diff options
43 files changed, 6799 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 000000000..c7129d134 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,124 @@ +openswan for Debian +---------------------- + +1) General Remarks + +This package has been created from scratch with some ideas from the +freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 package by +Aaron Johnson merged in. Most of the code in debian/rules for creating the +linux-patch-openswan package has been initially taken from Tommi Virtanen's +package, but has been mostly rewritten to fit the needs of newer kernel +versions (since version 1.9-1). + +After the decision of the FreeS/WAN project to cease the development of +FreeS/WAN, we decided to switch over to the Openswan fork. This code base +includes all the patches that had to be applied manually before, which makes +packaging simple. Alexander List prepared the first preliminary openswan +package based on my freeswan packaging, which I updated to the relevant parts +of the current freeswan package. + +2) Kernel Support + +Note: This package can make use of the in-kernel IPSec stack, which is +available in the stock Debian kernel images (>=2.4.24 and 2.6.x). + +If you want to use the openswan utilities, you will need the appropriate +kernel modules. The Debian default kernel native IPSec stack (which is +included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) +can be used out-of-the-box with opeswan pluto, the key management daemon. +This native Linux IPSec stack is of high quality, has all of the features of +the latest Debian freeswan and openswan packages (i.e. support for other +ciphers like AES and NAT Traversal support) and is well integrated into the +kernel networking subsystem (which is not true for the freeswan kernel +modules). However, it is not as well tested as the freeswan kernel modules +simply because the code base is younger. But nonetheless, the easiest way to +get IPSec support in Debian is to use the default kernels (or recompile from +the Debian kernel sources) and install the mature freeswan pluto key management +daemon. + +If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or +are building a custom 2.4 kernel, then the KLIPS kernel part is available in +two forms: the kernel tree can be patched using the linux-patch-openswan +package, which will be applied automatically by make-kpkg, or stand-alone +modules can be built using the openswan-modules-source package. Please note +that, for building the modules, you need the _complete_, built kernel tree +for invoking "make-kpkg modules_install", only having the kernel headers is +not enough. NAT Traversal can not be used at the moment with the stand-alone +modules, it still needs a small kernel patch applied to the kernel tree. If +you need NAT Traversal, please use either the in-kernel IPSec stack (which is +preferred), the linux-patch-openswan package, or patch the kernel tree with +the (small) NAT Traversal patch before compiling it. + +Attention: Please note that KLIPS will not compile cleanly with newer GCC +versiobs that are stricter with their syntax checks. It is known to compile +with GCC 3.4, so I recommend to use this version for building it. If you build +KLIPS modules without patching the kernel source, please note that the kernel +needs to be compiled with the same GCC version, or the modules will not load! + +When using make-kpkg, the GCC version can be set with the environment variable +MAKEFLAGS, e.g. with + MAKEFLAGS="CC=gcc-3.4" make-kpkg ... +This should be necessary for 2.4 kernels, while KLIPS for 2.6 kernels might +compile with newer GCC versions as well. + +For using the openswan (KLIPS) kernel modules, there are now two different +methods: + +2.1) openswan-modules-source: +When you install the openswan-modules-source package and use +make-kpkg to build your kernel, make-kpkg modules_image will automatically +create a kernel module package. However, since the openswan-modules-source +package follows other modules source packages, you will first have to extract +the source tree: + $ cd /usr/src + $ tar xvzf openswan-modules.tar.gz +Again, please note that only the kernel headers are not enough to build these +modules! You really need to have the kernel source tree, configured for your +running kernel (or the one you will run the openswan module with). If you did +not build your own kernel, the following trick might help (thanks to Olaf +Lundqvist for documenting this in the BTS): + a) unpack the kernel source: + $ apt-get install kernel-source-<debian version> + $ cd /usr/src + $ tar xvfj kernel-source-<debian version>.tar.bz2 + $ cd kernel-source-<upstream version> + b) copy kernel-headers information to that directory: + $ apt-get install kernel-headers-<debian version> + $ cp -r ../kernel-headers-<debian-version>/* . + c) build the openswan kernel modules: + $ cd /usr/src/modules/openswan + $ debian/rules binary-modules \ + KVERS="<debian version>" \ + KSRC="/usr/src/kernel-source-<debian version>" 2>&1 +Where upstream version is e.g. 2.4.20 and debian-version is e.g. 2.4.20-2 (it +should match the Debian package version). + +If you want to use NAT Traversal but still want to use openswan-modules-source +(since you need to patch the kernel anyway, using linux-patch-openswan is +easier), you can find the necessary patch under +/usr/src/modules/openswan/debian/nat-t-<major version>.diff +It should apply cleanly to newer vanilla 2.4 and 2.6 series kernels. Debian +kernels usually have that patch already applied, so you will not need to patch +a Debian kernel to use openswan. + +2) linux-patch-openswan: +By installing the linux-patch-openswan package and using make-kpkg to build +your kernel, it automatically gets patched to include the freeswan IPSec kernel +support in the kernel tree. This allows to enable NAT Traversal (which is not +possible with building the openswan modules outside the kernel tree with the +openswan-modules-source package without the additional patch). Please note +that the environment variable PATCH_THE_KERNEL=YES has to be set for make-kpkg +to apply the kernel patches. + +3) Miscellaneous + +Warning: Due to an upstream bug, pluto from this version will dump core on +certain CRLs. If you are hit by this bug, please report it directly to +upstream, they are still tracking the issue down. + +For support, please use the mailing list debian-openswan@gibraltar.at, which +is now the official support address for the Debian package of openswan. You +can subscribe to the list and view its archives at +https://www.gibraltar.at/mailman/listinfo/debian-openswan + + -- Rene Mayrhofer <rmayr@debian.org>, Mon, Sep 19 14:58:00 2005 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..8b7e14fda --- /dev/null +++ b/debian/changelog @@ -0,0 +1,498 @@ +openswan (1:2.4.5-3) unstable; urgency=low + + * Renamed kernel-patch-openswan to linux-patch-openswan. + * Removed the remarks in the package descriptions that linux-patch-openswan + and openswan-modules-source will only work with 2.4 series kernels. This + is no longer true. + * Use updated French translation. Thanks to Christian Perrier and sorry for + not giving time to update the translations before the last upload. I felt + that the FTBFS should be corrected quickly. + Closes: #364399: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 23 Apr 2006 21:47:53 +0100 + +openswan (1:2.4.5-2) unstable; urgency=low + + * The NMU patch doesn't seem to have applied to debian/control, + because the dependency was still on libopensc1-dev. Fixed that now + by adding libopensc2-dev. + Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on + libopensc1-dev + * Added the patch to fix alignment issues on Sparc, as upstream acknowledged + it and applied it to their development tree. + Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due + to request memory alignment issue + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 17 Apr 2006 14:53:37 +0100 + +openswan (1:2.4.5-1) unstable; urgency=low + + * New upstream release. This release adds support for patching newer kernel + versions. Verified that the patched kernel tree compiles with Debian + kernel sources 2.6.15-8 and 2.6.16-6. + Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15 + kernel + It also adds the patches for an IPSec/L2TP server behind a NAT. + Closes: #307529: More patches for openswan server behind NAT + Closes: #353792: openswan nat-t failure + And additionally there are (according to upstream changelogs) fixes for + running on SMP systems. If the following bug still persists (can not test + myself), then please reopen. + Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze + The patch to fix the snmpd crash is also in this upstream version (just + checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions + as well, so this might have been closed earlier. It's not mentioned in + upstream changelog, so I don't know exactly when it has been fixed. + Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference + when using snmpd + The ipsec.conf manual page has been updated to document connaddrfamily. + Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the + parameter "connaddrfamily" + * Acknowledge fixes in last NMU - thanks to Christian. + Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no + installation candidate + Closes: #356716: openswan: Incomplete clean when building + Closes: #316693: openswan_1/2.2.0-10 + Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation + * Enable building of XAUTH support. + * Import override files from /etc/default instead of /etc/sysconfig. This + uses dpatch, so now Build-Depend on it. + Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/, + please change to /etc/default/ + * Only ask if an existing certificate/private key pair should be used when + the user chose not to create a new key pair. Also mention, when asking to + create a new key pair, that an existing one can be used alternatively. + Closes: #298250: confusing debconf question about certificate creation + * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the + "make install" to the "make programs" call where it belongs. + Closes: #292838: openswan: Dynamic CRL fetching not supported + * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of + /usr/share/doc/openswan/doc/index.html, and only the latter one has links + to existing files. + Closes: #311613: openswan: html documentation links to the wrong place + Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html + Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html + * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and + vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport, + a second option is necessary for inet_(add|del)_protocol. This should + allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified + that it compiles with Debian 2.4.27-12 and vanilla 2.4.32. + Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on + sarge + Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27 + 2.4.27-11 + * Document in README.Debian that KLIPS for 2.4 kernels will not compile with + newer GCC versions and give a hint on how to use older versions with + make-kpkg. + * Kernel 2.6.8 is not properly supported and is horribly outdated by now. + If you really need to use 2.6.8, then please use the native 26sec IPSec + stack. For KLIPS support, use at least 2.6.12, or better 2.6.15. + Closes: #318136: kernel-patch-openswan: Problem applying + kernel-openswan-patch to kernel-source-2.6.8 + * Compress the modules source tree with bzip2 instead of gzip and thus + reduce the size of the openswan-modules-source package. + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 15 Apr 2006 21:36:36 +0100 + +openswan (1:2.4.4-3.1) unstable; urgency=high + + * Non-maintainer upload with maintainer's agreement + * Fix FTBFS by replacing the build dependency on libopensc1-dev to + libopensc2-dev. Closes: #352050 + * Really clean when building + Closes: #356716 + * Correct typos and English errors in templates + Unfuzzy translations + Closes: #316693 + * Swedish debconf templates translation added + Closes: #339390 + + -- Christian Perrier <bubulle@debian.org> Thu, 16 Mar 2006 06:10:05 +0100 + +openswan (1:2.4.4-3) unstable; urgency=low + + * Corrected PATCHNAME in the kernel-patch-openswan unpatch script. + Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script + but =freeswan in unpatch + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 27 Dec 2005 10:38:33 +0000 + +openswan (1:2.4.4-2) unstable; urgency=low + + * Build-depend on libkrb5-dev. + Closes: #344612: openswan: pluto has shared library dependency on + libkrb5support.so + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Dec 2005 11:22:17 +0000 + +openswan (1:2.4.4-1) unstable; urgency=high + + Reasoning for urgency high: DoS security issues. + * New upstream version. This is supposed to fix the other part of the DoS + problem. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 18 Nov 2005 19:23:49 +0000 + +openswan (1:2.4.3-1) unstable; urgency=high + + Reasoning for urgency high: DoS security issues. + * New upstream version. + Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation + problems / DoS + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 15 Nov 2005 15:49:44 +0000 + +openswan (1:2.4.0-3) unstable; urgency=low + + * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0 + package branch. Now again change the debconf depends to debconf | + debconf-2.0. + Closes: #332055: openswan depends on debconf without | debconf-2.0 + alternate; blocks cdebconf transition + * Also build-depend on the new libssl (>= 0.9.8-1) now to help the + transition. If you recompile this package for woody/sarge, you can safely + ignore this versioned build-dependency. No new API is needed this is just + for the ABI transition. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 10 Oct 2005 11:22:12 +0100 + +openswan (1:2.4.0-2) unstable; urgency=low + + * Module building has changed a bit for the new openswan upstream + releases (need additional files). Adapt the openswan-modules-source + package to that and also fix pfkey_v2.c to compile with kernel 2.4 + (patches sent to upstream for future inclusion). + Closes: #291274: Fails to build with 2.4.29: missing Makefile + Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + * Fix the postinst script (must have been a bash update that broke it). + Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a + valid identifier" + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 30 Sep 2005 18:11:28 +0100 + +openswan (1:2.4.0-1) unstable; urgency=low + + * New upstream release. This finally allows the Debian packages to be + updated since the regression from 2.2.X to 2.3.X has been fixed (pluto + crash with roadwarriors). Please be aware that pluto daemons from 2.2 or + 2.3 openswan release will still crash, so please update all your + installations as soon as possible. + Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior + comes in using 2.3.0 + This release also supports KLIPS with 2.6 kernels now. + Closes: #301801: kernel-patch-openswan: Fails to build with Debian + 2.6.10 source + #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + #318136: kernel-patch-openswan: Problem applying + kernel-openswan-patch to kernel-source-2.6.8 + * Fixed gcc 4 compile for fswcert (patch will be forwarded to upstream). + * Added Vietnamese debconf translation. + Closes: #316692: INTL:vi + * Introduced the epoch in this branch to allow automatic updates from the + previously downgraded 2.2 release. + * Edited the debian/copyright file to mention the shared GPL path and + removed old licenses (only refer to CREDITS now). + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 19 Sep 2005 13:40:30 +0100 + +openswan (2.3.1-1) unstable; urgency=high + + Urgency HIGH because openswan is an important package for testing (at least + in my opinion...). + * New upstream version. This update should fix the various crashes + that openswan 2.3.0 pluto was causing on other openswan boxes + (occured in the wild with 2.2.0 and 2.3.0, but might also happen + with others) in some cases. + Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior + comes in using 2.3.0 + * Adapt to the new way of building modules (which changed between upstream + version 2.2.0 and 2.3.0). openswan-modules-source should now build with + 2.4 and with 2.6 kernels (using make-kpkg). + Closes: #291274: Fails to build with 2.4.29: missing Makefile + Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o + not kernel modules + * Also enable building of 2.6 kernel modules in openswan-modules-source. + Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + * kernel-patch-openswan also needed some changes due to the new tree + layout (specifically the new Makefile.top). Now kernel-patch-openswan + has been enabled to work with kernel 2.6, so you can now get ipsecX + interfaces with kernel 2.6 (tested with vanilla 2.6.10)! + Closes: #301801 kernel-patch-openswan: Fails to build with Debian 2.6.10 + source + * There was no reply by the original bug submitter, so this really seemed + to be a toolchain problem. I can't reproduce this bug. + Closes: #283387: openswan: Fails to build on testing (Sarge) + * The build-dependency has already been updated from libcurl2-dev to + libcurl3-dev in package 2.3.0-1. Now updated it to + libcurl3-dev | libcurl2-dev so that backporting to woody is easier. + Closes: #298468 openswan fails to build on sarge due to missing + libcurl2-dev dependancy + * The same goes for libopensc*-dev. + * Fixed typos in the logcheck ignore files. + Closes: #298693: openswan: logcheck files - typo + * Updated debconf translations. + Closes: #290847: openswan: [INTL:fr] French debconf templates translation + Closes: #292077: [INTL:pt_BR] Please apply the attached patch in order to + update openswan's pt_BR debconf translation + Closes: #294202: [l10n] Czech po-debconf template translation (cs.po) + * Removed the source code for the fswcert utility from the debian/ dir in + the source package - it is now included in the upstream source under + programs/. + * Removed the conflicts with ike-server (still providing it though). + Closes: #297186: openswan: Remove conflict on ike-server + * Don't conflict with freeswan generally, but only with versions < 2.04-12. + (This is in preparation of the freeswan transition package that I am + working on.) + * Explicitly remove the execute permissions from /etc/ipsec.d/policies/*. + Closes: #298245: wrong permissions in /etc + * No longer need gawk for openswan scripts to work. This allows to finally + removed the awk-to-gawk hack in debian/rules and means that openswan no + longer depends on gawk. + * Enable the building of pluto code for dynamic URL fetching (which needs + libldap2-dev and libcurl3-dev) and the XAUTH PAM support. Therefore, we + now build-depend on libpam0g-dev. + Closes: #292838: openswan: Dynamic CRL fetching not supported + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 9 Apr 2005 17:56:16 +0200 + +openswan (2.3.0-2) unstable; urgency=HIGH + + Urgency HIGH due to security issue and problems with build-deps in sarge. + * Fix the security issue. Please see + http://www.idefense.com/application/poi/display?id=190& + type=vulnerabilities&flashstatus=false + or CAN-2005-0162 at + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162 + for more details. Thanks to Martin Schulze for informing me about this + issue. + Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability + * Added a Build-Dependency to lynx. + Closes: #291143: openswan: FTBFS: Missing build dependency. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 27 Jan 2005 16:10:11 +0100 + +openswan (2.3.0-1) unstable; urgency=low + + * New upstream release. + Important change: aes-sha1 is now the default proposal (but 3des-md5 is + still supported if the other side requests it). Please look at + /usr/share/doc/openswan/docs/RELEASE-NOTES for details. + * Includes KLIPS support for kernel 2.6 for the first time, but I have not + yet modified openswan-modules-source to cope with that. If somebody wants + to lend me a hand to address #273443, it would be more than welcome. + * This release includes a fix for the reported snmpd crash + (in ipsec_tunnel.c). Many thanks to Nate Carlson for pointing this out. + Closes: #261892: openswan: System crashes when snmpd runs at the same time + * Update Build-Depends from libopensc0-dev to libopensc1-dev. + Closes: #289600: openswan: can't fulfill the build dependencies + * Update Build-Depends from libcurl2-dev to libcurl3-dev. + * Include Japanese debconf translation and fix a typo in the master. + Closes: #288996: openswan: Japanese po-debconf template translation + (ja.po) and typo in template.pot + * Auto-apply the NAT Traversal patch with kernel-patch-openswan again. This + was changed by openswan (the freeswan version included the NAT-T patch + automatically). Thus, the patch is now applied before inserting the KLIPS + part. + * Include a ready-to-use NAT-T diff in the openswan-modules-source package + so that anybody who uses this package still has the option of using NAT + Traversal (though this means patching the kernel anyway, and kind of + makes the out-of-tree compilation senseless). However, Debian 2.4 series + kernels should already have NAT-T applied. + * Document the above two changes in the package descriptions and + README.Debian. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 13 Jan 2005 09:30:45 +0100 + +openswan (2.2.0-5) unstable; urgency=low + + * Added more explanations to README.Debian on how to build the kernel + modules with either openswan-modules-source or kernel-patch-openswan. + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 16 Oct 2004 13:11:48 +0200 + +openswan (2.2.0-4) unstable; urgency=medium + + Urgency medium to get this version into sarge - it fixes a bug that turned + up on some machines and prevented openswan from starting. + * no_oe.conf will work when there are spaces at the end, many thanks to + Hans Fugal for figuring that out! + Closes: #270012: openswan: Fails to start after Installation + (/etc/ipsec.d/examples/no_oe.conf problem?) + I am now sending this towards upstream so that it should hopefully get + fixed for the next release - it's a bit awkward for a config file. + * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key + is already present in ipsec.secrets and a new one is being created, a + needless line was printed. Silenced by adding -q to egrep. