From 500b0cce9e92776facbcb9a21b8b00158b218ceb Mon Sep 17 00:00:00 2001
From: theborakompanioni <theborakompanioni+github@gmail.com>
Date: Sun, 3 Sep 2023 13:28:49 +0200
Subject: [PATCH 1/6] feat: verify release signatures in standalone image

---
 standalone/Dockerfile                | 12 ++++-
 standalone/pubkeys/AdamGibson.asc    | 70 ++++++++++++++++++++++++++++
 standalone/pubkeys/KristapsKaupe.asc | 51 ++++++++++++++++++++
 standalone/pubkeys/dergigi.asc       | 52 +++++++++++++++++++++
 4 files changed, 183 insertions(+), 2 deletions(-)
 create mode 100644 standalone/pubkeys/AdamGibson.asc
 create mode 100644 standalone/pubkeys/KristapsKaupe.asc
 create mode 100644 standalone/pubkeys/dergigi.asc

diff --git a/standalone/Dockerfile b/standalone/Dockerfile
index 4db01b2..e343c65 100644
--- a/standalone/Dockerfile
+++ b/standalone/Dockerfile
@@ -23,7 +23,7 @@ FROM ${NODE_IMAGE} AS node
 
 # --- Builder base 
 FROM ${ALPINE_IMAGE} AS builder-base
-RUN apk add --no-cache --update git
+RUN apk add --no-cache --update git gnupg
 # --- Builder base - end
 
 # --- UI builder 
@@ -38,8 +38,12 @@ COPY --from=node /usr/local/bin /usr/local/bin
 
 WORKDIR /usr/src/jam
 
+COPY pubkeys/ /pubkeys
+
 # checkout and build project
 RUN git clone "$JAM_REPO" . --depth=1 --branch "$JAM_REPO_REF" \
+    && find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
+    && git verify-tag "$JAM_REPO_REF" \
     && npm install --no-fund --no-audit \
     && npm run build
 # --- UI builder - end
@@ -73,7 +77,11 @@ ARG JM_SERVER_REPO_REF
 
 WORKDIR /usr/src/joinmarket-clientserver
 
-RUN git clone "$JM_SERVER_REPO" . --depth=1 --branch "$JM_SERVER_REPO_REF"
+COPY pubkeys/ /pubkeys
+
+RUN git clone "$JM_SERVER_REPO" . --depth=1 --branch "$JM_SERVER_REPO_REF" \
+    && find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
+    && git verify-tag "$JM_SERVER_REPO_REF"
 # --- SERVER builder - end
 
