From 48816602f1f3991b145baa61733954f619233983 Mon Sep 17 00:00:00 2001
From: Ian Howell <ian.howell0@gmail.com>
Date: Thu, 15 Jul 2021 13:35:26 -0500
Subject: [PATCH] AIAP: Fix SOPS environment variables

When `exec`ing into a container, bash is not invoked as a login shell,
so .profile is not executed. This moves the exporting of the SOPS
variables from .profile into the .bashrc file, which will be invoked in
this case.

This also moves the SOPS key from the /tmp directory into the root
directory. While the /tmp directory shouldn't ever be cleared during the
execution of a container, it doesn't make sense to store enduring
information there.

Change-Id: I2b5c4c12179fb624ae7c6e6ea7e22c517bec04fc
---
 .../runner/assets/entrypoint.sh                | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/tools/airship-in-a-pod/runner/assets/entrypoint.sh b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
index 6bbd20abc..7d4477d6b 100755
--- a/tools/airship-in-a-pod/runner/assets/entrypoint.sh
+++ b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
@@ -31,18 +31,20 @@ install /tmp/kustomize /usr/local/bin
 cp "$ARTIFACTS_DIR/$MANIFEST_REPO_NAME/bin/airshipctl" /usr/local/bin/airshipctl
 if [ $MANIFEST_REPO_NAME != "airshipctl" ]
 then
-        export AIRSHIP_CONFIG_PHASE_REPO_URL="https://opendev.org/airship/treasuremap"
-	cp -r $ARTIFACTS_DIR/airshipctl/ /opt/airshipctl
+  export AIRSHIP_CONFIG_PHASE_REPO_URL="https://opendev.org/airship/treasuremap"
+  cp -r $ARTIFACTS_DIR/airshipctl/ /opt/airshipctl
 fi
 
 cp  -r $ARTIFACTS_DIR/$MANIFEST_REPO_NAME/ /opt/$MANIFEST_REPO_NAME
 cd /opt/$MANIFEST_REPO_NAME
 
+curl -fsSL -o /sops-key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
 SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
-curl -fsSL -o /tmp/key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
-echo 'export SOPS_IMPORT_PGP="$(cat /tmp/key.asc)"' >> ~/.profile
-echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.profile
-source ~/.profile
+SOPS_IMPORT_PGP="$(cat /sops-key.asc)"
+export SOPS_IMPORT_PGP
+export SOPS_PGP_FP
+echo 'export SOPS_IMPORT_PGP="$(cat /sops-key.asc)"' >> ~/.bashrc
+echo "export SOPS_PGP_FP=${SOPS_PGP_FP}" >> ~/.bashrc
 
 export AIRSHIP_CONFIG_MANIFEST_DIRECTORY="/tmp/airship"
 
@@ -74,9 +76,9 @@ if [[ "$USE_CACHED_ISO" = "true" ]]; then
 else
   if [ "$MANIFEST_REPO_NAME" == "airshipctl" ]
   then
-     ./tools/deployment/24_build_images.sh
+    ./tools/deployment/24_build_images.sh
   else
-     ./tools/deployment/airship-core/24_build_images.sh
+    ./tools/deployment/airship-core/24_build_images.sh
   fi
 
   tar -czf "$ARTIFACTS_DIR/iso.tar.gz" --directory=/srv/images .