Check ISO

As of the Mate-Compiz 21.1 release, and all future Manjaro releases, all SbK iso's will be signed. This will give those that download the iso's the ability to be 100% sure the iso was created by the SbK project if they choose.
  At the same time the hash used to check if a download is good will change from md5sum to sha1 or sha256. The change is being made because the sha1 and sha256 hash files are automatically generated when the iso is signed. The files can be found in the sha1 or sha256 download folder of the release.

Checking the iso signature for the 21.1 release and all future releases

First make sure you have gnupg installed.

sudo pacman -S gnupg

Download the iso and the .sig file with the name that matches the iso. Place them both into the same folder.

Import the Spins by Kilz key by opening a terminal and entering.

gpg --keyserver keyserver.ubuntu.com --search-keys 620BB134B4239576

The terminal will ask which key to import. Since there is only 1, type 1, then hit enter. You should see this in the terminal except unchanged will say added.

Next go to the location you have saved the iso and the sig file. In this example they are in the check folder.

Then issue the following command to check the iso changing "name of the downloaded file" to the name of the sig file.

gpg --verify "name of the downloaded file".sig

The results should look like this with a good signature line that includes the following info

If the results do not include a "gpg: Good signature" line with the above name and address delete the file. Its possible that it was just a bad download, but the iso could also have been changed by someone else. Be safe, not sorry, delete the file, download again, and check again.

Manjaro and Debian

Checking the Iso Hash in Linux

First download the iso and the sha1 or sha256 file for the release. The sha1 or sha256 file for the release can be found in the sha1 or sha256 download folder for the release.

To check the hash open a terminal and change to the location you downloaded the file to. In this example we will use the Downloads folder.

cd ~/Downloads

Then check either the sha1 or sha256 hash of the file changing "name of the downloaded file" to the name of the iso you downloaded.

sha1sum "name of the downloaded file".iso


sha256sum "name of the downloaded file".iso

In the terminal a hash will be produced. Check that the hash matches the hash in the sha1 or sha256 file you downloaded. If they do not match you will need to download the iso  again and check that file until they match.

Checking the Iso Hash in Windows

If you are checking the hash in Windows you will need a checksum application if you don't have one installed. Quick Hash is an open source tool that you can install.