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 3 Oct 2004 20:57:22 +0200 + +openswan (2.2.0-3) unstable; urgency=low + + * Also added flex to Build-Depends, the new starter (replacement for + the init scripts, but not yet active) needs it to build. + Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing + build-depends + Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex' + * Adapted the rules file of openswan-modules-source to cope with the new + upstream source code - need to generate a C file from a template before + the ipsec module can be built. + Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c + neither created nor compiled + * Enabled the building of modular extensions (AES and cryptoapi) by default + for openswan-modules-source. Also enabled the AES cipher in addition to + 3DES (this is directly in the ipsec.o kernel module, the modular + extensions version is an alternative to this). + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 24 Sep 2004 12:38:47 +0200 + +openswan (2.2.0-2) unstable; urgency=low + + * Added bison to Build-Depends. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 23 Sep 2004 15:18:51 +0200 + +openswan (2.2.0-1) unstable; urgency=medium + + * New upstream version: + - Introduces AES support, which is the reason for urgency medium. AES + should definitly go into sarge. + - Adds RFC 3706 DPD (dead peer detection) support, see + /usr/share/doc/openswan/docs/README.DPD for details. + This adds the last missing piece (AES) to replace the freeswan package + completely. As of now, freeswan is officially unsupported and will soon + be removed from Debian. Please upgrade to openswan, which should not cause + any issues. Configuration files and certificates are completely compatible. + Closes: #270012: openswan: Fails to start after Installation + (/etc/ipsec.d/examples/no_oe.conf problem?) + I can no longer reproduce this problem on a fresh install of + 2.2.0-1. + Closes: #260120: openswan: Patch fixing #256391 breaks the autogenerated + certificate + The new X.509 patch included in this upstream release (no longer + patched by the Debian package) should fix this too. + Closes: #246828: /etc/ipsec.conf refers to invalid URLs + The default ipsec.conf file distributed by upstream no longer + refers to an URL. + * Fixed a thinko in the postinst script that prevented the correct insertion + of plain RSA keys into /etc/ipsec.secrets (i.e. not using X.509 + certificates). Fixed now. + Closes: #268742: openswan: Plain RSA key not successfully written to + ipsec.secrets + * Adapt to the new way of openswan handling the disabling of opportunistic + encryption. In the default ipsec.conf distributed with upstream openswan, + OE is now disabled (which changes the previous default). Adapted the + postinst script so that it can now enable and disable OE support based on + the debconf option. + Closes: #268743: openswan: fails to respect debconf OE setting + * Updated the French and Brazilian Portugese debconf translations. + Closes: #256457: openswan: [INTL:fr] French debconf templates translation + Closes: #264246: openswan: [INTL:pt_BR] Please use the attached Brazilian + Portuguese debconf template translation + * Patched debian/fswcert/fswcert.c to compile cleanly with gcc-3.4. Thanks + to Andreas Jochens for the patch! + Closes: #262663: openswan: FTBFS with gcc-3.4: label at end of compound + statement + * Documented how to build the KLIPS kernel part with either the + kernel-patch-openswan or the openswan-modules-source packages. + Closes: #246819: Needs documentation on how to build the kernel modules + * Bump Standards-Version to 3.6.1.0, no changes necessary. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 21 Sep 2004 18:13:52 +0200 + +openswan (2.1.5-1) unstable; urgency=medium + + * New upstream release, which fixes another potential security issue. + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Sun, 5 Sep 2004 18:00:40 +0200 + +openswan (2.1.3-1) unstable; urgency=HIGH + + Urgency high because of a possibly security issue. + * New upstream version. This includes the CRL fix form 2.1.1-5 and the + proper activation of NAT traversal in Makefile.inc. + Closes: #253457: Openswan: new upstream available that includes xauth + Closes: #253458: Openswan: new upstream available that includes xauth + Closes: #253461: Openswan: new upstream available + Closes: #253782: openswan: Should automatically load kernel module + xfrm_user + But I have currently not explicitly enabled xaut support in Makefile.inc, + quoting from there: "off by default, since XAUTH is tricky, and you can + get into security trouble". If it needs to be enabled to work, please tell + me and I will need to take a far closer look on it (and the involved + problems). + This new upstream version also fixes a possible security issue in the + X.509 certificate authentication. + * The last upload didn't seem to have hit the archives, strange... + However, the bugs are still fixed, closing them now. + Closes: #245450: openswan should not depend on + kernel-image-2.4 || kernel-image-2.6 + Closes: #246847: openswan: shouldn't conflict with ike-server + Closes: #246373: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 17 June 2004 12:22:45 +0200 + +openswan (2.1.1-5) unstable; urgency=low + + * Applied a patch from openswan CVS to fix CRL related crashes. + * Drop the dependency on kernels it works with - the package description + already says that it will need kernel support to work. This allows people + to easily use self-compiled kernels with the right support (e.g. 2.6.5). + Closes: #245450: openswan should not depend on + kernel-image-2.4 || kernel-image-2.6 + * While I'm at it, also replace the various Suggests: *freeswan* with + openswan. Oops. + * openswan conflicts with ike-server because only one ike-server can be + active at any given time (it will listen on UDP port 500). This policy + has been agreed to by all Debian IPSec package maintainers and implemented + in all ike-server providing packages. + Closes: #246847: openswan: shouldn't conflict with ike-server + * Took the debconf translations from the freeswan package and "ported" them + via debconf-updatepo. Thanks to Christian Perrier for mentioning that it + was this easy. + The templates should now be correct (all instances of FreeS/wan replaced + by Openswan). + Closes: #246373: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Tue, 18 May 2004 19:46:24 +0200 + +openswan (2.1.1-4) unstable; urgency=low + + * Fixed the kernel-patch-openswan apply script. + * Warning: Due to an upstream bug, pluto from this version will dump core + on certain CRLs. If you are hit by this bug, please report it directly to + upstream, they are still tracking the issue down. + + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Thu, 15 Apr 2004 09:50:32 +0200 + +openswan (2.1.1-3) unstable; urgency=low + + * Also build the openswan-modules-source and kernel-patch-openswan + packages now. + * Fixed _startklips in combination with the native IPSec stack - many thanks + to Nate Carlson for the patch. + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 19:33:49 +0200 + +openswan (2.1.1-2) unstable; urgency=low + + * Took the package as official maintainer. + * Updated all relevant packaging stuff to the level of freeswan 2.04-9, + including auto-generation of X.509 certificates and insertion in + ipsec.secrets. This also corrects the libexec path in some scripts. + + -- Rene Mayrhofer <rene@mayrhofer.eu.org> Wed, 31 Mar 2004 11:23:46 +0200 + +openswan (2.1.1-1) unstable; urgency=low + + * Initial version - packaging based on Rene Mayrhofer's + FreeS/WAN packaging + + -- Alexander List <alexlist@sbox.tu-graz.ac.at> Sun, 21 Mar 2004 21:47:53 +0100 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/changelog.debian b/debian/changelog.debian new file mode 100644 index 000000000..14b30ca82 --- /dev/null +++ b/debian/changelog.debian @@ -0,0 +1,10 @@ +freeswan (2.00) unstable; urgency=low + + This is a major update to the FreeS/WAN source tree to include the + debian packaging components. This version supports just the native + pieces of FreeS/WAN - no patches. + + The debian changelog is at changelog.debian. + + + diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..919875eab --- /dev/null +++ b/debian/control @@ -0,0 +1,69 @@ +Source: openswan +Section: net +Priority: optional +Maintainer: Rene Mayrhofer <rmayr@debian.org> +Standards-Version: 3.6.1.0 +Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev (>= 0.9.8-1), htmldoc, man2html, libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, lynx, dpatch, bzip2 + +Package: openswan +Architecture: any +Pre-Depends: debconf | debconf-2.0 +Depends: ${shlibs:Depends}, bsdmainutils, makedev | devfsd, debianutils (>=1.7), ipsec-tools, openssl, host, iproute +Suggests: openswan-modules-source | linux-patch-openswan, curl +Provides: ike-server +Conflicts: freeswan (<< 2.04-12) +Description: IPSEC utilities for Openswan + IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide + both authentication and encryption services. Authentication ensures that + packets are from the right sender and have not been altered in transit. + Encryption prevents unauthorised reading of packet contents. + . + This version of Openswan supports Opportunistic Encryption (OE) out of the + box. OE enables you to set up IPsec tunnels to a site without + co-ordinating with the site administrator, and without hand + configuring each tunnel. If enough sites support OE, a "FAX effect" + occurs, and many of us can communicate without eavesdroppers. + . + In addition to OE, you may manually configure secure tunnels through + untrusted networks. Everything passing through the untrusted net is + encrypted by the IPSEC gateway machine and decrypted by the gateway + at the other end. The result is Virtual Private Network or VPN. This + is a network which is effectively private even though it includes + machines at several different sites connected by the insecure Internet. + . + Please note that you will need a recent kernel (>=2.4.24 or 2.6.x) + for using this package. The standard Debian kernel includes both IPSEC + and crypto support, patching the kernel is no longer necessary! + . + If you want to use the KLIPS IPSec code for kernel modules instead of the + native ones, you will need to install either openswan-modules-source or + linux-patch-openswan and build the respective modules for your kernel. + +Package: openswan-modules-source +Architecture: all +Depends: coreutils | fileutils, debhelper, bzip2 +Recommends: kernel-package (>= 7.04), kernel-source +Suggests: openswan +Description: IPSEC kernel modules source for Openswan + This package contains the source for the Openswan modules to get the necessary + kernel support to use Openswan. + . + It includes the NAT Traversal patches, which will need to be applied to the + kernel tree if NAT Traversal is needed. + +Package: linux-patch-openswan +Architecture: all +Depends: coreutils | fileutils +Recommends: kernel-package (>= 7.04) +Suggests: openswan +Provides: kernel-patch-openswan +Replaces: kernel-patch-openswan +Description: IPSEC Linux kernel support for Openswan + This package contains the patches for the Linux kernel to get the necessary + kernel support to use Openswan. If you want to build a kernel module for + IPSec, it is much easier to use the openswan-modules-source package instead. + This kernel-patch package should probably only be used when building a + non-modular kernel or when compiling IPSec non-modular. + . + It includes the NAT Traversal patches and applies them automatically to the + kernel after inserting KLIPS. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..536550087 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,35 @@ +This package was debianized by Rene Mayrhofer <rene.mayrhofer@gibraltar.at> on +Thu, 10 Aug 2000 10:50:33 +0200. + +The Debian package was created from scratch with some hints taken from +previous freeswan packages by Tommi Virtanen and Aaron Johnson. +The upstream software was downloaded from http://www.freeswan.org/ + +After the FreeS/WAN folks decided to cease development, we used the forked +code base at http://www.openswan.org/. + +This project has multiple authors, please see the file CREDITS for details. +However, all of the code is DFSG-free and, since 2002-09-16, +the LICENSE file in the upstream distribution includes a special GPL addition +to allow linking with libdes (which contains and advertising clause). +This LICENSE file was added to the Debian package of freeswan version 1.98b +by me, but has been authorized by Michael Richardson of freeswan upstream +(who sent the file to a mailing list). + +The contents of this LICENSE file are: +------------------------------------------------------------------------------ +Except for the DES library, this software is under the GNU Public License, +see the file COPYING. + +The DES library is under a BSD style license, see + linux/crypto/ciphers/des/COPYRIGHT. +Note that this software has a advertising clause in it. + +In addition to the terms set out under the GPL, permission is granted to +link the software against the libdes library just mentioned. +------------------------------------------------------------------------------ + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +Rene Mayrhofer, 2005-09-27 diff --git a/debian/doc-base b/debian/doc-base new file mode 100644 index 000000000..5e20233cc --- /dev/null +++ b/debian/doc-base @@ -0,0 +1,10 @@ +Document: openswan +Title: Openswan documentation +Author: The Openswan project +Abstract: This is a comprehensive document which describes what IPSEC + is, how it works, and the Openswan IPSEC implementation. +Section: Apps/System + +Format: HTML +Index: /usr/share/doc/openswan/doc/index.html +Files: /usr/share/doc/openswan/doc/*.html diff --git a/debian/info b/debian/info new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/debian/info diff --git a/debian/ipsec.secrets.proto b/debian/ipsec.secrets.proto new file mode 100644 index 000000000..33441c0ed --- /dev/null +++ b/debian/ipsec.secrets.proto @@ -0,0 +1,8 @@ +# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $ +# This file holds shared secrets or RSA private keys for inter-Pluto +# authentication. See ipsec_pluto(8) manpage, and HTML documentation. + +# RSA private key for this host, authenticating it to any other host +# which knows the public part. Suitable public keys, for ipsec.conf, DNS, +# or configuration of other implementations, can be extracted conveniently +# with "ipsec showhostkey". diff --git a/debian/linux-patch-openswan.apply b/debian/linux-patch-openswan.apply new file mode 100644 index 000000000..107cdb0e7 --- /dev/null +++ b/debian/linux-patch-openswan.apply @@ -0,0 +1,46 @@ +#! /bin/sh +# +# (C) 1998 Manoj Srivastava & Eric Delaunay. + +set -e + +ARCHITECTURE=all +PATCHNAME=openswan +PATCHDIR=/usr/src/kernel-patches/$ARCHITECTURE/openswan +#PATCHDIR=`dirname $0`/../$PATCHNAME + +if ! test -d kernel -a -d Documentation ; then + echo "Not in kernel top level directory. Exiting" >&2 + exit 1 +fi + +if test -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME ; then + exit 0 # patch already applied +fi + +rm -rf net/ipsec +KERNELDIR=`pwd` + +# apply the NAT-T patch first (if it applies...) +echo "Applying NAT Traversal patch to networking subsystem." +if make -C "$PATCHDIR" -f Makefile nattpatch \ + | patch -p1 --dry-run >/dev/null; then + make -C "$PATCHDIR" -f Makefile nattpatch \ + | patch -p1 +else + echo "The patch does not apply cleanly, skipping it. Please check manually" + echo "if your kernel already supports NAT Traversal (Debian kernel sources" + echo "might already be patched to do so)." +fi + +echo "Inserting KLIPS into kernel." +make -C "$PATCHDIR" -f Makefile kpatch \ + KERNELSRC="$KERNELDIR"\ + PATCHER="./patcher" +make -C "$PATCHDIR" -f Makefile klink \ + KERNELSRC="$KERNELDIR"\ + KLIPSLINK="cp -a" +make -C "$PATCHDIR" -f Makefile klipsdefaults \ + KERNELSRC="$KERNELDIR" + +mkdir -p debian && touch debian/APPLIED_${ARCHITECTURE}_$PATCHNAME diff --git a/debian/linux-patch-openswan.dirs b/debian/linux-patch-openswan.dirs new file mode 100644 index 000000000..57f41cb32 --- /dev/null +++ b/debian/linux-patch-openswan.dirs @@ -0,0 +1,3 @@ +usr/src/kernel-patches/all/apply +usr/src/kernel-patches/all/unpatch +usr/src/kernel-patches/all/openswan diff --git a/debian/linux-patch-openswan.docs b/debian/linux-patch-openswan.docs new file mode 100644 index 000000000..e61535265 --- /dev/null +++ b/debian/linux-patch-openswan.docs @@ -0,0 +1,2 @@ +CREDITS +debian/README.Debian diff --git a/debian/linux-patch-openswan.unpatch b/debian/linux-patch-openswan.unpatch new file mode 100644 index 000000000..2fca79aa6 --- /dev/null +++ b/debian/linux-patch-openswan.unpatch @@ -0,0 +1,39 @@ +#! /bin/sh +# +# (C) 1998 Manoj Srivastava & Eric Delaunay. + +set -e + +ARCHITECTURE=all +PATCHNAME=openswan +PATCHDIR=/usr/src/kernel-patches/$ARCHITECTURE/openswan +#PATCHDIR=`dirname $`/../$PATCHNAME + +if ! test -d kernel -a -d Documentation ; then + echo "Not in kernel top level directory. Exiting" >&2 + exit 1 +fi + +if ! test -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME ; then + exit 0 # no need to remove a non existent patch +fi + +rm -rf net/ipsec +patchedfiles=`find . -name "*.preipsec" -type f` +for f in $patchedfiles; do + origname=`expr "$f" : '\(.*\)\.preipsec$'` + echo "Restoring $origname from $f" + mv $f $origname +done + +removefiles=`find . -name "*.ipsecmd5" -type f` +removefiles="$removefiles `find . -name "*.wipsec" -type f`" +for f in $removefiles; do + echo "Removing $f" + rm $f +done + +rm -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME +[ -d debian ] && ( rmdir -p debian || true ) + +exit 0 diff --git a/debian/logcheck.ignore.paranoid b/debian/logcheck.ignore.paranoid new file mode 100644 index 000000000..ca6c97dde --- /dev/null +++ b/debian/logcheck.ignore.paranoid @@ -0,0 +1,20 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: regenerating DH private secret diff --git a/debian/logcheck.ignore.server b/debian/logcheck.ignore.server new file mode 100644 index 000000000..7ab04c524 --- /dev/null +++ b/debian/logcheck.ignore.server @@ -0,0 +1,25 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: added connection description +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: .* SA established +pluto.*: .* SA expired +pluto.*: replacing stale .* SA +pluto.*: initiating Quick Mode +pluto.*: regenerating DH private secret diff --git a/debian/logcheck.violations.ignore b/debian/logcheck.violations.ignore new file mode 100644 index 000000000..1a190fc28 --- /dev/null +++ b/debian/logcheck.violations.ignore @@ -0,0 +1 @@ +ipsec_setup: KLIPS debug `none' diff --git a/debian/openswan-modules-source.control.in b/debian/openswan-modules-source.control.in new file mode 100644 index 000000000..7e5aa5307 --- /dev/null +++ b/debian/openswan-modules-source.control.in @@ -0,0 +1,13 @@ +Section: net +Priority: optional +Maintainer: $KMAINT <$KEMAIL> +Build-Depends: debhelper (>= 4) +Standards-Version: 3.6.0 +Source: openswan + +Package: openswan-modules-$KVERS +Architecture: any +Recommends: kernel-image-$KVERS (= $KDREV) +Description: IPSEC kernel modules for Openswan (binary kernel modules) + This package contains the openswan binary kernel modules for linux + version $KVERS. diff --git a/debian/openswan-modules-source.dirs b/debian/openswan-modules-source.dirs new file mode 100644 index 000000000..531fa90c3 --- /dev/null +++ b/debian/openswan-modules-source.dirs @@ -0,0 +1 @@ +/usr/src/ diff --git a/debian/openswan-modules-source.docs b/debian/openswan-modules-source.docs new file mode 100644 index 000000000..e61535265 --- /dev/null +++ b/debian/openswan-modules-source.docs @@ -0,0 +1,2 @@ +CREDITS +debian/README.Debian diff --git a/debian/openswan-modules-source.kernel-config b/debian/openswan-modules-source.kernel-config new file mode 100644 index 000000000..16727d166 --- /dev/null +++ b/debian/openswan-modules-source.kernel-config @@ -0,0 +1,110 @@ +#ifndef _CONFIG_ALL_H_ +/* + * Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> + * + * This kernel module is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This kernel module is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + * + * RCSID $Id: openswan-modules-source.kernel-config,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $ + */ +#define _CONFIG_ALL_H_ /* seen it, no need to see it again */ + +#define CONFIG_IPSEC 1 + +#ifndef CONFIG_IPSEC_AH +#define CONFIG_IPSEC_AH 1 +#endif + +#ifndef CONFIG_IPSEC_DEBUG +#define CONFIG_IPSEC_DEBUG 1 +#endif + +#ifndef CONFIG_IPSEC_ESP +#define CONFIG_IPSEC_ESP 1 +#endif + +#ifndef CONFIG_IPSEC_IPCOMP +#define CONFIG_IPSEC_IPCOMP 1 +#endif + +#ifndef CONFIG_IPSEC_IPIP +#define CONFIG_IPSEC_IPIP 1 +#endif + +#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 +#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 +#endif + +#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 +#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 +#endif + +#ifndef CONFIG_IPSEC_DYNDEV +#define CONFIG_IPSEC_DYNDEV 1 +#endif + +#ifndef CONFIG_IPSEC_ENC_3DES +#define CONFIG_IPSEC_ENC_3DES 1 +#endif + +#ifndef CONFIG_IPSEC_ENC_AES +#define CONFIG_IPSEC_ENC_AES 1 +#endif + +#ifndef CONFIG_IPSEC_REGRESS +#define CONFIG_IPSEC_REGRESS 0 +#endif + +#ifndef CONFIG_IPSEC_NAT_TRAVERSAL +#define CONFIG_IPSEC_NAT_TRAVERSAL 1 +#endif + +#ifndef CONFIG_IPSEC_ALG +#define CONFIG_IPSEC_ALG 1 +#endif +#ifndef CONFIG_IPSEC_ALG_AES +#define CONFIG_IPSEC_ALG_AES 1 +#endif +#ifndef CONFIG_IPSEC_ALG_TWOFISH +#define CONFIG_IPSEC_ALG_TWOFISH 1 +#endif +#ifndef CONFIG_IPSEC_ALG_BLOWFISH +#define CONFIG_IPSEC_ALG_BLOWFISH 1 +#endif +#ifndef CONFIG_IPSEC_ALG_SERPENT +#define CONFIG_IPSEC_ALG_SERPENT 1 +#endif +#ifndef CONFIG_IPSEC_ALG_3DES +#define CONFIG_IPSEC_ALG_3DES 1 +#endif +#ifndef CONFIG_IPSEC_ALG_CAST +#define CONFIG_IPSEC_ALG_CAST 1 +#endif +#ifndef CONFIG_IPSEC_ALG_MD5 +#define CONFIG_IPSEC_ALG_MD5 1 +#endif +#ifndef CONFIG_IPSEC_ALG_NULL +#define CONFIG_IPSEC_ALG_NULL 1 +#endif +#ifndef CONFIG_IPSEC_ALG_SHA1 +#define CONFIG_IPSEC_ALG_SHA1 1 +#endif +#ifndef CONFIG_IPSEC_ALG_SHA2 +#define CONFIG_IPSEC_ALG_SHA2 1 +#endif + +#ifndef CONFIG_IPSEC_ALG_CRYPTOAPI +#define CONFIG_IPSEC_ALG_CRYPTOAPI 1 +#endif +#ifndef CONFIG_IPSEC_ALG_NON_LIBRE +#define CONFIG_IPSEC_ALG_NON_LIBRE 1 +#endif + +#endif /* _CONFIG_ALL_H */ diff --git a/debian/openswan-modules-source.rules b/debian/openswan-modules-source.rules new file mode 100755 index 000000000..f31746de1 --- /dev/null +++ b/debian/openswan-modules-source.rules @@ -0,0 +1,150 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=4 + +VERS = $(shell sed -ne '1s/.