""); + if (r < 0 || (size_t) r >= sizeof(msg)) { + r = -ENOMEM; + goto out; + } + + if (!crypt_confirm(cd, msg)) { + r = -EINVAL; + goto out; + } + + log_dbg(cd, "Storing backup of header (%zu bytes) to device %s.", buffer_size, device_path(device)); + + /* Do not use LUKS2_device_write lock for checking sequence id on restore */ + r = device_write_lock(cd, device); + if (r < 0) { + log_err(cd, _("Failed to acquire write lock on device %s."), + device_path(device)); + goto out; + } + + devfd = device_open_locked(cd, device, O_RDWR); + if (devfd < 0) { + if (errno == EACCES) + log_err(cd, _("Cannot write to device %s, permission denied."), + device_path(device)); + else + log_err(cd, _("Cannot open device %s."), device_path(device)); + device_write_unlock(cd, device); + r = -EINVAL; + goto out; + } + + if (write_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), buffer, buffer_size, 0) < buffer_size) + r = -EIO; + else + r = 0; + + device_write_unlock(cd, device); +out: + LUKS2_hdr_free(cd, hdr); + LUKS2_hdr_free(cd, &hdr_file); + LUKS2_hdr_free(cd, &tmp_hdr); + crypt_safe_memzero(&hdr_file, sizeof(hdr_file)); + crypt_safe_memzero(&tmp_hdr, sizeof(tmp_hdr)); + crypt_safe_free(buffer); + + device_sync(cd, device); + + return r; +} + +/* + * Persistent config flags + */ +static const struct { + uint32_t flag; + const char *description; +} persistent_flags[] = { + { CRYPT_ACTIVATE_ALLOW_DISCARDS, "allow-discards" }, + { CRYPT_ACTIVATE_SAME_CPU_CRYPT, "same-cpu-crypt" }, + { CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS, "submit-from-crypt-cpus" }, + { CRYPT_ACTIVATE_NO_JOURNAL, "no-journal" }, + { 0, NULL } +}; + +int LUKS2_config_get_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *flags) +{ + json_object *jobj1, *jobj_config, *jobj_flags; + int i, j, found; + + if (!hdr || !flags) + return -EINVAL; + + *flags = 0; + + if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config)) + return 0; + + if (!json_object_object_get_ex(jobj_config, "flags", &jobj_flags)) + return 0; + + for (i = 0; i < (int) json_object_array_length(jobj_flags); i++) { + jobj1 = json_object_array_get_idx(jobj_flags, i); + found = 0; + for (j = 0; persistent_flags[j].description && !found; j++) + if (!strcmp(persistent_flags[j].description, + json_object_get_string(jobj1))) { + *flags |= persistent_flags[j].flag; + log_dbg(cd, "Using persistent flag %s.", + json_object_get_string(jobj1)); + found = 1; + } + if (!found) + log_verbose(cd, _("Ignored unknown flag %s."), + json_object_get_string(jobj1)); + } + + return 0; +} + +int LUKS2_config_set_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t flags) +{ + json_object *jobj_config, *jobj_flags; + int i; + + if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config)) + return 0; + + jobj_flags = json_object_new_array(); + + for (i = 0; persistent_flags[i].description; i++) { + if (flags & persistent_flags[i].flag) { + log_dbg(cd, "Setting persistent flag: %s.", persistent_flags[i].description); + json_object_array_add(jobj_flags, + json_object_new_string(persistent_flags[i].description)); + } + } + + /* Replace or add new flags array */ + json_object_object_add(jobj_config, "flags", jobj_flags); + + return LUKS2_hdr_write(cd, hdr); +} + +/* + * json format example (mandatory array must not be ignored, + * all other future fields may be added later) + * + * "requirements": { + * mandatory : [], + * optional0 : [], + * optional1 : "lala" + * } + */ + +/* LUKS2 library requirements */ +static const struct { + uint32_t flag; + const char *description; +} requirements_flags[] = { + { CRYPT_REQUIREMENT_OFFLINE_REENCRYPT, "offline-reencrypt" }, + { CRYPT_REQUIREMENT_ONLINE_REENCRYPT, "online-reencrypt" }, + { 0, NULL } +}; + +static uint32_t get_requirement_by_name(const char *requirement) +{ + int i; + + for (i = 0; requirements_flags[i].description; i++) + if (!strcmp(requirement, requirements_flags[i].description)) + return requirements_flags[i].flag; + + return CRYPT_REQUIREMENT_UNKNOWN; +} + +/* + * returns count of requirements (past cryptsetup 2.0 release) + */ +int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *reqs) +{ + json_object *jobj_config, *jobj_requirements, *jobj_mandatory, *jobj; + int i, len; + uint32_t req; + + assert(hdr); + if (!hdr || !reqs) + return -EINVAL; + + *reqs = 0; + + if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config)) + return 0; + + if (!json_object_object_get_ex(jobj_config, "requirements", &jobj_requirements)) + return 0; + + if (!json_object_object_get_ex(jobj_requirements, "mandatory", &jobj_mandatory)) + return 0; + + len = (int) json_object_array_length(jobj_mandatory); + if (len <= 0) + return 0; + + log_dbg(cd, "LUKS2 requirements detected:"); + + for (i = 0; i < len; i++) { + jobj = json_object_array_get_idx(jobj_mandatory, i); + req = get_requirement_by_name(json_object_get_string(jobj)); + log_dbg(cd, "%s - %sknown", json_object_get_string(jobj), + reqs_unknown(req) ? "un" : ""); + *reqs |= req; + } + + return 0; +} + +int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs, bool commit) +{ + json_object *jobj_config, *jobj_requirements, *jobj_mandatory, *jobj; + int i, r = -EINVAL; + + if (!hdr) + return -EINVAL; + + jobj_mandatory = json_object_new_array(); + if (!jobj_mandatory) + return -ENOMEM; + + for (i = 0; requirements_flags[i].description; i++) { + if (reqs & requirements_flags[i].flag) { + jobj = json_object_new_string(requirements_flags[i].description); + if (!jobj) { + r = -ENOMEM; + goto err; + } + json_object_array_add(jobj_mandatory, jobj); + /* erase processed flag from input set */ + reqs &= ~(requirements_flags[i].flag); + } + } + + /* any remaining bit in requirements is unknown therefore illegal */ + if (reqs) { + log_dbg(cd, "Illegal requirement flag(s) requested"); + goto err; + } + + if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config)) + goto err; + + if (!json_object_object_get_ex(jobj_config, "requirements", &jobj_requirements)) { + jobj_requirements = json_object_new_object(); + if (!jobj_requirements) { + r = -ENOMEM; + goto err; + } + json_object_object_add(jobj_config, "requirements", jobj_requirements); + } + + if (json_object_array_length(jobj_mandatory) > 0) { + /* replace mandatory field with new values */ + json_object_object_add(jobj_requirements, "mandatory", jobj_mandatory); + } else { + /* new mandatory field was empty, delete old one */ + json_object_object_del(jobj_requirements, "mandatory"); + json_object_put(jobj_mandatory); + } + + /* remove empty requirements object */ + if (!json_object_object_length(jobj_requirements)) + json_object_object_del(jobj_config, "requirements"); + + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +err: + json_object_put(jobj_mandatory); + return r; +} + +/* + * Header dump + */ +static void hdr_dump_config(struct crypt_device *cd, json_object *hdr_jobj) +{ + + json_object *jobj1, *jobj_config, *jobj_flags, *jobj_requirements, *jobj_mandatory; + int i = 0, flags = 0, reqs = 0; + + log_std(cd, "Flags: \t"); + + if (json_object_object_get_ex(hdr_jobj, "config", &jobj_config)) { + if (json_object_object_get_ex(jobj_config, "flags", &jobj_flags)) + flags = (int) json_object_array_length(jobj_flags); + if (json_object_object_get_ex(jobj_config, "requirements", &jobj_requirements) && + json_object_object_get_ex(jobj_requirements, "mandatory", &jobj_mandatory)) + reqs = (int) json_object_array_length(jobj_mandatory); + } + + for (i = 0; i < flags; i++) { + jobj1 = json_object_array_get_idx(jobj_flags, i); + log_std(cd, "%s ", json_object_get_string(jobj1)); + } + + log_std(cd, "%s\n%s", flags > 0 ? "" : "(no flags)", reqs > 0 ? "" : "\n"); + + if (reqs > 0) { + log_std(cd, "Requirements:\t"); + for (i = 0; i < reqs; i++) { + jobj1 = json_object_array_get_idx(jobj_mandatory, i); + log_std(cd, "%s ", json_object_get_string(jobj1)); + } + log_std(cd, "\n\n"); + } +} + +static const char *get_priority_desc(json_object *jobj) +{ + crypt_keyslot_priority priority; + json_object *jobj_priority; + const char *text; + + if (json_object_object_get_ex(jobj, "priority", &jobj_priority)) + priority = (crypt_keyslot_priority)(int)json_object_get_int(jobj_priority); + else + priority = CRYPT_SLOT_PRIORITY_NORMAL; + + switch (priority) { + case CRYPT_SLOT_PRIORITY_IGNORE: text = "ignored"; break; + case CRYPT_SLOT_PRIORITY_PREFER: text = "preferred"; break; + case CRYPT_SLOT_PRIORITY_NORMAL: text = "normal"; break; + default: text = "invalid"; + } + + return text; +} + +static void hdr_dump_keyslots(struct crypt_device *cd, json_object *hdr_jobj) +{ + char slot[16]; + json_object *keyslots_jobj, *digests_jobj, *jobj2, *jobj3, *val; + const char *tmps; + int i, j, r; + + log_std(cd, "Keyslots:\n"); + json_object_object_get_ex(hdr_jobj, "keyslots", &keyslots_jobj); + + for (j = 0; j < LUKS2_KEYSLOTS_MAX; j++) { + (void) snprintf(slot, sizeof(slot), "%i", j); + json_object_object_get_ex(keyslots_jobj, slot, &val); + if (!val) + continue; + + json_object_object_get_ex(val, "type", &jobj2); + tmps = json_object_get_string(jobj2); + + r = LUKS2_keyslot_for_segment(crypt_get_hdr(cd, CRYPT_LUKS2), j, CRYPT_ONE_SEGMENT); + log_std(cd, " %s: %s%s\n", slot, tmps, r == -ENOENT ? " (unbound)" : ""); + + if (json_object_object_get_ex(val, "key_size", &jobj2)) + log_std(cd, "\tKey: %u bits\n", crypt_jobj_get_uint32(jobj2) * 8); + + log_std(cd, "\tPriority: %s\n", get_priority_desc(val)); + + LUKS2_keyslot_dump(cd, j); + + json_object_object_get_ex(hdr_jobj, "digests", &digests_jobj); + json_object_object_foreach(digests_jobj, key2, val2) { + json_object_object_get_ex(val2, "keyslots", &jobj2); + for (i = 0; i < (int) json_object_array_length(jobj2); i++) { + jobj3 = json_object_array_get_idx(jobj2, i); + if (!strcmp(slot, json_object_get_string(jobj3))) { + log_std(cd, "\tDigest ID: %s\n", key2); + } + } + } + } +} + +static void hdr_dump_tokens(struct crypt_device *cd, json_object *hdr_jobj) +{ + char token[16]; + json_object *tokens_jobj, *jobj2, *jobj3, *val; + const char *tmps; + int i, j; + + log_std(cd, "Tokens:\n"); + json_object_object_get_ex(hdr_jobj, "tokens", &tokens_jobj); + + for (j = 0; j < LUKS2_TOKENS_MAX; j++) { + (void) snprintf(token, sizeof(token), "%i", j); + json_object_object_get_ex(tokens_jobj, token, &val); + if (!val) + continue; + + json_object_object_get_ex(val, "type", &jobj2); + tmps = json_object_get_string(jobj2); + log_std(cd, " %s: %s\n", token, tmps); + + LUKS2_token_dump(cd, j); + + json_object_object_get_ex(val, "keyslots", &jobj2); + for (i = 0; i < (int) json_object_array_length(jobj2); i++) { + jobj3 = json_object_array_get_idx(jobj2, i); + log_std(cd, "\tKeyslot: %s\n", json_object_get_string(jobj3)); + } + } +} + +static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj) +{ + char segment[16]; + json_object *jobj_segments, *jobj_segment, *jobj1, *jobj2; + int i, j, flags; + uint64_t value; + + log_std(cd, "Data segments:\n"); + json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments); + + for (i = 0; i < LUKS2_SEGMENT_MAX; i++) { + (void) snprintf(segment, sizeof(segment), "%i", i); + if (!json_object_object_get_ex(jobj_segments, segment, &jobj_segment)) + continue; + + json_object_object_get_ex(jobj_segment, "type", &jobj1); + log_std(cd, " %s: %s\n", segment, json_object_get_string(jobj1)); + + json_object_object_get_ex(jobj_segment, "offset", &jobj1); + json_str_to_uint64(jobj1, &value); + log_std(cd, "\toffset: %" PRIu64 " [bytes]\n", value); + + json_object_object_get_ex(jobj_segment, "size", &jobj1); + if (!(strcmp(json_object_get_string(jobj1), "dynamic"))) + log_std(cd, "\tlength: (whole device)\n"); + else { + json_str_to_uint64(jobj1, &value); + log_std(cd, "\tlength: %" PRIu64 " [bytes]\n", value); + } + + if (json_object_object_get_ex(jobj_segment, "encryption", &jobj1)) + log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1)); + + if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1)) + log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1)); + + if (json_object_object_get_ex(jobj_segment, "integrity", &jobj1) && + json_object_object_get_ex(jobj1, "type", &jobj2)) + log_std(cd, "\tintegrity: %s\n", json_object_get_string(jobj2)); + + if (json_object_object_get_ex(jobj_segment, "flags", &jobj1) && + (flags = (int)json_object_array_length(jobj1)) > 0) { + jobj2 = json_object_array_get_idx(jobj1, 0); + log_std(cd, "\tflags : %s", json_object_get_string(jobj2)); + for (j = 1; j < flags; j++) { + jobj2 = json_object_array_get_idx(jobj1, j); + log_std(cd, ", %s", json_object_get_string(jobj2)); + } + log_std(cd, "\n"); + } + + log_std(cd, "\n"); + } +} + +static void hdr_dump_digests(struct crypt_device *cd, json_object *hdr_jobj) +{ + char key[16]; + json_object *jobj1, *jobj2, *val; + const char *tmps; + int i; + + log_std(cd, "Digests:\n"); + json_object_object_get_ex(hdr_jobj, "digests", &jobj1); + + for (i = 0; i < LUKS2_DIGEST_MAX; i++) { + (void) snprintf(key, sizeof(key), "%i", i); + json_object_object_get_ex(jobj1, key, &val); + if (!val) + continue; + + json_object_object_get_ex(val, "type", &jobj2); + tmps = json_object_get_string(jobj2); + log_std(cd, " %s: %s\n", key, tmps); + + LUKS2_digest_dump(cd, i); + } +} + +int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr) +{ + if (!hdr->jobj) + return -EINVAL; + + JSON_DBG(cd, hdr->jobj, NULL); + + log_std(cd, "LUKS header information\n"); + log_std(cd, "Version: \t%u\n", hdr->version); + log_std(cd, "Epoch: \t%" PRIu64 "\n", hdr->seqid); + log_std(cd, "Metadata area: \t%" PRIu64 " [bytes]\n", LUKS2_metadata_size(hdr->jobj)); + log_std(cd, "Keyslots area: \t%" PRIu64 " [bytes]\n", LUKS2_keyslots_size(hdr->jobj)); + log_std(cd, "UUID: \t%s\n", *hdr->uuid ? hdr->uuid : "(no UUID)"); + log_std(cd, "Label: \t%s\n", *hdr->label ? hdr->label : "(no label)"); + log_std(cd, "Subsystem: \t%s\n", *hdr->subsystem ? hdr->subsystem : "(no subsystem)"); + + hdr_dump_config(cd, hdr->jobj); + hdr_dump_segments(cd, hdr->jobj); + hdr_dump_keyslots(cd, hdr->jobj); + hdr_dump_tokens(cd, hdr->jobj); + hdr_dump_digests(cd, hdr->jobj); + + return 0; +} + +int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic) +{ + int sector_size; + json_object *jobj_segments, *jobj_size; + uint64_t tmp = 0; + + if (!size || !json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments)) + return -EINVAL; + + json_object_object_foreach(jobj_segments, key, val) { + UNUSED(key); + if (json_segment_is_backup(val)) + continue; + + json_object_object_get_ex(val, "size", &jobj_size); + if (!strcmp(json_object_get_string(jobj_size), "dynamic")) { + sector_size = json_segment_get_sector_size(val); + /* last dynamic segment must have at least one sector in size */ + if (tmp) + *size = tmp + (sector_size > 0 ? sector_size : SECTOR_SIZE); + else + *size = 0; + if (dynamic) + *dynamic = true; + return 0; + } + + tmp += crypt_jobj_get_uint64(jobj_size); + } + + /* impossible, real device size must not be zero */ + if (!tmp) + return -EINVAL; + + *size = tmp; + if (dynamic) + *dynamic = false; + return 0; +} + +uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr) +{ + crypt_reencrypt_info ri; + json_object *jobj; + + ri = LUKS2_reenc_status(hdr); + if (ri == CRYPT_REENCRYPT_CLEAN || ri == CRYPT_REENCRYPT_CRASH) { + jobj = LUKS2_get_segment_by_flag(hdr, "backup-final"); + if (jobj) + return json_segment_get_offset(jobj, 1); + } + + return json_segments_get_minimal_offset(LUKS2_get_segments_jobj(hdr), 1); +} + +const char *LUKS2_get_cipher(struct luks2_hdr *hdr, int segment) +{ + json_object *jobj_segment; + + if (!hdr) + return NULL; + + if (segment == CRYPT_DEFAULT_SEGMENT) + segment = LUKS2_get_default_segment(hdr); + + jobj_segment = json_segments_get_segment(json_get_segments_jobj(hdr->jobj), segment); + if (!jobj_segment) + return NULL; + + /* FIXME: default encryption (for other segment types) must be string here. */ + return json_segment_get_cipher(jobj_segment) ?: "null"; +} + +crypt_reencrypt_info LUKS2_reenc_status(struct luks2_hdr *hdr) +{ + uint32_t reqs; + + /* + * Any unknown requirement or offline reencryption should abort + * anything related to online-reencryption handling + */ + if (LUKS2_config_get_requirements(NULL, hdr, &reqs)) + return CRYPT_REENCRYPT_INVALID; + + if (!reqs_reencrypt_online(reqs)) + return CRYPT_REENCRYPT_NONE; + + if (json_segments_segment_in_reencrypt(LUKS2_get_segments_jobj(hdr)) < 0) + return CRYPT_REENCRYPT_CLEAN; + + return CRYPT_REENCRYPT_CRASH; +} + +const char *LUKS2_get_keyslot_cipher(struct luks2_hdr *hdr, int keyslot, size_t *key_size) +{ + json_object *jobj_keyslot, *jobj_area, *jobj1; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return NULL; + + if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return NULL; + + /* currently we only support raw length preserving area encryption */ + json_object_object_get_ex(jobj_area, "type", &jobj1); + if (strcmp(json_object_get_string(jobj1), "raw")) + return NULL; + + if (!json_object_object_get_ex(jobj_area, "key_size", &jobj1)) + return NULL; + *key_size = json_object_get_int(jobj1); + + if (!json_object_object_get_ex(jobj_area, "encryption", &jobj1)) + return NULL; + + return json_object_get_string(jobj1); +} + +const char *LUKS2_get_integrity(struct luks2_hdr *hdr, int segment) +{ + json_object *jobj1, *jobj2, *jobj3; + + jobj1 = LUKS2_get_segment_jobj(hdr, segment); + if (!jobj1) + return NULL; + + if (!json_object_object_get_ex(jobj1, "integrity", &jobj2)) + return NULL; + + if (!json_object_object_get_ex(jobj2, "type", &jobj3)) + return NULL; + + return json_object_get_string(jobj3); +} + +/* FIXME: this only ensures that once we have journal encryption, it is not ignored. */ +/* implement segment count and type restrictions (crypt and only single crypt) */ +static int LUKS2_integrity_compatible(struct luks2_hdr *hdr) +{ + json_object *jobj1, *jobj2, *jobj3, *jobj4; + const char *str; + + if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj1)) + return 0; + + if (!(jobj2 = LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT))) + return 0; + + if (!json_object_object_get_ex(jobj2, "integrity", &jobj3)) + return 0; + + if (!json_object_object_get_ex(jobj3, "journal_encryption", &jobj4) || + !(str = json_object_get_string(jobj4)) || + strcmp(str, "none")) + return 0; + + if (!json_object_object_get_ex(jobj3, "journal_integrity", &jobj4) || + !(str = json_object_get_string(jobj4)) || + strcmp(str, "none")) + return 0; + + return 1; +} + +static int LUKS2_keyslot_get_volume_key_size(struct luks2_hdr *hdr, const char *keyslot) +{ + json_object *jobj1, *jobj2, *jobj3; + + if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj1)) + return -1; + + if (!json_object_object_get_ex(jobj1, keyslot, &jobj2)) + return -1; + + if (!json_object_object_get_ex(jobj2, "key_size", &jobj3)) + return -1; + + return json_object_get_int(jobj3); +} + +/* Key size used for encryption of keyslot */ +int LUKS2_get_keyslot_stored_key_size(struct luks2_hdr *hdr, int keyslot) +{ + char keyslot_name[16]; + + if (snprintf(keyslot_name, sizeof(keyslot_name), "%u", keyslot) < 1) + return -1; + + return LUKS2_keyslot_get_volume_key_size(hdr, keyslot_name); +} + +int LUKS2_get_volume_key_size(struct luks2_hdr *hdr, int segment) +{ + json_object *jobj_digests, *jobj_digest_segments, *jobj_digest_keyslots, *jobj1; + char buf[16]; + + if (segment == CRYPT_DEFAULT_SEGMENT) + segment = LUKS2_get_default_segment(hdr); + + if (snprintf(buf, sizeof(buf), "%u", segment) < 1) + return -1; + + json_object_object_get_ex(hdr->jobj, "digests", &jobj_digests); + + json_object_object_foreach(jobj_digests, key, val) { + UNUSED(key); + json_object_object_get_ex(val, "segments", &jobj_digest_segments); + json_object_object_get_ex(val, "keyslots", &jobj_digest_keyslots); + + if (!LUKS2_array_jobj(jobj_digest_segments, buf)) + continue; + if (json_object_array_length(jobj_digest_keyslots) <= 0) + continue; + + jobj1 = json_object_array_get_idx(jobj_digest_keyslots, 0); + + return LUKS2_keyslot_get_volume_key_size(hdr, json_object_get_string(jobj1)); + } + + return -1; +} + +int LUKS2_get_sector_size(struct luks2_hdr *hdr) +{ + json_object *jobj_segment; + + jobj_segment = LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT); + if (!jobj_segment) + return SECTOR_SIZE; + + return json_segment_get_sector_size(jobj_segment) ?: SECTOR_SIZE; +} + +int LUKS2_assembly_multisegment_dmd(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct volume_key *vks, + json_object *jobj_segments, + struct crypt_dm_active_device *dmd) +{ + struct volume_key *vk; + json_object *jobj; + enum devcheck device_check; + int r; + unsigned s = 0; + uint64_t data_offset, segment_size, segment_offset, segment_start = 0; + struct dm_target *t = &dmd->segment; + + if (dmd->flags & CRYPT_ACTIVATE_SHARED) + device_check = DEV_OK; + else + device_check = DEV_EXCL; + + data_offset = LUKS2_reencrypt_data_offset(hdr, true); + + r = device_block_adjust(cd, crypt_data_device(cd), device_check, + data_offset, &dmd->size, &dmd->flags); + if (r) + return r; + + r = dm_targets_allocate(&dmd->segment, json_segments_count(jobj_segments)); + if (r) + goto err; + + r = -EINVAL; + + while (t) { + jobj = json_segments_get_segment(jobj_segments, s); + if (!jobj) { + log_dbg(cd, "Internal error. Segment %u is null.", s); + r = -EINVAL; + goto err; + } + + segment_offset = json_segment_get_offset(jobj, 1); + segment_size = json_segment_get_size(jobj, 1); + /* 'dynamic' length allowed in last segment only */ + if (!segment_size && !t->next) + segment_size = dmd->size - segment_start; + if (!segment_size) { + log_dbg(cd, "Internal error. Wrong segment size %u", s); + r = -EINVAL; + goto err; + } + + if (!strcmp(json_segment_type(jobj), "crypt")) { + vk = crypt_volume_key_by_id(vks, LUKS2_digest_by_segment(hdr, s)); + if (!vk) { + log_err(cd, _("Missing key for dm-crypt segment %u"), s); + r = -EINVAL; + goto err; + } + + r = dm_crypt_target_set(t, segment_start, segment_size, + crypt_data_device(cd), vk, + json_segment_get_cipher(jobj), + json_segment_get_iv_offset(jobj), + segment_offset, "none", 0, + json_segment_get_sector_size(jobj)); + if (r) { + log_err(cd, _("Failed to set dm-crypt segment.")); + goto err; + } + } else if (!strcmp(json_segment_type(jobj), "linear")) { + r = dm_linear_target_set(t, segment_start, segment_size, crypt_data_device(cd), segment_offset); + if (r) { + log_err(cd, _("Failed to set dm-linear segment.")); + goto err; + } + } else { + r = -EINVAL; + goto err; + } + + segment_start += segment_size; + t = t->next; + s++; + } + + return r; +err: + dm_targets_free(cd, dmd); + return r; +} + +/* FIXME: This shares almost all code with activate_multi_custom */ +static int _reload_custom_multi(struct crypt_device *cd, + const char *name, + struct volume_key *vks, + json_object *jobj_segments, + uint64_t device_size, + uint32_t flags) +{ + int r; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + struct crypt_dm_active_device dmd = { + .uuid = crypt_get_uuid(cd), + .size = device_size >> SECTOR_SHIFT + }; + + /* do not allow activation when particular requirements detected */ + if ((r = LUKS2_unmet_requirements(cd, hdr, CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0))) + return r; + + /* Add persistent activation flags */ + if (!(flags & CRYPT_ACTIVATE_IGNORE_PERSISTENT)) + LUKS2_config_get_flags(cd, hdr, &dmd.flags); + + dmd.flags |= (flags | CRYPT_ACTIVATE_SHARED); + + r = LUKS2_assembly_multisegment_dmd(cd, hdr, vks, jobj_segments, &dmd); + if (!r) + r = dm_reload_device(cd, name, &dmd, 0, 0); + + dm_targets_free(cd, &dmd); + return r; +} + +int LUKS2_reload(struct crypt_device *cd, + const char *name, + struct volume_key *vks, + uint64_t device_size, + uint32_t flags) +{ + if (crypt_get_integrity_tag_size(cd)) + return -ENOTSUP; + + return _reload_custom_multi(cd, name, vks, + LUKS2_get_segments_jobj(crypt_get_hdr(cd, CRYPT_LUKS2)), device_size, flags); +} + +int LUKS2_activate_multi(struct crypt_device *cd, + const char *name, + struct volume_key *vks, + uint64_t device_size, + uint32_t flags) +{ + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + json_object *jobj_segments = LUKS2_get_segments_jobj(hdr); + int r; + struct crypt_dm_active_device dmd = { + .size = device_size, + .uuid = crypt_get_uuid(cd) + }; + + /* do not allow activation when particular requirements detected */ + if ((r = LUKS2_unmet_requirements(cd, hdr, CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0))) + return r; + + /* Add persistent activation flags */ + if (!(flags & CRYPT_ACTIVATE_IGNORE_PERSISTENT)) + LUKS2_config_get_flags(cd, hdr, &dmd.flags); + + dmd.flags |= flags; + + r = LUKS2_assembly_multisegment_dmd(cd, hdr, vks, jobj_segments, &dmd); + if (!r) + r = dm_create_device(cd, name, CRYPT_LUKS2, &dmd); + + dm_targets_free(cd, &dmd); + return r; +} + +int LUKS2_activate(struct crypt_device *cd, + const char *name, + struct volume_key *vk, + uint32_t flags) +{ + int r; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + struct crypt_dm_active_device dmdi = {}, dmd = { + .uuid = crypt_get_uuid(cd) + }; + + /* do not allow activation when particular requirements detected */ + if ((r = LUKS2_unmet_requirements(cd, hdr, 0, 0))) + return r; + + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), + vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd), + crypt_get_data_offset(cd), crypt_get_integrity(cd) ?: "none", + crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); + if (r < 0) + return r; + + /* Add persistent activation flags */ + if (!(flags & CRYPT_ACTIVATE_IGNORE_PERSISTENT)) + LUKS2_config_get_flags(cd, hdr, &dmd.flags); + + dmd.flags |= flags; + + if (crypt_get_integrity_tag_size(cd)) { + if (!LUKS2_integrity_compatible(hdr)) { + log_err(cd, _("Unsupported device integrity configuration.")); + return -EINVAL; + } + + if (dmd.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) { + log_err(cd, _("Discard/TRIM is not supported.")); + return -EINVAL; + } + + r = INTEGRITY_create_dmd_device(cd, NULL, NULL, NULL, NULL, &dmdi, dmd.flags, 0); + if (r) + return r; + + dmdi.flags |= CRYPT_ACTIVATE_PRIVATE; + dmdi.uuid = dmd.uuid; + dmd.segment.u.crypt.offset = 0; + dmd.segment.size = dmdi.segment.size; + + r = create_or_reload_device_with_integrity(cd, name, CRYPT_LUKS2, &dmd, &dmdi); + } else + r = create_or_reload_device(cd, name, CRYPT_LUKS2, &dmd); + + dm_targets_free(cd, &dmd); + dm_targets_free(cd, &dmdi); + + return r; +} + +static bool is_reencryption_helper(const char *name) +{ + size_t len; + + if (!name) + return false; + + len = strlen(name); + return (len >= 9 && (!strncmp(name + len - 8, "-hotzone-", 9) || + !strcmp(name + len - 8, "-overlay"))); + +} + +static bool contains_reencryption_helper(char **names) +{ + while (*names) { + if (is_reencryption_helper(*names++)) + return true; + } + + return false; +} + +int LUKS2_deactivate(struct crypt_device *cd, const char *name, struct luks2_hdr *hdr, struct crypt_dm_active_device *dmd, uint32_t flags) +{ + int r, ret; + struct dm_target *tgt; + crypt_status_info ci; + struct crypt_dm_active_device dmdc; + char **dep, deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = { 0 }; + const char *namei = NULL; + struct crypt_lock_handle *reencrypt_lock = NULL; + + if (!dmd || !dmd->uuid || strncmp(CRYPT_LUKS2, dmd->uuid, sizeof(CRYPT_LUKS2)-1)) + return -EINVAL; + + /* uuid mismatch with metadata (if available) */ + if (hdr && crypt_uuid_cmp(dmd->uuid, hdr->uuid)) + return -EINVAL; + + r = snprintf(deps_uuid_prefix, sizeof(deps_uuid_prefix), CRYPT_SUBDEV "-%.32s", dmd->uuid + 6); + if (r < 0 || (size_t)r != (sizeof(deps_uuid_prefix) - 1)) + return -EINVAL; + + tgt = &dmd->segment; + + /* TODO: We have LUKS2 dependencies now */ + if (hdr && single_segment(dmd) && tgt->type == DM_CRYPT && crypt_get_integrity_tag_size(cd)) + namei = device_dm_name(tgt->data_device); + + r = dm_device_deps(cd, name, deps_uuid_prefix, deps, ARRAY_SIZE(deps)); + if (r < 0) + goto out; + + if (contains_reencryption_helper(deps)) { + r = crypt_reencrypt_lock_by_dm_uuid(cd, dmd->uuid, &reencrypt_lock); + if (r) { + if (r == -EBUSY) + log_err(cd, _("Reencryption in-progress. Cannot deactivate device.")); + else + log_err(cd, _("Failed to get reencryption lock.")); + goto out; + } + } + + dep = deps; + while (*dep) { + if (is_reencryption_helper(*dep) && (dm_status_suspended(cd, *dep) > 0)) { + if (dm_error_device(cd, *dep)) + log_err(cd, _("Failed to replace suspended device %s with dm-error target."), *dep); + } + dep++; + } + + r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_CRYPT_KEYSIZE, &dmdc); + if (r < 0) { + memset(&dmdc, 0, sizeof(dmdc)); + dmdc.segment.type = DM_UNKNOWN; + } + + /* Remove top level device first */ + r = dm_remove_device(cd, name, flags); + if (!r) { + tgt = &dmdc.segment; + while (tgt) { + if (tgt->type == DM_CRYPT) + crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, LOGON_KEY); + tgt = tgt->next; + } + } + dm_targets_free(cd, &dmdc); + + /* TODO: We have LUKS2 dependencies now */ + if (r >= 0 && namei) { + log_dbg(cd, "Deactivating integrity device %s.", namei); + r = dm_remove_device(cd, namei, 0); + } + + if (!r) { + ret = 0; + dep = deps; + while (*dep) { + log_dbg(cd, "Deactivating LUKS2 dependent device %s.", *dep); + r = dm_query_device(cd, *dep, DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_CRYPT_KEYSIZE, &dmdc); + if (r < 0) { + memset(&dmdc, 0, sizeof(dmdc)); + dmdc.segment.type = DM_UNKNOWN; + } + + r = dm_remove_device(cd, *dep, flags); + if (r < 0) { + ci = crypt_status(cd, *dep); + if (ci == CRYPT_BUSY) + log_err(cd, _("Device %s is still in use."), *dep); + if (ci == CRYPT_INACTIVE) + r = 0; + } + if (!r) { + tgt = &dmdc.segment; + while (tgt) { + if (tgt->type == DM_CRYPT) + crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, LOGON_KEY); + tgt = tgt->next; + } + } + dm_targets_free(cd, &dmdc); + if (r && !ret) + ret = r; + dep++; + } + r = ret; + } + +out: + crypt_reencrypt_unlock(cd, reencrypt_lock); + dep = deps; + while (*dep) + free(*dep++); + + return r; +} + +int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs_mask, int quiet) +{ + uint32_t reqs; + int r = LUKS2_config_get_requirements(cd, hdr, &reqs); + + if (r) { + if (!quiet) + log_err(cd, _("Failed to read LUKS2 requirements.")); + return r; + } + + /* do not mask unknown requirements check */ + if (reqs_unknown(reqs)) { + if (!quiet) + log_err(cd, _("Unmet LUKS2 requirements detected.")); + return -ETXTBSY; + } + + /* mask out permitted requirements */ + reqs &= ~reqs_mask; + + if (reqs_reencrypt(reqs) && !quiet) + log_err(cd, _("Operation incompatible with device marked for legacy reencryption. Aborting.")); + if (reqs_reencrypt_online(reqs) && !quiet) + log_err(cd, _("Operation incompatible with device marked for LUKS2 reencryption. Aborting.")); + + /* any remaining unmasked requirement fails the check */ + return reqs ? -EINVAL : 0; +} + +/* + * NOTE: this routine is called on json object that failed validation. + * Proceed with caution :) + * + * known glitches so far: + * + * any version < 2.0.3: + * - luks2 keyslot pbkdf params change via crypt_keyslot_change_by_passphrase() + * could leave previous type parameters behind. Correct this by purging + * all params not needed by current type. + */ +void LUKS2_hdr_repair(struct crypt_device *cd, json_object *hdr_jobj) +{ + json_object *jobj_keyslots; + + if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots)) + return; + if (!json_object_is_type(jobj_keyslots, json_type_object)) + return; + + LUKS2_keyslots_repair(cd, jobj_keyslots); +} + +void json_object_object_del_by_uint(json_object *jobj, unsigned key) +{ + char key_name[16]; + + if (snprintf(key_name, sizeof(key_name), "%u", key) < 1) + return; + json_object_object_del(jobj, key_name); +} + +int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val) +{ + char key_name[16]; + + if (snprintf(key_name, sizeof(key_name), "%u", key) < 1) + return -EINVAL; + +#if HAVE_DECL_JSON_OBJECT_OBJECT_ADD_EX + return json_object_object_add_ex(jobj, key_name, jobj_val, 0) ? -ENOMEM : 0; +#else + json_object_object_add(jobj, key_name, jobj_val); + return 0; +#endif +} + +/* jobj_dst must contain pointer initialized to NULL (see json-c json_object_deep_copy API) */ +int json_object_copy(json_object *jobj_src, json_object **jobj_dst) +{ + if (!jobj_src || !jobj_dst || *jobj_dst) + return -1; + +#if HAVE_DECL_JSON_OBJECT_DEEP_COPY + return json_object_deep_copy(jobj_src, jobj_dst, NULL); +#else + *jobj_dst = json_tokener_parse(json_object_get_string(jobj_src)); + return *jobj_dst ? 0 : -1; +#endif +} diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c new file mode 100644 index 0000000..3b8c889 --- /dev/null +++ b/lib/luks2/luks2_keyslot.c @@ -0,0 +1,937 @@ +/* + * LUKS - Linux Unified Key Setup v2, keyslot handling + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" + +/* Internal implementations */ +extern const keyslot_handler luks2_keyslot; +extern const keyslot_handler reenc_keyslot; + +static const keyslot_handler *keyslot_handlers[LUKS2_KEYSLOTS_MAX] = { + &luks2_keyslot, + &reenc_keyslot, + NULL +}; + +static const keyslot_handler +*LUKS2_keyslot_handler_type(struct crypt_device *cd, const char *type) +{ + int i; + + for (i = 0; i < LUKS2_KEYSLOTS_MAX && keyslot_handlers[i]; i++) { + if (!strcmp(keyslot_handlers[i]->name, type)) + return keyslot_handlers[i]; + } + + return NULL; +} + +static const keyslot_handler +*LUKS2_keyslot_handler(struct crypt_device *cd, int keyslot) +{ + struct luks2_hdr *hdr; + json_object *jobj1, *jobj2; + + if (keyslot < 0) + return NULL; + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return NULL; + + if (!(jobj1 = LUKS2_get_keyslot_jobj(hdr, keyslot))) + return NULL; + + if (!json_object_object_get_ex(jobj1, "type", &jobj2)) + return NULL; + + return LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj2)); +} + +int LUKS2_keyslot_find_empty(struct luks2_hdr *hdr) +{ + int i; + + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) + if (!LUKS2_get_keyslot_jobj(hdr, i)) + return i; + + return -EINVAL; +} + +/* Check if a keyslot is assigned to specific segment */ +static int _keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment) +{ + int keyslot_digest, count = 0; + unsigned s; + + keyslot_digest = LUKS2_digest_by_keyslot(hdr, keyslot); + if (keyslot_digest < 0) + return keyslot_digest; + + if (segment >= 0) + return keyslot_digest == LUKS2_digest_by_segment(hdr, segment); + + for (s = 0; s < json_segments_count(LUKS2_get_segments_jobj(hdr)); s++) { + if (keyslot_digest == LUKS2_digest_by_segment(hdr, s)) + count++; + } + + return count; +} + +static int _keyslot_for_digest(struct luks2_hdr *hdr, int keyslot, int digest) +{ + int r = -EINVAL; + + r = LUKS2_digest_by_keyslot(hdr, keyslot); + if (r < 0) + return r; + return r == digest ? 0 : -ENOENT; +} + +int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment) +{ + int r = -EINVAL; + + /* no need to check anything */ + if (segment == CRYPT_ANY_SEGMENT) + return 0; /* ok */ + if (segment == CRYPT_DEFAULT_SEGMENT) { + segment = LUKS2_get_default_segment(hdr); + if (segment < 0) + return segment; + } + + r = _keyslot_for_segment(hdr, keyslot, segment); + if (r < 0) + return r; + + return r >= 1 ? 0 : -ENOENT; +} + +/* Number of keyslots assigned to a segment or all keyslots for CRYPT_ANY_SEGMENT */ +int LUKS2_keyslot_active_count(struct luks2_hdr *hdr, int segment) +{ + int num = 0; + json_object *jobj_keyslots; + + json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots); + + json_object_object_foreach(jobj_keyslots, slot, val) { + UNUSED(val); + if (!LUKS2_keyslot_for_segment(hdr, atoi(slot), segment)) + num++; + } + + return num; +} + +int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *cipher_spec) +{ + char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + + if (!cipher_spec || !strcmp(cipher_spec, "null") || !strcmp(cipher_spec, "cipher_null")) + return 1; + + if (crypt_parse_name_and_mode(cipher_spec, cipher, NULL, cipher_mode) < 0) + return 1; + + /* Keyslot is already authenticated; we cannot use integrity tags here */ + if (crypt_get_integrity_tag_size(cd)) + return 1; + + /* Wrapped key schemes cannot be used for keyslot encryption */ + if (crypt_cipher_wrapped_key(cipher, cipher_mode)) + return 1; + + /* Check if crypto backend can use the cipher */ + if (crypt_cipher_ivsize(cipher, cipher_mode) < 0) + return 1; + + return 0; +} + +int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr, + struct luks2_keyslot_params *params) +{ + const struct crypt_pbkdf_type *pbkdf = crypt_get_pbkdf_type(cd); + const char *cipher_spec; + size_t key_size; + int r; + + if (!hdr || !pbkdf || !params) + return -EINVAL; + + /* + * set keyslot area encryption parameters + */ + params->area_type = LUKS2_KEYSLOT_AREA_RAW; + cipher_spec = crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size); + if (!cipher_spec || !key_size) + return -EINVAL; + + params->area.raw.key_size = key_size; + r = snprintf(params->area.raw.encryption, sizeof(params->area.raw.encryption), "%s", cipher_spec); + if (r < 0 || (size_t)r >= sizeof(params->area.raw.encryption)) + return -EINVAL; + + /* + * set keyslot AF parameters + */ + params->af_type = LUKS2_KEYSLOT_AF_LUKS1; + /* currently we use hash for AF from pbkdf settings */ + r = snprintf(params->af.luks1.hash, sizeof(params->af.luks1.hash), "%s", pbkdf->hash ?: DEFAULT_LUKS1_HASH); + if (r < 0 || (size_t)r >= sizeof(params->af.luks1.hash)) + return -EINVAL; + params->af.luks1.stripes = 4000; + + return 0; +} + +int LUKS2_keyslot_pbkdf(struct luks2_hdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf) +{ + json_object *jobj_keyslot, *jobj_kdf, *jobj; + + if (!hdr || !pbkdf) + return -EINVAL; + + if (LUKS2_keyslot_info(hdr, keyslot) == CRYPT_SLOT_INVALID) + return -EINVAL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -ENOENT; + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf)) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_kdf, "type", &jobj)) + return -EINVAL; + + memset(pbkdf, 0, sizeof(*pbkdf)); + + pbkdf->type = json_object_get_string(jobj); + if (json_object_object_get_ex(jobj_kdf, "hash", &jobj)) + pbkdf->hash = json_object_get_string(jobj); + if (json_object_object_get_ex(jobj_kdf, "iterations", &jobj)) + pbkdf->iterations = json_object_get_int(jobj); + if (json_object_object_get_ex(jobj_kdf, "time", &jobj)) + pbkdf->iterations = json_object_get_int(jobj); + if (json_object_object_get_ex(jobj_kdf, "memory", &jobj)) + pbkdf->max_memory_kb = json_object_get_int(jobj); + if (json_object_object_get_ex(jobj_kdf, "cpus", &jobj)) + pbkdf->parallel_threads = json_object_get_int(jobj); + + return 0; +} + +static int LUKS2_keyslot_unbound(struct luks2_hdr *hdr, int keyslot) +{ + json_object *jobj_digest, *jobj_segments; + int digest = LUKS2_digest_by_keyslot(hdr, keyslot); + + if (digest < 0) + return 0; + + if (!(jobj_digest = LUKS2_get_digest_jobj(hdr, digest))) + return 0; + + json_object_object_get_ex(jobj_digest, "segments", &jobj_segments); + if (!jobj_segments || !json_object_is_type(jobj_segments, json_type_array) || + json_object_array_length(jobj_segments) == 0) + return 1; + + return 0; +} + +crypt_keyslot_info LUKS2_keyslot_info(struct luks2_hdr *hdr, int keyslot) +{ + if(keyslot >= LUKS2_KEYSLOTS_MAX || keyslot < 0) + return CRYPT_SLOT_INVALID; + + if (!LUKS2_get_keyslot_jobj(hdr, keyslot)) + return CRYPT_SLOT_INACTIVE; + + if (LUKS2_digest_by_keyslot(hdr, keyslot) < 0 || + LUKS2_keyslot_unbound(hdr, keyslot)) + return CRYPT_SLOT_UNBOUND; + + if (LUKS2_keyslot_active_count(hdr, CRYPT_DEFAULT_SEGMENT) == 1 && + !LUKS2_keyslot_for_segment(hdr, keyslot, CRYPT_DEFAULT_SEGMENT)) + return CRYPT_SLOT_ACTIVE_LAST; + + return CRYPT_SLOT_ACTIVE; +} + +int LUKS2_keyslot_area(struct luks2_hdr *hdr, + int keyslot, + uint64_t *offset, + uint64_t *length) +{ + json_object *jobj_keyslot, *jobj_area, *jobj; + + if(LUKS2_keyslot_info(hdr, keyslot) == CRYPT_SLOT_INVALID) + return -EINVAL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -ENOENT; + + if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_area, "offset", &jobj)) + return -EINVAL; + *offset = crypt_jobj_get_uint64(jobj); + + if (!json_object_object_get_ex(jobj_area, "size", &jobj)) + return -EINVAL; + *length = crypt_jobj_get_uint64(jobj); + + return 0; +} + +static int _open_and_verify(struct crypt_device *cd, + struct luks2_hdr *hdr, + const keyslot_handler *h, + int keyslot, + const char *password, + size_t password_len, + struct volume_key **vk) +{ + int r, key_size = LUKS2_get_keyslot_stored_key_size(hdr, keyslot); + + if (key_size < 0) + return -EINVAL; + + *vk = crypt_alloc_volume_key(key_size, NULL); + if (!*vk) + return -ENOMEM; + + r = h->open(cd, keyslot, password, password_len, (*vk)->key, (*vk)->keylength); + if (r < 0) + log_dbg(cd, "Keyslot %d (%s) open failed with %d.", keyslot, h->name, r); + else + r = LUKS2_digest_verify(cd, hdr, *vk, keyslot); + + if (r < 0) { + crypt_free_volume_key(*vk); + *vk = NULL; + } + + crypt_volume_key_set_id(*vk, r); + + return r < 0 ? r : keyslot; +} + +static int LUKS2_open_and_verify_by_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int digest, + const char *password, + size_t password_len, + struct volume_key **vk) +{ + const keyslot_handler *h; + int r; + + if (!(h = LUKS2_keyslot_handler(cd, keyslot))) + return -ENOENT; + + r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); + if (r) { + log_dbg(cd, "Keyslot %d validation failed.", keyslot); + return r; + } + + r = _keyslot_for_digest(hdr, keyslot, digest); + if (r) { + if (r == -ENOENT) + log_dbg(cd, "Keyslot %d unusable for digest %d.", keyslot, digest); + return r; + } + + return _open_and_verify(cd, hdr, h, keyslot, password, password_len, vk); +} + +static int LUKS2_open_and_verify(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int segment, + const char *password, + size_t password_len, + struct volume_key **vk) +{ + const keyslot_handler *h; + int r; + + if (!(h = LUKS2_keyslot_handler(cd, keyslot))) + return -ENOENT; + + r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); + if (r) { + log_dbg(cd, "Keyslot %d validation failed.", keyslot); + return r; + } + + r = LUKS2_keyslot_for_segment(hdr, keyslot, segment); + if (r) { + if (r == -ENOENT) + log_dbg(cd, "Keyslot %d unusable for segment %d.", keyslot, segment); + return r; + } + + return _open_and_verify(cd, hdr, h, keyslot, password, password_len, vk); +} + +static int LUKS2_keyslot_open_priority_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, + crypt_keyslot_priority priority, + const char *password, + size_t password_len, + int digest, + struct volume_key **vk) +{ + json_object *jobj_keyslots, *jobj; + crypt_keyslot_priority slot_priority; + int keyslot, r = -ENOENT; + + json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots); + + json_object_object_foreach(jobj_keyslots, slot, val) { + if (!json_object_object_get_ex(val, "priority", &jobj)) + slot_priority = CRYPT_SLOT_PRIORITY_NORMAL; + else + slot_priority = json_object_get_int(jobj); + + keyslot = atoi(slot); + if (slot_priority != priority) { + log_dbg(cd, "Keyslot %d priority %d != %d (required), skipped.", + keyslot, slot_priority, priority); + continue; + } + + r = LUKS2_open_and_verify_by_digest(cd, hdr, keyslot, digest, password, password_len, vk); + + /* Do not retry for errors that are no -EPERM or -ENOENT, + former meaning password wrong, latter key slot unusable for segment */ + if ((r != -EPERM) && (r != -ENOENT)) + break; + } + + return r; +} + +static int LUKS2_keyslot_open_priority(struct crypt_device *cd, + struct luks2_hdr *hdr, + crypt_keyslot_priority priority, + const char *password, + size_t password_len, + int segment, + struct volume_key **vk) +{ + json_object *jobj_keyslots, *jobj; + crypt_keyslot_priority slot_priority; + int keyslot, r = -ENOENT; + + json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots); + + json_object_object_foreach(jobj_keyslots, slot, val) { + if (!json_object_object_get_ex(val, "priority", &jobj)) + slot_priority = CRYPT_SLOT_PRIORITY_NORMAL; + else + slot_priority = json_object_get_int(jobj); + + keyslot = atoi(slot); + if (slot_priority != priority) { + log_dbg(cd, "Keyslot %d priority %d != %d (required), skipped.", + keyslot, slot_priority, priority); + continue; + } + + r = LUKS2_open_and_verify(cd, hdr, keyslot, segment, password, password_len, vk); + + /* Do not retry for errors that are no -EPERM or -ENOENT, + former meaning password wrong, latter key slot unusable for segment */ + if ((r != -EPERM) && (r != -ENOENT)) + break; + } + + return r; +} + +static int LUKS2_keyslot_open_by_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int digest, + const char *password, + size_t password_len, + struct volume_key **vk) +{ + int r_prio, r = -EINVAL; + + if (digest < 0) + return r; + + if (keyslot == CRYPT_ANY_SLOT) { + r_prio = LUKS2_keyslot_open_priority_digest(cd, hdr, CRYPT_SLOT_PRIORITY_PREFER, + password, password_len, digest, vk); + if (r_prio >= 0) + r = r_prio; + else if (r_prio != -EPERM && r_prio != -ENOENT) + r = r_prio; + else + r = LUKS2_keyslot_open_priority_digest(cd, hdr, CRYPT_SLOT_PRIORITY_NORMAL, + password, password_len, digest, vk); + /* Prefer password wrong to no entry from priority slot */ + if (r_prio == -EPERM && r == -ENOENT) + r = r_prio; + } else + r = LUKS2_open_and_verify_by_digest(cd, hdr, keyslot, digest, password, password_len, vk); + + return r; +} + +int LUKS2_keyslot_open_all_segments(struct crypt_device *cd, + int keyslot_old, + int keyslot_new, + const char *password, + size_t password_len, + struct volume_key **vks) +{ + struct volume_key *vk = NULL; + int digest_old, digest_new, r = -EINVAL; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + digest_old = LUKS2_reencrypt_digest_old(hdr); + if (digest_old >= 0) { + log_dbg(cd, "Trying to unlock volume key (digest: %d) using keyslot %d.", digest_old, keyslot_old); + r = LUKS2_keyslot_open_by_digest(cd, hdr, keyslot_old, digest_old, password, password_len, &vk); + if (r < 0) + goto out; + crypt_volume_key_add_next(vks, vk); + } + + digest_new = LUKS2_reencrypt_digest_new(hdr); + if (digest_new >= 0 && digest_old != digest_new) { + log_dbg(cd, "Trying to unlock volume key (digest: %d) using keyslot %d.", digest_new, keyslot_new); + r = LUKS2_keyslot_open_by_digest(cd, hdr, keyslot_new, digest_new, password, password_len, &vk); + if (r < 0) + goto out; + crypt_volume_key_add_next(vks, vk); + } +out: + if (r < 0) { + crypt_free_volume_key(*vks); + *vks = NULL; + + if (r == -ENOMEM) + log_err(cd, _("Not enough available memory to open a keyslot.")); + else if (r != -EPERM) + log_err(cd, _("Keyslot open failed.")); + } + return r; +} + +int LUKS2_keyslot_open(struct crypt_device *cd, + int keyslot, + int segment, + const char *password, + size_t password_len, + struct volume_key **vk) +{ + struct luks2_hdr *hdr; + int r_prio, r = -EINVAL; + + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + if (keyslot == CRYPT_ANY_SLOT) { + r_prio = LUKS2_keyslot_open_priority(cd, hdr, CRYPT_SLOT_PRIORITY_PREFER, + password, password_len, segment, vk); + if (r_prio >= 0) + r = r_prio; + else if (r_prio != -EPERM && r_prio != -ENOENT) + r = r_prio; + else + r = LUKS2_keyslot_open_priority(cd, hdr, CRYPT_SLOT_PRIORITY_NORMAL, + password, password_len, segment, vk); + /* Prefer password wrong to no entry from priority slot */ + if (r_prio == -EPERM && r == -ENOENT) + r = r_prio; + } else + r = LUKS2_open_and_verify(cd, hdr, keyslot, segment, password, password_len, vk); + + if (r < 0) { + if (r == -ENOMEM) + log_err(cd, _("Not enough available memory to open a keyslot.")); + else if (r != -EPERM) + log_err(cd, _("Keyslot open failed.")); + } + + return r; +} + +int LUKS2_keyslot_reencrypt_create(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const struct crypt_params_reencrypt *params) +{ + const keyslot_handler *h; + int r; + + if (keyslot == CRYPT_ANY_SLOT) + return -EINVAL; + + /* FIXME: find keyslot by type */ + h = LUKS2_keyslot_handler_type(cd, "reencrypt"); + if (!h) + return -EINVAL; + + r = reenc_keyslot_alloc(cd, hdr, keyslot, params); + if (r < 0) + return r; + + r = LUKS2_keyslot_priority_set(cd, hdr, keyslot, CRYPT_SLOT_PRIORITY_IGNORE, 0); + if (r < 0) + return r; + + r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); + if (r) { + log_dbg(cd, "Keyslot validation failed."); + return r; + } + + if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN)) + return -EINVAL; + + return 0; +} + +int LUKS2_keyslot_reencrypt_store(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const void *buffer, + size_t buffer_length) +{ + const keyslot_handler *h; + int r; + + if (!(h = LUKS2_keyslot_handler(cd, keyslot)) || strcmp(h->name, "reencrypt")) + return -EINVAL; + + r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); + if (r) { + log_dbg(cd, "Keyslot validation failed."); + return r; + } + + return h->store(cd, keyslot, NULL, 0, + buffer, buffer_length); +} + +int LUKS2_keyslot_store(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const char *password, + size_t password_len, + const struct volume_key *vk, + const struct luks2_keyslot_params *params) +{ + const keyslot_handler *h; + int r; + + if (keyslot == CRYPT_ANY_SLOT) + return -EINVAL; + + if (!LUKS2_get_keyslot_jobj(hdr, keyslot)) { + /* Try to allocate default and empty keyslot type */ + h = LUKS2_keyslot_handler_type(cd, "luks2"); + if (!h) + return -EINVAL; + + r = h->alloc(cd, keyslot, vk->keylength, params); + if (r) + return r; + } else { + if (!(h = LUKS2_keyslot_handler(cd, keyslot))) + return -EINVAL; + + r = h->update(cd, keyslot, params); + if (r) { + log_dbg(cd, "Failed to update keyslot %d json.", keyslot); + return r; + } + } + + r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot)); + if (r) { + log_dbg(cd, "Keyslot validation failed."); + return r; + } + + if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN)) + return -EINVAL; + + return h->store(cd, keyslot, password, password_len, + vk->key, vk->keylength); +} + +int LUKS2_keyslot_wipe(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + int wipe_area_only) +{ + struct device *device = crypt_metadata_device(cd); + uint64_t area_offset, area_length; + int r; + json_object *jobj_keyslot, *jobj_keyslots; + const keyslot_handler *h; + + h = LUKS2_keyslot_handler(cd, keyslot); + + if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots)) + return -EINVAL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -ENOENT; + + if (wipe_area_only) + log_dbg(cd, "Wiping keyslot %d area only.", keyslot); + + r = LUKS2_device_write_lock(cd, hdr, device); + if (r) + return r; + + /* secure deletion of possible key material in keyslot area */ + r = crypt_keyslot_area(cd, keyslot, &area_offset, &area_length); + if (r && r != -ENOENT) + goto out; + + if (!r) { + r = crypt_wipe_device(cd, device, CRYPT_WIPE_SPECIAL, area_offset, + area_length, area_length, NULL, NULL); + if (r) { + if (r == -EACCES) { + log_err(cd, _("Cannot write to device %s, permission denied."), + device_path(device)); + r = -EINVAL; + } else + log_err(cd, _("Cannot wipe device %s."), device_path(device)); + goto out; + } + } + + if (wipe_area_only) + goto out; + + /* Slot specific wipe */ + if (h) { + r = h->wipe(cd, keyslot); + if (r < 0) + goto out; + } else + log_dbg(cd, "Wiping keyslot %d without specific-slot handler loaded.", keyslot); + + json_object_object_del_by_uint(jobj_keyslots, keyslot); + + r = LUKS2_hdr_write(cd, hdr); +out: + device_write_unlock(cd, crypt_metadata_device(cd)); + return r; +} + +int LUKS2_keyslot_dump(struct crypt_device *cd, int keyslot) +{ + const keyslot_handler *h; + + if (!(h = LUKS2_keyslot_handler(cd, keyslot))) + return -EINVAL; + + return h->dump(cd, keyslot); +} + +crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd, + struct luks2_hdr *hdr, int keyslot) +{ + json_object *jobj_keyslot, *jobj_priority; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return CRYPT_SLOT_PRIORITY_INVALID; + + if (!json_object_object_get_ex(jobj_keyslot, "priority", &jobj_priority)) + return CRYPT_SLOT_PRIORITY_NORMAL; + + return json_object_get_int(jobj_priority); +} + +int LUKS2_keyslot_priority_set(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, crypt_keyslot_priority priority, int commit) +{ + json_object *jobj_keyslot; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -EINVAL; + + if (priority == CRYPT_SLOT_PRIORITY_NORMAL) + json_object_object_del(jobj_keyslot, "priority"); + else + json_object_object_add(jobj_keyslot, "priority", json_object_new_int(priority)); + + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +} + +int placeholder_keyslot_alloc(struct crypt_device *cd, + int keyslot, + uint64_t area_offset, + uint64_t area_length, + size_t volume_key_len) +{ + struct luks2_hdr *hdr; + json_object *jobj_keyslots, *jobj_keyslot, *jobj_area; + + log_dbg(cd, "Allocating placeholder keyslot %d for LUKS1 down conversion.", keyslot); + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX) + return -EINVAL; + + if (LUKS2_get_keyslot_jobj(hdr, keyslot)) + return -EINVAL; + + if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots)) + return -EINVAL; + + jobj_keyslot = json_object_new_object(); + json_object_object_add(jobj_keyslot, "type", json_object_new_string("placeholder")); + /* + * key_size = -1 makes placeholder keyslot impossible to pass validation. + * It's a safeguard against accidentally storing temporary conversion + * LUKS2 header. + */ + json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(-1)); + + /* Area object */ + jobj_area = json_object_new_object(); + json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); + json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); + json_object_object_add(jobj_keyslot, "area", jobj_area); + + json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + + return 0; +} + +static unsigned LUKS2_get_keyslot_digests_count(json_object *hdr_jobj, int keyslot) +{ + char num[16]; + json_object *jobj_digests, *jobj_keyslots; + unsigned count = 0; + + if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj_digests)) + return 0; + + if (snprintf(num, sizeof(num), "%u", keyslot) < 0) + return 0; + + json_object_object_foreach(jobj_digests, key, val) { + UNUSED(key); + json_object_object_get_ex(val, "keyslots", &jobj_keyslots); + if (LUKS2_array_jobj(jobj_keyslots, num)) + count++; + } + + return count; +} + +/* run only on header that passed basic format validation */ +int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj) +{ + const keyslot_handler *h; + int keyslot; + json_object *jobj_keyslots, *jobj_type; + + if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots)) + return -EINVAL; + + json_object_object_foreach(jobj_keyslots, slot, val) { + keyslot = atoi(slot); + json_object_object_get_ex(val, "type", &jobj_type); + h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type)); + if (!h) + continue; + if (h->validate && h->validate(cd, val)) { + log_dbg(cd, "Keyslot type %s validation failed on keyslot %d.", h->name, keyslot); + return -EINVAL; + } + + if (!strcmp(h->name, "luks2") && LUKS2_get_keyslot_digests_count(hdr_jobj, keyslot) != 1) { + log_dbg(cd, "Keyslot %d is not assigned to exactly 1 digest.", keyslot); + return -EINVAL; + } + } + + return 0; +} + +void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_keyslots) +{ + const keyslot_handler *h; + json_object *jobj_type; + + json_object_object_foreach(jobj_keyslots, slot, val) { + UNUSED(slot); + if (!json_object_is_type(val, json_type_object) || + !json_object_object_get_ex(val, "type", &jobj_type) || + !json_object_is_type(jobj_type, json_type_string)) + continue; + + h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type)); + if (h && h->repair) + h->repair(cd, val); + } +} + +/* assumes valid header */ +int LUKS2_find_keyslot(struct luks2_hdr *hdr, const char *type) +{ + int i; + json_object *jobj_keyslot, *jobj_type; + + if (!type) + return -EINVAL; + + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) { + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, i); + if (!jobj_keyslot) + continue; + + json_object_object_get_ex(jobj_keyslot, "type", &jobj_type); + if (!strcmp(json_object_get_string(jobj_type), type)) + return i; + } + + return -ENOENT; +} diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c new file mode 100644 index 0000000..156f0c1 --- /dev/null +++ b/lib/luks2/luks2_keyslot_luks2.c @@ -0,0 +1,785 @@ +/* + * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" + +/* FIXME: move keyslot encryption to crypto backend */ +#include "../luks1/af.h" + +#define LUKS_SALTSIZE 32 +#define LUKS_SLOT_ITERATIONS_MIN 1000 +#define LUKS_STRIPES 4000 + +/* Serialize memory-hard keyslot access: optional workaround for parallel processing */ +#define MIN_MEMORY_FOR_SERIALIZE_LOCK_KB 32*1024 /* 32MB */ + +static int luks2_encrypt_to_storage(char *src, size_t srcLength, + const char *cipher, const char *cipher_mode, + struct volume_key *vk, unsigned int sector, + struct crypt_device *cd) +{ +#ifndef ENABLE_AF_ALG /* Support for old kernel without Crypto API */ + return LUKS_encrypt_to_storage(src, srcLength, cipher, cipher_mode, vk, sector, cd); +#else + struct crypt_storage *s; + int devfd, r; + struct device *device = crypt_metadata_device(cd); + + /* Only whole sector writes supported */ + if (MISALIGNED_512(srcLength)) + return -EINVAL; + + /* Encrypt buffer */ + r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength); + if (r) { + log_err(cd, _("Cannot use %s-%s cipher for keyslot encryption."), cipher, cipher_mode); + return r; + } + + r = crypt_storage_encrypt(s, 0, srcLength, src); + crypt_storage_destroy(s); + if (r) { + log_err(cd, _("IO error while encrypting keyslot.")); + return r; + } + + devfd = device_open_locked(cd, device, O_RDWR); + if (devfd >= 0) { + if (write_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), src, + srcLength, sector * SECTOR_SIZE) < 0) + r = -EIO; + else + r = 0; + + device_sync(cd, device); + } else + r = -EIO; + + if (r) + log_err(cd, _("IO error while encrypting keyslot.")); + + return r; +#endif +} + +static int luks2_decrypt_from_storage(char *dst, size_t dstLength, + const char *cipher, const char *cipher_mode, struct volume_key *vk, + unsigned int sector, struct crypt_device *cd) +{ + struct device *device = crypt_metadata_device(cd); +#ifndef ENABLE_AF_ALG /* Support for old kernel without Crypto API */ + int r = device_read_lock(cd, device); + if (r) { + log_err(cd, _("Failed to acquire read lock on device %s."), device_path(device)); + return r; + } + r = LUKS_decrypt_from_storage(dst, dstLength, cipher, cipher_mode, vk, sector, cd); + device_read_unlock(cd, crypt_metadata_device(cd)); + return r; +#else + struct crypt_storage *s; + int devfd, r; + + /* Only whole sector writes supported */ + if (MISALIGNED_512(dstLength)) + return -EINVAL; + + r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, vk->key, vk->keylength); + if (r) { + log_err(cd, _("Cannot use %s-%s cipher for keyslot encryption."), cipher, cipher_mode); + return r; + } + + r = device_read_lock(cd, device); + if (r) { + log_err(cd, _("Failed to acquire read lock on device %s."), + device_path(device)); + crypt_storage_destroy(s); + return r; + } + + devfd = device_open_locked(cd, device, O_RDONLY); + if (devfd >= 0) { + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), dst, + dstLength, sector * SECTOR_SIZE) < 0) + r = -EIO; + else + r = 0; + } else + r = -EIO; + + device_read_unlock(cd, device); + + /* Decrypt buffer */ + if (!r) + r = crypt_storage_decrypt(s, 0, dstLength, dst); + else + log_err(cd, _("IO error while decrypting keyslot.")); + + crypt_storage_destroy(s); + return r; +#endif +} + +static int luks2_keyslot_get_pbkdf_params(json_object *jobj_keyslot, + struct crypt_pbkdf_type *pbkdf, char *salt) +{ + json_object *jobj_kdf, *jobj1, *jobj2; + size_t salt_len; + + if (!jobj_keyslot || !pbkdf) + return -EINVAL; + + memset(pbkdf, 0, sizeof(*pbkdf)); + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf)) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_kdf, "type", &jobj1)) + return -EINVAL; + pbkdf->type = json_object_get_string(jobj1); + if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) { + if (!json_object_object_get_ex(jobj_kdf, "hash", &jobj2)) + return -EINVAL; + pbkdf->hash = json_object_get_string(jobj2); + if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj2)) + return -EINVAL; + pbkdf->iterations = json_object_get_int(jobj2); + pbkdf->max_memory_kb = 0; + pbkdf->parallel_threads = 0; + } else { + if (!json_object_object_get_ex(jobj_kdf, "time", &jobj2)) + return -EINVAL; + pbkdf->iterations = json_object_get_int(jobj2); + if (!json_object_object_get_ex(jobj_kdf, "memory", &jobj2)) + return -EINVAL; + pbkdf->max_memory_kb = json_object_get_int(jobj2); + if (!json_object_object_get_ex(jobj_kdf, "cpus", &jobj2)) + return -EINVAL; + pbkdf->parallel_threads = json_object_get_int(jobj2); + } + + if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj2)) + return -EINVAL; + salt_len = LUKS_SALTSIZE; + if (!base64_decode(json_object_get_string(jobj2), + json_object_get_string_len(jobj2), + salt, &salt_len)) + return -EINVAL; + if (salt_len != LUKS_SALTSIZE) + return -EINVAL; + + return 0; +} + +static int luks2_keyslot_set_key(struct crypt_device *cd, + json_object *jobj_keyslot, + const char *password, size_t passwordLen, + const char *volume_key, size_t volume_key_len) +{ + struct volume_key *derived_key; + char salt[LUKS_SALTSIZE], cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + char *AfKey = NULL; + const char *af_hash = NULL; + size_t AFEKSize, keyslot_key_len; + json_object *jobj2, *jobj_kdf, *jobj_af, *jobj_area; + uint64_t area_offset; + struct crypt_pbkdf_type pbkdf; + int r; + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) || + !json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) || + !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + + /* prevent accidental volume key size change after allocation */ + if (!json_object_object_get_ex(jobj_keyslot, "key_size", &jobj2)) + return -EINVAL; + if (json_object_get_int(jobj2) != (int)volume_key_len) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_area, "offset", &jobj2)) + return -EINVAL; + area_offset = crypt_jobj_get_uint64(jobj2); + + if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2)) + return -EINVAL; + r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode); + if (r < 0) + return r; + + if (!json_object_object_get_ex(jobj_area, "key_size", &jobj2)) + return -EINVAL; + keyslot_key_len = json_object_get_int(jobj2); + + if (!json_object_object_get_ex(jobj_af, "hash", &jobj2)) + return -EINVAL; + af_hash = json_object_get_string(jobj2); + + if (luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, salt)) + return -EINVAL; + + /* + * Allocate derived key storage. + */ + derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL); + if (!derived_key) + return -ENOMEM; + /* + * Calculate keyslot content, split and store it to keyslot area. + */ + r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen, + salt, LUKS_SALTSIZE, + derived_key->key, derived_key->keylength, + pbkdf.iterations, pbkdf.max_memory_kb, + pbkdf.parallel_threads); + if (r < 0) { + crypt_free_volume_key(derived_key); + return r; + } + + // FIXME: verity key_size to AFEKSize + AFEKSize = AF_split_sectors(volume_key_len, LUKS_STRIPES) * SECTOR_SIZE; + AfKey = crypt_safe_alloc(AFEKSize); + if (!AfKey) { + crypt_free_volume_key(derived_key); + return -ENOMEM; + } + + r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash); + + if (r == 0) { + log_dbg(cd, "Updating keyslot area [0x%04x].", (unsigned)area_offset); + /* FIXME: sector_offset should be size_t, fix LUKS_encrypt... accordingly */ + r = luks2_encrypt_to_storage(AfKey, AFEKSize, cipher, cipher_mode, + derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd); + } + + crypt_safe_free(AfKey); + crypt_free_volume_key(derived_key); + if (r < 0) + return r; + + return 0; +} + +static int luks2_keyslot_get_key(struct crypt_device *cd, + json_object *jobj_keyslot, + const char *password, size_t passwordLen, + char *volume_key, size_t volume_key_len) +{ + struct volume_key *derived_key; + struct crypt_pbkdf_type pbkdf; + char *AfKey; + size_t AFEKSize; + const char *af_hash = NULL; + char salt[LUKS_SALTSIZE], cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + json_object *jobj2, *jobj_af, *jobj_area; + uint64_t area_offset; + size_t keyslot_key_len; + bool try_serialize_lock = false; + int r; + + if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) || + !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + + if (luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, salt)) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_af, "hash", &jobj2)) + return -EINVAL; + af_hash = json_object_get_string(jobj2); + + if (!json_object_object_get_ex(jobj_area, "offset", &jobj2)) + return -EINVAL; + area_offset = crypt_jobj_get_uint64(jobj2); + + if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2)) + return -EINVAL; + r = crypt_parse_name_and_mode(json_object_get_string(jobj2), cipher, NULL, cipher_mode); + if (r < 0) + return r; + + if (!json_object_object_get_ex(jobj_area, "key_size", &jobj2)) + return -EINVAL; + keyslot_key_len = json_object_get_int(jobj2); + + /* + * If requested, serialize unlocking for memory-hard KDF. Usually NOOP. + */ + if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB) + try_serialize_lock = true; + if (try_serialize_lock && crypt_serialize_lock(cd)) + return -EINVAL; + /* + * Allocate derived key storage space. + */ + derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL); + if (!derived_key) + return -ENOMEM; + + AFEKSize = AF_split_sectors(volume_key_len, LUKS_STRIPES) * SECTOR_SIZE; + AfKey = crypt_safe_alloc(AFEKSize); + if (!AfKey) { + crypt_free_volume_key(derived_key); + return -ENOMEM; + } + /* + * Calculate derived key, decrypt keyslot content and merge it. + */ + r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen, + salt, LUKS_SALTSIZE, + derived_key->key, derived_key->keylength, + pbkdf.iterations, pbkdf.max_memory_kb, + pbkdf.parallel_threads); + + if (try_serialize_lock) + crypt_serialize_unlock(cd); + + if (r == 0) { + log_dbg(cd, "Reading keyslot area [0x%04x].", (unsigned)area_offset); + /* FIXME: sector_offset should be size_t, fix LUKS_decrypt... accordingly */ + r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mode, + derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd); + } + + if (r == 0) + r = AF_merge(cd, AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash); + + crypt_free_volume_key(derived_key); + crypt_safe_free(AfKey); + + return r; +} + +/* + * currently we support update of only: + * + * - af hash function + * - kdf params + */ +static int luks2_keyslot_update_json(struct crypt_device *cd, + json_object *jobj_keyslot, + const struct luks2_keyslot_params *params) +{ + const struct crypt_pbkdf_type *pbkdf; + json_object *jobj_af, *jobj_area, *jobj_kdf; + char salt[LUKS_SALTSIZE], *salt_base64 = NULL; + int r; + + /* jobj_keyslot is not yet validated */ + + if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) || + !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + + /* update area encryption parameters */ + json_object_object_add(jobj_area, "encryption", json_object_new_string(params->area.raw.encryption)); + json_object_object_add(jobj_area, "key_size", json_object_new_int(params->area.raw.key_size)); + + pbkdf = crypt_get_pbkdf_type(cd); + if (!pbkdf) + return -EINVAL; + + r = crypt_benchmark_pbkdf_internal(cd, CONST_CAST(struct crypt_pbkdf_type *)pbkdf, params->area.raw.key_size); + if (r < 0) + return r; + + /* refresh whole 'kdf' object */ + jobj_kdf = json_object_new_object(); + if (!jobj_kdf) + return -ENOMEM; + json_object_object_add(jobj_kdf, "type", json_object_new_string(pbkdf->type)); + if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) { + json_object_object_add(jobj_kdf, "hash", json_object_new_string(pbkdf->hash)); + json_object_object_add(jobj_kdf, "iterations", json_object_new_int(pbkdf->iterations)); + } else { + json_object_object_add(jobj_kdf, "time", json_object_new_int(pbkdf->iterations)); + json_object_object_add(jobj_kdf, "memory", json_object_new_int(pbkdf->max_memory_kb)); + json_object_object_add(jobj_kdf, "cpus", json_object_new_int(pbkdf->parallel_threads)); + } + json_object_object_add(jobj_keyslot, "kdf", jobj_kdf); + + /* + * Regenerate salt and add it in 'kdf' object + */ + r = crypt_random_get(cd, salt, LUKS_SALTSIZE, CRYPT_RND_SALT); + if (r < 0) + return r; + base64_encode_alloc(salt, LUKS_SALTSIZE, &salt_base64); + if (!salt_base64) + return -ENOMEM; + json_object_object_add(jobj_kdf, "salt", json_object_new_string(salt_base64)); + free(salt_base64); + + /* update 'af' hash */ + json_object_object_add(jobj_af, "hash", json_object_new_string(params->af.luks1.hash)); + + JSON_DBG(cd, jobj_keyslot, "Keyslot JSON:"); + return 0; +} + +static int luks2_keyslot_alloc(struct crypt_device *cd, + int keyslot, + size_t volume_key_len, + const struct luks2_keyslot_params *params) +{ + struct luks2_hdr *hdr; + uint64_t area_offset, area_length; + json_object *jobj_keyslots, *jobj_keyslot, *jobj_af, *jobj_area; + int r; + + log_dbg(cd, "Trying to allocate LUKS2 keyslot %d.", keyslot); + + if (!params || params->area_type != LUKS2_KEYSLOT_AREA_RAW || + params->af_type != LUKS2_KEYSLOT_AF_LUKS1) { + log_dbg(cd, "Invalid LUKS2 keyslot parameters."); + return -EINVAL; + } + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + if (keyslot == CRYPT_ANY_SLOT) + keyslot = LUKS2_keyslot_find_empty(hdr); + + if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX) + return -ENOMEM; + + if (LUKS2_get_keyslot_jobj(hdr, keyslot)) { + log_dbg(cd, "Cannot modify already active keyslot %d.", keyslot); + return -EINVAL; + } + + if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots)) + return -EINVAL; + + r = LUKS2_find_area_gap(cd, hdr, volume_key_len, &area_offset, &area_length); + if (r < 0) { + log_err(cd, _("No space for new keyslot.")); + return r; + } + + jobj_keyslot = json_object_new_object(); + json_object_object_add(jobj_keyslot, "type", json_object_new_string("luks2")); + json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(volume_key_len)); + + /* AF object */ + jobj_af = json_object_new_object(); + json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); + json_object_object_add(jobj_af, "stripes", json_object_new_int(params->af.luks1.stripes)); + json_object_object_add(jobj_keyslot, "af", jobj_af); + + /* Area object */ + jobj_area = json_object_new_object(); + json_object_object_add(jobj_area, "type", json_object_new_string("raw")); + json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); + json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); + json_object_object_add(jobj_keyslot, "area", jobj_area); + + json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + + r = luks2_keyslot_update_json(cd, jobj_keyslot, params); + + if (!r && LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for new keyslot."); + r = -ENOSPC; + } + + if (r) + json_object_object_del_by_uint(jobj_keyslots, keyslot); + + return r; +} + +static int luks2_keyslot_open(struct crypt_device *cd, + int keyslot, + const char *password, + size_t password_len, + char *volume_key, + size_t volume_key_len) +{ + struct luks2_hdr *hdr; + json_object *jobj_keyslot; + + log_dbg(cd, "Trying to open LUKS2 keyslot %d.", keyslot); + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -EINVAL; + + return luks2_keyslot_get_key(cd, jobj_keyslot, + password, password_len, + volume_key, volume_key_len); +} + +/* + * This function must not modify json. + * It's called after luks2 keyslot validation. + */ +static int luks2_keyslot_store(struct crypt_device *cd, + int keyslot, + const char *password, + size_t password_len, + const char *volume_key, + size_t volume_key_len) +{ + struct luks2_hdr *hdr; + json_object *jobj_keyslot; + int r; + + log_dbg(cd, "Calculating attributes for LUKS2 keyslot %d.", keyslot); + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -EINVAL; + + r = LUKS2_device_write_lock(cd, hdr, crypt_metadata_device(cd)); + if(r) + return r; + + r = luks2_keyslot_set_key(cd, jobj_keyslot, + password, password_len, + volume_key, volume_key_len); + if (!r) + r = LUKS2_hdr_write(cd, hdr); + + device_write_unlock(cd, crypt_metadata_device(cd)); + + return r < 0 ? r : keyslot; +} + +static int luks2_keyslot_wipe(struct crypt_device *cd, int keyslot) +{ + struct luks2_hdr *hdr; + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + /* Remove any reference of deleted keyslot from digests and tokens */ + LUKS2_digest_assign(cd, hdr, keyslot, CRYPT_ANY_DIGEST, 0, 0); + LUKS2_token_assign(cd, hdr, keyslot, CRYPT_ANY_TOKEN, 0, 0); + + return 0; +} + +static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot) +{ + json_object *jobj_keyslot, *jobj1, *jobj_kdf, *jobj_af, *jobj_area; + + jobj_keyslot = LUKS2_get_keyslot_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), keyslot); + if (!jobj_keyslot) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) || + !json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) || + !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + + json_object_object_get_ex(jobj_area, "encryption", &jobj1); + log_std(cd, "\tCipher: %s\n", json_object_get_string(jobj1)); + + json_object_object_get_ex(jobj_area, "key_size", &jobj1); + log_std(cd, "\tCipher key: %u bits\n", crypt_jobj_get_uint32(jobj1) * 8); + + json_object_object_get_ex(jobj_kdf, "type", &jobj1); + log_std(cd, "\tPBKDF: %s\n", json_object_get_string(jobj1)); + + if (!strcmp(json_object_get_string(jobj1), CRYPT_KDF_PBKDF2)) { + json_object_object_get_ex(jobj_kdf, "hash", &jobj1); + log_std(cd, "\tHash: %s\n", json_object_get_string(jobj1)); + + json_object_object_get_ex(jobj_kdf, "iterations", &jobj1); + log_std(cd, "\tIterations: %" PRIu64 "\n", crypt_jobj_get_uint64(jobj1)); + } else { + json_object_object_get_ex(jobj_kdf, "time", &jobj1); + log_std(cd, "\tTime cost: %" PRIu64 "\n", json_object_get_int64(jobj1)); + + json_object_object_get_ex(jobj_kdf, "memory", &jobj1); + log_std(cd, "\tMemory: %" PRIu64 "\n", json_object_get_int64(jobj1)); + + json_object_object_get_ex(jobj_kdf, "cpus", &jobj1); + log_std(cd, "\tThreads: %" PRIu64 "\n", json_object_get_int64(jobj1)); + } + json_object_object_get_ex(jobj_kdf, "salt", &jobj1); + log_std(cd, "\tSalt: "); + hexprint_base64(cd, jobj1, " ", " "); + + + json_object_object_get_ex(jobj_af, "stripes", &jobj1); + log_std(cd, "\tAF stripes: %u\n", json_object_get_int(jobj1)); + + json_object_object_get_ex(jobj_af, "hash", &jobj1); + log_std(cd, "\tAF hash: %s\n", json_object_get_string(jobj1)); + + json_object_object_get_ex(jobj_area, "offset", &jobj1); + log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1)); + + json_object_object_get_ex(jobj_area, "size", &jobj1); + log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1)); + + return 0; +} + +static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_keyslot) +{ + json_object *jobj_kdf, *jobj_af, *jobj_area, *jobj1; + const char *type; + int count; + + if (!jobj_keyslot) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) || + !json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) || + !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + + count = json_object_object_length(jobj_kdf); + + jobj1 = json_contains(cd, jobj_kdf, "", "kdf section", "type", json_type_string); + if (!jobj1) + return -EINVAL; + type = json_object_get_string(jobj1); + + if (!strcmp(type, CRYPT_KDF_PBKDF2)) { + if (count != 4 || /* type, salt, hash, iterations only */ + !json_contains(cd, jobj_kdf, "kdf type", type, "hash", json_type_string) || + !json_contains(cd, jobj_kdf, "kdf type", type, "iterations", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string)) + return -EINVAL; + } else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) { + if (count != 5 || /* type, salt, time, memory, cpus only */ + !json_contains(cd, jobj_kdf, "kdf type", type, "time", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "memory", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "cpus", json_type_int) || + !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string)) + return -EINVAL; + } + + if (!json_object_object_get_ex(jobj_af, "type", &jobj1)) + return -EINVAL; + if (!strcmp(json_object_get_string(jobj1), "luks1")) { + if (!json_contains(cd, jobj_af, "", "luks1 af", "hash", json_type_string) || + !json_contains(cd, jobj_af, "", "luks1 af", "stripes", json_type_int)) + return -EINVAL; + } else + return -EINVAL; + + // FIXME check numbered + if (!json_object_object_get_ex(jobj_area, "type", &jobj1)) + return -EINVAL; + if (!strcmp(json_object_get_string(jobj1), "raw")) { + if (!json_contains(cd, jobj_area, "area", "raw type", "encryption", json_type_string) || + !json_contains(cd, jobj_area, "area", "raw type", "key_size", json_type_int) || + !json_contains(cd, jobj_area, "area", "raw type", "offset", json_type_string) || + !json_contains(cd, jobj_area, "area", "raw type", "size", json_type_string)) + return -EINVAL; + } else + return -EINVAL; + + return 0; +} + +static int luks2_keyslot_update(struct crypt_device *cd, + int keyslot, + const struct luks2_keyslot_params *params) +{ + struct luks2_hdr *hdr; + json_object *jobj_keyslot; + int r; + + log_dbg(cd, "Updating LUKS2 keyslot %d.", keyslot); + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -EINVAL; + + r = luks2_keyslot_update_json(cd, jobj_keyslot, params); + + if (!r && LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for updated keyslot %d.", keyslot); + r = -ENOSPC; + } + + return r; +} + +static void luks2_keyslot_repair(struct crypt_device *cd, json_object *jobj_keyslot) +{ + const char *type; + json_object *jobj_kdf, *jobj_type; + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) || + !json_object_is_type(jobj_kdf, json_type_object)) + return; + + if (!json_object_object_get_ex(jobj_kdf, "type", &jobj_type) || + !json_object_is_type(jobj_type, json_type_string)) + return; + + type = json_object_get_string(jobj_type); + + if (!strcmp(type, CRYPT_KDF_PBKDF2)) { + /* type, salt, hash, iterations only */ + json_object_object_foreach(jobj_kdf, key, val) { + UNUSED(val); + if (!strcmp(key, "type") || !strcmp(key, "salt") || + !strcmp(key, "hash") || !strcmp(key, "iterations")) + continue; + json_object_object_del(jobj_kdf, key); + } + } else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) { + /* type, salt, time, memory, cpus only */ + json_object_object_foreach(jobj_kdf, key, val) { + UNUSED(val); + if (!strcmp(key, "type") || !strcmp(key, "salt") || + !strcmp(key, "time") || !strcmp(key, "memory") || + !strcmp(key, "cpus")) + continue; + json_object_object_del(jobj_kdf, key); + } + } +} + +const keyslot_handler luks2_keyslot = { + .name = "luks2", + .alloc = luks2_keyslot_alloc, + .update = luks2_keyslot_update, + .open = luks2_keyslot_open, + .store = luks2_keyslot_store, + .wipe = luks2_keyslot_wipe, + .dump = luks2_keyslot_dump, + .validate = luks2_keyslot_validate, + .repair = luks2_keyslot_repair +}; diff --git a/lib/luks2/luks2_keyslot_reenc.c b/lib/luks2/luks2_keyslot_reenc.c new file mode 100644 index 0000000..b939467 --- /dev/null +++ b/lib/luks2/luks2_keyslot_reenc.c @@ -0,0 +1,336 @@ +/* + * LUKS - Linux Unified Key Setup v2, reencryption keyslot handler + * + * Copyright (C) 2016-2020, Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020, Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" + +static int reenc_keyslot_open(struct crypt_device *cd, + int keyslot, + const char *password, + size_t password_len, + char *volume_key, + size_t volume_key_len) +{ + return -ENOENT; +} + +int reenc_keyslot_alloc(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const struct crypt_params_reencrypt *params) +{ + int r; + json_object *jobj_keyslots, *jobj_keyslot, *jobj_area; + uint64_t area_offset, area_length; + + log_dbg(cd, "Allocating reencrypt keyslot %d.", keyslot); + + if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX) + return -ENOMEM; + + if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots)) + return -EINVAL; + + /* encryption doesn't require area (we shift data and backup will be available) */ + if (!params->data_shift) { + r = LUKS2_find_area_max_gap(cd, hdr, &area_offset, &area_length); + if (r < 0) + return r; + } else { /* we can't have keyslot w/o area...bug? */ + r = LUKS2_find_area_gap(cd, hdr, 1, &area_offset, &area_length); + if (r < 0) + return r; + } + + jobj_keyslot = json_object_new_object(); + if (!jobj_keyslot) + return -ENOMEM; + + jobj_area = json_object_new_object(); + + if (params->data_shift) { + json_object_object_add(jobj_area, "type", json_object_new_string("datashift")); + json_object_object_add(jobj_area, "shift_size", crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT)); + } else + /* except data shift protection, initial setting is irrelevant. Type can be changed during reencryption */ + json_object_object_add(jobj_area, "type", json_object_new_string("none")); + + json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset)); + json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length)); + + json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt")); + json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */ + json_object_object_add(jobj_keyslot, "mode", json_object_new_string(crypt_reencrypt_mode_to_str(params->mode))); + if (params->direction == CRYPT_REENCRYPT_FORWARD) + json_object_object_add(jobj_keyslot, "direction", json_object_new_string("forward")); + else if (params->direction == CRYPT_REENCRYPT_BACKWARD) + json_object_object_add(jobj_keyslot, "direction", json_object_new_string("backward")); + else + return -EINVAL; + + json_object_object_add(jobj_keyslot, "area", jobj_area); + + json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot); + if (LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "New keyslot too large to fit in free metadata space."); + json_object_object_del_by_uint(jobj_keyslots, keyslot); + return -ENOSPC; + } + + JSON_DBG(cd, hdr->jobj, "JSON:"); + + return 0; +} + +static int reenc_keyslot_store_data(struct crypt_device *cd, + json_object *jobj_keyslot, + const void *buffer, size_t buffer_len) +{ + int devfd, r; + json_object *jobj_area, *jobj_offset, *jobj_length; + uint64_t area_offset, area_length; + struct device *device = crypt_metadata_device(cd); + + if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area) || + !json_object_object_get_ex(jobj_area, "offset", &jobj_offset) || + !json_object_object_get_ex(jobj_area, "size", &jobj_length)) + return -EINVAL; + + area_offset = crypt_jobj_get_uint64(jobj_offset); + area_length = crypt_jobj_get_uint64(jobj_length); + + if (!area_offset || !area_length || ((uint64_t)buffer_len > area_length)) + return -EINVAL; + + devfd = device_open_locked(cd, device, O_RDWR); + if (devfd >= 0) { + if (write_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), CONST_CAST(void *)buffer, + buffer_len, area_offset) < 0) + r = -EIO; + else + r = 0; + } else + r = -EINVAL; + + if (r) + log_err(cd, _("IO error while encrypting keyslot.")); + + return r; +} + +static int reenc_keyslot_store(struct crypt_device *cd, + int keyslot, + const char *password __attribute__((unused)), + size_t password_len __attribute__((unused)), + const char *buffer, + size_t buffer_len) +{ + struct luks2_hdr *hdr; + json_object *jobj_keyslot; + int r = 0; + + if (!cd || !buffer || !buffer_len) + return -EINVAL; + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + log_dbg(cd, "Reencrypt keyslot %d store.", keyslot); + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return -EINVAL; + + r = LUKS2_device_write_lock(cd, hdr, crypt_metadata_device(cd)); + if (r) + return r; + + r = reenc_keyslot_store_data(cd, jobj_keyslot, buffer, buffer_len); + if (r < 0) { + device_write_unlock(cd, crypt_metadata_device(cd)); + return r; + } + + r = LUKS2_hdr_write(cd, hdr); + + device_write_unlock(cd, crypt_metadata_device(cd)); + + return r < 0 ? r : keyslot; +} + +int reenc_keyslot_update(struct crypt_device *cd, + const struct luks2_reenc_context *rh) +{ + json_object *jobj_keyslot, *jobj_area, *jobj_area_type; + struct luks2_hdr *hdr; + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, rh->reenc_keyslot); + if (!jobj_keyslot) + return -EINVAL; + + json_object_object_get_ex(jobj_keyslot, "area", &jobj_area); + json_object_object_get_ex(jobj_area, "type", &jobj_area_type); + + if (rh->rp.type == REENC_PROTECTION_CHECKSUM) { + log_dbg(cd, "Updating reencrypt keyslot for checksum protection."); + json_object_object_add(jobj_area, "type", json_object_new_string("checksum")); + json_object_object_add(jobj_area, "hash", json_object_new_string(rh->rp.p.csum.hash)); + json_object_object_add(jobj_area, "sector_size", json_object_new_int64(rh->alignment)); + } else if (rh->rp.type == REENC_PROTECTION_NONE) { + log_dbg(cd, "Updating reencrypt keyslot for none protection."); + json_object_object_add(jobj_area, "type", json_object_new_string("none")); + json_object_object_del(jobj_area, "hash"); + } else if (rh->rp.type == REENC_PROTECTION_JOURNAL) { + log_dbg(cd, "Updating reencrypt keyslot for journal protection."); + json_object_object_add(jobj_area, "type", json_object_new_string("journal")); + json_object_object_del(jobj_area, "hash"); + } else + log_dbg(cd, "No update of reencrypt keyslot needed."); + + return 0; +} + +static int reenc_keyslot_wipe(struct crypt_device *cd, int keyslot) +{ + return 0; +} + +static int reenc_keyslot_dump(struct crypt_device *cd, int keyslot) +{ + json_object *jobj_keyslot, *jobj_area, *jobj_direction, *jobj_mode, *jobj_resilience, + *jobj1; + + jobj_keyslot = LUKS2_get_keyslot_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), keyslot); + if (!jobj_keyslot) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_keyslot, "direction", &jobj_direction) || + !json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode) || + !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area) || + !json_object_object_get_ex(jobj_area, "type", &jobj_resilience)) + return -EINVAL; + + log_std(cd, "\t%-12s%s\n", "Mode:", json_object_get_string(jobj_mode)); + log_std(cd, "\t%-12s%s\n", "Direction:", json_object_get_string(jobj_direction)); + log_std(cd, "\t%-12s%s\n", "Resilience:", json_object_get_string(jobj_resilience)); + + if (!strcmp(json_object_get_string(jobj_resilience), "checksum")) { + json_object_object_get_ex(jobj_area, "hash", &jobj1); + log_std(cd, "\t%-12s%s\n", "Hash:", json_object_get_string(jobj1)); + json_object_object_get_ex(jobj_area, "sector_size", &jobj1); + log_std(cd, "\t%-12s%d [bytes]\n", "Hash data:", json_object_get_int(jobj1)); + } else if (!strcmp(json_object_get_string(jobj_resilience), "datashift")) { + json_object_object_get_ex(jobj_area, "shift_size", &jobj1); + log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", crypt_jobj_get_uint64(jobj1)); + } + + json_object_object_get_ex(jobj_area, "offset", &jobj1); + log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1)); + + json_object_object_get_ex(jobj_area, "size", &jobj1); + log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1)); + + return 0; +} + +static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_keyslot) +{ + json_object *jobj_mode, *jobj_area, *jobj_type, *jobj_shift_size, *jobj_hash, *jobj_sector_size, *jobj_direction; + const char *mode, *type, *direction; + uint32_t sector_size; + uint64_t shift_size; + + /* mode (string: encrypt,reencrypt,decrypt) + * direction (string:) + * area { + * type: (string: datashift, journal, checksum, none) + * hash: (string: checksum only) + * sector_size (uint32: checksum only) + * shift_size (uint64: datashift only) + * } + */ + + /* area and area type are validated in general validation code */ + if (!jobj_keyslot || !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area) || + !json_object_object_get_ex(jobj_area, "type", &jobj_type)) + return -EINVAL; + + jobj_mode = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "mode", json_type_string); + jobj_direction = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "direction", json_type_string); + + if (!jobj_mode || !jobj_direction) + return -EINVAL; + + mode = json_object_get_string(jobj_mode); + type = json_object_get_string(jobj_type); + direction = json_object_get_string(jobj_direction); + + if (strcmp(mode, "reencrypt") && strcmp(mode, "encrypt") && + strcmp(mode, "decrypt")) { + log_dbg(cd, "Illegal reencrypt mode %s.", mode); + return -EINVAL; + } + + if (strcmp(direction, "forward") && strcmp(direction, "backward")) { + log_dbg(cd, "Illegal reencrypt direction %s.", direction); + return -EINVAL; + } + + if (!strcmp(type, "checksum")) { + jobj_hash = json_contains(cd, jobj_area, "type:checksum", "Keyslot area", "hash", json_type_string); + jobj_sector_size = json_contains(cd, jobj_area, "type:checksum", "Keyslot area", "sector_size", json_type_int); + if (!jobj_hash || !jobj_sector_size) + return -EINVAL; + if (!validate_json_uint32(jobj_sector_size)) + return -EINVAL; + sector_size = crypt_jobj_get_uint32(jobj_sector_size); + if (sector_size < SECTOR_SIZE || NOTPOW2(sector_size)) { + log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.", sector_size); + return -EINVAL; + } + } else if (!strcmp(type, "datashift")) { + if (!(jobj_shift_size = json_contains(cd, jobj_area, "type:datashift", "Keyslot area", "shift_size", json_type_string))) + return -EINVAL; + + shift_size = crypt_jobj_get_uint64(jobj_shift_size); + if (!shift_size) + return -EINVAL; + + if (MISALIGNED_512(shift_size)) { + log_dbg(cd, "Shift size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE); + return -EINVAL; + } + } + + return 0; +} + +const keyslot_handler reenc_keyslot = { + .name = "reencrypt", + .open = reenc_keyslot_open, + .store = reenc_keyslot_store, /* initialization only or also per every chunk write */ + .wipe = reenc_keyslot_wipe, + .dump = reenc_keyslot_dump, + .validate = reenc_keyslot_validate +}; diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c new file mode 100644 index 0000000..603c44d --- /dev/null +++ b/lib/luks2/luks2_luks1_convert.c @@ -0,0 +1,896 @@ +/* + * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code + * + * Copyright (C) 2015-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020 Ondrej Kozina + * Copyright (C) 2015-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" +#include "../luks1/luks.h" +#include "../luks1/af.h" + +int LUKS2_check_cipher(struct crypt_device *cd, + size_t keylength, + const char *cipher, + const char *cipher_mode) +{ + return LUKS_check_cipher(cd, keylength, cipher, cipher_mode); +} + +static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struct json_object **keyslot_object) +{ + char *base64_str, cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L]; + size_t base64_len; + struct json_object *keyslot_obj, *field, *jobj_kdf, *jobj_af, *jobj_area; + uint64_t offset, area_size, offs_a, offs_b, length; + + keyslot_obj = json_object_new_object(); + json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2")); + json_object_object_add(keyslot_obj, "key_size", json_object_new_int64(hdr_v1->keyBytes)); + + /* KDF */ + jobj_kdf = json_object_new_object(); + json_object_object_add(jobj_kdf, "type", json_object_new_string(CRYPT_KDF_PBKDF2)); + json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec)); + json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations)); + /* salt field */ + base64_len = base64_encode_alloc(hdr_v1->keyblock[keyslot].passwordSalt, LUKS_SALTSIZE, &base64_str); + if (!base64_str) { + json_object_put(keyslot_obj); + json_object_put(jobj_kdf); + if (!base64_len) + return -EINVAL; + return -ENOMEM; + } + field = json_object_new_string_len(base64_str, base64_len); + free(base64_str); + json_object_object_add(jobj_kdf, "salt", field); + json_object_object_add(keyslot_obj, "kdf", jobj_kdf); + + /* AF */ + jobj_af = json_object_new_object(); + json_object_object_add(jobj_af, "type", json_object_new_string("luks1")); + json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec)); + /* stripes field ignored, fixed to LUKS_STRIPES (4000) */ + json_object_object_add(jobj_af, "stripes", json_object_new_int(4000)); + json_object_object_add(keyslot_obj, "af", jobj_af); + + /* Area */ + jobj_area = json_object_new_object(); + json_object_object_add(jobj_area, "type", json_object_new_string("raw")); + + /* encryption algorithm field */ + if (*hdr_v1->cipherMode != '\0') { + (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode); + json_object_object_add(jobj_area, "encryption", json_object_new_string(cipher)); + } else + json_object_object_add(jobj_area, "encryption", json_object_new_string(hdr_v1->cipherName)); + + /* area */ + if (LUKS_keyslot_area(hdr_v1, 0, &offs_a, &length) || + LUKS_keyslot_area(hdr_v1, 1, &offs_b, &length) || + LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) { + json_object_put(keyslot_obj); + json_object_put(jobj_area); + return -EINVAL; + } + area_size = offs_b - offs_a; + json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes)); + json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset)); + json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size)); + json_object_object_add(keyslot_obj, "area", jobj_area); + + *keyslot_object = keyslot_obj; + return 0; +} + +static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object) +{ + int keyslot, r; + struct json_object *keyslot_obj, *field; + + keyslot_obj = json_object_new_object(); + if (!keyslot_obj) + return -ENOMEM; + + for (keyslot = 0; keyslot < LUKS_NUMKEYS; keyslot++) { + if (hdr_v1->keyblock[keyslot].active != LUKS_KEY_ENABLED) + continue; + r = json_luks1_keyslot(hdr_v1, keyslot, &field); + if (r) { + json_object_put(keyslot_obj); + return r; + } + json_object_object_add_by_uint(keyslot_obj, keyslot, field); + } + + *keyslots_object = keyslot_obj; + return 0; +} + +static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object **segment_object) +{ + const char *c; + char cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L]; + struct json_object *segment_obj, *field; + uint64_t number; + + segment_obj = json_object_new_object(); + if (!segment_obj) + return -ENOMEM; + + /* type field */ + field = json_object_new_string("crypt"); + if (!field) { + json_object_put(segment_obj); + return -ENOMEM; + } + json_object_object_add(segment_obj, "type", field); + + /* offset field */ + number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE; + + field = crypt_jobj_new_uint64(number); + if (!field) { + json_object_put(segment_obj); + return -ENOMEM; + } + json_object_object_add(segment_obj, "offset", field); + + /* iv_tweak field */ + field = json_object_new_string("0"); + if (!field) { + json_object_put(segment_obj); + return -ENOMEM; + } + json_object_object_add(segment_obj, "iv_tweak", field); + + /* length field */ + field = json_object_new_string("dynamic"); + if (!field) { + json_object_put(segment_obj); + return -ENOMEM; + } + json_object_object_add(segment_obj, "size", field); + + /* cipher field */ + if (*hdr_v1->cipherMode != '\0') { + (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode); + c = cipher; + } else + c = hdr_v1->cipherName; + + field = json_object_new_string(c); + if (!field) { + json_object_put(segment_obj); + return -ENOMEM; + } + json_object_object_add(segment_obj, "encryption", field); + + /* block field */ + field = json_object_new_int(SECTOR_SIZE); + if (!field) { + json_object_put(segment_obj); + return -ENOMEM; + } + json_object_object_add(segment_obj, "sector_size", field); + + *segment_object = segment_obj; + return 0; +} + +static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_object **segments_object) +{ + int r; + struct json_object *segments_obj, *field; + + segments_obj = json_object_new_object(); + if (!segments_obj) + return -ENOMEM; + + r = json_luks1_segment(hdr_v1, &field); + if (r) { + json_object_put(segments_obj); + return r; + } + json_object_object_add_by_uint(segments_obj, 0, field); + + *segments_object = segments_obj; + return 0; +} + +static int json_luks1_digest(const struct luks_phdr *hdr_v1, struct json_object **digest_object) +{ + char keyslot_str[2], *base64_str; + int ks; + size_t base64_len; + struct json_object *digest_obj, *array, *field; + + digest_obj = json_object_new_object(); + if (!digest_obj) + return -ENOMEM; + + /* type field */ + field = json_object_new_string("pbkdf2"); + if (!field) { + json_object_put(digest_obj); + return -ENOMEM; + } + json_object_object_add(digest_obj, "type", field); + + /* keyslots array */ + array = json_object_new_array(); + if (!array) { + json_object_put(digest_obj); + return -ENOMEM; + } + json_object_object_add(digest_obj, "keyslots", json_object_get(array)); + + for (ks = 0; ks < LUKS_NUMKEYS; ks++) { + if (hdr_v1->keyblock[ks].active != LUKS_KEY_ENABLED) + continue; + (void) snprintf(keyslot_str, sizeof(keyslot_str), "%d", ks); + + field = json_object_new_string(keyslot_str); + if (!field || json_object_array_add(array, field) < 0) { + json_object_put(field); + json_object_put(array); + json_object_put(digest_obj); + return -ENOMEM; + } + } + + json_object_put(array); + + /* segments array */ + array = json_object_new_array(); + if (!array) { + json_object_put(digest_obj); + return -ENOMEM; + } + json_object_object_add(digest_obj, "segments", json_object_get(array)); + + field = json_object_new_string("0"); + if (!field || json_object_array_add(array, field) < 0) { + json_object_put(field); + json_object_put(array); + json_object_put(digest_obj); + return -ENOMEM; + } + + json_object_put(array); + + /* hash field */ + field = json_object_new_string(hdr_v1->hashSpec); + if (!field) { + json_object_put(digest_obj); + return -ENOMEM; + } + json_object_object_add(digest_obj, "hash", field); + + /* salt field */ + base64_len = base64_encode_alloc(hdr_v1->mkDigestSalt, LUKS_SALTSIZE, &base64_str); + if (!base64_str) { + json_object_put(digest_obj); + if (!base64_len) + return -EINVAL; + return -ENOMEM; + } + + field = json_object_new_string_len(base64_str, base64_len); + free(base64_str); + if (!field) { + json_object_put(digest_obj); + return -ENOMEM; + } + json_object_object_add(digest_obj, "salt", field); + + /* digest field */ + base64_len = base64_encode_alloc(hdr_v1->mkDigest, LUKS_DIGESTSIZE, &base64_str); + if (!base64_str) { + json_object_put(digest_obj); + if (!base64_len) + return -EINVAL; + return -ENOMEM; + } + + field = json_object_new_string_len(base64_str, base64_len); + free(base64_str); + if (!field) { + json_object_put(digest_obj); + return -ENOMEM; + } + json_object_object_add(digest_obj, "digest", field); + + /* iterations field */ + field = json_object_new_int64(hdr_v1->mkDigestIterations); + if (!field) { + json_object_put(digest_obj); + return -ENOMEM; + } + json_object_object_add(digest_obj, "iterations", field); + + *digest_object = digest_obj; + return 0; +} + +static int json_luks1_digests(const struct luks_phdr *hdr_v1, struct json_object **digests_object) +{ + int r; + struct json_object *digests_obj, *field; + + digests_obj = json_object_new_object(); + if (!digests_obj) + return -ENOMEM; + + r = json_luks1_digest(hdr_v1, &field); + if (r) { + json_object_put(digests_obj); + return r; + } + json_object_object_add(digests_obj, "0", field); + + *digests_object = digests_obj; + return 0; +} + +static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks1_object, uint64_t keyslots_size) +{ + int r; + struct json_object *luks1_obj, *field; + uint64_t json_size; + + luks1_obj = json_object_new_object(); + if (!luks1_obj) + return -ENOMEM; + + /* keyslots field */ + r = json_luks1_keyslots(hdr_v1, &field); + if (r) { + json_object_put(luks1_obj); + return r; + } + json_object_object_add(luks1_obj, "keyslots", field); + + /* tokens field */ + field = json_object_new_object(); + if (!field) { + json_object_put(luks1_obj); + return -ENOMEM; + } + json_object_object_add(luks1_obj, "tokens", field); + + /* segments field */ + r = json_luks1_segments(hdr_v1, &field); + if (r) { + json_object_put(luks1_obj); + return r; + } + json_object_object_add(luks1_obj, "segments", field); + + /* digests field */ + r = json_luks1_digests(hdr_v1, &field); + if (r) { + json_object_put(luks1_obj); + return r; + } + json_object_object_add(luks1_obj, "digests", field); + + /* config field */ + /* anything else? */ + field = json_object_new_object(); + if (!field) { + json_object_put(luks1_obj); + return -ENOMEM; + } + json_object_object_add(luks1_obj, "config", field); + + json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN; + json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size)); + keyslots_size -= (keyslots_size % 4096); + json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size)); + + *luks1_object = luks1_obj; + return 0; +} + +static void move_keyslot_offset(json_object *jobj, int offset_add) +{ + json_object *jobj1, *jobj2, *jobj_area; + uint64_t offset = 0; + + json_object_object_get_ex(jobj, "keyslots", &jobj1); + json_object_object_foreach(jobj1, key, val) { + UNUSED(key); + json_object_object_get_ex(val, "area", &jobj_area); + json_object_object_get_ex(jobj_area, "offset", &jobj2); + offset = crypt_jobj_get_uint64(jobj2) + offset_add; + json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset)); + } +} + +/* FIXME: return specific error code for partial write error (aka keyslots are gone) */ +static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from, + off_t offset_to, size_t buf_size) +{ + int devfd, r = -EIO; + struct device *device = crypt_metadata_device(cd); + void *buf = NULL; + + log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.", + buf_size, (intmax_t)offset_from, (intmax_t)offset_to); + + if (posix_memalign(&buf, crypt_getpagesize(), buf_size)) + return -ENOMEM; + + devfd = device_open(cd, device, O_RDWR); + if (devfd < 0) { + free(buf); + return -EIO; + } + + /* This can safely fail (for block devices). It only allocates space if it is possible. */ + if (posix_fallocate(devfd, offset_to, buf_size)) + log_dbg(cd, "Preallocation (fallocate) of new keyslot area not available."); + + /* Try to read *new* area to check that area is there (trimmed backup). */ + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), buf, buf_size, + offset_to)!= (ssize_t)buf_size) + goto out; + + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), buf, buf_size, + offset_from)!= (ssize_t)buf_size) + goto out; + + if (write_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), buf, buf_size, + offset_to) != (ssize_t)buf_size) + goto out; + + r = 0; +out: + device_sync(cd, device); + crypt_safe_memzero(buf, buf_size); + free(buf); + + return r; +} + +static int luks_header_in_use(struct crypt_device *cd) +{ + int r; + + r = lookup_dm_dev_by_uuid(cd, crypt_get_uuid(cd), crypt_get_type(cd)); + if (r < 0) + log_err(cd, _("Cannot check status of device with uuid: %s."), crypt_get_uuid(cd)); + + return r; +} + +/* Check if there is a luksmeta area (foreign metadata created by the luksmeta package) */ +static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size) +{ + int devfd, r = 0; + static const uint8_t LM_MAGIC[] = { 'L', 'U', 'K', 'S', 'M', 'E', 'T', 'A' }; + struct device *device = crypt_metadata_device(cd); + void *buf = NULL; + + if (posix_memalign(&buf, crypt_getpagesize(), sizeof(LM_MAGIC))) + return -ENOMEM; + + devfd = device_open(cd, device, O_RDONLY); + if (devfd < 0) { + free(buf); + return -EIO; + } + + /* Note: we must not detect failure as problem here, header can be trimmed. */ + if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device), + buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) && + !memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) { + log_err(cd, _("Unable to convert header with LUKSMETA additional metadata.")); + r = -EBUSY; + } + + free(buf); + return r; +} + +/* Convert LUKS1 -> LUKS2 */ +int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct luks2_hdr *hdr2) +{ + int r; + json_object *jobj = NULL; + size_t buf_size, buf_offset, luks1_size, luks1_shift = 2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS; + uint64_t required_size, max_size = crypt_get_data_offset(cd) * SECTOR_SIZE; + + /* for detached headers max size == device size */ + if (!max_size && (r = device_size(crypt_metadata_device(cd), &max_size))) + return r; + + luks1_size = LUKS_device_sectors(hdr1) << SECTOR_SHIFT; + luks1_size = size_round_up(luks1_size, LUKS_ALIGN_KEYSLOTS); + if (!luks1_size) + return -EINVAL; + + if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) { + log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1)); + return -EINVAL; + } + + if (luksmeta_header_present(cd, luks1_size)) + return -EINVAL; + + log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu", + max_size, luks1_size, luks1_shift); + + required_size = luks1_size + luks1_shift; + + if ((max_size < required_size) && + device_fallocate(crypt_metadata_device(cd), required_size)) { + log_err(cd, _("Unable to move keyslot area. Not enough space.")); + return -EINVAL; + } + + if (max_size < required_size) + max_size = required_size; + + r = json_luks1_object(hdr1, &jobj, max_size - 2 * LUKS2_HDR_16K_LEN); + if (r < 0) + return r; + + move_keyslot_offset(jobj, luks1_shift); + + // fill hdr2 + memset(hdr2, 0, sizeof(*hdr2)); + hdr2->hdr_size = LUKS2_HDR_16K_LEN; + hdr2->seqid = 1; + hdr2->version = 2; + strncpy(hdr2->checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L); + crypt_random_get(cd, (char*)hdr2->salt1, sizeof(hdr2->salt1), CRYPT_RND_SALT); + crypt_random_get(cd, (char*)hdr2->salt2, sizeof(hdr2->salt2), CRYPT_RND_SALT); + strncpy(hdr2->uuid, crypt_get_uuid(cd), LUKS2_UUID_L-1); /* UUID should be max 36 chars */ + hdr2->jobj = jobj; + + /* + * It duplicates check in LUKS2_hdr_write() but we don't want to move + * keyslot areas in case it would fail later + */ + if (max_size < LUKS2_hdr_and_areas_size(hdr2->jobj)) { + r = -EINVAL; + goto out; + } + + /* check future LUKS2 metadata before moving keyslots area */ + if (LUKS2_hdr_validate(cd, hdr2->jobj, hdr2->hdr_size - LUKS2_HDR_BIN_LEN)) { + r = -EINVAL; + goto out; + } + + if ((r = luks_header_in_use(cd))) { + if (r > 0) + r = -EBUSY; + goto out; + } + + // move keyslots 4k -> 32k offset + buf_offset = 2 * LUKS2_HDR_16K_LEN; + buf_size = luks1_size - LUKS_ALIGN_KEYSLOTS; + + /* check future LUKS2 keyslots area is at least as large as LUKS1 keyslots area */ + if (buf_size > LUKS2_keyslots_size(hdr2->jobj)) { + log_err(cd, _("Unable to move keyslot area. LUKS2 keyslots area too small.")); + r = -EINVAL; + goto out; + } + + if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) { + log_err(cd, _("Unable to move keyslot area.")); + goto out; + } + + // Write JSON hdr2 + r = LUKS2_hdr_write(cd, hdr2); +out: + LUKS2_hdr_free(cd, hdr2); + + return r; +} + +static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, uint32_t key_size, const char *hash) +{ + json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af; + uint64_t l2_offset, l2_length; + size_t ks_key_size; + const char *ks_cipher, *data_cipher; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot); + if (!jobj_keyslot) + return 1; + + if (!json_object_object_get_ex(jobj_keyslot, "type", &jobj) || + strcmp(json_object_get_string(jobj), "luks2")) + return 0; + + /* Using PBKDF2, this implies memory and parallel is not used. */ + jobj = NULL; + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) || + !json_object_object_get_ex(jobj_kdf, "type", &jobj) || + strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2) || + !json_object_object_get_ex(jobj_kdf, "hash", &jobj) || + strcmp(json_object_get_string(jobj), hash)) + return 0; + + jobj = NULL; + if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) || + !json_object_object_get_ex(jobj_af, "stripes", &jobj) || + json_object_get_int(jobj) != LUKS_STRIPES) + return 0; + + jobj = NULL; + if (!json_object_object_get_ex(jobj_af, "hash", &jobj) || + (crypt_hash_size(json_object_get_string(jobj)) < 0) || + strcmp(json_object_get_string(jobj), hash)) + return 0; + + /* FIXME: should this go to validation code instead (aka invalid luks2 header if assigned to segment 0)? */ + /* FIXME: check all keyslots are assigned to segment id 0, and segments count == 1 */ + ks_cipher = LUKS2_get_keyslot_cipher(hdr, keyslot, &ks_key_size); + data_cipher = LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT); + if (!ks_cipher || !data_cipher || key_size != ks_key_size || strcmp(ks_cipher, data_cipher)) { + log_dbg(cd, "Cipher in keyslot %d is different from volume key encryption.", keyslot); + return 0; + } + + if (LUKS2_keyslot_area(hdr, keyslot, &l2_offset, &l2_length)) + return 0; + + if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) { + log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot); + return 0; + } + + return 1; +} + +/* Convert LUKS2 -> LUKS1 */ +int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1) +{ + size_t buf_size, buf_offset; + char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1]; + char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE]; + const char *hash; + size_t len; + json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_area, *jobj1, *jobj2; + uint32_t key_size; + int i, r, last_active = 0; + uint64_t offset, area_length; + char buf[256], luksMagic[] = LUKS_MAGIC; + + jobj_digest = LUKS2_get_digest_jobj(hdr2, 0); + if (!jobj_digest) + return -EINVAL; + + jobj_segment = LUKS2_get_segment_jobj(hdr2, CRYPT_DEFAULT_SEGMENT); + if (!jobj_segment) + return -EINVAL; + + if (json_segment_get_sector_size(jobj_segment) != SECTOR_SIZE) { + log_err(cd, _("Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes.")); + return -EINVAL; + } + + json_object_object_get_ex(hdr2->jobj, "digests", &jobj1); + if (!json_object_object_get_ex(jobj_digest, "type", &jobj2) || + strcmp(json_object_get_string(jobj2), "pbkdf2") || + json_object_object_length(jobj1) != 1) { + log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible.")); + return -EINVAL; + } + if (!json_object_object_get_ex(jobj_digest, "hash", &jobj2)) + return -EINVAL; + hash = json_object_get_string(jobj2); + + r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMENT), cipher, NULL, cipher_mode); + if (r < 0) + return r; + + if (crypt_cipher_wrapped_key(cipher, cipher_mode)) { + log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s."), cipher); + return -EINVAL; + } + + r = LUKS2_tokens_count(hdr2); + if (r < 0) + return r; + if (r > 0) { + log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."), r); + return -EINVAL; + } + + r = LUKS2_get_volume_key_size(hdr2, 0); + if (r < 0) + return -EINVAL; + key_size = r; + + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) { + if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INACTIVE) + continue; + + if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INVALID) { + log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is in invalid state."), i); + return -EINVAL; + } + + if (i >= LUKS_NUMKEYS) { + log_err(cd, _("Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."), i); + return -EINVAL; + } + + if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size, hash)) { + log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i); + return -EINVAL; + } + } + + memset(hdr1, 0, sizeof(*hdr1)); + + for (i = 0; i < LUKS_NUMKEYS; i++) { + hdr1->keyblock[i].active = LUKS_KEY_DISABLED; + hdr1->keyblock[i].stripes = LUKS_STRIPES; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, i); + + if (jobj_keyslot) { + if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + if (!json_object_object_get_ex(jobj_area, "offset", &jobj1)) + return -EINVAL; + offset = crypt_jobj_get_uint64(jobj1); + } else { + if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length)) + return -EINVAL; + /* + * We have to create placeholder luks2 keyslots in place of all + * inactive keyslots. Otherwise we would allocate all + * inactive luks1 keyslots over same binary keyslot area. + */ + if (placeholder_keyslot_alloc(cd, i, offset, area_length, key_size)) + return -EINVAL; + } + + offset /= SECTOR_SIZE; + if (offset > UINT32_MAX) + return -EINVAL; + + hdr1->keyblock[i].keyMaterialOffset = offset; + hdr1->keyblock[i].keyMaterialOffset -= + ((2 * LUKS2_HDR_16K_LEN - LUKS_ALIGN_KEYSLOTS) / SECTOR_SIZE); + + if (!jobj_keyslot) + continue; + + hdr1->keyblock[i].active = LUKS_KEY_ENABLED; + last_active = i; + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf)) + continue; + + if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1)) + continue; + hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1); + + if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1)) + continue; + len = sizeof(buf); + memset(buf, 0, len); + if (!base64_decode(json_object_get_string(jobj1), + json_object_get_string_len(jobj1), buf, &len)) + continue; + if (len > 0 && len != LUKS_SALTSIZE) + continue; + memcpy(hdr1->keyblock[i].passwordSalt, buf, LUKS_SALTSIZE); + } + + if (!jobj_keyslot) { + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr2, last_active); + if (!jobj_keyslot) + return -EINVAL; + } + + if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area)) + return -EINVAL; + if (!json_object_object_get_ex(jobj_area, "encryption", &jobj1)) + return -EINVAL; + r = crypt_parse_name_and_mode(json_object_get_string(jobj1), cipher, NULL, cipher_mode); + if (r < 0) + return r; + + strncpy(hdr1->cipherName, cipher, sizeof(hdr1->cipherName) - 1); + strncpy(hdr1->cipherMode, cipher_mode, sizeof(hdr1->cipherMode) - 1); + + if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf)) + return -EINVAL; + if (!json_object_object_get_ex(jobj_kdf, "hash", &jobj1)) + return -EINVAL; + strncpy(hdr1->hashSpec, json_object_get_string(jobj1), sizeof(hdr1->hashSpec) - 1); + + hdr1->keyBytes = key_size; + + if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1)) + return -EINVAL; + hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1); + + if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1)) + return -EINVAL; + len = sizeof(digest); + if (!base64_decode(json_object_get_string(jobj1), + json_object_get_string_len(jobj1), digest, &len)) + return -EINVAL; + /* We can store full digest here, not only sha1 length */ + if (len < LUKS_DIGESTSIZE) + return -EINVAL; + memcpy(hdr1->mkDigest, digest, LUKS_DIGESTSIZE); + + if (!json_object_object_get_ex(jobj_digest, "salt", &jobj1)) + return -EINVAL; + len = sizeof(digest_salt); + if (!base64_decode(json_object_get_string(jobj1), + json_object_get_string_len(jobj1), digest_salt, &len)) + return -EINVAL; + if (len != LUKS_SALTSIZE) + return -EINVAL; + memcpy(hdr1->mkDigestSalt, digest_salt, LUKS_SALTSIZE); + + if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1)) + return -EINVAL; + offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE; + if (offset > UINT32_MAX) + return -EINVAL; + /* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */ + hdr1->payloadOffset = offset; + + strncpy(hdr1->uuid, hdr2->uuid, UUID_STRING_L); /* max 36 chars */ + hdr1->uuid[UUID_STRING_L-1] = '\0'; + + memcpy(hdr1->magic, luksMagic, LUKS_MAGIC_L); + + hdr1->version = 1; + + r = luks_header_in_use(cd); + if (r) + return r > 0 ? -EBUSY : r; + + // move keyslots 32k -> 4k offset + buf_offset = 2 * LUKS2_HDR_16K_LEN; + buf_size = LUKS2_keyslots_size(hdr2->jobj); + r = move_keyslot_areas(cd, buf_offset, 8 * SECTOR_SIZE, buf_size); + if (r < 0) { + log_err(cd, _("Unable to move keyslot area.")); + return r; + } + + crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0, + 8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL); + + // Write LUKS1 hdr + return LUKS_write_phdr(hdr1, cd); +} diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c new file mode 100644 index 0000000..68d3194 --- /dev/null +++ b/lib/luks2/luks2_reencrypt.c @@ -0,0 +1,3445 @@ +/* + * LUKS - Linux Unified Key Setup v2, reencryption helpers + * + * Copyright (C) 2015-2020, Red Hat, Inc. All rights reserved. + * Copyright (C) 2015-2020, Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" +#include "utils_device_locking.h" + +static json_object *reencrypt_segment(struct luks2_hdr *hdr, unsigned new) +{ + return LUKS2_get_segment_by_flag(hdr, new ? "backup-final" : "backup-previous"); +} + +static json_object *reencrypt_segment_new(struct luks2_hdr *hdr) +{ + return reencrypt_segment(hdr, 1); +} + +static json_object *reencrypt_segment_old(struct luks2_hdr *hdr) +{ + return reencrypt_segment(hdr, 0); +} + +static const char *reencrypt_segment_cipher_new(struct luks2_hdr *hdr) +{ + return json_segment_get_cipher(reencrypt_segment(hdr, 1)); +} + +static const char *reencrypt_segment_cipher_old(struct luks2_hdr *hdr) +{ + return json_segment_get_cipher(reencrypt_segment(hdr, 0)); +} + +static int reencrypt_get_sector_size_new(struct luks2_hdr *hdr) +{ + return json_segment_get_sector_size(reencrypt_segment(hdr, 1)); +} + +static int reencrypt_get_sector_size_old(struct luks2_hdr *hdr) +{ + return json_segment_get_sector_size(reencrypt_segment(hdr, 0)); +} + +static uint64_t reencrypt_data_offset(struct luks2_hdr *hdr, unsigned new) +{ + json_object *jobj = reencrypt_segment(hdr, new); + if (jobj) + return json_segment_get_offset(jobj, 0); + + return LUKS2_get_data_offset(hdr) << SECTOR_SHIFT; +} + +static uint64_t LUKS2_reencrypt_get_data_offset_moved(struct luks2_hdr *hdr) +{ + json_object *jobj_segment = LUKS2_get_segment_by_flag(hdr, "backup-moved-segment"); + + if (!jobj_segment) + return 0; + + return json_segment_get_offset(jobj_segment, 0); +} + +static uint64_t reencrypt_get_data_offset_new(struct luks2_hdr *hdr) +{ + return reencrypt_data_offset(hdr, 1); +} + +static uint64_t reencrypt_get_data_offset_old(struct luks2_hdr *hdr) +{ + return reencrypt_data_offset(hdr, 0); +} + +static int reencrypt_digest(struct luks2_hdr *hdr, unsigned new) +{ + int segment = LUKS2_get_segment_id_by_flag(hdr, new ? "backup-final" : "backup-previous"); + + if (segment < 0) + return segment; + + return LUKS2_digest_by_segment(hdr, segment); +} + +int LUKS2_reencrypt_digest_new(struct luks2_hdr *hdr) +{ + return reencrypt_digest(hdr, 1); +} + +int LUKS2_reencrypt_digest_old(struct luks2_hdr *hdr) +{ + return reencrypt_digest(hdr, 0); +} + +/* none, checksums, journal or shift */ +static const char *reencrypt_resilience_type(struct luks2_hdr *hdr) +{ + json_object *jobj_keyslot, *jobj_area, *jobj_type; + int ks = LUKS2_find_keyslot(hdr, "reencrypt"); + + if (ks < 0) + return NULL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks); + + json_object_object_get_ex(jobj_keyslot, "area", &jobj_area); + if (!json_object_object_get_ex(jobj_area, "type", &jobj_type)) + return NULL; + + return json_object_get_string(jobj_type); +} + +static const char *reencrypt_resilience_hash(struct luks2_hdr *hdr) +{ + json_object *jobj_keyslot, *jobj_area, *jobj_type, *jobj_hash; + int ks = LUKS2_find_keyslot(hdr, "reencrypt"); + + if (ks < 0) + return NULL; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks); + + json_object_object_get_ex(jobj_keyslot, "area", &jobj_area); + if (!json_object_object_get_ex(jobj_area, "type", &jobj_type)) + return NULL; + if (strcmp(json_object_get_string(jobj_type), "checksum")) + return NULL; + if (!json_object_object_get_ex(jobj_area, "hash", &jobj_hash)) + return NULL; + + return json_object_get_string(jobj_hash); +} + +static uint32_t reencrypt_alignment(struct luks2_hdr *hdr) +{ + json_object *jobj_keyslot, *jobj_area, *jobj_type, *jobj_hash, *jobj_sector_size; + int ks = LUKS2_find_keyslot(hdr, "reencrypt"); + + if (ks < 0) + return 0; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks); + + json_object_object_get_ex(jobj_keyslot, "area", &jobj_area); + if (!json_object_object_get_ex(jobj_area, "type", &jobj_type)) + return 0; + if (strcmp(json_object_get_string(jobj_type), "checksum")) + return 0; + if (!json_object_object_get_ex(jobj_area, "hash", &jobj_hash)) + return 0; + if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size)) + return 0; + + return crypt_jobj_get_uint32(jobj_sector_size); +} + +static json_object *_enc_create_segments_shift_after(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t data_offset) +{ + int reenc_seg, i = 0; + json_object *jobj_copy, *jobj_seg_new = NULL, *jobj_segs_post = json_object_new_object(); + uint64_t tmp; + + if (!rh->jobj_segs_hot || !jobj_segs_post) + goto err; + + if (json_segments_count(rh->jobj_segs_hot) == 0) + return jobj_segs_post; + + reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot); + if (reenc_seg < 0) + goto err; + + while (i < reenc_seg) { + jobj_copy = json_segments_get_segment(rh->jobj_segs_hot, i); + if (!jobj_copy) + goto err; + json_object_object_add_by_uint(jobj_segs_post, i++, json_object_get(jobj_copy)); + } + + if (json_object_copy(json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1), &jobj_seg_new)) { + if (json_object_copy(json_segments_get_segment(rh->jobj_segs_hot, reenc_seg), &jobj_seg_new)) + goto err; + json_segment_remove_flag(jobj_seg_new, "in-reencryption"); + tmp = rh->length; + } else { + json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset)); + json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT)); + tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length; + } + + /* alter size of new segment, reenc_seg == 0 we're finished */ + json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic")); + json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new); + + return jobj_segs_post; +err: + json_object_put(jobj_segs_post); + return NULL; +} + +static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t data_offset) +{ + int sg, crypt_seg, i = 0; + uint64_t segment_size; + json_object *jobj_seg_shrunk, *jobj_seg_new, *jobj_copy, *jobj_enc_seg = NULL, + *jobj_segs_hot = json_object_new_object(); + + if (!jobj_segs_hot) + return NULL; + + crypt_seg = LUKS2_segment_by_type(hdr, "crypt"); + + /* FIXME: This is hack. Find proper way to fix it. */ + sg = LUKS2_last_segment_by_type(hdr, "linear"); + if (rh->offset && sg < 0) + goto err; + if (sg < 0) + return jobj_segs_hot; + + jobj_enc_seg = json_segment_create_crypt(data_offset + rh->offset, + rh->offset >> SECTOR_SHIFT, + &rh->length, + reencrypt_segment_cipher_new(hdr), + reencrypt_get_sector_size_new(hdr), + 1); + + while (i < sg) { + jobj_copy = LUKS2_get_segment_jobj(hdr, i); + if (!jobj_copy) + goto err; + json_object_object_add_by_uint(jobj_segs_hot, i++, json_object_get(jobj_copy)); + } + + segment_size = LUKS2_segment_size(hdr, sg, 0); + if (segment_size > rh->length) { + jobj_seg_shrunk = NULL; + if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk)) + goto err; + json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length)); + json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk); + } + + json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_enc_seg); + jobj_enc_seg = NULL; /* see err: label */ + + /* first crypt segment after encryption ? */ + if (crypt_seg >= 0) { + jobj_seg_new = LUKS2_get_segment_jobj(hdr, crypt_seg); + if (!jobj_seg_new) + goto err; + json_object_object_add_by_uint(jobj_segs_hot, sg, json_object_get(jobj_seg_new)); + } + + return jobj_segs_hot; +err: + json_object_put(jobj_enc_seg); + json_object_put(jobj_segs_hot); + + return NULL; +} + +static json_object *reencrypt_make_segment_new(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct luks2_reenc_context *rh, + uint64_t data_offset, + uint64_t segment_offset, + uint64_t iv_offset, + const uint64_t *segment_length) +{ + switch (rh->mode) { + case CRYPT_REENCRYPT_REENCRYPT: + case CRYPT_REENCRYPT_ENCRYPT: + return json_segment_create_crypt(data_offset + segment_offset, + crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT), + segment_length, + reencrypt_segment_cipher_new(hdr), + reencrypt_get_sector_size_new(hdr), 0); + case CRYPT_REENCRYPT_DECRYPT: + return json_segment_create_linear(data_offset + segment_offset, segment_length, 0); + } + + return NULL; +} + +static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t data_offset) +{ + int reenc_seg; + json_object *jobj_new_seg_after, *jobj_old_seg, *jobj_old_seg_copy = NULL, + *jobj_segs_post = json_object_new_object(); + uint64_t fixed_length = rh->offset + rh->length; + + if (!rh->jobj_segs_hot || !jobj_segs_post) + goto err; + + reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot); + if (reenc_seg < 0) + return NULL; + + jobj_old_seg = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1); + + /* + * if there's no old segment after reencryption, we're done. + * Set size to 'dynamic' again. + */ + jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, jobj_old_seg ? &fixed_length : NULL); + if (!jobj_new_seg_after) + goto err; + json_object_object_add_by_uint(jobj_segs_post, 0, jobj_new_seg_after); + + if (jobj_old_seg) { + if (rh->fixed_length) { + if (json_object_copy(jobj_old_seg, &jobj_old_seg_copy)) + goto err; + jobj_old_seg = jobj_old_seg_copy; + fixed_length = rh->device_size - fixed_length; + json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length)); + } else + json_object_get(jobj_old_seg); + json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg); + } + + return jobj_segs_post; +err: + json_object_put(jobj_segs_post); + return NULL; +} + +static json_object *reencrypt_make_post_segments_backward(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t data_offset) +{ + int reenc_seg; + uint64_t fixed_length; + + json_object *jobj_new_seg_after, *jobj_old_seg, + *jobj_segs_post = json_object_new_object(); + + if (!rh->jobj_segs_hot || !jobj_segs_post) + goto err; + + reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot); + if (reenc_seg < 0) + return NULL; + + jobj_old_seg = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg - 1); + if (jobj_old_seg) + json_object_object_add_by_uint(jobj_segs_post, reenc_seg - 1, json_object_get(jobj_old_seg)); + if (rh->fixed_length && rh->offset) { + fixed_length = rh->device_size - rh->offset; + jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset, rh->offset, &fixed_length); + } else + jobj_new_seg_after = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset, rh->offset, NULL); + if (!jobj_new_seg_after) + goto err; + json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_new_seg_after); + + return jobj_segs_post; +err: + json_object_put(jobj_segs_post); + return NULL; +} + +static json_object *reencrypt_make_segment_reencrypt(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct luks2_reenc_context *rh, + uint64_t data_offset, + uint64_t segment_offset, + uint64_t iv_offset, + const uint64_t *segment_length) +{ + switch (rh->mode) { + case CRYPT_REENCRYPT_REENCRYPT: + case CRYPT_REENCRYPT_ENCRYPT: + return json_segment_create_crypt(data_offset + segment_offset, + crypt_get_iv_offset(cd) + (iv_offset >> SECTOR_SHIFT), + segment_length, + reencrypt_segment_cipher_new(hdr), + reencrypt_get_sector_size_new(hdr), 1); + case CRYPT_REENCRYPT_DECRYPT: + return json_segment_create_linear(data_offset + segment_offset, segment_length, 1); + } + + return NULL; +} + +static json_object *reencrypt_make_segment_old(struct crypt_device *cd, + struct luks2_hdr *hdr, + const struct luks2_reenc_context *rh, + uint64_t data_offset, + uint64_t segment_offset, + const uint64_t *segment_length) +{ + json_object *jobj_old_seg = NULL; + + switch (rh->mode) { + case CRYPT_REENCRYPT_REENCRYPT: + case CRYPT_REENCRYPT_DECRYPT: + jobj_old_seg = json_segment_create_crypt(data_offset + segment_offset, + crypt_get_iv_offset(cd) + (segment_offset >> SECTOR_SHIFT), + segment_length, + reencrypt_segment_cipher_old(hdr), + reencrypt_get_sector_size_old(hdr), + 0); + break; + case CRYPT_REENCRYPT_ENCRYPT: + jobj_old_seg = json_segment_create_linear(data_offset + segment_offset, segment_length, 0); + } + + return jobj_old_seg; +} + +static json_object *reencrypt_make_hot_segments_forward(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t device_size, + uint64_t data_offset) +{ + json_object *jobj_segs_hot, *jobj_reenc_seg, *jobj_old_seg, *jobj_new_seg; + uint64_t fixed_length, tmp = rh->offset + rh->length; + unsigned int sg = 0; + + jobj_segs_hot = json_object_new_object(); + if (!jobj_segs_hot) + return NULL; + + if (rh->offset) { + jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, &rh->offset); + if (!jobj_new_seg) + goto err; + json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_new_seg); + } + + jobj_reenc_seg = reencrypt_make_segment_reencrypt(cd, hdr, rh, data_offset, rh->offset, rh->offset, &rh->length); + if (!jobj_reenc_seg) + goto err; + + json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg); + + if (tmp < device_size) { + fixed_length = device_size - tmp; + jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + rh->data_shift, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); + if (!jobj_old_seg) + goto err; + json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_old_seg); + } + + return jobj_segs_hot; +err: + json_object_put(jobj_segs_hot); + return NULL; +} + +static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t device_size, + uint64_t data_offset) +{ + json_object *jobj_reenc_seg, *jobj_new_seg, *jobj_old_seg = NULL, + *jobj_segs_hot = json_object_new_object(); + int sg = 0; + uint64_t fixed_length, tmp = rh->offset + rh->length; + + if (!jobj_segs_hot) + return NULL; + + if (rh->offset) { + if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_old_seg)) + goto err; + json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset)); + + json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg); + } + + jobj_reenc_seg = reencrypt_make_segment_reencrypt(cd, hdr, rh, data_offset, rh->offset, rh->offset, &rh->length); + if (!jobj_reenc_seg) + goto err; + + json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg); + + if (tmp < device_size) { + fixed_length = device_size - tmp; + jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset + rh->length, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL); + if (!jobj_new_seg) + goto err; + json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_new_seg); + } + + return jobj_segs_hot; +err: + json_object_put(jobj_segs_hot); + return NULL; +} + +static int reencrypt_make_hot_segments(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t device_size, + uint64_t data_offset) +{ + rh->jobj_segs_hot = NULL; + + if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD && + rh->data_shift && rh->jobj_segment_moved) { + log_dbg(cd, "Calculating hot segments for encryption with data move."); + rh->jobj_segs_hot = reencrypt_make_hot_segments_encrypt_shift(cd, hdr, rh, data_offset); + } else if (rh->direction == CRYPT_REENCRYPT_FORWARD) { + log_dbg(cd, "Calculating hot segments (forward direction)."); + rh->jobj_segs_hot = reencrypt_make_hot_segments_forward(cd, hdr, rh, device_size, data_offset); + } else if (rh->direction == CRYPT_REENCRYPT_BACKWARD) { + log_dbg(cd, "Calculating hot segments (backward direction)."); + rh->jobj_segs_hot = reencrypt_make_hot_segments_backward(cd, hdr, rh, device_size, data_offset); + } + + return rh->jobj_segs_hot ? 0 : -EINVAL; +} + +static int reencrypt_make_post_segments(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t data_offset) +{ + rh->jobj_segs_post = NULL; + + if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD && + rh->data_shift && rh->jobj_segment_moved) { + log_dbg(cd, "Calculating post segments for encryption with data move."); + rh->jobj_segs_post = _enc_create_segments_shift_after(cd, hdr, rh, data_offset); + } else if (rh->direction == CRYPT_REENCRYPT_FORWARD) { + log_dbg(cd, "Calculating post segments (forward direction)."); + rh->jobj_segs_post = reencrypt_make_post_segments_forward(cd, hdr, rh, data_offset); + } else if (rh->direction == CRYPT_REENCRYPT_BACKWARD) { + log_dbg(cd, "Calculating segments (backward direction)."); + rh->jobj_segs_post = reencrypt_make_post_segments_backward(cd, hdr, rh, data_offset); + } + + return rh->jobj_segs_post ? 0 : -EINVAL; +} + +static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr) +{ + json_object *jobj_keyslot, *jobj_area, *jobj_data_shift; + int ks = LUKS2_find_keyslot(hdr, "reencrypt"); + + if (ks < 0) + return 0; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks); + + json_object_object_get_ex(jobj_keyslot, "area", &jobj_area); + if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj_data_shift)) + return 0; + + return crypt_jobj_get_uint64(jobj_data_shift); +} + +static crypt_reencrypt_mode_info reencrypt_mode(struct luks2_hdr *hdr) +{ + const char *mode; + crypt_reencrypt_mode_info mi = CRYPT_REENCRYPT_REENCRYPT; + json_object *jobj_keyslot, *jobj_mode; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt")); + if (!jobj_keyslot) + return mi; + + json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode); + mode = json_object_get_string(jobj_mode); + + /* validation enforces allowed values */ + if (!strcmp(mode, "encrypt")) + mi = CRYPT_REENCRYPT_ENCRYPT; + else if (!strcmp(mode, "decrypt")) + mi = CRYPT_REENCRYPT_DECRYPT; + + return mi; +} + +static crypt_reencrypt_direction_info reencrypt_direction(struct luks2_hdr *hdr) +{ + const char *value; + json_object *jobj_keyslot, *jobj_mode; + crypt_reencrypt_direction_info di = CRYPT_REENCRYPT_FORWARD; + + jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt")); + if (!jobj_keyslot) + return di; + + json_object_object_get_ex(jobj_keyslot, "direction", &jobj_mode); + value = json_object_get_string(jobj_mode); + + /* validation enforces allowed values */ + if (strcmp(value, "forward")) + di = CRYPT_REENCRYPT_BACKWARD; + + return di; +} + +typedef enum { REENC_OK = 0, REENC_ERR, REENC_ROLLBACK, REENC_FATAL } reenc_status_t; + +void LUKS2_reenc_context_free(struct crypt_device *cd, struct luks2_reenc_context *rh) +{ + if (!rh) + return; + + if (rh->rp.type == REENC_PROTECTION_CHECKSUM) { + if (rh->rp.p.csum.ch) { + crypt_hash_destroy(rh->rp.p.csum.ch); + rh->rp.p.csum.ch = NULL; + } + if (rh->rp.p.csum.checksums) { + memset(rh->rp.p.csum.checksums, 0, rh->rp.p.csum.checksums_len); + free(rh->rp.p.csum.checksums); + rh->rp.p.csum.checksums = NULL; + } + } + + json_object_put(rh->jobj_segs_hot); + rh->jobj_segs_hot = NULL; + json_object_put(rh->jobj_segs_post); + rh->jobj_segs_post = NULL; + json_object_put(rh->jobj_segment_old); + rh->jobj_segment_old = NULL; + json_object_put(rh->jobj_segment_new); + rh->jobj_segment_new = NULL; + json_object_put(rh->jobj_segment_moved); + rh->jobj_segment_moved = NULL; + + free(rh->reenc_buffer); + rh->reenc_buffer = NULL; + crypt_storage_wrapper_destroy(rh->cw1); + rh->cw1 = NULL; + crypt_storage_wrapper_destroy(rh->cw2); + rh->cw2 = NULL; + + free(rh->device_name); + free(rh->overlay_name); + free(rh->hotzone_name); + crypt_drop_keyring_key(cd, rh->vks); + crypt_free_volume_key(rh->vks); + device_release_excl(cd, crypt_data_device(cd)); + crypt_unlock_internal(cd, rh->reenc_lock); + free(rh); +} + +static size_t reencrypt_get_alignment(struct crypt_device *cd, + struct luks2_hdr *hdr) +{ + int ss; + size_t alignment = device_block_size(cd, crypt_data_device(cd)); + + ss = reencrypt_get_sector_size_old(hdr); + if (ss > 0 && (size_t)ss > alignment) + alignment = ss; + ss = reencrypt_get_sector_size_new(hdr); + if (ss > 0 && (size_t)ss > alignment) + alignment = (size_t)ss; + + return alignment; +} + +/* returns void because it must not fail on valid LUKS2 header */ +static void _load_backup_segments(struct luks2_hdr *hdr, + struct luks2_reenc_context *rh) +{ + int segment = LUKS2_get_segment_id_by_flag(hdr, "backup-final"); + + if (segment >= 0) { + rh->jobj_segment_new = json_object_get(LUKS2_get_segment_jobj(hdr, segment)); + rh->digest_new = LUKS2_digest_by_segment(hdr, segment); + } else { + rh->jobj_segment_new = NULL; + rh->digest_new = -ENOENT; + } + + segment = LUKS2_get_segment_id_by_flag(hdr, "backup-previous"); + if (segment >= 0) { + rh->jobj_segment_old = json_object_get(LUKS2_get_segment_jobj(hdr, segment)); + rh->digest_old = LUKS2_digest_by_segment(hdr, segment); + } else { + rh->jobj_segment_old = NULL; + rh->digest_old = -ENOENT; + } + + segment = LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment"); + if (segment >= 0) + rh->jobj_segment_moved = json_object_get(LUKS2_get_segment_jobj(hdr, segment)); + else + rh->jobj_segment_moved = NULL; +} + +static int reencrypt_offset_backward_moved(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t *reencrypt_length, uint64_t data_shift, uint64_t *offset) +{ + uint64_t tmp, linear_length = 0; + int sg, segs = json_segments_count(jobj_segments); + + /* find reencrypt offset with data shift */ + for (sg = 0; sg < segs; sg++) + if (LUKS2_segment_is_type(hdr, sg, "linear")) + linear_length += LUKS2_segment_size(hdr, sg, 0); + + /* all active linear segments length */ + if (linear_length) { + if (linear_length < data_shift) + return -EINVAL; + tmp = linear_length - data_shift; + if (tmp && tmp < data_shift) { + *offset = data_shift; + *reencrypt_length = tmp; + } else + *offset = tmp; + return 0; + } + + if (segs == 1) { + *offset = 0; + return 0; + } + + /* should be unreachable */ + + return -EINVAL; +} + +static int _offset_forward(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t *offset) +{ + int segs = json_segments_count(jobj_segments); + + if (segs == 1) + *offset = 0; + else if (segs == 2) { + *offset = json_segment_get_size(json_segments_get_segment(jobj_segments, 0), 0); + if (!*offset) + return -EINVAL; + } else + return -EINVAL; + + return 0; +} + +static int _offset_backward(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t device_size, uint64_t *length, uint64_t *offset) +{ + int segs = json_segments_count(jobj_segments); + uint64_t tmp; + + if (segs == 1) { + if (device_size < *length) + *length = device_size; + *offset = device_size - *length; + } else if (segs == 2) { + tmp = json_segment_get_size(json_segments_get_segment(jobj_segments, 0), 0); + if (tmp < *length) + *length = tmp; + *offset = tmp - *length; + } else + return -EINVAL; + + return 0; +} + +/* must be always relative to data offset */ +/* the LUKS2 header MUST be valid */ +static int reencrypt_offset(struct luks2_hdr *hdr, + crypt_reencrypt_direction_info di, + uint64_t device_size, + uint64_t *reencrypt_length, + uint64_t *offset) +{ + int sg; + json_object *jobj_segments; + uint64_t data_shift = reencrypt_data_shift(hdr); + + if (!offset) + return -EINVAL; + + /* if there's segment in reencryption return directly offset of it */ + json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments); + sg = json_segments_segment_in_reencrypt(jobj_segments); + if (sg >= 0) { + *offset = LUKS2_segment_offset(hdr, sg, 0) - (reencrypt_get_data_offset_new(hdr)); + return 0; + } + + if (di == CRYPT_REENCRYPT_FORWARD) + return _offset_forward(hdr, jobj_segments, offset); + else if (di == CRYPT_REENCRYPT_BACKWARD) { + if (reencrypt_mode(hdr) == CRYPT_REENCRYPT_ENCRYPT && + LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0) + return reencrypt_offset_backward_moved(hdr, jobj_segments, reencrypt_length, data_shift, offset); + return _offset_backward(hdr, jobj_segments, device_size, reencrypt_length, offset); + } + + return -EINVAL; +} + +static uint64_t reencrypt_length(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t keyslot_area_length, + uint64_t length_max) +{ + unsigned long dummy, optimal_alignment; + uint64_t length, soft_mem_limit; + + if (rh->rp.type == REENC_PROTECTION_NONE) + length = length_max ?: LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH; + else if (rh->rp.type == REENC_PROTECTION_CHECKSUM) + length = (keyslot_area_length / rh->rp.p.csum.hash_size) * rh->alignment; + else if (rh->rp.type == REENC_PROTECTION_DATASHIFT) + return reencrypt_data_shift(hdr); + else + length = keyslot_area_length; + + /* hard limit */ + if (length > LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH) + length = LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH; + + /* soft limit is 1/4 of system memory */ + soft_mem_limit = crypt_getphysmemory_kb() << 8; /* multiply by (1024/4) */ + + if (soft_mem_limit && length > soft_mem_limit) + length = soft_mem_limit; + + if (length_max && length > length_max) + length = length_max; + + length -= (length % rh->alignment); + + /* Emits error later */ + if (!length) + return length; + + device_topology_alignment(cd, crypt_data_device(cd), &optimal_alignment, &dummy, length); + + /* we have to stick with encryption sector size alignment */ + if (optimal_alignment % rh->alignment) + return length; + + /* align to opt-io size only if remaining size allows it */ + if (length > optimal_alignment) + length -= (length % optimal_alignment); + + return length; +} + +static int reencrypt_context_init(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reenc_context *rh, uint64_t device_size, const struct crypt_params_reencrypt *params) +{ + int r; + uint64_t dummy, area_length; + + rh->reenc_keyslot = LUKS2_find_keyslot(hdr, "reencrypt"); + if (rh->reenc_keyslot < 0) + return -EINVAL; + if (LUKS2_keyslot_area(hdr, rh->reenc_keyslot, &dummy, &area_length) < 0) + return -EINVAL; + + rh->mode = reencrypt_mode(hdr); + + rh->alignment = reencrypt_get_alignment(cd, hdr); + if (!rh->alignment) + return -EINVAL; + + log_dbg(cd, "Hotzone size: %" PRIu64 ", device size: %" PRIu64 ", alignment: %zu.", + params->max_hotzone_size << SECTOR_SHIFT, + params->device_size << SECTOR_SHIFT, rh->alignment); + + if ((params->max_hotzone_size << SECTOR_SHIFT) % rh->alignment) { + log_err(cd, _("Hotzone size must be multiple of calculated zone alignment (%zu bytes)."), rh->alignment); + return -EINVAL; + } + + if ((params->device_size << SECTOR_SHIFT) % rh->alignment) { + log_err(cd, _("Device size must be multiple of calculated zone alignment (%zu bytes)."), rh->alignment); + return -EINVAL; + } + + rh->direction = reencrypt_direction(hdr); + + if (!strcmp(params->resilience, "datashift")) { + log_dbg(cd, "Initializing reencryption context with data_shift resilience."); + rh->rp.type = REENC_PROTECTION_DATASHIFT; + rh->data_shift = reencrypt_data_shift(hdr); + } else if (!strcmp(params->resilience, "journal")) { + log_dbg(cd, "Initializing reencryption context with journal resilience."); + rh->rp.type = REENC_PROTECTION_JOURNAL; + } else if (!strcmp(params->resilience, "checksum")) { + log_dbg(cd, "Initializing reencryption context with checksum resilience."); + rh->rp.type = REENC_PROTECTION_CHECKSUM; + + r = snprintf(rh->rp.p.csum.hash, + sizeof(rh->rp.p.csum.hash), "%s", params->hash); + if (r < 0 || (size_t)r >= sizeof(rh->rp.p.csum.hash)) { + log_dbg(cd, "Invalid hash parameter"); + return -EINVAL; + } + + if (crypt_hash_init(&rh->rp.p.csum.ch, params->hash)) { + log_dbg(cd, "Failed to initialize checksum resilience hash %s", params->hash); + return -EINVAL; + } + + r = crypt_hash_size(params->hash); + if (r < 1) { + log_dbg(cd, "Invalid hash size"); + return -EINVAL; + } + rh->rp.p.csum.hash_size = r; + + rh->rp.p.csum.checksums_len = area_length; + if (posix_memalign(&rh->rp.p.csum.checksums, device_alignment(crypt_metadata_device(cd)), + rh->rp.p.csum.checksums_len)) + return -ENOMEM; + } else if (!strcmp(params->resilience, "none")) { + log_dbg(cd, "Initializing reencryption context with none resilience."); + rh->rp.type = REENC_PROTECTION_NONE; + } else { + log_err(cd, _("Unsupported resilience mode %s"), params->resilience); + return -EINVAL; + } + + if (params->device_size) { + log_dbg(cd, "Switching reencryption to fixed size mode."); + device_size = params->device_size << SECTOR_SHIFT; + rh->fixed_length = true; + } else + rh->fixed_length = false; + + rh->length = reencrypt_length(cd, hdr, rh, area_length, params->max_hotzone_size << SECTOR_SHIFT); + if (!rh->length) { + log_dbg(cd, "Invalid reencryption length."); + return -EINVAL; + } + + if (reencrypt_offset(hdr, rh->direction, device_size, &rh->length, &rh->offset)) { + log_dbg(cd, "Failed to get reencryption offset."); + return -EINVAL; + } + + if (rh->offset > device_size) + return -EINVAL; + if (rh->length > device_size - rh->offset) + rh->length = device_size - rh->offset; + + log_dbg(cd, "reencrypt-direction: %s", rh->direction == CRYPT_REENCRYPT_FORWARD ? "forward" : "backward"); + + _load_backup_segments(hdr, rh); + + if (rh->direction == CRYPT_REENCRYPT_BACKWARD) + rh->progress = device_size - rh->offset - rh->length; + else + rh->progress = rh->offset; + + log_dbg(cd, "backup-previous digest id: %d", rh->digest_old); + log_dbg(cd, "backup-final digest id: %d", rh->digest_new); + log_dbg(cd, "reencrypt length: %" PRIu64, rh->length); + log_dbg(cd, "reencrypt offset: %" PRIu64, rh->offset); + log_dbg(cd, "reencrypt shift: %s%" PRIu64, (rh->data_shift && rh->direction == CRYPT_REENCRYPT_BACKWARD ? "-" : ""), rh->data_shift); + log_dbg(cd, "reencrypt alignment: %zu", rh->alignment); + log_dbg(cd, "reencrypt progress: %" PRIu64, rh->progress); + + rh->device_size = device_size; + + return rh->length < 512 ? -EINVAL : 0; +} + +static size_t reencrypt_buffer_length(struct luks2_reenc_context *rh) +{ + if (rh->data_shift) + return rh->data_shift; + return rh->length; +} + +static int reencrypt_load_clean(struct crypt_device *cd, + struct luks2_hdr *hdr, + uint64_t device_size, + struct luks2_reenc_context **rh, + const struct crypt_params_reencrypt *params) +{ + int r; + const struct crypt_params_reencrypt hdr_reenc_params = { + .resilience = reencrypt_resilience_type(hdr), + .hash = reencrypt_resilience_hash(hdr), + .device_size = params ? params->device_size : 0 + }; + struct luks2_reenc_context *tmp = crypt_zalloc(sizeof (*tmp)); + + if (!tmp) + return -ENOMEM; + + r = -EINVAL; + if (!hdr_reenc_params.resilience) + goto err; + + /* skip context update if data shift is detected in header */ + if (!strcmp(hdr_reenc_params.resilience, "datashift")) + params = NULL; + + log_dbg(cd, "Initializing reencryption context (%s).", params ? "update" : "load"); + + if (!params || !params->resilience) + params = &hdr_reenc_params; + + r = reencrypt_context_init(cd, hdr, tmp, device_size, params); + if (r) + goto err; + + if (posix_memalign(&tmp->reenc_buffer, device_alignment(crypt_data_device(cd)), + reencrypt_buffer_length(tmp))) { + r = -ENOMEM; + goto err; + } + + *rh = tmp; + + return 0; +err: + LUKS2_reenc_context_free(cd, tmp); + + return r; +} + +static int reencrypt_make_segments(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t device_size) +{ + int r; + uint64_t data_offset = reencrypt_get_data_offset_new(hdr); + + log_dbg(cd, "Calculating segments."); + + r = reencrypt_make_hot_segments(cd, hdr, rh, device_size, data_offset); + if (!r) { + r = reencrypt_make_post_segments(cd, hdr, rh, data_offset); + if (r) + json_object_put(rh->jobj_segs_hot); + } + + if (r) + log_dbg(cd, "Failed to make reencryption segments."); + + return r; +} + +static int reencrypt_make_segments_crashed(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh) +{ + int r; + uint64_t data_offset = crypt_get_data_offset(cd) << SECTOR_SHIFT; + + if (!rh) + return -EINVAL; + + rh->jobj_segs_hot = json_object_new_object(); + if (!rh->jobj_segs_hot) + return -ENOMEM; + + json_object_object_foreach(LUKS2_get_segments_jobj(hdr), key, val) { + if (json_segment_is_backup(val)) + continue; + json_object_object_add(rh->jobj_segs_hot, key, json_object_get(val)); + } + + r = reencrypt_make_post_segments(cd, hdr, rh, data_offset); + if (r) { + json_object_put(rh->jobj_segs_hot); + rh->jobj_segs_hot = NULL; + } + + return r; +} + +static int reencrypt_load_crashed(struct crypt_device *cd, + struct luks2_hdr *hdr, uint64_t device_size, struct luks2_reenc_context **rh) +{ + bool dynamic; + uint64_t minimal_size; + int r, reenc_seg; + struct crypt_params_reencrypt params = {}; + + if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic)) + return -EINVAL; + + if (!dynamic) + params.device_size = minimal_size >> SECTOR_SHIFT; + + r = reencrypt_load_clean(cd, hdr, device_size, rh, ¶ms); + + if (!r) { + reenc_seg = json_segments_segment_in_reencrypt(LUKS2_get_segments_jobj(hdr)); + if (reenc_seg < 0) + r = -EINVAL; + else + (*rh)->length = LUKS2_segment_size(hdr, reenc_seg, 0); + } + + if (!r && ((*rh)->rp.type == REENC_PROTECTION_CHECKSUM)) { + /* we have to override calculated alignment with value stored in mda */ + (*rh)->alignment = reencrypt_alignment(hdr); + if (!(*rh)->alignment) { + log_dbg(cd, "Failed to get read resilience sector_size from metadata."); + r = -EINVAL; + } + } + + if (!r) + r = reencrypt_make_segments_crashed(cd, hdr, *rh); + + if (r) { + LUKS2_reenc_context_free(cd, *rh); + *rh = NULL; + } + return r; +} + +static int reencrypt_init_storage_wrappers(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + struct volume_key *vks) +{ + int r; + struct volume_key *vk; + uint32_t wrapper_flags = (getuid() || geteuid()) ? 0 : DISABLE_KCAPI; + + vk = crypt_volume_key_by_id(vks, rh->digest_old); + r = crypt_storage_wrapper_init(cd, &rh->cw1, crypt_data_device(cd), + reencrypt_get_data_offset_old(hdr), + crypt_get_iv_offset(cd), + reencrypt_get_sector_size_old(hdr), + reencrypt_segment_cipher_old(hdr), + vk, wrapper_flags | OPEN_READONLY); + if (r) { + log_err(cd, _("Failed to initialize old segment storage wrapper.")); + return r; + } + rh->wflags1 = wrapper_flags | OPEN_READONLY; + log_dbg(cd, "Old cipher storage wrapper type: %d.", crypt_storage_wrapper_get_type(rh->cw1)); + + vk = crypt_volume_key_by_id(vks, rh->digest_new); + r = crypt_storage_wrapper_init(cd, &rh->cw2, crypt_data_device(cd), + reencrypt_get_data_offset_new(hdr), + crypt_get_iv_offset(cd), + reencrypt_get_sector_size_new(hdr), + reencrypt_segment_cipher_new(hdr), + vk, wrapper_flags); + if (r) { + log_err(cd, _("Failed to initialize new segment storage wrapper.")); + return r; + } + rh->wflags2 = wrapper_flags; + log_dbg(cd, "New cipher storage wrapper type: %d", crypt_storage_wrapper_get_type(rh->cw2)); + + return 0; +} + +static int reencrypt_context_set_names(struct luks2_reenc_context *rh, const char *name) +{ + if (!rh | !name) + return -EINVAL; + + if (*name == '/') { + if (!(rh->device_name = dm_device_name(name))) + return -EINVAL; + } else if (!(rh->device_name = strdup(name))) + return -ENOMEM; + + if (asprintf(&rh->hotzone_name, "%s-hotzone-%s", rh->device_name, + rh->direction == CRYPT_REENCRYPT_FORWARD ? "forward" : "backward") < 0) { + rh->hotzone_name = NULL; + return -ENOMEM; + } + if (asprintf(&rh->overlay_name, "%s-overlay", rh->device_name) < 0) { + rh->overlay_name = NULL; + return -ENOMEM; + } + + rh->online = true; + return 0; +} + +static int modify_offset(uint64_t *offset, uint64_t data_shift, crypt_reencrypt_direction_info di) +{ + int r = -EINVAL; + + if (!offset) + return r; + + if (di == CRYPT_REENCRYPT_FORWARD) { + if (*offset >= data_shift) { + *offset -= data_shift; + r = 0; + } + } else if (di == CRYPT_REENCRYPT_BACKWARD) { + *offset += data_shift; + r = 0; + } + + return r; +} + +static int reencrypt_update_flag(struct crypt_device *cd, int enable, bool commit) +{ + uint32_t reqs; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + if (LUKS2_config_get_requirements(cd, hdr, &reqs)) + return -EINVAL; + + /* nothing to do */ + if (enable && (reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT)) + return -EINVAL; + + /* nothing to do */ + if (!enable && !(reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT)) + return -EINVAL; + + if (enable) + reqs |= CRYPT_REQUIREMENT_ONLINE_REENCRYPT; + else + reqs &= ~CRYPT_REQUIREMENT_ONLINE_REENCRYPT; + + log_dbg(cd, "Going to %s reencryption requirement flag.", enable ? "store" : "wipe"); + + return LUKS2_config_set_requirements(cd, hdr, reqs, commit); +} + +static int reencrypt_recover_segment(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + struct volume_key *vks) +{ + struct volume_key *vk_old, *vk_new; + size_t count, s; + ssize_t read, w; + unsigned resilience; + uint64_t area_offset, area_length, area_length_read, crash_iv_offset, + data_offset = crypt_get_data_offset(cd) << SECTOR_SHIFT; + int devfd, r, new_sector_size, old_sector_size, rseg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot); + char *checksum_tmp = NULL, *data_buffer = NULL; + struct crypt_storage_wrapper *cw1 = NULL, *cw2 = NULL; + + resilience = rh->rp.type; + + if (rseg < 0 || rh->length < 512) + return -EINVAL; + + vk_new = crypt_volume_key_by_id(vks, rh->digest_new); + if (!vk_new && rh->mode != CRYPT_REENCRYPT_DECRYPT) + return -EINVAL; + vk_old = crypt_volume_key_by_id(vks, rh->digest_old); + if (!vk_old && rh->mode != CRYPT_REENCRYPT_ENCRYPT) + return -EINVAL; + old_sector_size = json_segment_get_sector_size(reencrypt_segment_old(hdr)); + new_sector_size = json_segment_get_sector_size(reencrypt_segment_new(hdr)); + if (rh->mode == CRYPT_REENCRYPT_DECRYPT) + crash_iv_offset = rh->offset >> SECTOR_SHIFT; /* TODO: + old iv_tweak */ + else + crash_iv_offset = json_segment_get_iv_offset(json_segments_get_segment(rh->jobj_segs_hot, rseg)); + + log_dbg(cd, "crash_offset: %" PRIu64 ", crash_length: %" PRIu64 ", crash_iv_offset: %" PRIu64, data_offset + rh->offset, rh->length, crash_iv_offset); + + r = crypt_storage_wrapper_init(cd, &cw2, crypt_data_device(cd), + data_offset + rh->offset, crash_iv_offset, new_sector_size, + reencrypt_segment_cipher_new(hdr), vk_new, 0); + if (r) { + log_err(cd, _("Failed to initialize new segment storage wrapper.")); + return r; + } + + if (LUKS2_keyslot_area(hdr, rh->reenc_keyslot, &area_offset, &area_length)) { + r = -EINVAL; + goto out; + } + + if (posix_memalign((void**)&data_buffer, device_alignment(crypt_data_device(cd)), rh->length)) { + r = -ENOMEM; + goto out; + } + + switch (resilience) { + case REENC_PROTECTION_CHECKSUM: + log_dbg(cd, "Checksums based recovery."); + + r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd), + data_offset + rh->offset, crash_iv_offset, old_sector_size, + reencrypt_segment_cipher_old(hdr), vk_old, 0); + if (r) { + log_err(cd, _("Failed to initialize old segment storage wrapper.")); + goto out; + } + + count = rh->length / rh->alignment; + area_length_read = count * rh->rp.p.csum.hash_size; + if (area_length_read > area_length) { + log_dbg(cd, "Internal error in calculated area_length."); + r = -EINVAL; + goto out; + } + + checksum_tmp = malloc(rh->rp.p.csum.hash_size); + if (!checksum_tmp) { + r = -ENOMEM; + goto out; + } + + /* TODO: lock for read */ + devfd = device_open(cd, crypt_metadata_device(cd), O_RDONLY); + if (devfd < 0) + goto out; + + /* read old data checksums */ + read = read_lseek_blockwise(devfd, device_block_size(cd, crypt_metadata_device(cd)), + device_alignment(crypt_metadata_device(cd)), rh->rp.p.csum.checksums, area_length_read, area_offset); + if (read < 0 || (size_t)read != area_length_read) { + log_err(cd, _("Failed to read checksums for current hotzone.")); + r = -EINVAL; + goto out; + } + + read = crypt_storage_wrapper_read(cw2, 0, data_buffer, rh->length); + if (read < 0 || (size_t)read != rh->length) { + log_err(cd, _("Failed to read hotzone area starting at %" PRIu64 "."), rh->offset + data_offset); + r = -EINVAL; + goto out; + } + + for (s = 0; s < count; s++) { + if (crypt_hash_write(rh->rp.p.csum.ch, data_buffer + (s * rh->alignment), rh->alignment)) { + log_dbg(cd, "Failed to write hash."); + r = EINVAL; + goto out; + } + if (crypt_hash_final(rh->rp.p.csum.ch, checksum_tmp, rh->rp.p.csum.hash_size)) { + log_dbg(cd, "Failed to finalize hash."); + r = EINVAL; + goto out; + } + if (!memcmp(checksum_tmp, (char *)rh->rp.p.csum.checksums + (s * rh->rp.p.csum.hash_size), rh->rp.p.csum.hash_size)) { + log_dbg(cd, "Sector %zu (size %zu, offset %zu) needs recovery", s, rh->alignment, s * rh->alignment); + if (crypt_storage_wrapper_decrypt(cw1, s * rh->alignment, data_buffer + (s * rh->alignment), rh->alignment)) { + log_err(cd, _("Failed to decrypt sector %zu."), s); + r = -EINVAL; + goto out; + } + w = crypt_storage_wrapper_encrypt_write(cw2, s * rh->alignment, data_buffer + (s * rh->alignment), rh->alignment); + if (w < 0 || (size_t)w != rh->alignment) { + log_err(cd, _("Failed to recover sector %zu."), s); + r = -EINVAL; + goto out; + } + } + } + + r = 0; + break; + case REENC_PROTECTION_JOURNAL: + log_dbg(cd, "Journal based recovery."); + + /* FIXME: validation candidate */ + if (rh->length > area_length) { + r = -EINVAL; + log_dbg(cd, "Invalid journal size."); + goto out; + } + + /* TODO locking */ + r = crypt_storage_wrapper_init(cd, &cw1, crypt_metadata_device(cd), + area_offset, crash_iv_offset, old_sector_size, + reencrypt_segment_cipher_old(hdr), vk_old, 0); + if (r) { + log_err(cd, _("Failed to initialize old segment storage wrapper.")); + goto out; + } + read = crypt_storage_wrapper_read_decrypt(cw1, 0, data_buffer, rh->length); + if (read < 0 || (size_t)read != rh->length) { + log_dbg(cd, "Failed to read journaled data."); + r = -EIO; + /* may content plaintext */ + crypt_safe_memzero(data_buffer, rh->length); + goto out; + } + read = crypt_storage_wrapper_encrypt_write(cw2, 0, data_buffer, rh->length); + /* may content plaintext */ + crypt_safe_memzero(data_buffer, rh->length); + if (read < 0 || (size_t)read != rh->length) { + log_dbg(cd, "recovery write failed."); + r = -EINVAL; + goto out; + } + + r = 0; + break; + case REENC_PROTECTION_DATASHIFT: + log_dbg(cd, "Data shift based recovery."); + + if (rseg == 0) { + r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd), + json_segment_get_offset(rh->jobj_segment_moved, 0), 0, 0, + reencrypt_segment_cipher_old(hdr), NULL, 0); + } else + r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd), + data_offset + rh->offset - rh->data_shift, 0, 0, + reencrypt_segment_cipher_old(hdr), NULL, 0); + if (r) { + log_err(cd, _("Failed to initialize old segment storage wrapper.")); + goto out; + } + + read = crypt_storage_wrapper_read_decrypt(cw1, 0, data_buffer, rh->length); + if (read < 0 || (size_t)read != rh->length) { + log_dbg(cd, "Failed to read data."); + r = -EIO; + /* may content plaintext */ + crypt_safe_memzero(data_buffer, rh->length); + goto out; + } + + read = crypt_storage_wrapper_encrypt_write(cw2, 0, data_buffer, rh->length); + /* may content plaintext */ + crypt_safe_memzero(data_buffer, rh->length); + if (read < 0 || (size_t)read != rh->length) { + log_dbg(cd, "recovery write failed."); + r = -EINVAL; + goto out; + } + r = 0; + break; + default: + r = -EINVAL; + } + + if (!r) + rh->read = rh->length; +out: + free(data_buffer); + free(checksum_tmp); + crypt_storage_wrapper_destroy(cw1); + crypt_storage_wrapper_destroy(cw2); + + return r; +} + +static int reencrypt_add_moved_segment(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh) +{ + int s = LUKS2_segment_first_unused_id(hdr); + + if (!rh->jobj_segment_moved) + return 0; + + if (s < 0) + return s; + + if (json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), s, json_object_get(rh->jobj_segment_moved))) { + json_object_put(rh->jobj_segment_moved); + return -EINVAL; + } + + return 0; +} + +static int reencrypt_add_backup_segment(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + unsigned final) +{ + int digest, s = LUKS2_segment_first_unused_id(hdr); + json_object *jobj; + + if (s < 0) + return s; + + digest = final ? rh->digest_new : rh->digest_old; + jobj = final ? rh->jobj_segment_new : rh->jobj_segment_old; + + if (json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), s, json_object_get(jobj))) { + json_object_put(jobj); + return -EINVAL; + } + + if (strcmp(json_segment_type(jobj), "crypt")) + return 0; + + return LUKS2_digest_segment_assign(cd, hdr, s, digest, 1, 0); +} + +static int reencrypt_assign_segments_simple(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + unsigned hot, + unsigned commit) +{ + int r, sg; + + if (hot && json_segments_count(rh->jobj_segs_hot) > 0) { + log_dbg(cd, "Setting 'hot' segments."); + + r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_hot, 0); + if (!r) + rh->jobj_segs_hot = NULL; + } else if (!hot && json_segments_count(rh->jobj_segs_post) > 0) { + log_dbg(cd, "Setting 'post' segments."); + r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_post, 0); + if (!r) + rh->jobj_segs_post = NULL; + } else { + log_dbg(cd, "No segments to set."); + return -EINVAL; + } + + if (r) { + log_dbg(cd, "Failed to assign new enc segments."); + return r; + } + + r = reencrypt_add_backup_segment(cd, hdr, rh, 0); + if (r) { + log_dbg(cd, "Failed to assign reencryption previous backup segment."); + return r; + } + + r = reencrypt_add_backup_segment(cd, hdr, rh, 1); + if (r) { + log_dbg(cd, "Failed to assign reencryption final backup segment."); + return r; + } + + r = reencrypt_add_moved_segment(cd, hdr, rh); + if (r) { + log_dbg(cd, "Failed to assign reencryption moved backup segment."); + return r; + } + + for (sg = 0; sg < LUKS2_segments_count(hdr); sg++) { + if (LUKS2_segment_is_type(hdr, sg, "crypt") && + LUKS2_digest_segment_assign(cd, hdr, sg, rh->mode == CRYPT_REENCRYPT_ENCRYPT ? rh->digest_new : rh->digest_old, 1, 0)) { + log_dbg(cd, "Failed to assign digest %u to segment %u.", rh->digest_new, sg); + return -EINVAL; + } + } + + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +} + +static int reencrypt_assign_segments(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + unsigned hot, + unsigned commit) +{ + bool forward; + int rseg, scount, r = -EINVAL; + + /* FIXME: validate in reencrypt context load */ + if (rh->digest_new < 0 && rh->mode != CRYPT_REENCRYPT_DECRYPT) + return -EINVAL; + + if (LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, CRYPT_ANY_DIGEST, 0, 0)) + return -EINVAL; + + if (rh->mode == CRYPT_REENCRYPT_ENCRYPT || rh->mode == CRYPT_REENCRYPT_DECRYPT) + return reencrypt_assign_segments_simple(cd, hdr, rh, hot, commit); + + if (hot && rh->jobj_segs_hot) { + log_dbg(cd, "Setting 'hot' segments."); + + r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_hot, 0); + if (!r) + rh->jobj_segs_hot = NULL; + } else if (!hot && rh->jobj_segs_post) { + log_dbg(cd, "Setting 'post' segments."); + r = LUKS2_segments_set(cd, hdr, rh->jobj_segs_post, 0); + if (!r) + rh->jobj_segs_post = NULL; + } + + if (r) + return r; + + scount = LUKS2_segments_count(hdr); + + /* segment in reencryption has to hold reference on both digests */ + rseg = json_segments_segment_in_reencrypt(LUKS2_get_segments_jobj(hdr)); + if (rseg < 0 && hot) + return -EINVAL; + + if (rseg >= 0) { + LUKS2_digest_segment_assign(cd, hdr, rseg, rh->digest_new, 1, 0); + LUKS2_digest_segment_assign(cd, hdr, rseg, rh->digest_old, 1, 0); + } + + forward = (rh->direction == CRYPT_REENCRYPT_FORWARD); + if (hot) { + if (rseg > 0) + LUKS2_digest_segment_assign(cd, hdr, 0, forward ? rh->digest_new : rh->digest_old, 1, 0); + if (scount > rseg + 1) + LUKS2_digest_segment_assign(cd, hdr, rseg + 1, forward ? rh->digest_old : rh->digest_new, 1, 0); + } else { + LUKS2_digest_segment_assign(cd, hdr, 0, forward || scount == 1 ? rh->digest_new : rh->digest_old, 1, 0); + if (scount > 1) + LUKS2_digest_segment_assign(cd, hdr, 1, forward ? rh->digest_old : rh->digest_new, 1, 0); + } + + r = reencrypt_add_backup_segment(cd, hdr, rh, 0); + if (r) { + log_dbg(cd, "Failed to assign hot reencryption backup segment."); + return r; + } + r = reencrypt_add_backup_segment(cd, hdr, rh, 1); + if (r) { + log_dbg(cd, "Failed to assign post reencryption backup segment."); + return r; + } + + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +} + +static int reencrypt_set_encrypt_segments(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t dev_size, uint64_t data_shift, bool move_first_segment, crypt_reencrypt_direction_info di) +{ + int r; + uint64_t first_segment_offset, first_segment_length, + second_segment_offset, second_segment_length, + data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT; + json_object *jobj_segment_first = NULL, *jobj_segment_second = NULL, *jobj_segments; + + if (dev_size < data_shift) + return -EINVAL; + + if (data_shift && (di == CRYPT_REENCRYPT_FORWARD)) + return -ENOTSUP; + + if (move_first_segment) { + /* + * future data_device layout: + * [future LUKS2 header (data shift size)][second data segment][gap (data shift size)][first data segment (data shift size)] + */ + first_segment_offset = dev_size; + first_segment_length = data_shift; + second_segment_offset = data_shift; + second_segment_length = dev_size - 2 * data_shift; + } else if (data_shift) { + first_segment_offset = data_offset; + first_segment_length = dev_size; + } else { + /* future data_device layout with detached header: [first data segment] */ + first_segment_offset = data_offset; + first_segment_length = 0; /* dynamic */ + } + + jobj_segments = json_object_new_object(); + if (!jobj_segments) + return -ENOMEM; + + r = -EINVAL; + if (move_first_segment) { + jobj_segment_first = json_segment_create_linear(first_segment_offset, &first_segment_length, 0); + if (second_segment_length && + !(jobj_segment_second = json_segment_create_linear(second_segment_offset, &second_segment_length, 0))) { + log_dbg(cd, "Failed generate 2nd segment."); + goto err; + } + } else + jobj_segment_first = json_segment_create_linear(first_segment_offset, first_segment_length ? &first_segment_length : NULL, 0); + + if (!jobj_segment_first) { + log_dbg(cd, "Failed generate 1st segment."); + goto err; + } + + json_object_object_add(jobj_segments, "0", jobj_segment_first); + if (jobj_segment_second) + json_object_object_add(jobj_segments, "1", jobj_segment_second); + + r = LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, CRYPT_ANY_DIGEST, 0, 0); + + if (!r) + r = LUKS2_segments_set(cd, hdr, jobj_segments, 0); +err: + return r; +} + +static int reencrypt_make_targets(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct device *hz_device, + struct volume_key *vks, + struct dm_target *result, + uint64_t size) +{ + bool reenc_seg; + struct volume_key *vk; + uint64_t segment_size, segment_offset, segment_start = 0; + int r; + int s = 0; + json_object *jobj, *jobj_segments = LUKS2_get_segments_jobj(hdr); + + while (result) { + jobj = json_segments_get_segment(jobj_segments, s); + if (!jobj) { + log_dbg(cd, "Internal error. Segment %u is null.", s); + r = -EINVAL; + goto out; + } + + reenc_seg = (s == json_segments_segment_in_reencrypt(jobj_segments)); + + segment_offset = json_segment_get_offset(jobj, 1); + segment_size = json_segment_get_size(jobj, 1); + /* 'dynamic' length allowed in last segment only */ + if (!segment_size && !result->next) + segment_size = (size >> SECTOR_SHIFT) - segment_start; + if (!segment_size) { + log_dbg(cd, "Internal error. Wrong segment size %u", s); + r = -EINVAL; + goto out; + } + + if (!strcmp(json_segment_type(jobj), "crypt")) { + vk = crypt_volume_key_by_id(vks, reenc_seg ? LUKS2_reencrypt_digest_new(hdr) : LUKS2_digest_by_segment(hdr, s)); + if (!vk) { + log_err(cd, _("Missing key for dm-crypt segment %u"), s); + r = -EINVAL; + goto out; + } + + if (reenc_seg) + segment_offset -= crypt_get_data_offset(cd); + + r = dm_crypt_target_set(result, segment_start, segment_size, + reenc_seg ? hz_device : crypt_data_device(cd), + vk, + json_segment_get_cipher(jobj), + json_segment_get_iv_offset(jobj), + segment_offset, + "none", + 0, + json_segment_get_sector_size(jobj)); + if (r) { + log_err(cd, _("Failed to set dm-crypt segment.")); + goto out; + } + } else if (!strcmp(json_segment_type(jobj), "linear")) { + r = dm_linear_target_set(result, segment_start, segment_size, reenc_seg ? hz_device : crypt_data_device(cd), segment_offset); + if (r) { + log_err(cd, _("Failed to set dm-linear segment.")); + goto out; + } + } else { + r = -EINVAL; + goto out; + } + + segment_start += segment_size; + s++; + result = result->next; + } + + return s; +out: + return r; +} + +/* GLOBAL FIXME: audit function names and parameters names */ + +/* FIXME: + * 1) audit log routines + * 2) can't we derive hotzone device name from crypt context? (unlocked name, device uuid, etc?) + */ +static int reencrypt_load_overlay_device(struct crypt_device *cd, struct luks2_hdr *hdr, + const char *overlay, const char *hotzone, struct volume_key *vks, uint64_t size, + uint32_t flags) +{ + char hz_path[PATH_MAX]; + int r; + + struct device *hz_dev = NULL; + struct crypt_dm_active_device dmd = { + .flags = flags, + }; + + log_dbg(cd, "Loading new table for overlay device %s.", overlay); + + r = snprintf(hz_path, PATH_MAX, "%s/%s", dm_get_dir(), hotzone); + if (r < 0 || r >= PATH_MAX) { + r = -EINVAL; + goto out; + } + + r = device_alloc(cd, &hz_dev, hz_path); + if (r) + goto out; + + r = dm_targets_allocate(&dmd.segment, LUKS2_segments_count(hdr)); + if (r) + goto out; + + r = reencrypt_make_targets(cd, hdr, hz_dev, vks, &dmd.segment, size); + if (r < 0) + goto out; + + r = dm_reload_device(cd, overlay, &dmd, 0, 0); + + /* what else on error here ? */ +out: + dm_targets_free(cd, &dmd); + device_free(cd, hz_dev); + + return r; +} + +static int reencrypt_replace_device(struct crypt_device *cd, const char *target, const char *source, uint32_t flags) +{ + int r, exists = 1; + struct crypt_dm_active_device dmd_source, dmd_target = {}; + uint32_t dmflags = DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH; + + log_dbg(cd, "Replacing table in device %s with table from device %s.", target, source); + + /* check only whether target device exists */ + r = dm_status_device(cd, target); + if (r < 0) { + if (r == -ENODEV) + exists = 0; + else + return r; + } + + r = dm_query_device(cd, source, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER | + DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY, &dmd_source); + + if (r < 0) + return r; + + if (exists && ((r = dm_query_device(cd, target, 0, &dmd_target)) < 0)) + goto err; + + dmd_source.flags |= flags; + dmd_source.uuid = crypt_get_uuid(cd); + + if (exists) { + if (dmd_target.size != dmd_source.size) { + log_err(cd, _("Source and target device sizes don't match. Source %" PRIu64 ", target: %" PRIu64 "."), + dmd_source.size, dmd_target.size); + r = -EINVAL; + goto err; + } + r = dm_reload_device(cd, target, &dmd_source, 0, 0); + if (!r) { + log_dbg(cd, "Resuming device %s", target); + r = dm_resume_device(cd, target, dmflags | act2dmflags(dmd_source.flags)); + } + } else + r = dm_create_device(cd, target, CRYPT_SUBDEV, &dmd_source); +err: + dm_targets_free(cd, &dmd_source); + dm_targets_free(cd, &dmd_target); + + return r; +} + +static int reencrypt_swap_backing_device(struct crypt_device *cd, const char *name, + const char *new_backend_name) +{ + int r; + struct device *overlay_dev = NULL; + char overlay_path[PATH_MAX] = { 0 }; + struct crypt_dm_active_device dmd = {}; + + log_dbg(cd, "Redirecting %s mapping to new backing device: %s.", name, new_backend_name); + + r = snprintf(overlay_path, PATH_MAX, "%s/%s", dm_get_dir(), new_backend_name); + if (r < 0 || r >= PATH_MAX) { + r = -EINVAL; + goto out; + } + + r = device_alloc(cd, &overlay_dev, overlay_path); + if (r) + goto out; + + r = device_block_adjust(cd, overlay_dev, DEV_OK, + 0, &dmd.size, &dmd.flags); + if (r) + goto out; + + r = dm_linear_target_set(&dmd.segment, 0, dmd.size, overlay_dev, 0); + if (r) + goto out; + + r = dm_reload_device(cd, name, &dmd, 0, 0); + if (!r) { + log_dbg(cd, "Resuming device %s", name); + r = dm_resume_device(cd, name, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH); + } + +out: + dm_targets_free(cd, &dmd); + device_free(cd, overlay_dev); + + return r; +} + +static int reencrypt_activate_hotzone_device(struct crypt_device *cd, const char *name, uint64_t device_size, uint32_t flags) +{ + int r; + uint64_t new_offset = reencrypt_get_data_offset_new(crypt_get_hdr(cd, CRYPT_LUKS2)) >> SECTOR_SHIFT; + + struct crypt_dm_active_device dmd = { + .flags = flags, + .uuid = crypt_get_uuid(cd), + .size = device_size >> SECTOR_SHIFT + }; + + log_dbg(cd, "Activating hotzone device %s.", name); + + r = device_block_adjust(cd, crypt_data_device(cd), DEV_OK, + new_offset, &dmd.size, &dmd.flags); + if (r) + goto err; + + r = dm_linear_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), new_offset); + if (r) + goto err; + + r = dm_create_device(cd, name, CRYPT_SUBDEV, &dmd); +err: + dm_targets_free(cd, &dmd); + + return r; +} + +static int reencrypt_init_device_stack(struct crypt_device *cd, + const struct luks2_reenc_context *rh) +{ + int r; + + /* Activate hotzone device 1:1 linear mapping to data_device */ + r = reencrypt_activate_hotzone_device(cd, rh->hotzone_name, rh->device_size, CRYPT_ACTIVATE_PRIVATE); + if (r) { + log_err(cd, _("Failed to activate hotzone device %s."), rh->hotzone_name); + return r; + } + + /* + * Activate overlay device with exactly same table as original 'name' mapping. + * Note that within this step the 'name' device may already include a table + * constructed from more than single dm-crypt segment. Therefore transfer + * mapping as is. + * + * If we're about to resume reencryption orig mapping has to be already validated for + * abrupt shutdown and rchunk_offset has to point on next chunk to reencrypt! + * + * TODO: in crypt_activate_by* + */ + r = reencrypt_replace_device(cd, rh->overlay_name, rh->device_name, CRYPT_ACTIVATE_PRIVATE); + if (r) { + log_err(cd, _("Failed to activate overlay device %s with actual origin table."), rh->overlay_name); + goto err; + } + + /* swap origin mapping to overlay device */ + r = reencrypt_swap_backing_device(cd, rh->device_name, rh->overlay_name); + if (r) { + log_err(cd, _("Failed to load new mapping for device %s."), rh->device_name); + goto err; + } + + /* + * Now the 'name' (unlocked luks) device is mapped via dm-linear to an overlay dev. + * The overlay device has a original live table of 'name' device in-before the swap. + */ + + return 0; +err: + /* TODO: force error helper devices on error path */ + dm_remove_device(cd, rh->overlay_name, 0); + dm_remove_device(cd, rh->hotzone_name, 0); + + return r; +} + +/* TODO: + * 1) audit error path. any error in this routine is fatal and should be unlikely. + * usually it would hint some collision with another userspace process touching + * dm devices directly. + */ +static int reenc_refresh_helper_devices(struct crypt_device *cd, const char *overlay, const char *hotzone) +{ + int r; + + /* + * we have to explicitly suspend the overlay device before suspending + * the hotzone one. Resuming overlay device (aka switching tables) only + * after suspending the hotzone may lead to deadlock. + * + * In other words: always suspend the stack from top to bottom! + */ + r = dm_suspend_device(cd, overlay, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH); + if (r) { + log_err(cd, _("Failed to suspend device %s."), overlay); + return r; + } + + /* suspend HZ device */ + r = dm_suspend_device(cd, hotzone, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH); + if (r) { + log_err(cd, _("Failed to suspend device %s."), hotzone); + return r; + } + + /* resume overlay device: inactive table (with hotozne) -> live */ + r = dm_resume_device(cd, overlay, DM_RESUME_PRIVATE); + if (r) + log_err(cd, _("Failed to resume device %s."), overlay); + + return r; +} + +static int reencrypt_refresh_overlay_devices(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *overlay, + const char *hotzone, + struct volume_key *vks, + uint64_t device_size, + uint32_t flags) +{ + int r = reencrypt_load_overlay_device(cd, hdr, overlay, hotzone, vks, device_size, flags); + if (r) { + log_err(cd, _("Failed to reload device %s."), overlay); + return REENC_ERR; + } + + r = reenc_refresh_helper_devices(cd, overlay, hotzone); + if (r) { + log_err(cd, _("Failed to refresh reencryption devices stack.")); + return REENC_ROLLBACK; + } + + return REENC_OK; +} + +static int reencrypt_move_data(struct crypt_device *cd, int devfd, uint64_t data_shift) +{ + void *buffer; + int r; + ssize_t ret; + uint64_t buffer_len, offset; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + log_dbg(cd, "Going to move data from head of data device."); + + buffer_len = data_shift; + if (!buffer_len) + return -EINVAL; + + offset = json_segment_get_offset(LUKS2_get_segment_jobj(hdr, 0), 0); + + /* this is nonsense anyway */ + if (buffer_len != json_segment_get_size(LUKS2_get_segment_jobj(hdr, 0), 0)) { + log_dbg(cd, "buffer_len %" PRIu64", segment size %" PRIu64, buffer_len, json_segment_get_size(LUKS2_get_segment_jobj(hdr, 0), 0)); + return -EINVAL; + } + + if (posix_memalign(&buffer, device_alignment(crypt_data_device(cd)), buffer_len)) + return -ENOMEM; + + ret = read_lseek_blockwise(devfd, + device_block_size(cd, crypt_data_device(cd)), + device_alignment(crypt_data_device(cd)), + buffer, buffer_len, 0); + if (ret < 0 || (uint64_t)ret != buffer_len) { + r = -EIO; + goto err; + } + + log_dbg(cd, "Going to write %" PRIu64 " bytes at offset %" PRIu64, buffer_len, offset); + ret = write_lseek_blockwise(devfd, + device_block_size(cd, crypt_data_device(cd)), + device_alignment(crypt_data_device(cd)), + buffer, buffer_len, offset); + if (ret < 0 || (uint64_t)ret != buffer_len) { + r = -EIO; + goto err; + } + + r = 0; +err: + memset(buffer, 0, buffer_len); + free(buffer); + return r; +} + +static int reencrypt_make_backup_segments(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot_new, + const char *cipher, + uint64_t data_offset, + const struct crypt_params_reencrypt *params) +{ + int r, segment, moved_segment = -1, digest_old = -1, digest_new = -1; + json_object *jobj_segment_new = NULL, *jobj_segment_old = NULL, *jobj_segment_bcp = NULL; + uint32_t sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE; + uint64_t segment_offset, tmp, data_shift = params->data_shift << SECTOR_SHIFT; + + if (params->mode != CRYPT_REENCRYPT_DECRYPT) { + digest_new = LUKS2_digest_by_keyslot(hdr, keyslot_new); + if (digest_new < 0) + return -EINVAL; + } + + if (params->mode != CRYPT_REENCRYPT_ENCRYPT) { + digest_old = LUKS2_digest_by_segment(hdr, CRYPT_DEFAULT_SEGMENT); + if (digest_old < 0) + return -EINVAL; + } + + segment = LUKS2_segment_first_unused_id(hdr); + if (segment < 0) + return -EINVAL; + + if (params->mode == CRYPT_REENCRYPT_ENCRYPT && + (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT)) { + json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_segment_bcp); + r = LUKS2_segment_set_flag(jobj_segment_bcp, "backup-moved-segment"); + if (r) + goto err; + moved_segment = segment++; + json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), moved_segment, jobj_segment_bcp); + } + + /* FIXME: Add detection for case (digest old == digest new && old segment == new segment) */ + if (digest_old >= 0) + json_object_copy(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT), &jobj_segment_old); + else if (params->mode == CRYPT_REENCRYPT_ENCRYPT) { + r = LUKS2_get_data_size(hdr, &tmp, NULL); + if (r) + goto err; + jobj_segment_old = json_segment_create_linear(0, tmp ? &tmp : NULL, 0); + } + + if (!jobj_segment_old) { + r = -EINVAL; + goto err; + } + + r = LUKS2_segment_set_flag(jobj_segment_old, "backup-previous"); + if (r) + goto err; + json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), segment, jobj_segment_old); + jobj_segment_old = NULL; + if (digest_old >= 0) + LUKS2_digest_segment_assign(cd, hdr, segment, digest_old, 1, 0); + segment++; + + if (digest_new >= 0) { + segment_offset = data_offset; + if (params->mode != CRYPT_REENCRYPT_ENCRYPT && + modify_offset(&segment_offset, data_shift, params->direction)) { + r = -EINVAL; + goto err; + } + jobj_segment_new = json_segment_create_crypt(segment_offset, + crypt_get_iv_offset(cd), + NULL, cipher, sector_size, 0); + } else if (params->mode == CRYPT_REENCRYPT_DECRYPT) { + segment_offset = data_offset; + if (modify_offset(&segment_offset, data_shift, params->direction)) { + r = -EINVAL; + goto err; + } + jobj_segment_new = json_segment_create_linear(segment_offset, NULL, 0); + } + + if (!jobj_segment_new) { + r = -EINVAL; + goto err; + } + + r = LUKS2_segment_set_flag(jobj_segment_new, "backup-final"); + if (r) + goto err; + json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), segment, jobj_segment_new); + jobj_segment_new = NULL; + if (digest_new >= 0) + LUKS2_digest_segment_assign(cd, hdr, segment, digest_new, 1, 0); + + /* FIXME: also check occupied space by keyslot in shrunk area */ + if (params->direction == CRYPT_REENCRYPT_FORWARD && data_shift && + crypt_metadata_device(cd) == crypt_data_device(cd) && + LUKS2_set_keyslots_size(cd, hdr, json_segment_get_offset(reencrypt_segment_new(hdr), 0))) { + log_err(cd, _("Failed to set new keyslots area size.")); + r = -EINVAL; + goto err; + } + + return 0; +err: + json_object_put(jobj_segment_new); + json_object_put(jobj_segment_old); + return r; +} + +static int reencrypt_verify_and_upload_keys(struct crypt_device *cd, struct luks2_hdr *hdr, int digest_old, int digest_new, struct volume_key *vks) +{ + int r; + struct volume_key *vk; + + if (digest_new >= 0) { + vk = crypt_volume_key_by_id(vks, digest_new); + if (!vk) + return -ENOENT; + else { + if (LUKS2_digest_verify_by_digest(cd, hdr, digest_new, vk) != digest_new) + return -EINVAL; + + if (crypt_use_keyring_for_vk(cd) && + (r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk)))) + return r; + } + } + + if (digest_old >= 0 && digest_old != digest_new) { + vk = crypt_volume_key_by_id(vks, digest_old); + if (!vk) { + r = -ENOENT; + goto err; + } else { + if (LUKS2_digest_verify_by_digest(cd, hdr, digest_old, vk) != digest_old) { + r = -EINVAL; + goto err; + } + if (crypt_use_keyring_for_vk(cd) && + (r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk)))) + goto err; + } + } + + return 0; +err: + crypt_drop_keyring_key(cd, vks); + return r; +} + +/* This function must be called with metadata lock held */ +static int reencrypt_init(struct crypt_device *cd, + const char *name, + struct luks2_hdr *hdr, + const char *passphrase, + size_t passphrase_size, + int keyslot_old, + int keyslot_new, + const char *cipher, + const char *cipher_mode, + const struct crypt_params_reencrypt *params, + struct volume_key **vks) +{ + bool move_first_segment; + char _cipher[128]; + uint32_t sector_size; + int r, reencrypt_keyslot, devfd = -1; + uint64_t data_offset, dev_size = 0; + struct crypt_dm_active_device dmd_target, dmd_source = { + .uuid = crypt_get_uuid(cd), + .flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */ + }; + + if (!params || params->mode > CRYPT_REENCRYPT_DECRYPT) + return -EINVAL; + + if (params->mode != CRYPT_REENCRYPT_DECRYPT && + (!params->luks2 || !(cipher && cipher_mode) || keyslot_new < 0)) + return -EINVAL; + + log_dbg(cd, "Initializing reencryption (mode: %s) in LUKS2 metadata.", + crypt_reencrypt_mode_to_str(params->mode)); + + move_first_segment = (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT); + + /* implicit sector size 512 for decryption */ + sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE; + if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE || + NOTPOW2(sector_size)) { + log_err(cd, _("Unsupported encryption sector size.")); + return -EINVAL; + } + + if (!cipher_mode || *cipher_mode == '\0') + snprintf(_cipher, sizeof(_cipher), "%s", cipher); + else + snprintf(_cipher, sizeof(_cipher), "%s-%s", cipher, cipher_mode); + + if (MISALIGNED(params->data_shift, sector_size >> SECTOR_SHIFT)) { + log_err(cd, _("Data shift is not aligned to requested encryption sector size (%" PRIu32 " bytes)."), sector_size); + return -EINVAL; + } + + data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT; + + r = device_check_access(cd, crypt_data_device(cd), DEV_OK); + if (r) + return r; + + r = device_check_size(cd, crypt_data_device(cd), data_offset, 1); + if (r) + return r; + + r = device_size(crypt_data_device(cd), &dev_size); + if (r) + return r; + + dev_size -= data_offset; + + if (MISALIGNED(dev_size, sector_size)) { + log_err(cd, _("Data device is not aligned to requested encryption sector size (%" PRIu32 " bytes)."), sector_size); + return -EINVAL; + } + + reencrypt_keyslot = LUKS2_keyslot_find_empty(hdr); + if (reencrypt_keyslot < 0) { + log_err(cd, _("All key slots full.")); + return -EINVAL; + } + + /* + * We must perform data move with exclusive open data device + * to exclude another cryptsetup process to colide with + * encryption initialization (or mount) + */ + if (move_first_segment) { + if (dev_size < 2 * (params->data_shift << SECTOR_SHIFT)) { + log_err(cd, _("Device %s is too small."), device_path(crypt_data_device(cd))); + return -EINVAL; + } + if (params->data_shift < LUKS2_get_data_offset(hdr)) { + log_err(cd, _("Data shift (%" PRIu64 " sectors) is less than future data offset (%" PRIu64 " sectors)."), params->data_shift, LUKS2_get_data_offset(hdr)); + return -EINVAL; + } + devfd = device_open_excl(cd, crypt_data_device(cd), O_RDWR); + if (devfd < 0) { + if (devfd == -EBUSY) + log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."), device_path(crypt_data_device(cd))); + return -EINVAL; + } + } + + if (params->mode == CRYPT_REENCRYPT_ENCRYPT) { + /* in-memory only */ + r = reencrypt_set_encrypt_segments(cd, hdr, dev_size, params->data_shift << SECTOR_SHIFT, move_first_segment, params->direction); + if (r) + goto err; + } + + r = LUKS2_keyslot_reencrypt_create(cd, hdr, reencrypt_keyslot, + params); + if (r < 0) + goto err; + + r = reencrypt_make_backup_segments(cd, hdr, keyslot_new, _cipher, data_offset, params); + if (r) { + log_dbg(cd, "Failed to create reencryption backup device segments."); + goto err; + } + + r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, vks); + if (r < 0) + goto err; + + if (name && params->mode != CRYPT_REENCRYPT_ENCRYPT) { + r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks); + if (r) + goto err; + + r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE | + DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY | + DM_ACTIVE_CRYPT_CIPHER, &dmd_target); + if (r < 0) + goto err; + + r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, LUKS2_get_segments_jobj(hdr), &dmd_source); + if (!r) { + r = crypt_compare_dm_devices(cd, &dmd_source, &dmd_target); + if (r) + log_err(cd, _("Mismatching parameters on device %s."), name); + } + + dm_targets_free(cd, &dmd_source); + dm_targets_free(cd, &dmd_target); + free(CONST_CAST(void*)dmd_target.uuid); + + if (r) + goto err; + } + + if (move_first_segment && reencrypt_move_data(cd, devfd, params->data_shift << SECTOR_SHIFT)) { + r = -EIO; + goto err; + } + + /* This must be first and only write in LUKS2 metadata during _reencrypt_init */ + r = reencrypt_update_flag(cd, 1, true); + if (r) { + log_dbg(cd, "Failed to set online-reencryption requirement."); + r = -EINVAL; + } else + r = reencrypt_keyslot; +err: + device_release_excl(cd, crypt_data_device(cd)); + if (r < 0) + crypt_load(cd, CRYPT_LUKS2, NULL); + + return r; +} + +static int reencrypt_hotzone_protect_final(struct crypt_device *cd, + struct luks2_hdr *hdr, struct luks2_reenc_context *rh, + const void *buffer, size_t buffer_len) +{ + const void *pbuffer; + size_t data_offset, len; + int r; + + if (rh->rp.type == REENC_PROTECTION_NONE) + return 0; + + if (rh->rp.type == REENC_PROTECTION_CHECKSUM) { + log_dbg(cd, "Checksums hotzone resilience."); + + for (data_offset = 0, len = 0; data_offset < buffer_len; data_offset += rh->alignment, len += rh->rp.p.csum.hash_size) { + if (crypt_hash_write(rh->rp.p.csum.ch, (const char *)buffer + data_offset, rh->alignment)) { + log_dbg(cd, "Failed to hash sector at offset %zu.", data_offset); + return -EINVAL; + } + if (crypt_hash_final(rh->rp.p.csum.ch, (char *)rh->rp.p.csum.checksums + len, rh->rp.p.csum.hash_size)) { + log_dbg(cd, "Failed to finalize hash."); + return -EINVAL; + } + } + pbuffer = rh->rp.p.csum.checksums; + } else if (rh->rp.type == REENC_PROTECTION_JOURNAL) { + log_dbg(cd, "Journal hotzone resilience."); + len = buffer_len; + pbuffer = buffer; + } else if (rh->rp.type == REENC_PROTECTION_DATASHIFT) { + log_dbg(cd, "Data shift hotzone resilience."); + return LUKS2_hdr_write(cd, hdr); + } else + return -EINVAL; + + log_dbg(cd, "Going to store %zu bytes in reencrypt keyslot.", len); + + r = LUKS2_keyslot_reencrypt_store(cd, hdr, rh->reenc_keyslot, pbuffer, len); + + return r > 0 ? 0 : r; +} + +static int reencrypt_context_update(struct crypt_device *cd, + struct luks2_reenc_context *rh) +{ + if (rh->read < 0) + return -EINVAL; + + if (rh->direction == CRYPT_REENCRYPT_BACKWARD) { + if (rh->data_shift && rh->mode == CRYPT_REENCRYPT_ENCRYPT) { + if (rh->offset) + rh->offset -= rh->data_shift; + if (rh->offset && (rh->offset < rh->data_shift)) { + rh->length = rh->offset; + rh->offset = rh->data_shift; + } + if (!rh->offset) + rh->length = rh->data_shift; + } else { + if (rh->offset < rh->length) + rh->length = rh->offset; + rh->offset -= rh->length; + } + } else if (rh->direction == CRYPT_REENCRYPT_FORWARD) { + rh->offset += (uint64_t)rh->read; + /* it fails in-case of device_size < rh->offset later */ + if (rh->device_size - rh->offset < rh->length) + rh->length = rh->device_size - rh->offset; + } else + return -EINVAL; + + if (rh->device_size < rh->offset) { + log_dbg(cd, "Calculated reencryption offset %" PRIu64 " is beyond device size %" PRIu64 ".", rh->offset, rh->device_size); + return -EINVAL; + } + + rh->progress += (uint64_t)rh->read; + + return 0; +} + +static int reencrypt_load(struct crypt_device *cd, struct luks2_hdr *hdr, + uint64_t device_size, + const struct crypt_params_reencrypt *params, + struct luks2_reenc_context **rh) +{ + int r; + struct luks2_reenc_context *tmp = NULL; + crypt_reencrypt_info ri = LUKS2_reenc_status(hdr); + + if (ri == CRYPT_REENCRYPT_CLEAN) + r = reencrypt_load_clean(cd, hdr, device_size, &tmp, params); + else if (ri == CRYPT_REENCRYPT_CRASH) + r = reencrypt_load_crashed(cd, hdr, device_size, &tmp); + else if (ri == CRYPT_REENCRYPT_NONE) { + log_err(cd, _("Device not marked for LUKS2 reencryption.")); + return -EINVAL; + } else + r = -EINVAL; + + if (r < 0 || !tmp) { + log_err(cd, _("Failed to load LUKS2 reencryption context.")); + return r; + } + + *rh = tmp; + + return 0; +} + +static int reencrypt_lock_internal(struct crypt_device *cd, const char *uuid, struct crypt_lock_handle **reencrypt_lock) +{ + int r; + char *lock_resource; + + if (!crypt_metadata_locking_enabled()) { + *reencrypt_lock = NULL; + return 0; + } + + r = asprintf(&lock_resource, "LUKS2-reencryption-%s", uuid); + if (r < 0) + return -ENOMEM; + if (r < 20) { + r = -EINVAL; + goto out; + } + + r = crypt_write_lock(cd, lock_resource, false, reencrypt_lock); +out: + free(lock_resource); + + return r; +} + +/* internal only */ +int crypt_reencrypt_lock_by_dm_uuid(struct crypt_device *cd, const char *dm_uuid, struct crypt_lock_handle **reencrypt_lock) +{ + int r; + char hdr_uuid[37]; + const char *uuid = crypt_get_uuid(cd); + + if (!dm_uuid) + return -EINVAL; + + if (!uuid) { + r = snprintf(hdr_uuid, sizeof(hdr_uuid), "%.8s-%.4s-%.4s-%.4s-%.12s", + dm_uuid + 6, dm_uuid + 14, dm_uuid + 18, dm_uuid + 22, dm_uuid + 26); + if (r < 0 || (size_t)r != (sizeof(hdr_uuid) - 1)) + return -EINVAL; + } else if (crypt_uuid_cmp(dm_uuid, uuid)) + return -EINVAL; + + return reencrypt_lock_internal(cd, uuid, reencrypt_lock); +} + +/* internal only */ +int crypt_reencrypt_lock(struct crypt_device *cd, struct crypt_lock_handle **reencrypt_lock) +{ + if (!cd || !crypt_get_type(cd) || strcmp(crypt_get_type(cd), CRYPT_LUKS2)) + return -EINVAL; + + return reencrypt_lock_internal(cd, crypt_get_uuid(cd), reencrypt_lock); +} + +/* internal only */ +void crypt_reencrypt_unlock(struct crypt_device *cd, struct crypt_lock_handle *reencrypt_lock) +{ + crypt_unlock_internal(cd, reencrypt_lock); +} + +static int reencrypt_lock_and_verify(struct crypt_device *cd, struct luks2_hdr *hdr, + struct crypt_lock_handle **reencrypt_lock) +{ + int r; + crypt_reencrypt_info ri; + struct crypt_lock_handle *h; + + ri = LUKS2_reenc_status(hdr); + if (ri == CRYPT_REENCRYPT_INVALID) { + log_err(cd, _("Failed to get reencryption state.")); + return -EINVAL; + } + if (ri < CRYPT_REENCRYPT_CLEAN) { + log_err(cd, _("Device is not in reencryption.")); + return -EINVAL; + } + + r = crypt_reencrypt_lock(cd, &h); + if (r < 0) { + if (r == -EBUSY) + log_err(cd, _("Reencryption process is already running.")); + else + log_err(cd, _("Failed to acquire reencryption lock.")); + return r; + } + + /* With reencryption lock held, reload device context and verify metadata state */ + r = crypt_load(cd, CRYPT_LUKS2, NULL); + if (r) { + crypt_reencrypt_unlock(cd, h); + return r; + } + + ri = LUKS2_reenc_status(hdr); + if (ri == CRYPT_REENCRYPT_CLEAN) { + *reencrypt_lock = h; + return 0; + } + + crypt_reencrypt_unlock(cd, h); + log_err(cd, _("Cannot proceed with reencryption. Run reencryption recovery first.")); + return -EINVAL; +} + +static int reencrypt_load_by_passphrase(struct crypt_device *cd, + const char *name, + const char *passphrase, + size_t passphrase_size, + int keyslot_old, + int keyslot_new, + struct volume_key **vks, + const struct crypt_params_reencrypt *params) +{ + int r, old_ss, new_ss; + struct luks2_hdr *hdr; + struct crypt_lock_handle *reencrypt_lock; + struct luks2_reenc_context *rh; + struct crypt_dm_active_device dmd_target, dmd_source = { + .uuid = crypt_get_uuid(cd), + .flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */ + }; + uint64_t minimal_size, device_size, mapping_size = 0, required_size = 0; + bool dynamic; + struct crypt_params_reencrypt rparams = {}; + uint32_t flags = 0; + + if (params) { + rparams = *params; + required_size = params->device_size; + } + + log_dbg(cd, "Loading LUKS2 reencryption context."); + + rh = crypt_get_reenc_context(cd); + if (rh) { + LUKS2_reenc_context_free(cd, rh); + crypt_set_reenc_context(cd, NULL); + rh = NULL; + } + + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + r = reencrypt_lock_and_verify(cd, hdr, &reencrypt_lock); + if (r) + return r; + + /* From now on we hold reencryption lock */ + + if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic)) + return -EINVAL; + + /* some configurations provides fixed device size */ + r = luks2_check_device_size(cd, hdr, minimal_size, &device_size, false, dynamic); + if (r) { + r = -EINVAL; + goto err; + } + + minimal_size >>= SECTOR_SHIFT; + + old_ss = reencrypt_get_sector_size_old(hdr); + new_ss = reencrypt_get_sector_size_new(hdr); + + r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks); + if (r == -ENOENT) { + log_dbg(cd, "Keys are not ready. Unlocking all volume keys."); + r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, vks); + if (r < 0) + goto err; + r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks); + } + + if (r < 0) + goto err; + + if (name) { + r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE | + DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY | + DM_ACTIVE_CRYPT_CIPHER, &dmd_target); + if (r < 0) + goto err; + flags = dmd_target.flags; + + r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, LUKS2_get_segments_jobj(hdr), &dmd_source); + if (!r) { + r = crypt_compare_dm_devices(cd, &dmd_source, &dmd_target); + if (r) + log_err(cd, _("Mismatching parameters on device %s."), name); + } + + dm_targets_free(cd, &dmd_source); + dm_targets_free(cd, &dmd_target); + free(CONST_CAST(void*)dmd_target.uuid); + if (r) + goto err; + mapping_size = dmd_target.size; + } + + r = -EINVAL; + if (required_size && mapping_size && (required_size != mapping_size)) { + log_err(cd, _("Active device size and requested reencryption size don't match.")); + goto err; + } + + if (mapping_size) + required_size = mapping_size; + + if (required_size) { + /* TODO: Add support for changing fixed minimal size in reencryption mda where possible */ + if ((minimal_size && (required_size < minimal_size)) || + (required_size > (device_size >> SECTOR_SHIFT)) || + (!dynamic && (required_size != minimal_size)) || + (old_ss > 0 && MISALIGNED(required_size, old_ss >> SECTOR_SHIFT)) || + (new_ss > 0 && MISALIGNED(required_size, new_ss >> SECTOR_SHIFT))) { + log_err(cd, _("Illegal device size requested in reencryption parameters.")); + goto err; + } + rparams.device_size = required_size; + } + + r = reencrypt_load(cd, hdr, device_size, &rparams, &rh); + if (r < 0 || !rh) + goto err; + + if (name && (r = reencrypt_context_set_names(rh, name))) + goto err; + + /* Reassure device is not mounted and there's no dm mapping active */ + if (!name && (device_open_excl(cd, crypt_data_device(cd), O_RDONLY) < 0)) { + log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."), device_path(crypt_data_device(cd))); + r = -EBUSY; + goto err; + } + device_release_excl(cd, crypt_data_device(cd)); + + /* FIXME: There's a race for dm device activation not managed by cryptsetup. + * + * 1) excl close + * 2) rogue dm device activation + * 3) one or more dm-crypt based wrapper activation + * 4) next excl open get's skipped due to 3) device from 2) remains undetected. + */ + r = reencrypt_init_storage_wrappers(cd, hdr, rh, *vks); + if (r) + goto err; + + /* If one of wrappers is based on dmcrypt fallback it already blocked mount */ + if (!name && crypt_storage_wrapper_get_type(rh->cw1) != DMCRYPT && + crypt_storage_wrapper_get_type(rh->cw2) != DMCRYPT) { + if (device_open_excl(cd, crypt_data_device(cd), O_RDONLY) < 0) { + log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."), device_path(crypt_data_device(cd))); + r = -EBUSY; + goto err; + } + } + + rh->flags = flags; + + MOVE_REF(rh->vks, *vks); + MOVE_REF(rh->reenc_lock, reencrypt_lock); + + crypt_set_reenc_context(cd, rh); + + return 0; +err: + crypt_reencrypt_unlock(cd, reencrypt_lock); + LUKS2_reenc_context_free(cd, rh); + return r; +} + +static int reencrypt_recovery_by_passphrase(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot_old, + int keyslot_new, + const char *passphrase, + size_t passphrase_size) +{ + int r; + crypt_reencrypt_info ri; + struct crypt_lock_handle *reencrypt_lock; + + r = crypt_reencrypt_lock(cd, &reencrypt_lock); + if (r) { + if (r == -EBUSY) + log_err(cd, _("Reencryption in-progress. Cannot perform recovery.")); + else + log_err(cd, _("Failed to get reencryption lock.")); + return r; + } + + if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) { + crypt_reencrypt_unlock(cd, reencrypt_lock); + return r; + } + + ri = LUKS2_reenc_status(hdr); + if (ri == CRYPT_REENCRYPT_INVALID) { + crypt_reencrypt_unlock(cd, reencrypt_lock); + return -EINVAL; + } + + if (ri == CRYPT_REENCRYPT_CRASH) { + r = LUKS2_reencrypt_locked_recovery_by_passphrase(cd, keyslot_old, keyslot_new, + passphrase, passphrase_size, 0, NULL); + if (r < 0) + log_err(cd, _("LUKS2 reencryption recovery failed.")); + } else { + log_dbg(cd, "No LUKS2 reencryption recovery needed."); + r = 0; + } + + crypt_reencrypt_unlock(cd, reencrypt_lock); + return r; +} + +static int reencrypt_init_by_passphrase(struct crypt_device *cd, + const char *name, + const char *passphrase, + size_t passphrase_size, + int keyslot_old, + int keyslot_new, + const char *cipher, + const char *cipher_mode, + const struct crypt_params_reencrypt *params) +{ + int r; + crypt_reencrypt_info ri; + struct volume_key *vks = NULL; + uint32_t flags = params ? params->flags : 0; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + /* short-circuit in recovery and finish immediately. */ + if (flags & CRYPT_REENCRYPT_RECOVERY) + return reencrypt_recovery_by_passphrase(cd, hdr, keyslot_old, keyslot_new, passphrase, passphrase_size); + + if (cipher) { + r = crypt_keyslot_get_key_size(cd, keyslot_new); + if (r < 0) + return r; + r = LUKS2_check_cipher(cd, r, cipher, cipher_mode); + if (r < 0) + return r; + } + + r = LUKS2_device_write_lock(cd, hdr, crypt_metadata_device(cd)); + if (r) + return r; + + ri = LUKS2_reenc_status(hdr); + if (ri == CRYPT_REENCRYPT_INVALID) { + device_write_unlock(cd, crypt_metadata_device(cd)); + return -EINVAL; + } + + if ((ri > CRYPT_REENCRYPT_NONE) && (flags & CRYPT_REENCRYPT_INITIALIZE_ONLY)) { + device_write_unlock(cd, crypt_metadata_device(cd)); + log_err(cd, _("LUKS2 reencryption already initialized in metadata.")); + return -EBUSY; + } + + if (ri == CRYPT_REENCRYPT_NONE && !(flags & CRYPT_REENCRYPT_RESUME_ONLY)) { + r = reencrypt_init(cd, name, hdr, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params, &vks); + if (r < 0) + log_err(cd, _("Failed to initialize LUKS2 reencryption in metadata.")); + } else if (ri > CRYPT_REENCRYPT_NONE) { + log_dbg(cd, "LUKS2 reencryption already initialized."); + r = 0; + } + + device_write_unlock(cd, crypt_metadata_device(cd)); + + if (r < 0 || (flags & CRYPT_REENCRYPT_INITIALIZE_ONLY)) + goto out; + + r = reencrypt_load_by_passphrase(cd, name, passphrase, passphrase_size, keyslot_old, keyslot_new, &vks, params); +out: + if (r < 0) + crypt_drop_keyring_key(cd, vks); + crypt_free_volume_key(vks); + return r < 0 ? r : LUKS2_find_keyslot(hdr, "reencrypt"); +} + +int crypt_reencrypt_init_by_keyring(struct crypt_device *cd, + const char *name, + const char *passphrase_description, + int keyslot_old, + int keyslot_new, + const char *cipher, + const char *cipher_mode, + const struct crypt_params_reencrypt *params) +{ + int r; + char *passphrase; + size_t passphrase_size; + + if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT) || !passphrase_description) + return -EINVAL; + if (params && (params->flags & CRYPT_REENCRYPT_INITIALIZE_ONLY) && (params->flags & CRYPT_REENCRYPT_RESUME_ONLY)) + return -EINVAL; + + r = keyring_get_passphrase(passphrase_description, &passphrase, &passphrase_size); + if (r < 0) { + log_err(cd, _("Failed to read passphrase from keyring (error %d)."), r); + return -EINVAL; + } + + r = reencrypt_init_by_passphrase(cd, name, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params); + + crypt_safe_memzero(passphrase, passphrase_size); + free(passphrase); + + return r; +} + +int crypt_reencrypt_init_by_passphrase(struct crypt_device *cd, + const char *name, + const char *passphrase, + size_t passphrase_size, + int keyslot_old, + int keyslot_new, + const char *cipher, + const char *cipher_mode, + const struct crypt_params_reencrypt *params) +{ + if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT) || !passphrase) + return -EINVAL; + if (params && (params->flags & CRYPT_REENCRYPT_INITIALIZE_ONLY) && (params->flags & CRYPT_REENCRYPT_RESUME_ONLY)) + return -EINVAL; + + return reencrypt_init_by_passphrase(cd, name, passphrase, passphrase_size, keyslot_old, keyslot_new, cipher, cipher_mode, params); +} + +static reenc_status_t reencrypt_step(struct crypt_device *cd, + struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, + uint64_t device_size, + bool online) +{ + int r; + + /* update reencrypt keyslot protection parameters in memory only */ + r = reenc_keyslot_update(cd, rh); + if (r < 0) { + log_dbg(cd, "Keyslot update failed."); + return REENC_ERR; + } + + /* in memory only */ + r = reencrypt_make_segments(cd, hdr, rh, device_size); + if (r) + return REENC_ERR; + + r = reencrypt_assign_segments(cd, hdr, rh, 1, 0); + if (r) { + log_err(cd, _("Failed to set device segments for next reencryption hotzone.")); + return REENC_ERR; + } + + if (online) { + r = reencrypt_refresh_overlay_devices(cd, hdr, rh->overlay_name, rh->hotzone_name, rh->vks, rh->device_size, rh->flags); + /* Teardown overlay devices with dm-error. None bio shall pass! */ + if (r != REENC_OK) + return r; + } + + log_dbg(cd, "Reencrypting chunk starting at offset: %" PRIu64 ", size :%" PRIu64 ".", rh->offset, rh->length); + log_dbg(cd, "data_offset: %" PRIu64, crypt_get_data_offset(cd) << SECTOR_SHIFT); + + if (!rh->offset && rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->data_shift && + rh->jobj_segment_moved) { + crypt_storage_wrapper_destroy(rh->cw1); + log_dbg(cd, "Reinitializing old segment storage wrapper for moved segment."); + r = crypt_storage_wrapper_init(cd, &rh->cw1, crypt_data_device(cd), + LUKS2_reencrypt_get_data_offset_moved(hdr), + crypt_get_iv_offset(cd), + reencrypt_get_sector_size_old(hdr), + reencrypt_segment_cipher_old(hdr), + crypt_volume_key_by_id(rh->vks, rh->digest_old), + rh->wflags1); + if (r) { + log_err(cd, _("Failed to initialize old segment storage wrapper.")); + return REENC_ROLLBACK; + } + } + + rh->read = crypt_storage_wrapper_read(rh->cw1, rh->offset, rh->reenc_buffer, rh->length); + if (rh->read < 0) { + /* severity normal */ + log_err(cd, _("Failed to read hotzone area starting at %" PRIu64 "."), rh->offset); + return REENC_ROLLBACK; + } + + /* metadata commit point */ + r = reencrypt_hotzone_protect_final(cd, hdr, rh, rh->reenc_buffer, rh->read); + if (r < 0) { + /* severity normal */ + log_err(cd, _("Failed to write reencryption resilience metadata.")); + return REENC_ROLLBACK; + } + + r = crypt_storage_wrapper_decrypt(rh->cw1, rh->offset, rh->reenc_buffer, rh->read); + if (r) { + /* severity normal */ + log_err(cd, _("Decryption failed.")); + return REENC_ROLLBACK; + } + if (rh->read != crypt_storage_wrapper_encrypt_write(rh->cw2, rh->offset, rh->reenc_buffer, rh->read)) { + /* severity fatal */ + log_err(cd, _("Failed to write hotzone area starting at %" PRIu64 "."), rh->offset); + return REENC_FATAL; + } + + if (rh->rp.type != REENC_PROTECTION_NONE && crypt_storage_wrapper_datasync(rh->cw2)) { + log_err(cd, _("Failed to sync data.")); + return REENC_FATAL; + } + + /* metadata commit safe point */ + r = reencrypt_assign_segments(cd, hdr, rh, 0, rh->rp.type != REENC_PROTECTION_NONE); + if (r) { + /* severity fatal */ + log_err(cd, _("Failed to update metadata after current reencryption hotzone completed.")); + return REENC_FATAL; + } + + if (online) { + /* severity normal */ + log_dbg(cd, "Resuming device %s", rh->hotzone_name); + r = dm_resume_device(cd, rh->hotzone_name, DM_RESUME_PRIVATE); + if (r) { + log_err(cd, _("Failed to resume device %s."), rh->hotzone_name); + return REENC_ERR; + } + } + + return REENC_OK; +} + +static int reencrypt_erase_backup_segments(struct crypt_device *cd, + struct luks2_hdr *hdr) +{ + int segment = LUKS2_get_segment_id_by_flag(hdr, "backup-previous"); + if (segment >= 0) { + if (LUKS2_digest_segment_assign(cd, hdr, segment, CRYPT_ANY_DIGEST, 0, 0)) + return -EINVAL; + json_object_object_del_by_uint(LUKS2_get_segments_jobj(hdr), segment); + } + segment = LUKS2_get_segment_id_by_flag(hdr, "backup-final"); + if (segment >= 0) { + if (LUKS2_digest_segment_assign(cd, hdr, segment, CRYPT_ANY_DIGEST, 0, 0)) + return -EINVAL; + json_object_object_del_by_uint(LUKS2_get_segments_jobj(hdr), segment); + } + segment = LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment"); + if (segment >= 0) { + if (LUKS2_digest_segment_assign(cd, hdr, segment, CRYPT_ANY_DIGEST, 0, 0)) + return -EINVAL; + json_object_object_del_by_uint(LUKS2_get_segments_jobj(hdr), segment); + } + + return 0; +} + +static int reencrypt_wipe_moved_segment(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reenc_context *rh) +{ + int r = 0; + uint64_t offset, length; + + if (rh->jobj_segment_moved) { + offset = json_segment_get_offset(rh->jobj_segment_moved, 0); + length = json_segment_get_size(rh->jobj_segment_moved, 0); + log_dbg(cd, "Wiping %" PRIu64 " bytes of backup segment data at offset %" PRIu64, + length, offset); + r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_RANDOM, + offset, length, 1024 * 1024, NULL, NULL); + } + + return r; +} + +static int reencrypt_teardown_ok(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reenc_context *rh) +{ + int i, r; + uint32_t dmt_flags; + bool finished = !(rh->device_size > rh->progress); + + if (rh->rp.type == REENC_PROTECTION_NONE && + LUKS2_hdr_write(cd, hdr)) { + log_err(cd, _("Failed to write LUKS2 metadata.")); + return -EINVAL; + } + + if (rh->online) { + r = LUKS2_reload(cd, rh->device_name, rh->vks, rh->device_size, rh->flags); + if (r) + log_err(cd, _("Failed to reload device %s."), rh->device_name); + if (!r) { + r = dm_resume_device(cd, rh->device_name, DM_SUSPEND_SKIP_LOCKFS | DM_SUSPEND_NOFLUSH); + if (r) + log_err(cd, _("Failed to resume device %s."), rh->device_name); + } + dm_remove_device(cd, rh->overlay_name, 0); + dm_remove_device(cd, rh->hotzone_name, 0); + + if (!r && finished && rh->mode == CRYPT_REENCRYPT_DECRYPT && + !dm_flags(cd, DM_LINEAR, &dmt_flags) && (dmt_flags & DM_DEFERRED_SUPPORTED)) + dm_remove_device(cd, rh->device_name, CRYPT_DEACTIVATE_DEFERRED); + } + + if (finished) { + if (reencrypt_wipe_moved_segment(cd, hdr, rh)) + log_err(cd, _("Failed to wipe backup segment data.")); + if (reencrypt_get_data_offset_new(hdr) && LUKS2_set_keyslots_size(cd, hdr, reencrypt_get_data_offset_new(hdr))) + log_dbg(cd, "Failed to set new keyslots area size."); + if (rh->digest_old >= 0 && rh->digest_new != rh->digest_old) + for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++) + if (LUKS2_digest_by_keyslot(hdr, i) == rh->digest_old) + crypt_keyslot_destroy(cd, i); + crypt_keyslot_destroy(cd, rh->reenc_keyslot); + if (reencrypt_erase_backup_segments(cd, hdr)) + log_dbg(cd, "Failed to erase backup segments"); + + /* do we need atomic erase? */ + if (reencrypt_update_flag(cd, 0, true)) + log_err(cd, _("Failed to disable reencryption requirement flag.")); + } + + return 0; +} + +static void reencrypt_teardown_fatal(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reenc_context *rh) +{ + log_err(cd, _("Fatal error while reencrypting chunk starting at %" PRIu64 ", %" PRIu64 " sectors long."), + (rh->offset >> SECTOR_SHIFT) + crypt_get_data_offset(cd), rh->length >> SECTOR_SHIFT); + + if (rh->online) { + log_err(cd, "Reencryption was run in online mode."); + if (dm_status_suspended(cd, rh->hotzone_name) > 0) { + log_dbg(cd, "Hotzone device %s suspended, replacing with dm-error.", rh->hotzone_name); + if (dm_error_device(cd, rh->hotzone_name)) { + log_err(cd, _("Failed to replace suspended device %s with dm-error target."), rh->hotzone_name); + log_err(cd, _("Do not resume the device unless replaced with error target manually.")); + } + } + } +} + +static int reencrypt_teardown(struct crypt_device *cd, struct luks2_hdr *hdr, + struct luks2_reenc_context *rh, reenc_status_t rs, bool interrupted, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr)) +{ + int r; + + switch (rs) { + case REENC_OK: + if (progress && !interrupted) + progress(rh->device_size, rh->progress, NULL); + r = reencrypt_teardown_ok(cd, hdr, rh); + break; + case REENC_FATAL: + reencrypt_teardown_fatal(cd, hdr, rh); + /* fall-through */ + default: + r = -EIO; + } + + /* this frees reencryption lock */ + LUKS2_reenc_context_free(cd, rh); + crypt_set_reenc_context(cd, NULL); + + return r; +} + +int crypt_reencrypt(struct crypt_device *cd, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr)) +{ + int r; + crypt_reencrypt_info ri; + struct luks2_hdr *hdr; + struct luks2_reenc_context *rh; + reenc_status_t rs; + bool quit = false; + + if (onlyLUKS2mask(cd, CRYPT_REQUIREMENT_ONLINE_REENCRYPT)) + return -EINVAL; + + hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + ri = LUKS2_reenc_status(hdr); + if (ri > CRYPT_REENCRYPT_CLEAN) { + log_err(cd, _("Cannot proceed with reencryption. Unexpected reencryption status.")); + return -EINVAL; + } + + rh = crypt_get_reenc_context(cd); + if (!rh || (!rh->reenc_lock && crypt_metadata_locking_enabled())) { + log_err(cd, _("Missing or invalid reencrypt context.")); + return -EINVAL; + } + + log_dbg(cd, "Resuming LUKS2 reencryption."); + + if (rh->online && reencrypt_init_device_stack(cd, rh)) { + log_err(cd, _("Failed to initialize reencryption device stack.")); + return -EINVAL; + } + + log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size); + + rs = REENC_OK; + + while (!quit && (rh->device_size > rh->progress)) { + rs = reencrypt_step(cd, hdr, rh, rh->device_size, rh->online); + if (rs != REENC_OK) + break; + + log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size); + if (progress && progress(rh->device_size, rh->progress, NULL)) + quit = true; + + r = reencrypt_context_update(cd, rh); + if (r) { + log_err(cd, _("Failed to update reencryption context.")); + rs = REENC_ERR; + break; + } + + log_dbg(cd, "Next reencryption offset will be %" PRIu64 " sectors.", rh->offset); + log_dbg(cd, "Next reencryption chunk size will be %" PRIu64 " sectors).", rh->length); + } + + r = reencrypt_teardown(cd, hdr, rh, rs, quit, progress); + return r; +} + +static int reencrypt_recovery(struct crypt_device *cd, + struct luks2_hdr *hdr, + uint64_t device_size, + struct volume_key *vks) +{ + int r; + struct luks2_reenc_context *rh = NULL; + + r = reencrypt_load(cd, hdr, device_size, NULL, &rh); + if (r < 0) { + log_err(cd, _("Failed to load LUKS2 reencryption context.")); + return r; + } + + r = reencrypt_recover_segment(cd, hdr, rh, vks); + if (r < 0) + goto err; + + if ((r = reencrypt_assign_segments(cd, hdr, rh, 0, 0))) + goto err; + + r = reencrypt_context_update(cd, rh); + if (r) { + log_err(cd, _("Failed to update reencryption context.")); + goto err; + } + + r = reencrypt_teardown_ok(cd, hdr, rh); + if (!r) + r = LUKS2_hdr_write(cd, hdr); +err: + LUKS2_reenc_context_free(cd, rh); + + return r; +} + +/* + * use only for calculation of minimal data device size. + * The real data offset is taken directly from segments! + */ +int LUKS2_reencrypt_data_offset(struct luks2_hdr *hdr, bool blockwise) +{ + crypt_reencrypt_info ri = LUKS2_reenc_status(hdr); + uint64_t data_offset = LUKS2_get_data_offset(hdr); + + if (ri == CRYPT_REENCRYPT_CLEAN && reencrypt_direction(hdr) == CRYPT_REENCRYPT_FORWARD) + data_offset += reencrypt_data_shift(hdr) >> SECTOR_SHIFT; + + return blockwise ? data_offset : data_offset << SECTOR_SHIFT; +} + +/* internal only */ +int luks2_check_device_size(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t check_size, uint64_t *dev_size, bool activation, bool dynamic) +{ + int r; + uint64_t data_offset, real_size = 0; + + if (reencrypt_direction(hdr) == CRYPT_REENCRYPT_BACKWARD && + (LUKS2_get_segment_by_flag(hdr, "backup-moved-segment") || dynamic)) + check_size += reencrypt_data_shift(hdr); + + r = device_check_access(cd, crypt_data_device(cd), activation ? DEV_EXCL : DEV_OK); + if (r) + return r; + + data_offset = LUKS2_reencrypt_data_offset(hdr, false); + + r = device_check_size(cd, crypt_data_device(cd), data_offset, 1); + if (r) + return r; + + r = device_size(crypt_data_device(cd), &real_size); + if (r) + return r; + + log_dbg(cd, "Required minimal device size: %" PRIu64 " (%" PRIu64 " sectors)" + ", real device size: %" PRIu64 " (%" PRIu64 " sectors)\n" + "calculated device size: %" PRIu64 " (%" PRIu64 " sectors)", + check_size, check_size >> SECTOR_SHIFT, real_size, real_size >> SECTOR_SHIFT, + real_size - data_offset, (real_size - data_offset) >> SECTOR_SHIFT); + + if (real_size < data_offset || (check_size && (real_size - data_offset) < check_size)) { + log_err(cd, _("Device %s is too small."), device_path(crypt_data_device(cd))); + return -EINVAL; + } + + *dev_size = real_size - data_offset; + + return 0; +} + +/* returns keyslot number on success (>= 0) or negative errnor otherwise */ +int LUKS2_reencrypt_locked_recovery_by_passphrase(struct crypt_device *cd, + int keyslot_old, + int keyslot_new, + const char *passphrase, + size_t passphrase_size, + uint32_t flags, + struct volume_key **vks) +{ + uint64_t minimal_size, device_size; + int keyslot, r = -EINVAL; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + struct volume_key *vk = NULL, *_vks = NULL; + + log_dbg(cd, "Entering reencryption crash recovery."); + + if (LUKS2_get_data_size(hdr, &minimal_size, NULL)) + return r; + + r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, + passphrase, passphrase_size, &_vks); + if (r < 0) + goto err; + keyslot = r; + + if (crypt_use_keyring_for_vk(cd)) + vk = _vks; + + while (vk) { + r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk)); + if (r < 0) + goto err; + vk = crypt_volume_key_next(vk); + } + + if (luks2_check_device_size(cd, hdr, minimal_size, &device_size, true, false)) + goto err; + + r = reencrypt_recovery(cd, hdr, device_size, _vks); + + if (!r && vks) + MOVE_REF(*vks, _vks); +err: + if (r < 0) + crypt_drop_keyring_key(cd, _vks); + crypt_free_volume_key(_vks); + + return r < 0 ? r : keyslot; +} + +crypt_reencrypt_info LUKS2_reencrypt_status(struct crypt_device *cd, struct crypt_params_reencrypt *params) +{ + crypt_reencrypt_info ri; + struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2); + + ri = LUKS2_reenc_status(hdr); + if (ri == CRYPT_REENCRYPT_NONE || ri == CRYPT_REENCRYPT_INVALID || !params) + return ri; + + params->mode = reencrypt_mode(hdr); + params->direction = reencrypt_direction(hdr); + params->resilience = reencrypt_resilience_type(hdr); + params->hash = reencrypt_resilience_hash(hdr); + params->data_shift = reencrypt_data_shift(hdr) >> SECTOR_SHIFT; + params->max_hotzone_size = 0; + if (LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0) + params->flags |= CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT; + + return ri; +} diff --git a/lib/luks2/luks2_segment.c b/lib/luks2/luks2_segment.c new file mode 100644 index 0000000..8708ba5 --- /dev/null +++ b/lib/luks2/luks2_segment.c @@ -0,0 +1,412 @@ +/* + * LUKS - Linux Unified Key Setup v2, internal segment handling + * + * Copyright (C) 2018-2020, Red Hat, Inc. All rights reserved. + * Copyright (C) 2018-2020, Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "luks2_internal.h" + +/* use only on already validated 'segments' object */ +uint64_t json_segments_get_minimal_offset(json_object *jobj_segments, unsigned blockwise) +{ + uint64_t tmp, min = blockwise ? UINT64_MAX >> SECTOR_SHIFT : UINT64_MAX; + + if (!jobj_segments) + return 0; + + json_object_object_foreach(jobj_segments, key, val) { + UNUSED(key); + + if (json_segment_is_backup(val)) + continue; + + tmp = json_segment_get_offset(val, blockwise); + + if (!tmp) + return tmp; + + if (tmp < min) + min = tmp; + } + + return min; +} + +uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise) +{ + json_object *jobj; + + if (!jobj_segment || + !json_object_object_get_ex(jobj_segment, "offset", &jobj)) + return 0; + + return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj); +} + +const char *json_segment_type(json_object *jobj_segment) +{ + json_object *jobj; + + if (!jobj_segment || + !json_object_object_get_ex(jobj_segment, "type", &jobj)) + return NULL; + + return json_object_get_string(jobj); +} + +uint64_t json_segment_get_iv_offset(json_object *jobj_segment) +{ + json_object *jobj; + + if (!jobj_segment || + !json_object_object_get_ex(jobj_segment, "iv_tweak", &jobj)) + return 0; + + return crypt_jobj_get_uint64(jobj); +} + +uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise) +{ + json_object *jobj; + + if (!jobj_segment || + !json_object_object_get_ex(jobj_segment, "size", &jobj)) + return 0; + + return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj); +} + +const char *json_segment_get_cipher(json_object *jobj_segment) +{ + json_object *jobj; + + /* FIXME: Pseudo "null" cipher should be handled elsewhere */ + if (!jobj_segment || + !json_object_object_get_ex(jobj_segment, "encryption", &jobj)) + return "null"; + + return json_object_get_string(jobj); +} + +int json_segment_get_sector_size(json_object *jobj_segment) +{ + json_object *jobj; + + if (!jobj_segment || + !json_object_object_get_ex(jobj_segment, "sector_size", &jobj)) + return -1; + + return json_object_get_int(jobj); +} + +static json_object *json_segment_get_flags(json_object *jobj_segment) +{ + json_object *jobj; + + if (!jobj_segment || !(json_object_object_get_ex(jobj_segment, "flags", &jobj))) + return NULL; + return jobj; +} + +static bool json_segment_contains_flag(json_object *jobj_segment, const char *flag_str, size_t len) +{ + int r, i; + json_object *jobj, *jobj_flags = json_segment_get_flags(jobj_segment); + + if (!jobj_flags) + return false; + + for (i = 0; i < (int)json_object_array_length(jobj_flags); i++) { + jobj = json_object_array_get_idx(jobj_flags, i); + if (len) + r = strncmp(json_object_get_string(jobj), flag_str, len); + else + r = strcmp(json_object_get_string(jobj), flag_str); + if (!r) + return true; + } + + return false; +} + +bool json_segment_is_backup(json_object *jobj_segment) +{ + return json_segment_contains_flag(jobj_segment, "backup-", 7); +} + +json_object *json_segments_get_segment(json_object *jobj_segments, int segment) +{ + json_object *jobj; + char segment_name[16]; + + if (snprintf(segment_name, sizeof(segment_name), "%u", segment) < 1) + return NULL; + + if (!json_object_object_get_ex(jobj_segments, segment_name, &jobj)) + return NULL; + + return jobj; +} + +unsigned json_segments_count(json_object *jobj_segments) +{ + unsigned count = 0; + + if (!jobj_segments) + return 0; + + json_object_object_foreach(jobj_segments, slot, val) { + UNUSED(slot); + if (!json_segment_is_backup(val)) + count++; + } + + return count; +} + +static void _get_segment_or_id_by_flag(json_object *jobj_segments, const char *flag, unsigned id, void *retval) +{ + json_object *jobj_flags, **jobj_ret = (json_object **)retval; + int *ret = (int *)retval; + + if (!flag) + return; + + json_object_object_foreach(jobj_segments, key, value) { + if (!json_object_object_get_ex(value, "flags", &jobj_flags)) + continue; + if (LUKS2_array_jobj(jobj_flags, flag)) { + if (id) + *ret = atoi(key); + else + *jobj_ret = value; + return; + } + } +} + +void json_segment_remove_flag(json_object *jobj_segment, const char *flag) +{ + json_object *jobj_flags, *jobj_flags_new; + + if (!jobj_segment) + return; + + jobj_flags = json_segment_get_flags(jobj_segment); + if (!jobj_flags) + return; + + jobj_flags_new = LUKS2_array_remove(jobj_flags, flag); + if (!jobj_flags_new) + return; + + if (json_object_array_length(jobj_flags_new) <= 0) { + json_object_put(jobj_flags_new); + json_object_object_del(jobj_segment, "flags"); + } else + json_object_object_add(jobj_segment, "flags", jobj_flags_new); +} + +static json_object *_segment_create_generic(const char *type, uint64_t offset, const uint64_t *length) +{ + json_object *jobj = json_object_new_object(); + if (!jobj) + return NULL; + + json_object_object_add(jobj, "type", json_object_new_string(type)); + json_object_object_add(jobj, "offset", crypt_jobj_new_uint64(offset)); + json_object_object_add(jobj, "size", length ? crypt_jobj_new_uint64(*length) : json_object_new_string("dynamic")); + + return jobj; +} + +json_object *json_segment_create_linear(uint64_t offset, const uint64_t *length, unsigned reencryption) +{ + json_object *jobj = _segment_create_generic("linear", offset, length); + if (reencryption) + LUKS2_segment_set_flag(jobj, "in-reencryption"); + return jobj; +} + +json_object *json_segment_create_crypt(uint64_t offset, + uint64_t iv_offset, const uint64_t *length, + const char *cipher, uint32_t sector_size, + unsigned reencryption) +{ + json_object *jobj = _segment_create_generic("crypt", offset, length); + if (!jobj) + return NULL; + + json_object_object_add(jobj, "iv_tweak", crypt_jobj_new_uint64(iv_offset)); + json_object_object_add(jobj, "encryption", json_object_new_string(cipher)); + json_object_object_add(jobj, "sector_size", json_object_new_int(sector_size)); + if (reencryption) + LUKS2_segment_set_flag(jobj, "in-reencryption"); + + return jobj; +} + +uint64_t LUKS2_segment_offset(struct luks2_hdr *hdr, int segment, unsigned blockwise) +{ + return json_segment_get_offset(LUKS2_get_segment_jobj(hdr, segment), blockwise); +} + +int json_segments_segment_in_reencrypt(json_object *jobj_segments) +{ + json_object *jobj_flags; + + json_object_object_foreach(jobj_segments, slot, val) { + if (!json_object_object_get_ex(val, "flags", &jobj_flags) || + !LUKS2_array_jobj(jobj_flags, "in-reencryption")) + continue; + + return atoi(slot); + } + + return -1; +} + +uint64_t LUKS2_segment_size(struct luks2_hdr *hdr, int segment, unsigned blockwise) +{ + return json_segment_get_size(LUKS2_get_segment_jobj(hdr, segment), blockwise); +} + +int LUKS2_segment_is_type(struct luks2_hdr *hdr, int segment, const char *type) +{ + return !strcmp(json_segment_type(LUKS2_get_segment_jobj(hdr, segment)) ?: "", type); +} + +int LUKS2_last_segment_by_type(struct luks2_hdr *hdr, const char *type) +{ + json_object *jobj_segments; + int last_found = -1; + + if (!type) + return -1; + + if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments)) + return -1; + + json_object_object_foreach(jobj_segments, slot, val) { + if (json_segment_is_backup(val)) + continue; + if (strcmp(type, json_segment_type(val) ?: "")) + continue; + + if (atoi(slot) > last_found) + last_found = atoi(slot); + } + + return last_found; +} + +int LUKS2_segment_by_type(struct luks2_hdr *hdr, const char *type) +{ + json_object *jobj_segments; + int first_found = -1; + + if (!type) + return -EINVAL; + + if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments)) + return -EINVAL; + + json_object_object_foreach(jobj_segments, slot, val) { + if (json_segment_is_backup(val)) + continue; + if (strcmp(type, json_segment_type(val) ?: "")) + continue; + + if (first_found < 0) + first_found = atoi(slot); + else if (atoi(slot) < first_found) + first_found = atoi(slot); + } + + return first_found; +} + +int LUKS2_segment_first_unused_id(struct luks2_hdr *hdr) +{ + json_object *jobj_segments; + int id, last_id = -1; + + if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments)) + return -EINVAL; + + json_object_object_foreach(jobj_segments, slot, val) { + UNUSED(val); + id = atoi(slot); + if (id > last_id) + last_id = id; + } + + return last_id + 1; +} + +int LUKS2_segment_set_flag(json_object *jobj_segment, const char *flag) +{ + json_object *jobj_flags; + + if (!jobj_segment || !flag) + return -EINVAL; + + if (!json_object_object_get_ex(jobj_segment, "flags", &jobj_flags)) { + jobj_flags = json_object_new_array(); + if (!jobj_flags) + return -ENOMEM; + json_object_object_add(jobj_segment, "flags", jobj_flags); + } + + if (LUKS2_array_jobj(jobj_flags, flag)) + return 0; + + json_object_array_add(jobj_flags, json_object_new_string(flag)); + + return 0; +} + +int LUKS2_segments_set(struct crypt_device *cd, struct luks2_hdr *hdr, + json_object *jobj_segments, int commit) +{ + json_object_object_add(hdr->jobj, "segments", jobj_segments); + + return commit ? LUKS2_hdr_write(cd, hdr) : 0; +} + +int LUKS2_get_segment_id_by_flag(struct luks2_hdr *hdr, const char *flag) +{ + int ret = -ENOENT; + json_object *jobj_segments = LUKS2_get_segments_jobj(hdr); + + if (jobj_segments) + _get_segment_or_id_by_flag(jobj_segments, flag, 1, &ret); + + return ret; +} + +json_object *LUKS2_get_segment_by_flag(struct luks2_hdr *hdr, const char *flag) +{ + json_object *jobj_segment = NULL, + *jobj_segments = LUKS2_get_segments_jobj(hdr); + + if (jobj_segments) + _get_segment_or_id_by_flag(jobj_segments, flag, 0, &jobj_segment); + + return jobj_segment; +} diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c new file mode 100644 index 0000000..ad6722a --- /dev/null +++ b/lib/luks2/luks2_token.c @@ -0,0 +1,610 @@ +/* + * LUKS - Linux Unified Key Setup v2, token handling + * + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include + +#include "luks2_internal.h" + +/* Builtin tokens */ +extern const crypt_token_handler keyring_handler; + +static token_handler token_handlers[LUKS2_TOKENS_MAX] = { + /* keyring builtin token */ + { + .get = token_keyring_get, + .set = token_keyring_set, + .h = &keyring_handler + }, +}; + +static int is_builtin_candidate(const char *type) +{ + return !strncmp(type, LUKS2_BUILTIN_TOKEN_PREFIX, LUKS2_BUILTIN_TOKEN_PREFIX_LEN); +} + +int crypt_token_register(const crypt_token_handler *handler) +{ + int i; + + if (is_builtin_candidate(handler->name)) { + log_dbg(NULL, "'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens."); + return -EINVAL; + } + + for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].h; i++) { + if (!strcmp(token_handlers[i].h->name, handler->name)) { + log_dbg(NULL, "Keyslot handler %s is already registered.", handler->name); + return -EINVAL; + } + } + + if (i == LUKS2_TOKENS_MAX) + return -EINVAL; + + token_handlers[i].h = handler; + return 0; +} + +static const token_handler +*LUKS2_token_handler_type_internal(struct crypt_device *cd, const char *type) +{ + int i; + + for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].h; i++) + if (!strcmp(token_handlers[i].h->name, type)) + return token_handlers + i; + + return NULL; +} + +static const crypt_token_handler +*LUKS2_token_handler_type(struct crypt_device *cd, const char *type) +{ + const token_handler *th = LUKS2_token_handler_type_internal(cd, type); + + return th ? th->h : NULL; +} + +static const token_handler +*LUKS2_token_handler_internal(struct crypt_device *cd, int token) +{ + struct luks2_hdr *hdr; + json_object *jobj1, *jobj2; + + if (token < 0) + return NULL; + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return NULL; + + if (!(jobj1 = LUKS2_get_token_jobj(hdr, token))) + return NULL; + + if (!json_object_object_get_ex(jobj1, "type", &jobj2)) + return NULL; + + return LUKS2_token_handler_type_internal(cd, json_object_get_string(jobj2)); +} + +static const crypt_token_handler +*LUKS2_token_handler(struct crypt_device *cd, int token) +{ + const token_handler *th = LUKS2_token_handler_internal(cd, token); + + return th ? th->h : NULL; +} + +static int LUKS2_token_find_free(struct luks2_hdr *hdr) +{ + int i; + + for (i = 0; i < LUKS2_TOKENS_MAX; i++) + if (!LUKS2_get_token_jobj(hdr, i)) + return i; + + return -EINVAL; +} + +int LUKS2_token_create(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *json, + int commit) +{ + const crypt_token_handler *h; + const token_handler *th; + json_object *jobj_tokens, *jobj_type, *jobj; + enum json_tokener_error jerr; + char num[16]; + + if (token == CRYPT_ANY_TOKEN) { + if (!json) + return -EINVAL; + token = LUKS2_token_find_free(hdr); + } + + if (token < 0 || token >= LUKS2_TOKENS_MAX) + return -EINVAL; + + if (!json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens)) + return -EINVAL; + + snprintf(num, sizeof(num), "%d", token); + + /* Remove token */ + if (!json) + json_object_object_del(jobj_tokens, num); + else { + + jobj = json_tokener_parse_verbose(json, &jerr); + if (!jobj) { + log_dbg(cd, "Token JSON parse failed."); + return -EINVAL; + } + + if (LUKS2_token_validate(cd, hdr->jobj, jobj, num)) { + json_object_put(jobj); + return -EINVAL; + } + + json_object_object_get_ex(jobj, "type", &jobj_type); + if (is_builtin_candidate(json_object_get_string(jobj_type))) { + th = LUKS2_token_handler_type_internal(cd, json_object_get_string(jobj_type)); + if (!th || !th->set) { + log_dbg(cd, "%s is builtin token candidate with missing handler", json_object_get_string(jobj_type)); + json_object_put(jobj); + return -EINVAL; + } + h = th->h; + } else + h = LUKS2_token_handler_type(cd, json_object_get_string(jobj_type)); + + if (h && h->validate && h->validate(cd, json)) { + json_object_put(jobj); + log_dbg(cd, "Token type %s validation failed.", h->name); + return -EINVAL; + } + + json_object_object_add(jobj_tokens, num, jobj); + if (LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for new token."); + json_object_object_del(jobj_tokens, num); + return -ENOSPC; + } + } + + if (commit) + return LUKS2_hdr_write(cd, hdr) ?: token; + + return token; +} + +crypt_token_info LUKS2_token_status(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char **type) +{ + const char *tmp; + const token_handler *th; + json_object *jobj_type, *jobj_token; + + if (token < 0 || token >= LUKS2_TOKENS_MAX) + return CRYPT_TOKEN_INVALID; + + if (!(jobj_token = LUKS2_get_token_jobj(hdr, token))) + return CRYPT_TOKEN_INACTIVE; + + json_object_object_get_ex(jobj_token, "type", &jobj_type); + tmp = json_object_get_string(jobj_type); + + if ((th = LUKS2_token_handler_type_internal(cd, tmp))) { + if (type) + *type = th->h->name; + return th->set ? CRYPT_TOKEN_INTERNAL : CRYPT_TOKEN_EXTERNAL; + } + + if (type) + *type = tmp; + + return is_builtin_candidate(tmp) ? CRYPT_TOKEN_INTERNAL_UNKNOWN : CRYPT_TOKEN_EXTERNAL_UNKNOWN; +} + +int LUKS2_builtin_token_get(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *type, + void *params) +{ + const token_handler *th = LUKS2_token_handler_type_internal(cd, type); + + // internal error + assert(th && th->get); + + return th->get(LUKS2_get_token_jobj(hdr, token), params) ?: token; +} + +int LUKS2_builtin_token_create(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *type, + const void *params, + int commit) +{ + const token_handler *th; + int r; + json_object *jobj_token, *jobj_tokens; + + th = LUKS2_token_handler_type_internal(cd, type); + + // at this point all builtin handlers must exist and have validate fn defined + assert(th && th->set && th->h->validate); + + if (token == CRYPT_ANY_TOKEN) { + if ((token = LUKS2_token_find_free(hdr)) < 0) + log_err(cd, _("No free token slot.")); + } + if (token < 0 || token >= LUKS2_TOKENS_MAX) + return -EINVAL; + + r = th->set(&jobj_token, params); + if (r) { + log_err(cd, _("Failed to create builtin token %s."), type); + return r; + } + + // builtin tokens must produce valid json + r = LUKS2_token_validate(cd, hdr->jobj, jobj_token, "new"); + assert(!r); + r = th->h->validate(cd, json_object_to_json_string_ext(jobj_token, + JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE)); + assert(!r); + + json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens); + json_object_object_add_by_uint(jobj_tokens, token, jobj_token); + if (LUKS2_check_json_size(cd, hdr)) { + log_dbg(cd, "Not enough space in header json area for new %s token.", type); + json_object_object_del_by_uint(jobj_tokens, token); + return -ENOSPC; + } + + if (commit) + return LUKS2_hdr_write(cd, hdr) ?: token; + + return token; +} + +static int LUKS2_token_open(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + char **buffer, + size_t *buffer_len, + void *usrptr) +{ + const char *json; + const crypt_token_handler *h; + int r; + + if (!(h = LUKS2_token_handler(cd, token))) + return -ENOENT; + + if (h->validate) { + if (LUKS2_token_json_get(cd, hdr, token, &json)) + return -EINVAL; + + if (h->validate(cd, json)) { + log_dbg(cd, "Token %d (%s) validation failed.", token, h->name); + return -EINVAL; + } + } + + r = h->open(cd, token, buffer, buffer_len, usrptr); + if (r < 0) + log_dbg(cd, "Token %d (%s) open failed with %d.", token, h->name, r); + + return r; +} + +static void LUKS2_token_buffer_free(struct crypt_device *cd, + int token, + void *buffer, + size_t buffer_len) +{ + const crypt_token_handler *h = LUKS2_token_handler(cd, token); + + if (h->buffer_free) + h->buffer_free(buffer, buffer_len); + else { + crypt_safe_memzero(buffer, buffer_len); + free(buffer); + } +} + +static int LUKS2_keyslot_open_by_token(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + int segment, + const char *buffer, + size_t buffer_len, + struct volume_key **vk) +{ + const crypt_token_handler *h; + json_object *jobj_token, *jobj_token_keyslots, *jobj; + unsigned int num = 0; + int i, r; + + if (!(h = LUKS2_token_handler(cd, token))) + return -ENOENT; + + jobj_token = LUKS2_get_token_jobj(hdr, token); + if (!jobj_token) + return -EINVAL; + + json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots); + if (!jobj_token_keyslots) + return -EINVAL; + + /* Try to open keyslot referenced in token */ + r = -EINVAL; + for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots) && r < 0; i++) { + jobj = json_object_array_get_idx(jobj_token_keyslots, i); + num = atoi(json_object_get_string(jobj)); + log_dbg(cd, "Trying to open keyslot %u with token %d (type %s).", num, token, h->name); + r = LUKS2_keyslot_open(cd, num, segment, buffer, buffer_len, vk); + } + + if (r < 0) + return r; + + return num; +} + +int LUKS2_token_open_and_activate(struct crypt_device *cd, + struct luks2_hdr *hdr, + int token, + const char *name, + uint32_t flags, + void *usrptr) +{ + int keyslot, r; + char *buffer; + size_t buffer_len; + struct volume_key *vk = NULL; + + r = LUKS2_token_open(cd, hdr, token, &buffer, &buffer_len, usrptr); + if (r < 0) + return r; + + r = LUKS2_keyslot_open_by_token(cd, hdr, token, + (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ? + CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT, + buffer, buffer_len, &vk); + + LUKS2_token_buffer_free(cd, token, buffer, buffer_len); + + if (r < 0) + return r; + + keyslot = r; + + if ((name || (flags & CRYPT_ACTIVATE_KEYRING_KEY)) && crypt_use_keyring_for_vk(cd)) { + if (!(r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, hdr, vk, keyslot))) + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + } + + if (r >= 0 && name) + r = LUKS2_activate(cd, name, vk, flags); + + if (r < 0) + crypt_drop_keyring_key(cd, vk); + crypt_free_volume_key(vk); + + return r < 0 ? r : keyslot; +} + +int LUKS2_token_open_and_activate_any(struct crypt_device *cd, + struct luks2_hdr *hdr, + const char *name, + uint32_t flags) +{ + char *buffer; + json_object *tokens_jobj; + size_t buffer_len; + int keyslot, token, r = -EINVAL; + struct volume_key *vk = NULL; + + json_object_object_get_ex(hdr->jobj, "tokens", &tokens_jobj); + + json_object_object_foreach(tokens_jobj, slot, val) { + UNUSED(val); + token = atoi(slot); + + r = LUKS2_token_open(cd, hdr, token, &buffer, &buffer_len, NULL); + if (r < 0) + continue; + + r = LUKS2_keyslot_open_by_token(cd, hdr, token, + (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ? + CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT, + buffer, buffer_len, &vk); + LUKS2_token_buffer_free(cd, token, buffer, buffer_len); + if (r >= 0) + break; + } + + keyslot = r; + + if (r >= 0 && (name || (flags & CRYPT_ACTIVATE_KEYRING_KEY)) && crypt_use_keyring_for_vk(cd)) { + if (!(r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, hdr, vk, keyslot))) + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + } + + if (r >= 0 && name) + r = LUKS2_activate(cd, name, vk, flags); + + if (r < 0) + crypt_drop_keyring_key(cd, vk); + crypt_free_volume_key(vk); + + return r < 0 ? r : keyslot; +} + +void LUKS2_token_dump(struct crypt_device *cd, int token) +{ + const crypt_token_handler *h; + json_object *jobj_token; + + h = LUKS2_token_handler(cd, token); + if (h && h->dump) { + jobj_token = LUKS2_get_token_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), token); + if (jobj_token) + h->dump(cd, json_object_to_json_string_ext(jobj_token, + JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE)); + } +} + +int LUKS2_token_json_get(struct crypt_device *cd, struct luks2_hdr *hdr, + int token, const char **json) +{ + json_object *jobj_token; + + jobj_token = LUKS2_get_token_jobj(hdr, token); + if (!jobj_token) + return -EINVAL; + + *json = json_object_to_json_string_ext(jobj_token, + JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE); + return 0; +} + +static int assign_one_keyslot(struct crypt_device *cd, struct luks2_hdr *hdr, + int token, int keyslot, int assign) +{ + json_object *jobj1, *jobj_token, *jobj_token_keyslots; + char num[16]; + + log_dbg(cd, "Keyslot %i %s token %i.", keyslot, assign ? "assigned to" : "unassigned from", token); + + jobj_token = LUKS2_get_token_jobj(hdr, token); + if (!jobj_token) + return -EINVAL; + + json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots); + if (!jobj_token_keyslots) + return -EINVAL; + + snprintf(num, sizeof(num), "%d", keyslot); + if (assign) { + jobj1 = LUKS2_array_jobj(jobj_token_keyslots, num); + if (!jobj1) + json_object_array_add(jobj_token_keyslots, json_object_new_string(num)); + } else { + jobj1 = LUKS2_array_remove(jobj_token_keyslots, num); + if (jobj1) + json_object_object_add(jobj_token, "keyslots", jobj1); + } + + return 0; +} + +static int assign_one_token(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token, int assign) +{ + json_object *jobj_keyslots; + int r = 0; + + if (!LUKS2_get_token_jobj(hdr, token)) + return -EINVAL; + + if (keyslot == CRYPT_ANY_SLOT) { + json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots); + + json_object_object_foreach(jobj_keyslots, key, val) { + UNUSED(val); + r = assign_one_keyslot(cd, hdr, token, atoi(key), assign); + if (r < 0) + break; + } + } else + r = assign_one_keyslot(cd, hdr, token, keyslot, assign); + + return r; +} + +int LUKS2_token_assign(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token, int assign, int commit) +{ + json_object *jobj_tokens; + int r = 0; + + if (token == CRYPT_ANY_TOKEN) { + json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens); + + json_object_object_foreach(jobj_tokens, key, val) { + UNUSED(val); + r = assign_one_token(cd, hdr, keyslot, atoi(key), assign); + if (r < 0) + break; + } + } else + r = assign_one_token(cd, hdr, keyslot, token, assign); + + if (r < 0) + return r; + + // FIXME: do not write header in nothing changed + if (commit) + return LUKS2_hdr_write(cd, hdr) ?: token; + + return token; +} + +int LUKS2_token_is_assigned(struct crypt_device *cd, struct luks2_hdr *hdr, + int keyslot, int token) +{ + int i; + json_object *jobj_token, *jobj_token_keyslots, *jobj; + + if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX || token < 0 || token >= LUKS2_TOKENS_MAX) + return -EINVAL; + + jobj_token = LUKS2_get_token_jobj(hdr, token); + if (!jobj_token) + return -ENOENT; + + json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots); + + for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots); i++) { + jobj = json_object_array_get_idx(jobj_token_keyslots, i); + if (keyslot == atoi(json_object_get_string(jobj))) + return 0; + } + + return -ENOENT; +} + +int LUKS2_tokens_count(struct luks2_hdr *hdr) +{ + json_object *jobj_tokens = LUKS2_get_tokens_jobj(hdr); + if (!jobj_tokens) + return -EINVAL; + + return json_object_object_length(jobj_tokens); +} diff --git a/lib/luks2/luks2_token_keyring.c b/lib/luks2/luks2_token_keyring.c new file mode 100644 index 0000000..448ad45 --- /dev/null +++ b/lib/luks2/luks2_token_keyring.c @@ -0,0 +1,170 @@ +/* + * LUKS - Linux Unified Key Setup v2, kernel keyring token + * + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include + +#include "luks2_internal.h" + +static int keyring_open(struct crypt_device *cd, + int token, + char **buffer, + size_t *buffer_len, + void *usrptr __attribute__((unused))) +{ + json_object *jobj_token, *jobj_key; + struct luks2_hdr *hdr; + int r; + + if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2))) + return -EINVAL; + + jobj_token = LUKS2_get_token_jobj(hdr, token); + if (!jobj_token) + return -EINVAL; + + json_object_object_get_ex(jobj_token, "key_description", &jobj_key); + + r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buffer_len); + if (r == -ENOTSUP) { + log_dbg(cd, "Kernel keyring features disabled."); + return -EINVAL; + } else if (r < 0) { + log_dbg(cd, "keyring_get_passphrase failed (error %d)", r); + return -EINVAL; + } + + return 0; +} + +static int keyring_validate(struct crypt_device *cd __attribute__((unused)), + const char *json) +{ + enum json_tokener_error jerr; + json_object *jobj_token, *jobj_key; + int r = 1; + + log_dbg(cd, "Validating keyring token json"); + + jobj_token = json_tokener_parse_verbose(json, &jerr); + if (!jobj_token) { + log_dbg(cd, "Keyring token JSON parse failed."); + return r; + } + + if (json_object_object_length(jobj_token) != 3) { + log_dbg(cd, "Keyring token is expected to have exactly 3 fields."); + goto out; + } + + if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) { + log_dbg(cd, "missing key_description field."); + goto out; + } + + if (!json_object_is_type(jobj_key, json_type_string)) { + log_dbg(cd, "key_description is not a string."); + goto out; + } + + /* TODO: perhaps check that key description is in '%s:%s' + * format where both strings are not empty */ + r = !strlen(json_object_get_string(jobj_key)); +out: + json_object_put(jobj_token); + return r; +} + +static void keyring_dump(struct crypt_device *cd, const char *json) +{ + enum json_tokener_error jerr; + json_object *jobj_token, *jobj_key; + + jobj_token = json_tokener_parse_verbose(json, &jerr); + if (!jobj_token) + return; + + if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) { + json_object_put(jobj_token); + return; + } + + log_std(cd, "\tKey description: %s\n", json_object_get_string(jobj_key)); + + json_object_put(jobj_token); +} + +int token_keyring_set(json_object **jobj_builtin_token, + const void *params) +{ + json_object *jobj_token, *jobj; + const struct crypt_token_params_luks2_keyring *keyring_params = (const struct crypt_token_params_luks2_keyring *) params; + + jobj_token = json_object_new_object(); + if (!jobj_token) + return -ENOMEM; + + jobj = json_object_new_string(LUKS2_TOKEN_KEYRING); + if (!jobj) { + json_object_put(jobj_token); + return -ENOMEM; + } + json_object_object_add(jobj_token, "type", jobj); + + jobj = json_object_new_array(); + if (!jobj) { + json_object_put(jobj_token); + return -ENOMEM; + } + json_object_object_add(jobj_token, "keyslots", jobj); + + jobj = json_object_new_string(keyring_params->key_description); + if (!jobj) { + json_object_put(jobj_token); + return -ENOMEM; + } + json_object_object_add(jobj_token, "key_description", jobj); + + *jobj_builtin_token = jobj_token; + return 0; +} + +int token_keyring_get(json_object *jobj_token, + void *params) +{ + json_object *jobj; + struct crypt_token_params_luks2_keyring *keyring_params = (struct crypt_token_params_luks2_keyring *) params; + + json_object_object_get_ex(jobj_token, "type", &jobj); + assert(!strcmp(json_object_get_string(jobj), LUKS2_TOKEN_KEYRING)); + + json_object_object_get_ex(jobj_token, "key_description", &jobj); + + keyring_params->key_description = json_object_get_string(jobj); + + return 0; +} + +const crypt_token_handler keyring_handler = { + .name = LUKS2_TOKEN_KEYRING, + .open = keyring_open, + .validate = keyring_validate, + .dump = keyring_dump +}; diff --git a/lib/random.c b/lib/random.c index 25c8a2c..060be4f 100644 --- a/lib/random.c +++ b/lib/random.c @@ -1,7 +1,7 @@ /* * cryptsetup kernel RNG access functions * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -20,7 +20,6 @@ #include #include -#include #include #include #include @@ -152,21 +151,24 @@ int crypt_random_init(struct crypt_device *ctx) /* Used for CRYPT_RND_NORMAL */ if(urandom_fd == -1) - urandom_fd = open(URANDOM_DEVICE, O_RDONLY); + urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC); if(urandom_fd == -1) goto fail; /* Used for CRYPT_RND_KEY */ if(random_fd == -1) - random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK); + random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC); if(random_fd == -1) goto fail; + if (crypt_fips_mode()) + log_verbose(ctx, _("Running in FIPS mode.")); + random_initialised = 1; return 0; fail: crypt_random_exit(); - log_err(ctx, _("Fatal error during RNG initialisation.\n")); + log_err(ctx, _("Fatal error during RNG initialisation.")); return -ENOSYS; } @@ -203,13 +205,12 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit } break; default: - log_err(ctx, _("Unknown RNG quality requested.\n")); + log_err(ctx, _("Unknown RNG quality requested.")); return -EINVAL; } if (status) - log_err(ctx, _("Error %d reading from RNG: %s\n"), - errno, strerror(errno)); + log_err(ctx, _("Error reading from RNG.")); return status; } @@ -231,9 +232,11 @@ void crypt_random_exit(void) int crypt_random_default_key_rng(void) { + /* coverity[pointless_string_compare] */ if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE)) return CRYPT_RNG_RANDOM; + /* coverity[pointless_string_compare] */ if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE)) return CRYPT_RNG_URANDOM; diff --git a/lib/setup.c b/lib/setup.c index 01e2c80..567f262 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -1,10 +1,10 @@ /* * libcryptsetup - cryptsetup library * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2014, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -26,16 +26,22 @@ #include #include #include -#include #include #include "libcryptsetup.h" #include "luks.h" +#include "luks2.h" #include "loopaes.h" #include "verity.h" #include "tcrypt.h" +#include "integrity.h" +#include "bitlk.h" +#include "utils_device_locking.h" #include "internal.h" +#define CRYPT_CD_UNRESTRICTED (1 << 0) +#define CRYPT_CD_QUIET (1 << 1) + struct crypt_device { char *type; @@ -43,11 +49,20 @@ struct crypt_device { struct device *metadata_device; struct volume_key *volume_key; - uint64_t timeout; - uint64_t iteration_time; - int tries; - int password_verify; int rng_type; + uint32_t compatibility; + struct crypt_pbkdf_type pbkdf; + + /* global context scope settings */ + unsigned key_in_keyring:1; + + uint64_t data_offset; + uint64_t metadata_size; /* Used in LUKS2 format */ + uint64_t keyslots_size; /* Used in LUKS2 format */ + + /* Workaround for OOM during parallel activation (like in systemd) */ + bool memory_hard_pbkdf_lock_enabled; + struct crypt_lock_handle *pbkdf_memory_hard_lock; // FIXME: private binary headers and access it properly // through sub-library (LUKS1, TCRYPT) @@ -55,35 +70,57 @@ struct crypt_device { union { struct { /* used in CRYPT_LUKS1 */ struct luks_phdr hdr; - uint64_t PBKDF2_per_sec; + char *cipher_spec; } luks1; + struct { /* used in CRYPT_LUKS2 */ + struct luks2_hdr hdr; + char cipher[MAX_CIPHER_LEN]; /* only for compatibility */ + char cipher_mode[MAX_CIPHER_LEN]; /* only for compatibility */ + char *keyslot_cipher; + unsigned int keyslot_key_size; + struct luks2_reenc_context *rh; + } luks2; struct { /* used in CRYPT_PLAIN */ struct crypt_params_plain hdr; + char *cipher_spec; char *cipher; - char *cipher_mode; + const char *cipher_mode; unsigned int key_size; } plain; struct { /* used in CRYPT_LOOPAES */ struct crypt_params_loopaes hdr; + char *cipher_spec; char *cipher; - char *cipher_mode; + const char *cipher_mode; unsigned int key_size; } loopaes; struct { /* used in CRYPT_VERITY */ struct crypt_params_verity hdr; - char *root_hash; + const char *root_hash; unsigned int root_hash_size; char *uuid; + struct device *fec_device; } verity; struct { /* used in CRYPT_TCRYPT */ struct crypt_params_tcrypt params; struct tcrypt_phdr hdr; } tcrypt; + struct { /* used in CRYPT_INTEGRITY */ + struct crypt_params_integrity params; + struct volume_key *journal_mac_key; + struct volume_key *journal_crypt_key; + uint32_t sb_flags; + } integrity; + struct { /* used in CRYPT_BITLK */ + struct bitlk_metadata params; + char *cipher_spec; + } bitlk; struct { /* used if initialized without header by name */ char *active_name; /* buffers, must refresh from kernel on every query */ + char cipher_spec[MAX_CIPHER_LEN*2+1]; char cipher[MAX_CIPHER_LEN]; - char cipher_mode[MAX_CIPHER_LEN]; + const char *cipher_mode; unsigned int key_size; } none; } u; @@ -93,24 +130,24 @@ struct crypt_device { void *log_usrptr; int (*confirm)(const char *msg, void *usrptr); void *confirm_usrptr; - int (*password)(const char *msg, char *buf, size_t length, void *usrptr); - void *password_usrptr; - - /* last error message */ - char error[MAX_ERROR_LENGTH]; }; /* Just to suppress redundant messages about crypto backend */ static int _crypto_logged = 0; -/* Global error */ -/* FIXME: not thread safe, remove this later */ -static char global_error[MAX_ERROR_LENGTH] = {0}; - /* Log helper */ static void (*_default_log)(int level, const char *msg, void *usrptr) = NULL; static int _debug_level = 0; +/* Library can do metadata locking */ +static int _metadata_locking = 1; + +/* Library scope detection for kernel keyring support */ +static int _kernel_keyring_supported; + +/* Library allowed to use kernel keyring for loading VK in kernel crypto layer */ +static int _vk_via_keyring = 1; + void crypt_set_debug_level(int level) { _debug_level = level; @@ -121,32 +158,21 @@ int crypt_get_debug_level(void) return _debug_level; } -static void crypt_set_error(struct crypt_device *cd, const char *error) +void crypt_log(struct crypt_device *cd, int level, const char *msg) { - size_t size = strlen(error); - - /* Set global error, ugly hack... */ - strncpy(global_error, error, MAX_ERROR_LENGTH - 2); - if (size < MAX_ERROR_LENGTH && global_error[size - 1] == '\n') - global_error[size - 1] = '\0'; + if (!msg) + return; - /* Set error string per context */ - if (cd) { - strncpy(cd->error, error, MAX_ERROR_LENGTH - 2); - if (size < MAX_ERROR_LENGTH && cd->error[size - 1] == '\n') - cd->error[size - 1] = '\0'; - } -} + if (level < _debug_level) + return; -void crypt_log(struct crypt_device *cd, int level, const char *msg) -{ if (cd && cd->log) cd->log(level, msg, cd->log_usrptr); else if (_default_log) _default_log(level, msg, NULL); - - if (level == CRYPT_LOG_ERROR) - crypt_set_error(cd, msg); + /* Default to stdout/stderr if there is no callback. */ + else + fprintf(level == CRYPT_LOG_ERROR ? stderr : stdout, "%s", msg); } __attribute__((format(printf, 5, 6))) @@ -154,24 +180,22 @@ void logger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) { va_list argp; - char *target = NULL; + char target[LOG_MAX_LEN + 2]; + int len; va_start(argp, format); - if (vasprintf(&target, format, argp) > 0 ) { - if (level >= 0) { - crypt_log(cd, level, target); -#ifdef CRYPT_DEBUG - } else if (_debug_level) - printf("# %s:%d %s\n", file ?: "?", line, target); -#else - } else if (_debug_level) - printf("# %s\n", target); -#endif + len = vsnprintf(&target[0], LOG_MAX_LEN, format, argp); + if (len > 0 && len < LOG_MAX_LEN) { + /* All verbose and error messages in tools end with EOL. */ + if (level == CRYPT_LOG_VERBOSE || level == CRYPT_LOG_ERROR || + level == CRYPT_LOG_DEBUG || level == CRYPT_LOG_DEBUG_JSON) + strncat(target, "\n", LOG_MAX_LEN); + + crypt_log(cd, level, target); } va_end(argp); - free(target); } static const char *mdata_device_path(struct crypt_device *cd) @@ -179,6 +203,11 @@ static const char *mdata_device_path(struct crypt_device *cd) return device_path(cd->metadata_device ?: cd->device); } +static const char *data_device_path(struct crypt_device *cd) +{ + return device_path(cd->device); +} + /* internal only */ struct device *crypt_metadata_device(struct crypt_device *cd) { @@ -197,18 +226,19 @@ int init_crypto(struct crypt_device *ctx) r = crypt_random_init(ctx); if (r < 0) { - log_err(ctx, _("Cannot initialize crypto RNG backend.\n")); + log_err(ctx, _("Cannot initialize crypto RNG backend.")); return r; } - r = crypt_backend_init(ctx); + r = crypt_backend_init(); if (r < 0) - log_err(ctx, _("Cannot initialize crypto backend.\n")); + log_err(ctx, _("Cannot initialize crypto backend.")); if (!r && !_crypto_logged) { - log_dbg("Crypto backend (%s) initialized.", crypt_backend_version()); + log_dbg(ctx, "Crypto backend (%s) initialized in cryptsetup library version %s.", + crypt_backend_version(), PACKAGE_VERSION); if (!uname(&uts)) - log_dbg("Detected kernel %s %s %s.", + log_dbg(ctx, "Detected kernel %s %s %s.", uts.sysname, uts.release, uts.machine); _crypto_logged = 1; } @@ -233,10 +263,10 @@ static int process_key(struct crypt_device *cd, const char *hash_name, r = crypt_plain_hash(cd, hash_name, (*vk)->key, key_size, pass, passLen); if (r < 0) { if (r == -ENOENT) - log_err(cd, _("Hash algorithm %s not supported.\n"), + log_err(cd, _("Hash algorithm %s not supported."), hash_name); else - log_err(cd, _("Key processing error (using hash %s).\n"), + log_err(cd, _("Key processing error (using hash %s)."), hash_name); crypt_free_volume_key(*vk); *vk = NULL; @@ -256,11 +286,21 @@ static int isPLAIN(const char *type) return (type && !strcmp(CRYPT_PLAIN, type)); } -static int isLUKS(const char *type) +static int isLUKS1(const char *type) { return (type && !strcmp(CRYPT_LUKS1, type)); } +static int isLUKS2(const char *type) +{ + return (type && !strcmp(CRYPT_LUKS2, type)); +} + +static int isLUKS(const char *type) +{ + return (isLUKS2(type) || isLUKS1(type)); +} + static int isLOOPAES(const char *type) { return (type && !strcmp(CRYPT_LOOPAES, type)); @@ -276,20 +316,75 @@ static int isTCRYPT(const char *type) return (type && !strcmp(CRYPT_TCRYPT, type)); } -static int onlyLUKS(struct crypt_device *cd) +static int isINTEGRITY(const char *type) +{ + return (type && !strcmp(CRYPT_INTEGRITY, type)); +} + +static int isBITLK(const char *type) +{ + return (type && !strcmp(CRYPT_BITLK, type)); +} + +static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags) { int r = 0; if (cd && !cd->type) { - log_err(cd, _("Cannot determine device type. Incompatible activation of device?\n")); + if (!(cdflags & CRYPT_CD_QUIET)) + log_err(cd, _("Cannot determine device type. Incompatible activation of device?")); r = -EINVAL; } + if (!cd || !isLUKS(cd->type)) { - log_err(cd, _("This operation is supported only for LUKS device.\n")); + if (!(cdflags & CRYPT_CD_QUIET)) + log_err(cd, _("This operation is supported only for LUKS device.")); r = -EINVAL; } - return r; + if (r || (cdflags & CRYPT_CD_UNRESTRICTED) || isLUKS1(cd->type)) + return r; + + return LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0, cdflags & CRYPT_CD_QUIET); +} + +static int onlyLUKS(struct crypt_device *cd) +{ + return _onlyLUKS(cd, 0); +} + +static int _onlyLUKS2(struct crypt_device *cd, uint32_t cdflags, uint32_t mask) +{ + int r = 0; + + if (cd && !cd->type) { + if (!(cdflags & CRYPT_CD_QUIET)) + log_err(cd, _("Cannot determine device type. Incompatible activation of device?")); + r = -EINVAL; + } + + if (!cd || !isLUKS2(cd->type)) { + if (!(cdflags & CRYPT_CD_QUIET)) + log_err(cd, _("This operation is supported only for LUKS2 device.")); + r = -EINVAL; + } + + if (r || (cdflags & CRYPT_CD_UNRESTRICTED)) + return r; + + return LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, mask, cdflags & CRYPT_CD_QUIET); +} + +/* Internal only */ +int onlyLUKS2(struct crypt_device *cd) +{ + return _onlyLUKS2(cd, 0, 0); +} + +/* Internal only */ +int onlyLUKS2mask(struct crypt_device *cd, uint32_t mask) +{ + return _onlyLUKS2(cd, 0, mask); } static void crypt_set_null_type(struct crypt_device *cd) @@ -300,6 +395,9 @@ static void crypt_set_null_type(struct crypt_device *cd) free(cd->type); cd->type = NULL; cd->u.none.active_name = NULL; + cd->data_offset = 0; + cd->metadata_size = 0; + cd->keyslots_size = 0; } static void crypt_reset_null_type(struct crypt_device *cd) @@ -314,34 +412,44 @@ static void crypt_reset_null_type(struct crypt_device *cd) /* keyslot helpers */ static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot) { + crypt_keyslot_info ki; + if (*keyslot == CRYPT_ANY_SLOT) { - *keyslot = LUKS_keyslot_find_empty(&cd->u.luks1.hdr); + if (isLUKS1(cd->type)) + *keyslot = LUKS_keyslot_find_empty(&cd->u.luks1.hdr); + else + *keyslot = LUKS2_keyslot_find_empty(&cd->u.luks2.hdr); if (*keyslot < 0) { - log_err(cd, _("All key slots full.\n")); + log_err(cd, _("All key slots full.")); return -EINVAL; } } - switch (LUKS_keyslot_info(&cd->u.luks1.hdr, *keyslot)) { + if (isLUKS1(cd->type)) + ki = LUKS_keyslot_info(&cd->u.luks1.hdr, *keyslot); + else + ki = LUKS2_keyslot_info(&cd->u.luks2.hdr, *keyslot); + switch (ki) { case CRYPT_SLOT_INVALID: - log_err(cd, _("Key slot %d is invalid, please select between 0 and %d.\n"), + log_err(cd, _("Key slot %d is invalid, please select between 0 and %d."), *keyslot, LUKS_NUMKEYS - 1); return -EINVAL; case CRYPT_SLOT_INACTIVE: break; default: - log_err(cd, _("Key slot %d is full, please select another one.\n"), + log_err(cd, _("Key slot %d is full, please select another one."), *keyslot); return -EINVAL; } + log_dbg(cd, "Selected keyslot %d.", *keyslot); return 0; } /* * compares UUIDs returned by device-mapper (striped by cryptsetup) and uuid in header */ -static int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid) +int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid) { int i, j; char *str; @@ -373,7 +481,7 @@ static int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid) */ static int crypt_uuid_type_cmp(struct crypt_device *cd, const char *type) { - struct crypt_dm_active_device dmd = {}; + struct crypt_dm_active_device dmd; size_t len; int r; @@ -381,7 +489,7 @@ static int crypt_uuid_type_cmp(struct crypt_device *cd, const char *type) if (cd->type || !cd->u.none.active_name) return -EINVAL; - log_dbg("Checking if active device %s without header has UUID type %s.", + log_dbg(cd, "Checking if active device %s without header has UUID type %s.", cd->u.none.active_name, type); r = dm_query_device(cd, cd->u.none.active_name, DM_ACTIVE_UUID, &dmd); @@ -405,45 +513,29 @@ int PLAIN_activate(struct crypt_device *cd, uint32_t flags) { int r; - char *dm_cipher = NULL; - enum devcheck device_check; struct crypt_dm_active_device dmd = { - .target = DM_CRYPT, - .size = size, - .flags = flags, - .data_device = crypt_data_device(cd), - .u.crypt = { - .cipher = NULL, - .vk = vk, - .offset = crypt_get_data_offset(cd), - .iv_offset = crypt_get_iv_offset(cd), - } + .flags = flags, + .size = size, }; - if (dmd.flags & CRYPT_ACTIVATE_SHARED) - device_check = DEV_SHARED; - else - device_check = DEV_EXCL; + log_dbg(cd, "Trying to activate PLAIN device %s using cipher %s.", + name, crypt_get_cipher_spec(cd)); - r = device_block_adjust(cd, dmd.data_device, device_check, - dmd.u.crypt.offset, &dmd.size, &dmd.flags); - if (r) - return r; + if (MISALIGNED(size, device_block_size(cd, crypt_data_device(cd)) >> SECTOR_SHIFT)) { + log_err(cd, _("Device size is not aligned to device logical block size.")); + return -EINVAL; + } - if (crypt_get_cipher_mode(cd)) - r = asprintf(&dm_cipher, "%s-%s", crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); - else - r = asprintf(&dm_cipher, "%s", crypt_get_cipher(cd)); + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), + vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd), + crypt_get_data_offset(cd), crypt_get_integrity(cd), + crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd)); if (r < 0) - return -ENOMEM; - - dmd.u.crypt.cipher = dm_cipher; - log_dbg("Trying to activate PLAIN device %s using cipher %s.", - name, dmd.u.crypt.cipher); + return r; - r = dm_create_device(cd, name, CRYPT_PLAIN, &dmd, 0); + r = create_or_reload_device(cd, name, CRYPT_PLAIN, &dmd); - free(dm_cipher); + dm_targets_free(cd, &dmd); return r; } @@ -455,98 +547,6 @@ int crypt_confirm(struct crypt_device *cd, const char *msg) return cd->confirm(msg, cd->confirm_usrptr); } -static int key_from_terminal(struct crypt_device *cd, char *msg, char **key, - size_t *key_len, int force_verify) -{ - char *prompt = NULL, *device_name; - int r; - - *key = NULL; - if(!msg) { - if (crypt_loop_device(crypt_get_device_name(cd))) - device_name = crypt_loop_backing_file(crypt_get_device_name(cd)); - else - device_name = strdup(crypt_get_device_name(cd)); - if (!device_name) - return -ENOMEM; - r = asprintf(&prompt, _("Enter passphrase for %s: "), device_name); - free(device_name); - if (r < 0) - return -ENOMEM; - msg = prompt; - } - - if (cd->password) { - *key = crypt_safe_alloc(DEFAULT_PASSPHRASE_SIZE_MAX); - if (!*key) { - r = -ENOMEM; - goto out; - } - r = cd->password(msg, *key, DEFAULT_PASSPHRASE_SIZE_MAX, - cd->password_usrptr); - if (r < 0) { - crypt_safe_free(*key); - *key = NULL; - } else - *key_len = r; - } else - r = crypt_get_key(msg, key, key_len, 0, 0, NULL, cd->timeout, - (force_verify || cd->password_verify), cd); -out: - free(prompt); - return (r < 0) ? r: 0; -} - -static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslot, - struct volume_key **vk) -{ - char *passphrase_read = NULL; - size_t passphrase_size_read; - int r = -EINVAL, eperm = 0, tries = cd->tries; - - *vk = NULL; - do { - crypt_free_volume_key(*vk); - *vk = NULL; - - r = key_from_terminal(cd, NULL, &passphrase_read, - &passphrase_size_read, 0); - /* Continue if it is just passphrase verify mismatch */ - if (r == -EPERM) - continue; - if(r < 0) - goto out; - - r = LUKS_open_key_with_hdr(keyslot, passphrase_read, - passphrase_size_read, &cd->u.luks1.hdr, vk, cd); - if (r == -EPERM) - eperm = 1; - crypt_safe_free(passphrase_read); - passphrase_read = NULL; - } while (r == -EPERM && (--tries > 0)); -out: - if (r < 0) { - crypt_free_volume_key(*vk); - *vk = NULL; - - /* Report wrong passphrase if at least one try failed */ - if (eperm && r == -EPIPE) - r = -EPERM; - } - - crypt_safe_free(passphrase_read); - return r; -} - -static int key_from_file(struct crypt_device *cd, char *msg, - char **key, size_t *key_len, - const char *key_file, size_t key_offset, - size_t key_size) -{ - return crypt_get_key(msg, key, key_len, key_offset, key_size, key_file, - cd->timeout, 0, cd); -} - void crypt_set_log_callback(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr) @@ -563,40 +563,10 @@ void crypt_set_confirm_callback(struct crypt_device *cd, int (*confirm)(const char *msg, void *usrptr), void *usrptr) { - cd->confirm = confirm; - cd->confirm_usrptr = usrptr; -} - -void crypt_set_password_callback(struct crypt_device *cd, - int (*password)(const char *msg, char *buf, size_t length, void *usrptr), - void *usrptr) -{ - cd->password = password; - cd->password_usrptr = usrptr; -} - -static void _get_error(char *error, char *buf, size_t size) -{ - if (!buf || size < 1) - error[0] = '\0'; - else if (*error) { - strncpy(buf, error, size - 1); - buf[size - 1] = '\0'; - error[0] = '\0'; - } else - buf[0] = '\0'; -} - -void crypt_last_error(struct crypt_device *cd, char *buf, size_t size) -{ - if (cd) - return _get_error(cd->error, buf, size); -} - -/* Deprecated global error interface */ -void crypt_get_error(char *buf, size_t size) -{ - return _get_error(global_error, buf, size); + if (cd) { + cd->confirm = confirm; + cd->confirm_usrptr = usrptr; + } } const char *crypt_get_dir(void) @@ -612,27 +582,28 @@ int crypt_init(struct crypt_device **cd, const char *device) if (!cd) return -EINVAL; - log_dbg("Allocating crypt device %s context.", device); + log_dbg(NULL, "Allocating context for crypt device %s.", device ?: "(none)"); +#if !HAVE_DECL_O_CLOEXEC + log_dbg(NULL, "Running without O_CLOEXEC."); +#endif if (!(h = malloc(sizeof(struct crypt_device)))) return -ENOMEM; memset(h, 0, sizeof(*h)); - r = device_alloc(&h->device, device); + r = device_alloc(NULL, &h->device, device); if (r < 0) goto bad; - dm_backend_init(); + dm_backend_init(NULL); - h->iteration_time = 1000; - h->password_verify = 0; - h->tries = 3; h->rng_type = crypt_random_default_key_rng(); + *cd = h; return 0; bad: - device_free(h->device); + device_free(NULL, h->device); free(h); return r; } @@ -642,7 +613,7 @@ static int crypt_check_data_device_size(struct crypt_device *cd) int r; uint64_t size, size_min; - /* Check data device size, require at least one sector */ + /* Check data device size, require at least header or one sector */ size_min = crypt_get_data_offset(cd) << SECTOR_SHIFT ?: SECTOR_SIZE; r = device_size(cd->device, &size); @@ -650,7 +621,7 @@ static int crypt_check_data_device_size(struct crypt_device *cd) return r; if (size < size_min) { - log_err(cd, _("Header detected but device %s is too small.\n"), + log_err(cd, _("Header detected but device %s is too small."), device_path(cd->device)); return -EINVAL; } @@ -658,53 +629,211 @@ static int crypt_check_data_device_size(struct crypt_device *cd) return r; } -int crypt_set_data_device(struct crypt_device *cd, const char *device) +static int _crypt_set_data_device(struct crypt_device *cd, const char *device) { struct device *dev = NULL; int r; - log_dbg("Setting ciphertext data device to %s.", device ?: "(none)"); - - if (!isLUKS(cd->type) && !isVERITY(cd->type)) { - log_err(cd, _("This operation is not supported for this device type.\n")); - return -EINVAL; - } - - /* metadata device must be set */ - if (!cd->device || !device) - return -EINVAL; - - r = device_alloc(&dev, device); + r = device_alloc(cd, &dev, device); if (r < 0) return r; if (!cd->metadata_device) { cd->metadata_device = cd->device; } else - device_free(cd->device); + device_free(cd, cd->device); cd->device = dev; return crypt_check_data_device_size(cd); } -static int _crypt_load_luks1(struct crypt_device *cd, int require_header, int repair) +int crypt_set_data_device(struct crypt_device *cd, const char *device) +{ + /* metadata device must be set */ + if (!cd || !cd->device || !device) + return -EINVAL; + + log_dbg(cd, "Setting ciphertext data device to %s.", device ?: "(none)"); + + if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type) && + !isINTEGRITY(cd->type)) { + log_err(cd, _("This operation is not supported for this device type.")); + return -EINVAL; + } + + if (isLUKS2(cd->type) && crypt_get_reenc_context(cd)) { + log_err(cd, _("Illegal operation with reencryption in-progress.")); + return -EINVAL; + } + + return _crypt_set_data_device(cd, device); +} + +int crypt_init_data_device(struct crypt_device **cd, const char *device, const char *data_device) { - struct luks_phdr hdr; int r; - r = init_crypto(cd); - if (r < 0) + if (!cd) + return -EINVAL; + + r = crypt_init(cd, device); + if (r || !data_device || !strcmp(device, data_device)) + return r; + + log_dbg(NULL, "Setting ciphertext data device to %s.", data_device); + r = _crypt_set_data_device(*cd, data_device); + if (r) { + crypt_free(*cd); + *cd = NULL; + } + + return r; +} + + +/* internal only */ +struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd) +{ + return &cd->pbkdf; +} + +/* + * crypt_load() helpers + */ +static int _crypt_load_luks2(struct crypt_device *cd, int reload, int repair) +{ + int r; + char *type = NULL; + struct luks2_hdr hdr2 = {}; + + log_dbg(cd, "%soading LUKS2 header (repair %sabled).", reload ? "Rel" : "L", repair ? "en" : "dis"); + + r = LUKS2_hdr_read(cd, &hdr2, repair); + if (r) return r; - r = LUKS_read_phdr(&hdr, require_header, repair, cd); + if (!reload && !(type = strdup(CRYPT_LUKS2))) { + r = -ENOMEM; + goto out; + } + + if (verify_pbkdf_params(cd, &cd->pbkdf)) { + r = init_pbkdf_type(cd, NULL, CRYPT_LUKS2); + if (r) + goto out; + } + + if (reload) { + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); + free(cd->u.luks2.keyslot_cipher); + } else + cd->type = type; + + r = 0; + memcpy(&cd->u.luks2.hdr, &hdr2, sizeof(hdr2)); + cd->u.luks2.keyslot_cipher = NULL; + cd->u.luks2.rh = NULL; + +out: + if (r) { + free(type); + LUKS2_hdr_free(cd, &hdr2); + } + return r; +} + +static void _luks2_reload(struct crypt_device *cd) +{ + if (!cd || !isLUKS2(cd->type)) + return; + + (void) _crypt_load_luks2(cd, 1, 0); +} + +static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type, + int require_header, int repair) +{ + char *cipher_spec; + struct luks_phdr hdr = {}; + int r, version; + + r = init_crypto(cd); if (r < 0) return r; - if (!cd->type && !(cd->type = strdup(CRYPT_LUKS1))) - return -ENOMEM; + /* This will return 0 if primary LUKS2 header is damaged */ + version = LUKS2_hdr_version_unlocked(cd, NULL); + + if ((isLUKS1(requested_type) && version == 2) || + (isLUKS2(requested_type) && version == 1)) + return -EINVAL; + + if (requested_type) + version = 0; + + if (isLUKS1(requested_type) || version == 1) { + if (cd->type && isLUKS2(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } - memcpy(&cd->u.luks1.hdr, &hdr, sizeof(hdr)); + if (verify_pbkdf_params(cd, &cd->pbkdf)) { + r = init_pbkdf_type(cd, NULL, CRYPT_LUKS1); + if (r) + return r; + } + + r = LUKS_read_phdr(&hdr, require_header, repair, cd); + if (r) + goto out; + + if (!cd->type && !(cd->type = strdup(CRYPT_LUKS1))) { + r = -ENOMEM; + goto out; + } + + /* Set hash to the same as in the loaded header */ + if (!cd->pbkdf.hash || strcmp(cd->pbkdf.hash, hdr.hashSpec)) { + free(CONST_CAST(void*)cd->pbkdf.hash); + cd->pbkdf.hash = strdup(hdr.hashSpec); + if (!cd->pbkdf.hash) { + r = -ENOMEM; + goto out; + } + } + + if (asprintf(&cipher_spec, "%s-%s", hdr.cipherName, hdr.cipherMode) < 0) { + r = -ENOMEM; + goto out; + } + + free(cd->u.luks1.cipher_spec); + cd->u.luks1.cipher_spec = cipher_spec; + + memcpy(&cd->u.luks1.hdr, &hdr, sizeof(hdr)); + } else if (isLUKS2(requested_type) || version == 2 || version == 0) { + if (cd->type && isLUKS1(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } + + /* + * Current LUKS2 repair just overrides blkid probes + * and perform auto-recovery if possible. This is safe + * unless future LUKS2 repair code do something more + * sophisticated. In such case we would need to check + * for LUKS2 requirements and decide if it's safe to + * perform repair. + */ + r = _crypt_load_luks2(cd, cd->type != NULL, repair); + } else { + if (version > 2) + log_err(cd, _("Unsupported LUKS version %d."), version); + r = -EINVAL; + } +out: + crypt_safe_memzero(&hdr, sizeof(hdr)); return r; } @@ -716,6 +845,11 @@ static int _crypt_load_tcrypt(struct crypt_device *cd, struct crypt_params_tcryp if (!params) return -EINVAL; + if (cd->metadata_device) { + log_err(cd, _("Detached metadata device is not supported for this crypt type.")); + return -EINVAL; + } + r = init_crypto(cd); if (r < 0) return r; @@ -728,6 +862,7 @@ static int _crypt_load_tcrypt(struct crypt_device *cd, struct crypt_params_tcryp cd->u.tcrypt.params.passphrase_size = 0; cd->u.tcrypt.params.keyfiles = NULL; cd->u.tcrypt.params.keyfiles_count = 0; + cd->u.tcrypt.params.veracrypt_pim = 0; if (r < 0) return r; @@ -757,29 +892,270 @@ static int _crypt_load_verity(struct crypt_device *cd, struct crypt_params_verit if (r < 0) return r; - if (params) - cd->u.verity.hdr.flags = params->flags; + //FIXME: use crypt_free + if (!cd->type && !(cd->type = strdup(CRYPT_VERITY))) { + free(CONST_CAST(void*)cd->u.verity.hdr.hash_name); + free(CONST_CAST(void*)cd->u.verity.hdr.salt); + free(cd->u.verity.uuid); + crypt_safe_memzero(&cd->u.verity.hdr, sizeof(cd->u.verity.hdr)); + return -ENOMEM; + } + + if (params) + cd->u.verity.hdr.flags = params->flags; /* Hash availability checked in sb load */ cd->u.verity.root_hash_size = crypt_hash_size(cd->u.verity.hdr.hash_name); if (cd->u.verity.root_hash_size > 4096) return -EINVAL; - if (!cd->type && !(cd->type = strdup(CRYPT_VERITY))) - return -ENOMEM; - if (params && params->data_device && (r = crypt_set_data_device(cd, params->data_device)) < 0) return r; + if (params && params->fec_device) { + r = device_alloc(cd, &cd->u.verity.fec_device, params->fec_device); + if (r < 0) + return r; + cd->u.verity.hdr.fec_area_offset = params->fec_area_offset; + cd->u.verity.hdr.fec_roots = params->fec_roots; + } + + return r; +} + +static int _crypt_load_integrity(struct crypt_device *cd, + struct crypt_params_integrity *params) +{ + int r; + + r = init_crypto(cd); + if (r < 0) + return r; + + r = INTEGRITY_read_sb(cd, &cd->u.integrity.params, &cd->u.integrity.sb_flags); + if (r < 0) + return r; + + // FIXME: add checks for fields in integrity sb vs params + + if (params) { + cd->u.integrity.params.journal_watermark = params->journal_watermark; + cd->u.integrity.params.journal_commit_time = params->journal_commit_time; + cd->u.integrity.params.buffer_sectors = params->buffer_sectors; + // FIXME: check ENOMEM + if (params->integrity) + cd->u.integrity.params.integrity = strdup(params->integrity); + cd->u.integrity.params.integrity_key_size = params->integrity_key_size; + if (params->journal_integrity) + cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity); + if (params->journal_crypt) + cd->u.integrity.params.journal_crypt = strdup(params->journal_crypt); + + if (params->journal_crypt_key) { + cd->u.integrity.journal_crypt_key = + crypt_alloc_volume_key(params->journal_crypt_key_size, + params->journal_crypt_key); + if (!cd->u.integrity.journal_crypt_key) + return -ENOMEM; + } + if (params->journal_integrity_key) { + cd->u.integrity.journal_mac_key = + crypt_alloc_volume_key(params->journal_integrity_key_size, + params->journal_integrity_key); + if (!cd->u.integrity.journal_mac_key) + return -ENOMEM; + } + } + + if (!cd->type && !(cd->type = strdup(CRYPT_INTEGRITY))) { + free(CONST_CAST(void*)cd->u.integrity.params.integrity); + return -ENOMEM; + } + + return 0; +} + +static int _crypt_load_bitlk(struct crypt_device *cd, + struct bitlk_metadata *params) +{ + int r; + + r = init_crypto(cd); + if (r < 0) + return r; + + r = BITLK_read_sb(cd, &cd->u.bitlk.params); + if (r < 0) + return r; + + if (asprintf(&cd->u.bitlk.cipher_spec, "%s-%s", + cd->u.bitlk.params.cipher, cd->u.bitlk.params.cipher_mode) < 0) { + cd->u.bitlk.cipher_spec = NULL; + return -ENOMEM; + } + + if (!cd->type && !(cd->type = strdup(CRYPT_BITLK))) + return -ENOMEM; + + return 0; +} + +int crypt_load(struct crypt_device *cd, + const char *requested_type, + void *params) +{ + int r; + + if (!cd) + return -EINVAL; + + log_dbg(cd, "Trying to load %s crypt type from device %s.", + requested_type ?: "any", mdata_device_path(cd) ?: "(none)"); + + if (!crypt_metadata_device(cd)) + return -EINVAL; + + crypt_reset_null_type(cd); + cd->data_offset = 0; + cd->metadata_size = 0; + cd->keyslots_size = 0; + + if (!requested_type || isLUKS1(requested_type) || isLUKS2(requested_type)) { + if (cd->type && !isLUKS1(cd->type) && !isLUKS2(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } + + r = _crypt_load_luks(cd, requested_type, 1, 0); + } else if (isVERITY(requested_type)) { + if (cd->type && !isVERITY(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } + r = _crypt_load_verity(cd, params); + } else if (isTCRYPT(requested_type)) { + if (cd->type && !isTCRYPT(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } + r = _crypt_load_tcrypt(cd, params); + } else if (isINTEGRITY(requested_type)) { + if (cd->type && !isINTEGRITY(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } + r = _crypt_load_integrity(cd, params); + } else if (isBITLK(requested_type)) { + if (cd->type && !isBITLK(cd->type)) { + log_dbg(cd, "Context is already initialized to type %s", cd->type); + return -EINVAL; + } + r = _crypt_load_bitlk(cd, params); + } else + return -EINVAL; + + return r; +} + +/* + * crypt_init() helpers + */ +static int _init_by_name_crypt_none(struct crypt_device *cd) +{ + int r; + char _mode[MAX_CIPHER_LEN]; + struct crypt_dm_active_device dmd; + struct dm_target *tgt = &dmd.segment; + + if (cd->type || !cd->u.none.active_name) + return -EINVAL; + + r = dm_query_device(cd, cd->u.none.active_name, + DM_ACTIVE_CRYPT_CIPHER | + DM_ACTIVE_CRYPT_KEYSIZE, &dmd); + if (r < 0) + return r; + if (!single_segment(&dmd) || tgt->type != DM_CRYPT) + r = -EINVAL; + if (r >= 0) + r = crypt_parse_name_and_mode(tgt->u.crypt.cipher, + cd->u.none.cipher, NULL, + _mode); + + if (!r) { + snprintf(cd->u.none.cipher_spec, sizeof(cd->u.none.cipher_spec), + "%s-%s", cd->u.none.cipher, _mode); + cd->u.none.cipher_mode = cd->u.none.cipher_spec + strlen(cd->u.none.cipher) + 1; + cd->u.none.key_size = tgt->u.crypt.vk->keylength; + } + + dm_targets_free(cd, &dmd); return r; } +static const char *LUKS_UUID(struct crypt_device *cd) +{ + if (!cd) + return NULL; + else if (isLUKS1(cd->type)) + return cd->u.luks1.hdr.uuid; + else if (isLUKS2(cd->type)) + return cd->u.luks2.hdr.uuid; + + return NULL; +} + +static void crypt_free_type(struct crypt_device *cd) +{ + if (isPLAIN(cd->type)) { + free(CONST_CAST(void*)cd->u.plain.hdr.hash); + free(cd->u.plain.cipher); + free(cd->u.plain.cipher_spec); + } else if (isLUKS2(cd->type)) { + LUKS2_reenc_context_free(cd, cd->u.luks2.rh); + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); + free(cd->u.luks2.keyslot_cipher); + } else if (isLUKS1(cd->type)) { + free(cd->u.luks1.cipher_spec); + } else if (isLOOPAES(cd->type)) { + free(CONST_CAST(void*)cd->u.loopaes.hdr.hash); + free(cd->u.loopaes.cipher); + free(cd->u.loopaes.cipher_spec); + } else if (isVERITY(cd->type)) { + free(CONST_CAST(void*)cd->u.verity.hdr.hash_name); + free(CONST_CAST(void*)cd->u.verity.hdr.data_device); + free(CONST_CAST(void*)cd->u.verity.hdr.hash_device); + free(CONST_CAST(void*)cd->u.verity.hdr.fec_device); + free(CONST_CAST(void*)cd->u.verity.hdr.salt); + free(CONST_CAST(void*)cd->u.verity.root_hash); + free(cd->u.verity.uuid); + device_free(cd, cd->u.verity.fec_device); + } else if (isINTEGRITY(cd->type)) { + free(CONST_CAST(void*)cd->u.integrity.params.integrity); + free(CONST_CAST(void*)cd->u.integrity.params.journal_integrity); + free(CONST_CAST(void*)cd->u.integrity.params.journal_crypt); + crypt_free_volume_key(cd->u.integrity.journal_crypt_key); + crypt_free_volume_key(cd->u.integrity.journal_mac_key); + } else if (isBITLK(cd->type)) { + free(cd->u.bitlk.cipher_spec); + BITLK_bitlk_metadata_free(&cd->u.bitlk.params); + } else if (!cd->type) { + free(cd->u.none.active_name); + cd->u.none.active_name = NULL; + } + + crypt_set_null_type(cd); +} + static int _init_by_name_crypt(struct crypt_device *cd, const char *name) { - struct crypt_dm_active_device dmd = {}; - char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + bool found = false; + char **dep, *cipher_spec = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = {}; + const char *dev, *namei; int key_nums, r; + struct crypt_dm_active_device dmd, dmdi = {}, dmdep = {}; + struct dm_target *tgt = &dmd.segment, *tgti = &dmdi.segment; r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | @@ -787,106 +1163,245 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) DM_ACTIVE_CRYPT_CIPHER | DM_ACTIVE_CRYPT_KEYSIZE, &dmd); if (r < 0) + return r; + + if (tgt->type != DM_CRYPT && tgt->type != DM_LINEAR) { + log_dbg(cd, "Unsupported device table detected in %s.", name); + r = -EINVAL; goto out; - if (r > 0) - r = 0; + } - if (isPLAIN(cd->type)) { - cd->u.plain.hdr.hash = NULL; /* no way to get this */ - cd->u.plain.hdr.offset = dmd.u.crypt.offset; - cd->u.plain.hdr.skip = dmd.u.crypt.iv_offset; - cd->u.plain.key_size = dmd.u.crypt.vk->keylength; + r = -EINVAL; - r = crypt_parse_name_and_mode(dmd.u.crypt.cipher, cipher, NULL, cipher_mode); - if (!r) { - cd->u.plain.cipher = strdup(cipher); - cd->u.plain.cipher_mode = strdup(cipher_mode); + if (dmd.uuid) { + r = snprintf(deps_uuid_prefix, sizeof(deps_uuid_prefix), CRYPT_SUBDEV "-%.32s", dmd.uuid + 6); + if (r < 0 || (size_t)r != (sizeof(deps_uuid_prefix) - 1)) + r = -EINVAL; + } + + if (r >= 0) { + r = dm_device_deps(cd, name, deps_uuid_prefix, deps, ARRAY_SIZE(deps)); + if (r) + goto out; + } + + r = crypt_parse_name_and_mode(tgt->type == DM_LINEAR ? "null" : tgt->u.crypt.cipher, cipher, + &key_nums, cipher_mode); + if (r < 0) { + log_dbg(cd, "Cannot parse cipher and mode from active device."); + goto out; + } + + dep = deps; + + if (tgt->type == DM_CRYPT && tgt->u.crypt.integrity && (namei = device_dm_name(tgt->data_device))) { + r = dm_query_device(cd, namei, DM_ACTIVE_DEVICE, &dmdi); + if (r < 0) + goto out; + if (!single_segment(&dmdi) || tgti->type != DM_INTEGRITY) { + log_dbg(cd, "Unsupported device table detected in %s.", namei); + r = -EINVAL; + goto out; } - } else if (isLOOPAES(cd->type)) { - cd->u.loopaes.hdr.offset = dmd.u.crypt.offset; + if (!cd->metadata_device) { + device_free(cd, cd->device); + MOVE_REF(cd->device, tgti->data_device); + } + } - r = crypt_parse_name_and_mode(dmd.u.crypt.cipher, cipher, - &key_nums, cipher_mode); - if (!r) { - cd->u.loopaes.cipher = strdup(cipher); - cd->u.loopaes.cipher_mode = strdup(cipher_mode); - /* version 3 uses last key for IV */ - if (dmd.u.crypt.vk->keylength % key_nums) - key_nums++; - cd->u.loopaes.key_size = dmd.u.crypt.vk->keylength / key_nums; + /* do not try to lookup LUKS2 header in detached header mode */ + if (!cd->metadata_device && !found) { + while (*dep && !found) { + r = dm_query_device(cd, *dep, DM_ACTIVE_DEVICE, &dmdep); + if (r < 0) + goto out; + + tgt = &dmdep.segment; + + while (tgt && !found) { + dev = device_path(tgt->data_device); + if (!dev) { + tgt = tgt->next; + continue; + } + if (!strstr(dev, dm_get_dir()) || + !crypt_string_in(dev + strlen(dm_get_dir()) + 1, deps, ARRAY_SIZE(deps))) { + device_free(cd, cd->device); + MOVE_REF(cd->device, tgt->data_device); + found = true; + } + tgt = tgt->next; + } + dep++; + dm_targets_free(cd, &dmdep); } - } else if (isLUKS(cd->type)) { + } + + if (asprintf(&cipher_spec, "%s-%s", cipher, cipher_mode) < 0) { + cipher_spec = NULL; + r = -ENOMEM; + goto out; + } + + tgt = &dmd.segment; + r = 0; + + if (isPLAIN(cd->type) && single_segment(&dmd) && tgt->type == DM_CRYPT) { + cd->u.plain.hdr.hash = NULL; /* no way to get this */ + cd->u.plain.hdr.offset = tgt->u.crypt.offset; + cd->u.plain.hdr.skip = tgt->u.crypt.iv_offset; + cd->u.plain.hdr.sector_size = tgt->u.crypt.sector_size; + cd->u.plain.key_size = tgt->u.crypt.vk->keylength; + cd->u.plain.cipher = strdup(cipher); + MOVE_REF(cd->u.plain.cipher_spec, cipher_spec); + cd->u.plain.cipher_mode = cd->u.plain.cipher_spec + strlen(cipher) + 1; + } else if (isLOOPAES(cd->type) && single_segment(&dmd) && tgt->type == DM_CRYPT) { + cd->u.loopaes.hdr.offset = tgt->u.crypt.offset; + cd->u.loopaes.cipher = strdup(cipher); + MOVE_REF(cd->u.loopaes.cipher_spec, cipher_spec); + cd->u.loopaes.cipher_mode = cd->u.loopaes.cipher_spec + strlen(cipher) + 1; + /* version 3 uses last key for IV */ + if (tgt->u.crypt.vk->keylength % key_nums) + key_nums++; + cd->u.loopaes.key_size = tgt->u.crypt.vk->keylength / key_nums; + } else if (isLUKS1(cd->type) || isLUKS2(cd->type)) { if (crypt_metadata_device(cd)) { - r = _crypt_load_luks1(cd, 0, 0); + r = _crypt_load_luks(cd, cd->type, 0, 0); if (r < 0) { - log_dbg("LUKS device header does not match active device."); + log_dbg(cd, "LUKS device header does not match active device."); crypt_set_null_type(cd); + device_close(cd, cd->metadata_device); + device_close(cd, cd->device); r = 0; goto out; } /* check whether UUIDs match each other */ - r = crypt_uuid_cmp(dmd.uuid, cd->u.luks1.hdr.uuid); + r = crypt_uuid_cmp(dmd.uuid, LUKS_UUID(cd)); if (r < 0) { - log_dbg("LUKS device header uuid: %s mismatches DM returned uuid %s", - cd->u.luks1.hdr.uuid, dmd.uuid); - crypt_set_null_type(cd); + log_dbg(cd, "LUKS device header uuid: %s mismatches DM returned uuid %s", + LUKS_UUID(cd), dmd.uuid); + crypt_free_type(cd); r = 0; + goto out; } } else { - log_dbg("LUKS device header not available."); + log_dbg(cd, "LUKS device header not available."); crypt_set_null_type(cd); r = 0; } - } else if (isTCRYPT(cd->type)) { - r = TCRYPT_init_by_name(cd, name, &dmd, &cd->device, + } else if (isTCRYPT(cd->type) && single_segment(&dmd) && tgt->type == DM_CRYPT) { + r = TCRYPT_init_by_name(cd, name, dmd.uuid, tgt, &cd->device, &cd->u.tcrypt.params, &cd->u.tcrypt.hdr); + } else if (isBITLK(cd->type)) { + r = _crypt_load_bitlk(cd, NULL); + if (r < 0) { + log_dbg(cd, "BITLK device header not available."); + crypt_set_null_type(cd); + r = 0; + } } out: - crypt_free_volume_key(dmd.u.crypt.vk); - device_free(dmd.data_device); - free(CONST_CAST(void*)dmd.u.crypt.cipher); + dm_targets_free(cd, &dmd); + dm_targets_free(cd, &dmdi); + dm_targets_free(cd, &dmdep); free(CONST_CAST(void*)dmd.uuid); + free(cipher_spec); + dep = deps; + while (*dep) + free(*dep++); return r; } static int _init_by_name_verity(struct crypt_device *cd, const char *name) { - struct crypt_params_verity params = {}; - struct crypt_dm_active_device dmd = { - .target = DM_VERITY, - .u.verity.vp = ¶ms, - }; + struct crypt_dm_active_device dmd; + struct dm_target *tgt = &dmd.segment; int r; r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_VERITY_HASH_DEVICE | + DM_ACTIVE_VERITY_ROOT_HASH | DM_ACTIVE_VERITY_PARAMS, &dmd); if (r < 0) + return r; + if (!single_segment(&dmd) || tgt->type != DM_VERITY) { + log_dbg(cd, "Unsupported device table detected in %s.", name); + r = -EINVAL; goto out; + } if (r > 0) r = 0; if (isVERITY(cd->type)) { cd->u.verity.uuid = NULL; // FIXME cd->u.verity.hdr.flags = CRYPT_VERITY_NO_HEADER; //FIXME - cd->u.verity.hdr.data_size = params.data_size; - cd->u.verity.root_hash_size = dmd.u.verity.root_hash_size; - cd->u.verity.root_hash = NULL; - cd->u.verity.hdr.hash_name = params.hash_name; + cd->u.verity.hdr.data_size = tgt->u.verity.vp->data_size; + cd->u.verity.root_hash_size = tgt->u.verity.root_hash_size; + MOVE_REF(cd->u.verity.hdr.hash_name, tgt->u.verity.vp->hash_name); cd->u.verity.hdr.data_device = NULL; cd->u.verity.hdr.hash_device = NULL; - cd->u.verity.hdr.data_block_size = params.data_block_size; - cd->u.verity.hdr.hash_block_size = params.hash_block_size; - cd->u.verity.hdr.hash_area_offset = dmd.u.verity.hash_offset; - cd->u.verity.hdr.hash_type = params.hash_type; - cd->u.verity.hdr.flags = params.flags; - cd->u.verity.hdr.salt_size = params.salt_size; - cd->u.verity.hdr.salt = params.salt; - cd->metadata_device = dmd.u.verity.hash_device; + cd->u.verity.hdr.data_block_size = tgt->u.verity.vp->data_block_size; + cd->u.verity.hdr.hash_block_size = tgt->u.verity.vp->hash_block_size; + cd->u.verity.hdr.hash_area_offset = tgt->u.verity.hash_offset; + cd->u.verity.hdr.fec_area_offset = tgt->u.verity.fec_offset; + cd->u.verity.hdr.hash_type = tgt->u.verity.vp->hash_type; + cd->u.verity.hdr.flags = tgt->u.verity.vp->flags; + cd->u.verity.hdr.salt_size = tgt->u.verity.vp->salt_size; + MOVE_REF(cd->u.verity.hdr.salt, tgt->u.verity.vp->salt); + MOVE_REF(cd->u.verity.hdr.fec_device, tgt->u.verity.vp->fec_device); + cd->u.verity.hdr.fec_roots = tgt->u.verity.vp->fec_roots; + MOVE_REF(cd->u.verity.fec_device, tgt->u.verity.fec_device); + MOVE_REF(cd->metadata_device, tgt->u.verity.hash_device); + MOVE_REF(cd->u.verity.root_hash, tgt->u.verity.root_hash); + } +out: + dm_targets_free(cd, &dmd); + return r; +} + +static int _init_by_name_integrity(struct crypt_device *cd, const char *name) +{ + struct crypt_dm_active_device dmd; + struct dm_target *tgt = &dmd.segment; + int r; + + r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | + DM_ACTIVE_CRYPT_KEY | + DM_ACTIVE_CRYPT_KEYSIZE | + DM_ACTIVE_INTEGRITY_PARAMS, &dmd); + if (r < 0) + return r; + if (!single_segment(&dmd) || tgt->type != DM_INTEGRITY) { + log_dbg(cd, "Unsupported device table detected in %s.", name); + r = -EINVAL; + goto out; + } + if (r > 0) + r = 0; + + if (isINTEGRITY(cd->type)) { + cd->u.integrity.params.tag_size = tgt->u.integrity.tag_size; + cd->u.integrity.params.sector_size = tgt->u.integrity.sector_size; + cd->u.integrity.params.journal_size = tgt->u.integrity.journal_size; + cd->u.integrity.params.journal_watermark = tgt->u.integrity.journal_watermark; + cd->u.integrity.params.journal_commit_time = tgt->u.integrity.journal_commit_time; + cd->u.integrity.params.interleave_sectors = tgt->u.integrity.interleave_sectors; + cd->u.integrity.params.buffer_sectors = tgt->u.integrity.buffer_sectors; + MOVE_REF(cd->u.integrity.params.integrity, tgt->u.integrity.integrity); + MOVE_REF(cd->u.integrity.params.journal_integrity, tgt->u.integrity.journal_integrity); + MOVE_REF(cd->u.integrity.params.journal_crypt, tgt->u.integrity.journal_crypt); + + if (tgt->u.integrity.vk) + cd->u.integrity.params.integrity_key_size = tgt->u.integrity.vk->keylength; + if (tgt->u.integrity.journal_integrity_key) + cd->u.integrity.params.journal_integrity_key_size = tgt->u.integrity.journal_integrity_key->keylength; + if (tgt->u.integrity.journal_crypt_key) + cd->u.integrity.params.integrity_key_size = tgt->u.integrity.journal_crypt_key->keylength; + MOVE_REF(cd->metadata_device, tgt->u.integrity.meta_device); } out: - device_free(dmd.data_device); + dm_targets_free(cd, &dmd); return r; } @@ -896,41 +1411,42 @@ int crypt_init_by_name_and_header(struct crypt_device **cd, { crypt_status_info ci; struct crypt_dm_active_device dmd; + struct dm_target *tgt = &dmd.segment; int r; - log_dbg("Allocating crypt device context by device %s.", name); + if (!cd || !name) + return -EINVAL; + + log_dbg(NULL, "Allocating crypt device context by device %s.", name); ci = crypt_status(NULL, name); if (ci == CRYPT_INVALID) return -ENODEV; if (ci < CRYPT_ACTIVE) { - log_err(NULL, _("Device %s is not active.\n"), name); + log_err(NULL, _("Device %s is not active."), name); return -ENODEV; } r = dm_query_device(NULL, name, DM_ACTIVE_DEVICE | DM_ACTIVE_UUID, &dmd); if (r < 0) - goto out; + return r; *cd = NULL; if (header_device) { r = crypt_init(cd, header_device); } else { - r = crypt_init(cd, device_path(dmd.data_device)); + r = crypt_init(cd, device_path(tgt->data_device)); /* Underlying device disappeared but mapping still active */ - if (!dmd.data_device || r == -ENOTBLK) - log_verbose(NULL, _("Underlying device for crypt device %s disappeared.\n"), + if (!tgt->data_device || r == -ENOTBLK) + log_verbose(NULL, _("Underlying device for crypt device %s disappeared."), name); /* Underlying device is not readable but crypt mapping exists */ - if (r == -ENOTBLK) { - device_free(dmd.data_device); - dmd.data_device = NULL; + if (r == -ENOTBLK) r = crypt_init(cd, NULL); - } } if (r < 0) @@ -943,38 +1459,46 @@ int crypt_init_by_name_and_header(struct crypt_device **cd, (*cd)->type = strdup(CRYPT_LOOPAES); else if (!strncmp(CRYPT_LUKS1, dmd.uuid, sizeof(CRYPT_LUKS1)-1)) (*cd)->type = strdup(CRYPT_LUKS1); + else if (!strncmp(CRYPT_LUKS2, dmd.uuid, sizeof(CRYPT_LUKS2)-1)) + (*cd)->type = strdup(CRYPT_LUKS2); else if (!strncmp(CRYPT_VERITY, dmd.uuid, sizeof(CRYPT_VERITY)-1)) (*cd)->type = strdup(CRYPT_VERITY); else if (!strncmp(CRYPT_TCRYPT, dmd.uuid, sizeof(CRYPT_TCRYPT)-1)) (*cd)->type = strdup(CRYPT_TCRYPT); + else if (!strncmp(CRYPT_INTEGRITY, dmd.uuid, sizeof(CRYPT_INTEGRITY)-1)) + (*cd)->type = strdup(CRYPT_INTEGRITY); + else if (!strncmp(CRYPT_BITLK, dmd.uuid, sizeof(CRYPT_BITLK)-1)) + (*cd)->type = strdup(CRYPT_BITLK); else - log_dbg("Unknown UUID set, some parameters are not set."); + log_dbg(NULL, "Unknown UUID set, some parameters are not set."); } else - log_dbg("Active device has no UUID set, some parameters are not set."); + log_dbg(NULL, "Active device has no UUID set, some parameters are not set."); if (header_device) { - r = crypt_set_data_device(*cd, device_path(dmd.data_device)); + r = crypt_set_data_device(*cd, device_path(tgt->data_device)); if (r < 0) goto out; } - /* Try to initialise basic parameters from active device */ + /* Try to initialize basic parameters from active device */ - if (dmd.target == DM_CRYPT) + if (tgt->type == DM_CRYPT || tgt->type == DM_LINEAR) r = _init_by_name_crypt(*cd, name); - else if (dmd.target == DM_VERITY) + else if (tgt->type == DM_VERITY) r = _init_by_name_verity(*cd, name); + else if (tgt->type == DM_INTEGRITY) + r = _init_by_name_integrity(*cd, name); out: if (r < 0) { crypt_free(*cd); *cd = NULL; - } else if (!(*cd)->type && name) { + } else if (!(*cd)->type) { /* For anonymous device (no header found) remember initialized name */ (*cd)->u.none.active_name = strdup(name); } - device_free(dmd.data_device); free(CONST_CAST(void*)dmd.uuid); + dm_targets_free(NULL, &dmd); return r; } @@ -983,6 +1507,9 @@ int crypt_init_by_name(struct crypt_device **cd, const char *name) return crypt_init_by_name_and_header(cd, name, NULL); } +/* + * crypt_format() helpers + */ static int _crypt_format_plain(struct crypt_device *cd, const char *cipher, const char *cipher_mode, @@ -990,21 +1517,48 @@ static int _crypt_format_plain(struct crypt_device *cd, size_t volume_key_size, struct crypt_params_plain *params) { + unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE; + uint64_t dev_size; + if (!cipher || !cipher_mode) { - log_err(cd, _("Invalid plain crypt parameters.\n")); + log_err(cd, _("Invalid plain crypt parameters.")); return -EINVAL; } if (volume_key_size > 1024) { - log_err(cd, _("Invalid key size.\n")); + log_err(cd, _("Invalid key size.")); return -EINVAL; } if (uuid) { - log_err(cd, _("UUID is not supported for this crypt type.\n")); + log_err(cd, _("UUID is not supported for this crypt type.")); + return -EINVAL; + } + + if (cd->metadata_device) { + log_err(cd, _("Detached metadata device is not supported for this crypt type.")); + return -EINVAL; + } + + /* For compatibility with old params structure */ + if (!sector_size) + sector_size = SECTOR_SIZE; + + if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE || + NOTPOW2(sector_size)) { + log_err(cd, _("Unsupported encryption sector size.")); return -EINVAL; } + if (sector_size > SECTOR_SIZE && !device_size(cd->device, &dev_size)) { + if (params && params->offset) + dev_size -= (params->offset * SECTOR_SIZE); + if (dev_size % sector_size) { + log_err(cd, _("Device size is not aligned to requested sector size.")); + return -EINVAL; + } + } + if (!(cd->type = strdup(CRYPT_PLAIN))) return -ENOMEM; @@ -1013,9 +1567,12 @@ static int _crypt_format_plain(struct crypt_device *cd, if (!cd->volume_key) return -ENOMEM; + if (asprintf(&cd->u.plain.cipher_spec, "%s-%s", cipher, cipher_mode) < 0) { + cd->u.plain.cipher_spec = NULL; + return -ENOMEM; + } cd->u.plain.cipher = strdup(cipher); - cd->u.plain.cipher_mode = strdup(cipher_mode); - + cd->u.plain.cipher_mode = cd->u.plain.cipher_spec + strlen(cipher) + 1; if (params && params->hash) cd->u.plain.hdr.hash = strdup(params->hash); @@ -1023,8 +1580,9 @@ static int _crypt_format_plain(struct crypt_device *cd, cd->u.plain.hdr.offset = params ? params->offset : 0; cd->u.plain.hdr.skip = params ? params->skip : 0; cd->u.plain.hdr.size = params ? params->size : 0; + cd->u.plain.hdr.sector_size = sector_size; - if (!cd->u.plain.cipher || !cd->u.plain.cipher_mode) + if (!cd->u.plain.cipher) return -ENOMEM; return 0; @@ -1041,9 +1599,19 @@ static int _crypt_format_luks1(struct crypt_device *cd, int r; unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT; unsigned long alignment_offset = 0; + uint64_t dev_size; + + if (!cipher || !cipher_mode) + return -EINVAL; if (!crypt_metadata_device(cd)) { - log_err(cd, _("Can't format LUKS without device.\n")); + log_err(cd, _("Can't format LUKS without device.")); + return -EINVAL; + } + + if (params && cd->data_offset && params->data_alignment && + (cd->data_offset % params->data_alignment)) { + log_err(cd, _("Requested data alignment is not compatible with data offset.")); return -EINVAL; } @@ -1056,50 +1624,312 @@ static int _crypt_format_luks1(struct crypt_device *cd, else cd->volume_key = crypt_generate_volume_key(cd, volume_key_size); - if(!cd->volume_key) + if (!cd->volume_key) return -ENOMEM; + if (verify_pbkdf_params(cd, &cd->pbkdf)) { + r = init_pbkdf_type(cd, NULL, CRYPT_LUKS1); + if (r) + return r; + } + + if (params && params->hash && strcmp(params->hash, cd->pbkdf.hash)) { + free(CONST_CAST(void*)cd->pbkdf.hash); + cd->pbkdf.hash = strdup(params->hash); + if (!cd->pbkdf.hash) + return -ENOMEM; + } + if (params && params->data_device) { - cd->metadata_device = cd->device; + if (!cd->metadata_device) + cd->metadata_device = cd->device; + else + device_free(cd, cd->device); cd->device = NULL; - if (device_alloc(&cd->device, params->data_device) < 0) + if (device_alloc(cd, &cd->device, params->data_device) < 0) return -ENOMEM; + } + + if (params && cd->metadata_device) { + /* For detached header the alignment is used directly as data offset */ + if (!cd->data_offset) + cd->data_offset = params->data_alignment; required_alignment = params->data_alignment * SECTOR_SIZE; } else if (params && params->data_alignment) { required_alignment = params->data_alignment * SECTOR_SIZE; } else - device_topology_alignment(cd->device, + device_topology_alignment(cd, cd->device, &required_alignment, &alignment_offset, DEFAULT_DISK_ALIGNMENT); - r = LUKS_generate_phdr(&cd->u.luks1.hdr, cd->volume_key, cipher, cipher_mode, - (params && params->hash) ? params->hash : "sha1", - uuid, LUKS_STRIPES, - required_alignment / SECTOR_SIZE, - alignment_offset / SECTOR_SIZE, - cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, - cd->metadata_device ? 1 : 0, cd); - if(r < 0) + r = LUKS_check_cipher(cd, volume_key_size, cipher, cipher_mode); + if (r < 0) return r; - /* Wipe first 8 sectors - fs magic numbers etc. */ - r = crypt_wipe(crypt_metadata_device(cd), 0, 8 * SECTOR_SIZE, CRYPT_WIPE_ZERO, 1); - if(r < 0) { - if (r == -EBUSY) - log_err(cd, _("Cannot format device %s which is still in use.\n"), - mdata_device_path(cd)); - else if (r == -EACCES) { - log_err(cd, _("Cannot format device %s, permission denied.\n"), - mdata_device_path(cd)); - r = -EINVAL; - } else - log_err(cd, _("Cannot wipe header on device %s.\n"), - mdata_device_path(cd)); - + r = LUKS_generate_phdr(&cd->u.luks1.hdr, cd->volume_key, cipher, cipher_mode, + cd->pbkdf.hash, uuid, + cd->data_offset * SECTOR_SIZE, + alignment_offset, required_alignment, cd); + if (r < 0) return r; - } + + r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL); + if (r < 0) + return r; + + if (!device_size(crypt_data_device(cd), &dev_size) && + dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE)) + log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n")); + + if (asprintf(&cd->u.luks1.cipher_spec, "%s-%s", cipher, cipher_mode) < 0) { + cd->u.luks1.cipher_spec = NULL; + return -ENOMEM; + } + + r = LUKS_wipe_header_areas(&cd->u.luks1.hdr, cd); + if (r < 0) { + free(cd->u.luks1.cipher_spec); + log_err(cd, _("Cannot wipe header on device %s."), + mdata_device_path(cd)); + return r; + } r = LUKS_write_phdr(&cd->u.luks1.hdr, cd); + if (r) + free(cd->u.luks1.cipher_spec); + + return r; +} + +static int _crypt_format_luks2(struct crypt_device *cd, + const char *cipher, + const char *cipher_mode, + const char *uuid, + const char *volume_key, + size_t volume_key_size, + struct crypt_params_luks2 *params) +{ + int r, integrity_key_size = 0; + unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT; + unsigned long alignment_offset = 0; + unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE; + const char *integrity = params ? params->integrity : NULL; + uint64_t dev_size; + uint32_t dmc_flags; + + cd->u.luks2.hdr.jobj = NULL; + cd->u.luks2.keyslot_cipher = NULL; + + if (!cipher || !cipher_mode) + return -EINVAL; + + if (!crypt_metadata_device(cd)) { + log_err(cd, _("Can't format LUKS without device.")); + return -EINVAL; + } + + if (params && cd->data_offset && params->data_alignment && + (cd->data_offset % params->data_alignment)) { + log_err(cd, _("Requested data alignment is not compatible with data offset.")); + return -EINVAL; + } + + if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE || + NOTPOW2(sector_size)) { + log_err(cd, _("Unsupported encryption sector size.")); + return -EINVAL; + } + if (sector_size != SECTOR_SIZE && !dm_flags(cd, DM_CRYPT, &dmc_flags) && + !(dmc_flags & DM_SECTOR_SIZE_SUPPORTED)) + log_std(cd, _("WARNING: The device activation will fail, dm-crypt is missing " + "support for requested encryption sector size.\n")); + + if (integrity) { + if (params->integrity_params) { + /* Standalone dm-integrity must not be used */ + if (params->integrity_params->integrity || + params->integrity_params->integrity_key_size) + return -EINVAL; + /* FIXME: journal encryption and MAC is here not yet supported */ + if (params->integrity_params->journal_crypt || + params->integrity_params->journal_integrity) + return -ENOTSUP; + } + if (!INTEGRITY_tag_size(cd, integrity, cipher, cipher_mode)) { + if (!strcmp(integrity, "none")) + integrity = NULL; + else + return -EINVAL; + } + integrity_key_size = INTEGRITY_key_size(cd, integrity); + if ((integrity_key_size < 0) || (integrity_key_size >= (int)volume_key_size)) { + log_err(cd, _("Volume key is too small for encryption with integrity extensions.")); + return -EINVAL; + } + } + + r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL); + if (r < 0) + return r; + + if (!(cd->type = strdup(CRYPT_LUKS2))) + return -ENOMEM; + + if (volume_key) + cd->volume_key = crypt_alloc_volume_key(volume_key_size, + volume_key); + else + cd->volume_key = crypt_generate_volume_key(cd, volume_key_size); + + if (!cd->volume_key) + return -ENOMEM; + + if (params && params->pbkdf) + r = crypt_set_pbkdf_type(cd, params->pbkdf); + else if (verify_pbkdf_params(cd, &cd->pbkdf)) + r = init_pbkdf_type(cd, NULL, CRYPT_LUKS2); + + if (r < 0) + return r; + + if (params && params->data_device) { + if (!cd->metadata_device) + cd->metadata_device = cd->device; + else + device_free(cd, cd->device); + cd->device = NULL; + if (device_alloc(cd, &cd->device, params->data_device) < 0) + return -ENOMEM; + } + + if (params && cd->metadata_device) { + /* For detached header the alignment is used directly as data offset */ + if (!cd->data_offset) + cd->data_offset = params->data_alignment; + required_alignment = params->data_alignment * SECTOR_SIZE; + } else if (params && params->data_alignment) { + required_alignment = params->data_alignment * SECTOR_SIZE; + } else + device_topology_alignment(cd, cd->device, + &required_alignment, + &alignment_offset, DEFAULT_DISK_ALIGNMENT); + + /* FIXME: allow this later also for normal ciphers (check AF_ALG availability. */ + if (integrity && !integrity_key_size) { + r = crypt_cipher_check_kernel(cipher, cipher_mode, integrity, volume_key_size); + if (r < 0) { + log_err(cd, _("Cipher %s-%s (key size %zd bits) is not available."), + cipher, cipher_mode, volume_key_size * 8); + goto out; + } + } + + if ((!integrity || integrity_key_size) && !crypt_cipher_wrapped_key(cipher, cipher_mode) && + !INTEGRITY_tag_size(cd, NULL, cipher, cipher_mode)) { + r = LUKS_check_cipher(cd, volume_key_size - integrity_key_size, + cipher, cipher_mode); + if (r < 0) + goto out; + } + + r = LUKS2_generate_hdr(cd, &cd->u.luks2.hdr, cd->volume_key, + cipher, cipher_mode, + integrity, uuid, + sector_size, + cd->data_offset * SECTOR_SIZE, + alignment_offset, + required_alignment, + cd->metadata_size, cd->keyslots_size); + if (r < 0) + goto out; + + r = device_size(crypt_data_device(cd), &dev_size); + if (r < 0) + goto out; + + if (dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE)) + log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n")); + + if (cd->metadata_size && (cd->metadata_size != LUKS2_metadata_size(cd->u.luks2.hdr.jobj))) + log_std(cd, _("WARNING: LUKS2 metadata size changed to %" PRIu64 " bytes.\n"), + LUKS2_metadata_size(cd->u.luks2.hdr.jobj)); + + if (cd->keyslots_size && (cd->keyslots_size != LUKS2_keyslots_size(cd->u.luks2.hdr.jobj))) + log_std(cd, _("WARNING: LUKS2 keyslots area size changed to %" PRIu64 " bytes.\n"), + LUKS2_keyslots_size(cd->u.luks2.hdr.jobj)); + + if (!integrity && sector_size > SECTOR_SIZE) { + dev_size -= (crypt_get_data_offset(cd) * SECTOR_SIZE); + if (dev_size % sector_size) { + log_err(cd, _("Device size is not aligned to requested sector size.")); + r = -EINVAL; + goto out; + } + } + + if (params && (params->label || params->subsystem)) { + r = LUKS2_hdr_labels(cd, &cd->u.luks2.hdr, + params->label, params->subsystem, 0); + if (r < 0) + goto out; + } + + r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr); + if (r < 0) { + log_err(cd, _("Cannot wipe header on device %s."), + mdata_device_path(cd)); + if (dev_size < LUKS2_hdr_and_areas_size(cd->u.luks2.hdr.jobj)) + log_err(cd, _("Device %s is too small."), device_path(crypt_metadata_device(cd))); + goto out; + } + + /* Wipe integrity superblock and create integrity superblock */ + if (crypt_get_integrity_tag_size(cd)) { + r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_ZERO, + crypt_get_data_offset(cd) * SECTOR_SIZE, + 8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL); + if (r < 0) { + if (r == -EBUSY) + log_err(cd, _("Cannot format device %s in use."), + data_device_path(cd)); + else if (r == -EACCES) { + log_err(cd, _("Cannot format device %s, permission denied."), + data_device_path(cd)); + r = -EINVAL; + } else + log_err(cd, _("Cannot wipe header on device %s."), + data_device_path(cd)); + + goto out; + } + + r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL); + if (r) + log_err(cd, _("Cannot format integrity for device %s."), + data_device_path(cd)); + } + + if (r < 0) + goto out; + + /* override sequence id check with format */ + r = LUKS2_hdr_write_force(cd, &cd->u.luks2.hdr); + if (r < 0) { + if (r == -EBUSY) + log_err(cd, _("Cannot format device %s in use."), + mdata_device_path(cd)); + else if (r == -EACCES) { + log_err(cd, _("Cannot format device %s, permission denied."), + mdata_device_path(cd)); + r = -EINVAL; + } else + log_err(cd, _("Cannot format device %s."), + mdata_device_path(cd)); + } + +out: + if (r) + LUKS2_hdr_free(cd, &cd->u.luks2.hdr); return r; } @@ -1111,17 +1941,22 @@ static int _crypt_format_loopaes(struct crypt_device *cd, struct crypt_params_loopaes *params) { if (!crypt_metadata_device(cd)) { - log_err(cd, _("Can't format LOOPAES without device.\n")); + log_err(cd, _("Can't format LOOPAES without device.")); return -EINVAL; } if (volume_key_size > 1024) { - log_err(cd, _("Invalid key size.\n")); + log_err(cd, _("Invalid key size.")); return -EINVAL; } if (uuid) { - log_err(cd, _("UUID is not supported for this crypt type.\n")); + log_err(cd, _("UUID is not supported for this crypt type.")); + return -EINVAL; + } + + if (cd->metadata_device) { + log_err(cd, _("Detached metadata device is not supported for this crypt type.")); return -EINVAL; } @@ -1146,38 +1981,51 @@ static int _crypt_format_verity(struct crypt_device *cd, struct crypt_params_verity *params) { int r = 0, hash_size; - uint64_t data_device_size; + uint64_t data_device_size, hash_blocks_size; + struct device *fec_device = NULL; + char *fec_device_path = NULL, *hash_name = NULL, *root_hash = NULL, *salt = NULL; if (!crypt_metadata_device(cd)) { - log_err(cd, _("Can't format VERITY without device.\n")); + log_err(cd, _("Can't format VERITY without device.")); return -EINVAL; } - if (!params || !params->data_device) + if (!params) + return -EINVAL; + + if (!params->data_device && !cd->metadata_device) return -EINVAL; if (params->hash_type > VERITY_MAX_HASH_TYPE) { - log_err(cd, _("Unsupported VERITY hash type %d.\n"), params->hash_type); + log_err(cd, _("Unsupported VERITY hash type %d."), params->hash_type); return -EINVAL; } if (VERITY_BLOCK_SIZE_OK(params->data_block_size) || VERITY_BLOCK_SIZE_OK(params->hash_block_size)) { - log_err(cd, _("Unsupported VERITY block size.\n")); + log_err(cd, _("Unsupported VERITY block size.")); + return -EINVAL; + } + + if (MISALIGNED_512(params->hash_area_offset)) { + log_err(cd, _("Unsupported VERITY hash offset.")); return -EINVAL; } - if (params->hash_area_offset % 512) { - log_err(cd, _("Unsupported VERITY hash offset.\n")); + if (MISALIGNED_512(params->fec_area_offset)) { + log_err(cd, _("Unsupported VERITY FEC offset.")); return -EINVAL; } if (!(cd->type = strdup(CRYPT_VERITY))) return -ENOMEM; - r = crypt_set_data_device(cd, params->data_device); - if (r) - return r; + if (params->data_device) { + r = crypt_set_data_device(cd, params->data_device); + if (r) + return r; + } + if (!params->data_size) { r = device_size(cd->device, &data_device_size); if (r < 0) @@ -1187,60 +2035,208 @@ static int _crypt_format_verity(struct crypt_device *cd, } else cd->u.verity.hdr.data_size = params->data_size; + if (device_is_identical(crypt_metadata_device(cd), crypt_data_device(cd)) && + (cd->u.verity.hdr.data_size * params->data_block_size) > params->hash_area_offset) { + log_err(cd, _("Data area overlaps with hash area.")); + return -EINVAL; + } + hash_size = crypt_hash_size(params->hash_name); if (hash_size <= 0) { - log_err(cd, _("Hash algorithm %s not supported.\n"), + log_err(cd, _("Hash algorithm %s not supported."), params->hash_name); return -EINVAL; } cd->u.verity.root_hash_size = hash_size; - cd->u.verity.root_hash = malloc(cd->u.verity.root_hash_size); - if (!cd->u.verity.root_hash) - return -ENOMEM; + if (params->fec_device) { + fec_device_path = strdup(params->fec_device); + if (!fec_device_path) + return -ENOMEM; + r = device_alloc(cd, &fec_device, params->fec_device); + if (r < 0) { + r = -ENOMEM; + goto err; + } + + hash_blocks_size = VERITY_hash_blocks(cd, params) * params->hash_block_size; + if (device_is_identical(crypt_metadata_device(cd), fec_device) && + (params->hash_area_offset + hash_blocks_size) > params->fec_area_offset) { + log_err(cd, _("Hash area overlaps with FEC area.")); + r = -EINVAL; + goto err; + } + + if (device_is_identical(crypt_data_device(cd), fec_device) && + (cd->u.verity.hdr.data_size * params->data_block_size) > params->fec_area_offset) { + log_err(cd, _("Data area overlaps with FEC area.")); + r = -EINVAL; + goto err; + } + } + + root_hash = malloc(cd->u.verity.root_hash_size); + hash_name = strdup(params->hash_name); + salt = malloc(params->salt_size); + + if (!root_hash || !hash_name || !salt) { + r = -ENOMEM; + goto err; + } cd->u.verity.hdr.flags = params->flags; - if (!(cd->u.verity.hdr.hash_name = strdup(params->hash_name))) - return -ENOMEM; + cd->u.verity.root_hash = root_hash; + cd->u.verity.hdr.hash_name = hash_name; cd->u.verity.hdr.data_device = NULL; + cd->u.verity.fec_device = fec_device; + cd->u.verity.hdr.fec_device = fec_device_path; + cd->u.verity.hdr.fec_roots = params->fec_roots; cd->u.verity.hdr.data_block_size = params->data_block_size; cd->u.verity.hdr.hash_block_size = params->hash_block_size; cd->u.verity.hdr.hash_area_offset = params->hash_area_offset; + cd->u.verity.hdr.fec_area_offset = params->fec_area_offset; cd->u.verity.hdr.hash_type = params->hash_type; cd->u.verity.hdr.flags = params->flags; cd->u.verity.hdr.salt_size = params->salt_size; - if (!(cd->u.verity.hdr.salt = malloc(params->salt_size))) - return -ENOMEM; + cd->u.verity.hdr.salt = salt; if (params->salt) - memcpy(CONST_CAST(char*)cd->u.verity.hdr.salt, params->salt, - params->salt_size); + memcpy(salt, params->salt, params->salt_size); else - r = crypt_random_get(cd, CONST_CAST(char*)cd->u.verity.hdr.salt, - params->salt_size, CRYPT_RND_SALT); + r = crypt_random_get(cd, salt, params->salt_size, CRYPT_RND_SALT); if (r) - return r; + goto err; if (params->flags & CRYPT_VERITY_CREATE_HASH) { r = VERITY_create(cd, &cd->u.verity.hdr, cd->u.verity.root_hash, cd->u.verity.root_hash_size); + if (!r && params->fec_device) + r = VERITY_FEC_process(cd, &cd->u.verity.hdr, cd->u.verity.fec_device, 0, NULL); if (r) - return r; + goto err; } if (!(params->flags & CRYPT_VERITY_NO_HEADER)) { - if (uuid) - cd->u.verity.uuid = strdup(uuid); - else { + if (uuid) { + if (!(cd->u.verity.uuid = strdup(uuid))) + r = -ENOMEM; + } else r = VERITY_UUID_generate(cd, &cd->u.verity.uuid); - if (r) - return r; + + if (!r) + r = VERITY_write_sb(cd, cd->u.verity.hdr.hash_area_offset, + cd->u.verity.uuid, + &cd->u.verity.hdr); + } + +err: + if (r) { + device_free(cd, fec_device); + free(root_hash); + free(hash_name); + free(fec_device_path); + free(salt); + } + + return r; +} + +static int _crypt_format_integrity(struct crypt_device *cd, + const char *uuid, + struct crypt_params_integrity *params) +{ + int r; + uint32_t integrity_tag_size; + char *integrity = NULL, *journal_integrity = NULL, *journal_crypt = NULL; + struct volume_key *journal_crypt_key = NULL, *journal_mac_key = NULL; + + if (!params) + return -EINVAL; + + if (uuid) { + log_err(cd, _("UUID is not supported for this crypt type.")); + return -EINVAL; + } + + r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL); + if (r < 0) + return r; + + /* Wipe first 8 sectors - fs magic numbers etc. */ + r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0, + 8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL); + if (r < 0) { + log_err(cd, _("Cannot wipe header on device %s."), + mdata_device_path(cd)); + return r; + } + + if (!(cd->type = strdup(CRYPT_INTEGRITY))) + return -ENOMEM; + + if (params->journal_crypt_key) { + journal_crypt_key = crypt_alloc_volume_key(params->journal_crypt_key_size, + params->journal_crypt_key); + if (!journal_crypt_key) + return -ENOMEM; + } + + if (params->journal_integrity_key) { + journal_mac_key = crypt_alloc_volume_key(params->journal_integrity_key_size, + params->journal_integrity_key); + if (!journal_mac_key) { + r = -ENOMEM; + goto err; } + } + + if (params->integrity && !(integrity = strdup(params->integrity))) { + r = -ENOMEM; + goto err; + } + if (params->journal_integrity && !(journal_integrity = strdup(params->journal_integrity))) { + r = -ENOMEM; + goto err; + } + if (params->journal_crypt && !(journal_crypt = strdup(params->journal_crypt))) { + r = -ENOMEM; + goto err; + } - r = VERITY_write_sb(cd, cd->u.verity.hdr.hash_area_offset, - cd->u.verity.uuid, - &cd->u.verity.hdr); + integrity_tag_size = INTEGRITY_hash_tag_size(integrity); + if (integrity_tag_size > 0 && params->tag_size && integrity_tag_size != params->tag_size) + log_std(cd, _("WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"), + params->tag_size, integrity, integrity_tag_size); + + if (params->tag_size) + integrity_tag_size = params->tag_size; + + cd->u.integrity.journal_crypt_key = journal_crypt_key; + cd->u.integrity.journal_mac_key = journal_mac_key; + cd->u.integrity.params.journal_size = params->journal_size; + cd->u.integrity.params.journal_watermark = params->journal_watermark; + cd->u.integrity.params.journal_commit_time = params->journal_commit_time; + cd->u.integrity.params.interleave_sectors = params->interleave_sectors; + cd->u.integrity.params.buffer_sectors = params->buffer_sectors; + cd->u.integrity.params.sector_size = params->sector_size; + cd->u.integrity.params.tag_size = integrity_tag_size; + cd->u.integrity.params.integrity = integrity; + cd->u.integrity.params.journal_integrity = journal_integrity; + cd->u.integrity.params.journal_crypt = journal_crypt; + + r = INTEGRITY_format(cd, params, cd->u.integrity.journal_crypt_key, cd->u.integrity.journal_mac_key); + if (r) + log_err(cd, _("Cannot format integrity for device %s."), + mdata_device_path(cd)); +err: + if (r) { + crypt_free_volume_key(journal_crypt_key); + crypt_free_volume_key(journal_mac_key); + free(integrity); + free(journal_integrity); + free(journal_crypt); } + return r; } @@ -1255,15 +2251,15 @@ int crypt_format(struct crypt_device *cd, { int r; - if (!type) + if (!cd || !type) return -EINVAL; if (cd->type) { - log_dbg("Context already formatted as %s.", cd->type); + log_dbg(cd, "Context already formatted as %s.", cd->type); return -EINVAL; } - log_dbg("Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type); + log_dbg(cd, "Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type); crypt_reset_null_type(cd); @@ -1274,15 +2270,20 @@ int crypt_format(struct crypt_device *cd, if (isPLAIN(type)) r = _crypt_format_plain(cd, cipher, cipher_mode, uuid, volume_key_size, params); - else if (isLUKS(type)) + else if (isLUKS1(type)) r = _crypt_format_luks1(cd, cipher, cipher_mode, uuid, volume_key, volume_key_size, params); + else if (isLUKS2(type)) + r = _crypt_format_luks2(cd, cipher, cipher_mode, + uuid, volume_key, volume_key_size, params); else if (isLOOPAES(type)) r = _crypt_format_loopaes(cd, cipher, uuid, volume_key_size, params); else if (isVERITY(type)) r = _crypt_format_verity(cd, uuid, params); + else if (isINTEGRITY(type)) + r = _crypt_format_integrity(cd, uuid, params); else { - log_err(cd, _("Unknown crypt device type %s requested.\n"), type); + log_err(cd, _("Unknown crypt device type %s requested."), type); r = -EINVAL; } @@ -1295,52 +2296,16 @@ int crypt_format(struct crypt_device *cd, return r; } -int crypt_load(struct crypt_device *cd, - const char *requested_type, - void *params) -{ - int r; - - log_dbg("Trying to load %s crypt type from device %s.", - requested_type ?: "any", mdata_device_path(cd) ?: "(none)"); - - if (!crypt_metadata_device(cd)) - return -EINVAL; - - crypt_reset_null_type(cd); - - if (!requested_type || isLUKS(requested_type)) { - if (cd->type && !isLUKS(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); - return -EINVAL; - } - - r = _crypt_load_luks1(cd, 1, 0); - } else if (isVERITY(requested_type)) { - if (cd->type && !isVERITY(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); - return -EINVAL; - } - r = _crypt_load_verity(cd, params); - } else if (isTCRYPT(requested_type)) { - if (cd->type && !isTCRYPT(cd->type)) { - log_dbg("Context is already initialised to type %s", cd->type); - return -EINVAL; - } - r = _crypt_load_tcrypt(cd, params); - } else - return -EINVAL; - - return r; -} - int crypt_repair(struct crypt_device *cd, const char *requested_type, void *params __attribute__((unused))) { int r; - log_dbg("Trying to repair %s crypt type from device %s.", + if (!cd) + return -EINVAL; + + log_dbg(cd, "Trying to repair %s crypt type from device %s.", requested_type ?: "any", mdata_device_path(cd) ?: "(none)"); if (!crypt_metadata_device(cd)) @@ -1349,9 +2314,8 @@ int crypt_repair(struct crypt_device *cd, if (requested_type && !isLUKS(requested_type)) return -EINVAL; - /* Load with repair */ - r = _crypt_load_luks1(cd, 1, 1); + r = _crypt_load_luks(cd, requested_type, 1, 1); if (r < 0) return r; @@ -1363,1367 +2327,3723 @@ int crypt_repair(struct crypt_device *cd, return r; } -int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) +/* compare volume keys */ +static int _compare_volume_keys(struct volume_key *svk, unsigned skeyring_only, struct volume_key *tvk, unsigned tkeyring_only) { - struct crypt_dm_active_device dmd; - int r; + if (!svk && !tvk) + return 0; + else if (!svk || !tvk) + return 1; - /* Device context type must be initialised */ - if (!cd->type) - return -EINVAL; + if (svk->keylength != tvk->keylength) + return 1; - log_dbg("Resizing device %s to %" PRIu64 " sectors.", name, new_size); + if (!skeyring_only && !tkeyring_only) + return memcmp(svk->key, tvk->key, svk->keylength); - r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER | - DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE | - DM_ACTIVE_CRYPT_KEY, &dmd); - if (r < 0) { - log_err(NULL, _("Device %s is not active.\n"), name); + if (svk->key_description && tvk->key_description) + return strcmp(svk->key_description, tvk->key_description); + + return 0; +} + +static int _compare_device_types(struct crypt_device *cd, + const struct crypt_dm_active_device *src, + const struct crypt_dm_active_device *tgt) +{ + if (!tgt->uuid) { + log_dbg(cd, "Missing device uuid in target device."); return -EINVAL; } - if (!dmd.uuid || dmd.target != DM_CRYPT) { - r = -EINVAL; - goto out; + if (isLUKS2(cd->type) && !strncmp("INTEGRITY-", tgt->uuid, strlen("INTEGRITY-"))) { + if (crypt_uuid_cmp(tgt->uuid, src->uuid)) { + log_dbg(cd, "LUKS UUID mismatch."); + return -EINVAL; + } + } else if (isLUKS(cd->type)) { + if (!src->uuid || strncmp(cd->type, tgt->uuid, strlen(cd->type)) || + crypt_uuid_cmp(tgt->uuid, src->uuid)) { + log_dbg(cd, "LUKS UUID mismatch."); + return -EINVAL; + } + } else if (isPLAIN(cd->type) || isLOOPAES(cd->type)) { + if (strncmp(cd->type, tgt->uuid, strlen(cd->type))) { + log_dbg(cd, "Unexpected uuid prefix %s in target device.", tgt->uuid); + return -EINVAL; + } + } else { + log_dbg(cd, "Unsupported device type %s for reload.", cd->type ?: ""); + return -ENOTSUP; } - r = device_block_adjust(cd, dmd.data_device, DEV_OK, - dmd.u.crypt.offset, &new_size, &dmd.flags); - if (r) - goto out; + return 0; +} - if (new_size == dmd.size) { - log_dbg("Device has already requested size %" PRIu64 - " sectors.", dmd.size); - r = 0; - } else { - dmd.size = new_size; - if (isTCRYPT(cd->type)) - r = -ENOTSUP; - else - r = dm_create_device(cd, name, cd->type, &dmd, 1); +static int _compare_crypt_devices(struct crypt_device *cd, + const struct dm_target *src, + const struct dm_target *tgt) +{ + /* for crypt devices keys are mandatory */ + if (!src->u.crypt.vk || !tgt->u.crypt.vk) + return -EINVAL; + + if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) { + log_dbg(cd, "Keys in context and target device do not match."); + return -EINVAL; } -out: - if (dmd.target == DM_CRYPT) { - crypt_free_volume_key(dmd.u.crypt.vk); - free(CONST_CAST(void*)dmd.u.crypt.cipher); + + /* CIPHER checks */ + if (!src->u.crypt.cipher || !tgt->u.crypt.cipher) + return -EINVAL; + if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) { + log_dbg(cd, "Cipher specs do not match."); + return -EINVAL; + } + if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) { + log_dbg(cd, "Integrity parameters do not match."); + return -EINVAL; } - free(CONST_CAST(void*)dmd.data_device); - free(CONST_CAST(void*)dmd.uuid); - return r; + if (src->u.crypt.offset != tgt->u.crypt.offset || + src->u.crypt.sector_size != tgt->u.crypt.sector_size || + src->u.crypt.iv_offset != tgt->u.crypt.iv_offset || + src->u.crypt.tag_size != tgt->u.crypt.tag_size) { + log_dbg(cd, "Integer parameters do not match."); + return -EINVAL; + } + + if (!device_is_identical(src->data_device, tgt->data_device)) { + log_dbg(cd, "Data devices do not match."); + return -EINVAL; + } + + return 0; } -int crypt_set_uuid(struct crypt_device *cd, const char *uuid) +static int _compare_integrity_devices(struct crypt_device *cd, + const struct dm_target *src, + const struct dm_target *tgt) { - if (!isLUKS(cd->type)) { - log_err(cd, _("This operation is not supported for this device type.\n")); - return -EINVAL; + /* + * some parameters may be implicit (and set in dm-integrity ctor) + * + * journal_size + * journal_watermark + * journal_commit_time + * buffer_sectors + * interleave_sectors + */ + + /* check remaining integer values that makes sense */ + if (src->u.integrity.tag_size != tgt->u.integrity.tag_size || + src->u.integrity.offset != tgt->u.integrity.offset || + src->u.integrity.sector_size != tgt->u.integrity.sector_size) { + log_dbg(cd, "Integer parameters do not match."); + return -EINVAL; } - if (uuid && !strncmp(uuid, cd->u.luks1.hdr.uuid, sizeof(cd->u.luks1.hdr.uuid))) { - log_dbg("UUID is the same as requested (%s) for device %s.", - uuid, mdata_device_path(cd)); - return 0; + if (crypt_strcmp(src->u.integrity.integrity, tgt->u.integrity.integrity) || + crypt_strcmp(src->u.integrity.journal_integrity, tgt->u.integrity.journal_integrity) || + crypt_strcmp(src->u.integrity.journal_crypt, tgt->u.integrity.journal_crypt)) { + log_dbg(cd, "Journal parameters do not match."); + return -EINVAL; } - if (uuid) - log_dbg("Requested new UUID change to %s for %s.", uuid, mdata_device_path(cd)); - else - log_dbg("Requested new UUID refresh for %s.", mdata_device_path(cd)); + /* unfortunately dm-integrity doesn't support keyring */ + if (_compare_volume_keys(src->u.integrity.vk, 0, tgt->u.integrity.vk, 0) || + _compare_volume_keys(src->u.integrity.journal_integrity_key, 0, tgt->u.integrity.journal_integrity_key, 0) || + _compare_volume_keys(src->u.integrity.journal_crypt_key, 0, tgt->u.integrity.journal_crypt_key, 0)) { + log_dbg(cd, "Journal keys do not match."); + return -EINVAL; + } - if (!crypt_confirm(cd, _("Do you really want to change UUID of device?"))) - return -EPERM; + /* unsupported underneath dm-crypt with auth. encryption */ + if (src->u.integrity.meta_device || tgt->u.integrity.meta_device) + return -ENOTSUP; + + if (src->size != tgt->size) { + log_dbg(cd, "Device size parameters do not match."); + return -EINVAL; + } - return LUKS_hdr_uuid_set(&cd->u.luks1.hdr, uuid, cd); + if (!device_is_identical(src->data_device, tgt->data_device)) { + log_dbg(cd, "Data devices do not match."); + return -EINVAL; + } + + return 0; } -int crypt_header_backup(struct crypt_device *cd, - const char *requested_type, - const char *backup_file) +int crypt_compare_dm_devices(struct crypt_device *cd, + const struct crypt_dm_active_device *src, + const struct crypt_dm_active_device *tgt) { int r; + const struct dm_target *s, *t; - if ((requested_type && !isLUKS(requested_type)) || !backup_file) - return -EINVAL; - - if (cd->type && !isLUKS(cd->type)) + if (!src || !tgt) return -EINVAL; - r = init_crypto(cd); - if (r < 0) + r = _compare_device_types(cd, src, tgt); + if (r) return r; - log_dbg("Requested header backup of device %s (%s) to " - "file %s.", mdata_device_path(cd), requested_type, backup_file); + s = &src->segment; + t = &tgt->segment; + + while (s || t) { + if (!s || !t) { + log_dbg(cd, "segments count mismatch."); + return -EINVAL; + } + if (s->type != t->type) { + log_dbg(cd, "segment type mismatch."); + r = -EINVAL; + break; + } + + switch (s->type) { + case DM_CRYPT: + r = _compare_crypt_devices(cd, s, t); + break; + case DM_INTEGRITY: + r = _compare_integrity_devices(cd, s, t); + break; + case DM_LINEAR: + r = (s->u.linear.offset == t->u.linear.offset) ? 0 : -EINVAL; + break; + default: + r = -ENOTSUP; + } + + if (r) + break; + + s = s->next; + t = t->next; + } - r = LUKS_hdr_backup(backup_file, cd); return r; } -int crypt_header_restore(struct crypt_device *cd, - const char *requested_type, - const char *backup_file) +static int _reload_device(struct crypt_device *cd, const char *name, + struct crypt_dm_active_device *sdmd) { - struct luks_phdr hdr; int r; + struct crypt_dm_active_device tdmd; + struct dm_target *src, *tgt = &tdmd.segment; - if (requested_type && !isLUKS(requested_type)) + if (!cd || !cd->type || !name || !(sdmd->flags & CRYPT_ACTIVATE_REFRESH)) return -EINVAL; - if (cd->type && !isLUKS(cd->type)) + r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER | + DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE | + DM_ACTIVE_CRYPT_KEY, &tdmd); + if (r < 0) { + log_err(cd, _("Device %s is not active."), name); return -EINVAL; + } - r = init_crypto(cd); - if (r < 0) - return r; + if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || tgt->u.crypt.tag_size) { + r = -ENOTSUP; + log_err(cd, _("Unsupported parameters on device %s."), name); + goto out; + } - log_dbg("Requested header restore to device %s (%s) from " - "file %s.", mdata_device_path(cd), requested_type, backup_file); + r = crypt_compare_dm_devices(cd, sdmd, &tdmd); + if (r) { + log_err(cd, _("Mismatching parameters on device %s."), name); + goto out; + } - r = LUKS_hdr_restore(backup_file, isLUKS(cd->type) ? &cd->u.luks1.hdr : &hdr, cd); + src = &sdmd->segment; - crypt_memzero(&hdr, sizeof(hdr)); - return r; -} + /* Changing read only flag for active device makes no sense */ + if (tdmd.flags & CRYPT_ACTIVATE_READONLY) + sdmd->flags |= CRYPT_ACTIVATE_READONLY; + else + sdmd->flags &= ~CRYPT_ACTIVATE_READONLY; -void crypt_free(struct crypt_device *cd) -{ - if (cd) { - log_dbg("Releasing crypt device %s context.", mdata_device_path(cd)); + if (sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) { + r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description); + if (r) + goto out; + } else { + crypt_free_volume_key(tgt->u.crypt.vk); + tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key); + if (!tgt->u.crypt.vk) { + r = -ENOMEM; + goto out; + } + } - dm_backend_exit(); - crypt_free_volume_key(cd->volume_key); + r = device_block_adjust(cd, src->data_device, DEV_OK, + src->u.crypt.offset, &sdmd->size, NULL); + if (r) + goto out; - device_free(cd->device); - device_free(cd->metadata_device); - - if (isPLAIN(cd->type)) { - free(CONST_CAST(void*)cd->u.plain.hdr.hash); - free(cd->u.plain.cipher); - free(cd->u.plain.cipher_mode); - } else if (isLOOPAES(cd->type)) { - free(CONST_CAST(void*)cd->u.loopaes.hdr.hash); - free(cd->u.loopaes.cipher); - } else if (isVERITY(cd->type)) { - free(CONST_CAST(void*)cd->u.verity.hdr.hash_name); - free(CONST_CAST(void*)cd->u.verity.hdr.salt); - free(cd->u.verity.root_hash); - free(cd->u.verity.uuid); - } else if (!cd->type) { - free(cd->u.none.active_name); - } + tdmd.flags = sdmd->flags; + tgt->size = tdmd.size = sdmd->size; - free(cd->type); - /* Some structures can contain keys (TCRYPT), wipe it */ - crypt_memzero(cd, sizeof(*cd)); - free(cd); - } + r = dm_reload_device(cd, name, &tdmd, 0, 1); +out: + dm_targets_free(cd, &tdmd); + free(CONST_CAST(void*)tdmd.uuid); + + return r; } -int crypt_suspend(struct crypt_device *cd, - const char *name) +static int _reload_device_with_integrity(struct crypt_device *cd, + const char *name, + const char *iname, + const char *ipath, + struct crypt_dm_active_device *sdmd, + struct crypt_dm_active_device *sdmdi) { - crypt_status_info ci; int r; + struct crypt_dm_active_device tdmd, tdmdi = {}; + struct dm_target *src, *srci, *tgt = &tdmd.segment, *tgti = &tdmdi.segment; + struct device *data_device = NULL; - log_dbg("Suspending volume %s.", name); + if (!cd || !cd->type || !name || !iname || !(sdmd->flags & CRYPT_ACTIVATE_REFRESH)) + return -EINVAL; - if (cd->type) { - r = onlyLUKS(cd); - } else { - r = crypt_uuid_type_cmp(cd, CRYPT_LUKS1); - if (r < 0) - log_err(cd, _("This operation is supported only for LUKS device.\n")); + r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER | + DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE | + DM_ACTIVE_CRYPT_KEY, &tdmd); + if (r < 0) { + log_err(cd, _("Device %s is not active."), name); + return -EINVAL; } - if (r < 0) - return r; + if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || !tgt->u.crypt.tag_size) { + r = -ENOTSUP; + log_err(cd, _("Unsupported parameters on device %s."), name); + goto out; + } - ci = crypt_status(NULL, name); - if (ci < CRYPT_ACTIVE) { - log_err(cd, _("Volume %s is not active.\n"), name); - return -EINVAL; + r = dm_query_device(cd, iname, DM_ACTIVE_DEVICE | DM_ACTIVE_UUID, &tdmdi); + if (r < 0) { + log_err(cd, _("Device %s is not active."), iname); + r = -EINVAL; + goto out; } - dm_backend_init(); + if (!single_segment(&tdmdi) || tgti->type != DM_INTEGRITY) { + r = -ENOTSUP; + log_err(cd, _("Unsupported parameters on device %s."), iname); + goto out; + } - r = dm_status_suspended(cd, name); + r = crypt_compare_dm_devices(cd, sdmdi, &tdmdi); + if (r) { + log_err(cd, _("Mismatching parameters on device %s."), iname); + goto out; + } + + src = &sdmd->segment; + srci = &sdmdi->segment; + + r = device_alloc(cd, &data_device, ipath); if (r < 0) goto out; + r = device_block_adjust(cd, srci->data_device, DEV_OK, + srci->u.integrity.offset, &sdmdi->size, NULL); + if (r) + goto out; + + src->data_device = data_device; + + r = crypt_compare_dm_devices(cd, sdmd, &tdmd); if (r) { - log_err(cd, _("Volume %s is already suspended.\n"), name); - r = -EINVAL; + log_err(cd, _("Crypt devices mismatch.")); goto out; } - r = dm_suspend_and_wipe_key(cd, name); - if (r == -ENOTSUP) - log_err(cd, _("Suspend is not supported for device %s.\n"), name); - else if (r) - log_err(cd, _("Error during suspending device %s.\n"), name); -out: - dm_backend_exit(); - return r; -} + /* Changing read only flag for active device makes no sense */ + if (tdmd.flags & CRYPT_ACTIVATE_READONLY) + sdmd->flags |= CRYPT_ACTIVATE_READONLY; + else + sdmd->flags &= ~CRYPT_ACTIVATE_READONLY; -int crypt_resume_by_passphrase(struct crypt_device *cd, - const char *name, - int keyslot, - const char *passphrase, - size_t passphrase_size) -{ - struct volume_key *vk = NULL; - int r; + if (tdmdi.flags & CRYPT_ACTIVATE_READONLY) + sdmdi->flags |= CRYPT_ACTIVATE_READONLY; + else + sdmdi->flags &= ~CRYPT_ACTIVATE_READONLY; - log_dbg("Resuming volume %s.", name); + if (sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) { + r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description); + if (r) + goto out; + } else { + crypt_free_volume_key(tgt->u.crypt.vk); + tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key); + if (!tgt->u.crypt.vk) { + r = -ENOMEM; + goto out; + } + } - r = onlyLUKS(cd); - if (r < 0) - return r; + r = device_block_adjust(cd, src->data_device, DEV_OK, + src->u.crypt.offset, &sdmd->size, NULL); + if (r) + goto out; - r = dm_status_suspended(cd, name); - if (r < 0) - return r; + tdmd.flags = sdmd->flags; + tdmd.size = sdmd->size; - if (!r) { - log_err(cd, _("Volume %s is not suspended.\n"), name); - return -EINVAL; + if ((r = dm_reload_device(cd, iname, sdmdi, 0, 0))) { + log_err(cd, _("Failed to reload device %s."), iname); + goto out; } - if (passphrase) { - r = LUKS_open_key_with_hdr(keyslot, passphrase, passphrase_size, - &cd->u.luks1.hdr, &vk, cd); - } else - r = volume_key_by_terminal_passphrase(cd, keyslot, &vk); + if ((r = dm_reload_device(cd, name, &tdmd, 0, 0))) { + log_err(cd, _("Failed to reload device %s."), name); + goto err_clear; + } - if (r >= 0) { - keyslot = r; - r = dm_resume_and_reinstate_key(cd, name, vk->keylength, vk->key); - if (r == -ENOTSUP) - log_err(cd, _("Resume is not supported for device %s.\n"), name); - else if (r) - log_err(cd, _("Error during resuming device %s.\n"), name); - } else - r = keyslot; + if ((r = dm_suspend_device(cd, name, 0))) { + log_err(cd, _("Failed to suspend device %s."), name); + goto err_clear; + } - crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; + if ((r = dm_suspend_device(cd, iname, 0))) { + log_err(cd, _("Failed to suspend device %s."), iname); + goto err_clear; + } + + if ((r = dm_resume_device(cd, iname, act2dmflags(sdmdi->flags)))) { + log_err(cd, _("Failed to resume device %s."), iname); + goto err_clear; + } + + r = dm_resume_device(cd, name, act2dmflags(tdmd.flags)); + if (!r) + goto out; + + /* + * This is worst case scenario. We have active underlying dm-integrity device with + * new table but dm-crypt resume failed for some reason. Tear everything down and + * burn it for good. + */ + + log_err(cd, _("Fatal error while reloading device %s (on top of device %s)."), name, iname); + + if (dm_error_device(cd, name)) + log_err(cd, _("Failed to switch device %s to dm-error."), name); + if (dm_error_device(cd, iname)) + log_err(cd, _("Failed to switch device %s to dm-error."), iname); + goto out; + +err_clear: + dm_clear_device(cd, name); + dm_clear_device(cd, iname); + + if (dm_status_suspended(cd, name) > 0) + dm_resume_device(cd, name, 0); + if (dm_status_suspended(cd, iname) > 0) + dm_resume_device(cd, iname, 0); +out: + dm_targets_free(cd, &tdmd); + dm_targets_free(cd, &tdmdi); + free(CONST_CAST(void*)tdmdi.uuid); + free(CONST_CAST(void*)tdmd.uuid); + device_free(cd, data_device); + + return r; } -int crypt_resume_by_keyfile_offset(struct crypt_device *cd, - const char *name, - int keyslot, - const char *keyfile, - size_t keyfile_size, - size_t keyfile_offset) +int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size) { - struct volume_key *vk = NULL; - char *passphrase_read = NULL; - size_t passphrase_size_read; + struct crypt_dm_active_device dmdq, dmd = {}; + struct dm_target *tgt = &dmdq.segment; int r; - log_dbg("Resuming volume %s.", name); + /* + * FIXME: Also with LUKS2 we must not allow resize when there's + * explicit size stored in metadata (length != "dynamic") + */ - r = onlyLUKS(cd); - if (r < 0) - return r; + /* Device context type must be initialized */ + if (!cd || !cd->type || !name) + return -EINVAL; - r = dm_status_suspended(cd, name); - if (r < 0) - return r; + log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size); - if (!r) { - log_err(cd, _("Volume %s is not suspended.\n"), name); + r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY, &dmdq); + if (r < 0) { + log_err(cd, _("Device %s is not active."), name); return -EINVAL; } - - if (!keyfile) - return -EINVAL; - - r = key_from_file(cd, _("Enter passphrase: "), &passphrase_read, - &passphrase_size_read, keyfile, keyfile_offset, - keyfile_size); - if (r < 0) + if (!single_segment(&dmdq) || tgt->type != DM_CRYPT) { + log_dbg(cd, "Unsupported device table detected in %s.", name); + r = -EINVAL; goto out; + } - r = LUKS_open_key_with_hdr(keyslot, passphrase_read, - passphrase_size_read, &cd->u.luks1.hdr, &vk, cd); - if (r < 0) + if ((dmdq.flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_key_in_keyring(cd)) { + r = -EPERM; goto out; + } - keyslot = r; - r = dm_resume_and_reinstate_key(cd, name, vk->keylength, vk->key); - if (r) - log_err(cd, _("Error during resuming device %s.\n"), name); -out: - crypt_safe_free(passphrase_read); - crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; -} - -int crypt_resume_by_keyfile(struct crypt_device *cd, - const char *name, - int keyslot, - const char *keyfile, - size_t keyfile_size) -{ - return crypt_resume_by_keyfile_offset(cd, name, keyslot, - keyfile, keyfile_size, 0); -} - -// slot manipulation -int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, - int keyslot, // -1 any - const char *passphrase, // NULL -> terminal - size_t passphrase_size, - const char *new_passphrase, // NULL -> terminal - size_t new_passphrase_size) -{ - struct volume_key *vk = NULL; - char *password = NULL, *new_password = NULL; - size_t passwordLen, new_passwordLen; - int r; + if (crypt_key_in_keyring(cd)) { + if (!isLUKS2(cd->type)) { + r = -EINVAL; + goto out; + } + r = LUKS2_key_description_by_segment(cd, &cd->u.luks2.hdr, + tgt->u.crypt.vk, CRYPT_DEFAULT_SEGMENT); + if (r) + goto out; - log_dbg("Adding new keyslot, existing passphrase %sprovided," - "new passphrase %sprovided.", - passphrase ? "" : "not ", new_passphrase ? "" : "not "); + dmdq.flags |= CRYPT_ACTIVATE_KEYRING_KEY; + } - r = onlyLUKS(cd); - if (r < 0) - return r; + if (crypt_loop_device(crypt_get_device_name(cd))) { + log_dbg(cd, "Trying to resize underlying loop device %s.", + crypt_get_device_name(cd)); + /* Here we always use default size not new_size */ + if (crypt_loop_resize(crypt_get_device_name(cd))) + log_err(cd, _("Cannot resize loop device.")); + } - r = keyslot_verify_or_find_empty(cd, &keyslot); + r = device_block_adjust(cd, crypt_data_device(cd), DEV_OK, + crypt_get_data_offset(cd), &new_size, &dmdq.flags); if (r) - return r; - - if (!LUKS_keyslot_active_count(&cd->u.luks1.hdr)) { - /* No slots used, try to use pre-generated key in header */ - if (cd->volume_key) { - vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); - r = vk ? 0 : -ENOMEM; - } else { - log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.\n")); - return -EINVAL; - } - } else if (passphrase) { - /* Passphrase provided, use it to unlock existing keyslot */ - r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, passphrase, - passphrase_size, &cd->u.luks1.hdr, &vk, cd); - } else { - /* Passphrase not provided, ask first and use it to unlock existing keyslot */ - r = key_from_terminal(cd, _("Enter any passphrase: "), - &password, &passwordLen, 0); - if (r < 0) - goto out; + goto out; - r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, password, - passwordLen, &cd->u.luks1.hdr, &vk, cd); - crypt_safe_free(password); + if (MISALIGNED(new_size, tgt->u.crypt.sector_size >> SECTOR_SHIFT)) { + log_err(cd, _("Device size is not aligned to requested sector size.")); + r = -EINVAL; + goto out; } - if(r < 0) + if (MISALIGNED(new_size, device_block_size(cd, crypt_data_device(cd)) >> SECTOR_SHIFT)) { + log_err(cd, _("Device size is not aligned to device logical block size.")); + r = -EINVAL; goto out; - - if (new_passphrase) { - new_password = CONST_CAST(char*)new_passphrase; - new_passwordLen = new_passphrase_size; - } else { - r = key_from_terminal(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, 1); - if(r < 0) - goto out; } - r = LUKS_set_key(keyslot, new_password, new_passwordLen, - &cd->u.luks1.hdr, vk, cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, cd); - if(r < 0) + dmd.uuid = crypt_get_uuid(cd); + dmd.size = new_size; + dmd.flags = dmdq.flags | CRYPT_ACTIVATE_REFRESH; + r = dm_crypt_target_set(&dmd.segment, 0, new_size, crypt_data_device(cd), + tgt->u.crypt.vk, crypt_get_cipher_spec(cd), + crypt_get_iv_offset(cd), crypt_get_data_offset(cd), + crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd), + crypt_get_sector_size(cd)); + if (r < 0) goto out; - r = 0; + if (new_size == dmdq.size) { + log_dbg(cd, "Device has already requested size %" PRIu64 + " sectors.", dmdq.size); + r = 0; + } else { + if (isTCRYPT(cd->type)) + r = -ENOTSUP; + else if (isLUKS2(cd->type)) + r = LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0, 0); + if (!r) + r = _reload_device(cd, name, &dmd); + } out: - if (!new_passphrase) - crypt_safe_free(new_password); - crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; + dm_targets_free(cd, &dmd); + dm_targets_free(cd, &dmdq); + + return r; } -int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, - int keyslot_old, - int keyslot_new, - const char *passphrase, - size_t passphrase_size, - const char *new_passphrase, - size_t new_passphrase_size) +int crypt_set_uuid(struct crypt_device *cd, const char *uuid) { - struct volume_key *vk = NULL; + const char *active_uuid; int r; - log_dbg("Changing passphrase from old keyslot %d to new %d.", - keyslot_old, keyslot_new); + log_dbg(cd, "%s device uuid.", uuid ? "Setting new" : "Refreshing"); - r = onlyLUKS(cd); - if (r < 0) + if ((r = onlyLUKS(cd))) return r; - r = LUKS_open_key_with_hdr(keyslot_old, passphrase, passphrase_size, - &cd->u.luks1.hdr, &vk, cd); - if (r < 0) - goto out; - - if (keyslot_old != CRYPT_ANY_SLOT && keyslot_old != r) { - log_dbg("Keyslot mismatch."); - goto out; - } - keyslot_old = r; + active_uuid = crypt_get_uuid(cd); - if (keyslot_new == CRYPT_ANY_SLOT) { - keyslot_new = LUKS_keyslot_find_empty(&cd->u.luks1.hdr); - if (keyslot_new < 0) - keyslot_new = keyslot_old; + if (uuid && active_uuid && !strncmp(uuid, active_uuid, UUID_STRING_L)) { + log_dbg(cd, "UUID is the same as requested (%s) for device %s.", + uuid, mdata_device_path(cd)); + return 0; } - if (keyslot_old == keyslot_new) { - log_dbg("Key slot %d is going to be overwritten.", keyslot_old); - (void)crypt_keyslot_destroy(cd, keyslot_old); - } + if (uuid) + log_dbg(cd, "Requested new UUID change to %s for %s.", uuid, mdata_device_path(cd)); + else + log_dbg(cd, "Requested new UUID refresh for %s.", mdata_device_path(cd)); - r = LUKS_set_key(keyslot_new, new_passphrase, new_passphrase_size, - &cd->u.luks1.hdr, vk, cd->iteration_time, - &cd->u.luks1.PBKDF2_per_sec, cd); + if (!crypt_confirm(cd, _("Do you really want to change UUID of device?"))) + return -EPERM; - if (keyslot_old == keyslot_new) { - if (r >= 0) - log_verbose(cd, _("Key slot %d changed.\n"), keyslot_new); - } else { - if (r >= 0) { - log_verbose(cd, _("Replaced with key slot %d.\n"), keyslot_new); - r = crypt_keyslot_destroy(cd, keyslot_old); - } - } - if (r < 0) - log_err(cd, _("Failed to swap new key slot.\n")); -out: - crypt_free_volume_key(vk); - return r < 0 ? r : keyslot_new; + if (isLUKS1(cd->type)) + return LUKS_hdr_uuid_set(&cd->u.luks1.hdr, uuid, cd); + else + return LUKS2_hdr_uuid(cd, &cd->u.luks2.hdr, uuid); } -int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd, - int keyslot, - const char *keyfile, - size_t keyfile_size, - size_t keyfile_offset, - const char *new_keyfile, - size_t new_keyfile_size, - size_t new_keyfile_offset) +int crypt_set_label(struct crypt_device *cd, const char *label, const char *subsystem) { - struct volume_key *vk = NULL; - char *password = NULL; size_t passwordLen; - char *new_password = NULL; size_t new_passwordLen; int r; - log_dbg("Adding new keyslot, existing keyfile %s, new keyfile %s.", - keyfile ?: "[none]", new_keyfile ?: "[none]"); + log_dbg(cd, "Setting new labels."); - r = onlyLUKS(cd); - if (r < 0) + if ((r = onlyLUKS2(cd))) return r; - r = keyslot_verify_or_find_empty(cd, &keyslot); - if (r) - return r; + return LUKS2_hdr_labels(cd, &cd->u.luks2.hdr, label, subsystem, 1); +} - if (!LUKS_keyslot_active_count(&cd->u.luks1.hdr)) { - /* No slots used, try to use pre-generated key in header */ - if (cd->volume_key) { - vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); - r = vk ? 0 : -ENOMEM; - } else { - log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.\n")); - return -EINVAL; - } - } else { - /* Read password from file of (if NULL) from terminal */ - if (keyfile) - r = key_from_file(cd, _("Enter any passphrase: "), - &password, &passwordLen, - keyfile, keyfile_offset, keyfile_size); - else - r = key_from_terminal(cd, _("Enter any passphrase: "), - &password, &passwordLen, 0); - if (r < 0) - goto out; +int crypt_header_backup(struct crypt_device *cd, + const char *requested_type, + const char *backup_file) +{ + int r; - r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, password, passwordLen, - &cd->u.luks1.hdr, &vk, cd); - } + if (requested_type && !isLUKS(requested_type)) + return -EINVAL; - if(r < 0) - goto out; + if (!backup_file) + return -EINVAL; - if (new_keyfile) - r = key_from_file(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, new_keyfile, - new_keyfile_offset, new_keyfile_size); - else - r = key_from_terminal(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, 1); + /* Load with repair */ + r = _crypt_load_luks(cd, requested_type, 1, 0); if (r < 0) - goto out; + return r; - r = LUKS_set_key(keyslot, new_password, new_passwordLen, - &cd->u.luks1.hdr, vk, cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, cd); -out: - crypt_safe_free(password); - crypt_safe_free(new_password); - crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; -} + log_dbg(cd, "Requested header backup of device %s (%s) to " + "file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file); -int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, - int keyslot, - const char *keyfile, - size_t keyfile_size, - const char *new_keyfile, - size_t new_keyfile_size) -{ - return crypt_keyslot_add_by_keyfile_offset(cd, keyslot, - keyfile, keyfile_size, 0, - new_keyfile, new_keyfile_size, 0); + if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type))) + r = LUKS_hdr_backup(backup_file, cd); + else if (isLUKS2(cd->type) && (!requested_type || isLUKS2(requested_type))) + r = LUKS2_hdr_backup(cd, &cd->u.luks2.hdr, backup_file); + else + r = -EINVAL; + + return r; } -int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, - int keyslot, - const char *volume_key, - size_t volume_key_size, - const char *passphrase, - size_t passphrase_size) +int crypt_header_restore(struct crypt_device *cd, + const char *requested_type, + const char *backup_file) { - struct volume_key *vk = NULL; - int r; - char *new_password = NULL; size_t new_passwordLen; + struct luks_phdr hdr1; + struct luks2_hdr hdr2; + int r, version; + + if (requested_type && !isLUKS(requested_type)) + return -EINVAL; - log_dbg("Adding new keyslot %d using volume key.", keyslot); + if (!cd || (cd->type && !isLUKS(cd->type)) || !backup_file) + return -EINVAL; - r = onlyLUKS(cd); + r = init_crypto(cd); if (r < 0) return r; - if (volume_key) - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - else if (cd->volume_key) - vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + log_dbg(cd, "Requested header restore to device %s (%s) from " + "file %s.", mdata_device_path(cd), requested_type ?: "any type", backup_file); - if (!vk) - return -ENOMEM; - - r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); - if (r < 0) { - log_err(cd, _("Volume key does not match the volume.\n")); - goto out; + version = LUKS2_hdr_version_unlocked(cd, backup_file); + if (!version || + (requested_type && version == 1 && !isLUKS1(requested_type)) || + (requested_type && version == 2 && !isLUKS2(requested_type))) { + log_err(cd, _("Header backup file does not contain compatible LUKS header.")); + return -EINVAL; } - r = keyslot_verify_or_find_empty(cd, &keyslot); - if (r) - goto out; + memset(&hdr2, 0, sizeof(hdr2)); - if (!passphrase) { - r = key_from_terminal(cd, _("Enter new passphrase for key slot: "), - &new_password, &new_passwordLen, 1); - if (r < 0) - goto out; - passphrase = new_password; - passphrase_size = new_passwordLen; - } + if (!cd->type) { + if (version == 1) + r = LUKS_hdr_restore(backup_file, &hdr1, cd); + else + r = LUKS2_hdr_restore(cd, &hdr2, backup_file); - r = LUKS_set_key(keyslot, passphrase, passphrase_size, - &cd->u.luks1.hdr, vk, cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, cd); -out: - crypt_safe_free(new_password); - crypt_free_volume_key(vk); - return (r < 0) ? r : keyslot; + crypt_safe_memzero(&hdr1, sizeof(hdr1)); + crypt_safe_memzero(&hdr2, sizeof(hdr2)); + } else if (isLUKS2(cd->type) && (!requested_type || isLUKS2(requested_type))) { + r = LUKS2_hdr_restore(cd, &cd->u.luks2.hdr, backup_file); + if (r) + _luks2_reload(cd); + } else if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type))) + r = LUKS_hdr_restore(backup_file, &cd->u.luks1.hdr, cd); + else + r = -EINVAL; + + if (!r) + r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, 1, 1); + + return r; } -int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) +void crypt_free(struct crypt_device *cd) { - crypt_keyslot_info ki; - int r; + if (!cd) + return; - log_dbg("Destroying keyslot %d.", keyslot); + log_dbg(cd, "Releasing crypt device %s context.", mdata_device_path(cd)); - r = onlyLUKS(cd); - if (r < 0) - return r; + dm_backend_exit(cd); + crypt_free_volume_key(cd->volume_key); - ki = crypt_keyslot_status(cd, keyslot); - if (ki == CRYPT_SLOT_INVALID) { - log_err(cd, _("Key slot %d is invalid.\n"), keyslot); - return -EINVAL; - } + crypt_free_type(cd); - if (ki == CRYPT_SLOT_INACTIVE) { - log_err(cd, _("Key slot %d is not used.\n"), keyslot); - return -EINVAL; - } + device_free(cd, cd->device); + device_free(cd, cd->metadata_device); + + free(CONST_CAST(void*)cd->pbkdf.type); + free(CONST_CAST(void*)cd->pbkdf.hash); - return LUKS_del_key(keyslot, &cd->u.luks1.hdr, cd); + /* Some structures can contain keys (TCRYPT), wipe it */ + crypt_safe_memzero(cd, sizeof(*cd)); + free(cd); } -// activation/deactivation of device mapping -int crypt_activate_by_passphrase(struct crypt_device *cd, - const char *name, - int keyslot, - const char *passphrase, - size_t passphrase_size, - uint32_t flags) +static char *crypt_get_device_key_description(struct crypt_device *cd, const char *name) +{ + char *desc = NULL; + struct crypt_dm_active_device dmd; + struct dm_target *tgt = &dmd.segment; + + if (dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_CRYPT_KEYSIZE, &dmd) < 0) + return NULL; + + if (single_segment(&dmd) && tgt->type == DM_CRYPT && + (dmd.flags & CRYPT_ACTIVATE_KEYRING_KEY) && tgt->u.crypt.vk->key_description) + desc = strdup(tgt->u.crypt.vk->key_description); + + dm_targets_free(cd, &dmd); + + return desc; +} + +int crypt_suspend(struct crypt_device *cd, + const char *name) { + char *key_desc; crypt_status_info ci; - struct volume_key *vk = NULL; - char *read_passphrase = NULL; - size_t passphraseLen = 0; int r; + uint32_t dmflags = DM_SUSPEND_WIPE_KEY; - log_dbg("%s volume %s [keyslot %d] using %spassphrase.", - name ? "Activating" : "Checking", name ?: "", - keyslot, passphrase ? "" : "[none] "); + /* FIXME: check context uuid matches the dm-crypt device uuid (onlyLUKS branching) */ - if (name) { - ci = crypt_status(NULL, name); - if (ci == CRYPT_INVALID) - return -EINVAL; - else if (ci >= CRYPT_ACTIVE) { - log_err(cd, _("Device %s already exists.\n"), name); - return -EEXIST; - } - } + if (!cd || !name) + return -EINVAL; - /* plain, use hashed passphrase */ - if (isPLAIN(cd->type)) { - if (!name) - return -EINVAL; + log_dbg(cd, "Suspending volume %s.", name); - if (!passphrase) { - r = key_from_terminal(cd, NULL, &read_passphrase, - &passphraseLen, 0); - if (r < 0) - goto out; - passphrase = read_passphrase; - passphrase_size = passphraseLen; - } + if (cd->type) + r = onlyLUKS(cd); + else { + r = crypt_uuid_type_cmp(cd, CRYPT_LUKS1); + if (r < 0) + r = crypt_uuid_type_cmp(cd, CRYPT_LUKS2); + if (r < 0) + log_err(cd, _("This operation is supported only for LUKS device.")); + } - r = process_key(cd, cd->u.plain.hdr.hash, - cd->u.plain.key_size, - passphrase, passphrase_size, &vk); + if (r < 0) + return r; + + ci = crypt_status(NULL, name); + if (ci < CRYPT_ACTIVE) { + log_err(cd, _("Volume %s is not active."), name); + return -EINVAL; + } + + dm_backend_init(cd); + + r = dm_status_suspended(cd, name); + if (r < 0) + goto out; + + if (r) { + log_err(cd, _("Volume %s is already suspended."), name); + r = -EINVAL; + goto out; + } + + key_desc = crypt_get_device_key_description(cd, name); + + /* we can't simply wipe wrapped keys */ + if (crypt_cipher_wrapped_key(crypt_get_cipher(cd), crypt_get_cipher_mode(cd))) + dmflags &= ~DM_SUSPEND_WIPE_KEY; + + r = dm_suspend_device(cd, name, dmflags); + if (r == -ENOTSUP) + log_err(cd, _("Suspend is not supported for device %s."), name); + else if (r) + log_err(cd, _("Error during suspending device %s."), name); + else + crypt_drop_keyring_key_by_description(cd, key_desc, LOGON_KEY); + free(key_desc); +out: + dm_backend_exit(cd); + return r; +} + +int crypt_resume_by_passphrase(struct crypt_device *cd, + const char *name, + int keyslot, + const char *passphrase, + size_t passphrase_size) +{ + struct volume_key *vk = NULL; + int r; + + /* FIXME: check context uuid matches the dm-crypt device uuid */ + + if (!passphrase || !name) + return -EINVAL; + + log_dbg(cd, "Resuming volume %s.", name); + + if ((r = onlyLUKS(cd))) + return r; + + r = dm_status_suspended(cd, name); + if (r < 0) + return r; + + if (!r) { + log_err(cd, _("Volume %s is not suspended."), name); + return -EINVAL; + } + + if (isLUKS1(cd->type)) + r = LUKS_open_key_with_hdr(keyslot, passphrase, passphrase_size, + &cd->u.luks1.hdr, &vk, cd); + else + r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, passphrase, passphrase_size, &vk); + + if (r < 0) + goto out; + + keyslot = r; + + if (crypt_use_keyring_for_vk(cd)) { + if (!isLUKS2(cd->type)) { + r = -EINVAL; + goto out; + } + r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, + &cd->u.luks2.hdr, vk, keyslot); if (r < 0) goto out; + } - r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags); - keyslot = 0; - } else if (isLUKS(cd->type)) { - /* provided passphrase, do not retry */ - if (passphrase) { - r = LUKS_open_key_with_hdr(keyslot, passphrase, - passphrase_size, &cd->u.luks1.hdr, &vk, cd); - } else - r = volume_key_by_terminal_passphrase(cd, keyslot, &vk); + r = dm_resume_and_reinstate_key(cd, name, vk); - if (r >= 0) { - keyslot = r; - if (name) - r = LUKS1_activate(cd, name, vk, flags); - } - } else - r = -EINVAL; + if (r == -ENOTSUP) + log_err(cd, _("Resume is not supported for device %s."), name); + else if (r) + log_err(cd, _("Error during resuming device %s."), name); out: - crypt_safe_free(read_passphrase); + if (r < 0) + crypt_drop_keyring_key(cd, vk); crypt_free_volume_key(vk); - return r < 0 ? r : keyslot; + return r < 0 ? r : keyslot; } -int crypt_activate_by_keyfile_offset(struct crypt_device *cd, - const char *name, - int keyslot, - const char *keyfile, - size_t keyfile_size, - size_t keyfile_offset, - uint32_t flags) +int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset) { - crypt_status_info ci; struct volume_key *vk = NULL; char *passphrase_read = NULL; size_t passphrase_size_read; - unsigned int key_count = 0; int r; - log_dbg("Activating volume %s [keyslot %d] using keyfile %s.", - name ?: "", keyslot, keyfile ?: "[none]"); - - if (name) { - ci = crypt_status(NULL, name); - if (ci == CRYPT_INVALID) - return -EINVAL; - else if (ci >= CRYPT_ACTIVE) { - log_err(cd, _("Device %s already exists.\n"), name); - return -EEXIST; - } - } + /* FIXME: check context uuid matches the dm-crypt device uuid */ - if (!keyfile) + if (!name || !keyfile) return -EINVAL; - if (isPLAIN(cd->type)) { - if (!name) - return -EINVAL; + log_dbg(cd, "Resuming volume %s.", name); - r = key_from_file(cd, _("Enter passphrase: "), - &passphrase_read, &passphrase_size_read, - keyfile, keyfile_offset, keyfile_size); - if (r < 0) - goto out; + if ((r = onlyLUKS(cd))) + return r; - r = process_key(cd, cd->u.plain.hdr.hash, - cd->u.plain.key_size, - passphrase_read, passphrase_size_read, &vk); - if (r < 0) - goto out; + r = dm_status_suspended(cd, name); + if (r < 0) + return r; - r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags); - } else if (isLUKS(cd->type)) { - r = key_from_file(cd, _("Enter passphrase: "), &passphrase_read, - &passphrase_size_read, keyfile, keyfile_offset, keyfile_size); - if (r < 0) - goto out; - r = LUKS_open_key_with_hdr(keyslot, passphrase_read, - passphrase_size_read, &cd->u.luks1.hdr, &vk, cd); - if (r < 0) - goto out; - keyslot = r; + if (!r) { + log_err(cd, _("Volume %s is not suspended."), name); + return -EINVAL; + } - if (name) { - r = LUKS1_activate(cd, name, vk, flags); - if (r < 0) - goto out; - } - r = keyslot; - } else if (isLOOPAES(cd->type)) { - r = key_from_file(cd, NULL, &passphrase_read, &passphrase_size_read, - keyfile, keyfile_offset, keyfile_size); - if (r < 0) + r = crypt_keyfile_device_read(cd, keyfile, + &passphrase_read, &passphrase_size_read, + keyfile_offset, keyfile_size, 0); + if (r < 0) + goto out; + + if (isLUKS1(cd->type)) + r = LUKS_open_key_with_hdr(keyslot, passphrase_read, passphrase_size_read, + &cd->u.luks1.hdr, &vk, cd); + else + r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, passphrase_read, passphrase_size_read, &vk); + if (r < 0) + goto out; + keyslot = r; + + if (crypt_use_keyring_for_vk(cd)) { + if (!isLUKS2(cd->type)) { + r = -EINVAL; goto out; - r = LOOPAES_parse_keyfile(cd, &vk, cd->u.loopaes.hdr.hash, &key_count, - passphrase_read, passphrase_size_read); + } + r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, + &cd->u.luks2.hdr, vk, keyslot); if (r < 0) goto out; - if (name) - r = LOOPAES_activate(cd, name, cd->u.loopaes.cipher, - key_count, vk, flags); - } else - r = -EINVAL; + } + r = dm_resume_and_reinstate_key(cd, name, vk); + if (r < 0) + log_err(cd, _("Error during resuming device %s."), name); out: crypt_safe_free(passphrase_read); + if (r < 0) + crypt_drop_keyring_key(cd, vk); crypt_free_volume_key(vk); + return r < 0 ? r : keyslot; +} - return r; +int crypt_resume_by_keyfile(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size) +{ + return crypt_resume_by_keyfile_device_offset(cd, name, keyslot, + keyfile, keyfile_size, 0); } -int crypt_activate_by_keyfile(struct crypt_device *cd, - const char *name, - int keyslot, - const char *keyfile, - size_t keyfile_size, - uint32_t flags) +int crypt_resume_by_keyfile_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + size_t keyfile_offset) { - return crypt_activate_by_keyfile_offset(cd, name, keyslot, keyfile, - keyfile_size, 0, flags); + return crypt_resume_by_keyfile_device_offset(cd, name, keyslot, + keyfile, keyfile_size, keyfile_offset); } -int crypt_activate_by_volume_key(struct crypt_device *cd, +int crypt_resume_by_volume_key(struct crypt_device *cd, const char *name, const char *volume_key, - size_t volume_key_size, - uint32_t flags) + size_t volume_key_size) { - crypt_status_info ci; struct volume_key *vk = NULL; - int r = -EINVAL; + int r; - log_dbg("Activating volume %s by volume key.", name ?: "[none]"); + if (!name || !volume_key) + return -EINVAL; - if (name) { - ci = crypt_status(NULL, name); - if (ci == CRYPT_INVALID) - return -EINVAL; - else if (ci >= CRYPT_ACTIVE) { - log_err(cd, _("Device %s already exists.\n"), name); - return -EEXIST; - } - } + log_dbg(cd, "Resuming volume %s by volume key.", name); - /* use key directly, no hash */ - if (isPLAIN(cd->type)) { - if (!name) - return -EINVAL; + if ((r = onlyLUKS(cd))) + return r; - if (!volume_key || !volume_key_size || volume_key_size != cd->u.plain.key_size) { - log_err(cd, _("Incorrect volume key specified for plain device.\n")); - return -EINVAL; - } + r = dm_status_suspended(cd, name); + if (r < 0) + return r; - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; + if (!r) { + log_err(cd, _("Volume %s is not suspended."), name); + return -EINVAL; + } - r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags); - } else if (isLUKS(cd->type)) { - /* If key is not provided, try to use internal key */ - if (!volume_key) { - if (!cd->volume_key) { - log_err(cd, _("Volume key does not match the volume.\n")); - return -EINVAL; - } - volume_key_size = cd->volume_key->keylength; - volume_key = cd->volume_key->key; - } + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + if (!vk) + return -ENOMEM; - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; + if (isLUKS1(cd->type)) r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + else if (isLUKS2(cd->type)) + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + else + r = -EINVAL; + if (r == -EPERM || r == -ENOENT) + log_err(cd, _("Volume key does not match the volume.")); + if (r < 0) + goto out; + r = 0; - if (r == -EPERM) - log_err(cd, _("Volume key does not match the volume.\n")); + if (crypt_use_keyring_for_vk(cd)) { + r = LUKS2_key_description_by_segment(cd, &cd->u.luks2.hdr, vk, CRYPT_DEFAULT_SEGMENT); + if (!r) + r = crypt_volume_key_load_in_keyring(cd, vk); + } + if (r < 0) + goto out; - if (!r && name) - r = LUKS1_activate(cd, name, vk, flags); - } else if (isVERITY(cd->type)) { - /* volume_key == root hash */ - if (!volume_key || !volume_key_size) { - log_err(cd, _("Incorrect root hash specified for verity device.\n")); - return -EINVAL; - } + r = dm_resume_and_reinstate_key(cd, name, vk); + if (r < 0) + log_err(cd, _("Error during resuming device %s."), name); +out: + if (r < 0) + crypt_drop_keyring_key(cd, vk); + crypt_free_volume_key(vk); + return r; +} - r = VERITY_activate(cd, name, volume_key, volume_key_size, - &cd->u.verity.hdr, CRYPT_ACTIVATE_READONLY); - - if (r == -EPERM) { - free(cd->u.verity.root_hash); - cd->u.verity.root_hash = NULL; - } if (!r) { - cd->u.verity.root_hash_size = volume_key_size; - if (!cd->u.verity.root_hash) - cd->u.verity.root_hash = malloc(volume_key_size); - if (cd->u.verity.root_hash) - memcpy(cd->u.verity.root_hash, volume_key, volume_key_size); +/* + * Keyslot manipulation + */ +int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, + int keyslot, // -1 any + const char *passphrase, + size_t passphrase_size, + const char *new_passphrase, + size_t new_passphrase_size) +{ + int digest, r, active_slots; + struct luks2_keyslot_params params; + struct volume_key *vk = NULL; + + log_dbg(cd, "Adding new keyslot, existing passphrase %sprovided," + "new passphrase %sprovided.", + passphrase ? "" : "not ", new_passphrase ? "" : "not "); + + if ((r = onlyLUKS(cd))) + return r; + + if (!passphrase || !new_passphrase) + return -EINVAL; + + r = keyslot_verify_or_find_empty(cd, &keyslot); + if (r) + return r; + + if (isLUKS1(cd->type)) + active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr); + else + active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + if (active_slots == 0) { + /* No slots used, try to use pre-generated key in header */ + if (cd->volume_key) { + vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + r = vk ? 0 : -ENOMEM; + } else { + log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.")); + return -EINVAL; } - } else if (isTCRYPT(cd->type)) { - if (!name) - return 0; + } else if (active_slots < 0) + return -EINVAL; + else { + /* Passphrase provided, use it to unlock existing keyslot */ + if (isLUKS1(cd->type)) + r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, passphrase, + passphrase_size, &cd->u.luks1.hdr, &vk, cd); + else + r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, passphrase, + passphrase_size, &vk); + } + + if (r < 0) + goto out; + + if (isLUKS1(cd->type)) + r = LUKS_set_key(keyslot, CONST_CAST(char*)new_passphrase, + new_passphrase_size, &cd->u.luks1.hdr, vk, cd); + else { + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + digest = r; + + if (r >= 0) + r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); + + if (r >= 0) + r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0); + + if (r >= 0) + r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot, + CONST_CAST(char*)new_passphrase, + new_passphrase_size, vk, ¶ms); + } + + if (r < 0) + goto out; + + r = 0; +out: + crypt_free_volume_key(vk); + if (r < 0) { + _luks2_reload(cd); + return r; + } + return keyslot; +} + +int crypt_keyslot_change_by_passphrase(struct crypt_device *cd, + int keyslot_old, + int keyslot_new, + const char *passphrase, + size_t passphrase_size, + const char *new_passphrase, + size_t new_passphrase_size) +{ + int digest = -1, r; + struct luks2_keyslot_params params; + struct volume_key *vk = NULL; + + if (!passphrase || !new_passphrase) + return -EINVAL; + + log_dbg(cd, "Changing passphrase from old keyslot %d to new %d.", + keyslot_old, keyslot_new); + + if ((r = onlyLUKS(cd))) + return r; + + if (isLUKS1(cd->type)) + r = LUKS_open_key_with_hdr(keyslot_old, passphrase, passphrase_size, + &cd->u.luks1.hdr, &vk, cd); + else if (isLUKS2(cd->type)) { + r = LUKS2_keyslot_open(cd, keyslot_old, CRYPT_ANY_SEGMENT, passphrase, passphrase_size, &vk); + /* will fail for keyslots w/o digest. fix if supported in a future */ + if (r >= 0) { + digest = LUKS2_digest_by_keyslot(&cd->u.luks2.hdr, r); + if (digest < 0) + r = -EINVAL; + } + } else + r = -EINVAL; + if (r < 0) + goto out; + + if (keyslot_old != CRYPT_ANY_SLOT && keyslot_old != r) { + log_dbg(cd, "Keyslot mismatch."); + goto out; + } + keyslot_old = r; + + if (keyslot_new == CRYPT_ANY_SLOT) { + if (isLUKS1(cd->type)) + keyslot_new = LUKS_keyslot_find_empty(&cd->u.luks1.hdr); + else if (isLUKS2(cd->type)) + keyslot_new = LUKS2_keyslot_find_empty(&cd->u.luks2.hdr); + if (keyslot_new < 0) + keyslot_new = keyslot_old; + } + log_dbg(cd, "Key change, old slot %d, new slot %d.", keyslot_old, keyslot_new); + + if (isLUKS1(cd->type)) { + if (keyslot_old == keyslot_new) { + log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old); + (void)crypt_keyslot_destroy(cd, keyslot_old); + } + r = LUKS_set_key(keyslot_new, new_passphrase, new_passphrase_size, + &cd->u.luks1.hdr, vk, cd); + } else if (isLUKS2(cd->type)) { + r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); + if (r) + goto out; + + if (keyslot_old != keyslot_new) { + r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot_new, digest, 1, 0); + if (r < 0) + goto out; + } else { + log_dbg(cd, "Key slot %d is going to be overwritten.", keyslot_old); + /* FIXME: improve return code so that we can detect area is damaged */ + r = LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot_old, 1); + if (r) { + /* (void)crypt_keyslot_destroy(cd, keyslot_old); */ + r = -EINVAL; + goto out; + } + } + + r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, + keyslot_new, new_passphrase, + new_passphrase_size, vk, ¶ms); + } else + r = -EINVAL; + + if (r >= 0 && keyslot_old != keyslot_new) + r = crypt_keyslot_destroy(cd, keyslot_old); + + if (r < 0) + log_err(cd, _("Failed to swap new key slot.")); +out: + crypt_free_volume_key(vk); + if (r < 0) { + _luks2_reload(cd); + return r; + } + return keyslot_new; +} + +int crypt_keyslot_add_by_keyfile_device_offset(struct crypt_device *cd, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset, + const char *new_keyfile, + size_t new_keyfile_size, + uint64_t new_keyfile_offset) +{ + int digest, r, active_slots; + size_t passwordLen, new_passwordLen; + struct luks2_keyslot_params params; + char *password = NULL, *new_password = NULL; + struct volume_key *vk = NULL; + + if (!keyfile || !new_keyfile) + return -EINVAL; + + log_dbg(cd, "Adding new keyslot, existing keyfile %s, new keyfile %s.", + keyfile, new_keyfile); + + if ((r = onlyLUKS(cd))) + return r; + + r = keyslot_verify_or_find_empty(cd, &keyslot); + if (r) + return r; + + if (isLUKS1(cd->type)) + active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr); + else + active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + if (active_slots == 0) { + /* No slots used, try to use pre-generated key in header */ + if (cd->volume_key) { + vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + r = vk ? 0 : -ENOMEM; + } else { + log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.")); + return -EINVAL; + } + } else { + r = crypt_keyfile_device_read(cd, keyfile, + &password, &passwordLen, + keyfile_offset, keyfile_size, 0); + if (r < 0) + goto out; + + if (isLUKS1(cd->type)) + r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, password, passwordLen, + &cd->u.luks1.hdr, &vk, cd); + else + r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, password, passwordLen, &vk); + } + + if (r < 0) + goto out; + + r = crypt_keyfile_device_read(cd, new_keyfile, + &new_password, &new_passwordLen, + new_keyfile_offset, new_keyfile_size, 0); + if (r < 0) + goto out; + + if (isLUKS1(cd->type)) + r = LUKS_set_key(keyslot, new_password, new_passwordLen, + &cd->u.luks1.hdr, vk, cd); + else { + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + digest = r; + + if (r >= 0) + r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); + + if (r >= 0) + r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0); + + if (r >= 0) + r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot, + new_password, new_passwordLen, vk, ¶ms); + } +out: + crypt_safe_free(password); + crypt_safe_free(new_password); + crypt_free_volume_key(vk); + if (r < 0) { + _luks2_reload(cd); + return r; + } + return keyslot; +} + +int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, + int keyslot, + const char *keyfile, + size_t keyfile_size, + const char *new_keyfile, + size_t new_keyfile_size) +{ + return crypt_keyslot_add_by_keyfile_device_offset(cd, keyslot, + keyfile, keyfile_size, 0, + new_keyfile, new_keyfile_size, 0); +} + +int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd, + int keyslot, + const char *keyfile, + size_t keyfile_size, + size_t keyfile_offset, + const char *new_keyfile, + size_t new_keyfile_size, + size_t new_keyfile_offset) +{ + return crypt_keyslot_add_by_keyfile_device_offset(cd, keyslot, + keyfile, keyfile_size, keyfile_offset, + new_keyfile, new_keyfile_size, new_keyfile_offset); +} + +int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, + int keyslot, + const char *volume_key, + size_t volume_key_size, + const char *passphrase, + size_t passphrase_size) +{ + struct volume_key *vk = NULL; + int r; + + if (!passphrase) + return -EINVAL; + + log_dbg(cd, "Adding new keyslot %d using volume key.", keyslot); + + if ((r = onlyLUKS(cd))) + return r; + + if (isLUKS2(cd->type)) + return crypt_keyslot_add_by_key(cd, keyslot, + volume_key, volume_key_size, passphrase, + passphrase_size, 0); + + r = keyslot_verify_or_find_empty(cd, &keyslot); + if (r < 0) + return r; + + if (volume_key) + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + else if (cd->volume_key) + vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + + if (!vk) + return -ENOMEM; + + r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + if (r < 0) + log_err(cd, _("Volume key does not match the volume.")); + else + r = LUKS_set_key(keyslot, passphrase, passphrase_size, + &cd->u.luks1.hdr, vk, cd); + + crypt_free_volume_key(vk); + return (r < 0) ? r : keyslot; +} + +int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot) +{ + crypt_keyslot_info ki; + int r; + + log_dbg(cd, "Destroying keyslot %d.", keyslot); + + if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED))) + return r; + + ki = crypt_keyslot_status(cd, keyslot); + if (ki == CRYPT_SLOT_INVALID) { + log_err(cd, _("Key slot %d is invalid."), keyslot); + return -EINVAL; + } + + if (isLUKS1(cd->type)) { + if (ki == CRYPT_SLOT_INACTIVE) { + log_err(cd, _("Keyslot %d is not active."), keyslot); + return -EINVAL; + } + return LUKS_del_key(keyslot, &cd->u.luks1.hdr, cd); + } + + return LUKS2_keyslot_wipe(cd, &cd->u.luks2.hdr, keyslot, 0); +} + +static int _check_header_data_overlap(struct crypt_device *cd, const char *name) +{ + if (!name || !isLUKS(cd->type)) + return 0; + + if (!device_is_identical(crypt_data_device(cd), crypt_metadata_device(cd))) + return 0; + + /* FIXME: check real header size */ + if (crypt_get_data_offset(cd) == 0) { + log_err(cd, _("Device header overlaps with data area.")); + return -EINVAL; + } + + return 0; +} + +static int check_devices(struct crypt_device *cd, const char *name, const char *iname, uint32_t *flags) +{ + int r; + + if (!flags || !name) + return -EINVAL; + + if (iname) { + r = dm_status_device(cd, iname); + if (r >= 0 && !(*flags & CRYPT_ACTIVATE_REFRESH)) + return -EBUSY; + if (r < 0 && r != -ENODEV) + return r; + if (r == -ENODEV) + *flags &= ~CRYPT_ACTIVATE_REFRESH; + } + + r = dm_status_device(cd, name); + if (r >= 0 && !(*flags & CRYPT_ACTIVATE_REFRESH)) + return -EBUSY; + if (r < 0 && r != -ENODEV) + return r; + if (r == -ENODEV) + *flags &= ~CRYPT_ACTIVATE_REFRESH; + + return 0; +} + +static int _create_device_with_integrity(struct crypt_device *cd, + const char *type, const char *name, const char *iname, + const char *ipath, struct crypt_dm_active_device *dmd, + struct crypt_dm_active_device *dmdi) +{ + int r; + enum devcheck device_check; + struct dm_target *tgt; + struct device *device = NULL; + + if (!single_segment(dmd)) + return -EINVAL; + + tgt = &dmd->segment; + if (tgt->type != DM_CRYPT) + return -EINVAL; + + device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL; + + r = INTEGRITY_activate_dmd_device(cd, iname, CRYPT_INTEGRITY, dmdi, 0); + if (r) + return r; + + r = device_alloc(cd, &device, ipath); + if (r < 0) + goto out; + tgt->data_device = device; + + r = device_block_adjust(cd, tgt->data_device, device_check, + tgt->u.crypt.offset, &dmd->size, &dmd->flags); + + if (!r) + r = dm_create_device(cd, name, type, dmd); +out: + if (r < 0) + dm_remove_device(cd, iname, 0); + + device_free(cd, device); + return r; +} + +static int kernel_keyring_support(void) +{ + static unsigned _checked = 0; + + if (!_checked) { + _kernel_keyring_supported = keyring_check(); + _checked = 1; + } + + return _kernel_keyring_supported; +} + +static int dmcrypt_keyring_bug(void) +{ + uint64_t kversion; + + if (kernel_version(&kversion)) + return 1; + return kversion < version(4,15,0,0); +} + +int create_or_reload_device(struct crypt_device *cd, const char *name, + const char *type, struct crypt_dm_active_device *dmd) +{ + int r; + enum devcheck device_check; + struct dm_target *tgt; + + if (!type || !name || !single_segment(dmd)) + return -EINVAL; + + tgt = &dmd->segment; + if (tgt->type != DM_CRYPT) + return -EINVAL; + + /* drop CRYPT_ACTIVATE_REFRESH flag if any device is inactive */ + r = check_devices(cd, name, NULL, &dmd->flags); + if (r) + return r; + + if (dmd->flags & CRYPT_ACTIVATE_REFRESH) + r = _reload_device(cd, name, dmd); + else { + device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL; + + r = device_block_adjust(cd, tgt->data_device, device_check, + tgt->u.crypt.offset, &dmd->size, &dmd->flags); + if (!r) { + tgt->size = dmd->size; + r = dm_create_device(cd, name, type, dmd); + } + } + + return r; +} + +int create_or_reload_device_with_integrity(struct crypt_device *cd, const char *name, + const char *type, struct crypt_dm_active_device *dmd, + struct crypt_dm_active_device *dmdi) +{ + int r; + const char *iname = NULL; + char *ipath = NULL; + + if (!type || !name || !dmd || !dmdi) + return -EINVAL; + + if (asprintf(&ipath, "%s/%s_dif", dm_get_dir(), name) < 0) + return -ENOMEM; + iname = ipath + strlen(dm_get_dir()) + 1; + + /* drop CRYPT_ACTIVATE_REFRESH flag if any device is inactive */ + r = check_devices(cd, name, iname, &dmd->flags); + if (r) + goto out; + + if (dmd->flags & CRYPT_ACTIVATE_REFRESH) + r = _reload_device_with_integrity(cd, name, iname, ipath, dmd, dmdi); + else + r = _create_device_with_integrity(cd, type, name, iname, ipath, dmd, dmdi); +out: + free(ipath); + + return r; +} + +static int load_all_keys(struct crypt_device *cd, struct luks2_hdr *hdr, struct volume_key *vks) +{ + int r; + struct volume_key *vk = vks; + + while (vk) { + r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk)); + if (r < 0) + return r; + vk = crypt_volume_key_next(vk); + } + + return 0; +} + +/* See fixmes in _open_and_activate_luks2 */ +int update_reencryption_flag(struct crypt_device *cd, int enable, bool commit); + +/* TODO: This function should 1:1 with pre-reencryption code */ +static int _open_and_activate(struct crypt_device *cd, + int keyslot, + const char *name, + const char *passphrase, + size_t passphrase_size, + uint32_t flags) +{ + int r; + struct volume_key *vk = NULL; + + r = LUKS2_keyslot_open(cd, keyslot, + (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ? + CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT, + passphrase, passphrase_size, &vk); + if (r < 0) + return r; + keyslot = r; + + if ((name || (flags & CRYPT_ACTIVATE_KEYRING_KEY)) && + crypt_use_keyring_for_vk(cd)) { + r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, + &cd->u.luks2.hdr, vk, keyslot); + if (r < 0) + goto out; + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + } + + if (name) + r = LUKS2_activate(cd, name, vk, flags); +out: + if (r < 0) + crypt_drop_keyring_key(cd, vk); + crypt_free_volume_key(vk); + + return r < 0 ? r : keyslot; +} + +static int _open_all_keys(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const char *passphrase, + size_t passphrase_size, + uint32_t flags, + struct volume_key **vks) +{ + int r, segment; + struct volume_key *_vks = NULL; + crypt_reencrypt_info ri = LUKS2_reenc_status(hdr); + + segment = (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ? CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT; + + switch (ri) { + case CRYPT_REENCRYPT_NONE: + r = LUKS2_keyslot_open(cd, keyslot, segment, passphrase, passphrase_size, &_vks); + break; + case CRYPT_REENCRYPT_CLEAN: + case CRYPT_REENCRYPT_CRASH: + if (segment == CRYPT_ANY_SEGMENT) + r = LUKS2_keyslot_open(cd, keyslot, segment, passphrase, + passphrase_size, &_vks); + else + r = LUKS2_keyslot_open_all_segments(cd, keyslot, + keyslot, passphrase, passphrase_size, + &_vks); + break; + default: + r = -EINVAL; + } + + if (keyslot == CRYPT_ANY_SLOT) + keyslot = r; + + if (r >= 0 && (flags & CRYPT_ACTIVATE_KEYRING_KEY)) + r = load_all_keys(cd, hdr, _vks); + + if (r >= 0 && vks) + MOVE_REF(*vks, _vks); + + if (r < 0) + crypt_drop_keyring_key(cd, _vks); + crypt_free_volume_key(_vks); + + return r < 0 ? r : keyslot; +} + +static int _open_and_activate_reencrypt_device(struct crypt_device *cd, + struct luks2_hdr *hdr, + int keyslot, + const char *name, + const char *passphrase, + size_t passphrase_size, + uint32_t flags) +{ + bool dynamic_size; + crypt_reencrypt_info ri; + uint64_t minimal_size, device_size; + struct volume_key *vks = NULL; + int r = 0; + struct crypt_lock_handle *reencrypt_lock = NULL; + + if (crypt_use_keyring_for_vk(cd)) + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + + r = crypt_reencrypt_lock(cd, &reencrypt_lock); + if (r) { + if (r == -EBUSY) + log_err(cd, _("Reencryption in-progress. Cannot activate device.")); + else + log_err(cd, _("Failed to get reencryption lock.")); + return r; + } + + if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) + goto err; + + ri = LUKS2_reenc_status(hdr); + + if (ri == CRYPT_REENCRYPT_CRASH) { + r = LUKS2_reencrypt_locked_recovery_by_passphrase(cd, keyslot, + keyslot, passphrase, passphrase_size, flags, &vks); + if (r < 0) { + log_err(cd, _("LUKS2 reencryption recovery failed.")); + goto err; + } + keyslot = r; + + ri = LUKS2_reenc_status(hdr); + } + + /* recovery finished reencryption or it's already finished */ + if (ri == CRYPT_REENCRYPT_NONE) { + crypt_drop_keyring_key(cd, vks); + crypt_free_volume_key(vks); + crypt_reencrypt_unlock(cd, reencrypt_lock); + return _open_and_activate(cd, keyslot, name, passphrase, passphrase_size, flags); + } + + if (ri > CRYPT_REENCRYPT_CLEAN) { + r = -EINVAL; + goto err; + } + + if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic_size)) + goto err; + + if (!vks) { + r = _open_all_keys(cd, hdr, keyslot, passphrase, passphrase_size, flags, &vks); + if (r >= 0) + keyslot = r; + } + + log_dbg(cd, "Entering clean reencryption state mode."); + + if (r >= 0) + r = luks2_check_device_size(cd, hdr, minimal_size, &device_size, true, dynamic_size); + + if (r >= 0) + r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHIFT, flags); +err: + crypt_reencrypt_unlock(cd, reencrypt_lock); + if (r < 0) + crypt_drop_keyring_key(cd, vks); + crypt_free_volume_key(vks); + + return r < 0 ? r : keyslot; +} + +/* + * Activation/deactivation of a device + */ +static int _open_and_activate_luks2(struct crypt_device *cd, + int keyslot, + const char *name, + const char *passphrase, + size_t passphrase_size, + uint32_t flags) +{ + crypt_reencrypt_info ri; + int r; + struct luks2_hdr *hdr = &cd->u.luks2.hdr; + + ri = LUKS2_reenc_status(hdr); + if (ri == CRYPT_REENCRYPT_INVALID) + return -EINVAL; + + if (ri > CRYPT_REENCRYPT_NONE) { + if (name) + r = _open_and_activate_reencrypt_device(cd, hdr, keyslot, name, passphrase, + passphrase_size, flags); + else + r = _open_all_keys(cd, hdr, keyslot, passphrase, + passphrase_size, flags, NULL); + } else + r = _open_and_activate(cd, keyslot, name, passphrase, + passphrase_size, flags); + + return r; +} + +static int _activate_by_passphrase(struct crypt_device *cd, + const char *name, + int keyslot, + const char *passphrase, + size_t passphrase_size, + uint32_t flags) +{ + int r; + struct volume_key *vk = NULL; + + if ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)) + return -EINVAL; + + if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name) + return -EINVAL; + + r = _check_header_data_overlap(cd, name); + if (r < 0) + return r; + + if (flags & CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF) + cd->memory_hard_pbkdf_lock_enabled = true; + + /* plain, use hashed passphrase */ + if (isPLAIN(cd->type)) { + r = -EINVAL; + if (!name) + goto out; + + r = process_key(cd, cd->u.plain.hdr.hash, + cd->u.plain.key_size, + passphrase, passphrase_size, &vk); + if (r < 0) + goto out; + + r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags); + keyslot = 0; + } else if (isLUKS1(cd->type)) { + r = LUKS_open_key_with_hdr(keyslot, passphrase, + passphrase_size, &cd->u.luks1.hdr, &vk, cd); + if (r >= 0) { + keyslot = r; + if (name) + r = LUKS1_activate(cd, name, vk, flags); + } + } else if (isLUKS2(cd->type)) { + r = _open_and_activate_luks2(cd, keyslot, name, passphrase, passphrase_size, flags); + keyslot = r; + } else if (isBITLK(cd->type)) { + r = BITLK_activate(cd, name, passphrase, passphrase_size, + &cd->u.bitlk.params, flags); + keyslot = 0; + } else { + log_err(cd, _("Device type is not properly initialized.")); + r = -EINVAL; + } +out: + if (r < 0) + crypt_drop_keyring_key(cd, vk); + crypt_free_volume_key(vk); + + cd->memory_hard_pbkdf_lock_enabled = false; + + return r < 0 ? r : keyslot; +} + +static int _activate_loopaes(struct crypt_device *cd, + const char *name, + char *buffer, + size_t buffer_size, + uint32_t flags) +{ + int r; + unsigned int key_count = 0; + struct volume_key *vk = NULL; + + r = LOOPAES_parse_keyfile(cd, &vk, cd->u.loopaes.hdr.hash, &key_count, + buffer, buffer_size); + + if (!r && name) + r = LOOPAES_activate(cd, name, cd->u.loopaes.cipher, key_count, + vk, flags); + + crypt_free_volume_key(vk); + + return r; +} + +static int _activate_check_status(struct crypt_device *cd, const char *name, unsigned reload) +{ + crypt_status_info ci; + + if (!name) + return 0; + + ci = crypt_status(cd, name); + if (ci == CRYPT_INVALID) { + log_err(cd, _("Cannot use device %s, name is invalid or still in use."), name); + return -EINVAL; + } else if (ci >= CRYPT_ACTIVE && !reload) { + log_err(cd, _("Device %s already exists."), name); + return -EEXIST; + } + + return 0; +} + +// activation/deactivation of device mapping +int crypt_activate_by_passphrase(struct crypt_device *cd, + const char *name, + int keyslot, + const char *passphrase, + size_t passphrase_size, + uint32_t flags) +{ + int r; + + if (!cd || !passphrase || (!name && (flags & CRYPT_ACTIVATE_REFRESH))) + return -EINVAL; + + log_dbg(cd, "%s volume %s [keyslot %d] using passphrase.", + name ? "Activating" : "Checking", name ?: "passphrase", + keyslot); + + r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); + if (r < 0) + return r; + + return _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags); +} + +int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint64_t keyfile_offset, + uint32_t flags) +{ + char *passphrase_read = NULL; + size_t passphrase_size_read; + int r; + + if (!cd || !keyfile || + ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))) + return -EINVAL; + + log_dbg(cd, "%s volume %s [keyslot %d] using keyfile %s.", + name ? "Activating" : "Checking", name ?: "passphrase", keyslot, keyfile); + + r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); + if (r < 0) + return r; + + r = crypt_keyfile_device_read(cd, keyfile, + &passphrase_read, &passphrase_size_read, + keyfile_offset, keyfile_size, 0); + if (r < 0) + goto out; + + if (isLOOPAES(cd->type)) + r = _activate_loopaes(cd, name, passphrase_read, passphrase_size_read, flags); + else + r = _activate_by_passphrase(cd, name, keyslot, passphrase_read, passphrase_size_read, flags); + +out: + crypt_safe_free(passphrase_read); + return r; +} + +int crypt_activate_by_keyfile(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + uint32_t flags) +{ + return crypt_activate_by_keyfile_device_offset(cd, name, keyslot, keyfile, + keyfile_size, 0, flags); +} + +int crypt_activate_by_keyfile_offset(struct crypt_device *cd, + const char *name, + int keyslot, + const char *keyfile, + size_t keyfile_size, + size_t keyfile_offset, + uint32_t flags) +{ + return crypt_activate_by_keyfile_device_offset(cd, name, keyslot, keyfile, + keyfile_size, keyfile_offset, flags); +} +int crypt_activate_by_volume_key(struct crypt_device *cd, + const char *name, + const char *volume_key, + size_t volume_key_size, + uint32_t flags) +{ + struct volume_key *vk = NULL; + int r; + + if (!cd || + ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))) + return -EINVAL; + + log_dbg(cd, "%s volume %s by volume key.", name ? "Activating" : "Checking", + name ?: ""); + + r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); + if (r < 0) + return r; + + r = _check_header_data_overlap(cd, name); + if (r < 0) + return r; + + /* use key directly, no hash */ + if (isPLAIN(cd->type)) { + if (!name) + return -EINVAL; + + if (!volume_key || !volume_key_size || volume_key_size != cd->u.plain.key_size) { + log_err(cd, _("Incorrect volume key specified for plain device.")); + return -EINVAL; + } + + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + if (!vk) + return -ENOMEM; + + r = PLAIN_activate(cd, name, vk, cd->u.plain.hdr.size, flags); + } else if (isLUKS1(cd->type)) { + /* If key is not provided, try to use internal key */ + if (!volume_key) { + if (!cd->volume_key) { + log_err(cd, _("Volume key does not match the volume.")); + return -EINVAL; + } + volume_key_size = cd->volume_key->keylength; + volume_key = cd->volume_key->key; + } + + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + if (!vk) + return -ENOMEM; + r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + + if (r == -EPERM) + log_err(cd, _("Volume key does not match the volume.")); + + if (!r && name) + r = LUKS1_activate(cd, name, vk, flags); + } else if (isLUKS2(cd->type)) { + /* If key is not provided, try to use internal key */ + if (!volume_key) { + if (!cd->volume_key) { + log_err(cd, _("Volume key does not match the volume.")); + return -EINVAL; + } + volume_key_size = cd->volume_key->keylength; + volume_key = cd->volume_key->key; + } + + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + if (!vk) + return -ENOMEM; + + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + if (r == -EPERM || r == -ENOENT) + log_err(cd, _("Volume key does not match the volume.")); + if (r > 0) + r = 0; + + if (!r && (name || (flags & CRYPT_ACTIVATE_KEYRING_KEY)) && + crypt_use_keyring_for_vk(cd)) { + r = LUKS2_key_description_by_segment(cd, + &cd->u.luks2.hdr, vk, CRYPT_DEFAULT_SEGMENT); + if (!r) + r = crypt_volume_key_load_in_keyring(cd, vk); + if (!r) + flags |= CRYPT_ACTIVATE_KEYRING_KEY; + } + + if (!r && name) + r = LUKS2_activate(cd, name, vk, flags); + } else if (isVERITY(cd->type)) { + r = crypt_activate_by_signed_key(cd, name, volume_key, volume_key_size, NULL, 0, flags); + } else if (isTCRYPT(cd->type)) { + if (!name) + return 0; r = TCRYPT_activate(cd, name, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, flags); + } else if (isINTEGRITY(cd->type)) { + if (!name) + return 0; + if (volume_key) { + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + if (!vk) + return -ENOMEM; + } + r = INTEGRITY_activate(cd, name, &cd->u.integrity.params, vk, + cd->u.integrity.journal_crypt_key, + cd->u.integrity.journal_mac_key, flags, + cd->u.integrity.sb_flags); + } else { + log_err(cd, _("Device type is not properly initialized.")); + r = -EINVAL; + } + + if (r < 0) + crypt_drop_keyring_key(cd, vk); + crypt_free_volume_key(vk); + + return r; +} + +int crypt_activate_by_signed_key(struct crypt_device *cd, + const char *name, + const char *volume_key, + size_t volume_key_size, + const char *signature, + size_t signature_size, + uint32_t flags) +{ + char description[512]; + int r; + + if (!cd || !isVERITY(cd->type)) + return -EINVAL; + + if (!volume_key || !volume_key_size || (!name && signature)) { + log_err(cd, _("Incorrect root hash specified for verity device.")); + return -EINVAL; + } + + log_dbg(cd, "%s volume %s by signed key.", name ? "Activating" : "Checking", name ?: ""); + + if (cd->u.verity.hdr.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE && !signature) { + log_err(cd, _("Root hash signature required.")); + return -EINVAL; + } + + r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); + if (r < 0) + return r; + + if (signature && !kernel_keyring_support()) { + log_err(cd, _("Kernel keyring missing: required for passing signature to kernel.")); + return -EINVAL; + } + + /* volume_key == root hash */ + free(CONST_CAST(void*)cd->u.verity.root_hash); + cd->u.verity.root_hash = NULL; + + if (signature) { + r = snprintf(description, sizeof(description)-1, "cryptsetup:%s%s%s", + crypt_get_uuid(cd) ?: "", crypt_get_uuid(cd) ? "-" : "", name); + if (r < 0) + return -EINVAL; + + log_dbg(cd, "Adding signature into keyring %s", description); + r = keyring_add_key_in_thread_keyring(USER_KEY, description, signature, signature_size); + if (r) { + log_err(cd, _("Failed to load key in kernel keyring.")); + return r; + } + } + + r = VERITY_activate(cd, name, volume_key, volume_key_size, + signature ? description : NULL, + cd->u.verity.fec_device, + &cd->u.verity.hdr, flags | CRYPT_ACTIVATE_READONLY); + + if (!r) { + cd->u.verity.root_hash_size = volume_key_size; + cd->u.verity.root_hash = malloc(volume_key_size); + if (cd->u.verity.root_hash) + memcpy(CONST_CAST(void*)cd->u.verity.root_hash, volume_key, volume_key_size); + } + + if (signature) + crypt_drop_keyring_key_by_description(cd, description, USER_KEY); + + return r; +} + +int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t flags) +{ + struct crypt_device *fake_cd = NULL; + struct luks2_hdr *hdr2 = NULL; + struct crypt_dm_active_device dmd = {}; + int r; + uint32_t get_flags = DM_ACTIVE_DEVICE | DM_ACTIVE_UUID | DM_ACTIVE_HOLDERS; + + if (!name) + return -EINVAL; + + log_dbg(cd, "Deactivating volume %s.", name); + + if (!cd) { + r = crypt_init_by_name(&fake_cd, name); + if (r < 0) + return r; + cd = fake_cd; + } + + /* skip holders detection and early abort when some flags raised */ + if (flags & (CRYPT_DEACTIVATE_FORCE | CRYPT_DEACTIVATE_DEFERRED)) + get_flags &= ~DM_ACTIVE_HOLDERS; + + switch (crypt_status(cd, name)) { + case CRYPT_ACTIVE: + case CRYPT_BUSY: + r = dm_query_device(cd, name, get_flags, &dmd); + if (r >= 0) { + if (dmd.holders) { + log_err(cd, _("Device %s is still in use."), name); + r = -EBUSY; + break; + } + } + + if (isLUKS2(cd->type)) + hdr2 = crypt_get_hdr(cd, CRYPT_LUKS2); + + if ((dmd.uuid && !strncmp(CRYPT_LUKS2, dmd.uuid, sizeof(CRYPT_LUKS2)-1)) || hdr2) + r = LUKS2_deactivate(cd, name, hdr2, &dmd, flags); + else if (isTCRYPT(cd->type)) + r = TCRYPT_deactivate(cd, name, flags); + else + r = dm_remove_device(cd, name, flags); + if (r < 0 && crypt_status(cd, name) == CRYPT_BUSY) { + log_err(cd, _("Device %s is still in use."), name); + r = -EBUSY; + } + break; + case CRYPT_INACTIVE: + log_err(cd, _("Device %s is not active."), name); + r = -ENODEV; + break; + default: + log_err(cd, _("Invalid device %s."), name); + r = -EINVAL; + } + + dm_targets_free(cd, &dmd); + free(CONST_CAST(void*)dmd.uuid); + crypt_free(fake_cd); + + return r; +} + +int crypt_deactivate(struct crypt_device *cd, const char *name) +{ + return crypt_deactivate_by_name(cd, name, 0); +} + +int crypt_get_active_device(struct crypt_device *cd, const char *name, + struct crypt_active_device *cad) +{ + int r; + struct crypt_dm_active_device dmd, dmdi = {}; + const char *namei = NULL; + struct dm_target *tgt = &dmd.segment; + uint64_t min_offset = UINT64_MAX; + + if (!cd || !name || !cad) + return -EINVAL; + + r = dm_query_device(cd, name, DM_ACTIVE_DEVICE, &dmd); + if (r < 0) + return r; + + /* For LUKS2 with integrity we need flags from underlying dm-integrity */ + if (isLUKS2(cd->type) && crypt_get_integrity_tag_size(cd) && single_segment(&dmd)) { + namei = device_dm_name(tgt->data_device); + if (namei && dm_query_device(cd, namei, 0, &dmdi) >= 0) + dmd.flags |= dmdi.flags; + } + + if (cd && isTCRYPT(cd->type)) { + cad->offset = TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + cad->iv_offset = TCRYPT_get_iv_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + } else { + while (tgt) { + if (tgt->type == DM_CRYPT && (min_offset > tgt->u.crypt.offset)) { + min_offset = tgt->u.crypt.offset; + cad->iv_offset = tgt->u.crypt.iv_offset; + } else if (tgt->type == DM_INTEGRITY && (min_offset > tgt->u.integrity.offset)) { + min_offset = tgt->u.integrity.offset; + cad->iv_offset = 0; + } else if (tgt->type == DM_LINEAR && (min_offset > tgt->u.linear.offset)) { + min_offset = tgt->u.linear.offset; + cad->iv_offset = 0; + } + tgt = tgt->next; + } + } + + if (min_offset != UINT64_MAX) + cad->offset = min_offset; + + cad->size = dmd.size; + cad->flags = dmd.flags; + + r = 0; + dm_targets_free(cd, &dmd); + dm_targets_free(cd, &dmdi); + + return r; +} + +uint64_t crypt_get_active_integrity_failures(struct crypt_device *cd, const char *name) +{ + struct crypt_dm_active_device dmd; + uint64_t failures = 0; + + if (!name) + return 0; + + /* FIXME: LUKS2 / dm-crypt does not provide this count. */ + if (dm_query_device(cd, name, 0, &dmd) < 0) + return 0; + + if (single_segment(&dmd) && dmd.segment.type == DM_INTEGRITY) + (void)dm_status_integrity_failures(cd, name, &failures); + + dm_targets_free(cd, &dmd); + + return failures; +} + +/* + * Volume key handling + */ +int crypt_volume_key_get(struct crypt_device *cd, + int keyslot, + char *volume_key, + size_t *volume_key_size, + const char *passphrase, + size_t passphrase_size) +{ + struct volume_key *vk = NULL; + int key_len, r = -EINVAL; + + if (!cd || !volume_key || !volume_key_size || (!isTCRYPT(cd->type) && !isVERITY(cd->type) && !passphrase)) + return -EINVAL; + + if (isLUKS2(cd->type) && keyslot != CRYPT_ANY_SLOT) + key_len = LUKS2_get_keyslot_stored_key_size(&cd->u.luks2.hdr, keyslot); + else + key_len = crypt_get_volume_key_size(cd); + + if (key_len < 0) + return -EINVAL; + + if (key_len > (int)*volume_key_size) { + log_err(cd, _("Volume key buffer too small.")); + return -ENOMEM; + } + + if (isPLAIN(cd->type) && cd->u.plain.hdr.hash) { + r = process_key(cd, cd->u.plain.hdr.hash, key_len, + passphrase, passphrase_size, &vk); + if (r < 0) + log_err(cd, _("Cannot retrieve volume key for plain device.")); + } else if (isLUKS1(cd->type)) { + r = LUKS_open_key_with_hdr(keyslot, passphrase, + passphrase_size, &cd->u.luks1.hdr, &vk, cd); + } else if (isLUKS2(cd->type)) { + r = LUKS2_keyslot_open(cd, keyslot, + keyslot == CRYPT_ANY_SLOT ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT, + passphrase, passphrase_size, &vk); + } else if (isTCRYPT(cd->type)) { + r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk); + } else if (isVERITY(cd->type)) { + /* volume_key == root hash */ + if (cd->u.verity.root_hash) { + memcpy(volume_key, cd->u.verity.root_hash, cd->u.verity.root_hash_size); + *volume_key_size = cd->u.verity.root_hash_size; + r = 0; + } else + log_err(cd, _("Cannot retrieve root hash for verity device.")); + } else + log_err(cd, _("This operation is not supported for %s crypt device."), cd->type ?: "(none)"); + + if (r >= 0 && vk) { + memcpy(volume_key, vk->key, vk->keylength); + *volume_key_size = vk->keylength; + } + + crypt_free_volume_key(vk); + return r; +} + +int crypt_volume_key_verify(struct crypt_device *cd, + const char *volume_key, + size_t volume_key_size) +{ + struct volume_key *vk; + int r; + + if ((r = _onlyLUKS(cd, CRYPT_CD_UNRESTRICTED))) + return r; + + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + if (!vk) + return -ENOMEM; + + if (isLUKS1(cd->type)) + r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + else if (isLUKS2(cd->type)) + r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + else + r = -EINVAL; + + + if (r == -EPERM) + log_err(cd, _("Volume key does not match the volume.")); + + crypt_free_volume_key(vk); + + return r >= 0 ? 0 : r; +} + +/* + * RNG and memory locking + */ +void crypt_set_rng_type(struct crypt_device *cd, int rng_type) +{ + if (!cd) + return; + + switch (rng_type) { + case CRYPT_RNG_URANDOM: + case CRYPT_RNG_RANDOM: + log_dbg(cd, "RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom"); + cd->rng_type = rng_type; + } +} + +int crypt_get_rng_type(struct crypt_device *cd) +{ + if (!cd) + return -EINVAL; + + return cd->rng_type; +} + +int crypt_memory_lock(struct crypt_device *cd, int lock) +{ + return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd); +} + +void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags) +{ + if (cd) + cd->compatibility = flags; +} + +uint32_t crypt_get_compatibility(struct crypt_device *cd) +{ + if (cd) + return cd->compatibility; + + return 0; +} + +/* + * Reporting + */ +crypt_status_info crypt_status(struct crypt_device *cd, const char *name) +{ + int r; + + if (!name) + return CRYPT_INVALID; + + if (!cd) + dm_backend_init(cd); + + r = dm_status_device(cd, name); + + if (!cd) + dm_backend_exit(cd); + + if (r < 0 && r != -ENODEV) + return CRYPT_INVALID; + + if (r == 0) + return CRYPT_ACTIVE; + + if (r > 0) + return CRYPT_BUSY; + + return CRYPT_INACTIVE; +} + +static void hexprint(struct crypt_device *cd, const char *d, int n, const char *sep) +{ + int i; + for(i = 0; i < n; i++) + log_std(cd, "%02hhx%s", (const char)d[i], sep); +} + +static int _luks_dump(struct crypt_device *cd) +{ + int i; + + log_std(cd, "LUKS header information for %s\n\n", mdata_device_path(cd)); + log_std(cd, "Version: \t%" PRIu16 "\n", cd->u.luks1.hdr.version); + log_std(cd, "Cipher name: \t%s\n", cd->u.luks1.hdr.cipherName); + log_std(cd, "Cipher mode: \t%s\n", cd->u.luks1.hdr.cipherMode); + log_std(cd, "Hash spec: \t%s\n", cd->u.luks1.hdr.hashSpec); + log_std(cd, "Payload offset:\t%" PRIu32 "\n", cd->u.luks1.hdr.payloadOffset); + log_std(cd, "MK bits: \t%" PRIu32 "\n", cd->u.luks1.hdr.keyBytes * 8); + log_std(cd, "MK digest: \t"); + hexprint(cd, cd->u.luks1.hdr.mkDigest, LUKS_DIGESTSIZE, " "); + log_std(cd, "\n"); + log_std(cd, "MK salt: \t"); + hexprint(cd, cd->u.luks1.hdr.mkDigestSalt, LUKS_SALTSIZE/2, " "); + log_std(cd, "\n \t"); + hexprint(cd, cd->u.luks1.hdr.mkDigestSalt+LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " "); + log_std(cd, "\n"); + log_std(cd, "MK iterations: \t%" PRIu32 "\n", cd->u.luks1.hdr.mkDigestIterations); + log_std(cd, "UUID: \t%s\n\n", cd->u.luks1.hdr.uuid); + for(i = 0; i < LUKS_NUMKEYS; i++) { + if(cd->u.luks1.hdr.keyblock[i].active == LUKS_KEY_ENABLED) { + log_std(cd, "Key Slot %d: ENABLED\n",i); + log_std(cd, "\tIterations: \t%" PRIu32 "\n", + cd->u.luks1.hdr.keyblock[i].passwordIterations); + log_std(cd, "\tSalt: \t"); + hexprint(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt, + LUKS_SALTSIZE/2, " "); + log_std(cd, "\n\t \t"); + hexprint(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt + + LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " "); + log_std(cd, "\n"); + + log_std(cd, "\tKey material offset:\t%" PRIu32 "\n", + cd->u.luks1.hdr.keyblock[i].keyMaterialOffset); + log_std(cd, "\tAF stripes: \t%" PRIu32 "\n", + cd->u.luks1.hdr.keyblock[i].stripes); + } + else + log_std(cd, "Key Slot %d: DISABLED\n", i); + } + return 0; +} + +static int _verity_dump(struct crypt_device *cd) +{ + log_std(cd, "VERITY header information for %s\n", mdata_device_path(cd)); + log_std(cd, "UUID: \t%s\n", cd->u.verity.uuid ?: ""); + log_std(cd, "Hash type: \t%u\n", cd->u.verity.hdr.hash_type); + log_std(cd, "Data blocks: \t%" PRIu64 "\n", cd->u.verity.hdr.data_size); + log_std(cd, "Data block size: \t%u\n", cd->u.verity.hdr.data_block_size); + log_std(cd, "Hash block size: \t%u\n", cd->u.verity.hdr.hash_block_size); + log_std(cd, "Hash algorithm: \t%s\n", cd->u.verity.hdr.hash_name); + log_std(cd, "Salt: \t"); + if (cd->u.verity.hdr.salt_size) + hexprint(cd, cd->u.verity.hdr.salt, cd->u.verity.hdr.salt_size, ""); + else + log_std(cd, "-"); + log_std(cd, "\n"); + if (cd->u.verity.root_hash) { + log_std(cd, "Root hash: \t"); + hexprint(cd, cd->u.verity.root_hash, cd->u.verity.root_hash_size, ""); + log_std(cd, "\n"); + } + return 0; +} + +int crypt_dump(struct crypt_device *cd) +{ + if (!cd) + return -EINVAL; + if (isLUKS1(cd->type)) + return _luks_dump(cd); + else if (isLUKS2(cd->type)) + return LUKS2_hdr_dump(cd, &cd->u.luks2.hdr); + else if (isVERITY(cd->type)) + return _verity_dump(cd); + else if (isTCRYPT(cd->type)) + return TCRYPT_dump(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + else if (isINTEGRITY(cd->type)) + return INTEGRITY_dump(cd, crypt_data_device(cd), 0); + else if (isBITLK(cd->type)) + return BITLK_dump(cd, crypt_data_device(cd), &cd->u.bitlk.params); + + log_err(cd, _("Dump operation is not supported for this device type.")); + return -EINVAL; +} + +/* internal only */ +const char *crypt_get_cipher_spec(struct crypt_device *cd) +{ + if (!cd) + return NULL; + else if (isLUKS2(cd->type)) + return LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + else if (isLUKS1(cd->type)) + return cd->u.luks1.cipher_spec; + else if (isPLAIN(cd->type)) + return cd->u.plain.cipher_spec; + else if (isLOOPAES(cd->type)) + return cd->u.loopaes.cipher_spec; + else if (isBITLK(cd->type)) + return cd->u.bitlk.cipher_spec; + else if (!cd->type && !_init_by_name_crypt_none(cd)) + return cd->u.none.cipher_spec; + + return NULL; +} + +const char *crypt_get_cipher(struct crypt_device *cd) +{ + if (!cd) + return NULL; + + if (isPLAIN(cd->type)) + return cd->u.plain.cipher; + + if (isLUKS1(cd->type)) + return cd->u.luks1.hdr.cipherName; + + if (isLUKS2(cd->type)) { + if (crypt_parse_name_and_mode(LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT), + cd->u.luks2.cipher, NULL, cd->u.luks2.cipher_mode)) + return NULL; + return cd->u.luks2.cipher; + } + + if (isLOOPAES(cd->type)) + return cd->u.loopaes.cipher; + + if (isTCRYPT(cd->type)) + return cd->u.tcrypt.params.cipher; + + if (isBITLK(cd->type)) + return cd->u.bitlk.params.cipher; + + if (!cd->type && !_init_by_name_crypt_none(cd)) + return cd->u.none.cipher; + + return NULL; +} + +const char *crypt_get_cipher_mode(struct crypt_device *cd) +{ + if (!cd) + return NULL; + + if (isPLAIN(cd->type)) + return cd->u.plain.cipher_mode; + + if (isLUKS1(cd->type)) + return cd->u.luks1.hdr.cipherMode; + + if (isLUKS2(cd->type)) { + if (crypt_parse_name_and_mode(LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT), + cd->u.luks2.cipher, NULL, cd->u.luks2.cipher_mode)) + return NULL; + return cd->u.luks2.cipher_mode; + } + + if (isLOOPAES(cd->type)) + return cd->u.loopaes.cipher_mode; + + if (isTCRYPT(cd->type)) + return cd->u.tcrypt.params.mode; + + if (isBITLK(cd->type)) + return cd->u.bitlk.params.cipher_mode; + + if (!cd->type && !_init_by_name_crypt_none(cd)) + return cd->u.none.cipher_mode; + + return NULL; +} + +/* INTERNAL only */ +const char *crypt_get_integrity(struct crypt_device *cd) +{ + if (isINTEGRITY(cd->type)) + return cd->u.integrity.params.integrity; + + if (isLUKS2(cd->type)) + return LUKS2_get_integrity(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + + return NULL; +} + +/* INTERNAL only */ +int crypt_get_integrity_key_size(struct crypt_device *cd) +{ + if (isINTEGRITY(cd->type)) + return INTEGRITY_key_size(cd, crypt_get_integrity(cd)); + + if (isLUKS2(cd->type)) + return INTEGRITY_key_size(cd, crypt_get_integrity(cd)); + + return 0; +} + +/* INTERNAL only */ +int crypt_get_integrity_tag_size(struct crypt_device *cd) +{ + if (isINTEGRITY(cd->type)) + return cd->u.integrity.params.tag_size; + + if (isLUKS2(cd->type)) + return INTEGRITY_tag_size(cd, crypt_get_integrity(cd), + crypt_get_cipher(cd), + crypt_get_cipher_mode(cd)); + return 0; +} + +int crypt_get_sector_size(struct crypt_device *cd) +{ + if (!cd) + return SECTOR_SIZE; + + if (isPLAIN(cd->type)) + return cd->u.plain.hdr.sector_size; + + if (isINTEGRITY(cd->type)) + return cd->u.integrity.params.sector_size; + + if (isLUKS2(cd->type)) + return LUKS2_get_sector_size(&cd->u.luks2.hdr); + + return SECTOR_SIZE; +} + +const char *crypt_get_uuid(struct crypt_device *cd) +{ + if (!cd) + return NULL; + + if (isLUKS1(cd->type)) + return cd->u.luks1.hdr.uuid; + + if (isLUKS2(cd->type)) + return cd->u.luks2.hdr.uuid; + + if (isVERITY(cd->type)) + return cd->u.verity.uuid; + + if (isBITLK(cd->type)) + return cd->u.bitlk.params.guid; + + return NULL; +} + +const char *crypt_get_device_name(struct crypt_device *cd) +{ + const char *path; + + if (!cd) + return NULL; + + path = device_block_path(cd->device); + if (!path) + path = device_path(cd->device); + + return path; +} + +const char *crypt_get_metadata_device_name(struct crypt_device *cd) +{ + const char *path; + + if (!cd || !cd->metadata_device) + return NULL; + + path = device_block_path(cd->metadata_device); + if (!path) + path = device_path(cd->metadata_device); + + return path; +} + +int crypt_get_volume_key_size(struct crypt_device *cd) +{ + int r; + + if (!cd) + return 0; + + if (isPLAIN(cd->type)) + return cd->u.plain.key_size; + + if (isLUKS1(cd->type)) + return cd->u.luks1.hdr.keyBytes; + + if (isLUKS2(cd->type)) { + r = LUKS2_get_volume_key_size(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + if (r < 0 && cd->volume_key) + r = cd->volume_key->keylength; + return r < 0 ? 0 : r; + } + + if (isLOOPAES(cd->type)) + return cd->u.loopaes.key_size; + + if (isVERITY(cd->type)) + return cd->u.verity.root_hash_size; + + if (isTCRYPT(cd->type)) + return cd->u.tcrypt.params.key_size; + + if (isBITLK(cd->type)) + return cd->u.bitlk.params.key_size / 8; + + if (!cd->type && !_init_by_name_crypt_none(cd)) + return cd->u.none.key_size; + + return 0; +} + +int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot) +{ + if (!cd || !isLUKS(cd->type)) + return -EINVAL; + + if (keyslot < 0 || keyslot >= crypt_keyslot_max(cd->type)) + return -EINVAL; + + if (isLUKS1(cd->type)) + return cd->u.luks1.hdr.keyBytes; + + if (isLUKS2(cd->type)) + return LUKS2_get_keyslot_stored_key_size(&cd->u.luks2.hdr, keyslot); + + return -EINVAL; +} + +int crypt_keyslot_set_encryption(struct crypt_device *cd, + const char *cipher, + size_t key_size) +{ + char *tmp; + + if (!cd || !cipher || ! key_size || !isLUKS2(cd->type)) + return -EINVAL; + + if (LUKS2_keyslot_cipher_incompatible(cd, cipher)) + return -EINVAL; + + tmp = strdup(cipher); + free(cd->u.luks2.keyslot_cipher); + cd->u.luks2.keyslot_cipher = tmp; + if (!cd->u.luks2.keyslot_cipher) + return -ENOMEM; + cd->u.luks2.keyslot_key_size = key_size; + + return 0; +} + +const char *crypt_keyslot_get_encryption(struct crypt_device *cd, int keyslot, size_t *key_size) +{ + const char *cipher; + + if (!cd || !isLUKS(cd->type) || !key_size) + return NULL; + + if (isLUKS1(cd->type)) { + if (keyslot != CRYPT_ANY_SLOT && + LUKS_keyslot_info(&cd->u.luks1.hdr, keyslot) < CRYPT_SLOT_ACTIVE) + return NULL; + *key_size = crypt_get_volume_key_size(cd); + return cd->u.luks1.cipher_spec; + } + + if (keyslot != CRYPT_ANY_SLOT) + return LUKS2_get_keyslot_cipher(&cd->u.luks2.hdr, keyslot, key_size); + + /* Keyslot encryption was set through crypt_keyslot_set_encryption() */ + if (cd->u.luks2.keyslot_cipher) { + *key_size = cd->u.luks2.keyslot_key_size; + return cd->u.luks2.keyslot_cipher; + } + + /* Try to reuse volume encryption parameters */ + cipher = LUKS2_get_cipher(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + if (!LUKS2_keyslot_cipher_incompatible(cd, cipher)) { + *key_size = crypt_get_volume_key_size(cd); + if (*key_size) + return cipher; + } + + /* Fallback to default LUKS2 keyslot encryption */ + *key_size = DEFAULT_LUKS2_KEYSLOT_KEYBITS / 8; + return DEFAULT_LUKS2_KEYSLOT_CIPHER; +} + +int crypt_keyslot_get_pbkdf(struct crypt_device *cd, int keyslot, struct crypt_pbkdf_type *pbkdf) +{ + if (!cd || !pbkdf || keyslot == CRYPT_ANY_SLOT) + return -EINVAL; + + if (isLUKS1(cd->type)) + return LUKS_keyslot_pbkdf(&cd->u.luks1.hdr, keyslot, pbkdf); + else if (isLUKS2(cd->type)) + return LUKS2_keyslot_pbkdf(&cd->u.luks2.hdr, keyslot, pbkdf); + + return -EINVAL; +} + +int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset) +{ + if (!cd) + return -EINVAL; + if (data_offset % (MAX_SECTOR_SIZE >> SECTOR_SHIFT)) { + log_err(cd, _("Data offset is not multiple of %u bytes."), MAX_SECTOR_SIZE); + return -EINVAL; + } + + cd->data_offset = data_offset; + log_dbg(cd, "Data offset set to %" PRIu64 " (512-byte) sectors.", data_offset); + + return 0; +} + +int crypt_set_metadata_size(struct crypt_device *cd, + uint64_t metadata_size, + uint64_t keyslots_size) +{ + if (!cd) + return -EINVAL; + + if (cd->type && !isLUKS2(cd->type)) + return -EINVAL; + + if (metadata_size && LUKS2_check_metadata_area_size(metadata_size)) + return -EINVAL; + + if (keyslots_size && LUKS2_check_keyslots_area_size(keyslots_size)) + return -EINVAL; + + cd->metadata_size = metadata_size; + cd->keyslots_size = keyslots_size; + + return 0; +} + +int crypt_get_metadata_size(struct crypt_device *cd, + uint64_t *metadata_size, + uint64_t *keyslots_size) +{ + uint64_t msize, ksize; + + if (!cd) + return -EINVAL; + + if (!cd->type) { + msize = cd->metadata_size; + ksize = cd->keyslots_size; + } else if (isLUKS1(cd->type)) { + msize = LUKS_ALIGN_KEYSLOTS; + ksize = LUKS_device_sectors(&cd->u.luks1.hdr) * SECTOR_SIZE - msize; + } else if (isLUKS2(cd->type)) { + msize = LUKS2_metadata_size(cd->u.luks2.hdr.jobj); + ksize = LUKS2_keyslots_size(cd->u.luks2.hdr.jobj); } else - log_err(cd, _("Device type is not properly initialised.\n")); + return -EINVAL; + + if (metadata_size) + *metadata_size = msize; + if (keyslots_size) + *keyslots_size = ksize; + + return 0; +} + +uint64_t crypt_get_data_offset(struct crypt_device *cd) +{ + if (!cd) + return 0; + + if (isPLAIN(cd->type)) + return cd->u.plain.hdr.offset; + + if (isLUKS1(cd->type)) + return cd->u.luks1.hdr.payloadOffset; + + if (isLUKS2(cd->type)) + return LUKS2_get_data_offset(&cd->u.luks2.hdr); + + if (isLOOPAES(cd->type)) + return cd->u.loopaes.hdr.offset; + + if (isTCRYPT(cd->type)) + return TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + + if (isBITLK(cd->type)) + return cd->u.bitlk.params.volume_header_size / SECTOR_SIZE; + + return cd->data_offset; +} + +uint64_t crypt_get_iv_offset(struct crypt_device *cd) +{ + if (!cd) + return 0; + + if (isPLAIN(cd->type)) + return cd->u.plain.hdr.skip; + + if (isLOOPAES(cd->type)) + return cd->u.loopaes.hdr.skip; + + if (isTCRYPT(cd->type)) + return TCRYPT_get_iv_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + + return 0; +} + +crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot) +{ + if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED) < 0) + return CRYPT_SLOT_INVALID; + + if (isLUKS1(cd->type)) + return LUKS_keyslot_info(&cd->u.luks1.hdr, keyslot); + else if(isLUKS2(cd->type)) + return LUKS2_keyslot_info(&cd->u.luks2.hdr, keyslot); + + return CRYPT_SLOT_INVALID; +} + +int crypt_keyslot_max(const char *type) +{ + if (type && isLUKS1(type)) + return LUKS_NUMKEYS; + + if (type && isLUKS2(type)) + return LUKS2_KEYSLOTS_MAX; + + return -EINVAL; +} + +int crypt_keyslot_area(struct crypt_device *cd, + int keyslot, + uint64_t *offset, + uint64_t *length) +{ + if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED) || !offset || !length) + return -EINVAL; + + if (isLUKS2(cd->type)) + return LUKS2_keyslot_area(&cd->u.luks2.hdr, keyslot, offset, length); + + return LUKS_keyslot_area(&cd->u.luks1.hdr, keyslot, offset, length); +} + +crypt_keyslot_priority crypt_keyslot_get_priority(struct crypt_device *cd, int keyslot) +{ + if (_onlyLUKS(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED)) + return CRYPT_SLOT_PRIORITY_INVALID; + + if (keyslot < 0 || keyslot >= crypt_keyslot_max(cd->type)) + return CRYPT_SLOT_PRIORITY_INVALID; + + if (isLUKS2(cd->type)) + return LUKS2_keyslot_priority_get(cd, &cd->u.luks2.hdr, keyslot); + + return CRYPT_SLOT_PRIORITY_NORMAL; +} + +int crypt_keyslot_set_priority(struct crypt_device *cd, int keyslot, crypt_keyslot_priority priority) +{ + int r; + + log_dbg(cd, "Setting keyslot %d to priority %d.", keyslot, priority); - crypt_free_volume_key(vk); + if (priority == CRYPT_SLOT_PRIORITY_INVALID) + return -EINVAL; - return r; + if (keyslot < 0 || keyslot >= crypt_keyslot_max(cd->type)) + return -EINVAL; + + if ((r = onlyLUKS2(cd))) + return r; + + return LUKS2_keyslot_priority_set(cd, &cd->u.luks2.hdr, keyslot, priority, 1); } -int crypt_deactivate(struct crypt_device *cd, const char *name) +const char *crypt_get_type(struct crypt_device *cd) { - struct crypt_device *fake_cd = NULL; - int r; + return cd ? cd->type : NULL; +} - if (!name) +const char *crypt_get_default_type(void) +{ + return DEFAULT_LUKS_FORMAT; +} + +int crypt_get_verity_info(struct crypt_device *cd, + struct crypt_params_verity *vp) +{ + if (!cd || !isVERITY(cd->type) || !vp) return -EINVAL; - log_dbg("Deactivating volume %s.", name); + vp->data_device = device_path(cd->device); + vp->hash_device = mdata_device_path(cd); + vp->fec_device = device_path(cd->u.verity.fec_device); + vp->fec_area_offset = cd->u.verity.hdr.fec_area_offset; + vp->fec_roots = cd->u.verity.hdr.fec_roots; + vp->hash_name = cd->u.verity.hdr.hash_name; + vp->salt = cd->u.verity.hdr.salt; + vp->salt_size = cd->u.verity.hdr.salt_size; + vp->data_block_size = cd->u.verity.hdr.data_block_size; + vp->hash_block_size = cd->u.verity.hdr.hash_block_size; + vp->data_size = cd->u.verity.hdr.data_size; + vp->hash_area_offset = cd->u.verity.hdr.hash_area_offset; + vp->hash_type = cd->u.verity.hdr.hash_type; + vp->flags = cd->u.verity.hdr.flags & (CRYPT_VERITY_NO_HEADER | CRYPT_VERITY_ROOT_HASH_SIGNATURE); + return 0; +} - if (!cd) { - r = crypt_init_by_name(&fake_cd, name); - if (r < 0) - return r; - cd = fake_cd; - } +int crypt_get_integrity_info(struct crypt_device *cd, + struct crypt_params_integrity *ip) +{ + if (!cd || !ip) + return -EINVAL; - switch (crypt_status(cd, name)) { - case CRYPT_ACTIVE: - case CRYPT_BUSY: - if (isTCRYPT(cd->type)) - r = TCRYPT_deactivate(cd, name); - else - r = dm_remove_device(cd, name, 0, 0); - if (r < 0 && crypt_status(cd, name) == CRYPT_BUSY) { - log_err(cd, _("Device %s is still in use.\n"), name); - r = -EBUSY; - } - break; - case CRYPT_INACTIVE: - log_err(cd, _("Device %s is not active.\n"), name); - r = -ENODEV; - break; - default: - log_err(cd, _("Invalid device %s.\n"), name); - r = -EINVAL; + if (isINTEGRITY(cd->type)) { + ip->journal_size = cd->u.integrity.params.journal_size; + ip->journal_watermark = cd->u.integrity.params.journal_watermark; + ip->journal_commit_time = cd->u.integrity.params.journal_commit_time; + ip->interleave_sectors = cd->u.integrity.params.interleave_sectors; + ip->tag_size = cd->u.integrity.params.tag_size; + ip->sector_size = cd->u.integrity.params.sector_size; + ip->buffer_sectors = cd->u.integrity.params.buffer_sectors; + + ip->integrity = cd->u.integrity.params.integrity; + ip->integrity_key_size = crypt_get_integrity_key_size(cd); + + ip->journal_integrity = cd->u.integrity.params.journal_integrity; + ip->journal_integrity_key_size = cd->u.integrity.params.journal_integrity_key_size; + ip->journal_integrity_key = NULL; + + ip->journal_crypt = cd->u.integrity.params.journal_crypt; + ip->journal_crypt_key_size = cd->u.integrity.params.journal_crypt_key_size; + ip->journal_crypt_key = NULL; + return 0; + } else if (isLUKS2(cd->type)) { + ip->journal_size = 0; // FIXME + ip->journal_watermark = 0; // FIXME + ip->journal_commit_time = 0; // FIXME + ip->interleave_sectors = 0; // FIXME + ip->sector_size = crypt_get_sector_size(cd); + ip->buffer_sectors = 0; // FIXME + + ip->integrity = LUKS2_get_integrity(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT); + ip->integrity_key_size = crypt_get_integrity_key_size(cd); + ip->tag_size = INTEGRITY_tag_size(cd, ip->integrity, crypt_get_cipher(cd), crypt_get_cipher_mode(cd)); + + ip->journal_integrity = NULL; + ip->journal_integrity_key_size = 0; + ip->journal_integrity_key = NULL; + + ip->journal_crypt = NULL; + ip->journal_crypt_key_size = 0; + ip->journal_crypt_key = NULL; + return 0; } - crypt_free(fake_cd); - - return r; + return -ENOTSUP; } -int crypt_volume_key_get(struct crypt_device *cd, - int keyslot, - char *volume_key, - size_t *volume_key_size, - const char *passphrase, - size_t passphrase_size) +int crypt_convert(struct crypt_device *cd, + const char *type, + void *params) { - struct volume_key *vk = NULL; - unsigned key_len; - int r = -EINVAL; + struct luks_phdr hdr1; + struct luks2_hdr hdr2; + int r; - if (crypt_fips_mode()) { - log_err(cd, _("Function not available in FIPS mode.\n")); - return -EACCES; - } + if (!type) + return -EINVAL; - key_len = crypt_get_volume_key_size(cd); - if (key_len > *volume_key_size) { - log_err(cd, _("Volume key buffer too small.\n")); - return -ENOMEM; - } + log_dbg(cd, "Converting LUKS device to type %s", type); - if (isPLAIN(cd->type) && cd->u.plain.hdr.hash) { - r = process_key(cd, cd->u.plain.hdr.hash, key_len, - passphrase, passphrase_size, &vk); - if (r < 0) - log_err(cd, _("Cannot retrieve volume key for plain device.\n")); - } else if (isLUKS(cd->type)) { - r = LUKS_open_key_with_hdr(keyslot, passphrase, - passphrase_size, &cd->u.luks1.hdr, &vk, cd); - } else if (isTCRYPT(cd->type)) { - r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk); - } else - log_err(cd, _("This operation is not supported for %s crypt device.\n"), cd->type ?: "(none)"); + if ((r = onlyLUKS(cd))) + return r; - if (r >= 0) { - memcpy(volume_key, vk->key, vk->keylength); - *volume_key_size = vk->keylength; + if (isLUKS1(cd->type) && isLUKS2(type)) + r = LUKS2_luks1_to_luks2(cd, &cd->u.luks1.hdr, &hdr2); + else if (isLUKS2(cd->type) && isLUKS1(type)) + r = LUKS2_luks2_to_luks1(cd, &cd->u.luks2.hdr, &hdr1); + else + return -EINVAL; + + if (r < 0) { + /* in-memory header may be invalid after failed conversion */ + _luks2_reload(cd); + if (r == -EBUSY) + log_err(cd, _("Cannot convert device %s which is still in use."), mdata_device_path(cd)); + return r; } - crypt_free_volume_key(vk); - return r; + crypt_free_type(cd); + + return crypt_load(cd, type, params); } -int crypt_volume_key_verify(struct crypt_device *cd, - const char *volume_key, - size_t volume_key_size) +/* Internal access function to header pointer */ +void *crypt_get_hdr(struct crypt_device *cd, const char *type) { - struct volume_key *vk; - int r; + /* If requested type differs, ignore it */ + if (strcmp(cd->type, type)) + return NULL; - r = onlyLUKS(cd); - if (r < 0) - return r; + if (isPLAIN(cd->type)) + return &cd->u.plain; - vk = crypt_alloc_volume_key(volume_key_size, volume_key); - if (!vk) - return -ENOMEM; + if (isLUKS1(cd->type)) + return &cd->u.luks1.hdr; - r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk); + if (isLUKS2(cd->type)) + return &cd->u.luks2.hdr; - if (r == -EPERM) - log_err(cd, _("Volume key does not match the volume.\n")); + if (isLOOPAES(cd->type)) + return &cd->u.loopaes; - crypt_free_volume_key(vk); + if (isVERITY(cd->type)) + return &cd->u.verity; - return r; + if (isTCRYPT(cd->type)) + return &cd->u.tcrypt; + + return NULL; } -void crypt_set_timeout(struct crypt_device *cd, uint64_t timeout_sec) +/* internal only */ +struct luks2_reenc_context *crypt_get_reenc_context(struct crypt_device *cd) { - log_dbg("Timeout set to %" PRIu64 " miliseconds.", timeout_sec); - cd->timeout = timeout_sec; + return cd->u.luks2.rh; } -void crypt_set_password_retry(struct crypt_device *cd, int tries) +/* internal only */ +void crypt_set_reenc_context(struct crypt_device *cd, struct luks2_reenc_context *rh) { - log_dbg("Password retry count set to %d.", tries); - cd->tries = tries; + cd->u.luks2.rh = rh; } -void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms) +/* + * Token handling + */ +int crypt_activate_by_token(struct crypt_device *cd, + const char *name, int token, void *usrptr, uint32_t flags) { - log_dbg("Iteration time set to %" PRIu64 " miliseconds.", iteration_time_ms); - cd->iteration_time = iteration_time_ms; + int r; + + log_dbg(cd, "%s volume %s using token %d.", + name ? "Activating" : "Checking", name ?: "passphrase", token); + + if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0))) + return r; + + if ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd)) + return -EINVAL; + + if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name) + return -EINVAL; + + if (token == CRYPT_ANY_TOKEN) + return LUKS2_token_open_and_activate_any(cd, &cd->u.luks2.hdr, name, flags); + + return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, flags, usrptr); } -void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms) + +int crypt_token_json_get(struct crypt_device *cd, int token, const char **json) { - crypt_set_iteration_time(cd, iteration_time_ms); + int r; + + if (!json) + return -EINVAL; + + log_dbg(cd, "Requesting JSON for token %d.", token); + + if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0))) + return r; + + return LUKS2_token_json_get(cd, &cd->u.luks2.hdr, token, json) ?: token; } -void crypt_set_password_verify(struct crypt_device *cd, int password_verify) +int crypt_token_json_set(struct crypt_device *cd, int token, const char *json) { - log_dbg("Password verification %s.", password_verify ? "enabled" : "disabled"); - cd->password_verify = password_verify ? 1 : 0; + int r; + + log_dbg(cd, "Updating JSON for token %d.", token); + + if ((r = onlyLUKS2(cd))) + return r; + + return LUKS2_token_create(cd, &cd->u.luks2.hdr, token, json, 1); } -void crypt_set_rng_type(struct crypt_device *cd, int rng_type) +crypt_token_info crypt_token_status(struct crypt_device *cd, int token, const char **type) { - switch (rng_type) { - case CRYPT_RNG_URANDOM: - case CRYPT_RNG_RANDOM: - log_dbg("RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom"); - cd->rng_type = rng_type; - } + if (_onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0)) + return CRYPT_TOKEN_INVALID; + + return LUKS2_token_status(cd, &cd->u.luks2.hdr, token, type); } -int crypt_get_rng_type(struct crypt_device *cd) +int crypt_token_luks2_keyring_get(struct crypt_device *cd, + int token, + struct crypt_token_params_luks2_keyring *params) { - if (!cd) + crypt_token_info token_info; + const char *type; + int r; + + if (!params) return -EINVAL; - return cd->rng_type; -} + log_dbg(cd, "Requesting LUKS2 keyring token %d.", token); -int crypt_memory_lock(struct crypt_device *cd, int lock) -{ - return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd); + if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0))) + return r; + + token_info = LUKS2_token_status(cd, &cd->u.luks2.hdr, token, &type); + switch (token_info) { + case CRYPT_TOKEN_INVALID: + log_dbg(cd, "Token %d is invalid.", token); + return -EINVAL; + case CRYPT_TOKEN_INACTIVE: + log_dbg(cd, "Token %d is inactive.", token); + return -EINVAL; + case CRYPT_TOKEN_INTERNAL: + if (!strcmp(type, LUKS2_TOKEN_KEYRING)) + break; + /* Fall through */ + case CRYPT_TOKEN_INTERNAL_UNKNOWN: + case CRYPT_TOKEN_EXTERNAL: + case CRYPT_TOKEN_EXTERNAL_UNKNOWN: + log_dbg(cd, "Token %d has unexpected type %s.", token, type); + return -EINVAL; + } + + return LUKS2_builtin_token_get(cd, &cd->u.luks2.hdr, token, LUKS2_TOKEN_KEYRING, params); } -// reporting -crypt_status_info crypt_status(struct crypt_device *cd, const char *name) +int crypt_token_luks2_keyring_set(struct crypt_device *cd, + int token, + const struct crypt_token_params_luks2_keyring *params) { int r; - if (!cd) - dm_backend_init(); + if (!params) + return -EINVAL; - r = dm_status_device(cd, name); + log_dbg(cd, "Creating new LUKS2 keyring token (%d).", token); - if (!cd) - dm_backend_exit(); + if ((r = onlyLUKS2(cd))) + return r; - if (r < 0 && r != -ENODEV) - return CRYPT_INVALID; + return LUKS2_builtin_token_create(cd, &cd->u.luks2.hdr, token, LUKS2_TOKEN_KEYRING, params, 1); +} - if (r == 0) - return CRYPT_ACTIVE; +int crypt_token_assign_keyslot(struct crypt_device *cd, int token, int keyslot) +{ + int r; - if (r > 0) - return CRYPT_BUSY; + if ((r = onlyLUKS2(cd))) + return r; - return CRYPT_INACTIVE; + return LUKS2_token_assign(cd, &cd->u.luks2.hdr, keyslot, token, 1, 1); } -static void hexprint(struct crypt_device *cd, const char *d, int n, const char *sep) +int crypt_token_unassign_keyslot(struct crypt_device *cd, int token, int keyslot) { - int i; - for(i = 0; i < n; i++) - log_std(cd, "%02hhx%s", (const char)d[i], sep); + int r; + + if ((r = onlyLUKS2(cd))) + return r; + + return LUKS2_token_assign(cd, &cd->u.luks2.hdr, keyslot, token, 0, 1); } -static int _luks_dump(struct crypt_device *cd) +int crypt_token_is_assigned(struct crypt_device *cd, int token, int keyslot) { - int i; + int r; - log_std(cd, "LUKS header information for %s\n\n", mdata_device_path(cd)); - log_std(cd, "Version: \t%" PRIu16 "\n", cd->u.luks1.hdr.version); - log_std(cd, "Cipher name: \t%s\n", cd->u.luks1.hdr.cipherName); - log_std(cd, "Cipher mode: \t%s\n", cd->u.luks1.hdr.cipherMode); - log_std(cd, "Hash spec: \t%s\n", cd->u.luks1.hdr.hashSpec); - log_std(cd, "Payload offset:\t%" PRIu32 "\n", cd->u.luks1.hdr.payloadOffset); - log_std(cd, "MK bits: \t%" PRIu32 "\n", cd->u.luks1.hdr.keyBytes * 8); - log_std(cd, "MK digest: \t"); - hexprint(cd, cd->u.luks1.hdr.mkDigest, LUKS_DIGESTSIZE, " "); - log_std(cd, "\n"); - log_std(cd, "MK salt: \t"); - hexprint(cd, cd->u.luks1.hdr.mkDigestSalt, LUKS_SALTSIZE/2, " "); - log_std(cd, "\n \t"); - hexprint(cd, cd->u.luks1.hdr.mkDigestSalt+LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " "); - log_std(cd, "\n"); - log_std(cd, "MK iterations: \t%" PRIu32 "\n", cd->u.luks1.hdr.mkDigestIterations); - log_std(cd, "UUID: \t%s\n\n", cd->u.luks1.hdr.uuid); - for(i = 0; i < LUKS_NUMKEYS; i++) { - if(cd->u.luks1.hdr.keyblock[i].active == LUKS_KEY_ENABLED) { - log_std(cd, "Key Slot %d: ENABLED\n",i); - log_std(cd, "\tIterations: \t%" PRIu32 "\n", - cd->u.luks1.hdr.keyblock[i].passwordIterations); - log_std(cd, "\tSalt: \t"); - hexprint(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt, - LUKS_SALTSIZE/2, " "); - log_std(cd, "\n\t \t"); - hexprint(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt + - LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " "); - log_std(cd, "\n"); + if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0))) + return r; - log_std(cd, "\tKey material offset:\t%" PRIu32 "\n", - cd->u.luks1.hdr.keyblock[i].keyMaterialOffset); - log_std(cd, "\tAF stripes: \t%" PRIu32 "\n", - cd->u.luks1.hdr.keyblock[i].stripes); - } - else - log_std(cd, "Key Slot %d: DISABLED\n", i); - } - return 0; + return LUKS2_token_is_assigned(cd, &cd->u.luks2.hdr, keyslot, token); } -static int _verity_dump(struct crypt_device *cd) +/* Internal only */ +int crypt_metadata_locking_enabled(void) { - log_std(cd, "VERITY header information for %s\n", mdata_device_path(cd)); - log_std(cd, "UUID: \t%s\n", cd->u.verity.uuid ?: ""); - log_std(cd, "Hash type: \t%u\n", cd->u.verity.hdr.hash_type); - log_std(cd, "Data blocks: \t%" PRIu64 "\n", cd->u.verity.hdr.data_size); - log_std(cd, "Data block size: \t%u\n", cd->u.verity.hdr.data_block_size); - log_std(cd, "Hash block size: \t%u\n", cd->u.verity.hdr.hash_block_size); - log_std(cd, "Hash algorithm: \t%s\n", cd->u.verity.hdr.hash_name); - log_std(cd, "Salt: \t"); - if (cd->u.verity.hdr.salt_size) - hexprint(cd, cd->u.verity.hdr.salt, cd->u.verity.hdr.salt_size, ""); - else - log_std(cd, "-"); - log_std(cd, "\n"); - if (cd->u.verity.root_hash) { - log_std(cd, "Root hash: \t"); - hexprint(cd, cd->u.verity.root_hash, cd->u.verity.root_hash_size, ""); - log_std(cd, "\n"); - } + return _metadata_locking; +} + +int crypt_metadata_locking(struct crypt_device *cd, int enable) +{ + if (enable && !_metadata_locking) + return -EPERM; + + _metadata_locking = enable ? 1 : 0; return 0; } -int crypt_dump(struct crypt_device *cd) +int crypt_persistent_flags_set(struct crypt_device *cd, crypt_flags_type type, uint32_t flags) { - if (isLUKS(cd->type)) - return _luks_dump(cd); - else if (isVERITY(cd->type)) - return _verity_dump(cd); - else if (isTCRYPT(cd->type)) - return TCRYPT_dump(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + int r; + + if ((r = onlyLUKS2(cd))) + return r; + + if (type == CRYPT_FLAGS_ACTIVATION) + return LUKS2_config_set_flags(cd, &cd->u.luks2.hdr, flags); + + if (type == CRYPT_FLAGS_REQUIREMENTS) + return LUKS2_config_set_requirements(cd, &cd->u.luks2.hdr, flags, true); - log_err(cd, _("Dump operation is not supported for this device type.\n")); return -EINVAL; } - -static int _init_by_name_crypt_none(struct crypt_device *cd) +int crypt_persistent_flags_get(struct crypt_device *cd, crypt_flags_type type, uint32_t *flags) { - struct crypt_dm_active_device dmd = {}; int r; - if (cd->type || !cd->u.none.active_name) + if (!flags) return -EINVAL; - r = dm_query_device(cd, cd->u.none.active_name, - DM_ACTIVE_CRYPT_CIPHER | - DM_ACTIVE_CRYPT_KEYSIZE, &dmd); - if (r >= 0) - r = crypt_parse_name_and_mode(dmd.u.crypt.cipher, - cd->u.none.cipher, NULL, - cd->u.none.cipher_mode); + if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0))) + return r; - if (!r) - cd->u.none.key_size = dmd.u.crypt.vk->keylength; + if (type == CRYPT_FLAGS_ACTIVATION) + return LUKS2_config_get_flags(cd, &cd->u.luks2.hdr, flags); - crypt_free_volume_key(dmd.u.crypt.vk); - free(CONST_CAST(void*)dmd.u.crypt.cipher); - return r; + if (type == CRYPT_FLAGS_REQUIREMENTS) + return LUKS2_config_get_requirements(cd, &cd->u.luks2.hdr, flags); + + return -EINVAL; } -const char *crypt_get_cipher(struct crypt_device *cd) +static int update_volume_key_segment_digest(struct crypt_device *cd, struct luks2_hdr *hdr, int digest, int commit) { - if (isPLAIN(cd->type)) - return cd->u.plain.cipher; - - if (isLUKS(cd->type)) - return cd->u.luks1.hdr.cipherName; - - if (isLOOPAES(cd->type)) - return cd->u.loopaes.cipher; - - if (isTCRYPT(cd->type)) - return cd->u.tcrypt.params.cipher; + int r; - if (!cd->type && !_init_by_name_crypt_none(cd)) - return cd->u.none.cipher; + /* Remove any assignments in memory */ + r = LUKS2_digest_segment_assign(cd, hdr, CRYPT_DEFAULT_SEGMENT, CRYPT_ANY_DIGEST, 0, 0); + if (r) + return r; - return NULL; + /* Assign it to the specific digest */ + return LUKS2_digest_segment_assign(cd, hdr, CRYPT_DEFAULT_SEGMENT, digest, 1, commit); } -const char *crypt_get_cipher_mode(struct crypt_device *cd) +static int verify_and_update_segment_digest(struct crypt_device *cd, + struct luks2_hdr *hdr, int keyslot, + const char *volume_key, size_t volume_key_size, + const char *password, size_t password_size) { - if (isPLAIN(cd->type)) - return cd->u.plain.cipher_mode; - - if (isLUKS(cd->type)) - return cd->u.luks1.hdr.cipherMode; + int digest, r; + struct volume_key *vk = NULL; - if (isLOOPAES(cd->type)) - return cd->u.loopaes.cipher_mode; + if (keyslot < 0 || (volume_key && !volume_key_size)) + return -EINVAL; - if (isTCRYPT(cd->type)) - return cd->u.tcrypt.params.mode; + if (volume_key) + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + else { + r = LUKS2_keyslot_open(cd, keyslot, CRYPT_ANY_SEGMENT, password, password_size, &vk); + if (r != keyslot) { + r = -EINVAL; + goto out; + } + } - if (!cd->type && !_init_by_name_crypt_none(cd)) - return cd->u.none.cipher_mode; + if (!vk) + return -ENOMEM; - return NULL; -} + /* check volume_key (param) digest matches keyslot digest */ + r = LUKS2_digest_verify(cd, hdr, vk, keyslot); + if (r < 0) + goto out; + digest = r; -const char *crypt_get_uuid(struct crypt_device *cd) -{ - if (isLUKS(cd->type)) - return cd->u.luks1.hdr.uuid; + /* nothing to do, volume key in keyslot is already assigned to default segment */ + r = LUKS2_digest_verify_by_segment(cd, hdr, CRYPT_DEFAULT_SEGMENT, vk); + if (r >= 0) + goto out; - if (isVERITY(cd->type)) - return cd->u.verity.uuid; + /* FIXME: check new volume key is usable with current default segment */ - return NULL; + r = update_volume_key_segment_digest(cd, &cd->u.luks2.hdr, digest, 1); + if (r) + log_err(cd, _("Failed to assign keyslot %u as the new volume key."), keyslot); +out: + crypt_free_volume_key(vk); + return r < 0 ? r : keyslot; } -const char *crypt_get_device_name(struct crypt_device *cd) + +int crypt_keyslot_add_by_key(struct crypt_device *cd, + int keyslot, + const char *volume_key, + size_t volume_key_size, + const char *passphrase, + size_t passphrase_size, + uint32_t flags) { - const char *path = device_block_path(cd->device); + int digest, r; + struct luks2_keyslot_params params; + struct volume_key *vk = NULL; - if (!path) - path = device_path(cd->device); + if (!passphrase || ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) && + (flags & CRYPT_VOLUME_KEY_SET))) + return -EINVAL; - return path; -} + log_dbg(cd, "Adding new keyslot %d with volume key %sassigned to a crypt segment.", + keyslot, flags & CRYPT_VOLUME_KEY_NO_SEGMENT ? "un" : ""); -int crypt_get_volume_key_size(struct crypt_device *cd) -{ - if (isPLAIN(cd->type)) - return cd->u.plain.key_size; + if ((r = onlyLUKS2(cd))) + return r; - if (isLUKS(cd->type)) - return cd->u.luks1.hdr.keyBytes; + /* new volume key assignment */ + if ((flags & CRYPT_VOLUME_KEY_SET) && crypt_keyslot_status(cd, keyslot) > CRYPT_SLOT_INACTIVE) + return verify_and_update_segment_digest(cd, &cd->u.luks2.hdr, + keyslot, volume_key, volume_key_size, passphrase, passphrase_size); - if (isLOOPAES(cd->type)) - return cd->u.loopaes.key_size; + r = keyslot_verify_or_find_empty(cd, &keyslot); + if (r < 0) + return r; - if (isVERITY(cd->type)) - return cd->u.verity.root_hash_size; + if (volume_key) + vk = crypt_alloc_volume_key(volume_key_size, volume_key); + else if (flags & CRYPT_VOLUME_KEY_NO_SEGMENT) + vk = crypt_generate_volume_key(cd, volume_key_size); + else if (cd->volume_key) + vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key); + else + return -EINVAL; - if (isTCRYPT(cd->type)) - return cd->u.tcrypt.params.key_size; + if (!vk) + return -ENOMEM; - if (!cd->type && !_init_by_name_crypt_none(cd)) - return cd->u.none.key_size; + /* if key matches volume key digest tear down new vk flag */ + digest = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk); + if (digest >= 0) + flags &= ~CRYPT_VOLUME_KEY_SET; - return 0; -} + /* if key matches any existing digest, do not create new digest */ + if (digest < 0 && (flags & CRYPT_VOLUME_KEY_DIGEST_REUSE)) + digest = LUKS2_digest_any_matching(cd, &cd->u.luks2.hdr, vk); -uint64_t crypt_get_data_offset(struct crypt_device *cd) -{ - if (isPLAIN(cd->type)) - return cd->u.plain.hdr.offset; + /* no segment flag or new vk flag requires new key digest */ + if (flags & (CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET)) { + if (digest < 0 || !(flags & CRYPT_VOLUME_KEY_DIGEST_REUSE)) + digest = LUKS2_digest_create(cd, "pbkdf2", &cd->u.luks2.hdr, vk); + } - if (isLUKS(cd->type)) - return cd->u.luks1.hdr.payloadOffset; + r = digest; + if (r < 0) { + log_err(cd, _("Volume key does not match the volume.")); + goto out; + } - if (isLOOPAES(cd->type)) - return cd->u.loopaes.hdr.offset; + r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms); + if (r < 0) { + log_err(cd, _("Failed to initialize default LUKS2 keyslot parameters.")); + goto out; + } - if (isTCRYPT(cd->type)) - return TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0); + if (r < 0) { + log_err(cd, _("Failed to assign keyslot %d to digest."), keyslot); + goto out; + } - return 0; + r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot, + passphrase, passphrase_size, vk, ¶ms); + + if (r >= 0 && (flags & CRYPT_VOLUME_KEY_SET)) + r = update_volume_key_segment_digest(cd, &cd->u.luks2.hdr, digest, 1); +out: + crypt_free_volume_key(vk); + if (r < 0) { + _luks2_reload(cd); + return r; + } + return keyslot; } -uint64_t crypt_get_iv_offset(struct crypt_device *cd) +/* + * Keyring handling + */ + +int crypt_use_keyring_for_vk(struct crypt_device *cd) { - if (isPLAIN(cd->type)) - return cd->u.plain.hdr.skip; + uint32_t dmc_flags; - if (isLUKS(cd->type)) + /* dm backend must be initialized */ + if (!cd || !isLUKS2(cd->type)) return 0; - if (isLOOPAES(cd->type)) - return cd->u.loopaes.hdr.skip; + if (!_vk_via_keyring || !kernel_keyring_support()) + return 0; - if (isTCRYPT(cd->type)) - return TCRYPT_get_iv_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); + if (dm_flags(cd, DM_CRYPT, &dmc_flags)) + return dmcrypt_keyring_bug() ? 0 : 1; + + return (dmc_flags & DM_KERNEL_KEYRING_SUPPORTED); +} +int crypt_volume_key_keyring(struct crypt_device *cd, int enable) +{ + _vk_via_keyring = enable ? 1 : 0; return 0; } -crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot) +/* internal only */ +int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk) { - if (onlyLUKS(cd) < 0) - return CRYPT_SLOT_INVALID; + int r; + const char *type_name = key_type_name(LOGON_KEY); + + if (!vk || !cd || !type_name) + return -EINVAL; + + if (!vk->key_description) { + log_dbg(cd, "Invalid key description"); + return -EINVAL; + } + + log_dbg(cd, "Loading key (%zu bytes, type %s) in thread keyring.", vk->keylength, type_name); + + r = keyring_add_key_in_thread_keyring(LOGON_KEY, vk->key_description, vk->key, vk->keylength); + if (r) { + log_dbg(cd, "keyring_add_key_in_thread_keyring failed (error %d)", r); + log_err(cd, _("Failed to load key in kernel keyring.")); + } else + crypt_set_key_in_keyring(cd, 1); - return LUKS_keyslot_info(&cd->u.luks1.hdr, keyslot); + return r; } -int crypt_keyslot_max(const char *type) +/* internal only */ +int crypt_key_in_keyring(struct crypt_device *cd) { - if (type && isLUKS(type)) - return LUKS_NUMKEYS; - - return -EINVAL; + return cd ? cd->key_in_keyring : 0; } -int crypt_keyslot_area(struct crypt_device *cd, - int keyslot, - uint64_t *offset, - uint64_t *length) +/* internal only */ +void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring) { - if (!isLUKS(cd->type)) - return -EINVAL; + if (!cd) + return; - return LUKS_keyslot_area(&cd->u.luks1.hdr, keyslot, offset, length); + cd->key_in_keyring = key_in_keyring; } -const char *crypt_get_type(struct crypt_device *cd) +/* internal only */ +void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype) { - return cd->type; + int r; + const char *type_name = key_type_name(ktype); + + if (!key_description || !type_name) + return; + + log_dbg(cd, "Requesting keyring %s key for revoke and unlink.", type_name); + + r = keyring_revoke_and_unlink_key(ktype, key_description); + if (r) + log_dbg(cd, "keyring_revoke_and_unlink_key failed (error %d)", r); + crypt_set_key_in_keyring(cd, 0); } -int crypt_get_verity_info(struct crypt_device *cd, - struct crypt_params_verity *vp) +/* internal only */ +void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks) { - if (!isVERITY(cd->type) || !vp) - return -EINVAL; + struct volume_key *vk = vks; - vp->data_device = device_path(cd->device); - vp->hash_device = mdata_device_path(cd); - vp->hash_name = cd->u.verity.hdr.hash_name; - vp->salt = cd->u.verity.hdr.salt; - vp->salt_size = cd->u.verity.hdr.salt_size; - vp->data_block_size = cd->u.verity.hdr.data_block_size; - vp->hash_block_size = cd->u.verity.hdr.hash_block_size; - vp->data_size = cd->u.verity.hdr.data_size; - vp->hash_area_offset = cd->u.verity.hdr.hash_area_offset; - vp->hash_type = cd->u.verity.hdr.hash_type; - vp->flags = cd->u.verity.hdr.flags & CRYPT_VERITY_NO_HEADER; - return 0; + while (vk) { + crypt_drop_keyring_key_by_description(cd, vk->key_description, LOGON_KEY); + vk = crypt_volume_key_next(vk); + } } -int crypt_get_active_device(struct crypt_device *cd, const char *name, - struct crypt_active_device *cad) +int crypt_activate_by_keyring(struct crypt_device *cd, + const char *name, + const char *key_description, + int keyslot, + uint32_t flags) { - struct crypt_dm_active_device dmd; + char *passphrase; + size_t passphrase_size; int r; - r = dm_query_device(cd, name, 0, &dmd); + if (!cd || !key_description) + return -EINVAL; + + log_dbg(cd, "%s volume %s [keyslot %d] using passphrase in keyring.", + name ? "Activating" : "Checking", name ?: "passphrase", keyslot); + + if (!kernel_keyring_support()) { + log_err(cd, _("Kernel keyring is not supported by the kernel.")); + return -EINVAL; + } + + r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH); if (r < 0) return r; - if (dmd.target != DM_CRYPT && dmd.target != DM_VERITY) - return -ENOTSUP; + r = keyring_get_passphrase(key_description, &passphrase, &passphrase_size); + if (r < 0) { + log_err(cd, _("Failed to read passphrase from keyring (error %d)."), r); + return -EINVAL; + } - if (cd && isTCRYPT(cd->type)) { - cad->offset = TCRYPT_get_data_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); - cad->iv_offset = TCRYPT_get_iv_offset(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params); - } else { - cad->offset = dmd.u.crypt.offset; - cad->iv_offset = dmd.u.crypt.iv_offset; + r = _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags); + + crypt_safe_memzero(passphrase, passphrase_size); + free(passphrase); + + return r; +} + +/* + * Workaround for serialization of parallel activation and memory-hard PBKDF + * In specific situation (systemd activation) this causes OOM killer activation. + * For now, let's provide this ugly way to serialize unlocking of devices. + */ +int crypt_serialize_lock(struct crypt_device *cd) +{ + if (!cd->memory_hard_pbkdf_lock_enabled) + return 0; + + log_dbg(cd, "Taking global memory-hard access serialization lock."); + if (crypt_write_lock(cd, "memory-hard-access", true, &cd->pbkdf_memory_hard_lock)) { + log_err(cd, _("Failed to acquire global memory-hard access serialization lock.")); + cd->pbkdf_memory_hard_lock = NULL; + return -EINVAL; } - cad->size = dmd.size; - cad->flags = dmd.flags; return 0; } + +void crypt_serialize_unlock(struct crypt_device *cd) +{ + if (!cd->memory_hard_pbkdf_lock_enabled) + return; + + crypt_unlock_internal(cd, cd->pbkdf_memory_hard_lock); + cd->pbkdf_memory_hard_lock = NULL; +} + +crypt_reencrypt_info crypt_reencrypt_status(struct crypt_device *cd, + struct crypt_params_reencrypt *params) +{ + if (!cd || !isLUKS2(cd->type)) + return CRYPT_REENCRYPT_NONE; + + if (_onlyLUKS2(cd, CRYPT_CD_QUIET, CRYPT_REQUIREMENT_ONLINE_REENCRYPT)) + return CRYPT_REENCRYPT_INVALID; + + return LUKS2_reencrypt_status(cd, params); +} + +static void __attribute__((destructor)) libcryptsetup_exit(void) +{ + crypt_backend_destroy(); + crypt_random_exit(); +} diff --git a/lib/tcrypt/Makefile.am b/lib/tcrypt/Makefile.am deleted file mode 100644 index 88bf520..0000000 --- a/lib/tcrypt/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ -moduledir = $(libdir)/cryptsetup - -noinst_LTLIBRARIES = libtcrypt.la - -libtcrypt_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ - -libtcrypt_la_SOURCES = \ - tcrypt.c \ - tcrypt.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend - diff --git a/lib/tcrypt/Makefile.in b/lib/tcrypt/Makefile.in deleted file mode 100644 index 842f637..0000000 --- a/lib/tcrypt/Makefile.in +++ /dev/null @@ -1,645 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = lib/tcrypt -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libtcrypt_la_LIBADD = -am_libtcrypt_la_OBJECTS = libtcrypt_la-tcrypt.lo -libtcrypt_la_OBJECTS = $(am_libtcrypt_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libtcrypt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtcrypt_la_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libtcrypt_la_SOURCES) -DIST_SOURCES = $(libtcrypt_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -moduledir = $(libdir)/cryptsetup -noinst_LTLIBRARIES = libtcrypt.la -libtcrypt_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ -libtcrypt_la_SOURCES = \ - tcrypt.c \ - tcrypt.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/tcrypt/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu lib/tcrypt/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libtcrypt.la: $(libtcrypt_la_OBJECTS) $(libtcrypt_la_DEPENDENCIES) $(EXTRA_libtcrypt_la_DEPENDENCIES) - $(AM_V_CCLD)$(libtcrypt_la_LINK) $(libtcrypt_la_OBJECTS) $(libtcrypt_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtcrypt_la-tcrypt.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libtcrypt_la-tcrypt.lo: tcrypt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcrypt_la_CFLAGS) $(CFLAGS) -MT libtcrypt_la-tcrypt.lo -MD -MP -MF $(DEPDIR)/libtcrypt_la-tcrypt.Tpo -c -o libtcrypt_la-tcrypt.lo `test -f 'tcrypt.c' || echo '$(srcdir)/'`tcrypt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtcrypt_la-tcrypt.Tpo $(DEPDIR)/libtcrypt_la-tcrypt.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tcrypt.c' object='libtcrypt_la-tcrypt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtcrypt_la_CFLAGS) $(CFLAGS) -c -o libtcrypt_la-tcrypt.lo `test -f 'tcrypt.c' || echo '$(srcdir)/'`tcrypt.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c index 03b11ed..859f0ed 100644 --- a/lib/tcrypt/tcrypt.c +++ b/lib/tcrypt/tcrypt.c @@ -1,8 +1,8 @@ /* * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2015, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -23,7 +23,6 @@ #include #include #include -#include #include #include "libcryptsetup.h" @@ -31,25 +30,29 @@ #include "internal.h" /* TCRYPT PBKDF variants */ -static struct { +static const struct { unsigned int legacy:1; unsigned int veracrypt:1; const char *name; const char *hash; unsigned int iterations; + uint32_t veracrypt_pim_const; + uint32_t veracrypt_pim_mult; } tcrypt_kdf[] = { - { 0, 0, "pbkdf2", "ripemd160", 2000 }, - { 0, 0, "pbkdf2", "ripemd160", 1000 }, - { 0, 0, "pbkdf2", "sha512", 1000 }, - { 0, 0, "pbkdf2", "whirlpool", 1000 }, - { 1, 0, "pbkdf2", "sha1", 2000 }, - { 0, 1, "pbkdf2", "sha512", 500000 }, - { 0, 1, "pbkdf2", "ripemd160", 655331 }, - { 0, 1, "pbkdf2", "ripemd160", 327661 }, // boot only - { 0, 1, "pbkdf2", "whirlpool", 500000 }, - { 0, 1, "pbkdf2", "sha256", 500000 }, // VeraCrypt 1.0f - { 0, 1, "pbkdf2", "sha256", 200000 }, // boot only - { 0, 0, NULL, NULL, 0 } + { 0, 0, "pbkdf2", "ripemd160", 2000, 0, 0 }, + { 0, 0, "pbkdf2", "ripemd160", 1000, 0, 0 }, + { 0, 0, "pbkdf2", "sha512", 1000, 0, 0 }, + { 0, 0, "pbkdf2", "whirlpool", 1000, 0, 0 }, + { 1, 0, "pbkdf2", "sha1", 2000, 0, 0 }, + { 0, 1, "pbkdf2", "sha512", 500000, 15000, 1000 }, + { 0, 1, "pbkdf2", "whirlpool", 500000, 15000, 1000 }, + { 0, 1, "pbkdf2", "sha256", 500000, 15000, 1000 }, // VeraCrypt 1.0f + { 0, 1, "pbkdf2", "sha256", 200000, 0, 2048 }, // boot only + { 0, 1, "pbkdf2", "ripemd160", 655331, 15000, 1000 }, + { 0, 1, "pbkdf2", "ripemd160", 327661, 0, 2048 }, // boot only + { 0, 1, "pbkdf2", "stribog512",500000, 15000, 1000 }, +// { 0, 1, "pbkdf2", "stribog512",200000, 0, 2048 }, // boot only + { 0, 0, NULL, NULL, 0, 0, 0 } }; struct tcrypt_alg { @@ -96,6 +99,26 @@ static struct tcrypt_algs tcrypt_cipher[] = { {0,2,128,"serpent-twofish","xts-plain64", {{"serpent",64,16, 0,64,0}, {"twofish",64,16,32,96,0}}}, +{0,1,64,"camellia","xts-plain64", + {{"camellia", 64,16,0,32,0}}}, +{0,1,64,"kuznyechik","xts-plain64", + {{"kuznyechik", 64,16,0,32,0}}}, +{0,2,128,"kuznyechik-camellia","xts-plain64", + {{"kuznyechik",64,16, 0,64,0}, + {"camellia", 64,16,32,96,0}}}, +{0,2,128,"twofish-kuznyechik","xts-plain64", + {{"twofish", 64,16, 0,64,0}, + {"kuznyechik",64,16,32,96,0}}}, +{0,2,128,"serpent-camellia","xts-plain64", + {{"serpent", 64,16, 0,64,0}, + {"camellia", 64,16,32,96,0}}}, +{0,2,128,"aes-kuznyechik","xts-plain64", + {{"aes", 64,16, 0,64,0}, + {"kuznyechik",64,16,32,96,0}}}, +{0,3,192,"camellia-serpent-kuznyechik","xts-plain64", + {{"camellia", 64,16, 0, 96,0}, + {"serpent", 64,16,32,128,0}, + {"kuznyechik",64,16,64,160,0}}}, /* LRW mode */ {0,1,48,"aes","lrw-benbi", @@ -178,7 +201,8 @@ static struct tcrypt_algs tcrypt_cipher[] = { {} }; -static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr, +static int TCRYPT_hdr_from_disk(struct crypt_device *cd, + struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params, int kdf_index, int cipher_index) { @@ -190,14 +214,14 @@ static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr, crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0; if (be16_to_cpu(hdr->d.version) > 3 && crc32 != be32_to_cpu(hdr->d.header_crc32)) { - log_dbg("TCRYPT header CRC32 mismatch."); + log_dbg(cd, "TCRYPT header CRC32 mismatch."); return -EINVAL; } /* Check CRC32 of keys */ crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0; if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) { - log_dbg("TCRYPT keys CRC32 mismatch."); + log_dbg(cd, "TCRYPT keys CRC32 mismatch."); return -EINVAL; } @@ -276,8 +300,8 @@ static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg, } crypt_cipher_destroy(cipher); - crypt_memzero(iv, bs); - crypt_memzero(iv_old, bs); + crypt_safe_memzero(iv, bs); + crypt_safe_memzero(iv_old, bs); return r; } @@ -314,12 +338,13 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode, { char backend_key[TCRYPT_HDR_KEY_LEN]; char iv[TCRYPT_HDR_IV_LEN] = {}; - char mode_name[MAX_CIPHER_LEN]; + char mode_name[MAX_CIPHER_LEN + 1]; struct crypt_cipher *cipher; char *c, *buf = (char*)&hdr->e; int r; /* Remove IV if present */ + mode_name[MAX_CIPHER_LEN] = '\0'; strncpy(mode_name, mode, MAX_CIPHER_LEN); c = strchr(mode_name, '-'); if (c) @@ -343,13 +368,13 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode, crypt_cipher_destroy(cipher); } - crypt_memzero(backend_key, sizeof(backend_key)); - crypt_memzero(iv, TCRYPT_HDR_IV_LEN); + crypt_safe_memzero(backend_key, sizeof(backend_key)); + crypt_safe_memzero(iv, TCRYPT_HDR_IV_LEN); return r; } /* - * For chanined ciphers and CBC mode we need "outer" decryption. + * For chained ciphers and CBC mode we need "outer" decryption. * Backend doesn't provide this, so implement it here directly using ECB. */ static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers, @@ -394,8 +419,8 @@ out: if (cipher[j]) crypt_cipher_destroy(cipher[j]); - crypt_memzero(iv, bs); - crypt_memzero(iv_old, bs); + crypt_safe_memzero(iv, bs); + crypt_safe_memzero(iv_old, bs); return r; } @@ -408,7 +433,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, for (i = 0; tcrypt_cipher[i].chain_count; i++) { if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy) continue; - log_dbg("TCRYPT: trying cipher %s-%s", + log_dbg(cd, "TCRYPT: trying cipher %s-%s", tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode); memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN); @@ -425,7 +450,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, } if (r < 0) { - log_dbg("TCRYPT: returned error %d, skipped.", r); + log_dbg(cd, "TCRYPT: returned error %d, skipped.", r); if (r == -ENOTSUP) break; r = -ENOENT; @@ -433,14 +458,14 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, } if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { - log_dbg("TCRYPT: Signature magic detected."); + log_dbg(cd, "TCRYPT: Signature magic detected."); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); r = i; break; } if ((flags & CRYPT_TCRYPT_VERA_MODES) && !strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) { - log_dbg("TCRYPT: Signature magic detected (Veracrypt)."); + log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt)."); memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN); r = i; break; @@ -448,32 +473,36 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, r = -EPERM; } - crypt_memzero(&hdr2, sizeof(hdr2)); + crypt_safe_memzero(&hdr2, sizeof(hdr2)); return r; } static int TCRYPT_pool_keyfile(struct crypt_device *cd, - unsigned char pool[TCRYPT_KEY_POOL_LEN], - const char *keyfile) + unsigned char pool[VCRYPT_KEY_POOL_LEN], + const char *keyfile, int keyfiles_pool_length) { - unsigned char data[TCRYPT_KEYFILE_LEN]; - int i, j, fd, data_size; + unsigned char *data; + int i, j, fd, data_size, r = -EIO; uint32_t crc; - log_dbg("TCRYPT: using keyfile %s.", keyfile); + log_dbg(cd, "TCRYPT: using keyfile %s.", keyfile); + + data = malloc(TCRYPT_KEYFILE_LEN); + if (!data) + return -ENOMEM; + memset(data, 0, TCRYPT_KEYFILE_LEN); fd = open(keyfile, O_RDONLY); if (fd < 0) { - log_err(cd, _("Failed to open key file.\n")); - return -EIO; + log_err(cd, _("Failed to open key file.")); + goto out; } - /* FIXME: add while */ - data_size = read(fd, data, TCRYPT_KEYFILE_LEN); + data_size = read_buffer(fd, data, TCRYPT_KEYFILE_LEN); close(fd); if (data_size < 0) { - log_err(cd, _("Error reading keyfile %s.\n"), keyfile); - return -EIO; + log_err(cd, _("Error reading keyfile %s."), keyfile); + goto out; } for (i = 0, j = 0, crc = ~0U; i < data_size; i++) { @@ -482,42 +511,54 @@ static int TCRYPT_pool_keyfile(struct crypt_device *cd, pool[j++] += (unsigned char)(crc >> 16); pool[j++] += (unsigned char)(crc >> 8); pool[j++] += (unsigned char)(crc); - j %= TCRYPT_KEY_POOL_LEN; + j %= keyfiles_pool_length; } + r = 0; +out: + crypt_safe_memzero(&crc, sizeof(crc)); + crypt_safe_memzero(data, TCRYPT_KEYFILE_LEN); + free(data); - crypt_memzero(&crc, sizeof(crc)); - crypt_memzero(data, TCRYPT_KEYFILE_LEN); - - return 0; + return r; } static int TCRYPT_init_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { - unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {}; - size_t passphrase_size; + unsigned char pwd[VCRYPT_KEY_POOL_LEN] = {}; + size_t passphrase_size, max_passphrase_size; char *key; - unsigned int i, skipped = 0; - int r = -EPERM; + unsigned int i, skipped = 0, iterations; + int r = -EPERM, keyfiles_pool_length; if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN)) return -ENOMEM; + if (params->flags & CRYPT_TCRYPT_VERA_MODES && + params->passphrase_size > TCRYPT_KEY_POOL_LEN) { + /* Really. Keyfile pool length depends on passphrase size in Veracrypt. */ + max_passphrase_size = VCRYPT_KEY_POOL_LEN; + keyfiles_pool_length = VCRYPT_KEY_POOL_LEN; + } else { + max_passphrase_size = TCRYPT_KEY_POOL_LEN; + keyfiles_pool_length = TCRYPT_KEY_POOL_LEN; + } + if (params->keyfiles_count) - passphrase_size = TCRYPT_KEY_POOL_LEN; + passphrase_size = max_passphrase_size; else passphrase_size = params->passphrase_size; - if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) { - log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"), - TCRYPT_KEY_POOL_LEN); + if (params->passphrase_size > max_passphrase_size) { + log_err(cd, _("Maximum TCRYPT passphrase length (%zu) exceeded."), + max_passphrase_size); goto out; } /* Calculate pool content from keyfiles */ for (i = 0; i < params->keyfiles_count; i++) { - r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i]); + r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i], keyfiles_pool_length); if (r < 0) goto out; } @@ -531,21 +572,30 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, continue; if (!(params->flags & CRYPT_TCRYPT_VERA_MODES) && tcrypt_kdf[i].veracrypt) continue; + if ((params->flags & CRYPT_TCRYPT_VERA_MODES) && params->veracrypt_pim) { + /* Do not try TrueCrypt modes if we have PIM value */ + if (!tcrypt_kdf[i].veracrypt) + continue; + /* adjust iterations to given PIM cmdline parameter */ + iterations = tcrypt_kdf[i].veracrypt_pim_const + + (tcrypt_kdf[i].veracrypt_pim_mult * params->veracrypt_pim); + } else + iterations = tcrypt_kdf[i].iterations; + /* Derive header key */ - log_dbg("TCRYPT: trying KDF: %s-%s-%d.", - tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations); + log_dbg(cd, "TCRYPT: trying KDF: %s-%s-%d%s.", + tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations, + params->veracrypt_pim && tcrypt_kdf[i].veracrypt ? "-PIM" : ""); r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash, (char*)pwd, passphrase_size, hdr->salt, TCRYPT_HDR_SALT_LEN, key, TCRYPT_HDR_KEY_LEN, - tcrypt_kdf[i].iterations); - if (r < 0 && crypt_hash_size(tcrypt_kdf[i].hash) < 0) { - log_verbose(cd, _("PBKDF2 hash algorithm %s not available, skipping.\n"), + iterations, 0, 0); + if (r < 0) { + log_verbose(cd, _("PBKDF2 hash algorithm %s not available, skipping."), tcrypt_kdf[i].hash); continue; } - if (r < 0) - break; /* Decrypt header */ r = TCRYPT_decrypt_hdr(cd, hdr, key, params->flags); @@ -558,29 +608,29 @@ static int TCRYPT_init_hdr(struct crypt_device *cd, } if ((r < 0 && r != -EPERM && skipped && skipped == i) || r == -ENOTSUP) { - log_err(cd, _("Required kernel crypto interface not available.\n")); + log_err(cd, _("Required kernel crypto interface not available.")); #ifdef ENABLE_AF_ALG - log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.\n")); + log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.")); #endif } if (r < 0) goto out; - r = TCRYPT_hdr_from_disk(hdr, params, i, r); + r = TCRYPT_hdr_from_disk(cd, hdr, params, i, r); if (!r) { - log_dbg("TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d" + log_dbg(cd, "TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d" ", mk_offset %" PRIu64 ", hidden_size %" PRIu64 ", volume size %" PRIu64, tcrypt_kdf[i].veracrypt ? VCRYPT_HDR_MAGIC : TCRYPT_HDR_MAGIC, (int)hdr->d.version, (int)hdr->d.version_tc, (int)hdr->d.sector_size, hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size); - log_dbg("TCRYPT: Header cipher %s-%s, key size %zu", + log_dbg(cd, "TCRYPT: Header cipher %s-%s, key size %zu", params->cipher, params->mode, params->key_size); } out: - crypt_memzero(pwd, TCRYPT_KEY_POOL_LEN); + crypt_safe_memzero(pwd, TCRYPT_KEY_POOL_LEN); if (key) - crypt_memzero(key, TCRYPT_HDR_KEY_LEN); + crypt_safe_memzero(key, TCRYPT_HDR_KEY_LEN); free(key); return r; } @@ -589,70 +639,71 @@ int TCRYPT_read_phdr(struct crypt_device *cd, struct tcrypt_phdr *hdr, struct crypt_params_tcrypt *params) { - struct device *base_device, *device = crypt_metadata_device(cd); + struct device *base_device = NULL, *device = crypt_metadata_device(cd); ssize_t hdr_size = sizeof(struct tcrypt_phdr); char *base_device_path; - int devfd = 0, r, bs; + int devfd, r; assert(sizeof(struct tcrypt_phdr) == 512); - log_dbg("Reading TCRYPT header of size %zu bytes from device %s.", + log_dbg(cd, "Reading TCRYPT header of size %zu bytes from device %s.", hdr_size, device_path(device)); - bs = device_block_size(device); - if (bs < 0) - return bs; - if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER && crypt_dev_is_partition(device_path(device))) { base_device_path = crypt_get_base_device(device_path(device)); - log_dbg("Reading TCRYPT system header from device %s.", base_device_path ?: "?"); + log_dbg(cd, "Reading TCRYPT system header from device %s.", base_device_path ?: "?"); if (!base_device_path) return -EINVAL; - r = device_alloc(&base_device, base_device_path); + r = device_alloc(cd, &base_device, base_device_path); + free(base_device_path); if (r < 0) return r; - devfd = device_open(base_device, O_RDONLY); - free(base_device_path); - device_free(base_device); + devfd = device_open(cd, base_device, O_RDONLY); } else - devfd = device_open(device, O_RDONLY); + devfd = device_open(cd, device, O_RDONLY); - if (devfd == -1) { - log_err(cd, _("Cannot open device %s.\n"), device_path(device)); + if (devfd < 0) { + device_free(cd, base_device); + log_err(cd, _("Cannot open device %s."), device_path(device)); return -EINVAL; } r = -EIO; if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) { - if (lseek(devfd, TCRYPT_HDR_SYSTEM_OFFSET, SEEK_SET) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) { + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_SYSTEM_OFFSET) == hdr_size) { r = TCRYPT_init_hdr(cd, hdr, params); } } else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) { if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) { - if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_BCK, SEEK_END) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_HIDDEN_OFFSET_BCK) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); } else { - if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_HIDDEN_OFFSET) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); - if (r && - lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_OLD, SEEK_END) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (r && read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_HIDDEN_OFFSET_OLD) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); } } else if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) { - if (lseek(devfd, TCRYPT_HDR_OFFSET_BCK, SEEK_END) >= 0 && - read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, + TCRYPT_HDR_OFFSET_BCK) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); - } else if (read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size) + } else if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), hdr, hdr_size, 0) == hdr_size) r = TCRYPT_init_hdr(cd, hdr, params); - close(devfd); + device_free(cd, base_device); if (r < 0) memset(hdr, 0, sizeof (*hdr)); return r; @@ -679,38 +730,33 @@ int TCRYPT_activate(struct crypt_device *cd, struct crypt_params_tcrypt *params, uint32_t flags) { - char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX]; + char dm_name[PATH_MAX], dm_dev_name[PATH_MAX], cipher_spec[MAX_CIPHER_LEN*2+1]; char *part_path; - struct device *device = NULL, *part_device = NULL; unsigned int i; int r; - uint32_t req_flags; + uint32_t req_flags, dmc_flags; struct tcrypt_algs *algs; enum devcheck device_check; + uint64_t offset = crypt_get_data_offset(cd); + struct volume_key *vk = NULL; + struct device *ptr_dev = crypt_data_device(cd), *device = NULL, *part_device = NULL; struct crypt_dm_active_device dmd = { - .target = DM_CRYPT, - .size = 0, - .data_device = crypt_data_device(cd), - .u.crypt = { - .cipher = cipher, - .offset = crypt_get_data_offset(cd), - .iv_offset = crypt_get_iv_offset(cd), - } + .flags = flags }; if (!hdr->d.version) { - log_dbg("TCRYPT: this function is not supported without encrypted header load."); + log_dbg(cd, "TCRYPT: this function is not supported without encrypted header load."); return -ENOTSUP; } if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) { - log_err(cd, _("Activation is not supported for %d sector size.\n"), + log_err(cd, _("Activation is not supported for %d sector size."), hdr->d.sector_size); return -ENOTSUP; } if (strstr(params->mode, "-tcrypt")) { - log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n")); + log_err(cd, _("Kernel does not support activation for this TCRYPT legacy mode.")); return -ENOTSUP; } @@ -723,6 +769,9 @@ int TCRYPT_activate(struct crypt_device *cd, if (!algs) return -EINVAL; + if (hdr->d.sector_size == 0) + return -EINVAL; + if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) dmd.size = 0; else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) @@ -731,20 +780,20 @@ int TCRYPT_activate(struct crypt_device *cd, dmd.size = hdr->d.volume_size / hdr->d.sector_size; if (dmd.flags & CRYPT_ACTIVATE_SHARED) - device_check = DEV_SHARED; + device_check = DEV_OK; else device_check = DEV_EXCL; if ((params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) && - !crypt_dev_is_partition(device_path(dmd.data_device))) { - part_path = crypt_get_partition_device(device_path(dmd.data_device), - dmd.u.crypt.offset, dmd.size); + !crypt_dev_is_partition(device_path(crypt_data_device(cd)))) { + part_path = crypt_get_partition_device(device_path(crypt_data_device(cd)), + crypt_get_data_offset(cd), dmd.size); if (part_path) { - if (!device_alloc(&part_device, part_path)) { - log_verbose(cd, _("Activating TCRYPT system encryption for partition %s.\n"), + if (!device_alloc(cd, &part_device, part_path)) { + log_verbose(cd, _("Activating TCRYPT system encryption for partition %s."), part_path); - dmd.data_device = part_device; - dmd.u.crypt.offset = 0; + ptr_dev = part_device; + offset = 0; } free(part_path); } else @@ -752,70 +801,88 @@ int TCRYPT_activate(struct crypt_device *cd, * System encryption use the whole device mapping, there can * be active partitions. */ - device_check = DEV_SHARED; + device_check = DEV_OK; } - r = device_block_adjust(cd, dmd.data_device, device_check, - dmd.u.crypt.offset, &dmd.size, &dmd.flags); + r = device_block_adjust(cd, ptr_dev, device_check, + offset, &dmd.size, &dmd.flags); if (r) - return r; + goto out; - /* Frome here, key size for every cipher must be the same */ - dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size + - algs->cipher[0].key_extra_size, NULL); - if (!dmd.u.crypt.vk) - return -ENOMEM; + /* From here, key size for every cipher must be the same */ + vk = crypt_alloc_volume_key(algs->cipher[0].key_size + + algs->cipher[0].key_extra_size, NULL); + if (!vk) { + r = -ENOMEM; + goto out; + } for (i = algs->chain_count; i > 0; i--) { if (i == 1) { - strncpy(dm_name, name, sizeof(dm_name)); + dm_name[sizeof(dm_name)-1] = '\0'; + strncpy(dm_name, name, sizeof(dm_name)-1); dmd.flags = flags; } else { snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1); dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE; } - snprintf(cipher, sizeof(cipher), "%s-%s", - algs->cipher[i-1].name, algs->mode); - TCRYPT_copy_key(&algs->cipher[i-1], algs->mode, - dmd.u.crypt.vk->key, hdr->d.keys); + vk->key, hdr->d.keys); if (algs->chain_count != i) { snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d", dm_get_dir(), name, i); - r = device_alloc(&device, dm_dev_name); + r = device_alloc(cd, &device, dm_dev_name); if (r) break; - dmd.data_device = device; - dmd.u.crypt.offset = 0; + ptr_dev = device; + offset = 0; } - log_dbg("Trying to activate TCRYPT device %s using cipher %s.", - dm_name, dmd.u.crypt.cipher); - r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0); + r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", algs->cipher[i-1].name, algs->mode); + if (r < 0 || (size_t)r >= sizeof(cipher_spec)) { + r = -ENOMEM; + break; + } - device_free(device); + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, ptr_dev, vk, + cipher_spec, crypt_get_iv_offset(cd), offset, + crypt_get_integrity(cd), + crypt_get_integrity_tag_size(cd), + crypt_get_sector_size(cd)); + if (r) + break; + + log_dbg(cd, "Trying to activate TCRYPT device %s using cipher %s.", + dm_name, dmd.segment.u.crypt.cipher); + r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd); + + dm_targets_free(cd, &dmd); + device_free(cd, device); device = NULL; if (r) break; } - if (r < 0 && !(dm_flags() & req_flags)) { - log_err(cd, _("Kernel doesn't support TCRYPT compatible mapping.\n")); + if (r < 0 && + (dm_flags(cd, DM_CRYPT, &dmc_flags) || ((dmc_flags & req_flags) != req_flags))) { + log_err(cd, _("Kernel does not support TCRYPT compatible mapping.")); r = -ENOTSUP; } - device_free(part_device); - crypt_free_volume_key(dmd.u.crypt.vk); +out: + crypt_free_volume_key(vk); + device_free(cd, device); + device_free(cd, part_device); return r; } static int TCRYPT_remove_one(struct crypt_device *cd, const char *name, - const char *base_uuid, int index) + const char *base_uuid, int index, uint32_t flags) { - struct crypt_dm_active_device dmd = {}; + struct crypt_dm_active_device dmd; char dm_name[PATH_MAX]; int r; @@ -828,15 +895,15 @@ static int TCRYPT_remove_one(struct crypt_device *cd, const char *name, r = dm_query_device(cd, dm_name, DM_ACTIVE_UUID, &dmd); if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) - r = dm_remove_device(cd, dm_name, 0, 0); + r = dm_remove_device(cd, dm_name, flags); free(CONST_CAST(void*)dmd.uuid); return r; } -int TCRYPT_deactivate(struct crypt_device *cd, const char *name) +int TCRYPT_deactivate(struct crypt_device *cd, const char *name, uint32_t flags) { - struct crypt_dm_active_device dmd = {}; + struct crypt_dm_active_device dmd; int r; r = dm_query_device(cd, name, DM_ACTIVE_UUID, &dmd); @@ -845,28 +912,28 @@ int TCRYPT_deactivate(struct crypt_device *cd, const char *name) if (!dmd.uuid) return -EINVAL; - r = dm_remove_device(cd, name, 0, 0); + r = dm_remove_device(cd, name, flags); if (r < 0) goto out; - r = TCRYPT_remove_one(cd, name, dmd.uuid, 1); + r = TCRYPT_remove_one(cd, name, dmd.uuid, 1, flags); if (r < 0) goto out; - r = TCRYPT_remove_one(cd, name, dmd.uuid, 2); - if (r < 0) - goto out; + r = TCRYPT_remove_one(cd, name, dmd.uuid, 2, flags); out: free(CONST_CAST(void*)dmd.uuid); return (r == -ENODEV) ? 0 : r; } static int TCRYPT_status_one(struct crypt_device *cd, const char *name, - const char *base_uuid, int index, - size_t *key_size, char *cipher, - uint64_t *data_offset, struct device **device) + const char *base_uuid, int index, + size_t *key_size, char *cipher, + struct tcrypt_phdr *tcrypt_hdr, + struct device **device) { - struct crypt_dm_active_device dmd = {}; + struct crypt_dm_active_device dmd; + struct dm_target *tgt = &dmd.segment; char dm_name[PATH_MAX], *c; int r; @@ -881,57 +948,63 @@ static int TCRYPT_status_one(struct crypt_device *cd, const char *name, DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_CIPHER | DM_ACTIVE_CRYPT_KEYSIZE, &dmd); - if (r > 0) - r = 0; - if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) { - if ((c = strchr(dmd.u.crypt.cipher, '-'))) + if (r < 0) + return r; + if (!single_segment(&dmd) || tgt->type != DM_CRYPT) { + r = -ENOTSUP; + goto out; + } + + r = 0; + + if (!strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) { + if ((c = strchr(tgt->u.crypt.cipher, '-'))) *c = '\0'; strcat(cipher, "-"); - strncat(cipher, dmd.u.crypt.cipher, MAX_CIPHER_LEN); - *key_size += dmd.u.crypt.vk->keylength; - *data_offset = dmd.u.crypt.offset * SECTOR_SIZE; - device_free(*device); - *device = dmd.data_device; - } else { - device_free(dmd.data_device); + strncat(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN); + *key_size += tgt->u.crypt.vk->keylength; + tcrypt_hdr->d.mk_offset = tgt->u.crypt.offset * SECTOR_SIZE; + device_free(cd, *device); + MOVE_REF(*device, tgt->data_device); + } else r = -ENODEV; - } - +out: + dm_targets_free(cd, &dmd); free(CONST_CAST(void*)dmd.uuid); - free(CONST_CAST(void*)dmd.u.crypt.cipher); - crypt_free_volume_key(dmd.u.crypt.vk); return r; } int TCRYPT_init_by_name(struct crypt_device *cd, const char *name, - const struct crypt_dm_active_device *dmd, + const char *uuid, + const struct dm_target *tgt, struct device **device, struct crypt_params_tcrypt *tcrypt_params, struct tcrypt_phdr *tcrypt_hdr) { struct tcrypt_algs *algs; - char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN], *tmp; + char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN+1], *tmp; size_t key_size; int r; memset(tcrypt_params, 0, sizeof(*tcrypt_params)); memset(tcrypt_hdr, 0, sizeof(*tcrypt_hdr)); tcrypt_hdr->d.sector_size = SECTOR_SIZE; - tcrypt_hdr->d.mk_offset = dmd->u.crypt.offset * SECTOR_SIZE; + tcrypt_hdr->d.mk_offset = tgt->u.crypt.offset * SECTOR_SIZE; - strncpy(cipher, dmd->u.crypt.cipher, MAX_CIPHER_LEN); + strncpy(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN); tmp = strchr(cipher, '-'); if (!tmp) return -EINVAL; *tmp = '\0'; + mode[MAX_CIPHER_LEN] = '\0'; strncpy(mode, ++tmp, MAX_CIPHER_LEN); - key_size = dmd->u.crypt.vk->keylength; - r = TCRYPT_status_one(cd, name, dmd->uuid, 1, &key_size, - cipher, &tcrypt_hdr->d.mk_offset, device); + key_size = tgt->u.crypt.vk->keylength; + r = TCRYPT_status_one(cd, name, uuid, 1, &key_size, + cipher, tcrypt_hdr, device); if (!r) - r = TCRYPT_status_one(cd, name, dmd->uuid, 2, &key_size, - cipher, &tcrypt_hdr->d.mk_offset, device); + r = TCRYPT_status_one(cd, name, uuid, 2, &key_size, + cipher, tcrypt_hdr, device); if (r < 0 && r != -ENODEV) return r; diff --git a/lib/tcrypt/tcrypt.h b/lib/tcrypt/tcrypt.h index 21ecba9..a3b6ad0 100644 --- a/lib/tcrypt/tcrypt.h +++ b/lib/tcrypt/tcrypt.h @@ -1,8 +1,8 @@ /* - * TCRYPT (TrueCrypt-compatible) header defitinion + * TCRYPT (TrueCrypt-compatible) header definition * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2014, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -19,11 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include "libcryptsetup.h" - #ifndef _CRYPTSETUP_TCRYPT_H #define _CRYPTSETUP_TCRYPT_H +#include + #define TCRYPT_HDR_SALT_LEN 64 #define TCRYPT_HDR_IV_LEN 16 #define TCRYPT_HDR_LEN 448 @@ -42,6 +42,7 @@ #define TCRYPT_LRW_IKEY_LEN 16 #define TCRYPT_KEY_POOL_LEN 64 +#define VCRYPT_KEY_POOL_LEN 128 #define TCRYPT_KEYFILE_LEN 1048576 #define TCRYPT_HDR_FLAG_SYSTEM (1 << 0) @@ -72,7 +73,10 @@ struct tcrypt_phdr { }; } __attribute__((__packed__)); +struct crypt_device; +struct crypt_params_tcrypt; struct crypt_dm_active_device; +struct dm_target; struct volume_key; struct device; @@ -81,7 +85,8 @@ int TCRYPT_read_phdr(struct crypt_device *cd, struct crypt_params_tcrypt *params); int TCRYPT_init_by_name(struct crypt_device *cd, const char *name, - const struct crypt_dm_active_device *dmd, + const char *uuid, + const struct dm_target *tgt, struct device **device, struct crypt_params_tcrypt *tcrypt_params, struct tcrypt_phdr *tcrypt_hdr); @@ -93,7 +98,8 @@ int TCRYPT_activate(struct crypt_device *cd, uint32_t flags); int TCRYPT_deactivate(struct crypt_device *cd, - const char *name); + const char *name, + uint32_t flags); uint64_t TCRYPT_get_data_offset(struct crypt_device *cd, struct tcrypt_phdr *hdr, diff --git a/lib/utils.c b/lib/utils.c index a5aec70..0cf4378 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1,10 +1,10 @@ /* * utils - miscellaneous device utilities for cryptsetup * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2012, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,242 +22,324 @@ */ #include -#include -#include #include #include #include +#include +#include #include "internal.h" -unsigned crypt_getpagesize(void) +size_t crypt_getpagesize(void) { long r = sysconf(_SC_PAGESIZE); - return r < 0 ? DEFAULT_MEM_ALIGNMENT : r; + return r <= 0 ? DEFAULT_MEM_ALIGNMENT : (size_t)r; } -static int get_alignment(int fd) +unsigned crypt_cpusonline(void) { - int alignment = DEFAULT_MEM_ALIGNMENT; - -#ifdef _PC_REC_XFER_ALIGN - alignment = fpathconf(fd, _PC_REC_XFER_ALIGN); - if (alignment < 0) - alignment = DEFAULT_MEM_ALIGNMENT; -#endif - return alignment; + long r = sysconf(_SC_NPROCESSORS_ONLN); + return r < 0 ? 1 : r; } -static void *aligned_malloc(void **base, int size, int alignment) +uint64_t crypt_getphysmemory_kb(void) { -#ifdef HAVE_POSIX_MEMALIGN - return posix_memalign(base, alignment, size) ? NULL : *base; -#else -/* Credits go to Michal's padlock patches for this alignment code */ - char *ptr; - - ptr = malloc(size + alignment); - if(ptr == NULL) return NULL; - - *base = ptr; - if(alignment > 1 && ((long)ptr & (alignment - 1))) { - ptr += alignment - ((long)(ptr) & (alignment - 1)); - } - return ptr; -#endif -} - -ssize_t write_blockwise(int fd, int bsize, void *orig_buf, size_t count) -{ - void *hangover_buf, *hangover_buf_base = NULL; - void *buf, *buf_base = NULL; - int r, hangover, solid, alignment; - ssize_t ret = -1; - - if (fd == -1 || !orig_buf || bsize <= 0) - return -1; + long pagesize, phys_pages; + uint64_t phys_memory_kb; - hangover = count % bsize; - solid = count - hangover; - alignment = get_alignment(fd); + pagesize = sysconf(_SC_PAGESIZE); + phys_pages = sysconf(_SC_PHYS_PAGES); - if ((long)orig_buf & (alignment - 1)) { - buf = aligned_malloc(&buf_base, count, alignment); - if (!buf) - goto out; - memcpy(buf, orig_buf, count); - } else - buf = orig_buf; + if (pagesize < 0 || phys_pages < 0) + return 0; - r = write(fd, buf, solid); - if (r < 0 || r != solid) - goto out; + phys_memory_kb = pagesize / 1024; + phys_memory_kb *= phys_pages; - if (hangover) { - hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment); - if (!hangover_buf) - goto out; + return phys_memory_kb; +} - r = read(fd, hangover_buf, bsize); - if (r < 0 || r < hangover) - goto out; +/* MEMLOCK */ +#define DEFAULT_PROCESS_PRIORITY -18 - if (r < bsize) - bsize = r; +static int _priority; +static int _memlock_count = 0; - r = lseek(fd, -bsize, SEEK_CUR); - if (r < 0) - goto out; - memcpy(hangover_buf, (char*)buf + solid, hangover); +// return 1 if memory is locked +int crypt_memlock_inc(struct crypt_device *ctx) +{ + if (!_memlock_count++) { + log_dbg(ctx, "Locking memory."); + if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) { + log_dbg(ctx, "Cannot lock memory with mlockall."); + _memlock_count--; + return 0; + } + errno = 0; + if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno) + log_err(ctx, _("Cannot get process priority.")); + else + if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY)) + log_dbg(ctx, "setpriority %d failed: %s", + DEFAULT_PROCESS_PRIORITY, strerror(errno)); + } + return _memlock_count ? 1 : 0; +} - r = write(fd, hangover_buf, bsize); - if (r < 0 || r < hangover) - goto out; +int crypt_memlock_dec(struct crypt_device *ctx) +{ + if (_memlock_count && (!--_memlock_count)) { + log_dbg(ctx, "Unlocking memory."); + if (munlockall() == -1) + log_err(ctx, _("Cannot unlock memory.")); + if (setpriority(PRIO_PROCESS, 0, _priority)) + log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno)); } - ret = count; -out: - free(hangover_buf_base); - if (buf != orig_buf) - free(buf_base); - return ret; + return _memlock_count ? 1 : 0; } -ssize_t read_blockwise(int fd, int bsize, void *orig_buf, size_t count) { - void *hangover_buf, *hangover_buf_base = NULL; - void *buf, *buf_base = NULL; - int r, hangover, solid, alignment; - ssize_t ret = -1; +/* Keyfile processing */ - if (fd == -1 || !orig_buf || bsize <= 0) +/* + * A simple call to lseek(3) might not be possible for some inputs (e.g. + * reading from a pipe), so this function instead reads of up to BUFSIZ bytes + * at a time until the specified number of bytes. It returns -1 on read error + * or when it reaches EOF before the requested number of bytes have been + * discarded. + */ +static int keyfile_seek(int fd, uint64_t bytes) +{ + char tmp[BUFSIZ]; + size_t next_read; + ssize_t bytes_r; + off64_t r; + + r = lseek64(fd, bytes, SEEK_CUR); + if (r > 0) + return 0; + if (r < 0 && errno != ESPIPE) return -1; - hangover = count % bsize; - solid = count - hangover; - alignment = get_alignment(fd); + while (bytes > 0) { + /* figure out how much to read */ + next_read = bytes > sizeof(tmp) ? sizeof(tmp) : (size_t)bytes; + + bytes_r = read(fd, tmp, next_read); + if (bytes_r < 0) { + if (errno == EINTR) + continue; - if ((long)orig_buf & (alignment - 1)) { - buf = aligned_malloc(&buf_base, count, alignment); - if (!buf) + crypt_safe_memzero(tmp, sizeof(tmp)); + /* read error */ return -1; - } else - buf = orig_buf; + } + + if (bytes_r == 0) + /* EOF */ + break; - r = read(fd, buf, solid); - if(r < 0 || r != solid) - goto out; + bytes -= bytes_r; + } - if (hangover) { - hangover_buf = aligned_malloc(&hangover_buf_base, bsize, alignment); - if (!hangover_buf) - goto out; - r = read(fd, hangover_buf, bsize); - if (r < 0 || r < hangover) - goto out; + crypt_safe_memzero(tmp, sizeof(tmp)); + return bytes == 0 ? 0 : -1; +} - memcpy((char *)buf + solid, hangover_buf, hangover); +int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile, + char **key, size_t *key_size_read, + uint64_t keyfile_offset, size_t key_size, + uint32_t flags) +{ + int fd, regular_file, char_to_read = 0, char_read = 0, unlimited_read = 0; + int r = -EINVAL, newline; + char *pass = NULL; + size_t buflen, i; + uint64_t file_read_size; + struct stat st; + + if (!key || !key_size_read) + return -EINVAL; + + *key = NULL; + *key_size_read = 0; + + fd = keyfile ? open(keyfile, O_RDONLY) : STDIN_FILENO; + if (fd < 0) { + log_err(cd, _("Failed to open key file.")); + return -EINVAL; } - ret = count; -out: - free(hangover_buf_base); - if (buf != orig_buf) { - memcpy(orig_buf, buf, count); - free(buf_base); + + if (isatty(fd)) { + log_err(cd, _("Cannot read keyfile from a terminal.")); + r = -EINVAL; + goto out_err; } - return ret; -} -/* - * Combines llseek with blockwise write. write_blockwise can already deal with short writes - * but we also need a function to deal with short writes at the start. But this information - * is implicitly included in the read/write offset, which can not be set to non-aligned - * boundaries. Hence, we combine llseek with write. - */ -ssize_t write_lseek_blockwise(int fd, int bsize, char *buf, size_t count, off_t offset) { - char *frontPadBuf; - void *frontPadBuf_base = NULL; - int r, frontHang; - size_t innerCount = 0; - ssize_t ret = -1; - - if (fd == -1 || !buf || bsize <= 0) - return -1; + /* If not requested otherwise, we limit input to prevent memory exhaustion */ + if (key_size == 0) { + key_size = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1; + unlimited_read = 1; + /* use 4k for buffer (page divisor but avoid huge pages) */ + buflen = 4096 - sizeof(size_t); // sizeof(struct safe_allocation); + } else + buflen = key_size; - frontHang = offset % bsize; + regular_file = 0; + if (keyfile) { + if (stat(keyfile, &st) < 0) { + log_err(cd, _("Failed to stat key file.")); + goto out_err; + } + if (S_ISREG(st.st_mode)) { + regular_file = 1; + file_read_size = (uint64_t)st.st_size; + + if (keyfile_offset > file_read_size) { + log_err(cd, _("Cannot seek to requested keyfile offset.")); + goto out_err; + } + file_read_size -= keyfile_offset; + + /* known keyfile size, alloc it in one step */ + if (file_read_size >= (uint64_t)key_size) + buflen = key_size; + else if (file_read_size) + buflen = file_read_size; + } + } - if (lseek(fd, offset - frontHang, SEEK_SET) < 0) - goto out; + pass = crypt_safe_alloc(buflen); + if (!pass) { + log_err(cd, _("Out of memory while reading passphrase.")); + goto out_err; + } - if (frontHang) { - frontPadBuf = aligned_malloc(&frontPadBuf_base, - bsize, get_alignment(fd)); - if (!frontPadBuf) - goto out; + /* Discard keyfile_offset bytes on input */ + if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) { + log_err(cd, _("Cannot seek to requested keyfile offset.")); + goto out_err; + } - r = read(fd, frontPadBuf, bsize); - if (r < 0 || r != bsize) - goto out; + for (i = 0, newline = 0; i < key_size; i += char_read) { + if (i == buflen) { + buflen += 4096; + pass = crypt_safe_realloc(pass, buflen); + if (!pass) { + log_err(cd, _("Out of memory while reading passphrase.")); + r = -ENOMEM; + goto out_err; + } + } - innerCount = bsize - frontHang; - if (innerCount > count) - innerCount = count; + if (flags & CRYPT_KEYFILE_STOP_EOL) { + /* If we should stop on newline, we must read the input + * one character at the time. Otherwise we might end up + * having read some bytes after the newline, which we + * promised not to do. + */ + char_to_read = 1; + } else { + /* char_to_read = min(key_size - i, buflen - i) */ + char_to_read = key_size < buflen ? + key_size - i : buflen - i; + } + char_read = read_buffer(fd, &pass[i], char_to_read); + if (char_read < 0) { + log_err(cd, _("Error reading passphrase.")); + r = -EPIPE; + goto out_err; + } - memcpy(frontPadBuf + frontHang, buf, innerCount); + if (char_read == 0) + break; + /* Stop on newline only if not requested read from keyfile */ + if ((flags & CRYPT_KEYFILE_STOP_EOL) && pass[i] == '\n') { + newline = 1; + pass[i] = '\0'; + break; + } + } - if (lseek(fd, offset - frontHang, SEEK_SET) < 0) - goto out; + /* Fail if piped input dies reading nothing */ + if (!i && !regular_file && !newline) { + log_err(cd, _("Nothing to read on input.")); + r = -EPIPE; + goto out_err; + } - r = write(fd, frontPadBuf, bsize); - if (r < 0 || r != bsize) - goto out; + /* Fail if we exceeded internal default (no specified size) */ + if (unlimited_read && i == key_size) { + log_err(cd, _("Maximum keyfile size exceeded.")); + goto out_err; + } - buf += innerCount; - count -= innerCount; + if (!unlimited_read && i != key_size) { + log_err(cd, _("Cannot read requested amount of data.")); + goto out_err; } - ret = count ? write_blockwise(fd, bsize, buf, count) : 0; - if (ret >= 0) - ret += innerCount; -out: - free(frontPadBuf_base); + *key = pass; + *key_size_read = i; + r = 0; +out_err: + if (fd != STDIN_FILENO) + close(fd); - return ret; + if (r) + crypt_safe_free(pass); + return r; } -/* MEMLOCK */ -#define DEFAULT_PROCESS_PRIORITY -18 - -static int _priority; -static int _memlock_count = 0; +int crypt_keyfile_read(struct crypt_device *cd, const char *keyfile, + char **key, size_t *key_size_read, + size_t keyfile_offset, size_t keyfile_size_max, + uint32_t flags) +{ + return crypt_keyfile_device_read(cd, keyfile, key, key_size_read, + keyfile_offset, keyfile_size_max, flags); +} -// return 1 if memory is locked -int crypt_memlock_inc(struct crypt_device *ctx) +int kernel_version(uint64_t *kversion) { - if (!_memlock_count++) { - log_dbg("Locking memory."); - if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) { - log_dbg("Cannot lock memory with mlockall."); - _memlock_count--; - return 0; - } - errno = 0; - if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno) - log_err(ctx, _("Cannot get process priority.\n")); - else - if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY)) - log_dbg("setpriority %d failed: %s", - DEFAULT_PROCESS_PRIORITY, strerror(errno)); + struct utsname uts; + uint16_t maj, min, patch, rel; + int r = -EINVAL; + + if (uname(&uts) < 0) + return r; + + if (sscanf(uts.release, "%" SCNu16 ".%" SCNu16 ".%" SCNu16 "-%" SCNu16, + &maj, &min, &patch, &rel) == 4) + r = 0; + else if (sscanf(uts.release, "%" SCNu16 ".%" SCNu16 ".%" SCNu16, + &maj, &min, &patch) == 3) { + rel = 0; + r = 0; } - return _memlock_count ? 1 : 0; + + if (!r) + *kversion = version(maj, min, patch, rel); + + return r; } -int crypt_memlock_dec(struct crypt_device *ctx) +bool crypt_string_in(const char *str, char **list, size_t list_size) { - if (_memlock_count && (!--_memlock_count)) { - log_dbg("Unlocking memory."); - if (munlockall() == -1) - log_err(ctx, _("Cannot unlock memory.\n")); - if (setpriority(PRIO_PROCESS, 0, _priority)) - log_dbg("setpriority %d failed: %s", _priority, strerror(errno)); - } - return _memlock_count ? 1 : 0; + size_t i; + + for (i = 0; *list && i < list_size; i++, list++) + if (!strcmp(str, *list)) + return true; + + return false; +} + +/* compare two strings (allows NULL values) */ +int crypt_strcmp(const char *a, const char *b) +{ + if (!a && !b) + return 0; + else if (!a || !b) + return 1; + return strcmp(a, b); } diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c index 1e4469b..f5c677a 100644 --- a/lib/utils_benchmark.c +++ b/lib/utils_benchmark.c @@ -1,8 +1,8 @@ /* - * libcryptsetup - cryptsetup library, cipher bechmark + * libcryptsetup - cryptsetup library, cipher benchmark * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2012-2013, Milan Broz + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,165 +21,9 @@ #include #include -#include #include "internal.h" -/* - * This is not simulating storage, so using disk block causes extreme overhead. - * Let's use some fixed block size where results are more reliable... - */ -#define CIPHER_BLOCK_BYTES 65536 - -/* - * If the measured value is lower, encrypted buffer is probably too small - * and calculated values are not reliable. - */ -#define CIPHER_TIME_MIN_MS 0.001 - -/* - * The whole test depends on Linux kernel usermode crypto API for now. - * (The same implementations are used in dm-crypt though.) - */ - -struct cipher_perf { - char name[32]; - char mode[32]; - char *key; - size_t key_length; - char *iv; - size_t iv_length; - size_t buffer_size; -}; - -static int time_ms(struct timespec *start, struct timespec *end, double *ms) -{ - double start_ms, end_ms; - - start_ms = start->tv_sec * 1000.0 + start->tv_nsec / (1000.0 * 1000); - end_ms = end->tv_sec * 1000.0 + end->tv_nsec / (1000.0 * 1000); - - *ms = end_ms - start_ms; - return 0; -} - -static int cipher_perf_one(struct cipher_perf *cp, char *buf, - size_t buf_size, int enc) -{ - struct crypt_cipher *cipher = NULL; - size_t done = 0, block = CIPHER_BLOCK_BYTES; - int r; - - if (buf_size < block) - block = buf_size; - - r = crypt_cipher_init(&cipher, cp->name, cp->mode, cp->key, cp->key_length); - if (r < 0) { - log_dbg("Cannot initialise cipher %s, mode %s.", cp->name, cp->mode); - return r; - } - - while (done < buf_size) { - if ((done + block) > buf_size) - block = buf_size - done; - - if (enc) - r = crypt_cipher_encrypt(cipher, &buf[done], &buf[done], - block, cp->iv, cp->iv_length); - else - r = crypt_cipher_decrypt(cipher, &buf[done], &buf[done], - block, cp->iv, cp->iv_length); - if (r < 0) - break; - - done += block; - } - - crypt_cipher_destroy(cipher); - - return r; -} -static int cipher_measure(struct cipher_perf *cp, char *buf, - size_t buf_size, int encrypt, double *ms) -{ - struct timespec start, end; - int r; - - /* - * Using getrusage would be better here but the precision - * is not adequate, so better stick with CLOCK_MONOTONIC - */ - if (clock_gettime(CLOCK_MONOTONIC, &start) < 0) - return -EINVAL; - - r = cipher_perf_one(cp, buf, buf_size, encrypt); - if (r < 0) - return r; - - if (clock_gettime(CLOCK_MONOTONIC, &end) < 0) - return -EINVAL; - - r = time_ms(&start, &end, ms); - if (r < 0) - return r; - - if (*ms < CIPHER_TIME_MIN_MS) { - log_dbg("Measured cipher runtime (%1.6f) is too low.", *ms); - return -ERANGE; - } - - return 0; -} - -static double speed_mbs(unsigned long bytes, double ms) -{ - double speed = bytes, s = ms / 1000.; - - return speed / (1024 * 1024) / s; -} - -static int cipher_perf(struct cipher_perf *cp, - double *encryption_mbs, double *decryption_mbs) -{ - double ms_enc, ms_dec, ms; - int r, repeat_enc, repeat_dec; - void *buf = NULL; - - if (posix_memalign(&buf, crypt_getpagesize(), cp->buffer_size)) - return -ENOMEM; - - ms_enc = 0.0; - repeat_enc = 1; - while (ms_enc < 1000.0) { - r = cipher_measure(cp, buf, cp->buffer_size, 1, &ms); - if (r < 0) { - free(buf); - return r; - } - ms_enc += ms; - repeat_enc++; - } - - ms_dec = 0.0; - repeat_dec = 1; - while (ms_dec < 1000.0) { - r = cipher_measure(cp, buf, cp->buffer_size, 0, &ms); - if (r < 0) { - free(buf); - return r; - } - ms_dec += ms; - repeat_dec++; - } - - free(buf); - - *encryption_mbs = speed_mbs(cp->buffer_size * repeat_enc, ms_enc); - *decryption_mbs = speed_mbs(cp->buffer_size * repeat_dec, ms_dec); - - return 0; -} - int crypt_benchmark(struct crypt_device *cd, const char *cipher, const char *cipher_mode, @@ -189,15 +33,11 @@ int crypt_benchmark(struct crypt_device *cd, double *encryption_mbs, double *decryption_mbs) { - struct cipher_perf cp = { - .key_length = volume_key_size, - .iv_length = iv_size, - .buffer_size = buffer_size, - }; - char *c; + void *buffer = NULL; + char *iv = NULL, *key = NULL, mode[MAX_CIPHER_LEN], *c; int r; - if (!cipher || !cipher_mode || !volume_key_size) + if (!cipher || !cipher_mode || !volume_key_size || !encryption_mbs || !decryption_mbs) return -EINVAL; r = init_crypto(cd); @@ -205,58 +45,171 @@ int crypt_benchmark(struct crypt_device *cd, return r; r = -ENOMEM; + if (posix_memalign(&buffer, crypt_getpagesize(), buffer_size)) + goto out; + + r = crypt_cipher_ivsize(cipher, cipher_mode); + if (r >= 0 && iv_size != (size_t)r) { + log_dbg(cd, "IV length for benchmark adjusted to %i bytes (requested %zu).", r, iv_size); + iv_size = r; + } + if (iv_size) { - cp.iv = malloc(iv_size); - if (!cp.iv) + iv = malloc(iv_size); + if (!iv) goto out; - crypt_random_get(cd, cp.iv, iv_size, CRYPT_RND_NORMAL); + crypt_random_get(cd, iv, iv_size, CRYPT_RND_NORMAL); } - cp.key = malloc(volume_key_size); - if (!cp.key) + key = malloc(volume_key_size); + if (!key) goto out; - crypt_random_get(cd, cp.key, volume_key_size, CRYPT_RND_NORMAL); - strncpy(cp.name, cipher, sizeof(cp.name)-1); - strncpy(cp.mode, cipher_mode, sizeof(cp.mode)-1); + crypt_random_get(cd, key, volume_key_size, CRYPT_RND_NORMAL); + strncpy(mode, cipher_mode, sizeof(mode)-1); /* Ignore IV generator */ - if ((c = strchr(cp.mode, '-'))) + if ((c = strchr(mode, '-'))) *c = '\0'; - r = cipher_perf(&cp, encryption_mbs, decryption_mbs); + r = crypt_cipher_perf_kernel(cipher, cipher_mode, buffer, buffer_size, key, volume_key_size, + iv, iv_size, encryption_mbs, decryption_mbs); + + if (r == -ERANGE) + log_dbg(cd, "Measured cipher runtime is too low."); + else if (r) + log_dbg(cd, "Cannot initialize cipher %s, mode %s, key size %zu, IV size %zu.", + cipher, cipher_mode, volume_key_size, iv_size); out: - free(cp.key); - free(cp.iv); + free(buffer); + free(key); + free(iv); + return r; } -int crypt_benchmark_kdf(struct crypt_device *cd, - const char *kdf, - const char *hash, +int crypt_benchmark_pbkdf(struct crypt_device *cd, + struct crypt_pbkdf_type *pbkdf, const char *password, size_t password_size, const char *salt, size_t salt_size, - uint64_t *iterations_sec) + size_t volume_key_size, + int (*progress)(uint32_t time_ms, void *usrptr), + void *usrptr) { int r; + const char *kdf_opt; - if (!iterations_sec) + if (!pbkdf || (!password && password_size)) return -EINVAL; r = init_crypto(cd); if (r < 0) return r; - if (!strncmp(kdf, "pbkdf2", 6)) - r = crypt_pbkdf_check(kdf, hash, password, password_size, - salt, salt_size, iterations_sec); - else - r = -EINVAL; + kdf_opt = !strcmp(pbkdf->type, CRYPT_KDF_PBKDF2) ? pbkdf->hash : ""; + + log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt); + + r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size, + salt, salt_size, volume_key_size, pbkdf->time_ms, + pbkdf->max_memory_kb, pbkdf->parallel_threads, + &pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr); if (!r) - log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second.", - kdf, hash, *iterations_sec); + log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).", + pbkdf->type, kdf_opt, pbkdf->iterations, pbkdf->max_memory_kb, + pbkdf->parallel_threads, volume_key_size * 8); + return r; +} + +struct benchmark_usrptr { + struct crypt_device *cd; + struct crypt_pbkdf_type *pbkdf; +}; + +static int benchmark_callback(uint32_t time_ms, void *usrptr) +{ + struct benchmark_usrptr *u = usrptr; + + log_dbg(u->cd, "PBKDF benchmark: memory cost = %u, iterations = %u, " + "threads = %u (took %u ms)", u->pbkdf->max_memory_kb, + u->pbkdf->iterations, u->pbkdf->parallel_threads, time_ms); + + return 0; +} + +/* + * Used in internal places to benchmark crypt_device context PBKDF. + * Once requested parameters are benchmarked, iterations attribute is set, + * and the benchmarked values can be reused. + * Note that memory cost can be changed after benchmark (if used). + * NOTE: You need to check that you are benchmarking for the same key size. + */ +int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, + struct crypt_pbkdf_type *pbkdf, + size_t volume_key_size) +{ + struct crypt_pbkdf_limits pbkdf_limits; + double PBKDF2_tmp; + uint32_t ms_tmp; + int r = -EINVAL; + struct benchmark_usrptr u = { + .cd = cd, + .pbkdf = pbkdf + }; + + r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits); + if (r) + return r; + + if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) { + if (pbkdf->iterations) { + log_dbg(cd, "Reusing PBKDF values (no benchmark flag is set)."); + return 0; + } + log_err(cd, _("PBKDF benchmark disabled but iterations not set.")); + return -EINVAL; + } + + /* For PBKDF2 run benchmark always. Also note it depends on volume_key_size! */ + if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) { + /* + * For PBKDF2 it is enough to run benchmark for only 1 second + * and interpolate final iterations value from it. + */ + ms_tmp = pbkdf->time_ms; + pbkdf->time_ms = 1000; + pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */ + pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */ + + r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "bar", 3, + volume_key_size, &benchmark_callback, &u); + pbkdf->time_ms = ms_tmp; + if (r < 0) { + log_err(cd, _("Not compatible PBKDF2 options (using hash algorithm %s)."), + pbkdf->hash); + return r; + } + + PBKDF2_tmp = ((double)pbkdf->iterations * pbkdf->time_ms / 1000.); + if (PBKDF2_tmp > (double)UINT32_MAX) + return -EINVAL; + pbkdf->iterations = at_least((uint32_t)PBKDF2_tmp, pbkdf_limits.min_iterations); + } else { + /* Already benchmarked */ + if (pbkdf->iterations) { + log_dbg(cd, "Reusing PBKDF values."); + return 0; + } + + r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, + "0123456789abcdef0123456789abcdef", 32, + volume_key_size, &benchmark_callback, &u); + if (r < 0) + log_err(cd, _("Not compatible PBKDF options.")); + } + return r; } diff --git a/lib/utils_blkid.c b/lib/utils_blkid.c new file mode 100644 index 0000000..0e3e7fd --- /dev/null +++ b/lib/utils_blkid.c @@ -0,0 +1,323 @@ +/* + * blkid probe utilities + * + * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include + +#include "utils_blkid.h" +#include "utils_io.h" + +#ifdef HAVE_BLKID +#include +/* make bad checksums flag optional */ +#ifndef BLKID_SUBLKS_BADCSUM +#define BLKID_SUBLKS_BADCSUM 0 +#endif +struct blkid_handle { + int fd; + blkid_probe pr; +}; +#ifndef HAVE_BLKID_WIPE +static size_t crypt_getpagesize(void) +{ + long r = sysconf(_SC_PAGESIZE); + return r <= 0 ? 4096 : (size_t)r; +} +#endif +#endif + +void blk_set_chains_for_wipes(struct blkid_handle *h) +{ +#ifdef HAVE_BLKID + blkid_probe_enable_partitions(h->pr, 1); + blkid_probe_set_partitions_flags(h->pr, 0 +#ifdef HAVE_BLKID_WIPE + | BLKID_PARTS_MAGIC +#endif + ); + + blkid_probe_enable_superblocks(h->pr, 1); + blkid_probe_set_superblocks_flags(h->pr, BLKID_SUBLKS_LABEL | + BLKID_SUBLKS_UUID | + BLKID_SUBLKS_TYPE | + BLKID_SUBLKS_USAGE | + BLKID_SUBLKS_VERSION | + BLKID_SUBLKS_MAGIC | + BLKID_SUBLKS_BADCSUM); +#endif +} + +void blk_set_chains_for_full_print(struct blkid_handle *h) +{ + blk_set_chains_for_wipes(h); +} + +void blk_set_chains_for_fast_detection(struct blkid_handle *h) +{ +#ifdef HAVE_BLKID + blkid_probe_enable_partitions(h->pr, 1); + blkid_probe_set_partitions_flags(h->pr, 0); + + blkid_probe_enable_superblocks(h->pr, 1); + blkid_probe_set_superblocks_flags(h->pr, BLKID_SUBLKS_TYPE); +#endif +} + +int blk_init_by_path(struct blkid_handle **h, const char *path) +{ + int r = -ENOTSUP; +#ifdef HAVE_BLKID + struct blkid_handle *tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + tmp->fd = -1; + + tmp->pr = blkid_new_probe_from_filename(path); + if (!tmp->pr) { + free(tmp); + return -EINVAL; + } + + *h = tmp; + + r = 0; +#endif + return r; +} + +int blk_init_by_fd(struct blkid_handle **h, int fd) +{ + int r = -ENOTSUP; +#ifdef HAVE_BLKID + struct blkid_handle *tmp = malloc(sizeof(*tmp)); + if (!tmp) + return -ENOMEM; + + tmp->pr = blkid_new_probe(); + if (!tmp->pr) { + free(tmp); + return -EINVAL; + } + + if (blkid_probe_set_device(tmp->pr, fd, 0, 0)) { + blkid_free_probe(tmp->pr); + free(tmp); + return -EINVAL; + } + + tmp->fd = fd; + + *h = tmp; + + r = 0; +#endif + return r; +} + +int blk_superblocks_filter_luks(struct blkid_handle *h) +{ + int r = -ENOTSUP; +#ifdef HAVE_BLKID + char luks[] = "crypto_LUKS"; + char *luks_filter[] = { + luks, + NULL + }; + r = blkid_probe_filter_superblocks_type(h->pr, BLKID_FLTR_NOTIN, luks_filter); +#endif + return r; +} + +blk_probe_status blk_probe(struct blkid_handle *h) +{ + blk_probe_status pr = PRB_FAIL; +#ifdef HAVE_BLKID + int r = blkid_do_probe(h->pr); + + if (r == 0) + pr = PRB_OK; + else if (r == 1) + pr = PRB_EMPTY; +#endif + return pr; +} + +blk_probe_status blk_safeprobe(struct blkid_handle *h) +{ + int r = -1; +#ifdef HAVE_BLKID + r = blkid_do_safeprobe(h->pr); +#endif + switch (r) { + case -2: + return PRB_AMBIGUOUS; + case 1: + return PRB_EMPTY; + case 0: + return PRB_OK; + default: + return PRB_FAIL; + } +} + +int blk_is_partition(struct blkid_handle *h) +{ + int r = 0; +#ifdef HAVE_BLKID + r = blkid_probe_has_value(h->pr, "PTTYPE"); +#endif + return r; +} + +int blk_is_superblock(struct blkid_handle *h) +{ + int r = 0; +#ifdef HAVE_BLKID + r = blkid_probe_has_value(h->pr, "TYPE"); +#endif + return r; +} + +const char *blk_get_partition_type(struct blkid_handle *h) +{ + const char *value = NULL; +#ifdef HAVE_BLKID + (void) blkid_probe_lookup_value(h->pr, "PTTYPE", &value, NULL); +#endif + return value; +} + +const char *blk_get_superblock_type(struct blkid_handle *h) +{ + const char *value = NULL; +#ifdef HAVE_BLKID + (void) blkid_probe_lookup_value(h->pr, "TYPE", &value, NULL); +#endif + return value; +} + +void blk_free(struct blkid_handle *h) +{ +#ifdef HAVE_BLKID + if (!h) + return; + + if (h->pr) + blkid_free_probe(h->pr); + + free(h); +#endif +} + +#ifdef HAVE_BLKID +#ifndef HAVE_BLKID_WIPE +static int blk_step_back(struct blkid_handle *h) +{ +#ifdef HAVE_BLKID_STEP_BACK + return blkid_probe_step_back(h->pr); +#else + blkid_reset_probe(h->pr); + blkid_probe_set_device(h->pr, h->fd, 0, 0); + return 0; +#endif +} +#endif /* not HAVE_BLKID_WIPE */ +#endif /* HAVE_BLKID */ + +int blk_do_wipe(struct blkid_handle *h) +{ +#ifdef HAVE_BLKID +#ifdef HAVE_BLKID_WIPE + return blkid_do_wipe(h->pr, 0); +#else + const char *offset; + off_t offset_val; + void *buf; + ssize_t ret; + size_t alignment, len, bsize = blkid_probe_get_sectorsize(h->pr); + + if (h->fd < 0 || !bsize) + return -EINVAL; + + if (blk_is_partition(h)) { + if (blkid_probe_lookup_value(h->pr, "PTMAGIC_OFFSET", &offset, NULL)) + return -EINVAL; + if (blkid_probe_lookup_value(h->pr, "PTMAGIC", NULL, &len)) + return -EINVAL; + } else if (blk_is_superblock(h)) { + if (blkid_probe_lookup_value(h->pr, "SBMAGIC_OFFSET", &offset, NULL)) + return -EINVAL; + if (blkid_probe_lookup_value(h->pr, "SBMAGIC", NULL, &len)) + return -EINVAL; + } else + return 0; + + alignment = crypt_getpagesize(); + + if (posix_memalign(&buf, alignment, len)) + return -EINVAL; + memset(buf, 0, len); + + offset_val = strtoll(offset, NULL, 10); + + /* TODO: missing crypt_wipe_fd() */ + ret = write_lseek_blockwise(h->fd, bsize, alignment, buf, len, offset_val); + free(buf); + if (ret < 0) + return -EIO; + + if ((size_t)ret == len) { + blk_step_back(h); + return 0; + } + + return -EIO; +#endif +#else /* HAVE_BLKID */ + return -ENOTSUP; +#endif +} + +int blk_supported(void) +{ + int r = 0; +#ifdef HAVE_BLKID + r = 1; +#endif + return r; +} + +off_t blk_get_offset(struct blkid_handle *h) +{ + off_t offset_value = -1; +#ifdef HAVE_BLKID + const char *offset; + if (blk_is_superblock(h)) { + if (!blkid_probe_lookup_value(h->pr, "SBMAGIC_OFFSET", &offset, NULL)) + offset_value = strtoll(offset, NULL, 10); + } else if (blk_is_partition(h) && !blkid_probe_lookup_value(h->pr, "PTMAGIC_OFFSET", &offset, NULL)) + offset_value = strtoll(offset, NULL, 10); +#endif + return offset_value; +} diff --git a/lib/utils_blkid.h b/lib/utils_blkid.h new file mode 100644 index 0000000..ca50da7 --- /dev/null +++ b/lib/utils_blkid.h @@ -0,0 +1,64 @@ +/* + * blkid probe utilities + * + * Copyright (C) 2018-2020 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _UTILS_BLKID_H +#define _UTILS_BLKID_H + +struct blkid_handle; + +typedef enum { PRB_OK = 0, PRB_EMPTY, PRB_AMBIGUOUS, PRB_FAIL } blk_probe_status; + +int blk_init_by_path(struct blkid_handle **h, const char *path); + +void blk_free(struct blkid_handle *h); + +/* + * WARNING: This will reset file description offset as if + * lseek(devfd, 0, SEEK_SET) was called! + */ +int blk_init_by_fd(struct blkid_handle **h, int fd); + +void blk_set_chains_for_wipes(struct blkid_handle *h); + +void blk_set_chains_for_full_print(struct blkid_handle *h); + +void blk_set_chains_for_fast_detection(struct blkid_handle *h); + +int blk_superblocks_filter_luks(struct blkid_handle *h); + +blk_probe_status blk_safeprobe(struct blkid_handle *h); + +blk_probe_status blk_probe(struct blkid_handle *h); + +int blk_is_partition(struct blkid_handle *h); + +int blk_is_superblock(struct blkid_handle *h); + +const char *blk_get_partition_type(struct blkid_handle *h); + +const char *blk_get_superblock_type(struct blkid_handle *h); + +int blk_do_wipe(struct blkid_handle *h); + +int blk_supported(void); + +off_t blk_get_offset(struct blkid_handle *h); + +#endif diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c index 5cfe477..17dc6d8 100644 --- a/lib/utils_crypt.c +++ b/lib/utils_crypt.c @@ -1,9 +1,9 @@ /* * utils_crypt - cipher utilities for cryptsetup * - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2012, Milan Broz + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,37 +21,23 @@ */ #include -#include #include #include #include -#include -#include -#include -#include -#include -#include -#include #include "libcryptsetup.h" -#include "nls.h" #include "utils_crypt.h" -#define log_dbg(x) crypt_log(NULL, CRYPT_LOG_DEBUG, x) -#define log_err(cd, x) crypt_log(cd, CRYPT_LOG_ERROR, x) - -struct safe_allocation { - size_t size; - char data[0]; -}; - int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, char *cipher_mode) { + if (!s || !cipher || !cipher_mode) + return -EINVAL; + if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", cipher, cipher_mode) == 2) { if (!strcmp(cipher_mode, "plain")) - strncpy(cipher_mode, "cbc-plain", 10); + strcpy(cipher_mode, "cbc-plain"); if (key_nums) { char *tmp = strchr(cipher, ':'); *key_nums = tmp ? atoi(++tmp) : 1; @@ -63,16 +49,16 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, } /* Short version for "empty" cipher */ - if (!strcmp(s, "null")) { - strncpy(cipher, "cipher_null", MAX_CIPHER_LEN); - strncpy(cipher_mode, "ecb", 9); + if (!strcmp(s, "null") || !strcmp(s, "cipher_null")) { + strcpy(cipher, "cipher_null"); + strcpy(cipher_mode, "ecb"); if (key_nums) *key_nums = 0; return 0; } if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]", cipher) == 1) { - strncpy(cipher_mode, "cbc-plain", 10); + strcpy(cipher_mode, "cbc-plain"); if (key_nums) *key_nums = 1; return 0; @@ -81,383 +67,86 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, return -EINVAL; } -/* - * Replacement for memset(s, 0, n) on stack that can be optimized out - * Also used in safe allocations for explicit memory wipe. - */ -void crypt_memzero(void *s, size_t n) -{ - volatile uint8_t *p = (volatile uint8_t *)s; - - while(n--) - *p++ = 0; -} - -/* safe allocations */ -void *crypt_safe_alloc(size_t size) -{ - struct safe_allocation *alloc; - - if (!size) - return NULL; - - alloc = malloc(size + offsetof(struct safe_allocation, data)); - if (!alloc) - return NULL; - - alloc->size = size; - crypt_memzero(&alloc->data, size); - - /* coverity[leaked_storage] */ - return &alloc->data; -} - -void crypt_safe_free(void *data) -{ - struct safe_allocation *alloc; - - if (!data) - return; - - alloc = (struct safe_allocation *) - ((char *)data - offsetof(struct safe_allocation, data)); - - crypt_memzero(data, alloc->size); - - alloc->size = 0x55aa55aa; - free(alloc); -} - -void *crypt_safe_realloc(void *data, size_t size) -{ - struct safe_allocation *alloc; - void *new_data; - - new_data = crypt_safe_alloc(size); - - if (new_data && data) { - - alloc = (struct safe_allocation *) - ((char *)data - offsetof(struct safe_allocation, data)); - - if (size > alloc->size) - size = alloc->size; - - memcpy(new_data, data, size); - } - - crypt_safe_free(data); - return new_data; -} - -/* Password reading helpers */ -static int untimed_read(int fd, char *pass, size_t maxlen) -{ - ssize_t i; - - i = read(fd, pass, maxlen); - if (i > 0) { - pass[i-1] = '\0'; - i = 0; - } else if (i == 0) { /* EOF */ - *pass = 0; - i = -1; - } - return i; -} - -static int timed_read(int fd, char *pass, size_t maxlen, long timeout) -{ - struct timeval t; - fd_set fds = {}; /* Just to avoid scan-build false report for FD_SET */ - int failed = -1; - - FD_ZERO(&fds); - FD_SET(fd, &fds); - t.tv_sec = timeout; - t.tv_usec = 0; - - if (select(fd+1, &fds, NULL, NULL, &t) > 0) - failed = untimed_read(fd, pass, maxlen); - - return failed; -} - -static int interactive_pass(const char *prompt, char *pass, size_t maxlen, - long timeout) +int crypt_parse_hash_integrity_mode(const char *s, char *integrity) { - struct termios orig, tmp; - int failed = -1; - int infd, outfd; - - if (maxlen < 1) - return failed; - - /* Read and write to /dev/tty if available */ - infd = open("/dev/tty", O_RDWR); - if (infd == -1) { - infd = STDIN_FILENO; - outfd = STDERR_FILENO; - } else - outfd = infd; + char mode[MAX_CIPHER_LEN], hash[MAX_CIPHER_LEN]; + int r; - if (tcgetattr(infd, &orig)) - goto out_err; - - memcpy(&tmp, &orig, sizeof(tmp)); - tmp.c_lflag &= ~ECHO; - - if (prompt && write(outfd, prompt, strlen(prompt)) < 0) - goto out_err; + if (!s || !integrity || strchr(s, '(') || strchr(s, ')')) + return -EINVAL; - tcsetattr(infd, TCSAFLUSH, &tmp); - if (timeout) - failed = timed_read(infd, pass, maxlen, timeout); + r = sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", mode, hash); + if (r == 2) + r = snprintf(integrity, MAX_CIPHER_LEN, "%s(%s)", mode, hash); + else if (r == 1) + r = snprintf(integrity, MAX_CIPHER_LEN, "%s", mode); else - failed = untimed_read(infd, pass, maxlen); - tcsetattr(infd, TCSAFLUSH, &orig); + return -EINVAL; -out_err: - if (!failed && write(outfd, "\n", 1)) {}; + if (r < 0 || r == MAX_CIPHER_LEN) + return -EINVAL; - if (infd != STDIN_FILENO) - close(infd); - return failed; + return 0; } -static int crypt_get_key_tty(const char *prompt, - char **key, size_t *key_size, - int timeout, int verify, - struct crypt_device *cd) +int crypt_parse_integrity_mode(const char *s, char *integrity, + int *integrity_key_size) { - int key_size_max = DEFAULT_PASSPHRASE_SIZE_MAX; - int r = -EINVAL; - char *pass = NULL, *pass_verify = NULL; - - log_dbg("Interactive passphrase entry requested."); + int ks = 0, r = 0; - pass = crypt_safe_alloc(key_size_max + 1); - if (!pass) { - log_err(cd, _("Out of memory while reading passphrase.\n")); - return -ENOMEM; - } - - if (interactive_pass(prompt, pass, key_size_max, timeout)) { - log_err(cd, _("Error reading passphrase from terminal.\n")); - goto out_err; - } - pass[key_size_max] = '\0'; - - if (verify) { - pass_verify = crypt_safe_alloc(key_size_max); - if (!pass_verify) { - log_err(cd, _("Out of memory while reading passphrase.\n")); - r = -ENOMEM; - goto out_err; - } + if (!s || !integrity) + return -EINVAL; - if (interactive_pass(_("Verify passphrase: "), - pass_verify, key_size_max, timeout)) { - log_err(cd, _("Error reading passphrase from terminal.\n")); - goto out_err; - } + // FIXME: do not hardcode it here + + /* AEAD modes */ + if (!strcmp(s, "aead") || + !strcmp(s, "poly1305") || + !strcmp(s, "none")) { + strncpy(integrity, s, MAX_CIPHER_LEN); + ks = 0; + } else if (!strcmp(s, "hmac-sha1")) { + strncpy(integrity, "hmac(sha1)", MAX_CIPHER_LEN); + ks = 20; + } else if (!strcmp(s, "hmac-sha256")) { + strncpy(integrity, "hmac(sha256)", MAX_CIPHER_LEN); + ks = 32; + } else if (!strcmp(s, "hmac-sha512")) { + ks = 64; + strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN); + } else if (!strcmp(s, "cmac-aes")) { + ks = 16; + strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN); + } else + r = -EINVAL; - if (strncmp(pass, pass_verify, key_size_max)) { - log_err(cd, _("Passphrases do not match.\n")); - r = -EPERM; - goto out_err; - } - } + if (integrity_key_size) + *integrity_key_size = ks; - *key = pass; - *key_size = strlen(pass); - r = 0; -out_err: - crypt_safe_free(pass_verify); - if (r) - crypt_safe_free(pass); return r; } -/* - * A simple call to lseek(3) might not be possible for some inputs (e.g. - * reading from a pipe), so this function instead reads of up to BUFSIZ bytes - * at a time until the specified number of bytes. It returns -1 on read error - * or when it reaches EOF before the requested number of bytes have been - * discarded. - */ -static int keyfile_seek(int fd, size_t bytes) +int crypt_parse_pbkdf(const char *s, const char **pbkdf) { - char tmp[BUFSIZ]; - size_t next_read; - ssize_t bytes_r; - off_t r; + const char *tmp = NULL; - r = lseek(fd, bytes, SEEK_CUR); - if (r > 0) - return 0; - if (r < 0 && errno != ESPIPE) - return -1; - - while (bytes > 0) { - /* figure out how much to read */ - next_read = bytes > sizeof(tmp) ? sizeof(tmp) : bytes; - - bytes_r = read(fd, tmp, next_read); - if (bytes_r < 0) { - if (errno == EINTR) - continue; - - /* read error */ - return -1; - } - - if (bytes_r == 0) - /* EOF */ - break; - - bytes -= bytes_r; - } - - return bytes == 0 ? 0 : -1; -} - -/* - * Note: --key-file=- is interpreted as a read from a binary file (stdin) - * key_size_max == 0 means detect maximum according to input type (tty/file) - * timeout and verify options only applies to tty input - */ -int crypt_get_key(const char *prompt, - char **key, size_t *key_size, - size_t keyfile_offset, size_t keyfile_size_max, - const char *key_file, int timeout, int verify, - struct crypt_device *cd) -{ - int fd, regular_file, read_stdin, char_read, unlimited_read = 0; - int r = -EINVAL; - char *pass = NULL; - size_t buflen, i, file_read_size; - struct stat st; - - *key = NULL; - *key_size = 0; - - /* Passphrase read from stdin? */ - read_stdin = (!key_file || !strcmp(key_file, "-")) ? 1 : 0; - - if (read_stdin && isatty(STDIN_FILENO)) { - if (keyfile_offset) { - log_err(cd, _("Cannot use offset with terminal input.\n")); - return -EINVAL; - } - return crypt_get_key_tty(prompt, key, key_size, timeout, verify, cd); - } - - if (read_stdin) - log_dbg("STDIN descriptor passphrase entry requested."); - else - log_dbg("File descriptor passphrase entry requested."); - - /* If not requsted otherwise, we limit input to prevent memory exhaustion */ - if (keyfile_size_max == 0) { - keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024; - unlimited_read = 1; - } - - fd = read_stdin ? STDIN_FILENO : open(key_file, O_RDONLY); - if (fd < 0) { - log_err(cd, _("Failed to open key file.\n")); + if (!s) return -EINVAL; - } - - /* use 4k for buffer (page divisor but avoid huge pages) */ - buflen = 4096 - sizeof(struct safe_allocation); - regular_file = 0; - if(!read_stdin) { - if(stat(key_file, &st) < 0) { - log_err(cd, _("Failed to stat key file.\n")); - goto out_err; - } - if(S_ISREG(st.st_mode)) { - regular_file = 1; - file_read_size = (size_t)st.st_size; - if (keyfile_offset > file_read_size) { - log_err(cd, _("Cannot seek to requested keyfile offset.\n")); - goto out_err; - } - file_read_size -= keyfile_offset; + if (!strcasecmp(s, CRYPT_KDF_PBKDF2)) + tmp = CRYPT_KDF_PBKDF2; + else if (!strcasecmp(s, CRYPT_KDF_ARGON2I)) + tmp = CRYPT_KDF_ARGON2I; + else if (!strcasecmp(s, CRYPT_KDF_ARGON2ID)) + tmp = CRYPT_KDF_ARGON2ID; - /* known keyfile size, alloc it in one step */ - if (file_read_size >= keyfile_size_max) - buflen = keyfile_size_max; - else if (file_read_size) - buflen = file_read_size; - } - } - - pass = crypt_safe_alloc(buflen); - if (!pass) { - log_err(cd, _("Out of memory while reading passphrase.\n")); - goto out_err; - } - - /* Discard keyfile_offset bytes on input */ - if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) { - log_err(cd, _("Cannot seek to requested keyfile offset.\n")); - goto out_err; - } - - for(i = 0; i < keyfile_size_max; i++) { - if(i == buflen) { - buflen += 4096; - pass = crypt_safe_realloc(pass, buflen); - if (!pass) { - log_err(cd, _("Out of memory while reading passphrase.\n")); - r = -ENOMEM; - goto out_err; - } - } - - char_read = read(fd, &pass[i], 1); - if (char_read < 0) { - log_err(cd, _("Error reading passphrase.\n")); - goto out_err; - } - - /* Stop on newline only if not requested read from keyfile */ - if(char_read == 0 || (!key_file && pass[i] == '\n')) - break; - } - - /* Fail if piped input dies reading nothing */ - if(!i && !regular_file) { - log_dbg("Nothing read on input."); - r = -EPIPE; - goto out_err; - } - - /* Fail if we exceeded internal default (no specified size) */ - if (unlimited_read && i == keyfile_size_max) { - log_err(cd, _("Maximum keyfile size exceeded.\n")); - goto out_err; - } - - if (!unlimited_read && i != keyfile_size_max) { - log_err(cd, _("Cannot read requested amount of data.\n")); - goto out_err; - } + if (!tmp) + return -EINVAL; - *key = pass; - *key_size = i; - r = 0; -out_err: - if(fd != STDIN_FILENO) - close(fd); + if (pbkdf) + *pbkdf = tmp; - if (r) - crypt_safe_free(pass); - return r; + return 0; } ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc) @@ -485,68 +174,3 @@ ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc) *result = bytes; return i; } - -/* - * Device size string parsing, suffixes: - * s|S - 512 bytes sectors - * k |K |m |M |g |G |t |T - 1024 base - * kiB|KiB|miB|MiB|giB|GiB|tiB|TiB - 1024 base - * kb |KB |mM |MB |gB |GB |tB |TB - 1000 base - */ -int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size) -{ - char *endp = NULL; - size_t len; - uint64_t mult_base, mult, tmp; - - *size = strtoull(s, &endp, 10); - if (!isdigit(s[0]) || - (errno == ERANGE && *size == ULLONG_MAX) || - (errno != 0 && *size == 0)) - return -EINVAL; - - if (!endp || !*endp) - return 0; - - len = strlen(endp); - /* Allow "B" and "iB" suffixes */ - if (len > 3 || - (len == 3 && (endp[1] != 'i' || endp[2] != 'B')) || - (len == 2 && endp[1] != 'B')) - return -EINVAL; - - if (len == 1 || len == 3) - mult_base = 1024; - else - mult_base = 1000; - - mult = 1; - switch (endp[0]) { - case 's': - case 'S': mult = 512; - break; - case 't': - case 'T': mult *= mult_base; - /* Fall through */ - case 'g': - case 'G': mult *= mult_base; - /* Fall through */ - case 'm': - case 'M': mult *= mult_base; - /* Fall through */ - case 'k': - case 'K': mult *= mult_base; - break; - default: - return -EINVAL; - } - - tmp = *size * mult; - if ((tmp / *size) != mult) { - log_dbg("Device size overflow."); - return -EINVAL; - } - - *size = tmp; - return 0; -} diff --git a/lib/utils_crypt.h b/lib/utils_crypt.h index 3da4842..32b77cb 100644 --- a/lib/utils_crypt.h +++ b/lib/utils_crypt.h @@ -1,9 +1,9 @@ /* * utils_crypt - cipher utilities for cryptsetup * - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2012, Milan Broz + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -29,25 +29,13 @@ #define MAX_CIPHER_LEN_STR "31" #define MAX_KEYFILES 32 -struct crypt_device; - int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, char *cipher_mode); - -int crypt_get_key(const char *prompt, - char **key, size_t *key_size, - size_t keyfile_offset, size_t keyfile_size_max, - const char *key_file, - int timeout, int verify, - struct crypt_device *cd); - -void *crypt_safe_alloc(size_t size); -void crypt_safe_free(void *data); -void *crypt_safe_realloc(void *data, size_t size); - -void crypt_memzero(void *s, size_t n); +int crypt_parse_hash_integrity_mode(const char *s, char *integrity); +int crypt_parse_integrity_mode(const char *s, char *integrity, + int *integrity_key_size); +int crypt_parse_pbkdf(const char *s, const char **pbkdf); ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc); -int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size); #endif /* _UTILS_CRYPT_H */ diff --git a/lib/utils_device.c b/lib/utils_device.c index 46c2a0f..75449c0 100644 --- a/lib/utils_device.c +++ b/lib/utils_device.c @@ -1,10 +1,10 @@ /* * device backend utilities * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2015, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -21,16 +21,23 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include #include #include -#include #include #include #include #include #include #include +#ifdef HAVE_SYS_SYSMACROS_H +# include /* for major, minor */ +#endif +#ifdef HAVE_SYS_STATVFS_H +# include +#endif #include "internal.h" +#include "utils_device_locking.h" struct device { char *path; @@ -38,31 +45,61 @@ struct device { char *file_path; int loop_fd; - int o_direct:1; - int init_done:1; + int ro_dev_fd; + int dev_fd; + int dev_fd_excl; + + struct crypt_lock_handle *lh; + + unsigned int o_direct:1; + unsigned int init_done:1; /* path is bdev or loop already initialized */ + + /* cached values */ + size_t alignment; + size_t block_size; }; -static int device_block_size_fd(int fd, size_t *min_size) +static size_t device_fs_block_size_fd(int fd) +{ + size_t page_size = crypt_getpagesize(); + +#ifdef HAVE_SYS_STATVFS_H + struct statvfs buf; + + /* + * NOTE: some filesystems (NFS) returns bogus blocksize (1MB). + * Page-size io should always work and avoids increasing IO beyond aligned LUKS header. + */ + if (!fstatvfs(fd, &buf) && buf.f_bsize && buf.f_bsize <= page_size) + return (size_t)buf.f_bsize; +#endif + return page_size; +} + +static size_t device_block_size_fd(int fd, size_t *min_size) { struct stat st; - int bsize = 0, r = -EINVAL; + size_t bsize; + int arg; if (fstat(fd, &st) < 0) - return -EINVAL; + return 0; if (S_ISREG(st.st_mode)) - r = (int)crypt_getpagesize(); - else if (ioctl(fd, BLKSSZGET, &bsize) >= 0) - r = bsize; - else - r = -EINVAL; + bsize = device_fs_block_size_fd(fd); + else { + if (ioctl(fd, BLKSSZGET, &arg) < 0) + bsize = crypt_getpagesize(); + else + bsize = (size_t)arg; + } - if (r < 0 || !min_size) - return r; + if (!min_size) + return bsize; if (S_ISREG(st.st_mode)) { /* file can be empty as well */ - if (st.st_size > bsize) + if (st.st_size > (ssize_t)bsize) *min_size = bsize; else *min_size = st.st_size; @@ -74,15 +111,28 @@ static int device_block_size_fd(int fd, size_t *min_size) return bsize; } +static size_t device_alignment_fd(int devfd) +{ + long alignment = DEFAULT_MEM_ALIGNMENT; + +#ifdef _PC_REC_XFER_ALIGN + alignment = fpathconf(devfd, _PC_REC_XFER_ALIGN); + if (alignment < 0) + alignment = DEFAULT_MEM_ALIGNMENT; +#endif + return (size_t)alignment; +} + static int device_read_test(int devfd) { char buffer[512]; - int blocksize, r = -EIO; - size_t minsize = 0; + int r = -EIO; + size_t minsize = 0, blocksize, alignment; blocksize = device_block_size_fd(devfd, &minsize); + alignment = device_alignment_fd(devfd); - if (blocksize < 0) + if (!blocksize || !alignment) return -EINVAL; if (minsize == 0) @@ -91,30 +141,31 @@ static int device_read_test(int devfd) if (minsize > sizeof(buffer)) minsize = sizeof(buffer); - if (read_blockwise(devfd, blocksize, buffer, minsize) == (ssize_t)minsize) + if (read_blockwise(devfd, blocksize, alignment, buffer, minsize) == (ssize_t)minsize) r = 0; - crypt_memzero(buffer, sizeof(buffer)); + crypt_safe_memzero(buffer, sizeof(buffer)); return r; } /* * The direct-io is always preferred. The header is usually mapped to the same * device and can be accessed when the rest of device is mapped to data device. - * Using dirct-io encsures that we do not mess with data in cache. + * Using direct-io ensures that we do not mess with data in cache. * (But proper alignment should prevent this in the first place.) * The read test is needed to detect broken configurations (seen with remote * block devices) that allow open with direct-io but then fails on read. */ -static int device_ready(struct device *device, int check_directio) +static int device_ready(struct crypt_device *cd, struct device *device) { int devfd = -1, r = 0; struct stat st; + size_t tmp_size; - device->o_direct = 0; - if (check_directio) { - log_dbg("Trying to open and read device %s with direct-io.", + if (device->o_direct) { + log_dbg(cd, "Trying to open and read device %s with direct-io.", device_path(device)); + device->o_direct = 0; devfd = open(device_path(device), O_RDONLY | O_DIRECT); if (devfd >= 0) { if (device_read_test(devfd) == 0) { @@ -127,13 +178,13 @@ static int device_ready(struct device *device, int check_directio) } if (devfd < 0) { - log_dbg("Trying to open device %s without direct-io.", + log_dbg(cd, "Trying to open device %s without direct-io.", device_path(device)); devfd = open(device_path(device), O_RDONLY); } if (devfd < 0) { - log_err(NULL, _("Device %s doesn't exist or access denied.\n"), + log_err(cd, _("Device %s does not exist or access denied."), device_path(device)); return -EINVAL; } @@ -142,31 +193,175 @@ static int device_ready(struct device *device, int check_directio) r = -EINVAL; else if (!S_ISBLK(st.st_mode)) r = S_ISREG(st.st_mode) ? -ENOTBLK : -EINVAL; + if (r == -EINVAL) { + log_err(cd, _("Device %s is not compatible."), + device_path(device)); + close(devfd); + return r; + } + + /* Allow only increase (loop device) */ + tmp_size = device_alignment_fd(devfd); + if (tmp_size > device->alignment) + device->alignment = tmp_size; + + tmp_size = device_block_size_fd(devfd, NULL); + if (tmp_size > device->block_size) + device->block_size = tmp_size; close(devfd); return r; } -int device_open(struct device *device, int flags) +static int _open_locked(struct crypt_device *cd, struct device *device, int flags) { - int devfd; + int fd; + + log_dbg(cd, "Opening locked device %s", device_path(device)); + + if ((flags & O_ACCMODE) != O_RDONLY && device_locked_readonly(device->lh)) { + log_dbg(cd, "Cannot open locked device %s in write mode. Read lock held.", device_path(device)); + return -EAGAIN; + } + + fd = open(device_path(device), flags); + if (fd < 0) + return -errno; + + if (device_locked_verify(cd, fd, device->lh)) { + /* fd doesn't correspond to a locked resource */ + close(fd); + log_dbg(cd, "Failed to verify lock resource for device %s.", device_path(device)); + return -EINVAL; + } + + return fd; +} + +/* + * Common wrapper for device sync. + */ +void device_sync(struct crypt_device *cd, struct device *device) +{ + if (!device || device->dev_fd < 0) + return; + + if (fsync(device->dev_fd) == -1) + log_dbg(cd, "Cannot sync device %s.", device_path(device)); +} + +/* + * in non-locked mode returns always fd or -1 + * + * in locked mode: + * opened fd or one of: + * -EAGAIN : requested write mode while device being locked in via shared lock + * -EINVAL : invalid lock fd state + * -1 : all other errors + */ +static int device_open_internal(struct crypt_device *cd, struct device *device, int flags) +{ + int access, devfd; - flags |= O_SYNC; if (device->o_direct) flags |= O_DIRECT; - devfd = open(device_path(device), flags); + access = flags & O_ACCMODE; + if (access == O_WRONLY) + access = O_RDWR; + + if (access == O_RDONLY && device->ro_dev_fd >= 0) { + log_dbg(cd, "Reusing open r%c fd on device %s", 'o', device_path(device)); + return device->ro_dev_fd; + } else if (access == O_RDWR && device->dev_fd >= 0) { + log_dbg(cd, "Reusing open r%c fd on device %s", 'w', device_path(device)); + return device->dev_fd; + } + + if (device_locked(device->lh)) + devfd = _open_locked(cd, device, flags); + else + devfd = open(device_path(device), flags); + + if (devfd < 0) { + log_dbg(cd, "Cannot open device %s%s.", + device_path(device), + access != O_RDONLY ? " for write" : ""); + return devfd; + } - if (devfd < 0) - log_dbg("Cannot open device %s.", device_path(device)); + if (access == O_RDONLY) + device->ro_dev_fd = devfd; + else + device->dev_fd = devfd; return devfd; } -int device_alloc(struct device **device, const char *path) +int device_open(struct crypt_device *cd, struct device *device, int flags) +{ + assert(!device_locked(device->lh)); + return device_open_internal(cd, device, flags); +} + +int device_open_excl(struct crypt_device *cd, struct device *device, int flags) +{ + const char *path; + struct stat st; + + if (!device) + return -EINVAL; + + assert(!device_locked(device->lh)); + + if (device->dev_fd_excl < 0) { + path = device_path(device); + if (stat(path, &st)) + return -EINVAL; + if (!S_ISBLK(st.st_mode)) + log_dbg(cd, "%s is not a block device. Can't open in exclusive mode.", + path); + else { + /* open(2) with O_EXCL (w/o O_CREAT) on regular file is undefined behaviour according to man page */ + /* coverity[toctou] */ + device->dev_fd_excl = open(path, O_RDONLY | O_EXCL); + if (device->dev_fd_excl < 0) + return errno == EBUSY ? -EBUSY : device->dev_fd_excl; + if (fstat(device->dev_fd_excl, &st) || !S_ISBLK(st.st_mode)) { + log_dbg(cd, "%s is not a block device. Can't open in exclusive mode.", + path); + close(device->dev_fd_excl); + device->dev_fd_excl = -1; + } else + log_dbg(cd, "Device %s is blocked for exclusive open.", path); + } + } + + return device_open_internal(cd, device, flags); +} + +void device_release_excl(struct crypt_device *cd, struct device *device) +{ + if (device && device->dev_fd_excl >= 0) { + if (close(device->dev_fd_excl)) + log_dbg(cd, "Failed to release exclusive handle on device %s.", + device_path(device)); + else + log_dbg(cd, "Closed exclusive fd for %s.", device_path(device)); + device->dev_fd_excl = -1; + } +} + +int device_open_locked(struct crypt_device *cd, struct device *device, int flags) +{ + assert(!crypt_metadata_locking_enabled() || device_locked(device->lh)); + return device_open_internal(cd, device, flags); +} + +/* Avoid any read from device, expects direct-io to work. */ +int device_alloc_no_check(struct device **device, const char *path) { struct device *dev; - int r; if (!path) { *device = NULL; @@ -184,32 +379,60 @@ int device_alloc(struct device **device, const char *path) return -ENOMEM; } dev->loop_fd = -1; + dev->ro_dev_fd = -1; + dev->dev_fd = -1; + dev->dev_fd_excl = -1; + dev->o_direct = 1; - r = device_ready(dev, 1); - if (!r) { - dev->init_done = 1; - } else if (r == -ENOTBLK) { - /* alloc loop later */ - } else if (r < 0) { - free(dev->path); - free(dev); - return -ENOTBLK; + *device = dev; + return 0; +} + +int device_alloc(struct crypt_device *cd, struct device **device, const char *path) +{ + struct device *dev; + int r; + + r = device_alloc_no_check(&dev, path); + if (r < 0) + return r; + + if (dev) { + r = device_ready(cd, dev); + if (!r) { + dev->init_done = 1; + } else if (r == -ENOTBLK) { + /* alloc loop later */ + } else if (r < 0) { + free(dev->path); + free(dev); + return -ENOTBLK; + } } *device = dev; return 0; } -void device_free(struct device *device) +void device_free(struct crypt_device *cd, struct device *device) { if (!device) return; + device_close(cd, device); + + if (device->dev_fd_excl != -1) { + log_dbg(cd, "Closed exclusive fd for %s.", device_path(device)); + close(device->dev_fd_excl); + } + if (device->loop_fd != -1) { - log_dbg("Closed loop %s (%s).", device->path, device->file_path); + log_dbg(cd, "Closed loop %s (%s).", device->path, device->file_path); close(device->loop_fd); } + assert(!device_locked(device->lh)); + free(device->file_path); free(device->path); free(device); @@ -224,6 +447,21 @@ const char *device_block_path(const struct device *device) return device->path; } +/* Get device-mapper name of device (if possible) */ +const char *device_dm_name(const struct device *device) +{ + const char *dmdir = dm_get_dir(); + size_t dmdir_len = strlen(dmdir); + + if (!device || !device->init_done) + return NULL; + + if (strncmp(device->path, dmdir, dmdir_len)) + return NULL; + + return &device->path[dmdir_len+1]; +} + /* Get path to device / file */ const char *device_path(const struct device *device) { @@ -243,10 +481,11 @@ const char *device_path(const struct device *device) #define BLKALIGNOFF _IO(0x12,122) #endif -void device_topology_alignment(struct device *device, - unsigned long *required_alignment, /* bytes */ - unsigned long *alignment_offset, /* bytes */ - unsigned long default_alignment) +void device_topology_alignment(struct crypt_device *cd, + struct device *device, + unsigned long *required_alignment, /* bytes */ + unsigned long *alignment_offset, /* bytes */ + unsigned long default_alignment) { int dev_alignment_offset = 0; unsigned int min_io_size = 0, opt_io_size = 0; @@ -265,7 +504,7 @@ void device_topology_alignment(struct device *device, /* minimum io size */ if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) { - log_dbg("Topology info for %s not supported, using default offset %lu bytes.", + log_dbg(cd, "Topology info for %s not supported, using default offset %lu bytes.", device->path, default_alignment); goto out; } @@ -281,40 +520,41 @@ void device_topology_alignment(struct device *device, temp_alignment = (unsigned long)min_io_size; - if (temp_alignment < (unsigned long)opt_io_size) + /* Ignore bogus opt-io that could break alignment */ + if ((temp_alignment < (unsigned long)opt_io_size) && + !((unsigned long)opt_io_size % temp_alignment)) temp_alignment = (unsigned long)opt_io_size; /* If calculated alignment is multiple of default, keep default */ if (temp_alignment && (default_alignment % temp_alignment)) *required_alignment = temp_alignment; - log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.", + log_dbg(cd, "Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.", min_io_size, opt_io_size, *alignment_offset, *required_alignment); out: (void)close(fd); } -int device_block_size(struct device *device) +size_t device_block_size(struct crypt_device *cd, struct device *device) { - int fd, r = -EINVAL; + int fd; if (!device) return 0; - if (device->file_path) - return (int)crypt_getpagesize(); - - fd = open(device->path, O_RDONLY); - if(fd < 0) - return -EINVAL; + if (device->block_size) + return device->block_size; - r = device_block_size_fd(fd, NULL); + fd = open(device->file_path ?: device->path, O_RDONLY); + if (fd >= 0) { + device->block_size = device_block_size_fd(fd, NULL); + close(fd); + } - if (r <= 0) - log_dbg("Cannot get block size for device %s.", device_path(device)); + if (!device->block_size) + log_dbg(cd, "Cannot get block size for device %s.", device_path(device)); - close(fd); - return r; + return device->block_size; } int device_read_ahead(struct device *device, uint32_t *read_ahead) @@ -360,18 +600,72 @@ out: return r; } -static int device_info(struct device *device, - enum devcheck device_check, - int *readonly, uint64_t *size) +/* For a file, allocate the required space */ +int device_fallocate(struct device *device, uint64_t size) { struct stat st; - int fd, r = -EINVAL, flags = 0; + int devfd, r = -EINVAL; + + devfd = open(device_path(device), O_RDWR); + if (devfd == -1) + return -EINVAL; - *readonly = 0; - *size = 0; + if (!fstat(devfd, &st) && S_ISREG(st.st_mode) && + ((uint64_t)st.st_size >= size || !posix_fallocate(devfd, 0, size))) { + r = 0; + if (device->file_path && crypt_loop_resize(device->path)) + r = -EINVAL; + } + + close(devfd); + return r; +} + +int device_check_size(struct crypt_device *cd, + struct device *device, + uint64_t req_offset, int falloc) +{ + uint64_t dev_size; - if (stat(device->path, &st) < 0) + if (device_size(device, &dev_size)) { + log_dbg(cd, "Cannot get device size for device %s.", device_path(device)); + return -EIO; + } + + log_dbg(cd, "Device size %" PRIu64 ", offset %" PRIu64 ".", dev_size, req_offset); + + if (req_offset > dev_size) { + /* If it is header file, increase its size */ + if (falloc && !device_fallocate(device, req_offset)) + return 0; + + log_err(cd, _("Device %s is too small. Need at least %" PRIu64 " bytes."), + device_path(device), req_offset); return -EINVAL; + } + + return 0; +} + +static int device_info(struct crypt_device *cd, + struct device *device, + enum devcheck device_check, + int *readonly, uint64_t *size) +{ + struct stat st; + int fd = -1, r, flags = 0, real_readonly; + uint64_t real_size; + + if (!device) + return -ENOTBLK; + + real_readonly = 0; + real_size = 0; + + if (stat(device->path, &st) < 0) { + r = -EINVAL; + goto out; + } /* never wipe header on mounted device */ if (device_check == DEV_EXCL && S_ISBLK(st.st_mode)) @@ -381,64 +675,93 @@ static int device_info(struct device *device, /* coverity[toctou] */ fd = open(device->path, O_RDWR | flags); if (fd == -1 && errno == EROFS) { - *readonly = 1; + real_readonly = 1; fd = open(device->path, O_RDONLY | flags); } - if (fd == -1 && device_check == DEV_EXCL && errno == EBUSY) - return -EBUSY; + if (fd == -1 && device_check == DEV_EXCL && errno == EBUSY) { + r = -EBUSY; + goto out; + } - if (fd == -1) - return -EINVAL; + if (fd == -1) { + r = errno ? -errno : -EINVAL; + goto out; + } + r = 0; if (S_ISREG(st.st_mode)) { //FIXME: add readonly check - *size = (uint64_t)st.st_size; - *size >>= SECTOR_SHIFT; + real_size = (uint64_t)st.st_size; + real_size >>= SECTOR_SHIFT; } else { /* If the device can be opened read-write, i.e. readonly is still 0, then * check whether BKROGET says that it is read-only. E.g. read-only loop - * devices may be openend read-write but are read-only according to BLKROGET + * devices may be opened read-write but are read-only according to BLKROGET */ - if (*readonly == 0 && (r = ioctl(fd, BLKROGET, readonly)) < 0) + if (real_readonly == 0 && (r = ioctl(fd, BLKROGET, &real_readonly)) < 0) goto out; - if (ioctl(fd, BLKGETSIZE64, size) >= 0) { - *size >>= SECTOR_SHIFT; - r = 0; + r = ioctl(fd, BLKGETSIZE64, &real_size); + if (r >= 0) { + real_size >>= SECTOR_SHIFT; goto out; } } - r = -EINVAL; out: - close(fd); + if (fd != -1) + close(fd); + + switch (r) { + case 0: + if (readonly) + *readonly = real_readonly; + if (size) + *size = real_size; + break; + case -EBUSY: + log_err(cd, _("Cannot use device %s which is in use " + "(already mapped or mounted)."), device_path(device)); + break; + case -EACCES: + log_err(cd, _("Cannot use device %s, permission denied."), device_path(device)); + break; + default: + log_err(cd, _("Cannot get info about device %s."), device_path(device)); + r = -EINVAL; + } + return r; } +int device_check_access(struct crypt_device *cd, + struct device *device, + enum devcheck device_check) +{ + return device_info(cd, device, device_check, NULL, NULL); +} + static int device_internal_prepare(struct crypt_device *cd, struct device *device) { - char *loop_device, *file_path = NULL; + char *loop_device = NULL, *file_path = NULL; int r, loop_fd, readonly = 0; if (device->init_done) return 0; - log_dbg("Allocating a free loop device."); - loop_device = crypt_loop_get_device(); - if (!loop_device) { - if (getuid() || geteuid()) - log_err(cd, _("Cannot use a loopback device, " - "running as non-root user.\n")); - else - log_err(cd, _("Cannot find a free loopback device.\n")); + if (getuid() || geteuid()) { + log_err(cd, _("Cannot use a loopback device, " + "running as non-root user.")); return -ENOTSUP; } - /* Keep the loop open, dettached on last close. */ - loop_fd = crypt_loop_attach(loop_device, device->path, 0, 1, &readonly); + log_dbg(cd, "Allocating a free loop device."); + + /* Keep the loop open, detached on last close. */ + loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly); if (loop_fd == -1) { log_err(cd, _("Attaching loopback device failed " - "(loop device with autoclear flag is required).\n")); + "(loop device with autoclear flag is required).")); free(loop_device); return -EINVAL; } @@ -446,7 +769,7 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic file_path = device->path; device->path = loop_device; - r = device_ready(device, device->o_direct); + r = device_ready(cd, device); if (r < 0) { device->path = file_path; crypt_loop_detach(loop_device); @@ -478,28 +801,20 @@ int device_block_adjust(struct crypt_device *cd, if (r) return r; - r = device_info(device, device_check, &real_readonly, &real_size); - if (r < 0) { - if (r == -EBUSY) - log_err(cd, _("Cannot use device %s which is in use " - "(already mapped or mounted).\n"), - device->path); - else - log_err(cd, _("Cannot get info about device %s.\n"), - device->path); + r = device_info(cd, device, device_check, &real_readonly, &real_size); + if (r) return r; - } if (device_offset >= real_size) { - log_err(cd, _("Requested offset is beyond real size of device %s.\n"), - device->path); + log_err(cd, _("Requested offset is beyond real size of device %s."), + device_path(device)); return -EINVAL; } if (size && !*size) { *size = real_size; if (!*size) { - log_err(cd, _("Device %s has zero size.\n"), device->path); + log_err(cd, _("Device %s has zero size."), device_path(device)); return -ENOTBLK; } *size -= device_offset; @@ -507,10 +822,10 @@ int device_block_adjust(struct crypt_device *cd, /* in case of size is set by parameter */ if (size && ((real_size - device_offset) < *size)) { - log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64 + log_dbg(cd, "Device %s: offset = %" PRIu64 " requested size = %" PRIu64 ", backing device size = %" PRIu64, device->path, device_offset, *size, real_size); - log_err(cd, _("Device %s is too small.\n"), device->path); + log_err(cd, _("Device %s is too small."), device_path(device)); return -EINVAL; } @@ -518,13 +833,156 @@ int device_block_adjust(struct crypt_device *cd, *flags |= CRYPT_ACTIVATE_READONLY; if (size) - log_dbg("Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".", + log_dbg(cd, "Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".", *size, real_readonly ? "RO" : "RW", device_offset); return 0; } -size_t size_round_up(size_t size, unsigned int block) +size_t size_round_up(size_t size, size_t block) { size_t s = (size + (block - 1)) / block; return s * block; } + +void device_disable_direct_io(struct device *device) +{ + device->o_direct = 0; +} + +int device_direct_io(const struct device *device) +{ + return device->o_direct; +} + +static dev_t device_devno(const struct device *device) +{ + struct stat st; + + if (stat(device->path, &st) || !S_ISBLK(st.st_mode)) + return 0; + + return st.st_rdev; +} + +int device_is_identical(struct device *device1, struct device *device2) +{ + if (!device1 || !device2) + return 0; + + if (device1 == device2) + return 1; + + if (device1->init_done && device2->init_done) + return (device_devno(device1) == device_devno(device2)); + else if (device1->init_done || device2->init_done) + return 0; + + if (!strcmp(device_path(device1), device_path(device2))) + return 1; + + return 0; +} + +int device_is_rotational(struct device *device) +{ + struct stat st; + + if (stat(device_path(device), &st) < 0) + return -EINVAL; + + if (!S_ISBLK(st.st_mode)) + return 0; + + return crypt_dev_is_rotational(major(st.st_rdev), minor(st.st_rdev)); +} + +size_t device_alignment(struct device *device) +{ + int devfd; + + if (!device->alignment) { + devfd = open(device_path(device), O_RDONLY); + if (devfd != -1) { + device->alignment = device_alignment_fd(devfd); + close(devfd); + } + } + + return device->alignment; +} + +void device_set_lock_handle(struct device *device, struct crypt_lock_handle *h) +{ + device->lh = h; +} + +struct crypt_lock_handle *device_get_lock_handle(struct device *device) +{ + return device->lh; +} + +int device_read_lock(struct crypt_device *cd, struct device *device) +{ + if (!crypt_metadata_locking_enabled()) + return 0; + + if (device_read_lock_internal(cd, device)) + return -EBUSY; + + return 0; +} + +int device_write_lock(struct crypt_device *cd, struct device *device) +{ + if (!crypt_metadata_locking_enabled()) + return 0; + + assert(!device_locked(device->lh) || !device_locked_readonly(device->lh)); + + return device_write_lock_internal(cd, device); +} + +void device_read_unlock(struct crypt_device *cd, struct device *device) +{ + if (!crypt_metadata_locking_enabled()) + return; + + assert(device_locked(device->lh)); + + device_unlock_internal(cd, device); +} + +void device_write_unlock(struct crypt_device *cd, struct device *device) +{ + if (!crypt_metadata_locking_enabled()) + return; + + assert(device_locked(device->lh) && !device_locked_readonly(device->lh)); + + device_unlock_internal(cd, device); +} + +bool device_is_locked(struct device *device) +{ + return device ? device_locked(device->lh) : 0; +} + +void device_close(struct crypt_device *cd, struct device *device) +{ + if (!device) + return; + + if (device->ro_dev_fd != -1) { + log_dbg(cd, "Closing read only fd for %s.", device_path(device)); + if (close(device->ro_dev_fd)) + log_dbg(cd, "Failed to close read only fd for %s.", device_path(device)); + device->ro_dev_fd = -1; + } + + if (device->dev_fd != -1) { + log_dbg(cd, "Closing read write fd for %s.", device_path(device)); + if (close(device->dev_fd)) + log_dbg(cd, "Failed to close read write fd for %s.", device_path(device)); + device->dev_fd = -1; + } +} diff --git a/lib/utils_device_locking.c b/lib/utils_device_locking.c new file mode 100644 index 0000000..dac8315 --- /dev/null +++ b/lib/utils_device_locking.c @@ -0,0 +1,521 @@ +/* + * Metadata on-disk locking for processes serialization + * + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_SYS_SYSMACROS_H +# include /* for major, minor */ +#endif +#include +#include + +#include "internal.h" +#include "utils_device_locking.h" + +#define same_inode(buf1, buf2) \ + ((buf1).st_ino == (buf2).st_ino && \ + (buf1).st_dev == (buf2).st_dev) + +enum lock_type { + DEV_LOCK_READ = 0, + DEV_LOCK_WRITE +}; + +enum lock_mode { + DEV_LOCK_FILE = 0, + DEV_LOCK_BDEV, + DEV_LOCK_NAME +}; + +struct crypt_lock_handle { + unsigned refcnt; + int flock_fd; + enum lock_type type; + enum lock_mode mode; + union { + struct { + dev_t devno; + } bdev; + struct { + char *name; + } name; + } u; +}; + +static int resource_by_name(char *res, size_t res_size, const char *name, bool fullpath) +{ + int r; + + if (fullpath) + r = snprintf(res, res_size, "%s/LN_%s", DEFAULT_LUKS2_LOCK_PATH, name); + else + r = snprintf(res, res_size, "LN_%s", name); + + return (r < 0 || (size_t)r >= res_size) ? -EINVAL : 0; +} + +static int resource_by_devno(char *res, size_t res_size, dev_t devno, unsigned fullpath) +{ + int r; + + if (fullpath) + r = snprintf(res, res_size, "%s/L_%d:%d", DEFAULT_LUKS2_LOCK_PATH, major(devno), minor(devno)); + else + r = snprintf(res, res_size, "L_%d:%d", major(devno), minor(devno)); + + return (r < 0 || (size_t)r >= res_size) ? -EINVAL : 0; +} + +static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *base) +{ + int dirfd, lockdfd; + + dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC); + if (dirfd < 0) { + log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno)); + if (errno == ENOTDIR || errno == ENOENT) + log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base); + return -EINVAL; + } + + lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC); + if (lockdfd < 0) { + if (errno == ENOENT) { + log_std(cd, _("WARNING: Locking directory %s/%s is missing!\n"), dir, base); + + /* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */ + if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST) + log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno)); + else + lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC); + } else { + log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno)); + if (errno == ENOTDIR || errno == ELOOP) + log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base); + } + } + + close(dirfd); + return lockdfd >= 0 ? lockdfd : -EINVAL; +} + +static int open_resource(struct crypt_device *cd, const char *res) +{ + int err, lockdir_fd, r; + char dir[] = DEFAULT_LUKS2_LOCK_PATH, + base[] = DEFAULT_LUKS2_LOCK_PATH; + + lockdir_fd = open_lock_dir(cd, dirname(dir), basename(base)); + if (lockdir_fd < 0) + return -EINVAL; + + log_dbg(cd, "Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res); + r = openat(lockdir_fd, res, O_CREAT | O_NOFOLLOW | O_RDWR | O_CLOEXEC, 0777); + err = errno; + + close(lockdir_fd); + + return r < 0 ? -err : r; +} + +static int acquire_lock_handle(struct crypt_device *cd, struct device *device, struct crypt_lock_handle *h) +{ + char res[PATH_MAX]; + int dev_fd, fd; + struct stat st; + + dev_fd = open(device_path(device), O_RDONLY | O_NONBLOCK | O_CLOEXEC); + if (dev_fd < 0) + return -EINVAL; + + if (fstat(dev_fd, &st)) { + close(dev_fd); + return -EINVAL; + } + + if (S_ISBLK(st.st_mode)) { + if (resource_by_devno(res, sizeof(res), st.st_rdev, 0)) { + close(dev_fd); + return -EINVAL; + } + + fd = open_resource(cd, res); + close(dev_fd); + if (fd < 0) + return fd; + + h->flock_fd = fd; + h->u.bdev.devno = st.st_rdev; + h->mode = DEV_LOCK_BDEV; + } else if (S_ISREG(st.st_mode)) { + // FIXME: workaround for nfsv4 + fd = open(device_path(device), O_RDWR | O_NONBLOCK | O_CLOEXEC); + if (fd < 0) + h->flock_fd = dev_fd; + else { + h->flock_fd = fd; + close(dev_fd); + } + h->mode = DEV_LOCK_FILE; + } else { + /* Wrong device type */ + close(dev_fd); + return -EINVAL; + } + + return 0; +} + +static int acquire_lock_handle_by_name(struct crypt_device *cd, const char *name, struct crypt_lock_handle *h) +{ + char res[PATH_MAX]; + int fd; + + h->u.name.name = strdup(name); + if (!h->u.name.name) + return -ENOMEM; + + if (resource_by_name(res, sizeof(res), name, false)) { + free(h->u.name.name); + return -EINVAL; + } + + fd = open_resource(cd, res); + if (fd < 0) { + free(h->u.name.name); + return fd; + } + + h->flock_fd = fd; + h->mode = DEV_LOCK_NAME; + + return 0; +} + +static void release_lock_handle(struct crypt_device *cd, struct crypt_lock_handle *h) +{ + char res[PATH_MAX]; + struct stat buf_a, buf_b; + + if ((h->mode == DEV_LOCK_NAME) && /* was it name lock */ + !flock(h->flock_fd, LOCK_EX | LOCK_NB) && /* lock to drop the file */ + !resource_by_name(res, sizeof(res), h->u.name.name, true) && /* acquire lock resource name */ + !fstat(h->flock_fd, &buf_a) && /* read inode id referred by fd */ + !stat(res, &buf_b) && /* does path file still exist? */ + same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */ + /* coverity[toctou] */ + if (unlink(res)) /* yes? unlink the file */ + log_dbg(cd, "Failed to unlink resource file: %s", res); + } + + if ((h->mode == DEV_LOCK_BDEV) && /* was it block device */ + !flock(h->flock_fd, LOCK_EX | LOCK_NB) && /* lock to drop the file */ + !resource_by_devno(res, sizeof(res), h->u.bdev.devno, 1) && /* acquire lock resource name */ + !fstat(h->flock_fd, &buf_a) && /* read inode id referred by fd */ + !stat(res, &buf_b) && /* does path file still exist? */ + same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */ + /* coverity[toctou] */ + if (unlink(res)) /* yes? unlink the file */ + log_dbg(cd, "Failed to unlink resource file: %s", res); + } + + if (h->mode == DEV_LOCK_NAME) + free(h->u.name.name); + + if (close(h->flock_fd)) + log_dbg(cd, "Failed to close lock resource fd (%d).", h->flock_fd); +} + +int device_locked(struct crypt_lock_handle *h) +{ + return (h && (h->type == DEV_LOCK_READ || h->type == DEV_LOCK_WRITE)); +} + +int device_locked_readonly(struct crypt_lock_handle *h) +{ + return (h && h->type == DEV_LOCK_READ); +} + +static int verify_lock_handle(const char *device_path, struct crypt_lock_handle *h) +{ + char res[PATH_MAX]; + struct stat lck_st, res_st; + + /* we locked a regular file, check during device_open() instead. No reason to check now */ + if (h->mode == DEV_LOCK_FILE) + return 0; + + if (h->mode == DEV_LOCK_NAME) { + if (resource_by_name(res, sizeof(res), h->u.name.name, true)) + return -EINVAL; + } else if (h->mode == DEV_LOCK_BDEV) { + if (resource_by_devno(res, sizeof(res), h->u.bdev.devno, true)) + return -EINVAL; + } else + return -EINVAL; + + if (fstat(h->flock_fd, &lck_st)) + return -EINVAL; + + return (stat(res, &res_st) || !same_inode(lck_st, res_st)) ? -EAGAIN : 0; +} + +static unsigned device_lock_inc(struct crypt_lock_handle *h) +{ + return ++h->refcnt; +} + +static unsigned device_lock_dec(struct crypt_lock_handle *h) +{ + assert(h->refcnt); + + return --h->refcnt; +} + +static int acquire_and_verify(struct crypt_device *cd, struct device *device, const char *resource, int flock_op, struct crypt_lock_handle **lock) +{ + int r; + struct crypt_lock_handle *h; + + if (device && resource) + return -EINVAL; + + if (!(h = malloc(sizeof(*h)))) + return -ENOMEM; + + do { + r = device ? acquire_lock_handle(cd, device, h) : acquire_lock_handle_by_name(cd, resource, h); + if (r < 0) + break; + + if (flock(h->flock_fd, flock_op)) { + log_dbg(cd, "Flock on fd %d failed with errno %d.", h->flock_fd, errno); + r = (errno == EWOULDBLOCK) ? -EBUSY : -EINVAL; + release_lock_handle(cd, h); + break; + } + + log_dbg(cd, "Verifying lock handle for %s.", device ? device_path(device) : resource); + + /* + * check whether another libcryptsetup process removed resource file before this + * one managed to flock() it. See release_lock_handle() for details + */ + r = verify_lock_handle(device_path(device), h); + if (r < 0) { + if (flock(h->flock_fd, LOCK_UN)) + log_dbg(cd, "flock on fd %d failed.", h->flock_fd); + release_lock_handle(cd, h); + log_dbg(cd, "Lock handle verification failed."); + } + } while (r == -EAGAIN); + + if (r < 0) { + free(h); + return r; + } + + *lock = h; + + return 0; +} + +int device_read_lock_internal(struct crypt_device *cd, struct device *device) +{ + int r; + struct crypt_lock_handle *h; + + if (!device) + return -EINVAL; + + h = device_get_lock_handle(device); + + if (device_locked(h)) { + device_lock_inc(h); + log_dbg(cd, "Device %s READ lock (or higher) already held.", device_path(device)); + return 0; + } + + log_dbg(cd, "Acquiring read lock for device %s.", device_path(device)); + + r = acquire_and_verify(cd, device, NULL, LOCK_SH, &h); + if (r < 0) + return r; + + h->type = DEV_LOCK_READ; + h->refcnt = 1; + device_set_lock_handle(device, h); + + log_dbg(cd, "Device %s READ lock taken.", device_path(device)); + + return 0; +} + +int device_write_lock_internal(struct crypt_device *cd, struct device *device) +{ + int r; + struct crypt_lock_handle *h; + + if (!device) + return -EINVAL; + + h = device_get_lock_handle(device); + + if (device_locked(h)) { + log_dbg(cd, "Device %s WRITE lock already held.", device_path(device)); + return device_lock_inc(h); + } + + log_dbg(cd, "Acquiring write lock for device %s.", device_path(device)); + + r = acquire_and_verify(cd, device, NULL, LOCK_EX, &h); + if (r < 0) + return r; + + h->type = DEV_LOCK_WRITE; + h->refcnt = 1; + device_set_lock_handle(device, h); + + log_dbg(cd, "Device %s WRITE lock taken.", device_path(device)); + + return 1; +} + +int crypt_read_lock(struct crypt_device *cd, const char *resource, bool blocking, struct crypt_lock_handle **lock) +{ + int r; + struct crypt_lock_handle *h; + + if (!resource) + return -EINVAL; + + log_dbg(cd, "Acquiring %sblocking read lock for resource %s.", blocking ? "" : "non", resource); + + r = acquire_and_verify(cd, NULL, resource, LOCK_SH | (blocking ? 0 : LOCK_NB), &h); + if (r < 0) + return r; + + h->type = DEV_LOCK_READ; + h->refcnt = 1; + + log_dbg(cd, "READ lock for resource %s taken.", resource); + + *lock = h; + + return 0; +} + +int crypt_write_lock(struct crypt_device *cd, const char *resource, bool blocking, struct crypt_lock_handle **lock) +{ + int r; + struct crypt_lock_handle *h; + + if (!resource) + return -EINVAL; + + log_dbg(cd, "Acquiring %sblocking write lock for resource %s.", blocking ? "" : "non", resource); + + r = acquire_and_verify(cd, NULL, resource, LOCK_EX | (blocking ? 0 : LOCK_NB), &h); + if (r < 0) + return r; + + h->type = DEV_LOCK_WRITE; + h->refcnt = 1; + + log_dbg(cd, "WRITE lock for resource %s taken.", resource); + + *lock = h; + + return 0; +} + +static void unlock_internal(struct crypt_device *cd, struct crypt_lock_handle *h) +{ + if (flock(h->flock_fd, LOCK_UN)) + log_dbg(cd, "flock on fd %d failed.", h->flock_fd); + release_lock_handle(cd, h); + free(h); +} + +void crypt_unlock_internal(struct crypt_device *cd, struct crypt_lock_handle *h) +{ + if (!h) + return; + + /* nested locks are illegal */ + assert(!device_lock_dec(h)); + + log_dbg(cd, "Unlocking %s lock for resource %s.", + device_locked_readonly(h) ? "READ" : "WRITE", h->u.name.name); + + unlock_internal(cd, h); +} + +void device_unlock_internal(struct crypt_device *cd, struct device *device) +{ + bool readonly; + struct crypt_lock_handle *h = device_get_lock_handle(device); + unsigned u = device_lock_dec(h); + + if (u) + return; + + readonly = device_locked_readonly(h); + + unlock_internal(cd, h); + + log_dbg(cd, "Device %s %s lock released.", device_path(device), + readonly ? "READ" : "WRITE"); + + device_set_lock_handle(device, NULL); +} + +int device_locked_verify(struct crypt_device *cd, int dev_fd, struct crypt_lock_handle *h) +{ + char res[PATH_MAX]; + struct stat dev_st, lck_st, st; + + if (fstat(dev_fd, &dev_st) || fstat(h->flock_fd, &lck_st)) + return 1; + + /* if device handle is regular file the handle must match the lock handle */ + if (S_ISREG(dev_st.st_mode)) { + log_dbg(cd, "Veryfing locked device handle (regular file)"); + if (!same_inode(dev_st, lck_st)) + return 1; + } else if (S_ISBLK(dev_st.st_mode)) { + log_dbg(cd, "Veryfing locked device handle (bdev)"); + if (resource_by_devno(res, sizeof(res), dev_st.st_rdev, 1) || + stat(res, &st) || + !same_inode(lck_st, st)) + return 1; + } else + return 1; + + return 0; +} diff --git a/lib/utils_device_locking.h b/lib/utils_device_locking.h new file mode 100644 index 0000000..41d0934 --- /dev/null +++ b/lib/utils_device_locking.h @@ -0,0 +1,47 @@ +/* + * Metadata on-disk locking for processes serialization + * + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRYPTSETUP_UTILS_LOCKING_H +#define _CRYPTSETUP_UTILS_LOCKING_H + +struct crypt_device; +struct crypt_lock_handle; +struct device; + +int device_locked_readonly(struct crypt_lock_handle *h); +int device_locked(struct crypt_lock_handle *h); + +int device_read_lock_internal(struct crypt_device *cd, struct device *device); +int device_write_lock_internal(struct crypt_device *cd, struct device *device); +void device_unlock_internal(struct crypt_device *cd, struct device *device); + +int device_locked_verify(struct crypt_device *cd, int fd, struct crypt_lock_handle *h); + +int crypt_read_lock(struct crypt_device *cd, const char *name, bool blocking, struct crypt_lock_handle **lock); +int crypt_write_lock(struct crypt_device *cd, const char *name, bool blocking, struct crypt_lock_handle **lock); +void crypt_unlock_internal(struct crypt_device *cd, struct crypt_lock_handle *h); + + +/* Used only in device internal allocation */ +void device_set_lock_handle(struct device *device, struct crypt_lock_handle *h); +struct crypt_lock_handle *device_get_lock_handle(struct device *device); + +#endif diff --git a/lib/utils_devpath.c b/lib/utils_devpath.c index 963785a..b6c8975 100644 --- a/lib/utils_devpath.c +++ b/lib/utils_devpath.c @@ -1,10 +1,10 @@ /* * devname - search for device name * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2013, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -26,11 +26,13 @@ #include #include #include -#include #include #include #include #include +#ifdef HAVE_SYS_SYSMACROS_H +# include /* for major, minor */ +#endif #include "internal.h" static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level) @@ -108,7 +110,7 @@ static char *lookup_dev_old(int major, int minor) return result; /* If it is dm, try DM dir */ - if (dm_is_dm_device(major, minor)) { + if (dm_is_dm_device(major)) { strncpy(buf, dm_get_dir(), PATH_MAX); if ((result = __lookup_dev(buf, dev, 0, 0))) return result; @@ -276,24 +278,30 @@ char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t major(st.st_rdev), minor(st.st_rdev)) < 0) return NULL; + dir = opendir(path); + if (!dir) + return NULL; + len = readlink(path, link, sizeof(link) - 1); - if (len < 0) + if (len < 0) { + closedir(dir); return NULL; + } /* Get top level disk name for sysfs search */ link[len] = '\0'; devname = strrchr(link, '/'); - if (!devname) + if (!devname) { + closedir(dir); return NULL; + } devname++; /* DM devices do not use kernel partitions. */ - if (dm_is_dm_kernel_name(devname)) - return NULL; - - dir = opendir(path); - if (!dir) + if (dm_is_dm_kernel_name(devname)) { + closedir(dir); return NULL; + } devname_len = strlen(devname); while((entry = readdir(dir))) { @@ -362,3 +370,88 @@ char *crypt_get_base_device(const char *dev_path) snprintf(part_path, sizeof(part_path), "/dev/%s", devname); return strdup(part_path); } + +int lookup_by_disk_id(const char *dm_uuid) +{ + struct dirent *entry; + struct stat st; + int r = 0; /* not found */ + DIR *dir = opendir("/dev/disk/by-id"); + + if (!dir) + /* map ENOTDIR to ENOENT we'll handle both errors same */ + return errno == ENOTDIR ? -ENOENT : -errno; + + while ((entry = readdir(dir))) { + if (entry->d_name[0] == '.' || + !strncmp(entry->d_name, "..", 2)) + continue; + + if (fstatat(dirfd(dir), entry->d_name, &st, AT_SYMLINK_NOFOLLOW)) { + r = -EINVAL; + break; + } + + if (!