acst as a tool is designed to detect silent data corruption by
first writing the mtime and the SHA256 checksum of a file into its
extended attributes and then, upon later execution, comparing and
verifying changes against both the mtime and checksum.
ACST(1) General Commands Manual ACST(1)
acst - Actual C-implementation of a Simple shaTag
acst [-dhmnqvx] <FILE...>
acst is a minimal and simplified implementation in C of, or rather,
inspired by, shatag and also inspired by cshatag.
acst as a tool is designed to detect silent data corruption by first
writing the mtime and the SHA256 checksum of a file into its extended
attributes and then, upon later execution, comparing and verifying
changes against both the mtime and checksum. For this to work, the file
system intended to be verified must first support extended user
attributes, either by being mounted with user_xattr enabled or by other
means. Depending on how these variables differ, various file statuses
are being reported (see the FILE STATUSES section).
acst won’t follow symlinks due to the risks of creating reference loops
or referencing data outside of the indented scope of subdirectories.
acst also won’t descend into directories on other file systems than the
one specified using the FILE argument. Keep in mind that if multiple
files with different file systems are specified using the FILE
argument, they will get traversed indifferent of each other. For
example, if you specify two different partitions mounted on two
different directories, they would both be traversed.
acst reads names of files to open from standard input if the only FILE
argument is ’-’. To open files starting with ’-’, use ’--’ to cancel
parsing of arguments.
acst does not aim to be format-compatible with shatag and uses
different names for the extended attributes but similar formats for the
extended attributes (see the COMPATIBILITY section).
-d Check for duplicates among files based on stored checksums from
acst’s extended attributes. Return values when checking for
duplicates are normally 0 for success or 1 for fatal errors (in
other words, the RETURN VALUES section does not apply).
Certainty of the result is, of course, dependent on checksums
being created or corrected fairly recently as no checksums are
being computed during the duplicate check.
-h Print brief usage information to standard output and exit.
-m Summarize information at end of execution.
-n Don’t create or update any extended file attributes. File
hashing and checking will be performed, but no extended file
attributes will be created or updated.
-q Quiet mode. If specified one time ok files are not being
reported. If specified two times, only corrupt, backdated, and
malformed files and errors are being reported.
-x Remove acts’s extended attributes (xattrs) from FILE.
-v prints version information to stderr, then exits.
1 Wrong number of or invalid arguments.
2 One or more files, including directories when executed with the
recursive flag, could not be opened.
3 One or more files is not a regular file and probably a symlink
4 Extended attributes could not be written to one or more files.
5 At least one file was found to be corrupt, backdated or
6 More than one type of error has occurred.
During program execution and processing of each file various file
statuses will appear on stdout. Following are descriptions of these
ok Checksum is correct and mtime is unchanged.
Checksum is correct and mtime was changed.
Checksum is incorrect and mtime is newer than the one stored as
an extended Attribute.
Checksum is incorrect and mtime is older than the one stored as
an extended Attribute.
Extended attributes could not be read as otherwise intended.
Checksum is incorrect but mtime stayed the same.
File was modified during hash computation.
new Extended attributes are missing and were added.
Extended attributes were removed.
dup Duplicate of checksum among files checked.
find /mnt/memorystick -xdev -type f | acst - > /root/acst.log
will use find to recursively traverse through files in
/mnt/memorystick within the same file system and log the result
find /home/user01 /strg/shr/media -type f | acst - > /root/acst.log
will recursively process files in both /home/user01 and
/mnt/memorystick even if they belong to different file systems,
and then log the result to /root/acst.log.
find /home/user01 /strg/shr/media -type f | acst -m - > /root/acst.log
will perform the same operation as above with the addition of
also summarizing the result of the execution to the log.
find /mnt/memorystick -xdev -type f | acst -x - > /root/acst.log
will recursively process and remove extended attributes from
files in /mnt/memorystick and log the result to /root/acst.log.
find /mnt/memorystick -xdev -type f | acst -d -
will recursively check for duplicates among files in
/mnt/memorystick based on checksums stored as extended
acst writes to user.acst.cs and user.acst.ts instead of the
user.shatag.sha256 and user.shatag.ts specified by shatag.
acst writes the user.acst.ts field with full integer nanosecond
precision, while python-implemented shatag doesn’t.
Chris Noxz <email@example.com>
Copyright © 2022 Chris Noxz.
GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
shatag(1), cshatag(1), sha256sum(1), getfattr(1), setfattr(1)
The original shatag utility, written in python by Maxime Augier:
and cshatag utility, written in Go by Jakob Unterwurzacher:
Up-to-date sources can be found at:
Edit config.mk to match your local setup (acst is installed into
the /usr/local namespace by default), then simply enter the
following command to install (if necessary as root):
make clean install
get source here.