openshift
diff --git a/‎go.mod‎
Lines changed: 19 additions & 2 deletions b/‎go.mod‎
Lines changed: 19 additions & 2 deletions
diff --git a/‎go.sum‎
Lines changed: 38 additions & 7 deletions b/‎go.sum‎
Lines changed: 38 additions & 7 deletions
diff --git a/‎pkg/cli/image/imagesource/s3.go‎
Lines changed: 57 additions & 57 deletions b/‎pkg/cli/image/imagesource/s3.go‎
Lines changed: 57 additions & 57 deletions
diff --git a/‎vendor/github.com/aws/aws-sdk-go/LICENSE.txt‎ renamed to ‎vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt‎ b/‎vendor/github.com/aws/aws-sdk-go/LICENSE.txt‎ renamed to ‎vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt‎
diff --git a/‎vendor/github.com/aws/aws-sdk-go/NOTICE.txt‎ renamed to ‎vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt‎ b/‎vendor/github.com/aws/aws-sdk-go/NOTICE.txt‎ renamed to ‎vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt‎
diff --git a/‎vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go‎
Lines changed: 18 additions & 0 deletions b/‎vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go‎ renamed to ‎vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go‎
Lines changed: 2 additions & 3 deletions b/‎vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go‎ renamed to ‎vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go‎
Lines changed: 2 additions & 3 deletions
@@ -10,7 +10,11 @@ require (
 	github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e
 	github.com/alicebob/sqlittle v1.4.0
 	github.com/apcera/gssapi v0.0.0-00010101000000-000000000000
-	github.com/aws/aws-sdk-go v1.55.7
+	github.com/aws/aws-sdk-go-v2 v1.39.2
+	github.com/aws/aws-sdk-go-v2/config v1.31.12
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.11
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.88.3
+	github.com/aws/smithy-go v1.23.0
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/containers/image/v5 v5.32.2
 	github.com/containers/storage v1.58.0
@@ -70,6 +74,20 @@ require (
 	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.18.16 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -127,7 +145,6 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/int128/listener v1.2.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jonboulle/clockwork v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 
@@ -31,8 +31,44 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE=
-github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I=
+github.com/aws/aws-sdk-go-v2 v1.39.2/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 h1:i8p8P4diljCr60PpJp6qZXNlgX4m2yQFpYk+9ZT+J4E=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1/go.mod h1:ddqbooRZYNoJ2dsTwOty16rM+/Aqmk/GOXrK8cg7V00=
+github.com/aws/aws-sdk-go-v2/config v1.31.12 h1:pYM1Qgy0dKZLHX2cXslNacbcEFMkDMl+Bcj5ROuS6p8=
+github.com/aws/aws-sdk-go-v2/config v1.31.12/go.mod h1:/MM0dyD7KSDPR+39p9ZNVKaHDLb9qnfDurvVS2KAhN8=
+github.com/aws/aws-sdk-go-v2/credentials v1.18.16 h1:4JHirI4zp958zC026Sm+V4pSDwW4pwLefKrc0bF2lwI=
+github.com/aws/aws-sdk-go-v2/credentials v1.18.16/go.mod h1:qQMtGx9OSw7ty1yLclzLxXCRbrkjWAM7JnObZjmCB7I=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 h1:Mv4Bc0mWmv6oDuSWTKnk+wgeqPL5DRFu5bQL9BGPQ8Y=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9/go.mod h1:IKlKfRppK2a1y0gy1yH6zD+yX5uplJ6UuPlgd48dJiQ=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.11 h1:w4GjasReY0m9vZA/3YhoBUBi1ZIWUHYQRm61v0BKcZg=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.11/go.mod h1:IPS1CSYQ8lfLYGytpMEPW4erZmVFUdxLpC0RCI/RCn8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 h1:se2vOWGD3dWQUtfn4wEjRQJb1HK1XsNIt825gskZ970=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9/go.mod h1:hijCGH2VfbZQxqCDN7bwz/4dzxV+hkyhjawAtdPWKZA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 h1:6RBnKZLkJM4hQ+kN6E7yWFveOTg8NLPHAkqrs4ZPlTU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9/go.mod h1:V9rQKRmK7AWuEsOMnHzKj8WyrIir1yUJbZxDuZLFvXI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9 h1:w9LnHqTq8MEdlnyhV4Bwfizd65lfNCNgdlNC6mM5paE=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9/go.mod h1:LGEP6EK4nj+bwWNdrvX/FnDTFowdBNwcSPuZu/ouFys=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.9 h1:by3nYZLR9l8bUH7kgaMU4dJgYFjyRdFEfORlDpPILB4=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.9/go.mod h1:IWjQYlqw4EX9jw2g3qnEPPWvCE6bS8fKzhMed1OK7c8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 h1:5r34CgVOD4WZudeEKZ9/iKpiT6cM1JyEROpXjOcdWv8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9/go.mod h1:dB12CEbNWPbzO2uC6QSWHteqOg4JfBVJOojbAoAUb5I=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9 h1:wuZ5uW2uhJR63zwNlqWH2W4aL4ZjeJP3o92/W+odDY4=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9/go.mod h1:/G58M2fGszCrOzvJUkDdY8O9kycodunH4VdT5oBAqls=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.88.3 h1:P18I4ipbk+b/3dZNq5YYh+Hq6XC0vp5RWkLp1tJldDA=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.88.3/go.mod h1:Rm3gw2Jov6e6kDuamDvyIlZJDMYk97VeCZ82wz/mVZ0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 h1:A1oRkiSQOWstGh61y4Wc/yQ04sqrQZr1Si/oAXj20/s=
+github.com/aws/aws-sdk-go-v2/service/sso v1.29.6/go.mod h1:5PfYspyCU5Vw1wNPsxi15LZovOnULudOQuVxphSflQA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 h1:5fm5RTONng73/QA73LhCNR7UT9RpFH3hR6HWL6bIgVY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1/go.mod h1:xBEjWD13h+6nq+z4AkqSfSvqRKFgDIQeaMguAJndOWo=
+github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 h1:p3jIvqYwUZgu/XYeI48bJxOhvm47hZb5HUQ0tn6Q9kA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.38.6/go.mod h1:WtKK+ppze5yKPkZ0XwqIVWD4beCwv056ZbPQNoeHqM8=
+github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE=
+github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -241,10 +277,6 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
 github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI=
 github.com/joelanford/ignore v0.1.1 h1:vKky5RDoPT+WbONrbQBgOn95VV/UPh4ejlyAbbzgnQk=
@@ -539,7 +571,6 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 
@@ -3,6 +3,7 @@ package imagesource
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -14,17 +15,16 @@ import (
 
