Duplicity uses AWS signature V2 instead of V4

Bug #1849186 reported by Adrien
This bug report is a duplicate of:  Bug #1840044: Migrate boto backend to boto3. Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Duplicity
New
Undecided
Unassigned

Bug Description

duplicity 0.8.05
Python 3.7.4
MacOS Mojave (duplicity installed with homebrew)
Target fs: Not sure I understand. Trying to sync to S3.

For the S3 backend, it seems that Duplicity still uses AWS Signature V2. This version is pretty much deprecated. Instead, for security reasons, AWS Signature V4 should be used.

I think this is because the old boto library is used instead of boto3 (https://github.com/boto/boto3)

Cheers.

Revision history for this message
Carl A. Adams (carlalex) wrote :

Perhaps of interest, I started a boto3 back-end. It's rough, not tested under hard conditions, and lacks feature parity, but it's a start. See my branch: https://code.launchpad.net/~carlalex/duplicity/duplicity

A quick test does seem to indicate that it addresses my problem with buckets with governance policies (which I want to use as a backstop to protect backups against ransomware)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.