From 2ae349f5ed63b026cff763b35984dd36b330870a Mon Sep 17 00:00:00 2001 From: Nathan Wagner Date: Sun, 10 Feb 2019 11:47:24 +0000 Subject: [PATCH] expand zpm man page --- doc/zpm.8 | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 68 insertions(+), 2 deletions(-) diff --git a/doc/zpm.8 b/doc/zpm.8 index 1ba9886..7c578b4 100644 --- a/doc/zpm.8 +++ b/doc/zpm.8 @@ -9,9 +9,45 @@ zpm \- the ultimate package manager .I command .i options .SH DESCRIPTION -zpm is the ultimate package manager +zpm is the ultimate package manager. +The zpm program itself searches the pathfor zpm sub-commands to run. +Sub-commands will either be statically linked compiled programs. .PP -zpm manages packages +ZPM stores packages and package information in zpm databases, which +are sqlite3 databases with an application id of 0x5a504442. The +current user_version is 1. Both packages and information about installed +package are stored in zpm databases, with an identical database schema. +The difference between them is in how they are used and what they +typically contain. +.SS Package Names +.PP +Packages are identified by a name-version-release triple. +.PP +The name is the general name of the package, which must start with a letter, +and may contain letters, numbers, or a '-'. +.PP +The version must start with a numeral, and may contain numerals, letters, and +'.'. The version generally matches the upstream version of the software +in the package, but may be different due to the format requirements or +as assigned by the packager. +.PP +The release is a decimal integer assigned by the packager. +.PP +Usually a package may be specified by name or name and version if those +are unique for the context. +.SS Package Metadata +.PP +Package metadata is collected into stream and hashed with sha256 to +create a package hash. This hash may be verified by the admin, +and may be signed by the packager. +.SS Package Signing +.PP +Packages can be signed by the zpm-sign utility. +.PP +Public keys are put into a trust db at /var/lib/zpm/trustdb +(or $ZPMTRUSTDB, or ~/.zpm/trustdb, or via command line). +.PP +zpm-checksignature -t trustdbfile .SH OPTIONS \-P \fIpath\fR sets a path to the sub-command executables .SH EXAMPLES @@ -23,6 +59,36 @@ zpm manages packages /var/lib/zpm/local.db .SH AUTHOR Nathan Wagner +.SH CREDITS +.PP +The following code all has a statement putting it into the public domain. +.TP +Ed25519 +adapted from code by Phillip Lay https://www.phlay.de/ +.TP +TLSE +TLS code adapted from tlse (heavily, there really isn't much tlse code left). +.TP +tomsfastmath and libtomcrypt +used by the TLS implementation +.TP +Chacha20 and Curve25519 +from ref10 implementations by Daniel Bernstein +.TP +SQLite +from https://sqlite.org/index.html +.TP +lzma +from http://git.tukaani.org/xz.git +.PP +All other code written by Nathan Wagner and also placed in the public domain. +.SH LICENSE +ZPM itself is in the public domain. Compiled programs themselves +likely contain code from the C library and are subject to any licensing +requirements that implies. Where possible, programs have been statically +linked with musl rather than glibc, since glibc doesn't actually support +static linking. See https://git.musl-libc.org/cgit/musl/tree/COPYRIGHT for +the musl copyright. .SH SEE ALSO .BR zpm-contents (8) .BR zpm-list (8) -- 2.40.0