localization-docs/fedora-coreos
4
0
Fork 0
Code Issues Projects Releases Packages Wiki Activity

automatic update of pot/po files

Browse source
This commit is contained in:
♪ I'm a bot, bot, bot ♪ 2026-01-17 22:08:30 +00:00
commit ad798f207f
32 changed files with 970 additions and 418 deletions
Download patch file Download diff file Expand all files Collapse all files

266
po/fr/master/pages/selinux.po Normal file
View file

@ -0,0 +1,266 @@
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#. type: Title =
#: ./pages/selinux.adoc:1
#, no-wrap
msgid "SELinux"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:4
msgid "Fedora CoreOS comes with SELinux enabled in enforcing mode."
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:5
#, no-wrap
msgid "Policy changes"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:10
msgid ""
"Changing policy booleans and adding SELinux modules is supported on Fedora "
"CoreOS. However, we do not include `semanage` and there is no sugar in "
"Butane or direct support in Ignition for doing those operations. See "
"https://github.com/coreos/fedora-coreos-tracker/issues/701[fedora-coreos-tracker#701] "
"for more details."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:12
msgid ""
"Here is an example to set an SELinux boolean via a systemd unit that "
"executes on every boot:"
msgstr ""
#. type: Block title
#: ./pages/selinux.adoc:13
#, no-wrap
msgid "Example Butane config for dynamically applying SELinux boolean"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:29
#, no-wrap
msgid ""
"variant: fcos\n"
"version: {butane-latest-stable-spec}\n"
"systemd:\n"
" units:\n"
" - name: setsebool.service\n"
" enabled: true\n"
" contents: |\n"
" [Service]\n"
" Type=oneshot\n"
" ExecStart=setsebool container_manage_cgroup true\n"
" RemainAfterExit=yes\n"
" [Install]\n"
" WantedBy=multi-user.target\n"
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:31
#, no-wrap
msgid "Resetting the SELinux policy to the default"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:34
msgid ""
"If you encounter unexpected SELinux issue, it may be due to local policy "
"modifications."
msgstr ""
#. type: Block title
#: ./pages/selinux.adoc:35
#, no-wrap
msgid "Example SELinux denial"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:40
#, no-wrap
msgid ""
"systemd-resolved[755]: Failed to symlink "
"/run/systemd/resolve/stub-resolv.conf: Permission denied\n"
"audit[755]: AVC avc: denied { create } for pid=755 "
"comm=\"systemd-resolve\" name=\".#stub-resolv.confc418434d59d7d93a\" "
"scontext=system_u:system_r:systemd_resolved_t:s0 "
"tcontext=system_u:object_r:systemd_resolved_var_run_t:s0 tclass=lnk_file "
"permissive=0\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:43
msgid "You can check the state of the SELinux policy with:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:51
#, no-wrap
msgid ""
"$ sudo ostree admin config-diff | grep -E 'selinux/.*/policy'\n"
"M selinux/targeted/active/policy.linked\n"
"M selinux/targeted/active/policy.kern\n"
"M selinux/targeted/policy/policy.31\n"
"A selinux/targeted/policy/policy.30\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:54
msgid ""
"If this command returns a list of entries then your SELinux policy has been "
"modified from the default."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:56
msgid "You have two options to reset the SELinux policy to the default one:"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:58
msgid "Re-deploy the system from the latest Fedora CoreOS artifacts."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:59
msgid "Manually restore the default policy"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:61
msgid "To restore the default policy:"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:63
msgid "Make a backup of you current policy:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:67
#, no-wrap
msgid "sudo cp -al /etc/selinux{,.bak}\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:70
msgid "Restore the default SELinux policy:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:74
#, no-wrap
msgid ""
"sudo rsync --archive --links --verbose --delete /usr/etc/selinux/ "
"/etc/selinux/\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:77
msgid ""
"After this command, the output from `sudo ostree admin config-diff | grep -E "
"'selinux/.*/policy'` should no longer indicate the policy is modified."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:79
msgid "Finally, reload the SELinux policy or restart your system:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:83
#, no-wrap
msgid "sudo semodule -R\n"
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:85
#, no-wrap
msgid "Disabling SELinux"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:90
msgid ""
"We do not support disabling SELinux in Fedora CoreOS. See "
"https://github.com/coreos/rpm-ostree/issues/971[rpm-ostree#971]. See also "
"the discussion in "
"https://github.com/coreos/fedora-coreos-docs/issues/439[fedora-coreos-docs#439]."
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:91
#, no-wrap
msgid "Setting SELinux in permissive mode"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:95
msgid ""
"We do not recommend setting the entire system in permissive mode (i.e. `set "
"enforce 0`). Instead, you can set SELinux to permissive for a single "
"application by creating a "
"https://github.com/SELinuxProject/selinux-notebook/blob/main/src/cil_overview.md[CIL "
"policy module]."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:97
msgid "For example for the `wireguard_t` domain:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:102
#, no-wrap
msgid ""
"$ cat permissive-wireguard.cil\n"
"(typepermissive wireguard_t)\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:105
msgid "You can then load this module with:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:109
#, no-wrap
msgid "sudo semodule -i permissive-wireguard.cil\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:112
msgid "And remove it once it is no longer needed with:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:116
#, no-wrap
msgid "sudo semodule -r permissive-wireguard\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:118
msgid ""
"See also the discussion in "
"https://github.com/coreos/fedora-coreos-docs/issues/439[fedora-coreos-docs#439]."
msgstr ""

55
pot/master/nav.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-07-31 22:10+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -333,127 +333,132 @@ msgstr ""
#. type: Plain text
#: ./nav.adoc:65
msgid "Tutorials"
msgid "xref:selinux.adoc[SELinux]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:66
msgid "xref:tutorial-setup.adoc[Prerequisites for the tutorials]"
msgid "Tutorials"
msgstr ""
#. type: Plain text
#: ./nav.adoc:67
msgid "xref:tutorial-autologin.adoc[Enabling autologin and custom hostname]"
msgid "xref:tutorial-setup.adoc[Prerequisites for the tutorials]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:68
msgid "xref:tutorial-services.adoc[Starting a service on first boot]"
msgid "xref:tutorial-autologin.adoc[Enabling autologin and custom hostname]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:69
msgid "xref:tutorial-containers.adoc[SSH access and starting containers]"
msgid "xref:tutorial-services.adoc[Starting a service on first boot]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:70
msgid "xref:tutorial-containers.adoc[SSH access and starting containers]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:71
msgid ""
"xref:tutorial-user-systemd-unit-on-boot.adoc[Launching a user-level systemd "
"unit on boot]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:71
#: ./nav.adoc:72
msgid "xref:tutorial-updates.adoc[Testing Fedora CoreOS updates]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:72
#: ./nav.adoc:73
msgid "Reference pages"
msgstr ""
#. type: Plain text
#: ./nav.adoc:73
#: ./nav.adoc:74
msgid "xref:live-reference.adoc[Live ISO/PXE reference]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:74
#: ./nav.adoc:75
msgid "xref:platforms.adoc[Supported Platforms]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:75
#: ./nav.adoc:76
msgid "xref:fcos-projects.adoc[Projects Using Fedora CoreOS]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:76
#: ./nav.adoc:77
msgid "xref:update-barrier-signing-keys.adoc[Signing keys and updates]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:77
#: ./nav.adoc:78
msgid "Projects documentation"
msgstr ""
#. type: Plain text
#: ./nav.adoc:78
#: ./nav.adoc:79
msgid "https://coreos.github.io/afterburn/[Afterburn]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:79
#: ./nav.adoc:80
msgid "https://coreos.github.io/butane/[Butane (Config Transpiler)]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:80
#: ./nav.adoc:81
msgid "https://coreos.github.io/coreos-assembler/[CoreOS Assembler]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:81
#: ./nav.adoc:82
msgid "https://coreos.github.io/coreos-installer/[CoreOS Installer]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:82
#: ./nav.adoc:83
msgid "https://coreos.github.io/ignition/[Ignition]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:83
#: ./nav.adoc:84
msgid "https://coreos.github.io/rpm-ostree/[rpm-ostree]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:84
#: ./nav.adoc:85
msgid "https://coreos.github.io/zincati/[Zincati]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:85
#: ./nav.adoc:86
msgid "https://ostreedev.github.io/ostree/[ostree]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:86
#: ./nav.adoc:87
msgid "Migration notes"
msgstr ""
#. type: Plain text
#: ./nav.adoc:87
#: ./nav.adoc:88
msgid "xref:migrate-ah.adoc[Migrating from Atomic Host]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:88
#: ./nav.adoc:89
msgid "xref:migrate-cl.adoc[Migrating from Container Linux]"
msgstr ""
#. type: Plain text
#: ./nav.adoc:88
#: ./nav.adoc:89
msgid "xref:faq.adoc[FAQ]"
msgstr ""

