`source-merge` command

Processes an SBOM and merges the .orig and .debian tarballs. The tarballs have to be downloaded first.

usage: debsbom source-merge [-h] [-t {cdx,spdx}]
                            [--compress {no,bzip2,gzip,xz,zstd,lz4}]
                            [--apply-patches] [--mtime MTIME]
                            [--pkgdir PKGDIR] [--outdir OUTDIR]
                            [bomin]

Positional Arguments

bomin: sbom file to process. Use ‘-’ to read SBOM from stdin

Named Arguments

-t, --sbom-type

Possible choices: cdx, spdx

SBOM type to process (default: auto-detect)

--compress

Possible choices: no, bzip2, gzip, xz, zstd, lz4

compress merged tarballs (default: gzip)

Default: 'gzip'

--apply-patches

apply debian patches

Default: False

--mtime

set mtime for creating tar archives in ISO 8601 format. If this option is not set, the timestamp from the most recent changelog entry is used for reproducible builds.

--pkgdir

directory with downloaded packages

Default: 'downloads/sources'

--outdir

directory to store the merged files

Default: 'downloads/sources'

source-merge command

Positional Arguments

Named Arguments

`source-merge` command