hoakley March 9, 2021 Macs, Technology

How to check the integrity of your backups and iCloud files

One feature which appears to have been lost in the new Time Machine backups to APFS volumes is the ability to check the integrity of their contents, which now appears confined to backups made to HFS+ volumes. I’m also aware of concerns that important files which you keep in iCloud as an offsite backup may become damaged or corrupted.

I recall hearing of someone, a few years ago, who stored a hundred test files in their iCloud Drive, and monitored their number and condition over time. What I don’t recall hearing is the result of that test. So I’ve been conducting my own study of the stability of files in iCloud. About a year ago, I put 97 files totalling 61 MB, whose integrity is checked by my utility Dintch, into my iCloud Drive. I periodically check their number and integrity, and am pleased to report that – so far – none has gone missing, nor shown any signs of change.

You can use Dintch, Fintch or their command tool companion cintch to tag and check files which are stored either in your Time Machine backups, including those in Big Sur when backing up to APFS, or in iCloud.

These utilities compute a cryptographic hash for every file which you feed them with, and save that to an extended attribute which remains attached even when they are backed up or transferred to iCloud. The hash isn’t stored in a separate file, but remains attached to the individual file no matter where it goes.

To tag files locally or in iCloud, use one of those two apps or the command tool. To check their integrity, use them again to report on whether they still match that hash in their extended attribute.

Checking files stored in regular folders and iCloud is very simple. It’s a bit more complex with those in your Time Machine backup, because of the limited access which Big Sur provides. Currently, it only gives ready access to the full contents of the last backup. You can find that in the path
/Volumes/[backup volume name]/[date and time].previous

dintch01

Files seen there are strictly read-only, and should represent the full extent of the current Time Machine backup. It doesn’t therefore contain items which have been deleted prior to that backup, but should be an exact copy of the source of the backup at the time that backup was made.

dintch02

In my example, of the 97 tagged files in my test folder (the same as I’ve been using for my iCloud tests), all successfully validated against their original hashes. The only exception was a .DS_Store file which I neither put there not did I tag.

Dintch, Fintch and cintch are of course free from here, and come with detailed documentation.

18Comments

Add yours

1

moseskravitz on March 9, 2021 at 11:28 am

hoakley- the work you do for us is OUTSTANDING!

LikeLiked by 1 person
- 2
  
  Joss on March 9, 2021 at 11:34 am
  
  Hear, hear!
  
  LikeLiked by 1 person
  - 3
    
    hoakley on March 9, 2021 at 4:05 pm
    
    Thank you.
    Howard.
    
    LikeLike
- 4
  
  hoakley on March 9, 2021 at 4:00 pm
  
  Thank you.
  Howard.
  
  LikeLike
5

Joss on March 9, 2021 at 11:32 am

“The only exception was a .DS_Store file which I neither put there not did I tag.”

LOL. Welcome to macOS. 😉

Honestly, though, you should exclude .DS_Store files by default in [DFc]intch: no tagging/hashing allowed, skip during verification.

LikeLiked by 1 person
- 6
  
  hoakley on March 9, 2021 at 4:05 pm
  
  Thank you. I have (several times) considered doing that, and going further by allowing an exclude list. The reason that I haven’t is performance: these utilities are tuned to deliver the best performance possible, so they can be used on tens or hundreds of thousands of files. If they were to have to check the name of every file against a blacklist, that would impose significant overhead on every action, which amplifies with the number of files, and the number of items in the blacklist. It’s far more efficient in the long run just to tag everything, and accept that some files will change, or appear where they weren’t. Compare the cost of tagging these occasional files, say a few hundred at most in each large tagging task, with that of extracting every single file name and checking it against the blacklist.
  Howard.
  
  LikeLike
7

Michele Galvagno on March 9, 2021 at 11:59 am

Thanks! I make extensive use of iCloud Drive but mainly for file sync’ing, not backup per se, even though that partially works in case of machine failure. I am glad to see that things seem secure. In any case I suppose there is not something like a truly “online backup” because in any case iCloud Drive files are stored on physical disks somewhere, correct?

LikeLiked by 1 person
- 8
  
  hoakley on March 9, 2021 at 4:08 pm
  
  Thank you.
  Everything in the cloud still has to be stored somewhere, usually a vast distributed network of data centres around the world. iCloud is no different, and it’s hosted by various cloud service providers, including Amazon and I think Microsoft.
  Howard.
  
  LikeLike
9

dfbills on March 9, 2021 at 2:03 pm

Thinking about this post, it would be great to have a utility that would be able to periodically check the integrity of the massive file store some folks keep in iCloud. I know when I moved away from Dropbox, I had quite a large number of corrupt files when all was said and done. A tool to check the validity of my files stored in the iCloud would be fantastic.