4
pot/master/pages/audit.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2024-04-24 22:28+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -33,7 +33,7 @@ msgstr ""
#: ./pages/audit.adoc:6
msgid ""
"Like all system daemons on Fedora CoreOS, the audit daemon is managed by "
"systemd but with an exception: it can not be stopped or restarted via "
"systemd but with an exception: it cannot be stopped or restarted via "
"`systemctl stop auditd` or `systemctl restart auditd` for compliance "
"reasons."
msgstr ""

24
pot/master/pages/bare-metal.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-06-10 22:34+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -388,7 +388,7 @@ msgstr ""
msgid ""
"When you're finally ready to install FCOS, you can point it at your "
"downloaded image using `coreos-installer install --image-url <LOCAL_MIRROR>` "
"or `coreos-install --image-file <PATH>`."
"or `coreos-installer --image-file <PATH>`."
msgstr ""
#. type: Title ==
@ -510,7 +510,7 @@ msgstr ""
#: ./pages/bare-metal.adoc:181
msgid ""
"To install CoreOS on an iSCSI boot device, follow the same steps as "
"described above to get the live environnement, and add the iSCSI-related "
"described above to get the live environment, and add the iSCSI-related "
"kernel arguments."
msgstr ""
@ -546,24 +546,16 @@ msgid ""
"for example:"
msgstr ""
#. type: Plain text
#: ./pages/bare-metal.adoc:198 ./pages/bare-metal.adoc:205
#: ./pages/bare-metal.adoc:216
#, no-wrap
msgid "---\n"
msgstr ""
#. type: Plain text
#. type: delimited block -
#: ./pages/bare-metal.adoc:202
#, no-wrap
msgid ""
"#!ipxe\n"
"set initiator-iqn iqn.2023-11.coreos.diskless:testsetup\n"
"sanboot iscsi:10.0.0.1::::iqn.2023-10.coreos.target.vm:coreos\n"
"---\n"
msgstr ""
#. type: Plain text
#. type: delimited block -
#: ./pages/bare-metal.adoc:211
#, no-wrap
msgid ""
@ -574,7 +566,6 @@ msgid ""
" --append-karg rd.iscsi.firmware=1 --append-karg ip=ibft \\\n"
" --console ttyS0 \\\n"
" --ignition-url https://example.com/example.ign\n"
"---\n"
msgstr ""
#. type: Block title
@ -583,7 +574,7 @@ msgstr ""
msgid "Installing to an iSCSI target with manual configuration"
msgstr ""
#. type: Plain text
#. type: delimited block -
#: ./pages/bare-metal.adoc:223
#, no-wrap
msgid ""
@ -592,10 +583,9 @@ msgid ""
"/dev/disk/by-path/ip-10.0.0.1\\:3260-iscsi-iqn.2023-10.coreos.target.vm\\:coreos-lun-0 "
"\\\n"
" --append-karg rd.iscsi.initiator=iqn.2024-02.com.yourorg.name:lun0 \\\n"
" --append-karg netroot=iscsi:iqn.2023-10.coreos.target.vm:coreos` \\\n"
" --append-karg netroot=iscsi:iqn.2023-10.coreos.target.vm:coreos \\\n"
" --console ttyS0 \\\n"
" --ignition-url https://example.com/example.ign\n"
"---\n"
msgstr ""
#. type: Plain text

8
pot/master/pages/composefs.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -27,8 +27,8 @@ msgstr ""
msgid ""
"Fedora CoreOS introduced composefs enabled by default starting in Fedora "
"41. Composefs is an overlay filesystem where the data comes from the usual "
"ostree deployement, and metadata are in the composefs file. The result is a "
"truely read-only root (`/`) filesystem, increasing the system integrity and "
"ostree deployment, and metadata is in the composefs file. The result is a "
"truly read-only root (`/`) filesystem, increasing the system integrity and "
"robustness."
msgstr ""
@ -90,7 +90,7 @@ msgstr ""
#. type: Block title
#: ./pages/composefs.adoc:26
#, no-wrap
msgid "Disabling composefs at provisionning"
msgid "Disabling composefs at provisioning"
msgstr ""
#. type: delimited block -

6
pot/master/pages/customize-nic.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2024-02-08 22:18+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -126,8 +126,8 @@ msgid ""
"(e.g. static IPs, hostnames, etc.), these udev rules are not persisted into "
"the real root. If the custom name needs to be applied to the real root, "
"either a link file or udev rule must be created, as shown above. See "
"xref:https://github.com/coreos/fedora-coreos-tracker/issues/553[this issue] "
"for more details."
"https://github.com/coreos/fedora-coreos-tracker/issues/553[this issue] for "
"more details."
msgstr ""
#. type: Plain text

4
pot/master/pages/docker-ce.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -51,7 +51,7 @@ msgstr ""
#: ./pages/docker-ce.adoc:14
msgid ""
"On provisioning, you can install Docker CE during the first boot of the "
"system via ignition configuration."
"system via Ignition configuration."
msgstr ""
#. type: Block title

