Tracking Changes in Directories with Python (opens in new tab)

(thomassileo.com)

32 pointstsileo12y ago21 comments

21 comments

14 comments · 3 top-level

yummyfajitas12y ago· 7 in thread

I can't tell exactly what the goal is, but inotify might also be a simpler solution.

(Specifically, if the goal is to monitor changes as they happen and the service can be assumed to be continually running.)

arethuza12y ago

And the command line inotifywait - which I've used from Python to monitor changes to directories. There is even a Windows port:

https://github.com/thekid/inotify-win

icebraining12y ago

pyinotify is also pretty simple to use: https://github.com/seb-m/pyinotify

1 more reply

rytis12y ago

Or even use incrond [0], and get it call your script that does whatever needs to be done with the modified files.

[0] http://linux.die.net/man/8/incrond

EDIT: As a use case example I use this to detect when a new cert request is made to my Puppet master server. Once a CSR file is created, I check if the host is created by our provisioning system, and if so, then sign it.

EDIT2: This will eventually go into 3.4.0 - https://projects.puppetlabs.com/issues/7244

nodata12y ago

How does the puppet master get the csr unless the host has been provisioned?

1 more reply

tsileoOP12y ago

The service is not continually running, I use this method to make incremental backups with archives stored on AWS Glacier and meta-data stored on S3 (the index is stored on S3, and I can't access files on Glacier to compute deltas).

cmsd212y ago

I've been thinking about the best way to do this, and I too didn't want to rely on having a backup script running all the time.

Windows seems to have a low-level api for querying the filesystem/vfs for changes since you last looked: http://msdn.microsoft.com/en-us/library/windows/desktop/aa36...

And BTRFS has some ability to do this with find-new: http://www.tummy.com/blogs/2010/11/01/fun-with-btrfs-what-fi...

It's nice that btrfs has these new interesting features, also see send/receive, but it's not available in the vfs, and I suppose never will be.

1 more reply

aray12y ago

I'm not sure what you mean by continually running, but inotifywait is basically just waiting on an event. As long as the process sticks around it doesn't have to do anything until it gets an inotify.

1 more reply

netnichols12y ago· 4 in thread

Since he asks for feedback at the end...

Using sha256 just to compute changes is probably overkill. Using md5 instead is almost certainly adequate and will be a good deal faster.

pudquick12y ago

> good deal faster

You could always try it and see :)

Example test: openssl speed md5 sha256

As for why it was chosen, I think it's because there are known examples of MD5 hash collisions (though the likelihood of it on a filesystem is remote) and likely SHA-1 was skipped because it's considered 'likely' a collision could be created (though so far only with weakened versions of SHA-1).

But - all this to say: The chances of having two files with the same MD5 hash that are identical in size is vanishingly small. As such, for the known MD5 collision mechanisms, the different file size would be enough evidence something has changed.

... Why he didn't include file size in the metadata check, I can't tell you. Timestamps can be faked - but generating a hash collision with a file of equal size is a Hard problem.

dded12y ago

>> good deal faster

>> You could always try it and see :)

>> Example test: openssl speed md5 sha256

When I was looking for a fast hash easily called from Python, I settled on adler32 (as the fastest) after some trial-and-error on my files. I don't now recall all the utilities/functions that I tried, but they certainly included md5, sha1, and crc32. I only needed to test for accidental corruption, and only computed the hashes if meta data matched.

tsileoOP12y ago

Thanks for the feedback!

I haven't thought about the filesize/hash to reduce collision, but I chose to stick with the last-modified time in the article, because it can takes hours computing hashes for a big directory tree.

Tools like rsync relies on last-modified time by default, and since I want to use this to track my own files, I won't fake it, so I think it's not a big deal?

1 more reply

olavgg12y ago

Don't use MD5, user SipHash https://131002.net/siphash/

johtso12y ago

The watchdog library is great for this. It comes with an API and a command line tool: https://github.com/gorakhargosh/watchdog

Compatibility:

  Linux 2.6 (inotify)
  Mac OS X (FSEvents, kqueue)
  FreeBSD/BSD (kqueue)
  Windows (ReadDirectoryChangesW with I/O completion ports; ReadDirectoryChangesW worker threads)
  OS-independent (polling the disk for directory snapshots and comparing them periodically; slow and not recommended)

j / k navigate · click thread line to collapse

21 comments

14 comments · 3 top-level

yummyfajitas12y ago· 7 in thread

I can't tell exactly what the goal is, but inotify might also be a simpler solution.

(Specifically, if the goal is to monitor changes as they happen and the service can be assumed to be continually running.)

arethuza12y ago

And the command line inotifywait - which I've used from Python to monitor changes to directories. There is even a Windows port:

https://github.com/thekid/inotify-win

icebraining12y ago

pyinotify is also pretty simple to use: https://github.com/seb-m/pyinotify

1 more reply

rytis12y ago

Or even use incrond [0], and get it call your script that does whatever needs to be done with the modified files.

[0] http://linux.die.net/man/8/incrond

EDIT2: This will eventually go into 3.4.0 - https://projects.puppetlabs.com/issues/7244

nodata12y ago

How does the puppet master get the csr unless the host has been provisioned?

1 more reply

tsileoOP12y ago

cmsd212y ago

I've been thinking about the best way to do this, and I too didn't want to rely on having a backup script running all the time.

Windows seems to have a low-level api for querying the filesystem/vfs for changes since you last looked: http://msdn.microsoft.com/en-us/library/windows/desktop/aa36...

And BTRFS has some ability to do this with find-new: http://www.tummy.com/blogs/2010/11/01/fun-with-btrfs-what-fi...

It's nice that btrfs has these new interesting features, also see send/receive, but it's not available in the vfs, and I suppose never will be.

1 more reply

aray12y ago

I'm not sure what you mean by continually running, but inotifywait is basically just waiting on an event. As long as the process sticks around it doesn't have to do anything until it gets an inotify.

1 more reply

netnichols12y ago· 4 in thread

Since he asks for feedback at the end...

Using sha256 just to compute changes is probably overkill. Using md5 instead is almost certainly adequate and will be a good deal faster.

pudquick12y ago

> good deal faster

You could always try it and see :)

Example test: openssl speed md5 sha256

... Why he didn't include file size in the metadata check, I can't tell you. Timestamps can be faked - but generating a hash collision with a file of equal size is a Hard problem.

dded12y ago

>> good deal faster

>> You could always try it and see :)

>> Example test: openssl speed md5 sha256

tsileoOP12y ago

Thanks for the feedback!

I haven't thought about the filesize/hash to reduce collision, but I chose to stick with the last-modified time in the article, because it can takes hours computing hashes for a big directory tree.

Tools like rsync relies on last-modified time by default, and since I want to use this to track my own files, I won't fake it, so I think it's not a big deal?

1 more reply

olavgg12y ago

Don't use MD5, user SipHash https://131002.net/siphash/

johtso12y ago

The watchdog library is great for this. It comes with an API and a command line tool: https://github.com/gorakhargosh/watchdog

Compatibility:

  Linux 2.6 (inotify)
  Mac OS X (FSEvents, kqueue)
  FreeBSD/BSD (kqueue)
  Windows (ReadDirectoryChangesW with I/O completion ports; ReadDirectoryChangesW worker threads)
  OS-independent (polling the disk for directory snapshots and comparing them periodically; slow and not recommended)

j / k navigate · click thread line to collapse