SHA1 integrity check for LXQt looks incorrect

Hello,

I have downloaded manjaro-lxqt-20.2-201130-linux59.iso. When I verify the signature everything looks fine: (I renamed the signature file)

gpg --verify manjaro-lxqt-20.2-201130-linux59.iso.sig manjaro-lxqt-20.2-201130-linux59.iso

Signature made ma 30 nov 2020 12:39:14 CET
gpg: using RSA key 3B6B8D2B9293A297E1DD1F9E7605992471F3F073
gpg: Good signature from “Frede Hundewadt fh@manjaro.org” [unknown]

However the sha1sum does not match. I get:

sha1sum manjaro-lxqt-20.2-201130-linux59.iso

1ed18d0593f40aa34349183e6d2f515e8ac51c0b manjaro-lxqt-20.2-201130-linux59.iso
While the shasum on the site is:
a3d4d2861caaa12fea00dfc9613236d08ce87c27

I have redownloaded the iso and tested again with the same result.
anyhow I don’t see how a corrupt iso file could have a correct signature.

I’ve also downloaded manjaro-architect and checked it the same way.
There the shasum and signature were both correct. I did this to see if I made a mistake with shasum.

Could you please check this,
Thanks.

I can confirm…

sha1sum manjaro-lxqt-20.2-201130-linux59.iso
1ed18d0593f40aa34349183e6d2f515e8ac51c0b  manjaro-lxqt-20.2-201130-linux59.iso

Please check with tha sha1 sum file from the download location.

Sometimes the sha1 sum displayed on the download page is not correct.

The correct checksum is always available at the shortlinks location and at the download location

Shortlinks - https://manjaro-community.osdn.io
Download location - https://osdn.org/projects/manjaro-community/storage/

I know for my part - I sometimes forget a flag when building the iso and then the webpage displays incorrect cheksums.

But usually it is available - at the very least - at the download location.

1 Like
1ed18d0593f40aa34349183e6d2f515e8ac51c0b  manjaro-lxqt-20.2-201130-linux59.iso

You are right…as usual.