summaryrefslogtreecommitdiffstats
path: root/templates/man5/crypttab.5.pot
diff options
context:
space:
mode:
Diffstat (limited to 'templates/man5/crypttab.5.pot')
-rw-r--r--templates/man5/crypttab.5.pot203
1 files changed, 187 insertions, 16 deletions
diff --git a/templates/man5/crypttab.5.pot b/templates/man5/crypttab.5.pot
index 97d641e2..e09894af 100644
--- a/templates/man5/crypttab.5.pot
+++ b/templates/man5/crypttab.5.pot
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2024-03-01 16:54+0100\n"
+"POT-Creation-Date: 2024-06-01 05:46+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -24,7 +24,7 @@ msgid "CRYPTTAB"
msgstr ""
#. type: TH
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
#, no-wrap
msgid "systemd 255"
msgstr ""
@@ -200,7 +200,7 @@ msgid ""
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"The key may be acquired via a PKCS#11 compatible hardware security token or "
"smartcard\\&. In this case an encrypted key is stored on disk/removable "
@@ -236,11 +236,11 @@ msgid ""
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-rawhide mageia-cauldron
msgid ""
"For the latter five mechanisms the source for the key material used for "
"unlocking the volume is primarily configured in the third field of each /etc/"
-"crypttab line, but may also configured in /etc/cryptsetup-keys\\&.d/ and /"
+"crypttab line, but may also be configured in /etc/cryptsetup-keys\\&.d/ and /"
"run/cryptsetup-keys\\&.d/ (see above) or in the LUKS2 JSON token header (in "
"case of the latter three)\\&. Use the B<systemd-cryptenroll>(1) tool to "
"enroll PKCS#11, FIDO2 and TPM2 devices in LUKS2 volumes\\&."
@@ -507,7 +507,7 @@ msgid "B<nofail>"
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"This device will not be a hard dependency of cryptsetup\\&.target\\&. "
"It\\*(Aqll still be pulled in and started, but the system will not wait for "
@@ -697,7 +697,7 @@ msgid ""
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"WARNING: Using the B<swap> option will destroy the contents of the named "
"partition during every boot, so make sure the underlying block device is "
@@ -870,7 +870,7 @@ msgid ""
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"WARNING: Using the B<tmp> option will destroy the contents of the named "
"partition during every boot, so make sure the underlying block device is "
@@ -949,7 +949,7 @@ msgid "B<pkcs11-uri=>"
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"Takes either the special value \"auto\" or an \\m[blue]B<RFC7512 PKCS#11 "
"URI>\\m[]\\&\\s-2\\u[2]\\d\\s+2 pointing to a private RSA key which is used "
@@ -960,7 +960,7 @@ msgid ""
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"If specified as \"auto\" the volume must be of type LUKS2 and must carry "
"PKCS#11 security token metadata in its LUKS2 JSON token section\\&. In this "
@@ -972,7 +972,7 @@ msgid ""
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"The specified URI can refer directly to a private RSA key stored on a token "
"or alternatively just to a slot or token, in which case a search for a "
@@ -1372,14 +1372,14 @@ msgid "AF_UNIX KEY FILES"
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-rawhide mageia-cauldron
msgid ""
"If the key file path (as specified in the third column of /etc/crypttab "
"entries, see above) refers to an B<AF_UNIX> stream socket in the file "
"system, the key is acquired by connecting to the socket and reading the key "
"from the connection\\&. The connection is made from an B<AF_UNIX> socket "
"name in the abstract namespace, see B<unix>(7) for details\\&. The source "
-"socket name is chosen according the following format:"
+"socket name is chosen according to the following format:"
msgstr ""
#. type: Plain text
@@ -1456,7 +1456,7 @@ msgid "B<Example\\ \\&2.\\ \\&Yubikey-based PKCS#11 Volume Unlocking Example>"
msgstr ""
#. type: Plain text
-#: archlinux fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron
msgid ""
"The PKCS#11 logic allows hooking up any compatible security token that is "
"capable of storing RSA decryption keys for unlocking an encrypted volume\\&. "
@@ -2682,11 +2682,182 @@ msgstr ""
#. type: TH
#: debian-unstable
#, no-wrap
-msgid "2024-02-26"
+msgid "2024-04-14"
msgstr ""
#. type: TH
#: debian-unstable
#, no-wrap
-msgid "cryptsetup 2:2\\&.7\\&.0-1"
+msgid "cryptsetup 2:2\\&.7\\&.2-2"
+msgstr ""
+
+#. type: Plain text
+#: fedora-40
+msgid ""
+"For the latter five mechanisms the source for the key material used for "
+"unlocking the volume is primarily configured in the third field of each /etc/"
+"crypttab line, but may also configured in /etc/cryptsetup-keys\\&.d/ and /"
+"run/cryptsetup-keys\\&.d/ (see above) or in the LUKS2 JSON token header (in "
+"case of the latter three)\\&. Use the B<systemd-cryptenroll>(1) tool to "
+"enroll PKCS#11, FIDO2 and TPM2 devices in LUKS2 volumes\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-40
+msgid ""
+"If the key file path (as specified in the third column of /etc/crypttab "
+"entries, see above) refers to an B<AF_UNIX> stream socket in the file "
+"system, the key is acquired by connecting to the socket and reading the key "
+"from the connection\\&. The connection is made from an B<AF_UNIX> socket "
+"name in the abstract namespace, see B<unix>(7) for details\\&. The source "
+"socket name is chosen according the following format:"
+msgstr ""
+
+#. type: TH
+#: fedora-rawhide
+#, no-wrap
+msgid "systemd 256~rc3"
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"The key may be acquired via a PKCS#11 compatible hardware security token or "
