diff --git a/.github/workflows/amd64-image-build.yml b/.github/workflows/amd64-image-build.yml
index 0dc7faf..caf0b41 100644
--- a/.github/workflows/amd64-image-build.yml
+++ b/.github/workflows/amd64-image-build.yml
@@ -21,7 +21,7 @@ on:
 
 jobs:
   amd64-image-build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
 
diff --git a/.github/workflows/arm64-rpi-image-build.yml b/.github/workflows/arm64-rpi-image-build.yml
index 41f7dd1..be462f6 100644
--- a/.github/workflows/arm64-rpi-image-build.yml
+++ b/.github/workflows/arm64-rpi-image-build.yml
@@ -23,7 +23,7 @@ on:
 
 jobs:
   arm64-rpi-image-build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
 
diff --git a/build_joininbox.sh b/build_joininbox.sh
index eafc5d1..f317122 100644
--- a/build_joininbox.sh
+++ b/build_joininbox.sh
@@ -15,8 +15,10 @@
 # command info
 if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
   echo "JoininBox Build Script"
-  echo "Usage: sudo bash build_joininbox.sh <github user> <branch> <without-qt>"
-  echo "Example: 'sudo bash build_joininbox.sh openoms master --without-qt' to install from the dev branch without the QT GUI"
+  echo "Usage: sudo bash build_joininbox.sh <github user> <branch> <tag|commit> <without-qt>"
+  echo "Example:"
+  echo "'sudo bash build_joininbox.sh openoms master commit without-qt'"
+  echo "to install from the master branch latest commit without the QT GUI"
   echo "By default uses https://github.com/openoms/joininbox/tree/master and installs the QT GUI"
   exit 1
 fi
@@ -364,18 +366,15 @@ echo "# add the 'joinmarket' user"
 adduser --disabled-password --gecos "" joinmarket
 
 echo "# clone the joininbox repo and copy the scripts"
-cd /home/joinmarket || (echo "# User wasn't created" ;exit 1)
+cd /home/joinmarket || (echo "# User wasn't created"; exit 1)
 sudo -u joinmarket git clone -b ${wantedBranch} https://github.com/${githubUser}/joininbox.git
 
-cd /home/joinmarket/joininbox || (echo "# Failed git clone" ;exit 1)
-
-# reset to the last release # be aware this is alphabetical (use one digit versions)
-TAG=$(git tag | sort -V | tail -1)
-sudo -u joinmarket git reset --hard $TAG
+cd /home/joinmarket/joininbox || (echo "# Failed git clone"; exit 1)
 
 PGPsigner="openoms"
 PGPpubkeyLink="https://github.com/openoms.gpg"
 PGPpubkeyFingerprint="13C688DB5B9C745DE4D2E4545BFB77609B081B65"
+
 sudo -u joinmarket wget -O pgp_keys.asc "${PGPpubkeyLink}"
 sudo -u joinmarket gpg --import --import-options show-only ./pgp_keys.asc
 fingerprint=$(sudo -u joinmarket gpg pgp_keys.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
@@ -387,9 +386,29 @@ if [ "${fingerprint}" -lt 1 ]; then
   exit 7
 fi
 sudo -u joinmarket gpg --import ./pgp_keys.asc
+
+if [ $# -lt 3 ] || [ "$3" = tag ]; then
+  # use the latest tag by default
+  tag=$(git tag | sort -V | tail -1)
+  # reset to the last release # be aware this is alphabetical (use one digit versions)
+  sudo -u joinmarket git reset --hard ${tag}
+  # verify the tag
+  gitCommand="sudo -u joinmarket git verify-tag ${tag}"
+  commitOrTag="${tag} tag"
+
+else
+  if [ $# -gt 2 ] && [ "$3" != commit ]; then
+    # reset to named commit if given
+    sudo -u joinmarket git reset --hard $3
+  fi
+  commitHash="$(git log --oneline | head -1 | awk '{print $1}')"
+  # verify the commit
+  gitCommand="sudo -u joinmarket git verify-commit $commitHash"
+  commitOrTag="$commitHash commit"
+fi
+
 trap 'rm -f "$_temp"' EXIT
 _temp="$(mktemp -p /dev/shm/)"
-gitCommand="sudo -u joinmarket git verify-tag $TAG"
 if ${gitCommand} 2>&1 >&"$_temp"; then
   goodSignature=1
 else
@@ -406,9 +425,9 @@ if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then
   exit 1
 else
   echo
-  echo "######################################################################"
-  echo "# OK --> the PGP signature of the checked out $TAG tag is correct"
-  echo "######################################################################"
+  echo "##########################################################################"
+  echo "# OK --> the PGP signature of the checked out ${commitOrTag} is correct"
+  echo "##########################################################################"
   echo
 fi
 
