Skip to content

Powershell - Compare file hash with existing hash file (checksum, SHA1) to validate binary file integrity

A quick win you should add to your power shell scripts whenever you execute a binary file by doing an integrity check based on checksums.

$pathToBinaryFile = "/your/file.path"
$pathToSha1File = $($pathToBinaryFile + ".sha1")

If (test-path $pathToBinaryFile) {
    $calculatedFileHash = Get-FileHash -LiteralPath $pathToBinaryFile -Algorithm SHA1
    $sha1FileContent = Get-Content $pathToSha1File 

    Write-Host ":: Checking file integrity."
    #we are expecting a sha1 file with one line of content.
    #   this one line should look like:<file name>\t<sha1 sum>
    #we are exploding the expected content by " "
    #   first array entry is <file name>
    #   second array entry is \t
    #   third array entry is <sha1 sum>
    $expectedFileHash = $sha1FileContent.Split(" ")[2]

    If ($expectedFileHash -ne $calculatedFileHash.HASH) {
        Write-Host $("   Binary file integrity check failed. Expected checksum >>" + $expectedFileHash + "<<, current checksum >>" + $calculatedFileHash.HASH + "<<.")
    }
}

A bit more advanced script can be found here in my examples collection.

Create and manage a shadow copy snapshot for windows with powershell

Following my essence about the topic of creating a shadow copy snapshot.

#bo:create shadow copy
$shadowSourceVolume = ($env:SystemDrive + "\")
$shadowDestinationLinkPath = ($env:SystemDrive + "\shadowed_test")

#@see: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/vsswmi/create-method-in-class-win32-shadowcopy#examples
$shadowCopyClass=[WMICLASS]"root\cimv2:win32_shadowcopy";

#create a shadow copy object
$shadowCopyObject = $shadowCopyClass.create($shadowSourceVolume, "ClientAccessible")
#fetch shadow object fron that
$shadowObject = Get-WmiObject Win32_ShadowCopy | Where-Object { $_.ID -eq $shadowCopyObject.ShadowID }
#fetch 
$shadowLinkPath = $shadowObject.DeviceObject + "\"
#eo:create shadow copy

#bo:create link
cmd /c mklink /d $shadowDestinationLinkPath $shadowLinkPath
#eo:create link

#bo: remove shadow link
cmd /c rmdir /S /Q $shadowDestinationLinkPath
#eo: remove shadow link

#bo: delete shadow copy
$shadowObject.Delete();
#Remove-CimInstance -InputObject $shadowObject
#eo: delete shadow copy

#bo: FTL
#list all available shadow copies
#Get-WmiObject Win32_Shadowcopy
#eo: FTL

Most important learned knowledge for me is that I only can create a snapshot of a whole volume.

Simple PowerShell Log Function

Just to share it somewhere with someone, following my powershell basic log function.

Function Log-Message {
    [cmdletbinding()]
    Param (
        [parameter(Mandatory=$true)] [string] $Message,
        [string] $LogLevel = "info"
    )

    $currentDate = Get-Date -Format "yyyyMMdd"
    $currentTime = Get-Date -Format "HHmmss"

    $logMessage = '{0} {1} [{2}]: {3}' -f $currentDate,$currentTime,$logLevel,$message

    $logMessage >> $logFile
}

Enjoy it.

`error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust` and how to solve it

I ran into this error error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust on multiple machines over the last days.

Since one machine was working which is also running one of my dns servers, I was searching into this direction. After a while, I switched all my machines using this one dns server without fixing the real issue. Furthermore, by just trying to refresh keys with sudo pacman-key --refresh-keys, I ran into another error: gpg: WARNING: Tor is not running.

I could solve this with a one liner:

echo "no-use-tor" >> ~/.gnupg/dirmngr.conf

Next step was finally to delete the broken key and re-import ist again.

sudo pacman-key -d DDF7DB817396A49B2A2723F7403BD972F75D9D76
sudo pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76
sudo pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76

After running through all this steps, I was able to run a system update again with pacman.

Thanks to this issue report on github, this entry on redit and this entry on gnupg.org.