#!/bin/sh

# Before using this script, will want to unset all upstreams:
#    for head in $(git for-each-ref --format='%(refname)' refs/heads/); do
#        branch=$(echo "$head" | cut -d/ -f3)
#        git branch --unset-upstream "$branch" 2>/dev/null || true
#    done

# Could generalise to a script that reads a git config value for the
# fingerprint to look for, updates branches specified by user and is
# able to handle updating by both merge and rebase

# Could do that propellor does in verifyOriginBranch instead of this
# -- it might be more robust

set -e

. $HOME/.shenv

# To update a shallow clone we would do 'git fetch --depth 1' and then 'git
# reset --hard origin/master'.  But that would leave us vulnerable to an
# attacker causing us to check out an older signed commit than the one we have
# now.  So require an explicit 'git unshallow' from the user, or get
# Consfigurator to update repo from a snapshot from laptop, or something.
if [ "$(git rev-parse --is-shallow-repository)" = "true" ]; then
    echo >&2 "shallow dotfiles clone; refusing to reset to origin/master"
    exit 1
fi

git fetch origin
if git verify-commit-by-fp \
       8DC2487E51ABDD90B5C4753F0F56D0553B6D411B origin/master; then
    # we only fast-forward master, to avoid the possibility of an
    # attacker causing us to check out an older signed commit than the
    # one we have now
    if ! git merge-ff master origin/master; then
        echo >&2 "uh oh, dotfiles remote head is not fast-forward of master"
        echo >&2 "refusing to rebase; manually apply local commits to origin/master"
        exit 1
    fi
else
    echo >&2 "uh oh, dotfiles remote head is not PGP-signed by Sean"
    exit 1
fi