hobbes hobbes - 2 months ago 9
Linux Question

How do I insert Python hash into a sed query, and write to file?

I'm trying to add a HASH to a config file using both sed and Python by using the following (all in one line, broken down in 3 lines for easier reading):

sed "s/SECRET_KEY.*/SECRET_KEY = $(python -c 'import crypt,getpass;
print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA256)))')/"
settings.py > settings.tmp


I keep getting this stdout message:

sed: -e expression #1, char 60: unknown option to `s'


However, when I run:

sed "s/SECRET_KEY.*/SECRET_KEY = $(python -c 'import crypt,getpass;
print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA256)))')/"
settings.py |grep -i secret


It seems to return the following:

SECRET_KEY = $5$EQq9GhgCBcL7P5kN$hnwmvYe7lBhJOxHJx768VdCjLOxpnRuTWkkzGycNP.B


Why will it work without writing to a file, but not if I write to one?

Answer

The problem is that you cannot guarantee that your SECRET_KEY does not contain a / character. Column 60 is inside the secret key.

Since you did not enter the same passphrase for both your tests, the second test worked by mere luck, but the first one failed because your python expression evaluated to a secret key containing / in it, losing sed.

Why not do it with python instead since you already use it?

substkey.py script:

import sys,re
import crypt,getpass

passwd = crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA256))

with open(sys.argv[1],"r") as f:
    contents=f.read()
    new_contents = re.sub("SECRET_KEY.*",'SECRET_KEY = "'+passwd+'"',contents)
    print(new_contents)

usage:

substkey.py settings.py > settings.tmp

it asks for password and inserts the key (I added quotes because it will be needed if it's a python script in the end :))

Comments