Skip to content

Add S3 backend support for gettor updater

shelikhoo requested to merge shelikhoo/rdsys:dev-s3gettor into main

This is an S3 based gettor updater. It can publish Tor Browser installer to internet.org and/or any standard S3 based object storage platform.

Things To Look At:

  • CI Unit Testing requires credentials from external service.
  • When the bucket name is empty, a random-looking bucket name will be derived from generation seed, version, platform, and updater name. This ensures attackers cannot DoS attack on the updater by predicting and occupying the bucket name.
  • The updater will return a persigned link that expires in 1 day. There are 3 reasons for that.
    • Some S3 providers do not allow a persigned link to last more than a certain period(typically a week).
    • Attacker may try to use DDoS attack on the link to incur significant bill. A persigned link allows the operation team to easily revoke and regenerate all the links.
    • The links are unpredictable, thus, preventing incorrect usage of constructing a link manually. This means we can switch providers and accounts without worrying about breaking users' setup.
  • This S3 backend is tested at archive.org, and scaleway object storage. Some S3 providers may require the client to send bucket names in SNI to make it censorship friendly. These kinds of S3 provider is not currently supported by this backend.

Is there any S3 providers we are intended to support? I can test them to ensure they will work.

(Subtask of #43 (closed))

Edited by shelikhoo

Merge request reports

Loading