aboutsummaryrefslogtreecommitdiff
path: root/doc/06.RPKI.RP.rcynic.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/06.RPKI.RP.rcynic.md')
-rw-r--r--doc/06.RPKI.RP.rcynic.md59
1 files changed, 33 insertions, 26 deletions
diff --git a/doc/06.RPKI.RP.rcynic.md b/doc/06.RPKI.RP.rcynic.md
index 38fb17e0..39a05fa9 100644
--- a/doc/06.RPKI.RP.rcynic.md
+++ b/doc/06.RPKI.RP.rcynic.md
@@ -26,14 +26,15 @@ goes well, this should "just work".
be the default configuration, but integrating this properly with platform-
specific packaging systems (FreeBSD ports, `apt-get` on Ubuntu and Debian,
etc) proved impractical. You can still get this behavior if you need it, by
-installing from source and using the `--enable-rcynic-jail` option to
+[installing from source][Source] and using the `--enable-rcynic-jail` option to
`./configure`.
The default configuration set up by `make install` and the various packaging
systems will run `rcynic` under `cron` using the `rcynic-cron` wrapper script.
-See the instructions for setting up your own cron jobs if you need something
-more complicated; also see the instructions for setting up hierarchical rsync
-if you need to build a complex topology of rcynic validators.
+See the [instructions for setting up your own cron jobs][Cron] if you need
+something more complicated; also see the [instructions for setting up
+hierarchical rsync][Cron] if you need to build a complex topology of rcynic
+validators.
## Overview
@@ -76,9 +77,8 @@ objects, but in practice trust anchor locators are more common, as they reduce
the amount of locally configured data to the bare minimum and allow the trust
anchor itself to be updated without requiring reconfiguration of validators
like rcynic. A trust anchor locator is a file in the format specified in
-[RFC-6490](http://www.rfc-editor.org/rfc/rfc6490.txt), consisting of the rsync
-URI of the trust anchor followed by the Base64 encoding of the trust anchor's
-public key.
+[RFC-6490][], consisting of the rsync URI of the trust anchor followed by the
+Base64 encoding of the trust anchor's public key.
Strictly speaking, trust anchors do not need to be self-signed, but many
programs (including OpenSSL) assume that trust anchors will be self-signed.
@@ -481,10 +481,10 @@ certificate in DER format. Value of this option is the pathname of the file.
### trust-anchor-locator
Specify one RPKI trust anchor locator, represented as a local file in the
-format specified in [RFC-6490](http://www.rfc-editor.org/rfc/rfc6490.txt).
-This a simple text format containing an rsync URI and the RSA public key of
-the X.509 object specified by the URI; the first line of the file is the URI,
-the remainder is the public key in Base64 encoded DER format.
+format specified in [RFC-6490][]. This a simple text format containing an
+rsync URI and the RSA public key of the X.509 object specified by the URI; the
+first line of the file is the URI, the remainder is the public key in Base64
+encoded DER format.
Value of this option is the pathname of the file.
@@ -527,10 +527,10 @@ command syntax is:
output directory, along with a set of RRD databases. `rcynic-html` will create
the output directory if necessary.
-`rcynic-html` requires [`rrdtool`](http://www.rrdtool.org/), a specialized
-database and graphing engine designed for this sort of work. You can run
-`rcynic-html` without `rrdtool` by giving it the `--no-show-graphs` option,
-but the result won't be as useful.
+`rcynic-html` requires [`rrdtool`][rrdtool], a specialized database and graphing
+engine designed for this sort of work. You can run `rcynic-html` without
+`rrdtool` by giving it the `--no-show-graphs` option, but the result won't be
+as useful.
`rcynic-html` gets its idea of where to find the `rrdtool` program from
autoconf, which usually works. If for some reason it doesn't work in your
@@ -541,10 +541,10 @@ using the `--rrdtool-binary` option:
### rcynic.xsl
-`rcynic.xsl` was an earlier attempt at the same kind of HTML output as rcynic-
-html generates. XSLT was a convenient language for our initial attempts at
-this, but as the processing involved got more complex, it became obvious that
-we needed a general purpose programming language.
+`rcynic.xsl` was an earlier attempt at the same kind of HTML output as
+[rcynic-html][rcynic] generates. XSLT was a convenient language for our initial
+attempts at this, but as the processing involved got more complex, it became
+obvious that we needed a general purpose programming language.
If for some reason XSLT works better in your environment than Python, you
might find this stylesheet to be a useful starting point, but be warned that
@@ -554,7 +554,7 @@ longer under development.
### rcynic-text
`rcynic-text` provides a quick flat text summary of validation results. This
-is useful primarily in test scripts (smoketest uses it).
+is useful primarily in test scripts ([smoketest][CA] uses it).
Usage:
@@ -575,12 +575,11 @@ Usage:
### rcynic-svn
-`rcynic-svn` is a tool for archiving `rcynic`'s results in a
-[Subversion](http://subversion.apache.org/) repository. `rcynic-svn` is not
-integrated into `rcynic-cron`, because this is not something that every
-relying party is going to want to do. However, for relying parties who want to
-analyze `rcynic`'s output over a long period of time, `rcynic-svn` may provide
-a useful starting point starting point.
+`rcynic-svn` is a tool for archiving `rcynic`'s results in a [Subversion][]
+repository. `rcynic-svn` is not integrated into `rcynic-cron`, because this is
+not something that every relying party is going to want to do. However, for
+relying parties who want to analyze `rcynic`'s output over a long period of
+time, `rcynic-svn` may provide a useful starting point starting point.
To use `rcynic-svn`, you first must set up a Subversion repository and check
out a working directory:
@@ -615,3 +614,11 @@ the other arguments are the names of those portions of `rcynic`'s output which
you wish to archive. Generally, the above set (`authenticated`,
`unauthenticated`, and `rcynic.xml`) are the ones you want, but feel free to
experiment.
+
+[Source]: 04.RPKI.Installation.FromSource.md
+[Cron]: 08.RPKI.RP.RunningUnderCron.md
+[RFC-6490]: http://www.rfc-editor.org/rfc/rfc6490.txt
+[rrdtool]: http://www.rrdtool.org/
+[rcynic]: 06.RPKI.RP.rcynic.md
+[CA]: 11.RPKI.CA.md
+[Subversion]: http://subversion.apache.org/
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 09:21:51 +0000