debsbom repack
Synopsis
debsbom repack [-h] [-t {cdx,spdx}] [--compress {no,bzip2,gzip,xz,zstd,lz4}]
[--apply-patches] [--mtime MTIME] [--dldir DLDIR]
[--outdir OUTDIR]
[--format {standard-bom,standard-bom-package}] [--copy]
[--validate] [--sources] [--binaries]
bomin bomout
Description
Repack sources and sbom
Repacks the downloaded files into a uniform source archive, merging the referenced source packages into a single archive and optionally applying patches. The layout of the source archive is controlled by the ‘format’ argument. If an input SBOM is provided and data is passed via stdin, only the packages passed via stdin are resolved and updated in the final SBOM.
Note: The files have to be downloaded first and need to be in the directory specified by ‘dldir’.
Options
Positional Arguments
- bomin
sbom file(s) to process for ‘bomin’. Use ‘-’ to read from stdin
- bomout
sbom output file. Use ‘-’ to write to stdout
Named Arguments
- -t, --sbom-type
SBOM type to process (default: auto-detect), required when reading from stdin
Possible choices: cdx, spdx
- --compress='gzip'
compress merged tarballs (default: gzip)
Possible choices: no, bzip2, gzip, xz, zstd, lz4
- --apply-patches=False
apply debian patches
- --mtime
set mtime for creating tar archives in ISO 8601 format. If this option is not set, the timestamp from the most recent changelog entry is used for reproducible builds.
- --dldir='downloads'
download directory from ‘download’
- --outdir='packed'
directory to repack into (default: ‘packed’)
- --format='standard-bom-package'
Possible choices: standard-bom, standard-bom-package
- --copy=False
copy artifacts into deploy tree instead of symlinking
- --validate=False
validate generated SBOM (only for SPDX)
- --sources=False
operate only on source packages (skip binaries)
- --binaries=False
operate only on binary packages (skip sources)
SEE ALSO
debsbom-generate(1), debsbom-download(1)
DEBSBOM
Part of the debsbom(1) suite.