signature error with cyberduck

Question

signature error with cyberduck

KevinWang15 opened this issue 6 months ago · 4 comments

set up rclone serve s3 with accessKey & secretKey

➜  ~ rclone --version
rclone v1.67.0
- os/version: darwin 14.5 (64 bit)
- os/kernel: 23.5.0 (arm64)
- os/type: darwin
- os/arch: arm64 (ARMv8 compatible)
- go/version: go1.22.4
- go/linking: dynamic
- go/tags: none

➜  ~ cat ~/.config/rclone/rclone.conf

[local]
type = local

➜  ~ rclone serve s3 --auth-key aaaa,ssss local:/
2024/07/06 01:39:51 NOTICE: Local file system at /: Starting s3 server on [http://127.0.0.1:8080/]

Open Cyberduck, and install theS3 (HTTP) profile in Cyberduck

Configure it (I'm sure I have entered the correct accessKey and secretKey)

Connect. List bucket works fine

Listing files in a bucket would fail with signature error

P.S. using rclone to connect to this S3 server works fine.

cc @ncw

Answer 1 · 2024-07-06T12:19:21.000Z

Does cyberduck have a debugging log you could show?

Do you know which version of auth cyberduck is using?

Can you run rclone serve s3 with --dump bodies and -vv and post the log of it failing.

Thanks

Answer 2 · 2024-07-06T12:27:46.000Z

Does cyberduck have a debugging log you could show?

Do you know which version of auth cyberduck is using?

Can you run rclone serve s3 with --dump bodies and -vv and post the log of it failing.

Thanks

Hi @ncw

cyberduck uses V4 auth.
I checked its log, it doesn't have much detail about how the signature was calculated (like what the canonicalRequest was).

But I found the solution! (just several minutes ago - what a coincidence)

This fork https://github.com/alist-org/gofakes3 has the code required to make cyberduck V4 auth work (alist-org@5799d51).

I'm trying to contact the author of this fix as well (alist-org#1 (comment)) cc @itsHenry35

This problem could get fixed soon! 👍👍👍

Answer 3 · 2024-07-06T12:39:59.000Z

Does cyberduck have a debugging log you could show?
Do you know which version of auth cyberduck is using?
Can you run rclone serve s3 with --dump bodies and -vv and post the log of it failing.
Thanks

Hi @ncw

cyberduck uses V4 auth. I checked its log, it doesn't have much detail about how the signature was calculated (like what the canonicalRequest was).

But I found the solution! (just several minutes ago - what a coincidence)

This fork https://github.com/alist-org/gofakes3 has the code required to make cyberduck V4 auth work (alist-org@5799d51).

I'm trying to contact the author of this fix as well (alist-org#1 (comment)) cc @itsHenry35

This problem could get fixed soon! 👍👍👍

Got it, I will try to submit a PR by tomorrow😊

Answer 4 · 2024-07-10T06:12:37.000Z

Root cause of this is the wrong ordering of query params.

- req.URL.RawQuery
+ req.URL.Query().Encode() // this ensures the correct ordering

Happy to see it fixed in #6