api: Fix name of ascii signature endpoints

* ascii armored detached signatures should be served from .asc
endpoints. Use .sig if binary signatures are later offered.

Documentation/api.md

@@ -150,14 +150,14 @@ Get a `Spec` definition by id (UUID, MAC).
 
 OpenPGP signature endpoints serve ASCII armored signatures of configs. Signatures are available if the config service is provided with a `-key-ring-path` to a private keyring containing a single signing key. If the key has a passphrase, set the `BOOTCFG_PASSPHRASE` environment variable
 
-* `http://bootcfg.example.com/boot.ipxe.sig`
-* `http://bootcfg.example.com/boot.ipxe.0.sig`
-* `http://bootcfg.example.com/ipxe.sig`
-* `http://bootcfg.example.com/pixiecore/v1/boot.sig/:MAC`
-* `http://bootcfg.example.com/cloud.sig`
-* `http://bootcfg.example.com/ignition.sig`
+* `http://bootcfg.example.com/boot.ipxe.asc`
+* `http://bootcfg.example.com/boot.ipxe.0.asc`
+* `http://bootcfg.example.com/ipxe.asc`
+* `http://bootcfg.example.com/pixiecore/v1/boot.asc/:MAC`
+* `http://bootcfg.example.com/cloud.asc`
+* `http://bootcfg.example.com/ignition.asc`
 
-Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.sig`. For example, an iPXE config endpoint like the following:
+Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.asc`. For example, an iPXE config endpoint like the following:
 
     GET http://bootcfg.example.com/ipxe?attribute=value
 
@@ -170,7 +170,7 @@ Signature endpoints mirror the config endpoints, but provide detached signatures
 
 Provides a sibling OpenPGP signature endpoint.
 
-    GET http://bootcfg.example.com/ipxe.sig?attribute=value
+    GET http://bootcfg.example.com/ipxe.asc?attribute=value
 
 **Response**
 

Documentation/bootcfg.md

@@ -181,19 +181,18 @@ See the Ignition [docs](https://coreos.com/ignition/docs/latest/) and [github](h
 
 OpenPGP signature endpoints serve ASCII armored signatures of configs. Signatures are available if the config service is provided with a `-key-ring-path` to a private keyring containing a single signing key. If the key has a passphrase, set the `BOOTCFG_PASSPHRASE` environment variable.
 
-    BOOTCFG_PASSPHRASE=phrase
-    docker run -p 8080:8080 --name=bootcfg --rm -v $PWD/examples/dev:/data:Z -v $PWD/assets:/assets:Z coreos/bootcfg -address=0.0.0.0:8080 -key-ring-path /data/secring.gpg [-log-level=debug]
+    docker run -p 8080:8080 -e BOOTCFG_PASSPHRASE=phrase --rm -v $PWD/examples/dev:/data:Z -v $PWD/assets:/assets:Z coreos/bootcfg -address=0.0.0.0:8080 -key-ring-path /data/secring.gpg [-log-level=debug]
 
-It is recommended that a subkey be used and exported to a key ring which is solely used for config signing and can be revoked by a master if needed. If running the config service on a Kubernetes cluster, Kubernetes secrets provide a reasonable way to mount the key ring and source a passphrase variable.
+It is recommended that a subkey be used and exported to a key ring which is solely used for config signing and can be revoked by a master if needed. If running the config service on a Kubernetes cluster, Kubernetes secrets provide a better way to mount the key ring and source a passphrase variable.
 
-Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.sig`.
+Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.asc`.
 
-* `http://bootcfg.example.com/boot.ipxe.sig`
-* `http://bootcfg.example.com/boot.ipxe.0.sig`
-* `http://bootcfg.example.com/ipxe.sig`
-* `http://bootcfg.example.com/pixiecore/v1/boot.sig/:MAC`
-* `http://bootcfg.example.com/cloud.sig`
-* `http://bootcfg.example.com/ignition.sig`
+* `http://bootcfg.example.com/boot.ipxe.asc`
+* `http://bootcfg.example.com/boot.ipxe.0.asc`
+* `http://bootcfg.example.com/ipxe.asc`
+* `http://bootcfg.example.com/pixiecore/v1/boot.asc/:MAC`
+* `http://bootcfg.example.com/cloud.asc`
+* `http://bootcfg.example.com/ignition.asc`
 
 ## Assets
 

api/server.go

@@ -64,12 +64,12 @@ func (s *Server) HTTPHandler() http.Handler {
 		return logRequests(sign.SignatureHandler(s.signer, next))
 	}
 	if s.signer != nil {
-		mux.Handle("/boot.ipxe.sig", signerChain(ipxeInspect()))
-		mux.Handle("/boot.ipxe.0.sig", signerChain(ipxeInspect()))
-		mux.Handle("/ipxe.sig", signerChain(NewHandler(gr.matchSpecHandler(ipxeHandler()))))
-		mux.Handle("/pixiecore/v1/boot.sig/", signerChain(pixiecoreHandler(gr, s.store)))
-		mux.Handle("/cloud.sig", signerChain(NewHandler(gr.matchSpecHandler(cloudHandler(s.store)))))
-		mux.Handle("/ignition.sig", signerChain(NewHandler(gr.matchSpecHandler(ignitionHandler(s.store)))))
+		mux.Handle("/boot.ipxe.asc", signerChain(ipxeInspect()))
+		mux.Handle("/boot.ipxe.0.asc", signerChain(ipxeInspect()))
+		mux.Handle("/ipxe.asc", signerChain(NewHandler(gr.matchSpecHandler(ipxeHandler()))))
+		mux.Handle("/pixiecore/v1/boot.asc/", signerChain(pixiecoreHandler(gr, s.store)))
+		mux.Handle("/cloud.asc", signerChain(NewHandler(gr.matchSpecHandler(cloudHandler(s.store)))))
+		mux.Handle("/ignition.asc", signerChain(NewHandler(gr.matchSpecHandler(ignitionHandler(s.store)))))
 	}
 
 	// kernel, initrd, and TLS assets

git-version

@@ -15,7 +15,7 @@ fi
 
 # check for changed files (not untracked files)
 if [ -n "$(git diff --shortstat 2> /dev/null | tail -n1)" ]; then
-    VERSION="${VERSION}+dirty"
+    VERSION="${VERSION}-dirty"
 fi
 
 echo $VERSION