*(\(.*\)).*/\1/p' debian/changelog) + +# KSRC is the location of the kernel source. This is the default value, +# when make-kpkg is used it will supply to real value +KSRC = /usr/src/linux + +# KDREV is the package-revision, as given to make-kpkg by the user. +# Just put a simply default value in here which we use when we test +# the packagebuilding without make-kpkg +KDREV = "Custom.1.00" + +# Separate the epoch from the normal revision number in KDREV +# for use with dh_gencontrol +KDREV_EPOCH = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\1/p') +KDREV_REV = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\2/p') + +# Now we need to get the kernel-version somehow +KVERS=`sed -n -e '/UTS_RELEASE/s/^[^"]*"\([^"]*\)".*$$/\1/p' $(KSRC)/include/linux/version.h` + +SED_SCRIPT=s!\$$KVERS!$(KVERS)!g; \ + s!\$$KSRC!$(KSRC)!; \ + s!\$$KEMAIL!$(KEMAIL)!; \ + s!\$$KMAINT!$(KMAINT)!; \ + s!\$$KDREV!$(KDREV)!; \ + s!\$$DEBDATE!$(shell date +"%a, %d %b %Y %H:%M:%S %z")! + +ifeq ($(DEB_DEST),) +DEB_DEST=$(KSRC)/.. +endif + +# Clear root command if already root +ifeq ($(shell id -u),0) +ROOT_CMD= +endif + +# this primarily sets ARCH, we may be able to do that in another way +# but it also defines IPSECVERSION, which is needed below +include Makefile.inc + +debian/control: debian/control.in + sed -e "$(SED_SCRIPT)" debian/control.in > $@ + +.PHONY: debian/control + + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + +build: debian/control configure-stamp build-stamp +build-stamp: + dh_testdir + + $(MAKE) module KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + $(MAKE) modclean KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR) + + dh_clean + + rm -f debian/control + +MODDESTDIR=$(CURDIR)/debian/openswan-modules-$(KVERS)/lib/modules/$(KVERS)/kernel/net/ipsec +install: +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + mkdir -p $(MODDESTDIR) + if [ -d modobj ]; then \ + cp modobj/ipsec.o $(MODDESTDIR); \ + cp modobj/ipsec_alg_*.o $(MODDESTDIR); \ + else \ + cp modobj26/ipsec.ko $(MODDESTDIR); \ + fi + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot +# dh_installdebconf + dh_installdocs + dh_installexamples + dh_installmenu +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit + dh_installmodules + dh_installcron + dh_installman + dh_installinfo +# dh_undocumented + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol -- -v$(KDREV_EPOCH)$(VERS)+$(KDREV_REV) + dh_md5sums + dh_builddeb --destdir=$(DEB_DEST) + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure + +binary-modules: binary + + +kdist_image: + $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules + $(ROOT_CMD) $(MAKE) -f debian/rules clean +kdist_clean: debian/control clean +kdist: + $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules +kdist_configure: configure-stamp + + +.PHONY: binary-modules kdist_image + diff --git a/debian/openswan.config b/debian/openswan.config new file mode 100644 index 000000000..e779a2ab1 --- /dev/null +++ b/debian/openswan.config @@ -0,0 +1,57 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +db_input medium openswan/start_level || true + +db_input medium openswan/restart || true + +db_input high openswan/enable-oe || true + +db_input high openswan/create_rsa_key || true +db_go || true + +db_get openswan/create_rsa_key +if [ "$RET" = "true" ]; then + db_input high openswan/rsa_key_type || true + db_go || true + + db_get openswan/rsa_key_type + if [ "$RET" = "plain" ]; then + # create just a plain RSA keypair + db_input medium openswan/rsa_key_length || true + db_go || true + else + # extract the RSA keypair from a x509 certificate + db_input high openswan/existing_x509_certificate || true + db_go || true + + # create a new certificate + db_input medium openswan/rsa_key_length || true + db_input high openswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium openswan/x509_country_code || true + db_go || true + db_get openswan/x509_country_code + countrycode="$RET" + done + db_input medium openswan/x509_state_name || true + db_input medium openswan/x509_locality_name || true + db_input medium openswan/x509_organization_name || true + db_input medium openswan/x509_organizational_unit || true + db_input medium openswan/x509_common_name || true + db_input medium openswan/x509_email_address || true + db_go || true + fi +else + db_get openswan/existing_x509_certificate + if [ "$RET" = "true" ]; then + # existing certificate - use it + db_input critical openswan/existing_x509_certificate_filename || true + db_input critical openswan/existing_x509_key_filename || true + db_go || true + fi +fi diff --git a/debian/openswan.dirs b/debian/openswan.dirs new file mode 100644 index 000000000..778085209 --- /dev/null +++ b/debian/openswan.dirs @@ -0,0 +1,15 @@ +/etc +/etc/ipsec.d +/etc/ipsec.d/cacerts +/etc/ipsec.d/ocspcerts +/etc/ipsec.d/crls +/etc/ipsec.d/private +/etc/ipsec.d/policies +/etc/init.d +/etc/logcheck/ignore.d.paranoid +/etc/logcheck/ignore.d.server +/etc/logcheck/ignore.d.workstation +/etc/logcheck/violations.ignore.d +/usr/bin +/usr/sbin +/var/lock/subsys diff --git a/debian/openswan.docs b/debian/openswan.docs new file mode 100644 index 000000000..e206d4729 --- /dev/null +++ b/debian/openswan.docs @@ -0,0 +1,5 @@ +BUGS +README +CREDITS +doc/ +docs/ diff --git a/debian/openswan.postinst b/debian/openswan.postinst new file mode 100644 index 000000000..7d9b19b4b --- /dev/null +++ b/debian/openswan.postinst @@ -0,0 +1,258 @@ +#! /bin/bash +# postinst script for openswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +insert_private_key() { + cat <<EOF >> /etc/ipsec.secrets +: RSA { +$1 + } +EOF +} + +insert_private_key_filename() { + if ! grep -q ": RSA $1" /etc/ipsec.secrets; then + echo ": RSA $1" >> /etc/ipsec.secrets + fi +} + +IPSEC_SECRETS_PATTERN_1=': RSA {' +IPSEC_SECRETS_PATTERN_2=' # yyy' +IPSEC_SECRETS_PATTERN_3=' }' +IPSEC_SECRETS_PATTERN_4='# do not change the indenting of that "}"' + +# remove old, misguided attempts at a default ipsec.secrets files +repair_legacy_secrets() { + if grep -A 2 "$IPSEC_SECRETS_PATTERN_1" /etc/ipsec.secrets | + tail --lines=2 | + grep -A 1 "$IPSEC_SECRETS_PATTERN_2" | + tail --lines=1 | + grep "$IPSEC_SECRETS_PATTERN_3" >/dev/null; then + echo "Old default config file detected, removing the old defaults now." + umask 077 ; ( + # this is ugly, and someone maybe can formulate this in sed, but + # this was the quickest way for me + line=`grep -n "$IPSEC_SECRETS_PATTERN_2" /etc/ipsec.secrets | cut -d':' -f1` + until=`expr $line - 1` + head -n $until /etc/ipsec.secrets + sum=`wc -l /etc/ipsec.secrets | cut -d ' ' -f1` + from=`expr $sum - $line -1` + tail -n $from /etc/ipsec.secrets + ) > /etc/ipsec.secrets.tmp + mv /etc/ipsec.secrets.tmp /etc/ipsec.secrets + grep -v "$IPSEC_SECRETS_PATTERN_4" /etc/ipsec.secrets > /etc/ipsec.secrets.tmp + mv /etc/ipsec.secrets.tmp /etc/ipsec.secrets + fi +} + +make_x509_cert() { + if [ $# -ne 12 ]; then + echo "Error in creating X.509 certificate" + exit 1 + fi + + case $5 in + false) + certreq=$4.req + selfsigned="" + ;; + true) + certreq=$4 + selfsigned="-x509" + ;; + *) + echo "Error in creating X.509 certificate" + exit 1 + ;; + esac + + echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ + /usr/bin/openssl req -new -outform PEM -out $certreq \ + -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ + -days $2 $selfsigned >/dev/null +} + +. /usr/share/debconf/confmodule + +case "$1" in + configure) + db_get openswan/create_rsa_key + if [ "$RET" = "true" ]; then + repair_legacy_secrets + # OK, ipsec.secrets should now be correct + db_get openswan/rsa_key_type + if [ "$RET" = "plain" ]; then + # a RSA keypair should be created - check if there is one already + if egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then + echo "Warning: there is already a RSA key in /etc/ipsec.secrets." + echo "Creating an additional one." + fi + # create a plain openswan keypair + db_get openswan/rsa_key_length + umask 077 + keylength=$RET + privkey=`mktemp /tmp/ipsec-postinst.XXXXXX` + /usr/lib/ipsec/rsasigkey $keylength > $privkey + insert_private_key "`cat $privkey`" + rm $privkey + echo "Successfully created a plain openswan RSA keypair." + else + # extract the key from a (newly created) x509 certificate + host=`hostname` + newkeyfile="/etc/ipsec.d/private/${host}Key.pem" + newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" + if [ -e $newcertfile -o -e $newkeyfile ]; then + echo "Error: $newcertfile or $newkeyfile already exists." + echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." + else + # create a new certificate + db_get openswan/rsa_key_length + keylength=$RET + db_get openswan/x509_self_signed + selfsigned=$RET + db_get openswan/x509_country_code + countrycode=$RET + if [ -z "$countrycode" ]; then countrycode="."; fi + db_get openswan/x509_state_name + statename=$RET + if [ -z "$statename" ]; then statename="."; fi + db_get openswan/x509_locality_name + localityname=$RET + if [ -z "$localityname" ]; then localityname="."; fi + db_get openswan/x509_organization_name + orgname=$RET + if [ -z "$orgname" ]; then orgname="."; fi + db_get openswan/x509_organizational_unit + orgunit=$RET + if [ -z "$orgunit" ]; then orgunit="."; fi + db_get openswan/x509_common_name + commonname=$RET + if [ -z "$commonname" ]; then commonname="."; fi + db_get openswan/x509_email_address + email=$RET + if [ -z "$email" ]; then email="."; fi + make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" + chmod 0600 "$newkeyfile" + umask 077 + insert_private_key_filename "$newkeyfile" + echo "Successfully created x509 certificate." + fi + fi + else + db_get openswan/existing_x509_certificate + if [ "$RET" = "true" ]; then + if [ -e $newcertfile -o -e $newkeyfile ]; then + echo "Error: $newcertfile or $newkeyfile already exists." + echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." + else + # existing certificate - use it + db_get openswan/existing_x509_certificate_filename + certfile=$RET + db_get openswan/existing_x509_key_filename + keyfile=$RET + if [ ! -r $certfile ] || [ ! -r $keyfile ]; then + echo "Either the certificate or the key file could not be read !" + else + cp "$certfile" /etc/ipsec.d/certs + umask 077 + cp "$keyfile" "/etc/ipsec.d/private" + newkeyfile="/etc/ipsec.d/private/`basename $keyfile`" + chmod 0600 "$newkeyfile" + insert_private_key_filename "$newkeyfile" + echo "Successfully extracted RSA key from existing x509 certificate." + fi + fi + fi + fi + + # figure out the correct start time + db_get openswan/start_level + if [ "$RET" = "earliest" ]; then + LEVELS="start 41 S . stop 34 0 6 ." + elif [ "$RET" = "after NFS" ]; then + LEVELS="start 15 2 3 4 5 . stop 30 0 1 6 ." + else + LEVELS="start 21 2 3 4 5 . stop 19 0 1 6 ." + fi + update-rc.d ipsec $LEVELS > /dev/null + + db_get openswan/enable-oe + if [ "$RET" != "true" ]; then + echo -n "Disabling opportunistic encryption (OE) in config file ... " + if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then + echo "already disabled" + else + cat <<EOF >> /etc/ipsec.conf +#Disable Opportunistic Encryption +include /etc/ipsec.d/examples/no_oe.conf +EOF + echo "done" + fi + else + echo -n "Enabling opportunistic encryption (OE) in config file ... " + if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then + sed 's/include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/no_oe.conf/' < /etc/ipsec.conf > /etc/ipsec.conf.tmp + mv /etc/ipsec.conf.tmp /etc/ipsec.conf + echo "done" + else + echo "already enabled" + fi + fi + + if [ -z "$2" ]; then + # no old configured version - start openswan now + invoke-rc.d ipsec start || true + else + # does the user wish openswan to restart? + db_get openswan/restart + if [ "$RET" = "true" ]; then + invoke-rc.d ipsec restart || true # sure, we'll restart it for you + fi + fi + + db_stop + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically + +#DEBHELPER# + +exit 0 diff --git a/debian/openswan.postrm b/debian/openswan.postrm new file mode 100644 index 000000000..f5aa182f1 --- /dev/null +++ b/debian/openswan.postrm @@ -0,0 +1,42 @@ +#! /bin/sh +# postrm script for openswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + # update the menu system +# if [ -x /usr/bin/update-menus ]; then update-menus; fi + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +if [ "$1" = "purge" ] ; then + update-rc.d ipsec remove >/dev/null +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + + diff --git a/debian/openswan.prerm b/debian/openswan.prerm new file mode 100644 index 000000000..de804d5cb --- /dev/null +++ b/debian/openswan.prerm @@ -0,0 +1,40 @@ +#! /bin/sh +# prerm script for openswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <prerm> `remove' +# * <old-prerm> `upgrade' <new-version> +# * <new-prerm> `failed-upgrade' <old-version> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> +# * <deconfigured's-prerm> `deconfigure' `in-favour' +# <package-being-installed> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + upgrade) + ;; + remove|deconfigure) + /etc/init.d/ipsec stop || true +# install-info --quiet --remove /usr/info/openswan.info.gz + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openswan.templates b/debian/openswan.templates new file mode 100644 index 000000000..6f75e1ef4 --- /dev/null +++ b/debian/openswan.templates @@ -0,0 +1,633 @@ +Template: openswan/start_level +Type: select +Choices: earliest, "after NFS", "after PCMCIA" +Choices-fr: Le plus tt possible, Aprs NFS, Aprs PCMCIA +Choices-ja: ǽʸ¤, "NFS ư", "PCMCIA ư" +Choices-pt_BR: o quando antes, "depois do NFS", "depois do PCMCIA" +Default: earliest +Description: At which level do you wish to start Openswan ? + With the current Debian startup levels (nearly everything starting in + level 20), it is impossible for Openswan to always start at the correct + time. There are three possibilities when Openswan can start: before or + after the NFS services and after the PCMCIA services. The correct answer + depends on your specific setup. + . + If you do not have your /usr tree mounted via NFS (either you only mount + other, less vital trees via NFS or don't use NFS mounted trees at all) and + don't use a PCMCIA network card, then it is the best to start Openswan at + the earliest possible time, thus allowing the NFS mounts to be secured by + IPSec. In this case (or if you don't understand or care about this + issue), answer "earliest" to this question (the default). + . + If you have your /usr tree mounted via NFS and don't use a PCMCIA network + card, then you will need to start Openswan after NFS so that all + necessary files are available. In this case, answer "after NFS" to this + question. Please note that the NFS mount of /usr can not be secured by + IPSec in this case. + . + If you use a PCMCIA network card for your IPSec connections, then you only + have to choice to start it after the PCMCIA services. Answer "after + PCMCIA" in this case. This is also the correct answer if you want to fetch + keys from a locally running DNS server with DNSSec support. +Description-fr: tape de lancement d'Openswan: + Avec les niveaux de dmarrage actuellement utiliss par Debian (presque + tout dmarre au niveau 20), il est impossible de faire en sorte + qu'Openswan dmarre toujours au moment appropri. Il existe trois moments + o il est opportun de le dmarrer: avant ou aprs les services NFS ou + aprs les services PCMCIA. La rponse approprie dpend de vos rglages + spcifiques. + . + Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos + montages NFS sont d'autres endroits, moins critiques, soit parce que + vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de + carte rseau PCMCIA, il est prfrable de dmarrer Openswan le plus tt + possible, ce qui permettra de scuriser les montages NFS avec IPSec. Dans + ce cas (ou bien si vous ne comprenez pas l'objet de la question ou qu'elle + ne vous concerne pas), choisissez le plus tt possible, qui est le + choix par dfaut. + . + Si /usr est un montage NFS et que vous n'utilisez pas de carte rseau + PCMCIA, vous devrez alors dmarrer Openswan aprs les services NFS afin + que tous les fichiers ncessaires soient disponibles. Dans ce cas, + choisissez aprs NFS. Veuillez noter que le montage NFS de /usr n'est + alors pas scuris par IPSec. + . + Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul + choix possible est le dmarrage aprs les services PCMCIA. Choisissez + alors aprs PCMCIA. Faites galement ce choix si vous souhaitez + rcuprer les cls d'authentification sur un serveur DNS reconnaissant + DNSSec. +Description-ja: ɤʳ Openswan ưޤ? + ߤ Debian Ǥεư٥ (ۤȤƤ٥20) ΤޤޤǤϡOpenswan + ˤŬڤʥߥǵưǤޤOpenswan + ư륿ߥȤƤ3Ĥͤޤ: NFS + ӥγϸ塦PCMCIA + ӥγϸǤϤʤ꼡Ǥ + . + NFS ͳ /usr ޥȤ + (¾Υѡƥ䤢ޤפǤϤʤѡƥ NFS + ͳǥޥȤ뤫ޤ NFS ޥȤȤʤ)ä PCMCIA + ͥåȥɤѤƤʤ硢ǽʸ¤ᤤ֤ Openswan + ưΤ٥ȤǤˤäơNFS ǤΥޥȤ IPSec + ݸޤξ + (ޤϤƤʤä˵ˤʤ) + "ǽʸ¤"ȼƤ (ɸ) + . + NFS ͳ /usr ޥȤƤ PCMCIA + ͥåȥɤѤƤʤϡɬפʥեѲǽˤ뤿 + Openswan NFS θǵưʤФʤޤξ硢"NFS ư" + Ƥλ NFS ͳǥޥȤ /usr ϡIPSec + ˤ륻奢ʾ֤ˤϤʤʤȤȤդƤ + . + IPSec ³ PCMCIA ͥåȥɤѤƤ硢PCMCIA + ӥεư Openswan + ưʳϤޤξ硢"PCMCIA ư" + ƤưƤ DNSSec ǽѤƤ DNS + Ф鸰Ǥ⡢Ƥ +Description-pt_BR: Em que nvel voc deseja iniciar o Openswan ? + Com os nveis de inicializao atuais do Debian (quase todos os servios + iniciando no nvel 20) impossvel para o Openswan sempre iniciar no + momento correto. Existem trs possibilidades para quando iniciar o + Openswan : antes ou depois dos servios NFS e depois dos servios PCMCIA. + A resposta correta depende se sua configurao especfica. + . + Caso voc no possua sua rvore /usr montada via NFS (voc somente monta + outras rvores no vitais via NFS ou no usa rvores montadas via NFS) e + no use um carto de rede PCMCIA, a melhor opo iniciar o Openswan o + quando antes, permitindo dessa forma que os pontos de montagem NFS estejam + protegidos por IPSec. Nesse caso (ou caso voc no compreenda ou no se + importe com esse problema), responda "o quando antes" para esta pergunta + (o que o padro). + . + Caso voc possua sua rvore /usr montada via NFS e no use um carto de + rede PCMCIA, voc precisar iniciar o Openswan depois do NFS de modo que + todos os arquivos necessrios estejam disponveis. Nesse caso, responda + "depois do NFS" para esta pergunta. Por favor, note que a montagem NFS de + /usr no poder ser protegida pelo IPSec nesse caso. + . + Caso voc use um carto de rede PCMCIA para suas conexes IPSec voc + precisar somente optar por iniciar o Opensan depois dos servios PCMCIA. + Responda "depois do PCMCIA" nesse caso. Esta tambm a maneira correta de + obter chaves de um servidor DNS sendo executado localmente e com suporte a + DNSSec. + +Template: openswan/restart +Type: boolean +Default: true +Description: Do you wish to restart Openswan? + Restarting Openswan is a good idea, since if there is a security fix, it + will not be fixed until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However this might take down + existing connections and then bring them back up. +Description-fr: Souhaitez-vous redmarrer Openswan? + Redmarrer Openswan est prfrable car un ventuel correctif de scurit + ne prendra place que si le dmon est redmarr. La plupart des + utilisateurs s'attendent ce que le dmon redmarre et c'est donc le plus + souvent le meilleur choix. Cependant, cela pourrait interrompre + provisoirement des connexions en cours. +Description-ja: Openswan Ƶưޤ? + ƥäˤϥǡƵưޤǽȿǤޤΤᡢOpenswan + ƵưΤɤͤǤۤȤɤοͤϥǡƵư褦ȤޤꤢޤκȤǸߤ³Ǥ졢ٷҤʤȤˤʤޤ +Description-pt_BR: Voc deseja reiniciar o Openswan ? + Reiniciar o Openswan uma boa idia, uma vez que caso exista um correo + para uma falha de segurana, o mesmo no ser corrigido at que o daemon + seja reiniciado. A maioria das pessoas esperam que o daemon seja + reiniciado, portanto essa geralmente uma boa idia. Porm, reiniciar o + Openswan pode derrubar conexes existentes, mas posteriormente traz-las + de volta. + +Template: openswan/create_rsa_key +Type: boolean +Default: true +Description: Do you want to create a RSA public/private keypair for this host ? + This installer can automatically create a RSA public/private keypair for + this host. This keypair can be used to authenticate IPSec connections to + other hosts and is the preferred way for building up secure IPSec + connections. The other possibility would be to use shared secrets + (passwords that are the same on both sides of the tunnel) for + authenticating an connection, but for a larger number of connections RSA + authentication is easier to administrate and more secure. +Description-fr: Souhaitez-vous crer une paire de cls RSA publique et prive pour cet hte? + Cet outil d'installation peut crer automatiquement une paire de cls RSA + publique et prive pour cet hte. Cette paire de cls peut servir + authentifier des connexions IPSec vers d'autres htes. Cette mthode est + la mthode conseille pour l'tablissement de liaisons IPSec sres. + L'autre possibilit d'authentification la connexion est l'utilisation + d'un secret partag (pre-shared key: des mots de passe identiques aux + deux extrmits du tunnel). Toutefois, pour de nombreuses connexions, + l'authentification RSA est plus simple administrer et plus sre. +Description-ja: ΥۥȤ RSA ̩Υڥޤ? + ΥȡϤΥۥȤ RSA + ̩ΥڥưŪǤޤΥڥ¾ΥۥȤȤ + IPSec ̿ǤǧڤѲǽǡ奢 IPSec + ̿ΩˡȤƹޤƤޤ¾ѲǽˡȤƤ϶̸ + (ȥͥƱѥ) + ̿ǧڤѤȤΤޤ¿³ФƤϡRSA + ǧڤΤۤñǡꥻ奢Ǥ +Description-pt_BR: Voc deseja criar um par de chaves RSA pblica/privada para este host ? + Este instalador pode automaticamente criar um par de chaves RSA + pblica/privada para este host. Esse par de chaves pode ser usado para + autenticar conexes IPSec com outros hosts e a maneira preferida de + construir conexes IPSec seguras. A outra possibilidade seria usar + segredos compartilhados (senhas que so iguais em ambos os lados do tnel) + para autenticar uma conexo, mas para um grande nmero de conexes RSA a + autenticao mais fcil de administrar e mais segura. + +Template: openswan/rsa_key_type +Type: select +Choices: x509, plain +Choices-fr: X509, simple paire +Choices-ja: x509, ̾Υ +Choices-pt_BR: x509, pura +Default: