Package: amanda-server
Version: 1:3.5.1-11+deb12u2aldebaran01
Severity: normal
Tags: patch upstream
Dear Maintainer,
We are testing the s3 device with Backblaze B2 service.
Backblaze uses the "AWS4" authentication mechanism.
We use this configuration fragment to configure the driver:
------------------------------8<----------------------
# backblaze B2 (s3 compatible)
define changer backblazeb2 {
tapedev
"chg-multi:s3:xxxxxxxxxxxxxxxxxxxxxxxxx-backups/DailySet2/slot-{01,02,03,04,05,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20}"
changerfile "/var/lib/amanda/DailySet2/s3-statefile"
device-property "BLOCK_SIZE" "16m"
# backblase key id
device_property "S3_ACCESS_KEY" "xxxxxxxxxxxxxxxxxxxxxxxxx"
# backblase application key
device_property "S3_SECRET_KEY" "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
device_property "S3_BUCKET_LOCATION" "eu-central-003"
device_property "S3_SSL" "YES"
device_property "S3_HOST" "s3.eu-central-003.backblazeb2.com"
device_property "STORAGE_API" "AWS4"
}
define tapetype S3 {
comment "S3 Bucket"
length 1024 gigabytes
}
tapedev "backblazeb2"
tapetype S3
------------------------------8<----------------------
Backblaze supports a "ObjectLock" function which locks objects for a preset
amount of days. When we switch on ObjectLock, the creation of any object with
amanda results in this error message in the taper log file:
Content-MD5 OR x-amz-checksum- HTTP header is required for Put Object
requests with Object Lock parameters
Content-MD5 is, as far as I found out, optional with AWS4, but can be applied
to any request. Maybe amanda should always send it. As it turns out, the code
for that is already in the amanda s3 driver, but the creation of the
Content-MD5 HTTP header is turned of for AWS4.
After we applied this patch, the put transfers (object generation) work.
--- amanda-3.5.1.orig/device-src/s3.c
+++ amanda-3.5.1/device-src/s3.c
@@ -1158,6 +1158,7 @@ authenticate_request(S3Handle *hdl,
g_debug("canonical_hash: %s", canonical_hash);
g_debug("strSecretKey: %s", strSecretKey);
g_debug("signatureHex: %s", signatureHex);
+ g_debug("md5_hash: %s", md5_hash);
}
g_free(canonical_hash);
@@ -1168,7 +1169,6 @@ authenticate_request(S3Handle *hdl,
g_free(signingKey);
g_free(signature);
g_free(signatureHex);
- md5_hash = NULL;
} else { /* hdl->s3_api == S3_API_S3 */
/* Build the string to sign, per the S3 spec.
@@ -2496,8 +2496,10 @@ perform_request(S3Handle *hdl,
} else {
data_SHA256Hash = s3_compute_sha256_hash((unsigned char *)"", 0);
}
- } else if (md5_func) {
+ }
+ if (md5_func) {
md5_hash = md5_func(read_data);
+ g_debug("md5_hash: %p", md5_hash);
if (md5_hash) {
md5_hash_b64 = s3_base64_encode(md5_hash);
md5_hash_hex = s3_hex_encode(md5_hash);
-- System Information:
Debian Release: 12.9
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-31-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages amanda-server depends on:
ii amanda-common 1:3.5.1-11+deb12u2aldebaran01
ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1
ii libc6 2.36-9+deb12u9
ii libcurl4 7.88.1-10+deb12u8
ii libglib2.0-0 2.74.6-2+deb12u5
ii libjson-perl 4.10000-1
ii perl 5.36.0-7+deb12u1
amanda-server recommends no packages.
Versions of packages amanda-server suggests:
ii amanda-client 1:3.5.1-11+deb12u2aldebaran01
ii cpio 2.13+dfsg-7.1
ii gnuplot-x11 [gnuplot] 5.4.4+dfsg1-2+b2
-- no debconf information
