Get quorum and trusted master validator keys from validators.txt:

* Load specified [validators_file] relative to config dir
* Add default [validators_file] to rippled-example.cfg
* Remove [validators] and [validation_quorum] from rippled-example.cfg
* Add [validation_quorum] to validators-example.txt
* Allow validators.txt to be a symlink
* Throw for invalid [validators_file] instead of logging
* Trust own master public key from configured manifest
* Do not load untrusted manifests from database

Trusted validators are loaded from [validators] and [validator_keys]
sections from both rippled.cfg and validators.txt

Quorum is loaded from [validation_quorum] section in validators.txt
only if it is not configured in rippled.cfg

src/ripple/overlay/impl/Manifest.cpp

@@ -198,6 +198,12 @@ ManifestCache::configManifest (
         Throw<std::runtime_error> ("Unverifiable manifest in config");
     }
 
+    // Trust our own master public key
+    if (!trusted(m.masterKey) && !unl.trusted (m.masterKey))
+    {
+        addTrustedKey (m.masterKey, "");
+    }
+
     auto const result = applyManifest (std::move(m), unl, journal);
 
     if (result != ManifestDisposition::accepted)
@@ -412,15 +418,15 @@ void ManifestCache::load (
                 Throw<std::runtime_error> ("Unverifiable manifest in db");
             }
 
-            // Remove master public key from permanent trusted key list
-            if (unl.trusted(mo->masterKey))
-                unl.removePermanentKey (mo->masterKey);
-
-            // add trusted key
-            map_[mo->masterKey];
-
-            // OK if not accepted (may have been loaded from the config file)
-            applyManifest (std::move(*mo), unl, journal);
+            if (trusted(mo->masterKey) || unl.trusted(mo->masterKey))
+            {
+                applyManifest (std::move(*mo), unl, journal);
+            }
+            else
+            {
+                JLOG(journal.info())
+                   << "Manifest in db is no longer trusted";
+            }
         }
         else
         {

src/ripple/overlay/impl/OverlayImpl.cpp

@@ -20,6 +20,7 @@
 #include <BeastConfig.h>
 #include <ripple/app/misc/HashRouter.h>
 #include <ripple/app/misc/NetworkOPs.h>
+#include <ripple/core/ConfigSections.h>
 #include <ripple/core/DatabaseCon.h>
 #include <ripple/basics/contract.h>
 #include <ripple/basics/Log.h>
@@ -483,15 +484,15 @@ OverlayImpl::setupValidatorKeyManifests (BasicConfig const& config,
                                          DatabaseCon& db)
 {
     auto const loaded = manifestCache_.loadValidatorKeys (
-        config.section ("validator_keys"),
+        config.section (SECTION_VALIDATOR_KEYS),
         journal_);
 
     if (!loaded)
         Throw<std::runtime_error> (
-            "Unable to load keys from [validator_keys]");
+            "Unable to load keys from [" SECTION_VALIDATOR_KEYS "]");
 
     auto const validation_manifest =
-        config.section ("validation_manifest");
+        config.section (SECTION_VALIDATION_MANIFEST);
 
     if (! validation_manifest.lines().empty())
     {
@@ -513,7 +514,8 @@ OverlayImpl::setupValidatorKeyManifests (BasicConfig const& config,
     }
     else
     {
-        JLOG(journal_.debug()) << "No [validation_manifest] section in config";
+        JLOG(journal_.debug()) << "No [" SECTION_VALIDATION_MANIFEST <<
+            "] section in config";
     }
 
     manifestCache_.load (