diff --git a/lib/lib_ciss_upgrades_boot.sh b/lib/lib_ciss_upgrades_boot.sh
index 1c7c022..1d19010 100644
--- a/lib/lib_ciss_upgrades_boot.sh
+++ b/lib/lib_ciss_upgrades_boot.sh
@@ -40,8 +40,10 @@ ciss_upgrades_boot() {
   declare var_sha="${VAR_HANDLER_BUILD_DIR}/config/includes.binary/0030-verify-checksums.sha512"
   declare var_sig="${VAR_HANDLER_BUILD_DIR}/config/includes.binary/0030-verify-checksums.sha512.sig"
   declare var_fil="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums"
+  declare var_prefix="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot"
 
-  sha512sum "${var_fil}" >| "${var_sha}"
+  # shellcheck disable=SC2312
+  sha512sum "${var_fil}" | sed "s|${var_prefix}||" >| "${var_sha}"
 
   gpg --batch --yes --pinentry-mode loopback --passphrase-file "${VAR_SIGNING_KEY_PASSFILE}" --local-user "${VAR_SIGNING_KEY_FPR}" \
     --detach-sign --output "${var_sig}" "${var_sha}"
diff --git a/lib/lib_gnupg.sh b/lib/lib_gnupg.sh
index 22f4f09..26bfda5 100644
--- a/lib/lib_gnupg.sh
+++ b/lib/lib_gnupg.sh
@@ -20,7 +20,6 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
 #   VAR_CDLB_INSIDE_RUNNER
 #   VAR_EARLY_DEBUG
 #   VAR_HANDLER_BUILD_DIR
-#   VAR_ISO8601
 #   VAR_SIGNER
 #   VAR_SIGNING_KEY
 #   VAR_SIGNING_KEY_FPR
@@ -28,10 +27,12 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
 #   VAR_SIGNING_KEY_PASSFILE
 #   VAR_TMP_SECRET
 #   VAR_VERIFY_KEYRING
+#   VAR_WORKDIR
 # Arguments:
 #   None
 # Returns:
 #   0: on success
+#   ERR_GPG__AGENT: on failure
 #######################################
 init_gnupg() {
   printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"