From 4769e2f961d2930ffcc6cfa5b1561548e4ea552c Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Mon, 22 May 2006 06:31:58 +0000 Subject: - Just copy the whole debian/ dir from my openswan packaging. --- debian/README.Debian | 124 +++++ debian/changelog | 498 +++++++++++++++++ debian/changelog.debian | 10 + debian/control | 69 +++ debian/copyright | 35 ++ debian/doc-base | 10 + debian/info | 0 debian/ipsec.secrets.proto | 8 + debian/linux-patch-openswan.apply | 46 ++ debian/linux-patch-openswan.dirs | 3 + debian/linux-patch-openswan.docs | 2 + debian/linux-patch-openswan.unpatch | 39 ++ debian/logcheck.ignore.paranoid | 20 + debian/logcheck.ignore.server | 25 + debian/logcheck.violations.ignore | 1 + debian/openswan-modules-source.control.in | 13 + debian/openswan-modules-source.dirs | 1 + debian/openswan-modules-source.docs | 2 + debian/openswan-modules-source.kernel-config | 110 ++++ debian/openswan-modules-source.rules | 150 +++++ debian/openswan.config | 57 ++ debian/openswan.dirs | 15 + debian/openswan.docs | 5 + debian/openswan.postinst | 258 +++++++++ debian/openswan.postrm | 42 ++ debian/openswan.prerm | 40 ++ debian/openswan.templates | 633 ++++++++++++++++++++++ debian/openswan.templates.master | 207 +++++++ debian/patches/00list | 2 + debian/patches/01-updown-default-path.dpatch | 31 ++ debian/patches/01-updown_x509-default-path.dpatch | 31 ++ debian/po/POTFILES.in | 1 + debian/po/cs.po | 511 +++++++++++++++++ debian/po/fr.po | 541 ++++++++++++++++++ debian/po/ja.po | 508 +++++++++++++++++ debian/po/nl.po | 527 ++++++++++++++++++ debian/po/pt_BR.po | 549 +++++++++++++++++++ debian/po/sv.po | 523 ++++++++++++++++++ debian/po/templates.pot | 424 +++++++++++++++ debian/po/vi.po | 416 ++++++++++++++ debian/rules | 306 +++++++++++ debian/use-bash.diff | 4 + debian/watch | 2 + 43 files changed, 6799 insertions(+) create mode 100644 debian/README.Debian create mode 100644 debian/changelog create mode 100644 debian/changelog.debian create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/doc-base create mode 100644 debian/info create mode 100644 debian/ipsec.secrets.proto create mode 100644 debian/linux-patch-openswan.apply create mode 100644 debian/linux-patch-openswan.dirs create mode 100644 debian/linux-patch-openswan.docs create mode 100644 debian/linux-patch-openswan.unpatch create mode 100644 debian/logcheck.ignore.paranoid create mode 100644 debian/logcheck.ignore.server create mode 100644 debian/logcheck.violations.ignore create mode 100644 debian/openswan-modules-source.control.in create mode 100644 debian/openswan-modules-source.dirs create mode 100644 debian/openswan-modules-source.docs create mode 100644 debian/openswan-modules-source.kernel-config create mode 100755 debian/openswan-modules-source.rules create mode 100644 debian/openswan.config create mode 100644 debian/openswan.dirs create mode 100644 debian/openswan.docs create mode 100644 debian/openswan.postinst create mode 100644 debian/openswan.postrm create mode 100644 debian/openswan.prerm create mode 100644 debian/openswan.templates create mode 100644 debian/openswan.templates.master create mode 100644 debian/patches/00list create mode 100755 debian/patches/01-updown-default-path.dpatch create mode 100755 debian/patches/01-updown_x509-default-path.dpatch create mode 100644 debian/po/POTFILES.in create mode 100644 debian/po/cs.po create mode 100644 debian/po/fr.po create mode 100644 debian/po/ja.po create mode 100644 debian/po/nl.po create mode 100644 debian/po/pt_BR.po create mode 100644 debian/po/sv.po create mode 100644 debian/po/templates.pot create mode 100755 debian/po/vi.po create mode 100755 debian/rules create mode 100644 debian/use-bash.diff create mode 100644 debian/watch diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 000000000..c7129d134 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,124 @@ +openswan for Debian +---------------------- + +1) General Remarks + +This package has been created from scratch with some ideas from the +freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 package by +Aaron Johnson merged in. Most of the code in debian/rules for creating the +linux-patch-openswan package has been initially taken from Tommi Virtanen's +package, but has been mostly rewritten to fit the needs of newer kernel +versions (since version 1.9-1). + +After the decision of the FreeS/WAN project to cease the development of +FreeS/WAN, we decided to switch over to the Openswan fork. This code base +includes all the patches that had to be applied manually before, which makes +packaging simple. Alexander List prepared the first preliminary openswan +package based on my freeswan packaging, which I updated to the relevant parts +of the current freeswan package. + +2) Kernel Support + +Note: This package can make use of the in-kernel IPSec stack, which is +available in the stock Debian kernel images (>=2.4.24 and 2.6.x). + +If you want to use the openswan utilities, you will need the appropriate +kernel modules. The Debian default kernel native IPSec stack (which is +included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) +can be used out-of-the-box with opeswan pluto, the key management daemon. +This native Linux IPSec stack is of high quality, has all of the features of +the latest Debian freeswan and openswan packages (i.e. support for other +ciphers like AES and NAT Traversal support) and is well integrated into the +kernel networking subsystem (which is not true for the freeswan kernel +modules). However, it is not as well tested as the freeswan kernel modules +simply because the code base is younger. But nonetheless, the easiest way to +get IPSec support in Debian is to use the default kernels (or recompile from +the Debian kernel sources) and install the mature freeswan pluto key management +daemon. + +If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or +are building a custom 2.4 kernel, then the KLIPS kernel part is available in +two forms: the kernel tree can be patched using the linux-patch-openswan +package, which will be applied automatically by make-kpkg, or stand-alone +modules can be built using the openswan-modules-source package. Please note +that, for building the modules, you need the _complete_, built kernel tree +for invoking "make-kpkg modules_install", only having the kernel headers is +not enough. NAT Traversal can not be used at the moment with the stand-alone +modules, it still needs a small kernel patch applied to the kernel tree. If +you need NAT Traversal, please use either the in-kernel IPSec stack (which is +preferred), the linux-patch-openswan package, or patch the kernel tree with +the (small) NAT Traversal patch before compiling it. + +Attention: Please note that KLIPS will not compile cleanly with newer GCC +versiobs that are stricter with their syntax checks. It is known to compile +with GCC 3.4, so I recommend to use this version for building it. If you build +KLIPS modules without patching the kernel source, please note that the kernel +needs to be compiled with the same GCC version, or the modules will not load! + +When using make-kpkg, the GCC version can be set with the environment variable +MAKEFLAGS, e.g. with + MAKEFLAGS="CC=gcc-3.4" make-kpkg ... +This should be necessary for 2.4 kernels, while KLIPS for 2.6 kernels might +compile with newer GCC versions as well. + +For using the openswan (KLIPS) kernel modules, there are now two different +methods: + +2.1) openswan-modules-source: +When you install the openswan-modules-source package and use +make-kpkg to build your kernel, make-kpkg modules_image will automatically +create a kernel module package. However, since the openswan-modules-source +package follows other modules source packages, you will first have to extract +the source tree: + $ cd /usr/src + $ tar xvzf openswan-modules.tar.gz +Again, please note that only the kernel headers are not enough to build these +modules! You really need to have the kernel source tree, configured for your +running kernel (or the one you will run the openswan module with). If you did +not build your own kernel, the following trick might help (thanks to Olaf +Lundqvist for documenting this in the BTS): + a) unpack the kernel source: + $ apt-get install kernel-source- + $ cd /usr/src + $ tar xvfj kernel-source-.tar.bz2 + $ cd kernel-source- + b) copy kernel-headers information to that directory: + $ apt-get install kernel-headers- + $ cp -r ../kernel-headers-/* . + c) build the openswan kernel modules: + $ cd /usr/src/modules/openswan + $ debian/rules binary-modules \ + KVERS="" \ + KSRC="/usr/src/kernel-source-" 2>&1 +Where upstream version is e.g. 2.4.20 and debian-version is e.g. 2.4.20-2 (it +should match the Debian package version). + +If you want to use NAT Traversal but still want to use openswan-modules-source +(since you need to patch the kernel anyway, using linux-patch-openswan is +easier), you can find the necessary patch under +/usr/src/modules/openswan/debian/nat-t-.diff +It should apply cleanly to newer vanilla 2.4 and 2.6 series kernels. Debian +kernels usually have that patch already applied, so you will not need to patch +a Debian kernel to use openswan. + +2) linux-patch-openswan: +By installing the linux-patch-openswan package and using make-kpkg to build +your kernel, it automatically gets patched to include the freeswan IPSec kernel +support in the kernel tree. This allows to enable NAT Traversal (which is not +possible with building the openswan modules outside the kernel tree with the +openswan-modules-source package without the additional patch). Please note +that the environment variable PATCH_THE_KERNEL=YES has to be set for make-kpkg +to apply the kernel patches. + +3) Miscellaneous + +Warning: Due to an upstream bug, pluto from this version will dump core on +certain CRLs. If you are hit by this bug, please report it directly to +upstream, they are still tracking the issue down. + +For support, please use the mailing list debian-openswan@gibraltar.at, which +is now the official support address for the Debian package of openswan. You +can subscribe to the list and view its archives at +https://www.gibraltar.at/mailman/listinfo/debian-openswan + + -- Rene Mayrhofer , Mon, Sep 19 14:58:00 2005 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..8b7e14fda --- /dev/null +++ b/debian/changelog @@ -0,0 +1,498 @@ +openswan (1:2.4.5-3) unstable; urgency=low + + * Renamed kernel-patch-openswan to linux-patch-openswan. + * Removed the remarks in the package descriptions that linux-patch-openswan + and openswan-modules-source will only work with 2.4 series kernels. This + is no longer true. + * Use updated French translation. Thanks to Christian Perrier and sorry for + not giving time to update the translations before the last upload. I felt + that the FTBFS should be corrected quickly. + Closes: #364399: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer Sun, 23 Apr 2006 21:47:53 +0100 + +openswan (1:2.4.5-2) unstable; urgency=low + + * The NMU patch doesn't seem to have applied to debian/control, + because the dependency was still on libopensc1-dev. Fixed that now + by adding libopensc2-dev. + Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on + libopensc1-dev + * Added the patch to fix alignment issues on Sparc, as upstream acknowledged + it and applied it to their development tree. + Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due + to request memory alignment issue + + -- Rene Mayrhofer Mon, 17 Apr 2006 14:53:37 +0100 + +openswan (1:2.4.5-1) unstable; urgency=low + + * New upstream release. This release adds support for patching newer kernel + versions. Verified that the patched kernel tree compiles with Debian + kernel sources 2.6.15-8 and 2.6.16-6. + Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15 + kernel + It also adds the patches for an IPSec/L2TP server behind a NAT. + Closes: #307529: More patches for openswan server behind NAT + Closes: #353792: openswan nat-t failure + And additionally there are (according to upstream changelogs) fixes for + running on SMP systems. If the following bug still persists (can not test + myself), then please reopen. + Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze + The patch to fix the snmpd crash is also in this upstream version (just + checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions + as well, so this might have been closed earlier. It's not mentioned in + upstream changelog, so I don't know exactly when it has been fixed. + Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference + when using snmpd + The ipsec.conf manual page has been updated to document connaddrfamily. + Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the + parameter "connaddrfamily" + * Acknowledge fixes in last NMU - thanks to Christian. + Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no + installation candidate + Closes: #356716: openswan: Incomplete clean when building + Closes: #316693: openswan_1/2.2.0-10 + Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation + * Enable building of XAUTH support. + * Import override files from /etc/default instead of /etc/sysconfig. This + uses dpatch, so now Build-Depend on it. + Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/, + please change to /etc/default/ + * Only ask if an existing certificate/private key pair should be used when + the user chose not to create a new key pair. Also mention, when asking to + create a new key pair, that an existing one can be used alternatively. + Closes: #298250: confusing debconf question about certificate creation + * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the + "make install" to the "make programs" call where it belongs. + Closes: #292838: openswan: Dynamic CRL fetching not supported + * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of + /usr/share/doc/openswan/doc/index.html, and only the latter one has links + to existing files. + Closes: #311613: openswan: html documentation links to the wrong place + Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html + Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html + * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and + vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport, + a second option is necessary for inet_(add|del)_protocol. This should + allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified + that it compiles with Debian 2.4.27-12 and vanilla 2.4.32. + Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on + sarge + Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27 + 2.4.27-11 + * Document in README.Debian that KLIPS for 2.4 kernels will not compile with + newer GCC versions and give a hint on how to use older versions with + make-kpkg. + * Kernel 2.6.8 is not properly supported and is horribly outdated by now. + If you really need to use 2.6.8, then please use the native 26sec IPSec + stack. For KLIPS support, use at least 2.6.12, or better 2.6.15. + Closes: #318136: kernel-patch-openswan: Problem applying + kernel-openswan-patch to kernel-source-2.6.8 + * Compress the modules source tree with bzip2 instead of gzip and thus + reduce the size of the openswan-modules-source package. + + -- Rene Mayrhofer Sat, 15 Apr 2006 21:36:36 +0100 + +openswan (1:2.4.4-3.1) unstable; urgency=high + + * Non-maintainer upload with maintainer's agreement + * Fix FTBFS by replacing the build dependency on libopensc1-dev to + libopensc2-dev. Closes: #352050 + * Really clean when building + Closes: #356716 + * Correct typos and English errors in templates + Unfuzzy translations + Closes: #316693 + * Swedish debconf templates translation added + Closes: #339390 + + -- Christian Perrier Thu, 16 Mar 2006 06:10:05 +0100 + +openswan (1:2.4.4-3) unstable; urgency=low + + * Corrected PATCHNAME in the kernel-patch-openswan unpatch script. + Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script + but =freeswan in unpatch + + -- Rene Mayrhofer Tue, 27 Dec 2005 10:38:33 +0000 + +openswan (1:2.4.4-2) unstable; urgency=low + + * Build-depend on libkrb5-dev. + Closes: #344612: openswan: pluto has shared library dependency on + libkrb5support.so + + -- Rene Mayrhofer Mon, 26 Dec 2005 11:22:17 +0000 + +openswan (1:2.4.4-1) unstable; urgency=high + + Reasoning for urgency high: DoS security issues. + * New upstream version. This is supposed to fix the other part of the DoS + problem. + + -- Rene Mayrhofer Fri, 18 Nov 2005 19:23:49 +0000 + +openswan (1:2.4.3-1) unstable; urgency=high + + Reasoning for urgency high: DoS security issues. + * New upstream version. + Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation + problems / DoS + + -- Rene Mayrhofer Tue, 15 Nov 2005 15:49:44 +0000 + +openswan (1:2.4.0-3) unstable; urgency=low + + * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0 + package branch. Now again change the debconf depends to debconf | + debconf-2.0. + Closes: #332055: openswan depends on debconf without | debconf-2.0 + alternate; blocks cdebconf transition + * Also build-depend on the new libssl (>= 0.9.8-1) now to help the + transition. If you recompile this package for woody/sarge, you can safely + ignore this versioned build-dependency. No new API is needed this is just + for the ABI transition. + + -- Rene Mayrhofer Mon, 10 Oct 2005 11:22:12 +0100 + +openswan (1:2.4.0-2) unstable; urgency=low + + * Module building has changed a bit for the new openswan upstream + releases (need additional files). Adapt the openswan-modules-source + package to that and also fix pfkey_v2.c to compile with kernel 2.4 + (patches sent to upstream for future inclusion). + Closes: #291274: Fails to build with 2.4.29: missing Makefile + Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + * Fix the postinst script (must have been a bash update that broke it). + Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a + valid identifier" + + -- Rene Mayrhofer Fri, 30 Sep 2005 18:11:28 +0100 + +openswan (1:2.4.0-1) unstable; urgency=low + + * New upstream release. This finally allows the Debian packages to be + updated since the regression from 2.2.X to 2.3.X has been fixed (pluto + crash with roadwarriors). Please be aware that pluto daemons from 2.2 or + 2.3 openswan release will still crash, so please update all your + installations as soon as possible. + Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior + comes in using 2.3.0 + This release also supports KLIPS with 2.6 kernels now. + Closes: #301801: kernel-patch-openswan: Fails to build with Debian + 2.6.10 source + #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + #318136: kernel-patch-openswan: Problem applying + kernel-openswan-patch to kernel-source-2.6.8 + * Fixed gcc 4 compile for fswcert (patch will be forwarded to upstream). + * Added Vietnamese debconf translation. + Closes: #316692: INTL:vi + * Introduced the epoch in this branch to allow automatic updates from the + previously downgraded 2.2 release. + * Edited the debian/copyright file to mention the shared GPL path and + removed old licenses (only refer to CREDITS now). + + -- Rene Mayrhofer Mon, 19 Sep 2005 13:40:30 +0100 + +openswan (2.3.1-1) unstable; urgency=high + + Urgency HIGH because openswan is an important package for testing (at least + in my opinion...). + * New upstream version. This update should fix the various crashes + that openswan 2.3.0 pluto was causing on other openswan boxes + (occured in the wild with 2.2.0 and 2.3.0, but might also happen + with others) in some cases. + Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior + comes in using 2.3.0 + * Adapt to the new way of building modules (which changed between upstream + version 2.2.0 and 2.3.0). openswan-modules-source should now build with + 2.4 and with 2.6 kernels (using make-kpkg). + Closes: #291274: Fails to build with 2.4.29: missing Makefile + Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o + not kernel modules + * Also enable building of 2.6 kernel modules in openswan-modules-source. + Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - + different from #273144 (?) + * kernel-patch-openswan also needed some changes due to the new tree + layout (specifically the new Makefile.top). Now kernel-patch-openswan + has been enabled to work with kernel 2.6, so you can now get ipsecX + interfaces with kernel 2.6 (tested with vanilla 2.6.10)! + Closes: #301801 kernel-patch-openswan: Fails to build with Debian 2.6.10 + source + * There was no reply by the original bug submitter, so this really seemed + to be a toolchain problem. I can't reproduce this bug. + Closes: #283387: openswan: Fails to build on testing (Sarge) + * The build-dependency has already been updated from libcurl2-dev to + libcurl3-dev in package 2.3.0-1. Now updated it to + libcurl3-dev | libcurl2-dev so that backporting to woody is easier. + Closes: #298468 openswan fails to build on sarge due to missing + libcurl2-dev dependancy + * The same goes for libopensc*-dev. + * Fixed typos in the logcheck ignore files. + Closes: #298693: openswan: logcheck files - typo + * Updated debconf translations. + Closes: #290847: openswan: [INTL:fr] French debconf templates translation + Closes: #292077: [INTL:pt_BR] Please apply the attached patch in order to + update openswan's pt_BR debconf translation + Closes: #294202: [l10n] Czech po-debconf template translation (cs.po) + * Removed the source code for the fswcert utility from the debian/ dir in + the source package - it is now included in the upstream source under + programs/. + * Removed the conflicts with ike-server (still providing it though). + Closes: #297186: openswan: Remove conflict on ike-server + * Don't conflict with freeswan generally, but only with versions < 2.04-12. + (This is in preparation of the freeswan transition package that I am + working on.) + * Explicitly remove the execute permissions from /etc/ipsec.d/policies/*. + Closes: #298245: wrong permissions in /etc + * No longer need gawk for openswan scripts to work. This allows to finally + removed the awk-to-gawk hack in debian/rules and means that openswan no + longer depends on gawk. + * Enable the building of pluto code for dynamic URL fetching (which needs + libldap2-dev and libcurl3-dev) and the XAUTH PAM support. Therefore, we + now build-depend on libpam0g-dev. + Closes: #292838: openswan: Dynamic CRL fetching not supported + + -- Rene Mayrhofer Sat, 9 Apr 2005 17:56:16 +0200 + +openswan (2.3.0-2) unstable; urgency=HIGH + + Urgency HIGH due to security issue and problems with build-deps in sarge. + * Fix the security issue. Please see + http://www.idefense.com/application/poi/display?id=190& + type=vulnerabilities&flashstatus=false + or CAN-2005-0162 at + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162 + for more details. Thanks to Martin Schulze for informing me about this + issue. + Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability + * Added a Build-Dependency to lynx. + Closes: #291143: openswan: FTBFS: Missing build dependency. + + -- Rene Mayrhofer Thu, 27 Jan 2005 16:10:11 +0100 + +openswan (2.3.0-1) unstable; urgency=low + + * New upstream release. + Important change: aes-sha1 is now the default proposal (but 3des-md5 is + still supported if the other side requests it). Please look at + /usr/share/doc/openswan/docs/RELEASE-NOTES for details. + * Includes KLIPS support for kernel 2.6 for the first time, but I have not + yet modified openswan-modules-source to cope with that. If somebody wants + to lend me a hand to address #273443, it would be more than welcome. + * This release includes a fix for the reported snmpd crash + (in ipsec_tunnel.c). Many thanks to Nate Carlson for pointing this out. + Closes: #261892: openswan: System crashes when snmpd runs at the same time + * Update Build-Depends from libopensc0-dev to libopensc1-dev. + Closes: #289600: openswan: can't fulfill the build dependencies + * Update Build-Depends from libcurl2-dev to libcurl3-dev. + * Include Japanese debconf translation and fix a typo in the master. + Closes: #288996: openswan: Japanese po-debconf template translation + (ja.po) and typo in template.pot + * Auto-apply the NAT Traversal patch with kernel-patch-openswan again. This + was changed by openswan (the freeswan version included the NAT-T patch + automatically). Thus, the patch is now applied before inserting the KLIPS + part. + * Include a ready-to-use NAT-T diff in the openswan-modules-source package + so that anybody who uses this package still has the option of using NAT + Traversal (though this means patching the kernel anyway, and kind of + makes the out-of-tree compilation senseless). However, Debian 2.4 series + kernels should already have NAT-T applied. + * Document the above two changes in the package descriptions and + README.Debian. + + -- Rene Mayrhofer Thu, 13 Jan 2005 09:30:45 +0100 + +openswan (2.2.0-5) unstable; urgency=low + + * Added more explanations to README.Debian on how to build the kernel + modules with either openswan-modules-source or kernel-patch-openswan. + + -- Rene