Check cryptographic digests of downloaded tools
I'd like stronger assurance than https that we are indeed getting the right artifacts for autoconf
, automake
, and asciidoc
. After we download these files, let's compare their digests to known-good values.