Subversion Repositories svn LFS-FR

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
7156 jlepiller 1
# SOME DESCRIPTIVE TITLE
2
# Copyright (C) YEAR Free Software Foundation, Inc.
3
# This file is distributed under the same license as the PACKAGE package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5
#
6
msgid ""
7
msgstr ""
8
"Project-Id-Version: PACKAGE VERSION\n"
9
"POT-Creation-Date: 2016-09-23 12:00+0200\n"
10
"PO-Revision-Date: 2016-08-17 09:23+0000\n"
11
"Last-Translator: roptat <roptat@lepiller.eu>\n"
12
"Language-Team: LANGUAGE <LL@li.org>\n"
13
"Language: fr\n"
14
"MIME-Version: 1.0\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
18
"X-Generator: Pootle 2.7\n"
19
"X-POOTLE-MTIME: 1471425828.000000\n"
20
 
21
#. type: Content of the certhost entity
22
#: blfs-en/postlfs/security/cacerts.xml:7
23
msgid "http://mxr.mozilla.org"
24
msgstr "http://mxr.mozilla.org"
25
 
26
#. type: Content of the certdir entity
27
#: blfs-en/postlfs/security/cacerts.xml:8
28
msgid "/mozilla/source/security/nss/lib/ckfw/builtins"
29
msgstr "/mozilla/source/security/nss/lib/ckfw/builtins"
30
 
31
#. type: Content of the ca-bundle-download entity
32
#: blfs-en/postlfs/security/cacerts.xml:9
33
msgid "&sources-anduin-http;/other/certdata.txt"
34
msgstr "&sources-anduin-http;/other/certdata.txt"
35
 
36
#. type: Content of the ca-bundle-size entity
37
#: blfs-en/postlfs/security/cacerts.xml:10
38
msgid "1.6 MB"
39
msgstr "1.6 Mio"
40
 
41
#. type: Content of the cacerts-buildsize entity
42
#: blfs-en/postlfs/security/cacerts.xml:11
43
msgid "6 MB"
44
msgstr "6 Mio"
45
 
46
#. type: Content of the cacerts-time entity
47
#: blfs-en/postlfs/security/cacerts.xml:12
48
msgid "0.1 SBU"
49
msgstr "0.1 SBU"
50
 
51
#. type: Content of: <sect1><sect1info>
52
#: blfs-en/postlfs/security/cacerts.xml:19
53
#, fuzzy
54
#| msgid ""
55
#| "<othername>$LastChangedBy: bdubbs $</othername> <date>$Date: 2016-02-23 "
56
#| "19:28:27 +0100 (Tue, 23 Feb 2016) $</date>"
57
msgid ""
58
"<othername>$LastChangedBy: bdubbs $</othername> <date>$Date: 2016-02-23 "
59
"19:28:27 +0100 (Tue 23 Feb 2016) $</date>"
60
msgstr ""
61
"<othername>$LastChangedBy: bdubbs $</othername> <date>$Date: 2016-02-23 "
62
"19:28:27 +0100 (mar. 23 févr. 2016) $</date>"
63
 
64
#. type: Content of: <sect1><indexterm><primary>
65
#: blfs-en/postlfs/security/cacerts.xml:23
66
#: blfs-en/postlfs/security/cacerts.xml:36
67
msgid "Certificate Authority Certificates"
68
msgstr "Certificate Authority Certificates"
69
 
70
#. type: Content of: <sect1><para>
71
#: blfs-en/postlfs/security/cacerts.xml:25
72
msgid ""
73
"The Public Key Infrastructure is used for many security issues in a Linux "
74
"system.  In order for a certificate to be trusted, it must be signed by a "
75
"trusted agent called a Certificate Authority (CA).  The certificates loaded "
76
"by this section are from the list on the Mozilla version control system and "
77
"formats it into a form used by <xref linkend='openssl'/>.  The certificates "
78
"can also be used by other applications either directly of indirectly through "
79
"<application>openssl</application>."
80
msgstr ""
81
"La <foreignphrase>Public Key Infrastructure</foreignphrase> (infrastructure "
82
"de clés publiques) est utilisée dans de nombreux cas de sécurité sur un "
83
"système Linux. Pour qu'un certificat soit fiable, il doit être signé par un "
84
"agent de confiance, qu'on appelle l'autorité de certificat "
85
"(<foreignphrase>Certificate Authority</foreignphrase>) (CA).  Les "
86
"certificats chargés dans cette section sont issus de la liste du système de "
87
"contrôle de Mozilla et elle est formatée dans une forme utilisée par <xref "
88
"linkend=\"openssl\"/>.  Les certificats peuvent également être utilisés par "
89
"d'autres applications, directement ou indirectement via "
90
"<application>openssl</application>."
91
 