Mayrhofer Sat, 16 Oct 2004 13:11:48 +0200 + +openswan (2.2.0-4) unstable; urgency=medium + + Urgency medium to get this version into sarge - it fixes a bug that turned + up on some machines and prevented openswan from starting. + * no_oe.conf will work when there are spaces at the end, many thanks to + Hans Fugal for figuring that out! + Closes: #270012: openswan: Fails to start after Installation + (/etc/ipsec.d/examples/no_oe.conf problem?) + I am now sending this towards upstream so that it should hopefully get + fixed for the next release - it's a bit awkward for a config file. + * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key + is already present in ipsec.secrets and a new one is being created, a + needless line was printed. Silenced by adding -q to egrep. + + -- Rene Mayrhofer Sun, 3 Oct 2004 20:57:22 +0200 + +openswan (2.2.0-3) unstable; urgency=low + + * Also added flex to Build-Depends, the new starter (replacement for + the init scripts, but not yet active) needs it to build. + Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing + build-depends + Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex' + * Adapted the rules file of openswan-modules-source to cope with the new + upstream source code - need to generate a C file from a template before + the ipsec module can be built. + Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c + neither created nor compiled + * Enabled the building of modular extensions (AES and cryptoapi) by default + for openswan-modules-source. Also enabled the AES cipher in addition to + 3DES (this is directly in the ipsec.o kernel module, the modular + extensions version is an alternative to this). + + -- Rene Mayrhofer Fri, 24 Sep 2004 12:38:47 +0200 + +openswan (2.2.0-2) unstable; urgency=low + + * Added bison to Build-Depends. + + -- Rene Mayrhofer Thu, 23 Sep 2004 15:18:51 +0200 + +openswan (2.2.0-1) unstable; urgency=medium + + * New upstream version: + - Introduces AES support, which is the reason for urgency medium. AES + should definitly go into sarge. + - Adds RFC 3706 DPD (dead peer detection) support, see + /usr/share/doc/openswan/docs/README.DPD for details. + This adds the last missing piece (AES) to replace the freeswan package + completely. As of now, freeswan is officially unsupported and will soon + be removed from Debian. Please upgrade to openswan, which should not cause + any issues. Configuration files and certificates are completely compatible. + Closes: #270012: openswan: Fails to start after Installation + (/etc/ipsec.d/examples/no_oe.conf problem?) + I can no longer reproduce this problem on a fresh install of + 2.2.0-1. + Closes: #260120: openswan: Patch fixing #256391 breaks the autogenerated + certificate + The new X.509 patch included in this upstream release (no longer + patched by the Debian package) should fix this too. + Closes: #246828: /etc/ipsec.conf refers to invalid URLs + The default ipsec.conf file distributed by upstream no longer + refers to an URL. + * Fixed a thinko in the postinst script that prevented the correct insertion + of plain RSA keys into /etc/ipsec.secrets (i.e. not using X.509 + certificates). Fixed now. + Closes: #268742: openswan: Plain RSA key not successfully written to + ipsec.secrets + * Adapt to the new way of openswan handling the disabling of opportunistic + encryption. In the default ipsec.conf distributed with upstream openswan, + OE is now disabled (which changes the previous default). Adapted the + postinst script so that it can now enable and disable OE support based on + the debconf option. + Closes: #268743: openswan: fails to respect debconf OE setting + * Updated the French and Brazilian Portugese debconf translations. + Closes: #256457: openswan: [INTL:fr] French debconf templates translation + Closes: #264246: openswan: [INTL:pt_BR] Please use the attached Brazilian + Portuguese debconf template translation + * Patched debian/fswcert/fswcert.c to compile cleanly with gcc-3.4. Thanks + to Andreas Jochens for the patch! + Closes: #262663: openswan: FTBFS with gcc-3.4: label at end of compound + statement + * Documented how to build the KLIPS kernel part with either the + kernel-patch-openswan or the openswan-modules-source packages. + Closes: #246819: Needs documentation on how to build the kernel modules + * Bump Standards-Version to 3.6.1.0, no changes necessary. + + -- Rene Mayrhofer Tue, 21 Sep 2004 18:13:52 +0200 + +openswan (2.1.5-1) unstable; urgency=medium + + * New upstream release, which fixes another potential security issue. + + -- Rene Mayrhofer Sun, 5 Sep 2004 18:00:40 +0200 + +openswan (2.1.3-1) unstable; urgency=HIGH + + Urgency high because of a possibly security issue. + * New upstream version. This includes the CRL fix form 2.1.1-5 and the + proper activation of NAT traversal in Makefile.inc. + Closes: #253457: Openswan: new upstream available that includes xauth + Closes: #253458: Openswan: new upstream available that includes xauth + Closes: #253461: Openswan: new upstream available + Closes: #253782: openswan: Should automatically load kernel module + xfrm_user + But I have currently not explicitly enabled xaut support in Makefile.inc, + quoting from there: "off by default, since XAUTH is tricky, and you can + get into security trouble". If it needs to be enabled to work, please tell + me and I will need to take a far closer look on it (and the involved + problems). + This new upstream version also fixes a possible security issue in the + X.509 certificate authentication. + * The last upload didn't seem to have hit the archives, strange... + However, the bugs are still fixed, closing them now. + Closes: #245450: openswan should not depend on + kernel-image-2.4 || kernel-image-2.6 + Closes: #246847: openswan: shouldn't conflict with ike-server + Closes: #246373: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer Thu, 17 June 2004 12:22:45 +0200 + +openswan (2.1.1-5) unstable; urgency=low + + * Applied a patch from openswan CVS to fix CRL related crashes. + * Drop the dependency on kernels it works with - the package description + already says that it will need kernel support to work. This allows people + to easily use self-compiled kernels with the right support (e.g. 2.6.5). + Closes: #245450: openswan should not depend on + kernel-image-2.4 || kernel-image-2.6 + * While I'm at it, also replace the various Suggests: *freeswan* with + openswan. Oops. + * openswan conflicts with ike-server because only one ike-server can be + active at any given time (it will listen on UDP port 500). This policy + has been agreed to by all Debian IPSec package maintainers and implemented + in all ike-server providing packages. + Closes: #246847: openswan: shouldn't conflict with ike-server + * Took the debconf translations from the freeswan package and "ported" them + via debconf-updatepo. Thanks to Christian Perrier for mentioning that it + was this easy. + The templates should now be correct (all instances of FreeS/wan replaced + by Openswan). + Closes: #246373: openswan: [INTL:fr] French debconf templates translation + + -- Rene Mayrhofer Tue, 18 May 2004 19:46:24 +0200 + +openswan (2.1.1-4) unstable; urgency=low + + * Fixed the kernel-patch-openswan apply script. + * Warning: Due to an upstream bug, pluto from this version will dump core + on certain CRLs. If you are hit by this bug, please report it directly to + upstream, they are still tracking the issue down. + + + -- Rene Mayrhofer Thu, 15 Apr 2004 09:50:32 +0200 + +openswan (2.1.1-3) unstable; urgency=low + + * Also build the openswan-modules-source and kernel-patch-openswan + packages now. + * Fixed _startklips in combination with the native IPSec stack - many thanks + to Nate Carlson for the patch. + + -- Rene Mayrhofer Wed, 31 Mar 2004 19:33:49 +0200 + +openswan (2.1.1-2) unstable; urgency=low + + * Took the package as official maintainer. + * Updated all relevant packaging stuff to the level of freeswan 2.04-9, + including auto-generation of X.509 certificates and insertion in + ipsec.secrets. This also corrects the libexec path in some scripts. + + -- Rene Mayrhofer Wed, 31 Mar 2004 11:23:46 +0200 + +openswan (2.1.1-1) unstable; urgency=low + + * Initial version - packaging based on Rene Mayrhofer's + FreeS/WAN packaging + + -- Alexander List Sun, 21 Mar 2004 21:47:53 +0100 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/changelog.debian b/debian/changelog.debian new file mode 100644 index 000000000..14b30ca82 --- /dev/null +++ b/debian/changelog.debian @@ -0,0 +1,10 @@ +freeswan (2.00) unstable; urgency=low + + This is a major update to the FreeS/WAN source tree to include the + debian packaging components. This version supports just the native + pieces of FreeS/WAN - no patches. + + The debian changelog is at changelog.debian. + + + diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..919875eab --- /dev/null +++ b/debian/control @@ -0,0 +1,69 @@ +Source: openswan +Section: net +Priority: optional +Maintainer: Rene Mayrhofer +Standards-Version: 3.6.1.0 +Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev (>= 0.9.8-1), htmldoc, man2html, libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, lynx, dpatch, bzip2 + +Package: openswan +Architecture: any +Pre-Depends: debconf | debconf-2.0 +Depends: ${shlibs:Depends}, bsdmainutils, makedev | devfsd, debianutils (>=1.7), ipsec-tools, openssl, host, iproute +Suggests: openswan-modules-source | linux-patch-openswan, curl +Provides: ike-server +Conflicts: freeswan (<< 2.04-12) +Description: IPSEC utilities for Openswan + IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide + both authentication and encryption services. Authentication ensures that + packets are from the right sender and have not been altered in transit. + Encryption prevents unauthorised reading of packet contents. + . + This version of Openswan supports Opportunistic Encryption (OE) out of the + box. OE enables you to set up IPsec tunnels to a site without + co-ordinating with the site administrator, and without hand + configuring each tunnel. If enough sites support OE, a "FAX effect" + occurs, and many of us can communicate without eavesdroppers. + . + In addition to OE, you may manually configure secure tunnels through + untrusted networks. Everything passing through the untrusted net is + encrypted by the IPSEC gateway machine and decrypted by the gateway + at the other end. The result is Virtual Private Network or VPN. This + is a network which is effectively private even though it includes + machines at several different sites connected by the insecure Internet. + . + Please note that you will need a recent kernel (>=2.4.24 or 2.6.x) + for using this package. The standard Debian kernel includes both IPSEC + and crypto support, patching the kernel is no longer necessary! + . + If you want to use the KLIPS IPSec code for kernel modules instead of the + native ones, you will need to install either openswan-modules-source or + linux-patch-openswan and build the respective modules for your kernel. + +Package: openswan-modules-source +Architecture: all +Depends: coreutils | fileutils, debhelper, bzip2 +Recommends: kernel-package (>= 7.04), kernel-source +Suggests: openswan +Description: IPSEC kernel modules source for Openswan + This package contains the source for the Openswan modules to get the necessary + kernel support to use Openswan. + . + It includes the NAT Traversal patches, which will need to be applied to the + kernel tree if NAT Traversal is needed. + +Package: linux-patch-openswan +Architecture: all +Depends: coreutils | fileutils +Recommends: kernel-package (>= 7.04) +Suggests: openswan +Provides: kernel-patch-openswan +Replaces: kernel-patch-openswan +Description: IPSEC Linux kernel support for Openswan + This package contains the patches for the Linux kernel to get the necessary + kernel support to use Openswan. If you want to build a kernel module for + IPSec, it is much easier to use the openswan-modules-source package instead. + This kernel-patch package should probably only be used when building a + non-modular kernel or when compiling IPSec non-modular. + . + It includes the NAT Traversal patches and applies them automatically to the + kernel after inserting KLIPS. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..536550087 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,35 @@ +This package was debianized by Rene Mayrhofer on +Thu, 10 Aug 2000 10:50:33 +0200. + +The Debian package was created from scratch with some hints taken from +previous freeswan packages by Tommi Virtanen and Aaron Johnson. +The upstream software was downloaded from http://www.freeswan.org/ + +After the FreeS/WAN folks decided to cease development, we used the forked +code base at http://www.openswan.org/. + +This project has multiple authors, please see the file CREDITS for details. +However, all of the code is DFSG-free and, since 2002-09-16, +the LICENSE file in the upstream distribution includes a special GPL addition +to allow linking with libdes (which contains and advertising clause). +This LICENSE file was added to the Debian package of freeswan version 1.98b +by me, but has been authorized by Michael Richardson of freeswan upstream +(who sent the file to a mailing list). + +The contents of this LICENSE file are: +------------------------------------------------------------------------------ +Except for the DES library, this software is under the GNU Public License, +see the file COPYING. + +The DES library is under a BSD style license, see + linux/crypto/ciphers/des/COPYRIGHT. +Note that this software has a advertising clause in it. + +In addition to the terms set out under the GPL, permission is granted to +link the software against the libdes library just mentioned. +------------------------------------------------------------------------------ + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +Rene Mayrhofer, 2005-09-27 diff --git a/debian/doc-base b/debian/doc-base new file mode 100644 index 000000000..5e20233cc --- /dev/null +++ b/debian/doc-base @@ -0,0 +1,10 @@ +Document: openswan +Title: Openswan documentation +Author: The Openswan project +Abstract: This is a comprehensive document which describes what IPSEC + is, how it works, and the Openswan IPSEC implementation. +Section: Apps/System + +Format: HTML +Index: /usr/share/doc/openswan/doc/index.html +Files: /usr/share/doc/openswan/doc/*.html diff --git a/debian/info b/debian/info new file mode 100644 index 000000000..e69de29bb diff --git a/debian/ipsec.secrets.proto b/debian/ipsec.secrets.proto new file mode 100644 index 000000000..33441c0ed --- /dev/null +++ b/debian/ipsec.secrets.proto @@ -0,0 +1,8 @@ +# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $ +# This file holds shared secrets or RSA private keys for inter-Pluto +# authentication. See ipsec_pluto(8) manpage, and HTML documentation. + +# RSA private key for this host, authenticating it to any other host +# which knows the public part. Suitable public keys, for ipsec.conf, DNS, +# or configuration of other implementations, can be extracted conveniently +# with "ipsec showhostkey". diff --git a/debian/linux-patch-openswan.apply b/debian/linux-patch-openswan.apply new file mode 100644 index 000000000..107cdb0e7 --- /dev/null +++ b/debian/linux-patch-openswan.apply @@ -0,0 +1,46 @@ +#! /bin/sh +# +# (C) 1998 Manoj Srivastava & Eric Delaunay. + +set -e + +ARCHITECTURE=all +PATCHNAME=openswan +PATCHDIR=/usr/src/kernel-patches/$ARCHITECTURE/openswan +#PATCHDIR=`dirname $0`/../$PATCHNAME + +if ! test -d kernel -a -d Documentation ; then + echo "Not in kernel top level directory. Exiting" >&2 + exit 1 +fi + +if test -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME ; then + exit 0 # patch already applied +fi + +rm -rf net/ipsec +KERNELDIR=`pwd` + +# apply the NAT-T patch first (if it applies...) +echo "Applying NAT Traversal patch to networking subsystem." +if make -C "$PATCHDIR" -f Makefile nattpatch \ + | patch -p1 --dry-run >/dev/null; then + make -C "$PATCHDIR" -f Makefile nattpatch \ + | patch -p1 +else + echo "The patch does not apply cleanly, skipping it. Please check manually" + echo "if your kernel already supports NAT Traversal (Debian kernel sources" + echo "might already be patched to do so)." +fi + +echo "Inserting KLIPS into kernel." +make -C "$PATCHDIR" -f Makefile kpatch \ + KERNELSRC="$KERNELDIR"\ + PATCHER="./patcher" +make -C "$PATCHDIR" -f Makefile klink \ + KERNELSRC="$KERNELDIR"\ + KLIPSLINK="cp -a" +make -C "$PATCHDIR" -f Makefile klipsdefaults \ + KERNELSRC="$KERNELDIR" + +mkdir -p debian && touch debian/APPLIED_${ARCHITECTURE}_$PATCHNAME diff --git a/debian/linux-patch-openswan.dirs b/debian/linux-patch-openswan.dirs new file mode 100644 index 000000000..57f41cb32 --- /dev/null +++ b/debian/linux-patch-openswan.dirs @@ -0,0 +1,3 @@ +usr/src/kernel-patches/all/apply +usr/src/kernel-patches/all/unpatch +usr/src/kernel-patches/all/openswan diff --git a/debian/linux-patch-openswan.docs b/debian/linux-patch-openswan.docs new file mode 100644 index 000000000..e61535265 --- /dev/null +++ b/debian/linux-patch-openswan.docs @@ -0,0 +1,2 @@ +CREDITS +debian/README.Debian diff --git a/debian/linux-patch-openswan.unpatch b/debian/linux-patch-openswan.unpatch new file mode 100644 index 000000000..2fca79aa6 --- /dev/null +++ b/debian/linux-patch-openswan.unpatch @@ -0,0 +1,39 @@ +#! /bin/sh +# +# (C) 1998 Manoj Srivastava & Eric Delaunay. + +set -e + +ARCHITECTURE=all +PATCHNAME=openswan +PATCHDIR=/usr/src/kernel-patches/$ARCHITECTURE/openswan +#PATCHDIR=`dirname $`/../$PATCHNAME + +if ! test -d kernel -a -d Documentation ; then + echo "Not in kernel top level directory. Exiting" >&2 + exit 1 +fi + +if ! test -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME ; then + exit 0 # no need to remove a non existent patch +fi + +rm -rf net/ipsec +patchedfiles=`find . -name "*.preipsec" -type f` +for f in $patchedfiles; do + origname=`expr "$f" : '\(.*\)\.preipsec$'` + echo "Restoring $origname from $f" + mv $f $origname +done + +removefiles=`find . -name "*.ipsecmd5" -type f` +removefiles="$removefiles `find . -name "*.wipsec" -type f`" +for f in $removefiles; do + echo "Removing $f" + rm $f +done + +rm -f debian/APPLIED_${ARCHITECTURE}_$PATCHNAME +[ -d debian ] && ( rmdir -p debian || true ) + +exit 0 diff --git a/debian/logcheck.ignore.paranoid b/debian/logcheck.ignore.paranoid new file mode 100644 index 000000000..ca6c97dde --- /dev/null +++ b/debian/logcheck.ignore.paranoid @@ -0,0 +1,20 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: regenerating DH private secret diff --git a/debian/logcheck.ignore.server b/debian/logcheck.ignore.server new file mode 100644 index 000000000..7ab04c524 --- /dev/null +++ b/debian/logcheck.ignore.server @@ -0,0 +1,25 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: added connection description +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: .* SA established +pluto.*: .* SA expired +pluto.*: replacing stale .* SA +pluto.*: initiating Quick Mode +pluto.*: regenerating DH private secret diff --git a/debian/logcheck.violations.ignore b/debian/logcheck.violations.ignore new file mode 100644 index 000000000..1a190fc28 --- /dev/null +++ b/debian/logcheck.violations.ignore @@ -0,0 +1 @@ +ipsec_setup: KLIPS debug `none' diff --git a/debian/openswan-modules-source.control.in b/debian/openswan-modules-source.control.in new file mode 100644 index 000000000..7e5aa5307 --- /dev/null +++ b/debian/openswan-modules-source.control.in @@ -0,0 +1,13 @@ +Section: net +Priority: optional +Maintainer: $KMAINT <$KEMAIL> +Build-Depends: debhelper (>= 4) +Standards-Version: 3.6.0 +Source: openswan + +Package: openswan-modules-$KVERS +Architecture: any +Recommends: kernel-image-$KVERS (= $KDREV) +Description: IPSEC kernel modules for Openswan (binary kernel modules) + This package contains the openswan binary kernel modules for linux + version $KVERS. diff --git a/debian/openswan-modules-source.dirs b/debian/openswan-modules-source.dirs new file mode 100644 index 000000000..531fa90c3 --- /dev/null +++ b/debian/openswan-modules-source.dirs @@ -0,0 +1 @@ +/usr/src/ diff --git a/debian/openswan-modules-source.docs b/debian/openswan-modules-source.docs new file mode 100644 index 000000000..e61535265 --- /dev/null +++ b/debian/openswan-modules-source.docs @@ -0,0 +1,2 @@ +CREDITS +debian/README.Debian diff --git a/debian/openswan-modules-source.kernel-config b/debian/openswan-modules-source.kernel-config new file mode 100644 index 000000000..16727d166 --- /dev/null +++ b/debian/openswan-modules-source.kernel-config @@ -0,0 +1,110 @@ +#ifndef _CONFIG_ALL_H_ +/* + * Copyright (C) 2002 Michael Richardson + * + * This kernel module is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This kernel module is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public + * License for more details. + * + * RCSID $Id: openswan-modules-source.kernel-config,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $ + */ +#define _CONFIG_ALL_H_ /* seen it, no need to see it again */ + +#define CONFIG_IPSEC 1 + +#ifndef CONFIG_IPSEC_AH +#define CONFIG_IPSEC_AH 1 +#endif + +#ifndef CONFIG_IPSEC_DEBUG +#define CONFIG_IPSEC_DEBUG 1 +#endif + +#ifndef CONFIG_IPSEC_ESP +#define CONFIG_IPSEC_ESP 1 +#endif + +#ifndef CONFIG_IPSEC_IPCOMP +#define CONFIG_IPSEC_IPCOMP 1 +#endif + +#ifndef CONFIG_IPSEC_IPIP +#define CONFIG_IPSEC_IPIP 1 +#endif + +#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 +#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 +#endif + +#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 +#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 +#endif + +#ifndef CONFIG_IPSEC_DYNDEV +#define CONFIG_IPSEC_DYNDEV 1 +#endif + +#ifndef CONFIG_IPSEC_ENC_3DES +#define CONFIG_IPSEC_ENC_3DES 1 +#endif + +#ifndef CONFIG_IPSEC_ENC_AES +#define CONFIG_IPSEC_ENC_AES 1 +#endif + +#ifndef CONFIG_IPSEC_REGRESS +#define CONFIG_IPSEC_REGRESS 0 +#endif + +#ifndef CONFIG_IPSEC_NAT_TRAVERSAL +#define CONFIG_IPSEC_NAT_TRAVERSAL 1 +#endif + +#ifndef CONFIG_IPSEC_ALG +#define CONFIG_IPSEC_ALG 1 +#endif +#ifndef CONFIG_IPSEC_ALG_AES +#define CONFIG_IPSEC_ALG_AES 1 +#endif +#ifndef CONFIG_IPSEC_ALG_TWOFISH +#define CONFIG_IPSEC_ALG_TWOFISH 1 +#endif +#ifndef CONFIG_IPSEC_ALG_BLOWFISH +#define CONFIG_IPSEC_ALG_BLOWFISH 1 +#endif +#ifndef CONFIG_IPSEC_ALG_SERPENT +#define CONFIG_IPSEC_ALG_SERPENT 1 +#endif +#ifndef CONFIG_IPSEC_ALG_3DES +#define CONFIG_IPSEC_ALG_3DES 1 +#endif +#ifndef CONFIG_IPSEC_ALG_CAST +#define CONFIG_IPSEC_ALG_CAST 1 +#endif +#ifndef CONFIG_IPSEC_ALG_MD5 +#define CONFIG_IPSEC_ALG_MD5 1 +#endif +#ifndef CONFIG_IPSEC_ALG_NULL +#define CONFIG_IPSEC_ALG_NULL 1 +#endif +#ifndef CONFIG_IPSEC_ALG_SHA1 +#define CONFIG_IPSEC_ALG_SHA1 1 +#endif +#ifndef CONFIG_IPSEC_ALG_SHA2 +#define CONFIG_IPSEC_ALG_SHA2 1 +#endif + +#ifndef CONFIG_IPSEC_ALG_CRYPTOAPI +#define CONFIG_IPSEC_ALG_CRYPTOAPI 1 +#endif +#ifndef CONFIG_IPSEC_ALG_NON_LIBRE +#define CONFIG_IPSEC_ALG_NON_LIBRE 1 +#endif + +#endif /* _CONFIG_ALL_H */ diff --git a/debian/openswan-modules-source.rules b/debian/openswan-modules-source.rules new file mode 100755 index 000000000..f31746de1 --- /dev/null +++ b/debian/openswan-modules-source.rules @@ -0,0 +1,150 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=4 + +VERS = $(shell sed -ne '1s/.*(\(.*\)).*/\1/p' debian/changelog) + +# KSRC is the location of the kernel source. This is the default value, +# when make-kpkg is used it will supply to real value +KSRC = /usr/src/linux + +# KDREV is the package-revision, as given to make-kpkg by the user. +# Just put a simply default value in here which we use when we test +# the packagebuilding without make-kpkg +KDREV = "Custom.1.00" + +# Separate the epoch from the normal revision number in KDREV +# for use with dh_gencontrol +KDREV_EPOCH = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\1/p') +KDREV_REV = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\2/p') + +# Now we need to get the kernel-version somehow +KVERS=`sed -n -e '/UTS_RELEASE/s/^[^"]*"\([^"]*\)".*$$/\1/p' $(KSRC)/include/linux/version.h` + +SED_SCRIPT=s!\$$KVERS!$(KVERS)!g; \ + s!\$$KSRC!$(KSRC)!; \ + s!\$$KEMAIL!$(KEMAIL)!; \ + s!\$$KMAINT!$(KMAINT)!; \ + s!\$$KDREV!$(KDREV)!; \ + s!\$$DEBDATE!