duplicity-team team mailing list archive
-
duplicity-team team
-
Mailing list archive
-
Message #00386
[Merge] lp:~mbp/duplicity/433970-non-ssl into lp:duplicity/0.6-series
Martin Pool has proposed merging lp:~mbp/duplicity/433970-non-ssl into lp:duplicity/0.6-series.
Requested reviews:
duplicity-team (duplicity-team)
Related bugs:
#433970 Add an option to connect to S3 with regular HTTP (and not HTTPS)
https://bugs.launchpad.net/bugs/433970
Hi, this fixes bug 433970 by adding an --s3-unencrypted-connection option. This makes backups and restores several times faster from Australia to the US, and cuts the amount of traffic substantially.
I have tried to add it tastefully with the existing options.
I haven't added a test; if you like to have tests for this kind of thing and can point me to a good example I would be happy to try.
I think the warning in the manpage about this is accurate.
Thanks!
(This is based off 0.6-series.)
--
https://code.launchpad.net/~mbp/duplicity/433970-non-ssl/+merge/38367
Your team duplicity-team is requested to review the proposed merge of lp:~mbp/duplicity/433970-non-ssl into lp:duplicity/0.6-series.
=== modified file 'duplicity.1'
--- duplicity.1 2010-08-26 14:11:14 +0000
+++ duplicity.1 2010-10-13 20:44:45 +0000
@@ -555,12 +555,26 @@
section.
.TP
+.BI "--s3-unencrypted-connection"
+Don't use SSL for connections to S3.
+
+This may be much faster, at some cost to confidentiality.
+
+With this option, anyone who can observe traffic between your computer and S3
+will be able to tell: that you are using Duplicity, the name of the bucket,
+your AWS Access Key ID, the increment dates and the amount of data in each
+increment.
+
+This option affects only the connection, not the GPG encryption of the backup
+increment files. Unless that is disabled, an observer will not be able to see
+the file names or contents.
+
+.TP
.BI "--s3-use-new-style"
When operating on Amazon S3 buckets, use new-style subdomain bucket
addressing. This is now the preferred method to access Amazon S3, but
is not backwards compatible if your bucket name contains upper-case
characters or other characters that are not valid in a hostname.
-
.TP
.BI "--scp-command " command
This option only matters when using the ssh/scp backend. The
=== modified file 'duplicity/backends/botobackend.py'
--- duplicity/backends/botobackend.py 2010-10-06 15:50:45 +0000
+++ duplicity/backends/botobackend.py 2010-10-13 20:44:45 +0000
@@ -133,10 +133,12 @@
log.ErrorCode.boto_lib_too_old)
if self.scheme == 's3+http':
# Use the default Amazon S3 host.
- self.conn = S3Connection()
+ self.conn = S3Connection(is_secure=(not globals.s3_unencrypted_connection))
else:
assert self.scheme == 's3'
- self.conn = S3Connection(host=self.parsed_url.hostname)
+ self.conn = S3Connection(
+ host=self.parsed_url.hostname,
+ is_secure=(not globals.s3_unencrypted_connection))
if hasattr(self.conn, 'calling_format'):
if calling_format is None:
=== modified file 'duplicity/commandline.py'
--- duplicity/commandline.py 2010-10-06 15:57:51 +0000
+++ duplicity/commandline.py 2010-10-13 20:44:45 +0000
@@ -396,6 +396,10 @@
# that are otherwise not expressable in a valid hostname.
parser.add_option("--s3-use-new-style", action="store_true")
+ # Whether to use plain HTTP (without SSL) to send data to S3
+ # See <https://bugs.launchpad.net/duplicity/+bug/433970>.
+ parser.add_option("--s3-unencrypted-connection", action="store_true")
+
# scp command to use
# TRANSL: noun
parser.add_option("--scp-command", metavar=_("command"))
=== modified file 'duplicity/globals.py'
--- duplicity/globals.py 2010-08-26 13:01:10 +0000
+++ duplicity/globals.py 2010-10-13 20:44:45 +0000
@@ -151,6 +151,10 @@
# support european for now).
s3_european_buckets = False
+# Whether to use plain HTTP (without SSL) to send data to S3
+# See <https://bugs.launchpad.net/duplicity/+bug/433970>.
+s3_unencrypted_connection = False
+
# Whether to use S3 Reduced Redudancy Storage
s3_use_rrs = False
Follow ups