 # --- RUNTIME builder
diff --git a/standalone/pubkeys/AdamGibson.asc b/standalone/pubkeys/AdamGibson.asc
new file mode 100644
index 0000000..ec07898
--- /dev/null
+++ b/standalone/pubkeys/AdamGibson.asc
@@ -0,0 +1,70 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFv0DQgBEADhaaCIS7omfkdE11EuLtyhjHTFGANwsrAkhf1eKYBMdHpC5jbP
+i2MgJWMkj5CMgvbKe+Y4vlUFzXW94uw8rMqH6Gd995+qs5EVqiA/8le80mTyuAG6
+JfpNqAo8ojHlPbr/9errq8kYNVfH5HhEJB2WEsFKFCB3L7IjukhroNzpSWCl2t8o
+CdLFtAorZiIBDIVXjMrJRCIPN4JhqV9O3PbXGiM2y+SIqwPemQF/qvwGfcSy+5OZ
+2TuDSPyGG7am8+a/kiq+s4prY/gJ2oxsi0iVtOMG48VRCHlg/LD5t82DYsHUpuZA
+XT7Ubz+ZI051vDPPutxR/op/7r2zkkWqrQUSoluLcsUf+lb/3KSz8XkQwO9pLFC6
+5qAqqBExKHAeh+uZnWDzn8E2JcpgDKYfW2eRZ4kL3PHozcZ61Ek9JbSBWTj2ghTk
+uwCi6eH+E8ybtiqWeB25LfLhqs2Qnk2IzC5NtqwyU+poYZD/ya0PPdoNQVXsUB6F
+8j0M62bU25qqkkeUhW8aGDPVN0V/X4nCoyeUrOgU7oW9wCuFyg+eYn1q62iwCFrA
+rjGvKSv3LzdzIqHeM8gaEs2sjUnvxwlcjJDVdiEW0nngcGU5+czH06hD0Nvu4nAg
+XeE5s4wvd9FhGW9pjNb8TM2aQqMZzYJJDLNdVIZQNVycAtOwLKcCq0btFQARAQAB
+tDNBZGFtIEdpYnNvbiAoQ09ERSBTSUdOSU5HIEtFWSkgPGVrYWdnYXRhQGdtYWls
+LmNvbT6JAjcEEwECACECGwMCHgECF4AFAlv0Dk0FCwkIBwMFFQoJCAsFFgIDAQAA
+CgkQFBABoa938guczQ//f38lBKjg7c+Ut31x5ciX1LtxvLyfnmTIDQRq4pB2FWrl
+14utkK4afDRwcBR6zRlQx8PE52+M9Rg7+KYQ7hDYy9c3IQonL2KdZgj+q2x99t5u
+UR9fj8b18U/2VDkVn1m8L//U3m596zZLwVBPr4OQ2Rd/rC6YGznMNXSN97nNr7SP
+GLXYH3rUEcmBf4VklneO6/M5y0PgNdTTM4DyKfrCk9ailWtev06G6gvTkyLzjpHH
+Z5IyZvhpHua/oUHjeRzuS4VYUYQuuiATD7raJhXsxfL7g/NF/fOi3KwvRlAm4ns1
+fOxOInLD2QK5hiEjdlPixwmuLMtTdHk5dAM+QX8Hr2Tis/cN+5J7vpvZoP7L0M7X
+xYo9J6wVRMKOxNeFNa88W/n+pBDVCUdTqDOrVHP632zXt0sbaSKXa/KqznD+ReGO
+jaYsKKenEmyXgfv+WoaUoqn9uZ8R2MywWyKojYguTP+RLHtzuiN3GPFPXQban27A
+h+M5d6ruh/P/AXyuddtibq36baD3iOXcGlmvfaAhYCVE59a3/AIAIZmkJr1DLJkf
+dF38BIqs+2/5jC05QyuGI94zmYy7Ivfjw8ncqUUpir2M6X25YD00AzNruXDFVz8m
+pU3RcHEyVAhBtQeZuB+d8pZMzROoXpY0K+VwM4VD3jiOJKQzYb+/kcaj20j9slSJ
+ARwEEAECAAYFAlv0D8UACgkQs64J8emjGXo47Af/UqUb05UUO1nsbd7M4RlO1535
+R3ils/GEnAuyo7eQSPLsFRSyxIWOo8OCNSA2u40O4cpW1hbmBKu3vF30WADbR0Bq
+Ox710SXFiN1D+Gmi48HfVbExYHVyaMZ0bzQdepNAzYE/KNx4hcxAw5Rgn+fPnibv
+kS5Y4DRuNRKNyF2KNSLQHyyN3EK7R+LMEsFcvfrKMZhCTN7+nh69/H08OegccmSH
+9+WrFmzAe1TA+Qri6o3XFSTIbvsRFqZB5pSf4/bS3Wufvv4TiXtKk6QI/9mBlU8B
+Xg7gVjeRU7cM56P572lzgEoCKFdypy1iavbu4DHaVhXYD5/8wKsDrgafvzsx5YkC
+OAQTAQIAIgUCW/QNCAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQFBAB
+oa938guciA//UC6LPNdCiTMiG7pBef8v3wteFvHkVG9T9a5l0rhTbxwJeop2qH9b
+G7MfF37Tb/zA/xeunQ6IwAaS/smDVFAX86r7GguJXk5X0JiWiDK0elzwJzd2Up9B
+E72YoLKYoJ3otJ93MQsy6TvDHvZky9gHzjEeOuV99UCLvNnr/h7AwpsCL4KCX3nU
+4tRfPhgDFu2H2OH8NfxezW43UmN5vaTxrMhrJLIipRSDF0LaQZeBy/8QSJwVIK3M
+UUjENE77i01v0ib8rdSH4OlR9PuOFfEhmH61EllGhVvxrGrTeQH6T8XTHjiqdWUM
+MWZlxGllgRnSdRUyBCSN9YxERivJl+7I/8ANOmYRluDYieV/F73HraYugeLs3k2n
+fZRZLIlnv3dUgA4fYAklzN6ljf8yWt8j+wJ7A5FBmMhHd5LnxRgM4w4R7aPirlUt
+ATypF+LGfVRRXtHs1YsI8GIrQo5GrT+yFHnwDrT3ASXDbh7EOUH+O8JlLyoKp7WJ
+ie8x7K9a+aoDWx8CmEsKytXgcDBdxZEZkoz2soK6UcnWbqQOT2fUZdZyaNoNZXgE
+cPSlPKVi/NabpgwCrnrhYTAh41OxgQVhqNurzgT6HKZNkvDVS6SGo74j2mPKMxhL
+nyjlc6Q6F2ngq0vl0qdSk54BAhLYDCttTiAgQo71/FWnBcQJGpOqMNe5Ag0EW/QN
+CAEQALueFahxEGALaZcBdBTYk5W32wdjdoZEjMUcz7iWFyArDHeXjmxAis3+Q6Tk
+FlAuJhGHL0NVpHjqDe0wg5B0V/c+Ew3WJTS6Or8UmKKg/OjUb9gbRMmy+Jxm2Y7D
+8Lx7ikct3jo0aXJHApVzvFzQOUZUCO67/5PS9LY6RMqoyV97xnlaypsx9CUF9Fc0
+eK7U/rliUJ0cSKoKm8kI1QTUfgRXkm33tn1qX5piAO8iyzPLZlJC0sVkI6tG0NMX
+8d8/ifNmCZolBaYT8Y/J7tQgbdshMi7NSzpuPdZfeSo5JHIaQcBQCrjVPQvtWyQb
+VhbUKOFxqLqIkaMEwOTVBNAMxuvwWLfr9sCiCpbPGTdu5ujyI4JsdxT+LkwgQSPP
+C0CZpxbNFeOdKcQMo0f5la7zwNvEgXu0r9DGUAqM7cHPUUP0RQQl72vk1B2rr33g
+ONeG8EzTYwYfuX5jjjyrd0Py9XAgg3b9RFxRIsTmzTzsAmyxRRBJmwBsEJ/8A8mL
+lEWhgDDn/gl23YfTBlV/J/PBN0vVFrSeIZtmWaDuxhiI07B/y1NKtttTkrU9R3K7
+GIinlIZ0/CR7LZRyP0F5NGLsDQwcrSNPLGoCeYLn9cSYCtQjZjAXCBDbPFQqq8LV
+7INtGXHG8FUoclibHU13eK1SBiSY836lwt4PlZ/IiVsmvMBXABEBAAGJAh8EGAEC
+AAkFAlv0DQgCGwwACgkQFBABoa938gsiOhAAtOQG/+Hh5vlk1r+AdFCOkgLCFlNq
+GWk4pLlAhpxmE5NVJKfqjjb+0AA9u8WpEmJAudw0vUQNC/fBHQFT8czKy4u7QFSk
+IPo2NtcGXYFjxMwzya5G87EgSgw8rekNHlC87r0lbcN/YZY3R0apcMCrbagjL7H4
+CGrc1oDlYSRqiwekkItKLNpv3RocHI/SQDcGdJAtq/K5S3kKxwGPKLG+8Tdau4Wk
+PWG+YnPj594mNGJv5ZHUlma5r5hJHPSQregaDGJnq+ln3jDZ21rUEu1DROBP2UmS
+517WSiSZz+hQqgnRlXVql42fvsggFpL3zdOXq0UbqPee1FVOuUidXaA8dGBfujJ/
+4MjCfCt5zyhr1+l3tKVjDiQhUkFbMaNpfEUueW1gJuVgzofLmAhf3pTGiQQDpjKl
+ijPLQxwAuQ4lM2KZObGSxDyw8Ffn8XX05DwU/s2h/MKuRgYyp20UiVUmdnZ/+KrH
+/KhFgh9dn7fueWh//4AaDAZ8NJruondaLkmZ+D53V4qsbJE3cpd1sXg5JL7eWE/8
+rwDsNWaJtM2p3viUujprCL7IMnXzv0dLfZm3fPGPWTg96/pdlWmpg4KyQjnH5SYg
+tHM+2GQnUD5nwsOGbXU27qQDMCpWU8aDvz2LPyD4qx9sS0gPpvOAYK5S3c0lWB5y
+nl9Ca4x7aeV2qGM=
+=3K5C
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/standalone/pubkeys/KristapsKaupe.asc b/standalone/pubkeys/KristapsKaupe.asc
new file mode 100644
index 0000000..87491fd
--- /dev/null
+++ b/standalone/pubkeys/KristapsKaupe.asc
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF/5BvoBEADPENhrPaBl9N2fN/RZiEbpkQyD2/IFxZKrGN9wnK6WevyEk25S
+b/bwNm9Ne67MzroRbR3nNzw6Kc+nQhxw1YapH47az2Sg+OfhMlMr53IZXpRZ8Egl
+lgGVKDGohCTqjPVEFRft9kVQZoks35N4qbDtMTNtxGFZ0x9cVTqYvkYdI0KhlE6P
+568FI9O79/BtEnlmwtjKOBJwLPbDpQtT+7+bhbWmt5PBer2vzzX+vEO1See4Mr8s
+fA+KPg3KlKhsVJmpchGHRXtn431elE6cJy6v1KaUZSU/lCbZlxmzj4Yn03MEyWpX
+MgrFoZKyL/4DlX6o0zAlTKSSDnZxJ2z6Az0rUidh6m/eKvxW5+BIPOxDjia80hg6
+JY41hJMERVWf/7LwCi5HzIcHN6IAod5AOc4T+p/j56xCyJ2Zo8gUyrMclKVP6to6
+O3PHEEx1MitPLjnk8Dyv6xWV/MAIqLwf35zzddH3XC4ptzI1V6p0BuI/wF0PgZLj
+Zj2ASL5JUcGRC4RwwiBbdINPlrEwPqiOBu68xI8Ynj6gLFMs5QGQxueeuOLNEPnR
+sICa5iGUGy85JdRPVBfMk2ltxPDK0fFjxj+zbQsVip+v0H6y+Y29B6633d4yoxdY
+xDgRsMLR2J8bsFcYx4TPvobPO4AVM0oDC825ihpIQCASJ5/zzidMo034cQARAQAB
+tCRLcmlzdGFwcyBLYXVwZSA8a3Jpc3RhcHNAYmxvZ2llbS5sdj6JAk4EEwEIADgW
+IQRwodR91E9Z34siJEMz5HL+hwx+XQUCX/kG+gIbAwULCQgHAgYVCgkICwIEFgID
