[Wolfi Package Request]: AWS RDS CA Bundles

lyoung-confluent commented 4 months ago

What software would you like us to add to wolfi-os. Ideally include a URL to the project and its source.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

which versions of the software should we include?

latest?

Add some justification for why this specific package and versions are important.

When connecting to AWS RDS DB using TLS, the instances do not use a public Certificate Authority that would be part of the standard ca-certificates-bundle. Instead there are per-region certificate bundles made available by AWS.

It would be useful to have something like an aws-rds-certificates package that includes these bundles so it's easy for applications that connect to an RDS DB to do so securely (i.e. sslmode=verifyfull). We could follow a similar model as glibc using a data element to build each region as an separate package so only the regions a service needs can be installed.

One complexity here is that while AWS hosts these certificates for easy download, they do not appear to be versioned. Maybe we can just use the checksum feature of fetch to ensure they are not changed unexpectedly?

Please check all that apply

[ ] This package has an un-restrictive license
[X] The package/versions proposed are actively maintained upstream
[X] I am interested in adding this package to Wolfi OS myself
[X] I am willing to help maintain this package

tuananh commented 1 month ago

@lyoung-confluent is this still needed?

lyoung-confluent commented 1 month ago

@tuananh Yes, I still think it would be a useful package

wolfi-dev / os