Getting the Image
This page is partially adopted from https://wiki.archlinux.org/title/Installation_guide
Download the ISO
Download the ISO from one of the mirrors at https://archlinux.org/download/.
TIP
Choosing a mirror closer to your geographic location will greatly improve download speed.
You need
- The
archlinux-yyyy.mm.dd-x86_64.iso
- The
archlinux-yyyy.mm.dd-x86_64.iso.sig
signature file - The
sha256sums.txt
file (just opening it in the browser is fine)
yyyy.mm.dd
is the date of the ISO release. (for example, 2023.06.01
)
Put those files in the same folder. We will be running commands in that folder.
Verify the ISO
SHA256
Open Powershell in the folder where you put the files, and use Get-FileHash
cmdlet to get the hash
Get-FileHash -Path archlinux-yyyy.mm.dd-x86_64.iso -Algorithm SHA256
Get-FileHash -Path archlinux-yyyy.mm.dd-x86_64.iso -Algorithm SHA256
Compare the hash with the one in sha256sums.txt
. If they match (case-incensitive), you can continue. If not, download the ISO again.
TIP
Here's an example powershell one-liner to compare the hash. Replace $url with the URL of sha256sums.txt
and $file with the path of your ISO
$url="http://mirrors.acm.wpi.edu/archlinux/iso/2023.06.01/sha256sums.txt"; $file="archlinux-2023.06.01-x86_64.iso"; ((Invoke-WebRequest $url).Content.ToString() -Split "\n" | Select-String -Pattern "archlinux-\d\d\d\d\.\d\d\.\d\d-x86_64\.iso").ToString().Substring(0, 64) -eq (Get-FileHash -Path $file -Algorithm SHA256).Hash.ToLower()
$url="http://mirrors.acm.wpi.edu/archlinux/iso/2023.06.01/sha256sums.txt"; $file="archlinux-2023.06.01-x86_64.iso"; ((Invoke-WebRequest $url).Content.ToString() -Split "\n" | Select-String -Pattern "archlinux-\d\d\d\d\.\d\d\.\d\d-x86_64\.iso").ToString().Substring(0, 64) -eq (Get-FileHash -Path $file -Algorithm SHA256).Hash.ToLower()
It would display True
if the hash matches
GPG Signature
You are probably fine if the hash matches. But here's how to verify the signature anyway.
TIP
If you are on Windows you need to download and install Gpg4win from https://www.gpg4win.org/download.html. You probably don't need any optional components. Restart powershell after installing.
TIP
Or you can gpg inside use WSL
Run the gpg command below and replace the file with path to your .iso.sig
file
gpg --keyserver-options auto-key-retrieve --verify archlinux-2023.06.01-x86_64.iso.sig
gpg --keyserver-options auto-key-retrieve --verify archlinux-2023.06.01-x86_64.iso.sig
If you see something like Good Signature from xxx
you are probably good.