158
pot/master/pages/faq.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-03-05 22:19+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -25,7 +25,7 @@ msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:9
msgid ""
"If you have other questions than are mentioned here or want to discuss "
"If you have questions other than those mentioned here or want to discuss "
"further, join us in our Matrix room, "
"link:https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org[#coreos:fedoraproject.org], "
"or on our https://discussion.fedoraproject.org/tag/coreos[discussion "
@ -286,7 +286,7 @@ msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:115
msgid ""
"The FCOS image is kept minimal by design. Not every troubleshooting tool are "
"The FCOS image is kept minimal by design. Not every troubleshooting tool is "
"included by default. Instead, it is recommended to use the `toolbox` "
"utility."
msgstr ""
@ -612,152 +612,20 @@ msgstr ""
#. type: Title ==
#: ./pages/faq.adoc:250
#, no-wrap
msgid ""
"Why do I get SELinux denials after updates if I have local policy "
"modifications?"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:259
msgid ""
"Currently, the OSTree and SELinux tooling conflict a bit. If you have "
"permanently applied local policy modifications then policy updates delivered "
"by the OS will no longer apply; your policy stays frozen. This means any "
"policy \"fixes\" needed to enable new functionality will not get "
"applied. See "
"https://github.com/coreos/fedora-coreos-tracker/issues/701[coreos/fedora-coreos-tracker#701] "
"for more details."
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:263
msgid ""
"This means you may see denials like the following, which can take down "
"critical parts of a system like in "
"https://github.com/coreos/fedora-coreos-tracker/issues/700[coreos/fedora-coreos-tracker#700]:"
msgstr ""
#. type: Block title
#: ./pages/faq.adoc:264
#, no-wrap
msgid "Example SELinux denial"
msgstr ""
#. type: delimited block -
#: ./pages/faq.adoc:269
#, no-wrap
msgid ""
"systemd-resolved[755]: Failed to symlink "
"/run/systemd/resolve/stub-resolv.conf: Permission denied\n"
"audit[755]: AVC avc: denied { create } for pid=755 "
"comm=\"systemd-resolve\" name=\".#stub-resolv.confc418434d59d7d93a\" "
"scontext=system_u:system_r:systemd_resolved_t:s0 "
"tcontext=system_u:object_r:systemd_resolved_var_run_t:s0 tclass=lnk_file "
"permissive=0\n"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:274
msgid ""
"To see if your system currently has local policy modifications you can run "
"`ostree admin config-diff`. The following system has a modified policy:"
msgstr ""
#. type: Block title
#: ./pages/faq.adoc:275 ./pages/faq.adoc:308
#, no-wrap
msgid "Example system with a modified SELinux policy"
msgstr ""
#. type: delimited block -
#: ./pages/faq.adoc:280 ./pages/faq.adoc:313
#, no-wrap
msgid ""
"$ sudo ostree admin config-diff | grep selinux/targeted/policy\n"
"M selinux/targeted/policy/policy.32\n"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:285
msgid ""
"To work around this incompatibility, please attempt to apply policy "
"modifications dynamically. For example, for an SELinux boolean you can use "
"the following systemd unit that executes on every boot:"
msgstr ""
#. type: Block title
#: ./pages/faq.adoc:286
#, no-wrap
msgid "Example Butane config for dynamically applying SELinux boolean"
msgstr ""
#. type: delimited block -
#: ./pages/faq.adoc:302
#, no-wrap
msgid ""
"variant: fcos\n"
"version: {butane-latest-stable-spec}\n"
"systemd:\n"
" units:\n"
" - name: setsebool.service\n"
" enabled: true\n"
" contents: |\n"
" [Service]\n"
" Type=oneshot\n"
" ExecStart=setsebool container_manage_cgroup true\n"
" RemainAfterExit=yes\n"
" [Install]\n"
" WantedBy=multi-user.target\n"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:307
msgid ""
"If your system's basic functionality has stopped working because of SELinux "
"denials check to see if your system currently has local policy "
"modifications. You can check with `ostree admin config-diff`:"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:316
msgid "If your system is in this state you have two options:"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:318
msgid "Re-deploy starting with the latest image artifacts."
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:319
msgid "This means you start with the latest policy."
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:320
msgid ""
"Follow the workaround in "
"https://github.com/coreos/fedora-coreos-tracker/issues/701[coreos/fedora-coreos-tracker#701] "
"to restore the base policy."
msgstr ""
#. type: Title ==
#: ./pages/faq.adoc:321
#, no-wrap
msgid "Why is the `systemd-repart.service` systemd unit masked?"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:327
#: ./pages/faq.adoc:256
msgid ""
"https://www.freedesktop.org/software/systemd/man/systemd-repart.html[system-repart] "
"https://www.freedesktop.org/software/systemd/man/systemd-repart.html[systemd-repart] "
"is a tool to grow and add partitions to a partition table. On Fedora CoreOS, "
"we only support using Ignition to create partitions, filesystems and mount "
"points, thus systemd-repart is masked by default."
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:332
#: ./pages/faq.adoc:261
msgid ""
"Ignition runs on first boot in the initramfs and is aware of Fedora CoreOS "
"specific disk layout. It is also capable of reconfiguring the root "
@ -766,7 +634,7 @@ msgid ""
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:335
#: ./pages/faq.adoc:264
msgid ""
"See the xref:faq.adoc#_why_is_the_dnsmasq_service_systemd_unit_masked[Why is "
"the `dnsmasq.service` systemd unit masked] entry for an example config to "
@ -774,22 +642,22 @@ msgid ""
msgstr ""
#. type: Title ==
#: ./pages/faq.adoc:337
#: ./pages/faq.adoc:266
#, no-wrap
msgid "How do I keep dropped wireless firmware?"
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:340
#: ./pages/faq.adoc:269
msgid ""
"Some Wi-Fi firmwares were split into subpackages in Fedora 39 and Fedora "
"40. Fedora CoresOS will keep them in until Fedora 41, but display a warning "
"40. Fedora CoreOS will keep them in until Fedora 41, but display a warning "
"message in the console if `NetworkManager-wifi` is layered without any other "
"Wi-Fi firmware packages layered."
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:342
#: ./pages/faq.adoc:271
msgid ""
"To request the Wi-Fi firmware stay installed even when Fedora CoreOS drops "
"these packages please follow the "
@ -798,14 +666,14 @@ msgid ""
msgstr ""
#. type: Plain text
#: ./pages/faq.adoc:344
#: ./pages/faq.adoc:273
msgid ""
"Once the packages are requested you can now disable the warning so it won't "
"be checked on subsequent boots."
msgstr ""
#. type: delimited block -
#: ./pages/faq.adoc:348
#: ./pages/faq.adoc:277
#, no-wrap
msgid "sudo systemctl disable coreos-check-wireless-firmwares.service\n"
msgstr ""

4
pot/master/pages/getting-started-libvirt.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -105,7 +105,7 @@ msgid ""
"Depending on your version of `virt-install`, you may not be able to use "
"`--os-variant=fedora-coreos-*` and will get an error. In this case, you "
"should pick an older Fedora variant (`--os-variant=fedora31` for "
"example). You can find the variants that are supported by you current "
"example). You can find the variants that are supported by your current "
"version of `virt-install` with `osinfo-query os | grep '^\\s*fedora'`."
msgstr ""

10
pot/master/pages/major-changes.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2026-01-13 22:03+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -91,8 +91,8 @@ msgstr ""
msgid ""
"Currently, Fedora CoreOS hosts pull updates from the OSTree repository. "
"With this change, the hosts will pull updates from the Quay.io container "
"registry instead. This should be a transparent change, altough proxied "
"environnements require attention as the nodes will reach to a different "
"registry instead. This should be a transparent change, although proxied "
"environments require attention as the nodes will reach to a different "
"address for updates."
msgstr ""
@ -241,7 +241,9 @@ msgstr ""
#. type: Plain text
#: ./pages/major-changes.adoc:104
msgid "Support for cgroups v1 is deprecated and will removed in a future version."
msgid ""
"Support for cgroups v1 is deprecated and will be removed in a future "
"version."
msgstr ""
#. type: Plain text

4
pot/master/pages/managing-files.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2024-02-08 22:18+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -103,7 +103,7 @@ msgstr ""
#. type: Block title
#: ./pages/managing-files.adoc:48
#, no-wrap
msgid "Example to create a files from a remote source"
msgid "Example to create a file from a remote source"
msgstr ""
#. type: delimited block -

6
pot/master/pages/manual-rollbacks.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2022-07-05 22:02+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -69,8 +69,8 @@ msgstr ""
#: ./pages/manual-rollbacks.adoc:20
#, no-wrap
msgid ""
"# Mark the previous OS deployment as the default, and immediately reboots "
"into it\n"
"# Mark the previous OS deployment as the default and immediately reboot into "
"it\n"
"sudo rpm-ostree rollback -r\n"
msgstr ""

12
pot/master/pages/platforms.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-07-31 22:10+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -154,7 +154,8 @@ msgid ""
msgstr ""
#. type: Plain text
#: ./pages/platforms.adoc:27
#: ./pages/platforms.adoc:27 ./pages/platforms.adoc:40
#: ./pages/platforms.adoc:47
msgid ""
"OpenStack (`openstack`): Cloud platform. See "
"xref:provisioning-openstack.adoc[Booting on OpenStack]."
@ -225,13 +226,6 @@ msgid ""
"libvirt]"
msgstr ""
#. type: Plain text
#: ./pages/platforms.adoc:40 ./pages/platforms.adoc:47
msgid ""
"OpenStack (cloud platform): `openstack`): Cloud platform. See "
"xref:provisioning-openstack.adoc[Booting on OpenStack]."
msgstr ""
#. type: Title ===
#: ./pages/platforms.adoc:41
#, no-wrap

4
pot/master/pages/producing-ign.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-09-05 22:12+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -496,7 +496,7 @@ msgstr ""
#. type: Plain text
#: ./pages/producing-ign.adoc:207
msgid ""
"If you use VScode with the "
"If you use VS Code with the "
"https://github.com/redhat-developer/vscode-yaml[Red Hat Yaml extension] you "
"can associate `*.bu` files to `yaml` in the `files.associations` setting and "
"get help/auto completion."

