{{Header}}'''This chapter is recommended for better security, but is not strictly required.''' (See [[Trust]].)
{{always_verify_signatures_reminder}}
Change directly into source code folder.
{{CodeSelect|code=
cd derivative-maker
}}
Git fetch. [
Optional. [...]
]
{{CodeSelect|code=
git fetch
}}
Verify the chosen tag to build. Replace with tag you want to build.
{{CodeSelect|code=
git verify-tag {{VersionNew}}-stable
}}
The output should look similar to this.
gpg: Signature made Mon 11 Mar 2024 01:51:56 PM EDT
gpg: using RSA key 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: issuer "adrelanos@whonix.org"
gpg: Good signature
{{gpg_signature_timestamp}}
By convention, git tags should point to signed git commits. [
Beginning from git tag 9.6 and above.
] ([https://forums.whonix.org/t/security-git-general-verification-verifying-whonix-submodules/513 forum discussion]) It is advisable to verify the signature of the git commit as well (replace {{VersionNew}} with the actual git tag being verified).
{{CodeSelect|code=
git verify-commit {{VersionNew}}-stable^{commit}
}}
The output should look similar to this.
gpg: Signature made Mon 11 Mar 2024 01:51:56 PM EDT
gpg: using RSA key 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: issuer "adrelanos@whonix.org"
gpg: Good signature
{{Footer}}
[[Category:MultiWiki]]