x509 +Description: Which type of RSA keypair do you want to create ? + It is possible to create a plain RSA public/private keypair for the use + with Openswan or to create a X509 certificate file which contains the RSA + public key and additionally store the corresponding private key. + . + If you only want to build up IPSec connections to hosts also running + Openswan, it might be a bit easier using plain RSA keypairs. But if you + want to connect to other IPSec implementations, you will need a X509 + certificate. It is also possible to create a X509 certificate here and + extract the RSA public key in plain format if the other side runs + Openswan without X509 certificate support. + . + Therefore a X509 certificate is recommended since it is more flexible and + this installer should be able to hide the complex creation of the X509 + certificate and its use in Openswan anyway. +Description-fr: Type de paire de cls RSA crer: + Il est possible de crer une simple paire de cls destine tre utilise + avec Openswan ou de crer un fichier de certificat X509 qui contient la + cl publique RSA et de conserver la cl prive correspondante par + ailleurs. + . + Si vous ne prvoyez d'tablir des connexions IPSec qu'avec des htes + utilisant Openswan, il sera probablement plus facile d'utiliser des cls + RSA simples. Mais si vous souhaitez vous connecter des htes utilisant + d'autres implmentations d'IPSec, vous aurez besoin d'un certificat X509. + Il est galement possible de crer un certificat X509 puis d'en extraire + un simple cl publique RSA, si l'autre extrmit de la connexion utilise + Openswan sans le support des certificats X509. + . + En consquence, il vous est conseill d'utiliser un certificat X509 car + cette mthode est plus souple. Cet outil d'installation devrait vous + simplifier la tche de cration et d'utilisation de ce certificat X509. +Description-ja: ɤΥפ RSA ڥޤ? + Openswan Ѥ̾ RSA ̩Υڥޤ뤤 + RSA (ˤϤб̩) ޤ X509 + եƱͤǤ + . + Openswan ưƤۥȤ IPSec + ̿Ωξϡ̾ RSA + ڥѤ¿ñˤʤޤ¾ IPSec + Ȥ³Ԥ X509 + ɬפˤʤޤ̿ԤоݤΥۥȤ Openswan X509 + Υݡ̵DZѤƤ硢 X509 + ơۤ RSA ̾ηŸ뤳ȤǽǤ + . + ä X509 + ǤΤۤǤΥȡȤСX509 + Openswan ǤѤ˺ݤƤݤäƤϤǤ +Description-pt_BR: Qual tipo de par de chaves RSA voc deseja criar ? + possvel criar um par de chaves RSA pblica/privada pura (plain) para + uso com o Openswan ou para criar um arquivo de certificado X509 que ir + conter a chave RSA pblica e adicionalmente armazenar a chave privada + correspondente. + . + Caso voc queira somente construir conexes IPsec para hosts e tambm + executar o Openswan, pode ser um pouco mais fcil usar pares de chaves RSA + puros (plain). Mas caso voc queira se conectar a outras implementaes + IPSec, voc precisar de um certificado X509. tambm possvel criar um + certificado X509 aqui e extrair a chave pblica em formato puro (plain) + caso o outro lado execute o Openswan sem suporte a certificados X509. + . + Um certificado X509 recomendado, uma vez que o mesmo mais flexvel e + este instalador capaz de simplificar a complexa criao do certificado + X509 e seu uso com o Openswan. + +Template: openswan/existing_x509_certificate +Type: boolean +Default: false +Description: Do you have an existing X509 certificate file that you want to use for Openswan ? + This installer can automatically extract the needed information from an + existing X509 certificate with a matching RSA private key. Both parts can + be in one file, if it is in PEM format. Do you have such an existing + certificate and key file and want to use it for authenticating IPSec + connections ? +Description-fr: Possdez-vous un fichier de certificat X509 existant utiliser avec Openswan? + Cet outil d'installation est capable d'extraire automatiquement + l'information ncessaire d'un fichier de certificat X509 existant, avec la + cl prive RSA correspondante. Les deux parties peuvent se trouver dans un + seul fichier, s'il est en format PEM. Possdez-vous un tel certificat + ainsi que la cl prive, et souhaitez-vous vous en servir pour + l'authentification des connexions IPSec? +Description-ja: ¸ߤƤ X509 ե Openswan Ѥޤ? + Υȡϴ¸ߤƤ X509 RSA + ̩ȾȤ餷碌ɬפʾưŪŸǽǤ PEM + ξ硢ĤΥեˤޤȤ뤳ȤǽǤΤ褦ʾȸΥե뤬ꡢ + IPSec ̿Ǥǧڤ˻ѤǤ? +Description-pt_BR: Voc possui um arquivo de certificado X509 existente que voc gostaria de usar com o Openswan ? + Este instalador pode extrair automaticamente a informao necessria de um + certificado X509 existente com uma chave RSA privada adequada. Ambas as + partes podem estar em um arquivo, caso estejam no formato PEM. Voc possui + um certificado existente e um arquivo de chave e quer us-los para + autenticar conexes IPSec ? + +Template: openswan/existing_x509_certificate_filename +Type: string +Description: Please enter the location of your X509 certificate in PEM format. + Please enter the location of the file containing your X509 certificate in + PEM format. +Description-fr: Emplacement de votre certificat X509 au format PEM: + Veuillez indiquer l'emplacement du fichier contenant votre certificat X509 + au format PEM. +Description-ja: PEM X509 ξϤƤ + PEM X509 ޤǤեξϤƤ +Description-pt_BR: Por favor, informe a localizao de seu certificado X509 no formato PEM. + Por favor, informe a localizao do arquivo contendo seu certificado X509 + no formato PEM. + +Template: openswan/existing_x509_key_filename +Type: string +Description: Please enter the location of your X509 private key in PEM format. + Please enter the location of the file containing the private RSA key + matching your X509 certificate in PEM format. This can be the same file + that contains the X509 certificate. +Description-fr: Emplacement de votre cl prive X509 au format PEM: + Veuillez indiquer l'emplacement du fichier contenant la cl prive RSA + correspondant votre certificat X509 au format PEM. Cela peut tre le + fichier qui contient le certificat X509. +Description-ja: PEM X509 ̩ξϤƤ + PEM X509 + б̩ޤǤեξϤƤ + X509 ޤǤեƱǹޤ +Description-pt_BR: Por favor, informe a localizao de sua chave privada X509 no formato PEM. + Por favor, informe a localizao do arquivo contendo a chave privada RSA + que casa com seu certificado X509 no formato PEM. Este pode ser o mesmo + arquivo que contm o certificado X509. + +Template: openswan/rsa_key_length +Type: string +Default: 2048 +Description: Which length should the created RSA key have ? + Please enter the length of the created RSA key. it should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 2048 bits because it only slows the + authentication process down and is not needed at the moment. +Description-fr: Longueur de la cl RSA crer: + Veuillez indiquer la longueur de la cl RSA qui sera cre. Elle ne doit + pas tre infrieure 1024 bits car cela serait considr comme + insuffisamment sr. Un choix excdant 2048 bits est probablement inutile + car cela ne fait essentiellement que ralentir le processus + d'authentification sans avoir d'intrt actuellement. +Description-ja: RSA ɤĹޤ? + RSA ĹϤƤΤᡢ1024 + ӥåȰʲˤ٤ǤϤޤ2048 + ӥåȰʾˤɬפʤǤ礦ǧڥץ٤ʤޤǤϤ餯ɬפޤ +Description-pt_BR: Qual deve ser o tamanho da chave RSA criada ? + Por favor, informe o tamanho da chave RSA a ser criada. A mesma no deve + ser menor que 1024 bits devido a uma chave de tamanho menor que esse ser + considerada insegura. Voc tambm no precisar de nada maior que 2048 + porque isso somente deixaria o processo de autenticao mais lento e no + seria necessrio no momento. + +Template: openswan/x509_self_signed +Type: boolean +Default: true +Description: Do you want to create a self-signed X509 certificate ? + This installer can only create self-signed X509 certificates + automatically, because otherwise a certificate authority is needed to sign + the certificate request. If you want to create a self-signed certificate, + you can use it immediately to connect to other IPSec hosts that support + X509 certificate for authentication of IPSec connections. However, if you + want to use the new PKI features of Openswan >= 1.91, you will need to + have all X509 certificates signed by a single certificate authority to + create a trust path. + . + If you do not want to create a self-signed certificate, then this + installer will only create the RSA private key and the certificate request + and you will have to sign the certificate request with your certificate + authority. +Description-fr: Souhaitez-vous crer un certificat X509 auto-sign? + Cet outil d'installation ne peut crer automatiquement qu'un certificat + X509 auto-sign puisqu'une autorit de certification est indispensable + pour signer la demande de certificat. Si vous choisissez de crer un + certificat auto-sign, vous pourrez vous en servir immdiatement pour vous + connecter aux htes qui authentifient les connexions IPSec avec des + certificats X509. Cependant, si vous souhaitez utiliser les nouvelles + fonctionnalits PKI de Openswan >= 1.91, vous aurez besoin que tous les + certificats X509 soient signs par la mme autorit de certification afin + de crer un chemin de confiance. + . + Si vous ne voulez pas crer de certificat auto-sign, cet outil + d'installation ne fera que crer la cl prive RSA et la demande de + certificat, que vous devrez ensuite signer avec votre autorit de + certification. +Description-ja: ʽ̾ X509 ޤ? + ˽̾뤿ˤǧڶɤɬפȤʤΤǡΥȡǤϼʽ̾ + X509 + ưŪǽǤʽ̾硢ѤƤ + X509 ݡȤƤ¾ IPSec + ۥȤ³ǽǤOpenswan С 1.91 ʾǤο PKI + ǽȤϡtrust path + 뤿ñǧڶɤˤäƤ٤Ƥ X509 + ˽̾Ƥ餦ɬפޤ + . + ʽ̾ʤ硢Υȡ RSA + ̩ȾΤߤޤơǧڶɤ˾ؽ̾Ƥ餦ɬפޤ +Description-pt_BR: Deseja criar um certificado X509 auto-assinado ? + Este instalador pode criar automaticamente somente certificados X509 + auto-assinados, devido a uma autoridade certificadora ser necessria para + assinar a requisio de certificado. Caso voc queira criar um certificado + auto-assinado, voc poder us-lo imediatamente para conexo com outros + hosts IPSec que suportem certificados X509 para autenticao de conexes + IPSec. Porm, caso voc queira usar os novos recursos PKI do Openswan + verso 1.91 ou superior, voc precisar possuir todos seus certificados + X509 assinados por uma nica autoridade certificadora para criar um + caminho de confiana. + . + Caso voc no queira criar um certificado auto-assinado, este instalador + ir somente criar a chave privada RSA e a requisio de certificado e voc + ter ento que assinar a requisio de certificado junto a sua autoridade + certificadora. + +Template: openswan/x509_country_code +Type: string +Default: AT +Description: Please enter the country code for the X509 certificate request. + Please enter the 2 letter country code for your country. This code will be + placed in the certificate request. + . + You really need to enter a valid country code here, because openssl will + refuse to generate certificates without one. An empty field is allowed for + any other field of the X.509 certificate, but not for this one. + . + Example: AT +Description-fr: Code du pays: + Veuillez indiquer le code deux lettres de votre pays. Ce code sera + inclus dans la demande de certificat. + . + Il est impratif de choisir ici un code de pays valide sinon OpenSSL + refusera de gnrer les certificats. Tous les autres champs d'un + certificat X.509 peuvent tre vides, sauf celui-ci. + . + Exemple: FR +Description-ja: X509 ˵ܤɤϤƤ + ʤιιɤ2ʸϤƤΥɤϾ˵ܤޤ + . + openssl + ɤʤǤϾݤΤǡɤϤɬפޤX.509 + Ǥϡ¾ΥեɤˤĤƤ϶ǤޤˤĤƤϵĤƤޤ + . + : JP +Description-pt_BR: Por favor, informe o cdigo de pas para a requisio de certificado X509. + Por favor, informe o cdifo de pas de duas letras para seu pas. Esse + cdigo ser inserido na requisio de certificado. + . + Voc realmente precisa informar um cdigo de pas vlido aqui devido ao + openssl se recusar a gerar certificados sem um cdigo de pas vlido. Um + campo em branco permitido para qualquer outro campo do certificado + X.509, mas no para esse campo. + . + Exemplo: BR + +Template: openswan/x509_state_name +Type: string +Default: +Description: Please enter the state or province name for the X509 certificate request. + Please enter the full name of the state or province you live in. This name + will be placed in the certificate request. + . + Example: Upper Austria +Description-fr: tat, province ou rgion: + Veuillez indiquer le nom complet de l'tat, de la province ou de la rgion + o vous rsidez. Ce nom sera inclus dans la demande de certificat. + . + Exemples: Rhne-Alpes, Brabant, Bouches du Rhne, Qubec, Canton de Vaud +Description-ja: X509 ˵ܤƻܸ̾ϤƤ + ʤ߽ƤƻܸϤƤϾ˵ܤޤ + . + : Tokyo +Description-pt_BR: Por favor, informe o estado ou nome de provncia para a requisio de certificado X509. + Por favor, informe o nome complete do estado ou provncia em que voc + mora. Esse nome ser inserido na requisio de certificado. + . + Exemplo : Sao Paulo + +Template: openswan/x509_locality_name +Type: string +Default: +Description: Please enter the locality name for the X509 certificate request. + Please enter the locality (e.g. city) where you live. This name will be + placed in the certificate request. + . + Example: Vienna +Description-fr: Localit: + Veuillez indiquer la localit (p.ex. la ville) o vous rsidez. Ce nom + sera inclus dans la demande de certificat. + . + Exemple: Saint-tienne +Description-ja: X509 ˵ܤϤ̾ϤƤ + ʤκ߽Ƥ̾ (: Į¼̾) + ϤƤϾ˵ܤޤ + . + : Shinjuku-ku +Description-pt_BR: Por favor, informe o nome da localidade para a requisio de certificado X509. + Por favor, informe a localidade (ou seja, cidade) onde voc mora. Esse + nome ser inserido na requisio de certificado. + . + Exemplo : Sao Paulo + +Template: openswan/x509_organization_name +Type: string +Default: +Description: Please enter the organization name for the X509 certificate request. + Please enter the organization (e.g. company) that the X509 certificate + should be created for. This name will be placed in the certificate + request. + . + Example: Debian +Description-fr: Organisme: + Veuillez indiquer l'organisme (p.ex. l'entreprise) pour qui sera cr le + certificat X509. Ce nom sera inclus dans la demande de certificat. + . + Exemple: Debian +Description-ja: X509 ˵ܤȿ̾ϤƤ + X509 оݤȤʤ٤ȿ (: ) + ϤƤϾ˵ܤޤ + . + : Debian +Description-pt_BR: Por favor, informe o nome da organizao para a requisio de certificado X509. + Por favor, informe a organizao (ou seja, a empresa) para a qual este + certificado X509 dever ser criado. Esse nome ser inserido na requisio + de certificado. + . + Exemplo : Debian + +Template: openswan/x509_organizational_unit +Type: string +Default: +Description: Please enter the organizational unit for the X509 certificate request. + Please enter the organizational unit (e.g. section) that the X509 + certificate should be created for. This name will be placed in the + certificate request. + . + Example: security group +Description-fr: Unit d'organisation: + Veuillez indiquer l'unit d'organisation (p. ex. dpartement, division, + etc.) pour qui sera cr le certificat X509. Ce nom sera inclus dans la + demande de certificat. + . + Exemple: Dpartement Rseaux et Informatique Scientifique +Description-ja: X509 ˵ܤȿñ̤ϤƤ + X509 оݤȤʤ٤ȿñ (: ̾) + ϤƤϾ˵ܤޤ + . + : security group +Description-pt_BR: Por favor, informe a unidade organizacional para a requisio de certificado X509. + Por favor, informe a unidade organizacional (ou seja, seo ou + departamento) para a qual este certificado dever ser criado. Esse nome + ser inserido na requisio de certificado. + . + Exemplo : Grupo de Segurana + +Template: openswan/x509_common_name +Type: string +Default: +Description: Please enter the common name for the X509 certificate request. + Please enter the common name (e.g. the host name of this machine) for + which the X509 certificate should be created for. This name will be placed + in the certificate request. + . + Example: gateway.debian.org +Description-fr: Nom ordinaire (common name): + Veuillez indiquer le nom ordinaire (p.ex. le nom rseau de cette machine) + pour qui sera cr le certificat X509. Ce nom sera inclus dans la demande + de certificat. + . + Exemple: gateway.debian.org +Description-ja: X509 ˵ܤ륳͡ϤƤ + X509 оݤȤʤ٤͡ (: ΥޥΥۥ̾) + ϤƤϾ˵ܤޤ + . + : gateway.debian.org +Description-pt_BR: Por favor, informe o nome comum para a requisio de certificado X509. + Por favor, informe o nome comum (ou seja, o nome do host dessa mquina) + para o qual o certificado X509 dever ser criado. Esse nome ser inserido + na requisio de certificado. + . + Exemplo : gateway.debian.org + +Template: openswan/x509_email_address +Type: string +Default: +Description: Please enter the email address for the X509 certificate request. + Please enter the email address of the person or organization who is + responsible for the X509 certificate, This address will be placed in the + certificate request. +Description-fr: Adresse lectronique: + Veuillez indiquer l'adresse lectronique de la personne ou de l'organisme + responsable du certificat X509. Cette adresse sera incluse dans la demande + de certificat. +Description-ja: X509 ˵ܤ륢ɥ쥹ϤƤ + X509 + ǤԤȤʤʪΤΥ륢ɥ쥹ϤƤΥɥ쥹Ͼ˵ܤޤ +Description-pt_BR: Por favor, informe o endereo de e-mail para a requisio de certificado X509. + Por favor, informe o endereo de e-mail da pessoa ou organizao + responsvel pelo certificado X509. Esse endereo ser inserido na + requisio de certificado. + +Template: openswan/enable-oe +Type: boolean +Default: false +Description: Do you wish to enable opportunistic encryption in Openswan? + Openswan comes with support for opportunistic encryption (OE), which stores + IPSec authentication information (i.e. RSA public keys) in (preferably + secure) DNS records. Until this is widely deployed, activating it will + cause a significant slow-down for every new, outgoing connection. Since + version 2.0, Openswan upstream comes with OE enabled by default and is thus + likely to break you existing connection to the Internet (i.e. your default + route) as soon as pluto (the Openswan keying daemon) is started. + . + Please choose whether you want to enable support for OE. If unsure, do not + enable it. +Description-fr: Souhaitez-vous activer le chiffrement opportuniste dansOpenswan? + Openswan gre le chiffrement opportuniste (opportunistic encryption: + OE) qui permet de conserver les informations d'authentification IPSec + (c'est--dire les cls publiques RSA) dans des enregistrements DNS, de + prfrence scuriss. Tant que cette fonctionnalit ne sera pas dploye + largement, son activation provoquera un ralentissement significatif pour + toute nouvelle connexion sortante. partir de la version 2.0, cette + fonctionnalit est active par dfaut dans Openswan, ce qui peut + interrompre le fonctionnement de votre connexion l'Internet + (c'est--dire votre route par dfaut) ds le dmarrage de pluto, le dmon + de gestion de cls d'Openswan. + . + Veuillez choisir si vous souhaitez activer la gestion du chiffrement + opportuniste. Ne l'activez pas si vous n'tes pas certain d'en avoir + besoin. +Description-ja: Openswan opportunistic encryption ͭˤޤ? + Openswan ϡIPSec ǧھ (: RSA ) (勞ϥ奢) DNS + 쥳¸ opportunistic encryption (OE) + ݡȤƤޤϹѤ褦ˤʤޤǡͭˤ뤳ȤƤγؤο³ϳʤ٤ʤޤС + 2.0 ꡢOpenswan γȯϥǥեȤ OE ͭˤƤꡢä + plute (Openswan ̾ǡ) + ϤޤǡǤˤ륤ͥåȤؤ³ + (Ĥޤǥեȥ롼) Ǥ뤫⤷ޤ + . + OE + ΥݡȤͭˤ뤫ɤǤ褯狼ʤϡͭˤϤʤǤ +Description-pt_BR: Voc deseja habilitar a encriptao oportunstica no Openswan ? + O Openswan suporta encriptao oportunstica (OE), a qual armazena + informaes de autenticao IPSec (por exemplo, chaves pblicas RSA) em + registros DNS (preferivelmente seguros). At que esse suporte esteja + largamento sendo utilizado, ativ-lo ir causar uma signficante lentido + para cada nova conexo de sada. Iniciando a partir da verso 2.0, o + Openswan, da forma como distribudo pelos desenvolvedores oficiais, + fornecido com o suporte a OE habilitado por padro e, portanto, + provavelmente ir quebrar suas conexes existentes com a Internet (por + exemplo, sua rota padro) to logo o pluto (o daemon de troca de chaves do + Openswan) seja iniciado. + . + Por favor, informe se voc deseja habilitar o suporte a OE. Em caso de + dvidas, no habilite esse suporte. diff --git a/debian/openswan.templates.master b/debian/openswan.templates.master new file mode 100644 index 000000000..f9c9e7e7f --- /dev/null +++ b/debian/openswan.templates.master @@ -0,0 +1,207 @@ +Template: openswan/start_level +Type: select +_Choices: earliest, "after NFS", "after PCMCIA" +Default: earliest +_Description: At which level do you wish to start Openswan ? + With the current Debian startup levels (nearly everything starting in + level 20), it is impossible for Openswan to always start at the correct + time. There are three possibilities when Openswan can start: before or + after the NFS services and after the PCMCIA services. The correct answer + depends on your specific setup. + . + If you do not have your /usr tree mounted via NFS (either you only mount + other, less vital trees via NFS or don't use NFS mounted trees at all) and + don't use a PCMCIA network card, then it's best to start Openswan at + the earliest possible time, thus allowing the NFS mounts to be secured by + IPSec. In this case (or if you don't understand or care about this + issue), answer "earliest" to this question (the default). + . + If you have your /usr tree mounted via NFS and don't use a PCMCIA network + card, then you will need to start Openswan after NFS so that all + necessary files are available. In this case, answer "after NFS" to this + question. Please note that the NFS mount of /usr can not be secured by + IPSec in this case. + . + If you use a PCMCIA network card for your IPSec connections, then you only + have to choose to start it after the PCMCIA services. Answer "after + PCMCIA" in this case. This is also the correct answer if you want to fetch + keys from a locally running DNS server with DNSSec support. + +Template: openswan/restart +Type: boolean +Default: true +_Description: Do you wish to restart Openswan? + Restarting Openswan is a good idea, since if there is a security fix, it + will not be fixed until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However this might take down + existing connections and then bring them back up. + +Template: openswan/create_rsa_key +Type: boolean +Default: true +_Description: Do you want to create a RSA public/private keypair for this host ? + This installer can automatically create a RSA public/private keypair for + this host. This keypair can be used to authenticate IPSec connections to + other hosts and is the preferred way for building up secure IPSec + connections. The other possibility would be to use shared secrets + (passwords that are the same on both sides of the tunnel) for + authenticating an connection, but for a larger number of connections RSA + authentication is easier to administer and more