+AQIeAQIXgAAKCRAz5HL+hwx+XV52EADF32w3pp6O6F40ngj9xpAIWlJsXwT6OlVB
++kj/aGYZ4Pb8I4Ty7uYjyBHoLBefTagywqFVtzxYq7wi+pu2vyxxM+u3Bynr3mFr
+2tz24/qI8QJFMvGiO9t7Ackl98jxcc+WOozKLkXJt4Yu3iZ/FvA0X8Ifc9BSF9mk
+37H5k5PlhA01v1nkObHUJsXkYLmxP2KYUI5DtpuADRlc6/KTqrL1L5gdgTVxtk+A
+G/XZAYi5Rd8Zuw+JNHrsUcMS+6IzOkW6lhXsE5BlVljaulE1aS/NXOgyhEBm7sP3
+YMoNXDK4mL94A0wpxFRaaDVtEeI+ZCwLPJvo2HgUFqqnpmOCOG4tCWABS2RKGH+l
+5YyTdqCYETX2YCucmdB9txNrDxZFOve6+YuUYioVUydk/8AuKLxtpPJ0TyRR4+4T
+Vp9EeoTbjj6CF/vEepZ1dZrYHPXr9ktzQJANk9KFJhRAr3jA9oW1iFfQoTeins1N
+zUCrEXOl864wFtFq7cTnbs1OrgyEpW8chSDwvZgQTsj5S1Nvza84LWU9sjmN1dsD
+iUwl0zSWlHJVG2aCXGcLfxFquYUPHDxhnDrPiIVj/66UDcw2om5tiUnv97kNWseG
+w7TwQhY6CP/2b+KXKoeFtDCxcEnq+1WZvpbUDAgu6j0HctF+bJNAHAHWFjzQ/SHL
+9j9Wx4htZLkCDQRf+Qb6ARAA+mEFzW/vEJm8g43iA9tqEN+eiENSC61fT0cXHRJD
+DJ9RTLZbN7JmjGsGrEZajGWxfDV0GimhxQSi1lnr8yJy50KNaKpWJCljhwPjb8Hg
+WDIrfAsw3pf4jJVsyL1kzS1NWtlAoFg4cskg7hXJSJ9H17Yz+CoAUXGtLoFJ0HwF
+VvRz2/8+lT66nm7UtOnym03s1vXvnR/HMxrHAueJtBkVlCo09ozF9yJhb8eG+yrx
+sz9QneUQL6vq2emMsCaalRfVpyudtcH1WumFQltRoDAiF1TVTJWlRzOiKY1t7F0m
+5Xa+Zqv/tglAY9kSLSNpzF5JU+5jNxtO0ihVu5a7ETcgWla/nuS7dv2mV67b4khr
+vg8Lx3tpDB0OFyEHXVI+2X3mVe5dBpS4ZPAOov2zo34oYhkmUGZ+63xkMiXbePZw
+s7PVAvI1qMTBmKW8YMUEub2XSldkq924YL842cwIHeLs5WIkHhullhIRB2PWem8h
+Fz1lwOxCHhxxdtSosmWmSTCvKPxmqQxqz4BvO1hjklnb4VaS8/d4Z7CfftrY52eJ
+Y3pGcUudhsSvcRqtxEayzX7YxpfBQ+wwtwGPTR2Ea3D+FLJ1S6Tou9DZWm5pNuFB
+xCrxC2O4CupR/sSxvNir6jH7ZeMEg0iLCNqqUFq/wAk+3Bx/00RAR8NfEwLkVzwq
+GEMAEQEAAYkCNgQYAQgAIBYhBHCh1H3UT1nfiyIkQzPkcv6HDH5dBQJf+Qb6AhsM
+AAoJEDPkcv6HDH5d2iYP+gPev09rERk3JoubpGcluktRYIL4Qp3pyxap4kOFFS0q
+K1piKLWVrmvdmJksDcDAGJ3L4a2WwnaBEBE2FXJOb7+cQ9YRx5VRtY2r2ZpI7RcN
+3WxxAN6rgHXj9S3LZ4QR2EUldHzKqa+VizNZAkaPTntfwMgEkJCYPbzylX0BqYkw
+PPJiFyeCCEoQJI4nt8siPl4SaWpiiHydJDBFlQ7EtiAh2C1QS7g8yUl2gkc9OxNL
+fRx3GKIzBS4amd6z/Yn6Z/2usa+x1HHWLR5i10GLY0hxNsL8sJK9HLQ3knCemVeu
+Atj272E7M2sr2XCFBzg+EKFvf6v46t/2CcyH1nkMXXXPQcBvgH0Svy/o+9qpXrtV
+o9dR+9qr/jfT/IDggfV4PLwvA9v+1NLldn1fkU6X4goGiSG96JvwrpAhCNVV6kpA
+urcvQxAOBR95nPmiNMjyPxLX/+YoqOhOj2FsvMdIgzg5Wm6tjtyoSryuH6aSGYqx
+mJvSQ3G/WaYRve0j33xbrrPM94H4HUL4+qfKrX9gmDgl/Z/UclcBety/NgNEaGtk
+Z0IopM87vZCrS+Qnfr/T2z/bH+1eEaZhi8yIdxt+2TZDLH7/BzoBaKA0iM5Jj1ZH
+H1aQPvW7KuWQr0OygYfUr5Zj9ZFl4Bmf9tY52uEvQoeUWoqw1oVnXc/UeHh06P18
+=S6ox
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/standalone/pubkeys/dergigi.asc b/standalone/pubkeys/dergigi.asc
new file mode 100644
index 0000000..49aa3a9
--- /dev/null
+++ b/standalone/pubkeys/dergigi.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: Keybase Go 3.1.2 (darwin)
+
+xsFNBFyqxMABEACmufB1pnB4ZW+rApz0qL3RKI+su5gX9AAzlJGOrVfDHT/CsyGX
+o+A0Eob3AL0QsxUiuhXpaZkzSxnOhsmHN1uxEtYYpDTOsfysXvgiE/q+YwZzSb74
+avsNFTvhbsOgpTpwfAtX1ZgyGkBwEeLdT9B5EWBb9gNDNS+O+mUahFdfGF8vOToM
+cIlGdJzM3f7alumQgqVLdO7kTSF3odOPXy293n7/g1Z4epca2hMYP38N0eSc1y/u
+5RCOrgncwgJyWwt8mH7fc1/R29MSgEjwyGdOpnzHRrLFevtosE+YacUWzlm9P7Y/
+5Hdr8IT9vJRUrBTWlFjabgLlmYvf6lwMU97Dr4HxfL03a7h108hVn/Dd622jZ0AS
+gWKfFW85OfhTpMNSO2Vc+cBJZJgSSYbuN9/7acs8+VXeeT6XgdzFUbi41/q7aQI8
+XogoiJBxLQbzRWovMXyezW9BaMvxgVjEUUUZA0C9Lt8t4URgpGbWSTozknVxmw8o
+g9MzL+4zFVIqyW/yWC2oDdKVNJ/4S6Dc2qvPSBogbt8MA7fzZie2AFWN7ES/I/H4
+4wNFBE7gMkqhCmGYJCH52bUM/TuYy929vkmOGvwhm+k2guCk3ZpYjgKnYTShysrG
+GlkqGSWyo2E6y2b4zWxYXGWc8MweKgAp5LKedLFAnOHdusJVn0uIf4GqLwARAQAB
+zRRHaWdpIDxkZXJnaWdpQHBtLm1lPsLBeAQTAQgALAUCXKrEwAkQicSiXmml3n8C
+GwMFCR4TOAACGQEECwcJAwUVCAoCAwQWAAECAAAg+xAAkX+2j8Z0pPukGuoCK2of
+bgJIHgUr2TX1rLP4xkDzXPGEl2VXp6dTZE7UnX7Orhw6IBUv7c5Uwkof0QoxZ1wK
+8lFe/RYnvJrzksTZgQUTPrfL4ksZ9ApF6lRCCsgFdNPa+W4SXMLvKsllW5XUTFJ0
+gEKZaCjjTwc7mc9bHVE8iovzzLa88DxTAYY4ydyFksc3fkQhhgkZEAAXTmrkEPaP
+LBYatY18BODpxnKgjB/C05BB9LfiEINuj6QWV3lPcX8IhwAFsHs3VZhuZF5qwDIR
+rITwtbAswuLIbaZqAenWgHjeQw1euIzQG7XQx3Kin9f6GPrFnSoGRAoA4yhG1/ov
+Ld4pGCT2nowwpw9hq9oPQB1pJerMVn4rxXh1Z1PWRsnjPcliKW4IvkodeYpHEdpn
+k1/DjlbO15CwLtuvHoClZ9kI+GXUckvw3JaAHHU35neWC1NNn4p0/DjUaPylSWTk
+DLxNR/B9hFZG3MUkVVhn/yY1O95DFaYJ6jxnieCyBnNeIm+vHXl5mBbMkuwCo/dW
+FY6QzZMpJDnYt6SFewFPQL5R9218SpBdoX19Vk+c3k4OahEKZ4XgXFM/o7+0LD3z
+MjcY5SoUuPY1Yf1rAiVQAdGgUHIRvee+YGhWMmEqNKJIVfKB2ezUfi0dhcfiuKRw
+MIaU8pPvpIjt/z7E6ouy+HPOwU0EXKrEwAEQAN6gL45ophF6s27Ik7iTlt2NXLK0
+mfxEvdu8RBIdbwuYiefAyMZR4DJSZ4jqAnvub4R0x2kYtgYMQ5MRHv4jYdK5lgKw
+8Hp2uNwr+EjXOBW4F3pVxGpl/q/pMxmA/jOqDikZ+ei9O2kyseDOvXBSpLTIx2c/
+LmffLbTnv/WP4wsNGmyeh0V4aOptD3lbG53sjuPpLgQVZ5lLsSqWot05JArADPxy
+m35oLzZFY32V5HZBPsGhsGqMU4N/nm7ELZ9mcz6qvAszqp0CMiaoi/S7ycuQpvpH
+09iav4Ah7Tem5rPNLUSYQIyjiRWRQKOAH6/mc2ToyGxio6B5MA26Gq6GZeqZSbUL
+wEEcjWG6HR5dytYCSgnEC0fRAm/47hX80qMZAQ8/3U6ILNahREHIGn5cYok5/6kM
+S3IziCaBAvQ2kSeG16oQpv0SBTZMMNQXvjfh77kY7QRMoV9RYO1wee29RbLPqdBI
+x83QL9vztK2EqHwUOTu3SQydGAS/LLz+qP2EOK4XbJGWCvf1AC/Ru/IrxoB4iReK
+YRoYBwZcenNqTTVXn0zjvanoLV5tLbd7dMQ6cVIi3mvGpAKY7OV4+MJqQdZqI+jK
+1+QMcauRZd+YYUbu/pvfNipzoxIWpQb0yZf6mbo/OonJR9K+7FAkpCEV7IXlYAAC
+a7DB26wgeIGUFDzzABEBAAHCwXUEGAEIACkFAlyqxMAJEInEol5ppd5/AhsMBQke
+EzgABAsHCQMFFQgKAgMEFgABAgAARlUQAFpT9TN2zqjI4GTfi7G6QEFN0qkhChi2
+4E/G+rfC9r4IGFV5tFIwNnN0ON5rMIzs7e73bsr2whFfAOCCX0PDfaaU6FzXCAFI
+WIpELh1PhgvHwZQCjpu4R6MRei1IAUld5L3xrg49EFvxGYfp2ekgf8A/Z+KlJdVb
+DL4mJBaDkw4OO5rINdoMuXRmMRRVOtwhsmsMS1WUQxTnu2zG3hhbhiIz57w17jA5
+/s21GeBU9cjahJVGWw8rq9OIrJg127Iz02S+IEvfZ0D4eK7TXd3HrfzBjSE0SHez
+SSd6UWgSsUk/K93eEgfpYlIrmLqioBYs0+TFr+Nu3IQVW2qJwQygD8Fy0Ay6T+Gt
+gFIwnANyCTmqDvJChHG1t7sACVaBdtAutNmCDeuAX2gBH1ZBDd9WQ//pam/hEkzd
+l/z/Y1e4L+2/LDktbYkALoqYyKn4QTZQLACNQizjMickg5sZYOwdwShaK/cNyPad
++JcPtbm5Mtzi4unHGatd4Rn1LYYBnSJ9wv1yrftlZpYQOEG+HIaWY6Sro7b26I0n
+fY8gNEzbvzinNenNR3iIbVnG1yLME35F7EEh1AEfRn1mjklLNyh/yitIk77GQx1B
+eui7naLFAaE0udZn6vdyRRpgrvIRMEdy9UEsTvfOtwP8l2yKZMlfljXu+J4ITARY
+IYMWhg1y2RcR
+=irYJ
+-----END PGP PUBLIC KEY BLOCK-----

