As of the Mate-Compiz 21.1 release, and all future releases, all SbK iso's will be signed. This will give those that download the iso's the ability to be 100% sure the iso was created by the SbK project if they choose. At the same time the hash used to check if a download is good will change from md5sum to sha1 or sha256. The change is being made because the sha1 and sha256 hash files are automatically generated when the iso is signed. The files can be found in the sha1 or sha256 download folder of the release.
First make sure you have gnupg installed.
sudo pacman -S gnupgDownload the iso and the .sig file with the name that matches the iso. Place them both into the same folder.
Import the Spins by Kilz key by opening a terminal and entering.
gpg --keyserver keyserver.ubuntu.com --search-keys 620BB134B4239576The terminal will ask which key to import. Since there is only 1, type 1, then hit enter. You should see this in the terminal except unchanged will say added.
Next go to the location you have saved the iso and the sig file. In this example they are in the check folder.
Then issue the following command to check the iso changing "name of the downloaded file" to the name of the sig file.
gpg --verify "name of the downloaded file".sigThe results should look like this with a good signature line that includes the following info
If the results do not include a "gpg: Good signature" line with the above name and address delete the file. Its possible that it was just a bad download, but the iso could also have been changed by someone else. Be safe, not sorry.
First download the iso and the sha1 or sha256 file for the release. The sha1 or sha256 file for the release can be found in the sha1 or sha256 download folder for the release.
To check the hash open a terminal and change to the location you downloaded the file to. In this example we will use the Downloads folder.
Then check either the sha1 or sha256 hash of the file changing "name of the downloaded file" to the name of the iso you downloaded.
sha1sum "name of the downloaded file".isoor
sha256sum "name of the downloaded file".isoIn the terminal a hash will be produced. Check that the hash matches the hash in the sha1 or sha256 file you downloaded. If they do not match you will need to download the iso again and check that file until they match.
If you are checking the hash in Windows you will need a checksum application if you don't have one installed. Quick Hash is an open source tool that you can install.