The packages are stored in a signed repository that can be added to Manjaro and Arch Linux. It should also be possible to use this repository in other Arch based distributions, but it has not been tested.
In September 2021 the new repository went online and will be enabled in all releases after September 1, 2021. It is signed with a stronger gpg key than the original repository and will add additional security for users and the project. The new key will also sign all newly released iso's. It contains all types of packages listed above that previously existed as well as all new packages the project creates. All SbK users of releases before 21.1 should update to the current repository.
The new repository should be enabled and the new key installed in all the SbK 21.1 releases and all releases going forward. If something goes wrong and Pamac or Packman error out because the key is not found open a terminal and as root or with sudo enter:
sbksignThis will add the key again and resign the repository. Some of the first 21.1 releases did not have this script, you can download it here.
The repository can also be added to Manjaro/Arch Linux by adding the following to your /etc/pacman.conf. Users who are updating the repository should replace the old sbk-repo section in /etc/pacman.conf with the following.
[sbk-repo] SigLevel = PackageRequired Server = http://repo.spinsbykilz.com/2/files/repository/stable/x86_64/
Since the repository is signed you will need to download and add the keyfile before installing packages. After downloading the key open a terminal and enter the following:
sudo pacman-key --add /path/to/downloaded/keyfile
sudo pacman-key --lsign-key 620BB134B4239576