$(shell date +"%a, %d %b %Y %H:%M:%S %z")! + +ifeq ($(DEB_DEST),) +DEB_DEST=$(KSRC)/.. +endif + +# Clear root command if already root +ifeq ($(shell id -u),0) +ROOT_CMD= +endif + +# this primarily sets ARCH, we may be able to do that in another way +# but it also defines IPSECVERSION, which is needed below +include Makefile.inc + +debian/control: debian/control.in + sed -e "$(SED_SCRIPT)" debian/control.in > $@ + +.PHONY: debian/control + + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + +build: debian/control configure-stamp build-stamp +build-stamp: + dh_testdir + + $(MAKE) module KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + $(MAKE) modclean KERNELSRC=${KSRC} OPENSWANSRCDIR=$(CURDIR) + + dh_clean + + rm -f debian/control + +MODDESTDIR=$(CURDIR)/debian/openswan-modules-$(KVERS)/lib/modules/$(KVERS)/kernel/net/ipsec +install: +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + mkdir -p $(MODDESTDIR) + if [ -d modobj ]; then \ + cp modobj/ipsec.o $(MODDESTDIR); \ + cp modobj/ipsec_alg_*.o $(MODDESTDIR); \ + else \ + cp modobj26/ipsec.ko $(MODDESTDIR); \ + fi + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot +# dh_installdebconf + dh_installdocs + dh_installexamples + dh_installmenu +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit + dh_installmodules + dh_installcron + dh_installman + dh_installinfo +# dh_undocumented + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol -- -v$(KDREV_EPOCH)$(VERS)+$(KDREV_REV) + dh_md5sums + dh_builddeb --destdir=$(DEB_DEST) + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure + +binary-modules: binary + + +kdist_image: + $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules + $(ROOT_CMD) $(MAKE) -f debian/rules clean +kdist_clean: debian/control clean +kdist: + $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules +kdist_configure: configure-stamp + + +.PHONY: binary-modules kdist_image + diff --git a/debian/openswan.config b/debian/openswan.config new file mode 100644 index 000000000..e779a2ab1 --- /dev/null +++ b/debian/openswan.config @@ -0,0 +1,57 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +db_input medium openswan/start_level || true + +db_input medium openswan/restart || true + +db_input high openswan/enable-oe || true + +db_input high openswan/create_rsa_key || true +db_go || true + +db_get openswan/create_rsa_key +if [ "$RET" = "true" ]; then + db_input high openswan/rsa_key_type || true + db_go || true + + db_get openswan/rsa_key_type + if [ "$RET" = "plain" ]; then + # create just a plain RSA keypair + db_input medium openswan/rsa_key_length || true + db_go || true + else + # extract the RSA keypair from a x509 certificate + db_input high openswan/existing_x509_certificate || true + db_go || true + + # create a new certificate + db_input medium openswan/rsa_key_length || true + db_input high openswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium openswan/x509_country_code || true + db_go || true + db_get openswan/x509_country_code + countrycode="$RET" + done + db_input medium openswan/x509_state_name || true + db_input medium openswan/x509_locality_name || true + db_input medium openswan/x509_organization_name || true + db_input medium openswan/x509_organizational_unit || true + db_input medium openswan/x509_common_name || true + db_input medium openswan/x509_email_address || true + db_go || true + fi +else + db_get openswan/existing_x509_certificate + if [ "$RET" = "true" ]; then + # existing certificate - use it + db_input critical openswan/existing_x509_certificate_filename || true + db_input critical openswan/existing_x509_key_filename || true + db_go || true + fi +fi diff --git a/debian/openswan.dirs b/debian/openswan.dirs new file mode 100644 index 000000000..778085209 --- /dev/null +++ b/debian/openswan.dirs @@ -0,0 +1,15 @@ +/etc +/etc/ipsec.d +/etc/ipsec.d/cacerts +/etc/ipsec.d/ocspcerts +/etc/ipsec.d/crls +/etc/ipsec.d/private +/etc/ipsec.d/policies +/etc/init.d +/etc/logcheck/ignore.d.paranoid +/etc/logcheck/ignore.d.server +/etc/logcheck/ignore.d.workstation +/etc/logcheck/violations.ignore.d +/usr/bin +/usr/sbin +/var/lock/subsys diff --git a/debian/openswan.docs b/debian/openswan.docs new file mode 100644 index 000000000..e206d4729 --- /dev/null +++ b/debian/openswan.docs @@ -0,0 +1,5 @@ +BUGS +README +CREDITS +doc/ +docs/ diff --git a/debian/openswan.postinst b/debian/openswan.postinst new file mode 100644 index 000000000..7d9b19b4b --- /dev/null +++ b/debian/openswan.postinst @@ -0,0 +1,258 @@ +#! /bin/bash +# postinst script for openswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +insert_private_key() { + cat <> /etc/ipsec.secrets +: RSA { +$1 + } +EOF +} + +insert_private_key_filename() { + if ! grep -q ": RSA $1" /etc/ipsec.secrets; then + echo ": RSA $1" >> /etc/ipsec.secrets + fi +} + +IPSEC_SECRETS_PATTERN_1=': RSA {' +IPSEC_SECRETS_PATTERN_2=' # yyy' +IPSEC_SECRETS_PATTERN_3=' }' +IPSEC_SECRETS_PATTERN_4='# do not change the indenting of that "}"' + +# remove old, misguided attempts at a default ipsec.secrets files +repair_legacy_secrets() { + if grep -A 2 "$IPSEC_SECRETS_PATTERN_1" /etc/ipsec.secrets | + tail --lines=2 | + grep -A 1 "$IPSEC_SECRETS_PATTERN_2" | + tail --lines=1 | + grep "$IPSEC_SECRETS_PATTERN_3" >/dev/null; then + echo "Old default config file detected, removing the old defaults now." + umask 077 ; ( + # this is ugly, and someone maybe can formulate this in sed, but + # this was the quickest way for me + line=`grep -n "$IPSEC_SECRETS_PATTERN_2" /etc/ipsec.secrets | cut -d':' -f1` + until=`expr $line - 1` + head -n $until /etc/ipsec.secrets + sum=`wc -l /etc/ipsec.secrets | cut -d ' ' -f1` + from=`expr $sum - $line -1` + tail -n $from /etc/ipsec.secrets + ) > /etc/ipsec.secrets.tmp + mv /etc/ipsec.secrets.tmp /etc/ipsec.secrets + grep -v "$IPSEC_SECRETS_PATTERN_4" /etc/ipsec.secrets > /etc/ipsec.secrets.tmp + mv /etc/ipsec.secrets.tmp /etc/ipsec.secrets + fi +} + +make_x509_cert() { + if [ $# -ne 12 ]; then + echo "Error in creating X.509 certificate" + exit 1 + fi + + case $5 in + false) + certreq=$4.req + selfsigned="" + ;; + true) + certreq=$4 + selfsigned="-x509" + ;; + *) + echo "Error in creating X.509 certificate" + exit 1 + ;; + esac + + echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ + /usr/bin/openssl req -new -outform PEM -out $certreq \ + -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ + -days $2 $selfsigned >/dev/null +} + +. /usr/share/debconf/confmodule + +case "$1" in + configure) + db_get openswan/create_rsa_key + if [ "$RET" = "true" ]; then + repair_legacy_secrets + # OK, ipsec.secrets should now be correct + db_get openswan/rsa_key_type + if [ "$RET" = "plain" ]; then + # a RSA keypair should be created - check if there is one already + if egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then + echo "Warning: there is already a RSA key in /etc/ipsec.secrets." + echo "Creating an additional one." + fi + # create a plain openswan keypair + db_get openswan/rsa_key_length + umask 077 + keylength=$RET + privkey=`mktemp /tmp/ipsec-postinst.XXXXXX` + /usr/lib/ipsec/rsasigkey $keylength > $privkey + insert_private_key "`cat $privkey`" + rm $privkey + echo "Successfully created a plain openswan RSA keypair." + else + # extract the key from a (newly created) x509 certificate + host=`hostname` + newkeyfile="/etc/ipsec.d/private/${host}Key.pem" + newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" + if [ -e $newcertfile -o -e $newkeyfile ]; then + echo "Error: $newcertfile or $newkeyfile already exists." + echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." + else + # create a new certificate + db_get openswan/rsa_key_length + keylength=$RET + db_get openswan/x509_self_signed + selfsigned=$RET + db_get openswan/x509_country_code + countrycode=$RET + if [ -z "$countrycode" ]; then countrycode="."; fi + db_get openswan/x509_state_name + statename=$RET + if [ -z "$statename" ]; then statename="."; fi + db_get openswan/x509_locality_name + localityname=$RET + if [ -z "$localityname" ]; then localityname="."; fi + db_get openswan/x509_organization_name + orgname=$RET + if [ -z "$orgname" ]; then orgname="."; fi + db_get openswan/x509_organizational_unit + orgunit=$RET + if [ -z "$orgunit" ]; then orgunit="."; fi + db_get openswan/x509_common_name + commonname=$RET + if [ -z "$commonname" ]; then commonname="."; fi + db_get openswan/x509_email_address + email=$RET + if [ -z "$email" ]; then email="."; fi + make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" + chmod 0600 "$newkeyfile" + umask 077 + insert_private_key_filename "$newkeyfile" + echo "Successfully created x509 certificate." + fi + fi + else + db_get openswan/existing_x509_certificate + if [ "$RET" = "true" ]; then + if [ -e $newcertfile -o -e $newkeyfile ]; then + echo "Error: $newcertfile or $newkeyfile already exists." + echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." + else + # existing certificate - use it + db_get openswan/existing_x509_certificate_filename + certfile=$RET + db_get openswan/existing_x509_key_filename + keyfile=$RET + if [ ! -r $certfile ] || [ ! -r $keyfile ]; then + echo "Either the certificate or the key file could not be read !" + else + cp "$certfile" /etc/ipsec.d/certs + umask 077 + cp "$keyfile" "/etc/ipsec.d/private" + newkeyfile="/etc/ipsec.d/private/`basename $keyfile`" + chmod 0600 "$newkeyfile" + insert_private_key_filename "$newkeyfile" + echo "Successfully extracted RSA key from existing x509 certificate." + fi + fi + fi + fi + + # figure out the correct start time + db_get openswan/start_level + if [ "$RET" = "earliest" ]; then + LEVELS="start 41 S . stop 34 0 6 ." + elif [ "$RET" = "after NFS" ]; then + LEVELS="start 15 2 3 4 5 . stop 30 0 1 6 ." + else + LEVELS="start 21 2 3 4 5 . stop 19 0 1 6 ." + fi + update-rc.d ipsec $LEVELS > /dev/null + + db_get openswan/enable-oe + if [ "$RET" != "true" ]; then + echo -n "Disabling opportunistic encryption (OE) in config file ... " + if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then + echo "already disabled" + else + cat <> /etc/ipsec.conf +#Disable Opportunistic Encryption +include /etc/ipsec.d/examples/no_oe.conf +EOF + echo "done" + fi + else + echo -n "Enabling opportunistic encryption (OE) in config file ... " + if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then + sed 's/include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/no_oe.conf/' < /etc/ipsec.conf > /etc/ipsec.conf.tmp + mv /etc/ipsec.conf.tmp /etc/ipsec.conf + echo "done" + else + echo "already enabled" + fi + fi + + if [ -z "$2" ]; then + # no old configured version - start openswan now + invoke-rc.d ipsec start || true + else + # does the user wish openswan to restart? + db_get openswan/restart + if [ "$RET" = "true" ]; then + invoke-rc.d ipsec restart || true # sure, we'll restart it for you + fi + fi + + db_stop + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically + +#DEBHELPER# + +exit 0 diff --git a/debian/openswan.postrm b/debian/openswan.postrm new file mode 100644 index 000000000..f5aa182f1 --- /dev/null +++ b/debian/openswan.postrm @@ -0,0 +1,42 @@ +#! /bin/sh +# postrm script for openswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + # update the menu system +# if [ -x /usr/bin/update-menus ]; then update-menus; fi + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +if [ "$1" = "purge" ] ; then + update-rc.d ipsec remove >/dev/null +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + + diff --git a/debian/openswan.prerm b/debian/openswan.prerm new file mode 100644 index 000000000..de804d5cb --- /dev/null +++ b/debian/openswan.prerm @@ -0,0 +1,40 @@ +#! /bin/sh +# prerm script for openswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + upgrade) + ;; + remove|deconfigure) + /etc/init.d/ipsec stop || true +# install-info --quiet --remove /usr/info/openswan.info.gz + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/openswan.templates b/debian/openswan.templates new file mode 100644 index 000000000..6f75e1ef4 --- /dev/null +++ b/debian/openswan.templates @@ -0,0 +1,633 @@ +Template: openswan/start_level +Type: select +Choices: earliest, "after NFS", "after PCMCIA" +Choices-fr: Le plus tôt possible, Après NFS, Après PCMCIA +Choices-ja: ²Äǽ¤Ê¸Â¤êÁ᤯, "NFS µ¯Æ°¸å", "PCMCIA µ¯Æ°¸å" +Choices-pt_BR: o quando antes, "depois do NFS", "depois do PCMCIA" +Default: earliest +Description: At which level do you wish to start Openswan ? + With the current Debian startup levels (nearly everything starting in + level 20), it is impossible for Openswan to always start at the correct + time. There are three possibilities when Openswan can start: before or + after the NFS services and after the PCMCIA services. The correct answer + depends on your specific setup. + . + If you do not have your /usr tree mounted via NFS (either you only mount + other, less vital trees via NFS or don't use NFS mounted trees at all) and + don't use a PCMCIA network card, then it is the best to start Openswan at + the earliest possible time, thus allowing the NFS mounts to be secured by + IPSec. In this case (or if you don't understand or care about this + issue), answer "earliest" to this question (the default). + . + If you have your /usr tree mounted via NFS and don't use a PCMCIA network + card, then you will need to start Openswan after NFS so that all + necessary files are available. In this case, answer "after NFS" to this + question. Please note that the NFS mount of /usr can not be secured by + IPSec in this case. + . + If you use a PCMCIA network card for your IPSec connections, then you only + have to choice to start it after the PCMCIA services. Answer "after + PCMCIA" in this case. This is also the correct answer if you want to fetch + keys from a locally running DNS server with DNSSec support. +Description-fr: Étape de lancement d'Openswan : + Avec les niveaux de démarrage actuellement utilisés par Debian (presque + tout démarre au niveau 20), il est impossible de faire en sorte + qu'Openswan démarre toujours au moment approprié. Il existe trois moments + où il est opportun de le démarrer : avant ou après les services NFS ou + après les services PCMCIA. La réponse appropriée dépend de vos réglages + spécifiques. + . + Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos + montages NFS sont à d'autres endroits, moins critiques, soit parce que + vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de + carte réseau PCMCIA, il est préférable de démarrer Openswan le plus tôt + possible, ce qui permettra de sécuriser les montages NFS avec IPSec. Dans + ce cas (ou bien si vous ne comprenez pas l'objet de la question ou qu'elle + ne vous concerne pas), choisissez « le plus tôt possible », qui est le + choix par défaut. + . + Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau + PCMCIA, vous devrez alors démarrer Openswan après les services NFS afin + que tous les fichiers nécessaires soient disponibles. Dans ce cas, + choisissez « après NFS ». Veuillez noter que le montage NFS de /usr n'est + alors pas sécurisé par IPSec. + . + Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul + choix possible est le démarrage après les services PCMCIA. Choisissez + alors « après PCMCIA ». Faites également ce choix si vous souhaitez + récupérer les clés d'authentification sur un serveur DNS reconnaissant + DNSSec. +Description-ja: ¤É¤ÎÃʳ¬¤Ç Openswan ¤òµ¯Æ°¤µ¤»¤Þ¤¹¤«? + ¸½ºß¤Î Debian ¤Ç¤Îµ¯Æ°¥ì¥Ù¥ë (¤Û¤È¤ó¤ÉÁ´¤Æ¤¬¥ì¥Ù¥ë20) ¤Î¤Þ¤Þ¤Ç¤Ï¡¢Openswan + ¤ò¾ï¤Ë¤ÏŬÀڤʥ¿¥¤¥ß¥ó¥°¤Çµ¯Æ°¤Ç¤­¤Þ¤»¤ó¡£Openswan + ¤òµ¯Æ°¤µ¤»¤ë¥¿¥¤¥ß¥ó¥°¤ÎÁªÂò»è¤È¤·¤Æ¤Ï3¤Ä¤¬¹Í¤¨¤é¤ì¤Þ¤¹: NFS + ¥µ¡¼¥Ó¥¹¤Î³«»ÏÁ°¡¦³«»Ï¸å¡¦PCMCIA + ¥µ¡¼¥Ó¥¹¤Î³«»Ï¸å¤Ç¤¹¡£Àµ²ò¤Ï¤¢¤Ê¤¿¤ÎÀßÄ꼡Âè¤Ç¤¹¡£ + . + NFS ·Ðͳ¤Ç /usr ¤ò¥Þ¥¦¥ó¥È¤»¤º + (¾¤Î¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¤ä¤¢¤Þ¤ê½ÅÍפǤϤʤ¤¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¤ò NFS + ·Ðͳ¤Ç¥Þ¥¦¥ó¥È¤¹¤ë¤«¡¢¤Þ¤¿¤Ï NFS ¥Þ¥¦¥ó¥È¤òÁ´¤¯»È¤ï¤Ê¤¤)¡¢²Ã¤¨¤Æ PCMCIA + ¥Í¥Ã¥È¥ï¡¼¥¯¥«¡¼¥É¤òÍøÍѤ·¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢²Äǽ¤Ê¸Â¤êÁᤤ»þ´Ö¤Ë Openswan + ¤òµ¯Æ°¤¹¤ë¤Î¤¬¥Ù¥¹¥È¤Ç¤¹¡£¤³¤ÎÀßÄê¤Ë¤è¤Ã¤Æ¡¢NFS ¤Ç¤Î¥Þ¥¦¥ó¥È¤Ï IPSec + ¤ÇÊݸ¤ì¤Þ¤¹¡£¤³¤Î¾ì¹ç + (¤Þ¤¿¤Ï¤³¤ÎÌäÂê¤òÍý²ò¤·¤Æ¤¤¤Ê¤¤¤«Æä˵¤¤Ë¤·¤Ê¤¤¾ì¹ç) + ¡¢"²Äǽ¤Ê¸Â¤êÁ᤯"¤È¼ÁÌä¤ËÅú¤¨¤Æ¤¯¤À¤µ¤¤ (ɸ½à) ¡£ + . + NFS ·Ðͳ¤Ç /usr ¤ò¥Þ¥¦¥ó¥È¤·¤Æ¤¤¤Æ PCMCIA + ¥Í¥Ã¥È¥ï¡¼¥¯¥«¡¼¥É¤ò»ÈÍѤ·¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢É¬Íפʥե¡¥¤¥ë¤òÍøÍѲÄǽ¤Ë¤¹¤ë¤¿¤á¤Ë + Openswan ¤ò NFS ¤Î¸å¤Çµ¯Æ°¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¤³¤Î¾ì¹ç¡¢"NFS µ¯Æ°¸å" + ¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£¤³¤Î»þ¤Ë NFS ·Ðͳ¤Ç¥Þ¥¦¥ó¥È¤µ¤ì¤ë /usr ¤Ï¡¢IPSec + ¤Ë¤è¤ë¥»¥­¥å¥¢¤Ê¾õÂ֤ˤϤʤé¤Ê¤¤¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£ + . + IPSec Àܳ¤Ë PCMCIA ¥Í¥Ã¥È¥ï¡¼¥¯¥«¡¼¥É¤òÍøÍѤ·¤Æ¤¤¤¿¾ì¹ç¡¢PCMCIA + ¥µ¡¼¥Ó¥¹¤Îµ¯Æ°¸å¤Ë Openswan + ¤òµ¯Æ°¤¹¤ë°Ê³°¤ËÁªÂò¤Ï¤¢¤ê¤Þ¤»¤ó¡£¤³¤Î¾ì¹ç¡¢"PCMCIA µ¯Æ°¸å" + ¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£¥í¡¼¥«¥ë¤ÇÆ°ºî¤·¤Æ¤¤¤ë DNSSec µ¡Ç½¤ò»ÈÍѤ·¤Æ¤¤¤ë DNS + ¥µ¡¼¥Ð¤«¤é¸°¤ò¼èÆÀ¤·¤¿¤¤¾ì¹ç¤Ç¤â¡¢¤³¤ÎÅú¤¨¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£ +Description-pt_BR: Em que nível você deseja iniciar o Openswan ? + Com os níveis de inicialização atuais do Debian (quase todos os serviços + iniciando no nível 20) é impossível para o Openswan sempre iniciar no + momento correto. Existem três possibilidades para quando iniciar o + Openswan : antes ou depois dos serviços NFS e depois dos serviços PCMCIA. + A resposta correta depende se sua configuração específica. + . + Caso você não possua sua àrvore /usr montada via NFS (você somente monta + outras àrvores não vitais via NFS ou não usa àrvores montadas via NFS) e + não use um cartão de rede PCMCIA, a melhor opção é iniciar o Openswan o + quando antes, permitindo dessa forma que os pontos de montagem NFS estejam + protegidos por IPSec. Nesse caso (ou caso você não compreenda ou não se + importe com esse problema), responda "o quando antes" para esta pergunta + (o que é o padrão). + . + Caso você possua sua àrvore /usr montada via NFS e não use um cartão de + rede PCMCIA, você precisará iniciar o Openswan depois do NFS de modo que + todos os arquivos necessários estejam disponíveis. Nesse caso, responda + "depois do NFS" para esta pergunta. Por favor, note que a montagem NFS de + /usr não poderá ser protegida pelo IPSec nesse caso. + . + Caso você use um cartão de rede PCMCIA para suas conexões IPSec você + precisará somente optar por iniciar o Opensan depois dos serviços PCMCIA. + Responda "depois do PCMCIA" nesse caso. Esta é também a maneira correta de + obter chaves de um servidor DNS sendo executado localmente e com suporte a + DNSSec. + +Template: openswan/restart +Type: boolean +Default: true +Description: Do you wish to restart Openswan? + Restarting Openswan is a good idea, since if there is a security fix, it + will not be fixed until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However this might take down + existing connections and then bring them back up. +Description-fr: Souhaitez-vous redémarrer Openswan ? + Redémarrer Openswan est préférable car un éventuel correctif de sécurité + ne prendra place que si le démon est redémarré. La plupart des + utilisateurs s'attendent à ce que le démon redémarre et c'est donc le plus + souvent le meilleur choix. Cependant, cela pourrait interrompre + provisoirement des connexions en cours. +Description-ja: Openswan ¤òºÆµ¯Æ°¤·¤Þ¤¹¤«? + ¥»¥­¥å¥ê¥Æ¥£½¤Àµ¤¬¤¢¤Ã¤¿¾ì¹ç¤Ë¤Ï¥Ç¡¼¥â¥ó¤¬ºÆµ¯Æ°¤µ¤ì¤ë¤Þ¤Ç½¤Àµ¤¬È¿±Ç¤µ¤ì¤Þ¤»¤ó¡£¤½¤Î¤¿¤á¡¢Openswan + ¤òºÆµ¯Æ°¤¹¤ë¤Î¤ÏÎɤ¤¹Í¤¨¤Ç¤¹¡£¤Û¤È¤ó¤É¤Î¿Í¤Ï¥Ç¡¼¥â¥ó¤òºÆµ¯Æ°¤·¤è¤¦¤È¤·¤Þ¤¹¤¬¡¢¤³¤ì¤ÏÂçÄñÌäÂꤢ¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢¤³¤Îºî¶È¤Ç¸½ºß¤ÎÀܳ¤ÏÀÚÃǤµ¤ì¡¢ºÆÅÙ·Ò¤®¤Ê¤ª¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£ +Description-pt_BR: Você deseja reiniciar o Openswan ? + Reiniciar o Openswan é uma boa idéia, uma vez que caso exista um correção + para uma falha de segurança, o mesmo não será corrigido até que o daemon + seja reiniciado. A maioria das pessoas esperam que o daemon seja + reiniciado, portanto essa é geralmente uma boa idéia. Porém, reiniciar o + Openswan pode derrubar conexões existentes, mas posteriormente trazê-las + de volta. + +Template: openswan/create_rsa_key +Type: boolean +Default: true +Description: Do you want to create a RSA public/private keypair for this host ? + This installer can automatically create a RSA public/private keypair for + this host. This keypair can be used to authenticate IPSec connections to + other hosts and is the preferred way for building up secure IPSec + connections. The other possibility would be to use shared secrets + (passwords that are the same on both sides of the tunnel) for + authenticating an connection, but for a larger number of connections RSA + authentication is easier to administrate and more secure. +Description-fr: Souhaitez-vous créer une paire de clés RSA publique et privée pour cet hôte ? + Cet outil d'installation peut créer automatiquement une paire de clés RSA + publique et privée pour cet hôte. Cette paire de clés peut servir à + authentifier des connexions IPSec vers d'autres hôtes. Cette méthode est + la méthode conseillée pour l'établissement de liaisons IPSec sûres. + L'autre possibilité d'authentification à la connexion est l'utilisation + d'un secret partagé (« pre-shared key » : des mots de passe identiques aux + deux extrémités du tunnel). Toutefois, pour de nombreuses connexions, + l'authentification RSA est plus simple à administrer et plus sûre. +Description-ja: ¤³¤Î¥Û¥¹¥È¤Î RSA ¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥­¡¼¥Ú¥¢¤òÀ¸À®¤·¤Þ¤¹¤«? + ¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ï¤³¤Î¥Û¥¹¥È¤Î RSA + ¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥­¡¼¥Ú¥¢¤ò¼«Æ°Åª¤ËÀ¸À®¤Ç¤­¤Þ¤¹¡£¤³¤Î¥­¡¼¥Ú¥¢¤Ï¾¤Î¥Û¥¹¥È¤È¤Î + IPSec ÄÌ¿®¤Ç¤Îǧ¾Ú¤ËÍøÍѲÄǽ¤Ç¡¢¥»¥­¥å¥¢¤Ê IPSec + ÄÌ¿®¤ò³ÎΩ¤¹¤ëÊýË¡¤È¤·¤Æ¹¥¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£Â¾¤ËÍøÍѲÄǽ¤ÊÊýË¡¤È¤·¤Æ¤Ï¶¦Ä̸° + (¥È¥ó¥Í¥ë¤ÎÁÐÊý¤ÇƱ¤¸¥Ñ¥¹¥ï¡¼¥É) + ¤òÄÌ¿®¤Îǧ¾Ú¤ËÍøÍѤ¹¤ë¤È¤¤¤¦¤Î¤¬¤¢¤ê¤Þ¤¹¤¬¡¢Â¿¿ô¤ÎÀܳ¤ËÂФ·¤Æ¤Ï¡¢RSA + ǧ¾Ú¤Î¤Û¤¦¤¬´ÉÍý¤¬¤è¤ê´Êñ¤Ç¡¢¤è¤ê¥»¥­¥å¥¢¤Ç¤¹¡£ +Description-pt_BR: Você deseja criar um par de chaves RSA pública/privada para este host ? + Este instalador pode automaticamente criar um par de chaves RSA + pública/privada para este host. Esse par de chaves pode ser usado para + autenticar conexões IPSec com outros hosts e é a maneira preferida de + construir conexões IPSec seguras. A outra possibilidade seria usar + segredos compartilhados (senhas que são iguais em ambos os lados do túnel) + para autenticar uma conexão, mas para um grande número de conexões RSA a + autenticação é mais fácil de administrar e mais segura. + +Template: openswan/rsa_key_type +Type: select +Choices: x509, plain +Choices-fr: X509, simple paire +Choices-ja: x509, Ä̾ï¤Î¥¿¥¤¥× +Choices-pt_BR: x509, pura +Default: x509 +Description: Which type of RSA keypair do you want to create ? + It is possible to create a plain RSA public/private keypair for the use + with Openswan or to create a X509 certificate file which contains the RSA + public key and additionally store the corresponding private key. + . + If you only want to build up IPSec connections to hosts also running + Openswan, it might be a bit easier using plain RSA keypairs. But if you + want to connect to other IPSec implementations, you will need a X509 + certificate. It is also possible to create a X509 certificate here and + extract the RSA public key in plain format if the other side runs + Openswan without X509 certificate support. + . + Therefore a X509 certificate is recommended since it is more flexible and + this installer should be able to hide the complex creation of the X509 + certificate and its use in Openswan anyway. +Description-fr: Type de paire de clés RSA à créer : + Il est possible de créer une simple paire de clés destinée à être utilisée + avec Openswan ou de créer un fichier de certificat X509 qui contient la + clé publique RSA et de conserver la clé privée correspondante par + ailleurs. + . + Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hôtes + utilisant Openswan, il sera probablement plus facile d'utiliser des clés + RSA simples. Mais si vous souhaitez vous connecter à des hôtes utilisant + d'autres implémentations d'IPSec, vous aurez besoin d'un certificat X509. + Il est également possible de créer un certificat X509 puis d'en extraire + un simple clé publique RSA, si l'autre extrémité de la connexion utilise + Openswan sans le support des certificats X509. + . + En conséquence, il vous est conseillé d'utiliser un certificat X509 car + cette méthode est plus souple. Cet outil d'installation devrait vous + simplifier la tâche de création et d'utilisation de ce certificat X509. +Description-ja: ¤É¤Á¤é¤Î¥¿¥¤¥×¤Î RSA ¥­¡¼¥Ú¥¢¤òÀ¸À®¤·¤Þ¤¹¤«? + Openswan ¤ÇÍøÍѤ¹¤ëÄ̾ï¤Î RSA ¸ø³«¸°¡¦ÈëÌ©¸°¤Î¥­¡¼¥Ú¥¢¤òºî¤ì¤Þ¤¹¡£¤¢¤ë¤¤¤Ï + RSA ¸ø³«¸°¤ò (¤µ¤é¤Ë¤Ï¤½¤ì¤ËÂбþ¤¹¤ëÈëÌ©¸°¤â) ´Þ¤à X509 + ¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¤âƱÍͤǤ¹¡£ + . + ´û¤Ë Openswan ¤òÆ°ºî¤µ¤»¤Æ¤¤¤ë¥Û¥¹¥È¤È IPSec + ÄÌ¿®¤ò³ÎΩ¤·¤¿¤¤¤À¤±¤Î¾ì¹ç¤Ï¡¢Ä̾ï¤Î RSA + ¥­¡¼¥Ú¥¢¤ò»ÈÍѤ¹¤ë¤È¿¾¯´Êñ¤Ë¤Ê¤ê¤Þ¤¹¡£¤·¤«¤·¡¢Â¾¤Î IPSec + ¼ÂÁõ¤È¤ÎÀܳ¤ò¹Ô¤¤¤¿¤¤¾ì¹ç¤Ï X509 + ¾ÚÌÀ½ñ¤¬É¬Íפˤʤê¤Þ¤¹¡£ÄÌ¿®¤ò¹Ô¤¦ÂоݤΥۥ¹¥È¤¬ Openswan ¤ò X509 + ¾ÚÌÀ½ñ¤Î¥µ¥Ý¡¼¥È̵¤·¤Ç±¿ÍѤ·¤Æ¤¤¤¿¾ì¹ç¡¢¤³¤³¤Ç X509 + ¾ÚÌÀ½ñ¤òÀ¸À®¤·¤Æ¡¢¸å¤Û¤É RSA ¸ø³«¸°¤òÄ̾ï¤Î·Á¼°¤ËŸ³«¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£ + . + ¤·¤¿¤¬¤Ã¤Æ X509 + ¾ÚÌÀ½ñ¤¬¤ª´«¤á¤Ç¤¹¡£¤³¤Á¤é¤Î¤Û¤¦¤¬½ÀÆð¤Ç¤¹¤·¡¢¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤ò»È¤¨¤Ð¡¢X509 + ¾ÚÌÀ½ñ¤ÎÀ¸À®¤ä Openswan ¤Ç¤ÎÍøÍѤ˺ݤ·¤Æ¤ÎÌÌÅݤµ¤ò±£Ê䷤Ƥ¯¤ì¤ë¤Ï¤º¤Ç¤¹¡£ +Description-pt_BR: Qual tipo de par de chaves RSA você deseja criar ? + É possível criar um par de chaves RSA pública/privada pura (plain) para + uso com o Openswan