I have found other articles here but they usually boiled down to “Delete everything and try again” and that worked for some reason. For me however that is not the case, I am having trouble having correct canary signatures (Unknown and BAD) from the examples given in the installation guide. I have not even installed the .ISO yet (fingerprint matches from multiple sources across the web from what I can tell) and the hashes in the 4.1.0 DIGESTS doesn’t match according to the md5sum and opensll (FAILED and different hash respectively).
I am unaware where the issue is. I am running windows and as such have no ability to use gpg2, but I have installed Gpg4win (and by extenstion GPA, Kleopatra, and GnuEX) along with Git 2.73.1 (whatever was released on July 12th 2022). However, besides these two issues I have had no trouble besides trying to use the following commands in Git Bash:
gpg2 --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc <!--This refused to fetch the key because the certification was expired/invalid)--> gpg2 --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 <!--This just put the file somewhere I couldn't find and thus couldn't proceed--> gpg2 --import /<PATH_TO_FILE>/qubes-master-signing-key.asc <!--even when I had the "trustdb" file this command didnt work, I might just not understand it, I replaced the obvious with the "trustdb" file. the extension to "trustdb" was .gpg)-->
Again, gpg2 didnt work so I had to resort to gpg. If you need any more information I will be willing to provide it. Any help will be appreciated, thank your for what you can give, and any method that fails I am thankful you tried.