2424# of freetype. It must match the value in
2525# lib/matplotlib.__init__.py:validate_test_dependencies
2626LOCAL_FREETYPE_VERSION = '2.5.2'
27-
27+ # md5 hash of the freetype tarball
28+ LOCAL_FREETYPE_HASH = '004320381043d275c4e28bbacf05a1b7'
2829
2930if sys .platform != 'win32' :
3031 if sys .version_info [0 ] < 3 :
@@ -222,6 +223,21 @@ def make_extension(name, files, *args, **kwargs):
222223 return ext
223224
224225
226+ def get_file_hash (filename ):
227+ """
228+ Get the MD5 hash of a given filename.
229+ """
230+ import hashlib
231+ BLOCKSIZE = 1 << 16
232+ hasher = hashlib .md5 ()
233+ with open (filename , 'rb' ) as fd :
234+ buf = fd .read (BLOCKSIZE )
235+ while len (buf ) > 0 :
236+ hasher .update (buf )
237+ buf = fd .read (BLOCKSIZE )
238+ return hasher .hexdigest ()
239+
240+
225241class PkgConfig (object ):
226242 """
227243 This is a class for communicating with pkg-config.
@@ -966,15 +982,18 @@ def do_custom_build(self):
966982 tarball = 'freetype-{0}.tar.gz' .format (LOCAL_FREETYPE_VERSION )
967983 tarball_path = os .path .join ('build' , tarball )
968984 if not os .path .isfile (tarball_path ):
969- print ("Downloading {0}" .format (tarball ))
985+ tarball_url = 'http://download.savannah.gnu.org/releases/freetype/{0}' .format (tarball )
986+
987+ print ("Downloading {0}" .format (tarball_url ))
970988 if sys .version_info [0 ] == 2 :
971989 from urllib import urlretrieve
972990 else :
973991 from urllib .request import urlretrieve
974992
975- urlretrieve (
976- 'http://download.savannah.gnu.org/releases/freetype/{0}' .format (tarball ),
977- tarball_path )
993+ urlretrieve (tarball_url , tarball_path )
994+
995+ if get_file_hash (tarball_path ) != LOCAL_FREETYPE_HASH :
996+ raise IOError ("{0} does not match expected hash." .format (tarball ))
978997
979998 print ("Building {0}" .format (tarball ))
980999 subprocess .check_call (
0 commit comments