92
#. type: Content of: <sect1><sect2><title>
93
#: blfs-en/postlfs/security/cacerts.xml:40
94
msgid "Introduction to Certificate Authorities"
95
msgstr "Introduction à Certificate Authorities"
96
 
97
#. type: Content of: <sect1><sect2><bridgehead>
98
#: blfs-en/postlfs/security/cacerts.xml:42
99
msgid "Package Information"
100
msgstr "Informations sur le paquet"
101
 
102
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
103
#: blfs-en/postlfs/security/cacerts.xml:45
104
msgid "CA Certificate Download: <ulink url=\"&ca-bundle-download;\"/>"
105
msgstr ""
106
"Téléchargement du Certificat CA&nbsp;: <ulink url=\"&ca-bundle-download;\"/>"
107
 
108
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
109
#: blfs-en/postlfs/security/cacerts.xml:48
110
msgid "CA Certificate size: &ca-bundle-size;"
111
msgstr "Taille des certificats CA&nbsp;: &ca-bundle-size;"
112
 
113
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
114
#: blfs-en/postlfs/security/cacerts.xml:51
115
msgid "Estimated disk space required: &cacerts-buildsize;"
116
msgstr "Estimation de l'espace disque requis&nbsp;: &cacerts-buildsize;"
117
 
118
#. type: Content of: <sect1><sect2><itemizedlist><listitem><para>
119
#: blfs-en/postlfs/security/cacerts.xml:54
120
msgid "Estimated build time: &cacerts-time;"
121
msgstr "Estimation du temps de construction&nbsp;: &cacerts-time;"
122
 
123
#. type: Content of: <sect1><sect2><note><para>
124
#: blfs-en/postlfs/security/cacerts.xml:58
125
msgid ""
126
"The certfile.txt file above is actually retrieved from <ulink url=\"https://"
127
"hg.mozilla.org/releases/mozilla-release/file/default/security/nss/lib/ckfw/"
128
"builtins/certdata.txt\"/>.  It is really an HTML file, but the text file can "
129
"be retrieved indirectly from the HTML file.  The Download URL above "
130
"automates that process and also adds a line where the date can be extracted "
131
"as a revision number by the scripts below."
132
msgstr ""
133
"Le fichier certfile.txt dessous est en fait récupéré depuis <ulink url="
134
"\"https://hg.mozilla.org/releases/mozilla-release/file/default/security/nss/"
135
"lib/ckfw/builtins/certdata.txt\"/>.  C'est en fait un fichier HTML, mais le "
136
"fichier texte peut être pris indirectement depuis le fichier HTML. L'URL "
137
"dessous automatise ce processus et ajoute aussi une ligne où la date peut "
138
"être extraite en tant que numéro de révision par le script."
139
 
140
#. type: Content of: <sect1><sect2><bridgehead>
141
#: blfs-en/postlfs/security/cacerts.xml:65
142
msgid "Certificate Authority Certificates Dependencies"
143
msgstr "Dépendances de Certificate Authority Certificates"
144
 
145
#. type: Content of: <sect1><sect2><bridgehead>
146
#: blfs-en/postlfs/security/cacerts.xml:67
147
msgid "Required"
148
msgstr "Requises"
149
 
150
#. type: Content of: <sect1><sect2><para>
151
#: blfs-en/postlfs/security/cacerts.xml:68
152
msgid "<xref linkend=\"openssl\"/>"
153
msgstr "<xref linkend=\"openssl\"/>"
154
 
155
#. type: Content of: <sect1><sect2><bridgehead>
156
#: blfs-en/postlfs/security/cacerts.xml:70
157
msgid "Recommended"
158
msgstr "Recommandées"
159
 
160
#. type: Content of: <sect1><sect2><para>
161
#: blfs-en/postlfs/security/cacerts.xml:71
162
msgid "<xref linkend=\"wget\"/>"
163
msgstr "<xref linkend=\"wget\"/>"
164
 
165
#. type: Content of: <sect1><sect2><para>
166
#: blfs-en/postlfs/security/cacerts.xml:73
167
msgid "User Notes: <ulink url='&blfs-wiki;/cacerts'/>"
168
msgstr "Notes utilisateur&nbsp;: <ulink url='&blfs-wiki;/cacerts'/>"
169
 
170
#. type: Content of: <sect1><sect2><title>
171
#: blfs-en/postlfs/security/cacerts.xml:78
172
msgid "Installation of Certificate Authority Certificates"
173
msgstr "Installation de Certificate Authority Certificates"
174
 
175
#. type: Content of: <sect1><sect2><para>
176
#: blfs-en/postlfs/security/cacerts.xml:80
177
msgid ""
178
"First create a script to reformat a certificate into a form needed by "
179
"<application>openssl</application>.  As the <systemitem class=\"username"
180
"\">root</systemitem> user:"
181
msgstr ""
182
"Créez d'abord un script pour reformater un certificat dans la forme dont a "
183
"besoin <application>openssl</application>. En tant qu'utilisateur "
184
"<systemitem class=\"username\">root</systemitem>&nbsp;:"
185
 
186
#. type: Content of: <sect1><sect2><screen>
187
#: blfs-en/postlfs/security/cacerts.xml:84
188
#, no-wrap
189
msgid ""
190
"<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
191
"<literal>#!/usr/bin/perl -w\n"
192
"\n"
193
"# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
194
"# Run as ./make-cert.pl > certificate.crt\n"
195
"#\n"
196
"# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
197
"#\n"
198
"# This script modified for use with single file data (tempfile.cer) extracted\n"
199
"# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
200
"# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
201
"#\n"
202
"# Authors: DJ Lucas\n"
203
"#          Bruce Dubbs\n"
204
"#\n"
205
"# Version 20120211\n"
206
"\n"
207
"my $certdata = './tempfile.cer';\n"
208
"\n"
209
"open( IN, \"cat $certdata|\" )\n"
210
"    || die \"could not open $certdata\";\n"
211
"\n"
212
"my $incert = 0;\n"
213
"\n"
214
"while ( &lt;IN&gt; )\n"
215
"{\n"
216
"    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
217
"    {\n"
218
"        $incert = 1;\n"
219
"        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
220
"            || die \"could not pipe to openssl x509\";\n"
221
"    }\n"
222
"\n"
223
"    elsif ( /^END/ &amp;&amp; $incert )\n"
224
"    {\n"
225
"        close( OUT );\n"
226
"        $incert = 0;\n"
227
"        print \"\\n\\n\";\n"
228
"    }\n"
229
"\n"
230
"    elsif ($incert)\n"
231
"    {\n"
232
"        my @bs = split( /\\\\/ );\n"
233
"        foreach my $b (@bs)\n"
234
"        {\n"
235
"            chomp $b;\n"
236
"            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
237
"        }\n"
238
"    }\n"
239
"}</literal>\n"
240
"EOF\n"
241
"\n"
242
"chmod +x /usr/bin/make-cert.pl</userinput>"
243
msgstr ""
244
"<userinput>cat > /usr/bin/make-cert.pl &lt;&lt; \"EOF\"\n"
245
"<literal>#!/usr/bin/perl -w\n"
246
"\n"
247
"# Used to generate PEM encoded files from Mozilla certdata.txt.\n"
248
"# Run as ./make-cert.pl > certificate.crt\n"
249
"#\n"
250
"# Parts of this script courtesy of RedHat (mkcabundle.pl)\n"
251
"#\n"
252
"# This script modified for use with single file data (tempfile.cer) extracted\n"
253
"# from certdata.txt, taken from the latest version in the Mozilla NSS source.\n"
254
"# mozilla/security/nss/lib/ckfw/builtins/certdata.txt\n"
255
"#\n"
256
"# Authors: DJ Lucas\n"
257
"#          Bruce Dubbs\n"
258
"#\n"
259
"# Version 20120211\n"
260
"\n"
261
"my $certdata = './tempfile.cer';\n"
262
"\n"
263
"open( IN, \"cat $certdata|\" )\n"
264
"    || die \"could not open $certdata\";\n"
265
"\n"
266
"my $incert = 0;\n"
267
"\n"
268
"while ( &lt;IN&gt; )\n"
269
"{\n"
270
"    if ( /^CKA_VALUE MULTILINE_OCTAL/ )\n"
271
"    {\n"
272
"        $incert = 1;\n"
273
"        open( OUT, \"|openssl x509 -text -inform DER -fingerprint\" )\n"
274
"            || die \"could not pipe to openssl x509\";\n"
275
"    }\n"
276
"\n"
277
"    elsif ( /^END/ &amp;&amp; $incert )\n"
278
"    {\n"
279
"        close( OUT );\n"
280
"        $incert = 0;\n"
281
"        print \"\\n\\n\";\n"
282
"    }\n"
283
"\n"
284
"    elsif ($incert)\n"
285
"    {\n"
286
"        my @bs = split( /\\\\/ );\n"
287
"        foreach my $b (@bs)\n"
288
"        {\n"
289
"            chomp $b;\n"
290
"            printf( OUT \"%c\", oct($b) ) unless $b eq '';\n"
291
"        }\n"
292
"    }\n"
293
"}</literal>\n"
294
"EOF\n"
295
"\n"
296
"chmod +x /usr/bin/make-cert.pl</userinput>"
297
 
