From d08859f2023fc23ab4e7616d159b5a7554c70074 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Tue, 15 Jun 2021 06:00:15 +0200
Subject: be less permissive of --bootstrap-log

The rationale behind not allowing --bootstrap-log and
--generate-signing-key when they don't make any difference is that it
should be impossible to use them in scripts that run multiple times
since they're meant for manual "bootstrapping" procedures.

Another reason is that they require user intervention but not until
specific conditions arise (tree head missing, keyfile missing) which
may happen only "after some time". Failing early is helpful.
---
 siglog-witness.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/siglog-witness.py b/siglog-witness.py
index 4e365ec..4046cbd 100755
--- a/siglog-witness.py
+++ b/siglog-witness.py
@@ -400,6 +400,10 @@ def main(args):
             if err3: return err3
 
         return 0, None
+    else:
+        if g_args.bootstrap_log:
+            return (ERR_USAGE,
+                    "ERROR: Valid tree head found: --bootstrap-log not allowed")
 
     new_tree_head, err = fetch_tree_head_and_verify(log_verification_key)
     if err: return err
-- 
cgit v1.2.3