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) + continue; + + if (!strncmp(entry->d_name, dm_uuid, strlen(dm_uuid))) { + r = 1; + break; + } + } + + closedir(dir); + + return r; +} + +int lookup_by_sysfs_uuid_field(const char *dm_uuid, size_t max_len) +{ + struct dirent *entry; + char subpath[PATH_MAX], uuid[max_len]; + ssize_t s; + struct stat st; + int fd, len, r = 0; /* not found */ + DIR *dir = opendir("/sys/block/"); + + if (!dir) + /* map ENOTDIR to ENOENT we'll handle both errors same */ + return errno == ENOTDIR ? -ENOENT : -errno; + + while (r != 1 && (entry = readdir(dir))) { + if (entry->d_name[0] == '.' || + !strncmp(entry->d_name, "..", 2)) + continue; + + len = snprintf(subpath, PATH_MAX, "%s/%s", entry->d_name, "dm/uuid"); + if (len < 0 || len >= PATH_MAX) { + r = -EINVAL; + break; + } + + /* looking for dm-X/dm/uuid file, symlinks are fine */ + fd = openat(dirfd(dir), subpath, O_RDONLY | O_CLOEXEC); + if (fd < 0) + continue; + + if (fstat(fd, &st) || !S_ISREG(st.st_mode)) { + close(fd); + continue; + } + + /* reads binary data */ + s = read_buffer(fd, uuid, max_len - 1); + if (s > 0) { + uuid[s] = '\0'; + if (!strncmp(uuid, dm_uuid, strlen(dm_uuid))) + r = 1; + } + + close(fd); + } + + closedir(dir); + + return r; +} diff --git a/lib/utils_dm.h b/lib/utils_dm.h index cd8b653..1501eb5 100644 --- a/lib/utils_dm.h +++ b/lib/utils_dm.h @@ -1,10 +1,10 @@ /* * libdevmapper - device-mapper backend for cryptsetup * - * Copyright (C) 2004, Jana Saout - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2015, Milan Broz + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -31,6 +31,18 @@ struct crypt_device; struct volume_key; struct crypt_params_verity; struct device; +struct crypt_params_integrity; + +/* Device mapper internal flags */ +#define DM_RESUME_PRIVATE (1 << 4) /* CRYPT_ACTIVATE_PRIVATE */ +#define DM_SUSPEND_SKIP_LOCKFS (1 << 5) +#define DM_SUSPEND_WIPE_KEY (1 << 6) +#define DM_SUSPEND_NOFLUSH (1 << 7) + +static inline uint32_t act2dmflags(uint32_t act_flags) +{ + return (act_flags & DM_RESUME_PRIVATE); +} /* Device mapper backend - kernel support flags */ #define DM_KEY_WIPE_SUPPORTED (1 << 0) /* key wipe message */ @@ -42,71 +54,178 @@ struct device; #define DM_TCW_SUPPORTED (1 << 6) /* tcw (TCRYPT CBC with whitening) */ #define DM_SAME_CPU_CRYPT_SUPPORTED (1 << 7) /* same_cpu_crypt */ #define DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */ - -uint32_t dm_flags(void); +#define DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */ +#define DM_VERITY_FEC_SUPPORTED (1 << 10) /* Forward Error Correction (FEC) */ +#define DM_KERNEL_KEYRING_SUPPORTED (1 << 11) /* dm-crypt allows loading kernel keyring keys */ +#define DM_INTEGRITY_SUPPORTED (1 << 12) /* dm-integrity target supported */ +#define DM_SECTOR_SIZE_SUPPORTED (1 << 13) /* support for sector size setting in dm-crypt/dm-integrity */ +#define DM_CAPI_STRING_SUPPORTED (1 << 14) /* support for cryptoapi format cipher definition */ +#define DM_DEFERRED_SUPPORTED (1 << 15) /* deferred removal of device */ +#define DM_INTEGRITY_RECALC_SUPPORTED (1 << 16) /* dm-integrity automatic recalculation supported */ +#define DM_INTEGRITY_BITMAP_SUPPORTED (1 << 17) /* dm-integrity bitmap mode supported */ +#define DM_GET_TARGET_VERSION_SUPPORTED (1 << 18) /* dm DM_GET_TARGET version ioctl supported */ +#define DM_INTEGRITY_FIX_PADDING_SUPPORTED (1 << 19) /* supports the parameter fix_padding that fixes a bug that caused excessive padding */ +#define DM_BITLK_EBOIV_SUPPORTED (1 << 20) /* EBOIV for BITLK supported */ +#define DM_BITLK_ELEPHANT_SUPPORTED (1 << 21) /* Elephant diffuser for BITLK supported */ +#define DM_VERITY_SIGNATURE_SUPPORTED (1 << 22) /* Verity option root_hash_sig_key_desc supported */ +#define DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */ + +typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type; +enum tdirection { TARGET_SET = 1, TARGET_QUERY }; + +int dm_flags(struct crypt_device *cd, dm_target_type target, uint32_t *flags); #define DM_ACTIVE_DEVICE (1 << 0) #define DM_ACTIVE_UUID (1 << 1) +#define DM_ACTIVE_HOLDERS (1 << 2) -#define DM_ACTIVE_CRYPT_CIPHER (1 << 2) -#define DM_ACTIVE_CRYPT_KEYSIZE (1 << 3) -#define DM_ACTIVE_CRYPT_KEY (1 << 4) +#define DM_ACTIVE_CRYPT_CIPHER (1 << 3) +#define DM_ACTIVE_CRYPT_KEYSIZE (1 << 4) +#define DM_ACTIVE_CRYPT_KEY (1 << 5) -#define DM_ACTIVE_VERITY_ROOT_HASH (1 << 5) -#define DM_ACTIVE_VERITY_HASH_DEVICE (1 << 6) -#define DM_ACTIVE_VERITY_PARAMS (1 << 7) +#define DM_ACTIVE_VERITY_ROOT_HASH (1 << 6) +#define DM_ACTIVE_VERITY_HASH_DEVICE (1 << 7) +#define DM_ACTIVE_VERITY_PARAMS (1 << 8) -struct crypt_dm_active_device { - enum { DM_CRYPT = 0, DM_VERITY } target; - uint64_t size; /* active device size */ - uint32_t flags; /* activation flags */ - const char *uuid; +#define DM_ACTIVE_INTEGRITY_PARAMS (1 << 9) + +struct dm_target { + dm_target_type type; + enum tdirection direction; + uint64_t offset; + uint64_t size; struct device *data_device; union { struct { const char *cipher; + const char *integrity; /* Active key for device */ struct volume_key *vk; /* struct crypt_active_device */ uint64_t offset; /* offset in sectors */ - uint64_t iv_offset; /* IV initilisation sector */ + uint64_t iv_offset; /* IV initialisation sector */ + uint32_t tag_size; /* additional on-disk tag size */ + uint32_t sector_size; /* encryption sector size */ } crypt; struct { struct device *hash_device; + struct device *fec_device; const char *root_hash; uint32_t root_hash_size; + const char *root_hash_sig_key_desc; uint64_t hash_offset; /* hash offset in blocks (not header) */ + uint64_t hash_blocks; /* size of hash device (in hash blocks) */ + uint64_t fec_offset; /* FEC offset in blocks (not header) */ + uint64_t fec_blocks; /* size of FEC device (in hash blocks) */ struct crypt_params_verity *vp; } verity; + struct { + uint64_t journal_size; + uint32_t journal_watermark; + uint32_t journal_commit_time; + uint32_t interleave_sectors; + uint32_t tag_size; + uint64_t offset; /* offset in sectors */ + uint32_t sector_size; /* integrity sector size */ + uint32_t buffer_sectors; + + const char *integrity; + /* Active key for device */ + struct volume_key *vk; + + const char *journal_integrity; + struct volume_key *journal_integrity_key; + + const char *journal_crypt; + struct volume_key *journal_crypt_key; + + struct device *meta_device; + + bool fix_padding; + } integrity; + struct { + uint64_t offset; + } linear; + struct { + } zero; } u; + + char *params; + struct dm_target *next; }; -void dm_backend_init(void); -void dm_backend_exit(void); +struct crypt_dm_active_device { + uint64_t size; /* active device size */ + uint32_t flags; /* activation flags */ + const char *uuid; + + unsigned holders:1; /* device holders detected (on query only) */ -int dm_remove_device(struct crypt_device *cd, const char *name, - int force, uint64_t size); + struct dm_target segment; +}; + +static inline bool single_segment(const struct crypt_dm_active_device *dmd) +{ + return dmd && !dmd->segment.next; +} + +void dm_backend_init(struct crypt_device *cd); +void dm_backend_exit(struct crypt_device *cd); + +int dm_targets_allocate(struct dm_target *first, unsigned count); +void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd); + +int dm_crypt_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct volume_key *vk, const char *cipher, + uint64_t iv_offset, uint64_t data_offset, const char *integrity, + uint32_t tag_size, uint32_t sector_size); +int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, struct device *hash_device, struct device *fec_device, + const char *root_hash, uint32_t root_hash_size, const char *root_hash_sig_key_desc, + uint64_t hash_offset_block, uint64_t hash_blocks, struct crypt_params_verity *vp); +int dm_integrity_target_set(struct crypt_device *cd, + struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *meta_device, + struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size, + struct volume_key *vk, + struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key, + const struct crypt_params_integrity *ip); +int dm_linear_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size, + struct device *data_device, uint64_t data_offset); +int dm_zero_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size); + +int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags); int dm_status_device(struct crypt_device *cd, const char *name); int dm_status_suspended(struct crypt_device *cd, const char *name); int dm_status_verity_ok(struct crypt_device *cd, const char *name); +int dm_status_integrity_failures(struct crypt_device *cd, const char *name, uint64_t *count); int dm_query_device(struct crypt_device *cd, const char *name, uint32_t get_flags, struct crypt_dm_active_device *dmd); +int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix, + char **names, size_t names_length); int dm_create_device(struct crypt_device *cd, const char *name, - const char *type, struct crypt_dm_active_device *dmd, - int reload); -int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name); + const char *type, struct crypt_dm_active_device *dmd); +int dm_reload_device(struct crypt_device *cd, const char *name, + struct crypt_dm_active_device *dmd, uint32_t dmflags, unsigned resume); +int dm_suspend_device(struct crypt_device *cd, const char *name, uint32_t dmflags); +int dm_resume_device(struct crypt_device *cd, const char *name, uint32_t dmflags); int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name, - size_t key_size, const char *key); + const struct volume_key *vk); +int dm_error_device(struct crypt_device *cd, const char *name); +int dm_clear_device(struct crypt_device *cd, const char *name); const char *dm_get_dir(void); +int lookup_dm_dev_by_uuid(struct crypt_device *cd, const char *uuid, const char *type); + /* These are DM helpers used only by utils_devpath file */ -int dm_is_dm_device(int major, int minor); +int dm_is_dm_device(int major); int dm_is_dm_kernel_name(const char *name); char *dm_device_path(const char *prefix, int major, int minor); +char *dm_device_name(const char *path); #endif /* _UTILS_DM_H */ diff --git a/lib/utils_fips.c b/lib/utils_fips.c index d5a18d7..34b2dae 100644 --- a/lib/utils_fips.c +++ b/lib/utils_fips.c @@ -1,7 +1,7 @@ /* * FIPS mode utilities * - * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/utils_fips.h b/lib/utils_fips.h index 63765c4..2388ba6 100644 --- a/lib/utils_fips.h +++ b/lib/utils_fips.h @@ -1,7 +1,7 @@ /* * FIPS mode utilities * - * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved. + * Copyright (C) 2011-2020 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/lib/utils_io.c b/lib/utils_io.c new file mode 100644 index 0000000..3fae22b --- /dev/null +++ b/lib/utils_io.c @@ -0,0 +1,299 @@ +/* + * utils - miscellaneous I/O utilities for cryptsetup + * + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include +#include + +#include "utils_io.h" + +static ssize_t _read_buffer(int fd, void *buf, size_t length, volatile int *quit) +{ + size_t read_size = 0; + ssize_t r; + + if (fd < 0 || !buf) + return -EINVAL; + + do { + r = read(fd, buf, length - read_size); + if (r == -1 && errno != EINTR) + return r; + if (r > 0) { + read_size += (size_t)r; + buf = (uint8_t*)buf + r; + } + if (r == 0 || (quit && *quit)) + return (ssize_t)read_size; + } while (read_size != length); + + return (ssize_t)length; +} + +ssize_t read_buffer(int fd, void *buf, size_t length) +{ + return _read_buffer(fd, buf, length, NULL); +} + +ssize_t read_buffer_intr(int fd, void *buf, size_t length, volatile int *quit) +{ + return _read_buffer(fd, buf, length, quit); +} + +static ssize_t _write_buffer(int fd, const void *buf, size_t length, volatile int *quit) +{ + size_t write_size = 0; + ssize_t w; + + if (fd < 0 || !buf || !length) + return -EINVAL; + + do { + w = write(fd, buf, length - write_size); + if (w < 0 && errno != EINTR) + return w; + if (w > 0) { + write_size += (size_t) w; + buf = (const uint8_t*)buf + w; + } + if (w == 0 || (quit && *quit)) + return (ssize_t)write_size; + } while (write_size != length); + + return (ssize_t)write_size; +} + +ssize_t write_buffer(int fd, const void *buf, size_t length) +{ + return _write_buffer(fd, buf, length, NULL); +} + +ssize_t write_buffer_intr(int fd, const void *buf, size_t length, volatile int *quit) +{ + return _write_buffer(fd, buf, length, quit); +} + +ssize_t write_blockwise(int fd, size_t bsize, size_t alignment, + void *orig_buf, size_t length) +{ + void *hangover_buf = NULL, *buf = NULL; + size_t hangover, solid; + ssize_t r, ret = -1; + + if (fd == -1 || !orig_buf || !bsize || !alignment) + return -1; + + hangover = length % bsize; + solid = length - hangover; + + if ((size_t)orig_buf & (alignment - 1)) { + if (posix_memalign(&buf, alignment, length)) + return -1; + memcpy(buf, orig_buf, length); + } else + buf = orig_buf; + + if (solid) { + r = write_buffer(fd, buf, solid); + if (r < 0 || r != (ssize_t)solid) + goto out; + } + + if (hangover) { + if (posix_memalign(&hangover_buf, alignment, bsize)) + goto out; + memset(hangover_buf, 0, bsize); + + r = read_buffer(fd, hangover_buf, bsize); + if (r < 0) + goto out; + + if (lseek(fd, -(off_t)r, SEEK_CUR) < 0) + goto out; + + memcpy(hangover_buf, (char*)buf + solid, hangover); + + r = write_buffer(fd, hangover_buf, bsize); + if (r < 0 || r < (ssize_t)hangover) + goto out; + } + ret = length; +out: + free(hangover_buf); + if (buf != orig_buf) + free(buf); + return ret; +} + +ssize_t read_blockwise(int fd, size_t bsize, size_t alignment, + void *orig_buf, size_t length) +{ + void *hangover_buf = NULL, *buf = NULL; + size_t hangover, solid; + ssize_t r, ret = -1; + + if (fd == -1 || !orig_buf || !bsize || !alignment) + return -1; + + hangover = length % bsize; + solid = length - hangover; + + if ((size_t)orig_buf & (alignment - 1)) { + if (posix_memalign(&buf, alignment, length)) + return -1; + } else + buf = orig_buf; + + r = read_buffer(fd, buf, solid); + if (r < 0 || r != (ssize_t)solid) + goto out; + + if (hangover) { + if (posix_memalign(&hangover_buf, alignment, bsize)) + goto out; + r = read_buffer(fd, hangover_buf, bsize); + if (r < 0 || r < (ssize_t)hangover) + goto out; + + memcpy((char *)buf + solid, hangover_buf, hangover); + } + ret = length; +out: + free(hangover_buf); + if (buf != orig_buf) { + if (ret != -1) + memcpy(orig_buf, buf, length); + free(buf); + } + return ret; +} + +/* + * Combines llseek with blockwise write. write_blockwise can already deal with short writes + * but we also need a function to deal with short writes at the start. But this information + * is implicitly included in the read/write offset, which can not be set to non-aligned + * boundaries. Hence, we combine llseek with write. + */ +ssize_t write_lseek_blockwise(int fd, size_t bsize, size_t alignment, + void *buf, size_t length, off_t offset) +{ + void *frontPadBuf = NULL; + size_t frontHang, innerCount = 0; + ssize_t r, ret = -1; + + if (fd == -1 || !buf || !bsize || !alignment) + return -1; + + if (offset < 0) + offset = lseek(fd, offset, SEEK_END); + + if (offset < 0) + return -1; + + frontHang = offset % bsize; + + if (lseek(fd, offset - frontHang, SEEK_SET) < 0) + return -1; + + if (frontHang && length) { + if (posix_memalign(&frontPadBuf, alignment, bsize)) + return -1; + + innerCount = bsize - frontHang; + if (innerCount > length) + innerCount = length; + + r = read_buffer(fd, frontPadBuf, bsize); + if (r < 0 || r < (ssize_t)(frontHang + innerCount)) + goto out; + + memcpy((char*)frontPadBuf + frontHang, buf, innerCount); + + if (lseek(fd, offset - frontHang, SEEK_SET) < 0) + goto out; + + r = write_buffer(fd, frontPadBuf, bsize); + if (r < 0 || r != (ssize_t)bsize) + goto out; + + buf = (char*)buf + innerCount; + length -= innerCount; + } + + ret = length ? write_blockwise(fd, bsize, alignment, buf, length) : 0; + if (ret >= 0) + ret += innerCount; +out: + free(frontPadBuf); + return ret; +} + +ssize_t read_lseek_blockwise(int fd, size_t bsize, size_t alignment, + void *buf, size_t length, off_t offset) +{ + void *frontPadBuf = NULL; + size_t frontHang, innerCount = 0; + ssize_t r, ret = -1; + + if (fd == -1 || !buf || bsize <= 0) + return -1; + + if (offset < 0) + offset = lseek(fd, offset, SEEK_END); + + if (offset < 0) + return -1; + + frontHang = offset % bsize; + + if (lseek(fd, offset - frontHang, SEEK_SET) < 0) + return -1; + + if (frontHang && length) { + if (posix_memalign(&frontPadBuf, alignment, bsize)) + return -1; + + innerCount = bsize - frontHang; + if (innerCount > length) + innerCount = length; + + r = read_buffer(fd, frontPadBuf, bsize); + if (r < 0 || r < (ssize_t)(frontHang + innerCount)) + goto out; + + memcpy(buf, (char*)frontPadBuf + frontHang, innerCount); + + buf = (char*)buf + innerCount; + length -= innerCount; + } + + ret = read_blockwise(fd, bsize, alignment, buf, length); + if (ret >= 0) + ret += innerCount; +out: + free(frontPadBuf); + return ret; +} diff --git a/lib/utils_io.h b/lib/utils_io.h new file mode 100644 index 0000000..4e64d86 --- /dev/null +++ b/lib/utils_io.h @@ -0,0 +1,42 @@ +/* + * utils - miscellaneous I/O utilities for cryptsetup + * + * Copyright (C) 2004 Jana Saout + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRYPTSETUP_UTILS_IO_H +#define _CRYPTSETUP_UTILS_IO_H + +#include + +ssize_t read_buffer(int fd, void *buf, size_t length); +ssize_t read_buffer_intr(int fd, void *buf, size_t length, volatile int *quit); +ssize_t write_buffer(int fd, const void *buf, size_t length); +ssize_t write_buffer_intr(int fd, const void *buf, size_t length, volatile int *quit); +ssize_t write_blockwise(int fd, size_t bsize, size_t alignment, + void *orig_buf, size_t length); +ssize_t read_blockwise(int fd, size_t bsize, size_t alignment, + void *orig_buf, size_t length); +ssize_t write_lseek_blockwise(int fd, size_t bsize, size_t alignment, + void *buf, size_t length, off_t offset); +ssize_t read_lseek_blockwise(int fd, size_t bsize, size_t alignment, + void *buf, size_t length, off_t offset); + +#endif diff --git a/lib/utils_keyring.c b/lib/utils_keyring.c new file mode 100644 index 0000000..6e22c19 --- /dev/null +++ b/lib/utils_keyring.c @@ -0,0 +1,242 @@ +/* + * kernel keyring utilities + * + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include + +#include "libcryptsetup.h" +#include "utils_keyring.h" + +#ifndef HAVE_KEY_SERIAL_T +#define HAVE_KEY_SERIAL_T +typedef int32_t key_serial_t; +#endif + +#ifndef ARRAY_SIZE +# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) +#endif + +#ifdef KERNEL_KEYRING + +static const struct { + key_type_t type; + const char *type_name; +} key_types[] = { + { LOGON_KEY, "logon" }, + { USER_KEY, "user" }, +}; + +#include + +/* request_key */ +static key_serial_t request_key(const char *type, + const char *description, + const char *callout_info, + key_serial_t keyring) +{ + return syscall(__NR_request_key, type, description, callout_info, keyring); +} + +/* add_key */ +static key_serial_t add_key(const char *type, + const char *description, + const void *payload, + size_t plen, + key_serial_t keyring) +{ + return syscall(__NR_add_key, type, description, payload, plen, keyring); +} + +/* keyctl_read */ +static long keyctl_read(key_serial_t key, char *buffer, size_t buflen) +{ + return syscall(__NR_keyctl, KEYCTL_READ, key, buffer, buflen); +} + +/* keyctl_revoke */ +static long keyctl_revoke(key_serial_t key) +{ + return syscall(__NR_keyctl, KEYCTL_REVOKE, key); +} + +/* keyctl_unlink */ +static long keyctl_unlink(key_serial_t key, key_serial_t keyring) +{ + return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring); +} +#endif + +int keyring_check(void) +{ +#ifdef KERNEL_KEYRING + /* logon type key descriptions must be in format "prefix:description" */ + return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS; +#else + return 0; +#endif +} + +int keyring_add_key_in_thread_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size) +{ +#ifdef KERNEL_KEYRING + key_serial_t kid; + const char *type_name = key_type_name(ktype); + + if (!type_name || !key_desc) + return -EINVAL; + + kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_THREAD_KEYRING); + if (kid < 0) + return -errno; + + return 0; +#else + return -ENOTSUP; +#endif +} + +/* currently used in client utilities only */ +int keyring_add_key_in_user_keyring(key_type_t ktype, const char *key_desc, const void *key, size_t key_size) +{ +#ifdef KERNEL_KEYRING + const char *type_name = key_type_name(ktype); + key_serial_t kid; + + if (!type_name || !key_desc) + return -EINVAL; + + kid = add_key(type_name, key_desc, key, key_size, KEY_SPEC_USER_KEYRING); + if (kid < 0) + return -errno; + + return 0; +#else + return -ENOTSUP; +#endif +} + +/* alias for the same code */ +int keyring_get_key(const char *key_desc, + char **key, + size_t *key_size) +{ + return keyring_get_passphrase(key_desc, key, key_size); +} + +int keyring_get_passphrase(const char *key_desc, + char **passphrase, + size_t *passphrase_len) +{ +#ifdef KERNEL_KEYRING + int err; + key_serial_t kid; + long ret; + char *buf = NULL; + size_t len = 0; + + do + kid = request_key(key_type_name(USER_KEY), key_desc, NULL, 0); + while (kid < 0 && errno == EINTR); + + if (kid < 0) + return -errno; + + /* just get payload size */ + ret = keyctl_read(kid, NULL, 0); + if (ret > 0) { + len = ret; + buf = malloc(len); + if (!buf) + return -ENOMEM; + + /* retrieve actual payload data */ + ret = keyctl_read(kid, buf, len); + } + + if (ret < 0) { + err = errno; + if (buf) + crypt_safe_memzero(buf, len); + free(buf); + return -err; + } + + *passphrase = buf; + *passphrase_len = len; + + return 0; +#else + return -ENOTSUP; +#endif +} + +static int keyring_revoke_and_unlink_key_type(const char *type_name, const char *key_desc) +{ +#ifdef KERNEL_KEYRING + key_serial_t kid; + + if (!type_name || !key_desc) + return -EINVAL; + + do + kid = request_key(type_name, key_desc, NULL, 0); + while (kid < 0 && errno == EINTR); + + if (kid < 0) + return 0; + + if (keyctl_revoke(kid)) + return -errno; + + /* + * best effort only. the key could have been linked + * in some other keyring and its payload is now + * revoked anyway. + */ + keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING); + keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING); + keyctl_unlink(kid, KEY_SPEC_USER_KEYRING); + + return 0; +#else + return -ENOTSUP; +#endif +} + +const char *key_type_name(key_type_t type) +{ +#ifdef KERNEL_KEYRING + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(key_types); i++) + if (type == key_types[i].type) + return key_types[i].type_name; +#endif + return NULL; +} + +int keyring_revoke_and_unlink_key(key_type_t ktype, const char *key_desc) +{ + return keyring_revoke_and_unlink_key_type(key_type_name(ktype), key_desc); +} diff --git a/lib/utils_keyring.h b/lib/utils_keyring.h new file mode 100644 index 0000000..37a5ac6 --- /dev/null +++ b/lib/utils_keyring.h @@ -0,0 +1,55 @@ +/* + * kernel keyring syscall wrappers + * + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Ondrej Kozina + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _UTILS_KEYRING +#define _UTILS_KEYRING + +#include + +typedef enum { LOGON_KEY = 0, USER_KEY } key_type_t; + +const char *key_type_name(key_type_t ktype); + +int keyring_check(void); + +int keyring_get_key(const char *key_desc, + char **key, + size_t *key_size); + +int keyring_get_passphrase(const char *key_desc, + char **passphrase, + size_t *passphrase_len); + +int keyring_add_key_in_thread_keyring( + key_type_t ktype, + const char *key_desc, + const void *key, + size_t key_size); + +int keyring_add_key_in_user_keyring( + key_type_t ktype, + const char *key_desc, + const void *key, + size_t key_size); + +int keyring_revoke_and_unlink_key(key_type_t ktype, const char *key_desc); + +#endif diff --git a/lib/utils_loop.c b/lib/utils_loop.c index d7b03a1..9696a40 100644 --- a/lib/utils_loop.c +++ b/lib/utils_loop.c @@ -1,8 +1,8 @@ /* * loopback block device utilities * - * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2012, Milan Broz + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,6 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include #include #include #include @@ -28,6 +29,9 @@ #include #include #include +#ifdef HAVE_SYS_SYSMACROS_H +# include /* for major, minor */ +#endif #include #include "utils_loop.h" @@ -42,6 +46,10 @@ #define LOOP_CTL_GET_FREE 0x4C82 #endif +#ifndef LOOP_SET_CAPACITY +#define LOOP_SET_CAPACITY 0x4C07 +#endif + static char *crypt_loop_get_device_old(void) { char dev[20]; @@ -66,7 +74,7 @@ static char *crypt_loop_get_device_old(void) return NULL; } -char *crypt_loop_get_device(void) +static char *crypt_loop_get_device(void) { char dev[64]; int i, loop_fd; @@ -92,12 +100,15 @@ char *crypt_loop_get_device(void) return strdup(dev); } -int crypt_loop_attach(const char *loop, const char *file, int offset, +int crypt_loop_attach(char **loop, const char *file, int offset, int autoclear, int *readonly) { struct loop_info64 lo64 = {0}; + char *lo_file_name; int loop_fd = -1, file_fd = -1, r = 1; + *loop = NULL; + file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL); if (file_fd < 0 && (errno == EROFS || errno == EACCES) && !*readonly) { *readonly = 1; @@ -106,18 +117,33 @@ int crypt_loop_attach(const char *loop, const char *file, int offset, if (file_fd < 0) goto out; - loop_fd = open(loop, *readonly ? O_RDONLY : O_RDWR); - if (loop_fd < 0) - goto out; + while (loop_fd < 0) { + *loop = crypt_loop_get_device(); + if (!*loop) + goto out; - strncpy((char*)lo64.lo_file_name, file, LO_NAME_SIZE); + loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR); + if (loop_fd < 0) + goto out; + + if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) { + if (errno != EBUSY) + goto out; + free(*loop); + *loop = NULL; + + close(loop_fd); + loop_fd = -1; + } + } + + lo_file_name = (char*)lo64.lo_file_name; + lo_file_name[LO_NAME_SIZE-1] = '\0'; + strncpy(lo_file_name, file, LO_NAME_SIZE-1); lo64.lo_offset = offset; if (autoclear) lo64.lo_flags |= LO_FLAGS_AUTOCLEAR; - if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) - goto out; - if (ioctl(loop_fd, LOOP_SET_STATUS64, &lo64) < 0) { (void)ioctl(loop_fd, LOOP_CLR_FD, 0); goto out; @@ -139,6 +165,10 @@ out: close(loop_fd); if (file_fd >= 0) close(file_fd); + if (r && *loop) { + free(*loop); + *loop = NULL; + } return r ? -1 : loop_fd; } @@ -157,6 +187,21 @@ int crypt_loop_detach(const char *loop) return r; } +int crypt_loop_resize(const char *loop) +{ + int loop_fd = -1, r = 1; + + loop_fd = open(loop, O_RDONLY); + if (loop_fd < 0) + return 1; + + if (!ioctl(loop_fd, LOOP_SET_CAPACITY, 0)) + r = 0; + + close(loop_fd); + return r; +} + static char *_ioctl_backing_file(const char *loop) { struct loop_info64 lo64 = {0}; @@ -207,7 +252,12 @@ static char *_sysfs_backing_file(const char *loop) char *crypt_loop_backing_file(const char *loop) { - char *bf = _sysfs_backing_file(loop); + char *bf; + + if (!crypt_loop_device(loop)) + return NULL; + + bf = _sysfs_backing_file(loop); return bf ?: _ioctl_backing_file(loop); } diff --git a/lib/utils_loop.h b/lib/utils_loop.h index 052623d..a3572dc 100644 --- a/lib/utils_loop.h +++ b/lib/utils_loop.h @@ -1,7 +1,8 @@ /* * loopback block device utilities * - * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -23,11 +24,11 @@ /* loopback device helpers */ -char *crypt_loop_get_device(void); char *crypt_loop_backing_file(const char *loop); int crypt_loop_device(const char *loop); -int crypt_loop_attach(const char *loop, const char *file, int offset, +int crypt_loop_attach(char **loop, const char *file, int offset, int autoclear, int *readonly); int crypt_loop_detach(const char *loop); +int crypt_loop_resize(const char *loop); #endif /* _UTILS_LOOP_H */ diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c new file mode 100644 index 0000000..967bb2c --- /dev/null +++ b/lib/utils_pbkdf.c @@ -0,0 +1,333 @@ +/* + * utils_pbkdf - PBKDF settings for libcryptsetup + * + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +#include "internal.h" + +const struct crypt_pbkdf_type default_pbkdf2 = { + .type = CRYPT_KDF_PBKDF2, + .hash = DEFAULT_LUKS1_HASH, + .time_ms = DEFAULT_LUKS1_ITER_TIME +}; + +const struct crypt_pbkdf_type default_argon2i = { + .type = CRYPT_KDF_ARGON2I, + .hash = DEFAULT_LUKS1_HASH, + .time_ms = DEFAULT_LUKS2_ITER_TIME, + .max_memory_kb = DEFAULT_LUKS2_MEMORY_KB, + .parallel_threads = DEFAULT_LUKS2_PARALLEL_THREADS +}; + +const struct crypt_pbkdf_type default_argon2id = { + .type = CRYPT_KDF_ARGON2ID, + .hash = DEFAULT_LUKS1_HASH, + .time_ms = DEFAULT_LUKS2_ITER_TIME, + .max_memory_kb = DEFAULT_LUKS2_MEMORY_KB, + .parallel_threads = DEFAULT_LUKS2_PARALLEL_THREADS +}; + +const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_type) +{ + if (!pbkdf_type) + return NULL; + + if (!strcmp(pbkdf_type, CRYPT_KDF_PBKDF2)) + return &default_pbkdf2; + else if (!strcmp(pbkdf_type, CRYPT_KDF_ARGON2I)) + return &default_argon2i; + else if (!strcmp(pbkdf_type, CRYPT_KDF_ARGON2ID)) + return &default_argon2id; + + return NULL; +} + +static uint32_t adjusted_phys_memory(void) +{ + uint64_t memory_kb = crypt_getphysmemory_kb(); + + /* Ignore bogus value */ + if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX) + return DEFAULT_LUKS2_MEMORY_KB; + + /* + * Never use more than half of physical memory. + * OOM killer is too clever... + */ + memory_kb /= 2; + + return memory_kb; +} + +/* + * PBKDF configuration interface + */ +int verify_pbkdf_params(struct crypt_device *cd, + const struct crypt_pbkdf_type *pbkdf) +{ + struct crypt_pbkdf_limits pbkdf_limits; + const char *pbkdf_type; + int r; + + r = init_crypto(cd); + if (r < 0) + return r; + + if (!pbkdf->type || + (!pbkdf->hash && !strcmp(pbkdf->type, "pbkdf2"))) + return -EINVAL; + + if (!pbkdf->time_ms && !(pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK)) { + log_err(cd, _("Requested PBKDF target time cannot be zero.")); + return -EINVAL; + } + + r = crypt_parse_pbkdf(pbkdf->type, &pbkdf_type); + if (r < 0) { + log_err(cd, _("Unknown PBKDF type %s."), pbkdf->type); + return r; + } + + if (pbkdf->hash && crypt_hash_size(pbkdf->hash) < 0) { + log_err(cd, _("Requested hash %s is not supported."), pbkdf->hash); + return -EINVAL; + } + + r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits); + if (r < 0) + return r; + + if (crypt_get_type(cd) && + !strcmp(crypt_get_type(cd), CRYPT_LUKS1) && + strcmp(pbkdf_type, CRYPT_KDF_PBKDF2)) { + log_err(cd, _("Requested PBKDF type is not supported for LUKS1.")); + return -EINVAL; + } + + if (!strcmp(pbkdf_type, CRYPT_KDF_PBKDF2)) { + if (pbkdf->max_memory_kb || pbkdf->parallel_threads) { + log_err(cd, _("PBKDF max memory or parallel threads must not be set with pbkdf2.")); + return -EINVAL; + } + if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK && + pbkdf->iterations < pbkdf_limits.min_iterations) { + log_err(cd, _("Forced iteration count is too low for %s (minimum is %u)."), + pbkdf_type, pbkdf_limits.min_iterations); + return -EINVAL; + } + return 0; + } + + /* TODO: properly define minimal iterations and also minimal memory values */ + if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) { + if (pbkdf->iterations < pbkdf_limits.min_iterations) { + log_err(cd, _("Forced iteration count is too low for %s (minimum is %u)."), + pbkdf_type, pbkdf_limits.min_iterations); + r = -EINVAL; + } + if (pbkdf->max_memory_kb < pbkdf_limits.min_memory) { + log_err(cd, _("Forced memory cost is too low for %s (minimum is %u kilobytes)."), + pbkdf_type, pbkdf_limits.min_memory); + r = -EINVAL; + } + } + + if (pbkdf->max_memory_kb > pbkdf_limits.max_memory) { + log_err(cd, _("Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."), + pbkdf_limits.max_memory); + r = -EINVAL; + } + if (!pbkdf->max_memory_kb) { + log_err(cd, _("Requested maximum PBKDF memory cannot be zero.")); + r = -EINVAL; + } + if (!pbkdf->parallel_threads) { + log_err(cd, _("Requested PBKDF parallel threads cannot be zero.")); + r = -EINVAL; + } + + return r; +} + +int init_pbkdf_type(struct crypt_device *cd, + const struct crypt_pbkdf_type *pbkdf, + const char *dev_type) +{ + struct crypt_pbkdf_type *cd_pbkdf = crypt_get_pbkdf(cd); + struct crypt_pbkdf_limits pbkdf_limits; + const char *hash, *type; + unsigned cpus; + uint32_t old_flags, memory_kb; + int r; + + if (crypt_fips_mode()) { + if (pbkdf && strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) { + log_err(cd, _("Only PBKDF2 is supported in FIPS mode.")); + return -EINVAL; + } + if (!pbkdf) + pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2); + } + + if (!pbkdf && dev_type && !strcmp(dev_type, CRYPT_LUKS2)) + pbkdf = crypt_get_pbkdf_type_params(DEFAULT_LUKS2_PBKDF); + else if (!pbkdf) + pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2); + + r = verify_pbkdf_params(cd, pbkdf); + if (r) + return r; + + r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits); + if (r < 0) + return r; + + type = strdup(pbkdf->type); + hash = pbkdf->hash ? strdup(pbkdf->hash) : NULL; + + if (!type || (!hash && pbkdf->hash)) { + free(CONST_CAST(void*)type); + free(CONST_CAST(void*)hash); + return -ENOMEM; + } + + free(CONST_CAST(void*)cd_pbkdf->type); + free(CONST_CAST(void*)cd_pbkdf->hash); + cd_pbkdf->type = type; + cd_pbkdf->hash = hash; + + old_flags = cd_pbkdf->flags; + cd_pbkdf->flags = pbkdf->flags; + + /* Reset iteration count so benchmark must run again. */ + if (cd_pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) + cd_pbkdf->iterations = pbkdf->iterations; + else + cd_pbkdf->iterations = 0; + + if (old_flags & CRYPT_PBKDF_ITER_TIME_SET) + cd_pbkdf->flags |= CRYPT_PBKDF_ITER_TIME_SET; + else + cd_pbkdf->time_ms = pbkdf->time_ms; + + cd_pbkdf->max_memory_kb = pbkdf->max_memory_kb; + cd_pbkdf->parallel_threads = pbkdf->parallel_threads; + + if (cd_pbkdf->parallel_threads > pbkdf_limits.max_parallel) { + log_dbg(cd, "Maximum PBKDF threads is %d (requested %d).", + pbkdf_limits.max_parallel, cd_pbkdf->parallel_threads); + cd_pbkdf->parallel_threads = pbkdf_limits.max_parallel; + } + + if (cd_pbkdf->parallel_threads) { + cpus = crypt_cpusonline(); + if (cd_pbkdf->parallel_threads > cpus) { + log_dbg(cd, "Only %u active CPUs detected, " + "PBKDF threads decreased from %d to %d.", + cpus, cd_pbkdf->parallel_threads, cpus); + cd_pbkdf->parallel_threads = cpus; + } + } + + if (cd_pbkdf->max_memory_kb) { + memory_kb = adjusted_phys_memory(); + if (cd_pbkdf->max_memory_kb > memory_kb) { + log_dbg(cd, "Not enough physical memory detected, " + "PBKDF max memory decreased from %dkB to %dkB.", + cd_pbkdf->max_memory_kb, memory_kb); + cd_pbkdf->max_memory_kb = memory_kb; + } + } + + if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) + log_dbg(cd, "PBKDF %s-%s, time_ms %u (iterations %u).", + cd_pbkdf->type, cd_pbkdf->hash, cd_pbkdf->time_ms, cd_pbkdf->iterations); + else + log_dbg(cd, "PBKDF %s, time_ms %u (iterations %u), max_memory_kb %u, parallel_threads %u.", + cd_pbkdf->type, cd_pbkdf->time_ms, cd_pbkdf->iterations, + cd_pbkdf->max_memory_kb, cd_pbkdf->parallel_threads); + + return 0; +} + +/* Libcryptsetup API */ + +int crypt_set_pbkdf_type(struct crypt_device *cd, const struct crypt_pbkdf_type *pbkdf) +{ + if (!cd) + return -EINVAL; + + if (!pbkdf) + log_dbg(cd, "Resetting pbkdf type to default"); + + crypt_get_pbkdf(cd)->flags = 0; + + return init_pbkdf_type(cd, pbkdf, crypt_get_type(cd)); +} + +const struct crypt_pbkdf_type *crypt_get_pbkdf_type(struct crypt_device *cd) +{ + if (!cd) + return NULL; + + return crypt_get_pbkdf(cd)->type ? crypt_get_pbkdf(cd) : NULL; +} + +const struct crypt_pbkdf_type *crypt_get_pbkdf_default(const char *type) +{ + if (!type) + return NULL; + + if (!strcmp(type, CRYPT_LUKS1) || crypt_fips_mode()) + return crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2); + else if (!strcmp(type, CRYPT_LUKS2)) + return crypt_get_pbkdf_type_params(DEFAULT_LUKS2_PBKDF); + + return NULL; +} + +void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms) +{ + struct crypt_pbkdf_type *pbkdf; + uint32_t old_time_ms; + + if (!cd || iteration_time_ms > UINT32_MAX) + return; + + pbkdf = crypt_get_pbkdf(cd); + old_time_ms = pbkdf->time_ms; + pbkdf->time_ms = (uint32_t)iteration_time_ms; + + if (pbkdf->type && verify_pbkdf_params(cd, pbkdf)) { + pbkdf->time_ms = old_time_ms; + log_dbg(cd, "Invalid iteration time."); + return; + } + + pbkdf->flags |= CRYPT_PBKDF_ITER_TIME_SET; + + /* iterations must be benchmarked now */ + pbkdf->flags &= ~(CRYPT_PBKDF_NO_BENCHMARK); + pbkdf->iterations = 0; + + log_dbg(cd, "Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms); +} diff --git a/lib/utils_safe_memory.c b/lib/utils_safe_memory.c new file mode 100644 index 0000000..8c1fb5c --- /dev/null +++ b/lib/utils_safe_memory.c @@ -0,0 +1,102 @@ +/* + * utils_safe_memory - safe memory helpers + * + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include "libcryptsetup.h" + +struct safe_allocation { + size_t size; + char data[0]; +}; + +/* + * Replacement for memset(s, 0, n) on stack that can be optimized out + * Also used in safe allocations for explicit memory wipe. + */ +void crypt_safe_memzero(void *data, size_t size) +{ +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(data, size); +#else + volatile uint8_t *p = (volatile uint8_t *)data; + + while(size--) + *p++ = 0; +#endif +} + +/* safe allocations */ +void *crypt_safe_alloc(size_t size) +{ + struct safe_allocation *alloc; + + if (!size || size > (SIZE_MAX - offsetof(struct safe_allocation, data))) + return NULL; + + alloc = malloc(size + offsetof(struct safe_allocation, data)); + if (!alloc) + return NULL; + + alloc->size = size; + crypt_safe_memzero(&alloc->data, size); + + /* coverity[leaked_storage] */ + return &alloc->data; +} + +void crypt_safe_free(void *data) +{ + struct safe_allocation *alloc; + + if (!data) + return; + + alloc = (struct safe_allocation *) + ((char *)data - offsetof(struct safe_allocation, data)); + + crypt_safe_memzero(data, alloc->size); + + alloc->size = 0x55aa55aa; + free(alloc); +} + +void *crypt_safe_realloc(void *data, size_t size) +{ + struct safe_allocation *alloc; + void *new_data; + + new_data = crypt_safe_alloc(size); + + if (new_data && data) { + + alloc = (struct safe_allocation *) + ((char *)data - offsetof(struct safe_allocation, data)); + + if (size > alloc->size) + size = alloc->size; + + memcpy(new_data, data, size); + } + + crypt_safe_free(data); + return new_data; +} diff --git a/lib/utils_storage_wrappers.c b/lib/utils_storage_wrappers.c new file mode 100644 index 0000000..b7e816b --- /dev/null +++ b/lib/utils_storage_wrappers.c @@ -0,0 +1,394 @@ +/* + * Generic wrapper for storage functions + * (experimental only) + * + * Copyright (C) 2018-2020, Ondrej Kozina + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils_storage_wrappers.h" +#include "internal.h" + +struct crypt_storage_wrapper { + crypt_storage_wrapper_type type; + int dev_fd; + int block_size; + size_t mem_alignment; + uint64_t data_offset; + union { + struct { + struct crypt_storage *s; + uint64_t iv_start; + } cb; + struct { + int dmcrypt_fd; + char name[PATH_MAX]; + } dm; + } u; +}; + +static int crypt_storage_backend_init(struct crypt_device *cd, + struct crypt_storage_wrapper *w, + uint64_t iv_start, + int sector_size, + const char *cipher, + const char *cipher_mode, + const struct volume_key *vk, + uint32_t flags) +{ + int r; + struct crypt_storage *s; + + /* iv_start, sector_size */ + r = crypt_storage_init(&s, sector_size, cipher, cipher_mode, vk->key, vk->keylength); + if (r) + return r; + + if ((flags & DISABLE_KCAPI) && crypt_storage_kernel_only(s)) { + log_dbg(cd, "Could not initialize userspace block cipher and kernel fallback is disabled."); + crypt_storage_destroy(s); + return -ENOTSUP; + } + + w->type = USPACE; + w->u.cb.s = s; + w->u.cb.iv_start = iv_start; + + return 0; +} + +static int crypt_storage_dmcrypt_init( + struct crypt_device *cd, + struct crypt_storage_wrapper *cw, + struct device *device, + uint64_t device_offset, + uint64_t iv_start, + int sector_size, + const char *cipher_spec, + struct volume_key *vk, + int open_flags) +{ + static int counter = 0; + char path[PATH_MAX]; + struct crypt_dm_active_device dmd = { + .flags = CRYPT_ACTIVATE_PRIVATE, + }; + int mode, r, fd = -1; + + log_dbg(cd, "Using temporary dmcrypt to access data."); + + if (snprintf(cw->u.dm.name, sizeof(cw->u.dm.name), "temporary-cryptsetup-%d-%d", getpid(), counter++) < 0) + return -ENOMEM; + if (snprintf(path, sizeof(path), "%s/%s", dm_get_dir(), cw->u.dm.name) < 0) + return -ENOMEM; + + r = device_block_adjust(cd, device, DEV_OK, + device_offset, &dmd.size, &dmd.flags); + if (r < 0) { + log_err(cd, _("Device %s does not exist or access denied."), + device_path(device)); + return -EIO; + } + + mode = open_flags | O_DIRECT; + if (dmd.flags & CRYPT_ACTIVATE_READONLY) + mode = (open_flags & ~O_ACCMODE) | O_RDONLY; + + if (vk->key_description) + dmd.flags |= CRYPT_ACTIVATE_KEYRING_KEY; + + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, + device, + vk, + cipher_spec, + iv_start, + device_offset, + NULL, + 0, + sector_size); + if (r) + return r; + + r = dm_create_device(cd, cw->u.dm.name, "TEMP", &dmd); + if (r < 0) { + if (r != -EACCES && r != -ENOTSUP) + log_dbg(cd, "error hint would be nice"); + r = -EIO; + } + + dm_targets_free(cd, &dmd); + + if (r) + return r; + + fd = open(path, mode); + if (fd < 0) { + log_dbg(cd, "Failed to open %s", path); + dm_remove_device(cd, cw->u.dm.name, CRYPT_DEACTIVATE_FORCE); + return -EINVAL; + } + + cw->type = DMCRYPT; + cw->u.dm.dmcrypt_fd = fd; + + return 0; +} + +int crypt_storage_wrapper_init(struct crypt_device *cd, + struct crypt_storage_wrapper **cw, + struct device *device, + uint64_t data_offset, + uint64_t iv_start, + int sector_size, + const char *cipher, + struct volume_key *vk, + uint32_t flags) +{ + int open_flags, r; + char _cipher[MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN]; + struct crypt_storage_wrapper *w; + + /* device-mapper restrictions */ + if (data_offset & ((1 << SECTOR_SHIFT) - 1)) + return -EINVAL; + + if (crypt_parse_name_and_mode(cipher, _cipher, NULL, mode)) + return -EINVAL; + + open_flags = O_CLOEXEC | ((flags & OPEN_READONLY) ? O_RDONLY : O_RDWR); + + w = malloc(sizeof(*w)); + if (!w) + return -ENOMEM; + + memset(w, 0, sizeof(*w)); + w->data_offset = data_offset; + w->mem_alignment = device_alignment(device); + w->block_size = device_block_size(cd, device); + if (!w->block_size || !w->mem_alignment) { + log_dbg(cd, "block size or alignment error."); + r = -EINVAL; + goto err; + } + + w->dev_fd = device_open(cd, device, open_flags); + if (w->dev_fd < 0) { + r = -EINVAL; + goto err; + } + + if (!strcmp(_cipher, "cipher_null")) { + log_dbg(cd, "Requested cipher_null, switching to noop wrapper."); + w->type = NONE; + *cw = w; + return 0; + } + + if (!vk) { + log_dbg(cd, "no key passed."); + r = -EINVAL; + goto err; + } + + r = crypt_storage_backend_init(cd, w, iv_start, sector_size, _cipher, mode, vk, flags); + if (!r) { + *cw = w; + return 0; + } + + log_dbg(cd, "Failed to initialize userspace block cipher."); + + if ((r != -ENOTSUP && r != -ENOENT) || (flags & DISABLE_DMCRYPT)) + goto err; + + r = crypt_storage_dmcrypt_init(cd, w, device, data_offset >> SECTOR_SHIFT, iv_start, + sector_size, cipher, vk, open_flags); + if (r) { + log_dbg(cd, "Dm-crypt backend failed to initialize."); + goto err; + } + *cw = w; + return 0; +err: + crypt_storage_wrapper_destroy(w); + /* wrapper destroy */ + return r; +} + +/* offset is relative to sector_start */ +ssize_t crypt_storage_wrapper_read(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length) +{ + return read_lseek_blockwise(cw->dev_fd, + cw->block_size, + cw->mem_alignment, + buffer, + buffer_length, + cw->data_offset + offset); +} + +ssize_t crypt_storage_wrapper_read_decrypt(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length) +{ + int r; + ssize_t read; + + if (cw->type == DMCRYPT) + return read_lseek_blockwise(cw->u.dm.dmcrypt_fd, + cw->block_size, + cw->mem_alignment, + buffer, + buffer_length, + offset); + + read = read_lseek_blockwise(cw->dev_fd, + cw->block_size, + cw->mem_alignment, + buffer, + buffer_length, + cw->data_offset + offset); + if (cw->type == NONE || read < 0) + return read; + + r = crypt_storage_decrypt(cw->u.cb.s, + cw->u.cb.iv_start + (offset >> SECTOR_SHIFT), + read, + buffer); + if (r) + return -EINVAL; + + return read; +} + +ssize_t crypt_storage_wrapper_decrypt(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length) +{ + int r; + ssize_t read; + + if (cw->type == NONE) + return 0; + + if (cw->type == DMCRYPT) { + /* there's nothing we can do, just read/decrypt via dm-crypt */ + read = crypt_storage_wrapper_read_decrypt(cw, offset, buffer, buffer_length); + if (read < 0 || (size_t)read != buffer_length) + return -EINVAL; + return 0; + } + + r = crypt_storage_decrypt(cw->u.cb.s, + cw->u.cb.iv_start + (offset >> SECTOR_SHIFT), + buffer_length, + buffer); + if (r) + return r; + + return 0; +} + +ssize_t crypt_storage_wrapper_write(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length) +{ + return write_lseek_blockwise(cw->dev_fd, + cw->block_size, + cw->mem_alignment, + buffer, + buffer_length, + cw->data_offset + offset); +} + +ssize_t crypt_storage_wrapper_encrypt_write(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length) +{ + if (cw->type == DMCRYPT) + return write_lseek_blockwise(cw->u.dm.dmcrypt_fd, + cw->block_size, + cw->mem_alignment, + buffer, + buffer_length, + offset); + + if (cw->type == USPACE && + crypt_storage_encrypt(cw->u.cb.s, + cw->u.cb.iv_start + (offset >> SECTOR_SHIFT), + buffer_length, buffer)) + return -EINVAL; + + return write_lseek_blockwise(cw->dev_fd, + cw->block_size, + cw->mem_alignment, + buffer, + buffer_length, + cw->data_offset + offset); +} + +ssize_t crypt_storage_wrapper_encrypt(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length) +{ + if (cw->type == NONE) + return 0; + + if (cw->type == DMCRYPT) + return -ENOTSUP; + + if (crypt_storage_encrypt(cw->u.cb.s, + cw->u.cb.iv_start + (offset >> SECTOR_SHIFT), + buffer_length, + buffer)) + return -EINVAL; + + return 0; +} + +void crypt_storage_wrapper_destroy(struct crypt_storage_wrapper *cw) +{ + if (!cw) + return; + + if (cw->type == USPACE) + crypt_storage_destroy(cw->u.cb.s); + if (cw->type == DMCRYPT) { + close(cw->u.dm.dmcrypt_fd); + dm_remove_device(NULL, cw->u.dm.name, CRYPT_DEACTIVATE_FORCE); + } + + free(cw); +} + +int crypt_storage_wrapper_datasync(const struct crypt_storage_wrapper *cw) +{ + if (!cw) + return -EINVAL; + if (cw->type == DMCRYPT) + return fdatasync(cw->u.dm.dmcrypt_fd); + else + return fdatasync(cw->dev_fd); +} + +crypt_storage_wrapper_type crypt_storage_wrapper_get_type(const struct crypt_storage_wrapper *cw) +{ + return cw ? cw->type : NONE; +} diff --git a/lib/utils_storage_wrappers.h b/lib/utils_storage_wrappers.h new file mode 100644 index 0000000..aaaa824 --- /dev/null +++ b/lib/utils_storage_wrappers.h @@ -0,0 +1,71 @@ +/* + * Generic wrapper for storage functions + * (experimental only) + * + * Copyright (C) 2018-2020, Ondrej Kozina + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _UTILS_STORAGE_WRAPPERS_H +#define _UTILS_STORAGE_WRAPPERS_H + +struct crypt_storage_wrapper; +struct device; +struct volume_key; +struct crypt_device; + +#define DISABLE_USPACE (1 << 0) +#define DISABLE_KCAPI (1 << 1) +#define DISABLE_DMCRYPT (1 << 2) +#define OPEN_READONLY (1 << 3) + +typedef enum { + NONE = 0, + USPACE, + DMCRYPT +} crypt_storage_wrapper_type; + +int crypt_storage_wrapper_init(struct crypt_device *cd, + struct crypt_storage_wrapper **cw, + struct device *device, + uint64_t data_offset, + uint64_t iv_start, + int sector_size, + const char *cipher, + struct volume_key *vk, + uint32_t flags); + +void crypt_storage_wrapper_destroy(struct crypt_storage_wrapper *cw); + +/* !!! when doing 'read' or 'write' all offset values are RELATIVE to data_offset !!! */ +ssize_t crypt_storage_wrapper_read(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length); +ssize_t crypt_storage_wrapper_read_decrypt(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length); +ssize_t crypt_storage_wrapper_decrypt(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length); + +ssize_t crypt_storage_wrapper_write(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length); +ssize_t crypt_storage_wrapper_encrypt_write(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length); +ssize_t crypt_storage_wrapper_encrypt(struct crypt_storage_wrapper *cw, + off_t offset, void *buffer, size_t buffer_length); + +int crypt_storage_wrapper_datasync(const struct crypt_storage_wrapper *cw); + +crypt_storage_wrapper_type crypt_storage_wrapper_get_type(const struct crypt_storage_wrapper *cw); +#endif diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c index 210c566..96dff29 100644 --- a/lib/utils_wipe.c +++ b/lib/utils_wipe.c @@ -1,9 +1,9 @@ /* * utils_wipe - wipe a device * - * Copyright (C) 2004-2007, Clemens Fruhwirth - * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved. - * Copyright (C) 2009-2012, Milan Broz + * Copyright (C) 2004-2007 Clemens Fruhwirth + * Copyright (C) 2009-2020 Red Hat, Inc. All rights reserved. + * Copyright (C) 2009-2020 Milan Broz * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -20,41 +20,14 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include -#include #include #include -#include -#include -#include -#include -#include -#include - -#include "libcryptsetup.h" #include "internal.h" -#define MAXIMUM_WIPE_BYTES 1024 * 1024 * 32 /* 32 MiB */ - -static ssize_t _crypt_wipe_zero(int fd, int bsize, char *buffer, - uint64_t offset, uint64_t size) -{ - memset(buffer, 0, size); - return write_lseek_blockwise(fd, bsize, buffer, size, offset); -} - -static ssize_t _crypt_wipe_random(int fd, int bsize, char *buffer, - uint64_t offset, uint64_t size) -{ - if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0) - return -EINVAL; - - return write_lseek_blockwise(fd, bsize, buffer, size, offset); -} - /* * Wipe using Peter Gutmann method described in * http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html + * Note: used only for rotational device (and even there it is not needed today...) */ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn) { @@ -72,126 +45,222 @@ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn) {"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"} }; - for(i = 0; i < buffer_size / 3; ++i) { + for (i = 0; i < buffer_size / 3; ++i) { memcpy(buffer, write_modes[turn], 3); buffer += 3; } } -static ssize_t _crypt_wipe_disk(int fd, int bsize, char *buffer, - uint64_t offset, uint64_t size) +static int crypt_wipe_special(struct crypt_device *cd, int fd, size_t bsize, + size_t alignment, char *buffer, + uint64_t offset, size_t size) { - int r; + int r = 0; unsigned int i; ssize_t written; - for(i = 0; i < 39; ++i) { + for (i = 0; i < 39; ++i) { if (i < 5) { - r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL); - } else if(i >= 5 && i < 32) { + r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL); + } else if (i >= 5 && i < 32) { wipeSpecial(buffer, size, i - 5); r = 0; - } else if(i >= 32 && i < 38) { - r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL); - } else if(i >= 38 && i < 39) { + } else if (i >= 32 && i < 38) { + r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL); + } else if (i >= 38 && i < 39) { memset(buffer, 0xFF, size); r = 0; } if (r < 0) - return r; + return -EIO; - written = write_lseek_blockwise(fd, bsize, buffer, size, offset); + written = write_lseek_blockwise(fd, bsize, alignment, + buffer, size, offset); if (written < 0 || written != (ssize_t)size) - return written; + return -EIO; } /* Rewrite it finally with random */ - return _crypt_wipe_random(fd, bsize, buffer, offset, size); + if (crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL) < 0) + return -EIO; + + written = write_lseek_blockwise(fd, bsize, alignment, buffer, size, offset); + if (written < 0 || written != (ssize_t)size) + return -EIO; + + return 0; } -static ssize_t _crypt_wipe_ssd(int fd, int bsize, char *buffer, - uint64_t offset, uint64_t size) +static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pattern, + char *sf, size_t device_block_size, size_t alignment, + size_t wipe_block_size, uint64_t offset, bool *need_block_init) { - // FIXME: for now just rewrite it by random - return _crypt_wipe_random(fd, bsize, buffer, offset, size); + int r; + + if (pattern == CRYPT_WIPE_SPECIAL) + return crypt_wipe_special(cd, devfd, device_block_size, alignment, + sf, offset, wipe_block_size); + + if (*need_block_init) { + if (pattern == CRYPT_WIPE_ZERO) { + memset(sf, 0, wipe_block_size); + *need_block_init = false; + r = 0; + } else if (pattern == CRYPT_WIPE_RANDOM) { + r = crypt_random_get(cd, sf, wipe_block_size, + CRYPT_RND_NORMAL) ? -EIO : 0; + *need_block_init = true; + } else if (pattern == CRYPT_WIPE_ENCRYPTED_ZERO) { + // FIXME + r = crypt_random_get(cd, sf, wipe_block_size, + CRYPT_RND_NORMAL) ? -EIO : 0; + *need_block_init = true; + } else + r = -EINVAL; + + if (r) + return r; + } + + if (write_blockwise(devfd, device_block_size, alignment, sf, + wipe_block_size) == (ssize_t)wipe_block_size) + return 0; + + return -EIO; } -int crypt_wipe(struct device *device, - uint64_t offset, - uint64_t size, - crypt_wipe_type type, - int exclusive) +int crypt_wipe_device(struct crypt_device *cd, + struct device *device, + crypt_wipe_pattern pattern, + uint64_t offset, + uint64_t length, + size_t wipe_block_size, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr), + void *usrptr) { - struct stat st; - char *buffer; - int devfd, flags, bsize; - ssize_t written; + int r, devfd; + size_t bsize, alignment; + char *sf = NULL; + uint64_t dev_size; + bool need_block_init = true; - if (!size || size % SECTOR_SIZE || (size > MAXIMUM_WIPE_BYTES)) { - log_dbg("Unsuported wipe size for device %s: %ld.", - device_path(device), (unsigned long)size); + /* Note: LUKS1 calls it with wipe_block not aligned to multiple of bsize */ + bsize = device_block_size(cd, device); + alignment = device_alignment(device); + if (!bsize || !alignment || !wipe_block_size) return -EINVAL; - } - if (stat(device_path(device), &st) < 0) { - log_dbg("Device %s not found.", device_path(device)); + /* FIXME: if wipe_block_size < bsize, then a wipe is highly ineffective */ + + /* Everything must be aligned to SECTOR_SIZE */ + if (MISALIGNED_512(offset) || MISALIGNED_512(length) || MISALIGNED_512(wipe_block_size)) return -EINVAL; - } - if (type == CRYPT_WIPE_DISK && S_ISBLK(st.st_mode)) { - if (!crypt_dev_is_rotational(major(st.st_rdev), - minor(st.st_rdev))) { - type = CRYPT_WIPE_SSD; - log_dbg("Non-rotational device, using SSD wipe mode."); - } else - log_dbg("Rotational device, using normal wipe mode."); - } + if (device_is_locked(device)) + devfd = device_open_locked(cd, device, O_RDWR); + else + devfd = device_open(cd, device, O_RDWR); + if (devfd < 0) + return errno ? -errno : -EINVAL; - bsize = device_block_size(device); - if (bsize <= 0) - return -EINVAL; + if (length) + dev_size = offset + length; + else { + r = device_size(device, &dev_size); + if (r) + goto out; - buffer = malloc(size); - if (!buffer) - return -ENOMEM; + if (dev_size <= offset) { + r = -EINVAL; + goto out; + } + } - flags = O_RDWR; + r = posix_memalign((void **)&sf, alignment, wipe_block_size); + if (r) + goto out; - /* use O_EXCL only for block devices */ - if (exclusive && S_ISBLK(st.st_mode)) - flags |= O_EXCL; + if (lseek64(devfd, offset, SEEK_SET) < 0) { + log_err(cd, _("Cannot seek to device offset.")); + r = -EINVAL; + goto out; + } - /* coverity[toctou] */ - devfd = device_open(device, flags); - if (devfd == -1) { - free(buffer); - return errno ? -errno : -EINVAL; + if (progress && progress(dev_size, offset, usrptr)) { + r = -EINVAL; /* No change yet, treat this as a parameter error */ + goto out; } - // FIXME: use fixed block size and loop here - switch (type) { - case CRYPT_WIPE_ZERO: - written = _crypt_wipe_zero(devfd, bsize, buffer, offset, size); - break; - case CRYPT_WIPE_DISK: - written = _crypt_wipe_disk(devfd, bsize, buffer, offset, size); - break; - case CRYPT_WIPE_SSD: - written = _crypt_wipe_ssd(devfd, bsize, buffer, offset, size); + if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) { + log_dbg(cd, "Non-rotational device, using random data wipe mode."); + pattern = CRYPT_WIPE_RANDOM; + } + + while (offset < dev_size) { + if ((offset + wipe_block_size) > dev_size) + wipe_block_size = dev_size - offset; + + //log_dbg("Wipe %012" PRIu64 "-%012" PRIu64 " bytes", offset, offset + wipe_block_size); + + r = wipe_block(cd, devfd, pattern, sf, bsize, alignment, + wipe_block_size, offset, &need_block_init); + if (r) { + log_err(cd,_("Device wipe error, offset %" PRIu64 "."), offset); break; - case CRYPT_WIPE_RANDOM: - written = _crypt_wipe_random(devfd, bsize, buffer, offset, size); + } + + offset += wipe_block_size; + + if (progress && progress(dev_size, offset, usrptr)) { + r = -EINTR; break; - default: - log_dbg("Unsuported wipe type requested: (%d)", type); - written = -1; + } } - close(devfd); - free(buffer); + device_sync(cd, device); +out: + free(sf); + return r; +} - if (written != (ssize_t)size || written < 0) - return -EIO; +int crypt_wipe(struct crypt_device *cd, + const char *dev_path, + crypt_wipe_pattern pattern, + uint64_t offset, + uint64_t length, + size_t wipe_block_size, + uint32_t flags, + int (*progress)(uint64_t size, uint64_t offset, void *usrptr), + void *usrptr) +{ + struct device *device; + int r; - return 0; + if (!cd) + return -EINVAL; + + if (!dev_path) + device = crypt_data_device(cd); + else { + r = device_alloc_no_check(&device, dev_path); + if (r < 0) + return r; + + if (flags & CRYPT_WIPE_NO_DIRECT_IO) + device_disable_direct_io(device); + } + + if (!wipe_block_size) + wipe_block_size = 1024*1024; + + log_dbg(cd, "Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.", + (unsigned)pattern, device_path(device), offset, length, wipe_block_size); + + r = crypt_wipe_device(cd, device, pattern, offset, length, + wipe_block_size, progress, usrptr); + + if (dev_path) + device_free(cd, device); + + return r; } diff --git a/lib/verity/Makefile.am b/lib/verity/Makefile.am deleted file mode 100644 index b5ffc92..0000000 --- a/lib/verity/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ -moduledir = $(libdir)/cryptsetup - -noinst_LTLIBRARIES = libverity.la - -libverity_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ - -libverity_la_SOURCES = \ - verity_hash.c \ - verity.c \ - verity.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend diff --git a/lib/verity/Makefile.in b/lib/verity/Makefile.in deleted file mode 100644 index bcb42e8..0000000 --- a/lib/verity/Makefile.in +++ /dev/null @@ -1,655 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = lib/verity -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libverity_la_LIBADD = -am_libverity_la_OBJECTS = libverity_la-verity_hash.lo \ - libverity_la-verity.lo -libverity_la_OBJECTS = $(am_libverity_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libverity_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libverity_la_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libverity_la_SOURCES) -DIST_SOURCES = $(libverity_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -moduledir = $(libdir)/cryptsetup -noinst_LTLIBRARIES = libverity.la -libverity_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@ -libverity_la_SOURCES = \ - verity_hash.c \ - verity.c \ - verity.h - -AM_CPPFLAGS = -include config.h \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/lib/crypto_backend - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/verity/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu lib/verity/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libverity.la: $(libverity_la_OBJECTS) $(libverity_la_DEPENDENCIES) $(EXTRA_libverity_la_DEPENDENCIES) - $(AM_V_CCLD)$(libverity_la_LINK) $(libverity_la_OBJECTS) $(libverity_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libverity_la-verity.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libverity_la-verity_hash.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -libverity_la-verity_hash.lo: verity_hash.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libverity_la_CFLAGS) $(CFLAGS) -MT libverity_la-verity_hash.lo -MD -MP -MF $(DEPDIR)/libverity_la-verity_hash.Tpo -c -o libverity_la-verity_hash.lo `test -f 'verity_hash.c' || echo '$(srcdir)/'`verity_hash.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libverity_la-verity_hash.Tpo $(DEPDIR)/libverity_la-verity_hash.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='verity_hash.c' object='libverity_la-verity_hash.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libverity_la_CFLAGS) $(CFLAGS) -c -o libverity_la-verity_hash.lo `test -f 'verity_hash.c' || echo '$(srcdir)/'`verity_hash.c - -libverity_la-verity.lo: verity.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libverity_la_CFLAGS) $(CFLAGS) -MT libverity_la-verity.lo -MD -MP -MF $(DEPDIR)/libverity_la-verity.Tpo -c -o libverity_la-verity.lo `test -f 'verity.c' || echo '$(srcdir)/'`verity.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libverity_la-verity.Tpo $(DEPDIR)/libverity_la-verity.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='verity.c' object='libverity_la-verity.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libverity_la_CFLAGS) $(CFLAGS) -c -o libverity_la-verity.lo `test -f 'verity.c' || echo '$(srcdir)/'`verity.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/verity/rs.h b/lib/verity/rs.h new file mode 100644 index 0000000..9171814 --- /dev/null +++ b/lib/verity/rs.h @@ -0,0 +1,63 @@ +/* + * Reed-Solomon codecs, based on libfec + * + * Copyright (C) 2004 Phil Karn, KA9Q + * libcryptsetup modifications + * Copyright (C) 2017-2020 Red Hat, Inc. All rights reserved. + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _LIBFEC_RS_H +#define _LIBFEC_RS_H + +/* Special reserved value encoding zero in index form. */ +#define A0 (rs->nn) + +#define RS_MIN(a, b) ((a) < (b) ? (a) : (b)) + +typedef unsigned char data_t; + +/* Reed-Solomon codec control block */ +struct rs { + int mm; /* Bits per symbol */ + int nn; /* Symbols per block (= (1<= rs->nn) { + x -= rs->nn; + x = (x >> rs->mm) + (x & rs->nn); + } + return x; +} + +struct rs *init_rs_char(int symsize, int gfpoly, int fcr, int prim, int nroots, int pad); +void free_rs_char(struct rs *rs); + +/* General purpose RS codec, 8-bit symbols */ +void encode_rs_char(struct rs *rs, data_t *data, data_t *parity); +int decode_rs_char(struct rs *rs, data_t *data); + +#endif diff --git a/lib/verity/rs_decode_char.c b/lib/verity/rs_decode_char.c new file mode 100644 index 0000000..920475e --- /dev/null +++ b/lib/verity/rs_decode_char.c @@ -0,0 +1,197 @@ +/* + * Reed-Solomon decoder, based on libfec + * + * Copyright (C) 2002, Phil Karn, KA9Q + * libcryptsetup modifications + * Copyright (C) 2017-2020 Red Hat, Inc. All rights reserved. + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +#include "rs.h" + +int decode_rs_char(struct rs* rs, data_t* data) +{ + int deg_lambda, el, deg_omega, syn_error, count; + int i, j, r, k; + data_t q, tmp, num1, num2, den, discr_r; + /* FIXME: remove VLAs here */ + data_t lambda[rs->nroots + 1], s[rs->nroots]; /* Err+Eras Locator poly and syndrome poly */ + data_t b[rs->nroots + 1], t[rs->nroots + 1], omega[rs->nroots + 1]; + data_t root[rs->nroots], reg[rs->nroots + 1], loc[rs->nroots]; + + memset(s, 0, rs->nroots * sizeof(data_t)); + memset(b, 0, (rs->nroots + 1) * sizeof(data_t)); + + /* form the syndromes; i.e., evaluate data(x) at roots of g(x) */ + for (i = 0; i < rs->nroots; i++) + s[i] = data[0]; + + for (j = 1; j < rs->nn - rs->pad; j++) { + for (i = 0; i < rs->nroots; i++) { + if (s[i] == 0) { + s[i] = data[j]; + } else { + s[i] = data[j] ^ rs->alpha_to[modnn(rs, rs->index_of[s[i]] + (rs->fcr + i) * rs->prim)]; + } + } + } + + /* Convert syndromes to index form, checking for nonzero condition */ + syn_error = 0; + for (i = 0; i < rs->nroots; i++) { + syn_error |= s[i]; + s[i] = rs->index_of[s[i]]; + } + + /* + * if syndrome is zero, data[] is a codeword and there are no + * errors to correct. So return data[] unmodified + */ + if (!syn_error) + return 0; + + memset(&lambda[1], 0, rs->nroots * sizeof(lambda[0])); + lambda[0] = 1; + + for (i = 0; i < rs->nroots + 1; i++) + b[i] = rs->index_of[lambda[i]]; + + /* + * Begin Berlekamp-Massey algorithm to determine error+erasure + * locator polynomial + */ + r = 0; + el = 0; + while (++r <= rs->nroots) { /* r is the step number */ + /* Compute discrepancy at the r-th step in poly-form */ + discr_r = 0; + for (i = 0; i < r; i++) { + if ((lambda[i] != 0) && (s[r - i - 1] != A0)) { + discr_r ^= rs->alpha_to[modnn(rs, rs->index_of[lambda[i]] + s[r - i - 1])]; + } + } + discr_r = rs->index_of[discr_r]; /* Index form */ + if (discr_r == A0) { + /* 2 lines below: B(x) <-- x*B(x) */ + memmove(&b[1], b, rs->nroots * sizeof(b[0])); + b[0] = A0; + } else { + /* 7 lines below: T(x) <-- lambda(x) - discr_r*x*b(x) */ + t[0] = lambda[0]; + for (i = 0; i < rs->nroots; i++) { + if (b[i] != A0) + t[i + 1] = lambda[i + 1] ^ rs->alpha_to[modnn(rs, discr_r + b[i])]; + else + t[i + 1] = lambda[i + 1]; + } + if (2 * el <= r - 1) { + el = r - el; + /* + * 2 lines below: B(x) <-- inv(discr_r) * + * lambda(x) + */ + for (i = 0; i <= rs->nroots; i++) + b[i] = (lambda[i] == 0) ? A0 : modnn(rs, rs->index_of[lambda[i]] - discr_r + rs->nn); + } else { + /* 2 lines below: B(x) <-- x*B(x) */ + memmove(&b[1], b, rs->nroots * sizeof(b[0])); + b[0] = A0; + } + memcpy(lambda, t, (rs->nroots + 1) * sizeof(t[0])); + } + } + + /* Convert lambda to index form and compute deg(lambda(x)) */ + deg_lambda = 0; + for (i = 0; i < rs->nroots + 1; i++) { + lambda[i] = rs->index_of[lambda[i]]; + if (lambda[i] != A0) + deg_lambda = i; + } + /* Find roots of the error+erasure locator polynomial by Chien search */ + memcpy(®[1], &lambda[1], rs->nroots * sizeof(reg[0])); + count = 0; /* Number of roots of lambda(x) */ + for (i = 1, k = rs->iprim - 1; i <= rs->nn; i++, k = modnn(rs, k + rs->iprim)) { + q = 1; /* lambda[0] is always 0 */ + for (j = deg_lambda; j > 0; j--) { + if (reg[j] != A0) { + reg[j] = modnn(rs, reg[j] + j); + q ^= rs->alpha_to[reg[j]]; + } + } + if (q != 0) + continue; /* Not a root */ + + /* store root (index-form) and error location number */ + root[count] = i; + loc[count] = k; + /* If we've already found max possible roots, abort the search to save time */ + if (++count == deg_lambda) + break; + } + + /* + * deg(lambda) unequal to number of roots => uncorrectable + * error detected + */ + if (deg_lambda != count) + return -1; + + /* + * Compute err+eras evaluator poly omega(x) = s(x)*lambda(x) (modulo + * x**rs->nroots). in index form. Also find deg(omega). + */ + deg_omega = deg_lambda - 1; + for (i = 0; i <= deg_omega; i++) { + tmp = 0; + for (j = i; j >= 0; j--) { + if ((s[i - j] != A0) && (lambda[j] != A0)) + tmp ^= rs->alpha_to[modnn(rs, s[i - j] + lambda[j])]; + } + omega[i] = rs->index_of[tmp]; + } + + /* + * Compute error values in poly-form. num1 = omega(inv(X(l))), num2 = + * inv(X(l))**(rs->fcr-1) and den = lambda_pr(inv(X(l))) all in poly-form + */ + for (j = count - 1; j >= 0; j--) { + num1 = 0; + for (i = deg_omega; i >= 0; i--) { + if (omega[i] != A0) + num1 ^= rs->alpha_to[modnn(rs, omega[i] + i * root[j])]; + } + num2 = rs->alpha_to[modnn(rs, root[j] * (rs->fcr - 1) + rs->nn)]; + den = 0; + + /* lambda[i+1] for i even is the formal derivative lambda_pr of lambda[i] */ + for (i = RS_MIN(deg_lambda, rs->nroots - 1) & ~1; i >= 0; i -= 2) { + if (lambda[i + 1] != A0) + den ^= rs->alpha_to[modnn(rs, lambda[i + 1] + i * root[j])]; + } + + /* Apply error to data */ + if (num1 != 0 && loc[j] >= rs->pad) { + data[loc[j] - rs->pad] ^= rs->alpha_to[modnn(rs, rs->index_of[num1] + + rs->index_of[num2] + rs->nn - rs->index_of[den])]; + } + } + + return count; +} diff --git a/lib/verity/rs_encode_char.c b/lib/verity/rs_encode_char.c new file mode 100644 index 0000000..00ebb8b --- /dev/null +++ b/lib/verity/rs_encode_char.c @@ -0,0 +1,173 @@ +/* + * Reed-Solomon encoder, based on libfec + * + * Copyright (C) 2002, Phil Karn, KA9Q + * libcryptsetup modifications + * Copyright (C) 2017-2020 Red Hat, Inc. All rights reserved. + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +#include "rs.h" + +/* Initialize a Reed-Solomon codec + * symsize = symbol size, bits + * gfpoly = Field generator polynomial coefficients + * fcr = first root of RS code generator polynomial, index form + * prim = primitive element to generate polynomial roots + * nroots = RS code generator polynomial degree (number of roots) + * pad = padding bytes at front of shortened block + */ +struct rs *init_rs_char(int symsize, int gfpoly, int fcr, int prim, int nroots, int pad) +{ + struct rs *rs; + int i, j, sr, root, iprim; + + /* Check parameter ranges */ + if (symsize < 0 || symsize > 8 * (int)sizeof(data_t)) + return NULL; + if (fcr < 0 || fcr >= (1<= (1<= (1<= ((1<mm = symsize; + rs->nn = (1<pad = pad; + + rs->alpha_to = malloc(sizeof(data_t) * (rs->nn + 1)); + if (rs->alpha_to == NULL) { + free(rs); + return NULL; + } + rs->index_of = malloc(sizeof(data_t) * (rs->nn + 1)); + if (rs->index_of == NULL) { + free(rs->alpha_to); + free(rs); + return NULL; + } + memset(rs->index_of, 0, sizeof(data_t) * (rs->nn + 1)); + + /* Generate Galois field lookup tables */ + rs->index_of[0] = A0; /* log(zero) = -inf */ + rs->alpha_to[A0] = 0; /* alpha**-inf = 0 */ + sr = 1; + for (i = 0; i < rs->nn; i++) { + rs->index_of[sr] = i; + rs->alpha_to[i] = sr; + sr <<= 1; + if(sr & (1<nn; + } + if (sr != 1) { + /* field generator polynomial is not primitive! */ + free(rs->alpha_to); + free(rs->index_of); + free(rs); + return NULL; + } + + /* Form RS code generator polynomial from its roots */ + rs->genpoly = malloc(sizeof(data_t) * (nroots + 1)); + if (rs->genpoly == NULL) { + free(rs->alpha_to); + free(rs->index_of); + free(rs); + return NULL; + } + + rs->fcr = fcr; + rs->prim = prim; + rs->nroots = nroots; + + /* Find prim-th root of 1, used in decoding */ + for (iprim = 1; (iprim % prim) != 0; iprim += rs->nn) + ; + rs->iprim = iprim / prim; + + rs->genpoly[0] = 1; + for (i = 0, root = fcr * prim; i < nroots; i++, root += prim) { + rs->genpoly[i + 1] = 1; + + /* Multiply rs->genpoly[] by @**(root + x) */ + for (j = i; j > 0; j--){ + if (rs->genpoly[j] != 0) + rs->genpoly[j] = rs->genpoly[j - 1] ^ rs->alpha_to[modnn(rs, rs->index_of[rs->genpoly[j]] + root)]; + else + rs->genpoly[j] = rs->genpoly[j - 1]; + } + /* rs->genpoly[0] can never be zero */ + rs->genpoly[0] = rs->alpha_to[modnn(rs, rs->index_of[rs->genpoly[0]] + root)]; + } + /* convert rs->genpoly[] to index form for quicker encoding */ + for (i = 0; i <= nroots; i++) + rs->genpoly[i] = rs->index_of[rs->genpoly[i]]; + + return rs; +} + +void free_rs_char(struct rs *rs) +{ + if (!rs) + return; + + free(rs->alpha_to); + free(rs->index_of); + free(rs->genpoly); + free(rs); +} + +void encode_rs_char(struct rs *rs, data_t *data, data_t *parity) +{ + int i, j; + data_t feedback; + + memset(parity, 0, rs->nroots * sizeof(data_t)); + + for (i = 0; i < rs->nn - rs->nroots - rs->pad; i++) { + feedback = rs->index_of[data[i] ^ parity[0]]; + if (feedback != A0) { + /* feedback term is non-zero */ +#ifdef UNNORMALIZED + /* This line is unnecessary when GENPOLY[NROOTS] is unity, as it must + * always be for the polynomials constructed by init_rs() */ + feedback = modnn(rs, rs->nn - rs->genpoly[rs->nroots] + feedback); +#endif + for (j = 1; j < rs->nroots; j++) + parity[j] ^= rs->alpha_to[modnn(rs, feedback + rs->genpoly[rs->nroots - j])]; + } + + /* Shift */ + memmove(&parity[0], &parity[1], sizeof(data_t) * (rs->nroots - 1)); + + if (feedback != A0) + parity[rs->nroots - 1] = rs->alpha_to[modnn(rs, feedback + rs->genpoly[0])]; + else + parity[rs->nroots - 1] = 0; + } +} diff --git a/lib/verity/verity.c b/lib/verity/verity.c index 5108e9e..af31784 100644 --- a/lib/verity/verity.c +++ b/lib/verity/verity.c @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -25,7 +25,6 @@ #include #include #include -#include #include #include @@ -58,52 +57,49 @@ int VERITY_read_sb(struct crypt_device *cd, struct crypt_params_verity *params) { struct device *device = crypt_metadata_device(cd); - int bsize = device_block_size(device); struct verity_sb sb = {}; ssize_t hdr_size = sizeof(struct verity_sb); - int devfd = 0, sb_version; + int devfd, sb_version; - log_dbg("Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".", + log_dbg(cd, "Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".", sizeof(struct verity_sb), device_path(device), sb_offset); if (params->flags & CRYPT_VERITY_NO_HEADER) { - log_err(cd, _("Verity device %s doesn't use on-disk header.\n"), + log_err(cd, _("Verity device %s does not use on-disk header."), device_path(device)); return -EINVAL; } - if (sb_offset % 512) { - log_err(cd, _("Unsupported VERITY hash offset.\n")); + if (MISALIGNED_512(sb_offset)) { + log_err(cd, _("Unsupported VERITY hash offset.")); return -EINVAL; } - devfd = device_open(device, O_RDONLY); - if(devfd == -1) { - log_err(cd, _("Cannot open device %s.\n"), device_path(device)); + devfd = device_open(cd, device, O_RDONLY); + if (devfd < 0) { + log_err(cd, _("Cannot open device %s."), device_path(device)); return -EINVAL; } - if(lseek(devfd, sb_offset, SEEK_SET) < 0 || - read_blockwise(devfd, bsize, &sb, hdr_size) < hdr_size) { - close(devfd); + if (read_lseek_blockwise(devfd, device_block_size(cd, device), + device_alignment(device), &sb, hdr_size, + sb_offset) < hdr_size) return -EIO; - } - close(devfd); if (memcmp(sb.signature, VERITY_SIGNATURE, sizeof(sb.signature))) { - log_err(cd, _("Device %s is not a valid VERITY device.\n"), + log_err(cd, _("Device %s is not a valid VERITY device."), device_path(device)); return -EINVAL; } sb_version = le32_to_cpu(sb.version); if (sb_version != 1) { - log_err(cd, _("Unsupported VERITY version %d.\n"), sb_version); + log_err(cd, _("Unsupported VERITY version %d."), sb_version); return -EINVAL; } params->hash_type = le32_to_cpu(sb.hash_type); if (params->hash_type > VERITY_MAX_HASH_TYPE) { - log_err(cd, _("Unsupported VERITY hash type %d.\n"), params->hash_type); + log_err(cd, _("Unsupported VERITY hash type %d."), params->hash_type); return -EINVAL; } @@ -111,7 +107,7 @@ int VERITY_read_sb(struct crypt_device *cd, params->hash_block_size = le32_to_cpu(sb.hash_block_size); if (VERITY_BLOCK_SIZE_OK(params->data_block_size) || VERITY_BLOCK_SIZE_OK(params->hash_block_size)) { - log_err(cd, _("Unsupported VERITY block size.\n")); + log_err(cd, _("Unsupported VERITY block size.")); return -EINVAL; } params->data_size = le64_to_cpu(sb.data_blocks); @@ -120,21 +116,24 @@ int VERITY_read_sb(struct crypt_device *cd, if (!params->hash_name) return -ENOMEM; if (crypt_hash_size(params->hash_name) <= 0) { - log_err(cd, _("Hash algorithm %s not supported.\n"), + log_err(cd, _("Hash algorithm %s not supported."), params->hash_name); free(CONST_CAST(char*)params->hash_name); + params->hash_name = NULL; return -EINVAL; } params->salt_size = le16_to_cpu(sb.salt_size); if (params->salt_size > sizeof(sb.salt)) { - log_err(cd, _("VERITY header corrupted.\n")); + log_err(cd, _("VERITY header corrupted.")); free(CONST_CAST(char*)params->hash_name); + params->hash_name = NULL; return -EINVAL; } params->salt = malloc(params->salt_size); if (!params->salt) { free(CONST_CAST(char*)params->hash_name); + params->hash_name = NULL; return -ENOMEM; } memcpy(CONST_CAST(char*)params->salt, sb.salt, params->salt_size); @@ -153,30 +152,30 @@ int VERITY_write_sb(struct crypt_device *cd, struct crypt_params_verity *params) { struct device *device = crypt_metadata_device(cd); - int bsize = device_block_size(device); struct verity_sb sb = {}; ssize_t hdr_size = sizeof(struct verity_sb); + char *algorithm; uuid_t uuid; - int r, devfd = 0; + int r, devfd; - log_dbg("Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".", + log_dbg(cd, "Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".", sizeof(struct verity_sb), device_path(device), sb_offset); if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) { - log_err(cd, _("Wrong VERITY UUID format provided on device %s.\n"), + log_err(cd, _("Wrong VERITY UUID format provided on device %s."), device_path(device)); return -EINVAL; } if (params->flags & CRYPT_VERITY_NO_HEADER) { - log_err(cd, _("Verity device %s doesn't use on-disk header.\n"), + log_err(cd, _("Verity device %s does not use on-disk header."), device_path(device)); return -EINVAL; } - devfd = device_open(device, O_RDWR); - if(devfd == -1) { - log_err(cd, _("Cannot open device %s.\n"), device_path(device)); + devfd = device_open(cd, device, O_RDWR); + if (devfd < 0) { + log_err(cd, _("Cannot open device %s."), device_path(device)); return -EINVAL; } @@ -187,15 +186,19 @@ int VERITY_write_sb(struct crypt_device *cd, sb.hash_block_size = cpu_to_le32(params->hash_block_size); sb.salt_size = cpu_to_le16(params->salt_size); sb.data_blocks = cpu_to_le64(params->data_size); - strncpy((char *)sb.algorithm, params->hash_name, sizeof(sb.algorithm)); + algorithm = (char *)sb.algorithm; + algorithm[sizeof(sb.algorithm)-1] = '\0'; + strncpy(algorithm, params->hash_name, sizeof(sb.algorithm)-1); memcpy(sb.salt, params->salt, params->salt_size); memcpy(sb.uuid, uuid, sizeof(sb.uuid)); - r = write_lseek_blockwise(devfd, bsize, (char*)&sb, hdr_size, sb_offset) < hdr_size ? -EIO : 0; + r = write_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device), + (char*)&sb, hdr_size, sb_offset) < hdr_size ? -EIO : 0; if (r) - log_err(cd, _("Error during update of verity header on device %s.\n"), + log_err(cd, _("Error during update of verity header on device %s."), device_path(device)); - close(devfd); + + device_sync(cd, device); return r; } @@ -218,7 +221,8 @@ int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string) { uuid_t uuid; - if (!(*uuid_string = malloc(40))) + *uuid_string = malloc(40); + if (!*uuid_string) return -ENOMEM; uuid_generate(uuid); uuid_unparse(uuid, *uuid_string); @@ -230,19 +234,42 @@ int VERITY_activate(struct crypt_device *cd, const char *name, const char *root_hash, size_t root_hash_size, + const char *signature_description, + struct device *fec_device, struct crypt_params_verity *verity_hdr, uint32_t activation_flags) { - struct crypt_dm_active_device dmd; + uint32_t dmv_flags; + unsigned int fec_errors = 0; int r; + struct crypt_dm_active_device dmd = { + .size = verity_hdr->data_size * verity_hdr->data_block_size / 512, + .flags = activation_flags, + .uuid = crypt_get_uuid(cd), + }; - log_dbg("Trying to activate VERITY device %s using hash %s.", + log_dbg(cd, "Trying to activate VERITY device %s using hash %s.", name ?: "[none]", verity_hdr->hash_name); if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) { - log_dbg("Verification of data in userspace required."); - r = VERITY_verify(cd, verity_hdr, - root_hash, root_hash_size); + if (signature_description) { + log_err(cd, _("Root hash signature verification is not supported.")); + return -EINVAL; + } + + log_dbg(cd, "Verification of data in userspace required."); + r = VERITY_verify(cd, verity_hdr, root_hash, root_hash_size); + + if (r == -EPERM && fec_device) { + log_dbg(cd, "Verification failed, trying to repair with FEC device."); + r = VERITY_FEC_process(cd, verity_hdr, fec_device, 1, &fec_errors); + if (r < 0) + log_err(cd, _("Errors cannot be repaired with FEC device.")); + else if (fec_errors) + log_err(cd, _("Found %u repairable errors with FEC device."), + fec_errors); + } + if (r < 0) return r; } @@ -250,40 +277,53 @@ int VERITY_activate(struct crypt_device *cd, if (!name) return 0; - dmd.target = DM_VERITY; - dmd.data_device = crypt_data_device(cd); - dmd.u.verity.hash_device = crypt_metadata_device(cd); - dmd.u.verity.root_hash = root_hash; - dmd.u.verity.root_hash_size = root_hash_size; - dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr), - dmd.flags = activation_flags; - dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512; - dmd.uuid = crypt_get_uuid(cd); - dmd.u.verity.vp = verity_hdr; - - r = device_block_adjust(cd, dmd.u.verity.hash_device, DEV_OK, + r = device_block_adjust(cd, crypt_metadata_device(cd), DEV_OK, 0, NULL, NULL); if (r) return r; - r = device_block_adjust(cd, dmd.data_device, DEV_EXCL, + r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL, 0, &dmd.size, &dmd.flags); if (r) return r; - r = dm_create_device(cd, name, CRYPT_VERITY, &dmd, 0); - if (r < 0 && !(dm_flags() & DM_VERITY_SUPPORTED)) { - log_err(cd, _("Kernel doesn't support dm-verity mapping.\n")); - return -ENOTSUP; + if (fec_device) { + r = device_block_adjust(cd, fec_device, DEV_OK, + 0, NULL, NULL); + if (r) + return r; } - if (r < 0) + + r = dm_verity_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), + crypt_metadata_device(cd), fec_device, root_hash, + root_hash_size, signature_description, + VERITY_hash_offset_block(verity_hdr), + VERITY_hash_blocks(cd, verity_hdr), verity_hdr); + + if (r) return r; + r = dm_create_device(cd, name, CRYPT_VERITY, &dmd); + if (r < 0 && (dm_flags(cd, DM_VERITY, &dmv_flags) || !(dmv_flags & DM_VERITY_SUPPORTED))) { + log_err(cd, _("Kernel does not support dm-verity mapping.")); + r = -ENOTSUP; + } + if (r < 0 && signature_description && !(dmv_flags & DM_VERITY_SIGNATURE_SUPPORTED)) { + log_err(cd, _("Kernel does not support dm-verity signature option.")); + r = -ENOTSUP; + } + if (r < 0) + goto out; + r = dm_status_verity_ok(cd, name); if (r < 0) - return r; + goto out; if (!r) - log_err(cd, _("Verity device detected corruption after activation.\n")); - return 0; + log_err(cd, _("Verity device detected corruption after activation.")); + + r = 0; +out: + dm_targets_free(cd, &dmd); + return r; } diff --git a/lib/verity/verity.h b/lib/verity/verity.h index 4f457cb..0b7f0cc 100644 --- a/lib/verity/verity.h +++ b/lib/verity/verity.h @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -21,7 +21,8 @@ #ifndef _VERITY_H #define _VERITY_H -#include +#include +#include #define VERITY_MAX_HASH_TYPE 1 #define VERITY_BLOCK_SIZE_OK(x) ((x) % 512 || (x) < 512 || \ @@ -29,6 +30,7 @@ struct crypt_device; struct crypt_params_verity; +struct device; int VERITY_read_sb(struct crypt_device *cd, uint64_t sb_offset, @@ -44,6 +46,8 @@ int VERITY_activate(struct crypt_device *cd, const char *name, const char *root_hash, size_t root_hash_size, + const char *signature_description, + struct device *fec_device, struct crypt_params_verity *verity_hdr, uint32_t activation_flags); @@ -54,11 +58,19 @@ int VERITY_verify(struct crypt_device *cd, int VERITY_create(struct crypt_device *cd, struct crypt_params_verity *verity_hdr, - char *root_hash, + const char *root_hash, size_t root_hash_size); +int VERITY_FEC_process(struct crypt_device *cd, + struct crypt_params_verity *params, + struct device *fec_device, + int check_fec, + unsigned int *errors); + uint64_t VERITY_hash_offset_block(struct crypt_params_verity *params); +uint64_t VERITY_hash_blocks(struct crypt_device *cd, struct crypt_params_verity *params); + int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string); #endif diff --git a/lib/verity/verity_fec.c b/lib/verity/verity_fec.c new file mode 100644 index 0000000..a8a5e86 --- /dev/null +++ b/lib/verity/verity_fec.c @@ -0,0 +1,281 @@ +/* + * dm-verity Forward Error Correction (FEC) support + * + * Copyright (C) 2015 Google, Inc. All rights reserved. + * Copyright (C) 2017-2020 Red Hat, Inc. All rights reserved. + * + * This file is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this file; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +#include "verity.h" +#include "internal.h" +#include "rs.h" + +/* ecc parameters */ +#define FEC_RSM 255 +#define FEC_MIN_RSN 231 +#define FEC_MAX_RSN 253 + +#define FEC_INPUT_DEVICES 2 + +/* parameters to init_rs_char */ +#define FEC_PARAMS(roots) \ + 8, /* symbol size in bits */ \ + 0x11d, /* field generator polynomial coefficients */ \ + 0, /* first root of the generator */ \ + 1, /* primitive element to generate polynomial roots */ \ + (roots), /* polynomial degree (number of roots) */ \ + 0 /* padding bytes at the front of shortened block */ + +struct fec_input_device { + struct device *device; + int fd; + uint64_t start; + uint64_t count; +}; + +struct fec_context { + uint32_t rsn; + uint32_t roots; + uint64_t size; + uint64_t blocks; + uint64_t rounds; + uint32_t block_size; + struct fec_input_device *inputs; + size_t ninputs; +}; + +/* computes ceil(x / y) */ +static inline uint64_t FEC_div_round_up(uint64_t x, uint64_t y) +{ + return (x / y) + (x % y > 0 ? 1 : 0); +} + +/* returns a physical offset for the given RS offset */ +static inline uint64_t FEC_interleave(struct fec_context *ctx, uint64_t offset) +{ + return (offset / ctx->rsn) + + (offset % ctx->rsn) * ctx->rounds * ctx->block_size; +} + +/* returns data for a byte at the specified RS offset */ +static int FEC_read_interleaved(struct fec_context *ctx, uint64_t i, + void *output, size_t count) +{ + size_t n; + uint64_t offset = FEC_interleave(ctx, i); + + /* offsets outside input area are assumed to contain zeros */ + if (offset >= ctx->size) { + memset(output, 0, count); + return 0; + } + + /* find the correct input device and read from it */ + for (n = 0; n < ctx->ninputs; ++n) { + if (offset >= ctx->inputs[n].count) { + offset -= ctx->inputs[n].count; + continue; + } + + /* FIXME: read_lseek_blockwise candidate */ + if (lseek(ctx->inputs[n].fd, ctx->inputs[n].start + offset, SEEK_SET) < 0) + return -1; + return (read_buffer(ctx->inputs[n].fd, output, count) == (ssize_t)count) ? 0 : -1; + } + + /* should never be reached */ + return -1; +} + +/* encodes/decode inputs to/from fd */ +static int FEC_process_inputs(struct crypt_device *cd, + struct crypt_params_verity *params, + struct fec_input_device *inputs, + size_t ninputs, int fd, + int decode, unsigned int *errors) +{ + int r = 0; + unsigned int i; + struct fec_context ctx; + uint32_t b; + uint64_t n; + uint8_t rs_block[FEC_RSM]; + uint8_t *buf = NULL; + void *rs; + + /* initialize parameters */ + ctx.roots = params->fec_roots; + ctx.rsn = FEC_RSM - ctx.roots; + ctx.block_size = params->data_block_size; + ctx.inputs = inputs; + ctx.ninputs = ninputs; + + rs = init_rs_char(FEC_PARAMS(ctx.roots)); + if (!rs) { + log_err(cd, _("Failed to allocate RS context.")); + return -ENOMEM; + } + + /* calculate the total area covered by error correction codes */ + ctx.size = 0; + for (n = 0; n < ctx.ninputs; ++n) + ctx.size += ctx.inputs[n].count; + + /* each byte in a data block is covered by a different code */ + ctx.blocks = FEC_div_round_up(ctx.size, ctx.block_size); + ctx.rounds = FEC_div_round_up(ctx.blocks, ctx.rsn); + + buf = malloc((size_t)ctx.block_size * ctx.rsn); + if (!buf) { + log_err(cd, _("Failed to allocate buffer.")); + r = -ENOMEM; + goto out; + } + + /* encode/decode input */ + for (n = 0; n < ctx.rounds; ++n) { + for (i = 0; i < ctx.rsn; ++i) { + if (FEC_read_interleaved(&ctx, n * ctx.rsn * ctx.block_size + i, + &buf[i * ctx.block_size], ctx.block_size)) { + log_err(cd, _("Failed to read RS block %" PRIu64 " byte %d."), n, i); + r = -EIO; + goto out; + } + } + + for (b = 0; b < ctx.block_size; ++b) { + for (i = 0; i < ctx.rsn; ++i) + rs_block[i] = buf[i * ctx.block_size + b]; + + /* decoding from parity device */ + if (decode) { + if (read_buffer(fd, &rs_block[ctx.rsn], ctx.roots) < 0) { + log_err(cd, _("Failed to read parity for RS block %" PRIu64 "."), n); + r = -EIO; + goto out; + } + + /* coverity[tainted_data] */ + r = decode_rs_char(rs, rs_block); + if (r < 0) { + log_err(cd, _("Failed to repair parity for block %" PRIu64 "."), n); + goto out; + } + /* return number of detected errors */ + if (errors) + *errors += r; + r = 0; + } else { + /* encoding and writing parity data to fec device */ + encode_rs_char(rs, rs_block, &rs_block[ctx.rsn]); + if (write_buffer(fd, &rs_block[ctx.rsn], ctx.roots) < 0) { + log_err(cd, _("Failed to write parity for RS block %" PRIu64 "."), n); + r = -EIO; + goto out; + } + } + } + } +out: + free_rs_char(rs); + free(buf); + return r; +} + +int VERITY_FEC_process(struct crypt_device *cd, + struct crypt_params_verity *params, + struct device *fec_device, int check_fec, + unsigned int *errors) +{ + int r; + int fd = -1; + struct fec_input_device inputs[FEC_INPUT_DEVICES] = { + { + .device = crypt_data_device(cd), + .fd = -1, + .start = 0, + .count = params->data_size * params->data_block_size + },{ + .device = crypt_metadata_device(cd), + .fd = -1, + .start = VERITY_hash_offset_block(params) * params->data_block_size + } + }; + + /* validate parameters */ + if (params->data_block_size != params->hash_block_size) { + log_err(cd, _("Block sizes must match for FEC.")); + return -EINVAL; + } + + if (params->fec_roots > FEC_RSM - FEC_MIN_RSN || + params->fec_roots < FEC_RSM - FEC_MAX_RSN) { + log_err(cd, _("Invalid number of parity bytes.")); + return -EINVAL; + } + + r = -EIO; + + if (check_fec) + fd = open(device_path(fec_device), O_RDONLY); + else + fd = open(device_path(fec_device), O_RDWR); + + if (fd == -1) { + log_err(cd, _("Cannot open device %s."), device_path(fec_device)); + goto out; + } + + if (lseek(fd, params->fec_area_offset, SEEK_SET) < 0) { + log_dbg(cd, "Cannot seek to requested position in FEC device."); + goto out; + } + + /* input devices */ + inputs[0].fd = open(device_path(inputs[0].device), O_RDONLY); + if (inputs[0].fd == -1) { + log_err(cd, _("Cannot open device %s."), device_path(inputs[0].device)); + goto out; + } + inputs[1].fd = open(device_path(inputs[1].device), O_RDONLY); + if (inputs[1].fd == -1) { + log_err(cd, _("Cannot open device %s."), device_path(inputs[1].device)); + goto out; + } + + /* cover the entire hash device starting from hash_offset */ + r = device_size(inputs[1].device, &inputs[1].count); + if (r) { + log_err(cd, _("Failed to determine size for device %s."), + device_path(inputs[1].device)); + goto out; + } + inputs[1].count -= inputs[1].start; + + r = FEC_process_inputs(cd, params, inputs, FEC_INPUT_DEVICES, fd, check_fec, errors); +out: + if (inputs[0].fd != -1) + close(inputs[0].fd); + if (inputs[1].fd != -1) + close(inputs[1].fd); + if (fd != -1) + close(fd); + + return r; +} diff --git a/lib/verity/verity_hash.c b/lib/verity/verity_hash.c index 3f25e91..6142430 100644 --- a/lib/verity/verity_hash.c +++ b/lib/verity/verity_hash.c @@ -1,7 +1,7 @@ /* * dm-verity volume handling * - * Copyright (C) 2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved. * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -51,12 +51,12 @@ static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes) size_t i; if (fread(block, bytes, 1, wr) != 1) { - log_dbg("EIO while reading spare area."); + log_dbg(cd, "EIO while reading spare area."); return -EIO; } for (i = 0; i < bytes; i++) if (block[i]) { - log_err(cd, _("Spare area is not zeroed at position %" PRIu64 ".\n"), + log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."), ftello(wr) - bytes); return -EPERM; } @@ -97,6 +97,48 @@ static int mult_overflow(off_t *u, off_t b, size_t size) return 0; } +static int hash_levels(size_t hash_block_size, size_t digest_size, + off_t data_file_blocks, off_t *hash_position, int *levels, + off_t *hash_level_block, off_t *hash_level_size) +{ + size_t hash_per_block_bits; + off_t s, s_shift; + int i; + + if (!digest_size) + return -EINVAL; + + hash_per_block_bits = get_bits_down(hash_block_size / digest_size); + if (!hash_per_block_bits) + return -EINVAL; + + *levels = 0; + while (hash_per_block_bits * *levels < 64 && + (data_file_blocks - 1) >> (hash_per_block_bits * *levels)) + (*levels)++; + + if (*levels > VERITY_MAX_LEVELS) + return -EINVAL; + + for (i = *levels - 1; i >= 0; i--) { + if (hash_level_block) + hash_level_block[i] = *hash_position; + // verity position of block data_file_blocks at level i + s_shift = (i + 1) * hash_per_block_bits; + if (s_shift > 63) + return -EINVAL; + s = (data_file_blocks + ((off_t)1 << s_shift) - 1) >> ((i + 1) * hash_per_block_bits); + if (hash_level_size) + hash_level_size[i] = s; + if ((*hash_position + s) < *hash_position || + (*hash_position + s) < 0) + return -EINVAL; + *hash_position += s; + } + + return 0; +} + static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, off_t data_block, size_t data_block_size, off_t hash_block, size_t hash_block_size, @@ -118,17 +160,17 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, if (mult_overflow(&seek_rd, data_block, data_block_size) || mult_overflow(&seek_wr, hash_block, hash_block_size)) { - log_err(cd, _("Device offset overflow.\n")); + log_err(cd, _("Device offset overflow.")); return -EINVAL; } if (fseeko(rd, seek_rd, SEEK_SET)) { - log_dbg("Cannot seek to requested position in data device."); + log_dbg(cd, "Cannot seek to requested position in data device."); return -EIO; } if (wr && fseeko(wr, seek_wr, SEEK_SET)) { - log_dbg("Cannot seek to requested position in hash device."); + log_dbg(cd, "Cannot seek to requested position in hash device."); return -EIO; } @@ -140,7 +182,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, break; blocks--; if (fread(data_buffer, data_block_size, 1, rd) != 1) { - log_dbg("Cannot read data device block."); + log_dbg(cd, "Cannot read data device block."); return -EIO; } @@ -154,17 +196,17 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, break; if (verify) { if (fread(read_digest, digest_size, 1, wr) != 1) { - log_dbg("Cannot read digest form hash device."); + log_dbg(cd, "Cannot read digest form hash device."); return -EIO; } if (memcmp(read_digest, calculated_digest, digest_size)) { - log_err(cd, _("Verification failed at position %" PRIu64 ".\n"), + log_err(cd, _("Verification failed at position %" PRIu64 "."), ftello(rd) - data_block_size); return -EPERM; } } else { if (fwrite(calculated_digest, digest_size, 1, wr) != 1) { - log_dbg("Cannot write digest to hash device."); + log_dbg(cd, "Cannot write digest to hash device."); return -EIO; } } @@ -177,7 +219,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, if (r) return r; } else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) { - log_dbg("Cannot write spare area to hash device."); + log_dbg(cd, "Cannot write spare area to hash device."); return -EIO; } } @@ -190,7 +232,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr, if (r) return r; } else if (fwrite(left_block, left_bytes, 1, wr) != 1) { - log_dbg("Cannot write remaining spare area to hash device."); + log_dbg(cd, "Cannot write remaining spare area to hash device."); return -EIO; } } @@ -219,20 +261,19 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, FILE *hash_file = NULL, *hash_file_2; off_t hash_level_block[VERITY_MAX_LEVELS]; off_t hash_level_size[VERITY_MAX_LEVELS]; - off_t data_file_blocks, s; - size_t hash_per_block_bits; + off_t data_file_blocks; off_t data_device_size = 0, hash_device_size = 0; uint64_t dev_size; int levels, i, r; - log_dbg("Hash %s %s, data device %s, data blocks %" PRIu64 + log_dbg(cd, "Hash %s %s, data device %s, data blocks %" PRIu64 ", hash_device %s, offset %" PRIu64 ".", verify ? "verification" : "creation", hash_name, device_path(data_device), data_blocks, device_path(hash_device), hash_position); if (data_blocks < 0 || hash_position < 0) { - log_err(cd, _("Invalid size parameters for verity device.\n")); + log_err(cd, _("Invalid size parameters for verity device.")); return -EINVAL; } @@ -246,61 +287,39 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, data_file_blocks = data_blocks; if (mult_overflow(&data_device_size, data_blocks, data_block_size)) { - log_err(cd, _("Device offset overflow.\n")); + log_err(cd, _("Device offset overflow.")); return -EINVAL; } - hash_per_block_bits = get_bits_down(hash_block_size / digest_size); - if (!hash_per_block_bits) + if (hash_levels(hash_block_size, digest_size, data_file_blocks, &hash_position, + &levels, &hash_level_block[0], &hash_level_size[0])) { + log_err(cd, _("Hash area overflow.")); return -EINVAL; - - levels = 0; - if (data_file_blocks) { - while (hash_per_block_bits * levels < 64 && - (data_file_blocks - 1) >> (hash_per_block_bits * levels)) - levels++; } - log_dbg("Using %d hash levels.", levels); - if (levels > VERITY_MAX_LEVELS) { - log_err(cd, _("Too many tree levels for verity volume.\n")); - return -EINVAL; - } - - for (i = levels - 1; i >= 0; i--) { - hash_level_block[i] = hash_position; - // verity position of block data_file_blocks at level i - s = (data_file_blocks + ((off_t)1 << ((i + 1) * hash_per_block_bits)) - 1) >> ((i + 1) * hash_per_block_bits); - hash_level_size[i] = s; - if ((hash_position + s) < hash_position || - (hash_position + s) < 0) { - log_err(cd, _("Device offset overflow.\n")); - return -EINVAL; - } - hash_position += s; - } + log_dbg(cd, "Using %d hash levels.", levels); if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) { - log_err(cd, _("Device offset overflow.\n")); + log_err(cd, _("Device offset overflow.")); return -EINVAL; } - log_dbg("Data device size required: %" PRIu64 " bytes.", + log_dbg(cd, "Data device size required: %" PRIu64 " bytes.", data_device_size); data_file = fopen(device_path(data_device), "r"); if (!data_file) { - log_err(cd, _("Cannot open device %s.\n"), + log_err(cd, _("Cannot open device %s."), device_path(data_device) ); r = -EIO; goto out; } - log_dbg("Hash device size required: %" PRIu64 " bytes.", + log_dbg(cd, "Hash device size required: %" PRIu64 " bytes.", hash_device_size); hash_file = fopen(device_path(hash_device), verify ? "r" : "r+"); if (!hash_file) { - log_err(cd, _("Cannot open device %s.\n"), + log_err(cd, _("Cannot open device %s."), device_path(hash_device)); r = -EIO; goto out; @@ -320,7 +339,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, } else { hash_file_2 = fopen(device_path(hash_device), "r"); if (!hash_file_2) { - log_err(cd, _("Cannot open device %s.\n"), + log_err(cd, _("Cannot open device %s."), device_path(hash_device)); r = -EIO; goto out; @@ -351,20 +370,20 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, out: if (verify) { if (r) - log_err(cd, _("Verification of data area failed.\n")); + log_err(cd, _("Verification of data area failed.")); else { - log_dbg("Verification of data area succeeded."); + log_dbg(cd, "Verification of data area succeeded."); r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0; if (r) - log_err(cd, _("Verification of root hash failed.\n")); + log_err(cd, _("Verification of root hash failed.")); else - log_dbg("Verification of root hash succeeded."); + log_dbg(cd, "Verification of root hash succeeded."); } } else { if (r == -EIO) - log_err(cd, _("Input/output error while creating hash area.\n")); + log_err(cd, _("Input/output error while creating hash area.")); else if (r) - log_err(cd, _("Creation of hash area failed.\n")); + log_err(cd, _("Creation of hash area failed.")); else { fsync(fileno(hash_file)); memcpy(root_hash, calculated_digest, digest_size); @@ -402,17 +421,17 @@ int VERITY_verify(struct crypt_device *cd, /* Create verity hash */ int VERITY_create(struct crypt_device *cd, struct crypt_params_verity *verity_hdr, - char *root_hash, + const char *root_hash, size_t root_hash_size) { - unsigned pgsize = crypt_getpagesize(); + unsigned pgsize = (unsigned)crypt_getpagesize(); if (verity_hdr->salt_size > 256) return -EINVAL; if (verity_hdr->data_block_size > pgsize) log_err(cd, _("WARNING: Kernel cannot activate device if data " - "block size exceeds page size (%u).\n"), pgsize); + "block size exceeds page size (%u)."), pgsize); return VERITY_create_or_verify_hash(cd, 0, verity_hdr->hash_type, @@ -423,8 +442,20 @@ int VERITY_create(struct crypt_device *cd, verity_hdr->data_block_size, verity_hdr->data_size, VERITY_hash_offset_block(verity_hdr), - root_hash, + CONST_CAST(char*)root_hash, root_hash_size, verity_hdr->salt, verity_hdr->salt_size); } + +uint64_t VERITY_hash_blocks(struct crypt_device *cd, struct crypt_params_verity *params) +{ + off_t hash_position = 0; + int levels = 0; + + if (hash_levels(params->hash_block_size, crypt_get_volume_key_size(cd), + params->data_size, &hash_position, &levels, NULL, NULL)) + return 0; + + return (uint64_t)hash_position; +} diff --git a/lib/volumekey.c b/lib/volumekey.c index e7150aa..4507451 100644 --- a/lib/volumekey.c +++ b/lib/volumekey.c @@ -1,8 +1,8 @@ /* * cryptsetup volume key implementation * - * Copyright (C) 2004-2006, Clemens Fruhwirth - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2004-2006 Clemens Fruhwirth + * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -20,36 +20,116 @@ */ #include +#include #include +#include #include "internal.h" -struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key) +struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key) { - struct volume_key *vk = malloc(sizeof(*vk) + keylength); + struct volume_key *vk; + + if (keylength > (SIZE_MAX - sizeof(*vk))) + return NULL; + vk = malloc(sizeof(*vk) + keylength); if (!vk) return NULL; + vk->key_description = NULL; vk->keylength = keylength; - if (key) - memcpy(&vk->key, key, keylength); - else - crypt_memzero(&vk->key, keylength); + vk->id = -1; + vk->next = NULL; + + /* keylength 0 is valid => no key */ + if (vk->keylength) { + if (key) + memcpy(&vk->key, key, keylength); + else + crypt_safe_memzero(&vk->key, keylength); + } + + return vk; +} + +int crypt_volume_key_set_description(struct volume_key *vk, const char *key_description) +{ + if (!vk) + return -EINVAL; + + free(CONST_CAST(void*)vk->key_description); + vk->key_description = NULL; + if (key_description && !(vk->key_description = strdup(key_description))) + return -ENOMEM; + + return 0; +} + +void crypt_volume_key_set_id(struct volume_key *vk, int id) +{ + if (vk && id >= 0) + vk->id = id; +} + +int crypt_volume_key_get_id(const struct volume_key *vk) +{ + return vk ? vk->id : -1; +} + +struct volume_key *crypt_volume_key_by_id(struct volume_key *vks, int id) +{ + struct volume_key *vk = vks; + + if (id < 0) + return NULL; + + while (vk && vk->id != id) + vk = vk->next; return vk; } +void crypt_volume_key_add_next(struct volume_key **vks, struct volume_key *vk) +{ + struct volume_key *tmp; + + if (!vks) + return; + + if (!*vks) { + *vks = vk; + return; + } + + tmp = *vks; + + while (tmp->next) + tmp = tmp->next; + + tmp->next = vk; +} + +struct volume_key *crypt_volume_key_next(struct volume_key *vk) +{ + return vk ? vk->next : NULL; +} + void crypt_free_volume_key(struct volume_key *vk) { - if (vk) { - crypt_memzero(vk->key, vk->keylength); + struct volume_key *vk_next; + + while (vk) { + crypt_safe_memzero(vk->key, vk->keylength); vk->keylength = 0; + free(CONST_CAST(void*)vk->key_description); + vk_next = vk->next; free(vk); + vk = vk_next; } } -struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength) +struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength) { int r; struct volume_key *vk; diff --git a/ltmain.sh b/ltmain.sh index bffda54..0cb7f90 100644 --- a/ltmain.sh +++ b/ltmain.sh @@ -1,9 +1,12 @@ +#! /bin/sh +## DO NOT EDIT - This file generated from ./build-aux/ltmain.in +## by inline-source v2014-01-03.01 -# libtool (GNU libtool) 2.4.2 +# libtool (GNU libtool) 2.4.6 +# Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, -# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. +# Copyright (C) 1996-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -23,881 +26,2185 @@ # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with GNU Libtool; see the file COPYING. If not, a copy -# can be downloaded from http://www.gnu.org/licenses/gpl.html, -# or obtained by writing to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . -# Usage: $progname [OPTION]... [MODE-ARG]... -# -# Provide generalized library-building support services. -# -# --config show all configuration variables -# --debug enable verbose shell tracing -# -n, --dry-run display commands without modifying any files -# --features display basic configuration information and exit -# --mode=MODE use operation mode MODE -# --preserve-dup-deps don't remove duplicate dependency libraries -# --quiet, --silent don't print informational messages -# --no-quiet, --no-silent -# print informational messages (default) -# --no-warn don't display warning messages -# --tag=TAG use configuration variables from tag TAG -# -v, --verbose print more informational messages than default -# --no-verbose don't print the extra informational messages -# --version print version information -# -h, --help, --help-all print short, long, or detailed help message -# -# MODE must be one of the following: -# -# clean remove files from the build directory -# compile compile a source file into a libtool object -# execute automatically set library path, then run a program -# finish complete the installation of libtool libraries -# install install libraries or executables -# link create a library or an executable -# uninstall remove libraries from an installed directory -# -# MODE-ARGS vary depending on the MODE. When passed as first option, -# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. -# Try `$progname --help --mode=MODE' for a more detailed description of MODE. -# -# When reporting a bug, please describe a test case to reproduce it and -# include the following information: -# -# host-triplet: $host -# shell: $SHELL -# compiler: $LTCC -# compiler flags: $LTCFLAGS -# linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.11 -# automake: $automake_version -# autoconf: $autoconf_version -# -# Report bugs to . -# GNU libtool home page: . -# General help using GNU software: . PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.2 Debian-2.4.2-1.11" -TIMESTAMP="" -package_revision=1.3337 +VERSION="2.4.6 Debian-2.4.6-14" +package_revision=2.4.6 -# Be Bourne compatible -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + +## ------ ## +## Usage. ## +## ------ ## + +# Run './libtool --help' for help with using this script from the +# command line. + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# After configure completes, it has a better idea of some of the +# shell tools we need than the defaults used by the functions shared +# with bootstrap, so set those here where they can still be over- +# ridden by the user, but otherwise take precedence. + +: ${AUTOCONF="autoconf"} +: ${AUTOMAKE="automake"} + + +## -------------------------- ## +## Source external libraries. ## +## -------------------------- ## + +# Much of our low-level functionality needs to be sourced from external +# libraries, which are installed to $pkgauxdir. + +# Set a version string for this script. +scriptversion=2015-01-20.17; # UTC + +# General shell script boiler plate, and helper functions. +# Written by Gary V. Vaughan, 2004 + +# Copyright (C) 2004-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# As a special exception to the GNU General Public License, if you distribute +# this file as part of a program or library that is built using GNU Libtool, +# you may include this file under the same distribution terms that you use +# for the rest of that program. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# Evaluate this file near the top of your script to gain access to +# the functions and variables defined here: +# +# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh +# +# If you need to override any of the default environment variable +# settings, do that before evaluating this file. + + +## -------------------- ## +## Shell normalisation. ## +## -------------------- ## + +# Some shells need a little help to be as Bourne compatible as possible. +# Before doing anything else, make sure all that help has been provided! + +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else - case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac + case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi -BIN_SH=xpg4; export BIN_SH # for Tru64 -DUALCASE=1; export DUALCASE # for MKS sh - -# A function that is used when there is no print builtin or printf. -func_fallback_echo () -{ - eval 'cat <<_LTECHO_EOF -$1 -_LTECHO_EOF' -} -# NLS nuisances: We save the old values to restore during execute mode. -lt_user_locale= -lt_safe_locale= -for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +# NLS nuisances: We save the old values in case they are required later. +_G_user_locale= +_G_safe_locale= +for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do - eval "if test \"\${$lt_var+set}\" = set; then - save_$lt_var=\$$lt_var - $lt_var=C - export $lt_var - lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" - lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + eval "if test set = \"\${$_G_var+set}\"; then + save_$_G_var=\$$_G_var + $_G_var=C + export $_G_var + _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" + _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" fi" done -LC_ALL=C -LANGUAGE=C -export LANGUAGE LC_ALL -$lt_unset CDPATH +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH +# Make sure IFS has a sensible default +sp=' ' +nl=' +' +IFS="$sp $nl" + +# There are apparently some retarded systems that use ';' as a PATH separator! +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi -# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh -# is ksh but when the shell is invoked as "sh" and the current value of -# the _XPG environment variable is not equal to 1 (one), the special -# positional parameter $0, within a function call, is the name of the -# function. -progpath="$0" +## ------------------------- ## +## Locate command utilities. ## +## ------------------------- ## + + +# func_executable_p FILE +# ---------------------- +# Check that FILE is an executable regular file. +func_executable_p () +{ + test -f "$1" && test -x "$1" +} + + +# func_path_progs PROGS_LIST CHECK_FUNC [PATH] +# -------------------------------------------- +# Search for either a program that responds to --version with output +# containing "GNU", or else returned by CHECK_FUNC otherwise, by +# trying all the directories in PATH with each of the elements of +# PROGS_LIST. +# +# CHECK_FUNC should accept the path to a candidate program, and +# set $func_check_prog_result if it truncates its output less than +# $_G_path_prog_max characters. +func_path_progs () +{ + _G_progs_list=$1 + _G_check_func=$2 + _G_PATH=${3-"$PATH"} + + _G_path_prog_max=0 + _G_path_prog_found=false + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} + for _G_dir in $_G_PATH; do + IFS=$_G_save_IFS + test -z "$_G_dir" && _G_dir=. + for _G_prog_name in $_G_progs_list; do + for _exeext in '' .EXE; do + _G_path_prog=$_G_dir/$_G_prog_name$_exeext + func_executable_p "$_G_path_prog" || continue + case `"$_G_path_prog" --version 2>&1` in + *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; + *) $_G_check_func $_G_path_prog + func_path_progs_result=$func_check_prog_result + ;; + esac + $_G_path_prog_found && break 3 + done + done + done + IFS=$_G_save_IFS + test -z "$func_path_progs_result" && { + echo "no acceptable sed could be found in \$PATH" >&2 + exit 1 + } +} + + +# We want to be able to use the functions in this file before configure +# has figured out where the best binaries are kept, which means we have +# to search for them ourselves - except when the results are already set +# where we skip the searches. + +# Unless the user overrides by setting SED, search the path for either GNU +# sed, or the sed that truncates its output the least. +test -z "$SED" && { + _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for _G_i in 1 2 3 4 5 6 7; do + _G_sed_script=$_G_sed_script$nl$_G_sed_script + done + echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed + _G_sed_script= + + func_check_prog_sed () + { + _G_path_prog=$1 + + _G_count=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo '' >> conftest.nl + "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + rm -f conftest.sed + SED=$func_path_progs_result +} + + +# Unless the user overrides by setting GREP, search the path for either GNU +# grep, or the grep that truncates its output the least. +test -z "$GREP" && { + func_check_prog_grep () + { + _G_path_prog=$1 + + _G_count=0 + _G_path_prog_max=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo 'GREP' >> conftest.nl + "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + GREP=$func_path_progs_result +} + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# All uppercase variable names are used for environment variables. These +# variables can be overridden by the user before calling a script that +# uses them if a suitable command of that name is not already available +# in the command search PATH. : ${CP="cp -f"} -test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} +: ${ECHO="printf %s\n"} +: ${EGREP="$GREP -E"} +: ${FGREP="$GREP -F"} +: ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} -: ${Xsed="$SED -e 1s/^X//"} - -# Global variables: -EXIT_SUCCESS=0 -EXIT_FAILURE=1 -EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. -EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. - -exit_status=$EXIT_SUCCESS - -# Make sure IFS has a sensible default -lt_nl=' -' -IFS=" $lt_nl" -dirname="s,/[^/]*$,," -basename="s,^.*/,," -# func_dirname file append nondir_replacement -# Compute the dirname of FILE. If nonempty, add APPEND to the result, -# otherwise set result to NONDIR_REPLACEMENT. -func_dirname () -{ - func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` - if test "X$func_dirname_result" = "X${1}"; then - func_dirname_result="${3}" - else - func_dirname_result="$func_dirname_result${2}" - fi -} # func_dirname may be replaced by extended shell implementation +## -------------------- ## +## Useful sed snippets. ## +## -------------------- ## +sed_dirname='s|/[^/]*$||' +sed_basename='s|^.*/||' -# func_basename file -func_basename () -{ - func_basename_result=`$ECHO "${1}" | $SED "$basename"` -} # func_basename may be replaced by extended shell implementation +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s|\([`"$\\]\)|\\\1|g' +# Same as above, but do not quote variable references. +sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' -# func_dirname_and_basename file append nondir_replacement -# perform func_basename and func_dirname in a single function -# call: -# dirname: Compute the dirname of FILE. If nonempty, -# add APPEND to the result, otherwise set result -# to NONDIR_REPLACEMENT. -# value returned in "$func_dirname_result" -# basename: Compute filename of FILE. -# value retuned in "$func_basename_result" -# Implementation must be kept synchronized with func_dirname -# and func_basename. For efficiency, we do not delegate to -# those functions but instead duplicate the functionality here. -func_dirname_and_basename () -{ - # Extract subdirectory from the argument. - func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` - if test "X$func_dirname_result" = "X${1}"; then - func_dirname_result="${3}" - else - func_dirname_result="$func_dirname_result${2}" - fi - func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` -} # func_dirname_and_basename may be replaced by extended shell implementation +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' +# Sed substitution that converts a w32 file name or path +# that contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-'\' parameter expansions in output of sed_double_quote_subst that +# were '\'-ed in input to the same. If an odd number of '\' preceded a +# '$' in input to sed_double_quote_subst, that '$' was protected from +# expansion. Since each input '\' is now two '\'s, look for any number +# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. +_G_bs='\\' +_G_bs2='\\\\' +_G_bs4='\\\\\\\\' +_G_dollar='\$' +sed_double_backslash="\ + s/$_G_bs4/&\\ +/g + s/^$_G_bs2$_G_dollar/$_G_bs&/ + s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g + s/\n//g" -# func_stripname prefix suffix name -# strip PREFIX and SUFFIX off of NAME. -# PREFIX and SUFFIX must not contain globbing or regex special -# characters, hashes, percent signs, but SUFFIX may contain a leading -# dot (in which case that matches only a dot). -# func_strip_suffix prefix name -func_stripname () -{ - case ${2} in - .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; - *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; - esac -} # func_stripname may be replaced by extended shell implementation +## ----------------- ## +## Global variables. ## +## ----------------- ## -# These SED scripts presuppose an absolute path with a trailing slash. -pathcar='s,^/\([^/]*\).*$,\1,' -pathcdr='s,^/[^/]*,,' -removedotparts=':dotsl - s@/\./@/@g - t dotsl - s,/\.$,/,' -collapseslashes='s@/\{1,\}@/@g' -finalslash='s,/*$,/,' +# Except for the global variables explicitly listed below, the following +# functions in the '^func_' namespace, and the '^require_' namespace +# variables initialised in the 'Resource management' section, sourcing +# this file will not pollute your global namespace with anything +# else. There's no portable way to scope variables in Bourne shell +# though, so actually running these functions will sometimes place +# results into a variable named after the function, and often use +# temporary variables in the '^_G_' namespace. If you are careful to +# avoid using those namespaces casually in your sourcing script, things +# should continue to work as you expect. And, of course, you can freely +# overwrite any of the functions or variables defined here before +# calling anything to customize them. -# func_normal_abspath PATH -# Remove doubled-up and trailing slashes, "." path components, -# and cancel out any ".." path components in PATH after making -# it an absolute path. -# value returned in "$func_normal_abspath_result" -func_normal_abspath () -{ - # Start from root dir and reassemble the path. - func_normal_abspath_result= - func_normal_abspath_tpath=$1 - func_normal_abspath_altnamespace= - case $func_normal_abspath_tpath in - "") - # Empty path, that just means $cwd. - func_stripname '' '/' "`pwd`" - func_normal_abspath_result=$func_stripname_result - return - ;; - # The next three entries are used to spot a run of precisely - # two leading slashes without using negated character classes; - # we take advantage of case's first-match behaviour. - ///*) - # Unusual form of absolute path, do nothing. - ;; - //*) - # Not necessarily an ordinary path; POSIX reserves leading '//' - # and for example Cygwin uses it to access remote file shares - # over CIFS/SMB, so we conserve a leading double slash if found. - func_normal_abspath_altnamespace=/ - ;; - /*) - # Absolute path, do nothing. - ;; - *) - # Relative path, prepend $cwd. - func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath - ;; - esac - # Cancel out all the simple stuff to save iterations. We also want - # the path to end with a slash for ease of parsing, so make sure - # there is one (and only one) here. - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` - while :; do - # Processed it all yet? - if test "$func_normal_abspath_tpath" = / ; then - # If we ascended to the root using ".." the result may be empty now. - if test -z "$func_normal_abspath_result" ; then - func_normal_abspath_result=/ - fi - break - fi - func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$pathcar"` - func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ - -e "$pathcdr"` - # Figure out what to do with it - case $func_normal_abspath_tcomponent in - "") - # Trailing empty path component, ignore it. - ;; - ..) - # Parent dir; strip last assembled component from result. - func_dirname "$func_normal_abspath_result" - func_normal_abspath_result=$func_dirname_result - ;; - *) - # Actual path component, append it. - func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent - ;; - esac - done - # Restore leading double-slash if one was found on entry. - func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result -} +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. -# func_relative_path SRCDIR DSTDIR -# generates a relative path from SRCDIR to DSTDIR, with a trailing -# slash if non-empty, suitable for immediately appending a filename -# without needing to append a separator. -# value returned in "$func_relative_path_result" -func_relative_path () -{ - func_relative_path_result= - func_normal_abspath "$1" - func_relative_path_tlibdir=$func_normal_abspath_result - func_normal_abspath "$2" - func_relative_path_tbindir=$func_normal_abspath_result - - # Ascend the tree starting from libdir - while :; do - # check if we have found a prefix of bindir - case $func_relative_path_tbindir in - $func_relative_path_tlibdir) - # found an exact match - func_relative_path_tcancelled= - break - ;; - $func_relative_path_tlibdir*) - # found a matching prefix - func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" - func_relative_path_tcancelled=$func_stripname_result - if test -z "$func_relative_path_result"; then - func_relative_path_result=. - fi - break - ;; - *) - func_dirname $func_relative_path_tlibdir - func_relative_path_tlibdir=${func_dirname_result} - if test "x$func_relative_path_tlibdir" = x ; then - # Have to descend all the way to the root! - func_relative_path_result=../$func_relative_path_result - func_relative_path_tcancelled=$func_relative_path_tbindir - break - fi - func_relative_path_result=../$func_relative_path_result - ;; - esac - done +# Allow overriding, eg assuming that you follow the convention of +# putting '$debug_cmd' at the start of all your functions, you can get +# bash to show function call trace with: +# +# debug_cmd='echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +debug_cmd=${debug_cmd-":"} +exit_cmd=: - # Now calculate path; take care to avoid doubling-up slashes. - func_stripname '' '/' "$func_relative_path_result" - func_relative_path_result=$func_stripname_result - func_stripname '/' '/' "$func_relative_path_tcancelled" - if test "x$func_stripname_result" != x ; then - func_relative_path_result=${func_relative_path_result}/${func_stripname_result} - fi +# By convention, finish your script with: +# +# exit $exit_status +# +# so that you can set exit_status to non-zero if you want to indicate +# something went wrong during execution without actually bailing out at +# the point of failure. +exit_status=$EXIT_SUCCESS - # Normalisation. If bindir is libdir, return empty string, - # else relative path ending with a slash; either way, target - # file name can be directly appended. - if test ! -z "$func_relative_path_result"; then - func_stripname './' '' "$func_relative_path_result/" - func_relative_path_result=$func_stripname_result - fi -} +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath=$0 -# The name of this program: -func_dirname_and_basename "$progpath" -progname=$func_basename_result +# The name of this program. +progname=`$ECHO "$progpath" |$SED "$sed_basename"` -# Make sure we have an absolute path for reexecution: +# Make sure we have an absolute progpath for reexecution: case $progpath in [\\/]*|[A-Za-z]:\\*) ;; *[\\/]*) - progdir=$func_dirname_result + progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` progdir=`cd "$progdir" && pwd` - progpath="$progdir/$progname" + progpath=$progdir/$progname ;; *) - save_IFS="$IFS" + _G_IFS=$IFS IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do - IFS="$save_IFS" + IFS=$_G_IFS test -x "$progdir/$progname" && break done - IFS="$save_IFS" + IFS=$_G_IFS test -n "$progdir" || progdir=`pwd` - progpath="$progdir/$progname" + progpath=$progdir/$progname ;; esac -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -Xsed="${SED}"' -e 1s/^X//' -sed_quote_subst='s/\([`"$\\]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\(["`\\]\)/\\\1/g' -# Sed substitution that turns a string into a regex matching for the -# string literally. -sed_make_literal_regex='s,[].[^$\\*\/],\\&,g' +## ----------------- ## +## Standard options. ## +## ----------------- ## -# Sed substitution that converts a w32 file name or path -# which contains forward slashes, into one that contains -# (escaped) backslashes. A very naive implementation. -lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' - -# Re-`\' parameter expansions in output of double_quote_subst that were -# `\'-ed in input to the same. If an odd number of `\' preceded a '$' -# in input to double_quote_subst, that '$' was protected from expansion. -# Since each input `\' is now two `\'s, look for any number of runs of -# four `\'s followed by two `\'s and then a '$'. `\' that '$'. -bs='\\' -bs2='\\\\' -bs4='\\\\\\\\' -dollar='\$' -sed_double_backslash="\ - s/$bs4/&\\ -/g - s/^$bs2$dollar/$bs&/ - s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g - s/\n//g" +# The following options affect the operation of the functions defined +# below, and should be set appropriately depending on run-time para- +# meters passed on the command line. -# Standard options: opt_dry_run=false -opt_help=false opt_quiet=false opt_verbose=false -opt_warning=: -# func_echo arg... -# Echo program name prefixed message, along with the current mode -# name if it has been set yet. -func_echo () -{ - $ECHO "$progname: ${opt_mode+$opt_mode: }$*" -} +# Categories 'all' and 'none' are always available. Append any others +# you will pass as the first argument to func_warning from your own +# code. +warning_categories= -# func_verbose arg... -# Echo program name prefixed message in verbose mode only. -func_verbose () -{ - $opt_verbose && func_echo ${1+"$@"} +# By default, display warnings according to 'opt_warning_types'. Set +# 'warning_func' to ':' to elide all warnings, or func_fatal_error to +# treat the next displayed warning as a fatal error. +warning_func=func_warn_and_continue - # A bug in bash halts the script if the last line of a function - # fails when set -e is in force, so we need another command to - # work around that: - : -} +# Set to 'all' to display all warnings, 'none' to suppress all +# warnings, or a space delimited list of some subset of +# 'warning_categories' to display only the listed warnings. +opt_warning_types=all -# func_echo_all arg... -# Invoke $ECHO with all args, space-separated. -func_echo_all () -{ - $ECHO "$*" -} -# func_error arg... -# Echo program name prefixed message to standard error. -func_error () -{ - $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2 -} +## -------------------- ## +## Resource management. ## +## -------------------- ## -# func_warning arg... -# Echo program name prefixed warning message to standard error. -func_warning () -{ - $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2 +# This section contains definitions for functions that each ensure a +# particular resource (a file, or a non-empty configuration variable for +# example) is available, and if appropriate to extract default values +# from pertinent package files. Call them using their associated +# 'require_*' variable to ensure that they are executed, at most, once. +# +# It's entirely deliberate that calling these functions can set +# variables that don't obey the namespace limitations obeyed by the rest +# of this file, in order that that they be as useful as possible to +# callers. - # bash bug again: - : -} -# func_fatal_error arg... -# Echo program name prefixed message to standard error, and exit. -func_fatal_error () +# require_term_colors +# ------------------- +# Allow display of bold text on terminals that support it. +require_term_colors=func_require_term_colors +func_require_term_colors () { - func_error ${1+"$@"} - exit $EXIT_FAILURE -} + $debug_cmd + + test -t 1 && { + # COLORTERM and USE_ANSI_COLORS environment variables take + # precedence, because most terminfo databases neglect to describe + # whether color sequences are supported. + test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} + + if test 1 = "$USE_ANSI_COLORS"; then + # Standard ANSI escape sequences + tc_reset='' + tc_bold=''; tc_standout='' + tc_red=''; tc_green='' + tc_blue=''; tc_cyan='' + else + # Otherwise trust the terminfo database after all. + test -n "`tput sgr0 2>/dev/null`" && { + tc_reset=`tput sgr0` + test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` + tc_standout=$tc_bold + test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` + test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` + test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` + test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` + test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` + } + fi + } -# func_fatal_help arg... -# Echo program name prefixed message to standard error, followed by -# a help hint, and exit. -func_fatal_help () -{ - func_error ${1+"$@"} - func_fatal_error "$help" + require_term_colors=: } -help="Try \`$progname --help' for more information." ## default -# func_grep expression filename +## ----------------- ## +## Function library. ## +## ----------------- ## + +# This section contains a variety of useful functions to call in your +# scripts. Take note of the portable wrappers for features provided by +# some modern shells, which will fall back to slower equivalents on +# less featureful shells. + + +# func_append VAR VALUE +# --------------------- +# Append VALUE onto the existing contents of VAR. + + # We should try to minimise forks, especially on Windows where they are + # unreasonably slow, so skip the feature probes when bash or zsh are + # being used: + if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then + : ${_G_HAVE_ARITH_OP="yes"} + : ${_G_HAVE_XSI_OPS="yes"} + # The += operator was introduced in bash 3.1 + case $BASH_VERSION in + [12].* | 3.0 | 3.0*) ;; + *) + : ${_G_HAVE_PLUSEQ_OP="yes"} + ;; + esac + fi + + # _G_HAVE_PLUSEQ_OP + # Can be empty, in which case the shell is probed, "yes" if += is + # useable or anything else if it does not work. + test -z "$_G_HAVE_PLUSEQ_OP" \ + && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ + && _G_HAVE_PLUSEQ_OP=yes + +if test yes = "$_G_HAVE_PLUSEQ_OP" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_append () + { + $debug_cmd + + eval "$1+=\$2" + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_append () + { + $debug_cmd + + eval "$1=\$$1\$2" + } +fi + + +# func_append_quoted VAR VALUE +# ---------------------------- +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +if test yes = "$_G_HAVE_PLUSEQ_OP"; then + eval 'func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1+=\\ \$func_quote_for_eval_result" + }' +else + func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1=\$$1\\ \$func_quote_for_eval_result" + } +fi + + +# func_append_uniq VAR VALUE +# -------------------------- +# Append unique VALUE onto the existing contents of VAR, assuming +# entries are delimited by the first character of VALUE. For example: +# +# func_append_uniq options " --another-option option-argument" +# +# will only append to $options if " --another-option option-argument " +# is not already present somewhere in $options already (note spaces at +# each end implied by leading space in second argument). +func_append_uniq () +{ + $debug_cmd + + eval _G_current_value='`$ECHO $'$1'`' + _G_delim=`expr "$2" : '\(.\)'` + + case $_G_delim$_G_current_value$_G_delim in + *"$2$_G_delim"*) ;; + *) func_append "$@" ;; + esac +} + + +# func_arith TERM... +# ------------------ +# Set func_arith_result to the result of evaluating TERMs. + test -z "$_G_HAVE_ARITH_OP" \ + && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ + && _G_HAVE_ARITH_OP=yes + +if test yes = "$_G_HAVE_ARITH_OP"; then + eval 'func_arith () + { + $debug_cmd + + func_arith_result=$(( $* )) + }' +else + func_arith () + { + $debug_cmd + + func_arith_result=`expr "$@"` + } +fi + + +# func_basename FILE +# ------------------ +# Set func_basename_result to FILE with everything up to and including +# the last / stripped. +if test yes = "$_G_HAVE_XSI_OPS"; then + # If this shell supports suffix pattern removal, then use it to avoid + # forking. Hide the definitions single quotes in case the shell chokes + # on unsupported syntax... + _b='func_basename_result=${1##*/}' + _d='case $1 in + */*) func_dirname_result=${1%/*}$2 ;; + * ) func_dirname_result=$3 ;; + esac' + +else + # ...otherwise fall back to using sed. + _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' + _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` + if test "X$func_dirname_result" = "X$1"; then + func_dirname_result=$3 + else + func_append func_dirname_result "$2" + fi' +fi + +eval 'func_basename () +{ + $debug_cmd + + '"$_b"' +}' + + +# func_dirname FILE APPEND NONDIR_REPLACEMENT +# ------------------------------------------- +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +eval 'func_dirname () +{ + $debug_cmd + + '"$_d"' +}' + + +# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT +# -------------------------------------------------------- +# Perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# For efficiency, we do not delegate to the functions above but instead +# duplicate the functionality here. +eval 'func_dirname_and_basename () +{ + $debug_cmd + + '"$_b"' + '"$_d"' +}' + + +# func_echo ARG... +# ---------------- +# Echo program name prefixed message. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_echo_all ARG... +# -------------------- +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + + +# func_echo_infix_1 INFIX ARG... +# ------------------------------ +# Echo program name, followed by INFIX on the first line, with any +# additional lines not showing INFIX. +func_echo_infix_1 () +{ + $debug_cmd + + $require_term_colors + + _G_infix=$1; shift + _G_indent=$_G_infix + _G_prefix="$progname: $_G_infix: " + _G_message=$* + + # Strip color escape sequences before counting printable length + for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" + do + test -n "$_G_tc" && { + _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` + _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` + } + done + _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes + + func_echo_infix_1_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_infix_1_IFS + $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 + _G_prefix=$_G_indent + done + IFS=$func_echo_infix_1_IFS +} + + +# func_error ARG... +# ----------------- +# Echo program name prefixed message to standard error. +func_error () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 +} + + +# func_fatal_error ARG... +# ----------------------- +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + $debug_cmd + + func_error "$*" + exit $EXIT_FAILURE +} + + +# func_grep EXPRESSION FILENAME +# ----------------------------- # Check whether EXPRESSION matches any line of FILENAME, without output. func_grep () { + $debug_cmd + $GREP "$1" "$2" >/dev/null 2>&1 } -# func_mkdir_p directory-path +# func_len STRING +# --------------- +# Set func_len_result to the length of STRING. STRING may not +# start with a hyphen. + test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_len () + { + $debug_cmd + + func_len_result=${#1} + }' +else + func_len () + { + $debug_cmd + + func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` + } +fi + + +# func_mkdir_p DIRECTORY-PATH +# --------------------------- # Make sure the entire path to DIRECTORY-PATH is available. func_mkdir_p () { - my_directory_path="$1" - my_dir_list= + $debug_cmd + + _G_directory_path=$1 + _G_dir_list= - if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then - # Protect directory names starting with `-' - case $my_directory_path in - -*) my_directory_path="./$my_directory_path" ;; + # Protect directory names starting with '-' + case $_G_directory_path in + -*) _G_directory_path=./$_G_directory_path ;; esac # While some portion of DIR does not yet exist... - while test ! -d "$my_directory_path"; do + while test ! -d "$_G_directory_path"; do # ...make a list in topmost first order. Use a colon delimited # list incase some portion of path contains whitespace. - my_dir_list="$my_directory_path:$my_dir_list" + _G_dir_list=$_G_directory_path:$_G_dir_list # If the last portion added has no slash in it, the list is done - case $my_directory_path in */*) ;; *) break ;; esac + case $_G_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop - my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` + _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` done - my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` + _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` - save_mkdir_p_IFS="$IFS"; IFS=':' - for my_dir in $my_dir_list; do - IFS="$save_mkdir_p_IFS" - # mkdir can fail with a `File exist' error if two processes + func_mkdir_p_IFS=$IFS; IFS=: + for _G_dir in $_G_dir_list; do + IFS=$func_mkdir_p_IFS + # mkdir can fail with a 'File exist' error if two processes # try to create one of the directories concurrently. Don't # stop in that case! - $MKDIR "$my_dir" 2>/dev/null || : + $MKDIR "$_G_dir" 2>/dev/null || : done - IFS="$save_mkdir_p_IFS" + IFS=$func_mkdir_p_IFS # Bail out if we (or some other process) failed to create a directory. - test -d "$my_directory_path" || \ - func_fatal_error "Failed to create \`$1'" + test -d "$_G_directory_path" || \ + func_fatal_error "Failed to create '$1'" fi } -# func_mktempdir [string] +# func_mktempdir [BASENAME] +# ------------------------- # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If -# given, STRING is the basename for that directory. +# given, BASENAME is the basename for that directory. func_mktempdir () { - my_template="${TMPDIR-/tmp}/${1-$progname}" + $debug_cmd - if test "$opt_dry_run" = ":"; then + _G_template=${TMPDIR-/tmp}/${1-$progname} + + if test : = "$opt_dry_run"; then # Return a directory name, but don't create it in dry-run mode - my_tmpdir="${my_template}-$$" + _G_tmpdir=$_G_template-$$ else # If mktemp works, use that first and foremost - my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` + _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` - if test ! -d "$my_tmpdir"; then + if test ! -d "$_G_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race - my_tmpdir="${my_template}-${RANDOM-0}$$" + _G_tmpdir=$_G_template-${RANDOM-0}$$ - save_mktempdir_umask=`umask` + func_mktempdir_umask=`umask` umask 0077 - $MKDIR "$my_tmpdir" - umask $save_mktempdir_umask + $MKDIR "$_G_tmpdir" + umask $func_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure - test -d "$my_tmpdir" || \ - func_fatal_error "cannot create temporary directory \`$my_tmpdir'" + test -d "$_G_tmpdir" || \ + func_fatal_error "cannot create temporary directory '$_G_tmpdir'" fi - $ECHO "$my_tmpdir" + $ECHO "$_G_tmpdir" } -# func_quote_for_eval arg -# Aesthetically quote ARG to be evaled later. -# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT -# is double-quoted, suitable for a subsequent eval, whereas -# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters -# which are still active within double quotes backslashified. -func_quote_for_eval () +# func_normal_abspath PATH +# ------------------------ +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +func_normal_abspath () { - case $1 in - *[\\\`\"\$]*) - func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; - *) - func_quote_for_eval_unquoted_result="$1" ;; - esac + $debug_cmd - case $func_quote_for_eval_unquoted_result in - # Double-quote args containing shell metacharacters to delay - # word splitting, command substitution and and variable - # expansion for a subsequent eval. - # Many Bourne shells cannot handle close brackets correctly - # in scan sets, so we specify it separately. - *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + # These SED scripts presuppose an absolute path with a trailing slash. + _G_pathcar='s|^/\([^/]*\).*$|\1|' + _G_pathcdr='s|^/[^/]*||' + _G_removedotparts=':dotsl + s|/\./|/|g + t dotsl + s|/\.$|/|' + _G_collapseslashes='s|/\{1,\}|/|g' + _G_finalslash='s|/*$|/|' + + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. ;; *) - func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; esac + + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` + while :; do + # Processed it all yet? + if test / = "$func_normal_abspath_tpath"; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result"; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + + +# func_notquiet ARG... +# -------------------- +# Echo program name prefixed message only when not in quiet mode. +func_notquiet () +{ + $debug_cmd + + $opt_quiet || func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + + +# func_relative_path SRCDIR DSTDIR +# -------------------------------- +# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. +func_relative_path () +{ + $debug_cmd + + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=$func_dirname_result + if test -z "$func_relative_path_tlibdir"; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test -n "$func_stripname_result"; then + func_append func_relative_path_result "/$func_stripname_result" + fi + + # Normalisation. If bindir is libdir, return '.' else relative path. + if test -n "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + fi + + test -n "$func_relative_path_result" || func_relative_path_result=. + + : +} + + +# func_quote_for_eval ARG... +# -------------------------- +# Aesthetically quote ARGs to be evaled later. +# This function returns two values: +# i) func_quote_for_eval_result +# double-quoted, suitable for a subsequent eval +# ii) func_quote_for_eval_unquoted_result +# has all characters that are still active within double +# quotes backslashified. +func_quote_for_eval () +{ + $debug_cmd + + func_quote_for_eval_unquoted_result= + func_quote_for_eval_result= + while test 0 -lt $#; do + case $1 in + *[\\\`\"\$]*) + _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; + *) + _G_unquoted_arg=$1 ;; + esac + if test -n "$func_quote_for_eval_unquoted_result"; then + func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" + else + func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + fi + + case $_G_unquoted_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_quoted_arg=\"$_G_unquoted_arg\" + ;; + *) + _G_quoted_arg=$_G_unquoted_arg + ;; + esac + + if test -n "$func_quote_for_eval_result"; then + func_append func_quote_for_eval_result " $_G_quoted_arg" + else + func_append func_quote_for_eval_result "$_G_quoted_arg" + fi + shift + done } -# func_quote_for_expand arg +# func_quote_for_expand ARG +# ------------------------- # Aesthetically quote ARG to be evaled later; same as above, # but do not quote variable references. func_quote_for_expand () { + $debug_cmd + case $1 in *[\\\`\"]*) - my_arg=`$ECHO "$1" | $SED \ - -e "$double_quote_subst" -e "$sed_double_backslash"` ;; + _G_arg=`$ECHO "$1" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; *) - my_arg="$1" ;; + _G_arg=$1 ;; esac - case $my_arg in + case $_G_arg in # Double-quote args containing shell metacharacters to delay # word splitting and command substitution for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") - my_arg="\"$my_arg\"" + _G_arg=\"$_G_arg\" ;; esac - func_quote_for_expand_result="$my_arg" + func_quote_for_expand_result=$_G_arg +} + + +# func_stripname PREFIX SUFFIX NAME +# --------------------------------- +# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_stripname () + { + $debug_cmd + + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary variable first. + func_stripname_result=$3 + func_stripname_result=${func_stripname_result#"$1"} + func_stripname_result=${func_stripname_result%"$2"} + }' +else + func_stripname () + { + $debug_cmd + + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; + esac + } +fi + + +# func_show_eval CMD [FAIL_EXP] +# ----------------------------- +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + func_quote_for_expand "$_G_cmd" + eval "func_notquiet $func_quote_for_expand_result" + + $opt_dry_run || { + eval "$_G_cmd" + _G_status=$? + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_show_eval_locale CMD [FAIL_EXP] +# ------------------------------------ +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + $opt_quiet || { + func_quote_for_expand "$_G_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + $opt_dry_run || { + eval "$_G_user_locale + $_G_cmd" + _G_status=$? + eval "$_G_safe_locale" + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_tr_sh +# ---------- +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + $debug_cmd + + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_verbose ARG... +# ------------------- +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $debug_cmd + + $opt_verbose && func_echo "$*" + + : +} + + +# func_warn_and_continue ARG... +# ----------------------------- +# Echo program name prefixed warning message to standard error. +func_warn_and_continue () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 +} + + +# func_warning CATEGORY ARG... +# ---------------------------- +# Echo program name prefixed warning message to standard error. Warning +# messages can be filtered according to CATEGORY, where this function +# elides messages where CATEGORY is not listed in the global variable +# 'opt_warning_types'. +func_warning () +{ + $debug_cmd + + # CATEGORY must be in the warning_categories list! + case " $warning_categories " in + *" $1 "*) ;; + *) func_internal_error "invalid warning category '$1'" ;; + esac + + _G_category=$1 + shift + + case " $opt_warning_types " in + *" $_G_category "*) $warning_func ${1+"$@"} ;; + esac +} + + +# func_sort_ver VER1 VER2 +# ----------------------- +# 'sort -V' is not generally available. +# Note this deviates from the version comparison in automake +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a +# but this should suffice as we won't be specifying old +# version formats or redundant trailing .0 in bootstrap.conf. +# If we did want full compatibility then we should probably +# use m4_version_compare from autoconf. +func_sort_ver () +{ + $debug_cmd + + printf '%s\n%s\n' "$1" "$2" \ + | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n +} + +# func_lt_ver PREV CURR +# --------------------- +# Return true if PREV and CURR are in the correct order according to +# func_sort_ver, otherwise false. Use it like this: +# +# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." +func_lt_ver () +{ + $debug_cmd + + test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: +#! /bin/sh + +# Set a version string for this script. +scriptversion=2015-10-07.11; # UTC + +# A portable, pluggable option parser for Bourne shell. +# Written by Gary V. Vaughan, 2010 + +# Copyright (C) 2010-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# This file is a library for parsing options in your shell scripts along +# with assorted other useful supporting features that you can make use +# of too. +# +# For the simplest scripts you might need only: +# +# #!/bin/sh +# . relative/path/to/funclib.sh +# . relative/path/to/options-parser +# scriptversion=1.0 +# func_options ${1+"$@"} +# eval set dummy "$func_options_result"; shift +# ...rest of your script... +# +# In order for the '--version' option to work, you will need to have a +# suitably formatted comment like the one at the top of this file +# starting with '# Written by ' and ending with '# warranty; '. +# +# For '-h' and '--help' to work, you will also need a one line +# description of your script's purpose in a comment directly above the +# '# Written by ' line, like the one at the top of this file. +# +# The default options also support '--debug', which will turn on shell +# execution tracing (see the comment above debug_cmd below for another +# use), and '--verbose' and the func_verbose function to allow your script +# to display verbose messages only when your user has specified +# '--verbose'. +# +# After sourcing this file, you can plug processing for additional +# options by amending the variables from the 'Configuration' section +# below, and following the instructions in the 'Option parsing' +# section further down. + +## -------------- ## +## Configuration. ## +## -------------- ## + +# You should override these variables in your script after sourcing this +# file so that they reflect the customisations you have added to the +# option parser. + +# The usage line for option parsing errors and the start of '-h' and +# '--help' output messages. You can embed shell variables for delayed +# expansion at the time the message is displayed, but you will need to +# quote other shell meta-characters carefully to prevent them being +# expanded when the contents are evaled. +usage='$progpath [OPTION]...' + +# Short help message in response to '-h' and '--help'. Add to this or +# override it after sourcing this library to reflect the full set of +# options your script accepts. +usage_message="\ + --debug enable verbose shell tracing + -W, --warnings=CATEGORY + report the warnings falling in CATEGORY [all] + -v, --verbose verbosely report processing + --version print version information and exit + -h, --help print short or long help message and exit +" + +# Additional text appended to 'usage_message' in response to '--help'. +long_help_message=" +Warning categories include: + 'all' show all warnings + 'none' turn off all the warnings + 'error' warnings are treated as fatal errors" + +# Help message printed before fatal option parsing errors. +fatal_help="Try '\$progname --help' for more information." + + + +## ------------------------- ## +## Hook function management. ## +## ------------------------- ## + +# This section contains functions for adding, removing, and running hooks +# to the main code. A hook is just a named list of of function, that can +# be run in order later on. + +# func_hookable FUNC_NAME +# ----------------------- +# Declare that FUNC_NAME will run hooks added with +# 'func_add_hook FUNC_NAME ...'. +func_hookable () +{ + $debug_cmd + + func_append hookable_fns " $1" +} + + +# func_add_hook FUNC_NAME HOOK_FUNC +# --------------------------------- +# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must +# first have been declared "hookable" by a call to 'func_hookable'. +func_add_hook () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not accept hook functions." ;; + esac + + eval func_append ${1}_hooks '" $2"' +} + + +# func_remove_hook FUNC_NAME HOOK_FUNC +# ------------------------------------ +# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +func_remove_hook () +{ + $debug_cmd + + eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' +} + + +# func_run_hooks FUNC_NAME [ARG]... +# --------------------------------- +# Run all hook functions registered to FUNC_NAME. +# It is assumed that the list of hook functions contains nothing more +# than a whitespace-delimited list of legal shell function names, and +# no effort is wasted trying to catch shell meta-characters or preserve +# whitespace. +func_run_hooks () +{ + $debug_cmd + + _G_rc_run_hooks=false + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not support hook funcions.n" ;; + esac + + eval _G_hook_fns=\$$1_hooks; shift + + for _G_hook in $_G_hook_fns; do + if eval $_G_hook '"$@"'; then + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift + _G_rc_run_hooks=: + fi + done + + $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result +} + + + +## --------------- ## +## Option parsing. ## +## --------------- ## + +# In order to add your own option parsing hooks, you must accept the +# full positional parameter list in your hook function, you may remove/edit +# any options that you action, and then pass back the remaining unprocessed +# options in '_result', escaped suitably for +# 'eval'. In this case you also must return $EXIT_SUCCESS to let the +# hook's caller know that it should pay attention to +# '_result'. Returning $EXIT_FAILURE signalizes that +# arguments are left untouched by the hook and therefore caller will ignore the +# result variable. +# +# Like this: +# +# my_options_prep () +# { +# $debug_cmd +# +# # Extend the existing usage message. +# usage_message=$usage_message' +# -s, --silent don'\''t print informational messages +# ' +# # No change in '$@' (ignored completely by this hook). There is +# # no need to do the equivalent (but slower) action: +# # func_quote_for_eval ${1+"$@"} +# # my_options_prep_result=$func_quote_for_eval_result +# false +# } +# func_add_hook func_options_prep my_options_prep +# +# +# my_silent_option () +# { +# $debug_cmd +# +# args_changed=false +# +# # Note that for efficiency, we parse as many options as we can +# # recognise in a loop before passing the remainder back to the +# # caller on the first unrecognised argument we encounter. +# while test $# -gt 0; do +# opt=$1; shift +# case $opt in +# --silent|-s) opt_silent=: +# args_changed=: +# ;; +# # Separate non-argument short options: +# -s*) func_split_short_opt "$_G_opt" +# set dummy "$func_split_short_opt_name" \ +# "-$func_split_short_opt_arg" ${1+"$@"} +# shift +# args_changed=: +# ;; +# *) # Make sure the first unrecognised option "$_G_opt" +# # is added back to "$@", we could need that later +# # if $args_changed is true. +# set dummy "$_G_opt" ${1+"$@"}; shift; break ;; +# esac +# done +# +# if $args_changed; then +# func_quote_for_eval ${1+"$@"} +# my_silent_option_result=$func_quote_for_eval_result +# fi +# +# $args_changed +# } +# func_add_hook func_parse_options my_silent_option +# +# +# my_option_validation () +# { +# $debug_cmd +# +# $opt_silent && $opt_verbose && func_fatal_help "\ +# '--silent' and '--verbose' options are mutually exclusive." +# +# false +# } +# func_add_hook func_validate_options my_option_validation +# +# You'll also need to manually amend $usage_message to reflect the extra +# options you parse. It's preferable to append if you can, so that +# multiple option parsing hooks can be added safely. + + +# func_options_finish [ARG]... +# ---------------------------- +# Finishing the option parse loop (call 'func_options' hooks ATM). +func_options_finish () +{ + $debug_cmd + + _G_func_options_finish_exit=false + if func_run_hooks func_options ${1+"$@"}; then + func_options_finish_result=$func_run_hooks_result + _G_func_options_finish_exit=: + fi + + $_G_func_options_finish_exit } -# func_show_eval cmd [fail_exp] -# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. -func_show_eval () +# func_options [ARG]... +# --------------------- +# All the functions called inside func_options are hookable. See the +# individual implementations for details. +func_hookable func_options +func_options () { - my_cmd="$1" - my_fail_exp="${2-:}" + $debug_cmd - ${opt_silent-false} || { - func_quote_for_expand "$my_cmd" - eval "func_echo $func_quote_for_expand_result" - } + _G_rc_options=false - if ${opt_dry_run-false}; then :; else - eval "$my_cmd" - my_status=$? - if test "$my_status" -eq 0; then :; else - eval "(exit $my_status); $my_fail_exp" + for my_func in options_prep parse_options validate_options options_finish + do + if eval func_$my_func '${1+"$@"}'; then + eval _G_res_var='$'"func_${my_func}_result" + eval set dummy "$_G_res_var" ; shift + _G_rc_options=: fi + done + + # Save modified positional parameters for caller. As a top-level + # options-parser function we always need to set the 'func_options_result' + # variable (regardless the $_G_rc_options value). + if $_G_rc_options; then + func_options_result=$_G_res_var + else + func_quote_for_eval ${1+"$@"} + func_options_result=$func_quote_for_eval_result fi + + $_G_rc_options } -# func_show_eval_locale cmd [fail_exp] -# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is -# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP -# is given, then evaluate it. Use the saved locale for evaluation. -func_show_eval_locale () +# func_options_prep [ARG]... +# -------------------------- +# All initialisations required before starting the option parse loop. +# Note that when calling hook functions, we pass through the list of +# positional parameters. If a hook function modifies that list, and +# needs to propagate that back to rest of this script, then the complete +# modified list must be put in 'func_run_hooks_result' before +# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned). +func_hookable func_options_prep +func_options_prep () { - my_cmd="$1" - my_fail_exp="${2-:}" + $debug_cmd - ${opt_silent-false} || { - func_quote_for_expand "$my_cmd" - eval "func_echo $func_quote_for_expand_result" - } + # Option defaults: + opt_verbose=false + opt_warning_types= - if ${opt_dry_run-false}; then :; else - eval "$lt_user_locale - $my_cmd" - my_status=$? - eval "$lt_safe_locale" - if test "$my_status" -eq 0; then :; else - eval "(exit $my_status); $my_fail_exp" - fi + _G_rc_options_prep=false + if func_run_hooks func_options_prep ${1+"$@"}; then + _G_rc_options_prep=: + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result fi + + $_G_rc_options_prep } -# func_tr_sh -# Turn $1 into a string suitable for a shell variable name. -# Result is stored in $func_tr_sh_result. All characters -# not in the set a-zA-Z0-9_ are replaced with '_'. Further, -# if $1 begins with a digit, a '_' is prepended as well. -func_tr_sh () + +# func_parse_options [ARG]... +# --------------------------- +# The main option parsing loop. +func_hookable func_parse_options +func_parse_options () { - case $1 in - [0-9]* | *[!a-zA-Z0-9_]*) - func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'` - ;; - * ) - func_tr_sh_result=$1 - ;; - esac + $debug_cmd + + func_parse_options_result= + + _G_rc_parse_options=false + # this just eases exit handling + while test $# -gt 0; do + # Defer to hook functions for initial option parsing, so they + # get priority in the event of reusing an option name. + if func_run_hooks func_parse_options ${1+"$@"}; then + eval set dummy "$func_run_hooks_result"; shift + _G_rc_parse_options=: + fi + + # Break out of the loop if we already parsed every option. + test $# -gt 0 || break + + _G_match_parse_options=: + _G_opt=$1 + shift + case $_G_opt in + --debug|-x) debug_cmd='set -x' + func_echo "enabling shell trace mode" + $debug_cmd + ;; + + --no-warnings|--no-warning|--no-warn) + set dummy --warnings none ${1+"$@"} + shift + ;; + + --warnings|--warning|-W) + if test $# = 0 && func_missing_arg $_G_opt; then + _G_rc_parse_options=: + break + fi + case " $warning_categories $1" in + *" $1 "*) + # trailing space prevents matching last $1 above + func_append_uniq opt_warning_types " $1" + ;; + *all) + opt_warning_types=$warning_categories + ;; + *none) + opt_warning_types=none + warning_func=: + ;; + *error) + opt_warning_types=$warning_categories + warning_func=func_fatal_error + ;; + *) + func_fatal_error \ + "unsupported warning category: '$1'" + ;; + esac + shift + ;; + + --verbose|-v) opt_verbose=: ;; + --version) func_version ;; + -\?|-h) func_usage ;; + --help) func_help ;; + + # Separate optargs to long options (plugins may need this): + --*=*) func_split_equals "$_G_opt" + set dummy "$func_split_equals_lhs" \ + "$func_split_equals_rhs" ${1+"$@"} + shift + ;; + + # Separate optargs to short options: + -W*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-v*|-x*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) _G_rc_parse_options=: ; break ;; + -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift + _G_match_parse_options=false + break + ;; + esac + + $_G_match_parse_options && _G_rc_parse_options=: + done + + + if $_G_rc_parse_options; then + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + func_parse_options_result=$func_quote_for_eval_result + fi + + $_G_rc_parse_options } -# func_version -# Echo version message to standard output and exit. -func_version () +# func_validate_options [ARG]... +# ------------------------------ +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +func_hookable func_validate_options +func_validate_options () { - $opt_debug + $debug_cmd - $SED -n '/(C)/!b go - :more - /\./!{ - N - s/\n# / / - b more - } - :go - /^# '$PROGRAM' (GNU /,/# warranty; / { - s/^# // - s/^# *$// - s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ - p - }' < "$progpath" - exit $? + _G_rc_validate_options=false + + # Display all warnings if -W was not given. + test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" + + if func_run_hooks func_validate_options ${1+"$@"}; then + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result + _G_rc_validate_options=: + fi + + # Bail if the options were screwed! + $exit_cmd $EXIT_FAILURE + + $_G_rc_validate_options } -# func_usage -# Echo short help message to standard output and exit. -func_usage () + + +## ----------------- ## +## Helper functions. ## +## ----------------- ## + +# This section contains the helper functions used by the rest of the +# hookable option parser framework in ascii-betical order. + + +# func_fatal_help ARG... +# ---------------------- +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () { - $opt_debug + $debug_cmd - $SED -n '/^# Usage:/,/^# *.*--help/ { - s/^# // - s/^# *$// - s/\$progname/'$progname'/ - p - }' < "$progpath" - echo - $ECHO "run \`$progname --help | more' for full usage" - exit $? + eval \$ECHO \""Usage: $usage"\" + eval \$ECHO \""$fatal_help"\" + func_error ${1+"$@"} + exit $EXIT_FAILURE } -# func_help [NOEXIT] -# Echo long help message to standard output and exit, -# unless 'noexit' is passed as argument. + +# func_help +# --------- +# Echo long help message to standard output and exit. func_help () { - $opt_debug - - $SED -n '/^# Usage:/,/# Report bugs to/ { - :print - s/^# // - s/^# *$// - s*\$progname*'$progname'* - s*\$host*'"$host"'* - s*\$SHELL*'"$SHELL"'* - s*\$LTCC*'"$LTCC"'* - s*\$LTCFLAGS*'"$LTCFLAGS"'* - s*\$LD*'"$LD"'* - s/\$with_gnu_ld/'"$with_gnu_ld"'/ - s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ - s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ - p - d - } - /^# .* home page:/b print - /^# General help using/b print - ' < "$progpath" - ret=$? - if test -z "$1"; then - exit $ret - fi + $debug_cmd + + func_usage_message + $ECHO "$long_help_message" + exit 0 } -# func_missing_arg argname + +# func_missing_arg ARGNAME +# ------------------------ # Echo program name prefixed message to standard error and set global # exit_cmd. func_missing_arg () { - $opt_debug + $debug_cmd - func_error "missing argument for $1." + func_error "Missing argument for '$1'." exit_cmd=exit } -# func_split_short_opt shortopt +# func_split_equals STRING +# ------------------------ +# Set func_split_equals_lhs and func_split_equals_rhs shell variables after +# splitting STRING at the '=' sign. +test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=${1%%=*} + func_split_equals_rhs=${1#*=} + test "x$func_split_equals_lhs" = "x$1" \ + && func_split_equals_rhs= + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` + func_split_equals_rhs= + test "x$func_split_equals_lhs" = "x$1" \ + || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` + } +fi #func_split_equals + + +# func_split_short_opt SHORTOPT +# ----------------------------- # Set func_split_short_opt_name and func_split_short_opt_arg shell # variables after splitting SHORTOPT after the 2nd character. -func_split_short_opt () +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"} + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` + func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` + } +fi #func_split_short_opt + + +# func_usage +# ---------- +# Echo short help message to standard output and exit. +func_usage () { - my_sed_short_opt='1s/^\(..\).*$/\1/;q' - my_sed_short_rest='1s/^..\(.*\)$/\1/;q' + $debug_cmd - func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"` - func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"` -} # func_split_short_opt may be replaced by extended shell implementation + func_usage_message + $ECHO "Run '$progname --help |${PAGER-more}' for full usage" + exit 0 +} -# func_split_long_opt longopt -# Set func_split_long_opt_name and func_split_long_opt_arg shell -# variables after splitting LONGOPT at the `=' sign. -func_split_long_opt () +# func_usage_message +# ------------------ +# Echo short help message to standard output. +func_usage_message () { - my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q' - my_sed_long_arg='1s/^--[^=]*=//' + $debug_cmd - func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"` - func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"` -} # func_split_long_opt may be replaced by extended shell implementation + eval \$ECHO \""Usage: $usage"\" + echo + $SED -n 's|^# || + /^Written by/{ + x;p;x + } + h + /^Written by/q' < "$progpath" + echo + eval \$ECHO \""$usage_message"\" +} -exit_cmd=: +# func_version +# ------------ +# Echo version message to standard output and exit. +func_version () +{ + $debug_cmd + printf '%s\n' "$progname $scriptversion" + $SED -n ' + /(C)/!b go + :more + /\./!{ + N + s|\n# | | + b more + } + :go + /^# Written by /,/# warranty; / { + s|^# || + s|^# *$|| + s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| + p + } + /^# Written by / { + s|^# || + p + } + /^warranty; /q' < "$progpath" + exit $? +} -magic="%%%MAGIC variable%%%" -magic_exe="%%%MAGIC EXE variable%%%" +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: -# Global variables. -nonopt= -preserve_args= -lo2o="s/\\.lo\$/.${objext}/" -o2lo="s/\\.${objext}\$/.lo/" -extracted_archives= -extracted_serial=0 +# Set a version string. +scriptversion='(GNU libtool) 2.4.6' -# If this variable is set in any of the actions, the command in it -# will be execed at the end. This prevents here-documents from being -# left over by shells. -exec_cmd= -# func_append var value -# Append VALUE to the end of shell variable VAR. -func_append () +# func_echo ARG... +# ---------------- +# Libtool also displays the current mode in messages, so override +# funclib.sh func_echo with this custom definition. +func_echo () { - eval "${1}=\$${1}\${2}" -} # func_append may be replaced by extended shell implementation + $debug_cmd -# func_append_quoted var value -# Quote VALUE and append to the end of shell variable VAR, separated -# by a space. -func_append_quoted () -{ - func_quote_for_eval "${2}" - eval "${1}=\$${1}\\ \$func_quote_for_eval_result" -} # func_append_quoted may be replaced by extended shell implementation + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" + done + IFS=$func_echo_IFS +} -# func_arith arithmetic-term... -func_arith () +# func_warning ARG... +# ------------------- +# Libtool warnings are not categorized, so override funclib.sh +# func_warning with this simpler definition. +func_warning () { - func_arith_result=`expr "${@}"` -} # func_arith may be replaced by extended shell implementation + $debug_cmd + $warning_func ${1+"$@"} +} -# func_len string -# STRING may not start with a hyphen. -func_len () -{ - func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len` -} # func_len may be replaced by extended shell implementation +## ---------------- ## +## Options parsing. ## +## ---------------- ## + +# Hook in the functions to make sure our own options are parsed during +# the option parsing loop. + +usage='$progpath [OPTION]... [MODE-ARG]...' + +# Short help message in response to '-h'. +usage_message="Options: + --config show all configuration variables + --debug enable verbose shell tracing + -n, --dry-run display commands without modifying any files + --features display basic configuration information and exit + --mode=MODE use operation mode MODE + --no-warnings equivalent to '-Wnone' + --preserve-dup-deps don't remove duplicate dependency libraries + --quiet, --silent don't print informational messages + --tag=TAG use configuration variables from tag TAG + -v, --verbose print more informational messages than default + --version print version information + -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] + -h, --help, --help-all print short, long, or detailed help message +" -# func_lo2o object -func_lo2o () +# Additional text appended to 'usage_message' in response to '--help'. +func_help () { - func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` -} # func_lo2o may be replaced by extended shell implementation + $debug_cmd + + func_usage_message + $ECHO "$long_help_message + +MODE must be one of the following: + + clean remove files from the build directory + compile compile a source file into a libtool object + execute automatically set library path, then run a program + finish complete the installation of libtool libraries + install install libraries or executables + link create a library or an executable + uninstall remove libraries from an installed directory + +MODE-ARGS vary depending on the MODE. When passed as first option, +'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. +Try '$progname --help --mode=MODE' for a more detailed description of MODE. + +When reporting a bug, please describe a test case to reproduce it and +include the following information: + + host-triplet: $host + shell: $SHELL + compiler: $LTCC + compiler flags: $LTCFLAGS + linker: $LD (gnu? $with_gnu_ld) + version: $progname $scriptversion Debian-2.4.6-14 + automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` + autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` + +Report bugs to . +GNU libtool home page: . +General help using GNU software: ." + exit 0 +} -# func_xform libobj-or-source -func_xform () -{ - func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'` -} # func_xform may be replaced by extended shell implementation +# func_lo2o OBJECT-NAME +# --------------------- +# Transform OBJECT-NAME from a '.lo' suffix to the platform specific +# object suffix. + +lo2o=s/\\.lo\$/.$objext/ +o2lo=s/\\.$objext\$/.lo/ + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_lo2o () + { + case $1 in + *.lo) func_lo2o_result=${1%.lo}.$objext ;; + * ) func_lo2o_result=$1 ;; + esac + }' + + # func_xform LIBOBJ-OR-SOURCE + # --------------------------- + # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) + # suffix to a '.lo' libtool-object suffix. + eval 'func_xform () + { + func_xform_result=${1%.*}.lo + }' +else + # ...otherwise fall back to using sed. + func_lo2o () + { + func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` + } + + func_xform () + { + func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` + } +fi -# func_fatal_configuration arg... +# func_fatal_configuration ARG... +# ------------------------------- # Echo program name prefixed message to standard error, followed by # a configuration failure hint, and exit. func_fatal_configuration () { - func_error ${1+"$@"} - func_error "See the $PACKAGE documentation for more information." - func_fatal_error "Fatal configuration error." + func__fatal_error ${1+"$@"} \ + "See the $PACKAGE documentation for more information." \ + "Fatal configuration error." } # func_config +# ----------- # Display the configuration for all the tags in this script. func_config () { @@ -915,17 +2222,19 @@ func_config () exit $? } + # func_features +# ------------- # Display the features supported by this script. func_features () { echo "host: $host" - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then echo "enable shared libraries" else echo "disable shared libraries" fi - if test "$build_old_libs" = yes; then + if test yes = "$build_old_libs"; then echo "enable static libraries" else echo "disable static libraries" @@ -934,314 +2243,369 @@ func_features () exit $? } -# func_enable_tag tagname + +# func_enable_tag TAGNAME +# ----------------------- # Verify that TAGNAME is valid, and either flag an error and exit, or # enable the TAGNAME tag. We also add TAGNAME to the global $taglist # variable here. func_enable_tag () { - # Global variable: - tagname="$1" + # Global variable: + tagname=$1 - re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" - re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" - sed_extractcf="/$re_begincf/,/$re_endcf/p" + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf=/$re_begincf/,/$re_endcf/p - # Validate tagname. - case $tagname in - *[!-_A-Za-z0-9,/]*) - func_fatal_error "invalid tag name: $tagname" - ;; - esac + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac - # Don't test for the "default" C tag, as we know it's - # there but not specially marked. - case $tagname in - CC) ;; + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; *) - if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then - taglist="$taglist $tagname" - - # Evaluate the configuration. Be careful to quote the path - # and the sed script, to avoid splitting on whitespace, but - # also don't use non-portable quotes within backquotes within - # quotes we have to do it in 2 steps: - extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` - eval "$extractedcf" - else - func_error "ignoring unknown tag $tagname" - fi - ;; - esac + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac } + # func_check_version_match +# ------------------------ # Ensure that we are using m4 macros, and libtool script from the same # release of libtool. func_check_version_match () { - if test "$package_revision" != "$macro_revision"; then - if test "$VERSION" != "$macro_version"; then - if test -z "$macro_version"; then - cat >&2 <<_LT_EOF + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from an older release. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF - else - cat >&2 <<_LT_EOF + else + cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from $PACKAGE $macro_version. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF - fi - else - cat >&2 <<_LT_EOF + fi + else + cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, $progname: but the definition of this LT_INIT comes from revision $macro_revision. $progname: You should recreate aclocal.m4 with macros from revision $package_revision $progname: of $PACKAGE $VERSION and run autoconf again. _LT_EOF - fi + fi - exit $EXIT_MISMATCH - fi + exit $EXIT_MISMATCH + fi } -# Shorthand for --mode=foo, only valid as the first argument -case $1 in -clean|clea|cle|cl) - shift; set dummy --mode clean ${1+"$@"}; shift - ;; -compile|compil|compi|comp|com|co|c) - shift; set dummy --mode compile ${1+"$@"}; shift - ;; -execute|execut|execu|exec|exe|ex|e) - shift; set dummy --mode execute ${1+"$@"}; shift - ;; -finish|finis|fini|fin|fi|f) - shift; set dummy --mode finish ${1+"$@"}; shift - ;; -install|instal|insta|inst|ins|in|i) - shift; set dummy --mode install ${1+"$@"}; shift - ;; -link|lin|li|l) - shift; set dummy --mode link ${1+"$@"}; shift - ;; -uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) - shift; set dummy --mode uninstall ${1+"$@"}; shift - ;; -esac - +# libtool_options_prep [ARG]... +# ----------------------------- +# Preparation for options parsed by libtool. +libtool_options_prep () +{ + $debug_mode + # Option defaults: + opt_config=false + opt_dlopen= + opt_dry_run=false + opt_help=false + opt_mode= + opt_preserve_dup_deps=false + opt_quiet=false -# Option defaults: -opt_debug=: -opt_dry_run=false -opt_config=false -opt_preserve_dup_deps=false -opt_features=false -opt_finish=false -opt_help=false -opt_help_all=false -opt_silent=: -opt_warning=: -opt_verbose=: -opt_silent=false -opt_verbose=false + nonopt= + preserve_args= + _G_rc_lt_options_prep=: -# Parse options once, thoroughly. This comes as soon as possible in the -# script to make things like `--version' happen as quickly as we can. -{ - # this just eases exit handling - while test $# -gt 0; do - opt="$1" - shift - case $opt in - --debug|-x) opt_debug='set -x' - func_echo "enabling shell trace mode" - $opt_debug - ;; - --dry-run|--dryrun|-n) - opt_dry_run=: - ;; - --config) - opt_config=: -func_config - ;; - --dlopen|-dlopen) - optarg="$1" - opt_dlopen="${opt_dlopen+$opt_dlopen -}$optarg" - shift - ;; - --preserve-dup-deps) - opt_preserve_dup_deps=: - ;; - --features) - opt_features=: -func_features - ;; - --finish) - opt_finish=: -set dummy --mode finish ${1+"$@"}; shift - ;; - --help) - opt_help=: - ;; - --help-all) - opt_help_all=: -opt_help=': help-all' - ;; - --mode) - test $# = 0 && func_missing_arg $opt && break - optarg="$1" - opt_mode="$optarg" -case $optarg in - # Valid mode arguments: - clean|compile|execute|finish|install|link|relink|uninstall) ;; - - # Catch anything else as an error - *) func_error "invalid argument for $opt" - exit_cmd=exit - break - ;; -esac - shift - ;; - --no-silent|--no-quiet) - opt_silent=false -func_append preserve_args " $opt" - ;; - --no-warning|--no-warn) - opt_warning=false -func_append preserve_args " $opt" - ;; - --no-verbose) - opt_verbose=false -func_append preserve_args " $opt" - ;; - --silent|--quiet) - opt_silent=: -func_append preserve_args " $opt" - opt_verbose=false - ;; - --verbose|-v) - opt_verbose=: -func_append preserve_args " $opt" -opt_silent=false - ;; - --tag) - test $# = 0 && func_missing_arg $opt && break - optarg="$1" - opt_tag="$optarg" -func_append preserve_args " $opt $optarg" -func_enable_tag "$optarg" - shift - ;; - - -\?|-h) func_usage ;; - --help) func_help ;; - --version) func_version ;; - - # Separate optargs to long options: - --*=*) - func_split_long_opt "$opt" - set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"} - shift - ;; - - # Separate non-argument short options: - -\?*|-h*|-n*|-v*) - func_split_short_opt "$opt" - set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"} - shift - ;; - - --) break ;; - -*) func_fatal_help "unrecognized option \`$opt'" ;; - *) set dummy "$opt" ${1+"$@"}; shift; break ;; + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; + *) + _G_rc_lt_options_prep=false + ;; esac - done - # Validate options: + if $_G_rc_lt_options_prep; then + # Pass back the list of options. + func_quote_for_eval ${1+"$@"} + libtool_options_prep_result=$func_quote_for_eval_result + fi - # save first non-option argument - if test "$#" -gt 0; then - nonopt="$opt" - shift - fi + $_G_rc_lt_options_prep +} +func_add_hook func_options_prep libtool_options_prep - # preserve --debug - test "$opt_debug" = : || func_append preserve_args " --debug" - case $host in - *cygwin* | *mingw* | *pw32* | *cegcc*) - # don't eliminate duplications in $postdeps and $predeps - opt_duplicate_compiler_generated_deps=: - ;; - *) - opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps - ;; - esac +# libtool_parse_options [ARG]... +# --------------------------------- +# Provide handling for libtool specific options. +libtool_parse_options () +{ + $debug_cmd - $opt_help || { - # Sanity checks first: - func_check_version_match + _G_rc_lt_parse_options=false - if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then - func_fatal_configuration "not configured to build any kind of library" + # Perform our own loop to consume as many options as possible in + # each iteration. + while test $# -gt 0; do + _G_match_lt_parse_options=: + _G_opt=$1 + shift + case $_G_opt in + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + + --config) func_config ;; + + --dlopen|-dlopen) + opt_dlopen="${opt_dlopen+$opt_dlopen +}$1" + shift + ;; + + --preserve-dup-deps) + opt_preserve_dup_deps=: ;; + + --features) func_features ;; + + --finish) set dummy --mode finish ${1+"$@"}; shift ;; + + --help) opt_help=: ;; + + --help-all) opt_help=': help-all' ;; + + --mode) test $# = 0 && func_missing_arg $_G_opt && break + opt_mode=$1 + case $1 in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $_G_opt" + exit_cmd=exit + break + ;; + esac + shift + ;; + + --no-silent|--no-quiet) + opt_quiet=false + func_append preserve_args " $_G_opt" + ;; + + --no-warnings|--no-warning|--no-warn) + opt_warning=false + func_append preserve_args " $_G_opt" + ;; + + --no-verbose) + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --silent|--quiet) + opt_quiet=: + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --tag) test $# = 0 && func_missing_arg $_G_opt && break + opt_tag=$1 + func_append preserve_args " $_G_opt $1" + func_enable_tag "$1" + shift + ;; + + --verbose|-v) opt_quiet=false + opt_verbose=: + func_append preserve_args " $_G_opt" + ;; + + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"} ; shift + _G_match_lt_parse_options=false + break + ;; + esac + $_G_match_lt_parse_options && _G_rc_lt_parse_options=: + done + + if $_G_rc_lt_parse_options; then + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + libtool_parse_options_result=$func_quote_for_eval_result fi - # Darwin sucks - eval std_shrext=\"$shrext_cmds\" + $_G_rc_lt_parse_options +} +func_add_hook func_parse_options libtool_parse_options + - # Only execute mode is allowed to have -dlopen flags. - if test -n "$opt_dlopen" && test "$opt_mode" != execute; then - func_error "unrecognized option \`-dlopen'" - $ECHO "$help" 1>&2 - exit $EXIT_FAILURE + +# libtool_validate_options [ARG]... +# --------------------------------- +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +libtool_validate_options () +{ + # save first non-option argument + if test 0 -lt $#; then + nonopt=$1 + shift fi - # Change the help message to a mode-specific one. - generic_help="$help" - help="Try \`$progname --help --mode=$opt_mode' for more information." - } + # preserve --debug + test : = "$debug_cmd" || func_append preserve_args " --debug" + + case $host in + # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 + # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 + *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac + $opt_help || { + # Sanity checks first: + func_check_version_match - # Bail if the options were screwed - $exit_cmd $EXIT_FAILURE + test yes != "$build_libtool_libs" \ + && test yes != "$build_old_libs" \ + && func_fatal_configuration "not configured to build any kind of library" + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test execute != "$opt_mode"; then + func_error "unrecognized option '-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help=$help + help="Try '$progname --help --mode=$opt_mode' for more information." + } + + # Pass back the unparsed argument list + func_quote_for_eval ${1+"$@"} + libtool_validate_options_result=$func_quote_for_eval_result } +func_add_hook func_validate_options libtool_validate_options +# Process options as early as possible so that --help and --version +# can return quickly. +func_options ${1+"$@"} +eval set dummy "$func_options_result"; shift + ## ----------- ## ## Main. ## ## ----------- ## +magic='%%%MAGIC variable%%%' +magic_exe='%%%MAGIC EXE variable%%%' + +# Global variables. +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# func_generated_by_libtool +# True iff stdin has been generated by Libtool. This function is only +# a basic sanity check; it will hardly flush out determined imposters. +func_generated_by_libtool_p () +{ + $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + # func_lalib_p file -# True iff FILE is a libtool `.la' library or `.lo' object file. +# True iff FILE is a libtool '.la' library or '.lo' object file. # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_lalib_p () { test -f "$1" && - $SED -e 4q "$1" 2>/dev/null \ - | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 + $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p } # func_lalib_unsafe_p file -# True iff FILE is a libtool `.la' library or `.lo' object file. +# True iff FILE is a libtool '.la' library or '.lo' object file. # This function implements the same check as func_lalib_p without # resorting to external programs. To this end, it redirects stdin and # closes it afterwards, without saving the original file descriptor. # As a safety measure, use it only where a negative result would be -# fatal anyway. Works if `file' does not exist. +# fatal anyway. Works if 'file' does not exist. func_lalib_unsafe_p () { lalib_p=no @@ -1249,13 +2613,13 @@ func_lalib_unsafe_p () for lalib_p_l in 1 2 3 4 do read lalib_p_line - case "$lalib_p_line" in + case $lalib_p_line in \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; esac done exec 0<&5 5<&- fi - test "$lalib_p" = yes + test yes = "$lalib_p" } # func_ltwrapper_script_p file @@ -1264,7 +2628,8 @@ func_lalib_unsafe_p () # determined imposters. func_ltwrapper_script_p () { - func_lalib_p "$1" + test -f "$1" && + $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p } # func_ltwrapper_executable_p file @@ -1289,7 +2654,7 @@ func_ltwrapper_scriptname () { func_dirname_and_basename "$1" "" "." func_stripname '' '.exe' "$func_basename_result" - func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" + func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper } # func_ltwrapper_p file @@ -1308,11 +2673,13 @@ func_ltwrapper_p () # FAIL_CMD may read-access the current command in variable CMD! func_execute_cmds () { - $opt_debug + $debug_cmd + save_ifs=$IFS; IFS='~' for cmd in $1; do - IFS=$save_ifs + IFS=$sp$nl eval cmd=\"$cmd\" + IFS=$save_ifs func_show_eval "$cmd" "${2-:}" done IFS=$save_ifs @@ -1324,10 +2691,11 @@ func_execute_cmds () # Note that it is not necessary on cygwin/mingw to append a dot to # FILE even if both FILE and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing -# `FILE.' does not work on cygwin managed mounts. +# 'FILE.' does not work on cygwin managed mounts. func_source () { - $opt_debug + $debug_cmd + case $1 in */* | *\\*) . "$1" ;; *) . "./$1" ;; @@ -1354,10 +2722,10 @@ func_resolve_sysroot () # store the result into func_replace_sysroot_result. func_replace_sysroot () { - case "$lt_sysroot:$1" in + case $lt_sysroot:$1 in ?*:"$lt_sysroot"*) func_stripname "$lt_sysroot" '' "$1" - func_replace_sysroot_result="=$func_stripname_result" + func_replace_sysroot_result='='$func_stripname_result ;; *) # Including no sysroot. @@ -1374,7 +2742,8 @@ func_replace_sysroot () # arg is usually of the form 'gcc ...' func_infer_tag () { - $opt_debug + $debug_cmd + if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do @@ -1393,7 +2762,7 @@ func_infer_tag () for z in $available_tags; do if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. - eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. @@ -1418,7 +2787,7 @@ func_infer_tag () # line option must be used. if test -z "$tagname"; then func_echo "unable to infer tagged configuration" - func_fatal_error "specify a tag with \`--tag'" + func_fatal_error "specify a tag with '--tag'" # else # func_verbose "using $tagname tagged configuration" fi @@ -1434,15 +2803,15 @@ func_infer_tag () # but don't create it if we're doing a dry run. func_write_libtool_object () { - write_libobj=${1} - if test "$build_libtool_libs" = yes; then - write_lobj=\'${2}\' + write_libobj=$1 + if test yes = "$build_libtool_libs"; then + write_lobj=\'$2\' else write_lobj=none fi - if test "$build_old_libs" = yes; then - write_oldobj=\'${3}\' + if test yes = "$build_old_libs"; then + write_oldobj=\'$3\' else write_oldobj=none fi @@ -1450,7 +2819,7 @@ func_write_libtool_object () $opt_dry_run || { cat >${write_libobj}T </dev/null` - if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then + if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | - $SED -e "$lt_sed_naive_backslashify"` + $SED -e "$sed_naive_backslashify"` else func_convert_core_file_wine_to_w32_result= fi @@ -1514,18 +2884,19 @@ func_convert_core_file_wine_to_w32 () # are convertible, then the result may be empty. func_convert_core_path_wine_to_w32 () { - $opt_debug + $debug_cmd + # unfortunately, winepath doesn't convert paths, only file names - func_convert_core_path_wine_to_w32_result="" + func_convert_core_path_wine_to_w32_result= if test -n "$1"; then oldIFS=$IFS IFS=: for func_convert_core_path_wine_to_w32_f in $1; do IFS=$oldIFS func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" - if test -n "$func_convert_core_file_wine_to_w32_result" ; then + if test -n "$func_convert_core_file_wine_to_w32_result"; then if test -z "$func_convert_core_path_wine_to_w32_result"; then - func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result" + func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result else func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" fi @@ -1554,7 +2925,8 @@ func_convert_core_path_wine_to_w32 () # environment variable; do not put it in $PATH. func_cygpath () { - $opt_debug + $debug_cmd + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` if test "$?" -ne 0; then @@ -1563,7 +2935,7 @@ func_cygpath () fi else func_cygpath_result= - func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'" + func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" fi } #end: func_cygpath @@ -1574,10 +2946,11 @@ func_cygpath () # result in func_convert_core_msys_to_w32_result. func_convert_core_msys_to_w32 () { - $opt_debug + $debug_cmd + # awkward: cmd appends spaces to result func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | - $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` + $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` } #end: func_convert_core_msys_to_w32 @@ -1588,13 +2961,14 @@ func_convert_core_msys_to_w32 () # func_to_host_file_result to ARG1). func_convert_file_check () { - $opt_debug - if test -z "$2" && test -n "$1" ; then + $debug_cmd + + if test -z "$2" && test -n "$1"; then func_error "Could not determine host file name corresponding to" - func_error " \`$1'" + func_error " '$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: - func_to_host_file_result="$1" + func_to_host_file_result=$1 fi } # end func_convert_file_check @@ -1606,10 +2980,11 @@ func_convert_file_check () # func_to_host_file_result to a simplistic fallback value (see below). func_convert_path_check () { - $opt_debug + $debug_cmd + if test -z "$4" && test -n "$3"; then func_error "Could not determine the host path corresponding to" - func_error " \`$3'" + func_error " '$3'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This is a deliberately simplistic "conversion" and # should not be "improved". See libtool.info. @@ -1618,7 +2993,7 @@ func_convert_path_check () func_to_host_path_result=`echo "$3" | $SED -e "$lt_replace_pathsep_chars"` else - func_to_host_path_result="$3" + func_to_host_path_result=$3 fi fi } @@ -1630,9 +3005,10 @@ func_convert_path_check () # and appending REPL if ORIG matches BACKPAT. func_convert_path_front_back_pathsep () { - $opt_debug + $debug_cmd + case $4 in - $1 ) func_to_host_path_result="$3$func_to_host_path_result" + $1 ) func_to_host_path_result=$3$func_to_host_path_result ;; esac case $4 in @@ -1646,7 +3022,7 @@ func_convert_path_front_back_pathsep () ################################################## # $build to $host FILE NAME CONVERSION FUNCTIONS # ################################################## -# invoked via `$to_host_file_cmd ARG' +# invoked via '$to_host_file_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # Result will be available in $func_to_host_file_result. @@ -1657,7 +3033,8 @@ func_convert_path_front_back_pathsep () # in func_to_host_file_result. func_to_host_file () { - $opt_debug + $debug_cmd + $to_host_file_cmd "$1" } # end func_to_host_file @@ -1669,7 +3046,8 @@ func_to_host_file () # in (the comma separated) LAZY, no conversion takes place. func_to_tool_file () { - $opt_debug + $debug_cmd + case ,$2, in *,"$to_tool_file_cmd",*) func_to_tool_file_result=$1 @@ -1687,7 +3065,7 @@ func_to_tool_file () # Copy ARG to func_to_host_file_result. func_convert_file_noop () { - func_to_host_file_result="$1" + func_to_host_file_result=$1 } # end func_convert_file_noop @@ -1698,11 +3076,12 @@ func_convert_file_noop () # func_to_host_file_result. func_convert_file_msys_to_w32 () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" - func_to_host_file_result="$func_convert_core_msys_to_w32_result" + func_to_host_file_result=$func_convert_core_msys_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1714,8 +3093,9 @@ func_convert_file_msys_to_w32 () # func_to_host_file_result. func_convert_file_cygwin_to_w32 () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then # because $build is cygwin, we call "the" cygpath in $PATH; no need to use # LT_CYGPATH in this case. @@ -1731,11 +3111,12 @@ func_convert_file_cygwin_to_w32 () # and a working winepath. Returns result in func_to_host_file_result. func_convert_file_nix_to_w32 () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_file_wine_to_w32 "$1" - func_to_host_file_result="$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result=$func_convert_core_file_wine_to_w32_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1747,12 +3128,13 @@ func_convert_file_nix_to_w32 () # Returns result in func_to_host_file_result. func_convert_file_msys_to_cygwin () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_cygpath -u "$func_convert_core_msys_to_w32_result" - func_to_host_file_result="$func_cygpath_result" + func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1765,13 +3147,14 @@ func_convert_file_msys_to_cygwin () # in func_to_host_file_result. func_convert_file_nix_to_cygwin () { - $opt_debug - func_to_host_file_result="$1" + $debug_cmd + + func_to_host_file_result=$1 if test -n "$1"; then # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. func_convert_core_file_wine_to_w32 "$1" func_cygpath -u "$func_convert_core_file_wine_to_w32_result" - func_to_host_file_result="$func_cygpath_result" + func_to_host_file_result=$func_cygpath_result fi func_convert_file_check "$1" "$func_to_host_file_result" } @@ -1781,7 +3164,7 @@ func_convert_file_nix_to_cygwin () ############################################# # $build to $host PATH CONVERSION FUNCTIONS # ############################################# -# invoked via `$to_host_path_cmd ARG' +# invoked via '$to_host_path_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # The result will be available in $func_to_host_path_result. @@ -1805,10 +3188,11 @@ func_convert_file_nix_to_cygwin () to_host_path_cmd= func_init_to_host_path_cmd () { - $opt_debug + $debug_cmd + if test -z "$to_host_path_cmd"; then func_stripname 'func_convert_file_' '' "$to_host_file_cmd" - to_host_path_cmd="func_convert_path_${func_stripname_result}" + to_host_path_cmd=func_convert_path_$func_stripname_result fi } @@ -1818,7 +3202,8 @@ func_init_to_host_path_cmd () # in func_to_host_path_result. func_to_host_path () { - $opt_debug + $debug_cmd + func_init_to_host_path_cmd $to_host_path_cmd "$1" } @@ -1829,7 +3214,7 @@ func_to_host_path () # Copy ARG to func_to_host_path_result. func_convert_path_noop () { - func_to_host_path_result="$1" + func_to_host_path_result=$1 } # end func_convert_path_noop @@ -1840,8 +3225,9 @@ func_convert_path_noop () # func_to_host_path_result. func_convert_path_msys_to_w32 () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from ARG. MSYS # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; @@ -1849,7 +3235,7 @@ func_convert_path_msys_to_w32 () func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result="$func_convert_core_msys_to_w32_result" + func_to_host_path_result=$func_convert_core_msys_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" @@ -1863,8 +3249,9 @@ func_convert_path_msys_to_w32 () # func_to_host_file_result. func_convert_path_cygwin_to_w32 () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" @@ -1883,14 +3270,15 @@ func_convert_path_cygwin_to_w32 () # a working winepath. Returns result in func_to_host_file_result. func_convert_path_nix_to_w32 () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" - func_to_host_path_result="$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result=$func_convert_core_path_wine_to_w32_result func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" @@ -1904,15 +3292,16 @@ func_convert_path_nix_to_w32 () # Returns result in func_to_host_file_result. func_convert_path_msys_to_cygwin () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_msys_to_w32_result" - func_to_host_path_result="$func_cygpath_result" + func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" @@ -1927,8 +3316,9 @@ func_convert_path_msys_to_cygwin () # func_to_host_file_result. func_convert_path_nix_to_cygwin () { - $opt_debug - func_to_host_path_result="$1" + $debug_cmd + + func_to_host_path_result=$1 if test -n "$1"; then # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them @@ -1937,7 +3327,7 @@ func_convert_path_nix_to_cygwin () func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" - func_to_host_path_result="$func_cygpath_result" + func_to_host_path_result=$func_cygpath_result func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" @@ -1946,13 +3336,31 @@ func_convert_path_nix_to_cygwin () # end func_convert_path_nix_to_cygwin +# func_dll_def_p FILE +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with _LT_DLL_DEF_P in libtool.m4 +func_dll_def_p () +{ + $debug_cmd + + func_dll_def_p_tmp=`$SED -n \ + -e 's/^[ ]*//' \ + -e '/^\(;.*\)*$/d' \ + -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ + -e q \ + "$1"` + test DEF = "$func_dll_def_p_tmp" +} + + # func_mode_compile arg... func_mode_compile () { - $opt_debug + $debug_cmd + # Get the compilation command and the source file. base_compile= - srcfile="$nonopt" # always keep a non-empty value in "srcfile" + srcfile=$nonopt # always keep a non-empty value in "srcfile" suppress_opt=yes suppress_output= arg_mode=normal @@ -1965,12 +3373,12 @@ func_mode_compile () case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile - lastarg="$arg" + lastarg=$arg arg_mode=normal ;; target ) - libobj="$arg" + libobj=$arg arg_mode=normal continue ;; @@ -1980,7 +3388,7 @@ func_mode_compile () case $arg in -o) test -n "$libobj" && \ - func_fatal_error "you cannot specify \`-o' more than once" + func_fatal_error "you cannot specify '-o' more than once" arg_mode=target continue ;; @@ -2009,12 +3417,12 @@ func_mode_compile () func_stripname '-Wc,' '' "$arg" args=$func_stripname_result lastarg= - save_ifs="$IFS"; IFS=',' + save_ifs=$IFS; IFS=, for arg in $args; do - IFS="$save_ifs" + IFS=$save_ifs func_append_quoted lastarg "$arg" done - IFS="$save_ifs" + IFS=$save_ifs func_stripname ' ' '' "$lastarg" lastarg=$func_stripname_result @@ -2027,8 +3435,8 @@ func_mode_compile () # Accept the current argument as the source file. # The previous "srcfile" becomes the current argument. # - lastarg="$srcfile" - srcfile="$arg" + lastarg=$srcfile + srcfile=$arg ;; esac # case $arg ;; @@ -2043,13 +3451,13 @@ func_mode_compile () func_fatal_error "you must specify an argument for -Xcompile" ;; target) - func_fatal_error "you must specify a target with \`-o'" + func_fatal_error "you must specify a target with '-o'" ;; *) # Get the name of the library object. test -z "$libobj" && { func_basename "$srcfile" - libobj="$func_basename_result" + libobj=$func_basename_result } ;; esac @@ -2069,7 +3477,7 @@ func_mode_compile () case $libobj in *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; *) - func_fatal_error "cannot determine name of library object from \`$libobj'" + func_fatal_error "cannot determine name of library object from '$libobj'" ;; esac @@ -2078,8 +3486,8 @@ func_mode_compile () for arg in $later; do case $arg in -shared) - test "$build_libtool_libs" != yes && \ - func_fatal_configuration "can not build a shared library" + test yes = "$build_libtool_libs" \ + || func_fatal_configuration "cannot build a shared library" build_old_libs=no continue ;; @@ -2105,17 +3513,17 @@ func_mode_compile () func_quote_for_eval "$libobj" test "X$libobj" != "X$func_quote_for_eval_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ - && func_warning "libobj name \`$libobj' may not contain shell special characters." + && func_warning "libobj name '$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" - objname="$func_basename_result" - xdir="$func_dirname_result" - lobj=${xdir}$objdir/$objname + objname=$func_basename_result + xdir=$func_dirname_result + lobj=$xdir$objdir/$objname test -z "$base_compile" && \ func_fatal_help "you must specify a compilation command" # Delete any leftover library objects. - if test "$build_old_libs" = yes; then + if test yes = "$build_old_libs"; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" @@ -2127,16 +3535,16 @@ func_mode_compile () pic_mode=default ;; esac - if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then + if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c - if test "$compiler_c_o" = no; then - output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} - lockfile="$output_obj.lock" + if test no = "$compiler_c_o"; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext + lockfile=$output_obj.lock else output_obj= need_locks=no @@ -2145,12 +3553,12 @@ func_mode_compile () # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file - if test "$need_locks" = yes; then + if test yes = "$need_locks"; then until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done - elif test "$need_locks" = warn; then + elif test warn = "$need_locks"; then if test -f "$lockfile"; then $ECHO "\ *** ERROR, $lockfile exists and contains: @@ -2158,7 +3566,7 @@ func_mode_compile () This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you +your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." @@ -2180,11 +3588,11 @@ compiler." qsrcfile=$func_quote_for_eval_result # Only build a PIC object if we are building libtool libraries. - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile - if test "$pic_mode" != no; then + if test no != "$pic_mode"; then command="$base_compile $qsrcfile $pic_flag" else # Don't build PIC code @@ -2201,7 +3609,7 @@ compiler." func_show_eval_locale "$command" \ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' - if test "$need_locks" = warn && + if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: @@ -2212,7 +3620,7 @@ $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you +your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." @@ -2228,20 +3636,20 @@ compiler." fi # Allow error messages only from the first compilation. - if test "$suppress_opt" = yes; then + if test yes = "$suppress_opt"; then suppress_output=' >/dev/null 2>&1' fi fi # Only build a position-dependent object if we build old libraries. - if test "$build_old_libs" = yes; then - if test "$pic_mode" != yes; then + if test yes = "$build_old_libs"; then + if test yes != "$pic_mode"; then # Don't build PIC code command="$base_compile $qsrcfile$pie_flag" else command="$base_compile $qsrcfile $pic_flag" fi - if test "$compiler_c_o" = yes; then + if test yes = "$compiler_c_o"; then func_append command " -o $obj" fi @@ -2250,7 +3658,7 @@ compiler." func_show_eval_locale "$command" \ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' - if test "$need_locks" = warn && + if test warn = "$need_locks" && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: @@ -2261,7 +3669,7 @@ $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because -your compiler does not support \`-c' and \`-o' together. If you +your compiler does not support '-c' and '-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." @@ -2281,7 +3689,7 @@ compiler." func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" # Unlock the critical section if it was locked - if test "$need_locks" != no; then + if test no != "$need_locks"; then removelist=$lockfile $RM "$lockfile" fi @@ -2291,7 +3699,7 @@ compiler." } $opt_help || { - test "$opt_mode" = compile && func_mode_compile ${1+"$@"} + test compile = "$opt_mode" && func_mode_compile ${1+"$@"} } func_mode_help () @@ -2311,7 +3719,7 @@ func_mode_help () Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE -(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated @@ -2330,16 +3738,16 @@ This mode accepts the following additional options: -no-suppress do not suppress compiler output for multiple passes -prefer-pic try to build PIC objects only -prefer-non-pic try to build non-PIC objects only - -shared do not build a \`.o' file suitable for static linking - -static only build a \`.o' file suitable for static linking + -shared do not build a '.o' file suitable for static linking + -static only build a '.o' file suitable for static linking -Wc,FLAG pass FLAG directly to the compiler -COMPILE-COMMAND is a command to be used in creating a \`standard' object file +COMPILE-COMMAND is a command to be used in creating a 'standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from -SOURCEFILE, then substituting the C source code suffix \`.c' with the -library object suffix, \`.lo'." +SOURCEFILE, then substituting the C source code suffix '.c' with the +library object suffix, '.lo'." ;; execute) @@ -2352,7 +3760,7 @@ This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path -This mode sets the library path environment variable according to \`-dlopen' +This mode sets the library path environment variable according to '-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated @@ -2371,7 +3779,7 @@ Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use -the \`--dry-run' option if you just want to see what would be executed." +the '--dry-run' option if you just want to see what would be executed." ;; install) @@ -2381,7 +3789,7 @@ the \`--dry-run' option if you just want to see what would be executed." Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be -either the \`install' or \`cp' program. +either the 'install' or 'cp' program. The following components of INSTALL-COMMAND are treated specially: @@ -2407,7 +3815,7 @@ The following components of LINK-COMMAND are treated specially: -avoid-version do not add a version suffix if possible -bindir BINDIR specify path to binaries directory (for systems where libraries must be found in the PATH setting at runtime) - -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime + -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE @@ -2421,7 +3829,8 @@ The following components of LINK-COMMAND are treated specially: -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects - -objectlist FILE Use a list of object files found in FILE to specify objects + -objectlist FILE use a list of object files found in FILE to specify objects + -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information @@ -2441,20 +3850,20 @@ The following components of LINK-COMMAND are treated specially: -Xlinker FLAG pass linker-specific FLAG directly to the linker -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) -All other options (arguments beginning with \`-') are ignored. +All other options (arguments beginning with '-') are ignored. -Every other argument is treated as a filename. Files ending in \`.la' are +Every other argument is treated as a filename. Files ending in '.la' are treated as uninstalled libtool libraries, other files are standard or library object files. -If the OUTPUT-FILE ends in \`.la', then a libtool library is created, -only library objects (\`.lo' files) may be specified, and \`-rpath' is +If the OUTPUT-FILE ends in '.la', then a libtool library is created, +only library objects ('.lo' files) may be specified, and '-rpath' is required, except when creating a convenience library. -If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created -using \`ar' and \`ranlib', or on Windows using \`lib'. +If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created +using 'ar' and 'ranlib', or on Windows using 'lib'. -If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file +If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file is created, otherwise an executable program is created." ;; @@ -2465,7 +3874,7 @@ is created, otherwise an executable program is created." Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE -(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. @@ -2473,17 +3882,17 @@ Otherwise, only FILE itself is deleted using RM." ;; *) - func_fatal_help "invalid operation mode \`$opt_mode'" + func_fatal_help "invalid operation mode '$opt_mode'" ;; esac echo - $ECHO "Try \`$progname --help' for more information about other modes." + $ECHO "Try '$progname --help' for more information about other modes." } # Now that we've collected a possible --mode arg, show help if necessary if $opt_help; then - if test "$opt_help" = :; then + if test : = "$opt_help"; then func_mode_help else { @@ -2491,7 +3900,7 @@ if $opt_help; then for opt_mode in compile link execute install finish uninstall clean; do func_mode_help done - } | sed -n '1p; 2,$s/^Usage:/ or: /p' + } | $SED -n '1p; 2,$s/^Usage:/ or: /p' { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do @@ -2499,7 +3908,7 @@ if $opt_help; then func_mode_help done } | - sed '1d + $SED '1d /^When reporting/,/^Report/{ H d @@ -2516,16 +3925,17 @@ fi # func_mode_execute arg... func_mode_execute () { - $opt_debug + $debug_cmd + # The first argument is the command name. - cmd="$nonopt" + cmd=$nonopt test -z "$cmd" && \ func_fatal_help "you must specify a COMMAND" # Handle -dlopen flags immediately. for file in $opt_dlopen; do test -f "$file" \ - || func_fatal_help "\`$file' is not a file" + || func_fatal_help "'$file' is not a file" dir= case $file in @@ -2535,7 +3945,7 @@ func_mode_execute () # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ - || func_fatal_help "\`$lib' is not a valid libtool archive" + || func_fatal_help "'$lib' is not a valid libtool archive" # Read the libtool library. dlname= @@ -2546,18 +3956,18 @@ func_mode_execute () if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && \ - func_warning "\`$file' was not linked with \`-export-dynamic'" + func_warning "'$file' was not linked with '-export-dynamic'" continue fi func_dirname "$file" "" "." - dir="$func_dirname_result" + dir=$func_dirname_result if test -f "$dir/$objdir/$dlname"; then func_append dir "/$objdir" else if test ! -f "$dir/$dlname"; then - func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" + func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" fi fi ;; @@ -2565,18 +3975,18 @@ func_mode_execute () *.lo) # Just add the directory containing the .lo file. func_dirname "$file" "" "." - dir="$func_dirname_result" + dir=$func_dirname_result ;; *) - func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" + func_warning "'-dlopen' is ignored for non-libtool libraries and objects" continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` - test -n "$absdir" && dir="$absdir" + test -n "$absdir" && dir=$absdir # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then @@ -2588,7 +3998,7 @@ func_mode_execute () # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. - libtool_execute_magic="$magic" + libtool_execute_magic=$magic # Check if any of the arguments is a wrapper script. args= @@ -2601,12 +4011,12 @@ func_mode_execute () if func_ltwrapper_script_p "$file"; then func_source "$file" # Transform arg to wrapped name. - file="$progdir/$program" + file=$progdir/$program elif func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" func_source "$func_ltwrapper_scriptname_result" # Transform arg to wrapped name. - file="$progdir/$program" + file=$progdir/$program fi ;; esac @@ -2614,7 +4024,15 @@ func_mode_execute () func_append_quoted args "$file" done - if test "X$opt_dry_run" = Xfalse; then + if $opt_dry_run; then + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + else if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" @@ -2631,25 +4049,18 @@ func_mode_execute () done # Now prepare to actually exec the command. - exec_cmd="\$cmd$args" - else - # Display what would be done. - if test -n "$shlibpath_var"; then - eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" - echo "export $shlibpath_var" - fi - $ECHO "$cmd$args" - exit $EXIT_SUCCESS + exec_cmd=\$cmd$args fi } -test "$opt_mode" = execute && func_mode_execute ${1+"$@"} +test execute = "$opt_mode" && func_mode_execute ${1+"$@"} # func_mode_finish arg... func_mode_finish () { - $opt_debug + $debug_cmd + libs= libdirs= admincmds= @@ -2663,11 +4074,11 @@ func_mode_finish () if func_lalib_unsafe_p "$opt"; then func_append libs " $opt" else - func_warning "\`$opt' is not a valid libtool archive" + func_warning "'$opt' is not a valid libtool archive" fi else - func_fatal_error "invalid argument \`$opt'" + func_fatal_error "invalid argument '$opt'" fi done @@ -2682,12 +4093,12 @@ func_mode_finish () # Remove sysroot references if $opt_dry_run; then for lib in $libs; do - echo "removing references to $lt_sysroot and \`=' prefixes from $lib" + echo "removing references to $lt_sysroot and '=' prefixes from $lib" done else tmpdir=`func_mktempdir` for lib in $libs; do - sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ > $tmpdir/tmp-la mv -f $tmpdir/tmp-la $lib done @@ -2712,7 +4123,7 @@ func_mode_finish () fi # Exit here if they wanted silent mode. - $opt_silent && exit $EXIT_SUCCESS + $opt_quiet && exit $EXIT_SUCCESS if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then echo "----------------------------------------------------------------------" @@ -2723,27 +4134,27 @@ func_mode_finish () echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" - echo "specify the full pathname of the library, or use the \`-LLIBDIR'" + echo "specify the full pathname of the library, or use the '-LLIBDIR'" echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then - echo " - add LIBDIR to the \`$shlibpath_var' environment variable" + echo " - add LIBDIR to the '$shlibpath_var' environment variable" echo " during execution" fi if test -n "$runpath_var"; then - echo " - add LIBDIR to the \`$runpath_var' environment variable" + echo " - add LIBDIR to the '$runpath_var' environment variable" echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" - $ECHO " - use the \`$flag' linker flag" + $ECHO " - use the '$flag' linker flag" fi if test -n "$admincmds"; then $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then - echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" fi echo @@ -2762,18 +4173,20 @@ func_mode_finish () exit $EXIT_SUCCESS } -test "$opt_mode" = finish && func_mode_finish ${1+"$@"} +test finish = "$opt_mode" && func_mode_finish ${1+"$@"} # func_mode_install arg... func_mode_install () { - $opt_debug + $debug_cmd + # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). - if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || + if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || # Allow the use of GNU shtool's install command. - case $nonopt in *shtool*) :;; *) false;; esac; then + case $nonopt in *shtool*) :;; *) false;; esac + then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " @@ -2800,7 +4213,7 @@ func_mode_install () opts= prev= install_type= - isdir=no + isdir=false stripme= no_mode=: for arg @@ -2813,7 +4226,7 @@ func_mode_install () fi case $arg in - -d) isdir=yes ;; + -d) isdir=: ;; -f) if $install_cp; then :; else prev=$arg @@ -2831,7 +4244,7 @@ func_mode_install () *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then - if test "x$prev" = x-m && test -n "$install_override_mode"; then + if test X-m = "X$prev" && test -n "$install_override_mode"; then arg2=$install_override_mode no_mode=false fi @@ -2856,7 +4269,7 @@ func_mode_install () func_fatal_help "you must specify an install program" test -n "$prev" && \ - func_fatal_help "the \`$prev' option requires an argument" + func_fatal_help "the '$prev' option requires an argument" if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else @@ -2878,19 +4291,19 @@ func_mode_install () dest=$func_stripname_result # Check to see that the destination is a directory. - test -d "$dest" && isdir=yes - if test "$isdir" = yes; then - destdir="$dest" + test -d "$dest" && isdir=: + if $isdir; then + destdir=$dest destname= else func_dirname_and_basename "$dest" "" "." - destdir="$func_dirname_result" - destname="$func_basename_result" + destdir=$func_dirname_result + destname=$func_basename_result # Not a directory, so check to see that there is only one file specified. set dummy $files; shift test "$#" -gt 1 && \ - func_fatal_help "\`$dest' is not a directory" + func_fatal_help "'$dest' is not a directory" fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; @@ -2899,7 +4312,7 @@ func_mode_install () case $file in *.lo) ;; *) - func_fatal_help "\`$destdir' must be an absolute directory name" + func_fatal_help "'$destdir' must be an absolute directory name" ;; esac done @@ -2908,7 +4321,7 @@ func_mode_install () # This variable tells wrapper scripts just to set variables rather # than running their programs. - libtool_install_magic="$magic" + libtool_install_magic=$magic staticlibs= future_libdirs= @@ -2928,7 +4341,7 @@ func_mode_install () # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ - || func_fatal_help "\`$file' is not a valid libtool archive" + || func_fatal_help "'$file' is not a valid libtool archive" library_names= old_library= @@ -2950,7 +4363,7 @@ func_mode_install () fi func_dirname "$file" "/" "" - dir="$func_dirname_result" + dir=$func_dirname_result func_append dir "$objdir" if test -n "$relink_command"; then @@ -2964,7 +4377,7 @@ func_mode_install () # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. test "$inst_prefix_dir" = "$destdir" && \ - func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" + func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. @@ -2973,29 +4386,36 @@ func_mode_install () relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi - func_warning "relinking \`$file'" + func_warning "relinking '$file'" func_show_eval "$relink_command" \ - 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' + 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' fi # See the names of the shared library. set dummy $library_names; shift if test -n "$1"; then - realname="$1" + realname=$1 shift - srcname="$realname" - test -n "$relink_command" && srcname="$realname"T + srcname=$realname + test -n "$relink_command" && srcname=${realname}T # Install the shared library and build the symlinks. func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' - tstripme="$stripme" + tstripme=$stripme case $host_os in cygwin* | mingw* | pw32* | cegcc*) case $realname in *.dll.a) - tstripme="" + tstripme= + ;; + esac + ;; + os2*) + case $realname in + *_dll.a) + tstripme= ;; esac ;; @@ -3006,7 +4426,7 @@ func_mode_install () if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. - # Try `ln -sf' first, because the `ln' binary might depend on + # Try 'ln -sf' first, because the 'ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname @@ -3017,14 +4437,14 @@ func_mode_install () fi # Do each command in the postinstall commands. - lib="$destdir/$realname" + lib=$destdir/$realname func_execute_cmds "$postinstall_cmds" 'exit $?' fi # Install the pseudo-library for information purposes. func_basename "$file" - name="$func_basename_result" - instname="$dir/$name"i + name=$func_basename_result + instname=$dir/${name}i func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' # Maybe install the static library, too. @@ -3036,11 +4456,11 @@ func_mode_install () # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then - destfile="$destdir/$destname" + destfile=$destdir/$destname else func_basename "$file" - destfile="$func_basename_result" - destfile="$destdir/$destfile" + destfile=$func_basename_result + destfile=$destdir/$destfile fi # Deduce the name of the destination old-style object file. @@ -3050,11 +4470,11 @@ func_mode_install () staticdest=$func_lo2o_result ;; *.$objext) - staticdest="$destfile" + staticdest=$destfile destfile= ;; *) - func_fatal_help "cannot copy a libtool object to \`$destfile'" + func_fatal_help "cannot copy a libtool object to '$destfile'" ;; esac @@ -3063,7 +4483,7 @@ func_mode_install () func_show_eval "$install_prog $file $destfile" 'exit $?' # Install the old object if enabled. - if test "$build_old_libs" = yes; then + if test yes = "$build_old_libs"; then # Deduce the name of the old-style object file. func_lo2o "$file" staticobj=$func_lo2o_result @@ -3075,23 +4495,23 @@ func_mode_install () *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then - destfile="$destdir/$destname" + destfile=$destdir/$destname else func_basename "$file" - destfile="$func_basename_result" - destfile="$destdir/$destfile" + destfile=$func_basename_result + destfile=$destdir/$destfile fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install - stripped_ext="" + stripped_ext= case $file in *.exe) if test ! -f "$file"; then func_stripname '' '.exe' "$file" file=$func_stripname_result - stripped_ext=".exe" + stripped_ext=.exe fi ;; esac @@ -3119,19 +4539,19 @@ func_mode_install () # Check the variables that should have been set. test -z "$generated_by_libtool_version" && \ - func_fatal_error "invalid libtool wrapper script \`$wrapper'" + func_fatal_error "invalid libtool wrapper script '$wrapper'" - finalize=yes + finalize=: for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then func_source "$lib" fi - libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test + libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` if test -n "$libdir" && test ! -f "$libfile"; then - func_warning "\`$lib' has not been installed in \`$libdir'" - finalize=no + func_warning "'$lib' has not been installed in '$libdir'" + finalize=false fi done @@ -3139,29 +4559,29 @@ func_mode_install () func_source "$wrapper" outputname= - if test "$fast_install" = no && test -n "$relink_command"; then + if test no = "$fast_install" && test -n "$relink_command"; then $opt_dry_run || { - if test "$finalize" = yes; then + if $finalize; then tmpdir=`func_mktempdir` func_basename "$file$stripped_ext" - file="$func_basename_result" - outputname="$tmpdir/$file" + file=$func_basename_result + outputname=$tmpdir/$file # Replace the output file specification. relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` - $opt_silent || { + $opt_quiet || { func_quote_for_expand "$relink_command" eval "func_echo $func_quote_for_expand_result" } if eval "$relink_command"; then : else - func_error "error: relink \`$file' with the above command before installing it" + func_error "error: relink '$file' with the above command before installing it" $opt_dry_run || ${RM}r "$tmpdir" continue fi - file="$outputname" + file=$outputname else - func_warning "cannot relink \`$file'" + func_warning "cannot relink '$file'" fi } else @@ -3198,10 +4618,10 @@ func_mode_install () for file in $staticlibs; do func_basename "$file" - name="$func_basename_result" + name=$func_basename_result # Set up the ranlib parameters. - oldlib="$destdir/$name" + oldlib=$destdir/$name func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result @@ -3216,18 +4636,18 @@ func_mode_install () done test -n "$future_libdirs" && \ - func_warning "remember to run \`$progname --finish$future_libdirs'" + func_warning "remember to run '$progname --finish$future_libdirs'" if test -n "$current_libdirs"; then # Maybe just do a dry run. $opt_dry_run && current_libdirs=" -n$current_libdirs" - exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' + exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi } -test "$opt_mode" = install && func_mode_install ${1+"$@"} +test install = "$opt_mode" && func_mode_install ${1+"$@"} # func_generate_dlsyms outputname originator pic_p @@ -3235,16 +4655,17 @@ test "$opt_mode" = install && func_mode_install ${1+"$@"} # a dlpreopen symbol table. func_generate_dlsyms () { - $opt_debug - my_outputname="$1" - my_originator="$2" - my_pic_p="${3-no}" - my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` + $debug_cmd + + my_outputname=$1 + my_originator=$2 + my_pic_p=${3-false} + my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` my_dlsyms= - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then if test -n "$NM" && test -n "$global_symbol_pipe"; then - my_dlsyms="${my_outputname}S.c" + my_dlsyms=${my_outputname}S.c else func_error "not configured to extract global symbols from dlpreopened files" fi @@ -3255,7 +4676,7 @@ func_generate_dlsyms () "") ;; *.c) # Discover the nlist of each of the dlfiles. - nlist="$output_objdir/${my_outputname}.nm" + nlist=$output_objdir/$my_outputname.nm func_show_eval "$RM $nlist ${nlist}S ${nlist}T" @@ -3263,34 +4684,36 @@ func_generate_dlsyms () func_verbose "creating $output_objdir/$my_dlsyms" $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ -/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ -/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ +/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ #ifdef __cplusplus extern \"C\" { #endif -#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) #pragma GCC diagnostic ignored \"-Wstrict-prototypes\" #endif /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) -/* DATA imports from DLLs on WIN32 con't be const, because runtime +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST -#elif defined(__osf__) +#elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + /* External symbol declarations for the compiler. */\ " - if test "$dlself" = yes; then - func_verbose "generating symbol list for \`$output'" + if test yes = "$dlself"; then + func_verbose "generating symbol list for '$output'" $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" @@ -3298,7 +4721,7 @@ extern \"C\" { progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_to_tool_file "$progfile" func_convert_file_msys_to_w32 - func_verbose "extracting global C symbols from \`$func_to_tool_file_result'" + func_verbose "extracting global C symbols from '$func_to_tool_file_result'" $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" done @@ -3318,10 +4741,10 @@ extern \"C\" { # Prepare the list of exported symbols if test -z "$export_symbols"; then - export_symbols="$output_objdir/$outputname.exp" + export_symbols=$output_objdir/$outputname.exp $opt_dry_run || { $RM $export_symbols - eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' @@ -3331,7 +4754,7 @@ extern \"C\" { } else $opt_dry_run || { - eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in @@ -3345,22 +4768,22 @@ extern \"C\" { fi for dlprefile in $dlprefiles; do - func_verbose "extracting global C symbols from \`$dlprefile'" + func_verbose "extracting global C symbols from '$dlprefile'" func_basename "$dlprefile" - name="$func_basename_result" + name=$func_basename_result case $host in *cygwin* | *mingw* | *cegcc* ) # if an import library, we need to obtain dlname if func_win32_import_lib_p "$dlprefile"; then func_tr_sh "$dlprefile" eval "curr_lafile=\$libfile_$func_tr_sh_result" - dlprefile_dlbasename="" + dlprefile_dlbasename= if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then # Use subshell, to avoid clobbering current variable values dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` - if test -n "$dlprefile_dlname" ; then + if test -n "$dlprefile_dlname"; then func_basename "$dlprefile_dlname" - dlprefile_dlbasename="$func_basename_result" + dlprefile_dlbasename=$func_basename_result else # no lafile. user explicitly requested -dlpreopen . $sharedlib_from_linklib_cmd "$dlprefile" @@ -3368,7 +4791,7 @@ extern \"C\" { fi fi $opt_dry_run || { - if test -n "$dlprefile_dlbasename" ; then + if test -n "$dlprefile_dlbasename"; then eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' else func_warning "Could not compute DLL name from $name" @@ -3424,6 +4847,11 @@ extern \"C\" { echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi + func_show_eval '$RM "${nlist}I"' + if test -n "$global_symbol_to_import"; then + eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' + fi + echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ @@ -3432,11 +4860,30 @@ typedef struct { void *address; } lt_dlsymlist; extern LT_DLSYM_CONST lt_dlsymlist -lt_${my_prefix}_LTX_preloaded_symbols[]; +lt_${my_prefix}_LTX_preloaded_symbols[];\ +" + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ +static void lt_syminit(void) +{ + LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; + for (; symbol->name; ++symbol) + {" + $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" + echo >> "$output_objdir/$my_dlsyms" "\ + } +}" + fi + echo >> "$output_objdir/$my_dlsyms" "\ LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[] = -{\ - { \"$my_originator\", (void *) 0 }," +{ {\"$my_originator\", (void *) 0}," + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ + {\"@INIT@\", (void *) <_syminit}," + fi case $need_lib_prefix in no) @@ -3478,9 +4925,7 @@ static const void *lt_preloaded_setup() { *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; *) - if test "X$my_pic_p" != Xno; then - pic_flag_for_symtable=" $pic_flag" - fi + $my_pic_p && pic_flag_for_symtable=" $pic_flag" ;; esac ;; @@ -3497,10 +4942,10 @@ static const void *lt_preloaded_setup() { func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' # Clean up the generated files. - func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' # Transform the symbol file into the correct name. - symfileobj="$output_objdir/${my_outputname}S.$objext" + symfileobj=$output_objdir/${my_outputname}S.$objext case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then @@ -3518,7 +4963,7 @@ static const void *lt_preloaded_setup() { esac ;; *) - func_fatal_error "unknown suffix for \`$my_dlsyms'" + func_fatal_error "unknown suffix for '$my_dlsyms'" ;; esac else @@ -3532,6 +4977,32 @@ static const void *lt_preloaded_setup() { fi } +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + # func_win32_libid arg # return the library type of file 'arg' # @@ -3541,8 +5012,9 @@ static const void *lt_preloaded_setup() { # Despite the name, also deal with 64 bit binaries. func_win32_libid () { - $opt_debug - win32_libid_type="unknown" + $debug_cmd + + win32_libid_type=unknown win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import @@ -3552,16 +5024,29 @@ func_win32_libid () # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then - func_to_tool_file "$1" func_convert_file_msys_to_w32 - win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | - $SED -n -e ' + case $nm_interface in + "MS dumpbin") + if func_cygming_ms_implib_p "$1" || + func_cygming_gnu_implib_p "$1" + then + win32_nmres=import + else + win32_nmres= + fi + ;; + *) + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' 1,100{ / I /{ - s,.*,import, + s|.*|import| p q } }'` + ;; + esac case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; @@ -3593,7 +5078,8 @@ func_win32_libid () # $sharedlib_from_linklib_result func_cygming_dll_for_implib () { - $opt_debug + $debug_cmd + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` } @@ -3610,7 +5096,8 @@ func_cygming_dll_for_implib () # specified import library. func_cygming_dll_for_implib_fallback_core () { - $opt_debug + $debug_cmd + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` $OBJDUMP -s --section "$1" "$2" 2>/dev/null | $SED '/^Contents of section '"$match_literal"':/{ @@ -3646,8 +5133,8 @@ func_cygming_dll_for_implib_fallback_core () /./p' | # we now have a list, one entry per line, of the stringified # contents of the appropriate section of all members of the - # archive which possess that section. Heuristic: eliminate - # all those which have a first or second character that is + # archive that possess that section. Heuristic: eliminate + # all those that have a first or second character that is # a '.' (that is, objdump's representation of an unprintable # character.) This should work for all archives with less than # 0x302f exports -- but will fail for DLLs whose name actually @@ -3658,30 +5145,6 @@ func_cygming_dll_for_implib_fallback_core () $SED -e '/^\./d;/^.\./d;q' } -# func_cygming_gnu_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is a GNU/binutils-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_gnu_implib_p () -{ - $opt_debug - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` - test -n "$func_cygming_gnu_implib_tmp" -} - -# func_cygming_ms_implib_p ARG -# This predicate returns with zero status (TRUE) if -# ARG is an MS-style import library. Returns -# with nonzero status (FALSE) otherwise. -func_cygming_ms_implib_p () -{ - $opt_debug - func_to_tool_file "$1" func_convert_file_msys_to_w32 - func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` - test -n "$func_cygming_ms_implib_tmp" -} - # func_cygming_dll_for_implib_fallback ARG # Platform-specific function to extract the # name of the DLL associated with the specified @@ -3695,16 +5158,17 @@ func_cygming_ms_implib_p () # $sharedlib_from_linklib_result func_cygming_dll_for_implib_fallback () { - $opt_debug - if func_cygming_gnu_implib_p "$1" ; then + $debug_cmd + + if func_cygming_gnu_implib_p "$1"; then # binutils import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` - elif func_cygming_ms_implib_p "$1" ; then + elif func_cygming_ms_implib_p "$1"; then # ms-generated import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` else # unknown - sharedlib_from_linklib_result="" + sharedlib_from_linklib_result= fi } @@ -3712,10 +5176,11 @@ func_cygming_dll_for_implib_fallback () # func_extract_an_archive dir oldlib func_extract_an_archive () { - $opt_debug - f_ex_an_ar_dir="$1"; shift - f_ex_an_ar_oldlib="$1" - if test "$lock_old_archive_extraction" = yes; then + $debug_cmd + + f_ex_an_ar_dir=$1; shift + f_ex_an_ar_oldlib=$1 + if test yes = "$lock_old_archive_extraction"; then lockfile=$f_ex_an_ar_oldlib.lock until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" @@ -3724,7 +5189,7 @@ func_extract_an_archive () fi func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ 'stat=$?; rm -f "$lockfile"; exit $stat' - if test "$lock_old_archive_extraction" = yes; then + if test yes = "$lock_old_archive_extraction"; then $opt_dry_run || rm -f "$lockfile" fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then @@ -3738,22 +5203,23 @@ func_extract_an_archive () # func_extract_archives gentop oldlib ... func_extract_archives () { - $opt_debug - my_gentop="$1"; shift + $debug_cmd + + my_gentop=$1; shift my_oldlibs=${1+"$@"} - my_oldobjs="" - my_xlib="" - my_xabs="" - my_xdir="" + my_oldobjs= + my_xlib= + my_xabs= + my_xdir= for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in - [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; + [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac func_basename "$my_xlib" - my_xlib="$func_basename_result" + my_xlib=$func_basename_result my_xlib_u=$my_xlib while :; do case " $extracted_archives " in @@ -3765,7 +5231,7 @@ func_extract_archives () esac done extracted_archives="$extracted_archives $my_xlib_u" - my_xdir="$my_gentop/$my_xlib_u" + my_xdir=$my_gentop/$my_xlib_u func_mkdir_p "$my_xdir" @@ -3778,22 +5244,23 @@ func_extract_archives () cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` - darwin_base_archive=`basename "$darwin_archive"` + func_basename "$darwin_archive" + darwin_base_archive=$func_basename_result darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` if test -n "$darwin_arches"; then darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" - for darwin_arch in $darwin_arches ; do - func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" - $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" - cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" - func_extract_an_archive "`pwd`" "${darwin_base_archive}" + for darwin_arch in $darwin_arches; do + func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" + $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" + cd "unfat-$$/$darwin_base_archive-$darwin_arch" + func_extract_an_archive "`pwd`" "$darwin_base_archive" cd "$darwin_curdir" - $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" + $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) - darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do @@ -3815,7 +5282,7 @@ func_extract_archives () my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done - func_extract_archives_result="$my_oldobjs" + func_extract_archives_result=$my_oldobjs } @@ -3830,7 +5297,7 @@ func_extract_archives () # # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script -# will assume that the directory in which it is stored is +# will assume that the directory where it is stored is # the $objdir directory. This is a cygwin/mingw-specific # behavior. func_emit_wrapper () @@ -3841,7 +5308,7 @@ func_emit_wrapper () #! $SHELL # $output - temporary wrapper script for $objdir/$outputname -# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. @@ -3898,9 +5365,9 @@ _LTECHO_EOF' # Very basic option parsing. These options are (a) specific to # the libtool wrapper, (b) are identical between the wrapper -# /script/ and the wrapper /executable/ which is used only on +# /script/ and the wrapper /executable/ that is used only on # windows platforms, and (c) all begin with the string "--lt-" -# (application programs are unlikely to have options which match +# (application programs are unlikely to have options that match # this pattern). # # There are only two supported options: --lt-debug and @@ -3933,7 +5400,7 @@ func_parse_lt_options () # Print the debug banner immediately: if test -n \"\$lt_option_debug\"; then - echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 + echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 fi } @@ -3944,7 +5411,7 @@ func_lt_dump_args () lt_dump_args_N=1; for lt_arg do - \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" + \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` done } @@ -3958,7 +5425,7 @@ func_exec_program_core () *-*-mingw | *-*-os2* | *-cegcc*) $ECHO "\ if test -n \"\$lt_option_debug\"; then - \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} @@ -3968,7 +5435,7 @@ func_exec_program_core () *) $ECHO "\ if test -n \"\$lt_option_debug\"; then - \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir/\$program\" \${1+\"\$@\"} @@ -4043,13 +5510,13 @@ func_exec_program () test -n \"\$absdir\" && thisdir=\"\$absdir\" " - if test "$fast_install" = yes; then + if test yes = "$fast_install"; then $ECHO "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || - { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" @@ -4066,7 +5533,7 @@ func_exec_program () if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else - $ECHO \"\$relink_command_output\" >&2 + \$ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi @@ -4101,7 +5568,7 @@ func_exec_program () fi # Export our shlibpath_var if we have one. - if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $ECHO "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" @@ -4121,7 +5588,7 @@ func_exec_program () fi else # The program doesn't exist. - \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 @@ -4140,7 +5607,7 @@ func_emit_cwrapperexe_src () cat < #include +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + /* declarations of non-ANSI functions */ -#if defined(__MINGW32__) +#if defined __MINGW32__ # ifdef __STRICT_ANSI__ int _putenv (const char *); # endif -#elif defined(__CYGWIN__) +#elif defined __CYGWIN__ # ifdef __STRICT_ANSI__ char *realpath (const char *, char *); int putenv (char *); int setenv (const char *, const char *, int); # endif -/* #elif defined (other platforms) ... */ +/* #elif defined other_platform || defined ... */ #endif /* portability defines, excluding path handling macros */ -#if defined(_MSC_VER) +#if defined _MSC_VER # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv # define S_IXUSR _S_IEXEC -# ifndef _INTPTR_T_DEFINED -# define _INTPTR_T_DEFINED -# define intptr_t int -# endif -#elif defined(__MINGW32__) +#elif defined __MINGW32__ # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv -#elif defined(__CYGWIN__) +#elif defined __CYGWIN__ # define HAVE_SETENV # define FOPEN_WB "wb" -/* #elif defined (other platforms) ... */ +/* #elif defined other platforms ... */ #endif -#if defined(PATH_MAX) +#if defined PATH_MAX # define LT_PATHMAX PATH_MAX -#elif defined(MAXPATHLEN) +#elif defined MAXPATHLEN # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 @@ -4234,8 +5699,8 @@ int setenv (const char *, const char *, int); # define PATH_SEPARATOR ':' #endif -#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ - defined (__OS2__) +#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ + defined __OS2__ # define HAVE_DOS_BASED_FILE_SYSTEM # define FOPEN_WB "wb" # ifndef DIR_SEPARATOR_2 @@ -4268,10 +5733,10 @@ int setenv (const char *, const char *, int); #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ - if (stale) { free ((void *) stale); stale = 0; } \ + if (stale) { free (stale); stale = 0; } \ } while (0) -#if defined(LT_DEBUGWRAPPER) +#if defined LT_DEBUGWRAPPER static int lt_debug = 1; #else static int lt_debug = 0; @@ -4300,11 +5765,16 @@ void lt_dump_script (FILE *f); EOF cat < 0) && IS_PATH_SEPARATOR (new_value[len-1])) + size_t len = strlen (new_value); + while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) { - new_value[len-1] = '\0'; + new_value[--len] = '\0'; } lt_setenv (name, new_value); XFREE (new_value); @@ -5082,27 +6552,47 @@ EOF # True if ARG is an import lib, as indicated by $file_magic_cmd func_win32_import_lib_p () { - $opt_debug + $debug_cmd + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in *import*) : ;; *) false ;; esac } +# func_suncc_cstd_abi +# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! +# Several compiler flags select an ABI that is incompatible with the +# Cstd library. Avoid specifying it if any are in CXXFLAGS. +func_suncc_cstd_abi () +{ + $debug_cmd + + case " $compile_command " in + *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) + suncc_use_cstd_abi=no + ;; + *) + suncc_use_cstd_abi=yes + ;; + esac +} + # func_mode_link arg... func_mode_link () { - $opt_debug + $debug_cmd + case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out - # which system we are compiling for in order to pass an extra + # what system we are compiling for in order to pass an extra # flag for every libtool invocation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying - # to make a dll which has undefined symbols, in which case not + # to make a dll that has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. @@ -5146,10 +6636,11 @@ func_mode_link () module=no no_install=no objs= + os2dllname= non_pic_objects= precious_files_regex= prefer_static_libs=no - preload=no + preload=false prev= prevarg= release= @@ -5161,7 +6652,7 @@ func_mode_link () vinfo= vinfo_number=no weak_libs= - single_module="${wl}-single_module" + single_module=$wl-single_module func_infer_tag $base_compile # We need to know -static, to get the right output filenames. @@ -5169,15 +6660,15 @@ func_mode_link () do case $arg in -shared) - test "$build_libtool_libs" != yes && \ - func_fatal_configuration "can not build a shared library" + test yes != "$build_libtool_libs" \ + && func_fatal_configuration "cannot build a shared library" build_old_libs=no break ;; -all-static | -static | -static-libtool-libs) case $arg in -all-static) - if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then + if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then func_warning "complete static linking is impossible in this configuration" fi if test -n "$link_static_flag"; then @@ -5210,7 +6701,7 @@ func_mode_link () # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do - arg="$1" + arg=$1 shift func_quote_for_eval "$arg" qarg=$func_quote_for_eval_unquoted_result @@ -5227,21 +6718,21 @@ func_mode_link () case $prev in bindir) - bindir="$arg" + bindir=$arg prev= continue ;; dlfiles|dlprefiles) - if test "$preload" = no; then + $preload || { # Add the symbol object into the linking commands. func_append compile_command " @SYMFILE@" func_append finalize_command " @SYMFILE@" - preload=yes - fi + preload=: + } case $arg in *.la | *.lo) ;; # We handle these cases below. force) - if test "$dlself" = no; then + if test no = "$dlself"; then dlself=needless export_dynamic=yes fi @@ -5249,9 +6740,9 @@ func_mode_link () continue ;; self) - if test "$prev" = dlprefiles; then + if test dlprefiles = "$prev"; then dlself=yes - elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then + elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then dlself=yes else dlself=needless @@ -5261,7 +6752,7 @@ func_mode_link () continue ;; *) - if test "$prev" = dlfiles; then + if test dlfiles = "$prev"; then func_append dlfiles " $arg" else func_append dlprefiles " $arg" @@ -5272,14 +6763,14 @@ func_mode_link () esac ;; expsyms) - export_symbols="$arg" + export_symbols=$arg test -f "$arg" \ - || func_fatal_error "symbol file \`$arg' does not exist" + || func_fatal_error "symbol file '$arg' does not exist" prev= continue ;; expsyms_regex) - export_symbols_regex="$arg" + export_symbols_regex=$arg prev= continue ;; @@ -5297,7 +6788,13 @@ func_mode_link () continue ;; inst_prefix) - inst_prefix_dir="$arg" + inst_prefix_dir=$arg + prev= + continue + ;; + mllvm) + # Clang does not use LLVM to link, so we can simply discard any + # '-mllvm $arg' options when doing the link step. prev= continue ;; @@ -5321,21 +6818,21 @@ func_mode_link () if test -z "$pic_object" || test -z "$non_pic_object" || - test "$pic_object" = none && - test "$non_pic_object" = none; then - func_fatal_error "cannot find name of object for \`$arg'" + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result - if test "$pic_object" != none; then + if test none != "$pic_object"; then # Prepend the subdirectory the object is found in. - pic_object="$xdir$pic_object" + pic_object=$xdir$pic_object - if test "$prev" = dlfiles; then - if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue @@ -5346,7 +6843,7 @@ func_mode_link () fi # CHECK ME: I think I busted this. -Ossama - if test "$prev" = dlprefiles; then + if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= @@ -5354,23 +6851,23 @@ func_mode_link () # A PIC object. func_append libobjs " $pic_object" - arg="$pic_object" + arg=$pic_object fi # Non-PIC object. - if test "$non_pic_object" != none; then + if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. - non_pic_object="$xdir$non_pic_object" + non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test "$pic_object" = none ; then - arg="$non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. - non_pic_object="$pic_object" + non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else @@ -5378,7 +6875,7 @@ func_mode_link () if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result @@ -5386,24 +6883,29 @@ func_mode_link () func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else - func_fatal_error "\`$arg' is not a valid libtool object" + func_fatal_error "'$arg' is not a valid libtool object" fi fi done else - func_fatal_error "link input file \`$arg' does not exist" + func_fatal_error "link input file '$arg' does not exist" fi arg=$save_arg prev= continue ;; + os2dllname) + os2dllname=$arg + prev= + continue + ;; precious_regex) - precious_files_regex="$arg" + precious_files_regex=$arg prev= continue ;; release) - release="-$arg" + release=-$arg prev= continue ;; @@ -5415,7 +6917,7 @@ func_mode_link () func_fatal_error "only absolute run-paths are allowed" ;; esac - if test "$prev" = rpath; then + if test rpath = "$prev"; then case "$rpath " in *" $arg "*) ;; *) func_append rpath " $arg" ;; @@ -5430,7 +6932,7 @@ func_mode_link () continue ;; shrext) - shrext_cmds="$arg" + shrext_cmds=$arg prev= continue ;; @@ -5470,7 +6972,7 @@ func_mode_link () esac fi # test -n "$prev" - prevarg="$arg" + prevarg=$arg case $arg in -all-static) @@ -5484,7 +6986,7 @@ func_mode_link () -allow-undefined) # FIXME: remove this flag sometime in the future. - func_fatal_error "\`-allow-undefined' must not be used because it is the default" + func_fatal_error "'-allow-undefined' must not be used because it is the default" ;; -avoid-version) @@ -5516,7 +7018,7 @@ func_mode_link () if test -n "$export_symbols" || test -n "$export_symbols_regex"; then func_fatal_error "more than one -exported-symbols argument is not allowed" fi - if test "X$arg" = "X-export-symbols"; then + if test X-export-symbols = "X$arg"; then prev=expsyms else prev=expsyms_regex @@ -5550,9 +7052,9 @@ func_mode_link () func_stripname "-L" '' "$arg" if test -z "$func_stripname_result"; then if test "$#" -gt 0; then - func_fatal_error "require no space between \`-L' and \`$1'" + func_fatal_error "require no space between '-L' and '$1'" else - func_fatal_error "need path for \`-L' option" + func_fatal_error "need path for '-L' option" fi fi func_resolve_sysroot "$func_stripname_result" @@ -5563,8 +7065,8 @@ func_mode_link () *) absdir=`cd "$dir" && pwd` test -z "$absdir" && \ - func_fatal_error "cannot determine absolute directory name of \`$dir'" - dir="$absdir" + func_fatal_error "cannot determine absolute directory name of '$dir'" + dir=$absdir ;; esac case "$deplibs " in @@ -5599,7 +7101,7 @@ func_mode_link () ;; -l*) - if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then + if test X-lc = "X$arg" || test X-lm = "X$arg"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) @@ -5607,11 +7109,11 @@ func_mode_link () ;; *-*-os2*) # These systems don't actually have a C library (as such) - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc due to us having libc/libc_r. - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework @@ -5620,16 +7122,16 @@ func_mode_link () ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work - test "X$arg" = "X-lc" && continue + test X-lc = "X$arg" && continue ;; esac - elif test "X$arg" = "X-lc_r"; then + elif test X-lc_r = "X$arg"; then case $host in - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) # Do not include libc_r directly, use -pthread flag. continue ;; @@ -5639,6 +7141,11 @@ func_mode_link () continue ;; + -mllvm) + prev=mllvm + continue + ;; + -module) module=yes continue @@ -5668,7 +7175,7 @@ func_mode_link () ;; -multi_module) - single_module="${wl}-multi_module" + single_module=$wl-multi_module continue ;; @@ -5682,8 +7189,8 @@ func_mode_link () *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. - func_warning "\`-no-install' is ignored for $host" - func_warning "assuming \`-no-fast-install' instead" + func_warning "'-no-install' is ignored for $host" + func_warning "assuming '-no-fast-install' instead" fast_install=no ;; *) no_install=yes ;; @@ -5701,6 +7208,11 @@ func_mode_link () continue ;; + -os2dllname) + prev=os2dllname + continue + ;; + -o) prev=output ;; -precious-files-regex) @@ -5788,14 +7300,14 @@ func_mode_link () func_stripname '-Wc,' '' "$arg" args=$func_stripname_result arg= - save_ifs="$IFS"; IFS=',' + save_ifs=$IFS; IFS=, for flag in $args; do - IFS="$save_ifs" + IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $func_quote_for_eval_result" func_append compiler_flags " $func_quote_for_eval_result" done - IFS="$save_ifs" + IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; @@ -5804,15 +7316,15 @@ func_mode_link () func_stripname '-Wl,' '' "$arg" args=$func_stripname_result arg= - save_ifs="$IFS"; IFS=',' + save_ifs=$IFS; IFS=, for flag in $args; do - IFS="$save_ifs" + IFS=$save_ifs func_quote_for_eval "$flag" func_append arg " $wl$func_quote_for_eval_result" func_append compiler_flags " $wl$func_quote_for_eval_result" func_append linker_flags " $func_quote_for_eval_result" done - IFS="$save_ifs" + IFS=$save_ifs func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; @@ -5835,7 +7347,7 @@ func_mode_link () # -msg_* for osf cc -msg_*) func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result ;; # Flags to be passed through unchanged, with rationale: @@ -5847,25 +7359,52 @@ func_mode_link () # -m*, -t[45]*, -txscale* architecture-specific flags for GCC # -F/path path to uninstalled frameworks, gcc on darwin # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # -fstack-protector* stack protector flags for GCC # @file GCC response files # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support - # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -specs=* GCC specs files + # -stdlib=* select c++ std lib with clang + # -fsanitize=* Clang/GCC memory and address sanitizer + # -fuse-ld=* Linker select flags for GCC + # -static-* direct GCC to link specific libraries statically + # -fcilkplus Cilk Plus language extension features for C/C++ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ - -O*|-flto*|-fwhopr*|-fuse-linker-plugin) + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ + -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus) func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" continue ;; + -Z*) + if test os2 = "`expr $host : '.*\(os2\)'`"; then + # OS/2 uses -Zxxx to specify OS/2-specific options + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case $arg in + -Zlinker | -Zstack) + prev=xcompiler + ;; + esac + continue + else + # Otherwise treat like 'Some other compiler flag' below + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + fi + ;; + # Some other compiler flag. -* | +*) func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result ;; *.$objext) @@ -5886,21 +7425,21 @@ func_mode_link () if test -z "$pic_object" || test -z "$non_pic_object" || - test "$pic_object" = none && - test "$non_pic_object" = none; then - func_fatal_error "cannot find name of object for \`$arg'" + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result - if test "$pic_object" != none; then + test none = "$pic_object" || { # Prepend the subdirectory the object is found in. - pic_object="$xdir$pic_object" + pic_object=$xdir$pic_object - if test "$prev" = dlfiles; then - if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then func_append dlfiles " $pic_object" prev= continue @@ -5911,7 +7450,7 @@ func_mode_link () fi # CHECK ME: I think I busted this. -Ossama - if test "$prev" = dlprefiles; then + if test dlprefiles = "$prev"; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= @@ -5919,23 +7458,23 @@ func_mode_link () # A PIC object. func_append libobjs " $pic_object" - arg="$pic_object" - fi + arg=$pic_object + } # Non-PIC object. - if test "$non_pic_object" != none; then + if test none != "$non_pic_object"; then # Prepend the subdirectory the object is found in. - non_pic_object="$xdir$non_pic_object" + non_pic_object=$xdir$non_pic_object # A standard non-PIC object func_append non_pic_objects " $non_pic_object" - if test -z "$pic_object" || test "$pic_object" = none ; then - arg="$non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. - non_pic_object="$pic_object" + non_pic_object=$pic_object func_append non_pic_objects " $non_pic_object" fi else @@ -5943,7 +7482,7 @@ func_mode_link () if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" - xdir="$func_dirname_result" + xdir=$func_dirname_result func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result @@ -5951,7 +7490,7 @@ func_mode_link () func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else - func_fatal_error "\`$arg' is not a valid libtool object" + func_fatal_error "'$arg' is not a valid libtool object" fi fi ;; @@ -5967,11 +7506,11 @@ func_mode_link () # A libtool-controlled library. func_resolve_sysroot "$arg" - if test "$prev" = dlfiles; then + if test dlfiles = "$prev"; then # This library was specified with -dlopen. func_append dlfiles " $func_resolve_sysroot_result" prev= - elif test "$prev" = dlprefiles; then + elif test dlprefiles = "$prev"; then # The library was specified with -dlpreopen. func_append dlprefiles " $func_resolve_sysroot_result" prev= @@ -5986,7 +7525,7 @@ func_mode_link () # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. func_quote_for_eval "$arg" - arg="$func_quote_for_eval_result" + arg=$func_quote_for_eval_result ;; esac # arg @@ -5998,9 +7537,9 @@ func_mode_link () done # argument parsing loop test -n "$prev" && \ - func_fatal_help "the \`$prevarg' option requires an argument" + func_fatal_help "the '$prevarg' option requires an argument" - if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then + if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" func_append compile_command " $arg" func_append finalize_command " $arg" @@ -6009,20 +7548,23 @@ func_mode_link () oldlibs= # calculate the name of the file, without its directory func_basename "$output" - outputname="$func_basename_result" - libobjs_save="$libobjs" + outputname=$func_basename_result + libobjs_save=$libobjs if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var - eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` + eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + # Definition is injected by LT_CONFIG during libtool generation. + func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" + func_dirname "$output" "/" "" - output_objdir="$func_dirname_result$objdir" + output_objdir=$func_dirname_result$objdir func_to_tool_file "$output_objdir/" tool_output_objdir=$func_to_tool_file_result # Create the object directory. @@ -6045,7 +7587,7 @@ func_mode_link () # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac @@ -6053,7 +7595,7 @@ func_mode_link () func_append libs " $deplib" done - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps @@ -6085,7 +7627,7 @@ func_mode_link () case $file in *.la) ;; *) - func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" + func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" ;; esac done @@ -6093,7 +7635,7 @@ func_mode_link () prog) compile_deplibs= finalize_deplibs= - alldeplibs=no + alldeplibs=false newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" @@ -6105,32 +7647,32 @@ func_mode_link () for pass in $passes; do # The preopen pass in lib mode reverses $deplibs; put it back here # so that -L comes before libs that need it for instance... - if test "$linkmode,$pass" = "lib,link"; then + if test lib,link = "$linkmode,$pass"; then ## FIXME: Find the place where the list is rebuilt in the wrong ## order, and fix it there properly tmp_deplibs= for deplib in $deplibs; do tmp_deplibs="$deplib $tmp_deplibs" done - deplibs="$tmp_deplibs" + deplibs=$tmp_deplibs fi - if test "$linkmode,$pass" = "lib,link" || - test "$linkmode,$pass" = "prog,scan"; then - libs="$deplibs" + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass"; then + libs=$deplibs deplibs= fi - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then case $pass in - dlopen) libs="$dlfiles" ;; - dlpreopen) libs="$dlprefiles" ;; + dlopen) libs=$dlfiles ;; + dlpreopen) libs=$dlprefiles ;; link) libs="$deplibs %DEPLIBS%" test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" ;; esac fi - if test "$linkmode,$pass" = "lib,dlpreopen"; then + if test lib,dlpreopen = "$linkmode,$pass"; then # Collect and forward deplibs of preopened libtool libs for lib in $dlprefiles; do # Ignore non-libtool-libs @@ -6151,26 +7693,26 @@ func_mode_link () esac done done - libs="$dlprefiles" + libs=$dlprefiles fi - if test "$pass" = dlopen; then + if test dlopen = "$pass"; then # Collect dlpreopened libraries - save_deplibs="$deplibs" + save_deplibs=$deplibs deplibs= fi for deplib in $libs; do lib= - found=no + found=false case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append compiler_flags " $deplib" - if test "$linkmode" = lib ; then + if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; @@ -6180,13 +7722,13 @@ func_mode_link () continue ;; -l*) - if test "$linkmode" != lib && test "$linkmode" != prog; then - func_warning "\`-l' is ignored for archives/objects" + if test lib != "$linkmode" && test prog != "$linkmode"; then + func_warning "'-l' is ignored for archives/objects" continue fi func_stripname '-l' '' "$deplib" name=$func_stripname_result - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" @@ -6194,31 +7736,22 @@ func_mode_link () for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library - lib="$searchdir/lib${name}${search_ext}" + lib=$searchdir/lib$name$search_ext if test -f "$lib"; then - if test "$search_ext" = ".la"; then - found=yes + if test .la = "$search_ext"; then + found=: else - found=no + found=false fi break 2 fi done done - if test "$found" != yes; then - # deplib doesn't seem to be a libtool library - if test "$linkmode,$pass" = "prog,link"; then - compile_deplibs="$deplib $compile_deplibs" - finalize_deplibs="$deplib $finalize_deplibs" - else - deplibs="$deplib $deplibs" - test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" - fi - continue - else # deplib is a libtool library + if $found; then + # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $deplib "*) if func_lalib_p "$lib"; then @@ -6226,19 +7759,19 @@ func_mode_link () old_library= func_source "$lib" for l in $old_library $library_names; do - ll="$l" + ll=$l done - if test "X$ll" = "X$old_library" ; then # only static version available - found=no + if test "X$ll" = "X$old_library"; then # only static version available + found=false func_dirname "$lib" "" "." - ladir="$func_dirname_result" + ladir=$func_dirname_result lib=$ladir/$old_library - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" - test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" fi continue fi @@ -6247,15 +7780,25 @@ func_mode_link () *) ;; esac fi + else + # deplib doesn't seem to be a libtool library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue fi ;; # -l *.ltframework) - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" - if test "$linkmode" = lib ; then + if test lib = "$linkmode"; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; @@ -6268,18 +7811,18 @@ func_mode_link () case $linkmode in lib) deplibs="$deplib $deplibs" - test "$pass" = conv && continue + test conv = "$pass" && continue newdependency_libs="$deplib $newdependency_libs" func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; prog) - if test "$pass" = conv; then + if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi - if test "$pass" = scan; then + if test scan = "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" @@ -6290,13 +7833,13 @@ func_mode_link () func_append newlib_search_path " $func_resolve_sysroot_result" ;; *) - func_warning "\`-L' is ignored for archives/objects" + func_warning "'-L' is ignored for archives/objects" ;; esac # linkmode continue ;; # -L -R*) - if test "$pass" = link; then + if test link = "$pass"; then func_stripname '-R' '' "$deplib" func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result @@ -6314,7 +7857,7 @@ func_mode_link () lib=$func_resolve_sysroot_result ;; *.$libext) - if test "$pass" = conv; then + if test conv = "$pass"; then deplibs="$deplib $deplibs" continue fi @@ -6325,21 +7868,26 @@ func_mode_link () case " $dlpreconveniencelibs " in *" $deplib "*) ;; *) - valid_a_lib=no + valid_a_lib=false case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then - valid_a_lib=yes + valid_a_lib=: fi ;; pass_all) - valid_a_lib=yes + valid_a_lib=: ;; esac - if test "$valid_a_lib" != yes; then + if $valid_a_lib; then + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + else echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." echo "*** I have the capability to make that library automatically link in when" @@ -6347,18 +7895,13 @@ func_mode_link () echo "*** shared version of the library, which you do not appear to have" echo "*** because the file extensions .$libext of this argument makes me believe" echo "*** that it is just a static archive that I should not use here." - else - echo - $ECHO "*** Warning: Linking the shared library $output against the" - $ECHO "*** static library $deplib is not portable!" - deplibs="$deplib $deplibs" fi ;; esac continue ;; prog) - if test "$pass" != link; then + if test link != "$pass"; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" @@ -6369,10 +7912,10 @@ func_mode_link () esac # linkmode ;; # *.$libext *.lo | *.$objext) - if test "$pass" = conv; then + if test conv = "$pass"; then deplibs="$deplib $deplibs" - elif test "$linkmode" = prog; then - if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then + elif test prog = "$linkmode"; then + if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then # If there is no dlopen support or we're linking statically, # we need to preload. func_append newdlprefiles " $deplib" @@ -6385,22 +7928,20 @@ func_mode_link () continue ;; %DEPLIBS%) - alldeplibs=yes + alldeplibs=: continue ;; esac # case $deplib - if test "$found" = yes || test -f "$lib"; then : - else - func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" - fi + $found || test -f "$lib" \ + || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$lib" \ - || func_fatal_error "\`$lib' is not a valid libtool archive" + || func_fatal_error "'$lib' is not a valid libtool archive" func_dirname "$lib" "" "." - ladir="$func_dirname_result" + ladir=$func_dirname_result dlname= dlopen= @@ -6430,19 +7971,19 @@ func_mode_link () done fi dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` - if test "$linkmode,$pass" = "lib,link" || - test "$linkmode,$pass" = "prog,scan" || - { test "$linkmode" != prog && test "$linkmode" != lib; }; then + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass" || + { test prog != "$linkmode" && test lib != "$linkmode"; }; then test -n "$dlopen" && func_append dlfiles " $dlopen" test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" fi - if test "$pass" = conv; then + if test conv = "$pass"; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then - func_fatal_error "cannot find name of link library for \`$lib'" + func_fatal_error "cannot find name of link library for '$lib'" fi # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" @@ -6450,15 +7991,15 @@ func_mode_link () tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done - elif test "$linkmode" != prog && test "$linkmode" != lib; then - func_fatal_error "\`$lib' is not a convenience library" + elif test prog != "$linkmode" && test lib != "$linkmode"; then + func_fatal_error "'$lib' is not a convenience library" fi continue fi # $pass = conv @@ -6467,26 +8008,26 @@ func_mode_link () # Get the name of the library we link against. linklib= if test -n "$old_library" && - { test "$prefer_static_libs" = yes || - test "$prefer_static_libs,$installed" = "built,no"; }; then + { test yes = "$prefer_static_libs" || + test built,no = "$prefer_static_libs,$installed"; }; then linklib=$old_library else for l in $old_library $library_names; do - linklib="$l" + linklib=$l done fi if test -z "$linklib"; then - func_fatal_error "cannot find name of link library for \`$lib'" + func_fatal_error "cannot find name of link library for '$lib'" fi # This library was specified with -dlopen. - if test "$pass" = dlopen; then - if test -z "$libdir"; then - func_fatal_error "cannot -dlopen a convenience library: \`$lib'" - fi + if test dlopen = "$pass"; then + test -z "$libdir" \ + && func_fatal_error "cannot -dlopen a convenience library: '$lib'" if test -z "$dlname" || - test "$dlopen_support" != yes || - test "$build_libtool_libs" = no; then + test yes != "$dlopen_support" || + test no = "$build_libtool_libs" + then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't @@ -6500,40 +8041,40 @@ func_mode_link () # We need an absolute path. case $ladir in - [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then - func_warning "cannot determine absolute directory name of \`$ladir'" + func_warning "cannot determine absolute directory name of '$ladir'" func_warning "passing it literally to the linker, although it might fail" - abs_ladir="$ladir" + abs_ladir=$ladir fi ;; esac func_basename "$lib" - laname="$func_basename_result" + laname=$func_basename_result # Find the relevant object directory and library name. - if test "X$installed" = Xyes; then + if test yes = "$installed"; then if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then - func_warning "library \`$lib' was moved." - dir="$ladir" - absdir="$abs_ladir" - libdir="$abs_ladir" + func_warning "library '$lib' was moved." + dir=$ladir + absdir=$abs_ladir + libdir=$abs_ladir else - dir="$lt_sysroot$libdir" - absdir="$lt_sysroot$libdir" + dir=$lt_sysroot$libdir + absdir=$lt_sysroot$libdir fi - test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes + test yes = "$hardcode_automatic" && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then - dir="$ladir" - absdir="$abs_ladir" + dir=$ladir + absdir=$abs_ladir # Remove this search path later func_append notinst_path " $abs_ladir" else - dir="$ladir/$objdir" - absdir="$abs_ladir/$objdir" + dir=$ladir/$objdir + absdir=$abs_ladir/$objdir # Remove this search path later func_append notinst_path " $abs_ladir" fi @@ -6542,11 +8083,11 @@ func_mode_link () name=$func_stripname_result # This library was specified with -dlpreopen. - if test "$pass" = dlpreopen; then - if test -z "$libdir" && test "$linkmode" = prog; then - func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" + if test dlpreopen = "$pass"; then + if test -z "$libdir" && test prog = "$linkmode"; then + func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" fi - case "$host" in + case $host in # special handling for platforms with PE-DLLs. *cygwin* | *mingw* | *cegcc* ) # Linker will automatically link against shared library if both @@ -6590,9 +8131,9 @@ func_mode_link () if test -z "$libdir"; then # Link the convenience library - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then deplibs="$dir/$old_library $deplibs" - elif test "$linkmode,$pass" = "prog,link"; then + elif test prog,link = "$linkmode,$pass"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else @@ -6602,14 +8143,14 @@ func_mode_link () fi - if test "$linkmode" = prog && test "$pass" != link; then + if test prog = "$linkmode" && test link != "$pass"; then func_append newlib_search_path " $ladir" deplibs="$lib $deplibs" - linkalldeplibs=no - if test "$link_all_deplibs" != no || test -z "$library_names" || - test "$build_libtool_libs" = no; then - linkalldeplibs=yes + linkalldeplibs=false + if test no != "$link_all_deplibs" || test -z "$library_names" || + test no = "$build_libtool_libs"; then + linkalldeplibs=: fi tmp_libs= @@ -6621,14 +8162,14 @@ func_mode_link () ;; esac # Need to link against all dependency_libs? - if test "$linkalldeplibs" = yes; then + if $linkalldeplibs; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac @@ -6638,15 +8179,15 @@ func_mode_link () continue fi # $linkmode = prog... - if test "$linkmode,$pass" = "prog,link"; then + if test prog,link = "$linkmode,$pass"; then if test -n "$library_names" && - { { test "$prefer_static_libs" = no || - test "$prefer_static_libs,$installed" = "built,yes"; } || + { { test no = "$prefer_static_libs" || + test built,yes = "$prefer_static_libs,$installed"; } || test -z "$old_library"; }; then # We need to hardcode the library path - if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then + if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then # Make sure the rpath contains only unique directories. - case "$temp_rpath:" in + case $temp_rpath: in *"$absdir:"*) ;; *) func_append temp_rpath "$absdir:" ;; esac @@ -6675,9 +8216,9 @@ func_mode_link () esac fi # $linkmode,$pass = prog,link... - if test "$alldeplibs" = yes && - { test "$deplibs_check_method" = pass_all || - { test "$build_libtool_libs" = yes && + if $alldeplibs && + { test pass_all = "$deplibs_check_method" || + { test yes = "$build_libtool_libs" && test -n "$library_names"; }; }; then # We only need to search for static libraries continue @@ -6686,19 +8227,19 @@ func_mode_link () link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs - if test "$use_static_libs" = built && test "$installed" = yes; then + if test built = "$use_static_libs" && test yes = "$installed"; then use_static_libs=no fi if test -n "$library_names" && - { test "$use_static_libs" = no || test -z "$old_library"; }; then + { test no = "$use_static_libs" || test -z "$old_library"; }; then case $host in - *cygwin* | *mingw* | *cegcc*) + *cygwin* | *mingw* | *cegcc* | *os2*) # No point in relinking DLLs because paths are not encoded func_append notinst_deplibs " $lib" need_relink=no ;; *) - if test "$installed" = no; then + if test no = "$installed"; then func_append notinst_deplibs " $lib" need_relink=yes fi @@ -6708,24 +8249,24 @@ func_mode_link () # Warn about portability, can't link against -module's on some # systems (darwin). Don't bleat about dlopened modules though! - dlopenmodule="" + dlopenmodule= for dlpremoduletest in $dlprefiles; do if test "X$dlpremoduletest" = "X$lib"; then - dlopenmodule="$dlpremoduletest" + dlopenmodule=$dlpremoduletest break fi done - if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then + if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then echo - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else $ECHO "*** Warning: Linking the shared library $output against the loadable module" fi $ECHO "*** $linklib is not portable!" fi - if test "$linkmode" = lib && - test "$hardcode_into_libs" = yes; then + if test lib = "$linkmode" && + test yes = "$hardcode_into_libs"; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. @@ -6753,43 +8294,43 @@ func_mode_link () # figure out the soname set dummy $library_names shift - realname="$1" + realname=$1 shift libname=`eval "\\$ECHO \"$libname_spec\""` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then - soname="$dlname" + soname=$dlname elif test -n "$soname_spec"; then # bleh windows case $host in - *cygwin* | mingw* | *cegcc*) + *cygwin* | mingw* | *cegcc* | *os2*) func_arith $current - $age major=$func_arith_result - versuffix="-$major" + versuffix=-$major ;; esac eval soname=\"$soname_spec\" else - soname="$realname" + soname=$realname fi # Make a new name for the extract_expsyms_cmds to use - soroot="$soname" + soroot=$soname func_basename "$soroot" - soname="$func_basename_result" + soname=$func_basename_result func_stripname 'lib' '.dll' "$soname" newlib=libimp-$func_stripname_result.a # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else - func_verbose "extracting exported symbol list from \`$soname'" + func_verbose "extracting exported symbol list from '$soname'" func_execute_cmds "$extract_expsyms_cmds" 'exit $?' fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else - func_verbose "generating import library for \`$soname'" + func_verbose "generating import library for '$soname'" func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' fi # make sure the library variables are pointing to the new library @@ -6797,58 +8338,58 @@ func_mode_link () linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" - if test "$linkmode" = prog || test "$opt_mode" != relink; then + if test prog = "$linkmode" || test relink != "$opt_mode"; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) - if test "$hardcode_direct" = no; then - add="$dir/$linklib" + if test no = "$hardcode_direct"; then + add=$dir/$linklib case $host in - *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; - *-*-sysv4*uw2*) add_dir="-L$dir" ;; + *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; + *-*-sysv4*uw2*) add_dir=-L$dir ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ - *-*-unixware7*) add_dir="-L$dir" ;; + *-*-unixware7*) add_dir=-L$dir ;; *-*-darwin* ) - # if the lib is a (non-dlopened) module then we can not + # if the lib is a (non-dlopened) module then we cannot # link against it, someone is ignoring the earlier warnings if /usr/bin/file -L $add 2> /dev/null | - $GREP ": [^:]* bundle" >/dev/null ; then + $GREP ": [^:]* bundle" >/dev/null; then if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" - if test -z "$old_library" ; then + if test -z "$old_library"; then echo echo "*** And there doesn't seem to be a static archive available" echo "*** The link will probably fail, sorry" else - add="$dir/$old_library" + add=$dir/$old_library fi elif test -n "$old_library"; then - add="$dir/$old_library" + add=$dir/$old_library fi fi esac - elif test "$hardcode_minus_L" = no; then + elif test no = "$hardcode_minus_L"; then case $host in - *-*-sunos*) add_shlibpath="$dir" ;; + *-*-sunos*) add_shlibpath=$dir ;; esac - add_dir="-L$dir" - add="-l$name" - elif test "$hardcode_shlibpath_var" = no; then - add_shlibpath="$dir" - add="-l$name" + add_dir=-L$dir + add=-l$name + elif test no = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name else lib_linked=no fi ;; relink) - if test "$hardcode_direct" = yes && - test "$hardcode_direct_absolute" = no; then - add="$dir/$linklib" - elif test "$hardcode_minus_L" = yes; then - add_dir="-L$absdir" + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$dir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$absdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -6857,10 +8398,10 @@ func_mode_link () ;; esac fi - add="-l$name" - elif test "$hardcode_shlibpath_var" = yes; then - add_shlibpath="$dir" - add="-l$name" + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name else lib_linked=no fi @@ -6868,7 +8409,7 @@ func_mode_link () *) lib_linked=no ;; esac - if test "$lib_linked" != yes; then + if test yes != "$lib_linked"; then func_fatal_configuration "unsupported hardcode properties" fi @@ -6878,15 +8419,15 @@ func_mode_link () *) func_append compile_shlibpath "$add_shlibpath:" ;; esac fi - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" - if test "$hardcode_direct" != yes && - test "$hardcode_minus_L" != yes && - test "$hardcode_shlibpath_var" = yes; then + if test yes != "$hardcode_direct" && + test yes != "$hardcode_minus_L" && + test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; @@ -6895,33 +8436,33 @@ func_mode_link () fi fi - if test "$linkmode" = prog || test "$opt_mode" = relink; then + if test prog = "$linkmode" || test relink = "$opt_mode"; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. - if test "$hardcode_direct" = yes && - test "$hardcode_direct_absolute" = no; then - add="$libdir/$linklib" - elif test "$hardcode_minus_L" = yes; then - add_dir="-L$libdir" - add="-l$name" - elif test "$hardcode_shlibpath_var" = yes; then + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$libdir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$libdir + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac - add="-l$name" - elif test "$hardcode_automatic" = yes; then + add=-l$name + elif test yes = "$hardcode_automatic"; then if test -n "$inst_prefix_dir" && - test -f "$inst_prefix_dir$libdir/$linklib" ; then - add="$inst_prefix_dir$libdir/$linklib" + test -f "$inst_prefix_dir$libdir/$linklib"; then + add=$inst_prefix_dir$libdir/$linklib else - add="$libdir/$linklib" + add=$libdir/$linklib fi else # We cannot seem to hardcode it, guess we'll fake it. - add_dir="-L$libdir" + add_dir=-L$libdir # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -6930,10 +8471,10 @@ func_mode_link () ;; esac fi - add="-l$name" + add=-l$name fi - if test "$linkmode" = prog; then + if test prog = "$linkmode"; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else @@ -6941,43 +8482,43 @@ func_mode_link () test -n "$add" && deplibs="$add $deplibs" fi fi - elif test "$linkmode" = prog; then + elif test prog = "$linkmode"; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. - if test "$hardcode_direct" != unsupported; then - test -n "$old_library" && linklib="$old_library" + if test unsupported != "$hardcode_direct"; then + test -n "$old_library" && linklib=$old_library compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi - elif test "$build_libtool_libs" = yes; then + elif test yes = "$build_libtool_libs"; then # Not a shared library - if test "$deplibs_check_method" != pass_all; then + if test pass_all != "$deplibs_check_method"; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. echo - $ECHO "*** Warning: This system can not link to static lib archive $lib." + $ECHO "*** Warning: This system cannot link to static lib archive $lib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have." - if test "$module" = yes; then + if test yes = "$module"; then echo "*** But as you try to build a module library, libtool will still create " echo "*** a static module, that should work as long as the dlopening application" echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." - echo "*** \`nm' from GNU binutils and a full rebuild may help." + echo "*** 'nm' from GNU binutils and a full rebuild may help." fi - if test "$build_old_libs" = no; then + if test no = "$build_old_libs"; then build_libtool_libs=module build_old_libs=yes else @@ -6990,11 +8531,11 @@ func_mode_link () fi fi # link shared/static library? - if test "$linkmode" = lib; then + if test lib = "$linkmode"; then if test -n "$dependency_libs" && - { test "$hardcode_into_libs" != yes || - test "$build_old_libs" = yes || - test "$link_static" = yes; }; then + { test yes != "$hardcode_into_libs" || + test yes = "$build_old_libs" || + test yes = "$link_static"; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do @@ -7008,12 +8549,12 @@ func_mode_link () *) func_append temp_deplibs " $libdir";; esac done - dependency_libs="$temp_deplibs" + dependency_libs=$temp_deplibs fi func_append newlib_search_path " $absdir" # Link against this library - test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do @@ -7023,7 +8564,7 @@ func_mode_link () func_resolve_sysroot "$func_stripname_result";; *) func_resolve_sysroot "$deplib" ;; esac - if $opt_preserve_dup_deps ; then + if $opt_preserve_dup_deps; then case "$tmp_libs " in *" $func_resolve_sysroot_result "*) func_append specialdeplibs " $func_resolve_sysroot_result" ;; @@ -7032,12 +8573,12 @@ func_mode_link () func_append tmp_libs " $func_resolve_sysroot_result" done - if test "$link_all_deplibs" != no; then + if test no != "$link_all_deplibs"; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do path= case $deplib in - -L*) path="$deplib" ;; + -L*) path=$deplib ;; *.la) func_resolve_sysroot "$deplib" deplib=$func_resolve_sysroot_result @@ -7045,12 +8586,12 @@ func_mode_link () dir=$func_dirname_result # We need an absolute path. case $dir in - [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; + [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then - func_warning "cannot determine absolute directory name of \`$dir'" - absdir="$dir" + func_warning "cannot determine absolute directory name of '$dir'" + absdir=$dir fi ;; esac @@ -7058,35 +8599,35 @@ func_mode_link () case $host in *-*-darwin*) depdepl= - eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` - if test -n "$deplibrary_names" ; then - for tmp in $deplibrary_names ; do + eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names"; then + for tmp in $deplibrary_names; do depdepl=$tmp done - if test -f "$absdir/$objdir/$depdepl" ; then - depdepl="$absdir/$objdir/$depdepl" - darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -f "$absdir/$objdir/$depdepl"; then + depdepl=$absdir/$objdir/$depdepl + darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` if test -z "$darwin_install_name"; then - darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` fi - func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" - func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}" + func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" + func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" path= fi fi ;; *) - path="-L$absdir/$objdir" + path=-L$absdir/$objdir ;; esac else - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ - func_fatal_error "\`$deplib' is not a valid libtool archive" + func_fatal_error "'$deplib' is not a valid libtool archive" test "$absdir" != "$libdir" && \ - func_warning "\`$deplib' seems to be moved" + func_warning "'$deplib' seems to be moved" - path="-L$absdir" + path=-L$absdir fi ;; esac @@ -7098,23 +8639,23 @@ func_mode_link () fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs - if test "$pass" = link; then - if test "$linkmode" = "prog"; then + if test link = "$pass"; then + if test prog = "$linkmode"; then compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi - dependency_libs="$newdependency_libs" - if test "$pass" = dlpreopen; then + dependency_libs=$newdependency_libs + if test dlpreopen = "$pass"; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi - if test "$pass" != dlopen; then - if test "$pass" != conv; then + if test dlopen != "$pass"; then + test conv = "$pass" || { # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do @@ -7124,12 +8665,12 @@ func_mode_link () esac done newlib_search_path= - fi + } - if test "$linkmode,$pass" != "prog,link"; then - vars="deplibs" - else + if test prog,link = "$linkmode,$pass"; then vars="compile_deplibs finalize_deplibs" + else + vars=deplibs fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order @@ -7187,62 +8728,93 @@ func_mode_link () eval $var=\"$tmp_libs\" done # for var fi + + # Add Sun CC postdeps if required: + test CXX = "$tagname" && { + case $host_os in + linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= - for i in $dependency_libs ; do + for i in $dependency_libs; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) - i="" + i= ;; esac - if test -n "$i" ; then + if test -n "$i"; then func_append tmp_libs " $i" fi done dependency_libs=$tmp_libs done # for pass - if test "$linkmode" = prog; then - dlfiles="$newdlfiles" + if test prog = "$linkmode"; then + dlfiles=$newdlfiles fi - if test "$linkmode" = prog || test "$linkmode" = lib; then - dlprefiles="$newdlprefiles" + if test prog = "$linkmode" || test lib = "$linkmode"; then + dlprefiles=$newdlprefiles fi case $linkmode in oldlib) - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then - func_warning "\`-dlopen' is ignored for archives" + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for archives" fi case " $deplibs" in *\ -l* | *\ -L*) - func_warning "\`-l' and \`-L' are ignored for archives" ;; + func_warning "'-l' and '-L' are ignored for archives" ;; esac test -n "$rpath" && \ - func_warning "\`-rpath' is ignored for archives" + func_warning "'-rpath' is ignored for archives" test -n "$xrpath" && \ - func_warning "\`-R' is ignored for archives" + func_warning "'-R' is ignored for archives" test -n "$vinfo" && \ - func_warning "\`-version-info/-version-number' is ignored for archives" + func_warning "'-version-info/-version-number' is ignored for archives" test -n "$release" && \ - func_warning "\`-release' is ignored for archives" + func_warning "'-release' is ignored for archives" test -n "$export_symbols$export_symbols_regex" && \ - func_warning "\`-export-symbols' is ignored for archives" + func_warning "'-export-symbols' is ignored for archives" # Now set the variables for building old libraries. build_libtool_libs=no - oldlibs="$output" + oldlibs=$output func_append objs "$old_deplibs" ;; lib) - # Make sure we only generate libraries of the form `libNAME.la'. + # Make sure we only generate libraries of the form 'libNAME.la'. case $outputname in lib*) func_stripname 'lib' '.la' "$outputname" @@ -7251,10 +8823,10 @@ func_mode_link () eval libname=\"$libname_spec\" ;; *) - test "$module" = no && \ - func_fatal_help "libtool library \`$output' must begin with \`lib'" + test no = "$module" \ + && func_fatal_help "libtool library '$output' must begin with 'lib'" - if test "$need_lib_prefix" != no; then + if test no != "$need_lib_prefix"; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" name=$func_stripname_result @@ -7268,8 +8840,8 @@ func_mode_link () esac if test -n "$objs"; then - if test "$deplibs_check_method" != pass_all; then - func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" + if test pass_all != "$deplibs_check_method"; then + func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" else echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" @@ -7278,21 +8850,21 @@ func_mode_link () fi fi - test "$dlself" != no && \ - func_warning "\`-dlopen self' is ignored for libtool libraries" + test no = "$dlself" \ + || func_warning "'-dlopen self' is ignored for libtool libraries" set dummy $rpath shift - test "$#" -gt 1 && \ - func_warning "ignoring multiple \`-rpath's for a libtool library" + test 1 -lt "$#" \ + && func_warning "ignoring multiple '-rpath's for a libtool library" - install_libdir="$1" + install_libdir=$1 oldlibs= if test -z "$rpath"; then - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then # Building a libtool convenience library. - # Some compilers have problems with a `.al' extension so + # Some compilers have problems with a '.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" @@ -7301,20 +8873,20 @@ func_mode_link () fi test -n "$vinfo" && \ - func_warning "\`-version-info/-version-number' is ignored for convenience libraries" + func_warning "'-version-info/-version-number' is ignored for convenience libraries" test -n "$release" && \ - func_warning "\`-release' is ignored for convenience libraries" + func_warning "'-release' is ignored for convenience libraries" else # Parse the version information argument. - save_ifs="$IFS"; IFS=':' + save_ifs=$IFS; IFS=: set dummy $vinfo 0 0 0 shift - IFS="$save_ifs" + IFS=$save_ifs test -n "$7" && \ - func_fatal_help "too many parameters to \`-version-info'" + func_fatal_help "too many parameters to '-version-info'" # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts @@ -7322,45 +8894,45 @@ func_mode_link () case $vinfo_number in yes) - number_major="$1" - number_minor="$2" - number_revision="$3" + number_major=$1 + number_minor=$2 + number_revision=$3 # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix - # which has an extra 1 added just for fun + # that has an extra 1 added just for fun # case $version_type in # correct linux to gnu/linux during the next big refactor - darwin|linux|osf|windows|none) + darwin|freebsd-elf|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result - age="$number_minor" - revision="$number_revision" + age=$number_minor + revision=$number_revision ;; - freebsd-aout|freebsd-elf|qnx|sunos) - current="$number_major" - revision="$number_minor" - age="0" + freebsd-aout|qnx|sunos) + current=$number_major + revision=$number_minor + age=0 ;; irix|nonstopux) func_arith $number_major + $number_minor current=$func_arith_result - age="$number_minor" - revision="$number_minor" + age=$number_minor + revision=$number_minor lt_irix_increment=no ;; *) - func_fatal_configuration "$modename: unknown library version type \`$version_type'" + func_fatal_configuration "$modename: unknown library version type '$version_type'" ;; esac ;; no) - current="$1" - revision="$2" - age="$3" + current=$1 + revision=$2 + age=$3 ;; esac @@ -7368,30 +8940,30 @@ func_mode_link () case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) - func_error "CURRENT \`$current' must be a nonnegative integer" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "CURRENT '$current' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) - func_error "REVISION \`$revision' must be a nonnegative integer" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "REVISION '$revision' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) - func_error "AGE \`$age' must be a nonnegative integer" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "AGE '$age' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" ;; esac if test "$age" -gt "$current"; then - func_error "AGE \`$age' is greater than the current interface number \`$current'" - func_fatal_error "\`$vinfo' is not valid version information" + func_error "AGE '$age' is greater than the current interface number '$current'" + func_fatal_error "'$vinfo' is not valid version information" fi # Calculate the version variables. @@ -7406,26 +8978,36 @@ func_mode_link () # verstring for coding it into the library header func_arith $current - $age major=.$func_arith_result - versuffix="$major.$age.$revision" + versuffix=$major.$age.$revision # Darwin ld doesn't like 0 for these options... func_arith $current + 1 minor_current=$func_arith_result - xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" + xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + # On Darwin other compilers + case $CC in + nagfor*) + verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + ;; + *) + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + esac ;; freebsd-aout) - major=".$current" - versuffix=".$current.$revision"; + major=.$current + versuffix=.$current.$revision ;; freebsd-elf) - major=".$current" - versuffix=".$current" + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision ;; irix | nonstopux) - if test "X$lt_irix_increment" = "Xno"; then + if test no = "$lt_irix_increment"; then func_arith $current - $age else func_arith $current - $age + 1 @@ -7436,69 +9018,74 @@ func_mode_link () nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac - verstring="$verstring_prefix$major.$revision" + verstring=$verstring_prefix$major.$revision # Add in all the interfaces that we are compatible with. loop=$revision - while test "$loop" -ne 0; do + while test 0 -ne "$loop"; do func_arith $revision - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result - verstring="$verstring_prefix$major.$iface:$verstring" + verstring=$verstring_prefix$major.$iface:$verstring done - # Before this point, $major must not contain `.'. + # Before this point, $major must not contain '.'. major=.$major - versuffix="$major.$revision" + versuffix=$major.$revision ;; linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result - versuffix="$major.$age.$revision" + versuffix=$major.$age.$revision ;; osf) func_arith $current - $age major=.$func_arith_result - versuffix=".$current.$age.$revision" - verstring="$current.$age.$revision" + versuffix=.$current.$age.$revision + verstring=$current.$age.$revision # Add in all the interfaces that we are compatible with. loop=$age - while test "$loop" -ne 0; do + while test 0 -ne "$loop"; do func_arith $current - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result - verstring="$verstring:${iface}.0" + verstring=$verstring:$iface.0 done # Make executables depend on our current version. - func_append verstring ":${current}.0" + func_append verstring ":$current.0" ;; qnx) - major=".$current" - versuffix=".$current" + major=.$current + versuffix=.$current + ;; + + sco) + major=.$current + versuffix=.$current ;; sunos) - major=".$current" - versuffix=".$current.$revision" + major=.$current + versuffix=.$current.$revision ;; windows) # Use '-' rather than '.', since we only want one - # extension on DOS 8.3 filesystems. + # extension on DOS 8.3 file systems. func_arith $current - $age major=$func_arith_result - versuffix="-$major" + versuffix=-$major ;; *) - func_fatal_configuration "unknown library version type \`$version_type'" + func_fatal_configuration "unknown library version type '$version_type'" ;; esac @@ -7512,42 +9099,45 @@ func_mode_link () verstring= ;; *) - verstring="0.0" + verstring=0.0 ;; esac - if test "$need_version" = no; then + if test no = "$need_version"; then versuffix= else - versuffix=".0.0" + versuffix=.0.0 fi fi # Remove version info from name if versioning should be avoided - if test "$avoid_version" = yes && test "$need_version" = no; then + if test yes,no = "$avoid_version,$need_version"; then major= versuffix= - verstring="" + verstring= fi # Check to see if the archive will have undefined symbols. - if test "$allow_undefined" = yes; then - if test "$allow_undefined_flag" = unsupported; then - func_warning "undefined symbols not allowed in $host shared libraries" - build_libtool_libs=no - build_old_libs=yes + if test yes = "$allow_undefined"; then + if test unsupported = "$allow_undefined_flag"; then + if test yes = "$build_old_libs"; then + func_warning "undefined symbols not allowed in $host shared libraries; building static only" + build_libtool_libs=no + else + func_fatal_error "can't build $host shared library unless -no-undefined is specified" + fi fi else # Don't allow undefined symbols. - allow_undefined_flag="$no_undefined_flag" + allow_undefined_flag=$no_undefined_flag fi fi - func_generate_dlsyms "$libname" "$libname" "yes" + func_generate_dlsyms "$libname" "$libname" : func_append libobjs " $symfileobj" - test "X$libobjs" = "X " && libobjs= + test " " = "$libobjs" && libobjs= - if test "$opt_mode" != relink; then + if test relink != "$opt_mode"; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= @@ -7556,8 +9146,8 @@ func_mode_link () case $p in *.$objext | *.gcno) ;; - $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) - if test "X$precious_files_regex" != "X"; then + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) + if test -n "$precious_files_regex"; then if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue @@ -7573,11 +9163,11 @@ func_mode_link () fi # Now set the variables for building old libraries. - if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then + if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then func_append oldlibs " $output_objdir/$libname.$libext" # Transform .lo files to .o files. - oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. @@ -7598,13 +9188,13 @@ func_mode_link () *) func_append finalize_rpath " $libdir" ;; esac done - if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then + if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened - old_dlfiles="$dlfiles" + old_dlfiles=$dlfiles dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in @@ -7614,7 +9204,7 @@ func_mode_link () done # Make sure dlprefiles contains only unique files - old_dlprefiles="$dlprefiles" + old_dlprefiles=$dlprefiles dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in @@ -7623,7 +9213,7 @@ func_mode_link () esac done - if test "$build_libtool_libs" = yes; then + if test yes = "$build_libtool_libs"; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) @@ -7647,7 +9237,7 @@ func_mode_link () ;; *) # Add libc to deplibs on all other systems if necessary. - if test "$build_libtool_need_lc" = "yes"; then + if test yes = "$build_libtool_need_lc"; then func_append deplibs " -lc" fi ;; @@ -7663,9 +9253,9 @@ func_mode_link () # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? - release="" - versuffix="" - major="" + release= + versuffix= + major= newdeplibs= droppeddeps=no case $deplibs_check_method in @@ -7694,20 +9284,20 @@ EOF -l*) func_stripname -l '' "$i" name=$func_stripname_result - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $i "*) func_append newdeplibs " $i" - i="" + i= ;; esac fi - if test -n "$i" ; then + if test -n "$i"; then libname=`eval "\\$ECHO \"$libname_spec\""` deplib_matches=`eval "\\$ECHO \"$library_names_spec\""` set dummy $deplib_matches; shift deplib_match=$1 - if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then + if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then func_append newdeplibs " $i" else droppeddeps=yes @@ -7737,20 +9327,20 @@ EOF $opt_dry_run || $RM conftest if $LTCC $LTCFLAGS -o conftest conftest.c $i; then ldd_output=`ldd conftest` - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $i "*) func_append newdeplibs " $i" - i="" + i= ;; esac fi - if test -n "$i" ; then + if test -n "$i"; then libname=`eval "\\$ECHO \"$libname_spec\""` deplib_matches=`eval "\\$ECHO \"$library_names_spec\""` set dummy $deplib_matches; shift deplib_match=$1 - if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then + if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then func_append newdeplibs " $i" else droppeddeps=yes @@ -7787,24 +9377,24 @@ EOF -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= ;; esac fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then libname=`eval "\\$ECHO \"$libname_spec\""` if test -n "$file_magic_glob"; then libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob` else libnameglob=$libname fi - test "$want_nocaseglob" = yes && nocaseglob=`shopt -p nocaseglob` + test yes = "$want_nocaseglob" && nocaseglob=`shopt -p nocaseglob` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do - if test "$want_nocaseglob" = yes; then + if test yes = "$want_nocaseglob"; then shopt -s nocaseglob potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` $nocaseglob @@ -7822,25 +9412,25 @@ EOF # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? - potlib="$potent_lib" + potlib=$potent_lib while test -h "$potlib" 2>/dev/null; do - potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` + potliblink=`ls -ld $potlib | $SED 's/.* -> //'` case $potliblink in - [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; - *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; + [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; + *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | $SED -e 10q | $EGREP "$file_magic_regex" > /dev/null; then func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= break 2 fi done done fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." @@ -7848,7 +9438,7 @@ EOF echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib" ; then + if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" @@ -7871,30 +9461,30 @@ EOF -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + if test yes = "$allow_libtool_libs_with_static_runtimes"; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= ;; esac fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then libname=`eval "\\$ECHO \"$libname_spec\""` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do - potlib="$potent_lib" # see symlink-check above in file_magic test + potlib=$potent_lib # see symlink-check above in file_magic test if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then func_append newdeplibs " $a_deplib" - a_deplib="" + a_deplib= break 2 fi done done fi - if test -n "$a_deplib" ; then + if test -n "$a_deplib"; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." @@ -7902,7 +9492,7 @@ EOF echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" - if test -z "$potlib" ; then + if test -z "$potlib"; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" @@ -7918,18 +9508,18 @@ EOF done # Gone through all deplibs. ;; none | unknown | *) - newdeplibs="" + newdeplibs= tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` - if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then - for i in $predeps $postdeps ; do + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + for i in $predeps $postdeps; do # can't use Xsed below, because $i might contain '/' - tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` done fi case $tmp_deplibs in *[!\ \ ]*) echo - if test "X$deplibs_check_method" = "Xnone"; then + if test none = "$deplibs_check_method"; then echo "*** Warning: inter-library dependencies are not supported in this platform." else echo "*** Warning: inter-library dependencies are not known to be supported." @@ -7953,8 +9543,8 @@ EOF ;; esac - if test "$droppeddeps" = yes; then - if test "$module" = yes; then + if test yes = "$droppeddeps"; then + if test yes = "$module"; then echo echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" @@ -7963,12 +9553,12 @@ EOF if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" - echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." - echo "*** \`nm' from GNU binutils and a full rebuild may help." + echo "*** 'nm' from GNU binutils and a full rebuild may help." fi - if test "$build_old_libs" = no; then - oldlibs="$output_objdir/$libname.$libext" + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else @@ -7979,14 +9569,14 @@ EOF echo "*** automatically added whenever a program is linked with this library" echo "*** or is declared to -dlopen it." - if test "$allow_undefined" = no; then + if test no = "$allow_undefined"; then echo echo "*** Since this library must not contain undefined symbols," echo "*** because either the platform does not support them or" echo "*** it was explicitly requested with -no-undefined," echo "*** libtool will only create a static version of it." - if test "$build_old_libs" = no; then - oldlibs="$output_objdir/$libname.$libext" + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext build_libtool_libs=module build_old_libs=yes else @@ -8032,7 +9622,7 @@ EOF *) func_append new_libs " $deplib" ;; esac done - deplibs="$new_libs" + deplibs=$new_libs # All the library-specific variables (install_libdir is set above). library_names= @@ -8040,25 +9630,25 @@ EOF dlname= # Test again, we may have decided not to build it any more - if test "$build_libtool_libs" = yes; then - # Remove ${wl} instances when linking with ld. + if test yes = "$build_libtool_libs"; then + # Remove $wl instances when linking with ld. # FIXME: should test the right _cmds variable. case $archive_cmds in *\$LD\ *) wl= ;; esac - if test "$hardcode_into_libs" = yes; then + if test yes = "$hardcode_into_libs"; then # Hardcode the library paths hardcode_libdirs= dep_rpath= - rpath="$finalize_rpath" - test "$opt_mode" != relink && rpath="$compile_rpath$rpath" + rpath=$finalize_rpath + test relink = "$opt_mode" || rpath=$compile_rpath$rpath for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then func_replace_sysroot "$libdir" libdir=$func_replace_sysroot_result if test -z "$hardcode_libdirs"; then - hardcode_libdirs="$libdir" + hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in @@ -8083,7 +9673,7 @@ EOF # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then - libdir="$hardcode_libdirs" + libdir=$hardcode_libdirs eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then @@ -8097,8 +9687,8 @@ EOF test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi - shlibpath="$finalize_shlibpath" - test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath" + shlibpath=$finalize_shlibpath + test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi @@ -8108,19 +9698,19 @@ EOF eval library_names=\"$library_names_spec\" set dummy $library_names shift - realname="$1" + realname=$1 shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else - soname="$realname" + soname=$realname fi if test -z "$dlname"; then dlname=$soname fi - lib="$output_objdir/$realname" + lib=$output_objdir/$realname linknames= for link do @@ -8134,7 +9724,7 @@ EOF delfiles= if test -n "$export_symbols" && test -n "$include_expsyms"; then $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" - export_symbols="$output_objdir/$libname.uexp" + export_symbols=$output_objdir/$libname.uexp func_append delfiles " $export_symbols" fi @@ -8143,31 +9733,31 @@ EOF cygwin* | mingw* | cegcc*) if test -n "$export_symbols" && test -z "$export_symbols_regex"; then # exporting using user supplied symfile - if test "x`$SED 1q $export_symbols`" != xEXPORTS; then + func_dll_def_p "$export_symbols" || { # and it's NOT already a .def file. Must figure out # which of the given symbols are data symbols and tag # them as such. So, trigger use of export_symbols_cmds. # export_symbols gets reassigned inside the "prepare # the list of exported symbols" if statement, so the # include_expsyms logic still works. - orig_export_symbols="$export_symbols" + orig_export_symbols=$export_symbols export_symbols= always_export_symbols=yes - fi + } fi ;; esac # Prepare the list of exported symbols if test -z "$export_symbols"; then - if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then - func_verbose "generating symbol list for \`$libname.la'" - export_symbols="$output_objdir/$libname.exp" + if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols cmds=$export_symbols_cmds - save_ifs="$IFS"; IFS='~' + save_ifs=$IFS; IFS='~' for cmd1 in $cmds; do - IFS="$save_ifs" + IFS=$save_ifs # Take the normal branch if the nm_file_list_spec branch # doesn't work or if tool conversion is not needed. case $nm_file_list_spec~$to_tool_file_cmd in @@ -8181,7 +9771,7 @@ EOF try_normal_branch=no ;; esac - if test "$try_normal_branch" = yes \ + if test yes = "$try_normal_branch" \ && { test "$len" -lt "$max_cmd_len" \ || test "$max_cmd_len" -le -1; } then @@ -8192,7 +9782,7 @@ EOF output_la=$func_basename_result save_libobjs=$libobjs save_output=$output - output=${output_objdir}/${output_la}.nm + output=$output_objdir/$output_la.nm func_to_tool_file "$output" libobjs=$nm_file_list_spec$func_to_tool_file_result func_append delfiles " $output" @@ -8215,8 +9805,8 @@ EOF break fi done - IFS="$save_ifs" - if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then + IFS=$save_ifs + if test -n "$export_symbols_regex" && test : != "$skipped_export"; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi @@ -8224,16 +9814,16 @@ EOF fi if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols="$export_symbols" - test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi - if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then + if test : != "$skipped_export" && test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands which not all seds can handle. GNU sed should be fine + # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. @@ -8252,11 +9842,11 @@ EOF ;; esac done - deplibs="$tmp_deplibs" + deplibs=$tmp_deplibs if test -n "$convenience"; then if test -n "$whole_archive_flag_spec" && - test "$compiler_needs_object" = yes && + test yes = "$compiler_needs_object" && test -z "$libobjs"; then # extract the archives, so we have objects to list. # TODO: could optimize this to just extract one archive. @@ -8267,7 +9857,7 @@ EOF eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= else - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $convenience @@ -8276,18 +9866,18 @@ EOF fi fi - if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then + if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" func_append linker_flags " $flag" fi # Make a backup of the uninstalled library when relinking - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi # Do each of the archive commands. - if test "$module" = yes && test -n "$module_cmds" ; then + if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds @@ -8305,7 +9895,7 @@ EOF fi fi - if test "X$skipped_export" != "X:" && + if test : != "$skipped_export" && func_len " $test_cmds" && len=$func_len_result && test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then @@ -8338,8 +9928,8 @@ EOF last_robj= k=1 - if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then - output=${output_objdir}/${output_la}.lnkscript + if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then + output=$output_objdir/$output_la.lnkscript func_verbose "creating GNU ld script: $output" echo 'INPUT (' > $output for obj in $save_libobjs @@ -8351,14 +9941,14 @@ EOF func_append delfiles " $output" func_to_tool_file "$output" output=$func_to_tool_file_result - elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then - output=${output_objdir}/${output_la}.lnk + elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then + output=$output_objdir/$output_la.lnk func_verbose "creating linker input file list: $output" : > $output set x $save_libobjs shift firstobj= - if test "$compiler_needs_object" = yes; then + if test yes = "$compiler_needs_object"; then firstobj="$1 " shift fi @@ -8373,7 +9963,7 @@ EOF else if test -n "$save_libobjs"; then func_verbose "creating reloadable object files..." - output=$output_objdir/$output_la-${k}.$objext + output=$output_objdir/$output_la-$k.$objext eval test_cmds=\"$reload_cmds\" func_len " $test_cmds" len0=$func_len_result @@ -8385,13 +9975,13 @@ EOF func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result - if test "X$objlist" = X || + if test -z "$objlist" || test "$len" -lt "$max_cmd_len"; then func_append objlist " $obj" else # The command $test_cmds is almost too long, add a # command to the queue. - if test "$k" -eq 1 ; then + if test 1 -eq "$k"; then # The first file doesn't have a previous command to add. reload_objs=$objlist eval concat_cmds=\"$reload_cmds\" @@ -8401,10 +9991,10 @@ EOF reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi - last_robj=$output_objdir/$output_la-${k}.$objext + last_robj=$output_objdir/$output_la-$k.$objext func_arith $k + 1 k=$func_arith_result - output=$output_objdir/$output_la-${k}.$objext + output=$output_objdir/$output_la-$k.$objext objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result @@ -8416,9 +10006,9 @@ EOF # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ reload_objs="$objlist $last_robj" - eval concat_cmds=\"\${concat_cmds}$reload_cmds\" + eval concat_cmds=\"\$concat_cmds$reload_cmds\" if test -n "$last_robj"; then - eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi func_append delfiles " $output" @@ -8426,9 +10016,9 @@ EOF output= fi - if ${skipped_export-false}; then - func_verbose "generating symbol list for \`$libname.la'" - export_symbols="$output_objdir/$libname.exp" + ${skipped_export-false} && { + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp $opt_dry_run || $RM $export_symbols libobjs=$output # Append the command to create the export file. @@ -8437,16 +10027,16 @@ EOF if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi - fi + } test -n "$save_libobjs" && func_verbose "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. - save_ifs="$IFS"; IFS='~' + save_ifs=$IFS; IFS='~' for cmd in $concat_cmds; do - IFS="$save_ifs" - $opt_silent || { + IFS=$save_ifs + $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } @@ -8454,7 +10044,7 @@ EOF lt_exit=$? # Restore the uninstalled library and exit - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) @@ -8463,7 +10053,7 @@ EOF exit $lt_exit } done - IFS="$save_ifs" + IFS=$save_ifs if test -n "$export_symbols_regex" && ${skipped_export-false}; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' @@ -8471,18 +10061,18 @@ EOF fi fi - if ${skipped_export-false}; then + ${skipped_export-false} && { if test -n "$export_symbols" && test -n "$include_expsyms"; then - tmp_export_symbols="$export_symbols" - test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. - func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of - # 's' commands which not all seds can handle. GNU sed should be fine + # 's' commands, which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. @@ -8491,7 +10081,7 @@ EOF export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi - fi + } libobjs=$output # Restore the value of output. @@ -8505,7 +10095,7 @@ EOF # value of $libobjs for piecewise linking. # Do each of the archive commands. - if test "$module" = yes && test -n "$module_cmds" ; then + if test yes = "$module" && test -n "$module_cmds"; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else @@ -8527,7 +10117,7 @@ EOF # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles @@ -8535,11 +10125,12 @@ EOF test "X$libobjs" = "X " && libobjs= fi - save_ifs="$IFS"; IFS='~' + save_ifs=$IFS; IFS='~' for cmd in $cmds; do - IFS="$save_ifs" + IFS=$sp$nl eval cmd=\"$cmd\" - $opt_silent || { + IFS=$save_ifs + $opt_quiet || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } @@ -8547,7 +10138,7 @@ EOF lt_exit=$? # Restore the uninstalled library and exit - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) @@ -8556,10 +10147,10 @@ EOF exit $lt_exit } done - IFS="$save_ifs" + IFS=$save_ifs # Restore the uninstalled library and exit - if test "$opt_mode" = relink; then + if test relink = "$opt_mode"; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? if test -n "$convenience"; then @@ -8579,39 +10170,39 @@ EOF done # If -module or -export-dynamic was specified, set the dlname. - if test "$module" = yes || test "$export_dynamic" = yes; then + if test yes = "$module" || test yes = "$export_dynamic"; then # On all known operating systems, these are identical. - dlname="$soname" + dlname=$soname fi fi ;; obj) - if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then - func_warning "\`-dlopen' is ignored for objects" + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for objects" fi case " $deplibs" in *\ -l* | *\ -L*) - func_warning "\`-l' and \`-L' are ignored for objects" ;; + func_warning "'-l' and '-L' are ignored for objects" ;; esac test -n "$rpath" && \ - func_warning "\`-rpath' is ignored for objects" + func_warning "'-rpath' is ignored for objects" test -n "$xrpath" && \ - func_warning "\`-R' is ignored for objects" + func_warning "'-R' is ignored for objects" test -n "$vinfo" && \ - func_warning "\`-version-info' is ignored for objects" + func_warning "'-version-info' is ignored for objects" test -n "$release" && \ - func_warning "\`-release' is ignored for objects" + func_warning "'-release' is ignored for objects" case $output in *.lo) test -n "$objs$old_deplibs" && \ - func_fatal_error "cannot build library object \`$output' from non-libtool objects" + func_fatal_error "cannot build library object '$output' from non-libtool objects" libobj=$output func_lo2o "$libobj" @@ -8619,7 +10210,7 @@ EOF ;; *) libobj= - obj="$output" + obj=$output ;; esac @@ -8632,17 +10223,19 @@ EOF # the extraction. reload_conv_objs= gentop= - # reload_cmds runs $LD directly, so let us get rid of - # -Wl from whole_archive_flag_spec and hope we can get by with - # turning comma into space.. - wl= - + # if reload_cmds runs $LD directly, get rid of -Wl from + # whole_archive_flag_spec and hope we can get by with turning comma + # into space. + case $reload_cmds in + *\$LD[\ \$]*) wl= ;; + esac if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" - reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags else - gentop="$output_objdir/${obj}x" + gentop=$output_objdir/${obj}x func_append generated " $gentop" func_extract_archives $gentop $convenience @@ -8651,12 +10244,12 @@ EOF fi # If we're not building shared, we need to use non_pic_objs - test "$build_libtool_libs" != yes && libobjs="$non_pic_objects" + test yes = "$build_libtool_libs" || libobjs=$non_pic_objects # Create the old-style object. - reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs - output="$obj" + output=$obj func_execute_cmds "$reload_cmds" 'exit $?' # Exit if we aren't doing a library object file. @@ -8668,7 +10261,7 @@ EOF exit $EXIT_SUCCESS fi - if test "$build_libtool_libs" != yes; then + test yes = "$build_libtool_libs" || { if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi @@ -8678,12 +10271,12 @@ EOF # $show "echo timestamp > $libobj" # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS - fi + } - if test -n "$pic_flag" || test "$pic_mode" != default; then + if test -n "$pic_flag" || test default != "$pic_mode"; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" - output="$libobj" + output=$libobj func_execute_cmds "$reload_cmds" 'exit $?' fi @@ -8700,16 +10293,14 @@ EOF output=$func_stripname_result.exe;; esac test -n "$vinfo" && \ - func_warning "\`-version-info' is ignored for programs" + func_warning "'-version-info' is ignored for programs" test -n "$release" && \ - func_warning "\`-release' is ignored for programs" + func_warning "'-release' is ignored for programs" - test "$preload" = yes \ - && test "$dlopen_support" = unknown \ - && test "$dlopen_self" = unknown \ - && test "$dlopen_self_static" = unknown && \ - func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." + $preload \ + && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ + && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." case $host in *-*-rhapsody* | *-*-darwin1.[012]) @@ -8723,11 +10314,11 @@ EOF *-*-darwin*) # Don't allow lazy linking, it breaks C++ global constructors # But is supposedly fixed on 10.4 or later (yay!). - if test "$tagname" = CXX ; then + if test CXX = "$tagname"; then case ${MACOSX_DEPLOYMENT_TARGET-10.0} in 10.[0123]) - func_append compile_command " ${wl}-bind_at_load" - func_append finalize_command " ${wl}-bind_at_load" + func_append compile_command " $wl-bind_at_load" + func_append finalize_command " $wl-bind_at_load" ;; esac fi @@ -8763,7 +10354,7 @@ EOF *) func_append new_libs " $deplib" ;; esac done - compile_deplibs="$new_libs" + compile_deplibs=$new_libs func_append compile_command " $compile_deplibs" @@ -8787,7 +10378,7 @@ EOF if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then - hardcode_libdirs="$libdir" + hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in @@ -8810,7 +10401,7 @@ EOF fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) - testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` + testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; ::) dllsearchpath=$libdir;; @@ -8827,10 +10418,10 @@ EOF # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then - libdir="$hardcode_libdirs" + libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi - compile_rpath="$rpath" + compile_rpath=$rpath rpath= hardcode_libdirs= @@ -8838,7 +10429,7 @@ EOF if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then - hardcode_libdirs="$libdir" + hardcode_libdirs=$libdir else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in @@ -8863,45 +10454,43 @@ EOF # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then - libdir="$hardcode_libdirs" + libdir=$hardcode_libdirs eval rpath=\" $hardcode_libdir_flag_spec\" fi - finalize_rpath="$rpath" + finalize_rpath=$rpath - if test -n "$libobjs" && test "$build_old_libs" = yes; then + if test -n "$libobjs" && test yes = "$build_old_libs"; then # Transform all the library objects into standard objects. compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi - func_generate_dlsyms "$outputname" "@PROGRAM@" "no" + func_generate_dlsyms "$outputname" "@PROGRAM@" false # template prelinking step if test -n "$prelink_cmds"; then func_execute_cmds "$prelink_cmds" 'exit $?' fi - wrappers_required=yes + wrappers_required=: case $host in *cegcc* | *mingw32ce*) # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. - wrappers_required=no + wrappers_required=false ;; *cygwin* | *mingw* ) - if test "$build_libtool_libs" != yes; then - wrappers_required=no - fi + test yes = "$build_libtool_libs" || wrappers_required=false ;; *) - if test "$need_relink" = no || test "$build_libtool_libs" != yes; then - wrappers_required=no + if test no = "$need_relink" || test yes != "$build_libtool_libs"; then + wrappers_required=false fi ;; esac - if test "$wrappers_required" = no; then + $wrappers_required || { # Replace the output file specification. compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` - link_command="$compile_command$compile_rpath" + link_command=$compile_command$compile_rpath # We have no uninstalled library dependencies, so finalize right now. exit_status=0 @@ -8914,12 +10503,12 @@ EOF fi # Delete the generated files. - if test -f "$output_objdir/${outputname}S.${objext}"; then - func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' + if test -f "$output_objdir/${outputname}S.$objext"; then + func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' fi exit $exit_status - fi + } if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" @@ -8949,9 +10538,9 @@ EOF fi fi - if test "$no_install" = yes; then + if test yes = "$no_install"; then # We don't need to create a wrapper script. - link_command="$compile_var$compile_command$compile_rpath" + link_command=$compile_var$compile_command$compile_rpath # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. @@ -8968,27 +10557,28 @@ EOF exit $EXIT_SUCCESS fi - if test "$hardcode_action" = relink; then - # Fast installation is not supported - link_command="$compile_var$compile_command$compile_rpath" - relink_command="$finalize_var$finalize_command$finalize_rpath" + case $hardcode_action,$fast_install in + relink,*) + # Fast installation is not supported + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath - func_warning "this platform does not like uninstalled shared libraries" - func_warning "\`$output' will be relinked during installation" - else - if test "$fast_install" != no; then - link_command="$finalize_var$compile_command$finalize_rpath" - if test "$fast_install" = yes; then - relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` - else - # fast_install is set to needless - relink_command= - fi - else - link_command="$compile_var$compile_command$compile_rpath" - relink_command="$finalize_var$finalize_command$finalize_rpath" - fi - fi + func_warning "this platform does not like uninstalled shared libraries" + func_warning "'$output' will be relinked during installation" + ;; + *,yes) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + ;; + *,no) + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + ;; + *,needless) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command= + ;; + esac # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` @@ -9045,8 +10635,8 @@ EOF func_dirname_and_basename "$output" "" "." output_name=$func_basename_result output_path=$func_dirname_result - cwrappersource="$output_path/$objdir/lt-$output_name.c" - cwrapper="$output_path/$output_name.exe" + cwrappersource=$output_path/$objdir/lt-$output_name.c + cwrapper=$output_path/$output_name.exe $RM $cwrappersource $cwrapper trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 @@ -9067,7 +10657,7 @@ EOF trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 $opt_dry_run || { # note: this script will not be executed, so do not chmod. - if test "x$build" = "x$host" ; then + if test "x$build" = "x$host"; then $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result else func_emit_wrapper no > $func_ltwrapper_scriptname_result @@ -9090,25 +10680,27 @@ EOF # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do - if test "$build_libtool_libs" = convenience; then - oldobjs="$libobjs_save $symfileobj" - addlibs="$convenience" - build_libtool_libs=no - else - if test "$build_libtool_libs" = module; then - oldobjs="$libobjs_save" + case $build_libtool_libs in + convenience) + oldobjs="$libobjs_save $symfileobj" + addlibs=$convenience build_libtool_libs=no - else + ;; + module) + oldobjs=$libobjs_save + addlibs=$old_convenience + build_libtool_libs=no + ;; + *) oldobjs="$old_deplibs $non_pic_objects" - if test "$preload" = yes && test -f "$symfileobj"; then - func_append oldobjs " $symfileobj" - fi - fi - addlibs="$old_convenience" - fi + $preload && test -f "$symfileobj" \ + && func_append oldobjs " $symfileobj" + addlibs=$old_convenience + ;; + esac if test -n "$addlibs"; then - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $addlibs @@ -9116,13 +10708,13 @@ EOF fi # Do each command in the archive commands. - if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then + if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then cmds=$old_archive_from_new_cmds else # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_extract_archives $gentop $dlprefiles @@ -9143,7 +10735,7 @@ EOF : else echo "copying selected object files to avoid basename conflicts..." - gentop="$output_objdir/${outputname}x" + gentop=$output_objdir/${outputname}x func_append generated " $gentop" func_mkdir_p "$gentop" save_oldobjs=$oldobjs @@ -9152,7 +10744,7 @@ EOF for obj in $save_oldobjs do func_basename "$obj" - objbase="$func_basename_result" + objbase=$func_basename_result case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) @@ -9221,18 +10813,18 @@ EOF else # the above command should be used before it gets too long oldobjs=$objlist - if test "$obj" = "$last_oldobj" ; then + if test "$obj" = "$last_oldobj"; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ - eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" + eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" objlist= len=$len0 fi done RANLIB=$save_RANLIB oldobjs=$objlist - if test "X$oldobjs" = "X" ; then + if test -z "$oldobjs"; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" @@ -9249,7 +10841,7 @@ EOF case $output in *.la) old_library= - test "$build_old_libs" = yes && old_library="$libname.$libext" + test yes = "$build_old_libs" && old_library=$libname.$libext func_verbose "creating $output" # Preserve any variables that may affect compiler behavior @@ -9264,31 +10856,31 @@ EOF fi done # Quote the link command for shipping. - relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` - if test "$hardcode_automatic" = yes ; then + if test yes = "$hardcode_automatic"; then relink_command= fi # Only create the output if not a dry run. $opt_dry_run || { for installed in no yes; do - if test "$installed" = yes; then + if test yes = "$installed"; then if test -z "$install_libdir"; then break fi - output="$output_objdir/$outputname"i + output=$output_objdir/${outputname}i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) func_basename "$deplib" - name="$func_basename_result" + name=$func_basename_result func_resolve_sysroot "$deplib" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ - func_fatal_error "\`$deplib' is not a valid libtool archive" + func_fatal_error "'$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" ;; -L*) @@ -9304,23 +10896,23 @@ EOF *) func_append newdependency_libs " $deplib" ;; esac done - dependency_libs="$newdependency_libs" + dependency_libs=$newdependency_libs newdlfiles= for lib in $dlfiles; do case $lib in *.la) func_basename "$lib" - name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ - func_fatal_error "\`$lib' is not a valid libtool archive" + func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" ;; *) func_append newdlfiles " $lib" ;; esac done - dlfiles="$newdlfiles" + dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in @@ -9330,34 +10922,34 @@ EOF # didn't already link the preopened objects directly into # the library: func_basename "$lib" - name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ - func_fatal_error "\`$lib' is not a valid libtool archive" + func_fatal_error "'$lib' is not a valid libtool archive" func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" ;; esac done - dlprefiles="$newdlprefiles" + dlprefiles=$newdlprefiles else newdlfiles= for lib in $dlfiles; do case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlfiles " $abs" done - dlfiles="$newdlfiles" + dlfiles=$newdlfiles newdlprefiles= for lib in $dlprefiles; do case $lib in - [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlprefiles " $abs" done - dlprefiles="$newdlprefiles" + dlprefiles=$newdlprefiles fi $RM $output # place dlname in correct position for cygwin @@ -9373,10 +10965,9 @@ EOF case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) # If a -bindir argument was supplied, place the dll there. - if test "x$bindir" != x ; - then + if test -n "$bindir"; then func_relative_path "$install_libdir" "$bindir" - tdlname=$func_relative_path_result$dlname + tdlname=$func_relative_path_result/$dlname else # Otherwise fall back on heuristic. tdlname=../bin/$dlname @@ -9385,7 +10976,7 @@ EOF esac $ECHO > $output "\ # $outputname - a libtool library file -# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION # # Please DO NOT delete this file! # It is necessary for linking the library. @@ -9399,7 +10990,7 @@ library_names='$library_names' # The name of the static archive. old_library='$old_library' -# Linker flags that can not go in dependency_libs. +# Linker flags that cannot go in dependency_libs. inherited_linker_flags='$new_inherited_linker_flags' # Libraries that this one depends upon. @@ -9425,7 +11016,7 @@ dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" - if test "$installed" = no && test "$need_relink" = yes; then + if test no,yes = "$installed,$need_relink"; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi @@ -9440,27 +11031,29 @@ relink_command=\"$relink_command\"" exit $EXIT_SUCCESS } -{ test "$opt_mode" = link || test "$opt_mode" = relink; } && - func_mode_link ${1+"$@"} +if test link = "$opt_mode" || test relink = "$opt_mode"; then + func_mode_link ${1+"$@"} +fi # func_mode_uninstall arg... func_mode_uninstall () { - $opt_debug - RM="$nonopt" + $debug_cmd + + RM=$nonopt files= - rmforce= + rmforce=false exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. - libtool_install_magic="$magic" + libtool_install_magic=$magic for arg do case $arg in - -f) func_append RM " $arg"; rmforce=yes ;; + -f) func_append RM " $arg"; rmforce=: ;; -*) func_append RM " $arg" ;; *) func_append files " $arg" ;; esac @@ -9473,18 +11066,18 @@ func_mode_uninstall () for file in $files; do func_dirname "$file" "" "." - dir="$func_dirname_result" - if test "X$dir" = X.; then - odir="$objdir" + dir=$func_dirname_result + if test . = "$dir"; then + odir=$objdir else - odir="$dir/$objdir" + odir=$dir/$objdir fi func_basename "$file" - name="$func_basename_result" - test "$opt_mode" = uninstall && odir="$dir" + name=$func_basename_result + test uninstall = "$opt_mode" && odir=$dir # Remember odir for removal later, being careful to avoid duplicates - if test "$opt_mode" = clean; then + if test clean = "$opt_mode"; then case " $rmdirs " in *" $odir "*) ;; *) func_append rmdirs " $odir" ;; @@ -9499,11 +11092,11 @@ func_mode_uninstall () elif test -d "$file"; then exit_status=1 continue - elif test "$rmforce" = yes; then + elif $rmforce; then continue fi - rmfiles="$file" + rmfiles=$file case $name in *.la) @@ -9517,7 +11110,7 @@ func_mode_uninstall () done test -n "$old_library" && func_append rmfiles " $odir/$old_library" - case "$opt_mode" in + case $opt_mode in clean) case " $library_names " in *" $dlname "*) ;; @@ -9528,12 +11121,12 @@ func_mode_uninstall () uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. - func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. - func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; @@ -9549,21 +11142,19 @@ func_mode_uninstall () func_source $dir/$name # Add PIC object to the list of files to remove. - if test -n "$pic_object" && - test "$pic_object" != none; then + if test -n "$pic_object" && test none != "$pic_object"; then func_append rmfiles " $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. - if test -n "$non_pic_object" && - test "$non_pic_object" != none; then + if test -n "$non_pic_object" && test none != "$non_pic_object"; then func_append rmfiles " $dir/$non_pic_object" fi fi ;; *) - if test "$opt_mode" = clean ; then + if test clean = "$opt_mode"; then noexename=$name case $file in *.exe) @@ -9590,12 +11181,12 @@ func_mode_uninstall () # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles - func_append rmfiles " $odir/$name $odir/${name}S.${objext}" - if test "$fast_install" = yes && test -n "$relink_command"; then + func_append rmfiles " $odir/$name $odir/${name}S.$objext" + if test yes = "$fast_install" && test -n "$relink_command"; then func_append rmfiles " $odir/lt-$name" fi - if test "X$noexename" != "X$name" ; then - func_append rmfiles " $odir/lt-${noexename}.c" + if test "X$noexename" != "X$name"; then + func_append rmfiles " $odir/lt-$noexename.c" fi fi fi @@ -9604,7 +11195,7 @@ func_mode_uninstall () func_show_eval "$RM $rmfiles" 'exit_status=1' done - # Try to remove the ${objdir}s in the directories where we deleted files + # Try to remove the $objdir's in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then func_show_eval "rmdir $dir >/dev/null 2>&1" @@ -9614,16 +11205,17 @@ func_mode_uninstall () exit $exit_status } -{ test "$opt_mode" = uninstall || test "$opt_mode" = clean; } && - func_mode_uninstall ${1+"$@"} +if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then + func_mode_uninstall ${1+"$@"} +fi test -z "$opt_mode" && { - help="$generic_help" + help=$generic_help func_fatal_help "you must specify a MODE" } test -z "$exec_cmd" && \ - func_fatal_help "invalid operation mode \`$opt_mode'" + func_fatal_help "invalid operation mode '$opt_mode'" if test -n "$exec_cmd"; then eval exec "$exec_cmd" @@ -9634,7 +11226,7 @@ exit $exit_status # The TAGs below are defined such that we never get into a situation -# in which we disable both kinds of libraries. Given conflicting +# where we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support @@ -9657,5 +11249,3 @@ build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # mode:shell-script # sh-indentation:2 # End: -# vi:sw=2 - diff --git a/m4/gettext.m4 b/m4/gettext.m4 index dae3d81..8d1f066 100644 --- a/m4/gettext.m4 +++ b/m4/gettext.m4 @@ -1,5 +1,5 @@ -# gettext.m4 serial 53 (gettext-0.15) -dnl Copyright (C) 1995-2006 Free Software Foundation, Inc. +# gettext.m4 serial 66 (gettext-0.18.2) +dnl Copyright (C) 1995-2013 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -15,7 +15,7 @@ dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. -dnl Bruno Haible , 2000-2005. +dnl Bruno Haible , 2000-2006, 2008-2010. dnl Macro to add for using GNU gettext. @@ -35,7 +35,7 @@ dnl will be ignored. If NEEDSYMBOL is specified and is dnl 'need-formatstring-macros', then GNU gettext implementations that don't dnl support the ISO C 99 formatstring macros will be ignored. dnl INTLDIR is used to find the intl libraries. If empty, -dnl the value `$(top_builddir)/intl/' is used. +dnl the value '$(top_builddir)/intl/' is used. dnl dnl The result of the configuration is one of three cases: dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled @@ -60,11 +60,18 @@ AC_DEFUN([AM_GNU_GETTEXT], ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], , [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT ])])])])]) + ifelse(ifelse([$1], [], [old])[]ifelse([$1], [no-libtool], [old]), [old], + [AC_DIAGNOSE([obsolete], [Use of AM_GNU_GETTEXT without [external] argument is deprecated.])]) ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], , [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT ])])])]) - define([gt_included_intl], ifelse([$1], [external], [no], [yes])) + define([gt_included_intl], + ifelse([$1], [external], + ifdef([AM_GNU_GETTEXT_][INTL_SUBDIR], [yes], [no]), + [yes])) define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], [])) + gt_NEEDS_INIT + AM_GNU_GETTEXT_NEED([$2]) AC_REQUIRE([AM_PO_SUBDIRS])dnl ifelse(gt_included_intl, yes, [ @@ -78,7 +85,7 @@ AC_DEFUN([AM_GNU_GETTEXT], dnl Sometimes libintl requires libiconv, so first search for libiconv. dnl Ideally we would do this search only after the dnl if test "$USE_NLS" = "yes"; then - dnl if test "$gt_cv_func_gnugettext_libc" != "yes"; then + dnl if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT dnl the configure script would need to contain the same shell code dnl again, outside any 'if'. There are two solutions: @@ -90,7 +97,7 @@ AC_DEFUN([AM_GNU_GETTEXT], AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) ]) - dnl Sometimes, on MacOS X, libintl requires linking with CoreFoundation. + dnl Sometimes, on Mac OS X, libintl requires linking with CoreFoundation. gt_INTL_MACOSX dnl Set USE_NLS. @@ -104,16 +111,25 @@ AC_DEFUN([AM_GNU_GETTEXT], LTLIBINTL= POSUB= + dnl Add a version number to the cache macros. + case " $gt_needs " in + *" need-formatstring-macros "*) gt_api_version=3 ;; + *" need-ngettext "*) gt_api_version=2 ;; + *) gt_api_version=1 ;; + esac + gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc" + gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl" + dnl If we use NLS figure out what method if test "$USE_NLS" = "yes"; then gt_use_preinstalled_gnugettext=no ifelse(gt_included_intl, yes, [ AC_MSG_CHECKING([whether included gettext is requested]) - AC_ARG_WITH(included-gettext, + AC_ARG_WITH([included-gettext], [ --with-included-gettext use the GNU gettext library included here], nls_cv_force_use_gnu_gettext=$withval, nls_cv_force_use_gnu_gettext=no) - AC_MSG_RESULT($nls_cv_force_use_gnu_gettext) + AC_MSG_RESULT([$nls_cv_force_use_gnu_gettext]) nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext" if test "$nls_cv_force_use_gnu_gettext" != "yes"; then @@ -122,26 +138,41 @@ AC_DEFUN([AM_GNU_GETTEXT], dnl to use. If GNU gettext is available we use this. Else we have dnl to fall back to GNU NLS library. - dnl Add a version number to the cache macros. - define([gt_api_version], ifelse([$2], [need-formatstring-macros], 3, ifelse([$2], [need-ngettext], 2, 1))) - define([gt_cv_func_gnugettext_libc], [gt_cv_func_gnugettext]gt_api_version[_libc]) - define([gt_cv_func_gnugettext_libintl], [gt_cv_func_gnugettext]gt_api_version[_libintl]) - - AC_CACHE_CHECK([for GNU gettext in libc], gt_cv_func_gnugettext_libc, - [AC_TRY_LINK([#include -]ifelse([$2], [need-formatstring-macros], -[[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION + if test $gt_api_version -ge 3; then + gt_revision_test_code=' +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION #define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) #endif +changequote(,)dnl typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; -]], [])[extern int _nl_msg_cat_cntr; -extern int *_nl_domain_bindings;], - [bindtextdomain ("", ""); -return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_domain_bindings], - gt_cv_func_gnugettext_libc=yes, - gt_cv_func_gnugettext_libc=no)]) - - if test "$gt_cv_func_gnugettext_libc" != "yes"; then +changequote([,])dnl +' + else + gt_revision_test_code= + fi + if test $gt_api_version -ge 2; then + gt_expression_test_code=' + * ngettext ("", "", 0)' + else + gt_expression_test_code= + fi + + AC_CACHE_CHECK([for GNU gettext in libc], [$gt_func_gnugettext_libc], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; +extern int *_nl_domain_bindings; + ]], + [[ +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings + ]])], + [eval "$gt_func_gnugettext_libc=yes"], + [eval "$gt_func_gnugettext_libc=no"])]) + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then dnl Sometimes libintl requires libiconv, so first search for libiconv. ifelse(gt_included_intl, yes, , [ AM_ICONV_LINK @@ -152,49 +183,53 @@ return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], dnl even if libiconv doesn't exist. AC_LIB_LINKFLAGS_BODY([intl]) AC_CACHE_CHECK([for GNU gettext in libintl], - gt_cv_func_gnugettext_libintl, + [$gt_func_gnugettext_libintl], [gt_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $INCINTL" gt_save_LIBS="$LIBS" LIBS="$LIBS $LIBINTL" dnl Now see whether libintl exists and does not depend on libiconv. - AC_TRY_LINK([#include -]ifelse([$2], [need-formatstring-macros], -[[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION -#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) -#endif -typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; -]], [])[extern int _nl_msg_cat_cntr; + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif -const char *_nl_expand_alias (const char *);], - [bindtextdomain ("", ""); -return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias ("")], - gt_cv_func_gnugettext_libintl=yes, - gt_cv_func_gnugettext_libintl=no) +const char *_nl_expand_alias (const char *); + ]], + [[ +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("") + ]])], + [eval "$gt_func_gnugettext_libintl=yes"], + [eval "$gt_func_gnugettext_libintl=no"]) dnl Now see whether libintl exists and depends on libiconv. - if test "$gt_cv_func_gnugettext_libintl" != yes && test -n "$LIBICONV"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then LIBS="$LIBS $LIBICONV" - AC_TRY_LINK([#include -]ifelse([$2], [need-formatstring-macros], -[[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION -#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) -#endif -typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; -]], [])[extern int _nl_msg_cat_cntr; + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif -const char *_nl_expand_alias (const char *);], - [bindtextdomain ("", ""); -return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias ("")], - [LIBINTL="$LIBINTL $LIBICONV" - LTLIBINTL="$LTLIBINTL $LTLIBICONV" - gt_cv_func_gnugettext_libintl=yes - ]) +const char *_nl_expand_alias (const char *); + ]], + [[ +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("") + ]])], + [LIBINTL="$LIBINTL $LIBICONV" + LTLIBINTL="$LTLIBINTL $LTLIBICONV" + eval "$gt_func_gnugettext_libintl=yes" + ]) fi CPPFLAGS="$gt_save_CPPFLAGS" LIBS="$gt_save_LIBS"]) @@ -204,8 +239,8 @@ return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], dnl use it. But if this macro is used in GNU gettext, and GNU dnl gettext is already preinstalled in libintl, we update this dnl libintl. (Cf. the install rule in intl/Makefile.in.) - if test "$gt_cv_func_gnugettext_libc" = "yes" \ - || { test "$gt_cv_func_gnugettext_libintl" = "yes" \ + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \ + || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \ && test "$PACKAGE" != gettext-runtime \ && test "$PACKAGE" != gettext-tools; }; then gt_use_preinstalled_gnugettext=yes @@ -252,7 +287,7 @@ return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then - AC_DEFINE(ENABLE_NLS, 1, + AC_DEFINE([ENABLE_NLS], [1], [Define to 1 if translation of program messages to the user's native language is requested.]) else @@ -265,7 +300,7 @@ return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], if test "$USE_NLS" = "yes"; then AC_MSG_CHECKING([where the gettext function comes from]) if test "$gt_use_preinstalled_gnugettext" = "yes"; then - if test "$gt_cv_func_gnugettext_libintl" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then gt_source="external libintl" else gt_source="libc" @@ -279,16 +314,16 @@ return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], if test "$USE_NLS" = "yes"; then if test "$gt_use_preinstalled_gnugettext" = "yes"; then - if test "$gt_cv_func_gnugettext_libintl" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then AC_MSG_CHECKING([how to link with libintl]) AC_MSG_RESULT([$LIBINTL]) AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL]) fi dnl For backward compatibility. Some packages may be using this. - AC_DEFINE(HAVE_GETTEXT, 1, + AC_DEFINE([HAVE_GETTEXT], [1], [Define if the GNU gettext() function is already present or preinstalled.]) - AC_DEFINE(HAVE_DCGETTEXT, 1, + AC_DEFINE([HAVE_DCGETTEXT], [1], [Define if the GNU dcgettext() function is already present or preinstalled.]) fi @@ -304,9 +339,9 @@ return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], fi dnl Make all variables we use known to autoconf. - AC_SUBST(BUILD_INCLUDED_LIBINTL) - AC_SUBST(USE_INCLUDED_LIBINTL) - AC_SUBST(CATOBJEXT) + AC_SUBST([BUILD_INCLUDED_LIBINTL]) + AC_SUBST([USE_INCLUDED_LIBINTL]) + AC_SUBST([CATOBJEXT]) dnl For backward compatibility. Some configure.ins may be using this. nls_cv_header_intl= @@ -314,316 +349,51 @@ return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], dnl For backward compatibility. Some Makefiles may be using this. DATADIRNAME=share - AC_SUBST(DATADIRNAME) + AC_SUBST([DATADIRNAME]) dnl For backward compatibility. Some Makefiles may be using this. INSTOBJEXT=.mo - AC_SUBST(INSTOBJEXT) + AC_SUBST([INSTOBJEXT]) dnl For backward compatibility. Some Makefiles may be using this. GENCAT=gencat - AC_SUBST(GENCAT) + AC_SUBST([GENCAT]) dnl For backward compatibility. Some Makefiles may be using this. INTLOBJS= if test "$USE_INCLUDED_LIBINTL" = yes; then INTLOBJS="\$(GETTOBJS)" fi - AC_SUBST(INTLOBJS) + AC_SUBST([INTLOBJS]) dnl Enable libtool support if the surrounding package wishes it. INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix - AC_SUBST(INTL_LIBTOOL_SUFFIX_PREFIX) + AC_SUBST([INTL_LIBTOOL_SUFFIX_PREFIX]) ]) dnl For backward compatibility. Some Makefiles may be using this. INTLLIBS="$LIBINTL" - AC_SUBST(INTLLIBS) + AC_SUBST([INTLLIBS]) dnl Make all documented variables known to autoconf. - AC_SUBST(LIBINTL) - AC_SUBST(LTLIBINTL) - AC_SUBST(POSUB) + AC_SUBST([LIBINTL]) + AC_SUBST([LTLIBINTL]) + AC_SUBST([POSUB]) ]) -dnl Checks for all prerequisites of the intl subdirectory, -dnl except for INTL_LIBTOOL_SUFFIX_PREFIX (and possibly LIBTOOL), INTLOBJS, -dnl USE_INCLUDED_LIBINTL, BUILD_INCLUDED_LIBINTL. -AC_DEFUN([AM_INTL_SUBDIR], +dnl gt_NEEDS_INIT ensures that the gt_needs variable is initialized. +m4_define([gt_NEEDS_INIT], [ - AC_REQUIRE([AC_PROG_INSTALL])dnl - AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake - AC_REQUIRE([AC_PROG_CC])dnl - AC_REQUIRE([AC_CANONICAL_HOST])dnl - AC_REQUIRE([gt_GLIBC2])dnl - AC_REQUIRE([AC_PROG_RANLIB])dnl - AC_REQUIRE([gl_VISIBILITY])dnl - AC_REQUIRE([gt_INTL_SUBDIR_CORE])dnl - AC_REQUIRE([bh_C_SIGNED])dnl - AC_REQUIRE([gl_AC_TYPE_LONG_LONG])dnl - AC_REQUIRE([gt_TYPE_LONGDOUBLE])dnl - AC_REQUIRE([gt_TYPE_WCHAR_T])dnl - AC_REQUIRE([gt_TYPE_WINT_T])dnl - AC_REQUIRE([gl_AC_HEADER_INTTYPES_H]) - AC_REQUIRE([gt_TYPE_INTMAX_T]) - AC_REQUIRE([gt_PRINTF_POSIX]) - AC_REQUIRE([gl_GLIBC21])dnl - AC_REQUIRE([gl_XSIZE])dnl - AC_REQUIRE([gt_INTL_MACOSX])dnl - - AC_CHECK_TYPE([ptrdiff_t], , - [AC_DEFINE([ptrdiff_t], [long], - [Define as the type of the result of subtracting two pointers, if the system doesn't define it.]) - ]) - AC_CHECK_HEADERS([stddef.h stdlib.h string.h]) - AC_CHECK_FUNCS([asprintf fwprintf putenv setenv setlocale snprintf wcslen]) - - dnl Use the _snprintf function only if it is declared (because on NetBSD it - dnl is defined as a weak alias of snprintf; we prefer to use the latter). - gt_CHECK_DECL(_snprintf, [#include ]) - gt_CHECK_DECL(_snwprintf, [#include ]) - - dnl Use the *_unlocked functions only if they are declared. - dnl (because some of them were defined without being declared in Solaris - dnl 2.5.1 but were removed in Solaris 2.6, whereas we want binaries built - dnl on Solaris 2.5.1 to run on Solaris 2.6). - dnl Don't use AC_CHECK_DECLS because it isn't supported in autoconf-2.13. - gt_CHECK_DECL(getc_unlocked, [#include ]) - - case $gt_cv_func_printf_posix in - *yes) HAVE_POSIX_PRINTF=1 ;; - *) HAVE_POSIX_PRINTF=0 ;; - esac - AC_SUBST([HAVE_POSIX_PRINTF]) - if test "$ac_cv_func_asprintf" = yes; then - HAVE_ASPRINTF=1 - else - HAVE_ASPRINTF=0 - fi - AC_SUBST([HAVE_ASPRINTF]) - if test "$ac_cv_func_snprintf" = yes; then - HAVE_SNPRINTF=1 - else - HAVE_SNPRINTF=0 - fi - AC_SUBST([HAVE_SNPRINTF]) - if test "$ac_cv_func_wprintf" = yes; then - HAVE_WPRINTF=1 - else - HAVE_WPRINTF=0 - fi - AC_SUBST([HAVE_WPRINTF]) - - AM_LANGINFO_CODESET - gt_LC_MESSAGES - - dnl Compilation on mingw and Cygwin needs special Makefile rules, because - dnl 1. when we install a shared library, we must arrange to export - dnl auxiliary pointer variables for every exported variable, - dnl 2. when we install a shared library and a static library simultaneously, - dnl the include file specifies __declspec(dllimport) and therefore we - dnl must arrange to define the auxiliary pointer variables for the - dnl exported variables _also_ in the static library. - if test "$enable_shared" = yes; then - case "$host_os" in - cygwin*) is_woe32dll=yes ;; - *) is_woe32dll=no ;; - esac - else - is_woe32dll=no - fi - WOE32DLL=$is_woe32dll - AC_SUBST([WOE32DLL]) - - dnl Rename some macros and functions used for locking. - AH_BOTTOM([ -#define __libc_lock_t gl_lock_t -#define __libc_lock_define gl_lock_define -#define __libc_lock_define_initialized gl_lock_define_initialized -#define __libc_lock_init gl_lock_init -#define __libc_lock_lock gl_lock_lock -#define __libc_lock_unlock gl_lock_unlock -#define __libc_lock_recursive_t gl_recursive_lock_t -#define __libc_lock_define_recursive gl_recursive_lock_define -#define __libc_lock_define_initialized_recursive gl_recursive_lock_define_initialized -#define __libc_lock_init_recursive gl_recursive_lock_init -#define __libc_lock_lock_recursive gl_recursive_lock_lock -#define __libc_lock_unlock_recursive gl_recursive_lock_unlock -#define glthread_in_use libintl_thread_in_use -#define glthread_lock_init libintl_lock_init -#define glthread_lock_lock libintl_lock_lock -#define glthread_lock_unlock libintl_lock_unlock -#define glthread_lock_destroy libintl_lock_destroy -#define glthread_rwlock_init libintl_rwlock_init -#define glthread_rwlock_rdlock libintl_rwlock_rdlock -#define glthread_rwlock_wrlock libintl_rwlock_wrlock -#define glthread_rwlock_unlock libintl_rwlock_unlock -#define glthread_rwlock_destroy libintl_rwlock_destroy -#define glthread_recursive_lock_init libintl_recursive_lock_init -#define glthread_recursive_lock_lock libintl_recursive_lock_lock -#define glthread_recursive_lock_unlock libintl_recursive_lock_unlock -#define glthread_recursive_lock_destroy libintl_recursive_lock_destroy -#define glthread_once libintl_once -#define glthread_once_call libintl_once_call -#define glthread_once_singlethreaded libintl_once_singlethreaded -]) -]) - - -dnl Checks for the core files of the intl subdirectory: -dnl dcigettext.c -dnl eval-plural.h -dnl explodename.c -dnl finddomain.c -dnl gettextP.h -dnl gmo.h -dnl hash-string.h hash-string.c -dnl l10nflist.c -dnl libgnuintl.h.in (except the *printf stuff) -dnl loadinfo.h -dnl loadmsgcat.c -dnl localealias.c -dnl log.c -dnl plural-exp.h plural-exp.c -dnl plural.y -dnl Used by libglocale. -AC_DEFUN([gt_INTL_SUBDIR_CORE], -[ - AC_REQUIRE([AC_C_INLINE])dnl - AC_REQUIRE([AC_TYPE_SIZE_T])dnl - AC_REQUIRE([gl_AC_HEADER_STDINT_H]) - AC_REQUIRE([AC_FUNC_ALLOCA])dnl - AC_REQUIRE([AC_FUNC_MMAP])dnl - AC_REQUIRE([gt_INTDIV0])dnl - AC_REQUIRE([gl_AC_TYPE_UINTMAX_T])dnl - AC_REQUIRE([gl_HEADER_INTTYPES_H])dnl - AC_REQUIRE([gt_INTTYPES_PRI])dnl - AC_REQUIRE([gl_LOCK])dnl - - AC_TRY_LINK( - [int foo (int a) { a = __builtin_expect (a, 10); return a == 10 ? 0 : 1; }], - [], - [AC_DEFINE([HAVE_BUILTIN_EXPECT], 1, - [Define to 1 if the compiler understands __builtin_expect.])]) - - AC_CHECK_HEADERS([argz.h limits.h unistd.h sys/param.h]) - AC_CHECK_FUNCS([getcwd getegid geteuid getgid getuid mempcpy munmap \ - stpcpy strcasecmp strdup strtoul tsearch argz_count argz_stringify \ - argz_next __fsetlocking]) - - dnl Use the *_unlocked functions only if they are declared. - dnl (because some of them were defined without being declared in Solaris - dnl 2.5.1 but were removed in Solaris 2.6, whereas we want binaries built - dnl on Solaris 2.5.1 to run on Solaris 2.6). - dnl Don't use AC_CHECK_DECLS because it isn't supported in autoconf-2.13. - gt_CHECK_DECL(feof_unlocked, [#include ]) - gt_CHECK_DECL(fgets_unlocked, [#include ]) - - AM_ICONV - - dnl glibc >= 2.4 has a NL_LOCALE_NAME macro when _GNU_SOURCE is defined, - dnl and a _NL_LOCALE_NAME macro always. - AC_CACHE_CHECK([for NL_LOCALE_NAME macro], gt_cv_nl_locale_name, - [AC_TRY_LINK([#include -#include ], - [char* cs = nl_langinfo(_NL_LOCALE_NAME(LC_MESSAGES));], - gt_cv_nl_locale_name=yes, - gt_cv_nl_locale_name=no) - ]) - if test $gt_cv_nl_locale_name = yes; then - AC_DEFINE(HAVE_NL_LOCALE_NAME, 1, - [Define if you have and it defines the NL_LOCALE_NAME macro if _GNU_SOURCE is defined.]) - fi - - dnl intl/plural.c is generated from intl/plural.y. It requires bison, - dnl because plural.y uses bison specific features. It requires at least - dnl bison-1.26 because earlier versions generate a plural.c that doesn't - dnl compile. - dnl bison is only needed for the maintainer (who touches plural.y). But in - dnl order to avoid separate Makefiles or --enable-maintainer-mode, we put - dnl the rule in general Makefile. Now, some people carelessly touch the - dnl files or have a broken "make" program, hence the plural.c rule will - dnl sometimes fire. To avoid an error, defines BISON to ":" if it is not - dnl present or too old. - AC_CHECK_PROGS([INTLBISON], [bison]) - if test -z "$INTLBISON"; then - ac_verc_fail=yes - else - dnl Found it, now check the version. - AC_MSG_CHECKING([version of bison]) -changequote(<<,>>)dnl - ac_prog_version=`$INTLBISON --version 2>&1 | sed -n 's/^.*GNU Bison.* \([0-9]*\.[0-9.]*\).*$/\1/p'` - case $ac_prog_version in - '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;; - 1.2[6-9]* | 1.[3-9][0-9]* | [2-9].*) -changequote([,])dnl - ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;; - *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;; - esac - AC_MSG_RESULT([$ac_prog_version]) - fi - if test $ac_verc_fail = yes; then - INTLBISON=: - fi -]) - - -dnl Checks for special options needed on MacOS X. -dnl Defines INTL_MACOSX_LIBS. -AC_DEFUN([gt_INTL_MACOSX], -[ - dnl Check for API introduced in MacOS X 10.2. - AC_CACHE_CHECK([for CFPreferencesCopyAppValue], - gt_cv_func_CFPreferencesCopyAppValue, - [gt_save_LIBS="$LIBS" - LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" - AC_TRY_LINK([#include ], - [CFPreferencesCopyAppValue(NULL, NULL)], - [gt_cv_func_CFPreferencesCopyAppValue=yes], - [gt_cv_func_CFPreferencesCopyAppValue=no]) - LIBS="$gt_save_LIBS"]) - if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then - AC_DEFINE([HAVE_CFPREFERENCESCOPYAPPVALUE], 1, - [Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in the CoreFoundation framework.]) - fi - dnl Check for API introduced in MacOS X 10.3. - AC_CACHE_CHECK([for CFLocaleCopyCurrent], gt_cv_func_CFLocaleCopyCurrent, - [gt_save_LIBS="$LIBS" - LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" - AC_TRY_LINK([#include ], [CFLocaleCopyCurrent();], - [gt_cv_func_CFLocaleCopyCurrent=yes], - [gt_cv_func_CFLocaleCopyCurrent=no]) - LIBS="$gt_save_LIBS"]) - if test $gt_cv_func_CFLocaleCopyCurrent = yes; then - AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], 1, - [Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the CoreFoundation framework.]) - fi - INTL_MACOSX_LIBS= - if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then - INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" - fi - AC_SUBST([INTL_MACOSX_LIBS]) + m4_divert_text([DEFAULTS], [gt_needs=]) + m4_define([gt_NEEDS_INIT], []) ]) -dnl gt_CHECK_DECL(FUNC, INCLUDES) -dnl Check whether a function is declared. -AC_DEFUN([gt_CHECK_DECL], +dnl Usage: AM_GNU_GETTEXT_NEED([NEEDSYMBOL]) +AC_DEFUN([AM_GNU_GETTEXT_NEED], [ - AC_CACHE_CHECK([whether $1 is declared], ac_cv_have_decl_$1, - [AC_TRY_COMPILE([$2], [ -#ifndef $1 - char *p = (char *) $1; -#endif -], ac_cv_have_decl_$1=yes, ac_cv_have_decl_$1=no)]) - if test $ac_cv_have_decl_$1 = yes; then - gt_value=1 - else - gt_value=0 - fi - AC_DEFINE_UNQUOTED([HAVE_DECL_]translit($1, [a-z], [A-Z]), [$gt_value], - [Define to 1 if you have the declaration of `$1', and to 0 if you don't.]) + m4_divert_text([INIT_PREPARE], [gt_needs="$gt_needs $1"]) ]) diff --git a/m4/iconv.m4 b/m4/iconv.m4 index 654c415..a503646 100644 --- a/m4/iconv.m4 +++ b/m4/iconv.m4 @@ -1,5 +1,5 @@ -# iconv.m4 serial AM4 (gettext-0.11.3) -dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. +# iconv.m4 serial 18 (gettext-0.18.2) +dnl Copyright (C) 2000-2002, 2007-2013 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -21,6 +21,7 @@ AC_DEFUN([AM_ICONV_LINK], [ dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and dnl those with the standalone portable GNU libiconv installed). + AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV dnl accordingly. @@ -29,34 +30,170 @@ AC_DEFUN([AM_ICONV_LINK], dnl Add $INCICONV to CPPFLAGS before performing the following checks, dnl because if the user has installed libiconv and not disabled its use dnl via --without-libiconv-prefix, he wants to use it. The first - dnl AC_TRY_LINK will then fail, the second AC_TRY_LINK will succeed. + dnl AC_LINK_IFELSE will then fail, the second AC_LINK_IFELSE will succeed. am_save_CPPFLAGS="$CPPFLAGS" AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV]) - AC_CACHE_CHECK(for iconv, am_cv_func_iconv, [ + AC_CACHE_CHECK([for iconv], [am_cv_func_iconv], [ am_cv_func_iconv="no, consider installing GNU libiconv" am_cv_lib_iconv=no - AC_TRY_LINK([#include -#include ], - [iconv_t cd = iconv_open("",""); - iconv(cd,NULL,NULL,NULL,NULL); - iconv_close(cd);], - am_cv_func_iconv=yes) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#include + ]], + [[iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd);]])], + [am_cv_func_iconv=yes]) if test "$am_cv_func_iconv" != yes; then am_save_LIBS="$LIBS" LIBS="$LIBS $LIBICONV" - AC_TRY_LINK([#include -#include ], - [iconv_t cd = iconv_open("",""); - iconv(cd,NULL,NULL,NULL,NULL); - iconv_close(cd);], - am_cv_lib_iconv=yes - am_cv_func_iconv=yes) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[ +#include +#include + ]], + [[iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd);]])], + [am_cv_lib_iconv=yes] + [am_cv_func_iconv=yes]) LIBS="$am_save_LIBS" fi ]) if test "$am_cv_func_iconv" = yes; then - AC_DEFINE(HAVE_ICONV, 1, [Define if you have the iconv() function.]) + AC_CACHE_CHECK([for working iconv], [am_cv_func_iconv_works], [ + dnl This tests against bugs in AIX 5.1, AIX 6.1..7.1, HP-UX 11.11, + dnl Solaris 10. + am_save_LIBS="$LIBS" + if test $am_cv_lib_iconv = yes; then + LIBS="$LIBS $LIBICONV" + fi + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ +#include +#include +int main () +{ + int result = 0; + /* Test against AIX 5.1 bug: Failures are not distinguishable from successful + returns. */ + { + iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8"); + if (cd_utf8_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\342\202\254"; /* EURO SIGN */ + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_utf8_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 1; + iconv_close (cd_utf8_to_88591); + } + } + /* Test against Solaris 10 bug: Failures are not distinguishable from + successful returns. */ + { + iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646"); + if (cd_ascii_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\263"; + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_ascii_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 2; + iconv_close (cd_ascii_to_88591); + } + } + /* Test against AIX 6.1..7.1 bug: Buffer overrun. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304"; + static char buf[2] = { (char)0xDE, (char)0xAD }; + const char *inptr = input; + size_t inbytesleft = 1; + char *outptr = buf; + size_t outbytesleft = 1; + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD) + result |= 4; + iconv_close (cd_88591_to_utf8); + } + } +#if 0 /* This bug could be worked around by the caller. */ + /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337"; + char buf[50]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if ((int)res > 0) + result |= 8; + iconv_close (cd_88591_to_utf8); + } + } +#endif + /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is + provided. */ + if (/* Try standardized names. */ + iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1) + /* Try IRIX, OSF/1 names. */ + && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1) + /* Try AIX names. */ + && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1) + /* Try HP-UX names. */ + && iconv_open ("utf8", "eucJP") == (iconv_t)(-1)) + result |= 16; + return result; +}]])], + [am_cv_func_iconv_works=yes], + [am_cv_func_iconv_works=no], + [ +changequote(,)dnl + case "$host_os" in + aix* | hpux*) am_cv_func_iconv_works="guessing no" ;; + *) am_cv_func_iconv_works="guessing yes" ;; + esac +changequote([,])dnl + ]) + LIBS="$am_save_LIBS" + ]) + case "$am_cv_func_iconv_works" in + *no) am_func_iconv=no am_cv_lib_iconv=no ;; + *) am_func_iconv=yes ;; + esac + else + am_func_iconv=no am_cv_lib_iconv=no + fi + if test "$am_func_iconv" = yes; then + AC_DEFINE([HAVE_ICONV], [1], + [Define if you have the iconv() function and it works.]) fi if test "$am_cv_lib_iconv" = yes; then AC_MSG_CHECKING([how to link with libiconv]) @@ -68,34 +205,64 @@ AC_DEFUN([AM_ICONV_LINK], LIBICONV= LTLIBICONV= fi - AC_SUBST(LIBICONV) - AC_SUBST(LTLIBICONV) + AC_SUBST([LIBICONV]) + AC_SUBST([LTLIBICONV]) ]) -AC_DEFUN([AM_ICONV], +dnl Define AM_ICONV using AC_DEFUN_ONCE for Autoconf >= 2.64, in order to +dnl avoid warnings like +dnl "warning: AC_REQUIRE: `AM_ICONV' was expanded before it was required". +dnl This is tricky because of the way 'aclocal' is implemented: +dnl - It requires defining an auxiliary macro whose name ends in AC_DEFUN. +dnl Otherwise aclocal's initial scan pass would miss the macro definition. +dnl - It requires a line break inside the AC_DEFUN_ONCE and AC_DEFUN expansions. +dnl Otherwise aclocal would emit many "Use of uninitialized value $1" +dnl warnings. +m4_define([gl_iconv_AC_DEFUN], + m4_version_prereq([2.64], + [[AC_DEFUN_ONCE( + [$1], [$2])]], + [m4_ifdef([gl_00GNULIB], + [[AC_DEFUN_ONCE( + [$1], [$2])]], + [[AC_DEFUN( + [$1], [$2])]])])) +gl_iconv_AC_DEFUN([AM_ICONV], [ AM_ICONV_LINK if test "$am_cv_func_iconv" = yes; then AC_MSG_CHECKING([for iconv declaration]) - AC_CACHE_VAL(am_cv_proto_iconv, [ - AC_TRY_COMPILE([ + AC_CACHE_VAL([am_cv_proto_iconv], [ + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ #include #include extern #ifdef __cplusplus "C" #endif -#if defined(__STDC__) || defined(__cplusplus) +#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); #else size_t iconv(); #endif -], [], am_cv_proto_iconv_arg1="", am_cv_proto_iconv_arg1="const") + ]], + [[]])], + [am_cv_proto_iconv_arg1=""], + [am_cv_proto_iconv_arg1="const"]) am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"]) am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'` - AC_MSG_RESULT([$]{ac_t:- - }[$]am_cv_proto_iconv) - AC_DEFINE_UNQUOTED(ICONV_CONST, $am_cv_proto_iconv_arg1, + AC_MSG_RESULT([ + $am_cv_proto_iconv]) + AC_DEFINE_UNQUOTED([ICONV_CONST], [$am_cv_proto_iconv_arg1], [Define as const if the declaration of iconv() needs const.]) + dnl Also substitute ICONV_CONST in the gnulib generated . + m4_ifdef([gl_ICONV_H_DEFAULTS], + [AC_REQUIRE([gl_ICONV_H_DEFAULTS]) + if test -n "$am_cv_proto_iconv_arg1"; then + ICONV_CONST="const" + fi + ]) fi ]) diff --git a/m4/intlmacosx.m4 b/m4/intlmacosx.m4 new file mode 100644 index 0000000..ab97d39 --- /dev/null +++ b/m4/intlmacosx.m4 @@ -0,0 +1,56 @@ +# intlmacosx.m4 serial 5 (gettext-0.18.2) +dnl Copyright (C) 2004-2013 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. +dnl +dnl This file can can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Checks for special options needed on Mac OS X. +dnl Defines INTL_MACOSX_LIBS. +AC_DEFUN([gt_INTL_MACOSX], +[ + dnl Check for API introduced in Mac OS X 10.2. + AC_CACHE_CHECK([for CFPreferencesCopyAppValue], + [gt_cv_func_CFPreferencesCopyAppValue], + [gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[CFPreferencesCopyAppValue(NULL, NULL)]])], + [gt_cv_func_CFPreferencesCopyAppValue=yes], + [gt_cv_func_CFPreferencesCopyAppValue=no]) + LIBS="$gt_save_LIBS"]) + if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then + AC_DEFINE([HAVE_CFPREFERENCESCOPYAPPVALUE], [1], + [Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in the CoreFoundation framework.]) + fi + dnl Check for API introduced in Mac OS X 10.3. + AC_CACHE_CHECK([for CFLocaleCopyCurrent], [gt_cv_func_CFLocaleCopyCurrent], + [gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[CFLocaleCopyCurrent();]])], + [gt_cv_func_CFLocaleCopyCurrent=yes], + [gt_cv_func_CFLocaleCopyCurrent=no]) + LIBS="$gt_save_LIBS"]) + if test $gt_cv_func_CFLocaleCopyCurrent = yes; then + AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], [1], + [Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the CoreFoundation framework.]) + fi + INTL_MACOSX_LIBS= + if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then + INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" + fi + AC_SUBST([INTL_MACOSX_LIBS]) +]) diff --git a/m4/lib-ld.m4 b/m4/lib-ld.m4 index 96c4e2c..c145e47 100644 --- a/m4/lib-ld.m4 +++ b/m4/lib-ld.m4 @@ -1,50 +1,56 @@ -# lib-ld.m4 serial 3 (gettext-0.13) -dnl Copyright (C) 1996-2003 Free Software Foundation, Inc. +# lib-ld.m4 serial 6 +dnl Copyright (C) 1996-2003, 2009-2013 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl Subroutines of libtool.m4, -dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision -dnl with libtool.m4. +dnl with replacements s/_*LT_PATH/AC_LIB_PROG/ and s/lt_/acl_/ to avoid +dnl collision with libtool.m4. -dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no. +dnl From libtool-2.4. Sets the variable with_gnu_ld to yes or no. AC_DEFUN([AC_LIB_PROG_LD_GNU], -[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld, -[# I'd rather use --version here, but apparently some GNU ld's only accept -v. +[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], [acl_cv_prog_gnu_ld], +[# I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } fi + ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. - AC_MSG_CHECKING([for ld used by GCC]) + AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw @@ -54,12 +60,12 @@ if test "$GCC" = yes; then esac case $ac_prog in # Accept absolute paths. - [[\\/]* | [A-Za-z]:[\\/]*)] - [re_direlt='/[^/][^/]*/\.\./'] - # Canonicalize the path of ld - ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` - while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do - ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`echo "$ac_prog"| sed 's%\\\\%/%g'` + while echo "$ac_prog" | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; @@ -77,33 +83,36 @@ elif test "$with_gnu_ld" = yes; then else AC_MSG_CHECKING([for non-GNU ld]) fi -AC_CACHE_VAL(acl_cv_path_LD, +AC_CACHE_VAL([acl_cv_path_LD], [if test -z "$LD"; then - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" + acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do + IFS="$acl_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then acl_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some GNU ld's only accept -v. + # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. - case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in + case `"$acl_cv_path_LD" -v 2>&1 = 1.10 to complain if config.rpath is missing. @@ -101,7 +130,7 @@ AC_DEFUN([AC_LIB_RPATH], AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir - AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [ + AC_CACHE_CHECK([for shared library run path origin], [acl_cv_rpath], [ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh . ./conftest.sh @@ -109,35 +138,66 @@ AC_DEFUN([AC_LIB_RPATH], acl_cv_rpath=done ]) wl="$acl_cv_wl" - libext="$acl_cv_libext" - shlibext="$acl_cv_shlibext" - hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" - hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" - hardcode_direct="$acl_cv_hardcode_direct" - hardcode_minus_L="$acl_cv_hardcode_minus_L" + acl_libext="$acl_cv_libext" + acl_shlibext="$acl_cv_shlibext" + acl_libname_spec="$acl_cv_libname_spec" + acl_library_names_spec="$acl_cv_library_names_spec" + acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" + acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + acl_hardcode_direct="$acl_cv_hardcode_direct" + acl_hardcode_minus_L="$acl_cv_hardcode_minus_L" dnl Determine whether the user wants rpath handling at all. - AC_ARG_ENABLE(rpath, + AC_ARG_ENABLE([rpath], [ --disable-rpath do not hardcode runtime library paths], :, enable_rpath=yes) ]) +dnl AC_LIB_FROMPACKAGE(name, package) +dnl declares that libname comes from the given package. The configure file +dnl will then not have a --with-libname-prefix option but a +dnl --with-package-prefix option. Several libraries can come from the same +dnl package. This declaration must occur before an AC_LIB_LINKFLAGS or similar +dnl macro call that searches for libname. +AC_DEFUN([AC_LIB_FROMPACKAGE], +[ + pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + define([acl_frompackage_]NAME, [$2]) + popdef([NAME]) + pushdef([PACK],[$2]) + pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + define([acl_libsinpackage_]PACKUP, + m4_ifdef([acl_libsinpackage_]PACKUP, [m4_defn([acl_libsinpackage_]PACKUP)[, ]],)[lib$1]) + popdef([PACKUP]) + popdef([PACK]) +]) + dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and dnl the libraries corresponding to explicit and implicit dependencies. dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables. +dnl Also, sets the LIB${NAME}_PREFIX variable to nonempty if libname was found +dnl in ${LIB${NAME}_PREFIX}/$acl_libdirstem. AC_DEFUN([AC_LIB_LINKFLAGS_BODY], [ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) - define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], - [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) + pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + pushdef([PACK],[m4_ifdef([acl_frompackage_]NAME, [acl_frompackage_]NAME, lib[$1])]) + pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])]) + pushdef([PACKLIBS],[m4_ifdef([acl_frompackage_]NAME, [acl_libsinpackage_]PACKUP, lib[$1])]) + dnl Autoconf >= 2.61 supports dots in --with options. + pushdef([P_A_C_K],[m4_if(m4_version_compare(m4_defn([m4_PACKAGE_VERSION]),[2.61]),[-1],[m4_translit(PACK,[.],[_])],PACK)]) dnl By default, look in $includedir and $libdir. use_additional=yes AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) - AC_LIB_ARG_WITH([lib$1-prefix], -[ --with-lib$1-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib - --without-lib$1-prefix don't search for lib$1 in includedir and libdir], + AC_ARG_WITH(P_A_C_K[-prefix], +[[ --with-]]P_A_C_K[[-prefix[=DIR] search for ]PACKLIBS[ in DIR/include and DIR/lib + --without-]]P_A_C_K[[-prefix don't search for ]PACKLIBS[ in includedir and libdir]], [ if test "X$withval" = "Xno"; then use_additional=no @@ -150,6 +210,10 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], else additional_includedir="$withval/include" additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && ! test -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi fi fi ]) @@ -158,6 +222,10 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], LIB[]NAME= LTLIB[]NAME= INC[]NAME= + LIB[]NAME[]_PREFIX= + dnl HAVE_LIB${NAME} is an indicator that LIB${NAME}, LTLIB${NAME} have been + dnl computed. So it has to be reset here. + HAVE_LIB[]NAME= rpathdirs= ltrpathdirs= names_already_handled= @@ -177,7 +245,7 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], names_already_handled="$names_already_handled $name" dnl See if it was already located by an earlier AC_LIB_LINKFLAGS dnl or AC_LIB_HAVE_LINKFLAGS call. - uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` eval value=\"\$HAVE_LIB$uppername\" if test -n "$value"; then if test "$value" = yes; then @@ -197,22 +265,55 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], found_la= found_so= found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi if test $use_additional = yes; then - if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then - found_dir="$additional_libdir" - found_so="$additional_libdir/lib$name.$shlibext" - if test -f "$additional_libdir/lib$name.la"; then - found_la="$additional_libdir/lib$name.la" - fi - else - if test -f "$additional_libdir/lib$name.$libext"; then - found_dir="$additional_libdir" - found_a="$additional_libdir/lib$name.$libext" - if test -f "$additional_libdir/lib$name.la"; then - found_la="$additional_libdir/lib$name.la" + dir="$additional_libdir" + dnl The same code as in the loop below: + dnl First look for a shared library. + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done fi fi fi + dnl Then look for a static library. + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi fi if test "X$found_dir" = "X"; then for x in $LDFLAGS $LTLIB[]NAME; do @@ -220,21 +321,46 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], case "$x" in -L*) dir=`echo "X$x" | sed -e 's/^X-L//'` - if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then - found_dir="$dir" - found_so="$dir/lib$name.$shlibext" - if test -f "$dir/lib$name.la"; then - found_la="$dir/lib$name.la" - fi - else - if test -f "$dir/lib$name.$libext"; then + dnl First look for a shared library. + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then found_dir="$dir" - found_a="$dir/lib$name.$libext" - if test -f "$dir/lib$name.la"; then - found_la="$dir/lib$name.la" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done fi fi fi + dnl Then look for a static library. + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi ;; esac if test "X$found_dir" != "X"; then @@ -249,7 +375,9 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], dnl Linking with a shared library. We attempt to hardcode its dnl directory into the executable's runpath, unless it's the dnl standard /usr/lib. - if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then dnl No hardcoding is needed. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else @@ -268,12 +396,12 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], ltrpathdirs="$ltrpathdirs $found_dir" fi dnl The hardcoding into $LIBNAME is system dependent. - if test "$hardcode_direct" = yes; then + if test "$acl_hardcode_direct" = yes; then dnl Using DIR/libNAME.so during linking hardcodes DIR into the dnl resulting binary. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else - if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then dnl Use an explicit option to hardcode DIR into the resulting dnl binary. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" @@ -304,13 +432,13 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], if test -z "$haveit"; then LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir" fi - if test "$hardcode_minus_L" != no; then + if test "$acl_hardcode_minus_L" != no; then dnl FIXME: Not sure whether we should use dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" dnl here. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else - dnl We cannot use $hardcode_runpath_var and LD_RUN_PATH + dnl We cannot use $acl_hardcode_runpath_var and LD_RUN_PATH dnl here, because this doesn't fit in flags passed to the dnl compiler. So give up. No hardcoding. This affects only dnl very old systems. @@ -337,6 +465,16 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], case "$found_dir" in */$acl_libdirstem | */$acl_libdirstem/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = '$1'; then + LIB[]NAME[]_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = '$1'; then + LIB[]NAME[]_PREFIX="$basedir" + fi additional_includedir="$basedir/include" ;; esac @@ -397,9 +535,11 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], dnl 3. if it's already present in $LDFLAGS or the already dnl constructed $LIBNAME, dnl 4. if it doesn't exist as a directory. - if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then haveit= - if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; @@ -498,18 +638,18 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], done done if test "X$rpathdirs" != "X"; then - if test -n "$hardcode_libdir_separator"; then + if test -n "$acl_hardcode_libdir_separator"; then dnl Weird platform: only the last -rpath option counts, the user must dnl pass all path elements in one option. We can arrange that for a dnl single library, but not when more than one $LIBNAMEs are used. alldirs= for found_dir in $rpathdirs; do - alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" done - dnl Note: hardcode_libdir_flag_spec uses $libdir and $wl. + dnl Note: acl_hardcode_libdir_flag_spec uses $libdir and $wl. acl_save_libdir="$libdir" libdir="$alldirs" - eval flag=\"$hardcode_libdir_flag_spec\" + eval flag=\"$acl_hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" else @@ -517,7 +657,7 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" - eval flag=\"$hardcode_libdir_flag_spec\" + eval flag=\"$acl_hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" done @@ -530,6 +670,11 @@ AC_DEFUN([AC_LIB_LINKFLAGS_BODY], LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir" done fi + popdef([P_A_C_K]) + popdef([PACKLIBS]) + popdef([PACKUP]) + popdef([PACK]) + popdef([NAME]) ]) dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR, @@ -566,7 +711,7 @@ AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS], AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) $1= if test "$enable_rpath" != no; then - if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then dnl Use an explicit option to hardcode directories into the resulting dnl binary. rpathdirs= @@ -575,7 +720,8 @@ AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS], if test -n "$next"; then dir="$next" dnl No need to hardcode the standard /usr/lib. - if test "X$dir" != "X/usr/$acl_libdirstem"; then + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then rpathdirs="$rpathdirs $dir" fi next= @@ -584,7 +730,8 @@ AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS], -L) next=yes ;; -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'` dnl No need to hardcode the standard /usr/lib. - if test "X$dir" != "X/usr/$acl_libdirstem"; then + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then rpathdirs="$rpathdirs $dir" fi next= ;; @@ -600,16 +747,16 @@ AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS], done else dnl The linker is used for linking directly. - if test -n "$hardcode_libdir_separator"; then + if test -n "$acl_hardcode_libdir_separator"; then dnl Weird platform: only the last -rpath option counts, the user dnl must pass all path elements in one option. alldirs= for dir in $rpathdirs; do - alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$dir" + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir" done acl_save_libdir="$libdir" libdir="$alldirs" - eval flag=\"$hardcode_libdir_flag_spec\" + eval flag=\"$acl_hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" $1="$flag" else @@ -617,7 +764,7 @@ AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS], for dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$dir" - eval flag=\"$hardcode_libdir_flag_spec\" + eval flag=\"$acl_hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" $1="${$1}${$1:+ }$flag" done diff --git a/m4/lib-prefix.m4 b/m4/lib-prefix.m4 index a8684e1..60908e8 100644 --- a/m4/lib-prefix.m4 +++ b/m4/lib-prefix.m4 @@ -1,5 +1,5 @@ -# lib-prefix.m4 serial 5 (gettext-0.15) -dnl Copyright (C) 2001-2005 Free Software Foundation, Inc. +# lib-prefix.m4 serial 7 (gettext-0.18) +dnl Copyright (C) 2001-2005, 2008-2013 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -153,33 +153,72 @@ AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX], prefix="$acl_save_prefix" ]) -dnl AC_LIB_PREPARE_MULTILIB creates a variable acl_libdirstem, containing -dnl the basename of the libdir, either "lib" or "lib64". +dnl AC_LIB_PREPARE_MULTILIB creates +dnl - a variable acl_libdirstem, containing the basename of the libdir, either +dnl "lib" or "lib64" or "lib/64", +dnl - a variable acl_libdirstem2, as a secondary possible value for +dnl acl_libdirstem, either the same as acl_libdirstem or "lib/sparcv9" or +dnl "lib/amd64". AC_DEFUN([AC_LIB_PREPARE_MULTILIB], [ - dnl There is no formal standard regarding lib and lib64. The current - dnl practice is that on a system supporting 32-bit and 64-bit instruction - dnl sets or ABIs, 64-bit libraries go under $prefix/lib64 and 32-bit - dnl libraries go under $prefix/lib. We determine the compiler's default - dnl mode by looking at the compiler's library search path. If at least - dnl of its elements ends in /lib64 or points to a directory whose absolute - dnl pathname ends in /lib64, we assume a 64-bit ABI. Otherwise we use the - dnl default, namely "lib". + dnl There is no formal standard regarding lib and lib64. + dnl On glibc systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib64 and 32-bit libraries go under $prefix/lib. We determine + dnl the compiler's default mode by looking at the compiler's library search + dnl path. If at least one of its elements ends in /lib64 or points to a + dnl directory whose absolute pathname ends in /lib64, we assume a 64-bit ABI. + dnl Otherwise we use the default, namely "lib". + dnl On Solaris systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib/64 (which is a symlink to either $prefix/lib/sparcv9 or + dnl $prefix/lib/amd64) and 32-bit libraries go under $prefix/lib. + AC_REQUIRE([AC_CANONICAL_HOST]) acl_libdirstem=lib - searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` - if test -n "$searchpath"; then - acl_save_IFS="${IFS= }"; IFS=":" - for searchdir in $searchpath; do - if test -d "$searchdir"; then - case "$searchdir" in - */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; - *) searchdir=`cd "$searchdir" && pwd` - case "$searchdir" in - */lib64 ) acl_libdirstem=lib64 ;; - esac ;; + acl_libdirstem2= + case "$host_os" in + solaris*) + dnl See Solaris 10 Software Developer Collection > Solaris 64-bit Developer's Guide > The Development Environment + dnl . + dnl "Portable Makefiles should refer to any library directories using the 64 symbolic link." + dnl But we want to recognize the sparcv9 or amd64 subdirectory also if the + dnl symlink is missing, so we set acl_libdirstem2 too. + AC_CACHE_CHECK([for 64-bit host], [gl_cv_solaris_64bit], + [AC_EGREP_CPP([sixtyfour bits], [ +#ifdef _LP64 +sixtyfour bits +#endif + ], [gl_cv_solaris_64bit=yes], [gl_cv_solaris_64bit=no]) + ]) + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; esac fi - done - IFS="$acl_save_IFS" - fi + ;; + *) + searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" ]) diff --git a/m4/libtool.m4 b/m4/libtool.m4 index d7c043f..a6d21ae 100644 --- a/m4/libtool.m4 +++ b/m4/libtool.m4 @@ -1,8 +1,6 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -10,36 +8,30 @@ # modifications, as long as this notice is preserved. m4_define([_LT_COPYING], [dnl -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. -# Written by Gordon Matzigkeit, 1996 -# -# This file is part of GNU Libtool. -# -# GNU Libtool is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. # -# As a special exception to the GNU General Public License, -# if you distribute this file as part of a program or library that -# is built using GNU Libtool, you may include this file under the -# same distribution terms that you use for the rest of that program. +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. # -# GNU Libtool is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with GNU Libtool; see the file COPYING. If not, a copy -# can be downloaded from http://www.gnu.org/licenses/gpl.html, or -# obtained by writing to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . ]) -# serial 57 LT_INIT +# serial 58 LT_INIT # LT_PREREQ(VERSION) @@ -67,7 +59,7 @@ esac # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], -[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl @@ -91,7 +83,7 @@ dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) # This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ltmain" +LIBTOOL_DEPS=$ltmain # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' @@ -111,26 +103,43 @@ dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) +# _LT_PREPARE_CC_BASENAME +# ----------------------- +m4_defun([_LT_PREPARE_CC_BASENAME], [ +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in @S|@*""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} +])# _LT_PREPARE_CC_BASENAME + + # _LT_CC_BASENAME(CC) # ------------------- -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME, +# but that macro is also expanded into generated libtool script, which +# arranges for $SED and $ECHO to be set by different means. m4_defun([_LT_CC_BASENAME], -[for cc_temp in $1""; do - case $cc_temp in - compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; - distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +[m4_require([_LT_PREPARE_CC_BASENAME])dnl +AC_REQUIRE([_LT_DECL_SED])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +func_cc_basename $1 +cc_basename=$func_cc_basename_result ]) # _LT_FILEUTILS_DEFAULTS # ---------------------- # It is okay to use these file commands and assume they have been set -# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. +# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'. m4_defun([_LT_FILEUTILS_DEFAULTS], [: ${CP="cp -f"} : ${MV="mv -f"} @@ -177,15 +186,16 @@ m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_WITH_SYSROOT])dnl +m4_require([_LT_CMD_TRUNCATE])dnl _LT_CONFIG_LIBTOOL_INIT([ -# See if we are running on zsh, and set the options which allow our +# See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes INIT. -if test -n "\${ZSH_VERSION+set}" ; then +if test -n "\${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi ]) -if test -n "${ZSH_VERSION+set}" ; then +if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi @@ -198,7 +208,7 @@ aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. - if test "X${COLLECT_NAMES+set}" != Xset; then + if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -209,14 +219,14 @@ esac ofile=libtool can_build_shared=yes -# All known linkers require a `.a' archive for static linking (except MSVC, +# All known linkers require a '.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a -with_gnu_ld="$lt_cv_prog_gnu_ld" +with_gnu_ld=$lt_cv_prog_gnu_ld -old_CC="$CC" -old_CFLAGS="$CFLAGS" +old_CC=$CC +old_CFLAGS=$CFLAGS # Set sane defaults for various variables test -z "$CC" && CC=cc @@ -269,14 +279,14 @@ no_glob_subst='s/\*/\\\*/g' # _LT_PROG_LTMAIN # --------------- -# Note that this code is called both from `configure', and `config.status' +# Note that this code is called both from 'configure', and 'config.status' # now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, -# `config.status' has no value for ac_aux_dir unless we are using Automake, +# 'config.status' has no value for ac_aux_dir unless we are using Automake, # so we pass a copy along to make sure it has a sensible value anyway. m4_defun([_LT_PROG_LTMAIN], [m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl _LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) -ltmain="$ac_aux_dir/ltmain.sh" +ltmain=$ac_aux_dir/ltmain.sh ])# _LT_PROG_LTMAIN @@ -286,7 +296,7 @@ ltmain="$ac_aux_dir/ltmain.sh" # So that we can recreate a full libtool script including additional # tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS -# in macros and then make a single call at the end using the `libtool' +# in macros and then make a single call at the end using the 'libtool' # label. @@ -421,8 +431,8 @@ m4_define([_lt_decl_all_varnames], # _LT_CONFIG_STATUS_DECLARE([VARNAME]) # ------------------------------------ -# Quote a variable value, and forward it to `config.status' so that its -# declaration there will have the same value as in `configure'. VARNAME +# Quote a variable value, and forward it to 'config.status' so that its +# declaration there will have the same value as in 'configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], [$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) @@ -446,7 +456,7 @@ m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], # Output comment and list of tags supported by the script m4_defun([_LT_LIBTOOL_TAGS], [_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl -available_tags="_LT_TAGS"dnl +available_tags='_LT_TAGS'dnl ]) @@ -474,7 +484,7 @@ m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl # _LT_LIBTOOL_CONFIG_VARS # ----------------------- # Produce commented declarations of non-tagged libtool config variables -# suitable for insertion in the LIBTOOL CONFIG section of the `libtool' +# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool' # script. Tagged libtool config variables (even for the LIBTOOL CONFIG # section) are produced by _LT_LIBTOOL_TAG_VARS. m4_defun([_LT_LIBTOOL_CONFIG_VARS], @@ -500,8 +510,8 @@ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) # Send accumulated output to $CONFIG_STATUS. Thanks to the lists of # variables for single and double quote escaping we saved from calls # to _LT_DECL, we can put quote escaped variables declarations -# into `config.status', and then the shell code to quote escape them in -# for loops in `config.status'. Finally, any additional code accumulated +# into 'config.status', and then the shell code to quote escape them in +# for loops in 'config.status'. Finally, any additional code accumulated # from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. m4_defun([_LT_CONFIG_COMMANDS], [AC_PROVIDE_IFELSE([LT_OUTPUT], @@ -547,7 +557,7 @@ for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -560,7 +570,7 @@ for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" @@ -576,7 +586,7 @@ _LT_OUTPUT_LIBTOOL_INIT # Generate a child script FILE with all initialization necessary to # reuse the environment learned by the parent script, and make the # file executable. If COMMENT is supplied, it is inserted after the -# `#!' sequence but before initialization text begins. After this +# '#!' sequence but before initialization text begins. After this # macro, additional text can be appended to FILE to form the body of # the child script. The macro ends with non-zero status if the # file could not be fully written (such as if the disk is full). @@ -598,7 +608,7 @@ AS_SHELL_SANITIZE _AS_PREPARE exec AS_MESSAGE_FD>&1 _ASEOF -test $lt_write_fail = 0 && chmod +x $1[]dnl +test 0 = "$lt_write_fail" && chmod +x $1[]dnl m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT @@ -621,7 +631,7 @@ exec AS_MESSAGE_LOG_FD>>config.log } >&AS_MESSAGE_LOG_FD lt_cl_help="\ -\`$as_me' creates a local libtool stub from the current configuration, +'$as_me' creates a local libtool stub from the current configuration, for use in further configure time tests before the real libtool is generated. @@ -643,7 +653,7 @@ Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." -while test $[#] != 0 +while test 0 != $[#] do case $[1] in --version | --v* | -V ) @@ -656,10 +666,10 @@ do lt_cl_silent=: ;; -*) AC_MSG_ERROR([unrecognized option: $[1] -Try \`$[0] --help' for more information.]) ;; +Try '$[0] --help' for more information.]) ;; *) AC_MSG_ERROR([unrecognized argument: $[1] -Try \`$[0] --help' for more information.]) ;; +Try '$[0] --help' for more information.]) ;; esac shift done @@ -685,7 +695,7 @@ chmod +x "$CONFIG_LT" # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. lt_cl_success=: -test "$silent" = yes && +test yes = "$silent" && lt_config_lt_args="$lt_config_lt_args --quiet" exec AS_MESSAGE_LOG_FD>/dev/null $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false @@ -705,27 +715,30 @@ m4_defun([_LT_CONFIG], _LT_CONFIG_SAVE_COMMANDS([ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl m4_if(_LT_TAG, [C], [ - # See if we are running on zsh, and set the options which allow our + # See if we are running on zsh, and set the options that allow our # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then + if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi - cfgfile="${ofile}T" + cfgfile=${ofile}T trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL - -# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# Generated automatically by $as_me ($PACKAGE) $VERSION # NOTE: Changes made to this file will be lost: look at ltmain.sh. -# + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + _LT_COPYING _LT_LIBTOOL_TAGS +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS @@ -733,13 +746,24 @@ _LT_LIBTOOL_TAG_VARS _LT_EOF + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +_LT_PREPARE_MUNGE_PATH_LIST +_LT_PREPARE_CC_BASENAME + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then +if test set != "${COLLECT_NAMES+set}"; then COLLECT_NAMES= export COLLECT_NAMES fi @@ -756,8 +780,6 @@ _LT_EOF sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) - _LT_PROG_REPLACE_SHELLFNS - mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" @@ -775,7 +797,6 @@ _LT_EOF [m4_if([$1], [], [ PACKAGE='$PACKAGE' VERSION='$VERSION' - TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile'], []) ])dnl /_LT_CONFIG_SAVE_COMMANDS @@ -974,7 +995,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no - if test -z "${LT_MULTI_MODULE}"; then + if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the @@ -992,7 +1013,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ cat conftest.err >&AS_MESSAGE_LOG_FD # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. - elif test -f libconftest.dylib && test $_lt_result -eq 0; then + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1010,7 +1031,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS ]) AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], @@ -1020,8 +1041,8 @@ int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1032,7 +1053,7 @@ _LT_EOF _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD - elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1042,32 +1063,32 @@ _LT_EOF ]) case $host_os in rhapsody* | darwin1.[[012]]) - _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; darwin1.*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; - 10.[[012]]*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[[012]][[,.]]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; 10.*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; esac - if test "$lt_cv_apple_cc_single_mod" = "yes"; then + if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi - if test "$lt_cv_ld_exported_symbols_list" = "yes"; then - _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else - _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' fi - if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= @@ -1087,29 +1108,29 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - if test "$lt_cv_ld_force_load" = "yes"; then - _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + if test yes = "$lt_cv_ld_force_load"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" + _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined case $cc_basename in - ifort*) _lt_dar_can_shared=yes ;; + ifort*|nagfor*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac - if test "$_lt_dar_can_shared" = "yes"; then + if test yes = "$_lt_dar_can_shared"; then output_verbose_link_cmd=func_echo_all - _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" - _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" - _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" m4_if([$1], [CXX], -[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then - _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" +[ if test yes != "$lt_cv_apple_cc_single_mod"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" fi ],[]) else @@ -1129,7 +1150,7 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], # Allow to override them for all tags through lt_cv_aix_libpath. m4_defun([_LT_SYS_MODULE_PATH_AIX], [m4_require([_LT_DECL_SED])dnl -if test "${lt_cv_aix_libpath+set}" = set; then +if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], @@ -1147,7 +1168,7 @@ else _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then - _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib" + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib fi ]) aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) @@ -1167,8 +1188,8 @@ m4_define([_LT_SHELL_INIT], # ----------------------- # Find how we can fake an echo command that does not interpret backslash. # In particular, with Autoconf 2.60 or later we add some code to the start -# of the generated configure script which will find a shell with a builtin -# printf (which we can use as an echo command). +# of the generated configure script that will find a shell with a builtin +# printf (that we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], [ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO @@ -1196,10 +1217,10 @@ fi # Invoke $ECHO with all args, space-separated. func_echo_all () { - $ECHO "$*" + $ECHO "$*" } -case "$ECHO" in +case $ECHO in printf*) AC_MSG_RESULT([printf]) ;; print*) AC_MSG_RESULT([print -r]) ;; *) AC_MSG_RESULT([cat]) ;; @@ -1225,16 +1246,17 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot]) AC_ARG_WITH([sysroot], -[ --with-sysroot[=DIR] Search for dependent libraries within DIR - (or the compiler's sysroot if not specified).], +[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@], + [Search for dependent libraries within DIR (or the compiler's sysroot + if not specified).])], [], [with_sysroot=no]) dnl lt_sysroot will always be passed unquoted. We quote it here dnl in case the user passed a directory name. lt_sysroot= -case ${with_sysroot} in #( +case $with_sysroot in #( yes) - if test "$GCC" = yes; then + if test yes = "$GCC"; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( @@ -1244,14 +1266,14 @@ case ${with_sysroot} in #( no|'') ;; #( *) - AC_MSG_RESULT([${with_sysroot}]) + AC_MSG_RESULT([$with_sysroot]) AC_MSG_ERROR([The sysroot must be an absolute path.]) ;; esac AC_MSG_RESULT([${lt_sysroot:-no}]) _LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl -[dependent libraries, and in which our libraries should be installed.])]) +[dependent libraries, and where our libraries should be installed.])]) # _LT_ENABLE_LOCK # --------------- @@ -1259,31 +1281,33 @@ m4_defun([_LT_ENABLE_LOCK], [AC_ARG_ENABLE([libtool-lock], [AS_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes +test no = "$enable_libtool_lock" || enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) - HPUX_IA64_MODE="32" + HPUX_IA64_MODE=32 ;; *ELF-64*) - HPUX_IA64_MODE="64" + HPUX_IA64_MODE=64 ;; esac fi rm -rf conftest* ;; *-*-irix6*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" @@ -1312,9 +1336,46 @@ ia64-*-hpux*) rm -rf conftest* ;; +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in @@ -1333,10 +1394,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) ;; esac ;; - powerpc64le-*) + powerpc64le-*linux*) LD="${LD-ld} -m elf32lppclinux" ;; - powerpc64-*) + powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -1355,10 +1416,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - powerpcle-*) + powerpcle-*linux*) LD="${LD-ld} -m elf64lppc" ;; - powerpc-*) + powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -1376,19 +1437,20 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" + SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) - if test x"$lt_cv_cc_needs_belf" != x"yes"; then + if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" + CFLAGS=$SAVE_CFLAGS fi ;; *-*solaris*) - # Find out which ABI we are using. + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in @@ -1396,7 +1458,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) case $lt_cv_prog_gnu_ld in yes*) case $host in - i?86-*-solaris*) + i?86-*-solaris*|x86_64-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) @@ -1405,7 +1467,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then - LD="${LD-ld}_sol2" + LD=${LD-ld}_sol2 fi ;; *) @@ -1421,7 +1483,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) ;; esac -need_locks="$enable_libtool_lock" +need_locks=$enable_libtool_lock ])# _LT_ENABLE_LOCK @@ -1430,7 +1492,7 @@ need_locks="$enable_libtool_lock" m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) @@ -1440,11 +1502,11 @@ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], [echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([lt_ar_try]) - if test "$ac_status" -eq 0; then + if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a AC_TRY_EVAL([lt_ar_try]) - if test "$ac_status" -ne 0; then + if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ fi fi @@ -1452,7 +1514,7 @@ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], ]) ]) -if test "x$lt_cv_ar_at_file" = xno; then +if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file @@ -1483,7 +1545,7 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in - openbsd*) + bitrig* | openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) @@ -1519,7 +1581,7 @@ AC_CACHE_CHECK([$1], [$2], [$2=no m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$3" + lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins @@ -1546,7 +1608,7 @@ AC_CACHE_CHECK([$1], [$2], $RM conftest* ]) -if test x"[$]$2" = xyes; then +if test yes = "[$]$2"; then m4_if([$5], , :, [$5]) else m4_if([$6], , :, [$6]) @@ -1568,7 +1630,7 @@ AC_DEFUN([_LT_LINKER_OPTION], m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then @@ -1587,10 +1649,10 @@ AC_CACHE_CHECK([$1], [$2], fi fi $RM -r conftest* - LDFLAGS="$save_LDFLAGS" + LDFLAGS=$save_LDFLAGS ]) -if test x"[$]$2" = xyes; then +if test yes = "[$]$2"; then m4_if([$4], , :, [$4]) else m4_if([$5], , :, [$5]) @@ -1611,7 +1673,7 @@ AC_DEFUN([LT_CMD_MAX_LEN], AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 - teststring="ABCD" + teststring=ABCD case $build_os in msdosdjgpp*) @@ -1651,7 +1713,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl lt_cv_sys_max_cmd_len=8192; ;; - netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -1702,22 +1764,22 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len" && \ - test undefined != "$lt_cv_sys_max_cmd_len"; then + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. - for i in 1 2 3 4 5 6 7 8 ; do + for i in 1 2 3 4 5 6 7 8; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && - test $i != 17 # 1/2 MB should be enough + test 17 != "$i" # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring @@ -1733,7 +1795,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl ;; esac ]) -if test -n $lt_cv_sys_max_cmd_len ; then +if test -n "$lt_cv_sys_max_cmd_len"; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) @@ -1761,7 +1823,7 @@ m4_defun([_LT_HEADER_DLFCN], # ---------------------------------------------------------------- m4_defun([_LT_TRY_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl -if test "$cross_compiling" = yes; then : +if test yes = "$cross_compiling"; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -1808,9 +1870,9 @@ else # endif #endif -/* When -fvisbility=hidden is used, assume the code has been annotated +/* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ -#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif @@ -1836,7 +1898,7 @@ int main () return status; }] _LT_EOF - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then + if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in @@ -1857,7 +1919,7 @@ rm -fr conftest* # ------------------ AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl -if test "x$enable_dlopen" != xyes; then +if test yes != "$enable_dlopen"; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown @@ -1867,44 +1929,52 @@ else case $host_os in beos*) - lt_cv_dlopen="load_add_on" + lt_cv_dlopen=load_add_on lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) - lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; cygwin*) - lt_cv_dlopen="dlopen" + lt_cv_dlopen=dlopen lt_cv_dlopen_libs= ;; darwin*) - # if libdl is installed we need to link against it + # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ - lt_cv_dlopen="dyld" + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[ + lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + *) AC_CHECK_FUNC([shl_load], - [lt_cv_dlopen="shl_load"], + [lt_cv_dlopen=shl_load], [AC_CHECK_LIB([dld], [shl_load], - [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], + [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld], [AC_CHECK_FUNC([dlopen], - [lt_cv_dlopen="dlopen"], + [lt_cv_dlopen=dlopen], [AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl], [AC_CHECK_LIB([svld], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld], [AC_CHECK_LIB([dld], [dld_link], - [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) + [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld]) ]) ]) ]) @@ -1913,21 +1983,21 @@ else ;; esac - if test "x$lt_cv_dlopen" != xno; then - enable_dlopen=yes - else + if test no = "$lt_cv_dlopen"; then enable_dlopen=no + else + enable_dlopen=yes fi case $lt_cv_dlopen in dlopen) - save_CPPFLAGS="$CPPFLAGS" - test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - save_LDFLAGS="$LDFLAGS" + save_LDFLAGS=$LDFLAGS wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - save_LIBS="$LIBS" + save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], @@ -1937,7 +2007,7 @@ else lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) - if test "x$lt_cv_dlopen_self" = xyes; then + if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl @@ -1947,9 +2017,9 @@ else ]) fi - CPPFLAGS="$save_CPPFLAGS" - LDFLAGS="$save_LDFLAGS" - LIBS="$save_LIBS" + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS ;; esac @@ -2041,8 +2111,8 @@ m4_defun([_LT_COMPILER_FILE_LOCKS], m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_COMPILER_C_O([$1]) -hard_links="nottested" -if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then +hard_links=nottested +if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes @@ -2052,8 +2122,8 @@ if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) - if test "$hard_links" = no; then - AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) + if test no = "$hard_links"; then + AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe]) need_locks=warn fi else @@ -2080,8 +2150,8 @@ objdir=$lt_cv_objdir _LT_DECL([], [objdir], [0], [The name of the directory that contains temporary libtool files])dnl m4_pattern_allow([LT_OBJDIR])dnl -AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", - [Define to the sub-directory in which libtool stores uninstalled libraries.]) +AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/", + [Define to the sub-directory where libtool stores uninstalled libraries.]) ])# _LT_CHECK_OBJDIR @@ -2093,15 +2163,15 @@ m4_defun([_LT_LINKER_HARDCODE_LIBPATH], _LT_TAGVAR(hardcode_action, $1)= if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || test -n "$_LT_TAGVAR(runpath_var, $1)" || - test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then + test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then # We can hardcode non-existent directories. - if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && + if test no != "$_LT_TAGVAR(hardcode_direct, $1)" && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one - ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && - test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" && + test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then # Linking always hardcodes the temporary library directory. _LT_TAGVAR(hardcode_action, $1)=relink else @@ -2115,12 +2185,12 @@ else fi AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) -if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || - test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then +if test relink = "$_LT_TAGVAR(hardcode_action, $1)" || + test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then # Fast installation is not supported enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then # Fast installation is not necessary enable_fast_install=needless fi @@ -2144,7 +2214,7 @@ else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) - if test -n "$STRIP" ; then + if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) @@ -2162,6 +2232,47 @@ _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB +# _LT_PREPARE_MUNGE_PATH_LIST +# --------------------------- +# Make sure func_munge_path_list() is defined correctly. +m4_defun([_LT_PREPARE_MUNGE_PATH_LIST], +[[# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x@S|@2 in + x) + ;; + *:) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\" + ;; + x:*) + eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\" + ;; + *) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + esac +} +]])# _LT_PREPARE_PATH_LIST + + # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics @@ -2172,17 +2283,18 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $host_os in - darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; - *) lt_awk_arg="/^libraries:/" ;; + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in - mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; - *) lt_sed_strip_eq="s,=/,/,g" ;; + mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in @@ -2198,28 +2310,35 @@ if test "$GCC" = yes; then ;; esac # Ok, now we have the path, separated by spaces, we can step through it - # and add multilib dir if necessary. + # and add multilib dir if necessary... lt_tmp_lt_search_path_spec= - lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac for lt_sys_path in $lt_search_path_spec; do - if test -d "$lt_sys_path/$lt_multi_os_dir"; then - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" - else + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' -BEGIN {RS=" "; FS="/|\n";} { - lt_foo=""; - lt_count=0; +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { - lt_foo="/" $lt_i lt_foo; + lt_foo = "/" $lt_i lt_foo; } else { lt_count--; } @@ -2233,7 +2352,7 @@ BEGIN {RS=" "; FS="/|\n";} { # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ - $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; + $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else @@ -2242,7 +2361,7 @@ fi]) library_names_spec= libname_spec='lib$name' soname_spec= -shrext_cmds=".so" +shrext_cmds=.so postinstall_cmds= postuninstall_cmds= finish_cmds= @@ -2259,14 +2378,17 @@ hardcode_into_libs=no # flags to be left without arguments need_version=unknown +AC_ARG_VAR([LT_SYS_LIBRARY_PATH], +[User-defined run-time library search path.]) + case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' + soname_spec='$libname$release$shared_ext$major' ;; aix[[4-9]]*) @@ -2274,41 +2396,91 @@ aix[[4-9]]*) need_lib_prefix=no need_version=no hardcode_into_libs=yes - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' - echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a[(]lib.so.V[)]' # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac shlibpath_var=LIBPATH fi ;; @@ -2318,18 +2490,18 @@ amigaos*) powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) - library_names_spec='${libname}${shared_ext}' + library_names_spec='$libname$shared_ext' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; @@ -2337,8 +2509,8 @@ beos*) bsdi[[45]]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" @@ -2350,7 +2522,7 @@ bsdi[[45]]*) cygwin* | mingw* | pw32* | cegcc*) version_type=windows - shrext_cmds=".dll" + shrext_cmds=.dll need_version=no need_lib_prefix=no @@ -2359,8 +2531,8 @@ cygwin* | mingw* | pw32* | cegcc*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ @@ -2376,17 +2548,17 @@ cygwin* | mingw* | pw32* | cegcc*) case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' ;; esac dynamic_linker='Win32 ld.exe' @@ -2395,8 +2567,8 @@ m4_if([$1], [],[ *,cl*) # Native MSVC libname_spec='$name' - soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - library_names_spec='${libname}.dll.lib' + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' case $build_os in mingw*) @@ -2423,7 +2595,7 @@ m4_if([$1], [],[ sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) - sys_lib_search_path_spec="$LIB" + sys_lib_search_path_spec=$LIB if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` @@ -2436,8 +2608,8 @@ m4_if([$1], [],[ esac # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' @@ -2450,7 +2622,7 @@ m4_if([$1], [],[ *) # Assume MSVC wrapper - library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' + library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac @@ -2463,8 +2635,8 @@ darwin* | rhapsody*) version_type=darwin need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' @@ -2477,8 +2649,8 @@ dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -2496,12 +2668,13 @@ freebsd* | dragonfly*) version_type=freebsd-$objformat case $version_type in freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' need_version=no need_lib_prefix=no ;; freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' need_version=yes ;; esac @@ -2531,10 +2704,10 @@ haiku*) need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH - shlibpath_overrides_runpath=yes + shlibpath_overrides_runpath=no sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; @@ -2552,14 +2725,15 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' @@ -2567,8 +2741,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; @@ -2577,8 +2751,8 @@ hpux9* | hpux10* | hpux11*) dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... @@ -2591,8 +2765,8 @@ interix[[3-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -2603,7 +2777,7 @@ irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) - if test "$lt_cv_prog_gnu_ld" = yes; then + if test yes = "$lt_cv_prog_gnu_ld"; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix @@ -2611,8 +2785,8 @@ irix5* | irix6* | nonstopux*) esac need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= @@ -2631,8 +2805,8 @@ irix5* | irix6* | nonstopux*) esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" hardcode_into_libs=yes ;; @@ -2641,13 +2815,33 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + ;; + # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -2672,7 +2866,12 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # before this can be enabled. hardcode_into_libs=yes - # Append ld.so.conf contents to the search path + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" @@ -2704,12 +2903,12 @@ netbsd*) need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH @@ -2719,7 +2918,7 @@ netbsd*) newsos6) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; @@ -2728,58 +2927,68 @@ newsos6) version_type=qnx need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; -openbsd*) +openbsd* | bitrig*) version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" + sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[[89]] | openbsd2.[[89]].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no else - shlibpath_overrides_runpath=yes + need_version=yes fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes ;; os2*) libname_spec='$name' - shrext_cmds=".dll" + version_type=windows + shrext_cmds=.dll + need_version=no need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; rdos*) @@ -2790,8 +2999,8 @@ solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes @@ -2801,11 +3010,11 @@ solaris*) sunos4*) version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then need_lib_prefix=no fi need_version=yes @@ -2813,8 +3022,8 @@ sunos4*) sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) @@ -2835,24 +3044,24 @@ sysv4 | sysv4.3*) ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf + version_type=sco need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' @@ -2870,7 +3079,7 @@ tpf*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes @@ -2878,8 +3087,8 @@ tpf*) uts4*) version_type=linux # correct to gnu/linux during the next big refactor - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH ;; @@ -2888,20 +3097,30 @@ uts4*) ;; esac AC_MSG_RESULT([$dynamic_linker]) -test "$dynamic_linker" = no && can_build_shared=no +test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then +if test yes = "$GCC"; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi -if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then - sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec fi -if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then - sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec fi +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) @@ -2934,39 +3153,41 @@ _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) -_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], - [Run-time system search path for libraries]) +_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2], + [Detected run-time system search path for libraries]) +_LT_DECL([], [configure_time_lt_sys_library_path], [2], + [Explicit LT_SYS_LIBRARY_PATH set during ./configure time]) ])# _LT_SYS_DYNAMIC_LINKER # _LT_PATH_TOOL_PREFIX(TOOL) # -------------------------- -# find a file program which can recognize shared library +# find a file program that can recognize shared library AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; *) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="m4_if([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$1; then - lt_cv_path_MAGIC_CMD="$ac_dir/$1" + if test -f "$ac_dir/$1"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + MAGIC_CMD=$lt_cv_path_MAGIC_CMD if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : @@ -2989,11 +3210,11 @@ _LT_EOF break fi done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD ;; esac]) -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else @@ -3011,7 +3232,7 @@ dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) # _LT_PATH_MAGIC # -------------- -# find a file program which can recognize a shared library +# find a file program that can recognize a shared library m4_defun([_LT_PATH_MAGIC], [_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then @@ -3038,16 +3259,16 @@ m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], - [test "$withval" = no || with_gnu_ld=yes], + [test no = "$withval" || with_gnu_ld=yes], [with_gnu_ld=no])dnl ac_prog=ld -if test "$GCC" = yes; then +if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw + # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; @@ -3061,7 +3282,7 @@ if test "$GCC" = yes; then while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done - test -z "$LD" && LD="$ac_prog" + test -z "$LD" && LD=$ac_prog ;; "") # If it fails, then pretend we aren't using GCC. @@ -3072,37 +3293,37 @@ if test "$GCC" = yes; then with_gnu_ld=unknown ;; esac -elif test "$with_gnu_ld" = yes; then +elif test yes = "$with_gnu_ld"; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD="$ac_dir/$ac_prog" + lt_cv_path_LD=$ac_dir/$ac_prog # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd], +[if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi]) +rm -f conftest.i conftest2.i conftest.out]) +])# _LT_PATH_DD + + +# _LT_CMD_TRUNCATE +# ---------------- +# find command to truncate a binary pipe +m4_defun([_LT_CMD_TRUNCATE], +[m4_require([_LT_PATH_DD]) +AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin], +[printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"]) +_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1], + [Command to truncate a binary pipe]) +])# _LT_CMD_TRUNCATE + + # _LT_CHECK_MAGIC_METHOD # ---------------------- # how to check for library dependencies @@ -3188,13 +3446,13 @@ lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. -# `unknown' -- same as none, but documents that we really don't know. +# 'unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path -# which responds to the $file_magic_cmd with a given extended regex. -# If you have `file' or equivalent on your system and you're not sure -# whether `pass_all' will *always* work, you probably want this one. +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. case $host_os in aix[[4-9]]*) @@ -3221,8 +3479,7 @@ mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. - # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. - if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then + if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else @@ -3318,8 +3575,8 @@ newos6*) lt_cv_deplibs_check_method=pass_all ;; -openbsd*) - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' @@ -3372,6 +3629,9 @@ sysv4 | sysv4.3*) tpf*) lt_cv_deplibs_check_method=pass_all ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; esac ]) @@ -3412,33 +3672,38 @@ AC_DEFUN([LT_PATH_NM], AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. - lt_cv_path_NM="$NM" + lt_cv_path_NM=$NM else - lt_nm_to_check="${ac_tool_prefix}nm" + lt_nm_to_check=${ac_tool_prefix}nm if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs test -z "$ac_dir" && ac_dir=. - tmp_nm="$ac_dir/$lt_tmp_nm" - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" - break + break 2 ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" - break + break 2 ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but @@ -3449,21 +3714,21 @@ else esac fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} fi]) -if test "$lt_cv_path_NM" != "no"; then - NM="$lt_cv_path_NM" +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) - case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in *COFF*) - DUMPBIN="$DUMPBIN -symbols" + DUMPBIN="$DUMPBIN -symbols -headers" ;; *) DUMPBIN=: @@ -3471,8 +3736,8 @@ else esac fi AC_SUBST([DUMPBIN]) - if test "$DUMPBIN" != ":"; then - NM="$DUMPBIN" + if test : != "$DUMPBIN"; then + NM=$DUMPBIN fi fi test -z "$NM" && NM=nm @@ -3518,8 +3783,8 @@ lt_cv_sharedlib_from_linklib_cmd, case $host_os in cygwin* | mingw* | pw32* | cegcc*) - # two different shell functions defined in ltmain.sh - # decide which to use based on capabilities of $DLLTOOL + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib @@ -3531,7 +3796,7 @@ cygwin* | mingw* | pw32* | cegcc*) ;; *) # fallback: assume linklib IS sharedlib - lt_cv_sharedlib_from_linklib_cmd="$ECHO" + lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac ]) @@ -3558,13 +3823,28 @@ AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool lt_cv_path_mainfest_tool=yes fi rm -f conftest*]) -if test "x$lt_cv_path_mainfest_tool" != xyes; then +if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi _LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl ])# _LT_PATH_MANIFEST_TOOL +# _LT_DLL_DEF_P([FILE]) +# --------------------- +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with func_dll_def_p in the libtool script +AC_DEFUN([_LT_DLL_DEF_P], +[dnl + test DEF = "`$SED -n dnl + -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace + -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments + -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl + -e q dnl Only consider the first "real" line + $1`" dnl +])# _LT_DLL_DEF_P + + # LT_LIB_M # -------- # check for math library @@ -3576,11 +3856,11 @@ case $host in # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) - AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw) AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) - AC_CHECK_LIB(m, cos, LIBM="-lm") + AC_CHECK_LIB(m, cos, LIBM=-lm) ;; esac AC_SUBST([LIBM]) @@ -3599,7 +3879,7 @@ m4_defun([_LT_COMPILER_NO_RTTI], _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= -if test "$GCC" = yes; then +if test yes = "$GCC"; then case $cc_basename in nvcc*) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; @@ -3651,7 +3931,7 @@ cygwin* | mingw* | pw32* | cegcc*) symcode='[[ABCDGISTW]]' ;; hpux*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then symcode='[[ABCDEGRST]]' fi ;; @@ -3684,14 +3964,44 @@ case `$NM -V 2>&1` in symcode='[[ABCDGIRSTW]]' ;; esac +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" # Handle CRLF in mingw tool chain opt_cr= @@ -3709,21 +4019,24 @@ for ac_symprfx in "" "_"; do # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Fake it for dumpbin and say T for any non-static function - # and D for any global variable. + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ -" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ -" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ -" s[1]~/^[@?]/{print s[1], s[1]; next};"\ -" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx]" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" @@ -3750,7 +4063,8 @@ _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -3763,11 +4077,11 @@ _LT_EOF if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ -#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) -/* DATA imports from DLLs on WIN32 con't be const, because runtime +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT@&t@_DLSYM_CONST -#elif defined(__osf__) +#elif defined __osf__ /* This system does not cope well with relocations in const data. */ # define LT@&t@_DLSYM_CONST #else @@ -3793,7 +4107,7 @@ lt__PROGRAM__LTX_preloaded_symbols[[]] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF - $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; @@ -3813,9 +4127,9 @@ _LT_EOF mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS - LIBS="conftstm.$ac_objext" + LIBS=conftstm.$ac_objext CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then + if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS @@ -3836,7 +4150,7 @@ _LT_EOF rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. - if test "$pipe_works" = yes; then + if test yes = "$pipe_works"; then break else lt_cv_sys_global_symbol_pipe= @@ -3863,12 +4177,16 @@ _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], [Take the output of nm and produce a listing of raw symbols and C names]) _LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1], + [Transform the output of nm into a list of symbols to manually relocate]) _LT_DECL([global_symbol_to_c_name_address], [lt_cv_sys_global_symbol_to_c_name_address], [1], [Transform the output of nm in a C name address pair]) _LT_DECL([global_symbol_to_c_name_address_lib_prefix], [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], [Transform the output of nm in a C name address pair when lib prefix is needed]) +_LT_DECL([nm_interface], [lt_cv_nm_interface], [1], + [The name lister interface]) _LT_DECL([], [nm_file_list_spec], [1], [Specify filename containing input files for $NM]) ]) # _LT_CMD_GLOBAL_SYMBOLS @@ -3884,17 +4202,18 @@ _LT_TAGVAR(lt_prog_compiler_static, $1)= m4_if([$1], [CXX], [ # C++ specific cases for pic, static, wl, etc. - if test "$GXX" = yes; then + if test yes = "$GXX"; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; amigaos*) @@ -3905,8 +4224,8 @@ m4_if([$1], [CXX], [ ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac @@ -3922,6 +4241,11 @@ m4_if([$1], [CXX], [ # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; darwin* | rhapsody*) # PIC is the default on this platform @@ -3971,7 +4295,7 @@ m4_if([$1], [CXX], [ case $host_os in aix[[4-9]]*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else @@ -4012,14 +4336,14 @@ m4_if([$1], [CXX], [ case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - if test "$host_cpu" != ia64; then + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + if test ia64 != "$host_cpu"; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default @@ -4056,7 +4380,7 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; ecpc* ) - # old Intel C++ for x86_64 which still supported -KPIC. + # old Intel C++ for x86_64, which still supported -KPIC. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' @@ -4201,17 +4525,18 @@ m4_if([$1], [CXX], [ fi ], [ - if test "$GCC" = yes; then + if test yes = "$GCC"; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; amigaos*) @@ -4222,8 +4547,8 @@ m4_if([$1], [CXX], [ ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac @@ -4240,6 +4565,11 @@ m4_if([$1], [CXX], [ # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; darwin* | rhapsody*) @@ -4310,7 +4640,7 @@ m4_if([$1], [CXX], [ case $host_os in aix*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else @@ -4318,11 +4648,30 @@ m4_if([$1], [CXX], [ fi ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac ;; hpux9* | hpux10* | hpux11*) @@ -4338,7 +4687,7 @@ m4_if([$1], [CXX], [ ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) @@ -4349,12 +4698,18 @@ m4_if([$1], [CXX], [ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) case $cc_basename in - # old Intel for x86_64 which still supported -KPIC. + # old Intel for x86_64, which still supported -KPIC. ecc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) @@ -4374,6 +4729,12 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) @@ -4471,7 +4832,7 @@ m4_if([$1], [CXX], [ ;; sysv4*MP*) - if test -d /usr/nec ;then + if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi @@ -4500,7 +4861,7 @@ m4_if([$1], [CXX], [ fi ]) case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: + # For platforms that do not support PIC, -DPIC is meaningless: *djgpp*) _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; @@ -4566,17 +4927,21 @@ m4_if([$1], [CXX], [ case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global defined - # symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi ;; pw32*) - _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds ;; cygwin* | mingw* | cegcc*) case $cc_basename in @@ -4625,9 +4990,9 @@ m4_if([$1], [CXX], [ # included in the symbol list _LT_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if @@ -4643,7 +5008,7 @@ dnl Note also adjust exclude_expsyms for C++ above. # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. - if test "$GCC" != yes; then + if test yes != "$GCC"; then with_gnu_ld=no fi ;; @@ -4651,7 +5016,7 @@ dnl Note also adjust exclude_expsyms for C++ above. # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; - openbsd*) + openbsd* | bitrig*) with_gnu_ld=no ;; linux* | k*bsd*-gnu | gnu*) @@ -4664,7 +5029,7 @@ dnl Note also adjust exclude_expsyms for C++ above. # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no - if test "$with_gnu_ld" = yes; then + if test yes = "$with_gnu_ld"; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility @@ -4686,24 +5051,24 @@ dnl Note also adjust exclude_expsyms for C++ above. esac fi - if test "$lt_use_gnu_ld_interface" = yes; then + if test yes = "$lt_use_gnu_ld_interface"; then # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' + wlarc='$wl' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no - case `$LD -v 2>&1` in + case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... @@ -4716,7 +5081,7 @@ dnl Note also adjust exclude_expsyms for C++ above. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then + if test ia64 != "$host_cpu"; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 @@ -4735,7 +5100,7 @@ _LT_EOF case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) @@ -4751,7 +5116,7 @@ _LT_EOF _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -4761,7 +5126,7 @@ _LT_EOF # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -4769,61 +5134,89 @@ _LT_EOF _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; haiku*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no - if test "$host_os" = linux-dietlibc; then + if test linux-dietlibc = "$host_os"; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ - && test "$tmp_diet" = no + && test no = "$tmp_diet" then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; @@ -4834,42 +5227,47 @@ _LT_EOF lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac - _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi case $cc_basename in + tcc*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic' + ;; xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac @@ -4883,8 +5281,8 @@ _LT_EOF _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' fi ;; @@ -4902,8 +5300,8 @@ _LT_EOF _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -4915,7 +5313,7 @@ _LT_EOF _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify @@ -4930,9 +5328,9 @@ _LT_EOF # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -4949,15 +5347,15 @@ _LT_EOF *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac - if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then + if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then runpath_var= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= @@ -4973,7 +5371,7 @@ _LT_EOF # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_TAGVAR(hardcode_minus_L, $1)=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_TAGVAR(hardcode_direct, $1)=unsupported @@ -4981,34 +5379,57 @@ _LT_EOF ;; aix[[4-9]]*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' - no_entry_flag="" + no_entry_flag= else # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - # Also, AIX nm treats weak defined symbols like other global - # defined symbols, whereas GNU nm marks them as "W". + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then aix_use_runtimelinking=yes break fi done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -5027,13 +5448,21 @@ _LT_EOF _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac - if test "$GCC" = yes; then + if test yes = "$GCC"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` + collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then @@ -5052,62 +5481,80 @@ _LT_EOF ;; esac shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' fi - _LT_TAGVAR(link_all_deplibs, $1)=no + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' else - shared_flag='${wl}-bM:SRE' + shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else - if test "$host_cpu" = ia64; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -5116,7 +5563,7 @@ _LT_EOF case $host_cpu in powerpc) # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) @@ -5146,16 +5593,17 @@ _LT_EOF # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; - else - sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes @@ -5164,18 +5612,18 @@ _LT_EOF # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile="$lt_outputfile.exe" - lt_tool_outputfile="$lt_tool_outputfile.exe" - ;; - esac~ - if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' ;; *) # Assume MSVC wrapper @@ -5184,7 +5632,7 @@ _LT_EOF # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. @@ -5234,33 +5682,33 @@ _LT_EOF ;; hpux9*) - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' ;; hpux10*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + if test yes,no = "$GCC,$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes @@ -5268,25 +5716,25 @@ _LT_EOF ;; hpux11*) - if test "$GCC" = yes && test "$with_gnu_ld" = no; then + if test yes,no = "$GCC,$with_gnu_ld"; then case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) m4_if($1, [], [ @@ -5294,14 +5742,14 @@ _LT_EOF # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) _LT_LINKER_OPTION([if $CC understands -b], _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], - [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], - [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in @@ -5312,7 +5760,7 @@ _LT_EOF *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. @@ -5323,16 +5771,16 @@ _LT_EOF ;; irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], [lt_cv_irix_exported_symbol], - [save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + [save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" AC_LINK_IFELSE( [AC_LANG_SOURCE( [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], @@ -5345,21 +5793,32 @@ _LT_EOF end]])])], [lt_cv_irix_exported_symbol=yes], [lt_cv_irix_exported_symbol=no]) - LDFLAGS="$save_LDFLAGS"]) - if test "$lt_cv_irix_exported_symbol" = yes; then - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + LDFLAGS=$save_LDFLAGS]) + if test yes = "$lt_cv_irix_exported_symbol"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + _LT_TAGVAR(link_all_deplibs, $1)=no else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes _LT_TAGVAR(link_all_deplibs, $1)=yes ;; + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(ld_shlibs, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -5374,7 +5833,7 @@ _LT_EOF newsos6) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; @@ -5382,27 +5841,19 @@ _LT_EOF *nto* | *qnx*) ;; - openbsd*) + openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' else - case $host_os in - openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - ;; - esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' fi else _LT_TAGVAR(ld_shlibs, $1)=no @@ -5413,33 +5864,53 @@ _LT_EOF _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; osf3*) - if test "$GCC" = yes; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' @@ -5450,24 +5921,24 @@ _LT_EOF solaris*) _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' - if test "$GCC" = yes; then - wlarc='${wl}' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' - _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) - wlarc='${wl}' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi @@ -5477,11 +5948,11 @@ _LT_EOF solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. GCC discards it without `$wl', + # but understands '-z linker_flag'. GCC discards it without '$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) - if test "$GCC" = yes; then - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + if test yes = "$GCC"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' else _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi @@ -5491,10 +5962,10 @@ _LT_EOF ;; sunos4*) - if test "x$host_vendor" = xsequent; then + if test sequent = "$host_vendor"; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi @@ -5543,43 +6014,43 @@ _LT_EOF ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not + # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' runpath_var='LD_RUN_PATH' - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; @@ -5594,17 +6065,17 @@ _LT_EOF ;; esac - if test x$host_vendor = xsni; then + if test sni = "$host_vendor"; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym' ;; esac fi fi ]) AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) -test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no +test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no _LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld @@ -5621,7 +6092,7 @@ x|xyes) # Assume -lc should be added _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - if test "$enable_shared" = yes && test "$GCC" = yes; then + if test yes,yes = "$GCC,$enable_shared"; then case $_LT_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. @@ -5701,12 +6172,12 @@ _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], - [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_direct_absolute], [0], - [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes DIR into the resulting binary and the resulting library dependency is - "absolute", i.e impossible to change by setting ${shlibpath_var} if the + "absolute", i.e impossible to change by setting $shlibpath_var if the library is relocated]) _LT_TAGDECL([], [hardcode_minus_L], [0], [Set to "yes" if using the -LDIR flag during linking hardcodes DIR @@ -5747,10 +6218,10 @@ dnl [Compiler flag to generate thread safe objects]) # ------------------------ # Ensure that the configuration variables for a C compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to `libtool'. +# the compiler configuration to 'libtool'. m4_defun([_LT_LANG_C_CONFIG], [m4_require([_LT_DECL_EGREP])dnl -lt_save_CC="$CC" +lt_save_CC=$CC AC_LANG_PUSH(C) # Source file extension for C test sources. @@ -5790,18 +6261,18 @@ if test -n "$compiler"; then LT_SYS_DLOPEN_SELF _LT_CMD_STRIPLIB - # Report which library types will actually be built + # Report what library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' @@ -5809,8 +6280,12 @@ if test -n "$compiler"; then ;; aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -5818,13 +6293,13 @@ if test -n "$compiler"; then AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_CONFIG($1) fi AC_LANG_POP -CC="$lt_save_CC" +CC=$lt_save_CC ])# _LT_LANG_C_CONFIG @@ -5832,14 +6307,14 @@ CC="$lt_save_CC" # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to `libtool'. +# the compiler configuration to 'libtool'. m4_defun([_LT_LANG_CXX_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl -if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then +if test -n "$CXX" && ( test no != "$CXX" && + ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || + (test g++ != "$CXX"))); then AC_PROG_CXXCPP else _lt_caught_CXX_error=yes @@ -5881,7 +6356,7 @@ _LT_TAGVAR(objext, $1)=$objext # the CXX compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_caught_CXX_error" != yes; then +if test yes != "$_lt_caught_CXX_error"; then # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" @@ -5923,35 +6398,35 @@ if test "$_lt_caught_CXX_error" != yes; then if test -n "$compiler"; then # We don't want -fno-exception when compiling C++ code, so set the # no_builtin_flag separately - if test "$GXX" = yes; then + if test yes = "$GXX"; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi - if test "$GXX" = yes; then + if test yes = "$GXX"; then # Set up default GNU C++ configuration LT_PATH_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. - if test "$with_gnu_ld" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + if test yes = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) - wlarc='${wl}' + wlarc='$wl' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi @@ -5970,7 +6445,7 @@ if test "$_lt_caught_CXX_error" != yes; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else GXX=no @@ -5987,18 +6462,30 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' - no_entry_flag="" + no_entry_flag= else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in @@ -6008,6 +6495,13 @@ if test "$_lt_caught_CXX_error" != yes; then ;; esac done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi ;; esac @@ -6026,13 +6520,21 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac - if test "$GXX" = yes; then + if test yes = "$GXX"; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` + collect2name=`$CC -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then @@ -6050,64 +6552,84 @@ if test "$_lt_caught_CXX_error" != yes; then fi esac shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag=$shared_flag' $wl-G' fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' else # not using gcc - if test "$host_cpu" = ia64; then + if test ia64 = "$host_cpu"; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' else - shared_flag='${wl}-bM:SRE' + shared_flag='$wl-bM:SRE' fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' fi fi - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # The "-G" linker flag allows undefined symbols. + _LT_TAGVAR(no_undefined_flag, $1)='-bernotok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag else - if test "$host_cpu" = ia64; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then # We only use this code for GNU lds that support --whole-archive. - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared - # libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared + # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' fi fi ;; @@ -6117,7 +6639,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -6145,57 +6667,58 @@ if test "$_lt_caught_CXX_error" != yes; then # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" + shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; - else - $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; - fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ - linknames=' + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ - lt_tool_outputfile="@TOOL_OUTPUT@"~ - case $lt_outputfile in - *.exe|*.EXE) ;; - *) - lt_outputfile="$lt_outputfile.exe" - lt_tool_outputfile="$lt_tool_outputfile.exe" - ;; - esac~ - func_to_tool_file "$lt_outputfile"~ - if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then - $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; - $RM "$lt_outputfile.manifest"; - fi' + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' ;; *) # g++ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi @@ -6206,6 +6729,34 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_DARWIN_LINKER_FEATURES($1) ;; + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + dgux*) case $cc_basename in ec++*) @@ -6241,14 +6792,14 @@ if test "$_lt_caught_CXX_error" != yes; then ;; haiku*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; hpux9*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default @@ -6260,7 +6811,7 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. @@ -6269,11 +6820,11 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) - if test "$GXX" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + if test yes = "$GXX"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no @@ -6283,15 +6834,15 @@ if test "$_lt_caught_CXX_error" != yes; then ;; hpux10*|hpux11*) - if test $with_gnu_ld = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' ;; esac fi @@ -6317,13 +6868,13 @@ if test "$_lt_caught_CXX_error" != yes; then aCC*) case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists @@ -6334,20 +6885,20 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) - if test "$GXX" = yes; then - if test $with_gnu_ld = no; then + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then case $host_cpu in hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi @@ -6362,22 +6913,22 @@ if test "$_lt_caught_CXX_error" != yes; then interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is @@ -6386,17 +6937,17 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) - if test "$GXX" = yes; then - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes ;; esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes ;; @@ -6409,8 +6960,8 @@ if test "$_lt_caught_CXX_error" != yes; then # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. @@ -6419,10 +6970,10 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. @@ -6436,59 +6987,59 @@ if test "$_lt_caught_CXX_error" != yes; then # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac - _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ - compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ - $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ - $RANLIB $oldlib' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 6 and above use weak symbols - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' ;; esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' ;; cxx*) # Compaq C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' @@ -6502,18 +7053,18 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + if test yes = "$supports_anon_versioning"; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' fi ;; *) @@ -6521,10 +7072,10 @@ if test "$_lt_caught_CXX_error" != yes; then *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on @@ -6582,22 +7133,17 @@ if test "$_lt_caught_CXX_error" != yes; then _LT_TAGVAR(ld_shlibs, $1)=yes ;; - openbsd2*) - # C++ shared libraries are fairly broken - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - openbsd*) + openbsd* | bitrig*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' fi output_verbose_link_cmd=func_echo_all else @@ -6613,9 +7159,9 @@ if test "$_lt_caught_CXX_error" != yes; then # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using @@ -6633,17 +7179,17 @@ if test "$_lt_caught_CXX_error" != yes; then cxx*) case $host in osf3*) - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ - echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ - $RM $lib.exp' + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ + $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; esac @@ -6658,27 +7204,27 @@ if test "$_lt_caught_CXX_error" != yes; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' case $host in osf3*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' ;; esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # FIXME: insert proper C++ library support @@ -6718,9 +7264,9 @@ if test "$_lt_caught_CXX_error" != yes; then # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no @@ -6728,7 +7274,7 @@ if test "$_lt_caught_CXX_error" != yes; then solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. + # but understands '-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; @@ -6745,42 +7291,42 @@ if test "$_lt_caught_CXX_error" != yes; then ;; gcx*) # Green Hills C++ Compiler - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs' if $CC --version | $GREP -v '^2\.7' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else - # g++ 2.7 appears to require `-G' NOT `-shared' on this + # g++ 2.7 appears to require '-G' NOT '-shared' on this # platform. - _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' ;; esac fi @@ -6789,52 +7335,52 @@ if test "$_lt_caught_CXX_error" != yes; then ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not + # Note: We CANNOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ - '"$_LT_TAGVAR(old_archive_cmds, $1)" + '"$_LT_TAGVAR(old_archive_cmds, $1)" _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ - '"$_LT_TAGVAR(reload_cmds, $1)" + '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; @@ -6865,10 +7411,10 @@ if test "$_lt_caught_CXX_error" != yes; then esac AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) - test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no - _LT_TAGVAR(GCC, $1)="$GXX" - _LT_TAGVAR(LD, $1)="$LD" + _LT_TAGVAR(GCC, $1)=$GXX + _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -6895,7 +7441,7 @@ if test "$_lt_caught_CXX_error" != yes; then lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld -fi # test "$_lt_caught_CXX_error" != yes +fi # test yes != "$_lt_caught_CXX_error" AC_LANG_POP ])# _LT_LANG_CXX_CONFIG @@ -6917,13 +7463,14 @@ AC_REQUIRE([_LT_DECL_SED]) AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) func_stripname_cnf () { - case ${2} in - .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; - *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; + case @S|@2 in + .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;; + *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;; esac } # func_stripname_cnf ])# _LT_FUNC_STRIPNAME_CNF + # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose @@ -7007,13 +7554,13 @@ if AC_TRY_EVAL(ac_compile); then pre_test_object_deps_done=no for p in `eval "$output_verbose_link_cmd"`; do - case ${prev}${p} in + case $prev$p in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. - if test $p = "-L" || - test $p = "-R"; then + if test x-L = "$p" || + test x-R = "$p"; then prev=$p continue fi @@ -7029,16 +7576,16 @@ if AC_TRY_EVAL(ac_compile); then case $p in =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; esac - if test "$pre_test_object_deps_done" = no; then - case ${prev} in + if test no = "$pre_test_object_deps_done"; then + case $prev in -L | -R) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then - _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" + _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p else - _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p" fi ;; # The "-l" case would never come before the object being @@ -7046,9 +7593,9 @@ if AC_TRY_EVAL(ac_compile); then esac else if test -z "$_LT_TAGVAR(postdeps, $1)"; then - _LT_TAGVAR(postdeps, $1)="${prev}${p}" + _LT_TAGVAR(postdeps, $1)=$prev$p else - _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p" fi fi prev= @@ -7063,15 +7610,15 @@ if AC_TRY_EVAL(ac_compile); then continue fi - if test "$pre_test_object_deps_done" = no; then + if test no = "$pre_test_object_deps_done"; then if test -z "$_LT_TAGVAR(predep_objects, $1)"; then - _LT_TAGVAR(predep_objects, $1)="$p" + _LT_TAGVAR(predep_objects, $1)=$p else _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" fi else if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then - _LT_TAGVAR(postdep_objects, $1)="$p" + _LT_TAGVAR(postdep_objects, $1)=$p else _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" fi @@ -7102,51 +7649,6 @@ interix[[3-9]]*) _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; - -linux*) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - if test "$solaris_use_stlport4" != yes; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; - -solaris*) - case $cc_basename in - CC* | sunCC*) - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - # Adding this requires a known-good setup of shared libraries for - # Sun compiler versions before 5.6, else PIC objects from an old - # archive will be linked into the output, leading to subtle bugs. - if test "$solaris_use_stlport4" != yes; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; esac ]) @@ -7155,7 +7657,7 @@ case " $_LT_TAGVAR(postdeps, $1) " in esac _LT_TAGVAR(compiler_lib_search_dirs, $1)= if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then - _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'` fi _LT_TAGDECL([], [compiler_lib_search_dirs], [1], [The directories searched by this compiler when creating a shared library]) @@ -7175,10 +7677,10 @@ _LT_TAGDECL([], [compiler_lib_search_path], [1], # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_F77_CONFIG], [AC_LANG_PUSH(Fortran 77) -if test -z "$F77" || test "X$F77" = "Xno"; then +if test -z "$F77" || test no = "$F77"; then _lt_disable_F77=yes fi @@ -7215,7 +7717,7 @@ _LT_TAGVAR(objext, $1)=$objext # the F77 compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_disable_F77" != yes; then +if test yes != "$_lt_disable_F77"; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t @@ -7237,7 +7739,7 @@ if test "$_lt_disable_F77" != yes; then _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. - lt_save_CC="$CC" + lt_save_CC=$CC lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${F77-"f77"} @@ -7251,21 +7753,25 @@ if test "$_lt_disable_F77" != yes; then AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -7273,11 +7779,11 @@ if test "$_lt_disable_F77" != yes; then AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) - _LT_TAGVAR(GCC, $1)="$G77" - _LT_TAGVAR(LD, $1)="$LD" + _LT_TAGVAR(GCC, $1)=$G77 + _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -7294,9 +7800,9 @@ if test "$_lt_disable_F77" != yes; then fi # test -n "$compiler" GCC=$lt_save_GCC - CC="$lt_save_CC" - CFLAGS="$lt_save_CFLAGS" -fi # test "$_lt_disable_F77" != yes + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test yes != "$_lt_disable_F77" AC_LANG_POP ])# _LT_LANG_F77_CONFIG @@ -7306,11 +7812,11 @@ AC_LANG_POP # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_FC_CONFIG], [AC_LANG_PUSH(Fortran) -if test -z "$FC" || test "X$FC" = "Xno"; then +if test -z "$FC" || test no = "$FC"; then _lt_disable_FC=yes fi @@ -7347,7 +7853,7 @@ _LT_TAGVAR(objext, $1)=$objext # the FC compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_disable_FC" != yes; then +if test yes != "$_lt_disable_FC"; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t @@ -7369,7 +7875,7 @@ if test "$_lt_disable_FC" != yes; then _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. - lt_save_CC="$CC" + lt_save_CC=$CC lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${FC-"f95"} @@ -7385,21 +7891,25 @@ if test "$_lt_disable_FC" != yes; then AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no + test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) - test "$enable_shared" = yes && enable_static=no + test yes = "$enable_shared" && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac fi ;; esac @@ -7407,11 +7917,11 @@ if test "$_lt_disable_FC" != yes; then AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes + test yes = "$enable_shared" || enable_static=yes AC_MSG_RESULT([$enable_static]) - _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" - _LT_TAGVAR(LD, $1)="$LD" + _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu + _LT_TAGVAR(LD, $1)=$LD ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change @@ -7431,7 +7941,7 @@ if test "$_lt_disable_FC" != yes; then GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS -fi # test "$_lt_disable_FC" != yes +fi # test yes != "$_lt_disable_FC" AC_LANG_POP ])# _LT_LANG_FC_CONFIG @@ -7441,7 +7951,7 @@ AC_LANG_POP # -------------------------- # Ensure that the configuration variables for the GNU Java Compiler compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_GCJ_CONFIG], [AC_REQUIRE([LT_PROG_GCJ])dnl AC_LANG_SAVE @@ -7475,7 +7985,7 @@ CC=${GCJ-"gcj"} CFLAGS=$GCJFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC -_LT_TAGVAR(LD, $1)="$LD" +_LT_TAGVAR(LD, $1)=$LD _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. @@ -7512,7 +8022,7 @@ CFLAGS=$lt_save_CFLAGS # -------------------------- # Ensure that the configuration variables for the GNU Go compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_GO_CONFIG], [AC_REQUIRE([LT_PROG_GO])dnl AC_LANG_SAVE @@ -7546,7 +8056,7 @@ CC=${GOC-"gccgo"} CFLAGS=$GOFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC -_LT_TAGVAR(LD, $1)="$LD" +_LT_TAGVAR(LD, $1)=$LD _LT_CC_BASENAME([$compiler]) # Go did not exist at the time GCC didn't implicitly link libc in. @@ -7583,7 +8093,7 @@ CFLAGS=$lt_save_CFLAGS # ------------------------- # Ensure that the configuration variables for the Windows resource compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. +# to write the compiler configuration to 'libtool'. m4_defun([_LT_LANG_RC_CONFIG], [AC_REQUIRE([LT_PROG_RC])dnl AC_LANG_SAVE @@ -7599,7 +8109,7 @@ _LT_TAGVAR(objext, $1)=$objext lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests -lt_simple_link_test_code="$lt_simple_compile_test_code" +lt_simple_link_test_code=$lt_simple_compile_test_code # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER @@ -7609,7 +8119,7 @@ _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. -lt_save_CC="$CC" +lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC= @@ -7638,7 +8148,7 @@ AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj,) - test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" + test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS)])])[]dnl ]) @@ -7749,7 +8259,7 @@ lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do - test ! -f $lt_ac_sed && continue + test ! -f "$lt_ac_sed" && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in @@ -7766,9 +8276,9 @@ for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough - test $lt_ac_count -gt 10 && break + test 10 -lt "$lt_ac_count" && break lt_ac_count=`expr $lt_ac_count + 1` - if test $lt_ac_count -gt $lt_ac_max; then + if test "$lt_ac_count" -gt "$lt_ac_max"; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi @@ -7792,27 +8302,7 @@ dnl AC_DEFUN([LT_AC_PROG_SED], []) # Find out whether the shell is Bourne or XSI compatible, # or has some other useful features. m4_defun([_LT_CHECK_SHELL_FEATURES], -[AC_MSG_CHECKING([whether the shell understands some XSI constructs]) -# Try some XSI features -xsi_shell=no -( _lt_dummy="a/b/c" - test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ - = c,a/b,b/c, \ - && eval 'test $(( 1 + 1 )) -eq 2 \ - && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ - && xsi_shell=yes -AC_MSG_RESULT([$xsi_shell]) -_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) - -AC_MSG_CHECKING([whether the shell understands "+="]) -lt_shell_append=no -( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ - >/dev/null 2>&1 \ - && lt_shell_append=yes -AC_MSG_RESULT([$lt_shell_append]) -_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) - -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then +[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false @@ -7836,102 +8326,9 @@ _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl ])# _LT_CHECK_SHELL_FEATURES -# _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY) -# ------------------------------------------------------ -# In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and -# '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY. -m4_defun([_LT_PROG_FUNCTION_REPLACE], -[dnl { -sed -e '/^$1 ()$/,/^} # $1 /c\ -$1 ()\ -{\ -m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1]) -} # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") -test 0 -eq $? || _lt_function_replace_fail=: -]) - - -# _LT_PROG_REPLACE_SHELLFNS -# ------------------------- -# Replace existing portable implementations of several shell functions with -# equivalent extended shell implementations where those features are available.. -m4_defun([_LT_PROG_REPLACE_SHELLFNS], -[if test x"$xsi_shell" = xyes; then - _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl - case ${1} in - */*) func_dirname_result="${1%/*}${2}" ;; - * ) func_dirname_result="${3}" ;; - esac]) - - _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl - func_basename_result="${1##*/}"]) - - _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl - case ${1} in - */*) func_dirname_result="${1%/*}${2}" ;; - * ) func_dirname_result="${3}" ;; - esac - func_basename_result="${1##*/}"]) - - _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl - # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are - # positional parameters, so assign one to ordinary parameter first. - func_stripname_result=${3} - func_stripname_result=${func_stripname_result#"${1}"} - func_stripname_result=${func_stripname_result%"${2}"}]) - - _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl - func_split_long_opt_name=${1%%=*} - func_split_long_opt_arg=${1#*=}]) - - _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl - func_split_short_opt_arg=${1#??} - func_split_short_opt_name=${1%"$func_split_short_opt_arg"}]) - - _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl - case ${1} in - *.lo) func_lo2o_result=${1%.lo}.${objext} ;; - *) func_lo2o_result=${1} ;; - esac]) - - _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo]) - - _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))]) - - _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}]) -fi - -if test x"$lt_shell_append" = xyes; then - _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"]) - - _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl - func_quote_for_eval "${2}" -dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \ - eval "${1}+=\\\\ \\$func_quote_for_eval_result"]) - - # Save a `func_append' function call where possible by direct use of '+=' - sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -else - # Save a `func_append' function call even when '+=' is not available - sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ - && mv -f "$cfgfile.tmp" "$cfgfile" \ - || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") - test 0 -eq $? || _lt_function_replace_fail=: -fi - -if test x"$_lt_function_replace_fail" = x":"; then - AC_MSG_WARN([Unable to substitute extended shell functions in $ofile]) -fi -]) - # _LT_PATH_CONVERSION_FUNCTIONS # ----------------------------- -# Determine which file name conversion functions should be used by +# Determine what file name conversion functions should be used by # func_to_host_file (and, implicitly, by func_to_host_path). These are needed # for certain cross-compile configurations and native mingw. m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], diff --git a/m4/ltoptions.m4 b/m4/ltoptions.m4 index 5d9acd8..94b0829 100644 --- a/m4/ltoptions.m4 +++ b/m4/ltoptions.m4 @@ -1,14 +1,14 @@ # Helper functions for option handling. -*- Autoconf -*- # -# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software +# Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. -# serial 7 ltoptions.m4 +# serial 8 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) @@ -29,7 +29,7 @@ m4_define([_LT_SET_OPTION], [m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), _LT_MANGLE_DEFUN([$1], [$2]), - [m4_warning([Unknown $1 option `$2'])])[]dnl + [m4_warning([Unknown $1 option '$2'])])[]dnl ]) @@ -75,13 +75,15 @@ m4_if([$1],[LT_INIT],[ dnl dnl If no reference was made to various pairs of opposing options, then dnl we run the default mode handler for the pair. For example, if neither - dnl `shared' nor `disable-shared' was passed, we enable building of shared + dnl 'shared' nor 'disable-shared' was passed, we enable building of shared dnl archives by default: _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], - [_LT_ENABLE_FAST_INSTALL]) + [_LT_ENABLE_FAST_INSTALL]) + _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4], + [_LT_WITH_AIX_SONAME([aix])]) ]) ])# _LT_SET_OPTIONS @@ -112,7 +114,7 @@ AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `dlopen' option into LT_INIT's first parameter.]) +put the 'dlopen' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: @@ -148,7 +150,7 @@ AU_DEFUN([AC_LIBTOOL_WIN32_DLL], _LT_SET_OPTION([LT_INIT], [win32-dll]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `win32-dll' option into LT_INIT's first parameter.]) +put the 'win32-dll' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: @@ -157,9 +159,9 @@ dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) # _LT_ENABLE_SHARED([DEFAULT]) # ---------------------------- -# implement the --enable-shared flag, and supports the `shared' and -# `disable-shared' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +# implement the --enable-shared flag, and supports the 'shared' and +# 'disable-shared' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_SHARED], [m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([shared], @@ -172,14 +174,14 @@ AC_ARG_ENABLE([shared], *) enable_shared=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_shared=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) @@ -211,9 +213,9 @@ dnl AC_DEFUN([AM_DISABLE_SHARED], []) # _LT_ENABLE_STATIC([DEFAULT]) # ---------------------------- -# implement the --enable-static flag, and support the `static' and -# `disable-static' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +# implement the --enable-static flag, and support the 'static' and +# 'disable-static' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_STATIC], [m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([static], @@ -226,14 +228,14 @@ AC_ARG_ENABLE([static], *) enable_static=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_static=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], [enable_static=]_LT_ENABLE_STATIC_DEFAULT) @@ -265,9 +267,9 @@ dnl AC_DEFUN([AM_DISABLE_STATIC], []) # _LT_ENABLE_FAST_INSTALL([DEFAULT]) # ---------------------------------- -# implement the --enable-fast-install flag, and support the `fast-install' -# and `disable-fast-install' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +# implement the --enable-fast-install flag, and support the 'fast-install' +# and 'disable-fast-install' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. m4_define([_LT_ENABLE_FAST_INSTALL], [m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([fast-install], @@ -280,14 +282,14 @@ AC_ARG_ENABLE([fast-install], *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for pkg in $enableval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) @@ -304,14 +306,14 @@ AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put -the `fast-install' option into LT_INIT's first parameter.]) +the 'fast-install' option into LT_INIT's first parameter.]) ]) AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put -the `disable-fast-install' option into LT_INIT's first parameter.]) +the 'disable-fast-install' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: @@ -319,11 +321,64 @@ dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) +# _LT_WITH_AIX_SONAME([DEFAULT]) +# ---------------------------------- +# implement the --with-aix-soname flag, and support the `aix-soname=aix' +# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT +# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'. +m4_define([_LT_WITH_AIX_SONAME], +[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl +shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[[5-9]]*,yes) + AC_MSG_CHECKING([which variant of shared library versioning to provide]) + AC_ARG_WITH([aix-soname], + [AS_HELP_STRING([--with-aix-soname=aix|svr4|both], + [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])], + [case $withval in + aix|svr4|both) + ;; + *) + AC_MSG_ERROR([Unknown argument to --with-aix-soname]) + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname], + [AC_CACHE_VAL([lt_cv_with_aix_soname], + [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT) + with_aix_soname=$lt_cv_with_aix_soname]) + AC_MSG_RESULT([$with_aix_soname]) + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + +_LT_DECL([], [shared_archive_member_spec], [0], + [Shared archive member basename, for filename based shared library versioning on AIX])dnl +])# _LT_WITH_AIX_SONAME + +LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])]) + + # _LT_WITH_PIC([MODE]) # -------------------- -# implement the --with-pic flag, and support the `pic-only' and `no-pic' +# implement the --with-pic flag, and support the 'pic-only' and 'no-pic' # LT_INIT options. -# MODE is either `yes' or `no'. If omitted, it defaults to `both'. +# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], @@ -334,19 +389,17 @@ m4_define([_LT_WITH_PIC], *) pic_mode=default # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, for lt_pkg in $withval; do - IFS="$lt_save_ifs" + IFS=$lt_save_ifs if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done - IFS="$lt_save_ifs" + IFS=$lt_save_ifs ;; esac], - [pic_mode=default]) - -test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) + [pic_mode=m4_default([$1], [default])]) _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl ])# _LT_WITH_PIC @@ -359,7 +412,7 @@ AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `pic-only' option into LT_INIT's first parameter.]) +put the 'pic-only' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: diff --git a/m4/ltsugar.m4 b/m4/ltsugar.m4 index 9000a05..48bc934 100644 --- a/m4/ltsugar.m4 +++ b/m4/ltsugar.m4 @@ -1,6 +1,7 @@ # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # -# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software +# Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives @@ -33,7 +34,7 @@ m4_define([_lt_join], # ------------ # Manipulate m4 lists. # These macros are necessary as long as will still need to support -# Autoconf-2.59 which quotes differently. +# Autoconf-2.59, which quotes differently. m4_define([lt_car], [[$1]]) m4_define([lt_cdr], [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], @@ -44,7 +45,7 @@ m4_define([lt_unquote], $1) # lt_append(MACRO-NAME, STRING, [SEPARATOR]) # ------------------------------------------ -# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. +# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'. # Note that neither SEPARATOR nor STRING are expanded; they are appended # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). # No SEPARATOR is output if MACRO-NAME was previously undefined (different diff --git a/m4/ltversion.m4 b/m4/ltversion.m4 index 07a8602..fa04b52 100644 --- a/m4/ltversion.m4 +++ b/m4/ltversion.m4 @@ -1,6 +1,6 @@ # ltversion.m4 -- version numbers -*- Autoconf -*- # -# Copyright (C) 2004 Free Software Foundation, Inc. +# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives @@ -9,15 +9,15 @@ # @configure_input@ -# serial 3337 ltversion.m4 +# serial 4179 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4.2]) -m4_define([LT_PACKAGE_REVISION], [1.3337]) +m4_define([LT_PACKAGE_VERSION], [2.4.6]) +m4_define([LT_PACKAGE_REVISION], [2.4.6]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4.2' -macro_revision='1.3337' +[macro_version='2.4.6' +macro_revision='2.4.6' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff --git a/m4/lt~obsolete.m4 b/m4/lt~obsolete.m4 index c573da9..c6b26f8 100644 --- a/m4/lt~obsolete.m4 +++ b/m4/lt~obsolete.m4 @@ -1,6 +1,7 @@ # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # -# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. +# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software +# Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives @@ -11,7 +12,7 @@ # These exist entirely to fool aclocal when bootstrapping libtool. # -# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN), # which have later been changed to m4_define as they aren't part of the # exported API, or moved to Autoconf or Automake where they belong. # @@ -25,7 +26,7 @@ # included after everything else. This provides aclocal with the # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything # because those macros already exist, or will be overwritten later. -# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. # # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. # Yes, that means every name once taken will need to remain here until diff --git a/m4/nls.m4 b/m4/nls.m4 index 7967cc2..8f8a147 100644 --- a/m4/nls.m4 +++ b/m4/nls.m4 @@ -1,5 +1,6 @@ -# nls.m4 serial 3 (gettext-0.15) -dnl Copyright (C) 1995-2003, 2005-2006 Free Software Foundation, Inc. +# nls.m4 serial 5 (gettext-0.18) +dnl Copyright (C) 1995-2003, 2005-2006, 2008-2013 Free Software Foundation, +dnl Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -17,15 +18,15 @@ dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. -AC_PREREQ(2.50) +AC_PREREQ([2.50]) AC_DEFUN([AM_NLS], [ AC_MSG_CHECKING([whether NLS is requested]) dnl Default is enabled NLS - AC_ARG_ENABLE(nls, + AC_ARG_ENABLE([nls], [ --disable-nls do not use Native Language Support], USE_NLS=$enableval, USE_NLS=yes) - AC_MSG_RESULT($USE_NLS) - AC_SUBST(USE_NLS) + AC_MSG_RESULT([$USE_NLS]) + AC_SUBST([USE_NLS]) ]) diff --git a/m4/po.m4 b/m4/po.m4 index 00133ef..1c70b6c 100644 --- a/m4/po.m4 +++ b/m4/po.m4 @@ -1,5 +1,5 @@ -# po.m4 serial 13 (gettext-0.15) -dnl Copyright (C) 1995-2006 Free Software Foundation, Inc. +# po.m4 serial 21 (gettext-0.18.3) +dnl Copyright (C) 1995-2013 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -17,16 +17,21 @@ dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. -AC_PREREQ(2.50) +AC_PREREQ([2.60]) dnl Checks for all prerequisites of the po subdirectory. AC_DEFUN([AM_PO_SUBDIRS], [ AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl - AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake + AC_REQUIRE([AC_PROG_MKDIR_P])dnl + AC_REQUIRE([AC_PROG_SED])dnl AC_REQUIRE([AM_NLS])dnl + dnl Release version of the gettext macros. This is used to ensure that + dnl the gettext macros and po/Makefile.in.in are in sync. + AC_SUBST([GETTEXT_MACRO_VERSION], [0.18]) + dnl Perform the following tests also if --disable-nls has been given, dnl because they are needed for "make dist" to work. @@ -37,7 +42,7 @@ AC_DEFUN([AM_PO_SUBDIRS], [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) - AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) + AC_PATH_PROG([GMSGFMT], [gmsgfmt], [$MSGFMT]) dnl Test whether it is GNU msgfmt >= 0.15. changequote(,)dnl @@ -84,6 +89,10 @@ changequote([,])dnl test -n "$localedir" || localedir='${datadir}/locale' AC_SUBST([localedir]) + dnl Support for AM_XGETTEXT_OPTION. + test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= + AC_SUBST([XGETTEXT_EXTRA_OPTIONS]) + AC_CONFIG_COMMANDS([po-directories], [[ for ac_file in $CONFIG_FILES; do # Support "outfile[:infile[:infile...]]" @@ -94,7 +103,7 @@ changequote([,])dnl case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` - ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" + ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. @@ -110,7 +119,8 @@ changequote([,])dnl if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" - cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" + gt_tab=`printf '\t'` + cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration @@ -121,12 +131,12 @@ changequote([,])dnl test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` - # Hide the ALL_LINGUAS assigment from automake < 1.5. + # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. - # Hide the ALL_LINGUAS assigment from automake < 1.5. + # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES @@ -218,7 +228,7 @@ AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE], changequote(,)dnl # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` - ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" + ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. @@ -246,6 +256,7 @@ EOT fi # A sed script that extracts the value of VARIABLE from a Makefile. + tab=`printf '\t'` sed_x_variable=' # Test if the hold space is empty. x @@ -253,9 +264,9 @@ s/P/P/ x ta # Yes it was empty. Look if we have the expected variable definition. -/^[ ]*VARIABLE[ ]*=/{ +/^['"${tab}"' ]*VARIABLE['"${tab}"' ]*=/{ # Seen the first line of the variable definition. - s/^[ ]*VARIABLE[ ]*=// + s/^['"${tab}"' ]*VARIABLE['"${tab}"' ]*=// ba } bd @@ -307,7 +318,7 @@ changequote([,])dnl sed_x_LINGUAS=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/LINGUAS/g'` ALL_LINGUAS_=`sed -n -e "$sed_x_LINGUAS" < "$ac_file"` fi - # Hide the ALL_LINGUAS assigment from automake < 1.5. + # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) @@ -397,14 +408,15 @@ changequote([,])dnl fi sed -e "s|@POTFILES_DEPS@|$POTFILES_DEPS|g" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@PROPERTIESFILES@|$PROPERTIESFILES|g" -e "s|@CLASSFILES@|$CLASSFILES|g" -e "s|@QMFILES@|$QMFILES|g" -e "s|@MSGFILES@|$MSGFILES|g" -e "s|@RESOURCESDLLFILES@|$RESOURCESDLLFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@JAVACATALOGS@|$JAVACATALOGS|g" -e "s|@QTCATALOGS@|$QTCATALOGS|g" -e "s|@TCLCATALOGS@|$TCLCATALOGS|g" -e "s|@CSHARPCATALOGS@|$CSHARPCATALOGS|g" -e 's,^#distdir:,distdir:,' < "$ac_file" > "$ac_file.tmp" + tab=`printf '\t'` if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` cat >> "$ac_file.tmp" <> "$ac_file.tmp" <, 1996. -AC_PREREQ(2.50) +AC_PREREQ([2.50]) # Search path for a program which passes the given test. @@ -27,15 +27,14 @@ AC_DEFUN([AM_PATH_PROG_WITH_TEST], # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } fi # Find out how to test for executable files. Don't use a zero-byte file, @@ -55,7 +54,7 @@ rm -f conf$$.file # Extract the first word of "$2", so it can be a program name with args. set dummy $2; ac_word=[$]2 AC_MSG_CHECKING([for $ac_word]) -AC_CACHE_VAL(ac_cv_path_$1, +AC_CACHE_VAL([ac_cv_path_$1], [case "[$]$1" in [[\\/]]* | ?:[[\\/]]*) ac_cv_path_$1="[$]$1" # Let the user override the test with a path. @@ -84,9 +83,9 @@ ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" esac])dnl $1="$ac_cv_path_$1" if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then - AC_MSG_RESULT([$]$1) + AC_MSG_RESULT([$][$1]) else - AC_MSG_RESULT(no) + AC_MSG_RESULT([no]) fi -AC_SUBST($1)dnl +AC_SUBST([$1])dnl ]) diff --git a/man/Makefile.am b/man/Makefile.am deleted file mode 100644 index a364ff3..0000000 --- a/man/Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ -man8_MANS = cryptsetup.8 - -if VERITYSETUP -man8_MANS += veritysetup.8 -endif - -if REENCRYPT -man8_MANS += cryptsetup-reencrypt.8 -endif - -EXTRA_DIST = cryptsetup.8 veritysetup.8 cryptsetup-reencrypt.8 diff --git a/man/Makefile.in b/man/Makefile.in deleted file mode 100644 index b2e9bf3..0000000 --- a/man/Makefile.in +++ /dev/null @@ -1,559 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -@VERITYSETUP_TRUE@am__append_1 = veritysetup.8 -@REENCRYPT_TRUE@am__append_2 = cryptsetup-reencrypt.8 -subdir = man -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -SOURCES = -DIST_SOURCES = -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -man8dir = $(mandir)/man8 -am__installdirs = "$(DESTDIR)$(man8dir)" -NROFF = nroff -MANS = $(man8_MANS) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@ -DEVMAPPER_LIBS = @DEVMAPPER_LIBS@ -DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@ -DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@ -LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSS_CFLAGS = @NSS_CFLAGS@ -NSS_LIBS = @NSS_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ -OPENSSL_LIBS = @OPENSSL_LIBS@ -OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@ -OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POPT_LIBS = @POPT_LIBS@ -POSUB = @POSUB@ -PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@ -PWQUALITY_LIBS = @PWQUALITY_LIBS@ -PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@ -PYTHON = @PYTHON@ -PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -PYTHON_INCLUDES = @PYTHON_INCLUDES@ -PYTHON_LIBS = @PYTHON_LIBS@ -PYTHON_PLATFORM = @PYTHON_PLATFORM@ -PYTHON_PREFIX = @PYTHON_PREFIX@ -PYTHON_VERSION = @PYTHON_VERSION@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -UUID_LIBS = @UUID_LIBS@ -VERSION = @VERSION@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -pkgpyexecdir = @pkgpyexecdir@ -pkgpythondir = @pkgpythondir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -pyexecdir = @pyexecdir@ -pythondir = @pythondir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -man8_MANS = cryptsetup.8 $(am__append_1) $(am__append_2) -EXTRA_DIST = cryptsetup.8 veritysetup.8 cryptsetup-reencrypt.8 -all: all-am - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu man/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-man8: $(man8_MANS) - @$(NORMAL_INSTALL) - @list1='$(man8_MANS)'; \ - list2=''; \ - test -n "$(man8dir)" \ - && test -n "`echo $$list1$$list2`" \ - || exit 0; \ - echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ - { for i in $$list1; do echo "$$i"; done; \ - if test -n "$$list2"; then \ - for i in $$list2; do echo "$$i"; done \ - | sed -n '/\.8[a-z]*$$/p'; \ - fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ - done; } - -uninstall-man8: - @$(NORMAL_UNINSTALL) - @list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) -tags TAGS: - -ctags CTAGS: - -cscope cscopelist: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(MANS) -installdirs: - for dir in "$(DESTDIR)$(man8dir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-man - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: install-man8 - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-man - -uninstall-man: uninstall-man8 - -.MAKE: install-am install-strip - -.PHONY: all all-am check check-am clean clean-generic clean-libtool \ - cscopelist-am ctags-am distclean distclean-generic \ - distclean-libtool distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-man8 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am tags-am uninstall uninstall-am uninstall-man \ - uninstall-man8 - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/man/Makemodule.am b/man/Makemodule.am new file mode 100644 index 0000000..3f68441 --- /dev/null +++ b/man/Makemodule.am @@ -0,0 +1,15 @@ +EXTRA_DIST += man/cryptsetup.8 man/integritysetup.8 man/veritysetup.8 man/cryptsetup-reencrypt.8 + +man8_MANS += man/cryptsetup.8 + +if VERITYSETUP +man8_MANS += man/veritysetup.8 +endif + +if REENCRYPT +man8_MANS += man/cryptsetup-reencrypt.8 +endif + +if INTEGRITYSETUP +man8_MANS += man/integritysetup.8 +endif diff --git a/man/cryptsetup-reencrypt.8 b/man/cryptsetup-reencrypt.8 index bfb7e23..3dbb6e1 100644 --- a/man/cryptsetup-reencrypt.8 +++ b/man/cryptsetup-reencrypt.8 @@ -1,4 +1,4 @@ -.TH CRYPTSETUP-REENCRYPT "8" "January 2015" "cryptsetup-reencrypt" "Maintenance Commands" +.TH CRYPTSETUP-REENCRYPT "8" "January 2019" "cryptsetup-reencrypt" "Maintenance Commands" .SH NAME cryptsetup-reencrypt - tool for offline LUKS device re-encryption .SH SYNOPSIS @@ -14,18 +14,20 @@ unclocked by passphrase), \fBcipher\fR, \fBcipher mode\fR. Cryptsetup-reencrypt reencrypts data on LUKS device in-place. During reencryption process the LUKS device is marked unavailable. +\fINOTE\fR: If you're looking for LUKS2 online reencryption manual please read cryptsetup(8) +man page instead (see reencrypt action). This page is for legacy offline reencryption +utility only. + \fIWARNING\fR: The cryptsetup-reencrypt program is not resistant to hardware -or kernel failures during reencryption (you can lose you data in this case). +or kernel failures during reencryption (you can lose your data in this case). \fIALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS TOOL.\fR .br -\fITHIS TOOL IS EXPERIMENTAL.\fR - The reencryption can be temporarily suspended (by TERM signal or by using ctrl+c) but you need to retain temporary files named LUKS-.[log|org|new]. LUKS device is unavailable until reencryption is finished though. -Current working directory must by writable and temporary +Current working directory must be writable and temporary files created during reencryption must be present. For more info about LUKS see cryptsetup(8). @@ -36,68 +38,109 @@ To start (or continue) re-encryption for use: .PP \fIcryptsetup-reencrypt\fR -\fB\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher, \-\-debug, -\-\-device-size, \-\-hash, \-\-iter-time, \-\-use-random | \-\-use-urandom, -\-\-keep-key, \-\-key-size, \-\-key-file, \-\-key-slot, \-\-keyfile-offset, -\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log] +\fB\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher | \-\-keep-key, +\-\-debug, \-\-device-size, \-\-hash, \-\-header, \-\-iter-time | \-\-pbkdf\-force\-iterations, +\-\-key-file, \-\-key-size, \-\-key-slot, \-\-keyfile-offset, \-\-keyfile-size, +\-\-master\-key\-file, \-\-tries, \-\-pbkdf, \-\-pbkdf\-memory, \-\-pbkdf\-parallel, +\-\-progress-frequency, \-\-use-directio, \-\-use-random | \-\-use-urandom, \-\-use-fsync, +\-\-uuid, \-\-verbose, \-\-write-log] -To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR with combination -with \fI\-\-reduce-device-size\fR. +To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR in combination +with \fI\-\-reduce-device-size\fR or with \fI\-\-header\fR option for detached header. To remove encryption from device, use \fI\-\-decrypt\fR. For detailed description of encryption and key file options see \fIcryptsetup(8)\fR man page. .TP -.B "\-\-verbose, \-v" -Print more information on command execution. +.B "\-\-batch-mode, \-q" +Suppresses all warnings and reencryption progress output. +.TP +.B "\-\-block-size, \-B \fIvalue\fR" +Use re-encryption block size of in MiB. + +Values can be between 1 and 64 MiB. +.TP +.B "\-\-cipher, \-c" \fI\fR +Set the cipher specification string. .TP .B "\-\-debug" Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by '#'. .TP -.B "\-\-cipher, \-c" \fI\fR -Set the cipher specification string. +.B "\-\-decrypt" +Remove encryption (decrypt already encrypted device and remove LUKS header). + +\fBWARNING:\fR This is destructive operation and cannot be reverted. .TP -.B "\-\-key-size, \-s \fI\fR" -Set key size in bits. The argument has to be a multiple of 8. +.B "\-\-device-size \fIsize[units]\fR" +Instead of real device size, use specified value. -The possible key-sizes are limited by the cipher and mode used. +It means that only specified area (from the start of the device +to the specified size) will be reencrypted. -If you are increasing key size, there must be enough space in the LUKS header -for enlarged keyslots (data offset must be large enough) or reencryption -cannot be performed. +If no unit suffix is specified, the size is in bytes. -If there is not enough space for keyslots with new key size, -you can destructively shrink device with \-\-reduce-device-size option. +Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB) +for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale). + +\fBWARNING:\fR This is destructive operation. .TP .B "\-\-hash, \-h \fI\fR" -Specifies the hash used in the LUKS key setup scheme and volume key digest. +Specifies the hash used in the LUKS1 key setup scheme and volume key digest. \fBNOTE:\fR if this parameter is not specified, default hash algorithm is always used -for new device header. +for new LUKS1 device header. + +\fBNOTE:\fR with LUKS2 format this option is only relevant when new keyslot pbkdf algorithm +is set to PBKDF2 (see \fI\-\-pbkdf\fR). +.TP +.B "\-\-header\fR \fI\fR" +Use a detached (separated) metadata device or file where the +LUKS header is stored. This option allows one to store ciphertext +and LUKS header on different devices. + +\fBWARNING:\fR There is no check whether the ciphertext device specified +actually belongs to the header given. +If used with \fI\-\-new\fR option, the header file will created (or overwritten). +Use with care. .TP .B "\-\-iter-time, \-i \fI\fR" The number of milliseconds to spend with PBKDF2 passphrase processing for the new LUKS header. .TP -.B "\-\-use-random" -.TP -.B "\-\-use-urandom" -Define which kernel random number generator will be used to create the volume key. +.B "\-\-keep-key" +Do not change encryption key, just reencrypt the LUKS header and keyslots. + +This option can be combined only with \fI\-\-hash\fR, \fI\-\-iter-time\fR, +\fI\-\-pbkdf\-force\-iterations\fR, \fI\-\-pbkdf\fR (LUKS2 only), +\fI\-\-pbkdf\-memory\fR (Argon2i/id and LUKS2 only) and \fI\-\-pbkdf\-parallel\fR +(Argon2i/id and LUKS2 only) options. .TP .B "\-\-key-file, \-d \fIname\fR" Read the passphrase from file. -\fBWARNING:\fR \-\-key-file option can be used only if there only one active keyslot, +\fBWARNING:\fR \-\-key-file option can be used only if there is only one active keyslot, or alternatively, also if \-\-key-slot option is specified (then all other keyslots will be disabled in new LUKS device). If this option is not used, cryptsetup-reencrypt will ask for all active keyslot passphrases. .TP -.B "\-\-key-slot, \-S <0-7>" -Specify which key slot is used. +.B "\-\-key-size, \-s \fI\fR" +Set key size in bits. The argument has to be a multiple of 8. + +The possible key-sizes are limited by the cipher and mode used. + +If you are increasing key size, there must be enough space in the LUKS header +for enlarged keyslots (data offset must be large enough) or reencryption +cannot be performed. + +If there is not enough space for keyslots with new key size, +you can destructively shrink device with \-\-reduce-device-size option. +.TP +.B "\-\-key-slot, \-S <0-MAX>" +Specify which key slot is used. For LUKS1, max keyslot number is 7. For LUKS2, it's 31. \fBWARNING:\fR All other keyslots will be disabled if this option is used. .TP @@ -109,34 +152,39 @@ Read a maximum of \fIvalue\fR bytes from the key file. Default is to read the whole file up to the compiled-in maximum. .TP -.B "\-\-keep-key" -Do not change encryption key, just reencrypt the LUKS header and keyslots. - -This option can be combined only with \fI\-\-hash\fR or \fI\-\-iter-time\fR -options. -.TP -.B "\-\-tries, \-T" -Number of retries for invalid passphrase entry. +.B "\-\-master\-key\-file" +Use new volume (master) key stored in a file. .TP -.B "\-\-block-size, \-B \fIvalue\fR" -Use re-encryption block size of in MiB. - -Values can be between 1 and 64 MiB. -.TP -.B "\-\-device-size \fIsize[units]\fR" -Instead of real device size, use specified value. - -It means that only specified area (from the start of the device -to the specified size) will be reencrypted. - -\fBWARNING:\fR This is destructive operation. +.B "\-\-new, \-N" +Create new header (encrypt not yet encrypted device). -If no unit suffix is specified, the size is in bytes. +This option must be used together with \-\-reduce-device-size. -Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB) -for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale). +\fBWARNING:\fR This is destructive operation and cannot be reverted. +.TP +.B "\-\-pbkdf" +Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. +The PBKDF can be: \fIpbkdf2\fR, \fIargon2i\fR for Argon2i or \fIargon2id\fR for Argon2id. -\fBWARNING:\fR This is destructive operation. +For LUKS1, only \fIpbkdf2\fR is accepted (no need to use this option). +.TP +.B "\-\-pbkdf\-force\-iterations " +Avoid PBKDF benchmark and set time cost (iterations) directly. +.TP +.B "\-\-pbkdf\-memory " +Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes). +Note that it is maximal value, PBKDF benchmark or available physical memory +can decrease it. +This option is not available for PBKDF2. +.TP +.B "\-\-pbkdf\-parallel " +Set the parallel cost for PBKDF (number of threads, up to 4). +Note that it is maximal value, it is decreased automatically if +CPU online count is lower. +This option is not available for PBKDF2. +.TP +.B "\-\-progress-frequency " +Print separate line every with reencryption progress. .TP .B "\-\-reduce-device-size \fIsize[units]\fR" Enlarge data offset to specified value by shrinking device size. @@ -150,22 +198,20 @@ partition (so last sectors contains no data). For units suffix see \-\-device-size parameter description. -\fBWARNING:\fR This is destructive operation and cannot be reverted. -Use with extreme care - shrinked filesystems are usually unrecoverable. - You cannot shrink device more than by 64 MiB (131072 sectors). -.TP -.B "\-\-new, N" -Create new header (encrypt not yet encrypted device). - -This option must be used together with \-\-reduce-device-size. \fBWARNING:\fR This is destructive operation and cannot be reverted. +Use with extreme care - shrunk filesystems are usually unrecoverable. .TP -.B "\-\-decrypt" -Remove encryption (decrypt already encrypted device and remove LUKS header). +.B "\-\-tries, \-T" +Number of retries for invalid passphrase entry. +.TP +.B "\-\-type " +Use only while encrypting not yet encrypted device (see \-\-new). -\fBWARNING:\fR This is destructive operation and cannot be reverted. +Specify LUKS version when performing in-place encryption. If the parameter +is omitted default value (LUKS1) is used. Type may be one of: \fBluks\fR (default), +\fBluks1\fR or \fBluks2\fR. .TP .B "\-\-use-directio" Use direct-io (O_DIRECT) for all read/write data operations related @@ -178,15 +224,27 @@ operations (e.g. in virtual environments). Use fsync call after every written block. This applies for reencryption log files as well. .TP -.B "\-\-write-log" -Update log file after every block write. This can slow down reencryption -but will minimize data loss in the case of system crash. +.B "\-\-use-random" .TP -.B "\-\-batch-mode, \-q" -Suppresses all warnings and reencryption progress output. +.B "\-\-use-urandom" +Define which kernel random number generator will be used to create the volume key. +.TP +.B "\-\-uuid" \fI\fR +Use only while resuming an interrupted decryption process (see \-\-decrypt). + +To find out what \fI\fR to pass look for temporary files LUKS-.[|log|org|new] +of the interrupted decryption process. +.TP +.B "\-\-verbose, \-v" +Print more information on command execution. .TP .B "\-\-version" Show the program version. +.TP +.B "\-\-write-log" +Update log file after every block write. This can slow down reencryption +but will minimize data loss in the case of system crash. + .SH RETURN CODES Cryptsetup-reencrypt returns 0 on success and a non-zero value on error. @@ -227,9 +285,9 @@ Please attach the output of the failed command with the .SH AUTHORS Cryptsetup-reencrypt was written by Milan Broz . .SH COPYRIGHT -Copyright \(co 2012-2015 Milan Broz +Copyright \(co 2012-2020 Milan Broz .br -Copyright \(co 2012-2013 Red Hat, Inc. +Copyright \(co 2012-2020 Red Hat, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 16ecec0..bc3fff6 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -1,4 +1,4 @@ -.TH CRYPTSETUP "8" "December 2013" "cryptsetup" "Maintenance Commands" +.TH CRYPTSETUP "8" "January 2019" "cryptsetup" "Maintenance Commands" .SH NAME cryptsetup - manage plain dm-crypt and LUKS encrypted volumes .SH SYNOPSIS @@ -12,7 +12,7 @@ and can hence offer more features than plain dm-crypt. On the other hand, the header is visible and vulnerable to damage. In addition, cryptsetup provides limited support for the use of -historic loopaes volumes and for TrueCrypt compatible volumes. +loop-AES volumes, TrueCrypt, VeraCrypt and BitLocker compatible volumes. .SH PLAIN DM-CRYPT OR LUKS? .PP @@ -29,12 +29,12 @@ to be mentioned here. \fBBackup:\fR Storage media die. Encryption has no influence on that. Backup is mandatory for encrypted data as well, if the data has any -worth. See the Cryptsetup FAQ for advice on how to do backup of an +worth. See the Cryptsetup FAQ for advice on how to do a backup of an encrypted volume. \fBCharacter encoding:\fR If you enter a passphrase with special symbols, the passphrase can change -depending character encoding. Keyboard settings can also change, +depending on character encoding. Keyboard settings can also change, which can make blind input hard or impossible. For example, switching from some ASCII 8-bit variant to UTF-8 can lead to a different binary encoding and hence different @@ -57,10 +57,10 @@ secure wiping by just overwriting header and key-slot area. it is a very good idea to wipe filesystem signatures, data, etc. before creating a LUKS or plain dm-crypt container on it. For a quick removal of filesystem signatures, use "wipefs". Take care -though that this may not remove everything. In particular md (RAID) +though that this may not remove everything. In particular, MD RAID signatures at the end of a device may survive. It also does not remove data. For a full wipe, overwrite the whole partition before -container creation. If you do not know how to to that, the +container creation. If you do not know how to do that, the cryptsetup FAQ describes several options. .SH BASIC COMMANDS @@ -70,8 +70,8 @@ The following are valid actions for all supported device types. .IP Opens (creates a mapping with) backed by device . -Device type can be \fIplain\fR, \fIluks\fR (default), \fIloopaes\fR -or \fItcrypt\fR. +Device type can be \fIplain\fR, \fIluks\fR (default), \fIluks1\fR, \fIluks2\fR, +\fIloopaes\fR or \fItcrypt\fR. For backward compatibility there are \fBopen\fR command aliases: @@ -84,6 +84,8 @@ For backward compatibility there are \fBopen\fR command aliases: \fBloopaesOpen\fR: open \-\-type loopaes .br \fBtcryptOpen\fR: open \-\-type tcrypt +.br +\fBbitlkOpen\fR: open \-\-type bitlk \fB\fR are type specific and are described below for individual device types. For \fBcreate\fR, the order of the @@ -98,6 +100,9 @@ For backward compatibility there are \fBclose\fR command aliases: \fBremove\fR, \fBplainClose\fR, \fBluksClose\fR, \fBloopaesClose\fR, \fBtcryptClose\fR (all behaves exactly the same, device type is determined automatically from active device). + +\fB\fR can be [\-\-deferred] + .PP \fIstatus\fR .IP @@ -107,10 +112,95 @@ Reports the status for the mapping . .IP Resizes an active mapping . -If \-\-size (in sectors) is not specified, the size of the -underlying block device is used. Note that this does not -change the raw device geometry, it just changes how many -sectors of the raw device are represented in the mapped device. +If \-\-size (in 512-bytes sectors) or \-\-device\-size are not specified, +the size is computed from the underlying device. For LUKS it is the size +of the underlying device without the area reserved for LUKS header +(see data payload offset in \fBluksDump\fR command). +For plain crypt device, the whole device size is used. + +Note that this does not change the raw device geometry, it just +changes how many sectors of the raw device are represented +in the mapped device. + +If cryptsetup detected volume key for active device loaded in kernel keyring +service, resize action would first try to retrieve +the key using a token and only if it failed it'd ask for a passphrase +to unlock a keyslot (LUKS) or to derive a volume key again (plain mode). +The kernel keyring is used by default for LUKS2 devices. + +With LUKS2 device additional \fB\fR can be [\-\-token\-id, \-\-token\-only, +\-\-key\-slot, \-\-key\-file, \-\-keyfile\-size, \-\-keyfile\-offset, \-\-timeout, +\-\-disable\-locks, \-\-disable\-keyring]. + +.PP +\fIrefresh\fR +.IP +Refreshes parameters of active mapping . + +Updates parameters of active device without need to deactivate the device +(and umount filesystem). Currently it supports parameters refresh on following +devices: LUKS1, LUKS2 (including authenticated encryption), plain crypt +and loopaes. + +Mandatory parametrs are identical to those of an open action for respective +device type. + +You may change following parameters on all devices \-\-perf\-same_cpu_crypt, +\-\-perf\-submit_from_crypt_cpus and \-\-allow\-discards. + +Refreshing device without any optional parameter will refresh the device +with default setting (respective to device type). + +\fBLUKS2 only:\fR + +\-\-integrity\-no\-journal parameter affects only LUKS2 devices with +underlying dm-integrity device. + +Adding option \-\-persistent stores any combination of device parameters +above in LUKS2 metadata (only after successful refresh operation). + +\-\-disable\-keyring parameter refreshes a device with volume key passed +in dm-crypt driver. + +.PP +\fIreencrypt\fR or --active-name [] +.IP +Run resilient reencryption (LUKS2 device only). + +There are 3 basic modes of operation: + +\(bu device reencryption (\fIreencrypt\fR) + +\(bu device encryption (\fIreencrypt\fR \-\-encrypt) + +\(bu device decryption (\fIreencrypt\fR \-\-decrypt) + + or --active-name is mandatory parameter. + +With parameter cryptsetup looks up active dm mapping. +If no active mapping is detected, it starts offline reencryption otherwise online +reencryption takes place. + +Reencryption process may be safely interrupted by a user via SIGTERM signal (ctrl+c). + +To resume already initialized or interrupted reencryption, just run the cryptsetup +\fIreencrypt\fR command again to continue the reencryption operation. +Reencryption may be resumed with different \-\-resilience or \-\-hotzone\-size unless +implicit datashift resilience mode is used (reencrypt \-\-encrypt with \-\-reduce-device-size +option). + +If the reencryption process was interrupted abruptly (reencryption process crash, system crash, poweroff) +it may require recovery. The recovery is currently run automatically on next activation (action \fIopen\fR) +when needed. + +Optional parameter takes effect only with \-\-encrypt option and it activates device +immediately after encryption initialization gets finished. That's useful when device needs to be ready +as soon as possible and mounted (used) before full data area encryption is completed. + +Action supports following additional \fB\fR [\-\-encrypt, \-\-decrypt, \-\-device\-size, +\-\-resilience, \-\-resilience-hash, \-\-hotzone-size, \-\-init\-only, \-\-resume\-only, +\-\-reduce\-device\-size]. + .SH PLAIN MODE Plain dm-crypt encrypts the device sector-by-sector with a single, non-salted hash of the passphrase. No checks @@ -128,8 +218,9 @@ The following are valid plain device type actions: Opens (creates a mapping with) backed by device . \fB\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase, -\-\-key-file, \-\-keyfile-offset, \-\-key-size, \-\-offset, \-\-skip, \-\-size, -\-\-readonly, \-\-shared, \-\-allow-discards] +\-\-sector\-size, \-\-key-file, \-\-keyfile-offset, \-\-key-size, +\-\-offset, \-\-skip, \-\-size, \-\-readonly, \-\-shared, \-\-allow\-discards, +\-\-refresh] Example: 'cryptsetup open \-\-type plain /dev/sda10 e1' maps the raw encrypted device /dev/sda10 to the mapped (decrypted) device @@ -141,7 +232,7 @@ It adds a standardized header at the start of the device, a key-slot area directly behind the header and the bulk data area behind that. The whole set is called a 'LUKS container'. The device that a LUKS container resides on is called a 'LUKS device'. -For most purposes both terms can be used interchangeably. But +For most purposes, both terms can be used interchangeably. But note that when the LUKS header is at a nonzero offset in a device, then the device is not a LUKS device anymore, but has a LUKS container stored in it at an offset. @@ -153,6 +244,12 @@ are protected against brute-force and dictionary attacks by PBKDF2, which implements hash iteration and salting in one function. +LUKS2 is a new version of header format that allows additional +extensions like different PBKDF algorithm or authenticated encryption. +You can format device with LUKS2 header if you specify +\fI\-\-type luks2\fR in \fIluksFormat\fR command. +For activation, the format is already recognized automatically. + Each passphrase, also called a .B key in this document, is associated with one of 8 key-slots. @@ -160,13 +257,13 @@ Key operations that do not specify a slot affect the first slot that matches the supplied passphrase or the first empty slot if a new passphrase is added. -The \fB\fR parameter can be also specified by a LUKS UUID in the +The \fB\fR parameter can also be specified by a LUKS UUID in the format UUID=. Translation to real device name uses symlinks in /dev/disk/by-uuid directory. To specify a detached header, the \fB\-\-header\fR parameter can be used -in all LUKS commands and always takes precedence over positional \fB\fR -parameter. +in all LUKS commands and always takes precedence over the positional +\fB\fR parameter. The following are valid LUKS actions: @@ -178,21 +275,32 @@ either via prompting or via . Note that if the second argument is present, then the passphrase is taken from the file given there, without the need to use the \-\-key-file option. Also note that for both forms -of reading the passphrase from file you can +of reading the passphrase from a file you can give '-' as file name, which results in the passphrase being read from stdin and the safety-question being skipped. You can only call luksFormat on a LUKS device that is not mapped. +To use LUKS2, specify \fI\-\-type luks2\fR. + \fB\fR can be [\-\-hash, \-\-cipher, \-\-verify\-passphrase, \-\-key\-size, \-\-key\-slot, \-\-key\-file (takes precedence over optional second argument), \-\-keyfile\-offset, \-\-keyfile\-size, \-\-use\-random | \-\-use\-urandom, \-\-uuid, \-\-master\-key\-file, \-\-iter\-time, \-\-header, -\-\-force\-password]. +\-\-pbkdf\-force\-iterations, +\-\-force\-password, \-\-disable-locks]. + +For LUKS2, additional \fB\fR can be +[\-\-integrity, \-\-integrity\-no\-wipe, \-\-sector\-size, +\-\-label, \-\-subsystem, +\-\-pbkdf, \-\-pbkdf\-memory, \-\-pbkdf\-parallel, +\-\-disable\-locks, \-\-disable\-keyring, +\-\-luks2\-metadata\-size, \-\-luks2\-keyslots\-size, +\-\-keyslot\-cipher, \-\-keyslot\-key\-size]. \fBWARNING:\fR Doing a luksFormat on an existing LUKS container will -make all data the old container permanently irretrievable, unless +make all data the old container permanently irretrievable unless you have a header backup. .PP \fIopen\fR \-\-type luks @@ -201,16 +309,20 @@ you have a header backup. .IP Opens the LUKS device and sets up a mapping after successful verification of the supplied passphrase. -If the passphrase is not supplied via \-\-key-file, the command -prompts for it interactively. + +First, the passphrase is searched in LUKS tokens. If it's not +found in any token and also the passphrase is not supplied via \-\-key-file, +the command prompts for it interactively. \fB\fR can be [\-\-key\-file, \-\-keyfile\-offset, \-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase, -\-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file]. +\-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file, \-\-token\-id, +\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type, \-\-refresh, +\-\-serialize\-memory\-hard\-pbkdf]. .PP \fIluksSuspend\fR .IP -Suspends an active device (all IO operations will blocked +Suspends an active device (all IO operations will block and accesses to the device will wait indefinitely) and wipes the encryption key from kernel memory. Needs kernel 2.6.19 or later. @@ -221,39 +333,48 @@ the mapped device. \fBWARNING:\fR never suspend the device on which the cryptsetup binary resides. -\fB\fR can be [\-\-header]. +\fB\fR can be [\-\-header, \-\-disable\-locks]. .PP \fIluksResume\fR .IP Resumes a suspended device and reinstates the encryption key. Prompts interactively for a passphrase if \-\-key-file is not given. -\fB\fR can be [\-\-key\-file, \-\-keyfile\-size, \-\-header] +\fB\fR can be [\-\-key\-file, \-\-keyfile\-size, \-\-header, +\-\-disable\-keyring, \-\-disable\-locks, \-\-type] .PP \fIluksAddKey\fR [] .IP -adds a new passphrase. An existing passphrase must be supplied +Adds a new passphrase. An existing passphrase must be supplied interactively or via \-\-key-file. The new passphrase to be added can be specified interactively or read from the file given as positional argument. +\fBNOTE:\fR with \-\-unbound option the action creates new unbound +LUKS2 keyslot. The keyslot cannot be used for device activation. +If you don't pass new key via \-\-master\-key\-file option, +new random key is generated. Existing passphrase for any active keyslot +is not required. + \fB\fR can be [\-\-key\-file, \-\-keyfile\-offset, \-\-keyfile\-size, \-\-new\-keyfile\-offset, \-\-new\-keyfile\-size, \-\-key\-slot, \-\-master\-key\-file, -\-\-iter\-time, \-\-force\-password, \-\-header]. +\-\-force\-password, \-\-header, \-\-disable\-locks, +\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations, +\-\-unbound, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size]. .PP \fIluksRemoveKey\fR [] .IP Removes the supplied passphrase from the LUKS device. The passphrase to be removed can be specified interactively, -as positional argument or via \-\-key-file. +as the positional argument or via \-\-key-file. \fB\fR can be [\-\-key\-file, \-\-keyfile\-offset, -\-\-keyfile\-size, \-\-header] +\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type] \fBWARNING:\fR If you read the passphrase from stdin -(without further argument or with '-' as argument -to \-\-key\-file), batch-mode (\-q) will be implicitely +(without further argument or with '-' as an argument +to \-\-key\-file), batch-mode (\-q) will be implicitly switched on and no warning will be given when you remove the last remaining passphrase from a LUKS container. Removing the last passphrase makes the LUKS container permanently @@ -282,26 +403,59 @@ inaccessible. \fB\fR can be [\-\-key\-file, \-\-keyfile\-offset, \-\-keyfile\-size, \-\-new\-keyfile\-offset, -\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header]. +\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations, +\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header, +\-\-disable\-locks, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size]. +.PP +.PP +\fIluksConvertKey\fR +.IP +Converts an existing LUKS2 keyslot to new pbkdf parameters. The +passphrase for keyslot to be converted must be supplied interactively +or via \-\-key\-file. If no \-\-pbkdf parameters are specified LUKS2 +default pbkdf values will apply. + +If a keyslot is specified (via \-\-key\-slot), the passphrase for that +keyslot must be given. If no keyslot is specified and there is still +a free keyslot, then the new parameters will be put into a free +keyslot before the keyslot containing the old parameters is +purged. If there is no free keyslot, then the keyslot with the old +parameters is overwritten directly. + +\fBWARNING:\fR If a keyslot is overwritten, a media failure during +this operation can cause the overwrite to fail after the old +parameters have been wiped and make the LUKS container inaccessible. + +\fB\fR can be [\-\-key\-file, \-\-keyfile\-offset, +\-\-keyfile\-size, \-\-key\-slot, \-\-header, \-\-disable\-locks, +\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations, +\-\-pbkdf\-memory, \-\-pbkdf\-parallel, +\-\-keyslot\-cipher, \-\-keyslot\-key\-size]. .PP \fIluksKillSlot\fR .IP -Wipe the key-slot number from the LUKS device. A remaining -passphrase must be supplied, either interactively or via \-\-key-file. +Wipe the key-slot number from the LUKS device. Except running +in batch-mode (\-q) a remaining passphrase must be supplied, +either interactively or via \-\-key-file. This command can remove the last remaining key-slot, but requires an interactive confirmation when doing so. Removing the last passphrase makes a LUKS container permanently inaccessible. \fB\fR can be [\-\-key\-file, \-\-keyfile\-offset, -\-\-keyfile\-size, \-\-header]. +\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type]. \fBWARNING:\fR If you read the passphrase from stdin -(without further argument or with '-' as argument -to \-\-key-file), batch-mode (\-q) will be implicitely +(without further argument or with '-' as an argument +to \-\-key-file), batch-mode (\-q) will be implicitly switched on and no warning will be given when you remove the last remaining passphrase from a LUKS container. Removing the last passphrase makes the LUKS container permanently inaccessible. + +\fBNOTE:\fR If there is no passphrase provided (on stdin or through +\-\-key-file argument) and batch-mode (\-q) is active, the +key-slot is removed without any other warning. + .PP \fIerase\fR .br @@ -323,23 +477,31 @@ Set new UUID if \fI\-\-uuid\fR option is specified. Returns true, if is a LUKS device, false otherwise. Use option \-v to get human-readable feedback. 'Command successful.' means the device is a LUKS device. + +By specifying \-\-type you may query for specific LUKS version. .PP \fIluksDump\fR .IP Dump the header information of a LUKS device. If the \-\-dump\-master\-key option is used, the LUKS device master key is -dumped instead of the keyslot info. Beware that the master key cannot be -changed and can be used to decrypt the data stored in the LUKS container -without a passphrase and even without the LUKS header. This means -that if the master key is compromised, the whole device has to be -erased to prevent further access. Use this option carefully. - -In order to dump the master key, a passphrase has to be supplied, +dumped instead of the keyslot info. Together with \-\-master\-key\-file option, +master key is dumped to a file instead of standard output. Beware that the +master key cannot be changed without reencryption and can be used to decrypt +the data stored in the LUKS container without a passphrase and even without the +LUKS header. This means that if the master key is compromised, the whole device +has to be erased or reencrypted to prevent further access. Use this option carefully. + +To dump the master key, a passphrase has to be supplied, either interactively or via \-\-key\-file. +To dump unbound key (LUKS2 format only), \-\-unbound parameter, specific \-\-key-slot +id and proper passphrase has to be supplied, either interactively or via \-\-key\-file. +Optional \-\-master\-key\-file parameter enables unbound keyslot dump to a file. + \fB\fR can be [\-\-dump\-master\-key, \-\-key\-file, -\-\-keyfile\-offset, \-\-keyfile\-size, \-\-header]. +\-\-keyfile\-offset, \-\-keyfile\-size, \-\-header, \-\-disable\-locks, +\-\-master\-key\-file, \-\-type, \-\-unbound, \-\-key-slot]. \fBWARNING:\fR If \-\-dump\-master\-key is used with \-\-key\-file and the argument to \-\-key\-file is '-', no validation question @@ -370,12 +532,68 @@ from the specified file. Note: Using '-' as filename reads the header backup from a file named '-'. \fBWARNING:\fR Header and keyslots will be replaced, only -the passphrases from the backup will work afterwards. +the passphrases from the backup will work afterward. This command requires that the master key size and data offset of the LUKS header already on the device and of the header backup match. Alternatively, if there is no LUKS header on the device, the backup will also be written to it. +.PP +\fItoken\fR +.IP +Action \fIadd\fR creates new keyring token to enable auto-activation of the device. +For the auto-activation, the passphrase must be stored in keyring with the specified +description. Usually, the passphrase should be stored in \fIuser\fR or +\fIuser-session\fR keyring. +The \fItoken\fR command is supported only for LUKS2. + +For adding new keyring token, option \-\-key\-description is mandatory. +Also, new token is assigned to key slot specified with \-\-key\-slot option or to all +active key slots in the case \-\-key\-slot option is omitted. + +To remove existing token, specify the token ID which should be removed with +\-\-token\-id option. + +\fBWARNING:\fR The action \fItoken remove\fR removes any token type, not just \fIkeyring\fR +type from token slot specified by \-\-token\-id option. + +Action \fIimport\fR can store arbitrary valid token json in LUKS2 header. It may be passed via +standard input or via file passed in \-\-json\-file option. If you specify \-\-key\-slot then +successfully imported token is also assigned to the key slot. + +Action \fIexport\fR writes requested token json to a file passed with \-\-json\-file or +to standard output. + +\fB\fR can be [\-\-header, \-\-token\-id, \-\-key\-slot, \-\-key\-description, +\-\-disable\-locks, \-\-disable\-keyring, \-\-json\-file]. +.PP +\fIconvert\fR \-\-type +.IP +Converts the device between LUKS1 and LUKS2 format (if possible). +The conversion will not be performed if there is an additional LUKS2 feature or LUKS1 has +unsupported header size. + +Conversion (both directions) must be performed on inactive device. There must not be active +dm-crypt mapping established for LUKS header requested for conversion. + +\fB\-\-type\fR option is mandatory with following accepted values: \fIluks1\fR or \fIluks2\fR. + +\fBWARNING:\fR The \fIconvert\fR action can destroy the LUKS header in the case of a crash +during conversion or if a media error occurs. +Always create a header backup before performing this operation! + +\fB\fR can be [\-\-header, \-\-type]. +.PP +\fIconfig\fR +.IP +Set permanent configuration options (store to LUKS header). +The \fIconfig\fR command is supported only for LUKS2. + +The permanent options can be \fI\-\-priority\fR to set priority (normal, prefer, ignore) +for keyslot (specified by \fI\-\-key\-slot\fR) or \fI\-\-label\fR and \fI\-\-subsystem\fR. + +\fB\fR can be [\-\-priority, \-\-label, \-\-subsystem, \-\-key\-slot, \-\-header]. + .SH loop-AES EXTENSION cryptsetup supports mapping loop-AES encrypted partition using a compatibility mode. @@ -392,7 +610,7 @@ If the key file is encrypted with GnuPG, then you have to use gpg \-\-decrypt | cryptsetup loopaesOpen \-\-key\-file=\- -\fBWARNING:\fR The loop-AES extension cannot use direct input of key file +\fBWARNING:\fR The loop-AES extension cannot use the direct input of key file on real terminal because the keys are separated by end-of-line and only part of the multi-key file would be read. .br @@ -415,7 +633,7 @@ passphrase hashing (otherwise it is detected according to key size). \fB\fR can be [\-\-key\-file, \-\-key\-size, \-\-offset, \-\-skip, -\-\-hash, \-\-readonly, \-\-allow\-discards]. +\-\-hash, \-\-readonly, \-\-allow\-discards, \-\-refresh]. .PP See also section 7 of the FAQ and \fBhttp://loop-aes.sourceforge.net\fR for more information regarding loop-AES. @@ -439,11 +657,20 @@ Cryptsetup should recognize all header variants, except legacy cipher chains using LRW encryption mode with 64 bits encryption block (namely Blowfish in LRW mode is not recognized, this is limitation of kernel crypto API). -To recognize VeraCrypt device use \fB\-\-veracrypt\fR option. +To recognize a VeraCrypt device use the \fB\-\-veracrypt\fR option. VeraCrypt is just extension of TrueCrypt header with increased iteration count so unlocking can take quite a lot of time (in comparison with TCRYPT device). +To open a VeraCrypt device with a custom Personal Iteration Multiplier (PIM) +value, \fBadditionally to \-\-veracrypt \fR use either the +\fB\-\-veracrypt\-pim=\fR option to directly specify the PIM on the command- +line or use \fB\-\-veracrypt\-query\-pim\fR to be prompted for the PIM. + +The PIM value affects the number of iterations applied during key derivation. Please refer to +\fBhttps://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20%28PIM%29.html\fR +for more detailed information. + \fBNOTE:\fR Activation with \fBtcryptOpen\fR is supported only for cipher chains using LRW or XTS encryption modes. @@ -453,17 +680,17 @@ and doesn't require superuser privilege. To map system device (device with boot loader where the whole encrypted system resides) use \fB\-\-tcrypt\-system\fR option. You can use partition device as the parameter (parameter must be real partition -device, not image in file), then only this partition is mapped. +device, not an image in a file), then only this partition is mapped. -If you have whole TCRYPT device as a file image and you want to map multiple +If you have the whole TCRYPT device as a file image and you want to map multiple partition encrypted with system encryption, please create loopback mapping with partitions first (\fBlosetup \-P\fR, see \fPlosetup(8)\fR man page for more info), and use loop partition as the device parameter. -If you use whole base device as parameter, one device for the whole system +If you use the whole base device as a parameter, one device for the whole system encryption is mapped. This mode is available only for backward compatibility with older cryptsetup versions which mapped TCRYPT system encryption -using whole device. +using the whole device. To use hidden header (and map hidden device, if available), use \fB\-\-tcrypt\-hidden\fR option. @@ -487,15 +714,15 @@ a mapping . \fB\fR can be [\-\-key\-file, \-\-tcrypt\-hidden, \-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase, -\-\-allow-discards]. +\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim]. -The keyfile parameter allows combination of file content with the +The keyfile parameter allows a combination of file content with the passphrase and can be repeated. Note that using keyfiles is compatible with TCRYPT and is different from LUKS keyfile logic. \fBWARNING:\fR Option \fB\-\-allow\-discards\fR cannot be combined with -option \fB\-\-tcrypt\-hidden\fR. For normal mapping it can cause -\fBdestruction of hidden volume\fR (hidden volume appears as unused space +option \fB\-\-tcrypt\-hidden\fR. For normal mapping, it can cause +the \fBdestruction of hidden volume\fR (hidden volume appears as unused space for outer volume so this space can be discarded). .PP @@ -514,14 +741,55 @@ to be erased to prevent further access. Use this option carefully. \fB\fR can be [\-\-dump\-master\-key, \-\-key\-file, \-\-tcrypt\-hidden, \-\-tcrypt\-system, \-\-tcrypt\-backup]. -The keyfile parameter allows combination of file content with the +The keyfile parameter allows a combination of file content with the passphrase and can be repeated. .PP -See also \fBhttp://www.truecrypt.org\fR for more information regarding +See also \fBhttps://en.wikipedia.org/wiki/TrueCrypt\fR for more information regarding TrueCrypt. Please note that cryptsetup does not use TrueCrypt code, please report -all problems related to this compatibility extension to cryptsetup project. +all problems related to this compatibility extension to the cryptsetup project. + +.SH BITLK (Windows BitLocker-compatible) EXTENSION (EXPERIMENTAL) +cryptsetup supports mapping of BitLocker and BitLocker to Go encrypted partition +using a native Linux kernel API. +Header formatting and BITLK header changes are not supported, cryptsetup +never changes BITLK header on-device. + +\fBWARNING:\fR This extension is EXPERIMENTAL. + +BITLK extension requires kernel userspace crypto API to be available +(for details see TCRYPT section). + +Cryptsetup should recognize all BITLK header variants, except legacy +header used in Windows Vista systems and partially decrypted BitLocker devices. +Activation of legacy devices encrypted in CBC mode requires at least +Linux kernel version 5.3 and for devices using Elephant diffuser kernel 5.6. + +The \fBbitlkDump\fR command should work for all recognized BITLK devices +and doesn't require superuser privilege. + +For unlocking with the \fBopen\fR a password or a recovery passphrase must +be provided. Other unlocking methods (TPM, SmartCard) are not supported. + +.PP +\fIopen\fR \-\-type bitlk +.br +\fIbitlkOpen\fR (\fBold syntax\fR) +.IP +Opens the BITLK (a BitLocker-compatible) and sets up +a mapping . + +\fB\fR can be [\-\-key\-file, \-\-readonly, \-\-test\-passphrase, +\-\-allow-discards]. + +.PP +\fIbitlkDump\fR +.IP +Dump the header information of a BITLK device. + +Please note that cryptsetup does not use any Windows BitLocker code, please report +all problems related to this compatibility extension to the cryptsetup project. .SH MISCELLANEOUS .PP \fIrepair\fR @@ -532,7 +800,8 @@ for LUKS device type. This command is useful to fix some known benign LUKS metadata header corruptions. Only basic corruptions of unused keyslot are fixable. This command will only change the LUKS header, not -any key-slot data. +any key-slot data. You may enforce LUKS version by adding \-\-type +option. \fBWARNING:\fR Always create a binary backup of the original header before calling this command. @@ -540,7 +809,7 @@ header before calling this command. \fIbenchmark\fR .IP Benchmarks ciphers and KDF (key derivation function). -Without parameters it tries to measure few common configurations. +Without parameters, it tries to measure few common configurations. To benchmark other ciphers or modes, you need to specify \fB\-\-cipher\fR and \fB\-\-key\-size\fR options or \fB\-\-hash\fR for KDF test. @@ -560,9 +829,14 @@ If you are configuring kernel yourself, enable .B "\-\-verbose, \-v" Print more information on command execution. .TP -.B "\-\-debug" +.B "\-\-debug or \-\-debug\-json" Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by '#'. +If \-\-debug\-json is used, additional LUKS2 JSON data structures are printed. +.TP +.B "\-\-type +Specifies required device type, for more info +read \fIBASIC COMMANDS\fR section. .TP .B "\-\-hash, \-h \fI\fR" Specifies the passphrase hash for \fIopen\fR (for plain and @@ -593,7 +867,7 @@ The current default in the distributed sources is "aes-cbc-essiv:sha256" for plain dm-crypt and "aes-xts-plain64" for LUKS. -If a hash is part of the cipher spefification, then it is +If a hash is part of the cipher specification, then it is used as part of the IV generation. For example, ESSIV needs a hash function, while "plain64" does not and hence none is specified. @@ -630,18 +904,18 @@ See section \fBNOTES ON PASSPHRASE PROCESSING\fR for more information. .TP .B "\-\-keyfile\-offset \fIvalue\fR" Skip \fIvalue\fR bytes at the beginning of the key file. -Works with all commands that accepts key files. +Works with all commands that accept key files. .TP .B "\-\-keyfile\-size, \-l \fIvalue\fR" Read a maximum of \fIvalue\fR bytes from the key file. -Default is to read the whole file up to the compiled-in +The default is to read the whole file up to the compiled-in maximum that can be queried with \-\-help. Supplying more data than the compiled-in maximum aborts the operation. This option is useful to cut trailing newlines, for example. If \-\-keyfile\-offset is also given, the size count starts after the offset. -Works with all commands that accepts key files. +Works with all commands that accept key files. .TP .B "\-\-new\-keyfile\-offset \fIvalue\fR" Skip \fIvalue\fR bytes at the start when @@ -651,7 +925,7 @@ adding a new passphrase from key file with .B "\-\-new\-keyfile\-size \fIvalue\fR" Read a maximum of \fIvalue\fR bytes when adding a new passphrase from key file with \fIluksAddKey\fR. -Default is to read the whole file up to the compiled-in +The default is to read the whole file up to the compiled-in maximum length that can be queried with \-\-help. Supplying more than the compiled in maximum aborts the operation. @@ -668,13 +942,17 @@ LUKS header and all other parameters are the same, then the new header decrypts the data encrypted with the header the master key was taken from. +Action \fIluksDump\fR together with \-\-dump\-master\-key +option: The volume (master) key is stored in a file instead of +being printed out to standard output. + \fBWARNING:\fR If you create your own master key, you -need to make sure to do it right. Otherwise you can end +need to make sure to do it right. Otherwise, you can end up with a low-entropy or otherwise partially predictable master key which will compromise security. For \fIluksAddKey\fR this allows adding a new passphrase -without having to know an exiting one. +without having to know an existing one. For \fIopen\fR this allows one to open the LUKS device without giving a passphrase. @@ -684,6 +962,11 @@ For \fIluksDump\fR this option includes the master key in the displayed information. Use with care, as the master key can be used to bypass the passphrases, see also option \-\-master\-key\-file. .TP +.B "\-\-json\-file" +Read token json from a file or write token to it. See \fItoken\fR action for more +information. \-\-json\-file=- reads json from standard input or writes it to +standard output respectively. +.TP .B "\-\-use\-random" .TP .B "\-\-use\-urandom" @@ -726,14 +1009,18 @@ All other LUKS actions will use the key-size specified in the LUKS header. Use \fIcryptsetup \-\-help\fR to show the compiled-in defaults. .TP .B "\-\-size, \-b " -Force the size of the underlying device in sectors of 512 bytes. +Set the size of the device in sectors of 512 bytes. This option is only relevant for the \fIopen\fR and \fIresize\fR actions. .TP .B "\-\-offset, \-o " Start offset in the backend device in 512-byte sectors. This option is only relevant for the \fIopen\fR action with plain -or loopaes device types. +or loopaes device types or for LUKS devices in \fIluksFormat\fR. + +For LUKS, the \-\-offset option sets the data offset (payload) of data +device and must be be aligned to 4096-byte sectors (must be multiple of 8). +This option cannot be combined with \-\-align\-payload option. .TP .B "\-\-skip, \-p " Start offset used in IV calculation in 512-byte sectors @@ -742,9 +1029,25 @@ This option is only relevant for the \fIopen\fR action with plain or loopaes device types. Hence, if \-\-offset \fIn\fR, and \-\-skip \fIs\fR, sector \fIn\fR -(the first sector of encrypted device) will get a sector number +(the first sector of the encrypted device) will get a sector number of \fIs\fR for the IV calculation. .TP +.B "\-\-device\-size \fIsize[units]\fR" +Instead of real device size, use specified value. + +With \fIreencrypt\fR action it means that only specified area +(from the start of the device to the specified size) will be +reencrypted. + +With \fIresize\fR action it sets new size of the device. + +If no unit suffix is specified, the size is in bytes. + +Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB) +for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale). + +\fBWARNING:\fR This is destructive operation when used with reencrypt command. +.TP .B "\-\-readonly, \-r" set up a read-only mapping. .TP @@ -755,18 +1058,77 @@ This option is only relevant for the \fIopen \-\-type plain\fR action. Use \-\-offset, \-\-size and \-\-skip to specify the mapped area. .TP +.B "\-\-pbkdf " +Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. +The PBKDF can be: \fIpbkdf2\fR (for PBKDF2 according to RFC2898), +\fIargon2i\fR for Argon2i or \fIargon2id\fR for Argon2id +(see https://www.cryptolux.org/index.php/Argon2 for more info). + +For LUKS1, only PBKDF2 is accepted (no need to use this option). +The default PBKDF2 for LUKS2 is set during compilation time +and is available in \fIcryptsetup \-\-help\fR output. + +A PBKDF is used for increasing dictionary and brute-force attack cost +for keyslot passwords. The parameters can be time, memory and parallel cost. + +For PBKDF2, only time cost (number of iterations) applies. +For Argon2i/id, there is also memory cost (memory required during +the process of key derivation) and parallel cost (number of threads +that run in parallel during the key derivation. + +Note that increasing memory cost also increases time, so the final +parameter values are measured by a benchmark. The benchmark +tries to find iteration time (\fI\-\-iter\-time\fR) with required +memory cost \fI\-\-pbkdf\-memory\fR. If it is not possible, +the memory cost is decreased as well. +The parallel cost \fI\-\-pbkdf\-parallel\fR is constant, is is checked +against available CPU cores (if not available, it is decreased) and the maximum +parallel cost is 4. + +You can see all PBKDF parameters for particular LUKS2 keyslot with +\fIluksDump\fR command. + +\fBNOTE:\fR If you do not want to use benchmark and want to specify +all parameters directly, use \fI\-\-pbkdf\-force\-iterations\fR with +\fI\-\-pbkdf\-memory\fR and \fI\-\-pbkdf\-parallel\fR. +This will override the values without benchmarking. +Note it can cause extremely long unlocking time. Use only is specified +cases, for example, if you know that the formatted device will +be used on some small embedded system. +In this case, the LUKS PBKDF2 digest will be set to the minimum iteration count. +.TP .B "\-\-iter\-time, \-i " -The number of milliseconds to spend with PBKDF2 passphrase processing. +The number of milliseconds to spend with PBKDF passphrase processing. This option is only relevant for LUKS operations that set or change passphrases, such as \fIluksFormat\fR or \fIluksAddKey\fR. Specifying 0 as parameter selects the compiled-in default. .TP +.B "\-\-pbkdf\-memory " +Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes). +Note that it is maximal value, PBKDF benchmark or available physical memory +can decrease it. +This option is not available for PBKDF2. +.TP +.B "\-\-pbkdf\-parallel " +Set the parallel cost for PBKDF (number of threads, up to 4). +Note that it is maximal value, it is decreased automatically if +CPU online count is lower. +This option is not available for PBKDF2. +.TP +.B "\-\-pbkdf\-force\-iterations " +Avoid PBKDF benchmark and set time cost (iterations) directly. +It can be used for LUKS/LUKS2 device only. +See \fI\-\-pbkdf\fR option for more info. +.TP .B "\-\-batch\-mode, \-q" Suppresses all confirmation questions. Use with care! If the \-y option is not specified, this option also switches off the passphrase verification for \fIluksFormat\fR. .TP +.B "\-\-progress-frequency " +Print separate line every with wipe progress. +.TP .B "\-\-timeout, \-t " The number of seconds to wait before timeout on passphrase input via terminal. It is relevant every time a passphrase is asked, @@ -790,24 +1152,30 @@ Align payload at a boundary of \fIvalue\fR 512-byte sectors. This option is relevant for \fIluksFormat\fR. If not specified, cryptsetup tries to use the topology info -provided by kernel for the underlying device to get optimal alignment. +provided by the kernel for the underlying device to get the optimal alignment. If not available (or the calculated value is a multiple of the default) data is by default aligned to a 1MiB boundary (i.e. 2048 512-byte sectors). -For a detached LUKS header this option specifies the offset on the +For a detached LUKS header, this option specifies the offset on the data device. See also the \-\-header option. + +\fBWARNING:\fR This option is DEPRECATED and has often unexpected impact +to the data offset and keyslot area size (for LUKS2) due to the complex rounding. +For fixed data device offset use \fI\-\-offset\fR option instead. + .TP .B "\-\-uuid=\fIUUID\fR" Use the provided \fIUUID\fR for the \fIluksFormat\fR command -instead of generating new one. Changes the existing UUID when +instead of generating a new one. Changes the existing UUID when used with the \fIluksUUID\fR command. The UUID must be provided in the standard UUID format, e.g. 12345678-1234-1234-1234-123456789abc. .TP .B "\-\-allow\-discards\fR" -Allow the use of discard (TRIM) requests for device. +Allow the use of discard (TRIM) requests for the device. This option is only relevant for \fIopen\fR action. +This is also not supported for LUKS2 devices with data integrity protection. \fBWARNING:\fR This command can have a negative security impact because it can make filesystem-level operations visible on @@ -816,7 +1184,7 @@ filesystem type, used space, etc. may be extractable from the physical device if the discarded blocks can be located later. If in doubt, do not use it. -A kernel version of 3.1 or later is needed. For earlier kernels +A kernel version of 3.1 or later is needed. For earlier kernels, this option is ignored. .TP .B "\-\-perf\-same_cpu_crypt\fR" @@ -842,21 +1210,21 @@ performance tuning, use only if you need a change to default dm-crypt behaviour. Needs kernel 4.0 or later. .TP .B "\-\-test\-passphrase\fR" -Do not activate device, just verify passphrase. +Do not activate the device, just verify passphrase. This option is only relevant for \fIopen\fR action (the device mapping name is not mandatory if this option is used). .TP .B "\-\-header\fR " Use a detached (separated) metadata device or file where the -LUKS header is stored. This options allows one to store ciphertext +LUKS header is stored. This option allows one to store ciphertext and LUKS header on different devices. This option is only relevant for LUKS devices and can be used with the \fIluksFormat\fR, \fIopen\fR, \fIluksSuspend\fR, \fIluksResume\fR, \fIstatus\fR and \fIresize\fR commands. -For \fIluksFormat\fR with a file name as argument to \-\-header, -it has to exist and be large enough to contain the LUKS header. +For \fIluksFormat\fR with a file name as the argument to \-\-header, +the file will be automatically created if it does not exist. See the cryptsetup FAQ for header size calculation. For other commands that change the LUKS header (e.g. \fIluksAddKey\fR), @@ -867,19 +1235,237 @@ If used with \fIluksFormat\fR, the \-\-align\-payload option is taken as absolute sector alignment on ciphertext device and can be zero. \fBWARNING:\fR There is no check whether the ciphertext device specified -actually belongs to the header given. In fact you can specify an +actually belongs to the header given. In fact, you can specify an arbitrary device as the ciphertext device for \fIopen\fR with the \-\-header option. Use with care. .TP -.B "\-\-force\-password\fR" +.B "\-\-header\-backup\-file " +Specify file with header backup for \fIluksHeaderBackup\fR or +\fIluksHeaderRestore\fR actions. +.TP +.B "\-\-force\-password" Do not use password quality checking for new LUKS passwords. This option applies only to \fIluksFormat\fR, \fIluksAddKey\fR and \fIluksChangeKey\fR and is ignored if cryptsetup is built without password quality checking support. -For more info about password quality check, see manual page -for \fBpwquality.conf(5)\fR. +For more info about password quality check, see the manual page +for \fBpwquality.conf(5)\fR and \fBpasswdqc.conf(5)\fR. +.TP +.B "\-\-deferred" +Defers device removal in \fIclose\fR command until the last user closes it. +.TP +.B "\-\-disable\-locks" +Disable lock protection for metadata on disk. +This option is valid only for LUKS2 and ignored for other formats. + +\fBWARNING:\fR Do not use this option unless you run cryptsetup in +a restricted environment where locking is impossible to perform +(where /run directory cannot be used). +.TP +.B "\-\-disable\-keyring" +Do not load volume key in kernel keyring and store it directly +in the dm-crypt target instead. +This option is supported only for the LUKS2 format. +.TP +.B "\-\-key\-description " +Set key description in keyring for use with \fItoken\fR command. +.TP +.B "\-\-priority " +Set a priority for LUKS2 keyslot. +The \fIprefer\fR priority marked slots are tried before \fInormal\fR priority. +The \fIignored\fR priority means, that slot is never used, if not explicitly +requested by \fI\-\-key\-slot\fR option. +.TP +.B "\-\-token\-id" +Specify what token to use in actions \fItoken\fR, \fIopen\fR or \fIresize\fR. +If omitted, all available tokens will be checked before proceeding further with +passphrase prompt. +.TP +.B "\-\-token\-only" +Do not proceed further with action (any of \fItoken\fR, \fIopen\fR or +\fIresize\fR) if token activation failed. Without the option, +action asks for passphrase to proceed further. +.TP +.B "\-\-sector\-size " +Set sector size for use with disk encryption. It must be power of two +and in range 512 - 4096 bytes. The default is 512 bytes sectors. +This option is available only in the LUKS2 mode. + +Note that if sector size is higher than underlying device hardware sector +and there is not integrity protection that uses data journal, using +this option can increase risk on incomplete sector writes during a power fail. + +If used together with \fI\-\-integrity\fR option and dm-integrity journal, +the atomicity of writes is guaranteed in all cases (but it cost write +performance - data has to be written twice). + +Increasing sector size from 512 bytes to 4096 bytes can provide better +performance on most of the modern storage devices and also with some +hw encryption accelerators. +.TP +.B "\-\-iv-large-sectors" +Count Initialization Vector (IV) in larger sector size (if set) instead +of 512 bytes sectors. This option can be used only for \fIopen\fR command +and \fIplain\fR encryption type. + +\fBNOTE:\fR This option does not have any performance or security impact, +use it only for accessing incompatible existing disk images from other systems +that require this option. +.TP +.B "\-\-persistent" +If used with LUKS2 devices and activation commands like \fIopen\fR or \fIrefresh\fR, +the specified activation flags are persistently written into metadata +and used next time automatically even for normal activation. +(No need to use cryptab or other system configuration files.) + +If you need to remove a persistent flag, use \fI\-\-persistent\fR without +the flag you want to remove (e.g. to disable persistently stored discard flag, +use \fI\-\-persistent\fR without \fI\-\-allow-discards\fR). + +Only \fI\-\-allow-discards\fR, \fI\-\-perf\-same_cpu_crypt\fR, +\fI\-\-perf\-submit_from_crypt_cpus\fR and \fI\-\-integrity\-no\-journal\fR +can be stored persistently. +.TP +.B "\-\-refresh" +Refreshes an active device with new set of parameters. See action \fIrefresh\fR description +for more details. +.TP +.B "\-\-label z$7-;9{6ubavMOIFXM&bqxUJ{4Dh}=Cg}?{m5Yz`>nhFwKzm9c9US7q|{Te3#SPqND zgppBB047-{vx&f|yYAbO&5TtTe2xTUMdOVi*JMw3!Uqaex`$Tm z+yYx_NtBuU>l+Z)Mg$8woz~xvM53xZ70z1*5y_MEd(3+(3$z|*DQ{h~^u`y{l`IyQ ze-PuckAm$Q5<*VpMN)qaDHVsFjWLml( za^_~MHD?d5FBAofyRJcl;-yRA)Gw*zGeaB*g2du^cDwp%I|jEVZp>Z1ukEP)6fedu zmoAeHfdtqp5kkyA02dD%diD| zeDT{Hn$DYZErhc}chm6OZ_bQ}W}T)^))Hq3BXaBgXwQ!H=h9VjdTcRI4sfOm94vCm zJf@Zp26!A+IR^?2Ggz{}GT{!EMtEp^jJ?!sa5YjE<@^yU$~FFrYI! zRV4rebr;3k#cwvcFjeAnX|T*tG2~-(6^m!4pu|&^%CI!|{%rJ4x(-R`BBb-;$`)W_ zS(R^H$^x8%waE@E=BVNboJ5nkAOb;EhS64S{sL#7=B+@(?io49cdG)p5`qB7X$XR3 z8ANkH%Ak%rTq1T}5Lz@>o@VgPV6Fh)&B-Tox$MKqo>Vuf`56W5`qc&+qFbX$x$Na0 z_+L7%DV$-7ZRFo4l-_)~dy0Kk`vk<3~ z*V~+VC>r$}!QZ-i-Igv?fk<*g6MCicX}485MWtEEen*v9(1@1#1J3yWJ+kz+ z9%BkMUC)it*CF)~No@o@PTCx3(6!7pt2?uG;Q25Dd6D%(IoJ#n>zr}ek6xjBA%z(( znSGukFnakgY&v>V&AFGEQ+u!?(dUOhQL)&_T`54j@7ae1P#UV%^pJ5L>Q!&*dFU}l zfx)~;ENdIomF0Px=ectP8Jc-dye+`ogc`^`_LUH1QXv)XMGmoG;DbUf$};QZ7s#F- zx01dH!1>;~vM>cm+pzc!!>TR1R5L{diKM>B62OI!ype*Ak3WdtPr6EFhpgIi1?8>{ zuUJ72O?lcJx+i><-vJ7VHNh;{>~V5mx1z&0qjC=XAYEFeH`sW%r;Hxe?Wn(g;x-g6 z(kQpM;Qq`L#&n#W+;{lAhh4(AhTV!O6h?Wn+_!jjc~0cJtA_p!1DL@^28O7#CB-Po zJGP8+Qlqmsi+;_v9?Ug5C@JcX+!&?PLDFaF4b7W13=XbJG@p3tG=;~~YfQAV2@ub8 zsNAAog^6+4P{!JeBdLb0$#9hLo-3$CrZD~##o^?9#pIIU>Cw21bdO-HlE7OO_Qp?J zz>8ow#^!A=_f(}Ku%BfJ?73=@dlUVLPeHt~&|FI}SSZGf1rSlozlFbuh9hR8kMi2M zFEVM$+DvSO*mM#7*Dvn3$eiRX$DiK%4?lAjWF=NqzL_0!9;Tz& zI7^9V2S`(mmd6CG_=K1MN-y7>env*-;cCyaQ2z35>eb8DyMysu_BIA;klnq81!}Vr zeu;w}E@jil&QT1zDo>^CgWbX~BNQX6u#Wc;J|tA2)4<60XSj>>Gnb6g%G2Jim!KrX zagW^2vw$Cuylu^?aD z*vT=ZR0hi6#F)Jys~7|^>M&Q^6#MQ`o8l1=wV{?_Bhseu-?(9Oki>Zl686}mdsLf4 zCXCZ7%J}VggKGL^sK&FCuRu!`!`_>Isej#y%8xv)r1J1zu8fF^O_H4P6@1>SbU(Mc zH~22%dI}*$Xp5udbdwNBcm`IC4mx^b6&%woD=pHrl~z5Si%m$ZuVSa^PqKp;xl~It9x;Ys^|UaqhCcLi=!g8X3YVnOq1;uDbpW!&TuW zEK{(N8jvKzMpeX(1#)s7VDp2r#FHkh11!UJes8ofiXilBw8vOp++7tr2G&N$;)cSj zC#`%|a||$B0TApYtF>{Ia3CzwT#;M8RHGUQD@wG=MMm92g%G^_PP785(c+0G7ng}Gtv?`+X`e4<&ZN8ZEd0Us4IXojioD7t!jkghpOY;RBI$k%z z(+0y}6&bmL=-PN)0#Wt{t?U5`#0k!pNEP?+mVSv}``|^%n>f$%^;7%NOw*Lgh8EO{ z(ulWK=fxczq=E->&h*xb%--Y<3EAFcP)GM>MCL$5s#%1Mm&7b)s6|#uhSg-Eq0D`j zODRDdOh=X$kogWJNB2R_ve&YF3)gR|R)ir=ga_|*V1=m|)l;H01V zOepeE$Jnc@87{;y%Tg8PLTNSqczMC&6*6&)s65VNbh0MyzJ+s^i=E;7UoGB$?S4P| z8#;d0?-=VU(ADrJ9dqu5*%t3(IT2Q7Jzxp8Rkh~jG7hp`Yeq`bEEu~;BI<)B+hrWi zb)-5;#XtNhUa1LyNfVqr-ijU_T>69>!;{~3h4X-D#0nz%z#C0s@5E5(Sf#e0eHcWs zL3-xBE=m4L3}U6ayWnN8jmsCP4;rs$^>%Q_T;Kw|P*ubsibT@h@>m8c1@_R6!?_#F z!6|{dXe}Lrj&~8rraBr*rJ!i8T23N^nq9yg4$LUx-)^b76tYl!D;U4@QVML!rT0Xe z`Tn|jva-bsG-o@FD(>Bh8b#co^y>JU)_Dt3l3N31opVjb&di}oaxzU5+ zgmHPe_3iRFmN3l>mcr3Kk}3`h1Qf@E4g6HiKLohk@yd_6c?y^3BMB|VD5n^ZzEDS~ zuO51~OvXY)g61n_Y#K_dC!A4bS0bvNNZYfu1jJpv+8AxEO70rdxCN%z%GP|lMa2c9 zYfcO~XgLww(+SHizD}45bn6a}oUl?AWXSk=A-IS6x!4!5RajQHlfG7I*llt{G`|D7 zx|_;x24_XqD=z_#s;PkQdpxgFP6v!adM6Y!ZZQzCgL_aobDgnM@!8@;cY~@rRzKSa ziF~~Q0Jn8Ky;9xD9eelz=x8J${#G4~@H2!`plXTs=R1wo>p&?}^%a6iV^sL)<9qje zB9}>A1}?WSz7Q_sXA62=j|x<}#{VfbPFTpa%fb9sLj-&Sup=tM)X zK-D$#`|B_<@#XijZ5+?Hzg&GqNu!-5{fY?fHL)GCS!+j3jyeqoGt#CMx8p98*r;jy z^4e71c{er`0vD!=X0g*dAHM&)-`q7`WiiA{M3Z5UB)Lf}yxZ?mAwJvGDRAGryw@nI z!-<+?bIfyxERE_>9 zJ98IdMvm3U2&zmGjD~&Du*s8b7hdM(G^{9r%9$wJ9sX|c?;5gM4DEL6hFnM9R$aB# z;kM&lb6k3v+O+=pc03}_+mHaXQZ=F7ykf~yk>q+if}D~&WquRSBW+Pl`A_T$;!W2|~m<_%MA0=nJ# z{7?_`4E@@yh=WTESupX_+3{1|h+bOTK3VV(xJlL9+lP9{c$*zPp4&%?`YsP}NkL=R z!GN7|@8xBj>B+FyT(dJo#s zqysL+5w*?BNk$&VIyRPcXVpaNqz7v(eLC+gO<`U5;$b?D>fjwWwH@@CvxxjNk%ZQe>dTDmEcB0pUC<1jT~v zA0Ho5tKe8ZgbMV4PShbL{$Hrf|CgCkVp9=RoDde%C%ZOtr|X~e5#UxDk>d%E_GXW) zII&T(}g~q&34H?Kt-T*n2u=h&60$%?&9!`LAO7sKdiU?bg`pAjUG4a(n+pj zdwaIm$^#om6CA|we*KA?@uRcgu^qvZ8hICw!xpN#hI z>_OzFkkJN;}V>-=ElsTeD$@JVYZ2JS~FBTO2;Vezgx|Z z&i;)jkQCRIq$L#wM{&eqt-P6}bcW8-)YBhWH$KTtZTlZr_Ik!Ei-odm|WC|(UWYFn%)Jk@JX``J8NAe+=Ib_}9VDeX0M-+b`d zsN&g%L3vh{J?QH){cSP!<-skU42?f{OxWbxTlm##MJ%G6O`q@qSWkK7CyUa#@hD#< zhV03#>R#FT0d|B)v3MR27gLSq{ZBvmD7Z^S62XOxs;1N^5*6Tag}g zabVne$2TU}Y*gmZr0DD&ZMRfhiNp-nOz|)3bLp<8z>+EnAayUS;LpNa-(qc5%gCK{ z9TIU*cJ8?!#GA+>k)-~Ey}hi^b9;SRM4`X36b1(U&` zOT@a;SiNco=_s2E*sd#GJGtx0xQ=?}X@*GQ{>C>l-69J5h8^Qte%xWlauM`jqj_@p z#F(F(f9~J??fZ8>|N8#dpZ@0MKm72=4?mm!x5f=jL#Vyf$-mtuB>4ZR%r)ADDo(@M z2_xdcDvUiV6=#WZwA90-aJM`;(&*giE!yB9$%D;LRR!6+OIAKlKP9EhmjDsy5OeGfJ(Q8{AQ)hI@`Qk5O~PCJuFd!1HcUAFFGOQ^TA_{F@F;D};;@(aE&>z1w+J z)TCp04C=8t|168hlA=mpT~DmZ*u#jcMZU0Q8XI6Cr{e;`=k9BUiVZ^+CYGn!u&uU) zlnK>>n9jPWt1!oWyV{?AS?BRt=87x}DW3-lBAVNx&A29h@GJjnq&i`5x5Tm3pf49< zEqE}rkvtWX3)VBXjT`ikp>&;3AW@LbC22ca;9rE0Oj8QKa1;aPt6`dQ>b28e-8@#RZXV6;hhQZ3mA` z*G2AXB(9kg8;L^-ye_sRbQR^yT+#&dP^yJMyB+YivBo>JSX1xnAo{B4-h` z!%t@>SE`I!U}ky1`h``yFuo&;;j4DC6d#k8hWC}u)?lW*^4Qs7qtjUWA@M`zfesQ@ zm{XR+Z%(!|Qa92cDi=SiJ4~}8J zx9in20mifUEz!3mSy=o$6r6J@0g>Iy40Ib)n|jyiLX^-Kp6&3IVuQU;X(TwK@H%~Y zq)HKSko=7FNVM6AmnsTRw=B}2a4YYZqsVhnVDI$ocnR!LRUqc#E6D`AR0@omww*N< zAU2gg-k}$D+FdELURqR&50oZqxQXJ@8t_gOab8f!Nad&8hNwdBfNc#{HGz z)75){i+lD6PZlc3(c<8V_=Wj<#V>4$7!o8ynjN;(n~?rrAdwn!VkPyt^r38tFxYv@ zJtG=ar$|NI2@SGH; zeIMH5b}CQoayIA0lsTd~g=KBz7Cbbl{Gn9r=0ufLWUA_zq6$+aq=#0T+M5yno*9i* zp&e2a77-G%Mc<(J*rU?-Km7EIyPyAVa-Spw9>kTYj5?fF)3X8Kjt#l1vzC~bhX|q;ydo(KHEvBp9CfS=%*%4Q6Uc1M6Wm<~FgZTLiBJCSc&PoxmBKaCnNv^?0gEY!$8mXdBS;qaCXB6 zx_EVJ@xE8b=+rp~Qk;3gVf!wy#)TfK>if-W?;)I#EnI850$=DKN0Ri)+tbh@_%TM@ z(2A*Qfhh>fF0L1BK^V9h<&Yw5+|X?A+WuK&GRR(gOcIX;NGr(^ursQ&doUyVs}KW| zN~w%T*&^UgMGkIYlQ!o%(t3&oC6HDX_&|oPI52HOy)ybs-nq8yH-0=N$_p5}CAGSt z%#&`eOqv}%(Z!tu_TB>!wm8RF^ftpie%owr%Nu4q<}jS;5lLNQxdD#EtWL6wDpZ?k zR9tCLtHyA&WUyh6Gz-(*e0klXH8(fZnt6jNGh>S?i}?RqK<5oM6#==jR9sT**6hfl zF3>xV0ct}h_b0@2jlHSBdSa$PFb#U9H#O)`iFW;Q6m+imT#bsg zVa}g(H^#)ZL=iS66TTl%Lm?+$^q)MlN)2)|bEL`3P3hLjTAgGiv&ej*VmXb)>xpTA3B<(KEaBvq;yvY~ZL4Fz)1=qYq zH{N%{;C2{AAuHy+c3Wajy(PV3FJi7cJCPKnaN@K{n2RjRoVk2w0XWGA3;&Bt;>!Ip zcqVd?p>vJmhbF?e2`TM1V4kuX1;JJB7=8m=p1c?o_L3$<6dKW|CGU;)D+OV7bX+$} z)q-s(x|CRf&|10{R6=^0K^kHv{LxGZ>^wXI0570zyQZ4!?3g=$!3&W4%0>-TKT4Gf zMIws*h93=VX?-YPsM5DrWKZa`{L%6|7sZy{tD;5K=5Z4KVqJb&;FGndJmn*e){>`j z*yYn#DnaYw)QOiFuhJ7~S&x+kw>X6>tLjWja)O}S7J)#Bzr_!9zc<(9&Ae4MM!{1; zBtI@G3OFaW!XuU5lEq_hS2~w->t-C$2XXa@B`y^d5^>}z61P3uvXTh28Tmfkn#~A1 zRQPutyz?@o_Vd|?U%VF-%D~z!taprLNr_g)qScAgV~!~p*QWq>FGxMUupn>XK5_P+ z5Rs=>BK6pe$x-%Sn!}WlMgz%&!l3vrZ~!6c=pY70^<>|@_61Vg<@XXT%@Ax^CsjQb zIprvk?fk{5st8cuJB<($>XHomI`09jT2*Iu+|C$)c^xh!D7KQ;GdSVwF$I?A+p2q} znEvwgljC=r+8mZ^hWEF|QBYr}^>kBf-QF#+9#)^V3-DlGyzU%L+7L7Xrq$J=4$%Bf zynXp+#c;@u$SYjQolRwG;8le;k?aX{)Z-iX6qN!LsYaE$q3Aj*!Nwx4hs@7k$(cg7 z;s!-nq5z`ImlR?U7nLtce26Xv@YH;|zOr`#JM(NBILDR24IzBLpf*U76TpTI>QDIN zO{U24AdB38R9M>5h$>S>2z;%V*BHKAW0;sI`_7_KyXYFKCUE6bG&%5vg=kmf8snAW zc&ma}=;}50U3pqZjuXYV5aRKJfACrR!3@nE!6zEG=mbEayIgPtJcUOjjMw~;0m%&K zvr|+dc4`2v!GRc1>43Y&V3}oUbw*vIfiJNED{?4}1!^EGD{?2SD-LvFAFdX^mafC& zJFSZ~GhQ7+Hy*Uek?e7`)ig_1jgKRxc|P7Ijx1*KhN`sD8^|{otwz4%{39A}Wh!=+ zb{pgz8Ikgoki;GwgsrOAoa-v3G=_3Zcd^BmUmcmm+aTKPVi_RCnWR575vwQ<)39g@ znLw)MiwFTConpENoTA=4J6s|=;I-y|Wg(}H3@^de5kJh#@74IX1kV^|N}xbK zA8M6Yur!(sEtySrYDSJx-0M$CqX;`opRNgA&0R}yNFd-@$WJ?#9$C3$g)!a%e_mmY zLKn%r3u7qzMrc2N`)=I<5*{#S{vFsr*Xl{1V(qREp~E4+etfw4+Jw?K8EEwg!Sd^G zs735!Y1B0UMWz-N=`N<<98+Q303n0#mFAqD4u}zK#r7C3kUZh$87l5;ACvjkl1jCE zlBO^|i=`bzrmd>ID)7#t{jxttdyG3m;T);iQRT*el6$erC9dr?AVOJ&Z!iaWt*Ry| zj|juP%ReMUY{_xJ=$oAnl>Hdy;H_s zGwsN=3WD*T@hT`bTvIn79X=52^r>DL)e$bSA-hO7l9rd^q65;Njc9M>)$2;it9VGm zM^ie=C9f!_MP%FMKOt}Htt;_e7d7oI4wHkiJ2uCjN7VRus48%ZRdmz1J(lu`9*Mq?^2G=kmt22~>Z3Br=#w5SQ+9~I zo5bw}JKyI_LcBo3Qof`{Nt#tBx!3TS642?<`%Qa-vU7ieGKC|GTydOerO$*9xcpV~ z$PXc^U%&)AhUz-&dtr->MZAJS=c26y&z2xpjF7yYa@I9U&Pc0e0}XX> zFM~Ff<)9gj#|Zi{Uc>_@qX!Ls3r&~e$6^>3|t1DB@ zoGug?x=13p#*RERRTsu7o>{g1FfF*m?yJU(FJJ}fMf*hhqUMTMT#-aBz643|fNHEv zr!zg$eWz~$W69BV>3xIjj&;8L)<$cfIiTt0o)iV5 z!vFM+9(Z;id4A$?i35ZTZYyFwtZq5yVRZxxsw{499QqdFmTxk)n|$#m^=p zO#H7N2c1L+97o_)I()|vJxoD~*(s;*kCo7ycshOO44WYG{h9d91t@!CqPyuBTTQ#$ zS-yRq=2t(`TeW2@hdVMGCkYctTCi%Gw8#9FuXp@vzKPCfVI_zF^*z`7><7z9Q*bda zZ{xiNFR<$cDWUeVaPV*6s(y3*(ChB?HO5Aa^k{B-Qrl>ByHWFHOhy_dyVS{V`tI`V zB;3Cn%-+paCq)#I@_QrgW)_KKCau<+TKmE9Z-RbJeMF-2Pk6+%wYp3)Wa(_Oe>~Y= z>`{|iIVES4Qap&TZ7RmoBFJ z@g$GQV=$Of61X6jn~-;lUovLIWA9oMgcz?jbgOPyeb&uYPQ@Cvt0-RrY;hl(fIZ=$ z+^nW+K}vxE{k-Y;3$3)`XBUdm5OK;+ENq``z-BXYzgV2Y-3mn)u1cima?=+-sg8dzVoZwereV4W&wDQpUw`R zkZq1X?>aVijvL{q*CTT&$!3}p*MJQe5p<;62lLYfQ6PwsRDM2L!ZP+r`-W}JnEOp(($pZ&d57Nl>XgnK@EW6utc34Ajo5pK4Dgm zHS{$z>U~a3bqd%9OXSH0uI6azt3y0ls7Qxqe?V400f$z!WBSdEm~-1e+vFqvm2+dX z9lf~>BYlj1XQyaZ%3c%ZULey!0-M%1CvB_4+2Tk%E!)MAZKL1w(VQ09rp|n`UR?Le zw&KihXxCU9Rl0$jK@dG<7Ybht*obb^$IBIUCbF?P|K>XYM!QxvjsN+4Nxp%@g{s^T z0jVp|QImoUFkpbg#BlV4Tg8ee@DTh^+bbuK{KdNPMjjB3`rgj7 z6}~Z=j|GQM(L7diH%?D}ugf`ksu+<(L#$h#EiUcg!@rlqk8yr-{rD#W(i2CQT0&#X z`*C|tNp4KJlsI^Z!tWP*dz6jg-$Q_@H(u)AV9<{pFtpXr(y?GX%FV0*dC>_)^jV-i zpH>yYO%A!j@U9%}VU=mZ&;!$Ne0UVC{Deb>zY*?=CydbC%RkiB#A8nMQOx;Fks>k36yQ(gWeb|OWMyH!u8nCpODNxD+v zG${#)_g!;f+p^gBvSyH*MWA7RCHBJopixl7Y>O3MP@YCb{!q)Djkj)JFxdg;#_+7EiJz9NQr^%;2=Nyc#UYYgGTV$?uAb)&80L8tn<>P# zywHoK!F?4f6Xx(+w*R1*I!NbOKI8mlf$(Q(<3C#PK_0?JfFIQIsizOsXA0q!4^Y>P ze!l`~q2Ye1r7ETjeWSJyZa!swH#;QI)WhlmDg!ZoChU|6Q0iuDrg()3>bjZMS8(~g z-BL}RA=2IK+EPj6ets%VjdGPuhXN|EcMs-K1FI2}6-X*Ol*y4{j84Jdkb}t`NL#$v z*<0c@(#_SyP}k9NySZ|1&0W`u*Bhqz2qa`AXI?TaF*3I#+(UBkXUS`obX>QuV+gxx t+DkDEDz+NWm!FT3a(`%2bF_d2xiLpmR`3sk-Wxc{Iu4aG$B!BN{{g<{my-Yh delta 15370 zcmZ{p2VfP&)_`~D2{i;lLdzzQgg`2U7J4U?5JE2kH^~jTmd*#Lp}#9pytdp`AliX#7ab{E7~mYn%!W@o3IIdf*_^3`*VPJLFd_Wjlk zwkl22t|Q2RdNWN6tEXwLqBTwOvvf_X4+p}rh&;!2O=}BJz^C9jcmQsT)3hhxtawek z3AX5>Y5U+7I1o;ON4N$?_U0uvH7 zEfS_d+SG+yWcHoiGhP2&3Seun+t$u~yT15lN(W;cO^cSP#3wgRn3B z0=9uVne;*H4W+_4usvJ@Tf<#25AKHzU|2GB!xm6R+#7a+ZihG263HT?4obymA==Y^ zgJ?;M?XGDf;YcX?tKl&CFqDpc3n{84_OQRtgYv!-@~7=5ka|9W(t)rPP2*4NPrwXo zwZ%k4g|$$6RtKfW2cb0h8I&msOSLN=1x1CcU^{phWO}uy9KH=1y!JbkdXi9+l*@%u zt{6(gYwUEbb`KFL_#%{%d<*$ji>AAs;b;Yx! z#=-fp4337UAb(mr46B8_hhi(Upwv?VV`yKyn}}%OX($zcC@)|bh9Mp50%Zh4Af47` zI_cF=D%uG}Lnk1!rTq&=!mhn-Bkc#Jo`p~}djpi!_9&ET*G>|V5&sIM$3009)!Z-^ zZii9u8K}cEQ0DRnC%+w*C>>6NVl!i*4oe-bg{?{NhBBqkLz$Wn`l5fSNHLLURZD;j zUYh~=({3RUl^ubinGc+Flm52Gx)LuKBRmXcU>`edG{_!6 zcPIm$;_#+gA~GlYpp4*CD06oSiYg-q+p6mWb<#OdtauTWso4N!o$rA%b?-pwPzwSX zVJ?)8Rl`{L2%H2@Lb18p&O>b@83jcH6;MXJ4Yq~PLebC}i1xMm!x%Lj2&3V(P&$4q z6i2le%E*6$Q80$J*#>4nQT-?=Q|W_zU#s0pM67p@!?&PRP=ACy6-f?9Lix}IWyEV> z9DEAO$lip~(Vw9VB$?hw{v=o*1{?;Vv{wa_Wc}9>kq=+CGBoXila3!{&-oOHkI|Mx z>`B|}@H~ts-Ic|T&(g*~rdz9oQvPw61J6Mgik3RYeqRJJAFU21)4ui|5vEORJl5{< zXh_{!Fo1xTm z0@ijT(sY7tJXtW2^g`Gku7_RVgHT3v0uF^2q1eXYiR|fcDij;2gGuliDD|F$GV*5h zLacrSl!1m|JNQH{`cETroQxLmS1863j)``Fu`n49fTDUgl&QKKik~>;q#NYf4flo# zW%3OfV%^b`?d3Na$_H*JbG!_u!@HgIYfwh^ zPbecz&c`5OK9v0Tpp3N56uU!Hpww3lJHw4oG`**mh|I}Zh_4orG!f~^1t_YDn_(9m z0(H{!p)9lIPX10P8aV_-bDu)#P^+2tNC!GBfMR4fLow!KP^PrmEPG13!Qrz0^NFPL zVk?Y+hoLm^oNb>WclrM%^a0}Go%TT^Q4?DsJbDRM|8Q>7etZ2m$C23E? zQd$2k=i19>DHIJHhBD%hU;HZto#Bg6RQefg4kPB<%Pba#lkN>u;7}+H_@Fcxgwj9_6b;-4 z+r!6TCOiS9dx~&2aG{(1173jQxK0$?_k?x}(SLt3jxV&2&5cTI8^)VE6%S2RnQ1j`x8KQkwup<&VQba6jw~{|}0d zrPTWD{X7?nu?1l&ycbFXXJ87v2$?>uyWcLq22Lcs2M(3@P%0iAu&1a3jv{>@91XvQ zJz=jhyL>SeP1fE|q$`mRp^U8IVtYBI!93EFU^?6Zhr?4)Dvm6-RX7Xkq^n^j+y?u? z<4`)(AZTkc8|tJhUFb^JUYJJuEX}N=KsM~ai^UGtK^gIbFcy9drJ`m_ z?2cu_EYd+JntK5DfTy7kUW60~^61K0gjW!MTqkU~6kp#FBiV7cwz2N&$ z8g9MRe%}*{bw;tKtX9kOodcS$03e0kG$C+sge=DtZ=5gP+6pu+<9NW_my|%9&86=q@-C9)|{u zxZc*#E-0FK7m6)4y@7^ggp+Qt*YR2?4ZI4aLq9?pS;rgghI&Hj*nIdl+zz8*KsE0lIm)Dr1RBz%>P*ij)>Ai3$`~~L2?9H}@)A}7`Me%-4rNuelMH?k3;&X>09j)?S&&qe+g&6)LZTEZi3TDpM|+F z#boqwDVz(xfYO0cx7o{Y1*{!I#z7)oVB_2EihICrqyw-myba0}JOcZ}*I^!Pxy@eh z3*ao$RWKT!hRN_e6r*gj-CoAy;ZV}I!;$dq?dU(2NbDW928O_vq!+`^aD~GiFpcy< zI0SwR2g0;F?I|dQlK%wEhCjj#n0}XC?*bS{dNXVz zz5HfE8Bq|5HLr!z@IEK~BNQ8m-C-}Q61boAZBWWhuCqI|9!dvZhSGtrU}vb+?zDRv z3+016xDc*`L*Y+OexG}6RR&>*{D+{d2K`=phZ4uwNW zuZE)O+Etzg54Y%7j}y-81n z?co}SyP!@7d1fG}qm*=lY zA2Lot8L2#Bq|1<7h);yQtXw;o3huZnEzyg}FemRu_zE(b@5BfrkoLr7ntnvekdF|n z{a>w!9pq6c8~M!1`wf1GM3N^@BPgn01p7I8UieS)SP0gmNPCGbK;n=&q%kqehE740 zru~Hc9}z_mviH3+gZN!26L0km(4IJ^ml;gjNXqArB!PkvoxG z_@ti zpNz<}*M@C)*(8EaMj-{l5$V|F=Tjm@y)_vKdZBA}G_- z`St_nozLMG_^}f&Pz-Y(1@Cn-E;!U-Q>OyM$(sn1k!9qsfB|?Ic82lrAkqUVMv{=% zkj6+i=3uIhJ3y8p8ZcQv6t%3oMsT}Fj|eVLIs zd7N=1KdnWI9&}geC9YtJUJ=lZvMC*r9>yzEmNoageD1;8KnuFDcuKdZVRWa`RpBnu zOWoB$Z=ga?@T7$sk4^2P!i^5ox)@ETwX$Np2y>@p5FVV?jWB8Y1j69-1j5^QjK z*!1g&zcXV{J%5tXVP;1XU(6h2#LSjYC(M?Di)Y6Z8ne3+&YUxn@Qyi>GkV@I!d3J7 z5+0bBO!)acDPKKb@_R4nkr=LxaQXdouh`=+(p`FSx!bLK1A(#vS7E7M2N3f;jV^oUBU`Es}`k&-1Y>CPJ004vmu zPhD{tSH29Cx&2O4dP4AjWK&hAf-Zc%$_gJU=-9l(?J9DY({rzMF~2Y|=E}F_y!xX` z-fk%D(*DnHnHTwz7J2<$p;XgFa)nlxo-U62 zqsLWf^UtsUSuB$swNS$Bg=w8>*Hc!4Iue4qC#cJmx++~BudBe)&cqU|wM2~X)sk5l zRgp)GZLOy>;UP}~Esbg+1~S^GT`p)VUJq2d%Zt5%D*Cmcth@2x;>3nQ zcM+-a}8jbKHzu_h#%IUDL>oDc0Z z_Efet^r~^u3|Z{R<6p?K2>A5;+%fo(V7O6OB~y80mDtSvRhfiuR>@*)x-&Jr=0 zJD0>5>zA~&Vv^psMAkt}bxMbDZ8Y&b3Rbu(#E)Dq zwfBZjl$vu>65+v{x*NBy%<3BQiv#rkdE#}CUmu;5H%0daie!y+TQ!kSK3|nmKU^DY zd~+zv$hmoq(P8yQa{sbghI7&ix2zHCcy^5p?Heo1y(Kk0T+8uSxXa5!W#ZQgs&N-V z&qBY;nQDN^Qj(Jjlt>SeBSTql*vB0RTVjJffKSi)f& zdbAAJ#=Fb?ZtrDl3ft86Kk^1{%KVSKFE@4kkG!#)6XT@5YS{>^#bKFNnvVNRs?cTi z(Sz?cPonL?hD=qFkw$pH7}L)F&UWHOdSQvnztA$ThFipK`?e$*bGJlTv7v;!w?s2} z($eKG9AggIMtOA0$mV}~Z|vFHj#YB?7q;)P8p+ujYn<9D^Zm`%ZY)!ZIonCL9&~x_ zu8Xm!-kOYAPnb4-iqR#%YrSyII9L^J%*zkQHAwCs8&OCcgvXvRKAd-Zjxl;$%8>F> zv2?4b%W(9-W$iab!}dhth<*Ky4^)q-!E>9HHK|ZY#6Rh^b9xN z-ad^{Y`Q~~_WB)SyT4iS`FF~Wa`eu0!XNMKPdNTA2`Ap&(HMRAKqF;`EY5-**BVhf z%ZRPqIoeS7h><*TZ+c4|SCyKIcPvk>@c7(Dvt2rGQg)3ZT)eAS8*7ER*xL%+{=yO; zV_?X~cRgS%zb~gA(KQcbQ}W0IV+fl*DBI$M2Nw`N{9txlUA~(-B7auiRL3=ondUsS z%=qmgS?|B>mSytyJ>mr$?M;qx1%qWJ<*uMx9H3=oK37Fy3Ew=mH@0E8}GK&)uQuI+%hv^9!J-yygwv7}$A&Zob-gNQ(6>dMrk1`Z%e$u}`2UGM4%PFO4 z)28K&boM|w|A?bz@zS@KdeG?WugKsdj*A6m92bxO>Tz)x-yfG%I{k#?hfatUZapFU z#8Xy|=VUyiyX9ne!Y5DmAdGk|fpDo6?s#nw@%LUE)rr=FZoN2I?Jv|_#hA73W*gQE zzDTze{+a(_Ej)*(%sJ}N(F>MY$k1r-Jy$IRH~o|eUb zQ6j!1$f_?x!9KUY!sXQq*=|{`y`j?J=s-D(PxEnT32Oe3ufScdU478xB;s?Gm5FuQ=XT@d+npkOoF(*bMX209 zz9$<$zdg;k`JGCm(Yu|SiwzZ5JFdVO_iis^|GTjbGt>H{^))_xx5tF3sUxK0Y{RLX zrrgkwG~l{k`{$3Ga`2 z{GadtOBq`}?qb~Wk(+Cc`q*Xs_2bvgx=||9*m*9c!I5>Ypy`>XI$nLrx#rUeJ@NyU z{v+Fu9?-otZoMoJI(p#n?h2i=MET+8(4NN?tk!D|*OhsKA>)qEM#+UJ`RWUiFBFs; zk@xWKBkPD9-QnRBRC&10e|R^yqVms+jO)Mb6Pcp>UDR1gW{K-)9Vy+&IiF-)_f-oc z<9v)!c0SfPeSS}b|8QN6yHYMmc0@PEo$nu;7pRd1R%$iES=^($O3}R4j0@vz_O;v? zR)3vpRD9jmij5#V{u24mw(Cc=Ub6VAg zvre=cWfVuN*~X?{+8B3U$Y>j` z<+?@ve%B&VKHkTF_`$7{l^nZIT(m9|@{#Fn|Syvh|*GH>%M(m}= zVSxgFpwdH)TmPnTo@P^}m}5b@8B(eZZYa;?!*F-$oc+)p&cs*h56CQ-JC&jrW}|v4 z2TZDGeR@kh#nIIqTwgJlW?XX>)yfw*dH_x9L7%I}B_A@D|9DyBDhpaKTQyK^&3`dk zJ|~{lfN66Xtu95G*ECR_*eWgCcge-Z?-uhf3Ir=cWmqybU)NA|H0v5FZggfuBehbc znU@+Ve5%>2v0^VXZ)mLKESneb21;Dw`1Fu&c66&4^I#LzTBVq$o2V`kdbgmvle zJ@Q)xR%><+Qw4n9t*IIhf=yLdb5B#%g7|YyEzSMZRB@TN25dH9)Q#*(ypn;hmUyiB zM01sBZoFM#!RE-8YM{BVrHU7;FkdrNl=*#2)!Ez-VQF?&Yt_?ythJiX?w#wdtUh|c zRTNqz{-dI@yha9ZPL5PbZ3{w0WFEcUeYDPT3;fz)z7|PMscqCk8rsrE<(RFatQjhf zqR~}Rs?N-9ry|Vb?bPgg2}NdBjLK+eU8&62XvK-p9BsoFtytkEh&Nw~w&vxdXvNYq zPsgY>W_66>rwBWK4;fCpafv(V#cRk5RQPCToVpTb0DetC75Dk)#X`rIQZr zFczPSG`~zztYx!jH^qtHEa|Sq$E05B94q?dlC#Lo;$;sm6KACd5ACqsmB(zDqK0;x zerQLz`{)6WFJxb}Yzrw4`AczZR~yRHDQXe*KbC5#BrT-2n>VMa*=BaS+DQH@>57x6 zprfg0D7ITOCR4FU&Ad!C5UkC#Ch*HlH98A(LigpNqjhe-+@=>|i(a>n6`U)lx(c!V z8rRX=5AU|-49i6=le1K^xg$$;pt7%fD_P=0`>0N4k3I_DDseHVm3F@No6tswIG9qG#JhzR+yD0SE<@gDYGVMYvAkx{zs_|P2-I9O5c^2?gHCgVW1 z8qp!#a`dv8EVV*s6QH9V23YH7(f~Dtrk)?5iujr7-?xe)y#_DA4(FFC|84+=oIOx+ zlrZNERGj7oz0B7Ksz~D2>)+9$o!>r8wnI;aeA#4>!iSn&2dnP?wH4d_gsifA2jQgV z54JQ|GuT=%4-K}Q&k0go;$|}qvdT*wzgKPDr;I1R(64faF3TCV;s)*I7Z-7dZfgub z4N;sU&88#NJX0U3rZy1!GmVido%yzG@y}Dr4>Ee7MtrWU&>9z-v_|EYO@@*EI#Ojc zuv|&{D3xKFqtsygDrPPmtx9R>;20Hc2F6%sPrN71*s~TYKeCSF8z+XkB0R5NgL(NN zH;_V4v8U8k=+Ui(&ktLsZ>(jd4Rb8}9g<@$vAc8BSXwwg4tMy*IJM9Wo1jLMF=>KY zZ|3K!6~zCRs|J~QlPookovemL;9Uy>SKsE$+({}noXbn9{Ue|G_GC4MFH`eXQe5cJ zjz121DfUk(uB)$k=FRyyVBLH)pQSc?ikiWF&wOc`HQmwE6}M5-H(ll0=xDw%-FlNW zL*+MR)!X+zzIbDXT5WzaQ-zs(W-2yX^V}S3%H!sVqc9_`QSHp7^HgNpvEqJYQvB{< zNdUKbcsHL%&sXvG-On7h0JoNAzPLbnX651O3yy3rac+ShFW>V&E`qX4ap(%@2}yD# zq#$>{6urEh!}*a?jC#%@wxi{Xtd(#}spX&Mc&#Zv z>s3S8TLR`QKINfgnO|j+E;H}(tGG7#maDWqB_p%WR%UiU4KvS|;o#HEzKiksYZj}! zo5*qU=pHR(&MH@xRP@=I>#OtD%{Bouz`kwQ4A-f7Dv3N0wWT^PS~#>N9gzSc^Qc!gA)u z3d`s2U!gd+nKxgr`b;EhlatfN) z-k>tkZT%b3OPV?4Mov!_2AW51#P_F}Z{3JVrxfYr3i`R5lpcP(C`I=j-E;H+Zq3j65noh^HL#y@Z8RsYwNw~f ztCBIST=UU#6=^=Y);er8S*Knx)7GnvVOP{)H-&+ zpa8CnbBvrfD?EDTp&kF_2I=v7IGTn0Mb+krO)5T;Yvbi>(B;dFxnYyityLVdE#4gBieu$#3H lT-air2{N}@BmUr5|P3ipl_y5-NXXgL_ diff --git a/po/cs.po b/po/cs.po index 81f6552..94db662 100644 --- a/po/cs.po +++ b/po/cs.po @@ -2,535 +2,883 @@ # Copyright (C) 2010 Free Software Foundation, Inc. # This file is distributed under the same license as the cryptsetup package. # Milan Broz , 2010. -# Petr Pisar , 2010, 2011, 2012, 2013, 2014, 2015. +# Petr Pisar , 2010, 2011, 2012, 2013, 2014, 2015, 2016. +# Petr Pisar , 2017, 2018, 2019, 2020. # # See `LUKS On-Disk Format Specification' document to clarify some terms. # +# backing device → podpůrné zařízení +# digest → otisk # key slot → pozice klíče +# keyring → klíčenka +# online mode → (režim) za běhu # plain/LUKS1 crypt → šifra plain/LUKS1 („plain“ nepřekládat) -# resume → probudit +# (reencryption) recover → obnova (jedná se o činnost před samotným navázáním +# rozdělaného přešifrování, obvykle po výpadku napájení). +# refresh → reaktivace +# resume → probudit, dokončit +# segment → část +# signature → značka, vzorec nebo podpis (záleží na kontextu) # suspend → uspat # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-19 19:00+0100\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-15 18:12+02:00\n" "Last-Translator: Petr Pisar \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "Nelze inicializovat device-mapper, nespuštěno superuživatelem.\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Nelze inicializovat device-mapper, nespuštěno superuživatelem." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "Nelze inicializovat device-mapper. Je jaderný modul dm_mod zaveden?\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Nelze inicializovat device-mapper. Je jaderný modul dm_mod zaveden?" -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Požadovaný příznak pozdrženo není podporován." + +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "DM-UUID pro zařízení %s bylo zkráceno.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID pro zařízení %s bylo zkráceno." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Neznámý druh cíle DM." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Požadované výkonnostní volby dm-cryptu nejsou podporovány." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Požadované volby, jak zacházet s poškozením dat dm-verity, nejsou podporovány." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Požadované FEC volby dm-cryptu nejsou podporovány." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Požadované volby integrity dat nejsou podporovány." + +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Požadované volby sector_size není podporována." + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Požadovaný automatický přepočet značek integrity není podporován." -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Požadované výkonnostní volby dmcryptu nejsou podporovány.\n" +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Zahazování (TRIM) není podporováno." -#: lib/random.c:76 +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Požadovaný režim bitmapy integrity DM není podporován." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Dotaz na část dm-%s selhal." + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" "Během vytváření klíče svazku došla systému entropie.\n" "Aby bylo možné nasbírat náhodné události, žádáme uživatele, aby pohyboval\n" "myší nebo psal text do jiného okna.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Vytváří se klíč (%d %% hotovo).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "Fatální chyba během přípravy generátoru náhodných čísel.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Režim FIPS zapnut." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Fatální chyba během přípravy generátoru náhodných čísel." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "Požadována neznámá kvalita generátoru náhodných čísel.\n" +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Požadována neznámá kvalita generátoru náhodných čísel." -#: lib/random.c:211 +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Chyba při čtení z generátoru náhodných čísel." + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Implementaci šifrovacího generátoru náhodných čísel nelze inicializovat." + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Implementaci šifrování nelze inicializovat." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 #, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Chyba %d při čtení z generátoru náhodných čísel: %s\n" +msgid "Hash algorithm %s not supported." +msgstr "Hašovací algoritmus %s není podporován." -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "" -"Implementaci šifrovacího generátoru náhodných čísel nelze inicializovat.\n" +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Chyba zpracování klíče (za použití haše %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Druh zařízení nelze určit. Nekompatibilní aktivace zařízení?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Tato operace je podporována jen u zařízení LUKS." + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Tato operace je podporována jen u zařízení LUKS2." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Implementaci šifrování nelze inicializovat.\n" +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Všechny pozice klíčů jsou obsazeny." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:434 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "Hašovací algoritmus %s není podporován.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Pozice klíče %d není platná, prosím, vyberte číslo mezi 0 a %d." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:440 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Chyba zpracování klíče (za použití haše %s).\n" +msgid "Key slot %d is full, please select another one." +msgstr "Pozice klíče %d je obsazena, prosím, vyberte jinou." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "Druh zařízení nelze určit. Nekompatibilní aktivace zařízení?\n" +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "Velikost zařízení není zarovnaná na velikost logického sektoru zařízení." -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Tato operace je podporována jen u zařízení LUKS.\n" +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Nalezena hlavička, ale zařízení %s je příliš malé." + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Tato operace není na zařízení tohoto typu podporována." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Všechny pozice klíčů jsou obsazeny.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Zakázaná operace spolu s probíhajícím přešifrování." -#: lib/setup.c:327 +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "Pozice klíče %d není platná, prosím, vyberte číslo mezi 0 a %d.\n" +msgid "Unsupported LUKS version %d." +msgstr "Nepodporovaná verze LUKS %d." -#: lib/setup.c:333 +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Zařízení s oddělenými metadaty není na šifře tohoto typu podporováno." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "Pozice klíče %d je obsazena, prosím, vyberte jinou.\n" +msgid "Device %s is not active." +msgstr "Zařízení %s není aktivní." -#: lib/setup.c:472 +#: lib/setup.c:1444 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Zadejte heslo pro %s: " +msgid "Underlying device for crypt device %s disappeared." +msgstr "Zařízení nižší úrovně pod šifrovaným zařízením %s zmizelo." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Neplatné parametry plain šifry." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Neplatná velikost klíče." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID není na šifře tohoto typu podporováno." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Nepodporovaná velikost šifrovaného sektoru." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Velikost zařízení není zarovnaná na požadovanou velikost sektoru." + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "LUKS nelze bez zařízení naformátovat." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Požadované zarovnání dat není slučitelné s polohou dat." -#: lib/setup.c:653 +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "POZOR: Poloha dat je mimo nyní dostupné zařízení s daty.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Ze zařízení %s nelze odstranit hlavičku." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "POZOR: Aktivace zařízení selže, dm-crypt nepodporuje požadovanou velikost šifrovaného sektoru.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Klíč svazku je příliš malý na šifrovaní s rozšířeními pro integritu." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Šifra %s-%s (velikost klíče %zd bitů) není dostupná." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "POZOR: Metadata LUKS2 změnila velikost na % bajtů.\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "POZOR: Oblast s pozicemi klíčů pro LUKS2 změnila velikost na % bajtů.\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "Zařízení %s je příliš malé." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Zařízení %s, které se používá, nelze formátovat." + +#: lib/setup.c:1896 lib/setup.c:1922 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "Nalezena hlavička, ale zařízení %s je příliš malé.\n" +msgid "Cannot format device %s, permission denied." +msgstr "Zařízení %s nelze formátovat, povolení zamítnuto." -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Tato operace není na zařízení tohoto typu podporována.\n" +# FIXME "format integrity" is nonsense +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Zařízení %s není možné formátovat integritu." -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1926 #, c-format -msgid "Device %s is not active.\n" -msgstr "Zařízení %s není aktivní.\n" +msgid "Cannot format device %s." +msgstr "Zařízení %s nelze formátovat." -#: lib/setup.c:925 +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "LOOPAES nelze bez zařízení naformátovat." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "VERITY nelze bez zařízení naformátovat." + +#: lib/setup.c:2000 lib/verity/verity.c:102 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "Zařízení nižší úrovně pod šifrovaným zařízením %s zmizelo.\n" +msgid "Unsupported VERITY hash type %d." +msgstr "Nepodporovaný druh VERITY haše %d." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Nepodporovaná velikost bloku VERITY." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Nepodporovaná poloha haše VERITY." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Neplatné parametry plain šifry.\n" +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Nepodporovaná poloha VERITY FEC." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Neplatná velikost klíče.\n" +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Oblast dat se překrývá s oblastí haše." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "UUID není na šifře tohoto typu podporováno.\n" +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Oblast FEC se překrývá s oblastí haše." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "LUKS nelze bez zařízení naformátovat.\n" +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Oblast dat se překrývá s oblastí FEC." -#: lib/setup.c:1089 +#: lib/setup.c:2208 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Zařízení %s, které se stále používá, nelze formátovat.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "POZOR: Požadovaná velikost značky %d bajtů se liší od výstupu velikosti %s (%d bajtů).\n" -#: lib/setup.c:1092 +#: lib/setup.c:2286 #, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Zařízení %s nelze formátovat, povolení zamítnuto.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Požadován neznámý typ šifrovaného zařízení %s." -#: lib/setup.c:1096 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Ze zařízení %s nelze odstranit hlavičku.\n" +msgid "Unsupported parameters on device %s." +msgstr "Nepodporované parametry na zařízení %s." -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "LOOPAES nelze bez zařízení naformátovat.\n" +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Neodpovídající parametry an za zařízení %s." + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Zařízení dmcryptu si neodpovídají." -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "VERITY nelze bez zařízení naformátovat.\n" +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "Zařízení %s nebylo možné znovu zavést." -#: lib/setup.c:1160 lib/verity/verity.c:106 +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 #, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Nepodporovaný druh VERITY haše %d.\n" +msgid "Failed to suspend device %s." +msgstr "Zařízení %s nebylo možné pozastavit." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Nepodporovaná velikost bloku VERITY.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Zařízení %s nebylo možné probudit." -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Nepodporovaná poloha haše VERITY.\n" +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Nepřekonatelná chyba při zavádění zařízení %s (nad zařízením %s)." -#: lib/setup.c:1285 +#: lib/setup.c:2735 lib/setup.c:2737 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Požadován neznámý typ šifrovaného zařízení %s.\n" +msgid "Failed to switch device %s to dm-error." +msgstr "Zařízení %s nebylo možné přepnout do dm-error." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Nelze změnit velikost zařízení zpětné smyčky." -#: lib/setup.c:1435 +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "Opravdu chcete změnit UUID zařízení?" -#: lib/setup.c:1545 +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Soubor se zálohou hlavičky neobsahuje kompatibilní hlavičku LUKS." + +#: lib/setup.c:3058 #, c-format -msgid "Volume %s is not active.\n" -msgstr "Svazek %s není aktivní.\n" +msgid "Volume %s is not active." +msgstr "Svazek %s není aktivní." -#: lib/setup.c:1556 +#: lib/setup.c:3069 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Svazek %s je již uspán.\n" +msgid "Volume %s is already suspended." +msgstr "Svazek %s je již uspán." -#: lib/setup.c:1563 +#: lib/setup.c:3082 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "Uspání není na zařízení %s podporováno.\n" +msgid "Suspend is not supported for device %s." +msgstr "Uspání není na zařízení %s podporováno." -#: lib/setup.c:1565 +#: lib/setup.c:3084 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Chyba při uspávání zařízení %s.\n" +msgid "Error during suspending device %s." +msgstr "Chyba při uspávání zařízení %s." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Svazek %s není uspán.\n" +msgid "Volume %s is not suspended." +msgstr "Svazek %s není uspán." -#: lib/setup.c:1605 +#: lib/setup.c:3146 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Probuzení není na zařízení %s podporováno.\n" +msgid "Resume is not supported for device %s." +msgstr "Probuzení není na zařízení %s podporováno." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Chyba při probouzení zařízení %s.\n" +msgid "Error during resuming device %s." +msgstr "Chyba při probouzení zařízení %s." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Zadejte heslo: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Heslo svazku neodpovídá svazku." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Nelze přidat pozici klíče, všechny pozice jsou zakázány a klíč svazku\n" -"nebyl poskytnut.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Nelze přidat pozici klíče, všechny pozice jsou zakázány a klíč svazku nebyl poskytnut." -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Zadejte jakékoliv heslo: " +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Záměna novou pozicí klíče se nezdařila." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Zadejte nové heslo pro pozici klíče: " +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Pozice klíče %d je neplatná." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Pozice klíče %d není aktivní." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Hlavička zařízení se překrývá s datovou oblastí." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Přešifrování již probíhá. Zařízení nelze aktivovat." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Získání zámku pro přešifrování selhalo." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "Obnova přešifrování LUKS2 selhalo." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Typ zařízení není řádně inicializován." -#: lib/setup.c:1798 +#: lib/setup.c:4171 #, c-format -msgid "Key slot %d changed.\n" -msgstr "Pozice klíče %d změněna.\n" +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Zařízení %s nelze použít. Název není platný nebo zařízení se stále používá." -#: lib/setup.c:1801 +#: lib/setup.c:4174 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Nahrazeno pozicí klíče %d.\n" +msgid "Device %s already exists." +msgstr "Zařízení %s již existuje." -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Záměna novou pozicí klíče se nezdařila.\n" +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Byl zadán neplatný klíč svazku." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Heslo svazku neodpovídá svazku.\n" +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "K zařízení VERITY byl zadán neplatný kořenový haš." -#: lib/setup.c:1961 +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Je potřeba podpis kořenového otisku." + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Jaderná klíčenka chybí: je potřeba pro předání podpisu do jádra." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Klíč se nepodařilo přidat do jaderné klíčenky." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Zařízení %s se stále používá." + +#: lib/setup.c:4516 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Pozice klíče %d je neplatná.\n" +msgid "Invalid device %s." +msgstr "Neplatné zařízení %s." + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Vyhrazená paměť pro klíč svazku je příliš malá." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Nelze získat klíč svazku pro otevřené zařízení." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "K zařízení VERITY nelze získat kořenový otisk." -#: lib/setup.c:1966 +#: lib/setup.c:4659 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Pozice klíče %d není použita.\n" +msgid "This operation is not supported for %s crypt device." +msgstr "Na šifrovaném zařízení %s není tato operace podporována." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Operace výpisu není na zařízení tohoto typu podporována." + +#: lib/setup.c:5190 #, c-format -msgid "Device %s already exists.\n" -msgstr "Zařízení %s již existuje.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "Počátek dat není násobkem %u bajtů." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "Byl zadán neplatný klíč svazku.\n" +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Zařízení %s, které se stále používá, nelze konvertovat." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" -msgstr "K zařízení VERITY byl zadán neplatný kořenový haš.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Přiřazení pozice klíče %u jakožto nového klíče svazku se nezdařilo." -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Typ zařízení není řádně inicializován.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Inicializace parametrů výchozí pozice klíče LUKS2 selhala." -#: lib/setup.c:2259 +#: lib/setup.c:5851 #, c-format -msgid "Device %s is still in use.\n" -msgstr "Zařízení %s se stále používá.\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "Přiřazení pozice klíče %d k otisku se nezdařilo." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Jaderná klíčenka není jádrem podporována." -#: lib/setup.c:2268 +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "Invalid device %s.\n" -msgstr "Neplatné zařízení %s.\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Čtení hesla z klíčenky selhalo (chyba %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Získání zámku pro tvrdý přístup do globální paměti selhalo." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Nelze zjistit prioritu procesu." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Paměť nelze odemknout." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Soubor s klíčem se nepodařilo otevřít." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "V režimu FIPS není funkce dostupná.\n" +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Soubor s klíčem nelze z terminálu přečíst." -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Vyhrazená paměť pro klíč svazku je příliš malá.\n" +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "O souboru s klíčem nebylo možné zjistit údaje." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Nelze se přesunout na požadované místo v souboru s klíčem." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Při čtení hesla došla paměť." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Chyba při čtení hesla." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Na vstupu není nic k přečtení." + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Maximální délka souboru s klíčem překročena." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Požadované množství dat nelze načíst." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "Zařízení %s neexistuje nebo přístup byl zamítnut." -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "Nelze získat klíč svazku pro otevřené zařízení.\n" +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Zařízení %s není kompatibilní." -#: lib/setup.c:2310 +# TODO: Pluralize +#: lib/utils_device.c:642 #, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Na šifrovaném zařízení %s není tato operace podporována.\n" +msgid "Device %s is too small. Need at least % bytes." +msgstr "Zařízení %s je příliš malé. Je třeba alespoň % bajtů." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "Operace výpisu není na zařízení tohoto typu podporována.\n" +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Zařízení %s nelze použít, protože se již používá (již namapováno nebo připojeno)." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Nelze zjistit prioritu procesu.\n" +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Zařízení %s nelze použít, povolení zamítnuto." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Paměť nelze odemknout.\n" +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "O zařízení %s nelze získat údaje." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Při čtení hesla došla paměť.\n" +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Zařízení typu loopback nelze použít, nespuštěno superuživatelem." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Chyba při čtení hesla z terminálu.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Připojení zařízení zpětné smyčky selhalo (požadováno zařízení s příznakem autoclear)." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Ověřte heslo: " +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Požadovaná poloha je za hranicí skutečné velikosti zařízení %s." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Hesla se neshodují.\n" +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Zařízení %s má nulovou velikost." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Ve vstupu z terminálu nelze měnit polohu.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Požadovaný cílový čas PBKDF nemůže být nula." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "Soubor s klíčem se nepodařilo otevřít.\n" +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Neznámý druh PBKDF %s." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "O souboru s klíčem nebylo možné zjistit údaje.\n" +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Požadovaný haš %s není podporován." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "Nelze se přesunout na požadované místo v souboru s klíčem.\n" +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Požadovaný druh PBKDF není podporován formátem LUKS1." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Chyba při čtení hesla.\n" +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Při PBKDF2 nesmí být nastavena maximální paměť pro PBKDF nebo počet souběžných vláken." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Maximální délka souboru s klíčem překročena.\n" +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Vynucený počet opakování je pro %s příliš nízký (minimum je %u)." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "Požadované množství dat nelze načíst.\n" +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Vynucená cena paměti je pro %s příliš nízká (minimum je %u kilobajtů)." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/utils_pbkdf.c:155 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Zařízení %s neexistuje nebo přístup byl zamítnut.\n" +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Požadovaná maximální cena PBKDF paměti je příliš vysoká (maximum je %d kilobajtů)." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "Zařízení typu loopback nelze použít, nespuštěno superuživatelem.\n" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Požadované maximum paměti PBKDF nemůže být nula." -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Nelze najít volné zařízení zpětné smyčky.\n" +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Požadovaný počet souběžných vláken PBKDF nemůže být nula." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" -"Připojení zařízení zpětné smyčky selhalo (požadováno zařízení s příznakem\n" -"autoclear).\n" +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "V režimu FIPS je podporován jen PBKDF2." + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Porovnání výkonu PBKDF je zakázáno, ale počet iterací není nastaven." -#: lib/utils_device.c:484 +#: lib/utils_benchmark.c:191 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" -msgstr "" -"Zařízení %s nelze použít, protože se již používá\n" -"(již namapováno nebo připojeno).