in-toto · jkjell · May 3, 2024 · Jan 9, 2024 · Jan 9, 2024 · Jan 9, 2024
diff --git a/cmd/run.go b/cmd/run.go
@@ -87,7 +87,7 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
 
 	addtlAttestors, err := attestation.Attestors(ro.Attestations)
 	if err != nil {
-		return fmt.Errorf("failed to create attestors := %w", err)
+		return fmt.Errorf("failed to create attestors: %w", err)
 	}
 
 	attestors = append(attestors, addtlAttestors...)

diff --git a/cmd/verify.go b/cmd/verify.go
@@ -57,7 +57,7 @@ const (
 // we need to abstract where keys are coming from, etc
 func runVerify(ctx context.Context, vo options.VerifyOptions) error {
 	if vo.KeyPath == "" && len(vo.CAPaths) == 0 {
-		return fmt.Errorf("must suply public key or ca paths")
+		return fmt.Errorf("must supply public key or ca paths")
 	}
 
 	var verifier cryptoutil.Verifier

diff --git a/options/run.go b/options/run.go
@@ -33,6 +33,11 @@
 	AttestorOptSetters map[string][]func(attestation.Attestor) (attestation.Attestor, error)
 }
 
+var RequiredRunFlags = []string{
+	"outfile",
+	"step",
+}
+
 func (ro *RunOptions) AddFlags(cmd *cobra.Command) {
 	ro.SignerOptions.AddFlags(cmd)
 	ro.ArchivistaOptions.AddFlags(cmd)
@@ -44,6 +49,10 @@
 	cmd.Flags().BoolVar(&ro.Tracing, "trace", false, "Enable tracing for the command")
 	cmd.Flags().StringSliceVar(&ro.TimestampServers, "timestamp-servers", []string{}, "Timestamp Authority Servers to use when signing envelope")
 
+	for _, flag := range RequiredRunFlags {
+		cmd.MarkFlagRequired(flag)
+	}
+
 	attestationRegistrations := attestation.RegistrationEntries()
 	ro.AttestorOptSetters = addFlagsFromRegistry("attestor", attestationRegistrations, cmd)
 }

diff --git a/options/sign.go b/options/sign.go
@@ -24,10 +24,20 @@
 	TimestampServers []string
 }
 
+var RequiredSignFlags = []string{
+	"infile",
+	"outfile",
+	"datatype",
+}
+
 func (so *SignOptions) AddFlags(cmd *cobra.Command) {
 	so.SignerOptions.AddFlags(cmd)
 	cmd.Flags().StringVarP(&so.DataType, "datatype", "t", "https://witness.testifysec.com/policy/v0.1", "The URI reference to the type of data being signed. Defaults to the Witness policy type")
 	cmd.Flags().StringVarP(&so.OutFilePath, "outfile", "o", "", "File to write signed data. Defaults to stdout")
 	cmd.Flags().StringVarP(&so.InFilePath, "infile", "f", "", "Witness policy file to sign")
 	cmd.Flags().StringSliceVar(&so.TimestampServers, "timestamp-servers", []string{}, "Timestamp Authority Servers to use when signing envelope")
+
+	for _, flag := range RequiredSignFlags {
+		cmd.MarkFlagRequired(flag)
+	}
 }
diff --git a/options/verify.go b/options/verify.go
@@ -14,7 +14,9 @@
 
 package options
 
-import "github.com/spf13/cobra"
+import (
+	"github.com/spf13/cobra"
+)
 
 type VerifyOptions struct {
 	ArchivistaOptions    ArchivistaOptions
@@ -26,6 +28,10 @@
 	CAPaths              []string
 }
 
+var RequiredVerifyFlags = []string{
+	"policy",
+}
+
 func (vo *VerifyOptions) AddFlags(cmd *cobra.Command) {
 	vo.ArchivistaOptions.AddFlags(cmd)
 	cmd.Flags().StringVarP(&vo.KeyPath, "publickey", "k", "", "Path to the policy signer's public key")
@@ -35,4 +41,7 @@
 	cmd.Flags().StringSliceVarP(&vo.AdditionalSubjects, "subjects", "s", []string{}, "Additional subjects to lookup attestations")
 	cmd.Flags().StringSliceVarP(&vo.CAPaths, "policy-ca", "", []string{}, "Paths to CA certificates to use for verifying the policy")
 
+	for _, flag := range RequiredVerifyFlags {
+		cmd.MarkFlagRequired(flag)
+	}
 }