From ea6b5cf25e41323e49247c888ddb41afdae0a4ac Mon Sep 17 00:00:00 2001
From: theborakompanioni <theborakompanioni+github@gmail.com>
Date: Sun, 3 Sep 2023 14:02:30 +0200
Subject: [PATCH 2/6] feat: verify release signatures in ui-only image

---
 ui-only/Dockerfile          |  6 ++++-
 ui-only/pubkeys/dergigi.asc | 52 +++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 ui-only/pubkeys/dergigi.asc

diff --git a/ui-only/Dockerfile b/ui-only/Dockerfile
index d812148..a806374 100644
--- a/ui-only/Dockerfile
+++ b/ui-only/Dockerfile
@@ -25,7 +25,7 @@ COPY --from=node /usr/local/include /usr/local/include
 COPY --from=node /usr/local/bin /usr/local/bin
 
 # install build dependencies
-RUN apk add --no-cache --update git
+RUN apk add --no-cache --update git gnupg
 
 # ---
 FROM builder-base AS builder
@@ -34,8 +34,12 @@ ARG JAM_REPO_REF
 
 WORKDIR /usr/src/app
 
+COPY pubkeys/ /pubkeys
+
 # checkout and build project
 RUN git clone "$JAM_REPO" . --depth=1 --branch "$JAM_REPO_REF" \
+    && find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
+    && git verify-tag "$JAM_REPO_REF" \
     && npm install --no-fund --no-audit \
     && npm run build
 
diff --git a/ui-only/pubkeys/dergigi.asc b/ui-only/pubkeys/dergigi.asc
new file mode 100644
index 0000000..49aa3a9
--- /dev/null
+++ b/ui-only/pubkeys/dergigi.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: Keybase Go 3.1.2 (darwin)
+
+xsFNBFyqxMABEACmufB1pnB4ZW+rApz0qL3RKI+su5gX9AAzlJGOrVfDHT/CsyGX
+o+A0Eob3AL0QsxUiuhXpaZkzSxnOhsmHN1uxEtYYpDTOsfysXvgiE/q+YwZzSb74
+avsNFTvhbsOgpTpwfAtX1ZgyGkBwEeLdT9B5EWBb9gNDNS+O+mUahFdfGF8vOToM
+cIlGdJzM3f7alumQgqVLdO7kTSF3odOPXy293n7/g1Z4epca2hMYP38N0eSc1y/u
+5RCOrgncwgJyWwt8mH7fc1/R29MSgEjwyGdOpnzHRrLFevtosE+YacUWzlm9P7Y/
+5Hdr8IT9vJRUrBTWlFjabgLlmYvf6lwMU97Dr4HxfL03a7h108hVn/Dd622jZ0AS
+gWKfFW85OfhTpMNSO2Vc+cBJZJgSSYbuN9/7acs8+VXeeT6XgdzFUbi41/q7aQI8
+XogoiJBxLQbzRWovMXyezW9BaMvxgVjEUUUZA0C9Lt8t4URgpGbWSTozknVxmw8o
+g9MzL+4zFVIqyW/yWC2oDdKVNJ/4S6Dc2qvPSBogbt8MA7fzZie2AFWN7ES/I/H4
+4wNFBE7gMkqhCmGYJCH52bUM/TuYy929vkmOGvwhm+k2guCk3ZpYjgKnYTShysrG
+GlkqGSWyo2E6y2b4zWxYXGWc8MweKgAp5LKedLFAnOHdusJVn0uIf4GqLwARAQAB
+zRRHaWdpIDxkZXJnaWdpQHBtLm1lPsLBeAQTAQgALAUCXKrEwAkQicSiXmml3n8C
+GwMFCR4TOAACGQEECwcJAwUVCAoCAwQWAAECAAAg+xAAkX+2j8Z0pPukGuoCK2of
+bgJIHgUr2TX1rLP4xkDzXPGEl2VXp6dTZE7UnX7Orhw6IBUv7c5Uwkof0QoxZ1wK
+8lFe/RYnvJrzksTZgQUTPrfL4ksZ9ApF6lRCCsgFdNPa+W4SXMLvKsllW5XUTFJ0
+gEKZaCjjTwc7mc9bHVE8iovzzLa88DxTAYY4ydyFksc3fkQhhgkZEAAXTmrkEPaP
+LBYatY18BODpxnKgjB/C05BB9LfiEINuj6QWV3lPcX8IhwAFsHs3VZhuZF5qwDIR
+rITwtbAswuLIbaZqAenWgHjeQw1euIzQG7XQx3Kin9f6GPrFnSoGRAoA4yhG1/ov
+Ld4pGCT2nowwpw9hq9oPQB1pJerMVn4rxXh1Z1PWRsnjPcliKW4IvkodeYpHEdpn
+k1/DjlbO15CwLtuvHoClZ9kI+GXUckvw3JaAHHU35neWC1NNn4p0/DjUaPylSWTk
+DLxNR/B9hFZG3MUkVVhn/yY1O95DFaYJ6jxnieCyBnNeIm+vHXl5mBbMkuwCo/dW
+FY6QzZMpJDnYt6SFewFPQL5R9218SpBdoX19Vk+c3k4OahEKZ4XgXFM/o7+0LD3z
+MjcY5SoUuPY1Yf1rAiVQAdGgUHIRvee+YGhWMmEqNKJIVfKB2ezUfi0dhcfiuKRw
+MIaU8pPvpIjt/z7E6ouy+HPOwU0EXKrEwAEQAN6gL45ophF6s27Ik7iTlt2NXLK0
+mfxEvdu8RBIdbwuYiefAyMZR4DJSZ4jqAnvub4R0x2kYtgYMQ5MRHv4jYdK5lgKw
+8Hp2uNwr+EjXOBW4F3pVxGpl/q/pMxmA/jOqDikZ+ei9O2kyseDOvXBSpLTIx2c/
+LmffLbTnv/WP4wsNGmyeh0V4aOptD3lbG53sjuPpLgQVZ5lLsSqWot05JArADPxy
+m35oLzZFY32V5HZBPsGhsGqMU4N/nm7ELZ9mcz6qvAszqp0CMiaoi/S7ycuQpvpH
+09iav4Ah7Tem5rPNLUSYQIyjiRWRQKOAH6/mc2ToyGxio6B5MA26Gq6GZeqZSbUL
+wEEcjWG6HR5dytYCSgnEC0fRAm/47hX80qMZAQ8/3U6ILNahREHIGn5cYok5/6kM
+S3IziCaBAvQ2kSeG16oQpv0SBTZMMNQXvjfh77kY7QRMoV9RYO1wee29RbLPqdBI
+x83QL9vztK2EqHwUOTu3SQydGAS/LLz+qP2EOK4XbJGWCvf1AC/Ru/IrxoB4iReK
+YRoYBwZcenNqTTVXn0zjvanoLV5tLbd7dMQ6cVIi3mvGpAKY7OV4+MJqQdZqI+jK
+1+QMcauRZd+YYUbu/pvfNipzoxIWpQb0yZf6mbo/OonJR9K+7FAkpCEV7IXlYAAC
+a7DB26wgeIGUFDzzABEBAAHCwXUEGAEIACkFAlyqxMAJEInEol5ppd5/AhsMBQke
+EzgABAsHCQMFFQgKAgMEFgABAgAARlUQAFpT9TN2zqjI4GTfi7G6QEFN0qkhChi2
+4E/G+rfC9r4IGFV5tFIwNnN0ON5rMIzs7e73bsr2whFfAOCCX0PDfaaU6FzXCAFI
+WIpELh1PhgvHwZQCjpu4R6MRei1IAUld5L3xrg49EFvxGYfp2ekgf8A/Z+KlJdVb
+DL4mJBaDkw4OO5rINdoMuXRmMRRVOtwhsmsMS1WUQxTnu2zG3hhbhiIz57w17jA5
+/s21GeBU9cjahJVGWw8rq9OIrJg127Iz02S+IEvfZ0D4eK7TXd3HrfzBjSE0SHez
+SSd6UWgSsUk/K93eEgfpYlIrmLqioBYs0+TFr+Nu3IQVW2qJwQygD8Fy0Ay6T+Gt
+gFIwnANyCTmqDvJChHG1t7sACVaBdtAutNmCDeuAX2gBH1ZBDd9WQ//pam/hEkzd
+l/z/Y1e4L+2/LDktbYkALoqYyKn4QTZQLACNQizjMickg5sZYOwdwShaK/cNyPad
++JcPtbm5Mtzi4unHGatd4Rn1LYYBnSJ9wv1yrftlZpYQOEG+HIaWY6Sro7b26I0n
+fY8gNEzbvzinNenNR3iIbVnG1yLME35F7EEh1AEfRn1mjklLNyh/yitIk77GQx1B
+eui7naLFAaE0udZn6vdyRRpgrvIRMEdy9UEsTvfOtwP8l2yKZMlfljXu+J4ITARY
+IYMWhg1y2RcR
+=irYJ
+-----END PGP PUBLIC KEY BLOCK-----

