git-dotfiles-update-master: do not rebase

1 files changed, 7 insertions, 6 deletions

diff --git a/bin/git-dotfiles-update-master b/bin/git-dotfiles-update-master
index 14be6020..04ae7c87 100755
--- a/bin/git-dotfiles-update-master
+++ b/bin/git-dotfiles-update-master
@@ -19,13 +19,14 @@ set -e
 
 git fetch origin
 if git verify-commit --raw origin/master 2>&1 \
-        | grep "VALIDSIG .* 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B"; then
-    # try to fast-forward first; if that fails, do a rebase
+       | grep "VALIDSIG .* 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B"; then
+    # we only fast-forward master, to avoid the possibility of an
+    # attacker causing us to check out an older signed commit than the
+    # one we have now
     if ! git merge-ff master origin/master; then
-        branch=$(git rev-parse --abbrev-ref HEAD)
-        [ "$branch" = "master" ] || git checkout master
-        git rebase origin/master
-        [ "$branch" = "master" ] || git checkout "$branch"
+        echo >&2 "uh oh, dotfiles remote head is not fast-forward of master"
+        echo >&2 "refusing to rebase; manually apply local commits to origin/master"
+        exit 1
     fi
 else
     echo >&2 "uh oh, dotfiles remote head is not PGP-signed by Sean"