ou para criar um arquivo de certificado X509 que irá + conter a chave RSA pública e adicionalmente armazenar a chave privada + correspondente. + . + Caso você queira somente construir conexões IPsec para hosts e também + executar o Openswan, pode ser um pouco mais fácil usar pares de chaves RSA + puros (plain). Mas caso você queira se conectar a outras implementações + IPSec, você precisará de um certificado X509. É também possível criar um + certificado X509 aqui e extrair a chave pública em formato puro (plain) + caso o outro lado execute o Openswan sem suporte a certificados X509. + . + Um certificado X509 é recomendado, uma vez que o mesmo é mais flexível e + este instalador é capaz de simplificar a complexa criação do certificado + X509 e seu uso com o Openswan. + +Template: openswan/existing_x509_certificate +Type: boolean +Default: false +Description: Do you have an existing X509 certificate file that you want to use for Openswan ? + This installer can automatically extract the needed information from an + existing X509 certificate with a matching RSA private key. Both parts can + be in one file, if it is in PEM format. Do you have such an existing + certificate and key file and want to use it for authenticating IPSec + connections ? +Description-fr: Possédez-vous un fichier de certificat X509 existant àutiliser avec Openswan ? + Cet outil d'installation est capable d'extraire automatiquement + l'information nécessaire d'un fichier de certificat X509 existant, avec la + clé privée RSA correspondante. Les deux parties peuvent se trouver dans un + seul fichier, s'il est en format PEM. Possédez-vous un tel certificat + ainsi que la clé privée, et souhaitez-vous vous en servir pour + l'authentification des connexions IPSec ? +Description-ja: ´û¤Ë¸ºß¤·¤Æ¤¤¤ë X509 ¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¤ò Openswan ¤ÇÍøÍѤ·¤Þ¤¹¤«? + ¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ï´û¤Ë¸ºß¤·¤Æ¤¤¤ë X509 ¾ÚÌÀ½ñ¤«¤é RSA + ÈëÌ©¸°¤È¾È¤é¤·¹ç¤ï¤»¤ÆɬÍפʾðÊó¤ò¼«Æ°Åª¤ËŸ³«¤¹¤ë»ö¤¬²Äǽ¤Ç¤¹¡£ PEM + ·Á¼°¤Î¾ì¹ç¡¢ÁÐÊý¤ò°ì¤Ä¤Î¥Õ¥¡¥¤¥ë¤Ë¤Þ¤È¤á¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£¤½¤Î¤è¤¦¤Ê¾ÚÌÀ½ñ¤È¸°¤Î¥Õ¥¡¥¤¥ë¤¬¤¢¤ê¡¢¤³¤ì¤é¤ò + IPSec ÄÌ¿®¤Ç¤Îǧ¾Ú¤Ë»ÈÍѤ·¤¿¤¤¤Ç¤¹¤«? +Description-pt_BR: Você possui um arquivo de certificado X509 existente que você gostaria de usar com o Openswan ? + Este instalador pode extrair automaticamente a informação necessária de um + certificado X509 existente com uma chave RSA privada adequada. Ambas as + partes podem estar em um arquivo, caso estejam no formato PEM. Você possui + um certificado existente e um arquivo de chave e quer usá-los para + autenticar conexões IPSec ? + +Template: openswan/existing_x509_certificate_filename +Type: string +Description: Please enter the location of your X509 certificate in PEM format. + Please enter the location of the file containing your X509 certificate in + PEM format. +Description-fr: Emplacement de votre certificat X509 au format PEM : + Veuillez indiquer l'emplacement du fichier contenant votre certificat X509 + au format PEM. +Description-ja: PEM ·Á¼°¤Î X509 ¾ÚÌÀ½ñ¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + PEM ·Á¼°¤Î X509 ¾ÚÌÀ½ñ¤ò´Þ¤ó¤Ç¤¤¤ë¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ +Description-pt_BR: Por favor, informe a localização de seu certificado X509 no formato PEM. + Por favor, informe a localização do arquivo contendo seu certificado X509 + no formato PEM. + +Template: openswan/existing_x509_key_filename +Type: string +Description: Please enter the location of your X509 private key in PEM format. + Please enter the location of the file containing the private RSA key + matching your X509 certificate in PEM format. This can be the same file + that contains the X509 certificate. +Description-fr: Emplacement de votre clé privée X509 au format PEM : + Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA + correspondant à votre certificat X509 au format PEM. Cela peut être le + fichier qui contient le certificat X509. +Description-ja: PEM ·Á¼°¤Î X509 ÈëÌ©¸°¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + PEM ·Á¼°¤Î X509 + ¾ÚÌÀ½ñ¤ËÂбþ¤¹¤ëÈëÌ©¸°¤ò´Þ¤ó¤Ç¤¤¤ë¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï + X509 ¾ÚÌÀ½ñ¤ò´Þ¤ó¤Ç¤¤¤ë¥Õ¥¡¥¤¥ë¤ÈƱ¤¸¤Ç¹½¤¤¤Þ¤»¤ó¡£ +Description-pt_BR: Por favor, informe a localização de sua chave privada X509 no formato PEM. + Por favor, informe a localização do arquivo contendo a chave privada RSA + que casa com seu certificado X509 no formato PEM. Este pode ser o mesmo + arquivo que contém o certificado X509. + +Template: openswan/rsa_key_length +Type: string +Default: 2048 +Description: Which length should the created RSA key have ? + Please enter the length of the created RSA key. it should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 2048 bits because it only slows the + authentication process down and is not needed at the moment. +Description-fr: Longueur de la clé RSA à créer : + Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit + pas être inférieure à 1024 bits car cela serait considéré comme + insuffisamment sûr. Un choix excédant 2048 bits est probablement inutile + car cela ne fait essentiellement que ralentir le processus + d'authentification sans avoir d'intérêt actuellement. +Description-ja: RSA ¸°¤ò¤É¤ÎŤµ¤ÇÀ¸À®¤·¤Þ¤¹¤«? + À¸À®¤¹¤ë RSA ¸°¤ÎŤµ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£°ÂÁ´¤Î¤¿¤á¡¢1024 + ¥Ó¥Ã¥È°Ê²¼¤Ë¤¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£2048 + ¥Ó¥Ã¥È°Ê¾å¤Ë¤¹¤ëɬÍפâ¤Ê¤¤¤Ç¤·¤ç¤¦¡£Ç§¾Ú¥×¥í¥»¥¹¤¬ÃÙ¤¯¤Ê¤ê¤Þ¤¹¤·¡¢¸½»þÅÀ¤Ç¤Ï¤ª¤½¤é¤¯É¬Íפ¢¤ê¤Þ¤»¤ó¡£ +Description-pt_BR: Qual deve ser o tamanho da chave RSA criada ? + Por favor, informe o tamanho da chave RSA a ser criada. A mesma não deve + ser menor que 1024 bits devido a uma chave de tamanho menor que esse ser + considerada insegura. Você também não precisará de nada maior que 2048 + porque isso somente deixaria o processo de autenticação mais lento e não + seria necessário no momento. + +Template: openswan/x509_self_signed +Type: boolean +Default: true +Description: Do you want to create a self-signed X509 certificate ? + This installer can only create self-signed X509 certificates + automatically, because otherwise a certificate authority is needed to sign + the certificate request. If you want to create a self-signed certificate, + you can use it immediately to connect to other IPSec hosts that support + X509 certificate for authentication of IPSec connections. However, if you + want to use the new PKI features of Openswan >= 1.91, you will need to + have all X509 certificates signed by a single certificate authority to + create a trust path. + . + If you do not want to create a self-signed certificate, then this + installer will only create the RSA private key and the certificate request + and you will have to sign the certificate request with your certificate + authority. +Description-fr: Souhaitez-vous créer un certificat X509 auto-signé ? + Cet outil d'installation ne peut créer automatiquement qu'un certificat + X509 auto-signé puisqu'une autorité de certification est indispensable + pour signer la demande de certificat. Si vous choisissez de créer un + certificat auto-signé, vous pourrez vous en servir immédiatement pour vous + connecter aux hôtes qui authentifient les connexions IPSec avec des + certificats X509. Cependant, si vous souhaitez utiliser les nouvelles + fonctionnalités PKI de Openswan >= 1.91, vous aurez besoin que tous les + certificats X509 soient signés par la même autorité de certification afin + de créer un chemin de confiance. + . + Si vous ne voulez pas créer de certificat auto-signé, cet outil + d'installation ne fera que créer la clé privée RSA et la demande de + certificat, que vous devrez ensuite signer avec votre autorité de + certification. +Description-ja: ¼«¸Ê½ð̾ X509 ¾ÚÌÀ½ñ¤òÀ¸À®¤·¤Þ¤¹¤«? + ¾ÚÌÀ½ñÍ×µá¤Ë½ð̾¤¹¤ë¤¿¤á¤Ë¤Ïǧ¾Ú¶É¤¬É¬ÍפȤʤë¤Î¤Ç¡¢¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ç¤Ï¼«¸Ê½ð̾ + X509 + ¾ÚÌÀ½ñ¤ò¼«Æ°Åª¤ËÀ¸À®¤¹¤ë»ö¤À¤±¤¬²Äǽ¤Ç¤¹¡£¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤·¤¿¤¤¾ì¹ç¡¢¤³¤ì¤ò»ÈÍѤ·¤Æ¤¹¤°¤Ë + X509 ¾ÚÌÀ½ñ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¾¤Î IPSec + ¥Û¥¹¥È¤ËÀܳ²Äǽ¤Ç¤¹¡£¤·¤«¤·¡¢Openswan ¥Ð¡¼¥¸¥ç¥ó 1.91 °Ê¾å¤Ç¤Î¿·¤·¤¤ PKI + µ¡Ç½¤ò»È¤¤¤¿¤¤¾ì¹ç¤Ï¡¢trust path + ¤òÀ¸À®¤¹¤ë¤¿¤á¤Ëñ°ì¤Îǧ¾Ú¶É¤Ë¤è¤Ã¤Æ¤¹¤Ù¤Æ¤Î X509 + ¾ÚÌÀ½ñ¤Ë½ð̾¤·¤Æ¤â¤é¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£ + . + ¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤·¤¿¤¯¤Ê¤¤¾ì¹ç¡¢¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ï RSA + ÈëÌ©¸°¤È¾ÚÌÀ½ñÍ×µá¤Î¤ß¤òÀ¸À®¤·¤Þ¤¹¡£¤½¤·¤Æ¡¢Ç§¾Ú¶É¤Ë¾ÚÌÀ½ñÍ×µá¤Ø½ð̾¤ò¤·¤Æ¤â¤é¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£ +Description-pt_BR: Deseja criar um certificado X509 auto-assinado ? + Este instalador pode criar automaticamente somente certificados X509 + auto-assinados, devido a uma autoridade certificadora ser necessária para + assinar a requisição de certificado. Caso você queira criar um certificado + auto-assinado, você poderá usá-lo imediatamente para conexão com outros + hosts IPSec que suportem certificados X509 para autenticação de conexões + IPSec. Porém, caso você queira usar os novos recursos PKI do Openswan + versão 1.91 ou superior, você precisará possuir todos seus certificados + X509 assinados por uma única autoridade certificadora para criar um + caminho de confiança. + . + Caso você não queira criar um certificado auto-assinado, este instalador + irá somente criar a chave privada RSA e a requisição de certificado e você + terá então que assinar a requisição de certificado junto a sua autoridade + certificadora. + +Template: openswan/x509_country_code +Type: string +Default: AT +Description: Please enter the country code for the X509 certificate request. + Please enter the 2 letter country code for your country. This code will be + placed in the certificate request. + . + You really need to enter a valid country code here, because openssl will + refuse to generate certificates without one. An empty field is allowed for + any other field of the X.509 certificate, but not for this one. + . + Example: AT +Description-fr: Code du pays : + Veuillez indiquer le code à deux lettres de votre pays. Ce code sera + inclus dans la demande de certificat. + . + Il est impératif de choisir ici un code de pays valide sinon OpenSSL + refusera de générer les certificats. Tous les autres champs d'un + certificat X.509 peuvent être vides, sauf celui-ci. + . + Exemple : FR +Description-ja: X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ë¹ñ¥³¡¼¥É¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + ¤¢¤Ê¤¿¤Î¹ñ¤Î¹ñ¥³¡¼¥É¤ò2ʸ»ú¤ÇÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤Î¥³¡¼¥É¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£ + . + openssl + ¤¬¹ñ¥³¡¼¥É¤Ê¤·¤Ç¤Ï¾ÚÌÀ½ñ¤ÎÀ¸À®¤òµñÈݤ¹¤ë¤Î¤Ç¡¢Àµ¤·¤¤¹ñ¥³¡¼¥É¤ò¤³¤³¤ÇÆþÎϤ¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£X.509 + ¾ÚÌÀ½ñ¤Ç¤Ï¡¢Â¾¤Î¥Õ¥£¡¼¥ë¥É¤Ë¤Ä¤¤¤Æ¤Ï¶õ¤Ç¤â¹½¤¤¤Þ¤»¤ó¤¬¡¢¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ïµö²Ä¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£ + . + Îã: JP +Description-pt_BR: Por favor, informe o código de país para a requisição de certificado X509. + Por favor, informe o códifo de país de duas letras para seu país. Esse + código será inserido na requisição de certificado. + . + Você realmente precisa informar um código de país válido aqui devido ao + openssl se recusar a gerar certificados sem um código de país válido. Um + campo em branco é permitido para qualquer outro campo do certificado + X.509, mas não para esse campo. + . + Exemplo: BR + +Template: openswan/x509_state_name +Type: string +Default: +Description: Please enter the state or province name for the X509 certificate request. + Please enter the full name of the state or province you live in. This name + will be placed in the certificate request. + . + Example: Upper Austria +Description-fr: État, province ou région : + Veuillez indiquer le nom complet de l'état, de la province ou de la région + où vous résidez. Ce nom sera inclus dans la demande de certificat. + . + Exemples : Rhône-Alpes, Brabant, Bouches du Rhône, Québec, Canton de Vaud +Description-ja: X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÅÔÆ»Éܸ©Ì¾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + ¤¢¤Ê¤¿¤¬ºß½»¤·¤Æ¤¤¤ëÅÔÆ»Éܸ©¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£ + . + Îã: Tokyo +Description-pt_BR: Por favor, informe o estado ou nome de província para a requisição de certificado X509. + Por favor, informe o nome complete do estado ou província em que você + mora. Esse nome será inserido na requisição de certificado. + . + Exemplo : Sao Paulo + +Template: openswan/x509_locality_name +Type: string +Default: +Description: Please enter the locality name for the X509 certificate request. + Please enter the locality (e.g. city) where you live. This name will be + placed in the certificate request. + . + Example: Vienna +Description-fr: Localité : + Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom + sera inclus dans la demande de certificat. + . + Exemple : Saint-Étienne +Description-ja: X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÅÚÃϤÎ̾Á°¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + ¤¢¤Ê¤¿¤Îºß½»¤·¤Æ¤¤¤ëÃÏÊý¤Î̾Á° (Îã: »ÔĮ¼̾) + ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£ + . + Îã: Shinjuku-ku +Description-pt_BR: Por favor, informe o nome da localidade para a requisição de certificado X509. + Por favor, informe a localidade (ou seja, cidade) onde você mora. Esse + nome será inserido na requisição de certificado. + . + Exemplo : Sao Paulo + +Template: openswan/x509_organization_name +Type: string +Default: +Description: Please enter the organization name for the X509 certificate request. + Please enter the organization (e.g. company) that the X509 certificate + should be created for. This name will be placed in the certificate + request. + . + Example: Debian +Description-fr: Organisme : + Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le + certificat X509. Ce nom sera inclus dans la demande de certificat. + . + Exemple : Debian +Description-ja: X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÁÈ¿¥Ì¾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + X509 ¾ÚÌÀ½ñ¤ÎÀ¸À®ÂоݤȤʤë¤Ù¤­ÁÈ¿¥ (Îã: ²ñ¼Ò) + ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£ + . + Îã: Debian +Description-pt_BR: Por favor, informe o nome da organização para a requisição de certificado X509. + Por favor, informe a organização (ou seja, a empresa) para a qual este + certificado X509 deverá ser criado. Esse nome será inserido na requisição + de certificado. + . + Exemplo : Debian + +Template: openswan/x509_organizational_unit +Type: string +Default: +Description: Please enter the organizational unit for the X509 certificate request. + Please enter the organizational unit (e.g. section) that the X509 + certificate should be created for. This name will be placed in the + certificate request. + . + Example: security group +Description-fr: Unité d'organisation : + Veuillez indiquer l'unité d'organisation (p. ex. département, division, + etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la + demande de certificat. + . + Exemple : Département Réseaux et Informatique Scientifique +Description-ja: X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÁÈ¿¥Ã±°Ì¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + X509 ¾ÚÌÀ½ñ¤ÎÀ¸À®ÂоݤȤʤë¤Ù¤­ÁÈ¿¥Ã±°Ì (Îã: Éô½ð̾) + ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£ + . + Îã: security group +Description-pt_BR: Por favor, informe a unidade organizacional para a requisição de certificado X509. + Por favor, informe a unidade organizacional (ou seja, seção ou + departamento) para a qual este certificado deverá ser criado. Esse nome + será inserido na requisição de certificado. + . + Exemplo : Grupo de Segurança + +Template: openswan/x509_common_name +Type: string +Default: +Description: Please enter the common name for the X509 certificate request. + Please enter the common name (e.g. the host name of this machine) for + which the X509 certificate should be created for. This name will be placed + in the certificate request. + . + Example: gateway.debian.org +Description-fr: Nom ordinaire (« common name ») : + Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette machine) + pour qui sera créé le certificat X509. Ce nom sera inclus dans la demande + de certificat. + . + Exemple : gateway.debian.org +Description-ja: X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ë¥³¥â¥ó¥Í¡¼¥à¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + X509 ¾ÚÌÀ½ñ¤ÎÀ¸À®ÂоݤȤʤë¤Ù¤­¥³¥â¥ó¥Í¡¼¥à (Îã: ¤³¤Î¥Þ¥·¥ó¤Î¥Û¥¹¥È̾) + ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£ + . + Îã: gateway.debian.org +Description-pt_BR: Por favor, informe o nome comum para a requisição de certificado X509. + Por favor, informe o nome comum (ou seja, o nome do host dessa máquina) + para o qual o certificado X509 deverá ser criado. Esse nome será inserido + na requisição de certificado. + . + Exemplo : gateway.debian.org + +Template: openswan/x509_email_address +Type: string +Default: +Description: Please enter the email address for the X509 certificate request. + Please enter the email address of the person or organization who is + responsible for the X509 certificate, This address will be placed in the + certificate request. +Description-fr: Adresse électronique : + Veuillez indiquer l'adresse électronique de la personne ou de l'organisme + responsable du certificat X509. Cette adresse sera incluse dans la demande + de certificat. +Description-ja: X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ë¥á¡¼¥ë¥¢¥É¥ì¥¹¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£ + X509 + ¾ÚÌÀ½ñ¤ÎÀÕǤ¼Ô¤È¤Ê¤ë¿Íʪ¡¦ÃÄÂΤΥ᡼¥ë¥¢¥É¥ì¥¹¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤Î¥¢¥É¥ì¥¹¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£ +Description-pt_BR: Por favor, informe o endereço de e-mail para a requisição de certificado X509. + Por favor, informe o endereço de e-mail da pessoa ou organização + responsável pelo certificado X509. Esse endereço será inserido na + requisição de certificado. + +Template: openswan/enable-oe +Type: boolean +Default: false +Description: Do you wish to enable opportunistic encryption in Openswan? + Openswan comes with support for opportunistic encryption (OE), which stores + IPSec authentication information (i.e. RSA public keys) in (preferably + secure) DNS records. Until this is widely deployed, activating it will + cause a significant slow-down for every new, outgoing connection. Since + version 2.0, Openswan upstream comes with OE enabled by default and is thus + likely to break you existing connection to the Internet (i.e. your default + route) as soon as pluto (the Openswan keying daemon) is started. + . + Please choose whether you want to enable support for OE. If unsure, do not + enable it. +Description-fr: Souhaitez-vous activer le chiffrement opportuniste dansOpenswan ? + Openswan gère le chiffrement opportuniste (« opportunistic encryption » : + OE) qui permet de conserver les informations d'authentification IPSec + (c'est-à-dire les clés publiques RSA) dans des enregistrements DNS, de + préférence sécurisés. Tant que cette fonctionnalité ne sera pas déployée + largement, son activation provoquera un ralentissement significatif pour + toute nouvelle connexion sortante. À partir de la version 2.0, cette + fonctionnalité est activée par défaut dans Openswan, ce qui peut + interrompre le fonctionnement de votre connexion à l'Internet + (c'est-à-dire votre route par défaut) dès le démarrage de pluto, le démon + de gestion de clés d'Openswan. + . + Veuillez choisir si vous souhaitez activer la gestion du chiffrement + opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir + besoin. +Description-ja: Openswan ¤Ç opportunistic encryption ¤òÍ­¸ú¤Ë¤·¤Þ¤¹¤«? + Openswan ¤Ï¡¢IPSec ǧ¾Ú¾ðÊó (Îã: RSA ¸ø³«¸°) ¤ò (´ê¤ï¤¯¤Ï¥»¥­¥å¥¢¤Ê) DNS + ¥ì¥³¡¼¥ÉÆâ¤ËÊݸ¤¹¤ë opportunistic encryption (OE) + ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤Ï¹­¤¯ÍøÍѤµ¤ì¤ë¤è¤¦¤Ë¤Ê¤ë¤Þ¤Ç¡¢¤³¤ì¤òÍ­¸ú¤Ë¤¹¤ë¤³¤È¤ÇÁ´¤Æ¤Î³°Éô¤Ø¤Î¿·µ¬Àܳ¤Ï³ÊÃʤËÃÙ¤¯¤Ê¤ê¤Þ¤¹¡£¥Ð¡¼¥¸¥ç¥ó + 2.0 ¤è¤ê¡¢Openswan ¤Î³«È¯¸µ¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç OE ¤òÍ­¸ú¤Ë¤·¤Æ¤ª¤ê¡¢¤·¤¿¤¬¤Ã¤Æ + plute (Openswan ¸°½ð̾¥Ç¡¼¥â¥ó) + ¤¬³«»Ï¤µ¤ì¤ë¤Þ¤Ç¡¢¤¹¤Ç¤Ë¤¢¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ø¤ÎÀܳ + (¤Ä¤Þ¤ê¥Ç¥Õ¥©¥ë¥È¥ë¡¼¥È) ¤¬ÃæÃǤµ¤ì¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£ + . + OE + ¤Î¥µ¥Ý¡¼¥È¤òÍ­¸ú¤Ë¤¹¤ë¤«¤É¤¦¤«¤òÁª¤ó¤Ç¤¯¤À¤µ¤¤¡£¤è¤¯¤ï¤«¤é¤Ê¤¤¾ì¹ç¤Ï¡¢Í­¸ú¤Ë¤Ï¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£ +Description-pt_BR: Você deseja habilitar a encriptação oportunística no Openswan ? + O Openswan suporta encriptação oportunística (OE), a qual armazena + informações de autenticação IPSec (por exemplo, chaves públicas RSA) em + registros DNS (preferivelmente seguros). Até que esse suporte esteja + largamento sendo utilizado, ativá-lo irá causar uma signficante lentidão + para cada nova conexão de saída. Iniciando a partir da versão 2.0, o + Openswan, da forma como é distribuído pelos desenvolvedores oficiais, é + fornecido com o suporte a OE habilitado por padrão e, portanto, + provavelmente irá quebrar suas conexões existentes com a Internet (por + exemplo, sua rota padrão) tão logo o pluto (o daemon de troca de chaves do + Openswan) seja iniciado. + . + Por favor, informe se você deseja habilitar o suporte a OE. Em caso de + dúvidas, não habilite esse suporte. diff --git a/debian/openswan.templates.master b/debian/openswan.templates.master new file mode 100644 index 000000000..f9c9e7e7f --- /dev/null +++ b/debian/openswan.templates.master @@ -0,0 +1,207 @@ +Template: openswan/start_level +Type: select +_Choices: earliest, "after NFS", "after PCMCIA" +Default: earliest +_Description: At which level do you wish to start Openswan ? + With the current Debian startup levels (nearly everything starting in + level 20), it is impossible for Openswan to always start at the correct + time. There are three possibilities when Openswan can start: before or + after the NFS services and after the PCMCIA services. The correct answer + depends on your specific setup. + . + If you do not have your /usr tree mounted via NFS (either you only mount + other, less vital trees via NFS or don't use NFS mounted trees at all) and + don't use a PCMCIA network card, then it's best to start Openswan at + the earliest possible time, thus allowing the NFS mounts to be secured by + IPSec. In this case (or if you don't understand or care about this + issue), answer "earliest" to this question (the default). + . + If you have your /usr tree mounted via NFS and don't use a PCMCIA network + card, then you will need to start Openswan after NFS so that all + necessary files are available. In this case, answer "after NFS" to this + question. Please note that the NFS mount of /usr can not be secured by + IPSec in this case. + . + If you use a PCMCIA network card for your IPSec connections, then you only + have to choose to start it after the PCMCIA services. Answer "after + PCMCIA" in this case. This is also the correct answer if you want to fetch + keys from a locally running DNS server with DNSSec support. + +Template: openswan/restart +Type: boolean +Default: true +_Description: Do you wish to restart Openswan? + Restarting Openswan is a good idea, since if there is a security fix, it + will not be fixed until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However this might take down + existing connections and then bring them back up. + +Template: openswan/create_rsa_key +Type: boolean +Default: true +_Description: Do you want to create a RSA public/private keypair for this host ? + This installer can automatically create a RSA public/private keypair for + this host. This keypair can be used to authenticate IPSec connections to + other hosts and is the preferred way for building up secure IPSec + connections. The other possibility would be to use shared secrets + (passwords that are the same on both sides of the tunnel) for + authenticating an connection, but for a larger number of connections RSA + authentication is easier to administer and more secure. + . + If you do not want to create a new public/private keypair, you can choose to + use an existing one. + +Template: openswan/rsa_key_type +Type: select +_Choices: x509, plain +Default: x509 +_Description: Which type of RSA keypair do you want to create ? + It is possible to create a plain RSA public/private keypair for use + with Openswan or to create a X509 certificate file which contains the RSA + public key and additionally stores the corresponding private key. + . + If you only want to build up IPSec connections to hosts also running + Openswan, it might be a bit easier using plain RSA keypairs. But if you + want to connect to other IPSec implementations, you will need a X509 + certificate. It is also possible to create a X509 certificate here and + extract the RSA public key in plain format if