From 9644083b4c56e06d0b90c56a27781f4231e47a7a Mon Sep 17 00:00:00 2001
From: wwang <12212282+tianshanghong@users.noreply.github.com>
Date: Wed, 18 Feb 2026 05:41:01 -0800
Subject: [PATCH] Send Content-MD5 header on S3 uploads (#728)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Set SendContentMd5: true in PutObjectOptions so that minio-go
includes a Content-MD5 header with every PutObject request.

AWS S3 requires this header when the target bucket has Object Lock
enabled; without it the upload is rejected with HTTP 400
(InvalidRequest).  The overhead is negligible — one MD5 hash per
upload — and the header also serves as a server-side integrity
check for all uploads regardless of Object Lock.

Fixes #727
---
 internal/storage/s3/s3.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/internal/storage/s3/s3.go b/internal/storage/s3/s3.go
index 923ca8a..0ec2cdb 100644
--- a/internal/storage/s3/s3.go
+++ b/internal/storage/s3/s3.go
@@ -105,8 +105,9 @@ func (v *s3Storage) Name() string {
 func (b *s3Storage) Copy(file string) error {
 	_, name := path.Split(file)
 	putObjectOptions := minio.PutObjectOptions{
-		ContentType:  "application/tar+gzip",
-		StorageClass: b.storageClass,
+		ContentType:    "application/tar+gzip",
+		StorageClass:   b.storageClass,
+		SendContentMd5: true,
 	}
 
 	if b.partSize > 0 {