\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Neslučitelné volby PBKDF2 (při použití hašovacího algoritmu %s)." + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Neslučitelné volby PBKDF." -#: lib/utils_device.c:488 +#: lib/utils_device_locking.c:102 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "O zařízení %s nelze získat údaje.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Zamykání zrušeno. Zamykací cesta %s/%s je nepoužitelná (není adresářem nebo neexistuje)." -#: lib/utils_device.c:494 +#: lib/utils_device_locking.c:109 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "Požadovaná poloha je za hranicí skutečné velikosti zařízení %s.\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "POZOR: Adresář se zámkem %s/%s chybí!\n" -#: lib/utils_device.c:502 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Zařízení %s má nulovou velikost.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Zamykání zrušeno. Zamykací cesta %s/%s je nepoužitelná (%s není adresářem)." -#: lib/utils_device.c:513 +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Nelze se přesunout na požadované místo v zařízení." + +#: lib/utils_wipe.c:208 #, c-format -msgid "Device %s is too small.\n" -msgstr "Zařízení %s je příliš malé.\n" +msgid "Device wipe error, offset %." +msgstr "Chyba při čištění zařízení na pozici %." -#: lib/luks1/keyencryption.c:37 +#: lib/luks1/keyencryption.c:39 #, c-format msgid "" "Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" "Nepodařilo se nastavit mapování klíče v dm-cryptu pro zařízení %s.\n" -"Zkontrolujte, že jádro podporuje šifru %s (podrobnosti v syslogu).\n" - -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "V režimu XTS musí být velikost klíče 256 nebo 512 bitů.\n" +"Zkontrolujte, že jádro podporuje šifru %s (podrobnosti v syslogu)." -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 -#, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Na zařízení %s nelze zapsat, povolení zamítnuto.\n" - -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "Otevření dočasného zařízení s úložištěm klíče selhalo.\n" +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "V režimu XTS musí být velikost klíče 256 nebo 512 bitů." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "Přístup do dočasného zařízení s úložištěm klíče selhal.\n" +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Zápis šifry by měl být ve tvaru [šifra]-[režim]-[iv]." -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "Chyba vstupu/výstupu při šifrování pozice klíče.\n" +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Na zařízení %s nelze zapsat, povolení zamítnuto." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Otevření dočasného zařízení s úložištěm klíče selhalo." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Přístup do dočasného zařízení s úložištěm klíče selhal." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Chyba vstupu/výstupu při šifrování pozice klíče." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Zařízení %s nelze otevřít." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "Chyba vstupu/výstupu při dešifrování pozice klíče.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Chyba vstupu/výstupu při dešifrování pozice klíče." -#: lib/luks1/keymanage.c:90 +#: lib/luks1/keymanage.c:110 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "Zařízení %s je příliš malé. (LUKS vyžaduje alespoň % bajtů.)\n" +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Zařízení %s je příliš malé. (LUKS1 vyžaduje alespoň % bajtů.)" -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "Zařízení %s není platným zařízením LUKS.\n" +msgid "LUKS keyslot %u is invalid." +msgstr "Pozice %u klíče LUKS není platná." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Zařízení %s není platným zařízením LUKS." -#: lib/luks1/keymanage.c:198 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Požadovaný soubor se zálohou hlavičky %s již existuje.\n" +msgid "Requested header backup file %s already exists." +msgstr "Požadovaný soubor se zálohou hlavičky %s již existuje." -#: lib/luks1/keymanage.c:200 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Soubor se zálohou hlavičky %s nelze vytvořit.\n" +msgid "Cannot create header backup file %s." +msgstr "Soubor se zálohou hlavičky %s nelze vytvořit." -#: lib/luks1/keymanage.c:205 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Nelze zapsat soubor %s se zálohou hlavičky.\n" +msgid "Cannot write header backup file %s." +msgstr "Nelze zapsat soubor %s se zálohou hlavičky." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Záložní soubor neobsahuje platnou hlavičku LUKS.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Záložní soubor neobsahuje platnou hlavičku LUKS." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Nelze otevřít soubor se zálohou hlavičky %s.\n" +msgid "Cannot open header backup file %s." +msgstr "Nelze otevřít soubor se zálohou hlavičky %s." -#: lib/luks1/keymanage.c:258 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Soubor se zálohou hlavičky %s nelze načíst.\n" +msgid "Cannot read header backup file %s." +msgstr "Soubor se zálohou hlavičky %s nelze načíst." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Počátek dat nebo velikost klíče se liší mezi zařízením a zálohou, obnova se " -"nezdařila.\n" +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Počátek dat nebo velikost klíče se liší mezi zařízením a zálohou, obnova se nezdařila." -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Zařízení %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"neobsahuje hlavičku LUKS. Nahrazení hlavičky může zničit data na daném " -"zařízení." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "neobsahuje hlavičku LUKS. Nahrazení hlavičky může zničit data na daném zařízení." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"již obsahuje hlavičku LUKS. Nahrazení hlavičky zničí existující pozice " -"s klíči." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "již obsahuje hlavičku LUKS. Nahrazení hlavičky zničí existující pozice s klíči." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -538,1342 +886,3229 @@ msgstr "" "\n" "POZOR: hlavička ve skutečném zařízení má jiné UUID než záloha!" -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Zařízení %s nelze otevřít.\n" - -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "Nestandardní velikost klíče, je třeba ruční opravy.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Nestandardní velikost klíče, je třeba ruční opravy." -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "Nestandardní zarovnání pozice klíče, je třeba ruční opravy.\n" - -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Opravují se pozice klíčů.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Nestandardní zarovnání pozice klíče, je třeba ruční opravy." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Oprava selhala." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Opravují se pozice klíčů." -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Pozice klíče %i: poloha opravena (%u → %u).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Pozice klíče %i: poloha opravena (%u → %u)." -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Pozice klíče %i: proklad opraven (%u → %u).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Pozice klíče %i: proklad opraven (%u → %u)." -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Pozice klíče %i: chybná značka oddílu.\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Pozice klíče %i: chybná značka oddílu." -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Pozice klíče %i: sůl vymazána.\n" - -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "Hlavička LUKS se zapisuje na disk.\n" +msgid "Keyslot %i: salt wiped." +msgstr "Pozice klíče %i: sůl vymazána." -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Nepodporovaná verze LUKS %d.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Hlavička LUKS se zapisuje na disk." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "Požadovaný haš LUKSu %s není podporován.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Oprava selhala." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "Pozice %u klíče LUKS není platná.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "Požadovaný haš LUKSu %s není podporován." -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "V hlavičce LUKS nenalezen žádný známý problém.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "V hlavičce LUKS nenalezen žádný známý problém." -#: lib/luks1/keymanage.c:596 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Chyba při aktualizaci hlavičky LUKS na zařízení %s.\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Chyba při aktualizaci hlavičky LUKS na zařízení %s." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:668 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "Chyba při opakovaném čtení hlavičky LUKS po aktualizaci zařízení %s.\n" +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Chyba při opakovaném čtení hlavičky LUKS po aktualizaci zařízení %s." # TODO: Pluralize -#: lib/luks1/keymanage.c:654 -#, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"Poloha dat u oddělené hlavičky LUKS musí být buď 0, nebo více než velikost " -"hlavičky (sektorů: %d).\n" - -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Poskytnut UUID LUKSu ve špatném tvaru.\n" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Poloha dat u hlavičky LUKS musí být buď 0 nebo více než velikost hlavičky." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "Hlavičku LUKS nelze vytvořit: čtení náhodné soli selhalo.\n" +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Poskytnut UUID LUKSu ve špatném tvaru." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Neslučitelné volby PBKDF2 (při použití hašovacího algoritmu %s).\n" +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Hlavičku LUKS nelze vytvořit: čtení náhodné soli selhalo." -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Hlavičku LUKS nelze vytvořit: výpočet otisku hlavičky (haš %s) selhal.\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Hlavičku LUKS nelze vytvořit: výpočet otisku hlavičky (haš %s) selhal." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "Pozice klíče %d je aktivní, nejprve ji uvolněte.\n" +msgid "Key slot %d active, purge first." +msgstr "Pozice klíče %d je aktivní, nejprve ji uvolněte." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "Pozice klíče %d obsahuje příliš málo útržků. Manipulace s hlavičkou?\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Pozice klíče %d obsahuje příliš málo útržků. Manipulace s hlavičkou?" -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:990 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Pozice klíče %d odemknuta.\n" +msgid "Cannot open keyslot (using hash %s)." +msgstr "Pozici s klíčem nezle otevřít (za použití haše %s)." -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "S tímto heslem není dostupný žádný klíč.\n" - -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "Pozice klíče %d není platná, prosím, vyberte pozici mezi 0 a %d.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Pozice klíče %d není platná, prosím, vyberte pozici mezi 0 a %d." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Zařízení %s není možné smazat.\n" +msgid "Cannot wipe device %s." +msgstr "Zařízení %s není možné smazat." #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "Zjištěn dosud nepodporovaný soubor s klíčem šifrovaný pomocí GPG.\n" +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Zjištěn dosud nepodporovaný soubor s klíčem šifrovaný pomocí GPG." #: lib/loopaes/loopaes.c:147 msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" -msgstr "" -"Prosím, použijte gpg --decrypt SOUBOR_S_KLÍČEM | cryptsetup --keyfile=- …\n" +msgstr "Prosím, použijte gpg --decrypt SOUBOR_S_KLÍČEM | cryptsetup --keyfile=- …\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Zjištěn nekompatibilní soubor s klíčem loop-AES.\n" +msgid "Incompatible loop-AES keyfile detected." +msgstr "Zjištěn nekompatibilní soubor s klíčem loop-AES." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "Jádro nepodporuje mapování kompatibilní s loop-AES.\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Jádro nepodporuje mapování kompatibilní s loop-AES." -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Chyba při čtení souboru s klíčem %s\n" +msgid "Error reading keyfile %s." +msgstr "Chyba při čtení souboru s klíčem %s" -#: lib/tcrypt/tcrypt.c:513 +#: lib/tcrypt/tcrypt.c:554 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "Překročena maximální délka hesla TCRYPT (%d).\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Překročena maximální délka hesla TCRYPT (%zu)." -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "Hašovací algoritmus PBKDF2 %s není podporován, přeskakuje se.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "Hašovací algoritmus PBKDF2 %s není podporován, přeskakuje se." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "Požadované kryptografické rozhraní jádra není dostupné.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Požadované kryptografické rozhraní jádra není dostupné." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "Ujistěte se, že jaderný modul algif_skcipher je zaveden.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Ujistěte se, že jaderný modul algif_skcipher je zaveden." -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "Aktivace nad sektory o velikosti %d není podporována.\n" +msgid "Activation is not supported for %d sector size." +msgstr "Aktivace nad sektory o velikosti %d není podporována." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "Jádro nepodporuje aktivaci v tomto zastaralém režimu TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Jádro nepodporuje aktivaci v tomto zastaralém režimu TCRYPT." -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "Aktivuje se systémové šifrování TCRYPT pro oddíl %s.\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Aktivuje se systémové šifrování TCRYPT pro oddíl %s." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "Jádro nepodporuje mapování kompatibilní s TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Jádro nepodporuje mapování kompatibilní s TCRYPT." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Bez dat s hlavičkou TCRYPT není tato funkce podporována." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Při rozboru podporovaného hlavního klíče svazku byla nalezena položka nečekaného typu „%u“." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Při rozboru hlavního svazku klíče byl nalezen neplatný řetězec." + +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "Zařízení VERITY %s nepoužívá hlavičku uvnitř disku.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Při rozboru hlavního klíče svazku byl nalezen nečekaný řetězec („%s“)." -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:399 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Zařízení %s není platným zařízením VERITY.\n" +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "Při rozboru hlavního klíče svazku byl nalezen záznam metadat s nečekanou hodnotou „%u“." -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:479 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "Nepodporovaná verze VERITY %d.\n" +msgid "Failed to read BITLK signature from %s." +msgstr "Z %s nebylo možné načíst vzorec BITLK." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "BITLK verze 1 není v současnosti podporován." -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "Hlavička VERITY je poškozena.\n" +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Neplatná nebo neznámá značka zavaděče zařízení BITLK." -#: lib/verity/verity.c:166 +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Neplatná nebo neznámá značka zařízení BITLK." + +#: lib/bitlk/bitlk.c:510 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "Na zařízení %s poskytnuto UUID VERITY ve špatném tvaru.\n" +msgid "Unsupported sector size %." +msgstr "Nepodporovaná velikost sektoru %." -#: lib/verity/verity.c:196 +#: lib/bitlk/bitlk.c:518 #, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Chyba při aktualizaci hlavičky VERITY na zařízení %s.\n" +msgid "Failed to read BITLK header from %s." +msgstr "Z %s nebylo možné načíst hlavičku BITLK." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "Jádro nepodporuje mapování dm-verity.\n" +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Z %s nebylo možné přečíst metadata BITLK FVE." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "Po aktivaci zjistilo zařízení VERITY poškození.\n" +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Neznámý nebo nepodporovaný druh šifrování." -#: lib/verity/verity_hash.c:59 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "Řídká oblast na pozici % není vynulována.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Z %s nebylo možné načíst položky metadat BITLK." -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Pozice na zařízení přetekla.\n" +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Tato operace není podporována." -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" -msgstr "Ověření na pozici % selhalo.\n" +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Špatná velikost klíče." -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Neplatné parametry velikosti pro zařízení VERITY.\n" +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Toto zařízení BITLK je v nepodporovaném stavu a nelze jej aktivovat." -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Příliš mnoho úrovní stromu ve svazku VERITY.\n" +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "Zařízení BITLK s typem „%s“ nelze aktivovat." -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "Ověření datové oblasti selhalo.\n" +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Aktivace částečně dešifrovaného zařízení BITLK není podporována." -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "Ověření kořenového haše selhalo.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu inicializačního vektoru BITLK." -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "Při vytváření oblasti haší došlo k chybě na vstupu/výstupu.\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu difuzéru Elephant BITLK." -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "Oblast haší se nepodařilo vytvořit.\n" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Zařízení VERITY %s nepoužívá hlavičku uvnitř disku." -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity.c:90 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" -"POZOR: Jádro nemůže aktivovat zařízení, pokud velikost datového bloku " -"přesahuje velikost stránky (%u).\n" +msgid "Device %s is not a valid VERITY device." +msgstr "Zařízení %s není platným zařízením VERITY." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "Se vstupem mimo terminál nelze ověřit heslo.\n" +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Nepodporovaná verze VERITY %d." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Nelze určit žádnou známou specifikaci šifry.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Hlavička VERITY je poškozena." -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" -msgstr "" -"POZOR: Jedná-li se o režim plain a je-li určen soubor s klíčem, parametr --" -"hash se ignoruje.\n" +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Na zařízení %s poskytnuto UUID VERITY ve špatném tvaru." -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" -msgstr "" -"POZOR: Přepínač --keyfile-size se ignoruje, velikost pro čtení je stejná " -"jako velikosti šifrovacího klíče.\n" +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Chyba při aktualizaci hlavičky VERITY na zařízení %s." -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Je vyžadován přepínač --key-file.\n" +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "Ověření podpisu kořenového otisku není podporováno." -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "S tímto heslem není rozpoznatelná žádná hlavička zařízení.\n" +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Chyby v zařízení FEC nelze opravit." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." -msgstr "" -"Výpis hlavičky s klíčem svazku je citlivý údaj,\n" -"který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n" -"Tento výpis by měl být vždy uložen na bezpečném místě a v zašifrované podobě." +# TODO: Pluralize +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Nalezeno %u opravitelných chyb v zařízení FEC." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Výsledek hodnocení výkonu není spolehlivý.\n" +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "Jádro nepodporuje mapování dm-verity." -# ???: are aproximated? -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "# Testy jsou počítány jen z práce s pamětí (žádné I/O úložiště).\n" +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "Jádro nepodporuje volbu pro podpis dm-verity." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algoritmus | Klíč | Šifrování | Dešifrování\n" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Po aktivaci zjistilo zařízení VERITY poškození." -#: src/cryptsetup.c:587 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Šifra %s není dostupná.\n" +msgid "Spare area is not zeroed at position %." +msgstr "Řídká oblast na pozici % není vynulována." -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "–" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Pozice na zařízení přetekla." -#: src/cryptsetup.c:639 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Soubor s klíčem %s nelze číst.\n" +msgid "Verification failed at position %." +msgstr "Ověření na pozici % selhalo." -# FIXME: Pluralize -#: src/cryptsetup.c:643 +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Neplatné parametry velikosti pro zařízení VERITY." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Přetečení oblasti haše." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Ověření datové oblasti selhalo." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Ověření kořenového haše selhalo." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Při vytváření oblasti haší došlo k chybě na vstupu/výstupu." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Oblast haší se nepodařilo vytvořit." + +#: lib/verity/verity_hash.c:433 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Ze souboru s klíčem %2$s nelze přečíst %1$d bajtů.\n" +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "POZOR: Jádro nemůže aktivovat zařízení, pokud velikost datového bloku přesahuje velikost stránky (%u)." -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Opravdu se pokusit opravit hlavičku zařízení LUKS?" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Kontext RS se nepodařilo alokovat." -#: src/cryptsetup.c:697 +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Vyrovnávací paměť se nepodařilo alokovat." + +#: lib/verity/verity_fec.c:156 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Toto nevratně přepíše data na %s." +msgid "Failed to read RS block % byte %d." +msgstr "Čtení bloku RS % bajtu %d selhalo." + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Čtení parity bloku RS % selhalo." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "chyba alokace paměti v action_luksFormat" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Oprava parity bloku RS % selhala." -#: src/cryptsetup.c:717 +#: lib/verity/verity_fec.c:188 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "%s nelze použít pro hlavičku uvnitř disku.\n" +msgid "Failed to write parity for RS block %." +msgstr "Zápis parity bloku RS % selhal." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "Zmenšená poloha dat je dovolena jen u oddělené hlavičky LUKS.\n" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Velikosti bloků musí odpovídat FEC." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Chybný počet paritních bajtů." + +#: lib/verity/verity_fec.c:265 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Ke smazání vybrán klíč na pozici %d.\n" +msgid "Failed to determine size for device %s." +msgstr "Velikost zařízení %s se nepodařilo určit." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Jádro nepodporuje mapování dm-integrity." -#: src/cryptsetup.c:884 +# Fixed metadata means fix_padding attribute of dm-integrity target +# documented as "use a smaller padding". +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Jádro nepodporuje drobné zarovnání metadat dm-integrity." + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Klíč %d není aktivní. Nelze jej odstranit.\n" +msgid "Failed to acquire write lock on device %s." +msgstr "Získání zámku pro zápis do zařízení %s selhalo." + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Zjištěn pokus o současnou aktualizaci metadat LUKS2. Operace se ruší." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." msgstr "" -"Toto je poslední pozice klíče. Smazáním tohoto klíče přijdete o možnost\n" -"zařízení použít." - -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Zadejte jakékoliv jiné heslo: " +"Zařízení obsahuje nejednoznačný vzorec. LUKS2 nelze automaticky obnovit.\n" +"Prosím, spusťte obnovu příkazem „cryptsetup repair“." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Zadejte heslo, které se má smazat: " +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Požadovaná poloha dat je příliš nízká." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +# TODO: Pluralize +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Zadejte jakékoliv existující heslo: " +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "POZOR: oblast s pozicemi klíčů (% bajtů) je příliš malá, dostupný počet pozic klíčů LUKS2 je značně omezen.\n" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Zadejte heslo, které má být změněno: " +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Získání zámku pro čtení ze zařízení %s selhalo." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Zadejte nové heslo: " +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "V záloze %s byly zjištěny zakázané požadavky na LUKS2." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "U operace isLuks je podporován pouze jeden argument se zařízením.\n" +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Počátek dat se liší mezi zařízením a zálohou, obnova se nezdařila." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Je vyžadován přepínač --header-backup-file.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Velikost binární hlavičky s oblastí pro pozice klíčů se liší mezi zařízením a zálohou, obnova se nezdařila." -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:1221 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Nerozpoznaná metadata druhu zařízení %s.\n" +msgid "Device %s %s%s%s%s" +msgstr "Zařízení %s %s%s%s%s" -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" -msgstr "Příkaz vyžaduje jako argumenty zařízení a mapovaný název.\n" +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "neobsahuje hlavičku LUKS2. Nahrazení hlavičky může zničit data na daném zařízení." -#: src/cryptsetup.c:1326 -#, c-format +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "již obsahuje hlavičku LUKS2. Nahrazení hlavičky zničí existující pozice s klíči." + +#: lib/luks2/luks2_json_metadata.c:1225 msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"Tento úkon smaže všechny pozice s klíči na zařízení %s.\n" -"Po jeho dokončení zařízení bude nepoužitelné." +"\n" +"POZOR: Ve skutečné hlavičce zařízení byly objeveny neznámé požadavky na LUKS2!\n" +"Nahrazení hlavičky zálohou může zničit data na zařízení!" -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"POZOR: Na zařízení bylo objeveno nedokončené offline přešifrování!\n" +"Nahrazení hlavičky zálohou může zničit data." -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "otevře zařízení jako mapování " +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Neznámý příznak %s ignorován." -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Chybí klíč pro dm-crypt část %u." -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "zavře zařízení (odstraní mapování)" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Nastavení části dm-crypt selhalo." -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "změní velikost aktivního zařízení" +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Nastavení části dm-linear selhalo." -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "zobrazí stav zařízení" +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Nepodporovaná konfigurace integrity zařízení." -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "zhodnotí výkon šifry" +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Probíhá přešifrování. Zařízení nelze deaktivovat." -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Výměna pozastaveného zařízení %s za cíl dm-error selhala." -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "pokusí se opravit metadata uložená na disku" +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Čtení požadavků na LUKS2 selhalo." -#: src/cryptsetup.c:1366 -msgid "erase all keyslots (remove encryption key)" -msgstr "smaže všechny pozice s klíči (odstraní šifrovací klíč)" +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Zjištěny nesplněné požadavky na LUKS2." -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Operace se neslučuje se zařízením označeným pro zastaralé přešifrování. Operace se ruší." -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "naformátuje zařízení LUKS" +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Operace se neslučuje se zařízením označeným pro přešifrování LUKS2. Operace se ruší." -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "do zařízení LUKS přidá klíč" +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Nedostatek paměti pro otevření pozice s klíčem." -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Otevření pozice s klíčem selhalo." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Šifru %s-%s nelze použít pro pozici s klíčem." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Pro novou pozicí klíče není místo." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Nelze zjistit stav zařízení s UUID: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Hlavičky s dodatečnými metadaty LUKSMETA nelze převést." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Oblast s pozicemi klíčů nelze přesunout. Nedostatek místa." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Oblast s pozicemi klíčů nelze přesunout. Oblast s pozicemi klíčů LUKS2 je příliš malá." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Oblast s pozicemi klíčů nelze přesunout." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Nelze převést do formátu LUKS1 – výchozí velikost sektoru šifrování části není 512 bajtů." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Nelze převést do formátu LUKS1 – otisky v pozicích s klíči nejsou slučitelné s LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Nelze převést do formátu LUKS1 – zařízení používá šifru se zabaleným klíčem %s." + +# TODO: Pluralize +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Nelze převést do formátu LUKS1 – hlavička LUKS2 obsahuje %u token(ů)." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Nelze převést do formátu LUKS1 – pozice s klíče %u je v nesprávném stavu." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Nelze převést do formátu LUKS1 – pozice s klíčem %u (nad maximem pozic) je stále aktivní." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Nelze převést do formátu LUKS1 – pozice s klíče %u není slučitelná s LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Velikost horké zóny musí být násobek vypočteného zarovnání zóny (%zu bajtů)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Velikost zařízení musí být násobek vypočteného zarovnání zóny (%zu bajtů)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Nepodporovaný režim odolnosti %s" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Obálku pro starou část úložiště se nepodařilo inicializovat." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Obálku pro novou část úložiště se nepodařilo inicializovat." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Kontrolní součty pro aktuální horkou zónu se nepodařilo přečíst." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Čtení oblasti s horkou zónou počínaje na % selhalo." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Sektor %zu nebylo možné rozšifrovat." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Sektor %zu nebylo možné obnovit." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Velikosti zdrojového a cílového zařízení se neshodují. Zdroj %, cíl %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Aktivace zařízení horké zóny %s selhala." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Aktivace překryvného zařízení %s se skutečnou tabulkou původu selhala." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Zavedení nového mapování pro zařízení %s selhalo." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Zásobník zařízení k přešifrování se nepodařilo obnovit." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Nastavení velikosti nové oblasti s pozicemi klíčů selhalo." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Posun dat není zarovnán s požadovanou velikostí šifrovaného sektoru (% bajtů)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Zařízení s daty není zarovnáno na požadovanou velikost šifrovaného sektoru (% bajtů)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Posun dat (% sektorů) je menší než budoucí poloha dat (% sektorů)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Zařízení %s nebylo možné otevřít ve výlučném režimu (již namapováno nebo připojeno)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Zařízení není označeno pro přešifrování LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Načtení kontextu přešifrování LUKS2 selhalo." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Stavu přešifrování se nepodařilo zjistit." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Zařízení se nepřešifrovává." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Proces přešifrování již běží." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Získání zámku pro přešifrování selhalo." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "V přešifrování nelze pokračovat. Spusťte nejprve obnovu přešifrování." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "Aktivní velikost zařízení a velikost požadovaná k přešifrování si neodpovídají." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "V parametrech přešifrování je požadována zakázaná velikost zařízení." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Probíhá přešifrování. Obnovu nelze provést." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "V metadatech je přešifrování LUKS2 již inicializováno." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Inicializace přešifrování LUKS2 v metadatech selhala." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Nastavení segmentů zařízení pro další horkou zónu přešifrování selhalo." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Metadata pro odolnost při přešifrování se nepodařilo zapsat." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Rozšifrování selhalo." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Zápis oblasti s horkou zónou počínaje na % selhal." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Synchronizace dat selhala." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Po dokončení přešifrování aktuální horké zóny se nepodařilo aktualizovat metadata." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Zápis metadat LUKS2 selhal." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Vyčištění dat záložní části selhalo." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Vypnutí příznaku požadavku na přešifrování selhalo." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Nepřekonatelná chyba při přešifrování bloku na pozici % dlouhého % sektorů." + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Zařízení neprobouzejte, dokud jej ručně nenahradíte chybovým cílem." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "V přešifrování nelze pokračovat. Přešifrování se nachází v nečekaném stavu." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Chybějící nebo neplatný kontext přešifrování." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Zásobník zařízení k přešifrování se nepodařilo inicializovat." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Kontext přešifrování se nepodařilo aktualizovat." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Žádná volná pozice s tokenem" + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Vestavěný token %s nebylo možné vytvořit" + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Se vstupem mimo terminál nelze ověřit heslo." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Parametry pro šifrování pozice s klíčem lze nastavit jen u zařízení LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Nelze najít žádný známý vzorek se specifikaci šifry." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "POZOR: Jedná-li se o režim plain a je-li určen soubor s klíčem, parametr --hash se ignoruje.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "POZOR: Přepínač --keyfile-size se ignoruje, velikost pro čtení je stejná jako velikosti šifrovacího klíče.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Na %s byla nalezen vzorec zařízení. Pokračování může poškodit existující data." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Operace zrušena.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Je vyžadován přepínač --key-file." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Zadejte PIM VeraCryptu: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Neplatná hodnota VIM: chyba rozboru" + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Neplatná hodnota PIM: 0" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Neplatná hodnota PIM: mimo rozsah" + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "S tímto heslem není rozpoznatelná žádná hlavička zařízení." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Zařízení %s není platným zařízením BITLK." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Výpis hlavičky s klíčem svazku je citlivý údaj,\n" +"který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n" +"Tento výpis by měl být vždy uložen na bezpečném místě a v zašifrované podobě." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Zařízení %s je stále aktivní a naplánováno pro opožděné odstranění.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Změna velikosti aktivního zařízení vyžaduje klíč svazku v klíčence. Byl však použit přepínač --disable-keyring." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Hodnocení výkonu přerušeno." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s –\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iterací za sekundu pro %zubitový klíč\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s –\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iterací, %5u paměti, %1u souběžných vláken (procesorů) pro %zubitový klíč (požadován čas %u ms)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Výsledek hodnocení výkonu není spolehlivý." + +# ???: are aproximated? +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Testy jsou počítány jen z práce s pamětí (žádné I/O úložiště).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*sAlgoritmus | Klíč | Šifrování | Dešifrování\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Šifra %s (s %ibitovým klíčem) není dostupná." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritmus | Klíč | Šifrování | Dešifrování\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "–" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Zdá se, že zařízení nevyžaduje obnovu přešifrování.\n" +"Přejete si přesto pokračovat?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Opravdu pokračovat s obnovou přešifrování LUKS2?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Zadejte heslo pro obnovení přešifrování: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Opravdu se pokusit opravit hlavičku zařízení LUKS?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Maže se zařízení, aby se inicializovaly kontrolní součty integrity.\n" +"Lze přerušit pomocí Ctrl+C (zbytek nesmazaného zařízení bude obsahovat\n" +"neplatné součty).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Dočasné zařízení %s nelze deaktivovat." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Volby integrity lze použít jen při formátu LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Nepodporované volby velikosti metadat LUKS2." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Soubor s hlavičkou %s nelze vytvořit." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Nelze najít žádný známý vzorek se specifikací integrity." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "%s nelze použít pro hlavičku uvnitř disku." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Toto nevratně přepíše data na %s." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Nastavení parametrů PBKDF selhalo." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Zmenšená poloha dat je dovolena jen u oddělené hlavičky LUKS." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Bez pozic pro klíče nelze určit velikost LUKS klíče svazku. Prosím, použijte přepínač --key-size." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Zařízení aktivováno, ale příznaky nelze učinit trvalými." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Ke smazání vybrán klíč na pozici %d." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "" +"Toto je poslední pozice klíče. Smazáním tohoto klíče přijdete o možnost\n" +"zařízení použít." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Zadejte jakékoliv jiné heslo: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Operace zrušena, pozice klíče NEBYLA vymazána.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Zadejte heslo, které se má smazat: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Zadejte nové heslo pro pozici klíče: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Zadejte jakékoliv existující heslo: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Zadejte heslo, které má být změněno: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Zadejte nové heslo: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Zadejte heslo pro pozici klíče, který má být převeden: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "U operace isLuks je podporován pouze jeden argument se zařízením." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Výpis hlavičky s klíčem svazku je citlivý údaj,\n" +"který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n" +"Tento výpis by měl být uložen na bezpečném místě a v zašifrované podobě." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Pozice klíče %d neobsahuje nepřiřazený klíč." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Výpis hlavičky s nepřiřazeným klíčem je citlivý údaj.\n" +"Tento výpis by měl být uložen na bezpečném místě a v zašifrované podobě." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Je vyžadován přepínač --header-backup-file." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s není zařízení spravované nástrojem cryptsetup." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Reaktivace není na zařízení typu %s podporována" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Nerozpoznaná metadata druhu zařízení %s." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Příkaz vyžaduje jako argumenty zařízení a mapovaný název." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Tento úkon smaže všechny pozice s klíči na zařízení %s.\n" +"Po jeho dokončení zařízení bude nepoužitelné." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Operace zrušena, pozice s klíči NEBYLY smazány.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Neplatný druh formátu LUKS. Podporován je pouze LUKS1 a LUKS2." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Zařízení je již druhu %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Tato operace převede formát %s na %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Operace zrušena, zařízení NEBYLO převedeno.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Chybí přepínač --priority, --label nebo --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Token %d je neplatný." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Token %d se používá." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Přidání tokenu %d klíčenky LUKS2 selhalo." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Přiřazení tokenu %d do pozice s klíčem %d selhalo." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Token %d se nepoužívá." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Import tokenu ze souboru selhal." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Získání tokenu %d za účelem exportu selhalo." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Parametr --key-description je při přidávání tokenu povinný." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Akce vyžaduje určitý token. Použijte parametr --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Neplatná operace tokenu %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Automaticky nalezené aktivní zařízení DM „%s“ pro datové zařízení %s.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Zařízení %s není blokovým zařízením.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Držitele zařízení %s nebylo možné automaticky nalézt." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Nelze rozhodnout, jestli zařízení %s je nebo není aktivováno.\n" +"Jste si jisti, že si přejete pokračovat v přešifrování v režimu offline?\n" +"To může vést k poškození dat, bylo-li zařízení ve skutečnosti aktivováno.\n" +"Pro přešifrování za běhu použijte parametr --active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Neplatný druh zařízení LUKS." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Přešifrování bez odpojené hlavičky (--header) není možné bez zmenšení velikosti datového zařízení (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Požadovaný počátek dat musí být menší nebo roven polovině parametru --reduce-device-size" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Upravuje se hodnota --reduce-device-size na dvojnásobek --offset % (v sektorech).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Šifrování je podporováno jen s formátem LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "Na %s zjištěno zařízeno LUKS. Přejete si toto zařízení LUKS znovu zašifrovat?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Dočasný soubor s hlavičkou %s již existuje. Operace se ruší." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Dočasný soubor s hlavičkou %s nelze vytvořit." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s je nyní aktivní a připraveno pro přešifrování za běhu.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Nedostatek pozic s klíči pro přešifrování." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Soubor s klíčem lze použít jen s přepínačem --key-slot nebo s právě jednou aktivní pozicí klíče." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Zadejte heslo pro pozici klíče %d: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Zadejte heslo pro pozici klíče %u: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Příkaz vyžaduje jako argument zařízení." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "Nyní je podporován pouze formát LUKS2. Pro LUKS1, prosím, použijte nástroj cryptsetup-reencrypt." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Zastaralé offline přešifrování již probíhá. Použijte nástroj cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Přešifrování zařízení s profilem integrity není podporováno." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "Přešifrování LUKS2 je již inicializováno. Operace se ruší." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "Zařízení LUKS2 se nepřešifrovává." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "otevře zařízení jako " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "zavře zařízení (odstraní mapování)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "změní velikost aktivního zařízení" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "zobrazí stav zařízení" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher <šifra>]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "zhodnotí výkon šifry" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "pokusí se opravit metadata uložená na disku" + +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "přešifruje zařízení LUKS2" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "smaže všechny pozice s klíči (odstraní šifrovací klíč)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "převede formát LUKS do/z formátu LUKS2" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "nastaví trvalé volby konfigurace pro LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "naformátuje zařízení LUKS" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "do zařízení LUKS přidá klíč" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" msgstr " []" -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "odstraní zadaný klíč nebo soubor s klíčem ze zařízení LUKS" +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "odstraní zadaný klíč nebo soubor s klíčem ze zařízení LUKS" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "změní zadaný klíč nebo soubor s klíčem u zařízení LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "převede klíč do nových parametrů PBKDF" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "smaže klíč s číslem ze zařízení LUKS" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "zobrazí UUID zařízení LUKS" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "otestuje na hlavičku oddílu LUKS" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "vypíše údaje o oddílu LUKS" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "vypíše údaje o oddílu TCRYPT" + +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "vypíše údaje o zařízení BITLK" + +# TODO: not consistent with previous line +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Uspí zařízení LUKS a smaže klíč (všechny operace budou zmrazeny)" + +# TODO: not consistent with previous line +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Probudí uspané zařízení LUKS" + +# TODO: not consistent with previous line +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Zálohuje hlavičku zařízení LUKS a jeho pozice s klíči" + +# TODO: not consistent with previous line +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Obnoví hlavičku zařízení LUKS a jeho pozice s klíči" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Zachází s tokeny LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" je jedna z:\n" + +#: src/cryptsetup.c:3395 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"Rovněž lze použít aliasy se starým zápisem :\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" je zařízení, které se má vytvořit v %s\n" +" je zašifrované zařízení\n" +" je číslo pozice klíče LUKS, který se má upravit\n" +" je volitelný soubor s novým klíčem pro akci luksAddKey\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Výchozí zakompilovaný formát metadat (pro akci luksFormat) je %s.\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Výchozí zakompilované parametry klíče a hesla:\n" +"\tMaximální velikost souboru s klíčem: %d kB, maximální délka interaktivního hesla %d (znaků)\n" +"Výchozí PBKDF pro LUKS1: %s, doba opakování: %d (ms)\n" +"Výchozí PBKDF pro LUKS2: %s\n" +"\tDoba iterací: %d, nutná paměť: %d kB, souběžná vlákna: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Výchozí zakompilované parametry šifer zařízení:\n" +"\tloop-AES: %s, Klíč %d bitů\n" +"\tplain: %s, Klíč: %d bitů, Haš hesla: %s\n" +"\tLUKS: %s, Klíč: %d bitů, Haš hlavičky LUKS: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: V režimu XTS (dva vnitřní klíče) bude výchozí velikost klíče zdvojnásobena.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: vyžaduje %s jako argumenty" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Zobrazí tuto nápovědu" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Zobrazí stručný návod na použití" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Vypíše verzi balíku" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Přepínače nápovědy:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Zobrazuje podrobnější chybové hlášky" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Zobrazuje ladicí hlášky" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Zobrazuje ladicí hlášky včetně metadat JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "Šifra použita k zašifrování disku (vizte /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "Haš použit k vytvoření šifrovacího klíče z hesla" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Ověřuje heslo dvojitým dotazem" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Klíč načte ze souboru" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "(Hlavní) klíč svazku načte ze souboru." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Vypíše (hlavní) klíč svazku namísto údajů o pozicích klíčů" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "Velikost šifrovacího klíče" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "BITY" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Omezí čtení ze souboru s klíčem" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "bajty" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Přeskočí daný počet bajtů na začátku souboru s klíčem" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Omezí čtení z nově přidaného souboru s klíčem" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Přeskočí daný počet bajtů na začátku nově přidaného souboru s klíčem" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Číslo pozice pro nový klíč (výchozí je první volná)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "Velikost zařízení" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "SEKTORY" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Použije zadanou velikost zařízení (ignoruje zbytek zařízení). NEBEZPEČNÉ!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "Poloha začátku dat v podkladovém zařízení" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Kolik sektorů šifrovaných dat se má na začátku přeskočit" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Vytvoří mapování určené jen pro čtení" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Nevyžaduje potvrzení" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Časový limit pro interaktivní dotaz na heslo (v sekundách)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "sekundy" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Aktualizace ukazatele postupu (v sekundách)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Kolikrát se lze zeptat na heslo" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Zarovnává data na hranici sektorů – pro luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Soubor se zálohou hlavičky LUKS a pozic s klíči" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Pro vytvoření klíče svazku použije /dev/random" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Pro vytvoření klíče svazku použije /dev/urandom" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Zařízení sdílí s jiným nepřekrývajícím se šifrovaným segmentem" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "Použije zařízení s UUID" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Povolí u daného zařízení požadavky na zahození (TRIM)" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Zařízení nebo soubor s oddělenou hlavičkou LUKS" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Zařízení neaktivuje, jen zkontroluje heslo" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Použije se skrytá hlavička (skryté zařízení TCRYPT)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Zařízení je systémová jednotka TCRYPT (se zavaděčem)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Použije se záložní (druhá) hlavička TCRYPT" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Hledá také zařízení kompatibilní s VeraCrypt" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Osobní iterační činitel (PIM) pro zařízení kompatibilní s VeraCrypt" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Zeptá se na Osobní iterační činitel pro zařízení kompatibilní s VeraCrypt" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Druh metadat zařízení: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Vypne kontrolku odolnosti hesla (byla-li zapnuta)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Použije výkonnostně kompatibilní přepínač dmcryptu same_cpu_crypt" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Použije výkonnostně kompatibilní přepínač dmcryptu submit_from_crypt_cpus" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Odstranění zařízení se odloží, dokud jej poslední uživatel neuzavře" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Pro serializaci paměti těžkého PBKDF použije globální zámek (obezlička při nedostatku paměti)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Doba opakování PBKDF pro LUKS (v ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "milisekundy" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Algoritmus PBKDF (pro LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "omezení paměťové náročnosti PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilobajty" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "náročnost paralelizace PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "vlákna" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "náročnost iterací PBKDF (vynuceno, vypne test složitosti)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Priorita pozice klíče: ignore [ignorovat], normal [normální], prefer [upřednostnit]" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Vypne zamykání metadata uložených na disku" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Vypne načítání klíčů svazků přes jadernou klíčenku" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Algoritmus pro integritu dat (pouze LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Vypne žurnál pro zařízení s integritou" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Po formátu nevymazat zařízení" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Použije neefektivní zastaralé vyplňování (stará jádra)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Neptá se na heslo, když aktivace tokenem selže" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Číslo tokenu (výchozí cokoliv)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Popis klíče" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Velikost sektoru šifrování (výchozí: 512 bajtů)" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Inicializační vektor počítá ve velikostech sektoru (nikoliv po 512 bajtech)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Nastaví trvalé příznaky pro aktivaci zařízení" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Nastaví jmenovku zařízení LUKS2" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Nastaví jmenovku podsystému zařízení LUKS2" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Vytvoří nebo vypíše nepřiřazenou (žádný datový segment nepřiřazen) LUKS2 pozici s klíčem" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Načte nebo zapíše JSON z nebo do souboru" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Velikost oblasti s metadaty hlavičky LUKS2" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Velikost oblasti s pozicemi klíčů hlavičky LUKS" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Reaktivuje zařízení s novými parametry" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Pozice s klíčem LUKS2: Velikost šifrovacího klíče" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Pozice s klíčem LUKS2: Šifra použitá pro šifrování pozice s klíčem" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Zašifruje zařízení LUKS2 (šifrování bez mezikopie)." + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Natrvalo dešifruje zařízení LUKS2 (odstraní šifrování)." + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Inicializuje přešifrování LUKS2 pouze v metadatech." + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Pouze dokončí již inicializované přešifrování LUKS2." + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Zmenší velikost datového zařízení (posune začátek dat). NEBEZPEČNÉ!" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Maximální velikost horké zóny při přešifrování." + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Druh odolnosti horké zóny při přešifrování (checksum [kontrolní součet], journal [žurnál], none [žádná])" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Algoritmus kontrolního součtu při přešifrování" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Přebije automatické hledání zařízení DM pro přešifrování" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[PŘEPÍNAČ…] " + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Chybí argument ." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Neznámá akce." + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Přepínače --refresh a --test-passphrase se vzájemně vylučují." + +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "Přepínač --deferred je dovolen jen při příkazu zavření." + +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Přepínač --shared je dovolen jen při úkonu otevírání zařízení plain." + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Přepínač --allow-discards je dovolen jen při úkonu otevírání." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "Přepínač --persistent je dovolen jen při úkonu otevírání." + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Přepínač --serialize-memory-hard-pbkdf je dovolen jen při úkonu otevírání." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Přepínač --persistent není dovolen současně s --test-passphrase." + +#: src/cryptsetup.c:3753 +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"Přepínač --key-size je dovolen jen pro akce luksFormat, luksAddKey,\n" +"open a benchmark. Čtení ze souboru s klíčem lze omezit\n" +"pomocí --keyfile-size=(bajty)." + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Přepínač --integrity je dovolen pouze u luksFormat (LUKS2)." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Přepínač --integrity-no-wipe smí být použit jen při formátování s rozšířením integrity." + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Přepínače --label a --subsystem jsou dovoleny jen při úkonech luksFormat a config s LUKS2." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Přepínač --test-passphrase je dovolen pouze při otevírání zařízení LUKS, TCRYPT a BITLK." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Velikost klíče musí být násobkem 8 bitů." + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "Pozice klíče není platná." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Přepínač --key-file má přednost před zadaným argumentem souboru s klíčem." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "U přepínače není záporné číslo dovoleno." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Je dovolen pouze jeden argument přepínače --key-file." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Je dovolen pouze jeden z přepínačů --use-[u]random." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "Přepínač --use-[u]random je dovolen pouze u luksFormat." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "Přepínač --uuid je dovolen pouze u luksFormat a luksUUID." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "Přepínač --align-payload je dovolen pouze u luksFormat." -#: src/cryptsetup.c:1370 -msgid "changes supplied key or key file of LUKS device" -msgstr "změní zadaný klíč nebo soubor s klíčem u zařízení LUKS" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Přepínače --luks2-metadata-size a --opt-luks2-keyslots-size jsou dovoleny jen při úkonu luksFormat s LUKS2." -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Zadána neplatná velikost metadat LUKS2." -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "smaže klíč s číslem ze zařízení LUKS" +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Zadána neplatná velikost pozic s klíči LUKS2." -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "zobrazí UUID zařízení LUKS" +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Přepínače --align-payload a --offset nelze kombinovat." -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr "otestuje na hlavičku oddílu LUKS" +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Přepínač --skip je podporován jen při otevírání zařízení plain a loopaes." -#: src/cryptsetup.c:1374 -msgid "dump LUKS partition information" -msgstr "vypíše údaje o oddílu LUKS" +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Přepínač --offset je podporován jen při otevírání zařízení plain a loopaes a při úkonu luksFormat a přešifrování." -#: src/cryptsetup.c:1375 -msgid "dump TCRYPT device information" -msgstr "vypíše údaje o oddílu TCRYPT" +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Přepínač --tcrypt-hidden, --tcrypt-system nebo --tcrypt-backup je podporován jen u zařízení TCRYPT." -# TODO: not consistent with previous line -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "uspí zařízení LUKS a smaže klíč (všechny operace budou zmrazeny)" +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Přepínač --tcrypt-hidden nelze použít s přepínačem --allow-discards." -# TODO: not consistent with previous line -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "probudí uspané zařízení LUKS" +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Přepínač --veracrypt je podporován jen u typu zařízení TCRYPT." -# TODO: not consistent with previous line -#: src/cryptsetup.c:1378 -msgid "Backup LUKS device header and keyslots" -msgstr "zálohuje hlavičku zařízení LUKS a jeho pozice s klíči" +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Zadán neplatný argument parametru --veracrypt-pim." -# TODO: not consistent with previous line -#: src/cryptsetup.c:1379 -msgid "Restore LUKS device header and keyslots" -msgstr "obnoví hlavičku zařízení LUKS a jeho pozice s klíči" +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Přepínač --veracrypt-pim je podporován jen u zařízení kompatibilním s VeraCrypt." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Přepínač --veracrypt-query-pim je podporován jen u zařízení kompatibilním s VeraCrypt." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Přepínače --veracrypt-pim a --veracrypt-query-pim se vzájemně vylučují." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Přepínač --priority smí mít pouze argument ignore, normal a prefer." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Je nutné určit pozici s klíčem." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Funkce pro odvození klíče na základě hesla (PBKDF) smí být pouze pbkdf2 nebo argon2i/argon2id." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Vynucené iterace PBKDF nelze kombinovat s volnou doby iterací." + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "Tento příkaz nepodporuje volbu velikosti sektoru." + +# FIXME: "Large IV sectors" should read "IV large sectors". +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Volba inicializačního vektoru s velkými sektory je podporována jen při otevírání zařízení typu plain s velikostí sektoru větší než 512 bajtů." + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "Přepínač --unbound vyžaduje velikost klíče." + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Přepínač --unbound lze použít pouze s akcemi luksAddKey nebo luksDump." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "Přepínač --refresh lze použít pouze s úkonem otevření." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "Zamykání metadata nelze vypnout." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Zadána neplatná maximální velikost horké zóny při přešifrování." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Zadána neplatná velikost zařízení." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Maximální velikost zmenšení zařízení je 1 GiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Velikost zmenšení musí být násobkem 512bajtových sektorů." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "Zadána neplatná velikost dat." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Velikost ke zmenšení přetekla." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "Dešifrování LUKS2 vyžaduje přepínač --header." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Velikost zařízení musí být násobkem 512bajtových sektorů." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Přepínače --reduce-device-size a --data-size nelze kombinovat." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Přepínače --device-size a --size nelze kombinovat." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Přepínače --ignore-corruption a --restart-on-corruption nelze použít najednou." + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Zadán neplatný řetězec se solí." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Nelze vytvořit obraz hašů %s určený k zápisu." + +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Nelze vytvořit obraz FEC %s určený k zápisu." + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Zadán neplatný řetězec s kořenovým hašem." + +#: src/veritysetup.c:187 +#, c-format +msgid "Invalid signature file %s." +msgstr "Neplatné soubor s podpisem %s." + +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Soubor s podpisem %s nelze číst." + +#: src/veritysetup.c:392 +msgid " " +msgstr " " + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "naformátuje zařízení" + +#: src/veritysetup.c:393 +msgid " " +msgstr " " + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "ověří zařízení" + +#: src/veritysetup.c:394 +msgid " " +msgstr " " + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "zobrazí stav aktivního zařízení" + +#: src/veritysetup.c:397 +msgid "" +msgstr "" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "zobrazí údaje z disku" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/veritysetup.c:416 +#, c-format msgid "" "\n" -" is one of:\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" msgstr "" "\n" -" je jedna z:\n" +" je zařízení, které bude vytvořeno pod %s\n" +" je datové zařízení\n" +" je zařízení obsahující ověřovací data\n" +" haš kořenového uzlu na \n" -#: src/cryptsetup.c:1402 +#: src/veritysetup.c:423 +#, c-format msgid "" "\n" -"You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" msgstr "" "\n" -"Rovněž lze použít starý aliasy zápisu :\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"Výchozí zakompilované parametry dm-verity:\n" +"\tHaš: %s, Datový blok (bajty): %u, Blok hašů (bajty): %u, Velikost soli: %u, Formát haše: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Nepoužije superblok verity" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Druh formátu (1 – běžný, 0 – původní z OS Chrome)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "číslo" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Velikost bloku na zařízení dat" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Velikost bloku na zařízení hašů" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "Paritní bajty FEC" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Počet bloků v datovém souboru" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "bloky" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Cesta k zařízení s daty pro opravu chyb" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "cesta" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Poloha začátku dat v zařízení hašů" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Poloha začátku dat v zařízení FEC" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Hašovací algoritmus" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "řetězec" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Sůl" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "šestnáctkový řetězec" + +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Cesta k souboru s podpisem kořenového otisku" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Restartuje jádro, pokud je zjištěno poškození" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ignoruje poškození, pouze jej zaznamená" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Neověřuje vynulované bloky" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Ověří datový blok pouze při prvním čtení" -#: src/cryptsetup.c:1406 +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Přepínače --ignore-corruption, --restart-on-corruption nebo --ignore-zero-blocks jsou dovoleny jen při úkonu otevírání." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Přepínač --root-hash-signature smí být použit jen při otevírání." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Přepínače --ignore-corruption a --restart-on-corruption nelze použít najednou." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Soubor s klíčem %s nelze číst." + +# FIXME: Pluralize +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Ze souboru s klíčem %2$s nelze přečíst %1$d bajtů." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formátováno s velikostí značky %u, vnitřní integrita %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 #, c-format msgid "" "\n" " is the device to create under %s\n" -" is the encrypted device\n" -" is the LUKS key slot number to modify\n" -" optional key file for the new key for luksAddKey action\n" +" is the device containing data with integrity tags\n" msgstr "" "\n" -" je zařízení, které se má vytvořit v %s\n" -" je zašifrované zařízení\n" -" je číslo pozice klíče LUKS, který se má upravit\n" -" je volitelný soubor s novým klíčem pro akci luksAddKey\n" +" je zařízení, které bude vytvořeno pod %s\n" +" je zařízení obsahující data se značkami integrity\n" -#: src/cryptsetup.c:1413 +#: src/integritysetup.c:507 #, c-format msgid "" "\n" -"Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" msgstr "" "\n" -"Výchozí zakompilované parametry klíče a hesla:\n" -"\tMaximální velikost souboru s klíčem: %d kB, Maximální délka interaktivního " -"hesla %d (znaků)\n" -"Výchozí čas opakování PBKDF2 pro LUKS: %d (ms)\n" +"Výchozí zakompilované parametry dm-integrity:\n" +"\tAlgoritmus kontrolního součtu: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Cesta k zařízení s daty (je-li odděleno)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Velikost žurnálu" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Prokládat sektory" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Zaplněnost žurnálu" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "procenta" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Perioda vyprazdňování žurnálu" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Počet 512bajtových sektorů na bit (režim bitmapy)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Perioda vyprazdňování při režimu bitmapy" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Velikost značky (na sektor)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Velikost sektoru" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Velikost vyrovnávací paměti" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Algoritmus pro kontrolu integrity dat" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Velikost klíče pro integritu dat" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Klíč pro integritu načte ze souboru" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Algoritmus pro integritu žurnálu" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Velikost klíče integrity žurnálu" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Klíč integrity žurnálu načte ze souboru" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Algoritmus šifrování žurnálu" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Velikost šifrovacího klíče žurnálu" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Šifrovací klíč žurnálu načte ze souboru" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Režim obnovy (žádný žurnál, žádná kontrola značek)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Ke sledování změn použije bitmapu a vypne žurnál pro zařízení s integritou" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Automaticky přepočítá počáteční značky." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Přepínač --integrity-recalculate smí být použit jen při otevírání." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Přepínače --journal-size, --interleave-sectors, --sector-size, --tag-size a --no-wipe lze použít jen při formátování." -#: src/cryptsetup.c:1420 +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Zadána neplatná velikost žurnálu." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Musí být zadány oba přepínače pro soubor s klíčem a velikostí klíče." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Je-li použit klíč integrity, musí být zadán algoritmus integrity." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Musí být zadány oba přepínače pro soubor s klíčem žurnálu a velikostí klíče." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Je-li použit klíč integrity žurnálu, musí být zadán algoritmus integrity žurnálu." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Musí být zadány oba přepínače pro soubor s šifrovacím klíčem žurnálu a velikostí klíče." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Je-li použit šifrovací klíč žurnálu, musí být zadán algoritmus šifrování žurnálu." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Přepínače režimu bitmapy a obnovení se vzájemně vylučují." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Přepínače žurnálu nelze použití spolu s režimem bitmapy." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Přepínače bitmapy lze použít jen při režimu bitmapy." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Přešifrování již probíhá." + +#: src/cryptsetup_reencrypt.c:208 #, c-format -msgid "" -"\n" -"Default compiled-in device cipher parameters:\n" -"\tloop-AES: %s, Key %d bits\n" -"\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" -msgstr "" -"\n" -"Výchozí zakompilované parametry šifer zařízení:\n" -"\tloop-AES: %s, Klíč %d bitů\n" -"\tplain: %s, Klíč: %d bitů, Haš hesla: %s\n" -"\tLUKS1: %s, Klíč: %d bitů, Haš hlavičky LUKS: %s, RNG: %s\n" +msgid "Cannot exclusively open %s, device in use." +msgstr "Zařízení %s nelze výlučně otevřít. Zařízení se používá." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Alokace zarovnané paměti se nezdařila." -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup_reencrypt.c:229 #, c-format -msgid "%s: requires %s as arguments" -msgstr "%s: vyžaduje %s jako argumenty" +msgid "Cannot read device %s." +msgstr "Ze zařízení %s nelze číst." -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 -msgid "Show this help message" -msgstr "Zobrazí tuto nápovědu" +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "LUKS1 zařízení %s se označuje za nepoužitelné." -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 -msgid "Display brief usage" -msgstr "Zobrazí stručný návod na použití" +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Na zařízení %s se nastavuje příznak offline přešifrování." -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Přepínače nápovědy:" +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Zařízení %s není možné zapsat." -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 -msgid "Print package version" -msgstr "Vypíše verzi balíku" +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Nelze zapsat soubor s protokolem přešifrování." -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 -msgid "Shows more detailed error messages" -msgstr "Zobrazuje podrobnější chybové hlášky" +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Soubor s protokolem přešifrování nelze načíst." -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 -msgid "Show debug messages" -msgstr "Zobrazuje ladicí hlášky" +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Soubor s protokolem %s existuje, pokračuje se v přerušeném přešifrování.\n" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 -msgid "The cipher used to encrypt the disk (see /proc/crypto)" -msgstr "Šifra použita k zašifrování disku (vizte /proc/crypto)" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Aktivuje se dočasné zařízení za pomoci staré hlavičky LUKS." -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 -msgid "The hash used to create the encryption key from the passphrase" -msgstr "Haš použit k vytvoření šifrovacího klíče z hesla" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Aktivuje se dočasné zařízení za pomoci nové hlavičky LUKS." + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Aktivace dočasných zařízení selhala." + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Nastavení polohy dat selhalo." + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Nastavení velikosti metadat selhalo." + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Byla vytvořena nová hlavička LUKS zařízení %s." + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Tato verze cryptsetup-reencrypt neumí zacházet s novým vnitřním druhem tokenů %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Přečtení příznaků pro aktivaci ze záložní hlavičky selhalo." + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Zápis příznaků pro aktivaci do nové hlavičky selhal." + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Čtení požadavků ze záložní hlavičky selhalo." + +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Záloha hlavičky %s zařízení %s byla vytvořena." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Záložní hlavičky LUKS se nepodařilo vytvořit." + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Hlavičku %s na zařízení %s nelze obnovit." + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "Hlavička %s na zařízení %s byla obnovena." + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Nelze otevřít dočasné zařízení LUKS." -#: src/cryptsetup.c:1481 -msgid "Verifies the passphrase by asking for it twice" -msgstr "Ověřuje heslo dvojitým dotazem" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Velikost zařízení nelze zjistit." -# TODO: Remove period -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." -msgstr "Klíč načte ze souboru" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Chyba vstupu/výstupu během přešifrování." -# TODO: Remove period -#: src/cryptsetup.c:1483 -msgid "Read the volume (master) key from file." -msgstr "(Hlavní) klíč svazku načte ze souboru" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Poskytnuté UUID není platné." -# TODO: Remove period -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "Vypíše (hlavní) klíč svazku namísto údajů o pozicích klíčů" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Nelze otevřít soubor s protokolem přešifrování." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "The size of the encryption key" -msgstr "Velikost šifrovacího klíče" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Žádné dešifrování není rozpracované. Poskytnuté UUID lze použít jen k dokončení pozastaveného procesu dešifrování." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "BITS" -msgstr "BITY" +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Parametry PBKDF pro pozici klíče %i změněny." -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 -msgid "Limits the read from keyfile" -msgstr "Omezí čtení ze souboru s klíčem" +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Velikost bloku přešifrování" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 -msgid "bytes" -msgstr "bajty" +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 -msgid "Number of bytes to skip in keyfile" -msgstr "Přeskočí daný počet bajtů na začátku souboru s klíčem" +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Nezmění klíč, oblast s daty se nepřešifruje" -#: src/cryptsetup.c:1488 -msgid "Limits the read from newly added keyfile" -msgstr "Omezí čtení z nově přidaného souboru s klíčem" +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Nový (hlavní) klíč svazku načte ze souboru" -#: src/cryptsetup.c:1489 -msgid "Number of bytes to skip in newly added keyfile" -msgstr "Přeskočí daný počet bajtů na začátku nově přidaného souboru s klíčem" +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Doba opakování PBKDF2 pro LUKS (v ms)" -#: src/cryptsetup.c:1490 -msgid "Slot number for new key (default is first free)" -msgstr "Číslo pozice pro nový klíč (výchozí je první volná)" +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "K zařízením se bude přistupovat pomocí přímého I/O" -#: src/cryptsetup.c:1491 -msgid "The size of the device" -msgstr "Velikost zařízení" +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Po každém bloku se zavolá fsync" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 -msgid "SECTORS" -msgstr "SEKTORY" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Po každém bloku se aktualizuje soubor s protokolem" -#: src/cryptsetup.c:1492 -msgid "The start offset in the backend device" -msgstr "Poloha začátku dat v podkladovém zařízení" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Použije se pouze tato pozice (ostatní budou zakázány)" -#: src/cryptsetup.c:1493 -msgid "How many sectors of the encrypted data to skip at the beginning" -msgstr "Kolik sektorů šifrovaných dat se má na začátku přeskočit" +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Vytvoří novou hlavičku na nešifrovaném zařízení" -#: src/cryptsetup.c:1494 -msgid "Create a readonly mapping" -msgstr "Vytvoří mapování určené jen pro čtení" +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Natrvalo dešifruje zařízení (odstraní šifrování)" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "Doba opakování PBKDF2 pro LUKS (v ms)" +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "UUID, které se použije pro dokončení dešifrování" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "milisekundy" +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Druh metadat LUKS: luks1, luks2" -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 -msgid "Do not ask for confirmation" -msgstr "Nevyžaduje potvrzení" +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[PŘEPÍNAČ…] " -#: src/cryptsetup.c:1497 -msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "Časový limit pro interaktivní dotaz na heslo (v sekundách)" +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Přešifrování změní: %s%s%s%s%s%s." -#: src/cryptsetup.c:1497 -msgid "secs" -msgstr "sekundy" +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "klíč svazku" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Kolikrát se lze zeptat na heslo" +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "nastaví haš na " -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" -msgstr "Zarovnává data na hranici sektorů – pro luksFormat" +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", nastaví šifru na " + +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Vyžadován argument." -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Soubor se zálohou hlavičky LUKS a jejích pozic s klíči" +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Velikost bloku při přešifrování může nabývat hodnot pouze mezi 1 a 64 MiB." -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "Klíče svazku vytvoří z /dev/random." +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "Maximální velikost zmenšení zařízení je 64 MiB." -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Klíč svazku vytvoří z /dev/urandom." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Přepínač --new musí být použit spolu s --reduce-device-size nebo --header." -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "Zařízení sdílí s jiným nepřekrývajícím se šifrovaným segmentem." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Přepínač --keep-key lze použít jen s přepínači --hash, --iter-time nebo --pbkdf-force-iterations." -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "Použije zařízení s UUID." +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "Přepínač --new nelze být použit spolu s --decrypt." -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Povolí u daného zařízení požadavky na zahození (TRIM)." +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "Přepínač --decrypt se neslučuje se zadanými parametry." -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Zařízení nebo soubor s oddělenou hlavičkou LUKS." +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Přepínač --uuid lze použít jen spolu s přepínačem --decrypt." -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Zařízení neaktivuje, jen zkontroluje heslo." +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Neplatný druh LUKS. Použijte jeden z: „luks“, „luks1“ nebo „luks2“" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Použije se skrytá hlavička (skryté zařízení TCRYPT)." +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Chyba při čtení odpovědi z terminálu." -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Zařízení je systémová jednotka TCRYPT (se zavaděčem)." +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Příkaz úspěšně vykonán.\n" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Použije se záložní (druhá) hlavička TCRYPT." +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "špatné nebo chybějící parametry" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Hledá také zařízení kompatibilní s VeraCrypt." +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "žádné oprávnění nebo chybné heslo" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Druh metadat zařízení: luks, plain, loopaes, tcrypt." +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "nedostatek paměti" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Vypne kontrolku odolnosti hesla (byla-li zapnuta)." +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "zadáno špatné zařízení nebo soubor" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "Použije výkonnostně kompatibilní přepínač dmcryptu same_cpu_crypt." +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "zařízení již existuje nebo zařízení je zaneprázdněno" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "" -"Použije výkonnostně kompatibilní přepínač dmcryptu submit_from_crypt_cpus." +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "neznámá chyba" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 -msgid "[OPTION...] " -msgstr "[PŘEPÍNAČ…] " +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Příkaz selhal s kódem %i (%s).\n" -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Režim FIPS zapnut.\n" +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Pozice klíče %i vytvořena." -#: src/cryptsetup.c:1581 src/veritysetup.c:439 -msgid "Argument missing." -msgstr "Chybí argument ." +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Pozice klíče %i odemknuta." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 -msgid "Unknown action." -msgstr "Neznámá akce." +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Pozice klíče %i odemknuta." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "Přepínač --shared je dovolen jen při úkonu otevírání zařízení plain.\n" +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Token %i vytvořen." -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "Přepínač --allow-discards je dovolen jen při úkonu otevírání.\n" +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Token %i se odstraněn." -#: src/cryptsetup.c:1657 +#: src/utils_tools.c:464 msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." +"\n" +"Wipe interrupted." msgstr "" -"Přepínač --key-size je dovolen jen u luksFormat, open a benchmark.\n" -"Čtení ze souboru s klíčem lze omezit pomocí --keyfile-size=(bajty)." +"\n" +"Výmaz přerušen." -#: src/cryptsetup.c:1664 -msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" -msgstr "" -"Přepínač --test-passphrase je dovolen pouze při otevírání zařízení LUKS a " -"TCRYPT.\n" +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "POZOR: Zařízení %s již obsahuje vzorec oddílu „%s“.\n" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 -msgid "Key size must be a multiple of 8 bits" -msgstr "Velikost klíče musí být násobkem 8 bitů." +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "POZOR: Zařízení %s již obsahuje vzorec superbloku „%s“.\n" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 -msgid "Key slot is invalid." -msgstr "Pozice klíče není platná." +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Sondu vzorců zařízení se nepodařilo inicializovat." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"Přepínač --key-file má přednost před zadaným argumentem souboru s klíčem.\n" +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "O zařízení %s nebylo možné zjistit údaje." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 -msgid "Negative number for option not permitted." -msgstr "U přepínače není záporné číslo dovoleno." +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Zařízení %s se používá. K formátování nelze přikročit." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 -msgid "Only one of --use-[u]random options is allowed." -msgstr "Je dovolen pouze jeden z přepínačů --use-[u]random." +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Soubor %s nebylo možné otevřít pro čtení i zápis." -#: src/cryptsetup.c:1699 -msgid "Option --use-[u]random is allowed only for luksFormat." -msgstr "Přepínač --use-[u]random je dovolen pouze u luksFormat." +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "Existující vzorec „%s“ oddílu (poloha: % bajtů) na zařízení %s bude vymazán." -#: src/cryptsetup.c:1703 -msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgstr "Přepínač --uuid je dovolen pouze u luksFormat a luksUUID." +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "Existující vzorec superbloku „%s“ (poloha: % bajtů) na zařízení %s bude vymazán." -#: src/cryptsetup.c:1707 -msgid "Option --align-payload is allowed only for luksFormat." -msgstr "Přepínač --align-payload je dovolen pouze u luksFormat." +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Odstranění vzorce ze zařízení selhalo." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Přepínač --skip je podporován jen při otevírání zařízení plain a loopaes.\n" +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Otestování zařízení %s na vzorce selhalo." -#: src/cryptsetup.c:1719 +#: src/utils_tools.c:629 msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" +"\n" +"Reencryption interrupted." msgstr "" -"Přepínač --offset je podporován jen při otevírání zařízení plain a loopaes.\n" +"\n" +"Přešifrování přerušeno." + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Odolnost hesla nelze prověřit: %s" -#: src/cryptsetup.c:1725 +#: src/utils_password.c:51 +#, c-format msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" +"Password quality check failed:\n" +" %s" msgstr "" -"Přepínač --tcrypt-hidden, --tcrypt-system nebo --tcrypt-backup je podporován " -"jen u zařízení TCRYPT.\n" - -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "Přepínač --tcrypt-hidden nelze použít s přepínačem --allow-discards.\n" +"Kontrola odolnosti hesla selhala:\n" +" %s" -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "Přepínač --veracrypt je podporován jen u typu zařízení TCRYPT.\n" +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Kontrola odolnosti hesla selhala: Špatné heslo (%s)" -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "Zadán neplatný řetězec se solí.\n" +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Chyba při čtení hesla z terminálu." -#: src/veritysetup.c:88 -#, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "Nelze vytvořit obraz hašů %s určený k zápisu.\n" +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Ověřte heslo: " -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "Zadán neplatný řetězec s kořenovým hašem.\n" +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Hesla se neshodují." -#: src/veritysetup.c:308 -msgid " " -msgstr " " +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Ve vstupu z terminálu nelze měnit polohu." -#: src/veritysetup.c:308 -msgid "format device" -msgstr "naformátuje zařízení" +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Zadejte heslo: " -#: src/veritysetup.c:309 -msgid " " -msgstr " " +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Zadejte heslo pro %s: " -#: src/veritysetup.c:309 -msgid "verify device" -msgstr "ověří zařízení" +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "S tímto heslem není dostupný žádný klíč." -#: src/veritysetup.c:310 -msgid " " -msgstr " " +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Nejsou dostupné žádné použitelné pozice s klíči." -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "vytvoří aktivní zařízení" +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Soubor s klíčem %s nelze otevřít pro zápis." -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "odstraní (deaktivuje) zařízení" +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Do souboru s klíčem %s nelze zapsat." -#: src/veritysetup.c:312 -msgid "show active device status" -msgstr "zobrazí stav aktivního zařízení" +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Soubor %s se nepodařilo otevřít pouze pro čtení." -#: src/veritysetup.c:313 -msgid "" -msgstr "" +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Poskytněte JSON s platným tokenem LUKS2:\n" -#: src/veritysetup.c:313 -msgid "show on-disk information" -msgstr "zobrazí údaje z disku" +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Soubor s dokumentem JSON se nepodařilo přečíst." -#: src/veritysetup.c:332 -#, c-format +#: src/utils_luks2.c:72 msgid "" "\n" -" is the device to create under %s\n" -" is the data device\n" -" is the device containing verification data\n" -" hash of the root node on \n" +"Read interrupted." msgstr "" "\n" -" je zařízení, které bude vytvořeno pod %s\n" -" je datové zařízení\n" -" je zařízení obsahující ověřovací data\n" -" haš kořenového uzlu na \n" +"Čtení přerušeno." -#: src/veritysetup.c:339 +#: src/utils_luks2.c:113 #, c-format +msgid "Failed to open file %s in write mode." +msgstr "Otevření souboru %s pro zápis selhalo." + +#: src/utils_luks2.c:122 msgid "" "\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +"Write interrupted." msgstr "" "\n" -"Výchozí zakompilované parametry dm-verity:\n" -"\tHaš: %s, Datový blok (bajty): %u, Blok hašů (bajty): %u, Velikost soli: " -"%u, Formát haše: %u\n" - -#: src/veritysetup.c:377 -msgid "Do not use verity superblock" -msgstr "Nepoužije superblok verity" - -#: src/veritysetup.c:378 -msgid "Format type (1 - normal, 0 - original Chrome OS)" -msgstr "Druh formátu (1 – běžný, 0 – původní z OS Chrome)" - -#: src/veritysetup.c:378 -msgid "number" -msgstr "číslo" +"Zápis přerušen." -#: src/veritysetup.c:379 -msgid "Block size on the data device" -msgstr "Velikost bloku na zařízení dat" - -#: src/veritysetup.c:380 -msgid "Block size on the hash device" -msgstr "Velikost bloku na zařízení hašů" +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Zapsaní souboru s dokumentem JSON selhalo." -#: src/veritysetup.c:381 -msgid "The number of blocks in the data file" -msgstr "Počet bloků v datovém souboru" +#~ msgid "Parameter --refresh is only allowed with open or refresh commands." +#~ msgstr "Přepínač --refresh je dovolen jen při příkazu otevření nebo reaktivace." -#: src/veritysetup.c:381 -msgid "blocks" -msgstr "bloky" +#~ msgid "Cipher %s is not available." +#~ msgstr "Šifra %s není dostupná." -#: src/veritysetup.c:382 -msgid "Starting offset on the hash device" -msgstr "Poloha začátku dat v zařízení hašů" +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Nepodporovaná velikost šifrovaného sektoru.\n" -#: src/veritysetup.c:383 -msgid "Hash algorithm" -msgstr "Hašovací algoritmus" +#~ msgid "Offline reencryption in progress. Aborting." +#~ msgstr "Probíhá offline přešifrování. Operace se ruší." -#: src/veritysetup.c:383 -msgid "string" -msgstr "řetězec" +#~ msgid "Online reencryption in progress. Aborting." +#~ msgstr "Probíhá přešifrování za běhu. Operace se ruší." -#: src/veritysetup.c:384 -msgid "Salt" -msgstr "Sůl" +#~ msgid "No LUKS2 reencryption in progress." +#~ msgstr "Neprobíhá žádné přešifrování LUKS2." -#: src/veritysetup.c:384 -msgid "hex string" -msgstr "šestnáctkový řetězec" +#~ msgid "Interrupted by a signal." +#~ msgstr "Přerušeno signálem." -#: src/cryptsetup_reencrypt.c:147 -#, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Zařízení %s nelze výlučně otevřít. Zařízení se používá.\n" +#~ msgid "Function not available in FIPS mode." +#~ msgstr "V režimu FIPS není funkce dostupná." -#: src/cryptsetup_reencrypt.c:151 -#, c-format -msgid "Cannot open device %s\n" -msgstr "Zařízení %s nelze otevřít\n" +#~ msgid "Failed to write hash." +#~ msgstr "Zapsaní otisku selhalo." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "Alokace zarovnané paměti se nezdařila.\n" +#~ msgid "Failed to finalize hash." +#~ msgstr "Dokončení otisku selhalo." -#: src/cryptsetup_reencrypt.c:168 -#, c-format -msgid "Cannot read device %s.\n" -msgstr "Ze zařízení %s nelze číst.\n" +#~ msgid "Invalid resilience parameters (internal error)." +#~ msgstr "Neplatné parametry odolnosti (vnitřní chyba)." -#: src/cryptsetup_reencrypt.c:179 -#, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "LUKS zařízení %s se označuje za nepoužitelné.\n" +#~ msgid "Failed to assign new enc segments." +#~ msgstr "Přiřazení nových částí k šifrování se nezdařilo." -#: src/cryptsetup_reencrypt.c:184 -#, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "LUKS zařízení %s se označuje za použitelné.\n" +#~ msgid "Failed to assign digest %u to segment %u." +#~ msgstr "Přiřazení otisku %u k části %u se nezdařilo." -#: src/cryptsetup_reencrypt.c:200 -#, c-format -msgid "Cannot write device %s.\n" -msgstr "Zařízení %s není možné zapsat.\n" +#~ msgid "Failed to set segments." +#~ msgstr "Nastavení částí selhalo." -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "Nelze zapsat soubor s protokolem přešifrování.\n" +#~ msgid "Failed to assign reencrypt previous backup segment." +#~ msgstr "Přiřazení předchozí zálohové části při přešifrování selhalo." -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "Soubor s protokolem přešifrování nelze načíst.\n" +#~ msgid "Failed to assign reencrypt final backup segment." +#~ msgstr "Přiřazení poslední zálohové části při přešifrování selhalo." -#: src/cryptsetup_reencrypt.c:374 -#, c-format -msgid "Log file %s exists, resuming reencryption.\n" -msgstr "" -"Soubor s protokolem %s existuje, pokračuje se v přerušeném přešifrování.\n" +#~ msgid "Failed generate 2nd segment." +#~ msgstr "Vytvoření druhé části selhalo." -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "Aktivuje se dočasné zařízení za pomoci staré hlavičky LUKS.\n" +#~ msgid "Failed generate 1st segment." +#~ msgstr "Vytvoření první části selhalo." -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "Aktivuje se dočasné zařízení za pomoci nové hlavičky LUKS.\n" +#~ msgid "Failed to allocate device %s." +#~ msgstr "Alokace zařízení %s selhala." -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Aktivace dočasných zařízení selhala.\n" +#~ msgid "Failed to allocate dm segments." +#~ msgstr "Alokace částí DM selhalo." -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Byla vytvořena nová hlavička LUKS zařízení %s.\n" +#~ msgid "Failed to create dm segments." +#~ msgstr "Vytvoření částí DM selhalo." -#: src/cryptsetup_reencrypt.c:458 -#, c-format -msgid "Activated keyslot %i.\n" -msgstr "Pozice klíče %i aktivována.\n" +#~ msgid "Failed to allocate device for new backing device." +#~ msgstr "Alokace zařízení pro nové podpůrné zařízení selhalo." -#: src/cryptsetup_reencrypt.c:484 -#, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "Záloha hlavičky LUKS zařízení %s byla vytvořena.\n" +#~ msgid "Failed to reload overlay device %s." +#~ msgstr "Znovuzavedení překryvného zařízení %s selhalo." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "Záložní hlavičky LUKS se nepodařilo vytvořit.\n" +#~ msgid "Failed to refresh helper devices." +#~ msgstr "Obnovení pomocných zařízení selhalo." -#: src/cryptsetup_reencrypt.c:634 -#, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Hlavičku LUKS na zařízení %s nelze obnovit.\n" +#~ msgid "Failed to create reencryption backup segments." +#~ msgstr "Vytvoření záložních částí při přešifrování selhalo." -#: src/cryptsetup_reencrypt.c:636 -#, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "Hlavička LUKS na zařízení %s byla obnovena.\n" +#~ msgid "Failed to set online-reencryption requirement." +#~ msgstr "Nastavení požadavků na přešifrování za běhu selhalo." -#: src/cryptsetup_reencrypt.c:669 -#, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Průběh: %5.1f %%, ETA %02llu:%02llu, zapsáno %'4llu MiB, rychlost %'5.1f MiB/" -"s%s" +#~ msgid "Failed to hash sector at offset %zu." +#~ msgstr "Vypočtení otisku sektoru na pozici %zu selhalo." -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Nelze se přesunout na požadované místo v zařízení.\n" +#~ msgid "Failed to read sector hash." +#~ msgstr "Načtení otisku sektoru selhalo." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Nelze otevřít dočasný soubor s hlavičkou LUKS.\n" +#~ msgid "Error: Calculated reencryption offset % is beyond device size %." +#~ msgstr "Chyba: Vypočtená pozice pro přešifrování % je větší než velikost zařízení %." -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "Velikost zařízení nelze zjistit.\n" +#~ msgid "Device is not in clean reencryption state." +#~ msgstr "Zařízení není v čistém stavu přešifrování." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Přerušeno signálem.\n" +#~ msgid "Failed to calculate new segments." +#~ msgstr "Výpočet nových částí selhal." -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "Chyba vstupu/výstupu během přešifrování.\n" +#~ msgid "Failed to assign pre reenc segments." +#~ msgstr "Přiřazení částí před přešifrováním selhalo." -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"Soubor s klíčem lze použít jen s přepínačem --key-slot nebo s právě jednou\n" -"aktivní pozicí klíče.\n" +#~ msgid "Failed finalize hotzone resilience, retval = %d" +#~ msgstr "Dokončení odolnosti horké zóny selhalo, návratová hodnota = %d" -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 -#, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Zadejte heslo pro pozici klíče %u: " +#~ msgid "Failed to write data." +#~ msgstr "Zápis dat selhal." -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Nelze otevřít soubor s protokolem přešifrování.\n" +#~ msgid "Failed to update metadata or reassign device segments." +#~ msgstr "Aktualizace metadat nebo opětovné přiřazení částí zařízení selhalo." -#: src/cryptsetup_reencrypt.c:1262 -msgid "Reencryption block size" -msgstr "Velikost bloku přešifrování" +#~ msgid "Failed to reload %s device." +#~ msgstr "Opětovné zavedení zařízení %s selhalo." -#: src/cryptsetup_reencrypt.c:1262 -msgid "MiB" -msgstr "MiB" +#~ msgid "Failed to erase backup segments" +#~ msgstr "Výmaz záložních částí selhal" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "Nezmění klíč, oblast s daty se nebude přešifrovávat." +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Požadované výkonnostní volby dmcryptu nejsou podporovány." -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "K zařízením se bude přistupovat pomocí přímého I/O." +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Zařízení %s, které se stále používá, nelze formátovat." -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "Po každém bloku se zavolá fsync." +#~ msgid "Key slot %d is not used." +#~ msgstr "Pozice klíče %d není použita." -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Po každém bloku se aktualizuje soubor s protokolem." +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Ke smazání vybrán klíč na pozici %d." -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "Použije se pouze tato pozice (ostatní budou zakázány)." +#~ msgid "open device as mapping " +#~ msgstr "otevře zařízení jako mapování " -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "Zmenší velikost datového zařízení (posune začátek dat). NEBEZPEČNÉ!" +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "zavře zařízení (deaktivuje a odstraní mapování)" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Použije zadanou velikost zařízení (ignoruje zbytek zařízení). NEBEZPEČNÉ!" +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Nastavení parametrů PBKDF selhalo." -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Vytvoří novou hlavičku na nešifrovaném zařízení." +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Nelze se přesunout na požadované místo v zařízení.\n" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." -msgstr "Natrvalo dešifruje zařízení (odstraní šifrování)." +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "Zařízení %s je příliš malé. (LUKS2 vyžaduje alespoň % bajtů.)" -#: src/cryptsetup_reencrypt.c:1298 -msgid "[OPTION...] " -msgstr "[PŘEPÍNAČ…] " +#~ msgid "Replaced with key slot %d." +#~ msgstr "Nahrazeno pozicí klíče %d." -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "POZOR: toto je pokusný kód, může zničit vaše data.\n" +#~ msgid "Missing LUKS target type, option --type is required." +#~ msgstr "Chybí druh cíle LUKS, je potřeba přepínač --type." -#: src/cryptsetup_reencrypt.c:1313 -#, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "Přešifrování změní: klíč svazku%s%s%s%s.\n" +#~ msgid "Missing --token option specifying token for removal." +#~ msgstr "Chybí přepínač --token určující token, který se má odebrat." -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr ", nastaví haš na " +#~ msgid "Add or remove keyring token" +#~ msgstr "Přidá nebo odebere token klíčenky" -#: src/cryptsetup_reencrypt.c:1315 -msgid ", set cipher to " -msgstr ", nastaví šifru na " +#~ msgid "Activated keyslot %i." +#~ msgstr "Pozice klíče %i aktivována." -#: src/cryptsetup_reencrypt.c:1320 -msgid "Argument required." -msgstr "Vyžadován argument." +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "chyba alokace paměti v action_luksFormat" -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Velikost bloku při přešifrování může nabývat hodnot pouze mezi 1 a 64 MiB." +#~ msgid "Key slot is invalid.\n" +#~ msgstr "Pozice klíče není platná.\n" -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Zadána neplatná velikost zařízení." +#~ msgid "Using default pbkdf parameters for new LUKS2 header.\n" +#~ msgstr "Pro novou hlavičku LUKS2 se použije výchozí parametry PBKDF.\n" -#: src/cryptsetup_reencrypt.c:1363 -msgid "Maximum device reduce size is 64 MiB." -msgstr "Maximální velikost zmenšení zařízení je 64 MiB." +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Příliš mnoho úrovní stromu ve svazku VERITY.\n" -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Velikost zmenšení musí být násobkem 512bajtových sektorů." +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Klíč %d není aktivní. Nelze jej odstranit.\n" -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "Přepínač --new musí být použit spolu s --reduce-device-size." +#~ msgid " " +#~ msgstr " " -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" -"Přepínač --keep-key lze použít jen s přepínači --hash nebo --iter-time." +#~ msgid "create active device" +#~ msgstr "vytvoří aktivní zařízení" -#: src/cryptsetup_reencrypt.c:1378 -msgid "Option --new cannot be used together with --decrypt." -msgstr "Přepínač --new nelze být použit spolu s --decrypt." +#~ msgid "remove (deactivate) device" +#~ msgstr "odstraní (deaktivuje) zařízení" -#: src/cryptsetup_reencrypt.c:1382 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "Přepínač --decrypt se neslučuje se zadanými parametry." +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Průběh: %5.1f %%, ETA %02llu:%02llu, zapsáno %'4llu MiB, rychlost %'5.1f MiB/s%s" -#: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Chyba při čtení odpovědi z terminálu.\n" +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Nelze najít volné zařízení zpětné smyčky.\n" -#: src/utils_tools.c:173 -msgid "Command successful.\n" -msgstr "Příkaz úspěšně vykonán.\n" +#~ msgid "Cannot open device %s\n" +#~ msgstr "Zařízení %s nelze otevřít\n" -#: src/utils_tools.c:191 -#, c-format -msgid "Command failed with code %i" -msgstr "Příkaz selhal s kódem %i" +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Dokud probíhá dešifrování, předaný UUID nelze použít.\n" -#: src/utils_password.c:42 -#, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Odolnost hesla nelze prověřit: %s\n" +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "LUKS zařízení %s se označuje za použitelné.\n" -#: src/utils_password.c:50 -#, c-format -msgid "" -"Password quality check failed:\n" -" %s\n" -msgstr "" -"Kontrola odolnosti hesla selhala:\n" -" %s\n" +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "POZOR: toto je pokusný kód, může zničit vaše data.\n" #~ msgid "FIPS checksum verification failed.\n" #~ msgstr "Ověření kontrolního součtu FIPS selhalo.\n" -#~ msgid "" -#~ "WARNING: device %s is a partition, for TCRYPT system encryption you " -#~ "usually need to use whole block device path.\n" -#~ msgstr "" -#~ "POZOR: zařízení %s je oddíl. U systémového šifrování TCRYPT je obvykle " -#~ "třeba použít cestu k celému blokovému zařízení.\n" +#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n" +#~ msgstr "POZOR: zařízení %s je oddíl. U systémového šifrování TCRYPT je obvykle třeba použít cestu k celému blokovému zařízení.\n" #~ msgid "Kernel doesn't support plain64 IV.\n" #~ msgstr "Jádro nepodporuje inicializační vektor plain64.\n" @@ -1887,18 +4122,9 @@ msgstr "" #~ msgid "Enter any LUKS passphrase: " #~ msgstr "Zadejte jakékoliv heslo LUKS: " -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "Adresář device-mapperu se nepodařilo získat." - #~ msgid "Backup file %s doesn't exist.\n" #~ msgstr "Záložní soubor %s neexistuje.\n" -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Soubor %s nelze otevřít.\n" - -#~ msgid " " -#~ msgstr " " - #~ msgid "create device" #~ msgstr "vytvoří zařízení" @@ -1914,13 +4140,6 @@ msgstr "" #~ msgid "remove loop-AES mapping" #~ msgstr "odstraní mapování loop-AES" -#~ msgid "" -#~ "Option --allow-discards is allowed only for luksOpen, loopaesOpen and " -#~ "create operation.\n" -#~ msgstr "" -#~ "Přepínač --allow-discards je dovolen jen při úkonech luksOpen, " -#~ "loopaesOpen a create.\n" - #~ msgid "Cannot open device %s for %s%s access.\n" #~ msgstr "Zařízení %s nelze otevřít pro %s%s přístup.\n" @@ -1939,25 +4158,12 @@ msgstr "" #~ msgid "Unable to obtain sector size for %s" #~ msgstr "Není možné zjistit velikost sektoru u %s" -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Zápis do úložiště klíče selhal.\n" - -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "Čtení z úložiště klíče selhalo.\n" - -#~ msgid "" -#~ "Cannot use device %s (crypt segments overlaps or in use by another " -#~ "device).\n" -#~ msgstr "" -#~ "Zařízení %s nelze použít (šifrované segmenty se překrývají nebo jsou " -#~ "používány jiným zařízením).\n" +#~ msgid "Cannot use device %s (crypt segments overlaps or in use by another device).\n" +#~ msgstr "Zařízení %s nelze použít (šifrované segmenty se překrývají nebo jsou používány jiným zařízením).\n" #~ msgid "Key slot %d verified.\n" #~ msgstr "Pozice klíče %d ověřena.\n" -#~ msgid "Invalid key size %d.\n" -#~ msgstr "%d není platná velikost klíče.\n" - #~ msgid "Block mode XTS is available since kernel 2.6.24.\n" #~ msgstr "Blokový režim XTS je dostupný až od jádra 2.6.24.\n" @@ -1970,9 +4176,5 @@ msgstr "" #~ msgid "Negative keyfile size not permitted.\n" #~ msgstr "Záporná velikost souboru s klíčen není dovolena.\n" -#~ msgid "" -#~ "Warning: exhausting read requested, but key file is not a regular file, " -#~ "function might never return.\n" -#~ msgstr "" -#~ "Pozor: požadováno úplné čtení, avšak soubor s klíčem není běžný soubor. " -#~ "Funkce se možná nikdy nevrátí.\n" +#~ msgid "Warning: exhausting read requested, but key file is not a regular file, function might never return.\n" +#~ msgstr "Pozor: požadováno úplné čtení, avšak soubor s klíčem není běžný soubor. Funkce se možná nikdy nevrátí.\n" diff --git a/po/da.gmo b/po/da.gmo new file mode 100644 index 0000000000000000000000000000000000000000..61f31c2f6593d9494607d9f828dc84458012fdc1 GIT binary patch literal 95415 zcmb@v2Vi7X`TjpE2y6tEDxFISB(Re$^kvyzSlDHkEeImQB$;G~Br`FS>=Fb-1q=4x zKoJqJ(nJ9j)U{v%v7-1@5wU;;3pOnLKhOJ~bMKwWWLbXx19zW$&OP-#?|ILA-c#nM zyKMXRDTP9zZJR=226)Myg+g)LLg79fcoi;PP$=vHUI9MNqrcxRDHKiye-G{s9=Ehm z_!M|5cqjPGWrac&{1SKzc;rci0-p-M1}_7? z!3E$P@MiFp;A5b|ZCpWE@HOCRdJR1BjxG#9rszTwp;A!Aoup2xW`~bKQ_+{`g@aJF`ICXWQumgA;sB$d;4+PhP zqR%F9FYxu?PT+N*>TzrEzZ={R_e0?E;3J^QbMR?}!YuI2fUg6mF3;MBEF-($gDaIXQWLZJ*E2i^+K1pfdY0VeAT1z4f50uKT78ka1r=5P~mnuqfnRzP6t)a7lQi!I`B;JzTiF_ z2dq@6g7d*Uz{TLdKvFhH-h^9Y48~EA7BSK{VXrv8KCNU5vX=}FDN=~2Iqs1 zf+Sfu;)R96;oxPU=x`$_`rZfb3H}>Yyxq?(6rKmp0TXZ?xGy*cwu5g0RnObN+28}< zd~o*{d3&4=9)x=cRJb>RqT|iM|NekafD7^8?;Lm)JQq~@SA%%fSS^3RHW20X!D`6Sx5E z>~^{jfQolDsPw-9s+@lY6L4yem-BG&VB8A>_JQL2%fWrX+d#F`_rO`;zrnfS^j@!5 z6%;?d89W61D!3c?J8&;>3c{ol+y_)TOThiWAy9OBEvR@O1P=u71`h%s1=Y?w^*P-R z1&_nM0u&!#2C9Ddf=j@^gUaW`e($IKpvrjxh^Q>w9&pqf|A2O0uKgvsCxgJ1}fh(z+J&jU=e&RD1NvdRKNZ{I1Svf=5pY8Q2p*= zP~qMS9sqtCRJi*=@yWKsUar~T5x57zF7RE!{Z;UM+B`-egC=TAVDbLuNxE*=UdxQ_;R z1y2VL1kVFSuh)T!cQ^P6@NsY_@Pn6neQpAk-#NP; zUjeFoZvxd1t_IZ}-v{S{yT9K1!8%a+z8q9}KMpGYpM&aed%VH*izVQ5aK8#X6?`Yy z4*m)(f;+y^-Lt_2_qpJ7@MYk!;7y?Ne*}CU*!d>cHy41r;l3>3dqB0v4Z;0oQ0?~s zsP=grJQUpP&CVC|L8Z3=>;NwTmCuJkrTa+m|1YTie%M>QzKcMmR|VBBZw+`0cr@n*p1;zIRpxW;`a1HnkQ0=n++dTghz!kWA!PCH-z$3tI-tOg`4yqq51Jw^I z;0*9}pvv<(P;`9=6o2gS4xd{d2I~6}pz>c0D%@!J{vNOs_xnK6=WehBJ_f2CPJ5^G z(aS)6e>*7u&w{hS-+?OU0q=5pp8|?5Wv~mp3_K3}B)A{=``~`oyZ!rOP<&Je)n4xd zXM(qZs^_Di(%I=fuIJAIRgQOnYPZjUqVKOjmFuAQBFn)wpxWUIa2oh^Q0e>~+!Z|Z z3ZI|M21WN*g2#a01y2CmuJrVmg7b0Lz%#%bLD6^W`&^Id0Aa1d5O@^$Ur_lU`F`hz zi$JA&3pg8mG`QQZa=N?_RJ^x?{ovQZ`QWS%IG@(RIk?{oDxDvKYWL?{?d>=pR6F#6 z3&3}S&jWu9s-AxVMbGU&=yW?C+zt1+pwb%y_X0l#9t3^`RCB{5!Zic-)7aPfrCC+{2*Ke>1oU{3xjQdkj?j?QyN=I}a2eb%WxEH-LMB zw}Xd)-vL$cCqTtJ;yU+V2Ofv}LQwH<1y!$~gR1wQ*L%56236j3!2`kffuhsr!Gpmc zf}-=kLB%`%!`^=fK+)s<;5_g&d^fZ~Ju!R^7{gWH0C1y%khz-NJn+*By61!sVVgO`H)gExT6|6Wk({T)0OJp5*- zXE&&FYy|fJuLi}pw}aEc{{z*&JKo~{UEtBUPXkq-SAmy`!_=t3jpn3Q+uW zEjSna3D^$qd#it62rAz)sPbM29tyq}RJbn&_isS8>vKNk{eC^T68D?HqrjhnM}xb5 z+WX0Ja3=2az**oGU=jQl*a!XxRQ%rCy#6@)6vHQ0swr=ZHY(`UUM=Y#8T zzYRPId<0awvp(l^S`I!3_Xbeya6YJVUKQN8fujF|py;^Got|$eD1KN9ir%$=ZvYR# z{c$h>?+N~Y0L33W-R1Q>9u)tc4ek%V929?i02DuN2E~8B2NiD5&%0bd5tRGo;2iKe za54BWxHs7O1(yelL6z@Pa2oh=a3T0WaPRj;mt!Y`2jbro@G?+zybhcJ{s7z++(n3fS&^Q1-}D|UXOtbz}>&(<$OLkANLiY{C@(T1|INbPyfZB z`04%Ndhqw)0J!KY%%Q;>z_)?>e%1522~2R`3#y+z2C6*|xZBG;9aKM91nvf&2de#F z3Z4qS16&3E5){84{WZ78E(M>7dnKrJ*Mj?juK-1_4}eN{Gk6&ID5!LH`MTR>xm+z$7ZpyFKv?gZWe zZVTQGZV%oA?gf4yRDB-<)sMIPrqkg#P~lgCJA!LK_3Lv$#d|%t3wRx<_PqmCzTX8q zzz0C(v&}tTuV;ZO$Ke5w167};pz=KpRQ+E8ichWvUp5810(dU&`QP$#egOO=?%O~< z6^8EfdFTn>MmNQMGq@bQ_&c;AcsF74XkA7_TX=jFZ?RK4#8F9m-Fo&@%OpD`c& zIH-Eg`+@VxnIKgv41o*4+4sAAybzp^`_o_*{0F!L*#AS9JHw#b^J4+;2am@6j30UX z9|x-4P6tm0H-ZO&UjWr#9|qgOC&6i8`vXqbHK5w}1z-XW2lt!7J#k+L?g)M!R6E@R z?gc&ws-2zy=Ymsy?BmpYQ1aq@a6Wh|I1l_AxEMU<|D4ZX0xrb;QSf;151`tu<0t-o z87Tiv;J)BZ;LhN^;2Ge9py+q}PhAeb1Uw4&C%|pMUx0JKUxRbOLw@G%)B|3C`vP!3 z@UNic&#n)8{)+?lfQR7!a&SF(UBLf~x%cCDf^uIEs-ON2JQ&>dA*c7T;Mus( z1|pX; zN5LZaR`6i(3!wPwm*7F*E|0prIvUjXv%w|c%fRK}SHZo(oqy|mGYvc(cQ2@X-v}z- z&x418zXDGIclw?4&6%LWUjZteuY$*d4}mJ*-oJPH9uF#=GS~sW7EHiTf{Oora5`A{ zgVSLKI1}d!K*f6uuB0vG(z(;o&^&Z|Jh z{|u;p^h;2D{v@b+9{(pF_s#`Hx3_@`e;c?0d2oF{pa}Gx#6yxPM;;s{hwO@yn~h)4`8}F9NsytG81RSjGJ| zQ03g_Z(gq=C^{?yMVHG#mH!8z`tQMi_i|qdJ_q+5;I81;!F|A=g44h!K+*lMe>k0& zf(PQh3{-yCfoj)pgKEzwK+(1RpB`@>sP=ggC^>Q^xF>iAcqI5;@TK7PPk4T>0u}C) zpy>Z?P~rXxsy#dZ<#P56@Ce-JgR18>;4<*n;1Y29zr9_@z*V?!09BtSLABGg|9H99 zf^xqFoCDq-+{J#h)|G$Lq$2{r$eOkZ~Q0@0ta5i`w zsB-=VRC!J)OtJcH0FT0b1$Z&|ZSXj7^^_@Aj@N+Gaen}urSG8VzwI-o7`?l|{cxWI z%D*q*o4{jn-vNq_e+I>Whi>C|D!2#kjiBi8dQj#4B&hs<1ghM-pp2gkt_0Q2?*bKm zGpKfW6jZtPc&4Yj9Mtz0gW|7ufhzy?pxWn$p!&uB+j+PZpxU<%%KvI`0eD|<@3Q?A zlNa`F9ntVwV=xR15o9gI@Rkl15|sQ1zLXt zkHP(Ma6b4jcr@7F=Kg1aqRU%A<$Dh}1ANA_Je?y!`JW4lZf^$_|3OgU_Sn(GEdy1b zQBd`N6F3vR3zS^=6DayVZzpfpMWE<21gah13yLo{gZqL%1?PhQ0#*Lm&-V6zF(`U{ z7(4*{2`GB}2RsNYK4*%_!PQ`b`*KkJ9|gtV_kt?V&d+ta9Sh3+B2aX=6jb=Tz>k3s zh3{|N+39&JD0)8tsy(Lc;&eY46yKf-o(2vE|2sjo(<5L4?z^kg=|oWR&jdx!mw@8$ zn?SYOBj6hF*}HkUN}$4B5!~Mam*d`Pcc=IBL6!fN!Tkj=!Tm>YCvfLIrkH#?0Nf4t zNucO{HYhq@28ym<0&f8S0X_%3{&`buoVX1X{ig2e?YaU~dtVHyAH4^Z{QNSgcKHLS z_Ix&*XT(39pu)WfRC~P!6#v`~s$P$R;+te|cdr7)Z&S+(!rZ<>2YK zuLaeA{sXGK(-X%9pz666TmrrxJQ4gZC_3+apvPMZif-qFCx9OVMepB$YRA0}^7LK^ zuEJdfMUOi{@x!B__^|U}Pw!Mv^|=I8dbfb0`(vQ$J?)Swg%^O!LACoepy+THsB!ZC z;Qk{h{@9`2`&kDlIe!YM`i_B0?>bQVd4{N~Fa9;sRZv6pN zz4kra`_a*${Lco(H?IXnulqoyv&|76?pSae+~+xD}iNJ`Acoeg&$& zyG)x>*Z|H0#ZT9R;@4k*s@H!&jmOiAj+;RBkGnw8>F=QW`}4Y{m>x9`RDE6x>ibVX zwflcS@zb2?-cK(8#kU^;MYpejO6SSoK5WJmvvZsas+{+Ls?QUk_@jNM^IbQ%68Bp{ z(dFl$zV9~6-KT---}Ooqwd$bsSXscY=$+N5Hed;!#sf-n|A~iu)tr zN5MaVk}p>t?e+dHsPqmv#_;~}8ZSqv@!tDxl9jiAPlpMz?zofo(~TLy|RF9+4HZU#kNayL=N=xwc>I{c$F!dcOx0-+U7k z{dZX6^*#xde1AEp{(L_uKH6rf^UX3)-!BFwH@+ME_gv=rtpYE?|8h|BWrvfzp2vWa z7cUC<`hcGW)t`S0iZ7nEJdD4f+U-T)4&X*`Tkxfz>T@ahT<{a%x!_%(+BZ4b+vyZg z^xXieJ>CS0Zr=gL&)c8kbT|;y_`4QVKR6E*-QEz~UkmtqQ1se)g}1{>@Z-2I23789 zE4}}n42o_q2SuMxfb+q>fEs^~I@Q~IEvS4i0OkK?Q1!Yo-~*uee%ndlXcAC#OxZeZOl!@yTXT{IvTTPiHBp@>~Ln-`)wT zKi>#S&V3V9e}52Eeg6U;0`9!l`{Oa7!oLg@zh4Qe{`Y`;Okq4&=k)Dd@AX*;N-n({ zl)ShHRJ{tPd-+}jitla&cLyH_)t+t7_jaEJik}vND&GjG`n(bp-98P9AASUiF58~r zd~gIPz8nJ8-`*SCcY_N5H&Alwz%v8CgQD}rpyJ&ID&Jp$YPa2A;Pp5P6x}y~qW6{H zTJT$-`0C)ZoF2=-6}Vpq?hXD3Tnau8syrvWFr)*Xg8NEP^mznKzL^R(eX_1+2CtI(f2)I8+Z#S`E)1v4DhP~zYdC? z_ki1h{{Y3uPlDpt-8Z;i)d_Boy9i3&9SthnN>KIa0Tb}u;5OhLpvrM4sCwK3s^9(> zd@i_q#nU+yRK9aT@zs*x9szA!1)qig72tEg>p{i84OG5g14V}?LG`Bt&T~DF*TT=J z=topp{{G3ce2TrM|2)LEUBdU@Vs_@0Tl0Jk|EMhVTmWpOD7yz?b0vAbx+<2mXG}b1{DZ1+SJz_(UI4xs zyeEXaKA_mb75bF;W>#%f7gNI;C!CXlE#y`SMsj@_#qzsNk$&SH`MULM|lq6xed2u6hoPf z`F{k}x4sR2ohSbNiuXHt7U3~KocQ;(@Gg0$zcoC&5$>D#zk>(WBK`XdZ{G^;p9OqR z`qkHd?hfho=lu2hT>M`a;_Sxz|M66DKL-9I7xtgH*YI4!b2X3tE(5;`N_NM;_YwCa zIR4GI+dz#IgZLdB;-G>QI(Z)fui%M)lHc#c{|mw6&3qfj%}`vJ5B?5=KU2s-^2YVSm9xaHC_HSeAnM!aO;nuu<&8Rz22RL$G|^@ zZw#x2>-e?=d={uNaChGOLfAX-`@G(v#ou`E;rS>|)Yifs;JbJ}iC_Ht0sfEk9Ll4= ze+8UH7>x`21ou+j&%p0%3dG+74u$vd{ntES=Gm4!e;(5QW%%BUdpYl8eE&A@zvBHe z-k%e~{et%=@cVWMFZdjOZ{^Y7k9Z#8{W!ue3~}WD7M}O>>=nYjg7=^CJV=hcu9QOfy z|3e6WA@1MvzMSVLJa6M0!*pRVh-;V@u<(Vsw@V5hD+d~-X zQu_M}VdwHp=PB`R0nht+KE<~I3*q|&KF9ki{IBPEghzjO5NA_({|E2q@jey*OL=~* z0Q~*Yq3{{LOP|r-n|OXm*u^|o$%DVDLtzKPeIEa_z!^M0#D5U?GbsCUxL?e(5x4%{ z$g>;IkMYyriQv^d>v?{G`+4Bag#Dd;^?xqK??U|k!gD)b*YeEAZz+%d-pX?u@8^I^ z2=i{HeW3+a@=!}z8@rXGdaykEro#o$|bUKqZ; z7Qdf{IOheN7QQ_%U=sZIR$}}e9{l&^{cPS(=KG()?Z8DL?Aj2 zQAT+=mgmao5fb_|_+P^A#50@so4}9p)Ct!I>hHh2e=ocj-OK)cQAq24TvNmMoA5gi z_iWtThwpFWeLLPS4spA{-|&1D|6lUFj;D_MNKk+Cz=ZHW2=R{qpTRQ}+zRt8-v7n( z?%=mV@pz6U?wf+&$>5Gk3;&&h--+N3JO|-l1i#F)H}4+;_1DI`{+S{?>67;pYpX?gRD0-y3+p1^fihLxg>m zJo&>kQ+OfIMt2rQdDq_*@J-?UWZcK|Y(pB`@@(dP8Mq9*nJ4~z1HVrO$AP@-?~7oW z=T)S&BY1X5^IYEV;r-#@R@is({%M}wdH*^1Bf_la(cfFaF8n^l^H-j>;D0*!4cyP< zS;w=`gWJD1@@+$9*v2$H4dI z1BUm#L--dF<`X1{g6Do7{e2#M5qM9CBfsz9_lNNP5d8PgefuE(N8hDyZ_u{^vXWtO6 z1N=4q-{QHCI2VAMz%TLW?`r{X1Yb?qQ}DY1EZbNAXM4)>68yFSUqHC4c)x`w{@us> znvl*-c%H#?I?o62`xxJ5@*Ebv$2dR6@8$SihsR#LZ_E38z(3$Vo9A)fF9Sc0|Lb@k z0{?{jH{kg^zvcZ#p6w{pS>P(3R}ikww-@vNRo?Fg9|raJ0iNx77BDaiPYSpST(J-u z@{IDln&%3h8+pFO^FyBB@n|Bq8&3z%9G=xYgFKh;yp88Zo-gq{$n!YQ4vT36o*6ug zdCuS&^qS#J zUcs*|r1weu4rvPa0DcEI`8|nWdz0UxgIRjZLVB;nFV;7f6@rGF~iS@@~E`ip+o;1}s29#**T;ivTU7wf;x@Wk{^ zz;CVxOT)bczsMgk?lt&D-88o6-S{>0!XI1s?fK#?J<&(yTZo_LLHb+6Bfneli}j89 z{t`dwRQeMS>Mwpfe8ksZ)t-?SFU4;;?!4c9`0c2O{2lFJZsoZjf}uIjRrsA0!o~L7 z8MnfJly3{ew`T{xf8nQeRW7xI!kx*0-|SbIx?=q)YiB2m%YCJ>!O>)(JYKI{P);^g zMmHp9tXrE5)q2ZG$LOY7QmKxXN2;Yk3)4x6!NH`vob=Ylx(Ca>U2TQ7Ii;S_O07CK zsnnBNwVc%YX3Mu)8Y-LL=mvt9H&%Me$!IO<87Y@W%gI=^w>*-x*W2dwmPSkG`1dS0 zej!fVoDHS=h6w>Yy`EZiv{b29s{P5v@<^qx(o<4V5~bNTXQWmeJx8(UCi<6xB`S-& zld396$cEIPR@CNEPTpEE7V4?c#wyA@)+Hi5f5*V+&J}ptf z+k2Dl%4of9>hK`#nELbLAEqU%OZEDu+DNZ8Aq}lCZGnA5D!I@`;|=AKm`iOQB1}ux zoVv_nPEzI}N*)N(SmZ?;$~^=1v7w|i*k6NQ8-})=jM#8=yfKZFD2QTBOBRci-GjBB zfuy5*e6(Ee#D8pBq7be8*Ous<>Y2G*wxjLGxU%z}YS(U1Zr*>d2@>q4CTH91j z)Mm3Hd54HqC&^Gy`t`&-o<@Of3=s2MjZ4(Pq=br587?=|kuKEicV=xY>7n?g!Fnwj zgQaVOy-7Oq)W;bI&gWwVZkME~4VRH7VXWye;j#*^&S@q!^~xL4s8p`IW7NdAzaxVL~B2KEac1k%rTQR`QDgxELy$3-f2Ri{erO~;2HQ9cdHfk%^L$nx=ou zI!|F*LRLwSkAsZ!g<=trTkI{@dqyfY!e??>IS-Lvi86b3qqTuD?B3fO z!{r{Sj_6{LyenCcbfL6z6e}7=g9g)8P|S^tW%RXmi`JaEdR`N~dX8I!*vsJCEYLFn(9%-dE`be%t0(vnQdPgoD^4K`jg|;z=Pc8Rq=keMsVF|YOoOgAWTc$CurfMSLh;g6 zv2Sn;6F4I)UXVnSPolWgckS7MZlF(HQO`<6ZVrkYUTpNU^3;6m|oaTy=R z>Y-CulP+Ddh_q{{M;}S(WPW*eEjA&|QyMjRS@Mrf&NkZPpLETng+Xadwmbe9CNXIQg&H(D}S z9!49dY%nCOGh(It-_u=wdX^BXgBn7;Y#Op|Fi1iKTS=xHV-2*#jkQ4(77L0(xv|nK zc7UGN4K@3DeGs)kkGmqU%76Ec;s3!lOJ%ip&%N)xgCtR|%axSb@;M#(WI#s3RI<6(&uiHyFR_ z<$ft_`9VB4QmSw&`_VIJB{pT>s+7&zMOCQb2#Pw?R#OCBumwdX)-X059MW%Nj&yz% z#3><*3j-MqxfSIhEpdV9Lv0{(rRsuJ?e_E&_775_htFd|n zIaV7=>axZ}Euk@AOKxil7+5yUXl&5Svx65R1e)Y)rfN+RuD6^Drz~tX_{W|hwP9pP zbDHo?3P4w~yqfV=lyVyJ)6P9_VgflCV&j}z$eJPw*ua5I7>7}1P_XG6DA{-yePFct zP}=I{^LrR?F+QPM)R>6V>eFH=n`A@~32F73Wk~aPN}yV!qL~snaAbJ(;z;X^hq z;t|V}YrcNwd!ZnzRT^FXm1yYyGCAG!`c7 zFvh=L!2kEpkKYC(tTSY3p;`On1C?^rNxV1GXq$pX;Z+ls!bexcA7?);G|}B zReCDA+(4*gQ-C62g1Vt{l7)4Tj6WN~mzt-eTOkuvkd(hNMb5=Dv*tmy^El(YsXvs# z+PU1Dsb&o+OiN^Fa{a`W6QZ=#3Y(%$F3uIuY3dy|GApu}Swl*IO|n3zHEHzT5(7yE zX&KS{x7^1(?w0$BhspRzW8mbKO+!a+GFE4fAuH!__du^1dBR$p2Fb`0?G>u*M#}cO z*rtOoK3{CVz*pf+J(Jc~+K5p{vxhWFG@iLprOs>$!xU3XGC0fm@9g4Pnn44Vjb{f9 zp6In9**l|FW&*WG6Ycg&(jmR9Ee(UnY__8OL#)8%ru(?s*m+(%*8mQ z{9srbw1gNhVSz&RP%h|y@r%rK8AFI3p*ulgFPn!9+L8?*LDBPQnNiI03gJxj$VQRr zmRd>$tDOe$`FoWOS+7$FLfv z&dS*)nHrEJp(LW0PbAa2^|SmwFH5R4Dn*Fd4kTfE9SnV;dTBAohI=)COcr!wXVyds zEz8$>RnJhWP?vNlXL24(w^}N1*``>1VDuuXeNZo{Uu$JacyZMTw3Hk7v z6k3fqAvPopqM<3IDnr}9!x_F;CgRfIyl__IY*2){52hFmnrj05= z0})1RP<{wYSDIs-2h(wxclEeYYp66JdoDXzG@RC9GORyol+>718tSg}kJT`1rL4;U z9MX_cz8Exo?-gBbt9@pRBu);p{^=`?Bjw>zW#l01N^wq*<`##O21zY`kD}UHn5K&i z$^ad^y>UorRoE-9O{5v{Ijm8I6|3G6?dj;SA)%X{P&QE;L1cSQVk8;YLuHu{0MddxJ!mvW zG}S*;JTBs7dJ+>3_JOfWEw#I+Wt${ori$kbe~ppi;FBLjQj=gWTDSnh7-E7_BK`ekjG|ahOvAhZMv4w z)YRgzRCHSvm_&^y-Au;%Xm4zM1x76sXujMUb?j-$d0GMSEV8wMG&ED8FkCU?Mx3Hv zHGj)uB@{782dQD*<8C>&F`1#l3&0*H)MpJS%ublk#eUh))nZ^~q_U&i`i}P{CU7$7 zAOP6aLl>|ffpDXdM%gC75QYkjNqrDoPsmYImM{Z_M&%LX;rLM>`o?X9AvODy7BxSK zDfKba5iKBs;z|QR@zd&VR0KlJOq6(Y8ivjg!m5?vo|JQ7O6sEqcNyi? zZ3v$0%t=SE_Rr1?`JMTs)i!RM3%Xd4%pJv|zom1a;TpC>ra;!57Da3k2x0<;(QC~2 z7!cbWW!7lbrOnuBb*js#p@!K|(oU1X{z~6D^?@*B4?VKMl%|@gSx-m9T4eKs)yr4T zPJ(Z#I-aEZQpV*C-x0TAuWX9|n%iXFMpv55mWdCWgzgGXEI#VEf`=X3!Wdl=ml<*YZW-8=QHNX1N4>$QAAs1r#RNRd&eY5$qa#@ zm%tmEkT(RVk1>0$noOQ7h-=vDK)LZ#>hn`a2x25^7%ifVl;KVv6Y{CM_=q{TjOUTe z28b;>Rx2h(JE!J4uW@y><#Fn;^Ws!4XZ69jVKUnKV+i){okzKLcv1OKg zbQiPRyKO|{DVa}*FWO*!W7uqL)>a|2nWV*Nm7Lpwo+3Tl##Bx=)J9DW$uUzt*AU9h z2+<@e-3W z`Do%TK6l#&frd{=VfF>7foy5B*DS8KR=TBNW3rrTjFvFVG@%wzVsVvjmPyU*$CSvA5w)b6ng76@o%Tl*vqvLIpGRovKwHrV*pIo&sFn{;m3X4r$(4lsX? zQ-UST)J#o#@(D``X$aiRr4s^#CF88*3X#%E(6(w_10(p`>ZI#eB{)lV? z8N~0U%s`MY6YE>r=Q$*kdf~s!px9T?qqW3E zDK*wk8a(6v$-(-|j`%p>JKRFVyiLe%>$&EDK`N6OaI zTFUM)O=N~+S|OTC8q5b=Sjj8olgGw7+1xXYkpHGl=r(h8gUy6bK35GK>I7#Ux@lNw zL3&F!Zgy+I;NiPA&9irPk^m{Iy2UhWCB>FN3Zh(#H!P5}3e~)})l@ef7C2%;k@A*|R5a!Da^c=mCiy29O0iB8qfU@WP)yWy;W{yVL#^oT zmB9+?RXLT}iZO~R?7cJ0{wo@4rK{jQh21ij%E>N0jP#kSfCucJ&D79-N4hIFa>gUr! zQIZg z`n6i2Jqe`p%B4h4sF(UUf+_>5sx~O|q>`@BE}Rr*uV!;=WuM@qa73@JR(dqpS>V@g)1rtrd+!Z^q67~o=mTrszQ&E>JLb}T`Dz&*v z5-^S@Mm&{>Jw(%CZXh(JHA1`~e67m4C&o~$f5Gi{aDY&p`xG84S= z$P%0td6Ryut$Bgie%z`#XiCg21;xOvCG9Z|;LgYr$oWG3I_DMC+t{MrkA#Q?$_0Wy zF&CP!&%Rra-csJF#LUGBn(`JZ7f<4BDP=XRzGn%GwB8PO_R#Opko?fmO{8z&%9SKCrK!UYu24hp5l&@53hijqO=#FRPRi^-?PO$L$dxj0)B z+OyT}E14U`GEu0!PYy@57`%s&!*-r5`sKt;Dkahgtv?uZMY}nV2Tak_lE;<-W@Kh~ZSErHlHL zXWtP0DGN*JFuFaBpjrQO;!j?fblBYj0cln1fQ(2D3a%}jqv-gYIn5&m4@Y6sL-M}G zM_Q5f=Cp63TV*L|r6D~cPYZ^#gz%2mb+RGPREuziL`wj)qj{Cjr*&BymK+r~+WLSs zI5Jnsp?+w6Mn&)`+k`^{3T3hr4o$B^iYn%;qmNNuw)=y-YdlR09Yd7pEZJVeaq2VMC?P=4Tl}(<$Q@+6$0)~oN!6M-U|K_+M_r-}!S4M?`2QhL` zrd;&O?4-Na&xSCBe>mTt_OixcVQ*Br2HC;PvpCo1%aGsmBsm+rWbp6`W&Td2Fk7WW ztrExy_}nNKx{2&(O*3^vTw7XoQ>$vj`Evfm?@RtcM&&JWI?yMhs_n*4L%tTdFCvEA;0iFlfThY7`}&y zvy*iQs$j`8DWYbMHOYwCDwg%`FsI8xDsl+jFvE!pA<_JE0S%a&K*Y*FRh-uQYFkWB z;;x2tL-7h9!r;P*cMoNS%cfzbc4k`^*%c5fnT)X;&(5N)sGzU-$|>Zfi{y?S6Flw0M*o5a+;I{qV8 z8+pzQvrDBH>(fOD-P$uaxyBxXa79;8Npfa{a08dN3wCM+j_uPD9`W9;Fm3ToM_~x7 zb6LZ(%EG4#bj(r7%6zEMW}Zkcr^>>@%5WmVTP?1!B5$(#l3O_ZPC717o7M`DhG`gD zAxP_tD%pMjZUZWu3QLFHhAf-b+C<%xY}@QRc{DxEgwGkB3y&KQOb60j4_|KRO%4FonkxHFOp<*LL)88svhk< z>J`#Gxoa@Hk3^+RW0(ydhI7j%oq!UUpx#1|R&srn_F}piq`S$SPqSvX!=#%wyOOX; zp7Gbuu%M@m4d(_NRvQLWhML(`u#~NNW|>7gz0-)oE?vIbZz>JJr11NEz^sSyCN9M@ zYqbQWrKf;FQl^0B+zk+!V?thLz^XHIaW#CV zgsiFJE^lMWtj_r+Z`i)RDz&GEkuyCFuft!bu39Hy>H8oVnp%WTIcpR50a^stI$H*o zn;2PO&%Yc5u!EZS=R)&)H|>DY?!sqJ4! z1@bwzirQT3CPHyZTT@SzNupQ`v*nEH2$62KjYwRFF}IlCKyPI#`o$qzj-*~as~Bg7 z9wX#AJX-XxLDJR3SHxo&ELxJoSinZQeBoL&uVXATCfg>ht$zdkgmSd+eEDN37dvA)O=R4y?A`xu6?yTPF=Hc&-P>USF4)x z#=>2VE~2z@m#4NBR;M?kp@#ceC6q4RmZ&c+PGt3&nP+wzYU)!2NfshDGv>3y_(Wl9 z4r|%6SztmP@=A~Q(MmChuaX)4-MShUV#TV8pN7n>?xcobN#??8+54;L?FJr7oO8ZL|2wz{~W-vn84BMl`3f`pZ2|mlr zU2!-oO#QUAi7WI&fL@=5nhp}|Y^T}Q(*LdAYcxD+unX(s4F|W(x?^o&!62dUtdeGU z9>jL@58m(u*A}SJETF!p`izhJvJ*82nPiE|a-A&fRwPTqc)^;}*kTpCRCJwvSXaPIqYKtRyE;G7`C)pj&Z+A3AK|1k z`MvGA$yz$+EHNw%jp@Jz1x+_z=OSvk$}W8lw6z0^+8SkB7Lik(WWupD#*pUYY8`e- zfqDB#+{wKG3r=0OWX-DeYY&Xk8WuS6%Nr9|qh z^SfJg*55{r#&fJ{wWo-YyTQ#lYAfO}aYEJ&rEJ<1MOs2mG-urjwpRz19;m|R=DQ8W zwBEsKR%@~mgan}`_Ln^VsRbfqTM5W-Ikbc44HU?Xa06Za0($Igu_4 zObe|$WuAsI$15dlhg&nL8$w1Kb?8hbo6T-j9rGIk@)GJT8qH0mFT_+TfGPJ?+2AqWGS;b3BYu zEcS#33Fww)goxddV0vKqO{6{3KorK{fw$&F!JX|@tt*rtIbFRi@|nifxT1ud+}ws)qJfTaaA$^HRv7a7j&$k`~krL@KltZ*LbL7VUFp zG}>}NyJX2@(~%mNjQ!Gi$`XcKHQ-tfIj6P=8!Srn0~yG4d#Dsy_Oxqm?DHnr*DhEl zp6=BzcaQ0(O6t1lqu$C-wpR9xD83!?h~^s)Ys+REv=Ka{Vcr%)XK1z%Z-o%w+b$gD4`o!kwd!dmOYQDPEI~%$>=gNAAxx~sCh&t?ZUqSB zlU2wLxLEFJ^U3m6h*XNsM> z^k;_{GMSU!QDhoF_c3A+74t{~sq1)!&R;`*Z=;qLWLy{?#|>l zf|voXizhHTVAY}v*3QDZ^tUd;IAU7n!~rB{{9gwb+m$52hDt9A=i1`xYC%ErdpIas zkVDo&$WX4I;fl>`vxJ`$JOv7jXZ z&r+#EyPUVX$cRpZ`kJ$7)3{- zLR4ail6Dsql(0qQWO1Cw(0#g@Im5VdcSYg{*tD-s-PeQ#@j_~>8w3;Ggpx>z!kfk~ zfdpF@$+8H&TOH{sW3>v9(NiO-b@kk!_%vc@_mu{u2~m7j7Vg5QqVya7)r7G$sxGY7 z&d6h-p%wB$GAdA>5czR{pMA5jFZ?8At9CHrq{)UtF+SMk+w>$Ock>c3jKuFhm^$m% zG>CugP?ztF2s6Hrn&qxB$1PMokI?0ZNrm$t8~M4HZs{iLSoRX9shusoprB=)T=pMb zdDvj2Tjy6b*#0d<2kE39>J7mjm-m!LNH@s`&TVB3A#?i}-6sf_I38h`uZ|%b^R7#D> zC>hKsY<`fY0oyKM+|(UP>19gIdX;6{psCU{QOA+VY+l=P-NH4Va8Sl?5Ro*`E7pFH zD-^^_;a0e`I2>ui2-tl6w=(iy3{yVS!s4TIUD58XP3Nlci`|n&Kg@_=Lv-kPQV_TS zb4wqC_Lufl#h@M13lX;%_f&W`Y+JE?JIadlhlAsip`q&PIC<%)9;O)!w>y&;@;Y~W zd2CeENwATMjSp)d(@zoU7-qu(icIvKKJh5U*`U)E+OnW8{%H!f)WI14pB{OD$Gs*V1- zKBq*4OGeEI5-v+`@j0{Uwv27+ovSpHfA>l>l`~{NSv6wcPtWin+xoZ~)K!VbymC}` zJ=he&#xQBWZyHY>jp-f!g|K*=@fT*(9qRq zTTTSBkkrC{+hof@!$D*eYpqA}J6oNNDx0MjtX>HJQGOYAfRzWG$wO{SsSFnrMU^xT z!}b%zLBv=hzQMOxskxN!g>BYr)PNV9CzlecF~?``N|Uf5-!^V`*c4Ic=S>ZdO-wC9 ze+o4SgQ30>LAAb~iv6>)GIn8Pj&+cX$MbrHi-eAs& zs6|;KKIMQ8(F~11(sc-UpbhYAhe+26XLFub0*qhb-c@9GIP#h=!YRQN+;VNtl-7*b ztbh65d2QHce}MNmyEr4QR6NL#9&Uie!mrVWtzHM_YOp4%5?V?2^stNjPTqKFz1c7z zk`K9lMxA>sJe01nNb_DtN8nUWiKVb~TvAham(`VAGT7|L&+6JTv$ZxXVWUtgQzoVw zg82TY%$nVhG;5!5(kw%ki1`P<3j~D~PkKN4Zpz%wSJZ94$yY&@--b z8Xu>+S>6(qAH5-0#mt!@8>D(>59c-haC}@J?rJ-eNr{ZgHq*3U>^8ZHjAEChpFCW& zZq14#dJ>jGUFxb++a}wnaGP8W+)Y9@)%4YTY+}}i2qiU=>0m+FQZ$*s=yoHu_$f~7 z=-ry*hF|#e06|o@3eq^)4+*9XP~ZoBgB@;;Bfrgi)~eO(majUMZ82wOKZhEAq`Mdo z7|d-9<}{sKVB|9M8#S;Bxqo3oH_z3UA6=UGgXs)L95=)in!6B}QrpRZuGY!1+YA2V zHyEFOdfCc}6QSU?!Gd+iLezky5_4yeR}h^{RJ6_$=k}qpcF}ok|M=?>LvBm&EWisJ z_3Md70rl|dfmXA`#Az7#__-qU6O+Wrp2y7fl>kE0BREH1h{$us=LOL!)F5EKh z#qg2z(F|i3YI(9%+YpGSlN*V2j1>axi#~xa; ztPL&sifN|8I;$%rkp@;N?ZdQ@1x75$p(@(OK9r%{6e?Y@mgc6UXBD^_DE%4sP+wV^ z$Ljv2g;%_zKHr2sy)TR+4y z?x`1CaZ>jyNSfEJBieu&Onljoqx(ujo|KzRXot!{i^c)A;Ggl2qgXm(v#E2Wb{>n9 z#pS(4^iSztv-8%~SzSkV%`A@e%xFVoa`v*gvff|mEiN4EuNT+VW~XE1{CWv)>gp}G ztzK1JgR-TRil}bfL^5l}tQo}_M;2!sm&}?q`^ck@z&)dF1vg(5*D;H%bB4P%GCMiB zR!&aB$x($l=he!+tgy1hc>Z{4L#@`;J200R)&4Pbq2ju7X=rw`n1hsPAN+ECwLUQ4 z{w?-1W^&e{AvlFBwXIyfa!FRfnO!s57NP&a>BV&zLuT6o)^t-I3A6q2cG z$=L}@hjx0cKDzlf4A6s25QaB@D5-9~t)ER+Lkt33D8MO<1@t8}IP*#|KvQ4y&pS9n}PokR_zode{?hdODumhro zx-rV(KOH}nXM4R3I**plDOU+;apW{txvC868*<-*KLzY9+qK4^{X9WmWx%#N*A=^M zj%I1+DDGVE@9M|$D-KjS`_Iuz2#`;^WuehdytrD;iG|ITlXM1j?>z^YD208X>PA)? zyti((Q5zK9lPQ7u)9;4#BbO;rHeXv+o5jd9rWA#|N8%HB_ouIy=(KUK%&q$G>r7H{L3V_^` z)P&s!PGRm}D>()Gw7izqsH<)2%F;mH4u*SBn6RD+5z_7*SU4?71DVh$4R9v9A;Ceo zyI=M~iI#GIwKHXsqT8I}7(0^`sdaj4Vbp%Bn^>IEm@LjL#c7+mF7C4rai%33#^App z6Lte5o3Gti9*yNy1$9sZ**7|}`9r8_3lUO^jlAX^>`<>=MZ7Vik zTle3t?du*H>t&x*+p3|A_YslNd%@z<7pz&kWX0@ceIGrDUxj7>E)AG;O=|f#BV6rA z`&ws`=n7)+z_uma(^47@*)i5cmbM;RuME&D5v%l#;Yu=qHoW;ZZV}mhZ9nsVb!5tx z6$1T>8$%_AS^G&7V#vZ%CR6@3wM|R%jY*fQ2j&x6uT^{2;ML8zY=5M*k?C|+0WCGQ z$mxHsj0ts>(&|8o)-p;NY4~laVfOWAlwUi*Z%#Ee(&90rP_4fXfoUR0)L$BcOLBu8 zHdc-nBEBjdYAKH(w50z^udyF$>@X>{3a?II=hQ22HCxy7Mdv7ZoZ0C6vL@CR85&sK9)tsmJ(53mhxfho+CRGaS zWCk!gFg;`~G1sGNL+~PpVPII+rm^R<9ikrvX89`hfP>o)uP4oU=W|YyE$7`{oH>K7 zl}F_cA8EL3KbqgBNxL=fnPX-lYUs>K$D-Bi57W>6NUX#oNPALYekH;rE7E#kkS?j;B+J^%el?54M@=o$@7=i2Gik*RDIKO` zBcygM6gVgb1+uu=U~GvpTMK80DV(2O&s~0Hl|~U{^A!Vl_}&OJLh%k|l_vj9QMlcLt(JD#a)`XI$3=u?F`nZ7i+m*&rC z&V>L>T6_a_Y|UV?(uLn5c~`O!IhC17t;I&QAEa1eabtlv1_gs24kNo=q3DNpv*x#c zLYoH@wKnpFc(C12r56p3L6x3vBr`^nP*951aX04sCr?17rUY~wc;7mU z>EO~o#OB_;^;;GLaAKyFqy-4IX1HU@sQZRPm5FNhnWEQ+EG8!2oJfugLC-hZ)Cb4u z#Pp63-bs{GkrL@vLF6CAYV&tdf@Z*3r^H&?2P)%WoxuK5zs4>i8 zIVW#*&(x2?0_ie2P9_ZhkM;JA4@&*uGb|C=fL^MVB*>7-Qcd5px~yaQ%r1NGJI@vt z_@zS%%C8(TeeAEp5B!vN*FaZ^lkNO~o(ozdW??~)GWj7B^9s{UevTyl81ykMzV&X{ zd@c7BYf1_~X`Ix$ZfKfZp^^@p9C(vy#;SeDR6)m2de|sq6%OfgoydZ4mJRuoS3F#T zqQ84OU;Ipa{fi$pVoDb>PkInNpskQ&5$dZPB@3!ah$B_X*v67XV#5M%^`pPpRUanw3Ykuh18?`k z2e6pwW4XSnMp>&~$fh86SeTTcYl~$TR;nnZ`LRzV$mLucGSxZjcTMbUx|ow$nl_XF zhH_5RCIA}`)%3ZB=JNHyvHAwA5q`#ap zbdY@l1SRTgo!XQ)W>tp?$ewCK9W$G*lZGGy?PtPR>8%f7% z5cgb_paH;?7%xT}5{A=SnNLQ7h3WiMxpi8mx6^_M$8kSNn;ap#C9=$mULuF0Ia4%Rm zPU6HjF&~d0x6G?$Eh0Hglrggyst=Ay(P{J6%9SOxE=@+-mg##k#w09dBlLUuwJ;l` zG%PtuWwOJHiVD)Q+%`XGB7QDeY)wAsjroA1;6Vy+CBbuv!LT7Yir2PP#cNq@tFV&l z(2i_2*1AOt)q$D(VC*!VZF~zHXk8~)|7Ze6))(0(GcrB^-M#r`MWA!F2&@9gNVNjC?XVjJUblu5L?-7E3T8Q7k#p)Fcc2z~&E)XimllFqS+8r5da=aW=NPL6t#aCRPUFzH*&sSHq1Iwr(h#y6%S9O$5Bj(?x2|Lf zKa18dAF>YTN?FGD-1i$tm^2mV%51#z)q_-=!l{x4Y8)Si@?4DBLhZ^Dg_JDjA@m7p zE(m6yTif1|EK|5-00pSBaWvWdp>9@SWD$*`0q&R}8(j)YV8>9j%vObBpNlK{8q84l z`ei)GO42IfmY*}-q+tMPXb~hbIu#~CD`aklluI!UlUpxE4Cd<9DzMH}F*O;fXg#5! z0&znO<8ipzuO{Puaj3?Gu^}n{nT=eyEr;G zIZa5#ShRQO94u5ExJ3uyWef|Z)OmIE(Hw6&Z)7c=%fvrD{VpqJbIy%jHIs3g98Aa} z$L2b<$jo(80p?}OTeR8y(r@`pNH#AGOyF59bHQNDQ76198TnMZl2d4i2Ge;xKhcnO zT5n?V$OX5Fq$>8bNJF)I`kQ*W*Ic-VIk&Ib?Oi-WooO$Q|Je|I4Ng`%5Q$9wllD~ zO56P6+O{=*j_Z>43hb7yL1n8D>dX3t+71t#lMn3|*or^5j0eLO1@4#N;cf`Vr?tbJ z(u?~*j4BytXUY3E6gRe1lCyl1V;QyjkaWoQDEiFmv_N@@(NL$X*9SS*NY5>pLsiLqvb1zvDD7l+j$!|WRwg3fqMR~Zq#+59d{Wz@NsW!iLY70rmY$c4rR&kxFEY1tx{GzCisyMQmW8ABCg zS!=`S*3!R|1#BD{m!e&R&26)rF1U&ND&hddUjA@IggZ&GcB^=&b9k9aP&fOd;({Wx zTnP)=+!%8(ifHi(K8gE6vVceW^-#Y*@Y=cYv_i;?QJx~88?&P-+amX1!D{g(GjufPkvD#6 z$ii+`HN8wq!5BM;uoNfhg5ZQ&Hz{6?SxaUOVrxKr*oSC{k&uCw1JUBruUWKT@59pP z#**=4j3XAY9iN!_SRffU#?5#g#WYO@e$`eB7a8frmYhLpv*}@Ki}~VbvdtGP6zY1u zupSsE9E_bI|As}l#=%C)U^W1@_`MhD&?d@Um^5awG@G*2ZQ$H|Tek%+8%M|Fth31s zr(D_2${~RX%k>_%o-&5%oNE{oqlrH(&rgggr3@3ZtD53< zzXI3?)NWd+Uz3;%xUtjgsewzsqGKa1Bbu>N-PfHXMc91J5HBNd-n=DcC@%TLg-D}J zPHQo0=Yj?H3G2QSR)tk*d^tSW}s<%>^1jV$~alX*LfKOTq*3ZG6S=M_0K9BW_-a(iIVnXz-o6 zT8HjNs>GsT3qdztpbZ)x9P?c_`$XcN1ZEUSBuFhm&9{bS%zUxcavLk9u+)@lAN7LG zggm}eQNIU{a50-nkQw>DSy)!C1}k;00)$r=#9)IIfFAUJ)A8lmS3YlWX!D2Yq*R~% zG%Os;-fTqR4$ZgjO7`LWd?oqssXM{{{LD#x7|3e>yFPgpJH+$m_#*F ztfpxzI5Ol&bXdufA<8a_ATV?oNh6X&mBW#v-uE5)0_ja(z(DSz7whl8*4lfo{mnNd ztr!hzalU=t>wMZD;v@`OrgLI5Of)x-tN@@Fbi#zw%j#cF?vVsFt1NW<0u4NY1jw|_ zWpEA{D}SolVpMBUg2`S87qD;sR0N-R%D_>x(EwmX`!?x(x?7&4YkDq}V}Xgp z`ZUV4QngWB8svlMG{lDd+89BfctpcP=`7uqeI723Xa?;-MnzJUuw)2c49)l@7O#F- z9Yq#pPzXTk07}k1Out9&bj^*|jLAYTzXPCFdJO>VWyy>&TiOGG&xz$RDk<@EOBWtP z&tGiE>B7_CgO=&b#sCVGtee>QnuaGr{K_rYS8XY#R{h~1*G2s@k;o?PZGFt6F7D$f zx^WGH;VQU1*MV6 zzzG-nINEOXzGINOt951llAH?r8cym|FO5H3#XYEmq%hb9yA}nGgQ=s+%8sw8TX6lz zJ{`1@QJj*Xl$R2pF_~@v>x{-3g~9&v*_j{%bF4zqgn11s1Z?wHw4v?tsvIqeSSbhO zsMA#@6}xDL4mpBdh;Z*u2wg-mp!4aI z!h0NpT4S)<5jG_#SPN&kN*}^;5Tqo6D~qi$dIyrx5z>~1 zo(o$=*QwMa?;<}#!jMD6HAwlX+DVpR1z_>{2Qp)*IPU@NqGzdH3n31XU+D#1i{~Zq zpfPC=7HGHIwND`p%962S;9}(&Fv&U1i>L^b+Zcvip&9pOV##>Ze9&42FrviMzVV5E z5+KDHiPAyG`bNv-QQuTR5#oxbu)SLmpCTK93AH32EHUQo1K5#QW0(tca^1nR>fgs!np(u!=de653Jy1E}{klPWZH-gbXit`db zE>1mZbDLLI8uLmyB*`7@;_n6tl{m4aVrD7vDGUsxc+`pz)Nbx-9=>)7K3HLh67$U) z2112DqYT`g$wn`2_@;HOA;TAU@M$h;?58(8FQ56!Y_5S{5|-j#GrT-q{f~{FkVIeEu5zq5i&R~ zrr2Cz^O8T5B%y-kGualp4OZblb?q8>1iPuD0C9?qXonO{g7kSU_Hr$XbQ>oCSo_LA^%LJz^(B6c(VfQjeC!6EX+2ok%LoB%6Ivw=P|L`&LMs_ltLn? zsfLC-tX)WrcOEp$mK;wWx}L2UsQA^o(OjD5nb{4bkXa04Gxk;6iCj#W8^q(2fu)CX z7j}U?ocxIUTYzlPYMhdCTqFvF703i-sJ{VXclfIx<=urpXDPIAakRi(mDXa?Vgcm7 z>4)VJg-xVi6n|Gj;fihr9>NZmC`N~f0iINBfU@A0SCm;VE7TFYexqF5<3$2YWzw-b z>B-0d-Mvd7(-<#tCTC9?jg=CrqLxIZk9OBoVi$^Lyn!B{VtSQHISylEieqENC= z>RU8LT5+05E`#dJ!rf`z!!C{J6}`Ser3HTvC2=5npFN1$Y4@2Yf(iYJ%QoTQ8`wSB zKRr|OL`Y*JIqv-c2G}b;A$Z%^0o&1&snM>@#Ys@~boX=8Czkq?qIAFJ->z+P7r%c)HLv;f@!?)H2UFy& z!wPM+J`(j)RSNkTaL6}zgG7oQ?iItKVh8MMp)2O3+iF*c;E|Fbg)`*kwQJKTjiAi( zKPYOwB(?W{8AW3Pv!P@H2qvmqF}6$H#@z)t0YLF%DBMb}0N8V?5{k_T&E^zneo5kRM*(p8VnTTwbjP zBY&?a?5^c%xOBwMbRcCp5wKup1#`EtFJ-S<5d8f02TaOnG0Vvx-izvpK_D7cx|;VN zj_5E*ttJPLXNe+Z%8fz1`&JDDVZ}_8V%W4X;{i#b;cGCF-Qm$veMZdsD)*pj=d5hK zEZ^m=StIeu9WM=4vio-tLJ&Nl20y?_^SY^|9@T1=$R6JvpT3tPu{mmVuDLzkRau9n z$uQYs2P`IZMrvNvHA0-vz|GLw0}c`^xuh7Y^7OViy^}Z~G{xiA4nvF3X2%qhd(c$y z5v|x9IoZ^3;1_>$ZTH_@t`(&!=4>svMUNdo+Ef#Ie%{2V?AUeDj%;eVF-77mcogt! z{Tv=R#`aU-$}oXd#NSyl|HA3!ea^^me$VsZ=5m^!)$2C4<#+C3N(By_pF!bqed5iM zh46C)b(pD8KCS_QEd5G(0Shj2!K1>Gvrk`K2jD-qa}zR3Pn=0JDPu1ex2L~u(42pE zcNwRnV?Be+j5p)d&QFhz#1g5f_BOR@#Avm-OVNWipq*%kSDQVCnAUo4wv7toZ3V5d zALQ5oWM*Y?y5mES22kE!Zq`Kd9JMw%}Awv}uJgr@NvFoTxW zH6)tW#IRW3*tg3jOnqX)XQT&nY;D__P?~I4$m?dRe=MZkSUHRLh@mdFP98`@?#N$= zj1gv)m|UlLquXrj*%Tv#36E)rBCcKpKbse~je?$9PJ>Fka<&&bS%ZTvSVQh@&)rq~ z?Zuq}fUmk$rimT}UE_K#n8gx$Br9BUv632%2cVlwU;CI^c_R} zi*P0OXZovrceY|uX*>vMx~m7u?CoPb+6e!05BjQH<28RD7b645b;Yz%eWM0aiaBx8 z^;r8ZYp07Fy(s^4JU>D2L^6@PGEJuiN=)f{F73{I2N!f^HC^}N$TN>-lBsjC#BYJn zrj5a-URi+9842)I3;5e#A>{lMKFiA!O(#2{I_x_VGX<(&=0$5>1a6ll`{UCGkCEK` zU5;fH8ts?acHjM8_htxUci4T`&ZUGo3Mi;Uve2LjV%94j7d>j)VD*!Yv}`t9i;-1C z08f&k)X(m?Wum(`#ulHQno(+FvwXBOt;b6}Vvcvqz~2^iB`dL;I#$J3=lC8f;DV}& zX*VVx|ND6{3Ux4)Q{>YwYBurhcy0hR2_p%YOQqh43D|ikjw9cg&z@x}6joKCv>FAv zAkMJFdEKz#Zq-l$8rkjk${XQZRTej+Ynndn7=GzKck_nKc}}+PSvbpO-F&1pj|i;Q zyOn%hB>*RsK6z@~n#TUpx7*VPZ6N=hn9xSRqDOat97~O;PPRb~GAnr_C%?7hcuK|Q z2sz-Y26vi}vVY305*)$iYbf9LMY}fb@;m{05b5XiY%%CW?L{4TqBv1HiQQV&kR32z z4kbS_vO z8madG93$eVjAT$<#t0sE0@6ZDHDY9hvkoE(Bm`Polt-HNF%g&ozbRCB>h~4F3uk<= z==aEyG6G7UH9a?Kc9ZR`0D3%`R#9}->A)&dBCmx6=@~k8IBjl8!j!|GOS&7rH~4`rCYpv?7+O(xuFdr^n>^y7C|NPRDz=SW zg#NM|{>G*!Zn9Z%&^n}RZv6MaBdtr}KQRtBXi+f9bwjUbI}rDnOaZdZ&sp9t65q?F zKB`Wr_JrGLlqE$37Y5NS_Fg?>t02D&DC){QVC|v=)VSz`_t3w@akHkH=xXNA(Xq@* zXO_Xv2tj%7pY)ug%Q%fJHwxZc?+$*cacpm9sw4yOOl6Jbd?)Xr)-o0X34fFGrR?0r zJT(~l{QP8u$prIfnOkB)J*I*O4Z%#Xh4TiCmk6Udc2>h~#m~DW;`T2ZMoGakmaRz! z4&V`R(#?JR=@UovQ;vd5h@w^t`<7Hii3glQwz+P6-_Rpwl^sJrp{CY-NuBWKFY1oR zL@L1C16kOKLz?X{^(Hw$34-ZkfKf(gU6~4HFr0@!hZonnkK-m8uY3Y=*ys*_P{ znR4`pSK5A$PRm8jK&-eGu7~Bu02~J9I$!o3^{b4e|MkdPp5OcQ#_2t}EKu z>7Y?>wdy@GS{@-=y`}#c8#me{`2HN7mC5{$O;UuGTGdiZCwRP!%vvmxGYiiZM3Ddc>^U_@SHfg9YBVD>-ID|#UQwWF*1J1=S%fqV)z4;)n zJ|Zv?vS&WzCez-SJWaKxh^BtM#BTaQPnipVWZ=j*C5!TYI303Fo<5eSZkW+;)&0T2 zYUJ5LJgD~3es+J&X6BD}Dh9z|xKh_VU$ufE4ZnDH{9?@`E;yfhlZ@~IxL&4O(|L@e z`TU)*W!TLvIWiJo2g>Dy2j^5L%u*d^Gmp<pLRmIPp~hjyShc))k+*XMGd+I^~K*r=N#< z;rRxp9Cz9U48i699V0v1k7W`4&fcOBgUM&2H@${>gD=6*VMZR30nuhJGgSFZvFPaG zB63b(s<#wRqjf6?mHmV6^;og;we@QK+%svFA?KBd^U^m+-Bs~|+LjliQE|8_JFefj z>S7N2UVL0em3tKCmS?kgyt1A>HrD3^y5X;HGg{x22&Q$-`~}3z`w6;k)zBU90l8iBbL-8v*? z{BR_|j};wK=?^E$|BTIq+HxZXs7(+^y{OVavC)t1S( z;3BUdE1ex?{7gYFktMI^yg)yp;P*A_G`Wy$iJt3R#qrngMA?eK^2MW%|MT_3`}+qE z@9@A$6VGV^$r4BV-E7LkpgWdI{!U@kA`L8o9jeG5D&E_9N&^J1{L(R3iTOMySvrgx zhVneEVDDfk#GO~r?q(YU7#z+Fi@%G|egV?owf~1iOG`hlVKXjOw6tk4b=`_Jbli2~ z_m+9hTIfION~O-0rbP-P>cxkQ#;M6Rr}5U7R~U2KTy=jc9WcxZk3HJKS}B*tW(ea+ z_6`*GQgi;x$)U1ib#G4Jli>ye4A@x(KfS;WH4;Ppa`N?j=~Wx#YD={Z$pTc*^R84*Ws}?+T;~5c&jY@W{h2yChLOPCd%77anPl7fKM2)+k2BImg$|+ zznj4Wj623)CMK#4MU_IFS^IaNJUsaN>91<%)W>+7R6Mqp3s!8DyC@U4zO|T$>Jlmc z+$?7O>_fRn2+jpY8ob>{GohgvrTbIY<^hP%w68YHf#f?c#FNAi7)R8C%ngc(cgd1# zsIsD|jP#7QobHxqm9LkpSrYEJx3Sm=pKG;-3a@q2IN04r>&BZ$+e;`2kHUkJlT`}v zCrBU6QiU7oLJ1?W&w>1vn-1&*`5MCPIeHtpohnjC`nih0xBrv63rw>9UDg?Ag0R`Y=%k(lySdSgfS2_P)Wi? zH>WI9suqa4Yr=)CwU>sfVC{&6lYQ995^E6KR_}PbmCTKDgQ-KeESEG5Ft;Cs){d!Z z-*U(B=c70`vcz*{g@A>Wo36i5vC*;n5k*dFOiBfq#F}-51DdlrLYfs5G z2%p&(U_)^pR2Yt4O}J zTT){RAilvEECEHHLJB>xoNL6YFOE-Tz&4vUl*8qVV8?2MTSSRV<|0DkFukg=)kfn0 zPDKP}gy30g&|s12H+uTA+Rr2&#>A`D!1)UdUiG%D{@8WNz}5gs+Ja6?WY@Gg{ZX>?&t~t2co?6Y3O@6 zy#L_o<0to@a6rd|j)*h)o0x)<@3-q>hl7eplt@D9@gfmA)W{(>9$o;YldoPk8TiId zUucS{OOZw-K*VlB_P%rttCZXjF){+&N(VN?iKe8e=pim`#P7@x*EF?|D?XqI5FfL> zUC9!#0W7GXiLZ4#?A+Ee^rPRCVY13OEJfnKzYHcV!7A9w%Wg_bBmtUwDm`2piL4}; zOsEWk|7iOc4{YNZiTTtLu1my^^>}H1=r@tHBY(AiX30i|SkJR#%BxDe(X4f{Zy^<{ z`g8H=TR5jTl70&g5{7w?Uq>q__#O z@zw-#d)!Yogmw}mLPib zHhWP!4%XyB3_gM~sGhwx0F*)o^d*U+F>Y#>^PBS)qh%MgHXMAbg(Qvd%ZQevD*<&9 z-f%dWclCrxK?+19O#CUs!uS_}YCztz9iY}t3m{EZIf_<_WZ`3xx!`5x#u3GGaU$%g z0TVzZ=f4P)#!)6A-9-(e_-Eq2JarP>KsqAtBSNQYXjZ8@SRS7=+_F9T2xXO>UwaEa zBOe-MxsB)N^km_js-1BuO=!PdGVACRaw+xqP&m*9>)PHaB1Jc+(qUp3f{{RM^>mO? zDN2Vh9adeb;XO7g$hOniNo!G4!bTQ;^2e9WZ$U|5cl?7Y`FgvTsGB^l-&!XbFoXA zWLTK`ZBOuXSMaUY$bq+S<&8d%wm77YA%FbkFO>7-gWV60RxQqtk0w^wQyIlJlu%hl zQ*+n)w{Zetgw?RcM$^?HZWaqig3v}iOa)JsC(5d;toF_Qr+3pJyaK>0*s2p!*9N$= zoKQ!M%g)~dv(O-lj_EF}9y;DQD}JevIQ_(5EVl@kG6Ym1PWldE`^7l9Q;6r6N|ZL3 zrMYq?+~Dx>CjgO}e>9bew7e_GkZL^TZGlJ?0O1&g`B%B zqr1wtIsVm0j08Y3Nc6xk4iwvKl0#rGk)qIse}PH)xyam0<^LU7%*z%~&u80B}T@9gF2D8SAO0X%S=G;|`5 z(J@4$okD3EbLH9&jcSUp11G?MQM$rEf(~!2K>>(_-bPfW=@|jb1$2^N%!$|>9lTIa z`u>xHr~hGAF@a#R&TMZz>m%BXNsKHm3ieBrx%$v*9Vg@5XJlZ*v2GvJn5&&w1atPS zpuw*euh(HE7iRlaGyxQDHqhri0leKdcedpyHb7VLDtX7O#a~&B9xD#5#2I- z!CVrLkQ37dNL3XqpB!ZBEAC2;F8u4mYCcPa7+!!{cv0RUgA%({g1 z6aX1ku0(8hiHxwS9vBz(GEZ^8&6n8?TgP(w**GSa4D(bp4XMGz`CgE#6gLkO1awRY z;W;(vSvCR6JORB8VW7`p8aAwn^kdEB(?xzs0WJj1A~Z>&F@K0y6T6t6pPFxS9_yf= z9hO!hqFGHuV(8XE%Hw>Mn&(NVKdoh!2mG8qm|zsdygWhB(9KUE^=P=pwPy3NQIL?( zTzf6Wb}AjJZs%m4g}H9DGge_kZT&hvLKw=u_^vKem>AMlou*jRb3{=yJ1PBk*wjdL z9m;U25pa{a6Gd6Se9t>UShH}6-o5wz-6x0lAKsqcdPuq186n$gtw3x!WKd=1qjBxfjb4;=)|SiAcGHmF%A?rIP0#Ttt>t zptLD#*sKFtIyvODQ@t_y<7^f$Oni|}x8^V1`P1Z&PY)h`fA`_nMCbi!`bE)Z?zDf- z0t%1r4B8sexievZ%JvDcwe6ZBVV@^u(cEDrKK8kB4~5F#w})0NHXi<&zj@FCe_MgokXo}3g|S#tpJ|Z#*isrmPG*N*F(?d6T3SQd*I)Xg_f@j z<<5!oeDa1sKjVrGPn$uO)d^T(t_Jxoqk`kz#rl5u1{ zR5vIXee@>Lm5-=tkz~Yv55Axn94pK6i{3*iIVUG&(dnKl}KXmvheY<4?S_ zD*cpZ@+FiBiali#)xN}GC(sR|4J6|Gp}KcZ+0aftCdRr-*qw=;Vd4HF5lhzApE4I{ zY{v!-G?xToCy7d0znihwdAn?jEE%nqB4CqmpB$`z`y2buKazFvQu~Ou*q%)sMu~G7Y9WYyRT`Tb$M2zD~W$S1T~}n(TPvW9{lLKj)tQbBz&z zchrW%;`r7T`dV4X@{}j%=4YqA1gg55oUJKb4}9T)ldqoPF11zWCj0&?hr`Za@|K7M z;}=J<2Lx4Qg}w=ME7nZ7*jo3k^z5SUth9?EbE6;mX!ly$%x&G_w(JC3Q*O(j0SRI2qU@zC_evDmvjC` zInM>xWW>{vlHHffSA z`R_Y`X)s>VPr;y19WW`GCRr6~*5vI7!FHM77suR$Lk$Y#~Rao=`cBrl2l#|P3@h$TaxzPb&XI>4IsqU;e+s%K(c<8 zy~#sG9?4H)46Rf-17h9wk87q8Lb+(9cV$W!#1O{D<)VYLQaQO)t zP26Z>)Q*#MvKZ}g(Y3KEzHdUKpnYgX4SXD!Jx;cEQwhzsNnqu zSz-AAwA5q@UB#F6uN9wir9J_AITfd&g6`_(_$3D9 z6, 2015, 2016, 2017, 2018, 2019, 2020. +# +# Konventioner +# argument -> argument +# deferred -> udskudt +# iteration -> iteration (gennemløb) +# memory hard -> hukommelsestung (bedre mulighed?) det er nok et tilvalg, så +# evt. bevar den uændret. nok engelsk fejl hvor det er uden bindestreg. +# parameter -> parameter +# probe -> undersøge (bedre mulighed?) +# reencryption -> omkryptering +# suspended -> suspenderet (skal det være standset i stedet for?) +# wipe -> rydde +# +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup-2.3.1-rc0\n" +"Report-Msgid-Bugs-To: dm-crypt@saout.de\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-03-08 22:35+0200\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish \n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" + +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Kan ikke initialisere enhedsoversætter, kører som ikke-root bruger." + +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Kan ikke initialisere enhedsoversætter. Er dm_mod-kernemodulet indlæst?" + +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Det anmodede udskudte flag er ikke understøttet." + +#: lib/libdevmapper.c:1198 +#, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID for enheden %s blev afkortet." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Ukendt dm-måltype." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Forespurgte dm-crypt-ydelsestilvalg er ikke understøttede." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Forespurgte dm-verity-håndteringstilvalg for datakorruption er ikke understøttede." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Forespurgte dm-verity FEC-tilvalg er ikke understøttede." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Forespurgte dataintegritetstilvalg er ikke understøttede." + +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Forespurgte sector_size-tilvalg er ikke understøttet." + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Forespurgte automatiske genberegning af integritetsmærker er ikke understøttet." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Discard/TRIM %s er ikke understøttet." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Forespurgte dm-integritetsbitmaptilstand er ikke understøttet." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Kunne ikke forespørge dm-%s-segment." + +#: lib/random.c:75 +msgid "" +"System is out of entropy while generating volume key.\n" +"Please move mouse or type some text in another window to gather some random events.\n" +msgstr "" +"Systemet har ikke nok entropi til oprettelse af diskenhedsnøgle.\n" +"Flyt venligst musen eller indtast noget tekst i et andet vindue for at samle nogle vilkårlige hændelser.\n" + +#: lib/random.c:79 +#, c-format +msgid "Generating key (%d%% done).\n" +msgstr "Opretter nøgle (%d%% færdig).\n" + +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Kører i FIPS-tilstand." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Fatal fejl under RNG-initialisering." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Der blev anmodt om ukendt RNG-kvalitet." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Der opstod en fejl under læsning fra RNG." + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Kan ikke initialisere crypto RNG-motor." + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Kan ikke initialisere crypto-motor." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, c-format +msgid "Hash algorithm %s not supported." +msgstr "Hashalgoritmen %s er ikke understøttet." + +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Nøglebehandlingsfejl (der bruger hash %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Kan ikke bestemme enhedstype. Er aktivering af enhed ikke kompatibel?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Denne operation er kun understøttet for LUKS-enhed." + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Denne operation er kun understøttet for LUKS2-enhed." + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Alle nøglepladser er udfyldt." + +#: lib/setup.c:434 +#, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Nøglepladsen %d er ugyldig, vælg venligst mellem 0 og %d." + +#: lib/setup.c:440 +#, c-format +msgid "Key slot %d is full, please select another one." +msgstr "Nøglepladsen %d er fuld, vælg venligst en anden." + +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "Enhedsstørrelsen er ikke justeret til logisk blokstørrelse for enhed." + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Teksthoved registreret men enheden %s er for lille." + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Denne operation er ikke understøttet for denne enhedstype." + +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Ulovlig operation med omkryptering i gang." + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, c-format +msgid "Unsupported LUKS version %d." +msgstr "LUKS-version %d er ikke understøttet." + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Frakoblet metadataenhed er ikke understøttet for denne crypttype." + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, c-format +msgid "Device %s is not active." +msgstr "Enheden %s er ikke aktiv." + +#: lib/setup.c:1444 +#, c-format +msgid "Underlying device for crypt device %s disappeared." +msgstr "Underliggende enhed for cryptenheden %s forsvandt." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Ugyldige rene crypt-parametre." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Ugyldig nøglestørrelse." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID er ikke understøttet for denne crypttype." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Sektorstørrelsen på krypteringen er ikke understøttet." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Enhedsstørrelsen er ikke justeret til den anmodede sektorstørrelse." + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Kan ikke formatere LUKS uden enhed." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Forespurgte datajustering er ikke kompatibel med dataforskydning." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "ADVARSEL: Dataforskydning er uden for nuværende tilgængelige dataenhed.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Kan ikke rydde teksthoved på enheden %s." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "ADVARSEL: Enhedsaktiveringen vil fejle, dm-crypt mangler understøttelse for anmodet størrelse på krypteringssektor.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Diskenhedsnøglen er for lille til kryptering med integritetsudvidelser." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Krypteringsalgoritmen %s-%s (nøglestørrelse %zd bit) er ikke tilgængelig." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "ADVARSEL: LUKS2-metadatastørrelse ændret til % byte.\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "ADVARSEL: LUKS2-nøglepladsens områdestørrelse er ændret til % byte.\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "Enheden %s er for lille." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Kan ikke formatere enheden %s i brug." + +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Kan ikke formatere enheden %s, tilladelse nægtet." + +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Kan ikke formatere integritet for enheden %s." + +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "Kan ikke formatere enheden %s." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Kan ikke formatere LOOPAES uden enhed." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Kan ikke formatere VERITY uden enhed." + +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "VERITY-hashtypen %d er ikke understøttet." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "VERITY-blokstørrelse er ikke understøttet." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "VERITY-hashforskydning er ikke understøttet." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "VERITY FEC-forskydning er ikke understøttet." + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Dataområde overlapper med hashområde." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Dataområde overlapper med FEC-område." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Dataområde overlapper med FEC-område." + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "ADVARSEL: Anmodte mærkestørrelse %d byte er forskellig fra %s størrelsesuddata (%d byte).\n" + +#: lib/setup.c:2286 +#, c-format +msgid "Unknown crypt device type %s requested." +msgstr "Der blev anmodt om ukendt crypt-enhedstype %s." + +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, c-format +msgid "Unsupported parameters on device %s." +msgstr "Ikke understøttede parametre på enheden %s." + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Parametre matcher ikke på enheden %s." + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Crypt-enheder er forskellige." + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "Kunne ikke genindlæse enheden %s." + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, c-format +msgid "Failed to suspend device %s." +msgstr "Kunne ikke placere enheden %s i dvale." + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Kunne ikke genoptage enheden %s." + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Der opstod en fatal fejl under genindlæsning af enheden %s (oven på enheden %s)." + +#: lib/setup.c:2735 lib/setup.c:2737 +#, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Kunne ikke skifte enheden %s til dm-error." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Kan ikke ændre størrelse på loop-enhed." + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "Ønsker du at ændre UUID for enhed?" + +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Sikkerhedskopifilen indeholder ikke gyldige LUKS-teksthoveder." + +#: lib/setup.c:3058 +#, c-format +msgid "Volume %s is not active." +msgstr "Diskenheden %s er ikke aktiv." + +#: lib/setup.c:3069 +#, c-format +msgid "Volume %s is already suspended." +msgstr "Diskenheden %s er allerede suspenderet." + +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "Suspension er ikke understøttet for enheden %s." + +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "Fejl under suspension af enheden %s." + +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, c-format +msgid "Volume %s is not suspended." +msgstr "Diskenheden %s er ikke suspenderet." + +#: lib/setup.c:3146 +#, c-format +msgid "Resume is not supported for device %s." +msgstr "Genoptag er ikke understøttet for enheden %s." + +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, c-format +msgid "Error during resuming device %s." +msgstr "Fejl under genoptagelse af enheden %s." + +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Diskenhedsnøgle matcher ikke diskenheden." + +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Kan ikke tilføje nøgleplads, alle pladser er deaktiveret og ingen diskenhedsnøgle tilbudt." + +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Kunne ikke swappe ny nøgleplads." + +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Nøglepladsen %d er ugyldig." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Nøglepladsen %d er ikke aktiv." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Enhedsteksthoved overlapper med dataområde." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Omkryptering er i gang. Kan ikke aktivere enhed." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Kunne ikke indhente omkrypteringslås." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "LUKS2-omkrypteringsgendannelse mislykkedes." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Enhedstypen er ikke ordentlig initialiseret." + +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Kan ikke bruge enheden %s, navnet er ugyldigt eller stadig i brug." + +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "Enheden %s findes allerede." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Ukorrekt diskenhedsnøgle specificeret for ren enhed." + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Ukorrekt roothash specificeret for verity-enhed." + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Roothash-signatur er krævet." + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Kernenøglering mangler: krævet for at sende signatur til kernen." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Kunne ikke indlæse nøgle i kernenøglefil." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Enheden %s er stadig i brug." + +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "Ugyldig enhed %s." + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Diskenhedsnøglebuffer er for lille." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Kan ikke indhente diskenhedsnøgle for ren enhed." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "Kan ikke hente roothash for verity-enhed." + +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Denne operation er ikke understøttet for %s crypt-enhed." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Dump-operation er ikke understøttet for denne enhedstype." + +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "Dataforskydning er ikke et multiplum af %u byte." + +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Kan ikke konvertere enheden %s som stadig er i brug." + +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Kunne ikke tildele nøglepladsen %u som den nye diskenhedsnøgle." + +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Kunne ikke initialisere standardparametre for LUKS2-nøgleplads." + +#: lib/setup.c:5851 +#, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Kunne ikke tildele nøglepladsen %d til sammendrag." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Kernenøglering er ikke understøttet af kernen." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Kunne ikke læse adgangsfrase fra nøglering (fejl %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Kunne ikke indhente global adgangsserialiseringslås for memory-hard." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Kan ikke indhente procesprioritet." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Kan ikke låse hukommelsen op." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Kunne ikke åbne nøglefil." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Kan ikke læse nøglefilen fra en terminal." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Kunne ikke køre stat på nøglefil." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Kan ikke søge til anmodede nøglefilsforskydning." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Ikke nok hukommelse under læsning af adgangsfrase." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Der opstod en fejl under læsning af adgangsfrase." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Intet at læse på inddata." + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Nøglefilsstørrelsen er over maksimum." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Kan ikke læse den anmodede datamængde." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, c-format +msgid "Device %s does not exist or access denied." +msgstr "Enheden %s findes ikke eller adgang nægtet." + +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Enheden %s er ikke kompatibel." + +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Enheden %s er for lille. Kræver mindst % byte." + +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Kan ikke bruge enheden %s som er i brug (allerede kortlagt eller monteret)." + +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Kan ikke bruge enheden %s, tilladelse nægtet." + +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Kan ikke indhente information om enheden %s." + +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Kan ikke bruge en loopback-enhed, kører som ikke-root bruger." + +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Vedhæftelse af loopback-enhed mislykkedes (loop-enhed med flaget autoclear er krævet)." + +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Anmodt forskydning er mere end den reelle størrelse for enheden %s." + +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Enheden %s har nul størrelse." + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Anmodede PBKDF-måltidspunkt kan ikke være nul." + +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Ukendt PBKDF-type %s." + +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Den anmodede hash %s er ikke understøttet." + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Den anmodede PBKDF-type er ikke understøttet for LUKS1." + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "PBKDF maks hukommelse eller parallelle tråde må ikke angives med pbkdf2." + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Tvungen iterationantal er for lavt for %s (minimum er %u)." + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Tvungen hukommelsesomkostning er for lav for %s (minimum er %u kilobyte)." + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Anmodede maksimal PBKDF-hukommelsesomkostning er for høj (maksimum er %d kilobyte)." + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Anmodede maksimal PBKDF-hukommelse kan ikke være nul." + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Anmodede PBKDF parallelle tråde kan ikke være nul." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "Kun PBKDF2 er understøttet i FIPS-tilstand." + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "PBKDF-sammenligning deaktiveret men iterationer er ikke angivet." + +#: lib/utils_benchmark.c:191 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Ikke kompatible PBKDF2-tilvalg (der bruger hash-algoritme %s)." + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Ikke kompatible PBKDF2-tilvalg." + +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Låsning afbrudt. Låsestien %s/%s kan ikke bruges (ikke en mappe eller mangler)." + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "ADVARSEL: Låsemappen %s/%s mangler!\n" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Låsning afbrudt. Låsestien %s/%s kan ikke bruges (%s er ikke en mappe)." + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Kan ikke søge til enhedsforskydning." + +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "Sletningsfejl for enhed (wipe), forskydning %." + +#: lib/luks1/keyencryption.c:39 +#, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Kunne ikke opsætte dm-crypt nøgleoversættelse for enheden %s.\n" +"Kontroller at kernen understøtter krypteringsalgoritmen %s (kontroller syslog for yderligere information)." + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Nøglestørrelse i XTS-tilstand skal være 256- eller 512-bit." + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Specifikation for krypteringsalgoritme skal være i [cipher]-[mode]-[iv]-format." + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Kan ikke skrive til enheden %s, tilladelse nægtet." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Kunne ikke åbne midlertidig nøglelagerenhed." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Kunne ikke tilgå midlertidig nøglelagerenhed." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "IO-fejl under kryptering af nøgleplads." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Kan ikke åbne enheden %s." + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "IO-fejl under dekryptering af nøgleplads." + +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Enheden %s er for lille. (LUKS1 kræver mindst % byte.)" + +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "LUKS-nøgleplads %u er ugyldig." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, c-format +msgid "Device %s is not a valid LUKS device." +msgstr "Enheden %s er ikke en gyldig LUKS-enhed." + +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, c-format +msgid "Requested header backup file %s already exists." +msgstr "Den anmodede sikkerhedskopifil %s for teksthoveder findes allerede." + +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, c-format +msgid "Cannot create header backup file %s." +msgstr "Kan ikke oprette sikkerhedskopifilen %s for teksthoveder." + +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, c-format +msgid "Cannot write header backup file %s." +msgstr "Kan ikke skrive sikkerhedskopifilen %sf for teksthoveder." + +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Sikkerhedskopifilen indeholder ikke gyldige LUKS-teksthoveder." + +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, c-format +msgid "Cannot open header backup file %s." +msgstr "Kan ikke åbne sikkerhedskopifilen %s for teksthoveder." + +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, c-format +msgid "Cannot read header backup file %s." +msgstr "Kan ikke læse sikkerhedskopifilen %s for teksthoveder." + +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Dataforskydning eller nøglestørrelse er forskellige på enhed eller sikkerhedskopi, gendannelse mislykkedes." + +#: lib/luks1/keymanage.c:325 +#, c-format +msgid "Device %s %s%s" +msgstr "Enheden %s %s%s" + +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "indeholder ikke LUKS-teksthoveder. Erstatning af teksthoved kan ødelægge data på den enhed." + +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "indeholder allerede LUKS-teksthoveder. Erstatning af teksthoveder vil ødelægge eksisterende nøglepladser." + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" +msgstr "" +"\n" +"ADVARSEL: reel enhedsteksthoved har en anden UUID end sikkerhedskopien!" + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Nøglestørrelsen følger ikke standarden, en manuel reparation er krævet." + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Nøglepladsopstillingen følger ikke standarden, en manuel reparation er krævet." + +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Reparerer nøglepladser." + +#: lib/luks1/keymanage.c:409 +#, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Nøgleplads %i: forskydning repareret (%u -> %u)." + +#: lib/luks1/keymanage.c:417 +#, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Nøgleplads %i: striber (»stripes«) repareret (%u -> %u)." + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "Nøgleplads %i: falsk partitionssignatur." + +#: lib/luks1/keymanage.c:431 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "Nøgleplads %i: salt ryddet." + +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Skriver LUKS-teksthovedet til disken." + +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Reparation mislykkedes." + +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, c-format +msgid "Requested LUKS hash %s is not supported." +msgstr "Den anmodede LUKS-hash %s er ikke understøttet." + +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Ingen kendte problemer registreret for LUKS-teksthoved." + +#: lib/luks1/keymanage.c:660 +#, c-format +msgid "Error during update of LUKS header on device %s." +msgstr "Fejl under opdatering af LUKS-teksthoved på enheden %s." + +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Fejl under genlæsning af LUKS-teksthoved efter opdatering på enheden %s." + +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Dataforskydning for LUKS-teksthoved skal være enten 0 eller større end teksthovedstørrelse." + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Forkert LUKS UUID-format anført." + +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Kan ikke oprette LUKS-teksthoved: læsning af vilkårlig salt mislykkedes." + +#: lib/luks1/keymanage.c:804 +#, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Kan ikke oprette LUKS-teksthoved: Teksthovedsammendrag mislykkedes (bruger hash %s)." + +#: lib/luks1/keymanage.c:848 +#, c-format +msgid "Key slot %d active, purge first." +msgstr "Nøgleplads %d aktiv, nulstil (purge) den først." + +#: lib/luks1/keymanage.c:854 +#, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Nøgleplads %d-materiale inkluderer for få striber (»stribes«). Teksthovedmanipulering?" + +#: lib/luks1/keymanage.c:990 +#, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Kan ikke åbne nøgleplads (der bruger hash %s)." + +#: lib/luks1/keymanage.c:1066 +#, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Nøgleplads %d er ugyldig, vælg nøgleplads mellem 0 og %d." + +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, c-format +msgid "Cannot wipe device %s." +msgstr "Kan ikke rydde enheden %s." + +#: lib/loopaes/loopaes.c:146 +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Registreret endnu ikke understøttet GPG-krypteret nøglefil." + +#: lib/loopaes/loopaes.c:147 +msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" +msgstr "Brug venligst gpg --decrypt | cryptsetup --keyfile=- ...\n" + +#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 +msgid "Incompatible loop-AES keyfile detected." +msgstr "Ikke kompatibel loop-AES-nøglefil registreret." + +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Kerne understøtter ikke loop-AES-kompatibel oversættelse." + +#: lib/tcrypt/tcrypt.c:504 +#, c-format +msgid "Error reading keyfile %s." +msgstr "Fejl under læsning af nøglefilen %s." + +#: lib/tcrypt/tcrypt.c:554 +#, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Den maksimale længde for TCRYPT-adgangsfrasen (%zu) er overskredet." + +#: lib/tcrypt/tcrypt.c:595 +#, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "PBKDF2-hashalgoritmen %s er ikke tilgængelig, udelader." + +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Krævet kernegrænseflade for crypto er ikke tilgængelig." + +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Sikr dig at du har kernemodulet algif_skcipher indlæst." + +#: lib/tcrypt/tcrypt.c:753 +#, c-format +msgid "Activation is not supported for %d sector size." +msgstr "Aktivering er endnu ikke understøttet for %d sektorstørrelse." + +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Kerne understøtter ikke aktivering for denne TCRYPT legacy-tilstand." + +#: lib/tcrypt/tcrypt.c:793 +#, c-format +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Aktivering af TCRYPT-systemkryptering for partition %s." + +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Kerne understøtter ikke TCRYPT-kompatibel oversættelse." + +#: lib/tcrypt/tcrypt.c:1093 +msgid "This function is not supported without TCRYPT header load." +msgstr "Denne funktion er ikke understøttet uden TCRYPT-teksthovedindlæsning." + +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Uventet metadataindgangstype »%u« fundet da understøttet Volume Master Key blev fortolket." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Ugyldig streng fundet da Volume Master Key blev fortolket." + +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Uventet streng (»%s«) fundet da Volume Master Key blev fortolket." + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "Uventet metadataindgangsværdi »%u« fundet da Volume Master Key blev fortolket." + +#: lib/bitlk/bitlk.c:479 +#, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Kunne ikke læse BITLK-signatur fra %s." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "BITLK version 1 er i øjeblikket ikke understøttet." + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Ugyldig eller ukendt opstartssignatur for BITLK-enhed." + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Ugyldig eller ukendt signatur for BITLK-enhed." + +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Sektorstørrelsen på krypteringen er ikke understøttet." + +#: lib/bitlk/bitlk.c:518 +#, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Kunne ikke læse BITLK-teksthoved fra %s." + +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Kunne ikke læse BITLK FVE-metadata fra %s." + +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Ukendt eller ikke understøttet krypteringstype." + +#: lib/bitlk/bitlk.c:627 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Kunne ikke læse BITLK-metadataposter fra %s." + +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Denne operation er ikke understøttet." + +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Forkert nøglestørrelse." + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Denne BITLK-enhed er i en ikkeunderstøttet tilstand og kan ikke aktiveres." + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "BITLK-enheder med typen »%s« kan ikke aktiveres." + +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Aktivering af delvist dekrypteret BITLK-enhed er ikke understøttet." + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Kan ikke aktivere enhed, kernel dm-crypt mangler understøttelse for BITLK IV." + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Kan ikke aktivere enhed, kernen dm-crypt mangler understøttelse for BITLK Elephant diffuser." + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Verity-enheden %s bruger ikke on-disk-teksthoved." + +#: lib/verity/verity.c:90 +#, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Enheden %s er ikke en gyldig VERITY-enhed." + +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Ikke understøttet VERITY-version %d." + +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "VERITY-teksthovedet er ødelagt." + +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Forkert VERITY UUID-format indeholdt på enheden %s." + +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Fejl under opdatering af verity-teksthoved på enheden %s." + +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "Roothash-signaturverifikation er ikke understøttet." + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Fejl kan ikke repareres med FEC-enhed." + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Fandt %u fejl der kan repareres med FEC-enhed." + +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "Kerne understøtter ikke dm-verity-oversættelse." + +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "Kerne understøtter ikke dm-verity-signaturtilvalg." + +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Verity-enheden registrerede korruption efter aktivering." + +#: lib/verity/verity_hash.c:59 +#, c-format +msgid "Spare area is not zeroed at position %." +msgstr "Ledigt område nulstilles ikke (»not zeroed«) på position %." + +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Forskydningsoverløb for enhed." + +#: lib/verity/verity_hash.c:203 +#, c-format +msgid "Verification failed at position %." +msgstr "Verificering mislykkedes på position %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Ugyldig størrelse for parametre for verity-enhed." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Hashområdeoverløb." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Verifikation af dataområde mislykkedes." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Verifikation af root-hash mislykkedes." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Inddata/uddata-fejl under oprettelse af hash-område." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Oprettelse af hash-område mislykkedes." + +#: lib/verity/verity_hash.c:433 +#, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "ADVARSEL: Kerne kan ikke aktivere enhed hvis dataenes blokstørrelse er større end sidestørrelsen (%u)." + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Kunne ikke allokere RS-kontekst." + +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Kunne ikke allokere buffer." + +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "Kunne ikke læse RS-blok % byte %d." + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Kunne ikke læse paritet for RS-blok %." + +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Kunne ikke reparere paritet for blok %." + +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Kunne ikke skrive paritet for RS-blok %.." + +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Blokstørrelser skal matche for FEC." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Ugyldigt antal paritetsbyte." + +#: lib/verity/verity_fec.c:265 +#, c-format +msgid "Failed to determine size for device %s." +msgstr "Kunne ikke bestemme størrelsen på enheden %s." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Kerne understøtter ikke dm-integrity-oversættelse." + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Kerne understøtter ikke dm-integrity fast metadatajustering." + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Kunne ikke indhente skrivelås på enheden %s." + +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Registreret forsøg på samtidig LUKS2-metadataopdering. Afbryder operation." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" +"Enhed indeholder tvetydige signaturer, kan ikke gendanne LUKS2 automatisk.\n" +"Kør venligst »cryptsetup repair« for gendannelse." + +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Forespurgte dataforskydning er for lille." + +#: lib/luks2/luks2_json_format.c:271 +#, c-format +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "ADVARSEL: nøglepladsområde (% byte) er meget lille, tilgængelige LUKS2-nøglepladsantal er meget begrænset.\n" + +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Kunne ikke indhente læselås på enheden %s." + +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Forbudt LUKS2-krav registreret i sikkerhedskopien %s." + +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Dataforskydning er forskellig på enhed eller sikkerhedskopi, gendannelse mislykkedes." + +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Binær teksthoved med nøglepladsområdestørrelse er forskellige på enhed eller sikkerhedskopi, gendannelse mislykkedes." + +#: lib/luks2/luks2_json_metadata.c:1221 +#, c-format +msgid "Device %s %s%s%s%s" +msgstr "Enheden %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "indeholder ikke LUKS2-teksthoveder. Erstatning af teksthoved kan ødelægge data på den enhed." + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "indeholder allerede LUKS2-teksthoveder. Erstatning af teksthoveder vil ødelægge eksisterende nøglepladser." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" +msgstr "" +"\n" +"ADVARSEL: Ukendte LUKS2-krav registreret i reel enhedsteksthoved!\n" +"Erstatning af teksthoved med sikkerhedskopi kan ødelægge data på den enhed!" + +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" +"\n" +"ADVARSEL: Ufærdig frakoblet omkryptering registreret på enheden!\n" +"Erstatning af teksthoved med sikkerhedskopi kan ødelægge data." + +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Ignorerede ukendt flag %s." + +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Manglende nøgle for dm-crypt-segmentet %u" + +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Kunne ikke angive dm-crypt-segmentet." + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Kunne ikke angive dm-linear-segmentet." + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Ikke understøttet konfiguration for enhedsintegritet." + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Omkryptering i gang. Kan ikke deaktivere enhed." + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Kunne ikke erstatte enheden %s i dvale med dm-error-mål." + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Kunne ikke læse LUKS2-krav." + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Uopfyldte LUKS2-krav registreret." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Operation er ikke kompatibel med enhed markeret for forældet omkryptering. Afbryder." + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Operation er ikke kompatibel med enhed markeret for LUKS2-omkryptering. Afbryder." + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Ikke nok hukommelse tilgængelig til at åbne en nøgleplads." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Åbning af nøgleplads mislykkedes." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Kan ikke brug %s-%s-krypteringsalgoritmen til nøglepladskryptering." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Ingen plads for ny nøgleplads." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Kan ikke kontrollere status for enheden med uuid: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Kan ikke konvertere teksthoved med yderligere metadata for LUKSMETA." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Kan ikke flytte nøglepladsområde. Ikke nok plads." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Kan ikke flytte nøglepladsområde. LUKS2-nøglepladsområdet er for lille." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Kan ikke flytte nøglepladsområde." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Kan ikke konvertere til LUKS1-format - krypteringssektorstørrelsen for standardsegmenter er ikke 512 byte." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Kan ikke konverterer til LUKS1-format - nøglepladssammendrag er ikke LUKS1-kompatibel." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "" +"Kan ikke konverterer til LUKS1-format - enheden bruger omsluttet\n" +"nøglekrypteringsalgoritme %s." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "" +"Kan ikke konverterer til LUKS1-format - LUKS2-teksthoved indeholder\n" +"%u symboler (tokens)." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Kan ikke konvertere til LUKS1-format - nøgleplads %u er i ugyldig tilstand." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "" +"Kan ikke konverterer til LUKS1-format - plads %u (over maksimalt antal pladser)\n" +"er stadig aktiv." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "" +"Kan ikke konvertere til LUKS1-format - nøglepladsen %u er ikke\n" +"LUKS1-kompatibel." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Hotzonestørrelsen skal være et multiplum af beregnet zonejustering (%zu byte)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Enhedsstørrelsen skal være et multiplum af beregnet zonejustering (%zu byte)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Resilience-tilstanden %s er ikke understøttet" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Kunne ikke initialisere gammelt lageromslag for segmentet." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Kunne ikke initialisere nyt lageromslag for segmentet." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Kunne ikke læse kontrolsummer for nuværende hotzone." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Kunne ikke læse hotzone-område startende på %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Kunne ikke dekryptere sektor %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Kunne ikke gendanne sektor %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Størrelsen på kilde- og målenhed er forskellig. Kilde %, mål: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Kunne ikke køre aktivere hotzone-enheden %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Kunne ikke aktivere overlagsenheden %s med faktiske origin-tabel." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Kunne ikke indlæse ny oversættelse for enheden %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Kunne ikke opdatere omkrypteringsenhedsstakken." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Kunne ikke angive områdestørrelse for nye nøglepladser." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Dataflytning er ikke justeret til den anmodede krypteringssektorstørrelse (% byte)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Datanhed er ikke justeret til den anmodede krypteringssektorstørrelse (% byte)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Dataskift (% sektorer) er mindre end fremtidig dataforskydning (% sektorer)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Kan ikke åbne %s i eksklusiv tilstand (allerede kortlagt eller monteret)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Enhed er ikke markeret for LUKS2-omkryptering." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Kunne ikke indlæse LUKS2-omkrypteringskontekst." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Kunne ikke indhente omkrypteringstilstand." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Enheden er ikke under omkryptering." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Omkrypteringsproces er allerede i gang." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Kunne ikke indhente omkrypteringslås." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Kan ikke fortsætte med omkryptering. Kør omkrypteringsgendannelse først." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "Aktiv enhedsstørrelse og anmodet sektorstørrelse er forskellige." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "Ugyldig enhedsstørrelse i omkrypteringsparametrene." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Omkryptering er i gang. Kan ikke udføre gendannelse." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "LUKS2-omkryptering er allerede initialiseret i metadata." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Kunne ikke initialisere LUKS2-omkryptering i metadata." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Kunne ikke angive enhedssegmenter for næste omkrypteringshotzone." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Kunne ikke skrive resilience-metadata for omkryptering." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Dekryptering mislykkedes." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Kunne ikke skrive hotzoneområde startende på %." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Kunne ikke synkronisere data." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Kunne ikke opdatere metadata efter nuværende omkrypteringshotzone var fuldført." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Kunne ikke skrive LUKS2-metadata." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Kunne ikke rydde segmentdata for sikkerhedskopien." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Kunne ikke deaktivere kravflag for omkrypteringen." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Der opstod en fatal fejl under omkryptering af kodestump startende på %, % sektorer i alt." + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Genaktiver ikke enheden med mindre erstattet med fejlmål manuelt." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Kan ikke fortsætte med omkryptering. Uventet omkrypteringsstatus." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Manglende eller ugyldig omkrypteringskontekst." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Kunne ikke initialisere enhedsstak for omkryptering." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Kunne ikke opdatere omkrypteringskontekst." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Ingen frie symbolpladser." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Kunne ikke oprette indbygget symbol %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Kan ikke udføre verificering af adgangsfrase på ikke-tty-inddata." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Parametre til kryptering af nøgleplads kan kun angives for LUKS2-enhed." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Ikke kendt specifikationsmønster for krypteringsalgoritme registreret." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "ADVARSEL: Parameteren --hash bliver ignoreret i ren (plain) tilstand med nøglefil specificeret.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "ADVARSEL: Tilvalget --keyfile-size bliver ignoreret, læsestørrelsen er den samme som størrelsen for krypteringsnøglen.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Registrerede enhedssignaturer på %s. Videre behandling kan beskadige eksisterende data." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Operation afbrudt.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Tilvalget --key-file er krævet." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Indtast VeraCrypt-PIM: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Ugyldig PIM-værdi: fortolkningsfejl." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Ugyldig PIM-værdi: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Ugyldig PIM-værdi: uden for interval." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Intet enhedsteksthoved registreret med denne adgangsfrase." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Enheden %s er ikke en gyldig BITLK-enhed." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Teksthoveddump med diskenhedsnøgle er sensitiv information\n" +"som giver adgang til krypteret partition uden adgangsfrase.\n" +"Dette dump bør altid lagres krypteret et sikkert sted." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Enheden %s er stadig aktiv og planlagt til udskudt fjernelse.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Ændring af størrelse på aktiv enhed kræver diskenhedsnøgle i nøglering men tilvalget --disable-keyring er ikke angivet." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Sammenligning afbrudt." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s -\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iterationer per sekund for %zu-bit nøgle\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s .\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iterationer, %5u hukommelse, %1u parallelle tråde (CPU'er) for %zu-bit nøgle (anmodet %u ms time)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Sammenligningens resultat er ikke troværdigt." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Test bruger kun hukommelse omtrentlig (ingen lager-IO).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algoritme | Nøgle | Kryptering | Dekryptering\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Krypteringsalgoritmen %s-%s (nøglestørrelse %zd bit) er ikke tilgængelig." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritme | Nøgle | Kryptering | Dekryptering\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "-" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Ser ud til at enheden ikke kræver omkrypteringsgendannelse.\n" +"Ønsker du at fortsætte alligevel?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Fortsæt med LUKS2-omkrypteringsgendannelse?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Indtast adgangsfrase for omkrypteringsgendannelse: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Skal LUKS-enhedsteksthovedet forsøges repareres?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Rydder enhed for at initialisere integritetskontrolsum.\n" +"Du kan afbryde dette ved at trykke på CTRL+c (resten af ikke ryddet enhed vil indeholder ugyldig kontrolsum).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Kan ikke deaktivere midlertidig enhed %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Integritetstilvalg kan kun bruges for LUKS2-format." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Indstillinger for LUKS2-metadatastørrelse er ikke understøttet." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Kan ikke oprette teksthovedfilen %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Ikke kendt specifikationsmønster for krypteringsalgoritme registreret." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Kan ikke bruge %s på on-disk-teksthoved." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Dette vil uigenkaldeligt overskrive data på %s." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Kunne ikke angive pbkdf-parametre." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Reduceret dataforskydning er kun tilladt for frakoblet LUKS-teksthoved." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Kan ikke bestemme nøglestørrelsen på diskenheden for LUKS uden nøglepladser, brug venligst tilvalget --key-size." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Enhed aktiveret men kan ikke gøre flag vedvarende." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Nøgleplads %d valgt for sletning." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Dette er den sidste nøgleplads. Enheden vil blive ubrugelig efter fjernelse af denne nøgle." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Indtast en eventuel tilbageværende adgangsfrase: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Operation afbrudt, nøglepladsen var IKKE ryddet.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Indtast adgangsfrase som skal slettes: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Indtast ny adgangsfrase for nøgleplads: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Indtast en eventuel eksisterende adgangsfrase: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Indtast adgangsfrase som skal ændres: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Indtast ny adgangsfrase: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Indtast adgangsfrase for nøgleplads til konvertering: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Kun et enhedsargument for isLuks-operation er understøttet." + +#: src/cryptsetup.c:2001 +#, fuzzy +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Teksthoveddump med diskenhedsnøgle er sensitiv information\n" +"som giver adgang til krypteret partition uden adgangsfrase.\n" +"Dette dump bør altid lagres krypteret et sikkert sted." + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Nøglepladsen %d er ikke aktiv." + +#: src/cryptsetup.c:2072 +#, fuzzy +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Teksthoveddump med diskenhedsnøgle er sensitiv information\n" +"som giver adgang til krypteret partition uden adgangsfrase.\n" +"Dette dump bør altid lagres krypteret et sikkert sted." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Tilvalget --header-backup-file er krævet." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s er ikke en cryptsetup-håndteret enhed." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Opdater er ikke understøttet for enhedstypen %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Metadataenhedstypen %s blev ikke genkendt." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Kommandoen kræver enhedsnavn og oversat navn som argumenter." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Denne operation vil slette alle nøglepladser på enheden %s.\n" +"Enheden vil blive ubrugelig efter denne operation." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Operation afbrudt, nøglepladser blev IKKE fjernet (wiped).\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Ugyldig LUKS-type, kun luks1 og luks2 er understøttet." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Enheden er allerede %s-type." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Denne operation vil konvertere %s til %s-format.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Operation afbrudt, enheden blev IKKE konverteret.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Tilvalget --priority, --label eller --subsystem mangler." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Symbolet %d er ugyldigt." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Symbolet %d er i brug." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Kunne ikke tilføje luks2-keyringsymbolet %d." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Kunne ikke tildele symbolet %d til nøglepladsen %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Symbolet %d er ikke i brug." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Kunne ikke importere symbol fra fil." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Kunne ikke indhente symbolet %d for eksport." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "parameteren --key-description er obligatorisk for symbol tilføj-handling." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Handling kræver specifik symbol. Brug parameteren --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Ugyldig symboloperation %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Automatisk registreret aktiv dm-enhed »%s« for dataenheden %s.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Enheden %s er ikke en blokenhed.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Kunne ikke automatisk registrere enheds-%s-holdere." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Kan ikke afklare om enheden %s er aktiv eller ej.\n" +"Er du sikker på, at du ønsker at fortsætte med omkryptering i frakoblet\n" +"tilstand?\n" +"Det kan medføre dataødelæggelse, hvis enheden aktiveres.\n" +"For at afvikle omkryptering i frakoblet tilstand bruges parameteren\n" +"--active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Ugyldig LUKS-enhedstype." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Kryptering uden frakoblet teksthoved (--header) er ikke muligt uden størrelsesreduktion for dataenhed (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Anmodte dataforskydning skal være mindre end eller lig med halvdelen af --reduce-device-size parameter." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Justerer --reduce-device-size value til det dobbelte af --offset % (sektorer).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Kryptering er kun understøttet for formatet LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "Registrerede LUKS-enhed på %s. Ønsker du at kryptere den LUKS-enhed igen?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Midlertidig teksthovedfil %s findes allerede. Afbryder." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Kan ikke oprette midlertidig teksthovedfil %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s er nu aktiv og klar til kryptering via nettet.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Ikke nok ledige nøglepladser for omkryptering." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Nøglefil kan kun bruges med --key-slot eller med præcis en aktiv nøgleplads." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Indtast adgangsfrase for nøgleplads %d: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Indtast adgangsfrase for nøgleplads %u: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Kommandoen kræver enhed som argument." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "Kun formatet LUKS2 er i øjeblikket understøttet. Brug venligst værktøjet cryptsetup-reencrypt for LUKS1." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Forældet frakoblet omkryptering er allerede i gang. Brug redskabet cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Omkryptering af enhed med integritetsprofil er ikke understøttet." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "LUKS2-omkryptering er allerede initialiseret. Afbryder operation." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "LUKS2-enheden er ikke i omkryptering." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "åbn enhed som " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "luk enhed (fjern oversættelse)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "ændr størrelse på aktiv enhed" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "vis enhedsstatus" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "krypteringsalgoritme for sammenligning" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "prøv at reparere on-disk-metadata" + +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "omkrypter LUKS2-enhed" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "slet alle nøglepladser (fjern krypteringsnøgle)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "konverter LUKS fra/til LUKS2-format" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "angiv permanente konfigurationstilvalg for LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "formaterer en LUKS-enhed" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "tilføj nøgle til LUKS-enhed" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "fjerner leveret nøgle eller nøglefil fra LUKS-enhed" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "ændrer leveret nøgle eller nøglefil for LUKS-enhed" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "konverterer en nøgle til nye pbkdf-parametre" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "rydder nøgle med nummer fra LUKS-enhed" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "vis UUID for lUKS-enhed" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "tester for LUKS-partitionsteksthoved" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "dump LUKS-partitionsinformation" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "dump TCRYPT-enhedsinformation" + +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "dump BITLK-enhedsinformation" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Suspender LUKS-enhed og ryd nøgle (alle IO'er fryses fast)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Genoptag suspenderet LUKS-enhed" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Lav sikkerhedskopi af LUKS-enhedsteksthoved og nøglepladser" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Gendan LUKS-teksthoved og nøglepladser" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Manipuler LUKS2-symboler" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" er en af:\n" + +#: src/cryptsetup.c:3395 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"Du kan også bruge gamle syntaksaliasser:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" er enheden at oprette under %s\n" +" er den krypterede enhed\n" +" er LUKS-nøglens pladsnummer, der skal ændres\n" +" valgfri nøglefil for den nye nøgle for luksAddKey-handling\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Standardindkompileret metadataformat er %s (for luksFormat-handling).\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Standardindkompileret nøgle og adgangsfraseparametre.\n" +"\tMaksimal nøglefilsstørrelse: %dkB, Maksimal interaktiv adgangsfraselængde %d (tegn)\n" +"Standard-PBKDF for LUKS1: %s, iterationtid: %d (ms)\n" +"Standard-PBKDF for LUKS2: %s\n" +"\tTterationtid: %d, hukommelse krævet: %dkB, parallelle tråde: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Standardindkompileret enhedskrypteringsalgoritmeparametre:\n" +"\tloop-AES: %s, Nøgle %d bit\n" +"\tplain: %s, Nøgle: %d bit, Adgangskodehashing: %s\n" +"\tLUKS: %s, Nøgle: %d bit, LUKS-teksthovedhashing: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: Standardstørrelse på nøgle med XTS-tilstand (to interne nøgler) vil blive fordoblet.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: kræver %s som argumenter" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Vis denne hjælpetekst" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Vis en kort brugsmanual" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Vis pakkeversion" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Hjælpetilvalg:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Viser mere detaljerede fejlbeskeder" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Vis fejlsøgningsbeskeder" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Vis fejlsøgningsbeskeder inklusive JSON-metadata" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "Krypteringsalgoritmen brugt til at kryptere disken (se /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "Hashen brugt til at oprette krypteringsnøglen fra adgangsfrasen" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Verificerer adgangsfrasen ved at anmode om den to gange" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Læs nøglen fra en fil" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "Læs diskenhedens (master) nøgle fra fil." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Dump diskenheds (master) nøgle i stedet for information om nøgleplads" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "Krypteringsnøglens størrelse" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "BIT" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Begræns læsningen fra nøglefil" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "byte" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Antallet af byte at udelade i nøglefil" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Begræns læsningnen fra nyligt tilføjet nøglefil" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Antallet af byte at udelade i senest tilføjet nøglefil" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Pladsnummer for ny nøgle (standard er den første ledige)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "Størrelse på enheden" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "SEKTORER" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Brug kun specificeret enhedstørrelse (ignorer resten af enheden). FARLIGT!" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "Startforskydningen i motorenheden" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Antal sektorer med krypterede data som skal udelades i begyndelsen" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Opret en skrivebeskyttet oversættelse" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Anmod ikke om bekræftelse" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Tidsudløb for interaktiv adgangsfraseprompt (i sekunder)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "sek" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Statuslinjeopdatering (i sekunder)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Hvor ofte inddata for adgangsfrasen kan indhentes" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Juster belastning ved sektorgrænser - for luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Fil med LUKS-teksthoved og sikkerhedskopi af nøglepladser" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Brug /dev/random til oprettelse af diskenhedsnøgle" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Brug /dev/urandom til oprettelse af diskenhedsnøgle" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Del enhed med et andet ikkeoverlappende kryptsegment" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID som enheden skal bruge" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Tillader fjernelsesforespørgsler (a.k.a. TRIM) for enhed" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Enhed eller fil med adskilt LUKS-teksthoved" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Aktiver ikke enhed, kontroller bare adgangsfrase" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Brug skjult teksthoved (skjult TCRYPT-enhed)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Enhed er system-TCRYPT-drev (med opstartsindlæser)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Brug sikkerhedskopi (sekundær) TCRYPT-teksthoved" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Skan også for VeraCrypt-kompatibel enhed" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Personlig iterationmultiplikator for VeraCrypt-kompatibel enhed" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Forespørg personlig iterationmultiplikator for VeraCrypt-kompatibel enhed" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Type for enhedsmetadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Deaktiver kontrol af adgangskodens kvalitet (hvis aktiveret)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Brug tilvalgene dm-crypt og same_cpu_crypt for ydelseskompatibilitet" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Brug tilvalgene dm-crypt og submit_from_crypt_cpus for ydelseskompatibilitet" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Enhedsfjernelse er udskudt indtil den sidste bruger lukker enheden" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Brug global lås til at serialisere memory-hard-PBKDF (OOM-alternativ)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "PBKDF-iterationstid for LUKS (i ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ms" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "PBKDF-algoritme (for LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "PBKDF-hukommelsesomkostningsbegrænsning" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilobyte" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "PBKDF-parallel omkostning" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "tråde" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "PBKDF-iterationsomkostning (tvunget, deaktiverer sammenligning)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Nøglepladsprioritet: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Deaktiver låsning af on-disk-metadata" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Deaktiver indlæsning af diskenhedsnøgler via kernenøglering" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Dataintegritetsalgoritme (kun LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Deaktiver journal for integritetsenhed" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Ryd ikke enhed efter formatering" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Brug ineffektive forældede mellemrum (gamle kerner)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Spørg ikke om adgangsfrase hvis aktivering via symbol mislykkes" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Symbolnummer (standard: alle)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Nøglebeskrivelse" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Sektorstørrelse for kryptering (standard: 512 byte)" + +#: src/cryptsetup.c:3548 +#, fuzzy +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Sektorstørrelse for kryptering (standard: 512 byte)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Angiv aktiveringsflag vedvarende for enhed" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Angiv etiket for LUKS2-enhed" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Angiv undersystemetiket for LUKS2-enhed" + +#: src/cryptsetup.c:3552 +#, fuzzy +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Opret ubunden (intet tildelt datasegment) LUKS2-nøgleplads" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Læs eller skriv json fra eller til en fil" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Størrelse på metadataområdet for LUKS2-teksthovedet" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Størrelse på nøglepladsområdet for LUKS2-teksthovedet" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Opdater (genaktiver) enhed med nye parametre" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "LUKS2-nøgleplads: Krypteringsnøglens størrelse" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "LUKS2-nøgleplads: krypteringsalgoritmen brugt for nøglepladskryptering" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Krypter LUKS2-enhed (på stedet kryptering)." + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Dekrypter LUKS2-enhed (fjern kryptering)." + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Initialiser LUKS2-omkryptering kun i metadata." + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Genoptag kun initialiseret LUKS2-omkryptering." + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Reducer dataenhedstørrelse (flyt dataforskydning). FARLIGT!" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Maksimal størrelse for omkrypteringshotzone." + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Resilience-type for omkrypteringshotzonen (checksum,journal,none)" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Kontrolsumshash for omkrypteringshotzonen" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Overskriv automatisk registrering af enhed for dm-enhed der skal omkrypteres" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[TILVALG...] " + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Argument mangler." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Ukendt handling." + +#: src/cryptsetup.c:3713 +#, fuzzy +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Tilvalgene --refresh og --test-passphrase udelukker hinanden.\n" + +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "Tilvalget --deferred er kun tilladt for kommandoen close (luk).\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." +msgstr "Tilvalget --shared er kun tilladt for åbning af en ren enhed.\n" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Tilvalget --allow-discards er kun tilladt for åbne operationer.\n" + +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "Tilvalget --persistent er kun tilladt for åben operation.\n" + +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Tilvalget --serialize-memory-hard-pbkdf er kun tilladt for åbne operationer.\n" + +#: src/cryptsetup.c:3743 +#, fuzzy +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Tilvalget --persistent er ikke tilladt med --test-passphrase.\n" + +#: src/cryptsetup.c:3753 +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"Tilvalget --key-size er kun tilladt for luksFormat, luksAddKey,\n" +"åbn- og sammenligningshandlinger. For at begrænse læsning fra nøglefilen bruges\n" +"--keyfile-size=(bytes)." + +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Tilvalget --integrity er kun tilladt for luksFormat (LUKS2).\n" + +#: src/cryptsetup.c:3764 +#, fuzzy +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Tilvalget --integrity-no-wipe kan kun bruges for formathandling med integritetudvidelse.\n" + +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Tilvalget --label og --subsystem er kun tilladt for luksFormat og config LUKS2-operationer.\n" + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Tilvalget --test-passphrase er kun tilladt for åbning af LUKS- TCRYPT- og BITLK-enheder.\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Nøglestørrelse skal gå op i 8 bit" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "Nøgleplads er ugyldig." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Tilvalget --key-file har forrang over specificeret nøglefilsargument." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "Negativ nummer for tilvalg er ikke tilladt." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Kun et argument for --key-file er tilladt." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Kun et af tilvalgene --use-[u]random er tilladt." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "Tilvalget --use-[u]random er kun tilladt for luksFormat." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "Tilvalget --uid er kun tilladt for luksFormat og luksUUID." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "Tilvalget --align-payload er kun tilladt for luksFormat." + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Tilvalgene --luks2-metadata-size og --opt-luks2-keyslots-size er kun tilladt for luksFormat med LUKS2." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Ugyldig specifikation for størrelsen på LUKS2-metadata." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Ugyldig specifikation for størrelsen på LUKS2-nøgleplads." + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Tilvalgene --align-payload og --offset kan ikke kombineres." + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Tilvalget --skip er kun understøttet for åbning af plain- og loopaes-enheder.\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Tilvalget --offset er kun understøttet for åbning af plain- og loopaes-enheder, luksFormat og enhedsomkryptering.\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Tilvalgene --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup er kun understøttet for TCRYPT-enhed.\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Tilvaget --tcrypt-hidden kan ikke kombineres med --allow-discards.\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Tilvalget --veracrypt er kun understøttet for TCRYPT-enhedstype.\n" + +#: src/cryptsetup.c:3873 +#, fuzzy +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Ugyldigt argument for parameteren --veracrypt-pim angivet.\n" + +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Tilvalget --veracrypt-pim er kun understøttet for VeraCrypt-kompatible enheder.\n" + +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Tilvalget --veracrypt-query-pim er kun understøttet for VeraCrypt-kompatible enheder.\n" + +#: src/cryptsetup.c:3889 +#, fuzzy +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Tilvalgene --veracrypt-pim og --veracrypt-query-pm udelukker hinanden.\n" + +#: src/cryptsetup.c:3896 +#, fuzzy +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Tilvalget --priority kan kun være ignore/normal/prefer.\n" + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +#, fuzzy +msgid "Keyslot specification is required." +msgstr "Nøglepladsspecifikation er krævet.\n" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +#, fuzzy +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Adgangskodebaseret nøgleudledningsfunktion (PBKDF) kan kun være pbkdf2 eller argon2i/argon2id.\n" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +#, fuzzy +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "PBKDF-tvungne iterationer kan ikke kombineres med tilvalg for iterationstid.\n" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "Tilvalg for sektorstørrelse er ikke understøttet for denne kommando.\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +#, fuzzy +msgid "Key size is required with --unbound option." +msgstr "Nøglestørrelse er krævet med tilvalget --unbound.\n" + +#: src/cryptsetup.c:3944 +#, fuzzy +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Tilvalget --unbound kan kun bruges med luksAddKey-handlingen.\n" + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "Tilvalget --refresh kan kun bruges med open-handlingen.\n" + +#: src/cryptsetup.c:3960 +#, fuzzy +msgid "Cannot disable metadata locking." +msgstr "Kan ikke deaktivere metadatalåsning.\n" + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Ugyldig maksimal størrelsesspecifikation for omkrypteringshotzonen." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Ugyldig specifikation for enhedsstørrelse." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Maksimal reduceringsstørrelse for enhed er 1 GiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Reducer størrelse skal være multiplum af 512 byte sektor." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "Ugyldig størrelsesspecifikation for data." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Reducer størrelsesoverløb." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "LUKS2-omkryptering kræver tilvalget --header." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Enhedsstørrelse skal være multiplum af 512 byte sektor." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Tilvalgene --reduce-device-size og --data-size kan ikke kombineres." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Tilvalgene --device-size og --size kan ikke kombineres." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Tilvalgene --ignore-corruption og --restart-on-corruption kan ikke bruges sammen.\n" + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Ugyldig salt-streng angivet." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Kan ikke oprette hashaftryk %s for skriving." + +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Kan ikke oprette FEC-aftryk %s for skriving." + +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Ugyldig root-hash-streng angivet." + +#: src/veritysetup.c:187 +#, c-format +msgid "Invalid signature file %s." +msgstr "Ugyldig signaturfil %s." + +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Kan ikke læse signaturfilen %s." + +#: src/veritysetup.c:392 +msgid " " +msgstr " " + +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "formater enhed" + +#: src/veritysetup.c:393 +msgid " " +msgstr " " + +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "verificer enhed" + +#: src/veritysetup.c:394 +msgid " " +msgstr " " + +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "vis aktiv enhedsstatus" + +#: src/veritysetup.c:397 +msgid "" +msgstr "" + +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "vis on-disk-information" + +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" +"\n" +" er enheden der skal opretttes under %s\n" +" er dataenheden\n" +" er enheden indeholdende verifikationsdata\n" +" hash for root-knuden på \n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Standardindkompilerede dm-verity-parametre:\n" +"\tHash: %s, Databok (byte): %u, Hashblok (byte): %u, Salt-str.: %u, Hashformat: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Brug ikke verity-superblok" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Formatype (1 - normal, 0 - original Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "nummer" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Blokstørrelse på dataenheden" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Blokstørrelse på hashenheden" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "FEC-paritetbyte" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Antallet af blokke i datafilen" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "blokke" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Sti til enhed med fejlkorrektionsdata" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "sti" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Starter forskydning på hashenheden" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Starter forskydning på FEC-enheden" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Hashalgoritme" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "streng" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Salt" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "hex-streng" + +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Stil til roothash-signaturfil" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Genstart kerne hvis korruption er registreret" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ignorer korruption, log den kun" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Bekræft ikke nulstillede blokke" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Verificer kun datablok første gang den læses" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Tilvalgene --ignore-corruption, --restart-on-corruption eller --ignore-zero-blocks er kun tilladt for åben operation.\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Tilvalget --root-hash-signature kan kun bruges til åben operation.\n" + +#: src/veritysetup.c:592 +#, fuzzy +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Tilvalgene --ignore-corruption og --restart-on-corruption kan ikke bruges sammen.\n" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Kan ikke læse nøglefilen %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Kan ikke læse %d byte fra nøglefilen %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formateret med mærkestørrelse %u, intern integritet %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" er enheden der skal opretttes under %s\n" +" er enheden indeholdende data med integritetsmærker\n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Standardindkompilerede dm-integrity-parametre:\n" +"\tkontrolsumalgoritme: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Sti til dataenhed (hvis adskilt)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Journalstørrelse" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Interleave-sektorer" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Journalvandmærke" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "procent" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Journal commit-tid" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Antallet af 512-byte sektorer per bit (bitmap-tilstand)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Flush-tid for Bitmap-tilstand" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Mærkestørrelse (per-sektor)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Sektorstørrelse" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Bufferstørrelse" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Dataintegritetsalgoritme" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Størrelsen for dataintegritetsnøglen" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Læs integritetsnøglen fra en fil" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Journalintegritetsalgoritme" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Størrelsen for journalintegritetsnøglen" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Læs journalintegritetsnøglen fra en fil" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Journalkrypteringsalgoritme" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Størrelsen for journalkrypteringsnøglen" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Læs journalkrypteringsnøglen fra en fil" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Gendannelsestilstand (ingen journal, ingen mærkekontrol)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Brug bitmap til at registrere ændringer og deaktivere journal for integritetsenhed" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Genberegn oprindelige mærker automatisk." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Tilvalget --integrity-recalculate kan kun bruges for open-handling." + +#: src/integritysetup.c:669 +#, fuzzy +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Tilvalgene --journal-size, --interleave-sectors, --sector-size, --tag-size og --no-wipe kan kun bruges for formathandlingen.\n" + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Ugyldig specifikation for journalstørrelse." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Både nøglefil og tilvalg for nøglestørrelse skal være angivet." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Integritetsalgoritme skal være angivet hvis der bruges integritetsnøgle." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Både journalintegritetsnøglefil og tilvalg for nøglestørrelse skal være angivet." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Journalintegritetsalgoritme skal være angivet hvis journalintegritetsnøgle anvendes." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Både journalkrypteringsnøglefil og tilvalg for nøglestørrelse skal være angivet." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Journalkrypteringsalgoritme skal være angivet hvis journalkrypteringsnøgle bruges." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Tilvalgene recovery og bitmap udelukker hinanden." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Journaltilvalg kan ikke bruges i bitmap-tilstand." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Bitmap-tilvalg kan kun bruges i bitmap-tilstand." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Omkryptering er allerede i gang." + +#: src/cryptsetup_reencrypt.c:208 +#, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Kan ikke eksklusivt åbne %s, enheden er i brug." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Allokering af tilpasset hukommelse mislykkedes." + +#: src/cryptsetup_reencrypt.c:229 +#, c-format +msgid "Cannot read device %s." +msgstr "Kan ikke læse enheden %s." + +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Markerer LUKS-enheden %s som ubrugelig." + +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Angivelse af LUKS2 som frakoblet omkrypterer flag på enheden %s." + +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Kan ikke skrive enhed %s." + +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Kan ikke skrive omkrypteringslogfilen." + +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Kan ikke læse omkrypteringslogfilen." + +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Logfilen %s findes, genoptager omkryptering.\n" + +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Aktiverer midlertidig enhed via brug af gammelt LUKS-teksthoved." + +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Aktiverer midlertidig enhed via brug af nyt LUKS-teksthoved." + +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Aktivering af midlertidige enheder mislykkedes." + +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Kunne ikke angive dataforskydning." + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Kunne ikke angive metadatastørrelse." + +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Nyt LUKS-teksthoved for enheden %s oprettet." + +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Denne version af cryptsetup-reencrypt kan ikke håndtere ny intern symboltype %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Kunne ikke læse aktiveringsflag fra sikkerhedskopiteksthoved." + +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Kunne ikke skrive aktiveringsflag til nyt teksthoved." + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Kunne ikke læse krav fra sikkerhedskopiteksthoved." + +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "%s-sikkerhedskopi af teksthoved for enheden %s er oprettet." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Oprettelse af LUKS-sikkerhedskopiteksthoveder mislykkedes." + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Kan ikke gendanne %s-teksthoved på enheden %s." + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "%s-teksthoved på enheden %s er gendannet." + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Kan ikke åbne midlertidig LUKS-enhed." + +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Kan ikke indhente enhedsstørrelse." + +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "IO-fejl under omkryptering." + +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Angivet UUID er ugyldig." + +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Kan ikke åbne omkrypteringslogfilen." + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Ingen dekryptering i gang, angivet UUID kan kun bruges til at genoptage suspenderet dekrypteringsproces." + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Ændret pbkdf-parameter i nøgleplads %i." + +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Blokstørrelse for omkryptering" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" + +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Ændr ikke nøgle, ingen dataområdeomkryptering" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Læs ny diskenhednøgle (master) fra fil" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "PBKDF2-iterationstid for LUKS (i ms)" + +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Brug direct-io når enheder tilgås" + +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Brug fsync efter hver blok" + +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Opdater logfil efter hver blok" + +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Brug kun denne plads (andre vil blive deaktiveret)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Opret nyt teksthoved på ikke krypteret enhed" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Dekrypter enhed permanent (fjern kryptering)" + +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "UUID'en brugt til at genoptage dekryptering" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Type for LUKS-metadata: luks1, luks2" + +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[TILVALG...] " + +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Omkryptering vil ændre: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "diskenhedsnøgle" + +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "sæt hash til " + +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", set krypteringsalgoritme til " + +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Argument krævet." + +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Kun værdier mellem 1 MiB og 64 MiB tilladt for omkrypteringsblokstørrelsen." + +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "Maksimal reduceringsstørrelse for enhed er 64 MiB." + +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Tilvalget --new skal bruges sammen med --reduce-device-size eller --header." + +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Tilvalget --keep-key kan kun bruges med --hash, --iter-time eller --pbkdf-force-iterations." + +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "Tilvalget --new kan ikke bruges sammen med --decrypt." + +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "Tilvalget --decrypt er ikke kompatibelt med specificerede parametre." + +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Tilvalget --uuid er kun tilladt sammen med --decrypt." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Ugyldig luks-type. Brug en af disse: »luks«, »luks2« eller »luks2«." + +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Fejl ved læsning af svar fra terminal." + +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Kommando succesfuld.\n" + +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "forkert eller manglende parametre" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "ingen tilladelse eller ugyldg adgangsfrase" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "ikke nok hukommelse" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "forkert enhed eller fil angivet" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "enheden findes allerede eller enheden er optaget" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "ukendt fejl" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Kommando mislykkedes med kode %i (%s).\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Nøglepladsen %i oprettet." + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Nøgleplads %i låst op." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Nøgleplads %i fjernet." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Symbol %i oprettet." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Symbol %i fjernet." + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Sletning (wipe) afbrudt." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "ADVARSEL: Enheden %s indeholder allerede en »%s«-partitionsignatur.\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "ADVARSEL: Enheden %s indeholder allerede en »%s«-superbloksignatur.\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Kunne ikke initialisere enhedssignaturundersøgelser." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Kunne ikke køre stat på enheden %s." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Enheden %s er i brug. Kan ikke fortsætte med formatoperation." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Kunne ikke åbne filen %s i læs/skriv-tilstand." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "Eksisterende »%s«-partitionsignatur (forskydning: % byte) på enheden %s vil blive slettet." + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "Eksisterende »%s«-superbloksignatur (forskydning: % byte) på enheden %s vil blive slettet." + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Kunne ikke rydde enhedssignatur." + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Kunne ikke undersøge enheden %s for en signatur." + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Omkryptering afbrudt." + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Kan ikke kontrollere adganskodekvalitet: %s" + +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" +msgstr "" +"Kontrol af adgangskodens kvalitet mislykkedes:\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Kontrol af adgangskodens kvalitet mislykkedes: Ugyldig adgangsfrase (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Kunne ikke læse adgangsfrase fra terminal." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Verificer adgangsfrase: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Adgangsfraser matcher ikke." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Kan ikke bruge forskydning med terminalinddata." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Indtast adgangsfrase: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Indtast adgangsfrase for %s: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Ingen nøgle tilgængelig med denne adgangsfrase." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Ingen brugbar nøgleplads tilgængelig." + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Kan ikke bne nøglefilen %s for skrivning." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Kan ikke skrive til nøglefilen %s." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Kunne ikke åbne filen %s i skrivebeskyttet tilstand." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Tilbyd gyldig LUKS2-symbol JSON:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Kunne ikke læse JSON-fil." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Læsning afbrudt." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Kunne ikke åbne filen %s i skrive-tilstand." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Skrivning afbrudt." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Kunne ikke skrive JSON-fil." + +#~ msgid "Cipher %s is not available." +#~ msgstr "Krypteringsalgoritmen %s er ikke tilgængelig." + +#~ msgid "Parameter --refresh is only allowed with open or refresh commands.\n" +#~ msgstr "Parameteren --refresh er kun tilladt for kommandoerne open (åbn) eller refresh (opdater).\n" + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Krypteringsektorstørrelsen er ikke understøttet.\n" + +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Forespurgte dmcrypt-ydelsestilvalg er ikke understøttede." + +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Kan ikke formatere enheden %s som stadig er i brug." + +#~ msgid "Key slot %d is not used." +#~ msgstr "Nøglepladsen %d er ikke brugt." + +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Funktion er ikke tilgængelig i FIPS-tilstand." + +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Nøgleplads %d valgt for sletning." + +#~ msgid "open device as mapping " +#~ msgstr "åbn enhed som oversættelse " + +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "luk enhed (deaktiver og fjern oversættelse)" + +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Kunne ikke angive PBKDF-parametre." + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Kan ikke søge til enhedsforskydning.\n" + +#~ msgid "Interrupted by a signal." +#~ msgstr "Afbrudt af et signal." + +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "Enheden %s er for lille. (LUKS2 kræver mindst % byte.)" diff --git a/po/de.gmo b/po/de.gmo index b03ec225abb38f7525e244cc3c2548bee34d2f5e..301c436a5ecba9eadf531b27fbe963f5f9c01a59 100644 GIT binary patch literal 110505 zcmcGX2b`Q$_4j9`We<&bjw_o|&BuK|k-plizdibL+Y1o_p@OWggjO%j;Wm zx!lw(a=FRi7x&KPI=9T_mLHkR0lA;e&E@t4{{@~gj~D(fU6jk63|=RmcWmIt>7Lja=F96gTOqv5Ihtt zgGYm}2loT-2X_J=180DL1P=kHtjy*11y_R;z>B~R@NM9>-~-^U;J3kpz+Zu)&o-+l zE4V-SQt()C7jRziKLgwv_b_-oxE@q_J`PR=pANX+>RfIT?q%Ri@Cs1n_#&wKJ_Q~N zww>nXxByiBYG46;8z}mI6;%F@gOD`$XYe?1-s#j4yc|3N{0O)u_%l#+dkj?m+nxa} z!Q((klUo+tw}SfqX>fn=>44junadrBdpx)hoChudUk@G){s7z_-2SXw?nrQNP~~0% zijKpe=zkqZ5pwr{N@u6DbGbR-nV`bG6Kn^+0ID3n4d3@WhcLJ=02Tf-AS{{tH#ieK z`CRA2Ye85p_bpI#J@7pLz5qN1_cdS}_ythqdkR!NUwXcWKLQk;R)RCZ4WRPc{_vuH39DcXXF1cI1Ajl)6-uGDxLMRz&-mszjHzL->X5D_wC@x;Ew|y+K>FkT>;gfzXU%S& zaGwR$kADa%++RWQ%b_(d*ID2ZxL*sZ9QOqGlio|~xZ^s<$>1)yPYv!aQ1Pz>CxhbhkHQr&m-VY;JEc(-+e&!hxwq|?TwaM{&pRxa()a{y?z4b!R;<}er^X9 zera%D1RjO^E#NWW1EBceKj0LwaGB%zp!oAmpvwOxQ04tCsQT@4xy#?_pxl>%3U@oG zaNhy<0{<4i?|g-SKLI=d|L)+v5;Qu2YR~V3s?U}$^LA(lRsQ+lkzg5AdEW_&J`aK_ z=fA=I!H$>v_r>78xHo_&fHws9cffscKLbt&$GyV&Z$6mE-3{&sUJa@qw}tOt2Vt?? zufe^+;w!y=mw*a?UBHimD*waaZs1?Q1>knC@^)Pb9)f!Vmn(ff;_=<#dtc<_L$od3=M#RqQ%_5Ew0`s4GU$~p0Bmy7ekJnq%t zuHahmAn-My=yfNkcu#>J0(ZN{^|+1T0^HvQPXhOTwe!=Npy>a4@L=%HfZqhw-hTwe z4?Dlc%X>Jea(00e!0Utia{-?LMTY~g_5QsKRDPF&s@J`s`uDS-+GC5?IzR6Z9*%oe zz$-w>nGb@8f?oth=U;)xfm^-K=`aISdgp^G|1hX_x*psa{4_Wdd=OOs+5YvO&MZ*n zDS{o~^}+vsQ1PDtRsU_@;O#sCRQYCuN@oBRpWX_p9X=1LoxTH}3jRKPpY=x9Th9fR z&t2g5;Lkvn?`cr|;h&)B)bS>lGlO6O_g$d!{VAyOZvAG@e;TOtD&Q>eW^hOF7vNIx zS#Ugf(px;85_kmew}A5h0+6m6z25OaQ0;S6 zaGwme;XWT!yIupT-EIXB1HTH2U!DP#?jARI_zqC{oenDf8-xFypxX2Mpy>QJP;}Vs zMo;%7Q2fvp@KxZ^xNieRx1WGVg4@2;`^9un?Rqg-0dE3VfZM;#+wFW%<-ZhM489jU z75pP8y3KvNmwO0Qf4c@$`926v2EPHSzW)YA-$UNv{Idw$0(UQ{@BN_4@g`8=J{i9M z6r70rQBd?6cN4q`P6pLJZw7Y-?*sMy2f_b&a4PP?JH4D2fP3S9EhzfD4-}t#1w0P? zGq^w4akIM@gZh3YDEfW^RQyN5Dd68h)$@pVdAOzEnYb?lRgNEmqT9d06Tk`Y_VRXu zi*UaMRD1j!YzMcy#nU+sRDF8DQ@~3=(fzC7G2m{udU~e>yc#?T|BayX`y03nJm@{% zo)>}Ba6bl~4(@lG_xl=n2JTOS2Y@@g*Y%?UNSDhEgGzUc_j!4b1N(8m0z4M{J*adi z-0u9e1{9y&5Zn)evvB9$?|SfT@OYfpg7d*IgEPVHKS19Amw>ClyTAqDOFroJJsDI! zFAwf}!Rff415XAg-{E@lC7{~zAyDPs>Q3f9;56_Y@DpGUxbt0}?|Seg+@Ap_fd2rM z?!h1Oe9s5Pzc+v??^i+bkMDzrf!ln<`)>!R_L~EW zk2Zh@gV%xL(@%k?fxiy^vp(v4-v#FJe?8a%ei%Fvd<2{c?)Nd5H|K%};jV&t@On`B z+zrkFzXhs1yM5gGVd zw}BJEKZD1E2Y$x+>r7DPdp)=S{1T{m<38)D0agA3!R^3B z;L+e}a3y#xsCIu8JOFI{f|p|=sB~9=$AVXaqU+~C(ec~h9^mt!_-MB;dVP)s)y_Sj z{9g?!zdJ$I>v8ZkVC$E>yw`)u=MGTe9|4a6TkiAm{y1<5_d1X+n0pFTKfG}xG6Vb^ zcrdu#{a&69Q1zGxie6oy!e1NQ9|hI!KLV$L2YlJnITJhz_wAs{`!g^P?(!Aq%OgRR zvji5vw}Rc^S3s4c@KvYFC7{ZGJGc}02)G;gdvH&1%LiP)*)L!RxG(-QLGjNyp!nrw zpy>M`sP=grJOO;^*GQvMna6I@BsC@qjwt+i-!_zq~;OXFj_^$=?;0?k5Q{WM} ze*mhUFL~Jc`!G=DI0ZZiybu(>z7{+jyc?AKc?>)h+~u1-P8|!%eJMB{ye0TQ0`7zR zkZ-x%m;tJsmxJx#?ci+id%?Zuw_V=N1(pA~0j~f%aNhz>2EPT0|69J}?Y}#CBbnly3%n6jdwv8IogM;3x2M5b;Evz*@}COM#C-!O{~v;sp8hjG$ z15f1P{Y~BDfpa1?~Z^2bY3x1ebx2 zf;)kee&qJ-nc!Bq7l2B42`IU987O+a15~=71I0g2fJ$fkAN#m`4yf>VfuhrcpxXO4 zpxU?fCq5558r&WC9IzEU6C4M2fiD3EL6zeo(C7_rjr&GW@oolR3Vs6I61)%G2K*|x zH~39Z^?e$g0_J||beIY%`~q-$a4}c_&jc0kYH%0u7H}`{6QJ__1}MJz9;ket2UV}F ze&*#kG~iTF^_dAO-%~(^yA0eHyb1hi3*#4fHty>l@qC^Ie~x?Hqv+~UW3HE+_Bdl8?stMS2zS^oo&KdKyndeq#eZK1-vd4iE(WjrRWA1~@Gn z@^sdL({R5BoCrPwDxYniclw?HDqb%rdVUzZ2z(U05IptY&X@OsiuVL4I_~)&r^6!f zc-(IR<^K)vGVnj3=yF-E#pL@F;Gwt=YiY4^p8|^hSAZvi9|2X)XTa&;#Fw;KJ9UFc zEL|uT<~UaIruNI2rk*m)BSM3 zXF#=6Ve1ytW6lQKaK9Nm3j8d10{ASba<*^NV)ZVA$KZYksCN2Jz&yh1WZZ+G>icPM z1^8=F;ZGdb;{6sp9QUh1(fJeL`QVeF>b0QN>sbTUPB($#lZQa@^WOqa*sjIKo6|s* zy9S;Hz7rI`{Rve47H;2S>ltf7(env#U+{pJw%9y=8mM^Jf#QSTfa2TJc4#sE@m_Ej z+%MU&#m1H0LA7r?sCu0W=D}+~^_LHX@6UlM?_N83ITnDb&j@$`_+Ic3@P1J8<0(+` zdCJaSzE$8d+(Y2Iz%PQL>jk^C*f{(qQ2cZcsCxYcoC!|e)ziNS6y4qko(kRz&H{JX zt;OWr@_=svSL6Q!P~qEm_jW!5l>ckMW5Hj5ioe$$E!Mxz0!7DHf#R2UgR0l}LFM-+ z@FZ~lp6?@{mqaF>HTohqn)@L^E-{0LNep9jU4(++m`t3dI~mq5wY ze}baRq(hv(XMrhN^#2bJ#cK-GJ{NnXBHp!&<3 zz<%%^Q1l)@+3C;)YP`D{RDKVD%I8m@^q>Q$ct7b3cqb@&{}~kD&Y9|b^-55DaxZua zxb=}+ zT5{*%-vO%Mybe^m{sL4!`yA_hc5=YWLDB1Dpz8S(Q1WT(T9`JT>0l4Edm+Pm4D*qrTx&9hZ^!XB~_Gmf5<;?M*`r!&t^7~p)^!adb zKLhTAdza}xJ{JP61oy{(Jt#Wg2&$hy7QRnD(fRK*Q2D8{0*XG9XM4Zx1<%6$K5!4PWll@36Wj}w{&gv+d^duM zzwKO?JF`KhyAD)8d><&e@fdgp*gmht>U|}6n!bZ-ujd2qJ-@}~;YWj_^9oRWFa(M& zcYJ^|Px$>0KWIMW-JG+JPuFs%_gg{H?USJD{UoS%-Ro3$uK+b}zcRS*0agB|LD8pUg}2u$L6z^8fIkNn zZts;XHs3lAR63V~v%rso%fLT_7lHFudAoiJRDFIA&I9*f?eysc&&PcOXnYGQ{mG}f z{2u`|&fg7Q4L$^33$8ld%k>LT`R;dy_uunCjj!(q)n9)FiqH2uv&H5GF9Rh%{taq= zFykyAC*BKQhWjOFJAGaTo{IaU;KSe+=Q!Vg2UL6Sf3BC~3Q*(XcISD$7J+iV0aX6q z0GEPWp6~r{B`EiYK=IG>py+k#1>Uc30c*H_4~i~b#TK(W-4CiACa>}G_k)sGcY=}w ze*u-=oKDxDZv@p({{X6gPw#3m`^784e%yPM9A61a&OZxEuFUCnzIqdQChjkSYL|U_ zJik@o1-Nep)!+UD>ihWK7PFt64@%B{HsB9H$(=ud8ZQ@@T|QUAnYeEZ?jM2Tqkn-5 z!6_HE*gSp%cqr~CK=u1^eV)!#Q0;ssxE#Cz6yH7xieIMpdpoQEB_G}hO5S`1RC#_5 ziXV>~aQ^HD)vs;_Ri6hzwc}QUF5l*W>Tg}3+UqT#NQ3EI8{xT?f{uz{9o^-LtD}k!lU7)@{56%RSUEh+s5xf{weRkU5 z{tG~r_Zm?B;9hVJ_%~4PJN*);XE!LmcpbPK_;qkw@KJC}@F`H``W?6%rOJ!{C14&X;>RJ3!@E0;Lyh0M*X7f(L?6f_ZS8D_mb~ z12sNe3qAmT9^4ze`emN}Euiv$0#rZW`Q@Jf+2CEcKLT#i!oI;*c)wWlO1Cpy3o70( zLAC!*uX1-AsCumij{{!=9t3U#yTD(8qT9(=`aJt;a2D?0f#UN?S9v~zpyJ;Ms@=W? z>U-8zFM2%SpF#DDZC~yEViLF*_bO0) zd<&@l^<_}^cTCj}!yWn}?iLY}$zX{wQ_fz0B zaO>B5d1is4$0|_m{3cNK{SYXAdkPetcX@-C^CVE^>H^jNw}O&aUk~_P@Zax^Ucb4Z z^6LxuK2Y-LF;MyL_$E(hF(`KpRQewU#Sgy+MW^H6?Bme|p!oVeP;&f_;A(K@Tb%!H z0K0MD4XVHIf1Rhh8ay5Mn?dpGuR*obr0ZQTI~i1c*MjQ5?*_%UKLGav$KBxl^I%Z& zpc9lncL$gUe+Vl6-@rq`gKu=bWC3_4?)9MB>ARr#<&d{}zwQQyaDNb-3GVwg=dW`> z)#Gd6Rp8{ex7c}zPk}$ied0U3e0$#H`JD`k&J|Gg`XH!se;HIeJp!uVZv9T@$9=&I zanAz#z&k;;<6bwn*gC^3a4X!4K=I`=Q0d$RYJ9jKl$?4Fl>D0TE*}@q1JA+z8Blz@ z=es?>6F||W2#S7Jf$9$rgZqMyfjfcEgX6#*ZfUXgn7zO)aqkPNALWC4KDamTQ$UkP z!G8m|4gObv2Y^?D>i_Qp#ZM1_D%UQzx}JFqxE=0kpz1Ln)c4E4J-}N)$$@*o?ZH2Q z;=g}`%BSN!-tUhARi9ySSMbV!Zv!Pa?gG`1ehW%Y?tNQJj_#cMI{&uM|ir-moXWfihCR4elUc+Ux|gkfAD@i{(lMXKjXfO=VYE4JQW`O zeTgtz@Tfgz;X+^LP9&14S48{e<`V z_?-sEzip|{+k)fP;Qt6=;@=azUl{z)z;iWj@w5JZ7Q*cTs_&f&t|jcJc$aL9f5l9G zH%3qJN&No<&LQk4z|PFK`1)XYIfk%L@f;b_dLwuQW!GOX?+Zxd9B^;^xhC+??mQa_^I6=Bga6;aRpI@g_I5U*NK4kv+ZFqkf_)K^oPuN|E6aS9k{cph`8MQooTLj)u*e8SgCDc{2@k2c7 zbJy`8hRojo81I8BLny~9LLBk@P54d2eHO^@W&OJs{1fi2L%4MT37*>r|EqZP_v?(m z`@oa<_3)jc*Zw5G9u6Nb#{YDlSK}V1_9D!qA+7rY?hhWu^Ml}4)Jq9>3%CXNbNtn3 zdK4H?O%O&#Ul{f0yxcM|6OD6LvP=PYQ8fj^9S!p9GiU|6ATK0^i9q%=>Pj z{*K~#4bNBc`vbTm{?GBQzYl?va7#b=DmcV*B7O^TYivIlx9L#e=Xmt@6yI;;{YN1U z`TZYH6~8u~_wwAtw|C>m(3brD2>&%am*OKieLU~kzxlzv1NeTP{}A`JA^x@@;5)&O z2fu$2=3w6c18xl8pT~_e_iFtU{_f=cQ~2MB`zfB~nQs%r`+Gy0_wxN4Jm&@X*Z6)d z&ka0l@V}C$!n^+3L5+{uKUB8dmhjEVd_%3Zd4#?X@%~=$iy`i3a1Y{M%yTyHvZKu5 z+pVDfKF)g~ggp=}5=MUmyz308{xoLmZ!XVn;k$Y8kMvfJ?fryb#B&YLeuViR&*yo+ zjc=#%peoqkH}Q*qTLr&ugWqrX@Nu4&t%@;#q%xR+et_IX#D#-FMsB_gr}eHXM+<$8jtY) zfB5N7I@(3NpA+1ZGUd_te-dXK9@JF(yPkig7sS86;{V3r_$=Y>2zkisQNDc<{0n~n z06&cTO}uZ#vn}s^;1u%vDflD4{|eOKN5HuX%lp;5zmNBec`oPuc>K2HJ^p=^_nktS zx6Amq@_s$fM+mq--yi0E3-H~f@mrq9c=RV-RDUJhpC`-@c%2MM=;_npAk>0|g?g5P@Hf6wz%zI_;cxzgeNL!kcF2h{s{JQFF?0N;PX z`$K%YkoU>F=XvkoU4J`*%XpsU`5yigi1R4^cZBczhBQA3?#;7xa9d>lc?a&lX8iUf zUM+mQAoza{zmM|%1peOv4*_ojp9jCna~JPt5$0DsB_91v1rOmlKe#92_idgBgZnt* zWdHUE?vwC*fcFi-y(9!WjCwtc-xqM76u!+Ot$Dm3%s2fV6!3GrAIP^`LbwC$D{?-# zTln?_?-l$n2;~Vua^DLt&xNq>!M$?`(?R;jhWFotujKhka9=^VNjw+u>_E6viGM8b zJMvxvwV@Gl{q3weJlabF3Z3tkb*aUAZKhA_OE4RkHoLi+CuVdTG* z=hr+t^Blx8m1h$1wjtbpJR5Ky2L#CsV}8}DBLx5EGJyzkC)9`5JB72wU_yGi3( z@Bwfa{65WlE8+jZ`)Bcse`n&>-?)G`^X+lo_XU3qewk-V_@;3Ch4;yPKcDwAzV_C_I955x0?4Z zp2P7tmoN{64_^-WR{VAk;s43I{>U!(MczLHzJq5z&mVc#*4(r-t~7n&k)ae z6_CGG4)*Ui2^arv<*;=50LsJ2CTZJKSa5)$pyx z`^R{HgN4-oE#xVFN8-LA_}v8F8p6wKg!fx`mIS}s1D-;>r+Gh>Fo#l)cY%Mz{Yv~V zmmlv>^Zpaw9}97K&28ZQb;127u*NfkaC`C0`pbi-;r=1d1l(^U{0G2` zdAfPx-|O-J7*8MJ^!GJz*YLh8{-5Hx2>)k!w&Q&p@c7%@rZY3(f`CiGPf+0pcz(w7 zEYFtnp#x7l&rF_GJiR=Z^1PAfHlBNU9^!e5=U+TKEg(G4OrCRihIn4Z^H!cadA`W= zJ)Wm{{>8J?LfVGsIG)8k7x2`0uHm_f=Oa81@%)14Pdqye@(JgX`DMCzu$ zaXkOw?`r%sU)5jq`#gRV+{@Mx6z+HU?Hl|ck;QF&uiG8v9plc!Px4FTjo~i9?=S`8 zFZx}B-$Cw`_}vlW%Da_E`96%_p$*~wgx?_zetV<9j&JariJ!`%KS*fly&JzsgIJaa z@jJ>w(f$GBx9#aTGx3u<)^Rm{vl{%~g`eb({@NWZE!E+deAD=$znJchD32O%^%vOL z=JpD|l5f-flcg!YoA6V*3M+cZ@3;6##$^3Y{D80J;+@3ZfM1-q>>A>J9ltgO;!k6^ z(%S}wbej33<(z}x@xd?F|4RHs>uej}iC=6_>CQ^;3H%z{efvAoaH6%s9fx1!!APH8 z{3PG>7yaIeU!+;|`!;?t4~=t5Z#I*=DHb#3qs#E4+u5J$p}&~M!+g_tDfb>cO5@nO zd`%(i_jdetocSYBn3cYaV6BxGIcFRIv9f~3Ty!Or3J zL$y*@Qfz3Nul84JNf41-R5aiG;K;xlC;&yEb-8vVnUF84#U%8+W|G&iq&cZHyo zeXz97l90Q9q^~-wtLqe^c?-Ol;;UJEhRe0}FHBhx(>WuFl&=+gs$>`Wr?WCJM9I4f zWoRForaaV3{f3Ie@Bu7Toz^<8zfu`0%$f(|jjy)nRq*j$`8DNQwRPN3KkbblBsmo*^`tuU>DeM2gl&_?6lQc=vMHV+Zn^DCAvu$W_%d4Q4!g47pzPH(BR zuR1c2FZTCTpjYp}rjrpH*4Edjv5744BnP4>iK(Qu|F&aR8R2=N04AtsT?{KkNsxQux;>G0wYD74(TTH*JZ+3e=ezRUL zu3D?eNjm+d!5$<8jnmfIOUrhuVJ9YRuzdC@bLShcsvV|yoy&yrURf&-s3Jrj7&FpT zMQR z%Lv8cY_u*q1f=8Zp!I6+G6#`1-Jny_EU>W2<2A+3zLBB)KyiJ(vofsQOukW;Btt6R zA3I*k{dwd{cWJmZSj(?oy=X336$kU4+CiDfBZGZ|m34!8wb|52-T`7&Nir0aemy#m z7g1mv1H}AR<03UMDWPJNhf0lfqzg6romm;lcT)Uff3=byfu$?`UHN3>sjg=nxR{S+ zxLuN_GE_pEgt4a0gv&C#CbpZ@)GKdDqhhJ*j+%*Ye@7zq_vy8DTxWl!3eOJ1dh`TO zXpa0sO7@;46~b@KFM*N>$pW zI9$pXhlYkL^kf@Nt74h~?;w@I{`L8`!Aibbs|*)=O8G_0#LS0`KfLd0yDho<9^HbEYlC@HFGdPc1CybwxYRlE((=GiWw>@}>0-f* z{B*DP3^pv%$&w+xPPy6Cw|qudY7FOkTwPKP!Cey~UQmfllQGpN^*g&zsI8}`PuIUQ z&ds0g`r)~m5UB!G=bNZJQjPecVLjF`H$54)H{q4{ymA3%nYx;`TXm?^Db*2O43c-` zS0i00tsI52hS8wGbmSCsEn^vdZPlC=XD(lrudauM2Qo}ytU{Dp*%Z<7)w)=OrNN3c zabVOD>$s|7MswMmC=!27qtFQgw^v7o#2qlX*mryv?AQr=*?6C3L3sL=m6%~v1&fO8 z>_w{vDMt`Vv_7cCp+%rf4 z*Y{T#j2SwnGt~%HSyN#iQ5-Ips`-M|QaZ5@zarKw_f{|G9&2B}=| z_DLELWw4Ab{5d-6>*p};?*ze>P`;$`A8K8#dDr?4iSKW`3c zS5U_i)<-T<{Aks8Yq|mwGrJVLF^gUY~GFL^_Paw#wi;N3F{17 z>Hhb07oCQ7G4zyTlIA)4HK%zt#>m z1;1#7?pRx|DO!DqYOPos!TOUZXePNvM#`F{dGmx`O+&^8;Y)s9Z@IHqq^j0rSfcAd zj5PbopoK?yk`$RD0;+)vVXhK7d$0nbfsObW-d064#wv`NMprO?RZBfm*s_CoW~5Z% zRQ98%OwHSreX~+FYZq0ahQlc8P+LtAbipPR8C}EJbZ|(IjXBc!RS>6yEG`UWG~{NK zhqS~6q7Su!$mKy7tZKIxpTK`vidcj;rc%RY~`8u63PebVRzGBU)*Ikk{AMHH}s1DP-mp~|3O(>GAE@hJDanK9to z&{L7M)3ln>U@FT;hY}Nx5yA^uK#74EXhtK0W@JZ=(#UHT^tw?ilXzWJ*a<7r!1?G< zae(A?1jR(!e5otpC2Pc_jgqRF_on-d1%Z)5Z%L#>O5GU31khOh-vZT5Mfxi}rp443 zChbwi;9le;h_w;Y-p0RdY909%BeJ1obhP18rzD|NrQvFAbCOs+$b{c5hjl6W@SCI{ zv8DN*4OjW@VMJF-pZZXvDQ=NBO>qk{R*KQzvMuIa#1xr(1%YXi>q1;PYmDh8)`c%N&Q~`>Ca53@f2Eq9i)W_Q{c7j+C<3M* zQ3h-0Qdg?G)uqs$mnF&-7}s8i(o}71h&Hx3S3sw!ci70R$YQ1y2?5s0M4i;6-g{FF zBpsz`MDyQtAM?1I?k655~rpj)` zglF1Jw2d#@x}Cz9?k1J6xE70#rWTpt;<7dZ`TTSI24B_NM3iWZb0bZa*%^i|rmB?Z zY-iVV3ukLa4wToP8)gLLSQ(K0G-`QP$WBe%DQTPZyw)U0Vz3QOs%U`;jl;4=+%(}) zu~JiS8mKzbsUaF;lk$VVY5yWpzlcQ(O+~q&#l$Z%`=$IN5{BMKgLv6uNI1P~WMGI@ zbF+Avb)U(xo3G5a6DBbe!^|kOoyQN_n~hgN@$_s{Bb}8sgfmGen@OtcYH2$Z2|Gl& z8ccI@mlSMasZQC+uY-U!GzJW9Qk~{%*~gO8XxCpHVos!O22$zeJ$8tsAR$PqT_uaL zo_doH`8HK|s##8iqEDR+JL8VL~%G&-dPPkKS#iEd+B# zFPl)9Q4X;4qKrDMk&T&Im|SK9l3>zzyx0=zQ51=9$1+`oMWetCfzerWv1P1O#v^Le z<)x&#=c09YYVk5rze56{;EAEnbgf!1-fr@+2?Qwyb7V$AQn8UY`MH(+dRFq*$@GEX z3MCP}d}5o_t%vOZC#6XhYtp-zeL)hY`@!%Ss+SaVWT;E?+5D_E*u6DzL#gw%XVo*5 zD%2&>955Ed(k+*UU9u@(_sFods#aaQiZ=5sU0i0kAyqOF*Tw|Zao3~3r({{Md_k-l zRHO-|oG3<6F(3sNlzL}_R~#KJQ!FTH;KW91pTu-U6FQL2=PGGXI#7N?X_%Ejn{1>X zXt6L$%A=N9|buI^D=NQ0$X^nH@D6y{j-8)~F;(V%#bYtSR@5R4}t8tjl;G($FG7 zAxtQ|S9G*4_n9`5IDfG9Pha^QE)5mS!v|Yeic^pzw>TWtNow(X6xGhcG+ks+2Kdul(n^lnM4uuI~pSbNE-m?LA4msW*VX5 zaZxE%%b4G=FO6Mu$vQw%wlN~6nt#R+Ssy75KG{JeF;Rx)u@{a(u{uZkjUF4cbwQSFF~XYG7KlPM5f?BkI!!wB*I4hi5QqGUt2CB zFU^pS*c_I!6w?eQAdQxBViN^_5=JWqSxa@EuB^RQ+@@v`*qXa*c@|=S|-qZ`8TTc?fDC}BI8-4YZXaoW?o^qVuFu2MZIeLmd46c z#2_7{hOJremTVi787jO0?72c)*MP!gi0NbOmvvn&24(^*yS}YAd0%3_DEkotfL%s( z0qYS6HyWwNwgrYTRA@~6{g{?Qj+!Bb2`@A%4I2-~kNVKP-bNTwvrkD;vva0mHxnz- z0wO4`GyoJotu{wRAk@sX$&8_Ku9V(n6dKi9MqkrEoVB7PQmnvLZ3A@M((pu6q{@T5 zV;dm{XlRya*t5Hmo9DZ38q}roV8JLA$8s8m&Je@x z^c|}e6Qi9I>!4RSe#tU~%%sr()R;mVuJH>*9jXi>B`x!Y__jGfBL|G(YFCuHn*2J+ zI&ykPE0Iyr=772RwsS`FqoCQRHfM<~ZEH&-XTsXP*nCfaWewVfTLla3($x+!TR1>> zv1J0ct!O+Y^HK3d8?1c{oAu4wEMz*9v>45jbFQowDnMAmPD`#339U39`zFb3F1~v*gtCt76ZABZRI3fcd0nBP zSyVmil14ZeEa7(DJx%H()zS z)4FKa;ERh4pnf?I1bA7=~IEaW5?Z!$=4D(EIci589AXE|+_&^P|b zbawH3F*Oim%fxb;_MHyMBp-Mn``N_4n`-8tHZS3CAJ^(-Lnde#&8-iO87TG@^k}W9 zVRhD6J7(~d`^O4*^2%jPM-k0R6`9b6LfeKts*agimK$9xmpZ%ns5myqLwoYQC(-&C zhO1GbQ*9wxe6<0m&F5OuF78cbFzJ!!fN8%_Rxu11_xO74pereVuIXnMBBb)24Wvxw^q-)F)R?1BW`nS@v!i z7MhUW(v6$%nlO0yu1);xr5z(c!m4gDO z<`S-Tju|e@E*`{Wm}%NMgD@}S5SGjv7}RVHoxaZrDXo=tSL#?yV`SQTbp_IwW+EuG z`WUg+u`M=G!=_|)NurIhr!Q%H=_`>{>cXub>^DDz^%3Ul^B)U{8p5c@9h*@X}8yPCYGEpT*jnKxm2?UFa ztm@jJuc3~itc@wH9cSdz_z{)MV}?!rofS-UFBB`^S7y>==P@n5);`SG**1l}rh_tE z^|!OYR|vBUXgjBuF|3qdwsN8}B!Xlj~*;(QG1~_i>J$>^-j^J!My1KB)d{W zdA(n=721U;Mc8^m`aW>vEw*OQzo)>gzjivrS(f& zT~Bu#6#Lf|*K54g39?K|^n_}$na^U#FncwdTQmFoW?I`9!rT~Q zF?QK`9otr|8Dd%?8$PLGwXZy+6EXU_ro^;YoAfBhI{GS$Nak-_S=4tGD6Mxqw&44g zx^jz_)r*U)jOj?fx|9f$Ly3vd*GC13^S!ztJ#;0R$m|d+MAN}ZPPDMli0w4D$Ub+m z$-&Q~+Hn`jf<+uC?4b_@t_e2HxIN5t_Lv%K@7w|la(;7qYqTC?Ry3rkJ# z$|Fs1YUEA&v33FmV*By0#-Ir?Hx(2Ex0bX=I1oHJO(5e7^{bqpP;X<)cn=aH7AO-4 z{={5p!an^TPmLPg5)NjEG;CC~#oNMAnH}gH>0_|B7Vw&yDA-h?6H%LHmhDGlP$eEI z+EmKo2z^fzR-1SO+96863`BxQXQ(IW>x6d4DHF7D!MvtUNE6^tK>f@mDtVhKN4QA? zqC>dEikc=$Mp2|_ftfNVdq(+GzdIqeS0>Kp1oy7%n_!aGGjZarlo1llfa!}#&rgeK zrwgiMe@;s+#mnSkJjEgQPP1(;e!L(d{cck~*7Y(*5YNt_p617Zme_KcPNb(Lb8A{E zLzVZ*;mjGM{s02p4#q{ljGRiuOA?{k$L6vp@?a)Loe+xIr7~)CZcV;zI+I+(!+p6^!cnn!+A&P+;-TVP_!GQl+4)L2Y%A_)NIuz4@`%C1ncn2IzwZr_I%T~%>6<8JX$o4RNY47xg5gjk zyrTu7bgVR;Bpim3RiAb=uhPY|E{n>NqvA$0`CEe{bCn!=ixzfN1fT1TI^3X8COhHK z)AZ2kA!9E}p%Ay8ri~C%j;R&tSm}nw<7|Jhl`^bU`1S?{ z@}Uv-8eqP&Ll0I!U&@erp<~*~8KEjmn`l@?8cLfgAwwu)8oulzurbP-Qf(be4oulJ zAJr01Lq21~>kI2Dn;XAAU1ou{!iLtw=_K0T=BnMY(j(S~O6-3O6CBk0@{l&(pah?k zDO;J1l-e|0SKu;3qV{bzc>3=DI$sDFDrNjH*Okzuiz1Yf*0kPj$y zFg7L^3ZIEyo|a!z>0x^sBTBgaAnCgG!NN|hWJR=%d2nHd&)#V#&y(bAM3ni(Yo7W$ zHN)JQ5;aR8Giqdp#?bd<&1=}N5%um^0Jrwr>S$W}c=T#oo*vI!M%!@QI533awKS}z zv|`q&RbuR5;H4&JErIf0op2)4MrZ#v72=vE0eNFI=74@-NZkFA2HoVQJJ-N_efA#m z%$P2%EK{TDCYAfqv>CpKh|}_`5Rk$2XwplZ5NndsyICxgDq#|uhE(Jbx^7AqS8k%c zY6ESYneoKRzfhd!8-bh5rs6h?WC!$OZHLM)IxWsrBKg$~l3O(r1`?}C2D=t$hNGZj zn;6e-`{`H0VSjkCU61a{TmoIEnbwuwO0{0Q3>?QG!UGJ2UW zEz_Lz+RQPqT+@%392so5WCm)}Fq-k^7W=tNolDfFmJVY9t;t$_i@FOeUYs*B$Ywb$ z_Hx`p9IxS(eMnr@rCUeVW10J}5^G3C16CM}Ek!?~CqtL-l(t(Oe49%`6v?U9+>$7B zOL=DjQ){dE4_j^IIVDWLm0qk*2O)ILQa_zB!@Aj-NeIH7YC-kN*jd7rY1&UYQA?EU zFPA)v7p(~J(H{mLQGAHK?eS`k!~piq=+Bo zkdH4W*Jy@hKwPTxa*1F>97L-PgMYZUz^^$QrC*_xVcpSY$n08Hl2p*5I&zkSO-eENYU}PBE!@4J}Lij8t<; z`u4Dq6tZitIpA0JjSj99NlzE?Xtj1z5!q>*TA2N&LFXqF*QIb&<5$l9xMjBP$bT|L zq>Cd!6tOf|8R@}@9*?gv0kVq*VH;Bdv?JN7UKiY2K78<1%B*;>pmxuXF`xFF>edB2 zRk+k|{$w;{1Sn|PAsJ@q71Eoz95TH?Mx{(**dhfC=cZpe0VOa&y@?>rYQRhmgk8o=i-TJBfNhG3f5 z_`Ju=tBDazEGBcl1f`{?fI(6wfg~o%)x|P7rKX8&j+wa7ni)*BR5*L&+;EvgWR6jJ zp^9-a9WykaLQIj6wP}RQ+gLKIbGFIr_V+JK49;QXOl~L8>A0oKR!LYg7nT5Q%{2*~ zaMn65aI^@n2saHZ(|(9xr|*>hn8EAvW2TaJDwA@7%$q)Qk({uC#z{>#C#_(U$kHv< z(v+Aj(-aCO5eo6rue6O)tzFi{`Nq0+(cl^#diJZkn#F@xxXU6IIukeUcq7v2nk4qR zjGe76Za5^=EJr&oBJnhUn9M}-L8jn~Y6a^7L{DX9LJXg46w-AQV@GY}M)D5V*sYZP z)?k{dRoD>6^f{C9sPx+D9nBM?j};0byiSr8e3!p^cIcsLi;PLxbj)fNEp5nfW)p#z zRy{6M6b35=TZtbvx=RiO8K#LVa@P1b&6Ld}S~t{WwMn|Dr|}R>^HmJ1mZzLaps!RK z(oWLRaV&S{X)Fneu3Et^$UG{|wNS9#AqC3I=KExEn-MH28EI~c7n0AlVjoh9X(!9% zsHG&2I7#iwHWt@O)rLHxoo7@trtRUErTP`q?X6A+ojD~tzktoDf>~n~OY)j;z`YGq z4Vk&9HpNz9?7YE=;p*c|fuwSb!MD-=6uM_aq-cDy>1bs27-jTP2X6!Kc$t)fK?3ef zhpW2TomO;wb|-t1?2KF-8%87!;iV+Ao|)+M>2x8J8KNhg@q2N-s6L)ei+qfX)#W8m+!zy?)#~QGdXgJ3Cb|8hNgVMor~0|s%=ouDvL>A0gIZxCmWdU&pXu1_ zXd7qquB62g>n?CdT$yRw%f}QjabtU_klFR_UG2ruxXN~U*&4=_ZjlYVi8B?qrTG7n zfilVX)xm{c-!7AO2}X}KY+MUlOf)`b2fDEmP}_wRL!((62CuN2qj{m@=}g;=mrcK( z$u>zU>6h(sO015PU2DtAyl9VX&Nb>?E`+Ri$!X`pqV!2+XT65ktQFIqnyHiSscTx1 zG<1@)PN=<5)J8cpT686=y2`eR%&DV(SQ1Z0h$ONt2{%vRwB%G)M!$2W%@RIM%613; zj|p-KYlGsZMlTeCcpc5nk&ue$h4b6MJerMAn~oHg2rZTkw%TrGdkhL;kAZysH3`H9 zt!y@%uUKS@>mo4}G?9tgj^ZFc6k$NsA$PZ7NXsLI^rBm4#0)pdw4&6Na|=N_-M3r*jRO4U z0+Yzf;M6kLV){!LHYDAEGc`m@Rh)2w#SiSK3Y#w;>e8mm$aK2 zC6xjqYHh^W#VHbt7Ghh5rt5{mBx&i3`>~=>w<}TBRMS_Yg@v2Z*}0~xa6;;s3h20g zF3oi1<~5&M7+*NPYM18Q4e@SfaL@6_W-q3feNk4G3Ia%JWv-rY%`H!KBy>1GS&aom zcTMX{lk?-Y*eGQ$6jEqUXZVTzla4?dGN&o3^xBbtcv+ zY2F4>y#l9BiX5xLVt$A5Z3|H7B0A}w+;KqT#~{9`-kQ}{io*KjT1HK>i6JVNF*@}O_1NfO z=Gy%9Q|6sHf6?N3Gx&9cbp3+>VS;gDA>Yw~g=0C3{MzQ(*{4HM$Pvx|@b!IuOja-` zg+1cxTh1x!U~Wmy+&eurn0K|mo8L7G0lM7O%;1|WxSnd~YyP)-uh8^KlcBIlu9Q&STIQF+skGBxe#Le5)a<+1a~*7(JY|8r?X*kpQY3oWQ^@Ln+&@d$&Q)dCac(? zqHEZ|c&#N9mq;eQQz5-o3xYtG zb?6EN!f8(JKc2e!DM6dz61V z4Tb=+zNWSvhF!lB$_N@K&?~YFV$Iem$u*q=XAGqE{&6WSJ!Pfwqj?z2RPnfj@6eBt z+9Qp*ptK~qW-`uh@zsS#HW<}k<{<*TK#a__y3SFX5r<(2SvQcdX+sq0Fd5ODb|=_g z9az%?6*ie7G{m>w!Id5ai{uYiwKfE_pKbF?HgqF*`k%u2i7{>m(~OEysWh>!RFX&O z7K$W%W6?~ghuT=vFj%he^&cNUm6eu*vxHB>2C=17a3NDVb|FeOSd(Y9%O>i5z{rI$^` zI$*L67K3IcZ#H&ky6LFMX=Y3kD1ghSQQQ-$ok>c$W$vmdGAN)v|5=jijy%8P}mhXDXVtbF=E0-Q1X!;4hFJQeXRs zbuq){(K6ZBXcWsB>bbq63uQw$(QQVXnA-dT%eq#tj~jA63!S_v&|!$6Xi*4_pU8zf8`dqHz6(lai}q##g_ z1+8XZ)q|2><80D|;Xd*DHQ|->=B!$_Vr5RhdYD^@h=#5CwYL|VEUYvQ#~3S@c@JGK zQZE@oEj`=IfpqmHxs@f~9$|YwlHHP_hV?{6#+y>u(HbtYiZ@tAMU{hFoEQLb82?qbU?eG(qq&8>Nk`5?*~zqzl`?oo z4;x~N^d9ZD)jjX3DaQddQTN#vOmDxHK|K9LQfbYIes!*@OVX;%{9sY-gjIYy9~(_t z9@ZM6S7+!#8s^Qif;x&cPBb7+-`O2TX)fCQo7qz&?L>2oc%hcs+x8YS%PFAK5lm+j>H4}Sp)$nnXm%#ICq4g}N~+{~N1G>bb2iItVjk%&Rh>-L)isbG>Ei9V zuFP*(tkYP{zAQDcg$kP?xaFLmdt~0cDjr^KgH?m!bYgB*^0Q@O^fBFZ^stlJ7O)B$ z+ih-PWsY7Ht^|ntu5t>J-Azi-g7mT$Lh^ERAD5x$S)8hLPI56%VTfjJ6H^Yi*-)t% zUmZ@ZVslsdrxqEH?i*t5(5EqdT!2s{nxWe4oN4ouqN9$8isW^NM6JAy8Kw<6W`3=9 z_}^w?u+?TAYb|Cf`o9!6bT17;+UqGJhc}64iDp<(rJ_pHcu38S!HAALY*RS<`4;suuv4brOxh$sKgK@ z?b1>xp~)5oggDnkSgm0oLrlb7u6e&{L1!~0EKM{MFQk?%Q>ZTWCDD+DB(UBYNU(X4 zEQ>G{No>7ftY!gHdM4}j8O7yA#L%vL4gaH}_{=%{h!hn?O7SnX9w^o%FxA>Ac`P)X zk2KbZ5GYTG?5NA{C7Y%ZeoMVsI~Z}2WJ96oQud=X^h+Z*8fe|#Zy1RmPO~Y8-zO&i zwc7`LhiaIWhtw>0jqq+o^tqnjrNlwywfs)v8tIR#*t#N4Q#)IFL5WU9s%&(+o4d}C zy2|eqvwiyrYSKwO)EmNihpeaAif)n(oH-5?LT1jwxK9vOar9?tXK+1ZgoZ)LWV{fS zj%l_}V~TIrn3{wMELb1P1I4g9UQ{gGadq4I(Vq7u^mc95?C;ApUV;ygP!0EP+F`7D zy~{Z3ueRH1#av-uVB8FC!;`A9WZtS-+MLg+aI>q&@^<9XxY*^jT*fRUR0>Wd|3s`v zLx9X3t+Nosy6iK#^|MinwQTEV6EscKC}q|>sdbUAi(Q{*wbie>)7X%m{P>Lnp&(ug zUkOZ#!w`j`w()0il#&0`uJUOQ8;G3i3ibmHi9G>+u?t=4hba+EAqpK&CR(m)-_*yT zYbQNbF=&V6=I%|#T?)^J?ZdWzT3NBQ)4yIaG*n$3Co3H#J~XT3S5L?bd7b%HpV+9T z0b<7%8&4QNqTle;eIa!Rc2m)J+UTRZW2b4`TmR=o!#UzM{amPi-1)_p&NsiiO(GFX ztHZ?)x~eAp)F5hOFj$FB9!spC&3w^aN8FHDvv{l)M-!k8H!(i#lO32dDn#s?G)rKU zFekK|#c1HTJ%9C}=7l|j*fuifX9ELd>X){eNv0^!#~T;af1JvsDE#KCG`1h&XE0B)rfsR?%|YdW9!3+FZ9;um7%&D zftr*z>GuueX&p(JXT${pTYkX`z1n^j!tNTeiHoZ`%z0SbG1}x-GhR=kxRb(sNPV{H zv?~osE$l}DHyxBCWOi{8Y=KI-Upe(*cYY zHI(c=mXmbb1cF{#Xt;7S>acO#?lF_5H;E_4UtFIusQU6O~*XGQnFt=pmdmEu-T27NOx8DgoP$!4Jy-O z;ig+nQ8aQUy8z=(2fO>$WlY<$WlQp`?DrLiC99m)VV7M{p4)=6Zts-`WVN^(YZkX` zVW{z=dP5qD5%O)iQqv8QEFX(xriiBd#X~2sKHTPeE;SdndA@(EU)f8NFdad9J9(hW z^Xs@lUyMymEkXwjH3*}x#+1{t_BRwE)9!3&i)%5BA<~8a`Vg>{CK4HSkGtuM?BAgB z##>zeunxu9vt)08^Z=JQMhQiBdyFl-utykOfHAf!Mo3fU!fKT&`EfNHDdQapBSzZ# zA2h2E9mR203vs>)8i$PeEi4k_K<(DL{P!K3lK#ay2;b@9kIxkK3wlgrCK5NC&MN1b<%gY<} zH(P{Lf_=Z~f~{$}DX&@o@l4jCE3Donvu;Ma2B-rB})EPb#AF57`c?EHn z_9&N1k{Rqji=zc;2YSY(YvbcYnadjLGJ~QrE1R`BWP?;s7dd#Xm3$bBi~b$0XEKY? zN`XyHhew!(n%qQ2v7_Cu#+b8e#o{A6^Q>>X)K#ap(@{}FH@ORU80Sy~$+ zl+;M3v;|>H(PW{d+YMLZr#KI!cWY7{eoNZ}1X0~ANWFC+B$zZn?(9M#m`SHQ&Nw%B z_Oj)x7A;%KUZ->O(_JB+5nl@NWay0gU{2E+IYutCj#2}wko)IGb@NPZ`Snu!(GU?K z)Zd849T!-tGe7k}sl&Q{)8yh^1OG*O>2jD8A?K#aoOQ=s)PSTz>w+w+AWEF5Xq_h- z143o}Ojh8s_`7HWzSJ=>2QRGE@01$_)WatQT1^!j)4DN)WTCR)v+a^-_!Y%m$RN_f zS7$W~4{$+!@?aMQFG!$;Da__jq2n9h^!XrA6Ci2uR~>PE(Tqh@*oW6lie zR^)U{$lTEA-|O@$x|vgwF*(=7UKX3AULsA*d8AO!;8G)4=3e_;Z|P#YaD}T7lZENr zK$ZVXoz)z_o5QGM(g~{36l>~sZ06jcl*9IxnCv*QIbDW_8M&}N9ck9KJi331GrQuX?w6A^uUbd60W;VHr>kd58c`5k zevu{RIuqKVa?qlFfX(@5{NpH=jM!`d9;pu>BHvgD9bgoXW(Lz zo(*IpltS3QunLpPG+T6>Wcteqnv`LHuw{t_ZWd!jCxCtSP4O zGk8qZ`wR0C-24*I;E*}1Cr&*9qprT3*fy9y=*0Y#i6^w?#)(I!+ODAC^kEn0FVlhDO?W8&@IdojZ@2Ox*X`@zwk8V0z!fwM#u{ zFQls*Co28@t<%Lad{CS;jf`jO^o7N0FXX8YkgFsC!N?4a$=*Jbx2YF8TGP#RI?pj_+p#^ORsewQ&c z1`B8Yy>)s@bGH7(;!&NYBLf4JQU&CP?1;VbHd$tQ{1)m=(<)*$o04i@o)KhakzJT+ zCiW@cz42Zp%@1dmM))`VjHg;l=XYjxb)8aLf8QMiZ}k^Jh~~|_C@8-)bG7FM+R|Fz zST!4qbUDYFY1Uk8!sxVqO5Tyd9<146iZZQr++xnV7G}+(W9S#AGqq)&Gn-3>TE|(J zZ~TngzqjX?Cnqk9i%N*h@kI09R-b4lmOd92+R}L@T6_Mik!}{(svC;Ex?IP1N2uGA zWUh5yd9aV=DA@qHT_JxOl8jo@V{mx8Wi|y;x#hzf?r@{gkEoneka^$8yr4 zk!c1Q-%|=BQpPRu8;j^BL2QXH(-_9Zq>q|ByFH%-UQ8ch;;gVXohl-)*cg&Y+v1#6 zDl`8YYz?F>xP{FMr52k)AW?#Gq_-b|uz}x4ws=c4G*wG|6nE^{Qx&^)Tykop8l$t; zRvO%RcdgtbiMVpe3ZX{#N{C-|q^Xo&)vGzK+OZ4rsgR|f5^<3P-KZy;ZI{-tX&3hr zx3HIjE@~2ZJW}22k{vLyPhRp>g?5s;8M4Wt{Fx!#!1~z zVrnm&^=!=Yj1Ph=F|pNyYf35y)fI&brf=ijgPe$hn)h$iXiCW(u1Vpn2rNL1)bxBQ)b0tjbmF=z%3g;8hn}cz>s>IagzHT5Kw_4E zG(fN=8385*vkyUM$=ZSqaspXE_g^O-mF)9$6xrv!ig%lfNXvtl=K^9ncZLbx_X^=r1D1pWWMJ34aH!Are2TjpLtl`>>bMt5Wq~P34fJ|H)z%c`+v8PKF z&Gg$Ogfx$+{O6`;^}!z3BAa^VJ^Ne$_3c1;JJ5vawgCVh;rGu62E+b29I;{T9w}Q8Ms&(aNA&N5`-M#TPMrigeYjlwU)sdU6=`eAn{*V+5ZHXzls31z| z>+MH6N*N_A)gGy?8yW7F4x(R79L%@f_gVcGI8(LRoJs2K58^(ZiZdqlTP<@@s3l{( zrLN`-(oUDlQx@oFI%k-v^L?<7D;S}Sl~ofeE%YaCT3<%?vZLHJ1daTUG`#!64 zXPxZ68m8ck*W%e>uFjej4zW^UEGMpYQ6f|2(a#1#o^b#%zBS#@#X;~#s%N>*Ck05R z7%i$k-t3mTx@1yci)?aVl6;CYEu1KAzA5t(VI{w(V?Q$_7NkaDvLD;syNPv5m!?{D z6Gsf@d@MDQml!Q<0EFH>8}H>-aqh%Wa-5m8Fv1zJi#%vg{MBQLV z$zi1VX5~Fr#+HUn2glBS(P{L8gzsg5^m)2hlzU^D1(hgnV(YcK%D|DIABI6rqX!*C zzi5NRl+-k(e=(gHdskmwUrI-$5hmXJ%3VfTFcTQ;pbjZUVxLsa_g})!vd4@Ox{4)^ zg`vSN9idD_ooisjZWGWMvp~(D!x?vZJ^Or_HN#d`O{859OM+}*qWiaj#^ipO{WwMq*3S?3(><;F=aw4=zQMY=ukEL zQ4KQyzL;_cN~JQIF|UU+^B8;}%BXA!*Ikt1h9-J3+0=7hVXpm1xi-weLEbXhi;SXq znNnF2;QGJ+J_8Y6Gg6ufVuj&&Ao9-tp6>srBDZb4ml<%hj;fDN^!CN-=lWEA(V=QE z6-gas;492pv!>in=Wx#N$Ym6eYuhB2hiSvPyHt<@oRME~@*7pD{32U=P=7&C+w=b$w7llm4E|qt=dvT$m8Itx^C_YmAUYFfq)O~|*%s6iD3PLQNfcY8C|HGp z5Xp>8W-)J_ks+1{4?L)6@TdV#3ZC@5CYp(F;wSOZu{Tz)+fp_WVd$2^} z^jztMo`o6QynVlIpIP9K)C8yH21!9-9N=<&(+B?4!HGBY38cNKY}}`2R~2(%zydaR zBOAxRmw%#F%zpXVqb+8NvRYuYwl^t*{4}qQnq&yGrXx_o(~wQ#e&&y+%#tAoCvX3} zI%J`L^@w}ZM~Ep6IhgqA4=9(+7(R_!!i!DqeR}&pbq922<&GDQKmOf~8DYz6FV{?! zWSzY@Z?|=LLG@VjHqo(Zx*H&%*_Y=>#$kIRYd56jswSA6lA)*ZKHJ&D7p?$q43+kX zhds1k^HdqrdjssQ^MdV-ceV_tT5D?a8n*16@dnq8PF58FI-X=Og4AE^u8w!tZ%dJ} z(v{^Iw>V;8E9;>i;%1rUzQ;z@P6}wxtqk)H0=H{(lbPJ00VV;@;e^S#VJ9@j@vU1n zv~`~YK3crSSGUxKM_!>Y30Ays_+lfF7gCp9kqLt7ZfZa4h&bQ8-EaRS=VmbNR$dR# zyMA%Lo+P>83&n*aaA8eWl;|3_P|@=VD@dHKU0%qMY+z^3ndhMrS3X9~% zO-0qlWsmfWSV@J-yzMv%z%vK7@x~5^E8C)5O-Z*^SkvWHeywV&$?DmnH?5D5^kKh* z+U0cA9!!A+C6kg-=mrB#)z!r@Z(N_j{_edWzZSs##knsL?S{eVJ#5)16cg6m$c61b zj7Svc6F0PQ@)mfb>seqo;O3brG-_Sr9dE32uGgaHf)>#;tA0By_xh=!Rkx3)I8o%? zL&vblI!NUC02fJTfoUDJgTzwk1Kb+#y1)UytWXU1^=N-i!OGFzxZLPrJ0qRF@mRB) z_O{ee4xT8C60rhM?mGVTcMR>n{eJd43-siFA3gs)8HUF=kYYcXzPs91OXh4a3_n9* z?nNrr<1HC{FHt;b~9bfc|0qVOjAXx{P?yT9-O(@1|Y0?d0`1 z1ot!Jl89FMDsc2576E^ps?1SlF3JV8q&bK^dT8e2j7QxR@90Esl5C|!3EGyx%oH5R zXS4gs&BaWnbEw2nENOvvn-~fsr=4@*&&{$=o%u((som_&S=8&rQB0R9wbWg)2ADVF z^g$K_Bc}b>P>l56@ZFI1BI451AlZS0oYLEQ|ErlN_9#}O=T&x1Bw$|gn>@cJ)r_Nq zBk9Bi6~)+Y?y2M!gUI(Y^10@k&CNPo|Ge==EL)Js$8LX}Hwe;>90hhfB(e_OU^Z*d zDeQQs7I1UNmh}=kg)2LDOhHiQI|Z(Nt!O&l?$vek6F*(NB$|jTAa%pP4lWWKy;&Mb;Tt`#4SFUa==N#P~>Pi3Jr2_EKaD1Gng_4s={dJB!C-xwS&aaQ#c}Qe( zT@o3OEeVR(lC@N*GBFrX^kJH&(HqU92qJ+)$>_GZE#PaY7pAZejc2b+un=Au&+63)~& zs;=Nn5u0Y%qw0WdMf5f$jQE%sxTqEH0U`VN+A|i@Cqkl3hHMMlzo&UCuol_L<|6DMEb)E+z1CkMTu?@2JB3r-9WE2UXF^s9zJ>4@H&^Wxtn>8 zvB|2*JMt&{^SY{Rsbq$h7%vb=8)uMb_D963ecz|!T)oDqjGIyjPz;H z_{qlR!`&hBL~2XSqj(K@`~uQR1J1%nYT$tRuq?3gB`NfrCpH{^tLR+m52oerHSy>J zZa+7KtCiR9j$iFo@y~+ETqrn|cs>0xg2gW;mVOJ>ko%LGmG0`_H<65&R!RErVGW5O zq{S_L1*0J6m$Af>Q=Q};6P?8#)h&p7WeOSDO$F0y?&AL95T6;sL!vtP0US=!Yh0(7 zv?_y$`VRO{4}qISKwNqQ9IN|;vT9gs0Di6>f8>RN5k+&XHG#rbwQ{#O1AUh>I8F-*BX# zcsMl0qY2=FR~|3k{;#W`&P2r99bUbb_Gy)A7^rMML3#;N?M5t{5i_$IcW|I*Jvwxvnm_^j!&LBre zy|f=rcL-#XmJAkHA|cqF-N`RM-}e_l-}AV>%^{OttcXaPvSYYis55iLD>-u_6(!`8 zUpD-nYb1J>nyg7)ytF!hwkhx7`KHi`29J+=~pH%gSt(U>c zlJV_Cde;Xvl!baj!y(OXPZ;F88ZXs$3nZEC<_5)?onjZBIyO+>beU2nfB z$JrB-CfN-))^_ZhW_as5EryZqhMx{*fE(*30}NZOZq!OAxH^5aqBiBh;zav4=;tOw zYfoG=Y8AxI8rta0ssVca;qh(a&0`-o8_M)8NSrflt$n1?Yf}86xiwFp6kBBA>GYe` z%LVwkV(&VYGETB_RG2z?);2H+&^lH7(O>DkK8g`Y)-hJt_l~)A$d8ZJBNd3OLF=%m zZrEPlAs?&xSjgyoFOpM)dsU=J4()nokQuGPfzN=RI@3S$U0xrEQ3KbLX4P7 z&#&Gf`{SI7qo6y5L6flE*lum3?|L?jj9;>R=2xghGN~-};M+?SXMKK!p^uR47xTG- zjM+d$TDj&eE-zOw1xw&Vdg7&T`;Gh=N`H#B-#ncWMynSG1{nMBLl0W#qk6C0okZwz zOB3R89+uiT1ri!qYYfCOY+SUndYofD+4?MnygH0E_WJZV>2S%EX;h}o1_Dpl#2dEd z!6iFqCfFJm@AvY7mA#0KX0>_c40!nj2!b8S~rU1M7 zP^)v*X1_&vG*Txc>vVmcF93qbIx?G!%3C7=BG^by$l&)KnKSRltIL_hX;d>Bh6`?K zX|3L48zf6Tv+NyOU(>F=4!PtJWvt)e`eCcGn4}KpG$LPu5hD&~bmK4?Zj2NkDN_Z- z2H7%DVq8DDw;y?=QkIEwJ+&AGtZ92GX+T1;a-%{b0v((WX#FG=9FbH~YYq{=uIuvoEg2MI`H{ka%;sO25KEa10ivV@6UZz2St!MB_uEHer=ZTZS=nJ}xS-n)&C%RBPjQF;6MF z|B@P+2?U83NsSojjWFpB?`bF#KM6Z6V@eQQVY}DdD>NA)q)ci(O?5cfM$>?e8nH#W zDpBo;1N<`UJ&AIiDF-tU&NEnL_pxtr(Wdt%nBC_RdaBgq6q2! zBKDuM4_SMpO2%Ncu3Wlqu&s|WkW0qPbIK5J@?32@-itRVQqJ1uI^528(P3 zsX^m7o7?^D#p`3G1gddMa}d2;-D9|CLPzNi%rg9!CK4?Q>CAn*v3t}bjl#Qgfqh)U*>g+99V}Edy zov$zePl@-?&sLhADR}c@TD{`2U8ZZ-LbbmdxVUP-gJ`men}iUX|FT7H55n{d)g`W$xEF;mab6knBWF|tTQiauHOXCw zu$zvQlUgED=RSMwt*o$i7bq`69|N~U4!7*xO68s!tG<)KAT#>>_ynTFfjc#iU4@+u zx`adDf{x)=C5{*WQx;zm$Y~YX3|rY#2%f^3RjITgirvw!rbAV-v<7wB>^*#t zzq~vz65Mup^5DIDvoTIfk9^)u3Wkd!R=>B%o&h{4;%}HAQW^Rmwt3zjzuOdRZHQ=y z7)bGXd$GbWU=NAl))T11m9~&?!Emq*4eX{{@KC#~*%Y_yx1}OL7#1Z2$RkEWu8l9f zR;g8)sp3ZHdMyrqoX$mTaWvyS;=A)?(k_)-i9jlV+o-lu6OJ>6RRZ#ay&iNm=YV;Y*#!@E^3u-_BQJ20Be z7*FTUp~k`F_9lJlw*4^c700lzLcc5^ief>cpYR z^!A%t+tCTTAkjQ;!=}fpzZc+(<&@jz@Xo>ujh_}9w$48x-VpJdn#UoIbkGhGb)m+- zs;4sYt1IQIY(K1OD5>UZDu<2G^_NBaH$ykgIjSwkcomo$=SP(ObZ6n9J5xVpl(G4Z zBe(m?A~|{4I!o^=mNetyeO$*MeHXVjEl{9Q_{L_H5*oJkyp=2nj&`7qUtXE2JW4aj z5v0iM>6T9lTI-xS@ybe5c`45>O3hK5CG)H4w(aDmlwp%2RVuL}ejsQTm{n4q4%;s@O_W*AD~NLT>G>&wlaRwJ>K)cpa`95tE^02JPQ?ifu3Ln1y0GS&|!^D&!!xox^Oa=(W2Of+RYK zi#qwQ=Xyzb_8qvel`#}$Oahi_p{HrYaaVhQI^+JZkViQJsUjH1T1s*>#(m)pBDstX zx7P>V;bI=ez0o-wDw>|S)*4eR&9lgm=(#C`pHmy1R`VTR*GvlBGCWWq)TUc?qtBDO zgt}j5=Y4FOT2ahywA+nJW+=Ytq6*ZBRlAF}JC(ji-;FW6v z1StJ0j7$-(q4!ncLo}g-L9oY3{j+njq5;XQj{!z8OBBT%I$n-5m5H@!Eo9O2M+M zfcbC`e)EK=k>jx6ES78iM;%nz?Xf*9a}Nl|l9|OBfTdczaICF5cYa~yGxmvYeu0i1 zuNSGTPxSWj2g-zb4TJ;8YF@nxzYv!l$yDoO&@Qr96NVF#wwlg9a&U2NCwbZkJqnKD z#6CV1v@C~v#yefp6bAa#U{FWr(tvYgDD-wtr;SJt$itXY>&@>wT)SAaCzr>1yak8N z2l0&N)F0Y4aDo>R5(ni)NIlKEv%mQ9{89m3XP#Bn53s3(v!>q20A~kY*|4E9Utov8 z@auq=1-r`td9T@bH{&*K$B@@j3WLU8uOmO4-NPn!K8?Axd+OGvqEvip4lHhI+kRH# z5+?pnYP>PaMm7p7LHGQ@bxzo4e73dF3UV_#?f0L)>7iZQ8pSP(4!Mjj#;qsA zRRck)%8#Hyi65Z&s|-$MH#Mp+azkehNM&o#6oL*xQ*62gWpZG9-linCbnRVdD7s19 z^!<#F>hlVMvHd-|Jl8{HkDk}mvvSAU3zbP0=+`AQr+DuRN)m$Gv+GSVTUja+AU!3* zUW>Tyks2HS$a7IGIS5loB{5KsI6JdC+!ZT(M940XY1DM9Ii2Kp#A}bLQvu|BM&(yE z@R$l1sL@y@7E_P5eTp-Ti)XKjb^P2L63Rv_GV;1PD1GNYwJ;pTwD zHZN?jKJF<<^YKy&(XZ~)s}|JGTve)B-X?1pAxo~M^P_xmXA`1nhttGS;97Aq_s~at z0+P|jEA5B(lMl6st!gi{dr-4V2Y80qz&Is0P{!DcQ(@pV=(y4#cLQRVClxCk>{8eC zG@rL(_swS#VbQ@4C7a)$K0N;9#$W&TpLo25&x7l5*hYWi+=ZtN2ybm-bT9!Qn4em8 zIBVu|PGJP*t+T6vif9@lxUZCO^Mcl{W4I_{ozWvm^XBWobrQ(iyx(8AAAE1}_`Q3S zZaG2^`;oFP@?4fx1!r+pM!v|^J~vI_}5Qgk-g#@w7A*{6Vrc13o5G48Y zPz?|i9AGioBS){;IK81_)|7*7#@V9E1DAFvV3$brBYL%h4miv#fl;r&VFpl7+H6T!HpDg#$=J71YIVcyBrqp&{j`IRF+UUgIzQpCvZkiT!Iep-c$S#6mJ(V5lYzFgA3y~pwny?3}Ug?)P zx~@myxP?I-1K;TO9=6KsQD1A}JVgUCg#lW>8^z#z8$+uC7=t;!R zr~KvTsUDGDgkYIv53UeKSy=khHYh`@XHEMy-XQkc!)kF(#ce$N}b2cTb?LmBw9 zeC=zTuz0tueGSCKnjDStK~cafk&E{wPMPb$)Fo@}-?EC~(~Z^z6`|#YtaK&&@uN>a zf2K%MPRfedptOv)WS=VG#of=+blwY*Zk{Ku8Y<(RFnrUAcz!#L>pGxYj*E=(dSEWk zjJrxgNQ7m<4bPrW1vwyV-vYbPTTPHuyL4s&JvJL@>dxP49`{ZtJfcXXO)pd4U@nR4 z&1U2P9-YlD=0BaBqgN-@+k)$hPnAlX{0%lz+mrLxvjZ>b;KD~FXE?zxKc7=7tvubd zp$8pkaSwzbkceKE5VLrp#}`MY5e-$3{iR`F zvwfx1T-fdBIvZeFM(!LK&3(0aiN);2`Q;@U@_JE8S4$c3q`>gRIInm&zhzRW>vSc0 zs8_9AHQqMHos9$d;4!H;i_7zwJ#8CWuFl2|79|TSCC*2F4dz|=On1V^5m@$9+14Rt z?AW!~y{`T2?0lxj;QM}jBA7rFUEqvjDmwR8xspr(1h;zq*G!X*e=$FKA!L(eR!cZz z(PgKdqCACxHRm2cu{{dk?12~TUtG-27Ox?T@ji`;sQ&lMzu%$L*-W#Y@%$cy=jNjR zc(MQL;BdxbUo7kc179UMt{vS)(oKjm+z=+gkbo4WP^l9#9vwyyJ1;cd@@G>Fh)?vF zAzKoR9`#;9e|G+uwud74y2UT@aqT;|%I1nFfBBh3zIZ9l#4_>_sl=jv=ZagA2(n~R zwe8V5-}Rrgj+uu3=XkT3fo{o&qUcBdE@_UXYv#(zEX|%OC=!tT#{WxZ`r!r$LytE|6DTl`PE8^_kRms#X8I-#D$ri@&fVYPYiQ;;GE~zoY|7*LyEGf z#2UMV|Ywu*lfnEAG;-_BuZi~dv zs_%9ap`BTPgB3n<&YqmyhVefsu=qNLwQj)_wc}cSaE$}(NeQL#x8b~9!^3D4ER{+7E zW(w;28}w{9pf?Ge;6o1e8tnC#sgZp~M{p=967Sm0AN&DHYpg3NwUmT}`HyG^ix<4= zyVPI(pXH;g`H_$2D@X;jjLm)Jf|=_g6whCNPF1u35gXZrix2O*N{?c8+uCn*a2wB^Si0<#g(yff}yj|5fWwHEMkPA5gm;P%%k>=(}1-9Wf z4z{kg#L=N7#@J;KO^9Dl1}Q*;c@D&VLNqMZ%5^FL`3&i;#}q(t_9ov)1VaJqEOrOP z%n>wsHY#AOsuNe|s^Uh!=~i2SB1P2?eN7lt-m!8}<0?>qTUUbJ&nBK}*?3o{JJ#N9 zpbv;c#`Spjm`oD?2T|9i_1}$_=)0~2Lv`~=7Q2ePlLo?j1a+Hrz>c`BSd?~o;Eo;h zL<_z=G^7cQ%qw#n!PN|?HtorL6Z)Ol$*abTQhF{Xt}n98VQJoOE{2f}4t!oGUGBz$ z>Q|8*wS&XqHQt#8MGBiWO4Ik1liDO8%eQ5Ez`ymZR!m=TPvEiUNkY}PlDva;JtN0$ z&hven=AM1{oXlaghzZLNM3Q-wuk;UuRc?x(Sl7UM~3O-N1?rmcY4ggD*zu#K9UNn=K0~}Ak^7{ z_O5s!P0IeF)DW-Lo4L4Re*WCe_QLa%Cs)mizGOr=NfM_TQd9eemV|d(R#``e^#! z8yubw5jwKb|9Lk3KmX%@|MKsmF@myDc$UJHVBQu{IY9_!HnL98#P^TfL%&^M2-*hu zk;QDt^%9c_awZb!VX5<&p4F_M=`q~O^Mx0DU}$e;3gN+&GR>eK+UM+ZOzA2puobhD zv6`Dr<)7rooA%mk$d)XjT6nb5uQtPo?RaWZ%d(U0kFpc8rjZLYBVM*ZzeF4DkL4ue z{3^MgZB)6sU+an3=#>RWv*Jo5*`>V;}O|Up3EM64&xb`PfB_+zmRpf_;YTy73T6Gjc$GG!C2p_XK7NFGU zMInuV6h!q!{ZL6EluS=}48)peYmP^zFV%<}c{(R`Gh9~mHLee>Eq>{7=R2?1=sX#o zO)&b2)M2ZW!#;7Hn&7mC`_;m(jJsn$gwn4)(z_fiZg+3`@WE$q|MdAcU*ZV*JG1Qh zIYK>P*x9)uVw%kjt8>?k;MB<>S$p)%>+1QOE%M3#%9V89JwV8eKx^GwQAG8whYxRq zs^=Moc3woGZF-8ZceGi$awrK+RhvqpzInmob@MWB2pZ%ouat&+?B($h=jFtmDYSms z(AhRjcn89L@rpt^cfvrrbA|!GOV4BJsF6Wg*2ngxENEeqqL&thaC>*i&N=UvZ|JSn z0X++M)4r}v&xdWVxZxs>8}cNBhaYU1oUqZj$LOoQjy*Nj411V$7!;5!?VAOs z4sSGWid@(;b{_u3kX`pE!eINpzi{!;v3}&`dN!8w2b$|s%n*ZpLUsR%f={u~x*jmFQ8I4Otrl2&FV3m*%1O`<#E7VkEswnWA>0 zqO6xCMkem==sKV0c?1K^SD!Qu+$K$_gY{|0oXql!SU(FJ`l4_TWu-V$oJL_r(@ z6ZX-s=NO31>0Uxp>A+QKrc6!Wx~a`ZlnO^E$?P*xOZZ)i3pL2vO{&3}bJI&dA%COh zo-^OmS##K1I7WXkHO)%ZD{eHAO&u7u?6>*-?|jNi6T0@&-fKzJLkqjA8o_HyRBI6< z#x3g}+O?de1-`#9QgNiByV(*xwN-xa2KmgwP%+MeBwy-To}HvOa$B0xD&o~0oqp}F zhNkbj^_z#IXiJHWB!`4$qW8r;b;m?1z#~8i+_%m9RUw!%+Nb5sZNG( zU`@hP!XJvUcf6EwEnCj=d_BTOdm8C*nS{4cT~~Vti5M+P@U%pU-)yORaF!`#dz9r> zq}bM(WFU}K)2LvcC-6EI?NGBPB9RBm$s>f@ILjvqB1No;5!9QN$ms2#mpId!z$zdv z%L2G2bwEZz#-uj-(3oUhEATE!ZKb|&v!`xjQqot%&!bJehWsRxhiqj}D@p(^>!QN- zo9B4+4v$|M9B4L9`Lv`TZ6--sSr%kk1LKhU559Qz^*0Y5Pn2;4Sjycpo0pN+z=DSI z+)SEee!`J!%=Bda0vA~G+DqS|w7!l(i2_iSQh}s{^G-Br@gh08v&paJS(R zv7kS97xH}MQpm>5+KG6Gb3Hs%$-xa~EH!Yse5gS(T78o_HWq2>WD%mN8}!z9Iy|3 zK0kx~kNuem8U}oP_TprPoP-=Co@!u`w*0*%h z-gPY9=IIAXHs>nlI+4!X@IWz!lGD0lKR)`JH~cIGScfDPo`{A>f{OzTmelGmZsB($ zBfwayS5=(qv9tgI&aN)cFW~xm3(ixa*|Gw{K%<%ZkAUIeU^=3ay?E@68c_1dSeTAv z$5&!)hEf4M>P1w`%)NTe(9ftfub5_*5tOFKi1g@=kIUbcimD3tf98z&=L3MPBUn7- zz~J_9>j@)I1~tzD;>OuGdA2yEY&daE`Q+#UDC}_(|GJ6-pP&@;Fdow$A@aRo-Vb^x zRty8c$Fdbn!)cv9!j0jUb=N#U+f=o96`c%iAZ+|k#G{y0;AAs>kW4C`{CavQd6}-yHL~5 z!eK>Rg{<^xs3#_l^-TN8-1FKaxWq4qSt73IYGLt2Zm7GGLxfF3R-vfzL{#kx6 zRTIcI757sou}p%2OhL-%x-Kx?J~nO0Re>W%szUm#Z;H>e4Y991*rd{S5ny%W<~RS4 zC=Q!#Ba9au58|dgsOG0oa{z3DB`V34F5j9PwY1@4KaP2Wx!z)AgLSKhALlK6V@Z$jm9R zlPEeug-o;nDUP9dGv)2v{?|YHM56Kb4Xe_NUon z*E8#@d(xsoKahs|s4u&ddl0tRwozbFaJ}-_`(AqNZuuzatfudeRVX8BM3I!V^^o2> zQ;#>a!XziJCiO*o-D*?;4$af1SgeoW-wdzf8i(F=Dcj6=l2z$n$vzN_goQJxrNQdx zNU*dwI(mN97JT*K*}b~Fl9dP#Jei{cQs28_MRAQP=hR7?VrkU4cdL8XoaOivlA=j% z`3CzBZl6XJ-ZoTKX>+b`eS8aB(>OQVW>Sx}VWFTXQ}0V|K*KhgDFzL7Q{21ttz$J? zCV;0NBhJUS>uZlXsXFtWdS1r65h*3`U8-OKP?7la7fKDDosskcLurr2&(f<{>r^W1 zmuSH7M6I@hqQ9n*A>O*qc5!v@olQ1_WcdoVj;##T_*aefn1QTV(lFUokzYsn|9E6D z>QWaO=JSI3$E1{qh+|z+xkZiPLf>N1yoT7x0H5l#?BtVpg^Ye#yk|n zDM+H~lUAJYr?moes^d^A%$1Rvx?b70DmPp2jFrJ_*Y`i(eP0DHZqjh-Yjf@T%8X=p zrVv@&yr%tatxs6q`?cNJP(oZgZoV4rcIo(@h3fQwGJZLdaLrAV6C(x7cz@9tgk5i1 z;H7N_tBj*RvUTGMQgEVxj_kQxC-1(@I0#T=em7$T^(b$rryl3KOvuT(qZyYCy0MbY zsv9--QSlQPaaWCdC|X8aUrwWpt$7>_10Ve^KWno^M?Wkb8sy@jKqkX6C*|ffx z;C0)8ydfrb<5VmBQHxD^7~A~Hbba?-?WLId*imt_O|HbH zvlgT7{8|;nAl5(Nm&X!OqOLu>5Dze7!@ozQ^m~!^D|q2y!C;KcMvxk@DG%N9#%!1+ z4Zm~iN6#C16bcw9OX9dki#Jvri;zLYlkS$|MuirnA^LA zOcBVc5JhG{o#K+i{A7M`0ODEa8zI&BCRD8oE9GR@(&eRu6sJ_Gxuqs~-i7H7FI!4E zOih7*Sbmr-Zy3Jx80(RKdA4+*J~eAHdo3~ZG=vJV5hdC^q^orZ*@WXDVFv0DjvR~8 zY~VsGS~aGo_1~7_6;W~!%gj`7a?gH2sg z0smczowBp04o98TA&oXWK`(r~{JAyB~&s6%1+J zv4izGq@dGPdTMel|3byaEOUi_LG_f%xLW{+;24RWP2okw=Cy1?{?|T7}hY``qsCur&+UlW} zGFy>iRdA?ypokCy2W042)}|{o$tv-~njLIsSZVyg{49kFYmMD7>|hBih|q9PNAj_h zr^_`qC$Dj?FJZm8aBcq)G5)O9_U<+Rt-lRPy}2CObYvPK?DOcwIUEcjeL**84kN?Y z9Ob+`>(_?+7Wov=p|KkQSDJR$Dh(etB>Kr_bjs0z;BVI=bhk=n< zuA^w}EYENv!q`PkhHr()w^q*DgEs_g$Gl{F{c)}GfJOv*2)4@NKZS;xk3x{PpP6?$ znM{I3oJ2&XWFASS&^(CA?`E?X#}{&5eb~6}KKlLScV9nw_UP-!dwYAo=O;5yKbn3h zLV-Wc_g}vK^V!ky(MSDveySf$>OeXv+mSf%m-W@|$tWvybSz?#_uxMYZV4x`)Rjcl zY-=TMrEh`f)gcoqrmzRX_%E>Ky=_C?{acT zCXaBO9sjNibHq=#tp3eejW(v)<&r|PE(}_+n4u8$%>??|+1c*Z&3H7L+ zn0e-JN);yAOlBGOE{!V29;Jq+?;DW8%{uQ=&5!lKxRNX_V;ujm-N=cZRTcLezUoW^ zwtTd!dwtME5`TI{raNooD5CIGDk&pL39(HvhKwA&kJ(a{;9)Jre*1j!#~EQLVx#uF z#3W-4my=Wd|HUh>T^I@gfVOz;;aWo5MAaNq8mLI;hmRqhkFuCtttHoho|Z>8d2)G9 zNt7!`@P`+G({HxAsZ6{U@y{~DlMxzmM(6beZqpxLJC)vVu3eWhVj`73d|#Il;eIyJ z&fKvyN~2KatDRaD6=qzE=q%6U=`a_78s=^jXoc7I%HrmTI*{65Mv@3d#X@e!uEHYi z)AHwgBc_JrQP{r7?MFSSWq;jyKNIV{nttf(`^Xj(Qcv6=z_>!=lL%y=h#WJM2u@aD z<#J!`_NJIbdSnrA7F6-Ye0VV_=f~C_OG}|qfhJ#CaeUN(O8n9a!fW+m{j3fSjXn+h-Hxm;8pL3|t6_J+Q!=+*n2;J>Z_lSo7!cDu`w zE>{;sDP1wDM-ls+>GkOaOYmhd#WP-vP^m7T-NpIRETt*mK~dP^FFf?~kdV0bPd@X% zvTw?Wo__Om>K48)&yd)`Cyb5hE|%APEhWslw~j96$0TUi@1o20qt|q@Xuqi=H^ydv zWIM6vyE+)?`X@gbLXv-EaD^a;SdM1X7d$tiQbYdn$uV@z>t1-lnz^#*m;Me@(1n8f zgeP$%+G_G2AqJ%Tlpo0KMGLX>7TFPIdVcl~R}?wDQY=M$dmC@7eM-&_6hO^`>GCB3 zoSKNv%Bo{<61G)@+`ujL*n(k#LigLlE=!J%V(`B~Pd+93_u-bdsd$tidG6BmaAj46 z4mA59=jPk>liaq4_QWjFX55YG>z7K;Eztzp=oc?>?Ft;O`+kS(74yP{EqDFBgFoP7 z)#sxrA>;z1W3i)GuXT5?Fab;HtJ_4z|DkI`az01nK&TcgR6p;}5_%sQdRu zGkH?jDAzV|7*n0jR`!%hyEx~wfy{P|xhRrykvu1~!lB!5o_e)aw(gGYopaieZw+_x zurI^)v!!@T+jmXOgH~_a2%7Mu@N3!>*?XU^dqT=M0f3{xjcmh~gbBM(ACLrX#zb%f zc1oE*?^3~X?XP_vMMXr%?aJz|MOteP3C(D!0MWXt_5>yf+kHlBug<@$7AGfO;7$(T zBZDA$?NRkB@?cB(im82#@V_(F$H~DL3Se1U3bQbsh9VqGYq6b?NZfeNA*rtJlo6Dr z@hvoSv?a6{t0eLNa)@p%OeSxIM1VrI6ki?X9{Jxlt5;mzLm~HI4$QEMgVL}k#g?jo zC0x30KQx+va)a2Ro$E~7^B)P3@k{iH+@Kb0q4TQim@0~Z?WCXYV2kEt9F-asgu)WP zA3l%xJXVSDz}71ZHC@*5cZgJ!*5E8pQkE2uIvoW&&etSS99lJ%K3JTI6pOEP-%Im? P&tQNGVW+VAYX|thYP}i< delta 15254 zcmZ{p31AdO_VBy73HOzQkfb3bB#;c@z9L5mfyfmS?t7ASk}=6lm`MoXFe)Mf3PJ;| z2m&Gsh@zs%t_Uiuy2_!btQTIWC@bFXf4#ro>+T5de%s{L?^ShGb=9j^*Rc2fMh|^k zulBvR4K^uF)2=5-gL-pKYg$j!T1RS{r1#Y|tv*bLV-R^x>YCO8o`Q$q1$Y#0>8xpw z!x>#PZ3S!@uW3)hjW8XK>#AuF!&R^+9GIZhYC}*;5;Uz7ybrd9&%&1QER2R9!fxP2C!)|b;FiWdfX4jK*QzoT9m#d?1WPB zIf(VNUm#Y};<{^ECd`DAz6y?j`=K=KOGs8Nv4>MW2g>_}kU#A(fz+N*Dp}fef#9$mQFR&TGFxsizxe zl6(`OG97{THKom zs%F4AcsC4(PeC1?g))}kx#+W$504 z(x8?E(!&W*8dd}2;KOhtJPpO?YGa2xPBIFL1uCKRcnjNuLPo!+^^Wl7vf!+?5tVZXvlDD3!&sc2(#e@$VAanM?3EeA?~B?gvoqgJCDM! zX^qD?EzW|}trfwga6gnWOr|#6LYoVv;;jVutM)0R3a#_C&Jyi|^NBwQC&1=ood(Q; zl79n~dQQRGB$Q_39Ovl^6NwkYj&LoEhkK#)=oB0de}&>3L&vkH!^u#5U?=PbpMp~F z1t>jlPAkOgM?&dn6^ww7Pr&{jl#?X1gg--ZmM~m28pgq7I0TC64Jbpk9m+cKiW_f` z<9xUuOdx%Z8($7%h(8F$8UGF&!w+Bs_*oA2muYgD1o7_3NzU|}1f_rhWsH}?o^ZPx zKLe#_-$LnWaxM-DbD^Z4htkvbc}|1!pww3bW8oc8EPbFBMaJYD#9CUL$!&un7JRd%&V8&if5e8t`{F{w);KCQo(pjevcKmqVEiJ7FvMER=G!ucAmxeu84E z&eNQX!=O%l9+YWzgPVRY6pK6u#d4oOX;ACwPEXTa=0kC^TcJ4f^H7Gg`3z@BlVFC- z|6G(*UTlI<@HmtYoOh|sbf#B4Y)5)7l>9}oFWd-q_;)DfFTqZ*!7R5!P&zmaGAddT z#7Np-V5!XiRlAh`(wpVQY8}Hi8#nL--{W zpZOlfz^-$h@);1n)uzEXng0)<#KIS#nDkTF0=AjwOtUx`M!X+Pfy1GEpd88vLr^}j z7>Wh%gdO2yuopZ9rQyFr@%r}joqSQSwk-*LP$FR#lnUoTagHJ=4O<7LK@UTz@CbZH z(L*TZ4&*aj@I}~!^!p1m?KMd+Wc=ZBL(|@d&5NA%;v#&4c;8~|KLX`aF^dRHDRDk{ zBa9%v12%()VKh7eWr6tsHi1oiPEXoEop=w}366uEp$|&K*FfpmUC;w}K(W{vU#+ui zT_)ig5_(_fumVcM9){urUqifA>s;zMXCdrId?ieWPeZZ9PcRO)D`Sg>eV~~99ykE* zf-)W7fjVqeTka@na5xE*pv?CTP@Ly)P)z;&=P!aSHzaL6N-hj!l#Uf|u2EcTg|K%w1;eAjFdytUO*rvbg7n0!7IXIc+s8-5gaf^WdV@LMSFQrPq zWICtA;cynL)ls&hFc#X=Pzrtpr@-E{E*stor9o$*w7mWej*}+CA;f1xY2ckuEOZ3Q z2QR`NFy=<5f!VMF@r6)^KPnGXjMKM2KQmtkKRyUJl6>`DAqm<|uuqR3eO0Of;e ztDP~O17+-%LFwsTFcuzz(t!715^S@^G5ugD7Mcsi+3tWc|6hRe!SLIho@c=^#A{)p z@I{o-D5Me&kn+#@KY!~3SaNeci5eH01kv(U?zMGO1a1lj>*SDamuC8 z0}n$n^+i}8b~PO)!4#SQDJb&68Blt@3igIaVK4ZN%lM6sg{DB69d|>i_!}tB=h@`! z>lHAI_%l%IX}sC_U0^VjhHZf|g*18L%Jm>)|!Ek_c%-M94NkU0E+2fg+rmX-SL@WP@HcK90gzBj{Uo$ zbll;XWEe~(z8FgS9w-%_g3^GmUEthgImCCt5%7CB9QME08OmxXKC&N*?|cKL z!JT$F=ZD_AYMuRg2nlJt7!F6m1+Wu*0=9=|VK;aYN`?^i>y=wncv@dBI*dq3n@ZWW}Vwc0+EX_5hsf5BvZlVUGjOm}f%i*)34=pMhf0U!atWeZ=WdHk9cYfD7Qgut?^A`$s8E z!V)+K)_cqu%lS|&u@Q=i{|cpN|AOKZu?L;^ec*M(XF##g3D_83h7I8la2)&@O8GI5 zyY~k;i|=bIQRG7xpp045C!8hO1KSc`2&3UD*c$GJlJ5{~0N-)>0gNa935@~D z63iw(2Fm*lus%ElYbD{YDBAJ%?cf7Yoa!m4U`qmVPI)>w zu){>s7oqin(jYI=1sz|s?+KS={N?#8(w`TnVT>g3G$mevtU(_S``D>YFd48${ptCY z*a$b}X8014MLC&OZIF)WGvW701@a+cfB$D&ae^E&4Msk7(|&;;Aniz#rx6sVx(*I> z)5_qtq%ni-M-eYWn~!uxW)WwS*t6snh?{9YApb%F(*J3Qj4zIDd*)_1okDd_HF|p@ zGG>wJcffT>PxKIiqig4oj}e&(uOh!A@(e>tY|RL{O$PBF~o&wCOH`q>n+eh~I^H&~JxtAeHEy5P4eJbo<|cgs<#m zXAu&0fE)jt%NFn(WFb-yk-0v{t?XX(;fTx*nNgL8}kyUyLkq(@1iTYcNtGJU-sl zR-vTXQDzonO9Zj=UplBMEFl68$A!+gOs38Lbjm4jL1_?d>niL z*@H|)c%1%!=S1wSbRhaZq!Y3YnSfmVoOB~P72bq?5ZQ&)BR&k-i7u<=GW6AO4$=gX zXFakCF_7KJ>+=1^WK1P;JtAlN#qd@n6S?}?M5G@wk38Lw7(|{H@Q5gI6w(ki7Y;$f z(65zuJdKf=qzy;pnGgHcx{>xSFY{s=`bt;>Z-6tP4_^ITB=Q{6$W2Ue%O4`%0KFQ{ zLzW|5k$l8Lu70|cFL|_^@_#S~8SPfo5q-b=?sM46e6?@8j62bKx~cuhX}G!nLfUI? z`fV_X)F27ScBC01Pmz*p%n$lDkbzHiOaC1`5B)`0?53gGhv13C+agPdUqEJ~H-*0; z^6aofPTO!O@20@B$YY2+hmo$NCnNGa;=pmd!9+rCLID}V5NTN5^9f2JY0=17Bps0_ z1G=2l?3Y2#rs zvXt~2VE`V7v9Jp~hV(#+kZ#Bsq%ranrkSj>93V@PJCOU3!-%S7V0vlJBeUdpo^;X@ z-L(2{nn7CU|43U!+CVq0uI$TK<%@L7Hoz_avpy{>-CI!U3miO?eTyX=Fe3F%?Jl()2n-&<}B)zWR~ z=7PMW@DVg;p|{c~)Ju(;P+6c-Pw;ud%*Q78S7B!Klz6k*l-9P^hj7A_G{R$3k_fv^ z9Y+|Nnm~BxRFCqQ&riJ`{hevo)bn>Uqo;Qw^4auj%&3`CblgnIxL{@%LUU$U!s)Xz z3AfIYl&rZU2v^P>KzMX+GU3I!lD}r2r1zWOBQZ=H>Gk_*UXjmVsC)IIpke4`fj~vR zx1dxnG#2^_4B9<^ew5j8b~uG@n4d!U#r#OZ2Hwtbe^gM6aVmm=0wWZHJ~3$xB{RH< z#qu=>b8Z6t*^=ystg1T^JsNPUOiu!s{ipS zWEiF51CDw0Kv5B%K`m{JO9gB@Nh;oxFVEZ_B2lwgj8knRiVGNj&xUSF9v-?q;9 z61=rUobTn588}s;Pn_*GUo7Esz68FM>8=Q~bw}!fyKZWKs;#*ba73S{;JD8!$NON_S zSms<+5A#yhz2{L0Y(;l-^DTY5R{3QC^#6I_b)R3)%FfBt%L9cnN0L^K zr^v;XDfPp&G3Mpx`kL9dt~R4r-9hSutE4-p?Qr92@s1;_rE8b%aKf6@o?%+HztRW> zt14t&%dcU%2>FWr-ZGE8S?DeE{dvwUxILwZw3@-@<9}qSDD%=Rdx6y}yg`;uDwRoi zVXZiG<8^U_Bi8k36{d|ff_|f{&YPO9@A_Y9>Fay_SK8<6JN;MMm<@@YrM?>32<*vW zyOu|1`Ri7x%j}~CUu~Gkw}+ZCRE4I8@TfUD!YSu0;)QxaiPv9jyH~@FvTT=c>}Jm1 z*v8g|6F#&tlEITN)s=9axyo_MzirHH@u&CZflU$2lB-KNYlr=j>`igzE1P7zFK znv%`kP6q2CZ<*6{arV^B$+-2nDP!}@_}s4b!Zh<(b)-2rH;ko0Qm<@8RkA?%oB^ZY z+`F>PtSu?Sf~Df=c2;*`V=SwCOgXCw)G_Ze%m0zvG+(getRb~YkRtx zvO^|k{*Gm4_`MZqx7?d$s$JqFkKfm`mCjO?n#$@JOs({l8)oy}I&V^Tk0M;KyH9(2 zhI!fB@(q7MNjZI>%O`j5F>km(yB_N5J%h=4V$W#8W_x8@9JhBq;r_jYJLpnw^2pp7 zIg{O`S==;x-%|6JeKOyFd`PCr>jz{NZ1hNSls6QrC<%H)hAe=#mz8@f3rZ++=#jXF zVfNbb@S{ChkD?!&pUGO%&(o_YAt6N{HF<=dkk-4btZJ}>6g{CYF&(?a$dxdt<_fEueg{MgHj>#*c#bU3-CRerxX)qgBQZH^8wmmeEM!(Tbp9%*FO zduFM*5%ZzLD zd^@xH`3Q6N^G(bX&-=|AUYMU4(96C48okm!$QTQavXH%&xS$hyp2r717=;2UqeBz76*IucJ_GnW_dFCgt zpGvPRk)JxlePKoy4x4j1O0 zb7HF(&WV*iJ14%A{*PT|&o|54k&)w#9N`z%opQ`(Z{?aN-@0>}bAZylWthZkZ*gov zOnQ9EKJ)wMl~t97vI0TonpVykC8YVQ%JYq&cJ;ZEgGafyqC%X}Ii{PZ-;QZh&e1_n zD#YZ@X+7Ee_uEsCd-WdNYY_QN z&-srcMjL)3=;e$xSkDOpZmyY zJ~a?5_U0SaMzGQ_2VEFzuDCFAm|k@J2sZZ_dS+Fyprp)ORkYZkHaj^dV{B$tZ@rwj zto8QIXuPki%oj3BtNewApNqsN6V0QaF5rrkqDswIayoEah&OM)xY>N^^8w9L^f7V= zqEg)qT*@*(zO=r@1m^-|gR9Y{X!C(fEn@Qc_VFX3kWp47PMzS>y`>o1M`Q8C-~K5V zmD(>lnRCAom#F>X8p0!Aum)RgI;)Q6b(iJBasIMFnDJ#l!s;*6nGXlQ+=braYuOA| zelyY>|J^XO+rE=!_~>`Cja>dtPA-jkMN|ZX<2p+$$QZF`&Y-7=nuYQ)j z>Of2tD_p$9@sj+DQ!QSEojpKmA7QrDTM;_je9*w%R4A zR~qFN0a_g7iY3FHI>x><*$&HvR5Ne*vBRbxRf;uyziMv{R7#q9K&g(_8;um_R?*Yg zC!Ms$^%NszCDl_5mGx3R)y3KqqhwZ}|0T+rU0-p)GixpszUWV_DDxs^TJenci1_E zSTBdE6!toq!T!{V_EpY0QlUCoZJVpUt?i3Xo>3}SK|ePitE##3bIzI&C@8VkXQ*~@ zhCVuHbm|pXXQ?xMx)ChpUX7bu7@&QFOx7Q3QY#hNl!b|@$S!Q|3d{N9sN`fyh*J@i!e=^KyW^CMi}2}v&xW;bCkJs3fs`F6W?#58X0%!HiP#vr{hpWzV zpXKOarDfm&ZAU29O6TP}BkV~`#(_-sD^4o6ATfty0DD!YLHt;S)3RCfJAyTg`9?Jn zBUK?-GE%Y1StBx;uy2gCn}lA-&p%fxbr$(T*2d%av609kZ+(zSe~x6@GaP*^b$|g@ z{wT$vMRZ+O7Z}x+6M9wUVoGtsHbw#W1ytyn~@{L!|JR*Y7?>n=pUeb&8B?eV!(a$t<@OVQ($QGZ;Z*lM*1ho3l} z@~Kv@HuUkK@hXaAt-WO0DUn_dl1>Y86b=(yhMX?`G+rgQhD3>+&=;-CFBaO_~}(cKCd;_MGWzto6xs#f8aIv(%7wI!Ci0Tg6p3 zBy0FQCh(eBiXQ^4M`p25gjw}wtNzxQ+4cm!ZZ^%+t?jebQETKp6=U5tM~##*`eh!= zy?ihRFJ?>3k$b$mA95o6qY*jtRStFTn6KDMtuN=RDsfK^Bj!VUqpjs$6&;sqJDYQ} za%*6Jx>7~Ye08fep+GgWnitrexueLQSznjXt1xSC(C} zm1%r2q~haQT7vwPxVTa;l!Kf8UvrCL2&+{6*srFFwfx2Mt6;hH#6o+9d|z#^IQtjb z1JJ)l$x$k6v8u9H?KmrZi9P5;mZmhpwYgF4unLy5{j|SXWmqR}R*BZc73zK7pScA?#H~~ftu2xE z%qJn<`U|ObFXyhrdBbj1wTUyUbPk044m%37V|e?FO6Rz&rPdjbX63EI`Q*MvD|W0> zT^l*qHfv@J#cu`H>f6*9&~U990*0@(4bWzty)Eusr`or54nNc@$8c6Zs+4rA=N+m^ z%M7_~6$g(WI=-D>f#gMu)#?t_oT}`q}1;Aec^WtRlGMabDmFLiEq zmGTR2sPg!sV5QZ5tL=B$TW!DcZ?&y|eyciTMc$+KhmVlcKJ~iiSg*g#C^r1oob76k zHDrf+EjO>iUrWG}FicFQ%vnz!5Dj#uth@pT6?YwkYP$TIfHaoBorpM4^^uumoN G{{I0arsd@T diff --git a/po/de.po b/po/de.po index 66d895b..808523c 100644 --- a/po/de.po +++ b/po/de.po @@ -1,541 +1,865 @@ # German translation for the cryptsetup package. # Copyright (C) 2010 Free Software Foundation, Inc. # This file is distributed under the same license as the cryptsetup package. -# Roland Illig , 2010-2015. +# Roland Illig , 2010-2020. # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-20 12:19+0100\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-15 15:19+0200\n" "Last-Translator: Roland Illig \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Poedit 1.7.5\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 2.3.1\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"Das Kernelmodul »device-mapper« kann nicht initialisiert werden, da das " -"Programm nicht mit Root-Rechten läuft.\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden, da das Programm nicht mit Root-Rechten läuft." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"Das Kernelmodul »device-mapper« kann nicht initialisiert werden. Ist das " -"Kernelmodul »dm_mod« geladen?\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden. Ist das Kernelmodul »dm_mod« geladen?" -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Verlangter »deferred«-Schalter wird nicht unterstützt." + +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "DM-UUID für Gerät »%s« wurde verkürzt.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID für Gerät »%s« wurde verkürzt." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Unbekannte Art des dm-Ziels." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Die verlangten dm-crypt-Performance-Optionen werden nicht unterstützt." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Die verlangten dm-verity-Datenbeschädigungs-Optionen werden nicht unterstützt." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Die verlangten dm-verity-FEC-Optionen werden nicht unterstützt." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Die verlangten Datenintegritäts-Optionen werden nicht unterstützt." -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Verlangte dmcrypt-Performance-Optionen werden nicht unterstützt.\n" +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "Die verlangte sector_size-Option wird nicht unterstützt." -#: lib/random.c:76 +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Die verlangte automatische Berechnung der Integritätsangaben wird nicht unterstützt." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "»Discard/TRIM« wird nicht unterstützt." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Der verlangte Bitmap-Modus für dm-Integrität wird nicht unterstützt." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Fehler beim Abfragen des »dm-%s«-Segments." + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" -"Das System hat keine Entropie mehr, um den Laufwerksschlüssel zu " -"generieren.\n" -"Bitte bewegen Sie die Maus oder tippen Sie etwas Text in ein anderes " -"Fenster, um einige zufällige Ereignisse zu sammeln.\n" +"Das System hat keine Entropie mehr, um den Laufwerksschlüssel zu generieren.\n" +"Bitte bewegen Sie die Maus oder tippen Sie etwas Text in ein anderes Fenster, um einige zufällige Ereignisse zu sammeln.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Schlüssel wird generiert (%d %% erledigt).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "" -"Fataler Fehler während der Initialisierung des Zufallszahlengenerators.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Laufe im FIPS-Modus." + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Fataler Fehler während der Initialisierung des Zufallszahlengenerators." + +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "Unbekannte Qualität des Zufallszahlengenerators verlangt." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "Unbekannte Qualität des Zufallszahlengenerators verlangt.\n" +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Fehler beim Einlesen vom Zufallszahlengenerator." -#: lib/random.c:211 +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Fehler beim Initialisieren des Krypto-Zufallszahlengenerator-Backends." + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Fehler beim Initialisieren des Krypto-Backends." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 #, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Fehler %d beim Einlesen vom Zufallszahlengenerator: %s\n" +msgid "Hash algorithm %s not supported." +msgstr "Hash-Algorithmus »%s« wird nicht unterstützt." -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "" -"Fehler beim Initialisieren des Krypto-Zufallszahlengenerator-Backends.\n" +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Fehler beim Verarbeiten des Schlüssels (mit Hash-Algorithmus »%s«)." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Fehler beim Initialisieren des Krypto-Backends.\n" +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Geräte-Art kann nicht bestimmt werden. Inkompatible Aktivierung des Geräts?" -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Diese Operation wird nur für LUKS-Geräte unterstützt." + +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Diese Operation wird nur für LUKS2-Geräte unterstützt." + +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Alle Schlüsselfächer sind voll." + +#: lib/setup.c:434 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "Hash-Algorithmus »%s« wird nicht unterstützt.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie eins zwischen 0 und %d." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:440 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Fehler beim Verarbeiten des Schlüssels (mit Hash-Algorithmus »%s«).\n" +msgid "Key slot %d is full, please select another one." +msgstr "Schlüsselfach %d ist voll, bitte wählen Sie ein anderes." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"Geräte-Art kann nicht bestimmt werden. Inkompatible Aktivierung des Geräts?\n" +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "Gerätegröße ist nicht an logischer Sektorgröße ausgerichtet." -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Diese Operation wird nur für LUKS-Geräte unterstützt.\n" +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Header gefunden, aber Gerät »%s« ist zu klein." + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Diese Operation wird für diese Geräteart nicht unterstützt." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Alle Schlüsselfächer sind voll.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Ungültige Operation, während die Wiederverschlüsselung läuft." -#: lib/setup.c:327 +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "" -"Schlüsselfach %d ist ungültig, bitte wählen Sie eins zwischen 0 und %d.\n" +msgid "Unsupported LUKS version %d." +msgstr "Nicht unterstützte LUKS-Version %d." + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Gerät für separierte Metadaten wird für diese Verschlüsselungsart nicht unterstützt." -#: lib/setup.c:333 +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "Schlüsselfach %d ist voll, bitte wählen Sie ein anderes.\n" +msgid "Device %s is not active." +msgstr "Gerät »%s« ist nicht aktiv." -#: lib/setup.c:472 +#: lib/setup.c:1444 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Geben Sie die Passphrase für »%s« ein: " +msgid "Underlying device for crypt device %s disappeared." +msgstr "Zugrundeliegendes Gerät für das Kryptogerät »%s« ist verschwunden." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Ungültige Parameter für Plain-Verschlüsselung." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Ungültige Schlüsselgröße." -#: lib/setup.c:653 +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "UUID wird für diese Verschlüsselungsart nicht unterstützt." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Nicht unterstützte Sektorengröße für Verschlüsselung." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "Gerätegröße ist nicht an verlangter Sektorgröße ausgerichtet." + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Ohne Gerät kann LUKS nicht formatiert werden." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "Die angeforderte Datenausrichtung ist nicht mit dem Datenoffset kompatibel." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "WARNING: Der Datenoffset ist außerhalb des derzeit verfügbaren Datengeräts.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, c-format +msgid "Cannot wipe header on device %s." +msgstr "Fehler beim Auslöschen des Headers auf Gerät »%s«." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "WARNUNG: Die Geräteaktivierung wird fehlschlagen, dm-crypt fehlt die Unterstützung für die angeforderte Verschlüsselungsgröße.\n" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "Laufwerksschlüssel ist zu klein für die Verschlüsselung mit Integritätserweiterungen." + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Verschlüsselung »%s-%s« (Schlüsselgröße %zd Bits) ist nicht verfügbar." + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "Warnung: Größe der LUKS2-Metadaten wurde auf % geändert.\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "Warnung: Größe des LUKS2-Schlüsselfachbereichs wurde auf % Bytes geändert.\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "Header gefunden, aber Gerät »%s« ist zu klein.\n" +msgid "Device %s is too small." +msgstr "Gerät »%s« ist zu klein." -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Diese Operation wird für diese Geräteart nicht unterstützt.\n" +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "Gerät »%s« kann nicht formatiert werden, da es gerade benutzt wird." + +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Gerät »%s« kann nicht formatiert werden, Zugriff verweigert." + +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Fehler beim Formatieren der Integrität auf Gerät »%s«." -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1926 #, c-format -msgid "Device %s is not active.