298
#. type: Content of: <sect1><sect2><para>
299
#: blfs-en/postlfs/security/cacerts.xml:138
300
msgid ""
301
"The following script creates the certificates and a bundle of all the "
302
"certificates.  It creates a <filename class='directory'>./certs</filename> "
303
"directory and <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Again "
304
"create this script as the <systemitem class=\"username\">root</systemitem> "
305
"user:"
306
msgstr ""
307
"Le script suivant crée les certificats et un bouquet de tous les "
308
"certificats. Il crée un répertoire <filename class='directory'>./certs</"
309
"filename> et <filename>./BLFS-ca-bundle-${VERSION}.crt</filename>.  Créez de "
310
"nouveau ce script en tant qu'utilisateur <systemitem class=\"username"
311
"\">root</systemitem>&nbsp;:"
312
 
313
#. type: Content of: <sect1><sect2><screen>
314
#: blfs-en/postlfs/security/cacerts.xml:144
315
#, no-wrap
316
msgid ""
317
"<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
318
"<literal>#!/bin/sh\n"
319
"# Begin make-ca.sh\n"
320
"# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
321
"#\n"
322
"# The file certdata.txt must exist in the local directory\n"
323
"# Version number is obtained from the version of the data.\n"
324
"#\n"
325
"# Authors: DJ Lucas\n"
326
"#          Bruce Dubbs\n"
327
"#\n"
328
"# Version 20120211\n"
329
"\n"
330
"# Some data in the certs have UTF-8 characters\n"
331
"export LANG=en_US.utf8\n"
332
"\n"
333
"certdata=\"certdata.txt\"\n"
334
"\n"
335
"if [ ! -r $certdata ]; then\n"
336
"  echo \"$certdata must be in the local directory\"\n"
337
"  exit 1\n"
338
"fi\n"
339
"\n"
340
"REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
341
"\n"
342
"if [ -z \"${REVISION}\" ]; then\n"
343
"  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
344
"  exit 1\n"
345
"fi\n"
346
"\n"
347
"VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
348
"\n"
349
"TEMPDIR=$(mktemp -d)\n"
350
"TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
351
"BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
352
"CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
353
"SSLDIR=\"/etc/ssl\"\n"
354
"\n"
355
"mkdir \"${TEMPDIR}/certs\"\n"
356
"\n"
357
"# Get a list of starting lines for each cert\n"
358
"CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
359
"\n"
360
"# Get a list of ending lines for each cert\n"
361
"CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
362
"\n"
363
"# Start a loop\n"
364
"for certbegin in ${CERTBEGINLIST}; do\n"
365
"  for certend in ${CERTENDLIST}; do\n"
366
"    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
367
"      break\n"
368
"    fi\n"
369
"  done\n"
370
"\n"
371
"  # Dump to a temp file with the name of the file as the beginning line number\n"
372
"  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
373
"done\n"
374
"\n"
375
"unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
376
"\n"
377
"mkdir -p certs\n"
378
"rm -f certs/*      # Make sure the directory is clean\n"
379
"\n"
380
"for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
381
"  # Make sure that the cert is trusted...\n"
382
"  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
383
"    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
384
"\n"
385
"  if test \"${?}\" = \"0\"; then\n"
386
"    # Throw a meaningful error and remove the file\n"
387
"    cp \"${tempfile}\" tempfile.cer\n"
388
"    perl ${CONVERTSCRIPT} > tempfile.crt\n"
389
"    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
390
"    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
391
"    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
392
"    continue\n"
393
"  fi\n"
394
"\n"
395
"  # If execution made it to here in the loop, the temp cert is trusted\n"
396
"  # Find the cert data and generate a cert file for it\n"
397
"\n"
398
"  cp \"${tempfile}\" tempfile.cer\n"
399
"  perl ${CONVERTSCRIPT} > tempfile.crt\n"
400
"  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
401
"  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
402
"  rm -f tempfile.cer \"${tempfile}\"\n"
403
"  echo \"Created ${keyhash}.pem\"\n"
404
"done\n"
405
"\n"
406