@@ -617,7 +636,7 @@ checkEntry=$(sudo -u joinmarket cat /home/joinmarket/joinin.conf | grep -c "qtgu
 if [ ${checkEntry} -eq 0 ]; then
   echo "qtgui=true" | tee -a /home/joinmarket/joinin.conf
 fi
-if [ "$3" = "without-qt" ]; then
+if [ "$4" = "without-qt" ]; then
  qtgui="false"
  sed -i "s/^qtgui=.*/qtgui=false/g" /home/joinmarket/joinin.conf
 fi
diff --git a/ci/amd64/debian/scripts/joininbox.sh b/ci/amd64/debian/scripts/joininbox.sh
index 836fb03..6683669 100644
--- a/ci/amd64/debian/scripts/joininbox.sh
+++ b/ci/amd64/debian/scripts/joininbox.sh
@@ -4,7 +4,7 @@ echo 'Download the build_joininbox.sh script ...'
 wget https://raw.githubusercontent.com/${github_user}/joininbox/${branch}/build_joininbox.sh
 
 echo 'Build Joininbox ...'
-sudo bash build_joininbox.sh "${github_user}" "${branch}"
+sudo bash build_joininbox.sh "${github_user}" "${branch}" "commit"
 
 echo 'Delete SSH keys (will be recreated on the first boot)'
 sudo rm /etc/ssh/ssh_host_*
diff --git a/ci/arm64-rpi/joininbox.sh b/ci/arm64-rpi/joininbox.sh
index 85d5ff9..b648843 100644
--- a/ci/arm64-rpi/joininbox.sh
+++ b/ci/arm64-rpi/joininbox.sh
@@ -4,4 +4,4 @@ echo 'Download the build_joininbox.sh script ...'
 wget https://raw.githubusercontent.com/${github_user}/joininbox/${branch}/build_joininbox.sh
 
 echo 'Build Joininbox ...'
-sudo bash build_joininbox.sh "${github_user}" "${branch}"
+sudo bash build_joininbox.sh "${github_user}" "${branch}" "commit"
diff --git a/scripts/standalone/bootstrap.service b/scripts/standalone/bootstrap.service
index e1d3164..3ea4209 100644
--- a/scripts/standalone/bootstrap.service
+++ b/scripts/standalone/bootstrap.service
@@ -10,7 +10,7 @@ User=root
 Group=root
 Type=oneshot
 RemainAfterExit=true
-ExecStart=/home/joinmarket/scripts/standalone/bootstrap.sh
+ExecStart=/home/joinmarket/standalone/bootstrap.sh
 StandardOutput=journal
 StandardError=journal
 
diff --git a/scripts/verify.git.sh b/scripts/verify.git.sh
index 7685e29..de5e3fc 100644
--- a/scripts/verify.git.sh
+++ b/scripts/verify.git.sh
@@ -6,9 +6,9 @@ if [ $# -lt 3 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
   echo "Usage:"
   echo "Run after 'git reset --hard VERSION' with the user running the installation"
   echo "To verify the checked out commit:"
-  echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint]"
+  echo "verify.git.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint]"
   echo "To use 'git verify-tag' add the 'tag':"
-  echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint] <tag>"
+  echo "verify.git.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint] <tag>"
   exit 1
 fi
 
@@ -23,7 +23,7 @@ fi
 # PGPpubkeyFingerprint="F579929B39B119CC7B0BB71FB326ACF51F317B69"
 
 # Run with the installing user to clear permissions:
-# sudo -u btcrpcexplorer /home/admin/config.scripts/blitz.git-verify.sh \
+# sudo -u btcrpcexplorer /home/admin/config.scripts/verify.git.sh \
 #  "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
 
 PGPsigner="$1"