X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=doc%2Fzpm.8;h=6fa512e4dbaa690c9f37ef72f131a58bb6c6d80f;hb=4b448fbc77510c589cc7f367c05bef63acc07858;hp=1ba988603937c0888709133fd4890e42e563ea3e;hpb=398752a85fda5b3d4497fb0918fd03de87b30fd5;p=zpackage diff --git a/doc/zpm.8 b/doc/zpm.8 index 1ba9886..6fa512e 100644 --- a/doc/zpm.8 +++ b/doc/zpm.8 @@ -9,9 +9,45 @@ zpm \- the ultimate package manager .I command .i options .SH DESCRIPTION -zpm is the ultimate package manager +zpm is the ultimate package manager. +The zpm program itself searches the pathfor zpm sub-commands to run. +Sub-commands will either be statically linked compiled programs. .PP -zpm manages packages +ZPM stores packages and package information in zpm databases, which +are sqlite3 databases with an application id of 0x5a504442. The +current user_version is 1. Both packages and information about installed +package are stored in zpm databases, with an identical database schema. +The difference between them is in how they are used and what they +typically contain. +.SS Package Names +.PP +Packages are identified by a name-version-release triple. +.PP +The name is the general name of the package, which must start with a letter, +and may contain letters, numbers, or a '-'. +.PP +The version must start with a numeral, and may contain numerals, letters, and +'.'. The version generally matches the upstream version of the software +in the package, but may be different due to the format requirements or +as assigned by the packager. +.PP +The release is a decimal integer assigned by the packager. +.PP +Usually a package may be specified by name or name and version if those +are unique for the context. +.SS Package Metadata +.PP +Package metadata is collected into stream and hashed with sha256 to +create a package hash. This hash may be verified by the admin, +and may be signed by the packager. +.SS Package Signing +.PP +Packages can be signed by the zpm-sign utility. +.PP +Public keys are put into a trust db at /var/lib/zpm/trustdb +(or $ZPMTRUSTDB, or ~/.zpm/trustdb, or via command line). +.PP +zpm-checksignature -t trustdbfile .SH OPTIONS \-P \fIpath\fR sets a path to the sub-command executables .SH EXAMPLES @@ -23,6 +59,39 @@ zpm manages packages /var/lib/zpm/local.db .SH AUTHOR Nathan Wagner +.SH CREDITS +.PP +The following code all has a statement putting it into the public domain. +.TP +Ed25519 +adapted from code by Phillip Lay https://www.phlay.de/ +.TP +TLSE +TLS code adapted from tlse (heavily, there really isn't much tlse code left). +.TP +tomsfastmath and libtomcrypt +used by the TLS implementation +.TP +Chacha20 and Curve25519 +from ref10 implementations by Daniel Bernstein +.TP +SQLite +from https://sqlite.org/index.html +.TP +lzma +from http://git.tukaani.org/xz.git +.TP +SSL root certificates +taken from http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt +.PP +All other code written by Nathan Wagner and also placed in the public domain. +.SH LICENSE +ZPM itself is in the public domain. Compiled programs themselves +likely contain code from the C library and are subject to any licensing +requirements that implies. Where possible, programs have been statically +linked with musl rather than glibc, since glibc doesn't actually support +static linking. See https://git.musl-libc.org/cgit/musl/tree/COPYRIGHT for +the musl copyright. .SH SEE ALSO .BR zpm-contents (8) .BR zpm-list (8)