Added support to check SHA256 integrity for binary pkgs.

This currently checks:
 - While removing, any file is checked and if hash doesn't match the
   file is ignored and not removed.
 - While installing, if a binary pkg file doesn't match with the one
   reported by the repository's pkg index file, the process will be
   stopped.

--HG--
extra : convert_revision : 42bb64e89a092f0ff3e7d951e5b26e45d63a60fe

lib/unpack.c

@@ -45,6 +45,7 @@ xbps_unpack_binary_pkg(prop_dictionary_t repo, prop_dictionary_t pkg,
 		       const char *destdir, int flags)
 {
 	prop_string_t filename, repoloc, arch;
+	const char *sha256;
 	char *binfile, *path;
 	int rv = 0;
 
@@ -53,6 +54,7 @@ xbps_unpack_binary_pkg(prop_dictionary_t repo, prop_dictionary_t pkg,
 	/* Append filename to the full path for binary pkg */
 	filename = prop_dictionary_get(pkg, "filename");
 	arch = prop_dictionary_get(pkg, "architecture");
+	prop_dictionary_get_cstring_nocopy(pkg, "filename-sha256", &sha256);
 	if (repo)
 		repoloc = prop_dictionary_get(repo, "location-local");
 	else
@@ -72,6 +74,13 @@ xbps_unpack_binary_pkg(prop_dictionary_t repo, prop_dictionary_t pkg,
 	}
 	free(path);
 
+	if ((rv = xbps_check_file_hash(binfile, sha256)) == ERANGE) {
+		printf("ERROR: SHA256 doesn't match for %s!",
+		    prop_string_cstring_nocopy(filename));
+		free(binfile);
+		return rv;
+	}
+
 	rv = unpack_archive_init(pkg, destdir, binfile, flags);
 	free(binfile);
 	return rv;