acst as a tool is designed to detect silent data corruption by first writing the mtime and the SHA256 checksum of a file into its extended attributes and then, upon later execution, comparing and verifying changes against both the mtime and checksum.
Download
- acst 0.1.4 (30kb) (2023-03-09)
Manual
ACST(1) General Commands Manual ACST(1)
NAME
acst - Actual C-implementation of a Simple shaTag
SYNOPSIS
acst [-dhmnqvx] <FILE...>
DESCRIPTION
acst is a minimal and simplified implementation in C of, or rather,
inspired by, shatag and also inspired by cshatag.
acst as a tool is designed to detect silent data corruption by first
writing the mtime and the SHA256 checksum of a file into its extended
attributes and then, upon later execution, comparing and verifying
changes against both the mtime and checksum. For this to work, the file
system intended to be verified must first support extended user
attributes, either by being mounted with user_xattr enabled or by other
means. Depending on how these variables differ, various file statuses
are being reported (see the FILE STATUSES section).
acst won't follow symlinks due to the risks of creating reference loops
or referencing data outside of the indented scope of subdirectories.
acst also won't descend into directories on other file systems than the
one specified using the FILE argument. Keep in mind that if multiple
files with different file systems are specified using the FILE
argument, they will get traversed indifferent of each other. For
example, if you specify two different partitions mounted on two
different directories, they would both be traversed.
acst reads names of files to open from standard input if the only FILE
argument is '-'. To open files starting with '-', use '--' to cancel
parsing of arguments.
acst does not aim to be format-compatible with shatag and uses
different names for the extended attributes but similar formats for the
extended attributes (see the COMPATIBILITY section).
OPTIONS
-d Check for duplicates among files based on stored checksums from
acst's extended attributes. Return values when checking for
duplicates are normally 0 for success or 1 for fatal errors (in
other words, the RETURN VALUES section does not apply).
Certainty of the result is, of course, dependent on checksums
being created or corrected fairly recently as no checksums are
being computed during the duplicate check.
-h Print brief usage information to standard output and exit.
-m Summarize information at end of execution.
-n Don't create or update any extended file attributes. File
hashing and checking will be performed, but no extended file
attributes will be created or updated.
-q Quiet mode. If specified one time ok files are not being
reported. If specified two times, only corrupt, backdated, and
malformed files and errors are being reported.
-x Remove acts's extended attributes (xattrs) from FILE.
-v prints version information to stderr, then exits.
RETURN VALUES
0 Success
1 Wrong number of or invalid arguments.
2 One or more files, including directories when executed with the
recursive flag, could not be opened.
3 One or more files is not a regular file and probably a symlink
of sorts.
4 Extended attributes could not be written to one or more files.
5 At least one file was found to be corrupt, backdated or
malformed.
6 More than one type of error has occurred.
FILE STATUSES
During program execution and processing of each file various file
statuses will appear on stdout. Following are descriptions of these
statuses.
ok Checksum is correct and mtime is unchanged.
hash ok
Checksum is correct and mtime was changed.
outdated
Checksum is incorrect and mtime is newer than the one stored as
an extended Attribute.
backdated
Checksum is incorrect and mtime is older than the one stored as
an extended Attribute.
malformed
Extended attributes could not be read as otherwise intended.
corrupt
Checksum is incorrect but mtime stayed the same.
disrupted
File was modified during hash computation.
new Extended attributes are missing and were added.
xattr removed
Extended attributes were removed.
dup Duplicate of checksum among files checked.
EXAMPLES
find /mnt/memorystick -xdev -type f | acst - > /root/acst.log
will use find to recursively traverse through files in
/mnt/memorystick within the same file system and log the result
to /root/acst.log.
find /home/user01 /strg/shr/media -type f | acst - > /root/acst.log
will recursively process files in both /home/user01 and
/mnt/memorystick even if they belong to different file systems,
and then log the result to /root/acst.log.
find /home/user01 /strg/shr/media -type f | acst -m - > /root/acst.log
will perform the same operation as above with the addition of
also summarizing the result of the execution to the log.
find /mnt/memorystick -xdev -type f | acst -x - > /root/acst.log
will recursively process and remove extended attributes from
files in /mnt/memorystick and log the result to /root/acst.log.
find /mnt/memorystick -xdev -type f | acst -d -
will recursively check for duplicates among files in
/mnt/memorystick based on checksums stored as extended
attributes.
COMPATIBILITY
acst writes to user.acst.cs and user.acst.ts instead of the
user.shatag.sha256 and user.shatag.ts specified by shatag.
acst writes the user.acst.ts field with full integer nanosecond
precision, while python-implemented shatag doesn't.
AUTHOR
Chris Noxz <chris@noxz.tech>
COPYRIGHT
Copyright © 2022 Chris Noxz.
License: GPLv3+
GNU GPL version 3 or later
<https://www.gnu.org/licenses/licenses.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
SEE ALSO
shatag(1), cshatag(1), sha256sum(1), getfattr(1), setfattr(1)
The original shatag utility, written in python by Maxime Augier:
https://bitbucket.org/maugier/shatag
and cshatag utility, written in Go by Jakob Unterwurzacher:
https://github.com/rfjakob/cshatag
AVAILABILITY
Up-to-date sources can be found at:
https://noxz.tech/git/acst
https://noxz.tech/software/acst
acst-0.1.4 ACST(1)
Installation
Edit config.mk to match your local setup (acst is installed into the /usr/local namespace by default), then simply enter the following command to install (if necessary as root):
make clean installget source here.