# inventorize

[![crates.io](https://img.shields.io/crates/v/inventorize.svg)](https://crates.io/crates/inventorize)
![license](https://img.shields.io/crates/l/inventorize.svg)

`inventorize` is a command-line tool for data integrity verification.

In a nutshell, `inventorize` builds an *inventory* of files in a directory
(the *repository*). The inventory contains the paths and the hashes of the
files. Later, `inventorize` can be used to compare the inventory records with
the actual contents of the repository and verify the integrity of the files by
comparing their hashes with the hashes stored in the inventory.

## Quick start guide

Using `inventorize` boils down to three operations:

* Building the inventory file;
* Periodically verifying the contents of the repository using the inventory
  file;
* Updating the inventory when new files are added to the repository, or old ones
  are removed (this does not recompute the hashes of the existing inventory
  records).

The inventory file must not be stored inside the repository directory.

For the detailed description of the available command-line options and commands,
see the reference below.

### Building the inventory

Use the `build` subcommand to build the inventory:

    inventorize
        --repository /path/to/the/repo
        --inventory /path/to/the/inventory.json
        build

### Verifying the contents of the repository

Use the `verify` subcommand to verify the contents of the repository using an
existing inventory file:

    inventorize
        --repository /path/to/the/repo
        --inventory /path/to/the/inventory.json
        verify

### Updating the inventory

Use the `update` subcommand to update the inventory when files are added to the
repository:

    inventorize
        --repository /path/to/the/repo
        --inventory /path/to/the/inventory.json
        update

## Reference

### Command-line options accepted by all subcommands

* `--repository`: path to the repository (defaults to the current working
  directory).
* `--inventory`: path to the inventory file.
* `--verbose`: verbose mode.

### `build` subcommand

The `build` subcommand is used to build the inventory.

By default this subcommand will include hidden files in the inventory. It will
report an error if the inventory file exists.

The default hash algorithm is `md5`. Particularly paranoid users can select
multiple hash algorithms:

    --hash-algorithm=md5 --hash-algorithm=sha1

Supported options:

* `--overwrite`: overwrite the inventory file if it exists.
* `--skip-hidden`: do not include hidden files in the inventory.
* `--hash-algorithm=<ALG>`: hash algorithm to use.

Supported hash algorithms:

* `md5`
* `sha1`

### `verify` subcommand

The `verify` subcommand is used to verify the repository contents using an
existing inventory. An error is returned if any missing, added, or changed files
are found.

By default, all hash values contained in the inventory are checked.
Alternatively, the *quick mode* can be enabled to only check the presence of
files and their sizes. Needless to say, this mode should not be considered a
reliable integrity check.

Supported options:

* `--quick` quick mode: only check presence of files and their sizes.

### `update` subcommand

The `update` subcommand updates the inventory with files added to the repository
after the inventory has been built. It **never** recomputes the hashes of the
existing inventory records.

Files that are gone from the repository but still present in the inventory are
**not** removed from the inventory by default.

Supported options:

* `--remove-missing`: remove files that are no longer found in the repository
  from the inventory.

## Inventory file format

The inventory is stored as a JSON file that contains a list of *records*
(file paths and their hash values), as well as metadata (version of the
application used to build the inventory, and `build` subcommand options).