f8d67ec135
One issue with cargoSha256 is that it's hard to detect when it needs to be updated or not. It's possible to upgrade a package and forget to update cargoSha256 and run with old versions of the program or libraries. This commit introduces `verifyCargoDeps` which, when enabled, will check that the Cargo.lock is not out of date in the cargoDeps by comparing it with the package source.