4
pot/master/pages/provisioning-applehv.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-09-03 22:12+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -143,7 +143,7 @@ msgstr ""
#. type: Plain text
#: ./pages/provisioning-applehv.adoc:45
msgid "a network device that will receive a IP address from Vfit"
msgid "a network device that will receive an IP address from vfkit"
msgstr ""
#. type: Plain text

6
pot/master/pages/provisioning-aws.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2024-11-15 22:21+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -216,7 +216,7 @@ msgstr ""
#. type: Plain text
#: ./pages/provisioning-aws.adoc:84
msgid "You can verify the file have been correctly uploaded:"
msgid "You can verify the file has been correctly uploaded:"
msgstr ""
#. type: Block title
@ -424,7 +424,7 @@ msgstr ""
#. type: Plain text
#: ./pages/provisioning-aws.adoc:187
msgid "Optionnally, you can delete the whole bucket:"
msgid "Optionally, you can delete the whole bucket:"
msgstr ""
#. type: Block title

6
pot/master/pages/provisioning-exoscale.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -55,7 +55,7 @@ msgstr ""
#: ./pages/provisioning-exoscale.adoc:12
msgid ""
"If you do not want to use Ignition to get started, you can make use of the "
"https://coreos.github.io/afterburn/platforms/[Afterburn support].."
"https://coreos.github.io/afterburn/platforms/[Afterburn support]."
msgstr ""
#. type: Plain text
@ -138,7 +138,7 @@ msgstr ""
#: ./pages/provisioning-exoscale.adoc:39
#, no-wrap
msgid ""
"# Set the version and calcuate the checksum\n"
"# Set the version and calculate the checksum\n"
"FCOS_VERSION='...'\n"
"FILE=\"fedora-coreos-${FCOS_VERSION}-exoscale.x86_64.qcow2\"\n"
"CHECKSUM=$(md5sum \"${FILE}\" | cut -d \" \" -f 1)\n"

4
pot/master/pages/provisioning-hetzner.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-04-02 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -118,7 +118,7 @@ msgstr ""
#. type: Title ==
#: ./pages/provisioning-hetzner.adoc:32
#, no-wrap
msgid "Downloading an Hetzner image"
msgid "Downloading a Hetzner image"
msgstr ""
#. type: Plain text

21
pot/master/pages/provisioning-kubevirt.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2023-09-02 21:57+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -223,8 +223,8 @@ msgstr ""
msgid ""
"The above example will give you a VM that will lose any changes made to it "
"if it is stopped and started again. You can instruct the cluster to import a "
"containerdisk into a Physical Volume when provisioning in order to have "
"virtual machine will have persistence of the OS disk across stop/start "
"containerdisk into a Physical Volume when provisioning in order for the "
"virtual machine to have persistence of the OS disk across stop/start "
"operations."
msgstr ""
@ -263,7 +263,7 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/provisioning-kubevirt.adoc:149
#: ./pages/provisioning-kubevirt.adoc:148
#, no-wrap
msgid ""
"apiVersion: kubevirt.io/v1\n"
@ -298,7 +298,6 @@ msgid ""
" - name: cloudinitdisk\n"
" disk:\n"
" bus: virtio\n"
" name: cloudinitdisk\n"
" rng: {}\n"
" resources:\n"
" requests:\n"
@ -316,7 +315,7 @@ msgid ""
msgstr ""
#. type: Plain text
#: ./pages/provisioning-kubevirt.adoc:152
#: ./pages/provisioning-kubevirt.adoc:151
msgid ""
"The data volume import into the PVC from the container registry may take "
"some time. You can monitor the import by watching the logs of the "
@ -324,20 +323,20 @@ msgid ""
msgstr ""
#. type: Plain text
#: ./pages/provisioning-kubevirt.adoc:154
#: ./pages/provisioning-kubevirt.adoc:153
msgid ""
"After the machine is up you can connect to it using `virtctl` as shown in "
"the previous example."
msgstr ""
#. type: Title ==
#: ./pages/provisioning-kubevirt.adoc:155
#: ./pages/provisioning-kubevirt.adoc:154
#, no-wrap
msgid "Mirroring the image for use in private registries"
msgstr ""
#. type: Plain text
#: ./pages/provisioning-kubevirt.adoc:158
#: ./pages/provisioning-kubevirt.adoc:157
msgid ""
"If a private registry in air-gapped installations is used, the image can be "
"mirrored to that registry using "
@ -345,13 +344,13 @@ msgid ""
msgstr ""
#. type: Block title
#: ./pages/provisioning-kubevirt.adoc:159
#: ./pages/provisioning-kubevirt.adoc:158
#, no-wrap
msgid "Mirroring a stable stream FCOS image"
msgstr ""
#. type: delimited block -
#: ./pages/provisioning-kubevirt.adoc:163
#: ./pages/provisioning-kubevirt.adoc:162
#, no-wrap
msgid ""
"skopeo copy docker://quay.io/fedora/fedora-coreos-kubevirt:stable "

4
pot/master/pages/provisioning-proxmoxve.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-07-30 22:09+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -416,7 +416,7 @@ msgstr ""
#. type: Plain text
#: ./pages/provisioning-proxmoxve.adoc:162
msgid "You log into the VM from the host with the following command:"
msgid "You can log into the VM from the host with the following command:"
msgstr ""
#. type: delimited block -

4
pot/master/pages/provisioning-qemu.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -77,7 +77,7 @@ msgstr ""
#. type: Plain text
#: ./pages/provisioning-qemu.adoc:18
msgid ""
"This section shows how to boot a new VM on QEMU. Based on the platform, The "
"This section shows how to boot a new VM on QEMU. Based on the platform, the "
"Ignition file is passed to the VM, which sets the `opt/com.coreos/config` "
"key in the QEMU firmware configuration device."
msgstr ""

6
pot/master/pages/provisioning-vultr.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -86,7 +86,7 @@ msgstr ""
#. type: Plain text
#: ./pages/provisioning-vultr.adoc:20
msgid ""
"These steps show how to download a FCOS image and upload it to an existing "
"These steps show how to download an FCOS image and upload it to an existing "
"storage bucket, in order to create a snapshot from that."
msgstr ""
@ -173,7 +173,7 @@ msgstr ""
#. type: Plain text
#: ./pages/provisioning-vultr.adoc:58
msgid "You can now create a FCOS Vultr instance using the snapshot ID above."
msgid "You can now create an FCOS Vultr instance using the snapshot ID above."
msgstr ""
#. type: Plain text

5
pot/master/pages/remote-ign.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2024-02-08 22:18+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -101,8 +101,7 @@ msgstr ""
#: ./pages/remote-ign.adoc:38
msgid ""
"In some cases, if you need to merge a local configuration and one or several "
"remote ones, you can use the `merge` rather than `replace` in a Butane "
"config."
"remote ones, you can use `merge` rather than `replace` in a Butane config."
msgstr ""
#. type: Block title

