You could skip files during the hash calcualation process so that you do not create hash values at all for particular files and/or you could skip files during the verification process.
Skip files during hash calculation
To keep the example short, let's say we don't want to hash program libraries. Those files usually end with .dll on Windows, and with .so on GNU/Linux.
1. Create a list of files
On GNU/Linux and macOS:
> find . -type f > files.list
On Windows:
> dir /A-D /B /S . > files.list
Using Jacksum:
> jacksum --style files-only . > files.list
2. Modify the file list as required
3. Hash the file list
> jacksum -a sha256 -L files-filtered.list > hashes.sha256
Skip files during the verification process
If you want to ignore particular paths from a hash file you can do it in a similar way.
1. Modify the hash file as required
On GNU/Linux or macOS:
> grep -v ".so$" hashes.sha256 > hashes-filtered.sha256
On Windows:
> findstr /V ".dll$" hashes.sha256 > hashes-filtered.sha256
2. Start the integrity verification process
> jacksum -a sha256 -c hashes-filtered.sha256 .
Note: the dot at the end of the command says: verify not only the integrity of the paths stored in the hashes.sha256, but also read the current working directory (.) and all files below (-r max is set implicitly). With that you will also find new files that have been added after the file called hashes.sha256 was produced. Without the dot you will verify the files only that have a trace in hashes-filtered.sha256.
No comments:
Post a Comment