diff --git a/Documentation/api.md b/Documentation/api.md index bbc4c5c4..72b16055 100644 --- a/Documentation/api.md +++ b/Documentation/api.md @@ -150,14 +150,14 @@ Get a `Spec` definition by id (UUID, MAC). OpenPGP signature endpoints serve ASCII armored signatures of configs. Signatures are available if the config service is provided with a `-key-ring-path` to a private keyring containing a single signing key. If the key has a passphrase, set the `BOOTCFG_PASSPHRASE` environment variable -* `http://bootcfg.example.com/boot.ipxe.sig` -* `http://bootcfg.example.com/boot.ipxe.0.sig` -* `http://bootcfg.example.com/ipxe.sig` -* `http://bootcfg.example.com/pixiecore/v1/boot.sig/:MAC` -* `http://bootcfg.example.com/cloud.sig` -* `http://bootcfg.example.com/ignition.sig` +* `http://bootcfg.example.com/boot.ipxe.asc` +* `http://bootcfg.example.com/boot.ipxe.0.asc` +* `http://bootcfg.example.com/ipxe.asc` +* `http://bootcfg.example.com/pixiecore/v1/boot.asc/:MAC` +* `http://bootcfg.example.com/cloud.asc` +* `http://bootcfg.example.com/ignition.asc` -Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.sig`. For example, an iPXE config endpoint like the following: +Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.asc`. For example, an iPXE config endpoint like the following: GET http://bootcfg.example.com/ipxe?attribute=value @@ -170,7 +170,7 @@ Signature endpoints mirror the config endpoints, but provide detached signatures Provides a sibling OpenPGP signature endpoint. - GET http://bootcfg.example.com/ipxe.sig?attribute=value + GET http://bootcfg.example.com/ipxe.asc?attribute=value **Response** diff --git a/Documentation/bootcfg.md b/Documentation/bootcfg.md index bbb20c9c..650ed07b 100644 --- a/Documentation/bootcfg.md +++ b/Documentation/bootcfg.md @@ -181,19 +181,18 @@ See the Ignition [docs](https://coreos.com/ignition/docs/latest/) and [github](h OpenPGP signature endpoints serve ASCII armored signatures of configs. Signatures are available if the config service is provided with a `-key-ring-path` to a private keyring containing a single signing key. If the key has a passphrase, set the `BOOTCFG_PASSPHRASE` environment variable. - BOOTCFG_PASSPHRASE=phrase - docker run -p 8080:8080 --name=bootcfg --rm -v $PWD/examples/dev:/data:Z -v $PWD/assets:/assets:Z coreos/bootcfg -address=0.0.0.0:8080 -key-ring-path /data/secring.gpg [-log-level=debug] + docker run -p 8080:8080 -e BOOTCFG_PASSPHRASE=phrase --rm -v $PWD/examples/dev:/data:Z -v $PWD/assets:/assets:Z coreos/bootcfg -address=0.0.0.0:8080 -key-ring-path /data/secring.gpg [-log-level=debug] -It is recommended that a subkey be used and exported to a key ring which is solely used for config signing and can be revoked by a master if needed. If running the config service on a Kubernetes cluster, Kubernetes secrets provide a reasonable way to mount the key ring and source a passphrase variable. +It is recommended that a subkey be used and exported to a key ring which is solely used for config signing and can be revoked by a master if needed. If running the config service on a Kubernetes cluster, Kubernetes secrets provide a better way to mount the key ring and source a passphrase variable. -Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.sig`. +Signature endpoints mirror the config endpoints, but provide detached signatures and are suffixed with `.asc`. -* `http://bootcfg.example.com/boot.ipxe.sig` -* `http://bootcfg.example.com/boot.ipxe.0.sig` -* `http://bootcfg.example.com/ipxe.sig` -* `http://bootcfg.example.com/pixiecore/v1/boot.sig/:MAC` -* `http://bootcfg.example.com/cloud.sig` -* `http://bootcfg.example.com/ignition.sig` +* `http://bootcfg.example.com/boot.ipxe.asc` +* `http://bootcfg.example.com/boot.ipxe.0.asc` +* `http://bootcfg.example.com/ipxe.asc` +* `http://bootcfg.example.com/pixiecore/v1/boot.asc/:MAC` +* `http://bootcfg.example.com/cloud.asc` +* `http://bootcfg.example.com/ignition.asc` ## Assets diff --git a/api/server.go b/api/server.go index f4080b73..095ba935 100644 --- a/api/server.go +++ b/api/server.go @@ -64,12 +64,12 @@ func (s *Server) HTTPHandler() http.Handler { return logRequests(sign.SignatureHandler(s.signer, next)) } if s.signer != nil { - mux.Handle("/boot.ipxe.sig", signerChain(ipxeInspect())) - mux.Handle("/boot.ipxe.0.sig", signerChain(ipxeInspect())) - mux.Handle("/ipxe.sig", signerChain(NewHandler(gr.matchSpecHandler(ipxeHandler())))) - mux.Handle("/pixiecore/v1/boot.sig/", signerChain(pixiecoreHandler(gr, s.store))) - mux.Handle("/cloud.sig", signerChain(NewHandler(gr.matchSpecHandler(cloudHandler(s.store))))) - mux.Handle("/ignition.sig", signerChain(NewHandler(gr.matchSpecHandler(ignitionHandler(s.store))))) + mux.Handle("/boot.ipxe.asc", signerChain(ipxeInspect())) + mux.Handle("/boot.ipxe.0.asc", signerChain(ipxeInspect())) + mux.Handle("/ipxe.asc", signerChain(NewHandler(gr.matchSpecHandler(ipxeHandler())))) + mux.Handle("/pixiecore/v1/boot.asc/", signerChain(pixiecoreHandler(gr, s.store))) + mux.Handle("/cloud.asc", signerChain(NewHandler(gr.matchSpecHandler(cloudHandler(s.store))))) + mux.Handle("/ignition.asc", signerChain(NewHandler(gr.matchSpecHandler(ignitionHandler(s.store))))) } // kernel, initrd, and TLS assets diff --git a/git-version b/git-version index 36dd38db..f0710e57 100755 --- a/git-version +++ b/git-version @@ -15,7 +15,7 @@ fi # check for changed files (not untracked files) if [ -n "$(git diff --shortstat 2> /dev/null | tail -n1)" ]; then - VERSION="${VERSION}+dirty" + VERSION="${VERSION}-dirty" fi echo $VERSION \ No newline at end of file