expand zpm man page

diff --git a/doc/zpm.8 b/doc/zpm.8
index 1ba988603937c0888709133fd4890e42e563ea3e..7c578b44a8c3386cd3c82dba5cc2629afc69f355 100644 (file)
--- a/doc/zpm.8
+++ b/doc/zpm.8
@@ -9,9 +9,45 @@ zpm \- the ultimate package manager
 .I command
 .i options
 .SH DESCRIPTION
-zpm is the ultimate package manager
+zpm is the ultimate package manager.
+The zpm program itself searches the pathfor zpm sub-commands to run.
+Sub-commands will either be statically linked compiled programs.
 .PP
-zpm manages packages
+ZPM stores packages and package information in zpm databases, which
+are sqlite3 databases with an application id of 0x5a504442.  The
+current user_version is 1.  Both packages and information about installed
+package are stored in zpm databases, with an identical database schema.
+The difference between them is in how they are used and what they
+typically contain.
+.SS Package Names
+.PP
+Packages are identified by a name-version-release triple.
+.PP
+The name is the general name of the package, which must start with a letter,
+and may contain letters, numbers, or a '-'.
+.PP
+The version must start with a numeral, and may contain numerals, letters, and
+'.'.  The version generally matches the upstream version of the software
+in the package, but may be different due to the format requirements or
+as assigned by the packager.
+.PP
+The release is a decimal integer assigned by the packager.
+.PP
+Usually a package may be specified by name or name and version if those
+are unique for the context.
+.SS Package Metadata
+.PP
+Package metadata is collected into stream and hashed with sha256 to
+create a package hash.  This hash may be verified by the admin,
+and may be signed by the packager.
+.SS Package Signing
+.PP
+Packages can be signed by the zpm-sign utility.
+.PP
+Public keys are put into a trust db at /var/lib/zpm/trustdb
+(or $ZPMTRUSTDB, or ~/.zpm/trustdb, or via command line).
+.PP
+zpm-checksignature -t trustdbfile 
 .SH OPTIONS
 \-P \fIpath\fR sets a path to the sub-command executables
 .SH EXAMPLES
@@ -23,6 +59,36 @@ zpm manages packages
 /var/lib/zpm/local.db
 .SH AUTHOR
 Nathan Wagner
+.SH CREDITS
+.PP
+The following code all has a statement putting it into the public domain.
+.TP
+Ed25519
+adapted from code by Phillip Lay https://www.phlay.de/
+.TP
+TLSE
+TLS code adapted from tlse (heavily, there really isn't much tlse code left).
+.TP
+tomsfastmath and libtomcrypt
+used by the TLS implementation
+.TP
+Chacha20 and Curve25519
+from ref10 implementations by Daniel Bernstein
+.TP
+SQLite
+from https://sqlite.org/index.html
+.TP
+lzma
+from http://git.tukaani.org/xz.git
+.PP
+All other code written by Nathan Wagner and also placed in the public domain.
+.SH LICENSE
+ZPM itself is in the public domain.  Compiled programs themselves
+likely contain code from the C library and are subject to any licensing
+requirements that implies.  Where possible, programs have been statically
+linked with musl rather than glibc, since glibc doesn't actually support
+static linking.  See https://git.musl-libc.org/cgit/musl/tree/COPYRIGHT for
+the musl copyright.
 .SH SEE ALSO
 .BR zpm-contents (8)
 .BR zpm-list (8)