266
pot/master/pages/selinux.pot Normal file
View file

@ -0,0 +1,266 @@
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#. type: Title =
#: ./pages/selinux.adoc:1
#, no-wrap
msgid "SELinux"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:4
msgid "Fedora CoreOS comes with SELinux enabled in enforcing mode."
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:5
#, no-wrap
msgid "Policy changes"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:10
msgid ""
"Changing policy booleans and adding SELinux modules is supported on Fedora "
"CoreOS. However, we do not include `semanage` and there is no sugar in "
"Butane or direct support in Ignition for doing those operations. See "
"https://github.com/coreos/fedora-coreos-tracker/issues/701[fedora-coreos-tracker#701] "
"for more details."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:12
msgid ""
"Here is an example to set an SELinux boolean via a systemd unit that "
"executes on every boot:"
msgstr ""
#. type: Block title
#: ./pages/selinux.adoc:13
#, no-wrap
msgid "Example Butane config for dynamically applying SELinux boolean"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:29
#, no-wrap
msgid ""
"variant: fcos\n"
"version: {butane-latest-stable-spec}\n"
"systemd:\n"
" units:\n"
" - name: setsebool.service\n"
" enabled: true\n"
" contents: |\n"
" [Service]\n"
" Type=oneshot\n"
" ExecStart=setsebool container_manage_cgroup true\n"
" RemainAfterExit=yes\n"
" [Install]\n"
" WantedBy=multi-user.target\n"
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:31
#, no-wrap
msgid "Resetting the SELinux policy to the default"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:34
msgid ""
"If you encounter unexpected SELinux issue, it may be due to local policy "
"modifications."
msgstr ""
#. type: Block title
#: ./pages/selinux.adoc:35
#, no-wrap
msgid "Example SELinux denial"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:40
#, no-wrap
msgid ""
"systemd-resolved[755]: Failed to symlink "
"/run/systemd/resolve/stub-resolv.conf: Permission denied\n"
"audit[755]: AVC avc: denied { create } for pid=755 "
"comm=\"systemd-resolve\" name=\".#stub-resolv.confc418434d59d7d93a\" "
"scontext=system_u:system_r:systemd_resolved_t:s0 "
"tcontext=system_u:object_r:systemd_resolved_var_run_t:s0 tclass=lnk_file "
"permissive=0\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:43
msgid "You can check the state of the SELinux policy with:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:51
#, no-wrap
msgid ""
"$ sudo ostree admin config-diff | grep -E 'selinux/.*/policy'\n"
"M selinux/targeted/active/policy.linked\n"
"M selinux/targeted/active/policy.kern\n"
"M selinux/targeted/policy/policy.31\n"
"A selinux/targeted/policy/policy.30\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:54
msgid ""
"If this command returns a list of entries then your SELinux policy has been "
"modified from the default."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:56
msgid "You have two options to reset the SELinux policy to the default one:"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:58
msgid "Re-deploy the system from the latest Fedora CoreOS artifacts."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:59
msgid "Manually restore the default policy"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:61
msgid "To restore the default policy:"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:63
msgid "Make a backup of you current policy:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:67
#, no-wrap
msgid "sudo cp -al /etc/selinux{,.bak}\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:70
msgid "Restore the default SELinux policy:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:74
#, no-wrap
msgid ""
"sudo rsync --archive --links --verbose --delete /usr/etc/selinux/ "
"/etc/selinux/\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:77
msgid ""
"After this command, the output from `sudo ostree admin config-diff | grep -E "
"'selinux/.*/policy'` should no longer indicate the policy is modified."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:79
msgid "Finally, reload the SELinux policy or restart your system:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:83
#, no-wrap
msgid "sudo semodule -R\n"
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:85
#, no-wrap
msgid "Disabling SELinux"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:90
msgid ""
"We do not support disabling SELinux in Fedora CoreOS. See "
"https://github.com/coreos/rpm-ostree/issues/971[rpm-ostree#971]. See also "
"the discussion in "
"https://github.com/coreos/fedora-coreos-docs/issues/439[fedora-coreos-docs#439]."
msgstr ""
#. type: Title ==
#: ./pages/selinux.adoc:91
#, no-wrap
msgid "Setting SELinux in permissive mode"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:95
msgid ""
"We do not recommend setting the entire system in permissive mode (i.e. `set "
"enforce 0`). Instead, you can set SELinux to permissive for a single "
"application by creating a "
"https://github.com/SELinuxProject/selinux-notebook/blob/main/src/cil_overview.md[CIL "
"policy module]."
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:97
msgid "For example for the `wireguard_t` domain:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:102
#, no-wrap
msgid ""
"$ cat permissive-wireguard.cil\n"
"(typepermissive wireguard_t)\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:105
msgid "You can then load this module with:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:109
#, no-wrap
msgid "sudo semodule -i permissive-wireguard.cil\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:112
msgid "And remove it once it is no longer needed with:"
msgstr ""
#. type: delimited block -
#: ./pages/selinux.adoc:116
#, no-wrap
msgid "sudo semodule -r permissive-wireguard\n"
msgstr ""
#. type: Plain text
#: ./pages/selinux.adoc:118
msgid ""
"See also the discussion in "
"https://github.com/coreos/fedora-coreos-docs/issues/439[fedora-coreos-docs#439]."
msgstr ""

4
pot/master/pages/storage.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2024-04-24 22:28+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -571,7 +571,7 @@ msgid ""
"corresponds to the "
"https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/[UEFI "
"Boot Component] used to track the Secure Boot certificate from "
"memory. Therefore, updates to the the UEFI firmware/certificates should not "
"memory. Therefore, updates to the UEFI firmware/certificates should not "
"affect the value stored in PCR 7."
msgstr ""