"# Remove blacklisted files\n"
407
"# MD5 Collision Proof of Concept CA\n"
408
"if test -f certs/8f111d69.pem; then\n"
409
"  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
410
"  rm -f certs/8f111d69.pem\n"
411
"fi\n"
412
"\n"
413
"# Finally, generate the bundle and clean up.\n"
414
"cat certs/*.pem >  ${BUNDLE}\n"
415
"rm -r \"${TEMPDIR}\"</literal>\n"
416
"EOF\n"
417
"\n"
418
"chmod +x /usr/bin/make-ca.sh</userinput>"
419
msgstr ""
420
"<userinput>cat > /usr/bin/make-ca.sh &lt;&lt; \"EOF\"\n"
421
"<literal>#!/bin/sh\n"
422
"# Begin make-ca.sh\n"
423
"# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs\n"
424
"#\n"
425
"# The file certdata.txt must exist in the local directory\n"
426
"# Version number is obtained from the version of the data.\n"
427
"#\n"
428
"# Authors: DJ Lucas\n"
429
"#          Bruce Dubbs\n"
430
"#\n"
431
"# Version 20120211\n"
432
"\n"
433
"# Some data in the certs have UTF-8 characters\n"
434
"export LANG=en_US.utf8\n"
435
"\n"
436
"certdata=\"certdata.txt\"\n"
437
"\n"
438
"if [ ! -r $certdata ]; then\n"
439
"  echo \"$certdata must be in the local directory\"\n"
440
"  exit 1\n"
441
"fi\n"
442
"\n"
443
"REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')\n"
444
"\n"
445
"if [ -z \"${REVISION}\" ]; then\n"
446
"  echo \"$certfile has no 'Revision' in CVS_ID\"\n"
447
"  exit 1\n"
448
"fi\n"
449
"\n"
450
"VERSION=$(echo $REVISION | cut -f2 -d\" \")\n"
451
"\n"
452
"TEMPDIR=$(mktemp -d)\n"
453
"TRUSTATTRIBUTES=\"CKA_TRUST_SERVER_AUTH\"\n"
454
"BUNDLE=\"BLFS-ca-bundle-${VERSION}.crt\"\n"
455
"CONVERTSCRIPT=\"/usr/bin/make-cert.pl\"\n"
456
"SSLDIR=\"/etc/ssl\"\n"
457
"\n"
458
"mkdir \"${TEMPDIR}/certs\"\n"
459
"\n"
460
"# Get a list of starting lines for each cert\n"
461
"CERTBEGINLIST=$(grep -n \"^# Certificate\" \"${certdata}\" | cut -d \":\" -f1)\n"
462
"\n"
463
"# Get a list of ending lines for each cert\n"
464
"CERTENDLIST=`grep -n \"^CKA_TRUST_STEP_UP_APPROVED\" \"${certdata}\" | cut -d \":\" -f 1`\n"
465
"\n"
466
"# Start a loop\n"
467
"for certbegin in ${CERTBEGINLIST}; do\n"
468
"  for certend in ${CERTENDLIST}; do\n"
469
"    if test \"${certend}\" -gt \"${certbegin}\"; then\n"
470
"      break\n"
471
"    fi\n"
472
"  done\n"
473
"\n"
474
"  # Dump to a temp file with the name of the file as the beginning line number\n"
475
"  sed -n \"${certbegin},${certend}p\" \"${certdata}\" > \"${TEMPDIR}/certs/${certbegin}.tmp\"\n"
476
"done\n"
477
"\n"
478
"unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend\n"
479
"\n"
480
"mkdir -p certs\n"
481
"rm -f certs/*      # Make sure the directory is clean\n"
482
"\n"
483
"for tempfile in ${TEMPDIR}/certs/*.tmp; do\n"
484
"  # Make sure that the cert is trusted...\n"
485
"  grep \"CKA_TRUST_SERVER_AUTH\" \"${tempfile}\" | \\\n"
486
"    egrep \"TRUST_UNKNOWN|NOT_TRUSTED\" > /dev/null\n"
487
"\n"
488
"  if test \"${?}\" = \"0\"; then\n"
489
"    # Throw a meaningful error and remove the file\n"
490
"    cp \"${tempfile}\" tempfile.cer\n"
491
"    perl ${CONVERTSCRIPT} > tempfile.crt\n"
492
"    keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
493
"    echo \"Certificate ${keyhash} is not trusted!  Removing...\"\n"
494
"    rm -f tempfile.cer tempfile.crt \"${tempfile}\"\n"
495
"    continue\n"
496
"  fi\n"
497
"\n"
498
"  # If execution made it to here in the loop, the temp cert is trusted\n"
499
"  # Find the cert data and generate a cert file for it\n"
500
"\n"
501
"  cp \"${tempfile}\" tempfile.cer\n"
502
"  perl ${CONVERTSCRIPT} > tempfile.crt\n"
503
"  keyhash=$(openssl x509 -noout -in tempfile.crt -hash)\n"
504
"  mv tempfile.crt \"certs/${keyhash}.pem\"\n"
505
"  rm -f tempfile.cer \"${tempfile}\"\n"
506
"  echo \"Created ${keyhash}.pem\"\n"
507
"done\n"
508
"\n"
509
"# Remove blacklisted files\n"
510
"# MD5 Collision Proof of Concept CA\n"
511
"if test -f certs/8f111d69.pem; then\n"
512
"  echo \"Certificate 8f111d69 is not trusted!  Removing...\"\n"
513
"  rm -f certs/8f111d69.pem\n"
514
"fi\n"
515
"\n"
516
"# Finally, generate the bundle and clean up.\n"
517
"cat certs/*.pem >  ${BUNDLE}\n"
518
"rm -r \"${TEMPDIR}\"</literal>\n"
519
"EOF\n"
520
"\n"
521
"chmod +x /usr/bin/make-ca.sh</userinput>"
522
 
