duplicity-team team mailing list archive

[senjindarashiva <fredrik.loch@xxxxxxxxx>]

senjindarashiva has proposed merging lp:~fredrik-loch/duplicity/duplicity-S3-SSE into lp:duplicity.

Requested reviews:
  duplicity-team (duplicity-team)
Related bugs:
  Bug #996660 in Duplicity: "Support S3 server side encryption"
  https://bugs.launchpad.net/duplicity/+bug/996660

For more details, see:
https://code.launchpad.net/~fredrik-loch/duplicity/duplicity-S3-SSE/+merge/214949

Adds support for server side encryption as requested in Bug #996660 
-- 
https://code.launchpad.net/~fredrik-loch/duplicity/duplicity-S3-SSE/+merge/214949
Your team duplicity-team is requested to review the proposed merge of lp:~fredrik-loch/duplicity/duplicity-S3-SSE into lp:duplicity.

=== modified file 'duplicity/backends/_boto_multi.py'
--- duplicity/backends/_boto_multi.py	2014-02-26 19:48:56 +0000
+++ duplicity/backends/_boto_multi.py	2014-04-09 13:40:03 +0000
@@ -125,7 +125,7 @@
 
         log.Debug("Uploading %d bytes in %d chunks" % (bytes, chunks))
 
-        mp = self.bucket.initiate_multipart_upload(key.key, headers)
+        mp = self.bucket.initiate_multipart_upload(key.key, headers,encrypt_key=globals.s3_use_sse)
 
         # Initiate a queue to share progress data between the pool
         # workers and a consumer thread, that will collect and report

=== modified file 'duplicity/backends/_boto_single.py'
--- duplicity/backends/_boto_single.py	2014-03-06 14:21:34 +0000
+++ duplicity/backends/_boto_single.py	2014-04-09 13:40:03 +0000
@@ -232,10 +232,18 @@
                 storage_class = 'STANDARD'
             log.Info("Uploading %s/%s to %s Storage" % (self.straight_url, remote_filename, storage_class))
             try:
-                headers = {
+                if globals.s3_use_sse:
+                    headers = {
+                    'Content-Type': 'application/octet-stream',
+                    'x-amz-storage-class': storage_class,
+                    'x-amz-server-side-encryption': 'AES256'
+                }
+                else:
+                    headers = {
                     'Content-Type': 'application/octet-stream',
                     'x-amz-storage-class': storage_class
                 }
+                
                 upload_start = time.time()
                 self.upload(source_path.name, key, headers)
                 upload_end = time.time()

=== modified file 'duplicity/commandline.py'
--- duplicity/commandline.py	2014-03-09 20:37:24 +0000
+++ duplicity/commandline.py	2014-04-09 13:40:03 +0000
@@ -511,6 +511,9 @@
     if sys.version_info[:2] >= (2, 6):
         parser.add_option("--s3-use-multiprocessing", action = "store_true")
 
+    # Option to allow use of server side encryption in s3
+    parser.add_option("--s3-use-server-side-encryption", action="store_true", dest="s3_use_sse")
+
     # scp command to use (ssh pexpect backend)
     parser.add_option("--scp-command", metavar = _("command"))
 

=== modified file 'duplicity/globals.py'
--- duplicity/globals.py	2014-03-09 20:37:24 +0000
+++ duplicity/globals.py	2014-04-09 13:40:03 +0000
@@ -206,6 +206,9 @@
 # Maximum time to wait for a part to finish when doig a multipart upload to S3
 s3_multipart_max_timeout = None
 
+# Use server side encryption in s3
+s3_use_sse = False
+
 # Whether to use the full email address as the user name when
 # logging into an imap server. If false just the user name
 # part of the email address is used.