As of the Mate-Compiz 21.1 release, and all
future Manjaro releases, all SbK iso's will
be signed. This will give those that
download the iso's the ability to be 100%
sure the iso was created by the SbK project
if they choose.
At the same time the hash used to
check if a download is good will change from
md5sum to sha1 or sha256. The change is
being made because the sha1 and sha256 hash
files are automatically generated when the
iso is signed. The files can be found in the
sha1 or sha256 download folder of the
Checking the iso signature for the 21.1
release and all future releases
First make sure you have gnupg installed.
sudo pacman -S
Download the iso and the .sig file with
the name that matches the iso. Place them
both into the same folder.
Import the Spins by Kilz key by opening a
terminal and entering.
The terminal will ask which key to
import. Since there is only 1, type 1,
then hit enter. You should see this in the
terminal except unchanged will say added.
Next go to the location you have saved the
iso and the sig file. In this example they
are in the check folder.
Then issue the following command to check
the iso changing "name of the downloaded
file" to the name of the sig file.
"name of the downloaded file".sig
The results should look like this with a
good signature line that includes the
If the results do not include a "gpg: Good
signature" line with the above name and
address delete the file. Its possible that
it was just a bad download, but the iso
could also have been changed by someone
else. Be safe, not sorry, delete the file,
download again, and check again.
Manjaro and Debian
Checking the Iso Hash in Linux
First download the iso and the sha1 or
sha256 file for the release. The sha1 or
sha256 file for the release can be found
in the sha1 or sha256 download folder for
To check the hash open a terminal and
change to the location you downloaded the
file to. In this example we will use the
check either the sha1 or sha256 hash of
the file changing "name of the downloaded
file" to the name of the iso you
of the downloaded file".iso
"name of the downloaded file".iso
In the terminal a hash will be produced.
Check that the hash matches the hash
in the sha1 or sha256 file you downloaded.
If they do not match you will need to
download the iso again and check
that file until they match.
Checking the Iso Hash in Windows
If you are checking the hash in Windows
you will need a checksum application if
you don't have one installed. Quick
Hash is an open source tool that you