Based on https://forums.gentoo.org/viewtopic-p-8293520.html#8293520 i understand that portage is unable to fetch source with variable. This prevents to download correct installer for LeagueOfLegends ebuild and end-user is forced to re-update the client after the build is finished. Recommends implementing a RESTRICT which allows SRC_URI to be downloaded after pkg_setup phase with security warning and displaying URL. OR Allowing portage to whitelist multiple sources that can be fetch on demand in pkg_setup.
Created attachment 558414 [details] Source + terminal output
Found a workaround that is just as effective, lowering priority.
Unverified downloads typically occur in the src_unpack function, and bug 481434 would introduce a separate src_fetch function.
Or in theory this feature can be implemented with SHA256 verification to solve the issue with (multiple) unsafe(?) sources alike winetricks: https://github.com/Winetricks/winetricks/pull/1160/commits/23a1548ee9bfb64eae7c33b81c2e3bb8002c07d7