From 4b6e2d89e9f542a20890794d20c868ef16cb9317 Mon Sep 17 00:00:00 2001
From: sh0rez <me@shorez.de>
Date: Wed, 16 Oct 2019 16:48:44 +0200
Subject: [PATCH] feat: check sum after download

To see if we actually got what we expected
---
 pkg/packages.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/packages.go b/pkg/packages.go
index 35ff19f..15e1358 100644
--- a/pkg/packages.go
+++ b/pkg/packages.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/base64"
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
@@ -42,6 +43,7 @@ func Ensure(want spec.JsonnetFile, vendorDir string, locks map[string]spec.Depen
 			list = append(list, l)
 			continue
 		}
+		expectedSum := d.Sum
 
 		// either not present or not intact: download again
 		dir := filepath.Join(vendorDir, d.Name)
@@ -51,6 +53,9 @@ func Ensure(want spec.JsonnetFile, vendorDir string, locks map[string]spec.Depen
 		if err != nil {
 			return nil, errors.Wrap(err, "downloading")
 		}
+		if expectedSum != "" && d.Sum != expectedSum {
+			return fmt.Errorf("checksum mismatch for %s. Expected %s but got %s", d.Name, expectedSum, d.Sum)
+		}
 		list = append(list, *locked)
 	}