{{Header}}'''This chapter is recommended for better security, but is not strictly required.''' (See [[Trust]].)
{{always_verify_signatures_reminder}}
'''1.''' Verify the chosen tag to build.
Note: Replace with tag you want to build.
{{CodeSelect|code=
git verify-tag {{VersionNew}}-stable
}}
The output should look similar to this.
gpg: Signature made Mon 11 Mar 2024 01:51:56 PM EDT
gpg: using RSA key 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: issuer "adrelanos@whonix.org"
gpg: Good signature
{{gpg_signature_timestamp}}
'''2.''' Verify the git commit to build. [
It is advisable to verify the signature of the git commit as well. By convention, git tags should point to signed git commits. Beginning from git tag 9.6 and above. ([https://forums.whonix.org/t/security-git-general-verification-verifying-whonix-submodules/513 forum discussion])
]
Note: Replace {{VersionNew}} with the actual git tag being verified.
{{CodeSelect|code=
git verify-commit {{VersionNew}}-stable^{commit}
}}
The output should look similar to this.
gpg: Signature made Mon 11 Mar 2024 01:51:56 PM EDT
gpg: using RSA key 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: issuer "adrelanos@whonix.org"
gpg: Good signature
'''3.''' Done.
= Footnotes =
{{Footer}}
[[Category:MultiWiki]]