While it would be great to use GPG or another validation mech, the easiest thing for now is to hard code the SHA512 of the pypy-2.4.0.tar.bz2 into the bootstrap.sh....

https://gist.github.com/pquerna/b8925406e445288368d2

Is a derivative going down this path, but I also moved it into /opt by default.

I've also switched to using a newer version of PyPy... which broke, so I switched to Portable PyPy:

https://gist.github.com/pquerna/eb95ad6884a0cdd8dcb8

https://github.com/squeaky-pl/portable-pypy

would look at a PR :)

#45