486
pot/master/pages/sysconfig-configure-wireguard.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-06-23 22:27+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -19,158 +19,171 @@ msgstr ""
#. type: Title =
#: ./pages/sysconfig-configure-wireguard.adoc:1
#, no-wrap
msgid "Configuring FCOS to use WireGuard"
msgid "Configuring WireGuard"
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:3
#, no-wrap
msgid "Introduction"
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:4
msgid "From https://www.wireguard.com/[wireguard.com]:"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:6
msgid ""
"https://www.wireguard.com/[WireGuard] is a novel VPN that runs inside the "
"Linux Kernel and uses state-of-the-art cryptography. It aims to be faster, "
"simpler, leaner, and more useful than IPSec, while avoiding the massive "
"headache. It intends to be considerably more performant than "
"OpenVPN. WireGuard is designed as a general purpose VPN for running on "
"embedded interfaces and super computers alike, fit for many different "
"circumstances. It runs over UDP."
"WireGuard is a novel VPN that runs inside the Linux Kernel and uses "
"state-of-the-art cryptography."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:7
msgid ""
"It aims to be faster, simpler, leaner, and more useful than IPSec, while "
"avoiding the massive headache."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:8
msgid "https://www.wireguard.com/[Conceptual Overview]"
msgid "It intends to be considerably more performant than OpenVPN."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:9
msgid "https://www.wireguard.com/quickstart/[Quickstart]"
msgid ""
"WireGuard is designed as a general purpose VPN for running on embedded "
"interfaces and super computers alike, fit for many different circumstances."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:10
msgid "https://www.wireguard.com/papers/wireguard.pdf[Whitepaper]"
msgid "It runs over UDP."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:12
msgid ""
"FCOS has full support for WireGuard out of the box. This guide is going to "
"demonstrate how to set up a single connection between a FCOS server and one "
"client computer. It goes over the basic client configuration, but it does "
"not cover installing WireGuard on your clients."
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:13
#, no-wrap
msgid "Generate Keys"
"You might also want to read the https://www.wireguard.com/[Conceptual "
"Overview], the https://www.wireguard.com/quickstart/[Quickstart] and the "
"https://www.wireguard.com/papers/wireguard.pdf[Whitepaper]."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:16
msgid ""
"You will need to generate some keys to configure WireGuard. For this guide, "
"the keys should be pre-generated on your workstation. First, let's create "
"the FCOS WireGuard keys:"
"Fedora CoreOS has full support for WireGuard out of the box. This page "
"shows how to set up a single connection between a Fedora CoreOS server and "
"another computer. It goes over the basic client configuration, but it does "
"not cover installing WireGuard on your client."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:18
msgid "There are two options to set up WireGuard on Fedora CoreOS:"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:20
msgid "Importing the WireGuard configuration in NetworkManager"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:21
msgid "Using https://www.man7.org/linux/man-pages/man8/wg-quick.8.html[`wg-quick`]"
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:22
#, no-wrap
msgid "Generating Keys"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:26
msgid ""
"You will need to generate keys to configure WireGuard. You can generate the "
"keys on your workstation or a running Fedora CoreOS system."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:28
msgid "First, let's create the WireGuard keys for the Fedora CoreOS system:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:17
#: ./pages/sysconfig-configure-wireguard.adoc:29
#, no-wrap
msgid "Generate FCOS WireGuard keys"
msgid "Generate WireGuard keys for the Fedora CoreOS system"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:22
#: ./pages/sysconfig-configure-wireguard.adoc:33
#: ./pages/sysconfig-configure-wireguard.adoc:34
#, no-wrap
msgid ""
"$ umask 077\n"
"$ wg genkey | tee privatekey | wg pubkey > publickey\n"
"umask 077\n"
"wg genkey | tee fcos_private_key | wg pubkey > fcos_public_key\n"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:25
msgid ""
"These keys will be referenced as `fcos_public_key` and `fcos_private_key` "
"from here on out in this guide."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:27
msgid "Now let's generate the client keys:"
#: ./pages/sysconfig-configure-wireguard.adoc:37
msgid "Now let's generate the WireGuard keys for the client:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:28
#, no-wrap
msgid "Generate Client One WireGuard keys"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:36
msgid ""
"These keys will be referenced as `client_one_public_key` and "
"`client_one_private_key` from here on out in this guide."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:38
msgid "Now create a PresharedKey:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:39
#, no-wrap
msgid "Generate a Preshared key per peer pair"
msgid "Generate WireGuard keys for the client"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:43
#, no-wrap
msgid "$ wg genpsk > fcos_client_one_psk\n"
msgid ""
"umask 077\n"
"wg genkey | tee client_private_key | wg pubkey > client_public_key\n"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:46
msgid ""
"The PresharedKey will be referenced as `fcos_client_one_psk` from here on "
"out in this guide."
msgid "You can optionnaly generate a pre-shared key to increase security:"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:48
msgid ""
"The `wg genpsk` command generates a PresharedKey that can only be used once "
"per peer pair. Every peer you add to the FCOS server will need to generate a "
"unique PresharedKey."
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:47
#, no-wrap
msgid "Generate a preshared key for this peer pair"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:51
#, no-wrap
msgid "wg genpsk > fcos_client_psk\n"
msgstr ""
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:56
msgid "You should generate a pre-shared key for each peer pair."
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:49
#: ./pages/sysconfig-configure-wireguard.adoc:58
#, no-wrap
msgid "Configure WireGuard on FCOS"
msgid "Configuring WireGuard on Fedora CoreOS"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:52
#: ./pages/sysconfig-configure-wireguard.adoc:61
msgid ""
"You can now configure your Ignition config to create the `wg0` configuration "
"You can now modify your Butane config to create the `wg0` configuration "
"file:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:53
#: ./pages/sysconfig-configure-wireguard.adoc:62
#, no-wrap
msgid "Example FCOS WireGuard configuration"
msgid "Example Butane config with a WireGuard configuration file"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:68
#: ./pages/sysconfig-configure-wireguard.adoc:77
#, no-wrap
msgid ""
"variant: fcos\n"
@ -188,36 +201,150 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:77
#: ./pages/sysconfig-configure-wireguard.adoc:242
#: ./pages/sysconfig-configure-wireguard.adoc:82
#, no-wrap
msgid ""
" [Peer]\n"
" PublicKey = <client_one_public_key>\n"
" PresharedKey = <fcos_client_one_psk>\n"
" AllowedIPs = 192.168.71.0/24,fdc9:3c6b:21c7:e6bd::/64\n"
" PublicKey = <client_public_key>\n"
" PresharedKey = <fcos_client_psk>\n"
" AllowedIPs = 192.168.71.2/32,fdc9:3c6b:21c7:e6bd::2/128\n"
msgstr ""
#. type: Title ===
#: ./pages/sysconfig-configure-wireguard.adoc:84
#, no-wrap
msgid "Using NetworkManager"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:87
msgid ""
"If you want to use the support in NetworkManager, you can import the "
"WireGuard configuration with a oneshot unit:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:88
#, no-wrap
msgid "Example systemd service unit to import the WireGuard configuration"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:105
#, no-wrap
msgid ""
"systemd:\n"
" units:\n"
" - name: import-wireguard-config.service\n"
" enabled: true\n"
" contents: |\n"
" [Unit]\n"
" "
"ConditionPathExists=!/etc/NetworkManager/system-connections/wg0.nmconnection\n"
" Description=Import wireguard configuration to NetworkManager\n"
" [Service]\n"
" Type=oneshot\n"
" RemainAfterExit=yes\n"
" ExecStart=nmcli connection import type wireguard file "
"/etc/wireguard/wg0.conf\n"
" [Install]\n"
" WantedBy=multi-user.target\n"
msgstr ""
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:111
msgid ""
"NetworkManager will ignGre `PostUp` and `PostDown` directives in the "
"WireGuard config. If you have firewall configuration to apply, make sure to "
"apply it with a separate unit, or manually."
msgstr ""
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:116
msgid ""
"If you need to make further changes to update WireGuard's configuration, "
"delete the connection and re-import it from the updated configuration file."
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:117
#, no-wrap
msgid "Re-import updated WireGuard configuration"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:123
#, no-wrap
msgid ""
"$ sudo nmcli con delete wg0 && sudo nmcli con import type wireguard file "
"/etc/wireguard/wg0.conf\n"
"Connection 'wg0' (1e4f869e-f95c-4221-b2b9-99726ffde92b) successfully "
"deleted.\n"
"Connection 'wg0' (18cd8e61-1cc2-43a2-9f2e-467b75cd99da) successfully "
"added.\n"
msgstr ""
#. type: Title ===
#: ./pages/sysconfig-configure-wireguard.adoc:126
#, no-wrap
msgid "Using wg-quick"
msgstr ""
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:129
msgid ""
"If you want to use `wg-quick` instead of the support in NetworkManager, you "
"can add the following to your Butane config:"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:136
#: ./pages/sysconfig-configure-wireguard.adoc:331
#, no-wrap
msgid ""
"systemd:\n"
" units:\n"
" - name: wg-quick@wg0.service\n"
" enabled: true\n"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:80
msgid "Boot FCOS and log in. When you run `sudo wg show` you should see this:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:81
#, no-wrap
msgid "Check WireGuard configuration on FCOS"
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:141
msgid ""
"If you need to make further changes to WireGuard's configuration, reload the "
"service with:"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:89
#: ./pages/sysconfig-configure-wireguard.adoc:145
#, no-wrap
msgid "systemctl reload wg-quick@wg0.conf\n"
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:148
#, no-wrap
msgid "Verifying the configuration on the Fedora CoreOS system"
msgstr ""
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:152
msgid ""