+"smartcard\\&. In this case a saved key used in unlock process is stored on "
+"disk/removable media, acquired via B<AF_UNIX>, or stored in the LUKS2 JSON "
+"token metadata header\\&. For RSA, the saved key is an encrypted volume "
+"key\\&. The encrypted volume key is then decrypted by the PKCS#11 token with "
+"an RSA private key stored on it, and used to unlock the encrypted volume\\&. "
+"For elliptic-curve (EC) cryptography, the saved key is the public key "
+"generated in enrollment process\\&. The public key is then used to derive a "
+"shared secret with a private key stored in the PKCS#11 token\\&. The derived "
+"shared secret is then used to unlock the volume\\&. Use the B<pkcs11-uri=> "
+"option described below to use this mechanism\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid "B<link-volume-key=>"
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"Specifies the kernel keyring and key description (see B<keyrings>(7)) where "
+"LUKS2 volume key gets linked during device activation\\&. The kernel keyring "
+"description and key description must be separated by \"::\"\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"The kernel keyring part can be a string description or a predefined kernel "
+"keyring prefixed with \"@\" (e\\&.g\\&.: to use \"@s\" session or \"@u\" "
+"user keyring directly)\\&. The type prefix text in the kernel keyring "
+"description is not required\\&. The specified kernel keyring must already "
+"exist at the time of device activation\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"The key part is a string description optionally prefixed by a \"%key_type:"
+"\"\\&. If no type is specified, the \"user\" type key is linked by "
+"default\\&. See B<keyctl>(1) for more information on key descriptions (KEY "
+"IDENTIFIERS section)\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"Note that the linked volume key is not cleaned up automatically when the "
+"device is detached\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid "Added in version 256\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"This device will not be a hard dependency of cryptsetup\\&.target\\&. "
+"It\\*(Aqll still be pulled in and started, but the system will not wait for "
+"the device to show up and be unlocked, and boot will not fail if this is "
+"unsuccessful\\&. Note that other units that depend on the unlocked device "
+"may still fail\\&. In particular, if the device is used for a mount point, "
+"the mount point itself also needs to have the B<nofail> option, or the boot "
+"will fail if the device is not unlocked successfully\\&. If a keyfile and/or "
+"a B<header> are specified, the dependencies on their respective directories "
+"will also not be fatal, so that umounting said directories will not cause "
+"the generated cryptset unit to be deactivated\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid "B<Warning>"
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"Using the B<swap> option will destroy the contents of the named partition "
+"during every boot, so make sure the underlying block device is specified "
+"correctly\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"Using the B<tmp> option will destroy the contents of the named partition "
+"during every boot, so make sure the underlying block device is specified "
+"correctly\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"Takes either the special value \"auto\" or an \\m[blue]B<RFC7512 PKCS#11 "
+"URI>\\m[]\\&\\s-2\\u[2]\\d\\s+2 pointing to a private key which is used to "
+"decrypt the encrypted key specified in the third column of the line\\&. This "
+"is useful for unlocking encrypted volumes through PKCS#11 compatible "
+"security tokens or smartcards\\&. See below for an example how to set up "
+"this mechanism for unlocking a LUKS2 volume with a YubiKey security token\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"If specified as \"auto\" the volume must be of type LUKS2 and must carry "
+"PKCS#11 security token metadata in its LUKS2 JSON token section\\&. In this "
+"mode the URI and the encrypted key are automatically read from the LUKS2 "
+"JSON token header\\&. Use B<systemd-cryptenroll>(1) as a simple tool for "
+"enrolling PKCS#11 security tokens or smartcards in a way compatible with "
+"\"auto\"\\&. In this mode the third column of the line should remain empty "
+"(that is, specified as \"-\")\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"The specified URI can refer directly to a private key stored on a token or "
+"alternatively just to a slot or token, in which case a search for a suitable "
+"private key will be performed\\&. In this case if multiple suitable objects "
+"are found the token is refused\\&. The keyfile configured in the third "
+"column of the line is used as is (i\\&.e\\&. in binary form, "
+"unprocessed)\\&. The resulting decrypted key (for RSA) or derived shared "
+"secret (for ECC) is then Base64 encoded before it is used to unlock the LUKS "
+"volume\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-rawhide
+msgid ""
+"The PKCS#11 logic allows hooking up any compatible security token that is "
+"capable of storing RSA or EC cryptographic keys for unlocking an encrypted "
+"volume\\&. Here\\*(Aqs an example how to set up a Yubikey security token for "
+"this purpose on a LUKS2 volume, using B<ykmap>(1) from the yubikey-manager "
+"project to initialize the token and B<systemd-cryptenroll>(1) to add it in "
+"the LUKS2 volume:"
msgstr ""
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-07 17:53:29 +0000