Check hashes for the packages downloaded during TBB build
I've added some steps to verify the sha256 hash of the downloaded packages.
There's some more work to be done, mainly allowing for an easier way to update the expected hashes (for now we should do this manually when we update the package version) and for verifying gpg signatures, but this should be an improvement over what we have now.
The patch is in the 'check_download_hashes' branch of git://github.com/flavioamieiro/torbrowser.git (https://github.com/flavioamieiro/torbrowser/tree/check_download_hashes).
Trac:
Username: amieiro