Add a SHA1 check for downloaded packages.

OpenRA.Mods.Common/ModContent.cs

@@ -76,6 +76,7 @@ namespace OpenRA
 			public readonly string Title;
 			public readonly string URL;
 			public readonly string MirrorList;
+			public readonly string SHA1;
 			public readonly Dictionary<string, string> Extract;
 
 			public ModDownload(MiniYaml yaml)

OpenRA.Mods.Common/Widgets/Logic/Installation/DownloadPackageLogic.cs

@@ -137,6 +137,37 @@ namespace OpenRA.Mods.Common.Widgets.Logic
 					return;
 				}
 
+				// Validate integrity
+				if (!string.IsNullOrEmpty(download.SHA1))
+				{
+					getStatusText = () => "Verifying archive...";
+					progressBar.Indeterminate = true;
+
+					var archiveValid = false;
+					try
+					{
+						using (var stream = File.OpenRead(file))
+						{
+							var archiveSHA1 = CryptoUtil.SHA1Hash(stream);
+							Log.Write("install", "Downloaded SHA1: " + archiveSHA1);
+							Log.Write("install", "Expected SHA1: " + download.SHA1);
+
+							archiveValid = archiveSHA1 == download.SHA1;
+						}
+					}
+					catch (Exception e)
+					{
+						Log.Write("install", "SHA1 calculation failed: " + e.ToString());
+					}
+
+					if (!archiveValid)
+					{
+						onError("Archive validation failed");
+						deleteTempFile();
+						return;
+					}
+				}
+
 				// Automatically extract
 				getStatusText = () => "Extracting...";
 				progressBar.Indeterminate = true;