X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=doc%2Fzpm.8;h=cb36c21f0e76580097fc312c9099e1bd8c4dc687;hb=28c32424d04f982985b685ce891ed7db6237504e;hp=6db912ce6e601ceab1e0b6a791857dec5e01edc4;hpb=3d50a117df2b79941e77dfe074cabff95f7f3fdc;p=zpackage diff --git a/doc/zpm.8 b/doc/zpm.8 index 6db912c..cb36c21 100644 --- a/doc/zpm.8 +++ b/doc/zpm.8 @@ -1,4 +1,4 @@ -.TH zpm 8 2018-11-30 "ZPM 0.2" +.TH zpm 8 2018-12-07 "ZPM 0.3" .SH NAME zpm \- the ultimate package manager .SH SYNOPSIS @@ -9,16 +9,94 @@ zpm \- the ultimate package manager .I command .i options .SH DESCRIPTION -zpm is the ultimate package manager +zpm is the ultimate package manager. +The zpm program itself searches the pathfor zpm sub-commands to run. +Sub-commands will either be statically linked compiled programs. +.PP +ZPM stores packages and package information in zpm databases, which +are sqlite3 databases with an application id of 0x5a504442. The +current user_version is 1. Both packages and information about installed +package are stored in zpm databases, with an identical database schema. +The difference between them is in how they are used and what they +typically contain. +.SS Package Names +.PP +Packages are identified by a name-version-release triple. +.PP +The name is the general name of the package, which must start with a letter, +and may contain letters, numbers, or a '-'. +.PP +The version must start with a numeral, and may contain numerals, letters, and +'.'. The version generally matches the upstream version of the software +in the package, but may be different due to the format requirements or +as assigned by the packager. +.PP +The release is a decimal integer assigned by the packager. +.PP +Usually a package may be specified by name or name and version if those +are unique for the context. +.SS Package Metadata +.PP +Package metadata is collected into stream and hashed with sha256 to +create a package hash. This hash may be verified by the admin, +and may be signed by the packager. +.SS Package Signing +.PP +Packages can be signed by the zpm-sign utility. +.PP +Public keys are put into a trust db at /var/lib/zpm/trustdb +(or $ZPMTRUSTDB, or ~/.zpm/trustdb, or via command line). +.PP +zpm-checksignature -t trustdbfile .SH OPTIONS -P sets a path to the sub-command executables +\-P \fIpath\fR sets a path to the sub-command executables .SH EXAMPLES -zpm init +.B zpm init \fIpkgfile\fR +.B zpm list \fIpkgfile\fR .SH EXIT STATUS 0 on success non zero on failure .SH FILES /var/lib/zpm/local.db .SH AUTHOR Nathan Wagner +.SH CREDITS +.PP +The following code all has a statement putting it into the public domain. +.TP +Ed25519 +adapted from code by Phillip Lay https://www.phlay.de/ +.TP +TLSE +TLS code adapted from tlse (heavily, there really isn't much tlse code left). +.TP +tomsfastmath and libtomcrypt +used by the TLS implementation +.TP +Chacha20 and Curve25519 +from ref10 implementations by Daniel Bernstein +.TP +SQLite +from https://sqlite.org/index.html +.TP +lzma +from http://git.tukaani.org/xz.git +.TP +SSL root certificates +taken from http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt +.PP +All other code written by Nathan Wagner and also placed in the public domain. +.SH LICENSE +ZPM itself is in the public domain. Compiled programs themselves +likely contain code from the C library and are subject to any licensing +requirements that implies. Where possible, programs have been statically +linked with musl rather than glibc, since glibc doesn't actually support +static linking. See https://git.musl-libc.org/cgit/musl/tree/COPYRIGHT for +the musl copyright. .SH SEE ALSO -many +.BR zpm-contents (8) +.BR zpm-list (8) +.BR zpm-update (8) +.BR zpm-repo (8) +.BR zpm-quote (8) +.BR zpm-hash (8) +.BR zpm-fetchurl (8)