NAME¶

debsbom-source-merge - debsbom source-merge command

SYNOPSIS¶

debsbom source-merge [-h] [-t {cdx,spdx}]


                     [--compress {no,bzip2,gzip,xz,zstd,lz4}]


                     [--apply-patches] [--mtime MTIME] [--pkgdir PKGDIR]


                     [--outdir OUTDIR]


                     [bomin]

DESCRIPTION¶

Merge referenced source packages

Processes an SBOM and merges the .orig and .debian tarballs. The tarballs have to be downloaded first.

OPTIONS¶

Positional Arguments

bomin: sbom file(s) to process for 'bomin'. Use '-' to read from stdin

Named Arguments

-t, --sbom-type: SBOM type to process (default: auto-detect), required when reading from stdin
Possible choices: cdx, spdx
--compress='gzip': compress merged tarballs (default: gzip)
Possible choices: no, bzip2, gzip, xz, zstd, lz4
--apply-patches=False: apply debian patches
--mtime: set mtime for creating tar archives in ISO 8601 format. If this option is not set, the timestamp from the most recent changelog entry is used for reproducible builds.
--pkgdir='downloads/sources': directory with downloaded packages
--outdir='downloads/sources': directory to store the merged files

DEBSBOM¶

Part of the debsbom(1) suite.

Author¶

Christoph Steiger, Felix Moessbauer

Copyright¶

2025, Siemens

March 20, 2026

Source file:	debsbom-source-merge.1.en.gz (from debsbom 0.7.1-1)
Source last updated:	2026-03-20T13:55:53Z
Converted to HTML:	2026-03-25T20:40:20Z