I went to try an install of ArchLinuxARM to my first BeagleBone Black, but the rootfs tarball does not match the MD5 or GPG signature. (Being more familiar with the Raspberry Pi, I double-checked and the MD5 and GPG signatures are fine for its files.)
Since I try to make sure I get in the habit of always checking these things, I was a little concerned and thought I would ask and see if they could be checked and/or updated.
$this->bbcode_second_pass_code('', '[root@arch]# ls -1 *-am33x-*.tar.gz*
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz.md5
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz.sig')
$this->bbcode_second_pass_code('', '[root@arch]# md5sum -c *.md5
ArchLinuxARM-2015.04-am33x-rootfs.tar.gz: FAILED
md5sum: WARNING: 1 computed checksum did NOT match
BeagleBone-bootloader.tar.gz: OK')
$this->bbcode_second_pass_code('', '[root@arch]# cat ArchLinuxARM-2015.04-am33x-rootfs.tar.gz.md5
6f37c1b3168669212a36a59a69ba5123 ArchLinuxARM-2015.04-am33x-rootfs.tar.gz
[root@arch]# md5sum ArchLinuxARM-2015.04-am33x-rootfs.tar.gz
d41d8cd98f00b204e9800998ecf8427e ArchLinuxARM-2015.04-am33x-rootfs.tar.gz')
$this->bbcode_second_pass_code('', '[root@arch]# gpg --verify *.sig
gpg: assuming signed data in 'ArchLinuxARM-2015.04-am33x-rootfs.tar.gz'
gpg: Signature made Wed 01 Apr 2015 01:11:12 PM EDT using RSA key ID 2BDBE6A6
gpg: BAD signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" [unknown]')
-Jason
P.S. I have been having a blast using Arch Linux on the Raspberry Pi's, it having been a number of years since I've done much of anything with Linux other than the occasional server, VM or Docker container. What fun!