LikeLiked by 1 person
- 10
  
  hoakley on March 9, 2021 at 2:04 pm
  
  You have them already here.
  Howard
  
  LikeLike
  - 11
    
    hoakley on March 9, 2021 at 4:10 pm
    
    To explain: you can tag large numbers of files in the GUI with Dintch, and check them too. If you want to script your processes, that’s exactly what cintch is designed for. So you can do this today, just as I do with my 97 test files in iCloud.
    Howard.
    
    LikeLike
12

Rafael Ontivero on March 9, 2021 at 2:03 pm

I have (had, because now I’m using Dropbox) a lot of issues with iCloud Drive. If file name ends in a year, it duplicates incrementing the year (eg, “Diary 2020.txt” duplicates “Diary 2021.txt”, 2022, 2023,…), and sometimes copying files out of iCloud Drive, I copied the placeholder (.iCloud file) instead of the file itself.

(BTW, I’m having problems with Twitter log, it says link has expired).

LikeLiked by 1 person
13

Simon on March 9, 2021 at 5:32 pm

Have I misunderstood? APFS TM volume here and the whole datestamp.previous folder went away when I transferred to Big Sur and with it new APFS TM volumes. Now it’s just a list of all backups at the root of the TM disk. Did your example and screenshot come from Catalina or HFS+?

LikeLiked by 1 person
- 14
  
  hoakley on March 9, 2021 at 6:38 pm
  
  My screenshots both came from Big Sur 11.2.2 running TMA. But I think you’re looking with Finder, which creates its own illusions. If you view backups using an app like Dintch, which uses a custom setting for its file selection dialog, you’ll see what I show in the screenshot. Of course you also don’t get snapshots on HFS+ backup stores.
  Confusing, isn’t it?
  Howard.
  
  LikeLike
15

2J on March 11, 2021 at 12:30 pm

In the context of this discussion, it’s notable that when Apple’s file system engineers (Dominic Giampaolo and colleagues) designed APFS back in ~2016, they elected to use checksums to verify the integrity of file system metadata but *not* for user data — apparently because they felt that the overhead for doing so (16 bytes per 4KB, so 0.4%) was not worth the cost in terms of useable storage space lost. (Adam Leventhal has an good write-up of this @ http://dtrace.org/blogs/ahl/2016/06/19/apfs-part5/ )

When Apple implemented the new APFS ‘backup’ role for Time Machine in Big Sur, I wonder if Giampaolo et al. revisited this decision. Is there any way to determine if perhaps checksums are being used to verify the integrity of data on APFS backup volumes (I think basically what your tool is doing, right?)?

If Apple isn’t doing this currently, is there any plausible reason why their FS engineers would have declined to do so? Perhaps this is a feature that’s still being developed, and we might perhaps look forward to its introduction in a future macOS release?

LikeLiked by 1 person
- 16
  
  hoakley on March 11, 2021 at 7:47 pm
  
  Thank you.
  As Apple owns and specifies APFS, it can do anything it wants with it. However, I see two problems.
  First, an APFS backup is just a snapshot. Adding checksums to files within a snapshot isn’t something that APFS does, so wouldn’t just be a tweak for TM backups.
  Second, my perpetual question on the value of checksums: without some form of error-correction, checksumming files doesn’t actually help the user much. So what if one file in a backup no longer matches its checksum? What do you do about that, other than look desperately for another copy? To make checksums useful, you really need to incorporate some form of recovery or error-correction. In the file system metadata, that’s OK, as you can then try to repair the error. But the scope for doing that in backed up files is limited to other copies. And experience tells us that such problems are seldom detected until both the original and backup show the same fault.
  My tools don’t use a simple checksum, but SHA256 digests so they should resist most deliberate attempts to abuse them.
  Howard.
  
  LikeLike
17

rfog926695139 on March 13, 2021 at 7:27 am

Each time I read you, I find a super-util program. However I have some proposal changes for this.

I’ve just started to use it to check a lot of files stored in iCloud Drive. When there are a lot files, finding what have failed (if any have failed, and should fail because I so and then modify one or two), you need to go across al the listing to find the failed ones. What about one option to list first those failed or even list only failed and not tagged ones? That way you can see very fast if something has gone wrong.

Same with summary. Summary on top, you immediately see the result of the operation.

PS: I’m the same “rfog” with different logging.

LikeLiked by 1 person
- 18
  
  hoakley on March 13, 2021 at 9:40 am
  
  Thank you.
  If you *un*check the Verbose box, that’s exactly what Dintch will do: it will then only list the discrepancies which it has found.
  I hope that solves your problem.
  Howard.
  
  LikeLike