duplicity icon indicating copy to clipboard operation
duplicity copied to clipboard

SignatureDoesNotMatch after udpate to boto3-1.36.2

Open svoop opened this issue 1 year ago • 2 comments

My Gentoo box has pulled boto3-1.36.2 and ever since, duplicity throws:

Giving up after 3 attempts. S3UploadFailedError: Failed to upload /tmp/duplicity-xxxxxx_2-tempdir/mktemp-xxxxxxxx-3 to mybox-config-xxxxxxxx/duplicity-inc.20250203T044213Z.to.20250205T181016Z.vol1.difftar.gpg: An error occurred (SignatureDoesNotMatch) when calling the PutObject operation: Invalid argument.

I'm using Google cloud storage (nearline) EU region over S3 with --s3-endpoint-url="https://storage.googleapis.com".

There's a corresponding issue over at boto3, but I don't know how the fixes/workarounds proposed there can be applied in the context of duplicity.

Any hint is very much appreciated!

svoop avatar Feb 05 '25 18:02 svoop

Setting the following fixes the problem:

export AWS_REQUEST_CHECKSUM_CALCULATION="WHEN_REQUIRED"
export AWS_RESPONSE_CHECKSUM_VALIDATION="WHEN_REQUIRED"

However, I don't fully understand whether this comes with downsides. The way I read it, this skips the calculation and validation of checksums when not required (and apparently, that's the case with Duplicity) but should not have any impact encryption or security wise.

svoop avatar Feb 06 '25 21:02 svoop

Setting the following fixes the problem:

export AWS_REQUEST_CHECKSUM_CALCULATION="WHEN_REQUIRED"
export AWS_RESPONSE_CHECKSUM_VALIDATION="WHEN_REQUIRED"

However, I don't fully understand whether this comes with downsides. The way I read it, this skips the calculation and validation of checksums when not required (and apparently, that's the case with Duplicity) but should not have any impact encryption or security wise.

3 days brake my head around signature mismatching error:) Thank you.

derak29 avatar Apr 04 '25 11:04 derak29