Downloads and Validation

Official ISO Sources

CachyOS ISO can be obtained from the following sources:

• Website
• SourceForge
• CachyOS Mirror

Verifying ISO integrity with SHA256

WARNING

Always take an extra step to verify the ISO’s integrity to avoid any undesired issues at installation or while creating a bootable media.

Current ISO Version: 251129

SHA256 Hash: 2ab25f72ce8fece890b440cf9e260fc3d57ae4f5fb5308086f670240de02da7b

Windows

1. Download the file containing the SHA256 hash (Open it with a Text Editor e.g. Notepad).
2. Open CMD or PowerShell as Administrator and navigate to the path where the ISO and SHA256 files are stored.
3. Execute the following command:

   # Example:
   certUtil -hashfile cachyos-desktop-linux-251129.iso SHA256

4. Compare the certUtil hash output to the one from the downloaded file in Step 1. If they match, you can proceed with the CachyOS installation.

Linux

1. Download the file containing the SHA256 hash.
2. Open a terminal, navigate to the directory containing the .sha256 file, and execute the following commands:

   # Example:
   cd Downloads/
   cat cachyos-desktop-linux-251129.iso.sha256
   # 2ab25f72ce8fece890b440cf9e260fc3d57ae4f5fb5308086f670240de02da7b

3. Compare the output from Step 2 and execute the following command to check the ISO file’s hash:

   # Example:
   sha256sum cachyos-desktop-linux-251129.iso

4. If the hashes from Step 2 and Step 3 match, you can proceed with the CachyOS installation.

macOS

1. Download the file containing the SHA256 hash.
2. Open a terminal, navigate to the directory containing the .sha256 file, and execute the following commands:

   # Example:
   cd Downloads/
   cat cachyos-desktop-linux-251129.iso.sha256
   # 2ab25f72ce8fece890b440cf9e260fc3d57ae4f5fb5308086f670240de02da7b

3. Compare the output from Step 2 and execute the following command to check the ISO file’s hash:

   # Example:
   shasum -a 256 cachyos-desktop-linux-251129.iso

4. If the hashes from Step 2 and Step 3 match, you can proceed with the CachyOS installation.

Verify ISO Image Authenticity (Linux)

To verify the authenticity of the ISO file and make sure that it’s the official one released by the CachyOS development team:

1. Import the GPG key for verifying the authenticity:

   gpg --keyserver hkps://keys.openpgp.org --recv-key F3B607488DB35A47

2. Download the ISO file and its .sig signature file and run the following command (by replacing full_iso_name.iso with the actual ISO filename):

   gpg --verify full_iso_name.iso.sig full_iso_name.iso

   If you get a Good signature output, the ISO file is genuine:

   gpg: Signature made sáb 29 nov 2025 13:10:22 -03
   gpg:                using RSA key 882DCFE48E2051D48E2562ABF3B607488DB35A47
   gpg: Good signature from "CachyOS <admin@cachyos.org>" [unknown]
   gpg: WARNING: This key is not certified with a trusted signature!
   gpg:          There is no indication that the signature belongs to the owner.
   Primary key fingerprint: 882D CFE4 8E20 51D4 8E25  62AB F3B6 0748 8DB3 5A47

Danger

If the output does not return a Good signature string or the key ID does not match, don’t use the ISO image. Make sure that the downloaded image comes from a legitimate CachyOS source, since a bad signature could suggest that the ISO has been tampered with.