"Boot Fedora CoreOS and log in. When you run `sudo wg show` you should see "
"this:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:153
#, no-wrap
msgid "Check WireGuard configuration"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:161
#, no-wrap
msgid ""
"[core@wireguard-demo ~]$ sudo wg show\n"
"[core@server ~]$ sudo wg show\n"
"interface: wg0\n"
" public key: <fcos_public_key>\n"
" private key: (hidden)\n"
@ -225,7 +352,7 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:94
#: ./pages/sysconfig-configure-wireguard.adoc:166
#, no-wrap
msgid ""
"peer: <client_one_public_key>\n"
@ -235,10 +362,10 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:102
#: ./pages/sysconfig-configure-wireguard.adoc:174
#, no-wrap
msgid ""
"[root@wireguard-demo ~]# ip a s wg0\n"
"[core@server ~]$ sudo ip addr show wg0\n"
"12: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state "
"UNKNOWN group default qlen 1000\n"
" link/none\n"
@ -248,76 +375,95 @@ msgid ""
" valid_lft forever preferred_lft forever\n"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:105
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:179
msgid "<Client IP address> above is the IP or FQDN of the Client computer."
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:106
#: ./pages/sysconfig-configure-wireguard.adoc:181
#, no-wrap
msgid "Configure WireGuard on a client"
msgid "Configuring WireGuard on a client"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:109
#: ./pages/sysconfig-configure-wireguard.adoc:184
msgid ""
"You will now want to configure WireGuard on your client computer with the "
"You will now have to configure WireGuard on your client computer with the "
"following configuration:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:110
#: ./pages/sysconfig-configure-wireguard.adoc:185
#, no-wrap
msgid "Client WireGuard configuration"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:117
#: ./pages/sysconfig-configure-wireguard.adoc:192
#, no-wrap
msgid ""
"[Interface]\n"
"Address = 192.168.71.2/24,fdc9:3c6b:21c7:e6bd::2/64\n"
"PrivateKey = <client_one_private_key>\n"
"PrivateKey = <client_private_key>\n"
"ListenPort = 51821\n"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:123
#: ./pages/sysconfig-configure-wireguard.adoc:198
#, no-wrap
msgid ""
"[Peer]\n"
"PublicKey = <fcos_public_key>\n"
"PresharedKey = <fcos_client_one_psk>\n"
"PresharedKey = <fcos_client_psk>\n"
"Endpoint = <FCOS IP address>:51820\n"
"AllowedIPs = 192.168.71.0/24,fdc9:3c6b:21c7:e6bd::/64\n"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:126
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:203
msgid "<FCOS IP address> is the IP or FQDN of the FCOS server."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:128
#: ./pages/sysconfig-configure-wireguard.adoc:206
msgid ""
"Write the above config to `/etc/wireguard/wg0.conf` and `chmod 0600 "
"/etc/wireguard/wg0.conf` on your client. Run `sudo systemctl start "
"wg-quick@wg0.service` and then check your configuration:"
"Write the above config to `/etc/wireguard/wg0.conf`, set the access mode on "
"the configuration file and then import the configuration on your client:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:129
#: ./pages/sysconfig-configure-wireguard.adoc:207
#, no-wrap
msgid "Check WireGuard configuration on a client"
msgid "Import the WireGuard configuration on the client"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:137
#: ./pages/sysconfig-configure-wireguard.adoc:190
#: ./pages/sysconfig-configure-wireguard.adoc:212
#, no-wrap
msgid ""
"[root@wireguard-client ~]# wg show\n"
"[core@client ~]$ sudo chmod 0600 /etc/wireguard/wg0.conf\n"
"[core@client ~]$ sudo nmcli con import type wireguard file "
"/etc/wireguard/wg0.conf\n"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:215
msgid "Then check your configuration:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:216
#, no-wrap
msgid "Check WireGuard configuration on the client"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:224
#: ./pages/sysconfig-configure-wireguard.adoc:278
#, no-wrap
msgid ""
"[core@client ~]$ sudo wg show\n"
"interface: wg0\n"
" public key: <client_one_public_key>\n"
" private key: (hidden)\n"
@ -325,14 +471,20 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:149
#: ./pages/sysconfig-configure-wireguard.adoc:229
#, no-wrap
msgid ""
"peer: <fcos_public_key>\n"
" preshared key: (hidden)\n"
" endpoint: <FCOS IP address>:51820\n"
" allowed ips: 192.168.71.0/24, fdc9:3c6b:21c7:e6bd::/64\n"
"[root@wireguard-client ~]# ip a s wg0\n"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:237
#, no-wrap
msgid ""
"[core@client ~]$ sudo ip addr show wg0\n"
"21: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state "
"UNKNOWN group default qlen 1000\n"
" link/none\n"
@ -343,27 +495,27 @@ msgid ""
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:151
#: ./pages/sysconfig-configure-wireguard.adoc:239
#, no-wrap
msgid "Test the WireGuard connection"
msgid "Testing the WireGuard connection"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:154
msgid "You can now ping the FCOS server's WireGuard IP address:"
#: ./pages/sysconfig-configure-wireguard.adoc:242
msgid "You can now ping the Fedora CoreOS server's WireGuard IP address:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:155
#: ./pages/sysconfig-configure-wireguard.adoc:243
#, no-wrap
msgid "Ping the FCOS server over WireGuard from client"
msgid "Ping the Fedora CoreOS server over WireGuard from the client"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:167
#: ./pages/sysconfig-configure-wireguard.adoc:255
#, no-wrap
msgid ""
"[root@wireguard-client ~]# ping 192.168.71.1\n"
"[core@client ~]$ ping 192.168.71.1\n"
"PING 192.168.71.1 (192.168.71.1) 56(84) bytes of data.\n"
"64 bytes from 192.168.71.1: icmp_seq=1 ttl=64 time=0.439 ms\n"
"64 bytes from 192.168.71.1: icmp_seq=2 ttl=64 time=0.422 ms\n"
@ -375,10 +527,10 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:178
#: ./pages/sysconfig-configure-wireguard.adoc:266
#, no-wrap
msgid ""
"[root@wireguard-client ~]# ping6 fdc9:3c6b:21c7:e6bd::1\n"
"[core@client ~]$ ping6 fdc9:3c6b:21c7:e6bd::1\n"
"PING fdc9:3c6b:21c7:e6bd::1(fdc9:3c6b:21c7:e6bd::1) 56 data bytes\n"
"64 bytes from fdc9:3c6b:21c7:e6bd::1: icmp_seq=1 ttl=64 time=1.55 ms\n"
"64 bytes from fdc9:3c6b:21c7:e6bd::1: icmp_seq=2 ttl=64 time=0.454 ms\n"
@ -391,20 +543,20 @@ msgid ""
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:181
#: ./pages/sysconfig-configure-wireguard.adoc:269
msgid ""
"When you run `sudo wg show` on your client you should see a recent handshake "
"and a transfer sections with sent and received:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:182
#: ./pages/sysconfig-configure-wireguard.adoc:270
#, no-wrap
msgid "Verify handshake and transfer metrics"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:197
#: ./pages/sysconfig-configure-wireguard.adoc:285
#, no-wrap
msgid ""
"peer: <fcos_public_key>\n"
@ -416,27 +568,27 @@ msgid ""
msgstr ""
#. type: Title ==
#: ./pages/sysconfig-configure-wireguard.adoc:199
#: ./pages/sysconfig-configure-wireguard.adoc:287
#, no-wrap
msgid "Route all traffic over WireGuard"
msgid "Routing all traffic over WireGuard"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:202
#: ./pages/sysconfig-configure-wireguard.adoc:290
msgid ""
"If you plan on forwarding all of your client's traffic through the FCOS "
"instance you will need to enable IP Forwarding and you need to set and set "
"some PostUp and PostDown directives:"
"If you plan on forwarding all of your client's traffic through the Fedora "
"CoreOS instance, you will need to enable IP Forwarding and set some PostUp "
"and PostDown directives:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:203
#: ./pages/sysconfig-configure-wireguard.adoc:291
#, no-wrap
msgid "Example FCOS WireGuard configuration with IP forwarding"
msgid "Example Fedora CoreOS WireGuard configuration with IP forwarding"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:215
#: ./pages/sysconfig-configure-wireguard.adoc:303
#, no-wrap
msgid ""
"variant: fcos\n"
@ -451,7 +603,7 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:221
#: ./pages/sysconfig-configure-wireguard.adoc:309
#, no-wrap
msgid ""
" - path: /etc/sysctl.d/90-ipv6-ip-forwarding.conf\n"
@ -462,7 +614,7 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:230
#: ./pages/sysconfig-configure-wireguard.adoc:318
#, no-wrap
msgid ""
" - path: /etc/wireguard/wg0.conf\n"
@ -476,7 +628,7 @@ msgid ""
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:233
#: ./pages/sysconfig-configure-wireguard.adoc:321
#, no-wrap
msgid ""
" PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A "
@ -487,48 +639,58 @@ msgid ""
"ACCEPT; ip6tables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE\n"
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:245
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:326
#, no-wrap
msgid ""
"FCOS uses "
" [Peer]\n"
" PublicKey = <client_public_key>\n"
" PresharedKey = <fcos_client_psk>\n"
" AllowedIPs = 192.168.71.0/24,fdc9:3c6b:21c7:e6bd::/64\n"
msgstr ""
#. type: delimited block =
#: ./pages/sysconfig-configure-wireguard.adoc:337
msgid ""
"Fedora CoreOS uses "
"https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/[predictable "
"interface names] by "
"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/6IPTZL57Z5NLBMPYMXNVSYAGLRFZBLIP/[default]. "
"Please take care to use the correct interface name for your hardware in the "
"above PostUp and PostDown commands!"
"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/6IPTZL57Z5NLBMPYMXNVSYAGLRFZBLIP/[default]. "
"Make sure to use the correct interface name for your hardware in the above "
"PostUp and PostDown commands."
msgstr ""
#. type: Plain text
#: ./pages/sysconfig-configure-wireguard.adoc:247
#: ./pages/sysconfig-configure-wireguard.adoc:340
msgid ""
"and set `AllowedIPs = 0.0.0.0/0,::/0` in `/etc/wireguard/wg0.conf` on the "
"client configuration to route all IPv4 and IPv6 the traffic on the client "
"Then set `AllowedIPs = 0.0.0.0/0,::/0` in `/etc/wireguard/wg0.conf` in the "
"client configuration to route all IPv4 and IPv6 traffic on the client "
"computer over the WireGuard interface:"
msgstr ""
#. type: Block title
#: ./pages/sysconfig-configure-wireguard.adoc:248
#: ./pages/sysconfig-configure-wireguard.adoc:341
#, no-wrap
msgid "A configuration for routing all traffic on the client over WireGuard:"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:254
#: ./pages/sysconfig-configure-wireguard.adoc:347
#, no-wrap
msgid ""
"[Interface]\n"
"Address = 192.168.71.1/24,fdc9:3c6b:21c7:e6bd::2/64\n"
"PrivateKey = <client_one_private_key>\n"
"PrivateKey = <client_private_key>\n"
"ListenPort = 51821\n"
msgstr ""
#. type: delimited block -
#: ./pages/sysconfig-configure-wireguard.adoc:260
#: ./pages/sysconfig-configure-wireguard.adoc:353
#, no-wrap
msgid ""
"[Peer]\n"
"PublicKey = <fcos_public_key>\n"
"PresharedKey = <fcos_client_one_psk>\n"
"PresharedKey = <fcos_client_psk>\n"
"Endpoint = <FCOS IP Address>:51820\n"
"AllowedIPs = 0.0.0.0/0,::/0\n"
msgstr ""

