Hi folks, I want to share with you the latest Bomsh tool update on OmniBOR and reproducible build, especially the below bomsh_rebuild_deb.py script: https://github.com/omnibor/bomsh/blob/main/scripts/bomsh_rebuild_deb.py
Given the Debian .buildinfo file, this script is able to reproduce the Debian package build, create the OmniBOR documents and Merkle tree, and the SPDX SBOM documents. This means the OmniBOR documents for all the existing already-released Debian packages can be created with the Bomsh tool. If you are interested, you can give a try by following the link below: https://github.com/omnibor/bomsh#Quick-Start Any questions, feel free to contact me. Thanks, Yongkui