523
#. type: Content of: <sect1><sect2><para>
524
#: blfs-en/postlfs/security/cacerts.xml:247
525
msgid ""
526
"Add a short script to remove expired certificates from a directory.  Again "
527
"create this script as the <systemitem class=\"username\">root</systemitem> "
528
"user:"
529
msgstr ""
530
"Ajoutez un script bref pour supprimer les certificats expirés d'un "
531
"répertoire. Créez de nouveau ce script en tant qu'utilisateur <systemitem "
532
"class=\"username\">root</systemitem>&nbsp;:"
533
 
534
#. type: Content of: <sect1><sect2><screen>
535
#: blfs-en/postlfs/security/cacerts.xml:251
536
#, no-wrap
537
msgid ""
538
"<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
539
"<literal>#!/bin/sh\n"
540
"# Begin /usr/sbin/remove-expired-certs.sh\n"
541
"#\n"
542
"# Version 20120211\n"
543
"\n"
544
"# Make sure the date is parsed correctly on all systems\n"
545
"mydate()\n"
546
"{\n"
547
"  local y=$( echo $1 | cut -d\" \" -f4 )\n"
548
"  local M=$( echo $1 | cut -d\" \" -f1 )\n"
549
"  local d=$( echo $1 | cut -d\" \" -f2 )\n"
550
"  local m\n"
551
"\n"
552
"  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
553
"\n"
554
"  case $M in\n"
555
"    Jan) m=\"01\";;\n"
556
"    Feb) m=\"02\";;\n"
557
"    Mar) m=\"03\";;\n"
558
"    Apr) m=\"04\";;\n"
559
"    May) m=\"05\";;\n"
560
"    Jun) m=\"06\";;\n"
561
"    Jul) m=\"07\";;\n"
562
"    Aug) m=\"08\";;\n"
563
"    Sep) m=\"09\";;\n"
564
"    Oct) m=\"10\";;\n"
565
"    Nov) m=\"11\";;\n"
566
"    Dec) m=\"12\";;\n"
567
"  esac\n"
568
"\n"
569
"  certdate=\"${y}${m}${d}\"\n"
570
"}\n"
571
"\n"
572
"OPENSSL=/usr/bin/openssl\n"
573
"DIR=/etc/ssl/certs\n"
574
"\n"
575
"if [ $# -gt 0 ]; then\n"
576
"  DIR=\"$1\"\n"
577
"fi\n"
578
"\n"
579
"certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
580
"today=$( date +%Y%m%d )\n"
581
"\n"
582
"for cert in $certs; do\n"
583
"  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
584
"  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
585
"  mydate \"$date\"\n"
586
"\n"
587
"  if [ ${certdate} -lt ${today} ]; then\n"
588
"     echo \"${cert} expired on ${certdate}! Removing...\"\n"
589
"     rm -f \"${cert}\"\n"
590
"  fi\n"
591
"done</literal>\n"
592
"EOF\n"
593
"\n"
594
"chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
595
msgstr ""
596
"<userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; \"EOF\"\n"
597
"<literal>#!/bin/sh\n"
598
"# Begin /usr/sbin/remove-expired-certs.sh\n"
599
"#\n"
600
"# Version 20120211\n"
601
"\n"
602
"# Make sure the date is parsed correctly on all systems\n"
603
"mydate()\n"
604
"{\n"
605
"  local y=$( echo $1 | cut -d\" \" -f4 )\n"
606
"  local M=$( echo $1 | cut -d\" \" -f1 )\n"
607
"  local d=$( echo $1 | cut -d\" \" -f2 )\n"
608
"  local m\n"
609
"\n"
610
"  if [ ${d} -lt 10 ]; then d=\"0${d}\"; fi\n"
611
"\n"
612
"  case $M in\n"
613
"    Jan) m=\"01\";;\n"
614
"    Feb) m=\"02\";;\n"
615
"    Mar) m=\"03\";;\n"
616
"    Apr) m=\"04\";;\n"
617
"    May) m=\"05\";;\n"
618
"    Jun) m=\"06\";;\n"
619
"    Jul) m=\"07\";;\n"
620
"    Aug) m=\"08\";;\n"
621
"    Sep) m=\"09\";;\n"
622
"    Oct) m=\"10\";;\n"
623
"    Nov) m=\"11\";;\n"
624
"    Dec) m=\"12\";;\n"
625
"  esac\n"
626
"\n"
627
"  certdate=\"${y}${m}${d}\"\n"
628
"}\n"
629
"\n"
630
"OPENSSL=/usr/bin/openssl\n"
631
"DIR=/etc/ssl/certs\n"
632
"\n"
633
"if [ $# -gt 0 ]; then\n"
634
"  DIR=\"$1\"\n"
635
"fi\n"
636
"\n"
637
"certs=$( find ${DIR} -type f -name \"*.pem\" -o -name \"*.crt\" )\n"
638
"today=$( date +%Y%m%d )\n"
639
"\n"
640
"for cert in $certs; do\n"
641
"  notafter=$( $OPENSSL x509 -enddate -in \"${cert}\" -noout )\n"
642
"  date=$( echo ${notafter} |  sed 's/^notAfter=//' )\n"
643
"  mydate \"$date\"\n"
644
"\n"
645
"  if [ ${certdate} -lt ${today} ]; then\n"
646
"     echo \"${cert} expired on ${certdate}! Removing...\"\n"
647
"     rm -f \"${cert}\"\n"
648
"  fi\n"
649
"done</literal>\n"
650
"EOF\n"
651
"\n"
652
"chmod u+x /usr/sbin/remove-expired-certs.sh</userinput>"
653
 
