Duplicity

Merge lp:~mbp/duplicity/433970-non-ssl into lp:duplicity/0.6

  1. 433970-non-ssl
  2. Merge into 0.6-series
Proposed by Martin Pool
Status: Merged
Merged at revision: 683
Proposed branch: lp:~mbp/duplicity/433970-non-ssl
Merge into: lp:duplicity/0.6
Diff against target: 79 lines (+27/-3)
4 files modified
duplicity.1 (+15/-1)
duplicity/backends/botobackend.py (+4/-2)
duplicity/commandline.py (+4/-0)
duplicity/globals.py (+4/-0)
To merge this branch: bzr merge lp:~mbp/duplicity/433970-non-ssl
Reviewer Review Type Date Requested Status
duplicity-team Pending
Review via email: mp+38367@code.launchpad.net

Description of the change

Hi, this fixes bug 433970 by adding an --s3-unencrypted-connection option. This makes backups and restores several times faster from Australia to the US, and cuts the amount of traffic substantially.

I have tried to add it tastefully with the existing options.

I haven't added a test; if you like to have tests for this kind of thing and can point me to a good example I would be happy to try.

I think the warning in the manpage about this is accurate.

Thanks!

(This is based off 0.6-series.)

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'duplicity.1'
2--- duplicity.1 2010-08-26 14:11:14 +0000
3+++ duplicity.1 2010-10-13 20:44:45 +0000
4@@ -555,12 +555,26 @@
5 section.
6
7 .TP
8+.BI "--s3-unencrypted-connection"
9+Don't use SSL for connections to S3.
10+
11+This may be much faster, at some cost to confidentiality.
12+
13+With this option, anyone who can observe traffic between your computer and S3
14+will be able to tell: that you are using Duplicity, the name of the bucket,
15+your AWS Access Key ID, the increment dates and the amount of data in each
16+increment.
17+
18+This option affects only the connection, not the GPG encryption of the backup
19+increment files. Unless that is disabled, an observer will not be able to see
20+the file names or contents.
21+
22+.TP
23 .BI "--s3-use-new-style"
24 When operating on Amazon S3 buckets, use new-style subdomain bucket
25 addressing. This is now the preferred method to access Amazon S3, but
26 is not backwards compatible if your bucket name contains upper-case
27 characters or other characters that are not valid in a hostname.
28-
29 .TP
30 .BI "--scp-command " command
31 This option only matters when using the ssh/scp backend. The
32
33=== modified file 'duplicity/backends/botobackend.py'
34--- duplicity/backends/botobackend.py 2010-10-06 15:50:45 +0000
35+++ duplicity/backends/botobackend.py 2010-10-13 20:44:45 +0000
36@@ -133,10 +133,12 @@
37 log.ErrorCode.boto_lib_too_old)
38 if self.scheme == 's3+http':
39 # Use the default Amazon S3 host.
40- self.conn = S3Connection()
41+ self.conn = S3Connection(is_secure=(not globals.s3_unencrypted_connection))
42 else:
43 assert self.scheme == 's3'
44- self.conn = S3Connection(host=self.parsed_url.hostname)
45+ self.conn = S3Connection(
46+ host=self.parsed_url.hostname,
47+ is_secure=(not globals.s3_unencrypted_connection))
48
49 if hasattr(self.conn, 'calling_format'):
50 if calling_format is None:
51
52=== modified file 'duplicity/commandline.py'
53--- duplicity/commandline.py 2010-10-06 15:57:51 +0000
54+++ duplicity/commandline.py 2010-10-13 20:44:45 +0000
55@@ -396,6 +396,10 @@
56 # that are otherwise not expressable in a valid hostname.
57 parser.add_option("--s3-use-new-style", action="store_true")
58
59+ # Whether to use plain HTTP (without SSL) to send data to S3
60+ # See <https://bugs.launchpad.net/duplicity/+bug/433970>.
61+ parser.add_option("--s3-unencrypted-connection", action="store_true")
62+
63 # scp command to use
64 # TRANSL: noun
65 parser.add_option("--scp-command", metavar=_("command"))
66
67=== modified file 'duplicity/globals.py'
68--- duplicity/globals.py 2010-08-26 13:01:10 +0000
69+++ duplicity/globals.py 2010-10-13 20:44:45 +0000
70@@ -151,6 +151,10 @@
71 # support european for now).
72 s3_european_buckets = False
73
74+# Whether to use plain HTTP (without SSL) to send data to S3
75+# See <https://bugs.launchpad.net/duplicity/+bug/433970>.
76+s3_unencrypted_connection = False
77+
78 # Whether to use S3 Reduced Redudancy Storage
79 s3_use_rrs = False
80

Subscribers

People subscribed via source and target branches

to all changes: