diff --git a/.github/workflows/amd64-lean-image.yml b/.github/workflows/amd64-lean-image.yml
index 23a8697dd..27ea174ee 100644
--- a/.github/workflows/amd64-lean-image.yml
+++ b/.github/workflows/amd64-lean-image.yml
@@ -31,6 +31,12 @@ jobs:
   amd64-image-build:
     runs-on: ubuntu-22.04
     steps:
+      - name: Maximize build space
+        uses: easimon/maximize-build-space@master
+        with:
+          root-reserve-mb: 12288
+          temp-reserve-mb: 12288
+
       - uses: actions/checkout@v4
 
       - name: Set values
diff --git a/build_sdcard.sh b/build_sdcard.sh
index 62648dd86..041230193 100644
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@@ -748,8 +748,8 @@ fi
 
 # *** CACHE DISK IN RAM & KEYVALUE-STORE***
 echo "Activating CACHE RAM DISK ... "
-/home/admin/_cache.sh ramdisk on
-/home/admin/_cache.sh keyvalue on
+/home/admin/_cache.sh ramdisk on || exit 1
+/home/admin/_cache.sh keyvalue on || exit 1
 
 # *** Wifi, Bluetooth & other RaspberryPi configs ***
 if [ "${baseimage}" = "raspios_arm64"  ] || [ "${baseimage}" = "debian" ]; then
@@ -794,7 +794,7 @@ cp /home/admin/assets/background.service /etc/systemd/system/background.service
 systemctl enable background
 
 # *** BACKGROUND SCAN ***
-/home/admin/_background.scan.sh install
+/home/admin/_background.scan.sh install || exit 1
 
 #######
 # TOR #
@@ -863,13 +863,13 @@ echo "1. login fresh --> user:admin password:raspiblitz"
 echo -e "2. run --> release\n"
 
 # make sure that at least the code is available (also if no internet)
-/home/admin/config.scripts/blitz.display.sh prepare-install
+/home/admin/config.scripts/blitz.display.sh prepare-install || exit 1
 # (do last - because it might trigger reboot)
 if [ "${display}" != "headless" ] || [ "${baseimage}" = "raspios_arm64" ]; then
   echo "*** ADDITIONAL DISPLAY OPTIONS ***"
   echo "- calling: blitz.display.sh set-display ${display}"
-  /home/admin/config.scripts/blitz.display.sh set-display ${display}
-  /home/admin/config.scripts/blitz.display.sh rotate 1
+  /home/admin/config.scripts/blitz.display.sh set-display ${display} || exit 1
+  /home/admin/config.scripts/blitz.display.sh rotate 1 || exit 1
 fi
 
 echo "# BUILD DONE - see above"
diff --git a/home.admin/config.scripts/blitz.display.sh b/home.admin/config.scripts/blitz.display.sh
index 69acd6624..0f6d783a7 100644
--- a/home.admin/config.scripts/blitz.display.sh
+++ b/home.admin/config.scripts/blitz.display.sh
@@ -250,7 +250,7 @@ function install_lcd() {
     sudo -u admin git checkout master
     sudo -u admin git reset --hard 5a206a7 || exit 1
     
-    sudo -u admin /home/admin/config.scripts/blitz.git-verify.sh 'GitHub' 'https://github.com/web-flow.gpg' '4AEE18F83AFDEB23' || exit 1
+    sudo -u admin /home/admin/config.scripts/blitz.git-verify.sh 'GitHub' 'https://github.com/web-flow.gpg' '(4AEE18F83AFDEB23|B5690EEEBB952194)' || exit 1
 
     # customized from https://github.com/tux1c/wavesharelcd-64bit-rpi/blob/master/install.sh
     # prepare X11
diff --git a/home.admin/config.scripts/blitz.git-verify.sh b/home.admin/config.scripts/blitz.git-verify.sh
index 373c8edc9..1fcba1c2f 100644
--- a/home.admin/config.scripts/blitz.git-verify.sh
+++ b/home.admin/config.scripts/blitz.git-verify.sh
@@ -15,7 +15,7 @@ fi
 # Example for commits created on GitHub:
 # PGPsigner="web-flow"
 # PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
-# PGPpubkeyFingerprint="4AEE18F83AFDEB23"
+# PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 # Example for commits signed with a personal PGP key:
 # PGPsigner="janoside"
@@ -49,7 +49,7 @@ fi
 
 echo "# importing key of ${PGPsigner}"
 gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
-fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
+fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep -Ec "${PGPpubkeyFingerprint}")
 if [ "${fingerprint}" -lt 1 ]; then
   echo
   echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2
@@ -79,7 +79,7 @@ echo
 
 goodSignature=$(grep "Good signature from" -c <"$_temp")
 echo "# goodSignature(${goodSignature})"
-correctKey=$(tr -d " \t\n\r" <"$_temp" | grep "${PGPpubkeyFingerprint}" -c)
+correctKey=$(tr -d " \t\n\r" <"$_temp" | grep -Ec "${PGPpubkeyFingerprint}")
 echo "# correctKey(${correctKey})"
 
