How can you check the integrity of backed up files?

A couple of weeks ago, I looked at how you can check your Time Machine backups to ensure that their file system is healthy and free from errors. The question which I ducked was how to check the integrity of files within any given backup.

This is important, as a backup may have a perfectly good file system, but the data within important files can still have become damaged or corrupted. Ideally, you might wish to be able to do this twice: first when the backup has just been made, to verify its fidelity against the original, and again when you want to access its contents, for instance when restoring.

HFS+ backups

Both the Time Machine menu bar entry and its command tool equivalent tmutil let you check any given backup to see if its checksums match those expected. This relies on checksum information made and saved at the time of backup, and the command is based on
tmutil verifychecksums

This is only available for Time Machine backups made to HFS+ from OS X 10.11 onwards.

Unfortunately, the output from tmutil isn’t particularly helpful. If there are no errors found, the command doesn’t return any result. They’re only returned when there are errors: when a file’s checksum doesn’t match that expected, it’s listed with an exclamation mark !, and when the file’s recorded checksum is simply invalid, it’s listed with a question mark ?. However, this does appear to be reliable.

APFS backups

Neither the Time Machine menu nor tmutil verifychecksums work with regular backups to APFS volumes. I’m very grateful to winmaciek for pointing out that this is possible for a special backup using the contextual menu which appears when you Control-Shift-Click on the disk icon in the Time Machine pane.

This produces a special backup which might contain checksums and therefore could be verifiable. However, kapitainsky has checked the log, and reports that all this does is verify the FSEvents database, which has nothing at all to do with integrity checking. Without documentation from Apple, we’re left to guess what this feature does. In any case, there’s no apparent way to make these the default, so even if they do check integrity, they’re of very limited use.

Although APFS does use checksums within file system metadata, it currently has no option to store or check them for file data. Although demand for such a feature might be low among those using APFS exclusively on SSDs, for some years to come many of us will still be using it on inherently unreliable hard disk storage, where checking integrity becomes more critical.

Dintch, Fintch and cintch

You can use my utilities Dintch, Fintch or their command tool companion cintch to tag and check files which are stored in any Time Machine backups, including those on APFS, or in iCloud.

These utilities compute a cryptographic hash (SHA-256, from the macOS CryptoKit) for every file which you feed them with, and save that to an extended attribute of type co.eclecticlight.dintch.hash which remains attached even when they are backed up or transferred to iCloud. The hash isn’t stored in a separate file, but remains attached to the individual file no matter where it goes.

To tag files locally or in iCloud, use one of those two apps or the command tool. To check their integrity, use them again to report on whether they still match that hash in their extended attribute. Checking files stored in regular folders and iCloud is very simple. It’s a bit more complex with those in your Time Machine backup, because you may need to mount the backup snapshot first before you can check it.

Files seen there are strictly read-only, and should represent the full extent of the current Time Machine backup. It doesn’t therefore contain items which have been deleted prior to that backup, but should be an exact copy of the source of the backup at the time that backup was made.

In my example, of the 97 tagged files in my test folder, all successfully validated against their original hashes. The only exception was a .DS_Store file which I neither put there not did I tag.

Dintch, Fintch and cintch are of course free from here, and come with detailed documentation.

Thank you to winmaciek and kapitainsky for looking at the hidden mystery command in the Time Machine pane.

8Comments

Add yours

1

kapitainsky on November 29, 2021 at 3:05 pm

Howard are you sure that “Backup with Consistency Scan” produces backup with checksums? From my quick test only difference I can see is that it is using deep scan to find what to backup. Like its only purpose is to double check that FSEvents method has not missed something.

I have tried “tmutil verifychecksums” and it behaves exactly like for “regular” backups – does not produce meaningful results.

LikeLiked by 1 person
- 2
  
  hoakley on November 29, 2021 at 5:08 pm
  
  Thank you for looking at this. I’ve amended the text accordingly. Whatever it does, it’s totally useless if Apple doesn’t document it at all – a mere Easter Egg.
  Howard.
  
  LikeLiked by 1 person
- 3
  
  John Gilbert on November 30, 2021 at 9:24 am
  
  I agree. From what I have read elsewhere, “consistency” is doing a full scan to make sure that the content of the files in the backup is the same as on the source. Nothing to do with checksums on the TM disk.
  As Howard says, a pity that Apple don’t document this.
  
  LikeLiked by 2 people
  - 4
    
    hoakley on November 30, 2021 at 8:32 pm
    
    Thank you.
    Howard.
    
    LikeLike
5

RobT on November 29, 2021 at 4:00 pm

How would you use this in practice with a TM backup?

LikeLiked by 1 person
- 6
  
  hoakley on November 29, 2021 at 5:13 pm
  
  Until Apple explains what it does, we simply don’t know. But as kapitainsky has commented, it doesn’t appear to have anything to do with file integrity.
  Howard.
  
  LikeLike
7

Duncan on November 30, 2021 at 4:59 pm

For those so interested, Carbon Copy Cloner offers a file verification feature:

https://bombich.com/node/1785#verify

I’m not sure where they store the hashes, but it would be great if this functionality was unified so that other software doesn’t have to reinvent the wheel and they could all use the same file hashes.

LikeLiked by 1 person
- 8
  
  hoakley on November 30, 2021 at 8:41 pm
  
  Thank you. Yes, although the CCC documentation is as opaque as Apple’s is absent.
  Howard.
  
  LikeLike

Share this:

Like this:

Related