 	"k8s.io/klog/v2"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/s3"
-	"github.com/aws/aws-sdk-go/service/s3/s3manager"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/feature/s3/manager"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+	"github.com/aws/smithy-go"
 
 	"github.com/distribution/distribution/v3"
 	"github.com/distribution/distribution/v3/reference"
 	"github.com/distribution/distribution/v3/registry/client/auth"
-	"github.com/distribution/distribution/v3/registry/client/transport"
 	godigest "github.com/opencontainers/go-digest"
 )
 
@@ -34,76 +34,73 @@ type s3Driver struct {
 	Creds     auth.CredentialStore
 	CopyFrom  []string
 
-	repositories map[string]*s3.S3
+	repositories map[string]*s3.Client
 }
 
 type s3CredentialStore struct {
-	store     auth.CredentialStore
-	url       *url.URL
-	retrieved bool
+	store auth.CredentialStore
+	url   *url.URL
 }
 
-func (s *s3CredentialStore) IsExpired() bool { return !s.retrieved }
-
-func (s *s3CredentialStore) Retrieve() (credentials.Value, error) {
-	s.retrieved = false
+func (s *s3CredentialStore) Retrieve(ctx context.Context) (aws.Credentials, error) {
 	accessKeyID, secretAccessKey := s.store.Basic(s.url)
 	if len(accessKeyID) == 0 || len(secretAccessKey) == 0 {
-		return credentials.Value{}, fmt.Errorf("no AWS credentials located for %s", s.url)
+		return aws.Credentials{}, fmt.Errorf("no AWS credentials located for %s", s.url)
 	}
-	s.retrieved = true
 	klog.V(4).Infof("found credentials for %s", s.url)
-	return credentials.Value{
+	return aws.Credentials{
 		AccessKeyID:     accessKeyID,
 		SecretAccessKey: secretAccessKey,
-		ProviderName:    "DockerCfg",
+		Source:          "DockerCfg",
 	}, nil
 }
 
-func (d *s3Driver) newObject(server *url.URL, region string, insecure bool, securityDomain *url.URL) (*s3.S3, error) {
+func (d *s3Driver) newObject(server *url.URL, region string, insecure bool, securityDomain *url.URL) (*s3.Client, error) {
 	key := fmt.Sprintf("%s:%s:%t:%s", server, region, insecure, securityDomain)
 	s3obj, ok := d.repositories[key]
 	if ok {
 		return s3obj, nil
 	}
 
