Sha1 sum xfce does not match

I downloaded the latest xfce release from Manjaro - XFCE
The sha1 checksum of the file I downloaded (manjaro-xfce-21.0.7-210614-linux510.iso) is:

$ sha1sum manjaro-xfce-21.0.7-210614-linux510.iso
3ed1c2b59c517bce2ab7e11f6f5aed9d58ba806c  manjaro-xfce-21.0.7-210614-linux510.iso

But on the website it is:

SHA1: 43f0f573d6c5d089cd280b622f228d1ea2933cf8 

On this (SHA1 integrity check for LXQt looks incorrect) page they say that I should look on the osdn server:

Shortlinks -
Download location -

So I guessed the domain for official releases:
But there I only find the minimal xfce image with another checksum.

The gpg signature of the file is correct.

According to SHA1 integrity check for LXQt looks incorrect displaying a incorrect checksum seems to be a common problem. If so: Is it planned to solve it?

1 Like

I get the same SHA1 as you. They can be found on the project page under “commits”.

1 Like

ok, well this is a bit amusing. I had a similar issue with downloading manjaro-kde-21.0.7-210614-linux510.iso …
My checksum for the KDE version didn’t match up, but its checksum value matches the XFCE checksum value perfectly.
So, does that mean I should trust my download because it at least matches a checksum somewhere on the list. ha ha. Seems like a possible human error, idk. Hopefully they get it resolved soon.

Hey @philm Looks there is a issue with the website.

I have downloaded the xfce iso twice through torrent and checked it’s SHA1 in gnome terminal. But the given value in website didn’t not matched with terminal output. Is my iso is good for install? Screenshot attached.

I have also downloaded the xfce iso twice and on both occasions the sha1sum was 3ed1c2b59c517bce2ab7e11f6f5aed9d58ba806c. The problem appears to be on the website…

1 Like

I’d like to try Manjaro for the first time.

I got the minimal LTS edition fron the website and torrent but sha1 doesn’t match with the one on the website.

It should be SHA1: a293eb14c43cc5a7d55039151b0fc6fca724988f

but I get
fdeb8ff31b54b90cb41830a1a9d9530f58b463e7 manjaro-xfce-21.0.7-minimal-210614-linux54.iso

what I’m doing wrong?

Thank you

It’s apparently a known issue. See:

Thank you, but can I trust the .iso?

Is the gpg signature enough to trust the file?

The last stable update , just the first post on top gives you download links for xfce, gnome, kde. Here, the full xfce sha1 is 3ed1c2b59c517bce2ab7e11f6f5aed9d58ba806c which matches the iso. So I think they only messed it up on @codesardine ?
Does that answer your question ?

1 Like

Yes. If the downloaded file is corrupted the gpg check would reveal that as well.

1 Like