654
#. type: Content of: <sect1><sect2><para>
655
#: blfs-en/postlfs/security/cacerts.xml:309
656
msgid ""
657
"The following commands will fetch the certificates and convert them to the "
658
"correct format.  If desired, a web browser may be used instead of "
659
"<application>wget</application> but the file will need to be saved with the "
660
"name <filename>certdata.txt</filename>.  These commands can be repeated as "
661
"necessary to update the CA Certificates."
662
msgstr ""
663
"Les commandes suivantes récupéreront les certificats et les convertiront "
664
"dans le bon format.  Si vous le désirez, vous pouvez utiliser un navigateur "
665
"Internet plutôt que <application>wget</application> mais le fichier devra "
666
"être enregistré sous le nom <filename>certdata.txt</filename>.  Ces "
667
"commandes peuvent être répétées autant de fois que nécessaire pour mettre à "
668
"jour les Certificats CA."
669
 
670
#. type: Content of: <sect1><sect2><screen>
671
#: blfs-en/postlfs/security/cacerts.xml:315
672
#, no-wrap
673
msgid ""
674
"<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
675
"rm -f certdata.txt &amp;&amp;\n"
676
"wget $URL          &amp;&amp;\n"
677
"make-ca.sh         &amp;&amp;\n"
678
"unset URL</userinput>"
679
msgstr ""
680
"<userinput>URL=&sources-anduin-http;/other/certdata.txt &amp;&amp;\n"
681
"rm -f certdata.txt &amp;&amp;\n"
682
"wget $URL          &amp;&amp;\n"
683
"make-ca.sh         &amp;&amp;\n"
684
"unset URL</userinput>"
685
 
686
#. type: Content of: <sect1><sect2><para>
687
#: blfs-en/postlfs/security/cacerts.xml:321
688
msgid "Now, as the <systemitem class=\"username\">root</systemitem> user:"
689
msgstr ""
690
"Maintenant, en tant qu'utilisateur <systemitem class=\"username\">root</"
691
"systemitem>&nbsp;:"
692
 
693
#. type: Content of: <sect1><sect2><screen>
694
#: blfs-en/postlfs/security/cacerts.xml:323
695
#, no-wrap
696
msgid ""
697
"<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
698
"remove-expired-certs.sh certs                                &amp;&amp;\n"
699
"install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
700
"cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
701
"c_rehash                                                     &amp;&amp;\n"
702
"install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
703
"ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
704
"unset SSLDIR</userinput>"
705
msgstr ""
706
"<userinput>SSLDIR=/etc/ssl                                              &amp;&amp;\n"
707
"remove-expired-certs.sh certs                                &amp;&amp;\n"
708
"install -d ${SSLDIR}/certs                                   &amp;&amp;\n"
709
"cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;\n"
710
"c_rehash                                                     &amp;&amp;\n"
711
"install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt          &amp;&amp;\n"
712
"ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &amp;&amp;\n"
713
"unset SSLDIR</userinput>"
714
 
715
#. type: Content of: <sect1><sect2><para>
716
#: blfs-en/postlfs/security/cacerts.xml:332
717
msgid "Finally, clean up the current directory:"
718
msgstr "Enfin, nettoyez le répertoire courant&nbsp;:"
719
 
720
#. type: Content of: <sect1><sect2><screen>
721
#: blfs-en/postlfs/security/cacerts.xml:334
722
#, no-wrap
723
msgid "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
724
msgstr "<userinput>rm -r certs BLFS-ca-bundle*</userinput>"
725
 