From 3166df5364501c2ea6c4839d5bff3c07be7264e9 Mon Sep 17 00:00:00 2001
From: theborakompanioni <theborakompanioni+github@gmail.com>
Date: Thu, 31 Oct 2024 08:36:30 +0100
Subject: [PATCH 3/6] chore(build): add tbk pubkey

---
 standalone/pubkeys/tbk.asc | 30 ++++++++++++++++++++++++++++++
 ui-only/pubkeys/tbk.asc    | 30 ++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 standalone/pubkeys/tbk.asc
 create mode 100644 ui-only/pubkeys/tbk.asc

diff --git a/standalone/pubkeys/tbk.asc b/standalone/pubkeys/tbk.asc
new file mode 100644
index 0000000..d339fd4
--- /dev/null
+++ b/standalone/pubkeys/tbk.asc
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFWEaZwBCADi5PSUVz3BYau+BS9GMQkHBFsQaMz3IADQAE6ctV21Vl3qUMDF
+kGyCkk4hxyvhNlDsSIV/haccS7AJ1TD7xFw+yOQDUPoJaV8uvUvzdwer0lmpi2b2
+7L96QDVW9yCuXjCcOB9BIE7fnkG5ApqU7lmVY7lt6PaQVYibS6DzxgKVJx+uKEzh
+Ky4YPV9H6JICySA5GSlM1jr6+ygQo4Ggq091vUbH1Cep9qOwK2dqLBaXBlmh/Uog
+LfRjYvodGGcRxB26SvSvmY8O3VxHkxXeu0gN1GR1LJDKogdD+KzRMpCYVxyXbbOd
+8dJaO1zcJzRyI06Kg8sLvaNHgAFvB2pBZAD3ABEBAAG0Q3RoZWJvcmFrb21wYW5p
+b25pIChubyBjb21tZW50KSA8dGhlYm9yYWtvbXBhbmlvbmkrZ2l0aHViQGdtYWls
+LmNvbT6JATgEEwECACIFAlWEaZwCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
+AAoJEOgHCvAFOqwNn5kIAJzUZT5xvyHVs27jINXCij2hH1Zq7yZguDYN8J8EUkbF
+QJnO7nG3rzRoWlPwEn8UF/450ikw5JqFuERfKFWWvuDY08nBpl8yApjWPCDC4Wkb
+p+kvgvx2l+6KyiVWJcS9B2hBSOzfAcfHeDGcAjodIk6WF4naruVNjzrDpSB8R/O9
+1NaRNopOdqTT6FXbahs6jFrO/nZTFUNtluy5FfF2kStRbj31UarefJ3PsF47XqyE
+PMm+okYzDTP+IYQ02b26i5b0GCHcU+hE42ERLzaxt+KpSzWaUzzoxB9pWUeBxw4G
+uuPMpCDfSjBKadKlQZtVoeZ7DmloEVQLLKGBcscocAG5AQ0EVYRpnAEIANZFQnDm
+BHpyFbE3AoUitA6gD7PFAexSr8Fm9uAXJ+1qdHBdWegBz0i/I7cIVoGNDo3FfSnY
+6CB0hObgV1l0yffkm+WuJ4wTQdO1KS74VX4Dzpg3EfHCTq63AN11si5Vy6wIOw2t
+3TTT1Dcwsc7RpIQ3RNGbnsnjNG6hzEN536GfKzi73flzmKsXNFW+87fxt8BKf7qn
+TTP5zq1XcakAOJ6iF8nJEbdOEfXYU8bnzLGvBP1gS7p/kyhboni3PGEYIJSs3Ibl
+R5Y1q63sGTTaFV+1s+tgO0BQ3vFbTeouG7tG7ysv8JaiGnzzyQXfBXqdbItUFEO/
+nGuCoWm7NdrfIiMAEQEAAYkBHwQYAQIACQUCVYRpnAIbDAAKCRDoBwrwBTqsDfx7
+CACQnDMsSbO36bHljjWtQRgJ7sO42xCGw3fawruC859RxIDS+3y7YmNF+PHJuZwc
+8CFGrwvKSAdepvUNx1ic3KY0MX+j0n7uCOPnVW5D9cj58eUGrpeK8pBMzFoB7DJU
+HCIYzDesd2aD07qLL3v11k9hwSydU31szgfQa2/W+tRiMdhw15OxLMf1IZJoENUr
+/fJZg++/eGi8pEg24M5iDej7fQJiD/eLmqjpX6DJteBNoS7eyY8YfgrDEkj/IWUs
+ddufkEKahxbfoVvyBWfjgtw3jF274IC3vXKK0VkkUthNwCFGYHfyxpK/SMcyqgbe
+mFRCL+oUb2h+an6N1MA9uC3E
+=Ne9z
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/ui-only/pubkeys/tbk.asc b/ui-only/pubkeys/tbk.asc
new file mode 100644
index 0000000..d339fd4
--- /dev/null
+++ b/ui-only/pubkeys/tbk.asc
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFWEaZwBCADi5PSUVz3BYau+BS9GMQkHBFsQaMz3IADQAE6ctV21Vl3qUMDF
+kGyCkk4hxyvhNlDsSIV/haccS7AJ1TD7xFw+yOQDUPoJaV8uvUvzdwer0lmpi2b2
+7L96QDVW9yCuXjCcOB9BIE7fnkG5ApqU7lmVY7lt6PaQVYibS6DzxgKVJx+uKEzh
+Ky4YPV9H6JICySA5GSlM1jr6+ygQo4Ggq091vUbH1Cep9qOwK2dqLBaXBlmh/Uog
+LfRjYvodGGcRxB26SvSvmY8O3VxHkxXeu0gN1GR1LJDKogdD+KzRMpCYVxyXbbOd
+8dJaO1zcJzRyI06Kg8sLvaNHgAFvB2pBZAD3ABEBAAG0Q3RoZWJvcmFrb21wYW5p
+b25pIChubyBjb21tZW50KSA8dGhlYm9yYWtvbXBhbmlvbmkrZ2l0aHViQGdtYWls
+LmNvbT6JATgEEwECACIFAlWEaZwCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
+AAoJEOgHCvAFOqwNn5kIAJzUZT5xvyHVs27jINXCij2hH1Zq7yZguDYN8J8EUkbF
+QJnO7nG3rzRoWlPwEn8UF/450ikw5JqFuERfKFWWvuDY08nBpl8yApjWPCDC4Wkb
+p+kvgvx2l+6KyiVWJcS9B2hBSOzfAcfHeDGcAjodIk6WF4naruVNjzrDpSB8R/O9
+1NaRNopOdqTT6FXbahs6jFrO/nZTFUNtluy5FfF2kStRbj31UarefJ3PsF47XqyE
+PMm+okYzDTP+IYQ02b26i5b0GCHcU+hE42ERLzaxt+KpSzWaUzzoxB9pWUeBxw4G
+uuPMpCDfSjBKadKlQZtVoeZ7DmloEVQLLKGBcscocAG5AQ0EVYRpnAEIANZFQnDm
+BHpyFbE3AoUitA6gD7PFAexSr8Fm9uAXJ+1qdHBdWegBz0i/I7cIVoGNDo3FfSnY
+6CB0hObgV1l0yffkm+WuJ4wTQdO1KS74VX4Dzpg3EfHCTq63AN11si5Vy6wIOw2t
+3TTT1Dcwsc7RpIQ3RNGbnsnjNG6hzEN536GfKzi73flzmKsXNFW+87fxt8BKf7qn
+TTP5zq1XcakAOJ6iF8nJEbdOEfXYU8bnzLGvBP1gS7p/kyhboni3PGEYIJSs3Ibl
+R5Y1q63sGTTaFV+1s+tgO0BQ3vFbTeouG7tG7ysv8JaiGnzzyQXfBXqdbItUFEO/
+nGuCoWm7NdrfIiMAEQEAAYkBHwQYAQIACQUCVYRpnAIbDAAKCRDoBwrwBTqsDfx7
+CACQnDMsSbO36bHljjWtQRgJ7sO42xCGw3fawruC859RxIDS+3y7YmNF+PHJuZwc
+8CFGrwvKSAdepvUNx1ic3KY0MX+j0n7uCOPnVW5D9cj58eUGrpeK8pBMzFoB7DJU
+HCIYzDesd2aD07qLL3v11k9hwSydU31szgfQa2/W+tRiMdhw15OxLMf1IZJoENUr
+/fJZg++/eGi8pEg24M5iDej7fQJiD/eLmqjpX6DJteBNoS7eyY8YfgrDEkj/IWUs
+ddufkEKahxbfoVvyBWfjgtw3jF274IC3vXKK0VkkUthNwCFGYHfyxpK/SMcyqgbe
+mFRCL+oUb2h+an6N1MA9uC3E
+=Ne9z
+-----END PGP PUBLIC KEY BLOCK-----