-	awsConfig := aws.NewConfig()
+	ctx := context.Background()
 
-	var creds *credentials.Credentials
-	creds = credentials.NewChainCredentials([]credentials.Provider{
-		&s3CredentialStore{store: d.Creds, url: securityDomain},
-		&credentials.EnvProvider{},
-		&credentials.SharedCredentialsProvider{},
-	})
+	configOpts := []func(*config.LoadOptions) error{
+		config.WithRegion(region),
+	}
 
-	awsConfig.WithCredentials(creds)
-	awsConfig.WithRegion(region)
-	awsConfig.WithDisableSSL(insecure)
+	credStore := &s3CredentialStore{store: d.Creds, url: securityDomain}
+	if _, err := credStore.Retrieve(ctx); err == nil {
+		configOpts = append(configOpts, config.WithCredentialsProvider(credStore))
+	}
 
 	switch {
 	case klog.V(10).Enabled():
-		awsConfig.WithLogLevel(aws.LogDebugWithHTTPBody | aws.LogDebugWithRequestErrors | aws.LogDebugWithSigning)
+		configOpts = append(configOpts, config.WithClientLogMode(aws.LogSigning|aws.LogRetries|aws.LogRequest|aws.LogResponse|aws.LogResponseWithBody|aws.LogDeprecatedUsage))
 	case klog.V(8).Enabled():
-		awsConfig.WithLogLevel(aws.LogDebugWithRequestErrors)
+		configOpts = append(configOpts, config.WithClientLogMode(aws.LogRetries|aws.LogRequest|aws.LogResponse|aws.LogDeprecatedUsage))
 	case klog.V(6).Enabled():
-		awsConfig.WithLogLevel(aws.LogDebug)
+		configOpts = append(configOpts, config.WithClientLogMode(aws.LogRetries|aws.LogRequest|aws.LogDeprecatedUsage))
 	}
 
-	if d.UserAgent != "" {
-		awsConfig.WithHTTPClient(&http.Client{
-			Transport: transport.NewTransport(http.DefaultTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{d.UserAgent}})),
-		})
-	}
-	s, err := session.NewSession(awsConfig)
+	cfg, err := config.LoadDefaultConfig(ctx, configOpts...)
 	if err != nil {
 		return nil, err
 	}
-	s3obj = s3.New(s)
+
+	s3Client := s3.NewFromConfig(cfg, func(o *s3.Options) {
+		if insecure {
+			o.EndpointOptions.DisableHTTPS = true
+		}
+		if d.UserAgent != "" {
+			o.APIOptions = append(o.APIOptions, awsmiddleware.AddUserAgentKey(d.UserAgent))
+		}
+	})
+
 	if d.repositories == nil {
-		d.repositories = make(map[string]*s3.S3)
+		d.repositories = make(map[string]*s3.Client)
 	}
-	d.repositories[key] = s3obj
-	return s3obj, nil
+	d.repositories[key] = s3Client
+	return s3Client, nil
 }
 
 func (d *s3Driver) Repository(ctx context.Context, server *url.URL, repoName string, insecure bool) (distribution.Repository, error) {
@@ -137,7 +134,7 @@ func (d *s3Driver) Repository(ctx context.Context, server *url.URL, repoName str
 
 type s3Repository struct {
 	ctx      context.Context
-	s3       *s3.S3
+	s3       *s3.Client
 	bucket   string
 	once     sync.Once
 	initErr  error
@@ -168,7 +165,7 @@ func (r *s3Repository) Tags(ctx context.Context) distribution.TagService {
 }
 
