Sha1 sum xfce does not match

kangaroo · 15 June 2021 10:11

I downloaded the latest xfce release from Manjaro - XFCE
The sha1 checksum of the file I downloaded (manjaro-xfce-21.0.7-210614-linux510.iso) is:

$ sha1sum manjaro-xfce-21.0.7-210614-linux510.iso
3ed1c2b59c517bce2ab7e11f6f5aed9d58ba806c  manjaro-xfce-21.0.7-210614-linux510.iso

But on the website it is:

SHA1: 43f0f573d6c5d089cd280b622f228d1ea2933cf8

On this (SHA1 integrity check for LXQt looks incorrect) page they say that I should look on the osdn server:

Shortlinks - https://manjaro-community.osdn.io
Download location - https://osdn.org/projects/manjaro-community/storage/

So I guessed the domain for official releases: https://manjaro.osdn.io/.
But there I only find the minimal xfce image with another checksum.

The gpg signature of the file is correct.

According to SHA1 integrity check for LXQt looks incorrect displaying a incorrect checksum seems to be a common problem. If so: Is it planned to solve it?

jrichard326 · 15 June 2021 13:44

I get the same SHA1 as you. They can be found on the project page under “commits”.

betawind · 16 June 2021 00:11

ok, well this is a bit amusing. I had a similar issue with downloading manjaro-kde-21.0.7-210614-linux510.iso …
My checksum for the KDE version didn’t match up, but its checksum value matches the XFCE checksum value perfectly.
So, does that mean I should trust my download because it at least matches a checksum somewhere on the list. ha ha. Seems like a possible human error, idk. Hopefully they get it resolved soon.

Jtyle6 · 16 June 2021 14:08

Hey @philm Looks there is a issue with the website.

kuntal.live · 16 June 2021 14:37

I have downloaded the xfce iso twice through torrent and checked it’s SHA1 in gnome terminal. But the given value in website didn’t not matched with terminal output. Is my iso is good for install? Screenshot attached.

gelie · 17 June 2021 10:55

I have also downloaded the xfce iso twice and on both occasions the sha1sum was 3ed1c2b59c517bce2ab7e11f6f5aed9d58ba806c. The problem appears to be on the website…

magal · 17 June 2021 12:18

I’d like to try Manjaro for the first time.

I got the minimal LTS edition fron the website and torrent but sha1 doesn’t match with the one on the website.

It should be SHA1: a293eb14c43cc5a7d55039151b0fc6fca724988f

but I get
fdeb8ff31b54b90cb41830a1a9d9530f58b463e7 manjaro-xfce-21.0.7-minimal-210614-linux54.iso

what I’m doing wrong?

Thank you

cjean · 17 June 2021 12:22

It’s apparently a known issue. See:

magal · 17 June 2021 13:17

Thank you, but can I trust the .iso?

Is the gpg signature enough to trust the file?

banjo · 17 June 2021 17:24

The last stable update , just the first post on top gives you download links for xfce, gnome, kde. Here, the full xfce sha1 is 3ed1c2b59c517bce2ab7e11f6f5aed9d58ba806c which matches the iso. So I think they only messed it up on manjaro.org. @codesardine ?
Does that answer your question ?

moson · 17 June 2021 17:58

Yes. If the downloaded file is corrupted the gpg check would reveal that as well.

philm · 18 June 2021 09:03

Wollie · 18 June 2021 11:08