From 46e883ac8a47aba4a9c12560426cd460be2bc6c9 Mon Sep 17 00:00:00 2001
From: theborakompanioni <theborakompanioni+github@gmail.com>
Date: Thu, 31 Oct 2024 09:46:36 +0100
Subject: [PATCH 4/6] feat(dev): ability to skip release verification

---
 readme.md             | 26 +++++++++++++++++++++++---
 standalone/Dockerfile | 16 ++++++++++++----
 ui-only/Dockerfile    | 12 +++++++++---
 3 files changed, 44 insertions(+), 10 deletions(-)

diff --git a/readme.md b/readme.md
index b3a31f2..1a5b96f 100644
--- a/readme.md
+++ b/readme.md
@@ -15,20 +15,30 @@ docker pull ghcr.io/joinmarket-webui/jam-ui-only:latest
 
 ### Environment variables
 
-The following environment variables control the configuration
+The following environment variables control the configuration:
 - `JAM_JMWALLETD_HOST` (required; jmwalletd hostname)
 - `JAM_JMWALLETD_API_PORT` (required; jmwalletd api port)
 - `JAM_JMWALLETD_WEBSOCKET_PORT` (required; jmwalletd websocket port)
 - `JAM_JMOBWATCH_PORT` (required; ob-watcher port)
 
 ### Building Notes
+Building a specific release:
 ```sh
 docker build --label "local" \
+        --build-arg JAM_REPO_REF=v0.3.0 \
+        --tag "joinmarket-webui/jam-ui-only" ./ui-only
+```
+
+Building from a specific branch (with disabled release verification):
+```sh
+docker build --label "local" \
+        --build-arg VERIFY_RELEASE=false \
         --build-arg JAM_REPO_REF=master \
         --tag "joinmarket-webui/jam-ui-only" ./ui-only
 ```
 
 #### Build args
+- `VERIFY_RELEASE` (optional, defaults to `true`; enable or disable release verification)
 - `JAM_REPO` (ui git repo; defaults to `https://github.com/joinmarket-webui/jam`)
 - `JAM_REPO_REF` (ui git ref; defaults to `master`)
 
