fgdata_new.bundle - How to get it and verify it

There is a file called fgdata_new.bundle available on my server via BitTorrent (see download link bewlow). This file can be downloaded with any regular download tools and is mainly intended for people where the regular GIT download fails or lasts so very long. The file is quite large so I need to add it to my robots.txt file to prevent downloads by bots (the whole /pub directory is now blocked for all bots). You can use git-bundle to extract it to your local hard drive (see below for an example).

How to use those hashes is mostly simplified with download tools (frontends). So I would welcome you to head over to your program's documentation. Comparing e.g. the SHA512 sum with your eyes is maybe not such a good idea. If you still like to use tools such as md5sum, the command to enter after download is simple:

md5sum fgdata_new.bundle
(or use sha512 for a larger sum).

The more recommended way is GnuPG because trust can come in play. I am not going to tell you all from scratch here, please refer to the FAQ section of GnuPG and make sure you are legally allowed to use such cryptographic programs in your country.

A simple step-by-step instruction:

# Download the bundle file via BitTorrent:
wget -c http://mxchange.org:23456/file?info_hash=%2CG%AC%DB%AC%89%C7%EA%CB%20%8D%2C%E1%D7%BD%12%14T%F5%05 -O fgdata_new.bundle.torrent

# Download the ASCII-armored signature file:
wget -c http://flightgear.mxchange.org/pub/fgfs/fgdata_new.bundle.asc

# Download the public key for my digitally signed downloads:
wget -c http://mxchange.org/signed-downloads.asc

# Import the public key (you need to create a local key-pair first: gpg --ken-key):
gpg --import < signed-downloads.asc

# Alternatively of the above two steps you can download it from a public key server:
gpg --recv-keys --keyserver hkp://keys.gnupg.net A1B99B83

# If you want to prevent GnuPG warning you, locally sign my public key:
gpg --lsign-key A1B99B83

# Alternatively and then you *REALLY* need to trust my key (have you verified my ID card for example?):
gpg --sign-key A1B99B83

# ... and upload your key (do only sign locally if you don't trust my key):
gpg --send-keys --keyserver hkp://keys.gnupg.net xxx
If you want to trust my key and upload your signature (thank you) please come to one of the key-signing parties I join (Chemnitzer Linuxtage 2011 is maybe a possible candidate).

Meet you in FGFS. :)

PS: My manually mirrored download archive for FlightGear can be found here. So take a look around. :)

Created: 2011-01-11 | Last update: 2016-04-30 | Author: Roland Häder
Home | My flights | fgdata_new.bundle | FGCOM | Rsync howto | Links collection | Imprint

Creative Commons License
Quix0r's FlightGear Website by Roland Haeder is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Based on a work at http://flightgear.mxchange.org/repos/flightgear/trunk/.