Both the http-tar and http-zip methods are modified to manually
verify the checksum before handling the archive. This is a
security precaution and also prevents unexpected consequences from
attempting to work with a corrupted archive file.
The checksum verification code is factored out of el-get-post-install
so that the tar and zip methods can verify using the same code as
other methods.
It knows argument to eval-after-load is code, and that #' implies
existence of a function.
Some of the package.el functions have changed, but that will be dealt
with separately.