Creating OmniBOR documents for build-reproducible Debian packages
Yongkui Han (yonhan)
yonhan at cisco.com
Sun Oct 29 23:13:35 UTC 2023
Hi folks,
I want to share with you the latest Bomsh tool update on OmniBOR and reproducible build, especially the below bomsh_rebuild_deb.py script:
https://github.com/omnibor/bomsh/blob/main/scripts/bomsh_rebuild_deb.py
Given the Debian .buildinfo file, this script is able to reproduce the Debian package build, create the OmniBOR documents and Merkle tree, and the SPDX SBOM documents. This means the OmniBOR documents for all the existing already-released Debian packages can be created with the Bomsh tool.
If you are interested, you can give a try by following the link below:
https://github.com/omnibor/bomsh#Quick-Start
Any questions, feel free to contact me.
Thanks,
Yongkui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20231029/c2fcbfdf/attachment.htm>
More information about the rb-general
mailing list