Downloads and Validation

CachyOS can be installed using two types of installations: a GUI Installer and a CLI Installer.

Validation

WARNING

Always take an extra step and verify the ISO’s integrity to avoid any undesired issues at installation or while creating a bootable media.

Here is how you can do it:

If you’re currently on Windows:

1. If you downloaded the iso via SourceForge at the right of each file there is an exclamation point that contains both a SHA1 and a SHA256.

2. Open CMD or PowerShell as Administrator and navigate to the path where the ISO is stored.

3. Type the following command: certUtil -hashfile full_iso_name.iso SHA256

   e.g:

   certUtil -hashfile cachyos-kde-linux-230813.iso SHA256

4. Compare certUtil hash with SourceForge file information, if they both match then you are ready to proceed.

Verification from any Linux distribution:

1. Open a terminal and navigate to the path where the ISO is stored

2. Type the following command: sha256sum full_iso_name.iso:

   e.g:

   sha256sum cachyos-kde-linux-230319.iso

3. Compare if the SourceForge SHA256 hash matches with the SHA256

Verify ISO Image Authenticity

To verify the authenticity of the ISO file to be sure that the actual one has been released by the official Athena OS development team:

1. Import the GPG key for verifying the authenticity:

   gpg --keyserver hkps://keys.openpgp.org --recv-key F3B607488DB35A47

2. Download the ISO file and its .sig signature file and run the following commmand (by replacing full_iso_name.iso with the actual ISO filename):

   gpg --verify full_iso_name.iso.sig full_iso_name.iso

   If you get a Good signature output, the ISO file is genuine:

   gpg: Signature made Mo 01 Apr 2024 14:13:30 CEST
   gpg:                using RSA key 882DCFE48E2051D48E2562ABF3B607488DB35A47
   gpg: Good signature from "CachyOS <[email protected]>" [unknown]
   gpg: WARNING: This key is not certified with a trusted signature!
   gpg:          There is no indication that the signature belongs to the owner.
   Primary key fingerprint: 882D CFE4 8E20 51D4 8E25  62AB F3B6 0748 8DB3 5A47

Danger

If the output does not return Good signature string or the key ID does not match, don’t use the ISO image and check if you downloaded the image from a legitimate Athena OS source. It could suggest that your image has been tampered.

Download ISOs

CachyOS ISOs can be downloaded from the following sources:

• Website
• SourceForge
• CachyOS Mirror

Both online and offline installers are provided for your convenience.