Scroll to navigation

DEBSBOM-REPACK(1) debsbom DEBSBOM-REPACK(1)

NAME

debsbom-repack - debsbom repack command

SYNOPSIS

debsbom repack [-h] [-t {cdx,spdx}] [--compress {no,bzip2,gzip,xz,zstd,lz4}]


               [--apply-patches] [--mtime MTIME] [--dldir DLDIR]


               [--outdir OUTDIR]


               [--format {standard-bom,standard-bom-package}] [--copy]


               [--validate] [--sources] [--binaries]


               bomin bomout


DESCRIPTION

Repack sources and sbom

Repacks the downloaded files into a uniform source archive, merging the referenced source packages into a single archive and optionally applying patches. The layout of the source archive is controlled by the 'format' argument. If an input SBOM is provided and data is passed via stdin, only the packages passed via stdin are resolved and updated in the final SBOM.

Note: The files have to be downloaded first and need to be in the directory specified by 'dldir'.

OPTIONS

Positional Arguments

sbom file(s) to process for 'bomin'. Use '-' to read from stdin
sbom output file. Use '-' to write to stdout

Named Arguments

SBOM type to process (default: auto-detect), required when reading from stdin

Possible choices: cdx, spdx

compress merged tarballs (default: gzip)

Possible choices: no, bzip2, gzip, xz, zstd, lz4

apply debian patches
set mtime for creating tar archives in ISO 8601 format. If this option is not set, the timestamp from the most recent changelog entry is used for reproducible builds.
download directory from 'download'
directory to repack into (default: 'packed')
Possible choices: standard-bom, standard-bom-package
copy artifacts into deploy tree instead of symlinking
validate generated SBOM (only for SPDX)
operate only on source packages (skip binaries)
operate only on binary packages (skip sources)

SEE ALSO

debsbom-generate(1), debsbom-download(1)

DEBSBOM

Part of the debsbom(1) suite.

Author

Christoph Steiger, Felix Moessbauer

Copyright

2025, Siemens

March 20, 2026