@@ -74,7 +84,7 @@ docker pull ghcr.io/joinmarket-webui/jam-standalone:latest
 ```
 
 ### Environment variables
-The following environment variables control the configuration
+The following environment variables control the configuration:
 - `APP_USER` (optional; username used for basic authentication)
 - `APP_PASSWORD` (optional, but required if `APP_USER` is provided; password used for basic authentication)
 - `ENSURE_WALLET` (optional, defaults to `false`; create and load the wallet in bitcoin core on startup)
@@ -87,17 +97,27 @@ Variables starting with prefix `JM_` will be applied to `joinmarket.cfg` e.g.:
 - `JM_GAPLIMIT: 2000` will set the `gaplimit` config value to `2000`
 
 ### Building Notes
+Building a specific release:
 ```sh
 docker build --label "local" \
+        --build-arg JAM_REPO_REF=v0.3.0 \
+        --build-arg JM_SERVER_REPO_REF=v0.9.11 \
+        --tag "joinmarket-webui/jam-standalone" ./standalone
+```
+
+Building from a specific branch (with disabled release verification):
+```sh
+docker build --label "local" \
+        --build-arg VERIFY_RELEASE=false \
         --build-arg JAM_REPO_REF=master \
         --build-arg JM_SERVER_REPO_REF=master \
         --tag "joinmarket-webui/jam-standalone" ./standalone
 ```
 
 #### Build args
+- `VERIFY_RELEASE` (optional, defaults to `true`; enable or disable release verification)
 - `JAM_REPO` (ui git repo; defaults to `https://github.com/joinmarket-webui/jam`)
 - `JAM_REPO_REF` (ui git ref; defaults to `master`)
----
 - `JM_SERVER_REPO` (server git repo; defaults to `https://github.com/JoinMarket-Org/joinmarket-clientserver`)
 - `JM_SERVER_REPO_REF` (server git ref; defaults to `master`)
 
diff --git a/standalone/Dockerfile b/standalone/Dockerfile
index e343c65..44c415a 100644
--- a/standalone/Dockerfile
+++ b/standalone/Dockerfile
@@ -8,6 +8,8 @@ ARG JAM_REPO_REF=master
 ARG JM_SERVER_REPO=https://github.com/JoinMarket-Org/joinmarket-clientserver
 ARG JM_SERVER_REPO_REF=master
 
+ARG VERIFY_RELEASE=true
+
 ARG NODE_IMAGE_VERSION=22.11.0
 ARG NODE_IMAGE_HASH=f265794478aa0b1a23d85a492c8311ed795bc527c3fe7e43453b3c872dcd71a3
 ARG NODE_IMAGE=node:${NODE_IMAGE_VERSION}-alpine@sha256:${NODE_IMAGE_HASH}
@@ -17,6 +19,7 @@ ARG ALPINE_IMAGE=alpine:${ALPINE_IMAGE_VERSION}@sha256:${ALPINE_IMAGE_HASH}
 ARG DEBIAN_IMAGE_VERSION=bullseye-20240926-slim
 ARG DEBIAN_IMAGE_HASH=3f9e53602537cc817d96f0ebb131a39bdb16fa8b422137659a9a597e7e3853c1
 ARG DEBIAN_IMAGE=debian:${DEBIAN_IMAGE_VERSION}@sha256:${DEBIAN_IMAGE_HASH}
+
 ARG DINIT_VERSION=0.19.0
 
 FROM ${NODE_IMAGE} AS node
@@ -30,6 +33,7 @@ RUN apk add --no-cache --update git gnupg
 FROM builder-base AS ui-builder
 ARG JAM_REPO
 ARG JAM_REPO_REF
+ARG VERIFY_RELEASE
 
 COPY --from=node /usr/lib /usr/lib
 COPY --from=node /usr/local/lib /usr/local/lib
@@ -42,8 +46,10 @@ COPY pubkeys/ /pubkeys
 
 # checkout and build project
 RUN git clone "$JAM_REPO" . --depth=1 --branch "$JAM_REPO_REF" \
-    && find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
-    && git verify-tag "$JAM_REPO_REF" \
+    && (if [ "$VERIFY_RELEASE" != "false" ]; then \
+        find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
+        && git verify-tag "$JAM_REPO_REF"; \
+    fi) \
     && npm install --no-fund --no-audit \
     && npm run build
 # --- UI builder - end
@@ -80,8 +86,10 @@ WORKDIR /usr/src/joinmarket-clientserver
 COPY pubkeys/ /pubkeys
 
 RUN git clone "$JM_SERVER_REPO" . --depth=1 --branch "$JM_SERVER_REPO_REF" \
-    && find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
-    && git verify-tag "$JM_SERVER_REPO_REF"
+    && (if [ "$VERIFY_RELEASE" != "false" ]; then \
+        find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
+        && git verify-tag "$JM_SERVER_REPO_REF"; \
+    fi)
 # --- SERVER builder - end
 
 # --- RUNTIME builder
diff --git a/ui-only/Dockerfile b/ui-only/Dockerfile
index a806374..a23688b 100644
--- a/ui-only/Dockerfile
+++ b/ui-only/Dockerfile
@@ -5,6 +5,8 @@ ARG MAINTAINER='Jam https://github.com/joinmarket-webui'
 ARG JAM_REPO=https://github.com/joinmarket-webui/jam
 ARG JAM_REPO_REF=master
 
+ARG VERIFY_RELEASE=true
+
 ARG NODE_IMAGE_VERSION=22.11.0
 ARG NODE_IMAGE_HASH=f265794478aa0b1a23d85a492c8311ed795bc527c3fe7e43453b3c872dcd71a3
 ARG NODE_IMAGE=node:${NODE_IMAGE_VERSION}-alpine@sha256:${NODE_IMAGE_HASH}
@@ -27,10 +29,11 @@ COPY --from=node /usr/local/bin /usr/local/bin
 # install build dependencies
 RUN apk add --no-cache --update git gnupg
 
-# ---
+# --- UI builder 
 FROM builder-base AS builder
 ARG JAM_REPO
 ARG JAM_REPO_REF
+ARG VERIFY_RELEASE
 
 WORKDIR /usr/src/app
 
@@ -38,10 +41,13 @@ COPY pubkeys/ /pubkeys
 
 # checkout and build project
 RUN git clone "$JAM_REPO" . --depth=1 --branch "$JAM_REPO_REF" \
-    && find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
-    && git verify-tag "$JAM_REPO_REF" \
+    && (if [ "$VERIFY_RELEASE" != "false" ]; then \
+        find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
+        && git verify-tag "$JAM_REPO_REF"; \
+    fi) \
     && npm install --no-fund --no-audit \
     && npm run build
+# --- UI builder - end
 
 # ---
 FROM ${NGINX_IMAGE} AS runtime

From 49e6327e3bdac2639af27895d06dd4d0711988ac Mon Sep 17 00:00:00 2001
From: theborakompanioni <theborakompanioni+github@gmail.com>
Date: Thu, 31 Oct 2024 20:35:14 +0100
Subject: [PATCH 5/6] build(ci): ability to skip release verification for dev
 builds

---
 .../workflows/create-and-publish-docker-dev-manually.yml  | 6 ++++++
 .github/workflows/create-and-publish-docker.yml           | 8 +++++++-
 standalone/Dockerfile                                     | 3 ++-
 ui-only/Dockerfile                                        | 2 +-
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/create-and-publish-docker-dev-manually.yml b/.github/workflows/create-and-publish-docker-dev-manually.yml
index 1a459b2..68a4dbf 100644
--- a/.github/workflows/create-and-publish-docker-dev-manually.yml
+++ b/.github/workflows/create-and-publish-docker-dev-manually.yml
@@ -17,6 +17,11 @@ on:
         required: true
         default: 'master'
         type: string
+      verify_release:
+        description: 'enable or disable release verification'
+        required: true
+        default: false
+        type: boolean
 
 jobs:
   image-manually:
@@ -26,3 +31,4 @@ jobs:
       ui_repo_ref: ${{ github.event.inputs.ui_repo_ref }}
       server_repo_ref: ${{ github.event.inputs.server_repo_ref }}
       image_name_prefix: joinmarket-webui/jam-dev-
+      verify_release: ${{ github.event.inputs.verify_release }}
diff --git a/.github/workflows/create-and-publish-docker.yml b/.github/workflows/create-and-publish-docker.yml
index 977c1d0..5dca1f2 100644
--- a/.github/workflows/create-and-publish-docker.yml
+++ b/.github/workflows/create-and-publish-docker.yml
@@ -16,9 +16,14 @@ on:
         required: true
         type: string
       image_name_prefix:
-        description: 'image name prefix: e.g. joinmarket-webui/jam-'
+        description: 'image name prefix (e.g. joinmarket-webui/jam-)'
         required: true
         type: string
+      verify_release:
+        description: 'enable or disable release verification'
+        required: false
+        default: true
+        type: boolean
 
 env:
   REGISTRY: ghcr.io
@@ -72,3 +77,4 @@ jobs:
           build-args: |
             JAM_REPO_REF=${{ inputs.ui_repo_ref }}
             JM_SERVER_REPO_REF=${{ inputs.server_repo_ref }}
+            VERIFY_RELEASE=${{ inputs.verify_release }}
diff --git a/standalone/Dockerfile b/standalone/Dockerfile
index 44c415a..344ff6e 100644
--- a/standalone/Dockerfile
+++ b/standalone/Dockerfile
@@ -31,9 +31,9 @@ RUN apk add --no-cache --update git gnupg
 
 # --- UI builder 
 FROM builder-base AS ui-builder
+ARG VERIFY_RELEASE
 ARG JAM_REPO