 if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then
diff --git a/home.admin/config.scripts/bonus.btcpayserver.sh b/home.admin/config.scripts/bonus.btcpayserver.sh
index 57c439ecd..2f8570a7b 100644
--- a/home.admin/config.scripts/bonus.btcpayserver.sh
+++ b/home.admin/config.scripts/bonus.btcpayserver.sh
@@ -18,7 +18,7 @@ PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
 # ---
 #PGPsigner="web-flow"
 #PGPpubkeyLink="https://github.com/web-flow.gpg"
-#PGPpubkeyFingerprint="4AEE18F83AFDEB23"
+#PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@@ -506,7 +506,7 @@ if [ "$1" = "install" ]; then
   sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null
   cd btcpayserver || exit 1
   sudo -u btcpay git reset --hard $BTCPayVersion
-  #sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "web-flow" "https://github.com/web-flow.gpg" "4AEE18F83AFDEB23" || exit 1
+  #sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "web-flow" "https://github.com/web-flow.gpg" "(4AEE18F83AFDEB23|B5690EEEBB952194)" || exit 1
 
   echo "# verify signature of ${PGPsigner}"
   sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
diff --git a/home.admin/config.scripts/bonus.circuitbreaker.sh b/home.admin/config.scripts/bonus.circuitbreaker.sh
index b37b03f7b..3b063fe41 100755
--- a/home.admin/config.scripts/bonus.circuitbreaker.sh
+++ b/home.admin/config.scripts/bonus.circuitbreaker.sh
@@ -19,7 +19,7 @@ fi
 
 PGPsigner="web-flow"
 PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
-PGPpubkeyFingerprint="4AEE18F83AFDEB23"
+PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 # PGPsigner="joostjager"
 # PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
diff --git a/home.admin/config.scripts/bonus.ckbunker.sh b/home.admin/config.scripts/bonus.ckbunker.sh
index 69a50f767..044b7993a 100644
--- a/home.admin/config.scripts/bonus.ckbunker.sh
+++ b/home.admin/config.scripts/bonus.ckbunker.sh
@@ -19,7 +19,7 @@ source /mnt/hdd/raspiblitz.conf
 
 GITHUB_SIGN_AUTHOR="web-flow"
 GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
-GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23"
+GITHUB_SIGN_FINGERPRINT="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 PORT_CLEAR="9823"
 PORT_SSL="9824"
diff --git a/home.admin/config.scripts/bonus.fints.sh b/home.admin/config.scripts/bonus.fints.sh
index 303f377d2..5711db633 100755
--- a/home.admin/config.scripts/bonus.fints.sh
+++ b/home.admin/config.scripts/bonus.fints.sh
@@ -15,7 +15,7 @@ GITHUB_TAG=""
 # leave GITHUB_SIGN_AUTHOR empty to skip verifying
 GITHUB_SIGN_AUTHOR="" #web-flow
 GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
-GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23"
+GITHUB_SIGN_FINGERPRINT="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 # port numbers the app should run on
 # delete if not an web app
diff --git a/home.admin/config.scripts/bonus.loop.sh b/home.admin/config.scripts/bonus.loop.sh
index 7f1e22246..fd9257c63 100755
--- a/home.admin/config.scripts/bonus.loop.sh
+++ b/home.admin/config.scripts/bonus.loop.sh
@@ -28,7 +28,7 @@ fi
 # releases are creatd on GitHub
 PGPsigner="web-flow"
 PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
-PGPpubkeyFingerprint="4AEE18F83AFDEB23"
+PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 # TODO download with .tar.gz
 #PGPsigner="alexbosworth"
diff --git a/home.admin/config.scripts/bonus.template.sh b/home.admin/config.scripts/bonus.template.sh
index 5662e9950..3205a3b95 100755
--- a/home.admin/config.scripts/bonus.template.sh
+++ b/home.admin/config.scripts/bonus.template.sh
@@ -26,7 +26,7 @@ GITHUB_TAG="v0.1"
 # leave GITHUB_SIGN_AUTHOR empty to skip verifying
 GITHUB_SIGN_AUTHOR="web-flow"
 GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
-GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23"
+GITHUB_SIGN_FINGERPRINT="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 # port numbers the app should run on
 # delete if not an web app
diff --git a/home.admin/config.scripts/cl-plugin.http.sh b/home.admin/config.scripts/cl-plugin.http.sh
index 6d4c4bed9..cb65627f6 100644
--- a/home.admin/config.scripts/cl-plugin.http.sh
+++ b/home.admin/config.scripts/cl-plugin.http.sh
@@ -17,7 +17,7 @@ fi
 
 PGPsigner="web-flow"
 PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
-PGPpubkeyFingerprint="4AEE18F83AFDEB23"
+PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 # source <(/home/admin/config.scripts/network.aliases.sh getvars cl <mainnet|testnet|signet>)
 source <(/home/admin/config.scripts/network.aliases.sh getvars cl mainnet)
diff --git a/home.admin/config.scripts/cl.rest.sh b/home.admin/config.scripts/cl.rest.sh
index 668ddcd73..48f3756d7 100644
--- a/home.admin/config.scripts/cl.rest.sh
+++ b/home.admin/config.scripts/cl.rest.sh
@@ -21,7 +21,7 @@ fi
 # Example for commits created on GitHub:
 #PGPsigner="web-flow"
 #PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
-#PGPpubkeyFingerprint="4AEE18F83AFDEB23"
+#PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
 
 PGPsigner="saubyk"
 PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"