Download spmenu

The latest release of spmenu can be had from my releases page. Select the latest version (which is at the bottom). You can also get the latest release here if you prefer.

You can also get spmenu

I provide the following with each release. Older releases may be missing some of these:

• Source code tarball (spmenu-VERSION.tar.gz)
• Source code tarball PGP signature (spmenu-VERSION.tar.gz.sig)
• Source code tarball MD5 hash (spmenu-VERSION.tar.gz.md5)
• Source code tarball SHA256 hash (spmenu-VERSION.tar.gz.sha256)
• Arch Linux PKGBUILD (spmenu-VERSION.PKGBUILD)
• Arch Linux prebuilt package (spmenu-VERSION-1-x86_64.pkg.tar.zst)
• Arch Linux prebuilt package PGP signature (spmenu-VERSION-1-x86_64.pkg.tar.zst.sig)
• Arch Linux prebuilt package MD5 hash (spmenu-VERSION-1-x86_64.pkg.tar.zst.md5)
• Arch Linux prebuilt package SHA256 hash (spmenu-VERSION-1-x86_64.pkg.tar.zst.sha256)
• Arch Linux prebuilt library package (libspmenu-VERSION-1-x86_64.pkg.tar.zst)
• Arch Linux prebuilt library package PGP signature (libspmenu-VERSION-1-x86_64.pkg.tar.zst.sig)
• Arch Linux prebuilt library package MD5 hash (libspmenu-VERSION-1-x86_64.pkg.tar.zst.md5)
• Arch Linux prebuilt library package SHA256 hash (libspmenu-VERSION-1-x86_64.pkg.tar.zst.sha256)
• Gentoo Linux ebuild (spmenu-VERSION.ebuild)
• Gentoo Linux ebuild PGP signature (spmenu-VERSION.ebuild.sig)
• Gentoo Linux ebuild MD5 hash (spmenu-VERSION.ebuild.md5)
• Gentoo Linux ebuild SHA256 hash (spmenu-VERSION.ebuild.sha256)
• Gentoo Linux library ebuild (libspmenu-VERSION.ebuild)
• Gentoo Linux library ebuild PGP signature (libspmenu-VERSION.ebuild.sig)
• Gentoo Linux library ebuild MD5 hash (libspmenu-VERSION.ebuild.md5)
• Gentoo Linux library ebuild SHA256 hash (libspmenu-VERSION.ebuild.sha256)

Please note that the spmenu tarball includes libspmenu as well. libspmenu is not required, but spmenu is required for libspmenu to function.

See Installing spmenu for instructions on installing spmenu.

Verifying using PGP

To verify a file using PGP, you need to make sure you have GPG installed. Then you can import my public key into your keyring. Do this using: gpg --recv-keys CEB863B830D1318A. If you don't want to use a keyserver, you can get my key here.

Now you can verify it using: gpg --verify FILE.sig FILE. For example, to verify spmenu-3.0.2.tar.gz, run the following: gpg --verify spmenu-3.0.2 .tar.gz.sig spmenu-3.0.2.tar.gz. The output should be something like the following:

gpg: Signature made Wed 19 Jul 2023 03:50:52 AM CEST
gpg:                using RSA key AE46FBEA635C56F2B212D036CEB863B830D1318A
gpg: Good signature from "speedie (key) <speedie.alt@gmail.com>" [ultimate]

If you do not get a good signature, you should not install spmenu using the tarball/package, you should consider it compromised.

Verifying using SHA256

To verify the SHA256 hash, run sha256sum FILE where FILE is the file you want to check. You should end up with a 64 character (256 bit) string of characters. Make sure this string is identical to the contents of FILE.sha256.

Verifying using MD5

NOTE: It is recommended that you verify using PGP and/or SHA256 instead.

To verify the MD5 hash, run md5sum FILE where FILE is the file you want to check. You should end up with a 32 character (128 bit) string of characters. Make sure this string is identical to the contents of FILE.md5.