+ca_bundle=customroot/etc/ssl/ca-bundle.crt +if test $(expr $(stat -c %Y $ca_bundle 2> /dev/null) + 2592000) -lt $(date +%s); then + curl -o $ca_bundle --time-cond $ca_bundle https://curl.haxx.se/ca/cacert.pem + cp $ca_bundle $ROOTFS/etc/ssl/ca-bundle.crt +fi
We don't mind you downloading the PEM file from us in an automated fashion, but please don't do it more often than once per day. It is only updated once every few months anyway.
A suitable curl command line to only download it when it has changed:
curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem
Best, Mark