Monitoring file integrity with updates to Dintch and Fintch

One of the long-standing criticisms of APFS is that it doesn’t provide any means of checking the integrity of file data. APFS does use Fletcher 64 checksums to ensure the integrity of its own file system objects, but those don’t extend to file data, so the user is left to check and verify that for themselves. Other modern file systems such as ZFS or Btrfs do support checking file data integrity, but not APFS.

I offer a small family of utilities that provide per-file integrity checking for files stored on APFS and HFS+ volumes. I have now updated the two apps in that family, Dintch and Fintch, to ensure they remain compatible with future versions of macOS. The third, the command tool cintch, will be updated in a couple of weeks when I tackle this task for my other command tools.

Dintch version 1.6, intended for working with substantial folder hierarchies containing many files, is now available from here: dintch16
from Downloads above, from its Product Page, and via its auto-update mechanism.

Fintch version 1.3, a simple drag-and-drop utility for working with small numbers of files, is now available from here: fintch13
from Downloads above, from its Product Page, and via its auto-update mechanism.

cintch remains available from here: cintch 2a
and should be updated soon.

These all work using the same scheme of tags attached to individual files. Some other integrity checkers use directory-based integrity manifests, but Dintch/Fintch/cintch calculate the SHA-256 hash of each file and save that to the file as an extended attribute of type co.eclecticlight.dintch.hash. That extended attribute is protected using a #S flag to ensure that it even persists in iCloud, and when copied across volumes and disks, provided their file system supports extended attributes and its persistence flags.

For example, I’m currently running a long-term test of iCloud Drive file integrity. Using Dintch I have tagged a folder hierarchy containing almost 100 files and stored them in iCloud Drive over three years ago. Every few months I copy that folder to local storage and check the integrity of its contents using Dintch. Because the tags are stored in persistent extended attributes, they go wherever those files go, and still function fully no matter which Mac I copy them down to.


For those requiring fuller information about the tags attached by Dintch, it (but not Fintch) has an option to attach a separate extended attribute of type co.eclecticlight.dintch.time containing the time of attachment of the hash, given in UTF-8 text.

These new versions run on macOS from High Sierra onwards; their Product Page also offers older versions that work as far back as El Capitan. The SHA-256 hashes used and their extended attributes are fully compatible across all those versions of macOS, and on both HFS+ and APFS.