8
pot/master/pages/tutorial-autologin.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -106,7 +106,7 @@ msgid ""
" [Service]\n"
" # Override Execstart in main unit\n"
" ExecStart=\n"
" # Add new Execstart with `-` prefix to ignore failure`\n"
" # Add new Execstart with `-` prefix to ignore failure\n"
" ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM\n"
"storage:\n"
" files:\n"
@ -179,7 +179,7 @@ msgid ""
" {\n"
" \"contents\": \"[Service]\\n# Override Execstart in main "
"unit\\nExecStart=\\n# Add new Execstart with `-` prefix to ignore "
"failure`\\nExecStart=-/usr/sbin/agetty --autologin core --noclear %I "
"failure\\nExecStart=-/usr/sbin/agetty --autologin core --noclear %I "
"$TERM\\n\",\n"
" \"name\": \"autologin-core.conf\"\n"
" }\n"
@ -336,7 +336,7 @@ msgid ""
"[Service]\n"
"# Override Execstart in main unit\n"
"ExecStart=\n"
"# Add new Execstart with `-` prefix to ignore failure`\n"
"# Add new Execstart with `-` prefix to ignore failure\n"
"ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM\n"
msgstr ""

6
pot/master/pages/tutorial-containers.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-04-11 22:37+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -26,8 +26,8 @@ msgstr ""
#: ./pages/tutorial-containers.adoc:4
msgid ""
"Complete all the steps described in the xref:tutorial-setup.adoc[initial "
"setup page] before starting this tutorial. Make sure you have create file "
"`ssh-key.pub` following the instructions provided in the "
"setup page] before starting this tutorial. Make sure you have created the "
"file `ssh-key.pub` following the instructions provided in the "
"https://docs.fedoraproject.org/en-US/fedora-coreos/tutorial-setup/#_ssh_public_key[prerequisites] "
"for the tutorial. We will use this key in the Butane configuration file that "
"we are about to write."

4
pot/master/pages/tutorial-services.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-04-16 22:28+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -170,7 +170,7 @@ msgid ""
" [Service]\n"
" # Override Execstart in main unit\n"
" ExecStart=\n"
" # Add new Execstart with `-` prefix to ignore failure`\n"
" # Add new Execstart with `-` prefix to ignore failure\n"
" ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM\n"
" - name: issuegen-public-ipv4.service\n"
" enabled: true\n"

7
pot/master/pages/tutorial-updates.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -238,7 +238,8 @@ msgstr ""
#: ./pages/tutorial-updates.adoc:112
msgid ""
"All necessary network services may not be up and running during the initial "
"check. In such case Zincati will check for updates again in about 5 minutes."
"check. In such a case, Zincati will check for updates again in about 5 "
"minutes."
msgstr ""
#. type: delimited block -
@ -559,7 +560,7 @@ msgstr ""
#: ./pages/tutorial-updates.adoc:272
msgid ""
"And you can also verify that Zincati will not try to update to the new "
"version we just rollbacked from:"
"version we just rolled back from:"
msgstr ""
#. type: delimited block -

6
pot/master/pages/tutorial-user-systemd-unit-on-boot.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2025-01-13 22:24+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -26,8 +26,8 @@ msgstr ""
#: ./pages/tutorial-user-systemd-unit-on-boot.adoc:4
msgid ""
"Complete all the steps described in the xref:tutorial-setup.adoc[initial "
"setup page] before starting this tutorial. Make sure you have create file "
"`ssh-key.pub` following the instructions provided in the "
"setup page] before starting this tutorial. Make sure you have created the "
"file `ssh-key.pub` following the instructions provided in the "
"https://docs.fedoraproject.org/en-US/fedora-coreos/tutorial-setup/#_ssh_public_key[prerequisites] "
"for the tutorial. We will use this key in the Butane configuration file that "
"we are about to write."

4
pot/master/pages/update-barrier-signing-keys.pot
View file

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2023-05-09 22:20+0000\n"
"POT-Creation-Date: 2026-01-17 22:02+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -51,7 +51,7 @@ msgstr ""
#: ./pages/update-barrier-signing-keys.adoc:10
msgid ""
"In order to make automatic updates of Fedora CoreOS work across major Fedora "
"releases, the above set of embedded signing key is refreshed at least once "
"releases, the above set of embedded signing keys is refreshed at least once "
"per Fedora release cycle. When that happens, an update barrier is put in "
"place in the FCOS update graph."
msgstr ""