secure. + . + If you do not want to create a new public/private keypair, you can choose to + use an existing one. + +Template: openswan/rsa_key_type +Type: select +_Choices: x509, plain +Default: x509 +_Description: Which type of RSA keypair do you want to create ? + It is possible to create a plain RSA public/private keypair for use + with Openswan or to create a X509 certificate file which contains the RSA + public key and additionally stores the corresponding private key. + . + If you only want to build up IPSec connections to hosts also running + Openswan, it might be a bit easier using plain RSA keypairs. But if you + want to connect to other IPSec implementations, you will need a X509 + certificate. It is also possible to create a X509 certificate here and + extract the RSA public key in plain format if the other side runs + Openswan without X509 certificate support. + . + Therefore a X509 certificate is recommended since it is more flexible and + this installer should be able to hide the complex creation of the X509 + certificate and its use in Openswan anyway. + +Template: openswan/existing_x509_certificate +Type: boolean +Default: false +_Description: Do you have an existing X509 certificate file that you want to use for Openswan ? + This installer can automatically extract the needed information from an + existing X509 certificate with a matching RSA private key. Both parts can + be in one file, if it is in PEM format. Do you have such an existing + certificate and key file and want to use it for authenticating IPSec + connections ? + +Template: openswan/existing_x509_certificate_filename +Type: string +_Description: Please enter the location of your X509 certificate in PEM format. + Please enter the location of the file containing your X509 certificate in + PEM format. + +Template: openswan/existing_x509_key_filename +Type: string +_Description: Please enter the location of your X509 private key in PEM format. + Please enter the location of the file containing the private RSA key + matching your X509 certificate in PEM format. This can be the same file + that contains the X509 certificate. + +Template: openswan/rsa_key_length +Type: string +Default: 2048 +_Description: Which length should the created RSA key have ? + Please enter the length of the created RSA key. it should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 2048 bits because it only slows the + authentication process down and is not needed at the moment. + +Template: openswan/x509_self_signed +Type: boolean +Default: true +_Description: Do you want to create a self-signed X509 certificate ? + This installer can only create self-signed X509 certificates + automatically, because otherwise a certificate authority is needed to sign + the certificate request. If you want to create a self-signed certificate, + you can use it immediately to connect to other IPSec hosts that support + X509 certificate for authentication of IPSec connections. However, if you + want to use the new PKI features of Openswan >= 1.91, you will need to + have all X509 certificates signed by a single certificate authority to + create a trust path. + . + If you do not want to create a self-signed certificate, then this + installer will only create the RSA private key and the certificate request + and you will have to sign the certificate request with your certificate + authority. + +Template: openswan/x509_country_code +Type: string +Default: AT +_Description: Please enter the country code for the X509 certificate request. + Please enter the 2 letter country code for your country. This code will be + placed in the certificate request. + . + You really need to enter a valid country code here, because openssl will + refuse to generate certificates without one. An empty field is allowed for + any other field of the X.509 certificate, but not for this one. + . + Example: AT + +Template: openswan/x509_state_name +Type: string +Default: +_Description: Please enter the state or province name for the X509 certificate request. + Please enter the full name of the state or province you live in. This name + will be placed in the certificate request. + . + Example: Upper Austria + +Template: openswan/x509_locality_name +Type: string +Default: +_Description: Please enter the locality name for the X509 certificate request. + Please enter the locality (e.g. city) where you live. This name will be + placed in the certificate request. + . + Example: Vienna + +Template: openswan/x509_organization_name +Type: string +Default: +_Description: Please enter the organization name for the X509 certificate request. + Please enter the organization (e.g. company) that the X509 certificate + should be created for. This name will be placed in the certificate + request. + . + Example: Debian + +Template: openswan/x509_organizational_unit +Type: string +Default: +_Description: Please enter the organizational unit for the X509 certificate request. + Please enter the organizational unit (e.g. section) that the X509 + certificate should be created for. This name will be placed in the + certificate request. + . + Example: security group + +Template: openswan/x509_common_name +Type: string +Default: +_Description: Please enter the common name for the X509 certificate request. + Please enter the common name (e.g. the host name of this machine) for + which the X509 certificate should be created for. This name will be placed + in the certificate request. + . + Example: gateway.debian.org + +Template: openswan/x509_email_address +Type: string +Default: +_Description: Please enter the email address for the X509 certificate request. + Please enter the email address of the person or organization who is + responsible for the X509 certificate, This address will be placed in the + certificate request. + +Template: openswan/enable-oe +Type: boolean +Default: false +_Description: Do you wish to enable opportunistic encryption in Openswan? + Openswan comes with support for opportunistic encryption (OE), which stores + IPSec authentication information (i.e. RSA public keys) in (preferably + secure) DNS records. Until this is widely deployed, activating it will + cause a significant slow-down for every new, outgoing connection. Since + version 2.0, Openswan upstream comes with OE enabled by default and is thus + likely to break your existing connection to the Internet (i.e. your default + route) as soon as pluto (the Openswan keying daemon) is started. + . + Please choose whether you want to enable support for OE. If unsure, do not + enable it. + diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 000000000..0e2981655 --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1,2 @@ +01-updown-default-path +01-updown_x509-default-path
\ No newline at end of file diff --git a/debian/patches/01-updown-default-path.dpatch b/debian/patches/01-updown-default-path.dpatch new file mode 100755 index 000000000..215495cab --- /dev/null +++ b/debian/patches/01-updown-default-path.dpatch @@ -0,0 +1,31 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_updown-default-path.dpatch by <rene@mayrhofer.eu.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes /etc/sysconfig to /etc/default + +@DPATCH@ + +--- openswan/programs/_updown/_updown.in.orig 2006-04-15 22:43:19.159741143 +0100 ++++ openswan/programs/_updown/_updown.in 2006-04-15 22:43:26.851946210 +0100 +@@ -116,7 +116,7 @@ + # PLUTO_CONNECTION_TYPE + # + +-# Import default _updown configs from the /etc/sysconfig/pluto_updown file ++# Import default _updown configs from the /etc/default/pluto_updown file + # + # Two variables can be set in this file: + # +@@ -132,9 +132,9 @@ + # IPRULEARGS + # is the extra argument list for ip rule command + # +-if [ -f /etc/sysconfig/pluto_updown ] ++if [ -f /etc/default/pluto_updown ] + then +- . /etc/sysconfig/pluto_updown ++ . /etc/default/pluto_updown + fi + + # check interface version diff --git a/debian/patches/01-updown_x509-default-path.dpatch b/debian/patches/01-updown_x509-default-path.dpatch new file mode 100755 index 000000000..ef53bf202 --- /dev/null +++ b/debian/patches/01-updown_x509-default-path.dpatch @@ -0,0 +1,31 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_updown_x509-default-path.dpatch by <rene@mayrhofer.eu.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes /etc/sysconfig to /etc/default + +@DPATCH@ + +--- openswan/programs/_updown_x509/_updown_x509.in.orig 2006-04-15 22:33:22.443407426 +0100 ++++ openswan/programs/_updown_x509/_updown_x509.in 2006-04-15 22:33:36.822921408 +0100 +@@ -125,7 +125,7 @@ + # PLUTO_CONNECTION_TYPE + # + +-# Import default _updown configs from the /etc/sysconfig/pluto_updown file ++# Import default _updown configs from the /etc/default/pluto_updown file + # + # Two variables can be set in this file: + # +@@ -141,9 +141,9 @@ + # IPRULEARGS + # is the extra argument list for ip rule command + # +-if [ -f /etc/sysconfig/pluto_updown ] ++if [ -f /etc/default/pluto_updown ] + then +- . /etc/sysconfig/pluto_updown ++ . /etc/default/pluto_updown + fi + + # check interface version diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 000000000..bd3c84ec2 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] openswan.templates.master diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 000000000..f4df691c4 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,511 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 2.3.0\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-02-08 14:12+0100\n" +"Last-Translator: Ondra Kudlik <kepi@orthank.net>\n" +"Language-Team: Czech <cs@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "nejdříve, \"po NFS\", \"po PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Na jaké úrovni chcete spouštět Openswan?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Se současnými startovacími úrovněmi Debianu (téměř vše začíná na úrovni 20), " +"je nemožné, aby Openswan vždy nastartoval ve správný čas. Jsou zde tři " +"možnosti, kdyjej lze spouštět: před nebo po NFS službách a nebo po PCMCIA " +"službách. Správná odpověď závisí na vašem konkrétním nastavení." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Jestliže nemáte váš /usr strom připojen skrz NFS (buď přes NFS připojujete " +"jiné, ne tak důležité stromy nebo jej vůbec nepoužíváte) a zároveň " +"nepoužíváte PCMCIA síťovou kartu, je nejlepší spouštět Openswan co nejdříve, " +"čímž umožníte aby NFS svazky byly chráněny pomocí IPSec. V tomto případě " +"(nebo pokud si nejste jisti, či vám na tom nezáleží) na otázku odpovězte " +"\"nejdříve\" (výchozí)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Jestliže máte /usr strom připojen skrz NFS a nepoužíváte PCMCIA síťovou " +"kartu, potřebujete spustit Openswan po NFS, aby byly všechny potřebné " +"soubory dostupné. V tomto případě na otázku odpověztě \"po NFS\". Uvědomtě " +"si prosím, že v tomto případě nemůže být NFS svazek /usr chráněn pomocí " +"IPSec." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Jestliže používáte PCMCIA síťovou kartu pro vaše IPSec připojení, pak je " +"jedinou možností jej spustit po PCMCIA službách. V tom případě odpovězte " +"\"po PCMCIA\". Toto je také správná odpověď, pokud chcete získat klíče z " +"lokálního DNS serveru s podporou DNSSec." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Přejete si spustit Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Restartování Openswan je dobrý nápad, protože v případě, že aktualizace " +"obsahuje bezpečnostní záplatu, nebude opravena dokud se démon nerestartuje. " +"Většina lidí předpokládá restartování démona, takže je to v každém případě " +"správný postup. Nicméně existující spojení mohou být shozena a poté znovu " +"nastavena." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "Přejete si vytvořit RSA veřejný/soukromý pár klíčů pro tento počítač?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Tento instalátor může automaticky vytvořit RSA soukromý/privátní pár klíčů " +"pro tento počítač. Pár klíčů může být využit k autentifikaci IPSec spojení " +"na další počítače a je upřednostňovanou cestou pro sestavování bezpečných " +"IPSec spojení. Další možností autentifikace je využití sdílených tajemství " +"(hesel, která jsou stejná na obou stranách tunelu), ale pro větší množství " +"spojení je RSA autentifikace snažší pro správu a mnohem bezpečnější." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, prostý" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Jaký typ RSA páru klíčů chcete vytvořit?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Je možné vytvořit čisty pár RSA klíčů pro použití s Openswan nebo vytvořit " +"soubor s certifikátem X509, který obsahuje veřejný RSA klíč a dodatečně " +"uchovává odpovídající privátní klíč." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Pokud chcete vytvořit IPSec spojení jen k počítači, na kterém taktéž běží " +"Openswan, může být mnohem jednodušší použít RSA pár klíčů. Pokud se ale " +"chcete připojit k jiným implementacím IPSec, budete potřebovat certifikát " +"X509. Můžete také vytvořit certifikát X509 zde a získat veřejný klíč RSA v " +"čisté textové podobě pokud druhá strana používá Openswan bez podpory " +"certifikátu X509." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Certifikát X509 je proto doporučován zejména díky své flexibilnosti. " +"Tentoinstalátor by v každém případě měl být schopen skrýt komplexnost jeho " +"vytváření a použití s Openswan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "Vlastníte existující certifkát X509, který chcete použít pro Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Instalátor může automaticky získat potřebné informace z existujícího " +"certiifikátu X509 s odpovídajícím privátním RSA klíčem. Obě části mohou být " +"v jednom souboru, jedná-li se o formát PEM. Vlastníte takový certifikát i " +"soubor s klíčem a chcete jej použít pro autentifikaci spojení IPSec?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Zadejte prosím umístění souboru obsahujícího privátní RSA klíč odpovídající " +"vašemu certifikátu X509 ve formátu PEM. Může to být stejný soubor jako ten " +"obsahující certifikát X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Jakou délku by měl mít vytvořený RSA klíč?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Zadejte prosím délku vytvářeného RSA klíče. Kvůli bezpečnosti by neměla být " +"méně než 1024 bitů a pravděpodobně nepotřebujete víc než 2048 bitů, protože " +"to již zpomaluje proces autentizace." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Chcete vytvořit certifikát X509 podepsaný sám sebou?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Tento instalátor může automaticky vytvořit pouze certifikát X509 podepsaný " +"sám sebou, jelikož v opačném případě je k podpisu certifikátu potřeba " +"certifikační autorita. Tento certifikát můžete ihned použít k přípojení na " +"další počítače s IPSec, které podporují autentizaci pomocí certifikátu X509. " +"Nicméně chcete-li využít novýchmožností PKI Openswanu >= 1.91, budete k " +"vytovření důvěryhodných cest potřebovat všechny certifikáty X509 podepsané " +"jedinou certifikační autoritou." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Jestliže nechcete vytvořit certifikát podepsaný sám sebou, vytvořít tento " +"instalátor jen privátní RSA klíč a certifikační požadavek. Vy potom musíte " +"podepsat požadavek svojí certifikační autoritou." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Zadejte prosím kód země pro X509 certifikační požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Zadejte prosím dvoumístný kód vaší země. Tento kód bude umístěn do " +"certifikačního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Je opravdu nutné, abyste vložili správný kód země, protože openssl jinak " +"odmítne vygenerování certifikátu. Prázdné pole je povolené pro všechny " +"ostatní pole certifikátu X509 kromě tohoto." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Příklad: CZ" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Zadejte prosím jméno státu nebo oblasti pro certifikační požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Zadejte prosím celé jméno státu nebo oblasti kde žijete. Toto jméno bude " +"umístěno do certifikačního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Příklad: Morava" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Zadejte prosím jméno lokality pro certifikační požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Zadejte prosím lokalitu (např. město) kde žijete. Toto jméno bude umístěno " +"do certifikačního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Příklad: Brno" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Zadejte prosím název organizace pro certifikační požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno bude " +"umístěno do certifikačního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Příklad: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Zadejte prosím název organizační jednotky pro certifikační požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím organizační jednotku pro kterou je certifikát vytvářen. Toto " +"jméno bude umístěno do certifikačního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Příklad: bezpečnostní oddělení" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Zadejte prosím obvyklé jméno pro certifikační požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím běžné jméno (např. jméno počítače - hostname) pro kterou je " +"certifikát vytvářen. Toto jméno bude umístěno do certifikačního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Příklad: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Zadejte prosím emailovou adresu pro certifikační požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím emailovou adresu osoby nebo organizace, která je zodpovědná " +"za certifikát X509. Toto jméno bude umístěno do certifikačního požadavku." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Chcete povolit opportunistic encryption ve Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan přichází s podporou pro opportunistic·encryption·(OE), která " +"uchováváautentizační informace IPSec (např. veřejné RSA klíče) v (nejlépe " +"zabezpečených)DNS záznamech. Dokud nebude tato schopnost více rozšířena, " +"způsobí její aktivacevyrazné zpomalení s každým novým odchozím spojením. Od " +"verze 2.0 přicházíOpenswan s implicitně zapnutou podporou OE čímž " +"pravděpodobně zruší vašeprobíhající připojení k Internetu (např. vaši " +"impicitní cestu - default route) jakmileje pluto (Openswan keying démon) " +"spuštěno." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Prosím vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, " +"podporu nepovolujte." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 000000000..380180aaf --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,541 @@ +# translation of fr.po to French +# +# +# +# +# Christian Perrier <bubulle@debian.org>, 2004, 2006. +msgid "" +msgstr "" +"Project-Id-Version: fr\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-04-17 05:04-0600\n" +"PO-Revision-Date: 2006-04-17 18:59+0200\n" +"Last-Translator: Christian Perrier <bubulle@debian.org>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.2\n" +"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "Le plus tt possible, Aprs NFS, Aprs PCMCIA" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "tape de lancement d'Openswan:" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Avec les niveaux de dmarrage actuellement utiliss par Debian (presque tout " +"dmarre au niveau 20), il est impossible de faire en sorte qu'Openswan " +"dmarre toujours au moment appropri. Il existe trois moments o il est " +"opportun de le dmarrer: avant ou aprs les services NFS, ou aprs les " +"services PCMCIA. La rponse approprie dpend de vos rglages spcifiques." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " +"montages NFS sont d'autres endroits, moins critiques, soit parce que vous " +"n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de carte " +"rseau PCMCIA, il est prfrable de dmarrer Openswan le plus tt possible, " +"ce qui permettra de scuriser les montages NFS avec IPSec. Dans ce cas (ou " +"bien si vous ne comprenez pas l'objet de la question ou qu'elle ne vous " +"concerne pas), choisissez le plus tt possible, qui est le choix par " +"dfaut." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Si /usr est un montage NFS et que vous n'utilisez pas de carte rseau " +"PCMCIA, vous devrez alors dmarrer Openswan aprs les services NFS afin que " +"tous les fichiers ncessaires soient disponibles. Dans ce cas, choisissez " +"Aprs NFS. Veuillez noter que le montage NFS de /usr n'est alors pas " +"scuris par IPSec." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " +"choix possible est le dmarrage aprs les services PCMCIA. Choisissez alors " +"Aprs PCMCIA. Faites galement ce choix si vous souhaitez rcuprer les " +"cls d'authentification sur un serveur DNS reconnaissant DNSSec." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Souhaitez-vous redmarrer Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Redmarrer Openswan est prfrable car un ventuel correctif de scurit ne " +"prendra place que si le dmon est redmarr. La plupart des utilisateurs " +"s'attendent ce que le dmon redmarre et c'est donc le plus souvent le " +"meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +"connexions en cours." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "" +"Souhaitez-vous crer une paire de cls RSA publique et prive pour cet hte?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Cet outil d'installation peut crer automatiquement une paire de cls RSA " +"publique et prive pour cet hte. Cette paire de cls peut servir " +"authentifier des connexions IPSec vers d'autres htes. Cette mthode est la " +"mthode conseille pour l'tablissement de liaisons IPSec sres. L'autre " +"possibilit d'authentification la connexion est l'utilisation d'un secret " +"partag (pre-shared key: des mots de passe identiques aux deux " +"extrmits du tunnel). Toutefois, pour de nombreuses connexions, " +"l'authentification RSA est plus simple administrer et plus sre." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Si vous ne souhaitez pas crer une paire de cls publique et prive, vous " +"pouvez choisir d'en utiliser une existante." + +#. Type: select +#. Choices +#: ../openswan.templates.master:56 +msgid "x509, plain" +msgstr "X509, Simple paire" + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Type de paire de cls RSA crer:" + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Il est possible de crer une simple paire de cls destine tre utilise " +"avec Openswan ou de crer un fichier de certificat X509 qui contient la cl " +"publique RSA et de conserver la cl prive correspondante par ailleurs." + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Si vous ne prvoyez d'tablir des connexions IPSec qu'avec des htes " +"utilisant Openswan, il sera probablement plus facile d'utiliser des cls RSA " +"simples. Mais si vous souhaitez vous connecter des htes utilisant " +"d'autres implmentations d'IPSec, vous aurez besoin d'un certificat X509. Il " +"est galement possible de crer un certificat X509 puis d'en extraire une " +"simple cl publique RSA, si l'autre extrmit de la connexion utilise " +"Openswan sans la gestion des certificats X509." + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Ainsi, il vous est conseill d'utiliser un certificat X509 car cette mthode " +"est plus souple. Cet outil d'installation devrait vous simplifier la tche " +"de cration et d'utilisation de ce certificat X509." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:77 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Possdez-vous un fichier de certificat X509 existant utiliser avec " +"Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:77 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Cet outil d'installation est capable d'extraire automatiquement " +"l'information ncessaire d'un fichier de certificat X509 existant, avec la " +"cl prive RSA correspondante. Les deux parties peuvent se trouver dans un " +"seul fichier, s'il est en format PEM. Indiquez si vous possdez un tel " +"certificat ainsi que la cl prive, et si vous souhaitez vous en servir pour " +"l'authentification des connexions IPSec." + +#. Type: string +#. Description +#: ../openswan.templates.master:86 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Emplacement de votre certificat X509 au format PEM:" + +#. Type: string +#. Description +#: ../openswan.templates.master:86 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant votre certificat X509 " +"au format PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:92 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Emplacement de votre cl prive X509 au format PEM:" + +#. Type: string +#. Description +#: ../openswan.templates.master:92 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant la cl prive RSA " +"correspondant votre certificat X509 au format PEM. Cela peut tre le " +"fichier qui contient le certificat X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:100 +msgid "Which length should the created RSA key have ?" +msgstr "Longueur de la cl RSA crer:" + +#. Type: string +#. Description +#: ../openswan.templates.master:100 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Veuillez indiquer la longueur de la cl RSA qui sera cre. Elle ne doit pas " +"tre infrieure 1024bits car cela serait considr comme insuffisamment " +"sr. Un choix excdant 2048bits est probablement inutile car cela ne fait " +"essentiellement que ralentir le processus d'authentification sans avoir " +"d'intrt actuellement." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:109 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Souhaitez-vous crer un certificat X509 autosign?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:109 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Cet outil d'installation ne peut crer automatiquement qu'un certificat X509 " +"autosign puisqu'une autorit de certification est indispensable pour signer " +"la demande de certificat. Si vous choisissez de crer un certificat " +"autosign, vous pourrez vous en servir immdiatement pour vous connecter aux " +"htes qui authentifient les connexions IPSec avec des certificats X509. " +"Cependant, si vous souhaitez utiliser les nouvelles fonctionnalits PKI de " +"Openswan>=1.91, vous aurez besoin que tous les certificats X509 soient " +"signs par la mme autorit de certification afin de crer un chemin de " +"confiance." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:109 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Si vous ne voulez pas crer de certificat autosign, cet outil " +"d'installation ne fera que crer la cl prive RSA et la demande de " +"certificat, que vous devrez ensuite signer avec votre autorit de " +"certification." + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Code du pays:" + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Veuillez indiquer le code deux lettres de votre pays. Ce code sera inclus " +"dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Il est impratif de choisir ici un code de pays valide sinon OpenSSL " +"refusera de gnrer les certificats. Tous les autres champs d'un certificat " +"X.509 peuvent tre vides, sauf celui-ci." + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "Example: AT" +msgstr "Exemple: FR" + +#. Type: string +#. Description +#: ../openswan.templates.master:140 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "tat, province ou rgion:" + +#. Type: string +#. Description +#: ../openswan.templates.master:140 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Veuillez indiquer le nom complet de l'tat, de la province ou de la rgion " +"o vous rsidez. Ce nom sera inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:140 +msgid "Example: Upper Austria" +msgstr "" +"Exemples: Rhne-Alpes, Brabant Wallon, Bouches du Rhne, Qubec, Canton de " +"Vaud" + +#. Type: string +#. Description +#: ../openswan.templates.master:149 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Localit:" + +#. Type: string +#. Description +#: ../openswan.templates.master:149 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Veuillez indiquer la localit (p.ex. la ville) o vous rsidez. Ce nom sera " +"inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:149 +msgid "Example: Vienna" +msgstr "Exemple: Saint-tienne" + +#. Type: string +#. Description +#: ../openswan.templates.master:158 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Organisme:" + +#. Type: string +#. Description +#: ../openswan.templates.master:158 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Veuillez indiquer l'organisme (p.ex. l'entreprise) pour qui sera cr le " +"certificat X509. Ce nom sera inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:158 +msgid "Example: Debian" +msgstr "Exemple: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:168 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Unit d'organisation:" + +#. Type: string +#. Description +#: ../openswan.templates.master:168 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer l'unit d'organisation (p. ex. dpartement, division, " +"etc.) pour qui sera cr le certificat X509. Ce nom sera inclus dans la " +"demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:168 +msgid "Example: security group" +msgstr "Exemple: Dpartement Rseaux et Informatique Scientifique" + +#. Type: string +#. Description +#: ../openswan.templates.master:178 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Nom ordinaire:" + +#. Type: string +#. Description +#: ../openswan.templates.master:178 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer le nom ordinaire (p.ex. le nom rseau de cette machine) " +"pour qui sera cr le certificat X509. Ce nom sera inclus dans la demande de " +"certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:178 +msgid "Example: gateway.debian.org" +msgstr "Exemple: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:188 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Adresse lectronique:" + +#. Type: string +#. Description +#: ../openswan.templates.master:188 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer l'adresse lectronique de la personne ou de l'organisme " +"responsable du certificat X509. Cette adresse sera incluse dans la demande " +"de certificat." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:196 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Souhaitez-vous activer le chiffrement opportuniste dans Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:196 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan gre le chiffrement opportuniste (opportunistic encryption: " +"OE) qui permet de conserver les informations d'authentification IPSec (c'est-" +"-dire les cls publiques RSA) dans des enregistrements DNS, de prfrence " +"scuriss. Tant que cette fonctionnalit ne sera pas dploye largement, son " +"activation provoquera un ralentissement significatif pour toute nouvelle " +"connexion sortante. partir de la version2.0, cette fonctionnalit est " +"active par dfaut dans Openswan, ce qui peut interrompre le fonctionnement " +"de votre connexion l'Internet (c'est--dire votre route par dfaut) ds le " +"dmarrage de pluto, le dmon de gestion de cls d'Openswan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:196 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Veuillez choisir si vous souhaitez activer la gestion du chiffrement " +"opportuniste. Ne l'activez pas si vous n'tes pas certain d'en avoir besoin." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 000000000..93eb1d275 --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,508 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 1:2.2.0-8\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-05-28 01:26+0900\n" +"Last-Translator: Hideki Yamane <henrich@samba.gr.jp>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "ǽʸ¤, \"NFS ư\", \"PCMCIA ư\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "ɤʳ Openswan ưޤ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"ߤ Debian Ǥεư٥ (ۤȤƤ٥20) ΤޤޤǤϡOpenswan " +"ˤŬڤʥߥǵưǤޤOpenswan ư륿ߥ" +"ȤƤ3Ĥͤޤ: NFS ӥγϸ塦PCMCIA ӥ" +"ϸǤϤʤ꼡Ǥ" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"NFS ͳ /usr ޥȤ (¾Υѡƥ䤢ޤפǤϤʤѡ" +"ƥ NFS ͳǥޥȤ뤫ޤ NFS ޥȤȤʤ)" +" PCMCIA ͥåȥɤѤƤʤ硢ǽʸ¤ᤤ֤ " +"Openswan ưΤ٥ȤǤˤäơNFS ǤΥޥȤ " +"IPSec ݸޤξ (ޤϤƤʤä˵ˤ" +") \"ǽʸ¤\"ȼƤ (ɸ) " + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"NFS ͳ /usr ޥȤƤ PCMCIA ͥåȥɤѤƤʤ" +"ϡɬפʥեѲǽˤ뤿 Openswan NFS θǵưʤ" +"Фʤޤξ硢\"NFS ư\" Ƥλ NFS ͳ" +"ǥޥȤ /usr ϡIPSec ˤ륻奢ʾ֤ˤϤʤʤȤȤ" +"դƤ" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"IPSec ³ PCMCIA ͥåȥɤѤƤ硢PCMCIA ӥε" +"ư Openswan ưʳϤޤξ硢\"PCMCIA ư" +"\" ƤưƤ DNSSec ǽѤƤ DNS " +"Ф鸰Ǥ⡢Ƥ" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Openswan Ƶưޤ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"ƥäˤϥǡƵưޤǽȿǤޤ" +"ΤᡢOpenswan ƵưΤɤͤǤۤȤɤοͤϥǡ" +"Ƶư褦ȤޤꤢޤκȤǸߤ" +"³Ǥ졢ٷҤʤȤˤʤޤ" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "ΥۥȤ RSA ̩Υڥޤ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"ΥȡϤΥۥȤ RSA ̩ΥڥưŪǤ" +"ޤΥڥ¾ΥۥȤȤ IPSec ̿ǤǧڤѲǽǡ奢" +" IPSec ̿ΩˡȤƹޤƤޤ¾ѲǽˡȤƤ϶" +"̸ (ȥͥƱѥ) ̿ǧڤѤȤΤ" +"¿³ФƤϡRSA ǧڤΤۤñǡꥻ奢" +"" + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, ̾Υ" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "ɤΥפ RSA ڥޤ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Openswan Ѥ̾ RSA ̩Υڥޤ뤤 " +"RSA (ˤϤб̩) ޤ X509 եƱ" +"Ǥ" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +" Openswan ưƤۥȤ IPSec ̿Ωξϡ" +" RSA ڥѤ¿ñˤʤޤ¾ IPSec Ȥ" +"³Ԥ X509 ɬפˤʤޤ̿ԤоݤΥۥȤ " +"Openswan X509 Υݡ̵DZѤƤ硢 X509 " +"ơۤ RSA ̾ηŸ뤳ȤǽǤ" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"ä X509 ǤΤۤǤΥȡ" +"ȤСX509 Openswan ǤѤ˺ݤƤݤäƤ" +"ϤǤ" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "¸ߤƤ X509 ե Openswan Ѥޤ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Υȡϴ¸ߤƤ X509 RSA ̩ȾȤ餷碌" +"ɬפʾưŪŸǽǤ PEM ξ硢ĤΥե" +"ˤޤȤ뤳ȤǽǤΤ褦ʾȸΥե뤬ꡢ " +"IPSec ̿Ǥǧڤ˻ѤǤ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "PEM X509 ξϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "PEM X509 ޤǤեξϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "PEM X509 ̩ξϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"PEM X509 б̩ޤǤեξϤƤ" +" X509 ޤǤեƱǹޤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "RSA ɤĹޤ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +" RSA ĹϤƤΤᡢ1024 ӥåȰʲˤ٤" +"ǤϤޤ2048 ӥåȰʾˤɬפʤǤ礦ǧڥץ٤" +"ޤǤϤ餯ɬפޤ" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "ʽ̾ X509 ޤ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"˽̾뤿ˤǧڶɤɬפȤʤΤǡΥȡǤϼ" +"̾ X509 ưŪǽǤʽ̾" +"硢ѤƤ X509 ݡȤƤ¾ IPSec ۥȤ" +"³ǽǤOpenswan С 1.91 ʾǤο PKI ǽȤ" +"ϡtrust path 뤿ñǧڶɤˤäƤ٤Ƥ X509 " +"˽̾Ƥ餦ɬפޤ" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"ʽ̾ʤ硢Υȡ RSA ̩Ⱦ" +"Τߤޤơǧڶɤ˾ؽ̾Ƥ餦ɬפ" +"" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "X509 ˵ܤɤϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"ʤιιɤ2ʸϤƤΥɤϾ˵ܤ" +"ޤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"openssl ɤʤǤϾݤΤǡɤ" +"ϤɬפޤX.509 Ǥϡ¾ΥեɤˤĤƤ϶Ǥ" +"ޤˤĤƤϵĤƤޤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr ": JP" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "X509 ˵ܤƻܸ̾ϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"ʤ߽ƤƻܸϤƤϾ˵ܤ" +"" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr ": Tokyo" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "X509 ˵ܤϤ̾ϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"ʤκ߽Ƥ̾ (: Į¼̾) ϤƤϾ" +"˵ܤޤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr ": Shinjuku-ku" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "X509 ˵ܤȿ̾ϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"X509 оݤȤʤ٤ȿ (: ) ϤƤϾ" +"˵ܤޤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr ": Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "X509 ˵ܤȿñ̤ϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"X509 оݤȤʤ٤ȿñ (: ̾) ϤƤ" +"Ͼ˵ܤޤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr ": security group" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "X509 ˵ܤ륳͡ϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"X509 оݤȤʤ٤͡ (: ΥޥΥۥ̾) " +"ƤϾ˵ܤޤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr ": gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "X509 ˵ܤ륢ɥ쥹ϤƤ" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"X509 ǤԤȤʤʪΤΥ륢ɥ쥹ϤƤΥ" +"ɥ쥹Ͼ˵ܤޤ" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Openswan opportunistic encryption ͭˤޤ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan ϡIPSec ǧھ (: RSA ) (勞ϥ奢) DNS " +"¸ opportunistic encryption (OE) ݡȤƤޤ" +"Ѥ褦ˤʤޤǡͭˤȳؤο³Ƴʤ٤" +"ޤС 2.0 Openswan γȯϥǥեȤ OE ͭˤƤ" +"ꡢä pluto (Openswan ̾ǡ) ϤȤ¸ߤ" +"륤ͥåȤؤ³ (Ĥޤǥեȥ롼) Ǥ뤫⤷ޤ" +"" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"OE ΥݡȤͭˤ뤫ɤǤ褯狼ʤϡͭ" +"ˤϤʤǤ" diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 000000000..be1799c50 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,527 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 2.3.0-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-02-07 20:53+0100\n" +"Last-Translator: Luk Claes <luk.claes@ugent.be>\n" +"Language-Team: Debian l10n Dutch <debian-l10n-dutch@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "\"zo vroeg mogelijk\", \"na NFS\", \"na PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Op welk niveau wilt u Openswan starten?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Met de huidige Debian-startniveaus (bijna alles start op niveau 20), is het " +"onmogelijk voor Openswan om altijd op de correcte tijd te starten. Er zijn " +"drie mogelijkheden waar Openswan kan starten: vóór of na de NFS-diensten en " +"na de PCMCIA-diensten. Het correcte antwoord hangt af van uw specifieke " +"configuratie." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Als u uw /usr-boom niet via NFS heeft aangekoppeld (u koppelt enkel andere, " +"minder vitale bomen via NFS of u gebruikt NFS helemaal niet om bomen aan te " +"koppelen) en u gebruikt geen PCMCIA-netwerkkaart, dan is het best om " +"Openswan zo vroeg mogelijk te starten, dus toe te staan van de NFS-" +"aankoppelingen te beveiligen door IPSec. In dit geval (of als u deze zaak " +"niet verstaat of het u niet uitmaakt), antwoord dan \"zo vroeg mogelijk\" op " +"deze vraag (de standaard)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Als u uw /usr-boom via NFS heeft aangekoppeld en u gebruikt geen PCMCIA-" +"netwerkkaart, dan zult u Openswan moeten starten na NFS zodat alle nodige " +"bestanden aanwezig zijn. In dit geval, antwoord \"na NFS\" op deze vraag. " +"Merk op dat in dit geval de NFS-aankoppeling van /usr niet beveiligd kan " +"worden door IPSec." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Als u een PCMCIA-netwerkkaart gebruikt voor uw IPSec-verbindingen, dan hebt " +"u enkel de keuze om te starten na de PCMCIA-diensten. Antwoord in dit geval " +"\"na PCMCIA\". Dit is ook het correcte antwoord als u sleutels wilt afhalen " +"van een lokaal draaiende DNS-server met DNSSec-ondersteuning." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Wilt u Openswan herstarten?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Openswan herstarten is een goed idee omdat als er een veiligheidsherstelling " +"is, het pas echt hersteld zal zijn vanaf dat de achtergronddienst is " +"herstart. De meeste mensen verwachten dat de achtergronddienst herstart, dus " +"dit is meestal een goed idee. Hoewel, dit kan bestaande verbindingen " +"verbreken en ze dan opnieuw herstellen." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "Wilt u een publiek/privaat RSA-sleutelpaar aanmaken voor deze host?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Deze installatie kan automatisch een publiek/privaat RSA-sleutelpaar " +"aanmaken voor deze host. Dit sleutelpaar kan gebruikt worden om IPSec-" +"verbinden naar andere hosts te authenticeren en is de aanbevolen manier om " +"veilige IPSec-verbindingen op te zetten. De andere mogelijkheid zou zij om " +"gedeelde geheimen (wachtwoorden die aan beide kanten van de tunnel hetzelfde " +"zijn) te gebruiken voor het authenticeren van een verbinding, maar voor een " +"groter aantal verbindingen is RSA-authenticatie gemakkelijker te beheren en " +"veiliger." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, gewoon" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Welk type RSA-sleutelpaar wilt u aanmaken?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Het is mogelijk om een gewoon publiek/privaat RSA-sleutelpaar aan te maken " +"om te gebruiken met Openswan of om een X509-certificaatbestand aan te maken " +"die de publieke RSA-sleutel bevat en de corresponderende private sleutel te " +"bewaren." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Als u enkel IPSec-verbindingen wilt opzetten naar hosts die ook Openswan " +"draaien, dan is het misschien een beetje gemakkelijker om gewone RSA-" +"sleutelparen te gebruiken. Maar als u verbindingen wilt leggen met andere " +"IPSec-implementaties, dan zult u een X509-certificaat nodig hebben. Het is " +"ook mogelijk om hier een X509-certificaat aan te maken en de publieke RSA-" +"sleutel te extraheren in een gewoon formaat als de andere kant Openswan " +"draait zonder X509-certificaatondersteuning." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Daarom wordt een X509-certificaat aanbevolen omdat het flexibeler is en deze " +"installatie moet de complexe creatie van een X509-certificaat kunnen " +"verbergen en het toch in Openswan kunnen gebruiken." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Hebt u een bestaand X509-certificaatbestand dat u voor Openswan wilt " +"gebruiken?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Deze installatie kan de benodigde informatie automatisch extraheren van een " +"bestaand X509-certificaat met een bijhorende private RSA-sleutel. Beide " +"delen kunnen in één bestand zijn, als het in PEM-formaat is. Hebt u zo'n " +"bestaand certificaat en een sleutelbestand; en wilt u het voor de " +"authenticatie van IPSec-verbindingen gebruiken?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Geef de locatie van uw X509-certificaat in PEM-formaat." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Geef de locatie van het bestand dat uw X509-certificaat in PEM-formaat bevat." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Geef de locatie van uw private X509-sleutel in PEM-formaat." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Geef de locatie van het bestand dat uw private RSA-sleutel bevat die behoort " +"bij uw X509-certificaat in PEM-formaat. Dit kan hetzelfde bestand zijn als " +"dat wat uw X509-certificaat bevat." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Welke lengte moet de aangemaakte RSA-sleutel hebben?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Geef de lengte van de aangemaakte RSA-sleutel. Het mag niet minder dan 1024 " +"bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk " +"niet meer dan 2048 bits nodig hebben omdat het enkel het authenticatieproces " +"vertraagt en op dit moment niet nodig is." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Wilt u een door uzelf getekend X509-certificaat?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Deze installatie kan automatisch een door uzelf getekend X509-certificaat " +"aanmaken omdat anders een certificaatautoriteit nodig is om de " +"certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " +"wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " +"leggen met andere IPSec-hosts die X509-certificaten ondersteunen voor IPSec-" +"verbindingen. Hoewel, als u de nieuwe PKI-mogelijkheden wilt gebruiken of " +"als Openswan >= 1.91, dan zult u alle X509-certificaten moeten laten tekenen " +"door één enkele certificaatautoriteit om een vertrouwenspad aan te maken." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Als u geen door uzelf getekend certificaat wilt aanmaken, dan zal deze " +"installatie enkel de private RSA-sleutel en de certificaataanvraag aanmaken " +"en u zult de certificaataanvraag moeten laten tekenen door uw " +"certificaatautoriteit." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Geef de landcode van de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Geef de 2-letterige landcode voor uw land. Deze code zal in de " +"certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"U moet hier wel een geldige landcode opgeven omdat openssl anders zal " +"weigeren om een certificaat aan te maken. Er is voor elke veld van het X509-" +"certificaat een leeg veld toegestaan, maar niet voor dit veld." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Voorbeeld: BE" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Geef de staat of provincie voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Geef de volledige naam van de staat of provincie waarin u woont. Deze naam " +"zal in de certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Voorbeeld: Limburg" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Geef de plaatsnaam voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Geef de plaatsnaam (v.b. stad) waar u woont. Deze naam zal in de " +"certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Voorbeeld: Genk" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Geef de naam van de organisatie voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Geef de organisatie (v.b. bedrijf) waarvoor het X509-certificaat wordt " +"aangemaakt. Deze naam zal in de certicicaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Voorbeeld: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Geef de organisatie-eenheid voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Geef de organisatie-eenheid (v.b. dienst) waarvoor het X509-certificaat " +"wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Voorbeeld: dienst veiligheid" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Geef de naam voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Geef de naam (v.b. computernaam van deze machine) waarvoor het X509-" +"certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden " +"geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Voorbeeld: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Geef het e-mailadres voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " +"voor het X509-certificaat. Dit adres zal in de certificaataanvraag worden " +"geplaatst." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Wilt u opportunistische encryptie aanschakelen in Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan heeft ondersteuning voor opportunistische encryptie (OE) die IPSec-" +"authenticatie-informatie (v.b. publieke RSA-sleutels) bewaart in (liefst " +"veilige) DNS-records. Totdat dit veelvuldig wordt toegepast zal dit " +"activeren, een significante vertraging veroorzaken voor elke nieuwe " +"uitgaande verbinding. Omdat versie 2.0 van Openswan standaard OE heeft " +"aangeschakeld, wordt dus waarschijnlijk uw bestaande verbinding met het " +"Internet (v.b. uw standaard route) verbroken vanaf dat pluto (de Openswan-" +"sleutelringachtergronddienst) wordt gestart." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Kiest of u OE-ondersteuning wilt aanschakelen. Indien onzeker, schakel het " +"dan niet aan." diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 000000000..ca7547da4 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,549 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-01-24 21:53-0200\n" +"Last-Translator: Andr Lus Lopes <andrelop@debian.org>\n" +"Language-Team: Debian-BR Project <debian-l10n-portuguese@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Em que nvel voc deseja iniciar o Openswan ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Com os nveis de inicializao atuais do Debian (quase todos os servios " +"iniciando no nvel 20) impossvel para o Openswan sempre iniciar no " +"momento correto. Existem trs possibilidades para quando iniciar o " +"Openswan : antes ou depois dos servios NFS e depois dos servios PCMCIA. A " +"resposta correta depende se sua configurao especfica." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Caso voc no possua sua rvore /usr montada via NFS (voc somente monta " +"outras rvores no vitais via NFS ou no usa rvores montadas via NFS) e no " +"use um carto de rede PCMCIA, a melhor opo iniciar o Openswan o quando " +"antes, permitindo dessa forma que os pontos de montagem NFS estejam " +"protegidos por IPSec. Nesse caso (ou caso voc no compreenda ou no se " +"importe com esse problema), responda \"o quando antes\" para esta pergunta " +"(o que o padro)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Caso voc possua sua rvore /usr montada via NFS e no use um carto de rede " +"PCMCIA, voc precisar iniciar o Openswan depois do NFS de modo que todos os " +"arquivos necessrios estejam disponveis. Nesse caso, responda \"depois do " +"NFS\" para esta pergunta. Por favor, note que a montagem NFS de /usr no " +"poder ser protegida pelo IPSec nesse caso." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Caso voc use um carto de rede PCMCIA para suas conexes IPSec voc " +"precisar somente optar por iniciar o Opensan depois dos servios PCMCIA. " +"Responda \"depois do PCMCIA\" nesse caso. Esta tambm a maneira correta de " +"obter chaves de um servidor DNS sendo executado localmente e com suporte a " +"DNSSec." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Voc deseja reiniciar o Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Reiniciar o Openswan uma boa idia, uma vez que caso exista um correo " +"para uma falha de segurana, o mesmo no ser corrigido at que o daemon " +"seja reiniciado. A maioria das pessoas esperam que o daemon seja reiniciado, " +"portanto essa geralmente uma boa idia. Porm, reiniciar o Openswan pode " +"derrubar conexes existentes, mas posteriormente traz-las de volta." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "" +"Voc deseja criar um par de chaves RSA pblica/privada para este host ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Este instalador pode automaticamente criar um par de chaves RSA pblica/" +"privada para este host. Esse par de chaves pode ser usado para autenticar " +"conexes IPSec com outros hosts e a maneira preferida de construir " +"conexes IPSec seguras. A outra possibilidade seria usar segredos " +"compartilhados (senhas que so iguais em ambos os lados do tnel) para " +"autenticar uma conexo, mas para um grande nmero de conexes RSA a " +"autenticao mais fcil de administrar e mais segura." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, pura" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Qual tipo de par de chaves RSA voc deseja criar ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +" possvel criar um par de chaves RSA pblica/privada pura (plain) para uso " +"com o Openswan ou para criar um arquivo de certificado X509 que ir conter a " +"chave RSA pblica e adicionalmente armazenar a chave privada correspondente." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Caso voc queira somente construir conexes IPsec para hosts e tambm " +"executar o Openswan, pode ser um pouco mais fcil usar pares de chaves RSA " +"puros (plain). Mas caso voc queira se conectar a outras implementaes " +"IPSec, voc precisar de um certificado X509. tambm possvel criar um " +"certificado X509 aqui e extrair a chave pblica em formato puro (plain) caso " +"o outro lado execute o Openswan sem suporte a certificados X509." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Um certificado X509 recomendado, uma vez que o mesmo mais flexvel e " +"este instalador capaz de simplificar a complexa criao do certificado " +"X509 e seu uso com o Openswan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Voc possui um arquivo de certificado X509 existente que voc gostaria de " +"usar com o Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Este instalador pode extrair automaticamente a informao necessria de um " +"certificado X509 existente com uma chave RSA privada adequada. Ambas as " +"partes podem estar em um arquivo, caso estejam no formato PEM. Voc possui " +"um certificado existente e um arquivo de chave e quer us-los para " +"autenticar conexes IPSec ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "" +"Por favor, informe a localizao de seu certificado X509 no formato PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Por favor, informe a localizao do arquivo contendo seu certificado X509 no " +"formato PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "" +"Por favor, informe a localizao de sua chave privada X509 no formato PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Por favor, informe a localizao do arquivo contendo a chave privada RSA que " +"casa com seu certificado X509 no formato PEM. Este pode ser o mesmo arquivo " +"que contm o certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Qual deve ser o tamanho da chave RSA criada ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor, informe o tamanho da chave RSA a ser criada. A mesma no deve ser " +"menor que 1024 bits devido a uma chave de tamanho menor que esse ser " +"considerada insegura. Voc tambm no precisar de nada maior que 2048 " +"porque isso somente deixaria o processo de autenticao mais lento e no " +"seria necessrio no momento." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Deseja criar um certificado X509 auto-assinado ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Este instalador pode criar automaticamente somente certificados X509 auto-" +"assinados, devido a uma autoridade certificadora ser necessria para assinar " +"a requisio de certificado. Caso voc queira criar um certificado auto-" +"assinado, voc poder us-lo imediatamente para conexo com outros hosts " +"IPSec que suportem certificados X509 para autenticao de conexes IPSec. " +"Porm, caso voc queira usar os novos recursos PKI do Openswan verso 1.91 " +"ou superior, voc precisar possuir todos seus certificados X509 assinados " +"por uma nica autoridade certificadora para criar um caminho de confiana." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Caso voc no queira criar um certificado auto-assinado, este instalador ir " +"somente criar a chave privada RSA e a requisio de certificado e voc ter " +"ento que assinar a requisio de certificado junto a sua autoridade " +"certificadora." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "" +"Por favor, informe o cdigo de pas para a requisio de certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Por favor, informe o cdifo de pas de duas letras para seu pas. Esse " +"cdigo ser inserido na requisio de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Voc realmente precisa informar um cdigo de pas vlido aqui devido ao " +"openssl se recusar a gerar certificados sem um cdigo de pas vlido. Um " +"campo em branco permitido para qualquer outro campo do certificado X.509, " +"mas no para esse campo." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Exemplo: BR" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "" +"Por favor, informe o estado ou nome de provncia para a requisio de " +"certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Por favor, informe o nome complete do estado ou provncia em que voc mora. " +"Esse nome ser inserido na requisio de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Exemplo : Sao Paulo" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "" +"Por favor, informe o nome da localidade para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Por favor, informe a localidade (ou seja, cidade) onde voc mora. Esse nome " +"ser inserido na requisio de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Exemplo : Sao Paulo" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "" +"Por favor, informe o nome da organizao para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Por favor, informe a organizao (ou seja, a empresa) para a qual este " +"certificado X509 dever ser criado. Esse nome ser inserido na requisio de " +"certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Exemplo : Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "" +"Por favor, informe a unidade organizacional para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe a unidade organizacional (ou seja, seo ou departamento) " +"para a qual este certificado dever ser criado. Esse nome ser inserido na " +"requisio de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Exemplo : Grupo de Segurana" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Por favor, informe o nome comum para a requisio de certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe o nome comum (ou seja, o nome do host dessa mquina) para " +"o qual o certificado X509 dever ser criado. Esse nome ser inserido na " +"requisio de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Exemplo : gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "" +"Por favor, informe o endereo de e-mail para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe o endereo de e-mail da pessoa ou organizao responsvel " +"pelo certificado X509. Esse endereo ser inserido na requisio de " +"certificado." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Voc deseja habilitar a encriptao oportunstica no Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"O Openswan suporta encriptao oportunstica (OE), a qual armazena " +"informaes de autenticao IPSec (por exemplo, chaves pblicas RSA) em " +"registros DNS (preferivelmente seguros). At que esse suporte esteja " +"largamento sendo utilizado, ativ-lo ir causar uma signficante lentido " +"para cada nova conexo de sada. Iniciando a partir da verso 2.0, o " +"Openswan, da forma como distribudo pelos desenvolvedores oficiais, " +"fornecido com o suporte a OE habilitado por padro e, portanto, " +"provavelmente ir quebrar suas conexes existentes com a Internet (por " +"exemplo, sua rota padro) to logo o pluto (o daemon de troca de chaves do " +"Openswan) seja iniciado." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Por favor, informe se voc deseja habilitar o suporte a OE. Em caso de " +"dvidas, no habilite esse suporte." + +#~ msgid "2048" +#~ msgstr "2048" diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 000000000..82bb6a687 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,523 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 2.4.0-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-11-16 00:22+0100\n" +"Last-Translator: Daniel Nylander <po@danielnylander.se>\n" +"Language-Team: Swedish <sv@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: swe\n" +"X-Poedit-Country: swe\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "tidigast, \"efter NFS\", \"efter PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Vid vilken niv vill du starta Openswan ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Med de nuvarande uppstartsniverna i Debian (nstan allt startar p nivn " +"20) r det omjligt fr Openswan att alltid starta vid rtt tid. Det finns " +"tre mjligheter nr Openswan kan startas: fre eller efter NFS-tjnsterna " +"och efter PCMCIA-tjnsterna. Det rtta svaret beror p din specifika " +"konfiguration." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Om du inte har ditt /usr-trd monterat via NFS (antingen monterar du andra, " +"mindre viktiga trd via NFS eller s anvnder du inte NFS-monterade trd " +"alls) och inte anvnder ett PCMCIA-ntverkskort r det bst att starta " +"Openswan s tidigt som mjligt och drmed tillter skra NFS-monteringar via " +"IPSec. I detta fall (eller om du inte frstr eller bryr dig om detta) svara " +"\"tidigast\" p denna frga (standard)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Om du inte har ditt /usr-trd monterat via NFS och inte anvnder ett PCMCIA-" +"ntverkskort behver du starta Openswan efter NFS s att alla ndvndiga " +"filer finns tillgngliga. I detta fall, svara \"efter NFS\" p frgan. " +"Notera dock att NFS-monteringen av /usr kan inte skras upp via IPSec i " +"detta fall." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Om du anvnder ett PCMCIA-ntverkskort fr dina IPSec-anslutningar har du " +"bara valet att starta den efter PCMCIA-tjnsterna. Svara \"efter PCMCIA\" i " +"detta fall. Detta r ocks det rtta svaret om du vill hmta nycklar frn en " +"lokalt krande DNS-server med DNSSec-std." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Vill du starta om Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Starta om Openswan r en bra id eftersom om det r en skerhetsrttning " +"kommer den inte rttas till frrns demonen r omstartad. De flesta personer " +"frvntar sig att demonen startar om s detta r generellt sett en bra id. " +"Dock kan detta kanske ta ner existerande anslutningar och sedan ta dom upp " +"igen." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "Vill du skapa ett publik/privat RSA-nyckelpar fr denna vrdmaskin ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Detta installerare kan automatiskt skapa ett publik/privat RSA-nyckelpar fr " +"denna vrdmaskin. Detta nyckelpar kan anvndas fr att autentisera IPSec-" +"anslutningar till andra vrdar och r det stt som fredras fr att bygga " +"upp skra IPSec-anslutningar. Den andra mjligheten skulle vara att anvnda " +"delade hemligheter (lsenord som r samma p bda sidor av tunneln) fr att " +"autentisera en anslutning men fr ett strre antal anslutningar r RSA-" +"autentiseringar det enklaste att administrera och mer skert." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, enkel" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Vilken typ av RSA-nyckelpar vill du skapa ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Det r mjligt att skapa ett enkelt publik/privat RSA-nyckelpar fr att " +"anvnda med Openswan eller att skapa en X509-certifikatfil som innehller " +"den publika RSA-nyckeln och dessutom lagra den motsvarande privata nyckeln." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Om du bara vill bygga upp IPSec-anslutningar till vrdmaskin som ocks kr " +"Openswan kan det vara lite enklare att anvnda enkla (plain) RSA-nyckelpar. " +"Men om du vill ansluta till andra IPSec-implementationer behver du ett X509-" +"certifikat. Det r ocks mjligt att skapa ett X509-certifikat hr och " +"plocka ut den publika RSA-nyckeln i enkelt format om den andra sidan kr " +"Openswan utan std fr X509-certifikat." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Drfr r ett X509-certifikat rekommenderat eftersom det r mer flexibelt " +"och denna installerare br kunna gmma den komplexa processen att skapa X509-" +"certifikatet och dess anvndning i Openswan nd." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Har du en existerande X509-certifikatfil som du vill anvnda fr Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Denna installerare kan automatiskt plocka ut den information som behvs frn " +"ett existerande X509-certifikat med en matchande privat RSA-nyckel. Bda " +"delar kan vara i en fil om den r i PEM-format. Har du ett sdant " +"existerande certifikat och nyckelfil och vill anvnda det fr att " +"autentisera IPSec-anslutningar ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Ange platsen fr ditt X509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Ange platsen fr din fil som innehller ditt X509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Ange platsen fr din privata X509-nyckel i PEM-format." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Ange platsen fr den fil som innehller den privata RSA-nyckeln som matchar " +"ditt X509-certifikat i PEM-format. Detta kan vara samma fil som innehller " +"X509-certifikatet." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Vilken lngd ska den skapade RSA-nyckeln ha ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Ange lngden fr den skapade RSA-nyckeln, den br inte vara kortare n 1024 " +"bitar fr att detta br anses som oskert och du vill antagligen inte behva " +"ngon lngre n 2048 bitar fr att det bara gr autentiseringsprocessen " +"lngsammare och behvs inte just nu." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Vill du skapa ett sjlv-signerat X509-certifikat ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Denna installerare kan bara skapa sjlv-signerade X509-certifikat " +"automatiskt fr att annars behvs en certifikatutstllare som kan signera " +"certifikatfrfrgan. Om du vill skapa ett sjlv-signerat certifikat kan du " +"anvnda det omedelbart fr att ansluta till andra IPSec-vrdar som har std " +"fr X509-certifikat fr autentisering fr IPSec-anslutningar. Om du vill " +"anvnda de nya PKI-funktionerna i Openswan >= 1.91 behver du ha alla X509-" +"certifikat signerade av en enda certifikatutstllare fr att skapa en " +"plitlig vg." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Om du inte vill skapa ett sjlv-signerat certifikat kommer denna " +"installerare bara att skapa den privata RSA-nyckeln och certifikatfrfrgan " +"och du kommer att behva signera certifikatfrfrgan med din " +"certifikatutgivare." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Ange en landskod fr X509-certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Ange en landskod med 2 bokstver fr ditt land. Denna kod kommer att " +"placeras i certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Du behver verkligen ange en giltig landskod hr fr att openssl kommer att " +"vgra att generera certifikat utan ett. Ett tomt flt r tilltet fr alla " +"andra flt i X509-certifikatet men inte fr denna." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Exempel: SE" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Ange namnet p regionen eller lnet fr X509-certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Ange det fulla namnet p regionen eller lnet du bor i. Detta namn kommer " +"att placeras i certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Exempel: Centrala Sverige" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Ange lokaliteten fr X509-certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Ange lokaliteten (exempelvis stad) dr du bor. Detta namn kommer att " +"placeras i certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Exempel: Stockholm" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Ange organisationsnamnet fr X509-certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Ange organisationen (exempelvis fretaget) som X509-certifikatet ska skapas " +"fr. Detta namn kommer att placeras i certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Exempel: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Ange organisationsenheten fr X509-certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Ange organisationsenheten (exempelvis avdelning) som X509-certifikatet ska " +"skapas fr. Detta namn kommer att placeras i certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Exempel: skerhetsgruppen" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Ange namnet fr X509-certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Ange namnet (exempelvis vrdnamnet fr denna maskin) fr vilken X509-" +"certifikatet ska skapas fr. Detta namn kommer att placeras i " +"certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Exempel: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Ange e-postaddressen fr X509-certifikatfrfrgan." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Ange e-postaddressen till den person eller organisation som ansvarar fr " +"X509-certifikatet. Denna address kommer att placeras i certifikatfrfrgan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Vill du aktivera opportunistisk kryptering i Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan har std fr opportunistisk kryptering (OE) som lagrar information " +"om IPSec-autentiseringen (exempelvis publika RSA-nycklar) i (helst skra) " +"DNS-poster. Tills detta r en mer utbredd tjnst kan aktivering av det " +"orsaka en betydande hastighetssnkning fr varje ny utgende anslutning. " +"Sedan version 2.0 kommer Openswan (uppstrm) med OE aktiverad som standard " +"och kommer drfr sannorlikt att bryta din existerande anslutning till " +"Internet (exempelvis din standardrutt) som snart som pluto (demonen fr " +"Openswan-nycklar) startas." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Vlj om du vill aktivera std fr OE. Om du r osker br du inte aktivera " +"det." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 000000000..33c4a2acb --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,424 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100755 index 000000000..cd52c4733 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,416 @@ +# Vietnamese translation for openswan. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 1/2.2.0-10\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-07-03 13:49+0930\n" +"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n" +"Language-Team: Vietnamese <gnomevi-list@lists.sourceforge.net>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" +"X-Generator: LocFactoryEditor 1.2.2\n" + +#.Type: select +#.Choices +#:../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "sớm nhất, «sau NFS», «sau PCMCIA»" + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Bạn có muốn khởi chạy trình Openswan tại cấp nào?" + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "Trong những cấp khởi chạy Debian hiện thời (gần mọi trình khởi chạy trên cấp 20), không thể đảm bảo trình Openswan sẽ khởi chạy vào điểm thời đúng. Có ba lúc có thể khởi chạy trình Openswan: lúc trước hay lúc sau dịch vụ NFS và lúc sau dịch vụ PCMCIA. Giá trị đúng phụ thuộc vào thiết lập riêng của bạn." + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "Nếu bạn không có cây «/usr» mình được gắn thông qua NFS (hoặc bạn chỉ gắn cây khác, ít quan trọng hơn, thông qua NFS, hoặc bạn không sử dụng cây do NFS gắn cách nào cả) và không sử dụng một thẻ mạng PCMCIA, thì tốt nhất là khởi chạy trình Openswan càng sớm càng có thể, mà cho phép IPSec bảo vệ những điểm gắn NFS. Trong trường hợp này (hoặc nếu bạn không hiểu được vấn đề này, hoặc không nghĩ nó là quan trọng) thì hãy trả lời «sớm nhất» (earliest: giá trị mặc định) cho câu hỏi này." + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "Nếu bạn có cây «/usr» mình được gắn thông qua NFS và không sử dụng một thẻ mạng PCMCIA, thì bạn sẽ cần phải khởi chạy Openswan sau NFS, để mọi tập tin cần thiết có sẵn sàng. Trong trường hợp này, hãy trả lời «sau NFS» (after NFS) cho câu hỏi này. Tuy nhiên, IPsec sẽ không thể bảo vệ điểm gắn của «/usr» trong trường hợp này." + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "Nếu bạn sử dụng thẻ PCMCIA để kết nối cách loại IPSec, thì chỉ hãy chọn khởi chạy FreeS/WAN sau những dịch vụ PCMCIA. Hãy trả lời «sau PCMCIA» trong trường hợp này. Trả lời này cũng đúng nếu bạn muốn gọi khóa từ một máy phục vụ DNS chạy địa phương có loại hỗ trợ DNSSec." + +#.Type: boolean +#.Description +#:../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Bạn có muốn khởi chạy lại trình Openswan không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "Khởi chạy lại trình Openswan là một ý kiến tốt, vì nó hiệu lực việc sửa bảo mật mới nào. Phần lớn người ngờ trình nền (dæmon) sẽ khởi chạy lại, thì nói chung làm như thế là một ý kiến tốt. Tuy nhiên, việc khởi chạy lại có thể ngắt các sự kết nối hiện thời, rồi kết nối chúng lại." + +#.Type: boolean +#.Description +#:../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "Bạn có muốn tạo một cặp khóa công/riêng RSA cho máy này không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "Trình cài đặt này có thể tự động tạo một cặp khóa công/riêng RSA cho máy này. Có thể sử dụng cặp khóa này để xác thực cách kết nối IPSec tới máy khác, và nó là cách ưa thích để xây dụng cách kết nối IPSec bảo mật. Hoặc có thể sử dụng «bí mật dùng chung» (shared secrets), mà có cùng một mật khẩu tại cả hai đầu và cuối đều đường hầm, để xác thực mỗi sự kết nối. Tuy nhiên, với sự kết nối rất nhiều, dễ hơn để sử dụng cách xác thực RSA và nó bảo mật hơn. " + +#.Type: select +#.Choices +#:../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, giản dị" + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Bạn có muốn tạo cặp khóa RSA loại nào?" + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "Có thể tạo một cặp khóa công/riêng RSA thô để sử dụng với trình Openswan, hoặc tạo một tập tin chứng nhận X509 chứa khóa công RSA ấy và cũng cất giữ khóa riêng tương ứng." + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "Nếu bạn chỉ muốn xây dụng sự kết nối IPSec đến máy cũng chạy trình Openswan, có thể dễ dàng hơn khi sử dụng cặp khóa RSA thô. Còn nếu bạn muốn kết nối đến một sự thực hiện IPSec khác, thì bạn sẽ cần có một chứng nhận loại X509. Cũng có thể tạo một chứng nhận X509 tại đây, rồi rút khóa công RSA có dạng thô, nếu bên khác có chạy trình Openswan không có hỗ trợ chứng nhận X509." + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "Vì vậy khuyến khích một chứng nhận X509, vì nó dẻo hơn và trình cài đặt này nên có thể ẩn việc phức tạp tạo chứng nhận X509 và cách dùng nó trong trình Openswan." + +#.Type: boolean +#.Description +#:../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "Bạn có một tập tin chứng nhận X509 mà bạn muốn sử dụng với trình Openswan chưa?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "Trình cài đặt này có thể tự động giải mã thông tin cần thiết ra một chứng nhận X509 đã có, với khóa riêng RSA tương ứng. Cả hai điều có thể trong cùng một tập tin, nếu nó có dạng PEM. Bạn có chứng nhận đã có như vậy, và muốn sử dụng nó để xác thực cách kết nối IPSec không?" + +#.Type: string +#.Description +#:../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Hãy nhập địa điểm của chứng nhận X509 của bạn, có dạng PEM." + +#.Type: string +#.Description +#:../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "Hãy nhập địa điểm của tập tin chứa chứng nhận X509 của bạn, có dạng PEM." + +#.Type: string +#.Description +#:../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Hãy nhập địa điểm của khóa riêng X509 của bạn, có dạng PEM." + +#.Type: string +#.Description +#:../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "Hãy nhập địa điểm của tập tin chứa khóa RSA riêng khớp với chứng nhận X509 của bạn, có dạng PEM. Có thể là cùng một tập tin chứa chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Khóa RSA mới được tạo nên có độ dài nào?" + +#.Type: string +#.Description +#:../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "Hãy nhập độ dài của khóa RSA mới được tạo. Nên có ít nhất 1024 bit, vì khóa nào nhỏ hơn kích thước ấy không phải là bảo mật. Rất có thể là bạn sẽ không cần sử dụng độ dài hơn 2048 bit, vì nó chỉ giảm tốc độ tiến trình xác thực, và hiện thời không cần thiết." + +#.Type: boolean +#.Description +#:../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Bạn có muốn tạo một chứng nhận X509 tự ký không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "Trình cài đặt này chỉ có thể tự động tạo chứng nhận X509 tự ký, vì nếu không thì một nhà cầm quyền chứng nhận (Certificate Authority, CA) phải ký lời yêu cầu chứng nhận ấy. Nếu bạn muốn tạo một chứng nhận tự ký, bạn có thể sử dụng nó ngay lập tức để kết nối đến máy IPSec khác có hỗ trợ sử dụng chứng nhận X509 để xác thực sự kết nối IPSec. Tuy nhiên, nếu bạn muốn sử dụng những tính năng PKI mới của trình Openswan phiên bản ≥1.91, bạn sẽ phải có tất cả những chứng nhận X509 được ký bởi một nhà cầm quyền chứng nhận riêng lẻ, để tạo một «đường dẫn tin cây» (trust path)." + +#.Type: boolean +#.Description +#:../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "Nếu bạn không muốn tạo một chứng nhận tự ký, thì trình cài đặt này sẽ tạo chỉ khóa RSA riêng và lời yêu cầu chứng nhận, và bạn sẽ phải ký lời yêu cầu ấy dùng nhà cầm quyền chứng nhận bạn." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Hãy nhập mã quốc gia cho lời yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "Hãy nhập mã hai chữ cho quốc gia bạn. Sẽ chèn mã này vào lời yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "Bạn thật cần phải nhập một mã quốc gia hợp lệ vào đây, vì trình OpenSSL sẽ từ chối tạo ra chứng nhận nào khi không có mã ấy. Có thể bỏ rỗng bất cứ trường nào khác cho chứng nhận X509, nhưng mà không phải trường này." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Lấy thí dụ: VN" + +#.Type: string +#.Description +#:../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Hãy nhập tên bảng hay tỉnh cho lời yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "Hãy nhập tên đầy đủ của bang hay tỉnh nơi bạn ở. Sẽ chèn tên này vào lời yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Lấy thí dụ: Bình Định" + +#.Type: string +#.Description +#:../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Hãy nhập tên địa phương cho lời yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "Hãy nhập địa phương (v.d. thành phố) nơi bạn ở. Sẽ chèn tên này vào lời yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Lấy thí dụ: Quy Nhơn" + +#.Type: string +#.Description +#:../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Hãy nhập tên tổ chức cho lời yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "Hãy nhập tổ chức (v.d. công ty) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Lấy thí dụ: Debian" + +#.Type: string +#.Description +#:../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Hãy nhập tên đơn vị tổ chức cho lời yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "Hãy nhập đơn vị tổ chức (v.d. phần) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Lấy thí dụ: nhóm Việt hóa" + +#.Type: string +#.Description +#:../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Hãy nhập tên chung cho lời yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "Hãy nhập tên chung (v.d. tên máy) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Lấy thí cụ: gateway.debian.org" + +#.Type: string +#.Description +#:../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Hãy nhập địa chỉ thư điện tử chung cho lời yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "Hãy nhập địa chỉ thư điện tử của người hay tổ chức chịu trách nhiệm về chứng nhận X509 này. Sẽ chèn địa chỉ này vào lời yêu cầu chứng nhận." + +#.Type: boolean +#.Description +#:../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Bạn có muốn hiệu lực mật mã loại cơ hội chủ nghĩa trong trình Openswan không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferrably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "Trình Openswan hỗ trợ có sẵn mật mã cơ hội chủ nghĩa (OE: opportunistic encryption) mà cất giữ thông tin xác thực IPSec (tức là khóa công RSA) trong mục ghi DNS (thích hơn loại bảo mật). Cho đến khi tính năng này thường dụng, hoạt hóa nó sẽ giảm một cách quan trọng mỗi sự kết nối ra mới. Từ phiên bản 2.0, trình Openswan gốc đã hiệu lực OE theo mặc định, thì sẽ rất có thể ngắt sự kết nối hiện thời đến Mạng của bạn (tức là đường mặc định) một khi khởi chạy pluto (trình nền quản lý khóa Openswan)." + +#.Type: boolean +#.Description +#:../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "Hãy chọn có nên muốn hiệu lực hỗ trợ OE hay không. Nếu chưa chắc thì đừng bật nó." diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..b57711f7a --- /dev/null +++ b/debian/rules @@ -0,0 +1,306 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=4 + +export DH_OPTIONS + +ifeq (,$(wildcard /usr/bin/po2debconf)) + PO2DEBCONF := no + MINDEBCONFVER := 0.5 +else + PO2DEBCONF := yes + MINDEBCONFVER := 1.2.0 +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + +patch: + dh_testdir + dpatch apply-all + +unpatch: + dpatch deapply-all + #rm -f patch-stamp + +build: build-stamp +build-stamp: patch + # create a dummy ipsec.secrets file before building the package so + # that no RSA keys are created during the build process + # (a package should not include a RSA key, it should produce the key + # on demand, e.g. in the postinst script) + touch $(CURDIR)/debian/ipsec.secrets + $(MAKE) programs INC_USRLOCAL=/usr \ + FINALBINDIR=/usr/lib/ipsec \ + FINALLIBEXECDIR=/usr/lib/ipsec \ + PUBDIR=/usr/sbin \ + MANTREE=/usr/share/man \ + CONFDIR=$(CURDIR)/debian \ + USE_LDAP=true USE_LIBCURL=true HAVE_THREADS=true \ + USE_XAUTH=true USE_XAUTHPAM=true + # remove the temporary file, it will be created during install + rm -f $(CURDIR)/debian/ipsec.secrets + + # here we re-generate the upstream HTML documentation + $(MAKE) -C doc/ index.html + + # also generate the fswcert tool + $(MAKE) -C programs/fswcert/ + # ugly hack.... + $(MAKE) -C programs/fswcert/ programs WERROR='-lcrypto' + + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + -$(MAKE) clean + -$(MAKE) -C programs/fswcert/ clean + # after a make clean, no binaries _should_ be left, but .... + -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm + -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm + + rm -rf debian/openswan-modules-source-build/ + + # Really clean (#356716) + # This is a hack: should be better implemented + rm -f lib/libopenswan/libopenswan.a || true + rm -f lib/libopenswan/liboswlog.a || true + + # just in case something went wrong + rm -f $(CURDIR)/debian/ipsec.secrets + + dh_clean + +ifeq ($(PO2DEBCONF),yes) + # Hack for woody compatibility. This makes sure that the + # debian/templates file shipped in the source package doesn't + # specify encodings, which woody's debconf can't handle. If building + # on a system with po-debconf installed (conveniently debhelper (>= + # 4.1.16) depends on it), the binary-arch target will generate a + # better version for sarge. + echo 1 > debian/po/output + po2debconf debian/openswan.templates.master > debian/openswan.templates + rm -f debian/po/output +endif + +install-openswan: DH_OPTIONS=-a +install-openswan: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tmp. + $(MAKE) install INC_USRLOCAL=/usr \ + FINALBINDIR=/usr/lib/ipsec \ + FINALLIBEXECDIR=/usr/lib/ipsec \ + PUBDIR=$(CURDIR)/debian/openswan/usr/sbin \ + MANTREE=$(CURDIR)/debian/openswan/usr/share/man \ + DESTDIR=$(CURDIR)/debian/openswan + rm -rf $(CURDIR)/debian/openswan/usr/local + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/openswan/etc/ipsec.secrets + + # use bash for init.d and _plutorun + patch $(CURDIR)/debian/openswan/etc/init.d/ipsec < debian/use-bash.diff + patch $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun < debian/use-bash.diff + + # install the fswcert tool + install $(CURDIR)/programs/fswcert/fswcert $(CURDIR)/debian/openswan/usr/bin + install $(CURDIR)/programs/fswcert/fswcert.8 $(CURDIR)/debian/openswan/usr/share/man/man8 + + rm -f $(CURDIR)/debian/openswan/etc/init.d/ipsec?* + rm -f $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun?* + + # this is handled by update-rc.d + rm -rf $(CURDIR)/debian/openswan/etc/rc?.d + + dh_installdocs -popenswan -n + # change the paths in the installed doc files (but only in regular + # files, not in links to the outside of the build tree !) + ( cd $(CURDIR)/debian/openswan/; \ + for f in `grep "/usr/local/" --recursive --files-with-match *`; \ + do \ + if [ -f $$f -a ! -L $$f ]; then \ + cp $$f $$f.old; \ + sed 's/\/usr\/local\//\/usr\//' $$f.old > $$f; \ + rm $$f.old; \ + fi; \ + done ) + # but remove the doc/src dir, which just duplicates the HTML files + rm -rf $(CURDIR)/debian/openswan/usr/share/doc/openswan/doc/src + # and the index file in the main doc directory - it's replicated under + # doc/ + rm -f $(CURDIR)/debian/openswan/usr/share/doc/openswan/index.html + + # the logcheck ignore files + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.paranoid/openswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.server/openswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.workstation/openswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/openswan/etc/logcheck/violations.ignore.d/openswan + + # set permissions on ipsec.secrets + chmod 600 $(CURDIR)/debian/openswan/etc/ipsec.secrets + chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.conf + chmod 700 -R $(CURDIR)/debian/openswan/etc/ipsec.d/private/ + # don't know why they come with +x set by default... + chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/policies/* + chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/examples/* + + # more lintian cleanups + find $(CURDIR)/debian/openswan -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/openswan -name "/.svn/" | xargs --no-run-if-empty rm -rf + +install-openswan-modules-source: DH_OPTIONS=-i +install-openswan-modules-source: PKGDIR=$(CURDIR)/debian/openswan-modules-source +install-openswan-modules-source: BUILDDIR=$(CURDIR)/debian/openswan-modules-source-build +install-openswan-modules-source: patch + dh_testdir + dh_testroot + dh_installdirs + mkdir -p "$(BUILDDIR)/modules/openswan" + mkdir -p "$(BUILDDIR)/modules/openswan/lib" + mkdir -p "$(BUILDDIR)/modules/openswan/debian" + mkdir -p "$(BUILDDIR)/modules/openswan/packaging" + cp -r Makefile Makefile.top Makefile.inc Makefile.ver linux/ \ + "$(BUILDDIR)/modules/openswan" + cp -r lib/libcrypto "$(BUILDDIR)/modules/openswan/lib/" + cp -r packaging/makefiles packaging/linus packaging/defaults/ \ + "$(BUILDDIR)/modules/openswan/packaging/" + find "$(BUILDDIR)/modules/openswan/lib/" -name "*.o" | xargs --no-run-if-empty rm + install --mode=644 debian/openswan-modules-source.kernel-config "$(BUILDDIR)/modules/openswan/config-all.h" + install --mode=755 debian/openswan-modules-source.rules "$(BUILDDIR)/modules/openswan/debian/rules" + install --mode=644 debian/openswan-modules-source.control.in "$(BUILDDIR)/modules/openswan/debian/control.in" + install --mode=644 debian/changelog "$(BUILDDIR)/modules/openswan/debian/" + + # This creates the NAT-T patches that can be used on the kernel tree + # even with openswan-modules-source. + make nattpatch2.4 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.4.diff + make nattpatch2.6 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.6.diff + + tar -C $(BUILDDIR) -c modules/ | bzip2 -9 > \ + "$(PKGDIR)/usr/src/openswan-modules.tar.bz2" + + dh_installdocs -popenswan-modules-source -n + + # more lintian cleanups + find $(CURDIR)/debian/openswan-modules-source -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf + +install-linux-patch-openswan: DH_OPTIONS=-i +install-linux-patch-openswan: PKGDIR=$(CURDIR)/debian/linux-patch-openswan +install-linux-patch-openswan: patch + dh_testdir + dh_testroot + dh_installdirs + # some of this has been taken from Tommi Virtanen's package + install --mode=0755 debian/linux-patch-openswan.apply \ + "$(PKGDIR)/usr/src/kernel-patches/all/apply/openswan" + install --mode=0755 debian/linux-patch-openswan.unpatch \ + "$(PKGDIR)/usr/src/kernel-patches/all/unpatch/openswan" + install --mode=0755 packaging/utils/patcher \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + cp -r Makefile Makefile.inc Makefile.ver Makefile.top lib/ linux/ \ + packaging/ nat-t/ \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + # also don't generate the out.kpatch file under /usr/src/.... + sed 's/>>out.kpatch//' \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + sed 's/>out.kpatch//' \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + sed 's/rm -f out.kpatch//' \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + chmod u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + # remove extra junk not needed on linux / that lintian would complain about + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \ + -name '*.o' -print0 | xargs --no-run-if-empty -0 rm -f + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \ + -name '*.a' -print0 | xargs --no-run-if-empty -0 rm -f + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libopenswan/" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libdes/" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/liblwres/" + rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/COPYING.LIB" + rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/README" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/linus" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/ipkg" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/makefiles" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/redhat" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/suse" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/disttools.pl" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/kernel.patch.gen.sh" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/sshenv" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/setup" + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ + perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ + perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/alg/scripts/" \ + -name '*.sh' -print0 | xargs --no-run-if-empty -0 chmod a+x + chmod -R u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + + dh_installdocs -plinux-patch-openswan -n + + # more lintian cleanups + find $(PKGDIR) -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf + +binary-common: + #dh_testversion 2 + dh_testdir + dh_testroot + dh_installdebconf + dh_installchangelogs CHANGES + dh_link + dh_strip + dh_compress + dh_fixperms -X etc/ipsec.conf -X etc/ipsec.secrets -X etc/ipsec.d + +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-independent files here. +binary-indep: install-openswan-modules-source install-linux-patch-openswan + $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common + +# Build architecture-dependent files here. +binary-arch: install-openswan + $(MAKE) -f debian/rules DH_OPTIONS=-a binary-common + +# Any other binary targets build just one binary package at a time. +#binary-%: build install +# make -f debian/rules binary-common DH_OPTIONS=-p$* + +binary: binary-indep binary-arch +.PHONY: clean binary-indep binary-arch diff --git a/debian/use-bash.diff b/debian/use-bash.diff new file mode 100644 index 000000000..ccee7f27e --- /dev/null +++ b/debian/use-bash.diff @@ -0,0 +1,4 @@ +1c1 +< #!/bin/sh +--- +> #!/bin/bash diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..e40202f1e --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.openswan.org/download/openswan-([\d.]+)\.tar\.gz |