726
#. type: Content of: <sect1><sect2><para>
727
#: blfs-en/postlfs/security/cacerts.xml:336
728
msgid ""
729
"After installing or updating certificates, if OpenJDK is installed, update "
730
"the certificates for Java using the procedures at <xref linkend='ojdk-certs'/"
731
">."
732
msgstr ""
733
"Après l'installation ou la mise à jour des certificats, si OpenJDK est "
734
"installé, mettez à jour les certificats pour Java en utilisant la procédure "
735
"dans <xref linkend=\"ojdk-certs\"/>."
736
 
737
#. type: Content of: <sect1><sect2><title>
738
#: blfs-en/postlfs/security/cacerts.xml:343
739
msgid "Contents"
740
msgstr "Contenu"
741
 
742
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
743
#: blfs-en/postlfs/security/cacerts.xml:346
744
msgid "Installed Programs"
745
msgstr "Programmes installés"
746
 
747
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
748
#: blfs-en/postlfs/security/cacerts.xml:347
749
msgid "Installed Libraries"
750
msgstr "Bibliothèques installées"
751
 
752
#. type: Content of: <sect1><sect2><segmentedlist><segtitle>
753
#: blfs-en/postlfs/security/cacerts.xml:348
754
msgid "Installed Directories"
755
msgstr "Répertoires installés"
756
 
757
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
758
#: blfs-en/postlfs/security/cacerts.xml:351
759
msgid "make-ca.sh, make-cert.pl and remove-expired-certs.sh"
760
msgstr "make-ca.sh, make-cert.pl et remove-expired-certs.sh"
761
 
762
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
763
#: blfs-en/postlfs/security/cacerts.xml:352
764
msgid "None"
765
msgstr "Aucune"
766
 
767
#. type: Content of: <sect1><sect2><segmentedlist><seglistitem><seg>
768
#: blfs-en/postlfs/security/cacerts.xml:353
769
msgid "/etc/ssl/certs"
770
msgstr "/etc/ssl/certs"
771
 
772
#. type: Content of: <sect1><sect2><variablelist><bridgehead>
773
#: blfs-en/postlfs/security/cacerts.xml:358
774
msgid "Short Descriptions"
775
msgstr "Descriptions courtes"
776
 
777
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
778
#: blfs-en/postlfs/security/cacerts.xml:363
779
msgid "<command>make-ca.sh</command>"
780
msgstr "<command>make-ca.sh</command>"
781
 
782
#. type: Content of: <sect1><sect2><variablelist><varlistentry><listitem><para>
783
#: blfs-en/postlfs/security/cacerts.xml:365
784
msgid ""
785
"is a shell script that reformats the <filename>certdata.txt</filename> file "
786
"for use by <application>openssl</application>."
787
msgstr ""
788
"est un script du shell qui reformate le fichier <filename>certdata.txt</"
789
"filename> pour que <application>openssl</application> l'utilise."
790
 
791
#. type: Content of: <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
792
#: blfs-en/postlfs/security/cacerts.xml:369
793
msgid "make-ca"
794
msgstr "make-ca"
795
 
796
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
797
#: blfs-en/postlfs/security/cacerts.xml:375
798
msgid "<command>make-cert.pl</command>"
799
msgstr "<command>make-cert.pl</command>"
800
 
801
#. type: Content of: <sect1><sect2><variablelist><varlistentry><listitem><para>
802
#: blfs-en/postlfs/security/cacerts.xml:377
803
msgid ""
804
"is a utility <application>perl</application> script that converts a single "
805
"binary certificate (.der format) into .pem format."
806
msgstr ""
807
"est un script <application>perl</application> qui convertit un certificat "
808
"binaire unique (format .der) au format .pem."
809
 
810
#. type: Content of: <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
811
#: blfs-en/postlfs/security/cacerts.xml:380
812
msgid "make-cert"
813
msgstr "make-cert"
814
 
815
#. type: Content of: <sect1><sect2><variablelist><varlistentry><term>
816
#: blfs-en/postlfs/security/cacerts.xml:386
817
msgid "<command>remove-expired-certs.sh</command>"
818
msgstr "<command>remove-expired-certs.sh</command>"
819
 
820
#. type: Content of: <sect1><sect2><variablelist><varlistentry><listitem><para>
821
#: blfs-en/postlfs/security/cacerts.xml:388
822
msgid ""
823
"is a utility shell script that removes expired certificates from a "
824
"directory.  The default directory is <filename class='directory'>/etc/ssl/"
825
"certs</filename>."
826
msgstr ""
827
"est un script shell qui supprime les certificats expirés d'un répertoire. Le "
828
"répertoire par défaut est <filename class='directory'>/etc/ssl/certs</"
829
"filename>."
830
 
831
#. type: Content of: <sect1><sect2><variablelist><varlistentry><listitem><indexterm><primary>
832
#: blfs-en/postlfs/security/cacerts.xml:392
833
msgid "remove-expired-certs"
834
msgstr "remove-expired-certs"