Verify integrity of downloaded files in the provision scripts (master branch)

[johnkord]

There are some files that are downloaded during provisioning. Those files should be hash verified with their pre-computed (and statically checked in) hashes. If a file needs to be updated to a new version, the person who updates that file to the new version should update the hash accordingly.

[elemanhillary-zz]

i can jump onto this one

[achamayou]

@johnkord @elemanhillary I could easily be wrong, but I think this is not a problem any more, because the current provision script seems to rely on apt repos only: https://github.com/microsoft/oe-engine/blob/2736bb8cfe11eacdc7dbb7d8761d131b90f04d76/parts/provision.sh

[elemanhillary-zz]

@achamayou then the issue should be closed

[achamayou]

@elemanhillary I tend agree, but:

1. it may be good to get confirmation from someone more familiar with part of the code
2. I don't have permissions to close issues