 func (r *s3Repository) attemptCopy(id string, bucket, key string) bool {
-	if _, err := r.s3.HeadObject(&s3.HeadObjectInput{
+	if _, err := r.s3.HeadObject(r.ctx, &s3.HeadObjectInput{
 		Bucket: aws.String(bucket),
 		Key:    aws.String(key),
 	}); err == nil {
@@ -190,16 +187,17 @@ func (r *s3Repository) attemptCopy(id string, bucket, key string) bool {
 		} else {
 			sourceKey = path.Join(copyFrom, id)
 		}
-		_, err := r.s3.CopyObject(&s3.CopyObjectInput{
-			CopySource: aws.String(sourceKey),
+		_, err := r.s3.CopyObject(r.ctx, &s3.CopyObjectInput{
+			CopySource: aws.String(url.QueryEscape(sourceKey)),
 			Bucket:     aws.String(bucket),
 			Key:        aws.String(key),
 		})
 		if err == nil {
 			klog.V(4).Infof("Copied existing object from %s to %s", sourceKey, key)
 			return true
 		}
-		if a, ok := err.(awserr.Error); ok && a.Code() == "NoSuchKey" {
+		var apiErr smithy.APIError
+		if errors.As(err, &apiErr) && apiErr.ErrorCode() == "NoSuchKey" {
 			klog.V(4).Infof("No existing object matches source %s", sourceKey)
 			continue
 		}
@@ -208,19 +206,20 @@ func (r *s3Repository) attemptCopy(id string, bucket, key string) bool {
 	return false
 }
 
-func (r *s3Repository) conditionalUpload(input *s3manager.UploadInput, id string) error {
+func (r *s3Repository) conditionalUpload(input *s3.PutObjectInput, id string) error {
 	if r.attemptCopy(id, *input.Bucket, *input.Key) {
 		return nil
 	}
-	_, err := s3manager.NewUploaderWithClient(r.s3).Upload(input)
+	uploader := manager.NewUploader(r.s3)
+	_, err := uploader.Upload(r.ctx, input)
 	return err
 }
 
 func (r *s3Repository) init() error {
 	r.once.Do(func() {
-		r.initErr = r.conditionalUpload(&s3manager.UploadInput{
+		r.initErr = r.conditionalUpload(&s3.PutObjectInput{
 			Bucket:   aws.String(r.bucket),
-			Metadata: map[string]*string{"X-Docker-Distribution-API-Version": aws.String("registry/2.0")},
+			Metadata: map[string]string{"X-Docker-Distribution-API-Version": "registry/2.0"},
 			Body:     bytes.NewBufferString(""),
 			Key:      aws.String("/v2/"),
 		}, "")
@@ -264,7 +263,7 @@ func (s *s3ManifestService) Put(ctx context.Context, manifest distribution.Manif
 	dgst := godigest.FromBytes(payload)
 	blob := fmt.Sprintf("/v2/%s/blobs/%s", s.r.repoName, dgst)
 
-	if err := s.r.conditionalUpload(&s3manager.UploadInput{
+	if err := s.r.conditionalUpload(&s3.PutObjectInput{
 		Bucket:      aws.String(s.r.bucket),
 		ContentType: aws.String(mediaType),
 		Body:        bytes.NewBuffer(payload),
@@ -281,10 +280,10 @@ func (s *s3ManifestService) Put(ctx context.Context, manifest distribution.Manif
 		}
 	}
 	for _, tag := range tags {
-		if _, err := s.r.s3.CopyObject(&s3.CopyObjectInput{
+		if _, err := s.r.s3.CopyObject(s.r.ctx, &s3.CopyObjectInput{
 			Bucket:      aws.String(s.r.bucket),
 			ContentType: aws.String(mediaType),
-			CopySource:  aws.String(path.Join(s.r.bucket, blob)),
+			CopySource:  aws.String(path.Join(s.r.bucket, url.QueryEscape(blob))),
 			Key:         aws.String(fmt.Sprintf("/v2/%s/manifests/%s", s.r.repoName, tag)),
 		}); err != nil {
 			return "", err
@@ -328,7 +327,7 @@ func (s *s3BlobStore) Put(ctx context.Context, mediaType string, p []byte) (dist
 		return distribution.Descriptor{}, err
 	}
 	d := godigest.FromBytes(p)
-	if err := s.r.conditionalUpload(&s3manager.UploadInput{
+	if err := s.r.conditionalUpload(&s3.PutObjectInput{
 		Bucket:      aws.String(s.r.bucket),
 		ContentType: aws.String(mediaType),
 		Body:        bytes.NewBuffer(p),
@@ -409,7 +408,8 @@ func (w *writer) ReadFrom(r io.Reader) (int64, error) {
 	if w.startedAt.IsZero() {
 		w.startedAt = time.Now()
 	}
-	_, err := s3manager.NewUploaderWithClient(w.driver.s3).Upload(&s3manager.UploadInput{
+	uploader := manager.NewUploader(w.driver.s3)
+	_, err := uploader.Upload(w.driver.ctx, &s3.PutObjectInput{
 		Bucket:      aws.String(w.driver.bucket),
 		ContentType: aws.String("application/octet-stream"),
 		Key:         aws.String(w.key),