\n" -msgstr "Gerät »%s« ist nicht aktiv.\n" +msgid "Cannot format device %s." +msgstr "Gerät »%s« kann nicht formatiert werden." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Ohne Gerät kann LOOPAES nicht formatiert werden." -#: lib/setup.c:925 +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Ohne Gerät kann VERITY nicht formatiert werden." + +#: lib/setup.c:2000 lib/verity/verity.c:102 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "Zugrundeliegendes Gerät für das Kryptogerät »%s« ist verschwunden.\n" +msgid "Unsupported VERITY hash type %d." +msgstr "Nicht unterstützte VERITY-Hash-Art %d." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Nicht unterstützte VERITY-Blockgröße." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Ungültige Parameter für Plain-Verschlüsselung.\n" +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Nicht unterstützter VERITY-Hash-Offset." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Ungültige Schlüsselgröße.\n" +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Nicht unterstützter VERITY-FEC-Offset." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "UUID wird für diese Verschlüsselungsart nicht unterstützt.\n" +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "Datenbereich und Hashbereich überlappen sich." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Ohne Gerät kann LUKS nicht formatiert werden.\n" +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "Hashbereich und FEC-Bereich überlappen sich." -#: lib/setup.c:1089 +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "Datenbereich und FEC-Bereich überlappen sich." + +#: lib/setup.c:2208 +#, c-format +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "WARNUNG: Angeforderte Taggröße mit %d Bytes unterscheidet sich von der Ausgabe der Größe %s (%d Bytes).\n" + +#: lib/setup.c:2286 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Gerät »%s« kann nicht formatiert werden, da es gerade benutzt wird.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Unbekannte Art des Verschlüsselungsgeräts »%s« verlangt." -#: lib/setup.c:1092 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Gerät »%s« kann nicht formatiert werden, Zugriff verweigert.\n" +msgid "Unsupported parameters on device %s." +msgstr "Nicht unterstützte Parameter für Gerät %s." -#: lib/setup.c:1096 +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Fehler beim Auslöschen des Headers auf Gerät »%s«.\n" +msgid "Mismatching parameters on device %s." +msgstr "Parameter für Gerät %s sind durcheinander." -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "Ohne Gerät kann LOOPAES nicht formatiert werden.\n" +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Verschlüsselungsgeräte passen nicht zusammen." -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "Ohne Gerät kann VERITY nicht formatiert werden.\n" +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "Gerät »%s« konnte nicht neugeladen werden." -#: lib/setup.c:1160 lib/verity/verity.c:106 +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 #, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Nicht unterstützte VERITY-Hash-Art %d.\n" +msgid "Failed to suspend device %s." +msgstr "Gerät »%s« konnte nicht stillgelegt werden." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Nicht unterstützte VERITY-Blockgröße.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Gerät »%s« konnte nicht fortgesetzt werden." -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Nicht unterstützter VERITY-Hash-Offset.\n" +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Schwerwiegender Fehler beim Neuladen von Gerät »%s« (über Gerät »%s«)." -#: lib/setup.c:1285 +#: lib/setup.c:2735 lib/setup.c:2737 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Unbekannte Art des Verschlüsselungsgeräts »%s« verlangt.\n" +msgid "Failed to switch device %s to dm-error." +msgstr "Gerät »%s« konnte nicht auf dm-error umgeschaltet werden." -#: lib/setup.c:1435 +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Fehler beim Ändern der Größe des Loopback-Geräts." + +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "Wollen Sie wirklich die UUID des Geräts ändern?" -#: lib/setup.c:1545 +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Header-Backupdatei enthält keinen kompatiblen LUKS-Header." + +#: lib/setup.c:3058 #, c-format -msgid "Volume %s is not active.\n" -msgstr "Laufwerk »%s« ist nicht aktiv.\n" +msgid "Volume %s is not active." +msgstr "Laufwerk »%s« ist nicht aktiv." -#: lib/setup.c:1556 +#: lib/setup.c:3069 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Laufwerk »%s« ist bereits im Ruhezustand.\n" +msgid "Volume %s is already suspended." +msgstr "Laufwerk »%s« ist bereits im Ruhezustand." -#: lib/setup.c:1563 +#: lib/setup.c:3082 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "Das Gerät »%s« unterstützt keinen Ruhezustand.\n" +msgid "Suspend is not supported for device %s." +msgstr "Das Gerät »%s« unterstützt keinen Ruhezustand." -#: lib/setup.c:1565 +#: lib/setup.c:3084 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Das Gerät »%s« kann nicht in den Ruhezustand versetzt werden.\n" +msgid "Error during suspending device %s." +msgstr "Das Gerät »%s« kann nicht in den Ruhezustand versetzt werden." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Laufwerk »%s« ist nicht im Ruhezustand.\n" +msgid "Volume %s is not suspended." +msgstr "Laufwerk »%s« ist nicht im Ruhezustand." -#: lib/setup.c:1605 +#: lib/setup.c:3146 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Das Gerät »%s« kann nicht aus dem Ruhezustand aufgeweckt werden.\n" +msgid "Resume is not supported for device %s." +msgstr "Das Gerät »%s« kann nicht aus dem Ruhezustand aufgeweckt werden." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Fehler beim Aufwecken von Gerät »%s« aus dem Ruhezustand.\n" +msgid "Error during resuming device %s." +msgstr "Fehler beim Aufwecken von Gerät »%s« aus dem Ruhezustand." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Passphrase eingeben: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Der Laufwerksschlüssel passt nicht zum Laufwerk." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Schlüsselfach kann nicht hinzugefügt werden, da alle Fächer deaktiviert sind " -"und kein Laufwerksschlüssel angegeben wurde.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Schlüsselfach kann nicht hinzugefügt werden, da alle Fächer deaktiviert sind und kein Laufwerksschlüssel angegeben wurde." -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Geben Sie irgendeine Passphrase ein: " +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Neues Schlüsselfach konnte nicht ausgewechselt werden." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Geben Sie die neue Passphrase für das Schlüsselfach ein: " +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "Schlüsselfach %d ist ungültig." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "Schlüsselfach %d ist nicht aktiv." -#: lib/setup.c:1798 +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "Geräteheader und Datenbereich überlappen sich." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Wiederverschlüsselung läuft bereits. Das Gerät kann nicht aktiviert werden." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Fehler beim Zugriff auf die Sperre zur Wiederverschlüsselung." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "Fehler beim Wiederherstellen der LUKS2-Wiederverschlüsselung." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Geräteart ist nicht richtig initialisiert." + +#: lib/setup.c:4171 #, c-format -msgid "Key slot %d changed.\n" -msgstr "Schlüsselfach %d geändert.\n" +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Gerät »%s« kann nicht verwendet werden, da es gerade benutzt wird oder der Name ungültig ist." -#: lib/setup.c:1801 +#: lib/setup.c:4174 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Ersetzt durch Schlüsselfach %d.\n" +msgid "Device %s already exists." +msgstr "Das Gerät »%s« existiert bereits." + +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Falscher Laufwerksschlüssel für Plain-Gerät angegeben." + +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Falscher Root-Hash-Schlüssel für VERITY-Gerät angegeben." + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Signatur des Stammhashes erforderlich." -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Neues Schlüsselfach konnte nicht ausgewechselt werden.\n" +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Der Kernel-Schlüsselbund fehlt. Wird benötigt, um die Signatur zum Kernel zu übergeben." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Der Laufwerksschlüssel passt nicht zum Laufwerk.\n" +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Fehler beim Laden des Schlüssels im Kernel-Schlüsselbund." -#: lib/setup.c:1961 +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Schlüsselfach %d ist ungültig.\n" +msgid "Device %s is still in use." +msgstr "Gerät »%s« wird gerade benutzt." -#: lib/setup.c:1966 +#: lib/setup.c:4516 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Schlüsselfach %d ist unbenutzt.\n" +msgid "Invalid device %s." +msgstr "Ungültiges Gerät »%s«." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Laufwerks-Schlüsselpuffer zu klein." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für Plain-Gerät." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "Root-Hash für Verity-Gerät kann nicht ermittelt werden." + +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Diese Operation wird für Kryptogerät »%s« nicht unterstützt." + +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Die Dump-Operation wird für diese Geräteart nicht unterstützt." + +#: lib/setup.c:5190 #, c-format -msgid "Device %s already exists.\n" -msgstr "Das Gerät »%s« existiert bereits.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "Datenoffset ist kein Vielfaches von %u Bytes." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "Falscher Laufwerksschlüssel für Plain-Gerät angegeben.\n" +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Gerät »%s« kann nicht konvertiert werden, da es gerade benutzt wird." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" -msgstr "Falscher Root-Hash-Schlüssel für VERITY-Gerät angegeben.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Schlüsselfach %u konnte nicht dem Laufwerksschlüssel zugeordnet werden." -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Geräteart ist nicht richtig initialisiert.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Fehler beim Initialisieren der LUKS2-Schlüsselfach-Parameter." -#: lib/setup.c:2259 +#: lib/setup.c:5851 #, c-format -msgid "Device %s is still in use.\n" -msgstr "Gerät »%s« wird gerade benutzt.\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "Schlüsselfach %d konnte nicht dem Digest zugeordnet werden." -#: lib/setup.c:2268 +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Der Kernel-Schlüsselbund wird vom Kernel nicht unterstützt." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "Invalid device %s.\n" -msgstr "Ungültiges Gerät »%s«.\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Fehler beim Lesen der Passphrase vom Schlüsselbund (Fehler %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Globale Speicherzugriffsserialisierungssperre konnte nicht angefordert werden." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Fehler beim Ermitteln der Prozesspriorität." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Fehler beim Entsperren des Speichers." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Fehler beim Öffnen der Schlüsseldatei." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Fehler beim Einlesen der Schlüsseldatei »%s« vom Terminal." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Fehler beim Öffnen der Schlüsseldatei." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Fehler beim Zugriff auf die Schlüsseldatei." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Diese Funktion ist im FIPS-Modus nicht verfügbar.\n" +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Zu wenig Speicher zum Einlesen der Passphrase." -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Laufwerks-Schlüsselpuffer zu klein.\n" +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Fehler beim Einlesen der Passphrase." -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für Plain-Gerät.\n" +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Nichts zu lesen in der Eingabe." -#: lib/setup.c:2310 +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Größenbegrenzung für die Schlüsseldatei überschritten." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Die gewünschte Menge an Daten kann nicht eingelesen werden." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 #, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Diese Operation wird für Kryptogerät »%s« nicht unterstützt.\n" +msgid "Device %s does not exist or access denied." +msgstr "Gerät »%s« existiert nicht oder Zugriff verweigert." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "Die Dump-Operation wird für diese Geräteart nicht unterstützt.\n" +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "Gerät »%s« ist nicht kompatibel." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Fehler beim Ermitteln der Prozesspriorität.\n" +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Gerät »%s« ist zu klein. Mindestens % Bytes erforderlich." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Fehler beim Entsperren des Speichers.\n" +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Gerät »%s« kann nicht benutzt werden, da es bereits anderweitig benutzt wird." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Zu wenig Speicher zum Einlesen der Passphrase.\n" +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Gerät »%s« kann nicht verwendet werden, Zugriff verweigert." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Fehler beim Lesen der Passphrase vom Terminal.\n" +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "Fehler beim Abrufen der Infos über Gerät »%s«." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Passphrase bestätigen: " +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Das Loopback-Gerät kann nicht benutzt werden, da das Programm nicht mit Root-Rechten läuft." + +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Anklemmen des Loopback-Geräts fehlgeschlagen (das Loopback-Gerät benötigt den »autoclear«-Schalter)." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Passphrasen stimmen nicht überein.\n" +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Der angeforderte Offset ist jenseits der wirklichen Größe des Geräts »%s«." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Offset kann nicht zusammen mit Terminaleingabe benutzt werden.\n" +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Gerät »%s« hat die Größe 0." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "Fehler beim Öffnen der Schlüsseldatei.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Verlangte Vorgabezeit für PBKDF darf nicht 0 sein." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "Fehler beim Öffnen der Schlüsseldatei.\n" +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Unbekannte PBKDF, Typ »%s«." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "Fehler beim Zugriff auf die Schlüsseldatei.\n" +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "Verlangter Hash »%s« wird nicht unterstützt." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Fehler beim Einlesen der Passphrase.\n" +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Verlangter PBKDF-Typ wird von LUKS1 nicht unterstützt." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Größenbegrenzung für die Schlüsseldatei überschritten.\n" +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "Für pbkdf2 dürfen weder das Speichermaximum noch die Anzahl der Threads angegeben werden." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "Die gewünschte Menge an Daten kann nicht eingelesen werden.\n" +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Anzahl der verlangten Durchläufe ist zu gering für %s (Minimum ist %u)." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/utils_pbkdf.c:148 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Gerät »%s« existiert nicht oder Zugriff verweigert.\n" +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Verlangte Speicherkosten sind zu gering für %s (Minimum sind %u Kilobyte)." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "" -"Das Loopback-Gerät kann nicht benutzt werden, da das Programm nicht mit Root-" -"Rechten läuft.\n" +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Das verlangte Speicherkosten-Maximum ist zu hoch (maximal %d Kilobyte)." -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Kein freies Loopback-Gerät gefunden.\n" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "Der verlangte PBKDF-Speicherbedarf darf nicht 0 sein." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" -"Anklemmen des Loopback-Geräts fehlgeschlagen (das Loopback-Gerät benötigt " -"den »autoclear«-Schalter).\n" +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Die Anzahl der verlangten parallelen Threads für PBKDF darf nicht 0 sein." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "Im FIPS-Modus wird ausschließlich PBKDF2 unterstützt." -#: lib/utils_device.c:484 +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "PBKDF-Benchmark deaktiviert, aber Anzahl der Iterationen nicht angegeben." + +#: lib/utils_benchmark.c:191 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" -msgstr "" -"Gerät »%s« kann nicht benutzt werden, da es bereits anderweitig benutzt " -"wird.\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Inkompatible PBKDF2-Optionen (mit Hash-Algorithmus »%s«)." -#: lib/utils_device.c:488 +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Inkompatible PBKDF2-Optionen." + +#: lib/utils_device_locking.c:102 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Fehler beim Abrufen der Infos über Gerät »%s«.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (kein Verzeichnis oder existiert nicht)." -#: lib/utils_device.c:494 +#: lib/utils_device_locking.c:109 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "" -"Der angeforderte Offset ist jenseits der wirklichen Größe des Geräts »%s«.\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "WARNUNG: Zugriffssperren-Verzeichnis %s/%s ist nicht vorhanden!\n" -#: lib/utils_device.c:502 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Gerät »%s« hat die Größe 0.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (%s ist kein Verzeichnis)." -#: lib/utils_device.c:513 +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Fehler beim Springen zum Gerät-Offset." + +#: lib/utils_wipe.c:208 #, c-format -msgid "Device %s is too small.\n" -msgstr "Gerät »%s« ist zu klein.\n" +msgid "Device wipe error, offset %." +msgstr "Fehler beim gründlichen Löschen des Geräts, an Offset %." -#: lib/luks1/keyencryption.c:37 +#: lib/luks1/keyencryption.c:39 #, c-format msgid "" "Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" "Einrichten der dm-crypt-Schlüsselzuordnung für Gerät »%s« fehlgeschlagen.\n" "Stellen Sie sicher, dass der Kernel die Verschlüsselung »%s« unterstützt.\n" -"(Sehen Sie im System-Log nach, ob sich dort Hinweise finden.)\n" +"(Sehen Sie im System-Log nach, ob sich dort Hinweise finden.)" + +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Schlüsselgröße im XTS-Modus muss entweder 256 oder 512 Bits sein." -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "Schlüsselgröße im XTS-Modus muss entweder 256 oder 512 Bits sein.\n" +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "Verschlüsselungsverfahren sollte im Format [Verfahren]-[Modus]-[IV] sein." -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 #, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Fehler beim Schreiben auf Gerät »%s«, Zugriff verweigert.\n" +msgid "Cannot write to device %s, permission denied." +msgstr "Fehler beim Schreiben auf Gerät »%s«, Zugriff verweigert." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Fehler beim Öffnen des temporären Schlüsselspeichergeräts." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Fehler beim Zugriff auf das temporäre Schlüsselspeichergerät." -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "Fehler beim Öffnen des temporären Schlüsselspeichergeräts.\n" +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "E/A-Fehler beim Verschlüsseln des Schlüsselfachs." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "Fehler beim Zugriff auf das temporäre Schlüsselspeichergerät.\n" +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Fehler beim Öffnen des Geräts »%s«." -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "E/A-Fehler beim Verschlüsseln des Schlüsselfachs.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "E/A-Fehler beim Entschlüsseln des Schlüsselfachs." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "E/A-Fehler beim Entschlüsseln des Schlüsselfachs.\n" +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Gerät »%s« ist zu klein. (LUKS1 benötigt mindestens % Bytes.)" -#: lib/luks1/keymanage.c:90 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "Gerät »%s« ist zu klein. (LUKS benötigt mindestens % Bytes.)\n" +msgid "LUKS keyslot %u is invalid." +msgstr "LUKS-Schlüsselfach %u ist ungültig." -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "Gerät »%s« ist kein gültiges LUKS-Gerät.\n" +msgid "Device %s is not a valid LUKS device." +msgstr "Gerät »%s« ist kein gültiges LUKS-Gerät." -#: lib/luks1/keymanage.c:198 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Angeforderte Header-Backupdatei »%s« existiert bereits.\n" +msgid "Requested header backup file %s already exists." +msgstr "Angeforderte Header-Backupdatei »%s« existiert bereits." -#: lib/luks1/keymanage.c:200 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Fehler beim Anlegen der Header-Backupdatei »%s«.\n" +msgid "Cannot create header backup file %s." +msgstr "Fehler beim Anlegen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:205 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Fehler beim Speichern der Header-Backupdatei »%s«.\n" +msgid "Cannot write header backup file %s." +msgstr "Fehler beim Speichern der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Backupdatei enthält keinen gültigen LUKS-Header.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Backupdatei enthält keinen gültigen LUKS-Header." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Fehler beim Öffnen der Header-Backupdatei »%s«.\n" +msgid "Cannot open header backup file %s." +msgstr "Fehler beim Öffnen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:258 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Fehler beim Einlesen der Header-Backupdatei »%s«.\n" +msgid "Cannot read header backup file %s." +msgstr "Fehler beim Einlesen der Header-Backupdatei »%s«." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Unterschiedlicher Offset oder Schlüsselgröße zwischen Gerät und Backup. " -"Wiederherstellung fehlgeschlagen.\n" +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Unterschiedlicher Offset oder Schlüsselgröße zwischen Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Gerät »%s« %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"enthält keinen LUKS-Header. Das Ersetzen des Headers kann Daten auf dem " -"Gerät zerstören." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "enthält keinen LUKS-Header. Das Ersetzen des Headers kann Daten auf dem Gerät zerstören." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"enthält bereits einen LUKS-Header. Das Ersetzen des Headers wird bestehende " -"Schlüsselfächer zerstören." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "enthält bereits einen LUKS-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -543,586 +867,1470 @@ msgstr "" "\n" "WARNUNG: Der Header des echten Geräts hat eine andere UUID als das Backup!" -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Fehler beim Öffnen des Geräts »%s«.\n" - -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "Ungewöhnliche Schlüsselgröße, manuelles Reparieren erforderlich.\n" - -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" -"Ungewöhnliche Ausrichtung der Schlüsselfächer, manuelles Reparieren " -"erforderlich.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Ungewöhnliche Schlüsselgröße, manuelles Reparieren erforderlich." -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Schlüsselfächer werden repariert.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Ungewöhnliche Ausrichtung der Schlüsselfächer, manuelles Reparieren erforderlich." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Fehler beim Reparieren der Schlüsselfächer." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Schlüsselfächer werden repariert." -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Schlüsselfach %i: Offset repariert (%u -> %u).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Schlüsselfach %i: Offset repariert (%u -> %u)." -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Schlüsselfach %i: Streifen repariert (%u -> %u).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Schlüsselfach %i: Streifen repariert (%u -> %u)." # XXX -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Schlüsselfach %i: schwindlerische Partitions-Signatur.\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Schlüsselfach %i: schwindlerische Partitions-Signatur." -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Schlüsselfach %i: Salt gelöscht.\n" +msgid "Keyslot %i: salt wiped." +msgstr "Schlüsselfach %i: Salt gelöscht." -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "LUKS-Header wird auf den Datenträger geschrieben.\n" - -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Nicht unterstützte LUKS-Version %d.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "LUKS-Header wird auf den Datenträger geschrieben." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "Verlangter LUKS-Hash »%s« wird nicht unterstützt.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Fehler beim Reparieren." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "LUKS-Schlüsselfach %u ist ungültig.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "Verlangter LUKS-Hash »%s« wird nicht unterstützt." -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "Keine bekannten Probleme im LUKS-Header erkannt.\n" - -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Fehler beim Aktualisieren des LUKS-Headers auf Gerät »%s«.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Keine bekannten Probleme im LUKS-Header erkannt." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Fehler beim Neueinlesen des LUKS-Headers nach dem Aktualisieren auf Gerät " -"»%s«.\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Fehler beim Aktualisieren des LUKS-Headers auf Gerät »%s«." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keymanage.c:668 #, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"Daten-Offset für separaten LUKS-Header muss entweder 0 sein oder mehr als " -"die Headergröße (%d Sektoren).\n" +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Fehler beim Neueinlesen des LUKS-Headers nach dem Aktualisieren auf Gerät »%s«." -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Falsches LUKS-UUID-Format angegeben.\n" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Daten-Offset für LUKS-Header muss entweder 0 sein oder mehr als die Headergröße." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "" -"LUKS-Header kann nicht angelegt werden: Fehler beim Einlesen des zufälligen " -"Salts.\n" +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Falsches LUKS-UUID-Format angegeben." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Inkompatible PBKDF2-Optionen (mit Hash-Algorithmus »%s«).\n" +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "LUKS-Header kann nicht angelegt werden: Fehler beim Einlesen des zufälligen Salts." # XXX -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"LUKS-Header kann nicht angelegt werden: Fehler beim Hashen des Headers (mit " -"Hash-Algorithmus »%s«).\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "LUKS-Header kann nicht angelegt werden: Fehler beim Hashen des Headers (mit Hash-Algorithmus »%s«)." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "Schlüsselfach %d aktiv, löschen Sie es erst.\n" +msgid "Key slot %d active, purge first." +msgstr "Schlüsselfach %d aktiv, löschen Sie es erst." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Material für Schlüsselfach %d enthält zu wenige Streifen. Manipulation des " -"Headers?\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Material für Schlüsselfach %d enthält zu wenige Streifen. Manipulation des Headers?" -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:990 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Schlüsselfach %d entsperrt.\n" - -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Kein Schlüssel mit dieser Passphrase verfügbar.\n" +msgid "Cannot open keyslot (using hash %s)." +msgstr "Schlüsselfach kann nicht geöffnet werden (mit Hash-Algorithmus »%s«)." -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "" -"Schlüsselfach %d ist ungültig, bitte wählen Sie ein Schlüsselfach zwischen 0 " -"und %d.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie ein Schlüsselfach zwischen 0 und %d." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Gerät »%s« kann nicht ausgelöscht werden.\n" +msgid "Cannot wipe device %s." +msgstr "Gerät »%s« kann nicht ausgelöscht werden." #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "Noch nicht unterstützte GPG-Schlüsseldatei erkannt.\n" +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Noch nicht unterstützte verschlüsselte GPG-Schlüsseldatei erkannt." #: lib/loopaes/loopaes.c:147 msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" -msgstr "" -"Bitte benutzen Sie »gpg --decrypt | cryptsetup --keyfile=- " -"…«\n" +msgstr "Bitte benutzen Sie »gpg --decrypt | cryptsetup --keyfile=- …«\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Inkompatible Loop-AES-Schlüsseldatei erkannt.\n" +msgid "Incompatible loop-AES keyfile detected." +msgstr "Inkompatible Loop-AES-Schlüsseldatei erkannt." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "Kernel unterstützt Loop-AES-kompatibles Mapping nicht.\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Kernel unterstützt Loop-AES-kompatibles Mapping nicht." -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«.\n" +msgid "Error reading keyfile %s." +msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«." -#: lib/tcrypt/tcrypt.c:513 +#: lib/tcrypt/tcrypt.c:554 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "Maximale Länge der TCRYPT-Passphrase (%d) überschritten.\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Maximale Länge der TCRYPT-Passphrase (%zu) überschritten." -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "" -"Der Hash-Algorithmus »%s« für PBKDF2 wird nicht unterstützt, überspringe " -"diesen Teil.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "Der Hash-Algorithmus »%s« für PBKDF2 wird nicht unterstützt, überspringe diesen Teil." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "Die benötigte Crypto-Kernel-Schnittstelle ist nicht verfügbar.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "Die benötigte Crypto-Kernel-Schnittstelle ist nicht verfügbar." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "" -"Stellen Sie sicher, dass das Kernelmodul »algif_skcipher« geladen ist.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Stellen Sie sicher, dass das Kernelmodul »algif_skcipher« geladen ist." -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "Aktivierung wird für die Sektorengröße %d nicht unterstützt.\n" +msgid "Activation is not supported for %d sector size." +msgstr "Aktivierung wird für die Sektorengröße %d nicht unterstützt." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "" -"Der Kernel unterstützt die Aktivierung für diesen TCRYPT-Legacymodus nicht.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Der Kernel unterstützt die Aktivierung für diesen TCRYPT-Legacymodus nicht." -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "TCRYPT-Systemverschlüsselung für Partition »%s« wird aktiviert.\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "TCRYPT-Systemverschlüsselung für Partition »%s« wird aktiviert." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "Kernel unterstützt TCRYPT-kompatibles Mapping nicht.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Kernel unterstützt TCRYPT-kompatibles Mapping nicht." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Diese Funktionalität braucht einen geladenen TCRYPT-Header." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Parsen des unterstützten Volume Master Keys gefunden." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Ungültige Zeichenkette beim Parsen des Volume Master Key gefunden." + +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "Verity-Gerät »%s« benutzt keinen Header auf dem Datenträger.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Unerwartete Zeichenkette »%s« beim Parsen des Volume Master Key gefunden." -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:399 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Gerät »%s« ist kein gültiges VERITY-Gerät.\n" +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "Unerwarteter Metadaten-Eintrag %u beim Einlesen des unterstützten Volume Master Key gefunden." -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:479 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "Nicht unterstützte VERITY-Version %d.\n" +msgid "Failed to read BITLK signature from %s." +msgstr "Fehler beim Lesen der BITLK-Signatur von »%s«." -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "VERITY-Header verfälscht.\n" +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "BITLK Version 1 wird derzeit nicht unterstützt." -#: lib/verity/verity.c:166 +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Ungültige oder unbekannte Bootsignatur für BITLK-Gerät." + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Ungültige oder unbekannte Signatur für BITLK-Gerät." + +#: lib/bitlk/bitlk.c:510 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "Falsches VERITY-UUID-Format über Gerät »%s« angegeben.\n" +msgid "Unsupported sector size %." +msgstr "Nicht unterstützte Sektorengröße %." -#: lib/verity/verity.c:196 +#: lib/bitlk/bitlk.c:518 #, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Fehler beim Aktualisieren des VERITY-Headers auf Gerät »%s«.\n" +msgid "Failed to read BITLK header from %s." +msgstr "Fehler beim Lesen des BITLK-Headers von »%s«." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "Kernel unterstützt dm-verity-Zuordnung nicht.\n" +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Fehler beim Schreiben der BITLK-FVE-Metadaten von »%s«." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "" -"Verity-Gerät hat eine Verfälschung nach der Aktivierung festgestellt.\n" +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Unbekannte oder nicht unterstützte Verschlüsselungsart." -#: lib/verity/verity_hash.c:59 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "Zusätzlicher Platz an Position % ist nicht ausgenullt.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Fehler beim Lesen der BITLK-Metadaten von »%s«." -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Überlauf beim Geräte-Offset.\n" +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Diese Operation wird nicht unterstützt." -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" -msgstr "Fehler beim Verifizieren an Position %.\n" +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Falsche Schlüsselgröße." -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Ungültige Größenparameter für Verity-Gerät.\n" +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Dieses BITLK-Gerät ist in einem nicht unterstützten Zustand und kann daher nicht aktiviert werden." -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Zu viele Ebenen für Verity-Laufwerk.\n" +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "BITLK-Geräte der Art »%s« können nicht aktiviert werden." -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "Fehler beim Verifizieren des Datenbereichs.\n" +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "Aktivieren eines teilweise entschlüsselten BITLK-Geräts wird nicht unterstützt." -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "Fehler beim Verifizieren des Root-Hashes.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Gerät kann nicht aktiviert werden, dem Kernelmodul dm-crypt fehlt die Unterstützung für BITLK-IV." -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "E/A-Fehler beim Anlegen des Hash-Bereiches.\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Gerät kann nicht aktiviert werden, da dem Kernelmodul dm-crypt die Unterstützung für BITLK-Elephant-Verschleierer fehlt." -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "Fehler beim Anlegen des Hash-Bereiches.\n" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Verity-Gerät »%s« benutzt keinen Header auf dem Datenträger." -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity.c:90 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" -"WARNUNG: Kernel kann das Gerät nicht aktivieren, wenn die Datenblockgröße " -"die Seitengröße (%u) übersteigt.\n" +msgid "Device %s is not a valid VERITY device." +msgstr "Gerät »%s« ist kein gültiges VERITY-Gerät." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "Passphrase-Verifikation ist nur auf Terminal-Eingaben möglich.\n" +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Nicht unterstützte VERITY-Version %d." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Kein bekanntes Verschlüsselungsmuster entdeckt.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "VERITY-Header verfälscht." -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" -msgstr "" -"WARNUNG: Der Parameter --hash wird im Plain-Modus ignoriert, wenn eine " -"Schlüsseldatei angegeben ist.\n" +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Falsches VERITY-UUID-Format über Gerät »%s« angegeben." -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" -msgstr "" -"WARNUNG: Die Option --keyfile-size wird ignoriert, da die Lesegröße die " -"gleiche ist wie die Verschlüsselungsschlüsselgröße ist.\n" +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Fehler beim Aktualisieren des VERITY-Headers auf Gerät »%s«." -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Die Option »--key-file« muss angegeben werden.\n" +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "Verifikation der Stammhash-Signatur wird nicht unterstützt." -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Kein Geräte-Header mit dieser Passphrase gefunden.\n" +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Fehler können mit einem FEC-Gerät nicht repariert werden." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." -msgstr "" -"Der Headerdump zusammen mit dem Laufwerksschlüssel sind\n" -"sensible Daten, mit deren Hilfe man ohne Passphrase auf die\n" -"verschlüsselte Partition zugreifen kann. Dieser Dump sollte\n" -"daher ausschließlich an einem sicheren Ort und verschlüsselt\n" -"aufbewahrt werden." +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "%u reparierbare Fehler mit FEC-Gerät gefunden." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Das Ergebnis des Benchmarks ist nicht zuverlässig.\n" +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "Kernel unterstützt dm-verity-Zuordnung nicht." -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "" -"# Die Tests sind nur annähernd genau, da sie nicht auf den Datenträger " -"zugreifen.\n" +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "Kernel unterstützt Signatur-Option für dm-verity nicht." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Verity-Gerät hat eine Verfälschung nach der Aktivierung festgestellt." -#: src/cryptsetup.c:587 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Verschlüsselung »%s« ist nicht verfügbar.\n" +msgid "Spare area is not zeroed at position %." +msgstr "Zusätzlicher Platz an Position % ist nicht ausgenullt." -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "N/A" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Überlauf beim Geräte-Offset." -#: src/cryptsetup.c:639 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«.\n" +msgid "Verification failed at position %." +msgstr "Fehler beim Verifizieren an Position %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Ungültige Größenparameter für Verity-Gerät." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Überlauf des Hashbereichs." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Fehler beim Verifizieren des Datenbereichs." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Fehler beim Verifizieren des Root-Hashes." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "E/A-Fehler beim Anlegen des Hash-Bereiches." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "Fehler beim Anlegen des Hash-Bereiches." -#: src/cryptsetup.c:643 +#: lib/verity/verity_hash.c:433 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Fehler beim Einlesen von %d Bytes aus der Schlüsseldatei »%s«.\n" +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "WARNUNG: Kernel kann das Gerät nicht aktivieren, wenn die Datenblockgröße die Seitengröße (%u) übersteigt." -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Wirklich versuchen, den LUKS-Geräteheader wiederherzustellen?" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Fehler beim Reservieren des RS-Kontexts." -#: src/cryptsetup.c:697 +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Fehler beim Reservieren des Puffers." + +#: lib/verity/verity_fec.c:156 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Hiermit werden die Daten auf »%s« unwiderruflich überschrieben." +msgid "Failed to read RS block % byte %d." +msgstr "Fehler beim Lesen des RS-Blocks %, Byte %d." + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Fehler beim Lesen der Parität für RS-Block %." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "Speicherproblem in action_luksFormat" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "Fehler beim Reparieren der Parität für RS-Block %." -#: src/cryptsetup.c:717 +#: lib/verity/verity_fec.c:188 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Das Gerät »%s« kann nicht als Datenträger-Header benutzt werden.\n" +msgid "Failed to write parity for RS block %." +msgstr "Fehler beim Schreiben der Parität für RS-Block %." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "Verringerter Datenoffset ist nur für separaten LUKS-Header erlaubt.\n" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Blockgrößen müssen für FEC zusammen passen." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Ungültige Anzahl von Paritätsbytes." + +#: lib/verity/verity_fec.c:265 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Schlüsselfach %d zum Löschen ausgewählt.\n" +msgid "Failed to determine size for device %s." +msgstr "Fehler beim Ermitteln der Größe von Gerät »%s«." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Kernel unterstützt dm-integrity-Zuordnung nicht." -#: src/cryptsetup.c:884 +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Kernel unterstützt feste Ausrichtung der Metadaten für dm-integrity nicht." + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "" -"Schlüssel %d ist nicht aktiv und kann daher nicht ausgelöscht werden.\n" +msgid "Failed to acquire write lock on device %s." +msgstr "Fehler beim exklusiven Schreibzugriff auf Gerät »%s«." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Es wurde ein Versuch erkannt, die LUKS2-Metadaten nebenläufig zu ändern. Die Operation wird abgebrochen." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." msgstr "" -"Dies ist das letzte Schlüsselfach. Wenn Sie diesen Schlüssel löschen, wird " -"das Gerät unbrauchbar." - -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Geben Sie irgendeine verbleibende Passphrase ein: " +"Gerät enthält mehrdeutige Signaturen, LUKS2 kann nicht automatisch wiederhergestellt werden.\n" +"Bitte führen Sie \"cryptsetup repair\" zur Wiederherstellung aus." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Geben Sie die zu löschende Passphrase ein: " +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Verlangter Daten-Offset ist zu klein." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Geben Sie irgendeine bestehende Passphrase ein: " +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "WARNING: Der Schlüsselfach-Bereich (% Bytes) ist sehr klein, die LUKS2-Schlüsselfachanzahl ist sehr begrenzt.\n" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Geben Sie die zu ändernde Passphrase ein: " +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Fehler beim Zugriff auf die Lesesperre für das Gerät »%s«." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Geben Sie die neue Passphrase ein: " +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Verbotene LUKS2-Anforderungen in Backup »%s« entdeckt." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "Die Operation »isLuks« unterstützt nur genau ein Geräte-Argument.\n" +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Unterschiedliche Datenoffsets auf Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Option »--header-backup-file« muss angegeben werden.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Unterschiedliche Größe der Binärheader mit Schlüsselfach-Bereichen zwischen Gerät und Backup. Wiederherstellung fehlgeschlagen." -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:1221 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Unbekannte Art »%s« des Metadaten-Geräts.\n" +msgid "Device %s %s%s%s%s" +msgstr "Gerät »%s« %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "enthält keinen LUKS2-Header. Das Ersetzen des Headers kann Daten auf dem Gerät zerstören." + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "enthält bereits einen LUKS2-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören." -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"Dieser Befehl benötigt den Gerätenamen und den zugeordneten Namen als " -"Argumente.\n" +"\n" +"WARNUNG: Unbekannte LUKS2-Anforderungen im echten Geräteheader entdeckt!\n" +"Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen!" -#: src/cryptsetup.c:1326 -#, c-format +#: lib/luks2/luks2_json_metadata.c:1227 msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." msgstr "" -"Diese Operation wird alle Schlüsselfächer auf Gerät »%s« löschen.\n" -"Dadurch wird das Gerät unbrauchbar." +"\n" +"WARNUNG: Unvollendete Offline-Wiederverschlüsselung auf dem Gerät entdeckt!\n" +"Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen." -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Unbekannter Schalter »%s« wird ignoriert." -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "Gerät als Zuordnung öffnen" +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Fehlender Schlüssel für dm-crypt-Segment %u" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Fehler beim Festlegen des »dm-crypt«-Segments." -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "Gerät schließen (Zuordnung entfernen)" +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Fehler beim Festlegen des »dm-linear«-Segments." -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "Größe des aktiven Geräts ändern" +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Nicht unterstützte Konfiguration für Geräteintegrität." -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "Gerätestatus anzeigen" +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Wiederverschlüsselung läuft gerade. Das Gerät kann nicht deaktiviert werden." -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "Verschlüsselungsalgorithmus benchmarken" +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Das stillgelegte Gerät »%s« mit dm-error-Ziel konnte nicht in den Fehlerzustand gesetzt werden." -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Fehler beim Lesen der LUKS2-Anforderungen." -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Unerfüllte LUKS2-Anforderungen entdeckt." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für Altlasten-Wiederverschlüsselung markiert ist. Wird abgebrochen." + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für LUKS2-Wiederverschlüsselung markiert ist. Wird abgebrochen." + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Nicht genügend Speicher, um ein Schlüsselfach zu öffnen." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Fehler beim Öffnen des Schlüsselfachs." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Der Algorithmus %s-%s kann nicht für Schlüsselfach-Verschlüsselung verwendet werden." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Nicht genug Speicherplatz für neues Schlüsselfach." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Fehler beim Prüfen des Zustands von Gerät mit der UUID %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Fehler beim Konvertieren des Headers mit zusätzlichen LUKSMETA-Metadaten." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs. Nicht genug Speicherplatz." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs. Bereich für die LUKS2-Schlüsselfächer ist zu klein." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Fehler beim Konvertieren in LUKS1-Format: Standardgröße für Verschlüsselungssektoren ist nicht 512 Bytes." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach-Digeste sind nicht zu LUKS1 kompatibel." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Fehler beim Konvertieren in LUKS1-Format: Gerät verwendet eingepacktes Verschlüsselungsverfahren %s." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Fehler beim Konvertieren in LUKS1-Format: LUKS2-Header enthält %u Token." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u ist in ungültigem Zustand." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u (über Maximalfach) ist noch aktiv." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u ist nicht zu LUKS1 kompatibel." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Die Größe der Hotzone muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Gerätegröße muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Nicht unterstützter Modus »%s« für Widerstandsfähigkeit" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher alter Segmente." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher neuer Segmente." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Fehler beim Lesen der Prüfsummen für die aktuelle Hotzone." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Fehler beim Lesen des Hotzone-Bereichs, der bei % beginnt." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Fehler beim Entschlüsseln von Sektor %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Fehler beim Wiederherstellen von Sektor %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Die Größe der Quell- und Zielgeräte stimmt nicht überein. Quelle %, Ziel: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Fehler beim Aktivieren des Hotzone-Geräts »%s«." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Fehler beim Aktivieren des Überlagerungsgeräts »%s« mit der tatsächlichen Ursprungstabelle." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Fehler beim Laden der neuen Zuordnung für Gerät »%s«." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Fehler beim Auffrischen des Gerätestapels für Wiederverschlüsselung." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Fehler beim Festlegen der neuen Bereichsgröße für Schlüsselfächer." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Datenverschiebung ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (% Bytes) ausgerichtet." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Datengerät ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (% Bytes) ausgerichtet." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Datenverschiebung (% Sektoren) ist weniger als der zukünftige Datenoffset (% Sektoren)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Fehler beim exklusiven Öffnen von »%s« (wird bereits anderweitig benutzt)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Das Gerät ist nicht für LUKS2-Wiederverschlüsselung markiert." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Fehler beim Laden des LUKS2-Wiederverschlüsselungs-Kontextes." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Fehler beim Einlesen des Wiederverschlüsselungs-Zustands." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Das Gerät befindet sich nicht in der Wiederverschlüsselung." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Der Wiederverschlüsselungs-Vorgang läuft bereits." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Fehler beim Zugriff auf die Schreibsperre für die Wiederverschlüsselung." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Führen Sie zuerst die Wiederverschlüsselungs-Wiederherstellung durch." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "Aktive Gerätegröße und angeforderte Wiederverschlüsselungsgröße passen nicht zusammen." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "Ungültige Gerätegröße wurde in den Wiederverschlüsselungsparametern angefordert." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Wiederverschlüsselung läuft bereits. Wiederherstellung ist nicht möglich." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "LUKS2-Wiederverschlüsselung ist in den Metadaten bereits initialisiert." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "LUKS2-Wiederverschlüsselung konnte in den Metadaten nicht initialisiert werden." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Fehler beim Festlegen der Gerätesegmente für die nächste Wiederverschlüsselungs-Hotzone." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Fehler beim Schreiben der Metadaten für robuste Wiederverschlüsselung." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Fehler beim Entschlüsseln." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Fehler beim Schreiben des Hotzone-Bereichs, der bei % beginnt." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Fehler beim Synchronisieren von Daten." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Fehler beim Aktualisieren der Metadaten, nachdem die aktuelle Wiederverschlüsselungs-Hotzone beendet wurde." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Fehler beim Schreiben der LUKS2-Metadaten." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Fehler beim gründlichen Löschen der Backupsegmentdaten." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Fehler beim Deaktivieren der Wiederverschlüsselungsanforderung." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Schwerwiegender Fehler beim Wiederverschlüsseln des Blocks bei %, % Sektoren lang." + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Das Gerät nicht fortsetzen, außer es wird manuell durch das Fehlerziel ersetzt." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Unerwarteter Zustand der Wiederverschlüsselung." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Fehlender oder ungültiger Wiederverschlüsselungs-Kontext." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Fehler beim Initialisieren des Gerätestapels für Wiederverschlüsselung." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Fehler beim Aktualisieren des Wiederverschlüsselungskontexts." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Kein freies Fach für Token." + +# upstream: period missing +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Fehler beim Erzeugen des eingebauten Tokens »%s«." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Passphrase-Verifikation ist nur auf Terminal-Eingaben möglich." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Verschlüsselungsparameter für Schlüsselfach wird nur für LUKS2-Geräte unterstützt." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Kein bekanntes Verschlüsselungsmuster entdeckt." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "WARNUNG: Der Parameter --hash wird im Plain-Modus ignoriert, wenn eine Schlüsseldatei angegeben ist.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "WARNUNG: Die Option --keyfile-size wird ignoriert, da die Lesegröße die gleiche ist wie die Verschlüsselungsschlüsselgröße ist.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Gerätesignaturen auf »%s« erkannt. Wenn Sie fortfahren, könnte das bestehende Daten beschädigen." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Vorgang abgebrochen.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Die Option »--key-file« muss angegeben werden." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "VeraCrypt-PIM eingeben: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Ungültiger PIM-Wert: Formatfehler." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Ungültiger PIM-Wert: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Ungültiger PIM-Wert: außerhalb des gültigen Bereichs." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Kein Geräte-Header mit dieser Passphrase gefunden." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Gerät »%s« ist kein gültiges BITLK-Gerät." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Der Headerdump zusammen mit dem Laufwerksschlüssel sind\n" +"sensible Daten, mit deren Hilfe man ohne Passphrase auf die\n" +"verschlüsselte Partition zugreifen kann. Dieser Dump sollte\n" +"daher ausschließlich an einem sicheren Ort und verschlüsselt\n" +"aufbewahrt werden." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Gerät »%s« ist noch aktiv und zum verzögerten Entfernen eingeplant.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Um die Größe von aktiven Geräten zu öndern, muss der Laufwerksschlüssel im Schlüsselbund sein, aber die Option --disable-keyring wurde angegeben." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Benchmark unterbrochen." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s (nicht zutreffend)\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u Iterationen pro Sekunde für %zu-Bit-Schlüssel\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s (nicht zutreffend)\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u Iterationen, %5u Speicher, %1u parallele Threads (CPUs) für %zu-Bit-Schlüssel (Zieldauer %u Millisekunden)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Das Ergebnis des Benchmarks ist nicht zuverlässig." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Die Tests sind nur annähernd genau, da sie nicht auf den Datenträger zugreifen.\n" + +# upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption". +# To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators. +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Verschlüsselung »%s« (mit Schlüsselgröße %i Bits) ist nicht verfügbar." + +# upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption". +# To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators. +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/A" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Es scheint, dass das Gerät keine Wiederherstellung der Wiederverschlüsselung braucht.\n" +"Trotzdem fortsetzen?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Wirklich mit der Wiederherstellung der LUKS2-Wiederverschlüsselung fortfahren?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Geben Sie die Passphrase für die Wiederherstellung der Wiederverschlüsselung ein: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Wirklich versuchen, den LUKS-Geräteheader wiederherzustellen?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Gerät wird gesäubert, um die Prüfsumme für die Integrität zu initialisieren.\n" +"Sie können diesen Vorgang mit Strg+C unterbrechen (der nicht gesäuberte Bereich des Geräts wird dann ungültige Prüfsummen haben).\n" + +# upstream: it is boring that I have to translate the newline at the end of each of these messages. Translating strings without newlines is much easier and faster. Since it is redundant anyway (all calls to log_err have a trailing newline), this newline should be written implicitly. +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Fehler beim Deaktivieren des temporären Geräts »%s«." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "Die Integritätsoption kann nur für das LUKS2-Format verwendet werden." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Nicht unterstützte Optionen für Größe der LUKS-Metadaten." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Fehler beim Anlegen der Headerdatei »%s«." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Kein bekanntes Integritätsspezifikationsmuster entdeckt." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Das Gerät »%s« kann nicht als Datenträger-Header benutzt werden." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Hiermit werden die Daten auf »%s« unwiderruflich überschrieben." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Fehler beim Festlegen der PBKDF-Parameter." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Verringerter Datenoffset ist nur für separaten LUKS-Header erlaubt." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Die Größe des Laufwerksschlüssels erfordert Schlüsselfächer, bitte nutzen Sie dazu die Option »--key-size«." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Gerät aktiviert, aber die Schalter können nicht dauerhaft gespeichert werden." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Schlüsselfach %d zum Löschen ausgewählt." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Dies ist das letzte Schlüsselfach. Wenn Sie diesen Schlüssel löschen, wird das Gerät unbrauchbar." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Geben Sie irgendeine verbleibende Passphrase ein: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Vorgang abgebrochen, das Schlüsselfach wurde NICHT gesäubert.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Geben Sie die zu löschende Passphrase ein: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Geben Sie die neue Passphrase für das Schlüsselfach ein: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Geben Sie irgendeine bestehende Passphrase ein: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Geben Sie die zu ändernde Passphrase ein: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Geben Sie die neue Passphrase ein: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Geben Sie die Passphrase für das umzuwandelnde Schlüsselfach ein: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "Die Operation »isLuks« unterstützt nur genau ein Geräte-Argument." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Der Headerdump zusammen mit dem Laufwerksschlüssel sind\n" +"sensible Daten, mit deren Hilfe man ohne Passphrase auf die\n" +"verschlüsselte Partition zugreifen kann. Dieser Dump sollte\n" +"daher ausschließlich an einem sicheren Ort und verschlüsselt\n" +"aufbewahrt werden." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Schlüsselfach %d enthält keinen unverbundenen Schlüssel." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Der Headerdump zusammen mit dem Laufwerksschlüssel sind sensible Daten.\n" +"Dieser Dump sollte daher ausschließlich an einem sicheren Ort und\n" +"verschlüsselt aufbewahrt werden." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Option »--header-backup-file« muss angegeben werden." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s ist kein von cryptsetup verwaltetes Gerät." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Die Geräteart »%s« kann nicht aufgefrischt werden" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Unbekannte Art »%s« des Metadaten-Geräts." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Dieser Befehl benötigt den Gerätenamen und den zugeordneten Namen als Argumente." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Diese Operation wird alle Schlüsselfächer auf Gerät »%s« löschen.\n" +"Dadurch wird das Gerät unbrauchbar." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Vorgang abgebrochen, die Schlüsselfächer wurden NICHT gesäubert.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Invalid LUKS type, only luks1 and luks2 are supported." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Das Gerät hat bereits den Typ »%s«." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Diese Operation wird für »%s« ins Format »%s« umwandeln.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Vorgang abgebrochen, das Gerät wurde NICHT konvertiert.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Die Option --priority, --label oder --subsystem fehlt." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Token %d ist ungültig." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Token %d ist in Benutzung." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Fehler beim Hinzufügen des LUKS2-Schlüsselring-Tokens %d." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Token %d kann nicht dem Schlüsselfach %d zugeordnet werden." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Token %d wird gerade nicht verwendet." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Token konnte nicht aus der Datei importiert werden." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Auf Token %d kann nicht für den Export zugegriffen werden." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Der Parameter --key-description ist Pflicht für die Aktion »token add«." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "Die Aktion erfordert ein bestimmtes Token. Verwenden Sie den Parameter --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Ungültige Token-Operation »%s«." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Automatisch erkanntes aktives dm-Gerät »%s« für Datengerät »%s«.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Gerät »%s« ist kein Blockgerät.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Fehler bei der automatischen Erkennung von Gerät »%s«." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Es ist unklar, ob das Gerät »%s« aktiviert ist oder nicht.\n" +"Möchten Sie wirklich mit der Wiederverschlüsselung im Offline-Modus fortfahren?\n" +"Es kann zu Datenverlust kommen, wenn das Gerät gerade aktiviert ist.\n" +"Um die Wiederverschlüsselung im Online-Modus durchzuführen, verwenden Sie stattdessen den Parameter --active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Ungültige LUKS-Geräteart." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Verschlüsselung ohne separaten Kopfbereich (--header) ist nur möglich, wenn die Größe des Hauptgeräts reduziert wird (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Der angeforderte Datenoffset darf maximal die Hälfte des Parameters --reduce-device-size betragen." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Der Wert von --reduce-device-size wird auf das Doppelte von --offset % (in Sektoren) angepasst.\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Verschlüsselung wird nur für das LUKS2-Format unterstützt." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "LUKS-Gerät auf »%s« erkannt. Möchten Sie dieses LUKS-Gerät erneut verschlüsseln?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Temporäre Headerdatei »%s« existiert bereits. Wird abgebrochen." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Fehler beim Anlegen der temporären Headerdatei »%s«." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s ist jetzt aktiv und bereit für die Onlineverschlüsselung.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Nicht genügend freie Schlüsselfächer für Wiederverschlüsselung." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Schlüsseldatei kann nur mit --key-slot oder mit genau einem aktiven Schlüsselfach benutzt werden." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Geben Sie die Passphrase für Schlüsselfach %d ein: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Geben Sie die Passphrase für Schlüsselfach %u ein: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Dieser Befehl benötigt den Gerätenamen als Argument." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "Derzeit wird nur das LUKS2-Format unterstützt. Bitte verwenden Sie das Werkzeug cryptsetup-reencrypt für LUKS1." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Veraltete Offline-Wiederverschlüsselung wird gerade durchgeführt. Verwenden Sie das Hilfsprogramm cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Wiederverschlüsselung von Geräten mit Integritätsprofil wird nicht unterstützt." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "Die LUKS2-Wiederverschlüsselung wurde bereits begonnen. Die Operation wird abgebrochen." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "LUKS2-Gerät wird derzeit nicht wiederverschlüsselt." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "Gerät als öffnen" + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "Gerät schließen (Zuordnung entfernen)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "Größe des aktiven Geräts ändern" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "Gerätestatus anzeigen" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "Verschlüsselungsalgorithmus benchmarken" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" msgstr "Versuchen, die Metadaten auf dem Datenträger zu reparieren" -#: src/cryptsetup.c:1366 +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "LUKS2-Gerät wiederverschlüsseln" + +#: src/cryptsetup.c:3353 msgid "erase all keyslots (remove encryption key)" msgstr "Alle Schlüsselfächer löschen (Verschlüsselungsschlüssel entfernen)" -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "Zwischen den Formaten LUKS und LUKS2 umwandeln" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "Permanente Konfigurationsoptionen für LUKS2 festlegen" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 msgid " []" msgstr " []" -#: src/cryptsetup.c:1367 +#: src/cryptsetup.c:3356 msgid "formats a LUKS device" msgstr "Ein LUKS-Gerät formatieren" -#: src/cryptsetup.c:1368 +#: src/cryptsetup.c:3357 msgid "add key to LUKS device" msgstr "Schlüssel zu LUKS-Gerät hinzufügen" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 msgid " []" msgstr " []" -#: src/cryptsetup.c:1369 +#: src/cryptsetup.c:3358 msgid "removes supplied key or key file from LUKS device" msgstr "Entfernt bereitgestellten Schlüssel oder Schlüsseldatei vom LUKS-Gerät" -#: src/cryptsetup.c:1370 +#: src/cryptsetup.c:3359 msgid "changes supplied key or key file of LUKS device" -msgstr "" -"Ändert den angegebenen Schlüssel oder die Schlüsseldatei des LUKS-Geräts" +msgstr "Ändert den angegebenen Schlüssel oder die Schlüsseldatei des LUKS-Geräts" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "Wandelt einen Schlüssel in neue PBKDF-Parameter um" -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3361 msgid " " msgstr " " -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3361 msgid "wipes key with number from LUKS device" msgstr "Löscht Schlüssel mit Nummer vom LUKS-Gerät" -#: src/cryptsetup.c:1372 +#: src/cryptsetup.c:3362 msgid "print UUID of LUKS device" msgstr "UUID des LUKS-Geräts ausgeben" -#: src/cryptsetup.c:1373 +#: src/cryptsetup.c:3363 msgid "tests for LUKS partition header" msgstr "Testet auf Header einer LUKS-Partition" -#: src/cryptsetup.c:1374 +#: src/cryptsetup.c:3364 msgid "dump LUKS partition information" msgstr "LUKS-Partitionsinformationen ausgeben" -#: src/cryptsetup.c:1375 +#: src/cryptsetup.c:3365 msgid "dump TCRYPT device information" msgstr "TCRYPT-Geräteinformationen ausgeben" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"LUKS-Gerät in Ruhezustand versetzen und alle Schlüssel auslöschen (alle IOs " -"werden eingefroren)." +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "BITLK-Geräteinformationen ausgeben" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "LUKS-Gerät in Ruhezustand versetzen und alle Schlüssel auslöschen (alle IOs werden eingefroren)" -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "LUKS-Gerät aus dem Ruhezustand aufwecken." +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "LUKS-Gerät aus dem Ruhezustand aufwecken" -#: src/cryptsetup.c:1378 +#: src/cryptsetup.c:3369 msgid "Backup LUKS device header and keyslots" msgstr "Header und Schlüsselfächer eines LUKS-Geräts sichern" -#: src/cryptsetup.c:1379 +#: src/cryptsetup.c:3370 msgid "Restore LUKS device header and keyslots" msgstr "Header und Schlüsselfächer eines LUKS-Geräts wiederherstellen" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "LUKS2-Token manipulieren" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 msgid "" "\n" " is one of:\n" @@ -1130,19 +2338,19 @@ msgstr "" "\n" " ist eine von:\n" -#: src/cryptsetup.c:1402 +#: src/cryptsetup.c:3395 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" msgstr "" "\n" "Sie können auch die alten -Aliase benutzen:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, lookaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:3399 #, c-format msgid "" "\n" @@ -1155,418 +2363,749 @@ msgstr "" " ist das Gerät, das unter »%s« erzeugt wird\n" " ist das verschlüsselte Gerät\n" " ist die Nummer des zu verändernden LUKS-Schlüsselfachs\n" -" optionale Schlüsseldatei für den neuen Schlüssel der " -"»luksAddKey«-Aktion\n" +" optionale Schlüsseldatei für den neuen Schlüssel der »luksAddKey«-Aktion\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Vorgegebenes festeingebautes Metadatenformat ist %s (für luksFormat-Aktion).\n" -#: src/cryptsetup.c:1413 +#: src/cryptsetup.c:3411 #, c-format msgid "" "\n" "Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" "\n" -"Vorgabewerte für Schlüssel und Passphrasen:\n" -"\tMaximale Größe der Schlüsseldatei: %dkB, Maximale Länge der interaktiven " -"Passphrase: %d Zeichen\n" -"Vorgabe für die Durchlaufzeit für PBKDF2 mit LUKS: %d Millisekunden\n" +"Werkseinstellungen für Schlüssel und Passphrasen:\n" +"\tMaximale Größe der Schlüsseldatei: %d kB, Maximale Länge der interaktiven Passphrase: %d Zeichen\n" +"Vorgabe-PBKDF für LUKS1: %s, Durchlaufzeit: %d Millisekunden\n" +"Vorgabe-PBKDF für LUKS2: %s\n" +"\tIterationszeit: %d, benötigter Speicher: %d kB, parallele Threads: %d\n" -#: src/cryptsetup.c:1420 +#: src/cryptsetup.c:3422 #, c-format msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" "Standard-Verschlüsselungsparameter:\n" "\tLoop-AES: %s, Schlüssel %d Bits\n" "\tplain: %s, Schlüssel: %d Bits, Passphrase-Hashen: %s\n" -"\tLUKS1: %s, Schlüssel: %d Bits, LUKS-Header-Hashen: %s, " -"Zufallszahlengenerator: %s\n" +"\tLUKS: %s, Schlüssel: %d Bits, LUKS-Header-Hashen: %s, Zufallszahlengenerator: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: Standard-Schlüsselgröße mit XTS-Modus (zwei interne Schlüssel) wird verdoppelt.\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: Benötigt %s als Argumente" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 msgid "Show this help message" msgstr "Diese Hilfe anzeigen" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 msgid "Display brief usage" msgstr "Kurze Aufrufsyntax anzeigen" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Hilfe-Optionen:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 msgid "Print package version" msgstr "Paketversion ausgeben" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Hilfe-Optionen:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 msgid "Shows more detailed error messages" msgstr "Zeigt detailliertere Fehlermeldungen an" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 msgid "Show debug messages" msgstr "Zeigt Debugging-Meldungen an" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Debugging-Meldungen anzeigen, inclusive JSON-Metadaten" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 msgid "The cipher used to encrypt the disk (see /proc/crypto)" -msgstr "" -"Der Algorithmus zum Verschlüsseln des Datenträgers (siehe /proc/crypto)" +msgstr "Der Algorithmus zum Verschlüsseln des Datenträgers (siehe /proc/crypto)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 msgid "The hash used to create the encryption key from the passphrase" -msgstr "" -"Das Hashverfahren, um den Verschlüsselungsschlüssel aus der Passphrase zu " -"erzeugen" +msgstr "Das Hashverfahren, um den Verschlüsselungsschlüssel aus der Passphrase zu erzeugen" -#: src/cryptsetup.c:1481 +#: src/cryptsetup.c:3492 msgid "Verifies the passphrase by asking for it twice" msgstr "Verifiziert die Passphrase durch doppeltes Nachfragen" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." -msgstr "Schlüssel aus einer Datei lesen." +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Schlüssel aus einer Datei lesen" -#: src/cryptsetup.c:1483 +#: src/cryptsetup.c:3494 msgid "Read the volume (master) key from file." msgstr "Laufwerks-(Master-)Schlüssel aus Datei lesen." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "" -"Laufwerks-(Master-)schlüssel anstelle der Schlüsselfach-Informationen " -"wegschreiben." +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Laufwerks-(Master-)schlüssel anstelle der Schlüsselfach-Informationen wegschreiben" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 msgid "The size of the encryption key" msgstr "Die Größe des Verschlüsselungsschlüssels" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 msgid "BITS" msgstr "BITS" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 msgid "Limits the read from keyfile" msgstr "Begrenzt das Lesen aus der Schlüsseldatei" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 msgid "bytes" msgstr "Bytes" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 msgid "Number of bytes to skip in keyfile" msgstr "Anzahl der Bytes, die in der Schlüsseldatei übersprungen werden" -#: src/cryptsetup.c:1488 +#: src/cryptsetup.c:3499 msgid "Limits the read from newly added keyfile" msgstr "Begrenzt das Lesen aus der neu erzeugten Schlüsseldatei" -#: src/cryptsetup.c:1489 +#: src/cryptsetup.c:3500 msgid "Number of bytes to skip in newly added keyfile" -msgstr "" -"Anzahl der Bytes, die in der neu erzeugten Schlüsseldatei übersprungen werden" +msgstr "Anzahl der Bytes, die in der neu erzeugten Schlüsseldatei übersprungen werden" -#: src/cryptsetup.c:1490 +#: src/cryptsetup.c:3501 msgid "Slot number for new key (default is first free)" msgstr "Fachnummer für den neuen Schlüssel (im Zweifel das nächste freie)" -#: src/cryptsetup.c:1491 +#: src/cryptsetup.c:3502 msgid "The size of the device" msgstr "Die Größe des Geräts" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 msgid "SECTORS" msgstr "SEKTOREN" -#: src/cryptsetup.c:1492 +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Nur die angegebene Gerätegröße benutzen (Rest des Gerätes ignorieren). GEFÄHRLICH!" + +#: src/cryptsetup.c:3504 msgid "The start offset in the backend device" msgstr "Der Startoffset im Backend-Gerät" -#: src/cryptsetup.c:1493 +#: src/cryptsetup.c:3505 msgid "How many sectors of the encrypted data to skip at the beginning" -msgstr "" -"Wieviele Sektoren der verschlüsselten Daten am Anfang übersprungen werden " -"sollen" +msgstr "Wieviele Sektoren der verschlüsselten Daten am Anfang übersprungen werden sollen" -#: src/cryptsetup.c:1494 +#: src/cryptsetup.c:3506 msgid "Create a readonly mapping" msgstr "Eine schreibgeschützte Zuordnung erzeugen" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "PBKDF2 Iterationszeit for LUKS (in ms)" - -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "msek" - -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 msgid "Do not ask for confirmation" msgstr "Nicht nach Bestätigung fragen" # XXX -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 msgid "Timeout for interactive passphrase prompt (in seconds)" msgstr "Frist für interaktive Eingabe der Passphrase (in Sekunden)" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 msgid "secs" msgstr "sek" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Aktualisierungsintervall für Fortschrittszeile (in Sekunden)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 msgid "How often the input of the passphrase can be retried" msgstr "Wie oft die Eingabe der Passphrase wiederholt werden kann" -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3511 msgid "Align payload at sector boundaries - for luksFormat" msgstr "Nutzdaten an Grenzen von Sektoren ausrichten - für luksFormat" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Datei mit dem Backup der LUKS-Header und den Schlüsselfächern." +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Datei mit dem Backup der LUKS-Header und den Schlüsselfächern" -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "/dev/random zum Generieren des Laufwerksschlüssels benutzen." +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "/dev/random zum Generieren des Laufwerksschlüssels benutzen" -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "/dev/urandom zum Generieren des Laufwerksschlüssels benutzen." +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "/dev/urandom zum Generieren des Laufwerksschlüssels benutzen" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "Gerät mit einem anderen nicht-überlappenden Kryptosegment teilen." +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Gerät mit einem anderen nicht-überlappenden Kryptosegment teilen" -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID für das zu verwendende Gerät." +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID für das zu verwendende Gerät" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Auswurf-Anfragen (»TRIM«-Befehl) für das Gerät zulassen." +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Auswurf-Anfragen (»TRIM«-Befehl) für das Gerät zulassen" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Gerät oder Datei mit separatem LUKS-Header." +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Gerät oder Datei mit separatem LUKS-Header" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Gerät nicht aktivieren, nur Passphrase überprüfen." +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Gerät nicht aktivieren, nur Passphrase überprüfen" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Versteckten Header benutzen (verstecktes TCRYPT-Gerät)." +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Versteckten Header benutzen (verstecktes TCRYPT-Gerät)" -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Das Gerät ist das System-TCRYPT-Laufwerk (mit Bootlader)." +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Das Gerät ist das System-TCRYPT-Laufwerk (mit Bootlader)" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Backup-(Zweit-)-TCRYPT-Header benutzen." +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Backup-(Zweit-)-TCRYPT-Header benutzen" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Auch nach VeryCrypt-kompatiblen Geräten suchen." +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Auch nach VeryCrypt-kompatiblen Geräten suchen" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Art der Geräte-Metadaten: luks, plain, loopaes, tcrypt." +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Persönlicher Interations-Multiplizierer (PIM) für VeryCrypt-kompatibles Gerät" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Passwort-Qualitätsprüfung deaktivieren (wenn sie aktiviert ist)." +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Bei VeraCrypt-kompatiblem Gerät nach persönlichem Iterations-Multiplizierer (PIM) fragen" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "" -"Kompatibilitäts-Performance-Option »same_cpu_crypt« für dm-crypt benutzen." +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Art der Geräte-Metadaten: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "" -"Kompatibilitäts-Performance-Option »submit_from_crypt_cpus« für dm-crypt " -"benutzen." +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Passwort-Qualitätsprüfung deaktivieren (wenn sie aktiviert ist)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Kompatibilitäts-Performance-Option »same_cpu_crypt« für dm-crypt benutzen" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Kompatibilitäts-Performance-Option »submit_from_crypt_cpus« für dm-crypt benutzen" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "Das Entfernen des Geräts wird aufgeschoben, bis der letzte Benutzer es schließt" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Globale Sperre verwenden, um speicherintensive PBKDF zu serialisieren (um Speicherprobleme zu umgehen)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "PBKDF-Iterationszeit for LUKS (in ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "msek" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "PBKDF-Algorithmus (für LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "PBKDF-Speicherkostengrenze" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "Kilobytes" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "PBKDF-Parallelitätskosten" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "Threads" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "PBKDF-Iterationskosten (erzwungen, deaktiviert Benchmark)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Schlüsselfach-Priorität: ignore (ignorieren), normal, prefer (bevorzugen)" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Dateisperrung von Metadaten auf der Platte deaktivieren" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Deaktivieren, dass Laufwerksschlüssel über den Kernel-Schlüsselbund geladen werden" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Datenintegritätsalgorithmus (nur LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Aufzeichnung für Integritätsgerät deaktivieren" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Gerät nach dem Formatieren nicht säubern" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Ineffizientes Altlasten-Padding verwenden (für alte Kernel)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Nicht nach einer Passphrase fragen, wenn die Aktivierung durch Token fehlschlägt" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Token-Nummer (Vorgabe: eine beliebige)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Schlüsselbeschreibung" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Verschlüsselungs-Sektorgröße (Vorgabe: 512 Bytes)" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "IV verwenden (in Sektorgröße gezählt statt in Einheiten von 512 Bytes)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Aktivierungsschalter für Gerät permanent festlegen" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Beschriftung für das LUKS2-Gerät festlegen" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Teilsystem-Beschriftung für das LUKS2-Gerät festlegen" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Unbeschränktes LUKS2-Schlüsselfach (ohne zugeordnetem Datensegment) anlegen oder wegschreiben" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "JSON aus einer Datei lesen oder in eine Datei schreiben" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Größe des Bereichs für LUKS2-Header-Metadaten" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Größe des Bereichs für Schlüsselfächer im LUKS2-Header" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Gerät mit neuen Parametern auffrischen (reaktivieren)" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "LUKS2-Schlüsselfach: Die Größe des Verschlüsselungsschlüssels" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "LUKS2-Keyslot: Der Algorithmus, der für die Keyslot-Verschlüsselung verwendet wird" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "LUKS2-Gerät verschlüsseln (direkt am Ort)." + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "LUKS2-Gerät entschlüsseln (Verschlüsselung entfernen)." + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "LUKS2-Wiederverschlüsselung nur in Metadaten beginnen." + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Nur eine begonnene LUKS2-Wiederverschlüsselung fortsetzen." -#: src/cryptsetup.c:1531 src/veritysetup.c:402 +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Größe des Datengeräts reduzieren (Datenoffset verschieben). GEFÄHRLICH!" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Maximalgröße der Wiederverschlüsselungs-Hotzone." + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Widerstandsfähigkeit der Hotzone für die Wiederverschlüsselung (checksum,journal,none)" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Hash für Prüfsummen der Wiederverschlüsselungs-Hotzone" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Automatische Geräteerkennung der dm-Geräte für die Wiederverschlüsselung übersteuern" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 msgid "[OPTION...] " msgstr "[OPTION...] " -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Laufe im FIPS-Modus.\n" - -#: src/cryptsetup.c:1581 src/veritysetup.c:439 +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 msgid "Argument missing." msgstr "Argument fehlt." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 msgid "Unknown action." msgstr "Unbekannte Aktion." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "Die Option --shared ist nur beim Öffnen eines Plain-Geräts erlaubt.\n" +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Die Optionen --refresh und --test-passphrase schließen sich gegenseitig aus." -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "Die Option --allow-discards ist nur beim Öffnen erlaubt.\n" +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "Die Option --deferred ist nur beim »close«-Befehl erlaubt." -#: src/cryptsetup.c:1657 -msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." -msgstr "" -"Die Option --key-size ist nur für »luksFormat«, »open« und »benchmark« " -"erlaubt.\n" -"Benutzen Sie stattdessen »--keyfile-size=(Bytes)«, um das Lesen aus der " -"Schlüsseldatei zu begrenzen." +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "Die Option --shared ist nur beim beim »open«-Befehl eines Plain-Gerätes erlaubt." + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Die Option --allow-discards ist nur beim »open«-Befehl erlaubt." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "Die Option --persistent ist nur beim »open«-Befehl erlaubt." -#: src/cryptsetup.c:1664 +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "Die Option --serialize-memory-hard-pbkdf ist nur beim »open«-Befehl erlaubt." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "Die Option --persistent ist nicht mit --test-passphrase kombinierbar." + +#: src/cryptsetup.c:3753 msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." msgstr "" -"Die Option --test-passphrase ist nur beim Öffnen von LUKS- und TCRYPT-" -"Geräten erlaubt.\n" +"Die Option --key-size ist nur für »luksFormat«, »luksAddKey«,\n" +"»open« und »benchmark« erlaubt. Benutzen Sie stattdessen »--keyfile-size=(Bytes)«,\n" +"um das Lesen aus der Schlüsseldatei zu begrenzen." + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Die Option --integrity ist nur für luksFormat (LUKS2) erlaubt." -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "Die Option --integrity-no-wipe ist nur für die »format«-Aktion mit Integritätserweiterung erlaubt." + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Die Optionen --label und --subsystem sind nur für die Aktionen »luksFormat« und »config LUKS2« erlaubt." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Die Option --test-passphrase ist nur beim Öffnen von LUKS, TCRYPT- und BITLK-Geräten erlaubt." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 msgid "Key size must be a multiple of 8 bits" msgstr "Schlüsselgröße muss ein Vielfaches von 8 Bit sein" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 msgid "Key slot is invalid." msgstr "Schlüsselfach ist ungültig." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"Die Option --key-file wirkt stärker als das angegebene Schlüsseldatei-" -"Argument.\n" +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Die Option --key-file wirkt stärker als das angegebene Schlüsseldatei-Argument." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 msgid "Negative number for option not permitted." msgstr "Negative Zahl für die Option nicht erlaubt." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Die Option --key-file ist nur einmal erlaubt." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 msgid "Only one of --use-[u]random options is allowed." msgstr "Nur eine der Optionen --use-[u]random ist erlaubt." -#: src/cryptsetup.c:1699 +#: src/cryptsetup.c:3813 msgid "Option --use-[u]random is allowed only for luksFormat." msgstr "Die Option --use-[u]random ist nur für luksFormat erlaubt." -#: src/cryptsetup.c:1703 +#: src/cryptsetup.c:3817 msgid "Option --uuid is allowed only for luksFormat and luksUUID." msgstr "Die Option --uuid ist nur für luksFormat und luksUUID erlaubt." -#: src/cryptsetup.c:1707 +#: src/cryptsetup.c:3821 msgid "Option --align-payload is allowed only for luksFormat." msgstr "Die Option --align-payload ist nur für luksFormat erlaubt." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Die Option --skip ist nur beim Öffnen von plain- und loopaes-Geräten " -"erlaubt.\n" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Die Optionen --luks2-metadata-size und --opt-luks2-keyslots-size sind nur für luksFormat mit LUKS2 erlaubt." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Ungültige Angabe für die Größe der LUKS2-Metadaten." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Ungültige Angabe für die Größe der LUKS2-Schlüsselfächer." + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Die Optionen --align-payload und --offset können nicht kombiniert werden." + +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Die Option --skip ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt." + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Die Option --offset ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt, sowie für luksFormat und Geräte-Wiederverschlüsselung." + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Die Optionen --tcrypt-hidden, --tcrypt-system und --tcrypt-backup sind nur zusammen mit einem TCRYPT-Gerät erlaubt." + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Die Option --tcrypt-hidden kann nicht mit --allow-discards kombiniert werden." + +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Die Option --veracrypt wird nur für TCRYPT-kompatible Geräte unterstützt." + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Ungültiges Argument für Parameter --veracrypt-pim angegeben." + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Die Option --veracrypt-pim wird nur für VeraCrypt-kompatible Geräte unterstützt." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Die Option --veracrypt-query-pim wird nur für VeraCrypt-kompatible Geräte unterstützt." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Die Optionen --veracrypt-pim und --veracrypt-query-pim schließen sich gegenseitig aus." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "Die Option --priority kann nur »ignore/normal/prefer« sein." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Das Schlüsselfach muss angegeben werden." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "Passwortbasierte Schlüsselableitungsfunktion (PBKDF) kann nur »pbkdf2« oder »argon2i/argon2id« sein." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Bei PBKDF darf nur entweder die Anzahl der Durchläufe oder die Zeitbegrenzung angegeben werden." + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "Die Option Sektorgröße wird für diesen Befehl nicht unterstützt." + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "Die Option für große IV-Sektoren wird nur unterstützt, wenn das geöffnete Gerät Sektoren größer als 512 Bytes hat." + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "Die Option »--unbound« erfordert die Schlüsselgröße." + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "Die Option »--unbound« kann nur zusammen mit den Aktionen »luksAddKey« und »luksDump« benutzt werden." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "Die Option --refresh kann nur zusammen mit der Aktion »open« benutzt werden." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "Fehler beim Deaktivieren der Metadaten-Dateisperre." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "Ungültige Angabe der Maximalgröße für die Wiederverschlüsselungs-Hotzone." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Ungültige Angabe der Gerätegröße." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "Die maximale Verkleinerungsgröße ist 1 GiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Die verkleinerte Größe muss ein Vielfaches von 512-Byte-Sektoren sein." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "Ungültige Angabe der Datengröße." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Überlauf bei der Verringerungsgröße." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "LUKS2-Entschlüsselung erfordert die Option --header." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Die Gerätegröße muss ein Vielfaches von 512-Byte-Sektoren sein." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Die Optionen --reduce-device-size und --data-size können nicht kombiniert werden." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Die Optionen --device-size und --size können nicht kombiniert werden." -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "" -"Die Option --offset ist nur beim Öffnen von plain- und loopaes-Geräten " -"erlaubt.\n" +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Die Optionen --ignore-corruption und --restart-on-corruption können nicht zusammen benutzt werden." -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" -msgstr "" -"Die Optionen --tcrypt-hidden, --tcrypt-system und --tcrypt-backup sind nur " -"zusammen mit einem TCRYPT-Gerät erlaubt.\n" +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Ungültiger Salt-String angegeben." -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "" -"Die Option --tcrypt-hidden kann nicht mit --allow-discards kombiniert " -"werden.\n" +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Fehler beim Schreiben des Hash-Abbilds »%s«." -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "" -"Die Option --veracrypt wird nur für TCRYPT-kompatible Geräte unterstützt.\n" +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Fehler beim Schreiben des FEC-Abbilds »%s«." -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "Ungültiger Salt-String angegeben.\n" +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Ungültiger Root-Hash-String angegeben." -#: src/veritysetup.c:88 +#: src/veritysetup.c:187 #, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "Fehler beim Schreiben des Hash-Abbilds »%s«.\n" +msgid "Invalid signature file %s." +msgstr "Ungültige Signaturdatei »%s«." -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "Ungültiger Root-Hash-String angegeben.\n" +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Fehler beim Einlesen der Signaturdatei »%s«." -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 msgid " " msgstr " " -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 src/integritysetup.c:479 msgid "format device" msgstr "Gerät formatieren" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid " " msgstr " " -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid "verify device" msgstr "Gerät verifizieren" -#: src/veritysetup.c:310 -msgid " " -msgstr " " - -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "Aktives Gerät anlegen" +#: src/veritysetup.c:394 +msgid " " +msgstr " " -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "Gerät entfernen (deaktivieren)" - -#: src/veritysetup.c:312 +#: src/veritysetup.c:396 src/integritysetup.c:482 msgid "show active device status" msgstr "Status der aktiven Geräte anzeigen" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 msgid "" msgstr "" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 src/integritysetup.c:483 msgid "show on-disk information" msgstr "Auf dem Datenträger gespeicherte Informationen anzeigen" -#: src/veritysetup.c:332 +#: src/veritysetup.c:416 #, c-format msgid "" "\n" @@ -1581,342 +3120,932 @@ msgstr "" " ist das Gerät, das die Verifikationsdaten enthält\n" " ist der Hash des Rootknotens auf \n" -#: src/veritysetup.c:339 +#: src/veritysetup.c:423 #, c-format msgid "" "\n" "Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" msgstr "" "\n" "Einkompilierte Vorgabewerte für dm-verity:\n" -"\tHash: %s, Datenblock (Bytes): %u, Hashblock (Bytes): %u, Salt-Größe: %u, " -"Hashformat: %u\n" +"\tHash: %s, Datenblock (Bytes): %u, Hashblock (Bytes): %u, Salt-Größe: %u, Hashformat: %u\n" -#: src/veritysetup.c:377 +#: src/veritysetup.c:466 msgid "Do not use verity superblock" msgstr "Verity-Superblock nicht benutzen" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "Format type (1 - normal, 0 - original Chrome OS)" msgstr "Format-Art (1 - normal, 0 - originales Chrome-OS)" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "number" msgstr "Zahl" -#: src/veritysetup.c:379 +#: src/veritysetup.c:468 msgid "Block size on the data device" msgstr "Blockgröße auf dem Datengerät" -#: src/veritysetup.c:380 +#: src/veritysetup.c:469 msgid "Block size on the hash device" msgstr "Blockgröße auf dem Hash-Gerät" -#: src/veritysetup.c:381 +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "FEC-Paritätsbytes" + +#: src/veritysetup.c:471 msgid "The number of blocks in the data file" msgstr "Die Anzahl der Blöcke in der Datendatei" -#: src/veritysetup.c:381 +#: src/veritysetup.c:471 msgid "blocks" msgstr "Blöcke" -#: src/veritysetup.c:382 +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Pfad zum Gerät mit Fehlerkorrekturdaten" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "Pfad" + +#: src/veritysetup.c:473 msgid "Starting offset on the hash device" msgstr "Start-Offset auf dem Hash-Gerät" -#: src/veritysetup.c:383 +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Start-Offset auf dem FEC-Gerät" + +#: src/veritysetup.c:475 msgid "Hash algorithm" msgstr "Hash-Algorithmus" -#: src/veritysetup.c:383 +#: src/veritysetup.c:475 msgid "string" msgstr "Zeichenkette" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "Salt" msgstr "Salt" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "hex string" msgstr "Hex-Zeichenkette" -#: src/cryptsetup_reencrypt.c:147 +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Pfad zur Signaturdatei des Stammhashes" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Kernel neustarten wenn Beschädigung festgestellt wird" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Beschädigung ignorieren, nur mitloggen" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Ausgenullte Blöcke nicht überprüfen" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Datenblock nur beim erstmaligen Lesen verifizieren" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Die Optionen --ignore-corruption, --restart-on-corruption und --ignore-zero-blocks sind nur für die »open«-Aktion erlaubt." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Die Option --root-hash-signature kann nur zusammen mit der Aktion »open« benutzt werden." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Die Optionen --ignore-corruption und --restart-on-corruption können nicht zusammen benutzt werden." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Fehler beim Einlesen von %d Bytes aus der Schlüsseldatei »%s«." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formatiert mit Etikettgröße %u und interner Integrität %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" ist das Gerät, das unter »%s« angelegt werden soll\n" +" ist das Gerät, das die Daten mit Integritätsangaben enthält\n" + +#: src/integritysetup.c:507 #, c-format -msgid "Cannot exclusively open %s, device in use.\n" +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" msgstr "" -"Gerät »%s« kann nicht exklusiv geöffnet werden, da es bereits benutzt wird.\n" +"\n" +"Einkompilierte Vorgabewerte für dm-integrity:\n" +"\tPrüfalgorithmus: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Pfad zum Datengerät (wenn getrennt)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Journalgröße" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Sektoren verschränken" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Jornal-Wasserzeichen" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "Prozent" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Journal-Commitzeit" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Anzahl der 512-Byte-Sektoren pro Bit (Bitmap-Modus)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Zeit für sicheres Speichern im Bitmap-Modus" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Etikettgröße pro Sektor" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Sektorengröße" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Puffergröße" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Datenintegritäts-Algorithmus" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Die Größe des Datenintegritätsschlüssels" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Integritätsschlüssel aus einer Datei lesen" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Integritätsalgorithmus für Journal" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Die Größe des Integritätsschlüssels für das Journal" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Integritätsschlüssel für das Journal aus einer Datei lesen" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Algorithmus für Journalverschlüsselung" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Die Größe des Journal-Verschlüsselungsschlüssels" -#: src/cryptsetup_reencrypt.c:151 +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Journal-Verschlüsselungsschlüssel aus einer Datei lesen" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Wiederherstellungsmodus (kein Journal, keine Etikettprüfung)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Bitmap verwenden, um Änderungen nachzuverfolgen und Journal für Integritätsgerät deaktivieren" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Initiale Integritätsangaben automatisch neu berechnen." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Die Option --integrity-recalculate kann nur zusammen mit der Aktion »open« benutzt werden." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Die Optionen --journal-size, --interleave-sectors, --sector-size, --tag-size und --no-wipe können nur bei der Aktion »format« verwendet werden." + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "Ungültige Angabe der Journalgröße." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen angegeben werden." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "Wenn ein Integritätsschlüssel verwendet wird, muss auch der Integritätsalgorithmus angegeben werden." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen für die Journalintegrität angegeben werden." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Wenn ein Integritätsschlüssel für das Journal verwendet wird, muss auch der Integritätsalgorithmus angegeben werden." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Sowohl der Verschlüsselungsschlüssel als auch die Schlüsselgröße müssen für die Journalverschlüsselung angegeben werden." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Wenn ein Verschlüsselungsschlüssel für das Journal verwendet wird, muss auch der Verschlüsselungsalgorithmus angegeben werden." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Die Modi Wiederherstellung und Bitmap schließen sich gegenseitig aus." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Die Journal-Optionen können nicht im Bitmap-Modus verwendet werden." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Die Bitmapoptionen können nur im Bitmapmodus verwendet werden." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Wiederverschlüsselung läuft bereits." + +#: src/cryptsetup_reencrypt.c:208 #, c-format -msgid "Cannot open device %s\n" -msgstr "Fehler beim Öffnen von Gerät »%s«.\n" +msgid "Cannot exclusively open %s, device in use." +msgstr "Gerät »%s« kann nicht exklusiv geöffnet werden, da es bereits benutzt wird." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "Belegen des ausgerichteten Speichers fehlgeschlagen.\n" +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "Belegen des ausgerichteten Speichers fehlgeschlagen." -#: src/cryptsetup_reencrypt.c:168 +#: src/cryptsetup_reencrypt.c:229 #, c-format -msgid "Cannot read device %s.\n" -msgstr "Fehler beim Lesen von Gerät »%s«.\n" +msgid "Cannot read device %s." +msgstr "Fehler beim Lesen von Gerät »%s«." -#: src/cryptsetup_reencrypt.c:179 +#: src/cryptsetup_reencrypt.c:240 #, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "LUKS-Gerät »%s« wird als unbenutzbar markiert.\n" +msgid "Marking LUKS1 device %s unusable." +msgstr "LUKS1-Gerät »%s« wird als unbenutzbar markiert." -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "LUKS-Gerät »%s« wird als benutzbar markiert.\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "LUKS2-Offline-Wiederverschlüsselungs-Kennzeichen wird auf Gerät »%s« festgelegt." -#: src/cryptsetup_reencrypt.c:200 +#: src/cryptsetup_reencrypt.c:261 #, c-format -msgid "Cannot write device %s.\n" -msgstr "Fehler beim Schreiben auf Gerät »%s«.\n" +msgid "Cannot write device %s." +msgstr "Fehler beim Schreiben auf Gerät »%s«." -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "Fehler beim Speichern der Wiederverschlüsselungs-Logdatei.\n" +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Fehler beim Speichern der Wiederverschlüsselungs-Logdatei." -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "Fehler beim Einlesen der Wiederverschlüsselungs-Logdatei.\n" +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Fehler beim Einlesen der Wiederverschlüsselungs-Logdatei." -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "Logdatei »%s« existiert, Wiederverschlüsselung wird fortgesetzt.\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "Temporäres Gerät mit dem alten LUKS-Header wird aktiviert.\n" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Temporäres Gerät mit dem alten LUKS-Header wird aktiviert." -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "Temporäres Gerät mit dem neuen LUKS-Header wird aktiviert.\n" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Temporäres Gerät mit dem neuen LUKS-Header wird aktiviert." -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Fehler beim Aktivieren der temporären Geräte.\n" +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Fehler beim Aktivieren der temporären Geräte." -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Neuer LUKS-Header für Gerät »%s« angelegt.\n" +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Fehler beim Festlegen des Daten-Offsets." -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Fehler beim Festlegen der Metadatengröße." + +#: src/cryptsetup_reencrypt.c:573 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Schlüsselfach %i aktiviert.\n" +msgid "New LUKS header for device %s created." +msgstr "Neuer LUKS-Header für Gerät »%s« angelegt." -#: src/cryptsetup_reencrypt.c:484 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "LUKS-Backup-Header von Gerät »%s« angelegt.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Diese Version von cryptsetup-reencrypt kann internen Tokentyp %s nicht verarbeiten." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Fehler beim Lesen der Aktivierungsschalter aus dem Backup-Header." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "Fehler beim Anlegen des LUKS-Backup-Headers.\n" +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Fehler beim Schreiben der Aktivierungsschalter in den neuen Header." -#: src/cryptsetup_reencrypt.c:634 +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Fehler beim Lesen der Anforderungen aus dem Backup-Header." + +#: src/cryptsetup_reencrypt.c:705 #, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Fehler beim Wiederherstellen des LUKS-Headers auf Gerät »%s«.\n" +msgid "%s header backup of device %s created." +msgstr "%s-Backup-Header von Gerät »%s« angelegt." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "Fehler beim Anlegen des LUKS-Backup-Headers." -#: src/cryptsetup_reencrypt.c:636 +#: src/cryptsetup_reencrypt.c:901 #, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "LUKS-Header auf Gerät »%s« wiederhergestellt.\n" +msgid "Cannot restore %s header on device %s." +msgstr "Fehler beim Wiederherstellen des %s-Headers auf Gerät »%s«." -#: src/cryptsetup_reencrypt.c:669 +#: src/cryptsetup_reencrypt.c:903 #, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Fortschritt: %5.1f%%, noch %02llu:%02llu, %4llu MiB geschrieben bei %5.1f " -"MiB/s%s" +msgid "%s header on device %s restored." +msgstr "%s-Header auf Gerät »%s« wiederhergestellt." -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Fehler beim Springen zum Gerät-Offset.\n" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Fehler beim Öffnen des temporären LUKS-Geräts." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Fehler beim Öffnen der temporären LUKS-Header-Datei.\n" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Fehler beim Ermitteln der Gerätegröße." -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "Fehler beim Ermitteln der Gerätegröße.\n" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "E/A-Fehler während der Wiederverschlüsselung." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Durch ein Signal unterbrochen.\n" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Die angegebene UUID ist ungültig." -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "E/A-Fehler während der Wiederverschlüsselung.\n" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Fehler beim Öffnen der Wiederverschlüsselungs-Logdatei." -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"Schlüsseldatei kann nur mit --key-slot oder mit genau einem aktiven " -"Schlüsselfach benutzt werden.\n" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Derzeit ist keine Entschlüsselung im Gange, die angegebene UUID kann nur benutzt werden, um einen unterbrochenen Entschlüsselungsvorgang fortzusetzen." -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 +#: src/cryptsetup_reencrypt.c:1504 #, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Geben Sie die Passphrase für Schlüsselfach %u ein: " +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "PBKDF-Parameter in Schlüsselfach %i wurden geändert." -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Fehler beim Öffnen der Wiederverschlüsselungs-Logdatei.\n" - -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "Reencryption block size" msgstr "Wiederverschlüsselungs-Blockgröße" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "MiB" msgstr "MiB" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "Schlüssel nicht ändern, Datenbereich nicht neu verschlüsseln." +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Schlüssel nicht ändern, Datenbereich nicht neu verschlüsseln" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Laufwerks-(Master-)Schlüssel aus Datei lesen" -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "Beim Zugriff auf die Geräte direct-io benutzen." +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "PBKDF2 Iterationszeit for LUKS (in ms)" -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "Nach jedem Block fsync aufrufen." +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Beim Zugriff auf die Geräte direct-io benutzen" -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Logdatei nach jedem Block aktualisieren." +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Nach jedem Block fsync aufrufen" -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "Nur dieses Schlüsselfach benutzen (alle anderen werden deaktiviert)." +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Logdatei nach jedem Block aktualisieren" -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" -"Größe des Datengeräts reduzieren (Datenoffset verschieben). GEFÄHRLICH!" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Nur dieses Schlüsselfach benutzen (alle anderen werden deaktiviert)" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Nur die angegebene Gerätegröße benutzen (Rest des Gerätes ignorieren). " -"GEFÄHRLICH!" +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Neuen Header auf unverschlüsseltem Gerät anlegen" -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Neuen Header auf unverschlüsseltem Gerät anlegen." +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Gerät dauerhaft entschlüsseln (Verschlüsselung entfernen)" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." -msgstr "Gerät dauerhaft entschlüsseln (Verschlüsselung entfernen)." +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "Die UUID, um das Entschlüsseln fortzusetzen" -#: src/cryptsetup_reencrypt.c:1298 +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Art der LUKS-Metadaten: luks1, luks2" + +#: src/cryptsetup_reencrypt.c:1659 msgid "[OPTION...] " msgstr "[OPTION...] " -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" -"WARNUNG: Dies ist experimenteller Code, es kann sein, dass er Ihre Daten " -"komplett zerstört.\n" - -#: src/cryptsetup_reencrypt.c:1313 +#: src/cryptsetup_reencrypt.c:1667 #, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "Wiederverschlüsselung ändert: Laufwerkskennung%s%s%s%s.\n" +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Wiederverschlüsselung ändert: %s%s%s%s%s%s." -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "Laufwerksschlüssel" + +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " msgstr ", Hash auf " -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr ", Verschlüsselung auf " -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "Argument muss angegeben werden." -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Für die Wiederverschlüsselungs-Blockgröße sind nur Werte zwischen 1 MiB und " -"64 MiB erlaubt." - -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Ungültige Angabe der Gerätegröße." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Für die Wiederverschlüsselungs-Blockgröße sind nur Werte zwischen 1 MiB und 64 MiB erlaubt." -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." msgstr "Die maximale Verkleinerungsgröße ist 64 MiB." -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Die verkleinerte Größe muss ein Vielfaches von 512-Byte-Sektoren sein." - -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "" -"Die Option »--new« muss zusammen mit »--reduce-device-size« benutzt werden." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Die Option »--new« muss zusammen mit »--reduce-device-size« oder »--header« benutzt werden." -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" -"Die Option »--keep-new« kann nur zusammen mit »--hash« oder »--iter-time« " -"benutzt werden." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Die Option »--keep-new« kann nur zusammen mit »--hash«, »--iter-time« oder »--pbkdf-force-iterations« benutzt werden." -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "Die Option »--new« kann nicht zusammen mit »--decrypt« benutzt werden." -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." -msgstr "" -"Die Option --decrypt verträgt sich nicht mit den angegebenen Parametern." +msgstr "Die Option --decrypt verträgt sich nicht mit den angegebenen Parametern." + +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Die Option »--uuid« kann nur zusammen mit »--decrypt« benutzt werden." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Ungültiger LUKS-Typ. Verwenden Sie einen von diesen: luks, luks1, luks2." #: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Fehler beim Lesen der Antwort vom Terminal.\n" +msgid "Error reading response from terminal." +msgstr "Fehler beim Lesen der Antwort vom Terminal." -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Befehl erfolgreich.\n" -#: src/utils_tools.c:191 +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "Falsche oder fehlende Parameter" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "Kein Zugriff, oder falsche Passphrase" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "Nicht genug Speicher" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "Falsches Gerät oder falsche Datei angegeben" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "Das Gerät existiert bereits oder wird bereits benutzt" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "Unbekannter Fehler" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "Fehler %i beim Ausführen eines Befehls »%s«.\n" + +#: src/utils_tools.c:283 #, c-format -msgid "Command failed with code %i" -msgstr "Fehler %i beim Ausführen eines Befehls" +msgid "Key slot %i created." +msgstr "Schlüsselfach %i erstellt." -#: src/utils_password.c:42 +#: src/utils_tools.c:285 #, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Fehler beim Prüfen der Passwortqualität: %s\n" +msgid "Key slot %i unlocked." +msgstr "Schlüsselfach %i entsperrt." -#: src/utils_password.c:50 +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Schlüsselfach %i entfernt." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Token %i erstellt." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Token %i entfernt." + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Gründlich löschen unterbrochen." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Partitionssignatur.\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Superblock-Signatur.\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Fehler beim Initialisieren der Gerätesignatursonden." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Gerät %s konnte nicht gefunden werden." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Gerät %s wird gerade benutzt. Das Formatieren ist gerade nicht möglich." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Datei %s konnte nicht im Lese-/Schreibmodus geöffnet werden." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "Die bestehende Partitionssignatur »%s« (Offset: % Bytes) auf Gerät %s wird dadurch gelöscht." + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "Die bestehende Superblocksignatur »%s« (Offset: % Bytes) auf Gerät %s wird dadurch gelöscht." + +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Fehler beim Löschen der Gerätesignatur." + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Gerät %s konnte nicht auf eine Signatur geprüft werden." + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Wiederverschlüsselung unterbrochen." + +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Fehler beim Prüfen der Passwortqualität: %s" + +#: src/utils_password.c:51 #, c-format msgid "" "Password quality check failed:\n" -" %s\n" +" %s" msgstr "" "Passwort-Qualitätsüberprüfung fehlgeschlagen:\n" -" %s\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Passwort-Qualitätsüberprüfung fehlgeschlagen: Falsche Passphrase (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Fehler beim Lesen der Passphrase vom Terminal." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Passphrase bestätigen: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Passphrasen stimmen nicht überein." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Offset kann nicht zusammen mit Terminaleingabe benutzt werden." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Passphrase eingeben: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Geben Sie die Passphrase für »%s« ein: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Kein Schlüssel mit dieser Passphrase verfügbar." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Es ist kein nutzbares Schlüsselfach verfügbar." + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Fehler beim Schreiben der Schlüsseldatei »%s«." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Fehler beim Schreiben der Schlüsseldatei »%s«." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Datei %s konnte nicht im Nur-Lese-Modus geöffnet werden." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Geben Sie gültiges LUKS2-Token-JSON an:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "JSON-Datei konnte nicht gelesen werden." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Lesen unterbrochen." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "Datei %s konnte nicht im Schreibmodus geöffnet werden." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Schreiben unterbrochen." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "JSON-Datei konnte nicht geschrieben werden." + +#~ msgid "Parameter --refresh is only allowed with open or refresh commands." +#~ msgstr "Die Option --refresh ist nur beim »open«- oder »refresh«-Befehl erlaubt." + +#~ msgid "Cipher %s is not available." +#~ msgstr "Verschlüsselung »%s« ist nicht verfügbar." + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Nicht unterstützte Sektorengröße für Verschlüsselung.\n" + +#~ msgid "Offline reencryption in progress. Aborting." +#~ msgstr "Offline-Wiederverschlüsselung läuft gerade. Wird abgebrochen." + +#~ msgid "Online reencryption in progress. Aborting." +#~ msgstr "Online-Wiederverschlüsselung läuft gerade. Wird abgebrochen." + +#~ msgid "No LUKS2 reencryption in progress." +#~ msgstr "Derzeit läuft keine LUKS2-Wiederverschlüsselung." + +#~ msgid "Interrupted by a signal." +#~ msgstr "Durch ein Signal unterbrochen." + +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Diese Funktion ist im FIPS-Modus nicht verfügbar." + +#~ msgid "Failed to write hash." +#~ msgstr "Fehler beim Schreiben des Hashes." + +#~ msgid "Failed to finalize hash." +#~ msgstr "Fehler beim Berechnen des Hashes." + +#~ msgid "Invalid resilience parameters (internal error)." +#~ msgstr "Interner Fehler: ungültige Parameter für Widerstandsfähigkeit." + +#~ msgid "Failed to assign new enc segments." +#~ msgstr "Fehler beim Zuweisen neuer Verschlüsselungssegmente." + +#~ msgid "Failed to assign digest %u to segment %u." +#~ msgstr "Digest %u konnte dem Segment %u nicht zugewiesen werden." + +#~ msgid "Failed to set segments." +#~ msgstr "Fehler beim Festlegen der Segmente." + +#~ msgid "Failed to assign reencrypt previous backup segment." +#~ msgstr "Fehler beim Wiederverschlüsseln des vorigen Backupsegments." + +#~ msgid "Failed to assign reencrypt final backup segment." +#~ msgstr "Fehler beim Wiederverschlüsseln des letzten Backupsegments." + +#~ msgid "Failed generate 2nd segment." +#~ msgstr "Fehler beim Generieren des 2. Segments." + +#~ msgid "Failed generate 1st segment." +#~ msgstr "Fehler beim Generieren des 1. Segments." + +#~ msgid "Failed to allocate device %s." +#~ msgstr "Fehler beim Öffnen des Geräts »%s«." + +#~ msgid "Failed to allocate dm segments." +#~ msgstr "Fehler beim Reservieren der dm-Segmente." + +#~ msgid "Failed to create dm segments." +#~ msgstr "Fehler beim Anlegen der dm-Segmente." + +#~ msgid "Failed to allocate device for new backing device." +#~ msgstr "Fehler beim Reservieren des Geräts für das neue Hintergrundgerät." + +#~ msgid "Failed to reload overlay device %s." +#~ msgstr "Fehler beim Neuladen des Überlagerungsgeräts »%s«." + +#~ msgid "Failed to refresh helper devices." +#~ msgstr "Fehler beim Auffrischen der Hilfsgeräte." + +#~ msgid "Failed to create reencryption backup segments." +#~ msgstr "Fehler beim Erzeugen der Backupsegmente für die Wiederverschlüsselung." + +#~ msgid "Failed to set online-reencryption requirement." +#~ msgstr "Fehler beim Festlegen der Anforderungen für Online-Wiederverschlüsselung." + +#~ msgid "Failed to hash sector at offset %zu." +#~ msgstr "Fehler beim Hashen des Sektors an Offset %zu." + +#~ msgid "Failed to read sector hash." +#~ msgstr "Fehler beim Lesen des Hashes des Sektors." + +#~ msgid "Error: Calculated reencryption offset % is beyond device size %." +#~ msgstr "Fehler: Der berechnete Offset für die Wiederverschlüsselung % liegt jenseits der Gerätegröße %." + +#~ msgid "Device is not in clean reencryption state." +#~ msgstr "Das Gerät ist nicht in einem sauberen Wiederverschlüsselungszustand." + +#~ msgid "Failed to calculate new segments." +#~ msgstr "Fehler beim Berechnen der neuen Segmente." + +#~ msgid "Failed to assign pre reenc segments." +#~ msgstr "Fehler beim Zuweisen der Segmente vor der Wiederverschlüsselung." + +#~ msgid "Failed finalize hotzone resilience, retval = %d" +#~ msgstr "Interner Fehler beim Finalisieren der Hotzonen-Widerstandsfähigkeit, retval = %d" + +#~ msgid "Failed to write data." +#~ msgstr "Fehler beim Schreiben von Daten." + +#~ msgid "Failed to update metadata or reassign device segments." +#~ msgstr "Fehler beim Aktualisieren der Metadaten oder bei der Zuordnung von Gerätesegmenten." + +#~ msgid "Failed to reload %s device." +#~ msgstr "Fehler beim Neuladen des Geräts »%s«." + +#~ msgid "Failed to erase backup segments" +#~ msgstr "Fehler beim Löschen der Backupsegmente." + +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Die verlangten dmcrypt-Performance-Optionen werden nicht unterstützt." + +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Gerät »%s« kann nicht formatiert werden, da es gerade benutzt wird." + +#~ msgid "Key slot %d is not used." +#~ msgstr "Schlüsselfach %d ist unbenutzt." + +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Schlüsselfach %d zum Löschen ausgewählt." + +#~ msgid "open device as mapping " +#~ msgstr "Gerät als Zuordnung öffnen" + +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "Gerät schließen (deaktivieren und Zuordnung entfernen)" + +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Fehler beim Festlegen der PBKDF-Parameter." + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Fehler beim Springen zum Gerät-Offset.\n" + +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "Gerät »%s« ist zu klein. (LUKS2 benötigt mindestens % Bytes.)" + +#~ msgid "Replaced with key slot %d." +#~ msgstr "Ersetzt durch Schlüsselfach %d." + +#~ msgid "Missing LUKS target type, option --type is required." +#~ msgstr "Fehlender LUKS-Zieltyp, die Option --type ist Pflicht." + +#~ msgid "Missing --token option specifying token for removal." +#~ msgstr "Um ein Token zu löschen, muss die Option --token angegeben werden." + +#~ msgid "Add or remove keyring token" +#~ msgstr "Schlüsselring-Token hinzufügen oder entfernen" + +#~ msgid "Activated keyslot %i." +#~ msgstr "Schlüsselfach %i aktiviert." + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "Speicherproblem in action_luksFormat" + +#~ msgid "Key slot is invalid.\n" +#~ msgstr "Schlüsselfach ist ungültig.\n" -#~ msgid "FIPS checksum verification failed.\n" -#~ msgstr "FIPS-Prüfsummen-Verifizierung fehlgeschlagen.\n" +#~ msgid "Using default pbkdf parameters for new LUKS2 header.\n" +#~ msgstr "Für den neuen LUKS2-Header werden die vorgegebenen PBKDF-Parameter verwendet.\n" diff --git a/po/es.gmo b/po/es.gmo index 3a8397fb6fdf2b0394a77ad957f35f23b6e190dc..1c8f11f330d31140bfcbfeca506ca5b1b4c59179 100644 GIT binary patch literal 111379 zcmbrH31D1R)yJo@Hh>`e&J+kuA(JlbrIhZa(2XuEvXn_ONrxtxkV#rvz!d}qQ4vH` zP!L5~6a^JU*@~co3yLd0N``(+$q!bOj{@=atuIHY6?z!hK^W^rM zUO6h4%T3xOmzx0IyIU^Tv1u;1_~2X)$UQMDm)iyWH+b@FUidq2UM_bWcs{rj_zm!j z;FI9p;FWyr1D742%iRvH2j_rm=I3%3f_HH&)`wuAt&T=$AJA{3A_z#0(V}L%N+oY0rTLo z;QnA4JQTbP+!K5N+zxySoC^L4+z*_%G?&{0Tn>%}&j#DTtHCY7Z-6_1kAh>sXF$<95fd_%Nft!L)fTG(|pz`1H zWM~N<0YaMGqTs$B)b}rgdx6gf+~Sm6ZXevu;IZIra4vWmcqsTIaBFbuH|BB&gS&w$ z_X1FK8~{cCD?o~nyAxD8+nt)r%>+*Y7490a6}$&jIer_y?|B+waGwb({8vC&GWQBN z4Lt62=fg`tST6THP;}kr4F5hCJPh~6U<-H;sPa7rs-D}d@bCwLqSI1v8n_NrzITCn zaHlhKxdXw&zZqnj{@`H3830-06ZML9#px028#ZB zc6q#|pwd4NR5?Em=E1LkD(B4Z_5?T;+;*kc zdm$+PJR95}yb;_Hd<5JLdmR53@ZM5a18hyD7rSCCJCLZke8tnd3{$cun?ce0F|ZB%2Pl4M8Swr#A5^~QfRfi&fd%kpQ2g;zQ2h2+uoY~rx_meVRDG`n z749xj{rJbA!o38FU-lpLa=j5e2=}F+%5i6K{~ve`?j44_9+!eU;l2;F^uRpsmq3+! z*VWGFQ$X?EQc(QU8}PlL(!U*4Ii3dd;I?ZVCxF}IJ|Va}LB+oioB)0boCN+9JRIDb z!tDai0+ruspxS+Pa9<0GAMOOjKTm?&fuq-YeRl`dALf8+zjuIYkJ~_n{~@UOxpmGr z2Y_;yK()&y;O^i}p!o0Wpvw1KQ0=?VxsJzzs>j)&`r8$t%K3Rv_4*l@2e&%U`MDKT z_=UlJHh2i`_k)Ll-vGr2{{bh0h4UR(fa1^hfhzxfpvwDOQ1#pXO)h_@fO4M?D%_2r z!hIjy75sbn{)RXE_oKkQ@$U-m3qhk3sP_CJsQPUB7H@}EQ01Qk9t@U2mG>G@^m!Om zIbQ+y0^8o|-{*sS;9dtF1%4p7zYp$?`$cdHIQnhQe{;Y*?k;do@FGz4xFLN176^;w zegp0X7T@mmI~P>=D*}EFRQbOH?g;)3oC|Jsfw${Ya6jDZz&v;@sPfzc?gRb|RDJ#l zsyz<8(Bqv3s=RLpMeln-(c?GZk>K9%aQ-_P6d!yL)c0?K>W?pjD(AS1TrSQ5^SGCT zJAkXfG2pvE(d!ma@ty-e1MYaS>v8MBxwsz%j{$dkr}NV(py+=YxG#81!0&=;?>~X! zhc~>-%X=WGa(04a!7GFNYXM&bMTdPZ@&3ICRDS1ys@GRR_3uA`YL87Wb$;FpJP`M? zfNusRXKn)b2k!+%=V!npz|G$6beIY%y%nI!KLDzot_0rzei@twJ`Ae=Y<-!hGaXcU zieMXfW$=FhRQz9qs{fYn@pc{ys(dp*rPB+FPp=2n4tIlUr|*L&fWHslr@z3d0jGo4g4=?>1Q&vT z0Gq*M-tXy@z=LqVAC&(+U>swF0+s$%!T%Oe?fFAcbpAUiI_!9r zr+W-2e&`H%0eC3x8$i+RXW+r$mLK$fF$Gk+oEkAO?St*`cWTLG&4=YjLVPk<+Y ze*#6fSs(Ip_k-$h7lSI_P2dFZ+o0yP~U$P{9gtq;VxX`=<`WXeDWZ81o&5Q zFR<-ech3j){X$Umy#rMIUw{+Ae}JmzK_B&S3&B%xpAV`WKL$m&SHPpdu^;pDc7XG6 zzaLb4{2Xirx4O>LIRaFDy20bYb3xJlA@DG8$Ll@4;{#p<9)kaRQ2G5GTm+8!xVPuo z;AGrSfhU1`-r)Uy5Ih<87r?#2*MGwGqXI~m%ME}^cau+gd5-{laK8;a9Q-|~bjRN4 z{L~JL&pr^`kATy0=RW0n@C@)soR@%ez^{YTz^y+`-vAeY%fMT~x!~(=^7|u2Tr)z_2hFwwc{h8%Dvew%zePg;A!9;U^n=NTRq>k;4!$r0*(d$2`b%v zKjZnX0L8x_09D?HK=I}4KkIyT2&npXgS&vA2Gwr&f#Q!Jf(L+G+~)na4OIKh1jR?| zz(|z3qh4{Jt%rT1MUaD42te!zUcAJ01w9fUT_ll0H}6)32Xrm|B~l_ zCO97V#h~)P6MQ}RYj6kf&!EC@ai^Dm0;q7s;C?qa8~5Fy^568!p6_%}vT|jdMT*zKMwv)U-fWDf~VqN236j# zgQD+?pycAtU-NPw1*-kJ!9Bstz`ekmL8bdma3}EJ;1=Nace~wZcTnZu2iyvr2ObJ8 z2bY4EfNJ+&fO~^Y_jozRfl7A?csO_=D7t-9MtR6BQr@_#3& z{B8kNucyIxflc>$d9MVO&&{C1KM5WNj=JB+`y;@9+-pF(VD33k{qU;w$PDmn;J)Bi z4|sXnK-FV5D0+2*3V%s(e-2c;{{);2?)`O7=M?Y|+&6+M?-O7i-2Or5%Y#9cvji5v z4}x9bgP_V$c*yB;E~xU~2yO>H3GN8~9^3`o^c$|<>>02P+ynn1Q1pEm zRQo&)9tCdmP0|=eJA&eah2L`jRiOCoMo{Ja5vcYZ{jkf`)4^kLe;!o2{{ls)?H_Ud zXd*Zk_jFL@EC=^nLDBcqU^Dm#sC@qfwt(Ay+tWEB;7Q;<_^$@@;0J>Lm%xK?{|Hn) zU-up7?*l-U<9Kikcoryry%anU{30m%^Axy0xczs1oH`to`#f+8cwO*+65Jj4e&2Js zF%?uf-vqXTH-a<3$AWv8M_t~{0+s*i0pAR^;l2)>0Dcb?|Bw2Cj|O)HJHeg7wctYVz2GA77vOf_ z_@B5vdm6YI?zy1ST>wh%oDYg#9|o1~*Ff>luR*1=^-q0VJ`Gg(TS3w3VNmV;0;u+F z`kBwe4h46@JrisKPXR}Ro#5-hK2YU28#H=@o8!I;RJ?1!ZNNLgO~L!YEx?Ds-N5gH zs_*mQL@@Wb(_s>*@N>bf!TDeTJOxy|i@@!{>%d*XJ3!_8ZBTsm7^r++234=kp73() zA8-<=`b-0r@A06*oe%B-egypVD8?`F4BYKcdO7a{|AYG{U=!be@(XlE+`sxI@&osp zr(AD(=hO6Q{GSIq@c+oKoL_R!cseJ7Dt9k<4fqbQ3*7%%@&qpdcL8VppNBgQd=B>z zI1M}lhsyO)@EGtFumVnf-s|-la31b2gNK5f{Kosmk>FI^y`b9b7I1Iy5pWs!0;v8q z?FFZI1yuNJz`5WPpxSf)-#TAU0>|QB3QB&Q3yuRn3aVYd35uS-1SJ>#4Q>gJ`JMCQ zf#A`&*MZ9CPH-Cd5;z$=;zj4zDtI{V2SAnc-=Myq@O$UiO9OrhT!8=6U>i8$56*`x zz&GI@0?!2h0v-V_|D*Sx%Ruql-QY>!dQkP<<4?|S9iZCjd{Fh<9R6chG_Y2@@xM$`@89#jtoQeDE;E~|yQKKx~nV`!5W>D#W z5nK*F3(f(jyl#~7&)Y%q?cJc!5mfs&Z!*gGV-a{L?u$Xy<8Dyj{{X5!yEEud22TQK zftQ0*!5@Q%gFA0F%EtGFpz^s2RC(?KPXb>6Rj!$vk23juHFz@a=RwtH#ulE=dEf!K z?*I=59|sQvx82gqF*)FxfOml6!#{%4zUH`&h9Sq1LE_lLn?hD=os{OtV&IkVpsvW29Fv`Z8 zK5!oHtH2Aur$F&{*N&rddGLBr`K||#1D^+#-yu7BI%k2R(}zIu!^7Yi;Fz69ncR2_ zD0%b)@N{sGT}GMQTnnnbz67dVzX8<_hwnPd)~VXTy>Qq-`(5)P*8Ge8L0Sg2i5QH15X7v+r#To1XYjsflBXw@Ivrkp!(fg z_w@370~Fn#1y%mt_ZpR(4lV#&!1sU}SMCIr-!B91y|>rvG;lWlw}PVMpFzowar=zQ zjRDU9)nDHNsyv?u)lYu~P6PMOJO8f$RgPOh^{=NurMKl6Z||v~=+h1={f~k>f{%fs z_w(Qz!Nd0T`n?ZSzCQsa51RJ#d>4VI<9-(?x;zK&502U2^O*yRU(N#6FFy&2U;hFw z0uOI?`do^VzZ*2Ue30|UOi*;Jf|3KD z0;hpL0>!txw0b|80m{7+RQ=x%ir&8h)$S7tqfGBv4H`Xy`xl_{-=}Sq>FvjZa$f_g z9^V8@;HKlfyk~(b&$XcH`vXw@Y^w=Q&!ymPxZeRP{^1k7z5`$@?%P1M=g&dWW9LcE zw+q12a1Vh>|NEf$Xp4iLKW2fFyQ_oyW1!mo`=Hu0e~8z&1TMk-c~JdlvqQbT=7Y;{ ze;7Ow`~#?b<{swsJP%ZUUjx-2{t0dm?s>TL-FR?c+{-}GXAO7?_;GL=_%iroaOx2r zZ|5UjzK#Rc@81cEZ@vwx9rv8<f=X0Rw_E%7J zY@OomPy*F2uK^`r9tFj(g`-`r_k-#`7lW$zt)TehX;AbVKXsJpor9qG&u|Z z_bjOPY&piqmkv;Td_Jgh+y(9l{sk1jzhPP!_dv;|+d$>>6Hwvzn(pO25mb5J1xjAt z14{0`2u=fEKf~q4B2e2ba8TYR9JiV#l9=JaRN}qTD90UFe6d!JOoY$iT6n)PGMW2g7 zmE*IZ@_i0eyYG3t^VM|lOx#s)KkzY7`q$q<$-%?t2RQ{{~XWR$JPoC%7bIzg5H{Q>U*H^uz|sCxVXRJ$}U9hJKb zYzHM*{s@i(k6Gq?Uj`+gZvgfE_n_*1^m5Nq*`|ouKOTPEd4y2vq;ve-1yKF-2~goTJH_iU6OlNTa+^>LY#|39Ne|;Vl9exCATsUNf)8QFV`HwwwRPG}1TyPe+NzvQmSWxA<5LEl$ z3#z~V1r%M5X!rVF2#Oyb2j2+p-{I-J8I&A&0F?j1ojxvH1}fdB0`6JzbWZ{`UVIo- zd7lPVk7->_hfjbSmwyGm2i&WBl+71!1<%60-AZrQb3vtZA2!yn5I}O|)cONLaz8_S- ze-V`ak?;3@b37>jAyED7Mo{C!6QK0he}HQ5*0Y@+XM+lNA1MC(8>s#=cfiN9cY^9S z&wv`24ytF1!n=Z9QAtOP}mD?riX zYoO@(GPpZ9Wwn?8BvAY~2uf~z3KTt`0o8B!T;ubtlLLMZ6hAbb#Z4R5>03MYmVLw}aEp^Y{;d zs`sBk(eJSHogX?tmHP@%_5U8I_WcJae%t#^Uhi&jOWYR(d^adMeE@s|_#;s5`5f2@ z7T)ajz8usz^HWg#@G_`=KmILFkGF&S;J!Dwe+i23_Ij)H(NUo2Qv%0=w}C4EPe6?u zo4w83bp?1g?hk=^@RYZ^d|n5tzuXS09i9T!FIp}bmAewW5d1E<$AzBX3!wOKr*}9% zcY(X$ejh0Q`ZTC<;TxdJ@h4DxyU#`54$DB%<>O#C_$yFy>-dYE{_g=r-|q+aOQ60_ zey6v`o4`wPe->0Zr@YJScQtq-?#DpU=b%fxJoCUj?vQ2k}sE4<$>0hRtcK=r4)f_v1J-ro)b)qYoklG8r~ zHSRTkz{lV7LDBIBQ0e>wRQhdK`8co=lw9}$xEr|L2ff?}g5zmmHy}tIo;-f;)}JQ`0ab3`00obdw)C+T!;HUP;zU^ zM|`~Q2hYa+Gw`k8{A)(pKDzIK-^4xpTCeZ6AN6`321*{R0`~;(09C$6LG^>bfRdAA zKIU|v0!n_J39bO|0mp#*TsO+r8K#4q;hqO7-9@0%yn+__y zkAdRv+{Zot@u28?8aNfa6jXU02J_&vpyqR1+%U@4V|E8$hkO5kV?l*G5ZnSh9#lD& zf?I*B!A-%pflc5=U^93*sC@1O=Yc-}Rgb+sF)B9-oC}H%=7DOr4p8;^7$|yt6BM7m z0B#O$`$-SCGbs8j1@-+DP;&NsPZ3692yikH6x+mFGB~sXV9x z_IDp)HsP6zYZ`t_g8vu6{qU#jT`8)Tp#?OBuxDKHScEy|C8}tj$7@gzb8Vtoxy`}p8&2V?3Z{yK73QS zVkW<<+&A1;56lzvuXV z74JU@X~^$co+^GVJfGnC2;V-2A46vH_Y?fvdCtRU2c9E&&;HE`?$?8#;`tA8FAedx z3<0kJZx4R|Cd|IP{|8(jzQ2qcXYQT)C;Z*Q`Yew*iv z;Ql7xFX8zBPdok>@>F=&Un{t&zb5~p3g$M2Z;s>Jg}iJ2puc|JKLOqw;(i5pAMW`) zr}8d+ZzkWa2laP5?}ZR{AFxOm{q^#$Gobq0&cVjG9mDtFW%GhPaP$y<9?!)*dlKd` zp1XO!fp5}{P)+RbyZFVw&4S;S!S4k=+|ILIaPLI^yM{1-2!0pw{f9iS;JTu1;>Uo zp5*;m{Pg!zp0jyBEx5;L%A@c9BF+{(sK54iCI9Z@ulDat_`f%}?;_mIArE=|f^YYN zf5Y#e;Ae5akN3@Zw&Z;kIFbAw2Y!J{vF;o0Y63>zvX#~M}LzYawXh%6Xr)e(yv;;L-Cu!^LpO( z_hg83AnBZf-~GY=bN)H`_mSW~J7ASB(|Nwj^El6u_`e~fbt~@pwAg;{xa|1=lxJnf6wr|g8#+f zkUaSNH_xN^?F`;TxVgM<2fkY$!`}k@*7E*)p2zw2S@5k&hxgBb`db@N@6z4JQ6|ho zxnJ`B2;a`)U305E?`^#6Z(DE?&mVXm!+$Jseu4kZ;rkvT%`bqv@oXO47MXuOjQgdG z-!8-(3?I)7{$IoIbG-i=|L=qQfj59JgAeiC%KIA$^9)akM}L#R{diUcw{-GHc^(e# zBZ!mz+c~(8!SfruuM6%4ApS?}gZr59Z8~Yq=6zqj>2FNHukpSQ->wVc_O`Fc z`QRSKw_o#K!T-!qo)9GWSa|t!2>Wr|ZwO)9NdNHg{(JE4JP!uyqCcE_Xsbi@mxi`#nBV|TS(_D-akm(w}YpHZw}=+0{1o{46nJ%c~ zF!Eo>^BbNw@QmS^#510FTM%wfo^`nQ0rmG|;=P5Zh4*{F&G7#a?>q6Ff&0(k67X8^ zW2A8j_ziG-{JzY46XE~J`(60Ozf*AQZ*;(G`SvvLdw{>N+^qz{-xv9|ly5)fd79@__#Xnk5&Rb4KExCM zmh;}pb08k46XqM?!`B0T5Wk&5_+d9< zex7C(kiTUP_V0HI7yo`rylr^&cW1y0`2Gdl6Nq~`er4X@!E;{t&TH;@p8NH}-`j%! z@4;(%zKGusNaG;hf5)>w&!2eW-wV7?3y#%<+dF)_6u&jRzZ1Wcc=UH8&z(H4!+$By z?)cw?`*LswxDC%y`2UjUo4o698SmM@kK_J0;om@gR`Q`O^Zj-BFXY*sZ=2%(Hom`z zTYr;r7Xtkr3~}=Ig|U<{_we-b+`&`8f9vpVGw|3DUS5~+j3dm|Jo-C2^KC2KW!%;9 zZIJiR^Zp(SseNC_Q~VCb{ej^35%BsDUS31IU&pf`_}v)rc;Y?J`w4{EpL%>0{1fiC z?I^N$M+SDx8?e*yQoywBp%-z6dJfwmfA1siR(#W69y}5Ek9o%8zMAl# z2G8N?;)#Ek;s1G_RfN;uH^Cjk`wsYjiRWzm|G={q?^}S&Aeivffb9Xx;2l)>8$3_& z{DEiFInaTpm1i2yGM<$@=kdIk=LViTc^=_;j_2Pz+s!3B&orLXc=~xR;Q1iWEj;(~ zJjU}J&%b%LJC?TLIf7?C&zU@fJQwqPgy%M%M|gh8^B11&<`JG}8qYGGl|22FeH?Yt z-)Nry@OM3any>0F`u!BYvF>H-2nx3)%FZ6a4-#42X8bf}=r6`S6FkvE1r7rz4( zh`;Ffas0-(SK{|zh%4_V9_9Nye*4#j+xF9LXOnkK?-2Z&>%yIipUR>?NNDNZga&zdzz9okM>b!?Li+`ahi!+W-kpTaNFFvi{GGhRN$jec|R+fN?+#Wt?uCt0Sy z817RI{Cb4rVSiC3$21PS&F$23NBUfjpLDOR z-%I%IGLUS9_{m z<#!8yqJP#eH+uf^FI9Q?6-Bv171Y>6@A_SM!y=QohnPS-yS6-jewZ zt|WMAb-AOIAFSj%21>=jQhunfvow%zt~O2SEDjb|`1dq8ej!fNl$FKm%3%RKy^c!X zV6og+?(5F4E)A5s${j@&C9gD_rVLangDVt!YF__Ru)NA5?|h#sNXVMhUsJKI1WAcY zeH{a9`v*&%NwJ}6zS>h6OoE8yqN4fc`-Xbkp#T(t*5$6XO;hx#tK0+8D*dX3)7-rB zT@`{-_P){@OG56Rp;guCot?)M&0FBL6kpBSJy0H8`|6YxF`YA#Ncq8Hca`iS|8!J( z`zd*6p$zRq)0F#HQosJ<0DJ%oRVO!%?x|Gz3)5%Ac+J(;yb9jjnQt!-R+~om_t1`s zKQI2FHNUu6t*)sIbXpVA&%~>86*)<#r_|StgrIR+I#$xM9ctKd2^%b)ar~?~#;a!)$c~5OjCh}0itfs4COm0ezB)o$q&KOm7dOgGV)Z{ zG7g->$1>b5NmJ=BAx*+q(_+G95nkh3O={|uH>6RqRCULoiEn>LBK54&Yt!hCo=O#- z9f0-d37*hQ`Gu71JxMCKJgwlc#O%E(w_jd=)1xHGpJ(p8Ny6|x+s6?xSMZrtvZCRm z1eTSmv`cZIlrQ%84^-&MHkww&G`-$IDt$d`^DTXqe08ugQ0y+{=PeR5@7H`_^?%8` zxiE18{pFCMeA1(lXw8QXg?xFRIAoG0+Z*#OGZ!zfjx(Xqyl$ufIcxxHQ8%V8bb@A5 zsOBXc#x>GuH=uOKEY03E%LLEi{jEe%?4 z>Vq_Kv{s<;BxK>%m;|7?B}64s7?v4sA*(ua+WVntGtwr=BNHV>HBI-Bb)H;no~-g6 zJ`OU@=L!WxZlSYO?HDNA2%pMj<=jhtMat~i4OUi_VE4|>AdlK|Q*fN;oOoWjx4$wl zcwXro!PNW|ulLkktu|Go+-&GuKBFtuhjTryCaJpMt_cw@s6?j8nCg@IomwaiuBE3> z(Z5qq&!6i0;pv$WsRC5vo2WcejrgKrJt{4^Dao+C0k6F0l?yQ4)YY`zs{N%7sgCGk zki0Fw9O*)7#r|J2G}`yhO5fN)`omzyO5*pF zyZb2M+MWu7F+;}`rW&Ct?G@$`#es6EnlD%_r4#!wPCT2ln6^!6hI)FG7P^-!BUGB< zqPq|B1i6_Mm_Tb7JF6YVflkze;;LeP*^+q+#u>|){1rjH1#{Cwe@_Ra-f~r~N^bE} zR9WyE94vN7E49%_axD_rbI-SEREmB!{1=A?D;+(h;y}Kur`WB=jmeE8Jw75)!YCaS zw$9#|z}V*MSfh(+J%Q)o$);SkajUM~TmQ5e473uLO!F*7Mi|=BW1!zwH8@RFK{|#8 zq+P%@3ZC$rgWUR-bTOu^_^A{~z%q-Kmx-t}X&H6x^ zjjMx=7~;g)OXe**rBN7hXzUrGrCK4?Kp(S^&fbCvP#e)*62zWi&F0-`c2B7vZJe^f zkg(2xmF|B}cixFucjemgYYH4W@Wi!rASpB zlwpak12NLiHH|xlG75XZfT-0(f<5tR6s)ReJMP zS!1G>P@AtMw=o3_EE{GtHt1#9!3z-rjqo*9wMGcnSxSUc8a5sLW6zM_?SB!KQDZWaC}%fzjqeNvj7L zg=Q8EHX1^+&0RXDg8>=q6uL)+nL2FI8mmz!M1ssn>R&Hp>c3M&kp&&jw1mELMjqCO zO$r=7qyr}&u{@df?Pfw43ZiN!(dA$6>#F37XtYU?x`;^Uj#9On?;j}361g^sjjd_0 zjAX`uZ$nQ-)=txEN`0v;A0A3fI6??7WC0}xVxSof^_h_!HA*9|Skx{GwE0qJ!b{eONgE|qGw%)e84Cg@jKRIgNf2uzq`i%Q+0@$dONL}a%jjqWr4C6#sY(OY!Hr2`c^?ygw;a}_ z4MXo9RFgk}I zaei3rWtKN+@&^lIZ9-LMaHt*(jrGD3WnLX3Go8xBbUmM;BvjOTx{cYHJ~vPrWM+vS z$k^Q^ym~cFCJTRE!zY0=qEMmD^jIIbS}Lv5%1@v^HexJAN%7*>)It_%S{HDr&t?`r zeNCcEvQjg;Dm@iJx++w%EjgSc{NWx#Krsv|BX?2g< zc`b^7=|_~o+PT!3>TWeDwB}`ras|e<7os#&8|$KtEY20sY3dy|GApu}X+=VSH8N2r zHL3O95Ccg^X&BM`H{8cO?uPq`he`QJW8lb@O+rU*GFE32A~R@z`>IZ}0)@po4U&;1 zn#)w#t(fpki;1@8vaQ=GjOlJt35%<-_-Ja82`(;cA&}2Mo7efO-UgyXW1Jgls?5$X zbTL(>Jf}Llo?bXrGjgE3`t&d(Aje9t?59!7vqE-g;!a6hq~|pyK@x*)Xi`NBOlTaI zHR7fT4~vzWdecDFp$-kv7@L$I{7w58k@`g}T4*ZD1uZ6ik=ZZhACWNhJ{rW!7DK}6 zokP9-teTs}%dGoMj@^7^ww*AE85d?oq3t|=(B5pk3W}#^n;Pk?tRb99I@wH8T~|xn zp-9*v%GF?+o3)@|3rjW1PJRsp97JQl&?ePsmX>`iIgNHb#eU{Q+GZe?Ufv^zND2~y zq}o-o80)Dw_>gZ=btjocW}Jr#J>3_@Hqr!Sg%1%`OQT_EvuH&rQ5z;S6Y_jtS?<=m zt+a(;uIObG3Ny-Hc3zZGhc&V>GYgZ;Y(NrB`i>V{LOqHi@$E>atFUMkxFIk)Yc95o zmCATTZMwXaH1{mD?hY+pChB)cAQU_?^qH6*myO@1J5~lmX@EEF>6mzJ*Q}fyU^mgptnz*6V z`P#GU8A=uEl4uSX3u5UOOT#YNl&@=Oz*<$SuAN1jd6v#8Gu)6WnTTs+g6g+|kfX`vgEUch)4rq^wYZdM6%(8jm03zFS5+ljjA6mnOdc%~1 zl-3~A#R5)}BOS!%1~%wasXP*a)H0Gh<`r64DrVB^%sk54TEa}Ci1{6j5dowP0Q8{2 z7|~`Lq2h5-DOJmu->@%@U31AgKvK35BBq*u#t>N>DGol_K_oFzhUKwWk3q3IhI))1 z>$G*x3U9{H78dJ$NU|})n${MGLNyT=Fe^GuI`h|9@3!S+MMB~_9h|+>CV|w_5~t~m zshVG1E+Q|@kdD|Kkg^oh3??9rmT_Ve1%DDoD+XChb)K%Qy;kKeSSBrs}0L!j#>rLL5m@mqH zgaBZd5naG~1j3C*8f4o7Ll`PFCjK5wOCd+ikivu)8kGi&hvP?m=vr$d45`_tq^Q|B zQ?ZMQm1qGG6jvGmil0`SqaqM$X4+)N&^Sv>aWNs-G{4JS7^;eh(Fzd4Bv?yYWKoAo!j9x>& z=YiPfD6wX&E^WqFt5a1r6gAAsqISOYbeFqUR96K9LFkb+mOIr<&3Yml)=ZlpES|Su zaz6ML`_|?YeJSPgn(v6)uy?mX0L_h3Z=)+sW=mK}BDG->@49H(qZ3M1_a!EXt?bo< z3~eBYSxyl6%u^Yz=@twyBL&ZnUGxGs0X7O8((?)W$N@S_Jt(4$vQr%E+?_)bq-2Ib zF#XlVf#&};0jfjHzWYoj2lg2j#5HVnpv?Fw_4(B!1Thjdj0RB#N^qx-3E9+Le8ij^ z#`8#Ka>Voe(EwDRLK?3A3qI)cTc4qZNsgC1$OCb z2bnD#pu5;If!kIzo|5^n_@WKgK8DTOW^EKQok?1ZM#;I^=~dFRZB?cG%F3XrAsJ@M z<{Cn|86jF=W$UzojM0;^i}_Hw8|8D*4N;lsEQf1%&?GH7S%2^ycFm|QnNYq#sFYu_ zR9$(nbPk$$gU{`@VWH-enPcL(BJ;a6KwG=rP_Q8xYBfenn5CLfgDA1MN>^-P3%a$1 zPd5Xl{Sl(}up6Gfo>n95i)|k&V}XEHw$)I5Jq;4JfyIqhXoIz1ozs2uxJl=RZHD<- z?Ev#jV$!spZdoqNwj_VWjG?7%R z4a0d&p`ck*J!_Ip*Wu#c0@np%b7}5D#JbkVFitF)JD8YUB3EE6{`NGfP~ z+_xLBoupx1v}^FS#i*%wEFLOJjp(qQd0y3;@C|y91%)26Kh!Gv*&qofheiw( z`wDurR@AUMYpfkHc*^}Fg*$HPqJ_hVW~GWuXhWfG!yZ=0%q+`|E|yD;U3^#^o8zH9 z`QDRgeGJ3Zu+XWtkSxC1fYai0t!Axor3`50&d9_-o(&YpbjA@R^FXN!m1JeD5cPgb zv)6arfs*yKhO#?M6Pe+dR*2@31oHtGR`Lq@-WWQ-syvMF?D zgJg@K`hH^x*EG`%7iJd^VlvD$?VLfFmvIP7<_!#LwuVmM=Y*8j%DO5wET%CsZM~WT z=}RLK6k2_RSZml88>nGZvYI5(#@N%Bw7v9|$SO7A*7kJ-Q+i6~pyemc;JSb8a5aNV zR2F5}wJA_G@sLhUga)ILSt&wK3mh@5NLfopBAT*!xo~eNll+qlrC6uoQHMz+C?@K< za2+1LrdIU!a!(ocs+7oV#TY~t_TCw0f7%ihb%(0W0BVD=6Vntm351$SV!nlWz#yB_ z6T1weTkNIqrg^J=aUoNSQb`|i%I4-&2HMM=EKel5R4Sg~lk|vLXbBq`Dg!c6B}a|W z#f^BwKT37Dv4YwdLlP`fL@8DZF}WOLJ#)Guxy4N?O!DR-47s<Cj z^Z=4wsiC~quh9zau_#5@dP4h{wv;SGsas*kp@HI#)U0iwEf?Y@?W~oLR5*mD3Ckog ztPFTY%ydR%#~V~EArW#@HlTeW70X@zX~q>9y5<$j%r(bx78(_U@Tqa17Kt1Kd!zinkv-<r z-tpLi?_283&0AC}F0wMFE&b|JB1{e?CPH5y79`I1YJzmrm1H8bL#z-@2PZkv!a^gq z)7(7!+{q>fKaXn1T_g+UaiFl9J`}hn*fitzFw@y%b~I3Sk`-g3P=_t2`X5f*q(Ox=moEdSP;!!bDRrcg0SuggrurrE6orRMaJn zkZkIVN^Pc+1dQW}5lue;0b908DFSh<@|(t8(YS^ zkr1&!nLzL-=0X$p>GybQ)aaIQFgv7SqoOU|7W&KVK<7vwgT1wY*VIJ8h6`0EYrLWg1TH3Uuj zpA&!N!X)GM1_(&2S_fn(tI>>Y#T^aFC)-ILF?cxBo1FIdy+Kl^tT!ip6QwLoK}!_L zS$|qE9EyZ@v>=p@m8O$~!!WYy(~jm1Q z8x+c9CmfpG>lAg_sUQ;?~o&5kkr_wIUrW-OzZ1?GLt6 zhLsB6-oQZKKg3=G%y)L^!3yY08B#BFOglLvRAp%s4Xa2)X;UR+2t`c8mt6$bM`k8XM}jG!n(@F#;;A6S)i@3p*3+jiMF@7YL~3^i1q#w`yayu2lc+( zuZ=e-!N+9ER%RomHVxMlxXh5KeVcWjzWcw%7XpTgS-~RVhfURDTTR%o?>yj2#TT)WobMP~NK(PGs8X?B6CqT+<{VZ;Zwq&@T*$yFb#P8{Bl~ z8u&_|y@xzArb{c!q-eTH<$g46hVLQb;0Cj)xD6xO0X<*aq4M)ij5C!;eszQ7R*i&##43`( zt_7OmD5%&b#XOlb6$WEV(U0iK(B(U&?G^{$=8_Oa za;hn}Aj;fQ-dVuZ+A977RvURv4AXC=7wgkT2wk((LubseZgyr8f^er=P`xsCmT+a7 z_EV125+(b~CC}nTYk^UGS5_FRtK6;z30v&cpenB==XfsbFlT&#{Zb3M*;jI=I zp%H;;eaS7{RzNx~=sV+>g%>~Pu4DJOO^GFjzazDmaJXIJz#()v_Urnk2PTOlm%e zmZg10s<|Y6YuHE%*|pak@GJX<2Um)ur;B*BTDzf$?6gfS%zo3L^An2eLO81aD`$V) zGFx-xKba!Z#StKiSn8_`bz?-2$Jdwu*+qk}jVS@zk!)4332rSPKKLqSRyw=vsTCIdYnO-2HQYJBMkphNu(=VNX5}2UgK#)dq zeUUb+x)`LpX}yDHO|SDw2D!F;I7PsC?}vQq2OO4TdJ=}3*p{=Dt$8LX%_Joa;B)3J z_N!$>FimWH-ecy~#0Vx9lR004($Z7FASshT5)e3_h5(?mAMOk8Nq45nHtoH}%R zxXd9k$FRIm#kiP`8JbTaCQ8WKG{WU=ESc3g+vGL-`xhk!=P+_6w-e}e+`>i6BrKT= zO8_?I8iY6U6~O3apN3I&r0g?Q;#+D56?E^Fc(W8Io)aE%T<`_)~I;=wE2Wf2RVi5qvk z5ovf$5_?_7&Q=pQ91?1jqa7EKcAH!rqqcG* zc?SmBt(5&%XPO$Uupy4=b0*_q>9x{38Ye~{D-=R_og^#xE`Rmx&_mM}8IiK-nAIp+ z+K}PQCIT<5dR(X|^i>MB5gLF|(;~|*Fs~A=- zPdSsos#2+6J4uJfvD}%bu_PqAY6ZI>^Qbh}Lcw;26eus7?~}!CMzEx0q`4tpNInl1 zS0SaCcCt*4T1xVWlhm$kV{wgCt;-|Yd4@G(+8%ycs$VhP+T?W5nNza!3)q}0m^GHM zB(M1f+*>!*keQ2WQ*0H+&Kn#Zu0GBbNGit&d>idgp?lUvipD3Kjz(6GQHCFN@HX&{ zmq{rYB;d|;xT=}mX+_6pcd{qR&d9~FVMO8(UP?0SnTbxHP8TwnA$r0Yzt`4_YUA0o z$j8W7U9OWJL}bQ0)3RBH8)G7~THU-?k9Pycc(-3Ph$9~6R6jSH8UI#?+Qa!hs1+t+ znOJfAnU2j4w{bS^N?IJT?gDqjm6?XUd_(~gH@24wnO*PR)m|Hot8AB-tzksz7TLg? zI8$+3ivKSeD3gp|9b8!H+hx)&!RXP>#`$1)+ugk^g232&JGQQUj1x&g>GXY>x~R1TBP zWOqIVV226=YM5rnjfcMNux9*%JqNU(A`GZHRbhNK&CCWUCJiW5$-_<{XYVe`d9UD}lV=0VMN#q7zi zTG^eXVQc2WMiG;#`zX~`MdkoA`+ch8LS{)Qa?$oiRgK)4V)}6#ObiGiRBrSb$KUNfKb|uQ1YWhmFuy8XvJJ)m- zPDmY70Ug)RrJ1hWxaN}z&4nYYc4@xd5btIN_iR2qdojK2i?XUz5I{;RbM<^vZgHX` zp~LyfYAhhSYg%6#oFDJ9WuVDTROD5HS=!zJr|DV+5@j|7dPeD zw57$WGp#!dwV$w=mo)4GUmh;gGHQ|y3{km^ z(W$$?+eQa7*XE}jKl_w9^XAW<%C94&>mLLN6O5w^`L;GJ9E(}x*EY|NRXP-f9MSv_ zU*G4)WCep#*dwmK<(#4p=9c8lz0;F|c~|?p`CX$Bpwmsw48F;N>j`$g=6|dA5>1~p z848;OYfi7*3XZjf1%rgXywFsIvW=ESxWUmM%Zq%!LS>V z?1=eou!?Oex`qvm*IF`hiDcqCmGWZVxO8_+j4;R{CkPNM&n7(soBFg*0n-_OSYfo^ zGsy(GIJ)@YrQT+=yl#z0!@AD7b7Q&t*38i&D5 z6^}dk4*eLZHPV<1N=u?^CgbcDUtM@)gHi2e9wN}I#K>H$>m0QaaTtb>b-f9j))i;zeK(_ZBlH*z~`NpnD7s82l` z&{eKP@d&^BlrbR5QaLT4gdE@s#`S|z? z{Ox#@cbcfhy9`9zuV??p!83=bbi*Nsu0pC1vKfswb9^ezIUP>gOKYWwBVhOu0&P}K z<(~Eur%`;cTH#@QEvRu*=?CBtB6d-f>4D*gD!a6ZT{G8E@-a`7Z^?9Wz*nWYbSnJ? z1Yc1#5v6lVm?eBlm0TL(?Wi8ZJjv455=<-#+IOb$2^5#yRR|p>^66ZSLSjaNC=V4* zKgbDzk~v%y1{~Hc`>hrV#DYS0dz8eIe!ML+hRMonCA6@014&j|dmGekkT7ZN1JU?4@!QGvq2Mv`^0P4gqO~qxopvrr8)iTVQwiR8n))w-d=68u+%gh zW2{`}J#@K9y<`Zr^lUE&($$ybmX>^bgzf!Ec1wmD))EyNZ%ScXQ@F?~-e46KRSs@( zcI+5RlKe)9Mgu=;js%Ogf7L3GS3%vLBu}a9-kO=uso8zQ0quTDk4^Wh-Av}cA4FLK z`>ENN%HSP6Y=|k+d$ikD_q?m790$}y-Dg`cz5P}O@$?f(rS>8H>ReTqq*WXF!J^s; ztN3<4Hk!0NtTn<)ouLb9m^aG`>L}7U(SSI8XLlH-xoGomW>1l{6U{N=g<5KF+gr>m zr-UN7RQ=N=u-&q)eHfx}dI8T!Axs#@Ch#-xHN96hFI$nc+|iix^A`D-%amyyzcrX! z8e-M+e|_Iu>OUezFr7`L>+7C`NRGQVN5Mq@Smvedv9Dr|<}mUDjYk$Lm7czCr1Rt<*Jak*v5&z6PJ$8^)- z!%k*fz%poTx4DItIeJmJ5+Lro$|*>8Hz`F6(#u*1$;-`sT!x-!ajMcW-o-qHA)2*K zOgY?UL#1MTbvU((&0Xc6T4X%BZ-})+pT_iY0YZ^zhH9g8rj1XE4m%<$lGhv(wer?y zm^S2y`8C<$f18QHRvUG!wV0{s|5Du0y)+1EucwS0-XxkOnqfheiYiV0AvHG!BRayt zwRCAgvZm35S*gV_TFqrzRI1O?D%NZ@L2TMI%sVsuHHy{P#xX3F7_31NY_yM>jZ;PI zXk42Xq$r8OLD`iqwXk(Wwv?u$knUt)v4D8#TqMrF7*s8l#570>HHy5MLnJK1LQ&|J zI=dgD5<`@PQ-6R`0a~vjw%$$XBpCGE@=+Dwl-&)29 z4TF%$cp)kslWm{IMBlD4DG3u;ur`zjieYuUs93h+>bCQvHSbI4t=g>Fvnp4A2|heR zHQc*lhq31MF5|4f+-|28bA^3@aWk|HPpZa(*~_MDb3UiS&8{BH+m=h?Vwcx)8MBa3 zDL9q<6R{!<0W!BWO-B&xvd`q!&w4G^vaOj-&@@q_lv(qbrg^$9c5R;3R=?^_V?%cG z<2Me3f_N!>B`_%tLllPE`k%#7M*dT~%BMAKAabrN*bg)$_5}FFE_9_IrbIA>D0DoT zXt}C=Lmz{#o%B@2pdFH%yEhnjAv_zl58M7}WyR7?&sxdQP<3^jtaOz4(5#YQJs~gT zb>>%nVxyV{h#gyOJhpjAzu~F-LTV1|rlRk};YW8zPSdux{?CbqbHpwBxlsMM^J^`g zZ+>^1L?V`!hl?L{RZaM*LDa@zuo9g-mRLcX`J%gqxFNAd@mMX6CO{i*Vtm>sJ1}Qd zh}bu2mcS-qPG~oa(ZF$g{_;M}3%mQUZDh{R1_sE~FKsiEOi`dW8yD1moW!Ik{P%)*Q z^w#E;p}HG^8k9Hb_jTiG4M~`1#03Ide!&X8+o@!d05*q+T@lqUXQ1^ z_-7N9F!wuc5xAGfn3YfOv^$x-X$wF<1Fp4DT{fJ)~@+Q+i|rz zo(J;N0gM)dDA}u6PSR}?2zqIu;mXaZ!^UyD+f16?B$kMu%qo;CE>?Vok;*N|22nV% z?cJ-&#g!{M`iEAyGi!>CMru2F7G?!?k%!vZ9J)f&F^{j5?AHz`9VQrTb|WUzRn4r#_k3}+5MAQA^p%YjiZt*>rnhV=J-@nza>?KK< zjv&3AJW%ENb=;sY#wMl~p#z2*gwa=H%86O~8;X!=cQ&-ewV3)4>B4_)2-r#!iHy3( z-SkEFZ%}#TEiQjpgW~L2vNu3_fJ+>sgd)2=#ui@KBaAM<7~2^mq$zV@wMv!zxSEZW z@s5NcBW>*un$?Dm;y9~?INt<~!$yrTSO(1~{03QaE)2@~VCvu1M_u!1@L_l)ln8#< zLqBDl)gVHO`k2@jd$r%h2)o+yOOjV82$U!wM&pcdG{r2PmnM7L85mBQzGUINg>xt8 zXQ>I|9Mz0U@m8Ajgim_f$r{W#5j`qR#OEl`A+9YTkaW=(9;gret~la&*g5allmG)> z_(cJPec1V%EyD4^zTa@c*0kJ|*Q|f}p+}vxW7CKCIJ*)qsZ>0Hnw(07#m0M6hrP^W zGBsEdbq{S1@bsG52&Q}D=!5=?)n;NM1s|jR_9bp;^H92=Ey;Ts9l?(Uh;n`pu$sEP zq^{(W!A1$+Xl{d-wKgna!&V|whNl{W_?EqNiJ~THCM}deJEf`;WP1} z>QtXs5NBzRa;YSl!Tz&2T99_2XI#2AK2DUmtf4M5C@QnES(`&PNcD7)gV({54`XrB zzpd#MW-(eRu&L?55YteTo5(13wENWeO~RDr)E^R|9vGkj+hf ziv}i3YeR&R8p)KlAZ#g`ER=M+flB-o=YjNYO^U;BX?uVmsv8BVwGM;?lLpA0S||iF z=@iGQr{_*xw0POPMGM*Mbb5Y@E5uXdOCg>Nomv~rX*xB>$Ys`1YG4&||J<-{o~bRr zUTQxYA|izP8_~Gq0!ww~ryeMESl4fuT)b=Gzeq1#4s#;p+%%c9?wE@jkaTEWkYyD_ zi4zsA^F(7nsH~sK3S1U{7p>QqI>zPTh1L3RAL|XXjtY+cigS!7vb!{#g7a|vKnD%1$NO}|Bwx|Kqd9rPd)7t>?Up+zH$XILC zOmAS!nIYYZoQ?^Z8yfw4jb24Jb4oHM=Nj0{Vw2QLq;WZq6zUmVY6Q#NYoA+LI>#V7uIKd6+Oo> z?Ugwa>p(BeaWx3qp>^*%UQ5gB5R!mbH7SCNFi8QcEVF~m# z5g0KihpK41HBp8#bFRc@FU?I!Ps(xW<(k?gb)I{0sOnz=qh`J0uP5&V2c5=15^xiGJ@fc`0i?Bt9&Hb1HD z;I@Mc1055Z5Sd(>QCLvzE_W7Y40Trv%PNzTF>+e92sgELmYNnXDl9?SQc49>H?GQ? zG-1+&!h}N$6A#NzIAZc4haH4_LeqS%W-BaX+F9k|pvu7H{Pe!TN+0vLnI(SkgWn|6 z01#fMb@wtNw=t`lO1!@AAvB`GvQn{ka(-z)7h$l;YD%d(ZLq(sGSJ;ts-~eP=S$V5 z1@jinPHQ)@Z9>yblt0+Kung15WLsPuZ+gm6ntXDh;o#BBm(3|0k%m(_QG^S#Ibp1s z(&YRR7)zT@HcCv^cmi=Wf3@mRcVFl=1H1H+no`T~so`9!o=m)Z3Ud&{{H{-5zd5T% zPdW+{t-c)H(w84|bbjKvqndJ~)#8)$v)Q3k>@BYUoGy^y$J>hBK#6j|Pc)!gu>YGL zqD#^$c0pE4Cv>zhGEk zhj7!BJ`QUQl+2f7b7%?tM3b(qtzgwc;bK3slGC!Kq|aGeP-vQx3AUoMv;whSsWwVN z$078sHpcxo%ZhXVU5#QWQ;jQ3U-f&~=&p({T3CmoI#!FODKU{11I6{XuA7>VZi4n; zH-%DLZQC(U+L8kT~etY zesH%gR1Mu}YTKGJ&@_cPJrnDcEl6&d7b3F*?quhZWPnod8!FL&fscY;-~_+Xa(ZXy z@ujt6Un?m_Vuhggb{0Duk*20~y=BGF+|I?9L540!lBPhJ78eKBUx$PpfCn<&zyfxy zzmDI%>kxr^nD=$_V>*MqP9JXprIu;=>g1-;?L!?L?43TFo~9q5o@xC{Ga#-XY8uVu zbS&~)>t(+4>H!E3XKKA{{pX5-;Sd)0-=)A!p#vw$W}-R6Sqs(EK~)a#1sanXW3}ojK@*x2D#dJj*I&mjL@^R~h17RCvg}-SL~DLN^QiLR5C(J$ zZR8x5s0(GEekx+Vg{vNLa!W>aTvON?oDuHUX~hu}2@MI6g1!C5(RSj2LqkgxLs8_Uhg3CHZJLj6A`xkW*8pleC27l{jD%j8{lF&ars*fnTe@g+ z{{HKhYFiB%YE1)KOFd$Y`)>{_fA`qWiqC; z+K6mJ91Du3hVz+OJG`wvqu@3+3@?DPsUdu!U@lcyRMA0 z=AuSyLANnO#H633Dvnc+-|c1r2XO~s*#a#2ubGlGVEeKA7E=lr;Wf^e(Dllj-w;BV!1aV?>X&vyO7@;46EX3;4_Q14VnfCpl>6jhtQ~*q`|$_N)HFCknXw-t`ko##$pM`R~ukzR&?k=7(*lh zJB#BHv+%druGrIyX5Lrq?9~zizs*AVnh&hz|A*o=7bZ?X9vl)5JxWC>A>Nt~9rE%N zd7sFyd7A8rf(Pj_bMbQYS(70yyD6Ui)UPfJYzfklnzGtqQh=*DB^Yy_pPjmNL7@hx z@=|+;cd6Ld;*gBos_(G2`_x2^>~cj!7O7=>IB|x_7X)Bijt@|}B$Yec8(6TTzoV(? z4nigunMs-A$jn<@$&aKFb8!82KIP@NXf+Ot9OUj)2`quovt0=H-$iTbH$?l;E)WDo z%0P`7%s7e3&T87Tn&V&>N+DiZtstF)xWO!q|TFpt}av50*OX4)jQnGm)C;!ur|R8U8{k zK&?W(iKB^9PliT~oIY*(@1uv2r;RK7)L%5ER!66Nt_*qst<2OaGvN>G3)*90gwzo? z4@|$R6CrNlB#{n&C{=x1%61$RBz0U@S&1~q=Aj=@!tNq5RaXpBwuyE+^~bIeC{%)m z2!ynRwTg_@MslgP7O6It5zZ8-qrw(@Hhr-lX1ccfOY347_xV8)W}3>a%mY+HA~}$v z5F|`;gIaD`MdKNpMZ?tDLfiO&5SF;4hFoM?r0CEPfn6G43QUS-31#eKs3UJiJ5)0j< zEhV=X?xFfN=hWH20`l2(H10L?p)=Jk?d;(C>vZJUxvjn!y>Xn1E3OP*HDpmqy|L+= zOmH6EdsWCR4Njs)>i1pW@=vaU7@h00fvi+}tvLaQ`=rF7TN69-VU5$Prc@7X!m>|NC6DGac%+{8hWnXMub7LLlhGeR$ z#vu_S!y)1|Gdsa|ankCHMZ-##5nru8VVHLE0_bjY@(I}sxPWmcIMtJES> zxgds3<;+yTyldJ_a{vCDeg8@I{<}0#Lbc3@Rcr6HZ0c<`#vDF>F)e#=kS*Zz7}|Zb zWkXt60cGuY(W1pz{WKNKikuOHO9$AGr?n;;GL&u`bP^%h&6#N3o1tKMaS# zml4xTqVH?1F2lz>pNskOhU!S=eT@v=AWJzo$xM{NJ|j`7!z(VSQtKVc-U!i1m~v^x z9CQuxoY+qRekmPTjT5uu|WHblmt3PFk4FA>o*!D0kUJj zBuR5O2Qh;UnsQ5ZTz&fz%Eov7YI1#=8G(^8fr?T=kE)Y4;cTR_8qzq~*tzkwAjiz$ z9aU*HWGdByq+?;c*w0a6wZh1>9$qO42?ic5mtZhZWd@3D!S@j^h#GYj8d7}1*ol^{ z39tWnCpRC|veL-pqe<#H9NV(1lM*xNP=Slc&xh>S*5Hj&Cn+m!EcyRdaEjYft+18{ zf2FE%Fi&GfsbgC2qIDEPd$5j%&4?Yvd2Q8h)($l@L|~+AFLOCd4NYT=8it;1YIU4z zB%k=fAG1Nlk(RXWR`XQy`!ZvF|ENt)KeHp7@%=YL(@vJkeT86za)p{?vV8UGz{1%f zZJ0tdoQI7HbM)tKfha6A$l792Orxd;W%_Je{{DMrYvnlY zJd#b$8L94)iE&I#<7;Y=$skq8)PO<7NyNI7T_SLjjjY}wG79QZE<%{L5IyQn;fJQQ zx34biFveKjTthQmBw3lL4PRuX(2oAW)$wva4JAGVr*n`@kFS^LS#<)_L53>oBaOy@ z|1a*`cH_Fz{9f03ikblgQ3y$om6=YW_PF7eX^#R~QY4L&fngYBvLuy7vIrjRmN7SZ zhCD%E4jO$mcRhF3i{^>j-iH1Uy;>U=Nd~EinIs#l&;gFPsqvX5g`7i&mJ71DsbEPLG zka-u?U06&{>cQ9L^N z4%?_F%fNL8^eEczpnSBQ(+QTr$Z(eoac6Q4(Y<4TRceS`Ppu9*jKt#gGGc1gbKVnH za;H^<915ITasU-u;F*E;-y1dcj5;x)g*gt5OKmZ4N_y$<7EULmUd6LmFaiz1+$-(G87}127CP*0T?08%x2hxG^=w z_6@a&7+)guSOe87iJ9Z+lQaWwfCt_fH%1mIj-oIo!Y5UHl>=m*I0`i)Cn#AJZgT07 zsv|BSFJTh7MI!dJ$f4}7>yMK?EXmSI`5_@%uDP#_eP-iD)rtJ4WIsUZp+;rHVFqwfi-k!dn(`r+Me!};fZ6f9x*cnrb(YA@V zYehbyQ#{DxgzK3(hYJWC5xdyHE9BOmf=+)g_I?Nc6wDa94Jy%x*Ttbx45P$>dqDNm z4?b-Xddyz0S*IC%1Fkn%x!>e+j>7%J|rw_&1VWJ|*}l z&nluRw`LD)!77vyEF{3PaH98Wk$z5zr`ZbT94*pSDUv?NtFk^u*&X9Xn2a=pT9SEl zq?{CDaq_kn7Zx~?LWqf@-Azoqk;=tSF(x#I%VUxWK60lb>cXge=f`sgSJ1d3dAYel zz8yxgm@|99bkz0fAq|(07C1K#j_03$wHG;Gg9`*d*)iphDwU?uw$(lm@MrQwq}e7l z1()8MMrXPgQ?wp4=&?7l-j<+xvq@7${T=0#s^;+ zvc+kFkrP!fgCi{|AAI*0KPGMa13#Q~@@@OFJvUg+?Cn>BNTH#K{f|_DAfTO;dXw?; zt}u~fWi+i2jsrJ75ujMyDgaKX0*d>Oi#Tw}7_8?AsF*V0ZVU+SHfK7& zg6Hh{b+PG^fZI7$yWxBWn*liL`BS&CbdKjMdp5~kCk@eWiR<+%h>Dns^kj+1plR3I zX%ktHHj4nLvBb@{CKmAJQ*|JT92)hE2a8F;`U`@?mlRq`cv=?tAwF+z7LKFt%2R*y z--ROm=h7lcrMwJDJNQv3;U6I^cpG^@OZ;0<7Je>#Bbm8Xhu3)i2!mwOAag|`Y_tn} z@gN?sRNQ6$xQQKh1~yb&Z_t;7fJqX1YFeYT49@mk+-=wuN?90hWpYePP;h8}@&J>g zOampjaKoi?Ta#+L0ul*GU}Sb~KJ89e3>L@nX0s322N zE0aM6ahb^`z>zk!I863viOIbZ=Q&fUI~7trE{EINKg%ZrZJ{%`{0Yliv|vJz>g9YW zxnEOzQ&HUj+R#;CVzTt5)sjkl@mo#Ao>Rb;jG1aSo1;+lg)n)!_;G!norBBy-?|S8 z7R%Kc&K5c^_0s;(Fvz}B8n-hO{6=z|j)0}~aojmV}O zeFfwsK(DAh!&M?~lT+|g-d(8X;iQZ#B5wbb`w98dFpsie$~h_!NQry_K8Z2qfGw(| zg^FA8-hrh@0ow1TdJXNgfYNl8S&GC;nP8R!>hg_8Czw7bUi@RIK68vvP#ZpjlSKwpfB~YeL`(r~$;TL1JBdFT z@EUyvXzV;U2lYAXpJOa=rJoKmAs(}bWihum_r|9M!eb{g|oiItsDP-2- z#>%~6G);A{YGJur;Yk9tlhh(PL4E9HLl+MnlvVtqr-HY93v$u_8D!h%`xY?)syX2>EQR&{&_3&ll2vD^2JM zu3qt-$p+H0!qp&hO-|s8@F0=>2%LnEgA1}y!2gqEgsgtN%=jq}s<+j~X9(mh+jV`} z6O-i1i)!4BGh%j}Gm~70N7THPd>D(dyu7>)MXF?hGT)(54(Y_p^W;LZv{JgaKBv0x zDy72uKnF#&}0z!x^=UhsfeI_XfMCJc$2!Ya6#Y<*A@}x zhxkg@M^`^nHTx8%z*Jv@7Z1+go?TM<(fkS*JvMHQOC@7<>G@O*zRwtTP0@KbM9M{Y zipK0DyCjC*!W+-fe+b%+*8l)2muXKi`Q4_y5QF=m(N`ZbT37%+M1g+J4SSyn2SLjw z$a#ZVw7QtD{+rm(dycZDKx>HWpwAZv?yG-9AX(CuD@q(avz4B$TiqRwhz@9xF+Nn$ z>Hv&YL{M=VNa{9~+7n)@n+&Zo;kpTGbh2Hw6$y2BKmlGmV3>6~$IG|)OG6*IE@uLM zYH;N-Oqw<6!lUJyNuL3vywNF=QW!?OE|P!^oW9rGM(4k%llahuFzKbB*F? z0r_7otUF6DYUSi~r7F$R$r`Z7yam>W~rv_yFXhwAC9Vh(* z1{jwy22ZNq_3`RBU09MD6GQr>zOt#*s6a*ocV67{b%KIA)y{_&ge+}vxi-A5x2N;9P5R}82U=)oSGt4ylfn*PaOPl zvDi&1FmeRp_$=t!v7GaZcd6vTY{`GAWH`z;WK!?KR%g;x#=GA*ENeFeJ9F2I_Za;? zW4O_5Tn{mjRBz2W48yYHHEqBQi7idawk^0L0=5V(<^X>=;v8axlSgxnLZVYjvMij_D`I>Y=-@ zw1FZwQfrqjpB90GUc){^6osKAHrtpq{3`u=aoh@^F)-9F%2Q?MUvkf>EQIM=4Q-Pi zmG5DTxsbWSPI%pJ(=mLAw*>1O3N6ARdcxXln6TCX4i zy)P-Oq+d{RCg$2xl`TX>V_Q0&ST`n?8YsUCfrvJ*kZbk!mTb~0O?gIFhL+s=;GGgU zqhf7XxAP%m2Bh+fOh z<0w9)$7{(_*+g)`UCU=hTUKXMF$jVevYv)axh1g8mTvWWaT|@ASGBx);Ii`^z$k1& zgqexdGGi=YGG&*sNktg4jk;VOVfDwUw#CvI$j!2`@~L)K0mbeHcED(E4Y*c>21aD9 zqVDtt>jRK@^Ceo#6&*Uez+UoB0PM56I;(k6y`498=#dRX9)B}gl1xKbOTg?X-bSe| zC6g0BL(N~b!S%^J$_x+#nc8n*p6#$uALKD9nZh-Vs*&b+0A9<>#~oN`MEobo`0zvc2o|2s+3_KB=|f2{oply1()+D&+$#Ic-(Mte0TOm zN+~7-BT@$%5tBQox~Znv7EcZ+QzN_}F4?-3Q?t2R$Bd;;P}(eqFXsp+X{noT^$&YV zzf^gk>)U`sh!viUxP6<}`iHOG9j+#k=ETw_V>JIs2zJWZOR&)ii+!fYFvZpxl-3l= zEcj*>Wu8iY<;q$?Fh-WR%7UWoM({{o7#povIA>-W_2k4Ra|j@#EZ$*7`oWtPT$~Vi zR=lWbN^C7hTnC$A2iC|PPnFulck<P1GU96P7!fP}gERp?Vv zxrl@g8)xj_IuLHxJ*6!6?9!IY{6f7$DJIXcPxeG&Tts$Z@VKQ(6mOcjEZ!1ezu)J< zj0I83ylwMJ-Y*~I!4>_T)ZntsMyb*#?N*7@5t&kPI1&+#s-E`*MOSM&?VJL}cmD=p zFbKr)yokJ@Q&4L{*F*l2pv}5LX-|FalM%)=a2zCRy+gJRR z@0f?Dg4h`Y;%f@{o{zJFTkarw6NO1<3NjZnKrL1C&pkTD$QA#~pZ>{x%DDhqjQi^- zgb2~m9;-(9U>Av)3oUDzO#{V+a_-&3#z!hH=UkfRpdk#!K>%CPX|mohMk$cKILQ0r z1xwAU-dlKq+l>Hm>K4{us(cBKAl!7cxn#a1JEP5@GS|-a`)sP2)IPJw)W|c4?&L?v z5;19K&z-Mkc4|Udsz>k9dX@!f3w!hHa`&($e>C{(ZzVSz+Y9?ftnAIj$7;94fA4wI z^|)2hYS6fCtHHT^^xSB-#Z|EH5nkW|yXnc=D@;!C!6aWVj#0>1Ntqh;eD~*nM=H*y z-(FH@Vh=G);}x*j_+fZin0;}o)M3&(NixYzLYw8{df;JPQ|-?Pi(ELVb?eqPhez?nq$<|fxdvzNnzd2cj2*X$RD!zI3`8AE~Q^$rq_0X<<)1FhQ8 z@`|td9TQ!x+wbVRJG=4UkMEEl@4wu;b1lfCfs5zrohDlk{Wv`_P`9kjxGqKi;4Y;m zN~Mno2Wb*jWl4?PruBS(NC?NzpeqFqcwpX1N7p#!As$(5vN5puBa%p>YYKEa@l zpcN4zof?H)Vm=+KoEEb~&a$KvEU*Qz{1NEKd}7+zdC*-Oy7d@Eh5KSjG6_cV>&yw@;gMKr^dX?x95jZzW;8n3r$;PsI1 zwM9;tLl^)#dsEGbTzr!|lLnQQxaagRt^|F1!8@W@A@`+sl`3Fg8F|xa>X1$x1Wm6@ z__+zX^qwsAr7IY#z^zKglq@7YIJI5Ud#>Sf5Py1&k7fS#=`k{l8kq!YKoe!{Q zpZD{q4Yx;i8gK8%Texg~7eWd@E?zS#AH}%kg|Ks5P4KI(RJ614dQ&K7OBQ$!Pz_$0 z{X|G^+s$<`4paGDR414W8#uH^r-TiBw)j+94Mlik%L53+hC^A;UJicF^cPdMhEp@P zst5tf!Jq+xh)?)TeiCm|txQ@LhxZjPYemS!PKOBC%>Sa=c{)ozS3KTS$pwY0BiK)!HJU!0>4zn&8Ug4f_z z?ED`Av%vfoDH!aEQOcmeH|YY6TumvHCyTe?m?%{;`?G&hrQ}<=hzk6dmSk>8^2^{qmR8;y)P6m zmf&Cdy{oiPgyE#hpxmG9CWz^RFEwX79%unRBVX3eZF>U%H|ynxyH{$g^uaUR4jxX7 z5+t_ZqI(vBCp3pFeSz4NvfljFZ#gt% zuOBP8gB7CpuM<%cspxn}@49GkB)K=T!&Z-?yN#M|dicbe3Pas%fgeY1_||60DBJi> z26b5N5r8R}^zr=5)$co1@O?)A=I`fUX*dK8RhCl#--*36S7dI3{>tFl)7BfJnou>2 z(ev$)3=_3mR@@Wu6%-L1EAzk{d@t!S2x&z;a@J-8`($1O4i!K9N4%SqGOtpcsi=|Q zHl0e9eU!qp@U+5r^5Ly+#al~#l-!t9c=hl&kK;Y6Q(j3_?~24DbTf^V0}>}7;_HPQ zkh#*44~bi+mo$ROji}PFDOpia=Jf0}->L@mSv`0A(AL6FlWKFcx5jBHW=ZDv7&Sec zxMQB7%Khq}IbKnUJNhz7qY^bWN8Y>$>JI4FZ`sgXT%PMG0=DSK-~`qQeWXMpxQq{+ zs=7`#!ZKYmtb&9CNzs8KQGmftvGkLe=c_I0I00o}Qw4GmS@y~(i0W&r4Z|{x0u^n- z8i3fU0=lS1SRm&ztRS6KZtJL=wbsz(PT;7EV{;F@bX{@#bkyKi&Hf~ZTjS+O=BTb8 z7()N^Jqd>9_j$IsVI@_aDn8WQidz88*$x#-c=%yjk-BGM3dO--80pN9gOclziS)O^ z28y;&Zkw0qlC#!sYSS zk@epcDh_Tt;?W;6);zb+RRs73iW&FQ2gAxES>PsW6#ad45#Xs*BR3VPno_{k zLK%MCYkbC;7sqXUHtlp)7mpPC@a~hZtQ*;L z$EjuP?i77Ub9KfJKADT<-Zxj@N@rc4j0T-z<`NXMOq4_8V@X|{8X`Jgo-pdbehJ?46ru0pHu^(4dX|q=e&$ggQv&# ze;viM+XG2(DuXBq!)!}iy=yFyE`soDCR~3HN-Qr?ol%AYya{!JSMKe>B43^Eoh{xT zuTl6j`e*c$7*(_^(w;^`kJmr#aV+wykE%_R$NFrLNrR@`yqVQtBKm}ge8l5Nha6@l zR7pu*+GrkZeU!`TW3UtVQe+ckSd(voh>#LRUo4#dwr8@{mYWFdsoVM0*%=}SNJ+&niTyozo-|n5R_kLQPIZvz@XyMt;*pc5S zK6y1wb9QQ71J&xkOw|A!0@IB6Pxb!cm=M>g#!!s5u*j1bc;qe#JB_}LiELA>7 za+IGHk>XI~f?zj%8yjNE`64PP>F!61Uhs^=^zDKvx)jTRO8dL!1Mxup?k#9q=*}Zt zhp*vfZ}#U;@fwOd;u&x(q`C$=GdR@0-K_te12lG{qk2dGnBE>AZ1{BflQgKQyD$-j z?2emB%w%E)M-iHEAm5Kh+cfR^efVOt*RBI24izMR0MXResItM?M=l*ZBoepRdrT3v zB6O_h3;16OWnt^Lt#r8IMtls;2E$Fw(?%DXsqA_l+)M(b(XTTb52#}LULqwfF3w&n zfpNG4duDl>zM(ud^$gzhQ8;5i3SVqvELV0*YzEivf~%VWvhgb_A2OBt}z_SgKF1|@L>6FHVzGx32uNIq5B+h&1s%n^3q}t)3|s2b(Lu% zy-l+H22-`xwt)0CnK%!U|GL#x>g)5)lB{-8`Vx{Gdf zdXdI5TVwr?8;$&7eRWQ9phQr{uu;mAo(HrFZovb8mJ0I{dCghM;JjP$Ph zY{}6{IB8O(J6ZGRO`ckK#dZwJuo3P{VO^izTkYn59PQ4nFyEW~enD2Y`~t3m1ovY& z&gRIElBKL74>8ZSs0i?y70A~crL!`00wdb*(8#0sh$V`@&g{7*J6|-A%4!K8lO@0t zrrKGW4#zFAl!?EldCP&RWa8#7?&9t*rAz(h6NqAO>s=Pf%`Q=Yh{ksi$@SN1)A_jQ zSZp}^2qQ>hPfj}J%Hh!0t7Jtlj+gqE_+daEP`&#zI=dYEO_f!i(6f{iIPF+dxPf&1 zcCf*L=}4IKri@5-?{eMv17Y8G@Yy?V1yP~BEikkK=tDH_HOU}w~M*{4`Gs9 zv-Xd-|I1arGP4h@tV$V0&3s46nNOzzH8>@2i6^iph$I}hcqMo#-I}YUPq@cbv%5wg z$?2V3#Kx|m_iquF>mGfV=(zdtG4kJ5k1S$d`*tn!DNhzm3lspP2vsuP3+YM!!5 z1G?{pgfW1TQIkNhq zEw9N!2nFkR6O)L8r|_Fj<zfi!^&CAtd{qvUtK*r;8=7cexTeOSVVR6@K7h zOR|BM$KCY%c6swC$^=W>qCP3fdNh$=vx%$Ob;0I{QRnT#)znWmnu66RM}J`EPh9b2 z4G9Z4HG_{IC64{UU7p(b3?s0q*9o>6f*W>)~_talCq_=7bK6$1G{{biLlVD zl>2cWwY<@}MmMo3kp*QUlr{j;miKS^o}R`OP`_cF-DEHAo}xAAf-{wujn5y4cTDYb zQ@-`Ek41at>2XEXyJo0qb@-|VDak(~yA1J2?dV9sfp7kj>UY>>FS1bmmghKJ1<{5h zWmP(g8Wdj>3Z@MtGD%bF9?PFWvgfK}hLDEiJ8^Ds_}dr4@!(TIOl{WQGo!2&#K=~t znU%IE5S6LK$(ktGAGNb8;hEYA^u*SOs&^SCx*r=O(!0t#E6MmMO@^8rC~It5wW@2) zut5I!rY<J??B@!xIlPF@m=Y2b#nQnkX$qIKVwZ zDuc(K3detaGgHe9MoXVyGbf{GPi{82R4`!2qhXSr zM`h8mEg?jLq9#YoZXL50c8=W(-fL-y0%gauF7=R;L@@>w8PP|ml?ZNMZs|>QGhkWH z0^l~GL)hHb8NJ_@=x&iFKu8h?sH4#eGMNuXR=o%mOTWV5)eRtEcfpXn>b zSFmg(cF>@)QVu6OUK9~o=5sT#k`8JSoNe!H%$ILlyMB`Jr<$Z}o25f&5*TGCsQbzv z|B$<{9CZy-IAZhKXW5r1LpkdVL~lDj=AXjktY^UGMPB?*V=O9X5>}i&Eup=9mt&Hd zvF3}9p(#a-VIuSMmy4f$*G0~ivMV?|`lKoa3hHz-a1QsAGOpxp4tHqLq{k|fnp^w@ zr74KnQ?4>g?x}JjjK0-{nz_lMquIr)tUkGaw!~oQx>f*ExtJ;-37Dje!4`}89RC(A zEW#4X+BGo)$YUg}M$i_255egskD>O$c5J_%!*3DThBYXxJ!^YTOZFo*$@N%O3Qcz} z>*^SvDZZR?I)m&cuC9pYAtIE;21pWe_KG+*%u0)p!&2^p?dQ6|w({6$B_f9yt5rPp zWy4~o(c~-H2g=Hl)@s)ZUVz}4Y~|p=izm+xo};Kfhjf1VkJ-T=&d7%1hQO%rS4uGR zLokthUR|dfeFiUTlyxVX|+t_3|;RO%Qz4bu2i zu6zGhc>+*XQ{-0KL4v;+;VMaR@jLQpO5?&JoWd3f4KHv)jugFCC-3zXGR&T$bVCry z92`2BjCR9s0F0uiRE)*OqTNM8&=j4i0w}#|E2{h;K2WTnY^+2sk zNJ9e@4Of%OLV2JJgy<)n9Zb3^_$959gvR-~A5?*h#SZ}|3eX^L!|A%;+5h1&kv+gK zRj8Ko$YE0k!!Yzxq*u^6-4X~t7k|fCYnQgOEx0$V2L{e2c@U>&XQt#`yT2g2lt>=# z7+{m@DxEYfEeRJXq5h-gOIVzoe@{!vTC(p&Py?W<-TzI#%S!m{dGH0{OD|f?HQoisbX~x4jQ1JD@3MLPZ!k#szZ7g*NK^ zq*d2v@BS=x&pU8Nv!XQ7Ku*|Mb}Mm|Bu)2<-3b;E<`+iL;!;WEQUs1!i!5R#0Fxfi z6o6M%s`w0X%z7q29^QBE#n;Qn}BWKRddjST_V`Yt=Kk!Wji_q!V%#01EMUN zfD>Fjw(|ka&9gh67dTC8#J_`hOq1+=3qn96GxHN`WGpO5$NCM9&CuAfg7+Y zef>brSi64Ov7(lq+9}e3uld>dlKN591zHZ#??p?ydBv*oQIXGD+~#LHzJXgSu6XH! z^j4&zv=^aW`(yOWhO?03M_V?rlR!8G2m&Hq1E7>_3ok_S<|sRi>Cn$|IBJT8iX*x& zvxHMIj7q-@jh84<^D{y-$o3?K^tJdoW#}M#yJPcObw(?NZ){WUgZzM76#PpOPck9x zvq_Gd+Nn9!0CX8=r3?71H=08*p72ZEXo~SiQYet)%*lylbk)KnZ@Ga@enx$`)%Tv_ z-gq0ZJ4g#w$rePIsX->9Aa%SPE*f?5d|d_d*n|lxZ;pU$*}rw|jk}(xxpE*QD>HZD zNxNsiIhNK$-%n=&dBO4X&C}puAmaXvqu@*^M|3ZtLZO&^(i3xX^eL%w?4t>H}bPtMq~hOc5c= z2S5DP*k6NslRu~GbdUe#PcPQ+4{}v=X9p(j{+L@j@b`w5*Db|cf1xPeCp3`Wx#Pvm z?849Ltz%L2O&~4jO&7wG)qW`@xcdtw*+3g@B>3rh>xROTneAs-j&;k{&%u+h(gdcQh& z@mV_oLFJWR^^}#_9a=~h_Z)Zv7nD~}b{wP#MhZPJQb0tpZ#d)eYA(iSo^~}pXEcPXuZH0S;;rKe5FaiW*%t*Gp_kj7k|IOwF(;+X5AS%BM zT*m}W-gj4uJ*hyhR`YSuF2^)2x7-q=_$_azN;=Rdl%}d+!N5AMGA!y;FECF9_Z0fc zg37WVR~kpF$a&}X)t&G^h*>c=D4<$vl9p^+t*ed0FE?wK2Is_zkaFSExVTKK{(srP z^Wk}<_130v!K8u8&YjyAckX`RX)~{jh>c}LZuJK&9%y&C` zXDqX|5&gK?JXV-p-U?-g#zHK;H^97N4M5C`^zh^CpAqTvkI1tA2<}a-YiuJ(t4Tg; zoifcBwU)l=plC)orxlDiWiq51BujAH0b0`1aG=p&(@JB>>bM)}WqPAVR%LcOgy|%R z10z2p#8c$t_NZWfg+i5c($I2<+rmJToKo)Wt* zjki~j9!j`pkPpERc!pM7@#vzC=S(>)B`(?% zO)ylAi#9b9*hw)c^iDr)wr4WPqos;mWL1EL@mMqd{cYBWG=tJ}ZU428Ek z=hSk$jcUp0uErl*`bPWYA zy`I40C1a@V>cX1Y9UA)!B51*mh6pQ&)+K+|L3vW ztBIpDiiA!D>I8NKgmR#&zivK^j{qQcba;kLlo2?;HT&%AhtHqH8kO@3H@F^2Bm9I) zdCh@UCWL8c$Ak1-45^#Vu~3F>YG&=1e-oPLN$PbA>AeTd#HCa- zSFvx43yd-R_UonMpXVTaosA_A6tD^kQMFMsNW z#~%4QI)qW{M1p?gxjVXDSi4Od_&YG+bcw}h-z+e(^U5FL#KG*gtBJ*Rb@_#ikPCT` zM>nBvldL@>STdpO$~^8Li*_S?b8AgO8ir{d5-11)(O#g!QCLcMpQdtYwEC zK=heb*O|Y7u*H3&b*iqL1%tbo znPJW1ZM`ZxK|1hXX#y}QFk*^}hz~VzwU28ST~)fj*HWACLRmYwI|IehO%z_u*kx2a zT7Cq|>Yw-g3Ct7mYtKu%E{Vc%QgDM+MKEV; zD5v5;*3B|UzB_A5g$M3Qek#Z@O{U2k_nL0!@`ax)j%RNubPS|ExtQ_)6l8P=8_~H= zIy%gcJ{CAA7srbkx`$eF&!XCYa71j+_571l%CgUwpL(ujn9bCLbf%I*TTkm5vLvds zm|-%0VAv+7cAqm8*q-7fe+?pxwEJEO>WMWp?AgUEVp^476a!}ly(lgvy+fiuYpqZX zb=Nsj$)Jszy5zWt!<bsdb}@VU z?BUgK{@(xj_&5H~f4-;xtoY;q{OsA|hmXI!pCTCvD1tLBgsA>FeYHG-1I%xS28>EF z7?JDksU#&vvU%9&%O6!WiT1F%U_vxti1c`W{&>j(i%Trw#l>Y=hN4e@?gmr7mfd-3 zs&HGCPt$X`W7WqvL&)nz6&p{B--BAlGle2pHTmPbXJ&m4Ah8Q|47SMQY;*P9irt0w z!>#gNw(;E-?B#;?Mm|9M$rtfg;Kpo6^JmXxcO1S+$Fn1P@Cj=xH6E_td@Z+yr}so> z3uJ2ZU7E7}=qDzzWj8ffxw!tycGA_})v3XELQuLHD*1n8adC=-8)+Eg71u}kSmm|= z6U1ou%AsGcFR95&0EJaRlw?YC(*iY}D?kR+XKaY`S2S9}KP&XmU0@KePw!m9#4itD zlW7*;-rh~0Qgj3c(EVY4@p|>r8_`{1cfC60CJZVZDH!*J#G|b>Jg&R!a^y5oT0GtQ zhs+dPV*bFb3j>uXFDMT!ku~F9MA-6ZU(sQz`F4Dh+hF(wlfZ=iK;cjDIQfS2c>(m{ z>#Nf@^A7I2;9uGoTF&V!Easyht}c8pYHmlhVBZ~!FdZH#AbR{ zT}WCbc8ZiS-LJd=p?H`)YX7C37{~1eC%HT4QWD@{3O}umvH6$rjsXs$ZocehfP#MQ zgpKtLV{Q#sw9YCDEab$6LvcpDk?2xb-{wg+cka)ztxag zz}^ntj(=_av?d?iVX&5XGQFg@LjlR|K{I#iu$)Z_X^m#k-9dB#baOb1pw;CSEk{0+ z6tXXkBbD5cNs**Hm$h^frW?y5Km?jTYP{S*S*@eH`fCWSbue#a6X+)BR?AFBXEuE%c$w{9neC#1#Ml delta 15461 zcma)>34Bgh8u0Hyh#*9W1d$t&5Rynp>|5-yCb5^|mAsLccZs}NL}|3DE!A2st}3;6 z=!R-(M~h-iJEg_6rqxwDZFOI!?X-jX{?ENP=r{BIe&3bn{?9r0+;h))&htFyoR{%g z-Mg>Ws{Wv9opnmnv^%+_L%pG<)vu*#O`<(nEF1lPj4a63$cdtelN8+L==B~@!$R}x9IF1!tj z79N5f;8EBeUWUz}P9c5JvY<3L6}E)SVN+NX5TG8OgVhceQA`+XfDWQtpQG;gwK2{21&3Ux5Rm zV&0e~Z7`G%dZE<22g(N@gQAI}4*v<$us^MShHZR3pcvZ(D8?}l%AD_pVpK0dw5|OE z$_Q(9u{+oa%G8a3GhhiE3eQ6Rv=$gvxIBkqD^sAfQwC%BzP5#gXy64X4SysLV0{cj zI+Orq1pOhM)+RgoWl$R04n;#}AhV_Y8%Dx*S+hbv%H@=rmT(qmAj=ELsj zUm8+OBwE!HA%oW@LH@J{xQWV6Leb2JPCm4!t+50s0~i6N1C>xTvKm&x7oGCVUbbL%jhoFq` z1eAe&?67WMdjK7w40N2srPU;4P7XmC!KYB>?m84zM)tE+*A43AbD&u994J$>5{jSi zg)(*TLg`RAHyPm=C>^VUaqww47QPO}=BnEau#IF06b+O?8SzHg9KHxeL+2sd*J@`o zYS;%x!$nX!z8*@T+6QIiKf@>(gKsv2=}=TZ1jq&_9?sfPMlm==KvZtcG z!@*EqbU_*Mau^Q}LK)fHP&)c6lz}AE8z~M;9xA;f&NZ7`Yd zYwwd_+O&GZ?H&(>w5=7vh44uzbC^tPn1wbSO2eDDVXxX}kS4VF5q607z?tNqfMa08 zk#+~BLaDz7N;_v@bq5j+M%l)b36sdrhArVkFahp?GNLnZ0K5jpHu{ZbO^4&5*uXZ} z9v+6$?k7-2-jH61)enL)&~n%UK05~er;#{KK{&hu#aO~H(N-`HCd1xPRPTl|Ra>CM ziL*|=POkmoESO07?M{9Pj3xgB6k~i9)`K6xI`DEX`WH9(h61tf=ser~@}RunhBC(s zVQ09-$-e<*WIsX~X>vXW3G<PeGZ|hEwb* z?EnXg|L2oP<-s}_15ZHt!21rh+idqrfRU8vL#bZ`GvQjO!&jla|0Qe<>r8b91Z9Bz zA+w?tL6oGu0OyMTH=bs@&mB-Sa01GRFTr$J`*yp5OxTS4R2T(IAoi-=2b;hPurB-@ zhQM#3*vwBb7PgyizdsOSx7s8aC;tB@5^dmLp{VpT*a$|DWpr9eNr{ zgD=8|6eEP9iAA$$9Il07l&>vd(SlnF=>+A^xHatu=q{p7IBB+~or6baqkl1;RmDU# z_#%vhtvvRJd&Ab`Z-c3@683|;pmgY;P=`N42|ST=?10r9CX=55rGv|0DBKE%!97sw z|1hW8ZZKx9y=+c~**w?)d&7&c2aNLCZaNlrBEQ_>K`1uxF-(IQK6}b$LYmepps4&8 zh@)s%;BYw3Z%^f>YA5k3%#n&vjAlT`T7-2#ItOS78=R4cZ?pfVix-26lyCIr+FU!YldtupPVr z6X6v&7{-^|9VmjL!ABilgi=4M!tPLS*in>JO`;nQ9*14vB`7^>R%uU3K9ng~17)PI zL20P@e7obl;6(CsVJf%1Och4$vNJ7hMsz0d>OEV2XG{V(b8 zd=BGb>w9c(>UR(GFAY^uAR~AZ_J$uoX}IN5+r6ei@z*C{H~4qh4u;)pcf2zkP2LA( zDh@-@&}FzEX5MFO;4>&APrTo*KjVH>HI#y$+pp@SOrDKo7 zf55Mu=O>rjR{ak+hVoVq*j_XT4k7PjI&P^;cWLORf7 zmCX@Q{QVv%AATN+s(*p3VsM>Bq?iczjec8@~feA>@buO{RX?j9_wry^1|WdABFP#b13a3 zt+&qsGhiL^1u#>BbTJ8Oa5EeO--Tj?9ZlPailFrP87Lk58cv5jH`sH!0ZRRMp*(N# zu>Ijem`Q#IoB-d3yIKv8YSM{JdsL;27~$Tzj$pcvokP4)=? z4sR#ldb8c&0yvfYNhn6AKgy{G7QylG0_+7lZLwJdtA|mrjf6D(1W{SGI>!8_1@8xoJ~u>Jba zuqF8)pfucYr)?V@p{Oz!iiVa#aoe*{KG0&9Jr%PZJ`PhU{{~7RYW0{Mpe93U_bwO; zw>(yDCw5aXfP(!{UicBl!OnlOUlf%1WO;Bwq;c&PDiVeI4 zqv3TZOScyNg57W>>`Zzk%HYGn6ibiI^TF`*?;Ch$}ABBnVG?Whg z2yQDE=u|eexv;E2cIY%G}jl<4J6)$vC_Q zvz_!k@NdXa-s=M+kd~xxgFhi9$R))3{uL`>-*Tzc3;E0`y9z%-A}N!rE)*}A1A91S zUic$rk4XhCMcxZ%BJs#n@_4Ofgl8f4uKkSsf&^szlaN*j9*9LUkH}b^-Y(B8GMjxsJ%yA1Ss{wzqVpzIfF%B!RT8e=<>ILJ+w|BAuM{ z%T|dUzXy^QLz<0#!opQp$%TLrFi3q>+9QzJ-*LZjH#**rGH3Iuv|o z727M6B)dELzc_3Je?Te_aXX2Qw>yn(Cp`d(M8t#2kPi^K-a#@E335HDe;H=OIB4zv zp>@6MFwSXIvJFXBAOn&2o#*|a->K69K16;#On1tjBj26$0^|;-OkSOWoI;`{!{y;w zbvX$MCUUhv79vfM@jUz<$~DnxWbiGG`6-`EJ_&w>lM z3E7QIM7V7I|I5x;;kO6r$C1{^W@HR<>vh`6=rnjY=>y0Pq!#)9$TrdvB^Qxi4sS<7 z5xG_)%MdrR3wcw%Uyq8ZWbQ<2lU@MtM+PIeUhBwYAv37c9*ITdY6M@D1RR2dkj#g@ zkucID!0yW)8pM!6ef6!78{IPJteH>-9OA<49enFwuGcAo)6^ zE8z@e3DORkg_y{#S4Zk44|7WX4ReuUPD3q8Kj}RC0yZ|zWkwF%K&rD-nng{wQ~L$V z{_d2ofTc(kl89_U8X$5NDQU*|D6@`Ce5&*ItE9(~eg)2U%1ByA!m;G#x1>ABe}YUS zT_66A$hFnFvoC@Dcs2o^N1j3CdLC&}43yogtf*9iy6LSz-P6L}svQO&~)&A!A- zu5kySqcPdd+=CMnxo?=5rqYa46YnJb?xeo8{OyfalUtLyJh`tCbDO+6 z>Ncr3@3ywwjoaFBpFDLi_f1o!Wa#v4?)Oda&i%;rWbU6&m-priDpO zZmAS33zWKzBb6@{NbqLX2qHjh!?qyL;hIl;EmRK zS{9%YpUdl|Gv5Z%Tc*`KwkJamRJcovyn#v{&n)R^?3tGo5_A`m8(ErStScRa3f?Yl zXLJoF8k>S`jsFB^)a481z7pg5f#ycAEZSIJF50?K-pTl~e7mu?qPd}0j)+DLVp|^n zY+NPa)APp+Ben#?jDkv;-g_#=j{a1c!Ts$@anJ_yWx}V<7bDs{KgM`yeq$>o`9t%? zH)5(%T7_vtnJc0NR%N*Z)>&iNO{zOm>x;W9|4=Jf<|>oeQd4W+l2~d@UD}@e(WM=Y z_4j7BEB8xK^#9QqbdO&jnv*+D_XP^YZ#vvJnpZx*FQs;vHr)8;c&3qa|8k?%vQ?Bm zu}p^Zx^-W>TrB3rzWL6_I=x)^)v`ee*{)P#}a zjD-AlwZb&xXl1l9JwJ?aA*DALr*a7z9(%%gar(nK#?Xx^{Y&SHrCU`CZ@6E%zdUG% z6>YTZf7fuH8>ct6YgCx5yXP0U-Gx@)uWgJovL8tb3DZV<1{xP1nZPJkZxW@wwMlIE zs+FFxSyq|9Z0^kcr_DXNk9<__qqnp+hHmL&q-+)EoV9h45w*R9)VnuXI;({LF^ zse4|zr_}n|vpYLC)(K{*sl?CH)H09HZ8Y4a^G3?9A>8Nf>e|fmHy5klEVsX)*vE)a z!0BDPjm3}U)FQcjcQ0z5+&zqYgFUivj@mPm`;&WmHP_|6@q_ZGvJ;|c~#ic4KVw}eQ`=6tTQf@0n|xGydw%!(vW@9#`>YW2*_ z!9BgjI+ZmzH`HTmill{OypGz`)hZ;4j2zbkVZn1?rm^U0xv*f1^Mjb9ef zVkO%nE7&;ZOO3kECx=UodFAe)xPGC}Ncpo&TFPOW%nOHQ_&r{f^fxb#t|wK4bNW1-k`PMv0|`g(QSP&!s=IabHEA}6_ch-n2@AkgW*|`DvKBlRB%B_bvQ7p58Q$`_!J&at zd`sdnqmldXx*RZ=3xXm8|=*DuCK_}ED39STvoy`N7ue!V!sxc}V> zqwafc8i~miRXLt-jCilB@%(#nAsK1i(z+WTz1L~f_|!qtan|5ewpZ?6dYAN!tkm?b zsTn=>^q#%4vO1+_q^F1Fj!n%cx(5Gey^M@rnNrV4d;b-q+XpEJUj87Vma+Mh_QsY= z%Q)x!a4E{@_wm#NzkNJa^&IbU`$__O?!b|QhjyV~=-gfED)5{*AUkY3ke3h|-E8+g zg@Id+MG2pIjEc`6lw%Q#VnWTS$QR%|G|1~h3(!+k>LP9}G}c`98c%-Nzjcc4FLzf2 z(7knrqW1A8abDpwim3Ga= zZB+9*);X!_n|@6Gp>O(I_nt=QZ$n9S|5nZqC%zRI%l)p1`@!$T0WWVHi&Tt5#dwdZG9L*D*bLQ|bzWcmL3m&M$@|CS&aaW&FtbEVIXR2$=gE74Bw z>;Hrq$F9geE#hihq(ZN?Hj^q;Q{%0x;`0Zt4I)gAVJm74g!LofFSAr6LG8q! z{l=>A^?F_p!^g2!{oc}O@_U34_Nz2%=bD)BhpI@j8P}VeUFxWovf_|7BCboo$ha;& zo^gG$b?+Fa7uZukr5V@TtedIot_xS&Xd$34nyqf|qB-*nxts>#iw z2Idx}IM3Bo32jp*mQ#weVkce~o;u52fbCc|lNM&)T}z>S^HMFR|Q_k$y=!2doc~ z?wi^5==s?Y>kTVCxvm;O`G&eG7u-=#VFTuYdWtQBd9j|T!2CW`wKm@fRpF>mG9BzW zlVtmv4%O6&XR|xRRCQI1xpS^+CT|Q4qmw0JRxiE|Q~t0t_T+>VY}-8AKr!9sj|~)N zWaczfgeG%SBb6Q+bjxwTM|%Z?FN zr@n7W>vJMhQ@%ubmW>YP#-`R}Q50=nd{{N0oT{zODUsCw?n%Yj!o1u}jWmm!E4KFL z!=P@OHiR!2FJEnDu5KZgWV)hNp7}Vo`Lt-<)@kio}o^Dcdx6sTmck-Z8(ARUOUA zZB#omCr&jq)6G#{nkz0##>jrTixy3Lw#*7>#2@W^iVJK>F=d*eM$2p!40cvYF_BAIIWvM^;SeK zvr`|d2h@r&pX;Mq^}2Bq^OX?Ub$nSb_j4L^pV)7m#%{GIHu@*FVQ6Ambm&rF)z*Bp zKhyYAf5ozHPRO=AYFV~rM@O<1G1P1{(CY7k!Itk07=jU;8LaqG$t2y{G=?Z5r^(|C z^Yh-SQ8$hlgb{1$U?$NB8^sgboM@k>+fmc@1FwfpyGpV8A*QP~hWXA=HJ-*&hgpLx zvhn^fHLnh>W}A7#Rr5xy90e}lEDtLOV~7~8+L+$qss*o+jy5~zs7B`Q;np;s8Lmd$ zQXcN4qv;fp+wNC+naAr{zzkwI)V#1|glbH<$T#zHRAhLeJIL0HT`x{=f3~?9 zLk;sJPtD^atnUpNN%*=p!kRBhH#z>q&2!oD!@Ngn7vsWt_bepR-sHiae1Y@bcWB{#S&r>t)6Po#DzN+Ly-;cALs(8G$3XqF7 z50AHkqLm&$L0KWyh`$zP{y4$1o_&=}WUq;q=66iAjQP|gwcHGuV!7YIDQbl|V5(X| z>nEnF9P^p!be%(-cs!zBcxb@s-?whU>nTJv4vFSAY)pW)3Zg!nPWGR`d>NiWV ze>h=NdGi=&uA4z@shX*7mk57xmKEF+3e;5Iyt6=Y0u;11KP<2!beBRkqJduJ9O!uC zqe69$`JEg0-|x0!em#%n0}sr#T3S2@ANY>-LyfYcn(6hbMzmSwRsF-{2diKK`@>Rm zO9DFW>{kf{&uxC?$;&Mb%w}R`|MmZMz_S`E3j|YiPAh=|St0&-$}`_BQ3d9bd1^qN z!tw%-nO=uQcyFm%Xl8}0CT4L^#>%cJ(mXarHSDep@p4Lb_7Zx9i(hSQS1Rr0cx)j* zvDhae|IK5e*}FpZh>)Wkdj+p+f$Rm@@tE<6ip`N3tgz<2OOW&Eu%M!KH{Aww#u=-xr-Hf|W^$6i-ZPuMf z7hzw2xlg@H{d4!T(rj6wB8|UYZAiZ7GBwbAa+xyBP0Q8FeuLdUS5N{AKcsTt@VYs! zbNVQq#Sg;40_@AM>>WYw^y`0N^MIzC;a*gTq%hPB4`H56w+v&CB0yEHRzt(s?su2ZR`*REr0m1e%V zj;&Ri*>1g>3>K~@)})!gu4e^EGiRG>H)y=U+K?r0uo?!jX4wW68OpjZ2O*D{5l38j zY=eq3uWe8hh}A>9<`LQOc^|eGtsM{J17YT=hZW~M^HVz)y3vXULpG|e=Fvwm*%6yr z1+Q&V?@c83x%Gk*2MRs2W%>BSp|ZELhYE5cCLHU*awf@zlSr9UAflpz=m>msB>NI zBPLdXMYv0GA(GZX)HaR(b?`Jt>{JPnt{@I9p5x-2X&;Ep)jL)DcsHw{$IquZZU*i1 zW+@^1Wv6u-BbQBSMR I{D}B}07i~IE&u=k diff --git a/po/es.po b/po/es.po index 4ee6678..5cf861e 100644 --- a/po/es.po +++ b/po/es.po @@ -1,8 +1,8 @@ # Spanish translations for cryptsetup package # Traducciones al español para el paquete cryptsetup. -# Copyright (C) 2014, 2015 Free Software Foundation, Inc. +# Copyright (C) 2014, 2015, 2016, 2017, 2018, 2019, 2020 Free Software Foundation, Inc. # This file is put in the public domain. -# Antonio Ceballos , 2013, 2014, 2015 +# Antonio Ceballos , 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 # # ###################################################################### # Traducciones dudosas: @@ -41,6 +41,9 @@ # temporary = temporal # reencryption = recifrado # invalid = no válido, -a +# lock = bloqueo +# hotzone = zona activa +# unbound key = clave independiente # # ####################################################################### # Términos no traducidos @@ -70,1144 +73,2321 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-19 11:45+0100\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-16 08:46+0200\n" "Last-Translator: Antonio Ceballos \n" "Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"No se puede inicializar el «device mapper», ejecutando como usuario no " -"administrador.\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "No se puede inicializar el «device mapper», ejecutando como usuario no administrador." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"No se puede inicializar el «device-mapper». ¿Está cargado el módulo del " -"núcleo dm_mod?\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "No se puede inicializar el «device-mapper». ¿Está cargado el módulo del núcleo dm_mod?" -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "El indicador diferido solicitado no está disponible." + +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "El DM-UUID del dispositivo %s ha sido truncado.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "El DM-UUID del dispositivo %s ha sido truncado." -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "" -"Las opciones de rendimiento de dmcrypt solicitadas no están disponibles.\n" +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Tipo de objetivo dm desconocido." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Las opciones de rendimiento de dm-crypt solicitadas no están disponibles." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Las opciones de manejo de corrupción de datos de dm-verity solicitadas no están disponibles." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Las opciones FEC de dm-verity solicitadas no están disponibles." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Las opciones de integridad de datos solicitadas no están disponibles." -#: lib/random.c:76 +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "La opción sector_size solicitada no está disponible." + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "El recómputo automático de las etiquetas de integridad solicitado no está disponible." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Descartar/TRIM no disponible." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "El modo de mapa de bits de dm-integrity solicitado no está disponible." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "No se ha podido consultar el segmento de dm-%s." + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" -"El sistema se ha quedado sin entropía mientras estaba generando la clave del " -"volumen.\n" -"Por favor, mueva el ratón o pulse alguna tecla en otra ventana para provocar " -"algún evento aleatorio.\n" +"El sistema se ha quedado sin entropía mientras estaba generando la clave del volumen.\n" +"Por favor, mueva el ratón o pulse alguna tecla en otra ventana para provocar algún evento aleatorio.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Generando la clave (%d%% hecho).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "" -"Error fatal durante la inicialización del generador de números aleatorios.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Modo FIPS en funcionamiento." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "" -"La calidad solicitada para el generador de números aleatorios es " -"desconocida.\n" +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Error fatal durante la inicialización del generador de números aleatorios." -#: lib/random.c:211 +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "La calidad solicitada para el generador de números aleatorios es desconocida." + +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Error leyendo del generador de números aleatorios." + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "No se puede inicializar el «backend» del generador de números aleatorios de cifrado." + +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "No se puede inicializar el «backend» de cifrado." + +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 #, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Error %d leyendo del generador de números aleatorios: %s\n" +msgid "Hash algorithm %s not supported." +msgstr "Algoritmo «hash» %s no disponible." -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "" -"No se puede inicializar el «backend» del generador de números aleatorios de " -"cifrado.\n" +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, c-format +msgid "Key processing error (using hash %s)." +msgstr "Error de procesamiento de la clave (usando «hash» %s)." + +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "No se puede determinar el tipo de dispositivo. ¿Es incompatible la activación del dispositivo?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Esta operación solamente está disponible para dispositivos LUKS." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "No se puede inicializar el «backend» de cifrado.\n" +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Esta operación solamente está disponible para dispositivos LUKS2." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Todas las ranuras de claves están llenas." + +#: lib/setup.c:434 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "Algoritmo «hash» %s no disponible.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "La ranura de claves %d no es válida; seleccione un número entre 0 y %d." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:440 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Error de procesamiento de la clave (usando «hash» %s).\n" +msgid "Key slot %d is full, please select another one." +msgstr "La ranura de claves %d está llena; seleccione otra." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"No se puede determinar el tipo de dispositivo. ¿Es incompatible la " -"activación del dispositivo?\n" +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "El tamaño del dispositivo no está alineado con el tamaño de bloque lógico del dispositivo." + +#: lib/setup.c:624 +#, c-format +msgid "Header detected but device %s is too small." +msgstr "Cabecera detectada pero el dispositivo %s es demasiado pequeño." -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Esta operación solamente está disponible para dispositivos LUKS.\n" +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Esta operación no está disponible para este tipo de dispositivo." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Todas las ranuras de claves están llenas.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Operación con recifrado en curso no válida." -#: lib/setup.c:327 +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "" -"La ranura de claves %d no es válida; seleccione un número entre 0 y %d.\n" +msgid "Unsupported LUKS version %d." +msgstr "Versión LUKS no disponible %d." + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "El dispositivo de metadatos separado no está disponible para este tipo de cifrado." -#: lib/setup.c:333 +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "La ranura de claves %d está llena; seleccione otra.\n" +msgid "Device %s is not active." +msgstr "El dispositivo %s no está activo." -#: lib/setup.c:472 +#: lib/setup.c:1444 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Introduzca la frase contraseña de %s: " +msgid "Underlying device for crypt device %s disappeared." +msgstr "El dispositivo subyacente asociado al dispositivo cifrado %s ha desaparecido." -#: lib/setup.c:653 +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Parámetros de cifrado para modo claro no válidos." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "Tamaño de clave no válido." + +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "El UUID no está disponible para este tipo de cifrado." + +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Tamaño de sector de cifrado no admitido." + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "El tamaño del dispositivo no está alineado con el tamaño del sector solicitado." + +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Imposible dar formato LUKS sin dispositivo." + +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "El alineamiento de datos solicitado no es compatible con el desplazamiento de los datos." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "ATENCIÓN: El desplazamiento de los datos está fuera del dispositivo de datos actualmente disponible.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "Cabecera detectada pero el dispositivo %s es demasiado pequeño.\n" +msgid "Cannot wipe header on device %s." +msgstr "No se puede limpiar la cabecera del dispositivo %s." -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Esta operación no está disponible para este tipo de dispositivo.\n" +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "ATENCIÓN: La activación del dispositivo va a fallar; dm-crypt no admite el tamaño de sector de cifrado solicitado.\n" -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "La clave del volumen es demasiado pequeña para cifrado con extensiones de integridad." + +#: lib/setup.c:1821 #, c-format -msgid "Device %s is not active.\n" -msgstr "El dispositivo %s no está activo.\n" +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "El algoritmo de cifrado %s-%s (tamaño de clave %zd bits) no está disponible." -#: lib/setup.c:925 +#: lib/setup.c:1854 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "" -"El dispositivo subyacente asociado al dispositivo cifrado %s ha " -"desaparecido.\n" +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "ATENCIÓN: el tamaño de los metadatos LUKS2 ha cambiado a % bytes.\n" + +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "ATENCIÓN: el tamaño de la zona de ranuras de claves LUKS2 ha cambiado a % bytes.\n" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "El dispositivo %s es demasiado pequeño." + +#: lib/setup.c:1893 lib/setup.c:1919 +#, c-format +msgid "Cannot format device %s in use." +msgstr "No se puede dar formato al dispositivo %s en uso." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Parámetros de cifrado para modo claro no válidos.\n" +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "No se puede dar formato al dispositivo %s; permiso denegado." + +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "No se puede dar formato a la integridad del dispositivo %s." + +#: lib/setup.c:1926 +#, c-format +msgid "Cannot format device %s." +msgstr "No se puede dar formato al dispositivo %s." + +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Imposible dar formato LOOPAES sin dispositivo." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Imposible dar formato VERITY sin dispositivo." + +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "Tipo de «hash» VERITY %d no disponible." + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Tamaño de bloque VERITY no disponible." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Desplazamiento «hash» VERITY no disponible." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Desplazamiento FEC VERITY no disponible." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "Tamaño de clave no válido.\n" +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "La zona de datos se solapa con la zona «hash»." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "El UUID no está disponible para este tipo de cifrado.\n" +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "La zona «hash» se solapa con la zona FEC." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Imposible dar formato LUKS sin dispositivo.\n" +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "La zona de datos se solapa con la zona FEC." -#: lib/setup.c:1089 +#: lib/setup.c:2208 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "No se puede dar formato al dispositivo %s que todavía está en uso.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "ATENCIÓN: El tamaño de etiqueta de %d bytes solicitado difiere del tamaño de salida de %s (%d bytes).\n" -#: lib/setup.c:1092 +#: lib/setup.c:2286 #, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "No se puede dar formato al dispositivo %s; permiso denegado.\n" +msgid "Unknown crypt device type %s requested." +msgstr "El tipo de dispositivo cifrado % solicitado es desconocido." -#: lib/setup.c:1096 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "No se puede limpiar la cabecera del dispositivo %s.\n" +msgid "Unsupported parameters on device %s." +msgstr "Parámetros no admitidos para el dispositivo %s." -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "Imposible dar formato LOOPAES sin dispositivo.\n" +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, c-format +msgid "Mismatching parameters on device %s." +msgstr "Parámetros discordantes en el dispositivo %s." + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Los dispositivos de cifrado no concuerdan." -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "Imposible dar formato VERITY sin dispositivo.\n" +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, c-format +msgid "Failed to reload device %s." +msgstr "No se ha podido recargar el dispositivo %s." -#: lib/setup.c:1160 lib/verity/verity.c:106 +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 #, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Tipo de «hash» VERITY %d no disponible.\n" +msgid "Failed to suspend device %s." +msgstr "No se ha podido suspender el dispositivo %s." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Tamaño de bloque VERITY no disponible.\n" +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "No se ha podido reanudar el dispositivo %s." -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Desplazamiento «hash» VERITY no disponible.\n" +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Error grave durante la recarga del dispositivo %s (por encima del dispositivo %s)." -#: lib/setup.c:1285 +#: lib/setup.c:2735 lib/setup.c:2737 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "El tipo de dispositivo cifrado % solicitado es desconocido.\n" +msgid "Failed to switch device %s to dm-error." +msgstr "No se ha podido conmutar el dispositivo %s a dm-error." + +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "No se ha podido cambiar el tamaño del dispositivo de bucle." -#: lib/setup.c:1435 +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "¿Está seguro de que quiere cambiar el UUID del dispositivo?" -#: lib/setup.c:1545 +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "El fichero de copia de seguridad de la cabecera no contiene una cabecera LUKS compatible." + +#: lib/setup.c:3058 #, c-format -msgid "Volume %s is not active.\n" -msgstr "El volumen %s no está activo.\n" +msgid "Volume %s is not active." +msgstr "El volumen %s no está activo." -#: lib/setup.c:1556 +#: lib/setup.c:3069 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "El volumen %s ya está suspendido.\n" +msgid "Volume %s is already suspended." +msgstr "El volumen %s ya está suspendido." -#: lib/setup.c:1563 +#: lib/setup.c:3082 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "La suspensión no está disponible para el dispositivo %s.\n" +msgid "Suspend is not supported for device %s." +msgstr "La suspensión no está disponible para el dispositivo %s." -#: lib/setup.c:1565 +#: lib/setup.c:3084 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Error durante la suspensión del dispositivo %s.\n" +msgid "Error during suspending device %s." +msgstr "Error durante la suspensión del dispositivo %s." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "EL volumen %s no está suspendido.\n" +msgid "Volume %s is not suspended." +msgstr "EL volumen %s no está suspendido." -#: lib/setup.c:1605 +#: lib/setup.c:3146 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "La reanudación no está disponible para el dispositivo %s.\n" +msgid "Resume is not supported for device %s." +msgstr "La reanudación no está disponible para el dispositivo %s." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Error durante la reanudación del dispositivo %s.\n" +msgid "Error during resuming device %s." +msgstr "Error durante la reanudación del dispositivo %s." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Introduzca la frase contraseña: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "La clave de volumen no corresponde a este volumen." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"No se puede añadir ranura de claves; todas las ranuras están desactivadas y " -"no se ha proporcionado una clave para el volumen.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "No se puede añadir ranura de claves; todas las ranuras están desactivadas y no se ha proporcionado una clave para el volumen." -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Introduzca una frase contraseña cualquiera: " +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "No se ha logrado intercambiar la nueva ranura de claves." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Introduzca una nueva frase contraseña para la ranura de claves: " +#: lib/setup.c:3669 +#, c-format +msgid "Key slot %d is invalid." +msgstr "La ranura de claves %d no es válida." + +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, c-format +msgid "Keyslot %d is not active." +msgstr "La ranura de claves %d no está activa." + +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "La cabecera del dispositivo se solapa con la zona de datos." + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Recifrado en curso. No se puede activar el dispositivo." + +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "No se ha podido conseguir el bloqueo de recifrado." + +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "La recuperación del recifrado LUKS2 ha fallado." + +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Este tipo de dispositivo no se ha inicializado adecuadamente." -#: lib/setup.c:1798 +#: lib/setup.c:4171 #, c-format -msgid "Key slot %d changed.\n" -msgstr "LA ranura de claves %d ha cambiado.\n" +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "No se puede utilizar el dispositivo %s; el nombre no es válido o todavía está en uso." -#: lib/setup.c:1801 +#: lib/setup.c:4174 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Reemplazado con ranura de claves %d.\n" +msgid "Device %s already exists." +msgstr "El dispositivo %s ya existe." -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "No se ha logrado intercambiar la nueva ranura de claves.\n" +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Clave de volumen incorrecta para dispositivo no cifrado." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "La clave de volumen no corresponde a este volumen.\n" +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "«Hash» raíz incorrecta para dispositivo «verity»." -#: lib/setup.c:1961 +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Se requiere la firma «hash» raíz." + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "El llavero de núcleo está ausente: se necesita para pasar la firma al núcleo." + +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "No se ha podido cargar la clave en el llavero del núcleo." + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "El dispositivo %s todavía se está utilizando." + +#: lib/setup.c:4516 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "La ranura de claves %d no es válida.\n" +msgid "Invalid device %s." +msgstr "Dispositivo inválido %s." + +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "El «buffer» de la clave del volumen es demasiado pequeño." + +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "No se puede recuperar la clave para el dispositivo no cifrado." + +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "No se puede recuperar el «hash» raíz para dispositivo «verity»." -#: lib/setup.c:1966 +#: lib/setup.c:4659 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "La ranura de claves %d no se está utilizando.\n" +msgid "This operation is not supported for %s crypt device." +msgstr "Esta operación no está disponible para el dispositivo cifrado %s." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "Operación de volcado no deisponible para este tipo de dispositivo." + +#: lib/setup.c:5190 #, c-format -msgid "Device %s already exists.\n" -msgstr "El dispositivo %s ya existe.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "El desplazamiento de datos no es múltiplo de %u bytes." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "Clave de volumen incorrecta para dispositivo no cifrado.\n" +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "No se puede convertir el dispositivo %s que todavía está en uso." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" -msgstr "«Hash» raíz incorrecta para dispositivo «verity».\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "No se ha logrado asignar la ranura de claves %u como nueva clave del volumen." -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Este tipo de dispositivo no se ha inicializado adecuadamente.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "No se han podido inicializar los parámetros predefinidos de la ranura de claves LUKS2." -#: lib/setup.c:2259 +#: lib/setup.c:5851 #, c-format -msgid "Device %s is still in use.\n" -msgstr "El dispositivo %s todavía se está utilizando.\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "No se ha logrado asignar la ranura de claves %d al resumen." + +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "El llavero de núcleo no está admitido en el núcleo." -#: lib/setup.c:2268 +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "Invalid device %s.\n" -msgstr "Dispositivo inválido %s.\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "No se ha podido leer la frase contraseña desde el llavero (error %d)" + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "No se ha podido adquirir el bloqueo de la serialización de acceso duro de memoria global." + +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "No se puede obtener la prioridad del proceso." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "No se puede desbloquear la memoria." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "No se ha podido abrir el fichero de claves." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Función no disponible en modo FIPS.\n" +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "No se puede leer el fichero de claves desde un terminal." -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "El «buffer» de la clave del volumen es demasiado pequeño.\n" +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "No se ha podido efectuar «stat» sobre el fichero de claves." -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "No se puede recuperar la clave para el dispositivo no cifrado.\n" +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "No es posible situarse en la posición solicitada del fichero de claves." -#: lib/setup.c:2310 +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Memoria agotada mientras se estaba leyendo la frase contraseña." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Error al leer la frase contraseña." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "No hay nada para leer en la entrada." + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Se ha excedido el tamaño máximo de fichero de claves." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "No se puede leer la cantidad de datos solicitada." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 #, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Esta operación no está disponible para el dispositivo cifrado %s.\n" +msgid "Device %s does not exist or access denied." +msgstr "El dispositivo %s no existe o el acceso al mismo ha sido denegado." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "Operación de volcado no deisponible para este tipo de dispositivo.\n" +#: lib/utils_device.c:197 +#, c-format +msgid "Device %s is not compatible." +msgstr "El dispositivo %s no es compatible." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "No se puede obtener la prioridad del proceso.\n" +#: lib/utils_device.c:642 +#, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "El dispositivo %s es demasiado pequeño. Se necesitan % bytes como mínimo." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "No se puede desbloquear la memoria.\n" +#: lib/utils_device.c:723 +#, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "No se puede usar el dispositivo %s porque ya está en uso (asignado o montado)." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Memoria agotada mientras se estaba leyendo la frase contraseña.\n" +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "No se puede utilizar el dispositivo %s; permiso denegado." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Error al leer la frase contraseña desde el terminal.\n" +#: lib/utils_device.c:730 +#, c-format +msgid "Cannot get info about device %s." +msgstr "No se puede obtener información del dispositivo %s." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Verifique la frase contraseña: " +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "No se puede utilizar un dispositivo de bucle invertido como usuario no administrador." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "La frase contraseña no coincide.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "No se ha logrado asociar el dispositivo de bucle invertido (hace falta un dispositivo de bucle con marcador de auto-limpieza)." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "No se puede usar «offset» con entrada desde terminal.\n" +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "El «offset» solicitado está más allá del tamaño real del dispositivo %s." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "No se ha podido abrir el fichero de claves.\n" +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "El dispositivo %s tiene tamaño cero." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "No se ha podido efectuar «stat» sobre el fichero de claves.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "El tiempo objetivo máximo de PBKDF no puede ser cero." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "" -"No es posible situarse en la posición solicitada del fichero de claves.\n" +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "Tipo de PBKDF %s desconocido." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Error al leer la frase contraseña.\n" +#: lib/utils_pbkdf.c:111 +#, c-format +msgid "Requested hash %s is not supported." +msgstr "La «hash» solicitada %s no está disponible." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Se ha excedido el tamaño máximo de fichero de claves.\n" +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "El tipo de PBKDF solicitado no está disponible para LUKS1." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "No se puede leer la cantidad de datos solicitada.\n" +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "No se pueden establecer la memoria máxima de PBKDF ni los hilos paralelos con pbkdf2." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "El dispositivo %s no existe o el acceso al mismo ha sido denegado.\n" +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "El número de iteraciones forzadas es demasiado pequeño para %s (el mínimo es %u)." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "" -"No se puede utilizar un dispositivo de bucle invertido como usuario no " -"administrador.\n" +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "El coste de la memoria forzada es demasiado bajo para %s (el mínimo es %u kilobytes)." + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "El coste de la memoria máxima solicitada de PBKDF es demasiado alto (el máximo es %d kilobytes)." -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "No se ha encontrado ningún dispositivo de bucle invertido libre.\n" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "La memoria máxima solicitada de PBKDF no puede ser cero." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" -"No se ha logrado asociar el dispositivo de bucle invertido (hace falta un " -"dispositivo de bucle con marcador de auto-limpieza).\n" +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Los hilos paralelos solicitados de PBKDF no pueden ser cero." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "Solo se admite PBKDF2 en el modo FIPS." -#: lib/utils_device.c:484 +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "Banco de pruebas PBKDF desactivado pero las iteraciones no están establecidas." + +#: lib/utils_benchmark.c:191 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" -msgstr "" -"No se puede usar el dispositivo %s porque ya está en uso (asignado o " -"montado).\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Opciones PBKDF2 no compatibles (usando el algoritmo «hash» %s)." -#: lib/utils_device.c:488 +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Opciones PBKDF no compatibles." + +#: lib/utils_device_locking.c:102 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "No se puede obtener información del dispositivo %s.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Bloqueo abortado. La ruta del bloqueo %s/%s no puede utilizarse (o no es un directorio o no existe)." -#: lib/utils_device.c:494 +#: lib/utils_device_locking.c:109 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "" -"El «offset» solicitado está más allá del tamaño real del dispositivo %s.\n" +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "ATENCIÓN: ¡Falta el directorio de bloqueo %s/%s!\n" -#: lib/utils_device.c:502 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Device %s has zero size.\n" -msgstr "El dispositivo %s tiene tamaño cero.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Bloqueo abortado. La ruta del bloqueo %s/%s no puede utilizarse (%s no es un directorio)." -#: lib/utils_device.c:513 +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "No es posible situarse en la posición del dispositivo." + +#: lib/utils_wipe.c:208 #, c-format -msgid "Device %s is too small.\n" -msgstr "El dispositivo %s es demasiado pequeño.\n" +msgid "Device wipe error, offset %." +msgstr "Error al limpiar el dispositivo, desplazamiento %." -#: lib/luks1/keyencryption.c:37 +#: lib/luks1/keyencryption.c:39 #, c-format msgid "" "Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" "No se ha podido establecer asignación de clave dm-crypt al dispositivo %s.\n" -"Compruebe que el núcleo admite el algoritmo de cifrado %s (consulte syslog " -"para más información).\n" - -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "El tamaño de clave en modo XTS debe ser 256 o 512 bits.\n" - -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 -#, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "No se puede escribir en el dispositivo %s; permiso denegado.\n" +"Compruebe que el núcleo admite el algoritmo de cifrado %s (consulte syslog para más información)." -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "" -"No se ha podido abrir el dispositivo de almacenamiento de claves temporal.\n" +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "El tamaño de clave en modo XTS debe ser 256 o 512 bits." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "" -"No se ha podido acceder al dispositivo de almacenamiento de claves " -"temporal.\n" +# TODO +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "La especificación de cifrado debería estar en formato [cipher]-[mode]-[iv]." -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "Error de entrada/salida mientras se cifraba una ranura de claves.\n" +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "No se puede escribir en el dispositivo %s; permiso denegado." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "No se ha podido abrir el dispositivo de almacenamiento de claves temporal." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "No se ha podido acceder al dispositivo de almacenamiento de claves temporal." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Error de entrada/salida mientras se cifraba una ranura de claves." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "No se puede abrir el dispositivo %s." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "Error de entrada/salida mientras se descifraba una ranura de claves.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Error de entrada/salida mientras se descifraba una ranura de claves." -#: lib/luks1/keymanage.c:90 +#: lib/luks1/keymanage.c:110 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "" -"El dispositivo %s es demasiado pequeño. (LUKS necesita % btyes como " -"mínimo.)\n" +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "El dispositivo %s es demasiado pequeño. (LUKS1 necesita % btyes como mínimo.)" -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "La ranura de claves LUKS %u no es válida." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "El dispositivo %s no es un dispositivo LUKS válido.\n" +msgid "Device %s is not a valid LUKS device." +msgstr "El dispositivo %s no es un dispositivo LUKS válido." -#: lib/luks1/keymanage.c:198 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "" -"El fichero de copia de seguridad de cabecera solicitado %s ya existe.\n" +msgid "Requested header backup file %s already exists." +msgstr "El fichero de copia de seguridad de cabecera solicitado %s ya existe." -#: lib/luks1/keymanage.c:200 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "No se puede crear el fichero de copia de seguridad %s.\n" +msgid "Cannot create header backup file %s." +msgstr "No se puede crear el fichero de copia de seguridad %s." -#: lib/luks1/keymanage.c:205 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "No se puede escribir en el fichero de copia de seguridad %s.\n" +msgid "Cannot write header backup file %s." +msgstr "No se puede escribir en el fichero de copia de seguridad %s." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "" -"El fichero de copia de seguridad no contiene una cabecera LUKS válida.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "El fichero de copia de seguridad no contiene una cabecera LUKS válida." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "No se puede abrir el fichero de copia de seguridad de cabecerda %s.\n" +msgid "Cannot open header backup file %s." +msgstr "No se puede abrir el fichero de copia de seguridad de cabecerda %s." -#: lib/luks1/keymanage.c:258 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "No se puede leer el fichero de copia de seguridad de cabecerda %s.\n" +msgid "Cannot read header backup file %s." +msgstr "No se puede leer el fichero de copia de seguridad de cabecerda %s." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"La posición de los datos o el tamaño de la clave no coinciden en el " -"dispositivo y en la copia de seguridad.\n" +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "La posición de los datos o el tamaño de la clave no coinciden en el dispositivo y en la copia de seguridad." -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Dispositivo %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"no contiene cabecera LUKS. Reemplazar la cabecera puede destruir los datos " -"en ese dispositivo." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "no contiene cabecera LUKS. Reemplazar la cabecera puede destruir los datos en ese dispositivo." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"ya contiene cabecera LUKS. Reemplazar la cabecera destruirá las ranuras de " -"claves existentes." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "ya contiene cabecera LUKS. Reemplazar la cabecera destruirá las ranuras de claves existentes." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" msgstr "" "\n" -"ATENCIÓN: ¡la cabecera del dispositivo real tiene un UUID distinto que el de " -"la copia de seguridad!" - -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "No se puede abrir el dispositivo %s.\n" - -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "" -"El tamaño de la clave no es estándar; se requiere una reparación manual.\n" +"ATENCIÓN: ¡la cabecera del dispositivo real tiene un UUID distinto que el de la copia de seguridad!" -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" -"El alineamiento de las ranuras de claves no es estándar; se requiere una " -"reparación manual.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "El tamaño de la clave no es estándar; se requiere una reparación manual." -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Reparando ranuras de claves.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "El alineamiento de las ranuras de claves no es estándar; se requiere una reparación manual." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "La reparación ha fallado." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Reparando ranuras de claves." -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Ranura de claves %i: posición reparada (%u -> %u).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Ranura de claves %i: posición reparada (%u -> %u)." -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Ranura de claves %i: bandas reparadas (%u -> %u).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Ranura de claves %i: bandas reparadas (%u -> %u)." -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Ranura de claves %i: la firma de la partición es falsa.\n" +msgid "Keyslot %i: bogus partition signature." +msgstr "Ranura de claves %i: la firma de la partición es falsa." -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:431 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Ranura de claves %i: «salt wiped».\n" +msgid "Keyslot %i: salt wiped." +msgstr "Ranura de claves %i: «salt wiped»." -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "Escribiendo cabecera LUKS en el disco.\n" - -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Versión LUKS no disponible %d.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Escribiendo cabecera LUKS en el disco." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "La «hash» LUKS solicitada %s no está disponible.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "La reparación ha fallado." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "La ranura de claves LUKS %u no es válida.\n" - -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "No se ha detectado ningún problema en la cabecera LUKS.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "La «hash» LUKS solicitada %s no está disponible." -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" -msgstr "Error al actualizar la cabecera LUKS en el dispositivo %s.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "No se ha detectado ningún problema en la cabecera LUKS." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Error al leer la cabecera LUKS después de actualizarla en el dispositivo " -"%s.\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Error al actualizar la cabecera LUKS en el dispositivo %s." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keymanage.c:668 #, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"La posición de los datos de una cabecera LUKS separada debe ser 0 o superior " -"al tamaño de la cabecera (%d sectores).\n" +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Error al leer la cabecera LUKS después de actualizarla en el dispositivo %s." -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "El formato de UUID LUKS proporcionado es incorrecto.\n" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "La posición de los datos de una cabecera LUKS debe ser 0 o superior al tamaño de la cabecera." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "" -"No se puede crear la cabecera LUKS: fallo en la lectura «random salt».\n" +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "El formato de UUID LUKS proporcionado es incorrecto." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Opciones PBKDF2 no compatibles (usando el algoritmo «hash» %s).\n" +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "No se puede crear la cabecera LUKS: fallo en la lectura «random salt»." -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"No se puede crear la cabecera LUKS: fallo en la cabecera (usando «hash» " -"%s).\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "No se puede crear la cabecera LUKS: fallo en la cabecera (usando «hash» %s)." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "La ranura de claves %d está activa; primero hay que purgar.\n" +msgid "Key slot %d active, purge first." +msgstr "La ranura de claves %d está activa; primero hay que purgar." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"El material de la ranura de claves %d no tiene suficientes bandas. Quizá se " -"haya manipulado la cabecera.\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "El material de la ranura de claves %d no tiene suficientes bandas. Quizá se haya manipulado la cabecera." -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:990 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Ranura de claves %d desbloqueada.\n" +msgid "Cannot open keyslot (using hash %s)." +msgstr "No se puede abrir la ranura de claves (usando «hash» %s)." -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "No hay ninguna clave disponible con esa frase contraseña.\n" - -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "" -"La ranura %d no es válida; seleccione una ranura de claves entre 0 y %d.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "La ranura %d no es válida; seleccione una ranura de claves entre 0 y %d." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "No se puede limpiar el dispositivo %s.\n" +msgid "Cannot wipe device %s." +msgstr "No se puede limpiar el dispositivo %s." #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "" -"Se ha detectado un fichero de claves cifrado con GPG que el programa no " -"puede procesar en la actualidad.\n" +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Se ha detectado un fichero de claves cifrado con GPG que el programa aún no no puede procesar." #: lib/loopaes/loopaes.c:147 msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" -msgstr "" -"Utilice 'gpg --decrypt | cryptsetup --keyfile=- ...'\n" +msgstr "Utilice 'gpg --decrypt | cryptsetup --keyfile=- ...'\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Se ha detectado un fichero de claves incompatible con «loop-AES».\n" +msgid "Incompatible loop-AES keyfile detected." +msgstr "Se ha detectado un fichero de claves incompatible con «loop-AES»." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "El núcleo no admite asignación compatible con «loop-AES».\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "El núcleo no admite asignación compatible con «loop-AES»." -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Error leyendo el fichero de claves %s.\n" +msgid "Error reading keyfile %s." +msgstr "Error leyendo el fichero de claves %s." -#: lib/tcrypt/tcrypt.c:513 +#: lib/tcrypt/tcrypt.c:554 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "" -"Se ha excedido la longitud máxima (%d) de la frase contraseña TCRYPT.\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Se ha excedido la longitud máxima (%zu) de la frase contraseña TCRYPT." -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "" -"El algoritmo «hash» %s no está disponible, por lo que se ha ignorado.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "El algoritmo «hash» %s no está disponible, por lo que se ha ignorado." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "La interfaz de cifrado del núcleo requerida no está disponible.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "La interfaz de cifrado del núcleo requerida no está disponible." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "Asegúrese de que el módulo del núcleo algof_skcipher está cargado.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Asegúrese de que el módulo del núcleo algof_skcipher está cargado." -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "No es posible la activación para el tamaño de sector %d.\n" +msgid "Activation is not supported for %d sector size." +msgstr "No es posible la activación para el tamaño de sector %d." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "El núcleo no dispone de activación para este modo antiguo TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "El núcleo no dispone de activación para este modo antiguo TCRYPT." -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "Activando el sistema de cifrado TCRYPT para la partición %s.\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Activando el sistema de cifrado TCRYPT para la partición %s." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "El núcleo no admite asignación compatible con TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "El núcleo no admite asignación compatible con TCRYPT." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Esta función no está disponible sin carga de cabecera TCRYPT." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "El tipo de entrada de metadatos '%u' no esperado se ha encontrado mientras se analizaba la clave maestra del volumen soportado." + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Se ha encontrado una cadena no válida mientras se analizaba la clave maestra del volumen." + +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "El dispositivo «verity» %s no utiliza cabecera en disco.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Se ha encontrado una cadena no esperada ('%s') mientras se analizaba la clave maestra del volumen soportado." -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:399 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "El dispositivo %s no es un dispositivo VERITY válido.\n" +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "El valor de entrada de metadatos '%u' no esperado se ha encontrado mientras se analizaba la clave maestra del volumen soportado." -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:479 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "Versión VERITY %d no disponible.\n" +msgid "Failed to read BITLK signature from %s." +msgstr "No se ha podido leer la firma BITLK de %s." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "BITLK versión 1 no está admitido actualmente." -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "Cabecera VERITY corrupta.\n" +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Firma de arranque no válida o desconocida para el dispositivo BITLK" -#: lib/verity/verity.c:166 +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Firma no válida o desconocida para el dispositivo BITLK" + +#: lib/bitlk/bitlk.c:510 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "" -"El formato UUID VERITY proporcionado en el dispositivo %s es incorrecto.\n" +msgid "Unsupported sector size %." +msgstr "Tamaño de sector no admitido %." -#: lib/verity/verity.c:196 +#: lib/bitlk/bitlk.c:518 #, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "Error al actualizar la cabecera «verity» en el dispositivo %s.\n" +msgid "Failed to read BITLK header from %s." +msgstr "No se ha podido leer la cabecera BITLK de %s." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "El núcleo no dispone de asignación «dm-verity».\n" +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "No se han podido leer los metadatos BITLK FVE de %s." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "" -"El dispositivo «verity» ha detectado algo corrupto después de la " -"activación.\n" +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Tipo de cifrado desconocido o no admitido." -#: lib/verity/verity_hash.c:59 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "El área de reserva no tiene ceros en la posición %.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "No se han podido leer las entradas de los metadatos BITLK de %s." -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Desbordamiento de la posición del dispositivo.\n" +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Esta operación no está disponible." -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" -msgstr "La verificación ha fallado en la posición %.\n" +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Tamaño de clave incorrecto." -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Parámetros de tamaño inválido para un dispositivo «verity».\n" +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Este dispositivo BITLK se encuentra en un estado en el que no puede activarse." -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Demasiados niveles de arborescencia en el volumen «verity».\n" +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "Los dispositivos BITLK con tipo '%s' no puede activarse." -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "Fallo en la verificación del área de datos.\n" +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "La activación de un dispositivo BITLK parcialmente descifrado no puede hacerse." -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "Fallo en la verificación de la «hash» raíz.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "No se puede activar el dispositivo; el dm-crypt del núcleo no sirve para BITLK IV." -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "Error de entrada/salida al crear el área «hash».\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "No se puede activar el dispositivo; el dm-crypt del núcleo no sirve para difusor BITLK «Elephant»." -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "La creación del área «hash» ha fallado.\n" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "El dispositivo «verity» %s no utiliza cabecera en disco." -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity.c:90 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" -"ATENCIÓN: el núcleo no puede activar un dispositivo si el tamaño del bloque " -"de datos excede el tamaño de página (%u).\n" +msgid "Device %s is not a valid VERITY device." +msgstr "El dispositivo %s no es un dispositivo VERITY válido." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "" -"No se puede hacer verificación de frase contraseña en entradas no tty.\n" +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "Versión VERITY %d no disponible." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "" -"No se ha detectado ningún patrón conocido de especificación de cifrado.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "Cabecera VERITY corrupta." -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" -msgstr "" -"ATENCIÓN: No se va a hacer caso del parámetro --hash en modo no cifrado con " -"el fichero de claves especificado.\n" +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "El formato UUID VERITY proporcionado en el dispositivo %s es incorrecto." -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" -msgstr "" -"ATENCIÓN: No se va a hacer caso de la opción --keyfile-size; el tamaño de " -"lectura es igual al tamaño de la clave de cifrado.\n" +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Error al actualizar la cabecera «verity» en el dispositivo %s." -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Es necesaria la opción --key-file.\n" +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "La verificación de firma «hash» raíz solicitada no está disponible." -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "" -"No se ha detectado ninguna cabecera de dispositivo con esa frase " -"contraseña.\n" +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Los errores no pueden repararse con dispositivo FEC." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." -msgstr "" -"El volcado de la cabecera con la clave del volumen es información\n" -"sensible que permite el acceso a una partición cifrada sin frase " -"contraseña.\n" -"Este volcado debería almacenarse siempre cifrado en un lugar seguro." +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "Se han encontrado %u errores reparables con dispositivo FEC." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "El resultado de la comparativa no es fiable.\n" +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "El núcleo no dispone de asignación «dm-verity»." -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "" -"# Las pruebas son solo aproximadas usando memoria (no hay entrada/salida de " -"almacenadmiento).\n" +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "El núcleo no dispone de opción de firma «dm-verity»." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algoritmo | Clave | Cifrado | Descifrado\n" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "El dispositivo «verity» ha detectado algo corrupto después de la activación." -#: src/cryptsetup.c:587 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "El algoritmo de cifrado %s no está disponible.\n" +msgid "Spare area is not zeroed at position %." +msgstr "El área de reserva no tiene ceros en la posición %." -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "/N/A" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Desbordamiento de la posición del dispositivo." -#: src/cryptsetup.c:639 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "No se puede leer el fichero de claves %s.\n" +msgid "Verification failed at position %." +msgstr "La verificación ha fallado en la posición %." -#: src/cryptsetup.c:643 +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Parámetros de tamaño inválido para un dispositivo «verity»." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Desbordamiento del área «hash»." + +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "Fallo en la verificación del área de datos." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "Fallo en la verificación de la «hash» raíz." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Error de entrada/salida al crear el área «hash»." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "La creación del área «hash» ha fallado." + +#: lib/verity/verity_hash.c:433 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "No se pueden leer %d «bytes» en el fichero de claves %s.\n" +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "ATENCIÓN: el núcleo no puede activar un dispositivo si el tamaño del bloque de datos excede el tamaño de página (%u)." -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "" -"¿Está seguro de que quiere intentar reparar la cabecera del dispositivo LUKS?" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "No se ha podido asignar contexto RS." -#: src/cryptsetup.c:697 +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "No se ha podido asignar «buffer»." + +#: lib/verity/verity_fec.c:156 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Esto sobreescribirá los datos en %s de forma irrevocable." +msgid "Failed to read RS block % byte %d." +msgstr "No se ha podido leer el bloque RS % byte %d." + +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "No se ha podido leer la paridad para el bloque RS %." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "error de reserva de memoria en action_luksFormat" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." +msgstr "No se ha podido reparar la paridad para el bloque %." -#: src/cryptsetup.c:717 +#: lib/verity/verity_fec.c:188 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "No se puede utilizar %s como cabecera en disco.\n" +msgid "Failed to write parity for RS block %." +msgstr "No se ha podido escribir la paridad para el bloque RS %." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" -"La posición de datos reducida está permitida solamente para cabecera LUKS " -"separada.\n" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Los tamaños de bloque deben coincidir para FEC." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Número no válido de bytes de paridad." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity_fec.c:265 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "La ranura de claves %d se va a borrar.\n" +msgid "Failed to determine size for device %s." +msgstr "No se ha podido determinar el tamaño para el dispositivo %s." -#: src/cryptsetup.c:884 +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "El núcleo no dispone de asociación «dm-integrity»." + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "El núcleo no dispone de alineamiento de metadatos fijo «dm-integrity»." + +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "La clave %d no está activa. No se puede limpiar.\n" +msgid "Failed to acquire write lock on device %s." +msgstr "No se ha podido adquirir el bloqueo de escritura del dispositivo %s." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Se ha detectado un intento de actualizar los metadatos LUKS2 concurrentemente. Se aborta la operación." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." msgstr "" -"Esta es la última ranura de claves. El dispositivo quedará inutilizado " -"después de purgar esta clave." - -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Introduzca cualquier frase contraseña que quede: " +"El dispositivo contiene firmas ambiguas; no se puede autorecuperar LUKS2.\n" +"Por favor, ejecute \"cryptsetup repair\" para recuperación." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Introduzca la frase contraseña que hay que borrar: " +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "El desplazamiento de datos solicitado es demasiado pequeño." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Introduzca cualquier frase contraseña que exista: " +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "ATENCIÓN: la zona de ranuras de claves (% bytes) es muy pequeña; el número de ranuras de claves LUKS2 disponibles es muy limitado.\n" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Introduzca la frase contraseña que hay que cambiar: " +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "No se ha podido adquirir el bloqueo de lectura para el dispositivo %s." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Introduzca una nueva frase contraseña: " +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Se han detectado requisitos prohibidos para LUKS2 en la copia de seguridad %s." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "La operación isLuks solo admite un argumento de dispositivo.\n" +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "La posición de los datos no coinciden en el dispositivo y en la copia de seguridad; ha fallado la restauración." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Es necesaria la opción --header-backup-file.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "La cabecera binaria con el tamaño de las áreas de ranuras de claves no coinciden en el dispositivo y en la copia de seguridad; la restauración ha fallado." -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:1221 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Tipo de dispositivo de metadatos %s no reconocido.\n" +msgid "Device %s %s%s%s%s" +msgstr "Dispositivo %s %s%s%s%s" -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "no contiene cabecera LUKS2. Reemplazar la cabecera puede destruir los datos en ese dispositivo." + +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "ya contiene cabecera LUKS2. Reemplazar la cabecera destruirá las ranuras de claves existentes." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"Esta orden necesita como argumentos el dispositivo y el nombre asociado.\n" +"\n" +"AVISO: ¡Se han detectado requisitos LUKS2 desconocidos en cabecera de\n" +"dispositivo real! Reemplazar la cabecera con la copia de seguridad puede\n" +"corromper los datos en ese dispositivo!" -#: src/cryptsetup.c:1326 -#, c-format +#: lib/luks2/luks2_json_metadata.c:1227 msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." msgstr "" -"Esta operación borrará todas las ranuras de claves en el dispositivo %s.\n" -"El dispositivo quedará inutilizable después de esta operación." +"\n" +"AVISO: ¡Se ha detectado recifrado «offline» no terminado en el dispositivo!\n" +"¡Reemplazar la cabecera con la copia de seguridad puede corromper los datos!" -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type []" +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Se hará caso omiso del indicador desconocido %s." -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "abrir el dispositivo como asociado a " +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Falta la clave para el segmento dm-crypt %u" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "No se ha podido establecer el segmento de dm-crypt." + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "No se ha podido establecer el segmento de dm-linear." + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Configuración de integridad de dispositivo no admitida." + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Recifrado en curso. No se puede desactivar el dispositivo." + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "No se ha podido reemplazar el dispositivo suspendido %s con el objetivo dm-error." + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "No se ha podido leer los requisitos LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Se han detectado requisitos LUKS2 no satisfechos." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Operación incompatible con dispositivo marcado para recifrado obsoleto. Se aborta." + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Operación incompatible con dispositivo marcado para recifrado LUKS2. Se aborta." + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "No hay memoria disponible suficiente para abrir una ranura de claves." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Fallo al abrir la ranura de claves." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "No se puede utilizar el algoritmo de cifrado %s-%s para el cifrado de ranuras de clave." + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "No hay espacio para la nueva ranura de claves." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "No se puede comprobar el estado del dispositivo con uuid: %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Imposible convertir cabecera con metadatos adicionales LUKSMETA." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Imposible mover el área de la ranura de claves. No hay suficiente espacio." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Imposible mover el área de la ranura de claves. Área de ranuras de clave LUKS2 demasiado pequeña." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Imposible mover el área de la ranura de claves." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "No se puede convertir a formato LUKS1 - el tamaño predefinido de sector de cifrado del segmento no es 512 bytes." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "No se puede convertir a formato LUKS1 - los resúmenes de rarunas de claves no son compatibles con LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "No se puede convertir a formato LUKS1 - el dispositivo utiliza el cifrado de clave encapsulado %s." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "No se puede convertir a formato LUKS1 - la cabecera LUKS2 contiene %u «token(s)»." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "No se puede convertir a formato LUKS1 - la ranura de claves %u está en un estado no válido." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "No se puede convertir a formato LUKS1 - la ranura %u (sobre las ranuras máximas) todavía está activa." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "No se puede convertir a formato LUKS1 - la ranura de claves %u no es compatible con LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "El tamaño de la zona activa debe ser múltiplo del alineamiento de zona calculado (%zu bytes)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "El tamaño del dispositivo debe ser múltiplo del alineamiento de zona calculado (%zu bytes)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Modo de resiliencia %s no admitido." + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "No se ha podido inicializar la envoltura antigua de almacenamiento del segmento." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "No se ha podido inicializar la envoltura nueva de almacenamiento del segmento." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "No se han podido leer las sumas de comprobación para la zona activa actual." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "No se ha podido leer la zona activa que comienza en %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "No se ha podido descifrar el sector %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "No se ha podido recuperar el sector %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Los tamaños de los dispositivos origen y destino no coinciden. Origen %, destino: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "No se ha podido activar el dispositivo con zona activa %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "No se ha podido activar el dispositivo de superposición %s con la tabla de orígenes actual." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "No se ha podido cargar el nuevo mapa para el dispositivo %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "No se ha podido refrescar la pila del dispositivo de recifrado." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "No se ha logrado establecer el tamaño de las nuevas ranuras de claves." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "El desplazamiento de datos no está alineado con el tamaño del sector de cifrado solicitado (% bytes)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "El dispositivo de datos no está alineado con el tamaño del sector de cifrado solicitado (% bytes)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "El desplazamiento de datos (% sectores) es menor que el desplazamiento de datos futuros (% sectores)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "No se ha podido abrir %s en modo exclusivo (ya está asignado o montado)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "El dispositivo no está marcado para recifrado LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "No se ha podido cargar el contexto del recifrado LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "No se ha podido obtener el estado del recifrado." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "El dispositivo no está en recifrado." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "El proceso de recifrado ya está en marcha." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "No se ha podido adquirir el bloqueo de recifrado." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "No se puede proceder con el recifrado. Ejecute primero la recuperación de recifrado." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "El tamaño del dispositivo activo y el tamaño de recifrado solicitado no coinciden." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "El tamaño de dispositivo solicitado en los parámetros de recifrado no es válido." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Recifrado en proceso. No se puede llevar a cabo una recuperación." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "Recifrado LUKS2 ya inicializado en los metadatos." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "No se ha podido inicializar el recifrado LUKS2 en los metadatos." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "No se han podido establecer los segmentos del dispositivo para la siguiente zona activa de recifrado." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "No se han podido escribir los metadatos de resiliencia de recifrado." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "El descifrado ha fallado." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "No se ha podido escribir la zona activa que comienza en %." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "No se han podido sincronizar los datos." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "No se han podido actualizar los metadatos tras completar la zona activa de recifrado actual." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "No se han podido escribir los metadatos de LUKS2." + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "No se han podido limpiar los datos de segmentos de respaldo." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "No se ha podido desactivar el indicador del requisito de descifrado." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Error fatal mientras se recifraba una porción que comienza en %, de % sectores de longitud." + +# No sé cómo traducir 'error target'. +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "No reanudar el dispositivo a menos que se reemplace con «error target» manualmente." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "No se puede proceder con el recifrado. Estado de recifrado inesperado." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Contexto de recifrado ausente o no válido." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "No se ha podido inicializar la pila del dispositivo de recifrado." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "No se ha podido actualizar el contexto de recifrado." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "No hay ninguna ranura de «token» libre." + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "No se ha podido crear el «token» interno %s." + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "No se puede hacer verificación de frase contraseña en entradas no tty." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Los parámetros de cifrado de ranura de claves solo pueden configurarse para dispositivos LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "No se ha detectado ningún patrón conocido de especificación de cifrado." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "ATENCIÓN: No se va a hacer caso del parámetro --hash en modo no cifrado con el fichero de claves especificado.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "ATENCIÓN: No se va a hacer caso de la opción --keyfile-size; el tamaño de lectura es igual al tamaño de la clave de cifrado.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Se ha(n) detectado firma(s) de dispositivo en %s. Si se prosigue, pueden dañarse los datos existentes." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Operación abortada.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "Es necesaria la opción --key-file." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Introduzca PIM de VeraCrypt: " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Valor de PIM no válido: error de análisis." + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Valor de PIM no válido: 0." + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Valor de PIM no válido: fuera de rango." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "No se ha detectado ninguna cabecera de dispositivo con esa frase contraseña." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "El dispositivo %s no es un dispositivo BITLK válido." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"El volcado de la cabecera con la clave del volumen es información\n" +"sensible que permite el acceso a una partición cifrada sin frase contraseña.\n" +"Este volcado debería almacenarse siempre cifrado en un lugar seguro." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "El dispositivo %s todavía está activo y programado para borrado diferido.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "El cambio de tamaño del dispositivo activo requiere clave de volumen en el llavero pero la opción --disable-keyring está puesta." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Comparativa interrumpida." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s N/A\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u iteraciones por segundo para clave de %zu bits\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s N/A\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u iteraciones, %5u memora, %1u hilos paralelos (CPUs) para clave de %zu bits (tiempo solicitado %u ms)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "El resultado de la comparativa no es fiable." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Las pruebas son solo aproximadas usando memoria (no hay entrada/salida de almacenadmiento).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algoritmo | Clave | Cifrado | Descifrado\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "El algoritmo de cifrado %s (con clave de %i bits) no está disponible." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritmo | Clave | Cifrado | Descifrado\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "/N/A" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Parece que el dispositivo no necesita recuperación del recifrado.\n" +"¿Desea continuar de todos modos?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "¿Está seguro de proceder con la recuperación del recifrado LUKS2?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Introduzca la frase contraseña para la recuperación del recifrado: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "¿Está seguro de que quiere intentar reparar la cabecera del dispositivo LUKS?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Limpieza de dispositivo para inicializar la suma de comprobación de integridad.\n" +"Puede interrumpirse pulsando CTRL+c (el resto de dispositivo no limpiado contendrá sumas de comprobación no válidas.\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "No se puede desactivar el dispositivo temporal %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "La opción de integridad solo puede utilizarse para formato LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Opciones de tamaño de metadatos LUKS2 no admitidas." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "No se puede crear el fichero de cabecera %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "No se ha detectado ningún patrón conocido de especificación de integridad." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "No se puede utilizar %s como cabecera en disco." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Esto sobreescribirá los datos en %s de forma irrevocable." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "No se han podido establecer los parámetros pbkdf." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "La posición de datos reducida está permitida solamente para cabecera LUKS separada." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "No se puede determinar el tamaño de la clave del volumen para LUKS2 sin ranuras de claves; utilice la opción --key-size." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Dispositivo activado pero los indicadores no pueden hacerse persistentes." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "La ranura de claves %d se va a borrar." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Esta es la última ranura de claves. El dispositivo quedará inutilizado después de purgar esta clave." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Introduzca cualquier frase contraseña que quede: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Operación abortada; la ranura de claves NO estaba limpia.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Introduzca la frase contraseña que hay que borrar: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Introduzca una nueva frase contraseña para la ranura de claves: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Introduzca cualquier frase contraseña que exista: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Introduzca la frase contraseña que hay que cambiar: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Introduzca una nueva frase contraseña: " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Introduzca la frase contraseña para la ranura de claves que se va a convertir: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "La operación isLuks solo admite un argumento de dispositivo." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"El volcado de la cabecera con la clave del volumen es información\n" +"sensible que permite el acceso a una partición cifrada sin frase contraseña.\n" +"Este volcado debería almacenarse cifrado en un lugar seguro." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "La ranura de claves %d no contiene clave independiente." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"El volcado de la cabecera con clave independiente del volumen es información\n" +"sensible. Este volcado debería almacenarse cifrado en un lugar seguro." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "Es necesaria la opción --header-backup-file." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s no es un dispositivo gestionable por cryptsetup." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "El refresco no está disponible para el tipo de dispositivo %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Tipo de dispositivo de metadatos %s no reconocido." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "Esta orden necesita como argumentos el dispositivo y el nombre asociado." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Esta operación borrará todas las ranuras de claves en el dispositivo %s.\n" +"El dispositivo quedará inutilizable después de esta operación." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Operación abortada; las ranuras de claves NO estaban limpias.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Tipo LUKS no válido; solo se admiten luks1 y luks2." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "El dispositivo ya es de tipo %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Esta operación convertirá el formato %s a %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Operación abortada; el dispositivo NO estaba convertido.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "Falta la opción --priority, --label o --subsystem." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "El «token» %d no es válido." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "El «token» %d está en uso." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "No se ha podido añadir el «token» %d al llavero luks." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "No se ha logrado asignar el «token» %d a la ranura de claves %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "El «token» %d no está en uso." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "No se ha podido importar el «token» del fichero." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "No se ha logrado obtener el «token» %d para exportar." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "El parámetro --key-description es obligatorio para la acción de añadir «token»." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "La acción requiere un «token» específico. Utilice el parámetro --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "Operación de «token» no válida %s." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Se ha detectado automáticamente el dispositivo dm activo '%s' para el dispositivo de datos %s.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "El dispositivo %s no es un dispositivo de bloques.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "No se han podido detectar automáticamente los propietarios del dispositivo %s." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Imposible decidir si el dispositivo %s está activado o no.\n" +"¿Está seguro de que desea proceder con el recifrado en modo «offline»?\n" +"Puede provocarse corrupción de datos si el dispositivo está realmente\n" +"activado. Para realizar recifrado en modo «online», utilice en su lugar\n" +"el parámetro --active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Tipo de dispositivo LUKS no válido." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "El cifrado sin cabecera separada (--header) no es posible sin reducción del tamaño del dispositivo de datos (--reduce-device-size)." + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "El desplazamiento de datos solicitado debe ser menor o igual que la mitad del parámetro --reduce-device-size." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Ajustando el valor de --reduce-device-size al doble de --offset % (sectores).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "El cifrado solo puede hacerse con formato LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "Se ha detectado un dispositivo LUKS en %s. ¿Desea cifrar de nuevo ese dispositivo LUKS?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "El fichero de cabecera temporal %s ya existe. Se aborta." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "No se puede crear el fichero de cabecera temporal %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s ahora está activo y preparado para cifrado «online».\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "No hay suficientes ranuras de claves para el recifrado." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "El fichero de claves solo puede usarse con --key-slot o con una sola ranura de claves activa exactamente." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Introduzca la frase contraseña para la ranura de claves %d: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Introduzca la frase contraseña para la ranura de claves %u: " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "Esta orden necesita un dispositivo como argumento." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "Actualmente solo se admite el formato LUKS2. Utilice la herramienta cryptsetup-reencrypt para LUKS1." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Ya hay un recifrado «offline» heredado en proceso. Utilice la utilidad cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "El recifrado de dispositivo con perfil de integridad no está admitido." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "El recifrado LUKS2 ya está inicializado. Se aborta la operación." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "El dispositivo LUKS2 no está en recifrado." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "abrir el dispositivo como " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 msgid "" msgstr "" -#: src/cryptsetup.c:1361 +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 msgid "close device (remove mapping)" msgstr "cerrar dispositivo (eliminar asociación)" -#: src/cryptsetup.c:1362 +#: src/cryptsetup.c:3348 msgid "resize active device" msgstr "cambiar el tamaño del dispositivo activo" -#: src/cryptsetup.c:1363 +#: src/cryptsetup.c:3349 msgid "show device status" msgstr "mostrar el estado del dispositivo" -#: src/cryptsetup.c:1364 +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cypher ]" + +#: src/cryptsetup.c:3350 msgid "benchmark cipher" msgstr "algoritmo de cifrado para pruebas" -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 msgid "" msgstr "" -#: src/cryptsetup.c:1365 +#: src/cryptsetup.c:3351 msgid "try to repair on-disk metadata" msgstr "intentar reparar metadatos en disco" -#: src/cryptsetup.c:1366 +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "recifrar dispositivo LUKS2" + +#: src/cryptsetup.c:3353 msgid "erase all keyslots (remove encryption key)" msgstr "borrar todas las ranuras de claves (eliminar clave de cifrado)" -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "convertir formato LUKS de/en LUKS2" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "establecer opciones de configuración permanentes para LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 msgid " []" msgstr " []" -#: src/cryptsetup.c:1367 +#: src/cryptsetup.c:3356 msgid "formats a LUKS device" msgstr "da formato a un dispositivo LUKS" -#: src/cryptsetup.c:1368 +#: src/cryptsetup.c:3357 msgid "add key to LUKS device" msgstr "añadir clave a un dispositivo LUKS" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 msgid " []" msgstr " []" -#: src/cryptsetup.c:1369 +#: src/cryptsetup.c:3358 msgid "removes supplied key or key file from LUKS device" -msgstr "" -"elimina la clave suministrada o el fichero de claves del dispositivo LUKS" +msgstr "elimina la clave suministrada o el fichero de claves del dispositivo LUKS" -#: src/cryptsetup.c:1370 +#: src/cryptsetup.c:3359 msgid "changes supplied key or key file of LUKS device" -msgstr "" -"cambia la clave suministrada o el fichero de claves del dispositivo LUKS" +msgstr "cambia la clave suministrada o el fichero de claves del dispositivo LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "convierte una clave a los nuevos parámetros pbkdf" -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3361 msgid " " msgstr " " -#: src/cryptsetup.c:1371 +#: src/cryptsetup.c:3361 msgid "wipes key with number from LUKS device" msgstr "borra la clave con el número del dispositivo LUKS" -#: src/cryptsetup.c:1372 +#: src/cryptsetup.c:3362 msgid "print UUID of LUKS device" msgstr "imprimir el UUID del dispositivo LUKS" -#: src/cryptsetup.c:1373 +#: src/cryptsetup.c:3363 msgid "tests for LUKS partition header" msgstr "comprueba si tiene cabecera de partición LUKS" -#: src/cryptsetup.c:1374 +#: src/cryptsetup.c:3364 msgid "dump LUKS partition information" msgstr "volcar información sobre la partición LUKS" -#: src/cryptsetup.c:1375 +#: src/cryptsetup.c:3365 msgid "dump TCRYPT device information" msgstr "volcar información sobre el dispositivo TCRYPT" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"Suspender el dispositivo LUKS y limpiar la clave (todas las entradas/salidas " -"congeladas)." +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "volcar información sobre el dispositivo BITLK" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Suspender el dispositivo LUKS y limpiar la clave (todas las entradas/salidas congeladas)." -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" msgstr "Reanudar el dispositivo LUKS suspendido." -#: src/cryptsetup.c:1378 +#: src/cryptsetup.c:3369 msgid "Backup LUKS device header and keyslots" -msgstr "" -"Hacer copia de seguridad de la cabecera y de las ranuras de claves del " -"dispositivo LUKS" +msgstr "Hacer copia de seguridad de la cabecera y de las ranuras de claves del dispositivo LUKS" -#: src/cryptsetup.c:1379 +#: src/cryptsetup.c:3370 msgid "Restore LUKS device header and keyslots" msgstr "Restaurar la cabecera y las ranuras de claves del dispositivo LUKS" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Manipular «tokens» LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 msgid "" "\n" " is one of:\n" @@ -1215,20 +2395,19 @@ msgstr "" "\n" " es una de:\n" -#: src/cryptsetup.c:1402 +#: src/cryptsetup.c:3395 msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" msgstr "" "\n" -"También se pueden utilizar los alias del tipo de la antigua " -"sintaxis:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"También se pueden utilizar los alias del tipo de la antigua sintaxis:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:3399 #, c-format msgid "" "\n" @@ -1240,425 +2419,748 @@ msgstr "" "\n" " es el dispositivo que se va a crear en %s\n" " es el dispositivo cifrado\n" -" es el número de la ranura de claves que se va a " -"modificar\n" -" fichero de claves opcional para la nueva clave para la " -"acción 'luksAddKey'\n" +" es el número de la ranura de claves que se va a modificar\n" +" fichero de claves opcional para la nueva clave para la acción 'luksAddKey'\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"El formato de metadatos predefinido de fábrica es %s (para la acción luksFormat).\n" -#: src/cryptsetup.c:1413 +#: src/cryptsetup.c:3411 #, c-format msgid "" "\n" "Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" "\n" "Parámetros predefinidos de fábrica de clave y de frase contraseña:\n" -"\tTamaño máximo del fichero de claves: %dk8, Longitud máxima de frase " -"contraseña interactiva: %d (caracteres)\n" -"Tiempo PBKDF2 de iteración de LUKS predefinido: %d (ms)\n" +"\tTamaño máximo del fichero de claves: %dk8, Longitud máxima de frase contraseña interactiva: %d (caracteres)\n" +"PBKDF predefinido para LUKS1: %s, tiempo de iteración: %d (ms)\n" +"PBKDF predefinido para LUKS2: %s\n" +"\tTiempo de iteración: %d, Memoria requerida: %dkB, hilos en paralelo: %d\n" -#: src/cryptsetup.c:1420 +#: src/cryptsetup.c:3422 #, c-format msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" -"Parámetros predefinidos de fábrica del algoritmo de cifrado de " -"dispositivos:\n" +"Parámetros predefinidos de fábrica del algoritmo de cifrado de dispositivos:\n" "\tbucle-AES: %s, Clave %d bits\n" "\tsin cifrado: %s, Clave: %d bits, Contraseña «hashing»: %s\n" -"\tLUKS1: %s, Clave: %d bits, «hashing» de la cabecera LUKS: %s, Generador de " -"números aleatorios: %s\n" +"\tLUKS: %s, Clave: %d bits, «hashing» de la cabecera LUKS: %s, Generador de números aleatorios: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: El tamaño de clave predefinido con modo XTS (dos claves internas) va a ser duplicado.\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: necesita %s como argumentos" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 msgid "Show this help message" msgstr "Mostrar este mensaje de ayuda" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 msgid "Display brief usage" msgstr "Mostrar brevemente cómo se usa" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Opciones de ayuda:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 msgid "Print package version" msgstr "Imprimir versión del paquete" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Opciones de ayuda:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 msgid "Shows more detailed error messages" msgstr "Muestra mensajes de error más detallados" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 msgid "Show debug messages" msgstr "Mostrar mensajes de depuración" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Mostrar mensajes de depuración incluidos los metadatos JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 msgid "The cipher used to encrypt the disk (see /proc/crypto)" msgstr "Algoritmo de cifrado utilizado para cifrar el disco (ver /proc/crypto)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 msgid "The hash used to create the encryption key from the passphrase" -msgstr "" -"Algoritmo «hash» utilizado para crear la clave de cifrado a partir de la " -"frase contraseña" +msgstr "Algoritmo «hash» utilizado para crear la clave de cifrado a partir de la frase contraseña" -#: src/cryptsetup.c:1481 +#: src/cryptsetup.c:3492 msgid "Verifies the passphrase by asking for it twice" msgstr "Verifica la frase contraseña preguntándola dos veces" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" msgstr "Leer la clave de un fichero." -#: src/cryptsetup.c:1483 +#: src/cryptsetup.c:3494 msgid "Read the volume (master) key from file." msgstr "Leer la clave (maestra) del volumen desde fichero." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "" -"Volcar la clave (maestra) del volumen en lugar de la información de las " -"ranuras de claves." +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Volcar la clave (maestra) del volumen en lugar de la información de las ranuras de claves." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 msgid "The size of the encryption key" msgstr "Tamaño de la clave de cifrado" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 msgid "BITS" msgstr "BITS" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 msgid "Limits the read from keyfile" msgstr "Limita la lectura desde fichero de claves" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 msgid "bytes" msgstr "bytes" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 msgid "Number of bytes to skip in keyfile" msgstr "Número de bytes que hay que saltar en el fichero de claves" -#: src/cryptsetup.c:1488 +#: src/cryptsetup.c:3499 msgid "Limits the read from newly added keyfile" msgstr "Limita la lectura desde un fichero de claves recién añadido" -#: src/cryptsetup.c:1489 +#: src/cryptsetup.c:3500 msgid "Number of bytes to skip in newly added keyfile" -msgstr "" -"Número de bytes que hay que saltar en el fichero de claves recién añadido" +msgstr "Número de bytes que hay que saltar en el fichero de claves recién añadido" -#: src/cryptsetup.c:1490 +#: src/cryptsetup.c:3501 msgid "Slot number for new key (default is first free)" -msgstr "" -"Número de ranura para la nueva clave (el primero libre es lo predefinido)" +msgstr "Número de ranura para la nueva clave (el primero libre es lo predefinido)" -#: src/cryptsetup.c:1491 +#: src/cryptsetup.c:3502 msgid "The size of the device" msgstr "Tamaño del dispositivo" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 msgid "SECTORS" msgstr "SECTORES" -#: src/cryptsetup.c:1492 +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Utilizar solamente el tamaño especificado de dispositivo (ignorar el resto del dispositivo). ¡PELIGROSO!" + +#: src/cryptsetup.c:3504 msgid "The start offset in the backend device" msgstr "iPosición de comienzo en el dispositivo «backend»" -#: src/cryptsetup.c:1493 +#: src/cryptsetup.c:3505 msgid "How many sectors of the encrypted data to skip at the beginning" msgstr "Cuántos sectores de los datos cifrados hay que saltar al principio" -#: src/cryptsetup.c:1494 +#: src/cryptsetup.c:3506 msgid "Create a readonly mapping" msgstr "Crear una asignación alatoria" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "Tiempo de iteración PBKDF2 para LUKS (en ms)" - -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "ms" - -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 msgid "Do not ask for confirmation" msgstr "No pedir confirmación" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "" -"Tiempo de espera máximo para petición interactiva de frase contraseña (en " -"segundos)" +msgstr "Tiempo de espera máximo para petición interactiva de frase contraseña (en segundos)" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 msgid "secs" msgstr "s" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Actualización de la línea de progreso (en segundos)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 msgid "How often the input of the passphrase can be retried" -msgstr "" -"Con qué frecuencia se puede volver a intentar introducir la frase contraseña" +msgstr "Con qué frecuencia se puede volver a intentar introducir la frase contraseña" -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3511 msgid "Align payload at sector boundaries - for luksFormat" msgstr "Alinear los datos a bordes de sector - para luksFormat" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" msgstr "Fichero con copia de seguridad de cabecera LUKS y de ranuras de clave." -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" msgstr "Usar /dev/random para generar la clave del volumen." -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" msgstr "Usar /dev/urandom para generar la clave del volumen." -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" msgstr "Compartir dispositivo con otro segmento cifrado no solapado." -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID del dispositivo que se va a usar." +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID del dispositivo que se va a usar" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "" -"Permitir solicitudes de descarte (también llamadas TRIM) para el dispositivo." +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Permitir solicitudes de descarte (también llamadas TRIM) para el dispositivo" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Dispositivo o fichero con cabecera LUKS separada." +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Dispositivo o fichero con cabecera LUKS separada" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "No activar dispositivo; comprobar frase contraseña solamente." +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "No activar dispositivo; comprobar frase contraseña solamente" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Utilizar cabecera oculta (dispositivo TCRYPT oculto)." +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Utilizar cabecera oculta (dispositivo TCRYPT oculto)" -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "" -"El dispositivo es una unidad con sistema TCRYPT (con cargador de arranque)." +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "El dispositivo es una unidad con sistema TCRYPT (con cargador de arranque)" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Utilizar la cabecera TCRYPT de respaldo (secundaria)." +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Utilizar la cabecera TCRYPT de respaldo (secundaria)" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Explorar también si es un dispositivo compatible con VeraCrypt." +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Explorar también si es un dispositivo compatible con VeraCrypt" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "" -"Tipo de metadatos del dispositivo: «luks», no cifrado, «loopaes», «tcrypt»." +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Multiplicador de iteración personal para dispositivo compatible con VeraCrypt" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "" -"Desactivar la comprobación de la calidad de la contraseña (si estaba " -"activada)." +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Consulta el multiplicador de iteración personal para dispositivo compatible con VeraCrypt" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "" -"Utilizar la opción de compatibilidad de rendimiento same_cpu_crypt de dm-" -"crypt." +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Tipo de metadatos del dispositivo: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "" -"Utilizar la opción de compatibilidad de rendimiento submit_from_crypt_cpus " -"de dm-crypt." +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Desactivar la comprobación de la calidad de la contraseña (si estaba activada)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Utilizar la opción de compatibilidad de rendimiento same_cpu_crypt de dm-crypt" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Utilizar la opción de compatibilidad de rendimiento submit_from_crypt_cpus de dm-crypt" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "La eliminación del dispositivo está diferida hasta que el último usuario lo cierre" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Utilizar un bloqueo global para serializar PBKDF estricto en memoria (solución OOM)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Tiempo de iteración PBKDF para LUKS (en ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ms" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Algoritmo PBKDF (para LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Límite del coste de memoria PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilobytes" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Coste del paralelismo PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "hilos" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Coste de las iteraciones PBKDF (forzado, desactiva el banco de pruebas)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Prioridad de la ranura de claves: ignorada, normal, preferente" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Desactiva el bloqueo de metadatos en disco" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Desactiva la carga de las claves del volumen mediante el llavero del núcleo" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Algoritmo de integridad de datos (solo LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Desactiva el diario para dispositivo de integridad" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "No limpiar dispositivo después de dar formato" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Utilizar relleno obsoleto ineficiente (núcleos antiguos)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "No pedir frase de paso si falla la activación por «token»" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Número de «token» (predefinido: cualquiera)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Descripción de la clave" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Tamaño de sector de cifrado (predeterminado: 512 bytes)" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Utiliza IV contado en tamaño de sector (no en unidades de 512 bytes)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Establecer indicadores de activación persistentes para el dispositivo" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Poner etiqueta al dispositivo LUKS2" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Poner etiqueta de subsistema al dispositivo LUKS2" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Crear o volcar ranura de claves LUKS2 independiente (sin segmento de datos asignado)" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Leer o escribir el json de o en un fichero" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Tamaño de la zona de metadatos de la cabecera LUKS2" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Tamaño de la zona de ranuras de clave de la cabecera LUKS2" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Refrescar (reactivar) el dispositivo con los nuevos parámetros" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Ranura de clave de LUKS2: Tamaño de la clave de cifrado" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Ranura de clave de LUKS2: El algoritmo de cifrado utilizado para el cifrado de ranuras de clave" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Crifrar el dispositivo LUKS2 (cifrado in situ)." + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Descifrar el dispositivo LUKS2 (elimina cifrado)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Inicializar solamente recifrado LUKS2 de los metadatos." + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Reanudar solamente recifrado LUKS2 inicializado." + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Reducir el tamaño del dispositivo de datos (mover la posición de los datos). ¡PELIGROSO!" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Tamaño de zona activa de recifrado máximo." + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Tipo de resiliencia de zona activa de recifrado (checksum,journal,none)" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "«Hash» de suma de comprobación de zona activa de recifrado" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Anular la autodetección de dispositivos del dispositivo dm que se va a recifrar" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 msgid "[OPTION...] " msgstr "[OPCIÓN...] " -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Modo FIPS en funcionamiento.\n" - -#: src/cryptsetup.c:1581 src/veritysetup.c:439 +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 msgid "Argument missing." msgstr "El argumento no se ha proporcionado." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 msgid "Unknown action." msgstr "Acción desconocida." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "" -"La opción --shared solo se permite para abrir dispositivos no cifrados.\n" +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Las opciones --refresh y --test-passphrase son mutuamente excluyentes." -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "" -"La opción --allow-discards solo se permite para la operación de abrir.\n" +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "La opción --deferred solo se permite con la orden de cerrar." -#: src/cryptsetup.c:1657 -msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." -msgstr "" -"La opción --key-size solo se permite con luksFormat, open y benchmark.\n" -"Para limitar la lectura del fichero de claves, utilizar --keyfile-" -"size=(bytes)." +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "La opción --shared solo se permite para abrir dispositivos no cifrados." + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "La opción --allow-discards solo se permite para la operación de abrir." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "La opción --persistent solo se permite para la operación de abrir." -#: src/cryptsetup.c:1664 +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "La opción --serialize-memory-hard-pbkdf solo se permite para la operación de abrir." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "La opción --persistent no se permite con --test-passphrase." + +#: src/cryptsetup.c:3753 msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." msgstr "" -"La opción --test-passphrase solo se permite para abrir dispositivos LUKS y " -"TCRYPT.\n" +"La opción --key-size solo se permite con las acciones luksFormat, luksAddKey,\n" +"open y benchmark. Para limitar la lectura del fichero de claves, utilizar --keyfile-size=(bytes)." + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "La opción --integrity solo se permite con luksFormat (LUKS2)." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "La opción --integrity-no-wipe solo puede usarse para la acción de formato con extensión de integridad." -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Las opciones --label y --subsystem solo se permiten con las operaciones luksFormat y config LUKS2." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "La opción --test-passphrase solo se permite para abrir dispositivos LUKS, TCRYPT y BITLK." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 msgid "Key size must be a multiple of 8 bits" msgstr "El tamaño de clave debe ser un múltiplo de 8 bits" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 msgid "Key slot is invalid." msgstr "La ranura de claves no es válida." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"La opción --key-file tiene precedencia sobre el argumento de fichero de " -"claves especificado.\n" +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "La opción --key-file tiene precedencia sobre el argumento de fichero de claves especificado." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 msgid "Negative number for option not permitted." msgstr "No se permiten números negativos para esta opción." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Solo se permite un argumento --key-file." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 msgid "Only one of --use-[u]random options is allowed." msgstr "Solo se permite una de las opciones --use-[u]random." -#: src/cryptsetup.c:1699 +#: src/cryptsetup.c:3813 msgid "Option --use-[u]random is allowed only for luksFormat." msgstr "La opción --use-[u]random solo se permite con luksFormat." -#: src/cryptsetup.c:1703 +#: src/cryptsetup.c:3817 msgid "Option --uuid is allowed only for luksFormat and luksUUID." msgstr "La opción --uuid solo se permite con luksFormat luksUUID." -#: src/cryptsetup.c:1707 +#: src/cryptsetup.c:3821 msgid "Option --align-payload is allowed only for luksFormat." msgstr "La opción --align-payload solo se permite con luksFormat." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "" -"La opción --skip solo está disponible para abrir dispositivos no cifrados y " -"«loopaes».\n" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Las opciones --luks2-metadata-size y --opt-luks2-keyslots-size solo se permiten para luksFormat con LUKS2." -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "" -"La opción --offset solo está disponible para abrir dispositivos no cifrados " -"y «loopaes».\n" +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "La especificación del tamaño de los metadatos LUKS2 no es válida." -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" -msgstr "" -"La opción --tcrypt-hidden o --tcrypt-system o --tcrypt-backup solo está " -"disponible para dispositivos TCRYPT.\n" +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "La especificación del tamaño de las ranuras de claves LUKS2 no es válida." + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Las opciones --align-payload y --offset no pueden combinarse." + +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "La opción --skip solo está disponible para abrir dispositivos no cifrados y «loopaes»." + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "La opción --offset solo está disponible para abrir dispositivos no cifrados y «loopaes», «luksFormat» y recifrado de dispositivo." + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "La opción --tcrypt-hidden o --tcrypt-system o --tcrypt-backup solo está disponible para dispositivos TCRYPT." + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "La opción --tcrypt-hidden no puede combinarse con --allow-discards." + +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "La opción --veracrypt solo está disponible para dispositivos TCRYPT." + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Argumento no válido para el parámetro --veracrypt-pim supplied." + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "La opción --veracrypt-pim solo está disponible para dispositivos compatibles con VeraCrypt." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "La opción --veracrypt-query-pim solo está disponible para dispositivos compatibles con VeraCrypt." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Las opciones --veracrypt-pim y --veracrypt-query-pim son mutuamente excluyentes." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "La opción --priority solo puede ser ignore/normal/prefer." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Se requiere especificación de ranura de claves." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "La función de derivación de clave basada en contraseña (PBKDF) solo puede ser pbkdf2 o argon2i/argon2id." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Las iteraciones forzadas de PBKDF no pueden combinarse con la opción de tiempo de iteración." -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" -msgstr "La opción --tcrypt-hidden no puede combinarse con --allow-discards.\n" +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "La opción de tamaño de sector no está disponible para esta orden." -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "La opción --veracrypt solo está disponible para dispositivos TCRYPT.\n" +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "La opción de sectores IV grandes solo se admite para abrir dispositivo de tipo plano con tamaño de sector mayor de 512 bytes." -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "La cadena «salt» especificada no es válida.\n" +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "El tamaño de la clave es requerido con la opción --unbound." -#: src/veritysetup.c:88 +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "La opción --unbound solo puede utilizarse con las acciones luksAddKey y luksDump." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "La opción --refresh solo puede utilizarse con la acción de abrir." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "No se puede desactivar el bloqueo de metadatos." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "La especificación del tamaño máximo de zona activa del dispositivo no es válida." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "La especificación del tamaño del dispositivo no es válida." + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "El tamaño máximo de reducción del dispositivo es de 1 GiB." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "El tamaño de reducción debe ser múltiplo de sectores de 512 bytes." + +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "La especificación del tamaño de los datos no es válida." + +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Desbordamiento del tamaño de la reducción." + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "El descifrado LUKS2 requiere la opción --header." + +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "El tamaño del dispositivo debe ser múltiplo de sectores de 512 bytes." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Las opciones --reduce-device-size y --data-size no pueden combinarse." + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Las opciones --device-size y --size no pueden combinarse." + +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Las opciones --ignore-corruption y --restart-on-corruption no pueden utilizarse juntas." + +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "La cadena «salt» especificada no es válida." + +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "No se puede crear la imagen «hash» %s para escribir." + +#: src/veritysetup.c:107 #, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "No se puede crear la imagen «hash» %s para escribir.\n" +msgid "Cannot create FEC image %s for writing." +msgstr "No se puede crear la imagen FEC %s para escribir." -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "La cadena «hash» raíz especificada no es válida.\n" +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "La cadena «hash» raíz especificada no es válida." -#: src/veritysetup.c:308 +#: src/veritysetup.c:187 +#, c-format +msgid "Invalid signature file %s." +msgstr "Fichero de firmas inválido %s." + +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "No se puede leer el fichero de firmas %s." + +#: src/veritysetup.c:392 msgid " " msgstr " " -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 src/integritysetup.c:479 msgid "format device" msgstr "dar formato al dispositivo" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid " " msgstr " <«hash»_raíz>" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid "verify device" msgstr "verificar dispositivo" -#: src/veritysetup.c:310 -msgid " " -msgstr " <«hash»_raíz>" - -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "crear dispositivo activo" - -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "eliminar (desactivar) dispositivo" +#: src/veritysetup.c:394 +msgid " " +msgstr " <«hash»_raíz>" -#: src/veritysetup.c:312 +#: src/veritysetup.c:396 src/integritysetup.c:482 msgid "show active device status" msgstr "mostrar el estado del dispositivo activo" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 msgid "" msgstr "" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 src/integritysetup.c:483 msgid "show on-disk information" msgstr "mostrar información sobre el disco" -#: src/veritysetup.c:332 +#: src/veritysetup.c:416 #, c-format msgid "" "\n" @@ -1670,353 +3172,974 @@ msgstr "" "\n" " es el dispositivo que se va a crear bajo %s\n" " es el dispositivo de datos\n" -" es el dispositivo que contiene los datos de " -"verificación\n" +" es el dispositivo que contiene los datos de verificación\n" "<«hash»_raíz> «hash» del nodo raíz en «dispositivo—«hash»>\n" -#: src/veritysetup.c:339 +#: src/veritysetup.c:423 #, c-format msgid "" "\n" "Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" msgstr "" "\n" "Parámetros dm-verity predefinidos de fábrica:\n" -"\tAlgoritmo «hash»: %s, Bloque de datos (bytes): %u, Bloque «hash» (bytes): " -"%u, Tamaño de «salt»: %u, Formato «hash»: %u\n" +"\tAlgoritmo «hash»: %s, Bloque de datos (bytes): %u, Bloque «hash» (bytes): %u, Tamaño de «salt»: %u, Formato «hash»: %u\n" -#: src/veritysetup.c:377 +#: src/veritysetup.c:466 msgid "Do not use verity superblock" msgstr "No utilizar superbloque «verity»" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "Format type (1 - normal, 0 - original Chrome OS)" msgstr "Tipo de formato (1 - normal, 0 - Chrome OS original)" -#: src/veritysetup.c:378 +#: src/veritysetup.c:467 msgid "number" msgstr "número" -#: src/veritysetup.c:379 +#: src/veritysetup.c:468 msgid "Block size on the data device" msgstr "Tamaño de bloque en el dispositivo de datos" -#: src/veritysetup.c:380 +#: src/veritysetup.c:469 msgid "Block size on the hash device" msgstr "Tamaño de bloque en el dispositivo «hash»" -#: src/veritysetup.c:381 +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "Bytes de paridad FEC" + +#: src/veritysetup.c:471 msgid "The number of blocks in the data file" msgstr "Número de bloques en el fichero de datos" -#: src/veritysetup.c:381 +#: src/veritysetup.c:471 msgid "blocks" msgstr "bloques" -#: src/veritysetup.c:382 +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Ruta a dispositivo con datos de corrección de errores" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "ruta" + +#: src/veritysetup.c:473 msgid "Starting offset on the hash device" msgstr "Posición inicial en el dispositivo «hash»" -#: src/veritysetup.c:383 +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Posición inicial en el dispositivo FEC" + +#: src/veritysetup.c:475 msgid "Hash algorithm" msgstr "Algoritmo «hash»" -#: src/veritysetup.c:383 +#: src/veritysetup.c:475 msgid "string" msgstr "cadena" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "Salt" msgstr "«Salt»" -#: src/veritysetup.c:384 +#: src/veritysetup.c:476 msgid "hex string" msgstr "cadena hexadecimal" -#: src/cryptsetup_reencrypt.c:147 +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Ruta al fichero de firmas «hash» raíz" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Reiniciar el núcleo si se detecta corrupción" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ignorar corrupción, tomar nota únicamente" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "No verificar bloques con zeros" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Verificar el bloque de datos solo en la primera lectura" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Las opciones --ignore-corruption, --restart-on-corruption y --ignore-zero-blocks solo están permitidas para la operación de abrir." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "La opción --root-hash-signature solo puede usarse para la acción de abrir." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Las opciones --ignore-corruption y --restart-on-corruption no pueden utilizarse juntas." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "No se puede leer el fichero de claves %s." + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "No se pueden leer %d «bytes» en el fichero de claves %s." + +#: src/integritysetup.c:254 #, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "No se puede abrir %s en exclusividad; el dispositivo está en uso.\n" +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formato dado con tamaño de etiqueta %u, integridad interna %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" es el dispositivo que se va a crear bajo %s\n" +" es el dispositivo que contiene datos con etiquetas de integridad\n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" +"\n" +"Parámetros dm-integrity predefinidos de fábrica:\n" +"\tAlgoritmo de la suma de comprobación: %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Ruta al dispositivo de datos (si está separado)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Tamaño del diario" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Sectores de entrelazado" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Marca de agua del diario" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "por ciento" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Tiempo de escritura en el diario" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Número de sectores de 512 bytes por bit (modo mapa de bits)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Tiempo de «flush» del modo mapa de bits" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Tamaño de etiqueta (por sector)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Tamaño de sector" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Tamaño de los «buffers»" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Algoritmo para la integridad de datos" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "Tamaño de la clave de integridad de datos" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Leer la clave de integridad de un fichero" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Algoritmo de integridad del diario" + +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "Tamaño de la clave de integridad del diario" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Leer la clave de integridad del diario de un fichero" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Algoritmo de cifrado del diario" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "Tamaño de la clave de cifrado del diario" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Leer la clave de cifrado del diario de un fichero" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Modo de recuperación (sin diario, sin comprobación de etiqueta)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Utilice bitmap para seguir los cambios y desactive el diario para el dispositivo de integridad" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Recalcular las etiquetas iniciales automáticamente." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "La opción --integrity-recalculate solo puede usarse para la acción de abrir." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Las opciones --journal-size, --interleave-sectors, --sector-size, --tag-size y --no-wipe solo pueden utilizarse para la acción de dar formato." + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "La especificación del tamaño del diario no es válida." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Deben especificarse las opciones tanto de fichero de claves como tamaño de clave." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "El algoritmo para la integridad debe especificarse si se va a utilizar clave de integridad." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Deben especificarse la opción del fichero de clave de integridad del diario y la del tamaño de la clave." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "Debe especificarse el algoritmo de integridad del diario si va a utilizarse la clave de integridad del diario." -#: src/cryptsetup_reencrypt.c:151 +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Deben especificarse la opción del fichero de la clave de cifrado del diario y la del tamaño de la clave." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "Debe especificarse el algoritmo de cifrado del diario si va a utilizarse la clave de cifrado del diario." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Las opciones de recuperación y de modo mapa de bits son mutuamente excluyentes." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Las opciones de diario no pueden utilizarse en modo mapa de bits." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Las opciones de mapa de bits solo pueden utilizarse en el modo mapa de bits." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Recifrado ya en curso." + +#: src/cryptsetup_reencrypt.c:208 #, c-format -msgid "Cannot open device %s\n" -msgstr "No se puede abrir el dispositivo %s\n" +msgid "Cannot exclusively open %s, device in use." +msgstr "No se puede abrir %s en exclusividad; el dispositivo está en uso." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "La reserva de memoria alineada ha fallado.\n" +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "La reserva de memoria alineada ha fallado." -#: src/cryptsetup_reencrypt.c:168 +#: src/cryptsetup_reencrypt.c:229 #, c-format -msgid "Cannot read device %s.\n" -msgstr "No se puede leer el dispositivo %s.\n" +msgid "Cannot read device %s." +msgstr "No se puede leer el dispositivo %s." -#: src/cryptsetup_reencrypt.c:179 +#: src/cryptsetup_reencrypt.c:240 #, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "Marcando el dispositivo LUKS %s como inutilizable.\n" +msgid "Marking LUKS1 device %s unusable." +msgstr "Marcando el dispositivo LUKS1 %s como inutilizable." -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "Marcando el dispositivo LUKS %s como utilizable.\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Estableciendo el indicador de recifrado fuera de línea LUKS2 en el dispositivo %s." -#: src/cryptsetup_reencrypt.c:200 +#: src/cryptsetup_reencrypt.c:261 #, c-format -msgid "Cannot write device %s.\n" -msgstr "No se puede escribir en el dispositivo %s.\n" +msgid "Cannot write device %s." +msgstr "No se puede escribir en el dispositivo %s." -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "No se puede escribir en el fichero de registro de recifrado.\n" +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "No se puede escribir en el fichero de registro de recifrado." -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "No se puede leer el fichero de registro de recifrado.\n" +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "No se puede leer el fichero de registro de recifrado." -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "El fichero de registro %s ya existe; reanudando el recifrado.\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "Activando dispositivo temporal utilizando cabecera LUKS antigua.\n" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Activando dispositivo temporal utilizando cabecera LUKS antigua." -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "Activando dispositivo temporal utilizando cabecera LUKS nueva.\n" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Activando dispositivo temporal utilizando cabecera LUKS nueva." -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Fallo en la activación de los dispositivos temporales.\n" +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Fallo en la activación de los dispositivos temporales." -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Se ha creado una nueva cabecera LUKS para el dispositivo %s.\n" +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "No se ha podido establecer el desplazamiento de los datos." + +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "No se ha podido establecer el tamaño de los metadatos." -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:573 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Se ha activado la ranura de claves %i.\n" +msgid "New LUKS header for device %s created." +msgstr "Se ha creado una nueva cabecera LUKS para el dispositivo %s." -#: src/cryptsetup_reencrypt.c:484 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "" -"Se ha creado una copia de seguridad de la cabecera LUKS del dispositivo %s.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Esta versión de cryptsetup-reencrypt no sabe manejar el nuevo tipo de «token» interno %s." + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "No se ha podido leer los indicadores de activación en la cabecera de respaldo." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "Fallo al crear la copia de seguridad de las cabeceras LUKS.\n" +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "No se ha podido escribir los indicadores de activación en la nueva cabecera." -#: src/cryptsetup_reencrypt.c:634 +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "No se ha podido leer los requisitos en la cabecera de respaldo." + +#: src/cryptsetup_reencrypt.c:705 #, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "No se puede restaurar la cabecera LUKS en el dispositivo %s.\n" +msgid "%s header backup of device %s created." +msgstr "Se ha creado una copia de seguridad de la cabecera %s del dispositivo %s." + +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "No se ha podido crear la copia de seguridad de las cabeceras LUKS." -#: src/cryptsetup_reencrypt.c:636 +#: src/cryptsetup_reencrypt.c:901 #, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "Se ha restaurado la cabecera LUKS en el dispositivo %s.\n" +msgid "Cannot restore %s header on device %s." +msgstr "No se puede restaurar la cabecera %s en el dispositivo %s." -#: src/cryptsetup_reencrypt.c:669 +#: src/cryptsetup_reencrypt.c:903 #, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Progreso: %5.1f%%, ETA %02llu:%02llu, %4llu MiB escritos, velocidad %5.1f " -"MiB/s%s" +msgid "%s header on device %s restored." +msgstr "Se ha restaurado la cabecera %s en el dispositivo %s." -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "No es posible situarse en la posición del dispositivo.\n" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "No se puede abrir el dispositivo LUKS temporal." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "No se puede abrir el fichero temporal de la cabecera LUKS.\n" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "No se puede obtener el tamaño del dispositivo." -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "No se puede obtener el tamaño del dispositivo.\n" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Error de entrada/salida durante el recifrado." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Interrumpido por una señal.\n" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "El UUID proporcionado no es válido." -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "Error de entrada/salida durante el recifrado.\n" +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "No se puede abrir el fichero de registro de recifrado." -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"El fichero de claves solo puede usarse con --key-slot o con una sola ranura " -"de claves activa exactamente.\n" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "No hay ningún proceso de descifrado en marcha; el UUID proporcionado solo puede utilizarse para reanudar un proceso de descifrado suspendido." -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 +#: src/cryptsetup_reencrypt.c:1504 #, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Introduzca la fase contraseña para la ranura de claves %u: " - -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "No se puede abrir el fichero de registro de recifrado.\n" +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Se han cambiado los parámetros pbkdf en la ranura de claves %i." -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "Reencryption block size" msgstr "Tamaño de bloque de recifrado" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "MiB" msgstr "MiB" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "No cambie la clave; no hay recifrado en la zona de datos." +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "No cambie la clave; no hay recifrado en la zona de datos" -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "Utilizar entrada/salida directa para acceder a los dispositivos." +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Leer la clave (maestra) del volumen desde fichero" -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "Utilizar fsync después de cada bloque." +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Tiempo de iteración PBKDF2 para LUKS (en ms)" -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Actualizar el fichero de registro después de cada bloque." +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Utilizar entrada/salida directa para acceder a los dispositivos" -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "Utilizar solamente esta ranura (se desactivarán las demás)." +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Utilizar fsync después de cada bloque" -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" -"Reducir el tamaño del dispositivo de datos (mover la posición de los datos). " -"¡PELIGROSO!" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Actualizar el fichero de registro después de cada bloque" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Utilizar solamente el tamaño especificado de dispositivo (ignorar el resto " -"del dispositivo). ¡PELIGROSO!" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Utilizar solamente esta ranura (se desactivarán las demás)" + +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Crear nueva cabecera en dispositivo no cifrado" + +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Descifrar el dispositivo de forma permanente (eliminar cifrado)" -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Crear nueva cabecera en dispositivo no cifrado." +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "El UUID utilizado para reanudar el descifrado" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." -msgstr "Descrifrar el dispositivo de forma permanente (eliminar cifrado)." +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Tipo de metadato LUKS: luks1, luks2" -#: src/cryptsetup_reencrypt.c:1298 +#: src/cryptsetup_reencrypt.c:1659 msgid "[OPTION...] " msgstr "[OPCIÓN...] " -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" -"ATENCIÓN: este código es experimental; puede ser que sus datos queden " -"deteriorados por completo.\n" - -#: src/cryptsetup_reencrypt.c:1313 +#: src/cryptsetup_reencrypt.c:1667 #, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "El recifrado va a cambiar: clave del volumen%s%s%s%s.\n" +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "El recifrado va a cambiar: %s%s%s%s%s%s." + +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "clave del volumen" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr ", nuevo algoritmo «hash»: " +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "nuevo algoritmo «hash» " -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr ", nuevo algoritmo de cifrado: " -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "Hace falta argumento." -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Solo se permiten valores entre 1 MiB y 64 MiB para el tamaño de bloque de " -"recifrado." - -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "La especificación del tamaño del dispositivo no es válida." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Solo se permiten valores entre 1 MiB y 64 MiB para el tamaño de bloque de recifrado." -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." msgstr "El tamaño máximo de reducción del dispositivo es de 64 MiB." -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "El tamaño de reducción debe ser múltiplo de sectores de 512 bytes." - -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "" -"La opción --new debe utilizarse conjuntamente con --reduce-device-size." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "La opción --new debe utilizarse conjuntamente con --reduce-device-size o --header." -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" -"La opción --keep-key solamente puede utilizarse con --hash o --iter-time." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "La opción --keep-key solamente puede utilizarse con --hash, --iter-time o --pbkdf-force-iterations." -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "La opción --new no puede utilizarse conjuntamente con --decrypt." -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." msgstr "La opción --decrypt es incompatible con los parámetros especificados." +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "La opción --uuid solo está permitida conjuntamente con --decrypt." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Tipo de luks no válido. Utilice uno de estos: 'luks', 'luks1' o 'luks2'." + #: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Error de lectura de la respuesta recibida desde el terminal.\n" +msgid "Error reading response from terminal." +msgstr "Error de lectura de la respuesta recibida desde el terminal." -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Orden ejecutada correctamente.\n" -#: src/utils_tools.c:191 +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "parámetros incorrectos u omisos" + +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "sin permiso o frase de paso mala" + +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "sin memoria" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "se ha especificado un dispositivo o fichero incorrecto" + +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "el dispositivo ya existe o está ocupado" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "error desconocido" + +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "La orden ha fallado con código %i (%s).\n" + +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Ranura de claves %i creada." + +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Ranura de claves %i desbloqueada." + +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Ranura de claves %i eliminada." + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "«Token» %i creado." + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "«Token» %i eliminado." + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" +"\n" +"Limpieza interrumpida." + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "AVISO: El dispositivo %s ya contiene una firma de partición '%s'.\n" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "AVISO: El dispositivo %s ya contiene uan firma de superbloque '%s'.\n" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "No se han podido inicializar los sondeos de firma del dispositivo." + +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "No se ha podido efectuar «stat» sobre el dispositivo %s." + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "El dispositivo %s está en uso. No se puede proceder con la operación de dar formato." + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "No se ha podido abrir el fichero %s para lectura y escritura." + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "La firma de la partición '%s' existente (desplazamiento: % bytes) en el dispositivo %s va a limpiarse." + +#: src/utils_tools.c:580 #, c-format -msgid "Command failed with code %i" -msgstr "La orden ha fallado con código %i" +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "La firma del superbloque '%s' existente (desplazamiento: % bytes) en el dispositivo %s va a limpiarse." -#: src/utils_password.c:42 +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "No se ha podido limpiar la firma del dispositivo." + +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "No se ha podido sondear el dispositivo %s para una firma." + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" +"\n" +"Recifrado interrumpido." + +#: src/utils_password.c:43 src/utils_password.c:75 #, c-format -msgid "Cannot check password quality: %s\n" -msgstr "No se puede comprobar la calidad de la contraseña: %s\n" +msgid "Cannot check password quality: %s" +msgstr "No se puede comprobar la calidad de la contraseña: %s" -#: src/utils_password.c:50 +#: src/utils_password.c:51 #, c-format msgid "" "Password quality check failed:\n" -" %s\n" +" %s" msgstr "" "Fallo en la comprobación de la calidad de la contraseña:\n" -" %s\n" +" %s" + +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Fallo en la comprobación de la calidad de la contraseña: frase contraseña incorrecta (%s)" + +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Error al leer la frase contraseña desde el terminal." + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Verifique la frase contraseña: " + +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "La frase contraseña no coincide." + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "No se puede usar «offset» con entrada desde terminal." + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Introduzca la frase contraseña: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Introduzca la frase contraseña de %s: " + +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "No hay ninguna clave disponible con esa frase contraseña." + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "No hay niguna ranura de claves utilizable disponible." + +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "No se puede abrir el fichero de claves %s para escritura." + +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "No se puede escribir en el fichero de claves %s." + +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "No se ha podido abrir el fichero %s para solo lectura." + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Proporciona «token» LUKS2 válido en JSON:\n" + +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "No se ha podido leer el fichero JSON." + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" +"\n" +"Lectura interrumpida." + +#: src/utils_luks2.c:113 +#, c-format +msgid "Failed to open file %s in write mode." +msgstr "No se ha podido abrir el fichero %s para escritura." + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" +"\n" +"Escritura interrumpida." + +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "No se ha podido escribir el fichero JSON." + +#~ msgid "Parameter --refresh is only allowed with open or refresh commands." +#~ msgstr "El parámetro --refresh solo se permite con las órdenes de abrir y de refrescar." + +#~ msgid "Cipher %s is not available." +#~ msgstr "El algoritmo de cifrado %s no está disponible." + +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Tamaño de sector de cifrado no admitido.\n" + +#~ msgid "Offline reencryption in progress. Aborting." +#~ msgstr "Recifrado «offline» en curso. Se aborta." + +#~ msgid "Online reencryption in progress. Aborting." +#~ msgstr "Recifrado «online» en curso. Se aborta." + +#~ msgid "No LUKS2 reencryption in progress." +#~ msgstr "No hay ningún recifrado LUKS2 en proceso." + +#~ msgid "Interrupted by a signal." +#~ msgstr "Interrumpido por una señal." + +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Función no disponible en modo FIPS." + +#~ msgid "Failed to write hash." +#~ msgstr "No se ha podido escribir el «hash»." + +#~ msgid "Failed to finalize hash." +#~ msgstr "No se ha podido finalizar el «hash»." + +#~ msgid "Invalid resilience parameters (internal error)." +#~ msgstr "Parámetros de resiliencia no válidos (error interno)." + +#~ msgid "Failed to assign new enc segments." +#~ msgstr "No se han logrado asignar los nuevos segmentos enc." + +#~ msgid "Failed to assign digest %u to segment %u." +#~ msgstr "No se ha logrado asignar el resumen %u al segmento %u." + +#~ msgid "Failed to set segments." +#~ msgstr "No se han podido poner los segmentos." + +#~ msgid "Failed to assign reencrypt previous backup segment." +#~ msgstr "No se ha podido asignar recifrado al segmento de respaldo anterior." + +#~ msgid "Failed to assign reencrypt final backup segment." +#~ msgstr "No se ha podido asignar recifrado al segmento de respaldo final." + +#~ msgid "Failed generate 2nd segment." +#~ msgstr "No se ha podido generar el segundo segmento." + +#~ msgid "Failed generate 1st segment." +#~ msgstr "No se ha podido generar el primer segmento." + +#~ msgid "Failed to allocate device %s." +#~ msgstr "No se ha podido asignar el dispositivo %s." + +#~ msgid "Failed to allocate dm segments." +#~ msgstr "No se han podido asignar los segmentos dm." + +#~ msgid "Failed to create dm segments." +#~ msgstr "No se han podido crear los segmentos dm." + +#~ msgid "Failed to allocate device for new backing device." +#~ msgstr "No se ha podido asignar el dispositivo para el nuevo dispositivo de respaldo." + +#~ msgid "Failed to reload overlay device %s." +#~ msgstr "No se ha podido recargar el dispositivo de superposición %s." + +#~ msgid "Failed to refresh helper devices." +#~ msgstr "No se han podido actualizar los dispositivos de ayuda." + +#~ msgid "Failed to create reencryption backup segments." +#~ msgstr "No se ha podido crear los segmentos de respaldo de recifrado." + +#~ msgid "Failed to set online-reencryption requirement." +#~ msgstr "No se ha podido establecer el requisito de recifrado «online»." + +#~ msgid "Failed to hash sector at offset %zu." +#~ msgstr "No se ha podido hacer «hash» del sector en el desplazamiento %zu." + +#~ msgid "Failed to read sector hash." +#~ msgstr "No se ha podido leer el «hash« del sector." + +#~ msgid "Error: Calculated reencryption offset % is beyond device size %." +#~ msgstr "Error: El desplazamiento % de recifrado calculado sobrepasa el tamaño % del dispositivo." + +#~ msgid "Device is not in clean reencryption state." +#~ msgstr "El dispositivo no está en un estado de recifrado limpio." + +#~ msgid "Failed to calculate new segments." +#~ msgstr "No se ha podido calcular los nuevos segmentos." + +#~ msgid "Failed to assign pre reenc segments." +#~ msgstr "No se han podido asignar los segmentos pre reenc." + +#~ msgid "Failed finalize hotzone resilience, retval = %d" +#~ msgstr "No se ha podido finalizar la resiliencia de zona caliente, retval = %d" + +#~ msgid "Failed to write data." +#~ msgstr "No se han podido escribir los datos." + +#~ msgid "Failed to update metadata or reassign device segments." +#~ msgstr "No se han podido actualizar los metadatos o reasignar los segmentos del dispositivo." + +#~ msgid "Failed to reload %s device." +#~ msgstr "No se ha podido recargar el dispositivo %s." + +#~ msgid "Failed to erase backup segments" +#~ msgstr "No se han podido borrar los segmentos de respaldo." + +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Las opciones de rendimiento de dmcrypt solicitadas no están disponibles." + +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "No se puede dar formato al dispositivo %s que todavía está en uso." + +#~ msgid "Key slot %d is not used." +#~ msgstr "La ranura de claves %d no se está utilizando." + +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "La ranura de claves %d se va a borrar." + +#~ msgid "open device as mapping " +#~ msgstr "abrir el dispositivo como asociado a " + +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "cerrar dispositivo (desactivar y eliminar la asociación)" + +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "No se han podido establecer los parámetros PBKDF." + +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "No es posible situarse en la posición del dispositivo.\n" + +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "El dispositivo %s es demasiado pequeño. (LUKS3 necesita % btyes como mínimo.)" + +#~ msgid "Replaced with key slot %d." +#~ msgstr "Reemplazado con ranura de claves %d." + +#~ msgid "Missing LUKS target type, option --type is required." +#~ msgstr "Falta el tipo de objetivo LUKS, se requiere la opción --type." + +#~ msgid "Missing --token option specifying token for removal." +#~ msgstr "Falta la opción --token que especifica el «token» que se va a borrar." + +#~ msgid "Add or remove keyring token" +#~ msgstr "Añadir o eliminar «token» de llavero" + +#~ msgid "Activated keyslot %i." +#~ msgstr "Se ha activado la ranura de claves %i." + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "error de reserva de memoria en action_luksFormat" + +#~ msgid "Key slot is invalid.\n" +#~ msgstr "La ranura de claves no es válida.\n" + +#~ msgid "Using default pbkdf parameters for new LUKS2 header.\n" +#~ msgstr "Se está utilizando los parámetros pbkdf predeterminados para la nueva cabecera LUKS2.\n" + +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Demasiados niveles de arborescencia en el volumen «verity».\n" + +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "La clave %d no está activa. No se puede limpiar.\n" + +#~ msgid " " +#~ msgstr " <«hash»_raíz>" + +#~ msgid "create active device" +#~ msgstr "crear dispositivo activo" + +#~ msgid "remove (deactivate) device" +#~ msgstr "eliminar (desactivar) dispositivo" + +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Progreso: %5.1f%%, ETA %02llu:%02llu, %4llu MiB escritos, velocidad %5.1f MiB/s%s" + +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "No se ha encontrado ningún dispositivo de bucle invertido libre.\n" + +#~ msgid "Cannot open device %s\n" +#~ msgstr "No se puede abrir el dispositivo %s\n" + +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "No se puede utilizar el UUID pasado a menos que haya descifrado en curso.\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "Marcando el dispositivo LUKS %s como utilizable.\n" + +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "ATENCIÓN: este código es experimental; puede ser que sus datos queden deteriorados por completo.\n" #~ msgid "FIPS checksum verification failed.\n" #~ msgstr "La verificación de suma («checksum») FIPS ha fallado.\n" -#~ msgid "" -#~ "WARNING: device %s is a partition, for TCRYPT system encryption you " -#~ "usually need to use whole block device path.\n" -#~ msgstr "" -#~ "ATENCIÓN: el dispositivo %s es una partición; para el sistema de cifrado " -#~ "TCRYPT normalmente se necesita usar la ruta de un dispositivo de bloque " -#~ "entero.\n" +#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n" +#~ msgstr "ATENCIÓN: el dispositivo %s es una partición; para el sistema de cifrado TCRYPT normalmente se necesita usar la ruta de un dispositivo de bloque entero.\n" diff --git a/po/fi.gmo b/po/fi.gmo index e33059aeeaeaf4a5432a1d9560e13e3ffb9a3c13..191ae9f81598f23c985619378ed61ded089b190b 100644 GIT binary patch delta 3553 zcmZA13s6+o8Nl(gYLqB33WAzcxhg~v7hSRf0s$596?p_CzO@TnU}f2b-6diaHmTH3 z^RoJt#LC!*II*!xlUd`KQJbb#n}4W9apd9r^HcrRg$al>Ej>RD?z!P{M zUdI%?g{;|3x|c~Y4QF6U!c91Z>mJm3pGAIRj$2^z$U-_R>8!?`n2&Fu zp5>?LMmOi8<6bPn@1myqx40BXkq)}19QBMhqAu)7%*PYx!V#Q`seEV#a;B1h{Xr1} z52G&lLgM-(e2VKy)8aQ8#8R$*iJFPYoR9v#0B2$~>cTrv zH}cKttU@iqBd9yLfb;PhYR!yeP*b0V<1q(y zzI@ahlpuRE<)}xn6?I|zQ8OJmmiWR;NPU@$NcPNC)CvBMdX_hlKa;^~^v0#A6RyQe z4rBUIAL9x>&SDGx8Z$Vz@8M^t8ye&hs>B;evLeQn8DCKqvMJMuPJ9BjCWaILKZ9BW z@1XAJZ>S4O;-EF9b5R#uh>u_y>i-X*?)YWY`7WW(|1N6%nSayaSWW5!@eJf5r(l+$ z?sQw?+J~B%ucL)W@j<+Zi}4dIKqnQgHDsf1=m2sH^F!3f@K?y%&25$Yn@sYn6R$>{ zpb^QQIgFF>JidzWC9eCKMQ`{#7ULDv7gG|2p*LE9q}J4-g?`lU@5ds%gt|ceh}?|} z=;-s9kD8iF)G7~QDIP_AgN@)8OyTudf&pBOCllUGj4x%9RgCwdK1G+Y9B*M7E@N_C z==xmpuM_t&P>I7>i2p=A5+{#@{$Lf7Ewc@ia3AvMoBgOqbsTlaKSiDIcc=@T%!SrW zHNJvfSdDY2+%*_bv| zK8$Z6n>A_f_(IEZE7zNG1HOhN%cMk@MR!<+TCEMZ9>b^$x`JczH+UD0;1c{0b;q+< zolf`=YDS(%&D=1OMDrF-#7`6dA6F2swG14^c%+by-k=!uOqQb-RU2x`kD&vvpr-mg zoQyZn!do~VXL4>@)!9frnrhSy^k5n8L!D;>v6s*>Y9tanhbk`gQOO{*O(HzRI)aVH zQVOwR9D_RvE!v!O*8By<5vctT?@AI*?vfif`lM1W``w5^X5dx`1&V=aZx zaH6m0LVcNz#PwrHy_g=Nnb=0GB=ol%i92oCoenk;Jgp{~poU{dsZY)vqMf+YBD)g3 zzB?lc*CH=8v-|(XwYbs~V@~8?1&^uJA?n&m`YV(=>oYvRWDuLbwz#6M;w zRH!YpiO^@(M?6Gmn@Tjqdhw4+*iPsZu_Znfd#bdn)lco2E@B5Un$VU@jEz+kooPfT zp{@Y02{WO=f9%F|?H`F6>v$db;AJjq(INzSi$MNX_Nk-XK5 zrTJm6w62{eU#xvp&Q+bywEa!NU7cZXz;8AB0!{5!$osf$>g-OBH)yqZygs`*SKPJP z$@P`x>uT!iO})n#mfA;#qV;w6kCKTE=O#Az+x>x^e#_IO(@5>cN}02%TwdG!lc;;^ zM2D>3_Lm7EyD4P+-5rf~P+r(REBgNS636I*+(nY&$+4VuBp}3ZofV$2U1a4gaxHec zT+T&>mMgEwT`2oJH_A3Rmv^^@iY%5E2!^e2(BlvJJh6q_!C)X5vcdr?+-6&AJ^t2i za^_rTdpaynb92xRg>s{vjUPFr&^{y=TWaL<)}7Mfogpu_{aD`IQ71>+-Qx1)%Zt7T z#oOab_IShpJrCKjCsQu%nJ$^VHL|sDs+9KSM+f_6I%H^Xp^Wc$N59cu^nY}+65_&nVqU!bj>GieXB2jtY?RLMA!E!U1%;{W#B(bvCIKT3vW literal 45357 zcmb`Q31D1Tb@v}6ED;bOJ7LKSi4uuu6x&%y9LJ6v+lk{9TX6^>n6WgH#v08ini)9? zX`uxQ0m{}uSxO;bpezkgXn;Zq)cv4PXenPySxTX0DWxBjkM1lV-|v6Uy>A(fZ1eRK zy!_|Ach_^zJ?GqW&%6HHQ%-!<1Ck{9W&X1YOdp;kCp|Dp9(7id==r5-lAHjp1Fz@O z-)GY#IUW2Qcpvyp@MGZX&P|dJfHyxeNuCd$d|r}#5WE{)2W~$Al;3vS7!7qT11^*7b5d0bVP;l^qBsmov1*tOG2&z4k;A6l$z(;_0gAWGZ z432{D0M7uw1YQpQGk6Jj0fh^n28sqR1&6@?1y2K09@2#5GEn8+0-g=N2s{OR zE4Ul{5O^YZ(lBL%CxhzmW#Hq%TEORmmvVm(sB*suLb~LqAS6o8c~X*W0ylwreit|f zz8h4#egKj*x!@wtzZ=y1MUej|AL2hM=UbraKWQXM_>&rgCW)SmM|wSNOhlar^0`@2Au^JY-= z`5eelCI11Q3Z8$N_wNc&vKWPv-g2Y|7W23`x8*@UBeAOlNxvq_%kP94fqo96z+c))Odaz)VO>dR5=e|5Fu$Y2-5ZBCXoLp zFXlg@*B^tT%h$vGL$7ptod>G@H-M`D5GZ=Q0z3qMG(5j_t@HIxQ2fyVmF{j(^t>O` z`27$RUCw~nHC~s1YUf5!^-O~Ig0BD{0bYYJ+W_taA$jsrQ2jdss$YK}@WEGm`=11= zpL+v7AJlk!5LElW4Qkwe4vLPau6Md!4yN311;xJyL5<7HK+W&>fEu^2f@;sn{73!U z394O7;5p#E;4bjbK=IoXu5td@466SfQ2l)!cslq|Q1tl%2&q9u6_ z2rDJ;4fs9qiQJ#hB$xcS4rHj4MNsMA4{im&2{J{J%60yJ5`=Y_S92^HV{`Y_vf*%1@ z?l(d8`{6V~{C+K{es;k#!4H6=;Ag>;!JmNQlL46XvEVu2FnARxy4OIB(;Gp_htG%m z6L)*Pmw|&kzct)H7koVT?*he#p9UWSegixa{4S{Z@qJKyeb!Ta-aQ3W`WmS5y%W3` zd}Fx(b5Q;I5vYC+?|~P=J)oX{4OBl*+w1Mw3#z;&@Co3{LDBg=pvL2iAf!qjJ?`>$ zKd5qE1!_Kj7Mucq4qgOK-RSRM399~2hx;FaqU-QJPd5f$!u=emd2kQ-NbnP&^8E#< zcKjF=ozA_<(`^7#?)QV5U(X58-wcW#e*}td-v-s5M?Ka1xh~)VQ2g~mP<;GJP~-XV zn|(Zoz>VDR0W09Ez{h|`K$ZWsfXUOGKh6VBReDhAr@%|WyTKIvG^qUF10M&TcuVLH zsQzsL8IoiQgha`Q!CCN;PxpEAEKvPF0;<1%2d)B7xYhGt3ZBOOE#Mj8JP4~MF906} zei3{y_z&QNz#o9(mwyEx51#)F&%Y6bWs{pgjmO);CxD*ERbLxa`FDWo|7*ar!QTT{gP#M{?w^C=_tT!~=^g`~!u=)SS>P5> z7gM0x^)gWHxffJ<9|iAy0R00+r#BqHrUdT?zYN|!ktAOM_e{cTV5Prjx<2MzZ+zVCw~H}p0i<^Veo2jEjSH| zPHzU)o=<>J1HTBWovRz(?kmCd+)smNf^P%Q20sQ~4SpGXGI-{kw{sVGIrq;47r~E! zPXgC8lLS&Hw}Ru~$H6i1^p>Z;2~>Mu3f=&I1C;!@Xx``BGr;ZK-vg>YKL9TVAAOs* za}3md3%m$?BX~Xdr=a?E+JeuwR=}5oqSO1p)!?_mE5S3{Ufxr{^SOUEsQw)W)sMdc zF9RRa@p*PNsQV@;x*i5q-q%6V?a^Hym))T5ZwJ+n4}v#?Cqkr+;4{Eg;60$~`vRzb z3>)_+SJ3)>6Ys32^;04_O7pVTFOUMLp zGk7a_A9x9P+8sWBt_L5({XS6j&x7K_cY#CTr$Eu=hoI_v?6aJ&t^k$qCQ$9Y4NSrJ zfuheBz(MfDJDq=@1S9r)Vt{EMLI{bTT*;OMVX`x6pSOVO|5w3t!GY(&Yv2f&g6l!?(|+*x!Iy{kTb}Rqc`A4n&tD3vp3i`4$A5sL z(?!4L^Y125>0ShG06z(8o;~;lKE9WOXL7$AJP(`!MYorL;)}O}D);l?mEegl^!)3= zG47k-Ht@aRX7H!rCUE0j-p&_*41My4pxUwaMgDvd9OVAppz#x^cAWTP@AurS7Ypy+T1cmeoM z@OnhFLOTJ1)jwH5_mHBT(APZ5*z|Q z4ys@O2#UW3U+!|{X`sgYwV>Mj8SrZGXW)(CRj+Ve$(s!b?|!bKLb7)JoPnBr)}Uh+#doj2R{UAJpVboKjpPf z=k?&VJf8Ow#W#NgiatL9)z87-@^(*v;^)_cqWd?%3&C^V;QVwQsP=b2jqh)QXM-OH9}0dI zR6XAUHQql3*MX~l+vQ~wd@T1b2Gx(ZgL?lZQ01QfM%Ob}fa2d*g6{+G2X}(Ey~)St z<6z4D!x+RzfFs~3;95}S>;OgYd2kwhJ9shp$Txev8$jL9gNML3ftP`2y~X>#6I8!{ z1Jrna1Uwh~7f^IN{jiVQ2Jng8-v*ur-VHtpd)!5sFb8had+Tzup6Ce7^~bKOgmOujc~rChj+b8rL^~4+h@_J_!6hQ2qK4 zC_efT_$ct?-}QRW0o9+|LDBu?pyt85z>~qRg!lglp2htG?sYnx4L*?j>p|7G4HVt> zfP-KQRQgweSAq9}7lPjd9{`^69#4N7_-O7|gDH3|H~>z98t)b;y4?*v0{j@b0sJhe za!%$y>Yx5Zm-u%9&u`~uHK_5Zay^mXkUx1S_&rd6f53G)_kRXHUJv*?iTio37xQ}u zDEi00aen+(yb1U-a4h_O9{3rqE#zAVs&8lW`)T06a?Nx79hd%o;$Z*XO`5e_-wDrt z3Vws@RG#VY!Qhj?gWwh6Sp)nL&)%j4{5^pC2KY>_bGdHe9(FN#^?6Wo;orFaovXzq zz7bC_B*|@DujYCxdE(z8ert}Nz;zbCUk<*E>tcSlxfp`vi(KF067T*6*U!21r!ktb zUq1eqkbac=r*oah@A!8HzaJFtxAE|z@cR=X!7boMuB}|tTq9hQTwmh)L#~s#{);RA zJtO?MnsQzrAA(=udQ9Q|F}#PRlh1``{~2&s!2bn)jBA$bZ@B)L>rC>T%cZ{`IN03P z&jp@e&$Wf$ujLx$_pgJ0#ns{Wm)ZA@HT#-wv({&wii#C-eIbu4jd3%6c=`C%GgG^jGIy7hGj`E_?3e_oKMR zdH2Kcd|xPIQ=zOT?`FBb0Q@Jet^D2#{x;VPzn{YOI)48tm;UCs-wq2Kar0-tqSkuBY+r8ZP}k6TCG1J}uz)d43bWUjQzF&jD`+>tONkAGrA=t_O#Q zgCYNY+@HwrL*Ra{=W?CTb%5(Pxr%>JBHeZ2!GD0exvmT4oXzidhj;%7J~I3+!fUv> zI6SzFe6^7G!#w++;rUCz1+FEoL9RD)J&a3#Qz5^1rz5MhcQ=Ax;QBo-{e6h*e4Y<;>F>P`_TRPqw;k>$ zct61P?85tR^LvtKkLB9NwT?@FBcS%fPv`oeKeGSsv<*_tG}4{ z%REyX^mhW6@;>B!E}x6fl7V&AiB7%MT%Xq4X{%XFTT^QXc-pMa)$Cbkrj}0D7V8tW zw9`r_7HZW_E$ucZYYXXMdtlvUwNu^i@AKq53wZ|C%~abn%My5b6Rl>aT5r~y)9GSu zp*~fgsH!Qc${bj?&}wz|EBE?T|D|E6+M>s4vo%Ren`x=^U#QvEf~>{0=ETC%e5W>< zHG8(Ul(rkKPL^c*jobF7@oC!Z&K-aPP-Lz(S)W=OSf^K0^#(+1&8rvHhNae{bgD&C z+TN@k@`v0vy0h)E$;oYG^AVu=n`%?lZljY-9{ns^Qisgd8L3o}JfO))g8(SJ8-emdXvjo)Wy4O=6J)jn>3$I&@&EQ)>_N zygQOAMZf2JtB|E#zoS-2236;(9X(iqbQ+RsbCNc++w(IE)po7ioE_EM>vP>X4T%j? zD1UNx<479c)teAo1GK2jSviebbGkDlvJOqmFeVcklHqIscW>ObY0H|luDr(5o%)=! zfe1>I$u~#(WZ5VsT-2@j^o9Th-#B6u|++^V9 zRyUpCLAB9trCqw$YD}itgl;b}y>91aot}$dTJtq{B23{SW074v8Xhrb)K7lFQ`K7A zZ#p(B^n2i>iAJjp^%rV$ElAD zW}kYR_uOr&S(V%={dle2X{XhNT3Vf-UuZE}CVbkG7;`jaVF@A7SW1VQt+d@~EmWs# z>DFDtqXWrcTTQ*KTVJTP;qbJoVy3%u5VD<&r0p7$%x4r+I6N>Zqua7jE6JFny-N!s zi*znwvLC5Q2oov!vs)^a&eD7>U8n!9zcszZF zl}H~YG^uGhm_&5Xg+@Jo||`%r|qS7r#6=cp{bFRfI~EO>c;GY?Q%8} z&oelTRuE=g8$orUAYYCvj~Kjv9$JA0Ytrg=cb@9h4>gOa)~-#!940;rm5@OyrKfG} zbgC-RtAvgEbdzo^HCollwAxA6p(R6E2U@7W>Ovjvs#rA==UYr5kziQ9b(S6C#nmR?R2O*TTRFJY~3+z%xtqkeR496CS!r6^Ep3P zZ;Q5tS78=R@~G3PPDp~=B$p70`E zt>b%>jV6qIP{QyA@g>n4IH?_znVg+$)!NMqrRGfkr;CuIcUU)?ZjeNlo;M>Tw%O>-( zR5A&Uo@C$VJzK|b?wd%gTAef!nWZrTS2XNbTO3e502iA2Lbxrq8ptlQ9gu^I^+{t; znyf-5W@-$jl#?m;+q#gmvxJgqTdypMn{9=evo;N*G+Cd9uL9SnLq0W)nuBc(a;&6J z2|StP`rI)-Xs zHc8IWbZb*K6Y~qInLULdlVD=5dAbc*J+<2>8uW6phT>?U+9-Y`7KXir8qI5)s>8$8 zbZVhi>zy=(M9wpzJ#_ETOnqWTlcn9MGo;H3?MXk9&Z|pITpB!CYu1Z{JB_9aC2KO| zwdzH^In_$5$f7JwkyJ_nw@lR9ZLluIyOih0?(Wp#6egId+?Gr_Gc9UONxv|D%adtj zR!ZV6t<0gWYYQXkLbqwwJ=$0E%}jUbyU@4zQeH-sSunRB>l&_KXx17sw7U$hgmG;$ zA5I&>jP_Z(%a8L4?fEfy%+fIAxnJ&EjBL zvaB0WEC?d;XoJ=u{s;%UO7dz zcXl5S@2cpm|M{f%>5lGhh_p+oO@_%73K(f?lLe`&BD^D}BCtjz+gJ#gTFTpasE(1C z)z$Mna7X{qkeKbC)m|Kfvpn}PILH&_V<>srSE9MW&1eKet-6S*B|WDOwdUqzFa%S? ztd9w;@(1hLyI^}D7<^5v^nto^SCowWLXqw6gk&Iwm>x1H5TuGBQ=PQMgGxXV#W%7_ zbBaoN_BsbfJ!w!cHuHnF@_Ypo(rOC{O$D-+L7hYkbJLEBt?F`{PP}>uX6+z4F&9k} z*jhPoiKmnu$6PH6ow+Vb{6H7qpwx;^i`LCy_~n_XG%T>fa%*xy&W9nJ5(n^pnFd@K9*y)0tiiH;VT$ELUJ}GH zd)sohYw{gwdrZ3h})ctK|L$^tn8JfZV9I8(-#%8suY4tYpeknbG zDwx8i!thHrwTv~)nW8!9bR085t1Xa#q}%}rs^`znNIN?u9qejB@8t} z(dIXlw?LCSSKe7k61KrB1#8w8%>AUImT;qxt3j6!RZ)J3vQV{8Qa zstkX%F~fmyaZfh6XF_9o-oyg&>h(*)&>-Y|bS76$Fj;FLjrt`}o`nU52^lCAAQG8T zmN_*2^<;NJuaI(GH1c#DP&3&|DcapOiwG+x4Epjk-FaNv()7i-SCFem%Mmy>S4qoj zS*TTFR|<1Gtxky$}INxeA`;5?q z61JEk)O-sY74&I++6>TZ zXBh2Tx@+%nvISGb7Srajh&CH-NVja=y;tip4Z?M`rin%7iiQRoV{i~3OtYr$UoW>l zBFvq?J-4!XRCFdrm4T@V^J=wkHpPMB5?A(PQE|q^lCq}j3M&tiwrkBcYh8q>L~BqX z1HMQ{=(i5BJa8KVM$C=9+@Gm3wZ<;8__#@V)!618UP;7KwQ;Drq*Xs7KUpXV1FBt} zV*j8~ov4k{w}zC6NZMYTT#v&K%NLu=yp)(*zR#661ldv59BI$i=jDc!GweW(Vba># z^0%1j?j*ByLo6b1uk8}h!iAdFW|PU*U1gps>C1uqHAI51CWBMnhc<9#R)nXC`nH^= z=#`1PRbmg5HgRwnZnARS5 z1VZn<>9!#v8J}6`)*|H8Lf7^L53r4d4LQxi%-*=avLGR7f9aW7*`YD+^c~HTXmSL5 zH0JV#x*W71O0I3aB`_0swq%L`sNjg*V-^7zp^Rfy7wV0&S%QMuS{d@BqsC5ouh@)7vQXiC8 zu~^~iM0n1C)cxxzo-e?1H0kP*qP%EX#-+Q<~5Mu@H8lnNPd4_4nM6KrgGckrB)W(o?iK4M- z3^6XhG~H3(IGV&%p;P|8SW10kvh(7xWG7AW*)vfzr?bp7s8T^LR&MFu8n*3XcVJ1ghQ&da9+QSm0ZdJo;;Y53Cdr+1V`^(a zak7Q@9W!#0U1sM}snNRWwp%KYV)!ZRPW-{`ni6oK7FE<5kDp)%sYZOVLTB76$!`zSZBjOtN|yjYGmq?A=Fw*L=J z@Gz>%OdaiqP|YX_OCMk>d@>Tz1~!{4#g>#x7=aVRgWzd4<_wR5=I`I^=#q}{5E+%& z-0U#BvjDlHk;}xns9q|qMD((V>Q`7_Y0>QxNOJVl#@os)-)@0nm`hb(f*nWCqhog$ zOG!j(2;=ePWM79^P#wO)jDC>l_{j7rfoX7zcB2@(qsI`YL#Pr$2$S6z%~6`}GRMfB zm{AEmAtAxZ?mISX2dJJj>^N4Ns6n(#6qiB6424*~xU_FIaqRE*RRQCZPR~!nNHNp8 zZJTf2vUU6B^@Q;m9o@l}$%d;d>FB5$#R68Yl!;jdgFtnKJ@B+OjqQkAc<{2()l-9m zBkAVxv2<|Nnnt6$)?p+ayp%grL)vr1=K;ayv9>&uURS@{&j>o6nIwH^kFu z{-&QZ-cn}iv>VVNWDUoQTgxTO(Y3<{3N)L}Tr`1fCS`{#O41&?BpMz~H;wJQZu6d9 zH|{+*X0xPG#ue9dw(_%p0rv{2<*JDIWI2O!;kHbaV>d0^9E9q73L7E?{ak*2NYN_3 zDqI`4D;ii7i%@DEKLQZ~e*UwPh&8PXta0?UN*o^n*feMS#n2jQTf{XQ4(UuP;@U z3h!($-O84}*Q#`3kAg8NtbX9B5T4WH$=$p8+VNd`_9lwCPWGa0AQ|z+GST)SB(GJZ ze9a&>SUb>FRBu~*g>8RkE07tv zOT%+}+;-QxIGst2qt(3Qc}}@w3Tq@8AL7EH$q-!+)yy4&XsB_n;NFfF-tcf3eO3#S z9VV*1Ysp^U<0(?l)QE*;SlP_Obn7mdOFQBVtviUSre7i3F^6fd2h@^IZf3?Fvakt@ z3(EYj)46LscXo~r1W{~~hR_luG9zSe{kB~9o!ae+5Tl{)xj95E8+1mVv5u7GWvRj< zfOs7uqv4owx*oPPg3%Qn*+vzMpcx`)C%srsu8W=Thb@~?EM^K(=AvY-KXQSr=kuB7 zvg~2V#QBQkk#oqal*H5IwN!C3s(>&$YI5;$xjxUOF^&Tq%9U7P<1Q~nd=a-gmJONs zS%VWymN0d-6+cQ1BhK)VfLWfckGWhF8p~?3z9AN1KTU!t$S}5}D3InjHX*EW zSqB0ctZ+$=5XNN6PZ67Go$Z1}BB~EGL^4)X8XSqJ6+YO2Tjvm4vYJq-$aYMpae^<< zC(`qZ?_>@%U;)aYLVdg9lTDLCG5Wa%-~*hh^zd3+vdZhpo_Y4^!$|6e^k~u>+r!jj zdW7f8I7}5A5qxAr=)jHo(yFl}76~J#bj86JHJFwPxkUO%%ih?WHD`);3PUuoEnF?a zukc-aI3V&(?Gkg{atdr$TI3$YAB?Ok}(RJuSF(&|8=C4>_>j*chRagLE1$%?nCMjMEtG&(1X0^s&f%y;+u zAmR?YTT@YHEDUC!lv8kQ~UtO%PzW^oRg-Xoq)W-WdPO%lu};xCiP zHonWOy+_;WgZuUsKSb1&m&jpW6{7ZfljOT|zOu?nskutX^&HMXf)vdSEq=nG(mBM3 zm0qd7m5a+~qEu81!xiYDIUc^6K!iZ7o>dbi>dZt}Cj|Q<_p%^r<&%Y|5Y=luX zi!)nM-6$rIot^D+Eql`^n+&4^U46cW(UFI_g{*q3E}5k~rxmN|&qb?}y0Z`C!UkdR zdV~%{<)0FDWT4P^p+y$u>kqg99~9Fy}V>2z>k_$!Z>rH1!yN(clNdw-$fP1 z0O?zT_~pq>3rZ1YQNJ`j>OZ+<*Y5GHyLRFMxHbP+DSW9|3DlfeUry$%zdnf{$s6RUd=wF)6@?ABJ@yI*!rub!(C@x7_?q+zL(1f1miO*qwY}sFicLi z(PUD=Db}WZXR#0f+lkVIh`%OuE>QGH(tio+@g3Q!zw=Gs8R)V)o zu8Z(RoUh=RX`)E0xj*;qC39%WcH(P;#Qe5FA~H_`J^3z=iL*Z88<+T*Y|m)Kk5(sZ zQG5)?*7~cX46J#DibIPQl0%?8c-BfHfew|QYu~BUZF5Ygt#Iut`r@M~$BTsb5ROC+ z)i&R5+6rR5nWa60>5QF}om8>JXq_dCQfN_+BwDeyjcaXz9@bp>r>X8PD|Q#p+(8*4 zTPG_h8JThVgcuiq`}bClUOxKd0cIOtTvm3pr|XlIjos;XWxTaE3$DASUBx;dovaP) z-Zfr{G4Yj6?8UE5*Q{E7S!LBFmDN|KtFByo*<}~4TD@u&2`hW(xvJ|)w`NtkYR%d; zmtVAM4e7SC+^URYceUB6Z!N4%Z;;iKZmTXVvRB3d0kh%P=s~@>W}5KU#wfCJJz1O6 zT~tJ6yjGoCn{H7&74E2Yolu&pCOCJF&6#T&7KYwNf=<-n@9ElTv)0LrSc?o8*s*oT z=A1;UM^_D8%lC~)=E^wBhqbmIzt|MYRdTW|K)Hmbte4))tpOUi^doqAox)%NFa zJ1CzfYg?sKv{d`Z;YR1k;l(3|V{x*R_Q#y-Ez+yfZZ+n*tn)*8skf-ns4@=aI!X<< zYKa_g@qH|fo~$AaV`ngD)J&rOI7A|EA2AWtZoA!W9c25t8`~roU6VF8oFHQSO8$%( z8*1RQ*~Kb!O0G}y0 z>Djg;hmRa?!c$94Z<$&ks&c159+Qc-pkzJA}zI-r5pG-zBHq+UdEafX6 z50Q5b)szKw_36fV7;kSP!l7Dev}R^o=@9hqR>J`iF;$;edl9u7jyAOJYTCE!HIYuN zF^f3T`4TZZ1KY7jJ;c|5Wh2~755mcTFnvjHG>Ht+#AvI}F-llbULj^ez0t~Oyx47F zLRIUtUG^@-paUnx(#4yaiCGEr3_L5aK^+uPTbP|?kcJ0*OUQPSTNeJAr>9g`xCQow z18tCp=2!ty-z;DD)vG#nV&B-FU0cU*+`Bey)o1nPLzwe6mh5Ni0n!82VaHBXL|D!D zbhZm~!M1ZWZniaFZ;_INDE7gp>D_{{soYI6ozkV~YB9ZA7dA{YR{ zjWh~pQZR?ZkrKPue*T3Hq?m6>uKhO;q?oI-Yh{C}Lnt&Cpnd!`%Sb7VZkBUK{7ecu z8@q|@=+IHE61p^`UQL(SDz7$XC6b0}^%R*&co2fIU9T^6S{5Cm&mR`6nrm|2#O-=` zqFLoE3S4P)NSuMps7Zil56NM2*Pr^q4nf5A%1e%rU)} z5AdMNln(PR$U|Fa9e4gPRf+<&Sb*j&pZ2AluCYdK7F(x2+wz9W<24={M_;^kFq2{h zs@`dRFwbC93?Q>{Hj zR2UoM(xxU{ntm=uWqwH|-`BArq1_B!e)vVFUJyP^VFsz&Exl$IPSRfXT1lgi9HxLM zU3H7H5j!4V742wEl`JXdd~JDyC^WLwBF3>POcYzz_+ZI)nCRkFmlmZ~Q^GFmQ_;4F zTyGmbSz*P_syAAz$hegXmf3+(j6m<#%2a7>!NbTw-8Kdcjx9MyT}&co73v)rS*n?N z9=bc*p4G7-nmlNXda3p7{iqc(nIen$oY+^LUnV0osz>fyVm$g1GHWB%=WJcAE;-5^kMu>=G}#efaqLkc2kBRyLiCUp zVYKN-vGo**O92|T>)}w68jFWw-k#L#VpUu>cd*JjRm2MV8i7K1>as~h>6&axcRXoD zDa>M|0t&<RafIzJg_v7&#lQS*$8w_(G_D&B#m; zD4B~G#6YV937*}E9M)Mf{0ZH zxw8V-AC*EYRd2)8V;$BIK!kRmQS(qOe2Z0o4DUv zBC1R(zFt8)h3xv-Gv6|P(}IPW8ZAP&zr)#L(jz@NvOZBkPQByKzQYzyMgkVSrabyG zSV1m_`F9_CJgj@IQ%%^Xwzy=PQIuL{XY?3&K~y6(OWpYe=6jrTS!0T1DGTX?d^nMd z=yXW;NF5m#1TmSNDRC?9ytkL?S@9;UvA1Sf$5(^##aJ#Mk8A{`LY9_hX5|os4LVCR z$Qvyvi!G&2n=Q^>h2&=PL^kUy$U{Y9BC0BA`97n zK^+$LpQ{s_Vs6*jc$j&GDc}ls8-YD|TuWp{N#nznBZU)eVuG;f4@5QplK7z8*1`t4 z8qV`WA8MB_<|?e&w&N%X{Vg~%y^KUJZH;Y{fQel<#R-?O;EDsu)EIRWuxM&k!n`r7 ze#bOy#BbYpE!-^P8}*&|_eOBxnVe$rHImWeD(kXA!N zOn%=MUlnTVw7YyK$I8$>Q{Hi{bMyf^7LqMqZ4tJtLRsixt!f!KD2C;5BooVDEc_yg zSP{b^QT+DIpz9_2G@TbQotTlxF;3EuY023)!F(x6M@X>UY({v}4!_Cn$b)!b1;Iff zZLvZ2CM+!CD{FsbS){GPM95rZUS-Y1l&He{rhImNijAvD&0SME4YltW34Q(L%h*0i zWmjV{Q)KZajab2IH95j-7T#D}^L5;zSwTw3 zcLFX`NBHS*$aY#;1!9M&`sMlzx{}c>>0nXMi*%QIT<@7V3V(Oar)o^T3#qwm;V6Sj zt87il(qa&;kS{S2EW@M8PE#7}pe)TSWj@FIIH8xBlpJ}UI4vw)jB%+Q9u3P&aW8gt ztj-qovp7dQ8+u`q+>6y2ITU3phZkg;!4z|5rL=63D|cc=Q{UF`E(=w-dK~sUBwD<9 z*LIW-9px&}c{}EVsB-v2qg(C3i*hbVKB`9T8HwMFSrt%_xtytOgB_q#*f(J!xF-x_ zM54kt)z*OAF`oO(4{RQ z1(HC;VpEoX_I6Scyt?QpLXd z0+BU?eC=gSY(7qJuND{C0YILNZ9;anI-G^gpas?xx7v3Qo`lcwi2smI!_^{FATXlY zN@7E+uOvJWYPgUWnGeCg5PW0ID!U&pb;EtPBO`!8-c#RyH`m~&H2TRiz1&Sy(cgT~!Sn8~8J z3@GV9c?`_f&~!61V|MwbF?=~>&Q5xVpGIQQ{Et<(sbFY7vPesh9ulxkX@_4yD+u1H z5FC#>m-W!o)I{dFks$0C$*nJ$-q*pUWn2}10s%aWHbLazG36Q7el{m)&UoED2L;B3 zMOA&tQ%=oAGmZCrQ!m9H)N_8u5xb6l%8~2@6jIpCDIayDE=HB!YwFv9M|{7F0yoRd z2?jx_&K*R4>=Em1^oU5Bo6L6h(OiA`6U`x2Xc~B6Z)_2?nbKiZO&)ALQ z_$}cmuZ~@6h^SpXRxGNVtxgO7aJxXyx(mVUAn9hy^|pw|_q8%&c*i*qG`6!g*~Z>7 zZp}HJ3hvvV_*sKzF}U(~Vq&(0GX)`v`);WdQ6h@5T$V@WMx~PHvHg>qdwkN_u{JI^AccjU zWQ;-aCPEo!Tiu&u(#&n>nz_Q+F5^Q6x56?lW;T-MUd-!;k~OHDa|NG~x~AQq+Qo1S z!7zksNwvaeL1D&rFi4`2k%IG+7;P3Pt~Mb$jMUqU$mV^YYn@i`@$=gS^sHgUP;3OSixwqa;oAuIyh&^Cr#Y1 z6Gv$&;@h*~K#@82{e9QY8gBbAD1hJx;ozvKjZ&Q%rG|w=qZHMZ)u`Q@Jl7Q!B9b5- zf|lT)1y+7mwwdFiXTE61-_e~RC>(jLGxRLB$=CAAVHs=$xS8o#OhLIM>V&4Y^*@4= zmZ-1Ed4t!J_$6}+EX!a-334gVOy95DwN_@Nmk~ zQB*yJ_K}E~1v6o9yeBbK!O^fn!P|Xt0*yV|KXVV3O+eE_>UqBO($}WiI6)bC>?e)} z%}-lySu)5KxrD>2dI{AdI5Z<%vnjlV;FxL$#|NuHnHWqhH@Eq!mr=KZqr{0B`B>3& zZ7*!B1?w()2=otv5RBu7rR%NScA#)tF@YUnZA@)*y z8R>%-P~BNv2!gIRNYT!{!ks4Sx_5VnDkP}RS|m3f5pYWu6)DPce$ZSE8Kh0Vz=DxJ zg~H7#TP`(b(vD$4+$Z~@6{(dJ6O;zinkt8>>c}h;sNC=+JT6{*cUUP35Hq(%kww&6 z_(FvkUyQphEO$Rt!5~o$E-`Ha_zJ#eEA?RR`~rEML8KotFEaCwQ*6zDtlIl5>Y_a& zJ)(7-4Ohse0q1j_F1zHN%v|hUMac%-T(1z>%zDR~AcBX(uwTI5G-cu*J*)G%qjhj`E_twB z%+Jg6a)u9`LJ$~Qhr&aZy+?C-{;Y?nlkg8)RS24%w7!%xmk#La$*nJTmXRT=IG!DY zOvqWn**@~OG@(W>vywCRP!|-u=Pk|3^si!y=XSxhv9rhonRDU1uH!QP>?=VTR)y2M z0)wv50(^pYpjV;ZU_|XYT0?!>o|O#>P2TgY(cm*x`t zY-LL8=ncd%bPg)Xw3V65<}MB8Y3nmTNXRFDpOWAb6Z)oPnGh?K!#D7plv6wwtT0?o zK5KtC?!(+JaXQ=QITg*Ta3GlNY~eWx_PtTUY_7;rG&~#-)-w+CH3hC}L%@`ZEe|9l zOS!EfcCPb(vl&)U>5#8Lc(!s_onXS7>mwt$Q5>~VI9sp4uFFeXeq@+WiSn6YrB1}{ zIr?AoxZHdmLbcul!+OYPdRYTeDCQXBfD5Q_tYJ@i`DExX#_Z&I$SYPmc# z!r^TRCy5=C9v=Dvv(3+Uv6k{}30jhyT<$;#dUDwUQC4GdQR36XLKB$x(Ot&qmcJe$ zqFkShF^wHWw!Is~dA6^Ne3b#J*aL+O z_iRl@sc)%nwx~lh?`H{8io2!0E;;>8@8X0EA4I@PD@Yt=*N7nq^ChWwLZY)kY);3@2_j{Ht!vKYShSqU z5R)tvdIP($QofW+%_djf>dsedV_Ga1Y+hC^*zdMIyHse5j^)Y&di5_@L>C&>?A^SL zqtCXEA@t+|;akEy`W+3@#rW@Vd7W5zU|&0 zpzoh)na#~W3rShNSdd&(Sd=K);po1ev)ZDISqqJo3gM74Udu9P9?JgbmkQ7QK+MHt zlVXCRL?Wpcn5DJ$_GtZ@=vGJag6+{*FPlJ1?OOysvIRGT?qp;?xr08-B!F*D1`E-p zjE8?o%Z`URA-6Ccv9(q%e@0U^O+ptf6ILfj$__L6u9;P?B18$dOGFF{MYDhjt7nDg zg)R9mXA?xn5;BH%t&pC_QFQnhE!_3XV5}V#X*QSKbLHtJ4B}_zq1iBs&#IgT*++8{ ztMYgqKS{iB&UMsm%n6}-F;KJtWn3Xgu6#Y(ibnCUon&(h@gpA<(*yS(Rw!IbZ7DLE?%$Zlx((aX5Vvgu={~EwV5K?3N>A@rYTD zluZJBi$%YlZHy~g!U6|Pa7MS>ct^ zF@2AU`$dbhGvg}k<|}UA0=kbeMDuk{Qjk5!cR?=cArec)>~Yaiz`r?`4V08zY4<)* zt`^otS|R(ClTX^0;=OC4IOtXuBo>R=k^vmj^20r^X2O^{_HRUKMd0>e0rSl^T3NyaKt zG7lKhUWf#n_ltdWxeZv#NoUB$$OeNcT*~GFOn42|Yd%22xX~nx!3O-}Wx4J^u=v`I zx};O|?~KIQO6@x2Z-cECsf_uSy*4ElWpKazrujJ6aF&1DQPsGTh*9QVhovzK!#DUD zVV~WZMNT)f(=&`QRtnCL+cWf5-?o_=P;9Znyfat4j*AF!N&K7iU0aW_nK~?LX4UNG zUv5Pv)9P?)UFO!Iam-eI)P<#l&b7!ifW)w62`k26}yBTfnr;8LDWd$(Byyi3<|suzTJ;Md5~+0R4m@ zGN-}^T+0|lIWfDK-S@eUOhqYZSFV#iFL;XmtJ6*rJc)fQ-`EW&l=XL*QRgLX6z}4oClFJ?Bf+)K+t24bEyWVD*cforyy(HKt*!;g2pCxtD0~? zU))Uc4}P-ul1SN0Whk7bH8abNCO@48UDO#v&jY;HtpnoJHLL_=1Gz)xWw3H~GgtLr7yZ3DEUVdr(m$=bh zI?6LU>@*!xYwZYSPV>dR!HSE2RIif``acUb%2`Z%+1bQPtP^I*t3y`xPnOpvm3SVB zXkOw$$yIdnR6U%S=qJrCOS4@{Mhd$}yM>0pW|$E&T{y}GdTDVx2xlk`gQnPN1(gu8 c85OC0E~cm%->_tr05hvSZaegNR+pvvzljwmHvj+t diff --git a/po/fi.po b/po/fi.po index ab92db1..63cd31e 100644 --- a/po/fi.po +++ b/po/fi.po @@ -6,685 +6,1055 @@ # msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 1.7.0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-20 02:26+0200\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2015-11-08 12:48+0200\n" "Last-Translator: Jorma Karvonen \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" +#: lib/libdevmapper.c:399 +#, fuzzy +msgid "Cannot initialize device-mapper, running as non-root user." msgstr "Laitekuvaimen alustus epäonnistui, suoritetaan ei-root-käyttäjänä.\n" -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"Laitekuvaimen alustus epäonnistui. Onko dm_mod-käyttöjärjestelmäydinmoduuli " -"ladattu?\n" +#: lib/libdevmapper.c:402 +#, fuzzy +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Laitekuvaimen alustus epäonnistui. Onko dm_mod-käyttöjärjestelmäydinmoduuli ladattu?\n" -#: lib/libdevmapper.c:550 -#, c-format -msgid "DM-UUID for device %s was truncated.\n" +#: lib/libdevmapper.c:1131 +#, fuzzy +msgid "Requested deferred flag is not supported." +msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n" + +#: lib/libdevmapper.c:1198 +#, fuzzy, c-format +msgid "DM-UUID for device %s was truncated." msgstr "DM-UUID laitteelle %s typistettiin.\n" -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "" + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +#, fuzzy +msgid "Requested dm-crypt performance options are not supported." +msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n" + +#: lib/libdevmapper.c:1630 +#, fuzzy +msgid "Requested dm-verity data corruption handling options are not supported." msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n" +#: lib/libdevmapper.c:1634 +#, fuzzy +msgid "Requested dm-verity FEC options are not supported." +msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n" + +#: lib/libdevmapper.c:1638 +#, fuzzy +msgid "Requested data integrity options are not supported." +msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n" + +#: lib/libdevmapper.c:1640 +#, fuzzy +msgid "Requested sector_size option is not supported." +msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n" + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "" + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +#, fuzzy +msgid "Discard/TRIM is not supported." +msgstr "Tiivistealgoritmia %s ei tueta.\n" + +#: lib/libdevmapper.c:1653 +#, fuzzy +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n" + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "" + # Entropy viittaa tässä ilmeisesti tiivistettävän tekstin satunnaisuuteen. Mitä satunnaisempi se on, sitä vähemmän sitä voi tiivistää. -#: lib/random.c:76 +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" "Järjestelmässä ei ole satunnaisuutta taltioavainta tuotettaessa.\n" -"Siirrä hiirtä tai kirjoita jotain tekstiä toiseen ikkunaan joidenkin " -"satunnaistapahtumien keräämiseksi.\n" +"Siirrä hiirtä tai kirjoita jotain tekstiä toiseen ikkunaan joidenkin satunnaistapahtumien keräämiseksi.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Avainta tuotetaan (%d%% valmis).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" +#: lib/random.c:165 +#, fuzzy +msgid "Running in FIPS mode." +msgstr "Suoritetaan FIPS-tilassa.\n" + +#: lib/random.c:171 +#, fuzzy +msgid "Fatal error during RNG initialisation." msgstr "Kohtalokas virhe RNG-alustuksen aikana.\n" -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" +#: lib/random.c:208 +#, fuzzy +msgid "Unknown RNG quality requested." msgstr "Tuntematonta RNG-laatua pyydetty.\n" -#: lib/random.c:211 -#, c-format -msgid "Error %d reading from RNG: %s\n" +#: lib/random.c:213 +#, fuzzy +msgid "Error reading from RNG." msgstr "Virhe %d luettaessa kohteesta RNG: %s\n" -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" +#: lib/setup.c:229 +#, fuzzy +msgid "Cannot initialize crypto RNG backend." msgstr "RNG-salaustaustaohjelman alustus epäonnistui.\n" -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" +#: lib/setup.c:235 +#, fuzzy +msgid "Cannot initialize crypto backend." msgstr "Salaustaustaohjelman alustus epäonnistui.\n" -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 -#, c-format -msgid "Hash algorithm %s not supported.\n" +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 +#, fuzzy, c-format +msgid "Hash algorithm %s not supported." msgstr "Tiivistealgoritmia %s ei tueta.\n" -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 -#, c-format -msgid "Key processing error (using hash %s).\n" +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 +#, fuzzy, c-format +msgid "Key processing error (using hash %s)." msgstr "Avainkäsittelyvirhe (käytetään tiivistealgoritmia %s).\n" -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"Laitetyypin määritteleminen epäonnistui. Laitteen yhteensopimaton " -"aktivointi?\n" +#: lib/setup.c:335 lib/setup.c:362 +#, fuzzy +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Laitetyypin määritteleminen epäonnistui. Laitteen yhteensopimaton aktivointi?\n" + +#: lib/setup.c:341 lib/setup.c:3050 +#, fuzzy +msgid "This operation is supported only for LUKS device." +msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n" -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" +#: lib/setup.c:368 +#, fuzzy +msgid "This operation is supported only for LUKS2 device." msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n" -#: lib/setup.c:320 -msgid "All key slots full.\n" +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +#, fuzzy +msgid "All key slots full." msgstr "Kaikki avainvälit ovat täynnä.\n" -#: lib/setup.c:327 -#, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" +#: lib/setup.c:434 +#, fuzzy, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Avainväli %d on virheellinen, valitse väliltä 0 ... %d.\n" -#: lib/setup.c:333 -#, c-format -msgid "Key slot %d is full, please select another one.\n" +#: lib/setup.c:440 +#, fuzzy, c-format +msgid "Key slot %d is full, please select another one." msgstr "Avainväli %d on täynnä, valitse joku toinen.\n" -#: lib/setup.c:472 -#, c-format -msgid "Enter passphrase for %s: " -msgstr "Kirjoita salasanalause kohteelle %s: " +#: lib/setup.c:525 lib/setup.c:2824 +#, fuzzy +msgid "Device size is not aligned to device logical block size." +msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n" -#: lib/setup.c:653 -#, c-format -msgid "Header detected but device %s is too small.\n" +#: lib/setup.c:624 +#, fuzzy, c-format +msgid "Header detected but device %s is too small." msgstr "Otsake havaittu, mutta laite %s on liian pieni.\n" -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" +#: lib/setup.c:661 +#, fuzzy +msgid "This operation is not supported for this device type." msgstr "Tätä toimintoa ei tueta tälle laitetyypille.\n" -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 -#, c-format -msgid "Device %s is not active.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "" + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, fuzzy, c-format +msgid "Unsupported LUKS version %d." +msgstr "Tukematon LUKS-versio %d.\n" + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +#, fuzzy +msgid "Detached metadata device is not supported for this crypt type." +msgstr "UUID ei ole tuettu tälle laitetyypille.\n" + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, fuzzy, c-format +msgid "Device %s is not active." msgstr "Laite %s ei ole aktiivinen.\n" -#: lib/setup.c:925 -#, c-format -msgid "Underlying device for crypt device %s disappeared.\n" +#: lib/setup.c:1444 +#, fuzzy, c-format +msgid "Underlying device for crypt device %s disappeared." msgstr "Salauslaitteen %s perustana oleva laite hävisi.\n" -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" +#: lib/setup.c:1524 +#, fuzzy +msgid "Invalid plain crypt parameters." msgstr "Virheelliset tavalliset salausparametrit.\n" -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +#, fuzzy +msgid "Invalid key size." msgstr "Virheellinen avainkoko.\n" -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +#, fuzzy +msgid "UUID is not supported for this crypt type." msgstr "UUID ei ole tuettu tälle laitetyypille.\n" -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +#, fuzzy +msgid "Unsupported encryption sector size." +msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n" + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +#, fuzzy +msgid "Device size is not aligned to requested sector size." +msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n" + +#: lib/setup.c:1608 lib/setup.c:1727 +#, fuzzy +msgid "Can't format LUKS without device." msgstr "Kohteen LUKS pohjustus ilman laitetta epäonnistui.\n" -#: lib/setup.c:1089 -#, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Laitteen %s pohjustus epäonnistui, koska se on yhä käytössä.\n" +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "" + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 +#, fuzzy, c-format +msgid "Cannot wipe header on device %s." +msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n" + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "" + +#: lib/setup.c:1821 +#, fuzzy, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Salaus %s ei ole käytettävissä.\n" -#: lib/setup.c:1092 +#: lib/setup.c:1854 #, c-format -msgid "Cannot format device %s, permission denied.\n" +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" msgstr "" -"Laitteen %s pohjustus epäonnistui, koska pääsy laitteeseen on kielletty.\n" -#: lib/setup.c:1096 +#: lib/setup.c:1858 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n" +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, fuzzy, c-format +msgid "Device %s is too small." +msgstr "Laite %s on liian pieni.\n" + +#: lib/setup.c:1893 lib/setup.c:1919 +#, fuzzy, c-format +msgid "Cannot format device %s in use." +msgstr "Laitteen %s pohjustus epäonnistui, koska se on yhä käytössä.\n" + +#: lib/setup.c:1896 lib/setup.c:1922 +#, fuzzy, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Laitteen %s pohjustus epäonnistui, koska pääsy laitteeseen on kielletty.\n" + +#: lib/setup.c:1908 lib/setup.c:2229 +#, fuzzy, c-format +msgid "Cannot format integrity for device %s." +msgstr "Laitteelle %s kirjoittaminen epäonnistui.\n" -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" +#: lib/setup.c:1926 +#, fuzzy, c-format +msgid "Cannot format device %s." +msgstr "Laitteen %s lukeminen epäonnistui.\n" + +#: lib/setup.c:1944 +#, fuzzy +msgid "Can't format LOOPAES without device." msgstr "Kohteen LOOPAES pohjustus ilman laitetta epäonnistui.\n" -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" +#: lib/setup.c:1989 +#, fuzzy +msgid "Can't format VERITY without device." msgstr "Kohteen VERITY pohjustus ilman laitetta epäonnistui.\n" -#: lib/setup.c:1160 lib/verity/verity.c:106 -#, c-format -msgid "Unsupported VERITY hash type %d.\n" +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, fuzzy, c-format +msgid "Unsupported VERITY hash type %d." msgstr "Tukematon VERITY-tiivistetyyppi %d.\n" -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" +#: lib/setup.c:2006 lib/verity/verity.c:110 +#, fuzzy +msgid "Unsupported VERITY block size." msgstr "Tukematon VERITY-lohkokoko.\n" -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" +#: lib/setup.c:2011 lib/verity/verity.c:74 +#, fuzzy +msgid "Unsupported VERITY hash offset." +msgstr "Tukematon VERITY-tiivistesiirros.\n" + +#: lib/setup.c:2016 +#, fuzzy +msgid "Unsupported VERITY FEC offset." msgstr "Tukematon VERITY-tiivistesiirros.\n" -#: lib/setup.c:1285 +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "" + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "" + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "" + +#: lib/setup.c:2208 #, c-format -msgid "Unknown crypt device type %s requested.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" + +#: lib/setup.c:2286 +#, fuzzy, c-format +msgid "Unknown crypt device type %s requested." msgstr "Tuntematon salauslaitetyyppi %s pyydetty.\n" -#: lib/setup.c:1435 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, fuzzy, c-format +msgid "Unsupported parameters on device %s." +msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n" + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, fuzzy, c-format +msgid "Mismatching parameters on device %s." +msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n" + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "" + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "Laitteen %s lukeminen epäonnistui.\n" + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, fuzzy, c-format +msgid "Failed to suspend device %s." +msgstr "Avaintiedoston avaus epäonnistui.\n" + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "Laitteen %s lukeminen epäonnistui.\n" + +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui." + +#: lib/setup.c:2809 +#, fuzzy +msgid "Cannot resize loop device." +msgstr "Silmukkalaitteen koon muuttaminen epäonnistui.\n" + +#: lib/setup.c:2882 msgid "Do you really want to change UUID of device?" msgstr "Haluatko todella vaihtaa laitteen UUID-tunnistetta?" -#: lib/setup.c:1545 -#, c-format -msgid "Volume %s is not active.\n" +#: lib/setup.c:2958 +#, fuzzy +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Varmuuskopiotiedosto ei sisällä kelvollista LUKS-otsaketta.\n" + +#: lib/setup.c:3058 +#, fuzzy, c-format +msgid "Volume %s is not active." msgstr "Taltio %s ei ole käytössä.\n" -#: lib/setup.c:1556 -#, c-format -msgid "Volume %s is already suspended.\n" +#: lib/setup.c:3069 +#, fuzzy, c-format +msgid "Volume %s is already suspended." msgstr "Taltio %s on jo keskeytetty.\n" -#: lib/setup.c:1563 -#, c-format -msgid "Suspend is not supported for device %s.\n" +#: lib/setup.c:3082 +#, fuzzy, c-format +msgid "Suspend is not supported for device %s." msgstr "Keskeyttämistä ei tueta laitetyypille %s.\n" -#: lib/setup.c:1565 -#, c-format -msgid "Error during suspending device %s.\n" +#: lib/setup.c:3084 +#, fuzzy, c-format +msgid "Error during suspending device %s." msgstr "Virhe keskeytettäessä laitetta %s.\n" -#: lib/setup.c:1591 lib/setup.c:1638 -#, c-format -msgid "Volume %s is not suspended.\n" +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, fuzzy, c-format +msgid "Volume %s is not suspended." msgstr "Taltiota %s ei ole keskeytetty.\n" -#: lib/setup.c:1605 -#, c-format -msgid "Resume is not supported for device %s.\n" +#: lib/setup.c:3146 +#, fuzzy, c-format +msgid "Resume is not supported for device %s." msgstr "Jatkamista ei tueta laiteelle %s.\n" -#: lib/setup.c:1607 lib/setup.c:1659 -#, c-format -msgid "Error during resuming device %s.\n" +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 +#, fuzzy, c-format +msgid "Error during resuming device %s." msgstr "Virhe jatkettaessa laitteella %s.\n" -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Kirjoita salasanalause: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +#, fuzzy +msgid "Volume key does not match the volume." +msgstr "Taltioavain ei täsmää taltion kanssa.\n" # Volume key tarkoittaa yleensä äänenvoimakkuussäädintä, ei välttämättä tässä. -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Avainvälin lisäys epäonnistui, kaikki välit on otettu pois käytöstä ja " -"yhtään taltioavainta ei ole tarjottu.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +#, fuzzy +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Avainvälin lisäys epäonnistui, kaikki välit on otettu pois käytöstä ja yhtään taltioavainta ei ole tarjottu.\n" + +#: lib/setup.c:3483 +#, fuzzy +msgid "Failed to swap new key slot." +msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n" -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Kirjoita mikä tahansa salasanalause: " +#: lib/setup.c:3669 +#, fuzzy, c-format +msgid "Key slot %d is invalid." +msgstr "Avainväli %d on virheellinen.\n" -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Kirjoita uusi salasanalause avainvälille: " +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 +#, fuzzy, c-format +msgid "Keyslot %d is not active." +msgstr "Avainväli %d ei ole käytössä.\n" -#: lib/setup.c:1798 -#, c-format -msgid "Key slot %d changed.\n" -msgstr "Avaivälin %d vaihtui.\n" +#: lib/setup.c:3694 +#, fuzzy +msgid "Device header overlaps with data area." +msgstr "Tälle salasanalauseelle ei ole saatavissa laiteotsaketta.\n" -#: lib/setup.c:1801 -#, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Korvattiin avainvälillä %d.\n" +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "" -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n" +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +#, fuzzy +msgid "Failed to get reencryption lock." +msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n" -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Taltioavain ei täsmää taltion kanssa.\n" +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +#, fuzzy +msgid "LUKS2 reencryption recovery failed." +msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n" -#: lib/setup.c:1961 -#, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Avainväli %d on virheellinen.\n" +#: lib/setup.c:4127 lib/setup.c:4379 +#, fuzzy +msgid "Device type is not properly initialized." +msgstr "Laitetyyppi ei ole alustettu oikein.\n" -#: lib/setup.c:1966 -#, c-format -msgid "Key slot %d is not used.\n" -msgstr "Avainväli %d ei ole käytössä.\n" +#: lib/setup.c:4171 +#, fuzzy, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Laitteen %s pohjustus epäonnistui, koska se on yhä käytössä.\n" -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 -#, c-format -msgid "Device %s already exists.\n" +#: lib/setup.c:4174 +#, fuzzy, c-format +msgid "Device %s already exists." msgstr "Laite %s on jo olemassa.\n" -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" +#: lib/setup.c:4296 +#, fuzzy +msgid "Incorrect volume key specified for plain device." msgstr "Virheellinen taltioavain määritelty tavalliselle laitteelle.\n" -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" +#: lib/setup.c:4405 +#, fuzzy +msgid "Incorrect root hash specified for verity device." msgstr "Virheellinen root-tiiviste määritelty verity-laitteelle.\n" -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Laitetyyppi ei ole alustettu oikein.\n" +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "" -#: lib/setup.c:2259 -#, c-format -msgid "Device %s is still in use.\n" +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "" + +#: lib/setup.c:4438 lib/setup.c:5915 +#, fuzzy +msgid "Failed to load key in kernel keyring." +msgstr "Avaintiedoston avaus epäonnistui.\n" + +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, fuzzy, c-format +msgid "Device %s is still in use." msgstr "Laite %s on yhä käytössä.\n" -#: lib/setup.c:2268 -#, c-format -msgid "Invalid device %s.\n" +#: lib/setup.c:4516 +#, fuzzy, c-format +msgid "Invalid device %s." msgstr "Virheellinen laite %s.\n" -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Funktio ei ole käytettävissä FIPS-tilassa.\n" - -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" +#: lib/setup.c:4632 +#, fuzzy +msgid "Volume key buffer too small." msgstr "Taltioavainpuskuri on liian pieni.\n" -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" +#: lib/setup.c:4640 +#, fuzzy +msgid "Cannot retrieve volume key for plain device." msgstr "Taltioavaimen nouto tavalliselle laitteelle epäonnistui.\n" -#: lib/setup.c:2310 -#, c-format -msgid "This operation is not supported for %s crypt device.\n" +#: lib/setup.c:4657 +#, fuzzy +msgid "Cannot retrieve root hash for verity device." +msgstr "Virheellinen root-tiiviste määritelty verity-laitteelle.\n" + +#: lib/setup.c:4659 +#, fuzzy, c-format +msgid "This operation is not supported for %s crypt device." msgstr "Tätä toimintoa ei tueta %s-salauslaitteelle.\n" -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" +#: lib/setup.c:4865 +#, fuzzy +msgid "Dump operation is not supported for this device type." msgstr "Dump-toimintoa ei tueta tälle laitetyypille.\n" -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Prosessiprioriteetin hakeminen epäonnistui.\n" +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "" -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Muistin lukituksen avaus epäonnistui.\n" +#: lib/setup.c:5475 +#, fuzzy, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Laitteen %s pohjustus epäonnistui, koska se on yhä käytössä.\n" -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Muisti loppui luettaessa salasanalausetta.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "" -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Virhe luettaessa salasanalausetta pääteikkunasta.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "" -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Todenna salasanalause: " +#: lib/setup.c:5851 +#, fuzzy, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n" -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Salasanalauseet eivät täsmää.\n" +#: lib/setup.c:5982 +#, fuzzy +msgid "Kernel keyring is not supported by the kernel." +msgstr "Tätä toimintoa ei tueta tälle laitetyypille.\n" -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Siirrososoitteen käyttö pääteikkunasyötteellä epäonnistui.\n" +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, fuzzy, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "" + +#: lib/utils.c:80 +#, fuzzy +msgid "Cannot get process priority." +msgstr "Prosessiprioriteetin hakeminen epäonnistui.\n" + +#: lib/utils.c:94 +#, fuzzy +msgid "Cannot unlock memory." +msgstr "Muistin lukituksen avaus epäonnistui.\n" -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +#, fuzzy +msgid "Failed to open key file." msgstr "Avaintiedoston avaus epäonnistui.\n" -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" +#: lib/utils.c:173 +#, fuzzy +msgid "Cannot read keyfile from a terminal." +msgstr "Avaintiedoston %s lukeminen epäonnistui.\n" + +#: lib/utils.c:190 +#, fuzzy +msgid "Failed to stat key file." msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" +#: lib/utils.c:198 lib/utils.c:219 +#, fuzzy +msgid "Cannot seek to requested keyfile offset." msgstr "Pyydetyn avaintiedostosiirrososoitteen etsintä epäonnistui.\n" -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +#, fuzzy +msgid "Out of memory while reading passphrase." +msgstr "Muisti loppui luettaessa salasanalausetta.\n" + +#: lib/utils.c:248 +#, fuzzy +msgid "Error reading passphrase." msgstr "Virhe luettaessa salasanalausetta.\n" -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "" + +#: lib/utils.c:272 +#, fuzzy +msgid "Maximum keyfile size exceeded." msgstr "Avaintiedoston enimmäiskoko ylitettiin.\n" -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" +#: lib/utils.c:277 +#, fuzzy +msgid "Cannot read requested amount of data." msgstr "Pyydetyn tietomäärän lukeminen epäonnistui.\n" -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 -#, c-format -msgid "Device %s doesn't exist or access denied.\n" +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, fuzzy, c-format +msgid "Device %s does not exist or access denied." msgstr "Laite %s ei ole olemassa tai pääsy siihen on kielletty.\n" -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" +#: lib/utils_device.c:197 +#, fuzzy, c-format +msgid "Device %s is not compatible." +msgstr "Laite %s ei ole aktiivinen.\n" + +#: lib/utils_device.c:642 +#, fuzzy, c-format +msgid "Device %s is too small. Need at least % bytes." +msgstr "Laite %s on liian pieni. (LUKS vaatii vähintään % tavua.)\n" + +#: lib/utils_device.c:723 +#, fuzzy, c-format +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Laitteen %s käyttö epäonnistui, koska se on jo käytössä (jo kuvattu tai liitetty).\n" + +#: lib/utils_device.c:727 +#, fuzzy, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Laitteeseen %s kirjoittaminen epäonnistui, pääsy kielletty.\n" + +#: lib/utils_device.c:730 +#, fuzzy, c-format +msgid "Cannot get info about device %s." +msgstr "Tietojen hakeminen laitteesta %s epäonnistui.\n" + +#: lib/utils_device.c:753 +#, fuzzy +msgid "Cannot use a loopback device, running as non-root user." msgstr "Silmukkalaitteen käyttö epäonnistui, suoritetaan ei-root-käyttäjänä.\n" -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Vapaan silmukkalaiteen löytäminen epäonnistui.\n" +#: lib/utils_device.c:763 +#, fuzzy +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Silmukkalaitteeseen liittyminen epäonnistui (vaaditaan silmukkalaite autoclear-lipulla).\n" -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" +#: lib/utils_device.c:809 +#, fuzzy, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Pyydetty siirrososoite on laitteen %s todellisen koon ulkopuolella.\n" + +#: lib/utils_device.c:817 +#, fuzzy, c-format +msgid "Device %s has zero size." +msgstr "Laitteen %s koko on nolla.\n" + +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." msgstr "" -"Silmukkalaitteeseen liittyminen epäonnistui (vaaditaan silmukkalaite " -"autoclear-lipulla).\n" -#: lib/utils_device.c:484 +#: lib/utils_pbkdf.c:106 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" +msgid "Unknown PBKDF type %s." msgstr "" -"Laitteen %s käyttö epäonnistui, koska se on jo käytössä (jo kuvattu tai " -"liitetty).\n" -#: lib/utils_device.c:488 +#: lib/utils_pbkdf.c:111 +#, fuzzy, c-format +msgid "Requested hash %s is not supported." +msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n" + +#: lib/utils_pbkdf.c:122 +#, fuzzy +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n" + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "" + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Tietojen hakeminen laitteesta %s epäonnistui.\n" +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "" -#: lib/utils_device.c:494 +#: lib/utils_pbkdf.c:148 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "Pyydetty siirrososoite on laitteen %s todellisen koon ulkopuolella.\n" +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "" -#: lib/utils_device.c:502 +#: lib/utils_pbkdf.c:155 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Laitteen %s koko on nolla.\n" +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "" -#: lib/utils_device.c:513 +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "" + +#: lib/utils_benchmark.c:191 +#, fuzzy, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Ei ole yhteensopiva PBKDF2-valitsimien kanssa (käytetään tiivitstealgoritmia %s).\n" + +#: lib/utils_benchmark.c:211 +#, fuzzy +msgid "Not compatible PBKDF options." +msgstr "Ei ole yhteensopiva PBKDF2-valitsimien kanssa (käytetään tiivitstealgoritmia %s).\n" + +#: lib/utils_device_locking.c:102 #, c-format -msgid "Device %s is too small.\n" -msgstr "Laite %s on liian pieni.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "" + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "" + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +#, fuzzy +msgid "Cannot seek to device offset." +msgstr "Laitteen siirrososoitteen etsintä epäonnistui.\n" -#: lib/luks1/keyencryption.c:37 +#: lib/utils_wipe.c:208 #, c-format +msgid "Device wipe error, offset %." +msgstr "" + +#: lib/luks1/keyencryption.c:39 +#, fuzzy, c-format msgid "" "Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" "Dm-crypt -avainkuvausasetus laitteelle %s epäonnistui.\n" -"Tarkista, että käyttöjärjestelmäydin tukee %s-salakirjoitusmenetelmää " -"(lisätietoja tarkistamalla syslog).\n" +"Tarkista, että käyttöjärjestelmäydin tukee %s-salakirjoitusmenetelmää (lisätietoja tarkistamalla syslog).\n" -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" +#: lib/luks1/keyencryption.c:44 +#, fuzzy +msgid "Key size in XTS mode must be 256 or 512 bits." msgstr "Avainkoon on oltava XTS-tilassa 256 tai 512 bittiä.\n" -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 -#, c-format -msgid "Cannot write to device %s, permission denied.\n" +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "" + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, fuzzy, c-format +msgid "Cannot write to device %s, permission denied." msgstr "Laitteeseen %s kirjoittaminen epäonnistui, pääsy kielletty.\n" -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" +#: lib/luks1/keyencryption.c:120 +#, fuzzy +msgid "Failed to open temporary keystore device." msgstr "Tilapäisen avainsäiliön avaaminen epäonnistui.\n" -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" +#: lib/luks1/keyencryption.c:127 +#, fuzzy +msgid "Failed to access temporary keystore device." msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n" -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +#, fuzzy +msgid "IO error while encrypting keyslot." msgstr "Siirräntävirhe salattaessa avainväliä.\n" -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, fuzzy, c-format +msgid "Cannot open device %s." +msgstr "Laitteen %s avaus epäonnistui.\n" + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +#, fuzzy +msgid "IO error while decrypting keyslot." msgstr "Siirräntävirhe purettaessa avainvälin salausta.\n" -#: lib/luks1/keymanage.c:90 -#, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" +#: lib/luks1/keymanage.c:110 +#, fuzzy, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" msgstr "Laite %s on liian pieni. (LUKS vaatii vähintään % tavua.)\n" -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 -#, c-format -msgid "Device %s is not a valid LUKS device.\n" +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, fuzzy, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "LUKS-avainväli %u on virheellinen.\n" + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 +#, fuzzy, c-format +msgid "Device %s is not a valid LUKS device." msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n" -#: lib/luks1/keymanage.c:198 -#, c-format -msgid "Requested header backup file %s already exists.\n" +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 +#, fuzzy, c-format +msgid "Requested header backup file %s already exists." msgstr "Pyydetty otsakevarmuuskopiotiedosto %s on jo olemassa.\n" -#: lib/luks1/keymanage.c:200 -#, c-format -msgid "Cannot create header backup file %s.\n" +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 +#, fuzzy, c-format +msgid "Cannot create header backup file %s." msgstr "Otsakevarmuuskopiotiedoston %s luominen epäonnistui.\n" -#: lib/luks1/keymanage.c:205 -#, c-format -msgid "Cannot write header backup file %s.\n" +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, fuzzy, c-format +msgid "Cannot write header backup file %s." msgstr "Otsakevarmuuskopiotiedoston %s kirjoittaminen epäonnistui.\n" -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +#, fuzzy +msgid "Backup file does not contain valid LUKS header." msgstr "Varmuuskopiotiedosto ei sisällä kelvollista LUKS-otsaketta.\n" -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 -#, c-format -msgid "Cannot open header backup file %s.\n" +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, fuzzy, c-format +msgid "Cannot open header backup file %s." msgstr "Otsakevarmuuskopiotiedoston %s avaus epäonnistui.\n" -#: lib/luks1/keymanage.c:258 -#, c-format -msgid "Cannot read header backup file %s.\n" +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, fuzzy, c-format +msgid "Cannot read header backup file %s." msgstr "Otsakevarmuuskopiotiedoston %s lukeminen epäonnistui.\n" -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Tietosiirrososoite tai avainkoko eroaa laitteessa ja varmuuskopiossa, " -"palautus epäonnistui.\n" +#: lib/luks1/keymanage.c:317 +#, fuzzy +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Tietosiirrososoite tai avainkoko eroaa laitteessa ja varmuuskopiossa, palautus epäonnistui.\n" -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Laite %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"ei sisällä LUKS-otsaketta. Otsakkeen korvaaminen voi tuhota tietoja tuossa " -"laitteessa." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "ei sisällä LUKS-otsaketta. Otsakkeen korvaaminen voi tuhota tietoja tuossa laitteessa." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"sisältää jo LUKS-otsakkeen. Otsakkeen korvaaminen tuhoaa olemassaolevat " -"avainvälit." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "sisältää jo LUKS-otsakkeen. Otsakkeen korvaaminen tuhoaa olemassaolevat avainvälit." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" msgstr "" "\n" -"VAROITUS: oikealla laiteotsakkeella on eri UUID-tunniste kuin " -"varmuuskopiolla!" - -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Laitteen %s avaus epäonnistui.\n" +"VAROITUS: oikealla laiteotsakkeella on eri UUID-tunniste kuin varmuuskopiolla!" -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" +#: lib/luks1/keymanage.c:375 +#, fuzzy +msgid "Non standard key size, manual repair required." msgstr "Ei-vakio avainkoko, manuaalinen korjaus pyydetty.\n" -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" +#: lib/luks1/keymanage.c:380 +#, fuzzy +msgid "Non standard keyslots alignment, manual repair required." msgstr "Ei-vakiot avainvälitasaukset, manuaalinen korjaus pyydetty.\n" -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" +#: lib/luks1/keymanage.c:390 +#, fuzzy +msgid "Repairing keyslots." msgstr "Korjataan avainvälit.\n" -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Korjaus epäonnistui." - -#: lib/luks1/keymanage.c:363 -#, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" +#: lib/luks1/keymanage.c:409 +#, fuzzy, c-format +msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "Avainväli %i: siirrososoite korjattu (%u -> %u).\n" -#: lib/luks1/keymanage.c:371 -#, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" +#: lib/luks1/keymanage.c:417 +#, fuzzy, c-format +msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "Avainväli %i: raidat korjattu (%u -> %u).\n" -#: lib/luks1/keymanage.c:380 -#, c-format -msgid "Keyslot %i: bogus partition signature.\n" +#: lib/luks1/keymanage.c:426 +#, fuzzy, c-format +msgid "Keyslot %i: bogus partition signature." msgstr "Avainväli %i: valeosiotunniste.\n" -#: lib/luks1/keymanage.c:385 -#, c-format -msgid "Keyslot %i: salt wiped.\n" +#: lib/luks1/keymanage.c:431 +#, fuzzy, c-format +msgid "Keyslot %i: salt wiped." msgstr "Avainväli %i: satunnaisarvosiemen tuhottu.\n" -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" +#: lib/luks1/keymanage.c:448 +#, fuzzy +msgid "Writing LUKS header to disk." msgstr "Kirjoitetaan LUKS-otsake levylle.\n" -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "Tukematon LUKS-versio %d.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Korjaus epäonnistui." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 +#, fuzzy, c-format +msgid "Requested LUKS hash %s is not supported." msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n" -#: lib/luks1/keymanage.c:442 -#, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "LUKS-avainväli %u on virheellinen.\n" - -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +#, fuzzy +msgid "No known problems detected for LUKS header." msgstr "Tuntemattomat pulmat havaittu LUKS-otsakkeelle.\n" -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" +#: lib/luks1/keymanage.c:660 +#, fuzzy, c-format +msgid "Error during update of LUKS header on device %s." msgstr "Virhe LUKS-otsakkeen päivityksen aikana laitteessa %s.\n" -#: lib/luks1/keymanage.c:603 -#, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Virhe luettaessa uudelleen LUKS-otsaketta päivityksen jälkeen laitteessa " -"%s.\n" - -#: lib/luks1/keymanage.c:654 -#, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"Tietosiirrososoitteen irrotetulle LUKS-otsakkeelle on oltava joko 0 tai " -"suurempi kuin otsakekoko (%d sektoria).\n" - -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" +#: lib/luks1/keymanage.c:668 +#, fuzzy, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Virhe luettaessa uudelleen LUKS-otsaketta päivityksen jälkeen laitteessa %s.\n" + +#: lib/luks1/keymanage.c:744 +#, fuzzy +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "Tietosiirrososoitteen irrotetulle LUKS-otsakkeelle on oltava joko 0 tai suurempi kuin otsakekoko (%d sektoria).\n" + +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +#, fuzzy +msgid "Wrong LUKS UUID format provided." msgstr "Väärä LUKS UUID-muoto tarjottu.\n" -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "" -"LUKS-otsakkeen luominen epäonnistui: satunnaisarvosiemenen lukeminen " -"epäonnistui.\n" - -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 -#, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "" -"Ei ole yhteensopiva PBKDF2-valitsimien kanssa (käytetään tiivitstealgoritmia " -"%s).\n" +#: lib/luks1/keymanage.c:778 +#, fuzzy +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "LUKS-otsakkeen luominen epäonnistui: satunnaisarvosiemenen lukeminen epäonnistui.\n" -#: lib/luks1/keymanage.c:717 -#, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"LUKS-otsakkeen luominen epäonnistui: otsaketiiviste epäonnistui (käytettäen " -"tiivistettä %s).\n" +#: lib/luks1/keymanage.c:804 +#, fuzzy, c-format +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "LUKS-otsakkeen luominen epäonnistui: otsaketiiviste epäonnistui (käytettäen tiivistettä %s).\n" -#: lib/luks1/keymanage.c:782 -#, c-format -msgid "Key slot %d active, purge first.\n" +#: lib/luks1/keymanage.c:848 +#, fuzzy, c-format +msgid "Key slot %d active, purge first." msgstr "Avainväli %d aktiivinen, puhdista ensimmäinen.\n" -#: lib/luks1/keymanage.c:788 -#, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Avainvälin %d materiaali sisältää liian vähän raitoja. Otsaketta on " -"käsitelty?\n" - -#: lib/luks1/keymanage.c:950 -#, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Avaivälin %d lukitus avattu.\n" +#: lib/luks1/keymanage.c:854 +#, fuzzy, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Avainvälin %d materiaali sisältää liian vähän raitoja. Otsaketta on käsitelty?\n" -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Tälle salasanalauseelle ei ole saatavissa avainta.\n" +#: lib/luks1/keymanage.c:990 +#, fuzzy, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Avainkäsittelyvirhe (käytetään tiivistealgoritmia %s).\n" -#: lib/luks1/keymanage.c:1003 -#, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" +#: lib/luks1/keymanage.c:1066 +#, fuzzy, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Avainväli %d on virheellinen, valitse avainväli välillä 0 ... %d.\n" -#: lib/luks1/keymanage.c:1021 -#, c-format -msgid "Cannot wipe device %s.\n" +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, fuzzy, c-format +msgid "Cannot wipe device %s." msgstr "Laitteen %s pyyhkiminen tyhjäksi epäonnistui.\n" #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" +#, fuzzy +msgid "Detected not yet supported GPG encrypted keyfile." msgstr "Havaittu vielä tukematon GPG-salausavaintiedosto.\n" #: lib/loopaes/loopaes.c:147 @@ -692,417 +1062,1408 @@ msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" msgstr "Käytä gpg --decrypt | cryptsetup --keyfile=- ...\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" +#, fuzzy +msgid "Incompatible loop-AES keyfile detected." msgstr "Yhteensopimaton loop-AES -avaintiedosto havaittu.\n" -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" +#: lib/loopaes/loopaes.c:245 +#, fuzzy +msgid "Kernel does not support loop-AES compatible mapping." msgstr "Käyttöjärjestelmäydin ei tule loop-AES -yhteensopivaa kuvausta.\n" -#: lib/tcrypt/tcrypt.c:475 -#, c-format -msgid "Error reading keyfile %s.\n" +#: lib/tcrypt/tcrypt.c:504 +#, fuzzy, c-format +msgid "Error reading keyfile %s." msgstr "Virhe luettaessa avaintiedostoa %s.\n" -#: lib/tcrypt/tcrypt.c:513 -#, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" +#: lib/tcrypt/tcrypt.c:554 +#, fuzzy, c-format +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "TCRYPT-salasanalauseen enimmäispituus (%d) ylitettiin.\n" -#: lib/tcrypt/tcrypt.c:543 -#, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" +#: lib/tcrypt/tcrypt.c:595 +#, fuzzy, c-format +msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "PBKDF2-tiivistealgoritmi %s ei ole käytettävissä, ohitetaan.\n" -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +#, fuzzy +msgid "Required kernel crypto interface not available." msgstr "Pyydetty ydinsalauskäyttöliittymä ei ole käytettävissä.\n" -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "" -"Varmista, että algif_skcipher-käyttöjärjestelmäydinmoduuli on ladattu.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +#, fuzzy +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Varmista, että algif_skcipher-käyttöjärjestelmäydinmoduuli on ladattu.\n" -#: lib/tcrypt/tcrypt.c:707 -#, c-format -msgid "Activation is not supported for %d sector size.\n" +#: lib/tcrypt/tcrypt.c:753 +#, fuzzy, c-format +msgid "Activation is not supported for %d sector size." msgstr "Aktivointia ei tueta sektorikoolle %d.\n" -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "" -"Käyttöjärjestelmäydin ei tue aktivointia tälle TCRYPT-perinnetilassa.\n" +#: lib/tcrypt/tcrypt.c:759 +#, fuzzy +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Käyttöjärjestelmäydin ei tue aktivointia tälle TCRYPT-perinnetilassa.\n" -#: lib/tcrypt/tcrypt.c:744 -#, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" +#: lib/tcrypt/tcrypt.c:793 +#, fuzzy, c-format +msgid "Activating TCRYPT system encryption for partition %s." msgstr "Aktivoidaan TCRYPT-järjestelmäsalaus osiolle %s.\n" -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" +#: lib/tcrypt/tcrypt.c:871 +#, fuzzy +msgid "Kernel does not support TCRYPT compatible mapping." msgstr "Käyttöjärjestelmäydin ei tue TCRYPT -yhteensopivaa kuvausta.\n" -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." msgstr "Tätä toimintoa ei tueta ilman TCRYPT-otsakelatausta." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "Verity-laite %s ei käytä paikallista levyotsaketta.\n" +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Laite %s ei ole kelvollinen VERITY-laite.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "Tukematon LUKS-versio %d.\n" + +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" + +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:594 +#, fuzzy +msgid "Unknown or unsupported encryption type." +msgstr "UUID ei ole tuettu tälle laitetyypille.\n" -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Unsupported VERITY version %d.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:921 +#, fuzzy +msgid "This operation is not supported." +msgstr "Tätä toimintoa ei tueta %s-salauslaitteelle.\n" + +#: lib/bitlk/bitlk.c:929 +#, fuzzy +msgid "Wrong key size." +msgstr "Virheellinen avainkoko.\n" + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, fuzzy, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Verity-laite %s ei käytä paikallista levyotsaketta.\n" + +#: lib/verity/verity.c:90 +#, fuzzy, c-format +msgid "Device %s is not a valid VERITY device." +msgstr "Laite %s ei ole kelvollinen VERITY-laite.\n" + +#: lib/verity/verity.c:97 +#, fuzzy, c-format +msgid "Unsupported VERITY version %d." msgstr "Tukematon VERITY-versio %d.\n" -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" +#: lib/verity/verity.c:128 +#, fuzzy +msgid "VERITY header corrupted." msgstr "VERITY-otsake rikkinäinen.\n" -#: lib/verity/verity.c:166 -#, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" +#: lib/verity/verity.c:165 +#, fuzzy, c-format +msgid "Wrong VERITY UUID format provided on device %s." msgstr "Väärä VERITY UUID-muoto tarjottu laitteessa %s.\n" -#: lib/verity/verity.c:196 -#, c-format -msgid "Error during update of verity header on device %s.\n" +#: lib/verity/verity.c:198 +#, fuzzy, c-format +msgid "Error during update of verity header on device %s." msgstr "Virhe verity-otsakkeen päivityksen aikana laitteessa %s.\n" -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" +#: lib/verity/verity.c:256 +#, fuzzy +msgid "Root hash signature verification is not supported." +msgstr "Tiivistealgoritmia %s ei tueta.\n" + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "" + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "" + +#: lib/verity/verity.c:308 +#, fuzzy +msgid "Kernel does not support dm-verity mapping." +msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n" + +#: lib/verity/verity.c:312 +#, fuzzy +msgid "Kernel does not support dm-verity signature option." msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n" -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" +#: lib/verity/verity.c:323 +#, fuzzy +msgid "Verity device detected corruption after activation." msgstr "Verity-laite havaitsi rikkoutumisen aktivoinnin jälkeen.\n" #: lib/verity/verity_hash.c:59 -#, c-format -msgid "Spare area is not zeroed at position %.\n" +#, fuzzy, c-format +msgid "Spare area is not zeroed at position %." msgstr "Vapaa-aluetta ei ole nollattu sijainnissa %.\n" -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +#, fuzzy +msgid "Device offset overflow." msgstr "Laitesiirrososoitteen ylivuoto.\n" -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" +#: lib/verity/verity_hash.c:203 +#, fuzzy, c-format +msgid "Verification failed at position %." msgstr "Todennus epäonnistui sijainnissa %.\n" -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" +#: lib/verity/verity_hash.c:276 +#, fuzzy +msgid "Invalid size parameters for verity device." msgstr "Virheelliset kokoparametrit verity-laitteelle.\n" -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Verity-taltiolla liian monta puutasoa.\n" +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "" -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" +#: lib/verity/verity_hash.c:373 +#, fuzzy +msgid "Verification of data area failed." msgstr "Data-alueen todentaminen epäonnistui.\n" -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" +#: lib/verity/verity_hash.c:378 +#, fuzzy +msgid "Verification of root hash failed." msgstr "Root-tiivisteen todentaminen epäonnistui.\n" -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" +#: lib/verity/verity_hash.c:384 +#, fuzzy +msgid "Input/output error while creating hash area." msgstr "Syöte/tulostevirhe luotaessa tiivistealuetta.\n" -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" +#: lib/verity/verity_hash.c:386 +#, fuzzy +msgid "Creation of hash area failed." msgstr "Tiivistealueen luominen epäonnistui.\n" -#: lib/verity/verity_hash.c:414 -#, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" +#: lib/verity/verity_hash.c:433 +#, fuzzy, c-format +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "VAROITUS: Käyttöjärjestelmäydin ei voi aktivoida laitetta, jos lohkokoko ylittää sivukoon (%u).\n" + +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." msgstr "" -"VAROITUS: Käyttöjärjestelmäydin ei voi aktivoida laitetta, jos lohkokoko " -"ylittää sivukoon (%u).\n" -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "Salasanalauseiden todennus epäonnistui ei-tty-syötteissä.\n" +#: lib/verity/verity_fec.c:146 +#, fuzzy +msgid "Failed to allocate buffer." +msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Havaittu tuntematon salakirjoitusmenetelmämäärittelymalli.\n" +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." +msgstr "" -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." msgstr "" -"VAROITUS: Parametri --hash ohitetaan tavallisessa tilassa kun avaintiedosto " -"on määritelty.\n" -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." msgstr "" -"VAROITUS: Valitsin --keyfile-size ohitetaan , lukukoko on sama kuin " -"salausavaimen koko.\n" -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "Vaaditaan valitsin --key-file.\n" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "" -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Tälle salasanalauseelle ei ole saatavissa laiteotsaketta.\n" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "" -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." msgstr "" -"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n" -"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n" -"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Suorituskykytestin tulos ei ole luotettava.\n" +#: lib/verity/verity_fec.c:265 +#, fuzzy, c-format +msgid "Failed to determine size for device %s." +msgstr "Tilapäisen avainsäiliön avaaminen epäonnistui.\n" -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "# Testit käyttävät vain muistia ylimalkaan (ei tallennussiirtos).\n" +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +#, fuzzy +msgid "Kernel does not support dm-integrity mapping." +msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n" -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algoritmi | Avain | Salaus | Salauksen purku\n" +#: lib/integrity/integrity.c:277 +#, fuzzy +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n" -#: src/cryptsetup.c:587 -#, c-format -msgid "Cipher %s is not available.\n" -msgstr "Salaus %s ei ole käytettävissä.\n" +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 +#, fuzzy, c-format +msgid "Failed to acquire write lock on device %s." +msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n" -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "Ei käytössä" +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" -#: src/cryptsetup.c:639 -#, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Avaintiedoston %s lukeminen epäonnistui.\n" +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" + +#: lib/luks2/luks2_json_format.c:227 +#, fuzzy +msgid "Requested data offset is too small." +msgstr "Laite %s on liian pieni.\n" -#: src/cryptsetup.c:643 +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Ei voida lukea %d tavua avaintiedostosta %s.\n" +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "" -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Yritetäänkö todella korjata LUKS-laiteotsake?" +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, fuzzy, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n" -#: src/cryptsetup.c:697 +#: lib/luks2/luks2_json_metadata.c:1167 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Tämä korvaa tiedot kohteella %s peruuttamattomasti." +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "" -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "muistivarausvirhe kohteessa action_luksFormat" +#: lib/luks2/luks2_json_metadata.c:1208 +#, fuzzy +msgid "Data offset differ on device and backup, restore failed." +msgstr "Tietosiirrososoite tai avainkoko eroaa laitteessa ja varmuuskopiossa, palautus epäonnistui.\n" -#: src/cryptsetup.c:717 -#, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Kohteen %s käyttö paikallisena levyotsakkeena epäonnistui.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +#, fuzzy +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Tietosiirrososoite tai avainkoko eroaa laitteessa ja varmuuskopiossa, palautus epäonnistui.\n" -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" -"Pienennetty tietosiirrososoite sallitaan vain irrotetulle LUKS-otsakkeelle.\n" +#: lib/luks2/luks2_json_metadata.c:1221 +#, fuzzy, c-format +msgid "Device %s %s%s%s%s" +msgstr "Laite %s %s%s" -#: src/cryptsetup.c:881 src/cryptsetup.c:937 -#, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Avainväli %d valittu poistoa varten.\n" +#: lib/luks2/luks2_json_metadata.c:1222 +#, fuzzy +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "ei sisällä LUKS-otsaketta. Otsakkeen korvaaminen voi tuhota tietoja tuossa laitteessa." -#: src/cryptsetup.c:884 -#, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Avain %d ei ole käytössä. Ei voida pyyhkiä pois.\n" +#: lib/luks2/luks2_json_metadata.c:1223 +#, fuzzy +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "sisältää jo LUKS-otsakkeen. Otsakkeen korvaaminen tuhoaa olemassaolevat avainvälit." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 +#: lib/luks2/luks2_json_metadata.c:1225 msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"Tämä on viimeinen avainväli. Laite tulee käyttökelvottomaksi tämän avaimen " -"poistamisen jälkeen." -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Kirjoita mikä tahansa jäljellä oleva salasanalause: " +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Kirjoita poistettava salasanalause: " +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "" -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Kirjoita mikä tahansa olemassa oleva salasanalause: " +msgid "Missing key for dm-crypt segment %u" +msgstr "" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Kirjoita vaihdettava salasanalause: " +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Kirjoita uusi salasanalause: " +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "" -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "Tuetaan vain yhtä laiteargumenttia isLuks-toiminnolle.\n" +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "" -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Vaaditaan valitsin --header-backup-file.\n" +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Tunnistamaton metatietolaitetyyppi %s.\n" +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" -msgstr "Komento vaatii laitteen ja kuvausnimen argumenttina.\n" +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "" -#: src/cryptsetup.c:1326 -#, c-format -msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." msgstr "" -"Tämä toiminto poistaa kaikki avainvälit laitteesta %s.\n" -"Laite tulee käyttökelvottomaksi tämän toiminnon jälkeen." -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "avaa laite kuvauksena " +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "" -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "sulje laite (poista kuvaus)" +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "Avainväli %d on todennettu.\n" -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "muuta käytössä olevan laitteen kokoa" +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "" -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "näytä laitetila" +#: lib/luks2/luks2_keyslot_luks2.c:480 +#, fuzzy +msgid "No space for new keyslot." +msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n" -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "koestussalaus" +#: lib/luks2/luks2_luks1_convert.c:482 +#, fuzzy, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Salasanan laatutarkistus epäonnistui: %s\n" -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "" -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "yritä korjata levyn sisäiset metatiedot" +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "" -#: src/cryptsetup.c:1366 -msgid "erase all keyslots (remove encryption key)" -msgstr "poista kaikki avainvälit (poista salausavain)" +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "" -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +#, fuzzy +msgid "Unable to move keyslot area." +msgstr "Avaintiedoston avaus epäonnistui.\n" -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "pohjustaa LUKS-laitteen" +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "" -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "lisää avain LUKS-laitteeseen" +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" -msgstr " []" +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "" -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "poistaa tarjotun avaimen tai avaintiedoston LUKS-laitteesta" +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "" -#: src/cryptsetup.c:1370 -msgid "changes supplied key or key file of LUKS device" -msgstr "vaihtaa LUKS-laitteen tarjotun avaimen tai avaintiedoston" +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "" -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "" -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "pyyhkäisee pois avaimen numerolla LUKS-laitteesta" +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "" -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "tulostaa LUKS-laitteen UUID-tunnuksen" +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr "testaa LUKS-osio-otsakkeesta" +#: lib/luks2/luks2_reencrypt.c:897 +#, fuzzy, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta." -#: src/cryptsetup.c:1374 +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "Tukematon LUKS-versio %d.\n" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +#, fuzzy +msgid "Failed to initialize old segment storage wrapper." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, fuzzy, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Vapaa-aluetta ei ole nollattu sijainnissa %.\n" + +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Tilapäisen avainsäiliön avaaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, fuzzy, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Laitteen %s käyttö epäonnistui, koska se on jo käytössä (jo kuvattu tai liitetty).\n" + +#: lib/luks2/luks2_reencrypt.c:2534 +#, fuzzy +msgid "Device not marked for LUKS2 reencryption." +msgstr "Älä vaihda avainta, yhtään data-aluetta ei ole salattu uudelleen." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "Laite %s ei ole aktiivinen.\n" + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2632 +#, fuzzy +msgid "Failed to acquire reencryption lock." +msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3046 +#, fuzzy +msgid "Failed to write reencryption resilience metadata." +msgstr "Uudelleensalauslokitiedoston kirjoittaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:3053 +#, fuzzy +msgid "Decryption failed." +msgstr "Korjaus epäonnistui." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:3063 +#, fuzzy +msgid "Failed to sync data." +msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "Salaustaustaohjelman alustus epäonnistui.\n" + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +#, fuzzy +msgid "Failed to update reencryption context." +msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n" + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "" + +#: lib/luks2/luks2_token.c:269 +#, fuzzy, c-format +msgid "Failed to create builtin token %s." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: src/cryptsetup.c:164 +#, fuzzy +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Salasanalauseiden todennus epäonnistui ei-tty-syötteissä.\n" + +#: src/cryptsetup.c:221 +#, fuzzy +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n" + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +#, fuzzy +msgid "No known cipher specification pattern detected." +msgstr "Havaittu tuntematon salakirjoitusmenetelmämäärittelymalli.\n" + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "VAROITUS: Parametri --hash ohitetaan tavallisessa tilassa kun avaintiedosto on määritelty.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "VAROITUS: Valitsin --keyfile-size ohitetaan , lukukoko on sama kuin salausavaimen koko.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "" + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "" + +#: src/cryptsetup.c:381 +#, fuzzy +msgid "Option --key-file is required." +msgstr "Vaaditaan valitsin --key-file.\n" + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "" + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "" + +#: src/cryptsetup.c:446 +#, fuzzy +msgid "Invalid PIM value: 0." +msgstr "Virheellinen laite %s.\n" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "" + +#: src/cryptsetup.c:472 +#, fuzzy +msgid "No device header detected with this passphrase." +msgstr "Tälle salasanalauseelle ei ole saatavissa laiteotsaketta.\n" + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n" + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n" +"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n" +"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "" + +#: src/cryptsetup.c:838 +#, fuzzy +msgid "Benchmark interrupted." +msgstr "koestussalaus" + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "" + +#: src/cryptsetup.c:901 +#, fuzzy +msgid "Result of benchmark is not reliable." +msgstr "Suorituskykytestin tulos ei ole luotettava.\n" + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Testit käyttävät vain muistia ylimalkaan (ei tallennussiirtos).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, fuzzy, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritmi | Avain | Salaus | Salauksen purku\n" + +#: src/cryptsetup.c:975 +#, fuzzy, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Salaus %s ei ole käytettävissä.\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +#, fuzzy +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algoritmi | Avain | Salaus | Salauksen purku\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "Ei käytössä" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "Kirjoita salasanalause avainvälille %u: " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Yritetäänkö todella korjata LUKS-laiteotsake?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, fuzzy, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Tilapäisen LUKS-laitteen avaaminen epäonnistui.\n" + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "" + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +#, fuzzy +msgid "Unsupported LUKS2 metadata size options." +msgstr "Tukematon LUKS-versio %d.\n" + +#: src/cryptsetup.c:1253 +#, fuzzy, c-format +msgid "Cannot create header file %s." +msgstr "Otsakevarmuuskopiotiedoston %s luominen epäonnistui.\n" + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +#, fuzzy +msgid "No known integrity specification pattern detected." +msgstr "Havaittu tuntematon salakirjoitusmenetelmämäärittelymalli.\n" + +#: src/cryptsetup.c:1289 +#, fuzzy, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Kohteen %s käyttö paikallisena levyotsakkeena epäonnistui.\n" + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Tämä korvaa tiedot kohteella %s peruuttamattomasti." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +#, fuzzy +msgid "Failed to set pbkdf parameters." +msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" + +#: src/cryptsetup.c:1439 +#, fuzzy +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Pienennetty tietosiirrososoite sallitaan vain irrotetulle LUKS-otsakkeelle.\n" + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "" + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, fuzzy, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Avainväli %d valittu poistoa varten.\n" + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Tämä on viimeinen avainväli. Laite tulee käyttökelvottomaksi tämän avaimen poistamisen jälkeen." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Kirjoita mikä tahansa jäljellä oleva salasanalause: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Kirjoita poistettava salasanalause: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Kirjoita uusi salasanalause avainvälille: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Kirjoita mikä tahansa olemassa oleva salasanalause: " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Kirjoita vaihdettava salasanalause: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Kirjoita uusi salasanalause: " + +#: src/cryptsetup.c:1927 +#, fuzzy +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Kirjoita salasanalause avainvälille %u: " + +#: src/cryptsetup.c:1951 +#, fuzzy +msgid "Only one device argument for isLuks operation is supported." +msgstr "Tuetaan vain yhtä laiteargumenttia isLuks-toiminnolle.\n" + +#: src/cryptsetup.c:2001 +#, fuzzy +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n" +"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n" +"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa." + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Avainväli %d ei ole käytössä.\n" + +#: src/cryptsetup.c:2072 +#, fuzzy +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n" +"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n" +"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +#, fuzzy +msgid "Option --header-backup-file is required." +msgstr "Vaaditaan valitsin --header-backup-file.\n" + +#: src/cryptsetup.c:2258 +#, fuzzy, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s ei ole LUKS-laite." + +#: src/cryptsetup.c:2269 +#, fuzzy, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Jatkamista ei tueta laiteelle %s.\n" + +#: src/cryptsetup.c:2311 +#, fuzzy, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Tunnistamaton metatietolaitetyyppi %s.\n" + +#: src/cryptsetup.c:2314 +#, fuzzy +msgid "Command requires device and mapped name as arguments." +msgstr "Komento vaatii laitteen ja kuvausnimen argumenttina.\n" + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Tämä toiminto poistaa kaikki avainvälit laitteesta %s.\n" +"Laite tulee käyttökelvottomaksi tämän toiminnon jälkeen." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "" + +#: src/cryptsetup.c:2398 +#, fuzzy, c-format +msgid "Device is already %s type." +msgstr "Laite %s on jo olemassa.\n" + +#: src/cryptsetup.c:2403 +#, fuzzy, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Tätä toimintoa ei tueta %s-salauslaitteelle.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "" + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, fuzzy, c-format +msgid "Token %d is invalid." +msgstr "Avainväli %d on virheellinen.\n" + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "" + +#: src/cryptsetup.c:2493 +#, fuzzy, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, fuzzy, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: src/cryptsetup.c:2519 +#, fuzzy, c-format +msgid "Token %d is not in use." +msgstr "Avainväli %d ei ole käytössä.\n" + +#: src/cryptsetup.c:2554 +#, fuzzy +msgid "Failed to import token from file." +msgstr "Avaintiedoston avaus epäonnistui.\n" + +#: src/cryptsetup.c:2579 +#, fuzzy, c-format +msgid "Failed to get token %d for export." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "" + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "" + +#: src/cryptsetup.c:2613 +#, fuzzy, c-format +msgid "Invalid token operation %s." +msgstr "Virheellinen avainkoko %d.\n" + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n" + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "Virheellinen laite %s.\n" + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n" + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Pyydetty otsakevarmuuskopiotiedosto %s on jo olemassa.\n" + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "Otsakevarmuuskopiotiedoston %s luominen epäonnistui.\n" + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +#, fuzzy +msgid "Not enough free keyslots for reencryption." +msgstr "Älä vaihda avainta, yhtään data-aluetta ei ole salattu uudelleen." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +#, fuzzy +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Avaintiedostoa voidaan käyttää vain valitsimen --key-slot kanssa tai täsmälleen yhden avainvälin ollessa aktiivisena.\n" + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Kirjoita salasanalause avainvälille %u: " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Kirjoita salasanalause avainvälille %u: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "Komento vaatii laitteen ja kuvausnimen argumenttina.\n" + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "" + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +#, fuzzy +msgid "LUKS2 device is not in reencryption." +msgstr "Lokitiedosto %s on olemassa, aloitetaan salaus uudelleen.\n" + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +#, fuzzy +msgid "open device as " +msgstr "avaa laite kuvauksena " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "sulje laite (poista kuvaus)" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "muuta käytössä olevan laitteen kokoa" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "näytä laitetila" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "koestussalaus" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "yritä korjata levyn sisäiset metatiedot" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "lisää avain LUKS-laitteeseen" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "poista kaikki avainvälit (poista salausavain)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "pohjustaa LUKS-laitteen" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "lisää avain LUKS-laitteeseen" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "poistaa tarjotun avaimen tai avaintiedoston LUKS-laitteesta" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "vaihtaa LUKS-laitteen tarjotun avaimen tai avaintiedoston" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "pyyhkäisee pois avaimen numerolla LUKS-laitteesta" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "tulostaa LUKS-laitteen UUID-tunnuksen" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "testaa LUKS-osio-otsakkeesta" + +#: src/cryptsetup.c:3364 msgid "dump LUKS partition information" msgstr "vedosta LUKS-osiotiedot" -#: src/cryptsetup.c:1375 +#: src/cryptsetup.c:3365 msgid "dump TCRYPT device information" msgstr "vedosta TCRYPT-laitetiedot" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"Keskeytä LUKS-laite ja pyyhi pois avain (kaikki siirräntäliitännät " -"jäädytetään)." +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "vedosta TCRYPT-laitetiedot" + +#: src/cryptsetup.c:3367 +#, fuzzy +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Keskeytä LUKS-laite ja pyyhi pois avain (kaikki siirräntäliitännät jäädytetään)." -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." +#: src/cryptsetup.c:3368 +#, fuzzy +msgid "Resume suspended LUKS device" msgstr "Aloita uudelleen pysäytetty LUKS-laite." -#: src/cryptsetup.c:1378 +#: src/cryptsetup.c:3369 msgid "Backup LUKS device header and keyslots" msgstr "Varmuuskopioi LUKS-laiteotsake ja avainvälit" -#: src/cryptsetup.c:1379 +#: src/cryptsetup.c:3370 msgid "Restore LUKS device header and keyslots" msgstr "Palauta LUKS-laiteotsake ja avainvälit" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/cryptsetup.c:3371 +msgid " " +msgstr "" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 msgid "" "\n" " is one of:\n" @@ -1110,19 +2471,20 @@ msgstr "" "\n" " on yksi seuraavista:\n" -#: src/cryptsetup.c:1402 +#: src/cryptsetup.c:3395 +#, fuzzy msgid "" "\n" "You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" msgstr "" "\n" "Voit myös käyttää vanhaa -syntaksialiasta:\n" "\topen: luo (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" "\tclose: poista (plainClose), luksClose, loopaesClose, tcryptClose\n" -#: src/cryptsetup.c:1406 +#: src/cryptsetup.c:3399 #, c-format msgid "" "\n" @@ -1135,17 +2497,24 @@ msgstr "" " on laite, joka luodaan kohteen %s alaisena\n" " on salaussuojattu laite\n" " on LUKS-avainväli muokattavaksi\n" -" valinnainen avaintiedosto uudelle avaimelle luksAddKey-" -"toimintoa varten\n" +" valinnainen avaintiedosto uudelle avaimelle luksAddKey-toimintoa varten\n" -#: src/cryptsetup.c:1413 +#: src/cryptsetup.c:3406 #, c-format msgid "" "\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" + +#: src/cryptsetup.c:3411 +#, fuzzy, c-format +msgid "" +"\n" "Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" msgstr "" "\n" "Käännetyn avaintiedoston ja salasanan oletusparametrit:\n" @@ -1153,14 +2522,14 @@ msgstr "" "\tsalasanalauseen enimmäispituus %d (merkkiä)\n" "PBKDF2-iteroinnin enimmäisaika LUKS-avainvälille: %d (millisekuntia)\n" -#: src/cryptsetup.c:1420 -#, c-format +#: src/cryptsetup.c:3422 +#, fuzzy, c-format msgid "" "\n" "Default compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" "\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" msgstr "" "\n" "Käännetyn laitesalakirjoitusmenetelmän oletusparametrit:\n" @@ -1168,373 +2537,766 @@ msgstr "" "\tplain-tyyppi: %s, Avain: %d bittiä, Salasanatiivistys: %s\n" "\tLUKS1: %s, Avain: %d bittiä, LUKS-otsaketiivistys: %s, RNG: %s\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 #, c-format msgid "%s: requires %s as arguments" msgstr "%s: vaatii %s argumentteina" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 msgid "Show this help message" msgstr "Näytä tämä opastesanoma" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 msgid "Display brief usage" msgstr "Näytä lyhyt käyttöopaste" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Opastevalitsimet:" - -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 msgid "Print package version" msgstr "Tulosta pakkausversio" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Opastevalitsimet:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 msgid "Shows more detailed error messages" msgstr "Näyttää yksityiskohtaisemmat virheilmoitukset" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 msgid "Show debug messages" msgstr "Näytä vianjäljityssanomat" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 +#: src/cryptsetup.c:3489 +#, fuzzy +msgid "Show debug messages including JSON metadata" +msgstr "Näytä vianjäljityssanomat" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 msgid "The cipher used to encrypt the disk (see /proc/crypto)" -msgstr "" -"Salakirjoitusmenetelmä, jota käytetään salaamaan levy (katso /proc/crypto)" +msgstr "Salakirjoitusmenetelmä, jota käytetään salaamaan levy (katso /proc/crypto)" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 msgid "The hash used to create the encryption key from the passphrase" -msgstr "" -"Tiivisteavain, jota käytetään salausavaimen luomiseen salasanalauseesta" +msgstr "Tiivisteavain, jota käytetään salausavaimen luomiseen salasanalauseesta" -#: src/cryptsetup.c:1481 +#: src/cryptsetup.c:3492 msgid "Verifies the passphrase by asking for it twice" msgstr "Todentaa salasanalauseen kysymällä kahdesti" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +#, fuzzy +msgid "Read the key from a file" msgstr "Lue avain tiedostosta." -#: src/cryptsetup.c:1483 +#: src/cryptsetup.c:3494 msgid "Read the volume (master) key from file." msgstr "Lue taltion (pää)avain tiedostosta." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." +#: src/cryptsetup.c:3495 +#, fuzzy +msgid "Dump volume (master) key instead of keyslots info" msgstr "Vedosta taltion (pää)avain eikä avainvälien tiedot." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 msgid "The size of the encryption key" msgstr "Salausavaimen koko" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 msgid "BITS" msgstr "BITTIÄ" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 msgid "Limits the read from keyfile" msgstr "Avaintiedostosta luettavat rajat" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 msgid "bytes" msgstr "tavua" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 msgid "Number of bytes to skip in keyfile" msgstr "Avaintiedostossa ohitettavien tavujen määrä" -#: src/cryptsetup.c:1488 +#: src/cryptsetup.c:3499 msgid "Limits the read from newly added keyfile" msgstr "Äskettäin lisätystä avaintiedostosta luetut rajat" -#: src/cryptsetup.c:1489 +#: src/cryptsetup.c:3500 msgid "Number of bytes to skip in newly added keyfile" msgstr "Ohitettu tavumäärä äskettäin lisätyssä avaintiedostossa" -#: src/cryptsetup.c:1490 +#: src/cryptsetup.c:3501 msgid "Slot number for new key (default is first free)" msgstr "Välinumero uudelle avaimelle (oletus on ensimmäinen vapaa)" -#: src/cryptsetup.c:1491 +#: src/cryptsetup.c:3502 msgid "The size of the device" msgstr "Laitteen koko" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 msgid "SECTORS" msgstr "SEKTORIA" -#: src/cryptsetup.c:1492 +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Käytä vain määriteltyä laitekokoa (ohita laitteen loppu). VAARALLINEN!" + +#: src/cryptsetup.c:3504 msgid "The start offset in the backend device" msgstr "Alkusiirrososoite taustalaitteessa" -#: src/cryptsetup.c:1493 +#: src/cryptsetup.c:3505 msgid "How many sectors of the encrypted data to skip at the beginning" msgstr "Kuinka monta salaustietojen sektoria ohitetaan alussa" -#: src/cryptsetup.c:1494 +#: src/cryptsetup.c:3506 msgid "Create a readonly mapping" msgstr "Luo kirjoitussuojattu kuvaus" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "PBKDF2-iterointiaika kohteelle LUKS (millisekunneissa)" - -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "ms" - -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 msgid "Do not ask for confirmation" msgstr "Älä pyydä vahvistusta" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 msgid "Timeout for interactive passphrase prompt (in seconds)" msgstr "Aikakatkaisu vuorovaikutteiselle salasanalausekyselylle (sekunteina)" -#: src/cryptsetup.c:1497 +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 msgid "secs" msgstr "s" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 msgid "How often the input of the passphrase can be retried" msgstr "Kuinka usein salasanasyötettä voidaan yrittää uudelleen" -#: src/cryptsetup.c:1499 +#: src/cryptsetup.c:3511 msgid "Align payload at sector boundaries - for luksFormat" -msgstr "" -"Tasaa tietosisältö osoitteessa sektorirajoihin - kohdetta luksFormat " -"varten" +msgstr "Tasaa tietosisältö osoitteessa sektorirajoihin - kohdetta luksFormat varten" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." +#: src/cryptsetup.c:3512 +#, fuzzy +msgid "File with LUKS header and keyslots backup" msgstr "Tiedosto LUKS-otsakkeella ja avainvälien varmuuskopiolla." -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +#, fuzzy +msgid "Use /dev/random for generating volume key" msgstr "Käytä /dev/random taltioavaimen synnyttämiseen." -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Käytä /dev/urandom taltioavaimen synnyttämiseen." +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +#, fuzzy +msgid "Use /dev/urandom for generating volume key" +msgstr "Käytä /dev/urandom taltioavaimen synnyttämiseen." + +#: src/cryptsetup.c:3515 +#, fuzzy +msgid "Share device with another non-overlapping crypt segment" +msgstr "Jaa laite toisen ei-päällekkäisen salaussegmentin kanssa." + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +#, fuzzy +msgid "UUID for device to use" +msgstr "UUID laitteelle käytettäväksi." + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +#, fuzzy +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Salli hylkäys(lempinimeltään TRIM)-pyynnöt laitteelle." + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +#, fuzzy +msgid "Device or file with separated LUKS header" +msgstr "Laite tai tiedosto erillisellä LUKS-otsakkeella." + +#: src/cryptsetup.c:3519 +#, fuzzy +msgid "Do not activate device, just check passphrase" +msgstr "Älä aktivoi laitetta, tarkista vain salasanalauseke." + +#: src/cryptsetup.c:3520 +#, fuzzy +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Käytä piilotettua otsaketta (piilotettu TCRYPT-laite)." + +#: src/cryptsetup.c:3521 +#, fuzzy +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Laite on järjestelmä-TCRYPT-levyasema (alkulatausohjelmalla)." + +#: src/cryptsetup.c:3522 +#, fuzzy +msgid "Use backup (secondary) TCRYPT header" +msgstr "Käytä (toissijaista) TCRYPT-varmuuskopio-otsaketta." + +#: src/cryptsetup.c:3523 +#, fuzzy +msgid "Scan also for VeraCrypt compatible device" +msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle." + +#: src/cryptsetup.c:3524 +#, fuzzy +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle." + +#: src/cryptsetup.c:3525 +#, fuzzy +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle." + +#: src/cryptsetup.c:3526 +#, fuzzy +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Laitemetatietojen tyyppi: luks, plain, loopaes, tcrypt." + +#: src/cryptsetup.c:3527 +#, fuzzy +msgid "Disable password quality check (if enabled)" +msgstr "Ota pois käytöstä salasanan laatutarkistus (jos käytössä)." + +#: src/cryptsetup.c:3528 +#, fuzzy +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Käytä dm-crypt same_cpu_crypt-suorituskyky-yhteensopivuusvalitsinta." + +#: src/cryptsetup.c:3529 +#, fuzzy +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Käytä dm-crypt submit_from_crypt_cpus-suorituskyky-yhteensopivuusvalitsinta." + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "" + +#: src/cryptsetup.c:3532 +#, fuzzy +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "PBKDF2-iterointiaika kohteelle LUKS (millisekunneissa)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ms" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +#, fuzzy +msgid "kilobytes" +msgstr "tavua" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "" + +#: src/cryptsetup.c:3538 +#, fuzzy +msgid "Disable locking of on-disk metadata" +msgstr "yritä korjata levyn sisäiset metatiedot" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "" + +#: src/cryptsetup.c:3550 +#, fuzzy +msgid "Set label for the LUKS2 device" +msgstr "pohjustaa LUKS-laitteen" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "" + +#: src/cryptsetup.c:3553 +#, fuzzy +msgid "Read or write the json from or to a file" +msgstr "Lue avain tiedostosta." + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "Jaa laite toisen ei-päällekkäisen salaussegmentin kanssa." +#: src/cryptsetup.c:3555 +#, fuzzy +msgid "LUKS2 header keyslots area size" +msgstr "Tiedosto LUKS-otsakkeella ja avainvälien varmuuskopiolla." -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID laitteelle käytettäväksi." +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Salli hylkäys(lempinimeltään TRIM)-pyynnöt laitteelle." +#: src/cryptsetup.c:3557 +#, fuzzy +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Salausavaimen koko" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Laite tai tiedosto erillisellä LUKS-otsakkeella." +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Älä aktivoi laitetta, tarkista vain salasanalauseke." +#: src/cryptsetup.c:3559 +#, fuzzy +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Poista laitteen salaus pysyvästi (poista salaus)" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Käytä piilotettua otsaketta (piilotettu TCRYPT-laite)." +#: src/cryptsetup.c:3560 +#, fuzzy +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Poista laitteen salaus pysyvästi (poista salaus)" -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "Laite on järjestelmä-TCRYPT-levyasema (alkulatausohjelmalla)." +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Käytä (toissijaista) TCRYPT-varmuuskopio-otsaketta." +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle." +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Pienennä datalaitekokoa (siirrä datasiirrososoitetta). VAARALLINEN!" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Laitemetatietojen tyyppi: luks, plain, loopaes, tcrypt." +#: src/cryptsetup.c:3564 +#, fuzzy +msgid "Maximal reencryption hotzone size." +msgstr "Uudelleensalauslohkon koko" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Ota pois käytöstä salasanan laatutarkistus (jos käytössä)." +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "Käytä dm-crypt same_cpu_crypt-suorituskyky-yhteensopivuusvalitsinta." +#: src/cryptsetup.c:3566 +#, fuzzy +msgid "Reencryption hotzone checksums hash" +msgstr "Uudelleensalauslohkon koko" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" msgstr "" -"Käytä dm-crypt submit_from_crypt_cpus-suorituskyky-yhteensopivuusvalitsinta." -#: src/cryptsetup.c:1531 src/veritysetup.c:402 +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 msgid "[OPTION...] " msgstr "[VALITSIN...] " -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Suoritetaan FIPS-tilassa.\n" - -#: src/cryptsetup.c:1581 src/veritysetup.c:439 +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 msgid "Argument missing." msgstr "Argumentti puuttuu." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 msgid "Unknown action." msgstr "Tuntematon toiminto." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3718 +#, fuzzy +msgid "Option --deferred is allowed only for close command." +msgstr "Valitsin --shared sallitaan vain pelkän laitteen avaukseen.\n" + +#: src/cryptsetup.c:3723 +#, fuzzy +msgid "Option --shared is allowed only for open of plain device." msgstr "Valitsin --shared sallitaan vain pelkän laitteen avaukseen.\n" -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +#, fuzzy +msgid "Option --allow-discards is allowed only for open operation." +msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n" + +#: src/cryptsetup.c:3733 +#, fuzzy +msgid "Option --persistent is allowed only for open operation." +msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n" + +#: src/cryptsetup.c:3738 +#, fuzzy +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n" -#: src/cryptsetup.c:1657 +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "" + +#: src/cryptsetup.c:3753 +#, fuzzy msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." msgstr "" "Valitsin --key-size sallitaan vain muodoille luksFormat, open ja benchmark.\n" -"Käytä avaintiedostosta lukemisen rajoittamiseksi valitsinta --keyfile-" -"size=(tavua)." +"Käytä avaintiedostosta lukemisen rajoittamiseksi valitsinta --keyfile-size=(tavua)." -#: src/cryptsetup.c:1664 -msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +#: src/cryptsetup.c:3759 +#, fuzzy +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "Valitsin --align-payload sallitaan vain luksFormat-muodolle." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." msgstr "" -"Valitsin --test-passphrase sallitaan vain LUKS- ja TCRYPT-laitteiden " -"avaamiseen.\n" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup.c:3770 +#, fuzzy +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Valitsin --uuid sallitaan vain luksFormat-muodolle ja luksUUID-muodolle." + +#: src/cryptsetup.c:3776 +#, fuzzy +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "Valitsin --test-passphrase sallitaan vain LUKS- ja TCRYPT-laitteiden avaamiseen.\n" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 msgid "Key size must be a multiple of 8 bits" msgstr "Avainkoon on oltava 8-bitin monikerta" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 msgid "Key slot is invalid." msgstr "Avainväli on virheellinen." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"Valitsin --key-file on ensisijainen määritellylle " -"avaintiedostoargumentille.\n" +#: src/cryptsetup.c:3794 +#, fuzzy +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "Valitsin --key-file on ensisijainen määritellylle avaintiedostoargumentille.\n" -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 msgid "Negative number for option not permitted." msgstr "Valitsimelle ei sallita negatiivista numeroa." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 +#: src/cryptsetup.c:3805 +#, fuzzy +msgid "Only one --key-file argument is allowed." +msgstr "Vain yksi --use-[u]random -valitsin on sallittu." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 msgid "Only one of --use-[u]random options is allowed." msgstr "Vain yksi --use-[u]random -valitsin on sallittu." -#: src/cryptsetup.c:1699 +#: src/cryptsetup.c:3813 msgid "Option --use-[u]random is allowed only for luksFormat." msgstr "Valitsin --use-[u]random sallitaan vain luksFormat-muodolle." -#: src/cryptsetup.c:1703 +#: src/cryptsetup.c:3817 msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgstr "" -"Valitsin --uuid sallitaan vain luksFormat-muodolle ja luksUUID-muodolle." +msgstr "Valitsin --uuid sallitaan vain luksFormat-muodolle ja luksUUID-muodolle." -#: src/cryptsetup.c:1707 +#: src/cryptsetup.c:3821 msgid "Option --align-payload is allowed only for luksFormat." msgstr "Valitsin --align-payload sallitaan vain luksFormat-muodolle." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." msgstr "" -"Valitsinta --skip tuetaan vain plain- ja loopaes-laitteiden avaamiseen.\n" -#: src/cryptsetup.c:1719 -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" +#: src/cryptsetup.c:3830 +#, fuzzy +msgid "Invalid LUKS2 metadata size specification." +msgstr "Virheellinen laitekokomäärittely." + +#: src/cryptsetup.c:3834 +#, fuzzy +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Virheellinen laitekokomäärittely." + +#: src/cryptsetup.c:3838 +#, fuzzy +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Valitsin --align-payload sallitaan vain luksFormat-muodolle." + +#: src/cryptsetup.c:3844 +#, fuzzy +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Valitsinta --skip tuetaan vain plain- ja loopaes-laitteiden avaamiseen.\n" + +#: src/cryptsetup.c:3851 +#, fuzzy +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "Valitsinta --offset tuetaan vain plain- ja loopaes-laitteiden avaamiseen.\n" + +#: src/cryptsetup.c:3857 +#, fuzzy +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Valitsinta --tcrypt-hidden, --tcrypt-system tai --tcrypt-backup tuetaan vain TCRYPT-laiteeelle.\n" + +#: src/cryptsetup.c:3862 +#, fuzzy +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "Valitsinta --tcrypt-hidden ei voida yhdistää valitsimeen --allow-discards.\n" + +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Valitsinta --veracrypt tuetaan vain TCRYPT-laiteeelle.\n" + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." msgstr "" -"Valitsinta --offset tuetaan vain plain- ja loopaes-laitteiden avaamiseen.\n" -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Valitsinta --veracrypt tuetaan vain TCRYPT-laiteeelle.\n" + +#: src/cryptsetup.c:3885 +#, fuzzy +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "Valitsinta --veracrypt tuetaan vain TCRYPT-laiteeelle.\n" + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "" -"Valitsinta --tcrypt-hidden, --tcrypt-system tai --tcrypt-backup tuetaan vain " -"TCRYPT-laiteeelle.\n" -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." msgstr "" -"Valitsinta --tcrypt-hidden ei voida yhdistää valitsimeen --allow-discards.\n" -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "Valitsinta --veracrypt tuetaan vain TCRYPT-laiteeelle.\n" +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "" + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "" + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "" + +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "Tätä toimintoa ei tueta tälle laitetyypille.\n" + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "" + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "" + +#: src/cryptsetup.c:3949 +#, fuzzy +msgid "Option --refresh may be used only with open action." +msgstr "Valitsinta --keep-key voidaan käyttää vain valitsimen --hash tai --iter-time kanssa." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "" + +#: src/cryptsetup.c:3970 +#, fuzzy +msgid "Invalid max reencryption hotzone size specification." +msgstr "Virheellinen laitekokomäärittely." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "Virheellinen laitekokomäärittely." + +#: src/cryptsetup.c:3981 +#, fuzzy +msgid "Maximum device reduce size is 1 GiB." +msgstr "Maksimi laitepienennyskoko on 64 mebitavua." + +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta." + +#: src/cryptsetup.c:3989 +#, fuzzy +msgid "Invalid data size specification." +msgstr "Virheellinen laitekokomäärittely." + +#: src/cryptsetup.c:3994 +#, fuzzy +msgid "Reduce size overflow." +msgstr "Laitesiirrososoitteen ylivuoto.\n" + +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "" -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta." + +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "" + +#: src/cryptsetup.c:4014 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "" + +#: src/veritysetup.c:66 +#, fuzzy +msgid "Invalid salt string specified." msgstr "Määritelty virheellinen satunnaisarvosiemenmerkkijono.\n" -#: src/veritysetup.c:88 -#, c-format -msgid "Cannot create hash image %s for writing.\n" +#: src/veritysetup.c:97 +#, fuzzy, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Tiivistevedoksen %s luominen kirjoittamista varten epäonnistui.\n" + +#: src/veritysetup.c:107 +#, fuzzy, c-format +msgid "Cannot create FEC image %s for writing." msgstr "Tiivistevedoksen %s luominen kirjoittamista varten epäonnistui.\n" -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" +#: src/veritysetup.c:179 +#, fuzzy +msgid "Invalid root hash string specified." msgstr "Virheellinen root-tiivistemerkkijono määritelty.\n" -#: src/veritysetup.c:308 +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "Virheellinen laite %s.\n" + +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "Avaintiedoston %s lukeminen epäonnistui.\n" + +#: src/veritysetup.c:392 msgid " " msgstr " " -#: src/veritysetup.c:308 +#: src/veritysetup.c:392 src/integritysetup.c:479 msgid "format device" msgstr "pohjusta laite" -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid " " msgstr " " -#: src/veritysetup.c:309 +#: src/veritysetup.c:393 msgid "verify device" msgstr "todenna laite" -#: src/veritysetup.c:310 -msgid " " -msgstr " " - -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "luo aktiivilaite" - -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "poista (deaktivoi) laite" +#: src/veritysetup.c:394 +#, fuzzy +msgid " " +msgstr " " -#: src/veritysetup.c:312 +#: src/veritysetup.c:396 src/integritysetup.c:482 msgid "show active device status" msgstr "näytä aktiivilaitteen tila" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 msgid "" msgstr "" -#: src/veritysetup.c:313 +#: src/veritysetup.c:397 src/integritysetup.c:483 msgid "show on-disk information" msgstr "näytä paikallisen levyn tiedot" -#: src/veritysetup.c:332 +#: src/veritysetup.c:416 #, c-format msgid "" "\n" @@ -1543,355 +3305,880 @@ msgid "" " is the device containing verification data\n" " hash of the root node on \n" msgstr "" -"\n" -" on kohteen alle %s luotava laite\n" -" on datalaite\n" -" on todennusdataa sisältävä laite\n" -" root-solmun tiiviste kohteella \n" +"\n" +" on kohteen alle %s luotava laite\n" +" on datalaite\n" +" on todennusdataa sisältävä laite\n" +" root-solmun tiiviste kohteella \n" + +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" +"\n" +"Käännetyt dm-verity oletusparametrit:\n" +"\tTiiviste: %s, Data-lohko (tavua): %u, Tiivistelohko (tavua): %u, Satunnaislukuarvosiemenen koko: %u, Tiivistemuoto: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Älä käytä verity-superlohkoa" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Muototyyppi (1 - normaali, 0 - alkuperäinen Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "numero" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Data-laitteen lohkokoko" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Tiivistelaitteen lohkokoko" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Data-tiedoston lohkojen määrä" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "lohkoa" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Tiivistelaitteen alkusiirrososoite" + +#: src/veritysetup.c:474 +#, fuzzy +msgid "Starting offset on the FEC device" +msgstr "Tiivistelaitteen alkusiirrososoite" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Tiivistealgoritmi" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "merkkijono" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Satunnaisarvosiemenluku" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "heksadesimaalimerkkijono" + +#: src/veritysetup.c:478 +#, fuzzy +msgid "Path to root hash signature file" +msgstr "Tiivistealueen luominen epäonnistui.\n" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "" + +#: src/veritysetup.c:481 +#, fuzzy +msgid "Do not verify zeroed blocks" +msgstr "Älä käytä verity-superlohkoa" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "" + +#: src/veritysetup.c:582 +#, fuzzy +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n" + +#: src/veritysetup.c:587 +#, fuzzy +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n" + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "" + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, fuzzy, c-format +msgid "Cannot read keyfile %s." +msgstr "Avaintiedoston %s lukeminen epäonnistui.\n" + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, fuzzy, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Ei voida lukea %d tavua avaintiedostosta %s.\n" + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +#, fuzzy +msgid "" +msgstr "todenna laite" + +#: src/integritysetup.c:480 +msgid " " +msgstr "" + +#: src/integritysetup.c:502 +#, fuzzy, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" +msgstr "" +"\n" +" on kohteen alle %s luotava laite\n" +" on datalaite\n" +" on todennusdataa sisältävä laite\n" +" root-solmun tiiviste kohteella \n" + +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" +msgstr "" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "" + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "" + +#: src/integritysetup.c:562 +#, fuzzy +msgid "The size of the data integrity key" +msgstr "Salausavaimen koko" + +#: src/integritysetup.c:563 +#, fuzzy +msgid "Read the integrity key from a file" +msgstr "Lue avain tiedostosta." + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "" + +#: src/integritysetup.c:566 +#, fuzzy +msgid "The size of the journal integrity key" +msgstr "Salausavaimen koko" + +#: src/integritysetup.c:567 +#, fuzzy +msgid "Read the journal integrity key from a file" +msgstr "Lue avain tiedostosta." + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "" + +#: src/integritysetup.c:570 +#, fuzzy +msgid "The size of the journal encryption key" +msgstr "Salausavaimen koko" + +#: src/integritysetup.c:571 +#, fuzzy +msgid "Read the journal encryption key from a file" +msgstr "Lue avain tiedostosta." + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "" -#: src/veritysetup.c:339 -#, c-format -msgid "" -"\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" msgstr "" -"\n" -"Käännetyt dm-verity oletusparametrit:\n" -"\tTiiviste: %s, Data-lohko (tavua): %u, Tiivistelohko (tavua): %u, " -"Satunnaislukuarvosiemenen koko: %u, Tiivistemuoto: %u\n" -#: src/veritysetup.c:377 -msgid "Do not use verity superblock" -msgstr "Älä käytä verity-superlohkoa" +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "" -#: src/veritysetup.c:378 -msgid "Format type (1 - normal, 0 - original Chrome OS)" -msgstr "Muototyyppi (1 - normaali, 0 - alkuperäinen Chrome OS)" +#: src/integritysetup.c:649 +#, fuzzy +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n" -#: src/veritysetup.c:378 -msgid "number" -msgstr "numero" +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "" -#: src/veritysetup.c:379 -msgid "Block size on the data device" -msgstr "Data-laitteen lohkokoko" +#: src/integritysetup.c:675 +#, fuzzy +msgid "Invalid journal size specification." +msgstr "Virheellinen laitekokomäärittely." -#: src/veritysetup.c:380 -msgid "Block size on the hash device" -msgstr "Tiivistelaitteen lohkokoko" +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:381 -msgid "The number of blocks in the data file" -msgstr "Data-tiedoston lohkojen määrä" +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "" -#: src/veritysetup.c:381 -msgid "blocks" -msgstr "lohkoa" +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:382 -msgid "Starting offset on the hash device" -msgstr "Tiivistelaitteen alkusiirrososoite" +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "" -#: src/veritysetup.c:383 -msgid "Hash algorithm" -msgstr "Tiivistealgoritmi" +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:383 -msgid "string" -msgstr "merkkijono" +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "" -#: src/veritysetup.c:384 -msgid "Salt" -msgstr "Satunnaisarvosiemenluku" +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "" -#: src/veritysetup.c:384 -msgid "hex string" -msgstr "heksadesimaalimerkkijono" +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "" -#: src/cryptsetup_reencrypt.c:147 -#, c-format -msgid "Cannot exclusively open %s, device in use.\n" +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." msgstr "" -"Kohteen %s avaaminen eksklusiivisesti epäonnistui, laite on käytössä.\n" -#: src/cryptsetup_reencrypt.c:151 -#, c-format -msgid "Cannot open device %s\n" -msgstr "Laitteen %s avaus epäonnistui.\n" +#: src/cryptsetup_reencrypt.c:172 +#, fuzzy +msgid "Reencryption already in-progress." +msgstr "Uudelleensalauslohkon koko" -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" +#: src/cryptsetup_reencrypt.c:208 +#, fuzzy, c-format +msgid "Cannot exclusively open %s, device in use." +msgstr "Kohteen %s avaaminen eksklusiivisesti epäonnistui, laite on käytössä.\n" + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +#, fuzzy +msgid "Allocation of aligned memory failed." msgstr "Tasatun muistin varaaminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:168 -#, c-format -msgid "Cannot read device %s.\n" +#: src/cryptsetup_reencrypt.c:229 +#, fuzzy, c-format +msgid "Cannot read device %s." msgstr "Laitteen %s lukeminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:179 -#, c-format -msgid "Marking LUKS device %s unusable.\n" +#: src/cryptsetup_reencrypt.c:240 +#, fuzzy, c-format +msgid "Marking LUKS1 device %s unusable." msgstr "Merkitään LUKS-laite %s käyttökelvottomaksi.\n" -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "Merkitään LUKS-laite %s käyttökelpoiseksi.\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "" -#: src/cryptsetup_reencrypt.c:200 -#, c-format -msgid "Cannot write device %s.\n" +#: src/cryptsetup_reencrypt.c:261 +#, fuzzy, c-format +msgid "Cannot write device %s." msgstr "Laitteelle %s kirjoittaminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" +#: src/cryptsetup_reencrypt.c:309 +#, fuzzy +msgid "Cannot write reencryption log file." msgstr "Uudelleensalauslokitiedoston kirjoittaminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" +#: src/cryptsetup_reencrypt.c:365 +#, fuzzy +msgid "Cannot read reencryption log file." msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "Lokitiedosto %s on olemassa, aloitetaan salaus uudelleen.\n" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" +#: src/cryptsetup_reencrypt.c:452 +#, fuzzy +msgid "Activating temporary device using old LUKS header." msgstr "Aktivoidaan tilapäinen laite käyttäen vanhaa LUKS-otsaketta.\n" -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" +#: src/cryptsetup_reencrypt.c:462 +#, fuzzy +msgid "Activating temporary device using new LUKS header." msgstr "Aktivoidaan tilapäinen laite käyttäen uutta LUKS-otsaketta.\n" -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" +#: src/cryptsetup_reencrypt.c:472 +#, fuzzy +msgid "Activation of temporary devices failed." msgstr "Tilapäisten laitteiden aktivoiminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" +#: src/cryptsetup_reencrypt.c:559 +#, fuzzy +msgid "Failed to set data offset." +msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" + +#: src/cryptsetup_reencrypt.c:565 +#, fuzzy +msgid "Failed to set metadata size." +msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" + +#: src/cryptsetup_reencrypt.c:573 +#, fuzzy, c-format +msgid "New LUKS header for device %s created." msgstr "Luotiin uusi LUKS-otsake laitteelle %s.\n" -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "Activated keyslot %i.\n" -msgstr "Aktivoitiin avainväli %i.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "" -#: src/cryptsetup_reencrypt.c:484 -#, c-format -msgid "LUKS header backup of device %s created.\n" +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "" + +#: src/cryptsetup_reencrypt.c:659 +#, fuzzy +msgid "Failed to write activation flags to new header." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +#, fuzzy +msgid "Failed to read requirements from backup header." +msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" + +#: src/cryptsetup_reencrypt.c:705 +#, fuzzy, c-format +msgid "%s header backup of device %s created." msgstr "Laitteen %s LUKS-otsakkeen varmuuskopio luotu.\n" -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" +#: src/cryptsetup_reencrypt.c:768 +#, fuzzy +msgid "Creation of LUKS backup headers failed." msgstr "LUKS-varmuuskopio-otsakkeiden luominen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:634 -#, c-format -msgid "Cannot restore LUKS header on device %s.\n" +#: src/cryptsetup_reencrypt.c:901 +#, fuzzy, c-format +msgid "Cannot restore %s header on device %s." msgstr "LUKS-otsakkeen palautus laitteeseen %s epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:636 -#, c-format -msgid "LUKS header on device %s restored.\n" +#: src/cryptsetup_reencrypt.c:903 +#, fuzzy, c-format +msgid "%s header on device %s restored." msgstr "LUKS-otsake palautettu laitteessa %s.\n" -#: src/cryptsetup_reencrypt.c:669 -#, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Eteneminen: %5.1f%%, ETA %02llu:%02llu, %4llu Mebitavua kirjoitettu, nopeus " -"%5.1f Mebitavua/s%s" - -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Laitteen siirrososoitteen etsintä epäonnistui.\n" - -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Tilapäisen LUKS-otsaketiedoston avaaminen epäonnistui.\n" +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +#, fuzzy +msgid "Cannot open temporary LUKS device." +msgstr "Tilapäisen LUKS-laitteen avaaminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +#, fuzzy +msgid "Cannot get device size." msgstr "Laitekoon hakeminen epäonnistui.\n" -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Signaalin keskeyttämä.\n" - -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" +#: src/cryptsetup_reencrypt.c:1158 +#, fuzzy +msgid "IO error during reencryption." msgstr "Siirräntävirhe uudelleensalauksen aikana.\n" -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" +#: src/cryptsetup_reencrypt.c:1189 +#, fuzzy +msgid "Provided UUID is invalid." +msgstr "Avainväli on virheellinen." + +#: src/cryptsetup_reencrypt.c:1423 +#, fuzzy +msgid "Cannot open reencryption log file." +msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n" + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "" -"Avaintiedostoa voidaan käyttää vain valitsimen --key-slot kanssa tai " -"täsmälleen yhden avainvälin ollessa aktiivisena.\n" -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 +#: src/cryptsetup_reencrypt.c:1504 #, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Kirjoita salasanalause avainvälille %u: " - -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n" +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "Reencryption block size" msgstr "Uudelleensalauslohkon koko" -#: src/cryptsetup_reencrypt.c:1262 +#: src/cryptsetup_reencrypt.c:1616 msgid "MiB" msgstr "Mebitavua" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." +#: src/cryptsetup_reencrypt.c:1620 +#, fuzzy +msgid "Do not change key, no data area reencryption" msgstr "Älä vaihda avainta, yhtään data-aluetta ei ole salattu uudelleen." -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." +#: src/cryptsetup_reencrypt.c:1622 +#, fuzzy +msgid "Read new volume (master) key from file" +msgstr "Lue taltion (pää)avain tiedostosta." + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "PBKDF2-iterointiaika kohteelle LUKS (millisekunneissa)" + +#: src/cryptsetup_reencrypt.c:1629 +#, fuzzy +msgid "Use direct-io when accessing devices" msgstr "Käytä direct-io -siirräntää laitteisiin yhdistettäessä." -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." +#: src/cryptsetup_reencrypt.c:1630 +#, fuzzy +msgid "Use fsync after each block" msgstr "Käytä fsync-komentoa jokaisen lohkon jälkeen." -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." +#: src/cryptsetup_reencrypt.c:1631 +#, fuzzy +msgid "Update log file after every block" msgstr "Päivitä lokitiedosto jokaisen lohkon jälkeen." -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." +#: src/cryptsetup_reencrypt.c:1632 +#, fuzzy +msgid "Use only this slot (others will be disabled)" msgstr "Käytä vain tätä väliä (muut ovat pois käytöstä)." -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "Pienennä datalaitekokoa (siirrä datasiirrososoitetta). VAARALLINEN!" - -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "Käytä vain määriteltyä laitekokoa (ohita laitteen loppu). VAARALLINEN!" - -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." +#: src/cryptsetup_reencrypt.c:1637 +#, fuzzy +msgid "Create new header on not encrypted device" msgstr "Luo uusi otsake ei-salattuun laitteeseen." -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." +#: src/cryptsetup_reencrypt.c:1638 +#, fuzzy +msgid "Permanently decrypt device (remove encryption)" msgstr "Poista laitteen salaus pysyvästi (poista salaus)" -#: src/cryptsetup_reencrypt.c:1298 +#: src/cryptsetup_reencrypt.c:1639 +#, fuzzy +msgid "The UUID used to resume decryption" +msgstr "Salausavaimen koko" + +#: src/cryptsetup_reencrypt.c:1640 +#, fuzzy +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Laitemetatietojen tyyppi: luks, plain, loopaes, tcrypt." + +#: src/cryptsetup_reencrypt.c:1659 msgid "[OPTION...] " msgstr "[VALITSIN...] " -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" -"VAROITUS: tämä on kokeellista koodia, se voi rikkoa tietosi kokonaan.\n" - -#: src/cryptsetup_reencrypt.c:1313 -#, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" +#: src/cryptsetup_reencrypt.c:1667 +#, fuzzy, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "Uudelleensalauas muuttuu: taltio key%s%s%s%s.\n" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "" + +#: src/cryptsetup_reencrypt.c:1670 +#, fuzzy +msgid "set hash to " msgstr ", aseta tiivisteeksi " -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr ", aseta salaukseksi " -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "Argumentti vaadittu." -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Vain arvot välillä 1 mebitavua ja 64 mebitavua ovat sallittuja " -"uudelleensalauslohkokokoja." - -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "Virheellinen laitekokomäärittely." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Vain arvot välillä 1 mebitavua ja 64 mebitavua ovat sallittuja uudelleensalauslohkokokoja." -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." msgstr "Maksimi laitepienennyskoko on 64 mebitavua." -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta." - -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "" -"Valitsinta --new on käytettävä yhdessä valitsimen --reduce-device-size " -"kanssa." +#: src/cryptsetup_reencrypt.c:1737 +#, fuzzy +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "Valitsinta --new on käytettävä yhdessä valitsimen --reduce-device-size kanssa." -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" -"Valitsinta --keep-key voidaan käyttää vain valitsimen --hash tai --iter-time " -"kanssa." +#: src/cryptsetup_reencrypt.c:1741 +#, fuzzy +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "Valitsinta --keep-key voidaan käyttää vain valitsimen --hash tai --iter-time kanssa." -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "Valitsinta --new ei voi käytttää yhdessä valitsimen --decrypt kanssa." -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." +msgstr "Valitsin --decrypt on yhteensopimaton määriteltyjen parametrien kanssa." + +#: src/cryptsetup_reencrypt.c:1753 +#, fuzzy +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "Valitsinta --new ei voi käytttää yhdessä valitsimen --decrypt kanssa." + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." msgstr "" -"Valitsin --decrypt on yhteensopimaton määriteltyjen parametrien kanssa." #: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" +#, fuzzy +msgid "Error reading response from terminal." msgstr "Virhe luettaessa vastausta pääteikkunasta.\n" -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Komento onnistui.\n" -#: src/utils_tools.c:191 -#, c-format -msgid "Command failed with code %i" +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "" + +#: src/utils_tools.c:196 +#, fuzzy +msgid "no permission or bad passphrase" +msgstr "Kirjoita mikä tahansa salasanalause: " + +#: src/utils_tools.c:198 +#, fuzzy +msgid "out of memory" +msgstr "Muistin lukituksen avaus epäonnistui.\n" + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "" + +#: src/utils_tools.c:202 +#, fuzzy +msgid "device already exists or device is busy" +msgstr "Laite %s on jo olemassa.\n" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "" + +#: src/utils_tools.c:206 +#, fuzzy, c-format +msgid "Command failed with code %i (%s).\n" msgstr "Komento epäonnistui koodilla %i" -#: src/utils_password.c:42 +#: src/utils_tools.c:283 +#, fuzzy, c-format +msgid "Key slot %i created." +msgstr "Avaivälin %d vaihtui.\n" + +#: src/utils_tools.c:285 +#, fuzzy, c-format +msgid "Key slot %i unlocked." +msgstr "Avaivälin %d lukitus avattu.\n" + +#: src/utils_tools.c:287 +#, fuzzy, c-format +msgid "Key slot %i removed." +msgstr "Avaivälin %d lukitus avattu.\n" + +#: src/utils_tools.c:296 #, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Salasanan laatutarkistus epäonnistui: %s\n" +msgid "Token %i created." +msgstr "" + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "" + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +#, fuzzy +msgid "Failed to initialize device signature probes." +msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui." + +#: src/utils_tools.c:548 +#, fuzzy, c-format +msgid "Failed to stat device %s." +msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n" -#: src/utils_password.c:50 +#: src/utils_tools.c:561 #, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "" + +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "" + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:583 +#, fuzzy +msgid "Failed to wipe device signature." +msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" + +#: src/utils_tools.c:590 +#, fuzzy, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui." + +#: src/utils_tools.c:629 +#, fuzzy +msgid "" +"\n" +"Reencryption interrupted." +msgstr "Uudelleensalauslohkon koko" + +#: src/utils_password.c:43 src/utils_password.c:75 +#, fuzzy, c-format +msgid "Cannot check password quality: %s" +msgstr "Salasanan laatutarkistus epäonnistui: %s\n" + +#: src/utils_password.c:51 +#, fuzzy, c-format msgid "" "Password quality check failed:\n" -" %s\n" +" %s" msgstr "" "Salasanan laatutarkistus epäonnistui:\n" " %s\n" +#: src/utils_password.c:83 +#, fuzzy, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Salasanan laatutarkistus epäonnistui: Virheellinen salasana (%s)\n" + +#: src/utils_password.c:193 src/utils_password.c:208 +#, fuzzy +msgid "Error reading passphrase from terminal." +msgstr "Virhe luettaessa salasanalausetta pääteikkunasta.\n" + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Todenna salasanalause: " + +#: src/utils_password.c:213 +#, fuzzy +msgid "Passphrases do not match." +msgstr "Salasanalauseet eivät täsmää.\n" + +#: src/utils_password.c:250 +#, fuzzy +msgid "Cannot use offset with terminal input." +msgstr "Siirrososoitteen käyttö pääteikkunasyötteellä epäonnistui.\n" + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Kirjoita salasanalause: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Kirjoita salasanalause kohteelle %s: " + +#: src/utils_password.c:287 +#, fuzzy +msgid "No key available with this passphrase." +msgstr "Tälle salasanalauseelle ei ole saatavissa avainta.\n" + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "" + +#: src/utils_password.c:328 +#, fuzzy, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Tiedoston %s avaus epäonnistui.\n" + +#: src/utils_password.c:335 +#, fuzzy, c-format +msgid "Cannot write to keyfile %s." +msgstr "Avaintiedoston %s lukeminen epäonnistui.\n" + +#: src/utils_luks2.c:47 +#, fuzzy, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Avaintiedoston avaus epäonnistui.\n" + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "" + +#: src/utils_luks2.c:67 +#, fuzzy +msgid "Failed to read JSON file." +msgstr "Avaintiedoston avaus epäonnistui.\n" + +#: src/utils_luks2.c:72 +#, fuzzy +msgid "" +"\n" +"Read interrupted." +msgstr "VERITY-otsake rikkinäinen.\n" + +#: src/utils_luks2.c:113 +#, fuzzy, c-format +msgid "Failed to open file %s in write mode." +msgstr "Avaintiedoston avaus epäonnistui.\n" + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" + +#: src/utils_luks2.c:126 +#, fuzzy +msgid "Failed to write JSON file." +msgstr "Avaintiedoston avaus epäonnistui.\n" + +#~ msgid "Replaced with key slot %d.\n" +#~ msgstr "Korvattiin avainvälillä %d.\n" + +#~ msgid "Function not available in FIPS mode.\n" +#~ msgstr "Funktio ei ole käytettävissä FIPS-tilassa.\n" + +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Vapaan silmukkalaiteen löytäminen epäonnistui.\n" + +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Verity-taltiolla liian monta puutasoa.\n" + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "muistivarausvirhe kohteessa action_luksFormat" + +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Avain %d ei ole käytössä. Ei voida pyyhkiä pois.\n" + +#~ msgid " " +#~ msgstr " " + +#~ msgid "create active device" +#~ msgstr "luo aktiivilaite" + +#~ msgid "remove (deactivate) device" +#~ msgstr "poista (deaktivoi) laite" + +#~ msgid "Cannot open device %s\n" +#~ msgstr "Laitteen %s avaus epäonnistui.\n" + +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "Merkitään LUKS-laite %s käyttökelpoiseksi.\n" + +#~ msgid "Activated keyslot %i.\n" +#~ msgstr "Aktivoitiin avainväli %i.\n" + +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Eteneminen: %5.1f%%, ETA %02llu:%02llu, %4llu Mebitavua kirjoitettu, nopeus %5.1f Mebitavua/s%s" + +#~ msgid "Interrupted by a signal.\n" +#~ msgstr "Signaalin keskeyttämä.\n" + +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "VAROITUS: tämä on kokeellista koodia, se voi rikkoa tietosi kokonaan.\n" + #~ msgid "FIPS checksum verification failed.\n" #~ msgstr "FIPS-tarkistussummavarmennus epäonnistui.\n" -#~ msgid "" -#~ "WARNING: device %s is a partition, for TCRYPT system encryption you " -#~ "usually need to use whole block device path.\n" -#~ msgstr "" -#~ "VAROITUS: laite %s on osio, TCRYPT-järjestelmäsalaukselle tarvitaan " -#~ "normaalisti koko lohkolaitepolun käyttö.\n" +#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n" +#~ msgstr "VAROITUS: laite %s on osio, TCRYPT-järjestelmäsalaukselle tarvitaan normaalisti koko lohkolaitepolun käyttö.\n" #~ msgid "Kernel doesn't support plain64 IV.\n" #~ msgstr "Käyttöjärjestelmäydin ei tule plain64 IV.\n" @@ -1908,15 +4195,9 @@ msgstr "" #~ msgid "Cannot check passsword quality: %s\n" #~ msgstr "Salasanan laatutarkistus epäonnistui: %s\n" -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui." - #~ msgid "Backup file %s doesn't exist.\n" #~ msgstr "Varmuuskopiotiedostoa %s ei ole olemassa.\n" -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Tiedoston %s avaus epäonnistui.\n" - #~ msgid " " #~ msgstr " " @@ -1935,12 +4216,8 @@ msgstr "" #~ msgid "remove loop-AES mapping" #~ msgstr "poista loop-AES -kuvaus" -#~ msgid "" -#~ "Option --allow-discards is allowed only for luksOpen, loopaesOpen and " -#~ "create operation.\n" -#~ msgstr "" -#~ "Valitsin --allow-discards sallitaan vain luksOpen-, loopaesOpen- ja " -#~ "create-toiminnoille .\n" +#~ msgid "Option --allow-discards is allowed only for luksOpen, loopaesOpen and create operation.\n" +#~ msgstr "Valitsin --allow-discards sallitaan vain luksOpen-, loopaesOpen- ja create-toiminnoille .\n" #~ msgid "Cannot open device %s for %s%s access.\n" #~ msgstr "Ei voida avata laitetta %s kohteeseen %s%s pääsyä varten.\n" @@ -1960,51 +4237,26 @@ msgstr "" #~ msgid "Unable to obtain sector size for %s" #~ msgstr "Ei kyetä samaan sektorikokoa kohteelle %s" -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n" - -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "Avainsäiliöstä lukeminen epäonnistui.\n" - -#~ msgid "" -#~ "Cannot use device %s (crypt segments overlaps or in use by another " -#~ "device).\n" -#~ msgstr "" -#~ "Ei voida käyttää laitetta %s (salatut segmentit ovat päällekkäin tai " -#~ "toisen laitteen käyttämiä).\n" - -#~ msgid "Key slot %d verified.\n" -#~ msgstr "Avainväli %d on todennettu.\n" - -#~ msgid "Invalid key size %d.\n" -#~ msgstr "Virheellinen avainkoko %d.\n" +#~ msgid "Cannot use device %s (crypt segments overlaps or in use by another device).\n" +#~ msgstr "Ei voida käyttää laitetta %s (salatut segmentit ovat päällekkäin tai toisen laitteen käyttämiä).\n" #~ msgid "Block mode XTS is available since kernel 2.6.24.\n" -#~ msgstr "" -#~ "Lohkotila XTS on käytetettävissä käyttöjärjestelmäytimestä 2.6.24 " -#~ "alkaen.\n" +#~ msgstr "Lohkotila XTS on käytetettävissä käyttöjärjestelmäytimestä 2.6.24 alkaen.\n" #~ msgid "Key size in LRW mode must be 256 or 512 bits.\n" #~ msgstr "Avainkoon on oltava LRW-tilassa 256 tai 512 bittiä.\n" #~ msgid "Block mode LRW is available since kernel 2.6.20.\n" -#~ msgstr "" -#~ "Lohkotila LRW on käytettävissä käyttöjärjestelmäytimestä 2.6.20 alkaen.\n" +#~ msgstr "Lohkotila LRW on käytettävissä käyttöjärjestelmäytimestä 2.6.20 alkaen.\n" #~ msgid "Negative keyfile size not permitted.\n" #~ msgstr "Negatiivinen avaintiedostokoko ei ole sallittu.\n" -#~ msgid "" -#~ "Warning: exhausting read requested, but key file is not a regular file, " -#~ "function might never return.\n" -#~ msgstr "" -#~ "Varoitus: uuvuttava luku pyydetty, mutta avaintiedosto ei ole tavallinen " -#~ "tiedosto, funktio ei ehkä koskaan palaa.\n" +#~ msgid "Warning: exhausting read requested, but key file is not a regular file, function might never return.\n" +#~ msgstr "Varoitus: uuvuttava luku pyydetty, mutta avaintiedosto ei ole tavallinen tiedosto, funktio ei ehkä koskaan palaa.\n" #~ msgid "Cannot find compatible device-mapper kernel modules.\n" -#~ msgstr "" -#~ "Ei voida löytää yhteensopivia laitekuvaimen " -#~ "käyttöjärjestelmäydinmoduuleja.\n" +#~ msgstr "Ei voida löytää yhteensopivia laitekuvaimen käyttöjärjestelmäydinmoduuleja.\n" #~ msgid "Cannot open device: %s\n" #~ msgstr "Ei voida avata laitetta: %s\n" @@ -2022,15 +4274,11 @@ msgstr "" #~ msgstr "muokkaa aktiivista laitetta - VANHENTUNUT - katso man-sivua" #~ msgid "" -#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case " -#~ "you really need this functionality.\n" -#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, " -#~ "hit Ctrl-C now.\n" +#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n" +#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n" #~ msgstr "" -#~ "Uudelleenlataustoiminto on vanhentunut. Käytä ”dmsetup reload” siinä " -#~ "tapauksessa, että todella tarvitset tätä toiminnallisuutta.\n" -#~ "VAROITUS: älä käytä uudelleenlatausta koskettamaan LUKS-laitteita. Jos " -#~ "näin on laita, paina nyt näppäimiä Ctrl-C.\n" +#~ "Uudelleenlataustoiminto on vanhentunut. Käytä ”dmsetup reload” siinä tapauksessa, että todella tarvitset tätä toiminnallisuutta.\n" +#~ "VAROITUS: älä käytä uudelleenlatausta koskettamaan LUKS-laitteita. Jos näin on laita, paina nyt näppäimiä Ctrl-C.\n" #~ msgid "Obsolete option --non-exclusive is ignored.\n" #~ msgstr "Vanhentunut valitsin --non-exclusive ohitetaan.\n" @@ -2044,9 +4292,6 @@ msgstr "" #~ msgid "%s is not LUKS device.\n" #~ msgstr "%s ei ole LUKS-laite.\n" -#~ msgid "%s is not LUKS device." -#~ msgstr "%s ei ole LUKS-laite." - #~ msgid "Unknown crypto device type %s requesed.\n" #~ msgstr "Tuntematon salauslaitetyyppi %s pyydetty.\n" diff --git a/po/fr.gmo b/po/fr.gmo index 950e0facb808ec8bdcdda5170ec0bd0d697371ae..7797e6a2ce06e57be6c33986b1d08b325913249e 100644 GIT binary patch literal 113500 zcmcef2b`Q$)&D0_v!Ha4{!o_eLS|FwA%ql?5J)2pBE&G+o!uR>yR*#fBrJkpp(uzb z0(L=^4uV(^M3IP~Vh0QIf?xv+V!>Yi-`_d+DKk48!t49_KgqMd=icYmbI(2Z+;i`9 z=cyexziLb_mz%saN~ac!dz}g@Op3$@H5~b z_#JR6ICD`hcM*6#sBl{@&gFIjcLyH=^Wb#wkKi%jVJGKu$AN=j5xf&@0e4-J%N+#n z2S(rt;DKNXJRH0n+zb3NxIOp`I1T&*cmOzQX)d=XxEve@o&|P*?*q369|3m)zXR?E z{u~s2wpvD6!M(v(gGYipg0qAFso<8lE8x-KFsSm}4NeB154hLzTy6sHMc{Psd{E_h z091XS1CIpTR(Lti09C&sFb}>D6n!5CmH)FKB+b199tF-mg*t+71P=l41UCnt1Vy)J zK;^&nsn8NU3WPMdMZx`1Q13qn?hQU4aI2NM+`hP5!4tsQ;9T%>@Nn?^;I`nlugm2Q z1$PHk?ggOeSOG=<_ka{3cMqs^wm&VGn+2`}74Adec<_s$%JG}EMa0oDVMrVY%G5LD6;J*Zcdq;1Rel0o%YYf-2v0pz8VR)gJy3P;^=fP6y8c zmG6CE1nzQ1E_X0^1h_9)07d6Ffv*K`2NnM-;BMe=!3f-<;Cy)y*ou1=xF1*or+}A& z)4{KRYL~6nzZ6tD!{Gkl6`;yh;J z9{gVfRi2%?$O}9g+ygunR6VMo+T;BJ9|lFQKY^m-j&#mlz+=D&JQ-BGRlp;`kAf=K z6QJn7SGUJo3M&0`L6!4*FaqxdRn8xS2Y`PJxLc3&|1sd6_?JMn?}ecH@9m)a*^}Tj zaJycw_d-zoc@}secq6zo_$atL_zc(%{sTM?Y%O`ZMNsv82dMJg3M&2va6j-lP;_lM z)7w1{w&I=x9tHM+Cx9OZ+rSsV+2C$#J-=0;`tQY{%KLusMDRxe59~vJ<1T~h&kumF z0sjCh-k5$b|IXmSxH~}c-%9WpumY-_cYp_h-v(8_zks6K-UA+fHn5K` zBf)Jc+-~6Upz=E%RJ*SW?hk|FhkHQr&r{&`;MifW?;fD~!yHiUcM+)exD!r#s^5-pboo0Kl>0nT z;cf&K?z`Y?!M}$0JDl(Dj{*0=zdN`u1dUFh+VgQx_1XLaZ-?=q%0CA@6fA)%?}tFq z=j))#`EPJg~D|JOKAOU<7^`RC&G#?h8Hv zsy=@Q)gA|5=z@0B~J#GUy7x#C-}Bf4>N-JvO_{`FU^f zVBE_Bo)1dS+yWj5J^+f&KL?Kjw|IxsVH&9PR)Z>k1ynm-1?~WT4xA2t9aR6>_Hs{W z2B`8Bzz*=L;QwV%@qY%Y{#(D(+j$(Q^34R5PCqC<{V1q*_yVYQ`Yw1f_`C3a#ucu& zt^$?M?clcHlc37?JgENg4^VXKc$dqW0WgpIc2N2L7*u(;e7EO61yp)va0d8ca69lP z;6m_4uoXP+N>8T<9)kNyQ2t*8BkRW|oxzr?9QOs) zK8FSOiC`P<)u7t-5>V~-QScz}VNm??0;qI%z1qWffXeR_Q0ZS2{BHx*o{xi~^It*H zVdrZ+-Qz&iOt9rx3q=r#6(@FqABRQtRe+zEUT)cfxT|9^p#apyneJ9PlJ=dzk#afAs_K@3&EAR&jVGCAAq9Uzrka`ao2iz zJHdIluLRW|{{xN(x4F*KISN#Ldcc#wH-Mu1!{8C%&L8#kP6~K2co_a0K;`#Wa1prQ z_1>Omfm3il1D*oz^)c`FL*S{nKMn2!zUJeuALT*1T&@Bt-OX5jY6`DqO(KD#=&9|dRN&fVmC@J#S%oR@-gz=y!;;I=o@H^2qpGVpeAF8HcjyuK%b z%I8hN{dsUI?mvPjf)j6bJ^2lw+VN3P<=)~p=04yQ@O1D~U=O&%?Vj&2cpUC~!ExZ< zL8ZI@9iH!MQ2cu}sPaAxiZ5UD3FoWBK-I4Y+zq@LRJ(l%6n{Jp9t3W6r}y6uQ0+Gh z6d#=f?hn2P6rX+;Tmk+n_|Le@`MwK`@V^}F06zg93qA!-2lx7<%bQi;ez>b(1YQLy zpU;4^z;A;p&(3!{pBw`!|1R(l@M7>_@NV$6;8URJ@)vL-xbLSt-eOSx!=UJW9jN$E zfU4h?pZ5A63+{ru463{rf-2tzQ1tpacmVh>P;}q#Gam2t;Gwv$04IZA2Gve~0o%YM zKkNCQ0Zzbu38?(<0bc|D4BQF)BdG9O-Q(q-2r675xZeTJ#{C6Q`EUL?&vyo>a@D}o z!1sae;7j1q;J)`df2{;nzRSV6;Fmzf8+)IZD-Wu@R)ONv%Rq(yLGW++yoWm)JPrR6 zsPaApioP#^l8d|E@8v!QRQvUSdx4jOdxN)vO82YaF5o}Gt-u|>;C7!qK$U-Aa2s$Q zcsRHmTnb(as@P|MLvRYX&qJQhO7Jk;H-akflVAky_!Z~NLqV0Z z2C;rnx@z3d?_~imn z^!+-h_IVaO27L8bNn;G{2#OCDe$D;Yg5tLuL6!6SpxSrr*Illz0#CsGNl@wj0~DQh zeAM-$N#Ho#GeDKI6x?qDMc;32rb z52~K8`lj>uL7>WU61X3DCMbTr3_KY83@G{Y40s^8ad~$Gsv z{1&MCJ`YX;b3b-EOa>KxF1Rf?AIyU*LB+cm+!4GEd@cAXQ2BlX6kk0CDxZIWs@E1z zdN~dZI2lxZri04&Bv9eb1NQ_!2;M%1@e5pmyZb5U-}}Ko;{GAH1@9ky8r>N8cYi|N zz^-Sog@fas&E-AwsT5{bqsl zai0!K9^4Eb2tE!f-rvDvz=^+hKI{Vz!hIendVdU5_-}yfmwy0v01x<$*Y|KxbUg{& z0_*`#1pC1m;60%F)!)JS;0eEV|Es{|xPJg13FcpLy|f6PjQb%__1o=t-tXst({P^y z?gM@fRKNKlcpCUTxDuTGqW6Q3fJfne5!@VX|Gk&11DuX~7!;lE1wRZv0UjX#Ke*oh zA#ft@m%s_&K`_T8a0PficnSC>aO*$$dfD4S@$HM?TyV3Oyxb=RJRh8l|J~pK_zO_w zUjApsdhjmrQ1HmVIDOWF%W>ZhE&(_DE3y|{0rrF61J{Ey{^or7Ik1R(kH7mo3kM=H12D`Dc}=e0o>(Z*o?sS;8gG*;B@e)fBSrC z7*sny1Rerz^&gLaD5(4gz~jMdLDBK&;2dz5+!&+B>0k->JHcM?Z(uvPX3QAl%gewc zaX$izuDMr@v2;%WkHC2jxEj0*6o2io*%+(e>p}7FHK6MA0H}2T0ji#@4C-p%)u7V3 z0u;YJ42nK~29E{wd;CN?Rh<@`aTY- z9RC4Z!HKVNx~%}$;eIE0Cb;ExUaqsikKq19a4*_^jLG|Vfa2R5LAB$ncNmi!0{g+W z;Ip9kYvGP#Y&^LF+ynQGp!(~Bpz8e#Q0;x-PGfSf0~dg5$D6=u;4`4=5$){so)3=0 z{SNS8@YA5^_LJZ~Y?m=6_f~^S@2%iX;M1Vm|B_ujzYSm>_iwJ^t-|FxNihi zj>kZ&-)qO@*5K|3mEX6)h2ViK?yJ95LDBVb@ECB*J;sM;zeoDYHOFKzoc zo!5ZsFV}+a2Y&#He=7Tqv2oxNpxWW7cXz-i!3g&j`+Io~0@W|h09D>A!3E&cpy-@G!1?_hpy>G}Q0?{yQ0e9m^m?xV zC66uz)i1sao&Y`vs{WH&y*%#$mERMf=>O`2y!^|-Q*plwl$`n%DEjU{&f8}msCHNj zE(31|XM?Y5b3Qo%RKI!~C_cIm6uqAh?+Q134W#s8lHMeml0-i}K_mGdK@+U;kc=)KD% zr_U--<-8OW9exNZ+}4xF*!=KlQ2qQ`Q2p;wQ1$s6xCqQ2>gk*Z-iP~EQ1$3J%-i$h zpxWUXQ1P}q-23k=Q2Ct;c7wNpqT^0SIDel6svlhrD*p|j_~mz?%DexOE{DsY;ctZZve%=&w_h^ZPUCRXMvIn z*MQ=KZ-OfC*yG$iA5^@HLG|-*fa*6pO!xYp3BDHhXTetR+o1ZvpTX(i#2M~B3)~g= zt>8i6gP{2Gc~JG+VW#uLLQwC|2Q{wV0II#74E{UM@^SqbQ02G?JP>>uR5>?4-qSk~ zRQeZ#qU$F>mG66?Pw!Mv`Cbq14So$&y3c`w;H&3&I&TCAaDNn3f7)TL zx5sL5XWVCjs{cix%JTrIcHHs=Z>N=@@_k>x?}O4)cADq>`g&0Hx(3_{d=Xp^ZhoT6 zlXF4I%{xG~+uuRaY0^oaZx1NBavi9C^J`FY^_clSUVZ?SeEbTy57@rI>2U(6`kx8z z3%(09IS*<)_${dXc3bFtwh%lD_hq2?^&wF0^a7~z9<<2$`oo~{6{vEKUF`nHf$FE_ zfY*cK;~#*Q&&giyg`oKOj)1=fr{f;K#QSYO_z>=of<0jGQm@CiL8bE-uovuDHpbR% zt^wu0)pG9#(?FGLC8+Ye6SV#Ws+~4l;q{#kO5b=RxEXjesCc)7k~=>I)sJ^L#ox~W zCC6ri%C7pfg2C^>L5cslqXSOE83?d5qBcrxyXK&89e8J^B6Q2AX8D*V^M zw}SbCm+zC{Fz&yD%fO*E-p*eIBixfZUH@GI-i!NAQ1n^b<#fIQd=Kv5gX*sr6`d}R z1>CvY!!H9x_jiIT!0&^v2lG8%?#sY4a6bjA{~g!s<+>CU{kACieBmrm^!Wy;dTxKF zr@sPRj{99;7x+u?OmO~MA4fk69*;ZM=jELZ_ThX2tb%jsQ$V2pts|6Q2qaUa98j_Q2g>EP~-gWXSqB(0aSffflB9E za60%+P;}a^GREvB-JsHMsd~H31U0_D9b5?B2P%Bake9yzO3vN_svkW9D*V5}y}$`I zr_+2;{r@gd{oqAV{c8VpUf)Ha^1TF9eI5Xh0G|d$&t2C$o(3xZwV?R$yP(?pz_UG{ zwV>MT+o0sxuEWl6$ASCeeh(Odp8`dv$3gYuUCwcOoB=BSb)fpyFG1CJ!W(?txd;^f zZUgoH2~hF(KiB6|{a`EZi$SG-JE(U4EvWh&ah}tuA5{6T2bKOypyd7hH+uc91}nH9 z3GQRg_x$<;ej1b<_!qbuJmvzY;|D;|`7uy(Z>KjoKQ9K=Z*Bu6fBp`NZWG=-CU+&c z4pjTKyv55q9aK7R1Jw^73Aou?UA|5O55&I$s(#mik{dq(w+85ta#g)+ymg-LGjs1Z};)>Oi=Rl25>R>Bd`-Z_|h@COTf#)uY$W> z=IK8JF2TM1J3RkRa8KM7L?rm5-2*n=ABNL3qbMT zBj7>uzry?N;h^YpHmLf39(*VG8}JnH+;@3B9s|`+w|}?ua3}D~ zp!(qt!8UMhJOToO6}Sw@-u0cmJ!sz0Ly9$9+F2 zxqs|6-akJJ?uvV__j)@X3aUIcQ2crkxI4H36y5#@l>V~K`@H|m1rNdfMo@ft3n+U3 z98|v>`+gsXCV;BX>w^0&p!&-lpybnUK=p&YKj3`41QZ?CgW{Wyf$FbMfIZ+2A9Vg0 z2G7HN8>sjPf5`cFHK_i4Gq@l453m64{b8ry`Jn1|52$hGB~Ws$@DZ=?4WRh*0Z{4w z2~_^=*9N%+M!2s7#Rm_9CxBaC=lLxHC5O)fBk-M|`0q|o<#`$uzmEB+k5|jURk*(x zaPRBKn4R$rpycp>z(MfHk9qi;z;ki$^l=Y&1^9E^JKx~#@pn-4KIlfL^CD34;2i;P z09BqZg1dk(faAc;Z}NUN9_+$>1t_`l5-9nx$IWAMTY?d&`i=vomk)x{H*NvdUXO$7 z7u($8?R5;;i~D*|?Y-@-&QHgJlW?yECAU8WN{&1Ss();D+ZbCHIRI?IJrR5rcuc@) zp!Db&pvtutG&u@zhg{pEAS{#beJC8=YZm$H-p=Op8+M0z5>1md=@N#zX!$VOF!X!aRI3O zzs8?eZ-$=D^J_uHd5JB3+-fIXS8`9ry%lk931Ppi#KQG=p0C3H&%yl? zZmN+xk$W0H zf5ZPgP;}Du1kZEuTLH$`*3{>H!ST`H{}f^3>t{Tl8T?Phb2)DDiLNI@xLrZXqLaaO zg#9efCxv$kSIFddjXc8jOZ@-C^DM%C3hazuWbo_Z`3S;3$9-r>>k9A?%C4)I=eeYD zI=DN2-66~q_`Qj{LYQqqUEc+F;od-)`*6<>{(l9Rh39|Ze`k1B99@Uv{u=l=cntSL z+&7ZOPeJjut~}3u;6dQ@PzHOE`SY9bd;$1Ecy1-^j>L(tBY6I6a4Z5Bhj;V9FBA5c z!Tl=gsy=@Q_s-n!;YLiGJbQ-c0hJ+?aU2okXXAeg_uFufReKTU>5$fg0rv(E;{JYcE9$v~ zyAIq8{2%c-!^1y$cN*^wU`yULf4#+`3Q~>^cGb z9Dbd_y^yq{aw zbG*NX=O2bNL;ALsrc@2Y z_h~$9e4fR-kAk}H<~bk2?h6(OqpP21eFLgXI;5`Sxpxll&4WKDa%(K?Bm6w>OStzU z%wybN;Q3>`TfvRWW!Jaxi?1z$-`2tJ*Sxr!d;8$th5TO|!n_##F6RB?-2cXZ+fY87 zx%uJ!ZTO>3<=&3_BJh8>j|}hr2F}ENF!w~BKf?WOp2w5Uu}UOde*<6Qegk(O?@t5A zg*2Yx`4{-<`Vlu%{M_lmJt0#bz5fSsw&F&ux9ckYN)L*!zurU`^h2{BTo^Rm!Z0L01v?7YOrxZs}KT;Nkd9<$ev% zx}FMg4kn$I_&pf>@AB8l-$#T0?0{9?%;5eO_m8=c#(#&9*6q0CYcC$ULYyB2&%cLo z@5leIJYN9r7T$dioQnIW_|N0Hg?k^$)`I&c{Ey;(62B{Pe~#zx@_aa`>*w76#{Uwq zCJ(NEa(@TEUBO!jH<#z_!FT9oxEA0y%=7QKf6Tj2fNxSdJl_H88V;!E*K@a1rheZ4 zgy%TK88Nc0# zHxyo;5&ZAR?=GHyhW~fL1Hg}g{{kQ8zMbdS5$5OIMQ&Y_!2`Hg2e)+l?{I%TxQ`-E z_S!YLkHhm3p3e#H1tHKu)a#r0eG&I@;oS_W#u7VfVE_xXgIzD<>4Z*lAi{yC&`CeQCB?pwfB;Q65(N8x^T2*YFU-Q4TA$B_OFA&mSN za{r2Z2k!m2Cv#6A-d2R$i~Ahh`+~ZDK)egM+j#yWxCQ?2=Xn?I*W>;pxCHz#cr9sM z3O)kvh~MXUZXx{ddA<+7_*#iu*Vup`=H0VA?+N}2e29Bec&BiCh3AR9U(NHW;GU%0 z4c?6V4dCy&ze3n=;AT3CK!Ufpzn}!d^%>qR<=v0CpXI&@|HHu7fnVd@`?=$5InQ0( z2jj7dFpq>64+VTLe!GP5|KM2{+2tPK`Cjk?+;h19z&(uLw+Z_vp5yDh5N9PGtvvr5 z+@1R!go|+hG!6*vqxj%Az*)h6Z=OHN^9;hT2EWYx9sHJp75sX5K8a^tr*IE)x2k|# z%N*?Qw+I(sKO)|%xpmzW@U6W6H13JSeK&q3o-g7)H@xRD_dNH5df<9<@c$k7VeZf1 z_dU`$gy-LKAISX&?)dsO&(nir9pUx~?=Hh{Jry{^Z7J>hqtKE1r?$h?0Q{tLPH;N9lgg89r&f)nT!Tl$2h ze-Hj&;=Y%6H-O*g-VOhqxpxcU@v`fG`1>W|Zo@lW5x4^P54gwSejnj)2G8d1=8mt+ z@&6?ETEgl2D!5a4-UZe=74tw{4Dq>D*OodliV+IZ$1Y) zaF6Gn&b^Ggm-}4qE4V+#eGm7e+|P0UlY9HQgy){leLD9b_glH&%Y7U71Kf{sKgaz~ z?(I*YZMcu(p3i*-_Yn6b+#lq=llxKbpK$+)d;58W=bp~JjJucn3zWT`y6GCr{U5Fu z@zZ=&SL`?LPPcQ(Z)1IC>$}I8+`-#ydqSn9I?U&t#t&U_x@Y4T(=M>H&FvNb^Sqnt z!7WYsZGk`;kDtPd9`aj`pJYtd?*{y);HN95;ji$Eb)(pC1{3{wE)&=5V*KKAs{NG5 zC-IxE#JJ+P|HN-6+zKPzLE)m$_*xszq>csrRAyaqz2Ax7KJJy!=N|l|59x}-J&)f+ z_e%Ws{Om}-1^C5rHNL4V-^1^ShPd0@<7*@GRy}mZc@=r5u~Y82j^D(utHEz73Vz%N zrt?mhaT{}A@bw2c7Uu%;0Yq*uhCHNi9v)Xe~@cTm(zuegQ z%THQ5B|5&?U8wa9MQe-0)zUe|Xnkp@H#&9M(x|`ORgBt()|aEwz)-O=Q0TKT?S$y- zi`EpQu5xWnU$LvBCD$^w&^c5p4@`?n)u=pBjLO|p0D4^r~3dXYNCj{0iq@2dsx4y&`)J3+p9g<2K3ZI;R@av+UDkv& zw8FFm_6@0ILK}^Hiv=;4+B`%UA1zrp*J6%R=6*^Z2vT3SYMn4g|kcj)QE6mw>bT-wKK;@@jL7F;;MCuoTSrN9Oywp z&^T?Ky|iqn8n!)QgT*sXI)0Avs@h?a*SSO(@0CNPepQ6X{i8;jtVk_m=Z%O&*^2$; z%5YREo>ePVid{-cMP5uf`ud7}^bbT!S5^L_PzFXU7&ki&C9qnnQCr-Z<``u|XKI&d zTS9^^0V_3i?hbi{t}Z!aWJ+G0GGocYdE&F>1KkLvYHzU%nbX}@LMT?U(YojmkdC(l z)~mhC>_^&kgHB1az``bv*AzO})&`^g!f@1Ct|&K?Zouy&xlejrktO^(UiPpm3QhJw)zCN=fQ6Vj+qth!^!#J4{qk^0u^v1M#$U%3j;R$x7Pf+sXfejz1$PLc{PPb)Yq zF?(*w9T4f75lfQjTysYz3B&VjA4kMo!RPp*6%8LHu&h|6T?&5*wLXqLXOka!s}VFBpq0}T2`$ZB!OdeZ=;iAQS%nm|GpZoNqWnp;9tB86d@ z;TE#0Bd5I|nzkZsf;=)&Qc%s@Hp3u3np}Q*Ji)F3RXi zjp1C6t4pdOxNAbh3o4OmGN$^Zey8R0L&Nm+srox@Rdkx`hpRFnQU$2aH&J<{8u3QM zdaShMrY6JoM!X`=D;HpfsjF$bRR@cmQXSF7AbCf$9O*)7<;a&bj0O#+Bd3__7|ZBu z%VsTExp-Mr9fpPbGfZKuLX@GBDWa{_x>$sz!3s2SVAPs*Tvainxok=liNB^%=mde= ztF=LK2TU&ZZS8^`J7F&y@6#*@PrtGfGmNTWu_8Nj-m>{8#RY9lvoV3jnpLCjf;7Sq zE|~$?G{ZYq-2dx_Mtk2?9vC-7e;DfQC4OJ2XMh3@_mvrp89Jsi)d*EtQ)V7fsFaG; zC~vitPVB=t@odgw+BT)B_4O$&bT3y%s5HYx&j92Jax*C~fz~s2RyzxoF4Tj<+CsE! z$-D*a#xf>FrQ)4`~}R8^~zTl^|kS@0SfDs)OKwb4g%Ehez%9<^yyiv4W( zFVu$0oqfeZCF<@g^r&&;OLH?_Z!s5sePS1_qm3FEeI^pPx4%$XTdy_DEDfk%WfiB8g+@yRvvZbdMAAY+ ziBuFHUdBUL8!{5komm>{FQ9m7s@UCELq*phl?&cJNrMPds+iDL;UpV+(UlnG;+PP_ z^nJ^od=pJ5@XyG%5^$k-nYfG(wQA@T)}(W0&m!$I>iC)En$6JDp~>fnQtkt(z4mdD zEhWkvB%ifzHlakQ{x8#k@IGzb@&ks7EEW`na$TuQ>;OHj8*27z?O;>zvubq5pO)kA3PUxlKZ$~7 zlB-rLX_n^A6M8ib88--TqV>I{&R&tKIwZpqT?b;M*_Q__Jj#=#$RrU^4V({imC)IP z6$lNi=3{tU710=1VbnCbg7K?b?2*Ej9mF#ur3$CAA3kYvWK;G{O4+PkRD~K=P}HHe znj+|eO(-(5hH=xuAw4$cNat5UoD#CQFp$xZn@}Fo5*LU*)CMA#23)YJ-ClVD|I1Ru zMQCFxRbg~@D})UK?I{cR7?xHF+0A4SVHYvgVKM{LX!Kpr9MJ~ZxS2g%MkSgOj|EP^ zAl0KbSGi2cwr2UHNdkCvX{@dw$IAUtRo0kTOQ_G+lG~I529^yo8XNSo?BIn6fkt_o zs#>Fj>nbL~DGi$r{&CNc+ED4&oF=@J0?-l78%TL8mU0^Llg@qI$OJMn#Kt+bkTpdt zU;_s-VH`x2LBXbPpk(8n_kq#oLrJR#8HHvR3^p1lC_2nVC9lF+Q$F zgAfTaBdLF*kZF8R5k(esIMWgaN*Q_B7&a+zc##gAc*Nz&v~Ld+!cY)ZJBcp;(m;1P zDxlFOK^h_=ojZ%wYBX3W$r3r7#KzV%R6;Uiz_+2NENiD}HN}BcmX8c2CLAS%7c!3$ z12NEyY6E6uM~%|RYZmmnQ7e;pT~yc!D^mYzbf|cMoNTIhR(jld89Kr<9X#L*;)lEhE$~~sV)E6f0QO4k2aHNVQu@?~8cA`Bym5+K zkkL|%{Vm%<Z-c=c+UOcwrzhED=#M4>{P>9H|zwOCxM zm7hR;Y{XcKlH$d0Qwv#4(}sYx0h?L)^fiet$x6-Ws`OL@>Do}qh5&iO1bsy1Bn#^v zDSy_5FEq|qH$f(-APIk^nx2birqz9F=V259(~l^FwR5p6)!ph+7$3_rWFYR*2_el)TG{fV+$9wy}@je(0jX*1E*TC#OJg)!YtDq&$A79UM5 zGQq`VZ3Oc9XX`n>s<)9Su`$k#G*xD27`m9MQl8VCU03B#(~KM_ty>jl1msxmm;E%> z@~n`Znz&QaHtBgSNsz=~8=6$n0uvgCWsSIL!Xsj(rrtDAwbrR28e^04gTHD20#d(# zMGH+uxuC_wZ)EmM`9~xSy^jX*vc)0c^sZX}AgktP@iOZ^lVdkunQbRbV%o#ZD72l& z589iJS3&XgY*Qnhl{JJjNhh00s_SZLI}`~!M5!7~bH^{p+rm7kUAm^m7#n;mbWCwcwSD&Wt!LNMz;RKTG^M` zQKQkj3X@@tN}?pjtwR5rQctannJr;m#`}8ns5ebHNNEi+-7MfFInqIFZeW8>mC7R#NG&7DRQHJHQmybcQI%|DKk8`wj&kAqG&^8w9eMqt~!kX3=h(a|H7ceV2 zO*-?}SnsywWJN;aIvt$7(>BMhn8tE8yeIa8sViIr#p5foP%0E(Yhn`1>F)XcQWjG^&( zDZR-kG@`YPzNUXTYsHdCu>x1M_0w&Om3C94N&`G&8zBd1XqIQ#v%8#|?YnLo)TPou z-Y6B1!)s=7!`|H{0W>#Cy^XFk znJr-@iPVQlyc?ovk4`96!<#rkY-KMWq_&YDW;sFNGf!o>rdu$;j21jQcF_ym1lTNa zNY5weqX+0J_MwP2%T95ub9dDwNXZO=VEU_z1I_>I0#s|vz6VSu2lg2e#5HVnpv?Fw z_4(x^1Thk87)_#7ig2fo3E9+Le8f37jpvcfoYDL!X!fbi zSz=4u+S16Gu(mHY>gg-5LECVvV4hvN+CgRu2k0)gOyIT^ji+QjBED#YwU1%5zFC`v zOlOi7qgirpc6yogY+F?^>MakM8j@kAY_1`cn-O9QtZbb&kTH5Pb}=6+^`LwXxgjbO zo#k-t4w|e*C+iQs!>$#zB@@aw2o<9xOVyQ!if5yVH+j9rHZ0V=GILBkuE_i@4bawZ zHx{fWL#@VW3A0oaY7!+buF@47*n)0-;nU4PX@7*Mee8y(ucy@r`(oGBN?0JEm2EXt zUr&RCZD8?6E40D-x6bLldEBIP(>BBWtagC;Gn^7EX{Kgs+LKLKN=RMcMlKx@AS_|0 zC0B@qRvM3elVmm*-#r;ZS;zGWdYVY8)rR4`u29e{Rz2&IP1oV#y#=ld#LcC-2N4@u zBa>GkVlu&Ft*^YMSl2L_&|;Z*^Ma&;mdAa&0ozHM)C8-k~wlmMG zS{J@a53-=pL-vPyML%0)3#IA>i|ObbhH@y&l9Ef-gu~ZM@eH-u0z*n2OCSsnN=4!? z@77w($Js(P3pv5Xn+(z$3%Zd|qD3S3Sx%cI^o>6Jz6VjSe-T2jv74W{?WpnxOCCN5k#|6 z#Y|{Jp>4w+QOC?I%Z)CUOPyVOL>!yrp*{KDli2zghN}^wQ*9wxe6<0m&F5OJTH#6= z(8`^WiGe&DDUj)mqe$jTu^W}7w_b>Pzopq5J8q?DJ*}zi4%0+tIHnb%xg^1Sz=f5( zLOyw{uanI^lL*;&+7xdyS2x&jge{V)fGr@nu(y$>Z8P3&$ie=4V#kHC5bl1p1!2* zrLV-SQWtJ`pfi}#Q!)oFKWPTn{o@W-H@L*gq71t>1Md)dPBSsV{ zYspANQ#LOb?oDNqzjC1z*J)(b5fTZCiMlRaM~1Jf6}`RGS3ngdb92g- zHKi_=ClXyM70>WV`iWU+2^$&86`81#PmR#VwFv}^i>&I}ps%5hp{$K5t$ohOtJa#z z*x5FTy`}>)T=k7-fiE9s7tnTAFJo9STC}uX z84^J@Wupe4#+qE9G~=N-+Md4TO|78Ru7x;!xS&-(pB9>uY|WKf9Q7X5k(*l_uvILk z@am~;tzE6HY>yr&YEkP%lM+3l zTIlAJSQ$`NwLY0Am2`DV?u0OVHJe*A`}`(a+fRVGF~nl*vhQ_lTeW70X@zX~q>9zG zr9piWqql2{OnbFSk8-T1ud;|_{t*2mc<`K6jBUn8yc&J@lc# zHNmDCZx1t_J%1*N4m?+fY8)W0EY~^63JX&-Qa#UGmH^0W8tE-aE^Fda5I93Ha zQA>21K(BgX@->BtreN-hJFyb>2pN{Hj{#Frmo!4MsWVn;GnFJ@Jf0ZwR3f%4O@O(9 z(3IX-HrZEGSs{JL#k}NW_e6B~=Ox*XLbN22iY8+K=NZ{r6 zj_PqLEJ@OP17nlSh^60P!moQHQ9Rz0l?7*#t$1Cf|Fz3q#tW1U?8@C z{?!;XA?C({V&K-2c8w2$C#DHxe4&1o?-cIr7Vun`!r#-i8r8q zMCpftNbu+z>T!BIZoK29aoV_GUX#bA3Gh)s{mdm+@-|kEaFPZ@hj57%HBFR^Vv(W+ zX3CuG8Rb>|?u59#GI2H~xOZLO1e3I$i4$+7jF4akOkYfTep*cXx}ZAx>$KETyi6{} zUvY@N(`=iIA1_EqzuVN0^}UP{#ItWuSNLZ@3v9VeU!9)Cr+DyHrMv%&p10jc1ldXqs321zp&7fw(l0hd8eL z4#VOr2%7dkC;sS#Nyh7q5Rg{24#-ee zry1LdI~tNtwv#;K;NhFzrV@Yk0Rk6EeNG!rRgN$ zV;EWWX-D%ao=xkrs4O`uZZwm>H8?U?$)UGsVMj&qx!#D68x+c9Cmfob>lEvzlMg>a zdD*rR4&m`MJ#_k!u@@zukGGztjSy0fQ!CK1(hZGA+5TWFWmu{3?F|g%gEjUVV7{}D z9;|@Alp*y(pJ^xG2vu3yM8hi3P})=p8A1`$@Ff?4jZxMVht{*?z?4n%Q7!Q_jH*Okzuho3Ep^XARkcZU~Eh-6h0HZ zG$mS7?qPcxBT6{^AnCgG!NN|hWJR=%d2oK3&)#V#&y(bAM3ni(Yo7W$HN)JQ5;aR8 zGiqdp#?bd<&1=}N5$oM?0o>YetD|Y@<4>=qMD%#(GTMgY#(_Z$uf>X*(u!H9R*A8L zftQ+?wFJt0b;1{!Hah#e$q?5x3CJ5qV-DyChQzx+(x4mNbmtm)ug~5?o*C1nm1S~l zx=H1JY}yR(L&Pc3G6ZBWJ(~0qC&V>L>D?@rNtG}OO+zYj2wgWNi&t)9d(}C#ac0I7 zSN`SVG~Wo^WHuFV!$@{O&)0USXx@r=rV^81-5@ztBVi!1ie#{Bfo3=gDz=I7?6#ji zB^>sLC)@R?j}O&!jFE>$rNl_*sis~VlfcQfLAFfs)CSlrr^Q}Aw-Co` zcx4|FM|J7ckzp)z|Et6rlF@(_24hRnKhcw+%XdoKDGt8PB_WFBR7-9_EOU#Ivw*3! zRs1Vf8+lF&({H60*QbLJI%cVl&X{4{?93zt;Y_uldS&b^;m9=Yr)<{}CHu=I&*FpD z0;Bk@tT0qpIbCCJY39oXI^wWsK{ixqGfyOwQ)y;yLHK0DTP@0vm7knATbl0rS)Ue zt<#pZ@GQ3JR7)MzBzbOrqF?eYRImxl#@Gy30Cu@harONsy zN1=XnOV%#qJz#()v_Urnk2PTOlm%amZg10s<|Zn_^^=_ zvTLt7;79h246YPOPY3a6wRU3>*=d_vnEj+d=O+}`g>Y2kTfY5q%WT~z|H%}QE{*_E z#Nt4?)`Jl}{(OxIkR3D#+n5rd9m!Vpy5QFG;f1eKX2pXAwR3)q`LyR$r!Lr6g$w=U zPewyVfV`F+l3|8kA-$QyA=3k7RLUfVEmFX6Zu+GYPy!Rw8wt`(t}oJNRTqPFH?4Qj ztm$z+$spGeg|7%0@BJg6#sP=rn7)LeCUxX2Wow?vN;64G1NfYIi~VTX5KI#rpZAz~ zH8FyT#bnNxptST9Fi6TIkin?|_2jZ0>A&Ng}7{{BUY!8wea$>{|8I&R^jWfGRmg(U!6a!o=foVA_< z94&$?!c7Cqv>zha*LO;P)ZlgbF;hu9l}Wik=8b=Ik$hnVjgy*gN?O4tk)>Ozr71C6 zrpf0`BIM&kztT2JwRTw(=NRkOMT2Yf(X$`j)hr&o!dVt^p)+yg9dAS$S(C(Gm$9?e z#SI?`HOtXH7m;}CM@(iS`5=?`MYX*30HUX|G9iY~HS+1YiLs-$awB;wL+n<{zH2Z| z4VBpt$MiXq@rd-s(>t0cMjy-PLwJ2jmiJx$>e-=(rY$lmWz#XMS+ukv!#A4~0K#*aYxFTnbkJC)qJfd|&O;($vi+UP=1k-#K!>Z*eXA)RjEDmZX z>Bu;iJM%P_ghW@ZVCQ8XmFAky+wPD&!HG0q!iOmmdQ~| zNgi>M+LdiAu9K<_dBk>}5zUykhaZ;eM@)}zaXRRmQ?l~|*qkbuHI}g?ulWYt+c4FT znTu*uY!$}7H#jyNeVi$fRE|;jHnu;7?%5D2Ha^*OG-mZU%E(V0ybZkLWl{@o$N`nGjecj7?Jo0FD04v%tWV8rwf_P5Ix}=zgO0a>f_n8$j8XIx*R7x zgvgA~Ov`2&PK=3})#~QGdV(7;Cb<2gNgVMoU-fgcnelJ6wkCYP2eraPEE6lcO@;3Sa*Rt;+2`Ey?j&w6K`xU<}*_MQxC$J*Um#svT0n%%vT?L--#_1o6dymyH0NLh@{+hnZVX~R*&ZhwE zP+>p~)9iTTp>I2^8^2)BiuO~40aYKlyA4BH9x0>;-7+I)xJjlJ#jc!N2-4}ko$_xK z;5QeTM3x68mpB&FAG)w1=>(j~AzG^9gfCe9gZ)%t^Tk6Q+LZj}LEU!6?3Z8lvO7t` z*35&AB2K2^rBquLnGcxR?^A6LnI)mfMcW%yHF9T)>7UzZ@)}gMIEpq_1bUOE7DVa} zX*V@WDg{K;+K91>QzR~0h;12~t``cEq@_3R$BIJTu0&Z=O<##EES!wa&NUr{6H>=i zK*#m((o9!wUh~QM*8I^`J2c-;h<7uCd$t~#J(ynhMOjtK2q2}EIeNY&w>Z&}(Bb^c zYAhf+Yg%ubd_Uf8%Rp0FsL0C%iDshzraWv%4<%8U>S=!zJr|DV*aNR`Hz(!Tw583e z(_W{fc^gRe3YcW$jnZa zL>ZIjo?EQF3j^5b=*#g`InLDAC*uu@q)Eks&IVF*@}O z_SooP=GtiLNwZhZnKys-G=3c+UH>3Jm|z^6k2*TAa4cq#U)wx8*XpAvn809|fsX7EiGTu-*|YyP`>FVXZ#lcBIl zu;2=UwDc=0jUUa!V5W*c zckmthaisAvjX9vSD7t1c&TjG5fk!qN)gR^|0=-O(%(1%8QJWBlVF+2*pRj2|6zMP- z(VTWC*j^o2(*qSYnIbgAx8A{#9t4ZYAC78m2xvds=7((PMDFyT!uc0toDQZL6{AwI zy{=S}N9h)dBz$AhOsI$2Sko|AF7fprA3v3qmV>kiiBvG{ReteCZf7lN4(JPwsb>Sa z%9SV{;dh@h1|(T3M@9%|oS1%*sz zz8xbCZO6Je;yX>v|6o(jb?~jj*OWP35 z-#(A>P7`bKE(6i_8`-~k@XSY4I^mFyu0pC1vK5Us^Z8Vob2^-?DGo~!N5JqS1lp{e z%02BRPNVo>wc5k@T2S+*(htBPMC_m_(*wf~Rd#C;yKb(bl774`Glt2^YbCU>4FgG5T6-HbY>+T%>;=s& zNxyMPCIx|dENC@*s~(j68fTLx4Cjg0uL&=mJ!{#bB};Sq)x+FUL^N#8uf4t8WMQdk zIL27H%yZ~+G4+xm)Y7xP97tDRl3QBz?Gd*3BiSt(YFJNHWV|Vb9WCJ?tM~+~SW)G} zExsK)j*=w55u(w+KQ%{!#kPOdDv(z}-JT>*sq5aFnb)b=ed7V`d`gc^_p9Gb=D#0A zSpxg1*_X=T9edaiQ=s=~x2?{3S55gGP!n~ZZNc>RTN%XDPb3xB)by)!RUML6ZRQ7y zYA3AX+xM}tNz21pBlPMUx{!u>v#g+wB8?Lbh_CPL45Ks`ZT`*dDUx=gIYxY-mfG9) z7BkB!q6jWk|1=3~r)+B|#Xl^pMA^8`-LW|>XQBfX`n zFH?1N4dh3t~Sate~&O-j*%^s*L0@^W$?hoMI-PL(?+xR|Ff zM6_C^^uH-?=w2FxwAWKc4sR0863wunO2sNo<40<4 z3`TT>57*MA1<9Ib6K16rkI`x_)1p#+mR7N5s|#Y&rV-wm;jdY&<~EKIsl>sW6v0OO zShI1eXdR7X(}ENwF*qo@(xn!*j>wkMbQIE=3@jE9FP)3T^DhQfOC>Q4l0uy#Z{`pQ zi?C1>x~0C|4^fFBO4^~NP(qU}3<&XD6JfQ6febMb?{ba&qy>GOAz^8vnRp?!WSK&B zsV|9!EF^*T&Om}qi)2}Zp-5uuWn(o9kkT_*ug@qhuONnY-D~(C5yfZD;YXyXC{l{Q z)VjYgB!Q{cPRV1T;e4dAMub3lLS#o>elOWHjqqFQ&Dz0;lO!7oMVGQ4rJ-LMxzRxD z_I|@i{BW90Is7~^@voge;5$^qtURP zXK80(m@z`bAY?LLh?R~hwohY{Z`YWdgb6HIAIby8VfA@Yp=6({+s=>ikuRZ-*JjPW zwYkPa@Zk}v;oeO$?E9?u5H$&U-q-rdfy=;ay=kry#+12CncI48y z*yXic#w;XM3Qi^eM65_dfXp2&GZ4f&>@zv_vr&t+Z0lwdG)=5g%B*=@%RC(yI~=jv z>POvaY{*W2{KSD!5HE$V1SZ8{h{90Y__H|5$bV{A`HT-6h@9*4_5%%xJpq2P16}Ed zDG^K|3LQ@-T8?Vp*vp`6Cp}d$XouwF?v2J>2+xM?!?u4~S+TU!H!K+%s;-Wcm5vf0 znpN_vC**~^&itxR+^D7jV#gL6k87>zH#~J-NZkj!spwlV^3&bX)3oia|8=6_JK{F| zT&RBB`IVN=H@~}0A`wf=!@&zJCvjjE?b3!{=j0TRk=Pw`7ys&2g+eYU5*}wpq`lW4Vk|`GGt;PlQ zFDEl83O|09F^4c^Tb@xO!fE(ss0u$K)a11(ai(B3jcv-bt2Cp(_ewOBGh{znHR8S> z@8OheW9viB7kcaS%23^nKuyY<^!tYKw2maqGvWmTTYkX`z1)5l!p<78iHoZ`%z0Sb zG1}yoGhR=ixD&#BNPV{Hv?~osE$l}DHy)Hv$n4-E*aEqhshO6AY`jZWYT7OBuqlgq zkJhgFMcejz9nS;#*8z+cLnzs6Sx(Yv69{@~q2b8QSci?r?H)5}dXrcp{$*CaRCclA zGmKPjK{klO7u(*wsvKOox^u9$+MQWbY;2^q56{A^pdoT?4Vyz(YdYrfm6HA10j0wP zgUxQ#M7pawCoD7>YfzaM3n$%bilUJ-*##Kybg;8;UBi7$M)LBQ@O+$?~yCW{POKUp#aI>%(on=TdWF zo9Fwx`jx#T3DXgzx045|Jim?`^u@S|sYU33p$1{})tIs(Ykxx#GVRWWwsZ+h z=F#NE$Vey={IG|9$~db*gcS8Mu`Tv%zljlco#mG#uTT&uQ9z8w8R2M(SvoIG_O>%H zoHAp{!g&klPKl0J6U1{=Gb+WW(xhMbq+dH(gE=RnN2Q7Q90fYWYYPY@9rT3<>I1(k zjyN9io%btBfB`T3q5#4^?EK9Z;iO>SZ@OS>T5if~*1!CtM}29>rVsCNb|hReTji zRIH(!Tn*e!LN+(`EgG0Ctql=MY9v$Ig0Q7%vQX0PD&_c9JP)LIYf>D3OWOkkQQa&^ zy>%cYm^47{w0u68NvAqaTa`O)(c)$E7A<72)2e8yE5y^{hkX2H=(PG^PSa^QMlQ3C zQUj}y`{zb<^Gt2|^-}xM5D_8N--yN;7g(w@KlMPV!@7RcpZbBAXL`B$qHN+|1Mg;FLku%;DvSiopPgqdiaDutI1+x zS~m_MS*R>{ZM!5Ienl}CGKgv6tFxMghZpMpwd!y#85d$M+&JyU@GR`ULv*UJW{A< zaH$b2bFY1_w|KT4xWZA0$-;E5zsmn&XEn#~<}m7*bb@L$#hSVun>jZq<*>aaCOf{^ zoGQb^v|L!9@m2I3pK15zNURgRFvrm#XouFl8+a`-qgW|pLu1Z2P5So#rYvhiOSWQ~ z+OT-;3Q0@@s}z<%UlV~5b8@JPwp$ZrC^P3uZ1&RJl=S2rhhDC)Pg37=57nyvCNOH& zEB^JRY!kXYAg3MR5X&P?GnwDO7A`$&l~l${;%>V~&j`cO2SrXui@pu?3OIp&9uF)t*vUerBzwnqO9)l8lkls|C2JqpR4m zcu{@{%9c{fqq=ca-sFjsC*~&}o}YAdG-=Y5i4zaOJ+WmzN3-RZG3~5!a8S82C7M&& zaC6s&n=7TxXhETZ2<(fdcK7?!bU2_|?pRZtM!bQZ8X8f4S+UTsSaho1Xev`jb_7m$ z=qOiu(vVXiSj&QW3udP^oYXO~Wflq`te#(n`DBVMFitRCI$BhH2N8m#k$RaC z)3l?-(Qv{KpV_okd)++;(O{iQ6z|YznHthrjX8nI?lgpnrOUav(ZEAj*4VpaFJv%| zk`l+6Z*rZxXy|O6164*XeJ@Hj)M}Z^`m;{lmDw!`OfM(C4h4b!nE*)(TYrb(XwuZQ zSZSF`eS5Y2Jn(=gh5b49cg=Z#Zyhs)D_}COtt*OmoN+k$kQ`mfDA8igG&bBcM8~mO z8%2$dRIz`s1UqZGlyn7g@YwhqJ?#`7AI(y4(Ts-Ugj&X0hfiPd#NYT%$OWttL#aHR*M;ZJ^U8XP%qOP zioz)DnQ_Z2bM@fjSIo$NBOJ);+l)FNoz$K>FZl~u-6tJ(F!UwyDHf-Hsr&ey^e&{ zLl-b2bUk?O+A=F%%wuXrnA-xH>`PRQs3Bc7dmD!=5MaYiFjsp^vMD!_s)On%YSBqf zY9^p`Q{z!M-HpJWKl=$cp2B2LfvSv10V46`(}E2*_m|le$o!V0W{mMdt(Ns_%403E)-s)8+0KC~WQzTJ-hKh0+`Lr%t zW9<`F0KtPS^PZQ!1nezWs(GD_qdkpmHjv)R7=gY^X+g#> ztw8W3xr~6Sml_XVyB|5b=#UE5?Wa%Q}J4{uU67SUA7dkjsQ9`kvS5UcaF7m{S-pdV+V913mvzy z-uPP0)2fXul7`#9{~JsGc151e5i1CF`nj6qcK{>l0v0aQM-g~P;Dlm7cqTl z_eE?ys&m`QwL5(E+MjI&TaPVcQPuj3mR9(n%hQ^rpSul-*>jRwaCvgUVd>d(OYQ)D zs+W<&=h~-xkq;^En3Z97^ErOQ&6&QUG?v+V})!TXLSUef_vJ?Y_n+ zN%w9g#)zJYr!-HgulyQj7;o{!PrsE{YA!+$cpW)H4UCgMD}vI$>)Ai*fdGgg2^Cu$ zvTZ4fCCjR!^G^-T*DHLB!IleU@0hzv%LOG~M%q(z85qO6Lo zP9vUd5)50Utprci-)XC&(`>S{Dk)r&-f1J0?UxHg*R4~uv2u>6S?U8vB|7s+Us#gH z5p{C@cYds|TdT{q7q>4*<{)vHAV8OnXt@a$WU>a+M6-f}hO~VtUt(!(hJPfb*($v( z%egpp%*KYB;L>32ve8M~GUKHZ^{4t2>RHHiB!0?Ix(r23g&YNP@*w*%+VZBSRwpv! zVWlxKr&IVcIqmdeYXZW<`-=u@+3nF5O~i(|we~U8rC{Btp@MEjG>T|aWnvrI=7dC! zG|9Ci$1uuIU4;QL(*TsCK6z{hXgp3pNIgHD_m7Z>i7bNiQsV#{IWod1mb}_eXZn%- z+$#qznJ{DvgY%1akT6#32qc?rOdXh((#PbyecBZU_gJ%vp1t78Ab*m>%-AP~Vj%r1 zC~hX|;vNarr3E=xFmakMMU_x})-bZ8(-I8XZkG3#`jASim-7x9)-C3EG;Q-WV?WCu_S0lzZ`mljqZ zz*u}>$hJAC5M60LW=pY!F>U44piWdwjM$NV|3-FBBhtk}3e!YsK++5=y^Ix-9NyVX zaOmfLEu+-HWBwX`0<)(R36Z54#)@*!~Ir#n}t$-JBS`C*;*^A z1Zx~r3k}vZEQ0Kmv`%>9@JJy) zCrdoSB8Oz!t!e#STq{fKrsUt3HEL)O|K4sNF1ovNyfw^OXFxTX*9UV z08lNkNipI1xO|YiQ4%F%p>HwI!nhxVOdNV9l<6%Klp+c=QnFS7vi)}mXsjUpq*w#_8 zImG*f7UCsiO)%h#nuV}iRu&-%GZ)UXziRr_TIDS65pgsvW|fbiBlRLTDn~jN%@e4v zyA&Z?ALnFe8l#@EG*80l#(Tt%!sSbCJj>^O-4|xE$D4w z>=xZQ`rsAi+jM1y7Bdw>a*0WfED$oA#rnnnNd{>PrS)(XY?<)xN)O4X{24)P^&}I zcXgCUR$)x%0a07yjIeIOBwn(xW6~R1#LM2SB${MsNeaWYWn7?aZVC~# zKPO|%9v8MFhTpf+mco%`@bS=ViGsi$ZIV&Hkff?xnyHUG&duNH;euvOaI;}Om6ADg zeF7P6X=K~bA>*NJ(?&2Kw3@avjTMzkBV>NC-L{MwJ&S$ zb4~)3)V@Sf$g^*2ulsGo0X}Ir9o*__y?)#sy+^E@r>}9xN_y8D@A0PHSQ(-F2zfsU z1{IMZen<3(P0OZ-lw4!Mv9D*$)*X#jnlB;0(?+DH4JW1 z8bWh#tu@f8+;`lL>ZqH~C+B~WRCgUMoD9m;!!alO>*6pa{e`823?^>x+Nub4ct`yy zkK~8G8fW+>eHf+;o~4bFcw}h8n5o@_MUs#@Bj_(x(#7TSXlmp&u_B+xEGx_m3$|CU z3`pexxdHzkIZG*RK*8&`Mg1q`)%G}nN#I_#7oX^0V2av-eNk(fa43x|oRQImRaUrC zmRIJf9YuKh%g9z7uU&=k3t8u;O4)qvrh+O>n~}0=0c&HT9SNxZ?Bg$Hroi^s`VShc znOd+}Tw%oE0A@e!pmb@)ztEvke=wFSx`>}Ghn9DWMV)LmZ-HRp$)cRgLZCuGVWs9= z$pm)5N9x_WSimGR?Bg#$i)*e1TUNLx=7kPAa4Y&R*ZR)n*YH3Vcppe{fDS$;fG z9}yT$F$U1?7O-$hPvbXPgUpa?Ef78pG;uxt9oM-gcP&H4-QS$#YE`++Vab00 zF>Jg@54pB$6qkQneTMuSuuo9ZvIoo|B2UC9iOshT<)V(dq73zI3uY9z9ap<`Xc>~X zLi`fy$IUAT%E%O=_3b3R$o%ju%E{4$Hy{m#sr~(WN$-|Jyd!4Jxjg7p{Ab^WkG@-c zt3U_;bNKE%b|ieY252!l=q?iANyfGviq{;KG!wt}gp47V!3yAyB36bfnaqQwxxTl} z-MG$#&Y^OQQJw3H`ULqYYf8D;yGDw-3lA>3euc%B)gC;>^g_1J{Lp|aea{s`Vr!HTNs4zgIUPM@9Gee*sm3dE#}P|Cg6vR!2geK^BX0q^fWS$H~M zFL6Z$*;h>s81Z0*mbulucn)DnN0pLo$Fd(i>~x(k>luhE2lrHK@N$5>*!8~RMZlUe zCO!Wycc57yv85CYIj`!Z7J|rLQ5vkE5F*uok7y(SyO|1gn*}XzBHy_OWC-D9^1jeN z{~#e~|Dx#OV*W<$2yj;zlsy0_45%W*ZnGS)J73K1Ds7}0j;AyGw!wvo(dKdVQ@F>G zjU83bg6+r{U34x7FlG+kBB3H9%u?xKXAW{rM|HvL#Our=>n5{Hme-anLcPT$23M{B zTP455mCX8!npAYuQRCQ+V@l9bk8EUmOqVNxd>=+2CwuY2`hz?MvpqFo&F+;{Bxw}q z+TxvJOXaX=SjN!MbqA@b$wU0_3E7i7YR|EjS&c(bX(b-O9FpC}3))jT;6Mcoo3l_GM#$LRN!^Kl7ZcVQcOkSx@_l(V)Rbp) zuI@`v>EUECt4!-k3?zs}Y9V&j!$Sb#N|xc;SI@pG+}p0kA$d#$)q)$O7^}-ecOjOU&EyMWo#S>i=20WGMo6cv05xJl#*e8 zd53@%3F>Z*O{scaej?AK7eOg0X#}LroTqzcjBi?=)}n-iacYcxltp?vv2u4kS>piu zS5tAem-AnQy{>SQ=D)9eb_^=3I)xyITP*=wJ7VSy^Cd5vz4`cm>GX9N62;8HR{RP| z=Thc3^36Q_#+7z%yvpH*l{;Ude>oIt7Bcce9p@#Ml40HZ;n-+(pbV|5f$jorWd1XD zM%@K`O=d5X8LNk>jR2z}CyHw0#T)zDDA^TSxxjOBX-+nEYotW5Z!YPe`|;0Euhg0z zW9rJ3ib`uME{A3tuE(0bC=X`J)4ak7^Q>i-u(oWLC3~qTvaZx%0b`$`UnANZq#tOT z2G~Lh^B>kYR&D}iM4l-G{7N@3@4ry>n7(mN- zSr_QZdutLAc;V>htR&*td8v+dLs1W9!*xpeQwr|%= zV=eNLcNtPBQvCAWp&a2LJC80e-0&v3NGV4BM8)d|1(~AUszk|Lbl+YWD|NLgs}&&l zo42w9RB(itoP#=gI8S``*6hANT6{;Tw?Rq<1?8T4P|*nLHbhk7{g&&PD}w|cHSUxh zX)a0_v@PJkZGnk8DQcxMmPRl579DbeP+LNnCrWw36nUtlfa(;(D&=z4)XVJPCA z-=jChuAZFlgNxa&TVrE4>c+`-u%yh4u!sT7=y7A@nQ9&E{&LFV@^bKI!I$$jCsV`Z z-&Xs8&jXJ&f!pjyp2cFxGs11e`8KVfs7qa)N0(o9GJ9r}DM2)82!5eSDF(!|Vxq|* z1>Tj4uWHgQF46nXS!AX#GJMG+$;+cRhX>zZ{FvGeN#+_;6{CJ2XOY##JbUzX{)&DG zyK)jK{V4w?y{=;()kcdSS`P5wQ?u={=Hi!{vQ!22bGwij3yj1mAmOPQ?6Vh2ss%YY z8-+S8?{ob3e3E?1sjnv7$Cg6*E61+8bByk8d|jzVIZLzN(B$5GwOF#MQ3tQsiI%fc zJS!jFa9lo2obF2C`;x|VV?r6+n%Wh~Kvliad2pzV$&oO7Fc|3#``oG;sA%IuY$^6^ z-VrgiYAl!mI_^6Dsp1K zIC98W7^dC)zyJ2XM*tkgX1yPnnG^_z5E#SOheWr(vT#1g3JQCMd%Dc4hL&3&e29=# z%DwbCpIk3wDDh3X0`mR3bT|9<0%IlRz$WuHnJE%gvJ8ek4|8dMZG9gk<4_$eXMjJq zF9rrq8_2r2B%tm3#69%eQ0< zZJ1Z!J9=M?j9)W@4utLqb`|OCMprFmNS77h689FM1OFPAaw<4&t~`|e`2m&2Zf#4| zKo=tEE>rj3Zv(bd<7s&psooeHVe6tD(T5DQO18hTja$5e|H!L9%(xxhS;R;i8S`Y_ zA*VY`#+UxNiL6T2XQbxVylOXFvObT9wkt*d`U_Y=hR`VMXzzvI-Sk+U!g=E_KA`&O!*yd0lhQ={X|OzGf2BdC(WufzpH`o*DGcv+8Kew__~WzcD?@fBw$mboEAb>P-%_uUMwEQ!K= z-h^JB5j+|>MbKI*ms0k?xyd1Ri~vA1DX$_Yp&wj3@u{YsW^Ku5D-u?D3+*XFf@?d* zc8~_%DU$Mw;j0oJvq ziEQOs18Sy}UgR5sEoKX|#kL#MRiEb|5oyn%CM9Xy6+ps-QqSJvXt)S#+2)QQM7Z^A zD>_Bg-KG_-aF)*XS_MsD9NTUKAhvKG4Yh(ymL?DiTsTWG3cHgHCqc95vcNa!3g^p% zbDU@RlZ@dxs|8nDf-n#@g0KgveoSn0)Vi#!Ik`d$b8c6{K&7`dp}wg1x_=a!0(yFA zyrtsJF4-Y1N$Mg+MfZfp?M)M>k4%vL0?mL#;fxq?pDZ^UKye@*ye|2h0joAF6ZuF= zlxoi$wiLhBYn;mgfa=FJIFs4I)n^W48dWFiIGtym<$tw#{NnqEmP+Ph2o@F~J(Ba-%SUWkw?QZqMOjDGA zX&F>9wy#p!doW@q;-|$$ioPX!d?gK`wbwg z%3DhPJr+;f0dH`~0)Qe@Sl9I}YV-PUP?WPI63-o@1EtGK9fDd$csQxZCDF^!!CD)e z9$3@~Ssp$qHiJUQH>sDSkyRTo0I5(@VWMJ_Vsz=Hehf{k#9)I=h;1t6MmQ@^eNc2{TUs!6;?dLrTg#ZfB1a93mYIq^6MAC+Tx9@mAsxM z>kJrs$6-NRU2cx9>_IWRrX>s5*ls*zUam#EAV8O^~hpIvNx=fa$e=JO}kTN`}%tA@vYa6Hhf($@5qighh}qKK>Q0>gzL^c~IufCAr1Kj$%Siy^bVv zexGcY-BWVc;A*;45Rfp5@s%QO@?Jr1z=8XRl+#?4_IiCed&+q63dJH)elGe~YL=#d z;Xsv<=$cj+{mbzex|#xh-imXU+B@`;jOxAuX`*)JNHA1A3J33oUvKOqJFw6|#UQ-R z!v%3|1WTzvvxk;=2YTLqVcH|j}KV^U`+{I7+sTtCuY;QSA}{Nvbm!7uVP5d%&x#WOcp_oByt zPL0!3@ufz>G50P@$q%HMt(VRo!x2S8@}1dkORi-K`Niaf9{@-j=Sf>xBUx;_;@ChV zIaEW^M7o@TZ#7|=>U`}M?_A)I!=+YKvc{=i$r1QhZrX5Y^a%v0cg076tHlq1Ky^?6 zMY%uq>SjtUs|A{{(OfvPZ$84y*mNtaib zo}K{ZLk|AJx3UtH)2m-WNuZGuKk{^+&;KwR{j++O!_hd8b;D%iBcCa>?`nbgH8I!^ zJePbgH;&9}py{XwR>k4sp{F4$sGr`KKRY}&QJhm_Si77gSIvpB2rKf`CIY*gg0oaj zARiqOU*_!v>xRkE32SiAdY<_=xpS>C7=9CT zx$W#mm}Q183Ay>_yUu(#-=>{fMz1h~Y&h98#w%yF_2H-&{Dqb(4REP)-NLnVD zBmbznh{W?JxtKXTL!HU58T_mum6J~JIjDxu@c=B|eTyd!6{vEo{3c4?arg#KMmb-B ztgx?s6+}f12}!J#23Sw9D!fpohNM_GVb26hFR~zQ)C0tMQpB7DsEb&*zZ0G53`_6F z{>0PtWOltuZ&LP|f+?!!W=x(Lo`zwSv=uWd-N%vTcdL#!nnNLjfp$Lr*)`+nqAuD8U@u^g|@D^1M zON>1FO|t-vns;u?n~TdG-U2Eg7BmHsn=PjveWD7@w(cBRs?HR?27bYYiT~ zj7g=EeT2vc7oP5_RC*TGLTp(nzV?C3#bGSfm^<0g(&rl+mm69)3I zh1EZ-+27Efv21u;vsqn*r>bl|g*$vx^KE#()SYb7TL-*G4?vQeWX`0gcf$f3U<0)r zV>Q3~ul}fQ+C$&G?f{6Rl=q1WD6`s`Ro2B~eZnQ5sIz(;mbWmy?7y*o1Te8NIFOm4 z>$51GtZL86wDeviu?l`zZ_~)kfNt~H_W9l+@*7}~aHb#`W}dp)00v9!-Y`?I+BCD# zuAJ;Pud|mCOvy7Y2JbOHai+=nK*@e@aSAiCf5rS94c4}lr|*!C0^l&-oDsBBhFA9c znaf3u)>l-!0^{t*SuU)97m7Hh4eZiv9Odgj=qJSQwRLDoN|u=2|IBcH7JXCdyx|Lc z05Bf!wKw%yRe?6$qI++u+bR)K?tx$?*aTSWjR_Y;nq$Y|$>Mr_oX@0+ozSZ!Cx#u$ z&ZxYI>w(v$H>*tfzU;!F3@P7ibq(CBIkxLdY@ zqk?knY)}*gNqn#CGwqFSs7)C2HRT5rC z5uEDj^FujT0nZc>e4ZR&w-E^PH&fw5*PYcl74}ePXDy9VQ586o7-g0<_fyfT7;>mR zt<%e`-0~pEQDwPanPJ2|2AwcFOt0~nRJ|+uIGQ^$jYVAF{sA~M1F-!Ry)BOK%yWlu zJ8TRQZ9?9@Y*8k2?qXKA_%zPJMkyrEKPs1+MQ6{OK6MUxu0wUQC2l0#ao^v-y>z|d zbV5xJSUB41?o4^*Ca)}TNbZu@Dy903pt9oNee?O-NgG zEw$UKnvJqr8`^4-&G5riZm-XCMMrM<>_#YVXRTl|NDqwx(^&NRO^2fM@Ty$Z#7!MY zHv&?-SF<`5c;Qt31r}z3T3=0>5oTp-7UQpKA+oj zOlXR)vZPX}nnjrGaXloc5RH-$^THQ-rmyM)RP>YZqF{w9XlN7&m>r7q!r#Dl_FFM-}(fH4^$OijI`LL=x$igk<30-3PT{0a~Ftn@$kYq zQs->l#r_(RT$odL1Oe}}`B#Vk^lJzI@gL_;G&-5bth*zc?a?molJ95Ff(VvcgZ7{n zN*F^^ZGaRG-j!QE-*r7xPC-CUu{8FdQP6A`_lza=^T$T0lquXNmL=NLJNI)0i839f zIUXQdP3cAy1K|Y3B-eKMxb1r-d`N2K6ufncXI_X4NTQ^uOacnDV$6Q_>5U>DMJVYD`Y!dtF>7y+wlz%G73+0!f=Y17+a1w0bHfGkR*`3gV4*S)+JGzURL7ou z-W-L!nZ|2!Qy6Z=GRdI;Z@6cV09tr34ufLGwW+J-%kg1MVDchRaG!Y5RV`68n4pXqdyTjl}BfPeh6sih;7G2f5i~^ zmsnKlMUZ9x3*uuEXDMaHwMU^^&ipkjDM}WN4RT)?zcxiSQM6D2MpYNT6cdgL@3EHQ z$X&zcGHda(K791-g|!7!*si=rnI4%uP&I^YjY=eA!U!rDaMncUhZm0(w@K4VfkTMf z{$Y2$u!EPUn3!)&EE9nN1=u6?o+%);OvVJBqKnny+x2(q1eY47;(zg7Ku|gvBlZ8? z!37M6ZCW{GQ1s**! ztefNL^rr>9j<=k6Z(Bs5tRN|{!RRq`5*7!V*soSlGvhvwnA2jwriv`tVIV|~o{{WA zfEK!0a59jFKD8r1lX6s2Gt@o3cic?j{(yx#D6h{Jg~r|atxwrX_U$hgmYxD-l$;mQ zmO3&Z`pz#GyaNz^a&5`#ja!9@DQOJOdq14B+00=2+mn-HZItc&ygEN!h;rdRx|_;) z@-2PJ)s%3H%~jb!> z{{DYleYkx?@Dp*o#)2U zZ2e^QQ@I@3=lunx%So)K0lJ39aErMVbg5~~u;q&1Xz?c2>q$LdjSlhCa~YbaXOl@! zl*nzxC*0Gp{L5?&4!)`FGIO83RP8Mu10=0(+Pdj9}?ae8l^wEM$qNzFNvL*ompVAMr)Y^` zgJ6x9Fvc7tXK&{wk??_(CKb3~iYZ?c!#hsy+}juoy!`(9_^dg{CMzTW#xZ?dmDJ0V z{rM|MyODV#@&OxuKXEm#FGnc7lD$BIam~t{$}B^ZJNx; ztP4^WKYixj!oX9#+)cjsu|?1|;10k0QVp$ihJ*CnB-?^wTjgw_M5(mRMCnB>*D5rP z{p%AaNj`KNYpRtjNFEM^yW#a6{7ql_0_D`^Rz0SmZ`W(wLcLu2 zblbOgyB?P-%g~_FV(nW65Z+t-3E3=AT)sW0x1zfTs08_o{#JG{dc*`IOco{mJLti4 zk5w|%3-L+`o}DG_Ts{b2#P`jOjaQo4pu38{RfV|76H4e*EhA6+2JqdjzRChWpLVge z__r5x{hz0I?%kNhKW_bNGN}V{$OME3sx^&ICym~N9|TS5=8F&bLcPWTphZ}u&(IR- zFKQSTF{{4e(BzAJS{GbWbZ!8X+;4$BVfCe^skPLBzfHB#RgON`)I$Z3&}!RR43zUf&7Z*(enP`t{L}IR1sMZ&ejimlP4;l@ z?`qwe(5W1yWP>D9zmxu#M7v#&U!!!0k_W7WT@zt4I#tJDcFGOv*_h4aTs#T$^Jv3k zD=ji!c2jOKikI>{B#8!JK($%;dk%7ViIRFAr%>QnZ4t|0SNUTRGDgTaMhVg%5Sfby-< zx2@fpnBG2C6c@UVS#l-cJ+C&piUx)+qw8?vIPx*C*w1x=MDz|i&+#v?Cv}TdIPaPn zOv)IIlYo884=6K$1f~J!FvX@Moe7VJSt2$`a*OJFxQN$#t4hVn{P~NNBM>y_Gqq|V z%UKkWHDkXUsjsn4;R$VEfA3>N&-PZPLR5M($XEr7f(ANv%gLD6P-v^u zF4>Zlb}4~uw*CjmH6COJOcOf26HtCwRvPD+a&KThDd`tu=80>W-pLa=G{gmaEWjpm zlgry~eabLB&C!29229KY9qY4<92OiS%2C<90V)dwpbUoUJyWzcenH<80ZhOFIAZ9O zf}6sy^0+Xp*X-a3OgzGgwb2@YZIPbc4c6de;9CsjVuQJf+$=I2Y<|1i!o`3Tw>2^% zhyfaC2uG#nnkw{$5?~kZqzYZCsNEFHobQh+I`ppClDYe9eiEkuJ^-*BtOF42Yjtkg zrE%1he^_R?0z4+x0V`pCw0iy_bFpJJ`+5S@5#bv9$pvt8dZm^3azvY&K zOT#HOJ2vtlIHhin61gfRDrXpN7c@1I7`@@KKOKpR>OK_xoqDAo4~Z&TLvuy!ThdDh z(3jS(=?D}C5vq0thqX2zL+x@aCNsDv_Iq>nh7%5%lEvqgD{!u-ltm+6&X_VViftI> zV-BQiRq4vXSmKq$c@`8L8}#K)=g8_m72>l?tR+e z4jJQcz$Lu2&K`|xdg|bd2fHsHeDnMTK4EktQxGYkq?!CuFB-GAVYt7F!sMZRm193S zk)0EXnh-4LD#1OQs=&*yqnma5@l@r8=mrOlcP=tuG|F?Rz~M(HjM3zE6l)~}pA(}Rvr$}q zM)5^A!@A9N13^5!d9F3Lg~?P z2WvOgRce{DsxAVnPHUhas4Z9hNmyRjPp-(hH}{l1YQ2{(W>44n+|N% z6nedmqGy>r?NqFT!&DK#OKU-i)W?ibiPne>D23!xJ_nA8t;}9*X!mJc2~O=r*XEiz zSbqF7zObZ7%iv12dfj0vfA~gwe&sMf>2^@Lt~hrSf`b2DbF{!C1fw-YZe|PerPbsj&0darNT;Nh6_B+?V7WGoZ)DDY8@<>lB-75+c>Zlqf*jNlYTMG14ES@xNWU$NoYFV zyJL9?r|f@19qlHQ(q+)jv7ERt8k+E&vIB048|i9igf~QlNdB^#q@YnGmjXWna;q=W zv-Y0)r;7_M0f9JKmr@GG8v6OgS_k+|ef&0WBojqJx0FWF?Bid$HR1J7Qf>Z}GoO0f zWpv~i**fJ0s!`Lmw^GzU{;6hm82wL1!ygBCXW=KkeGL0g9?jsw9H@%%x5}H?e?YS9 zd?V6Ne!7Xz%kQmCDGY^K7xTYx?xKFT&L5N7KVU7KT+Vg}Own8An?~&%NRFlm(qM`kWpQM*;gBCBU z6#-hkYp3L*{w^Uy=LXWrLknhYB?q81g>Bg;O4|>ahV=ls1?7ZxmF^sNAoaw-Fgi~F zgfVpVf$Y<5&v4CIrawzPGtEqM)c|U0*YNV#-(iZoBXh_dnxET~#I4~wKy+gWBfht* z!4N&4BjA&GuZ4FT%{I*mIke}4`%d72-+H~Fynn^pva>{aWEZPT${R{aw{ZVWQSw2n zMN1N zFqG*SW)X-BH(+@3;N?9d6_}rVHB#L`mKeivxqx+n%11}g0bM|jVyr@(1F4|!_?;Uc z|2x?%3wu9T{ey*1{Kt{r5vXBTsJJm>6$vv#z8Y|tt&n0sXK^1COtzY83*?79Jw99W z(dhQHx8yG~XH=FiH=fB_tuGdEu<^~XDf6j^N(cd=RIH;qIMFOlmdEI3L*QAY(^SV# zemCOUL+650kZ6IyJ^tn~o*`3Zs$+fZlCQtmGaN@L4G?dlikwIN8M5qMN4SQlqlJ^q z$mKb2x_xt!xS$zH(udVobBhOC|Mpj8@e*%?o=M4N-yBO#&QpIA^YW6NnGoH|Y^(?B z#&(R^gkv$zf|qJ(UCP3`F8IohKxx!v<1BS4kgaUb%7d@b2(npuw`niAZOdD)(OYri zPwzI_Eb_9(s-Rxg{!wCYr;b@*#THdKrCNk@o*sangOfT<0Nn1mXsUm(m82O}1I}bi zt4x;JEW%gzQwG};;RHQ~zl3SikBJ4<^CJ308r>5F(nJFku?@sgez6!E|AVg&M1V;0 z9-;&p@$>>lpRs~6i+`N`0Kl9QBitRJeVtpYqrPQ-V(<8ICsw0AYj+6sq_Mwx@chxs z|00h{t7LP6Jf|lWqz~Jv;!JEdJ8#Fntsv>X;+)N-PDM!vN;B!3(eT4=dh{ka_nN@^ zP;xfw0Kt01H(Q9b(ghatT-H(8Q9T!et+ zD+rn0J$fey<}XR@X@#<K9P1(vQs;x( za}&6Mz^}b!fKEFa2);l~_JbW8)Ir_Va?K^4>430BZ^E&S|B!lG>4#r`{iIxJw8i(9 zdvC$2?G}`|kjj581I=lNhm+=<=zG*2*BX1o0IuCb2FRaBu>U=bhaS7{!{8Vx3tk!* zS|HFMRJU#U;kJJ?V8xO9Px^$kLcC!uOu?vx>ERg}t8fGu3l-wXn1ZMv?5+CDNMev# zn|0=?YtTV+%pG2kG{|b-H67Ik!L^!O%w;h=h2!F&SH22Y&F{U@C*>Et%%r{4Cu@vx zK;zI^7*^BOifs{K;`tZ2Nsc{dIaP?13FwMCSXXwIJW?I1fT~I?5YzRBY51ZohFKjx ziQwJc3lyj3FsnKBJn90$`Gu{}XW1r7L1|W(O~E}Xi7N*Ox-Y7fGrMT=*JilCCoQr9 zBJO1_p>Qo(wRgD~aA?(41_M|z&yhn1w(U9xkdatQViNhJ(hT8iDeuRIh=LgP4lI57 z=*5c%PaZsdN$10xsTfWCxLmz<3fkhwwvYkwSGN-(ePt~NAa{hbFE){ciZap8|JTW~z&Mq`& z_dnurB*R|Y$*Co7F&dNWa9l=g;8>v@Oo19l2J6B7@Szo3oQYA=-jtM*_JpV`Y}Eof zncvs;eHM{|xXH2&kg>g&jhGUfxu-$bN`-Rd*9gLMrLfE;pyS@S8N4zCy7)6!$D>m7 zocablr2#R#dG zk1=Vr70%#tejNziK>Z&zEr9pUJv3-%vQxs3v<#e3Q@6ez*$4hwK#qT0VbCBR34 zR!$)kj(35^fr2I=N7XmmR`N_dI8c6%6Wf3;?N&?vh{OR@J(^bBFa@O^Sf0Q;T11$$ zQtlYwv}Z1Ng6C&v>kpD0V$HiRpFjTlJ$sOCLd<&DmU~SUzK?^mJXR$}Gq$DdW3&g# zc-Idxp{vrZRncH3SSKHHWm75!>0U%Jmz;*7{HHe~(ueyu?YAVg)39-6(@X~+9Sl4V zH_X0WEcR$23ADcmm-gj%vv0qCChkXp%y;uIges>eU(Ua%UMKVK&@9b=X+KZ6^ySPt zd@;8PIK>z7xOIr8)6Is=6b_#9>FoIP=gGAMR#bq(hc3@a{8t+h#Kx$1oejd_v7WA4 zC$7d{%j@&>$${Gm90@oCD3^C#YDJZqbBCSV@N$V=$x(5-C%Lbps%8 zi)!f>&NA-FI)*4nRFgaFmLP*-qu8-wsMosOk^8{5;$=$u>2CS7-e~$vW-P7UP=bSJ z60%g0>x@Oa9XE-Q@|Xxr*%3d3&6L}cdKE(X8?eD-TSf_;H0T84N&O~vu3BdbBR+kh zrB|5QolHx&WeDLHq>8uCVI7Sass}%z(nN4c3-^pl2l{oyE{8yK~;!>!7bZ0 za)&0WH<3J3glyKamBfJ$W)}h`{)pl_Lj#^c42sKXRLwmQDKyS5SQCns)TWefr_J5X zNM%dvC1rAwhv)FcE5OhXCO(bx$>r;4gH$OVFE^PoQq06TrBWkw8rR2{c-_ILA|J$D zmHA>ywp~oBznG1d#&O8#O6^zon%V5=UCr?7%LE=p@2qFJT{iP{FERTK*s_WaTMkN;@@^VuKm zfBxaF{^yWC{-=A-pFVo}6^g2mfmA;4IKh3;7R*s?AGK({HGlnqn?kqiM&vdW)I+Zb zhEEQ=zj}8FYu*AUDC|EyonIVNZoe~sx?1t5hVmtrh=#lju5|m{TFL2DXs5{r+>)Pt zd@k!u_ZjYXyh!qd45r0#bCMNX-l9O!K2@-hqcZCYAW6=Jj=>gBc$7xH_I!6_QaIxA z-7A~}#aY6`6Gy{O9{OK_n;IC*pT96S?2qYq_V!8l32V#a0JVg#Nj?q}o#De23FPnG zAY?=Jqo4TE$RvMLSKg@?*IwCnf;n*?I*QV2#&3oe7Q9_X(-U}}<3<_=S6QQE=a2n) zz}!_Vm(xNRAh3nW&6;u0)_V7R=*i;Fc0Ml&2-&Aw;%e}Wd^Yrc3 z?er;CYGApZq8;UEzKk z{7d^HgW%*1#{2#cYYJ`ne5^o8p-Ie6u=w&P(e5R=?WHf!mU-6Ii$`xYKX^~aIn8r( z>*8kM)74Y5?dRq8oRi!l5SDKprtlMq!Z>{S-?J616x#V9+3f%LwG&1+MKHE|A>o+r zx;%Y@IQ>>~A#livIi#a)j<+WQnwa+SK&b#8`nI~zcIJ<0Q4D-2Q~_!?F|Y83BT~!m z%2QYh)4)w{x|A{#{PGk`sr+-qS2(+FGWjH-p%DSmLI#sH(GI__=o1c+;-NDp*Hy zZzXj3_!l%gRMAWC)ts|dW5PYm6}gV`kzSbyBaM@j`E(=hy9bS3C3?Y{X;3?lmjq3~ zH|{|<1@Cr0k(OaEjY21niZpNQePxk$v;SybB6ln;|Ew4;GJLCzHGU6`uv$nOO{uQI zGi_`elrZN=AaP@P){jIA4ZcGH1X`>3tMC(MIO+)9t_82+5Uqaj-)*(=VZT*`p~)T43;>?-k~fdn!bfwZuRDjb*z@=V4;^~ignCcDIY fUFA_GqA9l;7=-J|7-~-1X;v!YDR}39pOyYUe!9Wm delta 15677 zcma)>349bq_V~NF2{(isgph_DB#;b*`#!@F2qE03z>rMHKr$0%CV?Oj6chpFYM>QC zKtw>!6%k!oL4tUJAS$aUsOx$w=(@V=$^ZMhJAl94{e1pSUVp2q>wNX`r;&EaFPA$$SWhZkWC{0O#& zzrk8CF-g;!Ko_J&WU=8>vbiuta0=@&g!0Sonn%0p(6158_L(#%& zm<&(AuJCgh4s{aggVq^Jg;QWNxDqyoyI>A{23CW$Q>Yu(hce>MFcx|oE-fd}iG&?c zD!v5Kp7tw5OIlnTP0N58P|{bx{%}8(j$MOf)souU<#V8XFNOSR&+w9Z{tl%BwNo{X zKdn12W>_oFCm<>;htjhhP0P|`h68eRjX!;iym@MSmvD&~z@ z(lVelSO_KGGAIo`4n-3u9R3};us^MKx@~;jpcvaYD8?}t%AD_kVpM;DXj}U$lo3|x zV0W-Bl&KpAr^8}67+!$RwhBICj_HuU)x4NH1I5xia(SOur`Jv9g2rC zg1(SWYZIOL3Mdsl3PnTbAhV_Y3pRlXooyrS2Bn@^P&B&~%4+))lxf#qCmtlHM!@Hw4lhEP%kQ1^NGwr0?1Ex5L!l1mIJ_S=CVl|Ql%9k#H6L_E|5A}+ zBGIar2pPOK0rID<;w36O4Mj5_IPqHDZH>i48Ne_o9he72BkSNic-%?v)WbIJY$!HT z2qoW!9_U|GdV&O*!*8LeCIXX}IqL|ervsoglm`#Ob+8`nhg<6lvmsj7Rzn$K1(bpP z&0&q+_5j*I8R!^?_mmTmIXMPp1fM{eyBknc*`$xHx-L*Bo(aW@XG58qHBi?1At+P# z9+VE%=OrV|hSISz7zYo+k??gWHdo%FpKTM)d%{{SOkG;1>)wuhqnK~Sc$2vWXW+eARD_mIPPp;S9cDl& z=!P=lm9Qmz8p_Dtfzr``Lm5a4y^-{huqyOB3_@vd9&9b^e+L06_==UFX+JyhR)g$0 z9|Q3*+7gI8X@?zt30o0QV6o$~v>}k`)=Ht|KLRu1$B>1hr46ya=RwRz+W}K(U%Ntp zY13*BwR=1mQn!{57sCBe<}iiYFbi!Ol!~|T!d|scAysHChuJRL3uh4D2eV<_;dTe6 zK*_%zNE877i`hZA24V~OvBVvMiAn(#wd4St@3{$-hbLxNa$)F^xTje=6Z17(gE!gg?* z6F(1SWdDFN(v;B{BpeMT{R)(khL5p3GzLn2Wv~TY3q{k1$_dDvT!LszYc$q&z0;vo zv=Pd>J`3~V4cHdukF&q8hth#pocKSWs5WK1ov%OaNW2KjYS;lAz!#vDD}RH4^yFtK zs%kmG&e#{~#HT}9W=ov(N1C2753 z99#pXLx-UB{AHK`ufWc*iq}?oH<&~`6DGrADES_OGIh_xM({eU4%KYi_11(s@qx3; z?Zaap2{MOwe8xSx`E#0iqP`Wr#Mljv;#; zZ-s4$zXW^1e?Y0PU5V`hXTt8pcfb_*9_$ILms;h@wf+RsNhpL};UiE~e+jabwdi?v zfe_3fei%xFKfrcSpKq%=$Ke4e0|_g$N1g+_5MK|)QN031LqEWdvi>_Ruq&Pg#fbJp z*~Q+5qu_6_DI9sHZEPMW72NOeRVW>)wa^}UH@J-W9Jn2R3uQp-7TJE|Eht9%73@R% zTEoS*YDU6T;$={bBvdg0)7EyE^95dN7eyKJta``ZGlqX zi%wjj4oPnVbvOq0fT3mRUjm0nke+`Dr2{SQv6tfgU}ty) z4uxMpX{f_;yZjV*ocI&47o2sUy?P#l3B=#M50%Lr|4xFaIA?`Dl7&#>JE6?|c_^#m z6DV^Z!P>hB$HGRi^(xyBbcgc23?{*2PWn|S9cXdCJ%A~2AaS$YNq7%tkP!KR?NX;g zF~WIJM!3z1zYS%Czd;#6(rUY*;ZPb5K+))7I2eBAq<2`OX~T&ZLs<>SAqzz-|DJ%X z*TS{7>bF5@@M|a)wOVKIhIhbWQUK<_SK$m8v)Fqb=8dB9KBt#|^fJx&w-;HoCjJ`i2-PNgDmp{a zNC|8UkHD(%1BV~OR9XL@5s;pSo3@Iwpj7lAlsP&JyTFDI+H*GqiUyX#q3|u(0meRL zd(0dts(%pngCD?|P~U9Vw-k;h{t_HS`&zSy?HtEm?;@WofKOPPy&>wDv{on`C1@#>^ zM?(3&7>3trzJ9aOW@8@Ap*kHH4?uSFEe+jGw zH}5XD4+c9)kOF&Q7W@LXf?f95%W)DEjfCJBxD$#^{0o*s*Is8^h9`+%hGHWRKVeVN z*HFsm?6Xh7!U6D2*btUS9JZH9YuJ?p4@`wyVG?{5wuRq8S*Ednvg1Qw z8{$DI4L<^<{M%4gPrWB?jr51&H%g%x=?hRa8-B!D|6K{pCSfid1mB0vV5_I>3VK5^ zrhvmeP$zyBX22UT6J{K>cgNLGjPNPg621xB!5^SBocOf8Jr9MmW&NKcu#gYkj%nI> zcod2T>ONzSxI64aJQup)qp&G_1Ga{r!CctjS=%KCVRhmU!W!@qC{wZvc8AxXbTIkP zY)G`P4Iz*Q55aVJ1ydU$9ab z1r#F^!<>c43duv>K`;aB=bN8kmB>GmoT#F_H&P+S!B>vmsNQYm; z=aD(c`^ae|k}@q3d9K;eCOQm|J`@>D{2|0e_yPDf5+d9jk*9%0XZ+PjxNapoTO(od zX7apf!@2=~N4OM`WtWWH;Z*i0;eJRHMBHu&xr)g1F475^jdUmf=deGFg9C5spU8WN zJaJB?60S?Q6d8bAkp!MTh|kHB3|AAM58FFwM~QbOya2h=Nh3*{gq%U5B*Nq6TX_kA z_EyyX;bYz^&4gb=+nYs<**Dcfs>#Y-u`?>&8=aaAc#u##C$%#vL^&k>-5^~89hDgUMpHB$nkrsmtM|vUh zq(b=*^QOo#JIQ)y6CZ~>MeHRf-A()+!d;N(kSyXn<=S6)H?$*G$}qxnk-EeN-j*Ig zyaQ4~+Guz$Qu!=$0_))@q!D>KIAuR@z7;v#0RQHMXDWs{jf{^u2|qj3VI8Le!$}(f zQ;>zE-v#}!0=9sy;0dHHl8>}T&LcIE0ng(`bld^55Lt^nhCG90mh&-PvmaR{H+Ytj zCjLa8s)(c=Ag!g9ax3i(()v1SVp)}zKiw&Hhdg=u98X!W&>zwhy{<6h$+2Bjm=QBB-l#LKp%v=LJ9}Jv z-Y3Q-^KLypi+6B*BJT&syOhf~Gk!7Q_a^kN;%jZhOl(f%^NGEU=*dzvYqDgVJGm8a zV{!uTiBmFoZ9S)7^T0 zz~j*i{r=*a?%X+go~P8C>!IH>W<(p+r$$g{$&6IqU(bl*UCrGx?q&tEP)>2cpX&(* zp;uH|M#%y0BytwGr8_I#J*~HHeBy4|{$@#kvB&2$r6&geM>18#&Wxw{a_jxX%;xn9 zJnlSCfSwmh7f0tNMc*tN;M1)t`MM@IzS$qYGA~k+7WsTVSE_EDm(=jKOu>*p;4z+` z*NjhR^3wF1pMoCG9I*jgJ-R{g??06Y-Mq0K*j{ztw{cEl`s_n75sLA&1K0@RTh)V)Dn zrqo^P_7=KlTG|;=fVCEg@x4|s38TvMim~1AZNdALH<6Yy+#$C!6g}S`pf4eJZh0nTzxw&+iFht$mB4QOK=i z7LUHb6Y%Rn?*ij&QLNF>SJ!yGD8}gGtB)#fWvm>5tRjzb%oi&iyjeS6Lw+hLau*iT znQQ*`&0LkA?a9#nrJg{3p?@BqXB4+F_RdYJ9`xi98y-kCHUG&O>uC}U-bXzNl*TjR@;M~y?JO$~kCuqf0Zw&nHBVyXCx^wHTv z@GZeGBX^!m@3MJfN4w{x^L}TZEYLdhWx}V-7bDs_KiXJ5zkwB!__6u2HloW?W5Tq- z%oW}OtFo2@)>&!T4a?h*>x;YR{UKK{+|!!(iF?`@o9^wDP~sD( z==-BF=w6>bI5TIAUgXb{b(6e&1Vuhuo?10b8)|%Ws*{m<-%2B9#adGLt&rioZoN0G z6pJ~&Qik@8_0C?E)-FuT^o2ZuKuNLqx|wCTkf3*#&&|B>rPN*M{o^{E`#@@2=`{vG z<2SPu7rN<|<#hF8cK~-vrLr(TUM&V*b4?uY{%hJc2-Ajp0zOY+rG?dAm+&8Hz1F4w zN7@(bn*T@I(Dg|zrM@!R9IORnnVU<;CAJRfvLflh_4OlZyN@ALm1nqkKW_|)w9DC! zJx|XqaQkLi=2d-zxbmV6t&OQ08d;%!ybo-MV)CS=$`X!&m)J)6;)aZRfB0@3+8D{o zxxIw#Ppn2VH^vzkHp+Z|voV>KK{jWL>7fVRg?87)*wZ$pVAfgVhL17gM<-MX(~J}I zqKs*y!*CapdTVnk5vSp`CyavA9?CQZZ%*wSm?M^MWzD;}{7QT!LEEipBi#Qzhx6Sy zyE&m=UW)FSpX>4DS$+R)bDYut;iT$e+6eCeYg>KJaVFgN?%Ophf>7)u_{tU_?*o*v{py=MsT zI(ucS%-TDH_x`;-B6TS@cHrnqIb$7njhSjA%?n-?VYr{jGk$$SmiQF67{!+ToUBo}7_^OX=)N&reKD)d!93 zuP3(eP*_;f!$zu}*ol~q`gGYALLMI{lVbF17m^R{f{8)n%8_WQ`|(J7W5QDjMy;bo z#;T)o5cvDiB%|n9z3@_hVM&okOdyf$@{itpd@MdTOdIWCLFQ89JkCXymvQWt95tRv zsV_O^mUx1)=JSe-)IZB?r9LOKc+jn0Z8wm&P5|FyH?H@-V7i*@`tNiR7k#<=mEY!^>kDc;vxF}hW+x8Z&C z^|rhloloR_r}f@`zBl13=Lf~odeEci2g`i9x;r21);;Xd`b;@zxQs;?Qpoq_h2j{O zHh$3P%(0Vn=YW*!cloc?Qe87YF%sXo;NthDMsc27dw%; z^rDXQ8gE<6ZKn&{S%w*hF3OSgwTm*u&o3q!k#CJLK6&e0uTX)wlpu@07zG!3d?9zC zp3A0_s(V9vt{Z>vFDfp?(-)TMGuc(==w<#A4jvptj6Ih`S1(->Eq#6oV=|xLts;#v zf4$#m_fAn0a&sP%GkWLxcmpN|181{ZgFwKx<%~=ljk68@*L>;eJvwwJpW(W4woOi9Nx)s0CSwWq z&~;z26%Y3A&{MaAy_0=a}~H&n4VU~4RA!0?R09b_xk^D6e{yGuCR%iPFLaBBN)x2e6KOgDc2bh)wivq6b+ zo4R?K@^FtDSXi-FP~gqyULh91bt>ZXTqFL=?%}DLr?|Eq?^ zPha*mLSLP#`LABUE@@YXYdX(fT8`5{eVuK+Q;gzoS0qZOL3$W5rfSz1$Z z2eg9SmBN`yw@49?TM%XTOH;MXeM(WWoiM$MqS9L*YlW~Ef57cE)o#_4{nEUns$z3C z)7z=0=Dw;byfWONnyP0WR4V$mgr=3@U^S}=3PqZaS5r7e(^Xw1m?v8)E+wX~x@vB| zU0wAd+@yx$;%H{qP#Iu-4Xd-qYbZ_!=C+!YpIlR+0SR}ng&A=?ndLD*tf`nZb5kwr z+k3SX8@c&F7qWM(t?({pdYFnZ3u-H?OA>yws*-85(l69jI5az4HB7mhaANXcvbRh* zF=$S|TSc%LX0`SgS1uiMRUH*${$58VniuOR_C>QpU9~{D%&>Z@H%II&^IBik(wtpS z)vaY!nK2^GoE}T-#Z6T;v!b42_cE(DP;F~h?3Ei>#onOlYM}Zzym<%nlvtNAv$z2* zz0yG4LxB;E71nO9Y0M0sYOLbT4ow;8FO5~Q9qQghHQ{?)xJtDX{?Y{fE(%u-Zbrk* z{ozbK1+6U2&9g^UZ8Nb?N!FXcb8d zXPT*@X1f?w#>YJ|s%4mcHpZ0%&4}izvw5t!N-=xKs^xMr^#()c+2Km^d7qBKgx_xSrl|l_{Ql9ygadYPoH}tu&np9 z1T{p`Zmyh$bTqfnlh2v3Vg=XdT=QTmbNgYMRTD?U<5Za62^C-Hq#6>g-&x^K%oAM| zKFjRVO^q^3x~ujH&ee@U>uk!!exKzqFmAcFSr<5(P3@rqlpI8ATw;0u5}$LQ z6GMnHv6?XRkpZeE*fl`)Fe3-5c*`hcW2xukvT5DETZd0vB?-j!o7X=ANnnQ-GN%7bgXATNjyOA?la{oiE-h6MxUh3ICTn(ep z;Suz-dY0;386KBqc@iuAXqGj55^mC(gRoeqUJ~*adV^LSFJ`G+%B>y2>S>#;ICNRz zCbWc0$Km7ly@l+Lv`40v)~;r5&sH_ef^5Y$VizSr%)+Y1`uIV%s{e8FxF&dg_ULY1{G2RJZ)UkYgL!J4N^ii`kI~A)wYp>W z9k0Ch&Cl#NK@~8N*okU5STWIBipM8f7CCs5HESPFvJA7uWR*jfRg)FgVSY44b(B}8 z`NdRgI$U?CUFKcW)kZ!>%uu7veKRcMdU>YmRbTg)+;$T*N9L-S+5xUEUe4@c=BQjX zjZ%klRl3=CwyNDU)&B8?UovmI8JZD!>YRB!Pvy!=Uo}gOrp%RD$_@Gys4TFuKrLWg z>;uNZy-}v_RekE})MDQgDRtJXHkw;zTXr?pr~1oAV66Qm()_O2+H&6Ysf)`F7n)M8 z$Kp?|i>5vz)4DU_kVAT*+wx$z++y^E6Xqu-I=~XU^_i1ba*_FEtg37NT*@9ZYaYI! zaK1WV4k%Nj=>L&2)ymv|r_!TxnxmHC4R741#+z!HYGW>5q3Y1aiWTaV$}%rZ#BUFGQwW_AbT)u|W;r?$Lnoq=9ogyA>u3gLS_{CcF zka>BXx~I$7fWKIj=i{E^E}75W$QRTLTe|}@`Dr?s%g+}aB1;_I>h?tzb4xQ+hp7K` zg>_CF%~iG9_KIa@%>xEIJX?RbIeoRNW3Jw$_@&G2@St_72t8=2ckn}s-w(`14_U{W zTAMAm?%J%l`I?h9TL;OziOB-@gv><`^WA0ce3-TDGT(ievMzJ}7S*vf_gKqOddv=6 zsmf(e+seYQ(A)U>d{cryZ^dQ0%*BtW?zd(C?Gd%7x$BlwbFR5^zm*M(fuGoB?WW&v zQ=P-OvvMfIse8arBwjNhk58drXdH1%~H-p=e(8C6-q=GrPMe4@rt ztl}VNsshh^x5gI4L6U3VZ5L&_T~x8R$S<9-Ozpp2m^H3rTv9adEdj4wT+E!HY8qqT z((KLR)V@>Oo!j%N?WdkIpWUyL!-FNo{J#)eNiri2S{FEv`Q4qWNewOF33&s?3!mWr zsxX{Z2UNCs@__oYdG|rpsb;A?jSM&3{Pv*AO~@IYS<{Y3ouj<7wsM$I<@>4*8Ms diff --git a/po/fr.po b/po/fr.po index 379874e..8bb2297 100644 --- a/po/fr.po +++ b/po/fr.po @@ -1,1958 +1,4080 @@ # Messages français pour cryptsetup. -# Copyright (C) 2015 Free Software Foundation, Inc. +# Copyright (C) 2020 Free Software Foundation, Inc. # This file is put in the public domain. # # Solveig , 2009. # Nicolas Provost , 2011. -# Frédéric Marchal , 2015. +# Frédéric Marchal , 2020. msgid "" msgstr "" -"Project-Id-Version: cryptsetup 1.6.7\n" +"Project-Id-Version: cryptsetup 2.3.3-rc0\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" -"PO-Revision-Date: 2015-03-19 11:29+0100\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" +"PO-Revision-Date: 2020-05-19 11:00+0200\n" "Last-Translator: Frédéric Marchal \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"Plural-Forms: nplurals=2; plural=(n >= 2);\n" -#: lib/libdevmapper.c:252 -msgid "Cannot initialize device-mapper, running as non-root user.\n" -msgstr "" -"Impossible d'initialiser le gestionnaire « device-mapper ». Fonctionne comme " -"un utilisateur non-root.\n" +#: lib/libdevmapper.c:399 +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Exécution comme un utilisateur non-root." -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" -msgstr "" -"Impossible d'initialiser le gestionnaire « device-mapper ». Le module noyau " -"dm_mod est-il chargé ?\n" +#: lib/libdevmapper.c:402 +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Le module noyau dm_mod est-il chargé ?" -#: lib/libdevmapper.c:550 +#: lib/libdevmapper.c:1131 +msgid "Requested deferred flag is not supported." +msgstr "Le fanion différé demandé n'est pas supporté." + +#: lib/libdevmapper.c:1198 #, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "Le DM-UUID du périphérique %s a été tronqué.\n" +msgid "DM-UUID for device %s was truncated." +msgstr "Le DM-UUID du périphérique %s a été tronqué." + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." +msgstr "Type de cible dm inconnu." + +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +msgid "Requested dm-crypt performance options are not supported." +msgstr "Les options de performance dm-crypt demandées ne sont pas supportées." + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." +msgstr "Les options demandées de gestion de corruption des données dm-verity ne sont pas supportées." + +#: lib/libdevmapper.c:1634 +msgid "Requested dm-verity FEC options are not supported." +msgstr "Les options dm-verity FEC demandées ne sont pas supportées." + +#: lib/libdevmapper.c:1638 +msgid "Requested data integrity options are not supported." +msgstr "Les options d'intégrité de données demandées ne sont pas supportées." -#: lib/libdevmapper.c:698 -msgid "Requested dmcrypt performance options are not supported.\n" -msgstr "Les options de performance dmcrypt demandées ne sont pas supportées.\n" +#: lib/libdevmapper.c:1640 +msgid "Requested sector_size option is not supported." +msgstr "L'option sector_size demandée n'est pas supportée." -#: lib/random.c:76 +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "Le recalcule automatique des balises de sécurité demandés n'est pas supporté." + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "Discard/TRIM n'est pas supporté." + +#: lib/libdevmapper.c:1653 +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Le mode de carte de bits d'intégrité dm demandé n'est pas supporté." + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "Échec lors de l'interrogation du segment dm-%s." + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" "Le système a manqué d'entropie lors de la génération de la clef de volume.\n" -"Veuillez remuer la souris ou taper du texte dans une autre fenêtre pour " -"générer des événements aléatoires.\n" +"Veuillez remuer la souris ou taper du texte dans une autre fenêtre pour générer des événements aléatoires.\n" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "Génération de la clef (%d%% effectués).\n" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" -msgstr "Erreur fatale d'initialisation RNG.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "Fonctionne en mode FIPS." -#: lib/random.c:206 -msgid "Unknown RNG quality requested.\n" -msgstr "La qualité du générateur aléatoire RNG demandé est inconnue.\n" +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." +msgstr "Erreur fatale d'initialisation RNG." -#: lib/random.c:211 -#, c-format -msgid "Error %d reading from RNG: %s\n" -msgstr "Erreur %d en lecture du générateur aléatoire RNG :%s\n" +#: lib/random.c:208 +msgid "Unknown RNG quality requested." +msgstr "La qualité du générateur aléatoire RNG demandé est inconnue." -#: lib/setup.c:200 -msgid "Cannot initialize crypto RNG backend.\n" -msgstr "" -"Impossible d'initialiser le moteur aléatoire RNG pour le chiffrement.\n" +#: lib/random.c:213 +msgid "Error reading from RNG." +msgstr "Erreur en lecture du générateur aléatoire RNG " + +#: lib/setup.c:229 +msgid "Cannot initialize crypto RNG backend." +msgstr "Impossible d'initialiser le moteur aléatoire RNG pour le chiffrement." -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" -msgstr "Impossible d'initialiser le moteur de chiffrement.\n" +#: lib/setup.c:235 +msgid "Cannot initialize crypto backend." +msgstr "Impossible d'initialiser le moteur de chiffrement." -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 #, c-format -msgid "Hash algorithm %s not supported.\n" -msgstr "L'algorithme de hachage %s n'est pas supporté.\n" +msgid "Hash algorithm %s not supported." +msgstr "L'algorithme de hachage %s n'est pas supporté." -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 #, c-format -msgid "Key processing error (using hash %s).\n" -msgstr "Erreur de traitement de clé (valeur hachage %s).\n" +msgid "Key processing error (using hash %s)." +msgstr "Erreur de traitement de clé (valeur hachage %s)." -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" -msgstr "" -"Impossible de déterminer le type de périphérique. Activation du périphérique " -"incompatible ?\n" +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" +msgstr "Impossible de déterminer le type de périphérique. Activation du périphérique incompatible ?" + +#: lib/setup.c:341 lib/setup.c:3050 +msgid "This operation is supported only for LUKS device." +msgstr "Cette opération n'est possible que pour les périphériques LUKS." -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" -msgstr "Cette opération n'est possible que pour les périphériques LUKS.\n" +#: lib/setup.c:368 +msgid "This operation is supported only for LUKS2 device." +msgstr "Cette opération n'est possible que pour les périphériques LUKS2." -#: lib/setup.c:320 -msgid "All key slots full.\n" -msgstr "Tous les emplacements de clés sont utilisés.\n" +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +msgid "All key slots full." +msgstr "Tous les emplacements de clés sont utilisés." -#: lib/setup.c:327 +#: lib/setup.c:434 #, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" -msgstr "" -"L'emplacement de clé %d n'est pas valide, merci d'en choisir un entre 0 et " -"%d.\n" +msgid "Key slot %d is invalid, please select between 0 and %d." +msgstr "L'emplacement de clé %d n'est pas valide, merci d'en choisir un entre 0 et %d." -#: lib/setup.c:333 +#: lib/setup.c:440 #, c-format -msgid "Key slot %d is full, please select another one.\n" -msgstr "" -"L'emplacement de clé %d est utilisé, merci d'en sélectionner un autre.\n" +msgid "Key slot %d is full, please select another one." +msgstr "L'emplacement de clé %d est utilisé, merci d'en sélectionner un autre." -#: lib/setup.c:472 +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "La taille du périphérique n'est pas alignée avec la taille d'un bloc logique du périphérique." + +#: lib/setup.c:624 #, c-format -msgid "Enter passphrase for %s: " -msgstr "Saisissez la phrase secrète pour %s : " +msgid "Header detected but device %s is too small." +msgstr "En-tête détecté mais le périphérique %s est trop petit." + +#: lib/setup.c:661 +msgid "This operation is not supported for this device type." +msgstr "Cette opération n'est pas supportée pour ce type de périphérique." -#: lib/setup.c:653 +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "Opération illégale avec une re-chiffrement en cours." + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 #, c-format -msgid "Header detected but device %s is too small.\n" -msgstr "En-tête détecté mais le périphérique %s est trop petit.\n" +msgid "Unsupported LUKS version %d." +msgstr "La version %d de LUKS n'est pas supportée." -#: lib/setup.c:669 lib/setup.c:1420 -msgid "This operation is not supported for this device type.\n" -msgstr "Cette opération n'est pas supportée pour ce type de périphérique.\n" +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Un périphérique avec des métadonnées détachées n'est pas supporté avec ce type de chiffrement." -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 #, c-format -msgid "Device %s is not active.\n" -msgstr "Le périphérique %s n'est pas activé.\n" +msgid "Device %s is not active." +msgstr "Le périphérique %s n'est pas activé." -#: lib/setup.c:925 +#: lib/setup.c:1444 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" -msgstr "" -"Le périphérique sous-jacent pour le périphérique chiffré %s a disparu.\n" +msgid "Underlying device for crypt device %s disappeared." +msgstr "Le périphérique sous-jacent pour le périphérique chiffré %s a disparu." + +#: lib/setup.c:1524 +msgid "Invalid plain crypt parameters." +msgstr "Paramètres de chiffrement non valides." + +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +msgid "Invalid key size." +msgstr "La taille de la clé n'est pas valide." -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" -msgstr "Paramètres de chiffrement non valides.\n" +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 +msgid "UUID is not supported for this crypt type." +msgstr "le UUID n'est pas supporté avec ce type de chiffrement." -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" -msgstr "La taille de la clé n'est pas valide.\n" +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "Taille de secteur de chiffrement non supportée." -#: lib/setup.c:1004 lib/setup.c:1124 -msgid "UUID is not supported for this crypt type.\n" -msgstr "le UUID n'est pas supporté avec ce type de chiffrement.\n" +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "La taille du périphérique n'est pas alignée avec la taille de secteur demandée." -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" -msgstr "Impossible de formater en LUKS sans périphérique.\n" +#: lib/setup.c:1608 lib/setup.c:1727 +msgid "Can't format LUKS without device." +msgstr "Impossible de formater en LUKS sans périphérique." -#: lib/setup.c:1089 +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "L'alignement de données demandé n'est pas compatible avec le décalage des données." + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "AVERTISSEMENT: L'offset des données est en dehors du périphérique de données actuellement disponible.\n" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 #, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "" -"Impossible de formater le périphérique %s qui est déjà en cours " -"d'utilisation.\n" +msgid "Cannot wipe header on device %s." +msgstr "Impossible d'effacer l'en-tête du périphérique %s." + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "AVERTISSEMENT: L'activation du périphérique va échouer, dm-crypt ne supporte pas la taille de secteur de chiffrement demandée.\n" -#: lib/setup.c:1092 +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "La clé de volume est trop petite pour chiffrer avec les extensions d'intégrité." + +#: lib/setup.c:1821 #, c-format -msgid "Cannot format device %s, permission denied.\n" -msgstr "Impossible de formater le périphérique %s. Permission refusée.\n" +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "Le chiffrement %s-%s (clé de %zd bits) n'est pas disponible." -#: lib/setup.c:1096 +#: lib/setup.c:1854 #, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Impossible d'effacer l'en-tête du périphérique %s.\n" +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "ATTENTION: La taille des métadonnées LUKS2 est devenue % octets.\n" -#: lib/setup.c:1114 -msgid "Can't format LOOPAES without device.\n" -msgstr "Impossible de formater LOOPAES sans périphérique.\n" +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "ATTENTION: La taille de la zone des emplacements de clés LUKS2 est devenue % octets.\n" -#: lib/setup.c:1152 -msgid "Can't format VERITY without device.\n" -msgstr "Impossible de formater VERITY sans périphérique.\n" +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, c-format +msgid "Device %s is too small." +msgstr "Le périphérique %s est trop petit." -#: lib/setup.c:1160 lib/verity/verity.c:106 +#: lib/setup.c:1893 lib/setup.c:1919 #, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "Type de hachage VERITY %d non supporté.\n" +msgid "Cannot format device %s in use." +msgstr "Impossible de formater le périphérique %s qui est en cours d'utilisation." -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" -msgstr "Taille de bloc VERITY non supportée.\n" +#: lib/setup.c:1896 lib/setup.c:1922 +#, c-format +msgid "Cannot format device %s, permission denied." +msgstr "Impossible de formater le périphérique %s. Permission refusée." -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" -msgstr "Décalage de hachage VERITY non supporté.\n" +#: lib/setup.c:1908 lib/setup.c:2229 +#, c-format +msgid "Cannot format integrity for device %s." +msgstr "Impossible de formater l'intégrité du périphérique %s." -#: lib/setup.c:1285 +#: lib/setup.c:1926 #, c-format -msgid "Unknown crypt device type %s requested.\n" -msgstr "Type de chiffrement de périphérique demandé (%s) inconnu.\n" +msgid "Cannot format device %s." +msgstr "Impossible de formater le périphérique %s" -#: lib/setup.c:1435 -msgid "Do you really want to change UUID of device?" -msgstr "Voulez vous réellement changer l'UUID du périphérique ?" +#: lib/setup.c:1944 +msgid "Can't format LOOPAES without device." +msgstr "Impossible de formater LOOPAES sans périphérique." + +#: lib/setup.c:1989 +msgid "Can't format VERITY without device." +msgstr "Impossible de formater VERITY sans périphérique." -#: lib/setup.c:1545 +#: lib/setup.c:2000 lib/verity/verity.c:102 #, c-format -msgid "Volume %s is not active.\n" -msgstr "Le volume %s n'est pas actif.\n" +msgid "Unsupported VERITY hash type %d." +msgstr "Type de hachage VERITY %d non supporté." -#: lib/setup.c:1556 +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "Taille de bloc VERITY non supportée." + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "Décalage de hachage VERITY non supporté." + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "Décalage VERITY FEC non supporté." + +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." +msgstr "La zone de données recouvre la zone de hachage." + +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." +msgstr "La zone de hachage recouvre la zone FEC." + +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "La zone de données recouvre la zone FEC." + +#: lib/setup.c:2208 #, c-format -msgid "Volume %s is already suspended.\n" -msgstr "Le volume %s est déjà en suspendu.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "ATTENTION : La taille %d demandée pour l'étiquette est différente de la taille de sortie de %s (%d octets).\n" -#: lib/setup.c:1563 +#: lib/setup.c:2286 #, c-format -msgid "Suspend is not supported for device %s.\n" -msgstr "Le périphérique %s ne supporte pas la suspension.\n" +msgid "Unknown crypt device type %s requested." +msgstr "Type de chiffrement de périphérique demandé (%s) inconnu." -#: lib/setup.c:1565 +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 #, c-format -msgid "Error during suspending device %s.\n" -msgstr "Erreur lors de la suspension du périphérique %s.\n" +msgid "Unsupported parameters on device %s." +msgstr "Paramètres non supportés sur le périphérique %s." -#: lib/setup.c:1591 lib/setup.c:1638 +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 #, c-format -msgid "Volume %s is not suspended.\n" -msgstr "Le volume %s n'est pas suspendu.\n" +msgid "Mismatching parameters on device %s." +msgstr "Paramètres non concordants sur le périphérique %s." -#: lib/setup.c:1605 +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." +msgstr "Désaccord entre les périphériques crypt." + +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 #, c-format -msgid "Resume is not supported for device %s.\n" -msgstr "Le périphérique %s ne supporte pas la remise en service.\n" +msgid "Failed to reload device %s." +msgstr "Impossible de recharger le périphérique %s." -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 #, c-format -msgid "Error during resuming device %s.\n" -msgstr "Erreur lors de la remise en service du périphérique %s.\n" +msgid "Failed to suspend device %s." +msgstr "Impossible de suspendre le périphérique %s." -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Saisissez la phrase secrète : " +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, c-format +msgid "Failed to resume device %s." +msgstr "Impossible de redémarrer le périphérique %s." -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Impossible d'ajouter un emplacement de clé, tous les emplacements sont " -"désactivés et aucune clé n'a été fournie pour ce volume.\n" +#: lib/setup.c:2732 +#, c-format +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "Erreur fatale en rechargeant le périphérique %s (au dessus du périphérique %s)" -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Entrez une phrase de passe : " +#: lib/setup.c:2735 lib/setup.c:2737 +#, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Impossible de basculer le périphérique %s en dm-error." -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Entrez une nouvelle phrase secrète pour l'emplacement de clé : " +#: lib/setup.c:2809 +msgid "Cannot resize loop device." +msgstr "Impossible de redimensionner le périphérique loopback." + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "Voulez vous réellement changer l'UUID du périphérique ?" -#: lib/setup.c:1798 +#: lib/setup.c:2958 +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Le fichier de sauvegarde de l'en-tête ne contient pas d'en-tête compatible LUKS." + +#: lib/setup.c:3058 #, c-format -msgid "Key slot %d changed.\n" -msgstr "Emplacement de clef %d modifié.\n" +msgid "Volume %s is not active." +msgstr "Le volume %s n'est pas actif." -#: lib/setup.c:1801 +#: lib/setup.c:3069 #, c-format -msgid "Replaced with key slot %d.\n" -msgstr "Remplacé par l'emplacement de clé %d.\n" +msgid "Volume %s is already suspended." +msgstr "Le volume %s est déjà suspendu." -#: lib/setup.c:1806 -msgid "Failed to swap new key slot.\n" -msgstr "Nouvel emplacement de clé impossible à échanger.\n" +#: lib/setup.c:3082 +#, c-format +msgid "Suspend is not supported for device %s." +msgstr "Le périphérique %s ne supporte pas la suspension." -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Ceci n'est pas la clé du volume.\n" +#: lib/setup.c:3084 +#, c-format +msgid "Error during suspending device %s." +msgstr "Erreur lors de la suspension du périphérique %s." -#: lib/setup.c:1961 +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 #, c-format -msgid "Key slot %d is invalid.\n" -msgstr "L'emplacement de clé %d n'est pas valide.\n" +msgid "Volume %s is not suspended." +msgstr "Le volume %s n'est pas suspendu." -#: lib/setup.c:1966 +#: lib/setup.c:3146 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "L'emplacement de clé %d n'est pas utilisé.\n" +msgid "Resume is not supported for device %s." +msgstr "Le périphérique %s ne supporte pas la remise en service." -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, c-format -msgid "Device %s already exists.\n" -msgstr "Le périphérique %s existe déjà.\n" +msgid "Error during resuming device %s." +msgstr "Erreur lors de la remise en service du périphérique %s." -#: lib/setup.c:2171 -msgid "Incorrect volume key specified for plain device.\n" -msgstr "Clé de volume incorrecte pour le périphérique en clair.\n" +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +msgid "Volume key does not match the volume." +msgstr "Ceci n'est pas la clé du volume." -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" -msgstr "Hachage racine incorrect spécifié pour le périphérique verity.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Impossible d'ajouter un emplacement de clé, tous les emplacements sont désactivés et aucune clé n'a été fournie pour ce volume." -#: lib/setup.c:2227 -msgid "Device type is not properly initialised.\n" -msgstr "Type de périphérique non proprement initialisé.\n" +#: lib/setup.c:3483 +msgid "Failed to swap new key slot." +msgstr "Nouvel emplacement de clé impossible à échanger." -#: lib/setup.c:2259 +#: lib/setup.c:3669 #, c-format -msgid "Device %s is still in use.\n" -msgstr "Le périphérique %s est toujours occupé.\n" +msgid "Key slot %d is invalid." +msgstr "L'emplacement de clé %d n'est pas valide." -#: lib/setup.c:2268 +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 #, c-format -msgid "Invalid device %s.\n" -msgstr "Le périphérique %s n'est pas valide.\n" +msgid "Keyslot %d is not active." +msgstr "L'emplacement de clé %d n'est pas actif." -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "Fonction pas disponible en mode FIPS.\n" +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "L'en-tête du périphérique recouvre la zone de données." -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" -msgstr "Le tampon de la clé du volume est trop petit.\n" +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." +msgstr "Re-chiffrement en cours. Impossible d'activer le périphérique." -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" -msgstr "" -"Impossible de récupérer la clé du volume pour ce périphérique de type " -"« plain ».\n" +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 +msgid "Failed to get reencryption lock." +msgstr "Impossible d'obtenir le verrou de re-chiffrement." -#: lib/setup.c:2310 -#, c-format -msgid "This operation is not supported for %s crypt device.\n" -msgstr "Cette opération n'est pas possible pour le périphérique chiffré %s.\n" +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "La récupération du rechiffrement LUKS2 a échoué." -#: lib/setup.c:2506 -msgid "Dump operation is not supported for this device type.\n" -msgstr "" -"L'opération de vidage n'est pas supportée pour ce type de périphérique.\n" +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "Type de périphérique improprement initialisé." -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Impossible d'obtenir la priorité du processus.\n" +#: lib/setup.c:4171 +#, c-format +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "Impossible d'utiliser le périphérique %s, le nom est invalide ou est toujours utilisé." -#: lib/utils.c:258 -msgid "Cannot unlock memory.\n" -msgstr "Impossible de déverrouiller la mémoire.\n" +#: lib/setup.c:4174 +#, c-format +msgid "Device %s already exists." +msgstr "Le périphérique %s existe déjà." -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Plus assez de mémoire lors de la lecture de la phrase secrète.\n" +#: lib/setup.c:4296 +msgid "Incorrect volume key specified for plain device." +msgstr "Clé de volume incorrecte pour le périphérique en clair." -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Erreur de lecture de la phrase secrète depuis la console.\n" +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "Hachage racine incorrect spécifié pour le périphérique verity." -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Vérifiez la phrase secrète : " +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "Signature de hachage racine requise." -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Les phrases secrètes ne sont pas identiques.\n" +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." +msgstr "Le porte-clé du noyau est manquant : il est requis pour passer une signature au noyau." -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" -msgstr "Le décalage n'est pas possible si l'entrée provient de la console.\n" +#: lib/setup.c:4438 lib/setup.c:5915 +msgid "Failed to load key in kernel keyring." +msgstr "Impossible de charger la clé dans le porte-clé du noyau." -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 -msgid "Failed to open key file.\n" -msgstr "Impossible d'ouvrir le fichier de clef.\n" +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 +#, c-format +msgid "Device %s is still in use." +msgstr "Le périphérique %s est toujours occupé." + +#: lib/setup.c:4516 +#, c-format +msgid "Invalid device %s." +msgstr "Le périphérique %s n'est pas valide." -#: lib/utils_crypt.c:378 -msgid "Failed to stat key file.\n" -msgstr "Impossible d'exécuter « stat » sur le fichier de clef.\n" +#: lib/setup.c:4632 +msgid "Volume key buffer too small." +msgstr "Le tampon de la clé du volume est trop petit." -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" -msgstr "Impossible de sauter au décalage demandé dans le fichier de clé.\n" +#: lib/setup.c:4640 +msgid "Cannot retrieve volume key for plain device." +msgstr "Impossible de récupérer la clé du volume pour ce périphérique de type « plain »." -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" -msgstr "Erreur de lecture de la phrase secrète.\n" +#: lib/setup.c:4657 +msgid "Cannot retrieve root hash for verity device." +msgstr "Impossible de récupérer le hachage racine pour le périphérique verity." -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" -msgstr "Taille max. de fichier de clé dépassée.\n" +#: lib/setup.c:4659 +#, c-format +msgid "This operation is not supported for %s crypt device." +msgstr "Cette opération n'est pas possible pour le périphérique chiffré %s." -#: lib/utils_crypt.c:447 -msgid "Cannot read requested amount of data.\n" -msgstr "Impossible de lire la quantité de données demandée.\n" +#: lib/setup.c:4865 +msgid "Dump operation is not supported for this device type." +msgstr "L'opération de vidage n'est pas supportée pour ce type de périphérique." -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 +#: lib/setup.c:5190 #, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Le périphérique %s n'existe pas ou l'accès y est interdit.\n" +msgid "Data offset is not multiple of %u bytes." +msgstr "Le décalage des données n'est pas un multiple de %u octets." -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" -msgstr "" -"Impossible d'utiliser un périphérique loopback. Fonctionne comme un " -"utilisateur non-root.\n" +#: lib/setup.c:5475 +#, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Impossible de convertir le périphérique %s qui est toujours en cours d'utilisation." -#: lib/utils_device.c:433 -msgid "Cannot find a free loopback device.\n" -msgstr "Impossible de trouver un périphérique loopback libre.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "Échec de l'affectation de l'emplacement de clé %u pour la nouvelle clé de volume." -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" -"Impossible d'associer le périphérique loopback (le drapeau « autoclear » est " -"requis).\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "Échec de l'initialisation des paramètres par défaut des emplacement de clé LUKS2." -#: lib/utils_device.c:484 +#: lib/setup.c:5851 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" -msgstr "" -"Impossible d'utiliser le périphérique %s actuellement en usage (déjà mappé " -"ou monté).\n" +msgid "Failed to assign keyslot %d to digest." +msgstr "Échec de l'affectation de l'emplacement de clé %d aux résumé." -#: lib/utils_device.c:488 +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "Le porte-clé du noyau n'est pas supporté par ce noyau." + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 #, c-format -msgid "Cannot get info about device %s.\n" -msgstr "Impossible d'obtenir des informations au sujet du périphérique %s.\n" +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Échec lors de la lecture du mot de passe depuis le porte-clé (erreur %d)." + +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." +msgstr "Erreur lors de l'acquisition du verrou global de sérialisation des accès strictes à la mémoire" -#: lib/utils_device.c:494 +#: lib/utils.c:80 +msgid "Cannot get process priority." +msgstr "Impossible d'obtenir la priorité du processus." + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Impossible de déverrouiller la mémoire." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 +msgid "Failed to open key file." +msgstr "Impossible d'ouvrir le fichier de clef." + +#: lib/utils.c:173 +msgid "Cannot read keyfile from a terminal." +msgstr "Impossible de lire le fichier de clé depuis un terminal." + +#: lib/utils.c:190 +msgid "Failed to stat key file." +msgstr "Impossible d'exécuter « stat » sur le fichier de clef." + +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." +msgstr "Impossible de sauter au décalage demandé dans le fichier de clé." + +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +msgid "Out of memory while reading passphrase." +msgstr "Plus assez de mémoire lors de la lecture de la phrase secrète." + +#: lib/utils.c:248 +msgid "Error reading passphrase." +msgstr "Erreur de lecture de la phrase secrète." + +#: lib/utils.c:265 +msgid "Nothing to read on input." +msgstr "Rien à lire en entrée." + +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "Taille max. de fichier de clé dépassée." + +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." +msgstr "Impossible de lire la quantité de données demandée." + +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 #, c-format -msgid "Requested offset is beyond real size of device %s.\n" -msgstr "" -"Le décalage demandé est au delà de la taille réelle du périphérique %s.\n" +msgid "Device %s does not exist or access denied." +msgstr "Le périphérique %s n'existe pas ou l'accès y est interdit." -#: lib/utils_device.c:502 +#: lib/utils_device.c:197 #, c-format -msgid "Device %s has zero size.\n" -msgstr "Le périphérique %s a une taille nulle.\n" +msgid "Device %s is not compatible." +msgstr "Le périphérique %s n'est pas compatible." -#: lib/utils_device.c:513 +#: lib/utils_device.c:642 #, c-format -msgid "Device %s is too small.\n" -msgstr "Le périphérique %s est trop petit.\n" +msgid "Device %s is too small. Need at least % bytes." +msgstr "Le périphérique %s est trop petit. Il a besoin d'au moins % octets." -#: lib/luks1/keyencryption.c:37 +#: lib/utils_device.c:723 #, c-format -msgid "" -"Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" -msgstr "" -"Impossible de configurer la correspondance des clés dm-crypt du périphérique " -"%s.\n" -"Vérifiez que le noyau supporte le chiffrement %s (pour plus d'informations, " -"voir les journaux syslog).\n" +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "Impossible d'utiliser le périphérique %s actuellement utilisé (déjà mappé ou monté)." -#: lib/luks1/keyencryption.c:42 -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "" -"La taille de la clé en mode XTS doit être un multiple de 256 ou 512 bits.\n" +#: lib/utils_device.c:727 +#, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Impossible d'utiliser le périphérique %s, permission refusée." -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 +#: lib/utils_device.c:730 #, c-format -msgid "Cannot write to device %s, permission denied.\n" -msgstr "Impossible d'écrire sur le périphérique %s. Permission refusée.\n" +msgid "Cannot get info about device %s." +msgstr "Impossible d'obtenir des informations au sujet du périphérique %s." -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" -msgstr "" -"Échec lors de l'ouverture du périphérique de stockage temporaire de clés.\n" +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." +msgstr "Impossible d'utiliser un périphérique loopback. Fonctionne comme un utilisateur non-root." -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" -msgstr "Impossible d'accéder au périphérique de stockage temporaire de clé.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "Impossible d'associer le périphérique loopback (le drapeau « autoclear » est requis)." + +#: lib/utils_device.c:809 +#, c-format +msgid "Requested offset is beyond real size of device %s." +msgstr "Le décalage demandé est au delà de la taille réelle du périphérique %s." -#: lib/luks1/keyencryption.c:191 -msgid "IO error while encrypting keyslot.\n" -msgstr "Erreur E/S pendant le chiffrement de l'emplacement de clé.\n" +#: lib/utils_device.c:817 +#, c-format +msgid "Device %s has zero size." +msgstr "Le périphérique %s a une taille nulle." -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" -msgstr "Erreur E/S pendant le déchiffrement de l'emplacement de clé.\n" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "Le temps cible PBKDF demandé ne peut pas être zéro." -#: lib/luks1/keymanage.c:90 +#: lib/utils_pbkdf.c:106 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" -msgstr "" -"Le périphérique %s est trop petit (LUKS a besoin d'au moins % " -"octets).\n" +msgid "Unknown PBKDF type %s." +msgstr "Type PBKDF %s inconnu." -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/utils_pbkdf.c:111 #, c-format -msgid "Device %s is not a valid LUKS device.\n" -msgstr "%s n'est pas un périphérique LUKS valide.\n" +msgid "Requested hash %s is not supported." +msgstr "L'algorithme de hachage %s demandé n'est pas supporté." + +#: lib/utils_pbkdf.c:122 +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Le type PBKDF demandé n'est pas supporté par LUKS1." + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "La mémoire maximum ou les threads parallèles de PBKDF ne peuvent pas être définis avec pbkdf2." -#: lib/luks1/keymanage.c:198 +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 #, c-format -msgid "Requested header backup file %s already exists.\n" -msgstr "Le fichier de sauvegarde d'en-tête demandé %s existe déjà.\n" +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "Le nombre d'itérations forcées est trop petit pour %s (le minimum est %u)." -#: lib/luks1/keymanage.c:200 +#: lib/utils_pbkdf.c:148 #, c-format -msgid "Cannot create header backup file %s.\n" -msgstr "Impossible de créer le fichier de sauvegarde d'en-tête %s.\n" +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "Le coût de la mémoire forcé est trop petit pour %s (le minimum est %u kilooctets)." -#: lib/luks1/keymanage.c:205 +#: lib/utils_pbkdf.c:155 #, c-format -msgid "Cannot write header backup file %s.\n" -msgstr "Impossible d'écrire le fichier de sauvegarde d'en-tête %s.\n" +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "Le coût de la mémoire PBKDF maximum demandée est trop grand (maximum est %d kilooctets)." -#: lib/luks1/keymanage.c:239 -msgid "Backup file doesn't contain valid LUKS header.\n" -msgstr "Le fichier de sauvegarde ne contient pas d'en-tête LUKS valide.\n" +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "La mémoire PBKDF maximum demandée ne peut pas être zéro." -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "Le nombre de threads parallèles PBKDF demandé ne peut pas être zéro." + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "Seul PBKDF2 est supporté en mode FIPS." + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "L'étalon PBKDF est désactivé mais les itérations ne sont pas définies." + +#: lib/utils_benchmark.c:191 #, c-format -msgid "Cannot open header backup file %s.\n" -msgstr "Impossible d'ouvrir le fichier de sauvegarde d'en-tête %s.\n" +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Options PBKDF2 incompatibles (en utilisant l'algorithme de hachage %s)." + +#: lib/utils_benchmark.c:211 +msgid "Not compatible PBKDF options." +msgstr "Options PBKDF incompatibles." -#: lib/luks1/keymanage.c:258 +#: lib/utils_device_locking.c:102 #, c-format -msgid "Cannot read header backup file %s.\n" -msgstr "Impossible de lire le fichier de sauvegarde d'en-tête %s.\n" +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisable (pas un répertoire ou est manquant)." -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Le décalage des données (« offset ») ou la taille de la clé ne sont pas " -"identiques dans le périphérique et la sauvegarde. La restauration a " -"échouée.\n" +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "ATTENTION: Le répertoire verrou %s/%s est manquant !\n" -#: lib/luks1/keymanage.c:277 +#: lib/utils_device_locking.c:119 #, c-format -msgid "Device %s %s%s" -msgstr "Périphérique %s %s%s" +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisable (%s n'est pas un répertoire)." -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"ne contient pas d'en-tête LUKS. Remplacer l'en-tête peut détruire les " -"données de ce périphérique." +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +msgid "Cannot seek to device offset." +msgstr "Impossible de se déplacer au décalage du périphérique." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"contient déjà un en-tête LUKS. Remplacer l'en-tête détruira les emplacements " -"de clés actuels." +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "Erreur durant l'effacement total, offset %" -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keyencryption.c:39 +#, c-format msgid "" -"\n" -"WARNING: real device header has different UUID than backup!" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." msgstr "" -"\n" -"ATTENTION : l'en-tête du périphérique a un UUID différent de celui de la " -"sauvegarde !" +"Impossible de configurer la correspondance des clés dm-crypt du périphérique %s.\n" +"Vérifiez que le noyau supporte le chiffrement %s (pour plus d'informations, voir les journaux syslog)." -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Impossible d'ouvrir le périphérique %s.\n" +#: lib/luks1/keyencryption.c:44 +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "La taille de la clé en mode XTS doit être un multiple de 256 ou 512 bits." -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" -msgstr "Taille de clé non standard. Réparation manuelle requise.\n" +# Frédéric: Je laisse iv (initialisation vector) sous cette forme car elle est plus habituelle que vi +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "La spécification du chiffrement devrait être au format [chiffrement]-[mode]-[iv]." -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" -"Alignement non standard des emplacements de clé. Réparation manuelle " -"requise.\n" +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 +#, c-format +msgid "Cannot write to device %s, permission denied." +msgstr "Impossible d'écrire sur le périphérique %s. Permission refusée." + +#: lib/luks1/keyencryption.c:120 +msgid "Failed to open temporary keystore device." +msgstr "Échec lors de l'ouverture du périphérique de stockage temporaire de clés." + +#: lib/luks1/keyencryption.c:127 +msgid "Failed to access temporary keystore device." +msgstr "Impossible d'accéder au périphérique de stockage temporaire de clés." + +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 +msgid "IO error while encrypting keyslot." +msgstr "Erreur E/S pendant le chiffrement de l'emplacement de clé." + +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, c-format +msgid "Cannot open device %s." +msgstr "Impossible d'ouvrir le périphérique %s." -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" -msgstr "Réparation des emplacements de clé.\n" +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." +msgstr "Erreur E/S pendant le déchiffrement de l'emplacement de clé." -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." -msgstr "Échec de la réparation." +#: lib/luks1/keymanage.c:110 +#, c-format +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" +msgstr "Le périphérique %s est trop petit (LUKS1 a besoin d'au moins % octets)." -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "L'emplacement de clé LUKS %u n'est pas valide." + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" -msgstr "Emplacement de clé %i : décalage réparé (%u -> %u).\n" +msgid "Device %s is not a valid LUKS device." +msgstr "%s n'est pas un périphérique LUKS valide." -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" -msgstr "Emplacement de clé %i : bandes réparées (%u -> %u).\n" +msgid "Requested header backup file %s already exists." +msgstr "Le fichier de sauvegarde d'en-tête demandé %s existe déjà." -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" -msgstr "Emplacement de clé %i : signature de partition contrefaite.\n" +msgid "Cannot create header backup file %s." +msgstr "Impossible de créer le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 #, c-format -msgid "Keyslot %i: salt wiped.\n" -msgstr "Emplacement de clé %i : aléa effacé.\n" +msgid "Cannot write header backup file %s." +msgstr "Impossible d'écrire le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:396 -msgid "Writing LUKS header to disk.\n" -msgstr "Écriture de l'en-tête LUKS sur le disque.\n" +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 +msgid "Backup file does not contain valid LUKS header." +msgstr "Le fichier de sauvegarde ne contient pas d'en-tête LUKS valide." -#: lib/luks1/keymanage.c:421 +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 #, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "La version %d de LUKS n'est pas supportée.\n" +msgid "Cannot open header backup file %s." +msgstr "Impossible d'ouvrir le fichier de sauvegarde d'en-tête %s." -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 #, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "L'algorithme de hachage LUKS demandé (%s) n'est pas supporté.\n" +msgid "Cannot read header backup file %s." +msgstr "Impossible de lire le fichier de sauvegarde d'en-tête %s." + +#: lib/luks1/keymanage.c:317 +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Le décalage des données (« offset ») ou la taille de la clé ne sont pas identiques dans le périphérique et la sauvegarde. La restauration a échouée." -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:325 #, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "L'emplacement de clé LUKS %u n'est pas valide.\n" +msgid "Device %s %s%s" +msgstr "Périphérique %s %s%s" -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" -msgstr "Aucun problème connu détecté pour l'en-tête LUKS.\n" +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "ne contient pas d'en-tête LUKS. Remplacer l'en-tête peut détruire les données de ce périphérique." -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "contient déjà un en-tête LUKS. Remplacer l'en-tête détruira les emplacements de clés actuels." + +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 +msgid "" +"\n" +"WARNING: real device header has different UUID than backup!" msgstr "" -"Erreur lors de la mise à jour de l'en-tête LUKS sur le périphérique %s.\n" +"\n" +"ATTENTION : l'en-tête du périphérique a un UUID différent de celui de la sauvegarde !" + +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." +msgstr "Taille de clé non standard. Réparation manuelle requise." + +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." +msgstr "Alignement non standard des emplacements de clé. Réparation manuelle requise." + +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." +msgstr "Réparation des emplacements de clé." -#: lib/luks1/keymanage.c:603 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Erreur lors de la relecture de l'en-tête LUKS après la mise à jour sur le " -"périphérique %s.\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." +msgstr "Emplacement de clé %i : décalage réparé (%u -> %u)." -#: lib/luks1/keymanage.c:654 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" -msgstr "" -"L'offset des données d'un en-tête LUKS détachés doit être soit 0 ou soit " -"plus grand que la taille de l'en-tête (%d secteurs).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." +msgstr "Emplacement de clé %i : bandes réparées (%u -> %u)." + +#: lib/luks1/keymanage.c:426 +#, c-format +msgid "Keyslot %i: bogus partition signature." +msgstr "Emplacement de clé %i : signature de partition contrefaite." + +#: lib/luks1/keymanage.c:431 +#, c-format +msgid "Keyslot %i: salt wiped." +msgstr "Emplacement de clé %i : aléa effacé." -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 -msgid "Wrong LUKS UUID format provided.\n" -msgstr "Mauvais format fourni pour le UUID LUKS.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "Écriture de l'en-tête LUKS sur le disque." -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" -msgstr "" -"Impossible de créer un en-tête LUKS : échec lors de la lecture de l'aléa.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "Échec de la réparation." -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "" -"Options PBKDF2 incompatibles (en utilisant l'algorithme de hachage %s).\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "L'algorithme de hachage LUKS demandé (%s) n'est pas supporté." + +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." +msgstr "Aucun problème connu détecté pour l'en-tête LUKS." -#: lib/luks1/keymanage.c:717 +#: lib/luks1/keymanage.c:660 #, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Impossible de créer un en-tête LUKS : le résumé (« digest ») de l'en-tête a " -"échoué (en utilisant l'algorithme de hachage %s).\n" +msgid "Error during update of LUKS header on device %s." +msgstr "Erreur lors de la mise à jour de l'en-tête LUKS sur le périphérique %s." + +#: lib/luks1/keymanage.c:668 +#, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Erreur lors de la relecture de l'en-tête LUKS après la mise à jour sur le périphérique %s." + +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." +msgstr "L'offset des données d'un en-tête LUKS doit être soit 0 ou soit plus grand que la taille de l'en-tête." -#: lib/luks1/keymanage.c:782 +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 +msgid "Wrong LUKS UUID format provided." +msgstr "Mauvais format fourni pour le UUID LUKS." + +#: lib/luks1/keymanage.c:778 +msgid "Cannot create LUKS header: reading random salt failed." +msgstr "Impossible de créer un en-tête LUKS : échec lors de la lecture de l'aléa." + +#: lib/luks1/keymanage.c:804 #, c-format -msgid "Key slot %d active, purge first.\n" -msgstr "L'emplacement de clé %d est activé, effacez le d'abord.\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Impossible de créer un en-tête LUKS : le résumé (« digest ») de l'en-tête a échoué (en utilisant l'algorithme de hachage %s)." -#: lib/luks1/keymanage.c:788 +#: lib/luks1/keymanage.c:848 #, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Le matériel de l'emplacement de clé %d a trop peu de bandes. L'en-tête a-t-" -"il été modifié ?\n" +msgid "Key slot %d active, purge first." +msgstr "L'emplacement de clé %d est activé, effacez le d'abord." -#: lib/luks1/keymanage.c:950 +#: lib/luks1/keymanage.c:854 #, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Emplacement de clé %d déverrouillé.\n" +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Le matériel de l'emplacement de clé %d a trop peu de bandes. L'en-tête a-t-il été modifié ?" -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Aucune clé disponible avec cette phrase secrète.\n" +#: lib/luks1/keymanage.c:990 +#, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Impossible d'ouvrir l'emplacement de clé (en utilisant le hachage %s)." -#: lib/luks1/keymanage.c:1003 +#: lib/luks1/keymanage.c:1066 #, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" -msgstr "" -"L'emplacement de clé %d n'est pas valide, merci de sélectionner un " -"emplacement entre 0 et %d.\n" +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." +msgstr "L'emplacement de clé %d n'est pas valide, merci de sélectionner un emplacement entre 0 et %d." -#: lib/luks1/keymanage.c:1021 +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 #, c-format -msgid "Cannot wipe device %s.\n" -msgstr "Impossible d'effacer de façon sécurisée le périphérique %s.\n" +msgid "Cannot wipe device %s." +msgstr "Impossible d'effacer de façon sécurisée le périphérique %s." #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" -msgstr "Fichier de clé GPG chiffré détecté mais pas encore supporté.\n" +msgid "Detected not yet supported GPG encrypted keyfile." +msgstr "Fichier de clé GPG chiffré détecté mais pas encore supporté." #: lib/loopaes/loopaes.c:147 msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" -msgstr "" -"SVP utilisez gpg --decrypt | cryptsetup --keyfile=-...\n" +msgstr "SVP utilisez gpg --decrypt | cryptsetup --keyfile=-...\n" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" -msgstr "Fichier de clé incompatible pour boucle « loop-AES ».\n" +msgid "Incompatible loop-AES keyfile detected." +msgstr "Fichier de clé incompatible pour boucle « loop-AES »." -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" -msgstr "" -"Le noyau ne supporte pas les associations de type boucle « loop-AES ».\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." +msgstr "Le noyau ne supporte pas les associations de type boucle « loop-AES »." -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, c-format -msgid "Error reading keyfile %s.\n" -msgstr "Erreur lors de la lecture du fichier de clé %s.\n" +msgid "Error reading keyfile %s." +msgstr "Erreur lors de la lecture du fichier de clé %s." -#: lib/tcrypt/tcrypt.c:513 +#: lib/tcrypt/tcrypt.c:554 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" -msgstr "Longueur maximum de la phrase secrète TCRYPT (%d) dépassée.\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." +msgstr "Longueur maximum de la phrase secrète TCRYPT (%zu) dépassée." -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" -msgstr "L'algorithme de hachage PBKDF2 %s n'est pas supporté, ignoré.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." +msgstr "L'algorithme de hachage PBKDF2 %s n'est pas supporté, ignoré." -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" -msgstr "" -"L'interface du noyau requise pour le chiffrement n'est pas disponible.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." +msgstr "L'interface du noyau requise pour le chiffrement n'est pas disponible." -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" -msgstr "Vérifiez que le module du noyau algif_skcipher est chargé.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." +msgstr "Vérifiez que le module du noyau algif_skcipher est chargé." -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, c-format -msgid "Activation is not supported for %d sector size.\n" -msgstr "L'activation n'est pas supportée pour des secteurs de taille %d.\n" +msgid "Activation is not supported for %d sector size." +msgstr "L'activation n'est pas supportée pour des secteurs de taille %d." -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" -msgstr "" -"Le noyau ne supporte pas l'activation pour ce mode TCRYPT historique.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." +msgstr "Le noyau ne supporte pas l'activation pour ce mode TCRYPT historique." -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" -msgstr "Activation du chiffrement du système TCRYPT sur la partition %s.\n" +msgid "Activating TCRYPT system encryption for partition %s." +msgstr "Activation du chiffrement du système TCRYPT sur la partition %s." -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" -msgstr "Le noyau ne supporte pas les associations de type TCRYPT.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." +msgstr "Le noyau ne supporte pas les associations de type TCRYPT." -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 msgid "This function is not supported without TCRYPT header load." -msgstr "" -"Cette fonction n'est pas supportée sans le chargement de l'en-tête TCRYPT." +msgstr "Cette fonction n'est pas supportée sans le chargement de l'en-tête TCRYPT." + +#: lib/bitlk/bitlk.c:333 +#, c-format +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." +msgstr "Un type d'entrée « %u » inattendu a été trouvé dans la méta-donnée en analysant la Clé Maître du Volume supportée." -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "Chaîne texte invalide rencontrée en analysant la Clé Maître du Volume." + +#: lib/bitlk/bitlk.c:385 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" -msgstr "Le périphérique verity %s n'utilise pas l'en-tête sur le disque.\n" +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "Chaîne texte (« %s ») inattendue rencontrée en analysant la Clé Maître du Volume supportée." -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:399 #, c-format -msgid "Device %s is not a valid VERITY device.\n" -msgstr "Le périphérique %s n'est pas un périphérique VERITY valable.\n" +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "La valeur « %u » pour l'entrée de la méta-donnée est inattendue en analysant la Clé Maître du Volume supportée." -#: lib/verity/verity.c:101 +#: lib/bitlk/bitlk.c:479 #, c-format -msgid "Unsupported VERITY version %d.\n" -msgstr "La version VERITY %d n'est pas supportée.\n" +msgid "Failed to read BITLK signature from %s." +msgstr "Impossible de lire la signature BITLK depuis %s." + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "La version 1 de BITLK n'est actuellement pas supportée." -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" -msgstr "En-tête VERITY corrompu.\n" +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "Signature d'amorce invalide ou inconnue pour le périphérique BITLK." -#: lib/verity/verity.c:166 +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "Signature invalide ou inconnue pour le périphérique BITLK." + +#: lib/bitlk/bitlk.c:510 #, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" -msgstr "Mauvais format d'UUID VERITY fourni sur le périphérique %s.\n" +msgid "Unsupported sector size %." +msgstr "Taille de secteur % non supportée." -#: lib/verity/verity.c:196 +#: lib/bitlk/bitlk.c:518 #, c-format -msgid "Error during update of verity header on device %s.\n" -msgstr "" -"Erreur lors de la mise à jour de l'en-tête verity sur le périphérique %s.\n" +msgid "Failed to read BITLK header from %s." +msgstr "Impossible de lire l'en-tête BITLK depuis %s." -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" -msgstr "Le noyau ne supporte pas les associations de type dm-verity.\n" +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "Impossible de lire les méta-données BITLK FVE depuis %s." -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" -msgstr "Le périphérique verity a détecté une corruption après l'activation.\n" +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "Type de chiffrement inconnu ou non supporté." -#: lib/verity/verity_hash.c:59 +#: lib/bitlk/bitlk.c:627 #, c-format -msgid "Spare area is not zeroed at position %.\n" -msgstr "La zone de réserve n'a pas été mise à zéro à la positon %.\n" +msgid "Failed to read BITLK metadata entries from %s." +msgstr "Impossible de lire les entrées des méta-données de BITLK depuis %s." -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" -msgstr "Débordement du décalage du périphérique.\n" +#: lib/bitlk/bitlk.c:921 +msgid "This operation is not supported." +msgstr "Cette opération n'est pas supportée." -#: lib/verity/verity_hash.c:161 -#, c-format -msgid "Verification failed at position %.\n" -msgstr "La vérification a échoué à la position %.\n" +#: lib/bitlk/bitlk.c:929 +msgid "Wrong key size." +msgstr "Mauvaise taille de clé." -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" -msgstr "Mauvais paramètres de taille pour le périphérique verity.\n" +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "Ce périphérique BITLK est dans un état non supporté et ne peut pas être activé." -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" -msgstr "Trop de niveaux dans l'arborescence du volume verity.\n" +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "Les périphériques BITLK avec le type « %s » ne peuvent pas être activés." -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" -msgstr "La vérification de la zone de données a échoué.\n" +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "L'activation d'un périphérique BITLK partiellement déchiffré n'est pas supporté." -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" -msgstr "La vérification du hachage de la racine a échoué.\n" +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas BITLK IV." -#: lib/verity/verity_hash.c:365 -msgid "Input/output error while creating hash area.\n" -msgstr "Erreur d'entrée/sortie lors de la création de la zone de hachage.\n" +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas le diffuseur BITLK Elephant." -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" -msgstr "La création de la zone de hachage a échoué.\n" +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "Le périphérique verity %s n'utilise pas l'en-tête sur le disque." -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity.c:90 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" -msgstr "" -"ATTENTION : Le kernel ne peut pas activer le périphérique si la taille des " -"blocs de données dépasse la taille d'une page (%u).\n" +msgid "Device %s is not a valid VERITY device." +msgstr "Le périphérique %s n'est pas un périphérique VERITY valable." -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "" -"Impossible de vérifier une phrase secrète non saisie sur une console.\n" +#: lib/verity/verity.c:97 +#, c-format +msgid "Unsupported VERITY version %d." +msgstr "La version VERITY %d n'est pas supportée." -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." +msgstr "En-tête VERITY corrompu." -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" -msgstr "" -"ATTENTION: Le paramètre --hash est ignoré en mode non chiffré quand le " -"fichier de clé est spécifié.\n" +#: lib/verity/verity.c:165 +#, c-format +msgid "Wrong VERITY UUID format provided on device %s." +msgstr "Mauvais format d'UUID VERITY fourni sur le périphérique %s." -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" -msgstr "" -"ATTENTION: L'option --keyfile-size est ignorée. La taille de lecture est la " -"même que la taille de la clé de chiffrement.\n" +#: lib/verity/verity.c:198 +#, c-format +msgid "Error during update of verity header on device %s." +msgstr "Erreur lors de la mise à jour de l'en-tête verity sur le périphérique %s." -#: src/cryptsetup.c:218 -msgid "Option --key-file is required.\n" -msgstr "L'option --key-file est requise.\n" +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "La vérification de la signature du hachage racine n'est pas supportée." -#: src/cryptsetup.c:267 -msgid "No device header detected with this passphrase.\n" -msgstr "Aucun en-tête détecté avec cette phrase secrète sur le périphérique.\n" +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "Les erreurs ne savent pas être réparées avec un périphérique FEC." -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." -msgstr "" -"Le contenu de l'en-tête avec la clé de volume est une information\n" -"sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n" -"Ce contenu devrait toujours être stocké, chiffré, en lieu sûr." +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "%u erreurs réparables ont été trouvées avec le périphérique FEC." -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" -msgstr "Le résultat de l'évaluation de performance n'est pas fiable.\n" +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." +msgstr "Le noyau ne supporte pas les associations de type dm-verity." -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" -msgstr "" -"# Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/" -"S).\n" +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "Le noyau ne supporte pas les options de signature dm-verity." -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" -msgstr "# Algorithme | Clé | Chiffrement | Déchiffrement\n" +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." +msgstr "Le périphérique verity a détecté une corruption après l'activation." -#: src/cryptsetup.c:587 +#: lib/verity/verity_hash.c:59 #, c-format -msgid "Cipher %s is not available.\n" -msgstr "Le chiffrement %s n'est pas disponible.\n" +msgid "Spare area is not zeroed at position %." +msgstr "La zone de réserve n'a pas été mise à zéro à la positon %." -#: src/cryptsetup.c:614 -msgid "N/A" -msgstr "N/D" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." +msgstr "Débordement du décalage du périphérique." -#: src/cryptsetup.c:639 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Impossible de lire le fichier de clé %s.\n" +msgid "Verification failed at position %." +msgstr "La vérification a échoué à la position %." + +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." +msgstr "Mauvais paramètres de taille pour le périphérique verity." + +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." +msgstr "Débordement de la zone de hachage." -#: src/cryptsetup.c:643 +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." +msgstr "La vérification de la zone de données a échoué." + +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." +msgstr "La vérification du hachage de la racine a échoué." + +#: lib/verity/verity_hash.c:384 +msgid "Input/output error while creating hash area." +msgstr "Erreur d'entrée/sortie lors de la création de la zone de hachage." + +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." +msgstr "La création de la zone de hachage a échoué." + +#: lib/verity/verity_hash.c:433 #, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Échec à la lecture de %d octets du fichier de clé %s.\n" +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." +msgstr "ATTENTION : Le kernel ne peut pas activer le périphérique si la taille des blocs de données dépasse la taille d'une page (%u)." -#: src/cryptsetup.c:672 -msgid "Really try to repair LUKS device header?" -msgstr "Réellement essayer de réparer l'en-tête du périphérique LUKS ?" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "Échec de l'allocation du contexte RS." -#: src/cryptsetup.c:697 +#: lib/verity/verity_fec.c:146 +msgid "Failed to allocate buffer." +msgstr "Échec de l'allocation du tampon." + +#: lib/verity/verity_fec.c:156 #, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Cette action écrasera définitivement les données sur %s." +msgid "Failed to read RS block % byte %d." +msgstr "Échec de lecture du bloc RS % octet %d." -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "erreur d'allocation de mémoire dans action_luksFormat" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." +msgstr "Échec de la lecture de la parité du bloc RS %." -#: src/cryptsetup.c:717 +#: lib/verity/verity_fec.c:177 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "Ne peut utiliser %s comme en-tête sur disque.\n" +msgid "Failed to repair parity for block %." +msgstr "Échec de la réparation de la parité du bloc %." -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" -msgstr "" -"Décalage réduit de données est uniquement permis dans un en-tête LUKS " -"détaché.\n" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." +msgstr "Échec de l'écriture de la parité du bloc RS %." -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." +msgstr "Les tailles des blocs doivent concorder pour FEC." + +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." +msgstr "Nombre d'octets de parité invalide." + +#: lib/verity/verity_fec.c:265 #, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "Emplacement de clé %d sélectionné pour suppression.\n" +msgid "Failed to determine size for device %s." +msgstr "Impossible de déterminer la taille du périphérique %s." + +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." +msgstr "Le noyau ne supporte pas les associations de type dm-integrity." + +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "Le noyau ne supporte pas les alignements de méta-données fixés de dm-integrity." -#: src/cryptsetup.c:884 +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "La clé %d n'est pas active. Impossible de l'effacer.\n" +msgid "Failed to acquire write lock on device %s." +msgstr "Impossible d'acquérir un verrou en écriture sur le périphérique %s." -#: src/cryptsetup.c:892 src/cryptsetup.c:940 +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "Tentative détectée de mettre à jour les métadonnées LUKS2 de manière concurrent. L'opération est abandonnée." + +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." msgstr "" -"Ceci est le dernier emplacement de clé. Le périphérique sera inutilisable " -"après la suppression de cette clé." - -#: src/cryptsetup.c:893 -msgid "Enter any remaining passphrase: " -msgstr "Entrez toute phrase secrète restante : " +"Le périphérique contient une signature ambigüe, impossible de récupérer automatiquement LUKS2.\n" +"Veuillez exécuter « cryptsetup repair » pour la récupération." -#: src/cryptsetup.c:921 -msgid "Enter passphrase to be deleted: " -msgstr "Entrez la phrase secrète à effacer : " +#: lib/luks2/luks2_json_format.c:227 +msgid "Requested data offset is too small." +msgstr "Le décalage de données demandé est trop petit." -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Enter any existing passphrase: " -msgstr "Entrez une phrase de passe existante : " +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" +msgstr "ATTENTION: la zone des emplacements de clés (% octets) est très petite, le nombre d'emplacements de clés LUKS2 est très limité.\n" -#: src/cryptsetup.c:1052 -msgid "Enter passphrase to be changed: " -msgstr "Entrez la phrase secrète à changer : " +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 +#, c-format +msgid "Failed to acquire read lock on device %s." +msgstr "Impossible d'acquérir le verrou de lecture sur le périphérique %s." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 -msgid "Enter new passphrase: " -msgstr "Entrez la nouvelle phrase secrète : " +#: lib/luks2/luks2_json_metadata.c:1167 +#, c-format +msgid "Forbidden LUKS2 requirements detected in backup %s." +msgstr "Des exigences LUKS2 interdites ont été détectées dans la sauvegarde %s." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" -msgstr "L'opération isLuks supporte seulement un périphérique en argument.\n" +#: lib/luks2/luks2_json_metadata.c:1208 +msgid "Data offset differ on device and backup, restore failed." +msgstr "Les décalages des données ne sont pas identiques sur le périphérique et la sauvegarde, la restauration a échoué." -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "L'option --header-backup-file est requise.\n" +#: lib/luks2/luks2_json_metadata.c:1214 +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Les en-têtes binaires avec des tailles de zones d'emplacements de clés sont différents sur le périphérique et la sauvegarde, la restauration a échouée." -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:1221 #, c-format -msgid "Unrecognized metadata device type %s.\n" -msgstr "Type de métadonnée du périphérique %s non reconnu.\n" +msgid "Device %s %s%s%s%s" +msgstr "Périphérique %s %s%s%s%s" + +#: lib/luks2/luks2_json_metadata.c:1222 +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "ne contient pas d'en-tête LUKS2. Remplacer l'en-tête peut détruire les données de ce périphérique." -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" +#: lib/luks2/luks2_json_metadata.c:1223 +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "contient déjà un en-tête LUKS2. Remplacer l'en-tête détruira les emplacements de clés actuels." + +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -"La commande exige un périphérique et un nom de correspondance comme " -"arguments.\n" +"\n" +"ATTENTION: des exigences LUKS2 inconnues ont été détectées sur l'en-tête du périphérique réel !\n" +"Remplacer l'en-tête par la sauvegarde peut corrompre les données sur ce périphérique !" -#: src/cryptsetup.c:1326 -#, c-format +#: lib/luks2/luks2_json_metadata.c:1227 msgid "" -"This operation will erase all keyslots on device %s.\n" -"Device will become unusable after this operation." +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." msgstr "" -"Cette opération va supprimer tous les emplacements de clés du périphérique " -"%s.\n" -"Le périphérique sera inutilisable après cette opération." +"\n" +"ATTENTION: Un rechiffrement hors-ligne non terminé a été détecté sur le périphérique !\n" +"Remplacer l'en-tête par la sauvegarde peut corrompre les données." -#: src/cryptsetup.c:1360 -msgid " [--type ] []" -msgstr " [--type ] []" +#: lib/luks2/luks2_json_metadata.c:1323 +#, c-format +msgid "Ignored unknown flag %s." +msgstr "Fanion inconnu %s ignoré." -#: src/cryptsetup.c:1360 -msgid "open device as mapping " -msgstr "ouvrir un périphérique avec comme « mapping »" +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" +msgstr "Clé manquante pour le segment %u de dm-crypt" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +msgid "Failed to set dm-crypt segment." +msgstr "Impossible de définir le segment dm-crypt." -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" -msgstr "fermeture du périphérique (supprime le « mapping »)" +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +msgid "Failed to set dm-linear segment." +msgstr "Impossible de définir le segment dm-linear." -#: src/cryptsetup.c:1362 +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "Configuration d'intégrité du périphérique non supportée." + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "Re-chiffrement en cours. Le périphérique ne peut être désactivé." + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "Échec du remplacement du périphérique suspendu %s avec la cible dm-error." + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "Échec lors de la lecture des exigences LUKS2." + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "Des exigences LUKS2 non rencontrées ont été détectées." + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement historique. Abandon." + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement LUKS2. Abandon." + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "Pas assez de mémoire disponible pour ouvrir l'emplacement de clé." + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +msgid "Keyslot open failed." +msgstr "Échec de l'ouverture de l'emplacement de clé." + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "Impossible d'utiliser le chiffrement %s-%s pour le chiffrement de l'emplacement de clé" + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "Plus d'espace pour le nouvel emplacement de clé." + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "Ne peut vérifier le statut du périphérique avec le uuid : %s." + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "Impossible de convertir un en-tête avec des métadonnées LUKSMETA supplémentaires." + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "Impossible de déplacer la zone des emplacements de clés. Pas assez d'espace." + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "Impossible de déplacer la zone des emplacements de clés. Les emplacements de clés LULS2 sont trop petits." + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "Impossible de déplacer la zone des emplacements de clés." + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "Impossible de convertir au format LUKS1 – la taille du secteur de chiffrement du segment par défaut n'est pas 512 octets." + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "Impossible de convertir au format LUKS1 – les résumés des emplacements de clés ne sont pas compatibles avec LUKS1." + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "Impossible de convertir au format LUKS1 – le périphérique utilise des clés de chiffrement %s emballées." + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "Impossible de convertir au format LUKS1 – l'en-tête LUKS2 contient %u jeton(s)." + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "Impossible de convertir au format LUKS1 – l'emplacement de clé %u est dans un état invalide." + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "Impossible de convertir au format LUKS1 – l'emplacement %u (sur les emplacements maximum) est toujours actif." + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "Impossible de convertir au format LUKS1 – l'emplacement de clé %u n'est pas compatible avec LUKS1." + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "La taille de la zone chaude doit être un multiple de l'alignement de zone calculé (%zu octets)." + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "La taille du périphérique doit être un multiple de l'alignement de zone calculé (%zu octets)." + +#: lib/luks2/luks2_reencrypt.c:941 +#, c-format +msgid "Unsupported resilience mode %s" +msgstr "Mode de résilience %s non supporté" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +msgid "Failed to initialize old segment storage wrapper." +msgstr "Impossible d'initialiser l'encapsulation pour le stockage de l'ancien segment." + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +msgid "Failed to initialize new segment storage wrapper." +msgstr "Impossible d'initialiser l'encapsulation pour le stockage du nouveau segment." + +#: lib/luks2/luks2_reencrypt.c:1340 +msgid "Failed to read checksums for current hotzone." +msgstr "Impossible de lire les sommes de contrôle pour la zone chaude actuelle." + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "Échec de la lecture de la zone chaude démarrant à %." + +#: lib/luks2/luks2_reencrypt.c:1366 +#, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Échec lors du déchiffrement du secteur %zu." + +#: lib/luks2/luks2_reencrypt.c:1372 +#, c-format +msgid "Failed to recover sector %zu." +msgstr "Échec lors de la récupération du secteur %zu." + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "Les tailles des périphériques source et cible ne correspondent pas. Source %, cible: %." + +#: lib/luks2/luks2_reencrypt.c:1965 +#, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Échec de l'activation du périphérique de zone chaude %s." + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "Impossible d'activer le périphérique de surcouche %s avec la table d'origine actuelle." + +#: lib/luks2/luks2_reencrypt.c:1989 +#, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Impossible de charger la nouvelle cartographie du périphérique %s." + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "Impossible de rafraîchir la pile des périphériques de rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:2216 +msgid "Failed to set new keyslots area size." +msgstr "Impossible de définir la taille de la nouvelle zone des emplacements de clés." + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "Le décalage de données n'est pas aligné sur la taille de secteur de chiffrement demandée (% octets)." + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "Le périphérique de données n'est pas aligné sur la taille de secteur de chiffrement demandée (% octets)." + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "Le décalage de données (% secteurs) est plus petit que le décalage de données future (% secteurs)." + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "Erreur lors de l'ouverture de %s en mode exclusif (déjà mappé ou monté)." + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "Le périphérique n'est pas marqué pour le rechiffrement LUKS2." + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "Échec du chargement du contexte de rechiffrement LUKS2" + +#: lib/luks2/luks2_reencrypt.c:2619 +msgid "Failed to get reencryption state." +msgstr "Impossible d'obtenir l'état de rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:2623 +msgid "Device is not in reencryption." +msgstr "Le périphérique n'est pas en rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "Le rechiffrement est déjà en cours." + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "Impossible d'acquérir le verrou de rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "Impossible de réaliser le rechiffrement. Exécutez d'abord la récupération du rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "La taille du périphérique actif et la taille de rechiffrement demandée ne correspondent pas." + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "Taille de périphérique illégale demandée dans les paramètres de rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "Rechiffrement en cours. La récupération ne peut pas être réalisée." + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "Rechiffrement LUKS2 déjà initialisé dans les métadonnées." + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "Échec de l'initialisation du rechiffrement LUKS2 dans les métadonnées." + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "Impossible de définir les segments du périphérique pour le rechiffrement suivant de la zone chaude." + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "Échec lors de l'écriture des métadonnées de la résilience du rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "Échec du déchiffrement." + +#: lib/luks2/luks2_reencrypt.c:3058 +#, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Échec de l'écriture de la zone chaude démarrant à %." + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "Erreur lors de la synchronisation des données." + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "Échec de la mise à jour des métadonnées après la fin du rechiffrement de la zone chaude courante." + +#: lib/luks2/luks2_reencrypt.c:3138 +msgid "Failed to write LUKS2 metadata." +msgstr "Échec lors de l'écriture des métadonnées LUKS2" + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "Échec lors de l'effacement des données du segment de sauvegarde." + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "Impossible de désactiver le fanion de demande de rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "Erreur fatale en rechiffrant le morceau commençant à % d'une longueur de % secteurs." + +# Frédéric: Je n'ai pas la moindre idée de ce que le développeur a voulu écrire. Qu'est-ce que "error target" dans ce contexte ? +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "Ne pas redémarrer le périphérique à moins qu'il ait été remplacé manuellement par la cible en erreur." + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "Impossible de réaliser le rechiffrement. Statut de rechiffrement inattendu." + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "Contexte de rechiffrement manquant ou invalide." + +#: lib/luks2/luks2_reencrypt.c:3253 +msgid "Failed to initialize reencryption device stack." +msgstr "Impossible d'initialiser la pile du périphérique de rechiffrement." + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "Échec de la mise à jour du contexte de rechiffrement." + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "Aucun emplacement de jeton libre" + +#: lib/luks2/luks2_token.c:269 +#, c-format +msgid "Failed to create builtin token %s." +msgstr "Échec lors de la création du jeton intégré %s" + +#: src/cryptsetup.c:164 +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Impossible de vérifier une phrase secrète non saisie sur une console." + +#: src/cryptsetup.c:221 +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Les paramètres de chiffrement des emplacement de clés peuvent uniquement être définis pour un périphérique LUKS2." + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +msgid "No known cipher specification pattern detected." +msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté." + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "ATTENTION: Le paramètre --hash est ignoré en mode non chiffré quand le fichier de clé est spécifié.