Duplicity

Duplicity uses AWS signature V2 instead of V4

Bug #1849186 reported by Adrien on 2019-10-21

This bug report is a duplicate of: Bug #1840044: Migrate boto backend to boto3. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Duplicity	New	Undecided	Unassigned

Bug Description

duplicity 0.8.05
Python 3.7.4
MacOS Mojave (duplicity installed with homebrew)
Target fs: Not sure I understand. Trying to sync to S3.

For the S3 backend, it seems that Duplicity still uses AWS Signature V2. This version is pretty much deprecated. Instead, for security reasons, AWS Signature V4 should be used.

I think this is because the old boto library is used instead of boto3 (https://github.com/boto/boto3)

Cheers.

Revision history for this message

Carl A. Adams (carlalex) wrote on 2019-11-25:

Perhaps of interest, I started a boto3 back-end. It's rough, not tested under hard conditions, and lacks feature parity, but it's a start. See my branch: https://code.launchpad.net/~carlalex/duplicity/duplicity

A quick test does seem to indicate that it addresses my problem with buckets with governance policies (which I want to use as a backstop to protect backups against ransomware)

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1840044 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.