-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

To ensure the image has not been corrupted in transmit or tampered with,
perform the following two steps to cryptographically verify image integrity:

1. Verify the authenticity of this file by checking that it is signed with our
   GPG release key:

    $ curl https://keybase.io/turnkeylinux/pgp_keys.asc | gpg --import
    $ gpg --list-keys --with-fingerprint release@turnkeylinux.com
      pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
            Key fingerprint = 694C FF26 795A 29BA E07B  4EB5 85C2 5E95 A16E B94D
      uid   Turnkey Linux Release Key <release@turnkeylinux.com>

    $ gpg --verify turnkey-gitlab-15.5-stretch-amd64.ova.hash
      gpg: Signature made using RSA key ID A16EB94D
      gpg: Good signature from "Turnkey Linux Release Key <release@turnkeylinux.com>"

    For extra credit you can validate the key's authenticity at:

      https://keybase.io/turnkeylinux

2. Recalculate the image hash and make sure it matches your choice of hash below.

    $ sha256sum turnkey-gitlab-15.5-stretch-amd64.ova
      8298cbeed2e84e950aa1e2d0193e198b78a04049ba7d01fe086aab9076f5a80c  turnkey-gitlab-15.5-stretch-amd64.ova

    $ sha512sum turnkey-gitlab-15.5-stretch-amd64.ova
      22f4eb1e21f8e468847749662c797f1a47c59118b075be317d0c3b2b871b3f809a549c338e2b42c69c8e3c166bb01074333035cd817f2320b5d9f00a7ac9c355  turnkey-gitlab-15.5-stretch-amd64.ova

   Note, you can compare hashes automatically::

    $ sha256sum -c turnkey-gitlab-15.5-stretch-amd64.ova.hash
      turnkey-gitlab-15.5-stretch-amd64.ova: OK

    $ sha512sum -c turnkey-gitlab-15.5-stretch-amd64.ova.hash
      turnkey-gitlab-15.5-stretch-amd64.ova: OK

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEaUz/JnlaKbrge061hcJelaFuuU0FAl1GhVkACgkQhcJelaFu
uU0e/Af/Z9VE3AV1bDA2FlHfvmqJ6qQinc4rxId7KgQLDqV5tlQyORz7B4MD41Eu
SPgICFyJos/v/5o5rgUHn9Cr47+GU9XFVOxbiZWZ+Nf9MVSaLlgByCkcasAxkTUa
BQF3PUL2PdBVLgjYndNJIjF6mrRVEWCRFJIPeJ6EqIXtNWNdl+Ww6bg0/g96Gg1L
sr2E2VZcStDnVAHk/3GWWmL3eUXEflg/qXAd9GEB5gHbuFOEZIAMKckf0j721a0d
UNHn+VKb5beoIIqD1M3obTwfRQQy6Ayu8LObCBEKu6Um0BmQcJJQBn7mSUuwnyHZ
lysZdT/3ARgY/XgXRHzMc0BzF26Puw==
=gb8t
-----END PGP SIGNATURE-----