the other side runs + Openswan without X509 certificate support. + . + Therefore a X509 certificate is recommended since it is more flexible and + this installer should be able to hide the complex creation of the X509 + certificate and its use in Openswan anyway. + +Template: openswan/existing_x509_certificate +Type: boolean +Default: false +_Description: Do you have an existing X509 certificate file that you want to use for Openswan ? + This installer can automatically extract the needed information from an + existing X509 certificate with a matching RSA private key. Both parts can + be in one file, if it is in PEM format. Do you have such an existing + certificate and key file and want to use it for authenticating IPSec + connections ? + +Template: openswan/existing_x509_certificate_filename +Type: string +_Description: Please enter the location of your X509 certificate in PEM format. + Please enter the location of the file containing your X509 certificate in + PEM format. + +Template: openswan/existing_x509_key_filename +Type: string +_Description: Please enter the location of your X509 private key in PEM format. + Please enter the location of the file containing the private RSA key + matching your X509 certificate in PEM format. This can be the same file + that contains the X509 certificate. + +Template: openswan/rsa_key_length +Type: string +Default: 2048 +_Description: Which length should the created RSA key have ? + Please enter the length of the created RSA key. it should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 2048 bits because it only slows the + authentication process down and is not needed at the moment. + +Template: openswan/x509_self_signed +Type: boolean +Default: true +_Description: Do you want to create a self-signed X509 certificate ? + This installer can only create self-signed X509 certificates + automatically, because otherwise a certificate authority is needed to sign + the certificate request. If you want to create a self-signed certificate, + you can use it immediately to connect to other IPSec hosts that support + X509 certificate for authentication of IPSec connections. However, if you + want to use the new PKI features of Openswan >= 1.91, you will need to + have all X509 certificates signed by a single certificate authority to + create a trust path. + . + If you do not want to create a self-signed certificate, then this + installer will only create the RSA private key and the certificate request + and you will have to sign the certificate request with your certificate + authority. + +Template: openswan/x509_country_code +Type: string +Default: AT +_Description: Please enter the country code for the X509 certificate request. + Please enter the 2 letter country code for your country. This code will be + placed in the certificate request. + . + You really need to enter a valid country code here, because openssl will + refuse to generate certificates without one. An empty field is allowed for + any other field of the X.509 certificate, but not for this one. + . + Example: AT + +Template: openswan/x509_state_name +Type: string +Default: +_Description: Please enter the state or province name for the X509 certificate request. + Please enter the full name of the state or province you live in. This name + will be placed in the certificate request. + . + Example: Upper Austria + +Template: openswan/x509_locality_name +Type: string +Default: +_Description: Please enter the locality name for the X509 certificate request. + Please enter the locality (e.g. city) where you live. This name will be + placed in the certificate request. + . + Example: Vienna + +Template: openswan/x509_organization_name +Type: string +Default: +_Description: Please enter the organization name for the X509 certificate request. + Please enter the organization (e.g. company) that the X509 certificate + should be created for. This name will be placed in the certificate + request. + . + Example: Debian + +Template: openswan/x509_organizational_unit +Type: string +Default: +_Description: Please enter the organizational unit for the X509 certificate request. + Please enter the organizational unit (e.g. section) that the X509 + certificate should be created for. This name will be placed in the + certificate request. + . + Example: security group + +Template: openswan/x509_common_name +Type: string +Default: +_Description: Please enter the common name for the X509 certificate request. + Please enter the common name (e.g. the host name of this machine) for + which the X509 certificate should be created for. This name will be placed + in the certificate request. + . + Example: gateway.debian.org + +Template: openswan/x509_email_address +Type: string +Default: +_Description: Please enter the email address for the X509 certificate request. + Please enter the email address of the person or organization who is + responsible for the X509 certificate, This address will be placed in the + certificate request. + +Template: openswan/enable-oe +Type: boolean +Default: false +_Description: Do you wish to enable opportunistic encryption in Openswan? + Openswan comes with support for opportunistic encryption (OE), which stores + IPSec authentication information (i.e. RSA public keys) in (preferably + secure) DNS records. Until this is widely deployed, activating it will + cause a significant slow-down for every new, outgoing connection. Since + version 2.0, Openswan upstream comes with OE enabled by default and is thus + likely to break your existing connection to the Internet (i.e. your default + route) as soon as pluto (the Openswan keying daemon) is started. + . + Please choose whether you want to enable support for OE. If unsure, do not + enable it. + diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 000000000..0e2981655 --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1,2 @@ +01-updown-default-path +01-updown_x509-default-path \ No newline at end of file diff --git a/debian/patches/01-updown-default-path.dpatch b/debian/patches/01-updown-default-path.dpatch new file mode 100755 index 000000000..215495cab --- /dev/null +++ b/debian/patches/01-updown-default-path.dpatch @@ -0,0 +1,31 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_updown-default-path.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes /etc/sysconfig to /etc/default + +@DPATCH@ + +--- openswan/programs/_updown/_updown.in.orig 2006-04-15 22:43:19.159741143 +0100 ++++ openswan/programs/_updown/_updown.in 2006-04-15 22:43:26.851946210 +0100 +@@ -116,7 +116,7 @@ + # PLUTO_CONNECTION_TYPE + # + +-# Import default _updown configs from the /etc/sysconfig/pluto_updown file ++# Import default _updown configs from the /etc/default/pluto_updown file + # + # Two variables can be set in this file: + # +@@ -132,9 +132,9 @@ + # IPRULEARGS + # is the extra argument list for ip rule command + # +-if [ -f /etc/sysconfig/pluto_updown ] ++if [ -f /etc/default/pluto_updown ] + then +- . /etc/sysconfig/pluto_updown ++ . /etc/default/pluto_updown + fi + + # check interface version diff --git a/debian/patches/01-updown_x509-default-path.dpatch b/debian/patches/01-updown_x509-default-path.dpatch new file mode 100755 index 000000000..ef53bf202 --- /dev/null +++ b/debian/patches/01-updown_x509-default-path.dpatch @@ -0,0 +1,31 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_updown_x509-default-path.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes /etc/sysconfig to /etc/default + +@DPATCH@ + +--- openswan/programs/_updown_x509/_updown_x509.in.orig 2006-04-15 22:33:22.443407426 +0100 ++++ openswan/programs/_updown_x509/_updown_x509.in 2006-04-15 22:33:36.822921408 +0100 +@@ -125,7 +125,7 @@ + # PLUTO_CONNECTION_TYPE + # + +-# Import default _updown configs from the /etc/sysconfig/pluto_updown file ++# Import default _updown configs from the /etc/default/pluto_updown file + # + # Two variables can be set in this file: + # +@@ -141,9 +141,9 @@ + # IPRULEARGS + # is the extra argument list for ip rule command + # +-if [ -f /etc/sysconfig/pluto_updown ] ++if [ -f /etc/default/pluto_updown ] + then +- . /etc/sysconfig/pluto_updown ++ . /etc/default/pluto_updown + fi + + # check interface version diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 000000000..bd3c84ec2 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] openswan.templates.master diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 000000000..f4df691c4 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,511 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 2.3.0\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-02-08 14:12+0100\n" +"Last-Translator: Ondra Kudlik \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "nejdříve, \"po NFS\", \"po PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Na jaké úrovni chcete spouÅ¡tÄ›t Openswan?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Se souÄasnými startovacími úrovnÄ›mi Debianu (téměř vÅ¡e zaÄíná na úrovni 20), " +"je nemožné, aby Openswan vždy nastartoval ve správný Äas. Jsou zde tÅ™i " +"možnosti, kdyjej lze spouÅ¡tÄ›t: pÅ™ed nebo po NFS službách a nebo po PCMCIA " +"službách. Správná odpovÄ›Ä závisí na vaÅ¡em konkrétním nastavení." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Jestliže nemáte váš /usr strom pÅ™ipojen skrz NFS (buÄ pÅ™es NFS pÅ™ipojujete " +"jiné, ne tak důležité stromy nebo jej vůbec nepoužíváte) a zároveň " +"nepoužíváte PCMCIA síťovou kartu, je nejlepší spouÅ¡tÄ›t Openswan co nejdříve, " +"Äímž umožníte aby NFS svazky byly chránÄ›ny pomocí IPSec. V tomto případÄ› " +"(nebo pokud si nejste jisti, Äi vám na tom nezáleží) na otázku odpovÄ›zte " +"\"nejdříve\" (výchozí)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Jestliže máte /usr strom pÅ™ipojen skrz NFS a nepoužíváte PCMCIA síťovou " +"kartu, potÅ™ebujete spustit Openswan po NFS, aby byly vÅ¡echny potÅ™ebné " +"soubory dostupné. V tomto případÄ› na otázku odpovÄ›ztÄ› \"po NFS\". UvÄ›domtÄ› " +"si prosím, že v tomto případÄ› nemůže být NFS svazek /usr chránÄ›n pomocí " +"IPSec." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Jestliže používáte PCMCIA síťovou kartu pro vaÅ¡e IPSec pÅ™ipojení, pak je " +"jedinou možností jej spustit po PCMCIA službách. V tom případÄ› odpovÄ›zte " +"\"po PCMCIA\". Toto je také správná odpovÄ›Ä, pokud chcete získat klíÄe z " +"lokálního DNS serveru s podporou DNSSec." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "PÅ™ejete si spustit Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Restartování Openswan je dobrý nápad, protože v případÄ›, že aktualizace " +"obsahuje bezpeÄnostní záplatu, nebude opravena dokud se démon nerestartuje. " +"VÄ›tÅ¡ina lidí pÅ™edpokládá restartování démona, takže je to v každém případÄ› " +"správný postup. NicménÄ› existující spojení mohou být shozena a poté znovu " +"nastavena." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "PÅ™ejete si vytvoÅ™it RSA veÅ™ejný/soukromý pár klíÄů pro tento poÄítaÄ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Tento instalátor může automaticky vytvoÅ™it RSA soukromý/privátní pár klíÄů " +"pro tento poÄítaÄ. Pár klíÄů může být využit k autentifikaci IPSec spojení " +"na další poÄítaÄe a je upÅ™ednostňovanou cestou pro sestavování bezpeÄných " +"IPSec spojení. Další možností autentifikace je využití sdílených tajemství " +"(hesel, která jsou stejná na obou stranách tunelu), ale pro vÄ›tší množství " +"spojení je RSA autentifikace snažší pro správu a mnohem bezpeÄnÄ›jší." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, prostý" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Jaký typ RSA páru klíÄů chcete vytvoÅ™it?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Je možné vytvoÅ™it Äisty pár RSA klíÄů pro použití s Openswan nebo vytvoÅ™it " +"soubor s certifikátem X509, který obsahuje veÅ™ejný RSA klÃ­Ä a dodateÄnÄ› " +"uchovává odpovídající privátní klíÄ." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Pokud chcete vytvoÅ™it IPSec spojení jen k poÄítaÄi, na kterém taktéž běží " +"Openswan, může být mnohem jednodušší použít RSA pár klíÄů. Pokud se ale " +"chcete pÅ™ipojit k jiným implementacím IPSec, budete potÅ™ebovat certifikát " +"X509. Můžete také vytvoÅ™it certifikát X509 zde a získat veÅ™ejný klÃ­Ä RSA v " +"Äisté textové podobÄ› pokud druhá strana používá Openswan bez podpory " +"certifikátu X509." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Certifikát X509 je proto doporuÄován zejména díky své flexibilnosti. " +"Tentoinstalátor by v každém případÄ› mÄ›l být schopen skrýt komplexnost jeho " +"vytváření a použití s Openswan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "Vlastníte existující certifkát X509, který chcete použít pro Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Instalátor může automaticky získat potÅ™ebné informace z existujícího " +"certiifikátu X509 s odpovídajícím privátním RSA klíÄem. ObÄ› Äásti mohou být " +"v jednom souboru, jedná-li se o formát PEM. Vlastníte takový certifikát i " +"soubor s klíÄem a chcete jej použít pro autentifikaci spojení IPSec?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Zadejte prosím umístÄ›ní vaÅ¡eho certifikátu X509 ve formátu PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "Zadejte prosím umístÄ›ní vaÅ¡eho certifikátu X509 ve formátu PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Zadejte prosím umístÄ›ní vaÅ¡eho certifikátu X509 ve formátu PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Zadejte prosím umístÄ›ní souboru obsahujícího privátní RSA klÃ­Ä odpovídající " +"vaÅ¡emu certifikátu X509 ve formátu PEM. Může to být stejný soubor jako ten " +"obsahující certifikát X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Jakou délku by mÄ›l mít vytvoÅ™ený RSA klíÄ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Zadejte prosím délku vytvářeného RSA klíÄe. Kvůli bezpeÄnosti by nemÄ›la být " +"ménÄ› než 1024 bitů a pravdÄ›podobnÄ› nepotÅ™ebujete víc než 2048 bitů, protože " +"to již zpomaluje proces autentizace." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Chcete vytvoÅ™it certifikát X509 podepsaný sám sebou?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Tento instalátor může automaticky vytvoÅ™it pouze certifikát X509 podepsaný " +"sám sebou, jelikož v opaÄném případÄ› je k podpisu certifikátu potÅ™eba " +"certifikaÄní autorita. Tento certifikát můžete ihned použít k přípojení na " +"další poÄítaÄe s IPSec, které podporují autentizaci pomocí certifikátu X509. " +"NicménÄ› chcete-li využít novýchmožností PKI Openswanu >= 1.91, budete k " +"vytovÅ™ení důvÄ›ryhodných cest potÅ™ebovat vÅ¡echny certifikáty X509 podepsané " +"jedinou certifikaÄní autoritou." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Jestliže nechcete vytvoÅ™it certifikát podepsaný sám sebou, vytvořít tento " +"instalátor jen privátní RSA klÃ­Ä a certifikaÄní požadavek. Vy potom musíte " +"podepsat požadavek svojí certifikaÄní autoritou." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Zadejte prosím kód zemÄ› pro X509 certifikaÄní požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Zadejte prosím dvoumístný kód vaší zemÄ›. Tento kód bude umístÄ›n do " +"certifikaÄního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Je opravdu nutné, abyste vložili správný kód zemÄ›, protože openssl jinak " +"odmítne vygenerování certifikátu. Prázdné pole je povolené pro vÅ¡echny " +"ostatní pole certifikátu X509 kromÄ› tohoto." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Příklad: CZ" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Zadejte prosím jméno státu nebo oblasti pro certifikaÄní požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Zadejte prosím celé jméno státu nebo oblasti kde žijete. Toto jméno bude " +"umístÄ›no do certifikaÄního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Příklad: Morava" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Zadejte prosím jméno lokality pro certifikaÄní požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Zadejte prosím lokalitu (napÅ™. mÄ›sto) kde žijete. Toto jméno bude umístÄ›no " +"do certifikaÄního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Příklad: Brno" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Zadejte prosím název organizace pro certifikaÄní požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno bude " +"umístÄ›no do certifikaÄního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Příklad: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Zadejte prosím název organizaÄní jednotky pro certifikaÄní požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím organizaÄní jednotku pro kterou je certifikát vytvářen. Toto " +"jméno bude umístÄ›no do certifikaÄního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Příklad: bezpeÄnostní oddÄ›lení" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Zadejte prosím obvyklé jméno pro certifikaÄní požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím běžné jméno (napÅ™. jméno poÄítaÄe - hostname) pro kterou je " +"certifikát vytvářen. Toto jméno bude umístÄ›no do certifikaÄního požadavku." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Příklad: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Zadejte prosím emailovou adresu pro certifikaÄní požadavek." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím emailovou adresu osoby nebo organizace, která je zodpovÄ›dná " +"za certifikát X509. Toto jméno bude umístÄ›no do certifikaÄního požadavku." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Chcete povolit opportunistic encryption ve Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan pÅ™ichází s podporou pro opportunistic·encryption·(OE), která " +"uchováváautentizaÄní informace IPSec (napÅ™. veÅ™ejné RSA klíÄe) v (nejlépe " +"zabezpeÄených)DNS záznamech. Dokud nebude tato schopnost více rozšířena, " +"způsobí její aktivacevyrazné zpomalení s každým novým odchozím spojením. Od " +"verze 2.0 pÅ™icházíOpenswan s implicitnÄ› zapnutou podporou OE Äímž " +"pravdÄ›podobnÄ› zruší vaÅ¡eprobíhající pÅ™ipojení k Internetu (napÅ™. vaÅ¡i " +"impicitní cestu - default route) jakmileje pluto (Openswan keying démon) " +"spuÅ¡tÄ›no." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Prosím vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, " +"podporu nepovolujte." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 000000000..380180aaf --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,541 @@ +# translation of fr.po to French +# +# +# +# +# Christian Perrier , 2004, 2006. +msgid "" +msgstr "" +"Project-Id-Version: fr\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-04-17 05:04-0600\n" +"PO-Revision-Date: 2006-04-17 18:59+0200\n" +"Last-Translator: Christian Perrier \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.2\n" +"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "Le plus tôt possible, Après NFS, Après PCMCIA" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Étape de lancement d'Openswan :" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Avec les niveaux de démarrage actuellement utilisés par Debian (presque tout " +"démarre au niveau 20), il est impossible de faire en sorte qu'Openswan " +"démarre toujours au moment approprié. Il existe trois moments où il est " +"opportun de le démarrer : avant ou après les services NFS, ou après les " +"services PCMCIA. La réponse appropriée dépend de vos réglages spécifiques." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " +"montages NFS sont à d'autres endroits, moins critiques, soit parce que vous " +"n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de carte " +"réseau PCMCIA, il est préférable de démarrer Openswan le plus tôt possible, " +"ce qui permettra de sécuriser les montages NFS avec IPSec. Dans ce cas (ou " +"bien si vous ne comprenez pas l'objet de la question ou qu'elle ne vous " +"concerne pas), choisissez « le plus tôt possible », qui est le choix par " +"défaut." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau " +"PCMCIA, vous devrez alors démarrer Openswan après les services NFS afin que " +"tous les fichiers nécessaires soient disponibles. Dans ce cas, choisissez " +"« Après NFS ». Veuillez noter que le montage NFS de /usr n'est alors pas " +"sécurisé par IPSec." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " +"choix possible est le démarrage après les services PCMCIA. Choisissez alors " +"« Après PCMCIA ». Faites également ce choix si vous souhaitez récupérer les " +"clés d'authentification sur un serveur DNS reconnaissant DNSSec." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Souhaitez-vous redémarrer Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Redémarrer Openswan est préférable car un éventuel correctif de sécurité ne " +"prendra place que si le démon est redémarré. La plupart des utilisateurs " +"s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " +"meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +"connexions en cours." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "" +"Souhaitez-vous créer une paire de clés RSA publique et privée pour cet hôte ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Cet outil d'installation peut créer automatiquement une paire de clés RSA " +"publique et privée pour cet hôte. Cette paire de clés peut servir à " +"authentifier des connexions IPSec vers d'autres hôtes. Cette méthode est la " +"méthode conseillée pour l'établissement de liaisons IPSec sûres. L'autre " +"possibilité d'authentification à la connexion est l'utilisation d'un secret " +"partagé (« pre-shared key » : des mots de passe identiques aux deux " +"extrémités du tunnel). Toutefois, pour de nombreuses connexions, " +"l'authentification RSA est plus simple à administrer et plus sûre." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Si vous ne souhaitez pas créer une paire de clés publique et privée, vous " +"pouvez choisir d'en utiliser une existante." + +#. Type: select +#. Choices +#: ../openswan.templates.master:56 +msgid "x509, plain" +msgstr "X509, Simple paire" + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Type de paire de clés RSA à créer :" + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Il est possible de créer une simple paire de clés destinée à être utilisée " +"avec Openswan ou de créer un fichier de certificat X509 qui contient la clé " +"publique RSA et de conserver la clé privée correspondante par ailleurs." + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hôtes " +"utilisant Openswan, il sera probablement plus facile d'utiliser des clés RSA " +"simples. Mais si vous souhaitez vous connecter à des hôtes utilisant " +"d'autres implémentations d'IPSec, vous aurez besoin d'un certificat X509. Il " +"est également possible de créer un certificat X509 puis d'en extraire une " +"simple clé publique RSA, si l'autre extrémité de la connexion utilise " +"Openswan sans la gestion des certificats X509." + +#. Type: select +#. Description +#: ../openswan.templates.master:58 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Ainsi, il vous est conseillé d'utiliser un certificat X509 car cette méthode " +"est plus souple. Cet outil d'installation devrait vous simplifier la tâche " +"de création et d'utilisation de ce certificat X509." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:77 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Possédez-vous un fichier de certificat X509 existant à utiliser avec " +"Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:77 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Cet outil d'installation est capable d'extraire automatiquement " +"l'information nécessaire d'un fichier de certificat X509 existant, avec la " +"clé privée RSA correspondante. Les deux parties peuvent se trouver dans un " +"seul fichier, s'il est en format PEM. Indiquez si vous possédez un tel " +"certificat ainsi que la clé privée, et si vous souhaitez vous en servir pour " +"l'authentification des connexions IPSec." + +#. Type: string +#. Description +#: ../openswan.templates.master:86 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Emplacement de votre certificat X509 au format PEM :" + +#. Type: string +#. Description +#: ../openswan.templates.master:86 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant votre certificat X509 " +"au format PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:92 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Emplacement de votre clé privée X509 au format PEM :" + +#. Type: string +#. Description +#: ../openswan.templates.master:92 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA " +"correspondant à votre certificat X509 au format PEM. Cela peut être le " +"fichier qui contient le certificat X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:100 +msgid "Which length should the created RSA key have ?" +msgstr "Longueur de la clé RSA à créer :" + +#. Type: string +#. Description +#: ../openswan.templates.master:100 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit pas " +"être inférieure à 1024 bits car cela serait considéré comme insuffisamment " +"sûr. Un choix excédant 2048 bits est probablement inutile car cela ne fait " +"essentiellement que ralentir le processus d'authentification sans avoir " +"d'intérêt actuellement." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:109 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Souhaitez-vous créer un certificat X509 autosigné ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:109 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Cet outil d'installation ne peut créer automatiquement qu'un certificat X509 " +"autosigné puisqu'une autorité de certification est indispensable pour signer " +"la demande de certificat. Si vous choisissez de créer un certificat " +"autosigné, vous pourrez vous en servir immédiatement pour vous connecter aux " +"hôtes qui authentifient les connexions IPSec avec des certificats X509. " +"Cependant, si vous souhaitez utiliser les nouvelles fonctionnalités PKI de " +"Openswan >= 1.91, vous aurez besoin que tous les certificats X509 soient " +"signés par la même autorité de certification afin de créer un chemin de " +"confiance." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:109 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Si vous ne voulez pas créer de certificat autosigné, cet outil " +"d'installation ne fera que créer la clé privée RSA et la demande de " +"certificat, que vous devrez ensuite signer avec votre autorité de " +"certification." + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Code du pays :" + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Veuillez indiquer le code à deux lettres de votre pays. Ce code sera inclus " +"dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Il est impératif de choisir ici un code de pays valide sinon OpenSSL " +"refusera de générer les certificats. Tous les autres champs d'un certificat " +"X.509 peuvent être vides, sauf celui-ci." + +#. Type: string +#. Description +#: ../openswan.templates.master:127 +msgid "Example: AT" +msgstr "Exemple : FR" + +#. Type: string +#. Description +#: ../openswan.templates.master:140 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "État, province ou région :" + +#. Type: string +#. Description +#: ../openswan.templates.master:140 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Veuillez indiquer le nom complet de l'état, de la province ou de la région " +"où vous résidez. Ce nom sera inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:140 +msgid "Example: Upper Austria" +msgstr "" +"Exemples : Rhône-Alpes, Brabant Wallon, Bouches du Rhône, Québec, Canton de " +"Vaud" + +#. Type: string +#. Description +#: ../openswan.templates.master:149 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Localité :" + +#. Type: string +#. Description +#: ../openswan.templates.master:149 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom sera " +"inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:149 +msgid "Example: Vienna" +msgstr "Exemple : Saint-Étienne" + +#. Type: string +#. Description +#: ../openswan.templates.master:158 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Organisme :" + +#. Type: string +#. Description +#: ../openswan.templates.master:158 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le " +"certificat X509. Ce nom sera inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:158 +msgid "Example: Debian" +msgstr "Exemple : Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:168 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Unité d'organisation :" + +#. Type: string +#. Description +#: ../openswan.templates.master:168 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer l'unité d'organisation (p. ex. département, division, " +"etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la " +"demande de certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:168 +msgid "Example: security group" +msgstr "Exemple : Département Réseaux et Informatique Scientifique" + +#. Type: string +#. Description +#: ../openswan.templates.master:178 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Nom ordinaire :" + +#. Type: string +#. Description +#: ../openswan.templates.master:178 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette machine) " +"pour qui sera créé le certificat X509. Ce nom sera inclus dans la demande de " +"certificat." + +#. Type: string +#. Description +#: ../openswan.templates.master:178 +msgid "Example: gateway.debian.org" +msgstr "Exemple : gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:188 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Adresse électronique :" + +#. Type: string +#. Description +#: ../openswan.templates.master:188 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer l'adresse électronique de la personne ou de l'organisme " +"responsable du certificat X509. Cette adresse sera incluse dans la demande " +"de certificat." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:196 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Souhaitez-vous activer le chiffrement opportuniste dans Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:196 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan gère le chiffrement opportuniste (« opportunistic encryption » : " +"OE) qui permet de conserver les informations d'authentification IPSec (c'est-" +"à-dire les clés publiques RSA) dans des enregistrements DNS, de préférence " +"sécurisés. Tant que cette fonctionnalité ne sera pas déployée largement, son " +"activation provoquera un ralentissement significatif pour toute nouvelle " +"connexion sortante. À partir de la version 2.0, cette fonctionnalité est " +"activée par défaut dans Openswan, ce qui peut interrompre le fonctionnement " +"de votre connexion à l'Internet (c'est-à-dire votre route par défaut) dès le " +"démarrage de pluto, le démon de gestion de clés d'Openswan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:196 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Veuillez choisir si vous souhaitez activer la gestion du chiffrement " +"opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir besoin." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 000000000..93eb1d275 --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,508 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 1:2.2.0-8\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-05-28 01:26+0900\n" +"Last-Translator: Hideki Yamane \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "²Äǽ¤Ê¸Â¤êÁ᤯, \"NFS µ¯Æ°¸å\", \"PCMCIA µ¯Æ°¸å\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "¤É¤ÎÃʳ¬¤Ç Openswan ¤òµ¯Æ°¤µ¤»¤Þ¤¹¤«?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"¸½ºß¤Î Debian ¤Ç¤Îµ¯Æ°¥ì¥Ù¥ë (¤Û¤È¤ó¤ÉÁ´¤Æ¤¬¥ì¥Ù¥ë20) ¤Î¤Þ¤Þ¤Ç¤Ï¡¢Openswan ¤ò" +"¾ï¤Ë¤ÏŬÀڤʥ¿¥¤¥ß¥ó¥°¤Çµ¯Æ°¤Ç¤­¤Þ¤»¤ó¡£Openswan ¤òµ¯Æ°¤µ¤»¤ë¥¿¥¤¥ß¥ó¥°¤ÎÁªÂò" +"»è¤È¤·¤Æ¤Ï3¤Ä¤¬¹Í¤¨¤é¤ì¤Þ¤¹: NFS ¥µ¡¼¥Ó¥¹¤Î³«»ÏÁ°¡¦³«»Ï¸å¡¦PCMCIA ¥µ¡¼¥Ó¥¹¤Î" +"³«»Ï¸å¤Ç¤¹¡£Àµ²ò¤Ï¤¢¤Ê¤¿¤ÎÀßÄ꼡Âè¤Ç¤¹¡£" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"NFS ·Ðͳ¤Ç /usr ¤ò¥Þ¥¦¥ó¥È¤»¤º (¾¤Î¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¤ä¤¢¤Þ¤ê½ÅÍפǤϤʤ¤¥Ñ¡¼" +"¥Æ¥£¥·¥ç¥ó¤ò NFS ·Ðͳ¤Ç¥Þ¥¦¥ó¥È¤¹¤ë¤«¡¢¤Þ¤¿¤Ï NFS ¥Þ¥¦¥ó¥È¤òÁ´¤¯»È¤ï¤Ê¤¤)¡¢²Ã" +"¤¨¤Æ PCMCIA ¥Í¥Ã¥È¥ï¡¼¥¯¥«¡¼¥É¤òÍøÍѤ·¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢²Äǽ¤Ê¸Â¤êÁᤤ»þ´Ö¤Ë " +"Openswan ¤òµ¯Æ°¤¹¤ë¤Î¤¬¥Ù¥¹¥È¤Ç¤¹¡£¤³¤ÎÀßÄê¤Ë¤è¤Ã¤Æ¡¢NFS ¤Ç¤Î¥Þ¥¦¥ó¥È¤Ï " +"IPSec ¤ÇÊݸ¤ì¤Þ¤¹¡£¤³¤Î¾ì¹ç (¤Þ¤¿¤Ï¤³¤ÎÌäÂê¤òÍý²ò¤·¤Æ¤¤¤Ê¤¤¤«Æä˵¤¤Ë¤·¤Ê" +"¤¤¾ì¹ç) ¡¢\"²Äǽ¤Ê¸Â¤êÁ᤯\"¤È¼ÁÌä¤ËÅú¤¨¤Æ¤¯¤À¤µ¤¤ (ɸ½à) ¡£" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"NFS ·Ðͳ¤Ç /usr ¤ò¥Þ¥¦¥ó¥È¤·¤Æ¤¤¤Æ PCMCIA ¥Í¥Ã¥È¥ï¡¼¥¯¥«¡¼¥É¤ò»ÈÍѤ·¤Æ¤¤¤Ê¤¤" +"¾ì¹ç¤Ï¡¢É¬Íפʥե¡¥¤¥ë¤òÍøÍѲÄǽ¤Ë¤¹¤ë¤¿¤á¤Ë Openswan ¤ò NFS ¤Î¸å¤Çµ¯Æ°¤·¤Ê¤±" +"¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¤³¤Î¾ì¹ç¡¢\"NFS µ¯Æ°¸å\" ¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£¤³¤Î»þ¤Ë NFS ·Ðͳ" +"¤Ç¥Þ¥¦¥ó¥È¤µ¤ì¤ë /usr ¤Ï¡¢IPSec ¤Ë¤è¤ë¥»¥­¥å¥¢¤Ê¾õÂ֤ˤϤʤé¤Ê¤¤¤È¤¤¤¦¤³¤È¤Ë" +"Ãí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"IPSec Àܳ¤Ë PCMCIA ¥Í¥Ã¥È¥ï¡¼¥¯¥«¡¼¥É¤òÍøÍѤ·¤Æ¤¤¤¿¾ì¹ç¡¢PCMCIA ¥µ¡¼¥Ó¥¹¤Îµ¯" +"Æ°¸å¤Ë Openswan ¤òµ¯Æ°¤¹¤ë°Ê³°¤ËÁªÂò¤Ï¤¢¤ê¤Þ¤»¤ó¡£¤³¤Î¾ì¹ç¡¢\"PCMCIA µ¯Æ°¸å" +"\" ¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£¥í¡¼¥«¥ë¤ÇÆ°ºî¤·¤Æ¤¤¤ë DNSSec µ¡Ç½¤ò»ÈÍѤ·¤Æ¤¤¤ë DNS " +"¥µ¡¼¥Ð¤«¤é¸°¤ò¼èÆÀ¤·¤¿¤¤¾ì¹ç¤Ç¤â¡¢¤³¤ÎÅú¤¨¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Openswan ¤òºÆµ¯Æ°¤·¤Þ¤¹¤«?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"¥»¥­¥å¥ê¥Æ¥£½¤Àµ¤¬¤¢¤Ã¤¿¾ì¹ç¤Ë¤Ï¥Ç¡¼¥â¥ó¤¬ºÆµ¯Æ°¤µ¤ì¤ë¤Þ¤Ç½¤Àµ¤¬È¿±Ç¤µ¤ì¤Þ¤»" +"¤ó¡£¤½¤Î¤¿¤á¡¢Openswan ¤òºÆµ¯Æ°¤¹¤ë¤Î¤ÏÎɤ¤¹Í¤¨¤Ç¤¹¡£¤Û¤È¤ó¤É¤Î¿Í¤Ï¥Ç¡¼¥â¥ó¤ò" +"ºÆµ¯Æ°¤·¤è¤¦¤È¤·¤Þ¤¹¤¬¡¢¤³¤ì¤ÏÂçÄñÌäÂꤢ¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢¤³¤Îºî¶È¤Ç¸½ºß¤ÎÀÜ" +"³¤ÏÀÚÃǤµ¤ì¡¢ºÆÅÙ·Ò¤®¤Ê¤ª¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "¤³¤Î¥Û¥¹¥È¤Î RSA ¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥­¡¼¥Ú¥¢¤òÀ¸À®¤·¤Þ¤¹¤«?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ï¤³¤Î¥Û¥¹¥È¤Î RSA ¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥­¡¼¥Ú¥¢¤ò¼«Æ°Åª¤ËÀ¸À®¤Ç¤­" +"¤Þ¤¹¡£¤³¤Î¥­¡¼¥Ú¥¢¤Ï¾¤Î¥Û¥¹¥È¤È¤Î IPSec ÄÌ¿®¤Ç¤Îǧ¾Ú¤ËÍøÍѲÄǽ¤Ç¡¢¥»¥­¥å¥¢" +"¤Ê IPSec ÄÌ¿®¤ò³ÎΩ¤¹¤ëÊýË¡¤È¤·¤Æ¹¥¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£Â¾¤ËÍøÍѲÄǽ¤ÊÊýË¡¤È¤·¤Æ¤Ï¶¦" +"Ä̸° (¥È¥ó¥Í¥ë¤ÎÁÐÊý¤ÇƱ¤¸¥Ñ¥¹¥ï¡¼¥É) ¤òÄÌ¿®¤Îǧ¾Ú¤ËÍøÍѤ¹¤ë¤È¤¤¤¦¤Î¤¬¤¢¤ê¤Þ" +"¤¹¤¬¡¢Â¿¿ô¤ÎÀܳ¤ËÂФ·¤Æ¤Ï¡¢RSA ǧ¾Ú¤Î¤Û¤¦¤¬´ÉÍý¤¬¤è¤ê´Êñ¤Ç¡¢¤è¤ê¥»¥­¥å¥¢¤Ç" +"¤¹¡£" + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, Ä̾ï¤Î¥¿¥¤¥×" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "¤É¤Á¤é¤Î¥¿¥¤¥×¤Î RSA ¥­¡¼¥Ú¥¢¤òÀ¸À®¤·¤Þ¤¹¤«?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Openswan ¤ÇÍøÍѤ¹¤ëÄ̾ï¤Î RSA ¸ø³«¸°¡¦ÈëÌ©¸°¤Î¥­¡¼¥Ú¥¢¤òºî¤ì¤Þ¤¹¡£¤¢¤ë¤¤¤Ï " +"RSA ¸ø³«¸°¤ò (¤µ¤é¤Ë¤Ï¤½¤ì¤ËÂбþ¤¹¤ëÈëÌ©¸°¤â) ´Þ¤à X509 ¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¤âƱÍÍ" +"¤Ç¤¹¡£" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"´û¤Ë Openswan ¤òÆ°ºî¤µ¤»¤Æ¤¤¤ë¥Û¥¹¥È¤È IPSec ÄÌ¿®¤ò³ÎΩ¤·¤¿¤¤¤À¤±¤Î¾ì¹ç¤Ï¡¢ÄÌ" +"¾ï¤Î RSA ¥­¡¼¥Ú¥¢¤ò»ÈÍѤ¹¤ë¤È¿¾¯´Êñ¤Ë¤Ê¤ê¤Þ¤¹¡£¤·¤«¤·¡¢Â¾¤Î IPSec ¼ÂÁõ¤È¤Î" +"Àܳ¤ò¹Ô¤¤¤¿¤¤¾ì¹ç¤Ï X509 ¾ÚÌÀ½ñ¤¬É¬Íפˤʤê¤Þ¤¹¡£ÄÌ¿®¤ò¹Ô¤¦ÂоݤΥۥ¹¥È¤¬ " +"Openswan ¤ò X509 ¾ÚÌÀ½ñ¤Î¥µ¥Ý¡¼¥È̵¤·¤Ç±¿ÍѤ·¤Æ¤¤¤¿¾ì¹ç¡¢¤³¤³¤Ç X509 ¾ÚÌÀ½ñ¤ò" +"À¸À®¤·¤Æ¡¢¸å¤Û¤É RSA ¸ø³«¸°¤òÄ̾ï¤Î·Á¼°¤ËŸ³«¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"¤·¤¿¤¬¤Ã¤Æ X509 ¾ÚÌÀ½ñ¤¬¤ª´«¤á¤Ç¤¹¡£¤³¤Á¤é¤Î¤Û¤¦¤¬½ÀÆð¤Ç¤¹¤·¡¢¤³¤Î¥¤¥ó¥¹¥È¡¼" +"¥é¤ò»È¤¨¤Ð¡¢X509 ¾ÚÌÀ½ñ¤ÎÀ¸À®¤ä Openswan ¤Ç¤ÎÍøÍѤ˺ݤ·¤Æ¤ÎÌÌÅݤµ¤ò±£Ê䷤Ƥ¯" +"¤ì¤ë¤Ï¤º¤Ç¤¹¡£" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "´û¤Ë¸ºß¤·¤Æ¤¤¤ë X509 ¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¤ò Openswan ¤ÇÍøÍѤ·¤Þ¤¹¤«?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ï´û¤Ë¸ºß¤·¤Æ¤¤¤ë X509 ¾ÚÌÀ½ñ¤«¤é RSA ÈëÌ©¸°¤È¾È¤é¤·¹ç¤ï¤»¤Æ" +"ɬÍפʾðÊó¤ò¼«Æ°Åª¤ËŸ³«¤¹¤ë»ö¤¬²Äǽ¤Ç¤¹¡£ PEM ·Á¼°¤Î¾ì¹ç¡¢ÁÐÊý¤ò°ì¤Ä¤Î¥Õ¥¡¥¤" +"¥ë¤Ë¤Þ¤È¤á¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£¤½¤Î¤è¤¦¤Ê¾ÚÌÀ½ñ¤È¸°¤Î¥Õ¥¡¥¤¥ë¤¬¤¢¤ê¡¢¤³¤ì¤é¤ò " +"IPSec ÄÌ¿®¤Ç¤Îǧ¾Ú¤Ë»ÈÍѤ·¤¿¤¤¤Ç¤¹¤«?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "PEM ·Á¼°¤Î X509 ¾ÚÌÀ½ñ¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "PEM ·Á¼°¤Î X509 ¾ÚÌÀ½ñ¤ò´Þ¤ó¤Ç¤¤¤ë¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "PEM ·Á¼°¤Î X509 ÈëÌ©¸°¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"PEM ·Á¼°¤Î X509 ¾ÚÌÀ½ñ¤ËÂбþ¤¹¤ëÈëÌ©¸°¤ò´Þ¤ó¤Ç¤¤¤ë¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤òÆþÎϤ·¤Æ¤¯" +"¤À¤µ¤¤¡£¤³¤ì¤Ï X509 ¾ÚÌÀ½ñ¤ò´Þ¤ó¤Ç¤¤¤ë¥Õ¥¡¥¤¥ë¤ÈƱ¤¸¤Ç¹½¤¤¤Þ¤»¤ó¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "RSA ¸°¤ò¤É¤ÎŤµ¤ÇÀ¸À®¤·¤Þ¤¹¤«?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"À¸À®¤¹¤ë RSA ¸°¤ÎŤµ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£°ÂÁ´¤Î¤¿¤á¡¢1024 ¥Ó¥Ã¥È°Ê²¼¤Ë¤¹¤Ù¤­" +"¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£2048 ¥Ó¥Ã¥È°Ê¾å¤Ë¤¹¤ëɬÍפâ¤Ê¤¤¤Ç¤·¤ç¤¦¡£Ç§¾Ú¥×¥í¥»¥¹¤¬ÃÙ¤¯¤Ê" +"¤ê¤Þ¤¹¤·¡¢¸½»þÅÀ¤Ç¤Ï¤ª¤½¤é¤¯É¬Íפ¢¤ê¤Þ¤»¤ó¡£" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "¼«¸Ê½ð̾ X509 ¾ÚÌÀ½ñ¤òÀ¸À®¤·¤Þ¤¹¤«?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"¾ÚÌÀ½ñÍ×µá¤Ë½ð̾¤¹¤ë¤¿¤á¤Ë¤Ïǧ¾Ú¶É¤¬É¬ÍפȤʤë¤Î¤Ç¡¢¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ç¤Ï¼«¸Ê" +"½ð̾ X509 ¾ÚÌÀ½ñ¤ò¼«Æ°Åª¤ËÀ¸À®¤¹¤ë»ö¤À¤±¤¬²Äǽ¤Ç¤¹¡£¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤·¤¿" +"¤¤¾ì¹ç¡¢¤³¤ì¤ò»ÈÍѤ·¤Æ¤¹¤°¤Ë X509 ¾ÚÌÀ½ñ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¾¤Î IPSec ¥Û¥¹¥È¤Ë" +"Àܳ²Äǽ¤Ç¤¹¡£¤·¤«¤·¡¢Openswan ¥Ð¡¼¥¸¥ç¥ó 1.91 °Ê¾å¤Ç¤Î¿·¤·¤¤ PKI µ¡Ç½¤ò»È¤¤" +"¤¿¤¤¾ì¹ç¤Ï¡¢trust path ¤òÀ¸À®¤¹¤ë¤¿¤á¤Ëñ°ì¤Îǧ¾Ú¶É¤Ë¤è¤Ã¤Æ¤¹¤Ù¤Æ¤Î X509 ¾ÚÌÀ" +"½ñ¤Ë½ð̾¤·¤Æ¤â¤é¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òÀ¸À®¤·¤¿¤¯¤Ê¤¤¾ì¹ç¡¢¤³¤Î¥¤¥ó¥¹¥È¡¼¥é¤Ï RSA ÈëÌ©¸°¤È¾ÚÌÀ½ñÍ×µá" +"¤Î¤ß¤òÀ¸À®¤·¤Þ¤¹¡£¤½¤·¤Æ¡¢Ç§¾Ú¶É¤Ë¾ÚÌÀ½ñÍ×µá¤Ø½ð̾¤ò¤·¤Æ¤â¤é¤¦É¬Íפ¬¤¢¤ê¤Þ" +"¤¹¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ë¹ñ¥³¡¼¥É¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"¤¢¤Ê¤¿¤Î¹ñ¤Î¹ñ¥³¡¼¥É¤ò2ʸ»ú¤ÇÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤Î¥³¡¼¥É¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ" +"¤ì¤Þ¤¹¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"openssl ¤¬¹ñ¥³¡¼¥É¤Ê¤·¤Ç¤Ï¾ÚÌÀ½ñ¤ÎÀ¸À®¤òµñÈݤ¹¤ë¤Î¤Ç¡¢Àµ¤·¤¤¹ñ¥³¡¼¥É¤ò¤³¤³¤Ç" +"ÆþÎϤ¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£X.509 ¾ÚÌÀ½ñ¤Ç¤Ï¡¢Â¾¤Î¥Õ¥£¡¼¥ë¥É¤Ë¤Ä¤¤¤Æ¤Ï¶õ¤Ç¤â¹½¤¤" +"¤Þ¤»¤ó¤¬¡¢¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ïµö²Ä¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Îã: JP" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÅÔÆ»Éܸ©Ì¾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"¤¢¤Ê¤¿¤¬ºß½»¤·¤Æ¤¤¤ëÅÔÆ»Éܸ©¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ" +"¤¹¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Îã: Tokyo" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÅÚÃϤÎ̾Á°¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"¤¢¤Ê¤¿¤Îºß½»¤·¤Æ¤¤¤ëÃÏÊý¤Î̾Á° (Îã: »ÔĮ¼̾) ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ" +"½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Îã: Shinjuku-ku" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÁÈ¿¥Ì¾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"X509 ¾ÚÌÀ½ñ¤ÎÀ¸À®ÂоݤȤʤë¤Ù¤­ÁÈ¿¥ (Îã: ²ñ¼Ò) ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ" +"½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Îã: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ëÁÈ¿¥Ã±°Ì¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"X509 ¾ÚÌÀ½ñ¤ÎÀ¸À®ÂоݤȤʤë¤Ù¤­ÁÈ¿¥Ã±°Ì (Îã: Éô½ð̾) ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì" +"¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Îã: security group" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ë¥³¥â¥ó¥Í¡¼¥à¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"X509 ¾ÚÌÀ½ñ¤ÎÀ¸À®ÂоݤȤʤë¤Ù¤­¥³¥â¥ó¥Í¡¼¥à (Îã: ¤³¤Î¥Þ¥·¥ó¤Î¥Û¥¹¥È̾) ¤òÆþÎÏ" +"¤·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Îã: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "X509 ¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤¹¤ë¥á¡¼¥ë¥¢¥É¥ì¥¹¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"X509 ¾ÚÌÀ½ñ¤ÎÀÕǤ¼Ô¤È¤Ê¤ë¿Íʪ¡¦ÃÄÂΤΥ᡼¥ë¥¢¥É¥ì¥¹¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤Î¥¢" +"¥É¥ì¥¹¤Ï¾ÚÌÀ½ñÍ×µá¤Ëµ­ºÜ¤µ¤ì¤Þ¤¹¡£" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Openswan ¤Ç opportunistic encryption ¤òÍ­¸ú¤Ë¤·¤Þ¤¹¤«?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan ¤Ï¡¢IPSec ǧ¾Ú¾ðÊó (Îã: RSA ¸ø³«¸°) ¤ò (´ê¤ï¤¯¤Ï¥»¥­¥å¥¢¤Ê) DNS ¥ì" +"¥³¡¼¥ÉÆâ¤ËÊݸ¤¹¤ë opportunistic encryption (OE) ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤Ï" +"¹­¤¯ÍøÍѤµ¤ì¤ë¤è¤¦¤Ë¤Ê¤ë¤Þ¤Ç¡¢Í­¸ú¤Ë¤¹¤ë¤È³°Éô¤Ø¤Î¿·µ¬Àܳ¤ÏÁ´¤Æ³ÊÃʤËÃÙ¤¯¤Ê" +"¤ê¤Þ¤¹¡£¥Ð¡¼¥¸¥ç¥ó 2.0 ¤è¤ê Openswan ¤Î³«È¯¸µ¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç OE ¤òÍ­¸ú¤Ë¤·¤Æ¤ª" +"¤ê¡¢¤·¤¿¤¬¤Ã¤Æ pluto (Openswan ¸°½ð̾¥Ç¡¼¥â¥ó) ¤¬³«»Ï¤¹¤ë¤È¤¹¤°¡¢´û¤Ë¸ºß¤·¤Æ" +"¤¤¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ø¤ÎÀܳ (¤Ä¤Þ¤ê¥Ç¥Õ¥©¥ë¥È¥ë¡¼¥È) ¤¬ÃæÃǤµ¤ì¤ë¤«¤â¤·¤ì¤Þ¤»" +"¤ó¡£" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"OE ¤Î¥µ¥Ý¡¼¥È¤òÍ­¸ú¤Ë¤¹¤ë¤«¤É¤¦¤«¤òÁª¤ó¤Ç¤¯¤À¤µ¤¤¡£¤è¤¯¤ï¤«¤é¤Ê¤¤¾ì¹ç¤Ï¡¢Í­¸ú" +"¤Ë¤Ï¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£" diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 000000000..be1799c50 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,527 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 2.3.0-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-02-07 20:53+0100\n" +"Last-Translator: Luk Claes \n" +"Language-Team: Debian l10n Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "\"zo vroeg mogelijk\", \"na NFS\", \"na PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Op welk niveau wilt u Openswan starten?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Met de huidige Debian-startniveaus (bijna alles start op niveau 20), is het " +"onmogelijk voor Openswan om altijd op de correcte tijd te starten. Er zijn " +"drie mogelijkheden waar Openswan kan starten: vóór of na de NFS-diensten en " +"na de PCMCIA-diensten. Het correcte antwoord hangt af van uw specifieke " +"configuratie." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Als u uw /usr-boom niet via NFS heeft aangekoppeld (u koppelt enkel andere, " +"minder vitale bomen via NFS of u gebruikt NFS helemaal niet om bomen aan te " +"koppelen) en u gebruikt geen PCMCIA-netwerkkaart, dan is het best om " +"Openswan zo vroeg mogelijk te starten, dus toe te staan van de NFS-" +"aankoppelingen te beveiligen door IPSec. In dit geval (of als u deze zaak " +"niet verstaat of het u niet uitmaakt), antwoord dan \"zo vroeg mogelijk\" op " +"deze vraag (de standaard)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Als u uw /usr-boom via NFS heeft aangekoppeld en u gebruikt geen PCMCIA-" +"netwerkkaart, dan zult u Openswan moeten starten na NFS zodat alle nodige " +"bestanden aanwezig zijn. In dit geval, antwoord \"na NFS\" op deze vraag. " +"Merk op dat in dit geval de NFS-aankoppeling van /usr niet beveiligd kan " +"worden door IPSec." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Als u een PCMCIA-netwerkkaart gebruikt voor uw IPSec-verbindingen, dan hebt " +"u enkel de keuze om te starten na de PCMCIA-diensten. Antwoord in dit geval " +"\"na PCMCIA\". Dit is ook het correcte antwoord als u sleutels wilt afhalen " +"van een lokaal draaiende DNS-server met DNSSec-ondersteuning." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Wilt u Openswan herstarten?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Openswan herstarten is een goed idee omdat als er een veiligheidsherstelling " +"is, het pas echt hersteld zal zijn vanaf dat de achtergronddienst is " +"herstart. De meeste mensen verwachten dat de achtergronddienst herstart, dus " +"dit is meestal een goed idee. Hoewel, dit kan bestaande verbindingen " +"verbreken en ze dan opnieuw herstellen." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "Wilt u een publiek/privaat RSA-sleutelpaar aanmaken voor deze host?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Deze installatie kan automatisch een publiek/privaat RSA-sleutelpaar " +"aanmaken voor deze host. Dit sleutelpaar kan gebruikt worden om IPSec-" +"verbinden naar andere hosts te authenticeren en is de aanbevolen manier om " +"veilige IPSec-verbindingen op te zetten. De andere mogelijkheid zou zij om " +"gedeelde geheimen (wachtwoorden die aan beide kanten van de tunnel hetzelfde " +"zijn) te gebruiken voor het authenticeren van een verbinding, maar voor een " +"groter aantal verbindingen is RSA-authenticatie gemakkelijker te beheren en " +"veiliger." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, gewoon" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Welk type RSA-sleutelpaar wilt u aanmaken?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Het is mogelijk om een gewoon publiek/privaat RSA-sleutelpaar aan te maken " +"om te gebruiken met Openswan of om een X509-certificaatbestand aan te maken " +"die de publieke RSA-sleutel bevat en de corresponderende private sleutel te " +"bewaren." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Als u enkel IPSec-verbindingen wilt opzetten naar hosts die ook Openswan " +"draaien, dan is het misschien een beetje gemakkelijker om gewone RSA-" +"sleutelparen te gebruiken. Maar als u verbindingen wilt leggen met andere " +"IPSec-implementaties, dan zult u een X509-certificaat nodig hebben. Het is " +"ook mogelijk om hier een X509-certificaat aan te maken en de publieke RSA-" +"sleutel te extraheren in een gewoon formaat als de andere kant Openswan " +"draait zonder X509-certificaatondersteuning." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Daarom wordt een X509-certificaat aanbevolen omdat het flexibeler is en deze " +"installatie moet de complexe creatie van een X509-certificaat kunnen " +"verbergen en het toch in Openswan kunnen gebruiken." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Hebt u een bestaand X509-certificaatbestand dat u voor Openswan wilt " +"gebruiken?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Deze installatie kan de benodigde informatie automatisch extraheren van een " +"bestaand X509-certificaat met een bijhorende private RSA-sleutel. Beide " +"delen kunnen in één bestand zijn, als het in PEM-formaat is. Hebt u zo'n " +"bestaand certificaat en een sleutelbestand; en wilt u het voor de " +"authenticatie van IPSec-verbindingen gebruiken?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Geef de locatie van uw X509-certificaat in PEM-formaat." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Geef de locatie van het bestand dat uw X509-certificaat in PEM-formaat bevat." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Geef de locatie van uw private X509-sleutel in PEM-formaat." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Geef de locatie van het bestand dat uw private RSA-sleutel bevat die behoort " +"bij uw X509-certificaat in PEM-formaat. Dit kan hetzelfde bestand zijn als " +"dat wat uw X509-certificaat bevat." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Welke lengte moet de aangemaakte RSA-sleutel hebben?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Geef de lengte van de aangemaakte RSA-sleutel. Het mag niet minder dan 1024 " +"bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk " +"niet meer dan 2048 bits nodig hebben omdat het enkel het authenticatieproces " +"vertraagt en op dit moment niet nodig is." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Wilt u een door uzelf getekend X509-certificaat?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Deze installatie kan automatisch een door uzelf getekend X509-certificaat " +"aanmaken omdat anders een certificaatautoriteit nodig is om de " +"certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " +"wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " +"leggen met andere IPSec-hosts die X509-certificaten ondersteunen voor IPSec-" +"verbindingen. Hoewel, als u de nieuwe PKI-mogelijkheden wilt gebruiken of " +"als Openswan >= 1.91, dan zult u alle X509-certificaten moeten laten tekenen " +"door één enkele certificaatautoriteit om een vertrouwenspad aan te maken." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Als u geen door uzelf getekend certificaat wilt aanmaken, dan zal deze " +"installatie enkel de private RSA-sleutel en de certificaataanvraag aanmaken " +"en u zult de certificaataanvraag moeten laten tekenen door uw " +"certificaatautoriteit." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Geef de landcode van de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Geef de 2-letterige landcode voor uw land. Deze code zal in de " +"certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"U moet hier wel een geldige landcode opgeven omdat openssl anders zal " +"weigeren om een certificaat aan te maken. Er is voor elke veld van het X509-" +"certificaat een leeg veld toegestaan, maar niet voor dit veld." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Voorbeeld: BE" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Geef de staat of provincie voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Geef de volledige naam van de staat of provincie waarin u woont. Deze naam " +"zal in de certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Voorbeeld: Limburg" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Geef de plaatsnaam voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Geef de plaatsnaam (v.b. stad) waar u woont. Deze naam zal in de " +"certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Voorbeeld: Genk" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Geef de naam van de organisatie voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Geef de organisatie (v.b. bedrijf) waarvoor het X509-certificaat wordt " +"aangemaakt. Deze naam zal in de certicicaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Voorbeeld: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Geef de organisatie-eenheid voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Geef de organisatie-eenheid (v.b. dienst) waarvoor het X509-certificaat " +"wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Voorbeeld: dienst veiligheid" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Geef de naam voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Geef de naam (v.b. computernaam van deze machine) waarvoor het X509-" +"certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden " +"geplaatst." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Voorbeeld: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Geef het e-mailadres voor de X509-certificaataanvraag." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " +"voor het X509-certificaat. Dit adres zal in de certificaataanvraag worden " +"geplaatst." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Wilt u opportunistische encryptie aanschakelen in Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan heeft ondersteuning voor opportunistische encryptie (OE) die IPSec-" +"authenticatie-informatie (v.b. publieke RSA-sleutels) bewaart in (liefst " +"veilige) DNS-records. Totdat dit veelvuldig wordt toegepast zal dit " +"activeren, een significante vertraging veroorzaken voor elke nieuwe " +"uitgaande verbinding. Omdat versie 2.0 van Openswan standaard OE heeft " +"aangeschakeld, wordt dus waarschijnlijk uw bestaande verbinding met het " +"Internet (v.b. uw standaard route) verbroken vanaf dat pluto (de Openswan-" +"sleutelringachtergronddienst) wordt gestart." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Kiest of u OE-ondersteuning wilt aanschakelen. Indien onzeker, schakel het " +"dan niet aan." diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 000000000..ca7547da4 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,549 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-01-24 21:53-0200\n" +"Last-Translator: André Luís Lopes \n" +"Language-Team: Debian-BR Project \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Em que nível você deseja iniciar o Openswan ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Com os níveis de inicialização atuais do Debian (quase todos os serviços " +"iniciando no nível 20) é impossível para o Openswan sempre iniciar no " +"momento correto. Existem três possibilidades para quando iniciar o " +"Openswan : antes ou depois dos serviços NFS e depois dos serviços PCMCIA. A " +"resposta correta depende se sua configuração específica." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Caso você não possua sua àrvore /usr montada via NFS (você somente monta " +"outras àrvores não vitais via NFS ou não usa àrvores montadas via NFS) e não " +"use um cartão de rede PCMCIA, a melhor opção é iniciar o Openswan o quando " +"antes, permitindo dessa forma que os pontos de montagem NFS estejam " +"protegidos por IPSec. Nesse caso (ou caso você não compreenda ou não se " +"importe com esse problema), responda \"o quando antes\" para esta pergunta " +"(o que é o padrão)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Caso você possua sua àrvore /usr montada via NFS e não use um cartão de rede " +"PCMCIA, você precisará iniciar o Openswan depois do NFS de modo que todos os " +"arquivos necessários estejam disponíveis. Nesse caso, responda \"depois do " +"NFS\" para esta pergunta. Por favor, note que a montagem NFS de /usr não " +"poderá ser protegida pelo IPSec nesse caso." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Caso você use um cartão de rede PCMCIA para suas conexões IPSec você " +"precisará somente optar por iniciar o Opensan depois dos serviços PCMCIA. " +"Responda \"depois do PCMCIA\" nesse caso. Esta é também a maneira correta de " +"obter chaves de um servidor DNS sendo executado localmente e com suporte a " +"DNSSec." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Você deseja reiniciar o Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Reiniciar o Openswan é uma boa idéia, uma vez que caso exista um correção " +"para uma falha de segurança, o mesmo não será corrigido até que o daemon " +"seja reiniciado. A maioria das pessoas esperam que o daemon seja reiniciado, " +"portanto essa é geralmente uma boa idéia. Porém, reiniciar o Openswan pode " +"derrubar conexões existentes, mas posteriormente trazê-las de volta." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "" +"Você deseja criar um par de chaves RSA pública/privada para este host ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Este instalador pode automaticamente criar um par de chaves RSA pública/" +"privada para este host. Esse par de chaves pode ser usado para autenticar " +"conexões IPSec com outros hosts e é a maneira preferida de construir " +"conexões IPSec seguras. A outra possibilidade seria usar segredos " +"compartilhados (senhas que são iguais em ambos os lados do túnel) para " +"autenticar uma conexão, mas para um grande número de conexões RSA a " +"autenticação é mais fácil de administrar e mais segura." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, pura" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Qual tipo de par de chaves RSA você deseja criar ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"É possível criar um par de chaves RSA pública/privada pura (plain) para uso " +"com o Openswan ou para criar um arquivo de certificado X509 que irá conter a " +"chave RSA pública e adicionalmente armazenar a chave privada correspondente." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Caso você queira somente construir conexões IPsec para hosts e também " +"executar o Openswan, pode ser um pouco mais fácil usar pares de chaves RSA " +"puros (plain). Mas caso você queira se conectar a outras implementações " +"IPSec, você precisará de um certificado X509. É também possível criar um " +"certificado X509 aqui e extrair a chave pública em formato puro (plain) caso " +"o outro lado execute o Openswan sem suporte a certificados X509." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Um certificado X509 é recomendado, uma vez que o mesmo é mais flexível e " +"este instalador é capaz de simplificar a complexa criação do certificado " +"X509 e seu uso com o Openswan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Você possui um arquivo de certificado X509 existente que você gostaria de " +"usar com o Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Este instalador pode extrair automaticamente a informação necessária de um " +"certificado X509 existente com uma chave RSA privada adequada. Ambas as " +"partes podem estar em um arquivo, caso estejam no formato PEM. Você possui " +"um certificado existente e um arquivo de chave e quer usá-los para " +"autenticar conexões IPSec ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "" +"Por favor, informe a localização de seu certificado X509 no formato PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Por favor, informe a localização do arquivo contendo seu certificado X509 no " +"formato PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "" +"Por favor, informe a localização de sua chave privada X509 no formato PEM." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Por favor, informe a localização do arquivo contendo a chave privada RSA que " +"casa com seu certificado X509 no formato PEM. Este pode ser o mesmo arquivo " +"que contém o certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Qual deve ser o tamanho da chave RSA criada ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor, informe o tamanho da chave RSA a ser criada. A mesma não deve ser " +"menor que 1024 bits devido a uma chave de tamanho menor que esse ser " +"considerada insegura. Você também não precisará de nada maior que 2048 " +"porque isso somente deixaria o processo de autenticação mais lento e não " +"seria necessário no momento." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Deseja criar um certificado X509 auto-assinado ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Este instalador pode criar automaticamente somente certificados X509 auto-" +"assinados, devido a uma autoridade certificadora ser necessária para assinar " +"a requisição de certificado. Caso você queira criar um certificado auto-" +"assinado, você poderá usá-lo imediatamente para conexão com outros hosts " +"IPSec que suportem certificados X509 para autenticação de conexões IPSec. " +"Porém, caso você queira usar os novos recursos PKI do Openswan versão 1.91 " +"ou superior, você precisará possuir todos seus certificados X509 assinados " +"por uma única autoridade certificadora para criar um caminho de confiança." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Caso você não queira criar um certificado auto-assinado, este instalador irá " +"somente criar a chave privada RSA e a requisição de certificado e você terá " +"então que assinar a requisição de certificado junto a sua autoridade " +"certificadora." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "" +"Por favor, informe o código de país para a requisição de certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Por favor, informe o códifo de país de duas letras para seu país. Esse " +"código será inserido na requisição de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Você realmente precisa informar um código de país válido aqui devido ao " +"openssl se recusar a gerar certificados sem um código de país válido. Um " +"campo em branco é permitido para qualquer outro campo do certificado X.509, " +"mas não para esse campo." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Exemplo: BR" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "" +"Por favor, informe o estado ou nome de província para a requisição de " +"certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Por favor, informe o nome complete do estado ou província em que você mora. " +"Esse nome será inserido na requisição de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Exemplo : Sao Paulo" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "" +"Por favor, informe o nome da localidade para a requisição de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Por favor, informe a localidade (ou seja, cidade) onde você mora. Esse nome " +"será inserido na requisição de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Exemplo : Sao Paulo" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "" +"Por favor, informe o nome da organização para a requisição de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Por favor, informe a organização (ou seja, a empresa) para a qual este " +"certificado X509 deverá ser criado. Esse nome será inserido na requisição de " +"certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Exemplo : Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "" +"Por favor, informe a unidade organizacional para a requisição de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe a unidade organizacional (ou seja, seção ou departamento) " +"para a qual este certificado deverá ser criado. Esse nome será inserido na " +"requisição de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Exemplo : Grupo de Segurança" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Por favor, informe o nome comum para a requisição de certificado X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe o nome comum (ou seja, o nome do host dessa máquina) para " +"o qual o certificado X509 deverá ser criado. Esse nome será inserido na " +"requisição de certificado." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Exemplo : gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "" +"Por favor, informe o endereço de e-mail para a requisição de certificado " +"X509." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe o endereço de e-mail da pessoa ou organização responsável " +"pelo certificado X509. Esse endereço será inserido na requisição de " +"certificado." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Você deseja habilitar a encriptação oportunística no Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"O Openswan suporta encriptação oportunística (OE), a qual armazena " +"informações de autenticação IPSec (por exemplo, chaves públicas RSA) em " +"registros DNS (preferivelmente seguros). Até que esse suporte esteja " +"largamento sendo utilizado, ativá-lo irá causar uma signficante lentidão " +"para cada nova conexão de saída. Iniciando a partir da versão 2.0, o " +"Openswan, da forma como é distribuído pelos desenvolvedores oficiais, é " +"fornecido com o suporte a OE habilitado por padrão e, portanto, " +"provavelmente irá quebrar suas conexões existentes com a Internet (por " +"exemplo, sua rota padrão) tão logo o pluto (o daemon de troca de chaves do " +"Openswan) seja iniciado." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Por favor, informe se você deseja habilitar o suporte a OE. Em caso de " +"dúvidas, não habilite esse suporte." + +#~ msgid "2048" +#~ msgstr "2048" diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 000000000..82bb6a687 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,523 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 2.4.0-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-11-16 00:22+0100\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: swe\n" +"X-Poedit-Country: swe\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "tidigast, \"efter NFS\", \"efter PCMCIA\"" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Vid vilken nivå vill du starta Openswan ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Med de nuvarande uppstartsnivåerna i Debian (nästan allt startar på nivån " +"20) är det omöjligt för Openswan att alltid starta vid rätt tid. Det finns " +"tre möjligheter när Openswan kan startas: före eller efter NFS-tjänsterna " +"och efter PCMCIA-tjänsterna. Det rätta svaret beror på din specifika " +"konfiguration." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Om du inte har ditt /usr-träd monterat via NFS (antingen monterar du andra, " +"mindre viktiga träd via NFS eller så använder du inte NFS-monterade träd " +"alls) och inte använder ett PCMCIA-nätverkskort är det bäst att starta " +"Openswan så tidigt som möjligt och därmed tillåter säkra NFS-monteringar via " +"IPSec. I detta fall (eller om du inte förstår eller bryr dig om detta) svara " +"\"tidigast\" på denna fråga (standard)." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Om du inte har ditt /usr-träd monterat via NFS och inte använder ett PCMCIA-" +"nätverkskort behöver du starta Openswan efter NFS så att alla nödvändiga " +"filer finns tillgängliga. I detta fall, svara \"efter NFS\" på frågan. " +"Notera dock att NFS-monteringen av /usr kan inte säkras upp via IPSec i " +"detta fall." + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Om du använder ett PCMCIA-nätverkskort för dina IPSec-anslutningar har du " +"bara valet att starta den efter PCMCIA-tjänsterna. Svara \"efter PCMCIA\" i " +"detta fall. Detta är också det rätta svaret om du vill hämta nycklar från en " +"lokalt körande DNS-server med DNSSec-stöd." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Vill du starta om Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Starta om Openswan är en bra idé eftersom om det är en säkerhetsrättning " +"kommer den inte rättas till förräns demonen är omstartad. De flesta personer " +"förväntar sig att demonen startar om så detta är generellt sett en bra idé. " +"Dock kan detta kanske ta ner existerande anslutningar och sedan ta dom upp " +"igen." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "Vill du skapa ett publik/privat RSA-nyckelpar för denna värdmaskin ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Detta installerare kan automatiskt skapa ett publik/privat RSA-nyckelpar för " +"denna värdmaskin. Detta nyckelpar kan användas för att autentisera IPSec-" +"anslutningar till andra värdar och är det sätt som föredras för att bygga " +"upp säkra IPSec-anslutningar. Den andra möjligheten skulle vara att använda " +"delade hemligheter (lösenord som är samma på båda sidor av tunneln) för att " +"autentisera en anslutning men för ett större antal anslutningar är RSA-" +"autentiseringar det enklaste att administrera och mer säkert." + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, enkel" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Vilken typ av RSA-nyckelpar vill du skapa ?" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" +"Det är möjligt att skapa ett enkelt publik/privat RSA-nyckelpar för att " +"använda med Openswan eller att skapa en X509-certifikatfil som innehåller " +"den publika RSA-nyckeln och dessutom lagra den motsvarande privata nyckeln." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" +"Om du bara vill bygga upp IPSec-anslutningar till värdmaskin som också kör " +"Openswan kan det vara lite enklare att använda enkla (plain) RSA-nyckelpar. " +"Men om du vill ansluta till andra IPSec-implementationer behöver du ett X509-" +"certifikat. Det är också möjligt att skapa ett X509-certifikat här och " +"plocka ut den publika RSA-nyckeln i enkelt format om den andra sidan kör " +"Openswan utan stöd för X509-certifikat." + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" +"Därför är ett X509-certifikat rekommenderat eftersom det är mer flexibelt " +"och denna installerare bör kunna gömma den komplexa processen att skapa X509-" +"certifikatet och dess användning i Openswan ändå." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" +"Har du en existerande X509-certifikatfil som du vill använda för Openswan ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" +"Denna installerare kan automatiskt plocka ut den information som behövs från " +"ett existerande X509-certifikat med en matchande privat RSA-nyckel. Båda " +"delar kan vara i en fil om den är i PEM-format. Har du ett sådant " +"existerande certifikat och nyckelfil och vill använda det för att " +"autentisera IPSec-anslutningar ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Ange platsen för ditt X509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" +"Ange platsen för din fil som innehåller ditt X509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Ange platsen för din privata X509-nyckel i PEM-format." + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Ange platsen för den fil som innehåller den privata RSA-nyckeln som matchar " +"ditt X509-certifikat i PEM-format. Detta kan vara samma fil som innehåller " +"X509-certifikatet." + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Vilken längd ska den skapade RSA-nyckeln ha ?" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Ange längden för den skapade RSA-nyckeln, den bör inte vara kortare än 1024 " +"bitar för att detta bör anses som osäkert och du vill antagligen inte behöva " +"någon längre än 2048 bitar för att det bara gör autentiseringsprocessen " +"långsammare och behövs inte just nu." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Vill du skapa ett själv-signerat X509-certifikat ?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Denna installerare kan bara skapa själv-signerade X509-certifikat " +"automatiskt för att annars behövs en certifikatutställare som kan signera " +"certifikatförfrågan. Om du vill skapa ett själv-signerat certifikat kan du " +"använda det omedelbart för att ansluta till andra IPSec-värdar som har stöd " +"för X509-certifikat för autentisering för IPSec-anslutningar. Om du vill " +"använda de nya PKI-funktionerna i Openswan >= 1.91 behöver du ha alla X509-" +"certifikat signerade av en enda certifikatutställare för att skapa en " +"pålitlig väg." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" +"Om du inte vill skapa ett själv-signerat certifikat kommer denna " +"installerare bara att skapa den privata RSA-nyckeln och certifikatförfrågan " +"och du kommer att behöva signera certifikatförfrågan med din " +"certifikatutgivare." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Ange en landskod för X509-certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Ange en landskod med 2 bokstäver för ditt land. Denna kod kommer att " +"placeras i certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Du behöver verkligen ange en giltig landskod här för att openssl kommer att " +"vägra att generera certifikat utan ett. Ett tomt fält är tillåtet för alla " +"andra fält i X509-certifikatet men inte för denna." + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Exempel: SE" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Ange namnet på regionen eller länet för X509-certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Ange det fulla namnet på regionen eller länet du bor i. Detta namn kommer " +"att placeras i certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Exempel: Centrala Sverige" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Ange lokaliteten för X509-certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Ange lokaliteten (exempelvis stad) där du bor. Detta namn kommer att " +"placeras i certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Exempel: Stockholm" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Ange organisationsnamnet för X509-certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Ange organisationen (exempelvis företaget) som X509-certifikatet ska skapas " +"för. Detta namn kommer att placeras i certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Exempel: Debian" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Ange organisationsenheten för X509-certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Ange organisationsenheten (exempelvis avdelning) som X509-certifikatet ska " +"skapas för. Detta namn kommer att placeras i certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Exempel: säkerhetsgruppen" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Ange namnet för X509-certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Ange namnet (exempelvis värdnamnet för denna maskin) för vilken X509-" +"certifikatet ska skapas för. Detta namn kommer att placeras i " +"certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Exempel: gateway.debian.org" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Ange e-postaddressen för X509-certifikatförfrågan." + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Ange e-postaddressen till den person eller organisation som ansvarar för " +"X509-certifikatet. Denna address kommer att placeras i certifikatförfrågan." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Vill du aktivera opportunistisk kryptering i Openswan?" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" +"Openswan har stöd för opportunistisk kryptering (OE) som lagrar information " +"om IPSec-autentiseringen (exempelvis publika RSA-nycklar) i (helst säkra) " +"DNS-poster. Tills detta är en mer utbredd tjänst kan aktivering av det " +"orsaka en betydande hastighetssänkning för varje ny utgående anslutning. " +"Sedan version 2.0 kommer Openswan (uppström) med OE aktiverad som standard " +"och kommer därför sannorlikt att bryta din existerande anslutning till " +"Internet (exempelvis din standardrutt) som snart som pluto (demonen för " +"Openswan-nycklar) startas." + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Välj om du vill aktivera stöd för OE. Om du är osäker bör du inte aktivera " +"det." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 000000000..33c4a2acb --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,424 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" + +#. Type: select +#. Choices +#: ../openswan.templates.master:53 +msgid "x509, plain" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "" + +#. Type: select +#. Description +#: ../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:124 +msgid "Example: AT" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:165 +msgid "Example: security group" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "" + +#. Type: boolean +#. Description +#: ../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100755 index 000000000..cd52c4733 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,416 @@ +# Vietnamese translation for openswan. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 1/2.2.0-10\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-03-16 06:09+0100\n" +"PO-Revision-Date: 2005-07-03 13:49+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" +"X-Generator: LocFactoryEditor 1.2.2\n" + +#.Type: select +#.Choices +#:../openswan.templates.master:3 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "sá»›m nhất, «sau NFS», «sau PCMCIA»" + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "At which level do you wish to start Openswan ?" +msgstr "Bạn có muốn khởi chạy trình Openswan tại cấp nào?" + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"With the current Debian startup levels (nearly everything starting in level " +"20), it is impossible for Openswan to always start at the correct time. " +"There are three possibilities when Openswan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "Trong những cấp khởi chạy Debian hiện thá»i (gần má»i trình khởi chạy trên cấp 20), không thể đảm bảo trình Openswan sẽ khởi chạy vào Ä‘iểm thá»i đúng. Có ba lúc có thể khởi chạy trình Openswan: lúc trÆ°á»›c hay lúc sau dịch vụ NFS và lúc sau dịch vụ PCMCIA. Giá trị đúng phụ thuá»™c vào thiết lập riêng của bạn." + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start Openswan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "Nếu bạn không có cây «/usr» mình được gắn thông qua NFS (hoặc bạn chỉ gắn cây khác, ít quan trá»ng hÆ¡n, thông qua NFS, hoặc bạn không sá»­ dụng cây do NFS gắn cách nào cả) và không sá»­ dụng má»™t thẻ mạng PCMCIA, thì tốt nhất là khởi chạy trình Openswan càng sá»›m càng có thể, mà cho phép IPSec bảo vệ những Ä‘iểm gắn NFS. Trong trÆ°á»ng hợp này (hoặc nếu bạn không hiểu được vấn Ä‘á» này, hoặc không nghÄ© nó là quan trá»ng) thì hãy trả lá»i «sá»›m nhất» (earliest: giá trị mặc định) cho câu há»i này." + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start Openswan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "Nếu bạn có cây «/usr» mình được gắn thông qua NFS và không sá»­ dụng má»™t thẻ mạng PCMCIA, thì bạn sẽ cần phải khởi chạy Openswan sau NFS, để má»i tập tin cần thiết có sẵn sàng. Trong trÆ°á»ng hợp này, hãy trả lá»i «sau NFS» (after NFS) cho câu há»i này. Tuy nhiên, IPsec sẽ không thể bảo vệ Ä‘iểm gắn của «/usr» trong trÆ°á»ng hợp này." + +#.Type: select +#.Description +#:../openswan.templates.master:5 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "Nếu bạn sá»­ dụng thẻ PCMCIA để kết nối cách loại IPSec, thì chỉ hãy chá»n khởi chạy FreeS/WAN sau những dịch vụ PCMCIA. Hãy trả lá»i «sau PCMCIA» trong trÆ°á»ng hợp này. Trả lá»i này cÅ©ng đúng nếu bạn muốn gá»i khóa từ má»™t máy phục vụ DNS chạy địa phÆ°Æ¡ng có loại há»— trợ DNSSec." + +#.Type: boolean +#.Description +#:../openswan.templates.master:33 +msgid "Do you wish to restart Openswan?" +msgstr "Bạn có muốn khởi chạy lại trình Openswan không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:33 +msgid "" +"Restarting Openswan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "Khởi chạy lại trình Openswan là má»™t ý kiến tốt, vì nó hiệu lá»±c việc sá»­a bảo mật má»›i nào. Phần lá»›n ngÆ°á»i ngá» trình ná»n (dæmon) sẽ khởi chạy lại, thì nói chung làm nhÆ° thế là má»™t ý kiến tốt. Tuy nhiên, việc khởi chạy lại có thể ngắt các sá»± kết nối hiện thá»i, rồi kết nối chúng lại." + +#.Type: boolean +#.Description +#:../openswan.templates.master:42 +msgid "Do you want to create a RSA public/private keypair for this host ?" +msgstr "Bạn có muốn tạo má»™t cặp khóa công/riêng RSA cho máy này không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:42 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "Trình cài đặt này có thể tá»± Ä‘á»™ng tạo má»™t cặp khóa công/riêng RSA cho máy này. Có thể sá»­ dụng cặp khóa này để xác thá»±c cách kết nối IPSec tá»›i máy khác, và nó là cách Æ°a thích để xây dụng cách kết nối IPSec bảo mật. Hoặc có thể sá»­ dụng «bí mật dùng chung» (shared secrets), mà có cùng má»™t mật khẩu tại cả hai đầu và cuối Ä‘á»u Ä‘Æ°á»ng hầm, để xác thá»±c má»—i sá»± kết nối. Tuy nhiên, vá»›i sá»± kết nối rất nhiá»u, dá»… hÆ¡n để sá»­ dụng cách xác thá»±c RSA và nó bảo mật hÆ¡n. " + +#.Type: select +#.Choices +#:../openswan.templates.master:53 +msgid "x509, plain" +msgstr "x509, giản dị" + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "Which type of RSA keypair do you want to create ?" +msgstr "Bạn có muốn tạo cặp khóa RSA loại nào?" + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"Openswan or to create a X509 certificate file which contains the RSA public " +"key and additionally stores the corresponding private key." +msgstr "Có thể tạo má»™t cặp khóa công/riêng RSA thô để sá»­ dụng vá»›i trình Openswan, hoặc tạo má»™t tập tin chứng nhận X509 chứa khóa công RSA ấy và cÅ©ng cất giữ khóa riêng tÆ°Æ¡ng ứng." + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"Openswan, it might be a bit easier using plain RSA keypairs. But if you want " +"to connect to other IPSec implementations, you will need a X509 certificate. " +"It is also possible to create a X509 certificate here and extract the RSA " +"public key in plain format if the other side runs Openswan without X509 " +"certificate support." +msgstr "Nếu bạn chỉ muốn xây dụng sá»± kết nối IPSec đến máy cÅ©ng chạy trình Openswan, có thể dá»… dàng hÆ¡n khi sá»­ dụng cặp khóa RSA thô. Còn nếu bạn muốn kết nối đến má»™t sá»± thá»±c hiện IPSec khác, thì bạn sẽ cần có má»™t chứng nhận loại X509. CÅ©ng có thể tạo má»™t chứng nhận X509 tại đây, rồi rút khóa công RSA có dạng thô, nếu bên khác có chạy trình Openswan không có há»— trợ chứng nhận X509." + +#.Type: select +#.Description +#:../openswan.templates.master:55 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in Openswan anyway." +msgstr "Vì vậy khuyến khích má»™t chứng nhận X509, vì nó dẻo hÆ¡n và trình cài đặt này nên có thể ẩn việc phức tạp tạo chứng nhận X509 và cách dùng nó trong trình Openswan." + +#.Type: boolean +#.Description +#:../openswan.templates.master:74 +msgid "" +"Do you have an existing X509 certificate file that you want to use for " +"Openswan ?" +msgstr "Bạn có má»™t tập tin chứng nhận X509 mà bạn muốn sá»­ dụng vá»›i trình Openswan chÆ°a?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:74 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. Do you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections ?" +msgstr "Trình cài đặt này có thể tá»± Ä‘á»™ng giải mã thông tin cần thiết ra má»™t chứng nhận X509 đã có, vá»›i khóa riêng RSA tÆ°Æ¡ng ứng. Cả hai Ä‘iá»u có thể trong cùng má»™t tập tin, nếu nó có dạng PEM. Bạn có chứng nhận đã có nhÆ° vậy, và muốn sá»­ dụng nó để xác thá»±c cách kết nối IPSec không?" + +#.Type: string +#.Description +#:../openswan.templates.master:83 +msgid "Please enter the location of your X509 certificate in PEM format." +msgstr "Hãy nhập địa Ä‘iểm của chứng nhận X509 của bạn, có dạng PEM." + +#.Type: string +#.Description +#:../openswan.templates.master:83 +msgid "" +"Please enter the location of the file containing your X509 certificate in " +"PEM format." +msgstr "Hãy nhập địa Ä‘iểm của tập tin chứa chứng nhận X509 của bạn, có dạng PEM." + +#.Type: string +#.Description +#:../openswan.templates.master:89 +msgid "Please enter the location of your X509 private key in PEM format." +msgstr "Hãy nhập địa Ä‘iểm của khóa riêng X509 của bạn, có dạng PEM." + +#.Type: string +#.Description +#:../openswan.templates.master:89 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "Hãy nhập địa Ä‘iểm của tập tin chứa khóa RSA riêng khá»›p vá»›i chứng nhận X509 của bạn, có dạng PEM. Có thể là cùng má»™t tập tin chứa chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:97 +msgid "Which length should the created RSA key have ?" +msgstr "Khóa RSA má»›i được tạo nên có Ä‘á»™ dài nào?" + +#.Type: string +#.Description +#:../openswan.templates.master:97 +msgid "" +"Please enter the length of the created RSA key. it should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "Hãy nhập Ä‘á»™ dài của khóa RSA má»›i được tạo. Nên có ít nhất 1024 bit, vì khóa nào nhá» hÆ¡n kích thÆ°á»›c ấy không phải là bảo mật. Rất có thể là bạn sẽ không cần sá»­ dụng Ä‘á»™ dài hÆ¡n 2048 bit, vì nó chỉ giảm tốc Ä‘á»™ tiến trình xác thá»±c, và hiện thá»i không cần thiết." + +#.Type: boolean +#.Description +#:../openswan.templates.master:106 +msgid "Do you want to create a self-signed X509 certificate ?" +msgstr "Bạn có muốn tạo má»™t chứng nhận X509 tá»± ký không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:106 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of Openswan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "Trình cài đặt này chỉ có thể tá»± Ä‘á»™ng tạo chứng nhận X509 tá»± ký, vì nếu không thì má»™t nhà cầm quyá»n chứng nhận (Certificate Authority, CA) phải ký lá»i yêu cầu chứng nhận ấy. Nếu bạn muốn tạo má»™t chứng nhận tá»± ký, bạn có thể sá»­ dụng nó ngay lập tức để kết nối đến máy IPSec khác có há»— trợ sá»­ dụng chứng nhận X509 để xác thá»±c sá»± kết nối IPSec. Tuy nhiên, nếu bạn muốn sá»­ dụng những tính năng PKI má»›i của trình Openswan phiên bản ≥1.91, bạn sẽ phải có tất cả những chứng nhận X509 được ký bởi má»™t nhà cầm quyá»n chứng nhận riêng lẻ, để tạo má»™t «đưá»ng dẫn tin cây» (trust path)." + +#.Type: boolean +#.Description +#:../openswan.templates.master:106 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to sign the certificate request with your certificate authority." +msgstr "Nếu bạn không muốn tạo má»™t chứng nhận tá»± ký, thì trình cài đặt này sẽ tạo chỉ khóa RSA riêng và lá»i yêu cầu chứng nhận, và bạn sẽ phải ký lá»i yêu cầu ấy dùng nhà cầm quyá»n chứng nhận bạn." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "Please enter the country code for the X509 certificate request." +msgstr "Hãy nhập mã quốc gia cho lá»i yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "Hãy nhập mã hai chữ cho quốc gia bạn. Sẽ chèn mã này vào lá»i yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "Bạn thật cần phải nhập má»™t mã quốc gia hợp lệ vào đây, vì trình OpenSSL sẽ từ chối tạo ra chứng nhận nào khi không có mã ấy. Có thể bá» rá»—ng bất cứ trÆ°á»ng nào khác cho chứng nhận X509, nhÆ°ng mà không phải trÆ°á»ng này." + +#.Type: string +#.Description +#:../openswan.templates.master:124 +msgid "Example: AT" +msgstr "Lấy thí dụ: VN" + +#.Type: string +#.Description +#:../openswan.templates.master:137 +msgid "" +"Please enter the state or province name for the X509 certificate request." +msgstr "Hãy nhập tên bảng hay tỉnh cho lá»i yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:137 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "Hãy nhập tên đầy đủ của bang hay tỉnh nÆ¡i bạn ở. Sẽ chèn tên này vào lá»i yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:137 +msgid "Example: Upper Austria" +msgstr "Lấy thí dụ: Bình Äịnh" + +#.Type: string +#.Description +#:../openswan.templates.master:146 +msgid "Please enter the locality name for the X509 certificate request." +msgstr "Hãy nhập tên địa phÆ°Æ¡ng cho lá»i yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:146 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "Hãy nhập địa phÆ°Æ¡ng (v.d. thành phố) nÆ¡i bạn ở. Sẽ chèn tên này vào lá»i yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:146 +msgid "Example: Vienna" +msgstr "Lấy thí dụ: Quy NhÆ¡n" + +#.Type: string +#.Description +#:../openswan.templates.master:155 +msgid "Please enter the organization name for the X509 certificate request." +msgstr "Hãy nhập tên tổ chức cho lá»i yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:155 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "Hãy nhập tổ chức (v.d. công ty) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lá»i yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:155 +msgid "Example: Debian" +msgstr "Lấy thí dụ: Debian" + +#.Type: string +#.Description +#:../openswan.templates.master:165 +msgid "Please enter the organizational unit for the X509 certificate request." +msgstr "Hãy nhập tên Ä‘Æ¡n vị tổ chức cho lá»i yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:165 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "Hãy nhập Ä‘Æ¡n vị tổ chức (v.d. phần) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lá»i yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:165 +msgid "Example: security group" +msgstr "Lấy thí dụ: nhóm Việt hóa" + +#.Type: string +#.Description +#:../openswan.templates.master:175 +msgid "Please enter the common name for the X509 certificate request." +msgstr "Hãy nhập tên chung cho lá»i yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:175 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "Hãy nhập tên chung (v.d. tên máy) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lá»i yêu cầu chứng nhận." + +#.Type: string +#.Description +#:../openswan.templates.master:175 +msgid "Example: gateway.debian.org" +msgstr "Lấy thí cụ: gateway.debian.org" + +#.Type: string +#.Description +#:../openswan.templates.master:185 +msgid "Please enter the email address for the X509 certificate request." +msgstr "Hãy nhập địa chỉ thÆ° Ä‘iện tá»­ chung cho lá»i yêu cầu chứng nhận X509." + +#.Type: string +#.Description +#:../openswan.templates.master:185 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "Hãy nhập địa chỉ thÆ° Ä‘iện tá»­ của ngÆ°á»i hay tổ chức chịu trách nhiệm vá» chứng nhận X509 này. Sẽ chèn địa chỉ này vào lá»i yêu cầu chứng nhận." + +#.Type: boolean +#.Description +#:../openswan.templates.master:193 +msgid "Do you wish to enable opportunistic encryption in Openswan?" +msgstr "Bạn có muốn hiệu lá»±c mật mã loại cÆ¡ há»™i chủ nghÄ©a trong trình Openswan không?" + +#.Type: boolean +#.Description +#:../openswan.templates.master:193 +msgid "" +"Openswan comes with support for opportunistic encryption (OE), which stores " +"IPSec authentication information (i.e. RSA public keys) in (preferrably " +"secure) DNS records. Until this is widely deployed, activating it will cause " +"a significant slow-down for every new, outgoing connection. Since version " +"2.0, Openswan upstream comes with OE enabled by default and is thus likely " +"to break your existing connection to the Internet (i.e. your default route) " +"as soon as pluto (the Openswan keying daemon) is started." +msgstr "Trình Openswan há»— trợ có sẵn mật mã cÆ¡ há»™i chủ nghÄ©a (OE: opportunistic encryption) mà cất giữ thông tin xác thá»±c IPSec (tức là khóa công RSA) trong mục ghi DNS (thích hÆ¡n loại bảo mật). Cho đến khi tính năng này thÆ°á»ng dụng, hoạt hóa nó sẽ giảm má»™t cách quan trá»ng má»—i sá»± kết nối ra má»›i. Từ phiên bản 2.0, trình Openswan gốc đã hiệu lá»±c OE theo mặc định, thì sẽ rất có thể ngắt sá»± kết nối hiện thá»i đến Mạng của bạn (tức là Ä‘Æ°á»ng mặc định) má»™t khi khởi chạy pluto (trình ná»n quản lý khóa Openswan)." + +#.Type: boolean +#.Description +#:../openswan.templates.master:193 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "Hãy chá»n có nên muốn hiệu lá»±c há»— trợ OE hay không. Nếu chÆ°a chắc thì đừng bật nó." diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..b57711f7a --- /dev/null +++ b/debian/rules @@ -0,0 +1,306 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=4 + +export DH_OPTIONS + +ifeq (,$(wildcard /usr/bin/po2debconf)) + PO2DEBCONF := no + MINDEBCONFVER := 0.5 +else + PO2DEBCONF := yes + MINDEBCONFVER := 1.2.0 +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + +patch: + dh_testdir + dpatch apply-all + +unpatch: + dpatch deapply-all + #rm -f patch-stamp + +build: build-stamp +build-stamp: patch + # create a dummy ipsec.secrets file before building the package so + # that no RSA keys are created during the build process + # (a package should not include a RSA key, it should produce the key + # on demand, e.g. in the postinst script) + touch $(CURDIR)/debian/ipsec.secrets + $(MAKE) programs INC_USRLOCAL=/usr \ + FINALBINDIR=/usr/lib/ipsec \ + FINALLIBEXECDIR=/usr/lib/ipsec \ + PUBDIR=/usr/sbin \ + MANTREE=/usr/share/man \ + CONFDIR=$(CURDIR)/debian \ + USE_LDAP=true USE_LIBCURL=true HAVE_THREADS=true \ + USE_XAUTH=true USE_XAUTHPAM=true + # remove the temporary file, it will be created during install + rm -f $(CURDIR)/debian/ipsec.secrets + + # here we re-generate the upstream HTML documentation + $(MAKE) -C doc/ index.html + + # also generate the fswcert tool + $(MAKE) -C programs/fswcert/ + # ugly hack.... + $(MAKE) -C programs/fswcert/ programs WERROR='-lcrypto' + + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + -$(MAKE) clean + -$(MAKE) -C programs/fswcert/ clean + # after a make clean, no binaries _should_ be left, but .... + -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm + -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm + + rm -rf debian/openswan-modules-source-build/ + + # Really clean (#356716) + # This is a hack: should be better implemented + rm -f lib/libopenswan/libopenswan.a || true + rm -f lib/libopenswan/liboswlog.a || true + + # just in case something went wrong + rm -f $(CURDIR)/debian/ipsec.secrets + + dh_clean + +ifeq ($(PO2DEBCONF),yes) + # Hack for woody compatibility. This makes sure that the + # debian/templates file shipped in the source package doesn't + # specify encodings, which woody's debconf can't handle. If building + # on a system with po-debconf installed (conveniently debhelper (>= + # 4.1.16) depends on it), the binary-arch target will generate a + # better version for sarge. + echo 1 > debian/po/output + po2debconf debian/openswan.templates.master > debian/openswan.templates + rm -f debian/po/output +endif + +install-openswan: DH_OPTIONS=-a +install-openswan: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tmp. + $(MAKE) install INC_USRLOCAL=/usr \ + FINALBINDIR=/usr/lib/ipsec \ + FINALLIBEXECDIR=/usr/lib/ipsec \ + PUBDIR=$(CURDIR)/debian/openswan/usr/sbin \ + MANTREE=$(CURDIR)/debian/openswan/usr/share/man \ + DESTDIR=$(CURDIR)/debian/openswan + rm -rf $(CURDIR)/debian/openswan/usr/local + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/openswan/etc/ipsec.secrets + + # use bash for init.d and _plutorun + patch $(CURDIR)/debian/openswan/etc/init.d/ipsec < debian/use-bash.diff + patch $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun < debian/use-bash.diff + + # install the fswcert tool + install $(CURDIR)/programs/fswcert/fswcert $(CURDIR)/debian/openswan/usr/bin + install $(CURDIR)/programs/fswcert/fswcert.8 $(CURDIR)/debian/openswan/usr/share/man/man8 + + rm -f $(CURDIR)/debian/openswan/etc/init.d/ipsec?* + rm -f $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun?* + + # this is handled by update-rc.d + rm -rf $(CURDIR)/debian/openswan/etc/rc?.d + + dh_installdocs -popenswan -n + # change the paths in the installed doc files (but only in regular + # files, not in links to the outside of the build tree !) + ( cd $(CURDIR)/debian/openswan/; \ + for f in `grep "/usr/local/" --recursive --files-with-match *`; \ + do \ + if [ -f $$f -a ! -L $$f ]; then \ + cp $$f $$f.old; \ + sed 's/\/usr\/local\//\/usr\//' $$f.old > $$f; \ + rm $$f.old; \ + fi; \ + done ) + # but remove the doc/src dir, which just duplicates the HTML files + rm -rf $(CURDIR)/debian/openswan/usr/share/doc/openswan/doc/src + # and the index file in the main doc directory - it's replicated under + # doc/ + rm -f $(CURDIR)/debian/openswan/usr/share/doc/openswan/index.html + + # the logcheck ignore files + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.paranoid/openswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.server/openswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.workstation/openswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/openswan/etc/logcheck/violations.ignore.d/openswan + + # set permissions on ipsec.secrets + chmod 600 $(CURDIR)/debian/openswan/etc/ipsec.secrets + chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.conf + chmod 700 -R $(CURDIR)/debian/openswan/etc/ipsec.d/private/ + # don't know why they come with +x set by default... + chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/policies/* + chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/examples/* + + # more lintian cleanups + find $(CURDIR)/debian/openswan -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/openswan -name "/.svn/" | xargs --no-run-if-empty rm -rf + +install-openswan-modules-source: DH_OPTIONS=-i +install-openswan-modules-source: PKGDIR=$(CURDIR)/debian/openswan-modules-source +install-openswan-modules-source: BUILDDIR=$(CURDIR)/debian/openswan-modules-source-build +install-openswan-modules-source: patch + dh_testdir + dh_testroot + dh_installdirs + mkdir -p "$(BUILDDIR)/modules/openswan" + mkdir -p "$(BUILDDIR)/modules/openswan/lib" + mkdir -p "$(BUILDDIR)/modules/openswan/debian" + mkdir -p "$(BUILDDIR)/modules/openswan/packaging" + cp -r Makefile Makefile.top Makefile.inc Makefile.ver linux/ \ + "$(BUILDDIR)/modules/openswan" + cp -r lib/libcrypto "$(BUILDDIR)/modules/openswan/lib/" + cp -r packaging/makefiles packaging/linus packaging/defaults/ \ + "$(BUILDDIR)/modules/openswan/packaging/" + find "$(BUILDDIR)/modules/openswan/lib/" -name "*.o" | xargs --no-run-if-empty rm + install --mode=644 debian/openswan-modules-source.kernel-config "$(BUILDDIR)/modules/openswan/config-all.h" + install --mode=755 debian/openswan-modules-source.rules "$(BUILDDIR)/modules/openswan/debian/rules" + install --mode=644 debian/openswan-modules-source.control.in "$(BUILDDIR)/modules/openswan/debian/control.in" + install --mode=644 debian/changelog "$(BUILDDIR)/modules/openswan/debian/" + + # This creates the NAT-T patches that can be used on the kernel tree + # even with openswan-modules-source. + make nattpatch2.4 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.4.diff + make nattpatch2.6 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.6.diff + + tar -C $(BUILDDIR) -c modules/ | bzip2 -9 > \ + "$(PKGDIR)/usr/src/openswan-modules.tar.bz2" + + dh_installdocs -popenswan-modules-source -n + + # more lintian cleanups + find $(CURDIR)/debian/openswan-modules-source -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf + +install-linux-patch-openswan: DH_OPTIONS=-i +install-linux-patch-openswan: PKGDIR=$(CURDIR)/debian/linux-patch-openswan +install-linux-patch-openswan: patch + dh_testdir + dh_testroot + dh_installdirs + # some of this has been taken from Tommi Virtanen's package + install --mode=0755 debian/linux-patch-openswan.apply \ + "$(PKGDIR)/usr/src/kernel-patches/all/apply/openswan" + install --mode=0755 debian/linux-patch-openswan.unpatch \ + "$(PKGDIR)/usr/src/kernel-patches/all/unpatch/openswan" + install --mode=0755 packaging/utils/patcher \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + cp -r Makefile Makefile.inc Makefile.ver Makefile.top lib/ linux/ \ + packaging/ nat-t/ \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + # also don't generate the out.kpatch file under /usr/src/.... + sed 's/>>out.kpatch//' \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + sed 's/>out.kpatch//' \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + sed 's/rm -f out.kpatch//' \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \ + > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" + mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \ + "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" + chmod u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + # remove extra junk not needed on linux / that lintian would complain about + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \ + -name '*.o' -print0 | xargs --no-run-if-empty -0 rm -f + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \ + -name '*.a' -print0 | xargs --no-run-if-empty -0 rm -f + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libopenswan/" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libdes/" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/liblwres/" + rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/COPYING.LIB" + rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/README" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/linus" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/ipkg" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/makefiles" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/redhat" + rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/suse" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/disttools.pl" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/kernel.patch.gen.sh" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/sshenv" + rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/setup" + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ + perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 \ + perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g' + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \ + -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x + find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/alg/scripts/" \ + -name '*.sh' -print0 | xargs --no-run-if-empty -0 chmod a+x + chmod -R u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan" + + dh_installdocs -plinux-patch-openswan -n + + # more lintian cleanups + find $(PKGDIR) -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf + +binary-common: + #dh_testversion 2 + dh_testdir + dh_testroot + dh_installdebconf + dh_installchangelogs CHANGES + dh_link + dh_strip + dh_compress + dh_fixperms -X etc/ipsec.conf -X etc/ipsec.secrets -X etc/ipsec.d + +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-independent files here. +binary-indep: install-openswan-modules-source install-linux-patch-openswan + $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common + +# Build architecture-dependent files here. +binary-arch: install-openswan + $(MAKE) -f debian/rules DH_OPTIONS=-a binary-common + +# Any other binary targets build just one binary package at a time. +#binary-%: build install +# make -f debian/rules binary-common DH_OPTIONS=-p$* + +binary: binary-indep binary-arch +.PHONY: clean binary-indep binary-arch diff --git a/debian/use-bash.diff b/debian/use-bash.diff new file mode 100644 index 000000000..ccee7f27e --- /dev/null +++ b/debian/use-bash.diff @@ -0,0 +1,4 @@ +1c1 +< #!/bin/sh +--- +> #!/bin/bash diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..e40202f1e --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.openswan.org/download/openswan-([\d.]+)\.tar\.gz -- cgit v1.2.3