\n" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "ATTENTION: L'option --keyfile-size est ignorée. La taille de lecture est la même que la taille de la clé de chiffrement.\n" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "Signature(s) de périphérique détectée(s) sur %s. Continuer risque d'endommager les données existantes." + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "Opération interrompue.\n" + +#: src/cryptsetup.c:381 +msgid "Option --key-file is required." +msgstr "L'option --key-file est requise." + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "Entrez le PIN VeraCrypt : " + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "Valeur PIN invalide : erreur d'analyse" + +#: src/cryptsetup.c:446 +msgid "Invalid PIM value: 0." +msgstr "Valeur PIN invalide: 0" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "Valeur PIN invalide: hors des limites." + +#: src/cryptsetup.c:472 +msgid "No device header detected with this passphrase." +msgstr "Aucun en-tête détecté avec cette phrase secrète sur le périphérique." + +#: src/cryptsetup.c:541 +#, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Le périphérique %s n'est pas un périphérique BITLK valide." + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" +"Le contenu de l'en-tête avec la clé de volume est une information\n" +"sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n" +"Ce contenu devrait toujours être stocké, chiffré, en lieu sûr." + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "Le périphérique %s est toujours actif et prévu pour une suppression différée.\n" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "Le redimensionnement d'un périphérique actif requiert que la clé du volume soit dans le porte-clé mais l'option --disable-keyring est définie." + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "Test de performance interrompu." + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "PBKDF2-%-9s N/A\n" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "PBKDF2-%-9s %7u itérations par seconde pour une clé de %zu bits\n" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "%-10s N/A\n" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "%-10s %4u itérations, %5u mémoire, %1u threads parallèles (CPUs) pour une clé de %zu bits (temps de %u ms demandé)\n" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "Le résultat de l'évaluation de performance n'est pas fiable." + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "# Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S).\n" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "#%*s Algorithme | Clé | Chiffrement | Déchiffrement\n" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "Le chiffrement %s (avec une clé de %i bits) n'est pas disponible." + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "# Algorithme | Clé | Chiffrement | Déchiffrement\n" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "N/D" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" +"Le périphérique seems ne requière pas de récupération de rechiffrement.\n" +"Voulez-vous quand-même continuer ?" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "Réellement procéder à la récupération du rechiffrement LUKS2 ?" + +#: src/cryptsetup.c:1098 +msgid "Enter passphrase for reencryption recovery: " +msgstr "Entrez la phrase secrète pour la récupération du rechiffrement : " + +#: src/cryptsetup.c:1141 +msgid "Really try to repair LUKS device header?" +msgstr "Réellement essayer de réparer l'en-tête du périphérique LUKS ?" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" +"Effacement du périphérique pour initialiser les sommes de contrôle d'intégrité.\n" +"Vous pouvez interrompre ceci en appuyant sur CTRL+c (le reste du périphérique effacé contiendra toujours des sommes de contrôle invalides).\n" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Impossible de désactiver le périphérique temporaire %s." + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "L'option d'intégrité peut uniquement être utilisée avec le format LUKS2." + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +msgid "Unsupported LUKS2 metadata size options." +msgstr "Options de taille des métadonnées LUKS2 non supportées." + +#: src/cryptsetup.c:1253 +#, c-format +msgid "Cannot create header file %s." +msgstr "Impossible de créer le fichier d'en-tête %s." + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +msgid "No known integrity specification pattern detected." +msgstr "Aucun motif connu de spécification d'intégrité n'a été détecté." + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "Ne peut utiliser %s comme en-tête sur disque." + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Cette action écrasera définitivement les données sur %s." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +msgid "Failed to set pbkdf parameters." +msgstr "Impossible de définir les paramètres pbkdf." + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "Décalage réduit de données est uniquement permis dans un en-tête LUKS détaché." + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "Impossible de déterminer la taille de la clé de volume pour LUKS sans emplacement de clé, veuillez utiliser l'option --key-size." + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "Le périphérique a été activé mais les fanions ne peuvent pas être rendus permanents." + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "Emplacement de clé %d sélectionné pour suppression." + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Ceci est le dernier emplacement de clé. Le périphérique sera inutilisable après la suppression de cette clé." + +#: src/cryptsetup.c:1582 +msgid "Enter any remaining passphrase: " +msgstr "Entrez toute phrase secrète restante : " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "Opération interrompue, l'emplacement de clé n'a PAS été effacé.\n" + +#: src/cryptsetup.c:1621 +msgid "Enter passphrase to be deleted: " +msgstr "Entrez la phrase secrète à effacer : " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Entrez une nouvelle phrase secrète pour l'emplacement de clé : " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, c-format +msgid "Enter any existing passphrase: " +msgstr "Entrez une phrase secrète existante : " + +#: src/cryptsetup.c:1861 +msgid "Enter passphrase to be changed: " +msgstr "Entrez la phrase secrète à changer : " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +msgid "Enter new passphrase: " +msgstr "Entrez la nouvelle phrase secrète : " + +#: src/cryptsetup.c:1927 +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Entrez la phrase secrète pour l'emplacement de clé à convertir: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "L'opération isLuks supporte seulement un périphérique en argument." + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Le contenu de l'en-tête avec la clé de volume est une information\n" +"sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n" +"Ce contenu devrait être stocké, chiffré, en lieu sûr." + +#: src/cryptsetup.c:2066 +#, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "L'emplacement de clé %d ne contient pas de clé non liée." + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" +"Le contenu de l'en-tête avec une clé non liée est une information sensible.\n" +"Ce contenu devrait être stocké, chiffré, en lieu sûr." + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +msgid "Option --header-backup-file is required." +msgstr "L'option --header-backup-file est requise." + +#: src/cryptsetup.c:2258 +#, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s n'est pas un périphérique géré par cryptsetup." + +#: src/cryptsetup.c:2269 +#, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Le rafraîchissement n'est pas supporté pour un périphérique de type %s" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "Type de métadonnée du périphérique %s non reconnu." + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "La commande exige un périphérique et un nom de correspondance comme arguments." + +#: src/cryptsetup.c:2336 +#, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" +"Device will become unusable after this operation." +msgstr "" +"Cette opération va supprimer tous les emplacements de clés du périphérique %s.\n" +"Le périphérique sera inutilisable après cette opération." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "Opération interrompue, les emplacements de clés n'ont PAS été effacés.\n" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "Type LUKS invalide, seuls luks1 et luks2 sont supportés." + +#: src/cryptsetup.c:2398 +#, c-format +msgid "Device is already %s type." +msgstr "Le périphérique est déjà du type %s." + +#: src/cryptsetup.c:2403 +#, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Cette opération va convertir %s au format %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "Opération interrompue, le périphérique n'a PAS été converti.\n" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "L'option --priority, --label ou --subsystem est manquante." + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, c-format +msgid "Token %d is invalid." +msgstr "Le jeton %d est invalide." + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "Le jeton %d est utilisé." + +#: src/cryptsetup.c:2493 +#, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Échec lors de l'ajout du jeton %d au porte-clé luks2." + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Échec lors de l'affectation du jeton %d à l'emplacement de clé %d." + +#: src/cryptsetup.c:2519 +#, c-format +msgid "Token %d is not in use." +msgstr "Le jeton %d n'est pas utilisé." + +#: src/cryptsetup.c:2554 +msgid "Failed to import token from file." +msgstr "Impossible d'importer le jeton depuis le fichier." + +#: src/cryptsetup.c:2579 +#, c-format +msgid "Failed to get token %d for export." +msgstr "Impossible d'obtenir le jeton %d pour l'export." + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "Le paramètre --key-description est requis pour l'action d'ajout d'un jeton." + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --token-id." + +#: src/cryptsetup.c:2613 +#, c-format +msgid "Invalid token operation %s." +msgstr "L'opération de jeton %s est invalide." + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "Périphérique dm actif auto-détecté « %s » pour le périphérique de données %s.\n" + +#: src/cryptsetup.c:2672 +#, c-format +msgid "Device %s is not a block device.\n" +msgstr "Le périphérique %s n'est pas un périphérique blocs.\n" + +#: src/cryptsetup.c:2674 +#, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Échec de l'auto-détection des containers du périphérique %s." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" +"Impossible de décider si le périphérique %s est actif ou non.\n" +"Êtes-vous sûr de vouloir procéder au rechiffrement en mode hors-ligne ?\n" +"Les données pourraient être corrompues si le périphérique est réellement activé.\n" +"Pour exécuter le rechiffrement en mode en ligne, utilisez le paramètre --active-name.\n" + +#: src/cryptsetup.c:2756 +msgid "Invalid LUKS device type." +msgstr "Type de périphérique LUKS invalide." + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "Le chiffrement sans en-tête détaché (--header) n'est pas possible sans une réduction de la taille du périphérique de données (--reduce-device-size)" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "Le décalage de données demandé doit être inférieur ou égal à la moitié du paramètre --reduce-device-size." + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "Ajustement de la valeur de --reduce-device-size à deux fois --offset % (secteurs).\n" + +#: src/cryptsetup.c:2779 +msgid "Encryption is supported only for LUKS2 format." +msgstr "Le chiffrement est uniquement supporté avec le format LUKS2." + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "Périphérique LUKS détecté sur %s. Voulez-vous chiffrer à nouveau ce périphérique LUKS ?" + +#: src/cryptsetup.c:2816 +#, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Le fichier temporaire d'en-tête %s existe déjà. Abandon." + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, c-format +msgid "Cannot create temporary header file %s." +msgstr "Impossible de créer le fichier temporaire d'en-tête %s." + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "%s/%s est maintenant actif et prêt pour un chiffrement en ligne.\n" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "Pas assez d'emplacements de clés libres pour le rechiffrement." + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "Le fichier de clé peut uniquement être utilisé avec --key-slot ou avec exactement un seul emplacement de clé actif." + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Entrez la phrase secrète pour l'emplacement de clé %d : " + +#: src/cryptsetup.c:3096 +#, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Entrez la phrase secrète pour l'emplacement de clé %u : " + +#: src/cryptsetup.c:3263 +msgid "Command requires device as argument." +msgstr "La commande exige un périphérique comme argument." + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "Seul le format LUKS2 est actuellement supporté. Veuillez utiliser l'outil cryptsetup-reencrypt pour LUKS1." + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "Un rechiffrement hors-ligne historique est déjà en cours. Utilisez l'utilitaire cryptsetup-reencrypt." + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "Le rechiffrement d'un périphérique avec un profil d'intégrité n'est pas supporté." + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "Rechiffrement LUKS2 déjà initialisé. Abandon de l'opération." + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "Le périphérique LUKS2 n'est pas en rechiffrement." + +#: src/cryptsetup.c:3346 +msgid " [--type ] []" +msgstr " [--type ] []" + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +msgid "open device as " +msgstr "ouvrir le périphérique comme " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "fermeture du périphérique (supprime le « mapping »)" + +#: src/cryptsetup.c:3348 msgid "resize active device" msgstr "redimensionner le périphérique actif" -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "afficher le statut du périphérique" +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "afficher le statut du périphérique" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "[--cipher ]" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "chiffrement pour test de performance" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "essayer de réparer les métadonnées sur le disque" + +#: src/cryptsetup.c:3352 +msgid "reencrypt LUKS2 device" +msgstr "rechiffrer le périphérique LUKS2" + +#: src/cryptsetup.c:3353 +msgid "erase all keyslots (remove encryption key)" +msgstr "supprimer tous les emplacements de clés (supprime la clé de chiffrement)" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "convertir LUKS depuis/vers le format LUKS2" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "définir les options de configuration permanentes pour LUKS2" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "formater un périphérique LUKS" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "ajouter une clé au périphérique LUKS" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "retire du périphérique LUKS la clé ou le fichier de clé fourni" + +#: src/cryptsetup.c:3359 +msgid "changes supplied key or key file of LUKS device" +msgstr "modifie la clé ou le fichier de clé fourni pour le périphérique LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "converti une clé vers les nouveaux paramètres pbkdf" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "efface de façon sécurisée la clé avec le numéro du périphérique LUKS" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "afficher l'UUID du périphérique LUKS" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "teste si a un en-tête de partition LUKS" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "affiche les informations LUKS de la partition" + +#: src/cryptsetup.c:3365 +msgid "dump TCRYPT device information" +msgstr "affiche les informations du périphérique TCRYPT" + +#: src/cryptsetup.c:3366 +msgid "dump BITLK device information" +msgstr "affiche les informations du périphérique BITLK" + +#: src/cryptsetup.c:3367 +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Suspendre le périphérique LUKS et effacer de façon sécurisée la clé (toutes les entrées/sorties sont suspendues)" + +#: src/cryptsetup.c:3368 +msgid "Resume suspended LUKS device" +msgstr "Remettre en service le périphérique LUKS suspendu" + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Sauvegarder l'en-tête et les emplacements de clés du périphérique LUKS" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Restaurer l'en-tête et les emplacements de clés du périphérique LUKS" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "Manipuler les jetons LUKS2" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" est l'une de :\n" + +#: src/cryptsetup.c:3395 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" +"\n" +"Vous pouvez aussi utiliser les alias de l'ancienne syntaxe  :\n" +"\touvrir : create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tfermer : remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" est le périphérique à créer dans %s\n" +" est le périphérique chiffré\n" +" est le numéro de l'emplacement de clé LUKS à modifier\n" +" est un fichier optionnel contenant la nouvelle clé pour l'action luksAddKey\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" +"\n" +"Le format de métadonnées compilé par défaut est %s (pour l'action luksFormat).\n" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" +"\n" +"Clé compilée par défaut et paramètres de phrase secrète :\n" +"\tTaille max. fichier de clé : %d ko, longueur max. interactive de phrase secrète %d (caractères)\n" +"PBKDF par défaut pour LUKS1 : %s, temps d'itération : %d (ms)\n" +"PBKDF par défaut pour LUKS2 : %s\n" +"\tTemps d'itération: %d, Mémoire requise: %d ko, Threads parallèles: %d\n" + +#: src/cryptsetup.c:3422 +#, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Paramètres de chiffrement compilés par défaut :\n" +"\tloop-AES: %s, Clé %d bits\n" +"\tplain: %s, Clé: %d bits, Hachage mot de passe: %s\n" +"\tLUKS: %s, Clé: %d bits, Hachage en-tête LUKS: %s, RNG: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "\tLUKS: La taille de clé par défaut en mode XTS (deux clés internes) sera doublée.\n" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s : exige %s comme arguments." + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Afficher ce message d'aide" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Afficher, en résumé, la syntaxe d'invocation" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Afficher la version du paquet" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Options d'aide :" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Afficher des messages d'erreur plus détaillés" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Afficher les messages de débogage" + +#: src/cryptsetup.c:3489 +msgid "Show debug messages including JSON metadata" +msgstr "Montrer les messages de débogage incluant les métadonnées JSON" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "L'algorithme de chiffrement utilisé pour chiffrer le disque (voir /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "L'algorithme de hachage utilisé pour créer la clé de chiffrement à partir de la phrase secrète" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Vérifier la phrase secrète en la demandant deux fois" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +msgid "Read the key from a file" +msgstr "Lire la clef depuis un fichier" + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "Lire la clé (maîtresse) du volume depuis un fichier." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "Lister les informations de la clé (maîtresse) de volume au lieu des autres emplacements de clefs" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "La taille de la clé de chiffrement" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "BITS" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "Limite la lecture d'un fichier de clé" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "octets" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "Nombre d'octets à ignorer dans le fichier de clé" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "Limite la lecture d'un nouveau fichier de clé ajouté" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "Nombre d'octets à ignorer dans le fichier de clé nouvellement ajouté" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Numéro de l'emplacement pour la nouvelle clé (par défaut, le premier disponible)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "La taille du périphérique" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "SECTEURS" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "Utiliser uniquement la taille demandée du périphérique (ignore le reste du périphérique). DANGEREUX !" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "Le décalage de départ dans le périphérique sous-jacent" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Combien de secteurs de données chiffrées à ignorer au début" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Crée une association en lecture seule" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Ne pas demander confirmation" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Délai d'expiration de la demande interactive de phrase secrète (en secondes)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "s" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" +msgstr "Mise à jour de la ligne de progression (en secondes)" + +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Nombre de tentatives possibles pour entrer la phrase secrète" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Utiliser une limite de secteurs pour aligner les données – pour luksFormat" + +#: src/cryptsetup.c:3512 +msgid "File with LUKS header and keyslots backup" +msgstr "Fichier contenant une sauvegarde de l'en-tête LUKS et des emplacements de clés" + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "Utiliser /dev/random pour générer la clé de volume" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "Utiliser /dev/urandom pour générer la clé de volume" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "Partager le périphérique avec un autre segment chiffré sans recouvrement" + +#: src/cryptsetup.c:3516 src/veritysetup.c:477 +msgid "UUID for device to use" +msgstr "UUID du périphérique à utiliser" + +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "Autoriser les demandes d'abandon (TRIM) pour le périphérique" + +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" +msgstr "Périphérique ou fichier avec un en-tête LUKS séparé" + +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "Ne pas activer le périphérique. Vérifie simplement le phrase secrète" + +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "Utilise l'en-tête caché (périphérique TCRYPT caché)" + +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" +msgstr "Le périphérique est un lecteur TCRYPT système (avec secteur d'amorçage)" + +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "Utiliser l'en-tête TCRYPT de secours (secondaire)" + +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "Recherche aussi des périphériques compatibles avec VeraCrypt" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Multiplicateur d'Itération Personnel pour le périphérique compatible avec VeraCrypt" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "Interroger le Multiplicateur d'Itération Personnel pour le périphérique compatible avec VeraCrypt" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "Type de métadonnées du périphérique : luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "Désactive la vérification de la qualité du mot de passe (si activé)" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "Utilise l'option de compatibilité de performance dm-crypt same_cpu_crypt" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "Utilise l'option de compatibilité de performance dm-crypt submit_from_crypt_cpus" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "La suppression du périphérique est différée jusqu'à ce que le dernier utilisateur le ferme" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" +msgstr "Utiliser un verrou global pour sérialiser PBKDF qui utilise beaucoup de mémoire (évite le OOM)" + +#: src/cryptsetup.c:3532 +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "Temps d'itération de PBKDF pour LUKS (en ms)" + +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "ms" + +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "Algorithme PBKDF (pour LUKS2): argon2i, argon2id, pbkdf2" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "Limite de coût mémoire PBKDF" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "kilooctets" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "Coût parallèle PBKDF" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "threads" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "Coût d'itération PBKDF (forcé, désactive l'étalon)" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "Priorité de l'emplacement de clé: ignore, normal, prefer" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "Désactiver le verrouillage des métadonnées sur le disque" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "Désactiver le chargement des clés de volume via le porte-clé du noyau" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "Algorithme d'intégrité des données (uniquement LUKS2)" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "Désactiver le journal pour le périphérique d'intégrité" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "Ne pas effacer le périphérique après le formatage" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "Utiliser le rembourrage historique inefficace (vieux noyaux)" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "Ne pas demander le mot de passe si l'activation par jeton échoue" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "Numéro de jeton (défaut: n'importe lequel)" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "Description de clé" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "Taille du secteur de chiffrement (défaut: 512 octets)" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "Utiliser le IV (vecteur d'initialisation) compté en taille de secteurs (pas en multiple de 512 octets)" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "Définir les fanions d'activation comme permanents pour le périphérique" + +#: src/cryptsetup.c:3550 +msgid "Set label for the LUKS2 device" +msgstr "Définir l'étiquette pour le périphérique LUKS2" + +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "Définir l'étiquette de sous-système pour le périphérique LUKS2" + +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "Créer ou déverser un emplacement de clé LUKS2 non lié (aucun segment de donnée assigné)" + +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "Lire ou écrire le json depuis ou vers un fichier" + +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "Taille de la zone de métadonnées de l'en-tête LUKS2" + +#: src/cryptsetup.c:3555 +msgid "LUKS2 header keyslots area size" +msgstr "Taille de la zone des emplacements de clés de l'en-tête LUKS2" + +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "Rafraîchir (réactiver) le périphérique avec de nouveaux paramètres" + +#: src/cryptsetup.c:3557 +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Emplacement de clé LUKS2: La taille de la clé de chiffrement" + +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "Emplacement de clé LUKS2: Le chiffrement utilisé pour le chiffrement de l'emplacement de clé" + +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "Chiffrer le périphérique LUKS2 (chiffrement sur place)." + +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "Déchiffrer le périphérique LUKS2 (supprime le chiffrement)" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "Initialiser le rechiffrement LUKS2 uniquement dans les métadonnées." + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "Redémarrer uniquement le rechiffrement LUKS2 initialisé." + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "Réduire la taille des données du périphérique (déplace le décalage des données). DANGEREUX !" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "Taille maximale de la zone chaude de rechiffrement." + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "Rechiffre le type de résilience de la zone chaude (checksum,journal,none)" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "Rechiffrer le hachage des sommes de contrôle de la zone chaude" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "Outrepasser l'auto-détection du périphérique pour le périphérique dm à rechiffrer" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +msgid "[OPTION...] " +msgstr "[OPTION...] " + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Il manque l'argument ." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Action inconnue." + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "Les options --refresh et --test-passphrase sont mutuellement exclusives." + +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "L'option --deferred est permise uniquement avec la commande close." + +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "L'option --shared est permise uniquement pour ouvrir un périphérique ordinaire." + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "L'option --allow-discards est permise uniquement pour une opération d'ouverture." + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "L'option --persistent est permise uniquement pour une opération d'ouverture." + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "L'option --serialize-memory-hard-pbkdf est permise uniquement pour une opération d'ouverture." + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "L'option --persistent n'est pas permise avec --test-passphrase." + +#: src/cryptsetup.c:3753 +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" +"L'option --key-size est permise seulement avec les actions luksFormat, luksAddKey,\n" +"open et benchmark. Pour limiter la lecture depuis un fichier de clé, utilisez --keyfile-size=(octets)." + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "L'option --integrity est autorisée uniquement avec luksFormat (LUKS2)." + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "L'option --integrity-no-wipe peut uniquement être utilisée pour une action de formatage avec l'extension d'intégrité." + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "Les options --label et --subsystem sont permises uniquement pour les opérations luksFormat et config LUKS2." + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "L'option --test-passphrase est autorisée uniquement pour ouvrir des périphériques LUKS, TCRYPT et BITLK." + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "La taille de la clé doit être un multiple de 8 bits" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +msgid "Key slot is invalid." +msgstr "Emplacement de clé non valide." + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "L'option --key-file est prioritaire par rapport à un fichier de clé spécifié en argument." + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "Nombre négatif non autorisé pour l'option." + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "Un seul argument --key-file est autorisé." + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "Seule une des deux possibilités --use-[u]random est autorisée." + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "L'option --use-[u]random est autorisée seulement avec luksFormat." + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "L'option --uuid est autorisée seulement avec luksFormat et luksUUID." + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "L'option --align-payload est autorisée uniquement avec luksFormat." + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "Les options --luks2-metadata-size et --opt-luks2-keyslots-size sont permises uniquement pour luksFormat avec LUKS2." + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "Spécification de taille de métadonnées LUKS2 invalide." + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "Spécification de taille d'emplacements de clés LUKS2 invalide." + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "Les options --align-payload et --offset ne peuvent pas être combinées." + +#: src/cryptsetup.c:3844 +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "L'option --skip est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes." + +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "L'option --offset est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes, luksFormat et le rechiffrement de périphérique." + +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "Les options --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup sont supportées seulement pour un périphérique TCRYPT." + +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "L'option --tcrypt-hidden ne peut pas être combinée avec --allow-discards." + +#: src/cryptsetup.c:3867 +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "L'option --veracrypt est uniquement supportée pour un périphérique de type TCRYPT." + +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." +msgstr "Argument invalide fourni pour le paramètre --veracrypt-pim." + +#: src/cryptsetup.c:3877 +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "L'option --veracrypt-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt." + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." +msgstr "L'option --veracrypt-query-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt." + +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." +msgstr "Les options --veracrypt-pim et --veracrypt-query-pim sont mutuellement exclusives." + +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." +msgstr "L'option --priority peut uniquement être ignore/normal/prefer." + +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." +msgstr "Une spécification d'emplacement de clé est requise." + +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "La fonction de dérivation d'une clé basée sur un mot de passe (PBKDF = Password-Based Key Derivation Function) peut uniquement être pbkdf2 ou argon2i/argon2id." + +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "Les itérations forcées de PBKDF ne peuvent pas être combinées avec l'option de temps d'itération." + +#: src/cryptsetup.c:3917 +msgid "Sector size option is not supported for this command." +msgstr "L'option de taille de secteur n'est pas supportée pour cette commande." + +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "L'option des secteurs IV (vecteur d'initialisation) de grande taille est supportée uniquement à l'ouverture de périphériques de type simple avec une taille de secteur supérieure à 512 octets." + +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "La taille de clé est requise avec l'option --unbound." + +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "L'option --unbound peut uniquement être utilisée avec les actions luksAddKey et luksDump." + +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "L'option --refresh peut uniquement être utilisée avec l'action open." + +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "Impossible de désactiver le verrouillage des métadonnées." + +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "La spécification de la taille maximale de la zone chaude de rechiffrement est invalide." + +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +msgid "Invalid device size specification." +msgstr "La taille de périphérique spécifiée est invalide." -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" -msgstr "chiffrement pour test de performance" +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "La taille maximum réduite pour le périphérique est 1 GiB." -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "La taille réduite doit être un multiple d'un secteur de 512 octets." -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" -msgstr "essayer de réparer les métadonnées sur le disque" +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "La taille des données spécifiée est invalide." -#: src/cryptsetup.c:1366 -msgid "erase all keyslots (remove encryption key)" -msgstr "" -"supprime tous les emplacements de clés (supprime la clé de chiffrement)" +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." +msgstr "Débordement de la taille de réduction." -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "Le déchiffrement LUKS2 requiert l'option --header." -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" -msgstr "formate un périphérique LUKS" +#: src/cryptsetup.c:4002 +msgid "Device size must be multiple of 512 bytes sector." +msgstr "La taille du périphérique doit être un multiple d'un secteur de 512 octets." -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "ajouter une clé au périphérique LUKS" +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." +msgstr "Les options --reduce-device-size et --data-size ne peuvent pas être combinées." -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" -msgstr " []" +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." +msgstr "Les options --device-size et --size ne peuvent pas être combinées." -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "retire du périphérique LUKS la clé ou le fichier de clé fourni" +#: src/cryptsetup.c:4014 +#, fuzzy +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." +msgstr "Les options --ignore-corruption et --restart-on-corruption ne peuvent être utilisées ensembles." -#: src/cryptsetup.c:1370 -msgid "changes supplied key or key file of LUKS device" -msgstr "modifie la clé ou le fichier de clé fourni pour le périphérique LUKS" +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." +msgstr "Chaîne d'aléa spécifiée invalide." -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." +msgstr "Impossible de créer l'image de hachage %s en écriture." -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "" -"efface de façon sécurisée la clé avec le numéro du " -"périphérique LUKS" +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "Impossible de créer l'image FEC %s en écriture." -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "afficher l'UUID du périphérique LUKS" +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "Chaîne de hachage racine invalide." -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr "teste si a un en-tête de partition LUKS" +#: src/veritysetup.c:187 +#, c-format +msgid "Invalid signature file %s." +msgstr "Fichier de signature %s invalide." -#: src/cryptsetup.c:1374 -msgid "dump LUKS partition information" -msgstr "affiche les informations LUKS de la partition" +#: src/veritysetup.c:194 +#, c-format +msgid "Cannot read signature file %s." +msgstr "Impossible de lire le fichier de signature %s." -#: src/cryptsetup.c:1375 -msgid "dump TCRYPT device information" -msgstr "affiche les informations du périphérique TCRYPT" +#: src/veritysetup.c:392 +msgid " " +msgstr " " -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "" -"Suspend le périphérique LUKS et effacer de façon sécurisée la clé (toutes " -"les entrées/sorties sont suspendues)." +#: src/veritysetup.c:392 src/integritysetup.c:479 +msgid "format device" +msgstr "formater le périphérique" + +#: src/veritysetup.c:393 +msgid " " +msgstr " " -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Remettre en service le périphérique LUKS suspendu." +#: src/veritysetup.c:393 +msgid "verify device" +msgstr "vérifier le périphérique" -#: src/cryptsetup.c:1378 -msgid "Backup LUKS device header and keyslots" -msgstr "Sauvegarder l'en-tête et les emplacements de clés du périphérique LUKS" +#: src/veritysetup.c:394 +msgid " " +msgstr " " -#: src/cryptsetup.c:1379 -msgid "Restore LUKS device header and keyslots" -msgstr "Restaurer l'en-tête et les emplacements de clés du périphérique LUKS" +#: src/veritysetup.c:396 src/integritysetup.c:482 +msgid "show active device status" +msgstr "afficher le statut du périphérique actif" + +#: src/veritysetup.c:397 +msgid "" +msgstr "" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "afficher les informations sur le disque" + +#: src/veritysetup.c:416 +#, c-format msgid "" "\n" -" is one of:\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" msgstr "" "\n" -" est l'une de :\n" +" est le périphérique à créer sous %s\n" +" est le périphérique de données\n" +" est le périphérique contenant les données de vérification\n" +" hachage du nœud racine sur \n" -#: src/cryptsetup.c:1402 +#: src/veritysetup.c:423 +#, c-format msgid "" "\n" -"You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" msgstr "" "\n" -"Vous pouvez aussi utiliser les alias de l'ancienne syntaxe  :\n" -"\touvrir : create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tfermer : remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +"Paramètres compilés par défaut dans dm-verity :\n" +"\tHachage: %s, Bloc données (octets): %u, Bloc hachage (octets): %u, Taille aléa: %u, Format hachage: %u\n" + +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" +msgstr "Ne pas utiliser le superbloc de verity" + +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" +msgstr "Type de format (1: normal ; 0: Chrome OS)" + +#: src/veritysetup.c:467 +msgid "number" +msgstr "nombre" + +#: src/veritysetup.c:468 +msgid "Block size on the data device" +msgstr "Taille de bloc sur le périphérique de données" + +#: src/veritysetup.c:469 +msgid "Block size on the hash device" +msgstr "Taille de bloc sur le périphérique de hachage" + +#: src/veritysetup.c:470 +msgid "FEC parity bytes" +msgstr "Octets de parité FEC" + +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" +msgstr "Le nombre de blocs dans le fichier de données" + +#: src/veritysetup.c:471 +msgid "blocks" +msgstr "blocs" + +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" +msgstr "Chemin vers le périphérique avec les données de correction d'erreurs" + +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" +msgstr "chemin" + +#: src/veritysetup.c:473 +msgid "Starting offset on the hash device" +msgstr "Décalage de départ sur le périphérique de hachage" + +#: src/veritysetup.c:474 +msgid "Starting offset on the FEC device" +msgstr "Décalage de départ sur le périphérique FEC" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" +msgstr "Algorithme de hachage" + +#: src/veritysetup.c:475 +msgid "string" +msgstr "chaîne" + +#: src/veritysetup.c:476 +msgid "Salt" +msgstr "Aléa" + +#: src/veritysetup.c:476 +msgid "hex string" +msgstr "chaîne hexa" + +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" +msgstr "Chemin du fichier de signature du hachage racine" + +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "Redémarrer le noyau si une corruption est détectée" + +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" +msgstr "Ignore la corruption, elle est seulement enregistrée dans le journal" + +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "Ne pas vérifier les blocs mis à zéro" + +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "Vérifier le bloc de données uniquement à la première lecture" + +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." +msgstr "L'option --ignore-corruption, --restart-on-corruption ou --ignore-zero-blocks est seulement permise pour une opération d'ouverture." + +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." +msgstr "L'option --root-hash-signature peut uniquement être utilisée avec l'opération open." + +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." +msgstr "Les options --ignore-corruption et --restart-on-corruption ne peuvent être utilisées ensembles." + +#: src/integritysetup.c:84 src/utils_password.c:305 +#, c-format +msgid "Cannot read keyfile %s." +msgstr "Impossible de lire le fichier de clé %s." -#: src/cryptsetup.c:1406 +#: src/integritysetup.c:88 src/utils_password.c:310 +#, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Échec à la lecture de %d octets du fichier de clé %s." + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" +msgstr "Formaté avec une taille de balise de %u, intégrité interne %s.\n" + +#: src/integritysetup.c:479 src/integritysetup.c:483 +msgid "" +msgstr "" + +#: src/integritysetup.c:480 +msgid " " +msgstr " " + +#: src/integritysetup.c:502 #, c-format msgid "" "\n" " is the device to create under %s\n" -" is the encrypted device\n" -" is the LUKS key slot number to modify\n" -" optional key file for the new key for luksAddKey action\n" +" is the device containing data with integrity tags\n" msgstr "" "\n" -" est le périphérique à créer dans %s\n" -" est le périphérique chiffré\n" -" est le numéro de l'emplacement de clé LUKS à modifier\n" -" est un fichier optionnel contenant la nouvelle clé pour " -"l'action luksAddKey\n" +" est le périphérique à créer sous %s\n" +" est le périphérique contenant les données avec les balises d'intégrité\n" -#: src/cryptsetup.c:1413 +#: src/integritysetup.c:507 #, c-format msgid "" "\n" -"Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" msgstr "" "\n" -"Clé compilée par défaut et paramètres de phrase secrète :\n" -"\tTaille max. fichier de clé : %d ko, longueur max. interactive de phrase " -"secrète %d (caractères)\n" -"Temps d'itération PBKDF2 par défaut pour LUKS : %d (ms)\n" +"Paramètres compilés par défaut dans dm-integrity :\n" +"\tAlgorithme de somme de contrôle : %s\n" + +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" +msgstr "Chemin vers le périphérique de données (si séparé)" + +#: src/integritysetup.c:551 +msgid "Journal size" +msgstr "Taille du journal" + +#: src/integritysetup.c:552 +msgid "Interleave sectors" +msgstr "Secteurs d'entrelacement" + +#: src/integritysetup.c:553 +msgid "Journal watermark" +msgstr "Filigrane du journal" + +#: src/integritysetup.c:553 +msgid "percent" +msgstr "pourcent" + +#: src/integritysetup.c:554 +msgid "Journal commit time" +msgstr "Temps pour écrire le journal" + +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" +msgstr "ms" + +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." +msgstr "Nombre de secteurs de 512 octets par bit (mode champ de bit)." + +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" +msgstr "Temps de purge du mode champ de bit" + +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "Taille de balise (par secteur)" + +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "Taille de secteur" + +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "Taille des tampons" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" +msgstr "Algorithme d'intégrité des données" + +#: src/integritysetup.c:562 +msgid "The size of the data integrity key" +msgstr "La taille de la clé d'intégrité des données" + +#: src/integritysetup.c:563 +msgid "Read the integrity key from a file" +msgstr "Lire la clef d'intégrité depuis un fichier" + +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" +msgstr "Algorithme d'intégrité du journal" -#: src/cryptsetup.c:1420 +#: src/integritysetup.c:566 +msgid "The size of the journal integrity key" +msgstr "La taille de la clé du journal d'intégrité" + +#: src/integritysetup.c:567 +msgid "Read the journal integrity key from a file" +msgstr "Lire la clé du journal d'intégrité depuis un fichier" + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "Algorithme de chiffrement du journal" + +#: src/integritysetup.c:570 +msgid "The size of the journal encryption key" +msgstr "La taille de la clé de chiffrement du journal" + +#: src/integritysetup.c:571 +msgid "Read the journal encryption key from a file" +msgstr "Lire la clé de chiffrement du journal depuis un fichier" + +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" +msgstr "Mode récupération (pas de journal, pas de vérification des balises)" + +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" +msgstr "Utiliser un champ de bits pour garder une trace des changements et désactiver le journal sur le périphérique d'intégrité" + +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." +msgstr "Recalculer les balises initiales automatiquement." + +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." +msgstr "L'option --integrity-recalculate peut uniquement être utilisée avec l'action open." + +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." +msgstr "Les options --journal-size, --interleave-sectors, --sector-size, --tag-size et --no-wipe peuvent uniquement être utilisée avec l'action de format." + +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." +msgstr "La spécification de la taille du journal est invalide." + +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "Les options du fichier de clé et de la taille de la clé doivent être spécifiées toutes les deux." + +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "L'algorithme d'intégrité doit être spécifié si la clé d'intégrité est utilisée." + +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." +msgstr "Les options du fichier de clé de l'intégrité du journal et de la taille de la clé doivent être spécifiées toutes les deux." + +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." +msgstr "L'algorithme d'intégrité du journal doit être spécifié si la clé d'intégrité du journal est utilisée." + +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "Les options du fichier de clé de chiffrement du journal et de la taille de la clé doivent être spécifiées toutes les deux." + +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." +msgstr "L'algorithme de chiffrement du journal doit être spécifié si la clé de chiffrement du journal est utilisée." + +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." +msgstr "Les options de mode récupération et champ de bits sont mutuellement exclusives." + +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." +msgstr "Les options de journal ne peuvent pas être utilisées en mode champ de bits." + +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." +msgstr "Les options de champ de bits peuvent uniquement être utilisées en mode champ de bits." + +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "Re-chiffrement déjà en cours." + +#: src/cryptsetup_reencrypt.c:208 #, c-format -msgid "" -"\n" -"Default compiled-in device cipher parameters:\n" -"\tloop-AES: %s, Key %d bits\n" -"\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" -msgstr "" -"\n" -"Paramètres de chiffrement compilés par défaut :\n" -"\tloop-AES: %s, Clé %d bits\n" -"\tplain: %s, Clé: %d bits, Hachage mot de passe: %s\n" -"\tLUKS1: %s, Clé: %d bits, Hachage en-tête LUKS: %s, RNG: %s\n" +msgid "Cannot exclusively open %s, device in use." +msgstr "Impossible d'ouvrir exclusivement %s : périphérique utilisé." + +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." +msgstr "La réservation de la mémoire alignée a échoué." -#: src/cryptsetup.c:1437 src/veritysetup.c:460 +#: src/cryptsetup_reencrypt.c:229 #, c-format -msgid "%s: requires %s as arguments" -msgstr "%s : exige %s comme arguments." +msgid "Cannot read device %s." +msgstr "Impossible de lire le périphérique %s." -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 -msgid "Show this help message" -msgstr "Afficher ce message d'aide" +#: src/cryptsetup_reencrypt.c:240 +#, c-format +msgid "Marking LUKS1 device %s unusable." +msgstr "Marque le périphérique LUKS1 %s comme inutilisable." -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 -msgid "Display brief usage" -msgstr "Afficher, en résumé, la syntaxe d'invocation" +#: src/cryptsetup_reencrypt.c:244 +#, c-format +msgid "Setting LUKS2 offline reencrypt flag on device %s." +msgstr "Activation du fanion de re-chiffrement hors-ligne de LUKS2 sur le périphérique %s." -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Options d'aide :" +#: src/cryptsetup_reencrypt.c:261 +#, c-format +msgid "Cannot write device %s." +msgstr "Impossible d'écrire le périphérique %s." -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 -msgid "Print package version" -msgstr "Afficher la version du paquet" +#: src/cryptsetup_reencrypt.c:309 +msgid "Cannot write reencryption log file." +msgstr "Impossible d'écrire le journal de re-chiffrement." -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 -msgid "Shows more detailed error messages" -msgstr "Affiche des messages d'erreur plus détaillés" +#: src/cryptsetup_reencrypt.c:365 +msgid "Cannot read reencryption log file." +msgstr "Impossible de lire le journal de re-chiffrement." -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 -msgid "Show debug messages" -msgstr "Afficher les messages de débogage" +#: src/cryptsetup_reencrypt.c:403 +#, c-format +msgid "Log file %s exists, resuming reencryption.\n" +msgstr "Fichier journal %s existe. Reprise du re-chiffrement.\n" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 -msgid "The cipher used to encrypt the disk (see /proc/crypto)" -msgstr "" -"L'algorithme de chiffrement utilisé pour chiffrer le disque (voir /proc/" -"crypto)" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." +msgstr "Activation du périphérique temporaire en utilisant l'ancien en-tête LUKS." -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 -msgid "The hash used to create the encryption key from the passphrase" -msgstr "" -"L'algorithme de hachage utilisé pour créer la clé de chiffrement à partir de " -"la phrase secrète" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." +msgstr "Activation du périphérique temporaire un utilisant le nouvel en-tête LUKS." -#: src/cryptsetup.c:1481 -msgid "Verifies the passphrase by asking for it twice" -msgstr "Vérifie la phrase secrète en la demandant deux fois" +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." +msgstr "Échec de l'activation des périphériques temporaires." -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 -msgid "Read the key from a file." -msgstr "Lit la clef depuis un fichier." +#: src/cryptsetup_reencrypt.c:559 +msgid "Failed to set data offset." +msgstr "Impossible de définir les offsets des données." -#: src/cryptsetup.c:1483 -msgid "Read the volume (master) key from file." -msgstr "Lit la clé (maîtresse) du volume depuis un fichier." +#: src/cryptsetup_reencrypt.c:565 +msgid "Failed to set metadata size." +msgstr "Impossible de définir la taille des métadonnées." -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." -msgstr "" -"Liste les informations de la clé (maîtresse) de volume au lieu des autres " -"emplacements de clefs." +#: src/cryptsetup_reencrypt.c:573 +#, c-format +msgid "New LUKS header for device %s created." +msgstr "Nouvel en-tête LUKS créé pour le périphérique %s." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "The size of the encryption key" -msgstr "La taille de la clé de chiffrement" +#: src/cryptsetup_reencrypt.c:633 +#, c-format +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "Cette version de cryptsetup-reencrypt ne gère pas le nouveau type de jeton interne %s." -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "BITS" -msgstr "BITS" +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." +msgstr "Échec lors de la lecture des fanions d'activation depuis l'en-tête de sauvegarde." -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 -msgid "Limits the read from keyfile" -msgstr "Limite la lecture d'un fichier de clé" +#: src/cryptsetup_reencrypt.c:659 +msgid "Failed to write activation flags to new header." +msgstr "Échec lors de l'écriture des fanions d'activation dans le nouvel en-tête." -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 -msgid "bytes" -msgstr "octets" +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +msgid "Failed to read requirements from backup header." +msgstr "Échec lors de la lecture des exigences de l'en-tête de sauvegarde." -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 -msgid "Number of bytes to skip in keyfile" -msgstr "Nombre d'octets à ignorer dans le fichier de clé" +#: src/cryptsetup_reencrypt.c:705 +#, c-format +msgid "%s header backup of device %s created." +msgstr "Sauvegarde de l'en-tête %s du périphérique %s créée." -#: src/cryptsetup.c:1488 -msgid "Limits the read from newly added keyfile" -msgstr "Limite la lecture d'un nouveau fichier de clé ajouté" +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." +msgstr "La création de la sauvegarde des en-têtes LUKS a échoué." + +#: src/cryptsetup_reencrypt.c:901 +#, c-format +msgid "Cannot restore %s header on device %s." +msgstr "Impossible de rétablir l'en-tête %s sur le périphérique %s." + +#: src/cryptsetup_reencrypt.c:903 +#, c-format +msgid "%s header on device %s restored." +msgstr "En-tête %s rétabli sur le périphérique %s." + +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 +msgid "Cannot open temporary LUKS device." +msgstr "Impossible d'ouvrir le périphérique LUKS temporaire." + +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 +msgid "Cannot get device size." +msgstr "Impossible d'obtenir la taille du périphérique." + +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." +msgstr "Erreur E/S pendant le re-chiffrement." + +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." +msgstr "Le UUID fourni est invalide." + +#: src/cryptsetup_reencrypt.c:1423 +msgid "Cannot open reencryption log file." +msgstr "Impossible d'ouvrir le journal de re-chiffrement." + +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." +msgstr "Pas de déchiffrement en cours. Le UUID fourni ne peut être utilisé que pour reprendre un déchiffrement suspendu." + +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." +msgstr "Les paramètres pbkdf ont été changés dans l'emplacement de clé %i." + +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" +msgstr "Taille de bloc de re-chiffrement" + +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" +msgstr "MiB" + +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" +msgstr "Ne pas changer la clé, pas de re-chiffrement de la zone de donnée" + +#: src/cryptsetup_reencrypt.c:1622 +msgid "Read new volume (master) key from file" +msgstr "Lire la nouvelle clé (maîtresse) du volume depuis un fichier" + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "Temps d'itération de PBKDF2 pour LUKS (en ms)" -#: src/cryptsetup.c:1489 -msgid "Number of bytes to skip in newly added keyfile" -msgstr "Nombre d'octets à ignorer dans le fichier de clé nouvellement ajouté" +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" +msgstr "Utiliser direct-io pour accéder aux périphériques" -#: src/cryptsetup.c:1490 -msgid "Slot number for new key (default is first free)" -msgstr "" -"Numéro de l'emplacement pour la nouvelle clé (par défaut, le premier " -"disponible)" +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" +msgstr "Utiliser fsync après chaque bloc" -#: src/cryptsetup.c:1491 -msgid "The size of the device" -msgstr "La taille du périphérique" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" +msgstr "Mettre le journal à jour après chaque bloc" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 -msgid "SECTORS" -msgstr "SECTEURS" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" +msgstr "Utiliser uniquement cet emplacement (les autres seront désactivés)" -#: src/cryptsetup.c:1492 -msgid "The start offset in the backend device" -msgstr "Le décalage de départ dans le périphérique sous-jacent" +#: src/cryptsetup_reencrypt.c:1637 +msgid "Create new header on not encrypted device" +msgstr "Créer un nouvel en-tête sur le périphérique non chiffré" -#: src/cryptsetup.c:1493 -msgid "How many sectors of the encrypted data to skip at the beginning" -msgstr "Combien de secteurs de données chiffrées à ignorer au début" +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" +msgstr "Déchiffrer le périphérique de manière permanente (supprime le chiffrement)" -#: src/cryptsetup.c:1494 -msgid "Create a readonly mapping" -msgstr "Crée une association en lecture seule" +#: src/cryptsetup_reencrypt.c:1639 +msgid "The UUID used to resume decryption" +msgstr "Le UUID utilisé pour poursuivre le déchiffrement" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "Temps d'itération de PBKDF2 pour LUKS (en ms)" +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" +msgstr "Type de métadonnées LUKS: luks1, luks2" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "ms" +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " +msgstr "[OPTION...] " -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 -msgid "Do not ask for confirmation" -msgstr "Ne pas demander confirmation" +#: src/cryptsetup_reencrypt.c:1667 +#, c-format +msgid "Reencryption will change: %s%s%s%s%s%s." +msgstr "Le re-chiffrement va changer : %s%s%s%s%s%s." -#: src/cryptsetup.c:1497 -msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "" -"Délai d'expiration de la demande interactive de phrase secrète (en secondes)" +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" +msgstr "clé de volume" -#: src/cryptsetup.c:1497 -msgid "secs" -msgstr "s" +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "change hachage en " -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Nombre de tentatives possibles pour entrer la phrase secrète" +#: src/cryptsetup_reencrypt.c:1671 +msgid ", set cipher to " +msgstr ", change chiffrement en " -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" -msgstr "" -"Utiliser une limite de secteurs pour aligner les données – pour " -"luksFormat" +#: src/cryptsetup_reencrypt.c:1675 +msgid "Argument required." +msgstr "Argument requis." -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "" -"Fichier contenant une sauvegarde de l'en-tête LUKS et des emplacements de " -"clés." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." +msgstr "Seules les valeurs entre 1 MiB et 64 MiB sont permises pour la taille des blocs de re-chiffrement." -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." -msgstr "Utiliser /dev/random pour générer la clé de volume." +#: src/cryptsetup_reencrypt.c:1730 +msgid "Maximum device reduce size is 64 MiB." +msgstr "La taille maximum réduite pour le périphérique est 64 MiB." -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." -msgstr "Utiliser /dev/urandom pour générer la clé de volume." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." +msgstr "L'option --new doit être utilisée avec --reduce-device-size ou --header." -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." -msgstr "" -"Partager le périphérique avec un autre segment chiffré sans recouvrement." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." +msgstr "L'option --keep-key ne peut être utilisée que avec --hash, --iter-time ou --pbkdf-force-iterations²." -#: src/cryptsetup.c:1504 src/veritysetup.c:385 -msgid "UUID for device to use." -msgstr "UUID du périphérique à utiliser." +#: src/cryptsetup_reencrypt.c:1745 +msgid "Option --new cannot be used together with --decrypt." +msgstr "L'option --new ne peut pas être utilisée avec --decrypt." -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "Autoriser les demandes d'abandon (TRIM) pour le périphérique." +#: src/cryptsetup_reencrypt.c:1749 +msgid "Option --decrypt is incompatible with specified parameters." +msgstr "L'option --decrypt est incompatible avec les paramètres spécifiés." -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." -msgstr "Périphérique ou fichier avec un en-tête LUKS séparé." +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "L'option --uuid ne peut être utilisée qu'avec --decrypt." -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." -msgstr "Ne pas activer le périphérique. Vérifie simplement le phrase secrète." +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "Type luks invalide. Utilisez « luks », « luks1 » ou « luks2 »." -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." -msgstr "Utilise l'en-tête caché (périphérique TCRYPT caché)." +#: src/utils_tools.c:151 +msgid "Error reading response from terminal." +msgstr "Erreur de lecture de la réponse depuis le terminal." -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." -msgstr "" -"Le périphérique est un lecteur TCRYPT système (avec secteur d'amorçage)." +#: src/utils_tools.c:186 +msgid "Command successful.\n" +msgstr "Opération réussie.\n" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." -msgstr "Utiliser l'en-tête TCRYPT de secours (secondaire)." +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "paramètres erronés ou manquants" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." -msgstr "Recherche aussi des périphériques compatibles avec VeraCrypt." +#: src/utils_tools.c:196 +msgid "no permission or bad passphrase" +msgstr "Aucune permission ou mauvais mot de passe" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." -msgstr "Type de métadonnées du périphérique : luks, plain, loopaes, tcrypt." +#: src/utils_tools.c:198 +msgid "out of memory" +msgstr "mémoire épuisée" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." -msgstr "Désactive la vérification de la qualité du mot de passe (si activé)." +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "mauvais périphérique ou fichier spécifié" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." -msgstr "" -"Utilise l'option de compatibilité de performance dm-crypt same_cpu_crypt." +#: src/utils_tools.c:202 +msgid "device already exists or device is busy" +msgstr "le périphérique existe déjà ou est utilisé" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." -msgstr "" -"Utilise l'option de compatibilité de performance dm-crypt " -"submit_from_crypt_cpus." +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "erreur inconnue" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 -msgid "[OPTION...] " -msgstr "[OPTION...] " +#: src/utils_tools.c:206 +#, c-format +msgid "Command failed with code %i (%s).\n" +msgstr "La commande a échoué avec le code %i (%s).\n" -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" -msgstr "Fonctionne en mode FIPS.\n" +#: src/utils_tools.c:283 +#, c-format +msgid "Key slot %i created." +msgstr "Emplacement de clef %i créé." -#: src/cryptsetup.c:1581 src/veritysetup.c:439 -msgid "Argument missing." -msgstr "Il manque l'argument ." +#: src/utils_tools.c:285 +#, c-format +msgid "Key slot %i unlocked." +msgstr "Emplacement de clé %i déverrouillé." -#: src/cryptsetup.c:1634 src/veritysetup.c:445 -msgid "Unknown action." -msgstr "Action inconnue." +#: src/utils_tools.c:287 +#, c-format +msgid "Key slot %i removed." +msgstr "Emplacement de clé %i supprimé." -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" -msgstr "" -"L'option --shared est permise uniquement pour ouvrir un périphérique " -"ordinaire.\n" +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "Jeton %i créé." -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" -msgstr "" -"L'option --allow-discards est permise uniquement pour une opération " -"d'ouverture.\n" +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "Jeton %i supprimé." -#: src/cryptsetup.c:1657 +#: src/utils_tools.c:464 msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." +"\n" +"Wipe interrupted." msgstr "" -"L'option --key-size est permise seulement avec luksFormat, open et " -"benchmark.\n" -"Pour limiter la lecture depuis un fichier de clé, utilisez --keyfile-" -"size=(octets)." +"\n" +"Effacement interrompu." -#: src/cryptsetup.c:1664 -msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" -msgstr "" -"L'option --test-passphrase est autorisée uniquement pour ouvrir des " -"périphériques LUKS et TCRYPT.\n" +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour une partition « %s ».\n" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 -msgid "Key size must be a multiple of 8 bits" -msgstr "La taille de la clé doit être un multiple de 8 bits" +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour un superblock « %s ».\n" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 -msgid "Key slot is invalid." -msgstr "Emplacement de clé non valide." +#: src/utils_tools.c:504 src/utils_tools.c:568 +msgid "Failed to initialize device signature probes." +msgstr "Impossible d'initialiser les sondes de la signature du périphérique." -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" -msgstr "" -"L'option --key-file est prioritaire par rapport à un fichier de clé spécifié " -"en argument.\n" +#: src/utils_tools.c:548 +#, c-format +msgid "Failed to stat device %s." +msgstr "Impossible d'exécuter « stat » sur le périphérique %s." -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 -msgid "Negative number for option not permitted." -msgstr "Nombre négatif non autorisé pour l'option." +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "Le périphérique %s est utilisé. Impossible de continuer avec l'opération de formatage." -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 -msgid "Only one of --use-[u]random options is allowed." -msgstr "Seule une des deux possibilités --use-[u]random est autorisée." +#: src/utils_tools.c:563 +#, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Impossible d'ouvrir le fichier %s en mode lecture/écriture." -#: src/cryptsetup.c:1699 -msgid "Option --use-[u]random is allowed only for luksFormat." -msgstr "L'option --use-[u]random est autorisée seulement avec luksFormat." +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "La signature de partition « %s » existante (offset: % octets) sur le périphérique %s sera effacée." -#: src/cryptsetup.c:1703 -msgid "Option --uuid is allowed only for luksFormat and luksUUID." -msgstr "L'option --uuid est autorisée seulement avec luksFormat et luksUUID." +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "La signature de superbloc « %s » existante (offset: % octets) sur le périphérique %s sera effacée." -#: src/cryptsetup.c:1707 -msgid "Option --align-payload is allowed only for luksFormat." -msgstr "L'option --align-payload est autorisée uniquement avec luksFormat." +#: src/utils_tools.c:583 +msgid "Failed to wipe device signature." +msgstr "Impossible d'effacer la signature du périphérique." -#: src/cryptsetup.c:1713 -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "" -"L'option --skip est supportée uniquement pour ouvrir des périphériques " -"ordinaires et loopaes.\n" +#: src/utils_tools.c:590 +#, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Impossible de sonder le périphérique %s pour une signature." -#: src/cryptsetup.c:1719 +#: src/utils_tools.c:629 msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" +"\n" +"Reencryption interrupted." msgstr "" -"L'option --offset est supportée uniquement pour ouvrir des périphériques " -"ordinaires et loopaes.\n" +"\n" +"Rechiffrement interrompu." -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" -msgstr "" -"Les options --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup sont " -"supportées seulement pour un périphérique TCRYPT.\n" +#: src/utils_password.c:43 src/utils_password.c:75 +#, c-format +msgid "Cannot check password quality: %s" +msgstr "Ne peut vérifier la qualité du mot de passe : %s" -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" +#: src/utils_password.c:51 +#, c-format +msgid "" +"Password quality check failed:\n" +" %s" msgstr "" -"L'option --tcrypt-hidden ne peut pas être combinée avec --allow-discards.\n" +"Échec de la vérification de la qualité du mot de passe :\n" +" %s" -#: src/cryptsetup.c:1735 -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "" -"L'option --veracrypt est uniquement supportée pour un périphérique de type " -"TCRYPT.\n" +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "Échec de la vérification de la qualité du mot de passe : Mauvais mot de passe (%s)" -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" -msgstr "Chaîne d'aléa spécifiée invalide.\n" +#: src/utils_password.c:193 src/utils_password.c:208 +msgid "Error reading passphrase from terminal." +msgstr "Erreur de lecture de la phrase secrète depuis la console." -#: src/veritysetup.c:88 -#, c-format -msgid "Cannot create hash image %s for writing.\n" -msgstr "Impossible de créer l'image de hachage %s en écriture.\n" +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Vérifiez la phrase secrète : " -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" -msgstr "Chaîne de hachage racine invalide.\n" +#: src/utils_password.c:213 +msgid "Passphrases do not match." +msgstr "Les phrases secrètes ne sont pas identiques." -#: src/veritysetup.c:308 -msgid " " -msgstr " " +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "Le décalage n'est pas possible si l'entrée provient de la console." -#: src/veritysetup.c:308 -msgid "format device" -msgstr "formater le périphérique" +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Saisissez la phrase secrète : " -#: src/veritysetup.c:309 -msgid " " -msgstr " " +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Saisissez la phrase secrète pour %s : " -#: src/veritysetup.c:309 -msgid "verify device" -msgstr "vérifier le périphérique" +#: src/utils_password.c:287 +msgid "No key available with this passphrase." +msgstr "Aucune clé disponible avec cette phrase secrète." -#: src/veritysetup.c:310 -msgid " " -msgstr " " +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "Aucun emplacement de clé utilisable est disponible." -#: src/veritysetup.c:310 -msgid "create active device" -msgstr "créer le périphérique actif" +#: src/utils_password.c:328 +#, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Impossible d'ouvrir le fichier de clé %s en écriture." -#: src/veritysetup.c:311 -msgid "remove (deactivate) device" -msgstr "supprime (désactive) le périphérique" +#: src/utils_password.c:335 +#, c-format +msgid "Cannot write to keyfile %s." +msgstr "Impossible d'écrire dans le fichier de clé %s." -#: src/veritysetup.c:312 -msgid "show active device status" -msgstr "afficher le statut du périphérique actif" +#: src/utils_luks2.c:47 +#, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Impossible d'ouvrir le fichier %s en lecture seule." -#: src/veritysetup.c:313 -msgid "" -msgstr "" +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "Fournissez le jeton LUKS valide au format JSON:\n" -#: src/veritysetup.c:313 -msgid "show on-disk information" -msgstr "afficher les informations sur le disque" +#: src/utils_luks2.c:67 +msgid "Failed to read JSON file." +msgstr "Impossible de lire le fichier JSON." -#: src/veritysetup.c:332 -#, c-format +#: src/utils_luks2.c:72 msgid "" "\n" -" is the device to create under %s\n" -" is the data device\n" -" is the device containing verification data\n" -" hash of the root node on \n" +"Read interrupted." msgstr "" "\n" -" est le périphérique à créer sous %s\n" -" est le périphérique de données\n" -" est le périphérique contenant les données de vérification\n" -" hachage du nœud racine sur \n" +"Lecture interrompue." -#: src/veritysetup.c:339 +#: src/utils_luks2.c:113 #, c-format +msgid "Failed to open file %s in write mode." +msgstr "Impossible d'ouvrir le fichier %s en écriture seule." + +#: src/utils_luks2.c:122 msgid "" "\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +"Write interrupted." msgstr "" "\n" -"Paramètres compilés par défaut dans dm-verity :\n" -"\tHachage: %s, Bloc données (octets): %u, Bloc hachage (octets): %u, Taille " -"aléa: %u, Format hachage: %u\n" - -#: src/veritysetup.c:377 -msgid "Do not use verity superblock" -msgstr "Ne pas utiliser le superbloc de verity" - -#: src/veritysetup.c:378 -msgid "Format type (1 - normal, 0 - original Chrome OS)" -msgstr "Type de format (1: normal ; 0: Chrome OS)" - -#: src/veritysetup.c:378 -msgid "number" -msgstr "nombre" +"Écriture interrompue." -#: src/veritysetup.c:379 -msgid "Block size on the data device" -msgstr "Taille de bloc sur le périphérique de données" - -#: src/veritysetup.c:380 -msgid "Block size on the hash device" -msgstr "Taille de bloc sur le périphérique de hachage" +#: src/utils_luks2.c:126 +msgid "Failed to write JSON file." +msgstr "Erreur lors de l'écriture du fichier JSON." -#: src/veritysetup.c:381 -msgid "The number of blocks in the data file" -msgstr "Le nombre de blocs dans le fichier de données" +#~ msgid "Parameter --refresh is only allowed with open or refresh commands." +#~ msgstr "Le paramètre --refresh est permis uniquement avec les commandes open ou refresh." -#: src/veritysetup.c:381 -msgid "blocks" -msgstr "blocs" +#~ msgid "Cipher %s is not available." +#~ msgstr "Le chiffrement %s n'est pas disponible." -#: src/veritysetup.c:382 -msgid "Starting offset on the hash device" -msgstr "Décalage de départ dans le périphérique de hachage" +#~ msgid "Unsupported encryption sector size.\n" +#~ msgstr "Taille de secteur de chiffrement non supportée.\n" -#: src/veritysetup.c:383 -msgid "Hash algorithm" -msgstr "Algorithme de hachage" +#~ msgid "Offline reencryption in progress. Aborting." +#~ msgstr "Un rechiffrement hors-ligne est en cours. Interruption." -#: src/veritysetup.c:383 -msgid "string" -msgstr "chaîne" +#~ msgid "Online reencryption in progress. Aborting." +#~ msgstr "Un rechiffrement en-ligne est en cours. Interruption." -#: src/veritysetup.c:384 -msgid "Salt" -msgstr "Aléa" +#~ msgid "No LUKS2 reencryption in progress." +#~ msgstr "Pas de rechiffrement LUKS2 en cours." -#: src/veritysetup.c:384 -msgid "hex string" -msgstr "chaîne hexa" +#~ msgid "Interrupted by a signal." +#~ msgstr "Interrompu par un signal." -#: src/cryptsetup_reencrypt.c:147 -#, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Impossible d'ouvrir exclusivement %s : périphérique utilisé.\n" +#~ msgid "Function not available in FIPS mode." +#~ msgstr "Fonction pas disponible en mode FIPS." -#: src/cryptsetup_reencrypt.c:151 -#, c-format -msgid "Cannot open device %s\n" -msgstr "Impossible d'ouvrir le périphérique %s\n" +#~ msgid "Failed to write hash." +#~ msgstr "Erreur lors de l'écriture du hachage." -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" -msgstr "La réservation de la mémoire alignée a échoué.\n" +#~ msgid "Failed to finalize hash." +#~ msgstr "Impossible de terminer le hachage." -#: src/cryptsetup_reencrypt.c:168 -#, c-format -msgid "Cannot read device %s.\n" -msgstr "Impossible de lire le périphérique %s.\n" +#~ msgid "Invalid resilience parameters (internal error)." +#~ msgstr "Paramètres de résilience invalides (erreur interne)." -#: src/cryptsetup_reencrypt.c:179 -#, c-format -msgid "Marking LUKS device %s unusable.\n" -msgstr "Marque le périphérique LUKS %s comme inutilisable.\n" +#~ msgid "Failed to assign new enc segments." +#~ msgstr "Échec lors de l'assignation des nouveaux segments enc." -#: src/cryptsetup_reencrypt.c:184 -#, c-format -msgid "Marking LUKS device %s usable.\n" -msgstr "Marque le périphérique LUKS %s comme utilisable.\n" +#~ msgid "Failed to assign digest %u to segment %u." +#~ msgstr "Impossible d'affecter le résumé %u au segment %u." -#: src/cryptsetup_reencrypt.c:200 -#, c-format -msgid "Cannot write device %s.\n" -msgstr "Impossible d'écrire le périphérique %s.\n" +#~ msgid "Failed to set segments." +#~ msgstr "Échec lors de la définition des segments." -#: src/cryptsetup_reencrypt.c:281 -msgid "Cannot write reencryption log file.\n" -msgstr "Impossible d'écrire le journal de re-chiffrement.\n" +#~ msgid "Failed to assign reencrypt previous backup segment." +#~ msgstr "Échec lors de l'assignation du segment de sauvegarde précédent rechiffré." -#: src/cryptsetup_reencrypt.c:337 -msgid "Cannot read reencryption log file.\n" -msgstr "Impossible de lire le journal de re-chiffrement.\n" +#~ msgid "Failed to assign reencrypt final backup segment." +#~ msgstr "Échec lors de l'assignation du segment de sauvegarde final rechiffré." -#: src/cryptsetup_reencrypt.c:374 -#, c-format -msgid "Log file %s exists, resuming reencryption.\n" -msgstr "Fichier journal %s existe. Reprise du re-chiffrement.\n" +#~ msgid "Failed generate 2nd segment." +#~ msgstr "Échec lors de la génération du 2ème segment." -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" -msgstr "" -"Activation du périphérique temporaire en utilisant l'ancien en-tête LUKS.\n" +#~ msgid "Failed generate 1st segment." +#~ msgstr "Échec lors de la génération du 1er segment." -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" -msgstr "" -"Activation du périphérique temporaire un utilisant le nouvel en-tête LUKS.\n" +#~ msgid "Failed to allocate device %s." +#~ msgstr "Impossible d'allouer le périphérique %s." -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" -msgstr "Échec de l'activation des périphériques temporaires.\n" +#~ msgid "Failed to allocate dm segments." +#~ msgstr "Échec de l'allocation des segments dm." -#: src/cryptsetup_reencrypt.c:450 -#, c-format -msgid "New LUKS header for device %s created.\n" -msgstr "Nouvel en-tête LUKS créé pour le périphérique %s.\n" +#~ msgid "Failed to create dm segments." +#~ msgstr "Échec lors de la création des segments dm." -#: src/cryptsetup_reencrypt.c:458 -#, c-format -msgid "Activated keyslot %i.\n" -msgstr "Emplacement de clé activé %i.\n" +#~ msgid "Failed to allocate device for new backing device." +#~ msgstr "Impossible d'allouer le périphérique pour le nouveau périphérique de soutien." -#: src/cryptsetup_reencrypt.c:484 -#, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "Sauvegarde de l'en-tête LUKS du périphérique %s créée.\n" +#~ msgid "Failed to reload overlay device %s." +#~ msgstr "Impossible de recharger le périphérique de surcouche %s." -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" -msgstr "La création de la sauvegarde des en-têtes LUKS a échoué.\n" +#~ msgid "Failed to refresh helper devices." +#~ msgstr "Échec lors du rafraichissement des périphériques de support." -#: src/cryptsetup_reencrypt.c:634 -#, c-format -msgid "Cannot restore LUKS header on device %s.\n" -msgstr "Impossible de rétablir l'en-tête LUKS sur le périphérique %s.\n" +#~ msgid "Failed to create reencryption backup segments." +#~ msgstr "Échec lors de la création des segments de sauvegarde du rechiffrement." -#: src/cryptsetup_reencrypt.c:636 -#, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "En-tête LUKS rétabli sur le périphérique %s.\n" +#~ msgid "Failed to set online-reencryption requirement." +#~ msgstr "Impossible de définir les exigences du rechiffrement en ligne." -#: src/cryptsetup_reencrypt.c:669 -#, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" -"Progression: %5.1f%%, ETA %02llu:%02llu, %4llu MiB écrits, vitesse %5.1f MIB/" -"s%s" +#~ msgid "Failed to hash sector at offset %zu." +#~ msgstr "Échec du hachage du secteur à l'offset %zu." -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -msgid "Cannot seek to device offset.\n" -msgstr "Impossible de se déplacer au décalage du périphérique.\n" +#~ msgid "Failed to read sector hash." +#~ msgstr "Erreur de lecture du hachage du secteur." -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Impossible d'ouvrir le fichier temporaire de l'en-tête LUKS.\n" +#~ msgid "Error: Calculated reencryption offset % is beyond device size %." +#~ msgstr "Erreur: Le décalage de rechiffrement calculé % est au delà de la taille du périphérique %" -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 -msgid "Cannot get device size.\n" -msgstr "Impossible d'obtenir la taille du périphérique.\n" +#~ msgid "Device is not in clean reencryption state." +#~ msgstr "Le périphérique n'est pas dans un état de rechiffrement propre." -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "Interrompu par un signal.\n" +#~ msgid "Failed to calculate new segments." +#~ msgstr "Échec lors du calcul des nouveaux segments." -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" -msgstr "Erreur E/S pendant le re-chiffrement.\n" +#~ msgid "Failed to assign pre reenc segments." +#~ msgstr "Échec de l'affectation des segments pre reenc." -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" -msgstr "" -"Le fichier de clé peut uniquement être utilisé avec --key-slot ou avec " -"exactement un seul emplacement de clé actif.\n" +#~ msgid "Failed finalize hotzone resilience, retval = %d" +#~ msgstr "Échec de finalisation de la résilience de la zone chaude, retval = %d" -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 -#, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Entrez la phrase secrète pour l'emplacement de clé %u : " +#~ msgid "Failed to write data." +#~ msgstr "Erreur lors de l'écriture des données." -#: src/cryptsetup_reencrypt.c:1136 -msgid "Cannot open reencryption log file.\n" -msgstr "Impossible d'ouvrir le journal de re-chiffrement.\n" +#~ msgid "Failed to update metadata or reassign device segments." +#~ msgstr "Échec de la mise à jour des métadonnées ou de la réaffectation des segments du périphérique." -#: src/cryptsetup_reencrypt.c:1262 -msgid "Reencryption block size" -msgstr "Taille de bloc de re-chiffrement" +#~ msgid "Failed to reload %s device." +#~ msgstr "Erreur au rechargement du périphérique %s." -#: src/cryptsetup_reencrypt.c:1262 -msgid "MiB" -msgstr "MiB" +#~ msgid "Failed to erase backup segments" +#~ msgstr "Échec lors de l'effacement des segments de sauvegarde." -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." -msgstr "Ne change pas la clé, pas de re-chiffrement de la zone de donnée." +#~ msgid "Requested dmcrypt performance options are not supported." +#~ msgstr "Les options de performance dmcrypt demandées ne sont pas supportées." -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." -msgstr "Utilise direct-io pour accéder aux périphériques." +#~ msgid "Cannot format device %s which is still in use." +#~ msgstr "Impossible de formater le périphérique %s qui est déjà en cours d'utilisation." -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." -msgstr "Utiliser fsync après chaque bloc." +#~ msgid "Key slot %d is not used." +#~ msgstr "L'emplacement de clé %d n'est pas utilisé." -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." -msgstr "Met le journal à jour après chaque bloc." +#~ msgid "Key slot %d selected for deletion." +#~ msgstr "Emplacement de clé %d sélectionné pour suppression." -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." -msgstr "Utiliser uniquement cet emplacement (les autres seront désactivés)." +#~ msgid "open device as mapping " +#~ msgstr "ouvrir un périphérique avec comme « mapping »" -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" -msgstr "" -"Réduire la taille des données du périphérique (déplace le décalage des " -"données). DANGEREUX !" +#~ msgid "close device (deactivate and remove mapping)" +#~ msgstr "fermeture du périphérique (désactive et supprime le « mapping »)" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" -msgstr "" -"Utilise uniquement la taille demandée du périphérique (ignore le reste du " -"périphérique). DANGEREUX !" +#~ msgid "Failed to set PBKDF parameters." +#~ msgstr "Impossible de définir les paramètres PBKDF." -#: src/cryptsetup_reencrypt.c:1281 -msgid "Create new header on not encrypted device." -msgstr "Créer un nouvel en-tête sur le périphérique non chiffré." +#~ msgid "Cannot seek to device offset.\n" +#~ msgstr "Impossible de se déplacer au décalage du périphérique.\n" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." -msgstr "" -"Déchiffre le périphérique de manière permanente (supprime le chiffrement)" +#~ msgid "Device %s is too small. (LUKS2 requires at least % bytes.)" +#~ msgstr "Le périphérique %s est trop petit (LUKS2 a besoin d'au moins % octets)." -#: src/cryptsetup_reencrypt.c:1298 -msgid "[OPTION...] " -msgstr "[OPTION...] " +#~ msgid "Replaced with key slot %d." +#~ msgstr "Remplacé par l'emplacement de clé %d." -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" -msgstr "" -"ATTENTION : ce code est expérimental. Il peut complètement détruire vos " -"données.\n" +#~ msgid "Missing LUKS target type, option --type is required." +#~ msgstr "Type de cible LUKS manquant, l'option --type est requise." -#: src/cryptsetup_reencrypt.c:1313 -#, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" -msgstr "Le re-chiffrement va changer : clé de volume%s%s%s%s.\n" +#~ msgid "Missing --token option specifying token for removal." +#~ msgstr "Il manque l'option --token pour spécifier le jeton à retirer." -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " -msgstr ", change hachage en " +#~ msgid "Add or remove keyring token" +#~ msgstr "Ajoute ou retire le jeton du porte-clé" -#: src/cryptsetup_reencrypt.c:1315 -msgid ", set cipher to " -msgstr ", change chiffrement en " +#~ msgid "Activated keyslot %i." +#~ msgstr "Emplacement de clé activé %i." -#: src/cryptsetup_reencrypt.c:1320 -msgid "Argument required." -msgstr "Argument requis." +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "erreur d'allocation de mémoire dans action_luksFormat" -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." -msgstr "" -"Seules les valeurs entre 1 MiB et 64 MiB sont permises pour la taille des " -"blocs de re-chiffrement." +#~ msgid "Key slot is invalid.\n" +#~ msgstr "Emplacement de clé non valide.\n" -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -msgid "Invalid device size specification." -msgstr "La taille de périphérique spécifiée est invalide." +#~ msgid "Using default pbkdf parameters for new LUKS2 header.\n" +#~ msgstr "Utilisation des paramètres pbkdf par défaut pour le nouvel en-tête LUKS2.\n" -#: src/cryptsetup_reencrypt.c:1363 -msgid "Maximum device reduce size is 64 MiB." -msgstr "La taille maximum réduite pour le périphérique est 64 MiB." +#~ msgid "Too many tree levels for verity volume.\n" +#~ msgstr "Trop de niveaux dans l'arborescence du volume verity.\n" -#: src/cryptsetup_reencrypt.c:1366 -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "La taille réduite doit être un multiple d'un secteur de 512 octets." +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "La clé %d n'est pas active. Impossible de l'effacer.\n" -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." -msgstr "L'option --new doit être utilisée avec --reduce-device-size." +#~ msgid " " +#~ msgstr " " -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." -msgstr "" -"L'option --keep-key ne peut être utilisée que avec --hash ou --iter-time." +#~ msgid "create active device" +#~ msgstr "créer le périphérique actif" -#: src/cryptsetup_reencrypt.c:1378 -msgid "Option --new cannot be used together with --decrypt." -msgstr "L'option --new ne peut pas être utilisée avec --decrypt." +#~ msgid "remove (deactivate) device" +#~ msgstr "supprime (désactive) le périphérique" -#: src/cryptsetup_reencrypt.c:1382 -msgid "Option --decrypt is incompatible with specified parameters." -msgstr "L'option --decrypt est incompatible avec les paramètres spécifiés." +#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" +#~ msgstr "Progression: %5.1f%%, ETA %02llu:%02llu, %4llu MiB écrits, vitesse %5.1f MIB/s%s" -#: src/utils_tools.c:151 -msgid "Error reading response from terminal.\n" -msgstr "Erreur de lecture de la réponse depuis le terminal.\n" +#~ msgid "Cannot find a free loopback device.\n" +#~ msgstr "Impossible de trouver un périphérique loopback libre.\n" -#: src/utils_tools.c:173 -msgid "Command successful.\n" -msgstr "Opération réussie.\n" +#~ msgid "Cannot open device %s\n" +#~ msgstr "Impossible d'ouvrir le périphérique %s\n" -#: src/utils_tools.c:191 -#, c-format -msgid "Command failed with code %i" -msgstr "L'opération a échoué avec le code %i" +#~ msgid "Cannot use passed UUID unless decryption in progress.\n" +#~ msgstr "Le UUID passé ne peut pas être utilisé à moins qu'un déchiffrement ne soit en cours.\n" -#: src/utils_password.c:42 -#, c-format -msgid "Cannot check password quality: %s\n" -msgstr "Ne peut vérifier la qualité du mot de passe : %s\n" +#~ msgid "Marking LUKS device %s usable.\n" +#~ msgstr "Marque le périphérique LUKS %s comme utilisable.\n" -#: src/utils_password.c:50 -#, c-format -msgid "" -"Password quality check failed:\n" -" %s\n" -msgstr "" -"Échec de la vérification de la qualité du mot de passe :\n" -" %s\n" +#~ msgid "WARNING: this is experimental code, it can completely break your data.\n" +#~ msgstr "ATTENTION : ce code est expérimental. Il peut complètement détruire vos données.\n" #~ msgid "FIPS checksum verification failed.\n" #~ msgstr "La vérification de la somme de contrôle FIPS a échoué.\n" -#~ msgid "" -#~ "WARNING: device %s is a partition, for TCRYPT system encryption you " -#~ "usually need to use whole block device path.\n" -#~ msgstr "" -#~ "ATTENTION : le périphérique %s est une partition. Pour le chiffrement de " -#~ "système TCRYPT, vous avez généralement besoin du chemin d'un périphérique " -#~ "bloc entier.\n" +#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n" +#~ msgstr "ATTENTION : le périphérique %s est une partition. Pour le chiffrement de système TCRYPT, vous avez généralement besoin du chemin d'un périphérique bloc entier.\n" #~ msgid "Kernel doesn't support plain64 IV.\n" #~ msgstr "Le noyau ne supporte pas plain64 IV.\n" @@ -1966,19 +4088,9 @@ msgstr "" #~ msgid "Enter any LUKS passphrase: " #~ msgstr "Entrez n'importe quelle phrase secrète LUKS : " -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "" -#~ "Impossible d'obtenir le répertoire du gestionnaire « device mapper »." - #~ msgid "Backup file %s doesn't exist.\n" #~ msgstr "Le fichier de sauvegarde %s n'existe pas.\n" -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Impossible d'ouvrir le fichier %s.\n" - -#~ msgid " " -#~ msgstr " " - #~ msgid "create device" #~ msgstr "créer un périphérique" @@ -1994,19 +4106,9 @@ msgstr "" #~ msgid "remove loop-AES mapping" #~ msgstr "enlève une association loop-AES" -#~ msgid "" -#~ "Option --allow-discards is allowed only for luksOpen, loopaesOpen and " -#~ "create operation.\n" -#~ msgstr "" -#~ "L'option --allow-discards est utilisable uniquement avec les commandes " -#~ "luksOpen, loopaesOpen et create.\n" - #~ msgid "Key slot %d verified.\n" #~ msgstr "L'emplacement de clé %d a été vérifié.\n" -#~ msgid "Invalid key size %d.\n" -#~ msgstr "%d n'est pas une taille de clé valide.\n" - #~ msgid "Cannot open device %s for %s%s access.\n" #~ msgstr "Impossible d'ouvrir le périphérique %s pour un accès %s%s.\n" @@ -2020,9 +4122,7 @@ msgstr "" #~ msgstr "en lecture seule" #~ msgid "WARNING!!! Possibly insecure memory. Are you root?\n" -#~ msgstr "" -#~ "ATTENTION !!! La mémoire n'est peut-être pas sécurisée. Êtes-vous super-" -#~ "utilisateur ?\n" +#~ msgstr "ATTENTION !!! La mémoire n'est peut-être pas sécurisée. Êtes-vous super-utilisateur ?\n" #~ msgid "Negative keyfile size not permitted.\n" #~ msgstr "Taille négative de fichier de clé non autorisée.\n" @@ -2034,30 +4134,16 @@ msgstr "" #~ msgstr "Le mode \"bloc\" XTS est disponible depuis le noyau 2.6.24.\n" #~ msgid "Key size in LRW mode must be 256 or 512 bits.\n" -#~ msgstr "" -#~ "La taille de la clé en mode LRW doit être un multiple de 256 ou 512 " -#~ "bits.\n" +#~ msgstr "La taille de la clé en mode LRW doit être un multiple de 256 ou 512 bits.\n" #~ msgid "Block mode LRW is available since kernel 2.6.20.\n" #~ msgstr "Le mode \"bloc\" LRW est disponible depuis le noyau 2.6.20.\n" -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Échec lors de l'écriture à l'emplacement de stockage de la clé.\n" - -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "" -#~ "Échec lors de la lecture depuis l'emplacement de stockage de la clé.\n" - -#~ msgid "" -#~ "Warning: exhausting read requested, but key file is not a regular file, " -#~ "function might never return.\n" -#~ msgstr "" -#~ "Attention : requête de lecture, mais le fichier de clef n'est pas " -#~ "régulier, la procédure peut rester bloquée.\n" +#~ msgid "Warning: exhausting read requested, but key file is not a regular file, function might never return.\n" +#~ msgstr "Attention : requête de lecture, mais le fichier de clef n'est pas régulier, la procédure peut rester bloquée.\n" #~ msgid "Cannot find compatible device-mapper kernel modules.\n" -#~ msgstr "" -#~ "Impossible de trouver des modules noyau compatibles avec device-mapper.\n" +#~ msgstr "Impossible de trouver des modules noyau compatibles avec device-mapper.\n" #~ msgid "Cannot open device: %s\n" #~ msgstr "Impossible d'ouvrir le périphérique : %s\n" @@ -2075,15 +4161,11 @@ msgstr "" #~ msgstr "modifier le périphérique actif - OBSOLÈTE - voir la page de man" #~ msgid "" -#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case " -#~ "you really need this functionality.\n" -#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, " -#~ "hit Ctrl-C now.\n" +#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n" +#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n" #~ msgstr "" -#~ "L'action « reload » est obsolète. Merci d'utiliser « dmsetup reload » si " -#~ "vous avez vraiment besoin de cette fonctionnalité.\n" -#~ "ATTENTION : n'utilisez pas « reload » sur des périphériques LUKS. Si " -#~ "c'est le cas, tapez Ctrl-C.\n" +#~ "L'action « reload » est obsolète. Merci d'utiliser « dmsetup reload » si vous avez vraiment besoin de cette fonctionnalité.\n" +#~ "ATTENTION : n'utilisez pas « reload » sur des périphériques LUKS. Si c'est le cas, tapez Ctrl-C.\n" #~ msgid "Obsolete option --non-exclusive is ignored.\n" #~ msgstr "L'option obsolète --non-exclusive est ignorée.\n" @@ -2093,9 +4175,3 @@ msgstr "" #~ msgid "(Obsoleted, see man page.)" #~ msgstr "(Obsolète, voir la page de man)." - -#~ msgid "%s is not LUKS device.\n" -#~ msgstr "%s n'est pas un périphérique LUKS.\n" - -#~ msgid "%s is not LUKS device." -#~ msgstr "%s n'est pas un périphérique LUKS." diff --git a/po/id.gmo b/po/id.gmo index b06d339dc4ef0fc56896d3f14c8d9e5cd8e804e4..474e367050c9e2eac1c0a686f6725cf402450f68 100644 GIT binary patch delta 1751 zcmX}sO>7%Q6u|LuNN5T9aFQk@ZqiN~oNwES2}#Nx&>3m3|Col@<%AFtw3Jcv!VR^DI4o!qCe4WB}J z|3&P=P2{KE<1&RGVF>@iTBVArd52Q{JlKWu#~Iv($51+W5}WXOlmTAD-FOlE@Dr5x zwy+g%Vj~8b)g11@348*>XmA=oz<$P8f6|bFyKYlz0Ap1jMfy@jl!4D+2X5j%yn-?O z8Yi)?Ua46;i1OYuxCb{-0=$e5;deNK{kQW!##hTUn(-_~@ePy#ucLJI10KN}coY*2 zO6|oBl!;$KRz+P$$;6j9j=!K}GDJE^wThu+XaWcEJ}kTlb~e~iYz zJYYkr7`@8onyk8v5$+w76Y?e=#_w?+HNDYP7E0>ZQTE0;OkoKpu$wf@<1yrs+CX`J zsYpYP!;dH_`5Pa`5a|%tP%`m()h(2XO8#Y_9XOA}C=<`1?1eKZ{l1D4z$M&|-(Ub` z{iPJ;p%m#%%AFOquLo$!DVU~8gi>SzvMf?0trC$eo0K7{>=7CKF6tyz)?SKaaEvMe zF%LPWMaAhUuOXE8fJDK@Eq`R>_{h4;@wuBSMY1F*m+uq%vwUKp{1K8!C9RrDBFlx9 zEq^EEhHbH3Ok=jNY|no#q2qrIM9v31zv7xv7_;FNhQxM=!XUocH={nJPI(~6s0v;6d_ ztgV+4i-#8C+FkS0uH)&!f|quZI%Rn&ZDo^gKJBM+bTkw-GwnmB*gjY1`EK4ea}B*_ zwBx1HuO0mXbGp+pk*<49W9X04!0ypN>DlgJVD4ljQAm0R^s>F?=6&twEyv3;tm|ky zpLg?~_Fe6#Z2h3+Bnwv3j-0TqoVHe1^S0+jOE35I)R=2~A8*T@Dr793DL5oov>7_m0QAJM7NdF?QHgch_{+ zc6U{~E;Am3kcfmLE{Vk=aQ(c$|4r~?Tz?n*Aozcv==|Uf>;|6%^}b&K_kv#m z_1YPpH1-N;ID#O|01{t{5~l9--mHX&xb+r(F0{KKgXBWJr8RB zOaA&bQ2M=@&1I5%K}ZPpgL>Z?zNGid;632yzz4vud;C6lglmKH`59aWKMbyeqT>bd zEcg<5KR5?-_ku^kyTKgPeqRPrZSXgs_;?KzUAG{Fd9VYDt|vhQPC@DF|UKa2c7}Hgis{MzXNg6;5vwa#o$&@^nU`BT|5L{ z560jDa0*JEzXOV&S3uEm6_gym2ObCCZ=An94#r%69()A+0r)BK2%8@Qe-@NI{{blf zd=>mOcniddz9C=I^Dq1BKl0aCLFwscoJoFs3e>zSpyd8*p!D-1h^m8cfs*UrgO|Wt zS%m8Z15kW#g3|vNLADNF22nxqDkypUx5wLY8twl8C_Su#qCfWcpZE8_4vM~4z=y#9 z1^0ueF$USg&+zq0@Haro;VLNkeE_E*1O&_Aaqvk{>%I(%p1=0^FQDj{L+O&+ZqR^_ zg5q<-<8OhBT>m9_3cL|#!!&{mAgT%yPZ;w}RuK^f3Xo{@20l!B;@N|2rOE2Sxw&Y%aUl4;}$CQ1t#jcoh71 zQ1U*=WckBcP8oLVEB3DE@n(=)M9T1)l}2 zJizO?ejOAY{|drNa0AT9J`RD`fbtE^*GKYyoPh}K=Q7_v?SJEKgE!2))_HF^43Ro@QnTCzGSzC@hIaqhCc6RTwzQY(yx5ulMH=iA7e(um@@Pk zIk2{>pZ76RhHNiqR3FqGJj~c&$i7w>iww-i#_`XBa}0gnX}i}%QmM))c0%V4v(Tu zlaJG)p7O}0<%_1eYm#!(Wh=Ixr2Tkp(=Aww$GknAin4HQXX}<(OPLBmNwnc^ay>3b z`LTX~nfEwWApfyr7tSr6duY)>?zkd<7=@yG80LmItwmXs6z0;UrITzKCZ-$qM&gxPse@mv2e4TH_SC+tnj#An)fYqG^2PppuGW8-*`m}$5< zPQ$(l3v(E4 zAR(QYJRDd1H0uUY0oQA(3DHl*9b3=NfZ|@1=VqG4X%-io&C@uEi#Qy|&qO#B?vh&L zi;@;|ttn1;ok=*IM%lbs!h9!}@fO6ACDB-pQ{o%4o~ZwzRfA-lPNSqU{WfX#zL%4; zd1HO6Jx4;=X|28gmTL>_bsc+YlqbKPj>EVjs1e0RJgwtPn}Q7_7FFupPG&lp$V9w? zWoD+A_9L?^4o>)IdD)Zr@e92T%GobeKs=OJ{L$7IjhAY%h9`+m*qGyVawVfWSn$?lo#yEcjc|ia4f<$ zP4sk}TVHBs_R}brGulUbd1(3KeM#(St2b3>dnU?KlSA9g>j>`F?}+v5+ny9DD<*iM zmc%)V+B98sxMs>c97Ms%)Gf|OHU#z3WG$AD69F?tg;~o82&|jLBqd~3y==R1pADoHCQ=dZf#o$c3fytvLmsqgaHJeFW30o!(!TBhjDhnykcB4U@Bytn2 zPZ3&T@7s`HZPAiYPkA)L?iB+1!BVnLl$(tt)xFAv;J>=%B7}{Im`z3ng0K}-m&xtB zln}@q&Vr50HHseoxlGNGD&Hxko}rxIg6je1Q{F%1jIk~bE}+HQQ_ z)_|tdaZcWGp|xW(7MuG*O(H!{CPvwlXp-V(8$)?Y<@z%;tQ=oHdHP;Me#u-dQ^eF5 z3QpFic9W$h`JP~x~GHs*7@k!V3t@dWTPZyC-4JJN8(~ z*w`Ve=b86ZNn)TdaX#$I64l>QR$fjC6pr}|K7ZJGJ~{bdr!?cuBWK54Wl~-uPAYT1 zv5zmo#ZxC%&tJG0TpZ%V{is_G5K^wlp1XTiO+$qXf8XBDDJ;lc=)%Ra$VT91rToNK z?~+|r+wSg1Yaz}jeym>+Hlt`yaM2Oxc=o)A30nZbiP^0(aOu3NZM2c4&qN8Q|5c)p zw-uSO0+bI~R@4-XBeOe?B6E+*t$SQKwZ|^A^;hf#Zb@-qSP^pX^4h@dNjsFDm~7dlP;5Q#7LqW^-^?N zCgfl_l*?F(SIT8pWl%2xu@!m4+cFn3R%Gp(dc#FkM*$YReN}CDgf_~f+8t(>Skh7~ z-qmNMValRJ$D}yRqV==~ts)AKQe~`Na21HNVY?+_s^WAqEsVU4l$0iYT<%ihf`dE9 z&DYm$;!Uwh#mEcg`qqtL=Tg#;Z=J>aB%z+CkJ^KaV%&_DO_viR*$#19I!SpO(vO|K zrJi}z)w1Ff1NFsP?QeQVdxA9J6V(n+c337m?3Ox{+BjSlV}4UTRTXG8Yh#e*#Dy8& zU7e=zjaH-xDl!o+E}Y~(+}N-_Z!Scn+n$*B5yh&OOi*O0uS4~aciW@cd{9&1_j`-& zR0>qPRc69DyE-kgUpbk&J;?P12O{i9hpMWwbia`H3{yV56DzPayT-*O%*a{I<<<## zf@S3a=dbFZk2|*|l#wgek*kbnOu=H~0VXSf+YDo4!|Vzh7Q8uohqiCYU39gLlDr6u zG7k!bnVYI*(705?uM>Ts7?|6)+S1NP)uyxHVpN-sl`OqNitH@)JD97|&!Tg24k+c+ z?3>>=ztG8g`{z(I*`#weAH@C6@p6!NR?|fekR9t&NAnOjo$p6;E9X}`_K?I@9ZoyZ zqPcfr-~FA1`#Sp$nT11(_uqf_!oGzCCU!0mru52Y-a=<#U+3NfX5ql%eG7Ll9AMrf zM7GWF4pLaE zTNaM;_y}E%a2yWRGO*u8Y1F!@+G$}uLBTp1jPQjrDasLt$Zjdeh`ZqiE7ex3r|htZ za2h2esiEg>u zuN!8izahq39XMpMa_Rz|w_~fv&eh$Rni-SDv@4=XJdQ`PYrXNdZqyG670Cb{_mH7} zxHcS9yJb-hM?4|)=215sgmKl53tCcY|2A!*%shBvmSZ|_HEBo8>_d)GS?POp;gR4X z6;_DUC=F2+(2to>AiO*psZpn%UB?Th6@e~B%x~+Wh-4g;X{8ED->t(JtN~H8!hO}L zlTB3esDgA&ua9F;(pUg#w;y6oA$2rj9*3h+6q5@nv88c?%|Q)iS1bmoPwj-R{ic-% zMYCH>To86IgKceGldx?z?aXdymDSL+R|lsuD{%`IjD@8z92LX@G+kX|04|$3TQr-9 z0SYPj;t&?Ly$Q2`5}&vf7YS*u<>&7WFqE;`P1ANTC=>0`ZvSmza{Fde3@_}3tQzPX zN@_u_cF%33(4IvqdVx<~h*__V5-hcr73TXUD}9F$YoaR3Iecx^LqgF<$mKAdON}}N zsi1V#?pw`<8EW`WP0PGFHbo*s5>C@Uta^&hKKrrEoa5d$NsYocX9~?Q#mA7X*1Llc zteoF!OT_;Uwrn)w!j-oy7r`1SY-KJP48v)O3hL;*1G!0w3f`2K6}*jlYv|0Sifbd^ zoUETBAZ~AeO z5|g&ht@DAWI7uaxowifd*!C#O#^JccmU~v1tKnoCkL8YHNWRZcwf_ly!NWGU7y{X5 zSYfa0OEfrb&(vl&mOyxVzcPL#rLGTGAXS{G8@-pb>yqVd&4D?!+7Q(1c} zXU+#JR3q;1e-vY3vKX)jAst7=N=8+FS0%?D=&n_MRe5S0ZMYPGh$-R5lnZ#AHpvwY z=(l*&vb)U4RvEP)_tI{-lgZomDFV6Fc4n7Dt4AwUqtqYqXP+*sGE~FU-L{E$-podI zANY8Un@t5w7#v087~-sLz`E_B1{amXoxa%9?zWf2s<4Sz#!)vOBBWtCF4=8%vMqV` z(o-68&cj8SX|ufkDzt5Ki;3AK)C1N?=%p%r+2j4}d){zq|5m7MNum6W>^J8WR3&byrMh`C-5JhEj{ooQsF zuEe8em{~9-{Ho)cSLL8@todq-lEM>B@Sq-LZRHy~wqJE@am6_^m!o0Wr8=QNRs)t& zGb*S#b)}Hfsyvyzf#sC00So88AL~MeJ>>3o;b=ndaZj+^FywUGOM9uZNE7O*aM_2V zCMxs??z)(4IRnc*ugk*E;vJ0@bh;&WyCK$Ox zIczuP6>x;TQrePm%RK*@A%RY3iFsPH%d}=&oS+=`!dEDob0zR?&j?EjQ&gMrwr8U{ zp3{;bE*S5TwuMXYy*?K@SvyCz>1=nG!$Ng{wPcRcoXSF(ryx1);m=8q=vFSOd3O=O zZAUX!N1mngcv;0LecThS-|r<*)#Ocjs7|!l4GY!ORa7pvv~{i0-e3=RCU8X5yKM=$ z#P&So&xi`~0cVxqp3sTuN_z?QG=Rb)Bp zp1wEissd`3NuT(Y<;c-EA#2NrUD<2XA2i#exV10V^7o+#OMc9{w2c7`IkwQUwrb^} zLtiWTc`wJw*2^`5tv@pe-CIVba9RMdmET_*lN{W-~xiR&pP*2e8V9v zvnm9(=6yh7l&0(9kPx~0M zEhD~RL93{=eU{2y?Za@K+BS$!QLc0B9D9f6u{BJ|&L1f3e-oJv9qyg&@aGLvJc|W5 zD68Y5ll@K`lxU|qur-RYmJ)2G!u6IL{RJ$D<)!UjmW!*t{GE|cn^te|u3y-0nr#V? Hj?4cCtqtTz diff --git a/po/id.po b/po/id.po index 54ed975..b1b0a7b 100644 --- a/po/id.po +++ b/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: cryptsetup 1.1.0-rc4\n" "Report-Msgid-Bugs-To: dm-crypt@saout.de\n" -"POT-Creation-Date: 2015-03-19 09:55+0100\n" +"POT-Creation-Date: 2020-05-28 11:32+0200\n" "PO-Revision-Date: 2010-01-27 07:30+0700\n" "Last-Translator: Arif E. Nugroho \n" "Language-Team: Indonesian \n" @@ -15,531 +15,897 @@ msgstr "" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" -#: lib/libdevmapper.c:252 +#: lib/libdevmapper.c:399 #, fuzzy -msgid "Cannot initialize device-mapper, running as non-root user.\n" +msgid "Cannot initialize device-mapper, running as non-root user." +msgstr "Tidak dapat menginisialisasi pemeta-perangkat. Apakah kernel modul dm_mod telah dimuat?\n" + +#: lib/libdevmapper.c:402 +#, fuzzy +msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?" +msgstr "Tidak dapat menginisialisasi pemeta-perangkat. Apakah kernel modul dm_mod telah dimuat?\n" + +#: lib/libdevmapper.c:1131 +#, fuzzy +msgid "Requested deferred flag is not supported." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" + +#: lib/libdevmapper.c:1198 +#, fuzzy, c-format +msgid "DM-UUID for device %s was truncated." +msgstr "DM-UUID untuk perangkat %s telah terpotong.\n" + +#: lib/libdevmapper.c:1520 +msgid "Unknown dm target type." msgstr "" -"Tidak dapat menginisialisasi pemeta-perangkat. Apakah kernel modul dm_mod " -"telah dimuat?\n" -#: lib/libdevmapper.c:255 -msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n" +#: lib/libdevmapper.c:1623 lib/libdevmapper.c:1679 +#, fuzzy +msgid "Requested dm-crypt performance options are not supported." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" + +#: lib/libdevmapper.c:1630 +msgid "Requested dm-verity data corruption handling options are not supported." msgstr "" -"Tidak dapat menginisialisasi pemeta-perangkat. Apakah kernel modul dm_mod " -"telah dimuat?\n" -#: lib/libdevmapper.c:550 -#, c-format -msgid "DM-UUID for device %s was truncated.\n" -msgstr "DM-UUID untuk perangkat %s telah terpotong.\n" +#: lib/libdevmapper.c:1634 +#, fuzzy +msgid "Requested dm-verity FEC options are not supported." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" -#: lib/libdevmapper.c:698 +#: lib/libdevmapper.c:1638 #, fuzzy -msgid "Requested dmcrypt performance options are not supported.\n" +msgid "Requested data integrity options are not supported." msgstr "Hash %s LUKS yang diminta tidak didukung.\n" -#: lib/random.c:76 +#: lib/libdevmapper.c:1640 +#, fuzzy +msgid "Requested sector_size option is not supported." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" + +#: lib/libdevmapper.c:1645 +msgid "Requested automatic recalculation of integrity tags is not supported." +msgstr "" + +#: lib/libdevmapper.c:1649 lib/libdevmapper.c:1682 lib/libdevmapper.c:1685 +#: lib/luks2/luks2_json_metadata.c:2160 +msgid "Discard/TRIM is not supported." +msgstr "" + +#: lib/libdevmapper.c:1653 +#, fuzzy +msgid "Requested dm-integrity bitmap mode is not supported." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" + +#: lib/libdevmapper.c:2607 +#, c-format +msgid "Failed to query dm-%s segment." +msgstr "" + +#: lib/random.c:75 msgid "" "System is out of entropy while generating volume key.\n" -"Please move mouse or type some text in another window to gather some random " -"events.\n" +"Please move mouse or type some text in another window to gather some random events.\n" msgstr "" -#: lib/random.c:80 +#: lib/random.c:79 #, c-format msgid "Generating key (%d%% done).\n" msgstr "" -#: lib/random.c:169 -msgid "Fatal error during RNG initialisation.\n" +#: lib/random.c:165 +msgid "Running in FIPS mode." +msgstr "" + +#: lib/random.c:171 +msgid "Fatal error during RNG initialisation." msgstr "" -#: lib/random.c:206 +#: lib/random.c:208 #, fuzzy -msgid "Unknown RNG quality requested.\n" +msgid "Unknown RNG quality requested." msgstr "Tipe perangkat sandi %s yang diminta tidak diketahui.\n" -#: lib/random.c:211 -#, fuzzy, c-format -msgid "Error %d reading from RNG: %s\n" +#: lib/random.c:213 +#, fuzzy +msgid "Error reading from RNG." msgstr "Kesalahan dalam pembacaan kata sandi.\n" -#: lib/setup.c:200 +#: lib/setup.c:229 #, fuzzy -msgid "Cannot initialize crypto RNG backend.\n" +msgid "Cannot initialize crypto RNG backend." msgstr "Tidak dapat menginisialisasi backend crypto.\n" -#: lib/setup.c:206 -msgid "Cannot initialize crypto backend.\n" +#: lib/setup.c:235 +#, fuzzy +msgid "Cannot initialize crypto backend." msgstr "Tidak dapat menginisialisasi backend crypto.\n" -#: lib/setup.c:236 lib/setup.c:1192 lib/verity/verity.c:123 +#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119 #, fuzzy, c-format -msgid "Hash algorithm %s not supported.\n" +msgid "Hash algorithm %s not supported." msgstr "Hash %s LUKS yang diminta tidak didukung.\n" -#: lib/setup.c:239 lib/loopaes/loopaes.c:90 +#: lib/setup.c:269 lib/loopaes/loopaes.c:90 #, fuzzy, c-format -msgid "Key processing error (using hash %s).\n" +msgid "Key processing error (using hash %s)." msgstr "Terjadi kesalahan dalam pengolahan kunci.\n" -#: lib/setup.c:284 -msgid "Cannot determine device type. Incompatible activation of device?\n" +#: lib/setup.c:335 lib/setup.c:362 +msgid "Cannot determine device type. Incompatible activation of device?" msgstr "" -#: lib/setup.c:288 lib/setup.c:1537 -msgid "This operation is supported only for LUKS device.\n" +#: lib/setup.c:341 lib/setup.c:3050 +#, fuzzy +msgid "This operation is supported only for LUKS device." +msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" + +#: lib/setup.c:368 +#, fuzzy +msgid "This operation is supported only for LUKS2 device." msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" -#: lib/setup.c:320 -msgid "All key slots full.\n" +#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345 +#, fuzzy +msgid "All key slots full." msgstr "Semua slot kunci telah penuh.\n" -#: lib/setup.c:327 -#, c-format -msgid "Key slot %d is invalid, please select between 0 and %d.\n" +#: lib/setup.c:434 +#, fuzzy, c-format +msgid "Key slot %d is invalid, please select between 0 and %d." msgstr "Slot kunci %d tidak valid, mohon pilih diantara 0 dan %d.\n" -#: lib/setup.c:333 -#, c-format -msgid "Key slot %d is full, please select another one.\n" +#: lib/setup.c:440 +#, fuzzy, c-format +msgid "Key slot %d is full, please select another one." msgstr "Slot kunci %d penuh, mohon pilih yang lain.\n" -#: lib/setup.c:472 -#, c-format -msgid "Enter passphrase for %s: " -msgstr "Masukan kata sandi untuk %s: " +#: lib/setup.c:525 lib/setup.c:2824 +msgid "Device size is not aligned to device logical block size." +msgstr "" -#: lib/setup.c:653 +#: lib/setup.c:624 #, fuzzy, c-format -msgid "Header detected but device %s is too small.\n" +msgid "Header detected but device %s is too small." msgstr "Header LUKS terdeteksi tetapi perangkat %s terlalu kecil.\n" -#: lib/setup.c:669 lib/setup.c:1420 +#: lib/setup.c:661 #, fuzzy -msgid "This operation is not supported for this device type.\n" +msgid "This operation is not supported for this device type." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/setup.c:908 lib/setup.c:1381 lib/setup.c:2264 -#, c-format -msgid "Device %s is not active.\n" +#: lib/setup.c:666 +msgid "Illegal operation with reencryption in-progress." +msgstr "" + +#: lib/setup.c:832 lib/luks1/keymanage.c:475 +#, fuzzy, c-format +msgid "Unsupported LUKS version %d." +msgstr "versi LUKS %d tidak didukung.\n" + +#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959 +#, fuzzy +msgid "Detached metadata device is not supported for this crypt type." +msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" + +#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628 +#: lib/setup.c:2777 lib/setup.c:4512 +#, fuzzy, c-format +msgid "Device %s is not active." msgstr "Perangkat %s tidak aktif.\n" -#: lib/setup.c:925 +#: lib/setup.c:1444 #, c-format -msgid "Underlying device for crypt device %s disappeared.\n" +msgid "Underlying device for crypt device %s disappeared." msgstr "" -#: lib/setup.c:994 -msgid "Invalid plain crypt parameters.\n" +#: lib/setup.c:1524 +#, fuzzy +msgid "Invalid plain crypt parameters." msgstr "Parameter crypt tidak valid.\n" -#: lib/setup.c:999 lib/setup.c:1119 -msgid "Invalid key size.\n" +#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:74 +#, fuzzy +msgid "Invalid key size." msgstr "Ukuran kunci tidak valid.\n" -#: lib/setup.c:1004 lib/setup.c:1124 +#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157 #, fuzzy -msgid "UUID is not supported for this crypt type.\n" +msgid "UUID is not supported for this crypt type." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/setup.c:1046 -msgid "Can't format LUKS without device.\n" +#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308 +#: src/cryptsetup.c:1226 src/cryptsetup.c:3923 +msgid "Unsupported encryption sector size." +msgstr "" + +#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818 +msgid "Device size is not aligned to requested sector size." +msgstr "" + +#: lib/setup.c:1608 lib/setup.c:1727 +#, fuzzy +msgid "Can't format LUKS without device." msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n" -#: lib/setup.c:1089 +#: lib/setup.c:1614 lib/setup.c:1733 +msgid "Requested data alignment is not compatible with data offset." +msgstr "" + +#: lib/setup.c:1682 lib/setup.c:1851 +msgid "WARNING: Data offset is outside of currently available data device.\n" +msgstr "" + +#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169 #, fuzzy, c-format -msgid "Cannot format device %s which is still in use.\n" -msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n" +msgid "Cannot wipe header on device %s." +msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" + +#: lib/setup.c:1744 +msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n" +msgstr "" + +#: lib/setup.c:1766 +msgid "Volume key is too small for encryption with integrity extensions." +msgstr "" + +#: lib/setup.c:1821 +#, c-format +msgid "Cipher %s-%s (key size %zd bits) is not available." +msgstr "" + +#: lib/setup.c:1854 +#, c-format +msgid "WARNING: LUKS2 metadata size changed to % bytes.\n" +msgstr "" -#: lib/setup.c:1092 +#: lib/setup.c:1858 +#, c-format +msgid "WARNING: LUKS2 keyslots area size changed to % bytes.\n" +msgstr "" + +#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255 +#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367 +#, fuzzy, c-format +msgid "Device %s is too small." +msgstr "Perangkat %s terlalu kecil.\n" + +#: lib/setup.c:1893 lib/setup.c:1919 #, fuzzy, c-format -msgid "Cannot format device %s, permission denied.\n" +msgid "Cannot format device %s in use." msgstr "Tidak dapat membaca perangkat %s.\n" -#: lib/setup.c:1096 +#: lib/setup.c:1896 lib/setup.c:1922 #, fuzzy, c-format -msgid "Cannot wipe header on device %s.\n" -msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" +msgid "Cannot format device %s, permission denied." +msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n" -#: lib/setup.c:1114 +#: lib/setup.c:1908 lib/setup.c:2229 +#, fuzzy, c-format +msgid "Cannot format integrity for device %s." +msgstr "Tidak dapat mendapatkan informasi mengenai perangkat %s.\n" + +#: lib/setup.c:1926 +#, fuzzy, c-format +msgid "Cannot format device %s." +msgstr "Tidak dapat membaca perangkat %s.\n" + +#: lib/setup.c:1944 #, fuzzy -msgid "Can't format LOOPAES without device.\n" +msgid "Can't format LOOPAES without device." msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n" -#: lib/setup.c:1152 +#: lib/setup.c:1989 #, fuzzy -msgid "Can't format VERITY without device.\n" +msgid "Can't format VERITY without device." msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n" -#: lib/setup.c:1160 lib/verity/verity.c:106 -#, fuzzy, c-format -msgid "Unsupported VERITY hash type %d.\n" -msgstr "versi LUKS %d tidak didukung.\n" +#: lib/setup.c:2000 lib/verity/verity.c:102 +#, c-format +msgid "Unsupported VERITY hash type %d." +msgstr "" + +#: lib/setup.c:2006 lib/verity/verity.c:110 +msgid "Unsupported VERITY block size." +msgstr "" + +#: lib/setup.c:2011 lib/verity/verity.c:74 +msgid "Unsupported VERITY hash offset." +msgstr "" + +#: lib/setup.c:2016 +msgid "Unsupported VERITY FEC offset." +msgstr "" -#: lib/setup.c:1166 lib/verity/verity.c:114 -msgid "Unsupported VERITY block size.\n" +#: lib/setup.c:2040 +msgid "Data area overlaps with hash area." msgstr "" -#: lib/setup.c:1171 lib/verity/verity.c:76 -msgid "Unsupported VERITY hash offset.\n" +#: lib/setup.c:2065 +msgid "Hash area overlaps with FEC area." msgstr "" -#: lib/setup.c:1285 +#: lib/setup.c:2072 +msgid "Data area overlaps with FEC area." +msgstr "" + +#: lib/setup.c:2208 #, c-format -msgid "Unknown crypt device type %s requested.\n" +msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n" +msgstr "" + +#: lib/setup.c:2286 +#, fuzzy, c-format +msgid "Unknown crypt device type %s requested." msgstr "Tipe perangkat sandi %s yang diminta tidak diketahui.\n" -#: lib/setup.c:1435 -msgid "Do you really want to change UUID of device?" +#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635 +#, fuzzy, c-format +msgid "Unsupported parameters on device %s." +msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" + +#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408 +#: lib/luks2/luks2_reencrypt.c:2737 +#, fuzzy, c-format +msgid "Mismatching parameters on device %s." +msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" + +#: lib/setup.c:2661 +msgid "Crypt devices mismatch." msgstr "" -#: lib/setup.c:1545 +#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054 +#: lib/luks2/luks2_reencrypt.c:3145 +#, fuzzy, c-format +msgid "Failed to reload device %s." +msgstr "Tidak dapat membaca perangkat %s.\n" + +#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025 +#: lib/luks2/luks2_reencrypt.c:2032 +#, fuzzy, c-format +msgid "Failed to suspend device %s." +msgstr "Gagal membuka berkas kunci %s.\n" + +#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039 +#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149 +#, fuzzy, c-format +msgid "Failed to resume device %s." +msgstr "Gagal membuka berkas kunci %s.\n" + +#: lib/setup.c:2732 #, c-format -msgid "Volume %s is not active.\n" +msgid "Fatal error while reloading device %s (on top of device %s)." +msgstr "" + +#: lib/setup.c:2735 lib/setup.c:2737 +#, fuzzy, c-format +msgid "Failed to switch device %s to dm-error." +msgstr "Gagal untuk memperoleh direktori pemeta-perangkat." + +#: lib/setup.c:2809 +#, fuzzy +msgid "Cannot resize loop device." +msgstr "Tidak dapat membaca perangkat %s.\n" + +#: lib/setup.c:2882 +msgid "Do you really want to change UUID of device?" +msgstr "" + +#: lib/setup.c:2958 +#, fuzzy +msgid "Header backup file does not contain compatible LUKS header." +msgstr "Berkas cadangan tidak berisi header LUKS yang valid.\n" + +#: lib/setup.c:3058 +#, fuzzy, c-format +msgid "Volume %s is not active." msgstr "Volume %s tidak aktif.\n" -#: lib/setup.c:1556 -#, c-format -msgid "Volume %s is already suspended.\n" +#: lib/setup.c:3069 +#, fuzzy, c-format +msgid "Volume %s is already suspended." msgstr "Volume %s telah disuspend.\n" -#: lib/setup.c:1563 +#: lib/setup.c:3082 #, fuzzy, c-format -msgid "Suspend is not supported for device %s.\n" +msgid "Suspend is not supported for device %s." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/setup.c:1565 +#: lib/setup.c:3084 #, fuzzy, c-format -msgid "Error during suspending device %s.\n" +msgid "Error during suspending device %s." msgstr "Error selama memperbarui header LUKS di perangkat %s.\n" -#: lib/setup.c:1591 lib/setup.c:1638 -#, c-format -msgid "Volume %s is not suspended.\n" +#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267 +#, fuzzy, c-format +msgid "Volume %s is not suspended." msgstr "Volume %s tidak disuspend.\n" -#: lib/setup.c:1605 +#: lib/setup.c:3146 #, fuzzy, c-format -msgid "Resume is not supported for device %s.\n" +msgid "Resume is not supported for device %s." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/setup.c:1607 lib/setup.c:1659 +#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297 #, fuzzy, c-format -msgid "Error during resuming device %s.\n" +msgid "Error during resuming device %s." msgstr "Error selama memperbarui header LUKS di perangkat %s.\n" -#: lib/setup.c:1645 lib/setup.c:2080 lib/setup.c:2094 src/cryptsetup.c:186 -#: src/cryptsetup.c:248 src/cryptsetup.c:732 src/cryptsetup.c:1151 -msgid "Enter passphrase: " -msgstr "Masukan kata sandi: " +#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322 +#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839 +#, fuzzy +msgid "Volume key does not match the volume." +msgstr "Kunci volume tidak cocok dengan volume.\n" -#: lib/setup.c:1707 lib/setup.c:1843 -msgid "Cannot add key slot, all slots disabled and no volume key provided.\n" -msgstr "" -"Tidak dapat menambahkan slot kunci, seluruh slot tidak aktif dan tidak ada " -"volume kunci yang disediakan.\n" +#: lib/setup.c:3343 lib/setup.c:3531 +#, fuzzy +msgid "Cannot add key slot, all slots disabled and no volume key provided." +msgstr "Tidak dapat menambahkan slot kunci, seluruh slot tidak aktif dan tidak ada volume kunci yang disediakan.\n" -#: lib/setup.c:1716 lib/setup.c:1849 lib/setup.c:1853 -msgid "Enter any passphrase: " -msgstr "Masukan kata sandi: " +#: lib/setup.c:3483 +#, fuzzy +msgid "Failed to swap new key slot." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" -#: lib/setup.c:1733 lib/setup.c:1866 lib/setup.c:1870 lib/setup.c:1932 -#: src/cryptsetup.c:988 src/cryptsetup.c:1017 -msgid "Enter new passphrase for key slot: " -msgstr "Masukan kasa sandi baru untuk slot kunci: " +#: lib/setup.c:3669 +#, fuzzy, c-format +msgid "Key slot %d is invalid." +msgstr "Slot kunci %d tidak valid.\n" -#: lib/setup.c:1798 +#: lib/setup.c:3675 src/cryptsetup.c:1572 src/cryptsetup.c:1917 #, fuzzy, c-format -msgid "Key slot %d changed.\n" -msgstr "Slot kunci %d tidak terkunci.\n" +msgid "Keyslot %d is not active." +msgstr "Slot kunci %d tidak digunakan.\n" -#: lib/setup.c:1801 -#, c-format -msgid "Replaced with key slot %d.\n" +#: lib/setup.c:3694 +msgid "Device header overlaps with data area." +msgstr "" + +#: lib/setup.c:3981 +msgid "Reencryption in-progress. Cannot activate device." msgstr "" -#: lib/setup.c:1806 +#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2243 +#: lib/luks2/luks2_reencrypt.c:2836 #, fuzzy -msgid "Failed to swap new key slot.\n" -msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" +msgid "Failed to get reencryption lock." +msgstr "Besar dari kunci enkripsi" -#: lib/setup.c:1923 lib/setup.c:2184 lib/setup.c:2197 lib/setup.c:2339 -msgid "Volume key does not match the volume.\n" -msgstr "Kunci volume tidak cocok dengan volume.\n" +#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855 +msgid "LUKS2 reencryption recovery failed." +msgstr "" -#: lib/setup.c:1961 -#, c-format -msgid "Key slot %d is invalid.\n" -msgstr "Slot kunci %d tidak valid.\n" +#: lib/setup.c:4127 lib/setup.c:4379 +msgid "Device type is not properly initialized." +msgstr "" -#: lib/setup.c:1966 +#: lib/setup.c:4171 #, c-format -msgid "Key slot %d is not used.\n" -msgstr "Slot kunci %d tidak digunakan.\n" +msgid "Cannot use device %s, name is invalid or still in use." +msgstr "" -#: lib/setup.c:1996 lib/setup.c:2068 lib/setup.c:2160 -#, c-format -msgid "Device %s already exists.\n" +#: lib/setup.c:4174 +#, fuzzy, c-format +msgid "Device %s already exists." msgstr "Perangkat %s telah ada.\n" -#: lib/setup.c:2171 +#: lib/setup.c:4296 #, fuzzy -msgid "Incorrect volume key specified for plain device.\n" +msgid "Incorrect volume key specified for plain device." msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n" -#: lib/setup.c:2204 -msgid "Incorrect root hash specified for verity device.\n" +#: lib/setup.c:4405 +msgid "Incorrect root hash specified for verity device." +msgstr "" + +#: lib/setup.c:4412 +msgid "Root hash signature required." +msgstr "" + +#: lib/setup.c:4421 +msgid "Kernel keyring missing: required for passing signature to kernel." msgstr "" -#: lib/setup.c:2227 +#: lib/setup.c:4438 lib/setup.c:5915 #, fuzzy -msgid "Device type is not properly initialised.\n" -msgstr "Perangkat %s tidak aktif.\n" +msgid "Failed to load key in kernel keyring." +msgstr "Gagal membuka berkas kunci %s.\n" -#: lib/setup.c:2259 +#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2296 +#: src/cryptsetup.c:2664 #, fuzzy, c-format -msgid "Device %s is still in use.\n" +msgid "Device %s is still in use." msgstr "Perangkat %s sibuk.\n" -#: lib/setup.c:2268 -#, c-format -msgid "Invalid device %s.\n" +#: lib/setup.c:4516 +#, fuzzy, c-format +msgid "Invalid device %s." msgstr "Perangkat %s tidak valid.\n" -#: lib/setup.c:2289 -msgid "Function not available in FIPS mode.\n" -msgstr "" - -#: lib/setup.c:2295 -msgid "Volume key buffer too small.\n" +#: lib/setup.c:4632 +#, fuzzy +msgid "Volume key buffer too small." msgstr "Penyangga kunci volume terlalu kecil.\n" -#: lib/setup.c:2303 -msgid "Cannot retrieve volume key for plain device.\n" +#: lib/setup.c:4640 +#, fuzzy +msgid "Cannot retrieve volume key for plain device." +msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n" + +#: lib/setup.c:4657 +#, fuzzy +msgid "Cannot retrieve root hash for verity device." msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n" -#: lib/setup.c:2310 -#, c-format -msgid "This operation is not supported for %s crypt device.\n" +#: lib/setup.c:4659 +#, fuzzy, c-format +msgid "This operation is not supported for %s crypt device." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/setup.c:2506 +#: lib/setup.c:4865 #, fuzzy -msgid "Dump operation is not supported for this device type.\n" +msgid "Dump operation is not supported for this device type." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/utils.c:244 -msgid "Cannot get process priority.\n" -msgstr "Tidak dapat mendapatkan prioritas proses.\n" +#: lib/setup.c:5190 +#, c-format +msgid "Data offset is not multiple of %u bytes." +msgstr "" -#: lib/utils.c:258 -#, fuzzy -msgid "Cannot unlock memory.\n" -msgstr "Tidak dapat membuka kunci memori." +#: lib/setup.c:5475 +#, fuzzy, c-format +msgid "Cannot convert device %s which is still in use." +msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n" -#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401 -#: lib/utils_crypt.c:416 -msgid "Out of memory while reading passphrase.\n" -msgstr "Kehabisan memori ketika membaca kata sandi.\n" +#: lib/setup.c:5772 +#, c-format +msgid "Failed to assign keyslot %u as the new volume key." +msgstr "" -#: lib/utils_crypt.c:246 lib/utils_crypt.c:261 -msgid "Error reading passphrase from terminal.\n" -msgstr "Kesalahan dalam pembacaan kata sandi dari terminal.\n" +#: lib/setup.c:5845 +msgid "Failed to initialize default LUKS2 keyslot parameters." +msgstr "" -#: lib/utils_crypt.c:259 -msgid "Verify passphrase: " -msgstr "Memverifikasi kata sandi: " +#: lib/setup.c:5851 +#, fuzzy, c-format +msgid "Failed to assign keyslot %d to digest." +msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n" -#: lib/utils_crypt.c:266 -msgid "Passphrases do not match.\n" -msgstr "Kata sandi tidak cocok.\n" +#: lib/setup.c:5982 +msgid "Kernel keyring is not supported by the kernel." +msgstr "" + +#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952 +#, fuzzy, c-format +msgid "Failed to read passphrase from keyring (error %d)." +msgstr "Gagal untuk membaca dari penyimpanan kunci.\n" -#: lib/utils_crypt.c:350 -msgid "Cannot use offset with terminal input.\n" +#: lib/setup.c:6016 +msgid "Failed to acquire global memory-hard access serialization lock." msgstr "" -#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467 +#: lib/utils.c:80 +#, fuzzy +msgid "Cannot get process priority." +msgstr "Tidak dapat mendapatkan prioritas proses.\n" + +#: lib/utils.c:94 +msgid "Cannot unlock memory." +msgstr "Tidak dapat membuka kunci memori." + +#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497 #, fuzzy -msgid "Failed to open key file.\n" +msgid "Failed to open key file." msgstr "Gagal membuka berkas kunci %s.\n" -#: lib/utils_crypt.c:378 +#: lib/utils.c:173 +#, fuzzy +msgid "Cannot read keyfile from a terminal." +msgstr "Tidak dapat membaca %d bytes dari berkas kunci %s.\n" + +#: lib/utils.c:190 #, fuzzy -msgid "Failed to stat key file.\n" +msgid "Failed to stat key file." msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" -#: lib/utils_crypt.c:386 lib/utils_crypt.c:407 -msgid "Cannot seek to requested keyfile offset.\n" +#: lib/utils.c:198 lib/utils.c:219 +msgid "Cannot seek to requested keyfile offset." msgstr "" -#: lib/utils_crypt.c:424 -msgid "Error reading passphrase.\n" +#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188 +#: src/utils_password.c:201 +#, fuzzy +msgid "Out of memory while reading passphrase." +msgstr "Kehabisan memori ketika membaca kata sandi.\n" + +#: lib/utils.c:248 +#, fuzzy +msgid "Error reading passphrase." msgstr "Kesalahan dalam pembacaan kata sandi.\n" -#: lib/utils_crypt.c:442 -msgid "Maximum keyfile size exceeded.\n" +#: lib/utils.c:265 +msgid "Nothing to read on input." msgstr "" -#: lib/utils_crypt.c:447 -#, fuzzy -msgid "Cannot read requested amount of data.\n" -msgstr "Tidak dapat membaca berkas cadangan header %s.\n" - -#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90 -#, c-format -msgid "Device %s doesn't exist or access denied.\n" -msgstr "Perangkat %s tidak ada atau akses ditolak.\n" +#: lib/utils.c:272 +msgid "Maximum keyfile size exceeded." +msgstr "" -#: lib/utils_device.c:430 -msgid "Cannot use a loopback device, running as non-root user.\n" +#: lib/utils.c:277 +msgid "Cannot read requested amount of data." msgstr "" -#: lib/utils_device.c:433 -#, fuzzy -msgid "Cannot find a free loopback device.\n" -msgstr "Tidak dapat membaca perangkat %s.\n" +#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110 +#: lib/luks1/keyencryption.c:91 +#, fuzzy, c-format +msgid "Device %s does not exist or access denied." +msgstr "Perangkat %s tidak ada atau akses ditolak.\n" -#: lib/utils_device.c:440 -msgid "" -"Attaching loopback device failed (loop device with autoclear flag is " -"required).\n" -msgstr "" +#: lib/utils_device.c:197 +#, fuzzy, c-format +msgid "Device %s is not compatible." +msgstr "Perangkat %s tidak aktif.\n" -#: lib/utils_device.c:484 +#: lib/utils_device.c:642 #, c-format -msgid "Cannot use device %s which is in use (already mapped or mounted).\n" +msgid "Device %s is too small. Need at least % bytes." msgstr "" -#: lib/utils_device.c:488 +#: lib/utils_device.c:723 #, c-format -msgid "Cannot get info about device %s.\n" +msgid "Cannot use device %s which is in use (already mapped or mounted)." +msgstr "" + +#: lib/utils_device.c:727 +#, fuzzy, c-format +msgid "Cannot use device %s, permission denied." +msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n" + +#: lib/utils_device.c:730 +#, fuzzy, c-format +msgid "Cannot get info about device %s." msgstr "Tidak dapat mendapatkan informasi mengenai perangkat %s.\n" -#: lib/utils_device.c:494 -#, c-format -msgid "Requested offset is beyond real size of device %s.\n" +#: lib/utils_device.c:753 +msgid "Cannot use a loopback device, running as non-root user." msgstr "" -#: lib/utils_device.c:502 -#, c-format -msgid "Device %s has zero size.\n" -msgstr "Perangkat %s memiliki ukuran nol.\n" +#: lib/utils_device.c:763 +msgid "Attaching loopback device failed (loop device with autoclear flag is required)." +msgstr "" -#: lib/utils_device.c:513 +#: lib/utils_device.c:809 #, c-format -msgid "Device %s is too small.\n" -msgstr "Perangkat %s terlalu kecil.\n" +msgid "Requested offset is beyond real size of device %s." +msgstr "" -#: lib/luks1/keyencryption.c:37 +#: lib/utils_device.c:817 #, fuzzy, c-format -msgid "" -"Failed to setup dm-crypt key mapping for device %s.\n" -"Check that kernel supports %s cipher (check syslog for more info).\n" -msgstr "" -"Gagal untuk mengkonfigurasi pemetaan kunci dm-crypt untuk perangkat %s.\n" -"Periksa apakah kernel mendukung cipher %s (periksa syslog untuk informasi " -"lebih lanjut).\n" -"%s" +msgid "Device %s has zero size." +msgstr "Perangkat %s memiliki ukuran nol.\n" -#: lib/luks1/keyencryption.c:42 -#, fuzzy -msgid "Key size in XTS mode must be 256 or 512 bits.\n" -msgstr "Kunci harus kelipatan dari 8 bit" +#: lib/utils_pbkdf.c:100 +msgid "Requested PBKDF target time cannot be zero." +msgstr "" -#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296 -#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1017 +#: lib/utils_pbkdf.c:106 +#, c-format +msgid "Unknown PBKDF type %s." +msgstr "" + +#: lib/utils_pbkdf.c:111 +#, fuzzy, c-format +msgid "Requested hash %s is not supported." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" + +#: lib/utils_pbkdf.c:122 +#, fuzzy +msgid "Requested PBKDF type is not supported for LUKS1." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" + +#: lib/utils_pbkdf.c:128 +msgid "PBKDF max memory or parallel threads must not be set with pbkdf2." +msgstr "" + +#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143 +#, c-format +msgid "Forced iteration count is too low for %s (minimum is %u)." +msgstr "" + +#: lib/utils_pbkdf.c:148 +#, c-format +msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:155 +#, c-format +msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)." +msgstr "" + +#: lib/utils_pbkdf.c:160 +msgid "Requested maximum PBKDF memory cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:164 +msgid "Requested PBKDF parallel threads cannot be zero." +msgstr "" + +#: lib/utils_pbkdf.c:184 +msgid "Only PBKDF2 is supported in FIPS mode." +msgstr "" + +#: lib/utils_benchmark.c:172 +msgid "PBKDF benchmark disabled but iterations not set." +msgstr "" + +#: lib/utils_benchmark.c:191 +#, c-format +msgid "Not compatible PBKDF2 options (using hash algorithm %s)." +msgstr "Pilihan PBKDF2 tidak kompatibel (menggunakan algoritma hash %s)." + +#: lib/utils_benchmark.c:211 +#, fuzzy +msgid "Not compatible PBKDF options." +msgstr "Pilihan PBKDF2 tidak kompatibel (menggunakan algoritma hash %s)." + +#: lib/utils_device_locking.c:102 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)." +msgstr "" + +#: lib/utils_device_locking.c:109 +#, c-format +msgid "WARNING: Locking directory %s/%s is missing!\n" +msgstr "" + +#: lib/utils_device_locking.c:119 +#, c-format +msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)." +msgstr "" + +#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:941 +#: src/cryptsetup_reencrypt.c:1025 +#, fuzzy +msgid "Cannot seek to device offset." +msgstr "Tidak dapat membaca perangkat %s.\n" + +#: lib/utils_wipe.c:208 +#, c-format +msgid "Device wipe error, offset %." +msgstr "" + +#: lib/luks1/keyencryption.c:39 +#, fuzzy, c-format +msgid "" +"Failed to setup dm-crypt key mapping for device %s.\n" +"Check that kernel supports %s cipher (check syslog for more info)." +msgstr "" +"Gagal untuk mengkonfigurasi pemetaan kunci dm-crypt untuk perangkat %s.\n" +"Periksa apakah kernel mendukung cipher %s (periksa syslog untuk informasi lebih lanjut).\n" +"%s" + +#: lib/luks1/keyencryption.c:44 +#, fuzzy +msgid "Key size in XTS mode must be 256 or 512 bits." +msgstr "Kunci harus kelipatan dari 8 bit" + +#: lib/luks1/keyencryption.c:46 +msgid "Cipher specification should be in [cipher]-[mode]-[iv] format." +msgstr "" + +#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344 +#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080 +#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734 #, fuzzy, c-format -msgid "Cannot write to device %s, permission denied.\n" +msgid "Cannot write to device %s, permission denied." msgstr "Tidak dapat menghapus perangkat %s.\n" -#: lib/luks1/keyencryption.c:111 -msgid "Failed to open temporary keystore device.\n" +#: lib/luks1/keyencryption.c:120 +#, fuzzy +msgid "Failed to open temporary keystore device." msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n" -#: lib/luks1/keyencryption.c:118 -msgid "Failed to access temporary keystore device.\n" +#: lib/luks1/keyencryption.c:127 +#, fuzzy +msgid "Failed to access temporary keystore device." msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n" -#: lib/luks1/keyencryption.c:191 +#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60 +#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134 #, fuzzy -msgid "IO error while encrypting keyslot.\n" +msgid "IO error while encrypting keyslot." msgstr "Besar dari kunci enkripsi" -#: lib/luks1/keyencryption.c:256 -msgid "IO error while decrypting keyslot.\n" +#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347 +#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:670 +#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311 +#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342 +#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253 +#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255 +#: src/cryptsetup_reencrypt.c:200 src/cryptsetup_reencrypt.c:212 +#, fuzzy, c-format +msgid "Cannot open device %s." +msgstr "Tidak dapat membuka perangkat %s.\n" + +#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137 +msgid "IO error while decrypting keyslot." msgstr "" -#: lib/luks1/keymanage.c:90 +#: lib/luks1/keymanage.c:110 #, c-format -msgid "Device %s is too small. (LUKS requires at least % bytes.)\n" +msgid "Device %s is too small. (LUKS1 requires at least % bytes.)" msgstr "" -#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418 -#: src/cryptsetup_reencrypt.c:1110 +#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139 +#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162 +#: lib/luks1/keymanage.c:174 +#, fuzzy, c-format +msgid "LUKS keyslot %u is invalid." +msgstr "Slot kunci %d tidak valid.\n" + +#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472 +#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1433 +#: src/cryptsetup.c:1559 src/cryptsetup.c:1616 src/cryptsetup.c:1672 +#: src/cryptsetup.c:1739 src/cryptsetup.c:1842 src/cryptsetup.c:1906 +#: src/cryptsetup.c:2136 src/cryptsetup.c:2331 src/cryptsetup.c:2391 +#: src/cryptsetup.c:2457 src/cryptsetup.c:2621 src/cryptsetup.c:3271 +#: src/cryptsetup.c:3280 src/cryptsetup_reencrypt.c:1388 #, fuzzy, c-format -msgid "Device %s is not a valid LUKS device.\n" +msgid "Device %s is not a valid LUKS device." msgstr "Perangkat %s bukan perangkat LUKS.\n" -#: lib/luks1/keymanage.c:198 +#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100 #, fuzzy, c-format -msgid "Requested header backup file %s already exists.\n" +msgid "Requested header backup file %s already exists." msgstr "Berkas %s yang diminta telah ada.\n" -#: lib/luks1/keymanage.c:200 +#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102 #, fuzzy, c-format -msgid "Cannot create header backup file %s.\n" +msgid "Cannot create header backup file %s." msgstr "Tidak dapat membaca berkas cadangan header %s.\n" -#: lib/luks1/keymanage.c:205 -#, c-format -msgid "Cannot write header backup file %s.\n" +#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109 +#, fuzzy, c-format +msgid "Cannot write header backup file %s." msgstr "Tidak dapat menulis berkas cadangan header %s.\n" -#: lib/luks1/keymanage.c:239 +#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161 #, fuzzy -msgid "Backup file doesn't contain valid LUKS header.\n" +msgid "Backup file does not contain valid LUKS header." msgstr "Berkas cadangan tidak berisi header LUKS yang valid.\n" -#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496 -#, c-format -msgid "Cannot open header backup file %s.\n" +#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549 +#: lib/luks2/luks2_json_metadata.c:1182 +#, fuzzy, c-format +msgid "Cannot open header backup file %s." msgstr "Tidak dapat membuka berkas cadangan header %s.\n" -#: lib/luks1/keymanage.c:258 -#, c-format -msgid "Cannot read header backup file %s.\n" +#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190 +#, fuzzy, c-format +msgid "Cannot read header backup file %s." msgstr "Tidak dapat membaca berkas cadangan header %s.\n" -#: lib/luks1/keymanage.c:269 -msgid "Data offset or key size differs on device and backup, restore failed.\n" -msgstr "" -"Data offset atau ukuran kunci berbeda di perangkat dan cadangan, " -"pengembalian gagal.\n" +#: lib/luks1/keymanage.c:317 +#, fuzzy +msgid "Data offset or key size differs on device and backup, restore failed." +msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n" -#: lib/luks1/keymanage.c:277 +#: lib/luks1/keymanage.c:325 #, c-format msgid "Device %s %s%s" msgstr "Perangkat %s %s%s" -#: lib/luks1/keymanage.c:278 -msgid "" -"does not contain LUKS header. Replacing header can destroy data on that " -"device." -msgstr "" -"tidak berisi header LUKS. Mengganti header dapat menghancurkan data di " -"perangkat itu." +#: lib/luks1/keymanage.c:326 +msgid "does not contain LUKS header. Replacing header can destroy data on that device." +msgstr "tidak berisi header LUKS. Mengganti header dapat menghancurkan data di perangkat itu." -#: lib/luks1/keymanage.c:279 -msgid "" -"already contains LUKS header. Replacing header will destroy existing " -"keyslots." -msgstr "" -"telah berisi header LUKS. Mengganti header dapat mengganti slot kunci yang " -"telah ada." +#: lib/luks1/keymanage.c:327 +msgid "already contains LUKS header. Replacing header will destroy existing keyslots." +msgstr "telah berisi header LUKS. Mengganti header dapat mengganti slot kunci yang telah ada." -#: lib/luks1/keymanage.c:280 +#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224 msgid "" "\n" "WARNING: real device header has different UUID than backup!" @@ -547,145 +913,113 @@ msgstr "" "\n" "PERINGATAN: header perangkat ril memiliki UUID berbeda dengan cadangan!" -#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535 -#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82 -#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292 -#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323 -#, c-format -msgid "Cannot open device %s.\n" -msgstr "Tidak dapat membuka perangkat %s.\n" - -#: lib/luks1/keymanage.c:329 -msgid "Non standard key size, manual repair required.\n" +#: lib/luks1/keymanage.c:375 +msgid "Non standard key size, manual repair required." msgstr "" -#: lib/luks1/keymanage.c:334 -msgid "Non standard keyslots alignment, manual repair required.\n" -msgstr "" - -#: lib/luks1/keymanage.c:340 -msgid "Repairing keyslots.\n" +#: lib/luks1/keymanage.c:380 +msgid "Non standard keyslots alignment, manual repair required." msgstr "" -#: lib/luks1/keymanage.c:351 -msgid "Repair failed." +#: lib/luks1/keymanage.c:390 +msgid "Repairing keyslots." msgstr "" -#: lib/luks1/keymanage.c:363 +#: lib/luks1/keymanage.c:409 #, c-format -msgid "Keyslot %i: offset repaired (%u -> %u).\n" +msgid "Keyslot %i: offset repaired (%u -> %u)." msgstr "" -#: lib/luks1/keymanage.c:371 +#: lib/luks1/keymanage.c:417 #, c-format -msgid "Keyslot %i: stripes repaired (%u -> %u).\n" +msgid "Keyslot %i: stripes repaired (%u -> %u)." msgstr "" -#: lib/luks1/keymanage.c:380 +#: lib/luks1/keymanage.c:426 #, c-format -msgid "Keyslot %i: bogus partition signature.\n" +msgid "Keyslot %i: bogus partition signature." msgstr "" -#: lib/luks1/keymanage.c:385 +#: lib/luks1/keymanage.c:431 #, fuzzy, c-format -msgid "Keyslot %i: salt wiped.\n" +msgid "Keyslot %i: salt wiped." msgstr "Slot kunci %d tidak valid.\n" -#: lib/luks1/keymanage.c:396 -#, fuzzy -msgid "Writing LUKS header to disk.\n" -msgstr "Error selama memperbarui header LUKS di perangkat %s.\n" - -#: lib/luks1/keymanage.c:421 -#, c-format -msgid "Unsupported LUKS version %d.\n" -msgstr "versi LUKS %d tidak didukung.\n" +#: lib/luks1/keymanage.c:448 +msgid "Writing LUKS header to disk." +msgstr "" -#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661 -#, c-format -msgid "Requested LUKS hash %s is not supported.\n" -msgstr "Hash %s LUKS yang diminta tidak didukung.\n" +#: lib/luks1/keymanage.c:453 +msgid "Repair failed." +msgstr "" -#: lib/luks1/keymanage.c:442 +#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750 #, fuzzy, c-format -msgid "LUKS keyslot %u is invalid.\n" -msgstr "Slot kunci %d tidak valid.\n" +msgid "Requested LUKS hash %s is not supported." +msgstr "Hash %s LUKS yang diminta tidak didukung.\n" -#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668 -msgid "No known problems detected for LUKS header.\n" +#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1133 +msgid "No known problems detected for LUKS header." msgstr "" -#: lib/luks1/keymanage.c:596 -#, c-format -msgid "Error during update of LUKS header on device %s.\n" +#: lib/luks1/keymanage.c:660 +#, fuzzy, c-format +msgid "Error during update of LUKS header on device %s." msgstr "Error selama memperbarui header LUKS di perangkat %s.\n" -#: lib/luks1/keymanage.c:603 -#, c-format -msgid "Error re-reading LUKS header after update on device %s.\n" -msgstr "" -"Error membaca-kembali header LUKS setelah memperbarui di perangkat %s.\n" +#: lib/luks1/keymanage.c:668 +#, fuzzy, c-format +msgid "Error re-reading LUKS header after update on device %s." +msgstr "Error membaca-kembali header LUKS setelah memperbarui di perangkat %s.\n" -#: lib/luks1/keymanage.c:654 -#, c-format -msgid "" -"Data offset for detached LUKS header must be either 0 or higher than header " -"size (%d sectors).\n" +#: lib/luks1/keymanage.c:744 +msgid "Data offset for LUKS header must be either 0 or higher than header size." msgstr "" -#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757 +#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825 +#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001 +#: src/cryptsetup.c:2784 #, fuzzy -msgid "Wrong LUKS UUID format provided.\n" +msgid "Wrong LUKS UUID format provided." msgstr "Format UUID yang disediakan berbeda, membuat yang baru.\n" -#: lib/luks1/keymanage.c:695 -msgid "Cannot create LUKS header: reading random salt failed.\n" +#: lib/luks1/keymanage.c:778 +#, fuzzy +msgid "Cannot create LUKS header: reading random salt failed." msgstr "Tidak dapat membuat header LUKS: pembacaan garam acak gagal.\n" -#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798 +#: lib/luks1/keymanage.c:804 #, fuzzy, c-format -msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n" -msgstr "Pilihan PBKDF2 tidak kompatibel (menggunakan algoritma hash %s)." - -#: lib/luks1/keymanage.c:717 -#, c-format -msgid "Cannot create LUKS header: header digest failed (using hash %s).\n" -msgstr "" -"Tidak dapat membuat header LUKS: digest header gagal (menggunakan hash %s).\n" +msgid "Cannot create LUKS header: header digest failed (using hash %s)." +msgstr "Tidak dapat membuat header LUKS: digest header gagal (menggunakan hash %s).\n" -#: lib/luks1/keymanage.c:782 -#, c-format -msgid "Key slot %d active, purge first.\n" +#: lib/luks1/keymanage.c:848 +#, fuzzy, c-format +msgid "Key slot %d active, purge first." msgstr "Slot kunci %d aktif, hapus terlebih dahulu.\n" -#: lib/luks1/keymanage.c:788 -#, c-format -msgid "Key slot %d material includes too few stripes. Header manipulation?\n" -msgstr "" -"Slot kunci %d material terdapat terlalu sedikit stripes. Manipulasi header?\n" - -#: lib/luks1/keymanage.c:950 -#, c-format -msgid "Key slot %d unlocked.\n" -msgstr "Slot kunci %d tidak terkunci.\n" +#: lib/luks1/keymanage.c:854 +#, fuzzy, c-format +msgid "Key slot %d material includes too few stripes. Header manipulation?" +msgstr "Slot kunci %d material terdapat terlalu sedikit stripes. Manipulasi header?\n" -#: lib/luks1/keymanage.c:985 src/cryptsetup.c:858 -#: src/cryptsetup_reencrypt.c:999 src/cryptsetup_reencrypt.c:1036 -msgid "No key available with this passphrase.\n" -msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n" +#: lib/luks1/keymanage.c:990 +#, fuzzy, c-format +msgid "Cannot open keyslot (using hash %s)." +msgstr "Tidak dapat membuka perangkat %s.\n" -#: lib/luks1/keymanage.c:1003 -#, c-format -msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n" +#: lib/luks1/keymanage.c:1066 +#, fuzzy, c-format +msgid "Key slot %d is invalid, please select keyslot between 0 and %d." msgstr "Slot kunci %d tidak valid, mohon pilih slot kunci diantara 0 dan %d.\n" -#: lib/luks1/keymanage.c:1021 -#, c-format -msgid "Cannot wipe device %s.\n" +#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738 +#, fuzzy, c-format +msgid "Cannot wipe device %s." msgstr "Tidak dapat menghapus perangkat %s.\n" #: lib/loopaes/loopaes.c:146 -msgid "Detected not yet supported GPG encrypted keyfile.\n" +msgid "Detected not yet supported GPG encrypted keyfile." msgstr "" #: lib/loopaes/loopaes.c:147 @@ -693,1187 +1027,2950 @@ msgid "Please use gpg --decrypt | cryptsetup --keyfile=- ...\n" msgstr "" #: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188 -msgid "Incompatible loop-AES keyfile detected.\n" +msgid "Incompatible loop-AES keyfile detected." msgstr "" -#: lib/loopaes/loopaes.c:244 -msgid "Kernel doesn't support loop-AES compatible mapping.\n" +#: lib/loopaes/loopaes.c:245 +msgid "Kernel does not support loop-AES compatible mapping." msgstr "" -#: lib/tcrypt/tcrypt.c:475 +#: lib/tcrypt/tcrypt.c:504 #, fuzzy, c-format -msgid "Error reading keyfile %s.\n" +msgid "Error reading keyfile %s." msgstr "Kesalahan dalam pembacaan kata sandi.\n" -#: lib/tcrypt/tcrypt.c:513 +#: lib/tcrypt/tcrypt.c:554 #, c-format -msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n" +msgid "Maximum TCRYPT passphrase length (%zu) exceeded." msgstr "" -#: lib/tcrypt/tcrypt.c:543 +#: lib/tcrypt/tcrypt.c:595 #, c-format -msgid "PBKDF2 hash algorithm %s not available, skipping.\n" +msgid "PBKDF2 hash algorithm %s not available, skipping." msgstr "" -#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621 -msgid "Required kernel crypto interface not available.\n" +#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1010 +msgid "Required kernel crypto interface not available." msgstr "" -#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623 -msgid "Ensure you have algif_skcipher kernel module loaded.\n" +#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1012 +msgid "Ensure you have algif_skcipher kernel module loaded." msgstr "" -#: lib/tcrypt/tcrypt.c:707 +#: lib/tcrypt/tcrypt.c:753 #, fuzzy, c-format -msgid "Activation is not supported for %d sector size.\n" +msgid "Activation is not supported for %d sector size." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/tcrypt/tcrypt.c:713 -msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n" +#: lib/tcrypt/tcrypt.c:759 +msgid "Kernel does not support activation for this TCRYPT legacy mode." msgstr "" -#: lib/tcrypt/tcrypt.c:744 +#: lib/tcrypt/tcrypt.c:793 #, c-format -msgid "Activating TCRYPT system encryption for partition %s.\n" +msgid "Activating TCRYPT system encryption for partition %s." msgstr "" -#: lib/tcrypt/tcrypt.c:806 -msgid "Kernel doesn't support TCRYPT compatible mapping.\n" +#: lib/tcrypt/tcrypt.c:871 +msgid "Kernel does not support TCRYPT compatible mapping." msgstr "" -#: lib/tcrypt/tcrypt.c:1020 +#: lib/tcrypt/tcrypt.c:1093 #, fuzzy msgid "This function is not supported without TCRYPT header load." msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: lib/verity/verity.c:70 lib/verity/verity.c:172 +#: lib/bitlk/bitlk.c:333 #, c-format -msgid "Verity device %s doesn't use on-disk header.\n" +msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key." msgstr "" -#: lib/verity/verity.c:94 +#: lib/bitlk/bitlk.c:380 +msgid "Invalid string found when parsing Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:385 +#, c-format +msgid "Unexpected string ('%s') found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:399 +#, c-format +msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key." +msgstr "" + +#: lib/bitlk/bitlk.c:479 +#, fuzzy, c-format +msgid "Failed to read BITLK signature from %s." +msgstr "Gagal untuk membaca dari penyimpanan kunci.\n" + +#: lib/bitlk/bitlk.c:485 +msgid "BITLK version 1 is currently not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:491 +msgid "Invalid or unknown boot signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:503 +msgid "Invalid or unknown signature for BITLK device." +msgstr "" + +#: lib/bitlk/bitlk.c:510 +#, fuzzy, c-format +msgid "Unsupported sector size %." +msgstr "versi LUKS %d tidak didukung.\n" + +#: lib/bitlk/bitlk.c:518 +#, fuzzy, c-format +msgid "Failed to read BITLK header from %s." +msgstr "Gagal untuk membaca dari penyimpanan kunci.\n" + +#: lib/bitlk/bitlk.c:543 +#, c-format +msgid "Failed to read BITLK FVE metadata from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:594 +msgid "Unknown or unsupported encryption type." +msgstr "" + +#: lib/bitlk/bitlk.c:627 +#, c-format +msgid "Failed to read BITLK metadata entries from %s." +msgstr "" + +#: lib/bitlk/bitlk.c:921 +#, fuzzy +msgid "This operation is not supported." +msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" + +#: lib/bitlk/bitlk.c:929 +#, fuzzy +msgid "Wrong key size." +msgstr "Ukuran kunci tidak valid.\n" + +#: lib/bitlk/bitlk.c:981 +msgid "This BITLK device is in an unsupported state and cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:987 +#, c-format +msgid "BITLK devices with type '%s' cannot be activated." +msgstr "" + +#: lib/bitlk/bitlk.c:1069 +msgid "Activation of partially decrypted BITLK device is not supported." +msgstr "" + +#: lib/bitlk/bitlk.c:1205 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV." +msgstr "" + +#: lib/bitlk/bitlk.c:1209 +msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser." +msgstr "" + +#: lib/verity/verity.c:68 lib/verity/verity.c:171 +#, c-format +msgid "Verity device %s does not use on-disk header." +msgstr "" + +#: lib/verity/verity.c:90 #, fuzzy, c-format -msgid "Device %s is not a valid VERITY device.\n" +msgid "Device %s is not a valid VERITY device." msgstr "Perangkat %s bukan perangkat LUKS.\n" -#: lib/verity/verity.c:101 +#: lib/verity/verity.c:97 #, fuzzy, c-format -msgid "Unsupported VERITY version %d.\n" +msgid "Unsupported VERITY version %d." msgstr "versi LUKS %d tidak didukung.\n" -#: lib/verity/verity.c:131 -msgid "VERITY header corrupted.\n" +#: lib/verity/verity.c:128 +msgid "VERITY header corrupted." msgstr "" -#: lib/verity/verity.c:166 +#: lib/verity/verity.c:165 #, fuzzy, c-format -msgid "Wrong VERITY UUID format provided on device %s.\n" +msgid "Wrong VERITY UUID format provided on device %s." msgstr "Format UUID yang disediakan berbeda, membuat yang baru.\n" -#: lib/verity/verity.c:196 +#: lib/verity/verity.c:198 #, fuzzy, c-format -msgid "Error during update of verity header on device %s.\n" +msgid "Error during update of verity header on device %s." msgstr "Error selama memperbarui header LUKS di perangkat %s.\n" -#: lib/verity/verity.c:276 -msgid "Kernel doesn't support dm-verity mapping.\n" +#: lib/verity/verity.c:256 +msgid "Root hash signature verification is not supported." +msgstr "" + +#: lib/verity/verity.c:267 +msgid "Errors cannot be repaired with FEC device." +msgstr "" + +#: lib/verity/verity.c:269 +#, c-format +msgid "Found %u repairable errors with FEC device." +msgstr "" + +#: lib/verity/verity.c:308 +msgid "Kernel does not support dm-verity mapping." msgstr "" -#: lib/verity/verity.c:287 -msgid "Verity device detected corruption after activation.\n" +#: lib/verity/verity.c:312 +msgid "Kernel does not support dm-verity signature option." +msgstr "" + +#: lib/verity/verity.c:323 +msgid "Verity device detected corruption after activation." msgstr "" #: lib/verity/verity_hash.c:59 #, c-format -msgid "Spare area is not zeroed at position %.\n" +msgid "Spare area is not zeroed at position %." msgstr "" -#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249 -#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284 -msgid "Device offset overflow.\n" +#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290 +#: lib/verity/verity_hash.c:303 +msgid "Device offset overflow." msgstr "" -#: lib/verity/verity_hash.c:161 +#: lib/verity/verity_hash.c:203 #, c-format -msgid "Verification failed at position %.\n" +msgid "Verification failed at position %." msgstr "" -#: lib/verity/verity_hash.c:235 -msgid "Invalid size parameters for verity device.\n" +#: lib/verity/verity_hash.c:276 +msgid "Invalid size parameters for verity device." msgstr "" -#: lib/verity/verity_hash.c:266 -msgid "Too many tree levels for verity volume.\n" +#: lib/verity/verity_hash.c:296 +msgid "Hash area overflow." msgstr "" -#: lib/verity/verity_hash.c:354 -msgid "Verification of data area failed.\n" +#: lib/verity/verity_hash.c:373 +msgid "Verification of data area failed." msgstr "" -#: lib/verity/verity_hash.c:359 -msgid "Verification of root hash failed.\n" +#: lib/verity/verity_hash.c:378 +msgid "Verification of root hash failed." msgstr "" -#: lib/verity/verity_hash.c:365 +#: lib/verity/verity_hash.c:384 #, fuzzy -msgid "Input/output error while creating hash area.\n" +msgid "Input/output error while creating hash area." msgstr "Kehabisan memori ketika membaca kata sandi.\n" -#: lib/verity/verity_hash.c:367 -msgid "Creation of hash area failed.\n" +#: lib/verity/verity_hash.c:386 +msgid "Creation of hash area failed." msgstr "" -#: lib/verity/verity_hash.c:414 +#: lib/verity/verity_hash.c:433 #, c-format -msgid "" -"WARNING: Kernel cannot activate device if data block size exceeds page size " -"(%u).\n" +msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)." msgstr "" -#: src/cryptsetup.c:91 -msgid "Can't do passphrase verification on non-tty inputs.\n" -msgstr "Tidak dapat melakukan verifikasi kata sandi di masukan bukan tty.\n" +#: lib/verity/verity_fec.c:131 +msgid "Failed to allocate RS context." +msgstr "" -#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711 -#: src/cryptsetup_reencrypt.c:502 src/cryptsetup_reencrypt.c:556 -msgid "No known cipher specification pattern detected.\n" -msgstr "Tidak ada pola spesifikasi cipher yang dikenal terdeteksi.\n" +#: lib/verity/verity_fec.c:146 +#, fuzzy +msgid "Failed to allocate buffer." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" -#: src/cryptsetup.c:144 -msgid "" -"WARNING: The --hash parameter is being ignored in plain mode with keyfile " -"specified.\n" +#: lib/verity/verity_fec.c:156 +#, c-format +msgid "Failed to read RS block % byte %d." msgstr "" -#: src/cryptsetup.c:152 -msgid "" -"WARNING: The --keyfile-size option is being ignored, the read size is the " -"same as the encryption key size.\n" +#: lib/verity/verity_fec.c:169 +#, c-format +msgid "Failed to read parity for RS block %." msgstr "" -#: src/cryptsetup.c:218 -#, fuzzy -msgid "Option --key-file is required.\n" -msgstr "Pilihan --header-backup-file dibutuhkan.\n" - -#: src/cryptsetup.c:267 -#, fuzzy -msgid "No device header detected with this passphrase.\n" -msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n" - -#: src/cryptsetup.c:327 src/cryptsetup.c:1140 -msgid "" -"Header dump with volume key is sensitive information\n" -"which allows access to encrypted partition without passphrase.\n" -"This dump should be always stored encrypted on safe place." +#: lib/verity/verity_fec.c:177 +#, c-format +msgid "Failed to repair parity for block %." msgstr "" -#: src/cryptsetup.c:517 -msgid "Result of benchmark is not reliable.\n" +#: lib/verity/verity_fec.c:188 +#, c-format +msgid "Failed to write parity for RS block %." msgstr "" -#: src/cryptsetup.c:558 -msgid "# Tests are approximate using memory only (no storage IO).\n" +#: lib/verity/verity_fec.c:223 +msgid "Block sizes must match for FEC." msgstr "" -#: src/cryptsetup.c:583 src/cryptsetup.c:605 -msgid "# Algorithm | Key | Encryption | Decryption\n" +#: lib/verity/verity_fec.c:229 +msgid "Invalid number of parity bytes." msgstr "" -#: src/cryptsetup.c:587 +#: lib/verity/verity_fec.c:265 #, fuzzy, c-format -msgid "Cipher %s is not available.\n" -msgstr "Perangkat %s tidak aktif.\n" +msgid "Failed to determine size for device %s." +msgstr "Gagal membuka berkas kunci %s.\n" -#: src/cryptsetup.c:614 -msgid "N/A" +#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343 +msgid "Kernel does not support dm-integrity mapping." msgstr "" -#: src/cryptsetup.c:639 -#, fuzzy, c-format -msgid "Cannot read keyfile %s.\n" -msgstr "Tidak dapat membaca perangkat %s.\n" +#: lib/integrity/integrity.c:277 +msgid "Kernel does not support dm-integrity fixed metadata alignment." +msgstr "" -#: src/cryptsetup.c:643 +#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959 +#: lib/luks2/luks2_json_metadata.c:1244 #, fuzzy, c-format -msgid "Cannot read %d bytes from keyfile %s.\n" -msgstr "Tidak dapat membaca %d bytes dari berkas kunci %s.\n" +msgid "Failed to acquire write lock on device %s." +msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n" -#: src/cryptsetup.c:672 -#, fuzzy -msgid "Really try to repair LUKS device header?" -msgstr "Kembalikan header perangkat LUKS dan slot kunci" +#: lib/luks2/luks2_disk_metadata.c:392 +msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation." +msgstr "" -#: src/cryptsetup.c:697 -#, c-format -msgid "This will overwrite data on %s irrevocably." -msgstr "Ini akan memaksa menulis data di %s secara permanen." +#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712 +msgid "" +"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n" +"Please run \"cryptsetup repair\" for recovery." +msgstr "" -#: src/cryptsetup.c:699 -msgid "memory allocation error in action_luksFormat" -msgstr "alokasi memori error dalam action_luksFormat" +#: lib/luks2/luks2_json_format.c:227 +#, fuzzy +msgid "Requested data offset is too small." +msgstr "Perangkat %s terlalu kecil.\n" -#: src/cryptsetup.c:717 +#: lib/luks2/luks2_json_format.c:271 #, c-format -msgid "Cannot use %s as on-disk header.\n" -msgstr "" - -#: src/cryptsetup.c:784 -msgid "Reduced data offset is allowed only for detached LUKS header.\n" +msgid "WARNING: keyslots area (% bytes) is very small, available LUKS2 keyslot count is very limited.\n" msgstr "" -#: src/cryptsetup.c:881 src/cryptsetup.c:937 +#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074 +#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92 +#: lib/luks2/luks2_keyslot_luks2.c:114 #, fuzzy, c-format -msgid "Key slot %d selected for deletion.\n" -msgstr "slot kunci %d terpilih untuk penghapusan.\n" +msgid "Failed to acquire read lock on device %s." +msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n" -#: src/cryptsetup.c:884 +#: lib/luks2/luks2_json_metadata.c:1167 #, c-format -msgid "Key %d not active. Can't wipe.\n" -msgstr "Kunci %d tidak aktif. Tidak dapat menghapus.\n" - -#: src/cryptsetup.c:892 src/cryptsetup.c:940 -msgid "" -"This is the last keyslot. Device will become unusable after purging this key." +msgid "Forbidden LUKS2 requirements detected in backup %s." msgstr "" -"Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil " -"setelah menghapus kunci ini." -#: src/cryptsetup.c:893 +#: lib/luks2/luks2_json_metadata.c:1208 #, fuzzy -msgid "Enter any remaining passphrase: " -msgstr "Masukan kata sandi LUKS yang tersisa: " +msgid "Data offset differ on device and backup, restore failed." +msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n" -#: src/cryptsetup.c:921 +#: lib/luks2/luks2_json_metadata.c:1214 #, fuzzy -msgid "Enter passphrase to be deleted: " -msgstr "Masukan kata sandi LUKS yang akan dihapus: " +msgid "Binary header with keyslot areas size differ on device and backup, restore failed." +msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n" -#: src/cryptsetup.c:1003 src/cryptsetup_reencrypt.c:1074 +#: lib/luks2/luks2_json_metadata.c:1221 #, fuzzy, c-format -msgid "Enter any existing passphrase: " -msgstr "Masukan kata sandi: " +msgid "Device %s %s%s%s%s" +msgstr "Perangkat %s %s%s" -#: src/cryptsetup.c:1052 +#: lib/luks2/luks2_json_metadata.c:1222 #, fuzzy -msgid "Enter passphrase to be changed: " -msgstr "Masukan kata sandi LUKS yang akan dihapus: " +msgid "does not contain LUKS2 header. Replacing header can destroy data on that device." +msgstr "tidak berisi header LUKS. Mengganti header dapat menghancurkan data di perangkat itu." -#: src/cryptsetup.c:1066 src/cryptsetup_reencrypt.c:1059 +#: lib/luks2/luks2_json_metadata.c:1223 #, fuzzy -msgid "Enter new passphrase: " -msgstr "Masukan kata sandi: " +msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots." +msgstr "telah berisi header LUKS. Mengganti header dapat mengganti slot kunci yang telah ada." -#: src/cryptsetup.c:1090 -msgid "Only one device argument for isLuks operation is supported.\n" +#: lib/luks2/luks2_json_metadata.c:1225 +msgid "" +"\n" +"WARNING: unknown LUKS2 requirements detected in real device header!\n" +"Replacing header with backup may corrupt the data on that device!" msgstr "" -#: src/cryptsetup.c:1246 src/cryptsetup.c:1267 -msgid "Option --header-backup-file is required.\n" -msgstr "Pilihan --header-backup-file dibutuhkan.\n" +#: lib/luks2/luks2_json_metadata.c:1227 +msgid "" +"\n" +"WARNING: Unfinished offline reencryption detected on the device!\n" +"Replacing header with backup may corrupt data." +msgstr "" -#: src/cryptsetup.c:1304 +#: lib/luks2/luks2_json_metadata.c:1323 #, c-format -msgid "Unrecognized metadata device type %s.\n" +msgid "Ignored unknown flag %s." msgstr "" -#: src/cryptsetup.c:1307 -msgid "Command requires device and mapped name as arguments.\n" +#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746 +#, c-format +msgid "Missing key for dm-crypt segment %u" msgstr "" -#: src/cryptsetup.c:1326 -#, fuzzy, c-format -msgid "" -"This operation will erase all keyslots on device %s.\n" +#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764 +#, fuzzy +msgid "Failed to set dm-crypt segment." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770 +#, fuzzy +msgid "Failed to set dm-linear segment." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: lib/luks2/luks2_json_metadata.c:2155 +msgid "Unsupported device integrity configuration." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2241 +msgid "Reencryption in-progress. Cannot deactivate device." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2252 lib/luks2/luks2_reencrypt.c:3190 +#, c-format +msgid "Failed to replace suspended device %s with dm-error target." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2332 +msgid "Failed to read LUKS2 requirements." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2339 +msgid "Unmet LUKS2 requirements detected." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2347 +msgid "Operation incompatible with device marked for legacy reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_json_metadata.c:2349 +msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584 +msgid "Not enough available memory to open a keyslot." +msgstr "" + +#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586 +#, fuzzy +msgid "Keyslot open failed." +msgstr "Slot kunci %d telah terverifikasi.\n" + +#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108 +#, c-format +msgid "Cannot use %s-%s cipher for keyslot encryption." +msgstr "" + +#: lib/luks2/luks2_keyslot_luks2.c:480 +msgid "No space for new keyslot." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:482 +#, c-format +msgid "Cannot check status of device with uuid: %s." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:508 +msgid "Unable to convert header with LUKSMETA additional metadata." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:548 +msgid "Unable to move keyslot area. Not enough space." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:599 +msgid "Unable to move keyslot area. LUKS2 keyslots area too small." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887 +msgid "Unable to move keyslot area." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:697 +msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:705 +msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:717 +#, c-format +msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:725 +#, c-format +msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:739 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:744 +#, c-format +msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active." +msgstr "" + +#: lib/luks2/luks2_luks1_convert.c:749 +#, c-format +msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:892 +#, c-format +msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:897 +#, c-format +msgid "Device size must be multiple of calculated zone alignment (%zu bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:941 +#, fuzzy, c-format +msgid "Unsupported resilience mode %s" +msgstr "versi LUKS %d tidak didukung.\n" + +#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313 +#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430 +#: lib/luks2/luks2_reencrypt.c:3030 +#, fuzzy +msgid "Failed to initialize old segment storage wrapper." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291 +#, fuzzy +msgid "Failed to initialize new segment storage wrapper." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:1340 +#, fuzzy +msgid "Failed to read checksums for current hotzone." +msgstr "Gagal untuk membaca dari penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038 +#, c-format +msgid "Failed to read hotzone area starting at %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1366 +#, fuzzy, c-format +msgid "Failed to decrypt sector %zu." +msgstr "Gagal untuk membaca dari penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:1372 +#, fuzzy, c-format +msgid "Failed to recover sector %zu." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:1867 +#, c-format +msgid "Source and target device sizes don't match. Source %, target: %." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1965 +#, fuzzy, c-format +msgid "Failed to activate hotzone device %s." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: lib/luks2/luks2_reencrypt.c:1982 +#, c-format +msgid "Failed to activate overlay device %s with actual origin table." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:1989 +#, fuzzy, c-format +msgid "Failed to load new mapping for device %s." +msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n" + +#: lib/luks2/luks2_reencrypt.c:2060 +msgid "Failed to refresh reencryption devices stack." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2216 +#, fuzzy +msgid "Failed to set new keyslots area size." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: lib/luks2/luks2_reencrypt.c:2318 +#, c-format +msgid "Data shift is not aligned to requested encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2339 +#, c-format +msgid "Data device is not aligned to requested encryption sector size (% bytes)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2360 +#, c-format +msgid "Data shift (% sectors) is less than future data offset (% sectors)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779 +#: lib/luks2/luks2_reencrypt.c:2800 +#, c-format +msgid "Failed to open %s in exclusive mode (already mapped or mounted)." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2534 +msgid "Device not marked for LUKS2 reencryption." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295 +msgid "Failed to load LUKS2 reencryption context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2619 +#, fuzzy +msgid "Failed to get reencryption state." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:2623 +#, fuzzy +msgid "Device is not in reencryption." +msgstr "Perangkat %s tidak aktif.\n" + +#: lib/luks2/luks2_reencrypt.c:2630 +msgid "Reencryption process is already running." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2632 +msgid "Failed to acquire reencryption lock." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2650 +msgid "Cannot proceed with reencryption. Run reencryption recovery first." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2750 +msgid "Active device size and requested reencryption size don't match." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2764 +msgid "Illegal device size requested in reencryption parameters." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2834 +msgid "Reencryption in-progress. Cannot perform recovery." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2906 +msgid "LUKS2 reencryption already initialized in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:2913 +msgid "Failed to initialize LUKS2 reencryption in metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3004 +msgid "Failed to set device segments for next reencryption hotzone." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3046 +msgid "Failed to write reencryption resilience metadata." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3053 +msgid "Decryption failed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3058 +#, fuzzy, c-format +msgid "Failed to write hotzone area starting at %." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:3063 +msgid "Failed to sync data." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3071 +msgid "Failed to update metadata after current reencryption hotzone completed." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3138 +#, fuzzy +msgid "Failed to write LUKS2 metadata." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: lib/luks2/luks2_reencrypt.c:3161 +msgid "Failed to wipe backup segment data." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3174 +msgid "Failed to disable reencryption requirement flag." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3182 +#, c-format +msgid "Fatal error while reencrypting chunk starting at %, % sectors long." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3191 +msgid "Do not resume the device unless replaced with error target manually." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3240 +msgid "Cannot proceed with reencryption. Unexpected reencryption status." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3246 +msgid "Missing or invalid reencrypt context." +msgstr "" + +#: lib/luks2/luks2_reencrypt.c:3253 +#, fuzzy +msgid "Failed to initialize reencryption device stack." +msgstr "Tidak dapat menginisialisasi backend crypto.\n" + +#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308 +msgid "Failed to update reencryption context." +msgstr "" + +#: lib/luks2/luks2_token.c:262 +msgid "No free token slot." +msgstr "" + +#: lib/luks2/luks2_token.c:269 +#, fuzzy, c-format +msgid "Failed to create builtin token %s." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: src/cryptsetup.c:164 +#, fuzzy +msgid "Can't do passphrase verification on non-tty inputs." +msgstr "Tidak dapat melakukan verifikasi kata sandi di masukan bukan tty.\n" + +#: src/cryptsetup.c:221 +#, fuzzy +msgid "Keyslot encryption parameters can be set only for LUKS2 device." +msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" + +#: src/cryptsetup.c:251 src/cryptsetup.c:959 src/cryptsetup.c:1269 +#: src/cryptsetup.c:3145 src/cryptsetup_reencrypt.c:723 +#: src/cryptsetup_reencrypt.c:793 +#, fuzzy +msgid "No known cipher specification pattern detected." +msgstr "Tidak ada pola spesifikasi cipher yang dikenal terdeteksi.\n" + +#: src/cryptsetup.c:259 +msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n" +msgstr "" + +#: src/cryptsetup.c:267 +msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n" +msgstr "" + +#: src/cryptsetup.c:307 +#, c-format +msgid "Detected device signature(s) on %s. Proceeding further may damage existing data." +msgstr "" + +#: src/cryptsetup.c:313 src/cryptsetup.c:1090 src/cryptsetup.c:1142 +#: src/cryptsetup.c:1246 src/cryptsetup.c:1319 src/cryptsetup.c:1974 +#: src/cryptsetup.c:2682 src/cryptsetup.c:2805 src/integritysetup.c:233 +msgid "Operation aborted.\n" +msgstr "" + +#: src/cryptsetup.c:381 +#, fuzzy +msgid "Option --key-file is required." +msgstr "Pilihan --header-backup-file dibutuhkan.\n" + +#: src/cryptsetup.c:434 +msgid "Enter VeraCrypt PIM: " +msgstr "" + +#: src/cryptsetup.c:443 +msgid "Invalid PIM value: parse error." +msgstr "" + +#: src/cryptsetup.c:446 +#, fuzzy +msgid "Invalid PIM value: 0." +msgstr "Perangkat %s tidak valid.\n" + +#: src/cryptsetup.c:449 +msgid "Invalid PIM value: outside of range." +msgstr "" + +#: src/cryptsetup.c:472 +#, fuzzy +msgid "No device header detected with this passphrase." +msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n" + +#: src/cryptsetup.c:541 +#, fuzzy, c-format +msgid "Device %s is not a valid BITLK device." +msgstr "Perangkat %s bukan perangkat LUKS.\n" + +#: src/cryptsetup.c:576 +msgid "" +"Header dump with volume key is sensitive information\n" +"which allows access to encrypted partition without passphrase.\n" +"This dump should be always stored encrypted on safe place." +msgstr "" + +#: src/cryptsetup.c:673 +#, c-format +msgid "Device %s is still active and scheduled for deferred removal.\n" +msgstr "" + +#: src/cryptsetup.c:701 +msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set." +msgstr "" + +#: src/cryptsetup.c:838 +msgid "Benchmark interrupted." +msgstr "" + +#: src/cryptsetup.c:859 +#, c-format +msgid "PBKDF2-%-9s N/A\n" +msgstr "" + +#: src/cryptsetup.c:861 +#, c-format +msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n" +msgstr "" + +#: src/cryptsetup.c:875 +#, c-format +msgid "%-10s N/A\n" +msgstr "" + +#: src/cryptsetup.c:877 +#, c-format +msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n" +msgstr "" + +#: src/cryptsetup.c:901 +msgid "Result of benchmark is not reliable." +msgstr "" + +#: src/cryptsetup.c:951 +msgid "# Tests are approximate using memory only (no storage IO).\n" +msgstr "" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:971 +#, c-format +msgid "#%*s Algorithm | Key | Encryption | Decryption\n" +msgstr "" + +#: src/cryptsetup.c:975 +#, c-format +msgid "Cipher %s (with %i bits key) is not available." +msgstr "" + +#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned. +#: src/cryptsetup.c:994 +msgid "# Algorithm | Key | Encryption | Decryption\n" +msgstr "" + +#: src/cryptsetup.c:1003 +msgid "N/A" +msgstr "" + +#: src/cryptsetup.c:1083 +msgid "" +"Seems device does not require reencryption recovery.\n" +"Do you want to proceed anyway?" +msgstr "" + +#: src/cryptsetup.c:1089 +msgid "Really proceed with LUKS2 reencryption recovery?" +msgstr "" + +#: src/cryptsetup.c:1098 +#, fuzzy +msgid "Enter passphrase for reencryption recovery: " +msgstr "Masukan kasa sandi baru untuk slot kunci: " + +#: src/cryptsetup.c:1141 +#, fuzzy +msgid "Really try to repair LUKS device header?" +msgstr "Kembalikan header perangkat LUKS dan slot kunci" + +#: src/cryptsetup.c:1160 src/integritysetup.c:146 +msgid "" +"Wiping device to initialize integrity checksum.\n" +"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n" +msgstr "" + +#: src/cryptsetup.c:1182 src/integritysetup.c:168 +#, fuzzy, c-format +msgid "Cannot deactivate temporary device %s." +msgstr "Tidak dapat membaca perangkat %s.\n" + +#: src/cryptsetup.c:1231 +msgid "Integrity option can be used only for LUKS2 format." +msgstr "" + +#: src/cryptsetup.c:1236 src/cryptsetup.c:1296 +#, fuzzy +msgid "Unsupported LUKS2 metadata size options." +msgstr "versi LUKS %d tidak didukung.\n" + +#: src/cryptsetup.c:1253 +#, fuzzy, c-format +msgid "Cannot create header file %s." +msgstr "Tidak dapat membaca berkas cadangan header %s.\n" + +#: src/cryptsetup.c:1276 src/integritysetup.c:195 src/integritysetup.c:204 +#: src/integritysetup.c:213 src/integritysetup.c:284 src/integritysetup.c:293 +#: src/integritysetup.c:303 +#, fuzzy +msgid "No known integrity specification pattern detected." +msgstr "Tidak ada pola spesifikasi cipher yang dikenal terdeteksi.\n" + +#: src/cryptsetup.c:1289 +#, c-format +msgid "Cannot use %s as on-disk header." +msgstr "" + +#: src/cryptsetup.c:1313 src/integritysetup.c:227 +#, c-format +msgid "This will overwrite data on %s irrevocably." +msgstr "Ini akan memaksa menulis data di %s secara permanen." + +#: src/cryptsetup.c:1354 src/cryptsetup.c:1688 src/cryptsetup.c:1755 +#: src/cryptsetup.c:1857 src/cryptsetup.c:1923 src/cryptsetup_reencrypt.c:553 +#, fuzzy +msgid "Failed to set pbkdf parameters." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: src/cryptsetup.c:1439 +msgid "Reduced data offset is allowed only for detached LUKS header." +msgstr "" + +#: src/cryptsetup.c:1450 src/cryptsetup.c:1761 +msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option." +msgstr "" + +#: src/cryptsetup.c:1488 +msgid "Device activated but cannot make flags persistent." +msgstr "" + +#: src/cryptsetup.c:1569 src/cryptsetup.c:1639 +#, fuzzy, c-format +msgid "Keyslot %d is selected for deletion." +msgstr "slot kunci %d terpilih untuk penghapusan.\n" + +#: src/cryptsetup.c:1581 src/cryptsetup.c:1642 +msgid "This is the last keyslot. Device will become unusable after purging this key." +msgstr "Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil setelah menghapus kunci ini." + +#: src/cryptsetup.c:1582 +#, fuzzy +msgid "Enter any remaining passphrase: " +msgstr "Masukan kata sandi LUKS yang tersisa: " + +#: src/cryptsetup.c:1583 src/cryptsetup.c:1644 +msgid "Operation aborted, the keyslot was NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:1621 +#, fuzzy +msgid "Enter passphrase to be deleted: " +msgstr "Masukan kata sandi LUKS yang akan dihapus: " + +#: src/cryptsetup.c:1702 src/cryptsetup.c:1776 src/cryptsetup.c:1810 +msgid "Enter new passphrase for key slot: " +msgstr "Masukan kasa sandi baru untuk slot kunci: " + +#: src/cryptsetup.c:1793 src/cryptsetup_reencrypt.c:1343 +#, fuzzy, c-format +msgid "Enter any existing passphrase: " +msgstr "Masukan kata sandi: " + +#: src/cryptsetup.c:1861 +#, fuzzy +msgid "Enter passphrase to be changed: " +msgstr "Masukan kata sandi LUKS yang akan dihapus: " + +#: src/cryptsetup.c:1877 src/cryptsetup_reencrypt.c:1329 +#, fuzzy +msgid "Enter new passphrase: " +msgstr "Masukan kata sandi: " + +#: src/cryptsetup.c:1927 +#, fuzzy +msgid "Enter passphrase for keyslot to be converted: " +msgstr "Masukan kasa sandi baru untuk slot kunci: " + +#: src/cryptsetup.c:1951 +msgid "Only one device argument for isLuks operation is supported." +msgstr "" + +#: src/cryptsetup.c:2001 +msgid "" +"The header dump with volume key is sensitive information\n" +"that allows access to encrypted partition without a passphrase.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:2066 +#, fuzzy, c-format +msgid "Keyslot %d does not contain unbound key." +msgstr "Slot kunci %d tidak digunakan.\n" + +#: src/cryptsetup.c:2072 +msgid "" +"The header dump with unbound key is sensitive information.\n" +"This dump should be stored encrypted in a safe place." +msgstr "" + +#: src/cryptsetup.c:2207 src/cryptsetup.c:2228 +#, fuzzy +msgid "Option --header-backup-file is required." +msgstr "Pilihan --header-backup-file dibutuhkan.\n" + +#: src/cryptsetup.c:2258 +#, fuzzy, c-format +msgid "%s is not cryptsetup managed device." +msgstr "%s bukan perangkat LUKS." + +#: src/cryptsetup.c:2269 +#, fuzzy, c-format +msgid "Refresh is not supported for device type %s" +msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" + +#: src/cryptsetup.c:2311 +#, c-format +msgid "Unrecognized metadata device type %s." +msgstr "" + +#: src/cryptsetup.c:2314 +msgid "Command requires device and mapped name as arguments." +msgstr "" + +#: src/cryptsetup.c:2336 +#, fuzzy, c-format +msgid "" +"This operation will erase all keyslots on device %s.\n" "Device will become unusable after this operation." +msgstr "Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil setelah menghapus kunci ini." + +#: src/cryptsetup.c:2343 +msgid "Operation aborted, keyslots were NOT wiped.\n" +msgstr "" + +#: src/cryptsetup.c:2380 +msgid "Invalid LUKS type, only luks1 and luks2 are supported." +msgstr "" + +#: src/cryptsetup.c:2398 +#, fuzzy, c-format +msgid "Device is already %s type." +msgstr "Perangkat %s telah ada.\n" + +#: src/cryptsetup.c:2403 +#, fuzzy, c-format +msgid "This operation will convert %s to %s format.\n" +msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" + +#: src/cryptsetup.c:2409 +msgid "Operation aborted, device was NOT converted.\n" +msgstr "" + +#: src/cryptsetup.c:2449 +msgid "Option --priority, --label or --subsystem is missing." +msgstr "" + +#: src/cryptsetup.c:2483 src/cryptsetup.c:2516 src/cryptsetup.c:2539 +#, fuzzy, c-format +msgid "Token %d is invalid." +msgstr "Slot kunci %d tidak valid.\n" + +#: src/cryptsetup.c:2486 src/cryptsetup.c:2542 +#, c-format +msgid "Token %d in use." +msgstr "" + +#: src/cryptsetup.c:2493 +#, fuzzy, c-format +msgid "Failed to add luks2-keyring token %d." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: src/cryptsetup.c:2502 src/cryptsetup.c:2564 +#, fuzzy, c-format +msgid "Failed to assign token %d to keyslot %d." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: src/cryptsetup.c:2519 +#, fuzzy, c-format +msgid "Token %d is not in use." +msgstr "Slot kunci %d tidak digunakan.\n" + +#: src/cryptsetup.c:2554 +#, fuzzy +msgid "Failed to import token from file." +msgstr "Gagal membuka berkas kunci %s.\n" + +#: src/cryptsetup.c:2579 +#, fuzzy, c-format +msgid "Failed to get token %d for export." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: src/cryptsetup.c:2594 +msgid "--key-description parameter is mandatory for token add action." +msgstr "" + +#: src/cryptsetup.c:2600 src/cryptsetup.c:2608 +msgid "Action requires specific token. Use --token-id parameter." +msgstr "" + +#: src/cryptsetup.c:2613 +#, fuzzy, c-format +msgid "Invalid token operation %s." +msgstr "Besar kunci %d tidak valid.\n" + +#: src/cryptsetup.c:2668 +#, c-format +msgid "Auto-detected active dm device '%s' for data device %s.\n" +msgstr "" + +#: src/cryptsetup.c:2672 +#, fuzzy, c-format +msgid "Device %s is not a block device.\n" +msgstr "Perangkat %s bukan perangkat LUKS.\n" + +#: src/cryptsetup.c:2674 +#, fuzzy, c-format +msgid "Failed to auto-detect device %s holders." +msgstr "Gagal untuk memperoleh direktori pemeta-perangkat." + +#: src/cryptsetup.c:2676 +#, c-format +msgid "" +"Unable to decide if device %s is activated or not.\n" +"Are you sure you want to proceed with reencryption in offline mode?\n" +"It may lead to data corruption if the device is actually activated.\n" +"To run reencryption in online mode, use --active-name parameter instead.\n" +msgstr "" + +#: src/cryptsetup.c:2756 +#, fuzzy +msgid "Invalid LUKS device type." +msgstr "Perangkat %s tidak valid.\n" + +#: src/cryptsetup.c:2761 +msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)." +msgstr "" + +#: src/cryptsetup.c:2766 +msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter." +msgstr "" + +#: src/cryptsetup.c:2775 +#, c-format +msgid "Adjusting --reduce-device-size value to twice the --offset % (sectors).\n" +msgstr "" + +#: src/cryptsetup.c:2779 +#, fuzzy +msgid "Encryption is supported only for LUKS2 format." +msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" + +#: src/cryptsetup.c:2801 +#, c-format +msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?" +msgstr "" + +#: src/cryptsetup.c:2816 +#, fuzzy, c-format +msgid "Temporary header file %s already exists. Aborting." +msgstr "Berkas %s yang diminta telah ada.\n" + +#: src/cryptsetup.c:2818 src/cryptsetup.c:2825 +#, fuzzy, c-format +msgid "Cannot create temporary header file %s." +msgstr "Tidak dapat membaca berkas cadangan header %s.\n" + +#: src/cryptsetup.c:2889 +#, c-format +msgid "%s/%s is now active and ready for online encryption.\n" +msgstr "" + +#: src/cryptsetup.c:3053 src/cryptsetup.c:3059 +msgid "Not enough free keyslots for reencryption." +msgstr "" + +#: src/cryptsetup.c:3079 src/cryptsetup_reencrypt.c:1294 +msgid "Key file can be used only with --key-slot or with exactly one key slot active." +msgstr "" + +#: src/cryptsetup.c:3088 src/cryptsetup_reencrypt.c:1341 +#: src/cryptsetup_reencrypt.c:1352 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %d: " +msgstr "Masukan kasa sandi baru untuk slot kunci: " + +#: src/cryptsetup.c:3096 +#, fuzzy, c-format +msgid "Enter passphrase for key slot %u: " +msgstr "Masukan kasa sandi baru untuk slot kunci: " + +#: src/cryptsetup.c:3263 +#, fuzzy +msgid "Command requires device as argument." +msgstr "%s: membutuhkan %s sebagai argumen" + +#: src/cryptsetup.c:3285 +msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1." +msgstr "" + +#: src/cryptsetup.c:3297 +msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility." +msgstr "" + +#: src/cryptsetup.c:3307 src/cryptsetup_reencrypt.c:178 +msgid "Reencryption of device with integrity profile is not supported." +msgstr "" + +#: src/cryptsetup.c:3315 +msgid "LUKS2 reencryption already initialized. Aborting operation." +msgstr "" + +#: src/cryptsetup.c:3319 +msgid "LUKS2 device is not in reencryption." +msgstr "" + +#: src/cryptsetup.c:3346 +#, fuzzy +msgid " [--type ] []" +msgstr " " + +#: src/cryptsetup.c:3346 src/veritysetup.c:394 src/integritysetup.c:480 +#, fuzzy +msgid "open device as " +msgstr "buka perangkat LUKS sebagai pemetaan " + +#: src/cryptsetup.c:3347 src/cryptsetup.c:3348 src/cryptsetup.c:3349 +#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:481 +#: src/integritysetup.c:482 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3347 src/veritysetup.c:395 src/integritysetup.c:481 +msgid "close device (remove mapping)" +msgstr "" + +#: src/cryptsetup.c:3348 +msgid "resize active device" +msgstr "ubah ukuran perangkat aktif" + +#: src/cryptsetup.c:3349 +msgid "show device status" +msgstr "tampilkan status perangkat" + +#: src/cryptsetup.c:3350 +msgid "[--cipher ]" +msgstr "" + +#: src/cryptsetup.c:3350 +msgid "benchmark cipher" +msgstr "" + +#: src/cryptsetup.c:3351 src/cryptsetup.c:3352 src/cryptsetup.c:3353 +#: src/cryptsetup.c:3354 src/cryptsetup.c:3355 src/cryptsetup.c:3362 +#: src/cryptsetup.c:3363 src/cryptsetup.c:3364 src/cryptsetup.c:3365 +#: src/cryptsetup.c:3366 src/cryptsetup.c:3367 src/cryptsetup.c:3368 +#: src/cryptsetup.c:3369 src/cryptsetup.c:3370 +msgid "" +msgstr "" + +#: src/cryptsetup.c:3351 +msgid "try to repair on-disk metadata" +msgstr "" + +#: src/cryptsetup.c:3352 +#, fuzzy +msgid "reencrypt LUKS2 device" +msgstr "tambahkan kunci ke perangkat LUKS" + +#: src/cryptsetup.c:3353 +#, fuzzy +msgid "erase all keyslots (remove encryption key)" +msgstr "Besar dari kunci enkripsi" + +#: src/cryptsetup.c:3354 +msgid "convert LUKS from/to LUKS2 format" +msgstr "" + +#: src/cryptsetup.c:3355 +msgid "set permanent configuration options for LUKS2" +msgstr "" + +#: src/cryptsetup.c:3356 src/cryptsetup.c:3357 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3356 +msgid "formats a LUKS device" +msgstr "format sebuah perangkat LUKS" + +#: src/cryptsetup.c:3357 +msgid "add key to LUKS device" +msgstr "tambahkan kunci ke perangkat LUKS" + +#: src/cryptsetup.c:3358 src/cryptsetup.c:3359 src/cryptsetup.c:3360 +msgid " []" +msgstr " []" + +#: src/cryptsetup.c:3358 +msgid "removes supplied key or key file from LUKS device" +msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS" + +#: src/cryptsetup.c:3359 +#, fuzzy +msgid "changes supplied key or key file of LUKS device" +msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS" + +#: src/cryptsetup.c:3360 +msgid "converts a key to new pbkdf parameters" +msgstr "" + +#: src/cryptsetup.c:3361 +msgid " " +msgstr " " + +#: src/cryptsetup.c:3361 +msgid "wipes key with number from LUKS device" +msgstr "hapus kunci dengan nomor dari perangkat LUKS" + +#: src/cryptsetup.c:3362 +msgid "print UUID of LUKS device" +msgstr "tampilkan UUID dari perangkat LUKS" + +#: src/cryptsetup.c:3363 +msgid "tests for LUKS partition header" +msgstr "periksa untuk header partisi LUKS" + +#: src/cryptsetup.c:3364 +msgid "dump LUKS partition information" +msgstr "dump informasi partisi LUKS" + +#: src/cryptsetup.c:3365 +#, fuzzy +msgid "dump TCRYPT device information" +msgstr "dump informasi partisi LUKS" + +#: src/cryptsetup.c:3366 +#, fuzzy +msgid "dump BITLK device information" +msgstr "dump informasi partisi LUKS" + +#: src/cryptsetup.c:3367 +#, fuzzy +msgid "Suspend LUKS device and wipe key (all IOs are frozen)" +msgstr "Hentikan perangkat LUKS dan hapus kunci (semua IO dihentikan)." + +#: src/cryptsetup.c:3368 +#, fuzzy +msgid "Resume suspended LUKS device" +msgstr "Lanjutkan perangkat LUKS yang dihentikan." + +#: src/cryptsetup.c:3369 +msgid "Backup LUKS device header and keyslots" +msgstr "Buat cadangan header perangkat LUKS dan slot kunci" + +#: src/cryptsetup.c:3370 +msgid "Restore LUKS device header and keyslots" +msgstr "Kembalikan header perangkat LUKS dan slot kunci" + +#: src/cryptsetup.c:3371 +msgid " " +msgstr "" + +#: src/cryptsetup.c:3371 +msgid "Manipulate LUKS2 tokens" +msgstr "" + +#: src/cryptsetup.c:3389 src/veritysetup.c:412 src/integritysetup.c:498 +msgid "" +"\n" +" is one of:\n" +msgstr "" +"\n" +" adalah salah satu dari:\n" + +#: src/cryptsetup.c:3395 +msgid "" +"\n" +"You can also use old syntax aliases:\n" +"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n" +"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n" +msgstr "" + +#: src/cryptsetup.c:3399 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the encrypted device\n" +" is the LUKS key slot number to modify\n" +" optional key file for the new key for luksAddKey action\n" +msgstr "" +"\n" +" adalah perangkat untuk dibuat dibawah %s\n" +" adalah perangkat terenkripsi\n" +" adalah nomor slot kunci LUKS untuk dimodifikasi\n" +" adalah berkas kunci opsional untuk kunci baru untuk aksi luksAddKey\n" + +#: src/cryptsetup.c:3406 +#, c-format +msgid "" +"\n" +"Default compiled-in metadata format is %s (for luksFormat action).\n" +msgstr "" + +#: src/cryptsetup.c:3411 +#, c-format +msgid "" +"\n" +"Default compiled-in key and passphrase parameters:\n" +"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n" +"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" +"Default PBKDF for LUKS2: %s\n" +"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n" +msgstr "" + +#: src/cryptsetup.c:3422 +#, fuzzy, c-format +msgid "" +"\n" +"Default compiled-in device cipher parameters:\n" +"\tloop-AES: %s, Key %d bits\n" +"\tplain: %s, Key: %d bits, Password hashing: %s\n" +"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +msgstr "" +"\n" +"Parameter baku yang terkompilasi dalam perangkat penyandi:\n" +"\tterbuka: %s, Kunci: %d bits, Hash kata sandi : %s\n" +"\tLUKS1 : %s, Kunci: %d bits, Hash kepala LUKS: %s\n" + +#: src/cryptsetup.c:3431 +msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n" +msgstr "" + +#: src/cryptsetup.c:3447 src/veritysetup.c:569 src/integritysetup.c:642 +#, c-format +msgid "%s: requires %s as arguments" +msgstr "%s: membutuhkan %s sebagai argumen" + +#: src/cryptsetup.c:3480 src/veritysetup.c:457 src/integritysetup.c:536 +#: src/cryptsetup_reencrypt.c:1607 +msgid "Show this help message" +msgstr "Tampilkan pesan bantuan ini" + +#: src/cryptsetup.c:3481 src/veritysetup.c:458 src/integritysetup.c:537 +#: src/cryptsetup_reencrypt.c:1608 +msgid "Display brief usage" +msgstr "Tampilkan penggunaan singkat" + +#: src/cryptsetup.c:3482 src/veritysetup.c:459 src/integritysetup.c:538 +#: src/cryptsetup_reencrypt.c:1609 +msgid "Print package version" +msgstr "Tampilkan versi paket" + +#: src/cryptsetup.c:3486 src/veritysetup.c:463 src/integritysetup.c:542 +#: src/cryptsetup_reencrypt.c:1613 +msgid "Help options:" +msgstr "Pilihan bantuan:" + +#: src/cryptsetup.c:3487 src/veritysetup.c:464 src/integritysetup.c:543 +#: src/cryptsetup_reencrypt.c:1614 +msgid "Shows more detailed error messages" +msgstr "Tampilkan pesan kesalahan secara lebih detail" + +#: src/cryptsetup.c:3488 src/veritysetup.c:465 src/integritysetup.c:544 +#: src/cryptsetup_reencrypt.c:1615 +msgid "Show debug messages" +msgstr "Tampilkan pesan penelusuran" + +#: src/cryptsetup.c:3489 +#, fuzzy +msgid "Show debug messages including JSON metadata" +msgstr "Tampilkan pesan penelusuran" + +#: src/cryptsetup.c:3490 src/cryptsetup_reencrypt.c:1617 +msgid "The cipher used to encrypt the disk (see /proc/crypto)" +msgstr "Cipher yang digunakan untuk mengenkripsi ke disk (lihat /proc/crypto)" + +#: src/cryptsetup.c:3491 src/cryptsetup_reencrypt.c:1619 +msgid "The hash used to create the encryption key from the passphrase" +msgstr "Hash yang digunakan untuk membuat kunci enkripsi dari kata sandi" + +#: src/cryptsetup.c:3492 +msgid "Verifies the passphrase by asking for it twice" +msgstr "Verifikasi kata sandi dengan menanyakan itu dua kali" + +#: src/cryptsetup.c:3493 src/cryptsetup_reencrypt.c:1621 +#, fuzzy +msgid "Read the key from a file" +msgstr "Baca volume (master) kunci dari berkas." + +#: src/cryptsetup.c:3494 +msgid "Read the volume (master) key from file." +msgstr "Baca volume (master) kunci dari berkas." + +#: src/cryptsetup.c:3495 +msgid "Dump volume (master) key instead of keyslots info" +msgstr "" + +#: src/cryptsetup.c:3496 src/cryptsetup_reencrypt.c:1618 +msgid "The size of the encryption key" +msgstr "Besar dari kunci enkripsi" + +#: src/cryptsetup.c:3496 src/cryptsetup.c:3557 src/integritysetup.c:562 +#: src/integritysetup.c:566 src/integritysetup.c:570 +#: src/cryptsetup_reencrypt.c:1618 +msgid "BITS" +msgstr "BITS" + +#: src/cryptsetup.c:3497 src/cryptsetup_reencrypt.c:1634 +msgid "Limits the read from keyfile" +msgstr "" + +#: src/cryptsetup.c:3497 src/cryptsetup.c:3498 src/cryptsetup.c:3499 +#: src/cryptsetup.c:3500 src/cryptsetup.c:3503 src/cryptsetup.c:3554 +#: src/cryptsetup.c:3555 src/cryptsetup.c:3563 src/cryptsetup.c:3564 +#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470 +#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:551 +#: src/integritysetup.c:557 src/integritysetup.c:558 +#: src/cryptsetup_reencrypt.c:1633 src/cryptsetup_reencrypt.c:1634 +#: src/cryptsetup_reencrypt.c:1635 src/cryptsetup_reencrypt.c:1636 +msgid "bytes" +msgstr "" + +#: src/cryptsetup.c:3498 src/cryptsetup_reencrypt.c:1633 +msgid "Number of bytes to skip in keyfile" +msgstr "" + +#: src/cryptsetup.c:3499 +msgid "Limits the read from newly added keyfile" +msgstr "" + +#: src/cryptsetup.c:3500 +msgid "Number of bytes to skip in newly added keyfile" +msgstr "" + +#: src/cryptsetup.c:3501 +msgid "Slot number for new key (default is first free)" +msgstr "Nomor slot untuk kunci baru (baku adalah yang kosong pertama)" + +#: src/cryptsetup.c:3502 +msgid "The size of the device" +msgstr "Besar dari perangkat" + +#: src/cryptsetup.c:3502 src/cryptsetup.c:3504 src/cryptsetup.c:3505 +#: src/cryptsetup.c:3511 src/integritysetup.c:552 src/integritysetup.c:559 +msgid "SECTORS" +msgstr "SEKTOR" + +#: src/cryptsetup.c:3503 src/cryptsetup_reencrypt.c:1636 +msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +msgstr "" + +#: src/cryptsetup.c:3504 +msgid "The start offset in the backend device" +msgstr "Awal ofset dalam perangkat backend" + +#: src/cryptsetup.c:3505 +msgid "How many sectors of the encrypted data to skip at the beginning" +msgstr "Berapa banyak sektor dari data terenkripsi yang dilewatkan di awal" + +#: src/cryptsetup.c:3506 +msgid "Create a readonly mapping" +msgstr "Buat pemetaan baca-saja" + +#: src/cryptsetup.c:3507 src/integritysetup.c:545 +#: src/cryptsetup_reencrypt.c:1624 +msgid "Do not ask for confirmation" +msgstr "Jangan tanya untuk konfirmasi" + +#: src/cryptsetup.c:3508 +msgid "Timeout for interactive passphrase prompt (in seconds)" +msgstr "Waktu habis untuk pertanyaan interaktif kata sandi (dalam detik)" + +#: src/cryptsetup.c:3508 src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "secs" +msgstr "detik" + +#: src/cryptsetup.c:3509 src/integritysetup.c:546 +#: src/cryptsetup_reencrypt.c:1625 +msgid "Progress line update (in seconds)" msgstr "" -"Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil " -"setelah menghapus kunci ini." -#: src/cryptsetup.c:1360 +#: src/cryptsetup.c:3510 src/cryptsetup_reencrypt.c:1626 +msgid "How often the input of the passphrase can be retried" +msgstr "Seberapa sering masukan dari kata sandi dapat dicoba" + +#: src/cryptsetup.c:3511 +msgid "Align payload at sector boundaries - for luksFormat" +msgstr "Sesuaikan muatan di batas sektor - untuk luksFormat" + +#: src/cryptsetup.c:3512 #, fuzzy -msgid " [--type ] []" -msgstr " " +msgid "File with LUKS header and keyslots backup" +msgstr "Berkas dengan header LUKS dan cadangan slot kunci." + +#: src/cryptsetup.c:3513 src/cryptsetup_reencrypt.c:1627 +msgid "Use /dev/random for generating volume key" +msgstr "" + +#: src/cryptsetup.c:3514 src/cryptsetup_reencrypt.c:1628 +msgid "Use /dev/urandom for generating volume key" +msgstr "" + +#: src/cryptsetup.c:3515 +msgid "Share device with another non-overlapping crypt segment" +msgstr "" -#: src/cryptsetup.c:1360 +#: src/cryptsetup.c:3516 src/veritysetup.c:477 #, fuzzy -msgid "open device as mapping " -msgstr "buka perangkat LUKS sebagai pemetaan " +msgid "UUID for device to use" +msgstr "DM-UUID untuk perangkat %s telah terpotong.\n" -#: src/cryptsetup.c:1361 src/cryptsetup.c:1362 src/cryptsetup.c:1363 -#: src/cryptsetup.c:1364 src/veritysetup.c:311 src/veritysetup.c:312 -msgid "" -msgstr "" +#: src/cryptsetup.c:3517 src/integritysetup.c:579 +msgid "Allow discards (aka TRIM) requests for device" +msgstr "" -#: src/cryptsetup.c:1361 -msgid "close device (remove mapping)" +#: src/cryptsetup.c:3518 src/cryptsetup_reencrypt.c:1645 +msgid "Device or file with separated LUKS header" msgstr "" -#: src/cryptsetup.c:1362 -msgid "resize active device" -msgstr "ubah ukuran perangkat aktif" +#: src/cryptsetup.c:3519 +msgid "Do not activate device, just check passphrase" +msgstr "" -#: src/cryptsetup.c:1363 -msgid "show device status" -msgstr "tampilkan status perangkat" +#: src/cryptsetup.c:3520 +msgid "Use hidden header (hidden TCRYPT device)" +msgstr "" -#: src/cryptsetup.c:1364 -msgid "benchmark cipher" +#: src/cryptsetup.c:3521 +msgid "Device is system TCRYPT drive (with bootloader)" msgstr "" -#: src/cryptsetup.c:1365 src/cryptsetup.c:1366 src/cryptsetup.c:1372 -#: src/cryptsetup.c:1373 src/cryptsetup.c:1374 src/cryptsetup.c:1375 -#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1378 -#: src/cryptsetup.c:1379 -msgid "" -msgstr "" +#: src/cryptsetup.c:3522 +msgid "Use backup (secondary) TCRYPT header" +msgstr "" -#: src/cryptsetup.c:1365 -msgid "try to repair on-disk metadata" +#: src/cryptsetup.c:3523 +msgid "Scan also for VeraCrypt compatible device" +msgstr "" + +#: src/cryptsetup.c:3524 +msgid "Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "" + +#: src/cryptsetup.c:3525 +msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device" +msgstr "" + +#: src/cryptsetup.c:3526 +msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk" +msgstr "" + +#: src/cryptsetup.c:3527 +msgid "Disable password quality check (if enabled)" +msgstr "" + +#: src/cryptsetup.c:3528 +msgid "Use dm-crypt same_cpu_crypt performance compatibility option" +msgstr "" + +#: src/cryptsetup.c:3529 +msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option" +msgstr "" + +#: src/cryptsetup.c:3530 +msgid "Device removal is deferred until the last user closes it" +msgstr "" + +#: src/cryptsetup.c:3531 +msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)" msgstr "" -#: src/cryptsetup.c:1366 +#: src/cryptsetup.c:3532 #, fuzzy -msgid "erase all keyslots (remove encryption key)" -msgstr "Besar dari kunci enkripsi" +msgid "PBKDF iteration time for LUKS (in ms)" +msgstr "waktu iterasi PBKDF2 untuk LUKS (dalam mdet)" -#: src/cryptsetup.c:1367 src/cryptsetup.c:1368 -msgid " []" -msgstr " []" +#: src/cryptsetup.c:3532 src/cryptsetup_reencrypt.c:1623 +msgid "msecs" +msgstr "mdetik" -#: src/cryptsetup.c:1367 -msgid "formats a LUKS device" +#: src/cryptsetup.c:3533 src/cryptsetup_reencrypt.c:1641 +msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "PBKDF memory cost limit" +msgstr "" + +#: src/cryptsetup.c:3534 src/cryptsetup_reencrypt.c:1642 +msgid "kilobytes" +msgstr "" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "PBKDF parallel cost" +msgstr "" + +#: src/cryptsetup.c:3535 src/cryptsetup_reencrypt.c:1643 +msgid "threads" +msgstr "" + +#: src/cryptsetup.c:3536 src/cryptsetup_reencrypt.c:1644 +msgid "PBKDF iterations cost (forced, disables benchmark)" +msgstr "" + +#: src/cryptsetup.c:3537 +msgid "Keyslot priority: ignore, normal, prefer" +msgstr "" + +#: src/cryptsetup.c:3538 +msgid "Disable locking of on-disk metadata" +msgstr "" + +#: src/cryptsetup.c:3539 +msgid "Disable loading volume keys via kernel keyring" +msgstr "" + +#: src/cryptsetup.c:3540 +msgid "Data integrity algorithm (LUKS2 only)" +msgstr "" + +#: src/cryptsetup.c:3541 src/integritysetup.c:573 +msgid "Disable journal for integrity device" +msgstr "" + +#: src/cryptsetup.c:3542 src/integritysetup.c:547 +msgid "Do not wipe device after format" +msgstr "" + +#: src/cryptsetup.c:3543 src/integritysetup.c:577 +msgid "Use inefficient legacy padding (old kernels)" +msgstr "" + +#: src/cryptsetup.c:3544 +msgid "Do not ask for passphrase if activation by token fails" +msgstr "" + +#: src/cryptsetup.c:3545 +msgid "Token number (default: any)" +msgstr "" + +#: src/cryptsetup.c:3546 +msgid "Key description" +msgstr "" + +#: src/cryptsetup.c:3547 +msgid "Encryption sector size (default: 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3548 +msgid "Use IV counted in sector size (not in 512 bytes)" +msgstr "" + +#: src/cryptsetup.c:3549 +msgid "Set activation flags persistent for device" +msgstr "" + +#: src/cryptsetup.c:3550 +#, fuzzy +msgid "Set label for the LUKS2 device" msgstr "format sebuah perangkat LUKS" -#: src/cryptsetup.c:1368 -msgid "add key to LUKS device" -msgstr "tambahkan kunci ke perangkat LUKS" +#: src/cryptsetup.c:3551 +msgid "Set subsystem label for the LUKS2 device" +msgstr "" -#: src/cryptsetup.c:1369 src/cryptsetup.c:1370 -msgid " []" -msgstr " []" +#: src/cryptsetup.c:3552 +msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot" +msgstr "" -#: src/cryptsetup.c:1369 -msgid "removes supplied key or key file from LUKS device" -msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS" +#: src/cryptsetup.c:3553 +msgid "Read or write the json from or to a file" +msgstr "" -#: src/cryptsetup.c:1370 +#: src/cryptsetup.c:3554 +msgid "LUKS2 header metadata area size" +msgstr "" + +#: src/cryptsetup.c:3555 #, fuzzy -msgid "changes supplied key or key file of LUKS device" -msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS" +msgid "LUKS2 header keyslots area size" +msgstr "Berkas dengan header LUKS dan cadangan slot kunci." -#: src/cryptsetup.c:1371 -msgid " " -msgstr " " +#: src/cryptsetup.c:3556 +msgid "Refresh (reactivate) device with new parameters" +msgstr "" -#: src/cryptsetup.c:1371 -msgid "wipes key with number from LUKS device" -msgstr "hapus kunci dengan nomor dari perangkat LUKS" +#: src/cryptsetup.c:3557 +#, fuzzy +msgid "LUKS2 keyslot: The size of the encryption key" +msgstr "Besar dari kunci enkripsi" -#: src/cryptsetup.c:1372 -msgid "print UUID of LUKS device" -msgstr "tampilkan UUID dari perangkat LUKS" +#: src/cryptsetup.c:3558 +msgid "LUKS2 keyslot: The cipher used for keyslot encryption" +msgstr "" -#: src/cryptsetup.c:1373 -msgid "tests for LUKS partition header" -msgstr "periksa untuk header partisi LUKS" +#: src/cryptsetup.c:3559 +msgid "Encrypt LUKS2 device (in-place encryption)." +msgstr "" -#: src/cryptsetup.c:1374 -msgid "dump LUKS partition information" -msgstr "dump informasi partisi LUKS" +#: src/cryptsetup.c:3560 +msgid "Decrypt LUKS2 device (remove encryption)." +msgstr "" + +#: src/cryptsetup.c:3561 +msgid "Initialize LUKS2 reencryption in metadata only." +msgstr "" + +#: src/cryptsetup.c:3562 +msgid "Resume initialized LUKS2 reencryption only." +msgstr "" + +#: src/cryptsetup.c:3563 src/cryptsetup_reencrypt.c:1635 +msgid "Reduce data device size (move data offset). DANGEROUS!" +msgstr "" + +#: src/cryptsetup.c:3564 +msgid "Maximal reencryption hotzone size." +msgstr "" + +#: src/cryptsetup.c:3565 +msgid "Reencryption hotzone resilience type (checksum,journal,none)" +msgstr "" + +#: src/cryptsetup.c:3566 +msgid "Reencryption hotzone checksums hash" +msgstr "" + +#: src/cryptsetup.c:3567 +msgid "Override device autodetection of dm device to be reencrypted" +msgstr "" + +#: src/cryptsetup.c:3583 src/veritysetup.c:499 src/integritysetup.c:595 +#, fuzzy +msgid "[OPTION...] " +msgstr "[PILIHAN...] ]" + +#: src/cryptsetup.c:3634 src/veritysetup.c:533 src/integritysetup.c:606 +msgid "Argument missing." +msgstr "Argumen hilang." + +#: src/cryptsetup.c:3703 src/veritysetup.c:564 src/integritysetup.c:637 +msgid "Unknown action." +msgstr "Aksi tidak diketahui." + +#: src/cryptsetup.c:3713 +msgid "Options --refresh and --test-passphrase are mutually exclusive." +msgstr "" + +#: src/cryptsetup.c:3718 +msgid "Option --deferred is allowed only for close command." +msgstr "" + +#: src/cryptsetup.c:3723 +msgid "Option --shared is allowed only for open of plain device." +msgstr "" + +#: src/cryptsetup.c:3728 src/integritysetup.c:654 +msgid "Option --allow-discards is allowed only for open operation." +msgstr "" + +#: src/cryptsetup.c:3733 +msgid "Option --persistent is allowed only for open operation." +msgstr "" + +#: src/cryptsetup.c:3738 +msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation." +msgstr "" + +#: src/cryptsetup.c:3743 +msgid "Option --persistent is not allowed with --test-passphrase." +msgstr "" + +#: src/cryptsetup.c:3753 +msgid "" +"Option --key-size is allowed only for luksFormat, luksAddKey,\n" +"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)." +msgstr "" + +#: src/cryptsetup.c:3759 +msgid "Option --integrity is allowed only for luksFormat (LUKS2)." +msgstr "" + +#: src/cryptsetup.c:3764 +msgid "Option --integrity-no-wipe can be used only for format action with integrity extension." +msgstr "" + +#: src/cryptsetup.c:3770 +msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations." +msgstr "" + +#: src/cryptsetup.c:3776 +msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices." +msgstr "" + +#: src/cryptsetup.c:3781 src/cryptsetup_reencrypt.c:1708 +msgid "Key size must be a multiple of 8 bits" +msgstr "Kunci harus kelipatan dari 8 bit" + +#: src/cryptsetup.c:3787 src/cryptsetup_reencrypt.c:1394 +#: src/cryptsetup_reencrypt.c:1713 +#, fuzzy +msgid "Key slot is invalid." +msgstr "Slot kunci %d tidak valid.\n" + +#: src/cryptsetup.c:3794 +msgid "Option --key-file takes precedence over specified key file argument." +msgstr "" + +#: src/cryptsetup.c:3801 src/veritysetup.c:576 src/integritysetup.c:663 +#: src/cryptsetup_reencrypt.c:1687 +msgid "Negative number for option not permitted." +msgstr "" + +#: src/cryptsetup.c:3805 +msgid "Only one --key-file argument is allowed." +msgstr "" + +#: src/cryptsetup.c:3809 src/cryptsetup_reencrypt.c:1679 +#: src/cryptsetup_reencrypt.c:1717 +msgid "Only one of --use-[u]random options is allowed." +msgstr "" + +#: src/cryptsetup.c:3813 +msgid "Option --use-[u]random is allowed only for luksFormat." +msgstr "" + +#: src/cryptsetup.c:3817 +msgid "Option --uuid is allowed only for luksFormat and luksUUID." +msgstr "" + +#: src/cryptsetup.c:3821 +msgid "Option --align-payload is allowed only for luksFormat." +msgstr "" + +#: src/cryptsetup.c:3825 +msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2." +msgstr "" + +#: src/cryptsetup.c:3830 +msgid "Invalid LUKS2 metadata size specification." +msgstr "" + +#: src/cryptsetup.c:3834 +msgid "Invalid LUKS2 keyslots size specification." +msgstr "" + +#: src/cryptsetup.c:3838 +msgid "Options --align-payload and --offset cannot be combined." +msgstr "" -#: src/cryptsetup.c:1375 +#: src/cryptsetup.c:3844 #, fuzzy -msgid "dump TCRYPT device information" -msgstr "dump informasi partisi LUKS" +msgid "Option --skip is supported only for open of plain and loopaes devices." +msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" -#: src/cryptsetup.c:1376 -msgid "Suspend LUKS device and wipe key (all IOs are frozen)." -msgstr "Hentikan perangkat LUKS dan hapus kunci (semua IO dihentikan)." +#: src/cryptsetup.c:3851 +msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption." +msgstr "" -#: src/cryptsetup.c:1377 -msgid "Resume suspended LUKS device." -msgstr "Lanjutkan perangkat LUKS yang dihentikan." +#: src/cryptsetup.c:3857 +msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device." +msgstr "" -#: src/cryptsetup.c:1378 -msgid "Backup LUKS device header and keyslots" -msgstr "Buat cadangan header perangkat LUKS dan slot kunci" +#: src/cryptsetup.c:3862 +msgid "Option --tcrypt-hidden cannot be combined with --allow-discards." +msgstr "" -#: src/cryptsetup.c:1379 -msgid "Restore LUKS device header and keyslots" -msgstr "Kembalikan header perangkat LUKS dan slot kunci" +#: src/cryptsetup.c:3867 +#, fuzzy +msgid "Option --veracrypt is supported only for TCRYPT device type." +msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" -#: src/cryptsetup.c:1396 src/veritysetup.c:328 -msgid "" -"\n" -" is one of:\n" +#: src/cryptsetup.c:3873 +msgid "Invalid argument for parameter --veracrypt-pim supplied." msgstr "" -"\n" -" adalah salah satu dari:\n" -#: src/cryptsetup.c:1402 -msgid "" -"\n" -"You can also use old syntax aliases:\n" -"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n" -"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n" +#: src/cryptsetup.c:3877 +#, fuzzy +msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices." +msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" + +#: src/cryptsetup.c:3885 +msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices." msgstr "" -#: src/cryptsetup.c:1406 -#, c-format -msgid "" -"\n" -" is the device to create under %s\n" -" is the encrypted device\n" -" is the LUKS key slot number to modify\n" -" optional key file for the new key for luksAddKey action\n" +#: src/cryptsetup.c:3889 +msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive." msgstr "" -"\n" -" adalah perangkat untuk dibuat dibawah %s\n" -" adalah perangkat terenkripsi\n" -" adalah nomor slot kunci LUKS untuk dimodifikasi\n" -" adalah berkas kunci opsional untuk kunci baru untuk aksi " -"luksAddKey\n" -#: src/cryptsetup.c:1413 -#, c-format -msgid "" -"\n" -"Default compiled-in key and passphrase parameters:\n" -"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d " -"(characters)\n" -"Default PBKDF2 iteration time for LUKS: %d (ms)\n" +#: src/cryptsetup.c:3896 +msgid "Option --priority can be only ignore/normal/prefer." msgstr "" -#: src/cryptsetup.c:1420 -#, fuzzy, c-format -msgid "" -"\n" -"Default compiled-in device cipher parameters:\n" -"\tloop-AES: %s, Key %d bits\n" -"\tplain: %s, Key: %d bits, Password hashing: %s\n" -"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n" +#: src/cryptsetup.c:3901 src/cryptsetup.c:3939 +msgid "Keyslot specification is required." msgstr "" -"\n" -"Parameter baku yang terkompilasi dalam perangkat penyandi:\n" -"\tterbuka: %s, Kunci: %d bits, Hash kata sandi : %s\n" -"\tLUKS1 : %s, Kunci: %d bits, Hash kepala LUKS: %s\n" -#: src/cryptsetup.c:1437 src/veritysetup.c:460 -#, c-format -msgid "%s: requires %s as arguments" -msgstr "%s: membutuhkan %s sebagai argumen" +#: src/cryptsetup.c:3906 src/cryptsetup_reencrypt.c:1693 +msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id." +msgstr "" -#: src/cryptsetup.c:1470 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1253 -msgid "Show this help message" -msgstr "Tampilkan pesan bantuan ini" +#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1698 +msgid "PBKDF forced iterations cannot be combined with iteration time option." +msgstr "" -#: src/cryptsetup.c:1471 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1254 -msgid "Display brief usage" -msgstr "Tampilkan penggunaan singkat" +#: src/cryptsetup.c:3917 +#, fuzzy +msgid "Sector size option is not supported for this command." +msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n" -#: src/cryptsetup.c:1475 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1258 -msgid "Help options:" -msgstr "Pilihan bantuan:" +#: src/cryptsetup.c:3929 +msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes." +msgstr "" -#: src/cryptsetup.c:1476 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1259 -msgid "Print package version" -msgstr "Tampilkan versi paket" +#: src/cryptsetup.c:3934 +msgid "Key size is required with --unbound option." +msgstr "" -#: src/cryptsetup.c:1477 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1260 -msgid "Shows more detailed error messages" -msgstr "Tampilkan pesan kesalahan secara lebih detail" +#: src/cryptsetup.c:3944 +msgid "Option --unbound may be used only with luksAddKey and luksDump actions." +msgstr "" -#: src/cryptsetup.c:1478 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1261 -msgid "Show debug messages" -msgstr "Tampilkan pesan penelusuran" +#: src/cryptsetup.c:3949 +msgid "Option --refresh may be used only with open action." +msgstr "" -#: src/cryptsetup.c:1479 src/cryptsetup_reencrypt.c:1263 -msgid "The cipher used to encrypt the disk (see /proc/crypto)" -msgstr "Cipher yang digunakan untuk mengenkripsi ke disk (lihat /proc/crypto)" +#: src/cryptsetup.c:3960 +msgid "Cannot disable metadata locking." +msgstr "" -#: src/cryptsetup.c:1480 src/cryptsetup_reencrypt.c:1265 -msgid "The hash used to create the encryption key from the passphrase" -msgstr "Hash yang digunakan untuk membuat kunci enkripsi dari kata sandi" +#: src/cryptsetup.c:3970 +msgid "Invalid max reencryption hotzone size specification." +msgstr "" -#: src/cryptsetup.c:1481 -msgid "Verifies the passphrase by asking for it twice" -msgstr "Verifikasi kata sandi dengan menanyakan itu dua kali" +#: src/cryptsetup.c:3978 src/cryptsetup_reencrypt.c:1722 +#: src/cryptsetup_reencrypt.c:1727 +#, fuzzy +msgid "Invalid device size specification." +msgstr "Perangkat %s tidak valid.\n" + +#: src/cryptsetup.c:3981 +msgid "Maximum device reduce size is 1 GiB." +msgstr "" -#: src/cryptsetup.c:1482 src/cryptsetup_reencrypt.c:1267 +#: src/cryptsetup.c:3984 src/cryptsetup_reencrypt.c:1733 #, fuzzy -msgid "Read the key from a file." -msgstr "Baca volume (master) kunci dari berkas." +msgid "Reduce size must be multiple of 512 bytes sector." +msgstr "Kunci harus kelipatan dari 8 bit" -#: src/cryptsetup.c:1483 -msgid "Read the volume (master) key from file." -msgstr "Baca volume (master) kunci dari berkas." +#: src/cryptsetup.c:3989 +msgid "Invalid data size specification." +msgstr "" -#: src/cryptsetup.c:1484 -msgid "Dump volume (master) key instead of keyslots info." +#: src/cryptsetup.c:3994 +msgid "Reduce size overflow." msgstr "" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "The size of the encryption key" -msgstr "Besar dari kunci enkripsi" +#: src/cryptsetup.c:3998 +msgid "LUKS2 decryption requires option --header." +msgstr "" -#: src/cryptsetup.c:1485 src/cryptsetup_reencrypt.c:1264 -msgid "BITS" -msgstr "BITS" +#: src/cryptsetup.c:4002 +#, fuzzy +msgid "Device size must be multiple of 512 bytes sector." +msgstr "Kunci harus kelipatan dari 8 bit" -#: src/cryptsetup.c:1486 src/cryptsetup_reencrypt.c:1278 -msgid "Limits the read from keyfile" +#: src/cryptsetup.c:4006 +msgid "Options --reduce-device-size and --data-size cannot be combined." msgstr "" -#: src/cryptsetup.c:1486 src/cryptsetup.c:1487 src/cryptsetup.c:1488 -#: src/cryptsetup.c:1489 src/veritysetup.c:379 src/veritysetup.c:380 -#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1277 -#: src/cryptsetup_reencrypt.c:1278 src/cryptsetup_reencrypt.c:1279 -#: src/cryptsetup_reencrypt.c:1280 -msgid "bytes" +#: src/cryptsetup.c:4010 +msgid "Options --device-size and --size cannot be combined." msgstr "" -#: src/cryptsetup.c:1487 src/cryptsetup_reencrypt.c:1277 -msgid "Number of bytes to skip in keyfile" +#: src/cryptsetup.c:4014 +msgid "Options --keyslot-cipher and --keyslot-key-size must be used together." msgstr "" -#: src/cryptsetup.c:1488 -msgid "Limits the read from newly added keyfile" +#: src/veritysetup.c:66 +msgid "Invalid salt string specified." msgstr "" -#: src/cryptsetup.c:1489 -msgid "Number of bytes to skip in newly added keyfile" +#: src/veritysetup.c:97 +#, c-format +msgid "Cannot create hash image %s for writing." msgstr "" -#: src/cryptsetup.c:1490 -msgid "Slot number for new key (default is first free)" -msgstr "Nomor slot untuk kunci baru (baku adalah yang kosong pertama)" +#: src/veritysetup.c:107 +#, c-format +msgid "Cannot create FEC image %s for writing." +msgstr "" -#: src/cryptsetup.c:1491 -msgid "The size of the device" -msgstr "Besar dari perangkat" +#: src/veritysetup.c:179 +msgid "Invalid root hash string specified." +msgstr "" -#: src/cryptsetup.c:1491 src/cryptsetup.c:1492 src/cryptsetup.c:1493 -#: src/cryptsetup.c:1499 -msgid "SECTORS" -msgstr "SEKTOR" +#: src/veritysetup.c:187 +#, fuzzy, c-format +msgid "Invalid signature file %s." +msgstr "Perangkat %s tidak valid.\n" -#: src/cryptsetup.c:1492 -msgid "The start offset in the backend device" -msgstr "Awal ofset dalam perangkat backend" +#: src/veritysetup.c:194 +#, fuzzy, c-format +msgid "Cannot read signature file %s." +msgstr "Tidak dapat membaca perangkat %s.\n" -#: src/cryptsetup.c:1493 -msgid "How many sectors of the encrypted data to skip at the beginning" -msgstr "Berapa banyak sektor dari data terenkripsi yang dilewatkan di awal" +#: src/veritysetup.c:392 +#, fuzzy +msgid " " +msgstr " " -#: src/cryptsetup.c:1494 -msgid "Create a readonly mapping" -msgstr "Buat pemetaan baca-saja" +#: src/veritysetup.c:392 src/integritysetup.c:479 +#, fuzzy +msgid "format device" +msgstr "buat perangkat" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "PBKDF2 iteration time for LUKS (in ms)" -msgstr "waktu iterasi PBKDF2 untuk LUKS (dalam mdet)" +#: src/veritysetup.c:393 +msgid " " +msgstr "" -#: src/cryptsetup.c:1495 src/cryptsetup_reencrypt.c:1268 -msgid "msecs" -msgstr "mdetik" +#: src/veritysetup.c:393 +#, fuzzy +msgid "verify device" +msgstr "hapus perangkat" -#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1269 -msgid "Do not ask for confirmation" -msgstr "Jangan tanya untuk konfirmasi" +#: src/veritysetup.c:394 +msgid " " +msgstr "" -#: src/cryptsetup.c:1497 -msgid "Timeout for interactive passphrase prompt (in seconds)" -msgstr "Waktu habis untuk pertanyaan interaktif kata sandi (dalam detik)" +#: src/veritysetup.c:396 src/integritysetup.c:482 +#, fuzzy +msgid "show active device status" +msgstr "tampilkan status perangkat" -#: src/cryptsetup.c:1497 -msgid "secs" -msgstr "detik" +#: src/veritysetup.c:397 +#, fuzzy +msgid "" +msgstr "" -#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1270 -msgid "How often the input of the passphrase can be retried" -msgstr "Seberapa sering masukan dari kata sandi dapat dicoba" +#: src/veritysetup.c:397 src/integritysetup.c:483 +msgid "show on-disk information" +msgstr "" -#: src/cryptsetup.c:1499 -msgid "Align payload at sector boundaries - for luksFormat" -msgstr "Sesuaikan muatan di batas sektor - untuk luksFormat" +#: src/veritysetup.c:416 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the data device\n" +" is the device containing verification data\n" +" hash of the root node on \n" +msgstr "" -#: src/cryptsetup.c:1500 -msgid "File with LUKS header and keyslots backup." -msgstr "Berkas dengan header LUKS dan cadangan slot kunci." +#: src/veritysetup.c:423 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-verity parameters:\n" +"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n" +msgstr "" -#: src/cryptsetup.c:1501 src/cryptsetup_reencrypt.c:1271 -msgid "Use /dev/random for generating volume key." +#: src/veritysetup.c:466 +msgid "Do not use verity superblock" msgstr "" -#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1272 -msgid "Use /dev/urandom for generating volume key." +#: src/veritysetup.c:467 +msgid "Format type (1 - normal, 0 - original Chrome OS)" msgstr "" -#: src/cryptsetup.c:1503 -msgid "Share device with another non-overlapping crypt segment." +#: src/veritysetup.c:467 +msgid "number" msgstr "" -#: src/cryptsetup.c:1504 src/veritysetup.c:385 +#: src/veritysetup.c:468 #, fuzzy -msgid "UUID for device to use." -msgstr "DM-UUID untuk perangkat %s telah terpotong.\n" +msgid "Block size on the data device" +msgstr "Besar dari perangkat" -#: src/cryptsetup.c:1505 -msgid "Allow discards (aka TRIM) requests for device." -msgstr "" +#: src/veritysetup.c:469 +#, fuzzy +msgid "Block size on the hash device" +msgstr "Besar dari perangkat" -#: src/cryptsetup.c:1506 -msgid "Device or file with separated LUKS header." +#: src/veritysetup.c:470 +msgid "FEC parity bytes" msgstr "" -#: src/cryptsetup.c:1507 -msgid "Do not activate device, just check passphrase." +#: src/veritysetup.c:471 +msgid "The number of blocks in the data file" msgstr "" -#: src/cryptsetup.c:1508 -msgid "Use hidden header (hidden TCRYPT device)." +#: src/veritysetup.c:471 +msgid "blocks" msgstr "" -#: src/cryptsetup.c:1509 -msgid "Device is system TCRYPT drive (with bootloader)." +#: src/veritysetup.c:472 +msgid "Path to device with error correction data" msgstr "" -#: src/cryptsetup.c:1510 -msgid "Use backup (secondary) TCRYPT header." +#: src/veritysetup.c:472 src/integritysetup.c:549 +msgid "path" msgstr "" -#: src/cryptsetup.c:1511 -msgid "Scan also for VeraCrypt compatible device." +#: src/veritysetup.c:473 +#, fuzzy +msgid "Starting offset on the hash device" +msgstr "Awal ofset dalam perangkat backend" + +#: src/veritysetup.c:474 +#, fuzzy +msgid "Starting offset on the FEC device" +msgstr "Awal ofset dalam perangkat backend" + +#: src/veritysetup.c:475 +msgid "Hash algorithm" msgstr "" -#: src/cryptsetup.c:1512 -msgid "Type of device metadata: luks, plain, loopaes, tcrypt." +#: src/veritysetup.c:475 +msgid "string" msgstr "" -#: src/cryptsetup.c:1513 -msgid "Disable password quality check (if enabled)." +#: src/veritysetup.c:476 +msgid "Salt" msgstr "" -#: src/cryptsetup.c:1514 -msgid "Use dm-crypt same_cpu_crypt performance compatibility option." +#: src/veritysetup.c:476 +msgid "hex string" msgstr "" -#: src/cryptsetup.c:1515 -msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option." +#: src/veritysetup.c:478 +msgid "Path to root hash signature file" msgstr "" -#: src/cryptsetup.c:1531 src/veritysetup.c:402 -#, fuzzy -msgid "[OPTION...] " -msgstr "[PILIHAN...] ]" +#: src/veritysetup.c:479 +msgid "Restart kernel if corruption is detected" +msgstr "" -#: src/cryptsetup.c:1572 -msgid "Running in FIPS mode.\n" +#: src/veritysetup.c:480 +msgid "Ignore corruption, log it only" msgstr "" -#: src/cryptsetup.c:1581 src/veritysetup.c:439 -msgid "Argument missing." -msgstr "Argumen hilang." +#: src/veritysetup.c:481 +msgid "Do not verify zeroed blocks" +msgstr "" -#: src/cryptsetup.c:1634 src/veritysetup.c:445 -msgid "Unknown action." -msgstr "Aksi tidak diketahui." +#: src/veritysetup.c:482 +msgid "Verify data block only the first time it is read" +msgstr "" -#: src/cryptsetup.c:1644 -msgid "Option --shared is allowed only for open of plain device.\n" +#: src/veritysetup.c:582 +msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation." msgstr "" -#: src/cryptsetup.c:1649 -msgid "Option --allow-discards is allowed only for open operation.\n" +#: src/veritysetup.c:587 +msgid "Option --root-hash-signature can be used only for open operation." msgstr "" -#: src/cryptsetup.c:1657 -msgid "" -"Option --key-size is allowed only for luksFormat, open and benchmark.\n" -"To limit read from keyfile use --keyfile-size=(bytes)." +#: src/veritysetup.c:592 +msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together." msgstr "" -#: src/cryptsetup.c:1664 -msgid "" -"Option --test-passphrase is allowed only for open of LUKS and TCRYPT " -"devices.\n" +#: src/integritysetup.c:84 src/utils_password.c:305 +#, fuzzy, c-format +msgid "Cannot read keyfile %s." +msgstr "Tidak dapat membaca perangkat %s.\n" + +#: src/integritysetup.c:88 src/utils_password.c:310 +#, fuzzy, c-format +msgid "Cannot read %d bytes from keyfile %s." +msgstr "Tidak dapat membaca %d bytes dari berkas kunci %s.\n" + +#: src/integritysetup.c:254 +#, c-format +msgid "Formatted with tag size %u, internal integrity %s.\n" msgstr "" -#: src/cryptsetup.c:1669 src/cryptsetup_reencrypt.c:1341 -msgid "Key size must be a multiple of 8 bits" -msgstr "Kunci harus kelipatan dari 8 bit" +#: src/integritysetup.c:479 src/integritysetup.c:483 +#, fuzzy +msgid "" +msgstr "" -#: src/cryptsetup.c:1676 src/cryptsetup_reencrypt.c:1346 +#: src/integritysetup.c:480 #, fuzzy -msgid "Key slot is invalid." -msgstr "Slot kunci %d tidak valid.\n" +msgid " " +msgstr " " -#: src/cryptsetup.c:1683 -msgid "Option --key-file takes precedence over specified key file argument.\n" +#: src/integritysetup.c:502 +#, c-format +msgid "" +"\n" +" is the device to create under %s\n" +" is the device containing data with integrity tags\n" msgstr "" -#: src/cryptsetup.c:1691 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1330 -msgid "Negative number for option not permitted." +#: src/integritysetup.c:507 +#, c-format +msgid "" +"\n" +"Default compiled-in dm-integrity parameters:\n" +"\tChecksum algorithm: %s\n" msgstr "" -#: src/cryptsetup.c:1695 src/cryptsetup_reencrypt.c:1324 -#: src/cryptsetup_reencrypt.c:1350 -msgid "Only one of --use-[u]random options is allowed." +#: src/integritysetup.c:549 +msgid "Path to data device (if separated)" msgstr "" -#: src/cryptsetup.c:1699 -msgid "Option --use-[u]random is allowed only for luksFormat." +#: src/integritysetup.c:551 +msgid "Journal size" msgstr "" -#: src/cryptsetup.c:1703 -msgid "Option --uuid is allowed only for luksFormat and luksUUID." +#: src/integritysetup.c:552 +msgid "Interleave sectors" msgstr "" -#: src/cryptsetup.c:1707 -msgid "Option --align-payload is allowed only for luksFormat." +#: src/integritysetup.c:553 +msgid "Journal watermark" msgstr "" -#: src/cryptsetup.c:1713 -#, fuzzy -msgid "" -"Option --skip is supported only for open of plain and loopaes devices.\n" -msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" - -#: src/cryptsetup.c:1719 -#, fuzzy -msgid "" -"Option --offset is supported only for open of plain and loopaes devices.\n" -msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" - -#: src/cryptsetup.c:1725 -msgid "" -"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only " -"for TCRYPT device.\n" +#: src/integritysetup.c:553 +msgid "percent" msgstr "" -#: src/cryptsetup.c:1730 -msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n" +#: src/integritysetup.c:554 +msgid "Journal commit time" msgstr "" -#: src/cryptsetup.c:1735 -#, fuzzy -msgid "Option --veracrypt is supported only for TCRYPT device type.\n" -msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n" - -#: src/veritysetup.c:58 -msgid "Invalid salt string specified.\n" +#: src/integritysetup.c:554 src/integritysetup.c:556 +msgid "ms" msgstr "" -#: src/veritysetup.c:88 -#, c-format -msgid "Cannot create hash image %s for writing.\n" +#: src/integritysetup.c:555 +msgid "Number of 512-byte sectors per bit (bitmap mode)." msgstr "" -#: src/veritysetup.c:148 -msgid "Invalid root hash string specified.\n" +#: src/integritysetup.c:556 +msgid "Bitmap mode flush time" msgstr "" -#: src/veritysetup.c:308 -#, fuzzy -msgid " " -msgstr " " +#: src/integritysetup.c:557 +msgid "Tag size (per-sector)" +msgstr "" -#: src/veritysetup.c:308 -#, fuzzy -msgid "format device" -msgstr "buat perangkat" +#: src/integritysetup.c:558 +msgid "Sector size" +msgstr "" -#: src/veritysetup.c:309 -msgid " " +#: src/integritysetup.c:559 +msgid "Buffers size" +msgstr "" + +#: src/integritysetup.c:561 +msgid "Data integrity algorithm" msgstr "" -#: src/veritysetup.c:309 +#: src/integritysetup.c:562 #, fuzzy -msgid "verify device" -msgstr "hapus perangkat" +msgid "The size of the data integrity key" +msgstr "Besar dari kunci enkripsi" + +#: src/integritysetup.c:563 +#, fuzzy +msgid "Read the integrity key from a file" +msgstr "Baca volume (master) kunci dari berkas." -#: src/veritysetup.c:310 -msgid " " +#: src/integritysetup.c:565 +msgid "Journal integrity algorithm" msgstr "" -#: src/veritysetup.c:310 +#: src/integritysetup.c:566 #, fuzzy -msgid "create active device" -msgstr "ubah ukuran perangkat aktif" +msgid "The size of the journal integrity key" +msgstr "Besar dari kunci enkripsi" -#: src/veritysetup.c:311 +#: src/integritysetup.c:567 #, fuzzy -msgid "remove (deactivate) device" -msgstr "ubah ukuran perangkat aktif" +msgid "Read the journal integrity key from a file" +msgstr "Baca volume (master) kunci dari berkas." + +#: src/integritysetup.c:569 +msgid "Journal encryption algorithm" +msgstr "" -#: src/veritysetup.c:312 +#: src/integritysetup.c:570 #, fuzzy -msgid "show active device status" -msgstr "tampilkan status perangkat" +msgid "The size of the journal encryption key" +msgstr "Besar dari kunci enkripsi" -#: src/veritysetup.c:313 +#: src/integritysetup.c:571 #, fuzzy -msgid "" -msgstr "" +msgid "Read the journal encryption key from a file" +msgstr "Baca volume (master) kunci dari berkas." -#: src/veritysetup.c:313 -msgid "show on-disk information" +#: src/integritysetup.c:574 +msgid "Recovery mode (no journal, no tag checking)" msgstr "" -#: src/veritysetup.c:332 -#, c-format -msgid "" -"\n" -" is the device to create under %s\n" -" is the data device\n" -" is the device containing verification data\n" -" hash of the root node on \n" +#: src/integritysetup.c:575 +msgid "Use bitmap to track changes and disable journal for integrity device" msgstr "" -#: src/veritysetup.c:339 -#, c-format -msgid "" -"\n" -"Default compiled-in dm-verity parameters:\n" -"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, " -"Hash format: %u\n" +#: src/integritysetup.c:576 +msgid "Recalculate initial tags automatically." msgstr "" -#: src/veritysetup.c:377 -msgid "Do not use verity superblock" +#: src/integritysetup.c:649 +msgid "Option --integrity-recalculate can be used only for open action." msgstr "" -#: src/veritysetup.c:378 -msgid "Format type (1 - normal, 0 - original Chrome OS)" +#: src/integritysetup.c:669 +msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action." msgstr "" -#: src/veritysetup.c:378 -msgid "number" +#: src/integritysetup.c:675 +msgid "Invalid journal size specification." msgstr "" -#: src/veritysetup.c:379 -#, fuzzy -msgid "Block size on the data device" -msgstr "Besar dari perangkat" +#: src/integritysetup.c:680 +msgid "Both key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:380 -#, fuzzy -msgid "Block size on the hash device" -msgstr "Besar dari perangkat" +#: src/integritysetup.c:683 +msgid "Integrity algorithm must be specified if integrity key is used." +msgstr "" -#: src/veritysetup.c:381 -msgid "The number of blocks in the data file" +#: src/integritysetup.c:688 +msgid "Both journal integrity key file and key size options must be specified." msgstr "" -#: src/veritysetup.c:381 -msgid "blocks" +#: src/integritysetup.c:691 +msgid "Journal integrity algorithm must be specified if journal integrity key is used." msgstr "" -#: src/veritysetup.c:382 -#, fuzzy -msgid "Starting offset on the hash device" -msgstr "Awal ofset dalam perangkat backend" +#: src/integritysetup.c:696 +msgid "Both journal encryption key file and key size options must be specified." +msgstr "" -#: src/veritysetup.c:383 -msgid "Hash algorithm" +#: src/integritysetup.c:699 +msgid "Journal encryption algorithm must be specified if journal encryption key is used." msgstr "" -#: src/veritysetup.c:383 -msgid "string" +#: src/integritysetup.c:703 +msgid "Recovery and bitmap mode options are mutually exclusive." msgstr "" -#: src/veritysetup.c:384 -msgid "Salt" +#: src/integritysetup.c:707 +msgid "Journal options cannot be used in bitmap mode." msgstr "" -#: src/veritysetup.c:384 -msgid "hex string" +#: src/integritysetup.c:711 +msgid "Bitmap options can be used only in bitmap mode." msgstr "" -#: src/cryptsetup_reencrypt.c:147 -#, fuzzy, c-format -msgid "Cannot exclusively open %s, device in use.\n" -msgstr "Tidak dapat membuka perangkat %s.\n" +#: src/cryptsetup_reencrypt.c:172 +msgid "Reencryption already in-progress." +msgstr "" -#: src/cryptsetup_reencrypt.c:151 +#: src/cryptsetup_reencrypt.c:208 #, fuzzy, c-format -msgid "Cannot open device %s\n" +msgid "Cannot exclusively open %s, device in use." msgstr "Tidak dapat membuka perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:893 -msgid "Allocation of aligned memory failed.\n" +#: src/cryptsetup_reencrypt.c:222 src/cryptsetup_reencrypt.c:1135 +msgid "Allocation of aligned memory failed." msgstr "" -#: src/cryptsetup_reencrypt.c:168 -#, c-format -msgid "Cannot read device %s.\n" +#: src/cryptsetup_reencrypt.c:229 +#, fuzzy, c-format +msgid "Cannot read device %s." msgstr "Tidak dapat membaca perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:179 +#: src/cryptsetup_reencrypt.c:240 #, c-format -msgid "Marking LUKS device %s unusable.\n" +msgid "Marking LUKS1 device %s unusable." msgstr "" -#: src/cryptsetup_reencrypt.c:184 +#: src/cryptsetup_reencrypt.c:244 #, c-format -msgid "Marking LUKS device %s usable.\n" +msgid "Setting LUKS2 offline reencrypt flag on device %s." msgstr "" -#: src/cryptsetup_reencrypt.c:200 +#: src/cryptsetup_reencrypt.c:261 #, fuzzy, c-format -msgid "Cannot write device %s.\n" +msgid "Cannot write device %s." msgstr "Tidak dapat menghapus perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:281 +#: src/cryptsetup_reencrypt.c:309 #, fuzzy -msgid "Cannot write reencryption log file.\n" +msgid "Cannot write reencryption log file." msgstr "Tidak dapat menulis berkas cadangan header %s.\n" -#: src/cryptsetup_reencrypt.c:337 +#: src/cryptsetup_reencrypt.c:365 #, fuzzy -msgid "Cannot read reencryption log file.\n" +msgid "Cannot read reencryption log file." msgstr "Tidak dapat membaca berkas cadangan header %s.\n" -#: src/cryptsetup_reencrypt.c:374 +#: src/cryptsetup_reencrypt.c:403 #, c-format msgid "Log file %s exists, resuming reencryption.\n" msgstr "" -#: src/cryptsetup_reencrypt.c:403 -msgid "Activating temporary device using old LUKS header.\n" +#: src/cryptsetup_reencrypt.c:452 +msgid "Activating temporary device using old LUKS header." msgstr "" -#: src/cryptsetup_reencrypt.c:414 -msgid "Activating temporary device using new LUKS header.\n" +#: src/cryptsetup_reencrypt.c:462 +msgid "Activating temporary device using new LUKS header." msgstr "" -#: src/cryptsetup_reencrypt.c:424 -msgid "Activation of temporary devices failed.\n" +#: src/cryptsetup_reencrypt.c:472 +msgid "Activation of temporary devices failed." msgstr "" -#: src/cryptsetup_reencrypt.c:450 +#: src/cryptsetup_reencrypt.c:559 +#, fuzzy +msgid "Failed to set data offset." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: src/cryptsetup_reencrypt.c:565 +#, fuzzy +msgid "Failed to set metadata size." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: src/cryptsetup_reencrypt.c:573 #, fuzzy, c-format -msgid "New LUKS header for device %s created.\n" +msgid "New LUKS header for device %s created." msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:458 +#: src/cryptsetup_reencrypt.c:633 #, c-format -msgid "Activated keyslot %i.\n" +msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s." +msgstr "" + +#: src/cryptsetup_reencrypt.c:655 +msgid "Failed to read activation flags from backup header." msgstr "" -#: src/cryptsetup_reencrypt.c:484 +#: src/cryptsetup_reencrypt.c:659 +#, fuzzy +msgid "Failed to write activation flags to new header." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: src/cryptsetup_reencrypt.c:663 src/cryptsetup_reencrypt.c:667 +#, fuzzy +msgid "Failed to read requirements from backup header." +msgstr "Gagal untuk membaca dari penyimpanan kunci.\n" + +#: src/cryptsetup_reencrypt.c:705 #, fuzzy, c-format -msgid "LUKS header backup of device %s created.\n" -msgstr "Header LUKS terdeteksi tetapi perangkat %s terlalu kecil.\n" +msgid "%s header backup of device %s created." +msgstr "Pilihan --header-backup-file dibutuhkan.\n" -#: src/cryptsetup_reencrypt.c:532 -msgid "Creation of LUKS backup headers failed.\n" +#: src/cryptsetup_reencrypt.c:768 +msgid "Creation of LUKS backup headers failed." msgstr "" -#: src/cryptsetup_reencrypt.c:634 +#: src/cryptsetup_reencrypt.c:901 #, fuzzy, c-format -msgid "Cannot restore LUKS header on device %s.\n" +msgid "Cannot restore %s header on device %s." msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:636 +#: src/cryptsetup_reencrypt.c:903 #, fuzzy, c-format -msgid "LUKS header on device %s restored.\n" -msgstr "Header LUKS terdeteksi tetapi perangkat %s terlalu kecil.\n" - -#: src/cryptsetup_reencrypt.c:669 -#, c-format -msgid "" -"Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s" -msgstr "" - -#: src/cryptsetup_reencrypt.c:708 src/cryptsetup_reencrypt.c:784 -#: src/cryptsetup_reencrypt.c:826 -#, fuzzy -msgid "Cannot seek to device offset.\n" -msgstr "Tidak dapat membaca perangkat %s.\n" +msgid "%s header on device %s restored." +msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:865 src/cryptsetup_reencrypt.c:871 +#: src/cryptsetup_reencrypt.c:1107 src/cryptsetup_reencrypt.c:1113 #, fuzzy -msgid "Cannot open temporary LUKS header file.\n" -msgstr "Tidak dapat membuka berkas cadangan header %s.\n" +msgid "Cannot open temporary LUKS device." +msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n" -#: src/cryptsetup_reencrypt.c:876 src/cryptsetup_reencrypt.c:881 +#: src/cryptsetup_reencrypt.c:1118 src/cryptsetup_reencrypt.c:1123 #, fuzzy -msgid "Cannot get device size.\n" +msgid "Cannot get device size." msgstr "Tidak dapat membaca perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:919 -msgid "Interrupted by a signal.\n" -msgstr "" - -#: src/cryptsetup_reencrypt.c:921 -msgid "IO error during reencryption.\n" +#: src/cryptsetup_reencrypt.c:1158 +msgid "IO error during reencryption." msgstr "" -#: src/cryptsetup_reencrypt.c:1028 -msgid "" -"Key file can be used only with --key-slot or with exactly one key slot " -"active.\n" +#: src/cryptsetup_reencrypt.c:1189 +msgid "Provided UUID is invalid." msgstr "" -#: src/cryptsetup_reencrypt.c:1072 src/cryptsetup_reencrypt.c:1087 -#, fuzzy, c-format -msgid "Enter passphrase for key slot %u: " -msgstr "Masukan kasa sandi baru untuk slot kunci: " - -#: src/cryptsetup_reencrypt.c:1136 +#: src/cryptsetup_reencrypt.c:1423 #, fuzzy -msgid "Cannot open reencryption log file.\n" +msgid "Cannot open reencryption log file." msgstr "Tidak dapat membuka berkas cadangan header %s.\n" -#: src/cryptsetup_reencrypt.c:1262 -msgid "Reencryption block size" +#: src/cryptsetup_reencrypt.c:1429 +msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process." msgstr "" -#: src/cryptsetup_reencrypt.c:1262 -msgid "MiB" +#: src/cryptsetup_reencrypt.c:1504 +#, c-format +msgid "Changed pbkdf parameters in keyslot %i." msgstr "" -#: src/cryptsetup_reencrypt.c:1266 -msgid "Do not change key, no data area reencryption." +#: src/cryptsetup_reencrypt.c:1616 +msgid "Reencryption block size" msgstr "" -#: src/cryptsetup_reencrypt.c:1273 -msgid "Use direct-io when accessing devices." +#: src/cryptsetup_reencrypt.c:1616 +msgid "MiB" msgstr "" -#: src/cryptsetup_reencrypt.c:1274 -msgid "Use fsync after each block." +#: src/cryptsetup_reencrypt.c:1620 +msgid "Do not change key, no data area reencryption" msgstr "" -#: src/cryptsetup_reencrypt.c:1275 -msgid "Update log file after every block." +#: src/cryptsetup_reencrypt.c:1622 +#, fuzzy +msgid "Read new volume (master) key from file" +msgstr "Baca volume (master) kunci dari berkas." + +#: src/cryptsetup_reencrypt.c:1623 +msgid "PBKDF2 iteration time for LUKS (in ms)" +msgstr "waktu iterasi PBKDF2 untuk LUKS (dalam mdet)" + +#: src/cryptsetup_reencrypt.c:1629 +msgid "Use direct-io when accessing devices" msgstr "" -#: src/cryptsetup_reencrypt.c:1276 -msgid "Use only this slot (others will be disabled)." +#: src/cryptsetup_reencrypt.c:1630 +msgid "Use fsync after each block" msgstr "" -#: src/cryptsetup_reencrypt.c:1279 -msgid "Reduce data device size (move data offset). DANGEROUS!" +#: src/cryptsetup_reencrypt.c:1631 +msgid "Update log file after every block" msgstr "" -#: src/cryptsetup_reencrypt.c:1280 -msgid "Use only specified device size (ignore rest of device). DANGEROUS!" +#: src/cryptsetup_reencrypt.c:1632 +msgid "Use only this slot (others will be disabled)" msgstr "" -#: src/cryptsetup_reencrypt.c:1281 +#: src/cryptsetup_reencrypt.c:1637 #, fuzzy -msgid "Create new header on not encrypted device." +msgid "Create new header on not encrypted device" msgstr "Tidak dapat menghapus kepala di perangkat %s.\n" -#: src/cryptsetup_reencrypt.c:1282 -msgid "Permanently decrypt device (remove encryption)." +#: src/cryptsetup_reencrypt.c:1638 +msgid "Permanently decrypt device (remove encryption)" msgstr "" -#: src/cryptsetup_reencrypt.c:1298 -msgid "[OPTION...] " +#: src/cryptsetup_reencrypt.c:1639 +#, fuzzy +msgid "The UUID used to resume decryption" +msgstr "Besar dari kunci enkripsi" + +#: src/cryptsetup_reencrypt.c:1640 +msgid "Type of LUKS metadata: luks1, luks2" msgstr "" -#: src/cryptsetup_reencrypt.c:1312 -msgid "" -"WARNING: this is experimental code, it can completely break your data.\n" +#: src/cryptsetup_reencrypt.c:1659 +msgid "[OPTION...] " msgstr "" -#: src/cryptsetup_reencrypt.c:1313 +#: src/cryptsetup_reencrypt.c:1667 #, c-format -msgid "Reencryption will change: volume key%s%s%s%s.\n" +msgid "Reencryption will change: %s%s%s%s%s%s." msgstr "" -#: src/cryptsetup_reencrypt.c:1314 -msgid ", set hash to " +#: src/cryptsetup_reencrypt.c:1668 +msgid "volume key" msgstr "" -#: src/cryptsetup_reencrypt.c:1315 +#: src/cryptsetup_reencrypt.c:1670 +msgid "set hash to " +msgstr "" + +#: src/cryptsetup_reencrypt.c:1671 msgid ", set cipher to " msgstr "" -#: src/cryptsetup_reencrypt.c:1320 +#: src/cryptsetup_reencrypt.c:1675 msgid "Argument required." msgstr "" -#: src/cryptsetup_reencrypt.c:1336 -msgid "" -"Only values between 1 MiB and 64 MiB allowed for reencryption block size." +#: src/cryptsetup_reencrypt.c:1703 +msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size." msgstr "" -#: src/cryptsetup_reencrypt.c:1355 src/cryptsetup_reencrypt.c:1360 -#, fuzzy -msgid "Invalid device size specification." -msgstr "Perangkat %s tidak valid.\n" - -#: src/cryptsetup_reencrypt.c:1363 +#: src/cryptsetup_reencrypt.c:1730 msgid "Maximum device reduce size is 64 MiB." msgstr "" -#: src/cryptsetup_reencrypt.c:1366 -#, fuzzy -msgid "Reduce size must be multiple of 512 bytes sector." -msgstr "Kunci harus kelipatan dari 8 bit" - -#: src/cryptsetup_reencrypt.c:1370 -msgid "Option --new must be used together with --reduce-device-size." +#: src/cryptsetup_reencrypt.c:1737 +msgid "Option --new must be used together with --reduce-device-size or --header." msgstr "" -#: src/cryptsetup_reencrypt.c:1374 -msgid "Option --keep-key can be used only with --hash or --iter-time." +#: src/cryptsetup_reencrypt.c:1741 +msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations." msgstr "" -#: src/cryptsetup_reencrypt.c:1378 +#: src/cryptsetup_reencrypt.c:1745 msgid "Option --new cannot be used together with --decrypt." msgstr "" -#: src/cryptsetup_reencrypt.c:1382 +#: src/cryptsetup_reencrypt.c:1749 msgid "Option --decrypt is incompatible with specified parameters." msgstr "" +#: src/cryptsetup_reencrypt.c:1753 +msgid "Option --uuid is allowed only together with --decrypt." +msgstr "" + +#: src/cryptsetup_reencrypt.c:1757 +msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'." +msgstr "" + #: src/utils_tools.c:151 #, fuzzy -msgid "Error reading response from terminal.\n" +msgid "Error reading response from terminal." msgstr "Kesalahan dalam pembacaan kata sandi dari terminal.\n" -#: src/utils_tools.c:173 +#: src/utils_tools.c:186 msgid "Command successful.\n" msgstr "Perintah berhasil.\n" -#: src/utils_tools.c:191 -#, c-format -msgid "Command failed with code %i" +#: src/utils_tools.c:194 +msgid "wrong or missing parameters" +msgstr "" + +#: src/utils_tools.c:196 +#, fuzzy +msgid "no permission or bad passphrase" +msgstr "Masukan kata sandi: " + +#: src/utils_tools.c:198 +#, fuzzy +msgid "out of memory" +msgstr "Tidak dapat membuka kunci memori." + +#: src/utils_tools.c:200 +msgid "wrong device or file specified" +msgstr "" + +#: src/utils_tools.c:202 +#, fuzzy +msgid "device already exists or device is busy" +msgstr "Perangkat %s telah ada.\n" + +#: src/utils_tools.c:204 +msgid "unknown error" +msgstr "" + +#: src/utils_tools.c:206 +#, fuzzy, c-format +msgid "Command failed with code %i (%s).\n" msgstr "Perintah gagal dengan kode %i" -#: src/utils_password.c:42 +#: src/utils_tools.c:283 +#, fuzzy, c-format +msgid "Key slot %i created." +msgstr "Slot kunci %d telah terverifikasi.\n" + +#: src/utils_tools.c:285 +#, fuzzy, c-format +msgid "Key slot %i unlocked." +msgstr "Slot kunci %d tidak terkunci.\n" + +#: src/utils_tools.c:287 +#, fuzzy, c-format +msgid "Key slot %i removed." +msgstr "Slot kunci %d telah terverifikasi.\n" + +#: src/utils_tools.c:296 +#, c-format +msgid "Token %i created." +msgstr "" + +#: src/utils_tools.c:298 +#, c-format +msgid "Token %i removed." +msgstr "" + +#: src/utils_tools.c:464 +msgid "" +"\n" +"Wipe interrupted." +msgstr "" + +#: src/utils_tools.c:475 +#, c-format +msgid "WARNING: Device %s already contains a '%s' partition signature.\n" +msgstr "" + +#: src/utils_tools.c:483 +#, c-format +msgid "WARNING: Device %s already contains a '%s' superblock signature.\n" +msgstr "" + +#: src/utils_tools.c:504 src/utils_tools.c:568 +#, fuzzy +msgid "Failed to initialize device signature probes." +msgstr "Gagal untuk memperoleh direktori pemeta-perangkat." + +#: src/utils_tools.c:548 +#, fuzzy, c-format +msgid "Failed to stat device %s." +msgstr "Gagal memperoleh data statistik berkas kunci %s.\n" + +#: src/utils_tools.c:561 +#, c-format +msgid "Device %s is in use. Can not proceed with format operation." +msgstr "" + +#: src/utils_tools.c:563 +#, fuzzy, c-format +msgid "Failed to open file %s in read/write mode." +msgstr "Gagal membuka berkas kunci %s.\n" + +#: src/utils_tools.c:577 +#, c-format +msgid "Existing '%s' partition signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:580 +#, c-format +msgid "Existing '%s' superblock signature (offset: % bytes) on device %s will be wiped." +msgstr "" + +#: src/utils_tools.c:583 +#, fuzzy +msgid "Failed to wipe device signature." +msgstr "Gagal untuk menulis di penyimpanan kunci.\n" + +#: src/utils_tools.c:590 +#, fuzzy, c-format +msgid "Failed to probe device %s for a signature." +msgstr "Gagal untuk memperoleh direktori pemeta-perangkat." + +#: src/utils_tools.c:629 +msgid "" +"\n" +"Reencryption interrupted." +msgstr "" + +#: src/utils_password.c:43 src/utils_password.c:75 #, c-format -msgid "Cannot check password quality: %s\n" +msgid "Cannot check password quality: %s" msgstr "" -#: src/utils_password.c:50 +#: src/utils_password.c:51 #, fuzzy, c-format msgid "" "Password quality check failed:\n" -" %s\n" +" %s" msgstr "setpriority %u gagal: %s" -#~ msgid "Key slot %d verified.\n" -#~ msgstr "Slot kunci %d telah terverifikasi.\n" +#: src/utils_password.c:83 +#, c-format +msgid "Password quality check failed: Bad passphrase (%s)" +msgstr "" + +#: src/utils_password.c:193 src/utils_password.c:208 +#, fuzzy +msgid "Error reading passphrase from terminal." +msgstr "Kesalahan dalam pembacaan kata sandi dari terminal.\n" + +#: src/utils_password.c:206 +msgid "Verify passphrase: " +msgstr "Memverifikasi kata sandi: " + +#: src/utils_password.c:213 +#, fuzzy +msgid "Passphrases do not match." +msgstr "Kata sandi tidak cocok.\n" + +#: src/utils_password.c:250 +msgid "Cannot use offset with terminal input." +msgstr "" + +#: src/utils_password.c:253 +#, c-format +msgid "Enter passphrase: " +msgstr "Masukan kata sandi: " + +#: src/utils_password.c:256 +#, c-format +msgid "Enter passphrase for %s: " +msgstr "Masukan kata sandi untuk %s: " + +#: src/utils_password.c:287 +#, fuzzy +msgid "No key available with this passphrase." +msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n" + +#: src/utils_password.c:289 +msgid "No usable keyslot is available." +msgstr "" + +#: src/utils_password.c:328 +#, fuzzy, c-format +msgid "Cannot open keyfile %s for write." +msgstr "Tidak dapat membuka berkas %s.\n" + +#: src/utils_password.c:335 +#, fuzzy, c-format +msgid "Cannot write to keyfile %s." +msgstr "Tidak dapat menulis berkas cadangan header %s.\n" + +#: src/utils_luks2.c:47 +#, fuzzy, c-format +msgid "Failed to open file %s in read-only mode." +msgstr "Gagal membuka berkas kunci %s.\n" + +#: src/utils_luks2.c:60 +msgid "Provide valid LUKS2 token JSON:\n" +msgstr "" + +#: src/utils_luks2.c:67 +#, fuzzy +msgid "Failed to read JSON file." +msgstr "Gagal membuka berkas kunci %s.\n" + +#: src/utils_luks2.c:72 +msgid "" +"\n" +"Read interrupted." +msgstr "" + +#: src/utils_luks2.c:113 +#, fuzzy, c-format +msgid "Failed to open file %s in write mode." +msgstr "Gagal membuka berkas kunci %s.\n" + +#: src/utils_luks2.c:122 +msgid "" +"\n" +"Write interrupted." +msgstr "" + +#: src/utils_luks2.c:126 +#, fuzzy +msgid "Failed to write JSON file." +msgstr "Gagal membuka berkas kunci %s.\n" -#~ msgid "Invalid key size %d.\n" -#~ msgstr "Besar kunci %d tidak valid.\n" +#~ msgid "Key %d not active. Can't wipe.\n" +#~ msgstr "Kunci %d tidak aktif. Tidak dapat menghapus.\n" #~ msgid "Enter LUKS passphrase: " #~ msgstr "Masukan kata sandi LUKS: " -#~ msgid "" -#~ "Warning: exhausting read requested, but key file %s is not a regular " -#~ "file, function might never return.\n" -#~ msgstr "" -#~ "Peringatan: pembacaan yang melelahkan diminta, tetapi berkas kunci %s " -#~ "bukan sebuah berkas biasa, fungsi mungkin tidak pernah kembali.\n" +#~ msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n" +#~ msgstr "Peringatan: pembacaan yang melelahkan diminta, tetapi berkas kunci %s bukan sebuah berkas biasa, fungsi mungkin tidak pernah kembali.\n" #~ msgid "exclusive " #~ msgstr "ekslusif " @@ -1894,56 +3991,35 @@ msgstr "setpriority %u gagal: %s" #~ msgstr "BLKGETSIZE gagal di perangkat %s.\n" #~ msgid "WARNING!!! Possibly insecure memory. Are you root?\n" -#~ msgstr "" -#~ "PERINGATAN!!! Kemungkinan menggunakan memori tidak aman. Apakah anda " -#~ "root?\n" +#~ msgstr "PERINGATAN!!! Kemungkinan menggunakan memori tidak aman. Apakah anda root?\n" #~ msgid "Unable to obtain sector size for %s" #~ msgstr "Tidak dapat mendapatkan ukuran sektor untuk %s" -#~ msgid "Failed to obtain device mapper directory." -#~ msgstr "Gagal untuk memperoleh direktori pemeta-perangkat." - #~ msgid "Backup file %s doesn't exist.\n" #~ msgstr "Berkas cadangan %s tidak ada.\n" #~ msgid "%s is not LUKS device.\n" #~ msgstr "%s bukan perangkat LUKS.\n" -#~ msgid "%s is not LUKS device." -#~ msgstr "%s bukan perangkat LUKS." - -#~ msgid "Cannot open file %s.\n" -#~ msgstr "Tidak dapat membuka berkas %s.\n" - -#~ msgid "Failed to write to key storage.\n" -#~ msgstr "Gagal untuk menulis di penyimpanan kunci.\n" - -#~ msgid "Failed to read from key storage.\n" -#~ msgstr "Gagal untuk membaca dari penyimpanan kunci.\n" - #~ msgid "remove LUKS mapping" #~ msgstr "hapus pemetaan LUKS" #~ msgid "identical to luksKillSlot - DEPRECATED - see man page" -#~ msgstr "" -#~ "identik ke luksKillSlot - DITINGGALKAN - lihat halaman petunjuk penggunaan" +#~ msgstr "identik ke luksKillSlot - DITINGGALKAN - lihat halaman petunjuk penggunaan" #~ msgid "modify active device - DEPRECATED - see man page" -#~ msgstr "" -#~ "modifikasi perangkat aktif - DITINGGALKAN - lihat halaman petunjuk " -#~ "penggunaan" +#~ msgstr "modifikasi perangkat aktif - DITINGGALKAN - lihat halaman petunjuk penggunaan" #~ msgid "" -#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case " -#~ "you really need this functionality.\n" -#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, " -#~ "hit Ctrl-C now.\n" +#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n" +#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n" #~ msgstr "" -#~ "Aksi muat kembali telah ditinggalkan. Mohon gunakan \"dmsetup reload\" " -#~ "dalam kasus anda benar benar membutuhkan fungsi ini.\n" -#~ "PERINGATAN: jangan gunakan muat-kembali untuk menyentuk perangkat LUKS. " -#~ "Jika itu masalahnya, tekan Ctrl-C sekarang.\n" +#~ "Aksi muat kembali telah ditinggalkan. Mohon gunakan \"dmsetup reload\" dalam kasus anda benar benar membutuhkan fungsi ini.\n" +#~ "PERINGATAN: jangan gunakan muat-kembali untuk menyentuk perangkat LUKS. Jika itu masalahnya, tekan Ctrl-C sekarang.\n" + +#~ msgid "memory allocation error in action_luksFormat" +#~ msgstr "alokasi memori error dalam action_luksFormat" #~ msgid "Obsolete option --non-exclusive is ignored.\n" #~ msgstr "Pilihan sudah ditinggalkan --no-exclusive diabaikan.\n" diff --git a/po/it.gmo b/po/it.gmo index 637a4d01d9e649ba1ce68dd6306a92cc04a49abe..00e249da8fae157da712de868b466fa43a6c4eb2 100644 GIT binary patch literal 74345 zcmce<34mNxmH+=Dj!LV@A_#&|EFs;H?j+3~0wiRChHPX35fCfg)tw^UU2RoYLJ)V{ zcO4hpw{cY59hY$z#%P~QezkkEax88eqzvrHN z&bjB__x(ff`N9QRmObJgS+*2hdRUg7bpUvBmg)KZPRp_b!3Tn8bLsD2PS3JSz)ygO zg9o3HW$y(~20sFR51a;HerA@v8@%sXS@tCGqu@~_y7ufWTf_ae=VaNT;OoH|@O|J4 zuzz`$JsGTlhk?HWSAyBO_J6htynx$BgEjEOU>|rQktudI1XjT9;7QC2la0a{&_$pB4cq4c`_#sgB{yumV_y_R*;6Ws+`Wyr5 z`4aG6;0Q?7vdth(lRX_A20s??_uvxlPo`4J|8kI~${qtM-}i#5$G?Ju;BUYOgAZBh z`JD}J;{Hfg@;A-$e z;B{aHd;)k3_&RVQ_%TrRxE+M_vis0DE5X&E+Vdvx1n^~`!hIy%|1jVIBc9I5pu(>Q z6@C;{zE1{Kk5`80w}Hy{c2NC#KL(e|xd>bgZUohDj{^I_n?cdvtzZTGCMbIOGq?&| zMkA};TA;$e8B}^-1y!EEfEDnN^w}2{;Xk&YllyTzm{%1b!D3-QIJ9kDs$Z z)oV8>dbt^VAoxX4^#2oZ0Q?_N@%!my)nhZL`cH#uzZZZ?=RKhM>6@V1HX1>mXNkAla7&jAku-v$nXw}R@AJ3#gC{kA)OtOix?8Bp(^1&aRP z6yARZJcIi`g3G|gmwP@B2T$kz>EPkuM?uB=8dw4E1VtA|T;X)H98`N=2CBbyfhzyA z!3y}{fZqoX<^Ha4f9OL!{Au7)o?i|QgHHj^0zUvg2>czW^!u*#emM!${d!RSH4dHv zJ`+3`d>^Rx`ZTC^{zG_w?87|#2&i^!fa;%TgX*t0fy)0&pvK1mS9$psgQC+-;eHP& z`g|#<_Wuy5a{K~Reg|LeJ~g4ys*00xJDqfEri#u6jO4fTGK@z~jM7!E?bWQ1RXbz76~u zcz^Jw9iGqgLDAb+z=weM9`$xu81Q27Sf1|!Rllc$>W|lfqMOeK{42Pa`@u0!_hF#Q z{ZdeL_XY4w@JFEN<;a@jYEX1O4W0zv1Re*z2~@n#fTHW~f+vD^fro%6jywN91626k z0bc|v+({x%R6mi+*{AGlhjKM0D>z67eBegU2gK46#k$C;qgdpOt+?go|5tHS*cK-KR)lipq@1zZE3!SgXt z<$o!tcKI}@bbbo12M?O^cDf2YmHW4X%I{m?@!)SkwZmc4-tOms2XOyTQ02Wk+&>;1 z;QmRV%Kvr{lFYsis-4bmc>nAK_5Mas&tC^>Jbo2a{`Z>k_810-xL*&R4L%AK9sg6f z{|cyfyYC|dU4sgLF{t|O0X0ru4Jx1Sf+OJln%*9lgNwPp2~@myf*NN(1Vzt(02Tk# zmZvuXuH^o?;6uSLgQCMzW?ilt0X5#94Jx18K(+t<+n(NPa5?ukg!}h^kYe^La1po- zrlWjs1eb#E2G#CA0f)i9JuYvY2daM_3myi(7+eP40;*lV2R;zI=k=c6QJ~ssGpO-) z9jNr474AO0&fE~ z9=-!Ay`vxP{kusR&yA@PB{}NQVV;0Xd%hpM2>d0eaHl=a%W(y$c6|zX3HV-6;TJsKpPvqjK1ac;z!!ij z-)}(G=g24cI9my-eQV$`;4?w>%bUP^gC7O&34RJxe|`?UFZf4L?S79ZI=v2pN`F15 zaJ8%$G`Q8tn z0Db{ffBqIcAMAg!)At0Z_s;^A-#fr#!B2rFgSUeV!TUeO?@t4lbN?`K1NcHvk4*|~#I07Ec z{Z-(J;2u!rei?WQ_%85V@Oz;8>8NLTKc5MzJT*|^UjnM0ZwDU$egRwrejikO-0PWM z?*UNhYy$hiNl@`#81SFKpkAlko+u()Z0nc&%xeh#%`xdD5pBeCN;1Ks;0yWO=0!3d-pX=jk z4XAQo4=VmkK(*^TLDl#3p!)q6;41Lo=XrUyfGfFwF{tO?1TO<0{Cw}{NpL&&F9mmj zcYu@N)i21hzXv}9D*cCZQvn|ZE&*Q-s(haVMRz|09|+$2h2CGsfE&3#4cr7i0X!J| z3V1K@$KcDUj|k0{{x;44!ptJX9uYGGvLYK zb3oD2d%+XIe*@L-e*%vL@B5G5-zS0h;(iS{0$vK92fh%z0Q@Sr3OwwMe!m?&UGKq_ z;J<<=f%kor*J~-L@YjMGFRuYb7asu|;8(!|z}0W|^ezHLpHBfF4ZZ>ty&O&B3P->* z!98FLd>c3mp70iUIrw7m5b$@P!rk+&-ahAoYUe3X?fY`@dhqk0!mWFo%O8&hFX8^< z-~@QTw>!U|1+V1(JK$B|8Sh~1gU_I+UGBz`fJI%e16#u zs=Utt)jqd_tHJ(vdpk~o1KhtATn>H%JPkbbpFI9La0&M}f~wD3K+(_l!1Z9?d*IdJ z6`=BcJ9s+yHBja4d#{&o6*$cOUQp@11w0x2E_eob!2A6E9B>);j{rqy&j(eW&w^)y zcZKI?zTfRW4N&>LA5{JR6FeSV^3Ptc%fQRHe-yYK{5+`opZEdKcLG%WSAdJauYk(` zFX4Xi2R+|y;5j^hM!-*i{oLOLs(k$)@^O1LxP|-If@;@0!4dGd4?Er0!4tTD8mRVo z3#j-%0M#CceZ=pVgDTH7cq;fJ@F?(B@D%X7;5P8yANBsd8oZwS_kpVC(vL9~z$b&} zgSUf6fD1qF^WzHeSnjU?)o;5&#d|rZ_V^vB_Fihlkv#`kYPjl;uk zb9y`*d;<562Gy_Gzj%Gm1kdC4O0WXH7*u`V4{im20A2x}_6g7T8KBznR#5dl{FB~q zE5YNqzX??NUk{!O-Uc29-UX_@hkeTFbqlC)PXrb3wc+`#pwj(4xDGt_(>~5>;91=N z3wR;;SMW&ig3ow=J~ZGHK(*6bK&Ag9Q0Zs?>hx0q)xTT7lfWl|YQHywO7Bac#?#M1 z(c6PR>-Ad?uI2u@;HBW#!DGM^KIic-05yJU;PK!K!9nnSpxXPVpxWW+&wKfofNGB> zxDtFPsQi8hsyrus!TaM9Q2o6N906YoD&DWalfhHJ=yKK;P~n~fE(Sjdt^$7#svpky zlGpo@pxW{E;2`*2Q0er2+392%sP@|pE&*==)qdXr2f+UVSAz?`;`OM58h>vAPXTWS zhrmO=3eN#of~wCQ;0fRn|K{W99B>);Q=r=GRp3hSP*c5mbG?4ITn6_(m89;L+Tl4XT{mK+)G@LAB2(!5@S7_@>9Z9XyTu zKY?n;#ozLJOoOWL--Bm?UjWsP_xiTaucw2m{}ym1_;^tCa%*^g(06fnjs&EN&#he5Ufe}kfn z6Tk2AH-n=88^D#|t3dVh4?&eD`+?&zV1wJU!DGNTf{z400UipT^+PYmC7{~l5ul#G z1RMu%0o7iI{>a;VJ$NqnF91&kzX+-y{|j6RF8g=KCa8M68+;fy`Q^6C#H-Vyq&x0z@U7-5ote-fYje}~Zr-D1c_k*IZqkro2#(GfYYJ+OG*MJ+q zPl4xwhu`k)wiP^``|H80z_)^r01x~RA0O9&59I!Bpz3!UsQ7;d)emR=%;laj(C9nd z-yH5=0jiu|0C$7`1FituKlgTc7pQuE4!ltB!8PEjUpU=78Pxj^gQCCRfER=3{?hs4 zP2dIGzYaVB{4uC<-RoDL&uQSP+|Pg)fiDNo1b+fv4IcfUPN&y{E4hCksQUd0d=Pl% zuRWcO;A-xl0WJo=2wn>Q6}$$#_&1*a8^CSce+E>$9(#w=%T`eQ;H9AI|9S9yu7y`wfpZt(f6_c$LaE1@HFnnz|+B(fGYpzLDlbP;4<)tKY93z!Lzx4B)A29GpPRl zZ*U!W-k)9WxCvDLF9SD$9{`nq-(S4F&IHx&Q{YkHn?aTPUqH3f?V!f<;s53Lmw_tZ z<3Q#29#H*#C%6(^^;hS=PXL#4|5k7<_iM@o)#s4^@$q&E zD7tzBI1K&*RDKV+%k{ErK&Ag5;CbMY*#ax?<=~mzKM7R&9|9i&{usPBxM0Bo(^n4! zmvDa&cqn*2sB&Bes=uEGD&6;jE5Sd2YS%OFvB3J}Mo|6rV(>Wdv!MFtm*58QAqOll z{;~@k;Qo2wdhmmw^107F7i9kgt^|((?*tY9(7#(?{jmnTfcwXTCx9OZ_5LTI>T|@s z7MPrRI;e774XR(B3#$B|09S#(1MA@F_g-Lp^+%xUx9~m-jDAN!wa070CxKr9 zMOP0!(93%ZsPg<6JOVti&)Z>n!0q6{Jf8s%0Ur;lU0wj52)-MvfZqUB&Od=F-{5_{ zUJX!u=r!T~=b+*reLru%bHT&7uYqTPd&Bd$gKC#=fy(E;_xJlHpy;>?_JdCZ)sAlg zMHgQL7lMBTRqtaC@^)JfD%@UB^!0L3>3<$nI(LB@Km89_VElL+sD8Z}d@y)BsPGF8 zUSN8_X`ssc0#NTi11jI21nfJ+^IZz69M^z{gUE$?3S>R2FFUY?hG*IPxBq+Lm3aEO$6IAEa%%b?QfJ9>f5OCzAhQxz1wJO;cE_w+MVk_}vCy#k1SOz21u_#Xs={(a=+P|5dO7Udi=; zxW2%(D+IiZJpP&cKXU1ByBawBZRGbGc>W&l2gCcD_ZQN;5bk;4 zhwP3%CEP>#{Yd?MFZ`28q7AzvK6@ zTq}tGXYRif-U-g+*>dnzJpXQZ{!D(yzy9!h72!U>?*>j}bNT&oE~aYx z`w{r?#x7S})W`*+|=xSq%(u|KbGHT6GneK`2F?p?l;^Y&huqli}-y! z*VVjxeR%%|5HTzJAD$mdn0xU1v;5ZIZ~6UG@ZY)K#PwY6A3&Ht^ZQ}owOkkQTYrz> z`V{Yf4*r4b+5C=wQ~X%LwVh`l4G;T4&4I7u`V-He#kG>_bgt95rnvNXGI=1*W*fk( z!ZUv(Ih^^1oAu$rso*rvmWFUdF?r?v-2aN-e+l6p#{FNo#<*Wjps(@!eOwRZ_mU9i zChqUc{iR$V=Gn>IKb{NGHhUS@DO|tjs`2h}@D{EkL)<;!=ehq6@V~>eA=3FS&*I`~ z!K8URzxDSY;D2(xn%@_MXL_!`yTbii!t3vTTn`V=jtAHA{5Rk$xps1`4B;#=|D4FP z#XS25e!qk32i)uLRPc8HY5)Fxc&?j=hcsRro?XrTR-S)}>rw>>f1lv}E5h#z_!O>t za~($baZrE95axMYKjXTD>qY+9WZUr5*7KghyAyeEIM+k@t-tdE`W-rEDAynl4&l0y z_s8(;b0OT%c(#ML)rN2iz*uM`U?1@|tCj2bdKk{^Kh+7GGbrSxK{QgyVuEzt! zJte%qnCFAsKZ*N~@cSp>xnMWffAg%y^+10AiR)T^e*rv&IQqMR`}4Wdzi)9r%yk}N zp2my!a?NnPDTI4BzgKZx&b5hW2ZQ?i3BNBS&cA_==6X5LJ_tUFYo!A8_`5zlyC?CE z;rFqGJs~_hm}f_G|HyFP0IvSl)#3NQ z@q91Wr@8d^V25l0apT`V^W)iE=W_j#>pooDxb*jZt_P9U+rX!Rw{pFl>zmxa0DK>) zzjgf9-;cq2a(#^7j|k81p>pbF@+aB-G_DcCe28l`VLlzgE7-gEeL2r2!25G84)5Lw zK8N>bC{XwtjXwg86XqHGekb^9uFrA}bN>;pHT)g{7lQHcN&G&Jo5yes@%w1-mEq+z z0V8~cAOFgA7G=ATu>Z<+2iFPQ-^ugW@LPXdxX$GFdY*rf-#fYL+<%N~O9=AP^>181 zw(%^^@iE*DJQH8iUwrl|o-Oo8`Lj0QJ-mE~lZ z%8C$9?V)G&OSdkstf`Gx+mo}EUA4Wf`VFYL))k zJ&j6zdbZY_u1;E*0YXepR(8}XV~zHX$=cXZU)HyxIyzf#OrKw=wtk$e7Z1t@etIk%h_4h?^o`pDlD|S{}JG%mS zdZUf$*=l{dK0Q&{U2E3I>!Vc_rJ^+ZRx}%p*=rU1{EGgiU=@``k1NxvAR$Ys->qU> z3Gx!xrbnB5XJ%_-d9i8JN^7z)n+H*os}=2OWx74JgBGAgXzTj;-o6!jHC~^j(Hb+V zg}1pqs*E=XO4+Atdn^gvPqufpR*j8aN;L0*yHk91>qN6YyLaC$tHyN7$Rkx|s}n7< zi}W+vn3|#FV}o_tK6FieW+(NVsWzblNT{{E@4(4MV`gyGS_p4pYjH&dUpQ9TQJ-z~ z9XK;dKjzQ*;V%|fHdkA%J&op=bs-(CFnxi1Ln=vVYvY}@s)$Q{9wIERY}t5`#hjze zQ-h+P*}diRUQ7y#wYaiIZLnjqF}kbLzhm!gtu?^&_Tq{{^m@Lv%Ba$iN`ld6Q`K2L zn4{%H0M+R+%Ft@f>}*zBwQ_MbRIjg3wWmY?qLY~Z*sco~SK>Pxt|Eusikzo2S(~0< zXw$0wqdV!6QT50`-hZ1fymZYvBQiDMGOu%;Fg~1S>r<)-k*DU2G^|K{2aa?_qHMLP zMsshaS$kx=-mHx&B^7xy<(QnTO+wi4gt3;M&(ShaP}RuL+fbZlVXM*~N5ML4*)R$Q z#FMs=ptG)KTcdI)>$_srmW?B#g6-4eu#DEu+87*Re6kM9YSzN|HRb`i(muSMwlU`f zeLQJGq@&_BfxwJg?x>FLYR^=rs(UM=jiz!l?vrLn?Iz=}C}^|7s2{I2Ytyrp?b}Dz zkX3cM;;9{s5^SB!YHV!Qcw;ETefsJ7mgF#U% zH{^*G{jHjuXz*_5ROLpyuh?)7zt=i5RAYuGYihJku-IIRu+;%tD=E2(3g2G8<(u&XDd=m zAQUE{z#)0%lOfbu1f$K0_e~OSFk~zML_f{UWewS?%^J~7(=>6)QK03KLTrFk)yNZV zqn2!Og-DfAXUj}G+2A0IWN@t38g15X!YR0o2G|s=s7mfkN}7BcyK2*w>eyHqWkcBt zZf=yGk;3cZPGZqLfreaG#io7iMUi zSZyXQo?SIKIJQJVbyW!A`nr*AMT)BB$rL`AgoT?-talX1InZsZJtOLXTveupW02!0 zicstj5tl8}6E zAf8FECVP=udva1~F`@emN1j!sOz8pxDl(jG?15LeMyt&+=A7!TYGvD&kqraZW5&o- zA8){HRTyrSTqvHZx74WQ7GK4AkVmt#)ltbP6-h>75V0dX_e#H>$7eR(RNJ$S(aBo1 zSs9I1nQ3Q(3=h(`KY>li3^X zIGc9{k~Sienlr@ZYqyMSyRugpO+%UrR8LXUVg}D-7+Q>!sx(7uG3M{xjY%dT3(8c# zyFRAYrnokh?W{ras-{W!k8CprXZK2w%tJJ$sd}seFDiR>)*%4szBMaV6w#;Msud}Q z@XT)}$%<0cB!fYI3UnRxMkdL&v)TR@!zY$%&NKqClOg43BD+vcwLzFv#a;KAMr<=! z%7k$bi9u=%FRwHySQ0I`e`%@tRSOz~rl?QvrU_xKvj|joJAuEk6tM{XNCHg;s4FSP zWd@3la-F0o6U+q3l0jTS`a`~>YsE+RAXFN=j1B4GlIdu9WKQ0Ifz4Fmu`un; z9trShOkB6gsBTPET2j^`zc1%&$?Z=817QUr&(yP&9J~-AQ0LpRnl+BvqjTb;S@I^6 zxZj+Tx)SJ6vdd6qWV)ak6V4y3j!+& zq?ixAqIE4qNiUvkOxT>7m*0XE6q`sKc@T{>$$Dlpsf;%nZAGr-P~G*g$n)33g3Og- zd~VrR8Cx1XRRq5<#x3&vRSZF*mRFrZ#GI9cDr-cNkV!X*u$I1(1}F9wYGMP#tf2|1 zHfyuUt=Mdm=~AP?%wmE1^E6wv+AbLmLyKX=K(p(5Tj-{-9XbNGr%f<(c{h&^g{rU+ zEi}tyzAKcw6rkEEuJr^;?cSlAkbRQh@2^7XvL2K=@ZQnQJf5}axvPBeh_k)vLZhM+avg7&J3 z)~wSOO(NK2bq4WND>;&`^my(Nd4?fKF&9^(fzMO#@uJeNY7N6DCif0_s4#l&mU?J~ z4-r+%MAUPY59+8<8)VC+72fZxPw2OqOG6j9Sdb<}xST4zG~#C|Ma-qGuEEqiD%)^w za}H#Lgspxqn=xj0^4R2uib-P`(cO3)Vzn?TRA<}G8XAU5z$mM1mP}GJ33R;Ow3^9$ zJXSS9xOROVHimTSQ%s(qGT)0tQxxE$%@-wP7sfFi>15ByT-ZXBD&KZIid@$+Mbs<; zLm8DDYE2BVCUX@pT+@J84po>(txZhGqREWt=tF5-2nW7;kR}@1uv&4BU6L3|IT-T@ zp@JSdX4UGInyq&9cu~m39WQ;FaE-+D)RuZ20n2SuV>OgWkq5)2CF7$5SU$!Wwg`U(a=X3RoXDj6l$ zxGf_$Fo``CjL-=(i-A;04ckJ3YgKmFt5Jeycs4bG6v0P#DLArZ6tp78$-{J7MkjW6|Le6R5<2*zIJxuoJ+bsU*4$P|jZx6#%VKZ!!Tr;1tOJwq>eT=WPav8Z@#jY9RzGMFb)4wFCbh^D2i zP^ykMF+r?e^8_(bmF`4%fMTH!I7zSIA&ASpa|al!O)|0fNbb~ML}}KTHL8|>!dWXm zG-5(M<9Q_0rm>a8YQ@Cpm)x-B6^?Jx4wMBT>Q$X76yZAG(5N$wX*hso-Vq-G%x6{l z+Gjd=Kra7!8xLiYg_%*rKg<}Bt+N#+4f(1`{)z2PL(;VNJaQ7&oEXG4#!!Oc#)Vj^ zHcnIZkgjOW9~4`<)~bfJB5PFS%dHEM?UMw3xvEy#vQ;!aTe}{Sp~veTwwO?QgF{XhPMHEvB^|QDSkGZjnnGFt~l~XxAqZZV9L5*i{;PW3noZW5dII6S^WNqJx$>QI^FwN(yvWoPvAg zc19aY{mAkV$wC>D3L>(Sq-EGg7V@1i0mX&aG%3C6G?;X}$5(^aay?PK6s!r>#s!V{ ztv2xv%~tLuMrA?SGjEPCt>eHYArOh%46;-W?r&EhEK-4$k2+2o@QzGX5e!L%N0{Jk`P zC5zjEQnGc8=8pQ<7@Ve?=4hJ2dn!u|@GhU!it=#KA{G3x+;ZN{R3mPfSK}*1M=S zZ8|){jHso5;n>23tV>VVWNo`xtMrADsC=vT=}<&G0K=|Q=zZm9z3f&O!$J{PL;o0W z9c!S`De<5tgK^0;6_EHQai(M0x^%z$2x;17o-6>?NHr-;m2pL<$ENDM{ zz7&o2(Aa}=9E6BQVv;EwZ-|8q)m&XOnKL88W23NpbE zkN|Ifl~i^y0}!VdtV`G&vk`kehA+9hNSa5C#&Bs#G&&uNhMj=I!1r(%dPZm6Cw!+! zI`;{&aUR6!I3kp=M@ZIu(1ICRQUzJ5UeFB-S}`qs1Os66!KDmzk_8 z^H5=oR7yp(VKuh88B*2?Ybd=tTXhDFW{-J;qNd6m*v1ceX^}wkls0bRTq43{S$~2- z5(|_BVnCuq*bGy=&v`=Eqxs4nosQ-Uqu$Z`B4M?h+Xl?9&$mlxIJT(RBE4O-*m2n+ z8N2P#@S-Atux)@^rpiq5-pS7;4MK$Vo8rB#LOY?e;t2iagjIwwe~8xHuhpYP+P%k# z(}IiXxhdEL{!4xz0ykZ z;3S0GyIWXiVB%GpPD?{ntt))+jOvWCqc*z-V#>6M6WNe>}X7|Rsm}W?#79lK(l&U1Pk{6 z+*Z?%I68Q~3(;vf<3mzAyh3^W&`3dqr9{0FNXCA`tHLmm%4UkW>f#e(oZ@2vqQlVg z3Z@gJ5Sgf59G_`weJC^KBho?iz%#ZtWbcOK0&xfrDp(&TwS zOkkQu@WGOab;!ypW0xM{$;h6g))KS}=Jp}YkkD`yBh^4{K6-=yQNcwv%ALr>2GIwMooQeKv#Weag4?cd zQ|g*%P%F&lEnyI0f_dN%C0jfx)C~(iP7ehmo(8`?qxCA) z=vERGUnx=@QC%YlgQg^YiYlcWQ%E-ec(S(1s+hy~I|}uKrrG-wlgowd+;NJUw`S1W z?2QZ_)FIXfy>6DNhrI=QYBaG}${eoHfxiL1Z%*Yb2Uj9mmW4yfjy7LJsmr;V?A!f< z{-|WT-{RKc>Sf8XHW!l^PmC@i8mSryXf;ceW3EygeRnII$36d|?g?Q9^3Uc8(u>h- z(uObzEiTiT&=WT|iJO=jE`rYkhS8V@66M!h>m`8~5-Blrhl(UF1s@!Q*A8CQz9x7H z$M)#T%hZwFvYfDQRBVErqq{`pq`7CVe0?@<+9q>{FJobR z=@B~66lNUu6j}tIIeP|{{vRTkFOkxpGq~kvF2#d`Mr(s{`%Tdl#cV1aW}TTxRH+ax z@B{S|B2PhxHu7@~M3O_Uu;g)_TMW7hXwdqdWQswN2h0brydtWTqY|5#H{EPe2*%DT zk@+O%NP@`|*j1~|Xa%M_P7tQ0H!X%RWE>on;-blBaL|mugQPoJvsWgqA^9c=@13vU zWa+PGtGjA)Rjy%yWL_tEdc4rkj6;+NKgmOUg}RFSBZXUaXB#Y)NFWZy553S4DT?Ji zqxe+DCP7UYgDy>|%HAnSN>N-=^WgD^%d$01tGy$*hR|pER;avT$|G#Q$*J9DkHh?- zb326=@{@A*jJl78VmsNO$a;7%ifY~xQW*vZ8#A-vZ5)E(EyFM{rCy`MJH-S+iidRw zmJ>|JZXuFT=5j#X1vHd7<1VBYR(4;N=6cxNcqVP*4HnV?_zm**nR7&4Ag*dr3_3YBQo zmv-A4MFv8aq;BNvRf$DQjqH;WWJ6){v{V#-h8$ipRZA39;<*sP##qdv^6m_&4;O7R zU(JUH7Y?4&vfakocY*Rv%(xHkD}b+ie8FA+=ao~-#+XL-U~-O3KBno)Xf$FIg@kc-vx6;0;Go7PD;wMvP^X2|G?(X&Dakb9DQ3aD z4W?0+vuKUAGsqmKG|P3au=|m$ zX4#%;^m3NUt2m^h%UNrdAo&!zZwQjmMoX-8-ApYlhuW37er6U^3xoHkI(Ou|ed z4Cdi!gHn#hF+w42*%Xer#e7|J|9QXFJQ`);yDc?21ha%OQy?;ZqgAwUFoH%75`nIQyG05frwyQnKpLC%SU$UbN-m`BnzZ(_uO96j}mCW||6o#diq zl&b=r)YdzA;;ocv^yQA)UI{mhXZC?>eW>6bT97TG_#)%A z9>&$fPMY`NIw^=TYhExmr-!4+#$`w;$!`iD^K{d7n)9~HtptBj|VW+T%@BKuJ|9l1sW<#KTxd(GNp z-FHhVkne6Q(SOSDyj?9=VR%b2&$fj9r_^}e$mXp!!wqFy*RI~SY0K73Csbuyr5#r% zTaA6nUR%vb>(j(mSX$uQ;yUi3#V8E>7?MI}3hL^hggeO`D&cVGAbVY?i1P=uJuw~| zx+@>s>`)ep3sJsd+oh6~ees4B|%Hk`N`u*4(`$rm-_~vNE#C zc{`%m4K)P$tsz$D*iHJLDHUq-eIW#s_X{+Ss?coA;BIezArpm%Q87gGZ7e2Mu?rM= zU&N#Nu_fOpdA`#83@h)?J$1J6?~y==QCuBtp@P|tO|_hrh48;Ex<~axs)Npl2C{85 znECn#^9L-j85H z>rn*bqH)IXdT5Gc!5~trIYf=KtI@26U8E&(L{tE=XLl9YMOV3*SL%3e z?dGtj9n$%>VYw9{X-cy6g49rqKCO98u{ow>1=!|3>pE9Z_Epl!A82HTrQh_SsHP)u zvTz?lCad=TB#ioE%MY%7uoJOAn#pJ(PBzPJ+rTp1;$)u8I(G`wu@uxFcMT_>ka_H6 z?BuxJwv~w@!g51g#5P?(d2d*|ZI#x5?LaZ4y;zi?tcYujI}nPkde8r|vXOSGO*h)e zowiV>;JAHG?$xji!$rkS2b_9Uq8q0LFwesRwg)f3pn0jeGy}!Q@+1xi4B6rV(pnlz zB%sBB7`&8Kpt5p2DjtNHAZD5?JH?Hwirc5r&KeWbh{N5xiF3l;&L*ySFq-vk91;ty zPUV-wd2dKyT?7pKWlgsUM?>^@U8wy%W82K-+ZL!#O?dVMVS|_$tkBwS*T?b+X)v_aUdk1Fk zYh@er_)5vP6H{eZhUZLVytQ|FG&UXHaq+}CSNe!vQ1?lZ;GT^OY% zX!N_sj6^Au`TSkkD5ie0By3tR*Pecp=H!QNQ*~TF7#qj}NrgfM{Y#_wa_#$!hd#p` zjpM@(kd92k?haA-KbAw(Ty{vN0QRg_Sr~u=iH78*OW zU1!k2`tu#^AxFK;o$jaX{5^?TF0kjxD-;FGqg$&bgT2FuhzKvAdTd5RS$;C_nzFr< zIXb%Zj<%V=ZIvNkw(&0TCPZo}5^+g{c8Vqw2CPmA=RsxB!qy^L7P}nO?p6Zu+OPo` z<`p*Pr$q=(ox$Q4Ix*KpF(D+>VZ& zY5yS`M4q_O2=i5;znJ+Sm2jx-ZFqhb4~3+}RsnyWbq&O% zc0(0R^quEwGXdZgi=`mhj}Dobztd3f&)&@%y%0p%C%!%0FP=Z@A+|)FXMX}miK$G{9&{o4DTY58w5VukmytdVljuV-( zK(?`I-7G9SNqC{*-fr#9a?Ty8ZvM6xfybsdE@eg~h|H56>Yd&^jlb^%wFAluRq*9x zmsMsvq)Gw^1IOD+)|nofX>9Z|j~U23Qm9F|Q!`uUq4##yt~V!awngPO?`*2Y|FzLp z#_}MX-}nvfLSyeJEwE>S|E=~vc1?jXY_ZYtom7^`nb7SVOc^)UAe6qzcquIC) zllkDt*dW551fAung=2VV+0asbQ2?*$!40j6`q&YFpW=LNY^RwZ6@p z2Dc#9D3w8EB(@3-FI{%d;L>G-!)I5Pp0j+}*{3dDwsdLVdQKP_+=e>S!u74uT#hH= zWP?+hFk(x`;kffD9<0B|ua{%n8XC4Smf+Y+j!6&h~#wpZJJnEtUg7Gu4vyRg8HS&jn2*3H(mv9SiL z4hXtT_Ix_$2Bm#|<+e9sm1K)%v+Cc@!AxlnInjuzf2Lu(Pvx@%5y{>`x=4V0Jg0bh zE$q79Gg7TCfwNu?E$OgVXyhGngIO!CN2Cb(=XJv8c%(*I?8!wYX3`)mtKhyw1@)mH zompBcoMopPPyY>7>sikFINYkyx59KsO6a{2gEG2xc$qp1eMSo_d62;G*@mPK@1Q+4 zYkezhXqS^n9-)D&qpECPfM;T1W|@YQ!6F6Nvqj#Q$!B@~*6LmxrO(@59jlY{Gnpnm zG*+eNjE%ayTU5s)F4=E(huUU6pbQ|lmpEI93|d& z;Kk6nCvhQbD5DxfRNOw|6TaaSo*Nyf&({=VUptXVgnjkmE0CSlPEYoykt1zZ(ghxh zmM|C2hH7!lw9ha_v*hM zz_W^t9@C*#O;%hv8CyqsqVtG%C^$>OHXPW^rgyB&r~Gz^Nsq-u&ik8fTQbH^B5~TV zV^PV!w=mO~ZPs?+dOe2cMQvh&fdQ8`YU?NoEECO`n!w3zZ+t0FD2u7UWx+9a_~0-} zBABj?lQF^)^pJ&Ff;ydEOfN$zb=g+^zbyZ+lmdy3&MJ z)--X-x|MItbazncQ$kY>|5(s!pH<^$g;wW%r6+6HSfmHm8-4ng&gh?ba$PzQ_5c#`kRW=@p&PY5`XOc z^FsBie_yC`B-r+gvQ~-TAe;Mlze4q4To_!K`}&f0_kMu8b7uI zEjP6~3Wp9E6(`F{f&d-#PaOO5kVc6~C~2=^R@cDb3l9u-vtT3SwP(Uth-~odcwTvh z%j||nplhInm#NGXIA_~yhv4g!%5^b5TN|P?tt}^C0 zsYT~pu&BI`?-LbblRi>Z+yx=3^vFb){R3m&$ z*Qh?z@b4N)-qIJ0ib|f(=Z+HLrpH@JH~0j>GQ+gq5yro&SV}Y%TIPI#Dy-u0=_7;n zQD$=DhFln!)_rl)%V>iSAaSl|o%v7vv`iuvl#e3Wmvor?oJX4*5_2guQ84;oKro`I zx~A!&MdHj8dF-T};4Joir0JU0QH`5W0B@T_K)IXoch^Q4X5MCE6dm>NWbH{UlytM+W@6C%xN1^fR5lLdj;`v&WWB<;#_ZtIVa!LL zSsL`RDPG3Z;fJdm2qY6&r>DuG zv-!w7|2k7rREh#e$`cXgCWTOm?Q;MU63mrVKD+keCiYG8ohA;uQn`chK%O}p?#y57 z2Hj2E_5CJ99%`~a$`(8H9Ve(v`6r~qAX0iglp-n<#SOI3jy6Sd%?ry0>NtI9w@OY> z%Dtp8t0Jdx`hJh^I@p z8N#^{#1{#(5zXMO`VLJHW^XesT4GkQ%qdCG&yo_6@Ubcmm`S3In<9l%7?zyyy(&)G zLd!`;(cCd$ny|qA4IUOm_7TAahzZe282Rw~A z$6KdXF{I_T#3)UBAxQ&Y9`6%hyFoq7S(4d+#Y)^Nga8_3to=@^%%Ur(B{rqg&}nPs z(x6F=)8QLid@yJK^MQOMm-gmyB1G%A#52M;q$kCTh)e2oLA zNq07;w}OzOgNaPd>nK%>mdHHVxr?5PvsOBt=->g9xgbNWWZQ`Yr5@^;Dw@1$_I7y8 zXtl*b3feD_Pg9*^FD8=LC}g&ORf4WfN@g`~$vDYQmsC@~ciNP7>%eJU_bE1Rvbu*tc;Y{p7TLhG52NjOVnedP;yVTzVZLv} zh{GPC@V&IiDiMA;ZLp&W0wH&iU^(|9)ZG}`9g%_=XP=z0BN_v?$+4XBe9+)cO_g(% zF&VX~zUpdaN||UlCfmq-&ll`v{Yo|bF8Ye$_t9EOu)EP*ow4%vDpzxkU@Cgxb~@F& zS1l=ZEYAM5Xw1q5FeDv~rl{VTF+oa8IkRRxAL5eTdaHmMW}VTZ`AvKx&VA6zzJ@&h z#PU1~a$;dB3{qwf_Qc3jFzroETS*Iw;xa7EVmL$h4Er)Vrh)yB6x%wKDYjcjwk=cH zLh*wkpqvL&K5e2&0Tn))NWy}DuaI*$xsE`dhwIphuN^6t>`dvnqCC)(Pd@+~AA|5`jmvfk?k85JE5ADIk2cl|V)H-bnxtU>dLx)Lrxn4Ea z*zJo{!5*SzdMD6^KELM+!Tte0_h<00@Yz@LOcqZBX}2xOcZ2o*;wyZr0tYN;>BYH# zTXoanWSmkKU{%G(kJjRB$mi<>MV^Qb6KyRth=Rjs`Wmd(tVVP<1+qwjA zAOki z^+XUHWs>XtCisuA$x&-*W(*i0!#HR7BBu)fzc(P}iN-wDP&tdSrbo7vE@JjPJ_rZ_ zvGC*DYGt=e#*6GHVRlsmb(9x39DO~hJ4$Ym2qqq_!Qx)=w;Dz1^_2KU@^N*WRa!GV z2V;S{-}eG(LQ&1lhZ%AR%3N-5)Dm7;&bE(nm2!Z-Q7NVD<%{2Dy5USg>O0RmHLdDj zqJtBK^jY}8eqF2s1(T=QvGOaa}=P~4JXr&1eJ6>vqH_AN9{abaLJ>r)tb z#bxJ9DYR_wFz_%K6&bJqfWIMD2hA3ZD>_Sou5x|@D-ee`-nz$1PuhuLToem}HY7`gbGOo^Sk8pxJA9k+)6VS zW}J>_tSe$F$k+Z5@lA-6=`5ZbqJ<(3!&4@5N@d5K`F5&QZhh!TGGCcWd3{?gIoe2r zGWXDHHvG(BJ*Vwo=L>K!sIN3sJ3jgt+An3l8}P62`3k8MQ^Fz`Af$uEg}!TWZYxaN z-NmR<(ie-1@<@(Squ2~ttm;@?>W?q1f~Qs#FA~&!7s=$q7nb>kIrUHQ%Ic zv87JMp$B%zkHnmRIC~2|q_u(60zwnHs9_P%Zqy&t8Xw}&;A+g-z4kh9SL8OWLGDD) zy@5$WQjYSImP6i3BB?+7++bPMp)>>Vy?7N420^N^Q5J3IV9Cx=c7enU3KXS5%B$TC zsw+b$?;&5*@0i?^V(|Gpu_P~@5|AVl8%Ia;_=hA#e?j$UD-nl=S~z0)_6W7O%!oY} zkJl6{dU04m?YVe?qg~-JSbTDFAX|lnm92PYHXs7t&ol~67))`+fWW9w`WB@RGPB3= z89y^8>$4n}(^RYV8A|pH%0cU3s`mMlb*eTIa4`D~Gfr1jimHz7{(i7qv4ACWp< zccf+?t<39D9tu5kV{vEx6!Y>)J&MbHb4QVXc%apJ1L1wi*Q=oDIYaSctxl(brs!|6 z0lGO^_*Yja6l>PQjtJBr-$}N@xc~hA#8~9Ay!IvpSBxmYo7w>}?>pCd(hyUy@5j!W ziWFk`OS-AFoVoLcj^yVlkYUk?J=kLWVwgk{4X39O2qg(6{}z5F;} z_UG9_VwlvE5+j)4S(W=d(NgkIWr3yBY>LZd&@g#O%Q|4+A2~Kz4t<^H=he*(sE7kP5L)o z#)RS%4NnZTW42c0Ep8Kczb#Llau~N=q_4&zu6g?! zdM_7qAMy5?ORO5qA#pQI3zN-x=f3` za&uXzBvp%7r<9XMtMseJOxyOo)3g{xf%hkKW14a3WjZY6&@8_Bo!r}3MZ7LWl^VVbVGP)>5@?COr8XR8nmW3c|)XCIGpP1o=>FOSy+ZpmG^tP3l=^CPdgmYIEQl zl)iVSr-N&-Kz5HbYd>JLC5bP&5*UB7h4F)wZ{%!D^P45P|eWHg2%hV3GQ@PQL z-t@1zHuTy~-Wbs`hGuPV`RKI_WspjBzf#E$O@)ZI1q-h0m8=~W-*?4ar4PLNcU?Da zWmma>>6HT>*9AMI1S6BTU|lXuhs}Q4kyaQs>?en#X;S4FHx4aF+m-*Au>=}Yf?Qix zgx=zt?}zoS3uDp0`6|;QQwQ_4cF7cr1dLg&D0Dxe1U5c$jTiFI4OD8;uv!sUB;x9Y z-*;NlY(o*`Z!#twV}woKIrZdbe#=xuV7pf_&!*&7GLWYBZ4YF&NO(m$Ls5-_UUEw& zMKHDADiU%~|4_up!gAA5UYL}t^zn3@k5%Hyj@g$;CQHcgUB1eiDiE5@1d35itRFAW z&@Hw~g<@sCuZ8+K)OVSVJ0Y@}3*s_giwz9S1;MC`OB@uTRUawr(3CHE>7J&VY&Rxk zBtpMeZ`p=d_&tST7g=L@c3B%W5PO1332PVcuvIBfg%|9Rl#Rq@7h?qtk7Gv#G4f{G zx4kPC1#ueP3kvWXtZOkJR}Dt(L=rFOILrHi1Gw{{j`f{lZ4z<)iEp}7{w8tgt>s0H_w9j zsapxRVW)Z+>%R2JK+hK+EzWE$u0JNrdim-#^}vMaTjw$O!FWq!tYCe%zGoy00j9>@ z64iMUbc^_DvGVQ906L7=Dcj?7s5ttri;m8}ZGA^=<7+&N)xnL*t+z-STz2aRF|GUW zVSd}%Vb1n-_B4Di^l?G<;&z^hrC= zbsEOzVf9zi9PBVNuOoSGV>Mr1IY9wVSnRm$1p3vU44*KhkCxf70!%&~wvId(T5EGI z0MjxBC&`CRk+}%NKC~Mg25cM` z4s#TyU?iF*Vs-we()3PBYgM`M77K9&@+hW*=B_kTEvBZ*oyrq58ueegjKFMhx5T(YTg(CQ{K-W%4smB72=`D_rG zwxp-CG#!oPuxI==ry%|HU5uLG^oVvk5cZmRNJ|~q1-i~OvWm>Rr&j0=V}6hBTB zUdDM}!4KMYcj{ZsVa(XNEGsYZYt8@rw3TovRYWZoZ*8kKMw2*w(N?)9FU4^$HCz=; z$ZuSMGXo4*0xZ#V8WMNAr<(7b-lzMXt>yb|EQQ_)i z#qlu7xG-x{{Q7f3!Fg1s_H=$mT|o2_v(UGo3qdY2lCZtmwD2CwR2!G9G1mq2(lj|y+u4L`AF{p5ihO~8LWZM`VGlFLAoL+*h=!q?( z4L`XCI~Sfy%^N(3$|w1kP*hbDpC_d z9@%(?lfh(thkdUr)+X10wSnBXHP4k+kipD$k!P&0&6-ig=1oq0wV{;@u&R$S5cng- z`CF4HM9aKRw3xm=4S#}J+j&27yAI9aU7c_}W}z8P&J6Mvr#<7wWez@}tDOeQoV6sk ziVm3s{A<;zu(nu2Q0|vyL)xbxCyy!noV5;L@G~FW)KkvLm`qGuM-0#<3|%>+X)fzX zC|aldh$nY)T-H-2zp2F_Ko7x*&BoP z#^fD2im~r&t^}xX2O*b=V6i*0&nIIY0V#hmC+^OVYcr%e`#@bL+k~$RFe4?A;g@ox zij#Fg@4i=@*3OL*IbYI#Hb|xzY?DcX&NtHUZkIER+-Ps{M+wLqt_yjjz<&Y$kl6``k<0x#<7bB=>JD*CS zzhnw8C#rLs#hbb-rRK;#U)vq2q_mpZ(<9)N$9F-?U*pz6?{<<9QiDV%nz^8;urGLT z@>Ooa=U-ea=gg;KlF!}WP4ctvYVR`+3a#i@u9F>k>xjS)px3=}(&9QAc+|9E#yNQHxZd#a9V-1r%9Q+dRi zv}hGqSFJ3Z#-wMV{2_V#(#z&Uo2)I&a9nJJ`fPr40WRtXHZ4nEp0AyTO)M@ol&773 z;+u2!(uesczQxphGGmWBjzP{Ca*;9~I zVTp{O{Aef{i7rpJ=JS82k=Dx{Hd%S=<$xX>=b&-IE|H4~y=LVft1e+jnkGqqnIt5p zMS0^2pdEZVSHQgcWt=Q5^z+6^6W`BBbEnt4);|5q^o6$t9TycAe&*i8DsW2G>QTN> z&I;}%%aB?`mODrEo=Lt?Zet?bkRL9d+d6O{xvtSfB%fqP)xwRIgTo2Xve`49Af_$Y zCD;_uDPqUb*-@(gFw*jUl3{^=pt5=GmXXz))^FOnslx_B|E0E%V(CW8ur>qDFuM{c ze&O8a{IESKl!Ew}rRpN#Xtc07*+kvA)5;ig!F=TOnVjJptq&z#HJG(h6+(qi?~Rbs zei7?(D+EMn1y2YljI&(5(sDpYdN@_6BlrU8ZLijO#l?T9zJU?&Z5R%JR|gGr>MqJ& zI(QRk zxkl!a2VyKgn5V<4oNwARPtY*s#~7YZDiapL3I{qxI zb+8i(67az{W~<$S5p^}PnuB$4ac}3@x${fR-m6FU$>hRsDLoy|lcZG$u(WMLVqK~F z!Br-+=8cWShuRkgkqq*&2xe^zu5GESlJB8Jrt)2Taa+D*tX>r@6%IWJ8;lD$F(30) z%0E(JX>^ycNCl^@;ym`euyfU{h)2`NwVi2Q%TbYA1V5W39Wjdhy!SaulhbmnL(i%w z=H?!rWmtua*lvQhEu3^mak#Y8WE7HPcwfcuNy$O}HCuApGsgZp(}lc3|FTA922agN zSfQ=!S=@?Wtig7k(?~3Yh4EA0$`b-&ys!9`<|x^ENh8=M5NvUc@vpYW1oMr%IcbU| zy4MIFX&=RFHLP0~F*FlKLujNvV_xy-3i^N1+dPkd?=w~(Az z+OE}VX!l_}tgEyPug}P1MMz9*-4Tc$?&H6eYMpIhd>SJp-$mTUr#0o2vH}+lyrk zwIoQujx{-WRy{YVtwt~8lzB+CqjW*$FjoQAp2Ow@7j~UX#Unpp*ocC@uNRG3U#6e1 z>E6CoKhGp8G@-vm=JOffD_W6V@cB}~gUdYhO4~!!>@4p3 z>`LHd5^VB8+D{|Mr9v8!7Gfm*Q3&}QFyjQBu#ucG5@cg@OehhVc9`X?Zq885C6Z?3 zfsg62yAzD~bzW-R6{@gl_2kMedZk@(Yg2KtPsq|d$>l}kUX)(B|M|x8n``p7K zlwXcZfZe3)GLkjWBYd4Re8kq2&B*Jbm+?^F25HHJrD3NU81h(1<#zqCY9N#nvX z988IdL4~zF%{Z>{+Yl1B%cp^2ncW}7A%b+)zuUc_muO*diJwy_sxZ+siN_R1$%{^- zzkLLm-!GDzTTtBaqRhjhDB(;`U~_n}YJ*IrzRf2gYrs<4Jw&$d7%7={zb&Pgmvw)` zS(ipHvb#~%TyNgLF(WC64#bPwR^sxL*SksG-O+P}Hyl?{Z2GnoY?$YVM3h%e%q=0E zJ+RBLfwa5?@4NH0={)*oL21UkB4-(jWz9#e3!3nkLQ3g1Nq86dBpIr^&m=78;&7g% z^u3BvE<GGLR4HiP`{Vh{I<4zs4!u&>FR19pJ57X`?w%STkYE9@>$(qlW1z1Gn3 zZCctSlonl^P8eG0qq#dV^jguzd8sL9Fr<-_RsQ+S5t>5-8m^4Rb$u*LcMN(SUmD;7YaOsBiaIBP;v3y=I6(fM^YmGr3fcs3b zvSv91$rGN+5KgSQB`Y4y;DvJcK(SprjWu~3#!zmy>wXnuZPVvWbii74n9CpJesW>f z^*qaGH&mzh%6dOrwOYr<(S(Py28$=l^noeXP_peh&LUJe?L!QEaM~uOQU&N7`p)S) zMncZd(7ThZy@3d2-po0LNfEJhD%FOy+g3&QB?P8&3OYc@rZkok;rU{NhzuQ^q?G6W z#K3Q^hgXCgYIp0v9G4Jrdtms4GuMi(GtdxrDQv*lqD42kT|xuROfJ+gIA(~%gFkDb z5vj#(k6f}h1npy$i<-rL5z|N*d2nJ)?Wz~c()ja4&K0}XOH|~!#l1nan%=!(wbd9S zEjIFLB{=R;OH#0i8K=Ie7yqFWFaY&7kUMWeMaHk+%+~=mK{~?l^FRY1q;%V+9e+kMiO~d$$WFZ zCSR(ePHic3QVEW^36VJ?_lK*x4~I8{mNP0#Sbkfg&wVzgY&^T**eM^mj$B00+U9=8 z2rfm%sZ_yU!Wt3eK32ueX~2@!o-M{ZDi+g@v|ep&(<$A2wXh(wx`i!N^Hg)x_(-i# z+6I2@=uG=s_jaIl<96Y@lSq39=Q&-gPv?3%O3}WZRZ48UwRd{dg${F+Ng6q{z%&z! ztycCIwQ0oDy5dW33SVh1$(4mKfw8irMG$>`dzb`z+29!SOxsB&C9Ax;-O>+?*f?Up zwKuZ9KHfRa!n5&>xT?(Zz{UOnqCm>|XX~_93bhxfQY9x#I!lY+4=O?-V!KeD??WqW z&3UNugehLe4#+VrfarUv5aevF$heTqZQ`=pxggK1hY|!$L9#{oVk*{=Hl?Pr1rm;Z zLDR}z?00x9g6-0jS#^q4BM7Y8d6j1SSx4r?=YFHGdcTeS%xTrlW}8Q$d)FU0E( zf)-B*d)?{PkW{DX7P&qKih7>$4=t$%Pf(oz;<2&3^$1R}N~yZCM}rp}NfR*i_TOEnpVQ;-tni2>te|Tmut0jNX)&pMO|)*?rs6C{4mejm-K9Eb1OpJ zbQ&bzAdaw=m7(B{V&=_M5NN@pw%?aSk(oN&?WXp(%dphgYvAU=#s zCd+lU9dC;vkkf2eIlMbuV(MU%K?oDaLik^tPZsWGuKo+tu?w;tMWy%BXWbxCs~ zg9=}h)w9jXQ&%I*OC6Dl*Q*804Y8_i=h_E=78JFCqBJ5V(?(?O(fYlgheT?*ux|2Q zkWBb6pN=OmCvS}NQK8JW2n$PIXqoc|4AYMX?J4*0O+(I`WL34Y!e{{Lg3l3NwQ2Li zMmB9+J2W(OP4S_(@Wr>moNSAbBOWs0Gv}K~#piXQd}qhT&I;LDmB>0dQFKDr%c078 zvjXB{TI>MG+l#Dbn{6E>MvHgb{KMFV&kfC+$?*TRT*9e>#nOUkCAMj1yk%!S)6Uj# z*TRs}oO%iX;!>tM^tY8}Og>u?@qTZi^%BKo|4A>$y{?YnDj8Yudg znIJbSFjh;m+0cBs?4xhz$_9s;?reIT8A-X4!)yYN6`KhAM6Iv(9WM&{<%(r%ePi5Q zCL$c|qx)7Ql|&aRPB-bGlKj+@&P6{fto9mCPgEH@RaulZZDn!UGn;Dhe{D2_XKKZQ zbqn82gpYe_t1(_v&D;pgSy|l^IT}bUeycP(Cq_R|rEZ>Y_5(Y4Lq`Oe8(7aXK}{`Y zb+B+`b6zv|fa=AC@a4%@MLQZSh@P2h9u_cVV9__T^i^HoxtBZbYiif&BNGfgpEA{2 zeqyHSi$37ON|Veh`I2P9I%A&u2$ruPrBoO`=aGf3EM)kCaR%#JiB2W{l)hq{xeKbh zUZsv#$ud{Wi!RqW2!%bRQDj@@7FnQGm#ej^8%~NXSRw5fR}eZs#|sxI4Sw(ZwBf?} z%lQO_YUgub7DYC`B&c~)L>uWh+q`9@edg)WB!zrjZ((Aja~J@VLzRuSn)WTD7FGH7 z-9kH@0EU8sOd5Vxe)!oi6(^|gyZ2ArS1 zK%uc&=~?hGUJArtg2AqnM^Q`i0h|I6H|mV!1e1kVm==Ug(v*6Z+{rcHDF-gdR Za9CF(n}L5}A=$(x#SVh>3KD2uE`H!29RvUX literal 45975 zcmd6wd7NZdS@$m_ENLMufe;`hHzb|uCf%J($b@7vnPk?a$!wYF34{PcO;>eKWvZ*1 zT4pjKxUqw>8F&>`i0q4?z{@6z7&jD@MG-|nR1`N<+(BO6@9%lex%b@a>Ym~K_{ZCD z=U4aMvp(n9&U4N^`O3pjf6aZeEc-$JxeUx7lx1h!H_IM+PL}EU6?vAO25tgx18oEc*a>>*KTR1>l(%X4!|pyTMK1u8XqlJ>W~gOTnwgv+Nr1 z2zV~|X7HilC%`ko&w-BxzXq-YzY9JP9KSfr&H`sZs?4^6YEK<}Gj z-vZT-Z-Qja&Y`jAfjdDxZ-A=z6`{p!n&RK}enb5vcy%_i}IFC7{Ob$>1Sy8Qcke z2IT+QqhP8t^&S+T+zP6kKB#iv0IL5V0afmwh399$6l%|fpxS>ONRzXthWnR*D(B}w z(dW}3LzVppcoulk2JhchpvqYUMc3znlCxg~mHziY_4hlV+Iu-S{LC8Q`QYopv%y~i zbMSMZ#_?am^GCsi>cph_OqXjD6-Jt0C zaZuy;PoU^>Hq5T^dLpQHZUt3O9efY?D)7PJ^(eFJz&#)&&t49yfA@mw*PjQx|Fz!! zCxGhbfq*XnH69-V)&8%88n^F(qT^Ycoo-ixIrp=m`1f{D=2i2Z?K;`>nxc_#zfBX&~?*kyJ zCHr9zR?2=M;NOCe=l&vuT>9e%kfF|wflB{=a2EUv5E03yZ}9hZ5Z1}=0o9H#gA7^r zfE&HNJ3)%h7Qnl}cY_+gNeY7{vS)%S_ow*>R?Yqjq=@W-C%ay5g3sdqUEm(@K{t8* zw}DFkYEb2T8k_)sV3+gF72w6(FM^K&Uk+Xfz5`T$J`G+Eeisy9Y~GCx2j@VI|2^P3 z@RvZ9`xl`4{U914e%}VFp9Anw;0M4N@KfNK;CDdr$r#M}Snzys61)Z!-5a3B=?$Rt z!)L<%>HECi4d6J>pAqh#2R@GbcY)%=Pl68s{|r1G{01ob_y2pz8l*xc?R?x=!BW>9&ARdQjyrfvT?us{A`a_5UZq$AIqx*Mpx1)$Z?s;`c{9%hNp?d^q<{1kV9? zf-3J2D85(#)vi~7YR`K>mG?35E%%{+py+V-VV;5S0>26#na{G{0B@|rp+dy2SD}X z3!uvRM^NoPv+4ah7o6e#LhxL0Ke!p}fY*TU0j~xB7Tf_&-0tJw2CwJ-4d6KVXQ0OQ z{xFZyUkR$bJ}5fB3Z!eD>W6DT@=4ZIF~#IoC;Iq*{M zUj=GhKLK6_{!6&O=-J+$Tfp5se?Eu^XP*Oe@RF|6eHW;D+o0O<=73)YRo>Y>m**Qm z_5XHI<9H8vHTX$Ta(r6f-(Lk{db19w{2u_ff?o$84^9l6J~x4C*D-J(`0L;X@R7&d zUfl#vbKeQ~KLd(>p8z+4{{?E?uQ=}MmqC?(Hz>M(2s|JBZg~E!7F&)2Gx%@ zfuiH@f^;SO4oFk84ud9o|0Vb^@S;0iF0TZY|7K8p`$F&%@a>@5`v;)->AuhL`p*Y* z?ym!{0-puy{ZE0a|AXL_;8(zH;3MyH{=XH}^E<$^!1scp=e^@dhp>ttEpI{XDpZ z=U)Sr|H2nKe?1x0c)b7=fBXu#3H&Cg{$27Sf8GN{pErSLgC7Iczt4jgf%ko}(`g+j zIvfP`{Dq*(dl#sBz5&jH7reyFJqm8*{`H{f`~`3kJpHBqyanFC{oBB6z<&fqhf7}O z{Pk2&{4)U6zjp`xCaC%^`!UyJ2f;(!{~&ld_!aPR;KP30`Swy!^xFrD4lf2D4}KU_ zf4&4xfe(7Q)B9?0lKVQSdR`7{{N4|41HS>Po~c)O{zIVj$SXn7;dj7k@U&OD{#_q% z1E~7029@sifNug--k*Xh{~@pP_8tItasM)K7W^W3J^1)ndwb_W(f^g8@_iZ2LBbj3EcU=vTPoFHTX>M-$B)X@F!hPUJdI0v*4BBnLp+2+5ygR|03`L@PnZ0 z{URtjJ@|E=e$XTz?!CpM4KJ54_>0eY_UH zM|1y1Q2g*wa2)(Hcqw?=&p3Ua2&x??K$Z7CP;&pR@O=HxdivYJ%X$7fQ009ZJP-UQ z@B!dM-r)YvqrfL{e=fKcya9X+_)_qE@Gana@Has9<3B+0;f^=@{q5irx&JWu0r2m^ zP2fHEc>BHrs{ZqS&gFUwxQ_d$1^iKP3-|8?>)_vmo57pk>VyWmD}>Mbs>i{J+CpAU)-9|hIVe*n({&v~o&YYJ5Rp9x+Bz8aLgeF(e| z{2HkC-tTR$&!)i(xSs<>mt&yHe>*qt`pcl?`-|W~@P6;` zcHRa)mit$M%K!7A()~fe`@GZr-x*NPw}aP$&jvNF?*-2Ve-C^d_;;Yvo$)T`hbzH5 zxL*M4;8(#Hf!p8h{`aRq)qC#Gd;hnAS98Ai=JZD(8&%cztc~0o?x> zcsh7DsQf<#t^+?0J{25W zJ!ieo`R!uxKHQ(lKkA?UM3?w?G0#Qk^`OS3#`So9GmO~-!M_Fd_ff7Zx&J*-?bhEJ z+%I#zjNiLKwIlw`@dH&*`TH(+Tf&p)gTKSIlYElDhjBfI-%kVom1~*nYh3#Kj)VQX zk2D*({wh5CZ}88!&f=N=?hifzydAtMJZpj9;@Ml3fWP~2-vXb-bph9H+{0eRpPvCC zVfJra|IXFndJ30l4l88O=0as>PbE+MJI?P%aB~{hIsASl_zJE|`Q77!MY1n&{Uz6p zT%YCo9+&>46OPy~w-Zk!{S5a{=em&J@$YPY-!I(X#KTL%?@xpTw}D%^X1Nx*BujO! zFLM1d*O^@Z#TEaa8Gc+#Ij@fo!9U@8baMY_-Xl8Mr^B=V47fMo--Exxb(HH*xqhAN zQRKOROMl;Vu(^kRc6ojy*G_)_6xR&De;oWnu0Frd<q#a{OxcspF}@@ zBiuh2{AaFXT=(Ug;CeP4n_ag%S1J9qr?-zk5z#j&0 z1)E^{_t)I~8rS{9!|{;+gWR9a@8jShuIF)G#C4bpSFiH-1k&9Qp8N;6kL!j|&SUuf z?(pt!z=wq2Df}cimxc!$$kzyYKf<%mhvz>AcDYV)jdQ($>j${>w-D0%UG?AT@a~g5 zKEUta1{ag`>$%^{{lmGQ!|%V~dOE+)0RIn{{@!T+X4$WTn|XH-{2bT&xb*j7u8Vj+ z$)&$vaIk+j@^3HP&+~qa>xYu}U*~t7XOHE&iE9&={-!{!hd+|*L;lGA-NXGst`Bhc zTj6<)`xo&0O0Hkx+Qq&8{)p?L;kWLe%vBHXZyhya>c*rh99p6 zZ{~U!X)X_WzZ%{x1-u*l^YHsHX`adT=5YV*fI0XBA^%T=XS=~kuDf{tBVY%-7d#Jq zJos_0OSl%e)^Ytl*8_CV0L_N;%Tk=Gl?n)8jk-^u5@jat8v58CxcHy`hfZK~J$wL|{COwO~AXKd4vTJOk; z1YX{Jr`@kL+s*c3eyq`LE;Q$BYD%s$$2N64o&F)^-kj@S8kVaqdYrdAbz0iaE2V#5 z&9)X4EpD{uyC;_Wje61Sqm2`Juhr=nNp>B)=|CQz=Iz1KVJHAamOAz3!ilj>dbQAO zLA1`YdQodxYCXyqIwYm-?Z$C`$bD;Yw6~>Rzlm%<0yKYnW1%)^_4E18(lYt#(@lsG zXw_UkLWRq-COzx^<%|lvkRuGt{~Dqmo;%k2Go;ZjD07F_rJ%bAx4FrO`{%8qxlVYJ+d21g~Yg zSmbc4Gk-LnIDDet=uPr`FqJFCsOJZ2kfqnWvymi&s!O%L9;`w-4N0wCrwzT{@{w+> z*QhpUckPbm(qKtLV#5^5uOHnymB)9@HpJEd9aH9_oK~Z~*gqn&PRt)+Oy)Htlf?k; z+j`UXotNiLHB2dnXXDJ9yco=i-;nas!?SB0OO% zvX@7bQ^t(?$uD@S*68_7-=spn$Ih51(UaVBx4mIia;Nljjb6W(*Sd|ow!GZ!Fj}U3deRt6G^Be1 zCD1yNPqaIEuixp`7908O-pQG|YsoykaAMaJOk$9QGVYGrW8`ub{3yFR?r95Kr(RpYE7OYLHdxK@FQ$N%!M6K7D zhdE4rB$bdsCS|B?y?mi2)vJW9=3<*}ooIDx^}N>4H(@11S%*8Az*@HncTHP0Qs+BO zA(78jzeq@NgI3E5L)p15pjKpZu}uR56DL)+I>(Xu-h8cF@8uJ=MH3BO&R&1gy9Y9OR6_;QZFVmJzMWIdhK;Gb7ueZV~}HbSht#O zkVclBHz%a@DzcStO?bWjY+FsG*E^}gt~eN!*zUBa``D*udwI|ozj`L9i;l^6?cKW% z!TTOv6d^Ds*F<|2F*xIUk7 z(KKp~_cX|{k`X2Fs4jNuGSZ!;yeAu7uyQq@6^QyqL8Fbu!^g1$;?&_9LbKe)nMXyA zGF4s9&r%adH87hr=S)7^md}KIK{fNIP-Id}$eO3SuBfMR$9#)k9&2DYI+!+!pNfUy zZ(&Bu+7_Dda4lcxHX6f1lO%GU3GJbK$B#7Uk4RX0{U$@YqR^rAQ~9#Ggy7QPdZXP; z2X_%m6-t&cl(p(bv%S#CYv`gPO-d@IfLrDpy&l+<;XP62$M5bp;S>bSOm0Umow*i` zwzOXuzm>@}GOH!=mQF8Wt{dH{ygO){caQazyqW6`eY+!zujFM!k%FZ|c-L@!x7}#T z(H=0kQpSyXIh;0x1?`J=S09%Z+Vhj}n5ALJOV6a$Su|E0DyK9aiDV5Wl#rPFEiV^N zLQtZ=nGTjEE4oqEW6w|0UQ4rTp(p8xWtLV)3rOKCVcGg7H|X269dfW5sqvL!9@*kP zb`c*jQCbps^EX3=vfN&yaa7Z&P*7)K0pD!p>#~8dpTj8!ZL=6|QOg446(f>xAPk6F zJsR|0HAQV$x=)37Rdmt+Qs`aWvE40^_C#*NP|u-&k+xA!w5p2mj+lwS8bK1qLzm2D&rvxV@xOWx#Kwn59l%2scGYzhr4}JpMQ~KdI?7JbMVvt}4W4n(deID