debsbom source-merge

Synopsis

debsbom source-merge [-h] [-t {cdx,spdx}]
                     [--compress {no,bzip2,gzip,xz,zstd,lz4}]
                     [--apply-patches] [--mtime MTIME] [--pkgdir PKGDIR]
                     [--outdir OUTDIR]
                     [bomin]

Description

Merge referenced source packages

Processes an SBOM and merges the .orig and .debian tarballs. The tarballs have to be downloaded first.

Options

Positional Arguments

bomin

sbom file(s) to process for ‘bomin’. Use ‘-’ to read from stdin

Named Arguments

-t, --sbom-type

SBOM type to process (default: auto-detect), required when reading from stdin

Possible choices: cdx, spdx

--compress='gzip'

compress merged tarballs (default: gzip)

Possible choices: no, bzip2, gzip, xz, zstd, lz4

--apply-patches=False

apply debian patches

--mtime

set mtime for creating tar archives in ISO 8601 format. If this option is not set, the timestamp from the most recent changelog entry is used for reproducible builds.

--pkgdir='downloads/sources'

directory with downloaded packages

--outdir='downloads/sources'

directory to store the merged files

SEE ALSO

debsbom-download(1), debsbom-repack(1)

DEBSBOM

Part of the debsbom(1) suite.