Switch default configuration to use trust-anchor-directory.

svn path=/trunk/; revision=5389

2 files changed, 13 insertions, 8 deletions

diff --git a/rcynic/Makefile.in b/rcynic/Makefile.in
index 3c7753b7..2ba678d4 100644
--- a/rcynic/Makefile.in
+++ b/rcynic/Makefile.in
@@ -173,14 +173,7 @@ ${RCYNIC_CONF_FILE}:
 	@echo >>$@.tmp 'jitter			= 600'
 	@echo >>$@.tmp 'use-syslog		= true'
 	@echo >>$@.tmp 'log-level		= log_usage_err'
-	@cd sample-trust-anchors; \
-	 j=1; \
-	 for i in *.tal; \
-	 do \
-	    ${INSTALL} -p -m 444 "$$i" "${RCYNIC_TA_DIR}/$$i"; \
-	    echo >>$@.tmp "trust-anchor-locator.$$j	= ${RCYNIC_CONF_TA_DIR}/$$i"; \
-	    j=$$((j+1)); \
-         done
+	@echo >>$@.tmp 'trust-anchor-directory	= ${RCYNIC_CONF_TA_DIR}'
 	@chmod 444 $@.tmp
 	@mv -f $@.tmp $@
 
diff --git a/rcynic/sample-rcynic.conf b/rcynic/sample-rcynic.conf
index 23a39373..6fa49b9c 100644
--- a/rcynic/sample-rcynic.conf
+++ b/rcynic/sample-rcynic.conf
@@ -25,3 +25,15 @@ log-level		= log_usage_err
 # The choice between these two formats depends largely on the policies
 # of the entity generating the corresponding trust anchor, ie, will
 # probably be made for you by the generating entity.
+
+# If you already keep all your TAs and TALs in a single directory
+# anyway, you can also use the trust-anchor-directory directive to
+# name that directory and let rcynic track whatever TAs and TALs you
+# have there at the moment:
+
+#trust-anchor-directory	= /etc/trust-anchors
+
+# Note that the order in which rcynic will read TAs and TALs from such
+# a directory is undefined.  In general this is not a problem, but if
+# you really care about this for some reason, stick to the other
+# directives.