 ARG JAM_REPO_REF
-ARG VERIFY_RELEASE
 
 COPY --from=node /usr/lib /usr/lib
 COPY --from=node /usr/local/lib /usr/local/lib
@@ -78,6 +78,7 @@ RUN git clone "https://github.com/davmac314/dinit" . --depth=1 --branch "v$DINIT
 
 # --- SERVER builder
 FROM builder-base AS server-builder
+ARG VERIFY_RELEASE
 ARG JM_SERVER_REPO
 ARG JM_SERVER_REPO_REF
 
diff --git a/ui-only/Dockerfile b/ui-only/Dockerfile
index a23688b..c2b7bdc 100644
--- a/ui-only/Dockerfile
+++ b/ui-only/Dockerfile
@@ -31,9 +31,9 @@ RUN apk add --no-cache --update git gnupg
 
 # --- UI builder 
 FROM builder-base AS builder
+ARG VERIFY_RELEASE
 ARG JAM_REPO
 ARG JAM_REPO_REF
-ARG VERIFY_RELEASE
 
 WORKDIR /usr/src/app
 

From 67ab4361c032788265d2eb7fc87580deb77edc86 Mon Sep 17 00:00:00 2001
From: theborakompanioni <theborakompanioni+github@gmail.com>
Date: Tue, 5 Nov 2024 12:20:59 +0100
Subject: [PATCH 6/6] chore: rename arg VERIFY_RELEASE to
 SKIP_RELEASE_VERIFICATION

---
 .../create-and-publish-docker-dev-manually.yml         |  8 ++++----
 .github/workflows/create-and-publish-docker.yml        |  8 ++++----
 readme.md                                              |  8 ++++----
 standalone/Dockerfile                                  | 10 +++++-----
 ui-only/Dockerfile                                     |  6 +++---
 5 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/create-and-publish-docker-dev-manually.yml b/.github/workflows/create-and-publish-docker-dev-manually.yml
index 68a4dbf..223cc8c 100644
--- a/.github/workflows/create-and-publish-docker-dev-manually.yml
+++ b/.github/workflows/create-and-publish-docker-dev-manually.yml
@@ -17,9 +17,9 @@ on:
         required: true
         default: 'master'
         type: string
-      verify_release:
-        description: 'enable or disable release verification'
-        required: true
+      skip_release_verification:
+        description: 'enable skipping release verification'
+        required: false
         default: false
         type: boolean
 
@@ -31,4 +31,4 @@ jobs:
       ui_repo_ref: ${{ github.event.inputs.ui_repo_ref }}
       server_repo_ref: ${{ github.event.inputs.server_repo_ref }}
       image_name_prefix: joinmarket-webui/jam-dev-
-      verify_release: ${{ github.event.inputs.verify_release }}
+      skip_release_verification: ${{ github.event.inputs.skip_release_verification == 'true' }}
diff --git a/.github/workflows/create-and-publish-docker.yml b/.github/workflows/create-and-publish-docker.yml
index 5dca1f2..2d75ac9 100644
--- a/.github/workflows/create-and-publish-docker.yml
+++ b/.github/workflows/create-and-publish-docker.yml
@@ -19,10 +19,10 @@ on:
         description: 'image name prefix (e.g. joinmarket-webui/jam-)'
         required: true
         type: string
-      verify_release:
-        description: 'enable or disable release verification'
+      skip_release_verification:
+        description: 'enable skipping release verification'
         required: false
-        default: true
+        default: false
         type: boolean
 
 env:
@@ -77,4 +77,4 @@ jobs:
           build-args: |
             JAM_REPO_REF=${{ inputs.ui_repo_ref }}
             JM_SERVER_REPO_REF=${{ inputs.server_repo_ref }}
-            VERIFY_RELEASE=${{ inputs.verify_release }}
+            SKIP_RELEASE_VERIFICATION=${{ inputs.skip_release_verification }}
diff --git a/readme.md b/readme.md
index 1a5b96f..8194fac 100644
--- a/readme.md
+++ b/readme.md
@@ -32,13 +32,13 @@ docker build --label "local" \
 Building from a specific branch (with disabled release verification):
 ```sh
 docker build --label "local" \
-        --build-arg VERIFY_RELEASE=false \
+        --build-arg SKIP_RELEASE_VERIFICATION=true \
         --build-arg JAM_REPO_REF=master \
         --tag "joinmarket-webui/jam-ui-only" ./ui-only
 ```
 
 #### Build args
-- `VERIFY_RELEASE` (optional, defaults to `true`; enable or disable release verification)
+- `SKIP_RELEASE_VERIFICATION` (optional, defaults to `false`; enable skipping release verification)
 - `JAM_REPO` (ui git repo; defaults to `https://github.com/joinmarket-webui/jam`)
 - `JAM_REPO_REF` (ui git ref; defaults to `master`)
 
@@ -108,14 +108,14 @@ docker build --label "local" \
 Building from a specific branch (with disabled release verification):
 ```sh
 docker build --label "local" \
-        --build-arg VERIFY_RELEASE=false \
+        --build-arg SKIP_RELEASE_VERIFICATION=true \
         --build-arg JAM_REPO_REF=master \
         --build-arg JM_SERVER_REPO_REF=master \
         --tag "joinmarket-webui/jam-standalone" ./standalone
 ```
 
 #### Build args
-- `VERIFY_RELEASE` (optional, defaults to `true`; enable or disable release verification)
+- `SKIP_RELEASE_VERIFICATION` (optional, defaults to `false`; enable skipping release verification)
 - `JAM_REPO` (ui git repo; defaults to `https://github.com/joinmarket-webui/jam`)
 - `JAM_REPO_REF` (ui git ref; defaults to `master`)
 - `JM_SERVER_REPO` (server git repo; defaults to `https://github.com/JoinMarket-Org/joinmarket-clientserver`)
diff --git a/standalone/Dockerfile b/standalone/Dockerfile
index 344ff6e..58ad3dd 100644
--- a/standalone/Dockerfile
+++ b/standalone/Dockerfile
@@ -8,7 +8,7 @@ ARG JAM_REPO_REF=master
 ARG JM_SERVER_REPO=https://github.com/JoinMarket-Org/joinmarket-clientserver
 ARG JM_SERVER_REPO_REF=master
 
-ARG VERIFY_RELEASE=true
+ARG SKIP_RELEASE_VERIFICATION=false
 
 ARG NODE_IMAGE_VERSION=22.11.0
 ARG NODE_IMAGE_HASH=f265794478aa0b1a23d85a492c8311ed795bc527c3fe7e43453b3c872dcd71a3
@@ -31,7 +31,7 @@ RUN apk add --no-cache --update git gnupg
 
 # --- UI builder 
 FROM builder-base AS ui-builder
-ARG VERIFY_RELEASE
+ARG SKIP_RELEASE_VERIFICATION
 ARG JAM_REPO
 ARG JAM_REPO_REF
 
@@ -46,7 +46,7 @@ COPY pubkeys/ /pubkeys
 
 # checkout and build project
 RUN git clone "$JAM_REPO" . --depth=1 --branch "$JAM_REPO_REF" \
-    && (if [ "$VERIFY_RELEASE" != "false" ]; then \
+    && (if [ "$SKIP_RELEASE_VERIFICATION" != "true" ]; then \
         find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
         && git verify-tag "$JAM_REPO_REF"; \
     fi) \
@@ -78,7 +78,7 @@ RUN git clone "https://github.com/davmac314/dinit" . --depth=1 --branch "v$DINIT
 
 # --- SERVER builder
 FROM builder-base AS server-builder
-ARG VERIFY_RELEASE
+ARG SKIP_RELEASE_VERIFICATION
 ARG JM_SERVER_REPO
 ARG JM_SERVER_REPO_REF
 
@@ -87,7 +87,7 @@ WORKDIR /usr/src/joinmarket-clientserver
 COPY pubkeys/ /pubkeys
 
 RUN git clone "$JM_SERVER_REPO" . --depth=1 --branch "$JM_SERVER_REPO_REF" \
-    && (if [ "$VERIFY_RELEASE" != "false" ]; then \
+    && (if [ "$SKIP_RELEASE_VERIFICATION" != "true" ]; then \
         find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
         && git verify-tag "$JM_SERVER_REPO_REF"; \
     fi)
diff --git a/ui-only/Dockerfile b/ui-only/Dockerfile
index c2b7bdc..4c66dac 100644
--- a/ui-only/Dockerfile
+++ b/ui-only/Dockerfile
@@ -5,7 +5,7 @@ ARG MAINTAINER='Jam https://github.com/joinmarket-webui'
 ARG JAM_REPO=https://github.com/joinmarket-webui/jam
 ARG JAM_REPO_REF=master
 
-ARG VERIFY_RELEASE=true
+ARG SKIP_RELEASE_VERIFICATION=false
 
 ARG NODE_IMAGE_VERSION=22.11.0
 ARG NODE_IMAGE_HASH=f265794478aa0b1a23d85a492c8311ed795bc527c3fe7e43453b3c872dcd71a3
@@ -31,7 +31,7 @@ RUN apk add --no-cache --update git gnupg
 
 # --- UI builder 
 FROM builder-base AS builder
-ARG VERIFY_RELEASE
+ARG SKIP_RELEASE_VERIFICATION
 ARG JAM_REPO
 ARG JAM_REPO_REF
 
@@ -41,7 +41,7 @@ COPY pubkeys/ /pubkeys
 
 # checkout and build project
 RUN git clone "$JAM_REPO" . --depth=1 --branch "$JAM_REPO_REF" \
-    && (if [ "$VERIFY_RELEASE" != "false" ]; then \
+    && (if [ "$SKIP_RELEASE_VERIFICATION" != "true" ]; then \
         find /pubkeys -iname '*.asc' -exec gpg --import "{}" \; \
         && git verify-tag "$JAM_REPO_REF"; \
     fi) \