userland-fetch: improvements for downloading and hashing
HASH_DIR support: search for an envvar HASH_DIR, a hashes/ directory in the directory of --file, or a hashes/ the current directory. If found, look inside the files in that directory for checksums in the format outputted by sha256sum. Checksum files will be used if --hash is not provided.
partial downloads: any cancelled download leaves a .part file, which can be continued later if the server supports it, or will be overwritten if not.
retrying: if there is a retryable network error, userland-fetch will try to continue the download once or twice before quitting.
security tests: fail on unsecured, unhashed download with no signature.
Removed deprecated splithost and splittype commands.
Added -n/--need-hash option: userland-fetch will exit if a hash cannot be found for the file. Added -N/--need-sig option: userland-fetch will exit if a signature cannot be found for the file, cannot be checked, or fails validation.
Added -g/--get-hashes option: userland-fetch will look for remote hash files, and download them if there aren't any local copies. Added -G/--get-sigs option: userland-fetch will look for remote signatures and download them, overwriting local copies. Added -c/--clobber-hash option: userland-fetch will replace files in HASH_DIR with new files, if found (the same way as -g/--get-hashes).
If things get too strict, set the envvar ALLOW_UNVERIFIED_DOWNLOADS=yes to skip some validation steps. (commit: 222cf2b)
![[Jenkins]](/jenkins/static/a8056fcf/images/svgs/logo.svg){kind=logo}
